From 2c84e79f4a2f9a05c89076e859d26d467fbe9b02 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 18 Jan 2024 21:06:45 +0000 Subject: [PATCH 001/305] sj-srv1: init with restic backup --- .sops.yaml | 10 ++ flake.nix | 2 +- nix/os/devices/sj-srv1/README.md | 1 + nix/os/devices/sj-srv1/boot.nix | 3 + nix/os/devices/sj-srv1/configuration.nix | 29 ++++++ nix/os/devices/sj-srv1/default.nix | 28 +++++ nix/os/devices/sj-srv1/flake.lock | 83 +++++++++++++++ nix/os/devices/sj-srv1/flake.nix | 12 +++ nix/os/devices/sj-srv1/hw.nix | 50 +++++++++ nix/os/devices/sj-srv1/system.nix | 125 +++++++++++++++++++++++ nix/os/devices/sj-vps-htz0/system.nix | 33 ------ secrets/sj-srv1/secrets.yaml | 38 +++++++ 12 files changed, 380 insertions(+), 34 deletions(-) create mode 100644 nix/os/devices/sj-srv1/README.md create mode 100644 nix/os/devices/sj-srv1/boot.nix create mode 100644 nix/os/devices/sj-srv1/configuration.nix create mode 100644 nix/os/devices/sj-srv1/default.nix create mode 100644 nix/os/devices/sj-srv1/flake.lock create mode 100644 nix/os/devices/sj-srv1/flake.nix create mode 100644 nix/os/devices/sj-srv1/hw.nix create mode 100644 nix/os/devices/sj-srv1/system.nix create mode 100644 secrets/sj-srv1/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml index eb17a55..7f5c5ec 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -12,6 +12,7 @@ keys: - &justyna-p300 age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8 - &sj-vps-htz0 age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv + - &sj-srv1 age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - &srv0-dmz0 age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 # - &router0-dmz0 age1jetxwpmd9hc4crkjtrdle2qxn9dlq7vcmqhfslv0vlxctrk4u3xq8hcvkz - &router0-dmz0 age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86 @@ -30,6 +31,7 @@ creation_rules: - *router0-dmz0 - *sj-vps-htz0 + - *sj-srv1 - *sj-bm-hostkey0 - path_regex: ^secrets/steveej-t14/.+$ key_groups: @@ -43,12 +45,14 @@ creation_rules: - *steveej age: - *sj-vps-htz0 + - *sj-srv1 - path_regex: ^nix/os/containers/.+_secrets.+$ key_groups: - pgp: - *steveej age: - *sj-vps-htz0 + - *sj-srv1 - path_regex: ^secrets/holochain-infra/.+$ key_groups: - pgp: @@ -67,6 +71,12 @@ creation_rules: - *steveej age: - *sj-vps-htz0 + - path_regex: ^secrets/sj-srv1/.+$ + key_groups: + - pgp: + - *steveej + age: + - *sj-srv1 - path_regex: ^secrets/sj-bm-hostkey0/.+$ key_groups: - pgp: diff --git a/flake.nix b/flake.nix index 9400ed8..ba852b7 100644 --- a/flake.nix +++ b/flake.nix @@ -115,7 +115,7 @@ # "srv0-dmz0" # # "router0-dmz0" - # "sj-vps-htz0" + "sj-srv1" "sj-bm-hostkey0" # "retro" diff --git a/nix/os/devices/sj-srv1/README.md b/nix/os/devices/sj-srv1/README.md new file mode 100644 index 0000000..394da55 --- /dev/null +++ b/nix/os/devices/sj-srv1/README.md @@ -0,0 +1 @@ +## bootstrapping diff --git a/nix/os/devices/sj-srv1/boot.nix b/nix/os/devices/sj-srv1/boot.nix new file mode 100644 index 0000000..59a5051 --- /dev/null +++ b/nix/os/devices/sj-srv1/boot.nix @@ -0,0 +1,3 @@ +{lib, ...}: { + boot.extraModulePackages = []; +} diff --git a/nix/os/devices/sj-srv1/configuration.nix b/nix/os/devices/sj-srv1/configuration.nix new file mode 100644 index 0000000..ff7d0a1 --- /dev/null +++ b/nix/os/devices/sj-srv1/configuration.nix @@ -0,0 +1,29 @@ +{ nodeName +, config +, pkgs +, ... +}: { + disabledModules = [ ]; + imports = [ + ../../profiles/common/configuration.nix + { + users.commonUsers = { + enable = true; + enableNonRoot = true; + rootPasswordFile = config.sops.secrets.passwords-root.path; + }; + + sops.secrets.passwords-root = { + sopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + neededForUsers = true; + format = "yaml"; + }; + } + + ../../modules/opinionatedDisk.nix + + ./system.nix + ./hw.nix + ./boot.nix + ]; +} diff --git a/nix/os/devices/sj-srv1/default.nix b/nix/os/devices/sj-srv1/default.nix new file mode 100644 index 0000000..94458cb --- /dev/null +++ b/nix/os/devices/sj-srv1/default.nix @@ -0,0 +1,28 @@ +{ + nodeName, + repoFlake, + nodeFlake, + ... +}: let + system = "x86_64-linux"; +in { + meta.nodeSpecialArgs.${nodeName} = { + inherit repoFlake nodeName nodeFlake; + packages' = repoFlake.packages.${system}; + }; + + meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { + inherit system; + }; + + ${nodeName} = { + deployment.targetHost = "${nodeName}.dmz.internal"; + deployment.replaceUnknownProfiles = false; + + imports = [ + nodeFlake.inputs.home-manager.nixosModules.home-manager + + ./configuration.nix + ]; + }; +} diff --git a/nix/os/devices/sj-srv1/flake.lock b/nix/os/devices/sj-srv1/flake.lock new file mode 100644 index 0000000..56c2d36 --- /dev/null +++ b/nix/os/devices/sj-srv1/flake.lock @@ -0,0 +1,83 @@ +{ + "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1700392168, + "narHash": "sha256-v5LprEFx3u4+1vmds9K0/i7sHjT0IYGs7u9v54iz/OA=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "28535c3a34d79071f2ccb68671971ce0c0984d7e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-23.05", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1700501263, + "narHash": "sha256-M0U063Ba2DKL4lMYI7XW13Rsk5tfUXnIYiAVa39AV/0=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "f741f8a839912e272d7e87ccf4b9dbc6012cdaf9", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-master": { + "locked": { + "lastModified": 1700758842, + "narHash": "sha256-WNpG3F/0dktkYbG6O8Put9GtBw4C4vb1KwtIibfXYEE=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "359d577687ea3eb033590cf1259f0355e30b9c6f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "master", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1700641131, + "narHash": "sha256-M3bsoVMQM2PcuBWb6n1KDNeMX87svcSj/4qlBcVqs3k=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "da41de71f62bf7fb989a04e39629b8adbf8aa8b5", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "nixpkgs-master": "nixpkgs-master", + "nixpkgs-unstable": "nixpkgs-unstable" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/nix/os/devices/sj-srv1/flake.nix b/nix/os/devices/sj-srv1/flake.nix new file mode 100644 index 0000000..c315b8e --- /dev/null +++ b/nix/os/devices/sj-srv1/flake.nix @@ -0,0 +1,12 @@ +{ + inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05"; + inputs.nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small"; + inputs.nixpkgs-master.url = "github:nixos/nixpkgs/master"; + + inputs.home-manager = { + url = "github:nix-community/home-manager/release-23.05"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = _: {}; +} diff --git a/nix/os/devices/sj-srv1/hw.nix b/nix/os/devices/sj-srv1/hw.nix new file mode 100644 index 0000000..226275c --- /dev/null +++ b/nix/os/devices/sj-srv1/hw.nix @@ -0,0 +1,50 @@ +{...}: let + stage1Modules = [ + "virtio_balloon" + "virtio_scsi" + "virtio_net" + "virtio_pci" + "virtio_ring" + "virtio" + "scsi_mod" + + "virtio_blk" + "virtio_ring" + "ata_piix" + "pata_acpi" + "ata_generic" + + "aesni_intel" + "kvm_amd" + "nvme" + "nvme_core" + + "thunderbolt" + "e1000e" + + "usbcore" + "xhci_hcd" + "usbnet" + "snd_usb_audio" + "usbhid" + "snd_usbmidi_lib" + "cdc_mbim" + "cdc_ncm" + "usb_storage" + "cdc_wdm" + "uvcvideo" + "btusb" + "xhci_pci" + "cdc_ether" + "uas" + ]; +in { + hardware.opinionatedDisk = { + enable = true; + encrypted = false; + diskId = "virtio-virtio-paeNi8Fof9Oe"; + earlyDiskIdOverride = "ata-INTEL_SSDSC2KB019TZ_PHYI315001FW1P9DGN"; + }; + + boot.initrd.kernelModules = stage1Modules; +} diff --git a/nix/os/devices/sj-srv1/system.nix b/nix/os/devices/sj-srv1/system.nix new file mode 100644 index 0000000..d1f9774 --- /dev/null +++ b/nix/os/devices/sj-srv1/system.nix @@ -0,0 +1,125 @@ +{ pkgs +, lib +, config +, repoFlake +, nodeName +, ... +}: + +{ + imports = [ + ../../snippets/systemd-resolved.nix + ]; + + networking.firewall.enable = true; + networking.nftables.enable = true; + + networking.firewall.allowedTCPPorts = [ + # iperf3 + 5201 + ]; + + networking.firewall.logRefusedConnections = false; + + networking.usePredictableInterfaceNames = false; + + networking.useNetworkd = true; + networking.useDHCP = true; + + networking.nat = { + enable = true; + internalInterfaces = [ "ve-*" ]; + externalInterface = "eth0"; + }; + + # virtualization + virtualisation = { docker.enable = false; }; + + nix.gc = { automatic = true; }; + + sops.secrets.restic-password.sopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + + # adapted from https://github.com/lilyinstarlight/foosteros/blob/5c75ded111878970fd4f600c7adc013f971d5e71/config/restic.nix + services.restic.backups.${nodeName} = + let + btrfs = "${pkgs.btrfs-progs}/bin/btrfs"; + in + { + initialize = true; + repository = "sftp://u217879-sub3@u217879-sub3.your-storagebox.de:23/restic/${nodeName}"; + + paths = [ + "/backup" + ]; + + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 5" + "--keep-monthly 12" + "--keep-yearly 2" + ]; + + timerConfig = { + OnCalendar = lib.mkDefault "daily"; + Persistent = true; + }; + + passwordFile = config.sops.secrets.restic-password.path; + + backupPrepareCommand = '' + ${btrfs} su snapshot -r /var/lib/container-volumes /backup/container-volumes + ''; + backupCleanupCommand = '' + ${btrfs} su delete /backup/container-volumes + ''; + }; + + containers = { + mailserver = import ../../containers/mailserver.nix { + inherit repoFlake; + + autoStart = true; + + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.11"; + + imapsPort = 993; + sievePort = 4190; + }; + + webserver = + import ../../containers/webserver.nix + { + inherit repoFlake; + + autoStart = true; + + hostAddress = "192.168.100.12"; + localAddress = "192.168.100.13"; + + httpPort = 80; + httpsPort = 443; + }; + + syncthing = import ../../containers/syncthing.nix { + autoStart = true; + + hostAddress = "192.168.100.14"; + localAddress = "192.168.100.15"; + + syncthingPort = 22000; + }; + }; + + home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { + inherit pkgs; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "22.11"; # Did you read the comment? +} diff --git a/nix/os/devices/sj-vps-htz0/system.nix b/nix/os/devices/sj-vps-htz0/system.nix index 0657935..43eca83 100644 --- a/nix/os/devices/sj-vps-htz0/system.nix +++ b/nix/os/devices/sj-vps-htz0/system.nix @@ -95,40 +95,7 @@ in nix.gc = { automatic = true; }; containers = { - mailserver = import ../../containers/mailserver.nix { - inherit repoFlake; - autoStart = true; - - hostAddress = "192.168.100.10"; - localAddress = "192.168.100.11"; - - imapsPort = 993; - sievePort = 4190; - }; - - webserver = - import ../../containers/webserver.nix - { - inherit repoFlake; - - autoStart = true; - - hostAddress = "192.168.100.12"; - localAddress = "192.168.100.13"; - - httpPort = 80; - httpsPort = 443; - }; - - syncthing = import ../../containers/syncthing.nix { - autoStart = true; - - hostAddress = "192.168.100.14"; - localAddress = "192.168.100.15"; - - syncthingPort = 22000; - }; }; home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { diff --git a/secrets/sj-srv1/secrets.yaml b/secrets/sj-srv1/secrets.yaml new file mode 100644 index 0000000..2303d41 --- /dev/null +++ b/secrets/sj-srv1/secrets.yaml @@ -0,0 +1,38 @@ +#ENC[AES256_GCM,data:NJd2BaOWeCr6IER0GSL4OrnABI65kMLg0ft0auq4gazQJ+40vYKwN7pMimXnhQrIsax01pQocF0x0R9we0i/dbE=,iv:OlqfIRF9FtZVHT4QzjQuKCMbVaA+ei7PE9QvbyWj9OA=,tag:8uPJVrva06SUg0DQ26mNow==,type:comment] +passwords-root: ENC[AES256_GCM,data:mDQXWfH3zcvIifhmFdB5rfuiImHLX0Wb2WuR5Jb4lBII72AN9sEy436nHKLHdDHYDgzBkTHXDz63SfK28GEckJJKXHPcKuYl/g==,iv:M8tcUyUVuYAIesuGxQHQ/JRDlzeklTBAVgD1oBzsbVM=,tag:E8g5Qo1zAJkCvNPDeAv7pw==,type:str] +restic-password: ENC[AES256_GCM,data:0cTVlqHCW/xCk7y3ikh0RtVk/5xFOrcrnQmMbIBtfOd7PYbiTUzwBtYXwOaXO4ob7/+KJUEwhl5TzX/Of1J+y7ML7JbpNPtLr8r0gzDYOvBPY5GlmkDGcorz7QTaomuDprJkoD06lJWme/L893u7rxwamF222D2JvGz5FfTuWfaRWb1PcehBkew89gjdAgqFJJwqlX1vwvQDPg6yj+vnk9ZqR/E967bbQeN/G/qGJ9xfVmeuOPYoZH2IrL0Zgif/FLqZWZtlJ1JnRUBXsVN6FZXfT1Q82euLPOpaUHrFJjAF26PuTwVreIjcBLX3wqc8vhAYWfc+RThS3ITwNdNTSA==,iv:KBqME0cqIIX15xPgKi5mBalk01tswj8xVd8rFETX9zU=,tag:V6KltIGVarWXP1R5lY2FAw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUOFB4VWUyT1pqVWF6b01v + ZmEyeG0zSjRsWTRkWW9FUmtUWlNiS3VTN2dNClcvQitVUDk1d3oxTnErRG1wZmpL + dHlkZnE2VlVUOGMyeW0xNmo5OHdmbmcKLS0tIFlnbXNvUWRPWGI2KzkrMW01Y0E2 + czdzaWhBRWJyb0pBSnphamZVZDgyMDAKjTYixgD7CzJImvPFRYJKJXefXqxSA6I0 + iOyW6E++Ax0MsYll77sR9eMNMgPCromY3uzKVJe640HKY/E1cLoi0Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-01-19T20:25:37Z" + mac: ENC[AES256_GCM,data:gAn4HAJRiejixDApIBZD87JjHLyOnC9LvYR0E4oDa0GVu6/BLVNbie0zG1TdnYl4LAuLa0rf4gkSDCLNvjkBGesGb7oez06WAHJd3VAK6wyFYxQSxKA8U5OZu8nozciuatTCvc/JL1ZjxxGlDFDSHSP2m1PsB6br2e0g8oL1vJw=,iv:7rOU6w+Ly+OYEnF5SikijEpauMp5lhTae74zDi2vF+U=,tag:EURfxNbEe4ZLFF4l19EzFA==,type:str] + pgp: + - created_at: "2023-08-11T16:31:41Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcBMA0SHG/zF3227AQf+ONiHDN6/hgu1g4WBaQOtAd3tnruoG+O9pbv/IIR86T3n + TIQElcQNsWJpHpoTeXB9G+H3HPh1f3z95tdHwQZOD78HpP0B7sOqx/KUOSJqTkC7 + R8jsuAxrIpidr9MIxAypsK5UE3SnZodf6E0IhWR5H26oWXtKPRd2TIBEMwbJZ4dZ + JLZ1D1pYIrJfNez1SP9r8SBMaKJgxLn65sFzonj8j6C+8CpStun2ykLfflsoQzXP + kiCzxG/IR9fA7fyq38h+QdeQgcX7/kyhC/g1tnfDoZRjmcS7gA2yI9Dlxr08cOvy + 0Dbruq0tykU0isHSPQHgKQpX/7PD5aV3mXTyvNyzEtJRASftwq7H5sDJXvAXWLMT + eKfUnGyPanQqVNA/jAPhOj/tAIVQZbL4UIPOlT6REfxmNk9tl7JSDhMJzKAEdkk7 + C5Jot9exml6467YZkApBm0eM + =HulH + -----END PGP MESSAGE----- + fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B + unencrypted_suffix: _unencrypted + version: 3.7.3 From 9ad9b97298e04be7ae1e6ece7fe3aae0d0637fa6 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 18 Jan 2024 23:35:54 +0100 Subject: [PATCH 002/305] router0-dmz0: lots of formattign and exposed host fixes --- nix/os/devices/router0-dmz0/configuration.nix | 911 +++++++++--------- nix/os/devices/steveej-t14/hw.nix | 41 +- 2 files changed, 491 insertions(+), 461 deletions(-) diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 75ca38f..434e3a7 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -1,14 +1,14 @@ -{ - repoFlake, - pkgs, - lib, - config, - nodeFlake, - nodeName, - localDomainName, - system, - ... -}: let +{ repoFlake +, pkgs +, lib +, config +, nodeFlake +, nodeName +, localDomainName +, system +, ... +}: +let inherit (nodeFlake.inputs) bpir3 @@ -16,21 +16,22 @@ ; vlanRangeStart = builtins.head vlanRange; - vlanRangeEnd = builtins.elemAt vlanRange ((builtins.length vlanRange)-1); + vlanRangeEnd = builtins.elemAt vlanRange ((builtins.length vlanRange) - 1); vlanRange = builtins.map (vlanid: (lib.strings.toInt vlanid)) (builtins.attrNames vlans); vlanRangeWith0 = [ 0 ] ++ vlanRange; - mkVlanIpv4HostAddr = { vlanid, host, thirdIpv4SegmentMin ? 20, cidr ? true }: let - # reserve the first subnet for vlanid == 0 - # number the other subnets continously from there - offset = - if vlanid == 0 - then thirdIpv4SegmentMin - else thirdIpv4SegmentMin + 1 - vlanRangeStart; + mkVlanIpv4HostAddr = { vlanid, host, thirdIpv4SegmentMin ? 20, cidr ? true }: + let + # reserve the first subnet for vlanid == 0 + # number the other subnets continously from there + offset = + if vlanid == 0 + then thirdIpv4SegmentMin + else thirdIpv4SegmentMin + 1 - vlanRangeStart; - in + in builtins.concatStringsSep "." - [ "192" "168" (toString (vlanid + offset)) "${toString host}${lib.strings.optionalString cidr "/24"}" ]; + [ "192" "168" (toString (vlanid + offset)) "${toString host}${lib.strings.optionalString cidr "/24"}" ]; defaultVlan = { name = "${localDomainName}"; @@ -57,11 +58,13 @@ "15".packet_priority = -10; }; - vlansByName = lib.attrsets.mapAttrs' (vlanid': attrs: - lib.attrsets.nameValuePair - attrs.name - (attrs // { id = lib.strings.toInt vlanid'; id' = vlanid';}) - ) vlans; + vlansByName = lib.attrsets.mapAttrs' + (vlanid': attrs: + lib.attrsets.nameValuePair + attrs.name + (attrs // { id = lib.strings.toInt vlanid'; id' = vlanid'; }) + ) + vlans; getVlanDomain = { vlanid }: if vlanid == 0 @@ -69,15 +72,18 @@ defaultVlan.name else vlans."${toString vlanid}".name + "." + defaultVlan.name - ; + ; bridgeInterfaceName = "br-lan"; mkInterfaceName = { vlanid }: if vlanid == 0 then bridgeInterfaceName else "${bridgeInterfaceName}.${toString vlanid}" - ; -in { + ; + + exposedHost = "sj-srv1.dmz.internal"; +in +{ imports = [ repoFlake.inputs.sops-nix.nixosModules.sops @@ -174,132 +180,146 @@ in { # TODO: configure packet_priority for VLANs (see https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains#Base_chain_priority, https://wiki.nftables.org/wiki-nftables/index.php/Setting_packet_metainformation#packet_priority) nftables = - { - enable = true; - stopRuleset = ""; - - chains = { - prerouting = { - "redirectweb" = { - after = ["hook"]; - rules = let - wanInterfaces = builtins.concatStringsSep ", " config.networking.nftables.firewall.zones.wan.interfaces; - exposedHost = "srv0-dmz0.dmz.internal"; - in [ - "iifname { ${wanInterfaces} } tcp dport 220 redirect to 22" - # TODO: if this hostname doesn't resolve it'll break the whole ruleset - # "iifname { ${wanInterfaces} } dnat ip to ${exposedHost}" - ]; - }; - }; - }; - - firewall = { + { enable = true; - zones = { - lan.interfaces = [ (mkInterfaceName {vlanid = 0;}) ]; - vlan.interfaces = builtins.map (vlanid: (mkInterfaceName {inherit vlanid;})) vlanRange; - # lan.ipv4Addresses = ["192.168.0.0/16"]; - wan.interfaces = ["wan" "lan0"]; - } // - # generate a zone for each vlan - lib.attrsets.mapAttrs (key: value: { - interfaces = [ (mkInterfaceName { vlanid = value.id; }) ]; - }) - vlansByName - ; - rules = let - ipv6IcmpTypes = [ - "destination-unreachable" "echo-reply" "echo-request" - "packet-too-big" "parameter-problem" "time-exceeded" + stopRuleset = ""; - # Without the nd-* ones ipv6 will not work. - "nd-neighbor-solicit" "nd-router-advert" "nd-neighbor-advert" - ]; - ipv4IcmpTypes = [ - "destination-unreachable" "echo-reply" "echo-request" "source-quench" "time-exceeded" - "router-advertisement" - ]; - allowIcmpLines = [ - "ip protocol icmp icmp type { ${builtins.concatStringsSep ", " ipv4IcmpTypes} } accept" - "ip6 nexthdr icmpv6 icmpv6 type { ${builtins.concatStringsSep ", " ipv6IcmpTypes} } accept" - ]; - in { - fw = { - from = ["fw"]; - verdict = "accept"; - }; - - office-to-dmz = { - from = ["office"]; - to = ["dmz"]; - verdict = "accept"; - }; - - lan-to-fw = { - from = ["lan"]; - to = ["fw" "lan"]; - verdict = "accept"; - }; - - lan-to-wan = { - from = ["lan"]; - to = ["wan"]; - verdict = "accept"; - }; - - vlan-to-wan = { - from = ["vlan"]; - to = ["wan"]; - verdict = "accept"; - }; - - vlan-to-fw = { - allowedUDPPortRanges = [ - { from = 67; to = 68; } - { from = 53; to = 53; } - ]; - allowedTCPPortRanges = [ - { from = 22; to = 22; } - { from = 53; to = 53; } - { from = 5201; to = 5201; } - ]; - from = ["vlan"]; - to = ["fw"]; - extraLines = allowIcmpLines ++ [ - "drop" - ]; - }; - - to-wan-nat = { - from = ["lan" "vlan"]; - to = ["wan"]; - masquerade = true; - verdict = "accept"; - }; - - wan-to-dmz = { - from = ["wan"]; - to = ["dmz"]; - verdict = "accept"; - }; - - wan-to-fw = { - from = ["wan"]; - to = ["fw"]; - allowedTCPPortRanges = [ - { - from = 22; - to = 22; - } - ]; - extraLines = allowIcmpLines ++ [ - "drop" - ]; + chains = { + prerouting = { + "exposeHost" = { + after = [ "hook" ]; + rules = + let + wanInterfaces = builtins.concatStringsSep ", " config.networking.nftables.firewall.zones.wan.interfaces; + in + # TODO: if this hostname doesn't resolve it'll break the whole ruleset + [ + "iifname { ${wanInterfaces} } tcp dport 220 redirect to 22" + "iifname { ${wanInterfaces} } dnat ip to ${exposedHost}" + ]; + }; }; }; + + firewall = { + enable = true; + zones = { + lan.interfaces = [ (mkInterfaceName { vlanid = 0; }) ]; + vlan.interfaces = builtins.map (vlanid: (mkInterfaceName { inherit vlanid; })) vlanRange; + # lan.ipv4Addresses = ["192.168.0.0/16"]; + wan.interfaces = [ "wan" "lan0" ]; + } // + # generate a zone for each vlan + lib.attrsets.mapAttrs + (key: value: { + interfaces = [ (mkInterfaceName { vlanid = value.id; }) ]; + }) + vlansByName + ; + rules = + let + ipv6IcmpTypes = [ + "destination-unreachable" + "echo-reply" + "echo-request" + "packet-too-big" + "parameter-problem" + "time-exceeded" + + # Without the nd-* ones ipv6 will not work. + "nd-neighbor-solicit" + "nd-router-advert" + "nd-neighbor-advert" + ]; + ipv4IcmpTypes = [ + "destination-unreachable" + "echo-reply" + "echo-request" + "source-quench" + "time-exceeded" + "router-advertisement" + ]; + allowIcmpLines = [ + "ip protocol icmp icmp type { ${builtins.concatStringsSep ", " ipv4IcmpTypes} } accept" + "ip6 nexthdr icmpv6 icmpv6 type { ${builtins.concatStringsSep ", " ipv6IcmpTypes} } accept" + ]; + in + { + fw = { + from = [ "fw" ]; + verdict = "accept"; + }; + + office-to-dmz = { + from = [ "office" ]; + to = [ "dmz" ]; + verdict = "accept"; + }; + + lan-to-fw = { + from = [ "lan" ]; + to = [ "fw" "lan" ]; + verdict = "accept"; + }; + + lan-to-wan = { + from = [ "lan" ]; + to = [ "wan" ]; + verdict = "accept"; + }; + + vlan-to-wan = { + from = [ "vlan" ]; + to = [ "wan" ]; + verdict = "accept"; + }; + + vlan-to-fw = { + allowedUDPPortRanges = [ + { from = 67; to = 68; } + { from = 53; to = 53; } + ]; + allowedTCPPortRanges = [ + { from = 22; to = 22; } + { from = 53; to = 53; } + { from = 5201; to = 5201; } + ]; + from = [ "vlan" ]; + to = [ "fw" ]; + extraLines = allowIcmpLines ++ [ + "drop" + ]; + }; + + to-wan-nat = { + from = [ "lan" "vlan" ]; + to = [ "wan" ]; + masquerade = true; + verdict = "accept"; + }; + + wan-to-dmz = { + from = [ "wan" ]; + to = [ "dmz" ]; + verdict = "accept"; + }; + + wan-to-fw = { + from = [ "wan" ]; + to = [ "fw" ]; + allowedTCPPortRanges = [ + { + from = 22; + to = 22; + } + ]; + extraLines = allowIcmpLines ++ [ + "drop" + ]; + }; + }; + }; }; - }; }; systemd.network = { @@ -322,10 +342,10 @@ in { }; } - # generate the vlan devices. these will be tagged on the main bridge - // builtins.foldl' + # generate the vlan devices. these will be tagged on the main bridge + // builtins.foldl' (acc: cur: acc // cur) - {} + { } (builtins.map ({ vlanid, vlanid' }: { "20-${mkInterfaceName { inherit vlanid; }}" = { @@ -433,9 +453,9 @@ in { # Configure the bridge for its desired function "40-${bridgeInterfaceName}" = { matchConfig.Name = bridgeInterfaceName; - bridgeConfig = {}; + bridgeConfig = { }; address = [ - (mkVlanIpv4HostAddr { vlanid = 0; host = 1;}) + (mkVlanIpv4HostAddr { vlanid = 0; host = 1; }) ]; networkConfig = { ConfigureWithoutCarrier = true; @@ -466,72 +486,73 @@ in { # * vlan config for wlan interface // builtins.foldl' - (acc: cur: acc // cur) - {} - (builtins.map ({ vlanid, vlanid' }: { - # configure the tagged vlan device with an address and vlan filtering. - # dnsmasq is configured to serve the respective /24 range on each tagged device. - # this device only receives traffic for the given vlanid and sends tagged traffic to the bridge. - "41-${mkInterfaceName { inherit vlanid; }}" = { - matchConfig.Name = "${mkInterfaceName { inherit vlanid; }}"; - address = [ - (mkVlanIpv4HostAddr { inherit vlanid; host = 1; }) - ]; - networkConfig = { - ConfigureWithoutCarrier = true; - }; - - linkConfig.RequiredForOnline = "no"; - linkConfig.ActivationPolicy = "always-up"; - - bridgeVLANs = [ - { - bridgeVLANConfig = { - VLAN = vlanid; + (acc: cur: acc // cur) + { } + (builtins.map + ({ vlanid, vlanid' }: { + # configure the tagged vlan device with an address and vlan filtering. + # dnsmasq is configured to serve the respective /24 range on each tagged device. + # this device only receives traffic for the given vlanid and sends tagged traffic to the bridge. + "41-${mkInterfaceName { inherit vlanid; }}" = { + matchConfig.Name = "${mkInterfaceName { inherit vlanid; }}"; + address = [ + (mkVlanIpv4HostAddr { inherit vlanid; host = 1; }) + ]; + networkConfig = { + ConfigureWithoutCarrier = true; }; - } - ]; - }; - # configure the wlan interface as a bridge member that - # * only gets traffic for vid 15 - # * untags traffic after receiving it - # * tags traffic that comes out of it - "41-wlan0.${vlanid'}" = { - matchConfig.Name = "wlan0.${vlanid'}"; - networkConfig = { - Bridge = bridgeInterfaceName; - ConfigureWithoutCarrier = true; - }; + linkConfig.RequiredForOnline = "no"; + linkConfig.ActivationPolicy = "always-up"; - linkConfig.RequiredForOnline = "no"; + bridgeVLANs = [ + { + bridgeVLANConfig = { + VLAN = vlanid; + }; + } + ]; + }; - bridgeVLANs = [ - { - bridgeVLANConfig = { - VLAN = vlanid; - PVID = vlanid; - EgressUntagged = vlanid; + # configure the wlan interface as a bridge member that + # * only gets traffic for vid 15 + # * untags traffic after receiving it + # * tags traffic that comes out of it + "41-wlan0.${vlanid'}" = { + matchConfig.Name = "wlan0.${vlanid'}"; + networkConfig = { + Bridge = bridgeInterfaceName; + ConfigureWithoutCarrier = true; }; - } - ]; - }; - "50-${mkInterfaceName { inherit vlanid; }}" = { - matchConfig.Name = "${mkInterfaceName { inherit vlanid; }}"; - address = [ - (mkVlanIpv4HostAddr { inherit vlanid; host = 1; }) - ]; - networkConfig = { - ConfigureWithoutCarrier = true; - }; - linkConfig.RequiredForOnline = "no"; - }; - }) - (builtins.map - (vlanid: { inherit vlanid; vlanid' = builtins.toString vlanid; }) - vlanRange - )) + linkConfig.RequiredForOnline = "no"; + + bridgeVLANs = [ + { + bridgeVLANConfig = { + VLAN = vlanid; + PVID = vlanid; + EgressUntagged = vlanid; + }; + } + ]; + }; + + "50-${mkInterfaceName { inherit vlanid; }}" = { + matchConfig.Name = "${mkInterfaceName { inherit vlanid; }}"; + address = [ + (mkVlanIpv4HostAddr { inherit vlanid; host = 1; }) + ]; + networkConfig = { + ConfigureWithoutCarrier = true; + }; + linkConfig.RequiredForOnline = "no"; + }; + }) + (builtins.map + (vlanid: { inherit vlanid; vlanid' = builtins.toString vlanid; }) + vlanRange + )) ; }; @@ -539,240 +560,248 @@ in { services.hostapd = { enable = true; package = nodeFlake.packages.${system}.hostapd_patched; - radios = let - # generated with https://miniwebtool.com/mac-address-generator/ - mkBssid = i: "34:56:ce:0f:ed:4${toString i}"; - in { - wlan0 = { - band = "2g"; - countryCode = "CH"; - channel = 0; # ACS + radios = + let + # generated with https://miniwebtool.com/mac-address-generator/ + mkBssid = i: "34:56:ce:0f:ed:4${toString i}"; + in + { + wlan0 = { + band = "2g"; + countryCode = "CH"; + channel = 0; # ACS - # use 'iw phy#1 info' to determine your VHT capabilities - wifi4 = { - enable = true; - capabilities = ["HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935"]; - }; - networks = { - wlan0 = let - iface = "wlan0"; - in { - ssid = "mlsia"; - bssid = mkBssid 0; + # use 'iw phy#1 info' to determine your VHT capabilities + wifi4 = { + enable = true; + capabilities = [ "HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" ]; + }; + networks = { + wlan0 = + let + iface = "wlan0"; + in + { + ssid = "mlsia"; + bssid = mkBssid 0; - # authentication.mode = "wpa3-sae"; - authentication.mode = "wpa3-sae-transition"; + # authentication.mode = "wpa3-sae"; + authentication.mode = "wpa3-sae-transition"; - authentication.wpaPskFile = config.sops.secrets."${iface}_wpaPskFile".path; - authentication.saePasswordsFile = config.sops.secrets."${iface}_saePasswordsFile".path; + authentication.wpaPskFile = config.sops.secrets."${iface}_wpaPskFile".path; + authentication.saePasswordsFile = config.sops.secrets."${iface}_saePasswordsFile".path; - # see https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf for reference - settings = { - # bridge = bridgeInterfaceName; + # see https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf for reference + settings = { + # bridge = bridgeInterfaceName; - # wpa_psk_file = config.sops.secrets.wlan0_wpaPskFile.path; - # not yet supported on hostapd 2.10 - # sae_password_file = config.sops.secrets.wlan0_saePasswordsFile.path; + # wpa_psk_file = config.sops.secrets.wlan0_wpaPskFile.path; + # not yet supported on hostapd 2.10 + # sae_password_file = config.sops.secrets.wlan0_saePasswordsFile.path; - # enables debug logging - logger_stdout_level= lib.mkForce 0; - logger_stdout = -1; - # logger_syslog_level= lib.mkForce 0; + # enables debug logging + logger_stdout_level = lib.mkForce 0; + logger_stdout = -1; + # logger_syslog_level= lib.mkForce 0; - # resources on vlan tagging - # https://wireless.wiki.kernel.org/en/users/Documentation/hostapd#dynamic_vlan_tagging - # https://forum.openwrt.org/t/individual-per-passphrase-wifi-vlans-using-wpa-psk-file-no-radius-required/161696/4 + # resources on vlan tagging + # https://wireless.wiki.kernel.org/en/users/Documentation/hostapd#dynamic_vlan_tagging + # https://forum.openwrt.org/t/individual-per-passphrase-wifi-vlans-using-wpa-psk-file-no-radius-required/161696/4 - dynamic_vlan = 1; + dynamic_vlan = 1; - # this option currently requires a patch to hostapd - vlan_no_bridge = 1; + # this option currently requires a patch to hostapd + vlan_no_bridge = 1; - /* not used due to the above vlan_no_bridge setting + /* not used due to the above vlan_no_bridge setting vlan_tagged_interface = bridgeInterfaceName; vlan_naming = 1; vlan_bridge = "br-${iface}."; - */ + */ - vlan_file = let - generated = builtins.map (vlanid: - "${builtins.toString vlanid} ${iface}.${builtins.toString vlanid}" - ) vlanRange - ; + vlan_file = + let + generated = builtins.map + (vlanid: + "${builtins.toString vlanid} ${iface}.${builtins.toString vlanid}" + ) + vlanRange + ; - wildcard = [ - # Optional wildcard entry matching all VLAN IDs. The first # in the interface - # name will be replaced with the VLAN ID. The network interfaces are created - # (and removed) dynamically based on the use. - # see https://w1.fi/cgit/hostap/tree/hostapd/hostapd.vlan - "* ${iface}.#" - ]; + wildcard = [ + # Optional wildcard entry matching all VLAN IDs. The first # in the interface + # name will be replaced with the VLAN ID. The network interfaces are created + # (and removed) dynamically based on the use. + # see https://w1.fi/cgit/hostap/tree/hostapd/hostapd.vlan + "* ${iface}.#" + ]; - file = pkgs.writeText "hostapd.vlan" - (builtins.concatStringsSep "\n" (generated ++ wildcard)); - filePath = toString file; - in filePath; + file = pkgs.writeText "hostapd.vlan" + (builtins.concatStringsSep "\n" (generated ++ wildcard)); + filePath = toString file; + in + filePath; - wpa_key_mgmt = lib.mkForce (builtins.concatStringsSep " " [ - "WPA-PSK" + wpa_key_mgmt = lib.mkForce (builtins.concatStringsSep " " [ + "WPA-PSK" - # TODO: the printer can't connect when this is on - # "WPA-PSK-SHA256" + # TODO: the printer can't connect when this is on + # "WPA-PSK-SHA256" - # unfortunately SAE doesn't support VLAN passwords in the way i'd like to use them - # "SAE" - ]); + # unfortunately SAE doesn't support VLAN passwords in the way i'd like to use them + # "SAE" + ]); - # wpa_psk_radius = 0; - wpa_pairwise = "CCMP"; - wmm_enabled = 1; + # wpa_psk_radius = 0; + wpa_pairwise = "CCMP"; + wmm_enabled = 1; - # IEEE 802.11i (authentication) related configuration - # Encrypt management frames to protect against deauthentication and similar attacks - ieee80211w = 1; - sae_require_mfp = 1; - sae_groups = "19 20 21"; + # IEEE 802.11i (authentication) related configuration + # Encrypt management frames to protect against deauthentication and similar attacks + ieee80211w = 1; + sae_require_mfp = 1; + sae_groups = "19 20 21"; - # [ENABLE-TLSv1.3] = enable TLSv1.3 (experimental - disabled by default) - tls_flags= "[ENABLE-TLSv1.3]"; + # [ENABLE-TLSv1.3] = enable TLSv1.3 (experimental - disabled by default) + tls_flags = "[ENABLE-TLSv1.3]"; - ieee8021x=0; - eap_server=0; - }; + ieee8021x = 0; + eap_server = 0; + }; + }; + + # wlan0-1 = { + # ssid = "mlsia-testing"; + # authentication = { + # mode = "wpa3-sae-transition"; + # }; + + # bssid = mkBssid 1; + # settings = { + # bridge = bridgeInterfaceName; + # }; + # }; + + # wlan0-1 = { + # ssid = "justtestingwifi-wpa3"; + # authentication = { + # mode = "wpa3-sae"; + # saePasswordsFile = config.sops.secrets.wlan0_1_saePasswordFile.path; + # }; + + # bssid = mkBssid 1; + # settings = { + # bridge = bridgeInterfaceName; + # }; + # }; + + # Uncomment when needed otherwise remove + # wlan0-1 = { + # ssid = "koteczkowo3"; + # authentication = { + # mode = "none"; # this is overriden by settings + # }; + # managementFrameProtection = "optional"; + # bssid = "e6:02:43:07:00:00"; + # settings = { + # bridge = bridgeInterfaceName; + # wpa = lib.mkForce 2; + # wpa_key_mgmt = "WPA-PSK"; + # wpa_pairwise = "CCMP"; + # wpa_psk_file = config.sops.secrets.legacyWifiPassword.path; + # }; + # }; }; - - # wlan0-1 = { - # ssid = "mlsia-testing"; - # authentication = { - # mode = "wpa3-sae-transition"; - # }; - - # bssid = mkBssid 1; - # settings = { - # bridge = bridgeInterfaceName; - # }; - # }; - - # wlan0-1 = { - # ssid = "justtestingwifi-wpa3"; - # authentication = { - # mode = "wpa3-sae"; - # saePasswordsFile = config.sops.secrets.wlan0_1_saePasswordFile.path; - # }; - - # bssid = mkBssid 1; - # settings = { - # bridge = bridgeInterfaceName; - # }; - # }; - - # Uncomment when needed otherwise remove - # wlan0-1 = { - # ssid = "koteczkowo3"; - # authentication = { - # mode = "none"; # this is overriden by settings - # }; - # managementFrameProtection = "optional"; - # bssid = "e6:02:43:07:00:00"; - # settings = { - # bridge = bridgeInterfaceName; - # wpa = lib.mkForce 2; - # wpa_key_mgmt = "WPA-PSK"; - # wpa_pairwise = "CCMP"; - # wpa_psk_file = config.sops.secrets.legacyWifiPassword.path; - # }; - # }; }; + + # wlan1 = { + # band = "5g"; + # # channels with 160 MHz width in Poland: 36, 52, 100 i 116 + # channel = 0; # ACS + # countryCode = "PL"; + + # # use 'iw phy#1 info' to determine your VHT capabilities + # wifi4 = { + # enable = true; + # capabilities = ["HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935"]; + # }; + # wifi5 = { + # enable = true; + # operatingChannelWidth = "160"; + # capabilities = ["RXLDPC" "SHORT-GI-80" "SHORT-GI-160" "TX-STBC-2BY1" "SU-BEAMFORMER" "SU-BEAMFORMEE" "MU-BEAMFORMER" "MU-BEAMFORMEE" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "SOUNDING-DIMENSION-4" "BF-ANTENNA-4" "VHT160" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7"]; + # }; + # wifi6 = { + # enable = true; + # singleUserBeamformer = true; + # singleUserBeamformee = true; + # multiUserBeamformer = true; + # operatingChannelWidth = "160"; + # }; + # settings = { + # # these two are mandatory for wifi 5 & 6 to work + # vht_oper_centr_freq_seg0_idx = 50; + # he_oper_centr_freq_seg0_idx = 50; + + # # The "tx_queue_data2_burst" parameter in Linux refers to the burst size for + # # transmitting data packets from the second data queue of a network interface. + # # It determines the number of packets that can be sent in a burst. + # # Adjusting this parameter can impact network throughput and latency. + # tx_queue_data2_burst = 2; + + # # The "he_bss_color" parameter in Wi-Fi 6 (802.11ax) refers to the BSS Color field in the HE (High Efficiency) MAC header. + # # BSS Color is a mechanism introduced in Wi-Fi 6 to mitigate interference and improve network efficiency in dense deployment scenarios. + # # It allows multiple overlapping Basic Service Sets (BSS) to differentiate and coexist in the same area without causing excessive interference. + # he_bss_color = 63; # was set to 128 by openwrt but range of possible values in 2.10 is 1-63 + + # # Magic values that were set by openwrt but I didn't bother inspecting every single one + # he_spr_sr_control = 3; + # he_default_pe_duration = 4; + # he_rts_threshold = 1023; + + # he_mu_edca_qos_info_param_count = 0; + # he_mu_edca_qos_info_q_ack = 0; + # he_mu_edca_qos_info_queue_request = 0; + # he_mu_edca_qos_info_txop_request = 0; + + # # he_mu_edca_ac_be_aci=0; missing in 2.10 + # he_mu_edca_ac_be_aifsn = 8; + # he_mu_edca_ac_be_ecwmin = 9; + # he_mu_edca_ac_be_ecwmax = 10; + # he_mu_edca_ac_be_timer = 255; + + # he_mu_edca_ac_bk_aifsn = 15; + # he_mu_edca_ac_bk_aci = 1; + # he_mu_edca_ac_bk_ecwmin = 9; + # he_mu_edca_ac_bk_ecwmax = 10; + # he_mu_edca_ac_bk_timer = 255; + + # he_mu_edca_ac_vi_ecwmin = 5; + # he_mu_edca_ac_vi_ecwmax = 7; + # he_mu_edca_ac_vi_aifsn = 5; + # he_mu_edca_ac_vi_aci = 2; + # he_mu_edca_ac_vi_timer = 255; + + # he_mu_edca_ac_vo_aifsn = 5; + # he_mu_edca_ac_vo_aci = 3; + # he_mu_edca_ac_vo_ecwmin = 5; + # he_mu_edca_ac_vo_ecwmax = 7; + # he_mu_edca_ac_vo_timer = 255; + # }; + # networks = { + # wlan1 = { + # ssid = "koteczkowo5"; + # authentication = { + # mode = "wpa3-sae"; + # saePasswordsFile = config.sops.secrets.wifiPassword.path; # Use saePasswordsFile if possible. + # }; + # bssid = "36:b9:02:21:08:a2"; + # settings = { + # bridge = bridgeInterfaceName; + # }; + # }; + # }; + # }; }; - - # wlan1 = { - # band = "5g"; - # # channels with 160 MHz width in Poland: 36, 52, 100 i 116 - # channel = 0; # ACS - # countryCode = "PL"; - - # # use 'iw phy#1 info' to determine your VHT capabilities - # wifi4 = { - # enable = true; - # capabilities = ["HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935"]; - # }; - # wifi5 = { - # enable = true; - # operatingChannelWidth = "160"; - # capabilities = ["RXLDPC" "SHORT-GI-80" "SHORT-GI-160" "TX-STBC-2BY1" "SU-BEAMFORMER" "SU-BEAMFORMEE" "MU-BEAMFORMER" "MU-BEAMFORMEE" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "SOUNDING-DIMENSION-4" "BF-ANTENNA-4" "VHT160" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7"]; - # }; - # wifi6 = { - # enable = true; - # singleUserBeamformer = true; - # singleUserBeamformee = true; - # multiUserBeamformer = true; - # operatingChannelWidth = "160"; - # }; - # settings = { - # # these two are mandatory for wifi 5 & 6 to work - # vht_oper_centr_freq_seg0_idx = 50; - # he_oper_centr_freq_seg0_idx = 50; - - # # The "tx_queue_data2_burst" parameter in Linux refers to the burst size for - # # transmitting data packets from the second data queue of a network interface. - # # It determines the number of packets that can be sent in a burst. - # # Adjusting this parameter can impact network throughput and latency. - # tx_queue_data2_burst = 2; - - # # The "he_bss_color" parameter in Wi-Fi 6 (802.11ax) refers to the BSS Color field in the HE (High Efficiency) MAC header. - # # BSS Color is a mechanism introduced in Wi-Fi 6 to mitigate interference and improve network efficiency in dense deployment scenarios. - # # It allows multiple overlapping Basic Service Sets (BSS) to differentiate and coexist in the same area without causing excessive interference. - # he_bss_color = 63; # was set to 128 by openwrt but range of possible values in 2.10 is 1-63 - - # # Magic values that were set by openwrt but I didn't bother inspecting every single one - # he_spr_sr_control = 3; - # he_default_pe_duration = 4; - # he_rts_threshold = 1023; - - # he_mu_edca_qos_info_param_count = 0; - # he_mu_edca_qos_info_q_ack = 0; - # he_mu_edca_qos_info_queue_request = 0; - # he_mu_edca_qos_info_txop_request = 0; - - # # he_mu_edca_ac_be_aci=0; missing in 2.10 - # he_mu_edca_ac_be_aifsn = 8; - # he_mu_edca_ac_be_ecwmin = 9; - # he_mu_edca_ac_be_ecwmax = 10; - # he_mu_edca_ac_be_timer = 255; - - # he_mu_edca_ac_bk_aifsn = 15; - # he_mu_edca_ac_bk_aci = 1; - # he_mu_edca_ac_bk_ecwmin = 9; - # he_mu_edca_ac_bk_ecwmax = 10; - # he_mu_edca_ac_bk_timer = 255; - - # he_mu_edca_ac_vi_ecwmin = 5; - # he_mu_edca_ac_vi_ecwmax = 7; - # he_mu_edca_ac_vi_aifsn = 5; - # he_mu_edca_ac_vi_aci = 2; - # he_mu_edca_ac_vi_timer = 255; - - # he_mu_edca_ac_vo_aifsn = 5; - # he_mu_edca_ac_vo_aci = 3; - # he_mu_edca_ac_vo_ecwmin = 5; - # he_mu_edca_ac_vo_ecwmax = 7; - # he_mu_edca_ac_vo_timer = 255; - # }; - # networks = { - # wlan1 = { - # ssid = "koteczkowo5"; - # authentication = { - # mode = "wpa3-sae"; - # saePasswordsFile = config.sops.secrets.wifiPassword.path; # Use saePasswordsFile if possible. - # }; - # bssid = "36:b9:02:21:08:a2"; - # settings = { - # bridge = bridgeInterfaceName; - # }; - # }; - # }; - # }; - }; }; services.resolved.enable = false; @@ -797,20 +826,21 @@ in { local-ttl = 0; dhcp-ttl = 0; - dhcp-range = let - mkDhcpRange = { tag, vlanid }: builtins.concatStringsSep "," [ - tag - (mkVlanIpv4HostAddr { inherit vlanid; host = 100; cidr = false; }) - (mkVlanIpv4HostAddr { inherit vlanid; host = 199; cidr = false; }) - "12h" - ]; - in + dhcp-range = + let + mkDhcpRange = { tag, vlanid }: builtins.concatStringsSep "," [ + tag + (mkVlanIpv4HostAddr { inherit vlanid; host = 100; cidr = false; }) + (mkVlanIpv4HostAddr { inherit vlanid; host = 199; cidr = false; }) + "12h" + ]; + in builtins.map (vlanid: - mkDhcpRange { tag = mkInterfaceName {inherit vlanid;}; inherit vlanid; } + mkDhcpRange { tag = mkInterfaceName { inherit vlanid; }; inherit vlanid; } ) vlanRangeWith0 - ; + ; # interface = bridgeInterfaceName; # bind-interfaces = true; @@ -854,7 +884,9 @@ in { (vlanid: builtins.concatStringsSep "," [ # "${getVlanDomain{inherit vlanid;}}" "0.0.0.1" (mkInterfaceName {inherit vlanid;}) - "${nodeName}.${getVlanDomain{inherit vlanid;}}" "0.0.0.1" (mkInterfaceName {inherit vlanid;}) + "${nodeName}.${getVlanDomain{inherit vlanid;}}" + "0.0.0.1" + (mkInterfaceName { inherit vlanid; }) ] ) vlanRangeWith0 @@ -864,6 +896,11 @@ in { (vlanid: "${mkInterfaceName {inherit vlanid;}},option:domain-search,${getVlanDomain{inherit vlanid;}}") vlanRangeWith0 ; + + cname = [ + "mailserver.svc.stefanjunker.de,${exposedHost}" + "www.stefanjunker.de,${exposedHost}" + ]; }; }; @@ -881,10 +918,10 @@ in { # They fail to load properly, leaving the system without working ethernet, they'll oops on # remove. MTK-DSA parts and PCIe were observed to do this. boot.initrd.includeDefaultModules = false; - boot.initrd.kernelModules = ["rfkill" "cfg80211" "mt7915e"]; - boot.initrd.availableKernelModules = ["nvme"]; + boot.initrd.kernelModules = [ "rfkill" "cfg80211" "mt7915e" ]; + boot.initrd.availableKernelModules = [ "nvme" ]; - boot.kernelParams = ["console=ttyS0,115200"]; + boot.kernelParams = [ "console=ttyS0,115200" ]; hardware.enableRedistributableFirmware = true; # Wireless hardware exists, regulatory database is essential. hardware.wirelessRegulatoryDatabase = true; diff --git a/nix/os/devices/steveej-t14/hw.nix b/nix/os/devices/steveej-t14/hw.nix index 5c8c9b4..f60324f 100644 --- a/nix/os/devices/steveej-t14/hw.nix +++ b/nix/os/devices/steveej-t14/hw.nix @@ -1,4 +1,5 @@ -{lib, ...}: let +{ lib, ... }: +let stage1Modules = [ "aesni_intel" "kvm_amd" @@ -10,34 +11,26 @@ "usbcore" "xhci_hcd" - "usbnet" - "snd_usb_audio" "usbhid" - "snd_usbmidi_lib" - "cdc_mbim" - "cdc_ncm" "usb_storage" - "cdc_wdm" - "uvcvideo" - "btusb" "xhci_pci" - "cdc_ether" "uas" ]; -in { +in +{ # TASK: new device hardware.opinionatedDisk = { enable = true; encrypted = true; diskId = "nvme-WD_BLACK_SN850X_4000GB_2227DT443901"; - earlyDiskIdOverride = "usb-JMicron_Generic_0123456789ABCDEF-0:0"; + earlyDiskIdOverride = "usb-JMicron_Generic_0123456789ABCDEF-0:0"; }; # boot.loader.grub.device = lib.mkForce "/dev/disk/by-id/usb-JMicron_Generic_0123456789ABCDEF-0:0"; # see https://linrunner.de/tlp/ services.tlp = { - enable = true; + enable = false; settings = { CPU_DRIVER_OPMODE_ON_AC = "active"; CPU_DRIVER_OPMODE_ON_BAT = "passive"; @@ -81,7 +74,7 @@ in { # #DEVICES_TO_DISABLE_ON_WIFI_CONNECT="wwan"; # #DEVICES_TO_DISABLE_ON_WWAN_CONNECT="wifi"; - SATA_LINKPWR_ON_AC = "maax_performance"; + SATA_LINKPWR_ON_AC = "max_performance"; SATA_LINKPWR_ON_BAT = "min_power"; }; }; @@ -91,16 +84,16 @@ in { enable = true; levels = [ # ["level auto" 0 60] - [0 0 60] - [1 60 65] - [1 65 75] - [2 75 78] - [3 78 80] - [4 80 82] - [5 82 84] - [6 84 86] - [7 86 88] - ["level full-speed" 88 999] + [ 0 0 60 ] + [ 1 60 65 ] + [ 1 65 75 ] + [ 2 75 78 ] + [ 3 78 80 ] + [ 4 80 82 ] + [ 5 82 84 ] + [ 6 84 86 ] + [ 7 86 88 ] + [ "level full-speed" 88 999 ] ]; extraArgs = [ From 1bfb2a25abfb12b1e2dea2a1a7c8fba87dfe3ded Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 19 Jan 2024 11:49:33 +0100 Subject: [PATCH 003/305] lib/default: format --- nix/os/lib/default.nix | 63 ++++++++++++++++++++++-------------------- 1 file changed, 33 insertions(+), 30 deletions(-) diff --git a/nix/os/lib/default.nix b/nix/os/lib/default.nix index 9871d3b..c74ccd0 100644 --- a/nix/os/lib/default.nix +++ b/nix/os/lib/default.nix @@ -1,35 +1,38 @@ -{ - lib, - config, -}: let +{ lib +, config +, +}: +let keys = import ../../variables/keys.nix; -in { +in +{ mkUser = args: ( - lib.attrsets.recursiveUpdate { - isNormalUser = true; - extraGroups = [ - "docker" - "wheel" - "libvirtd" - "networkmanager" - "vboxusers" - "users" - "input" - "audio" - "video" - "cdrom" - "adbusers" - "dialout" - "cdrom" - ]; - openssh.authorizedKeys.keys = keys.users.steveej.openssh; + lib.attrsets.recursiveUpdate + { + isNormalUser = true; + extraGroups = [ + "docker" + "wheel" + "libvirtd" + "networkmanager" + "vboxusers" + "users" + "input" + "audio" + "video" + "cdrom" + "adbusers" + "dialout" + "cdrom" + ]; + openssh.authorizedKeys.keys = keys.users.steveej.openssh; - # TODO: investigate why this secret cannot be found - # openssh.authorizedKeys.keyFiles = [ - # config.sops.secrets.sharedSshKeys-steveej.path - # ]; - } - args + # TODO: investigate why this secret cannot be found + # openssh.authorizedKeys.keyFiles = [ + # config.sops.secrets.sharedSshKeys-steveej.path + # ]; + } + args ); disk = rec { @@ -38,7 +41,7 @@ in { # LVM doesn't allow most characters in VG names # TODO: replace this with a whitelist for: [a-zA-Z0-9.-_+] - volumeGroup = diskId: builtins.replaceStrings [":"] [""] diskId; + volumeGroup = diskId: builtins.replaceStrings [ ":" ] [ "" ] diskId; # This is important at install-time bootGrubDevice = diskId: "/dev/disk/by-id/" + diskId; From 54f9cdd34c7783554e6a96783537bb80ddfaf1d2 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 19 Jan 2024 11:49:49 +0100 Subject: [PATCH 004/305] lib/default: add fuse to default groups --- nix/os/lib/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/os/lib/default.nix b/nix/os/lib/default.nix index c74ccd0..252989e 100644 --- a/nix/os/lib/default.nix +++ b/nix/os/lib/default.nix @@ -24,6 +24,7 @@ in "adbusers" "dialout" "cdrom" + "fuse" ]; openssh.authorizedKeys.keys = keys.users.steveej.openssh; From aa15170491ada392fdf3ee7b0cb2363545a74330 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 19 Jan 2024 13:56:20 +0100 Subject: [PATCH 005/305] router0-dmz0: remove cname as it's not needed --- nix/os/devices/router0-dmz0/configuration.nix | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 434e3a7..9256425 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -897,10 +897,20 @@ in vlanRangeWith0 ; - cname = [ - "mailserver.svc.stefanjunker.de,${exposedHost}" - "www.stefanjunker.de,${exposedHost}" - ]; + # auth-server = [ + # (builtins.concatStringsSep "," [ + # "www.stefanjunker.de" + # # (mkInterfaceName { vlanid = vlansByName.dmz.id; }) + # # (mkInterfaceName { vlanid = vlansByName.office.id; }) + # ]) + # ]; + + # cname = [ + # "mailserver.svc.stefanjunker.de,${exposedHost}" + # "www.stefanjunker.de,${exposedHost}" + # "hedgedoc.www.stefanjunker.de,${exposedHost}" + # "jitsi.www.stefanjunker.de,${exposedHost}" + # ]; }; }; From f35bd726fa5aa1e66072177d505a4d16a5c295c6 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 19 Jan 2024 13:56:34 +0100 Subject: [PATCH 006/305] t14: disable thinkfan --- nix/os/devices/steveej-t14/hw.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/os/devices/steveej-t14/hw.nix b/nix/os/devices/steveej-t14/hw.nix index f60324f..419399b 100644 --- a/nix/os/devices/steveej-t14/hw.nix +++ b/nix/os/devices/steveej-t14/hw.nix @@ -81,7 +81,7 @@ in # see https://www.kernel.org/doc/html/v6.6/admin-guide/laptops/thinkpad-acpi.html#fan-control-and-monitoring-fan-speed-fan-enable-disable services.thinkfan = { - enable = true; + enable = false; levels = [ # ["level auto" 0 60] [ 0 0 60 ] From 03c6157ab5356fa4a59c4aa67ef3382de974b614 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 21 Jan 2024 21:08:01 +0100 Subject: [PATCH 007/305] steveej-x13s-rmvbl: init with minimal setup this configures a standalone USB device that doesn't need configuration of the firmware's EFI variables. --- .sops.yaml | 8 + flake.lock | 17 -- flake.nix | 15 +- nix/devShells.nix | 24 +-- .../devices/sj-bm-hostkey0/configuration.nix | 100 +++++---- nix/os/devices/steveej-t14/hw.nix | 34 ++-- nix/os/devices/steveej-t14/system.nix | 11 + .../.gitignore | 0 .../steveej-x13s-rmvbl/configuration.nix | 66 ++++++ .../default.nix | 0 nix/os/devices/steveej-x13s-rmvbl/disko.nix | 66 ++++++ .../flake.lock | 108 +++++----- .../flake.nix | 190 ++++++++++-------- nix/os/devices/steveej-x13s/configuration.nix | 82 -------- secrets/shared-users.yaml | 108 +++++----- secrets/steveej-x13s-rmvbl/secrets.yaml | 46 +++++ 16 files changed, 501 insertions(+), 374 deletions(-) rename nix/os/devices/{steveej-x13s => steveej-x13s-rmvbl}/.gitignore (100%) create mode 100644 nix/os/devices/steveej-x13s-rmvbl/configuration.nix rename nix/os/devices/{steveej-x13s => steveej-x13s-rmvbl}/default.nix (100%) create mode 100644 nix/os/devices/steveej-x13s-rmvbl/disko.nix rename nix/os/devices/{steveej-x13s => steveej-x13s-rmvbl}/flake.lock (58%) rename nix/os/devices/{steveej-x13s => steveej-x13s-rmvbl}/flake.nix (61%) delete mode 100644 nix/os/devices/steveej-x13s/configuration.nix create mode 100644 secrets/steveej-x13s-rmvbl/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml index 7f5c5ec..4ac1cea 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -8,6 +8,7 @@ keys: - &steveej 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B - &steveej-t14 age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl + - &steveej-x13s-rmvbl age1hkta9w0yawwwwchapemkygzxkrv7vx759vrafgrjhm63spckwstque8x97 - &elias-e525 age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm - &justyna-p300 age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8 @@ -24,6 +25,7 @@ creation_rules: - *steveej age: - *steveej-t14 + - *steveej-x13s-rmvbl - *elias-e525 - *justyna-p300 @@ -83,3 +85,9 @@ creation_rules: - *steveej age: - *sj-bm-hostkey0 + - path_regex: ^secrets/steveej-x13s-rmvbl/.+$ + key_groups: + - pgp: + - *steveej + age: + - *steveej-x13s-rmvbl diff --git a/flake.lock b/flake.lock index af15232..86a3f52 100644 --- a/flake.lock +++ b/flake.lock @@ -293,22 +293,6 @@ "type": "github" } }, - "magmawm": { - "flake": false, - "locked": { - "lastModified": 1703542178, - "narHash": "sha256-HuCAz+B+cg7HoEEL67heaYRc8zmQCnPBR+DgmuiIZBk=", - "owner": "MagmaWM", - "repo": "MagmaWM", - "rev": "24dc21f228efb034cd0237fb5ff9a8310f1929b7", - "type": "github" - }, - "original": { - "owner": "MagmaWM", - "repo": "MagmaWM", - "type": "github" - } - }, "nix-eval-jobs": { "inputs": { "flake-parts": "flake-parts_3", @@ -663,7 +647,6 @@ "flake-parts": "flake-parts", "get-flake": "get-flake", "jay": "jay", - "magmawm": "magmawm", "nixos-anywhere": "nixos-anywhere", "nixpkgs": [ "nixpkgs-2311" diff --git a/flake.nix b/flake.nix index ba852b7..691edf1 100644 --- a/flake.nix +++ b/flake.nix @@ -59,11 +59,6 @@ flake = false; }; - magmawm = { - url = "github:MagmaWM/MagmaWM"; - flake = false; - }; - salut = { url = "gitlab:snakedye/salut"; flake = false; @@ -127,7 +122,7 @@ // ( let router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations; - steveej-x13s = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations; + steveej-x13s-rmvbl = (inputs.get-flake ./nix/os/devices/steveej-x13s-rmvbl).nixosConfigurations; retro = (inputs.get-flake ./nix/os/devices/retro).nixosConfigurations; in { @@ -140,7 +135,8 @@ # nixos-install --flake .\#retro_cross retro_cross = retro.cross; - steveej-x13s_cross = steveej-x13s.cross; + steveej-x13s-rmvbl = steveej-x13s-rmvbl.native; + steveej-x13s-rmvbl_cross = steveej-x13s-rmvbl.cross; } ); @@ -194,11 +190,6 @@ # }; # }; - # magmawm = pkgs.callPackage (self + /nix/pkgs/magmawm.nix) { - # inherit craneLib; - # src = inputs.magmawm; - # }; - salut = craneLib.buildPackage { src = inputs.salut; nativeBuildInputs = [ diff --git a/nix/devShells.nix b/nix/devShells.nix index 3f59c5b..d4d5c07 100644 --- a/nix/devShells.nix +++ b/nix/devShells.nix @@ -1,27 +1,27 @@ -{ - inputs', - packages', - pkgs, +{ inputs' +, packages' +, pkgs +, }: pkgs.stdenv.mkDerivation { name = "infra-env"; buildInputs = [ - (with pkgs.callPackage (pkgs.path + "/nixos") {configuration = {};}; - with config.system.build; [ - nixos-generate-config - nixos-install - nixos-enter - manual.manpages - ]) + (with pkgs.callPackage (pkgs.path + "/nixos") { configuration = { }; }; + with config.system.build; [ + nixos-generate-config + nixos-install + nixos-enter + manual.manpages + ]) ] ++ (with pkgs; [ inputs'.colmena.packages.colmena nixos-install-tools dconf2nix inputs'.nixos-anywhere.packages.nixos-anywhere + inputs'.disko.packages.default nurl - just git-crypt vcsh diff --git a/nix/os/devices/sj-bm-hostkey0/configuration.nix b/nix/os/devices/sj-bm-hostkey0/configuration.nix index 76ddb97..f2dd56d 100644 --- a/nix/os/devices/sj-bm-hostkey0/configuration.nix +++ b/nix/os/devices/sj-bm-hostkey0/configuration.nix @@ -1,14 +1,13 @@ -{ - modulesPath, - repoFlake, - packages', - pkgs, - lib, - config, - nodeFlake, - nodeName, - system, - ... +{ modulesPath +, repoFlake +, packages' +, pkgs +, lib +, config +, nodeFlake +, nodeName +, system +, ... }: { disabledModules = [ ]; @@ -52,7 +51,7 @@ programs.zsh.enable = true; users.defaultUserShell = pkgs.zsh; - environment.pathsToLink = ["/share/zsh"]; + environment.pathsToLink = [ "/share/zsh" ]; } ]; @@ -83,52 +82,54 @@ firewall.enable = false; }; - disko.devices = let - disk = id: { - type = "disk"; - device = "/dev/${id}"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1M"; - type = "EF02"; # for grub MBR - }; - mdadm = { - size = "100%"; - content = { - type = "mdraid"; - name = "raid0"; + disko.devices = + let + disk = id: { + type = "disk"; + device = "/dev/${id}"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + mdadm = { + size = "100%"; + content = { + type = "mdraid"; + name = "raid0"; + }; }; }; }; }; - }; - in { - disk = { - sda = disk "sda"; - sdb = disk "sdb"; - }; - mdadm = { - raid0 = { - type = "mdadm"; - level = 0; - content = { - type = "gpt"; - partitions = { - primary = { - size = "100%"; - content = { - type = "filesystem"; - format = "btrfs"; - mountpoint = "/"; + in + { + disk = { + sda = disk "sda"; + sdb = disk "sdb"; + }; + mdadm = { + raid0 = { + type = "mdadm"; + level = 0; + content = { + type = "gpt"; + partitions = { + primary = { + size = "100%"; + content = { + type = "filesystem"; + format = "btrfs"; + mountpoint = "/"; + }; }; }; }; }; }; }; - }; system.stateVersion = "23.11"; @@ -162,8 +163,5 @@ boot.binfmt.emulatedSystems = [ "aarch64-linux" - "i686-linux" - # "i386-linux" - # "i586-linux" ]; } diff --git a/nix/os/devices/steveej-t14/hw.nix b/nix/os/devices/steveej-t14/hw.nix index 419399b..ea1352c 100644 --- a/nix/os/devices/steveej-t14/hw.nix +++ b/nix/os/devices/steveej-t14/hw.nix @@ -1,21 +1,5 @@ { lib, ... }: let - stage1Modules = [ - "aesni_intel" - "kvm_amd" - "nvme" - "nvme_core" - - "thunderbolt" - "e1000e" - - "usbcore" - "xhci_hcd" - "usbhid" - "usb_storage" - "xhci_pci" - "uas" - ]; in { # TASK: new device @@ -103,6 +87,20 @@ in }; hardware.enableRedistributableFirmware = true; - # boot.initrd.availableKernelModules = stage1Modules; - boot.initrd.kernelModules = stage1Modules; + boot.initrd.kernelModules = [ + "aesni_intel" + "kvm_amd" + "nvme" + "nvme_core" + + "thunderbolt" + "e1000e" + + "usbcore" + "xhci_hcd" + "usbhid" + "usb_storage" + "xhci_pci" + "uas" + ]; } diff --git a/nix/os/devices/steveej-t14/system.nix b/nix/os/devices/steveej-t14/system.nix index 3e35163..11a2690 100644 --- a/nix/os/devices/steveej-t14/system.nix +++ b/nix/os/devices/steveej-t14/system.nix @@ -47,6 +47,17 @@ in system = "x86_64-linux"; maxJobs = 32; speedFactor = 100; + supportedFeatures = repoFlake.nixosConfigurations.steveej-t14.config.nix.settings.system-features ++ [ ]; + } + + { + hostName = repoFlake.colmena.sj-bm-hostkey0.deployment.targetHost; + # TODO: make this a reference + sshUser = "nix-remote-builder"; + protocol = "ssh-ng"; + system = "aarch64-linux"; + maxJobs = 32; + speedFactor = 100; supportedFeatures = repoFlake.nixosConfigurations.router0-dmz0.config.nix.settings.system-features ++ [ ]; } ]; diff --git a/nix/os/devices/steveej-x13s/.gitignore b/nix/os/devices/steveej-x13s-rmvbl/.gitignore similarity index 100% rename from nix/os/devices/steveej-x13s/.gitignore rename to nix/os/devices/steveej-x13s-rmvbl/.gitignore diff --git a/nix/os/devices/steveej-x13s-rmvbl/configuration.nix b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix new file mode 100644 index 0000000..6ecdbb8 --- /dev/null +++ b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix @@ -0,0 +1,66 @@ +{ repoFlake +, pkgs +, lib +, config +, nodeFlake +, nodeName +, localDomainName +, system +, ... +}: + +{ + imports = [ + repoFlake.inputs.sops-nix.nixosModules.sops + nodeFlake.inputs.disko.nixosModules.disko + ./disko.nix + + ../../profiles/common/user.nix + + { + nix.nixPath = [ + "nixpkgs=${pkgs.path}" + ]; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + + nix.settings.max-jobs = lib.mkDefault "auto"; + } + + { + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "yes"; + services.openssh.openFirewall = true; + + users.commonUsers = { + enable = true; + enableNonRoot = true; + }; + + sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + } + ]; + + networking = { + hostName = nodeName; + + firewall.enable = true; + + useNetworkd = true; + networkmanager.enable = false; + }; + + system.stateVersion = "23.11"; + + nixpkgs.config.allowUnfree = true; + + environment.systemPackages = [ + pkgs.util-linux + pkgs.coreutils + pkgs.vim + ]; +} diff --git a/nix/os/devices/steveej-x13s/default.nix b/nix/os/devices/steveej-x13s-rmvbl/default.nix similarity index 100% rename from nix/os/devices/steveej-x13s/default.nix rename to nix/os/devices/steveej-x13s-rmvbl/default.nix diff --git a/nix/os/devices/steveej-x13s-rmvbl/disko.nix b/nix/os/devices/steveej-x13s-rmvbl/disko.nix new file mode 100644 index 0000000..e7e0391 --- /dev/null +++ b/nix/os/devices/steveej-x13s-rmvbl/disko.nix @@ -0,0 +1,66 @@ +{ + disko.devices = { + disk = { + voyager-gtx = { + type = "disk"; + device = "/dev/disk/by-id/ata-Corsair_Voyager_GTX_21488170000126002054"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "defaults" + ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "x13s-usb-crypt"; + extraOpenArgs = [ ]; + # disable settings.keyFile if you want to use interactive password entry + #passwordFile = "/tmp/secret.key"; # Interactive + settings = { + # if you want to use the key for interactive login be sure there is no trailing newline + # for example use `echo -n "password" > /tmp/secret.key` + # keyFile = "/tmp/secret.key"; + allowDiscards = true; + }; + # additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/swap" = { + mountpoint = "/.swapvol"; + swap.swapfile.size = "32G"; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s-rmvbl/flake.lock similarity index 58% rename from nix/os/devices/steveej-x13s/flake.lock rename to nix/os/devices/steveej-x13s-rmvbl/flake.lock index be88708..71d8fc6 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s-rmvbl/flake.lock @@ -1,18 +1,51 @@ { "nodes": { + "acamcstephens_stop-export": { + "flake": false, + "locked": { + "lastModified": 1705858695, + "narHash": "sha256-iTIwMsw/cjacCkSzzCwb+nEkpOK/PoPenPHOysWCBSk=", + "ref": "refs/heads/main", + "rev": "8b61e53b83caf55bd374f4ce2b20f1e8012ce2ec", + "revCount": 13, + "type": "git", + "url": "https://codeberg.org/adamcstephens/stop-export.git" + }, + "original": { + "type": "git", + "url": "https://codeberg.org/adamcstephens/stop-export.git" + } + }, + "alsa-ucm-conf": { + "flake": false, + "locked": { + "lastModified": 1705501566, + "narHash": "sha256-Nyr7tjH5VBjocvaKaHCiK+zsjThYBtcr936aRWCBBpM=", + "owner": "alsa-project", + "repo": "alsa-ucm-conf", + "rev": "e87dde51d68950537f92af955ad0633437cc419a", + "type": "github" + }, + "original": { + "owner": "alsa-project", + "repo": "alsa-ucm-conf", + "rev": "e87dde51d68950537f92af955ad0633437cc419a", + "type": "github" + } + }, "brainwart_x13s-nixos": { "flake": false, "locked": { - "lastModified": 1701822673, - "narHash": "sha256-F2LBV8tqGPhEAvmn5Frxj79RPWgPGUYxJRYz8Pn9uj0=", + "lastModified": 1705565623, + "narHash": "sha256-sisr/dFIz8p3/Y7mz+arWxjeiBmUTQkMqkF9j3c2dWE=", "owner": "BrainWart", "repo": "x13s-nixos", - "rev": "ba245df7a72a78ec93aa500ba1a0cb29f0f65f37", + "rev": "29002122d86a1009ba70e7a4ca3063e5404c77a2", "type": "github" }, "original": { "owner": "BrainWart", - "ref": "main", + "ref": "flake", "repo": "x13s-nixos", "type": "github" } @@ -24,11 +57,11 @@ ] }, "locked": { - "lastModified": 1705348229, - "narHash": "sha256-CssPema1sBxZkrT95KFuKCNNiqxNe1lnf2QNeXk88Xk=", + "lastModified": 1705540973, + "narHash": "sha256-kNt/qAEy7ueV7NKbVc8YMHWiQAAgrir02MROYNI8fV0=", "owner": "nix-community", "repo": "disko", - "rev": "d0b4408eaf782a1ada0a9133bb1cecefdd59c696", + "rev": "0033adc6e3f1ed076f3ed1c637ef1dfe6bef6733", "type": "github" }, "original": { @@ -36,27 +69,6 @@ "type": "indirect" } }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "srvos", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1704982712, - "narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "07f6395285469419cf9d078f59b5b49993198c00", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "get-flake": { "locked": { "lastModified": 1694475786, @@ -75,11 +87,11 @@ "linux_x13s": { "flake": false, "locked": { - "lastModified": 1705487080, - "narHash": "sha256-DTOPiUGaeH5Ey+AZaO1c1n/QFikIXmvo2tTzgFtJ70k=", + "lastModified": 1705680516, + "narHash": "sha256-NjCuPYjYHBJcoJR1ZaWQ9sRh0VpY2Y0hawkbUBRfCvk=", "owner": "jhovold", "repo": "linux", - "rev": "dd209a8fb4840e48ca4963bb23057f38b1066a6d", + "rev": "bac95eabe6577faa2773cbe7e91c34fd17ab79a0", "type": "github" }, "original": { @@ -107,50 +119,30 @@ }, "nixpkgs": { "locked": { - "lastModified": 1705316053, - "narHash": "sha256-J2Ey5mPFT8gdfL2XC0JTZvKaBw/b2pnyudEXFvl+dQM=", + "lastModified": 1705641746, + "narHash": "sha256-D6c2aH8HQbWc7ZWSV0BUpFpd94ImFyCP8jFIsKQ4Slg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c3e128f3c0ecc1fb04aef9f72b3dcc2f6cecf370", + "rev": "d2003f2223cbb8cd95134e4a0541beea215c1073", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-unstable", + "ref": "nixos-23.11", "repo": "nixpkgs", "type": "github" } }, "root": { "inputs": { + "acamcstephens_stop-export": "acamcstephens_stop-export", + "alsa-ucm-conf": "alsa-ucm-conf", "brainwart_x13s-nixos": "brainwart_x13s-nixos", "disko": "disko", "get-flake": "get-flake", "linux_x13s": "linux_x13s", "mobile-nixos": "mobile-nixos", - "nixpkgs": "nixpkgs", - "srvos": "srvos" - } - }, - "srvos": { - "inputs": { - "flake-parts": "flake-parts", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1705346686, - "narHash": "sha256-lTf1b2I6wwNDhV5eEKIAMT5DOa43bK5KaPqDWH2yfek=", - "owner": "numtide", - "repo": "srvos", - "rev": "8e03bea707212a7225b0ab02a8186af8b1e98e0a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "srvos", - "type": "github" + "nixpkgs": "nixpkgs" } } }, diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s-rmvbl/flake.nix similarity index 61% rename from nix/os/devices/steveej-x13s/flake.nix rename to nix/os/devices/steveej-x13s-rmvbl/flake.nix index 05b3765..d5eceb3 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/flake.nix @@ -1,13 +1,11 @@ { inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; get-flake.url = "github:ursi/get-flake"; disko.inputs.nixpkgs.follows = "nixpkgs"; - srvos.url = "github:numtide/srvos"; - srvos.inputs.nixpkgs.follows = "nixpkgs"; mobile-nixos.url = "github:NixOS/mobile-nixos"; mobile-nixos.flake = false; @@ -17,9 +15,20 @@ linux_x13s.flake = false; brainwart_x13s-nixos = { - url = "github:BrainWart/x13s-nixos/main"; + url = "github:BrainWart/x13s-nixos/flake"; flake = false; }; + + acamcstephens_stop-export = { + flake = false; + url = "git+https://codeberg.org/adamcstephens/stop-export.git"; + }; + + + alsa-ucm-conf = { + flake = false; + url = "github:alsa-project/alsa-ucm-conf/e87dde51d68950537f92af955ad0633437cc419a"; + }; }; outputs = @@ -31,15 +40,7 @@ let targetPlatform = "aarch64-linux"; buildPlatform = "x86_64-linux"; - nodeName = "steveej-x13s"; - - pkgs = nixpkgs.legacyPackages.${targetPlatform}; - pkgsCross = import self.inputs.nixpkgs { - system = buildPlatform; - crossSystem = { - config = "pentium2-unknown-linux-gnu"; - }; - }; + nodeName = "steveej-x13s-rmvbl"; mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs: nixpkgs.lib.nixosSystem ( @@ -64,21 +65,6 @@ { nix.registry.nixpkgs.flake = nixpkgs; } - - { - nixpkgs.overlays = [ - (final: prev: - { - qrtr = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/qrtr.nix" { }; - qmic = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/qmic.nix" { }; - rmtfs = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/rmtfs.nix" { }; - pd-mapper = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/pd-mapper.nix" { - inherit (final) qrtr; - }; - compressFirmwareXz = prev.lib.id; #this leaves all firmware uncompressed :) for pd-mapper - }) - ]; - } ] ++ extraModules; } @@ -155,56 +141,76 @@ defconfig = "johan_defconfig"; }; - uncompressed-fw = pkgs.callPackage - ({ lib, runCommand, buildEnv, firmwareFilesList }: - runCommand "qcom-modem-uncompressed-firmware-share" - { - firmwareFiles = buildEnv { - name = "qcom-modem-uncompressed-firmware"; - paths = firmwareFilesList; - pathsToLink = [ - "/lib/firmware/rmtfs" - "/lib/firmware/qcom" - ]; - }; - } '' - PS4=" $ " - ( - set -x - mkdir -p $out/share/ - ln -s $firmwareFiles/lib/firmware/ $out/share/uncompressed-firmware - ) - '') - { - firmwareFilesList = lib.flatten options.hardware.firmware.definitions; - }; - linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s; dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/sc8280xp-lenovo-thinkpad-x13s.dtb"; dtbName = "x13s63rc4.dtb"; + + x13_firmware = { stdenvNoCC, fetchFromGitHub }: + stdenvNoCC.mkDerivation { + pname = "x13s-extra-firmware"; + version = "1.0.0"; + + src = fetchFromGitHub { + owner = "ironrobin"; + repo = "x13s-alarm"; + rev = "efa51c3b519f75b3983aef67855b1561d9828771"; + sha256 = "sha256-weETbWXz9aL2pDQDKk7fkb1ecQH0qrhUYDs2E5EiJcI="; + }; + + dontFixup = true; + dontBuild = true; + + installPhase = '' + mkdir -p $out/lib/firmware/qcom/sc8280xp/LENOVO/21BX + cp x13s-firmware/qcvss8280.mbn $out/lib/firmware/qcom/sc8280xp/LENOVO/21BX/ + ''; + }; + in { + nixpkgs.overlays = [ + (final: prev: + { + qrtr = final.callPackage "${self.inputs.acamcstephens_stop-export}/hardware/x13s/qrtr/qrtr.nix" { }; + pd-mapper = final.callPackage "${self.inputs.acamcstephens_stop-export}/hardware/x13s/qrtr/pd-mapper.nix" { + inherit (final) qrtr; + }; + + x13s_alsa-ucm-conf = prev.alsa-ucm-conf.overrideAttrs (prev: { + src = self.inputs.alsa-ucm-conf; + }); + } + ) + ]; + boot = { loader.systemd-boot.enable = true; loader.systemd-boot.extraFiles = { "${dtbName}" = dtb; }; - loader.efi.canTouchEfiVariables = true; + loader.efi.canTouchEfiVariables = false; loader.efi.efiSysMountPoint = "/boot"; + blacklistedKernelModules = [ "wwan" ]; + kernelPackages = linuxPackages_x13s; kernelParams = [ + "dtb=${dtbName}" + "boot.shell_on_fail" + + # jhovold recommended + "efi=noruntime" "clk_ignore_unused" "pd_ignore_unused" "arm64.nopauth" - "cma=128M" - "nvme.noacpi=1" - "iommu.strict=0" - "dtb=${dtbName}" + + # blacklist graphics in initrd so the firmware can load from disk + "rd.driver.blacklist=msm" ]; + initrd = { includeDefaultModules = false; availableKernelModules = [ @@ -231,39 +237,65 @@ "phy-qcom-snps-femto-v2" "phy-qcom-usb-hs" "nvme" + + "usbcore" + "xhci_hcd" + "usbhid" + "usb_storage" + # "xhci_pci" + "uas" ]; }; }; - # power management, etc. - environment.systemPackages = with pkgs; [ - qrtr - qmic - rmtfs - pd-mapper - uncompressed-fw - ]; - environment.pathsToLink = [ "share/uncompressed-firmware" ]; - # ensure the x13s' dtb file is in the boot partition - system.activationScripts.x13s-dtb = '' - in_package="${dtb}" - esp_tool_folder="${efi.efiSysMountPoint}/" - in_esp="''${esp_tool_folder}${dtbName}" - >&2 echo "Ensuring $in_esp in EFI System Partition" - if ! ${pkgs.diffutils}/bin/cmp --silent "$in_package" "$in_esp"; then - >&2 echo "Copying $in_package -> $in_esp" - mkdir -p "$esp_tool_folder" - cp "$in_package" "$in_esp" - sync - fi - ''; + # default is performance + powerManagement.cpuFreqGovernor = "ondemand"; hardware.enableAllFirmware = true; hardware.firmware = [ pkgs.linux-firmware + + (pkgs.callPackage x13_firmware { }) (pkgs.callPackage "${self.inputs.brainwart_x13s-nixos}/pkgs/x13s-firmware.nix" { }) ]; + + systemd.services.pd-mapper = { + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + ExecStart = "${lib.getExe pkgs.pd-mapper}"; + Restart = "always"; + }; + }; + + # bind mount over existing alsa-ucm-conf + # this is just config, but is in the critical path for lots of packages + # systemd.services.x13s-alsa-conf = { + # wantedBy = [ "multi-user.target" ]; + + # serviceConfig = { + # Type = "oneshot"; + # RemainAfterExit = true; + + # ExecStart = "${pkgs.util-linux.mount}/bin/mount -o bind ${pkgs.x13s_alsa-ucm-conf}/share/alsa ${pkgs.alsa-ucm-conf}/share/alsa"; + # ExecStop = "${pkgs.util-linux.mount}/bin/umount ${pkgs.alsa-ucm-conf}/share/alsa"; + # }; + # }; + + systemd.services.bluetooth = { + serviceConfig = { + # disabled because btmgmt call hangs + # ExecStartPre = [ + # "" + # "${pkgs.util-linux}/bin/rfkill block bluetooth" + # "${pkgs.bluez5-experimental}/bin/btmgmt public-addr ${cfg.bluetoothMac}" + # "${pkgs.util-linux}/bin/rfkill unblock bluetooth" + # ]; + RestartSec = 5; + Restart = "on-failure"; + }; + }; }; }; }; diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix deleted file mode 100644 index 8bbc5c9..0000000 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ repoFlake -, pkgs -, lib -, config -, nodeFlake -, nodeName -, localDomainName -, system -, ... -}: - -{ - imports = [ - # repoFlake.inputs.sops-nix.nixosModules.sops - - # ../../profiles/common/user.nix - - { - nix.nixPath = [ - "nixpkgs=${pkgs.path}" - ]; - - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - - nix.settings.max-jobs = lib.mkDefault "auto"; - nix.settings.cores = lib.mkDefault 0; - } - - { - services.openssh.enable = true; - services.openssh.settings.PermitRootLogin = "yes"; - - # users.commonUsers = { - # enable = true; - # enableNonRoot = false; - # rootPasswordFile = config.sops.secrets.passwords-root.path; - # }; - - users.users.root.password = "install"; - - # sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; - # sops.defaultSopsFormat = "yaml"; - - # sops.secrets.passwords-root.neededForUsers = true; - } - ]; - - networking = { - hostName = nodeName; - useNetworkd = false; - - networkmanager.enable = false; - - firewall.enable = false; - }; - - system.stateVersion = "23.11"; - - # We exclude a number of modules included in the default list. A non-insignificant amount do - # not apply to embedded hardware like this, so simply skip the defaults. - # - # Custom kernel is required as a lot of MTK components misbehave when built as modules. - # They fail to load properly, leaving the system without working ethernet, they'll oops on - # remove. MTK-DSA parts and PCIe were observed to do this. - - # boot.initrd.includeDefaultModules = false; - # boot.initrd.kernelModules = ["rfkill" "cfg80211" "mt7915e"]; - # boot.initrd.availableKernelModules = ["nvme"]; - - nixpkgs.config.allowUnfree = true; - - # hardware.enableRedistributableFirmware = true; - - environment.systemPackages = [ - pkgs.busybox - ]; - - fileSystems."/".label = "x13s_root"; -} diff --git a/secrets/shared-users.yaml b/secrets/shared-users.yaml index c081ae5..e423eb6 100644 --- a/secrets/shared-users.yaml +++ b/secrets/shared-users.yaml @@ -16,82 +16,100 @@ sops: - recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlbG5RWWVBZ2JZOXlENDVr - M3lCdEc4RnVwWlZJZXY5RGJ5aEFmcmlmK0hFCnNFSHliMHZyWTBLZG5ub2hPSy93 - dDNoWmgvTEhQdUdWL1dEbDZpRnBacFUKLS0tIFpjdVZBZjhRdll2TGdKdFVQTzVp - UDV5bXpzWXNzMTQwTkZPVjc0ckNUUFEKwYIl0ErBjh83ogRau2mYzkivxruLKQXj - eEQgNMf/xdWZ76OAKDwCF/7zmCSeT2UYoJFCfYtnMw7OxwOCyvPIOg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlanJ3b29Ed2Q3Y2I3SWRt + TlpTRFpMT3FhOUl0dGZGMW1lU3pQNW95bkZjCjY0bXV4Q2dBQjd6emZRdlczQ0F6 + V3RvbklucGhzbGpPUzJ4K3FrNzJ2SVEKLS0tIFRlWWRBNk1HdllsZzNQZDIwa2N6 + bUpjR0ZzNVd5dEpEZUJCSnVUWVJtSzAKb2dEX133nceasBIwgd8q6x6WWPCQ0Ukg + Rmsbi5u1SYrZr3544sVoo0PvkU7gT9Fh4/LOy9oPpJSEcTXf5DMzjQ== -----END AGE ENCRYPTED FILE----- - recipient: age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAramZoZmdSOFdoWEttNndT - RHVWUC9RekVVL21iQVA5Z3JvajliSVZVNVNFCjhiMkdGOXNTa2FnVStUTVRVZm1s - Y1ZVdGFnZ0I2VGYxTW1Wakt5Znd3NXcKLS0tIERvVjFySDJDU3lRNGlpL3pYRWwy - UU0ybTRsSVlBaFV2d2xqVTc5Q1lNQWcKUti+W3HLneDzq/VI5yPBsTPyDUAUYL6U - tO1SMC8xBVbgzlFQtM84gYCE8ATxvwOJV+8wNrcHdWXQ8AJLF9UwPA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkRjBHQ2lDYmhsei84STdk + eUVOdWZGOTJMR1JwbHB2ek5mRzVVdkJuU0ZjCmk2NUttVjgwTk42OUtxVStVMEFK + VFo0RFRyR3RJa2VJSm95NVV3dm5YL3MKLS0tIExGQUlhS3RDMjRHejRaZ01BQWZ1 + U0pZR3BzakVmUW1QNGhsQkNQMk1NY00KR3ZP/WB3sMNoWi13mjMqgnZuM8tnIjty + QHgwav0qOkcQqdYSfOY/DxmPgTG0CKroqRXY8Hk72Y/UH2HpyIptnQ== -----END AGE ENCRYPTED FILE----- - recipient: age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2ZXpGREZxdzREU0tSV1Nu - ZnVONGdxU0VBb3RXY21pTEJVWUw3aUV1UG5ZCmZYcXVzdUgzalFvdXR1Q0FESENF - Q0VDSmlqbGRxemlGYVRQN2NQcGU3VEEKLS0tIFp1N2V6V3dkeWVpRGtrTzhyNUFE - TUdFcXpEbnpmdTlWM1I3UTBYSFo5UnMKJm4gkNDHnCujMk+i46hGEMoQWEs9IBRM - /Lb1BpHA+5BB0LB6yL1VkXttSBNp69s5LN/EgdvTnZ7qL4/KqhwvMg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3UUs4dTFIcXVvZ285N1A1 + MmhleE50YXVGaDg0QlZsUWZNam4wYjRwL1FVClNBUm9GcWNvUitYSnBla1dIeDFl + SmZKMzBQTWpSdGRPcDVlTmRjQzZxNWcKLS0tIFh2UGJtMHdZTXo1N2lzckM3YXRl + NmZpcGRLVmZsYjkwZkJ2NEk5dzlmY0EKtxNY7qvh5ErrAhRcQHVnDc1orsYlLGCS + 8uLSOapuC8W6EH6w6aewQiggKBjDmECpNo7VyXfbURfaOk4o8uqg3A== -----END AGE ENCRYPTED FILE----- - recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxSk9GbVpxaHJPUGY4U3hu - K3hpbzhkMWVJNHIrNWVPRUphcjkvY0h1cWpnCkxYTmtiWjk2QktxSHJON01XRGJD - MDZZZlB3dU9NbXN4RHRMc2ZRTHdERE0KLS0tIFJpdUhWdm1INFU3eU96NFN3OFk1 - Z2dMQ2xGOTJCcXdCU0FFdVJjQVIwK1EKHLo6YIsfKAwQ/yBQvS1icIAS6W7AwABw - d5hD2G0KVJK66HnYWuQALQbuWh2i0OA2fNAywcKe4R5ACN5M8TKHew== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUEFIb3VmZVE2Q1NheGEx + YmdscFdEYThQa29jTEdzdjZlK1U2WFlUY3dVCm1CUmlMY21pMXRGTXY4RDZ3cE1p + UUxNMEozQndUaTNGUlVrK0pKWC9WODAKLS0tIG1wSnNEZVUvakkxZS8yaklpWlNH + MFZkc2Z4M1FNdWZkdmwvQVpiRDFtbTQKbnNBlKnsNiL6BeSC9AoGx6IVeOyvB5IH + mP6aBQHyOBMgGql2+WHLdjBS5qEeR43jZbWNKiTnt8lnnfj7GVgiPA== -----END AGE ENCRYPTED FILE----- - recipient: age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3dEttcnphWlVpbTdET1pY - L2RxWkx2VWVxZ21URE53MFg1cVFpTkwxN1N3CmJSRk1DY2JkZk5DMlUvZFp5RXNw - YWh0Q1FxTUJwTWNVY09NTTdSRHEzM1UKLS0tIEREeGY4M2J1QWZUTThhTWxoOUVX - QVJSemJ4eldSbGU4dWZtU1hRNi9VQk0KhT8lL2mk8J/uZ0dECGbi14Se2cC7l6AK - yWgNHggdrPcSvHH/A2u1yUdfQCU36yEvoxAwa8y/uQW3lgU35iVT+g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1NTlhSXRFN1ZrYjZGdXlG + dDBlVUxJd0FlQnpETkJSbHppNGlncEp1emhRCjRLMkEvbXRkampwcWxvNnhRRVhY + dWlQWWI5YXJQMmR3cWxOVUtneWRDRFkKLS0tICt6ZEF3cHg0SUxES243TzdFcnVS + bkgrWklIbFFrRHdHZGdvMGlHTGNXUkEKUuT35aX71q+KBXozpoGWcHeSs0g70kyY + yo5uuD6Ay4QlNtdfeOYmsyg8iikOrpw5Mer2vsSTWGbszy8p1+93Pw== -----END AGE ENCRYPTED FILE----- - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuT29LTzAxcHZPd0VFa2pG - ZVJ6K2tiT2V3MDJlakpjZ1puczFWZEdORFJNCitNRzViZHU4ZTRXMmJZYUZqRHJ2 - aDZtRlAyMDdOUHoxbWJ1c0JHaURXSlEKLS0tIHpnRitqc1BmV3FyUjZQcGtZZUtG - dXRPaEJna0duZDVLZVRpODM2enpiUmcKWLmGdJzLZ6UMcGRAzCb/UmsHl1Q+FQgk - IPTiCyyun+1JjWMSXC/z7rf2LFuvWvPPxHOChnYivBD60BYMgHJ8Sg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUSzR0SFJPSjBVQVlCcFBT + ajMwNUFzZWwzMDkzTHh0anJETnVicWdiVFJJClRSVi9MbjdKcUUvRVFyby9RSVdk + VHpxbnBuQll3QzQwUERCNXdQOCtZSE0KLS0tIDBhbW1YU2c5YVpwUVMwY2EwVjRD + dk1uTzNZN1hnT2NHU29EN2FsQ1pUQVEK+cpcftNnD8HhLimsrp+YDLwurUZqENkQ + HX45h7tC7J6R0+w8A/1nfY1gsST/asgJhSGjroB+EdsP2aGUCUiNyA== + -----END AGE ENCRYPTED FILE----- + - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6bXZsYnYzMC8wQnhMUGpu + TVFKWkFTU1U0VTFDeUlaR2dzZzN6WG9ueFQ4CnFYMWpoUGFPbkZRTUtSN2ZnelFJ + Nk1CdjVTbnY3aG1FNVZrY3hQYmRGalEKLS0tIERsd2xvaStod1N4eHg3eTIxSlUy + NERKTEZpSkV3N2wxWTlVazhNdFk2NDQKt+omfSoPJQvohV4aED0HYMXwFKMq25lB + 9+gB0BJDYe7btIUuFr861EDWx+D32gBtbpRsyAitNJKc9NlZ4VLWuw== -----END AGE ENCRYPTED FILE----- - recipient: age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXN1hoQWdERDRTN0lJM0pI - RWcvZXVPN3ljd0h0QTA1SmN6dlorVi9vWjNNCmhscXhNTmhBVlZZN3VzdzFnRWNt - VTlTUGk0RnRIaHF2bnBPeFpOVHY4RGsKLS0tIDA5MjVFZnU3bTE3bHZZSzJJQmpD - NEJkTStUaWVzZTNpKzZNTnRmR0tJUGsKBsVqJ0Xg8qWHGb2IDJXrEq4k4LgQFhQS - HrVF7MAwE/WSnGRhh/V8osej3QHW4vLg37IjaT6v+hCcBOiJeCqg5g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXc0dETndkQVFwa2FwUUtj + aHNNaG5rS2VvamRtVDR1Rm1ubXFaR2NWa0RzCmdLbTFFUzlrZ01KWTY5Uk9uWTAy + Ym1kRXp4bWM1QUs2d1BwcE1WTEsyY3cKLS0tIG5qVm84WGlGVDlDWUVHWGNrcXJQ + NHR6S3pPRFhWemNWM0FMSjZpbXkzN0UKoTE6GuckP7QwuCQ8gZgitmW0URtG57u6 + VuWmt7vpSuutHJmccODDpFg4iJKC8SKIeUoQANKsnBJf/uZhDaG42Q== + -----END AGE ENCRYPTED FILE----- + - recipient: age1hkta9w0yawwwwchapemkygzxkrv7vx759vrafgrjhm63spckwstque8x97 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsM2ptZVl5R0tybkU1bHJp + ams0OENxU21FZDJjNkZNQUlteDF3RHBoOWpZCjFNUXhzMzhXR1FhUmxnSFAzcnVK + NVZONlNkVVdGcUNtZyszT1liOVdtOVUKLS0tIDZIR2NMWGVJclhqeitqN1V3endv + Z0wzT0hweEVML2plRTkzaFZsWHJHY2MKTcX84PLdHpuGzUn2v7r5gJLp9ZBhgLu6 + WI1KWIwbYj91hsoHjUH4lW0Xv7/mVLrON9wOQuOuyuVeDfP7GQ73qA== -----END AGE ENCRYPTED FILE----- lastmodified: "2023-07-06T20:14:22Z" mac: ENC[AES256_GCM,data:GPWu5DjjJ1ki+HRuedGdDCt+2V0RPbOsD/yWJxPIkgu5923vnF8y9y4V6e6+ZsTqHv4hsKeCjKtUnh2Ldn+xadwJmqrIxyJ8NzH5TOvcBxAab9cJCp/yKENw0O1WMUTlDPelvQKMDwbgiebaVVfxbQPUEfJGOgkHkyXrgqN94FU=,iv:h9YALYahUl7mRJmZKjArEfaMrfW9YZkVYd2CEooF13Q=,tag:wotqxup/ouG/bEVOZCs19w==,type:str] pgp: - - created_at: "2023-11-23T20:47:07Z" + - created_at: "2024-01-22T09:16:19Z" enc: |- -----BEGIN PGP MESSAGE----- - wcBMA0SHG/zF3227AQf/Y907bW+LYWHAT8FPF12f8+GvUy744+9sMZe3oSX1ML9F - JOEjxSOs9OCWM79qBIMI6Nets3lV1eEoR8eG74jcIwNPQMfQn/U4hHtJM9Nq4yI7 - 1FLQEfGZcuSMUk2/1c/9lEi+Sye9W+9ZYGUIcvBu1ksPmZpJT/BVOaNc8xWe1hzY - FmEzwaWAPaxSH1EM3KnPhxezzn76DxjDKc4iMNi+5UoAIT2cssbdckf5uDaTa3CE - 6GrfR9//5ldsPqineM2MHeEMHgn+mlVYmpiXNBCfcMfEi81o6l5nmNjy1qjABEKC - 254kSW+vMFOhdH6AZvJ/21z/3aUTwMM2mFEti/nh4dJRAWNWEymviIC1o2esJ9K6 - 77xHv4pEIEahuBcHLBbeBK3AYYqJxcZr5BhIqGAir8OlCOaXzRsN5ElzmVS+Hoib - t04nfgpuRfKyso0zrndvLwDn - =lmD0 + wcBMA0SHG/zF3227AQf/WsDFXBatZSxOmQWVGXw0MOeC2QOKaUo5if7C4Z0d+cMg + AyEmUMFcU3KkTFTqjqSqjA/9k/AJiqJxQkXqcSVHT4z3vNdGzrWVsJI4fimmumFZ + Hcc7hIgkBK1THkTkoOr3G3WRHJ/J4nZmABycWSt1kF1FdnHnXo8bXh25Sk+Ellt2 + +SlaC8NAZtd2P6L3ZxQYFUud3mc6/uUV5GTkZ7RisjMnAEVF5BbvzSAlAj7fh4Ph + ZJxMLzVnqQHrN+U/0WuFtL8KJaCF9zecxQxzaM/Zf/Sa5x4fsoqsjmMPhtwQMvC5 + ehiXSoVYETuJylSQF+N44V46/lrO6qqnIi+5NqqC2NJRAXH01P/bMQfW5M6AqQgJ + muPztPFjBL46D3wVo6Hg0JL6ag5DV4/mjTOpEiiGUHKxTDxFwlNYRQQX2EHnBHFb + Otf7rnrSdA+I9GqEpCNkzdbi + =pR8T -----END PGP MESSAGE----- fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B unencrypted_suffix: _unencrypted diff --git a/secrets/steveej-x13s-rmvbl/secrets.yaml b/secrets/steveej-x13s-rmvbl/secrets.yaml new file mode 100644 index 0000000..7b2d3ec --- /dev/null +++ b/secrets/steveej-x13s-rmvbl/secrets.yaml @@ -0,0 +1,46 @@ +hello: ENC[AES256_GCM,data:9dO0Gd4YDDxWHHBYtdomfK8BJnBZC+SQYfUvTAkCq9sOO/ZH/bFhN0Fl/NvLzQ==,iv:m1TZ9PGjsoMo7NA9EHrLb0tCtIl98E3OEN1bkpZZxXY=,tag:Gup/pACLIXGXu8KEyzmfWg==,type:str] +example_key: ENC[AES256_GCM,data:EQ+uewu8+17QhrbIHg==,iv:N9i1tCT5IHz5WYbqyF0AIqCq/c67uPMiavUxt0Eb2Oc=,tag:UwOrM3cOLYMxIe80GenljA==,type:str] +#ENC[AES256_GCM,data:qZzxU9ai1z/5f3gxHrR5Dq56,iv:ccvxVS693K9Jjp/YIesWo8kemtkCSFWHJlJposcmXt0=,tag:FQUUPO+ydScUVZWH89vEew==,type:comment] +#ENC[AES256_GCM,data:Il5rKFCgUQERmLqSEOnzoQ==,iv:ALxNqdu/MgDdPyiEsq0Qgb/5bOBS3OgIWf0ZOUbGLJg=,tag:u4vJ7Y6iwa1Na5FIebrVow==,type:comment] +example_array: + - ENC[AES256_GCM,data:yMM0kfvv4WI/reWLuM8=,iv:51XoWYOFLAbhIzejbWBwIpi2JVhQZIivLt4HVJtXPpA=,tag:J9C7NwdVOoocGKWUvUAOSQ==,type:str] + - ENC[AES256_GCM,data:Tg1bRwtydMuaLvnvTDc=,iv:8c44EM1U5tqD8Mn8Fg37MyASi+xv78BB+8AjG59tzXE=,tag:OvxU9x0pZbjW9j/DQMahFg==,type:str] +example_number: ENC[AES256_GCM,data:DhzIPdpqm/p1pQ==,iv:ZWkBTeuyaXVzffEVGuw1xxi+ekiSGyspE9PeBNRRm1k=,tag:Qq1/Wo3XY+Y2u5luxxxTeA==,type:float] +example_booleans: + - ENC[AES256_GCM,data:ZA6WIQ==,iv:gkQnXrVZiP6Yj4SVdtM09Jmpebb11998tv3y/P5pvqE=,tag:ujwkH9l6/+1W4IeDu3HBFw==,type:bool] + - ENC[AES256_GCM,data:YcDPFAc=,iv:r9gBG5YIq5Sgs6/HWRWjBJZ8TrlXDxnAZN1PRBVIq8k=,tag:TTP0tsiPsPsd6BjkScCRbQ==,type:bool] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1hkta9w0yawwwwchapemkygzxkrv7vx759vrafgrjhm63spckwstque8x97 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDWk1LS3A0NENRZk1HZm8x + dW1PNkxZV1ZWdStzb2M5MzRRNmJmUXcvakJJCnpwVlZRV3FHVDNUbURSMWZXY3k2 + NUliMUpNT3kreEZITjR3dDdrU2MvVkEKLS0tIFp5U2tCa3V5NWhqWHgzdDR5RG9D + SmxNVk45UklhUjRYc2pTVy9FWFBhQUUK1QMqDCIZnyyzJhUb0TBgheW2P6lAUTQe + KLhYqTRuo5/zS5C2uANa028CNGWJVOoEgKEw3xjHz0pvSkT5JkI8WQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-01-22T09:20:19Z" + mac: ENC[AES256_GCM,data:Mmo5XJaMIDZ0sqKyn7oK+l6XdrTyA0NuF8tueLEKSdSCFxr2TJjroyojsybrYKehp5rrW1rT8cWWld2wXEEr+txsMCzIrlDqyerkcsu7ioMJb7ihRyXATBzdBOfUTq/8iLLc9gE9uRaMbeNOrglF0nxS+VtwOmst/z6fl7wC0+Q=,iv:t+dSzeBBhVfPo2efHM4iWIE/DHTDAm917kZrV1UxV0I=,tag:+CPkO6bbWqMzWBs16HT8GA==,type:str] + pgp: + - created_at: "2024-01-22T09:20:12Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcBMA0SHG/zF3227AQgApMVbQc+4BUc/7ima51XMJzIBA93SOLOCmyn2J9tLG/V/ + ZM6fmWyiLvCRowA0nLt19DYnaRrEXTcRlvBPs/RIx6Fmq4260ZvyPN7Fea6ltVOL + EhG5IJHaweUhXMi6UV2/6vuTBbQsLzWK8xl6bZNCVFWB/JiLrHzukWpE4ACeqD0Y + P/428L4XCW05DkltQdfQrn2bIlf/6c/itvepRr1tHFr8ABuBM/g4hSg/nFyHlrH3 + CtrdPSQBopZxhVv4MoHPWSQ6jGjrmqumc6gyNGa1Ugry3FmuFmdlMAoUsQtG/cU1 + ORM/CvKwxLZU+qifm8QU4BO+0Gw/nhLrYfX0/EWsmtJRAQJt51PK3t/nXUTE47sT + lz+zPgpT/Sz9E/wKH3yAq9RuXKKtwc7oRJS+NHuv10YPIkhVejSjvmsGEKezU1ed + 6BsZrcVnaQt+SdmUOEuP/iRF + =8elR + -----END PGP MESSAGE----- + fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B + unencrypted_suffix: _unencrypted + version: 3.7.3 From 36e3f3724500a770bef089dbf5efaf8ab4e4aff9 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 22 Jan 2024 14:51:46 +0100 Subject: [PATCH 008/305] x13s: fiddle with modules because of screen blanking issues --- .../steveej-x13s-rmvbl/configuration.nix | 11 ++ nix/os/devices/steveej-x13s-rmvbl/flake.lock | 14 +- nix/os/devices/steveej-x13s-rmvbl/flake.nix | 171 ++++++++++-------- 3 files changed, 118 insertions(+), 78 deletions(-) diff --git a/nix/os/devices/steveej-x13s-rmvbl/configuration.nix b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix index 6ecdbb8..14d206e 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/configuration.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix @@ -45,6 +45,13 @@ } ]; + hardware.thinkpad-x13s = { + enable = true; + + # TODO: use hardware address + bluetoothMac = "65:9e:7a:8b:86:28"; + }; + networking = { hostName = nodeName; @@ -59,8 +66,12 @@ nixpkgs.config.allowUnfree = true; environment.systemPackages = [ + pkgs.sshfs pkgs.util-linux pkgs.coreutils pkgs.vim + + pkgs.git + pkgs.git-crypt ]; } diff --git a/nix/os/devices/steveej-x13s-rmvbl/flake.lock b/nix/os/devices/steveej-x13s-rmvbl/flake.lock index 71d8fc6..385f8dd 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/flake.lock +++ b/nix/os/devices/steveej-x13s-rmvbl/flake.lock @@ -1,13 +1,13 @@ { "nodes": { - "acamcstephens_stop-export": { + "adamcstephens_stop-export": { "flake": false, "locked": { - "lastModified": 1705858695, - "narHash": "sha256-iTIwMsw/cjacCkSzzCwb+nEkpOK/PoPenPHOysWCBSk=", + "lastModified": 1705876512, + "narHash": "sha256-nvBqLyi8dMQf3xnROwEcUv4iqV55Mr8S8OGYepu14i4=", "ref": "refs/heads/main", - "rev": "8b61e53b83caf55bd374f4ce2b20f1e8012ce2ec", - "revCount": 13, + "rev": "388684db5b529bbd6f3e948cf175df089eb09766", + "revCount": 14, "type": "git", "url": "https://codeberg.org/adamcstephens/stop-export.git" }, @@ -28,8 +28,8 @@ }, "original": { "owner": "alsa-project", + "ref": "master", "repo": "alsa-ucm-conf", - "rev": "e87dde51d68950537f92af955ad0633437cc419a", "type": "github" } }, @@ -135,7 +135,7 @@ }, "root": { "inputs": { - "acamcstephens_stop-export": "acamcstephens_stop-export", + "adamcstephens_stop-export": "adamcstephens_stop-export", "alsa-ucm-conf": "alsa-ucm-conf", "brainwart_x13s-nixos": "brainwart_x13s-nixos", "disko": "disko", diff --git a/nix/os/devices/steveej-x13s-rmvbl/flake.nix b/nix/os/devices/steveej-x13s-rmvbl/flake.nix index d5eceb3..a60ced8 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/flake.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/flake.nix @@ -19,7 +19,7 @@ flake = false; }; - acamcstephens_stop-export = { + adamcstephens_stop-export = { flake = false; url = "git+https://codeberg.org/adamcstephens/stop-export.git"; }; @@ -27,7 +27,7 @@ alsa-ucm-conf = { flake = false; - url = "github:alsa-project/alsa-ucm-conf/e87dde51d68950537f92af955ad0633437cc419a"; + url = "github:alsa-project/alsa-ucm-conf/master"; }; }; @@ -90,8 +90,24 @@ let # TODO: introduce options for these kernelPdMapper = true; + cfg = config.hardware.thinkpad-x13s; in { + options.hardware.thinkpad-x13s = { + # TODO: respect this + enable = lib.mkEnableOption "x13s hardware support"; + + bluetoothMac = lib.mkOption { + type = lib.types.str; + description = "mac address to set on boot"; + }; + + bluetoothMacAddr = lib.mkOption { + default = "00:00:00:00:00"; + type = lib.types.str; + }; + + }; config = let inherit (config.boot.loader) efi; @@ -117,13 +133,18 @@ QCOM_TSENS = lib.mkForce yes; NVMEM_QCOM_QFPROM = lib.mkForce yes; ARM_QCOM_CPUFREQ_NVMEM = lib.mkForce yes; - } // lib.optionalAttrs kernelPdMapper { - QCOM_PD_MAPPER = lib.mkForce yes; - QRTR = lib.mkForce yes; + VIRTIO_PCI = lib.mkForce module; + # forthcoming kernel work: QCOM_PD_MAPPER = lib.mkForce module; }; } ]; + qrtr = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/qrtr.nix" { }; + pd-mapper = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/pd-mapper.nix" { + inherit qrtr; + }; + + # We can't quite move to mainline linux linux_x13s_pkg = { buildLinux, ... } @ args: buildLinux (args // rec { @@ -142,48 +163,43 @@ }; linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s; - dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/sc8280xp-lenovo-thinkpad-x13s.dtb"; + dtbName = "sc8280xp-lenovo-thinkpad-x13s.dtb"; + dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/${dtbName}"; - dtbName = "x13s63rc4.dtb"; - - x13_firmware = { stdenvNoCC, fetchFromGitHub }: - stdenvNoCC.mkDerivation { - pname = "x13s-extra-firmware"; - version = "1.0.0"; - - src = fetchFromGitHub { - owner = "ironrobin"; - repo = "x13s-alarm"; - rev = "efa51c3b519f75b3983aef67855b1561d9828771"; - sha256 = "sha256-weETbWXz9aL2pDQDKk7fkb1ecQH0qrhUYDs2E5EiJcI="; - }; - - dontFixup = true; - dontBuild = true; - - installPhase = '' - mkdir -p $out/lib/firmware/qcom/sc8280xp/LENOVO/21BX - cp x13s-firmware/qcvss8280.mbn $out/lib/firmware/qcom/sc8280xp/LENOVO/21BX/ - ''; - }; + x13s_alsa-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs (prev: { + src = self.inputs.alsa-ucm-conf; + }); + alsa-ucm-conf-env.ALSA_CONFIG_UCM2 = "${x13s_alsa-ucm-conf}/share/alsa/ucm2"; in { nixpkgs.overlays = [ (final: prev: { - qrtr = final.callPackage "${self.inputs.acamcstephens_stop-export}/hardware/x13s/qrtr/qrtr.nix" { }; - pd-mapper = final.callPackage "${self.inputs.acamcstephens_stop-export}/hardware/x13s/qrtr/pd-mapper.nix" { - inherit (final) qrtr; - }; + x13s_extra-firmware = pkgs.callPackage + "${self.inputs.adamcstephens_stop-export}/hardware/x13s/extra-firmware.nix" + { }; - x13s_alsa-ucm-conf = prev.alsa-ucm-conf.overrideAttrs (prev: { - src = self.inputs.alsa-ucm-conf; - }); + inherit qrtr pd-mapper; } ) ]; + # ensure the x13s' dtb file is in the boot partition + # TODO:: is this needed for the VT display somehow? + system.activationScripts.x13s-dtb = '' + in_package="${dtb}" + esp_tool_folder="${efi.efiSysMountPoint}/" + in_esp="''${esp_tool_folder}${dtbName}" + >&2 echo "Ensuring $in_esp in EFI System Partition" + if ! ${pkgs.diffutils}/bin/cmp --silent "$in_package" "$in_esp"; then + >&2 echo "Copying $in_package -> $in_esp" + mkdir -p "$esp_tool_folder" + cp "$in_package" "$in_esp" + sync + fi + ''; + boot = { loader.systemd-boot.enable = true; loader.systemd-boot.extraFiles = { @@ -213,6 +229,31 @@ initrd = { includeDefaultModules = false; + + # kernelModules = [ + # "nvme" + # "phy_qcom_qmp_pcie" + # "pcie_qcom" + + # "i2c_core" + # "i2c_hid" + # "i2c_hid_of" + # "i2c_qcom_geni" + + # "leds_qcom_lpg" + # "pwm_bl" + # "qrtr" + # "pmic_glink_altmode" + # "gpio_sbu_mux" + # "phy_qcom_qmp_combo" + # "gpucc_sc8280xp" + # "dispcc_sc8280xp" + # "phy_qcom_edp" + # "panel_edp" + # # "msm" + + # ]; + availableKernelModules = [ "i2c_hid" "i2c_hid_of" @@ -223,26 +264,25 @@ "pmic_glink_altmode" "gpio_sbu_mux" "phy_qcom_qmp_combo" - "panel-edp" - "msm" + "panel_edp" + # "msm" "phy_qcom_edp" - "i2c-core" - "i2c-hid" - "i2c-hid-of" - "i2c-qcom-geni" - "pcie-qcom" - "phy-qcom-qmp-combo" - "phy-qcom-qmp-pcie" - "phy-qcom-qmp-usb" - "phy-qcom-snps-femto-v2" - "phy-qcom-usb-hs" + "i2c_core" + "i2c_hid" + "i2c_hid_of" + "i2c_qcom_geni" + "pcie_qcom" + "phy_qcom_qmp_combo" + "phy_qcom_qmp_pcie" + "phy_qcom_qmp_usb" + "phy_qcom_snps_femto_v2" + "phy_qcom_usb_hs" "nvme" "usbcore" "xhci_hcd" "usbhid" "usb_storage" - # "xhci_pci" "uas" ]; }; @@ -254,44 +294,33 @@ hardware.enableAllFirmware = true; hardware.firmware = [ - pkgs.linux-firmware + # pkgs.linux-firmware - (pkgs.callPackage x13_firmware { }) - (pkgs.callPackage "${self.inputs.brainwart_x13s-nixos}/pkgs/x13s-firmware.nix" { }) + pkgs.x13s_extra-firmware ]; systemd.services.pd-mapper = { wantedBy = [ "multi-user.target" ]; serviceConfig = { - ExecStart = "${lib.getExe pkgs.pd-mapper}"; + ExecStart = "${lib.getExe pd-mapper}"; Restart = "always"; }; }; - # bind mount over existing alsa-ucm-conf - # this is just config, but is in the critical path for lots of packages - # systemd.services.x13s-alsa-conf = { - # wantedBy = [ "multi-user.target" ]; - - # serviceConfig = { - # Type = "oneshot"; - # RemainAfterExit = true; - - # ExecStart = "${pkgs.util-linux.mount}/bin/mount -o bind ${pkgs.x13s_alsa-ucm-conf}/share/alsa ${pkgs.alsa-ucm-conf}/share/alsa"; - # ExecStop = "${pkgs.util-linux.mount}/bin/umount ${pkgs.alsa-ucm-conf}/share/alsa"; - # }; - # }; + environment.sessionVariables = alsa-ucm-conf-env; + systemd.user.services.pipewire.environment = alsa-ucm-conf-env; + systemd.user.services.wireplumber.environment = alsa-ucm-conf-env; systemd.services.bluetooth = { serviceConfig = { # disabled because btmgmt call hangs - # ExecStartPre = [ - # "" - # "${pkgs.util-linux}/bin/rfkill block bluetooth" - # "${pkgs.bluez5-experimental}/bin/btmgmt public-addr ${cfg.bluetoothMac}" - # "${pkgs.util-linux}/bin/rfkill unblock bluetooth" - # ]; + ExecStartPre = [ + "" + "${pkgs.util-linux}/bin/rfkill block bluetooth" + "${pkgs.bluez5-experimental}/bin/btmgmt public-addr ${cfg.bluetoothMac}" + "${pkgs.util-linux}/bin/rfkill unblock bluetooth" + ]; RestartSec = 5; Restart = "on-failure"; }; From 40416bd4def9600d53bbd93c2b14bd9af94acde8 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 22 Jan 2024 15:01:36 +0100 Subject: [PATCH 009/305] fmt --- .../configuration/graphical-fullblown.nix | 38 +++---- nix/home-manager/profiles/wayland-desktop.nix | 23 ++-- nix/os/devices/steveej-t14/secrets.nix | 7 -- nix/os/snippets/radicale.nix | 101 ++++++++++++++++++ .../radicale_htpasswd | 0 5 files changed, 133 insertions(+), 36 deletions(-) delete mode 100644 nix/os/devices/steveej-t14/secrets.nix create mode 100644 nix/os/snippets/radicale.nix rename secrets/{steveej-t14 => desktop}/radicale_htpasswd (100%) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 8ef7cc4..0333dad 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -1,17 +1,18 @@ -{ - pkgs, - config, - # these come in via home-manager.extraSpecialArgs and are specific to each node - nodeFlake, - packages', - # repoFlake, +{ pkgs +, config +, # these come in via home-manager.extraSpecialArgs and are specific to each node + nodeFlake +, packages' +, # repoFlake, # repoFlakeInputs', ... -}: let +}: +let # pkgsMaster = nodeFlake.inputs.nixpkgs-master.legacyPackages.${pkgs.system}; - pkgsUnstableSmall = import nodeFlake.inputs.nixpkgs-unstable-small {inherit (pkgs) system config;}; + pkgsUnstableSmall = import nodeFlake.inputs.nixpkgs-unstable-small { inherit (pkgs) system config; }; pkgs2211 = nodeFlake.inputs.nixpkgs-2211.legacyPackages.${pkgs.system}; -in { +in +{ imports = [ ../profiles/common.nix ../profiles/dotfiles.nix @@ -37,13 +38,13 @@ in { ../programs/vscode # TODO: bump these to 23.05 and make it work - (args: import ../programs/radicale.nix (args // {pkgs = pkgs2211;})) + (args: import ../programs/radicale.nix (args // { pkgs = pkgs2211; })) # (args: import ../programs/espanso.nix (args // {pkgs = pkgs2211;})) ]; home.sessionVariables.HM_CONFIG = "graphical-fullblown"; home.sessionVariables.GOPATH = "$HOME/src/go"; - home.sessionVariables.PATH = pkgs.lib.concatStringsSep ":" ["$HOME/.local/bin" "$PATH"]; + home.sessionVariables.PATH = pkgs.lib.concatStringsSep ":" [ "$HOME/.local/bin" "$PATH" ]; nixpkgs.config.permittedInsecurePackages = [ "electron-24.8.6" @@ -51,7 +52,7 @@ in { ]; home.packages = - [] + [ ] ++ (with pkgs; [ # Authentication cacert @@ -249,11 +250,12 @@ in { pcmanfm # mendeley evince - (runCommand "logseq-wrapper" { - nativeBuildInputs = [ makeWrapper ]; - } '' - makeWrapper ${logseq}/bin/logseq $out/bin/logseq \ - --set NIXOS_OZONE_WL "" + (runCommand "logseq-wrapper" + { + nativeBuildInputs = [ makeWrapper ]; + } '' + makeWrapper ${logseq}/bin/logseq $out/bin/logseq \ + --set NIXOS_OZONE_WL "" '') # (logseq.override({ electron_25 = electron_26; })) diff --git a/nix/home-manager/profiles/wayland-desktop.nix b/nix/home-manager/profiles/wayland-desktop.nix index 6c4d820..ffab825 100644 --- a/nix/home-manager/profiles/wayland-desktop.nix +++ b/nix/home-manager/profiles/wayland-desktop.nix @@ -1,19 +1,20 @@ -{ - pkgs, - config, - lib, - repoFlake, - nodeFlake, - ... -}: let - inherit (import ../lib.nix {}) mkSimpleTrayService; +{ pkgs +, config +, lib +, repoFlake +, nodeFlake +, ... +}: +let + inherit (import ../lib.nix { }) mkSimpleTrayService; nixpkgs-2211 = nodeFlake.inputs.nixpkgs-2211.legacyPackages.${pkgs.system}; nixpkgs-unstable-small = nodeFlake.inputs.nixpkgs-unstable-small.legacyPackages.${pkgs.system}; nixpkgs-wayland' = repoFlake.inputs.nixpkgs-wayland.packages.${pkgs.system}; wayprompt = nixpkgs-wayland'.wayprompt; -in { +in +{ fonts.fontconfig.enable = true; # services.gpg-agent.pinentryFlavor = lib.mkForce null; @@ -29,7 +30,7 @@ in { systemd.user.targets.tray = { Unit = { Description = "Home Manager System Tray"; - Requires = ["graphical-session-pre.target"]; + Requires = [ "graphical-session-pre.target" ]; }; }; diff --git a/nix/os/devices/steveej-t14/secrets.nix b/nix/os/devices/steveej-t14/secrets.nix deleted file mode 100644 index a97d67d..0000000 --- a/nix/os/devices/steveej-t14/secrets.nix +++ /dev/null @@ -1,7 +0,0 @@ -{config, ...}: { - sops.secrets.radicale_htpasswd = { - sopsFile = ../../../../secrets/steveej-t14/radicale_htpasswd; - format = "binary"; - owner = config.users.users.steveej.name; - }; -} diff --git a/nix/os/snippets/radicale.nix b/nix/os/snippets/radicale.nix new file mode 100644 index 0000000..97f4fdc --- /dev/null +++ b/nix/os/snippets/radicale.nix @@ -0,0 +1,101 @@ +{ config +, lib +, pkgs +, repoFlake + # TODO: make configurable +, homeUser ? "steveej" +, ... +}: + +let + radicalePkgs = repoFlake.inputs.radicale-nixpkgs.legacyPackages.${pkgs.system}; + + libdecsync = pkgs.python3Packages.buildPythonPackage rec { + pname = "libdecsync"; + version = "2.2.1"; + + src = pkgs.python3Packages.fetchPypi { + inherit pname version; + hash = "sha256-Mukjzjumv9VL+A0maU0K/SliWrgeRjAeiEdN5a83G0I="; + }; + + propagatedBuildInputs = [ + # pkgs.libxcrypt-legacy + ]; + }; + radicale-storage-decsync = pkgs.python3Packages.buildPythonPackage rec { + pname = "radicale_storage_decsync"; + version = "2.1.0"; + + src = pkgs.python3Packages.fetchPypi { + inherit pname version; + hash = "sha256-X+0MT5o2PjsKxca5EDI+rYyQDmUtbRoELDr6e4YXKCg="; + }; + + buildInputs = [ + pkgs.radicale + # pkgs.libxcrypt-legacy + # pkgs.libxcrypt + ]; + + nativeCheckInputs = [ + # pkgs.libxcrypt-legacy + # pkgs.libxcrypt + ]; + + propagatedBuildInputs = [ libdecsync pkgs.python3Packages.setuptools ]; + }; + radicale-decsync = pkgs.radicale.overrideAttrs (old: { + propagatedBuildInputs = + old.propagatedBuildInputs + ++ [ radicale-storage-decsync ]; + }); + + mkRadicaleService = + { suffix + , port + , + }: + let + radicale-config = pkgs.writeText "radicale-config-${suffix}" '' + [server] + hosts = localhost:${builtins.toString port} + + [auth] + type = htpasswd + htpasswd_filename = ${config.sops.secrets.radicale_htpasswd.path} + htpasswd_encryption = bcrypt + + [storage] + type = radicale_storage_decsync + filesystem_folder = ${config.xdg.dataHome}/radicale-${suffix} + decsync_dir = ${config.xdg.dataHome}/decsync-${suffix} + ''; + in + { + home-manager.users.${homeUser}.systemd.user.services."radicale-${suffix}" = { + Unit.Description = "Radicale with DecSync (${suffix})"; + Service = { + ExecStart = "${radicale-decsync}/bin/radicale -C ${radicale-config}"; + Restart = "on-failure"; + }; + Install.WantedBy = [ "default.target" ]; + }; + }; +in +{ + sops.secrets.radicale_htpasswd = { + sopsFile = ../../../../secrets/desktop/radicale_htpasswd; + format = "binary"; + owner = config.users.users.${homeUser}.name; + }; +} // (builtins.foldl' (sum: cur: lib.recursiveUpdate sum (mkRadicaleService cur)) { } [ + { + suffix = "personal"; + port = 5232; + } + { + suffix = "family"; + port = 5233; + } +]) diff --git a/secrets/steveej-t14/radicale_htpasswd b/secrets/desktop/radicale_htpasswd similarity index 100% rename from secrets/steveej-t14/radicale_htpasswd rename to secrets/desktop/radicale_htpasswd From a083c05b27fe807f4fdb7892264e168dd9b810b6 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 22 Jan 2024 22:50:51 +0100 Subject: [PATCH 010/305] WIP: x13s: install to nvme, refactor into module --- .sops.yaml | 7 + flake.lock | 74 +++++ flake.nix | 39 ++- .../configuration/graphical-fullblown.nix | 224 +++++++-------- nix/home-manager/profiles/common.nix | 14 +- nix/home-manager/profiles/wayland-desktop.nix | 10 +- nix/home-manager/programs/chromium.nix | 37 +-- nix/home-manager/programs/radicale.nix | 89 +++--- nix/home-manager/programs/zsh.nix | 118 ++++---- nix/os/devices/steveej-t14/configuration.nix | 3 +- nix/os/devices/steveej-t14/pkg.nix | 108 ++----- nix/os/devices/steveej-t14/system.nix | 13 +- .../steveej-x13s-rmvbl/configuration.nix | 35 ++- nix/os/devices/steveej-x13s-rmvbl/default.nix | 25 +- nix/os/devices/steveej-x13s-rmvbl/flake.lock | 70 ++++- nix/os/devices/steveej-x13s-rmvbl/flake.nix | 272 +----------------- nix/os/devices/steveej-x13s/.gitignore | 1 + nix/os/devices/steveej-x13s/configuration.nix | 107 +++++++ nix/os/devices/steveej-x13s/default.nix | 40 +++ nix/os/devices/steveej-x13s/disko.nix | 66 +++++ nix/os/devices/steveej-x13s/flake.lock | 207 +++++++++++++ nix/os/devices/steveej-x13s/flake.nix | 73 +++++ nix/os/modules/hardware.thinkpad-x13s.nix | 242 ++++++++++++++++ nix/os/modules/opinionatedDisk.nix | 2 +- nix/os/profiles/common/pkg.nix | 19 +- nix/os/snippets/radicale.nix | 107 ++----- nix/os/snippets/sway-desktop.nix | 90 ++++++ secrets/desktop/radicale_htpasswd | 6 +- 28 files changed, 1361 insertions(+), 737 deletions(-) create mode 100644 nix/os/devices/steveej-x13s/.gitignore create mode 100644 nix/os/devices/steveej-x13s/configuration.nix create mode 100644 nix/os/devices/steveej-x13s/default.nix create mode 100644 nix/os/devices/steveej-x13s/disko.nix create mode 100644 nix/os/devices/steveej-x13s/flake.lock create mode 100644 nix/os/devices/steveej-x13s/flake.nix create mode 100644 nix/os/modules/hardware.thinkpad-x13s.nix create mode 100644 nix/os/snippets/sway-desktop.nix diff --git a/.sops.yaml b/.sops.yaml index 4ac1cea..895ce81 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -41,6 +41,13 @@ creation_rules: - *steveej age: - *steveej-t14 + - path_regex: ^secrets/desktop/.+$ + key_groups: + - pgp: + - *steveej + age: + - *steveej-t14 + - *steveej-x13s-rmvbl - path_regex: ^secrets/servers/.+$ key_groups: - pgp: diff --git a/flake.lock b/flake.lock index 86a3f52..825f580 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,38 @@ { "nodes": { + "adamcstephens_stop-export": { + "flake": false, + "locked": { + "lastModified": 1705876512, + "narHash": "sha256-nvBqLyi8dMQf3xnROwEcUv4iqV55Mr8S8OGYepu14i4=", + "ref": "refs/heads/main", + "rev": "388684db5b529bbd6f3e948cf175df089eb09766", + "revCount": 14, + "type": "git", + "url": "https://codeberg.org/adamcstephens/stop-export.git" + }, + "original": { + "type": "git", + "url": "https://codeberg.org/adamcstephens/stop-export.git" + } + }, + "alsa-ucm-conf": { + "flake": false, + "locked": { + "lastModified": 1705501566, + "narHash": "sha256-Nyr7tjH5VBjocvaKaHCiK+zsjThYBtcr936aRWCBBpM=", + "owner": "alsa-project", + "repo": "alsa-ucm-conf", + "rev": "e87dde51d68950537f92af955ad0633437cc419a", + "type": "github" + }, + "original": { + "owner": "alsa-project", + "ref": "master", + "repo": "alsa-ucm-conf", + "type": "github" + } + }, "aphorme_launcher": { "flake": false, "locked": { @@ -17,6 +50,23 @@ "type": "github" } }, + "brainwart_x13s-nixos": { + "flake": false, + "locked": { + "lastModified": 1705565623, + "narHash": "sha256-sisr/dFIz8p3/Y7mz+arWxjeiBmUTQkMqkF9j3c2dWE=", + "owner": "BrainWart", + "repo": "x13s-nixos", + "rev": "29002122d86a1009ba70e7a4ca3063e5404c77a2", + "type": "github" + }, + "original": { + "owner": "BrainWart", + "ref": "flake", + "repo": "x13s-nixos", + "type": "github" + } + }, "colmena": { "inputs": { "flake-compat": "flake-compat", @@ -293,6 +343,23 @@ "type": "github" } }, + "linux_x13s": { + "flake": false, + "locked": { + "lastModified": 1705680516, + "narHash": "sha256-NjCuPYjYHBJcoJR1ZaWQ9sRh0VpY2Y0hawkbUBRfCvk=", + "owner": "jhovold", + "repo": "linux", + "rev": "bac95eabe6577faa2773cbe7e91c34fd17ab79a0", + "type": "github" + }, + "original": { + "owner": "jhovold", + "ref": "wip/sc8280xp-v6.7", + "repo": "linux", + "type": "github" + } + }, "nix-eval-jobs": { "inputs": { "flake-parts": "flake-parts_3", @@ -636,7 +703,10 @@ }, "root": { "inputs": { + "adamcstephens_stop-export": "adamcstephens_stop-export", + "alsa-ucm-conf": "alsa-ucm-conf", "aphorme_launcher": "aphorme_launcher", + "brainwart_x13s-nixos": "brainwart_x13s-nixos", "colmena": "colmena", "crane": "crane", "disko": [ @@ -647,6 +717,7 @@ "flake-parts": "flake-parts", "get-flake": "get-flake", "jay": "jay", + "linux_x13s": "linux_x13s", "nixos-anywhere": "nixos-anywhere", "nixpkgs": [ "nixpkgs-2311" @@ -659,6 +730,9 @@ "nixpkgs-wayland": "nixpkgs-wayland", "ofi-pass": "ofi-pass", "prs": "prs", + "radicalePkgs": [ + "nixpkgs-2211" + ], "salut": "salut", "sops-nix": "sops-nix", "srvos": "srvos", diff --git a/flake.nix b/flake.nix index 691edf1..3191f4c 100644 --- a/flake.nix +++ b/flake.nix @@ -3,6 +3,7 @@ inputs = { # flake and infra basics nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; + radicalePkgs.follows = "nixpkgs-2211"; nixpkgs-2305.url = "github:nixos/nixpkgs/nixos-23.05"; nixpkgs-2311.url = "github:nixos/nixpkgs/nixos-23.05"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; @@ -13,7 +14,7 @@ srvos.url = "github:numtide/srvos"; srvos.inputs.nixpkgs.follows = "nixpkgs"; - nixos-anywhere.url = github:numtide/nixos-anywhere/main; + nixos-anywhere.url = "github:numtide/nixos-anywhere/main"; nixos-anywhere.inputs.nixpkgs.follows = "nixpkgs"; disko.follows = "nixos-anywhere/disko"; @@ -68,6 +69,31 @@ url = "gitlab:timvisee/prs/master"; flake = false; }; + + + ### inputs for thinkpad x13s + # see https://github.com/jhovold/linux/wiki/X13s for status updates + linux_x13s.url = "github:jhovold/linux/wip/sc8280xp-v6.7"; + linux_x13s.flake = false; + + brainwart_x13s-nixos = { + url = "github:BrainWart/x13s-nixos/flake"; + flake = false; + }; + + adamcstephens_stop-export = { + flake = false; + url = "git+https://codeberg.org/adamcstephens/stop-export.git"; + }; + + + alsa-ucm-conf = { + flake = false; + url = "github:alsa-project/alsa-ucm-conf/master"; + }; + + + ### }; outputs = @@ -104,6 +130,7 @@ nodeFlake = self.inputs.get-flake ./nix/os/devices/${nodeName}; }) [ "steveej-t14" + "steveej-x13s" # "elias-e525" # "justyna-p300" @@ -122,7 +149,7 @@ // ( let router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations; - steveej-x13s-rmvbl = (inputs.get-flake ./nix/os/devices/steveej-x13s-rmvbl).nixosConfigurations; + steveej-x13s = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations; retro = (inputs.get-flake ./nix/os/devices/retro).nixosConfigurations; in { @@ -135,8 +162,7 @@ # nixos-install --flake .\#retro_cross retro_cross = retro.cross; - steveej-x13s-rmvbl = steveej-x13s-rmvbl.native; - steveej-x13s-rmvbl_cross = steveej-x13s-rmvbl.cross; + steveej-x13s_cross = steveej-x13s.cross; } ); @@ -272,6 +298,11 @@ inherit inputs' pkgs; packages' = packages; }; + }; + + flake.nixosModules = { + thinkpad-x13s = { pkgs, config, lib, options, ... } @ args: (import ./nix/os/modules/hardware.thinkpad-x13s.nix (args // { inherit self; })); + }; }); } diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 0333dad..aa8f6e7 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -1,26 +1,23 @@ { pkgs +, lib , config , # these come in via home-manager.extraSpecialArgs and are specific to each node nodeFlake , packages' -, # repoFlake, - # repoFlakeInputs', - ... +, ... }: let # pkgsMaster = nodeFlake.inputs.nixpkgs-master.legacyPackages.${pkgs.system}; pkgsUnstableSmall = import nodeFlake.inputs.nixpkgs-unstable-small { inherit (pkgs) system config; }; - pkgs2211 = nodeFlake.inputs.nixpkgs-2211.legacyPackages.${pkgs.system}; in { imports = [ ../profiles/common.nix - ../profiles/dotfiles.nix + # ../profiles/dotfiles.nix # FIXME: fix homeshick when no WAN connection is available # ../programs/homeshick.nix # ../profiles/gnome-desktop.nix - ../profiles/sway-desktop.nix # ../profiles/experimental-desktop.nix ../programs/redshift.nix @@ -28,7 +25,7 @@ in ../programs/gpg-agent.nix ../programs/pass.nix - ../programs/espanso.nix + # ../programs/espanso.nix ../programs/firefox.nix ../programs/chromium.nix @@ -36,10 +33,6 @@ in ../programs/libreoffice.nix ../programs/neovim.nix ../programs/vscode - - # TODO: bump these to 23.05 and make it work - (args: import ../programs/radicale.nix (args // { pkgs = pkgs2211; })) - # (args: import ../programs/espanso.nix (args // {pkgs = pkgs2211;})) ]; home.sessionVariables.HM_CONFIG = "graphical-fullblown"; @@ -55,21 +48,19 @@ in [ ] ++ (with pkgs; [ # Authentication - cacert - fprintd - openssl - mkpasswd + # cacert + # fprintd + # openssl + # mkpasswd # Nix package related tools patchelf - nix-index + # nix-index nix-prefetch-scripts - # nix-prefetch-github nix-tree # Version Control Systems gitFull - pijul # gitless gitRepo git-lfs @@ -118,7 +109,9 @@ in # FIXME: depends on insecure openssl 1.1.1t # kotatogram-desktop tdesktop + pkgsUnstableSmall.signal-desktop + #(let # version = "6.20.0-beta.1"; #in @@ -138,7 +131,6 @@ in # ''; # })) - pkgsUnstableSmall.session-desktop # --add-flags "--enable-features=UseOzonePlatform" # --add-flags "--ozone-platform=wayland" # (pkgsUnstableSmall.session-desktop.overrideAttrs (old: { @@ -175,61 +167,51 @@ in # })) thunderbird + # gnome.cheese - discord + + # Virtualization # virtmanager # Remote Control Tools remmina - freerdp - teamviewer - pkgsUnstableSmall.rustdesk + # freerdp + + # Audio/Video Players ffmpeg vlc - v4l-utils - audacity - spotify + # v4l-utils + # audacity + # spotify yt-dlp (writeShellScriptBin "youtube-dl-audio" "${yt-dlp}/bin/yt-dlp --extract-audio --audio-format best --audio-quality 9 \${@:?}") libwebcam # Network Tools - openvpn tcpdump iftop iperf bind socat - # 2019-03-05: broken on 19.03 linssid - iptraf-ng - ipmitool - - iptables - nftables - wireshark - wireguard-tools + nethogs # Code Editing and Programming - xclip - xsel - pkgsUnstableSmall.lapce - pkgsUnstableSmall.helix - pkgsUnstableSmall.nil + # pkgsUnstableSmall.lapce + # pkgsUnstableSmall.helix + # pkgsUnstableSmall.nil # Image/Graphic/Design Tools gnome.eog - gimp - imagemagick - exiv2 - graphviz - inkscape - qrencode - zbar - feh + # gimp + # imagemagick + # exiv2 + # graphviz + # inkscape + # qrencode # TODO: remove or move these: Modelling Tools # plantuml @@ -240,62 +222,47 @@ in # astah-community # Misc Development Tools - qrcode - jq - cdrtools + # qrcode + # jq + # cdrtools # Document Processing and Management gnome.nautilus - xfce.thunar pcmanfm # mendeley evince - (runCommand "logseq-wrapper" - { - nativeBuildInputs = [ makeWrapper ]; - } '' - makeWrapper ${logseq}/bin/logseq $out/bin/logseq \ - --set NIXOS_OZONE_WL "" - '') - # (logseq.override({ electron_25 = electron_26; })) + # File Synchronzation maestral - maestral-gui rsync # Filesystem Tools - ntfs3g - ddrescue - ncdu - unetbootin - hdparm - testdisk + # ntfs3g + # ddrescue + # ncdu + # hdparm # binwalk - gptfdisk - gparted - smartmontools + # gptfdisk + # gparted + # smartmontools - ## Android - androidenv.androidPkgs_9_0.platform-tools ## Python - packages'.myPython + # packages'.myPython # Misc Desktop Tools - ltunify + # ltunify # dex - xorg.xbacklight coreutils lsof - xdotool xdg_utils xdg-user-dirs dconf picocom glib.dev # contains gdbus tool alacritty - wally-cli + # wally-cli man-pages # Screen recording @@ -311,64 +278,77 @@ in # introduces python: screenkey # avidemux # broken - handbrake + # handbrake - pkgsUnstableSmall.ledger-live-desktop - - (banana-accounting.overrideDerivation (attrs: - with inputs'.nixpkgs-2211.legacyPackages; { - # dontWrapGApps = true; - - srcs = builtins.fetchurl { - # hosted via https://web3.storage - url = "https://bafybeiabi4m2i4izummipbl5wzhwxjyjt2rylgsrahhkh7i63piwd37n4u.ipfs.w3s.link/mfpcksczayaqqx8fdacp0627zm36c001-bananaplus.tgz"; - - sha256 = "09666iqzqdw2526pf6bg5kd0hfw0wblw8ag636ki72dsiw6bmbf1"; - }; - - # nativeBuildInputs = - # attrs.nativeBuildInputs - # ++ [ - # qt5.qtbase - # qt5.wrapQtAppsHook - # ]; - - # buildInputs = - # attrs.buildInputs - # ++ [ - # qt5.qtwayland - # ]; - - # preFixup = - # (attrs.preFixup or "") - # + '' - # qtWrapperArgs+=("''${gappsWrapperArgs[@]}") - # ''; - })) - - - snes9x - snes9x-gtk + # snes9x + # snes9x-gtk # this is a displaymanager! # libretro.snes9x2010 # retroarchFull - ]); + ]) + ++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [ + (pkgs.banana-accounting.overrideDerivation + (attrs: + with nodeFlake.inputs'.nixpkgs-2211.legacyPackages; { + # dontWrapGApps = true; + + srcs = builtins.fetchurl { + # hosted via https://web3.storage + url = "https://bafybeiabi4m2i4izummipbl5wzhwxjyjt2rylgsrahhkh7i63piwd37n4u.ipfs.w3s.link/mfpcksczayaqqx8fdacp0627zm36c001-bananaplus.tgz"; + + sha256 = "09666iqzqdw2526pf6bg5kd0hfw0wblw8ag636ki72dsiw6bmbf1"; + }; + + # nativeBuildInputs = + # attrs.nativeBuildInputs + # ++ [ + # qt5.qtbase + # qt5.wrapQtAppsHook + # ]; + + # buildInputs = + # attrs.buildInputs + # ++ [ + # qt5.qtwayland + # ]; + + # preFixup = + # (attrs.preFixup or "") + # + '' + # qtWrapperArgs+=("''${gappsWrapperArgs[@]}") + # ''; + }) + ) + + pkgsUnstableSmall.ledger-live-desktop + + (pkgs.runCommand "logseq-wrapper" + { + nativeBuildInputs = [ pkgs.makeWrapper ]; + } '' + makeWrapper ${pkgs.logseq}/bin/logseq $out/bin/logseq \ + --set NIXOS_OZONE_WL "" + '') + # (logseq.override({ electron_25 = electron_26; })) + + # unsupported on aarch64-linux + pkgs.androidenv.androidPkgs_9_0.platform-tools + pkgs.teamviewer + pkgs.discord + pkgsUnstableSmall.session-desktop + pkgsUnstableSmall.rustdesk + ]) + ; systemd.user.startServices = true; services.syncthing.enable = true; services.udiskie = { enable = true; - automount = true; + automount = false; notify = true; }; - # FIXME: doesn't work as the service can't seem to control its started PID - services.dropbox = { - enable = false; - path = "${config.home.homeDirectory}/Dropbox-Hm"; - }; - # TODO: uncomment this when it's in stable home-manger # programs.joshuto = { # enable = true; diff --git a/nix/home-manager/profiles/common.nix b/nix/home-manager/profiles/common.nix index 20a17e3..9c76c30 100644 --- a/nix/home-manager/profiles/common.nix +++ b/nix/home-manager/profiles/common.nix @@ -1,4 +1,4 @@ -{pkgs, ...}: { +{ pkgs, ... }: { # TODO: re-enable this with the appropriate version? # programs.home-manager.enable = true; # programs.home-manager.path = https://github.com/rycee/home-manager/archive/445c0b1482c38172a9f8294ee16a7ca7462388e5.tar.gz; @@ -11,10 +11,16 @@ allowBroken = false; allowUnfree = true; - permittedInsecurePackages = []; + permittedInsecurePackages = [ ]; }; - nix.settings.experimental-features = ["nix-command" "flakes" "impure-derivations" "ca-derivations" "recursive-nix"]; + nix.settings.experimental-features = [ + "nix-command" + "flakes" + "impure-derivations" + "ca-derivations" + "recursive-nix" + ]; nix.settings.sandbox = "relaxed"; home.keyboard = { @@ -40,7 +46,7 @@ programs.fzf.enable = true; home.packages = - [] + [ ] ++ (with pkgs; [ htop vcsh diff --git a/nix/home-manager/profiles/wayland-desktop.nix b/nix/home-manager/profiles/wayland-desktop.nix index ffab825..298aaf5 100644 --- a/nix/home-manager/profiles/wayland-desktop.nix +++ b/nix/home-manager/profiles/wayland-desktop.nix @@ -8,10 +8,7 @@ let inherit (import ../lib.nix { }) mkSimpleTrayService; - nixpkgs-2211 = nodeFlake.inputs.nixpkgs-2211.legacyPackages.${pkgs.system}; - nixpkgs-unstable-small = nodeFlake.inputs.nixpkgs-unstable-small.legacyPackages.${pkgs.system}; nixpkgs-wayland' = repoFlake.inputs.nixpkgs-wayland.packages.${pkgs.system}; - wayprompt = nixpkgs-wayland'.wayprompt; in { @@ -43,7 +40,6 @@ in wl-clipboard wmctrl - wayprompt nixpkgs-wayland'.shotman # identifies key input syms @@ -63,7 +59,11 @@ in # probably required by flameshot # xdg-desktop-portal xdg-desktop-portal-wlr # grim - ]; + ] ++ (lib.lists.optionals (!pkgs.stdenv.isAarch64) + # TODO: broken on aarch64 + [ + ] + ); home.sessionVariables = { XDG_SESSION_TYPE = "wayland"; diff --git a/nix/home-manager/programs/chromium.nix b/nix/home-manager/programs/chromium.nix index c2240b9..81383c9 100644 --- a/nix/home-manager/programs/chromium.nix +++ b/nix/home-manager/programs/chromium.nix @@ -1,15 +1,16 @@ -{ - name, - lib, - ... -}: let +{ name +, lib +, pkgs +, ... +}: +let extensions = [ #undetectable adblocker - {id = "gcfcpohokifjldeandkfjoboemihipmb";} + { id = "gcfcpohokifjldeandkfjoboemihipmb"; } # ublock origin - {id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";} + { id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # # YT ad block # {id = "cmedhionkhpnakcndndgjdbohmhepckk";} @@ -18,15 +19,15 @@ # {id = "cfhdojbkjhnklbpkdaibdccddilifddb";} # Cookie Notice Blocker - {id = "odhmfmnoejhihkmfebnolljiibpnednn";} + { id = "odhmfmnoejhihkmfebnolljiibpnednn"; } # i don't care about cookies - {id = "fihnjjcciajhdojfnbdddfaoknhalnja";} + { id = "fihnjjcciajhdojfnbdddfaoknhalnja"; } # NopeCHA - {id = "dknlfmjaanfblgfdfebhijalfmhmjjjo";} + { id = "dknlfmjaanfblgfdfebhijalfmhmjjjo"; } # h264ify - {id = "aleakchihdccplidncghkekgioiakgal";} + { id = "aleakchihdccplidncghkekgioiakgal"; } # clippy # {id = "honbeilkanbghjimjoniipnnehlmhggk"} @@ -37,25 +38,27 @@ } # cookie autodelete - {id = "fhcgjolkccmbidfldomjliifgaodjagh";} + { id = "fhcgjolkccmbidfldomjliifgaodjagh"; } # unhook - { id = "khncfooichmfjbepaaaebmommgaepoid";} + { id = "khncfooichmfjbepaaaebmommgaepoid"; } ] ++ (lib.lists.optionals ((builtins.match "^steveej.*" name) != null) [ # Vimium C - {id = "hfjbmagddngcpeloejdejnfgbamkjaeg";} + { id = "hfjbmagddngcpeloejdejnfgbamkjaeg"; } ]); -in { +in +{ programs.chromium = { enable = true; inherit extensions; }; programs.brave = { - enable = true; + # TODO: enable this on aarch64-linux + enable = true && !pkgs.stdenv.targetPlatform.isAarch64; inherit extensions; }; - programs.browserpass = {browsers = ["chromium" "brave"];}; + programs.browserpass = { browsers = [ "chromium" "brave" ]; }; } diff --git a/nix/home-manager/programs/radicale.nix b/nix/home-manager/programs/radicale.nix index a8e4eef..bcedd41 100644 --- a/nix/home-manager/programs/radicale.nix +++ b/nix/home-manager/programs/radicale.nix @@ -1,10 +1,10 @@ -{ - config, - lib, - pkgs, - osConfig, - ... -}: let +{ config +, lib +, pkgs +, osConfig +, ... +}: +let libdecsync = pkgs.python3Packages.buildPythonPackage rec { pname = "libdecsync"; version = "2.2.1"; @@ -38,50 +38,53 @@ # pkgs.libxcrypt ]; - propagatedBuildInputs = [libdecsync pkgs.python3Packages.setuptools]; + propagatedBuildInputs = [ libdecsync pkgs.python3Packages.setuptools ]; }; radicale-decsync = pkgs.radicale.overrideAttrs (old: { propagatedBuildInputs = old.propagatedBuildInputs - ++ [radicale-storage-decsync]; + ++ [ radicale-storage-decsync ]; }); - mkRadicaleService = { - suffix, - port, - }: let - radicale-config = pkgs.writeText "radicale-config-${suffix}" '' - [server] - hosts = localhost:${builtins.toString port} + mkRadicaleService = + { suffix + , port + , + }: + let + radicale-config = pkgs.writeText "radicale-config-${suffix}" '' + [server] + hosts = localhost:${builtins.toString port} - [auth] - type = htpasswd - htpasswd_filename = ${osConfig.sops.secrets.radicale_htpasswd.path} - htpasswd_encryption = bcrypt + [auth] + type = htpasswd + htpasswd_filename = ${osConfig.sops.secrets.radicale_htpasswd.path} + htpasswd_encryption = bcrypt - [storage] - type = radicale_storage_decsync - filesystem_folder = ${config.xdg.dataHome}/radicale-${suffix} - decsync_dir = ${config.xdg.dataHome}/decsync-${suffix} - ''; - in { - systemd.user.services."radicale-${suffix}" = { - Unit.Description = "Radicale with DecSync (${suffix})"; - Service = { - ExecStart = "${radicale-decsync}/bin/radicale -C ${radicale-config}"; - Restart = "on-failure"; + [storage] + type = radicale_storage_decsync + filesystem_folder = ${config.xdg.dataHome}/radicale-${suffix} + decsync_dir = ${config.xdg.dataHome}/decsync-${suffix} + ''; + in + { + systemd.user.services."radicale-${suffix}" = { + Unit.Description = "Radicale with DecSync (${suffix})"; + Service = { + ExecStart = "${radicale-decsync}/bin/radicale -C ${radicale-config}"; + Restart = "on-failure"; + }; + Install.WantedBy = [ "default.target" ]; }; - Install.WantedBy = ["default.target"]; }; - }; in - builtins.foldl' (sum: cur: lib.recursiveUpdate sum (mkRadicaleService cur)) {} [ - { - suffix = "personal"; - port = 5232; - } - { - suffix = "family"; - port = 5233; - } - ] +builtins.foldl' (sum: cur: lib.recursiveUpdate sum (mkRadicaleService cur)) { } [ + { + suffix = "personal"; + port = 5232; + } + { + suffix = "family"; + port = 5233; + } +] diff --git a/nix/home-manager/programs/zsh.nix b/nix/home-manager/programs/zsh.nix index 0d3085d..8d2596a 100644 --- a/nix/home-manager/programs/zsh.nix +++ b/nix/home-manager/programs/zsh.nix @@ -1,29 +1,30 @@ -{ - config, - lib, - pkgs, - ... -}: let - just-plugin = let - plugin_file = pkgs.writeText "_just" '' - #compdef just - #autload +{ config +, lib +, pkgs +, ... +}: +let + just-plugin = + let + plugin_file = pkgs.writeText "_just" '' + #compdef just + #autload - alias justl="\just --list" - alias juste="\just --evaluate" + alias justl="\just --list" + alias juste="\just --evaluate" - local subcmds=() + local subcmds=() - while read -r line ; do - if [[ ! $line == Available* ]] ; - then - subcmds+=(''${line/[[:space:]]*\#/:}) - fi - done < <(just --list) + while read -r line ; do + if [[ ! $line == Available* ]] ; + then + subcmds+=(''${line/[[:space:]]*\#/:}) + fi + done < <(just --list) - _describe 'command' subcmds - ''; - in + _describe 'command' subcmds + ''; + in pkgs.stdenv.mkDerivation { name = "just-completions"; version = "0.1.0"; @@ -35,7 +36,8 @@ chmod --recursive a-w $out ''; }; -in { +in +{ programs.zsh = { enable = true; @@ -46,47 +48,49 @@ in { # will be called again by oh-my-zsh enableCompletion = false; enableAutosuggestions = true; - initExtra = let - inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")''; - in '' - PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}✓%f.%F{red}✗ ($?%))%f %F{blue}%~%f${inNixShell}%F{magenta}$(git_prompt_info)%f$prompt_newline%_%F{%(!.red.green)}$(prompt_char)%f ' - RPROMPT="" + initExtra = + let + inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")''; + in + '' + PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}✓%f.%F{red}✗ ($?%))%f %F{blue}%~%f${inNixShell}%F{magenta}$(git_prompt_info)%f$prompt_newline%_%F{%(!.red.green)}$(prompt_char)%f ' + RPROMPT="" - # Automatic rehash - zstyle ':completion:*' rehash true + # Automatic rehash + zstyle ':completion:*' rehash true - if [ -f $HOME/.shrc.d/sh_aliases ]; then - . $HOME/.shrc.d/sh_aliases - fi + if [ -f $HOME/.shrc.d/sh_aliases ]; then + . $HOME/.shrc.d/sh_aliases + fi - ${ - if builtins.hasAttr "homeshick" pkgs - then '' - source ${pkgs.homeshick}/homeshick.sh - fpath=(${pkgs.homeshick}/completions $fpath) - '' - else "" - } + ${ + if builtins.hasAttr "homeshick" pkgs + then '' + source ${pkgs.homeshick}/homeshick.sh + fpath=(${pkgs.homeshick}/completions $fpath) + '' + else "" + } - # Disable intercepting of ctrl-s and ctrl-q as flow control. - stty stop ''' -ixoff -ixon + # Disable intercepting of ctrl-s and ctrl-q as flow control. + stty stop ''' -ixoff -ixon - # don't cd into directories when executed - unsetopt AUTO_CD + # don't cd into directories when executed + unsetopt AUTO_CD - # print lines without termination - setopt PROMPT_CR - setopt PROMPT_SP - export PROMPT_EOL_MARK="" + # print lines without termination + setopt PROMPT_CR + setopt PROMPT_SP + export PROMPT_EOL_MARK="" - ${lib.optionalString config.services.gpg-agent.enable '' - export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh" - ''} + ${lib.optionalString config.services.gpg-agent.enable '' + export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh" + ''} - ${lib.optionalString config.programs.neovim.enable '' - export EDITOR="nvim" - ''} - ''; + ${lib.optionalString config.programs.neovim.enable '' + export EDITOR="nvim" + ''} + ''; plugins = [ { @@ -119,7 +123,7 @@ in { oh-my-zsh = { enable = true; theme = "tjkirch"; - plugins = ["git" "sudo"]; + plugins = [ "git" "sudo" ]; }; }; } diff --git a/nix/os/devices/steveej-t14/configuration.nix b/nix/os/devices/steveej-t14/configuration.nix index 2a655c5..fc3d209 100644 --- a/nix/os/devices/steveej-t14/configuration.nix +++ b/nix/os/devices/steveej-t14/configuration.nix @@ -1,4 +1,4 @@ -{...}: { +{ ... }: { imports = [ ../../profiles/common/configuration.nix ../../profiles/graphical/configuration.nix @@ -10,7 +10,6 @@ ./pkg.nix ./user.nix ./boot.nix - ./secrets.nix # samba seerver ({ lib, ... }: { diff --git a/nix/os/devices/steveej-t14/pkg.nix b/nix/os/devices/steveej-t14/pkg.nix index 1ff1a59..25c15c5 100644 --- a/nix/os/devices/steveej-t14/pkg.nix +++ b/nix/os/devices/steveej-t14/pkg.nix @@ -1,9 +1,8 @@ -{ - pkgs, - lib, - repoFlake, - nodeFlake, - ... +{ pkgs +, lib +, repoFlake +, nodeFlake +, ... }: { home-manager.users.steveej = _: { imports = [ @@ -16,8 +15,7 @@ }) ]; - home.sessionVariables = { - }; + home.sessionVariables = { }; home.packages = with pkgs; [ ]; @@ -34,50 +32,33 @@ # # (regreet:505614): Gtk-WARNING **: 10:31:42.532: Theme parser warning: :6:17-18: Empty declaration # Failed to create /var/empty/.cache for shader cache (Operation not permitted)---disabling. - services.greetd = let - # exec "${pkgs.greetd.gtkgreet}/bin/gtkgreet -l; swaymsg exit" - swayConfig = pkgs.writeText "greetd-sway-config" '' - # `-l` activates layer-shell mode. Notice that `swaymsg exit` will run after gtkgreet. - exec "dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK; ${pkgs.greetd.regreet}/bin/regreet; swaymsg exit" - bindsym Mod4+shift+e exec swaynag \ - -t warning \ - -m 'What do you want to do?' \ - -b 'Poweroff' 'systemctl poweroff' \ - -b 'Reboot' 'systemctl reboot' - ''; - in { - enable = false; - settings = { - vt = 1; - default_session = { - command = "${pkgs.sway}/bin/sway --config ${swayConfig}"; + services.greetd = + let + # exec "${pkgs.greetd.gtkgreet}/bin/gtkgreet -l; swaymsg exit" + swayConfig = pkgs.writeText "greetd-sway-config" '' + # `-l` activates layer-shell mode. Notice that `swaymsg exit` will run after gtkgreet. + exec "dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK; ${pkgs.greetd.regreet}/bin/regreet; swaymsg exit" + bindsym Mod4+shift+e exec swaynag \ + -t warning \ + -m 'What do you want to do?' \ + -b 'Poweroff' 'systemctl poweroff' \ + -b 'Reboot' 'systemctl reboot' + ''; + in + { + enable = false; + settings = { + vt = 1; + default_session = { + command = "${pkgs.sway}/bin/sway --config ${swayConfig}"; + }; }; }; - }; environment.etc."greetd/environments".text = '' sway ''; - - # autologin steveej on tty1 - systemd.services."autovt@tty1".description = "Autologin at the TTY1"; - systemd.services."autovt@tty1".after = [ "systemd-logind.service" ]; # without it user session not started and xorg can't be run from this tty - systemd.services."autovt@tty1".wantedBy = [ "multi-user.target" ]; - systemd.services."autovt@tty1".serviceConfig = - { ExecStart = [ - "" # override upstream default with an empty ExecStart - "@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login --autologin steveej --noclear %I $TERM" - ]; - Restart = "always"; - Type = "idle"; - }; - programs.zsh.loginShellInit = '' - if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then - exec sway - fi - ''; - # fonts = let # prefs.font = rec { # size = 13; @@ -122,42 +103,5 @@ # # }; # }; - security.pam.services.getty.enableGnomeKeyring = true; - services.gnome.gnome-keyring.enable = true; - - # rtkit is optional but recommended - security.rtkit.enable = true; - services.pipewire = { - audio.enable = true; - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - }; - - # required by swaywm - security.polkit.enable = true; - security.pam.services.swaylock = {}; - - # test these on https://mozilla.github.io/webrtc-landing/gum_test.html - xdg.portal = { - enable = true; - # FIXME: `true` breaks xdg-open from alacritty: - # $ xdg-open "https://github.com/" - # Error: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: No such interface “org.freedesktop.portal.OpenURI” on object at path /org/freedesktop/portal/desktop - xdgOpenUsePortal = false; - extraPortals = [ - pkgs.xdg-desktop-portal-wlr - pkgs.xdg-desktop-portal-gtk - - # repoFlake.inputs.nixpkgs-wayland.packages.${pkgs.system}.xdg-desktop-portal-wlr - # (pkgs.xdg-desktop-portal-gtk.override (_: { - # buildPortalsInGnome = false; - # })) - ]; - }; - system.stateVersion = "23.05"; } diff --git a/nix/os/devices/steveej-t14/system.nix b/nix/os/devices/steveej-t14/system.nix index 11a2690..c5604f8 100644 --- a/nix/os/devices/steveej-t14/system.nix +++ b/nix/os/devices/steveej-t14/system.nix @@ -28,6 +28,8 @@ in { imports = [ ../../snippets/nix-settings-holo-chain.nix + ../../snippets/radicale.nix + ../../snippets/sway-desktop.nix ]; nix.settings = { @@ -115,21 +117,10 @@ in services.samba.extraConfig = '' # client min protocol = NT1 ''; - services.gvfs = { - enable = true; - package = lib.mkForce pkgs.gnome3.gvfs; - }; - environment.systemPackages = with pkgs; [ lxqt.lxqt-policykit ]; # provides a default authentification client for policykit security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]; services.xserver.videoDrivers = lib.mkForce [ "amdgpu" ]; - services.xserver.serverFlagsSection = '' - Option "BlankTime" "0" - Option "StandbyTime" "0" - Option "SuspendTime" "0" - Option "OffTime" "0" - ''; time.timeZone = lib.mkForce passwords.timeZone.stefan; diff --git a/nix/os/devices/steveej-x13s-rmvbl/configuration.nix b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix index 14d206e..7e39af7 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/configuration.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix @@ -1,8 +1,8 @@ { repoFlake +, nodeFlake , pkgs , lib , config -, nodeFlake , nodeName , localDomainName , system @@ -16,8 +16,15 @@ ./disko.nix ../../profiles/common/user.nix + ../../profiles/common/pkg.nix + { + # nixpkgs.config.allowUnsupportedSystem = true; + + # flake registry + nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs; + nix.nixPath = [ "nixpkgs=${pkgs.path}" ]; @@ -43,6 +50,11 @@ sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; sops.defaultSopsFormat = "yaml"; } + + nodeFlake.inputs.home-manager.nixosModules.home-manager + + ../../snippets/sway-desktop.nix + ../../snippets/radicale.nix ]; hardware.thinkpad-x13s = { @@ -57,8 +69,8 @@ firewall.enable = true; - useNetworkd = true; - networkmanager.enable = false; + # useNetworkd = true; + networkmanager.enable = true; }; system.stateVersion = "23.11"; @@ -74,4 +86,21 @@ pkgs.git pkgs.git-crypt ]; + + home-manager.users.steveej = _: { + imports = [ + ../../../home-manager/configuration/graphical-fullblown.nix + + (_: { + programs.chromium.extensions = [ + # can define host-specific extensions here + ]; + }) + ]; + + home.sessionVariables = { }; + + home.packages = with pkgs; [ + ]; + }; } diff --git a/nix/os/devices/steveej-x13s-rmvbl/default.nix b/nix/os/devices/steveej-x13s-rmvbl/default.nix index 3961f0b..0ccb5dc 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/default.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/default.nix @@ -1,10 +1,9 @@ -{ - system ? "aarch64-linux", - nodeName, - repoFlake, - nodeFlake, - localDomainName ? "internal", - ... +{ system ? "aarch64-linux" +, nodeName +, repoFlake +, nodeFlake +, localDomainName ? "internal" +, ... }: { meta.nodeSpecialArgs.${nodeName} = { inherit repoFlake nodeName nodeFlake system; @@ -16,18 +15,22 @@ meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath - { - inherit system; - }; + { + inherit system; + }; ${nodeName} = { + deployment.targetHost = "${nodeName}.${localDomainName}"; deployment.replaceUnknownProfiles = true; + deployment.allowLocalDeployment = true; # nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system}; imports = [ - ./configuration.nix + (repoFlake + "/nix/os/devices/${nodeName}/configuration.nix") + + nodeFlake.inputs.home-manager.nixosModules.home-manager ]; networking.hostName = nodeName; diff --git a/nix/os/devices/steveej-x13s-rmvbl/flake.lock b/nix/os/devices/steveej-x13s-rmvbl/flake.lock index 385f8dd..f7008e1 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/flake.lock +++ b/nix/os/devices/steveej-x13s-rmvbl/flake.lock @@ -57,11 +57,11 @@ ] }, "locked": { - "lastModified": 1705540973, - "narHash": "sha256-kNt/qAEy7ueV7NKbVc8YMHWiQAAgrir02MROYNI8fV0=", + "lastModified": 1705890365, + "narHash": "sha256-MObB+fipA/2Ai3uMuNouxcwz0cqvELPpJ+hfnhSaUeA=", "owner": "nix-community", "repo": "disko", - "rev": "0033adc6e3f1ed076f3ed1c637ef1dfe6bef6733", + "rev": "9fcdf3375e01e2938a49df103af9fd21bd0f89d9", "type": "github" }, "original": { @@ -84,6 +84,27 @@ "type": "github" } }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1705659542, + "narHash": "sha256-WA3xVfAk1AYmFdwghT7mt/erYpsU6JPu9mdTEP/e9HQ=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "10cd9c53115061aa6a0a90aad0b0dde6a999cdb9", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-23.11", + "repo": "home-manager", + "type": "github" + } + }, "linux_x13s": { "flake": false, "locked": { @@ -119,11 +140,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1705641746, - "narHash": "sha256-D6c2aH8HQbWc7ZWSV0BUpFpd94ImFyCP8jFIsKQ4Slg=", + "lastModified": 1705774713, + "narHash": "sha256-j6ADaDH9XiumUzkTPlFyCBcoWYhO83lfgiSqEJF2zcs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d2003f2223cbb8cd95134e4a0541beea215c1073", + "rev": "1b64fc1287991a9cce717a01c1973ef86cb1af0b", "type": "github" }, "original": { @@ -133,6 +154,38 @@ "type": "github" } }, + "nixpkgs-2211": { + "locked": { + "lastModified": 1688392541, + "narHash": "sha256-lHrKvEkCPTUO+7tPfjIcb7Trk6k31rz18vkyqmkeJfY=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "ea4c80b39be4c09702b0cb3b42eab59e2ba4f24b", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-22.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable-small": { + "locked": { + "lastModified": 1705891108, + "narHash": "sha256-PQ0Df5BzByg+0gPE1goa9WYVXSoEP6gtjblrbYC8WOI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "8cccce637e19577815de54c5ecc3132dff965aee", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "adamcstephens_stop-export": "adamcstephens_stop-export", @@ -140,9 +193,12 @@ "brainwart_x13s-nixos": "brainwart_x13s-nixos", "disko": "disko", "get-flake": "get-flake", + "home-manager": "home-manager", "linux_x13s": "linux_x13s", "mobile-nixos": "mobile-nixos", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "nixpkgs-2211": "nixpkgs-2211", + "nixpkgs-unstable-small": "nixpkgs-unstable-small" } } }, diff --git a/nix/os/devices/steveej-x13s-rmvbl/flake.nix b/nix/os/devices/steveej-x13s-rmvbl/flake.nix index a60ced8..d9cc53c 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/flake.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/flake.nix @@ -3,6 +3,10 @@ { nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + # requires for home-manager modules + nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; + nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; + get-flake.url = "github:ursi/get-flake"; disko.inputs.nixpkgs.follows = "nixpkgs"; @@ -10,24 +14,9 @@ mobile-nixos.url = "github:NixOS/mobile-nixos"; mobile-nixos.flake = false; - # see https://github.com/jhovold/linux/wiki/X13s for status updates - linux_x13s.url = "github:jhovold/linux/wip/sc8280xp-v6.7"; - linux_x13s.flake = false; - - brainwart_x13s-nixos = { - url = "github:BrainWart/x13s-nixos/flake"; - flake = false; - }; - - adamcstephens_stop-export = { - flake = false; - url = "git+https://codeberg.org/adamcstephens/stop-export.git"; - }; - - - alsa-ucm-conf = { - flake = false; - url = "github:alsa-project/alsa-ucm-conf/master"; + home-manager = { + url = "github:nix-community/home-manager/release-23.11"; + inputs.nixpkgs.follows = "nixpkgs"; }; }; @@ -60,11 +49,6 @@ self.nixosModules.hardware-x13s ./configuration.nix - - # flake registry - { - nix.registry.nixpkgs.flake = nixpkgs; - } ] ++ extraModules; } @@ -85,247 +69,5 @@ ]; }; }; - - nixosModules.hardware-x13s = { pkgs, config, lib, options, ... }: - let - # TODO: introduce options for these - kernelPdMapper = true; - cfg = config.hardware.thinkpad-x13s; - in - { - options.hardware.thinkpad-x13s = { - # TODO: respect this - enable = lib.mkEnableOption "x13s hardware support"; - - bluetoothMac = lib.mkOption { - type = lib.types.str; - description = "mac address to set on boot"; - }; - - bluetoothMacAddr = lib.mkOption { - default = "00:00:00:00:00"; - type = lib.types.str; - }; - - }; - config = - let - inherit (config.boot.loader) efi; - kp = [ - { - name = "x13s-cfg"; - patch = null; - extraStructuredConfig = with lib.kernel; { - EFI_ARMSTUB_DTB_LOADER = lib.mkForce yes; - OF_OVERLAY = lib.mkForce yes; - BTRFS_FS = lib.mkForce yes; - BTRFS_FS_POSIX_ACL = lib.mkForce yes; - MEDIA_CONTROLLER = lib.mkForce yes; - SND_USB_AUDIO_USE_MEDIA_CONTROLLER = lib.mkForce yes; - SND_USB = lib.mkForce yes; - SND_USB_AUDIO = lib.mkForce module; - USB_XHCI_PCI = lib.mkForce module; - NO_HZ_FULL = lib.mkForce yes; - HZ_100 = lib.mkForce yes; - HZ_250 = lib.mkForce no; - DRM_AMDGPU = lib.mkForce no; - DRM_NOUVEAU = lib.mkForce no; - QCOM_TSENS = lib.mkForce yes; - NVMEM_QCOM_QFPROM = lib.mkForce yes; - ARM_QCOM_CPUFREQ_NVMEM = lib.mkForce yes; - VIRTIO_PCI = lib.mkForce module; - # forthcoming kernel work: QCOM_PD_MAPPER = lib.mkForce module; - }; - } - ]; - - qrtr = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/qrtr.nix" { }; - pd-mapper = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/pd-mapper.nix" { - inherit qrtr; - }; - - - # We can't quite move to mainline linux - linux_x13s_pkg = { buildLinux, ... } @ args: - buildLinux (args // rec { - version = "6.7.0"; - modDirVersion = lib.versions.pad 3 version; - extraMeta.branch = lib.versions.majorMinor version; - - src = self.inputs.linux_x13s; - kernelPatches = (args.kernelPatches or [ ]) ++ kp; - } // (args.argsOverride or { })); - - # we add additional configuration on top of te normal configuration above - # using the extraStructuredConfig option on the kernel patch - linux_x13s = pkgs.callPackage linux_x13s_pkg { - defconfig = "johan_defconfig"; - }; - - linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s; - dtbName = "sc8280xp-lenovo-thinkpad-x13s.dtb"; - dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/${dtbName}"; - - x13s_alsa-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs (prev: { - src = self.inputs.alsa-ucm-conf; - }); - alsa-ucm-conf-env.ALSA_CONFIG_UCM2 = "${x13s_alsa-ucm-conf}/share/alsa/ucm2"; - - in - { - nixpkgs.overlays = [ - (final: prev: - { - x13s_extra-firmware = pkgs.callPackage - "${self.inputs.adamcstephens_stop-export}/hardware/x13s/extra-firmware.nix" - { }; - - inherit qrtr pd-mapper; - } - ) - ]; - - # ensure the x13s' dtb file is in the boot partition - # TODO:: is this needed for the VT display somehow? - system.activationScripts.x13s-dtb = '' - in_package="${dtb}" - esp_tool_folder="${efi.efiSysMountPoint}/" - in_esp="''${esp_tool_folder}${dtbName}" - >&2 echo "Ensuring $in_esp in EFI System Partition" - if ! ${pkgs.diffutils}/bin/cmp --silent "$in_package" "$in_esp"; then - >&2 echo "Copying $in_package -> $in_esp" - mkdir -p "$esp_tool_folder" - cp "$in_package" "$in_esp" - sync - fi - ''; - - boot = { - loader.systemd-boot.enable = true; - loader.systemd-boot.extraFiles = { - "${dtbName}" = dtb; - }; - loader.efi.canTouchEfiVariables = false; - loader.efi.efiSysMountPoint = "/boot"; - - blacklistedKernelModules = [ "wwan" ]; - - kernelPackages = linuxPackages_x13s; - - kernelParams = [ - "dtb=${dtbName}" - - "boot.shell_on_fail" - - # jhovold recommended - "efi=noruntime" - "clk_ignore_unused" - "pd_ignore_unused" - "arm64.nopauth" - - # blacklist graphics in initrd so the firmware can load from disk - "rd.driver.blacklist=msm" - ]; - - initrd = { - includeDefaultModules = false; - - # kernelModules = [ - # "nvme" - # "phy_qcom_qmp_pcie" - # "pcie_qcom" - - # "i2c_core" - # "i2c_hid" - # "i2c_hid_of" - # "i2c_qcom_geni" - - # "leds_qcom_lpg" - # "pwm_bl" - # "qrtr" - # "pmic_glink_altmode" - # "gpio_sbu_mux" - # "phy_qcom_qmp_combo" - # "gpucc_sc8280xp" - # "dispcc_sc8280xp" - # "phy_qcom_edp" - # "panel_edp" - # # "msm" - - # ]; - - availableKernelModules = [ - "i2c_hid" - "i2c_hid_of" - "i2c_qcom_geni" - "leds_qcom_lpg" - "pwm_bl" - "qrtr" - "pmic_glink_altmode" - "gpio_sbu_mux" - "phy_qcom_qmp_combo" - "panel_edp" - # "msm" - "phy_qcom_edp" - "i2c_core" - "i2c_hid" - "i2c_hid_of" - "i2c_qcom_geni" - "pcie_qcom" - "phy_qcom_qmp_combo" - "phy_qcom_qmp_pcie" - "phy_qcom_qmp_usb" - "phy_qcom_snps_femto_v2" - "phy_qcom_usb_hs" - "nvme" - - "usbcore" - "xhci_hcd" - "usbhid" - "usb_storage" - "uas" - ]; - }; - }; - - - # default is performance - powerManagement.cpuFreqGovernor = "ondemand"; - - hardware.enableAllFirmware = true; - hardware.firmware = [ - # pkgs.linux-firmware - - pkgs.x13s_extra-firmware - ]; - - systemd.services.pd-mapper = { - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - ExecStart = "${lib.getExe pd-mapper}"; - Restart = "always"; - }; - }; - - environment.sessionVariables = alsa-ucm-conf-env; - systemd.user.services.pipewire.environment = alsa-ucm-conf-env; - systemd.user.services.wireplumber.environment = alsa-ucm-conf-env; - - systemd.services.bluetooth = { - serviceConfig = { - # disabled because btmgmt call hangs - ExecStartPre = [ - "" - "${pkgs.util-linux}/bin/rfkill block bluetooth" - "${pkgs.bluez5-experimental}/bin/btmgmt public-addr ${cfg.bluetoothMac}" - "${pkgs.util-linux}/bin/rfkill unblock bluetooth" - ]; - RestartSec = 5; - Restart = "on-failure"; - }; - }; - }; - }; }; } diff --git a/nix/os/devices/steveej-x13s/.gitignore b/nix/os/devices/steveej-x13s/.gitignore new file mode 100644 index 0000000..b2be92b --- /dev/null +++ b/nix/os/devices/steveej-x13s/.gitignore @@ -0,0 +1 @@ +result diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix new file mode 100644 index 0000000..72edd99 --- /dev/null +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -0,0 +1,107 @@ +{ repoFlake +, nodeFlake +, pkgs +, lib +, config +, nodeName +, localDomainName +, system +, ... +}: + +{ + imports = [ + # repoFlake.inputs.sops-nix.nixosModules.sops + nodeFlake.inputs.disko.nixosModules.disko + ./disko.nix + + repoFlake.nixosModules.thinkpad-x13s + + ../../profiles/common/pkg.nix + + + { + # nixpkgs.config.allowUnsupportedSystem = true; + + # flake registry + nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs; + + nix.nixPath = [ + "nixpkgs=${pkgs.path}" + ]; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + + nix.settings.max-jobs = lib.mkDefault "auto"; + } + + # ../../profiles/common/user.nix + + { + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "yes"; + services.openssh.openFirewall = true; + + + # sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + # sops.defaultSopsFormat = "yaml"; + + # users.commonUsers = { + # enable = true; + # enableNonRoot = true; + # }; + + users.users.root.initialPassword = "install"; + } + + nodeFlake.inputs.home-manager.nixosModules.home-manager + + # ../../snippets/sway-desktop.nix + # ../../snippets/radicale.nix + ]; + + hardware.thinkpad-x13s = { + enable = true; + + # TODO: use hardware address + bluetoothMac = "65:9e:7a:8b:86:28"; + }; + + networking = { + hostName = nodeName; + + firewall.enable = true; + + # useNetworkd = true; + }; + + system.stateVersion = "23.11"; + + nixpkgs.config.allowUnfree = true; + + environment.systemPackages = [ + pkgs.sshfs + pkgs.util-linux + pkgs.coreutils + pkgs.vim + + pkgs.git + pkgs.git-crypt + ]; + + # home-manager.users.steveej = _: { + # home.stateVersion = "23.11"; + + # imports = [ + # ../../../home-manager/configuration/graphical-fullblown.nix + # ]; + + # home.sessionVariables = { }; + + # home.packages = with pkgs; [ + # ]; + # }; +} diff --git a/nix/os/devices/steveej-x13s/default.nix b/nix/os/devices/steveej-x13s/default.nix new file mode 100644 index 0000000..51d487b --- /dev/null +++ b/nix/os/devices/steveej-x13s/default.nix @@ -0,0 +1,40 @@ +{ system ? "aarch64-linux" +, nodeName +, repoFlake +, repoFlakeWithSystem +, nodeFlake +, localDomainName ? "internal" +, ... +}: { + meta.nodeSpecialArgs.${nodeName} = { + inherit repoFlake nodeName nodeFlake system; + packages' = repoFlake.packages.${system}; + nodePackages' = nodeFlake.packages.${system}; + repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs'); + + inherit localDomainName; + }; + + meta.nodeNixpkgs.${nodeName} = + import nodeFlake.inputs.nixpkgs.outPath + { + inherit system; + }; + + ${nodeName} = { + + deployment.targetHost = "${nodeName}.${localDomainName}"; + deployment.replaceUnknownProfiles = true; + deployment.allowLocalDeployment = true; + + # nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system}; + + imports = [ + (repoFlake + "/nix/os/devices/${nodeName}/configuration.nix") + + nodeFlake.inputs.home-manager.nixosModules.home-manager + ]; + + networking.hostName = nodeName; + }; +} diff --git a/nix/os/devices/steveej-x13s/disko.nix b/nix/os/devices/steveej-x13s/disko.nix new file mode 100644 index 0000000..5abf297 --- /dev/null +++ b/nix/os/devices/steveej-x13s/disko.nix @@ -0,0 +1,66 @@ +{ + disko.devices = { + disk = { + x13s-nvme = { + type = "disk"; + device = "/dev/disk/by-id/nvme-KBG5AZNT1T02_LA_KIOXIA_52QC84BEEJS6"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "defaults" + ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "x13s-usb-crypt"; + extraOpenArgs = [ ]; + # disable settings.keyFile if you want to use interactive password entry + #passwordFile = "/tmp/secret.key"; # Interactive + settings = { + # if you want to use the key for interactive login be sure there is no trailing newline + # for example use `echo -n "password" > /tmp/secret.key` + # keyFile = "/tmp/secret.key"; + allowDiscards = true; + }; + # additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/swap" = { + mountpoint = "/.swapvol"; + swap.swapfile.size = "32G"; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock new file mode 100644 index 0000000..f7008e1 --- /dev/null +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -0,0 +1,207 @@ +{ + "nodes": { + "adamcstephens_stop-export": { + "flake": false, + "locked": { + "lastModified": 1705876512, + "narHash": "sha256-nvBqLyi8dMQf3xnROwEcUv4iqV55Mr8S8OGYepu14i4=", + "ref": "refs/heads/main", + "rev": "388684db5b529bbd6f3e948cf175df089eb09766", + "revCount": 14, + "type": "git", + "url": "https://codeberg.org/adamcstephens/stop-export.git" + }, + "original": { + "type": "git", + "url": "https://codeberg.org/adamcstephens/stop-export.git" + } + }, + "alsa-ucm-conf": { + "flake": false, + "locked": { + "lastModified": 1705501566, + "narHash": "sha256-Nyr7tjH5VBjocvaKaHCiK+zsjThYBtcr936aRWCBBpM=", + "owner": "alsa-project", + "repo": "alsa-ucm-conf", + "rev": "e87dde51d68950537f92af955ad0633437cc419a", + "type": "github" + }, + "original": { + "owner": "alsa-project", + "ref": "master", + "repo": "alsa-ucm-conf", + "type": "github" + } + }, + "brainwart_x13s-nixos": { + "flake": false, + "locked": { + "lastModified": 1705565623, + "narHash": "sha256-sisr/dFIz8p3/Y7mz+arWxjeiBmUTQkMqkF9j3c2dWE=", + "owner": "BrainWart", + "repo": "x13s-nixos", + "rev": "29002122d86a1009ba70e7a4ca3063e5404c77a2", + "type": "github" + }, + "original": { + "owner": "BrainWart", + "ref": "flake", + "repo": "x13s-nixos", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1705890365, + "narHash": "sha256-MObB+fipA/2Ai3uMuNouxcwz0cqvELPpJ+hfnhSaUeA=", + "owner": "nix-community", + "repo": "disko", + "rev": "9fcdf3375e01e2938a49df103af9fd21bd0f89d9", + "type": "github" + }, + "original": { + "id": "disko", + "type": "indirect" + } + }, + "get-flake": { + "locked": { + "lastModified": 1694475786, + "narHash": "sha256-s5wDmPooMUNIAAsxxCMMh9g68AueGg63DYk2hVZJbc8=", + "owner": "ursi", + "repo": "get-flake", + "rev": "ac54750e3b95dab6ec0726d77f440efe6045bec1", + "type": "github" + }, + "original": { + "owner": "ursi", + "repo": "get-flake", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1705659542, + "narHash": "sha256-WA3xVfAk1AYmFdwghT7mt/erYpsU6JPu9mdTEP/e9HQ=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "10cd9c53115061aa6a0a90aad0b0dde6a999cdb9", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-23.11", + "repo": "home-manager", + "type": "github" + } + }, + "linux_x13s": { + "flake": false, + "locked": { + "lastModified": 1705680516, + "narHash": "sha256-NjCuPYjYHBJcoJR1ZaWQ9sRh0VpY2Y0hawkbUBRfCvk=", + "owner": "jhovold", + "repo": "linux", + "rev": "bac95eabe6577faa2773cbe7e91c34fd17ab79a0", + "type": "github" + }, + "original": { + "owner": "jhovold", + "ref": "wip/sc8280xp-v6.7", + "repo": "linux", + "type": "github" + } + }, + "mobile-nixos": { + "flake": false, + "locked": { + "lastModified": 1705008488, + "narHash": "sha256-Gj97fDFZaK6gLb3ayZgTTtD+MFE1YjoyYHWkB1TIAe0=", + "owner": "NixOS", + "repo": "mobile-nixos", + "rev": "56e55df7b07b5e5c6d050732d851cec62b41df95", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "mobile-nixos", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1705774713, + "narHash": "sha256-j6ADaDH9XiumUzkTPlFyCBcoWYhO83lfgiSqEJF2zcs=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "1b64fc1287991a9cce717a01c1973ef86cb1af0b", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-2211": { + "locked": { + "lastModified": 1688392541, + "narHash": "sha256-lHrKvEkCPTUO+7tPfjIcb7Trk6k31rz18vkyqmkeJfY=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "ea4c80b39be4c09702b0cb3b42eab59e2ba4f24b", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-22.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable-small": { + "locked": { + "lastModified": 1705891108, + "narHash": "sha256-PQ0Df5BzByg+0gPE1goa9WYVXSoEP6gtjblrbYC8WOI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "8cccce637e19577815de54c5ecc3132dff965aee", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "adamcstephens_stop-export": "adamcstephens_stop-export", + "alsa-ucm-conf": "alsa-ucm-conf", + "brainwart_x13s-nixos": "brainwart_x13s-nixos", + "disko": "disko", + "get-flake": "get-flake", + "home-manager": "home-manager", + "linux_x13s": "linux_x13s", + "mobile-nixos": "mobile-nixos", + "nixpkgs": "nixpkgs", + "nixpkgs-2211": "nixpkgs-2211", + "nixpkgs-unstable-small": "nixpkgs-unstable-small" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix new file mode 100644 index 0000000..8ee5695 --- /dev/null +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -0,0 +1,73 @@ +{ + inputs = + { + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + + # requires for home-manager modules + nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; + nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; + + get-flake.url = "github:ursi/get-flake"; + + disko.inputs.nixpkgs.follows = "nixpkgs"; + + mobile-nixos.url = "github:NixOS/mobile-nixos"; + mobile-nixos.flake = false; + + home-manager = { + url = "github:nix-community/home-manager/release-23.11"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = + { self + , get-flake + , nixpkgs + , ... + }: + let + targetPlatform = "aarch64-linux"; + buildPlatform = "x86_64-linux"; + nodeName = "steveej-x13s"; + + mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs: + nixpkgs.lib.nixosSystem ( + nixpkgs.lib.attrsets.recursiveUpdate + attrs + { + specialArgs = (import ./default.nix { + system = targetPlatform; + inherit nodeName; + + repoFlake = get-flake ../../../..; + nodeFlake = self; + }).meta.nodeSpecialArgs.${nodeName}; + + modules = + [ + ({ repoFlake, ... }: repoFlake.nixosModules.hardware-x13s) + + ./configuration.nix + ] + ++ extraModules; + } + ); + in + { + nixosConfigurations = { + native = mkNixosConfiguration { + system = targetPlatform; + }; + + cross = mkNixosConfiguration { + extraModules = [ + { + nixpkgs.buildPlatform.system = buildPlatform; + nixpkgs.hostPlatform.system = targetPlatform; + } + ]; + }; + }; + }; +} diff --git a/nix/os/modules/hardware.thinkpad-x13s.nix b/nix/os/modules/hardware.thinkpad-x13s.nix new file mode 100644 index 0000000..a1c6682 --- /dev/null +++ b/nix/os/modules/hardware.thinkpad-x13s.nix @@ -0,0 +1,242 @@ +{ self, pkgs, config, lib, options, ... }: +let + # TODO: introduce options for these + kernelPdMapper = true; + cfg = config.hardware.thinkpad-x13s; +in +{ + options.hardware.thinkpad-x13s = { + # TODO: respect this + enable = lib.mkEnableOption "x13s hardware support"; + + bluetoothMac = lib.mkOption { + type = lib.types.str; + description = "mac address to set on boot"; + }; + + bluetoothMacAddr = lib.mkOption { + default = "00:00:00:00:00"; + type = lib.types.str; + }; + + }; + config = + let + inherit (config.boot.loader) efi; + kp = [ + { + name = "x13s-cfg"; + patch = null; + extraStructuredConfig = with lib.kernel; { + EFI_ARMSTUB_DTB_LOADER = lib.mkForce yes; + OF_OVERLAY = lib.mkForce yes; + BTRFS_FS = lib.mkForce yes; + BTRFS_FS_POSIX_ACL = lib.mkForce yes; + MEDIA_CONTROLLER = lib.mkForce yes; + SND_USB_AUDIO_USE_MEDIA_CONTROLLER = lib.mkForce yes; + SND_USB = lib.mkForce yes; + SND_USB_AUDIO = lib.mkForce module; + USB_XHCI_PCI = lib.mkForce module; + NO_HZ_FULL = lib.mkForce yes; + HZ_100 = lib.mkForce yes; + HZ_250 = lib.mkForce no; + DRM_AMDGPU = lib.mkForce no; + DRM_NOUVEAU = lib.mkForce no; + QCOM_TSENS = lib.mkForce yes; + NVMEM_QCOM_QFPROM = lib.mkForce yes; + ARM_QCOM_CPUFREQ_NVMEM = lib.mkForce yes; + VIRTIO_PCI = lib.mkForce module; + # forthcoming kernel work: QCOM_PD_MAPPER = lib.mkForce module; + }; + } + ]; + + qrtr = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/qrtr.nix" { }; + pd-mapper = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/pd-mapper.nix" { + inherit qrtr; + }; + + + # We can't quite move to mainline linux + linux_x13s_pkg = { buildLinux, ... } @ args: + buildLinux (args // rec { + version = "6.7.0"; + modDirVersion = lib.versions.pad 3 version; + extraMeta.branch = lib.versions.majorMinor version; + + src = self.inputs.linux_x13s; + kernelPatches = (args.kernelPatches or [ ]) ++ kp; + } // (args.argsOverride or { })); + + # we add additional configuration on top of te normal configuration above + # using the extraStructuredConfig option on the kernel patch + linux_x13s = pkgs.callPackage linux_x13s_pkg { + defconfig = "johan_defconfig"; + }; + + linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s; + dtbName = "sc8280xp-lenovo-thinkpad-x13s.dtb"; + dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/${dtbName}"; + + x13s_alsa-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs (prev: { + src = self.inputs.alsa-ucm-conf; + }); + alsa-ucm-conf-env.ALSA_CONFIG_UCM2 = "${x13s_alsa-ucm-conf}/share/alsa/ucm2"; + + in + lib.mkIf cfg.enable + { + nixpkgs.overlays = [ + (final: prev: + { + x13s_extra-firmware = pkgs.callPackage + "${self.inputs.adamcstephens_stop-export}/hardware/x13s/extra-firmware.nix" + { }; + + inherit qrtr pd-mapper; + } + ) + ]; + + # ensure the x13s' dtb file is in the boot partition + # TODO:: is this needed for the VT display somehow? + system.activationScripts.x13s-dtb = '' + in_package="${dtb}" + esp_tool_folder="${efi.efiSysMountPoint}/" + in_esp="''${esp_tool_folder}${dtbName}" + >&2 echo "Ensuring $in_esp in EFI System Partition" + if ! ${pkgs.diffutils}/bin/cmp --silent "$in_package" "$in_esp"; then + >&2 echo "Copying $in_package -> $in_esp" + mkdir -p "$esp_tool_folder" + cp "$in_package" "$in_esp" + sync + fi + ''; + + boot = { + loader.systemd-boot.enable = true; + loader.systemd-boot.extraFiles = { + "${dtbName}" = dtb; + }; + loader.efi.canTouchEfiVariables = false; + loader.efi.efiSysMountPoint = "/boot"; + + blacklistedKernelModules = [ "wwan" ]; + + kernelPackages = linuxPackages_x13s; + + kernelParams = [ + "dtb=${dtbName}" + + "boot.shell_on_fail" + + # jhovold recommended + "efi=noruntime" + "clk_ignore_unused" + "pd_ignore_unused" + "arm64.nopauth" + + # blacklist graphics in initrd so the firmware can load from disk + "rd.driver.blacklist=msm" + ]; + + initrd = { + includeDefaultModules = false; + + # kernelModules = [ + # "nvme" + # "phy_qcom_qmp_pcie" + # "pcie_qcom" + + # "i2c_core" + # "i2c_hid" + # "i2c_hid_of" + # "i2c_qcom_geni" + + # "leds_qcom_lpg" + # "pwm_bl" + # "qrtr" + # "pmic_glink_altmode" + # "gpio_sbu_mux" + # "phy_qcom_qmp_combo" + # "gpucc_sc8280xp" + # "dispcc_sc8280xp" + # "phy_qcom_edp" + # "panel_edp" + # # "msm" + + # ]; + + availableKernelModules = [ + "i2c_hid" + "i2c_hid_of" + "i2c_qcom_geni" + "leds_qcom_lpg" + "pwm_bl" + "qrtr" + "pmic_glink_altmode" + "gpio_sbu_mux" + "phy_qcom_qmp_combo" + "panel_edp" + # "msm" + "phy_qcom_edp" + "i2c_core" + "i2c_hid" + "i2c_hid_of" + "i2c_qcom_geni" + "pcie_qcom" + "phy_qcom_qmp_combo" + "phy_qcom_qmp_pcie" + "phy_qcom_qmp_usb" + "phy_qcom_snps_femto_v2" + "phy_qcom_usb_hs" + "nvme" + + "usbcore" + "xhci_hcd" + "usbhid" + "usb_storage" + "uas" + ]; + }; + }; + + + # default is performance + powerManagement.cpuFreqGovernor = "ondemand"; + + hardware.enableAllFirmware = true; + hardware.firmware = [ + # pkgs.linux-firmware + + pkgs.x13s_extra-firmware + ]; + + systemd.services.pd-mapper = { + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + ExecStart = "${lib.getExe pd-mapper}"; + Restart = "always"; + }; + }; + + environment.sessionVariables = alsa-ucm-conf-env; + systemd.user.services.pipewire.environment = alsa-ucm-conf-env; + systemd.user.services.wireplumber.environment = alsa-ucm-conf-env; + + systemd.services.bluetooth = { + serviceConfig = { + # disabled because btmgmt call hangs + ExecStartPre = [ + "" + "${pkgs.util-linux}/bin/rfkill block bluetooth" + "${pkgs.bluez5-experimental}/bin/btmgmt public-addr ${cfg.bluetoothMac}" + "${pkgs.util-linux}/bin/rfkill unblock bluetooth" + ]; + RestartSec = 5; + Restart = "on-failure"; + }; + }; + }; +} diff --git a/nix/os/modules/opinionatedDisk.nix b/nix/os/modules/opinionatedDisk.nix index 399eb43..5dea719 100644 --- a/nix/os/modules/opinionatedDisk.nix +++ b/nix/os/modules/opinionatedDisk.nix @@ -24,7 +24,7 @@ in { earlyDiskIdOverride = mkOption { default = ""; - type = types.string; + type = types.str; }; }; diff --git a/nix/os/profiles/common/pkg.nix b/nix/os/profiles/common/pkg.nix index 7cd1dfb..74e987b 100644 --- a/nix/os/profiles/common/pkg.nix +++ b/nix/os/profiles/common/pkg.nix @@ -1,12 +1,11 @@ -{ - config, - pkgs, - # these come in via nodeSpecialArgs and are expected to be defined for every node - repoFlake, - repoFlakeInputs', - nodeFlake, - packages', - ... +{ config +, pkgs +, # these come in via nodeSpecialArgs and are expected to be defined for every node + repoFlake +, repoFlakeInputs' +, nodeFlake +, packages' +, ... }: { imports = [ ]; @@ -26,8 +25,6 @@ packages' nodeFlake ; - - osConfig = config; }; nixpkgs.config = { diff --git a/nix/os/snippets/radicale.nix b/nix/os/snippets/radicale.nix index 97f4fdc..74edd68 100644 --- a/nix/os/snippets/radicale.nix +++ b/nix/os/snippets/radicale.nix @@ -1,101 +1,30 @@ { config , lib , pkgs -, repoFlake - # TODO: make configurable -, homeUser ? "steveej" +, repoFlakeInputs' , ... }: let - radicalePkgs = repoFlake.inputs.radicale-nixpkgs.legacyPackages.${pkgs.system}; - - libdecsync = pkgs.python3Packages.buildPythonPackage rec { - pname = "libdecsync"; - version = "2.2.1"; - - src = pkgs.python3Packages.fetchPypi { - inherit pname version; - hash = "sha256-Mukjzjumv9VL+A0maU0K/SliWrgeRjAeiEdN5a83G0I="; - }; - - propagatedBuildInputs = [ - # pkgs.libxcrypt-legacy - ]; - }; - radicale-storage-decsync = pkgs.python3Packages.buildPythonPackage rec { - pname = "radicale_storage_decsync"; - version = "2.1.0"; - - src = pkgs.python3Packages.fetchPypi { - inherit pname version; - hash = "sha256-X+0MT5o2PjsKxca5EDI+rYyQDmUtbRoELDr6e4YXKCg="; - }; - - buildInputs = [ - pkgs.radicale - # pkgs.libxcrypt-legacy - # pkgs.libxcrypt - ]; - - nativeCheckInputs = [ - # pkgs.libxcrypt-legacy - # pkgs.libxcrypt - ]; - - propagatedBuildInputs = [ libdecsync pkgs.python3Packages.setuptools ]; - }; - radicale-decsync = pkgs.radicale.overrideAttrs (old: { - propagatedBuildInputs = - old.propagatedBuildInputs - ++ [ radicale-storage-decsync ]; - }); - - mkRadicaleService = - { suffix - , port - , - }: - let - radicale-config = pkgs.writeText "radicale-config-${suffix}" '' - [server] - hosts = localhost:${builtins.toString port} - - [auth] - type = htpasswd - htpasswd_filename = ${config.sops.secrets.radicale_htpasswd.path} - htpasswd_encryption = bcrypt - - [storage] - type = radicale_storage_decsync - filesystem_folder = ${config.xdg.dataHome}/radicale-${suffix} - decsync_dir = ${config.xdg.dataHome}/decsync-${suffix} - ''; - in - { - home-manager.users.${homeUser}.systemd.user.services."radicale-${suffix}" = { - Unit.Description = "Radicale with DecSync (${suffix})"; - Service = { - ExecStart = "${radicale-decsync}/bin/radicale -C ${radicale-config}"; - Restart = "on-failure"; - }; - Install.WantedBy = [ "default.target" ]; - }; - }; + # TODO: make configurable + homeUser = "steveej"; in { sops.secrets.radicale_htpasswd = { - sopsFile = ../../../../secrets/desktop/radicale_htpasswd; + sopsFile = ../../../secrets/desktop/radicale_htpasswd; format = "binary"; - owner = config.users.users.${homeUser}.name; + owner = config.users.users."${homeUser}".name; }; -} // (builtins.foldl' (sum: cur: lib.recursiveUpdate sum (mkRadicaleService cur)) { } [ - { - suffix = "personal"; - port = 5232; - } - { - suffix = "family"; - port = 5233; - } -]) + + home-manager.users.${homeUser} = _: { + imports = [ + # TODO: bump these to latest and make it work + (args: + import ../../home-manager/programs/radicale.nix (args // { + osConfig = config; + pkgs = repoFlakeInputs'.radicalePkgs.legacyPackages; + }) + ) + ]; + }; +} diff --git a/nix/os/snippets/sway-desktop.nix b/nix/os/snippets/sway-desktop.nix new file mode 100644 index 0000000..8f8bf23 --- /dev/null +++ b/nix/os/snippets/sway-desktop.nix @@ -0,0 +1,90 @@ +{ pkgs, lib, ... }: + +let + # TODO: make this configurable + homeUser = "steveej"; +in +{ + services.xserver.serverFlagsSection = '' + Option "BlankTime" "0" + Option "StandbyTime" "0" + Option "SuspendTime" "0" + Option "OffTime" "0" + ''; + + hardware.opengl.enable = true; + + services.gvfs = { + enable = true; + package = lib.mkForce pkgs.gnome3.gvfs; + }; + + environment.systemPackages = with pkgs; [ + # provides a default authentification client for policykit + lxqt.lxqt-policykit + ]; + + # required by swaywm + security.polkit.enable = true; + security.pam.services.swaylock = { }; + + # test these on https://mozilla.github.io/webrtc-landing/gum_test.html + xdg.portal = { + enable = true; + # FIXME: `true` breaks xdg-open from alacritty: + # $ xdg-open "https://github.com/" + # Error: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: No such interface “org.freedesktop.portal.OpenURI” on object at path /org/freedesktop/portal/desktop + xdgOpenUsePortal = false; + extraPortals = [ + pkgs.xdg-desktop-portal-wlr + pkgs.xdg-desktop-portal-gtk + + # repoFlake.inputs.nixpkgs-wayland.packages.${pkgs.system}.xdg-desktop-portal-wlr + # (pkgs.xdg-desktop-portal-gtk.override (_: { + # buildPortalsInGnome = false; + # })) + ]; + }; + + + # rtkit is optional but recommended + security.rtkit.enable = true; + services.pipewire = { + audio.enable = true; + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + }; + + networkmanager.enable = false; + + security.pam.services.getty.enableGnomeKeyring = true; + services.gnome.gnome-keyring.enable = true; + # autologin steveej on tty1 + systemd.services."autovt@tty1".description = "Autologin at the TTY1"; + systemd.services."autovt@tty1".after = [ "systemd-logind.service" ]; # without it user session not started and xorg can't be run from this tty + systemd.services."autovt@tty1".wantedBy = [ "multi-user.target" ]; + systemd.services."autovt@tty1".serviceConfig = + { + ExecStart = [ + "" # override upstream default with an empty ExecStart + "@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login --autologin steveej --noclear %I $TERM" + ]; + Restart = "always"; + Type = "idle"; + }; + programs.zsh.loginShellInit = '' + if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then + exec sway + fi + ''; + + home-manager.users.${homeUser} = _: { + imports = [ + ../../home-manager/profiles/sway-desktop.nix + ]; + }; +} diff --git a/secrets/desktop/radicale_htpasswd b/secrets/desktop/radicale_htpasswd index 0ab6e33..10cda96 100644 --- a/secrets/desktop/radicale_htpasswd +++ b/secrets/desktop/radicale_htpasswd @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:4Oo7a4iL9ry9qFnzd/uwllP8UZ1re+RglnvkEO11XvSqqGhGOCUX0k0kOVD/CYbdLNq7jqVI8h5Fw5grSb6SCDzlknV0bJ70mmBQ9wEhRA82P1M/T50KH6V6XIVR7IlVhjMKkdW6YH0XAyrqaVh3fJUbOk9hJVvrylLvPF4vpc9+aYdzUCvn5jbecpywYY7NRKLI7H7xUmnW,iv:vvyS08x5yXTmlZo1A+Z2zsW9Mj6JrIkNt+CvB7VZJ38=,tag:MrjYVpS+SyYLUAbin85fkw==,type:str]", + "data": "ENC[AES256_GCM,data:4Sfp4HqBQ/gsdK1iIwVisHxXHB9ryuTcsxqa4pJMYPBkn0C/Z43TuvZnUpZyACAIL00h7sPMEqQbdvmiHoo2CVizl5hB0wT6QdBwjuSjjuNDwqqJTvistCNBGsTQrb8fdsmTMGEyQmC0yQ6eF3STIT2PP/M1NPZ30zqxQInscv0Mem3n1yT0S3xamwvXkJq+WQvEhJpggsp8,iv:B+KVrsWRHYhvNCkwWhHOF6CFTpF4/tI5wOD05aMf2JI=,tag:srnaV+etedgReXLZ9QBPCw==,type:str]", "sops": { "kms": null, "gcp_kms": null, @@ -11,8 +11,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmTVMxdkpjQllIZlRpQjEr\nc0RqNzNnOGplcDR6by9aL0JQY0ZmZjV3OUhrCm1sbHEvQ3hFZVg1YU5wOU5kaGpI\nK25zckJNaXhWd21kUHIyTm8yVW0reWsKLS0tIHVvbDhYZjRSbVRjOWZNaWkwcm1z\neVJyTTRNNTJBeVYxdDFCL1ozQjhQUkUK09k0LVNUugbxtZJB1JEXWmB2Q35mK1MW\nY12rpx4QwFUf1uhZDGmHMU0mrmaZRhkiTXTW+MtbHHtiGCxI8JrgLQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2023-07-01T17:49:07Z", - "mac": "ENC[AES256_GCM,data:DLKp0oBRgqoC1vm7Gt8IgTXQZBVhFMzRlP2CeWUHCi0PhOFFDCQCbJMJ4GnLeVAMgn1PTQXxDBJsqx1dd99oR3xXOqV6s9RUrg7BNql6G1PRnROnvGavVq+K8Oqyc6K3RDMK95Fwd20Svvyplc7fvvJVYA7XE8oVyPCj7adgIzA=,iv:0T60zdgBXTNEUyzWNH2gRJsH7D/mofiBQKD4XpaTdf4=,tag:9s0g5W0fu7PrKybYNQMfxA==,type:str]", + "lastmodified": "2024-01-22T17:03:08Z", + "mac": "ENC[AES256_GCM,data:BS4BPjzA663knjD53QWjjDKmYmT6GcOVJru0XBWDQakVvgZwrPnRSZWSuC+ubtTBiG+EMK8Zx7nY3i8S/T0AkO9FmxBR476m8oopkNvCQIIEOkOK0F5I2gd6W/SDqKBC8Wzb6qWxGYDeZBmnvjpapcyW+VvJvaXhjSJpOgff+LQ=,iv:mwa9p6YJPLDWUcPxgGErZUSd5afCdg3YmY3fL1/f6do=,tag:MQN6KPB0NwVakSps9/sLzw==,type:str]", "pgp": [ { "created_at": "2023-07-01T17:45:58Z", From a1f42a13a12fc830e6a939a86dc149058a97e122 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 22 Jan 2024 23:05:23 +0100 Subject: [PATCH 011/305] fixup! WIP: x13s: install to nvme, refactor into module --- nix/os/devices/steveej-x13s/configuration.nix | 30 ++++++++----------- 1 file changed, 13 insertions(+), 17 deletions(-) diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 72edd99..9a082d1 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -11,7 +11,7 @@ { imports = [ - # repoFlake.inputs.sops-nix.nixosModules.sops + repoFlake.inputs.sops-nix.nixosModules.sops nodeFlake.inputs.disko.nixosModules.disko ./disko.nix @@ -19,10 +19,7 @@ ../../profiles/common/pkg.nix - { - # nixpkgs.config.allowUnsupportedSystem = true; - # flake registry nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs; @@ -38,14 +35,13 @@ nix.settings.max-jobs = lib.mkDefault "auto"; } - # ../../profiles/common/user.nix + ../../profiles/common/user.nix { services.openssh.enable = true; services.openssh.settings.PermitRootLogin = "yes"; services.openssh.openFirewall = true; - # sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; # sops.defaultSopsFormat = "yaml"; @@ -59,7 +55,7 @@ nodeFlake.inputs.home-manager.nixosModules.home-manager - # ../../snippets/sway-desktop.nix + ../../snippets/sway-desktop.nix # ../../snippets/radicale.nix ]; @@ -78,7 +74,6 @@ # useNetworkd = true; }; - system.stateVersion = "23.11"; nixpkgs.config.allowUnfree = true; @@ -92,16 +87,17 @@ pkgs.git-crypt ]; - # home-manager.users.steveej = _: { - # home.stateVersion = "23.11"; + system.stateVersion = "23.11"; + home-manager.users.steveej = _: { + home.stateVersion = "23.11"; - # imports = [ - # ../../../home-manager/configuration/graphical-fullblown.nix - # ]; + imports = [ + ../../../home-manager/configuration/graphical-fullblown.nix + ]; - # home.sessionVariables = { }; + home.sessionVariables = { }; - # home.packages = with pkgs; [ - # ]; - # }; + home.packages = with pkgs; [ + ]; + }; } From 3b7a80ef03e6b2308a1bd5e22431d47b6a924f57 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 22 Jan 2024 22:45:42 +0000 Subject: [PATCH 012/305] update commonUsers and refactor system config --- nix/os/devices/steveej-t14/system.nix | 7 +- nix/os/devices/steveej-t14/user.nix | 21 ++-- nix/os/devices/steveej-x13s/configuration.nix | 22 ++--- nix/os/lib/default.nix | 55 +++++------ nix/os/profiles/common/system.nix | 17 ++-- nix/os/profiles/common/user.nix | 98 ++++++++++++------- nix/os/snippets/sway-desktop.nix | 6 +- nix/os/snippets/timezone.nix | 9 ++ 8 files changed, 131 insertions(+), 104 deletions(-) create mode 100644 nix/os/snippets/timezone.nix diff --git a/nix/os/devices/steveej-t14/system.nix b/nix/os/devices/steveej-t14/system.nix index c5604f8..a0d5395 100644 --- a/nix/os/devices/steveej-t14/system.nix +++ b/nix/os/devices/steveej-t14/system.nix @@ -6,8 +6,6 @@ , ... }: let - passwords = import ../../../variables/passwords.crypt.nix; - localTcpPorts = [ 22 @@ -30,6 +28,7 @@ in ../../snippets/nix-settings-holo-chain.nix ../../snippets/radicale.nix ../../snippets/sway-desktop.nix + ../../snippets/timezone.nix ]; nix.settings = { @@ -64,6 +63,8 @@ in } ]; + networking.networkmanager.enable = true; + networking.extraHosts = '' ''; @@ -122,8 +123,6 @@ in services.xserver.videoDrivers = lib.mkForce [ "amdgpu" ]; - time.timeZone = lib.mkForce passwords.timeZone.stefan; - hardware.ledger.enable = true; # services.zerotierone = { diff --git a/nix/os/devices/steveej-t14/user.nix b/nix/os/devices/steveej-t14/user.nix index ece9cec..f9201cd 100644 --- a/nix/os/devices/steveej-t14/user.nix +++ b/nix/os/devices/steveej-t14/user.nix @@ -1,19 +1,20 @@ -{ - config, - pkgs, - lib, - ... -}: let +{ config +, pkgs +, lib +, ... +}: +let keys = import ../../../variables/keys.nix; - inherit (pkgs.callPackage ../../lib/default.nix {}) mkUser; -in { + inherit (pkgs.callPackage ../../lib/default.nix { }) mkUser; +in +{ users.extraUsers.steveej2 = mkUser { uid = 1001; openssh.authorizedKeys.keys = keys.users.steveej.openssh; - passwordFile = config.sops.secrets.sharedUsers-steveej.path; + hashedPasswordFile = config.sops.secrets.sharedUsers-steveej.path; }; - nix.settings.trusted-users = ["steveej"]; + nix.settings.trusted-users = [ "steveej" ]; security.pam.u2f.enable = true; security.pam.services.steveej.u2fAuth = true; diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 9a082d1..cd2f9f2 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -45,12 +45,11 @@ # sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; # sops.defaultSopsFormat = "yaml"; - # users.commonUsers = { - # enable = true; - # enableNonRoot = true; - # }; - - users.users.root.initialPassword = "install"; + users.commonUsers = { + enable = true; + enableNonRoot = true; + installPassword = "install"; + }; } nodeFlake.inputs.home-manager.nixosModules.home-manager @@ -66,14 +65,9 @@ bluetoothMac = "65:9e:7a:8b:86:28"; }; - networking = { - hostName = nodeName; - - firewall.enable = true; - - # useNetworkd = true; - }; - + networking.hostName = nodeName; + networking.firewall.enable = true; + networking.networkmanager.enable = true; nixpkgs.config.allowUnfree = true; diff --git a/nix/os/lib/default.nix b/nix/os/lib/default.nix index 252989e..38930fe 100644 --- a/nix/os/lib/default.nix +++ b/nix/os/lib/default.nix @@ -6,35 +6,34 @@ let keys = import ../../variables/keys.nix; in { - mkUser = args: ( - lib.attrsets.recursiveUpdate - { - isNormalUser = true; - extraGroups = [ - "docker" - "wheel" - "libvirtd" - "networkmanager" - "vboxusers" - "users" - "input" - "audio" - "video" - "cdrom" - "adbusers" - "dialout" - "cdrom" - "fuse" - ]; - openssh.authorizedKeys.keys = keys.users.steveej.openssh; + mkUser = args: lib.mkMerge [ + { + isNormalUser = true; + extraGroups = [ + "docker" + "wheel" + "libvirtd" + "networkmanager" + "vboxusers" + "users" + "input" + "audio" + "video" + "cdrom" + "adbusers" + "dialout" + "cdrom" + "fuse" + ]; + openssh.authorizedKeys.keys = keys.users.steveej.openssh; - # TODO: investigate why this secret cannot be found - # openssh.authorizedKeys.keyFiles = [ - # config.sops.secrets.sharedSshKeys-steveej.path - # ]; - } - args - ); + # TODO: investigate why this secret cannot be found + # openssh.authorizedKeys.keyFiles = [ + # config.sops.secrets.sharedSshKeys-steveej.path + # ]; + } + args + ]; disk = rec { # TODO: verify the GPT PARTLABEL cap at 36 chars diff --git a/nix/os/profiles/common/system.nix b/nix/os/profiles/common/system.nix index 4039a9e..7fa2c2d 100644 --- a/nix/os/profiles/common/system.nix +++ b/nix/os/profiles/common/system.nix @@ -1,9 +1,8 @@ -{ - config, - pkgs, - lib, - nodeName, - ... +{ config +, pkgs +, lib +, nodeName +, ... }: { networking.hostName = builtins.elemAt (builtins.split "\\." nodeName) 0; # Define your hostname. networking.domain = builtins.elemAt (builtins.split "(^[^\\.]+\.)" nodeName) 2; @@ -15,11 +14,11 @@ ''; # Fonts, I18N, Date ... - fonts.fonts = [pkgs.corefonts]; + fonts.packages = [ pkgs.corefonts ]; console.font = "lat9w-16"; - i18n = {defaultLocale = "en_US.UTF-8";}; + i18n = { defaultLocale = "en_US.UTF-8"; }; time.timeZone = "Etc/UTC"; services.gpm.enable = true; @@ -52,6 +51,6 @@ programs.zsh.enable = true; users.defaultUserShell = pkgs.zsh; - environment.pathsToLink = ["/share/zsh"]; + environment.pathsToLink = [ "/share/zsh" ]; programs.fuse.userAllowOther = true; } diff --git a/nix/os/profiles/common/user.nix b/nix/os/profiles/common/user.nix index b21cd4e..0df5e5f 100644 --- a/nix/os/profiles/common/user.nix +++ b/nix/os/profiles/common/user.nix @@ -1,9 +1,9 @@ -{ - config, - pkgs, - lib, - ... -}: let +{ config +, pkgs +, lib +, ... +}: +let keys = import ../../../variables/keys.nix; inherit (import ../../lib/default.nix { @@ -16,7 +16,8 @@ inherit (lib) types; cfg = config.users.commonUsers; -in { +in +{ options.users.commonUsers = { enable = lib.mkOption { default = true; @@ -32,41 +33,64 @@ in { default = config.sops.secrets.sharedUsers-root.path; type = types.path; }; + + installPassword = lib.mkOption { + default = ""; + type = types.str; + }; }; - config = lib.mkIf cfg.enable { - sops.secrets.sharedUsers-root = { - sopsFile = ../../../../secrets/shared-users.yaml; - neededForUsers = true; - format = "yaml"; - }; + config = lib.mkIf cfg.enable (lib.mkMerge [ + (lib.mkIf (cfg.installPassword == "") { + sops.secrets.sharedUsers-root = { + sopsFile = ../../../../secrets/shared-users.yaml; + neededForUsers = true; + format = "yaml"; + }; - sops.secrets.sharedUsers-steveej = lib.mkIf cfg.enableNonRoot { - sopsFile = ../../../../secrets/shared-users.yaml; - neededForUsers = true; - format = "yaml"; - }; + sops.secrets.sharedUsers-steveej = lib.mkIf cfg.enableNonRoot { + sopsFile = ../../../../secrets/shared-users.yaml; + neededForUsers = true; + format = "yaml"; + }; - sops.secrets.sharedSshKeys-steveej = lib.mkIf cfg.enableNonRoot { - sopsFile = ../../../../secrets/shared-users.yaml; - # neededForUsers = true; - format = "yaml"; - }; + sops.secrets.sharedSshKeys-steveej = lib.mkIf cfg.enableNonRoot { + sopsFile = ../../../../secrets/shared-users.yaml; + # neededForUsers = true; + format = "yaml"; + }; + }) - users.mutableUsers = lib.mkForce false; + { + users.mutableUsers = lib.mkForce false; - users.extraUsers.root = { - passwordFile = cfg.rootPasswordFile; - openssh.authorizedKeys.keys = keys.users.steveej.openssh; + users.users.root = lib.mkMerge [ + { + openssh.authorizedKeys.keys = keys.users.steveej.openssh; + } - # TODO: investigate why this secret cannot be found - # openssh.authorizedKeys.keyFiles = [ - # config.sops.secrets.sharedSshKeys-steveej.path - # ]; - }; + (lib.mkIf (cfg.installPassword != "") { + password = cfg.installPassword; + }) - users.extraUsers.steveej = lib.mkIf cfg.enableNonRoot (mkUser { - uid = 1000; - passwordFile = config.sops.secrets.sharedUsers-steveej.path; - }); - }; + (lib.mkIf (cfg.installPassword == "") { + hashedPasswordFile = cfg.rootPasswordFile; + }) + ]; + + + users.users.steveej = lib.mkIf cfg.enableNonRoot (mkUser (lib.mkMerge [ + { + uid = 1000; + } + + (lib.mkIf (cfg.installPassword != "") { + password = cfg.installPassword; + }) + + (lib.mkIf (cfg.installPassword == "") { + hashedPasswordFile = config.sops.secrets.sharedUsers-steveej.path; + }) + ])); + } + ]); } diff --git a/nix/os/snippets/sway-desktop.nix b/nix/os/snippets/sway-desktop.nix index 8f8bf23..e032d26 100644 --- a/nix/os/snippets/sway-desktop.nix +++ b/nix/os/snippets/sway-desktop.nix @@ -35,6 +35,10 @@ in # $ xdg-open "https://github.com/" # Error: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: No such interface “org.freedesktop.portal.OpenURI” on object at path /org/freedesktop/portal/desktop xdgOpenUsePortal = false; + + # keep the behaviour in < 1.17, which uses the first portal implementation found in lexicographical order, use the following: + config.common.default = "*"; + extraPortals = [ pkgs.xdg-desktop-portal-wlr pkgs.xdg-desktop-portal-gtk @@ -59,8 +63,6 @@ in #jack.enable = true; }; - networkmanager.enable = false; - security.pam.services.getty.enableGnomeKeyring = true; services.gnome.gnome-keyring.enable = true; # autologin steveej on tty1 diff --git a/nix/os/snippets/timezone.nix b/nix/os/snippets/timezone.nix new file mode 100644 index 0000000..9ed1dea --- /dev/null +++ b/nix/os/snippets/timezone.nix @@ -0,0 +1,9 @@ +{ lib, ... }: + +let + passwords = import ../../../variables/passwords.crypt.nix; + +in +{ + time.timeZone = lib.mkDefault passwords.timeZone.stefan; +} From c95e82b19a7c6dae9cba4d01a08f3ae2842f41f9 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 22 Jan 2024 23:47:36 +0000 Subject: [PATCH 013/305] refactor flaken.nix hive handling --- flake.nix | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/flake.nix b/flake.nix index 3191f4c..c6bbc6b 100644 --- a/flake.nix +++ b/flake.nix @@ -145,13 +145,14 @@ # this makes nixos-anywhere work flake.nixosConfigurations = - (inputs.colmena.lib.makeHive self.outputs.colmena).nodes - // ( - let - router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations; - steveej-x13s = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations; - retro = (inputs.get-flake ./nix/os/devices/retro).nixosConfigurations; - in + let + colmenaHive = (inputs.colmena.lib.makeHive self.outputs.colmena).nodes; + router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations; + retro = (inputs.get-flake ./nix/os/devices/retro).nixosConfigurations; + in + ( + colmenaHive // + { router0-dmz0 = router0-dmz0.native; @@ -162,7 +163,7 @@ # nixos-install --flake .\#retro_cross retro_cross = retro.cross; - steveej-x13s_cross = steveej-x13s.cross; + steveej-x13s_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations.cross; } ); From e1749d3ae7ca0bdf88f30c703d72f30552fb3bd5 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 22 Jan 2024 23:47:48 +0000 Subject: [PATCH 014/305] mostly fix up stateVersions --- nix/home-manager/profiles/common.nix | 4 +- nix/home-manager/profiles/sway-desktop.nix | 210 +++++++++--------- nix/os/devices/steveej-t14/pkg.nix | 6 +- nix/os/devices/steveej-t14/user.nix | 2 +- nix/os/devices/steveej-x13s/configuration.nix | 7 + nix/os/devices/steveej-x13s/flake.nix | 6 +- nix/os/snippets/sway-desktop.nix | 21 +- nix/os/snippets/timezone.nix | 2 +- 8 files changed, 136 insertions(+), 122 deletions(-) diff --git a/nix/home-manager/profiles/common.nix b/nix/home-manager/profiles/common.nix index 9c76c30..4356534 100644 --- a/nix/home-manager/profiles/common.nix +++ b/nix/home-manager/profiles/common.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: { +{ pkgs, lib, ... }: { # TODO: re-enable this with the appropriate version? # programs.home-manager.enable = true; # programs.home-manager.path = https://github.com/rycee/home-manager/archive/445c0b1482c38172a9f8294ee16a7ca7462388e5.tar.gz; @@ -83,6 +83,4 @@ usbutils pciutils ]); - - home.stateVersion = "22.05"; } diff --git a/nix/home-manager/profiles/sway-desktop.nix b/nix/home-manager/profiles/sway-desktop.nix index b11550a..f2bde47 100644 --- a/nix/home-manager/profiles/sway-desktop.nix +++ b/nix/home-manager/profiles/sway-desktop.nix @@ -1,18 +1,19 @@ -{ - pkgs, - config, - lib, - # packages', - repoFlakeInputs', - ... -}: let - inherit (import ../lib.nix {}) mkSimpleTrayService; +{ pkgs +, config +, lib +, # packages', + repoFlakeInputs' +, ... +}: +let + inherit (import ../lib.nix { }) mkSimpleTrayService; lockCmd = "${pkgs.swaylock}/bin/swaylock -efF --color '#000000'"; displayOffCmd = "${pkgs.sway}/bin/swaymsg 'output * power off'"; displayOnCmd = "${pkgs.sway}/bin/swaymsg 'output * power on'"; swapOutputWorkspaces = ../../../scripts/sway-swapoutputworkspaces.sh; -in { +in +{ imports = [ ../profiles/wayland-desktop.nix ../programs/waybar.nix @@ -103,103 +104,106 @@ in { systemd.enable = true; xwayland = true; - config = let - modifier = "Mod4"; - inherit (config.wayland.windowManager.sway.config) left right up down; - in { - inherit modifier; - bars = []; + config = + let + modifier = "Mod4"; + inherit (config.wayland.windowManager.sway.config) left right up down; + in + { + inherit modifier; + bars = [ ]; - input = { - "type:keyboard" = - { - xkb_layout = config.home.keyboard.layout; - xkb_variant = config.home.keyboard.variant; - } - // lib.attrsets.optionalAttrs (builtins.length (config.home.keyboard.options or []) > 0) { - xkb_options = builtins.concatStringsSep "," config.home.keyboard.options; + input = { + "type:keyboard" = + { + xkb_layout = config.home.keyboard.layout; + xkb_variant = config.home.keyboard.variant; + } + // lib.attrsets.optionalAttrs (builtins.length (config.home.keyboard.options or [ ]) > 0) { + xkb_options = builtins.concatStringsSep "," config.home.keyboard.options; + }; + + "type:touchpad" = { + natural_scroll = "enabled"; }; - - "type:touchpad" = { - natural_scroll = "enabled"; }; + + keybindings = lib.mkOptionDefault { + # as of 2023-05-21 the `!!` arg parsing mode was broken for me on yofi + # "${modifier}+d" = "exec ${packages'.yofi}/bin/yofi binapps"; + "${modifier}+d" = "exec ${pkgs.fuzzel}/bin/fuzzel --show-actions"; + + # only 1-9 exist on the default config + "${modifier}+0" = "workspace number 0"; + "${modifier}+Shift+0" = "move container to workspace number 0"; + + # disable splitting for now as i sometimes trigger it accidentally and then get stuck with it + "${modifier}+b" = "nop"; + "${modifier}+v" = "nop"; + + # move workspace to output + "${modifier}+Control+Shift+${left}" = "move workspace to output left"; + "${modifier}+Control+Shift+${right}" = "move workspace to output right"; + "${modifier}+Control+Shift+${up}" = "move workspace to output up"; + "${modifier}+Control+Shift+${down}" = "move workspace to output down"; + # move workspace to output with arrow keys + "${modifier}+Control+Shift+Left" = "move workspace to output left"; + "${modifier}+Control+Shift+Right" = "move workspace to output right"; + "${modifier}+Control+Shift+Up" = "move workspace to output up"; + "${modifier}+Control+Shift+Down" = "move workspace to output down"; + + "${modifier}+Shift+e" = "exec ${pkgs.sway}/bin/swaymsg exit"; + "${modifier}+q" = "kill"; + "${modifier}+Shift+q" = "exec ${pkgs.sway}/bin/swaymsg -t get_tree | ${pkgs.jq}/bin/jq 'recurse(.nodes[], .floating_nodes[]) | select(.focused).pid' | ${pkgs.findutils}/bin/xargs -L1 kill -9"; + + "${modifier}+x" = "exec ${swapOutputWorkspaces}"; + + "${modifier}+Ctrl+l" = "exec ${lockCmd}"; + + "--locked XF86AudioPlay" = "exec ${pkgs.playerctl}/bin/playerctl play-pause"; + "XF86AudioPrev" = "exec ${pkgs.playerctl}/bin/playerctl previous"; + "XF86AudioNext" = "exec ${pkgs.playerctl}/bin/playerctl next"; + + "XF86AudioRaiseVolume" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --change-volume +5"; + "XF86AudioLowerVolume" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --change-volume -5"; + "--locked XF86AudioMute" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --toggle-mute"; + + "Print" = "exec ${pkgs.shotman}/bin/shotman --capture region"; + }; + + terminal = "alacritty"; + startup = + [ + { + command = builtins.toString (pkgs.writeShellScript "ensure-graphical-session" '' + ( + ${pkgs.coreutils}/bin/sleep 0.2 + ${pkgs.systemd}/bin/systemctl --user restart graphical-session.target + ) & + ''); + } + ] + ++ lib.optionals config.services.swayidle.enable [ + { + command = builtins.toString (pkgs.writeShellScript "ensure-graphical-session" '' + ( + ${pkgs.coreutils}/bin/sleep 0.2 + ${pkgs.systemd}/bin/systemctl --user restart swayidle + ) & + ''); + } + ]; + + colors.focused = lib.mkOptionDefault { + childBorder = lib.mkForce "#ffa500"; + }; + + window.titlebar = false; + window.border = 4; + + # this maps to focus_on_window_activation + focus.newWindow = "urgent"; }; - - keybindings = lib.mkOptionDefault { - # as of 2023-05-21 the `!!` arg parsing mode was broken for me on yofi - # "${modifier}+d" = "exec ${packages'.yofi}/bin/yofi binapps"; - "${modifier}+d" = "exec ${pkgs.fuzzel}/bin/fuzzel --show-actions"; - - # only 1-9 exist on the default config - "${modifier}+0" = "workspace number 0"; - "${modifier}+Shift+0" = "move container to workspace number 0"; - - # disable splitting for now as i sometimes trigger it accidentally and then get stuck with it - "${modifier}+b" = "nop"; - "${modifier}+v" = "nop"; - - # move workspace to output - "${modifier}+Control+Shift+${left}" = "move workspace to output left"; - "${modifier}+Control+Shift+${right}" = "move workspace to output right"; - "${modifier}+Control+Shift+${up}" = "move workspace to output up"; - "${modifier}+Control+Shift+${down}" = "move workspace to output down"; - # move workspace to output with arrow keys - "${modifier}+Control+Shift+Left" = "move workspace to output left"; - "${modifier}+Control+Shift+Right" = "move workspace to output right"; - "${modifier}+Control+Shift+Up" = "move workspace to output up"; - "${modifier}+Control+Shift+Down" = "move workspace to output down"; - - "${modifier}+Shift+e" = "exec ${pkgs.sway}/bin/swaymsg exit"; - "${modifier}+q" = "kill"; - "${modifier}+Shift+q" = "exec ${pkgs.sway}/bin/swaymsg -t get_tree | ${pkgs.jq}/bin/jq 'recurse(.nodes[], .floating_nodes[]) | select(.focused).pid' | ${pkgs.findutils}/bin/xargs -L1 kill -9"; - - "${modifier}+x" = "exec ${swapOutputWorkspaces}"; - - "${modifier}+Ctrl+l" = "exec ${lockCmd}"; - - "--locked XF86AudioPlay" = "exec ${pkgs.playerctl}/bin/playerctl play-pause"; - "XF86AudioPrev" = "exec ${pkgs.playerctl}/bin/playerctl previous"; - "XF86AudioNext" = "exec ${pkgs.playerctl}/bin/playerctl next"; - - "XF86AudioRaiseVolume" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --change-volume +5"; - "XF86AudioLowerVolume" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --change-volume -5"; - "--locked XF86AudioMute" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --toggle-mute"; - - "Print" = "exec ${pkgs.shotman}/bin/shotman --capture region"; - }; - - terminal = "alacritty"; - startup = - [ - { - command = builtins.toString (pkgs.writeShellScript "ensure-graphical-session" '' - ( - ${pkgs.coreutils}/bin/sleep 0.2 - ${pkgs.systemd}/bin/systemctl --user restart graphical-session.target - ) & - ''); - } - ] - ++ lib.optionals config.services.swayidle.enable [ - { - command = builtins.toString (pkgs.writeShellScript "ensure-graphical-session" '' - ( - ${pkgs.coreutils}/bin/sleep 0.2 - ${pkgs.systemd}/bin/systemctl --user restart swayidle - ) & - ''); - } - ]; - - colors.focused = lib.mkOptionDefault { - childBorder = lib.mkForce "#ffa500"; - }; - - window.border = 4; - - # this maps to focus_on_window_activation - focus.newWindow = "urgent"; - }; }; services.swayidle = { diff --git a/nix/os/devices/steveej-t14/pkg.nix b/nix/os/devices/steveej-t14/pkg.nix index 25c15c5..806de3c 100644 --- a/nix/os/devices/steveej-t14/pkg.nix +++ b/nix/os/devices/steveej-t14/pkg.nix @@ -4,7 +4,12 @@ , nodeFlake , ... }: { + system.stateVersion = "23.05"; + home-manager.users.root = _: { + home.stateVersion = "22.05"; + }; home-manager.users.steveej = _: { + home.stateVersion = "22.05"; imports = [ ../../../home-manager/configuration/graphical-fullblown.nix @@ -103,5 +108,4 @@ # # }; # }; - system.stateVersion = "23.05"; } diff --git a/nix/os/devices/steveej-t14/user.nix b/nix/os/devices/steveej-t14/user.nix index f9201cd..2a83802 100644 --- a/nix/os/devices/steveej-t14/user.nix +++ b/nix/os/devices/steveej-t14/user.nix @@ -8,7 +8,7 @@ let inherit (pkgs.callPackage ../../lib/default.nix { }) mkUser; in { - users.extraUsers.steveej2 = mkUser { + users.users.steveej2 = mkUser { uid = 1001; openssh.authorizedKeys.keys = keys.users.steveej.openssh; hashedPasswordFile = config.sops.secrets.sharedUsers-steveej.path; diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index cd2f9f2..0da079a 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -55,6 +55,7 @@ nodeFlake.inputs.home-manager.nixosModules.home-manager ../../snippets/sway-desktop.nix + ../../snippets/timezone.nix # ../../snippets/radicale.nix ]; @@ -82,6 +83,9 @@ ]; system.stateVersion = "23.11"; + home-manager.users.root = _: { + home.stateVersion = "23.11"; + }; home-manager.users.steveej = _: { home.stateVersion = "23.11"; @@ -89,6 +93,9 @@ ../../../home-manager/configuration/graphical-fullblown.nix ]; + # seems to be broke on install + programs.chromium.enable = lib.mkForce false; + home.sessionVariables = { }; home.packages = with pkgs; [ diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 8ee5695..cb1fed8 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -30,6 +30,7 @@ targetPlatform = "aarch64-linux"; buildPlatform = "x86_64-linux"; nodeName = "steveej-x13s"; + repoFlake = get-flake ../../../..; mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs: nixpkgs.lib.nixosSystem ( @@ -38,15 +39,14 @@ { specialArgs = (import ./default.nix { system = targetPlatform; - inherit nodeName; + inherit nodeName repoFlake; - repoFlake = get-flake ../../../..; nodeFlake = self; }).meta.nodeSpecialArgs.${nodeName}; modules = [ - ({ repoFlake, ... }: repoFlake.nixosModules.hardware-x13s) + repoFlake.nixosModules.hardware-x13s ./configuration.nix ] diff --git a/nix/os/snippets/sway-desktop.nix b/nix/os/snippets/sway-desktop.nix index e032d26..2ede0f6 100644 --- a/nix/os/snippets/sway-desktop.nix +++ b/nix/os/snippets/sway-desktop.nix @@ -65,26 +65,27 @@ in security.pam.services.getty.enableGnomeKeyring = true; services.gnome.gnome-keyring.enable = true; + # autologin steveej on tty1 + # TODO: make user configurable systemd.services."autovt@tty1".description = "Autologin at the TTY1"; systemd.services."autovt@tty1".after = [ "systemd-logind.service" ]; # without it user session not started and xorg can't be run from this tty systemd.services."autovt@tty1".wantedBy = [ "multi-user.target" ]; - systemd.services."autovt@tty1".serviceConfig = - { - ExecStart = [ - "" # override upstream default with an empty ExecStart - "@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login --autologin steveej --noclear %I $TERM" - ]; - Restart = "always"; - Type = "idle"; - }; + systemd.services."autovt@tty1".serviceConfig = { + ExecStart = [ + "" # override upstream default with an empty ExecStart + "@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login --autologin steveej --noclear %I $TERM" + ]; + Restart = "always"; + Type = "idle"; + }; programs.zsh.loginShellInit = '' if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then exec sway fi ''; - home-manager.users.${homeUser} = _: { + home-manager.users."${homeUser}" = _: { imports = [ ../../home-manager/profiles/sway-desktop.nix ]; diff --git a/nix/os/snippets/timezone.nix b/nix/os/snippets/timezone.nix index 9ed1dea..a3ebd92 100644 --- a/nix/os/snippets/timezone.nix +++ b/nix/os/snippets/timezone.nix @@ -1,7 +1,7 @@ { lib, ... }: let - passwords = import ../../../variables/passwords.crypt.nix; + passwords = import ../../variables/passwords.crypt.nix; in { From 1bb92040aeb1b292006396165fe0a213046a7121 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 23 Jan 2024 09:39:43 +0000 Subject: [PATCH 015/305] direnv,devShells: split into develop and install --- .envrc | 2 +- flake.nix | 18 +++- nix/devShells.nix | 99 +++++++++---------- .../secrets.yaml | 0 4 files changed, 63 insertions(+), 56 deletions(-) rename secrets/{steveej-x13s-rmvbl => steveej-x13s}/secrets.yaml (100%) diff --git a/.envrc b/.envrc index d8f5b3d..697ced8 100644 --- a/.envrc +++ b/.envrc @@ -1 +1 @@ -use_flake . --impure +use_flake .#develop --impure diff --git a/flake.nix b/flake.nix index c6bbc6b..5c9e433 100644 --- a/flake.nix +++ b/flake.nix @@ -170,7 +170,8 @@ inherit systems; perSystem = - { inputs' + { self' + , inputs' , system , config , lib @@ -295,11 +296,18 @@ }; formatter = pkgs.alejandra; - devShells.default = import ./nix/devShells.nix { - inherit inputs' pkgs; - packages' = packages; - }; + devShells = + let + all = import ./nix/devShells.nix { + inherit + self' + inputs' + pkgs + ; + }; + in + (all // { default = all.develop; }); }; flake.nixosModules = { diff --git a/nix/devShells.nix b/nix/devShells.nix index d4d5c07..ebd879b 100644 --- a/nix/devShells.nix +++ b/nix/devShells.nix @@ -1,70 +1,69 @@ -{ inputs' -, packages' +{ self' +, inputs' , pkgs -, }: -pkgs.stdenv.mkDerivation { - name = "infra-env"; - buildInputs = - [ - (with pkgs.callPackage (pkgs.path + "/nixos") { configuration = { }; }; - with config.system.build; [ - nixos-generate-config - nixos-install - nixos-enter - manual.manpages - ]) - ] - ++ (with pkgs; [ - inputs'.colmena.packages.colmena + +{ + install = pkgs.mkShell { + name = "infra-install"; + packages = with pkgs; [ nixos-install-tools + inputs'.disko.packages.disko + just + git + git-crypt + gnupg + ]; + }; + + develop = pkgs.mkShell { + name = "infra-develop"; + inputsFrom = [ + self'.devShells.install + ]; + packages = with pkgs; [ + inputs'.colmena.packages.colmena dconf2nix inputs'.nixos-anywhere.packages.nixos-anywhere - inputs'.disko.packages.default nurl - just - git-crypt vcsh - gnupg - git ripgrep - lm_sensors - pass - fuzzel - wofi + # pass age age-plugin-yubikey ssh-to-age yubico-piv-tool inputs'.sops-nix.packages.default sops + nil apacheHttpd - vncdo - tesseract - imagemagick + # vncdo + # tesseract + # imagemagick - nmap - sysstat - lshw - xxHash - linssid - wavemon - wirelesstools + # lm_sensors - zathura - xorg.xwininfo - glxinfo - autorandr - arandr - playerctl - x11docker - fwupd + # nmap + # sysstat + # lshw + # xxHash + # linssid + # wavemon + # wirelesstools - ntfy + # zathura + # xorg.xwininfo + # glxinfo + # autorandr + # arandr + # playerctl + # x11docker + # fwupd - hedgedoc-cli + # ntfy + # hedgedoc-cli xwayland @@ -75,9 +74,9 @@ pkgs.stdenv.mkDerivation { (pkgs.writeShellScriptBin "r11" '' exec env NIXOS_OZONE_WL="" WAYLAND_DISPLAY="" $@ '') + ]; - ]); - - # Set Environment Variables - RUST_BACKTRACE = 1; + # Set Environment Variables + RUST_BACKTRACE = 1; + }; } diff --git a/secrets/steveej-x13s-rmvbl/secrets.yaml b/secrets/steveej-x13s/secrets.yaml similarity index 100% rename from secrets/steveej-x13s-rmvbl/secrets.yaml rename to secrets/steveej-x13s/secrets.yaml From 5921ad1df09e4c3eaad656235253a905ba963861 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 23 Jan 2024 09:40:21 +0000 Subject: [PATCH 016/305] secrets: rename steveej-x13s{-rmvbl} and update key --- .sops.yaml | 10 +- .../configuration/graphical-fullblown.nix | 1 - secrets/shared-users.yaml | 118 +++++++++--------- secrets/steveej-x13s/secrets.yaml | 32 ++--- 4 files changed, 80 insertions(+), 81 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 895ce81..d003e1b 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -8,7 +8,7 @@ keys: - &steveej 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B - &steveej-t14 age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl - - &steveej-x13s-rmvbl age1hkta9w0yawwwwchapemkygzxkrv7vx759vrafgrjhm63spckwstque8x97 + - &steveej-x13s age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6 - &elias-e525 age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm - &justyna-p300 age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8 @@ -25,7 +25,7 @@ creation_rules: - *steveej age: - *steveej-t14 - - *steveej-x13s-rmvbl + - *steveej-x13s - *elias-e525 - *justyna-p300 @@ -47,7 +47,7 @@ creation_rules: - *steveej age: - *steveej-t14 - - *steveej-x13s-rmvbl + - *steveej-x13s - path_regex: ^secrets/servers/.+$ key_groups: - pgp: @@ -92,9 +92,9 @@ creation_rules: - *steveej age: - *sj-bm-hostkey0 - - path_regex: ^secrets/steveej-x13s-rmvbl/.+$ + - path_regex: ^secrets/steveej-x13s/.+$ key_groups: - pgp: - *steveej age: - - *steveej-x13s-rmvbl + - *steveej-x13s diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index aa8f6e7..b46e96c 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -202,7 +202,6 @@ in # Code Editing and Programming # pkgsUnstableSmall.lapce # pkgsUnstableSmall.helix - # pkgsUnstableSmall.nil # Image/Graphic/Design Tools gnome.eog diff --git a/secrets/shared-users.yaml b/secrets/shared-users.yaml index e423eb6..66305f1 100644 --- a/secrets/shared-users.yaml +++ b/secrets/shared-users.yaml @@ -16,100 +16,100 @@ sops: - recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlanJ3b29Ed2Q3Y2I3SWRt - TlpTRFpMT3FhOUl0dGZGMW1lU3pQNW95bkZjCjY0bXV4Q2dBQjd6emZRdlczQ0F6 - V3RvbklucGhzbGpPUzJ4K3FrNzJ2SVEKLS0tIFRlWWRBNk1HdllsZzNQZDIwa2N6 - bUpjR0ZzNVd5dEpEZUJCSnVUWVJtSzAKb2dEX133nceasBIwgd8q6x6WWPCQ0Ukg - Rmsbi5u1SYrZr3544sVoo0PvkU7gT9Fh4/LOy9oPpJSEcTXf5DMzjQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzWFp1QUNPeEJDci9ibTg2 + ZUNkMVNld1ZxNkVmUk9jMld3L01ndWVtakZ3ClQ1V2crS3hITG8rSmx4OWE3RU96 + SC9xb0VybDZDN0FwU0JTTHJPRDB0QkUKLS0tIEU5cmh3bW1iWHJ4RDdrUUF0VG5M + MUhWRm5qdnpCUFZ2N3FvL1FITDhNMmsK1TKbM1jrJMvy16yhZwLGcqOan5RTiKYu + jVaSgPaxJLPhtWReAH5RM2JOmrET1DdI7q8vFD7eaJIzKdBxAIwhQg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6K2x0c0swK1lHb2VCZi9v + RUo5VkRPayt2V0RyRVVhSlRGME5TMm9KZFRFCnY0NTdEb1FqK1JUaUdmQ09mOGha + SCtMVnRWYUpmYkM5OUY4TlJQd3MrdE0KLS0tIGdiZFpuZnFiNloxMTNFOWhoM2hV + TlovVmMrVHdDdmQ0dnRhZWxRZHJkMmMKpYOiZy2BVhddpSNiXasycmDaD9lA8irk + ThkO0iaLu2fG7RhT9A9VfXu6eE3ZHN6vr4hv/ItzAbP+T8Ro+Yvwfg== -----END AGE ENCRYPTED FILE----- - recipient: age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkRjBHQ2lDYmhsei84STdk - eUVOdWZGOTJMR1JwbHB2ek5mRzVVdkJuU0ZjCmk2NUttVjgwTk42OUtxVStVMEFK - VFo0RFRyR3RJa2VJSm95NVV3dm5YL3MKLS0tIExGQUlhS3RDMjRHejRaZ01BQWZ1 - U0pZR3BzakVmUW1QNGhsQkNQMk1NY00KR3ZP/WB3sMNoWi13mjMqgnZuM8tnIjty - QHgwav0qOkcQqdYSfOY/DxmPgTG0CKroqRXY8Hk72Y/UH2HpyIptnQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuS0FVR3N3YnRlMXBwMVpj + elZ6dVlyMWRoSUx1UlVmYThBcWFFdmxEWTNRCkhFZEVDUGpsS1ZmelBSQVpZUWVC + ZlNqcm9EVXF3U3hLYThpbGVSeVFDNDQKLS0tIGV0bkI2aVNmbnJmR2lqSFVLMGNr + aVZFd091T1U4QVdVcWtSbnppd3BEODAKPzj/phV8BijdFewcwBV+loKk4o1tBJ6t + CP8kwiIb03/lCd9HmyLgAUt0PlMJFbT4FJNEjwBstMErUdvClXO3dg== -----END AGE ENCRYPTED FILE----- - recipient: age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3UUs4dTFIcXVvZ285N1A1 - MmhleE50YXVGaDg0QlZsUWZNam4wYjRwL1FVClNBUm9GcWNvUitYSnBla1dIeDFl - SmZKMzBQTWpSdGRPcDVlTmRjQzZxNWcKLS0tIFh2UGJtMHdZTXo1N2lzckM3YXRl - NmZpcGRLVmZsYjkwZkJ2NEk5dzlmY0EKtxNY7qvh5ErrAhRcQHVnDc1orsYlLGCS - 8uLSOapuC8W6EH6w6aewQiggKBjDmECpNo7VyXfbURfaOk4o8uqg3A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwOEZ0V2pOcStDb2YwclZG + U0t2RklFMkJQdE82cTVDK1NGMUt5R2R0c0VFCmV4Q2Rob2E2REVMUlRkeS8xTVVu + U296N2FFRHpmRnJPQjRBUmRaMEpnL2cKLS0tIFBseEpvSTJ0azBRUEVRa1dqT1RK + bFVpbVY5RU01R3pEcWFsQ0pkQWkwYlEKIW1AmTBR1UIjD9n3o2QyWb/FfUUa8qQz + b0GtaaQkY17GyoBzrBh0G4D2yziPy8N9AwOTaaDJ7l5VZq9ydKbTrA== -----END AGE ENCRYPTED FILE----- - recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUEFIb3VmZVE2Q1NheGEx - YmdscFdEYThQa29jTEdzdjZlK1U2WFlUY3dVCm1CUmlMY21pMXRGTXY4RDZ3cE1p - UUxNMEozQndUaTNGUlVrK0pKWC9WODAKLS0tIG1wSnNEZVUvakkxZS8yaklpWlNH - MFZkc2Z4M1FNdWZkdmwvQVpiRDFtbTQKbnNBlKnsNiL6BeSC9AoGx6IVeOyvB5IH - mP6aBQHyOBMgGql2+WHLdjBS5qEeR43jZbWNKiTnt8lnnfj7GVgiPA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2YTZGb1pXSWZVNk95aFVp + UTFDUHlweGVUQmV1KyttSXpjeng0WFd5d1ZFClJwL2xGVmhlTlJzNVhhaElmbnl2 + K2RmUlR0SzNkMWhmb1lOTTMyVUt4Rk0KLS0tIElFV0hCZVRwWTNJYldmR2ZYU2Rm + dHRuVThQRm9NT05HdzdHOWh6R2dLYnMKvrsQXgfRyHOl2aN64JHPXEdlvcHynEss + I4dCLuvKuPh5WjcFZ16zidGzffNKZTHsXPv/WKFUsy20lONByRuRbA== -----END AGE ENCRYPTED FILE----- - recipient: age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1NTlhSXRFN1ZrYjZGdXlG - dDBlVUxJd0FlQnpETkJSbHppNGlncEp1emhRCjRLMkEvbXRkampwcWxvNnhRRVhY - dWlQWWI5YXJQMmR3cWxOVUtneWRDRFkKLS0tICt6ZEF3cHg0SUxES243TzdFcnVS - bkgrWklIbFFrRHdHZGdvMGlHTGNXUkEKUuT35aX71q+KBXozpoGWcHeSs0g70kyY - yo5uuD6Ay4QlNtdfeOYmsyg8iikOrpw5Mer2vsSTWGbszy8p1+93Pw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4WndIcHhndkVjazRKV3Rq + U2JjYTZyYUhheG5pSlI0VE9tZ2w0SlRBM0JBCm1YSWxFa0RjVUhFb2xHMnMxbGZy + S1V1b1RMVExFRW0rUU03YXNjejJ3enMKLS0tIHlwdHNNRHNYL2xyeFFCcHdIVFRi + MDZaQjREbWw5aG82NG1Ea0J2d0tTMWMKCodGBDTKbq5qcmtrAh0HrdZ7fmEx8VhH + InCa5SXSRo7cVQe6VRBczF3RC/Mc2u+xzEDd1XbyGviqt1CkI1UPRQ== -----END AGE ENCRYPTED FILE----- - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUSzR0SFJPSjBVQVlCcFBT - ajMwNUFzZWwzMDkzTHh0anJETnVicWdiVFJJClRSVi9MbjdKcUUvRVFyby9RSVdk - VHpxbnBuQll3QzQwUERCNXdQOCtZSE0KLS0tIDBhbW1YU2c5YVpwUVMwY2EwVjRD - dk1uTzNZN1hnT2NHU29EN2FsQ1pUQVEK+cpcftNnD8HhLimsrp+YDLwurUZqENkQ - HX45h7tC7J6R0+w8A/1nfY1gsST/asgJhSGjroB+EdsP2aGUCUiNyA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDa2YzeTBEOXlIcUJlZlVl + NUdCTGRYcUhOa0dkRjR2RHJNZ3VWclJWd3hjCmFZY0dEVTlwb3lNajE2emFCZmZ2 + SkhTejc3cFA1Yjc0ZHF2TjRYZ1Qvc1kKLS0tIGxDbWNjaXlvU2ttbDR4NW9UYThr + OWRZb1d5dkxETCt1RThQK0Z4cmJSb28KGrAeCR7Q37WwyEzHT5CvaMVmVUoyv1s3 + dDbEu8mtNhDBi9LYMwfbXiZHAlPWQ1Ogveot8vc4kMOAlvWMR4FwdA== -----END AGE ENCRYPTED FILE----- - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6bXZsYnYzMC8wQnhMUGpu - TVFKWkFTU1U0VTFDeUlaR2dzZzN6WG9ueFQ4CnFYMWpoUGFPbkZRTUtSN2ZnelFJ - Nk1CdjVTbnY3aG1FNVZrY3hQYmRGalEKLS0tIERsd2xvaStod1N4eHg3eTIxSlUy - NERKTEZpSkV3N2wxWTlVazhNdFk2NDQKt+omfSoPJQvohV4aED0HYMXwFKMq25lB - 9+gB0BJDYe7btIUuFr861EDWx+D32gBtbpRsyAitNJKc9NlZ4VLWuw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRT2dIMGFEbUErU1pYUXRR + Yk1tUmx2R3BmUXVhK1JMd3J6WVNwOGVmRkUwCnZBSGxvcFd4Y1dGbkg4UEF2RUxE + TUdpVGV1ZEpFQmNWN1ZKei8rSWJtaVEKLS0tIGRLd013RVB2eHhXeHpXbWoyaktu + OExualc3eWk1UGgvZDlNbWZydXBXWkUK0vhwGhegmrQASWqFQYpZgJungzt7vtfC + sBna05p6lnSEdtclUa1MZ/a9wlqAtmrA2fUarLnc6/bs0K8Oz9HRPA== -----END AGE ENCRYPTED FILE----- - recipient: age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXc0dETndkQVFwa2FwUUtj - aHNNaG5rS2VvamRtVDR1Rm1ubXFaR2NWa0RzCmdLbTFFUzlrZ01KWTY5Uk9uWTAy - Ym1kRXp4bWM1QUs2d1BwcE1WTEsyY3cKLS0tIG5qVm84WGlGVDlDWUVHWGNrcXJQ - NHR6S3pPRFhWemNWM0FMSjZpbXkzN0UKoTE6GuckP7QwuCQ8gZgitmW0URtG57u6 - VuWmt7vpSuutHJmccODDpFg4iJKC8SKIeUoQANKsnBJf/uZhDaG42Q== - -----END AGE ENCRYPTED FILE----- - - recipient: age1hkta9w0yawwwwchapemkygzxkrv7vx759vrafgrjhm63spckwstque8x97 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsM2ptZVl5R0tybkU1bHJp - ams0OENxU21FZDJjNkZNQUlteDF3RHBoOWpZCjFNUXhzMzhXR1FhUmxnSFAzcnVK - NVZONlNkVVdGcUNtZyszT1liOVdtOVUKLS0tIDZIR2NMWGVJclhqeitqN1V3endv - Z0wzT0hweEVML2plRTkzaFZsWHJHY2MKTcX84PLdHpuGzUn2v7r5gJLp9ZBhgLu6 - WI1KWIwbYj91hsoHjUH4lW0Xv7/mVLrON9wOQuOuyuVeDfP7GQ73qA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSFIvcUEwbnZ6Qm95V3hT + SlBiSS9ycE4xTmpRR1l0SDZKYkFNVmtXUG00ClBKYzBMSmNOMmdCSktGV29WbFBE + U0x1K2dsU2FoVVBPSWthZ0hmRkdTKzAKLS0tIGhZaU9kQU54ZzNWVnhLNEozWXZN + Z3MvRnRGSUlVNlJVdzVEMjcxNE4xbWcKkS3GagirASPe/XnJgwBIZ9cCdyeOi9Uy + mcD5Pa6AU7itXL9pHtDcMUsDlKkKYWSUtouW8wAESWdXfFBd2Q+Vgg== -----END AGE ENCRYPTED FILE----- lastmodified: "2023-07-06T20:14:22Z" mac: ENC[AES256_GCM,data:GPWu5DjjJ1ki+HRuedGdDCt+2V0RPbOsD/yWJxPIkgu5923vnF8y9y4V6e6+ZsTqHv4hsKeCjKtUnh2Ldn+xadwJmqrIxyJ8NzH5TOvcBxAab9cJCp/yKENw0O1WMUTlDPelvQKMDwbgiebaVVfxbQPUEfJGOgkHkyXrgqN94FU=,iv:h9YALYahUl7mRJmZKjArEfaMrfW9YZkVYd2CEooF13Q=,tag:wotqxup/ouG/bEVOZCs19w==,type:str] pgp: - - created_at: "2024-01-22T09:16:19Z" + - created_at: "2024-01-23T09:01:13Z" enc: |- -----BEGIN PGP MESSAGE----- - wcBMA0SHG/zF3227AQf/WsDFXBatZSxOmQWVGXw0MOeC2QOKaUo5if7C4Z0d+cMg - AyEmUMFcU3KkTFTqjqSqjA/9k/AJiqJxQkXqcSVHT4z3vNdGzrWVsJI4fimmumFZ - Hcc7hIgkBK1THkTkoOr3G3WRHJ/J4nZmABycWSt1kF1FdnHnXo8bXh25Sk+Ellt2 - +SlaC8NAZtd2P6L3ZxQYFUud3mc6/uUV5GTkZ7RisjMnAEVF5BbvzSAlAj7fh4Ph - ZJxMLzVnqQHrN+U/0WuFtL8KJaCF9zecxQxzaM/Zf/Sa5x4fsoqsjmMPhtwQMvC5 - ehiXSoVYETuJylSQF+N44V46/lrO6qqnIi+5NqqC2NJRAXH01P/bMQfW5M6AqQgJ - muPztPFjBL46D3wVo6Hg0JL6ag5DV4/mjTOpEiiGUHKxTDxFwlNYRQQX2EHnBHFb - Otf7rnrSdA+I9GqEpCNkzdbi - =pR8T + wcBMA0SHG/zF3227AQf+Oo8GZF91ry7FhASb7USKTxKYFfdlJPWDxLFtBNSFkqdV + U7tOgAB3WJTSlED8Cs+6gyNNr3n7Y6p2KaOLYjft05T/Ms9pDuJAV1S8Ogfo5zys + W7Ss4hkCMZqIXZXTQ03yZner+8o8v/F/f0SPNji8znT2qZmLZbhwa2IPjmORo3L7 + y4F38IVie8keQNWObSFqd7qVqKynHHg+ur5NmVgUAVO/wMg6TytV3Wa11Hfq50tc + EenVAyBW1GUOtsBCH8MOCgH4paZcrzkBPU2dK9UppUWzB5RxayIZT34Qf4mNHwdL + sa83I2MwMp0fuTW66YvJPR1vjcYgY/wOxxZw28biidJRAWpiGsPhGKg+AHmHNp/T + NjN/7MVxZMUX/DHm2LmF6sjSp99wqCl8yvEIrXcGXSSY218XZ0QgXQRhhErwCEaT + JM145ZTHicA2qi4NqMkfsvjf + =6arN -----END PGP MESSAGE----- fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B unencrypted_suffix: _unencrypted diff --git a/secrets/steveej-x13s/secrets.yaml b/secrets/steveej-x13s/secrets.yaml index 7b2d3ec..a7306d2 100644 --- a/secrets/steveej-x13s/secrets.yaml +++ b/secrets/steveej-x13s/secrets.yaml @@ -15,31 +15,31 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age1hkta9w0yawwwwchapemkygzxkrv7vx759vrafgrjhm63spckwstque8x97 + - recipient: age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDWk1LS3A0NENRZk1HZm8x - dW1PNkxZV1ZWdStzb2M5MzRRNmJmUXcvakJJCnpwVlZRV3FHVDNUbURSMWZXY3k2 - NUliMUpNT3kreEZITjR3dDdrU2MvVkEKLS0tIFp5U2tCa3V5NWhqWHgzdDR5RG9D - SmxNVk45UklhUjRYc2pTVy9FWFBhQUUK1QMqDCIZnyyzJhUb0TBgheW2P6lAUTQe - KLhYqTRuo5/zS5C2uANa028CNGWJVOoEgKEw3xjHz0pvSkT5JkI8WQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjU3VmRjNmYzhPT1A5WFpB + S2ZBeE0xWGkyR0pJVm9vVnc2ZzNWWHNkY2tvCnhHUlh6d3F2cDdHZWpvMGJ6ajhw + WHgyd21RZWQrSHA4bllsWVExRksrcm8KLS0tIGVvNVF1TkJ0MDBxMzRFZE01VVVz + Q1FmbW9BL3E1emwwWFhJTTZoRlhVdFEKCkpvkW65v0+fuh2bXZVNVbnwsl1Aca/O + 9tkIMNLFhD/Rn8MFmkhIZmWYWB4IUwW/UNSxrmkt7cyFJNlpAH0+YA== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-01-22T09:20:19Z" mac: ENC[AES256_GCM,data:Mmo5XJaMIDZ0sqKyn7oK+l6XdrTyA0NuF8tueLEKSdSCFxr2TJjroyojsybrYKehp5rrW1rT8cWWld2wXEEr+txsMCzIrlDqyerkcsu7ioMJb7ihRyXATBzdBOfUTq/8iLLc9gE9uRaMbeNOrglF0nxS+VtwOmst/z6fl7wC0+Q=,iv:t+dSzeBBhVfPo2efHM4iWIE/DHTDAm917kZrV1UxV0I=,tag:+CPkO6bbWqMzWBs16HT8GA==,type:str] pgp: - - created_at: "2024-01-22T09:20:12Z" + - created_at: "2024-01-23T09:01:14Z" enc: |- -----BEGIN PGP MESSAGE----- - wcBMA0SHG/zF3227AQgApMVbQc+4BUc/7ima51XMJzIBA93SOLOCmyn2J9tLG/V/ - ZM6fmWyiLvCRowA0nLt19DYnaRrEXTcRlvBPs/RIx6Fmq4260ZvyPN7Fea6ltVOL - EhG5IJHaweUhXMi6UV2/6vuTBbQsLzWK8xl6bZNCVFWB/JiLrHzukWpE4ACeqD0Y - P/428L4XCW05DkltQdfQrn2bIlf/6c/itvepRr1tHFr8ABuBM/g4hSg/nFyHlrH3 - CtrdPSQBopZxhVv4MoHPWSQ6jGjrmqumc6gyNGa1Ugry3FmuFmdlMAoUsQtG/cU1 - ORM/CvKwxLZU+qifm8QU4BO+0Gw/nhLrYfX0/EWsmtJRAQJt51PK3t/nXUTE47sT - lz+zPgpT/Sz9E/wKH3yAq9RuXKKtwc7oRJS+NHuv10YPIkhVejSjvmsGEKezU1ed - 6BsZrcVnaQt+SdmUOEuP/iRF - =8elR + wcBMA0SHG/zF3227AQgAp6QdUiZPpktzBQ4kG3QctoiCJ6NwiYEtPJAftgbbBCDb + WdtjiLmp0+XFf4TvihdaFy7kDQh2wvMSj3dOLANV/V3BSJwk4WjtJoEEG+B8ZVEN + T0B2SauM7FcgN4eRe3jx0R9xoQGsE8vXdDbyU/rRpf1LZ6HuEjFC1Boe98mtWsAD + MRxYbBfmIsh0DBF9GZyaKR62PyHu7+doRHzxxDJXhItaGW96cKdydw4GhXBvqiXn + 9SUxxXhg+FpIMXysncB4+yWKSV8FoCkmqPeNlONgk5hwDNpkeXEDND8mHbhZFN5n + ElUTO2ild4Cxh8E1U3A4IQ8ARMcmyag7wnCUmcxnTdJRAa11NhS+6h2PVNqRt53E + p2UKvgbpMgMYj3pWlP9dSuege0+YhynTGRpjTbbUqNJVGFAKfwvPa0zY0hc0hG6G + 7Y5zpcqR+/NlVgerPZwLNFib + =0kQe -----END PGP MESSAGE----- fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B unencrypted_suffix: _unencrypted From ffdf25c117b7f033b47b8dee83b170ceeaf8b343 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 24 Jan 2024 00:24:04 +0000 Subject: [PATCH 017/305] clean up and refactor more into OS snippets; bluetooth works on x13s --- flake.lock | 17 +++ flake.nix | 6 + .../configuration/text-minimal.nix | 12 -- nix/home-manager/profiles/common.nix | 23 +-- nix/home-manager/profiles/dotfiles.nix | 49 +++++- nix/home-manager/profiles/sway-desktop.nix | 18 --- nix/os/devices/steveej-t14/configuration.nix | 6 + nix/os/devices/steveej-t14/default.nix | 25 ++-- nix/os/devices/steveej-t14/system.nix | 7 - .../steveej-x13s-rmvbl/configuration.nix | 86 +---------- nix/os/devices/steveej-x13s-rmvbl/flake.lock | 83 +---------- nix/os/devices/steveej-x13s-rmvbl/flake.nix | 10 +- nix/os/devices/steveej-x13s/configuration.nix | 101 ++++++++----- nix/os/devices/steveej-x13s/default.nix | 2 - nix/os/devices/steveej-x13s/flake.lock | 141 ++++++++---------- nix/os/devices/steveej-x13s/flake.nix | 6 +- nix/os/modules/hardware.thinkpad-x13s.nix | 6 - nix/os/profiles/common/boot.nix | 15 -- nix/os/profiles/common/configuration.nix | 46 ++++-- nix/os/profiles/common/pkg.nix | 34 ----- nix/os/profiles/common/system.nix | 5 +- nix/os/profiles/graphical/system.nix | 19 ++- nix/os/snippets/bluetooth.nix | 9 ++ nix/os/snippets/home-manager-with-zsh.nix | 49 ++++++ nix/os/snippets/nix-settings.nix | 13 +- nix/os/snippets/sway-desktop.nix | 26 +++- secrets/steveej-x13s/secrets.yaml | 14 +- 27 files changed, 367 insertions(+), 461 deletions(-) delete mode 100644 nix/home-manager/configuration/text-minimal.nix delete mode 100644 nix/os/profiles/common/boot.nix delete mode 100644 nix/os/profiles/common/pkg.nix create mode 100644 nix/os/snippets/bluetooth.nix create mode 100644 nix/os/snippets/home-manager-with-zsh.nix diff --git a/flake.lock b/flake.lock index 825f580..4926126 100644 --- a/flake.lock +++ b/flake.lock @@ -132,6 +132,22 @@ "type": "github" } }, + "dotfiles": { + "flake": false, + "locked": { + "lastModified": 1541334338, + "narHash": "sha256-9QAq7bjITpaO8A8qD8IVoa+89Bg13CEwxf771d9S/Ag=", + "owner": "steveeJ", + "repo": "dotfiles", + "rev": "9a8484f7094edc1b533bad3be71c511ba8ff45eb", + "type": "gitlab" + }, + "original": { + "owner": "steveeJ", + "repo": "dotfiles", + "type": "gitlab" + } + }, "fenix": { "inputs": { "nixpkgs": [ @@ -713,6 +729,7 @@ "nixos-anywhere", "disko" ], + "dotfiles": "dotfiles", "fenix": "fenix", "flake-parts": "flake-parts", "get-flake": "get-flake", diff --git a/flake.nix b/flake.nix index 5c9e433..a0bdcc8 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,11 @@ # flake.nix { inputs = { + dotfiles = { + url = "gitlab:steveeJ/dotfiles"; + flake = false; + }; + # flake and infra basics nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; radicalePkgs.follows = "nixpkgs-2211"; @@ -164,6 +169,7 @@ retro_cross = retro.cross; steveej-x13s_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations.cross; + steveej-x13s-rmvbl_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s-rmvbl).nixosConfigurations.cross; } ); diff --git a/nix/home-manager/configuration/text-minimal.nix b/nix/home-manager/configuration/text-minimal.nix deleted file mode 100644 index 4566af7..0000000 --- a/nix/home-manager/configuration/text-minimal.nix +++ /dev/null @@ -1,12 +0,0 @@ -{pkgs, ...}: { - imports = [ - ../profiles/common.nix - ../programs/neovim.nix - ]; - - home.packages = with pkgs; [ - iperf3 - inetutils - speedtest-cli - ]; -} diff --git a/nix/home-manager/profiles/common.nix b/nix/home-manager/profiles/common.nix index 4356534..4ea2e6c 100644 --- a/nix/home-manager/profiles/common.nix +++ b/nix/home-manager/profiles/common.nix @@ -3,10 +3,7 @@ # programs.home-manager.enable = true; # programs.home-manager.path = https://github.com/rycee/home-manager/archive/445c0b1482c38172a9f8294ee16a7ca7462388e5.tar.gz; - imports = [ - ../programs/zsh.nix - ]; - + # TODO: move this to an OS snippet? nixpkgs.config = { allowBroken = false; allowUnfree = true; @@ -14,15 +11,6 @@ permittedInsecurePackages = [ ]; }; - nix.settings.experimental-features = [ - "nix-command" - "flakes" - "impure-derivations" - "ca-derivations" - "recursive-nix" - ]; - nix.settings.sandbox = "relaxed"; - home.keyboard = { layout = "us"; variant = "altgr-intl"; @@ -36,9 +24,7 @@ xdg.enable = true; programs.direnv.enable = true; - services.lorri.enable = true; - home.sessionVariables.NIXPKGS_ALLOW_UNFREE = "1"; # Don't create .pyc files. home.sessionVariables.PYTHONDONTWRITEBYTECODE = "1"; @@ -48,9 +34,14 @@ home.packages = [ ] ++ (with pkgs; [ - htop + coreutils + vcsh + htop + iperf3 + nethogs + # Authentication cacert openssl diff --git a/nix/home-manager/profiles/dotfiles.nix b/nix/home-manager/profiles/dotfiles.nix index 95b5248..c702f82 100644 --- a/nix/home-manager/profiles/dotfiles.nix +++ b/nix/home-manager/profiles/dotfiles.nix @@ -1,10 +1,47 @@ +{ repoFlake +, pkgs +, config +, repoHttps ? "https://gitlab.com/steveeJ/dotfiles.git" +, repoSsh ? "git@gitlab.com:/steveeJ/dotfiles.git" +, ... +}: +let + repoBareLocal = + pkgs.runCommand "fetchbare" + { + outputHashMode = "recursive"; + outputHashAlgo = "sha256"; + outputHash = "0000000000000000000000000000000000000000000000000000"; + } '' + ( + set -xe + export GIT_SSL_CAINFO=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt + export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt + ${pkgs.git}/bin/git clone --mirror ${repoHttps} $out + ) + ''; + vcshActivationScript = pkgs.writeScript "activation-script" '' + export HOST=$(hostname -s) + + function set_remotes { + ${pkgs.vcsh}/bin/vcsh dotfiles remote set-url origin $1 + ${pkgs.vcsh}/bin/vcsh dotfiles remote set-url --push origin $2 + } + + if ! test -d $HOME/.config/vcsh/repo.d/dotfiles.git; then + echo Cloning dotfiles for $HOST... + ${pkgs.vcsh}/bin/vcsh clone -b $HOST ${repoBareLocal} dotfiles + set_remotes ${repoHttps} ${repoSsh} + else + set_remotes ${repoBareLocal} ${repoSsh} + echo Updating dotfiles for $HOST... + ${pkgs.vcsh}/bin/vcsh pull $HOST || true + set_remotes ${repoHttps} ${repoSsh} + fi + ''; + +in { - pkgs, - config, - ... -}: let - vcshActivationScript = pkgs.callPackage ./dotfiles/vcsh.nix {}; -in { # TODO: fix the dotfiles # home.activation.vcsh = config.lib.dag.entryAfter["linkGeneration"] '' # $DRY_RUN_CMD ${vcshActivationScript} diff --git a/nix/home-manager/profiles/sway-desktop.nix b/nix/home-manager/profiles/sway-desktop.nix index f2bde47..a30fb64 100644 --- a/nix/home-manager/profiles/sway-desktop.nix +++ b/nix/home-manager/profiles/sway-desktop.nix @@ -39,24 +39,6 @@ in services.gpg-agent.pinentryFlavor = "gnome3"; - nixpkgs.overlays = [ - (final: prev: { - # xdg-desktop-portal-wlr' = repoFlakeInputs'.nixpkgs-wayland.packages.xdg-desktop-portal-wlr; - # xdg-desktop-portal-wlr-gtk' = repoFlakeInputs'.nixpkgs-wayland.packages.xdg-desktop-portal-wlr-gtk; - # sway-unwrapped = let - # fixed_wlroots = prev.wlroots_0_16.overrideAttrs (old: { - # patches = [ - # (builtins.fetchurl { - # sha256 = "05h9xzicz3fccskg2hbqnw2qh4bm7mwi70c4m00y87w5yhj9gxps"; - # url = "https://gist.githubusercontent.com/steveej/1d8c96ed2fdb3d9ddd0344ca5136073f/raw/d6a097a452b950865b554587db606e718d99c572/fix-wlroots.patch"; - # }) - # ]; - # }); - # in - # prev.sway-unwrapped.override {wlroots_0_16 = fixed_wlroots;}; - }) - ]; - home.packages = [ pkgs.swayidle pkgs.swaylock diff --git a/nix/os/devices/steveej-t14/configuration.nix b/nix/os/devices/steveej-t14/configuration.nix index fc3d209..fab73d5 100644 --- a/nix/os/devices/steveej-t14/configuration.nix +++ b/nix/os/devices/steveej-t14/configuration.nix @@ -1,5 +1,11 @@ { ... }: { imports = [ + ../../snippets/home-manager-with-zsh.nix + ../../snippets/nix-settings-holo-chain.nix + ../../snippets/radicale.nix + ../../snippets/sway-desktop.nix + ../../snippets/timezone.nix + ../../profiles/common/configuration.nix ../../profiles/graphical/configuration.nix ../../modules/opinionatedDisk.nix diff --git a/nix/os/devices/steveej-t14/default.nix b/nix/os/devices/steveej-t14/default.nix index 15b7745..430b017 100644 --- a/nix/os/devices/steveej-t14/default.nix +++ b/nix/os/devices/steveej-t14/default.nix @@ -1,24 +1,21 @@ -{ - nodeName, - repoFlake, - repoFlakeWithSystem, - nodeFlake, -}: let +{ nodeName +, repoFlake +, repoFlakeWithSystem +, nodeFlake +, ... +}: +let system = "x86_64-linux"; -in { +in +{ meta.nodeSpecialArgs.${nodeName} = { inherit repoFlake nodeName nodeFlake; packages' = repoFlake.packages.${system}; - repoFlakeInputs' = repoFlakeWithSystem system ({inputs', ...}: inputs'); + repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs'); }; meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; - overlays = [ - (final: prev: { - # FIXME: why are these not effective in for the configuration.nix below? - }) - ]; }; ${nodeName} = { @@ -28,8 +25,6 @@ in { imports = [ (repoFlake + "/nix/os/devices/${nodeName}/configuration.nix") - - nodeFlake.inputs.home-manager.nixosModules.home-manager ]; }; } diff --git a/nix/os/devices/steveej-t14/system.nix b/nix/os/devices/steveej-t14/system.nix index a0d5395..9dc6590 100644 --- a/nix/os/devices/steveej-t14/system.nix +++ b/nix/os/devices/steveej-t14/system.nix @@ -24,13 +24,6 @@ let in { - imports = [ - ../../snippets/nix-settings-holo-chain.nix - ../../snippets/radicale.nix - ../../snippets/sway-desktop.nix - ../../snippets/timezone.nix - ]; - nix.settings = { substituters = [ ]; diff --git a/nix/os/devices/steveej-x13s-rmvbl/configuration.nix b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix index 7e39af7..cfbf501 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/configuration.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix @@ -11,96 +11,12 @@ { imports = [ - repoFlake.inputs.sops-nix.nixosModules.sops - nodeFlake.inputs.disko.nixosModules.disko - ./disko.nix - - ../../profiles/common/user.nix - ../../profiles/common/pkg.nix - - { - # nixpkgs.config.allowUnsupportedSystem = true; - - # flake registry - nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs; - - nix.nixPath = [ - "nixpkgs=${pkgs.path}" - ]; - - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - - nix.settings.max-jobs = lib.mkDefault "auto"; - } - - { - services.openssh.enable = true; - services.openssh.settings.PermitRootLogin = "yes"; - services.openssh.openFirewall = true; - users.commonUsers = { enable = true; enableNonRoot = true; + installPassword = "install"; }; - - sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; - sops.defaultSopsFormat = "yaml"; } - - nodeFlake.inputs.home-manager.nixosModules.home-manager - - ../../snippets/sway-desktop.nix - ../../snippets/radicale.nix ]; - - hardware.thinkpad-x13s = { - enable = true; - - # TODO: use hardware address - bluetoothMac = "65:9e:7a:8b:86:28"; - }; - - networking = { - hostName = nodeName; - - firewall.enable = true; - - # useNetworkd = true; - networkmanager.enable = true; - }; - - system.stateVersion = "23.11"; - - nixpkgs.config.allowUnfree = true; - - environment.systemPackages = [ - pkgs.sshfs - pkgs.util-linux - pkgs.coreutils - pkgs.vim - - pkgs.git - pkgs.git-crypt - ]; - - home-manager.users.steveej = _: { - imports = [ - ../../../home-manager/configuration/graphical-fullblown.nix - - (_: { - programs.chromium.extensions = [ - # can define host-specific extensions here - ]; - }) - ]; - - home.sessionVariables = { }; - - home.packages = with pkgs; [ - ]; - }; } diff --git a/nix/os/devices/steveej-x13s-rmvbl/flake.lock b/nix/os/devices/steveej-x13s-rmvbl/flake.lock index f7008e1..6fc6701 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/flake.lock +++ b/nix/os/devices/steveej-x13s-rmvbl/flake.lock @@ -1,55 +1,5 @@ { "nodes": { - "adamcstephens_stop-export": { - "flake": false, - "locked": { - "lastModified": 1705876512, - "narHash": "sha256-nvBqLyi8dMQf3xnROwEcUv4iqV55Mr8S8OGYepu14i4=", - "ref": "refs/heads/main", - "rev": "388684db5b529bbd6f3e948cf175df089eb09766", - "revCount": 14, - "type": "git", - "url": "https://codeberg.org/adamcstephens/stop-export.git" - }, - "original": { - "type": "git", - "url": "https://codeberg.org/adamcstephens/stop-export.git" - } - }, - "alsa-ucm-conf": { - "flake": false, - "locked": { - "lastModified": 1705501566, - "narHash": "sha256-Nyr7tjH5VBjocvaKaHCiK+zsjThYBtcr936aRWCBBpM=", - "owner": "alsa-project", - "repo": "alsa-ucm-conf", - "rev": "e87dde51d68950537f92af955ad0633437cc419a", - "type": "github" - }, - "original": { - "owner": "alsa-project", - "ref": "master", - "repo": "alsa-ucm-conf", - "type": "github" - } - }, - "brainwart_x13s-nixos": { - "flake": false, - "locked": { - "lastModified": 1705565623, - "narHash": "sha256-sisr/dFIz8p3/Y7mz+arWxjeiBmUTQkMqkF9j3c2dWE=", - "owner": "BrainWart", - "repo": "x13s-nixos", - "rev": "29002122d86a1009ba70e7a4ca3063e5404c77a2", - "type": "github" - }, - "original": { - "owner": "BrainWart", - "ref": "flake", - "repo": "x13s-nixos", - "type": "github" - } - }, "disko": { "inputs": { "nixpkgs": [ @@ -105,23 +55,6 @@ "type": "github" } }, - "linux_x13s": { - "flake": false, - "locked": { - "lastModified": 1705680516, - "narHash": "sha256-NjCuPYjYHBJcoJR1ZaWQ9sRh0VpY2Y0hawkbUBRfCvk=", - "owner": "jhovold", - "repo": "linux", - "rev": "bac95eabe6577faa2773cbe7e91c34fd17ab79a0", - "type": "github" - }, - "original": { - "owner": "jhovold", - "ref": "wip/sc8280xp-v6.7", - "repo": "linux", - "type": "github" - } - }, "mobile-nixos": { "flake": false, "locked": { @@ -140,11 +73,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1705774713, - "narHash": "sha256-j6ADaDH9XiumUzkTPlFyCBcoWYhO83lfgiSqEJF2zcs=", + "lastModified": 1705916986, + "narHash": "sha256-iBpfltu6QvN4xMpen6jGGEb6jOqmmVQKUrXdOJ32u8w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1b64fc1287991a9cce717a01c1973ef86cb1af0b", + "rev": "d7f206b723e42edb09d9d753020a84b3061a79d8", "type": "github" }, "original": { @@ -172,11 +105,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1705891108, - "narHash": "sha256-PQ0Df5BzByg+0gPE1goa9WYVXSoEP6gtjblrbYC8WOI=", + "lastModified": 1706022028, + "narHash": "sha256-F8Gv4R4K/AvS3+6pWd8wlnw4Vhgf7bcszy7i8XPbzA0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8cccce637e19577815de54c5ecc3132dff965aee", + "rev": "15ff1758e7816331033baa14eebbea68626128f3", "type": "github" }, "original": { @@ -188,13 +121,9 @@ }, "root": { "inputs": { - "adamcstephens_stop-export": "adamcstephens_stop-export", - "alsa-ucm-conf": "alsa-ucm-conf", - "brainwart_x13s-nixos": "brainwart_x13s-nixos", "disko": "disko", "get-flake": "get-flake", "home-manager": "home-manager", - "linux_x13s": "linux_x13s", "mobile-nixos": "mobile-nixos", "nixpkgs": "nixpkgs", "nixpkgs-2211": "nixpkgs-2211", diff --git a/nix/os/devices/steveej-x13s-rmvbl/flake.nix b/nix/os/devices/steveej-x13s-rmvbl/flake.nix index d9cc53c..9a6bcba 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/flake.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/flake.nix @@ -31,6 +31,8 @@ buildPlatform = "x86_64-linux"; nodeName = "steveej-x13s-rmvbl"; + x13s-flake = get-flake ../steveej-x13s; + mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs: nixpkgs.lib.nixosSystem ( nixpkgs.lib.attrsets.recursiveUpdate @@ -41,13 +43,15 @@ inherit nodeName; repoFlake = get-flake ../../../..; - nodeFlake = self; + + # TODO: double-check if this hack doesn't have negative side-effects + # the reason for it is so that `nodeFlake.inputs.nixos-x13s.nixosModules.default` in the module is found + nodeFlake = x13s-flake; }).meta.nodeSpecialArgs.${nodeName}; modules = [ - self.nixosModules.hardware-x13s - + ../steveej-x13s/configuration.nix ./configuration.nix ] ++ extraModules; diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 0da079a..204aa33 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -10,31 +10,60 @@ }: { + nixos-x13s = { + enable = true; + # TODO: use hardware address + bluetoothMac = "65:9e:7a:8b:86:28"; + }; + + systemd.services.bluetooth-mac = { + enable = true; + path = [ + pkgs.systemd + pkgs.util-linux + pkgs.bluez5-experimental + pkgs.expect + ]; + script = '' + # TODO: this may not be required + while ! (journalctl -b0 | grep 'Bluetooth: hci0: QCA setup on UART is completed'); do + echo Waiting for bluetooth firmware to complete + echo sleep 1 + done + + ( + # best effort + set +e + rfkill block bluetooth + echo $? + btmgmt public-addr ${config.nixos-x13s.bluetoothMac} + echo $? + rfkill unblock bluetooth + echo $? + ) + ''; + requiredBy = [ "bluetooth.service" ]; + before = [ "bluetooth.service" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + + # we need a tty, otherwise btmgmt will hang + StandardInput = "tty"; + TTYPath = "/dev/tty2"; + TTYReset = "yes"; + TTYVHangup = "yes"; + }; + }; + imports = [ + nodeFlake.inputs.nixos-x13s.nixosModules.default + repoFlake.inputs.sops-nix.nixosModules.sops nodeFlake.inputs.disko.nixosModules.disko ./disko.nix - repoFlake.nixosModules.thinkpad-x13s - - ../../profiles/common/pkg.nix - - { - # flake registry - nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs; - - nix.nixPath = [ - "nixpkgs=${pkgs.path}" - ]; - - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - - nix.settings.max-jobs = lib.mkDefault "auto"; - } - + ../../snippets/nix-settings.nix ../../profiles/common/user.nix { @@ -42,30 +71,23 @@ services.openssh.settings.PermitRootLogin = "yes"; services.openssh.openFirewall = true; - # sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; - # sops.defaultSopsFormat = "yaml"; + sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + sops.defaultSopsFormat = "yaml"; users.commonUsers = { enable = true; enableNonRoot = true; - installPassword = "install"; }; } - nodeFlake.inputs.home-manager.nixosModules.home-manager + ../../snippets/home-manager-with-zsh.nix ../../snippets/sway-desktop.nix + ../../snippets/bluetooth.nix ../../snippets/timezone.nix # ../../snippets/radicale.nix ]; - hardware.thinkpad-x13s = { - enable = true; - - # TODO: use hardware address - bluetoothMac = "65:9e:7a:8b:86:28"; - }; - networking.hostName = nodeName; networking.firewall.enable = true; networking.networkmanager.enable = true; @@ -93,12 +115,23 @@ ../../../home-manager/configuration/graphical-fullblown.nix ]; - # seems to be broke on install - programs.chromium.enable = lib.mkForce false; - home.sessionVariables = { }; home.packages = with pkgs; [ ]; + + # TODO: currently unsupported + services.gammastep.enable = lib.mkForce false; + # programs.chromium.enable = lib.mkForce false; + }; + + boot = { + kernelParams = [ + "dtb=sc8280xp-lenovo-thinkpad-x13s.dtb" + ]; + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = lib.mkForce false; + loader.efi.efiSysMountPoint = "/boot"; + blacklistedKernelModules = [ "wwan" ]; }; } diff --git a/nix/os/devices/steveej-x13s/default.nix b/nix/os/devices/steveej-x13s/default.nix index 51d487b..545dde3 100644 --- a/nix/os/devices/steveej-x13s/default.nix +++ b/nix/os/devices/steveej-x13s/default.nix @@ -31,8 +31,6 @@ imports = [ (repoFlake + "/nix/os/devices/${nodeName}/configuration.nix") - - nodeFlake.inputs.home-manager.nixosModules.home-manager ]; networking.hostName = nodeName; diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index f7008e1..5e95546 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -1,55 +1,5 @@ { "nodes": { - "adamcstephens_stop-export": { - "flake": false, - "locked": { - "lastModified": 1705876512, - "narHash": "sha256-nvBqLyi8dMQf3xnROwEcUv4iqV55Mr8S8OGYepu14i4=", - "ref": "refs/heads/main", - "rev": "388684db5b529bbd6f3e948cf175df089eb09766", - "revCount": 14, - "type": "git", - "url": "https://codeberg.org/adamcstephens/stop-export.git" - }, - "original": { - "type": "git", - "url": "https://codeberg.org/adamcstephens/stop-export.git" - } - }, - "alsa-ucm-conf": { - "flake": false, - "locked": { - "lastModified": 1705501566, - "narHash": "sha256-Nyr7tjH5VBjocvaKaHCiK+zsjThYBtcr936aRWCBBpM=", - "owner": "alsa-project", - "repo": "alsa-ucm-conf", - "rev": "e87dde51d68950537f92af955ad0633437cc419a", - "type": "github" - }, - "original": { - "owner": "alsa-project", - "ref": "master", - "repo": "alsa-ucm-conf", - "type": "github" - } - }, - "brainwart_x13s-nixos": { - "flake": false, - "locked": { - "lastModified": 1705565623, - "narHash": "sha256-sisr/dFIz8p3/Y7mz+arWxjeiBmUTQkMqkF9j3c2dWE=", - "owner": "BrainWart", - "repo": "x13s-nixos", - "rev": "29002122d86a1009ba70e7a4ca3063e5404c77a2", - "type": "github" - }, - "original": { - "owner": "BrainWart", - "ref": "flake", - "repo": "x13s-nixos", - "type": "github" - } - }, "disko": { "inputs": { "nixpkgs": [ @@ -69,6 +19,24 @@ "type": "indirect" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1704982712, + "narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "07f6395285469419cf9d078f59b5b49993198c00", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "get-flake": { "locked": { "lastModified": 1694475786, @@ -105,23 +73,6 @@ "type": "github" } }, - "linux_x13s": { - "flake": false, - "locked": { - "lastModified": 1705680516, - "narHash": "sha256-NjCuPYjYHBJcoJR1ZaWQ9sRh0VpY2Y0hawkbUBRfCvk=", - "owner": "jhovold", - "repo": "linux", - "rev": "bac95eabe6577faa2773cbe7e91c34fd17ab79a0", - "type": "github" - }, - "original": { - "owner": "jhovold", - "ref": "wip/sc8280xp-v6.7", - "repo": "linux", - "type": "github" - } - }, "mobile-nixos": { "flake": false, "locked": { @@ -138,13 +89,34 @@ "type": "github" } }, + "nixos-x13s": { + "inputs": { + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1705945811, + "narHash": "sha256-eDqgRYGMzRfpfWvSVj6IhHAWOMJC3xiwKaClbe79Gro=", + "ref": "refs/heads/main", + "rev": "9320defc4b8f381e5b7887d212d8d2babc41f2f2", + "revCount": 2, + "type": "git", + "url": "https://codeberg.org/adamcstephens/nixos-x13s" + }, + "original": { + "type": "git", + "url": "https://codeberg.org/adamcstephens/nixos-x13s" + } + }, "nixpkgs": { "locked": { - "lastModified": 1705774713, - "narHash": "sha256-j6ADaDH9XiumUzkTPlFyCBcoWYhO83lfgiSqEJF2zcs=", + "lastModified": 1705916986, + "narHash": "sha256-iBpfltu6QvN4xMpen6jGGEb6jOqmmVQKUrXdOJ32u8w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1b64fc1287991a9cce717a01c1973ef86cb1af0b", + "rev": "d7f206b723e42edb09d9d753020a84b3061a79d8", "type": "github" }, "original": { @@ -170,13 +142,31 @@ "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "dir": "lib", + "lastModified": 1703961334, + "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9", + "type": "github" + }, + "original": { + "dir": "lib", + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1705891108, - "narHash": "sha256-PQ0Df5BzByg+0gPE1goa9WYVXSoEP6gtjblrbYC8WOI=", + "lastModified": 1706022028, + "narHash": "sha256-F8Gv4R4K/AvS3+6pWd8wlnw4Vhgf7bcszy7i8XPbzA0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8cccce637e19577815de54c5ecc3132dff965aee", + "rev": "15ff1758e7816331033baa14eebbea68626128f3", "type": "github" }, "original": { @@ -188,14 +178,11 @@ }, "root": { "inputs": { - "adamcstephens_stop-export": "adamcstephens_stop-export", - "alsa-ucm-conf": "alsa-ucm-conf", - "brainwart_x13s-nixos": "brainwart_x13s-nixos", "disko": "disko", "get-flake": "get-flake", "home-manager": "home-manager", - "linux_x13s": "linux_x13s", "mobile-nixos": "mobile-nixos", + "nixos-x13s": "nixos-x13s", "nixpkgs": "nixpkgs", "nixpkgs-2211": "nixpkgs-2211", "nixpkgs-unstable-small": "nixpkgs-unstable-small" diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index cb1fed8..7ff3529 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -18,6 +18,9 @@ url = "github:nix-community/home-manager/release-23.11"; inputs.nixpkgs.follows = "nixpkgs"; }; + + nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s"; + nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = @@ -46,7 +49,8 @@ modules = [ - repoFlake.nixosModules.hardware-x13s + # repoFlake.nixosModules.hardware-x13s + ./configuration.nix ] diff --git a/nix/os/modules/hardware.thinkpad-x13s.nix b/nix/os/modules/hardware.thinkpad-x13s.nix index a1c6682..df69d6c 100644 --- a/nix/os/modules/hardware.thinkpad-x13s.nix +++ b/nix/os/modules/hardware.thinkpad-x13s.nix @@ -13,12 +13,6 @@ in type = lib.types.str; description = "mac address to set on boot"; }; - - bluetoothMacAddr = lib.mkOption { - default = "00:00:00:00:00"; - type = lib.types.str; - }; - }; config = let diff --git a/nix/os/profiles/common/boot.nix b/nix/os/profiles/common/boot.nix deleted file mode 100644 index 21fa70c..0000000 --- a/nix/os/profiles/common/boot.nix +++ /dev/null @@ -1,15 +0,0 @@ -{pkgs, ...}: { - boot.kernelPackages = pkgs.linuxPackages; - boot.loader.grub = { - enable = true; - efiSupport = true; - efiInstallAsRemovable = false; - }; - - boot.loader.systemd-boot.enable = false; - boot.loader.efi.canTouchEfiVariables = true; - boot.tmp.useTmpfs = true; - - # Workaround for nm-pptp to enforce module load - boot.kernelModules = ["nf_conntrack_proto_gre" "nf_conntrack_pptp"]; -} diff --git a/nix/os/profiles/common/configuration.nix b/nix/os/profiles/common/configuration.nix index 0590e79..c6ed9fb 100644 --- a/nix/os/profiles/common/configuration.nix +++ b/nix/os/profiles/common/configuration.nix @@ -1,18 +1,38 @@ -{ - config, - pkgs, - repoFlake, - ... +{ config +, pkgs +, repoFlake +, nodeFlake +, repoFlakeInputs' +, packages' +, ... }: { imports = [ - ./boot.nix - ./pkg.nix - ./system.nix - ../../snippets/nix-settings.nix - ./hw.nix - - ./user.nix - repoFlake.inputs.sops-nix.nixosModules.sops + + ../../snippets/nix-settings.nix + ../../snippets/home-manager-with-zsh.nix + + ./system.nix + ./hw.nix + ./user.nix ]; + + boot.kernelPackages = pkgs.linuxPackages; + boot.loader.grub = { + enable = true; + efiSupport = true; + efiInstallAsRemovable = false; + }; + + boot.loader.systemd-boot.enable = false; + boot.loader.efi.canTouchEfiVariables = true; + boot.tmp.useTmpfs = true; + + # Workaround for nm-pptp to enforce module load + boot.kernelModules = [ "nf_conntrack_proto_gre" "nf_conntrack_pptp" ]; + + nixpkgs.config = { + allowBroken = false; + allowUnfree = true; + }; } diff --git a/nix/os/profiles/common/pkg.nix b/nix/os/profiles/common/pkg.nix deleted file mode 100644 index 74e987b..0000000 --- a/nix/os/profiles/common/pkg.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ config -, pkgs -, # these come in via nodeSpecialArgs and are expected to be defined for every node - repoFlake -, repoFlakeInputs' -, nodeFlake -, packages' -, ... -}: { - imports = [ - ]; - - nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs; - home-manager.useGlobalPkgs = false; - home-manager.useUserPackages = true; - home-manager.users.root = import ../../../home-manager/configuration/text-minimal.nix; - - # TODO: investigate an issue with the "name" arg contained here, which causes problems with home-manager - # home-manager.extraSpecialArgs = specialArgs; - # hence, opt for passing the arguments selectively instead - home-manager.extraSpecialArgs = { - inherit - repoFlake - repoFlakeInputs' - packages' - nodeFlake - ; - }; - - nixpkgs.config = { - allowBroken = false; - allowUnfree = true; - }; -} diff --git a/nix/os/profiles/common/system.nix b/nix/os/profiles/common/system.nix index 7fa2c2d..9c25dbc 100644 --- a/nix/os/profiles/common/system.nix +++ b/nix/os/profiles/common/system.nix @@ -42,15 +42,12 @@ # mv -Tf /etc/X11/.sessions /etc/X11/sessions # ''; + # TODO: adapt this to be arch agnostic system.activationScripts.lib64 = '' echo "setting up /lib64..." mkdir -p /lib64 ln -sfT ${pkgs.glibc}/lib/ld-linux-x86-64.so.2 /lib64/.ld-linux-x86-64.so.2 mv -Tf /lib64/.ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2 ''; - - programs.zsh.enable = true; - users.defaultUserShell = pkgs.zsh; - environment.pathsToLink = [ "/share/zsh" ]; programs.fuse.userAllowOther = true; } diff --git a/nix/os/profiles/graphical/system.nix b/nix/os/profiles/graphical/system.nix index 1eb2d07..4e68144 100644 --- a/nix/os/profiles/graphical/system.nix +++ b/nix/os/profiles/graphical/system.nix @@ -1,8 +1,11 @@ -{ - pkgs, - lib, - ... +{ pkgs +, lib +, ... }: { + imports = [ + ../../snippets/bluetooth.nix + ]; + networking.networkmanager = { enable = true; dns = "systemd-resolved"; @@ -22,12 +25,8 @@ services.illum.enable = true; services.pcscd.enable = true; hardware.opengl.enable = true; - hardware.bluetooth.enable = true; - # required for running blueman-applet in user sessions - services.dbus.packages = with pkgs; [blueman]; - services.blueman.enable = true; - services.udev.packages = [pkgs.libu2f-host pkgs.yubikey-personalization pkgs.android-udev-rules]; + services.udev.packages = [ pkgs.libu2f-host pkgs.yubikey-personalization pkgs.android-udev-rules ]; services.udev.extraRules = '' # OnePlusOne ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess" @@ -54,6 +53,6 @@ services.printing = { enable = true; - drivers = with pkgs; [mfcl3770cdwlpr mfcl3770cdwcupswrapper]; + drivers = with pkgs; [ mfcl3770cdwlpr mfcl3770cdwcupswrapper ]; }; } diff --git a/nix/os/snippets/bluetooth.nix b/nix/os/snippets/bluetooth.nix new file mode 100644 index 0000000..47c5ab5 --- /dev/null +++ b/nix/os/snippets/bluetooth.nix @@ -0,0 +1,9 @@ +{ pkgs +, lib +, ... +}: { + # required for running blueman-applet in user sessions + services.dbus.packages = with pkgs; [ blueman ]; + hardware.bluetooth.enable = true; + services.blueman.enable = true; +} diff --git a/nix/os/snippets/home-manager-with-zsh.nix b/nix/os/snippets/home-manager-with-zsh.nix new file mode 100644 index 0000000..5bbb1e5 --- /dev/null +++ b/nix/os/snippets/home-manager-with-zsh.nix @@ -0,0 +1,49 @@ +{ nodeFlake +, repoFlake +, repoFlakeInputs' +, packages' +, pkgs +, ... +}: + +let + # TODO: make this configurable + homeUser = "steveej"; + commonHomeImports = [ + ../../home-manager/profiles/common.nix + ../../home-manager/programs/neovim.nix + ../../home-manager/programs/zsh.nix + ]; +in +{ + imports = [ + nodeFlake.inputs.home-manager.nixosModules.home-manager + ]; + + # TODO: investigate an issue with the "name" arg contained here, which causes problems with home-manager + # home-manager.extraSpecialArgs = specialArgs; + # hence, opt for passing the arguments selectively instead + home-manager.extraSpecialArgs = { + inherit + repoFlake + repoFlakeInputs' + packages' + nodeFlake + ; + }; + + home-manager.useGlobalPkgs = false; + home-manager.useUserPackages = true; + + home-manager.users.root = _: { + imports = commonHomeImports; + }; + + home-manager.users."${homeUser}" = _: { + imports = commonHomeImports; + }; + + programs.zsh.enable = true; + users.defaultUserShell = pkgs.zsh; + environment.pathsToLink = [ "/share/zsh" ]; +} diff --git a/nix/os/snippets/nix-settings.nix b/nix/os/snippets/nix-settings.nix index 36db65e..f3f577b 100644 --- a/nix/os/snippets/nix-settings.nix +++ b/nix/os/snippets/nix-settings.nix @@ -1,9 +1,7 @@ -{ - nodeFlake, - - pkgs, - lib, - ... +{ nodeFlake +, pkgs +, lib +, ... }: { nix.daemonCPUSchedPolicy = "idle"; nix.daemonIOSchedClass = "idle"; @@ -17,8 +15,6 @@ nix.settings.experimental-features = [ "nix-command" "flakes" - "ca-derivations" - "impure-derivations" ]; nix.settings.system-features = [ @@ -29,4 +25,5 @@ ]; nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs; + } diff --git a/nix/os/snippets/sway-desktop.nix b/nix/os/snippets/sway-desktop.nix index 2ede0f6..4c51002 100644 --- a/nix/os/snippets/sway-desktop.nix +++ b/nix/os/snippets/sway-desktop.nix @@ -1,4 +1,8 @@ -{ pkgs, lib, ... }: +{ pkgs +, lib +, config +, ... +}: let # TODO: make this configurable @@ -64,6 +68,7 @@ in }; security.pam.services.getty.enableGnomeKeyring = true; + security.pam.services."autovt@tty1".enableGnomeKeyring = true; services.gnome.gnome-keyring.enable = true; # autologin steveej on tty1 @@ -79,11 +84,20 @@ in Restart = "always"; Type = "idle"; }; - programs.zsh.loginShellInit = '' - if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then - exec sway - fi - ''; + + programs = + let + steveejSwayOnTty1 = '' + if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then + exec sway + fi + ''; + in + { + bash.loginShellInit = steveejSwayOnTty1; + # TODO: only do this when zsh is enabled. first naiv attempt lead infinite recursion + zsh.loginShellInit = steveejSwayOnTty1; + }; home-manager.users."${homeUser}" = _: { imports = [ diff --git a/secrets/steveej-x13s/secrets.yaml b/secrets/steveej-x13s/secrets.yaml index a7306d2..f8c2741 100644 --- a/secrets/steveej-x13s/secrets.yaml +++ b/secrets/steveej-x13s/secrets.yaml @@ -1,14 +1,4 @@ hello: ENC[AES256_GCM,data:9dO0Gd4YDDxWHHBYtdomfK8BJnBZC+SQYfUvTAkCq9sOO/ZH/bFhN0Fl/NvLzQ==,iv:m1TZ9PGjsoMo7NA9EHrLb0tCtIl98E3OEN1bkpZZxXY=,tag:Gup/pACLIXGXu8KEyzmfWg==,type:str] -example_key: ENC[AES256_GCM,data:EQ+uewu8+17QhrbIHg==,iv:N9i1tCT5IHz5WYbqyF0AIqCq/c67uPMiavUxt0Eb2Oc=,tag:UwOrM3cOLYMxIe80GenljA==,type:str] -#ENC[AES256_GCM,data:qZzxU9ai1z/5f3gxHrR5Dq56,iv:ccvxVS693K9Jjp/YIesWo8kemtkCSFWHJlJposcmXt0=,tag:FQUUPO+ydScUVZWH89vEew==,type:comment] -#ENC[AES256_GCM,data:Il5rKFCgUQERmLqSEOnzoQ==,iv:ALxNqdu/MgDdPyiEsq0Qgb/5bOBS3OgIWf0ZOUbGLJg=,tag:u4vJ7Y6iwa1Na5FIebrVow==,type:comment] -example_array: - - ENC[AES256_GCM,data:yMM0kfvv4WI/reWLuM8=,iv:51XoWYOFLAbhIzejbWBwIpi2JVhQZIivLt4HVJtXPpA=,tag:J9C7NwdVOoocGKWUvUAOSQ==,type:str] - - ENC[AES256_GCM,data:Tg1bRwtydMuaLvnvTDc=,iv:8c44EM1U5tqD8Mn8Fg37MyASi+xv78BB+8AjG59tzXE=,tag:OvxU9x0pZbjW9j/DQMahFg==,type:str] -example_number: ENC[AES256_GCM,data:DhzIPdpqm/p1pQ==,iv:ZWkBTeuyaXVzffEVGuw1xxi+ekiSGyspE9PeBNRRm1k=,tag:Qq1/Wo3XY+Y2u5luxxxTeA==,type:float] -example_booleans: - - ENC[AES256_GCM,data:ZA6WIQ==,iv:gkQnXrVZiP6Yj4SVdtM09Jmpebb11998tv3y/P5pvqE=,tag:ujwkH9l6/+1W4IeDu3HBFw==,type:bool] - - ENC[AES256_GCM,data:YcDPFAc=,iv:r9gBG5YIq5Sgs6/HWRWjBJZ8TrlXDxnAZN1PRBVIq8k=,tag:TTP0tsiPsPsd6BjkScCRbQ==,type:bool] sops: kms: [] gcp_kms: [] @@ -24,8 +14,8 @@ sops: Q1FmbW9BL3E1emwwWFhJTTZoRlhVdFEKCkpvkW65v0+fuh2bXZVNVbnwsl1Aca/O 9tkIMNLFhD/Rn8MFmkhIZmWYWB4IUwW/UNSxrmkt7cyFJNlpAH0+YA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-22T09:20:19Z" - mac: ENC[AES256_GCM,data:Mmo5XJaMIDZ0sqKyn7oK+l6XdrTyA0NuF8tueLEKSdSCFxr2TJjroyojsybrYKehp5rrW1rT8cWWld2wXEEr+txsMCzIrlDqyerkcsu7ioMJb7ihRyXATBzdBOfUTq/8iLLc9gE9uRaMbeNOrglF0nxS+VtwOmst/z6fl7wC0+Q=,iv:t+dSzeBBhVfPo2efHM4iWIE/DHTDAm917kZrV1UxV0I=,tag:+CPkO6bbWqMzWBs16HT8GA==,type:str] + lastmodified: "2024-01-23T09:41:31Z" + mac: ENC[AES256_GCM,data:xGspZnqqcwoxM0otV3m6RJdwp4laYC+b6DSOEhzbQDeS6hslD6BddQ2g+tS7l3QTtItOjmB6pLb1JJkyhaG3PDWaDu89GNlvUyTyTUxfZWzTfiB6LWJS7eDTwb6OvzDklzCRltoH+8bWTjedWkeWIOtYbjJPo6zwUAiXgiKOj2s=,iv:MSgm5HXlb/NtvqHvVmDdwzX5ebipf7UJnmPNFUV9Nzs=,tag:XT4Evu+Sn+t/+EPb+dZ61Q==,type:str] pgp: - created_at: "2024-01-23T09:01:14Z" enc: |- From d3024248d9b7a7a7ec78899a75ced30f161388e6 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 25 Jan 2024 00:09:06 +0100 Subject: [PATCH 018/305] radicale path updates and updatekey command --- Justfile | 3 + nix/home-manager/programs/radicale.nix | 4 +- nix/pkgs/logseq/Containerfile | 59 +++++++++++++++++++ nix/pkgs/logseq/README.md | 6 ++ nix/pkgs/logseq/default.nix | 80 ++++++++++++++++++++++++++ nix/pkgs/logseq/flake.nix | 18 ++++++ secrets/desktop/radicale_htpasswd | 18 +++--- 7 files changed, 179 insertions(+), 9 deletions(-) create mode 100644 nix/pkgs/logseq/Containerfile create mode 100644 nix/pkgs/logseq/README.md create mode 100644 nix/pkgs/logseq/default.nix create mode 100644 nix/pkgs/logseq/flake.nix diff --git a/Justfile b/Justfile index 0b3bb36..1633cba 100755 --- a/Justfile +++ b/Justfile @@ -306,3 +306,6 @@ test-connection: cachix-use name: nix run nixpkgs/nixos-unstable#cachix -- use {{name}} -m nixos -d nix/os/ + +update-sops-keys: + for file in $(egrep -lr '"?sops"?:') secrets; do sops updatekeys -y $file; done diff --git a/nix/home-manager/programs/radicale.nix b/nix/home-manager/programs/radicale.nix index bcedd41..1a89d95 100644 --- a/nix/home-manager/programs/radicale.nix +++ b/nix/home-manager/programs/radicale.nix @@ -63,8 +63,8 @@ let [storage] type = radicale_storage_decsync - filesystem_folder = ${config.xdg.dataHome}/radicale-${suffix} - decsync_dir = ${config.xdg.dataHome}/decsync-${suffix} + filesystem_folder = ${config.xdg.dataHome}/radicale/radicale-${suffix} + decsync_dir = ${config.xdg.dataHome}/decsync/decsync-${suffix} ''; in { diff --git a/nix/pkgs/logseq/Containerfile b/nix/pkgs/logseq/Containerfile new file mode 100644 index 0000000..e61e2b9 --- /dev/null +++ b/nix/pkgs/logseq/Containerfile @@ -0,0 +1,59 @@ +# NOTE: please keep it in sync with .github pipelines +# NOTE: during testing make sure to change the branch below +# NOTE: before running the build-docker GH action edit +# build-docker.yml and change the release channel from :latest to :testing + +# Builder image +FROM clojure:temurin-11-tools-deps-1.11.1.1208-bullseye-slim as builder + +ARG DEBIAN_FRONTEND=noninteractive + +# Install reqs +RUN apt-get update && apt-get install -y --no-install-recommends \ + curl \ + ca-certificates \ + apt-transport-https \ + gpg \ + build-essential libcairo2-dev libpango1.0-dev libjpeg-dev libgif-dev librsvg2-dev \ + zip + +# install NodeJS & yarn +RUN curl -sL https://deb.nodesource.com/setup_18.x | bash - + +RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | \ + tee /etc/apt/trusted.gpg.d/yarn.gpg && \ + echo "deb https://dl.yarnpkg.com/debian/ stable main" | \ + tee /etc/apt/sources.list.d/yarn.list && \ + apt-get update && apt-get install -y nodejs yarn + +WORKDIR /data + +ENV VERSION=0.10.5 + +# build Logseq static resources +RUN git clone -b ${VERSION} https://github.com/logseq/logseq.git . + +RUN yarn config set network-timeout 240000 -g && yarn install +RUN yarn release-electron + +RUN mkdir /out +RUN mv /data/static/out/make/zip /out/${VERSION}.zip +RUN mv /data/static/out/make/*.AppImage /out/ + +FROM scratch as artifacts +COPY --from=builder /out / +# Logseq-${VERSION}.AppImage +# RUN mv zip /${VERSION}.zip + +# RUN \ +# mkdir -p builds +# # NOTE: save VERSION file to builds directory +# cp static/VERSION ./builds/VERSION +# mv static/out/make/*-*.AppImage ./builds/Logseq-linux-aarch64-${VERSION}.AppImage +# mv static/out/make/zip/linux/x64/*-linux-x64-*.zip ./builds/Logseq-linux-aarch64-${VERSION}.zip + +# # Web App Runner image +# FROM nginx:1.24.0-alpine3.17 +# +# COPY --from=builder /data/static /usr/share/nginx/html +# diff --git a/nix/pkgs/logseq/README.md b/nix/pkgs/logseq/README.md new file mode 100644 index 0000000..1ae1756 --- /dev/null +++ b/nix/pkgs/logseq/README.md @@ -0,0 +1,6 @@ +this is pseudocode that serves as a reminder + +1. podman build -f Containerfile +2. podman unshare +3. podman mount $CONTAINER_ID +4. upload the AppImaeg diff --git a/nix/pkgs/logseq/default.nix b/nix/pkgs/logseq/default.nix new file mode 100644 index 0000000..f93efb0 --- /dev/null +++ b/nix/pkgs/logseq/default.nix @@ -0,0 +1,80 @@ +{ lib +, pname ? "logseq" +, version ? "0.10.5" +, src ? fetchurl { + url = "https://github.com/logseq/logseq/releases/download/${ version}/logseq-linux-x64-${ version}.AppImage"; + hash = "sha256-F3YbqgvL04P0nXaIVkJlCq/z8hUE0M0UutkBs2omuBE="; + name = "${ pname}-${ version}.AppImage"; + } +, stdenv +, fetchurl +, appimageTools +, makeWrapper + # graphs will not sync without matching upstream's major electron version +, electron_27 +, git +, nix-update-script +}: + +stdenv.mkDerivation + (finalAttrs: + let + inherit (finalAttrs) pname version src appimageContents; + + in + { + inherit version pname src; + + appimageContents = appimageTools.extract { + inherit pname src version; + }; + + dontUnpack = true; + dontConfigure = true; + dontBuild = true; + + nativeBuildInputs = [ makeWrapper ]; + + installPhase = '' + runHook preInstall + + mkdir -p $out/bin $out/share/${pname} $out/share/applications + cp -a ${appimageContents}/{locales,resources} $out/share/${pname} + cp -a ${appimageContents}/Logseq.desktop $out/share/applications/${pname}.desktop + + # remove the `git` in `dugite` because we want the `git` in `nixpkgs` + chmod +w -R $out/share/${pname}/resources/app/node_modules/dugite/git + chmod +w $out/share/${pname}/resources/app/node_modules/dugite + rm -rf $out/share/${pname}/resources/app/node_modules/dugite/git + chmod -w $out/share/${pname}/resources/app/node_modules/dugite + + mkdir -p $out/share/pixmaps + ln -s $out/share/${pname}/resources/app/icons/logseq.png $out/share/pixmaps/${pname}.png + + substituteInPlace $out/share/applications/${pname}.desktop \ + --replace Exec=Logseq Exec=${pname} \ + --replace Icon=Logseq Icon=${pname} + + runHook postInstall + ''; + + postFixup = '' + # set the env "LOCAL_GIT_DIRECTORY" for dugite so that we can use the git in nixpkgs + makeWrapper ${electron_27}/bin/electron $out/bin/${pname} \ + --set "LOCAL_GIT_DIRECTORY" ${git} \ + --add-flags $out/share/${pname}/resources/app \ + --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \ + --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ stdenv.cc.cc.lib ]}" + ''; + + passthru.updateScript = nix-update-script { }; + + meta = { + description = "A local-first, non-linear, outliner notebook for organizing and sharing your personal knowledge base"; + homepage = "https://github.com/logseq/logseq"; + changelog = "https://github.com/logseq/logseq/releases/tag/${version}"; + license = lib.licenses.agpl3Plus; + maintainers = with lib.maintainers; [ ]; + platforms = [ "x86_64-linux" ]; + }; + }) diff --git a/nix/pkgs/logseq/flake.nix b/nix/pkgs/logseq/flake.nix new file mode 100644 index 0000000..0ddb02e --- /dev/null +++ b/nix/pkgs/logseq/flake.nix @@ -0,0 +1,18 @@ +{ + inputs = { + utils.url = "github:numtide/flake-utils"; + # clj2nix.url = "github:hlolli/clj2nix"; + logseq.url = "github:logseq/logseq/0.5.9"; + }; + + outputs = { nixpkgs, self, utils }: utils.lib.eachDefaultSystem (system: + let + pkgs = import nixpkgs { inherit system; }; + # clj2nixBin = clj2nix.defaultPackage.${system}; + in + { + packages = pkgs.callPackage ./default.nix { inherit self; }; + nixpkgs = pkgs; + }); + +} diff --git a/secrets/desktop/radicale_htpasswd b/secrets/desktop/radicale_htpasswd index 10cda96..5b0f6b6 100644 --- a/secrets/desktop/radicale_htpasswd +++ b/secrets/desktop/radicale_htpasswd @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:4Sfp4HqBQ/gsdK1iIwVisHxXHB9ryuTcsxqa4pJMYPBkn0C/Z43TuvZnUpZyACAIL00h7sPMEqQbdvmiHoo2CVizl5hB0wT6QdBwjuSjjuNDwqqJTvistCNBGsTQrb8fdsmTMGEyQmC0yQ6eF3STIT2PP/M1NPZ30zqxQInscv0Mem3n1yT0S3xamwvXkJq+WQvEhJpggsp8,iv:B+KVrsWRHYhvNCkwWhHOF6CFTpF4/tI5wOD05aMf2JI=,tag:srnaV+etedgReXLZ9QBPCw==,type:str]", + "data": "ENC[AES256_GCM,data:rUTsNj5pW/7JhyfRWiEoOHVT06tmbAHarOEuMkWaP+jz9FX3Qvjtv2S767Be89RwBdZZPTyO5+DcWUH+m2AOoAFKZs8TgT7lmQCuweXE27HZe88y+mNvHYfExWbLaC3fxheHgy8BgZBQNdVMKhZlYr5nLxJBrUY+j2sRP/CuucUcbsCojoHqYmb9hpS03PZ7i6Uf7tImgvFc,iv:pnYzcggEWKAhRxJyOGYaXFrS6kN7uLHic+tO1PeHZmg=,tag:4eXlaWf7hJxcy6zlQC5U8Q==,type:str]", "sops": { "kms": null, "gcp_kms": null, @@ -8,19 +8,23 @@ "age": [ { "recipient": "age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmTVMxdkpjQllIZlRpQjEr\nc0RqNzNnOGplcDR6by9aL0JQY0ZmZjV3OUhrCm1sbHEvQ3hFZVg1YU5wOU5kaGpI\nK25zckJNaXhWd21kUHIyTm8yVW0reWsKLS0tIHVvbDhYZjRSbVRjOWZNaWkwcm1z\neVJyTTRNNTJBeVYxdDFCL1ozQjhQUkUK09k0LVNUugbxtZJB1JEXWmB2Q35mK1MW\nY12rpx4QwFUf1uhZDGmHMU0mrmaZRhkiTXTW+MtbHHtiGCxI8JrgLQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsRG1PWnJpTjRCOFVXS21h\nTUxFb1ZsS1piTUxtdmRSVGFmNGlzZmZqWXo4CnhMY3hBZU93bE45MFBJSG9Nd3Zh\nNi9DQjZlb2FzQXplZXovOENBOWRUQ0kKLS0tIFJsNklCUWFZdzhNaXlFQ2lFTGd5\nREp5VFZaNFlZeWVTUXlJSWpUOXA0OEEKEO5EEvjKL2BdBd+eHxvicl3IhGV/WNRS\ni5065sFhraZ+6MAg91eHUcwcfwjhx0tr06v9xARtKzgEEpgxHLT6BQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvWHZjdERBT0hHTVVnMzJJ\nSURhU0NrelB4b0FuTmM1VFIvRFRpQS9sMEQwClJsWGVTUE1hN0Y5c3dETUcyUllX\nSmIzR2ZhMDJDa1hsY0xBaGJrNXkrMUUKLS0tIHAwenJOOHZOSksrQ2dacVhKQVg5\ndEl6QVdkTHdGbG81OUUzOFprZHVRUm8KVYgQ5wUkCDZa9SUbmJgtpWY/LWruAg2t\nZFVYJUZ7B/Pd6rzvtOVjU8mEOaMbtq1cYkiAcuzhIdoTxu1TX11OPA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2024-01-22T17:03:08Z", - "mac": "ENC[AES256_GCM,data:BS4BPjzA663knjD53QWjjDKmYmT6GcOVJru0XBWDQakVvgZwrPnRSZWSuC+ubtTBiG+EMK8Zx7nY3i8S/T0AkO9FmxBR476m8oopkNvCQIIEOkOK0F5I2gd6W/SDqKBC8Wzb6qWxGYDeZBmnvjpapcyW+VvJvaXhjSJpOgff+LQ=,iv:mwa9p6YJPLDWUcPxgGErZUSd5afCdg3YmY3fL1/f6do=,tag:MQN6KPB0NwVakSps9/sLzw==,type:str]", + "lastmodified": "2024-01-24T22:45:02Z", + "mac": "ENC[AES256_GCM,data:70nJ8FwQqWKUs5tVZTdaUSnFdvzh7h7GG9lJU9IVuSW8GHs9N4srFRJ0DtJbrIYm4YasNsZqNUcWx/ptxzP0DG/IJs8Vpnb4U5SXKw+zN7B5GBM0Xnh6pZZcylAw7lcXevBfI4jw7Ymmj5zBIFyKTCKhietayfmxdIxyoaxNH34=,iv:XJgmRc0tONH9H6AQyfJvDdkfJgP3ugAxOPxMkBqhLMo=,tag:MBN8FJglHqTiS5nLjtMXiA==,type:str]", "pgp": [ { - "created_at": "2023-07-01T17:45:58Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nwcBMA0SHG/zF3227AQf/e3rEGHYLdAQ3t5Ye7EY8HGj3zplmEm6yX/OD6atnIH56\n1n+buBEsCnj6OMJ8IPBI1KMlR3agvrTcP1U428VaJKEqMAfAbmTxHvuYv17r4z3c\nuxtvnK4BUC0BIgf3b9FP1uQBvmwSR3bIV1JuD1or88j9iY3dO7KbwbAEF+HMqj9/\nz+NM9ZGi/mpdFHLCKp52FgKi+eiNyGiJS1a8VSda/X8GwcmQYUzSkUxOcjGVTmYr\nBzie319eutOq6zf9+8WGO+Jd8XDlFdmucXyb5kkJkKv0kUeEMKePktpxjh/SUH2E\nVWLDa3rLPEZWvvLtDeOgAWdxNVBsvAhFwyUl7hJ+INJRAbgK7jJpGJuNUmN48P/Y\nKj1/x5hKlBOQpqWyoB751Sq2hAITS/UyvpIEL7cH9ASq369SVa7tI6KL0Ut5wSDb\n1681kueTerz2szUe6DPcAC4U\n=Bu6s\n-----END PGP MESSAGE-----", + "created_at": "2024-01-24T22:48:30Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQEMA0SHG/zF3227AQgAl7wj8pgA42CyZ+b0ykAVMIzfVsX5zfyLTL3fKRC78kGH\n7D6Lp6Fesp3dZ8c7awWEM3b1WEFOS8Yklo6bfZCnioJoqZhMtYhyTCi+KEBXdw7g\n+KAquXkrD6mYOVBXoKHUqUBoDjFjU/stfV2Pdnl5I7SGYFHtyv8jwdJXbBInDNI6\nmtVzpKoM7pCFHH0Vz+A1D1X4k+96znbSnjHVBgOFLjyZ2KGPKBKud4nM0idAO/tO\nH77ApV1qRBU7weI5yTbK7GeuUxFYrolxkqOCPUH6E5Z2eVQ8ACUFpvgX4ET91jeP\nYTbTuq9cfm/gPsFIGtZLgWSq7cCZHe12nPHT//ajK9JcASNmmTiJFvK19WmN7spg\nbfDJLZud80PNu6MVXthwRGJ50/yRSrO8e/5tCjVz7UlkOmVG5ClsGDfRCH5gJDqS\nMJ+UdOHZjqcZu6TkBmSNX+9fRS1hgCiGxOjT2mU=\n=q3es\n-----END PGP MESSAGE-----", "fp": "6F7069FE6B96E894E60EC45C6EEFA706CB17E89B" } ], "unencrypted_suffix": "_unencrypted", - "version": "3.7.3" + "version": "3.8.1" } } \ No newline at end of file From 4def9ef9499b2bdf4c123b8a829a597a37d73009 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 24 Jan 2024 23:20:45 +0000 Subject: [PATCH 019/305] steveej-t14: disable radicale --- nix/os/devices/steveej-t14/configuration.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nix/os/devices/steveej-t14/configuration.nix b/nix/os/devices/steveej-t14/configuration.nix index fab73d5..0b199cc 100644 --- a/nix/os/devices/steveej-t14/configuration.nix +++ b/nix/os/devices/steveej-t14/configuration.nix @@ -2,7 +2,8 @@ imports = [ ../../snippets/home-manager-with-zsh.nix ../../snippets/nix-settings-holo-chain.nix - ../../snippets/radicale.nix + # TODO: double-check whether this works at all after the most recent changes + # ../../snippets/radicale.nix ../../snippets/sway-desktop.nix ../../snippets/timezone.nix From 8c32db3406260b99a33e66a5ba43fe5cec6d619e Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 25 Jan 2024 00:32:37 +0100 Subject: [PATCH 020/305] logseq on arm64, latest signal on arm, waydroid, radicale, vscode --- flake.lock | 47 ++++---- flake.nix | 16 ++- .../configuration/graphical-fullblown.nix | 94 +++++---------- nix/home-manager/programs/chromium.nix | 3 + nix/home-manager/programs/vscode/default.nix | 16 ++- nix/os/devices/steveej-x13s/configuration.nix | 19 +++- nix/os/devices/steveej-x13s/flake.lock | 12 +- nix/os/devices/steveej-x13s/flake.nix | 2 +- nix/pkgs/logseq/README.md | 8 ++ nix/pkgs/logseq/default.nix | 107 +++++++++--------- nix/pkgs/logseq/flake.nix | 18 --- secrets/zerotierone.txt | 36 +++++- 12 files changed, 196 insertions(+), 182 deletions(-) delete mode 100644 nix/pkgs/logseq/flake.nix diff --git a/flake.lock b/flake.lock index 4926126..4cd0d25 100644 --- a/flake.lock +++ b/flake.lock @@ -376,6 +376,18 @@ "type": "github" } }, + "logseq_0_10_5_aarch64_appimage": { + "flake": false, + "locked": { + "narHash": "sha256-5uHRJpNcAzVRqyF5eR2sY0u/Q9rHXWh/g36/sehmSys=", + "type": "file", + "url": "https://www.stefanjunker.de/downloads/Logseq-0.10.5.AppImage" + }, + "original": { + "type": "file", + "url": "https://www.stefanjunker.de/downloads/Logseq-0.10.5.AppImage" + } + }, "nix-eval-jobs": { "inputs": { "flake-parts": "flake-parts_3", @@ -552,16 +564,16 @@ }, "nixpkgs-2311": { "locked": { - "lastModified": 1704018918, - "narHash": "sha256-erjg/HrpC9liEfm7oLqb8GXCqsxaFwIIPqCsknW5aFY=", + "lastModified": 1705916986, + "narHash": "sha256-iBpfltu6QvN4xMpen6jGGEb6jOqmmVQKUrXdOJ32u8w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2c9c58e98243930f8cb70387934daa4bc8b00373", + "rev": "d7f206b723e42edb09d9d753020a84b3061a79d8", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-23.05", + "ref": "nixos-23.11", "repo": "nixpkgs", "type": "github" } @@ -615,29 +627,13 @@ "type": "github" } }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1703961334, - "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1704177376, - "narHash": "sha256-6AV8TWX/juwV8delRDtlbUzi1X8irrtCfrtcYByVhCs=", + "lastModified": 1706112902, + "narHash": "sha256-GKPwSY0fBShj0FfaPqA4gg5oHGhpya/m2DVb+3m+Uzs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e2e36d8af3b7c465311f11913b7dedd209633c84", + "rev": "5cd2baa57a9ff2d84f2615700434fa04f3067fdb", "type": "github" }, "original": { @@ -735,6 +731,7 @@ "get-flake": "get-flake", "jay": "jay", "linux_x13s": "linux_x13s", + "logseq_0_10_5_aarch64_appimage": "logseq_0_10_5_aarch64_appimage", "nixos-anywhere": "nixos-anywhere", "nixpkgs": [ "nixpkgs-2311" @@ -742,7 +739,9 @@ "nixpkgs-2211": "nixpkgs-2211", "nixpkgs-2305": "nixpkgs-2305", "nixpkgs-2311": "nixpkgs-2311", - "nixpkgs-unstable": "nixpkgs-unstable", + "nixpkgs-unstable": [ + "nixpkgs-unstable-small" + ], "nixpkgs-unstable-small": "nixpkgs-unstable-small", "nixpkgs-wayland": "nixpkgs-wayland", "ofi-pass": "ofi-pass", diff --git a/flake.nix b/flake.nix index a0bdcc8..0931bc3 100644 --- a/flake.nix +++ b/flake.nix @@ -10,9 +10,9 @@ nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; radicalePkgs.follows = "nixpkgs-2211"; nixpkgs-2305.url = "github:nixos/nixpkgs/nixos-23.05"; - nixpkgs-2311.url = "github:nixos/nixpkgs/nixos-23.05"; - nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs-2311.url = "github:nixos/nixpkgs/nixos-23.11"; nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; + nixpkgs-unstable.follows = "nixpkgs-unstable-small"; nixpkgs.follows = "nixpkgs-2311"; flake-parts.url = "github:hercules-ci/flake-parts"; get-flake.url = "github:ursi/get-flake"; @@ -98,7 +98,10 @@ }; - ### + logseq_0_10_5_aarch64_appimage = { + flake = false; + url = "https://www.stefanjunker.de/downloads/Logseq-0.10.5.AppImage"; + }; }; outputs = @@ -271,7 +274,7 @@ }) { }; - nomad = inputs'.nixpkgs-unstable.legacyPackages.nomad_1_6; + nomad = inputs'.nixpkgs-unstable-small.legacyPackages.nomad_1_6; ledger-live-desktop-wrapped = pkgs.writeShellScriptBin "ledger-live-desktop-wrapped" '' set -x @@ -299,6 +302,11 @@ syncthing-container-webui = pkgs.writeShellScriptBin "reverse-port-forward-syncthing-container" '' ssh root@${self.colmena.sj-vps-htz0.deployment.targetHost} -L 8385:syncthing.containers:8384 ''; + + logseq = pkgs.callPackage ./nix/pkgs/logseq + (lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 { + overrideSrc = self.inputs.logseq_0_10_5_aarch64_appimage; + }); }; formatter = pkgs.alejandra; diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index b46e96c..7564c35 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -110,68 +110,30 @@ in # kotatogram-desktop tdesktop - pkgsUnstableSmall.signal-desktop - - #(let - # version = "6.20.0-beta.1"; - #in - # pkgsUnstableSmall.signal-desktop-beta.overrideAttrs (old: { - # # inherit version; - # # src = builtins.fetchurl { - # # url = "https://updates.signal.org/desktop/apt/pool/main/s/signal-desktop-beta/signal-desktop-beta_${version}_amd64.deb"; - # # sha256 = "0xkagnldagfxnpv4c23yd9w0kz1y719m1sj9vqn8mnr1zfn7j62a"; - # # }; - # preFixup = - # old.preFixup - # + '' - # gappsWrapperArgs+=( - # --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto}}" - # --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform}}" - # ) - # ''; - # })) - - # --add-flags "--enable-features=UseOzonePlatform" - # --add-flags "--ozone-platform=wayland" - # (pkgsUnstableSmall.session-desktop.overrideAttrs (old: { - # nativeBuildInputs = - # old.nativeBuildInputs - # ++ [ - # pkgs.wrapGAppsHook - # ]; - - # preFixup = - # (old.preFixup or "") - # + '' - # gappsWrapperArgs+=( - # --add-flags "--enable-features=UseOzonePlatform" - # --add-flags "--ozone-platform=wayland" - # # --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto}}" - # # --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=WaylandWindowDecorations}}" - # # --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform}}" - # ) - # ''; - # })) - - #(pkgsUnstableSmall.session-desktop.overrideAttrs(old: { - # nativeBuildInputs = old.nativeBuildInputs ++ [ - # pkgs.wrapGAppsHook - # ]; - # - # preFixup = (old.preFixup or "") + '' - # gappsWrapperArgs+=( - # --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform=wayland}}" - # --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform}}" - # ) - # ''; - # })) + ( + let + version = "6.44.0"; + in + pkgsUnstableSmall.signal-desktop.overrideAttrs (old: + lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 { + inherit version; + src = builtins.fetchurl + { + url = "https://github.com/0mniteck/Signal-Desktop-Mobian/raw/master/builds/release/signal-desktop_${version}_arm64.deb"; + sha256 = + # lib.fakeSha256 + "sha256:0svb5vz08n3j4lx4kdjmx5lw9619kvvxg981rs6chh83qz5y519k" + ; + } + ; + }) + ) thunderbird # gnome.cheese - # Virtualization # virtmanager @@ -284,6 +246,17 @@ in # this is a displaymanager! # libretro.snes9x2010 # retroarchFull + + packages'.logseq + # (pkgs.runCommand "logseq-wrapper" + # { + # nativeBuildInputs = [ pkgs.makeWrapper ]; + # } '' + # makeWrapper ${pkgs.logseq}/bin/logseq $out/bin/logseq \ + # --set NIXOS_OZONE_WL "" + # '') + ]) + ++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [ ]) ++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [ (pkgs.banana-accounting.overrideDerivation @@ -321,15 +294,6 @@ in pkgsUnstableSmall.ledger-live-desktop - (pkgs.runCommand "logseq-wrapper" - { - nativeBuildInputs = [ pkgs.makeWrapper ]; - } '' - makeWrapper ${pkgs.logseq}/bin/logseq $out/bin/logseq \ - --set NIXOS_OZONE_WL "" - '') - # (logseq.override({ electron_25 = electron_26; })) - # unsupported on aarch64-linux pkgs.androidenv.androidPkgs_9_0.platform-tools pkgs.teamviewer diff --git a/nix/home-manager/programs/chromium.nix b/nix/home-manager/programs/chromium.nix index 81383c9..1119653 100644 --- a/nix/home-manager/programs/chromium.nix +++ b/nix/home-manager/programs/chromium.nix @@ -46,6 +46,9 @@ let ++ (lib.lists.optionals ((builtins.match "^steveej.*" name) != null) [ # Vimium C { id = "hfjbmagddngcpeloejdejnfgbamkjaeg"; } + + # always right + { id = "npjpaghfnndnnmjiliibnkmdfgbojokj"; } ]); in { diff --git a/nix/home-manager/programs/vscode/default.nix b/nix/home-manager/programs/vscode/default.nix index b7a6a3d..6213e55 100644 --- a/nix/home-manager/programs/vscode/default.nix +++ b/nix/home-manager/programs/vscode/default.nix @@ -9,10 +9,18 @@ in { extensions = with pkgs.vscode-extensions; [ ms-vscode-remote.remote-ssh - # bbenoist.nix - # vscodevim.vim - # rust-lang.rust-analyzer - # mkhl.direnv + bbenoist.nix + eamodio.gitlens + mkhl.direnv + jnoortheen.nix-ide + tomoki1207.pdf + vscodevim.vim + + # TODO: these are not in nixpkgs + # fredwangwang.vscode-hcl-format + # hashicorp.hcl + # mindaro-dev.file-downloader + # ms-vscode.remote-explorer ] ++ marketPlaceExtensions; mutableExtensionsDir = true; diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 204aa33..6e902e6 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -85,7 +85,7 @@ ../../snippets/sway-desktop.nix ../../snippets/bluetooth.nix ../../snippets/timezone.nix - # ../../snippets/radicale.nix + ../../snippets/radicale.nix ]; networking.hostName = nodeName; @@ -126,12 +126,23 @@ }; boot = { - kernelParams = [ - "dtb=sc8280xp-lenovo-thinkpad-x13s.dtb" - ]; loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = lib.mkForce false; loader.efi.efiSysMountPoint = "/boot"; blacklistedKernelModules = [ "wwan" ]; }; + + # see https://linrunner.de/tlp/ + services.tlp = { + enable = true; + settings = { + START_CHARGE_THRESH_BAT0 = "80"; + STOP_CHARGE_THRESH_BAT0 = "85"; + }; + }; + + # android on linux + virtualisation.waydroid.enable = true; + virtualisation.podman.enable = true; + virtualisation.podman.dockerCompat = true; } diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 5e95546..dcc457f 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -97,17 +97,17 @@ ] }, "locked": { - "lastModified": 1705945811, - "narHash": "sha256-eDqgRYGMzRfpfWvSVj6IhHAWOMJC3xiwKaClbe79Gro=", + "lastModified": 1706097550, + "narHash": "sha256-rR4HMpUlT7SbVPxQIvWH0DsxaEQcjTLqLrst2xoT1CY=", "ref": "refs/heads/main", - "rev": "9320defc4b8f381e5b7887d212d8d2babc41f2f2", - "revCount": 2, + "rev": "732a0f1549996740bdb06989599a5f0653de5056", + "revCount": 6, "type": "git", - "url": "https://codeberg.org/adamcstephens/nixos-x13s" + "url": "https://codeberg.org/steveej/nixos-x13s" }, "original": { "type": "git", - "url": "https://codeberg.org/adamcstephens/nixos-x13s" + "url": "https://codeberg.org/steveej/nixos-x13s" } }, "nixpkgs": { diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 7ff3529..9f10331 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -19,7 +19,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s"; + nixos-x13s.url = "git+https://codeberg.org/steveej/nixos-x13s"; nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; }; diff --git a/nix/pkgs/logseq/README.md b/nix/pkgs/logseq/README.md index 1ae1756..e7be282 100644 --- a/nix/pkgs/logseq/README.md +++ b/nix/pkgs/logseq/README.md @@ -1,6 +1,14 @@ +# build instructions + this is pseudocode that serves as a reminder 1. podman build -f Containerfile 2. podman unshare 3. podman mount $CONTAINER_ID 4. upload the AppImaeg + +# resources + +* https://github.com/logseq/logseq/blob/dc5127b48a7874627bd9ab63696f7ddf821b90a7/docs/develop-logseq.md?plain=1#L90 +* https://github.com/logseq/logseq/blob/master/Dockerfile +* https://github.com/randomwangran/logseq-nix-flake diff --git a/nix/pkgs/logseq/default.nix b/nix/pkgs/logseq/default.nix index f93efb0..40cc9cd 100644 --- a/nix/pkgs/logseq/default.nix +++ b/nix/pkgs/logseq/default.nix @@ -1,11 +1,4 @@ { lib -, pname ? "logseq" -, version ? "0.10.5" -, src ? fetchurl { - url = "https://github.com/logseq/logseq/releases/download/${ version}/logseq-linux-x64-${ version}.AppImage"; - hash = "sha256-F3YbqgvL04P0nXaIVkJlCq/z8hUE0M0UutkBs2omuBE="; - name = "${ pname}-${ version}.AppImage"; - } , stdenv , fetchurl , appimageTools @@ -14,67 +7,77 @@ , electron_27 , git , nix-update-script +, overrideSrc ? null }: -stdenv.mkDerivation - (finalAttrs: - let - inherit (finalAttrs) pname version src appimageContents; +stdenv.mkDerivation (finalAttrs: +let + inherit (finalAttrs) pname version src appimageContents; - in - { - inherit version pname src; +in +{ + pname = "logseq"; + version = "0.10.5"; - appimageContents = appimageTools.extract { - inherit pname src version; - }; + src = if overrideSrc != null then overrideSrc else + (fetchurl { + url = "https://github.com/logseq/logseq/releases/download/${version}/logseq-linux-x64-${version}.AppImage"; + hash = "sha256-F3YbqgvL04P0nXaIVkJlCq/z8hUE0M0UutkBs2omuBE="; + name = "${pname}-${version}.AppImage"; + }); - dontUnpack = true; - dontConfigure = true; - dontBuild = true; + appimageContents = appimageTools.extract { + inherit pname src version; + }; - nativeBuildInputs = [ makeWrapper ]; + dontUnpack = true; + dontConfigure = true; + dontBuild = true; - installPhase = '' - runHook preInstall + nativeBuildInputs = [ makeWrapper ]; - mkdir -p $out/bin $out/share/${pname} $out/share/applications - cp -a ${appimageContents}/{locales,resources} $out/share/${pname} - cp -a ${appimageContents}/Logseq.desktop $out/share/applications/${pname}.desktop + installPhase = '' + runHook preInstall - # remove the `git` in `dugite` because we want the `git` in `nixpkgs` + mkdir -p $out/bin $out/share/${pname} $out/share/applications + cp -a ${appimageContents}/{locales,resources} $out/share/${pname} + cp -a ${appimageContents}/Logseq.desktop $out/share/applications/${pname}.desktop + + # remove the `git` in `dugite` because we want the `git` in `nixpkgs` + if test -e $out/share/${pname}/resources/app/node_modules/dugite/git; then chmod +w -R $out/share/${pname}/resources/app/node_modules/dugite/git chmod +w $out/share/${pname}/resources/app/node_modules/dugite rm -rf $out/share/${pname}/resources/app/node_modules/dugite/git chmod -w $out/share/${pname}/resources/app/node_modules/dugite + fi - mkdir -p $out/share/pixmaps - ln -s $out/share/${pname}/resources/app/icons/logseq.png $out/share/pixmaps/${pname}.png + mkdir -p $out/share/pixmaps + ln -s $out/share/${pname}/resources/app/icons/logseq.png $out/share/pixmaps/${pname}.png - substituteInPlace $out/share/applications/${pname}.desktop \ - --replace Exec=Logseq Exec=${pname} \ - --replace Icon=Logseq Icon=${pname} + substituteInPlace $out/share/applications/${pname}.desktop \ + --replace Exec=Logseq Exec=${pname} \ + --replace Icon=Logseq Icon=${pname} - runHook postInstall - ''; + runHook postInstall + ''; - postFixup = '' - # set the env "LOCAL_GIT_DIRECTORY" for dugite so that we can use the git in nixpkgs - makeWrapper ${electron_27}/bin/electron $out/bin/${pname} \ - --set "LOCAL_GIT_DIRECTORY" ${git} \ - --add-flags $out/share/${pname}/resources/app \ - --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \ - --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ stdenv.cc.cc.lib ]}" - ''; + postFixup = '' + # set the env "LOCAL_GIT_DIRECTORY" for dugite so that we can use the git in nixpkgs + makeWrapper ${electron_27}/bin/electron $out/bin/${pname} \ + --set "LOCAL_GIT_DIRECTORY" ${git} \ + --add-flags $out/share/${pname}/resources/app \ + --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \ + --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ stdenv.cc.cc.lib ]}" + ''; - passthru.updateScript = nix-update-script { }; + passthru.updateScript = nix-update-script { }; - meta = { - description = "A local-first, non-linear, outliner notebook for organizing and sharing your personal knowledge base"; - homepage = "https://github.com/logseq/logseq"; - changelog = "https://github.com/logseq/logseq/releases/tag/${version}"; - license = lib.licenses.agpl3Plus; - maintainers = with lib.maintainers; [ ]; - platforms = [ "x86_64-linux" ]; - }; - }) + meta = { + description = "A local-first, non-linear, outliner notebook for organizing and sharing your personal knowledge base"; + homepage = "https://github.com/logseq/logseq"; + changelog = "https://github.com/logseq/logseq/releases/tag/${version}"; + license = lib.licenses.agpl3Plus; + maintainers = with lib.maintainers; [ ]; + platforms = [ "x86_64-linux" "aarch64-linux" ]; + }; +}) diff --git a/nix/pkgs/logseq/flake.nix b/nix/pkgs/logseq/flake.nix deleted file mode 100644 index 0ddb02e..0000000 --- a/nix/pkgs/logseq/flake.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - inputs = { - utils.url = "github:numtide/flake-utils"; - # clj2nix.url = "github:hlolli/clj2nix"; - logseq.url = "github:logseq/logseq/0.5.9"; - }; - - outputs = { nixpkgs, self, utils }: utils.lib.eachDefaultSystem (system: - let - pkgs = import nixpkgs { inherit system; }; - # clj2nixBin = clj2nix.defaultPackage.${system}; - in - { - packages = pkgs.callPackage ./default.nix { inherit self; }; - nixpkgs = pkgs; - }); - -} diff --git a/secrets/zerotierone.txt b/secrets/zerotierone.txt index 347b737..9059ac3 100644 --- a/secrets/zerotierone.txt +++ b/secrets/zerotierone.txt @@ -8,19 +8,47 @@ "age": [ { "recipient": "age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAybUlwMVhVSTlxWjk0aXV1\nRkFKN0d2TWdTNGxFK1o3QitpTG5JN1FUNEVFCmRZdVYrSlJYbVF2NFlkRHBQNFgx\nM2dGOE5yaWl0VnJVU1MzNGJ1VUZYK1kKLS0tIEh4dkI2Vk9yUStHRlNzVUVPeWVB\nVmw0V0MxWWdudE1ONkszRSs5MEtUT28KkIW7Y+9AfxbPu1V0YoL5Brdv+2AaTAn0\nXmJmn8qwOtuyWRR3sJfDfkR2eW85mrMmhJnNa1aHg5lDQUGA/eqinQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBva2lYMFY1V1piNlBpUURv\naWh3dHpaQXdqdzRCU2JIcHExbkhwZzhXd0JnCkFTMG5wVDNQVzNVUmo1cUh1TWtF\naHVTcGRpSDNxa1NHVDZvZWFpREdOcVEKLS0tIFVJSTdiZFBwTlJEMFowYnJqdjFr\nWDdKM2FGM0dQS1NZOTlZUGlOa2srV2cKr/EwcrbOw9vjmFp7OsEF6y0KxACs8NPM\nRYMKhnzd/6VFY5aK79V6JuMSOLaMT+AbQODg+R/iA3TNLev22Jfcvw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkOWsvenhWdC9ENVlXTXZi\ndWtJWWZUZGMyTzduMzFvK2M1NmFLZ1JwVFNFCkpTMDh6eWhwV0Fya0syRDhuWDlK\nV1lBbGNDbXUvNHB5MGMrS3R0b043YnMKLS0tIExXNXlsaUhsTUxGZGY5U2VRNXJr\nNjZmTU80QVZ1blFKd2dGandsVm42blEK/3uqLhxS16HU67wA0T0Y9uqb2WJI6dII\ndCktjLZcKKyGB+UXNyzDiRgMR4OKIvB0MjLIql2SZKt53OpkpytAbQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjWlErYU5pUHJRdXlCRmZS\nNWlWalFDb0xFZFlrbkdXMG0zYXl1UjhmNUQwCmNCcWZPME8yOGcycnVRWXJxeFo3\nTHFuWHY5aXRxZERNU3duSzRsaFIreWMKLS0tIDRyWmFzeGN2YU9LNW9IWUZNWkVJ\nOTlYTlNteEU0REhmd3ovbGQ4Z09FakkKliCyJsTqsUD5t2vOfTigqA7WObfNCcsd\nt1Fs8vf/1tReWqF8V0f97lD2APgfqgg0hqWFcKkiGYBRWEJvBAj8Lw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRT0xzWEtNRHl3bFBZRGl2\nTlkyaWRGTHcxcDVqa012VUk1ZUVjREF2bGlJCmRBNkdzRmsxT2dFemJ6NFAxV1g5\nV2p2c09VKzNVSTJ0V2lheWNwMFlMdk0KLS0tIDZWMTBtaWZjcmRYMnhjY3VudlUz\nem10U1FzZ3p2VzZrRXZyRDFUTy92dkUKcM0Nh1/rQ/aoXHJ16QjZ0daxyaOIyzyx\nXbWDj0opTiYweKrL93P8MSQr8V5i2zVcxP7Gw/fZsWlCs26nBeK1xQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1ZVdzS2lONzg0eGJUei9X\nem9Nc1FhTm5XampHVjJieHJjOUczR09VNTFjCjBkejNlY0I3dEhYbzYvaTBsMDd5\ndjc0alpKNWF6YTVOczltTFRueWZBYXcKLS0tIFJTSThncVdhajhaNmdZTjRNQVFB\nTi93ejQ2bUsrVXl0eDRkbFE5UlhKUzQKg/cJKYzhq1YIBvvNx/N4F258WUnrmNMs\n2MnxrLk9a67AGciCynEMO02dpUXPWxgUkTSqOjRkkcA20x5Rpn4e6w==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLRUliYTB2MG1zUVU0ZWFM\nNUNEMUdha3ZSZ2dkYmZuVk96VjlUTVpWNkI0ClIyUFBZWFppTzJwbHhJaFhXWTBM\nT0pvVklqbE00aW9GMG4wWnFkZkNoQVkKLS0tIExoeTBBcjlsUkZyQkNrUW1zdXU2\nUytDNk9YOXNtU3hLUzdFQnlzQ1lJSjgK+64AJTx4ZjT4njl0Gr4Hk3ykljRTgaqO\nuOjLz/9Qy2rM3BcJzajhCU1pU4f1A0qDQRjoYj5+M9qW/NMbZt6Ujw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFOGdQN0xOVzYvOFdzbUgy\ncStsYXdxUkY4OEJ5TGhVWitoQnpsSGYxS1VjCkhaYmxOOEh6eS8yeGViZjJZZ3o5\nUVBSYXFOSkJHQnB3aHVTeEk1VWNhblEKLS0tIG9NRTFpZFJlRUVYeHpVN2ljVngv\nRzJNZnZMRlJsL0F0eVIzcnhEbSszSGsKnK0SfJe7hQKyslklwvvFlBX9GjGWf6md\nl7AZLivBP67A0GbD2DztUaiS8NsPtlV899xqIH4/YUIIUGG9M2XHew==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoWjJsQVpGQXhLdkh0UGtp\nUkZKa0hRblFHaHpVZm9MNnA2SnBIYVdLUDE4Cmkvbmx1aVBVMVFjdlBjU2JTNlVa\nYTQwdUF0ZHhzRGFIY2RUS1JmOVhCWE0KLS0tIGd0eHNOUmJ3T21jQ0QvRHlnOWRw\ndXBIVFdRQld3RmR3VWhpRS9XLy93ZzgKIcCl3r4Q+p1GqeMQmTQFDOhGDN1KE1Fl\npdx6QOkhZSVAux3YcbWNex7nDju5Meqhyhfe5l4YLJKnM5gs3efFcQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArazhNT3QzWFpXNTFmWVkr\nTklLei9RN1M1R0pVVTBZTUJkTDVvbzdWbG5zCmx0RVgwbG5IZXNvZUFkaWNzRW10\nKzdNTDZyaGZVNDg0MXR6aGpVQ3FOSEUKLS0tIHB2WnNHZStodXZJTElBV0ljWExy\nbFo2Q3RMRm5BNm1zcnNhdzRYbk5CcWMKsdK8OIVKidayA0LU1NF2pjHjTirVQ/MA\nS4yGouebH4YbFkHDpHbttv572Iw1mbZK0EVIbiJuYoGudb1w60ROIA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUU090RWZqSnpSaGFWcmVM\nQlRWckdLMk5Kd2E0dFVnSzZEcXBPNmkyTkVZCnNtekhvcUhYZG1RS0ZINVBNMU9L\nSHFqNlMxODdRbm5MOEw3UG9VM2NlVUUKLS0tIE5acnhENFNwR3JMc0s3N2g4dFBs\nR0FuSi94d3RUNFVWQ01uM3UyZW1tRDAKfIVF6+PE2iMC3m81wPoqH9LqL3MsK1WV\nslE4l1m04UL315vdAyPm3k9b+vkTGD4Fmeywsto7Am92/JCanlT7+g==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2023-07-01T20:19:12Z", "mac": "ENC[AES256_GCM,data:aIizzl+WFLI8rwp9r9p3kJIsbAISp8vRnSUQKKRIY8V8WdjBNuR+ebSlMf8kBg4e+D9hpTGEY0byv8bpgx/1m5MMEXIDBiBb8GHBk8qwB/3JWsBMyCHOyylw9AAgteyCDEKMCHgU/ZBvExW9n5gnuvkngKK8X1imrNG2ySL9cIo=,iv:UFacq8BdavyiHGRAcKq9obdAD7ZsW8wqugkvtbpi8pw=,tag:fkoaJKrA54tNlTLbAwRsug==,type:str]", "pgp": [ { - "created_at": "2023-07-01T20:50:27Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nwcBMA0SHG/zF3227AQf+JijZCf20beuFsUX5Qjt9IVmeA1VG+iRiSncX6Q9NQWqc\nRlxZP3gZz9a/SQDaG3v7S0v5FBmbCScan2xrHSrJne6ljVkxlsiE4SE9Mq1wczF7\n0gdt1pnmjKMjhVVeG2jzNqL3bPGlhIBIIBB+Sv3FHftiXwfBYP5OJh9MTaokwj5/\ntd2x9LxBi6seH+RShrFk33wKJ3gMA2cF9aFEsbvmdXPHs91glwLD1NHN3vp0lGNX\nm4otFLZ0e36aqSVyAiwpoIgLwInZxtx6nnMWVk25s0fj+fKfgnHE3RNh9BntQ19d\nZDpQn7b2DqrKozUnycwpPRojPkmaqpom5XmbuurrA9JRAQYWSmeOuJXUBfZclzLJ\nERYPWDJIN7bmYPFoMkZ2YdV/GCin6lwFfl6u74VAkpU+AMgB+0c51nEHZcO5UaWT\nLRcMPADwjmk35oiltQYOvOpm\n=CGsu\n-----END PGP MESSAGE-----", + "created_at": "2024-01-24T22:48:30Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQEMA0SHG/zF3227AQf9H8VPhApFkYZi72afxgtHIqclNN4BPuSEhYQYR0m2tvm+\nj0sa3ehI6frkH8KxCtgXgaVB+74yWe+JeVnWRZUk1nIm+q0kuN+0Kn5+YQW0iYuv\n3z34VCw938Gebz57BLaWZTcns3xur+Ug3a+fjyjsKW7w90aP2Q7V2qp9AgxxsN1U\nl9Z1RXHlIUS1CGqA8py2mIkgvlK0WHiYRXsqdRvJh1jdUvzkJjYSpgz4Kj7pyyte\nvXIB4HckW6Fjn6Nlfeyzt6Ka9NziX7EAFlBs/8U8QvkX8AizCxuTwwB9n5rbRxb3\nDjXbgckkkKHc2nEx3xSRe7vh1cfQhTU/TNTuZI3GcNJeAVD89dwR7hhkqFzkanw+\n3hVV1mbDNIDA2fCfxiDLvBDYq8jhaMosAIrwO5TcXEm1PeEuRx1mDEjHsthwmOad\nEJNSBWKGzd13r23WlPRjdeCUF0YSnNFbhM0rwLlLdA==\n=5GJ1\n-----END PGP MESSAGE-----", "fp": "6F7069FE6B96E894E60EC45C6EEFA706CB17E89B" } ], From 147369054037c082b7bb50096e051db22a264036 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 28 Jan 2024 17:49:13 +0100 Subject: [PATCH 021/305] home-manager(vscode): use OSS vscodium --- nix/home-manager/programs/vscode/default.nix | 30 +++++++++++++------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/nix/home-manager/programs/vscode/default.nix b/nix/home-manager/programs/vscode/default.nix index 6213e55..417db07 100644 --- a/nix/home-manager/programs/vscode/default.nix +++ b/nix/home-manager/programs/vscode/default.nix @@ -1,14 +1,17 @@ -{pkgs, ...}: let - marketPlaceExtensions = - pkgs.vscode-utils.extensionsFromVscodeMarketplace [ - ]; -in { +{ pkgs, nodeFlake, ... }: +{ programs.vscode = { enable = true; - # package = pkgs.vscodium; - extensions = with pkgs.vscode-extensions; + package = pkgs.vscodium; + extensions = [ + # TODO: how can i install (this) vsix(s) directly? + # (builtins.fetchurl { + # # https://open-vsx.org/extension/jeanp413/open-remote-ssh + # url = "https://open-vsx.org/api/jeanp413/open-remote-ssh/0.0.45/file/jeanp413.open-remote-ssh-0.0.45.vsix"; + # sha256 = "1qc1qsahfx1nvznq4adplx63w5d94xhafngv76vnqjjbzhv991v2"; + # }) + ] ++ (with pkgs.vscode-extensions; [ - ms-vscode-remote.remote-ssh bbenoist.nix eamodio.gitlens mkhl.direnv @@ -16,17 +19,22 @@ in { tomoki1207.pdf vscodevim.vim + ms-vscode.theme-tomorrowkit + nonylene.dark-molokai-theme + # TODO: these are not in nixpkgs # fredwangwang.vscode-hcl-format # hashicorp.hcl # mindaro-dev.file-downloader # ms-vscode.remote-explorer - ] - ++ marketPlaceExtensions; + + # TODO: not compatible with vscodium + # ms-vscode-remote.remote-ssh + ]); mutableExtensionsDir = true; }; - home.packages = [pkgs.nixpkgs-fmt pkgs.alejandra]; + home.packages = [ pkgs.nixpkgs-fmt pkgs.alejandra ]; } # TODO: automate ### original list: From 4663780877efa80e45e8df72bffb65fba9c20ced Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 28 Jan 2024 18:17:43 +0100 Subject: [PATCH 022/305] fix duplicate luks name between x13s and x13s-rmvbl --- nix/os/devices/steveej-x13s-rmvbl/configuration.nix | 10 +++------- nix/os/devices/steveej-x13s-rmvbl/default.nix | 5 ----- nix/os/devices/steveej-x13s/default.nix | 3 --- nix/os/devices/steveej-x13s/disko.nix | 2 +- 4 files changed, 4 insertions(+), 16 deletions(-) diff --git a/nix/os/devices/steveej-x13s-rmvbl/configuration.nix b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix index cfbf501..fd8e1c1 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/configuration.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix @@ -11,12 +11,8 @@ { imports = [ - { - users.commonUsers = { - enable = true; - enableNonRoot = true; - installPassword = "install"; - }; - } + ../steveej-x13s/configuration.nix ]; + + users.commonUsers.installPassword = "install"; } diff --git a/nix/os/devices/steveej-x13s-rmvbl/default.nix b/nix/os/devices/steveej-x13s-rmvbl/default.nix index 0ccb5dc..e7a5794 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/default.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/default.nix @@ -20,17 +20,12 @@ }; ${nodeName} = { - deployment.targetHost = "${nodeName}.${localDomainName}"; deployment.replaceUnknownProfiles = true; deployment.allowLocalDeployment = true; - # nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system}; - imports = [ (repoFlake + "/nix/os/devices/${nodeName}/configuration.nix") - - nodeFlake.inputs.home-manager.nixosModules.home-manager ]; networking.hostName = nodeName; diff --git a/nix/os/devices/steveej-x13s/default.nix b/nix/os/devices/steveej-x13s/default.nix index 545dde3..fc3933e 100644 --- a/nix/os/devices/steveej-x13s/default.nix +++ b/nix/os/devices/steveej-x13s/default.nix @@ -22,7 +22,6 @@ }; ${nodeName} = { - deployment.targetHost = "${nodeName}.${localDomainName}"; deployment.replaceUnknownProfiles = true; deployment.allowLocalDeployment = true; @@ -32,7 +31,5 @@ imports = [ (repoFlake + "/nix/os/devices/${nodeName}/configuration.nix") ]; - - networking.hostName = nodeName; }; } diff --git a/nix/os/devices/steveej-x13s/disko.nix b/nix/os/devices/steveej-x13s/disko.nix index 5abf297..39eb9e1 100644 --- a/nix/os/devices/steveej-x13s/disko.nix +++ b/nix/os/devices/steveej-x13s/disko.nix @@ -23,7 +23,7 @@ size = "100%"; content = { type = "luks"; - name = "x13s-usb-crypt"; + name = "x13s-nvme-crypt"; extraOpenArgs = [ ]; # disable settings.keyFile if you want to use interactive password entry #passwordFile = "/tmp/secret.key"; # Interactive From 6fb71cbf4f7a631232944bc08b65fab7009ccf48 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 28 Jan 2024 21:18:08 +0100 Subject: [PATCH 023/305] steveej-x13s-rmvbl: boring setup with copying the whole x13s flake --- flake.nix | 3 +- .../steveej-x13s-rmvbl/configuration.nix | 134 +++++++++++++++++- nix/os/devices/steveej-x13s-rmvbl/default.nix | 6 +- nix/os/devices/steveej-x13s-rmvbl/flake.lock | 58 ++++++++ nix/os/devices/steveej-x13s-rmvbl/flake.nix | 96 +++++++------ nix/os/devices/steveej-x13s/flake.nix | 49 ++++--- nix/os/profiles/common/user.nix | 2 +- 7 files changed, 281 insertions(+), 67 deletions(-) diff --git a/flake.nix b/flake.nix index 0931bc3..46ae21a 100644 --- a/flake.nix +++ b/flake.nix @@ -139,6 +139,7 @@ }) [ "steveej-t14" "steveej-x13s" + "steveej-x13s-rmvbl" # "elias-e525" # "justyna-p300" @@ -186,7 +187,7 @@ , lib , pkgs , ... - }: rec { + }: { imports = [ ./nix/modules/flake-parts/perSystem/default.nix ]; diff --git a/nix/os/devices/steveej-x13s-rmvbl/configuration.nix b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix index fd8e1c1..6e902e6 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/configuration.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix @@ -10,9 +10,139 @@ }: { + nixos-x13s = { + enable = true; + # TODO: use hardware address + bluetoothMac = "65:9e:7a:8b:86:28"; + }; + + systemd.services.bluetooth-mac = { + enable = true; + path = [ + pkgs.systemd + pkgs.util-linux + pkgs.bluez5-experimental + pkgs.expect + ]; + script = '' + # TODO: this may not be required + while ! (journalctl -b0 | grep 'Bluetooth: hci0: QCA setup on UART is completed'); do + echo Waiting for bluetooth firmware to complete + echo sleep 1 + done + + ( + # best effort + set +e + rfkill block bluetooth + echo $? + btmgmt public-addr ${config.nixos-x13s.bluetoothMac} + echo $? + rfkill unblock bluetooth + echo $? + ) + ''; + requiredBy = [ "bluetooth.service" ]; + before = [ "bluetooth.service" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + + # we need a tty, otherwise btmgmt will hang + StandardInput = "tty"; + TTYPath = "/dev/tty2"; + TTYReset = "yes"; + TTYVHangup = "yes"; + }; + }; + imports = [ - ../steveej-x13s/configuration.nix + nodeFlake.inputs.nixos-x13s.nixosModules.default + + repoFlake.inputs.sops-nix.nixosModules.sops + nodeFlake.inputs.disko.nixosModules.disko + ./disko.nix + + ../../snippets/nix-settings.nix + ../../profiles/common/user.nix + + { + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "yes"; + services.openssh.openFirewall = true; + + sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + users.commonUsers = { + enable = true; + enableNonRoot = true; + }; + } + + + ../../snippets/home-manager-with-zsh.nix + ../../snippets/sway-desktop.nix + ../../snippets/bluetooth.nix + ../../snippets/timezone.nix + ../../snippets/radicale.nix ]; - users.commonUsers.installPassword = "install"; + networking.hostName = nodeName; + networking.firewall.enable = true; + networking.networkmanager.enable = true; + + nixpkgs.config.allowUnfree = true; + + environment.systemPackages = [ + pkgs.sshfs + pkgs.util-linux + pkgs.coreutils + pkgs.vim + + pkgs.git + pkgs.git-crypt + ]; + + system.stateVersion = "23.11"; + home-manager.users.root = _: { + home.stateVersion = "23.11"; + }; + home-manager.users.steveej = _: { + home.stateVersion = "23.11"; + + imports = [ + ../../../home-manager/configuration/graphical-fullblown.nix + ]; + + home.sessionVariables = { }; + + home.packages = with pkgs; [ + ]; + + # TODO: currently unsupported + services.gammastep.enable = lib.mkForce false; + # programs.chromium.enable = lib.mkForce false; + }; + + boot = { + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = lib.mkForce false; + loader.efi.efiSysMountPoint = "/boot"; + blacklistedKernelModules = [ "wwan" ]; + }; + + # see https://linrunner.de/tlp/ + services.tlp = { + enable = true; + settings = { + START_CHARGE_THRESH_BAT0 = "80"; + STOP_CHARGE_THRESH_BAT0 = "85"; + }; + }; + + # android on linux + virtualisation.waydroid.enable = true; + virtualisation.podman.enable = true; + virtualisation.podman.dockerCompat = true; } diff --git a/nix/os/devices/steveej-x13s-rmvbl/default.nix b/nix/os/devices/steveej-x13s-rmvbl/default.nix index e7a5794..fc3933e 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/default.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/default.nix @@ -1,6 +1,7 @@ { system ? "aarch64-linux" , nodeName , repoFlake +, repoFlakeWithSystem , nodeFlake , localDomainName ? "internal" , ... @@ -9,6 +10,7 @@ inherit repoFlake nodeName nodeFlake system; packages' = repoFlake.packages.${system}; nodePackages' = nodeFlake.packages.${system}; + repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs'); inherit localDomainName; }; @@ -24,10 +26,10 @@ deployment.replaceUnknownProfiles = true; deployment.allowLocalDeployment = true; + # nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system}; + imports = [ (repoFlake + "/nix/os/devices/${nodeName}/configuration.nix") ]; - - networking.hostName = nodeName; }; } diff --git a/nix/os/devices/steveej-x13s-rmvbl/flake.lock b/nix/os/devices/steveej-x13s-rmvbl/flake.lock index 6fc6701..dcc457f 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/flake.lock +++ b/nix/os/devices/steveej-x13s-rmvbl/flake.lock @@ -19,6 +19,24 @@ "type": "indirect" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1704982712, + "narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "07f6395285469419cf9d078f59b5b49993198c00", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "get-flake": { "locked": { "lastModified": 1694475786, @@ -71,6 +89,27 @@ "type": "github" } }, + "nixos-x13s": { + "inputs": { + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1706097550, + "narHash": "sha256-rR4HMpUlT7SbVPxQIvWH0DsxaEQcjTLqLrst2xoT1CY=", + "ref": "refs/heads/main", + "rev": "732a0f1549996740bdb06989599a5f0653de5056", + "revCount": 6, + "type": "git", + "url": "https://codeberg.org/steveej/nixos-x13s" + }, + "original": { + "type": "git", + "url": "https://codeberg.org/steveej/nixos-x13s" + } + }, "nixpkgs": { "locked": { "lastModified": 1705916986, @@ -103,6 +142,24 @@ "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "dir": "lib", + "lastModified": 1703961334, + "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9", + "type": "github" + }, + "original": { + "dir": "lib", + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-unstable-small": { "locked": { "lastModified": 1706022028, @@ -125,6 +182,7 @@ "get-flake": "get-flake", "home-manager": "home-manager", "mobile-nixos": "mobile-nixos", + "nixos-x13s": "nixos-x13s", "nixpkgs": "nixpkgs", "nixpkgs-2211": "nixpkgs-2211", "nixpkgs-unstable-small": "nixpkgs-unstable-small" diff --git a/nix/os/devices/steveej-x13s-rmvbl/flake.nix b/nix/os/devices/steveej-x13s-rmvbl/flake.nix index 9a6bcba..cf5a06e 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/flake.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/flake.nix @@ -3,7 +3,7 @@ { nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; - # requires for home-manager modules + # required for home-manager modules nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; @@ -18,6 +18,9 @@ url = "github:nix-community/home-manager/release-23.11"; inputs.nixpkgs.follows = "nixpkgs"; }; + + nixos-x13s.url = "git+https://codeberg.org/steveej/nixos-x13s"; + nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = @@ -27,51 +30,60 @@ , ... }: let - targetPlatform = "aarch64-linux"; + system = "aarch64-linux"; buildPlatform = "x86_64-linux"; - nodeName = "steveej-x13s-rmvbl"; - - x13s-flake = get-flake ../steveej-x13s; - - mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs: - nixpkgs.lib.nixosSystem ( - nixpkgs.lib.attrsets.recursiveUpdate - attrs - { - specialArgs = (import ./default.nix { - system = targetPlatform; - inherit nodeName; - - repoFlake = get-flake ../../../..; - - # TODO: double-check if this hack doesn't have negative side-effects - # the reason for it is so that `nodeFlake.inputs.nixos-x13s.nixosModules.default` in the module is found - nodeFlake = x13s-flake; - }).meta.nodeSpecialArgs.${nodeName}; - - modules = - [ - ../steveej-x13s/configuration.nix - ./configuration.nix - ] - ++ extraModules; - } - ); + repoFlake = get-flake ../../../..; in { - nixosConfigurations = { - native = mkNixosConfiguration { - system = targetPlatform; - }; + lib = { + mkNixosConfiguration = { nodeName, extraModules ? [ ], ... } @ attrs: + nixpkgs.lib.nixosSystem ( + nixpkgs.lib.attrsets.recursiveUpdate + attrs + { + specialArgs = (import ./default.nix { + inherit system; + inherit nodeName repoFlake; - cross = mkNixosConfiguration { - extraModules = [ - { - nixpkgs.buildPlatform.system = buildPlatform; - nixpkgs.hostPlatform.system = targetPlatform; - } - ]; - }; + nodeFlake = self; + }).meta.nodeSpecialArgs.${nodeName}; + + modules = + [ + # repoFlake.nixosModules.hardware-x13s + ] + ++ extraModules; + } + ); }; + + nixosConfigurations = + let + nodeName = "steveej-x13s-rmvbl"; + in + { + native = self.lib.mkNixosConfiguration { + inherit system nodeName; + extraModules = [ + ./configuration.nix + + { + users.commonUsers.installPassword = "install"; + } + ]; + }; + + cross = self.lib.mkNixosConfiguration { + inherit nodeName; + extraModules = [ + ./configuration.nix + + { + nixpkgs.buildPlatform.system = buildPlatform; + nixpkgs.hostPlatform.system = system; + } + ]; + }; + }; }; } diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 9f10331..6220ebb 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -3,7 +3,7 @@ { nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; - # requires for home-manager modules + # required for home-manager modules nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; @@ -32,10 +32,9 @@ let targetPlatform = "aarch64-linux"; buildPlatform = "x86_64-linux"; - nodeName = "steveej-x13s"; repoFlake = get-flake ../../../..; - mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs: + mkNixosConfiguration = { nodeName, extraModules ? [ ], ... } @ attrs: nixpkgs.lib.nixosSystem ( nixpkgs.lib.attrsets.recursiveUpdate attrs @@ -50,28 +49,40 @@ modules = [ # repoFlake.nixosModules.hardware-x13s - - - ./configuration.nix ] ++ extraModules; } ); in { - nixosConfigurations = { - native = mkNixosConfiguration { - system = targetPlatform; - }; - - cross = mkNixosConfiguration { - extraModules = [ - { - nixpkgs.buildPlatform.system = buildPlatform; - nixpkgs.hostPlatform.system = targetPlatform; - } - ]; - }; + lib = { + inherit mkNixosConfiguration; }; + + nixosConfigurations = + let + nodeName = "steveej-x13s"; + in + { + native = mkNixosConfiguration { + inherit nodeName; + system = targetPlatform; + extraModules = [ + ./configuration.nix + ]; + }; + + cross = mkNixosConfiguration { + inherit nodeName; + extraModules = [ + ./configuration.nix + + { + nixpkgs.buildPlatform.system = buildPlatform; + nixpkgs.hostPlatform.system = targetPlatform; + } + ]; + }; + }; }; } diff --git a/nix/os/profiles/common/user.nix b/nix/os/profiles/common/user.nix index 0df5e5f..1b6afbd 100644 --- a/nix/os/profiles/common/user.nix +++ b/nix/os/profiles/common/user.nix @@ -61,7 +61,7 @@ in }) { - users.mutableUsers = lib.mkForce false; + users.mutableUsers = cfg.installPassword != ""; users.users.root = lib.mkMerge [ { From a3305c5af5666ca2e33991116afb829475dc1934 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 28 Jan 2024 21:54:43 +0100 Subject: [PATCH 024/305] x13s-rmvbl: attempt to load msm with firmware --- nix/os/devices/steveej-x13s-rmvbl/configuration.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/nix/os/devices/steveej-x13s-rmvbl/configuration.nix b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix index 6e902e6..eae1137 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/configuration.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix @@ -130,6 +130,17 @@ loader.efi.canTouchEfiVariables = lib.mkForce false; loader.efi.efiSysMountPoint = "/boot"; blacklistedKernelModules = [ "wwan" ]; + + initrd.kernelModules = [ + "phy_qcom_qmp_usb" + "uas" + + "msm" + ]; + + initrd.extraFiles = { + "firmware/qcom/sc8280xp/LENOVO/21BX/qcvss8280.mbn".source = nodeFlake.inputs.nixos-x13s.packages.${system}."x13s/extra-firmware"; + }; }; # see https://linrunner.de/tlp/ From b338e785526a023ee29878bc2aa11fcb08c42513 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 30 Jan 2024 10:11:09 +0100 Subject: [PATCH 025/305] steveej-x13s: switch to adamcstephens' repo --- nix/os/devices/steveej-x13s/flake.lock | 30 +++++++++++++------------- nix/os/devices/steveej-x13s/flake.nix | 2 +- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index dcc457f..2be1c5a 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1705890365, - "narHash": "sha256-MObB+fipA/2Ai3uMuNouxcwz0cqvELPpJ+hfnhSaUeA=", + "lastModified": 1706491084, + "narHash": "sha256-eaEv+orTmr2arXpoE4aFZQMVPOYXCBEbLgK22kOtkhs=", "owner": "nix-community", "repo": "disko", - "rev": "9fcdf3375e01e2938a49df103af9fd21bd0f89d9", + "rev": "f67ba6552845ea5d7f596a24d57c33a8a9dc8de9", "type": "github" }, "original": { @@ -97,26 +97,26 @@ ] }, "locked": { - "lastModified": 1706097550, - "narHash": "sha256-rR4HMpUlT7SbVPxQIvWH0DsxaEQcjTLqLrst2xoT1CY=", + "lastModified": 1706542645, + "narHash": "sha256-XIxV5qw9cfAfRZfuw6J/GBhJxiSCQ37fnu7ZaF3Vk58=", "ref": "refs/heads/main", - "rev": "732a0f1549996740bdb06989599a5f0653de5056", - "revCount": 6, + "rev": "769c31de6af3ddc9853e388b31af8faba01709b7", + "revCount": 9, "type": "git", - "url": "https://codeberg.org/steveej/nixos-x13s" + "url": "https://codeberg.org/adamcstephens/nixos-x13s" }, "original": { "type": "git", - "url": "https://codeberg.org/steveej/nixos-x13s" + "url": "https://codeberg.org/adamcstephens/nixos-x13s" } }, "nixpkgs": { "locked": { - "lastModified": 1705916986, - "narHash": "sha256-iBpfltu6QvN4xMpen6jGGEb6jOqmmVQKUrXdOJ32u8w=", + "lastModified": 1706515015, + "narHash": "sha256-eFfY5A7wlYy3jD/75lx6IJRueg4noE+jowl0a8lIlVo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d7f206b723e42edb09d9d753020a84b3061a79d8", + "rev": "f4a8d6d5324c327dcc2d863eb7f3cc06ad630df4", "type": "github" }, "original": { @@ -162,11 +162,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1706022028, - "narHash": "sha256-F8Gv4R4K/AvS3+6pWd8wlnw4Vhgf7bcszy7i8XPbzA0=", + "lastModified": 1706631780, + "narHash": "sha256-prq+Rk/1drYmoG5Xm/ttzyYux2NNn5ZGX0Lt3j69VBo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "15ff1758e7816331033baa14eebbea68626128f3", + "rev": "d3c09ae008dbb08a238aadfad70d5a168bc63e29", "type": "github" }, "original": { diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 6220ebb..941ddd6 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -19,7 +19,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - nixos-x13s.url = "git+https://codeberg.org/steveej/nixos-x13s"; + nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s"; nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; }; From 4983a278130ca061c32df078599f44e7b2e42736 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 31 Jan 2024 09:42:16 +0100 Subject: [PATCH 026/305] fmt(espanso) --- nix/home-manager/programs/espanso.nix | 116 +++++++++++++------------- 1 file changed, 59 insertions(+), 57 deletions(-) diff --git a/nix/home-manager/programs/espanso.nix b/nix/home-manager/programs/espanso.nix index 23f727a..439ced1 100644 --- a/nix/home-manager/programs/espanso.nix +++ b/nix/home-manager/programs/espanso.nix @@ -1,4 +1,4 @@ -{pkgs, ...}: { +{ pkgs, ... }: { services.espanso = { # package = pkgs.espanso.overrideAttrs(_: { # # src = @@ -10,64 +10,66 @@ # backend = "Clipboard"; }; }; - matches = let - playerctl = '' - ${pkgs.coreutils}/bin/env DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(${pkgs.coreutils}/bin/id -u)/bus" ${pkgs.playerctl}/bin/playerctl''; - in { - default = { - matches = [ - { - trigger = ":vpos"; - replace = "{{output}}"; - vars = [ - { - name = "output"; - type = "script"; - params = { - args = [ - (pkgs.writeScript "espanso" '' - #! ${pkgs.python3}/bin/python - import subprocess, os, math, datetime + matches = + let + playerctl = '' + ${pkgs.coreutils}/bin/env DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(${pkgs.coreutils}/bin/id -u)/bus" ${pkgs.playerctl}/bin/playerctl''; + in + { + default = { + matches = [ + { + trigger = ":vpos"; + replace = "{{output}}"; + vars = [ + { + name = "output"; + type = "script"; + params = { + args = [ + (pkgs.writeScript "espanso" '' + #! ${pkgs.python3}/bin/python + import subprocess, os, math, datetime - id=str(os.getuid()) - result=subprocess.run(args=["${pkgs.playerctl}/bin/playerctl", "position"], env={"DBUS_SESSION_BUS_ADDRESS": "unix:path=/run/user/"+id+"/bus"},capture_output=True) - result.check_returncode() + id=str(os.getuid()) + result=subprocess.run(args=["${pkgs.playerctl}/bin/playerctl", "position"], env={"DBUS_SESSION_BUS_ADDRESS": "unix:path=/run/user/"+id+"/bus"},capture_output=True) + result.check_returncode() - position_secs = math.trunc(float(result.stdout)) - position_human = datetime.timedelta(seconds=position_secs) - print("%s - %s" % (position_human, position_secs)) - '') - ]; - }; - } - ]; - } - { - trigger = ":vtit"; - replace = "{{output}}"; - vars = [ - { - name = "output"; - type = "script"; - params = { - args = [ - (pkgs.writeShellScript "espanso" - "${playerctl} metadata title") - ]; - }; - } - ]; - } - { - trigger = ":dunno"; - replace = "¯\\_(ツ)_/¯"; - } - { - trigger = ":shrug"; - replace = "¯\\_(ツ)_/¯"; - } - ]; + position_secs = math.trunc(float(result.stdout)) + position_human = datetime.timedelta(seconds=position_secs) + print("%s - %s" % (position_human, position_secs)) + '') + ]; + }; + } + ]; + } + { + trigger = ":vtit"; + replace = "{{output}}"; + vars = [ + { + name = "output"; + type = "script"; + params = { + args = [ + (pkgs.writeShellScript "espanso" + "${playerctl} metadata title") + ]; + }; + } + ]; + } + { + trigger = ":dunno"; + replace = "¯\\_(ツ)_/¯"; + } + { + trigger = ":shrug"; + replace = "¯\\_(ツ)_/¯"; + } + ]; + }; }; - }; }; } From 4fb9e024aa16992a41a21e867c76a4c6eb4ca6d7 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 31 Jan 2024 09:42:30 +0100 Subject: [PATCH 027/305] graphical-fullblown: enable espanso --- nix/home-manager/configuration/graphical-fullblown.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 7564c35..750140a 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -25,7 +25,7 @@ in ../programs/gpg-agent.nix ../programs/pass.nix - # ../programs/espanso.nix + ../programs/espanso.nix ../programs/firefox.nix ../programs/chromium.nix From 5c840c68d82dcbe2159edd54d6aaaab2606ac1c5 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 1 Feb 2024 15:50:46 +0100 Subject: [PATCH 028/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 12 ++++++------ nix/os/devices/steveej-x13s/flake.nix | 1 + 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 2be1c5a..493b409 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -112,11 +112,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1706515015, - "narHash": "sha256-eFfY5A7wlYy3jD/75lx6IJRueg4noE+jowl0a8lIlVo=", + "lastModified": 1706718339, + "narHash": "sha256-S+S97c/HzkO2A/YsU7ZmNF9w2s7Xk6P8dzmfDdckzLs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f4a8d6d5324c327dcc2d863eb7f3cc06ad630df4", + "rev": "53fbe41cf76b6a685004194e38e889bc8857e8c2", "type": "github" }, "original": { @@ -162,11 +162,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1706631780, - "narHash": "sha256-prq+Rk/1drYmoG5Xm/ttzyYux2NNn5ZGX0Lt3j69VBo=", + "lastModified": 1706768163, + "narHash": "sha256-mSQ/t2+AriQCxsHHDJ/2uJGMnUzjZLKFVYImln05JPs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d3c09ae008dbb08a238aadfad70d5a168bc63e29", + "rev": "32cf02a2607143d94c565c068b73fe45fd57c3a0", "type": "github" }, "original": { diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 941ddd6..0201bb9 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -19,6 +19,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + # nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?rev=5044811f7804e7cf83923908d1b35322f34fb3fc"; # 6.7.0-1 nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s"; nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; }; From 0e000f87e4e26566eaaa3bf2a8ea8ba786cff43a Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 7 Feb 2024 11:08:26 +0100 Subject: [PATCH 029/305] update toplevel and nixos-x13s --- flake.lock | 197 ++++++++++++------------- flake.nix | 10 +- nix/os/devices/steveej-x13s/flake.lock | 20 +-- 3 files changed, 107 insertions(+), 120 deletions(-) diff --git a/flake.lock b/flake.lock index 4cd0d25..08892be 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "adamcstephens_stop-export": { "flake": false, "locked": { - "lastModified": 1705876512, - "narHash": "sha256-nvBqLyi8dMQf3xnROwEcUv4iqV55Mr8S8OGYepu14i4=", + "lastModified": 1706405938, + "narHash": "sha256-L+MeX7m78uM09h/7b0jtyGOlgJC1ETQHCBphcJRa5V0=", "ref": "refs/heads/main", - "rev": "388684db5b529bbd6f3e948cf175df089eb09766", - "revCount": 14, + "rev": "823b14873da7cc0a8a6bf37eaab71d10863272d3", + "revCount": 16, "type": "git", "url": "https://codeberg.org/adamcstephens/stop-export.git" }, @@ -16,23 +16,6 @@ "url": "https://codeberg.org/adamcstephens/stop-export.git" } }, - "alsa-ucm-conf": { - "flake": false, - "locked": { - "lastModified": 1705501566, - "narHash": "sha256-Nyr7tjH5VBjocvaKaHCiK+zsjThYBtcr936aRWCBBpM=", - "owner": "alsa-project", - "repo": "alsa-ucm-conf", - "rev": "e87dde51d68950537f92af955ad0633437cc419a", - "type": "github" - }, - "original": { - "owner": "alsa-project", - "ref": "master", - "repo": "alsa-ucm-conf", - "type": "github" - } - }, "aphorme_launcher": { "flake": false, "locked": { @@ -77,11 +60,11 @@ "stable": "stable" }, "locked": { - "lastModified": 1699171528, - "narHash": "sha256-ZsN6y+tgN5w84oAqRQpMhIvQM39ZNSZoZvn2AK0QYr4=", + "lastModified": 1706509311, + "narHash": "sha256-QQKQ6r3CID8aXn2ZXZ79ZJxdCOeVP+JTnOctDALErOw=", "owner": "zhaofengli", "repo": "colmena", - "rev": "665603956a1c3040d756987bc7a810ffe86a3b15", + "rev": "c84ccd0a7a712475e861c2b111574472b1a8d0cd", "type": "github" }, "original": { @@ -97,11 +80,11 @@ ] }, "locked": { - "lastModified": 1703439018, - "narHash": "sha256-VT+06ft/x3eMZ1MJxWzQP3zXFGcrxGo5VR2rB7t88hs=", + "lastModified": 1707075082, + "narHash": "sha256-PUplk5F5jlIyofxqn/xEDN9pbjrd0tnkd0pDsZ52db0=", "owner": "ipetkov", "repo": "crane", - "rev": "afdcd41180e3dfe4dac46b5ee396e3b12ccc967a", + "rev": "7d5b46c17d857ee9ddb2e8d88185729a3e5637b6", "type": "github" }, "original": { @@ -156,11 +139,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1704176544, - "narHash": "sha256-A6PfA1DB6cF3cQerysGK8zIumGTrXucdHoFRU+8H7Lc=", + "lastModified": 1706941198, + "narHash": "sha256-t6/qloMYdknVJ9a3QzjylQIZnQfgefJ5kMim50B7dwA=", "owner": "nix-community", "repo": "fenix", - "rev": "54df821cae7bd492a049ef213336810247128110", + "rev": "28dbd8b43ea328ee708f7da538c63e03d5ed93c8", "type": "github" }, "original": { @@ -205,11 +188,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1704152458, - "narHash": "sha256-DS+dGw7SKygIWf9w4eNBUZsK+4Ug27NwEWmn2tnbycg=", + "lastModified": 1706830856, + "narHash": "sha256-a0NYyp+h9hlb7ddVz4LUn1vT/PLwqfrWYcHMvFB1xYg=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "88a2cd8166694ba0b6cb374700799cec53aef527", + "rev": "b253292d9c0a5ead9bc98c4e9a26c6312e27d69f", "type": "github" }, "original": { @@ -261,6 +244,27 @@ "type": "github" } }, + "flake-parts_4": { + "inputs": { + "nixpkgs-lib": [ + "srvos", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1706830856, + "narHash": "sha256-a0NYyp+h9hlb7ddVz4LUn1vT/PLwqfrWYcHMvFB1xYg=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "b253292d9c0a5ead9bc98c4e9a26c6312e27d69f", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1659877975, @@ -281,11 +285,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", "owner": "numtide", "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", "type": "github" }, "original": { @@ -327,11 +331,11 @@ "jay": { "flake": false, "locked": { - "lastModified": 1698077919, - "narHash": "sha256-X4bMOBS2WFcbiOiynvSId1XoWgQW3wbO7/atJ9V7buk=", + "lastModified": 1707233644, + "narHash": "sha256-VMbqnbhmevlWjVaabBgwB62CKQay6LrTyQ7XvDv/lC0=", "owner": "mahkoh", "repo": "jay", - "rev": "b4d73064d9c112c69ff16200231145ccffcb3e81", + "rev": "e7709f695f3cfcf9bb9e857cb488f0c7f269d719", "type": "github" }, "original": { @@ -346,11 +350,11 @@ "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1704024543, - "narHash": "sha256-hmKcKSuTqVK47l2G0PkLAinZN1oCOb6XdPPJhNCQ2rg=", + "lastModified": 1707048513, + "narHash": "sha256-gZh1mHkjtOmXrlgWWdl6G27NlKuNuruz1lOnhgmg1Nk=", "owner": "nix-community", "repo": "lib-aggregate", - "rev": "4608880f02f8f868e1b7f85c60abdfc5cb0cf9ec", + "rev": "83a014ca34f5cf6ef441b760e12d503856f20b35", "type": "github" }, "original": { @@ -362,11 +366,11 @@ "linux_x13s": { "flake": false, "locked": { - "lastModified": 1705680516, - "narHash": "sha256-NjCuPYjYHBJcoJR1ZaWQ9sRh0VpY2Y0hawkbUBRfCvk=", + "lastModified": 1706261399, + "narHash": "sha256-NJSN4j2VbFIPerb/bFqmaYbcHjxF3u6lijuXpC0USYo=", "owner": "jhovold", "repo": "linux", - "rev": "bac95eabe6577faa2773cbe7e91c34fd17ab79a0", + "rev": "b929f8eed9ad1f156cae932dea741bc4383e6367", "type": "github" }, "original": { @@ -396,11 +400,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1703466376, - "narHash": "sha256-Wy8iF8u5KSzrTxg1hStTBmUjzzKdKyCyMOg8b/eTvVQ=", + "lastModified": 1705242886, + "narHash": "sha256-TLj334vRwFtSym3m+NnKcNCnKKPNoTC/TDZL40vmOso=", "owner": "nix-community", "repo": "nix-eval-jobs", - "rev": "64104a3c55593c903af78af86a4c9d2e5487a2d7", + "rev": "6b03a93296faf174b97546fd573c8b379f523a8d", "type": "github" }, "original": { @@ -443,11 +447,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1704071157, - "narHash": "sha256-p8KFWE16nu8ltY17psLU4KTcxXTpjvc1fCzMVPel080=", + "lastModified": 1704629536, + "narHash": "sha256-hCMBZ61Kpj54JD/miAhhoSHWMyP6NWrOmYOSHd0rB4E=", "owner": "numtide", "repo": "nixos-anywhere", - "rev": "d2911784c30a6c94d3a581bc99c94d3ce0deba0b", + "rev": "4c94cecf3dd551adf1359fb06aa926330f44e5a6", "type": "github" }, "original": { @@ -498,22 +502,6 @@ "type": "github" } }, - "nixos-stable_2": { - "locked": { - "lastModified": 1703900474, - "narHash": "sha256-Zu+chYVYG2cQ4FCbhyo6rc5Lu0ktZCjRbSPE0fDgukI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "9dd7699928e26c3c00d5d46811f1358524081062", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1703134684, @@ -548,11 +536,11 @@ }, "nixpkgs-2305": { "locked": { - "lastModified": 1704018918, - "narHash": "sha256-erjg/HrpC9liEfm7oLqb8GXCqsxaFwIIPqCsknW5aFY=", + "lastModified": 1704290814, + "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2c9c58e98243930f8cb70387934daa4bc8b00373", + "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", "type": "github" }, "original": { @@ -564,11 +552,11 @@ }, "nixpkgs-2311": { "locked": { - "lastModified": 1705916986, - "narHash": "sha256-iBpfltu6QvN4xMpen6jGGEb6jOqmmVQKUrXdOJ32u8w=", + "lastModified": 1707091808, + "narHash": "sha256-LahKBAfGbY836gtpVNnWwBTIzN7yf/uYM/S0g393r0Y=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d7f206b723e42edb09d9d753020a84b3061a79d8", + "rev": "9f2ee8c91ac42da3ae6c6a1d21555f283458247e", "type": "github" }, "original": { @@ -581,11 +569,11 @@ "nixpkgs-lib": { "locked": { "dir": "lib", - "lastModified": 1703961334, - "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=", + "lastModified": 1706550542, + "narHash": "sha256-UcsnCG6wx++23yeER4Hg18CXWbgNpqNXcHIo5/1Y+hc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9", + "rev": "97b17f32362e475016f942bbdfda4a4a72a8a652", "type": "github" }, "original": { @@ -598,11 +586,11 @@ }, "nixpkgs-lib_2": { "locked": { - "lastModified": 1703983607, - "narHash": "sha256-YECXW8P0bqFM5e65Mu2fL4wZlonNWCuNEk7UQPsuJZ0=", + "lastModified": 1707007541, + "narHash": "sha256-fuFppCuZO4wJAfodUkiWhtSxTb+pkBW+lJP2S51jRNU=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "a6c99b57d2e58f7fc6d52a08b0ba40160e75f738", + "rev": "948ff77600f9fff8c904d1e1ffb87a60773991af", "type": "github" }, "original": { @@ -613,11 +601,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1703950681, - "narHash": "sha256-veU5bE4eLOmi7aOzhE7LfZXcSOONRMay0BKv01WHojo=", + "lastModified": 1705957679, + "narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0aad9113182747452dbfc68b93c86e168811fa6c", + "rev": "9a333eaa80901efe01df07eade2c16d183761fa3", "type": "github" }, "original": { @@ -629,11 +617,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1706112902, - "narHash": "sha256-GKPwSY0fBShj0FfaPqA4gg5oHGhpya/m2DVb+3m+Uzs=", + "lastModified": 1707217908, + "narHash": "sha256-5Dauh04xrEZqlokpYWftfVmDrljORnA48tGrRp+TURM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5cd2baa57a9ff2d84f2615700434fa04f3067fdb", + "rev": "3b0709da3eeed918323399c68b1fe4309b2ac483", "type": "github" }, "original": { @@ -651,11 +639,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1704201485, - "narHash": "sha256-pFDUR45wmq1HehY3WlJOJydFkLOzKC2pWqvMykLj2Qk=", + "lastModified": 1707290091, + "narHash": "sha256-QX1lZCenEuNe/yFnPUuxEA5B3QJx3D5UEeLvWQ4QK1w=", "owner": "nix-community", "repo": "nixpkgs-wayland", - "rev": "b0c06873775fe978bd9384ab14c24903bde92e74", + "rev": "2a54a12e504659a36b20bfce96522b403fa73fdd", "type": "github" }, "original": { @@ -666,11 +654,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1703961334, - "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=", + "lastModified": 1707092692, + "narHash": "sha256-ZbHsm+mGk/izkWtT4xwwqz38fdlwu7nUUKXTOmm4SyE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9", + "rev": "faf912b086576fd1a15fca610166c98d47bc667e", "type": "github" }, "original": { @@ -716,7 +704,6 @@ "root": { "inputs": { "adamcstephens_stop-export": "adamcstephens_stop-export", - "alsa-ucm-conf": "alsa-ucm-conf", "aphorme_launcher": "aphorme_launcher", "brainwart_x13s-nixos": "brainwart_x13s-nixos", "colmena": "colmena", @@ -758,11 +745,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1704114818, - "narHash": "sha256-/0gMZ32JaUTQ0THA/S9rcQSAmEKfL3hGorX5En8lG98=", + "lastModified": 1706875368, + "narHash": "sha256-KOBXxNurIU2lEmO6lR2A5El32X9x8ITt25McxKZ/Ew0=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "a8d935eedc80df8b453d90539cbe78b7e2c75e3c", + "rev": "8f6a72871ec87ed53cfe43a09fb284168a284e7e", "type": "github" }, "original": { @@ -796,11 +783,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1703991717, - "narHash": "sha256-XfBg2dmDJXPQEB8EdNBnzybvnhswaiAkUeeDj7fa/hQ=", + "lastModified": 1707015547, + "narHash": "sha256-YZr0OrqWPdbwBhxpBu69D32ngJZw8AMgZtJeaJn0e94=", "owner": "Mic92", "repo": "sops-nix", - "rev": "cfdbaf68d00bc2f9e071f17ae77be4b27ff72fa6", + "rev": "23f61b897c00b66855074db471ba016e0cda20dd", "type": "github" }, "original": { @@ -811,17 +798,17 @@ }, "srvos": { "inputs": { - "nixos-stable": "nixos-stable_2", + "flake-parts": "flake-parts_4", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1704204620, - "narHash": "sha256-u7C59X3s706W9ptqfYHLlZlropun5Fzr9eYaKAsEuN8=", + "lastModified": 1707160670, + "narHash": "sha256-svt/yQB8l/edU9yhYB78lIGKiaO7mXzUQvu/uJLZAVs=", "owner": "numtide", "repo": "srvos", - "rev": "e5eecdf21bdf048cef7cb9e52bf573fdf959d491", + "rev": "977371a151fc3c96d6fac923b3032d07000e9490", "type": "github" }, "original": { @@ -912,11 +899,11 @@ ] }, "locked": { - "lastModified": 1702939607, - "narHash": "sha256-nPIt1JIQ3g6lBE7+qI8gV1cmJ+uA55aAzho2dGOIFik=", + "lastModified": 1707043587, + "narHash": "sha256-bSuJX5BNN31XMFPinZhteeJO0M8ZHaSoXQXXwZ5MR1c=", "owner": "l4l", "repo": "yofi", - "rev": "c0ca3365a702e7a2852a801ca357df5eb87d0cf9", + "rev": "5b67f8db1ee9bd1e09b3bf3354d08bd5e89f596e", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 46ae21a..96acff4 100644 --- a/flake.nix +++ b/flake.nix @@ -92,10 +92,10 @@ }; - alsa-ucm-conf = { - flake = false; - url = "github:alsa-project/alsa-ucm-conf/master"; - }; + # alsa-ucm-conf = { + # flake = false; + # url = "github:alsa-project/alsa-ucm-conf/master"; + # }; logseq_0_10_5_aarch64_appimage = { @@ -326,7 +326,7 @@ }; flake.nixosModules = { - thinkpad-x13s = { pkgs, config, lib, options, ... } @ args: (import ./nix/os/modules/hardware.thinkpad-x13s.nix (args // { inherit self; })); + # thinkpad-x13s = { pkgs, config, lib, options, ... } @ args: (import ./nix/os/modules/hardware.thinkpad-x13s.nix (args // { inherit self; })); }; }); } diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 493b409..3d547b2 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -24,11 +24,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1704982712, - "narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=", + "lastModified": 1706830856, + "narHash": "sha256-a0NYyp+h9hlb7ddVz4LUn1vT/PLwqfrWYcHMvFB1xYg=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "07f6395285469419cf9d078f59b5b49993198c00", + "rev": "b253292d9c0a5ead9bc98c4e9a26c6312e27d69f", "type": "github" }, "original": { @@ -97,11 +97,11 @@ ] }, "locked": { - "lastModified": 1706542645, - "narHash": "sha256-XIxV5qw9cfAfRZfuw6J/GBhJxiSCQ37fnu7ZaF3Vk58=", + "lastModified": 1707142515, + "narHash": "sha256-qTiDyZP7JvTyITRwmAGo9KGMJx0lj7ibhYqe65/Gypc=", "ref": "refs/heads/main", - "rev": "769c31de6af3ddc9853e388b31af8faba01709b7", - "revCount": 9, + "rev": "66bc91c89daf8a14769e1f403004578463578138", + "revCount": 12, "type": "git", "url": "https://codeberg.org/adamcstephens/nixos-x13s" }, @@ -145,11 +145,11 @@ "nixpkgs-lib": { "locked": { "dir": "lib", - "lastModified": 1703961334, - "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=", + "lastModified": 1706550542, + "narHash": "sha256-UcsnCG6wx++23yeER4Hg18CXWbgNpqNXcHIo5/1Y+hc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9", + "rev": "97b17f32362e475016f942bbdfda4a4a72a8a652", "type": "github" }, "original": { From 5eb9160b4f21708b254794cc054f5c0e8fc90c70 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 7 Feb 2024 11:08:46 +0100 Subject: [PATCH 030/305] x13s: enable ledger hw support --- nix/os/devices/steveej-x13s/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 6e902e6..d0a9982 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -145,4 +145,6 @@ virtualisation.waydroid.enable = true; virtualisation.podman.enable = true; virtualisation.podman.dockerCompat = true; + + hardware.ledger.enable = true; } From 7b1b54ac9ff4012f4b7587d642422b14ca51aef4 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 7 Feb 2024 11:15:16 +0100 Subject: [PATCH 031/305] shift illum serivce around and enable on x13s --- nix/os/devices/steveej-x13s/configuration.nix | 5 ++++- nix/os/profiles/graphical/system.nix | 1 - nix/os/profiles/removable-medium/system.nix | 2 ++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index d0a9982..e45fc83 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -16,6 +16,8 @@ bluetoothMac = "65:9e:7a:8b:86:28"; }; + services.illum.enable = true; + systemd.services.bluetooth-mac = { enable = true; path = [ @@ -133,8 +135,9 @@ }; # see https://linrunner.de/tlp/ + # TODO: find an equivalent to tlp that supports this machine services.tlp = { - enable = true; + enable = false; settings = { START_CHARGE_THRESH_BAT0 = "80"; STOP_CHARGE_THRESH_BAT0 = "85"; diff --git a/nix/os/profiles/graphical/system.nix b/nix/os/profiles/graphical/system.nix index 4e68144..a90c1e8 100644 --- a/nix/os/profiles/graphical/system.nix +++ b/nix/os/profiles/graphical/system.nix @@ -22,7 +22,6 @@ services.resolved.enable = true; # hardware related services - services.illum.enable = true; services.pcscd.enable = true; hardware.opengl.enable = true; diff --git a/nix/os/profiles/removable-medium/system.nix b/nix/os/profiles/removable-medium/system.nix index 10a18ef..7586a85 100644 --- a/nix/os/profiles/removable-medium/system.nix +++ b/nix/os/profiles/removable-medium/system.nix @@ -5,6 +5,8 @@ ... }: let in { + services.illum.enable = true; + services.printing = {enable = false;}; services.spice-vdagentd.enable = true; From a9218a80e6e22783fecdd85595bc9586c1d307b2 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 8 Feb 2024 13:58:05 +0100 Subject: [PATCH 032/305] zsh: unset empty TMP and TMPDIR this is a safety mechanism so that `/` is never used --- nix/home-manager/programs/zsh.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/nix/home-manager/programs/zsh.nix b/nix/home-manager/programs/zsh.nix index 8d2596a..abe7a5c 100644 --- a/nix/home-manager/programs/zsh.nix +++ b/nix/home-manager/programs/zsh.nix @@ -53,6 +53,15 @@ in inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")''; in '' + if test ! -n "$TMPDIR" -a -z "$TMPDIR"; then + unset TMPDIR + fi + + if test ! -n "$TMP" -a -z "$TMP"; then + unset TMP + fi + + PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}✓%f.%F{red}✗ ($?%))%f %F{blue}%~%f${inNixShell}%F{magenta}$(git_prompt_info)%f$prompt_newline%_%F{%(!.red.green)}$(prompt_char)%f ' RPROMPT="" From 7137e93805bc101a029a4af77ccab14c984e0a3c Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 8 Feb 2024 20:53:22 +0100 Subject: [PATCH 033/305] nix fmt --- flake.nix | 419 +++--- nix/devShells.nix | 9 +- .../configuration/graphical-fullblown.nix | 65 +- nix/home-manager/profiles/common.nix | 10 +- nix/home-manager/profiles/dotfiles.nix | 30 +- nix/home-manager/profiles/sway-desktop.nix | 211 ++- nix/home-manager/profiles/wayland-desktop.nix | 88 +- nix/home-manager/programs/chromium.nix | 37 +- nix/home-manager/programs/espanso.nix | 116 +- nix/home-manager/programs/pass.nix | 6 +- nix/home-manager/programs/radicale.nix | 89 +- nix/home-manager/programs/vscode/default.nix | 24 +- nix/home-manager/programs/zsh.nix | 130 +- nix/os/devices/router0-dmz0/configuration.nix | 1206 +++++++++-------- nix/os/devices/router0-dmz0/flake.nix | 43 +- .../devices/sj-bm-hostkey0/configuration.nix | 99 +- nix/os/devices/sj-srv1/configuration.nix | 11 +- nix/os/devices/sj-srv1/hw.nix | 2 +- nix/os/devices/sj-srv1/system.nix | 93 +- nix/os/devices/sj-vps-htz0/system.nix | 30 +- nix/os/devices/steveej-t14/configuration.nix | 5 +- nix/os/devices/steveej-t14/default.nix | 19 +- nix/os/devices/steveej-t14/hw.nix | 26 +- nix/os/devices/steveej-t14/pkg.nix | 52 +- nix/os/devices/steveej-t14/system.nix | 32 +- nix/os/devices/steveej-t14/user.nix | 19 +- .../steveej-x13s-rmvbl/configuration.nix | 30 +- nix/os/devices/steveej-x13s-rmvbl/default.nix | 23 +- nix/os/devices/steveej-x13s-rmvbl/disko.nix | 10 +- nix/os/devices/steveej-x13s-rmvbl/flake.nix | 151 ++- nix/os/devices/steveej-x13s/configuration.nix | 30 +- nix/os/devices/steveej-x13s/default.nix | 23 +- nix/os/devices/steveej-x13s/disko.nix | 10 +- nix/os/devices/steveej-x13s/flake.nix | 151 ++- nix/os/devices/voodoo/flake.nix | 20 +- nix/os/lib/default.nix | 69 +- nix/os/modules/hardware.thinkpad-x13s.nix | 404 +++--- nix/os/modules/opinionatedDisk.nix | 3 +- nix/os/profiles/common/configuration.nix | 17 +- nix/os/profiles/common/system.nix | 15 +- nix/os/profiles/common/user.nix | 16 +- nix/os/profiles/graphical/system.nix | 11 +- nix/os/snippets/bluetooth.nix | 9 +- nix/os/snippets/home-manager-with-zsh.nix | 22 +- nix/os/snippets/nix-settings.nix | 10 +- nix/os/snippets/radicale.nix | 30 +- nix/os/snippets/sway-desktop.nix | 47 +- nix/os/snippets/timezone.nix | 8 +- nix/pkgs/logseq/default.nix | 56 +- 49 files changed, 2034 insertions(+), 2002 deletions(-) diff --git a/flake.nix b/flake.nix index 96acff4..2538a15 100644 --- a/flake.nix +++ b/flake.nix @@ -75,7 +75,6 @@ flake = false; }; - ### inputs for thinkpad x13s # see https://github.com/jhovold/linux/wiki/X13s for status updates linux_x13s.url = "github:jhovold/linux/wip/sc8280xp-v6.7"; @@ -91,242 +90,236 @@ url = "git+https://codeberg.org/adamcstephens/stop-export.git"; }; - # alsa-ucm-conf = { # flake = false; # url = "github:alsa-project/alsa-ucm-conf/master"; # }; - logseq_0_10_5_aarch64_appimage = { flake = false; url = "https://www.stefanjunker.de/downloads/Logseq-0.10.5.AppImage"; }; }; - outputs = - inputs @ { self - , flake-parts - , nixpkgs - , ... - }: - let - inherit (nixpkgs) lib; + outputs = inputs @ { + self, + flake-parts, + nixpkgs, + ... + }: let + inherit (nixpkgs) lib; - systems = [ - "x86_64-linux" - "aarch64-linux" - ]; - in - flake-parts.lib.mkFlake { inherit inputs; } - ({ withSystem, ... }: { - flake.colmena = - lib.lists.foldl (sum: cur: lib.attrsets.recursiveUpdate sum cur) - { - meta.nixpkgs = import inputs.nixpkgs.outPath { - system = builtins.elemAt systems 0; - }; - } - # FIXME: this doesn't seem to work to apply overlays into a node's nixpkgs import - # try this instead: https://github.com/zhaofengli/colmena/issues/60#issuecomment-1510496861 - (builtins.map - (nodeName: - import ./nix/os/devices/${nodeName} { - inherit nodeName; - repoFlake = self; - repoFlakeWithSystem = withSystem; - nodeFlake = self.inputs.get-flake ./nix/os/devices/${nodeName}; - }) [ - "steveej-t14" - "steveej-x13s" - "steveej-x13s-rmvbl" - # "elias-e525" - # "justyna-p300" + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; + in + flake-parts.lib.mkFlake {inherit inputs;} + ({withSystem, ...}: { + flake.colmena = + lib.lists.foldl (sum: cur: lib.attrsets.recursiveUpdate sum cur) + { + meta.nixpkgs = import inputs.nixpkgs.outPath { + system = builtins.elemAt systems 0; + }; + } + # FIXME: this doesn't seem to work to apply overlays into a node's nixpkgs import + # try this instead: https://github.com/zhaofengli/colmena/issues/60#issuecomment-1510496861 + (builtins.map + (nodeName: + import ./nix/os/devices/${nodeName} { + inherit nodeName; + repoFlake = self; + repoFlakeWithSystem = withSystem; + nodeFlake = self.inputs.get-flake ./nix/os/devices/${nodeName}; + }) [ + "steveej-t14" + "steveej-x13s" + "steveej-x13s-rmvbl" + # "elias-e525" + # "justyna-p300" - # "srv0-dmz0" - # # "router0-dmz0" + # "srv0-dmz0" + # # "router0-dmz0" - "sj-srv1" - "sj-bm-hostkey0" + "sj-srv1" + "sj-bm-hostkey0" - # "retro" - ]); + # "retro" + ]); - # this makes nixos-anywhere work - flake.nixosConfigurations = - let - colmenaHive = (inputs.colmena.lib.makeHive self.outputs.colmena).nodes; - router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations; - retro = (inputs.get-flake ./nix/os/devices/retro).nixosConfigurations; - in - ( - colmenaHive // + # this makes nixos-anywhere work + flake.nixosConfigurations = let + colmenaHive = (inputs.colmena.lib.makeHive self.outputs.colmena).nodes; + router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations; + retro = (inputs.get-flake ./nix/os/devices/retro).nixosConfigurations; + in ( + colmenaHive + // { + router0-dmz0 = router0-dmz0.native; - { - router0-dmz0 = router0-dmz0.native; + # for now deploy directly with: + # nixos-rebuild switch --flake .\#router0-dmz0_cross --build-host localhost --target-host root@192.168.10.1 + router0-dmz0_cross = router0-dmz0.cross; - # for now deploy directly with: - # nixos-rebuild switch --flake .\#router0-dmz0_cross --build-host localhost --target-host root@192.168.10.1 - router0-dmz0_cross = router0-dmz0.cross; + # nixos-install --flake .\#retro_cross + retro_cross = retro.cross; - # nixos-install --flake .\#retro_cross - retro_cross = retro.cross; + steveej-x13s_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations.cross; + steveej-x13s-rmvbl_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s-rmvbl).nixosConfigurations.cross; + } + ); - steveej-x13s_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations.cross; - steveej-x13s-rmvbl_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s-rmvbl).nixosConfigurations.cross; - } - ); + inherit systems; - inherit systems; + perSystem = { + self', + inputs', + system, + config, + lib, + pkgs, + ... + }: { + imports = [ + ./nix/modules/flake-parts/perSystem/default.nix + ]; - perSystem = - { self' - , inputs' - , system - , config - , lib - , pkgs - , ... - }: { - imports = [ - ./nix/modules/flake-parts/perSystem/default.nix + packages = let + dcpj4110dw = pkgs.callPackage (self + /nix/pkgs/dcpj4110dw) {}; + + craneLib = + inputs.crane.lib.${system}.overrideToolchain + inputs'.fenix.packages.stable.toolchain; + + craneLibOfiPass = + inputs.crane.lib.${system}.overrideToolchain + ( + inputs'.fenix.packages.stable.toolchain + # .override { + # date = "1.60.0"; + # } + ); + in { + dcpj4110dwDriver = dcpj4110dw.driver; + dcpj4110dwCupswrapper = dcpj4110dw.cupswrapper; + + # broken as of 2023-04-27 because it doesn't load without a config + # aphorme_launcher = craneLib.buildPackage {src = inputs.aphorme_launcher;}; + # yofi = inputs'.yofi.packages.default; + # ofi-pass = craneLibOfiPass.buildPackage {src = inputs.ofi-pass;}; + + inherit (inputs'.colmena.packages) colmena; + + # jay = pkgs.callPackage (self + /nix/pkgs/jay.nix) { + # src = inputs.jay; + # rustPlatform = pkgs.makeRustPlatform { + # cargo = inputs'.fenix.packages.stable.toolchain; + # rustc = inputs'.fenix.packages.stable.toolchain; + # }; + # }; + + salut = craneLib.buildPackage { + src = inputs.salut; + nativeBuildInputs = [ + pkgs.pkg-config + ]; + buildInputs = [ + pkgs.libxkbcommon + pkgs.fontconfig ]; - - packages = - let - dcpj4110dw = pkgs.callPackage (self + /nix/pkgs/dcpj4110dw) { }; - - craneLib = - inputs.crane.lib.${system}.overrideToolchain - inputs'.fenix.packages.stable.toolchain; - - craneLibOfiPass = - inputs.crane.lib.${system}.overrideToolchain - ( - inputs'.fenix.packages.stable.toolchain - # .override { - # date = "1.60.0"; - # } - ); - in - { - dcpj4110dwDriver = dcpj4110dw.driver; - dcpj4110dwCupswrapper = dcpj4110dw.cupswrapper; - - # broken as of 2023-04-27 because it doesn't load without a config - # aphorme_launcher = craneLib.buildPackage {src = inputs.aphorme_launcher;}; - # yofi = inputs'.yofi.packages.default; - # ofi-pass = craneLibOfiPass.buildPackage {src = inputs.ofi-pass;}; - - inherit (inputs'.colmena.packages) colmena; - - # jay = pkgs.callPackage (self + /nix/pkgs/jay.nix) { - # src = inputs.jay; - # rustPlatform = pkgs.makeRustPlatform { - # cargo = inputs'.fenix.packages.stable.toolchain; - # rustc = inputs'.fenix.packages.stable.toolchain; - # }; - # }; - - salut = craneLib.buildPackage { - src = inputs.salut; - nativeBuildInputs = [ - pkgs.pkg-config - ]; - buildInputs = [ - pkgs.libxkbcommon - pkgs.fontconfig - ]; - }; - - prs = pkgs.callPackage - ({ pkgs - , dbus - , glib - , gpgme - , gtk3 - , libxcb - , libxkbcommon - , installShellFiles - , pkg-config - , python3 - }: craneLib.buildPackage { - pname = "prs"; - version = inputs.prs.shortRev; - src = inputs.prs; - nativeBuildInputs = [ gpgme installShellFiles pkg-config python3 ]; - - buildInputs = [ - dbus - glib - gpgme - gtk3 - libxcb - libxkbcommon - ]; - - cargoExtraArgs = "--features backend-gpgme"; - - postInstall = '' - for shell in bash fish zsh; do - installShellCompletion --cmd prs --$shell <($out/bin/prs internal completions $shell --stdout) - done - ''; - }) - { }; - - nomad = inputs'.nixpkgs-unstable-small.legacyPackages.nomad_1_6; - - ledger-live-desktop-wrapped = pkgs.writeShellScriptBin "ledger-live-desktop-wrapped" '' - set -x - pkill -9 wayland-proxy-v - export NIXOS_OZONE_WL="" - ${pkgs.wayland-proxy-virtwl}/bin/wayland-proxy-virtwl \ - --wayland-display=wayland-3 \ - --xwayland-binary=${pkgs.xwayland}/bin/Xwayland \ - --x-display=3 \ - & - # --x-unscale=3 \ - #--verbose \ - - export PROXYPID="$!" - - trap "kill -9 \$PROXYPID" EXIT - # trap "pkill -9 wayland-proxy-v" EXIT - - env \ - WAYLAND_DISPLAY=wayland-3 \ - DISPLAY=:3 \ - ledger-live-desktop - ''; - - syncthing-container-webui = pkgs.writeShellScriptBin "reverse-port-forward-syncthing-container" '' - ssh root@${self.colmena.sj-vps-htz0.deployment.targetHost} -L 8385:syncthing.containers:8384 - ''; - - logseq = pkgs.callPackage ./nix/pkgs/logseq - (lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 { - overrideSrc = self.inputs.logseq_0_10_5_aarch64_appimage; - }); - }; - - formatter = pkgs.alejandra; - - devShells = - let - all = import ./nix/devShells.nix { - inherit - self' - inputs' - pkgs - ; - }; - in - (all // { default = all.develop; }); }; - flake.nixosModules = { - # thinkpad-x13s = { pkgs, config, lib, options, ... } @ args: (import ./nix/os/modules/hardware.thinkpad-x13s.nix (args // { inherit self; })); + prs = + pkgs.callPackage + ({ + pkgs, + dbus, + glib, + gpgme, + gtk3, + libxcb, + libxkbcommon, + installShellFiles, + pkg-config, + python3, + }: + craneLib.buildPackage { + pname = "prs"; + version = inputs.prs.shortRev; + src = inputs.prs; + nativeBuildInputs = [gpgme installShellFiles pkg-config python3]; + + buildInputs = [ + dbus + glib + gpgme + gtk3 + libxcb + libxkbcommon + ]; + + cargoExtraArgs = "--features backend-gpgme"; + + postInstall = '' + for shell in bash fish zsh; do + installShellCompletion --cmd prs --$shell <($out/bin/prs internal completions $shell --stdout) + done + ''; + }) + {}; + + nomad = inputs'.nixpkgs-unstable-small.legacyPackages.nomad_1_6; + + ledger-live-desktop-wrapped = pkgs.writeShellScriptBin "ledger-live-desktop-wrapped" '' + set -x + pkill -9 wayland-proxy-v + export NIXOS_OZONE_WL="" + ${pkgs.wayland-proxy-virtwl}/bin/wayland-proxy-virtwl \ + --wayland-display=wayland-3 \ + --xwayland-binary=${pkgs.xwayland}/bin/Xwayland \ + --x-display=3 \ + & + # --x-unscale=3 \ + #--verbose \ + + export PROXYPID="$!" + + trap "kill -9 \$PROXYPID" EXIT + # trap "pkill -9 wayland-proxy-v" EXIT + + env \ + WAYLAND_DISPLAY=wayland-3 \ + DISPLAY=:3 \ + ledger-live-desktop + ''; + + syncthing-container-webui = pkgs.writeShellScriptBin "reverse-port-forward-syncthing-container" '' + ssh root@${self.colmena.sj-vps-htz0.deployment.targetHost} -L 8385:syncthing.containers:8384 + ''; + + logseq = + pkgs.callPackage ./nix/pkgs/logseq + (lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 { + overrideSrc = self.inputs.logseq_0_10_5_aarch64_appimage; + }); }; - }); + + formatter = pkgs.alejandra; + + devShells = let + all = import ./nix/devShells.nix { + inherit + self' + inputs' + pkgs + ; + }; + in (all // {default = all.develop;}); + }; + + flake.nixosModules = { + # thinkpad-x13s = { pkgs, config, lib, options, ... } @ args: (import ./nix/os/modules/hardware.thinkpad-x13s.nix (args // { inherit self; })); + }; + }); } diff --git a/nix/devShells.nix b/nix/devShells.nix index ebd879b..4cac540 100644 --- a/nix/devShells.nix +++ b/nix/devShells.nix @@ -1,9 +1,8 @@ -{ self' -, inputs' -, pkgs -}: - { + self', + inputs', + pkgs, +}: { install = pkgs.mkShell { name = "infra-install"; packages = with pkgs; [ diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 750140a..632cf0f 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -1,16 +1,15 @@ -{ pkgs -, lib -, config -, # these come in via home-manager.extraSpecialArgs and are specific to each node - nodeFlake -, packages' -, ... -}: -let - # pkgsMaster = nodeFlake.inputs.nixpkgs-master.legacyPackages.${pkgs.system}; - pkgsUnstableSmall = import nodeFlake.inputs.nixpkgs-unstable-small { inherit (pkgs) system config; }; -in { + pkgs, + lib, + config, + # these come in via home-manager.extraSpecialArgs and are specific to each node + nodeFlake, + packages', + ... +}: let + # pkgsMaster = nodeFlake.inputs.nixpkgs-master.legacyPackages.${pkgs.system}; + pkgsUnstableSmall = import nodeFlake.inputs.nixpkgs-unstable-small {inherit (pkgs) system config;}; +in { imports = [ ../profiles/common.nix # ../profiles/dotfiles.nix @@ -37,7 +36,7 @@ in home.sessionVariables.HM_CONFIG = "graphical-fullblown"; home.sessionVariables.GOPATH = "$HOME/src/go"; - home.sessionVariables.PATH = pkgs.lib.concatStringsSep ":" [ "$HOME/.local/bin" "$PATH" ]; + home.sessionVariables.PATH = pkgs.lib.concatStringsSep ":" ["$HOME/.local/bin" "$PATH"]; nixpkgs.config.permittedInsecurePackages = [ "electron-24.8.6" @@ -45,7 +44,7 @@ in ]; home.packages = - [ ] + [] ++ (with pkgs; [ # Authentication # cacert @@ -114,26 +113,24 @@ in let version = "6.44.0"; in - pkgsUnstableSmall.signal-desktop.overrideAttrs (old: - lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 { - inherit version; - src = builtins.fetchurl - { - url = "https://github.com/0mniteck/Signal-Desktop-Mobian/raw/master/builds/release/signal-desktop_${version}_arm64.deb"; - sha256 = - # lib.fakeSha256 - "sha256:0svb5vz08n3j4lx4kdjmx5lw9619kvvxg981rs6chh83qz5y519k" - ; - } - ; - }) + pkgsUnstableSmall.signal-desktop.overrideAttrs (old: + lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 { + inherit version; + src = + builtins.fetchurl + { + url = "https://github.com/0mniteck/Signal-Desktop-Mobian/raw/master/builds/release/signal-desktop_${version}_arm64.deb"; + sha256 = + # lib.fakeSha256 + "sha256:0svb5vz08n3j4lx4kdjmx5lw9619kvvxg981rs6chh83qz5y519k"; + }; + }) ) thunderbird # gnome.cheese - # Virtualization # virtmanager @@ -141,8 +138,6 @@ in remmina # freerdp - - # Audio/Video Players ffmpeg vlc @@ -193,7 +188,6 @@ in # mendeley evince - # File Synchronzation maestral rsync @@ -208,7 +202,6 @@ in # gparted # smartmontools - ## Python # packages'.myPython @@ -257,9 +250,10 @@ in # '') ]) ++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [ - ]) + ]) ++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [ - (pkgs.banana-accounting.overrideDerivation + ( + pkgs.banana-accounting.overrideDerivation (attrs: with nodeFlake.inputs'.nixpkgs-2211.legacyPackages; { # dontWrapGApps = true; @@ -300,8 +294,7 @@ in pkgs.discord pkgsUnstableSmall.session-desktop pkgsUnstableSmall.rustdesk - ]) - ; + ]); systemd.user.startServices = true; services.syncthing.enable = true; diff --git a/nix/home-manager/profiles/common.nix b/nix/home-manager/profiles/common.nix index 4ea2e6c..9df371b 100644 --- a/nix/home-manager/profiles/common.nix +++ b/nix/home-manager/profiles/common.nix @@ -1,4 +1,8 @@ -{ pkgs, lib, ... }: { +{ + pkgs, + lib, + ... +}: { # TODO: re-enable this with the appropriate version? # programs.home-manager.enable = true; # programs.home-manager.path = https://github.com/rycee/home-manager/archive/445c0b1482c38172a9f8294ee16a7ca7462388e5.tar.gz; @@ -8,7 +12,7 @@ allowBroken = false; allowUnfree = true; - permittedInsecurePackages = [ ]; + permittedInsecurePackages = []; }; home.keyboard = { @@ -32,7 +36,7 @@ programs.fzf.enable = true; home.packages = - [ ] + [] ++ (with pkgs; [ coreutils diff --git a/nix/home-manager/profiles/dotfiles.nix b/nix/home-manager/profiles/dotfiles.nix index c702f82..670ea75 100644 --- a/nix/home-manager/profiles/dotfiles.nix +++ b/nix/home-manager/profiles/dotfiles.nix @@ -1,18 +1,18 @@ -{ repoFlake -, pkgs -, config -, repoHttps ? "https://gitlab.com/steveeJ/dotfiles.git" -, repoSsh ? "git@gitlab.com:/steveeJ/dotfiles.git" -, ... -}: -let +{ + repoFlake, + pkgs, + config, + repoHttps ? "https://gitlab.com/steveeJ/dotfiles.git", + repoSsh ? "git@gitlab.com:/steveeJ/dotfiles.git", + ... +}: let repoBareLocal = pkgs.runCommand "fetchbare" - { - outputHashMode = "recursive"; - outputHashAlgo = "sha256"; - outputHash = "0000000000000000000000000000000000000000000000000000"; - } '' + { + outputHashMode = "recursive"; + outputHashAlgo = "sha256"; + outputHash = "0000000000000000000000000000000000000000000000000000"; + } '' ( set -xe export GIT_SSL_CAINFO=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt @@ -39,9 +39,7 @@ let set_remotes ${repoHttps} ${repoSsh} fi ''; - -in -{ +in { # TODO: fix the dotfiles # home.activation.vcsh = config.lib.dag.entryAfter["linkGeneration"] '' # $DRY_RUN_CMD ${vcshActivationScript} diff --git a/nix/home-manager/profiles/sway-desktop.nix b/nix/home-manager/profiles/sway-desktop.nix index a30fb64..284a8a1 100644 --- a/nix/home-manager/profiles/sway-desktop.nix +++ b/nix/home-manager/profiles/sway-desktop.nix @@ -1,19 +1,18 @@ -{ pkgs -, config -, lib -, # packages', - repoFlakeInputs' -, ... -}: -let - inherit (import ../lib.nix { }) mkSimpleTrayService; +{ + pkgs, + config, + lib, + # packages', + repoFlakeInputs', + ... +}: let + inherit (import ../lib.nix {}) mkSimpleTrayService; lockCmd = "${pkgs.swaylock}/bin/swaylock -efF --color '#000000'"; displayOffCmd = "${pkgs.sway}/bin/swaymsg 'output * power off'"; displayOnCmd = "${pkgs.sway}/bin/swaymsg 'output * power on'"; swapOutputWorkspaces = ../../../scripts/sway-swapoutputworkspaces.sh; -in -{ +in { imports = [ ../profiles/wayland-desktop.nix ../programs/waybar.nix @@ -86,106 +85,104 @@ in systemd.enable = true; xwayland = true; - config = - let - modifier = "Mod4"; - inherit (config.wayland.windowManager.sway.config) left right up down; - in - { - inherit modifier; - bars = [ ]; + config = let + modifier = "Mod4"; + inherit (config.wayland.windowManager.sway.config) left right up down; + in { + inherit modifier; + bars = []; - input = { - "type:keyboard" = - { - xkb_layout = config.home.keyboard.layout; - xkb_variant = config.home.keyboard.variant; - } - // lib.attrsets.optionalAttrs (builtins.length (config.home.keyboard.options or [ ]) > 0) { - xkb_options = builtins.concatStringsSep "," config.home.keyboard.options; - }; - - "type:touchpad" = { - natural_scroll = "enabled"; + input = { + "type:keyboard" = + { + xkb_layout = config.home.keyboard.layout; + xkb_variant = config.home.keyboard.variant; + } + // lib.attrsets.optionalAttrs (builtins.length (config.home.keyboard.options or []) > 0) { + xkb_options = builtins.concatStringsSep "," config.home.keyboard.options; }; + + "type:touchpad" = { + natural_scroll = "enabled"; }; - - keybindings = lib.mkOptionDefault { - # as of 2023-05-21 the `!!` arg parsing mode was broken for me on yofi - # "${modifier}+d" = "exec ${packages'.yofi}/bin/yofi binapps"; - "${modifier}+d" = "exec ${pkgs.fuzzel}/bin/fuzzel --show-actions"; - - # only 1-9 exist on the default config - "${modifier}+0" = "workspace number 0"; - "${modifier}+Shift+0" = "move container to workspace number 0"; - - # disable splitting for now as i sometimes trigger it accidentally and then get stuck with it - "${modifier}+b" = "nop"; - "${modifier}+v" = "nop"; - - # move workspace to output - "${modifier}+Control+Shift+${left}" = "move workspace to output left"; - "${modifier}+Control+Shift+${right}" = "move workspace to output right"; - "${modifier}+Control+Shift+${up}" = "move workspace to output up"; - "${modifier}+Control+Shift+${down}" = "move workspace to output down"; - # move workspace to output with arrow keys - "${modifier}+Control+Shift+Left" = "move workspace to output left"; - "${modifier}+Control+Shift+Right" = "move workspace to output right"; - "${modifier}+Control+Shift+Up" = "move workspace to output up"; - "${modifier}+Control+Shift+Down" = "move workspace to output down"; - - "${modifier}+Shift+e" = "exec ${pkgs.sway}/bin/swaymsg exit"; - "${modifier}+q" = "kill"; - "${modifier}+Shift+q" = "exec ${pkgs.sway}/bin/swaymsg -t get_tree | ${pkgs.jq}/bin/jq 'recurse(.nodes[], .floating_nodes[]) | select(.focused).pid' | ${pkgs.findutils}/bin/xargs -L1 kill -9"; - - "${modifier}+x" = "exec ${swapOutputWorkspaces}"; - - "${modifier}+Ctrl+l" = "exec ${lockCmd}"; - - "--locked XF86AudioPlay" = "exec ${pkgs.playerctl}/bin/playerctl play-pause"; - "XF86AudioPrev" = "exec ${pkgs.playerctl}/bin/playerctl previous"; - "XF86AudioNext" = "exec ${pkgs.playerctl}/bin/playerctl next"; - - "XF86AudioRaiseVolume" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --change-volume +5"; - "XF86AudioLowerVolume" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --change-volume -5"; - "--locked XF86AudioMute" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --toggle-mute"; - - "Print" = "exec ${pkgs.shotman}/bin/shotman --capture region"; - }; - - terminal = "alacritty"; - startup = - [ - { - command = builtins.toString (pkgs.writeShellScript "ensure-graphical-session" '' - ( - ${pkgs.coreutils}/bin/sleep 0.2 - ${pkgs.systemd}/bin/systemctl --user restart graphical-session.target - ) & - ''); - } - ] - ++ lib.optionals config.services.swayidle.enable [ - { - command = builtins.toString (pkgs.writeShellScript "ensure-graphical-session" '' - ( - ${pkgs.coreutils}/bin/sleep 0.2 - ${pkgs.systemd}/bin/systemctl --user restart swayidle - ) & - ''); - } - ]; - - colors.focused = lib.mkOptionDefault { - childBorder = lib.mkForce "#ffa500"; - }; - - window.titlebar = false; - window.border = 4; - - # this maps to focus_on_window_activation - focus.newWindow = "urgent"; }; + + keybindings = lib.mkOptionDefault { + # as of 2023-05-21 the `!!` arg parsing mode was broken for me on yofi + # "${modifier}+d" = "exec ${packages'.yofi}/bin/yofi binapps"; + "${modifier}+d" = "exec ${pkgs.fuzzel}/bin/fuzzel --show-actions"; + + # only 1-9 exist on the default config + "${modifier}+0" = "workspace number 0"; + "${modifier}+Shift+0" = "move container to workspace number 0"; + + # disable splitting for now as i sometimes trigger it accidentally and then get stuck with it + "${modifier}+b" = "nop"; + "${modifier}+v" = "nop"; + + # move workspace to output + "${modifier}+Control+Shift+${left}" = "move workspace to output left"; + "${modifier}+Control+Shift+${right}" = "move workspace to output right"; + "${modifier}+Control+Shift+${up}" = "move workspace to output up"; + "${modifier}+Control+Shift+${down}" = "move workspace to output down"; + # move workspace to output with arrow keys + "${modifier}+Control+Shift+Left" = "move workspace to output left"; + "${modifier}+Control+Shift+Right" = "move workspace to output right"; + "${modifier}+Control+Shift+Up" = "move workspace to output up"; + "${modifier}+Control+Shift+Down" = "move workspace to output down"; + + "${modifier}+Shift+e" = "exec ${pkgs.sway}/bin/swaymsg exit"; + "${modifier}+q" = "kill"; + "${modifier}+Shift+q" = "exec ${pkgs.sway}/bin/swaymsg -t get_tree | ${pkgs.jq}/bin/jq 'recurse(.nodes[], .floating_nodes[]) | select(.focused).pid' | ${pkgs.findutils}/bin/xargs -L1 kill -9"; + + "${modifier}+x" = "exec ${swapOutputWorkspaces}"; + + "${modifier}+Ctrl+l" = "exec ${lockCmd}"; + + "--locked XF86AudioPlay" = "exec ${pkgs.playerctl}/bin/playerctl play-pause"; + "XF86AudioPrev" = "exec ${pkgs.playerctl}/bin/playerctl previous"; + "XF86AudioNext" = "exec ${pkgs.playerctl}/bin/playerctl next"; + + "XF86AudioRaiseVolume" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --change-volume +5"; + "XF86AudioLowerVolume" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --change-volume -5"; + "--locked XF86AudioMute" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --toggle-mute"; + + "Print" = "exec ${pkgs.shotman}/bin/shotman --capture region"; + }; + + terminal = "alacritty"; + startup = + [ + { + command = builtins.toString (pkgs.writeShellScript "ensure-graphical-session" '' + ( + ${pkgs.coreutils}/bin/sleep 0.2 + ${pkgs.systemd}/bin/systemctl --user restart graphical-session.target + ) & + ''); + } + ] + ++ lib.optionals config.services.swayidle.enable [ + { + command = builtins.toString (pkgs.writeShellScript "ensure-graphical-session" '' + ( + ${pkgs.coreutils}/bin/sleep 0.2 + ${pkgs.systemd}/bin/systemctl --user restart swayidle + ) & + ''); + } + ]; + + colors.focused = lib.mkOptionDefault { + childBorder = lib.mkForce "#ffa500"; + }; + + window.titlebar = false; + window.border = 4; + + # this maps to focus_on_window_activation + focus.newWindow = "urgent"; + }; }; services.swayidle = { diff --git a/nix/home-manager/profiles/wayland-desktop.nix b/nix/home-manager/profiles/wayland-desktop.nix index 298aaf5..cf77c15 100644 --- a/nix/home-manager/profiles/wayland-desktop.nix +++ b/nix/home-manager/profiles/wayland-desktop.nix @@ -1,17 +1,16 @@ -{ pkgs -, config -, lib -, repoFlake -, nodeFlake -, ... -}: -let - inherit (import ../lib.nix { }) mkSimpleTrayService; +{ + pkgs, + config, + lib, + repoFlake, + nodeFlake, + ... +}: let + inherit (import ../lib.nix {}) mkSimpleTrayService; nixpkgs-wayland' = repoFlake.inputs.nixpkgs-wayland.packages.${pkgs.system}; wayprompt = nixpkgs-wayland'.wayprompt; -in -{ +in { fonts.fontconfig.enable = true; # services.gpg-agent.pinentryFlavor = lib.mkForce null; @@ -27,43 +26,46 @@ in systemd.user.targets.tray = { Unit = { Description = "Home Manager System Tray"; - Requires = [ "graphical-session-pre.target" ]; + Requires = ["graphical-session-pre.target"]; }; }; - home.packages = with pkgs; [ - # required by network-manager-applet - pkgs.networkmanagerapplet - - wlr-randr - wayout - wl-clipboard - wmctrl - - nixpkgs-wayland'.shotman - - # identifies key input syms - wev - - # TODO: whwat's this for? - # wltype - - pavucontrol - playerctl - pasystray - qt5.qtwayland - qt6.qtwayland - # libsForQt5.qt5.qtwayland - # libsForQt6.qt6.qtwayland - - # probably required by flameshot - # xdg-desktop-portal xdg-desktop-portal-wlr - # grim - ] ++ (lib.lists.optionals (!pkgs.stdenv.isAarch64) - # TODO: broken on aarch64 + home.packages = with pkgs; [ + # required by network-manager-applet + pkgs.networkmanagerapplet + + wlr-randr + wayout + wl-clipboard + wmctrl + + nixpkgs-wayland'.shotman + + # identifies key input syms + wev + + # TODO: whwat's this for? + # wltype + + pavucontrol + playerctl + pasystray + qt5.qtwayland + qt6.qtwayland + # libsForQt5.qt5.qtwayland + # libsForQt6.qt6.qtwayland + + # probably required by flameshot + # xdg-desktop-portal xdg-desktop-portal-wlr + # grim ] - ); + ++ ( + lib.lists.optionals (!pkgs.stdenv.isAarch64) + # TODO: broken on aarch64 + [ + ] + ); home.sessionVariables = { XDG_SESSION_TYPE = "wayland"; diff --git a/nix/home-manager/programs/chromium.nix b/nix/home-manager/programs/chromium.nix index 1119653..3552e7b 100644 --- a/nix/home-manager/programs/chromium.nix +++ b/nix/home-manager/programs/chromium.nix @@ -1,16 +1,16 @@ -{ name -, lib -, pkgs -, ... -}: -let +{ + name, + lib, + pkgs, + ... +}: let extensions = [ #undetectable adblocker - { id = "gcfcpohokifjldeandkfjoboemihipmb"; } + {id = "gcfcpohokifjldeandkfjoboemihipmb";} # ublock origin - { id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } + {id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";} # # YT ad block # {id = "cmedhionkhpnakcndndgjdbohmhepckk";} @@ -19,15 +19,15 @@ let # {id = "cfhdojbkjhnklbpkdaibdccddilifddb";} # Cookie Notice Blocker - { id = "odhmfmnoejhihkmfebnolljiibpnednn"; } + {id = "odhmfmnoejhihkmfebnolljiibpnednn";} # i don't care about cookies - { id = "fihnjjcciajhdojfnbdddfaoknhalnja"; } + {id = "fihnjjcciajhdojfnbdddfaoknhalnja";} # NopeCHA - { id = "dknlfmjaanfblgfdfebhijalfmhmjjjo"; } + {id = "dknlfmjaanfblgfdfebhijalfmhmjjjo";} # h264ify - { id = "aleakchihdccplidncghkekgioiakgal"; } + {id = "aleakchihdccplidncghkekgioiakgal";} # clippy # {id = "honbeilkanbghjimjoniipnnehlmhggk"} @@ -38,20 +38,19 @@ let } # cookie autodelete - { id = "fhcgjolkccmbidfldomjliifgaodjagh"; } + {id = "fhcgjolkccmbidfldomjliifgaodjagh";} # unhook - { id = "khncfooichmfjbepaaaebmommgaepoid"; } + {id = "khncfooichmfjbepaaaebmommgaepoid";} ] ++ (lib.lists.optionals ((builtins.match "^steveej.*" name) != null) [ # Vimium C - { id = "hfjbmagddngcpeloejdejnfgbamkjaeg"; } + {id = "hfjbmagddngcpeloejdejnfgbamkjaeg";} # always right - { id = "npjpaghfnndnnmjiliibnkmdfgbojokj"; } + {id = "npjpaghfnndnnmjiliibnkmdfgbojokj";} ]); -in -{ +in { programs.chromium = { enable = true; inherit extensions; @@ -63,5 +62,5 @@ in inherit extensions; }; - programs.browserpass = { browsers = [ "chromium" "brave" ]; }; + programs.browserpass = {browsers = ["chromium" "brave"];}; } diff --git a/nix/home-manager/programs/espanso.nix b/nix/home-manager/programs/espanso.nix index 439ced1..23f727a 100644 --- a/nix/home-manager/programs/espanso.nix +++ b/nix/home-manager/programs/espanso.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: { +{pkgs, ...}: { services.espanso = { # package = pkgs.espanso.overrideAttrs(_: { # # src = @@ -10,66 +10,64 @@ # backend = "Clipboard"; }; }; - matches = - let - playerctl = '' - ${pkgs.coreutils}/bin/env DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(${pkgs.coreutils}/bin/id -u)/bus" ${pkgs.playerctl}/bin/playerctl''; - in - { - default = { - matches = [ - { - trigger = ":vpos"; - replace = "{{output}}"; - vars = [ - { - name = "output"; - type = "script"; - params = { - args = [ - (pkgs.writeScript "espanso" '' - #! ${pkgs.python3}/bin/python - import subprocess, os, math, datetime + matches = let + playerctl = '' + ${pkgs.coreutils}/bin/env DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(${pkgs.coreutils}/bin/id -u)/bus" ${pkgs.playerctl}/bin/playerctl''; + in { + default = { + matches = [ + { + trigger = ":vpos"; + replace = "{{output}}"; + vars = [ + { + name = "output"; + type = "script"; + params = { + args = [ + (pkgs.writeScript "espanso" '' + #! ${pkgs.python3}/bin/python + import subprocess, os, math, datetime - id=str(os.getuid()) - result=subprocess.run(args=["${pkgs.playerctl}/bin/playerctl", "position"], env={"DBUS_SESSION_BUS_ADDRESS": "unix:path=/run/user/"+id+"/bus"},capture_output=True) - result.check_returncode() + id=str(os.getuid()) + result=subprocess.run(args=["${pkgs.playerctl}/bin/playerctl", "position"], env={"DBUS_SESSION_BUS_ADDRESS": "unix:path=/run/user/"+id+"/bus"},capture_output=True) + result.check_returncode() - position_secs = math.trunc(float(result.stdout)) - position_human = datetime.timedelta(seconds=position_secs) - print("%s - %s" % (position_human, position_secs)) - '') - ]; - }; - } - ]; - } - { - trigger = ":vtit"; - replace = "{{output}}"; - vars = [ - { - name = "output"; - type = "script"; - params = { - args = [ - (pkgs.writeShellScript "espanso" - "${playerctl} metadata title") - ]; - }; - } - ]; - } - { - trigger = ":dunno"; - replace = "¯\\_(ツ)_/¯"; - } - { - trigger = ":shrug"; - replace = "¯\\_(ツ)_/¯"; - } - ]; - }; + position_secs = math.trunc(float(result.stdout)) + position_human = datetime.timedelta(seconds=position_secs) + print("%s - %s" % (position_human, position_secs)) + '') + ]; + }; + } + ]; + } + { + trigger = ":vtit"; + replace = "{{output}}"; + vars = [ + { + name = "output"; + type = "script"; + params = { + args = [ + (pkgs.writeShellScript "espanso" + "${playerctl} metadata title") + ]; + }; + } + ]; + } + { + trigger = ":dunno"; + replace = "¯\\_(ツ)_/¯"; + } + { + trigger = ":shrug"; + replace = "¯\\_(ツ)_/¯"; + } + ]; }; + }; }; } diff --git a/nix/home-manager/programs/pass.nix b/nix/home-manager/programs/pass.nix index a17e9a0..7c1f221 100644 --- a/nix/home-manager/programs/pass.nix +++ b/nix/home-manager/programs/pass.nix @@ -1,4 +1,8 @@ -{repoFlake, pkgs, ...}: { +{ + repoFlake, + pkgs, + ... +}: { # required by pass-otp # home.sessionVariables.PASSWORD_STORE_EXTENSIONS_DIR = "$HOME/.nix-profile/lib/password-store/extensions"; # home.sessionVariables.PASSWORD_STORE_ENABLE_EXTENSIONS = "true"; diff --git a/nix/home-manager/programs/radicale.nix b/nix/home-manager/programs/radicale.nix index 1a89d95..207b9e6 100644 --- a/nix/home-manager/programs/radicale.nix +++ b/nix/home-manager/programs/radicale.nix @@ -1,10 +1,10 @@ -{ config -, lib -, pkgs -, osConfig -, ... -}: -let +{ + config, + lib, + pkgs, + osConfig, + ... +}: let libdecsync = pkgs.python3Packages.buildPythonPackage rec { pname = "libdecsync"; version = "2.2.1"; @@ -38,53 +38,50 @@ let # pkgs.libxcrypt ]; - propagatedBuildInputs = [ libdecsync pkgs.python3Packages.setuptools ]; + propagatedBuildInputs = [libdecsync pkgs.python3Packages.setuptools]; }; radicale-decsync = pkgs.radicale.overrideAttrs (old: { propagatedBuildInputs = old.propagatedBuildInputs - ++ [ radicale-storage-decsync ]; + ++ [radicale-storage-decsync]; }); - mkRadicaleService = - { suffix - , port - , - }: - let - radicale-config = pkgs.writeText "radicale-config-${suffix}" '' - [server] - hosts = localhost:${builtins.toString port} + mkRadicaleService = { + suffix, + port, + }: let + radicale-config = pkgs.writeText "radicale-config-${suffix}" '' + [server] + hosts = localhost:${builtins.toString port} - [auth] - type = htpasswd - htpasswd_filename = ${osConfig.sops.secrets.radicale_htpasswd.path} - htpasswd_encryption = bcrypt + [auth] + type = htpasswd + htpasswd_filename = ${osConfig.sops.secrets.radicale_htpasswd.path} + htpasswd_encryption = bcrypt - [storage] - type = radicale_storage_decsync - filesystem_folder = ${config.xdg.dataHome}/radicale/radicale-${suffix} - decsync_dir = ${config.xdg.dataHome}/decsync/decsync-${suffix} - ''; - in - { - systemd.user.services."radicale-${suffix}" = { - Unit.Description = "Radicale with DecSync (${suffix})"; - Service = { - ExecStart = "${radicale-decsync}/bin/radicale -C ${radicale-config}"; - Restart = "on-failure"; - }; - Install.WantedBy = [ "default.target" ]; + [storage] + type = radicale_storage_decsync + filesystem_folder = ${config.xdg.dataHome}/radicale/radicale-${suffix} + decsync_dir = ${config.xdg.dataHome}/decsync/decsync-${suffix} + ''; + in { + systemd.user.services."radicale-${suffix}" = { + Unit.Description = "Radicale with DecSync (${suffix})"; + Service = { + ExecStart = "${radicale-decsync}/bin/radicale -C ${radicale-config}"; + Restart = "on-failure"; }; + Install.WantedBy = ["default.target"]; }; + }; in -builtins.foldl' (sum: cur: lib.recursiveUpdate sum (mkRadicaleService cur)) { } [ - { - suffix = "personal"; - port = 5232; - } - { - suffix = "family"; - port = 5233; - } -] + builtins.foldl' (sum: cur: lib.recursiveUpdate sum (mkRadicaleService cur)) {} [ + { + suffix = "personal"; + port = 5232; + } + { + suffix = "family"; + port = 5233; + } + ] diff --git a/nix/home-manager/programs/vscode/default.nix b/nix/home-manager/programs/vscode/default.nix index 417db07..a0c0d76 100644 --- a/nix/home-manager/programs/vscode/default.nix +++ b/nix/home-manager/programs/vscode/default.nix @@ -1,17 +1,21 @@ -{ pkgs, nodeFlake, ... }: { + pkgs, + nodeFlake, + ... +}: { programs.vscode = { enable = true; package = pkgs.vscodium; - extensions = [ - # TODO: how can i install (this) vsix(s) directly? - # (builtins.fetchurl { - # # https://open-vsx.org/extension/jeanp413/open-remote-ssh - # url = "https://open-vsx.org/api/jeanp413/open-remote-ssh/0.0.45/file/jeanp413.open-remote-ssh-0.0.45.vsix"; - # sha256 = "1qc1qsahfx1nvznq4adplx63w5d94xhafngv76vnqjjbzhv991v2"; - # }) - ] ++ (with pkgs.vscode-extensions; + extensions = [ + # TODO: how can i install (this) vsix(s) directly? + # (builtins.fetchurl { + # # https://open-vsx.org/extension/jeanp413/open-remote-ssh + # url = "https://open-vsx.org/api/jeanp413/open-remote-ssh/0.0.45/file/jeanp413.open-remote-ssh-0.0.45.vsix"; + # sha256 = "1qc1qsahfx1nvznq4adplx63w5d94xhafngv76vnqjjbzhv991v2"; + # }) + ] + ++ (with pkgs.vscode-extensions; [ bbenoist.nix eamodio.gitlens mkhl.direnv @@ -34,7 +38,7 @@ mutableExtensionsDir = true; }; - home.packages = [ pkgs.nixpkgs-fmt pkgs.alejandra ]; + home.packages = [pkgs.nixpkgs-fmt pkgs.alejandra]; } # TODO: automate ### original list: diff --git a/nix/home-manager/programs/zsh.nix b/nix/home-manager/programs/zsh.nix index abe7a5c..40e603d 100644 --- a/nix/home-manager/programs/zsh.nix +++ b/nix/home-manager/programs/zsh.nix @@ -1,30 +1,29 @@ -{ config -, lib -, pkgs -, ... -}: -let - just-plugin = - let - plugin_file = pkgs.writeText "_just" '' - #compdef just - #autload +{ + config, + lib, + pkgs, + ... +}: let + just-plugin = let + plugin_file = pkgs.writeText "_just" '' + #compdef just + #autload - alias justl="\just --list" - alias juste="\just --evaluate" + alias justl="\just --list" + alias juste="\just --evaluate" - local subcmds=() + local subcmds=() - while read -r line ; do - if [[ ! $line == Available* ]] ; - then - subcmds+=(''${line/[[:space:]]*\#/:}) - fi - done < <(just --list) + while read -r line ; do + if [[ ! $line == Available* ]] ; + then + subcmds+=(''${line/[[:space:]]*\#/:}) + fi + done < <(just --list) - _describe 'command' subcmds - ''; - in + _describe 'command' subcmds + ''; + in pkgs.stdenv.mkDerivation { name = "just-completions"; version = "0.1.0"; @@ -36,8 +35,7 @@ let chmod --recursive a-w $out ''; }; -in -{ +in { programs.zsh = { enable = true; @@ -48,58 +46,56 @@ in # will be called again by oh-my-zsh enableCompletion = false; enableAutosuggestions = true; - initExtra = - let - inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")''; - in - '' - if test ! -n "$TMPDIR" -a -z "$TMPDIR"; then - unset TMPDIR - fi + initExtra = let + inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")''; + in '' + if test ! -n "$TMPDIR" -a -z "$TMPDIR"; then + unset TMPDIR + fi - if test ! -n "$TMP" -a -z "$TMP"; then - unset TMP - fi + if test ! -n "$TMP" -a -z "$TMP"; then + unset TMP + fi - PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}✓%f.%F{red}✗ ($?%))%f %F{blue}%~%f${inNixShell}%F{magenta}$(git_prompt_info)%f$prompt_newline%_%F{%(!.red.green)}$(prompt_char)%f ' - RPROMPT="" + PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}✓%f.%F{red}✗ ($?%))%f %F{blue}%~%f${inNixShell}%F{magenta}$(git_prompt_info)%f$prompt_newline%_%F{%(!.red.green)}$(prompt_char)%f ' + RPROMPT="" - # Automatic rehash - zstyle ':completion:*' rehash true + # Automatic rehash + zstyle ':completion:*' rehash true - if [ -f $HOME/.shrc.d/sh_aliases ]; then - . $HOME/.shrc.d/sh_aliases - fi + if [ -f $HOME/.shrc.d/sh_aliases ]; then + . $HOME/.shrc.d/sh_aliases + fi - ${ - if builtins.hasAttr "homeshick" pkgs - then '' - source ${pkgs.homeshick}/homeshick.sh - fpath=(${pkgs.homeshick}/completions $fpath) - '' - else "" - } + ${ + if builtins.hasAttr "homeshick" pkgs + then '' + source ${pkgs.homeshick}/homeshick.sh + fpath=(${pkgs.homeshick}/completions $fpath) + '' + else "" + } - # Disable intercepting of ctrl-s and ctrl-q as flow control. - stty stop ''' -ixoff -ixon + # Disable intercepting of ctrl-s and ctrl-q as flow control. + stty stop ''' -ixoff -ixon - # don't cd into directories when executed - unsetopt AUTO_CD + # don't cd into directories when executed + unsetopt AUTO_CD - # print lines without termination - setopt PROMPT_CR - setopt PROMPT_SP - export PROMPT_EOL_MARK="" + # print lines without termination + setopt PROMPT_CR + setopt PROMPT_SP + export PROMPT_EOL_MARK="" - ${lib.optionalString config.services.gpg-agent.enable '' - export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh" - ''} + ${lib.optionalString config.services.gpg-agent.enable '' + export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh" + ''} - ${lib.optionalString config.programs.neovim.enable '' - export EDITOR="nvim" - ''} - ''; + ${lib.optionalString config.programs.neovim.enable '' + export EDITOR="nvim" + ''} + ''; plugins = [ { @@ -132,7 +128,7 @@ in oh-my-zsh = { enable = true; theme = "tjkirch"; - plugins = [ "git" "sudo" ]; + plugins = ["git" "sudo"]; }; }; } diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 9256425..366c640 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -1,14 +1,14 @@ -{ repoFlake -, pkgs -, lib -, config -, nodeFlake -, nodeName -, localDomainName -, system -, ... -}: -let +{ + repoFlake, + pkgs, + lib, + config, + nodeFlake, + nodeName, + localDomainName, + system, + ... +}: let inherit (nodeFlake.inputs) bpir3 @@ -18,20 +18,23 @@ let vlanRangeStart = builtins.head vlanRange; vlanRangeEnd = builtins.elemAt vlanRange ((builtins.length vlanRange) - 1); vlanRange = builtins.map (vlanid: (lib.strings.toInt vlanid)) (builtins.attrNames vlans); - vlanRangeWith0 = [ 0 ] ++ vlanRange; + vlanRangeWith0 = [0] ++ vlanRange; - mkVlanIpv4HostAddr = { vlanid, host, thirdIpv4SegmentMin ? 20, cidr ? true }: - let - # reserve the first subnet for vlanid == 0 - # number the other subnets continously from there - offset = - if vlanid == 0 - then thirdIpv4SegmentMin - else thirdIpv4SegmentMin + 1 - vlanRangeStart; - - in + mkVlanIpv4HostAddr = { + vlanid, + host, + thirdIpv4SegmentMin ? 20, + cidr ? true, + }: let + # reserve the first subnet for vlanid == 0 + # number the other subnets continously from there + offset = + if vlanid == 0 + then thirdIpv4SegmentMin + else thirdIpv4SegmentMin + 1 - vlanRangeStart; + in builtins.concatStringsSep "." - [ "192" "168" (toString (vlanid + offset)) "${toString host}${lib.strings.optionalString cidr "/24"}" ]; + ["192" "168" (toString (vlanid + offset)) "${toString host}${lib.strings.optionalString cidr "/24"}"]; defaultVlan = { name = "${localDomainName}"; @@ -58,32 +61,33 @@ let "15".packet_priority = -10; }; - vlansByName = lib.attrsets.mapAttrs' - (vlanid': attrs: - lib.attrsets.nameValuePair + vlansByName = + lib.attrsets.mapAttrs' + ( + vlanid': attrs: + lib.attrsets.nameValuePair attrs.name - (attrs // { id = lib.strings.toInt vlanid'; id' = vlanid'; }) + (attrs + // { + id = lib.strings.toInt vlanid'; + id' = vlanid'; + }) ) vlans; - getVlanDomain = { vlanid }: + getVlanDomain = {vlanid}: if vlanid == 0 - then - defaultVlan.name - else - vlans."${toString vlanid}".name + "." + defaultVlan.name - ; + then defaultVlan.name + else vlans."${toString vlanid}".name + "." + defaultVlan.name; bridgeInterfaceName = "br-lan"; - mkInterfaceName = { vlanid }: + mkInterfaceName = {vlanid}: if vlanid == 0 then bridgeInterfaceName - else "${bridgeInterfaceName}.${toString vlanid}" - ; + else "${bridgeInterfaceName}.${toString vlanid}"; exposedHost = "sj-srv1.dmz.internal"; -in -{ +in { imports = [ repoFlake.inputs.sops-nix.nixosModules.sops @@ -122,8 +126,8 @@ in sops.secrets.passwords-root.neededForUsers = true; - sops.secrets.wlan0_saePasswordsFile = { }; - sops.secrets.wlan0_wpaPskFile = { }; + sops.secrets.wlan0_saePasswordsFile = {}; + sops.secrets.wlan0_wpaPskFile = {}; } ]; @@ -179,324 +183,355 @@ in # https://github.com/thelegy/nixos-nftables-firewall/tree/main # TODO: configure packet_priority for VLANs (see https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains#Base_chain_priority, https://wiki.nftables.org/wiki-nftables/index.php/Setting_packet_metainformation#packet_priority) - nftables = - { - enable = true; - stopRuleset = ""; + nftables = { + enable = true; + stopRuleset = ""; - chains = { - prerouting = { - "exposeHost" = { - after = [ "hook" ]; - rules = - let - wanInterfaces = builtins.concatStringsSep ", " config.networking.nftables.firewall.zones.wan.interfaces; - in - # TODO: if this hostname doesn't resolve it'll break the whole ruleset - [ - "iifname { ${wanInterfaces} } tcp dport 220 redirect to 22" - "iifname { ${wanInterfaces} } dnat ip to ${exposedHost}" - ]; - }; + chains = { + prerouting = { + "exposeHost" = { + after = ["hook"]; + rules = let + wanInterfaces = builtins.concatStringsSep ", " config.networking.nftables.firewall.zones.wan.interfaces; + in + # TODO: if this hostname doesn't resolve it'll break the whole ruleset + [ + "iifname { ${wanInterfaces} } tcp dport 220 redirect to 22" + "iifname { ${wanInterfaces} } dnat ip to ${exposedHost}" + ]; }; }; + }; - firewall = { - enable = true; - zones = { - lan.interfaces = [ (mkInterfaceName { vlanid = 0; }) ]; - vlan.interfaces = builtins.map (vlanid: (mkInterfaceName { inherit vlanid; })) vlanRange; + firewall = { + enable = true; + zones = + { + lan.interfaces = [(mkInterfaceName {vlanid = 0;})]; + vlan.interfaces = builtins.map (vlanid: (mkInterfaceName {inherit vlanid;})) vlanRange; # lan.ipv4Addresses = ["192.168.0.0/16"]; - wan.interfaces = [ "wan" "lan0" ]; - } // + wan.interfaces = ["wan" "lan0"]; + } + // # generate a zone for each vlan lib.attrsets.mapAttrs - (key: value: { - interfaces = [ (mkInterfaceName { vlanid = value.id; }) ]; - }) - vlansByName - ; - rules = - let - ipv6IcmpTypes = [ - "destination-unreachable" - "echo-reply" - "echo-request" - "packet-too-big" - "parameter-problem" - "time-exceeded" + (key: value: { + interfaces = [(mkInterfaceName {vlanid = value.id;})]; + }) + vlansByName; + rules = let + ipv6IcmpTypes = [ + "destination-unreachable" + "echo-reply" + "echo-request" + "packet-too-big" + "parameter-problem" + "time-exceeded" - # Without the nd-* ones ipv6 will not work. - "nd-neighbor-solicit" - "nd-router-advert" - "nd-neighbor-advert" + # Without the nd-* ones ipv6 will not work. + "nd-neighbor-solicit" + "nd-router-advert" + "nd-neighbor-advert" + ]; + ipv4IcmpTypes = [ + "destination-unreachable" + "echo-reply" + "echo-request" + "source-quench" + "time-exceeded" + "router-advertisement" + ]; + allowIcmpLines = [ + "ip protocol icmp icmp type { ${builtins.concatStringsSep ", " ipv4IcmpTypes} } accept" + "ip6 nexthdr icmpv6 icmpv6 type { ${builtins.concatStringsSep ", " ipv6IcmpTypes} } accept" + ]; + in { + fw = { + from = ["fw"]; + verdict = "accept"; + }; + + office-to-dmz = { + from = ["office"]; + to = ["dmz"]; + verdict = "accept"; + }; + + lan-to-fw = { + from = ["lan"]; + to = ["fw" "lan"]; + verdict = "accept"; + }; + + lan-to-wan = { + from = ["lan"]; + to = ["wan"]; + verdict = "accept"; + }; + + vlan-to-wan = { + from = ["vlan"]; + to = ["wan"]; + verdict = "accept"; + }; + + vlan-to-fw = { + allowedUDPPortRanges = [ + { + from = 67; + to = 68; + } + { + from = 53; + to = 53; + } + ]; + allowedTCPPortRanges = [ + { + from = 22; + to = 22; + } + { + from = 53; + to = 53; + } + { + from = 5201; + to = 5201; + } + ]; + from = ["vlan"]; + to = ["fw"]; + extraLines = + allowIcmpLines + ++ [ + "drop" ]; - ipv4IcmpTypes = [ - "destination-unreachable" - "echo-reply" - "echo-request" - "source-quench" - "time-exceeded" - "router-advertisement" + }; + + to-wan-nat = { + from = ["lan" "vlan"]; + to = ["wan"]; + masquerade = true; + verdict = "accept"; + }; + + wan-to-dmz = { + from = ["wan"]; + to = ["dmz"]; + verdict = "accept"; + }; + + wan-to-fw = { + from = ["wan"]; + to = ["fw"]; + allowedTCPPortRanges = [ + { + from = 22; + to = 22; + } + ]; + extraLines = + allowIcmpLines + ++ [ + "drop" ]; - allowIcmpLines = [ - "ip protocol icmp icmp type { ${builtins.concatStringsSep ", " ipv4IcmpTypes} } accept" - "ip6 nexthdr icmpv6 icmpv6 type { ${builtins.concatStringsSep ", " ipv6IcmpTypes} } accept" - ]; - in - { - fw = { - from = [ "fw" ]; - verdict = "accept"; - }; - - office-to-dmz = { - from = [ "office" ]; - to = [ "dmz" ]; - verdict = "accept"; - }; - - lan-to-fw = { - from = [ "lan" ]; - to = [ "fw" "lan" ]; - verdict = "accept"; - }; - - lan-to-wan = { - from = [ "lan" ]; - to = [ "wan" ]; - verdict = "accept"; - }; - - vlan-to-wan = { - from = [ "vlan" ]; - to = [ "wan" ]; - verdict = "accept"; - }; - - vlan-to-fw = { - allowedUDPPortRanges = [ - { from = 67; to = 68; } - { from = 53; to = 53; } - ]; - allowedTCPPortRanges = [ - { from = 22; to = 22; } - { from = 53; to = 53; } - { from = 5201; to = 5201; } - ]; - from = [ "vlan" ]; - to = [ "fw" ]; - extraLines = allowIcmpLines ++ [ - "drop" - ]; - }; - - to-wan-nat = { - from = [ "lan" "vlan" ]; - to = [ "wan" ]; - masquerade = true; - verdict = "accept"; - }; - - wan-to-dmz = { - from = [ "wan" ]; - to = [ "dmz" ]; - verdict = "accept"; - }; - - wan-to-fw = { - from = [ "wan" ]; - to = [ "fw" ]; - allowedTCPPortRanges = [ - { - from = 22; - to = 22; - } - ]; - extraLines = allowIcmpLines ++ [ - "drop" - ]; - }; - }; + }; }; }; + }; }; systemd.network = { wait-online.anyInterface = true; - netdevs = { - # Create the bridge interface - "20-${bridgeInterfaceName}" = { - netdevConfig = { - Kind = "bridge"; - Name = bridgeInterfaceName; + netdevs = + { + # Create the bridge interface + "20-${bridgeInterfaceName}" = { + netdevConfig = { + Kind = "bridge"; + Name = bridgeInterfaceName; + }; + + extraConfig = '' + [Bridge] + STP=yes + VLANFiltering=yes + VLANProtocol=802.1q + DefaultPVID=0 + ''; }; - - extraConfig = '' - [Bridge] - STP=yes - VLANFiltering=yes - VLANProtocol=802.1q - DefaultPVID=0 - ''; - }; - - } - # generate the vlan devices. these will be tagged on the main bridge - // builtins.foldl' + } + # generate the vlan devices. these will be tagged on the main bridge + // builtins.foldl' (acc: cur: acc // cur) - { } - (builtins.map - ({ vlanid, vlanid' }: { - "20-${mkInterfaceName { inherit vlanid; }}" = { + {} + ( + builtins.map + ({ + vlanid, + vlanid', + }: { + "20-${mkInterfaceName {inherit vlanid;}}" = { netdevConfig = { Kind = "vlan"; - Name = "${mkInterfaceName { inherit vlanid; }}"; + Name = "${mkInterfaceName {inherit vlanid;}}"; }; vlanConfig.Id = vlanid; }; }) - (builtins.map - (vlanid: { inherit vlanid; vlanid' = builtins.toString vlanid; }) + ( + builtins.map + (vlanid: { + inherit vlanid; + vlanid' = builtins.toString vlanid; + }) vlanRange ) - ) - ; - networks = { - # use lan0 as secondary WAN interface - "10-lan0-wan" = { - matchConfig.Name = "lan0"; - networkConfig = { - # start a DHCP Client for IPv4 Addressing/Routing - DHCP = "ipv4"; - # accept Router Advertisements for Stateless IPv6 Autoconfiguraton (SLAAC) - IPv6AcceptRA = true; - DNSOverTLS = true; - DNSSEC = true; - IPv6PrivacyExtensions = false; - IPForward = true; + ); + networks = + { + # use lan0 as secondary WAN interface + "10-lan0-wan" = { + matchConfig.Name = "lan0"; + networkConfig = { + # start a DHCP Client for IPv4 Addressing/Routing + DHCP = "ipv4"; + # accept Router Advertisements for Stateless IPv6 Autoconfiguraton (SLAAC) + IPv6AcceptRA = true; + DNSOverTLS = true; + DNSSEC = true; + IPv6PrivacyExtensions = false; + IPForward = true; + }; + # Don't wait for it as it also would wait for wlan and DFS which takes around 5 min + linkConfig.RequiredForOnline = "no"; }; - # Don't wait for it as it also would wait for wlan and DFS which takes around 5 min - linkConfig.RequiredForOnline = "no"; - }; - "10-wan" = { - matchConfig.Name = "wan"; - networkConfig = { - # start a DHCP Client for IPv4 Addressing/Routing - DHCP = "ipv4"; - # accept Router Advertisements for Stateless IPv6 Autoconfiguraton (SLAAC) - IPv6AcceptRA = true; - DNSOverTLS = true; - DNSSEC = true; - IPv6PrivacyExtensions = false; - IPForward = true; + "10-wan" = { + matchConfig.Name = "wan"; + networkConfig = { + # start a DHCP Client for IPv4 Addressing/Routing + DHCP = "ipv4"; + # accept Router Advertisements for Stateless IPv6 Autoconfiguraton (SLAAC) + IPv6AcceptRA = true; + DNSOverTLS = true; + DNSSEC = true; + IPv6PrivacyExtensions = false; + IPForward = true; + }; + # make routing on this interface a dependency for network-online.target + linkConfig.RequiredForOnline = "routable"; }; - # make routing on this interface a dependency for network-online.target - linkConfig.RequiredForOnline = "routable"; - }; - # Connect the bridge ports to the bridge - "30-lan1" = { - matchConfig.Name = "lan1"; - networkConfig = { - Bridge = bridgeInterfaceName; - ConfigureWithoutCarrier = true; + # Connect the bridge ports to the bridge + "30-lan1" = { + matchConfig.Name = "lan1"; + networkConfig = { + Bridge = bridgeInterfaceName; + ConfigureWithoutCarrier = true; + }; + linkConfig.RequiredForOnline = "enslaved"; + + bridgeVLANs = [ + { + bridgeVLANConfig = { + VLAN = vlansByName.dmz.id; + PVID = vlansByName.dmz.id; + EgressUntagged = vlansByName.dmz.id; + }; + } + ]; }; - linkConfig.RequiredForOnline = "enslaved"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - VLAN = vlansByName.dmz.id; - PVID = vlansByName.dmz.id; - EgressUntagged = vlansByName.dmz.id; - }; - } - ]; - }; + "30-lan2" = { + matchConfig.Name = "lan2"; + networkConfig = { + Bridge = bridgeInterfaceName; + ConfigureWithoutCarrier = true; + }; + linkConfig.RequiredForOnline = "enslaved"; - "30-lan2" = { - matchConfig.Name = "lan2"; - networkConfig = { - Bridge = bridgeInterfaceName; - ConfigureWithoutCarrier = true; + bridgeVLANs = [ + { + bridgeVLANConfig = { + VLAN = vlansByName.office.id; + PVID = vlansByName.office.id; + EgressUntagged = vlansByName.office.id; + }; + } + ]; }; - linkConfig.RequiredForOnline = "enslaved"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - VLAN = vlansByName.office.id; - PVID = vlansByName.office.id; - EgressUntagged = vlansByName.office.id; - }; - } - ]; - }; + "30-lan3" = { + matchConfig.Name = "lan3"; + networkConfig = { + Bridge = bridgeInterfaceName; + ConfigureWithoutCarrier = true; + }; + linkConfig.RequiredForOnline = "enslaved"; - "30-lan3" = { - matchConfig.Name = "lan3"; - networkConfig = { - Bridge = bridgeInterfaceName; - ConfigureWithoutCarrier = true; + bridgeVLANs = [ + { + bridgeVLANConfig = { + VLAN = "${toString vlanRangeStart}-${toString vlanRangeEnd}"; + }; + } + ]; }; - linkConfig.RequiredForOnline = "enslaved"; + # Configure the bridge for its desired function + "40-${bridgeInterfaceName}" = { + matchConfig.Name = bridgeInterfaceName; + bridgeConfig = {}; + address = [ + (mkVlanIpv4HostAddr { + vlanid = 0; + host = 1; + }) + ]; + networkConfig = { + ConfigureWithoutCarrier = true; + }; + # Don't wait for it as it also would wait for wlan and DFS which takes around 5 min + linkConfig.RequiredForOnline = "no"; + linkConfig.ActivationPolicy = "always-up"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - VLAN = "${toString vlanRangeStart}-${toString vlanRangeEnd}"; - }; - } - ]; - }; - # Configure the bridge for its desired function - "40-${bridgeInterfaceName}" = { - matchConfig.Name = bridgeInterfaceName; - bridgeConfig = { }; - address = [ - (mkVlanIpv4HostAddr { vlanid = 0; host = 1; }) - ]; - networkConfig = { - ConfigureWithoutCarrier = true; + bridgeVLANs = [ + { + bridgeVLANConfig = { + VLAN = "${toString vlanRangeStart}-${toString vlanRangeEnd}"; + }; + } + ]; + + vlan = ( + builtins.map + (vlanid: (mkInterfaceName {inherit vlanid;})) + vlanRange + ); }; - # Don't wait for it as it also would wait for wlan and DFS which takes around 5 min - linkConfig.RequiredForOnline = "no"; - linkConfig.ActivationPolicy = "always-up"; - - bridgeVLANs = [ - { - bridgeVLANConfig = { - VLAN = "${toString vlanRangeStart}-${toString vlanRangeEnd}"; - }; - } - ]; - - vlan = (builtins.map - (vlanid: (mkInterfaceName { inherit vlanid; })) - vlanRange - ); - }; - - } - - # configuration for the hostapd dynamic interfaces - # * netdev type vlan - # * host address for vlan - # * vlan config for wlan interface - // - builtins.foldl' + } + # configuration for the hostapd dynamic interfaces + # * netdev type vlan + # * host address for vlan + # * vlan config for wlan interface + // builtins.foldl' (acc: cur: acc // cur) - { } + {} (builtins.map - ({ vlanid, vlanid' }: { + ({ + vlanid, + vlanid', + }: { # configure the tagged vlan device with an address and vlan filtering. # dnsmasq is configured to serve the respective /24 range on each tagged device. # this device only receives traffic for the given vlanid and sends tagged traffic to the bridge. - "41-${mkInterfaceName { inherit vlanid; }}" = { - matchConfig.Name = "${mkInterfaceName { inherit vlanid; }}"; + "41-${mkInterfaceName {inherit vlanid;}}" = { + matchConfig.Name = "${mkInterfaceName {inherit vlanid;}}"; address = [ - (mkVlanIpv4HostAddr { inherit vlanid; host = 1; }) + (mkVlanIpv4HostAddr { + inherit vlanid; + host = 1; + }) ]; networkConfig = { ConfigureWithoutCarrier = true; @@ -538,10 +573,13 @@ in ]; }; - "50-${mkInterfaceName { inherit vlanid; }}" = { - matchConfig.Name = "${mkInterfaceName { inherit vlanid; }}"; + "50-${mkInterfaceName {inherit vlanid;}}" = { + matchConfig.Name = "${mkInterfaceName {inherit vlanid;}}"; address = [ - (mkVlanIpv4HostAddr { inherit vlanid; host = 1; }) + (mkVlanIpv4HostAddr { + inherit vlanid; + host = 1; + }) ]; networkConfig = { ConfigureWithoutCarrier = true; @@ -549,259 +587,259 @@ in linkConfig.RequiredForOnline = "no"; }; }) - (builtins.map - (vlanid: { inherit vlanid; vlanid' = builtins.toString vlanid; }) + ( + builtins.map + (vlanid: { + inherit vlanid; + vlanid' = builtins.toString vlanid; + }) vlanRange - )) - ; + )); }; # wireless access point services.hostapd = { enable = true; package = nodeFlake.packages.${system}.hostapd_patched; - radios = - let - # generated with https://miniwebtool.com/mac-address-generator/ - mkBssid = i: "34:56:ce:0f:ed:4${toString i}"; - in - { - wlan0 = { - band = "2g"; - countryCode = "CH"; - channel = 0; # ACS + radios = let + # generated with https://miniwebtool.com/mac-address-generator/ + mkBssid = i: "34:56:ce:0f:ed:4${toString i}"; + in { + wlan0 = { + band = "2g"; + countryCode = "CH"; + channel = 0; # ACS - # use 'iw phy#1 info' to determine your VHT capabilities - wifi4 = { - enable = true; - capabilities = [ "HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" ]; - }; - networks = { - wlan0 = - let - iface = "wlan0"; - in - { - ssid = "mlsia"; - bssid = mkBssid 0; + # use 'iw phy#1 info' to determine your VHT capabilities + wifi4 = { + enable = true; + capabilities = ["HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935"]; + }; + networks = { + wlan0 = let + iface = "wlan0"; + in { + ssid = "mlsia"; + bssid = mkBssid 0; - # authentication.mode = "wpa3-sae"; - authentication.mode = "wpa3-sae-transition"; + # authentication.mode = "wpa3-sae"; + authentication.mode = "wpa3-sae-transition"; - authentication.wpaPskFile = config.sops.secrets."${iface}_wpaPskFile".path; - authentication.saePasswordsFile = config.sops.secrets."${iface}_saePasswordsFile".path; + authentication.wpaPskFile = config.sops.secrets."${iface}_wpaPskFile".path; + authentication.saePasswordsFile = config.sops.secrets."${iface}_saePasswordsFile".path; - # see https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf for reference - settings = { - # bridge = bridgeInterfaceName; + # see https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf for reference + settings = { + # bridge = bridgeInterfaceName; - # wpa_psk_file = config.sops.secrets.wlan0_wpaPskFile.path; - # not yet supported on hostapd 2.10 - # sae_password_file = config.sops.secrets.wlan0_saePasswordsFile.path; + # wpa_psk_file = config.sops.secrets.wlan0_wpaPskFile.path; + # not yet supported on hostapd 2.10 + # sae_password_file = config.sops.secrets.wlan0_saePasswordsFile.path; - # enables debug logging - logger_stdout_level = lib.mkForce 0; - logger_stdout = -1; - # logger_syslog_level= lib.mkForce 0; + # enables debug logging + logger_stdout_level = lib.mkForce 0; + logger_stdout = -1; + # logger_syslog_level= lib.mkForce 0; - # resources on vlan tagging - # https://wireless.wiki.kernel.org/en/users/Documentation/hostapd#dynamic_vlan_tagging - # https://forum.openwrt.org/t/individual-per-passphrase-wifi-vlans-using-wpa-psk-file-no-radius-required/161696/4 + # resources on vlan tagging + # https://wireless.wiki.kernel.org/en/users/Documentation/hostapd#dynamic_vlan_tagging + # https://forum.openwrt.org/t/individual-per-passphrase-wifi-vlans-using-wpa-psk-file-no-radius-required/161696/4 - dynamic_vlan = 1; + dynamic_vlan = 1; - # this option currently requires a patch to hostapd - vlan_no_bridge = 1; + # this option currently requires a patch to hostapd + vlan_no_bridge = 1; - /* not used due to the above vlan_no_bridge setting + /* + not used due to the above vlan_no_bridge setting vlan_tagged_interface = bridgeInterfaceName; vlan_naming = 1; vlan_bridge = "br-${iface}."; - */ + */ - vlan_file = - let - generated = builtins.map - (vlanid: - "${builtins.toString vlanid} ${iface}.${builtins.toString vlanid}" - ) - vlanRange - ; + vlan_file = let + generated = + builtins.map + ( + vlanid: "${builtins.toString vlanid} ${iface}.${builtins.toString vlanid}" + ) + vlanRange; - wildcard = [ - # Optional wildcard entry matching all VLAN IDs. The first # in the interface - # name will be replaced with the VLAN ID. The network interfaces are created - # (and removed) dynamically based on the use. - # see https://w1.fi/cgit/hostap/tree/hostapd/hostapd.vlan - "* ${iface}.#" - ]; + wildcard = [ + # Optional wildcard entry matching all VLAN IDs. The first # in the interface + # name will be replaced with the VLAN ID. The network interfaces are created + # (and removed) dynamically based on the use. + # see https://w1.fi/cgit/hostap/tree/hostapd/hostapd.vlan + "* ${iface}.#" + ]; - file = pkgs.writeText "hostapd.vlan" - (builtins.concatStringsSep "\n" (generated ++ wildcard)); - filePath = toString file; - in - filePath; + file = + pkgs.writeText "hostapd.vlan" + (builtins.concatStringsSep "\n" (generated ++ wildcard)); + filePath = toString file; + in + filePath; - wpa_key_mgmt = lib.mkForce (builtins.concatStringsSep " " [ - "WPA-PSK" + wpa_key_mgmt = lib.mkForce (builtins.concatStringsSep " " [ + "WPA-PSK" - # TODO: the printer can't connect when this is on - # "WPA-PSK-SHA256" + # TODO: the printer can't connect when this is on + # "WPA-PSK-SHA256" - # unfortunately SAE doesn't support VLAN passwords in the way i'd like to use them - # "SAE" - ]); + # unfortunately SAE doesn't support VLAN passwords in the way i'd like to use them + # "SAE" + ]); - # wpa_psk_radius = 0; - wpa_pairwise = "CCMP"; - wmm_enabled = 1; + # wpa_psk_radius = 0; + wpa_pairwise = "CCMP"; + wmm_enabled = 1; - # IEEE 802.11i (authentication) related configuration - # Encrypt management frames to protect against deauthentication and similar attacks - ieee80211w = 1; - sae_require_mfp = 1; - sae_groups = "19 20 21"; + # IEEE 802.11i (authentication) related configuration + # Encrypt management frames to protect against deauthentication and similar attacks + ieee80211w = 1; + sae_require_mfp = 1; + sae_groups = "19 20 21"; - # [ENABLE-TLSv1.3] = enable TLSv1.3 (experimental - disabled by default) - tls_flags = "[ENABLE-TLSv1.3]"; + # [ENABLE-TLSv1.3] = enable TLSv1.3 (experimental - disabled by default) + tls_flags = "[ENABLE-TLSv1.3]"; - ieee8021x = 0; - eap_server = 0; - }; - }; - - # wlan0-1 = { - # ssid = "mlsia-testing"; - # authentication = { - # mode = "wpa3-sae-transition"; - # }; - - # bssid = mkBssid 1; - # settings = { - # bridge = bridgeInterfaceName; - # }; - # }; - - # wlan0-1 = { - # ssid = "justtestingwifi-wpa3"; - # authentication = { - # mode = "wpa3-sae"; - # saePasswordsFile = config.sops.secrets.wlan0_1_saePasswordFile.path; - # }; - - # bssid = mkBssid 1; - # settings = { - # bridge = bridgeInterfaceName; - # }; - # }; - - # Uncomment when needed otherwise remove - # wlan0-1 = { - # ssid = "koteczkowo3"; - # authentication = { - # mode = "none"; # this is overriden by settings - # }; - # managementFrameProtection = "optional"; - # bssid = "e6:02:43:07:00:00"; - # settings = { - # bridge = bridgeInterfaceName; - # wpa = lib.mkForce 2; - # wpa_key_mgmt = "WPA-PSK"; - # wpa_pairwise = "CCMP"; - # wpa_psk_file = config.sops.secrets.legacyWifiPassword.path; - # }; - # }; + ieee8021x = 0; + eap_server = 0; + }; }; + + # wlan0-1 = { + # ssid = "mlsia-testing"; + # authentication = { + # mode = "wpa3-sae-transition"; + # }; + + # bssid = mkBssid 1; + # settings = { + # bridge = bridgeInterfaceName; + # }; + # }; + + # wlan0-1 = { + # ssid = "justtestingwifi-wpa3"; + # authentication = { + # mode = "wpa3-sae"; + # saePasswordsFile = config.sops.secrets.wlan0_1_saePasswordFile.path; + # }; + + # bssid = mkBssid 1; + # settings = { + # bridge = bridgeInterfaceName; + # }; + # }; + + # Uncomment when needed otherwise remove + # wlan0-1 = { + # ssid = "koteczkowo3"; + # authentication = { + # mode = "none"; # this is overriden by settings + # }; + # managementFrameProtection = "optional"; + # bssid = "e6:02:43:07:00:00"; + # settings = { + # bridge = bridgeInterfaceName; + # wpa = lib.mkForce 2; + # wpa_key_mgmt = "WPA-PSK"; + # wpa_pairwise = "CCMP"; + # wpa_psk_file = config.sops.secrets.legacyWifiPassword.path; + # }; + # }; }; - - # wlan1 = { - # band = "5g"; - # # channels with 160 MHz width in Poland: 36, 52, 100 i 116 - # channel = 0; # ACS - # countryCode = "PL"; - - # # use 'iw phy#1 info' to determine your VHT capabilities - # wifi4 = { - # enable = true; - # capabilities = ["HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935"]; - # }; - # wifi5 = { - # enable = true; - # operatingChannelWidth = "160"; - # capabilities = ["RXLDPC" "SHORT-GI-80" "SHORT-GI-160" "TX-STBC-2BY1" "SU-BEAMFORMER" "SU-BEAMFORMEE" "MU-BEAMFORMER" "MU-BEAMFORMEE" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "SOUNDING-DIMENSION-4" "BF-ANTENNA-4" "VHT160" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7"]; - # }; - # wifi6 = { - # enable = true; - # singleUserBeamformer = true; - # singleUserBeamformee = true; - # multiUserBeamformer = true; - # operatingChannelWidth = "160"; - # }; - # settings = { - # # these two are mandatory for wifi 5 & 6 to work - # vht_oper_centr_freq_seg0_idx = 50; - # he_oper_centr_freq_seg0_idx = 50; - - # # The "tx_queue_data2_burst" parameter in Linux refers to the burst size for - # # transmitting data packets from the second data queue of a network interface. - # # It determines the number of packets that can be sent in a burst. - # # Adjusting this parameter can impact network throughput and latency. - # tx_queue_data2_burst = 2; - - # # The "he_bss_color" parameter in Wi-Fi 6 (802.11ax) refers to the BSS Color field in the HE (High Efficiency) MAC header. - # # BSS Color is a mechanism introduced in Wi-Fi 6 to mitigate interference and improve network efficiency in dense deployment scenarios. - # # It allows multiple overlapping Basic Service Sets (BSS) to differentiate and coexist in the same area without causing excessive interference. - # he_bss_color = 63; # was set to 128 by openwrt but range of possible values in 2.10 is 1-63 - - # # Magic values that were set by openwrt but I didn't bother inspecting every single one - # he_spr_sr_control = 3; - # he_default_pe_duration = 4; - # he_rts_threshold = 1023; - - # he_mu_edca_qos_info_param_count = 0; - # he_mu_edca_qos_info_q_ack = 0; - # he_mu_edca_qos_info_queue_request = 0; - # he_mu_edca_qos_info_txop_request = 0; - - # # he_mu_edca_ac_be_aci=0; missing in 2.10 - # he_mu_edca_ac_be_aifsn = 8; - # he_mu_edca_ac_be_ecwmin = 9; - # he_mu_edca_ac_be_ecwmax = 10; - # he_mu_edca_ac_be_timer = 255; - - # he_mu_edca_ac_bk_aifsn = 15; - # he_mu_edca_ac_bk_aci = 1; - # he_mu_edca_ac_bk_ecwmin = 9; - # he_mu_edca_ac_bk_ecwmax = 10; - # he_mu_edca_ac_bk_timer = 255; - - # he_mu_edca_ac_vi_ecwmin = 5; - # he_mu_edca_ac_vi_ecwmax = 7; - # he_mu_edca_ac_vi_aifsn = 5; - # he_mu_edca_ac_vi_aci = 2; - # he_mu_edca_ac_vi_timer = 255; - - # he_mu_edca_ac_vo_aifsn = 5; - # he_mu_edca_ac_vo_aci = 3; - # he_mu_edca_ac_vo_ecwmin = 5; - # he_mu_edca_ac_vo_ecwmax = 7; - # he_mu_edca_ac_vo_timer = 255; - # }; - # networks = { - # wlan1 = { - # ssid = "koteczkowo5"; - # authentication = { - # mode = "wpa3-sae"; - # saePasswordsFile = config.sops.secrets.wifiPassword.path; # Use saePasswordsFile if possible. - # }; - # bssid = "36:b9:02:21:08:a2"; - # settings = { - # bridge = bridgeInterfaceName; - # }; - # }; - # }; - # }; }; + + # wlan1 = { + # band = "5g"; + # # channels with 160 MHz width in Poland: 36, 52, 100 i 116 + # channel = 0; # ACS + # countryCode = "PL"; + + # # use 'iw phy#1 info' to determine your VHT capabilities + # wifi4 = { + # enable = true; + # capabilities = ["HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935"]; + # }; + # wifi5 = { + # enable = true; + # operatingChannelWidth = "160"; + # capabilities = ["RXLDPC" "SHORT-GI-80" "SHORT-GI-160" "TX-STBC-2BY1" "SU-BEAMFORMER" "SU-BEAMFORMEE" "MU-BEAMFORMER" "MU-BEAMFORMEE" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "SOUNDING-DIMENSION-4" "BF-ANTENNA-4" "VHT160" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7"]; + # }; + # wifi6 = { + # enable = true; + # singleUserBeamformer = true; + # singleUserBeamformee = true; + # multiUserBeamformer = true; + # operatingChannelWidth = "160"; + # }; + # settings = { + # # these two are mandatory for wifi 5 & 6 to work + # vht_oper_centr_freq_seg0_idx = 50; + # he_oper_centr_freq_seg0_idx = 50; + + # # The "tx_queue_data2_burst" parameter in Linux refers to the burst size for + # # transmitting data packets from the second data queue of a network interface. + # # It determines the number of packets that can be sent in a burst. + # # Adjusting this parameter can impact network throughput and latency. + # tx_queue_data2_burst = 2; + + # # The "he_bss_color" parameter in Wi-Fi 6 (802.11ax) refers to the BSS Color field in the HE (High Efficiency) MAC header. + # # BSS Color is a mechanism introduced in Wi-Fi 6 to mitigate interference and improve network efficiency in dense deployment scenarios. + # # It allows multiple overlapping Basic Service Sets (BSS) to differentiate and coexist in the same area without causing excessive interference. + # he_bss_color = 63; # was set to 128 by openwrt but range of possible values in 2.10 is 1-63 + + # # Magic values that were set by openwrt but I didn't bother inspecting every single one + # he_spr_sr_control = 3; + # he_default_pe_duration = 4; + # he_rts_threshold = 1023; + + # he_mu_edca_qos_info_param_count = 0; + # he_mu_edca_qos_info_q_ack = 0; + # he_mu_edca_qos_info_queue_request = 0; + # he_mu_edca_qos_info_txop_request = 0; + + # # he_mu_edca_ac_be_aci=0; missing in 2.10 + # he_mu_edca_ac_be_aifsn = 8; + # he_mu_edca_ac_be_ecwmin = 9; + # he_mu_edca_ac_be_ecwmax = 10; + # he_mu_edca_ac_be_timer = 255; + + # he_mu_edca_ac_bk_aifsn = 15; + # he_mu_edca_ac_bk_aci = 1; + # he_mu_edca_ac_bk_ecwmin = 9; + # he_mu_edca_ac_bk_ecwmax = 10; + # he_mu_edca_ac_bk_timer = 255; + + # he_mu_edca_ac_vi_ecwmin = 5; + # he_mu_edca_ac_vi_ecwmax = 7; + # he_mu_edca_ac_vi_aifsn = 5; + # he_mu_edca_ac_vi_aci = 2; + # he_mu_edca_ac_vi_timer = 255; + + # he_mu_edca_ac_vo_aifsn = 5; + # he_mu_edca_ac_vo_aci = 3; + # he_mu_edca_ac_vo_ecwmin = 5; + # he_mu_edca_ac_vo_ecwmax = 7; + # he_mu_edca_ac_vo_timer = 255; + # }; + # networks = { + # wlan1 = { + # ssid = "koteczkowo5"; + # authentication = { + # mode = "wpa3-sae"; + # saePasswordsFile = config.sops.secrets.wifiPassword.path; # Use saePasswordsFile if possible. + # }; + # bssid = "36:b9:02:21:08:a2"; + # settings = { + # bridge = bridgeInterfaceName; + # }; + # }; + # }; + # }; + }; }; services.resolved.enable = false; @@ -826,21 +864,35 @@ in local-ttl = 0; dhcp-ttl = 0; - dhcp-range = - let - mkDhcpRange = { tag, vlanid }: builtins.concatStringsSep "," [ + dhcp-range = let + mkDhcpRange = { + tag, + vlanid, + }: + builtins.concatStringsSep "," [ tag - (mkVlanIpv4HostAddr { inherit vlanid; host = 100; cidr = false; }) - (mkVlanIpv4HostAddr { inherit vlanid; host = 199; cidr = false; }) + (mkVlanIpv4HostAddr { + inherit vlanid; + host = 100; + cidr = false; + }) + (mkVlanIpv4HostAddr { + inherit vlanid; + host = 199; + cidr = false; + }) "12h" ]; - in + in builtins.map - (vlanid: - mkDhcpRange { tag = mkInterfaceName { inherit vlanid; }; inherit vlanid; } - ) - vlanRangeWith0 - ; + ( + vlanid: + mkDhcpRange { + tag = mkInterfaceName {inherit vlanid;}; + inherit vlanid; + } + ) + vlanRangeWith0; # interface = bridgeInterfaceName; # bind-interfaces = true; @@ -854,7 +906,6 @@ in # don't use /etc/hosts as this would advertise ${nodeName} as localhost no-hosts = true; - # address = "/${nodeName}.lan/${fwLanHostAddr}"; server = [ # upstream DNS servers @@ -869,33 +920,40 @@ in # "9.9.9.9" "8.8.8.8" "1.1.1.1" ]; - domain = [ - "/${getVlanDomain {vlanid = 0;}}/,local" - ] ++ builtins.map - (vlanid: - "${getVlanDomain {inherit vlanid;}},${mkVlanIpv4HostAddr { inherit vlanid; host = 0; cidr = true; }},local" + domain = + [ + "/${getVlanDomain {vlanid = 0;}}/,local" + ] + ++ builtins.map + ( + vlanid: "${getVlanDomain {inherit vlanid;}},${mkVlanIpv4HostAddr { + inherit vlanid; + host = 0; + cidr = true; + }},local" ) - vlanRangeWith0 - ; + vlanRangeWith0; # TODO: compare this to using `interface-name` - dynamic-host = [ - ] ++ builtins.map - (vlanid: - builtins.concatStringsSep "," [ - # "${getVlanDomain{inherit vlanid;}}" "0.0.0.1" (mkInterfaceName {inherit vlanid;}) - "${nodeName}.${getVlanDomain{inherit vlanid;}}" - "0.0.0.1" - (mkInterfaceName { inherit vlanid; }) - ] + dynamic-host = + [ + ] + ++ builtins.map + ( + vlanid: + builtins.concatStringsSep "," [ + # "${getVlanDomain{inherit vlanid;}}" "0.0.0.1" (mkInterfaceName {inherit vlanid;}) + "${nodeName}.${getVlanDomain {inherit vlanid;}}" + "0.0.0.1" + (mkInterfaceName {inherit vlanid;}) + ] ) - vlanRangeWith0 - ; + vlanRangeWith0; - dhcp-option-force = builtins.map - (vlanid: "${mkInterfaceName {inherit vlanid;}},option:domain-search,${getVlanDomain{inherit vlanid;}}") - vlanRangeWith0 - ; + dhcp-option-force = + builtins.map + (vlanid: "${mkInterfaceName {inherit vlanid;}},option:domain-search,${getVlanDomain {inherit vlanid;}}") + vlanRangeWith0; # auth-server = [ # (builtins.concatStringsSep "," [ @@ -928,10 +986,10 @@ in # They fail to load properly, leaving the system without working ethernet, they'll oops on # remove. MTK-DSA parts and PCIe were observed to do this. boot.initrd.includeDefaultModules = false; - boot.initrd.kernelModules = [ "rfkill" "cfg80211" "mt7915e" ]; - boot.initrd.availableKernelModules = [ "nvme" ]; + boot.initrd.kernelModules = ["rfkill" "cfg80211" "mt7915e"]; + boot.initrd.availableKernelModules = ["nvme"]; - boot.kernelParams = [ "console=ttyS0,115200" ]; + boot.kernelParams = ["console=ttyS0,115200"]; hardware.enableRedistributableFirmware = true; # Wireless hardware exists, regulatory database is essential. hardware.wirelessRegulatoryDatabase = true; diff --git a/nix/os/devices/router0-dmz0/flake.nix b/nix/os/devices/router0-dmz0/flake.nix index 494551e..22c71ae 100644 --- a/nix/os/devices/router0-dmz0/flake.nix +++ b/nix/os/devices/router0-dmz0/flake.nix @@ -19,7 +19,6 @@ bpir3.inputs.nixpkgs.follows = "nixpkgs"; - nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall"; nixos-nftables-firewall.inputs.nixpkgs.follows = "nixpkgs"; @@ -60,13 +59,17 @@ nixpkgs.lib.attrsets.recursiveUpdate attrs { - specialArgs = (import ./default.nix { - system = nativeSystem; - inherit nodeName; + specialArgs = + (import ./default.nix { + system = nativeSystem; + inherit nodeName; - repoFlake = get-flake ../../../..; - nodeFlake = self; - }).meta.nodeSpecialArgs.${nodeName}; + repoFlake = get-flake ../../../..; + nodeFlake = self; + }) + .meta + .nodeSpecialArgs + .${nodeName}; modules = [ @@ -88,7 +91,6 @@ linuxPackages_bpir3_latest ; }) - ]; } ] @@ -112,19 +114,22 @@ }; packages = let - mkPatchedHostapd = pkgs: pkgs.hostapd.overrideDerivation(attrs: { - patches = attrs.patches ++ [ - "${self.inputs.openwrt}/package/network/services/hostapd/patches/710-vlan_no_bridge.patch" - ]; - }); + mkPatchedHostapd = pkgs: + pkgs.hostapd.overrideDerivation (attrs: { + patches = + attrs.patches + ++ [ + "${self.inputs.openwrt}/package/network/services/hostapd/patches/710-vlan_no_bridge.patch" + ]; + }); in { - "${nativeSystem}" = { - hostapd_patched = mkPatchedHostapd pkgs; - }; + "${nativeSystem}" = { + hostapd_patched = mkPatchedHostapd pkgs; + }; - cross = { - hostapd_patched = mkPatchedHostapd pkgsCross; - }; + cross = { + hostapd_patched = mkPatchedHostapd pkgsCross; + }; }; }; } diff --git a/nix/os/devices/sj-bm-hostkey0/configuration.nix b/nix/os/devices/sj-bm-hostkey0/configuration.nix index f2dd56d..5c32ea3 100644 --- a/nix/os/devices/sj-bm-hostkey0/configuration.nix +++ b/nix/os/devices/sj-bm-hostkey0/configuration.nix @@ -1,13 +1,14 @@ -{ modulesPath -, repoFlake -, packages' -, pkgs -, lib -, config -, nodeFlake -, nodeName -, system -, ... +{ + modulesPath, + repoFlake, + packages', + pkgs, + lib, + config, + nodeFlake, + nodeName, + system, + ... }: { disabledModules = [ ]; @@ -34,7 +35,7 @@ inherit pkgs; }; - home-manager.users.steveej = { pkgs, ... }: { + home-manager.users.steveej = {pkgs, ...}: { imports = [ ../../../home-manager/configuration/text-minimal.nix ]; @@ -51,7 +52,7 @@ programs.zsh.enable = true; users.defaultUserShell = pkgs.zsh; - environment.pathsToLink = [ "/share/zsh" ]; + environment.pathsToLink = ["/share/zsh"]; } ]; @@ -82,54 +83,52 @@ firewall.enable = false; }; - disko.devices = - let - disk = id: { - type = "disk"; - device = "/dev/${id}"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1M"; - type = "EF02"; # for grub MBR - }; - mdadm = { - size = "100%"; - content = { - type = "mdraid"; - name = "raid0"; - }; + disko.devices = let + disk = id: { + type = "disk"; + device = "/dev/${id}"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + mdadm = { + size = "100%"; + content = { + type = "mdraid"; + name = "raid0"; }; }; }; }; - in - { - disk = { - sda = disk "sda"; - sdb = disk "sdb"; - }; - mdadm = { - raid0 = { - type = "mdadm"; - level = 0; - content = { - type = "gpt"; - partitions = { - primary = { - size = "100%"; - content = { - type = "filesystem"; - format = "btrfs"; - mountpoint = "/"; - }; + }; + in { + disk = { + sda = disk "sda"; + sdb = disk "sdb"; + }; + mdadm = { + raid0 = { + type = "mdadm"; + level = 0; + content = { + type = "gpt"; + partitions = { + primary = { + size = "100%"; + content = { + type = "filesystem"; + format = "btrfs"; + mountpoint = "/"; }; }; }; }; }; }; + }; system.stateVersion = "23.11"; diff --git a/nix/os/devices/sj-srv1/configuration.nix b/nix/os/devices/sj-srv1/configuration.nix index ff7d0a1..bada0c3 100644 --- a/nix/os/devices/sj-srv1/configuration.nix +++ b/nix/os/devices/sj-srv1/configuration.nix @@ -1,9 +1,10 @@ -{ nodeName -, config -, pkgs -, ... +{ + nodeName, + config, + pkgs, + ... }: { - disabledModules = [ ]; + disabledModules = []; imports = [ ../../profiles/common/configuration.nix { diff --git a/nix/os/devices/sj-srv1/hw.nix b/nix/os/devices/sj-srv1/hw.nix index 226275c..65a001d 100644 --- a/nix/os/devices/sj-srv1/hw.nix +++ b/nix/os/devices/sj-srv1/hw.nix @@ -43,7 +43,7 @@ in { enable = true; encrypted = false; diskId = "virtio-virtio-paeNi8Fof9Oe"; - earlyDiskIdOverride = "ata-INTEL_SSDSC2KB019TZ_PHYI315001FW1P9DGN"; + earlyDiskIdOverride = "ata-INTEL_SSDSC2KB019TZ_PHYI315001FW1P9DGN"; }; boot.initrd.kernelModules = stage1Modules; diff --git a/nix/os/devices/sj-srv1/system.nix b/nix/os/devices/sj-srv1/system.nix index d1f9774..c481d5d 100644 --- a/nix/os/devices/sj-srv1/system.nix +++ b/nix/os/devices/sj-srv1/system.nix @@ -1,12 +1,11 @@ -{ pkgs -, lib -, config -, repoFlake -, nodeName -, ... -}: - { + pkgs, + lib, + config, + repoFlake, + nodeName, + ... +}: { imports = [ ../../snippets/systemd-resolved.nix ]; @@ -28,52 +27,50 @@ networking.nat = { enable = true; - internalInterfaces = [ "ve-*" ]; + internalInterfaces = ["ve-*"]; externalInterface = "eth0"; }; # virtualization - virtualisation = { docker.enable = false; }; + virtualisation = {docker.enable = false;}; - nix.gc = { automatic = true; }; + nix.gc = {automatic = true;}; sops.secrets.restic-password.sopsFile = ../../../../secrets/${nodeName}/secrets.yaml; # adapted from https://github.com/lilyinstarlight/foosteros/blob/5c75ded111878970fd4f600c7adc013f971d5e71/config/restic.nix - services.restic.backups.${nodeName} = - let - btrfs = "${pkgs.btrfs-progs}/bin/btrfs"; - in - { - initialize = true; - repository = "sftp://u217879-sub3@u217879-sub3.your-storagebox.de:23/restic/${nodeName}"; + services.restic.backups.${nodeName} = let + btrfs = "${pkgs.btrfs-progs}/bin/btrfs"; + in { + initialize = true; + repository = "sftp://u217879-sub3@u217879-sub3.your-storagebox.de:23/restic/${nodeName}"; - paths = [ - "/backup" - ]; + paths = [ + "/backup" + ]; - pruneOpts = [ - "--keep-daily 7" - "--keep-weekly 5" - "--keep-monthly 12" - "--keep-yearly 2" - ]; + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 5" + "--keep-monthly 12" + "--keep-yearly 2" + ]; - timerConfig = { - OnCalendar = lib.mkDefault "daily"; - Persistent = true; - }; - - passwordFile = config.sops.secrets.restic-password.path; - - backupPrepareCommand = '' - ${btrfs} su snapshot -r /var/lib/container-volumes /backup/container-volumes - ''; - backupCleanupCommand = '' - ${btrfs} su delete /backup/container-volumes - ''; + timerConfig = { + OnCalendar = lib.mkDefault "daily"; + Persistent = true; }; + passwordFile = config.sops.secrets.restic-password.path; + + backupPrepareCommand = '' + ${btrfs} su snapshot -r /var/lib/container-volumes /backup/container-volumes + ''; + backupCleanupCommand = '' + ${btrfs} su delete /backup/container-volumes + ''; + }; + containers = { mailserver = import ../../containers/mailserver.nix { inherit repoFlake; @@ -89,17 +86,17 @@ webserver = import ../../containers/webserver.nix - { - inherit repoFlake; + { + inherit repoFlake; - autoStart = true; + autoStart = true; - hostAddress = "192.168.100.12"; - localAddress = "192.168.100.13"; + hostAddress = "192.168.100.12"; + localAddress = "192.168.100.13"; - httpPort = 80; - httpsPort = 443; - }; + httpPort = 80; + httpsPort = 443; + }; syncthing = import ../../containers/syncthing.nix { autoStart = true; diff --git a/nix/os/devices/sj-vps-htz0/system.nix b/nix/os/devices/sj-vps-htz0/system.nix index 43eca83..2bb6048 100644 --- a/nix/os/devices/sj-vps-htz0/system.nix +++ b/nix/os/devices/sj-vps-htz0/system.nix @@ -1,14 +1,13 @@ -{ pkgs -, lib -, config -, repoFlake -, nodeName -, ... -}: -let - wireguardPort = 51820; -in { + pkgs, + lib, + config, + repoFlake, + nodeName, + ... +}: let + wireguardPort = 51820; +in { imports = [ ../../snippets/systemd-resolved.nix ]; @@ -39,7 +38,7 @@ in "prefixLength" = 29; } ]; - ipv6.addresses = [ ]; + ipv6.addresses = []; }; networking.defaultGateway = { @@ -54,7 +53,7 @@ in networking.nat = { enable = true; - internalInterfaces = [ "ve-*" "wg*" ]; + internalInterfaces = ["ve-*" "wg*"]; externalInterface = "eth0"; }; @@ -79,7 +78,7 @@ in privateKeyFile = config.sops.secrets.wg0-private.path; peers = [ { - allowedIPs = [ "192.168.99.2/32" ]; + allowedIPs = ["192.168.99.2/32"]; publicKey = "O3k4jEdX6jkV1fHP/J8KSH5tvi+n1VvnBTD5na6Naw0="; presharedKeyFile = config.sops.secrets.wg0-psk-steveej-psk.path; } @@ -87,15 +86,14 @@ in }; # virtualization - virtualisation = { docker.enable = false; }; + virtualisation = {docker.enable = false;}; services.spice-vdagentd.enable = true; services.qemuGuest.enable = true; - nix.gc = { automatic = true; }; + nix.gc = {automatic = true;}; containers = { - }; home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { diff --git a/nix/os/devices/steveej-t14/configuration.nix b/nix/os/devices/steveej-t14/configuration.nix index 0b199cc..a094278 100644 --- a/nix/os/devices/steveej-t14/configuration.nix +++ b/nix/os/devices/steveej-t14/configuration.nix @@ -1,4 +1,4 @@ -{ ... }: { +{...}: { imports = [ ../../snippets/home-manager-with-zsh.nix ../../snippets/nix-settings-holo-chain.nix @@ -19,8 +19,7 @@ ./boot.nix # samba seerver - ({ lib, ... }: { - + ({lib, ...}: { # networking.firewall.enable = lib.mkForce false; services.samba-wsdd.enable = true; # make shares visible for windows 10 clients networking.firewall.allowedTCPPorts = [ diff --git a/nix/os/devices/steveej-t14/default.nix b/nix/os/devices/steveej-t14/default.nix index 430b017..bcb5e94 100644 --- a/nix/os/devices/steveej-t14/default.nix +++ b/nix/os/devices/steveej-t14/default.nix @@ -1,17 +1,16 @@ -{ nodeName -, repoFlake -, repoFlakeWithSystem -, nodeFlake -, ... -}: -let - system = "x86_64-linux"; -in { + nodeName, + repoFlake, + repoFlakeWithSystem, + nodeFlake, + ... +}: let + system = "x86_64-linux"; +in { meta.nodeSpecialArgs.${nodeName} = { inherit repoFlake nodeName nodeFlake; packages' = repoFlake.packages.${system}; - repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs'); + repoFlakeInputs' = repoFlakeWithSystem system ({inputs', ...}: inputs'); }; meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { diff --git a/nix/os/devices/steveej-t14/hw.nix b/nix/os/devices/steveej-t14/hw.nix index ea1352c..1b905e0 100644 --- a/nix/os/devices/steveej-t14/hw.nix +++ b/nix/os/devices/steveej-t14/hw.nix @@ -1,7 +1,5 @@ -{ lib, ... }: -let -in -{ +{lib, ...}: let +in { # TASK: new device hardware.opinionatedDisk = { enable = true; @@ -68,16 +66,16 @@ in enable = false; levels = [ # ["level auto" 0 60] - [ 0 0 60 ] - [ 1 60 65 ] - [ 1 65 75 ] - [ 2 75 78 ] - [ 3 78 80 ] - [ 4 80 82 ] - [ 5 82 84 ] - [ 6 84 86 ] - [ 7 86 88 ] - [ "level full-speed" 88 999 ] + [0 0 60] + [1 60 65] + [1 65 75] + [2 75 78] + [3 78 80] + [4 80 82] + [5 82 84] + [6 84 86] + [7 86 88] + ["level full-speed" 88 999] ]; extraArgs = [ diff --git a/nix/os/devices/steveej-t14/pkg.nix b/nix/os/devices/steveej-t14/pkg.nix index 806de3c..0cc3c04 100644 --- a/nix/os/devices/steveej-t14/pkg.nix +++ b/nix/os/devices/steveej-t14/pkg.nix @@ -1,8 +1,9 @@ -{ pkgs -, lib -, repoFlake -, nodeFlake -, ... +{ + pkgs, + lib, + repoFlake, + nodeFlake, + ... }: { system.stateVersion = "23.05"; home-manager.users.root = _: { @@ -20,7 +21,7 @@ }) ]; - home.sessionVariables = { }; + home.sessionVariables = {}; home.packages = with pkgs; [ ]; @@ -37,28 +38,26 @@ # # (regreet:505614): Gtk-WARNING **: 10:31:42.532: Theme parser warning: :6:17-18: Empty declaration # Failed to create /var/empty/.cache for shader cache (Operation not permitted)---disabling. - services.greetd = - let - # exec "${pkgs.greetd.gtkgreet}/bin/gtkgreet -l; swaymsg exit" - swayConfig = pkgs.writeText "greetd-sway-config" '' - # `-l` activates layer-shell mode. Notice that `swaymsg exit` will run after gtkgreet. - exec "dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK; ${pkgs.greetd.regreet}/bin/regreet; swaymsg exit" - bindsym Mod4+shift+e exec swaynag \ - -t warning \ - -m 'What do you want to do?' \ - -b 'Poweroff' 'systemctl poweroff' \ - -b 'Reboot' 'systemctl reboot' - ''; - in - { - enable = false; - settings = { - vt = 1; - default_session = { - command = "${pkgs.sway}/bin/sway --config ${swayConfig}"; - }; + services.greetd = let + # exec "${pkgs.greetd.gtkgreet}/bin/gtkgreet -l; swaymsg exit" + swayConfig = pkgs.writeText "greetd-sway-config" '' + # `-l` activates layer-shell mode. Notice that `swaymsg exit` will run after gtkgreet. + exec "dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK; ${pkgs.greetd.regreet}/bin/regreet; swaymsg exit" + bindsym Mod4+shift+e exec swaynag \ + -t warning \ + -m 'What do you want to do?' \ + -b 'Poweroff' 'systemctl poweroff' \ + -b 'Reboot' 'systemctl reboot' + ''; + in { + enable = false; + settings = { + vt = 1; + default_session = { + command = "${pkgs.sway}/bin/sway --config ${swayConfig}"; }; }; + }; environment.etc."greetd/environments".text = '' sway @@ -107,5 +106,4 @@ # # }; # # }; # }; - } diff --git a/nix/os/devices/steveej-t14/system.nix b/nix/os/devices/steveej-t14/system.nix index 9dc6590..4d43885 100644 --- a/nix/os/devices/steveej-t14/system.nix +++ b/nix/os/devices/steveej-t14/system.nix @@ -1,11 +1,11 @@ -{ pkgs -, lib -, config -, nodeName -, repoFlake -, ... -}: -let +{ + pkgs, + lib, + config, + nodeName, + repoFlake, + ... +}: let localTcpPorts = [ 22 @@ -21,9 +21,7 @@ let 22000 21027 ]; - -in -{ +in { nix.settings = { substituters = [ ]; @@ -41,7 +39,7 @@ in system = "x86_64-linux"; maxJobs = 32; speedFactor = 100; - supportedFeatures = repoFlake.nixosConfigurations.steveej-t14.config.nix.settings.system-features ++ [ ]; + supportedFeatures = repoFlake.nixosConfigurations.steveej-t14.config.nix.settings.system-features ++ []; } { @@ -52,7 +50,7 @@ in system = "aarch64-linux"; maxJobs = 32; speedFactor = 100; - supportedFeatures = repoFlake.nixosConfigurations.router0-dmz0.config.nix.settings.system-features ++ [ ]; + supportedFeatures = repoFlake.nixosConfigurations.router0-dmz0.config.nix.settings.system-features ++ []; } ]; @@ -61,7 +59,7 @@ in networking.extraHosts = '' ''; - networking.bridges."virbr1".interfaces = [ ]; + networking.bridges."virbr1".interfaces = []; networking.interfaces."virbr1".ipv4.addresses = [ { address = "10.254.254.254"; @@ -94,7 +92,7 @@ in # virtualization virtualisation = { - libvirtd = { enable = true; }; + libvirtd = {enable = true;}; virtualbox.host = { enable = false; @@ -112,9 +110,9 @@ in # client min protocol = NT1 ''; - security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]; + security.pki.certificateFiles = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"]; - services.xserver.videoDrivers = lib.mkForce [ "amdgpu" ]; + services.xserver.videoDrivers = lib.mkForce ["amdgpu"]; hardware.ledger.enable = true; diff --git a/nix/os/devices/steveej-t14/user.nix b/nix/os/devices/steveej-t14/user.nix index 2a83802..6068f93 100644 --- a/nix/os/devices/steveej-t14/user.nix +++ b/nix/os/devices/steveej-t14/user.nix @@ -1,20 +1,19 @@ -{ config -, pkgs -, lib -, ... -}: -let - keys = import ../../../variables/keys.nix; - inherit (pkgs.callPackage ../../lib/default.nix { }) mkUser; -in { + config, + pkgs, + lib, + ... +}: let + keys = import ../../../variables/keys.nix; + inherit (pkgs.callPackage ../../lib/default.nix {}) mkUser; +in { users.users.steveej2 = mkUser { uid = 1001; openssh.authorizedKeys.keys = keys.users.steveej.openssh; hashedPasswordFile = config.sops.secrets.sharedUsers-steveej.path; }; - nix.settings.trusted-users = [ "steveej" ]; + nix.settings.trusted-users = ["steveej"]; security.pam.u2f.enable = true; security.pam.services.steveej.u2fAuth = true; diff --git a/nix/os/devices/steveej-x13s-rmvbl/configuration.nix b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix index eae1137..6f31bc9 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/configuration.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix @@ -1,15 +1,14 @@ -{ repoFlake -, nodeFlake -, pkgs -, lib -, config -, nodeName -, localDomainName -, system -, ... -}: - { + repoFlake, + nodeFlake, + pkgs, + lib, + config, + nodeName, + localDomainName, + system, + ... +}: { nixos-x13s = { enable = true; # TODO: use hardware address @@ -42,8 +41,8 @@ echo $? ) ''; - requiredBy = [ "bluetooth.service" ]; - before = [ "bluetooth.service" ]; + requiredBy = ["bluetooth.service"]; + before = ["bluetooth.service"]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; @@ -80,7 +79,6 @@ }; } - ../../snippets/home-manager-with-zsh.nix ../../snippets/sway-desktop.nix ../../snippets/bluetooth.nix @@ -115,7 +113,7 @@ ../../../home-manager/configuration/graphical-fullblown.nix ]; - home.sessionVariables = { }; + home.sessionVariables = {}; home.packages = with pkgs; [ ]; @@ -129,7 +127,7 @@ loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = lib.mkForce false; loader.efi.efiSysMountPoint = "/boot"; - blacklistedKernelModules = [ "wwan" ]; + blacklistedKernelModules = ["wwan"]; initrd.kernelModules = [ "phy_qcom_qmp_usb" diff --git a/nix/os/devices/steveej-x13s-rmvbl/default.nix b/nix/os/devices/steveej-x13s-rmvbl/default.nix index fc3933e..fa66cf4 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/default.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/default.nix @@ -1,25 +1,26 @@ -{ system ? "aarch64-linux" -, nodeName -, repoFlake -, repoFlakeWithSystem -, nodeFlake -, localDomainName ? "internal" -, ... +{ + system ? "aarch64-linux", + nodeName, + repoFlake, + repoFlakeWithSystem, + nodeFlake, + localDomainName ? "internal", + ... }: { meta.nodeSpecialArgs.${nodeName} = { inherit repoFlake nodeName nodeFlake system; packages' = repoFlake.packages.${system}; nodePackages' = nodeFlake.packages.${system}; - repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs'); + repoFlakeInputs' = repoFlakeWithSystem system ({inputs', ...}: inputs'); inherit localDomainName; }; meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath - { - inherit system; - }; + { + inherit system; + }; ${nodeName} = { deployment.targetHost = "${nodeName}.${localDomainName}"; diff --git a/nix/os/devices/steveej-x13s-rmvbl/disko.nix b/nix/os/devices/steveej-x13s-rmvbl/disko.nix index e7e0391..e56b0d1 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/disko.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/disko.nix @@ -24,7 +24,7 @@ content = { type = "luks"; name = "x13s-usb-crypt"; - extraOpenArgs = [ ]; + extraOpenArgs = []; # disable settings.keyFile if you want to use interactive password entry #passwordFile = "/tmp/secret.key"; # Interactive settings = { @@ -36,19 +36,19 @@ # additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; content = { type = "btrfs"; - extraArgs = [ "-f" ]; + extraArgs = ["-f"]; subvolumes = { "/root" = { mountpoint = "/"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = ["compress=zstd" "noatime"]; }; "/home" = { mountpoint = "/home"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = ["compress=zstd" "noatime"]; }; "/nix" = { mountpoint = "/nix"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = ["compress=zstd" "noatime"]; }; "/swap" = { mountpoint = "/.swapvol"; diff --git a/nix/os/devices/steveej-x13s-rmvbl/flake.nix b/nix/os/devices/steveej-x13s-rmvbl/flake.nix index cf5a06e..bcc82bb 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/flake.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/flake.nix @@ -1,89 +1,92 @@ { - inputs = - { - nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; - # required for home-manager modules - nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; - nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; + # required for home-manager modules + nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; + nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; - get-flake.url = "github:ursi/get-flake"; + get-flake.url = "github:ursi/get-flake"; - disko.inputs.nixpkgs.follows = "nixpkgs"; + disko.inputs.nixpkgs.follows = "nixpkgs"; - mobile-nixos.url = "github:NixOS/mobile-nixos"; - mobile-nixos.flake = false; + mobile-nixos.url = "github:NixOS/mobile-nixos"; + mobile-nixos.flake = false; - home-manager = { - url = "github:nix-community/home-manager/release-23.11"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - nixos-x13s.url = "git+https://codeberg.org/steveej/nixos-x13s"; - nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; + home-manager = { + url = "github:nix-community/home-manager/release-23.11"; + inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = - { self - , get-flake - , nixpkgs - , ... - }: - let - system = "aarch64-linux"; - buildPlatform = "x86_64-linux"; - repoFlake = get-flake ../../../..; - in - { - lib = { - mkNixosConfiguration = { nodeName, extraModules ? [ ], ... } @ attrs: - nixpkgs.lib.nixosSystem ( - nixpkgs.lib.attrsets.recursiveUpdate - attrs - { - specialArgs = (import ./default.nix { - inherit system; - inherit nodeName repoFlake; + nixos-x13s.url = "git+https://codeberg.org/steveej/nixos-x13s"; + nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; + }; - nodeFlake = self; - }).meta.nodeSpecialArgs.${nodeName}; + outputs = { + self, + get-flake, + nixpkgs, + ... + }: let + system = "aarch64-linux"; + buildPlatform = "x86_64-linux"; + repoFlake = get-flake ../../../..; + in { + lib = { + mkNixosConfiguration = { + nodeName, + extraModules ? [], + ... + } @ attrs: + nixpkgs.lib.nixosSystem ( + nixpkgs.lib.attrsets.recursiveUpdate + attrs + { + specialArgs = + (import ./default.nix { + inherit system; + inherit nodeName repoFlake; - modules = - [ - # repoFlake.nixosModules.hardware-x13s - ] - ++ extraModules; - } - ); + nodeFlake = self; + }) + .meta + .nodeSpecialArgs + .${nodeName}; + + modules = + [ + # repoFlake.nixosModules.hardware-x13s + ] + ++ extraModules; + } + ); + }; + + nixosConfigurations = let + nodeName = "steveej-x13s-rmvbl"; + in { + native = self.lib.mkNixosConfiguration { + inherit system nodeName; + extraModules = [ + ./configuration.nix + + { + users.commonUsers.installPassword = "install"; + } + ]; }; - nixosConfigurations = - let - nodeName = "steveej-x13s-rmvbl"; - in - { - native = self.lib.mkNixosConfiguration { - inherit system nodeName; - extraModules = [ - ./configuration.nix + cross = self.lib.mkNixosConfiguration { + inherit nodeName; + extraModules = [ + ./configuration.nix - { - users.commonUsers.installPassword = "install"; - } - ]; - }; - - cross = self.lib.mkNixosConfiguration { - inherit nodeName; - extraModules = [ - ./configuration.nix - - { - nixpkgs.buildPlatform.system = buildPlatform; - nixpkgs.hostPlatform.system = system; - } - ]; - }; - }; + { + nixpkgs.buildPlatform.system = buildPlatform; + nixpkgs.hostPlatform.system = system; + } + ]; + }; }; + }; } diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index e45fc83..6d90f3d 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -1,15 +1,14 @@ -{ repoFlake -, nodeFlake -, pkgs -, lib -, config -, nodeName -, localDomainName -, system -, ... -}: - { + repoFlake, + nodeFlake, + pkgs, + lib, + config, + nodeName, + localDomainName, + system, + ... +}: { nixos-x13s = { enable = true; # TODO: use hardware address @@ -44,8 +43,8 @@ echo $? ) ''; - requiredBy = [ "bluetooth.service" ]; - before = [ "bluetooth.service" ]; + requiredBy = ["bluetooth.service"]; + before = ["bluetooth.service"]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; @@ -82,7 +81,6 @@ }; } - ../../snippets/home-manager-with-zsh.nix ../../snippets/sway-desktop.nix ../../snippets/bluetooth.nix @@ -117,7 +115,7 @@ ../../../home-manager/configuration/graphical-fullblown.nix ]; - home.sessionVariables = { }; + home.sessionVariables = {}; home.packages = with pkgs; [ ]; @@ -131,7 +129,7 @@ loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = lib.mkForce false; loader.efi.efiSysMountPoint = "/boot"; - blacklistedKernelModules = [ "wwan" ]; + blacklistedKernelModules = ["wwan"]; }; # see https://linrunner.de/tlp/ diff --git a/nix/os/devices/steveej-x13s/default.nix b/nix/os/devices/steveej-x13s/default.nix index fc3933e..fa66cf4 100644 --- a/nix/os/devices/steveej-x13s/default.nix +++ b/nix/os/devices/steveej-x13s/default.nix @@ -1,25 +1,26 @@ -{ system ? "aarch64-linux" -, nodeName -, repoFlake -, repoFlakeWithSystem -, nodeFlake -, localDomainName ? "internal" -, ... +{ + system ? "aarch64-linux", + nodeName, + repoFlake, + repoFlakeWithSystem, + nodeFlake, + localDomainName ? "internal", + ... }: { meta.nodeSpecialArgs.${nodeName} = { inherit repoFlake nodeName nodeFlake system; packages' = repoFlake.packages.${system}; nodePackages' = nodeFlake.packages.${system}; - repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs'); + repoFlakeInputs' = repoFlakeWithSystem system ({inputs', ...}: inputs'); inherit localDomainName; }; meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath - { - inherit system; - }; + { + inherit system; + }; ${nodeName} = { deployment.targetHost = "${nodeName}.${localDomainName}"; diff --git a/nix/os/devices/steveej-x13s/disko.nix b/nix/os/devices/steveej-x13s/disko.nix index 39eb9e1..973c2a4 100644 --- a/nix/os/devices/steveej-x13s/disko.nix +++ b/nix/os/devices/steveej-x13s/disko.nix @@ -24,7 +24,7 @@ content = { type = "luks"; name = "x13s-nvme-crypt"; - extraOpenArgs = [ ]; + extraOpenArgs = []; # disable settings.keyFile if you want to use interactive password entry #passwordFile = "/tmp/secret.key"; # Interactive settings = { @@ -36,19 +36,19 @@ # additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; content = { type = "btrfs"; - extraArgs = [ "-f" ]; + extraArgs = ["-f"]; subvolumes = { "/root" = { mountpoint = "/"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = ["compress=zstd" "noatime"]; }; "/home" = { mountpoint = "/home"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = ["compress=zstd" "noatime"]; }; "/nix" = { mountpoint = "/nix"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = ["compress=zstd" "noatime"]; }; "/swap" = { mountpoint = "/.swapvol"; diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 0201bb9..b0cdc09 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -1,89 +1,92 @@ { - inputs = - { - nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; - # required for home-manager modules - nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; - nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; + # required for home-manager modules + nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; + nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; - get-flake.url = "github:ursi/get-flake"; + get-flake.url = "github:ursi/get-flake"; - disko.inputs.nixpkgs.follows = "nixpkgs"; + disko.inputs.nixpkgs.follows = "nixpkgs"; - mobile-nixos.url = "github:NixOS/mobile-nixos"; - mobile-nixos.flake = false; + mobile-nixos.url = "github:NixOS/mobile-nixos"; + mobile-nixos.flake = false; - home-manager = { - url = "github:nix-community/home-manager/release-23.11"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - # nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?rev=5044811f7804e7cf83923908d1b35322f34fb3fc"; # 6.7.0-1 - nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s"; - nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; + home-manager = { + url = "github:nix-community/home-manager/release-23.11"; + inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = - { self - , get-flake - , nixpkgs - , ... - }: - let - targetPlatform = "aarch64-linux"; - buildPlatform = "x86_64-linux"; - repoFlake = get-flake ../../../..; + # nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?rev=5044811f7804e7cf83923908d1b35322f34fb3fc"; # 6.7.0-1 + nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s"; + nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; + }; - mkNixosConfiguration = { nodeName, extraModules ? [ ], ... } @ attrs: - nixpkgs.lib.nixosSystem ( - nixpkgs.lib.attrsets.recursiveUpdate - attrs - { - specialArgs = (import ./default.nix { - system = targetPlatform; - inherit nodeName repoFlake; + outputs = { + self, + get-flake, + nixpkgs, + ... + }: let + targetPlatform = "aarch64-linux"; + buildPlatform = "x86_64-linux"; + repoFlake = get-flake ../../../..; - nodeFlake = self; - }).meta.nodeSpecialArgs.${nodeName}; - - modules = - [ - # repoFlake.nixosModules.hardware-x13s - ] - ++ extraModules; - } - ); - in - { - lib = { - inherit mkNixosConfiguration; - }; - - nixosConfigurations = - let - nodeName = "steveej-x13s"; - in + mkNixosConfiguration = { + nodeName, + extraModules ? [], + ... + } @ attrs: + nixpkgs.lib.nixosSystem ( + nixpkgs.lib.attrsets.recursiveUpdate + attrs { - native = mkNixosConfiguration { - inherit nodeName; - system = targetPlatform; - extraModules = [ - ./configuration.nix - ]; - }; + specialArgs = + (import ./default.nix { + system = targetPlatform; + inherit nodeName repoFlake; - cross = mkNixosConfiguration { - inherit nodeName; - extraModules = [ - ./configuration.nix + nodeFlake = self; + }) + .meta + .nodeSpecialArgs + .${nodeName}; - { - nixpkgs.buildPlatform.system = buildPlatform; - nixpkgs.hostPlatform.system = targetPlatform; - } - ]; - }; - }; + modules = + [ + # repoFlake.nixosModules.hardware-x13s + ] + ++ extraModules; + } + ); + in { + lib = { + inherit mkNixosConfiguration; }; + + nixosConfigurations = let + nodeName = "steveej-x13s"; + in { + native = mkNixosConfiguration { + inherit nodeName; + system = targetPlatform; + extraModules = [ + ./configuration.nix + ]; + }; + + cross = mkNixosConfiguration { + inherit nodeName; + extraModules = [ + ./configuration.nix + + { + nixpkgs.buildPlatform.system = buildPlatform; + nixpkgs.hostPlatform.system = targetPlatform; + } + ]; + }; + }; + }; } diff --git a/nix/os/devices/voodoo/flake.nix b/nix/os/devices/voodoo/flake.nix index 6282785..a926349 100644 --- a/nix/os/devices/voodoo/flake.nix +++ b/nix/os/devices/voodoo/flake.nix @@ -32,13 +32,17 @@ nixpkgs.lib.attrsets.recursiveUpdate attrs { - specialArgs = (import ./default.nix { - system = targetPlatform; - inherit nodeName; + specialArgs = + (import ./default.nix { + system = targetPlatform; + inherit nodeName; - repoFlake = get-flake ../../../..; - nodeFlake = self; - }).meta.nodeSpecialArgs.${nodeName}; + repoFlake = get-flake ../../../..; + nodeFlake = self; + }) + .meta + .nodeSpecialArgs + .${nodeName}; modules = [ @@ -51,10 +55,8 @@ { nixpkgs.overlays = [ - (final: previous: - { + (final: previous: { }) - ]; } ] diff --git a/nix/os/lib/default.nix b/nix/os/lib/default.nix index 38930fe..a4dbcff 100644 --- a/nix/os/lib/default.nix +++ b/nix/os/lib/default.nix @@ -1,39 +1,38 @@ -{ lib -, config -, -}: -let - keys = import ../../variables/keys.nix; -in { - mkUser = args: lib.mkMerge [ - { - isNormalUser = true; - extraGroups = [ - "docker" - "wheel" - "libvirtd" - "networkmanager" - "vboxusers" - "users" - "input" - "audio" - "video" - "cdrom" - "adbusers" - "dialout" - "cdrom" - "fuse" - ]; - openssh.authorizedKeys.keys = keys.users.steveej.openssh; + lib, + config, +}: let + keys = import ../../variables/keys.nix; +in { + mkUser = args: + lib.mkMerge [ + { + isNormalUser = true; + extraGroups = [ + "docker" + "wheel" + "libvirtd" + "networkmanager" + "vboxusers" + "users" + "input" + "audio" + "video" + "cdrom" + "adbusers" + "dialout" + "cdrom" + "fuse" + ]; + openssh.authorizedKeys.keys = keys.users.steveej.openssh; - # TODO: investigate why this secret cannot be found - # openssh.authorizedKeys.keyFiles = [ - # config.sops.secrets.sharedSshKeys-steveej.path - # ]; - } - args - ]; + # TODO: investigate why this secret cannot be found + # openssh.authorizedKeys.keyFiles = [ + # config.sops.secrets.sharedSshKeys-steveej.path + # ]; + } + args + ]; disk = rec { # TODO: verify the GPT PARTLABEL cap at 36 chars @@ -41,7 +40,7 @@ in # LVM doesn't allow most characters in VG names # TODO: replace this with a whitelist for: [a-zA-Z0-9.-_+] - volumeGroup = diskId: builtins.replaceStrings [ ":" ] [ "" ] diskId; + volumeGroup = diskId: builtins.replaceStrings [":"] [""] diskId; # This is important at install-time bootGrubDevice = diskId: "/dev/disk/by-id/" + diskId; diff --git a/nix/os/modules/hardware.thinkpad-x13s.nix b/nix/os/modules/hardware.thinkpad-x13s.nix index df69d6c..1e7223d 100644 --- a/nix/os/modules/hardware.thinkpad-x13s.nix +++ b/nix/os/modules/hardware.thinkpad-x13s.nix @@ -1,10 +1,15 @@ -{ self, pkgs, config, lib, options, ... }: -let +{ + self, + pkgs, + config, + lib, + options, + ... +}: let # TODO: introduce options for these kernelPdMapper = true; cfg = config.hardware.thinkpad-x13s; -in -{ +in { options.hardware.thinkpad-x13s = { # TODO: respect this enable = lib.mkEnableOption "x13s hardware support"; @@ -14,223 +19,222 @@ in description = "mac address to set on boot"; }; }; - config = - let - inherit (config.boot.loader) efi; - kp = [ - { - name = "x13s-cfg"; - patch = null; - extraStructuredConfig = with lib.kernel; { - EFI_ARMSTUB_DTB_LOADER = lib.mkForce yes; - OF_OVERLAY = lib.mkForce yes; - BTRFS_FS = lib.mkForce yes; - BTRFS_FS_POSIX_ACL = lib.mkForce yes; - MEDIA_CONTROLLER = lib.mkForce yes; - SND_USB_AUDIO_USE_MEDIA_CONTROLLER = lib.mkForce yes; - SND_USB = lib.mkForce yes; - SND_USB_AUDIO = lib.mkForce module; - USB_XHCI_PCI = lib.mkForce module; - NO_HZ_FULL = lib.mkForce yes; - HZ_100 = lib.mkForce yes; - HZ_250 = lib.mkForce no; - DRM_AMDGPU = lib.mkForce no; - DRM_NOUVEAU = lib.mkForce no; - QCOM_TSENS = lib.mkForce yes; - NVMEM_QCOM_QFPROM = lib.mkForce yes; - ARM_QCOM_CPUFREQ_NVMEM = lib.mkForce yes; - VIRTIO_PCI = lib.mkForce module; - # forthcoming kernel work: QCOM_PD_MAPPER = lib.mkForce module; - }; - } - ]; + config = let + inherit (config.boot.loader) efi; + kp = [ + { + name = "x13s-cfg"; + patch = null; + extraStructuredConfig = with lib.kernel; { + EFI_ARMSTUB_DTB_LOADER = lib.mkForce yes; + OF_OVERLAY = lib.mkForce yes; + BTRFS_FS = lib.mkForce yes; + BTRFS_FS_POSIX_ACL = lib.mkForce yes; + MEDIA_CONTROLLER = lib.mkForce yes; + SND_USB_AUDIO_USE_MEDIA_CONTROLLER = lib.mkForce yes; + SND_USB = lib.mkForce yes; + SND_USB_AUDIO = lib.mkForce module; + USB_XHCI_PCI = lib.mkForce module; + NO_HZ_FULL = lib.mkForce yes; + HZ_100 = lib.mkForce yes; + HZ_250 = lib.mkForce no; + DRM_AMDGPU = lib.mkForce no; + DRM_NOUVEAU = lib.mkForce no; + QCOM_TSENS = lib.mkForce yes; + NVMEM_QCOM_QFPROM = lib.mkForce yes; + ARM_QCOM_CPUFREQ_NVMEM = lib.mkForce yes; + VIRTIO_PCI = lib.mkForce module; + # forthcoming kernel work: QCOM_PD_MAPPER = lib.mkForce module; + }; + } + ]; - qrtr = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/qrtr.nix" { }; - pd-mapper = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/pd-mapper.nix" { - inherit qrtr; - }; + qrtr = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/qrtr.nix" {}; + pd-mapper = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/pd-mapper.nix" { + inherit qrtr; + }; - - # We can't quite move to mainline linux - linux_x13s_pkg = { buildLinux, ... } @ args: - buildLinux (args // rec { + # We can't quite move to mainline linux + linux_x13s_pkg = {buildLinux, ...} @ args: + buildLinux (args + // rec { version = "6.7.0"; modDirVersion = lib.versions.pad 3 version; extraMeta.branch = lib.versions.majorMinor version; src = self.inputs.linux_x13s; - kernelPatches = (args.kernelPatches or [ ]) ++ kp; - } // (args.argsOverride or { })); + kernelPatches = (args.kernelPatches or []) ++ kp; + } + // (args.argsOverride or {})); - # we add additional configuration on top of te normal configuration above - # using the extraStructuredConfig option on the kernel patch - linux_x13s = pkgs.callPackage linux_x13s_pkg { - defconfig = "johan_defconfig"; - }; + # we add additional configuration on top of te normal configuration above + # using the extraStructuredConfig option on the kernel patch + linux_x13s = pkgs.callPackage linux_x13s_pkg { + defconfig = "johan_defconfig"; + }; - linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s; - dtbName = "sc8280xp-lenovo-thinkpad-x13s.dtb"; - dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/${dtbName}"; + linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s; + dtbName = "sc8280xp-lenovo-thinkpad-x13s.dtb"; + dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/${dtbName}"; - x13s_alsa-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs (prev: { - src = self.inputs.alsa-ucm-conf; - }); - alsa-ucm-conf-env.ALSA_CONFIG_UCM2 = "${x13s_alsa-ucm-conf}/share/alsa/ucm2"; - - in + x13s_alsa-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs (prev: { + src = self.inputs.alsa-ucm-conf; + }); + alsa-ucm-conf-env.ALSA_CONFIG_UCM2 = "${x13s_alsa-ucm-conf}/share/alsa/ucm2"; + in lib.mkIf cfg.enable - { - nixpkgs.overlays = [ - (final: prev: - { - x13s_extra-firmware = pkgs.callPackage - "${self.inputs.adamcstephens_stop-export}/hardware/x13s/extra-firmware.nix" - { }; + { + nixpkgs.overlays = [ + ( + final: prev: { + x13s_extra-firmware = + pkgs.callPackage + "${self.inputs.adamcstephens_stop-export}/hardware/x13s/extra-firmware.nix" + {}; - inherit qrtr pd-mapper; - } - ) + inherit qrtr pd-mapper; + } + ) + ]; + + # ensure the x13s' dtb file is in the boot partition + # TODO:: is this needed for the VT display somehow? + system.activationScripts.x13s-dtb = '' + in_package="${dtb}" + esp_tool_folder="${efi.efiSysMountPoint}/" + in_esp="''${esp_tool_folder}${dtbName}" + >&2 echo "Ensuring $in_esp in EFI System Partition" + if ! ${pkgs.diffutils}/bin/cmp --silent "$in_package" "$in_esp"; then + >&2 echo "Copying $in_package -> $in_esp" + mkdir -p "$esp_tool_folder" + cp "$in_package" "$in_esp" + sync + fi + ''; + + boot = { + loader.systemd-boot.enable = true; + loader.systemd-boot.extraFiles = { + "${dtbName}" = dtb; + }; + loader.efi.canTouchEfiVariables = false; + loader.efi.efiSysMountPoint = "/boot"; + + blacklistedKernelModules = ["wwan"]; + + kernelPackages = linuxPackages_x13s; + + kernelParams = [ + "dtb=${dtbName}" + + "boot.shell_on_fail" + + # jhovold recommended + "efi=noruntime" + "clk_ignore_unused" + "pd_ignore_unused" + "arm64.nopauth" + + # blacklist graphics in initrd so the firmware can load from disk + "rd.driver.blacklist=msm" ]; - # ensure the x13s' dtb file is in the boot partition - # TODO:: is this needed for the VT display somehow? - system.activationScripts.x13s-dtb = '' - in_package="${dtb}" - esp_tool_folder="${efi.efiSysMountPoint}/" - in_esp="''${esp_tool_folder}${dtbName}" - >&2 echo "Ensuring $in_esp in EFI System Partition" - if ! ${pkgs.diffutils}/bin/cmp --silent "$in_package" "$in_esp"; then - >&2 echo "Copying $in_package -> $in_esp" - mkdir -p "$esp_tool_folder" - cp "$in_package" "$in_esp" - sync - fi - ''; + initrd = { + includeDefaultModules = false; - boot = { - loader.systemd-boot.enable = true; - loader.systemd-boot.extraFiles = { - "${dtbName}" = dtb; - }; - loader.efi.canTouchEfiVariables = false; - loader.efi.efiSysMountPoint = "/boot"; + # kernelModules = [ + # "nvme" + # "phy_qcom_qmp_pcie" + # "pcie_qcom" - blacklistedKernelModules = [ "wwan" ]; + # "i2c_core" + # "i2c_hid" + # "i2c_hid_of" + # "i2c_qcom_geni" - kernelPackages = linuxPackages_x13s; + # "leds_qcom_lpg" + # "pwm_bl" + # "qrtr" + # "pmic_glink_altmode" + # "gpio_sbu_mux" + # "phy_qcom_qmp_combo" + # "gpucc_sc8280xp" + # "dispcc_sc8280xp" + # "phy_qcom_edp" + # "panel_edp" + # # "msm" - kernelParams = [ - "dtb=${dtbName}" + # ]; - "boot.shell_on_fail" + availableKernelModules = [ + "i2c_hid" + "i2c_hid_of" + "i2c_qcom_geni" + "leds_qcom_lpg" + "pwm_bl" + "qrtr" + "pmic_glink_altmode" + "gpio_sbu_mux" + "phy_qcom_qmp_combo" + "panel_edp" + # "msm" + "phy_qcom_edp" + "i2c_core" + "i2c_hid" + "i2c_hid_of" + "i2c_qcom_geni" + "pcie_qcom" + "phy_qcom_qmp_combo" + "phy_qcom_qmp_pcie" + "phy_qcom_qmp_usb" + "phy_qcom_snps_femto_v2" + "phy_qcom_usb_hs" + "nvme" - # jhovold recommended - "efi=noruntime" - "clk_ignore_unused" - "pd_ignore_unused" - "arm64.nopauth" - - # blacklist graphics in initrd so the firmware can load from disk - "rd.driver.blacklist=msm" + "usbcore" + "xhci_hcd" + "usbhid" + "usb_storage" + "uas" ]; - - initrd = { - includeDefaultModules = false; - - # kernelModules = [ - # "nvme" - # "phy_qcom_qmp_pcie" - # "pcie_qcom" - - # "i2c_core" - # "i2c_hid" - # "i2c_hid_of" - # "i2c_qcom_geni" - - # "leds_qcom_lpg" - # "pwm_bl" - # "qrtr" - # "pmic_glink_altmode" - # "gpio_sbu_mux" - # "phy_qcom_qmp_combo" - # "gpucc_sc8280xp" - # "dispcc_sc8280xp" - # "phy_qcom_edp" - # "panel_edp" - # # "msm" - - # ]; - - availableKernelModules = [ - "i2c_hid" - "i2c_hid_of" - "i2c_qcom_geni" - "leds_qcom_lpg" - "pwm_bl" - "qrtr" - "pmic_glink_altmode" - "gpio_sbu_mux" - "phy_qcom_qmp_combo" - "panel_edp" - # "msm" - "phy_qcom_edp" - "i2c_core" - "i2c_hid" - "i2c_hid_of" - "i2c_qcom_geni" - "pcie_qcom" - "phy_qcom_qmp_combo" - "phy_qcom_qmp_pcie" - "phy_qcom_qmp_usb" - "phy_qcom_snps_femto_v2" - "phy_qcom_usb_hs" - "nvme" - - "usbcore" - "xhci_hcd" - "usbhid" - "usb_storage" - "uas" - ]; - }; - }; - - - # default is performance - powerManagement.cpuFreqGovernor = "ondemand"; - - hardware.enableAllFirmware = true; - hardware.firmware = [ - # pkgs.linux-firmware - - pkgs.x13s_extra-firmware - ]; - - systemd.services.pd-mapper = { - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - ExecStart = "${lib.getExe pd-mapper}"; - Restart = "always"; - }; - }; - - environment.sessionVariables = alsa-ucm-conf-env; - systemd.user.services.pipewire.environment = alsa-ucm-conf-env; - systemd.user.services.wireplumber.environment = alsa-ucm-conf-env; - - systemd.services.bluetooth = { - serviceConfig = { - # disabled because btmgmt call hangs - ExecStartPre = [ - "" - "${pkgs.util-linux}/bin/rfkill block bluetooth" - "${pkgs.bluez5-experimental}/bin/btmgmt public-addr ${cfg.bluetoothMac}" - "${pkgs.util-linux}/bin/rfkill unblock bluetooth" - ]; - RestartSec = 5; - Restart = "on-failure"; - }; }; }; + + # default is performance + powerManagement.cpuFreqGovernor = "ondemand"; + + hardware.enableAllFirmware = true; + hardware.firmware = [ + # pkgs.linux-firmware + + pkgs.x13s_extra-firmware + ]; + + systemd.services.pd-mapper = { + wantedBy = ["multi-user.target"]; + + serviceConfig = { + ExecStart = "${lib.getExe pd-mapper}"; + Restart = "always"; + }; + }; + + environment.sessionVariables = alsa-ucm-conf-env; + systemd.user.services.pipewire.environment = alsa-ucm-conf-env; + systemd.user.services.wireplumber.environment = alsa-ucm-conf-env; + + systemd.services.bluetooth = { + serviceConfig = { + # disabled because btmgmt call hangs + ExecStartPre = [ + "" + "${pkgs.util-linux}/bin/rfkill block bluetooth" + "${pkgs.bluez5-experimental}/bin/btmgmt public-addr ${cfg.bluetoothMac}" + "${pkgs.util-linux}/bin/rfkill unblock bluetooth" + ]; + RestartSec = 5; + Restart = "on-failure"; + }; + }; + }; } diff --git a/nix/os/modules/opinionatedDisk.nix b/nix/os/modules/opinionatedDisk.nix index 5dea719..dbe449b 100644 --- a/nix/os/modules/opinionatedDisk.nix +++ b/nix/os/modules/opinionatedDisk.nix @@ -11,8 +11,7 @@ with lib; let earlyDiskId = cfg: if cfg.earlyDiskIdOverride != "" then cfg.earlyDiskIdOverride - else cfg.diskId - ; + else cfg.diskId; in { options.hardware.opinionatedDisk = { enable = mkEnableOption "Enable opinionated filesystem layout"; diff --git a/nix/os/profiles/common/configuration.nix b/nix/os/profiles/common/configuration.nix index c6ed9fb..7c1f786 100644 --- a/nix/os/profiles/common/configuration.nix +++ b/nix/os/profiles/common/configuration.nix @@ -1,10 +1,11 @@ -{ config -, pkgs -, repoFlake -, nodeFlake -, repoFlakeInputs' -, packages' -, ... +{ + config, + pkgs, + repoFlake, + nodeFlake, + repoFlakeInputs', + packages', + ... }: { imports = [ repoFlake.inputs.sops-nix.nixosModules.sops @@ -29,7 +30,7 @@ boot.tmp.useTmpfs = true; # Workaround for nm-pptp to enforce module load - boot.kernelModules = [ "nf_conntrack_proto_gre" "nf_conntrack_pptp" ]; + boot.kernelModules = ["nf_conntrack_proto_gre" "nf_conntrack_pptp"]; nixpkgs.config = { allowBroken = false; diff --git a/nix/os/profiles/common/system.nix b/nix/os/profiles/common/system.nix index 9c25dbc..f576a28 100644 --- a/nix/os/profiles/common/system.nix +++ b/nix/os/profiles/common/system.nix @@ -1,8 +1,9 @@ -{ config -, pkgs -, lib -, nodeName -, ... +{ + config, + pkgs, + lib, + nodeName, + ... }: { networking.hostName = builtins.elemAt (builtins.split "\\." nodeName) 0; # Define your hostname. networking.domain = builtins.elemAt (builtins.split "(^[^\\.]+\.)" nodeName) 2; @@ -14,11 +15,11 @@ ''; # Fonts, I18N, Date ... - fonts.packages = [ pkgs.corefonts ]; + fonts.packages = [pkgs.corefonts]; console.font = "lat9w-16"; - i18n = { defaultLocale = "en_US.UTF-8"; }; + i18n = {defaultLocale = "en_US.UTF-8";}; time.timeZone = "Etc/UTC"; services.gpm.enable = true; diff --git a/nix/os/profiles/common/user.nix b/nix/os/profiles/common/user.nix index 1b6afbd..3d74166 100644 --- a/nix/os/profiles/common/user.nix +++ b/nix/os/profiles/common/user.nix @@ -1,9 +1,9 @@ -{ config -, pkgs -, lib -, ... -}: -let +{ + config, + pkgs, + lib, + ... +}: let keys = import ../../../variables/keys.nix; inherit (import ../../lib/default.nix { @@ -16,8 +16,7 @@ let inherit (lib) types; cfg = config.users.commonUsers; -in -{ +in { options.users.commonUsers = { enable = lib.mkOption { default = true; @@ -77,7 +76,6 @@ in }) ]; - users.users.steveej = lib.mkIf cfg.enableNonRoot (mkUser (lib.mkMerge [ { uid = 1000; diff --git a/nix/os/profiles/graphical/system.nix b/nix/os/profiles/graphical/system.nix index a90c1e8..ce49500 100644 --- a/nix/os/profiles/graphical/system.nix +++ b/nix/os/profiles/graphical/system.nix @@ -1,6 +1,7 @@ -{ pkgs -, lib -, ... +{ + pkgs, + lib, + ... }: { imports = [ ../../snippets/bluetooth.nix @@ -25,7 +26,7 @@ services.pcscd.enable = true; hardware.opengl.enable = true; - services.udev.packages = [ pkgs.libu2f-host pkgs.yubikey-personalization pkgs.android-udev-rules ]; + services.udev.packages = [pkgs.libu2f-host pkgs.yubikey-personalization pkgs.android-udev-rules]; services.udev.extraRules = '' # OnePlusOne ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess" @@ -52,6 +53,6 @@ services.printing = { enable = true; - drivers = with pkgs; [ mfcl3770cdwlpr mfcl3770cdwcupswrapper ]; + drivers = with pkgs; [mfcl3770cdwlpr mfcl3770cdwcupswrapper]; }; } diff --git a/nix/os/snippets/bluetooth.nix b/nix/os/snippets/bluetooth.nix index 47c5ab5..a4cfeca 100644 --- a/nix/os/snippets/bluetooth.nix +++ b/nix/os/snippets/bluetooth.nix @@ -1,9 +1,10 @@ -{ pkgs -, lib -, ... +{ + pkgs, + lib, + ... }: { # required for running blueman-applet in user sessions - services.dbus.packages = with pkgs; [ blueman ]; + services.dbus.packages = with pkgs; [blueman]; hardware.bluetooth.enable = true; services.blueman.enable = true; } diff --git a/nix/os/snippets/home-manager-with-zsh.nix b/nix/os/snippets/home-manager-with-zsh.nix index 5bbb1e5..63f4962 100644 --- a/nix/os/snippets/home-manager-with-zsh.nix +++ b/nix/os/snippets/home-manager-with-zsh.nix @@ -1,12 +1,11 @@ -{ nodeFlake -, repoFlake -, repoFlakeInputs' -, packages' -, pkgs -, ... -}: - -let +{ + nodeFlake, + repoFlake, + repoFlakeInputs', + packages', + pkgs, + ... +}: let # TODO: make this configurable homeUser = "steveej"; commonHomeImports = [ @@ -14,8 +13,7 @@ let ../../home-manager/programs/neovim.nix ../../home-manager/programs/zsh.nix ]; -in -{ +in { imports = [ nodeFlake.inputs.home-manager.nixosModules.home-manager ]; @@ -45,5 +43,5 @@ in programs.zsh.enable = true; users.defaultUserShell = pkgs.zsh; - environment.pathsToLink = [ "/share/zsh" ]; + environment.pathsToLink = ["/share/zsh"]; } diff --git a/nix/os/snippets/nix-settings.nix b/nix/os/snippets/nix-settings.nix index f3f577b..704d69a 100644 --- a/nix/os/snippets/nix-settings.nix +++ b/nix/os/snippets/nix-settings.nix @@ -1,7 +1,8 @@ -{ nodeFlake -, pkgs -, lib -, ... +{ + nodeFlake, + pkgs, + lib, + ... }: { nix.daemonCPUSchedPolicy = "idle"; nix.daemonIOSchedClass = "idle"; @@ -25,5 +26,4 @@ ]; nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs; - } diff --git a/nix/os/snippets/radicale.nix b/nix/os/snippets/radicale.nix index 74edd68..69628bf 100644 --- a/nix/os/snippets/radicale.nix +++ b/nix/os/snippets/radicale.nix @@ -1,15 +1,13 @@ -{ config -, lib -, pkgs -, repoFlakeInputs' -, ... -}: - -let +{ + config, + lib, + pkgs, + repoFlakeInputs', + ... +}: let # TODO: make configurable homeUser = "steveej"; -in -{ +in { sops.secrets.radicale_htpasswd = { sopsFile = ../../../secrets/desktop/radicale_htpasswd; format = "binary"; @@ -19,11 +17,13 @@ in home-manager.users.${homeUser} = _: { imports = [ # TODO: bump these to latest and make it work - (args: - import ../../home-manager/programs/radicale.nix (args // { - osConfig = config; - pkgs = repoFlakeInputs'.radicalePkgs.legacyPackages; - }) + ( + args: + import ../../home-manager/programs/radicale.nix (args + // { + osConfig = config; + pkgs = repoFlakeInputs'.radicalePkgs.legacyPackages; + }) ) ]; }; diff --git a/nix/os/snippets/sway-desktop.nix b/nix/os/snippets/sway-desktop.nix index 4c51002..46c2bc0 100644 --- a/nix/os/snippets/sway-desktop.nix +++ b/nix/os/snippets/sway-desktop.nix @@ -1,14 +1,12 @@ -{ pkgs -, lib -, config -, ... -}: - -let +{ + pkgs, + lib, + config, + ... +}: let # TODO: make this configurable homeUser = "steveej"; -in -{ +in { services.xserver.serverFlagsSection = '' Option "BlankTime" "0" Option "StandbyTime" "0" @@ -30,7 +28,7 @@ in # required by swaywm security.polkit.enable = true; - security.pam.services.swaylock = { }; + security.pam.services.swaylock = {}; # test these on https://mozilla.github.io/webrtc-landing/gum_test.html xdg.portal = { @@ -54,7 +52,6 @@ in ]; }; - # rtkit is optional but recommended security.rtkit.enable = true; services.pipewire = { @@ -74,8 +71,8 @@ in # autologin steveej on tty1 # TODO: make user configurable systemd.services."autovt@tty1".description = "Autologin at the TTY1"; - systemd.services."autovt@tty1".after = [ "systemd-logind.service" ]; # without it user session not started and xorg can't be run from this tty - systemd.services."autovt@tty1".wantedBy = [ "multi-user.target" ]; + systemd.services."autovt@tty1".after = ["systemd-logind.service"]; # without it user session not started and xorg can't be run from this tty + systemd.services."autovt@tty1".wantedBy = ["multi-user.target"]; systemd.services."autovt@tty1".serviceConfig = { ExecStart = [ "" # override upstream default with an empty ExecStart @@ -85,19 +82,17 @@ in Type = "idle"; }; - programs = - let - steveejSwayOnTty1 = '' - if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then - exec sway - fi - ''; - in - { - bash.loginShellInit = steveejSwayOnTty1; - # TODO: only do this when zsh is enabled. first naiv attempt lead infinite recursion - zsh.loginShellInit = steveejSwayOnTty1; - }; + programs = let + steveejSwayOnTty1 = '' + if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then + exec sway + fi + ''; + in { + bash.loginShellInit = steveejSwayOnTty1; + # TODO: only do this when zsh is enabled. first naiv attempt lead infinite recursion + zsh.loginShellInit = steveejSwayOnTty1; + }; home-manager.users."${homeUser}" = _: { imports = [ diff --git a/nix/os/snippets/timezone.nix b/nix/os/snippets/timezone.nix index a3ebd92..25aee48 100644 --- a/nix/os/snippets/timezone.nix +++ b/nix/os/snippets/timezone.nix @@ -1,9 +1,5 @@ -{ lib, ... }: - -let +{lib, ...}: let passwords = import ../../variables/passwords.crypt.nix; - -in -{ +in { time.timeZone = lib.mkDefault passwords.timeZone.stefan; } diff --git a/nix/pkgs/logseq/default.nix b/nix/pkgs/logseq/default.nix index 40cc9cd..c1dffd0 100644 --- a/nix/pkgs/logseq/default.nix +++ b/nix/pkgs/logseq/default.nix @@ -1,30 +1,30 @@ -{ lib -, stdenv -, fetchurl -, appimageTools -, makeWrapper - # graphs will not sync without matching upstream's major electron version -, electron_27 -, git -, nix-update-script -, overrideSrc ? null -}: - -stdenv.mkDerivation (finalAttrs: -let - inherit (finalAttrs) pname version src appimageContents; - -in { + lib, + stdenv, + fetchurl, + appimageTools, + makeWrapper, + # graphs will not sync without matching upstream's major electron version + electron_27, + git, + nix-update-script, + overrideSrc ? null, +}: +stdenv.mkDerivation (finalAttrs: let + inherit (finalAttrs) pname version src appimageContents; +in { pname = "logseq"; version = "0.10.5"; - src = if overrideSrc != null then overrideSrc else - (fetchurl { - url = "https://github.com/logseq/logseq/releases/download/${version}/logseq-linux-x64-${version}.AppImage"; - hash = "sha256-F3YbqgvL04P0nXaIVkJlCq/z8hUE0M0UutkBs2omuBE="; - name = "${pname}-${version}.AppImage"; - }); + src = + if overrideSrc != null + then overrideSrc + else + (fetchurl { + url = "https://github.com/logseq/logseq/releases/download/${version}/logseq-linux-x64-${version}.AppImage"; + hash = "sha256-F3YbqgvL04P0nXaIVkJlCq/z8hUE0M0UutkBs2omuBE="; + name = "${pname}-${version}.AppImage"; + }); appimageContents = appimageTools.extract { inherit pname src version; @@ -34,7 +34,7 @@ in dontConfigure = true; dontBuild = true; - nativeBuildInputs = [ makeWrapper ]; + nativeBuildInputs = [makeWrapper]; installPhase = '' runHook preInstall @@ -67,17 +67,17 @@ in --set "LOCAL_GIT_DIRECTORY" ${git} \ --add-flags $out/share/${pname}/resources/app \ --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \ - --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ stdenv.cc.cc.lib ]}" + --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [stdenv.cc.cc.lib]}" ''; - passthru.updateScript = nix-update-script { }; + passthru.updateScript = nix-update-script {}; meta = { description = "A local-first, non-linear, outliner notebook for organizing and sharing your personal knowledge base"; homepage = "https://github.com/logseq/logseq"; changelog = "https://github.com/logseq/logseq/releases/tag/${version}"; license = lib.licenses.agpl3Plus; - maintainers = with lib.maintainers; [ ]; - platforms = [ "x86_64-linux" "aarch64-linux" ]; + maintainers = with lib.maintainers; []; + platforms = ["x86_64-linux" "aarch64-linux"]; }; }) From b090d151887090bb88cfa1bbeccc205e9faa2843 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 8 Feb 2024 20:57:55 +0100 Subject: [PATCH 034/305] remove obsolete nix/sources.* --- nix/sources.json | 14 --- nix/sources.nix | 260 ----------------------------------------------- 2 files changed, 274 deletions(-) delete mode 100644 nix/sources.json delete mode 100644 nix/sources.nix diff --git a/nix/sources.json b/nix/sources.json deleted file mode 100644 index 49bfd31..0000000 --- a/nix/sources.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "nixpkgs": { - "branch": "release-22.05", - "description": "Nix Packages collection", - "homepage": "https://github.com/NixOS/nixpkgs", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "26fe7618c7efbbfe28db9a52a21fb87e67ebaf06", - "sha256": "0wi8l10zn808psf0i7ka3ifpx46vdv2fkq3hcb9d5m72fv64vznr", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/26fe7618c7efbbfe28db9a52a21fb87e67ebaf06.tar.gz", - "url_template": "https://github.com///archive/.tar.gz" - } -} diff --git a/nix/sources.nix b/nix/sources.nix deleted file mode 100644 index 87a7093..0000000 --- a/nix/sources.nix +++ /dev/null @@ -1,260 +0,0 @@ -# This file has been generated by Niv. -let - # - # The fetchers. fetch_ fetches specs of type . - # - fetch_file = pkgs: name: spec: let - name' = sanitizeName name + "-src"; - in - if spec.builtin or true - then - builtins_fetchurl - { - inherit (spec) url sha256; - name = name'; - } - else - pkgs.fetchurl { - inherit (spec) url sha256; - name = name'; - }; - - fetch_tarball = pkgs: name: spec: let - name' = sanitizeName name + "-src"; - in - if spec.builtin or true - then - builtins_fetchTarball - { - name = name'; - inherit (spec) url sha256; - } - else - pkgs.fetchzip { - name = name'; - inherit (spec) url sha256; - }; - - fetch_git = name: spec: let - ref = - if spec ? ref - then spec.ref - else if spec ? branch - then "refs/heads/${spec.branch}" - else if spec ? tag - then "refs/tags/${spec.tag}" - else - abort - "In git source '${name}': Please specify `ref`, `tag` or `branch`!"; - submodules = - if spec ? submodules - then spec.submodules - else false; - submoduleArg = let - nixSupportsSubmodules = - builtins.compareVersions builtins.nixVersion "2.4" >= 0; - emptyArgWithWarning = - if submodules == true - then - builtins.trace - (''The niv input "${name}" uses submodules '' - + "but your nix's (${builtins.nixVersion}) builtins.fetchGit " - + "does not support them") - {} - else {}; - in - if nixSupportsSubmodules - then { - inherit submodules; - } - else emptyArgWithWarning; - in - builtins.fetchGit ({ - url = spec.repo; - inherit (spec) rev; - inherit ref; - } - // submoduleArg); - - fetch_local = spec: spec.path; - - fetch_builtin-tarball = name: - throw '' - [${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`. - $ niv modify ${name} -a type=tarball -a builtin=true''; - - fetch_builtin-url = name: - throw '' - [${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`. - $ niv modify ${name} -a type=file -a builtin=true''; - - # - # Various helpers - # - - # https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695 - sanitizeName = name: (concatMapStrings (s: - if builtins.isList s - then "-" - else s) - (builtins.split "[^[:alnum:]+._?=-]+" - ((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name))); - - # The set of packages used when specs are fetched using non-builtins. - mkPkgs = sources: system: let - sourcesNixpkgs = - import - (builtins_fetchTarball {inherit (sources.nixpkgs) url sha256;}) - { - inherit system; - }; - hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath; - hasThisAsNixpkgsPath = == ./.; - in - if builtins.hasAttr "nixpkgs" sources - then sourcesNixpkgs - else if hasNixpkgsPath && !hasThisAsNixpkgsPath - then import {} - else - abort '' - Please specify either (through -I or NIX_PATH=nixpkgs=...) or - add a package called "nixpkgs" to your sources.json. - ''; - - # The actual fetching function. - fetch = pkgs: name: spec: - if !builtins.hasAttr "type" spec - then abort "ERROR: niv spec ${name} does not have a 'type' attribute" - else if spec.type == "file" - then fetch_file pkgs name spec - else if spec.type == "tarball" - then fetch_tarball pkgs name spec - else if spec.type == "git" - then fetch_git name spec - else if spec.type == "local" - then fetch_local spec - else if spec.type == "builtin-tarball" - then fetch_builtin-tarball name - else if spec.type == "builtin-url" - then fetch_builtin-url name - else - abort - "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}"; - - # If the environment variable NIV_OVERRIDE_${name} is set, then use - # the path directly as opposed to the fetched source. - replace = name: drv: let - saneName = - stringAsChars - (c: - if isNull (builtins.match "[a-zA-Z0-9]" c) - then "_" - else c) - name; - ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}"; - in - if ersatz == "" - then drv - else - # this turns the string into an actual Nix path (for both absolute and - # relative paths) - if builtins.substring 0 1 ersatz == "/" - then /. + ersatz - else /. + builtins.getEnv "PWD" + "/${ersatz}"; - - # Ports of functions for older nix versions - - # a Nix version of mapAttrs if the built-in doesn't exist - mapAttrs = - builtins.mapAttrs - or (f: set: - with builtins; - listToAttrs (map (attr: { - name = attr; - value = f attr set.${attr}; - }) (attrNames set))); - - # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295 - range = first: last: - if first > last - then [] - else builtins.genList (n: first + n) (last - first + 1); - - # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257 - stringToCharacters = s: - map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1)); - - # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269 - stringAsChars = f: s: concatStrings (map f (stringToCharacters s)); - concatMapStrings = f: list: concatStrings (map f list); - concatStrings = builtins.concatStringsSep ""; - - # https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331 - optionalAttrs = cond: as: - if cond - then as - else {}; - - # fetchTarball version that is compatible between all the versions of Nix - builtins_fetchTarball = { - url, - name ? null, - sha256, - } @ attrs: let - inherit (builtins) lessThan nixVersion fetchTarball; - in - if lessThan nixVersion "1.12" - then - fetchTarball - ({inherit url;} // (optionalAttrs (!isNull name) {inherit name;})) - else fetchTarball attrs; - - # fetchurl version that is compatible between all the versions of Nix - builtins_fetchurl = { - url, - name ? null, - sha256, - } @ attrs: let - inherit (builtins) lessThan nixVersion fetchurl; - in - if lessThan nixVersion "1.12" - then - fetchurl - ({inherit url;} // (optionalAttrs (!isNull name) {inherit name;})) - else fetchurl attrs; - - # Create the final "sources" from the config - mkSources = config: - mapAttrs - (name: spec: - if builtins.hasAttr "outPath" spec - then - abort - "The values in sources.json should not have an 'outPath' attribute" - else spec // {outPath = replace name (fetch config.pkgs name spec);}) - config.sources; - - # The "config" used by the fetchers - mkConfig = { - sourcesFile ? - if builtins.pathExists ./sources.json - then ./sources.json - else null, - sources ? - if isNull sourcesFile - then {} - else builtins.fromJSON (builtins.readFile sourcesFile), - system ? builtins.currentSystem, - pkgs ? mkPkgs sources system, - }: rec { - # The sources, i.e. the attribute set of spec name to spec - inherit sources; - - # The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers - inherit pkgs; - }; -in - mkSources (mkConfig {}) - // { - __functor = _: settings: mkSources (mkConfig settings); - } From 885d0df8a4a4e2d03a8bded2b15d1310978e9352 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 8 Feb 2024 20:59:08 +0100 Subject: [PATCH 035/305] update x13s --- .../configuration/graphical-fullblown.nix | 1 - nix/os/devices/steveej-x13s/flake.lock | 32 +++++++++---------- nix/os/devices/steveej-x13s/flake.nix | 2 +- 3 files changed, 17 insertions(+), 18 deletions(-) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 632cf0f..56f7820 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -39,7 +39,6 @@ in { home.sessionVariables.PATH = pkgs.lib.concatStringsSep ":" ["$HOME/.local/bin" "$PATH"]; nixpkgs.config.permittedInsecurePackages = [ - "electron-24.8.6" "electron-25.9.0" ]; diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 3d547b2..9a78061 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1706491084, - "narHash": "sha256-eaEv+orTmr2arXpoE4aFZQMVPOYXCBEbLgK22kOtkhs=", + "lastModified": 1707354935, + "narHash": "sha256-COv13Awbwut8Q8h8WxWpbVGHsUlZ6Yb+6YiWyWUV+yY=", "owner": "nix-community", "repo": "disko", - "rev": "f67ba6552845ea5d7f596a24d57c33a8a9dc8de9", + "rev": "c49bb95ac852841b9015fb56a503a36ebdb46a59", "type": "github" }, "original": { @@ -59,11 +59,11 @@ ] }, "locked": { - "lastModified": 1705659542, - "narHash": "sha256-WA3xVfAk1AYmFdwghT7mt/erYpsU6JPu9mdTEP/e9HQ=", + "lastModified": 1706981411, + "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "10cd9c53115061aa6a0a90aad0b0dde6a999cdb9", + "rev": "652fda4ca6dafeb090943422c34ae9145787af37", "type": "github" }, "original": { @@ -97,11 +97,11 @@ ] }, "locked": { - "lastModified": 1707142515, - "narHash": "sha256-qTiDyZP7JvTyITRwmAGo9KGMJx0lj7ibhYqe65/Gypc=", + "lastModified": 1707341322, + "narHash": "sha256-hfJDFRAFrdLDY0ebNy7BpaKBmj3BwR/WTbQswlrpU1Y=", "ref": "refs/heads/main", - "rev": "66bc91c89daf8a14769e1f403004578463578138", - "revCount": 12, + "rev": "e612b7c968318bcd7f6ae5a4eaf930e21baa644d", + "revCount": 14, "type": "git", "url": "https://codeberg.org/adamcstephens/nixos-x13s" }, @@ -112,11 +112,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1706718339, - "narHash": "sha256-S+S97c/HzkO2A/YsU7ZmNF9w2s7Xk6P8dzmfDdckzLs=", + "lastModified": 1707238373, + "narHash": "sha256-WKxT0yLzWbFZwYi92lI0yWJpYtRaFSWHGX8QXzejapw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "53fbe41cf76b6a685004194e38e889bc8857e8c2", + "rev": "fb0c047e30b69696acc42e669d02452ca1b55755", "type": "github" }, "original": { @@ -162,11 +162,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1706768163, - "narHash": "sha256-mSQ/t2+AriQCxsHHDJ/2uJGMnUzjZLKFVYImln05JPs=", + "lastModified": 1707347693, + "narHash": "sha256-/MxX1WUwKui2dWtKghN+8qIKf8X7hHPD1KCeDXoApEI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "32cf02a2607143d94c565c068b73fe45fd57c3a0", + "rev": "9a113b42b3b15eafa91a027bd9fb9fd69fa6ed96", "type": "github" }, "original": { diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index b0cdc09..4c632c8 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -18,8 +18,8 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - # nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?rev=5044811f7804e7cf83923908d1b35322f34fb3fc"; # 6.7.0-1 nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s"; + # nixos-x13s.url = "path:/home/steveej/src/others/nixos-x13s"; nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; }; From 5ab45aee0eae7086d276be933e999543c3efe8ce Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 8 Feb 2024 20:59:31 +0100 Subject: [PATCH 036/305] formatting --- nix/home-manager/programs/chromium.nix | 4 +++- nix/os/devices/justyna-p300/pkg.nix | 6 ++++-- nix/os/devices/sj-bm-hostkey0/flake.nix | 3 +-- nix/os/devices/sj-vps-htz0/system.nix | 3 +-- nix/os/devices/srv0-dmz0/configuration.nix | 3 +-- nix/os/devices/voodoo/flake.nix | 3 +-- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/nix/home-manager/programs/chromium.nix b/nix/home-manager/programs/chromium.nix index 3552e7b..2d9070d 100644 --- a/nix/home-manager/programs/chromium.nix +++ b/nix/home-manager/programs/chromium.nix @@ -58,7 +58,9 @@ in { programs.brave = { # TODO: enable this on aarch64-linux - enable = true && !pkgs.stdenv.targetPlatform.isAarch64; + enable = + true + && !pkgs.stdenv.targetPlatform.isAarch64; inherit extensions; }; diff --git a/nix/os/devices/justyna-p300/pkg.nix b/nix/os/devices/justyna-p300/pkg.nix index 2b9ebf0..e780b7e 100644 --- a/nix/os/devices/justyna-p300/pkg.nix +++ b/nix/os/devices/justyna-p300/pkg.nix @@ -50,11 +50,13 @@ in { }; home-manager.users.justyna = - lib.attrsets.recursiveUpdate (homeEnv { + lib.attrsets.recursiveUpdate + (homeEnv { layout = "de"; options = []; variant = ""; - }) { + }) + { services.syncthing.enable = true; services.syncthing.tray = true; diff --git a/nix/os/devices/sj-bm-hostkey0/flake.nix b/nix/os/devices/sj-bm-hostkey0/flake.nix index 3b4ed54..74478dd 100644 --- a/nix/os/devices/sj-bm-hostkey0/flake.nix +++ b/nix/os/devices/sj-bm-hostkey0/flake.nix @@ -46,8 +46,7 @@ { nixpkgs.overlays = [ - (final: previous: { - }) + (final: previous: {}) ]; } ] diff --git a/nix/os/devices/sj-vps-htz0/system.nix b/nix/os/devices/sj-vps-htz0/system.nix index 2bb6048..7efcbbd 100644 --- a/nix/os/devices/sj-vps-htz0/system.nix +++ b/nix/os/devices/sj-vps-htz0/system.nix @@ -93,8 +93,7 @@ in { nix.gc = {automatic = true;}; - containers = { - }; + containers = {}; home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; diff --git a/nix/os/devices/srv0-dmz0/configuration.nix b/nix/os/devices/srv0-dmz0/configuration.nix index c1983d2..b59afac 100644 --- a/nix/os/devices/srv0-dmz0/configuration.nix +++ b/nix/os/devices/srv0-dmz0/configuration.nix @@ -121,8 +121,7 @@ in { nix.gc = {automatic = true;}; - containers = { - }; + containers = {}; # sops.secrets.holochain-nomad-agent-ca = { # sopsFile = ../../../../secrets/holochain-infra/nomad.yaml; diff --git a/nix/os/devices/voodoo/flake.nix b/nix/os/devices/voodoo/flake.nix index a926349..7e94241 100644 --- a/nix/os/devices/voodoo/flake.nix +++ b/nix/os/devices/voodoo/flake.nix @@ -55,8 +55,7 @@ { nixpkgs.overlays = [ - (final: previous: { - }) + (final: previous: {}) ]; } ] From 03bbcabe2e380f7cb3cc7b4e3939a7a9b09540f0 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 8 Feb 2024 20:59:47 +0100 Subject: [PATCH 037/305] WIP: x13s-rmvbl supposedly this will boot from USB --- .../steveej-x13s-rmvbl/configuration.nix | 25 ++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/nix/os/devices/steveej-x13s-rmvbl/configuration.nix b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix index 6f31bc9..9aec1e2 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/configuration.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix @@ -130,17 +130,40 @@ blacklistedKernelModules = ["wwan"]; initrd.kernelModules = [ - "phy_qcom_qmp_usb" "uas" + "usb_storage" + + "phy_qcom_qmp_pcie" + "phy_qcom_qmp_combo" + "phy_qcom_snps_femto_v2" + "phy_qcom_qmp_pcie" + "phy_qcom_qmp_usb" + "xhci-pci-renesas" "msm" ]; initrd.extraFiles = { + "firmware/qcom/sc8280xp/LENOVO/21BX/adspr.jsn".source = pkgs.linux-firmware; + "firmware/qcom/sc8280xp/LENOVO/21BX/adspua.jsn".source = pkgs.linux-firmware; + "firmware/qcom/sc8280xp/LENOVO/21BX/audioreach-tplg.bin".source = pkgs.linux-firmware; + "firmware/qcom/sc8280xp/LENOVO/21BX/battmgr.jsn".source = pkgs.linux-firmware; + "firmware/qcom/sc8280xp/LENOVO/21BX/cdspr.jsn".source = pkgs.linux-firmware; + "firmware/qcom/sc8280xp/LENOVO/21BX/qcadsp8280.mbn".source = pkgs.linux-firmware; + "firmware/qcom/sc8280xp/LENOVO/21BX/qccdsp8280.mbn".source = pkgs.linux-firmware; + "firmware/qcom/sc8280xp/LENOVO/21BX/qcdxkmsuc8280.mbn".source = pkgs.linux-firmware; + "firmware/qcom/sc8280xp/LENOVO/21BX/qcslpi8280.mbn".source = pkgs.linux-firmware; "firmware/qcom/sc8280xp/LENOVO/21BX/qcvss8280.mbn".source = nodeFlake.inputs.nixos-x13s.packages.${system}."x13s/extra-firmware"; }; }; + hardware.firmware = [ + pkgs.linux-firmware + nodeFlake.inputs.nixos-x13s.packages.${system}."x13s/extra-firmware" + ]; + + hardware.enableAllFirmware = true; + # see https://linrunner.de/tlp/ services.tlp = { enable = true; From 927c39711c836e21a2e17874b384257ac26a88db Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 8 Feb 2024 21:07:25 +0100 Subject: [PATCH 038/305] envrc: use nix-direnv --- .envrc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.envrc b/.envrc index 697ced8..56d5839 100644 --- a/.envrc +++ b/.envrc @@ -1 +1,5 @@ +if ! has nix_direnv_version || ! nix_direnv_version 3.0.4; then + source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.4/direnvrc" "sha256-DzlYZ33mWF/Gs8DDeyjr8mnVmQGx7ASYqA5WlxwvBG4=" +fi + use_flake .#develop --impure From c868656a6ef4e763f46cf20fd3c8cb888bf2aa57 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 8 Feb 2024 21:08:47 +0100 Subject: [PATCH 039/305] envrc: use pure flake --- .envrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.envrc b/.envrc index 56d5839..831c737 100644 --- a/.envrc +++ b/.envrc @@ -2,4 +2,4 @@ if ! has nix_direnv_version || ! nix_direnv_version 3.0.4; then source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.4/direnvrc" "sha256-DzlYZ33mWF/Gs8DDeyjr8mnVmQGx7ASYqA5WlxwvBG4=" fi -use_flake .#develop --impure +use_flake .#develop From 6d386c746df95ce9f349367ea4bfccacc6ac1bab Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 9 Feb 2024 21:35:11 +0100 Subject: [PATCH 040/305] update signal --- nix/home-manager/configuration/graphical-fullblown.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 56f7820..772e297 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -110,7 +110,7 @@ in { ( let - version = "6.44.0"; + version = "6.46.0"; in pkgsUnstableSmall.signal-desktop.overrideAttrs (old: lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 { @@ -118,10 +118,11 @@ in { src = builtins.fetchurl { - url = "https://github.com/0mniteck/Signal-Desktop-Mobian/raw/master/builds/release/signal-desktop_${version}_arm64.deb"; + url = "https://github.com/0mniteck/Signal-Desktop-Mobian/raw/108f9dd03ac5658457de1b23aae539ef8ab0a716/builds/release/signal-desktop_${version}_arm64.deb"; sha256 = # lib.fakeSha256 - "sha256:0svb5vz08n3j4lx4kdjmx5lw9619kvvxg981rs6chh83qz5y519k"; + "sha256:15sn0p0jxfs7hka6qhg77vjwblwxcdc10ybrfxc0p5gkpbcqcydc" + ; }; }) ) From 78824a5d32253640267dcab4dc44013e59cad0dc Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 15 Feb 2024 20:21:09 +0100 Subject: [PATCH 041/305] devShells: add nix-index --- nix/devShells.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/devShells.nix b/nix/devShells.nix index 4cac540..01d318b 100644 --- a/nix/devShells.nix +++ b/nix/devShells.nix @@ -35,6 +35,7 @@ inputs'.sops-nix.packages.default sops nil + nix-index apacheHttpd From c13b460ee996e9ef8043c730d922bc7714e51072 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 15 Feb 2024 20:21:33 +0100 Subject: [PATCH 042/305] fmt and TODO comment --- nix/home-manager/configuration/graphical-fullblown.nix | 4 ++-- nix/os/profiles/common/user.nix | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 772e297..8060725 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -121,8 +121,7 @@ in { url = "https://github.com/0mniteck/Signal-Desktop-Mobian/raw/108f9dd03ac5658457de1b23aae539ef8ab0a716/builds/release/signal-desktop_${version}_arm64.deb"; sha256 = # lib.fakeSha256 - "sha256:15sn0p0jxfs7hka6qhg77vjwblwxcdc10ybrfxc0p5gkpbcqcydc" - ; + "sha256:15sn0p0jxfs7hka6qhg77vjwblwxcdc10ybrfxc0p5gkpbcqcydc"; }; }) ) @@ -297,6 +296,7 @@ in { ]); systemd.user.startServices = true; + services.syncthing.enable = true; services.udiskie = { diff --git a/nix/os/profiles/common/user.nix b/nix/os/profiles/common/user.nix index 3d74166..27b7427 100644 --- a/nix/os/profiles/common/user.nix +++ b/nix/os/profiles/common/user.nix @@ -33,6 +33,7 @@ in { type = types.path; }; + # TODO: test if this works installPassword = lib.mkOption { default = ""; type = types.str; From e01290317aa62cea0d0a6733ac5dc6b8c7baa26d Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 1 Mar 2024 11:21:37 +0100 Subject: [PATCH 043/305] feat(zerotier): make os snippet and add custom options a way to disable autostart for zerotier is beneficial to not accidentally connect on each boot while still being able to connect on demand --- .sops.yaml | 6 ++ nix/os/devices/steveej-t14/system.nix | 37 ------------ nix/os/devices/steveej-x13s/configuration.nix | 7 +++ nix/os/snippets/holo-zerotier.nix | 51 ++++++++++++++++ secrets/work-holo/zerotierone.txt | 26 +++++++++ secrets/zerotierone.txt | 58 ------------------- 6 files changed, 90 insertions(+), 95 deletions(-) create mode 100644 nix/os/snippets/holo-zerotier.nix create mode 100644 secrets/work-holo/zerotierone.txt delete mode 100644 secrets/zerotierone.txt diff --git a/.sops.yaml b/.sops.yaml index d003e1b..2eac4bd 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -98,3 +98,9 @@ creation_rules: - *steveej age: - *steveej-x13s + - path_regex: ^secrets/work-holo/.+$ + key_groups: + - pgp: + - *steveej + age: + - *steveej-x13s diff --git a/nix/os/devices/steveej-t14/system.nix b/nix/os/devices/steveej-t14/system.nix index 4d43885..04fb60a 100644 --- a/nix/os/devices/steveej-t14/system.nix +++ b/nix/os/devices/steveej-t14/system.nix @@ -116,43 +116,6 @@ in { hardware.ledger.enable = true; - # services.zerotierone = { - # enable = false; - # joinNetworks = [ - # # moved to the service below as it's now secret - # ]; - # }; - - # systemd.services.zerotieroneSecretNetworks = { - # enable = false; - # requiredBy = [ "zerotierone.service" ]; - # partOf = [ "zerotierone.service" ]; - - # serviceConfig.Type = "oneshot"; - # serviceConfig.RemainAfterExit = true; - - # script = - # let - # secret = config.sops.secrets.zerotieroneNetworks; - # in - # '' - # # include the secret's hash to trigger a restart on change - # # ${builtins.hashString "sha256" (builtins.toJSON secret)} - - # ${config.systemd.services.zerotierone.preStart} - - # rm -rf /var/lib/zerotier-one/networks.d/*.conf - # for network in `grep -v '#' ${secret.path}`; do - # touch /var/lib/zerotier-one/networks.d/''${network}.conf - # done - # ''; - # }; - - sops.secrets.zerotieroneNetworks = { - sopsFile = ../../../../secrets/zerotierone.txt; - format = "binary"; - }; - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 6d90f3d..37331ff 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -86,6 +86,8 @@ ../../snippets/bluetooth.nix ../../snippets/timezone.nix ../../snippets/radicale.nix + + ../../snippets/holo-zerotier.nix ]; networking.hostName = nodeName; @@ -148,4 +150,9 @@ virtualisation.podman.dockerCompat = true; hardware.ledger.enable = true; + + steveej.holo-zerotier = { + enable = true; + autostart = false; + }; } diff --git a/nix/os/snippets/holo-zerotier.nix b/nix/os/snippets/holo-zerotier.nix new file mode 100644 index 0000000..dc02fdc --- /dev/null +++ b/nix/os/snippets/holo-zerotier.nix @@ -0,0 +1,51 @@ +{ + config, + lib, + ... +}: let + cfg = config.steveej.holo-zerotier; +in { + options.steveej.holo-zerotier = { + enable = lib.mkEnableOption "Enable holo-zerotier"; + autostart = lib.mkOption {default = false;}; + }; + + config = { + services.zerotierone = { + enable = cfg.enable; + joinNetworks = [ + # moved to the service below as it's now secret + ]; + }; + + systemd.services.zerotierone.wantedBy = lib.mkIf (!cfg.autostart) (lib.mkForce []); + + systemd.services.zerotieroneSecretNetworks = { + enable = cfg.enable; + requiredBy = ["zerotierone.service"]; + partOf = ["zerotierone.service"]; + + serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = true; + + script = let + secret = config.sops.secrets.zerotieroneNetworks; + in '' + # include the secret's hash to trigger a restart on change + # ${builtins.hashString "sha256" (builtins.toJSON secret)} + + ${config.systemd.services.zerotierone.preStart} + + rm -rf /var/lib/zerotier-one/networks.d/*.conf + for network in `grep -v '#' ${secret.path}`; do + touch /var/lib/zerotier-one/networks.d/''${network}.conf + done + ''; + }; + + sops.secrets.zerotieroneNetworks = { + sopsFile = ../../../secrets/work-holo/zerotierone.txt; + format = "binary"; + }; + }; +} diff --git a/secrets/work-holo/zerotierone.txt b/secrets/work-holo/zerotierone.txt new file mode 100644 index 0000000..a092cde --- /dev/null +++ b/secrets/work-holo/zerotierone.txt @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:D6xhJ8RgtO3wuNQF0N9V4TlYcKahT8Rv3rHPeZH5F2Wk+V1GhZ+Bhl+D75ersKPv3vmNWlKD2lHb46LaM3Cz7gKAgcQ=,iv:BsnB+Tt+83QVdfive5+s824f3MBZSy6N3g+/raqWgGA=,tag:foQL/RYGfovt1feSlE5GAg==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAydFBZWlJEdTkzWWFrVHdZ\nYVFxVEtCMS9tR3RMaFFWWnFEU2Z3dUc3dW5ZCmxTVGx2dHF6ejVVS0JQVjEwYU1X\nTE9wNmNQNWs4NlhXeEdtME5NV3FkUWMKLS0tIGJlamxpcndOTWR0b1l3b05WaXpT\nTkx3Rld2UnRPek5jNmdoWEYvbmZjVjgKirftt0yHRQj/JF6Ds6sFx6cX8pESZTy0\n+oPUdHEPAYpdii2FhDMxTPwy2ROGn5Bto1gMY38qopJ18bb1IFd4AA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2023-07-01T20:19:12Z", + "mac": "ENC[AES256_GCM,data:aIizzl+WFLI8rwp9r9p3kJIsbAISp8vRnSUQKKRIY8V8WdjBNuR+ebSlMf8kBg4e+D9hpTGEY0byv8bpgx/1m5MMEXIDBiBb8GHBk8qwB/3JWsBMyCHOyylw9AAgteyCDEKMCHgU/ZBvExW9n5gnuvkngKK8X1imrNG2ySL9cIo=,iv:UFacq8BdavyiHGRAcKq9obdAD7ZsW8wqugkvtbpi8pw=,tag:fkoaJKrA54tNlTLbAwRsug==,type:str]", + "pgp": [ + { + "created_at": "2024-03-01T10:00:58Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQEMA0SHG/zF3227AQf+JWW5ihksSQw2X5TkcmdHb9FyGF9dAxjrYjjDdypM1F2O\nZjq8yevk+qyxq8NCaveAl4k8U2xQdqOTiirDYD8WhleLkj+sDNJv/RNMVpWywekb\ny24LmRNHlvVEPb92OjSHWy/QPbQGBGuoAA8KKZq+5sjR6vZIdzZeV1BWAvbkdDP2\nVVh0QjneXz0tHJ9HbytRb90xA/9Oyw0RQcxMad2A3THJO0L7OchPNkaIBmCjPSnO\n9x4ysbj87dkBmmCSOOqQAZAiWsDGRdgJyoNh0RFF3q5JCWLTRfPM6+eU8vXeenR4\nHqqO9AyhjCSjA0T1+/pPXY+C1WGkqHDODDfW3KrhGdJeATWyfi1D77SA7SQMiXjW\n+j0Oo3Y0K3aJAVn62aicgBNd5fhtTS4xIXXtnBsyjStVripW326g1b9LS0IcvouL\nwfQfrKNTkpX+Rui6Upb+KYIfTlGRl99ItJd4SMBLMQ==\n=Zlg1\n-----END PGP MESSAGE-----", + "fp": "6F7069FE6B96E894E60EC45C6EEFA706CB17E89B" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +} \ No newline at end of file diff --git a/secrets/zerotierone.txt b/secrets/zerotierone.txt deleted file mode 100644 index 9059ac3..0000000 --- a/secrets/zerotierone.txt +++ /dev/null @@ -1,58 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:D6xhJ8RgtO3wuNQF0N9V4TlYcKahT8Rv3rHPeZH5F2Wk+V1GhZ+Bhl+D75ersKPv3vmNWlKD2lHb46LaM3Cz7gKAgcQ=,iv:BsnB+Tt+83QVdfive5+s824f3MBZSy6N3g+/raqWgGA=,tag:foQL/RYGfovt1feSlE5GAg==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBva2lYMFY1V1piNlBpUURv\naWh3dHpaQXdqdzRCU2JIcHExbkhwZzhXd0JnCkFTMG5wVDNQVzNVUmo1cUh1TWtF\naHVTcGRpSDNxa1NHVDZvZWFpREdOcVEKLS0tIFVJSTdiZFBwTlJEMFowYnJqdjFr\nWDdKM2FGM0dQS1NZOTlZUGlOa2srV2cKr/EwcrbOw9vjmFp7OsEF6y0KxACs8NPM\nRYMKhnzd/6VFY5aK79V6JuMSOLaMT+AbQODg+R/iA3TNLev22Jfcvw==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkOWsvenhWdC9ENVlXTXZi\ndWtJWWZUZGMyTzduMzFvK2M1NmFLZ1JwVFNFCkpTMDh6eWhwV0Fya0syRDhuWDlK\nV1lBbGNDbXUvNHB5MGMrS3R0b043YnMKLS0tIExXNXlsaUhsTUxGZGY5U2VRNXJr\nNjZmTU80QVZ1blFKd2dGandsVm42blEK/3uqLhxS16HU67wA0T0Y9uqb2WJI6dII\ndCktjLZcKKyGB+UXNyzDiRgMR4OKIvB0MjLIql2SZKt53OpkpytAbQ==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjWlErYU5pUHJRdXlCRmZS\nNWlWalFDb0xFZFlrbkdXMG0zYXl1UjhmNUQwCmNCcWZPME8yOGcycnVRWXJxeFo3\nTHFuWHY5aXRxZERNU3duSzRsaFIreWMKLS0tIDRyWmFzeGN2YU9LNW9IWUZNWkVJ\nOTlYTlNteEU0REhmd3ovbGQ4Z09FakkKliCyJsTqsUD5t2vOfTigqA7WObfNCcsd\nt1Fs8vf/1tReWqF8V0f97lD2APgfqgg0hqWFcKkiGYBRWEJvBAj8Lw==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRT0xzWEtNRHl3bFBZRGl2\nTlkyaWRGTHcxcDVqa012VUk1ZUVjREF2bGlJCmRBNkdzRmsxT2dFemJ6NFAxV1g5\nV2p2c09VKzNVSTJ0V2lheWNwMFlMdk0KLS0tIDZWMTBtaWZjcmRYMnhjY3VudlUz\nem10U1FzZ3p2VzZrRXZyRDFUTy92dkUKcM0Nh1/rQ/aoXHJ16QjZ0daxyaOIyzyx\nXbWDj0opTiYweKrL93P8MSQr8V5i2zVcxP7Gw/fZsWlCs26nBeK1xQ==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1ZVdzS2lONzg0eGJUei9X\nem9Nc1FhTm5XampHVjJieHJjOUczR09VNTFjCjBkejNlY0I3dEhYbzYvaTBsMDd5\ndjc0alpKNWF6YTVOczltTFRueWZBYXcKLS0tIFJTSThncVdhajhaNmdZTjRNQVFB\nTi93ejQ2bUsrVXl0eDRkbFE5UlhKUzQKg/cJKYzhq1YIBvvNx/N4F258WUnrmNMs\n2MnxrLk9a67AGciCynEMO02dpUXPWxgUkTSqOjRkkcA20x5Rpn4e6w==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLRUliYTB2MG1zUVU0ZWFM\nNUNEMUdha3ZSZ2dkYmZuVk96VjlUTVpWNkI0ClIyUFBZWFppTzJwbHhJaFhXWTBM\nT0pvVklqbE00aW9GMG4wWnFkZkNoQVkKLS0tIExoeTBBcjlsUkZyQkNrUW1zdXU2\nUytDNk9YOXNtU3hLUzdFQnlzQ1lJSjgK+64AJTx4ZjT4njl0Gr4Hk3ykljRTgaqO\nuOjLz/9Qy2rM3BcJzajhCU1pU4f1A0qDQRjoYj5+M9qW/NMbZt6Ujw==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoWjJsQVpGQXhLdkh0UGtp\nUkZKa0hRblFHaHpVZm9MNnA2SnBIYVdLUDE4Cmkvbmx1aVBVMVFjdlBjU2JTNlVa\nYTQwdUF0ZHhzRGFIY2RUS1JmOVhCWE0KLS0tIGd0eHNOUmJ3T21jQ0QvRHlnOWRw\ndXBIVFdRQld3RmR3VWhpRS9XLy93ZzgKIcCl3r4Q+p1GqeMQmTQFDOhGDN1KE1Fl\npdx6QOkhZSVAux3YcbWNex7nDju5Meqhyhfe5l4YLJKnM5gs3efFcQ==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArazhNT3QzWFpXNTFmWVkr\nTklLei9RN1M1R0pVVTBZTUJkTDVvbzdWbG5zCmx0RVgwbG5IZXNvZUFkaWNzRW10\nKzdNTDZyaGZVNDg0MXR6aGpVQ3FOSEUKLS0tIHB2WnNHZStodXZJTElBV0ljWExy\nbFo2Q3RMRm5BNm1zcnNhdzRYbk5CcWMKsdK8OIVKidayA0LU1NF2pjHjTirVQ/MA\nS4yGouebH4YbFkHDpHbttv572Iw1mbZK0EVIbiJuYoGudb1w60ROIA==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUU090RWZqSnpSaGFWcmVM\nQlRWckdLMk5Kd2E0dFVnSzZEcXBPNmkyTkVZCnNtekhvcUhYZG1RS0ZINVBNMU9L\nSHFqNlMxODdRbm5MOEw3UG9VM2NlVUUKLS0tIE5acnhENFNwR3JMc0s3N2g4dFBs\nR0FuSi94d3RUNFVWQ01uM3UyZW1tRDAKfIVF6+PE2iMC3m81wPoqH9LqL3MsK1WV\nslE4l1m04UL315vdAyPm3k9b+vkTGD4Fmeywsto7Am92/JCanlT7+g==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2023-07-01T20:19:12Z", - "mac": "ENC[AES256_GCM,data:aIizzl+WFLI8rwp9r9p3kJIsbAISp8vRnSUQKKRIY8V8WdjBNuR+ebSlMf8kBg4e+D9hpTGEY0byv8bpgx/1m5MMEXIDBiBb8GHBk8qwB/3JWsBMyCHOyylw9AAgteyCDEKMCHgU/ZBvExW9n5gnuvkngKK8X1imrNG2ySL9cIo=,iv:UFacq8BdavyiHGRAcKq9obdAD7ZsW8wqugkvtbpi8pw=,tag:fkoaJKrA54tNlTLbAwRsug==,type:str]", - "pgp": [ - { - "created_at": "2024-01-24T22:48:30Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQEMA0SHG/zF3227AQf9H8VPhApFkYZi72afxgtHIqclNN4BPuSEhYQYR0m2tvm+\nj0sa3ehI6frkH8KxCtgXgaVB+74yWe+JeVnWRZUk1nIm+q0kuN+0Kn5+YQW0iYuv\n3z34VCw938Gebz57BLaWZTcns3xur+Ug3a+fjyjsKW7w90aP2Q7V2qp9AgxxsN1U\nl9Z1RXHlIUS1CGqA8py2mIkgvlK0WHiYRXsqdRvJh1jdUvzkJjYSpgz4Kj7pyyte\nvXIB4HckW6Fjn6Nlfeyzt6Ka9NziX7EAFlBs/8U8QvkX8AizCxuTwwB9n5rbRxb3\nDjXbgckkkKHc2nEx3xSRe7vh1cfQhTU/TNTuZI3GcNJeAVD89dwR7hhkqFzkanw+\n3hVV1mbDNIDA2fCfxiDLvBDYq8jhaMosAIrwO5TcXEm1PeEuRx1mDEjHsthwmOad\nEJNSBWKGzd13r23WlPRjdeCUF0YSnNFbhM0rwLlLdA==\n=5GJ1\n-----END PGP MESSAGE-----", - "fp": "6F7069FE6B96E894E60EC45C6EEFA706CB17E89B" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.7.3" - } -} \ No newline at end of file From 092e69133f35eeb5db58c456271f0b9c9893be3b Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 1 Mar 2024 12:03:12 +0100 Subject: [PATCH 044/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 57 ++++++++++++++++---------- nix/os/devices/steveej-x13s/flake.nix | 5 ++- 2 files changed, 39 insertions(+), 23 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 9a78061..7709f44 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1707354935, - "narHash": "sha256-COv13Awbwut8Q8h8WxWpbVGHsUlZ6Yb+6YiWyWUV+yY=", + "lastModified": 1709286488, + "narHash": "sha256-RDpTZ72zLu05djvXRzK76Ysqp9zSdh84ax/edEaJucs=", "owner": "nix-community", "repo": "disko", - "rev": "c49bb95ac852841b9015fb56a503a36ebdb46a59", + "rev": "bde7dd352c07d43bd5b8245e6c39074a391fdd46", "type": "github" }, "original": { @@ -92,36 +92,35 @@ "nixos-x13s": { "inputs": { "flake-parts": "flake-parts", - "nixpkgs": [ - "nixpkgs" - ] + "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1707341322, - "narHash": "sha256-hfJDFRAFrdLDY0ebNy7BpaKBmj3BwR/WTbQswlrpU1Y=", - "ref": "refs/heads/main", - "rev": "e612b7c968318bcd7f6ae5a4eaf930e21baa644d", - "revCount": 14, + "lastModified": 1709138783, + "narHash": "sha256-RyX9TPeMEcRLVTaHJzXepIn1EhixNMFJzfNIWwjcfhA=", + "ref": "refs/tags/2024-02-28", + "rev": "af581b2b9506a66ddf6d6f99cf151a86bb2919bb", + "revCount": 35, "type": "git", "url": "https://codeberg.org/adamcstephens/nixos-x13s" }, "original": { + "ref": "refs/tags/2024-02-28", "type": "git", "url": "https://codeberg.org/adamcstephens/nixos-x13s" } }, "nixpkgs": { "locked": { - "lastModified": 1707238373, - "narHash": "sha256-WKxT0yLzWbFZwYi92lI0yWJpYtRaFSWHGX8QXzejapw=", - "owner": "nixos", + "lastModified": 1707689078, + "narHash": "sha256-UUGmRa84ZJHpGZ1WZEBEUOzaPOWG8LZ0yPg1pdDF/yM=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "fb0c047e30b69696acc42e669d02452ca1b55755", + "rev": "f9d39fb9aff0efee4a3d5f4a6d7c17701d38a1d8", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-23.11", + "owner": "NixOS", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -162,11 +161,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1707347693, - "narHash": "sha256-/MxX1WUwKui2dWtKghN+8qIKf8X7hHPD1KCeDXoApEI=", + "lastModified": 1709271102, + "narHash": "sha256-Z2sBL/HRRTNABsU8E5XsP+FXBEyBoi6oMwm5bV7lSFw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9a113b42b3b15eafa91a027bd9fb9fd69fa6ed96", + "rev": "09c1497ce5d4ed4a0edfdd44450d3048074cb300", "type": "github" }, "original": { @@ -176,6 +175,22 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1709218635, + "narHash": "sha256-nytX/MkfqeTD4z7bMq4QRXcHxO9B3vRo9tM6fMtPFA8=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "068d4db604958d05d0b46c47f79b507d84dbc069", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "disko": "disko", @@ -183,7 +198,7 @@ "home-manager": "home-manager", "mobile-nixos": "mobile-nixos", "nixos-x13s": "nixos-x13s", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "nixpkgs-2211": "nixpkgs-2211", "nixpkgs-unstable-small": "nixpkgs-unstable-small" } diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 4c632c8..6e13b69 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -18,9 +18,10 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s"; + # nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?ref=main"; + nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?ref=refs/tags/2024-02-28"; # nixos-x13s.url = "path:/home/steveej/src/others/nixos-x13s"; - nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; + # nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = { From b144c4501f1c6c2cf89e416a3025bc198da2847d Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 7 Mar 2024 21:58:24 +0100 Subject: [PATCH 045/305] feat(vscodium remote): attempt to match versions on client and server environments --- flake.lock | 35 +++++++++++++++++++ flake.nix | 4 +++ nix/devShells.nix | 4 ++- .../configuration/graphical-fullblown.nix | 1 + nix/home-manager/programs/vscode/default.nix | 13 +++++-- .../devices/sj-bm-hostkey0/configuration.nix | 15 +++++++- 6 files changed, 67 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 08892be..8c5d48e 100644 --- a/flake.lock +++ b/flake.lock @@ -631,6 +631,22 @@ "type": "github" } }, + "nixpkgs-vscodium": { + "locked": { + "lastModified": 1709558755, + "narHash": "sha256-hx4FIbk4X4ve1oiHLOj+VE6dzO4CtXBR5RSU6kaq34M=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "207107bbc7d6d19a8b2c36a088d3756d03490243", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-wayland": { "inputs": { "flake-compat": "flake-compat_2", @@ -684,6 +700,23 @@ "type": "github" } }, + "openvscode-server": { + "flake": false, + "locked": { + "lastModified": 1708067838, + "narHash": "sha256-GNqDYqi40X7/og3TacvKyPj6c5amkxTYr/1DsnGV2AI=", + "owner": "gitpod-io", + "repo": "openvscode-server", + "rev": "fa212cab64faaac10741979e96a0662d14f61c81", + "type": "github" + }, + "original": { + "owner": "gitpod-io", + "ref": "openvscode-server-v1.86.2", + "repo": "openvscode-server", + "type": "github" + } + }, "prs": { "flake": false, "locked": { @@ -730,8 +763,10 @@ "nixpkgs-unstable-small" ], "nixpkgs-unstable-small": "nixpkgs-unstable-small", + "nixpkgs-vscodium": "nixpkgs-vscodium", "nixpkgs-wayland": "nixpkgs-wayland", "ofi-pass": "ofi-pass", + "openvscode-server": "openvscode-server", "prs": "prs", "radicalePkgs": [ "nixpkgs-2211" diff --git a/flake.nix b/flake.nix index 2538a15..1bdf23c 100644 --- a/flake.nix +++ b/flake.nix @@ -25,6 +25,10 @@ nixpkgs-wayland.url = "github:nix-community/nixpkgs-wayland"; + nixpkgs-vscodium.url = "github:nixos/nixpkgs/nixos-unstable-small"; + openvscode-server.url = "github:gitpod-io/openvscode-server/openvscode-server-v1.86.2"; + openvscode-server.flake = false; + colmena = { url = "github:zhaofengli/colmena"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/nix/devShells.nix b/nix/devShells.nix index 01d318b..f90fbb1 100644 --- a/nix/devShells.nix +++ b/nix/devShells.nix @@ -2,7 +2,9 @@ self', inputs', pkgs, -}: { +}: let + pkgsUnstable = inputs'.nixpkgs-unstable.legacyPackages; +in { install = pkgs.mkShell { name = "infra-install"; packages = with pkgs; [ diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 8060725..4359cc6 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -4,6 +4,7 @@ config, # these come in via home-manager.extraSpecialArgs and are specific to each node nodeFlake, + repoFlake, packages', ... }: let diff --git a/nix/home-manager/programs/vscode/default.nix b/nix/home-manager/programs/vscode/default.nix index a0c0d76..dfc421f 100644 --- a/nix/home-manager/programs/vscode/default.nix +++ b/nix/home-manager/programs/vscode/default.nix @@ -1,11 +1,14 @@ { pkgs, nodeFlake, + repoFlake, ... -}: { +}: let + pkgsVscodium = import repoFlake.inputs.nixpkgs-vscodium {inherit (pkgs) system config;}; +in { programs.vscode = { enable = true; - package = pkgs.vscodium; + package = pkgsVscodium.vscodium; extensions = [ # TODO: how can i install (this) vsix(s) directly? @@ -38,7 +41,11 @@ mutableExtensionsDir = true; }; - home.packages = [pkgs.nixpkgs-fmt pkgs.alejandra]; + home.packages = [ + pkgs.nixpkgs-fmt + pkgs.alejandra + pkgs.nil + ]; } # TODO: automate ### original list: diff --git a/nix/os/devices/sj-bm-hostkey0/configuration.nix b/nix/os/devices/sj-bm-hostkey0/configuration.nix index 5c32ea3..9210b46 100644 --- a/nix/os/devices/sj-bm-hostkey0/configuration.nix +++ b/nix/os/devices/sj-bm-hostkey0/configuration.nix @@ -9,7 +9,10 @@ nodeName, system, ... -}: { +}: let + pkgsUnstableSmall = import nodeFlake.inputs.nixpkgs-unstable-small {inherit (pkgs) system config;}; + pkgsVscodium = import repoFlake.inputs.nixpkgs-vscodium {inherit (pkgs) system config;}; +in { disabledModules = [ ]; @@ -47,6 +50,16 @@ pkgs.nixpkgs-fmt pkgs.alejandra pkgs.nixfmt + + # TODO: automate linking this + # 1. get the commit with: `codium --version` + # 2. create the binary directory: `mkdir -p /home/steveej/.vscodium-server/bin/c8ce3ba4bc6b30b3b10edc61481cb85b1d2396bc/bin/` + # 3. link the binary. this relies on the client-side setting `"remote.SSH.experimental.serverBinaryName": "openvscode-server"` : ln -s $(which openvscode-server) /home/steveej/.vscodium-server/bin/c8ce3ba4bc6b30b3b10edc61481cb85b1d2396bc/bin/ + (pkgsVscodium.openvscode-server.overrideAttrs(attrs: { + src = repoFlake.inputs.openvscode-server; + version = "1.86.2"; + yarnCache = attrs.yarnCache.overrideAttrs (_: {outputHash = "sha256-mB7Fw/5pCBJNGtH3PvGhZOAIP/C2MoSvBvZy17TPN9U=";}); + })) ]; }; From f779649c0caa81e7c4c1bedd7adefc68805470fd Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 7 Mar 2024 22:01:03 +0100 Subject: [PATCH 046/305] feat,fix: cach up hostkey0 with structure changes, update x13s and config firewall --- .../configuration/graphical-fullblown.nix | 5 +-- nix/home-manager/profiles/common.nix | 2 + nix/os/devices/router0-dmz0/configuration.nix | 2 +- .../devices/sj-bm-hostkey0/configuration.nix | 9 +--- nix/os/devices/sj-bm-hostkey0/flake.lock | 41 +++++------------ nix/os/devices/steveej-x13s/configuration.nix | 44 ++++++++++++++++++- nix/os/devices/steveej-x13s/flake.lock | 30 ++++++------- nix/os/devices/steveej-x13s/flake.nix | 4 +- 8 files changed, 79 insertions(+), 58 deletions(-) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 4359cc6..a8c96b3 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -40,7 +40,6 @@ in { home.sessionVariables.PATH = pkgs.lib.concatStringsSep ":" ["$HOME/.local/bin" "$PATH"]; nixpkgs.config.permittedInsecurePackages = [ - "electron-25.9.0" ]; home.packages = @@ -157,8 +156,8 @@ in { nethogs # Code Editing and Programming - # pkgsUnstableSmall.lapce - # pkgsUnstableSmall.helix + pkgsUnstableSmall.lapce + pkgsUnstableSmall.helix # Image/Graphic/Design Tools gnome.eog diff --git a/nix/home-manager/profiles/common.nix b/nix/home-manager/profiles/common.nix index 9df371b..62bba7e 100644 --- a/nix/home-manager/profiles/common.nix +++ b/nix/home-manager/profiles/common.nix @@ -3,6 +3,8 @@ lib, ... }: { + home.stateVersion = lib.mkDefault "23.11"; + # TODO: re-enable this with the appropriate version? # programs.home-manager.enable = true; # programs.home-manager.path = https://github.com/rycee/home-manager/archive/445c0b1482c38172a9f8294ee16a7ca7462388e5.tar.gz; diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 366c640..cd0629e 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -194,7 +194,7 @@ in { rules = let wanInterfaces = builtins.concatStringsSep ", " config.networking.nftables.firewall.zones.wan.interfaces; in - # TODO: if this hostname doesn't resolve it'll break the whole ruleset + # ***TODO***: if this hostname doesn't resolve it'll break the whole ruleset [ "iifname { ${wanInterfaces} } tcp dport 220 redirect to 22" "iifname { ${wanInterfaces} } dnat ip to ${exposedHost}" diff --git a/nix/os/devices/sj-bm-hostkey0/configuration.nix b/nix/os/devices/sj-bm-hostkey0/configuration.nix index 9210b46..72a634c 100644 --- a/nix/os/devices/sj-bm-hostkey0/configuration.nix +++ b/nix/os/devices/sj-bm-hostkey0/configuration.nix @@ -22,6 +22,7 @@ in { repoFlake.inputs.sops-nix.nixosModules.sops ../../profiles/common/user.nix + ../../snippets/nix-settings.nix ../../snippets/nix-settings-holo-chain.nix # TODO @@ -29,20 +30,14 @@ in { # ./monitoring.nix # user config + ../../snippets/home-manager-with-zsh.nix { users.commonUsers = { enable = true; enableNonRoot = true; }; - home-manager.users.root = import ../../../home-manager/configuration/text-minimal.nix { - inherit pkgs; - }; home-manager.users.steveej = {pkgs, ...}: { - imports = [ - ../../../home-manager/configuration/text-minimal.nix - ]; - home.packages = [ pkgs.nil pkgs.rnix-lsp diff --git a/nix/os/devices/sj-bm-hostkey0/flake.lock b/nix/os/devices/sj-bm-hostkey0/flake.lock index 7b84218..23f7435 100644 --- a/nix/os/devices/sj-bm-hostkey0/flake.lock +++ b/nix/os/devices/sj-bm-hostkey0/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1704318910, - "narHash": "sha256-wOIJwAsnZhM0NlFRwYJRgO4Lldh8j9viyzwQXtrbNtM=", + "lastModified": 1709286488, + "narHash": "sha256-RDpTZ72zLu05djvXRzK76Ysqp9zSdh84ax/edEaJucs=", "owner": "nix-community", "repo": "disko", - "rev": "aef9a509db64a081186af2dc185654d78dc8e344", + "rev": "bde7dd352c07d43bd5b8245e6c39074a391fdd46", "type": "github" }, "original": { @@ -42,11 +42,11 @@ ] }, "locked": { - "lastModified": 1704383912, - "narHash": "sha256-Be7O73qoOj/z+4ZCgizdLlu+5BkVvO2KO299goZ9cW8=", + "lastModified": 1709204054, + "narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=", "owner": "nix-community", "repo": "home-manager", - "rev": "26b8adb300e50efceb51fff6859a1a6ba1ade4f7", + "rev": "2f3367769a93b226c467551315e9e270c3f78b15", "type": "github" }, "original": { @@ -56,29 +56,13 @@ "type": "github" } }, - "nixos-stable": { - "locked": { - "lastModified": 1703992652, - "narHash": "sha256-C0o8AUyu8xYgJ36kOxJfXIroy9if/G6aJbNOpA5W0+M=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "32f63574c85fbc80e4ba1fbb932cde9619bad25e", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs": { "locked": { - "lastModified": 1704295289, - "narHash": "sha256-9WZDRfpMqCYL6g/HNWVvXF0hxdaAgwgIGeLYiOhmes8=", + "lastModified": 1709218635, + "narHash": "sha256-nytX/MkfqeTD4z7bMq4QRXcHxO9B3vRo9tM6fMtPFA8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b0b2c5445c64191fd8d0b31f2b1a34e45a64547d", + "rev": "068d4db604958d05d0b46c47f79b507d84dbc069", "type": "github" }, "original": { @@ -99,17 +83,16 @@ }, "srvos": { "inputs": { - "nixos-stable": "nixos-stable", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1704357296, - "narHash": "sha256-npRcwAqeoLRdilyn4yOG9qShTRJ3sXL/xpyVOi+j7nw=", + "lastModified": 1709290688, + "narHash": "sha256-uGOqZffYg3mNS43MI6yhYB5tE8QYXgvCzO8dg5lC9TA=", "owner": "numtide", "repo": "srvos", - "rev": "341c142aad6609161b6b74cfc2d288f0ead01585", + "rev": "8e1328f734bff51198c44facd064b257756343c5", "type": "github" }, "original": { diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 37331ff..5a1817a 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -13,6 +13,7 @@ enable = true; # TODO: use hardware address bluetoothMac = "65:9e:7a:8b:86:28"; + kernel = "jhovold"; }; services.illum.enable = true; @@ -65,6 +66,7 @@ ./disko.nix ../../snippets/nix-settings.nix + ../../snippets/nix-settings-holo-chain.nix ../../profiles/common/user.nix { @@ -81,6 +83,21 @@ }; } + # TODO: create syncthing os snippet + (let + tcp = [22000]; + udp = [ + 22000 + 21027 + ]; + in { + # TODO: upstream feature for inverse rule to work: `! --in-interface zt+` + networking.firewall.interfaces."en+".allowedTCPPorts = tcp; + networking.firewall.interfaces."en+".allowedUDPPorts = udp; + networking.firewall.interfaces."wl+".allowedTCPPorts = tcp; + networking.firewall.interfaces."wl+".allowedUDPPorts = udp; + }) + ../../snippets/home-manager-with-zsh.nix ../../snippets/sway-desktop.nix ../../snippets/bluetooth.nix @@ -132,6 +149,23 @@ loader.efi.canTouchEfiVariables = lib.mkForce false; loader.efi.efiSysMountPoint = "/boot"; blacklistedKernelModules = ["wwan"]; + + # kernelParams = let + # dtbName = "sc8280xp-lenovo-thinkpad-x13s.dtb"; + # in lib.mkForce [ + # # needed to boot + # "dtb=${dtbName}" + + # # jhovold recommended + # "efi=noruntime" + # "clk_ignore_unused" + # "pd_ignore_unused" + # # "regulator_ignore_unused" + # "arm64.nopauth" + + # # blacklist graphics in initrd so the firmware can load from disk + # "rd.driver.blacklist=msm" + # ]; }; # see https://linrunner.de/tlp/ @@ -145,12 +179,20 @@ }; # android on linux - virtualisation.waydroid.enable = true; + virtualisation.waydroid.enable = false; virtualisation.podman.enable = true; virtualisation.podman.dockerCompat = true; hardware.ledger.enable = true; + nix.settings.substituters = [ + "https://nixos-x13s.cachix.org" + ]; + + nix.settings.trusted-public-keys = [ + "nixos-x13s.cachix.org-1:SzroHbidolBD3Sf6UusXp12YZ+a5ynWv0RtYF0btFos=" + ]; + steveej.holo-zerotier = { enable = true; autostart = false; diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 7709f44..42306cb 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1709286488, - "narHash": "sha256-RDpTZ72zLu05djvXRzK76Ysqp9zSdh84ax/edEaJucs=", + "lastModified": 1709682352, + "narHash": "sha256-71S/64RbyADT6FUVJq4WLiNbmcxFvgMsSihf/C2Hgno=", "owner": "nix-community", "repo": "disko", - "rev": "bde7dd352c07d43bd5b8245e6c39074a391fdd46", + "rev": "ad5e8bd14df2e6bdb836582577dc163318617738", "type": "github" }, "original": { @@ -95,16 +95,16 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1709138783, - "narHash": "sha256-RyX9TPeMEcRLVTaHJzXepIn1EhixNMFJzfNIWwjcfhA=", - "ref": "refs/tags/2024-02-28", - "rev": "af581b2b9506a66ddf6d6f99cf151a86bb2919bb", - "revCount": 35, + "lastModified": 1709651788, + "narHash": "sha256-zxyGf3cCfAvYyURL1HKhpKyA14EkolG5jBmWvz0Xxjg=", + "ref": "main", + "rev": "4d55c266488f93ed022e2f6d2848420b59f4a56a", + "revCount": 38, "type": "git", "url": "https://codeberg.org/adamcstephens/nixos-x13s" }, "original": { - "ref": "refs/tags/2024-02-28", + "ref": "main", "type": "git", "url": "https://codeberg.org/adamcstephens/nixos-x13s" } @@ -161,11 +161,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1709271102, - "narHash": "sha256-Z2sBL/HRRTNABsU8E5XsP+FXBEyBoi6oMwm5bV7lSFw=", + "lastModified": 1709558755, + "narHash": "sha256-hx4FIbk4X4ve1oiHLOj+VE6dzO4CtXBR5RSU6kaq34M=", "owner": "nixos", "repo": "nixpkgs", - "rev": "09c1497ce5d4ed4a0edfdd44450d3048074cb300", + "rev": "207107bbc7d6d19a8b2c36a088d3756d03490243", "type": "github" }, "original": { @@ -177,11 +177,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1709218635, - "narHash": "sha256-nytX/MkfqeTD4z7bMq4QRXcHxO9B3vRo9tM6fMtPFA8=", + "lastModified": 1709569716, + "narHash": "sha256-iOR44RU4jQ+YPGrn+uQeYAp7Xo7Z/+gT+wXJoGxxLTY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "068d4db604958d05d0b46c47f79b507d84dbc069", + "rev": "617579a787259b9a6419492eaac670a5f7663917", "type": "github" }, "original": { diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 6e13b69..6a21f5b 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -18,8 +18,8 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - # nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?ref=main"; - nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?ref=refs/tags/2024-02-28"; + nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?ref=main"; + # nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?ref=refs/tags/2024-02-28"; # nixos-x13s.url = "path:/home/steveej/src/others/nixos-x13s"; # nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; }; From f8a60a5315af818a6350202ff28270d43ed2f54c Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 17 Mar 2024 22:00:35 +0100 Subject: [PATCH 047/305] feat(sway): set wacom tablet to relative mode with pen --- nix/home-manager/profiles/sway-desktop.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/nix/home-manager/profiles/sway-desktop.nix b/nix/home-manager/profiles/sway-desktop.nix index 284a8a1..fb78aeb 100644 --- a/nix/home-manager/profiles/sway-desktop.nix +++ b/nix/home-manager/profiles/sway-desktop.nix @@ -105,6 +105,13 @@ in { "type:touchpad" = { natural_scroll = "enabled"; }; + + # alternatively run this command + # swaymsg input "1386:914:Wacom_Intuos_Pro_S_Pen" tool_mode "* relative" + # and then switch to a different VT (alt+ctrl+f2) and back + "1386:914:Wacom_Intuos_Pro_S_Pen" = { + tool_mode = "* relative"; + }; }; keybindings = lib.mkOptionDefault { From bfd3390a9c20ccfe9af8bc0acfdc8ea00a51d11c Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 23 Mar 2024 08:52:38 +0100 Subject: [PATCH 048/305] nix/os/devices/router0-dmz0: bump versions --- nix/os/devices/router0-dmz0/flake.lock | 55 +++++++++----------------- 1 file changed, 19 insertions(+), 36 deletions(-) diff --git a/nix/os/devices/router0-dmz0/flake.lock b/nix/os/devices/router0-dmz0/flake.lock index 089ad5e..cefbdd9 100644 --- a/nix/os/devices/router0-dmz0/flake.lock +++ b/nix/os/devices/router0-dmz0/flake.lock @@ -49,11 +49,11 @@ ] }, "locked": { - "lastModified": 1703532766, - "narHash": "sha256-ojjW3cuNmqL5uqDWohwLoO8dYpheM5+AfgsNmGIMwG8=", + "lastModified": 1711006105, + "narHash": "sha256-pvjqjx4L2Hx/NP3RWcwLjk+ABtMODAJ9+rgreU6fP6I=", "owner": "nix-community", "repo": "disko", - "rev": "1b191113874dee97796749bb21eac3d84735c70a", + "rev": "a8c966ee117c278a5aabc6f00b00ef62eb7e28f6", "type": "github" }, "original": { @@ -84,11 +84,11 @@ ] }, "locked": { - "lastModified": 1703527373, - "narHash": "sha256-AjypRssRtS6F3xkf7rE3/bXkIF2WJOZLbTIspjcE1zM=", + "lastModified": 1711133180, + "narHash": "sha256-WJOahf+6115+GMl3wUfURu8fszuNeJLv9qAWFQl3Vmo=", "owner": "nix-community", "repo": "home-manager", - "rev": "80679ea5074ab7190c4cce478c600057cfb5edae", + "rev": "1c2c5e4cabba4c43504ef0f8cc3f3dfa284e2dbb", "type": "github" }, "original": { @@ -101,11 +101,11 @@ "hostapd": { "flake": false, "locked": { - "lastModified": 1703346062, - "narHash": "sha256-SHSBKIgKc5zEGhKDT2v+yGERTJHf8pe+9ZPUwJBTJKQ=", + "lastModified": 1710970863, + "narHash": "sha256-mB4oXrQWMVuVHe1ZJDU4LEu3Nha8efxSqs72EAJiyEI=", "ref": "refs/heads/main", - "rev": "196d6c83b9cb7d298fdc92684dc37115348b159e", - "revCount": 19119, + "rev": "c24453dd936dc418bb4254b6c2ea42a2288d9607", + "revCount": 19406, "type": "git", "url": "git://w1.fi/hostap.git?branch=main" }, @@ -122,11 +122,11 @@ ] }, "locked": { - "lastModified": 1703279052, - "narHash": "sha256-0rbG/9SwaWtXT7ZuifMq+7wvfxDpZrjr0zdMcM4KK+E=", + "lastModified": 1709392539, + "narHash": "sha256-cZ7vOO5KmvVQMHnpi1hBX+bUJlVL6cK8I3m2SPHANtg=", "owner": "thelegy", "repo": "nixos-nftables-firewall", - "rev": "3bf23aeb346e772d157816e6b72a742a6c97db80", + "rev": "412ea84967cd087fc668ef6994f419bd16ac1174", "type": "github" }, "original": { @@ -135,29 +135,13 @@ "type": "github" } }, - "nixos-stable": { - "locked": { - "lastModified": 1703068421, - "narHash": "sha256-WSw5Faqlw75McIflnl5v7qVD/B3S2sLh+968bpOGrWA=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d65bceaee0fb1e64363f7871bc43dc1c6ecad99f", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs": { "locked": { - "lastModified": 1703255338, - "narHash": "sha256-Z6wfYJQKmDN9xciTwU3cOiOk+NElxdZwy/FiHctCzjU=", + "lastModified": 1711001935, + "narHash": "sha256-URtGpHue7HHZK0mrHnSf8wJ6OmMKYSsoLmJybrOLFSQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6df37dc6a77654682fe9f071c62b4242b5342e04", + "rev": "20f77aa09916374aa3141cbc605c955626762c9a", "type": "github" }, "original": { @@ -200,17 +184,16 @@ }, "srvos": { "inputs": { - "nixos-stable": "nixos-stable", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1703469109, - "narHash": "sha256-hTQJ9uV43Vt8UXwervEj9mbDoQSN1mD3lwwPChG8jy8=", + "lastModified": 1710982111, + "narHash": "sha256-IKcJnJwLnNXcnTZY4vxhQ0zEkZvr7srhXSZpxa3IiHA=", "owner": "numtide", "repo": "srvos", - "rev": "52d07db520046c4775f1047e68a05dcb53bba9ec", + "rev": "918e2ad35a9ce4071e9bc72e82ad97a65c8b861b", "type": "github" }, "original": { From 33c86774c83e4b6f6932e2a87251f59d843b084d Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 29 Mar 2024 14:00:00 +0100 Subject: [PATCH 049/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 38 +++++++++++++------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 42306cb..2c0fca9 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1709682352, - "narHash": "sha256-71S/64RbyADT6FUVJq4WLiNbmcxFvgMsSihf/C2Hgno=", + "lastModified": 1711588700, + "narHash": "sha256-vBB5HoQVnA6c/UrDOhLXKAahEwSRccw2YXYHxD7qoi4=", "owner": "nix-community", "repo": "disko", - "rev": "ad5e8bd14df2e6bdb836582577dc163318617738", + "rev": "502241afa3de2a24865ddcbe4c122f4546e32092", "type": "github" }, "original": { @@ -59,11 +59,11 @@ ] }, "locked": { - "lastModified": 1706981411, - "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=", + "lastModified": 1710888565, + "narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=", "owner": "nix-community", "repo": "home-manager", - "rev": "652fda4ca6dafeb090943422c34ae9145787af37", + "rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce", "type": "github" }, "original": { @@ -76,11 +76,11 @@ "mobile-nixos": { "flake": false, "locked": { - "lastModified": 1705008488, - "narHash": "sha256-Gj97fDFZaK6gLb3ayZgTTtD+MFE1YjoyYHWkB1TIAe0=", + "lastModified": 1711415385, + "narHash": "sha256-8NjXh84wXcTuvYVwGEfm8MH07Pw/PWLUSXVeGdvIKNU=", "owner": "NixOS", "repo": "mobile-nixos", - "rev": "56e55df7b07b5e5c6d050732d851cec62b41df95", + "rev": "ef941ecad6e2a83a4f4a9d4a0eec3b0f2fcd4389", "type": "github" }, "original": { @@ -95,11 +95,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1709651788, - "narHash": "sha256-zxyGf3cCfAvYyURL1HKhpKyA14EkolG5jBmWvz0Xxjg=", + "lastModified": 1710180814, + "narHash": "sha256-YYyGFPZRUsT/D7Sluz0LEKZcKl/b935LV3/19DPP8qs=", "ref": "main", - "rev": "4d55c266488f93ed022e2f6d2848420b59f4a56a", - "revCount": 38, + "rev": "154322b7d82a34075538a3921b7803e7cade8341", + "revCount": 41, "type": "git", "url": "https://codeberg.org/adamcstephens/nixos-x13s" }, @@ -161,11 +161,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1709558755, - "narHash": "sha256-hx4FIbk4X4ve1oiHLOj+VE6dzO4CtXBR5RSU6kaq34M=", + "lastModified": 1711659517, + "narHash": "sha256-giUZ1zxOHKeJZOSHvKvbimOv0TheGl4M8Eu7FgPdR/o=", "owner": "nixos", "repo": "nixpkgs", - "rev": "207107bbc7d6d19a8b2c36a088d3756d03490243", + "rev": "867036f7c0a13a06d54efb707675e5751acf8ede", "type": "github" }, "original": { @@ -177,11 +177,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1709569716, - "narHash": "sha256-iOR44RU4jQ+YPGrn+uQeYAp7Xo7Z/+gT+wXJoGxxLTY=", + "lastModified": 1711460390, + "narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=", "owner": "nixos", "repo": "nixpkgs", - "rev": "617579a787259b9a6419492eaac670a5f7663917", + "rev": "44733514b72e732bd49f5511bd0203dea9b9a434", "type": "github" }, "original": { From 906d861d061365741966ceca0298deca006baacb Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 30 Mar 2024 21:29:53 +0100 Subject: [PATCH 050/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 24 ++++++++++++------------ nix/os/devices/steveej-x13s/flake.nix | 2 +- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 2c0fca9..5a36ecc 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -76,11 +76,11 @@ "mobile-nixos": { "flake": false, "locked": { - "lastModified": 1711415385, - "narHash": "sha256-8NjXh84wXcTuvYVwGEfm8MH07Pw/PWLUSXVeGdvIKNU=", + "lastModified": 1711757427, + "narHash": "sha256-PqHK0J9YCRKlxpJp+UG+/xpwfIQRPVUPspvbbP3FB2M=", "owner": "NixOS", "repo": "mobile-nixos", - "rev": "ef941ecad6e2a83a4f4a9d4a0eec3b0f2fcd4389", + "rev": "f7087f8fdbd1309af315ef8c92345320aadc5edf", "type": "github" }, "original": { @@ -159,29 +159,29 @@ "type": "github" } }, - "nixpkgs-unstable-small": { + "nixpkgs-unstable": { "locked": { - "lastModified": 1711659517, - "narHash": "sha256-giUZ1zxOHKeJZOSHvKvbimOv0TheGl4M8Eu7FgPdR/o=", + "lastModified": 1711703276, + "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "867036f7c0a13a06d54efb707675e5751acf8ede", + "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-unstable-small", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_2": { "locked": { - "lastModified": 1711460390, - "narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=", + "lastModified": 1711668574, + "narHash": "sha256-u1dfs0ASQIEr1icTVrsKwg2xToIpn7ZXxW3RHfHxshg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "44733514b72e732bd49f5511bd0203dea9b9a434", + "rev": "219951b495fc2eac67b1456824cc1ec1fd2ee659", "type": "github" }, "original": { @@ -200,7 +200,7 @@ "nixos-x13s": "nixos-x13s", "nixpkgs": "nixpkgs_2", "nixpkgs-2211": "nixpkgs-2211", - "nixpkgs-unstable-small": "nixpkgs-unstable-small" + "nixpkgs-unstable": "nixpkgs-unstable" } } }, diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 6a21f5b..6537562 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -3,7 +3,7 @@ nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; # required for home-manager modules - nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; get-flake.url = "github:ursi/get-flake"; From 3ee88c333c512bc85812736fff0d51c9b58261f7 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 1 Apr 2024 13:37:21 +0200 Subject: [PATCH 051/305] feat(vscodium): use unstable and nix-community extensions --- flake.lock | 129 +++++++++++++++---- flake.nix | 6 +- nix/home-manager/programs/obs-studio.nix | 10 ++ nix/home-manager/programs/vscode/default.nix | 14 +- nix/os/lib/default.nix | 1 + 5 files changed, 132 insertions(+), 28 deletions(-) create mode 100644 nix/home-manager/programs/obs-studio.nix diff --git a/flake.lock b/flake.lock index 8c5d48e..8bf1076 100644 --- a/flake.lock +++ b/flake.lock @@ -169,6 +169,22 @@ } }, "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { "locked": { "lastModified": 1688025799, "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=", @@ -284,6 +300,24 @@ "inputs": { "systems": "systems" }, + "locked": { + "lastModified": 1681202837, + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_2" + }, "locked": { "lastModified": 1705309234, "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", @@ -298,7 +332,7 @@ "type": "github" } }, - "flake-utils_3": { + "flake-utils_4": { "locked": { "lastModified": 1667395993, "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", @@ -346,7 +380,7 @@ }, "lib-aggregate": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { @@ -396,7 +430,7 @@ "inputs": { "flake-parts": "flake-parts_3", "nix-github-actions": "nix-github-actions", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "treefmt-nix": "treefmt-nix_2" }, "locked": { @@ -435,6 +469,26 @@ "type": "github" } }, + "nix-vscode-extensions": { + "inputs": { + "flake-compat": "flake-compat_2", + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1711934525, + "narHash": "sha256-nMRgXVApeacHoO+R6ap5Y1Did+qng0z/eBG8L7jFgJY=", + "owner": "nix-community", + "repo": "nix-vscode-extensions", + "rev": "b2ca2718d4953bc2b41592d2a6b76e3d28236e69", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-vscode-extensions", + "type": "github" + } + }, "nixos-anywhere": { "inputs": { "disko": "disko", @@ -504,16 +558,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1703134684, - "narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=", + "lastModified": 1684570954, + "narHash": "sha256-FX5y4Sm87RWwfu9PI71XFvuRpZLowh00FQpIJ1WfXqE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d6863cbcbbb80e71cecfc03356db1cda38919523", + "rev": "3005f20ce0aaa58169cdee57c8aa12e5f1b6e1b3", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -615,44 +669,44 @@ "type": "github" } }, - "nixpkgs-unstable-small": { + "nixpkgs-unstable": { "locked": { - "lastModified": 1707217908, - "narHash": "sha256-5Dauh04xrEZqlokpYWftfVmDrljORnA48tGrRp+TURM=", + "lastModified": 1711703276, + "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3b0709da3eeed918323399c68b1fe4309b2ac483", + "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-unstable-small", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-vscodium": { "locked": { - "lastModified": 1709558755, - "narHash": "sha256-hx4FIbk4X4ve1oiHLOj+VE6dzO4CtXBR5RSU6kaq34M=", + "lastModified": 1711703276, + "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "207107bbc7d6d19a8b2c36a088d3756d03490243", + "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-unstable-small", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-wayland": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat_3", "lib-aggregate": "lib-aggregate", "nix-eval-jobs": "nix-eval-jobs", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1707290091, @@ -669,6 +723,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1703134684, + "narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d6863cbcbbb80e71cecfc03356db1cda38919523", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1707092692, "narHash": "sha256-ZbHsm+mGk/izkWtT4xwwqz38fdlwu7nUUKXTOmm4SyE=", @@ -752,6 +822,7 @@ "jay": "jay", "linux_x13s": "linux_x13s", "logseq_0_10_5_aarch64_appimage": "logseq_0_10_5_aarch64_appimage", + "nix-vscode-extensions": "nix-vscode-extensions", "nixos-anywhere": "nixos-anywhere", "nixpkgs": [ "nixpkgs-2311" @@ -759,10 +830,7 @@ "nixpkgs-2211": "nixpkgs-2211", "nixpkgs-2305": "nixpkgs-2305", "nixpkgs-2311": "nixpkgs-2311", - "nixpkgs-unstable": [ - "nixpkgs-unstable-small" - ], - "nixpkgs-unstable-small": "nixpkgs-unstable-small", + "nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-vscodium": "nixpkgs-vscodium", "nixpkgs-wayland": "nixpkgs-wayland", "ofi-pass": "ofi-pass", @@ -883,6 +951,21 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -928,7 +1011,7 @@ }, "yofi": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_4", "nixpkgs": [ "nixpkgs" ] diff --git a/flake.nix b/flake.nix index 1bdf23c..ce8879a 100644 --- a/flake.nix +++ b/flake.nix @@ -11,8 +11,7 @@ radicalePkgs.follows = "nixpkgs-2211"; nixpkgs-2305.url = "github:nixos/nixpkgs/nixos-23.05"; nixpkgs-2311.url = "github:nixos/nixpkgs/nixos-23.11"; - nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; - nixpkgs-unstable.follows = "nixpkgs-unstable-small"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.follows = "nixpkgs-2311"; flake-parts.url = "github:hercules-ci/flake-parts"; get-flake.url = "github:ursi/get-flake"; @@ -25,7 +24,8 @@ nixpkgs-wayland.url = "github:nix-community/nixpkgs-wayland"; - nixpkgs-vscodium.url = "github:nixos/nixpkgs/nixos-unstable-small"; + nix-vscode-extensions.url = "github:nix-community/nix-vscode-extensions"; + nixpkgs-vscodium.url = "github:nixos/nixpkgs/nixos-unstable"; openvscode-server.url = "github:gitpod-io/openvscode-server/openvscode-server-v1.86.2"; openvscode-server.flake = false; diff --git a/nix/home-manager/programs/obs-studio.nix b/nix/home-manager/programs/obs-studio.nix new file mode 100644 index 0000000..ff88d1a --- /dev/null +++ b/nix/home-manager/programs/obs-studio.nix @@ -0,0 +1,10 @@ +{pkgs, ...}: { + programs.obs-studio = { + enable = true; + plugins = with pkgs.obs-studio-plugins; [ + wlrobs + obs-backgroundremoval + obs-pipewire-audio-capture + ]; + }; +} diff --git a/nix/home-manager/programs/vscode/default.nix b/nix/home-manager/programs/vscode/default.nix index dfc421f..2541bab 100644 --- a/nix/home-manager/programs/vscode/default.nix +++ b/nix/home-manager/programs/vscode/default.nix @@ -18,7 +18,7 @@ in { # sha256 = "1qc1qsahfx1nvznq4adplx63w5d94xhafngv76vnqjjbzhv991v2"; # }) ] - ++ (with pkgs.vscode-extensions; [ + ++ (with pkgsVscodium.vscode-extensions; [ bbenoist.nix eamodio.gitlens mkhl.direnv @@ -29,7 +29,9 @@ in { ms-vscode.theme-tomorrowkit nonylene.dark-molokai-theme + # TODO: these are not in nixpkgs + # fredwangwang.vscode-hcl-format # hashicorp.hcl # mindaro-dev.file-downloader @@ -37,7 +39,15 @@ in { # TODO: not compatible with vscodium # ms-vscode-remote.remote-ssh - ]); + ] ++ (let + extensions = repoFlake.inputs.nix-vscode-extensions.extensions.${pkgs.system}; + in (with extensions.vscode-marketplace; [ + tamasfe.even-better-toml + + serayuzgur.crates + rust-lang.rust-analyzer + swellaby.vscode-rust-test-adapter + ]))); mutableExtensionsDir = true; }; diff --git a/nix/os/lib/default.nix b/nix/os/lib/default.nix index a4dbcff..ab904ae 100644 --- a/nix/os/lib/default.nix +++ b/nix/os/lib/default.nix @@ -10,6 +10,7 @@ in { isNormalUser = true; extraGroups = [ "docker" + "podman" "wheel" "libvirtd" "networkmanager" From c89339e36d2ac4ee08a57ae0f7b020ebafb57e20 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 3 Apr 2024 18:44:57 +0200 Subject: [PATCH 052/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 32 +++++++++++++------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 5a36ecc..2e61d2b 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1711588700, - "narHash": "sha256-vBB5HoQVnA6c/UrDOhLXKAahEwSRccw2YXYHxD7qoi4=", + "lastModified": 1711934712, + "narHash": "sha256-sBDe+QmX/QohlnKeSEzrftcXyZL5FY09OMjZ59Rpyy4=", "owner": "nix-community", "repo": "disko", - "rev": "502241afa3de2a24865ddcbe4c122f4546e32092", + "rev": "611c9ea53250f7bb22286b3d26872280a0e608f9", "type": "github" }, "original": { @@ -24,11 +24,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1706830856, - "narHash": "sha256-a0NYyp+h9hlb7ddVz4LUn1vT/PLwqfrWYcHMvFB1xYg=", + "lastModified": 1712014858, + "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "b253292d9c0a5ead9bc98c4e9a26c6312e27d69f", + "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", "type": "github" }, "original": { @@ -95,11 +95,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1710180814, - "narHash": "sha256-YYyGFPZRUsT/D7Sluz0LEKZcKl/b935LV3/19DPP8qs=", + "lastModified": 1712073452, + "narHash": "sha256-lTGAcxEdndN8Vai0Or8uIOUFekjWEXHd4IZzwNPnmzk=", "ref": "main", - "rev": "154322b7d82a34075538a3921b7803e7cade8341", - "revCount": 41, + "rev": "4c5a5bf78c130bf2ad59f458cca19c9737c8c80f", + "revCount": 50, "type": "git", "url": "https://codeberg.org/adamcstephens/nixos-x13s" }, @@ -111,11 +111,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1707689078, - "narHash": "sha256-UUGmRa84ZJHpGZ1WZEBEUOzaPOWG8LZ0yPg1pdDF/yM=", + "lastModified": 1711703276, + "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f9d39fb9aff0efee4a3d5f4a6d7c17701d38a1d8", + "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089", "type": "github" }, "original": { @@ -144,11 +144,11 @@ "nixpkgs-lib": { "locked": { "dir": "lib", - "lastModified": 1706550542, - "narHash": "sha256-UcsnCG6wx++23yeER4Hg18CXWbgNpqNXcHIo5/1Y+hc=", + "lastModified": 1711703276, + "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "97b17f32362e475016f942bbdfda4a4a72a8a652", + "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089", "type": "github" }, "original": { From 0dde3ea565a3944f6a2cc6602f30171d67c7ad68 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 4 Apr 2024 21:04:39 +0200 Subject: [PATCH 053/305] feat(bm-hostkey0): add zerotier config --- .sops.yaml | 1 + .../devices/sj-bm-hostkey0/configuration.nix | 2 ++ secrets/sj-bm-hostkey0/secrets.yaml | 8 ++--- secrets/steveej-x13s/secrets.yaml | 30 +++++++++---------- secrets/work-holo/zerotierone.txt | 10 +++++-- 5 files changed, 29 insertions(+), 22 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 2eac4bd..2abd5cb 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -104,3 +104,4 @@ creation_rules: - *steveej age: - *steveej-x13s + - *sj-bm-hostkey0 diff --git a/nix/os/devices/sj-bm-hostkey0/configuration.nix b/nix/os/devices/sj-bm-hostkey0/configuration.nix index 72a634c..4e82eb8 100644 --- a/nix/os/devices/sj-bm-hostkey0/configuration.nix +++ b/nix/os/devices/sj-bm-hostkey0/configuration.nix @@ -25,6 +25,8 @@ in { ../../snippets/nix-settings.nix ../../snippets/nix-settings-holo-chain.nix + ../../snippets/holo-zerotier.nix + # TODO # ./network.nix # ./monitoring.nix diff --git a/secrets/sj-bm-hostkey0/secrets.yaml b/secrets/sj-bm-hostkey0/secrets.yaml index 7d9cdc0..b98d798 100644 --- a/secrets/sj-bm-hostkey0/secrets.yaml +++ b/secrets/sj-bm-hostkey0/secrets.yaml @@ -1,4 +1,4 @@ -unused-secret: ENC[AES256_GCM,data:rKIjC2Ri,iv:PIs3Xuv9zEMhawvMyxwN0CI4Xzr1lTpg1o2scsosizs=,tag:++t0A80KDxctiXwxW5Vd2Q==,type:str] +tf-eval-minio-root: ENC[AES256_GCM,data:83SacYkxLHU2fHbHNiLG9owDgakOY/nrZBnlDgltRlQDTSW9HkKejVrKtTaixjbxKCgsy9sgJBv8LZtqwthgZ6MI942YU2pJHL8le1wBsuY=,iv:uXbOw/9ljYjWCdafhupVJA7tIvcL801xszI8lrQnQIA=,tag:yolnZdYD1KZJFnH2gs8zzw==,type:str] sops: kms: [] gcp_kms: [] @@ -14,8 +14,8 @@ sops: Y0xhYnI3MlhnbjhTS1dFMUdNZFdnSjgK4cl3R943LNMxA3dODf8nsSdmINkKIjB+ fgp2whfSacWQchsWgpzdiayQoZ9XlWoklmTAX+yN0J8Q3j3CBb3S5g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-11-23T11:45:17Z" - mac: ENC[AES256_GCM,data:VFEtWuEoqlU3wW8SwgWjlnnuv8aJw5Az9j82gc9YfexwR6lNyyQHY5EdZfqPdO4ZRNLen60Xq98kotTYiY7GJ9x3ZR8KPW3puRvqeD8qZf1NMwvkzQliZ+078HCBHmBTeoouWLuvWdP9uv3XOQWdR7/ZfMB/eC4bWS+Acq+tVZ4=,iv:5CRupDm9jNslcn96kUrhQdT5zadEqyKtrKbv+BtcYW0=,tag:ukHLjRdZCTRliB+LXGBHWQ==,type:str] + lastmodified: "2024-03-08T16:59:30Z" + mac: ENC[AES256_GCM,data:VIA7UaP1c2kli+BuppPl4LH1jiU9qAfqvfejZ0Mv0E8CxQ0eLAMJVkZIzSygLCx00cPbqAkESrniCeLYagyEP4tS/cff2ngplzig4uFbZzniYMXcYF9VIAyBhGgQGEZlZPgh4r4wmBdUFfhc0CPzmYt0obJ1LXElGdAoeM4OcPs=,iv:KPFJX2qJaxMwvrw/R8xrw5Fk5FRyTQdxq7DnszToy88=,tag:/H7iPZlWk2qMrWbwZdeF5w==,type:str] pgp: - created_at: "2023-11-23T20:47:08Z" enc: |- @@ -33,4 +33,4 @@ sops: -----END PGP MESSAGE----- fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 diff --git a/secrets/steveej-x13s/secrets.yaml b/secrets/steveej-x13s/secrets.yaml index f8c2741..26663f9 100644 --- a/secrets/steveej-x13s/secrets.yaml +++ b/secrets/steveej-x13s/secrets.yaml @@ -8,28 +8,28 @@ sops: - recipient: age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjU3VmRjNmYzhPT1A5WFpB - S2ZBeE0xWGkyR0pJVm9vVnc2ZzNWWHNkY2tvCnhHUlh6d3F2cDdHZWpvMGJ6ajhw - WHgyd21RZWQrSHA4bllsWVExRksrcm8KLS0tIGVvNVF1TkJ0MDBxMzRFZE01VVVz - Q1FmbW9BL3E1emwwWFhJTTZoRlhVdFEKCkpvkW65v0+fuh2bXZVNVbnwsl1Aca/O - 9tkIMNLFhD/Rn8MFmkhIZmWYWB4IUwW/UNSxrmkt7cyFJNlpAH0+YA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByZWRvaWFlU25sYkdTejg3 + YXRrVHhHaDN2anR0WWJmcDdCZDNLUFhiU2hrCmZSNWNFbVd3Wm95SU9iNmhqaVE1 + TlFuYzFNOVFEekYvWjlQWEpqbzZCU1UKLS0tIFczTHlsN2lNdlh3clI2VEI4Y0lI + dUQ5ZE9keUtxVU5mMklGODRjSld0TnMKGWu7m6/q6PhS1R8N9YBsxDs9O76U6Bta + wr8Tqr/1JLWoSLbPapltKH8+hKAb84LeILezVS1SrL+mjf2KYa3WQQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-01-23T09:41:31Z" mac: ENC[AES256_GCM,data:xGspZnqqcwoxM0otV3m6RJdwp4laYC+b6DSOEhzbQDeS6hslD6BddQ2g+tS7l3QTtItOjmB6pLb1JJkyhaG3PDWaDu89GNlvUyTyTUxfZWzTfiB6LWJS7eDTwb6OvzDklzCRltoH+8bWTjedWkeWIOtYbjJPo6zwUAiXgiKOj2s=,iv:MSgm5HXlb/NtvqHvVmDdwzX5ebipf7UJnmPNFUV9Nzs=,tag:XT4Evu+Sn+t/+EPb+dZ61Q==,type:str] pgp: - - created_at: "2024-01-23T09:01:14Z" + - created_at: "2024-04-04T18:26:01Z" enc: |- -----BEGIN PGP MESSAGE----- - wcBMA0SHG/zF3227AQgAp6QdUiZPpktzBQ4kG3QctoiCJ6NwiYEtPJAftgbbBCDb - WdtjiLmp0+XFf4TvihdaFy7kDQh2wvMSj3dOLANV/V3BSJwk4WjtJoEEG+B8ZVEN - T0B2SauM7FcgN4eRe3jx0R9xoQGsE8vXdDbyU/rRpf1LZ6HuEjFC1Boe98mtWsAD - MRxYbBfmIsh0DBF9GZyaKR62PyHu7+doRHzxxDJXhItaGW96cKdydw4GhXBvqiXn - 9SUxxXhg+FpIMXysncB4+yWKSV8FoCkmqPeNlONgk5hwDNpkeXEDND8mHbhZFN5n - ElUTO2ild4Cxh8E1U3A4IQ8ARMcmyag7wnCUmcxnTdJRAa11NhS+6h2PVNqRt53E - p2UKvgbpMgMYj3pWlP9dSuege0+YhynTGRpjTbbUqNJVGFAKfwvPa0zY0hc0hG6G - 7Y5zpcqR+/NlVgerPZwLNFib - =0kQe + hQEMA0SHG/zF3227AQgAn6CqJhclheA82nJm39h/52Ir/gVGRZz1ViK157MxRVs3 + NSrNZCPW+x9vGExPWJ8wnT3KZ7jeo7jEbJ260WSp4xwQtCuUrDR6Oyp0mrtN6SMo + 4hHZo+OwLb3brQGHOng43Hedk6E74ZRMyUr5mmRKLTC1l9GeKtf3HoSvNq+bS7B8 + SrmkemzsS2SrXYE7Qslzhi8QKwby8nsjN2pE5hk12wZKefT4XP3q+lf7n2QeboG0 + 8d4u+706BO4DoxtnXPs1Gop3sJ3TZdAXTdfjnuv+LDMOmIDoVp1tgXRPiAvCfMPV + 9YiFS/WYMD5OA69SPBjCWIMPMw8PIU8OuHjy71eXlNJeAXeVLp70pGQOiPOZSvtl + vmfiPWOZnX+6jSpsSfmEa8FxAZYLgHUayF8YMtHi3kdz3x0kWMx3Pzvjvs4BfIyd + pp7PTfMycrk67Y3lcokNswt/fle0tN6xuqP4Uv4zWw== + =y1Sk -----END PGP MESSAGE----- fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B unencrypted_suffix: _unencrypted diff --git a/secrets/work-holo/zerotierone.txt b/secrets/work-holo/zerotierone.txt index a092cde..ba5eb65 100644 --- a/secrets/work-holo/zerotierone.txt +++ b/secrets/work-holo/zerotierone.txt @@ -8,15 +8,19 @@ "age": [ { "recipient": "age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAydFBZWlJEdTkzWWFrVHdZ\nYVFxVEtCMS9tR3RMaFFWWnFEU2Z3dUc3dW5ZCmxTVGx2dHF6ejVVS0JQVjEwYU1X\nTE9wNmNQNWs4NlhXeEdtME5NV3FkUWMKLS0tIGJlamxpcndOTWR0b1l3b05WaXpT\nTkx3Rld2UnRPek5jNmdoWEYvbmZjVjgKirftt0yHRQj/JF6Ds6sFx6cX8pESZTy0\n+oPUdHEPAYpdii2FhDMxTPwy2ROGn5Bto1gMY38qopJ18bb1IFd4AA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsRStxckpMNE5qaWx6NVBa\nb3RsVzRWZmhWM21HZldINkZsSEJ5N1kzMjA0CkZUUHVZUlcwTDBKSHg1YWVrWkVG\nVy8xalhiK3ZkY05WL1RyS1lOaE9jd2sKLS0tIE5JOEU2U2NlWE1VSmdNTEdSNGR6\nUUV1b3BhaVdOK2tNaldWNXRqOWEvclEKRgZ9VGYvzd8SyQhhNfk4auwfi1ms8E6f\nthS9Cv2UbC9jpBWR2ISuY4z4O5/6hLPZjuwJaJZlTjterIjl0rvyfw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHRVVJWTBHRFdpOHZxTGZ2\nb2dLRmVmL2ZnMG43QzhUZktHdFQ0S1h5NG1FCnh3MmQzTDdtK2YwSmxNQkRBTFNG\nV0p5VjY4aFRIeU13aUZ6cmRDVXRjazAKLS0tIEM1VUUxNEpjNkI0NTd1NXhIUUQx\neVdwS3pMWi9DNWkvYjdhVlY1VzdoS3MK/vB6PRn4vCcR0RrV3gIzilZD9vWaSJxv\nETOC4TlVweiT8UVB/M0gCBnIdCceeft57h2iS4ljqD8zLEgGKdwgWQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2023-07-01T20:19:12Z", "mac": "ENC[AES256_GCM,data:aIizzl+WFLI8rwp9r9p3kJIsbAISp8vRnSUQKKRIY8V8WdjBNuR+ebSlMf8kBg4e+D9hpTGEY0byv8bpgx/1m5MMEXIDBiBb8GHBk8qwB/3JWsBMyCHOyylw9AAgteyCDEKMCHgU/ZBvExW9n5gnuvkngKK8X1imrNG2ySL9cIo=,iv:UFacq8BdavyiHGRAcKq9obdAD7ZsW8wqugkvtbpi8pw=,tag:fkoaJKrA54tNlTLbAwRsug==,type:str]", "pgp": [ { - "created_at": "2024-03-01T10:00:58Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQEMA0SHG/zF3227AQf+JWW5ihksSQw2X5TkcmdHb9FyGF9dAxjrYjjDdypM1F2O\nZjq8yevk+qyxq8NCaveAl4k8U2xQdqOTiirDYD8WhleLkj+sDNJv/RNMVpWywekb\ny24LmRNHlvVEPb92OjSHWy/QPbQGBGuoAA8KKZq+5sjR6vZIdzZeV1BWAvbkdDP2\nVVh0QjneXz0tHJ9HbytRb90xA/9Oyw0RQcxMad2A3THJO0L7OchPNkaIBmCjPSnO\n9x4ysbj87dkBmmCSOOqQAZAiWsDGRdgJyoNh0RFF3q5JCWLTRfPM6+eU8vXeenR4\nHqqO9AyhjCSjA0T1+/pPXY+C1WGkqHDODDfW3KrhGdJeATWyfi1D77SA7SQMiXjW\n+j0Oo3Y0K3aJAVn62aicgBNd5fhtTS4xIXXtnBsyjStVripW326g1b9LS0IcvouL\nwfQfrKNTkpX+Rui6Upb+KYIfTlGRl99ItJd4SMBLMQ==\n=Zlg1\n-----END PGP MESSAGE-----", + "created_at": "2024-04-04T18:27:45Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQEMA0SHG/zF3227AQf+Iq3qq7AWUE7jHzk8kW5VtfPhINqRadMhVWgt6/1oSebZ\nu6NTWAmjxhII9yGGfVxfCg7xqumw+M62UfTQZ6BbqxcDEavgITzUm/U/IiZ12z3f\nG6LfhMuuoCP2vvOYLYHpX363Ig7idudUBrM0MShun8iN8fuSEH24QJGLsO1WKX7b\nML+XKvPi+lrtit/1sXw55e1ixYafUhilAS54XrpwLXBw+ItpmgpvQBboVkneBP5U\nrs68ABQBQf4tTh+kFvwBDyV+EDGR5D58XtaDR2R1AhRIb433R8MV3XCvnnHdYWPx\nHBJSVFlRw7j5X6Bag+fTX0zvvmbtmGwQ72DSdJGl39JcAZQcBY50RtmNvn9YtWq3\nQkM3DcJ2Wfec//ugJ5uGBGujAzmKjW5dHLCzu5errPRckk/7ARGIUmxcLzWQXR2I\nwgTbKpEu1jwhrOiWIZODD4OOwilOSEWf14CEotU=\n=yoRw\n-----END PGP MESSAGE-----", "fp": "6F7069FE6B96E894E60EC45C6EEFA706CB17E89B" } ], From e4581d3a8d0112142868000d66a17e79cf32e4cf Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 4 Apr 2024 21:07:24 +0200 Subject: [PATCH 054/305] feat: add rperf package --- flake.lock | 17 +++++++++++++++++ flake.nix | 14 ++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/flake.lock b/flake.lock index 8bf1076..a875c4f 100644 --- a/flake.lock +++ b/flake.lock @@ -839,12 +839,29 @@ "radicalePkgs": [ "nixpkgs-2211" ], + "rperf": "rperf", "salut": "salut", "sops-nix": "sops-nix", "srvos": "srvos", "yofi": "yofi" } }, + "rperf": { + "flake": false, + "locked": { + "lastModified": 1712257145, + "narHash": "sha256-IMHpJWGja69nTwF9JJOaOZeC5zxzXGanSShompQfBJE=", + "owner": "steveej-forks", + "repo": "rperf", + "rev": "ec7e1fb3a776fce09ca7c497e1d1962c56ef3785", + "type": "github" + }, + "original": { + "owner": "steveej-forks", + "repo": "rperf", + "type": "github" + } + }, "rust-analyzer-src": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index ce8879a..84bfddd 100644 --- a/flake.nix +++ b/flake.nix @@ -79,6 +79,11 @@ flake = false; }; + rperf = { + url = "github:steveej-forks/rperf"; + flake = false; + }; + ### inputs for thinkpad x13s # see https://github.com/jhovold/linux/wiki/X13s for status updates linux_x13s.url = "github:jhovold/linux/wip/sc8280xp-v6.7"; @@ -307,6 +312,15 @@ (lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 { overrideSrc = self.inputs.logseq_0_10_5_aarch64_appimage; }); + + rperf = craneLib.buildPackage { + src = inputs.rperf; + nativeBuildInputs = [ + pkgs.pkg-config + ]; + buildInputs = [ + ]; + }; }; formatter = pkgs.alejandra; From 5b42bdee9d8747d1abdbc47d8216c45d84660a58 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 7 Apr 2024 21:13:36 +0200 Subject: [PATCH 055/305] remove _archive --- _archive/environments/dev/cross.nix | 90 ---------------------- _archive/environments/dev/go/default.nix | 89 --------------------- _archive/environments/dev/go/neovim-go.nix | 12 --- _archive/environments/dev/pandoc.nix | 31 -------- _archive/environments/dev/rkt.nix | 71 ----------------- _archive/environments/dev/rust/.envrc | 1 - _archive/environments/dev/rust/default.nix | 39 ---------- _archive/environments/dev/vim-go.nix | 19 ----- _archive/environments/dev/vim-pandoc.nix | 18 ----- _archive/environments/dev/vim-rust.nix | 48 ------------ _archive/environments/fhs/android.nix | 42 ---------- _archive/environments/fhs/vscode.nix | 36 --------- 12 files changed, 496 deletions(-) delete mode 100644 _archive/environments/dev/cross.nix delete mode 100644 _archive/environments/dev/go/default.nix delete mode 100644 _archive/environments/dev/go/neovim-go.nix delete mode 100644 _archive/environments/dev/pandoc.nix delete mode 100644 _archive/environments/dev/rkt.nix delete mode 100644 _archive/environments/dev/rust/.envrc delete mode 100644 _archive/environments/dev/rust/default.nix delete mode 100644 _archive/environments/dev/vim-go.nix delete mode 100644 _archive/environments/dev/vim-pandoc.nix delete mode 100644 _archive/environments/dev/vim-rust.nix delete mode 100644 _archive/environments/fhs/android.nix delete mode 100644 _archive/environments/fhs/vscode.nix diff --git a/_archive/environments/dev/cross.nix b/_archive/environments/dev/cross.nix deleted file mode 100644 index 65e6c09..0000000 --- a/_archive/environments/dev/cross.nix +++ /dev/null @@ -1,90 +0,0 @@ -import /home/steveej/src/github/NixOS/nixpkgs/default.nix { - crossSystem = rec { - config = "armv7l-unknown-linux-gnueabi"; - bigEndian = false; - arch = "arm"; - float = "hard"; - fpu = "vfpv3-d16"; - withTLS = true; - libc = "glibc"; - platform = { - name = "armv7l-hf-multiplatform"; - gcc = { - arch = "armv7-a"; - fpu = "neon"; - float = "hard"; - }; - kernelMajor = "2.6"; # Using "2.6" enables 2.6 kernel syscalls in glibc. - kernelHeadersBaseConfig = "multi_v7_defconfig"; - kernelBaseConfig = "multi_v7_defconfig"; - kernelArch = "arm"; - kernelDTB = true; - kernelAutoModules = false; - kernelExtraConfig = '' - NAMESPACES y - BTRFS_FS y - BTRFS_FS_POSIX_ACL y - OVERLAY_FS y - FUSE_FS y - ''; - kernelTarget = "zImage"; - uboot = null; - }; - openssl.system = "linux-generic32"; - gcc = { - arch = "armv7-a"; - fpu = "neon"; - float = "hard"; - }; - }; -} -# pkgs.config = { -# packageOverrides = super: let self = super.pkgs; in { -# linux_4_0 = super.linux_3_18.override { -# kernelPatches = super.linux_3_18.kernelPatches ++ [ -# # we'll also add one of our own patches -# { patch = ./dts.patch; name = "dts-fix"; } -# ]; -# -# # add "CONFIG_PPP_FILTER y" option to the set of kernel options -# extraConfig = '' -# HAVE_IMX_ANATOP y -# HAVE_IMX_GPC y -# HAVE_IMX_MMDC y -# HAVE_IMX_SRC y -# SOC_IMX6 y -# SOC_IMX6Q y -# SOC_IMX6SL y -# PCI_IMX6 y -# ARM_IMX6Q_CPUFREQ y -# IMX_WEIM y -# AHCI_IMX y -# SERIAL_IMX y -# SERIAL_IMX_CONSOLE y -# I2C_IMX y -# SPI_IMX y -# PINCTRL_IMX y -# PINCTRL_IMX6Q y -# PINCTRL_IMX6SL y -# POWER_RESET_IMX y -# IMX_THERMAL y -# IMX2_WDT y -# IMX_IPUV3_CORE y -# DRM_IMX y -# DRM_IMX_FB_HELPER y -# DRM_IMX_PARALLEL_DISPLAY y -# DRM_IMX_TVE y -# DRM_IMX_LDB y -# DRM_IMX_IPUV3 y -# DRM_IMX_HDMI y -# MMC_SDHCI_ESDHC_IMX y -# IMX_SDMA y -# PWM_IMX y -# DEBUG_IMX6Q_UART y -# -# PPP_FILTER y -# ''; -# }; -# }; -# }; - diff --git a/_archive/environments/dev/go/default.nix b/_archive/environments/dev/go/default.nix deleted file mode 100644 index c92aa9d..0000000 --- a/_archive/environments/dev/go/default.nix +++ /dev/null @@ -1,89 +0,0 @@ -{ - gitpkgs ? import /home/steveej/src/github/NixOS/nixpkgs {}, - pkgs ? gitpkgs, - name ? "generic", - version, - extraBuildInputs ? [], - extraShellHook ? "", -}: let - go = builtins.getAttr "go_${version}" pkgs; - commonVimRC = '' - let g:tagbar_type_go = { - \ 'ctagstype' : 'go', - \ 'kinds' : [ - \ 'p:package', - \ 'i:imports:1', - \ 'c:constants', - \ 'v:variables', - \ 't:types', - \ 'n:interfaces', - \ 'w:fields', - \ 'e:embedded', - \ 'm:methods', - \ 'r:constructor', - \ 'f:functions' - \ ], - \ 'sro' : '.', - \ 'kind2scope' : { - \ 't' : 'ctype', - \ 'n' : 'ntype' - \ }, - \ 'scope2kind' : { - \ 'ctype' : 't', - \ 'ntype' : 'n' - \ }, - \ 'ctagsbin' : 'gotags', - \ 'ctagsargs' : '-sort -silent' - \ } - - " vim-go { - let g:go_highlight_functions = 1 - let g:go_highlight_methods = 1 - let g:go_highlight_structs = 1 - let g:go_highlight_interfaces = 1 - let g:go_highlight_operators = 1 - let g:go_highlight_build_constraints = 1 - let g:go_fmt_command = 'gofmt' - let g:go_fmt_options= '-s' - let g:go_def_mode = 'godef' - let g:go_def_reuse_buffer = 0 - - au FileType go nmap gds (go-def-split) - au FileType go nmap gdv (go-def-vertical) - au FileType go nmap gdt (go-def-tab) - au FileType go nmap gi (go-imports) - " } - ''; - buildInputs = with pkgs; [ - glibc.out - glibc.static - - go - gotools - #gotools.bin - #gocode.bin - #godef godef.bin - godep - #godep.bin - gox.bin - #ginkgo ginkgo.bin - #gomega - # ( import ./vim-go.nix { pkgs=gitpkgs; commonRC=commonVimRC; } ) - # ( import ./neovim-go.nix { pkgs=gitpkgs; commonRC=commonVimRC; } ) - ]; -in - pkgs.stdenv.mkDerivation { - inherit name; - buildInputs = extraBuildInputs ++ buildInputs; - shellHook = '' - goname=${go.version}_$name - # FIXME: setPS1 $goname - export GOROOT=${go}/share/go - export GOPATH="$HOME/.gopath_$goname" - export PATH="$HOME/.gopath_$goname/bin:$PATH" - unset name - unset SSL_CERT_FILE - - ${extraShellHook} - ''; - } diff --git a/_archive/environments/dev/go/neovim-go.nix b/_archive/environments/dev/go/neovim-go.nix deleted file mode 100644 index 1bbc4dc..0000000 --- a/_archive/environments/dev/go/neovim-go.nix +++ /dev/null @@ -1,12 +0,0 @@ -{commonRC, ...} @ args: (import ../../pkg-configuration/vim-derivates/neovim.nix args - // { - additionalRC = - commonRC - + '' - " deoplete { - let g:deoplete#enable_at_startup = 1 - let g:deoplete#enable_smart_case = 1 - " } - ''; - additionalPlugins = ["deoplete-go" "deoplete-nvim" "vim-go"]; - }) diff --git a/_archive/environments/dev/pandoc.nix b/_archive/environments/dev/pandoc.nix deleted file mode 100644 index fc4a298..0000000 --- a/_archive/environments/dev/pandoc.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - gitpkgs ? import /home/steveej/src/github/NixOS/nixpkgs {}, - pkgs ? gitpkgs, - name ? "generic", - version ? "Stable", - extraBuildInputs ? [], -}: let - commonVimRC = ""; -in - pkgs.stdenv.mkDerivation { - inherit name; - buildInputs = with pkgs; - [ - (import ./vim-pandoc.nix { - pkgs = gitpkgs; - commonRC = commonVimRC; - }) - pandoc - texlive.combined.scheme-medium - python27Packages.pandocfilters - python27Packages.htmltreediff - python27Packages.html5lib - python27Packages.dbus-python - ] - ++ extraBuildInputs; - shellHook = '' - pandocname=pandoc_${pkgs.pandoc.version} - setPS1 $pandocname - unset name - ''; - } diff --git a/_archive/environments/dev/rkt.nix b/_archive/environments/dev/rkt.nix deleted file mode 100644 index aa01935..0000000 --- a/_archive/environments/dev/rkt.nix +++ /dev/null @@ -1,71 +0,0 @@ -{ - pkgs ? import /home/steveej/src/github/NixOS/nixpkgs {}, - mkGoEnv ? import ./go.nix, - rktPath, -}: let - rktBasebuildInputs = with pkgs; [ - glibc.out - glibc.static - autoreconfHook - gnupg1 - squashfsTools - cpio - tree - intltool - libtool - pkgconfig - libgcrypt - gperf - libcap - libseccomp - libzip - eject - iptables - bc - acl - trousers - systemd - ]; - extraShellHook = '' - TARGET=$GOPATH/src/github.com/coreos/rkt - if [[ -e ${rktPath}/rkt/rkt.go ]]; then - pushd ${rktPath} - else - echo rktPath must be run the rkt repository clone, but got '${rktPath}' - exit 1 - fi - if ! [[ -e $TARGET/rkt/rkt.go ]]; then - mkdir -p $TARGET - echo $PWD - sudo -E mount -o bind $PWD $TARGET - fi - pushd $TARGET - ''; -in { - go15 = mkGoEnv { - inherit pkgs; - - name = "rktGo15"; - version = "1_5"; - extraBuildInputs = rktBasebuildInputs; - inherit extraShellHook; - }; - - go16 = mkGoEnv { - inherit pkgs; - - name = "rktGo16"; - version = "1_6"; - extraBuildInputs = rktBasebuildInputs; - inherit extraShellHook; - }; - - go17 = mkGoEnv { - inherit pkgs; - - name = "rktGo17"; - version = "1_7"; - extraBuildInputs = rktBasebuildInputs; - inherit extraShellHook; - }; -} diff --git a/_archive/environments/dev/rust/.envrc b/_archive/environments/dev/rust/.envrc deleted file mode 100644 index 051d09d..0000000 --- a/_archive/environments/dev/rust/.envrc +++ /dev/null @@ -1 +0,0 @@ -eval "$(lorri direnv)" diff --git a/_archive/environments/dev/rust/default.nix b/_archive/environments/dev/rust/default.nix deleted file mode 100644 index 11caffa..0000000 --- a/_archive/environments/dev/rust/default.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ - gitpkgs ? import /home/steveej/src/github/NixOS/nixpkgs {}, - pkgs ? gitpkgs, - name ? "generic", - version ? "Stable", - extraBuildInputs ? [], -}: let - rustPackages = builtins.getAttr "rust${version}" pkgs; - rustc = rustPackages.rustc; - rustShellHook = { - rustc, - name, - }: '' - rustname=rust_${rustc.version}_${name} - setPS1 $rustname - unset name - ''; - commonVimRC = ""; -in - pkgs.stdenv.mkDerivation { - inherit name; - buildInputs = with rustPackages; - [ - (import ./vim-rust.nix { - pkgs = gitpkgs; - commonRC = commonVimRC; - inherit rustc; - racerd = pkgs.rustracerd; - }) - rustc - cargo - ] - ++ [pkgs.rustfmt] - ++ extraBuildInputs; - shellHook = rustShellHook { - inherit name; - inherit rustc; - }; - } diff --git a/_archive/environments/dev/vim-go.nix b/_archive/environments/dev/vim-go.nix deleted file mode 100644 index 6eacc45..0000000 --- a/_archive/environments/dev/vim-go.nix +++ /dev/null @@ -1,19 +0,0 @@ -{commonRC, ...} @ args: -import ../../pkg-configuration/vim-derivates/vim.nix (args - // { - name = "vim-for-go"; - additionalRC = - commonRC - + '' - " Disable AutoComplPop. - let g:acp_enableAtStartup = 0 - " Use neocomplete. - let g:neocomplete#enable_at_startup = 1 - " Use smartcase. - let g:neocomplete#enable_smart_case = 1 - if !exists('g:neocomplete#sources#omni#input_patterns') - let g:neocomplete#sources#omni#input_patterns = {} - endif - ''; - additionalPlugins = ["neocomplete" "vim-go"]; - }) diff --git a/_archive/environments/dev/vim-pandoc.nix b/_archive/environments/dev/vim-pandoc.nix deleted file mode 100644 index 7fc03f2..0000000 --- a/_archive/environments/dev/vim-pandoc.nix +++ /dev/null @@ -1,18 +0,0 @@ -{commonRC, ...} @ args: -import ../../pkg-configuration/vim-derivates/vim.nix (args - // { - name = "vim-for-pandoc"; - additionalRC = - commonRC - + '' - set statusline+=%#warningmsg# - set statusline+=%{SyntasticStatuslineFlag()} - set statusline+=%* - - let g:syntastic_always_populate_loc_list = 1 - let g:syntastic_auto_loc_list = 1 - let g:syntastic_check_on_open = 1 - let g:syntastic_check_on_wq = 0 - ''; - additionalPlugins = ["vim-pandoc" "vim-pandoc-syntax" "vimpreviewpandoc"]; - }) diff --git a/_archive/environments/dev/vim-rust.nix b/_archive/environments/dev/vim-rust.nix deleted file mode 100644 index 56e3c7d..0000000 --- a/_archive/environments/dev/vim-rust.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ - commonRC, - rustc, - racerd, - ... -} @ args: -import ../../pkg-configuration/vim-derivates/vim.nix (args - // { - name = "vim-for-rust"; - additionalRC = - commonRC - + '' - set statusline+=%#warningmsg# - set statusline+=%{SyntasticStatuslineFlag()} - set statusline+=%* - - let g:syntastic_always_populate_loc_list = 1 - let g:syntastic_auto_loc_list = 1 - let g:syntastic_check_on_open = 1 - let g:syntastic_check_on_wq = 0 - - " tagbar - let g:tagbar_type_rust = { - \ 'ctagstype' : 'rust', - \ 'kinds' : [ - \'T:types,type definitions', - \'f:functions,function definitions', - \'g:enum,enumeration names', - \'s:structure names', - \'m:modules,module names', - \'c:consts,static constants', - \'t:traits,traits', - \'i:impls,trait implementations', - \] - \} - - let g:syntastic_rust_checkers = ["rustc"] - - "rustfmt - let g:rustfmt_autosave = 1 - - let g:ycm_auto_trigger = 1 - let g:ycm_rust_src_path = '${rustc.src}/src' - let g:ycm_racerd_binary_path = '${racerd.out}/bin/racerd' - - ''; - additionalPlugins = ["rust-vim"]; - }) diff --git a/_archive/environments/fhs/android.nix b/_archive/environments/fhs/android.nix deleted file mode 100644 index 074469e..0000000 --- a/_archive/environments/fhs/android.nix +++ /dev/null @@ -1,42 +0,0 @@ -{pkgs ? import {}}: -(pkgs.buildFHSUserEnv { - name = "devfhs"; - multiPkgs = pkgs: (with pkgs; [ - android-udev-rules - sudo - gawk - bzip2 - file - gcc - getopt - git - gnumake - ncurses - openssl - patch - perl - pkgconfig - python - openssh - subversion - unzip - wget - which - vim - zlib - libusb - libusb1 - systemd - strace - swt - xorg.libXtst - glib - gtk2 - gnome.gtk - ]); - profile = '' - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/lib:/lib64:/lib32:/usr/lib32:/usr/lib64:${pkgs.xorg.libXtst}/lib:${pkgs.glib}/lib:${pkgs.gtk2}/lib - ''; - runScript = "bash"; -}) -.env diff --git a/_archive/environments/fhs/vscode.nix b/_archive/environments/fhs/vscode.nix deleted file mode 100644 index da08700..0000000 --- a/_archive/environments/fhs/vscode.nix +++ /dev/null @@ -1,36 +0,0 @@ -{pkgs ? import {}}: -(pkgs.buildFHSUserEnv { - name = "everydayFHS"; - targetPkgs = pkgs: (with pkgs; [ - which - gitFull - zsh - file - direnv - - xdg_utils - xsel - - vscode - - # vscode live share - gnome3.gcr - libgnome_keyring3 - liburcu - libunwind - lttng-ust - curl - openssl - libkrb5 - libuuid - icu - zlib - libsecret - ]); - multiPkgs = pkgs: (with pkgs; []); - profile = '' - export SHELL=/bin/zsh - ''; - # FIXME runScript = "$SHELL"; -}) -.env From 76bce4709f44dcd60b6273e16d162c18d32f13a4 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 18 Apr 2024 17:22:56 +0200 Subject: [PATCH 056/305] feat(nix-settings): use unstable's nixUnstable (which ironically is the latest release) --- nix/os/snippets/nix-settings.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nix/os/snippets/nix-settings.nix b/nix/os/snippets/nix-settings.nix index 704d69a..050780e 100644 --- a/nix/os/snippets/nix-settings.nix +++ b/nix/os/snippets/nix-settings.nix @@ -26,4 +26,6 @@ ]; nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs; + + nix.package = pkgsUnstable.nixUnstable; } From 798396826f09d6273c00692eefa087db237e6f14 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 18 Apr 2024 17:24:49 +0200 Subject: [PATCH 057/305] feat(router): pin nixpkgs and kernel versions --- nix/os/devices/router0-dmz0/configuration.nix | 15 ++++--- nix/os/devices/router0-dmz0/flake.lock | 44 +++++++++---------- nix/os/devices/router0-dmz0/flake.nix | 7 +-- 3 files changed, 34 insertions(+), 32 deletions(-) diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index cd0629e..38160cc 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -963,12 +963,13 @@ in { # ]) # ]; - # cname = [ - # "mailserver.svc.stefanjunker.de,${exposedHost}" - # "www.stefanjunker.de,${exposedHost}" - # "hedgedoc.www.stefanjunker.de,${exposedHost}" - # "jitsi.www.stefanjunker.de,${exposedHost}" - # ]; + cname = [ + "mailserver.svc.stefanjunker.de,${exposedHost}" + "www.stefanjunker.de,${exposedHost}" + "hedgedoc.www.stefanjunker.de,${exposedHost}" + "jitsi.www.stefanjunker.de,${exposedHost}" + "lldap.www.stefanjunker.de,${exposedHost}" + ]; }; }; @@ -978,7 +979,7 @@ in { system.stateVersion = "23.05"; - boot.kernelPackages = pkgs.linuxPackages_bpir3_latest; + boot.kernelPackages = pkgs.linuxPackages_bpir3_6_6; # We exclude a number of modules included in the default list. A non-insignificant amount do # not apply to embedded hardware like this, so simply skip the defaults. # diff --git a/nix/os/devices/router0-dmz0/flake.lock b/nix/os/devices/router0-dmz0/flake.lock index cefbdd9..d1a0074 100644 --- a/nix/os/devices/router0-dmz0/flake.lock +++ b/nix/os/devices/router0-dmz0/flake.lock @@ -7,16 +7,16 @@ ] }, "locked": { - "lastModified": 1703603768, - "narHash": "sha256-ZViXHNt7ClqNtlRO9iot+LxiSbBvZi/RR+/6Q7W6UV8=", + "lastModified": 1712309414, + "narHash": "sha256-Z1bK3rlZhI1qVDU3qS4cqZBIQL2xomtUPYHdxQgRuw0=", "owner": "steveej-forks", "repo": "nixos-bpir3", - "rev": "47cb545b92c136d1482a66b940c4719c40eb5fe3", + "rev": "4cfe402142e6ef76d83fcd7c92d75029a39d3997", "type": "github" }, "original": { "owner": "steveej-forks", - "ref": "linux-6.6", + "ref": "pr_kernel_config_for_nixpkgs_update", "repo": "nixos-bpir3", "type": "github" } @@ -49,11 +49,11 @@ ] }, "locked": { - "lastModified": 1711006105, - "narHash": "sha256-pvjqjx4L2Hx/NP3RWcwLjk+ABtMODAJ9+rgreU6fP6I=", + "lastModified": 1711934712, + "narHash": "sha256-sBDe+QmX/QohlnKeSEzrftcXyZL5FY09OMjZ59Rpyy4=", "owner": "nix-community", "repo": "disko", - "rev": "a8c966ee117c278a5aabc6f00b00ef62eb7e28f6", + "rev": "611c9ea53250f7bb22286b3d26872280a0e608f9", "type": "github" }, "original": { @@ -84,16 +84,16 @@ ] }, "locked": { - "lastModified": 1711133180, - "narHash": "sha256-WJOahf+6115+GMl3wUfURu8fszuNeJLv9qAWFQl3Vmo=", + "lastModified": 1710888565, + "narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=", "owner": "nix-community", "repo": "home-manager", - "rev": "1c2c5e4cabba4c43504ef0f8cc3f3dfa284e2dbb", + "rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce", "type": "github" }, "original": { "owner": "nix-community", - "ref": "master", + "ref": "release-23.11", "repo": "home-manager", "type": "github" } @@ -101,11 +101,11 @@ "hostapd": { "flake": false, "locked": { - "lastModified": 1710970863, - "narHash": "sha256-mB4oXrQWMVuVHe1ZJDU4LEu3Nha8efxSqs72EAJiyEI=", + "lastModified": 1712252662, + "narHash": "sha256-eQ6SiquqNFL/uewktFYFASQOC3qKbKDnG5l4VHcDouk=", "ref": "refs/heads/main", - "rev": "c24453dd936dc418bb4254b6c2ea42a2288d9607", - "revCount": 19406, + "rev": "e2ae53e1dbce10161a90bf2e64fd7241e40f4b71", + "revCount": 19445, "type": "git", "url": "git://w1.fi/hostap.git?branch=main" }, @@ -137,16 +137,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1711001935, - "narHash": "sha256-URtGpHue7HHZK0mrHnSf8wJ6OmMKYSsoLmJybrOLFSQ=", + "lastModified": 1712168706, + "narHash": "sha256-XP24tOobf6GGElMd0ux90FEBalUtw6NkBSVh/RlA6ik=", "owner": "nixos", "repo": "nixpkgs", - "rev": "20f77aa09916374aa3141cbc605c955626762c9a", + "rev": "1487bdea619e4a7a53a4590c475deabb5a9d1bfb", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-unstable", + "ref": "nixos-23.11", "repo": "nixpkgs", "type": "github" } @@ -189,11 +189,11 @@ ] }, "locked": { - "lastModified": 1710982111, - "narHash": "sha256-IKcJnJwLnNXcnTZY4vxhQ0zEkZvr7srhXSZpxa3IiHA=", + "lastModified": 1712191870, + "narHash": "sha256-+MzSZ4IuZNT4QJS8b+gM48thfWkrJ7vL4NV5zG8Lqx8=", "owner": "numtide", "repo": "srvos", - "rev": "918e2ad35a9ce4071e9bc72e82ad97a65c8b861b", + "rev": "ddafe2fd3547f63e6bf75b6e1a99ecfa61c59687", "type": "github" }, "original": { diff --git a/nix/os/devices/router0-dmz0/flake.nix b/nix/os/devices/router0-dmz0/flake.nix index 22c71ae..2d02246 100644 --- a/nix/os/devices/router0-dmz0/flake.nix +++ b/nix/os/devices/router0-dmz0/flake.nix @@ -1,10 +1,10 @@ { inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; get-flake.url = "github:ursi/get-flake"; - home-manager.url = "github:nix-community/home-manager/master"; + home-manager.url = "github:nix-community/home-manager/release-23.11"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; disko.url = "github:nix-community/disko"; @@ -13,7 +13,7 @@ srvos.inputs.nixpkgs.follows = "nixpkgs"; bpir3.url = - "github:steveej-forks/nixos-bpir3/linux-6.6" + "github:steveej-forks/nixos-bpir3/pr_kernel_config_for_nixpkgs_update" # "/home/steveej/src/steveej/nixos-bpir3" ; @@ -88,6 +88,7 @@ inherit (bpir3Pkgs) linuxPackages_bpir3 + linuxPackages_bpir3_6_6 linuxPackages_bpir3_latest ; }) From 4f54a8df43907a337074bb1716dc1e0e85915742 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 18 Apr 2024 17:26:54 +0200 Subject: [PATCH 058/305] fixup! feat(nix-settings): use unstable's nixUnstable (which ironically is the latest release) --- nix/os/snippets/nix-settings.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nix/os/snippets/nix-settings.nix b/nix/os/snippets/nix-settings.nix index 050780e..0e0f8c5 100644 --- a/nix/os/snippets/nix-settings.nix +++ b/nix/os/snippets/nix-settings.nix @@ -3,7 +3,9 @@ pkgs, lib, ... -}: { +}: let + pkgsUnstable = import nodeFlake.inputs.nixpkgs-unstable {inherit (pkgs) system config;}; +in { nix.daemonCPUSchedPolicy = "idle"; nix.daemonIOSchedClass = "idle"; nix.settings.max-jobs = lib.mkDefault "auto"; From cda3a44e9e3fe4e1d8808ad7b39b6aabb8391515 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 18 Apr 2024 17:27:02 +0200 Subject: [PATCH 059/305] chore(nix-settings): don't use cache.holo.host as a substituter --- nix/os/snippets/nix-settings-holo-chain.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nix/os/snippets/nix-settings-holo-chain.nix b/nix/os/snippets/nix-settings-holo-chain.nix index 660695c..b912b5b 100644 --- a/nix/os/snippets/nix-settings-holo-chain.nix +++ b/nix/os/snippets/nix-settings-holo-chain.nix @@ -3,14 +3,14 @@ substituters = [ "https://holochain-ci.cachix.org" "https://holochain-ci-internal.cachix.org" - "https://cache.holo.host/" + # "https://cache.holo.host/" ]; trusted-public-keys = [ "holochain-ci.cachix.org-1:5IUSkZc0aoRS53rfkvH9Kid40NpyjwCMCzwRTXy+QN8=" "holochain-ci-internal.cachix.org-1:QvVsSrTiearCjrLTVtNtJOdQCDTseXh7UXUuSMx46NE=" - "cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE=" - "cache.holo.host-2:ZJCkX3AUYZ8soxTLfTb60g+F3MkWD7hkH9y8CgqwhDQ=" + # "cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE=" + # "cache.holo.host-2:ZJCkX3AUYZ8soxTLfTb60g+F3MkWD7hkH9y8CgqwhDQ=" ]; }; } From 03175bb9a72c230bd5a4e658440f936860f8c45b Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 18 Apr 2024 17:28:17 +0200 Subject: [PATCH 060/305] feat(sj-bm-hostkey0): add zerotier --- nix/os/devices/sj-bm-hostkey0/configuration.nix | 5 +++++ nix/os/snippets/holo-zerotier.nix | 2 ++ 2 files changed, 7 insertions(+) diff --git a/nix/os/devices/sj-bm-hostkey0/configuration.nix b/nix/os/devices/sj-bm-hostkey0/configuration.nix index 4e82eb8..ca1551e 100644 --- a/nix/os/devices/sj-bm-hostkey0/configuration.nix +++ b/nix/os/devices/sj-bm-hostkey0/configuration.nix @@ -173,4 +173,9 @@ in { boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + + steveej.holo-zerotier = { + enable = true; + autostart = false; + }; } diff --git a/nix/os/snippets/holo-zerotier.nix b/nix/os/snippets/holo-zerotier.nix index dc02fdc..8b09cea 100644 --- a/nix/os/snippets/holo-zerotier.nix +++ b/nix/os/snippets/holo-zerotier.nix @@ -11,6 +11,8 @@ in { }; config = { + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "zerotierone" ]; + services.zerotierone = { enable = cfg.enable; joinNetworks = [ From a77a7f98f2ffec42347bdabc1fffa4be86026559 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 18 Apr 2024 17:32:56 +0200 Subject: [PATCH 061/305] feat(sway-desktop): reconfigure xdg portals --- nix/os/snippets/sway-desktop.nix | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/nix/os/snippets/sway-desktop.nix b/nix/os/snippets/sway-desktop.nix index 46c2bc0..ec6859c 100644 --- a/nix/os/snippets/sway-desktop.nix +++ b/nix/os/snippets/sway-desktop.nix @@ -36,19 +36,29 @@ in { # FIXME: `true` breaks xdg-open from alacritty: # $ xdg-open "https://github.com/" # Error: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: No such interface “org.freedesktop.portal.OpenURI” on object at path /org/freedesktop/portal/desktop - xdgOpenUsePortal = false; + xdgOpenUsePortal = true; + + wlr = { + enable = true; + }; # keep the behaviour in < 1.17, which uses the first portal implementation found in lexicographical order, use the following: - config.common.default = "*"; + config = { + common = { + default = [ + "wlr" + "gtk" + ]; + }; + }; extraPortals = [ - pkgs.xdg-desktop-portal-wlr - pkgs.xdg-desktop-portal-gtk - # repoFlake.inputs.nixpkgs-wayland.packages.${pkgs.system}.xdg-desktop-portal-wlr - # (pkgs.xdg-desktop-portal-gtk.override (_: { - # buildPortalsInGnome = false; - # })) + + # pkgs.xdg-desktop-portal-gtk + (pkgs.xdg-desktop-portal-gtk.override (_: { + buildPortalsInGnome = false; + })) ]; }; From 4c85413b56749cf93b3659d1295174c8b71e4f64 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 18 Apr 2024 17:36:13 +0200 Subject: [PATCH 062/305] feat(steveej-x13s): accept iperf3 traffic on all interfaces --- nix/os/devices/steveej-x13s/configuration.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 5a1817a..585c02e 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -96,6 +96,11 @@ networking.firewall.interfaces."en+".allowedUDPPorts = udp; networking.firewall.interfaces."wl+".allowedTCPPorts = tcp; networking.firewall.interfaces."wl+".allowedUDPPorts = udp; + + networking.firewall.allowedTCPPorts = [ + # iperf3 + 5201 + ]; }) ../../snippets/home-manager-with-zsh.nix From a6ce446fe9391f8e1927f35d0f478da00ff0f148 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 18 Apr 2024 17:38:24 +0200 Subject: [PATCH 063/305] feat(sj-bm-hostkey0): enable fuse, docker, podman, caddy as s3 reverse-proxy --- .../devices/sj-bm-hostkey0/configuration.nix | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/nix/os/devices/sj-bm-hostkey0/configuration.nix b/nix/os/devices/sj-bm-hostkey0/configuration.nix index ca1551e..8e53c81 100644 --- a/nix/os/devices/sj-bm-hostkey0/configuration.nix +++ b/nix/os/devices/sj-bm-hostkey0/configuration.nix @@ -154,8 +154,28 @@ in { environment.systemPackages = [ pkgs.hdparm + pkgs.fuse ]; + programs.fuse.userAllowOther = true; + + services.caddy.enable = true; + services.caddy.email = "mail@stefanjunker.de"; + services.caddy.globalConfig = '' + auto_https disable_redirects + ''; + services.caddy.virtualHosts = let + holochainDomain = "dev.infra.holochain.org"; + in { + "${nodeName}.${holochainDomain}" = { + extraConfig = '' + handle_path /s3/* { + reverse_proxy http://127.0.0.1:9000 + } + ''; + }; + }; + # home-manager.users.steveej = _: { # imports = [ # ../../../home-manager/configuration/text-minimal.nix @@ -169,6 +189,11 @@ in { # }; virtualisation.libvirtd.enable = true; + virtualisation.docker.enable = true; + + virtualisation.podman.enable = true; + virtualisation.podman.autoPrune.enable = true; + # virtualisation.podman.dockerSocket.enable = true; boot.binfmt.emulatedSystems = [ "aarch64-linux" From a2ad00509b01a80c0929e22b3ddd64539f0d25ef Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 18 Apr 2024 17:39:32 +0200 Subject: [PATCH 064/305] feat(sway-desktop): disable xwayland \o/ --- nix/home-manager/profiles/sway-desktop.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/home-manager/profiles/sway-desktop.nix b/nix/home-manager/profiles/sway-desktop.nix index fb78aeb..8942c65 100644 --- a/nix/home-manager/profiles/sway-desktop.nix +++ b/nix/home-manager/profiles/sway-desktop.nix @@ -83,7 +83,7 @@ in { wayland.windowManager.sway = { enable = true; systemd.enable = true; - xwayland = true; + xwayland = false; config = let modifier = "Mod4"; From b6998530fbdf31f2aba109bcb972259b15a0326b Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 21 Apr 2024 21:53:35 +0200 Subject: [PATCH 065/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 188 +++++++++++++++++++------ nix/os/devices/steveej-x13s/flake.nix | 3 +- 2 files changed, 148 insertions(+), 43 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 2e61d2b..6d17e39 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -1,5 +1,26 @@ { "nodes": { + "crane": { + "inputs": { + "nixpkgs": [ + "mycelium", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1712513517, + "narHash": "sha256-VuLm5tTMqfS82NZAsNfsW7U+pTZ1+GcOU7gYR/Fb1Z4=", + "owner": "ipetkov", + "repo": "crane", + "rev": "9caad1eb0c69a13ee6467035353b71a76c85ea53", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -7,11 +28,11 @@ ] }, "locked": { - "lastModified": 1711934712, - "narHash": "sha256-sBDe+QmX/QohlnKeSEzrftcXyZL5FY09OMjZ59Rpyy4=", + "lastModified": 1713406758, + "narHash": "sha256-kwZvhmx+hSZvjzemKxsAqzEqWmXZS47VVwQhNrINORQ=", "owner": "nix-community", "repo": "disko", - "rev": "611c9ea53250f7bb22286b3d26872280a0e608f9", + "rev": "1efd500e9805a9efbce401ed5999006d397b9f11", "type": "github" }, "original": { @@ -19,6 +40,20 @@ "type": "indirect" } }, + "flake-compat": { + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "revCount": 57, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" @@ -37,6 +72,23 @@ "type": "github" } }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "id": "flake-utils", + "type": "indirect" + } + }, "get-flake": { "locked": { "lastModified": 1694475786, @@ -59,11 +111,11 @@ ] }, "locked": { - "lastModified": 1710888565, - "narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=", + "lastModified": 1712386041, + "narHash": "sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce", + "rev": "d6bb9f934f2870e5cbc5b94c79e9db22246141ff", "type": "github" }, "original": { @@ -76,11 +128,11 @@ "mobile-nixos": { "flake": false, "locked": { - "lastModified": 1711757427, - "narHash": "sha256-PqHK0J9YCRKlxpJp+UG+/xpwfIQRPVUPspvbbP3FB2M=", + "lastModified": 1713034591, + "narHash": "sha256-zEtSq4e1hsf5nPoTzsx+cvHTusQxFdyDpD3mOa360A0=", "owner": "NixOS", "repo": "mobile-nixos", - "rev": "f7087f8fdbd1309af315ef8c92345320aadc5edf", + "rev": "5455e4455b231218f6198b39383a0ad4c1d6638e", "type": "github" }, "original": { @@ -89,17 +141,54 @@ "type": "github" } }, - "nixos-x13s": { + "mycelium": { "inputs": { - "flake-parts": "flake-parts", + "crane": "crane", + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nix-filter": "nix-filter", "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1712073452, - "narHash": "sha256-lTGAcxEdndN8Vai0Or8uIOUFekjWEXHd4IZzwNPnmzk=", + "lastModified": 1713534564, + "narHash": "sha256-x3XqFKcOLwKhgF/DKo8Qp3QLyaE2hdCTjfLSE8K3ifQ=", + "owner": "threefoldtech", + "repo": "mycelium", + "rev": "0dbe64eb25ebd73976908effaa0e4acaaf3c33c6", + "type": "github" + }, + "original": { + "owner": "threefoldtech", + "repo": "mycelium", + "type": "github" + } + }, + "nix-filter": { + "locked": { + "lastModified": 1710156097, + "narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=", + "owner": "numtide", + "repo": "nix-filter", + "rev": "3342559a24e85fc164b295c3444e8a139924675b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "nix-filter", + "type": "github" + } + }, + "nixos-x13s": { + "inputs": { + "flake-parts": "flake-parts", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1713193264, + "narHash": "sha256-6s8592yN68pJxUEq3oO4wnOcakCy+Ep7CX13ms8uD44=", "ref": "main", - "rev": "4c5a5bf78c130bf2ad59f458cca19c9737c8c80f", - "revCount": 50, + "rev": "6906045816d89d3e0eb391f1b293d5798639d1a3", + "revCount": 53, "type": "git", "url": "https://codeberg.org/adamcstephens/nixos-x13s" }, @@ -111,11 +200,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1711703276, - "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", + "lastModified": 1712439257, + "narHash": "sha256-aSpiNepFOMk9932HOax0XwNxbA38GOUVOiXfUVPOrck=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089", + "rev": "ff0dbd94265ac470dda06a657d5fe49de93b4599", "type": "github" }, "original": { @@ -125,22 +214,6 @@ "type": "github" } }, - "nixpkgs-2211": { - "locked": { - "lastModified": 1688392541, - "narHash": "sha256-lHrKvEkCPTUO+7tPfjIcb7Trk6k31rz18vkyqmkeJfY=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "ea4c80b39be4c09702b0cb3b42eab59e2ba4f24b", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-22.11", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-lib": { "locked": { "dir": "lib", @@ -161,11 +234,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1711703276, - "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", + "lastModified": 1713537308, + "narHash": "sha256-XtTSSIB2DA6tOv+l0FhvfDMiyCmhoRbNB+0SeInZkbk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089", + "rev": "5c24cf2f0a12ad855f444c30b2421d044120c66f", "type": "github" }, "original": { @@ -177,11 +250,27 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1711668574, - "narHash": "sha256-u1dfs0ASQIEr1icTVrsKwg2xToIpn7ZXxW3RHfHxshg=", + "lastModified": 1712963716, + "narHash": "sha256-WKm9CvgCldeIVvRz87iOMi8CFVB1apJlkUT4GGvA0iM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "cfd6b5fc90b15709b780a5a1619695a88505a176", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1713564160, + "narHash": "sha256-YguPZpiejgzLEcO36/SZULjJQ55iWcjAmf3lYiyV1Fo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "219951b495fc2eac67b1456824cc1ec1fd2ee659", + "rev": "bc194f70731cc5d2b046a6c1b3b15f170f05999c", "type": "github" }, "original": { @@ -197,11 +286,26 @@ "get-flake": "get-flake", "home-manager": "home-manager", "mobile-nixos": "mobile-nixos", + "mycelium": "mycelium", "nixos-x13s": "nixos-x13s", - "nixpkgs": "nixpkgs_2", - "nixpkgs-2211": "nixpkgs-2211", + "nixpkgs": "nixpkgs_3", "nixpkgs-unstable": "nixpkgs-unstable" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 6537562..43e7a4b 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -4,7 +4,6 @@ # required for home-manager modules nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; - nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; get-flake.url = "github:ursi/get-flake"; @@ -22,6 +21,8 @@ # nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?ref=refs/tags/2024-02-28"; # nixos-x13s.url = "path:/home/steveej/src/others/nixos-x13s"; # nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; + + mycelium.url = "github:threefoldtech/mycelium"; }; outputs = { From 18c56a10b6a8c9be3bdbb80363654a6093bb78e3 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 29 Apr 2024 10:47:18 +0200 Subject: [PATCH 066/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 50 +++++++++++++------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 6d17e39..28fbed5 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1713406758, - "narHash": "sha256-kwZvhmx+hSZvjzemKxsAqzEqWmXZS47VVwQhNrINORQ=", + "lastModified": 1714103775, + "narHash": "sha256-kcBiIrmqzt3bNTr2GMBfAyA+on8BEKO1iKzzDFQZkjI=", "owner": "nix-community", "repo": "disko", - "rev": "1efd500e9805a9efbce401ed5999006d397b9f11", + "rev": "285e26465a0bae510897ca04da26ce6307c652b4", "type": "github" }, "original": { @@ -91,11 +91,11 @@ }, "get-flake": { "locked": { - "lastModified": 1694475786, - "narHash": "sha256-s5wDmPooMUNIAAsxxCMMh9g68AueGg63DYk2hVZJbc8=", + "lastModified": 1714237590, + "narHash": "sha256-9gtHdGbzFHaR20xORN8IYd67ROWS+1nqQ5CsPf9MD8I=", "owner": "ursi", "repo": "get-flake", - "rev": "ac54750e3b95dab6ec0726d77f440efe6045bec1", + "rev": "a6c57417d1b857b8be53aba4095869a0f438c502", "type": "github" }, "original": { @@ -111,11 +111,11 @@ ] }, "locked": { - "lastModified": 1712386041, - "narHash": "sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ=", + "lastModified": 1714043624, + "narHash": "sha256-Xn2r0Jv95TswvPlvamCC46wwNo8ALjRCMBJbGykdhcM=", "owner": "nix-community", "repo": "home-manager", - "rev": "d6bb9f934f2870e5cbc5b94c79e9db22246141ff", + "rev": "86853e31dc1b62c6eeed11c667e8cdd0285d4411", "type": "github" }, "original": { @@ -150,11 +150,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1713534564, - "narHash": "sha256-x3XqFKcOLwKhgF/DKo8Qp3QLyaE2hdCTjfLSE8K3ifQ=", + "lastModified": 1714139182, + "narHash": "sha256-YJVnPzgGQZSg429K3G+p00Tz/pSDP6PnnofQv+QQiq4=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "0dbe64eb25ebd73976908effaa0e4acaaf3c33c6", + "rev": "434ad27db267a203faf5c97bb32e374bec4c6ce0", "type": "github" }, "original": { @@ -184,11 +184,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1713193264, - "narHash": "sha256-6s8592yN68pJxUEq3oO4wnOcakCy+Ep7CX13ms8uD44=", + "lastModified": 1713787000, + "narHash": "sha256-Cy+xbH8n+vW3TRYhNdRnr0z02Cy6jOeD65xRLS5yunM=", "ref": "main", - "rev": "6906045816d89d3e0eb391f1b293d5798639d1a3", - "revCount": 53, + "rev": "75542063f325e6f74b47e76fdcb8a98c5261bb29", + "revCount": 55, "type": "git", "url": "https://codeberg.org/adamcstephens/nixos-x13s" }, @@ -234,11 +234,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1713537308, - "narHash": "sha256-XtTSSIB2DA6tOv+l0FhvfDMiyCmhoRbNB+0SeInZkbk=", + "lastModified": 1714253743, + "narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5c24cf2f0a12ad855f444c30b2421d044120c66f", + "rev": "58a1abdbae3217ca6b702f03d3b35125d88a2994", "type": "github" }, "original": { @@ -250,11 +250,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1712963716, - "narHash": "sha256-WKm9CvgCldeIVvRz87iOMi8CFVB1apJlkUT4GGvA0iM=", + "lastModified": 1713714899, + "narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cfd6b5fc90b15709b780a5a1619695a88505a176", + "rev": "6143fc5eeb9c4f00163267708e26191d1e918932", "type": "github" }, "original": { @@ -266,11 +266,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1713564160, - "narHash": "sha256-YguPZpiejgzLEcO36/SZULjJQ55iWcjAmf3lYiyV1Fo=", + "lastModified": 1714272655, + "narHash": "sha256-3/ghIWCve93ngkx5eNPdHIKJP/pMzSr5Wc4rNKE1wOc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "bc194f70731cc5d2b046a6c1b3b15f170f05999c", + "rev": "12430e43bd9b81a6b4e79e64f87c624ade701eaf", "type": "github" }, "original": { From 532535a904edda7176d871819b5f1129e80d875d Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 2 May 2024 09:43:04 +0200 Subject: [PATCH 067/305] remove flake-sandbox --- flake-sandbox/flake.lock | 27 -------- flake-sandbox/flake.nix | 142 --------------------------------------- 2 files changed, 169 deletions(-) delete mode 100644 flake-sandbox/flake.lock delete mode 100644 flake-sandbox/flake.nix diff --git a/flake-sandbox/flake.lock b/flake-sandbox/flake.lock deleted file mode 100644 index b600a49..0000000 --- a/flake-sandbox/flake.lock +++ /dev/null @@ -1,27 +0,0 @@ -{ - "nodes": { - "nixpkgs": { - "locked": { - "lastModified": 1681091990, - "narHash": "sha256-ifIzhksUBZKp5WgCuoVhDY32qaEplXp7khzrB6zkaFc=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "ea96b4af6148114421fda90df33cf236ff5ecf1d", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-22.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "root": { - "inputs": { - "nixpkgs": "nixpkgs" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/flake-sandbox/flake.nix b/flake-sandbox/flake.nix deleted file mode 100644 index 112447e..0000000 --- a/flake-sandbox/flake.nix +++ /dev/null @@ -1,142 +0,0 @@ -{ - inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11"; - }; - outputs = { - self, - nixpkgs, - }: let - system = "x86_64-linux"; - pkgs = import nixpkgs {inherit system;}; - in { - devShells."${system}".default = pkgs.mkShell { - packages = with pkgs; - with pkgs.gnome; [ - hexchat - audacity - proot - yubikey-manager-qt - cheese - remmina - exiv2 - wireshark-qt - seahorse - kotatogram-desktop - usbutils - networkmanagerapplet - sshfs-fuse - pavucontrol - libwebcam - just - eog - git-crypt - espanso - unetbootin - vcsh - skypeforlinux - du-dust - bind - teamviewer - gparted - neovim - inkscape - rustdesk - gnome-themes-extra - pass - xdg-user-dirs - cbatticon - yubikey-personalization-gui - zoom - signal-desktop - xorg.xbacklight - vscode - ripgrep - lightdm - nixpkgs-fmt - git-lfs - qtpass - gimp - lxappearance - flameshot - thunderbird - fprintd - chromium - evtest - alejandra - vlc - pastebinit - evolution - zbar - libreoffice - brave - pidgin - direnv - xorg.xhost - lorri - firefox - logseq - x11_ssh_askpass - xsel - feh - htop - openvpn - syncthing - ncdu - rofi-pass - testdisk - vanilla-dmz - wireguard-tools - xarchive - gnome-icon-theme - wget - nix-index - mr - passff-host - browserpass - xorg.xcursorthemes - gitRepo - gitSVN - androidenv.androidPkgs_9_0.platform-tools - - # introduces python - (qtile.passthru.unwrapped.overrideAttrs (oldAttrs: { - propagatedBuildInputs = - [] - # ++ oldAttrs.passthru.unwrapped.propagatedBuildInputs - # ++ (with pkgs.python3Packages; [ - # # python-wifi - # # iwlib - # keyring - # ]) - ; - - makeWrapperArgs = - oldAttrs.makeWrapperArgs - ++ [ - "--prefix PATH : ${pkgs.lib.makeBinPath oldAttrs.propagatedBuildInputs}" - ]; - })) - - # gi-docgen - # yelp-tools - # scons - # autorandr - # arandr - # meson - # mercurial - # unrar-wrapper - # orca - # radicale - # criu - # gnome-music - # gnome-browser-connector - # radicale - # hplip - # qtile - # gtk-doc - # asciidoc - # meson - ]; - }; - }; -} From 5f1eded00a46f2b691e63be94b1107b4c4d6d2ac Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 2 May 2024 09:43:20 +0200 Subject: [PATCH 068/305] justfile: add `--impure` to nix commands this seems required since a recent nixpkgs update --- Justfile | 4 +-- .../steveej-x13s/mycelium_priv_key.bin.enc | 26 +++++++++++++++++++ 2 files changed, 28 insertions(+), 2 deletions(-) create mode 100644 secrets/steveej-x13s/mycelium_priv_key.bin.enc diff --git a/Justfile b/Justfile index 1633cba..095f050 100755 --- a/Justfile +++ b/Justfile @@ -31,11 +31,11 @@ _render_templates: rebuild-remote-device device +rebuildargs="dry-activate": #!/usr/bin/env bash set -ex - nix run .#colmena -- apply --on {{device}} {{rebuildargs}} + nix run .#colmena -- apply --impure --on {{device}} {{rebuildargs}} # Rebuild this device's NixOS rebuild-this-device +rebuildargs="dry-activate": - nix run .#colmena -- apply-local --sudo {{rebuildargs}} + nix run .#colmena -- apply-local --impure --sudo {{rebuildargs}} # Re-render the versions of a remote device and rebuild its environment update-remote-device devicename +rebuildargs='build': diff --git a/secrets/steveej-x13s/mycelium_priv_key.bin.enc b/secrets/steveej-x13s/mycelium_priv_key.bin.enc new file mode 100644 index 0000000..d1693e7 --- /dev/null +++ b/secrets/steveej-x13s/mycelium_priv_key.bin.enc @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:ILo+B9hfSEOaNleohfdc+RlzFHOu5y0kS9Ocys5KBKQ=,iv:GNzGem+eBseA99FoFHRSDQbnpo0RS6lRRR6oLV5xajE=,tag:FmBrSBT1qQ+jXhUlAjCRSg==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvOHM2dFdaSmRjVXRGOWdM\nc3NySkxDWjl3bXl0VHpRUURINlRWNTJhM1JNCmQzV2xUTUlEb0l2Q0FZUDMrOVVF\neTNEWG1kV1hlY3dWaDVubzdBMUpjdjgKLS0tIGtzeUF5TCtoSk92aDZkdkhqMjZm\nellNZk84ckRXZW5LYlA0Zjc0MXFVMFUKkbgJvketPLkiRtiM2ot/o2q0roCyMcNB\nDjvUDLeExvpz11T12pFETaeSGKMH/R6HfDt37T/K2cpCNvOXHU8MpQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-04-19T19:07:46Z", + "mac": "ENC[AES256_GCM,data:e6xOIt73MDaMOnP3d2G/xqjwozdvdkxNkso4ry3Wj5UELoSKtjOXn0oWA1KIApQM72rcytyAMuvuF8nIRzOsU+RjCxyoyFxK+x1ljvXcjJF/mrB8+27QEIKMFbCRYDtDtiax0MnVkW3a4zqAz9ETd2hlBRS2DcVXvgV8GVRZL4o=,iv:jd5Mwf+IUrm5vbHftImsB7iX3AP8O61/2kEf2BpOFRQ=,tag:aXmSU8qPGTKRmzddVz6s8w==,type:str]", + "pgp": [ + { + "created_at": "2024-04-19T19:07:46Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQEMA0SHG/zF3227AQf/UWVXKoYna+QMRhlTcMeEYBYD1twGiU2M+Qov7lMwCVd0\nyLd/TW0E3l7nNp+8pVeQb2a84F3W6kitWSv6sSEQuz74vMGtAHJs63NRaRP+apdV\nKE9kada00clOgd8gDAwEZUUMaTuCxZalsLHOLmKa/5UJVCaYuHcS1wyKWqhK7l9j\nYuELlmM0DcJixWved7t0UL9O1s15b6aFGjc029OIEXwIGuh9Fe01lDjqC/NM+bZC\neL8osDcyTvz2AJB7IjlKQ9EQ9SGxhKXdcoJ0iGvZn5UJx4Dmvw7U2egHN511WDR7\nE4UGux7u7D+DfvOmeCxd/6iCzMdOZUUk3E+yb05YxNJcAZNG/2HLxs2eIs/W81Uk\nLM4UVDBrrrH9hAAyE5sSHsZOIxoqbNol9FSU3iTKEdCq9giU1C8P5mjKymr1hhro\nbYiCYZXhSV0X+bEm27NH8KqEg7wYv6FWMwiYVVY=\n=Itgp\n-----END PGP MESSAGE-----", + "fp": "6F7069FE6B96E894E60EC45C6EEFA706CB17E89B" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file From a58b498d3e82417ceb4fc8a395eec099ee79b842 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 2 May 2024 09:45:30 +0200 Subject: [PATCH 069/305] feat(steveej-x13s,sj-bm-hostkey0): configure buildmachine --- .../devices/sj-bm-hostkey0/configuration.nix | 16 +++++++++------ nix/os/devices/steveej-x13s/configuration.nix | 20 +++++++++++++++++++ secrets/steveej-x13s/secrets.yaml | 8 ++++---- 3 files changed, 34 insertions(+), 10 deletions(-) diff --git a/nix/os/devices/sj-bm-hostkey0/configuration.nix b/nix/os/devices/sj-bm-hostkey0/configuration.nix index 8e53c81..17baea3 100644 --- a/nix/os/devices/sj-bm-hostkey0/configuration.nix +++ b/nix/os/devices/sj-bm-hostkey0/configuration.nix @@ -18,9 +18,18 @@ in { imports = [ nodeFlake.inputs.disko.nixosModules.disko - nodeFlake.inputs.srvos.nixosModules.roles-nix-remote-builder repoFlake.inputs.sops-nix.nixosModules.sops + nodeFlake.inputs.srvos.nixosModules.roles-nix-remote-builder + { + roles.nix-remote-builder.schedulerPublicKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQ22z5rDdCLYH+MEoEt+tXJXTJqoeZNqvJl2n4aB+Kn steveej@steveej-x13s" + + # TODO: make this a reference to the private key's secret + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8FHuK0k86iBWq41+NAhVwJqH1ZpGJe+q01m7iLviz6 root@steveej-t14" + ]; + } + ../../profiles/common/user.nix ../../snippets/nix-settings.nix ../../snippets/nix-settings-holo-chain.nix @@ -66,11 +75,6 @@ in { } ]; - roles.nix-remote-builder.schedulerPublicKeys = [ - # TODO: make this a reference to the private key's secret - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8FHuK0k86iBWq41+NAhVwJqH1ZpGJe+q01m7iLviz6 root@steveej-t14" - ]; - services.openssh.enable = true; services.openssh.settings.PermitRootLogin = "yes"; diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 585c02e..de52133 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -81,6 +81,26 @@ enable = true; enableNonRoot = true; }; + + sops.secrets.builder-private-key = {}; + nix.distributedBuilds = true; + nix.buildMachines = [ + { + hostName = "sj-bm-hostkey0.dev.infra.holochain.org"; + sshUser = "nix-remote-builder"; + sshKey = config.sops.secrets.builder-private-key.path; + protocol = "ssh-ng"; + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; + supportedFeatures = [ + "big-parallel" + "kvm" + ]; + maxJobs = 32; + } + ]; } # TODO: create syncthing os snippet diff --git a/secrets/steveej-x13s/secrets.yaml b/secrets/steveej-x13s/secrets.yaml index 26663f9..b69d6fa 100644 --- a/secrets/steveej-x13s/secrets.yaml +++ b/secrets/steveej-x13s/secrets.yaml @@ -1,4 +1,4 @@ -hello: ENC[AES256_GCM,data:9dO0Gd4YDDxWHHBYtdomfK8BJnBZC+SQYfUvTAkCq9sOO/ZH/bFhN0Fl/NvLzQ==,iv:m1TZ9PGjsoMo7NA9EHrLb0tCtIl98E3OEN1bkpZZxXY=,tag:Gup/pACLIXGXu8KEyzmfWg==,type:str] +builder-private-key: ENC[AES256_GCM,data:KG5V86SDVM5LfFPZI5rjKGvYwqLZInEqpwdIJPAiF7fMdG3rTq3JgNJCQr0eOhfmLwT3KEN2Fv0mHZS4smMGdh0WCkza8CzRn/KFY8gqEWxxdff1Wqj7+2/5lSI8I7Qp2EW+eaAgU53PPOh/M3Cgm/Rraw2ARmIJNIgtuJC8ZeZlsh3sl0tacF9rgSrP8p4xAH3C/QUs1HW+10eL9F3STtAV+ZBruU68lNmCdiyqKjg3O3qdRFsjdGWAwHNHL42cEm3il4PofyS5fDDF4otQktZa5n8832ukF5Aj6RNgJwubrsxB9+1M9s7hD1UQyKo6oQKJr1GXNK+IPyXAvdxckZ8INhsxP4c4v8GzR0zJK4MfESx0r67ciGLOcYulNBDOMSbD57oW+wRvCI2eZlpB3ugBcUm/rsQbgFVEX8q6jD8WipJ+Q3hz1zWq45s66XooFmnwc2nBhT6cRmtGzTJCcDpiovgj5tKXSXrWfwYO7tWr7lYg8T4zhfplZBtQOaqTUrAOhW7IRT5Lo/310cMRcp1h44TSnpWXZN7l,iv:DOUijPr4wHmjNIniF2IRjinXZ6iyg8Z1Nt5EgFfX5Zw=,tag:VWxHpfpyphtu6XLR1yKugg==,type:str] sops: kms: [] gcp_kms: [] @@ -14,8 +14,8 @@ sops: dUQ5ZE9keUtxVU5mMklGODRjSld0TnMKGWu7m6/q6PhS1R8N9YBsxDs9O76U6Bta wr8Tqr/1JLWoSLbPapltKH8+hKAb84LeILezVS1SrL+mjf2KYa3WQQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-23T09:41:31Z" - mac: ENC[AES256_GCM,data:xGspZnqqcwoxM0otV3m6RJdwp4laYC+b6DSOEhzbQDeS6hslD6BddQ2g+tS7l3QTtItOjmB6pLb1JJkyhaG3PDWaDu89GNlvUyTyTUxfZWzTfiB6LWJS7eDTwb6OvzDklzCRltoH+8bWTjedWkeWIOtYbjJPo6zwUAiXgiKOj2s=,iv:MSgm5HXlb/NtvqHvVmDdwzX5ebipf7UJnmPNFUV9Nzs=,tag:XT4Evu+Sn+t/+EPb+dZ61Q==,type:str] + lastmodified: "2024-05-01T16:50:35Z" + mac: ENC[AES256_GCM,data:wDnv7wZLks2EME+JqlBtagVaDZEo9ap3d6xFfnBy2/D4wrJhhYlo8vOYM8GFXEhfa0Jek+9ZlkmXYerLNWLMiUMKWIvk0cvHjxBaR2wcxt9FnynPT9W9hSX7UFhM/eTiJviksOESTI7pqNh9X7ggLSZ0c+O5mBxxEh/bcjz8vIU=,iv:vgvmyvUkZBapCpRbPU3cDgmHsc5NwHzCsMzjHvr/Xc0=,tag:FMI0YrwdCPIFe8tnLQr69w==,type:str] pgp: - created_at: "2024-04-04T18:26:01Z" enc: |- @@ -33,4 +33,4 @@ sops: -----END PGP MESSAGE----- fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 From 4b5ddd89344c3a924cc94e692b05840b077bd314 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 2 May 2024 09:48:15 +0200 Subject: [PATCH 070/305] feat: update flakes, attempt to repair espanso --- flake.lock | 240 +++++++++--------- flake.nix | 11 +- .../configuration/graphical-fullblown.nix | 65 +---- nix/home-manager/programs/espanso.nix | 24 +- nix/os/devices/router0-dmz0/flake.lock | 38 +-- .../devices/sj-bm-hostkey0/configuration.nix | 21 +- nix/os/devices/sj-bm-hostkey0/flake.lock | 17 ++ nix/os/devices/sj-bm-hostkey0/flake.nix | 1 + nix/os/devices/steveej-t14/flake.nix | 1 - 9 files changed, 215 insertions(+), 203 deletions(-) diff --git a/flake.lock b/flake.lock index a875c4f..f4236af 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "adamcstephens_stop-export": { "flake": false, "locked": { - "lastModified": 1706405938, - "narHash": "sha256-L+MeX7m78uM09h/7b0jtyGOlgJC1ETQHCBphcJRa5V0=", + "lastModified": 1710028874, + "narHash": "sha256-D15vE/boUSGSig3EMx1dCeu7N7S92wiRMJKZ1h9mBjM=", "ref": "refs/heads/main", - "rev": "823b14873da7cc0a8a6bf37eaab71d10863272d3", - "revCount": 16, + "rev": "3404021b7caf7dea1ce9c8d4ece36dc26575bc47", + "revCount": 17, "type": "git", "url": "https://codeberg.org/adamcstephens/stop-export.git" }, @@ -19,11 +19,11 @@ "aphorme_launcher": { "flake": false, "locked": { - "lastModified": 1699523648, - "narHash": "sha256-OmeelrddWuPQL84W/1Fi3FczKfrR+XdosRfKofc2o6w=", + "lastModified": 1713530567, + "narHash": "sha256-p1ZIMMDyQWVzoeyHb3sbeV6XQwbIDoQwJU8ynI8hGUI=", "owner": "Iaphetes", "repo": "aphorme_launcher", - "rev": "3404dd1ac0c448d517efc0a20f554da0f1d5550c", + "rev": "abc42c3d9e98dfd2c910cf348110232ff25129b4", "type": "github" }, "original": { @@ -60,11 +60,11 @@ "stable": "stable" }, "locked": { - "lastModified": 1706509311, - "narHash": "sha256-QQKQ6r3CID8aXn2ZXZ79ZJxdCOeVP+JTnOctDALErOw=", + "lastModified": 1711386353, + "narHash": "sha256-gWEpb8Hybnoqb4O4tmpohGZk6+aerAbJpywKcFIiMlg=", "owner": "zhaofengli", "repo": "colmena", - "rev": "c84ccd0a7a712475e861c2b111574472b1a8d0cd", + "rev": "cd65ef7a25cdc75052fbd04b120aeb066c3881db", "type": "github" }, "original": { @@ -80,11 +80,11 @@ ] }, "locked": { - "lastModified": 1707075082, - "narHash": "sha256-PUplk5F5jlIyofxqn/xEDN9pbjrd0tnkd0pDsZ52db0=", + "lastModified": 1713459701, + "narHash": "sha256-LjQ11ASxnv/FXfb8QnrIyMkyqSqcBPX+lFK8gu0jSQE=", "owner": "ipetkov", "repo": "crane", - "rev": "7d5b46c17d857ee9ddb2e8d88185729a3e5637b6", + "rev": "45ea0059fb325132fdc3c39faffb0941d25d08d3", "type": "github" }, "original": { @@ -131,6 +131,23 @@ "type": "gitlab" } }, + "espanso": { + "flake": false, + "locked": { + "lastModified": 1711840403, + "narHash": "sha256-4y5yHFfA8SmtSJVC2YleoHCUXkgqee+k9A2pRUzqzDo=", + "owner": "espanso", + "repo": "espanso", + "rev": "db97658d1d80697a635b57801696c594eacf057b", + "type": "github" + }, + "original": { + "owner": "espanso", + "repo": "espanso", + "rev": "db97658d1d80697a635b57801696c594eacf057b", + "type": "github" + } + }, "fenix": { "inputs": { "nixpkgs": [ @@ -139,11 +156,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1706941198, - "narHash": "sha256-t6/qloMYdknVJ9a3QzjylQIZnQfgefJ5kMim50B7dwA=", + "lastModified": 1713421495, + "narHash": "sha256-5vVF9W1tJT+WdfpWAEG76KywktKDAW/71mVmNHEHjac=", "owner": "nix-community", "repo": "fenix", - "rev": "28dbd8b43ea328ee708f7da538c63e03d5ed93c8", + "rev": "fd47b1f9404fae02a4f38bd9f4b12bad7833c96b", "type": "github" }, "original": { @@ -171,11 +188,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -204,11 +221,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1706830856, - "narHash": "sha256-a0NYyp+h9hlb7ddVz4LUn1vT/PLwqfrWYcHMvFB1xYg=", + "lastModified": 1712014858, + "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "b253292d9c0a5ead9bc98c4e9a26c6312e27d69f", + "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", "type": "github" }, "original": { @@ -260,27 +277,6 @@ "type": "github" } }, - "flake-parts_4": { - "inputs": { - "nixpkgs-lib": [ - "srvos", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1706830856, - "narHash": "sha256-a0NYyp+h9hlb7ddVz4LUn1vT/PLwqfrWYcHMvFB1xYg=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "b253292d9c0a5ead9bc98c4e9a26c6312e27d69f", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-utils": { "locked": { "lastModified": 1659877975, @@ -301,11 +297,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1681202837, - "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -319,11 +315,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -333,12 +329,15 @@ } }, "flake-utils_4": { + "inputs": { + "systems": "systems_3" + }, "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -365,11 +364,11 @@ "jay": { "flake": false, "locked": { - "lastModified": 1707233644, - "narHash": "sha256-VMbqnbhmevlWjVaabBgwB62CKQay6LrTyQ7XvDv/lC0=", + "lastModified": 1713529603, + "narHash": "sha256-PjHxMABsAbQ6ZkjsmdREQ5D4CTtxCF1aRlyEqKsXMls=", "owner": "mahkoh", "repo": "jay", - "rev": "e7709f695f3cfcf9bb9e857cb488f0c7f269d719", + "rev": "670588fe4dc5ea1051e34d51c99282f6c8c4d2b2", "type": "github" }, "original": { @@ -384,11 +383,11 @@ "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1707048513, - "narHash": "sha256-gZh1mHkjtOmXrlgWWdl6G27NlKuNuruz1lOnhgmg1Nk=", + "lastModified": 1713105314, + "narHash": "sha256-X3URKbcgIy4UaQGrsy3DmY5x+fePQ5IYaa76YewoUE0=", "owner": "nix-community", "repo": "lib-aggregate", - "rev": "83a014ca34f5cf6ef441b760e12d503856f20b35", + "rev": "f347ed9a1cab12c27541ed4d173e2f2d5c9bc0bb", "type": "github" }, "original": { @@ -476,11 +475,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1711934525, - "narHash": "sha256-nMRgXVApeacHoO+R6ap5Y1Did+qng0z/eBG8L7jFgJY=", + "lastModified": 1713549455, + "narHash": "sha256-wMHTvhl7Yl+nNVspchN7e337DBAM2LhHlcHnfAPhGEY=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "b2ca2718d4953bc2b41592d2a6b76e3d28236e69", + "rev": "15529741a0f9c2b90a725ef5eb2262468a2f40a6", "type": "github" }, "original": { @@ -501,11 +500,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1704629536, - "narHash": "sha256-hCMBZ61Kpj54JD/miAhhoSHWMyP6NWrOmYOSHd0rB4E=", + "lastModified": 1712738767, + "narHash": "sha256-H02MqBYW6ekafiO8ol8gZq1JwGM1eQYLXhHrnFouBJg=", "owner": "numtide", "repo": "nixos-anywhere", - "rev": "4c94cecf3dd551adf1359fb06aa926330f44e5a6", + "rev": "05854a92a58f4332e9e55ef3aef1570b8ae8bc72", "type": "github" }, "original": { @@ -558,16 +557,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1684570954, - "narHash": "sha256-FX5y4Sm87RWwfu9PI71XFvuRpZLowh00FQpIJ1WfXqE=", + "lastModified": 1712222121, + "narHash": "sha256-8f3glF4uwsPlDvaKDRgXD9xGe4YoCH4jA8ICxy/NbCo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3005f20ce0aaa58169cdee57c8aa12e5f1b6e1b3", + "rev": "23ff7d9dc4f3d553939e7bfe0d2667198f993536", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -606,11 +605,11 @@ }, "nixpkgs-2311": { "locked": { - "lastModified": 1707091808, - "narHash": "sha256-LahKBAfGbY836gtpVNnWwBTIzN7yf/uYM/S0g393r0Y=", + "lastModified": 1713344939, + "narHash": "sha256-jpHkAt0sG2/J7ueKnG7VvLLkBYUMQbXQ2L8OBpVG53s=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9f2ee8c91ac42da3ae6c6a1d21555f283458247e", + "rev": "e402c3eb6d88384ca6c52ef1c53e61bdc9b84ddd", "type": "github" }, "original": { @@ -623,11 +622,11 @@ "nixpkgs-lib": { "locked": { "dir": "lib", - "lastModified": 1706550542, - "narHash": "sha256-UcsnCG6wx++23yeER4Hg18CXWbgNpqNXcHIo5/1Y+hc=", + "lastModified": 1711703276, + "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "97b17f32362e475016f942bbdfda4a4a72a8a652", + "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089", "type": "github" }, "original": { @@ -640,11 +639,11 @@ }, "nixpkgs-lib_2": { "locked": { - "lastModified": 1707007541, - "narHash": "sha256-fuFppCuZO4wJAfodUkiWhtSxTb+pkBW+lJP2S51jRNU=", + "lastModified": 1713055793, + "narHash": "sha256-vIrZQykYW32RnlI2lT/gCcB59BOIqqrAmPirBdiirrc=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "948ff77600f9fff8c904d1e1ffb87a60773991af", + "rev": "361d8a4f443bbfab20bd6d222f9022b8c6665906", "type": "github" }, "original": { @@ -655,27 +654,27 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1705957679, - "narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=", + "lastModified": 1713434076, + "narHash": "sha256-+/p5edwlkqKZc6GDAQl+92Hoe1f3NNbUF9uj+X9H3pU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9a333eaa80901efe01df07eade2c16d183761fa3", + "rev": "8494ae076b7878d61a7d2d25e89a847fe8f8364c", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-23.05", + "ref": "release-23.11", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1711703276, - "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", + "lastModified": 1713297878, + "narHash": "sha256-hOkzkhLT59wR8VaMbh1ESjtZLbGi+XNaBN6h49SPqEc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089", + "rev": "66adc1e47f8784803f2deb6cacd5e07264ec2d5c", "type": "github" }, "original": { @@ -687,11 +686,11 @@ }, "nixpkgs-vscodium": { "locked": { - "lastModified": 1711703276, - "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", + "lastModified": 1713297878, + "narHash": "sha256-hOkzkhLT59wR8VaMbh1ESjtZLbGi+XNaBN6h49SPqEc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089", + "rev": "66adc1e47f8784803f2deb6cacd5e07264ec2d5c", "type": "github" }, "original": { @@ -709,11 +708,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1707290091, - "narHash": "sha256-QX1lZCenEuNe/yFnPUuxEA5B3QJx3D5UEeLvWQ4QK1w=", + "lastModified": 1713543674, + "narHash": "sha256-vQPF8Y36O99EuS0aVIZDlO9SuwlXzGfzQGNKeaBTFxg=", "owner": "nix-community", "repo": "nixpkgs-wayland", - "rev": "2a54a12e504659a36b20bfce96522b403fa73fdd", + "rev": "ee21b656ea43b305c8f7e25ab2994aec375083eb", "type": "github" }, "original": { @@ -740,11 +739,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1707092692, - "narHash": "sha256-ZbHsm+mGk/izkWtT4xwwqz38fdlwu7nUUKXTOmm4SyE=", + "lastModified": 1713297878, + "narHash": "sha256-hOkzkhLT59wR8VaMbh1ESjtZLbGi+XNaBN6h49SPqEc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "faf912b086576fd1a15fca610166c98d47bc667e", + "rev": "66adc1e47f8784803f2deb6cacd5e07264ec2d5c", "type": "github" }, "original": { @@ -773,16 +772,16 @@ "openvscode-server": { "flake": false, "locked": { - "lastModified": 1708067838, - "narHash": "sha256-GNqDYqi40X7/og3TacvKyPj6c5amkxTYr/1DsnGV2AI=", + "lastModified": 1710222452, + "narHash": "sha256-v9q0+qhgDhqejSI6ioAUNsAKK27o/Uo0KUtuAuSQYig=", "owner": "gitpod-io", "repo": "openvscode-server", - "rev": "fa212cab64faaac10741979e96a0662d14f61c81", + "rev": "aca758f19920d86e66dd5066ed290b9999b177ed", "type": "github" }, "original": { "owner": "gitpod-io", - "ref": "openvscode-server-v1.86.2", + "ref": "openvscode-server-v1.87.1", "repo": "openvscode-server", "type": "github" } @@ -790,11 +789,11 @@ "prs": { "flake": false, "locked": { - "lastModified": 1692545676, - "narHash": "sha256-jA97WxXBgWtttXnTBxfb4lPEEFqRMflL1BYfDCYeVfo=", + "lastModified": 1710690510, + "narHash": "sha256-MvQ0B35NF/AuGHBMa201FkFlU/UX0WXMcBRxTJwpUFw=", "owner": "timvisee", "repo": "prs", - "rev": "308e753f769e5ddcda14d13eeeb7b40c5887e0ca", + "rev": "b0d7c2f193de501c880c41e486299c420c1f6e6b", "type": "gitlab" }, "original": { @@ -816,6 +815,7 @@ "disko" ], "dotfiles": "dotfiles", + "espanso": "espanso", "fenix": "fenix", "flake-parts": "flake-parts", "get-flake": "get-flake", @@ -865,11 +865,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1706875368, - "narHash": "sha256-KOBXxNurIU2lEmO6lR2A5El32X9x8ITt25McxKZ/Ew0=", + "lastModified": 1713373173, + "narHash": "sha256-octd9BFY9G/Gbr4KfwK4itZp4Lx+qvJeRRcYnN+dEH8=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "8f6a72871ec87ed53cfe43a09fb284168a284e7e", + "rev": "46702ffc1a02a2ac153f1d1ce619ec917af8f3a6", "type": "github" }, "original": { @@ -903,11 +903,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1707015547, - "narHash": "sha256-YZr0OrqWPdbwBhxpBu69D32ngJZw8AMgZtJeaJn0e94=", + "lastModified": 1713532771, + "narHash": "sha256-vfKxhYVMzG2tg48/1rewBoSLCrKIjQsG1j7Nm/Y2gf4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "23f61b897c00b66855074db471ba016e0cda20dd", + "rev": "a929a011a09db735abc45a8a45d1ff7fdee62755", "type": "github" }, "original": { @@ -918,17 +918,16 @@ }, "srvos": { "inputs": { - "flake-parts": "flake-parts_4", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1707160670, - "narHash": "sha256-svt/yQB8l/edU9yhYB78lIGKiaO7mXzUQvu/uJLZAVs=", + "lastModified": 1713533513, + "narHash": "sha256-nv5GmWaGryyZU8ihQIYLZWasqaXTZKGTjsypG0TRw9Q=", "owner": "numtide", "repo": "srvos", - "rev": "977371a151fc3c96d6fac923b3032d07000e9490", + "rev": "d8945920cb8e98dc737d1fc2d42607f5916c34cf", "type": "github" }, "original": { @@ -983,6 +982,21 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -1034,11 +1048,11 @@ ] }, "locked": { - "lastModified": 1707043587, - "narHash": "sha256-bSuJX5BNN31XMFPinZhteeJO0M8ZHaSoXQXXwZ5MR1c=", + "lastModified": 1710356110, + "narHash": "sha256-dLYYHNiimcY5WMOnYs9zHVKdjqoPhdFhbEJa2h5hel0=", "owner": "l4l", "repo": "yofi", - "rev": "5b67f8db1ee9bd1e09b3bf3354d08bd5e89f596e", + "rev": "0d7af4653fa8f119a4aee0b7981edc88a6c7e892", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 84bfddd..b70e17a 100644 --- a/flake.nix +++ b/flake.nix @@ -26,7 +26,7 @@ nix-vscode-extensions.url = "github:nix-community/nix-vscode-extensions"; nixpkgs-vscodium.url = "github:nixos/nixpkgs/nixos-unstable"; - openvscode-server.url = "github:gitpod-io/openvscode-server/openvscode-server-v1.86.2"; + openvscode-server.url = "github:gitpod-io/openvscode-server/openvscode-server-v1.87.1"; openvscode-server.flake = false; colmena = { @@ -108,6 +108,11 @@ flake = false; url = "https://www.stefanjunker.de/downloads/Logseq-0.10.5.AppImage"; }; + + espanso = { + flake = false; + url = "github:espanso/espanso/db97658d1d80697a635b57801696c594eacf057b"; + }; }; outputs = inputs @ { @@ -278,7 +283,7 @@ }) {}; - nomad = inputs'.nixpkgs-unstable-small.legacyPackages.nomad_1_6; + nomad = inputs'.nixpkgs-unstable.legacyPackages.nomad_1_6; ledger-live-desktop-wrapped = pkgs.writeShellScriptBin "ledger-live-desktop-wrapped" '' set -x @@ -313,7 +318,7 @@ overrideSrc = self.inputs.logseq_0_10_5_aarch64_appimage; }); - rperf = craneLib.buildPackage { + rperf = craneLib.buildPackage { src = inputs.rperf; nativeBuildInputs = [ pkgs.pkg-config diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index a8c96b3..3d1fa8e 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -9,7 +9,7 @@ ... }: let # pkgsMaster = nodeFlake.inputs.nixpkgs-master.legacyPackages.${pkgs.system}; - pkgsUnstableSmall = import nodeFlake.inputs.nixpkgs-unstable-small {inherit (pkgs) system config;}; + pkgsUnstable = import nodeFlake.inputs.nixpkgs-unstable {inherit (pkgs) system config;}; in { imports = [ ../profiles/common.nix @@ -107,24 +107,7 @@ in { # FIXME: depends on insecure openssl 1.1.1t # kotatogram-desktop tdesktop - - ( - let - version = "6.46.0"; - in - pkgsUnstableSmall.signal-desktop.overrideAttrs (old: - lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 { - inherit version; - src = - builtins.fetchurl - { - url = "https://github.com/0mniteck/Signal-Desktop-Mobian/raw/108f9dd03ac5658457de1b23aae539ef8ab0a716/builds/release/signal-desktop_${version}_arm64.deb"; - sha256 = - # lib.fakeSha256 - "sha256:15sn0p0jxfs7hka6qhg77vjwblwxcdc10ybrfxc0p5gkpbcqcydc"; - }; - }) - ) + signal-desktop thunderbird @@ -156,8 +139,8 @@ in { nethogs # Code Editing and Programming - pkgsUnstableSmall.lapce - pkgsUnstableSmall.helix + pkgsUnstable.lapce + pkgsUnstable.helix # Image/Graphic/Design Tools gnome.eog @@ -251,48 +234,14 @@ in { ++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [ ]) ++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [ - ( - pkgs.banana-accounting.overrideDerivation - (attrs: - with nodeFlake.inputs'.nixpkgs-2211.legacyPackages; { - # dontWrapGApps = true; - - srcs = builtins.fetchurl { - # hosted via https://web3.storage - url = "https://bafybeiabi4m2i4izummipbl5wzhwxjyjt2rylgsrahhkh7i63piwd37n4u.ipfs.w3s.link/mfpcksczayaqqx8fdacp0627zm36c001-bananaplus.tgz"; - - sha256 = "09666iqzqdw2526pf6bg5kd0hfw0wblw8ag636ki72dsiw6bmbf1"; - }; - - # nativeBuildInputs = - # attrs.nativeBuildInputs - # ++ [ - # qt5.qtbase - # qt5.wrapQtAppsHook - # ]; - - # buildInputs = - # attrs.buildInputs - # ++ [ - # qt5.qtwayland - # ]; - - # preFixup = - # (attrs.preFixup or "") - # + '' - # qtWrapperArgs+=("''${gappsWrapperArgs[@]}") - # ''; - }) - ) - - pkgsUnstableSmall.ledger-live-desktop + pkgsUnstable.ledger-live-desktop # unsupported on aarch64-linux pkgs.androidenv.androidPkgs_9_0.platform-tools pkgs.teamviewer pkgs.discord - pkgsUnstableSmall.session-desktop - pkgsUnstableSmall.rustdesk + pkgsUnstable.session-desktop + pkgsUnstable.rustdesk ]); systemd.user.startServices = true; diff --git a/nix/home-manager/programs/espanso.nix b/nix/home-manager/programs/espanso.nix index 23f727a..86d6371 100644 --- a/nix/home-manager/programs/espanso.nix +++ b/nix/home-manager/programs/espanso.nix @@ -1,9 +1,23 @@ -{pkgs, ...}: { +{ + pkgs, + repoFlake, + ... +}: { services.espanso = { - # package = pkgs.espanso.overrideAttrs(_: { - # # src = - # }) - enable = true; + package = pkgs.espanso-wayland; + # package = pkgs.espanso-wayland.overrideAttrs (_: { + # src = repoFlake.inputs.espanso; + + # cargoLock = { + # # lockFile = "${repoFlake.inputs.espanso.outPath}/Cargo.lock"; + # lockFile = repoFlake.inputs.espanso + "/Cargo.lock"; + # outputHashes = { + # "yaml-rust-0.4.6" = "sha256-wXFy0/s4y6wB3UO19jsLwBdzMy7CGX4JoUt5V6cU7LU="; + # }; + # }; + # }); + + enable = false; configs = { default = { # backend = "Inject"; diff --git a/nix/os/devices/router0-dmz0/flake.lock b/nix/os/devices/router0-dmz0/flake.lock index d1a0074..6447ca0 100644 --- a/nix/os/devices/router0-dmz0/flake.lock +++ b/nix/os/devices/router0-dmz0/flake.lock @@ -49,11 +49,11 @@ ] }, "locked": { - "lastModified": 1711934712, - "narHash": "sha256-sBDe+QmX/QohlnKeSEzrftcXyZL5FY09OMjZ59Rpyy4=", + "lastModified": 1714405407, + "narHash": "sha256-h3pOvHCXkSdp1KOZqtkQmHgkR7VaOJXDhqhumk7sZLY=", "owner": "nix-community", "repo": "disko", - "rev": "611c9ea53250f7bb22286b3d26872280a0e608f9", + "rev": "5eaf747af38dd272e1ab28a8ec4bd972424b07cf", "type": "github" }, "original": { @@ -64,11 +64,11 @@ }, "get-flake": { "locked": { - "lastModified": 1694475786, - "narHash": "sha256-s5wDmPooMUNIAAsxxCMMh9g68AueGg63DYk2hVZJbc8=", + "lastModified": 1714237590, + "narHash": "sha256-9gtHdGbzFHaR20xORN8IYd67ROWS+1nqQ5CsPf9MD8I=", "owner": "ursi", "repo": "get-flake", - "rev": "ac54750e3b95dab6ec0726d77f440efe6045bec1", + "rev": "a6c57417d1b857b8be53aba4095869a0f438c502", "type": "github" }, "original": { @@ -84,11 +84,11 @@ ] }, "locked": { - "lastModified": 1710888565, - "narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=", + "lastModified": 1714043624, + "narHash": "sha256-Xn2r0Jv95TswvPlvamCC46wwNo8ALjRCMBJbGykdhcM=", "owner": "nix-community", "repo": "home-manager", - "rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce", + "rev": "86853e31dc1b62c6eeed11c667e8cdd0285d4411", "type": "github" }, "original": { @@ -101,11 +101,11 @@ "hostapd": { "flake": false, "locked": { - "lastModified": 1712252662, - "narHash": "sha256-eQ6SiquqNFL/uewktFYFASQOC3qKbKDnG5l4VHcDouk=", + "lastModified": 1713985129, + "narHash": "sha256-TBC+vZMFPApHAlw5FDPGqgZeYNskdvF56mJsSBoAm1M=", "ref": "refs/heads/main", - "rev": "e2ae53e1dbce10161a90bf2e64fd7241e40f4b71", - "revCount": 19445, + "rev": "1dda619ed291edddf979d4513ddc59abf0a30c9e", + "revCount": 19546, "type": "git", "url": "git://w1.fi/hostap.git?branch=main" }, @@ -137,11 +137,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1712168706, - "narHash": "sha256-XP24tOobf6GGElMd0ux90FEBalUtw6NkBSVh/RlA6ik=", + "lastModified": 1714409183, + "narHash": "sha256-Wacm/DrzLD7mjFGnSxxyGkJgg2unU/dNdNgdngBH+RU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1487bdea619e4a7a53a4590c475deabb5a9d1bfb", + "rev": "576ecd43d3b864966b4423a853412d6177775e8b", "type": "github" }, "original": { @@ -189,11 +189,11 @@ ] }, "locked": { - "lastModified": 1712191870, - "narHash": "sha256-+MzSZ4IuZNT4QJS8b+gM48thfWkrJ7vL4NV5zG8Lqx8=", + "lastModified": 1714444742, + "narHash": "sha256-FOWYXEEtwYKAGmXgKVYli/VsA8XpeR+4wNKt+3M/9b4=", "owner": "numtide", "repo": "srvos", - "rev": "ddafe2fd3547f63e6bf75b6e1a99ecfa61c59687", + "rev": "b18e74f2245eaae150bc753821079c2512fe1516", "type": "github" }, "original": { diff --git a/nix/os/devices/sj-bm-hostkey0/configuration.nix b/nix/os/devices/sj-bm-hostkey0/configuration.nix index 17baea3..c2068d9 100644 --- a/nix/os/devices/sj-bm-hostkey0/configuration.nix +++ b/nix/os/devices/sj-bm-hostkey0/configuration.nix @@ -10,7 +10,7 @@ system, ... }: let - pkgsUnstableSmall = import nodeFlake.inputs.nixpkgs-unstable-small {inherit (pkgs) system config;}; + pkgsUnstable = import nodeFlake.inputs.nixpkgs-unstable {inherit (pkgs) system config;}; pkgsVscodium = import repoFlake.inputs.nixpkgs-vscodium {inherit (pkgs) system config;}; in { disabledModules = [ @@ -57,14 +57,27 @@ in { pkgs.alejandra pkgs.nixfmt + repoFlake.packages.${system}.rperf + # TODO: automate linking this # 1. get the commit with: `codium --version` # 2. create the binary directory: `mkdir -p /home/steveej/.vscodium-server/bin/c8ce3ba4bc6b30b3b10edc61481cb85b1d2396bc/bin/` # 3. link the binary. this relies on the client-side setting `"remote.SSH.experimental.serverBinaryName": "openvscode-server"` : ln -s $(which openvscode-server) /home/steveej/.vscodium-server/bin/c8ce3ba4bc6b30b3b10edc61481cb85b1d2396bc/bin/ - (pkgsVscodium.openvscode-server.overrideAttrs(attrs: { + + /* + e.g.: + ``` + ( + set -e + export COMMIT=$(codium --version | rg '^[0-9a-f]{40}$') + ssh bm-hostkey0 "rm -rf /home/steveej/.vscodium-server/bin/$COMMIT; mkdir -p /home/steveej/.vscodium-server/bin/$COMMIT/bin/; ln -s \$(which openvscode-server) /home/steveej/.vscodium-server/bin/$COMMIT/bin/" + ) + ``` + */ + (pkgsVscodium.openvscode-server.overrideAttrs (attrs: { src = repoFlake.inputs.openvscode-server; - version = "1.86.2"; - yarnCache = attrs.yarnCache.overrideAttrs (_: {outputHash = "sha256-mB7Fw/5pCBJNGtH3PvGhZOAIP/C2MoSvBvZy17TPN9U=";}); + version = "1.87.1"; + yarnCache = attrs.yarnCache.overrideAttrs (_: {outputHash = "sha256-oRuy7PjVv3Y24GQlvX4tPPndvKTgxbv7TR8ytTBY2DQ=";}); })) ]; }; diff --git a/nix/os/devices/sj-bm-hostkey0/flake.lock b/nix/os/devices/sj-bm-hostkey0/flake.lock index 23f7435..67a4e0a 100644 --- a/nix/os/devices/sj-bm-hostkey0/flake.lock +++ b/nix/os/devices/sj-bm-hostkey0/flake.lock @@ -72,12 +72,29 @@ "type": "github" } }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1713714899, + "narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "6143fc5eeb9c4f00163267708e26191d1e918932", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "disko": "disko", "get-flake": "get-flake", "home-manager": "home-manager", "nixpkgs": "nixpkgs", + "nixpkgs-unstable": "nixpkgs-unstable", "srvos": "srvos" } }, diff --git a/nix/os/devices/sj-bm-hostkey0/flake.nix b/nix/os/devices/sj-bm-hostkey0/flake.nix index 74478dd..a61f1bc 100644 --- a/nix/os/devices/sj-bm-hostkey0/flake.nix +++ b/nix/os/devices/sj-bm-hostkey0/flake.nix @@ -1,6 +1,7 @@ { inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; get-flake.url = "github:ursi/get-flake"; diff --git a/nix/os/devices/steveej-t14/flake.nix b/nix/os/devices/steveej-t14/flake.nix index 357ecab..d2a549b 100644 --- a/nix/os/devices/steveej-t14/flake.nix +++ b/nix/os/devices/steveej-t14/flake.nix @@ -3,7 +3,6 @@ inputs.nixpkgs-2305.url = "github:nixos/nixpkgs/nixos-23.05"; inputs.nixpkgs-2311.url = "github:nixos/nixpkgs/nixos-23.11"; inputs.nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; - inputs.nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; inputs.nixpkgs-master.url = "github:nixos/nixpkgs/master"; inputs.nixpkgs.follows = "nixpkgs-2311"; From 8c067eb449e573917a68136d670dc00edc0a345f Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 2 May 2024 09:49:37 +0200 Subject: [PATCH 071/305] feat: config obs-studio with plugins --- .../configuration/graphical-fullblown.nix | 3 ++- nix/home-manager/programs/obs-studio.nix | 23 ++++++++++++++----- 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 3d1fa8e..2a80202 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -33,6 +33,8 @@ in { ../programs/libreoffice.nix ../programs/neovim.nix ../programs/vscode + + ../programs/obs-studio.nix ]; home.sessionVariables.HM_CONFIG = "graphical-fullblown"; @@ -208,7 +210,6 @@ in { # shutter # kazam # doesn't start # xvidcap # doesn't keep the recording rectangle - # obs-studio # shotcut # openshot-qt # introduces python: screenkey diff --git a/nix/home-manager/programs/obs-studio.nix b/nix/home-manager/programs/obs-studio.nix index ff88d1a..8673eb0 100644 --- a/nix/home-manager/programs/obs-studio.nix +++ b/nix/home-manager/programs/obs-studio.nix @@ -1,10 +1,21 @@ -{pkgs, ...}: { +{ + pkgs, + lib, + ... +}: { programs.obs-studio = { enable = true; - plugins = with pkgs.obs-studio-plugins; [ - wlrobs - obs-backgroundremoval - obs-pipewire-audio-capture - ]; + plugins = + builtins.map (plugin: (plugin.overrideAttrs (attrs: { + meta = lib.mkMerge [ + {inherit (attrs) meta;} + {meta.platforms = ["aarch64-linux"];} + ]; + }))) + (with pkgs.obs-studio-plugins; [ + # wlrobs + obs-backgroundremoval + obs-pipewire-audio-capture + ]); }; } From adff5d7a37dcca042fc0a273f97eae22058d0df7 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 2 May 2024 09:50:12 +0200 Subject: [PATCH 072/305] chore(graphical-fullblown): add element-desktop and virt-manager --- nix/home-manager/configuration/graphical-fullblown.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 2a80202..f66d319 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -98,13 +98,12 @@ in { # Messaging/Communication # pidgin # hexchat - # schildichat-desktop # insecure as of 2023-12-16 + pkgsUnstable.element-desktop aspellDicts.en aspellDicts.de # skypeforlinux # pkgsUnstable.jitsi-meet-electron thunderbird - evolution # gnome4.glib_networking # FIXME: depends on insecure openssl 1.1.1t # kotatogram-desktop @@ -116,7 +115,7 @@ in { # gnome.cheese # Virtualization - # virtmanager + virt-manager # Remote Control Tools remmina From bca2d47a40471568bba5c345cb8221a848b57e9e Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 2 May 2024 09:51:05 +0200 Subject: [PATCH 073/305] feat(steveej-x13s): configure mycelium service --- nix/os/devices/steveej-x13s/configuration.nix | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index de52133..2f9ecda 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -59,6 +59,8 @@ }; imports = [ + "${nodeFlake.inputs.nixpkgs-unstable}/nixos/modules/services/networking/mycelium.nix" + nodeFlake.inputs.nixos-x13s.nixosModules.default repoFlake.inputs.sops-nix.nixosModules.sops @@ -218,6 +220,25 @@ "nixos-x13s.cachix.org-1:SzroHbidolBD3Sf6UusXp12YZ+a5ynWv0RtYF0btFos=" ]; + sops.secrets.mycelium-key = { + format = "binary"; + sopsFile = repoFlake + "/secrets/steveej-x13s/mycelium_priv_key.bin.enc"; + }; + + services.mycelium = { + enable = true; + package = nodeFlake.inputs.mycelium.packages.${system}.mycelium; + keyFile = config.sops.secrets.mycelium-key.path; + addHostedPublicNodes = true; + peers = [ + ]; + + # tunName = "mycelium-pub"; + + extraArgs = [ + ]; + }; + steveej.holo-zerotier = { enable = true; autostart = false; From e1e82736457c5b78489d6cc7e1499100af42d60e Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 2 May 2024 09:51:27 +0200 Subject: [PATCH 074/305] feat(gpg-agent): disallow exernal caching --- nix/home-manager/programs/gpg-agent.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nix/home-manager/programs/gpg-agent.nix b/nix/home-manager/programs/gpg-agent.nix index 5fff979..da4ce37 100644 --- a/nix/home-manager/programs/gpg-agent.nix +++ b/nix/home-manager/programs/gpg-agent.nix @@ -23,7 +23,9 @@ enableSshSupport = true; grabKeyboardAndMouse = true; pinentryFlavor = lib.mkDefault "gtk2"; - extraConfig = ""; + extraConfig = '' + no-allow-external-cache + ''; defaultCacheTtl = 0; maxCacheTtl = 0; From c4feb92209d8ce976e4af4a02daa22c8eb52c39b Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 2 May 2024 15:33:32 +0200 Subject: [PATCH 075/305] steveej-x13s: bump flake inputs --- nix/os/devices/steveej-x13s/flake.lock | 32 +++++++++++++------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 28fbed5..65d3524 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1714103775, - "narHash": "sha256-kcBiIrmqzt3bNTr2GMBfAyA+on8BEKO1iKzzDFQZkjI=", + "lastModified": 1714612856, + "narHash": "sha256-W7+rtMzRmdovzndN2NYUv5xzkbMudtQ3jbyFuGk0O1E=", "owner": "nix-community", "repo": "disko", - "rev": "285e26465a0bae510897ca04da26ce6307c652b4", + "rev": "d57058eb09dd5ec00c746df34fe0a603ea744370", "type": "github" }, "original": { @@ -150,11 +150,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1714139182, - "narHash": "sha256-YJVnPzgGQZSg429K3G+p00Tz/pSDP6PnnofQv+QQiq4=", + "lastModified": 1714650670, + "narHash": "sha256-iyOG4SnKuCDS8KFtYx6zcUl/K6Mpi+mGXbkKtKAbopY=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "434ad27db267a203faf5c97bb32e374bec4c6ce0", + "rev": "570d978c00b5db9cf7fb0cb0c6653331884675b7", "type": "github" }, "original": { @@ -184,11 +184,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1713787000, - "narHash": "sha256-Cy+xbH8n+vW3TRYhNdRnr0z02Cy6jOeD65xRLS5yunM=", + "lastModified": 1714576641, + "narHash": "sha256-qguKE5Ga+RJLClIy0BRPLq8lLIgEUswO31j/+myeXLk=", "ref": "main", - "rev": "75542063f325e6f74b47e76fdcb8a98c5261bb29", - "revCount": 55, + "rev": "0e16eff1dbf03b678a3c9f5a2400372176467d09", + "revCount": 59, "type": "git", "url": "https://codeberg.org/adamcstephens/nixos-x13s" }, @@ -250,11 +250,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1713714899, - "narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=", + "lastModified": 1714253743, + "narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6143fc5eeb9c4f00163267708e26191d1e918932", + "rev": "58a1abdbae3217ca6b702f03d3b35125d88a2994", "type": "github" }, "original": { @@ -266,11 +266,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1714272655, - "narHash": "sha256-3/ghIWCve93ngkx5eNPdHIKJP/pMzSr5Wc4rNKE1wOc=", + "lastModified": 1714531828, + "narHash": "sha256-ILsf3bdY/hNNI/Hu5bSt2/KbmHaAVhBbNUOdGztTHEg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "12430e43bd9b81a6b4e79e64f87c624ade701eaf", + "rev": "0638fe2715d998fa81d173aad264eb671ce2ebc1", "type": "github" }, "original": { From 00525286a9ad1793a8504c0a6a01acf76fe602f1 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 2 May 2024 19:20:09 +0200 Subject: [PATCH 076/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 65d3524..8759ba8 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -150,11 +150,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1714650670, - "narHash": "sha256-iyOG4SnKuCDS8KFtYx6zcUl/K6Mpi+mGXbkKtKAbopY=", + "lastModified": 1714663505, + "narHash": "sha256-tWxb38ZpQm7zH413M9osBk0OqzZonlIuqmQhMudpnUc=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "570d978c00b5db9cf7fb0cb0c6653331884675b7", + "rev": "ba5452bf6cef7f0c59126f65badd9b3ee5817ad3", "type": "github" }, "original": { From cbafc6cdc2b9785db90e27a8965a9be5e62a6d14 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 7 May 2024 15:59:00 +0200 Subject: [PATCH 077/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 62 ++++++++++++-------------- 1 file changed, 28 insertions(+), 34 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 8759ba8..bdf4342 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1714612856, - "narHash": "sha256-W7+rtMzRmdovzndN2NYUv5xzkbMudtQ3jbyFuGk0O1E=", + "lastModified": 1715070411, + "narHash": "sha256-5CNvkH0Nf7yMwgKhjUNg/lUK40C7DXB4zKOuA2jVO90=", "owner": "nix-community", "repo": "disko", - "rev": "d57058eb09dd5ec00c746df34fe0a603ea744370", + "rev": "4677f6c53482a8b01ee93957e3bdd569d51261d6", "type": "github" }, "original": { @@ -59,11 +59,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1712014858, - "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", + "lastModified": 1714641030, + "narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", + "rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e", "type": "github" }, "original": { @@ -150,11 +150,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1714663505, - "narHash": "sha256-tWxb38ZpQm7zH413M9osBk0OqzZonlIuqmQhMudpnUc=", + "lastModified": 1715075814, + "narHash": "sha256-yJa9JtW+Gjkzt1n278QDnpZz2n8NjQ+P8TfB0OX0aMo=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "ba5452bf6cef7f0c59126f65badd9b3ee5817ad3", + "rev": "776f01a34c1f47cf7e23a7bdfd4c508460b7bcaa", "type": "github" }, "original": { @@ -184,11 +184,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1714576641, - "narHash": "sha256-qguKE5Ga+RJLClIy0BRPLq8lLIgEUswO31j/+myeXLk=", + "lastModified": 1715009478, + "narHash": "sha256-o2ZnB7TIGqawzrFCex+anAopOy/PA4qSJ788hZbbm4g=", "ref": "main", - "rev": "0e16eff1dbf03b678a3c9f5a2400372176467d09", - "revCount": 59, + "rev": "8e01e9917f038ea72bdc37b130ba1a0fa82a84f3", + "revCount": 62, "type": "git", "url": "https://codeberg.org/adamcstephens/nixos-x13s" }, @@ -216,29 +216,23 @@ }, "nixpkgs-lib": { "locked": { - "dir": "lib", - "lastModified": 1711703276, - "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089", - "type": "github" + "lastModified": 1714640452, + "narHash": "sha256-QBx10+k6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" }, "original": { - "dir": "lib", - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1714253743, - "narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=", + "lastModified": 1714906307, + "narHash": "sha256-UlRZtrCnhPFSJlDQE7M0eyhgvuuHBTe1eJ9N9AQlJQ0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "58a1abdbae3217ca6b702f03d3b35125d88a2994", + "rev": "25865a40d14b3f9cf19f19b924e2ab4069b09588", "type": "github" }, "original": { @@ -250,11 +244,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1714253743, - "narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=", + "lastModified": 1714906307, + "narHash": "sha256-UlRZtrCnhPFSJlDQE7M0eyhgvuuHBTe1eJ9N9AQlJQ0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "58a1abdbae3217ca6b702f03d3b35125d88a2994", + "rev": "25865a40d14b3f9cf19f19b924e2ab4069b09588", "type": "github" }, "original": { @@ -266,11 +260,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1714531828, - "narHash": "sha256-ILsf3bdY/hNNI/Hu5bSt2/KbmHaAVhBbNUOdGztTHEg=", + "lastModified": 1714971268, + "narHash": "sha256-IKwMSwHj9+ec660l+I4tki/1NRoeGpyA2GdtdYpAgEw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "0638fe2715d998fa81d173aad264eb671ce2ebc1", + "rev": "27c13997bf450a01219899f5a83bd6ffbfc70d3c", "type": "github" }, "original": { From e93a983b0e06b0aa3608cb46bcf58ebbd4f7502a Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 11 May 2024 14:50:34 +0200 Subject: [PATCH 078/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 30 +++++++++++++------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index bdf4342..602fd8a 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1715070411, - "narHash": "sha256-5CNvkH0Nf7yMwgKhjUNg/lUK40C7DXB4zKOuA2jVO90=", + "lastModified": 1715217706, + "narHash": "sha256-yEB5SEHc+o3WJpUPw455OdLy9A+gffvCJX8DZ7NCkuo=", "owner": "nix-community", "repo": "disko", - "rev": "4677f6c53482a8b01ee93957e3bdd569d51261d6", + "rev": "8eb1b315eef89f3bdc5c9814d1b207c6d64f0046", "type": "github" }, "original": { @@ -111,11 +111,11 @@ ] }, "locked": { - "lastModified": 1714043624, - "narHash": "sha256-Xn2r0Jv95TswvPlvamCC46wwNo8ALjRCMBJbGykdhcM=", + "lastModified": 1715381426, + "narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=", "owner": "nix-community", "repo": "home-manager", - "rev": "86853e31dc1b62c6eeed11c667e8cdd0285d4411", + "rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4", "type": "github" }, "original": { @@ -150,11 +150,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1715075814, - "narHash": "sha256-yJa9JtW+Gjkzt1n278QDnpZz2n8NjQ+P8TfB0OX0aMo=", + "lastModified": 1715169868, + "narHash": "sha256-tzClzZyFy9w5+bSP37Ci41qMhnU9M+1VlEX58cmLKc8=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "776f01a34c1f47cf7e23a7bdfd4c508460b7bcaa", + "rev": "1f625a8e99faf4101be343a8dd3b5059e6d2f715", "type": "github" }, "original": { @@ -228,11 +228,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1714906307, - "narHash": "sha256-UlRZtrCnhPFSJlDQE7M0eyhgvuuHBTe1eJ9N9AQlJQ0=", + "lastModified": 1715266358, + "narHash": "sha256-doPgfj+7FFe9rfzWo1siAV2mVCasW+Bh8I1cToAXEE4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "25865a40d14b3f9cf19f19b924e2ab4069b09588", + "rev": "f1010e0469db743d14519a1efd37e23f8513d714", "type": "github" }, "original": { @@ -260,11 +260,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1714971268, - "narHash": "sha256-IKwMSwHj9+ec660l+I4tki/1NRoeGpyA2GdtdYpAgEw=", + "lastModified": 1715218190, + "narHash": "sha256-R98WOBHkk8wIi103JUVQF3ei3oui4HvoZcz9tYOAwlk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "27c13997bf450a01219899f5a83bd6ffbfc70d3c", + "rev": "9a9960b98418f8c385f52de3b09a63f9c561427a", "type": "github" }, "original": { From 54f94b8710515cbaf09f2589adbeb8f8742e1ba6 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 13 May 2024 14:49:44 +0200 Subject: [PATCH 079/305] nix/os/devices/sj-bm-hostkey0: bump versions --- nix/os/devices/sj-bm-hostkey0/flake.lock | 40 ++++++++++++------------ nix/os/devices/sj-bm-hostkey0/flake.nix | 4 +-- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/nix/os/devices/sj-bm-hostkey0/flake.lock b/nix/os/devices/sj-bm-hostkey0/flake.lock index 67a4e0a..832bf07 100644 --- a/nix/os/devices/sj-bm-hostkey0/flake.lock +++ b/nix/os/devices/sj-bm-hostkey0/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1709286488, - "narHash": "sha256-RDpTZ72zLu05djvXRzK76Ysqp9zSdh84ax/edEaJucs=", + "lastModified": 1715563999, + "narHash": "sha256-DDXZOKK0C5YeZ/GTUj7HiT+oqYIt8+qTsldaDvhWHFc=", "owner": "nix-community", "repo": "disko", - "rev": "bde7dd352c07d43bd5b8245e6c39074a391fdd46", + "rev": "e972a78f4a49cd92075d64b6feeef64d26bf2996", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "get-flake": { "locked": { - "lastModified": 1694475786, - "narHash": "sha256-s5wDmPooMUNIAAsxxCMMh9g68AueGg63DYk2hVZJbc8=", + "lastModified": 1714237590, + "narHash": "sha256-9gtHdGbzFHaR20xORN8IYd67ROWS+1nqQ5CsPf9MD8I=", "owner": "ursi", "repo": "get-flake", - "rev": "ac54750e3b95dab6ec0726d77f440efe6045bec1", + "rev": "a6c57417d1b857b8be53aba4095869a0f438c502", "type": "github" }, "original": { @@ -38,31 +38,31 @@ "home-manager": { "inputs": { "nixpkgs": [ - "nixpkgs" + "nixpkgs-unstable" ] }, "locked": { - "lastModified": 1709204054, - "narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=", + "lastModified": 1715337759, + "narHash": "sha256-40LDJ1bgnIDHMq9ooNKAe6pg8ukxmecvfrF5yELPrWs=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f3367769a93b226c467551315e9e270c3f78b15", + "rev": "f61917cbaa6dba317e757aefd0bbb56403aff2f8", "type": "github" }, "original": { "owner": "nix-community", - "ref": "master", "repo": "home-manager", + "rev": "f61917cbaa6dba317e757aefd0bbb56403aff2f8", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1709218635, - "narHash": "sha256-nytX/MkfqeTD4z7bMq4QRXcHxO9B3vRo9tM6fMtPFA8=", + "lastModified": 1715395895, + "narHash": "sha256-DreMqi6+qa21ffLQqhMQL2XRUkAGt3N7iVB5FhJKie4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "068d4db604958d05d0b46c47f79b507d84dbc069", + "rev": "71bae31b7dbc335528ca7e96f479ec93462323ff", "type": "github" }, "original": { @@ -74,11 +74,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1713714899, - "narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=", + "lastModified": 1715447595, + "narHash": "sha256-VsVAUQOj/cS1LCOmMjAGeRksXIAdPnFIjCQ0XLkCsT0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6143fc5eeb9c4f00163267708e26191d1e918932", + "rev": "062ca2a9370a27a35c524dc82d540e6e9824b652", "type": "github" }, "original": { @@ -105,11 +105,11 @@ ] }, "locked": { - "lastModified": 1709290688, - "narHash": "sha256-uGOqZffYg3mNS43MI6yhYB5tE8QYXgvCzO8dg5lC9TA=", + "lastModified": 1715579044, + "narHash": "sha256-5nquTfUmom5otO4llOeSZWi7v2ij304Fia43vvJqc5g=", "owner": "numtide", "repo": "srvos", - "rev": "8e1328f734bff51198c44facd064b257756343c5", + "rev": "c1448c70f0106dc664de7a3c6e899a5014a98911", "type": "github" }, "original": { diff --git a/nix/os/devices/sj-bm-hostkey0/flake.nix b/nix/os/devices/sj-bm-hostkey0/flake.nix index a61f1bc..3909407 100644 --- a/nix/os/devices/sj-bm-hostkey0/flake.nix +++ b/nix/os/devices/sj-bm-hostkey0/flake.nix @@ -5,8 +5,8 @@ get-flake.url = "github:ursi/get-flake"; - home-manager.url = "github:nix-community/home-manager/master"; - home-manager.inputs.nixpkgs.follows = "nixpkgs"; + home-manager.url = "github:nix-community/home-manager/f61917cbaa6dba317e757aefd0bbb56403aff2f8"; + home-manager.inputs.nixpkgs.follows = "nixpkgs-unstable"; disko.url = "github:nix-community/disko"; disko.inputs.nixpkgs.follows = "nixpkgs"; From 407438d86568517325c3f27f1b87402c600cb812 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 16 May 2024 15:42:15 +0200 Subject: [PATCH 080/305] feat(nix,bm-hostkey0): relaxed sandbox, SSH RemoteForward support, add pass, holo cache --- nix/os/devices/sj-bm-hostkey0/configuration.nix | 10 ++++++++++ nix/os/snippets/nix-settings-holo-chain.nix | 6 +++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/nix/os/devices/sj-bm-hostkey0/configuration.nix b/nix/os/devices/sj-bm-hostkey0/configuration.nix index c2068d9..04fa94a 100644 --- a/nix/os/devices/sj-bm-hostkey0/configuration.nix +++ b/nix/os/devices/sj-bm-hostkey0/configuration.nix @@ -33,6 +33,9 @@ in { ../../profiles/common/user.nix ../../snippets/nix-settings.nix ../../snippets/nix-settings-holo-chain.nix + { + nix.settings.sandbox = lib.mkForce "relaxed"; + } ../../snippets/holo-zerotier.nix @@ -49,6 +52,10 @@ in { }; home-manager.users.steveej = {pkgs, ...}: { + imports = [ + ../../../home-manager/programs/pass.nix + ]; + home.packages = [ pkgs.nil pkgs.rnix-lsp @@ -90,6 +97,9 @@ in { services.openssh.enable = true; services.openssh.settings.PermitRootLogin = "yes"; + services.openssh.extraConfig = '' + StreamLocalBindUnlink yes + ''; boot = { kernel = { diff --git a/nix/os/snippets/nix-settings-holo-chain.nix b/nix/os/snippets/nix-settings-holo-chain.nix index b912b5b..660695c 100644 --- a/nix/os/snippets/nix-settings-holo-chain.nix +++ b/nix/os/snippets/nix-settings-holo-chain.nix @@ -3,14 +3,14 @@ substituters = [ "https://holochain-ci.cachix.org" "https://holochain-ci-internal.cachix.org" - # "https://cache.holo.host/" + "https://cache.holo.host/" ]; trusted-public-keys = [ "holochain-ci.cachix.org-1:5IUSkZc0aoRS53rfkvH9Kid40NpyjwCMCzwRTXy+QN8=" "holochain-ci-internal.cachix.org-1:QvVsSrTiearCjrLTVtNtJOdQCDTseXh7UXUuSMx46NE=" - # "cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE=" - # "cache.holo.host-2:ZJCkX3AUYZ8soxTLfTb60g+F3MkWD7hkH9y8CgqwhDQ=" + "cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE=" + "cache.holo.host-2:ZJCkX3AUYZ8soxTLfTb60g+F3MkWD7hkH9y8CgqwhDQ=" ]; }; } From ced6f93c1e8ffc3fc658dbd30321e07415a5f7ea Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 20 May 2024 10:52:26 +0200 Subject: [PATCH 081/305] nix/os/devices/sj-bm-hostkey0: bump versions --- nix/os/devices/sj-bm-hostkey0/flake.lock | 157 ++++++++++++++++++++--- nix/os/devices/sj-bm-hostkey0/flake.nix | 6 +- 2 files changed, 143 insertions(+), 20 deletions(-) diff --git a/nix/os/devices/sj-bm-hostkey0/flake.lock b/nix/os/devices/sj-bm-hostkey0/flake.lock index 832bf07..3df4715 100644 --- a/nix/os/devices/sj-bm-hostkey0/flake.lock +++ b/nix/os/devices/sj-bm-hostkey0/flake.lock @@ -1,5 +1,26 @@ { "nodes": { + "crane": { + "inputs": { + "nixpkgs": [ + "mycelium", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1712513517, + "narHash": "sha256-VuLm5tTMqfS82NZAsNfsW7U+pTZ1+GcOU7gYR/Fb1Z4=", + "owner": "ipetkov", + "repo": "crane", + "rev": "9caad1eb0c69a13ee6467035353b71a76c85ea53", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -7,11 +28,11 @@ ] }, "locked": { - "lastModified": 1715563999, - "narHash": "sha256-DDXZOKK0C5YeZ/GTUj7HiT+oqYIt8+qTsldaDvhWHFc=", + "lastModified": 1716168343, + "narHash": "sha256-82oT27w9smpItZ+PyN2C0PjIwZYbIocwXSM4u1igXuc=", "owner": "nix-community", "repo": "disko", - "rev": "e972a78f4a49cd92075d64b6feeef64d26bf2996", + "rev": "6f01b9710bc4d3bf006eb8df928b4b15e0430901", "type": "github" }, "original": { @@ -20,6 +41,37 @@ "type": "github" } }, + "flake-compat": { + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "revCount": 57, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "id": "flake-utils", + "type": "indirect" + } + }, "get-flake": { "locked": { "lastModified": 1714237590, @@ -56,29 +108,66 @@ "type": "github" } }, - "nixpkgs": { + "mycelium": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nix-filter": "nix-filter", + "nixpkgs": "nixpkgs" + }, "locked": { - "lastModified": 1715395895, - "narHash": "sha256-DreMqi6+qa21ffLQqhMQL2XRUkAGt3N7iVB5FhJKie4=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "71bae31b7dbc335528ca7e96f479ec93462323ff", + "lastModified": 1715869050, + "narHash": "sha256-FWfM+mzsJDQv129Xj696JjG1mnAQ3faopVGDRNM3lhY=", + "owner": "threefoldtech", + "repo": "mycelium", + "rev": "f9caece23b14ccd308e72ee56c77e6cff62c2c46", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-23.11", + "owner": "threefoldtech", + "repo": "mycelium", + "type": "github" + } + }, + "nix-filter": { + "locked": { + "lastModified": 1710156097, + "narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=", + "owner": "numtide", + "repo": "nix-filter", + "rev": "3342559a24e85fc164b295c3444e8a139924675b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "nix-filter", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1712439257, + "narHash": "sha256-aSpiNepFOMk9932HOax0XwNxbA38GOUVOiXfUVPOrck=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ff0dbd94265ac470dda06a657d5fe49de93b4599", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1715447595, - "narHash": "sha256-VsVAUQOj/cS1LCOmMjAGeRksXIAdPnFIjCQ0XLkCsT0=", + "lastModified": 1715961556, + "narHash": "sha256-+NpbZRCRisUHKQJZF3CT+xn14ZZQO+KjxIIanH3Pvn4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "062ca2a9370a27a35c524dc82d540e6e9824b652", + "rev": "4a6b83b05df1a8bd7d99095ec4b4d271f2956b64", "type": "github" }, "original": { @@ -88,12 +177,29 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1716061101, + "narHash": "sha256-H0eCta7ahEgloGIwE/ihkyGstOGu+kQwAiHvwVoXaA0=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "e7cc61784ddf51c81487637b3031a6dd2d6673a2", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "disko": "disko", "get-flake": "get-flake", "home-manager": "home-manager", - "nixpkgs": "nixpkgs", + "mycelium": "mycelium", + "nixpkgs": "nixpkgs_2", "nixpkgs-unstable": "nixpkgs-unstable", "srvos": "srvos" } @@ -105,11 +211,11 @@ ] }, "locked": { - "lastModified": 1715579044, - "narHash": "sha256-5nquTfUmom5otO4llOeSZWi7v2ij304Fia43vvJqc5g=", + "lastModified": 1716166358, + "narHash": "sha256-SmCc4nKUXgYb8bBGJ3+N+l/2MBROue2x9+CyJ2of24w=", "owner": "numtide", "repo": "srvos", - "rev": "c1448c70f0106dc664de7a3c6e899a5014a98911", + "rev": "d368bfdc3a409482b92290a105bcacc108a49d24", "type": "github" }, "original": { @@ -117,6 +223,21 @@ "repo": "srvos", "type": "github" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/nix/os/devices/sj-bm-hostkey0/flake.nix b/nix/os/devices/sj-bm-hostkey0/flake.nix index 3909407..234df54 100644 --- a/nix/os/devices/sj-bm-hostkey0/flake.nix +++ b/nix/os/devices/sj-bm-hostkey0/flake.nix @@ -12,6 +12,8 @@ disko.inputs.nixpkgs.follows = "nixpkgs"; srvos.url = "github:numtide/srvos"; srvos.inputs.nixpkgs.follows = "nixpkgs"; + + mycelium.url = "github:threefoldtech/mycelium"; }; # outputs = _: {}; @@ -45,11 +47,11 @@ nix.registry.nixpkgs.flake = nixpkgs; } - { + ({lib, ...}: { nixpkgs.overlays = [ (final: previous: {}) ]; - } + }) ] ++ extraModules; } From 698e269b13b1c2a5c0191f0103877dc5361d5702 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 20 May 2024 13:57:23 +0200 Subject: [PATCH 082/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 44 +++++++++++++------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 602fd8a..741d9dc 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1715217706, - "narHash": "sha256-yEB5SEHc+o3WJpUPw455OdLy9A+gffvCJX8DZ7NCkuo=", + "lastModified": 1716168343, + "narHash": "sha256-82oT27w9smpItZ+PyN2C0PjIwZYbIocwXSM4u1igXuc=", "owner": "nix-community", "repo": "disko", - "rev": "8eb1b315eef89f3bdc5c9814d1b207c6d64f0046", + "rev": "6f01b9710bc4d3bf006eb8df928b4b15e0430901", "type": "github" }, "original": { @@ -128,11 +128,11 @@ "mobile-nixos": { "flake": false, "locked": { - "lastModified": 1713034591, - "narHash": "sha256-zEtSq4e1hsf5nPoTzsx+cvHTusQxFdyDpD3mOa360A0=", + "lastModified": 1715627339, + "narHash": "sha256-HJ6V7hc64iBqXlZ8kH4sXmUzPH+0Hn6wYURmZmL5LFk=", "owner": "NixOS", "repo": "mobile-nixos", - "rev": "5455e4455b231218f6198b39383a0ad4c1d6638e", + "rev": "655c8830d5fe2eae79c8fc0bab8033b34c8456eb", "type": "github" }, "original": { @@ -150,11 +150,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1715169868, - "narHash": "sha256-tzClzZyFy9w5+bSP37Ci41qMhnU9M+1VlEX58cmLKc8=", + "lastModified": 1715869050, + "narHash": "sha256-FWfM+mzsJDQv129Xj696JjG1mnAQ3faopVGDRNM3lhY=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "1f625a8e99faf4101be343a8dd3b5059e6d2f715", + "rev": "f9caece23b14ccd308e72ee56c77e6cff62c2c46", "type": "github" }, "original": { @@ -184,11 +184,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1715009478, - "narHash": "sha256-o2ZnB7TIGqawzrFCex+anAopOy/PA4qSJ788hZbbm4g=", + "lastModified": 1715912710, + "narHash": "sha256-OGZZaQ1CvOSyg5rHG0EFB0hi3ByObzXwihMNNB/vwoE=", "ref": "main", - "rev": "8e01e9917f038ea72bdc37b130ba1a0fa82a84f3", - "revCount": 62, + "rev": "3e183c4b988f5b2e1319787a6615cb07fcdc8e09", + "revCount": 72, "type": "git", "url": "https://codeberg.org/adamcstephens/nixos-x13s" }, @@ -228,11 +228,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1715266358, - "narHash": "sha256-doPgfj+7FFe9rfzWo1siAV2mVCasW+Bh8I1cToAXEE4=", + "lastModified": 1716137900, + "narHash": "sha256-sowPU+tLQv8GlqtVtsXioTKeaQvlMz/pefcdwg8MvfM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f1010e0469db743d14519a1efd37e23f8513d714", + "rev": "6c0b7a92c30122196a761b440ac0d46d3d9954f1", "type": "github" }, "original": { @@ -244,11 +244,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1714906307, - "narHash": "sha256-UlRZtrCnhPFSJlDQE7M0eyhgvuuHBTe1eJ9N9AQlJQ0=", + "lastModified": 1715534503, + "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "25865a40d14b3f9cf19f19b924e2ab4069b09588", + "rev": "2057814051972fa1453ddfb0d98badbea9b83c06", "type": "github" }, "original": { @@ -260,11 +260,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1715218190, - "narHash": "sha256-R98WOBHkk8wIi103JUVQF3ei3oui4HvoZcz9tYOAwlk=", + "lastModified": 1716061101, + "narHash": "sha256-H0eCta7ahEgloGIwE/ihkyGstOGu+kQwAiHvwVoXaA0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9a9960b98418f8c385f52de3b09a63f9c561427a", + "rev": "e7cc61784ddf51c81487637b3031a6dd2d6673a2", "type": "github" }, "original": { From 94c64eb05ad8f03159f96abcf7d1bd6bf596e4ef Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 25 May 2024 11:35:26 +0200 Subject: [PATCH 083/305] feat(bm-hostkey0): set up mycelium --- .sops.yaml | 6 ++++ .../devices/sj-bm-hostkey0/configuration.nix | 2 ++ nix/os/devices/steveej-x13s/configuration.nix | 22 +------------ nix/os/snippets/mycelium.nix | 31 +++++++++++++++++++ .../sj-bm-hostkey0/mycelium_priv_key.bin.enc | 26 ++++++++++++++++ 5 files changed, 66 insertions(+), 21 deletions(-) create mode 100644 nix/os/snippets/mycelium.nix create mode 100644 secrets/sj-bm-hostkey0/mycelium_priv_key.bin.enc diff --git a/.sops.yaml b/.sops.yaml index 2abd5cb..76cd8da 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -105,3 +105,9 @@ creation_rules: age: - *steveej-x13s - *sj-bm-hostkey0 + - path_regex: ^secrets/sj-bm-hostkey0/.+$ + key_groups: + - pgp: + - *steveej + age: + - *sj-bm-hostkey0 diff --git a/nix/os/devices/sj-bm-hostkey0/configuration.nix b/nix/os/devices/sj-bm-hostkey0/configuration.nix index 04fa94a..4bc6daa 100644 --- a/nix/os/devices/sj-bm-hostkey0/configuration.nix +++ b/nix/os/devices/sj-bm-hostkey0/configuration.nix @@ -93,6 +93,8 @@ in { users.defaultUserShell = pkgs.zsh; environment.pathsToLink = ["/share/zsh"]; } + + ../../snippets/mycelium.nix ]; services.openssh.enable = true; diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 2f9ecda..9f4ef00 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -59,8 +59,6 @@ }; imports = [ - "${nodeFlake.inputs.nixpkgs-unstable}/nixos/modules/services/networking/mycelium.nix" - nodeFlake.inputs.nixos-x13s.nixosModules.default repoFlake.inputs.sops-nix.nixosModules.sops @@ -69,6 +67,7 @@ ../../snippets/nix-settings.nix ../../snippets/nix-settings-holo-chain.nix + ../../snippets/mycelium.nix ../../profiles/common/user.nix { @@ -220,25 +219,6 @@ "nixos-x13s.cachix.org-1:SzroHbidolBD3Sf6UusXp12YZ+a5ynWv0RtYF0btFos=" ]; - sops.secrets.mycelium-key = { - format = "binary"; - sopsFile = repoFlake + "/secrets/steveej-x13s/mycelium_priv_key.bin.enc"; - }; - - services.mycelium = { - enable = true; - package = nodeFlake.inputs.mycelium.packages.${system}.mycelium; - keyFile = config.sops.secrets.mycelium-key.path; - addHostedPublicNodes = true; - peers = [ - ]; - - # tunName = "mycelium-pub"; - - extraArgs = [ - ]; - }; - steveej.holo-zerotier = { enable = true; autostart = false; diff --git a/nix/os/snippets/mycelium.nix b/nix/os/snippets/mycelium.nix new file mode 100644 index 0000000..64bfae5 --- /dev/null +++ b/nix/os/snippets/mycelium.nix @@ -0,0 +1,31 @@ +{ + repoFlake, + nodeFlake, + nodeName, + config, + system, + ... +}: { + imports = [ + "${nodeFlake.inputs.nixpkgs-unstable}/nixos/modules/services/networking/mycelium.nix" + ]; + + sops.secrets.mycelium-key = { + format = "binary"; + sopsFile = repoFlake + "/secrets/${nodeName}/mycelium_priv_key.bin.enc"; + }; + + services.mycelium = { + enable = true; + package = nodeFlake.inputs.mycelium.packages.${system}.mycelium; + keyFile = config.sops.secrets.mycelium-key.path; + addHostedPublicNodes = true; + peers = [ + ]; + + # tunName = "mycelium-pub"; + + extraArgs = [ + ]; + }; +} diff --git a/secrets/sj-bm-hostkey0/mycelium_priv_key.bin.enc b/secrets/sj-bm-hostkey0/mycelium_priv_key.bin.enc new file mode 100644 index 0000000..77036fc --- /dev/null +++ b/secrets/sj-bm-hostkey0/mycelium_priv_key.bin.enc @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:2DcYHv5RCSoM3olKYZhn4BTwEROwC4+JZ/PQxF4SV7I=,iv:B27a2XnhgiHW3HAh/MnTUonmhkWvaZkmG2c2JPWV05A=,tag:TKZ/rFzQH0uvbOFoeas3Ag==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwenVpMFlQbC9PR1NDTWIy\nYi93VHlTZHg1NHJ0UXNIcFFGV08zRzlyTm00Cnp2RlpuMVBsc3dWOVZVODVBQ09H\nby9GWm1pSVlya0I3b0o2T2RhZGFrc0UKLS0tIGRQK1hPQjlkWjBFb3pSRXE5MnFY\nNFkvdTg3T0FZWVZWK2thRU55a0hWYUkKPHaAqvnyaP0sG47rJD40d4r6vjMjNEif\nq0X+BT3vR1Wd2vFKhWkcrS531jX3JUX5wEPFfbqWY3SEeunkbx43Ew==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-05-17T14:49:38Z", + "mac": "ENC[AES256_GCM,data:HqeOxzTlr6tyDWmSpvAthf/puD1wdv3a3Nv8qdt9GcR2UqmByreFPRktTwRL53NvCW+8QGSrUjah7fB2GWsuSVXowSSkY5h8W5s0O+YkFLXo9K67hhtEk+4QwYKQk5w4ZdlAEFrgDAzCFr27Mron53VLhVo0DA6GesgywTLf/B4=,iv:uV/dpuhxXl39MTzystHafirJH0mVnLsT+0h9jh4Epm8=,tag:s5uRzLtcfyNuWau9RteyvA==,type:str]", + "pgp": [ + { + "created_at": "2024-05-17T14:49:38Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQEMA0SHG/zF3227AQf/XROsC15JsLhhO8or+6hYHYVig4cEiazJeo+lAm83WdYj\nQ/rAgQg4hSR6i84UOfPKCGS5Rv3TTkt1VsUgibwAvLdT65SB32pe5SCT68L0yHL1\nXabvMmmREbJW+zwhEz3G2ggzBrnoDE4l3npTYjrhsjEPmRJNBO3g7rigWtRL1iDR\nYl6IrBYB/NGEkfJ0lNWoY6K911Gb0TCVQXO/CMT0xbp9GTIhry9WUX1eWK/fiymP\nnJH3XSGmL2GAZnBIosFkrQlBDxHXC2Xi7kktFnzCgwrZBGYXn9ftC7toHPvn48cV\nuTzcFc2VHXxFLbDwSY/EOsfjSGjaaYXodCr2xHbkR9JcAZvLvs76by2wCzXKM8CR\nueuvS31Ah02r0JD1z8ZXWX3+etMvJEkEk3Nsngbo/r70/qtRTp/eLkTuYjzcUFMU\nXv40Izg+PiFxAOo2RK7RLRdD+YTXuddG/jxSXQY=\n=zrcf\n-----END PGP MESSAGE-----", + "fp": "6F7069FE6B96E894E60EC45C6EEFA706CB17E89B" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file From 0bdd2871311721ff2a0eebcdd06e2bfda167cbe9 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 25 May 2024 11:36:21 +0200 Subject: [PATCH 084/305] feat: update openvscode --- flake.lock | 8 ++++---- flake.nix | 4 +++- nix/os/devices/sj-bm-hostkey0/configuration.nix | 6 +++--- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index f4236af..e190bf6 100644 --- a/flake.lock +++ b/flake.lock @@ -772,16 +772,16 @@ "openvscode-server": { "flake": false, "locked": { - "lastModified": 1710222452, - "narHash": "sha256-v9q0+qhgDhqejSI6ioAUNsAKK27o/Uo0KUtuAuSQYig=", + "lastModified": 1714076069, + "narHash": "sha256-Yc16L13Z8AmsGoSFbvy+4+KBdHxvqLMwZLeU2/dAQVU=", "owner": "gitpod-io", "repo": "openvscode-server", - "rev": "aca758f19920d86e66dd5066ed290b9999b177ed", + "rev": "7920868fc0c6f4e584cca7791c71d300f2bc3a56", "type": "github" }, "original": { "owner": "gitpod-io", - "ref": "openvscode-server-v1.87.1", + "ref": "openvscode-server-v1.88.1", "repo": "openvscode-server", "type": "github" } diff --git a/flake.nix b/flake.nix index b70e17a..1c1640e 100644 --- a/flake.nix +++ b/flake.nix @@ -26,7 +26,9 @@ nix-vscode-extensions.url = "github:nix-community/nix-vscode-extensions"; nixpkgs-vscodium.url = "github:nixos/nixpkgs/nixos-unstable"; - openvscode-server.url = "github:gitpod-io/openvscode-server/openvscode-server-v1.87.1"; + + # needs to be in sync with `vscodium --version` from `nixpkgs-vscodium` + openvscode-server.url = "github:gitpod-io/openvscode-server/openvscode-server-v1.88.1"; openvscode-server.flake = false; colmena = { diff --git a/nix/os/devices/sj-bm-hostkey0/configuration.nix b/nix/os/devices/sj-bm-hostkey0/configuration.nix index 4bc6daa..fd11bc0 100644 --- a/nix/os/devices/sj-bm-hostkey0/configuration.nix +++ b/nix/os/devices/sj-bm-hostkey0/configuration.nix @@ -77,14 +77,14 @@ in { ( set -e export COMMIT=$(codium --version | rg '^[0-9a-f]{40}$') - ssh bm-hostkey0 "rm -rf /home/steveej/.vscodium-server/bin/$COMMIT; mkdir -p /home/steveej/.vscodium-server/bin/$COMMIT/bin/; ln -s \$(which openvscode-server) /home/steveej/.vscodium-server/bin/$COMMIT/bin/" + ssh bm-hostkey0 "pkill -9 openvscode; rm -rf /home/steveej/.vscodium-server/bin/$COMMIT; mkdir -p /home/steveej/.vscodium-server/bin/$COMMIT/bin/; ln -s \$(which openvscode-server) /home/steveej/.vscodium-server/bin/$COMMIT/bin/" ) ``` */ (pkgsVscodium.openvscode-server.overrideAttrs (attrs: { src = repoFlake.inputs.openvscode-server; - version = "1.87.1"; - yarnCache = attrs.yarnCache.overrideAttrs (_: {outputHash = "sha256-oRuy7PjVv3Y24GQlvX4tPPndvKTgxbv7TR8ytTBY2DQ=";}); + version = "1.88.1"; + yarnCache = attrs.yarnCache.overrideAttrs (_: {outputHash = "sha256-89c6GYLT2RzHqwxBKegYqB6g5rEJ6/nH53cnfV7b0Ts=";}); })) ]; }; From a0985689ab3a248d1a03176a86633e21fae4bdbf Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 25 May 2024 11:36:50 +0200 Subject: [PATCH 085/305] chore: bump nix not sure where nix 2.15.3 is still pulled in --- nix/home-manager/profiles/common.nix | 4 +++- nix/os/snippets/nix-settings.nix | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/nix/home-manager/profiles/common.nix b/nix/home-manager/profiles/common.nix index 62bba7e..3fb8e69 100644 --- a/nix/home-manager/profiles/common.nix +++ b/nix/home-manager/profiles/common.nix @@ -14,7 +14,9 @@ allowBroken = false; allowUnfree = true; - permittedInsecurePackages = []; + permittedInsecurePackages = [ + "nix-2.15.3" + ]; }; home.keyboard = { diff --git a/nix/os/snippets/nix-settings.nix b/nix/os/snippets/nix-settings.nix index 0e0f8c5..d0e616b 100644 --- a/nix/os/snippets/nix-settings.nix +++ b/nix/os/snippets/nix-settings.nix @@ -29,5 +29,5 @@ in { nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs; - nix.package = pkgsUnstable.nixUnstable; + nix.package = pkgsUnstable.nixVersions.latest; } From f0c4b67ecbbd319a6c7dae1b48665c579f7eb294 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 25 May 2024 11:37:11 +0200 Subject: [PATCH 086/305] feat(vscode): inlucde alejandra and go support --- nix/home-manager/programs/vscode/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/nix/home-manager/programs/vscode/default.nix b/nix/home-manager/programs/vscode/default.nix index 2541bab..56f423d 100644 --- a/nix/home-manager/programs/vscode/default.nix +++ b/nix/home-manager/programs/vscode/default.nix @@ -28,7 +28,7 @@ in { ms-vscode.theme-tomorrowkit nonylene.dark-molokai-theme - + kamadorueda.alejandra # TODO: these are not in nixpkgs @@ -47,6 +47,9 @@ in { serayuzgur.crates rust-lang.rust-analyzer swellaby.vscode-rust-test-adapter + + golang.go + jeff-hykin.better-go-syntax ]))); mutableExtensionsDir = true; }; From cdf973208ff91c7194beecba3cefd42193ebcc22 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 25 May 2024 21:23:43 +0200 Subject: [PATCH 087/305] WIP: add router0-nfmnk and connect router0-dmz0 via wg --- .sops.yaml | 9 +- flake.nix | 1 + nix/devShells.nix | 4 + nix/os/devices/router0-dmz0/configuration.nix | 97 ++++++- .../devices/router0-nfmnk/configuration.nix | 256 ++++++++++++++++++ nix/os/devices/router0-nfmnk/default.nix | 34 +++ nix/os/devices/router0-nfmnk/flake.lock | 151 +++++++++++ nix/os/devices/router0-nfmnk/flake.nix | 19 ++ .../devices/router0-nfmnk/variables.crypt.nix | Bin 0 -> 53 bytes secrets/router0-dmz0/secrets.yaml | 13 +- secrets/router0-nfmnk/secrets.yaml | 43 +++ secrets/shared-users.yaml | 119 ++++---- 12 files changed, 686 insertions(+), 60 deletions(-) create mode 100644 nix/os/devices/router0-nfmnk/configuration.nix create mode 100644 nix/os/devices/router0-nfmnk/default.nix create mode 100644 nix/os/devices/router0-nfmnk/flake.lock create mode 100644 nix/os/devices/router0-nfmnk/flake.nix create mode 100644 nix/os/devices/router0-nfmnk/variables.crypt.nix create mode 100644 secrets/router0-nfmnk/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml index 76cd8da..607bce0 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -15,8 +15,8 @@ keys: - &sj-vps-htz0 age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - &sj-srv1 age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - &srv0-dmz0 age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 - # - &router0-dmz0 age1jetxwpmd9hc4crkjtrdle2qxn9dlq7vcmqhfslv0vlxctrk4u3xq8hcvkz - &router0-dmz0 age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86 + - &router0-nfmnk age1x8fcjgaknfh5m2s4f0r2mjtfdjkuyj74y39jmh28k2pp5hmn25nschlra9 - &sj-bm-hostkey0 age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44 creation_rules: - path_regex: ^(.+/|)secrets/[^/]+$ @@ -35,6 +35,7 @@ creation_rules: - *sj-vps-htz0 - *sj-srv1 - *sj-bm-hostkey0 + - *router0-nfmnk - path_regex: ^secrets/steveej-t14/.+$ key_groups: - pgp: @@ -74,6 +75,12 @@ creation_rules: - *steveej age: - *router0-dmz0 + - path_regex: ^secrets/router0-nfmnk/.+$ + key_groups: + - pgp: + - *steveej + age: + - *router0-nfmnk - path_regex: ^secrets/sj-vps-htz0/.+$ key_groups: - pgp: diff --git a/flake.nix b/flake.nix index 1c1640e..d333b92 100644 --- a/flake.nix +++ b/flake.nix @@ -157,6 +157,7 @@ # "srv0-dmz0" # # "router0-dmz0" + "router0-nfmnk" "sj-srv1" "sj-bm-hostkey0" diff --git a/nix/devShells.nix b/nix/devShells.nix index f90fbb1..0ef989d 100644 --- a/nix/devShells.nix +++ b/nix/devShells.nix @@ -76,6 +76,10 @@ in { (pkgs.writeShellScriptBin "r11" '' exec env NIXOS_OZONE_WL="" WAYLAND_DISPLAY="" $@ '') + + jq + yq + wireguard-tools ]; # Set Environment Variables diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 38160cc..686d3b5 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -211,6 +211,7 @@ in { vlan.interfaces = builtins.map (vlanid: (mkInterfaceName {inherit vlanid;})) vlanRange; # lan.ipv4Addresses = ["192.168.0.0/16"]; wan.interfaces = ["wan" "lan0"]; + wg.interfaces = ["wg0"]; } // # generate a zone for each vlan @@ -342,9 +343,40 @@ in { }; }; + sops.secrets.wg0-privatekey = { + mode = "440"; + group = "systemd-network"; + }; + sops.secrets.wg1-privatekey = { + mode = "440"; + group = "systemd-network"; + }; + sops.secrets.wg0-peer0-psk = { + mode = "440"; + group = "systemd-network"; + }; + sops.secrets.wg1-peer0-psk = { + mode = "440"; + group = "systemd-network"; + }; + systemd.network = { wait-online.anyInterface = true; - netdevs = + netdevs = let + router0-nmfk_wgEndpoint = "${repoFlake.colmena.router0-nfmnk.deployment.targetHost}:${ + builtins.toString + repoFlake + .nixosConfigurations + .router0-nfmnk + .config + .systemd + .network + .netdevs + .wg0 + .wireguardConfig + .ListenPort + }"; + in { # Create the bridge interface "20-${bridgeInterfaceName}" = { @@ -361,6 +393,54 @@ in { DefaultPVID=0 ''; }; + + wg0 = { + enable = true; + netdevConfig = { + Name = "wg0"; + Kind = "wireguard"; + }; + wireguardConfig = { + PrivateKeyFile = builtins.toString config.sops.secrets.wg0-privatekey.path; + }; + wireguardPeers = [ + { + wireguardPeerConfig = { + AllowedIPs = [ + "10.0.0.254/32" + ]; + PersistentKeepalive = 15; + PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path; + PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; + Endpoint = router0-nmfk_wgEndpoint; + }; + } + ]; + }; + + # wg1 = { + # enable = true; + # netdevConfig = { + # Name = "wg1"; + # Kind = "wireguard"; + # }; + # wireguardConfig = { + # PrivateKeyFile = builtins.toString config.sops.secrets.wg1-privatekey.path; + # }; + # wireguardPeers = [ + # { + # wireguardPeerConfig = { + # AllowedIPs = [ + # "10.0.0.254/32" + # ]; + # PersistentKeepalive = 15; + # PresharedKeyFile = builtins.toString config.sops.secrets.wg1-peer0-psk.path; + # PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; + # Endpoint = "${router0-nmfk_variables.ipv4}:51820"; + # }; + # } + # ]; + # }; } # generate the vlan devices. these will be tagged on the main bridge // builtins.foldl' @@ -509,6 +589,21 @@ in { vlanRange ); }; + + "50-wg0" = { + enable = true; + matchConfig.Name = "wg0"; + address = [ + "10.0.0.1/24" + ]; + }; + # "50-wg1" = { + # enable = true; + # matchConfig.Name = "wg1"; + # address = [ + # "10.0.0.2/24" + # ]; + # }; } # configuration for the hostapd dynamic interfaces # * netdev type vlan diff --git a/nix/os/devices/router0-nfmnk/configuration.nix b/nix/os/devices/router0-nfmnk/configuration.nix new file mode 100644 index 0000000..eb0fe49 --- /dev/null +++ b/nix/os/devices/router0-nfmnk/configuration.nix @@ -0,0 +1,256 @@ +{ + repoFlake, + pkgs, + lib, + config, + nodeFlake, + nodeName, + localDomainName, + system, + ... +}: { + system.stateVersion = "23.11"; + + imports = [ + nodeFlake.inputs.disko.nixosModules.disko + nodeFlake.inputs.srvos.nixosModules.mixins-terminfo + + repoFlake.inputs.sops-nix.nixosModules.sops + + ../../snippets/nix-settings.nix + ../../profiles/common/user.nix + + nodeFlake.inputs.nixos-nftables-firewall.nixosModules.default + + { + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "yes"; + + users.commonUsers = { + enable = true; + enableNonRoot = false; + rootPasswordFile = config.sops.secrets.passwords-root.path; + }; + + sops.age.keyFile = "/etc/age.key"; + sops.age.sshKeyPaths = []; + + sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.secrets.passwords-root.neededForUsers = true; + } + + # TODO: extract this into single-disk VM BIOS module + { + boot.loader.systemd-boot.enable = false; + boot.loader.grub.efiSupport = false; + + # forcing seems required or else there's an error about duplicated devices + boot.loader.grub.devices = lib.mkForce ["/dev/sda"]; + + disko.devices.disk.sda = { + device = "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = ["-f"]; # Override existing partition + subvolumes = { + # Subvolume name is different from mountpoint + "/rootfs" = { + mountpoint = "/"; + }; + "/nix" = { + mountOptions = ["noatime"]; + mountpoint = "/nix"; + }; + "/boot" = { + mountpoint = "/boot"; + }; + }; + }; + }; + }; + }; + }; + + boot.initrd.kernelModules = [ + "virtio_balloon" + "virtio_scsi" + "virtio_net" + "virtio_pci" + "virtio_ring" + "virtio" + "scsi_mod" + + "virtio_blk" + "virtio_ring" + "ata_piix" + "pata_acpi" + "ata_generic" + ]; + } + ]; + + # sops.secrets.ssh_host_ed25519_key = { + # sopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + # format = "yaml"; + + # path = "/etc/ssh/ssh_host_ed25519_key"; + # mode = "0600"; + # }; + # sops.secrets.ssh_host_ed25519_key_pub = { + # sopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + # format = "yaml"; + + # path = "/etc/ssh/ssh_host_ed25519_key.pub"; + # mode = "0600"; + # }; + # sops.secrets.ssh_host_rsa_key = { + # sopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + # format = "yaml"; + + # path = "/etc/ssh/ssh_host_rsa_key"; + # mode = "0600"; + # }; + # sops.secrets.ssh_host_rsa_key_pub = { + # sopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + # format = "yaml"; + + # path = "/etc/ssh/ssh_host_rsa_key.pub"; + # mode = "0644"; + # }; + + boot = { + kernel = { + sysctl = { + "net.ipv4.conf.all.forwarding" = true; + "net.ipv6.conf.all.forwarding" = true; + }; + }; + }; + + networking = { + hostName = nodeName; + useNetworkd = true; + useDHCP = true; + usePredictableInterfaceNames = false; + + # these will be configured via nftables + firewall.enable = lib.mkForce true; + firewall.allowedUDPPorts = [ + config.systemd.network.netdevs.wg0.wireguardConfig.ListenPort + ]; + + nat = { + enable = true; + }; + + # Use the nftables firewall instead of the base nixos scripted rules. + # This flake provides a similar utility to the base nixos scripting. + # https://github.com/thelegy/nixos-nftables-firewall/tree/main + + nftables = { + enable = true; + + firewall = { + enable = true; + snippets.nnf-common.enable = true; + + zones.wan = { + interfaces = ["eth0"]; + }; + zones.vpns = { + interfaces = ["wg0"]; + }; + }; + }; + }; + + sops.secrets.wg0-privatekey = { + mode = "440"; + group = "systemd-network"; + }; + sops.secrets.wg0-peer0-psk = { + mode = "440"; + group = "systemd-network"; + }; + sops.secrets.wg0-peer1-psk = { + mode = "440"; + group = "systemd-network"; + }; + + systemd.network.enable = true; + systemd.network.netdevs.wg0 = { + enable = true; + netdevConfig = { + Name = "wg0"; + Kind = "wireguard"; + }; + wireguardConfig = { + ListenPort = 51820; + # PublicKey /RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM= + PrivateKeyFile = builtins.toString config.sops.secrets.wg0-privatekey.path; + }; + wireguardPeers = [ + { + wireguardPeerConfig = { + AllowedIPs = [ + "10.0.0.1/32" + ]; + PersistentKeepalive = 15; + PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path; + PublicKey = "hsjIenUFV/FBqplIKxSL/Zn2zDAfojlIKHMxPA6RC04="; + }; + } + + { + wireguardPeerConfig = { + AllowedIPs = [ + "10.0.0.2/32" + ]; + PersistentKeepalive = 15; + PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer1-psk.path; + PublicKey = "Ha5hsarCRO8LX9SrkopUeP14ebLdFgxXUC0ezrobax4="; + }; + } + ]; + }; + systemd.network.networks.wg0 = { + enable = true; + matchConfig.Name = "wg0"; + address = [ + "10.0.0.254/24" + ]; + }; + + environment.systemPackages = [ + pkgs.ethtool + pkgs.neovim + + (pkgs.writeShellScriptBin "dbg-ip" '' + echo links: + ip -br -c l + echo + echo addresses: + ip -br -c a + echo + echo vlans: + bridge -c vlan + '') + + (pkgs.writeShellScriptBin "dbg-dnsmasq" '' + # get the rendered in-use config + pgrep -a dnsmasq | grep -Eo '[^ ]*conf' | xargs cat | grep -Eo '[^=]*conf' | xargs cat + '') + ]; +} diff --git a/nix/os/devices/router0-nfmnk/default.nix b/nix/os/devices/router0-nfmnk/default.nix new file mode 100644 index 0000000..1fe13e3 --- /dev/null +++ b/nix/os/devices/router0-nfmnk/default.nix @@ -0,0 +1,34 @@ +{ + system ? "x86_64-linux", + nodeName, + repoFlake, + nodeFlake, + ... +}: let + variables = import ./variables.crypt.nix; +in { + meta.nodeSpecialArgs.${nodeName} = { + inherit repoFlake nodeName nodeFlake system; + packages' = repoFlake.packages.${system}; + nodePackages' = nodeFlake.packages.${system}; + }; + + meta.nodeNixpkgs.${nodeName} = + import nodeFlake.inputs.nixpkgs.outPath + { + inherit system; + }; + + ${nodeName} = { + deployment.targetHost = variables.ipv4; + deployment.replaceUnknownProfiles = true; + + imports = [ + nodeFlake.inputs.home-manager.nixosModules.home-manager + + ./configuration.nix + ]; + + networking.hostName = nodeName; + }; +} diff --git a/nix/os/devices/router0-nfmnk/flake.lock b/nix/os/devices/router0-nfmnk/flake.lock new file mode 100644 index 0000000..424aa6f --- /dev/null +++ b/nix/os/devices/router0-nfmnk/flake.lock @@ -0,0 +1,151 @@ +{ + "nodes": { + "dependencyDagOfSubmodule": { + "inputs": { + "nixpkgs": [ + "nixos-nftables-firewall", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1656615370, + "narHash": "sha256-IZDqz1aSySoqf1qtVQg+oJMHfC4IlT55Zoa7EkjvPug=", + "owner": "thelegy", + "repo": "nix-dependencyDagOfSubmodule", + "rev": "98eb563d80b35acafbfc1abb9ccee569c1efb19c", + "type": "github" + }, + "original": { + "owner": "thelegy", + "repo": "nix-dependencyDagOfSubmodule", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1716431128, + "narHash": "sha256-t3T8HlX3udO6f4ilLcN+j5eC3m2gqsouzSGiriKK6vk=", + "owner": "nix-community", + "repo": "disko", + "rev": "7ffc4354dfeb37c8c725ae1465f04a9b45ec8606", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1715381426, + "narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-23.11", + "repo": "home-manager", + "type": "github" + } + }, + "nixos-nftables-firewall": { + "inputs": { + "dependencyDagOfSubmodule": "dependencyDagOfSubmodule", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1715521768, + "narHash": "sha256-BQkkBqDemoPRd2a4G94I9w9fNE0IxWtVsQ9SalnNqCQ=", + "owner": "thelegy", + "repo": "nixos-nftables-firewall", + "rev": "2c5a19966b4dfc5ca92df7eb250c68f90be653c8", + "type": "github" + }, + "original": { + "owner": "thelegy", + "repo": "nixos-nftables-firewall", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1716361217, + "narHash": "sha256-mzZDr00WUiUXVm1ujBVv6A0qRd8okaITyUp4ezYRgc4=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "46397778ef1f73414b03ed553a3368f0e7e33c2f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1716509168, + "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "bfb7a882678e518398ce9a31a881538679f6f092", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "disko": "disko", + "home-manager": "home-manager", + "nixos-nftables-firewall": "nixos-nftables-firewall", + "nixpkgs": "nixpkgs", + "nixpkgs-unstable": "nixpkgs-unstable", + "srvos": "srvos" + } + }, + "srvos": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1716425501, + "narHash": "sha256-BSLhmGYY1khyyBAjraR+N0Pa9Nha/et5yQQlEZxcfkU=", + "owner": "numtide", + "repo": "srvos", + "rev": "1122cd50a23647e09c3e7a679d37ec02113bc412", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "srvos", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/nix/os/devices/router0-nfmnk/flake.nix b/nix/os/devices/router0-nfmnk/flake.nix new file mode 100644 index 0000000..d38b355 --- /dev/null +++ b/nix/os/devices/router0-nfmnk/flake.nix @@ -0,0 +1,19 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + + home-manager.url = "github:nix-community/home-manager/release-23.11"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + + disko.url = "github:nix-community/disko"; + disko.inputs.nixpkgs.follows = "nixpkgs"; + srvos.url = "github:numtide/srvos"; + srvos.inputs.nixpkgs.follows = "nixpkgs"; + + nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall"; + nixos-nftables-firewall.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = _: {}; +} diff --git a/nix/os/devices/router0-nfmnk/variables.crypt.nix b/nix/os/devices/router0-nfmnk/variables.crypt.nix new file mode 100644 index 0000000000000000000000000000000000000000..acf532e1284091842c3971ac16a862e90d7d2604 GIT binary patch literal 53 zcmZQ@_Y83kiVO&0sF}7TWclq+&8-r`1{}wFPCK>~YaN*sZG2uobj#k{2TB*$oAMQ> Kd7W1K#{~dH@)p$q literal 0 HcmV?d00001 diff --git a/secrets/router0-dmz0/secrets.yaml b/secrets/router0-dmz0/secrets.yaml index 56e013e..852aeb4 100644 --- a/secrets/router0-dmz0/secrets.yaml +++ b/secrets/router0-dmz0/secrets.yaml @@ -1,3 +1,4 @@ +#ENC[AES256_GCM,data:ZkUrwF6DTQFainYhDA==,iv:VDjRBF4WfPmJdKtUpZYJcOPxoUYT3DUxAC9ct7EvFss=,tag:efllkpv2SxRv6+DyuqRQCQ==,type:comment] #ENC[AES256_GCM,data:QydWKuMH8uixprFup1rEwvPkKAMw0yat9MOOK1DleeCJ5tqRqrPh9NiOpJs6nve8Rmji3WyrHAkUaK9zT/f8VKk=,iv:I6OHO6sLTtFBV6CYGmLh5owCrNjzS/LBjOjW9VovGlE=,tag:Vg0IZSFbYa7UQvuPpmMVKw==,type:comment] passwords-root: ENC[AES256_GCM,data:+8IcZ4pbJ1qIjRCK7oycmgOVWy6hzc2oDISYMMqE9SmgRE//PQ5ABwtBtpaghrhZTXrUV2l3qsvTHD9UdYRNMB1VBlM6vn4Iug==,iv:2eUIa46QNby++yLK9dax/SD7Ajtj+U0ptheRuKV9r+g=,tag:5tA5rhm1eztDh7Q4d+C1BQ==,type:str] ssh_host_ed25519_key: ENC[AES256_GCM,data:XQjTqNADLhisxPBIJ7x0bs3qgQk0u4q9HKSDukRbzel7hUiDqc6ELQAvffRqJQUtAS5Cfz9PzVcnyEA4wapvK7RLFavOmaN2MhcnQR24oQks5RVYmlvcems02Qovd15iE07XR4KCDcmQ5/XM5v4/RxW2zYzV5Il67Vzhij2wA9bJ7D3sbKUfyc6pBoIXvURbq6QO8ZMIU6ckAuOqG2230KwXLdz/ld0s3Ir1q/7t+rrrS7BPkeA+SRdYhb5XDOTKtfgFxNvdI6DSETV+q67xAalAkM/cZ2rqHJQd+wgH2VIPyiGqeq6LvPT0vmopFJn0CqQA2HauQAmBNIAtXel8GbK+qA11XilMx+hp6qhVH+BnSWWY3GriGfaGlpUZ0E7uymqRkpRwBcHmZto6E/E/XUxBfISVyJf/2RcTy10RelWLJtNuaXT2eHgXmZ/uAlcTGlCYYirr5g3iAGUoqxYbWlZb9SdqVO/0PLCZo7AkDWxk57wer/lHOG59ZpoiZnanaMIaNqJ7Tsslvvm0JuoP,iv:2U5IpWTRyQ8basBRoYpFe6Ycc5qdeCUAUTwlEHttRJU=,tag:jA0mFsMxWKq7dnkGQWNP9Q==,type:str] @@ -6,6 +7,12 @@ ssh_host_rsa_key: ENC[AES256_GCM,data:tFGQ77X5Y1TRR2F0EJ4hmauE9ABILP6V0CSmzb1QLa ssh_host_rsa_key_pub: ENC[AES256_GCM,data:N60bGf/6KNRhVUq1EIbPVo3aBDDKEpMBr5+Gt3+FMPt3uQEaKk8jBg5mOdxWMTPoLg1ZP/Pme8afoM+Skc0b50WnpErF3Ox1w+4eM0oMJYOhIvHLGURNM3Dba5MgA7YfhPdTsVdjD2yks2vYqhdtEvzTTgCJbFimVJlp+wDqE6czPgMjD03c7oJDtv38OBtc1vRMzVw3cIuyxz2yNnXQxiMgTR6pZN7+Brami2dfXOHEVgymmlU5PRE8Ykerq2fB36N5uqu4/xSPaHaM+/f2OA/TLlYYB+sGMDExZfbO/vsiRBLvTY/f4KG2mEkmH+IFH1bk6UF47xTFEe8tHN/TlLo+9OmjZTph221ZYnOsIqBY+F822ctZEe8Ikz9Ti4F1ApvxxRcWHajbgQnDJdDiHJvt3OHal4rNBtYwxxV/MDZtvKSVxmFwgx7nwNP0oKhAigQkU7Mvp1q5p3dZsdbGCUeFm2S5/qIxWPfr7wg4xocLNSsLW1EpGo6A2RUXWIV+lPuZd9dNEjGC5zKKAgMI94is6MtMXgqlFqTcZuQ9hvhoVDcFhVSJylu8pzk9d/tKviwcd98jHAhdfGpnc9eJbtyBU6/HvxLzQpsbFjwa3LGirEdtgxRZn2nJx++0U6XuLcbGwjOVAhkde6g2vFv5hsC6KaZQcp4AFvMvEdJyrnb0b2TOeOD8zEljb8u2q/eexCRSjGpobEINwu5qV+tF9eHIJ1YFzhCSmmLGKXjc7bC8uv5ffl39JmAbUrffd18zqae+Xpijd+QzwF425NG9+PksAt+PPzt4SDgGfKBIpMNFxIb18oo88z4YDLuNzRy/HVF90JV0LlAxES4ZOxoWUjJPrR6dGxNRANYOyFGmoN+yG3B9kd1NRGRNGh5P9EtZBxlPIi24djzF1n4GQSW1NFDgoGcxaXhk0PlpPxwuHK0X9FkFDDzQUYNBhx7py+hev5rBUCs7Yhj5xgcM88fdLRZi8MulNws=,iv:8c3hDcJ8wzTugmJ3Mhzx/qEXnnlpFefBmRTG/MqyeEg=,tag:uSz6+CYu9uQa0C2DXnHPUA==,type:str] wlan0_saePasswordsFile: ENC[AES256_GCM,data:ylY1LwMYlHdvYIVPIIr65BuxkW/BHCikkbGO5nNSU9WVekWiDXNIt2EQ2sYcdqnvZMGvcG0G4SQvCwpNO8ihh/RqcLYpTxldI8zwSqAwvATu7prV8l2bCvBQ+NXZ3yAW,iv:L6ncjd0u316gF/3InI7cuqO1kDpH7ahWGcsssYfb2YU=,tag:IAqt8vSDjW3OasOTJ44PeQ==,type:str] wlan0_wpaPskFile: ENC[AES256_GCM,data:I/30uOrCPoWqnNq4WelPsDMevrmO+TuzmNrjMtPeCLS5MncX7BnX20YV5LxLsLCJS0NmCEqE58pgpeQEaUUcR0YRejCdO0yZnpMRbla6IR/irNSR/xctDQmMV6HYe6IKWE2d2LA/qWTkj+uBGJ0NtAsPIRLknuCwT8SLjClzF4/WCdoqHvxhBCESxhd3OTYr9op9uxk94iRxKsFfUBuNnckIeT/tQKqOQIHlkpperGBNRtTZ9q+Glb6lqFO1o/BJ8tAGpw0qyNO48jrRAtiIG3sauMH+UPWp86AYPhwQjwA6iDReFoH5KhZsohJSTX4vwoj46yycOTPu/loHrxySBSrYuRyOuIv7mwpRVZgJP+c3ZcngVncE3YQhLA==,iv:AlQIFKqcFSnyH1LrRN/XaTTocsMjZM20YHWcz7S3gCE=,tag:octNvum5lOOUOS6ALJ0x4g==,type:str] +wg0-privatekey: ENC[AES256_GCM,data:5/5llD0itgdKhZ53IbtkwfhO+qUI+/xBCxnfQOg9yjS7knvUINURY7rl/F8=,iv:86t6XuY4a1rHY3kmC3XB6WwwPZVWAyM2saGqEZaHdJ0=,tag:4xemlclKI4RIxAe60HGuuQ==,type:str] +wg0-publickey: ENC[AES256_GCM,data:D/RU+43/bYhg1lRZE9zA52AIWGd2KRF0EQcvteS4CtQN0Yy65vjGqVEkjyk=,iv:BmS0TfUQXRt1tdWBBKIUi+DqXCLTXePzbq4dUYSlQQw=,tag:qglrKjhcSBPtqNd6YCMlPQ==,type:str] +wg0-peer0-psk: ENC[AES256_GCM,data:859rOfvyaeaH07s06IT2qJZjXcWZiXazQPUImYOMngTj+xNop8UHX0iDegA=,iv:V7cR9mGQrk6aKctY+1egYFhBiveqc0OwrQSJxByk0zk=,tag:WF5via8rVm8Leol5rANPqQ==,type:str] +wg1-privatekey: ENC[AES256_GCM,data:Q3zb6oLhBqW+D063S37O2vZD3PSn3yIYWWkOtZwvpmMmdAMtztGqdrHzXRE=,iv:tIEDtHa3s2/Shg6Kw/8G+xjtixH32fxS3l5KtR2VUIs=,tag:JpKjYmV2pPip9hDkKg8pRQ==,type:str] +wg1-publickey: ENC[AES256_GCM,data:7svFjRVdWBmrUt2qzHSmgBo4HPwJR6I6p3rZg2U+h1uVhQwCnUCH6JATVZs=,iv:xWUKpjmmrf/U8T8XmdL4Ox+aqkftnh8oeORCkhtJoBU=,tag:+k+E13X+EbZxfiq0MoGIEg==,type:str] +wg1-peer0-psk: ENC[AES256_GCM,data:egtyccOYD4NAUTunpvVXTJwjtSdJJT8v5O9Wl7NoCKy2eDzrQvrEEK8Zzts=,iv:D7EQkj2Oz2JJIF6slTLq3A4esKN6VfkOA+odHvjSeUE=,tag:z/blOUXX1JOyqtXgMldnlg==,type:str] sops: kms: [] gcp_kms: [] @@ -21,8 +28,8 @@ sops: THRNR0tEUzhPdFFhWWxvZlpKYmZKM2MKxc5s1jsci8jPOrvZAoofVNvHT4o9P6yv J8rALQQXgql6obK51Q/Doyzvo1RJ0T7epiWEAZm5B3vDrf6KqbWBYw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-12-25T21:25:35Z" - mac: ENC[AES256_GCM,data:Sk3eyBaxhL7cX78YprYsv75oO+auEoxxGHCk1MRYGcAkat3vrc2vXjmKn6SsVQC8SWvu2YR2dOGU85Z7FCUUmmnwKeh+1PKMsurwfrNkB4umADXjaESNUWNevzAK9LR4pI1I6rGzl7mFEFYGEPd948JMOfkIfwNm1KMmETGkkI0=,iv:UzfDF94UFjPuEgRkpkRyLxSwZGymZclboHYQ/HxulJQ=,tag:MIBhvegV4NaZF+nGShotPw==,type:str] + lastmodified: "2024-05-25T19:21:30Z" + mac: ENC[AES256_GCM,data:TulnMjElIqQOgimCrMRk5kIXYED8GvnTQeefoeTCpgndl9fbraPjB5O4VMPJkotgWDSn4DF7QTUSarVB/6Th87xe08RxdOAW1maj5i3ZlMeKoGOHGNp3nVEpaaC455qtW9ZfXW1gxoG+HRBtsFJe3ZYV2gban+ByDVwiEdr501w=,iv:LQVUB+LE0xSBznHayhEGKXvJsz0r9Y3iDhS6JGx2paA=,tag:QR2Fh+GqOiLb4j2xKE3E7g==,type:str] pgp: - created_at: "2023-08-11T16:15:11Z" enc: |- @@ -40,4 +47,4 @@ sops: -----END PGP MESSAGE----- fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 diff --git a/secrets/router0-nfmnk/secrets.yaml b/secrets/router0-nfmnk/secrets.yaml new file mode 100644 index 0000000..df7d851 --- /dev/null +++ b/secrets/router0-nfmnk/secrets.yaml @@ -0,0 +1,43 @@ +#ENC[AES256_GCM,data:+I8pZeH8kkkGaeUJ7A==,iv:5Yv2K6pU33CA82oCspb5exjaAPMRszslozTphxvDhbw=,tag:OpKwj8SYXSMcLlusEVX7GA==,type:comment] +age-key: ENC[AES256_GCM,data:8L4IWs31RUXGns25pP6BrhFKVAYvVY7yIOe6MSk4abvgks2eyHnQDTiSKVUQGjTyZFVbQ4mtF9O8CmqqlaK5z4nrUYSUN/Ustc13L98V+PMUOxljka0UL/pOe36aHEQz3Z2MuobEtZHwccPEqWhOlF2v+OgFQ4Kp2Vczw9REf4ahxyqz3fz58ymR8HKfTHD7YBawEAgYU6WVyrLfyA78860pkjlYMwhnjkVBvkP/zd4H+L2JxzjwUeUCqcm0,iv:8RwmmtgKqLsJov+DxNjvtjPk8t8yVmRhRa3k5HdCvgk=,tag:CZoZL3aYucIk1JENWY/mMQ==,type:str] +#ENC[AES256_GCM,data:62US77UkclVlR3klMH6P/oYC006vFa6DEVgvmemMFh6INuw95NyRwJaiMs4EGaNFuX+jkfBbtlm0MQK73rXfGxg=,iv:UALT0vebke8KDPdroZnC3rSUCB0CmlX9dfbLqNAlJ7Y=,tag:iKxAWDTdUZDBD0PWfomeWQ==,type:comment] +passwords-root: ENC[AES256_GCM,data:ummvEe+5HipUvVEyHLA6NULuWJuPyv2VqlXEZFp/UdybLU+1t/VRo+KPLYRPpXQBbsBaHVa/XOiOqLK9dPDHuVZBavnTTMC3Yg==,iv:pqjtzPH+T8CLJsJusi5CpVklPUAnioIoTjBXAR3y620=,tag:vrGzZlRX1TJ5b6Wxt29V+Q==,type:str] +wg0-privatekey: ENC[AES256_GCM,data:6BR3zB5oDPu5XyM5pgrdXoYKvwf+rAK7ngDzLcIQZnr4JH2YXH9UWERjVpg=,iv:2Z3yG+fWC4diGANCurCEpA5ybEpMdE1t/rviRJtUE0Q=,tag:4sqnLfAnxQOAci37RCY6jQ==,type:str] +wg0-publickey: ENC[AES256_GCM,data:7QLstpkyVDFU5oxgRdVYdBOZB1tjKMbzxgZtCYp3G1+AO85ir6kNXo8P65U=,iv:XRnPg93nnSR3h+R/K2rh1QYgmdJTE6i17ZomMf0BJ9k=,tag:fhyySGI0y5swGp3ot+q3pA==,type:str] +wg0-peer0-psk: ENC[AES256_GCM,data:p5V/8fFEmozG6nFCpHNcWNdunYlHxnsnW+YjTAIEXlm2ku4yEL45H9t9/Sw=,iv:jDZMhrZIJwaDWm+s6aXVWovdo116q2D5cUyHzMdWCIU=,tag:M5IebfGfeL6VW+OOgtARpA==,type:str] +wg0-peer1-psk: ENC[AES256_GCM,data:l8H0bDF2XXq6W5sJCXHUEWqIJu7YvAyqhPaCEK/Dcviv7lnwvKNLxO55i10=,iv:ADAFkWG+cbqvqfwNdaHv7ONqFtWjmAhIf0hRFBW6X6c=,tag:hwsljm8GlcF9NeHHE5WTXg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1x8fcjgaknfh5m2s4f0r2mjtfdjkuyj74y39jmh28k2pp5hmn25nschlra9 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3TmJFN2pLczE2eXg1bUZv + dXlmV2hzWHI1dkdHcnk3S0FaU1N5d3RlSnlzCmxObnZqKzFhLzloVWxxSmRPVEJD + ZUJlUi9lL2NkNFJESkZiM0Q2Tk00MEUKLS0tIEthd3FZeXNJbzBuU01EMGxUY0VW + cVlibElsOVR4RG15RTR3bnh0MVgvK3MKhaZLzdlPmFW04Qjk8V7Lkr2EZW8nZT4Z + X3yM7cyoinI9N0zwfArXMnThp2u8w86romQ52e6oy7LCKeKqrLpQ+A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-05-25T19:21:33Z" + mac: ENC[AES256_GCM,data:zw79GU+OINSJWy0hHeV33ZOPkrxrRCyd31XpcbWAIkactRL4rumXhHWxcd5QAvmloFa8Rb7q6drRIu9kt7nXrr8+HK/xWoj+AxmXHFMEi6aC0xdhsyBfl7+Jq3SRTUf6tHFxyHVRVWyZXnhV59xf2Vwmy3R5/0vq50c8UQ8vJww=,iv:czqwgGcLXR+FyXpTuuXIH8pF/P1s1FrZxtqI3joLZCg=,tag:DUq+cACVStNX6u8LfYIQTw==,type:str] + pgp: + - created_at: "2024-05-25T18:38:40Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQEMA0SHG/zF3227AQf/YU2onj7KSmYwuZUOVjSKcLEC5H73eRR6qAms5vlHoIot + SDlMdcYsoz3nStqb0QTEACmChYy1ZpwCSqkVsPzyhQNlu9xuUiZU2VUV2M7umLjU + EL2hbVD/tdPhf4hb1sHWfHWYaIb9nZ++Y0Gnl+6fKcZMPRL1t1FCAv77Wh7qocKh + RI5EkhSOm0O0Yv17F42bG2xMEP+Bkjd/76fvZeic7q7MF9gt08Mzs/pDnvxjYYP6 + nrR2zlbiCEhZBpbWNexlqWbl8TXpZq/HIkaDrplJExp78XQETSi8YCqIPhbD11NU + aKD7XwAtcGJqzaQNHpo0dcgGC/ZlBM2JFuT3f1FhOdJcAbor1d3CVA2sUOMUfCB1 + eKqJaNsiS5lYmtVlEsRu3YISNP/b8byLihoEliQSq/CA6Du9ya/ffqAuErh/biEv + 03KS+MO49uxXvER3XU0SFEYT+ecWPbNfllMGJJk= + =/YnW + -----END PGP MESSAGE----- + fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/secrets/shared-users.yaml b/secrets/shared-users.yaml index 66305f1..f0d6b66 100644 --- a/secrets/shared-users.yaml +++ b/secrets/shared-users.yaml @@ -16,100 +16,109 @@ sops: - recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzWFp1QUNPeEJDci9ibTg2 - ZUNkMVNld1ZxNkVmUk9jMld3L01ndWVtakZ3ClQ1V2crS3hITG8rSmx4OWE3RU96 - SC9xb0VybDZDN0FwU0JTTHJPRDB0QkUKLS0tIEU5cmh3bW1iWHJ4RDdrUUF0VG5M - MUhWRm5qdnpCUFZ2N3FvL1FITDhNMmsK1TKbM1jrJMvy16yhZwLGcqOan5RTiKYu - jVaSgPaxJLPhtWReAH5RM2JOmrET1DdI7q8vFD7eaJIzKdBxAIwhQg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0djVXd2MvMGx5c2RMd1dM + SkFVL3VUeksyRjZmTkNKZWl6Y2N1M2NWZldrCkpzYy9aMTRzSGU3SlJLUGszUWI5 + NnZDb21MMmd6Rk1iaW4vMDROcS9MQXMKLS0tIHQ4S2FqdFRPNlFJcmtnNkVIazdS + OS9oNTdjQ29YamgrUlZ4N1JtUExuQlUKPsFIiNz0jxcA91+i6WeSTchO8F/9WjWO + SgGsoRYKCXIXmIunib19LqI3DW4yE5YoLsvh6UMhFcKsqKObhf91IA== -----END AGE ENCRYPTED FILE----- - recipient: age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6K2x0c0swK1lHb2VCZi9v - RUo5VkRPayt2V0RyRVVhSlRGME5TMm9KZFRFCnY0NTdEb1FqK1JUaUdmQ09mOGha - SCtMVnRWYUpmYkM5OUY4TlJQd3MrdE0KLS0tIGdiZFpuZnFiNloxMTNFOWhoM2hV - TlovVmMrVHdDdmQ0dnRhZWxRZHJkMmMKpYOiZy2BVhddpSNiXasycmDaD9lA8irk - ThkO0iaLu2fG7RhT9A9VfXu6eE3ZHN6vr4hv/ItzAbP+T8Ro+Yvwfg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwcjFscitrdTJQVFlUbDQ4 + SEZFb2IzYzc2TDV0ZHV3RFJPekhvYnFFM0JNClE4U1hLaWtKaFA0anMzVWhra3F0 + d0NjcmRuUkU3bktBbDR0ZFZBQ3RGaXcKLS0tIEgzamVrdnBrYzdmOVQ5cTI4ZVAx + TVdNMHQ5dCtJN1QrN1d4SkFIVHRQQlUKDAXRh+T7ds0k5qNMjYzhlXKIka42EwXF + eQLAeqPkggpJy/N5B4Ia0k/QwBm9TXRgyE8hqf/GMnX0D0oW4CT2ig== -----END AGE ENCRYPTED FILE----- - recipient: age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuS0FVR3N3YnRlMXBwMVpj - elZ6dVlyMWRoSUx1UlVmYThBcWFFdmxEWTNRCkhFZEVDUGpsS1ZmelBSQVpZUWVC - ZlNqcm9EVXF3U3hLYThpbGVSeVFDNDQKLS0tIGV0bkI2aVNmbnJmR2lqSFVLMGNr - aVZFd091T1U4QVdVcWtSbnppd3BEODAKPzj/phV8BijdFewcwBV+loKk4o1tBJ6t - CP8kwiIb03/lCd9HmyLgAUt0PlMJFbT4FJNEjwBstMErUdvClXO3dg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3OVJzamVZTGhmSk1MQTMx + ckJOSUtpcU9wOGphV0QvSVh0VkFEc2RldEFZCnhQL3JVWmprQ1RJYlJwNHdvYVI0 + YTFLeFprTUJ0dENEQWxhMWg1eHVKZVUKLS0tIC84RzNaOUVMWjhMdGM0RVl5Wk5m + c2ExOXJBdE5pY2g0MXlxbHJTekNjQXcK/P3Q2oxcS10nETrUKBbHRK946MPNtn18 + MbkiVGUy4LFVQWv4Zeg0QtXg/vY7ToEAB0sSZq9zgFrorhaaTWoZ3g== -----END AGE ENCRYPTED FILE----- - recipient: age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwOEZ0V2pOcStDb2YwclZG - U0t2RklFMkJQdE82cTVDK1NGMUt5R2R0c0VFCmV4Q2Rob2E2REVMUlRkeS8xTVVu - U296N2FFRHpmRnJPQjRBUmRaMEpnL2cKLS0tIFBseEpvSTJ0azBRUEVRa1dqT1RK - bFVpbVY5RU01R3pEcWFsQ0pkQWkwYlEKIW1AmTBR1UIjD9n3o2QyWb/FfUUa8qQz - b0GtaaQkY17GyoBzrBh0G4D2yziPy8N9AwOTaaDJ7l5VZq9ydKbTrA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZSHkvcEdNdnhhVEZBNVBY + akpUdkgyTm44Zm1XclBrbG1tUzBQMHlBZUNvCndlVjRKOVczYUZBeWpacHQ4OTJC + T1pvdFQ2MExKNnBoQ1ZRb3RQeW1NeDAKLS0tIDBQT28yTzVoZ0h5SVlESVNoYXR2 + aU5mMWloSmpSalVhR0RWRGpTTmdHbG8KG2kC5cgaGluNtQti1WdfJFNg5ZICDIxn + Zp9amoUvT19cb1pjV5l7P8+EKg15+4BY9eGAB74yzR/R675YhRhygw== -----END AGE ENCRYPTED FILE----- - recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2YTZGb1pXSWZVNk95aFVp - UTFDUHlweGVUQmV1KyttSXpjeng0WFd5d1ZFClJwL2xGVmhlTlJzNVhhaElmbnl2 - K2RmUlR0SzNkMWhmb1lOTTMyVUt4Rk0KLS0tIElFV0hCZVRwWTNJYldmR2ZYU2Rm - dHRuVThQRm9NT05HdzdHOWh6R2dLYnMKvrsQXgfRyHOl2aN64JHPXEdlvcHynEss - I4dCLuvKuPh5WjcFZ16zidGzffNKZTHsXPv/WKFUsy20lONByRuRbA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3dkE3OFFQTXFpWWlZRHhS + Y2xKa0tkZTEwU09xaHd5R2NqYnFlanRlRkhzCnV5QUZ1QUxkcHpWMUtXNkdJakx3 + cTluR045QTZJSldDdjhhTFNOSmhIbDQKLS0tIEFDdnQ0RDlERTUrb1dWSW9OcmVW + Tk8xZEVPS1gyWGZUckZrdFFpbmlEUmcKWSqJ5bJ/vY79y9CA7KSvg8+I5nyP8PmZ + /EZEFld4gx3nQ+A9nWTU+WCL7vouZWO47AEraEkMu2I5Y4XprarcRw== -----END AGE ENCRYPTED FILE----- - recipient: age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4WndIcHhndkVjazRKV3Rq - U2JjYTZyYUhheG5pSlI0VE9tZ2w0SlRBM0JBCm1YSWxFa0RjVUhFb2xHMnMxbGZy - S1V1b1RMVExFRW0rUU03YXNjejJ3enMKLS0tIHlwdHNNRHNYL2xyeFFCcHdIVFRi - MDZaQjREbWw5aG82NG1Ea0J2d0tTMWMKCodGBDTKbq5qcmtrAh0HrdZ7fmEx8VhH - InCa5SXSRo7cVQe6VRBczF3RC/Mc2u+xzEDd1XbyGviqt1CkI1UPRQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbGJQSVRCZnVHVzNuSkRV + K2JMc2xjQmk5SlRoV2QwakNmRmtBK3duaWhrCkIrQ3pHdUtRYVpQVWdpZEpSZkw0 + OGpCVEZjZVBjQnoxRThOTG5XREFrcWsKLS0tIFlMWGF0WU1IcHRva0laSmpkZHpG + LzlYaEpvSnlLM1psVkgxQ2lTM0tmMWcKlbgNVUxycS0OlBnMhQTHIQG6ymXvewJP + byY+qCJBzU1Nc3XuLhng9NkwH/E7YCrjC9ExSYMhwJmlT9k5T1mG/g== -----END AGE ENCRYPTED FILE----- - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDa2YzeTBEOXlIcUJlZlVl - NUdCTGRYcUhOa0dkRjR2RHJNZ3VWclJWd3hjCmFZY0dEVTlwb3lNajE2emFCZmZ2 - SkhTejc3cFA1Yjc0ZHF2TjRYZ1Qvc1kKLS0tIGxDbWNjaXlvU2ttbDR4NW9UYThr - OWRZb1d5dkxETCt1RThQK0Z4cmJSb28KGrAeCR7Q37WwyEzHT5CvaMVmVUoyv1s3 - dDbEu8mtNhDBi9LYMwfbXiZHAlPWQ1Ogveot8vc4kMOAlvWMR4FwdA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMTXdJajRyRlNvdGIxYTJn + NGFJN1pqRmtadDc5amhBTVNnQkRiZ3A2UVUwCmltVnhrWVJRL09qM2RqbEJKUmVu + STkzYzlhRld4emtrbTJsWFQ4VkdCcVEKLS0tIEVVcVRDWU9HK2s3OERBUmFFN1NF + L0RwTm9qUXBTYWlra2JXM3hsc2NUNVUKUFgLswYYPZJMn0TcvSFnjfR4NAwdYjAO + p4ZmxLaXFWY4E4lnsg2Ka8BUc7C8IXZprj0Qh1o3K4v0LXsSrmfKag== -----END AGE ENCRYPTED FILE----- - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRT2dIMGFEbUErU1pYUXRR - Yk1tUmx2R3BmUXVhK1JMd3J6WVNwOGVmRkUwCnZBSGxvcFd4Y1dGbkg4UEF2RUxE - TUdpVGV1ZEpFQmNWN1ZKei8rSWJtaVEKLS0tIGRLd013RVB2eHhXeHpXbWoyaktu - OExualc3eWk1UGgvZDlNbWZydXBXWkUK0vhwGhegmrQASWqFQYpZgJungzt7vtfC - sBna05p6lnSEdtclUa1MZ/a9wlqAtmrA2fUarLnc6/bs0K8Oz9HRPA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsU2ttUWJ5UkdWNzFkb2du + cTl2VkVmVGVzTUxlTm5jSkZUL1F5SzIvQlFRCnY1WnFWc2RMRnhOWlI2aGU4ZW5C + STU1K0V3WS9JdDU2dWE3QVA4bE4vWVEKLS0tIGJWR3NxZEcxak5hME5hQVJiOW8y + RFlXc0pOdVdNQ0lxR1JMNXpEdU9rQlkKZmZ/FUX3k7KrzXnyFBkpRE2DsJCC5O/Q + 3KkMqWsR/93N+ujs8DhDv49sNFmdYLzexpNEsDbXour5FwvB/0scIA== -----END AGE ENCRYPTED FILE----- - recipient: age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSFIvcUEwbnZ6Qm95V3hT - SlBiSS9ycE4xTmpRR1l0SDZKYkFNVmtXUG00ClBKYzBMSmNOMmdCSktGV29WbFBE - U0x1K2dsU2FoVVBPSWthZ0hmRkdTKzAKLS0tIGhZaU9kQU54ZzNWVnhLNEozWXZN - Z3MvRnRGSUlVNlJVdzVEMjcxNE4xbWcKkS3GagirASPe/XnJgwBIZ9cCdyeOi9Uy - mcD5Pa6AU7itXL9pHtDcMUsDlKkKYWSUtouW8wAESWdXfFBd2Q+Vgg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOYnNiYkpqaCtySGdIU295 + NkdjRGE4SHpVY2pXR1Q5TzloRVViYk5yRDFnCjFpbHE2RDg1RGZzdVZOdzlJSEVD + bUcvMUc0ZTJZZktsMVNkenR2RUl0NEEKLS0tIDR1Ym9OcFZFWk82ZXA4NWhxZ08w + L3lPZmd2TTBuZkkrOEtWYXBHNnppTGsKn6ez/ALZ/6oYs+rGghSij8iobHNVsmDX + Pg7yRSSBNUMSR4Dr3a/nGDuFEhLzTd/DyWSMAqnvo3kdETc0DB6tuQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1x8fcjgaknfh5m2s4f0r2mjtfdjkuyj74y39jmh28k2pp5hmn25nschlra9 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwR293bFZZT2tnRk8xeUJM + N1V4UWxHSDNsdldXdENpY0ZtSTc3dlNnQ0ZnCnFvWDhzS0xoSjhyZ0dwUGlQYnFm + WGdiVzBhZmJ6OEZCTXJ6MzhTVC9CbE0KLS0tIEhPNU9NTHFIT05jN2ZnL3doUHBj + VHpucmdFbU8rZ3VHYTNNZG5VUXp0aTgKYY/Zq+Rpeql+opkVFLubXdFi/abWeeSu + 1LPMEFezGuuMnRDQlWrNAd6mR1yDW1T62md/wAH5O2quinVO5kKOjA== -----END AGE ENCRYPTED FILE----- lastmodified: "2023-07-06T20:14:22Z" mac: ENC[AES256_GCM,data:GPWu5DjjJ1ki+HRuedGdDCt+2V0RPbOsD/yWJxPIkgu5923vnF8y9y4V6e6+ZsTqHv4hsKeCjKtUnh2Ldn+xadwJmqrIxyJ8NzH5TOvcBxAab9cJCp/yKENw0O1WMUTlDPelvQKMDwbgiebaVVfxbQPUEfJGOgkHkyXrgqN94FU=,iv:h9YALYahUl7mRJmZKjArEfaMrfW9YZkVYd2CEooF13Q=,tag:wotqxup/ouG/bEVOZCs19w==,type:str] pgp: - - created_at: "2024-01-23T09:01:13Z" + - created_at: "2024-05-25T18:40:21Z" enc: |- -----BEGIN PGP MESSAGE----- - wcBMA0SHG/zF3227AQf+Oo8GZF91ry7FhASb7USKTxKYFfdlJPWDxLFtBNSFkqdV - U7tOgAB3WJTSlED8Cs+6gyNNr3n7Y6p2KaOLYjft05T/Ms9pDuJAV1S8Ogfo5zys - W7Ss4hkCMZqIXZXTQ03yZner+8o8v/F/f0SPNji8znT2qZmLZbhwa2IPjmORo3L7 - y4F38IVie8keQNWObSFqd7qVqKynHHg+ur5NmVgUAVO/wMg6TytV3Wa11Hfq50tc - EenVAyBW1GUOtsBCH8MOCgH4paZcrzkBPU2dK9UppUWzB5RxayIZT34Qf4mNHwdL - sa83I2MwMp0fuTW66YvJPR1vjcYgY/wOxxZw28biidJRAWpiGsPhGKg+AHmHNp/T - NjN/7MVxZMUX/DHm2LmF6sjSp99wqCl8yvEIrXcGXSSY218XZ0QgXQRhhErwCEaT - JM145ZTHicA2qi4NqMkfsvjf - =6arN + hQEMA0SHG/zF3227AQf+OkqA8iyYdOxo+43xpHvS9flq9TGucdzI+jldU0M7usG1 + 9lh51h7gY6p4xtX+yt5+7bzqaNYQtXlG/WvnK/9E9df4vLiAUmKbUM3jN2OhgHzm + 8/WM7yez27EEqdKuipWG7NEGwCHHCEdN33m1BJ+nt7bKJ56yiNbg5TcaJhmZrirv + qiFmDKV1jJ80o+vRz6oaSYYh6YYOuEUkOufidJKQfSJCsC3xbPqwcJYfmAGNm2j5 + A/m0N4QVNW/vxO2cEKv4e0RXqQc3BsycGu7TBAZr4QbX9o1zPY82uvCWYNbGq9x4 + sgrXoXzBoGocPlEyaTaoD73zdx4di2qcnmWkIt5o29JcAW5w0g10kmuZfKfX8utm + L2wQ0gODvXHul5pBNt3Hgei+C8SMtfg3HPHjYK0F3iXt+KoIYDcl/NOWZmRuOD6F + l9iXEDrVmkcjRXNshHtQgxYSi+WSs3LiNMqU244= + =d1S1 -----END PGP MESSAGE----- fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B unencrypted_suffix: _unencrypted From 645371aca3d526505d8731369346e742e4cda82a Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 26 May 2024 22:32:38 +0200 Subject: [PATCH 088/305] WIP: use two wg interfaces on both routers and route traffic via distinct ISPs --- nix/os/devices/router0-dmz0/configuration.nix | 158 ++++++++++++++---- .../devices/router0-nfmnk/configuration.nix | 44 ++++- secrets/router0-nfmnk/secrets.yaml | 8 +- 3 files changed, 164 insertions(+), 46 deletions(-) diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 686d3b5..0c51354 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -211,7 +211,7 @@ in { vlan.interfaces = builtins.map (vlanid: (mkInterfaceName {inherit vlanid;})) vlanRange; # lan.ipv4Addresses = ["192.168.0.0/16"]; wan.interfaces = ["wan" "lan0"]; - wg.interfaces = ["wg0"]; + wg.interfaces = ["wg0" "wg1"]; } // # generate a zone for each vlan @@ -363,7 +363,7 @@ in { systemd.network = { wait-online.anyInterface = true; netdevs = let - router0-nmfk_wgEndpoint = "${repoFlake.colmena.router0-nfmnk.deployment.targetHost}:${ + router0-nmfk_wg0Endpoint = "${repoFlake.colmena.router0-nfmnk.deployment.targetHost}:${ builtins.toString repoFlake .nixosConfigurations @@ -376,6 +376,20 @@ in { .wireguardConfig .ListenPort }"; + + router0-nmfk_wg1Endpoint = "${repoFlake.colmena.router0-nfmnk.deployment.targetHost}:${ + builtins.toString + repoFlake + .nixosConfigurations + .router0-nfmnk + .config + .systemd + .network + .netdevs + .wg1 + .wireguardConfig + .ListenPort + }"; in { # Create the bridge interface @@ -402,45 +416,47 @@ in { }; wireguardConfig = { PrivateKeyFile = builtins.toString config.sops.secrets.wg0-privatekey.path; + FirewallMark = 100; }; wireguardPeers = [ { wireguardPeerConfig = { AllowedIPs = [ - "10.0.0.254/32" + "10.0.0.0/32" ]; PersistentKeepalive = 15; PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path; PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; - Endpoint = router0-nmfk_wgEndpoint; + Endpoint = router0-nmfk_wg0Endpoint; }; } ]; }; - # wg1 = { - # enable = true; - # netdevConfig = { - # Name = "wg1"; - # Kind = "wireguard"; - # }; - # wireguardConfig = { - # PrivateKeyFile = builtins.toString config.sops.secrets.wg1-privatekey.path; - # }; - # wireguardPeers = [ - # { - # wireguardPeerConfig = { - # AllowedIPs = [ - # "10.0.0.254/32" - # ]; - # PersistentKeepalive = 15; - # PresharedKeyFile = builtins.toString config.sops.secrets.wg1-peer0-psk.path; - # PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; - # Endpoint = "${router0-nmfk_variables.ipv4}:51820"; - # }; - # } - # ]; - # }; + wg1 = { + enable = true; + netdevConfig = { + Name = "wg1"; + Kind = "wireguard"; + }; + wireguardConfig = { + PrivateKeyFile = builtins.toString config.sops.secrets.wg1-privatekey.path; + FirewallMark = 101; + }; + wireguardPeers = [ + { + wireguardPeerConfig = { + AllowedIPs = [ + "10.0.0.2/32" + ]; + PersistentKeepalive = 15; + PresharedKeyFile = builtins.toString config.sops.secrets.wg1-peer0-psk.path; + PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; + Endpoint = router0-nmfk_wg1Endpoint; + }; + } + ]; + }; } # generate the vlan devices. these will be tagged on the main bridge // builtins.foldl' @@ -471,6 +487,48 @@ in { ); networks = { + # places options here that should always exist + "lo" = { + matchConfig.Name = "lo"; + + # these are roughly equivalent to: + # ip rule add fwmark 100 priority 0 table 100 + # ip rule add fwmark 100 priority 1 prohibit + # ip rule add fwmark 101 priority 0 table 101 + # ip rule add fwmark 101 priority 1 prohibit + routingPolicyRules = [ + { + routingPolicyRuleConfig = { + FirewallMark = 101; + Priority = 30000; + Table = 101; + }; + } + { + routingPolicyRuleConfig = { + FirewallMark = 101; + Priority = 30001; + Table = 101; + Type = "prohibit"; + }; + } + { + routingPolicyRuleConfig = { + FirewallMark = 100; + Priority = 30000; + Table = 100; + }; + } + { + routingPolicyRuleConfig = { + FirewallMark = 100; + Priority = 30001; + Table = 100; + Type = "prohibit"; + }; + } + ]; + }; # use lan0 as secondary WAN interface "10-lan0-wan" = { matchConfig.Name = "lan0"; @@ -484,8 +542,18 @@ in { IPv6PrivacyExtensions = false; IPForward = true; }; - # Don't wait for it as it also would wait for wlan and DFS which takes around 5 min linkConfig.RequiredForOnline = "no"; + + # similar to + # ip route add default via 172.16.0.1 table 101 + routes = [ + { + routeConfig = { + Gateway = "_dhcp4"; + Table = 101; + }; + } + ]; }; "10-wan" = { matchConfig.Name = "wan"; @@ -500,7 +568,19 @@ in { IPForward = true; }; # make routing on this interface a dependency for network-online.target - linkConfig.RequiredForOnline = "routable"; + # linkConfig.RequiredForOnline = "routable"; + linkConfig.RequiredForOnline = "no"; + + # similar to + # ip route add default via 192.168.0.1 table 100 + routes = [ + { + routeConfig = { + Gateway = "_dhcp4"; + Table = 100; + }; + } + ]; }; # Connect the bridge ports to the bridge @@ -594,16 +674,16 @@ in { enable = true; matchConfig.Name = "wg0"; address = [ - "10.0.0.1/24" + "10.0.0.1/31" + ]; + }; + "50-wg1" = { + enable = true; + matchConfig.Name = "wg1"; + address = [ + "10.0.0.3/31" ]; }; - # "50-wg1" = { - # enable = true; - # matchConfig.Name = "wg1"; - # address = [ - # "10.0.0.2/24" - # ]; - # }; } # configuration for the hostapd dynamic interfaces # * netdev type vlan @@ -1138,6 +1218,10 @@ in { pkgs.ethtool pkgs.neovim + pkgs.wireguard-tools + pkgs.tshark + pkgs.tmux + (pkgs.writeShellScriptBin "dbg-ip" '' echo links: ip -br -c l diff --git a/nix/os/devices/router0-nfmnk/configuration.nix b/nix/os/devices/router0-nfmnk/configuration.nix index eb0fe49..2864383 100644 --- a/nix/os/devices/router0-nfmnk/configuration.nix +++ b/nix/os/devices/router0-nfmnk/configuration.nix @@ -147,8 +147,12 @@ # these will be configured via nftables firewall.enable = lib.mkForce true; + firewall.allowedTCPPorts = [ + 5201 + ]; firewall.allowedUDPPorts = [ config.systemd.network.netdevs.wg0.wireguardConfig.ListenPort + config.systemd.network.netdevs.wg1.wireguardConfig.ListenPort ]; nat = { @@ -170,7 +174,7 @@ interfaces = ["eth0"]; }; zones.vpns = { - interfaces = ["wg0"]; + interfaces = ["wg0" "wg1"]; }; }; }; @@ -184,7 +188,11 @@ mode = "440"; group = "systemd-network"; }; - sops.secrets.wg0-peer1-psk = { + sops.secrets.wg1-privatekey = { + mode = "440"; + group = "systemd-network"; + }; + sops.secrets.wg1-peer0-psk = { mode = "440"; group = "systemd-network"; }; @@ -212,14 +220,27 @@ PublicKey = "hsjIenUFV/FBqplIKxSL/Zn2zDAfojlIKHMxPA6RC04="; }; } - + ]; + }; + systemd.network.netdevs.wg1 = { + enable = true; + netdevConfig = { + Name = "wg1"; + Kind = "wireguard"; + }; + wireguardConfig = { + ListenPort = 51821; + # PublicKey /RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM= + PrivateKeyFile = builtins.toString config.sops.secrets.wg1-privatekey.path; + }; + wireguardPeers = [ { wireguardPeerConfig = { AllowedIPs = [ - "10.0.0.2/32" + "10.0.0.3/31" ]; PersistentKeepalive = 15; - PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer1-psk.path; + PresharedKeyFile = builtins.toString config.sops.secrets.wg1-peer0-psk.path; PublicKey = "Ha5hsarCRO8LX9SrkopUeP14ebLdFgxXUC0ezrobax4="; }; } @@ -229,13 +250,24 @@ enable = true; matchConfig.Name = "wg0"; address = [ - "10.0.0.254/24" + "10.0.0.0/31" + ]; + }; + systemd.network.networks.wg1 = { + enable = true; + matchConfig.Name = "wg1"; + address = [ + "10.0.0.2/31" ]; }; environment.systemPackages = [ pkgs.ethtool pkgs.neovim + pkgs.tmux + + pkgs.wireguard-tools + pkgs.tshark (pkgs.writeShellScriptBin "dbg-ip" '' echo links: diff --git a/secrets/router0-nfmnk/secrets.yaml b/secrets/router0-nfmnk/secrets.yaml index df7d851..20fc3f6 100644 --- a/secrets/router0-nfmnk/secrets.yaml +++ b/secrets/router0-nfmnk/secrets.yaml @@ -5,7 +5,9 @@ passwords-root: ENC[AES256_GCM,data:ummvEe+5HipUvVEyHLA6NULuWJuPyv2VqlXEZFp/Udyb wg0-privatekey: ENC[AES256_GCM,data:6BR3zB5oDPu5XyM5pgrdXoYKvwf+rAK7ngDzLcIQZnr4JH2YXH9UWERjVpg=,iv:2Z3yG+fWC4diGANCurCEpA5ybEpMdE1t/rviRJtUE0Q=,tag:4sqnLfAnxQOAci37RCY6jQ==,type:str] wg0-publickey: ENC[AES256_GCM,data:7QLstpkyVDFU5oxgRdVYdBOZB1tjKMbzxgZtCYp3G1+AO85ir6kNXo8P65U=,iv:XRnPg93nnSR3h+R/K2rh1QYgmdJTE6i17ZomMf0BJ9k=,tag:fhyySGI0y5swGp3ot+q3pA==,type:str] wg0-peer0-psk: ENC[AES256_GCM,data:p5V/8fFEmozG6nFCpHNcWNdunYlHxnsnW+YjTAIEXlm2ku4yEL45H9t9/Sw=,iv:jDZMhrZIJwaDWm+s6aXVWovdo116q2D5cUyHzMdWCIU=,tag:M5IebfGfeL6VW+OOgtARpA==,type:str] -wg0-peer1-psk: ENC[AES256_GCM,data:l8H0bDF2XXq6W5sJCXHUEWqIJu7YvAyqhPaCEK/Dcviv7lnwvKNLxO55i10=,iv:ADAFkWG+cbqvqfwNdaHv7ONqFtWjmAhIf0hRFBW6X6c=,tag:hwsljm8GlcF9NeHHE5WTXg==,type:str] +wg1-privatekey: ENC[AES256_GCM,data:dcD5isfYT+diae7tS6OSEQiqEkrpUxw0io8EqaSUaaFxKf2RAqSqxEXkhzU=,iv:HVB+uJG0SwxH3gbSpyZJZnzadVK2MYWvaZ3t7vPXn3E=,tag:/q7hgBA45Hq3446w83ConA==,type:str] +wg1-publickey: ENC[AES256_GCM,data:08fRjmGysmgGwXgwGqtMmO4iMWNIOucRnD7l4qaCh1hVWAk2BbO3OcHw010=,iv:PfKUVRyjEVT2BBUCmruR026n/P2kT2Papq46DOFq3rE=,tag:AhyI1yHdEucmQEo6iHnznQ==,type:str] +wg1-peer0-psk: ENC[AES256_GCM,data:zlQv7B2Xm+QUzevsYDD2ckIp3PdEAOSEPv6UKYLKRUGWXKE9eLhC1dNq5t8=,iv:kehiDKfew68S2pfRFq5OyTm+Ixo05uiAiHDg30xhP4Y=,tag:0GSr1d26ALehewMF5b6woQ==,type:str] sops: kms: [] gcp_kms: [] @@ -21,8 +23,8 @@ sops: cVlibElsOVR4RG15RTR3bnh0MVgvK3MKhaZLzdlPmFW04Qjk8V7Lkr2EZW8nZT4Z X3yM7cyoinI9N0zwfArXMnThp2u8w86romQ52e6oy7LCKeKqrLpQ+A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-25T19:21:33Z" - mac: ENC[AES256_GCM,data:zw79GU+OINSJWy0hHeV33ZOPkrxrRCyd31XpcbWAIkactRL4rumXhHWxcd5QAvmloFa8Rb7q6drRIu9kt7nXrr8+HK/xWoj+AxmXHFMEi6aC0xdhsyBfl7+Jq3SRTUf6tHFxyHVRVWyZXnhV59xf2Vwmy3R5/0vq50c8UQ8vJww=,iv:czqwgGcLXR+FyXpTuuXIH8pF/P1s1FrZxtqI3joLZCg=,tag:DUq+cACVStNX6u8LfYIQTw==,type:str] + lastmodified: "2024-05-26T17:23:41Z" + mac: ENC[AES256_GCM,data:Ez/79vUHs+9B/v2qlUiPQeuYHRdvjUg1jJOt3C6xEnncDQ2fH0CUxKEIfjgJR7eatwvZSznprv2wCD8Ik0SKunjRI1UGe5JmrVstqoSDbo+MxpdwrqA8zC5unpRUYenvyo9m8ZW/DnjKz0ArorYjA9vid878MdemkHtSjjZzik8=,iv:2CkmPRjYYt7q7HAdEjIbJHaSUG6Yr92pEkk+Dd3E7LE=,tag:S8LPb0mEjRZQqawX310SOg==,type:str] pgp: - created_at: "2024-05-25T18:38:40Z" enc: |- From c04dab34c44a3529e2d089ba6391622e545fd15a Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 30 May 2024 16:14:56 +0200 Subject: [PATCH 089/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 50 +++++++++++++------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 741d9dc..d5b10d8 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -8,11 +8,11 @@ ] }, "locked": { - "lastModified": 1712513517, - "narHash": "sha256-VuLm5tTMqfS82NZAsNfsW7U+pTZ1+GcOU7gYR/Fb1Z4=", + "lastModified": 1716745752, + "narHash": "sha256-8K1R9Yg4r08rYk86Yq+lu3E9L3uRUb4xMqYHgl0VGS0=", "owner": "ipetkov", "repo": "crane", - "rev": "9caad1eb0c69a13ee6467035353b71a76c85ea53", + "rev": "19ca94ec2d288de334ae932107816b4a97736cd8", "type": "github" }, "original": { @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1716168343, - "narHash": "sha256-82oT27w9smpItZ+PyN2C0PjIwZYbIocwXSM4u1igXuc=", + "lastModified": 1717032306, + "narHash": "sha256-s3Sis+M1qTSVIehHrEKBzHBpqprIFJli5V6WojkJnYE=", "owner": "nix-community", "repo": "disko", - "rev": "6f01b9710bc4d3bf006eb8df928b4b15e0430901", + "rev": "8ea5bcccc03111bdedaeaae9380dfab61e9deb33", "type": "github" }, "original": { @@ -111,11 +111,11 @@ ] }, "locked": { - "lastModified": 1715381426, - "narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=", + "lastModified": 1716729592, + "narHash": "sha256-Y3bOjoh2cFBqZN0Jw1zUdyr7tjygyxl2bD/QY73GZP0=", "owner": "nix-community", "repo": "home-manager", - "rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4", + "rev": "2c78a57c544dd19b07442350727ced097e1aa6e6", "type": "github" }, "original": { @@ -150,11 +150,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1715869050, - "narHash": "sha256-FWfM+mzsJDQv129Xj696JjG1mnAQ3faopVGDRNM3lhY=", + "lastModified": 1717055643, + "narHash": "sha256-PerX/wPewJJh7vjnPFgWrAGw2UmClTMokeCAqijsxu0=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "f9caece23b14ccd308e72ee56c77e6cff62c2c46", + "rev": "24600ff2f0cde2cd182c26eab38f2e8c6db1c0b6", "type": "github" }, "original": { @@ -184,11 +184,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1715912710, - "narHash": "sha256-OGZZaQ1CvOSyg5rHG0EFB0hi3ByObzXwihMNNB/vwoE=", + "lastModified": 1716826272, + "narHash": "sha256-txqMPqKkJ9sqwE59RHp/rvHy1eFXIzqI+Mww/7JmAg4=", "ref": "main", - "rev": "3e183c4b988f5b2e1319787a6615cb07fcdc8e09", - "revCount": 72, + "rev": "3a002c5a6476f98ae7c88be25ac9c18ef4974699", + "revCount": 73, "type": "git", "url": "https://codeberg.org/adamcstephens/nixos-x13s" }, @@ -200,11 +200,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1712439257, - "narHash": "sha256-aSpiNepFOMk9932HOax0XwNxbA38GOUVOiXfUVPOrck=", + "lastModified": 1716509168, + "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ff0dbd94265ac470dda06a657d5fe49de93b4599", + "rev": "bfb7a882678e518398ce9a31a881538679f6f092", "type": "github" }, "original": { @@ -228,11 +228,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1716137900, - "narHash": "sha256-sowPU+tLQv8GlqtVtsXioTKeaQvlMz/pefcdwg8MvfM=", + "lastModified": 1716948383, + "narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6c0b7a92c30122196a761b440ac0d46d3d9954f1", + "rev": "ad57eef4ef0659193044870c731987a6df5cf56b", "type": "github" }, "original": { @@ -260,11 +260,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1716061101, - "narHash": "sha256-H0eCta7ahEgloGIwE/ihkyGstOGu+kQwAiHvwVoXaA0=", + "lastModified": 1716633019, + "narHash": "sha256-xim1b5/HZYbWaZKyI7cn9TJCM6ewNVZnesRr00mXeS4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e7cc61784ddf51c81487637b3031a6dd2d6673a2", + "rev": "9d29cd266cebf80234c98dd0b87256b6be0af44e", "type": "github" }, "original": { From 60fac3acbb3b8f914b23cee7db20be44ddf2b2d6 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 1 Jun 2024 10:55:40 +0200 Subject: [PATCH 090/305] fixup! WIP: use two wg interfaces on both routers and route traffic via distinct ISPs --- nix/os/devices/router0-dmz0/configuration.nix | 42 ++++++++++++- .../devices/router0-nfmnk/configuration.nix | 63 +++++++++++++++---- .../devices/sj-bm-hostkey0/configuration.nix | 7 +++ 3 files changed, 96 insertions(+), 16 deletions(-) diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 0c51354..5ee4b53 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -211,7 +211,7 @@ in { vlan.interfaces = builtins.map (vlanid: (mkInterfaceName {inherit vlanid;})) vlanRange; # lan.ipv4Addresses = ["192.168.0.0/16"]; wan.interfaces = ["wan" "lan0"]; - wg.interfaces = ["wg0" "wg1"]; + vpn.interfaces = ["wg0" "wg1"]; } // # generate a zone for each vlan @@ -338,6 +338,13 @@ in { "drop" ]; }; + + to-vpn-nat = { + from = ["lan" "vlan"]; + to = ["vpn"]; + masquerade = false; + verdict = "accept"; + }; }; }; }; @@ -422,7 +429,18 @@ in { { wireguardPeerConfig = { AllowedIPs = [ - "10.0.0.0/32" + # this allows all traffic to be routed through this interface + "0.0.0.0/0" + + # # alternatively, specific destinations could be allowed + + # # remote peer wg addr + # "10.0.0.0/32" + + # "1.1.1.1/32" + # # ifconfig.co. + # "172.67.168.106" + # "104.21.54.91" ]; PersistentKeepalive = 15; PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path; @@ -447,7 +465,8 @@ in { { wireguardPeerConfig = { AllowedIPs = [ - "10.0.0.2/32" + # this allows all traffic to be routed through this interface + "0.0.0.0/0" ]; PersistentKeepalive = 15; PresharedKeyFile = builtins.toString config.sops.secrets.wg1-peer0-psk.path; @@ -676,6 +695,15 @@ in { address = [ "10.0.0.1/31" ]; + + routes = [ + { + routeConfig = { + Destination = "185.143.101.42/32"; + MultiPathRoute = "10.0.0.0 1"; + }; + } + ]; }; "50-wg1" = { enable = true; @@ -683,6 +711,14 @@ in { address = [ "10.0.0.3/31" ]; + routes = [ + { + routeConfig = { + Destination = "185.143.101.42/32"; + MultiPathRoute = "10.0.0.2 1"; + }; + } + ]; }; } # configuration for the hostapd dynamic interfaces diff --git a/nix/os/devices/router0-nfmnk/configuration.nix b/nix/os/devices/router0-nfmnk/configuration.nix index 2864383..9dcb55d 100644 --- a/nix/os/devices/router0-nfmnk/configuration.nix +++ b/nix/os/devices/router0-nfmnk/configuration.nix @@ -146,18 +146,8 @@ usePredictableInterfaceNames = false; # these will be configured via nftables - firewall.enable = lib.mkForce true; - firewall.allowedTCPPorts = [ - 5201 - ]; - firewall.allowedUDPPorts = [ - config.systemd.network.netdevs.wg0.wireguardConfig.ListenPort - config.systemd.network.netdevs.wg1.wireguardConfig.ListenPort - ]; - - nat = { - enable = true; - }; + nat.enable = lib.mkForce false; + firewall.enable = lib.mkForce false; # Use the nftables firewall instead of the base nixos scripted rules. # This flake provides a similar utility to the base nixos scripting. @@ -173,9 +163,36 @@ zones.wan = { interfaces = ["eth0"]; }; - zones.vpns = { + + zones.vpn = { interfaces = ["wg0" "wg1"]; }; + + rules = { + to-fw = { + from = "all"; + to = ["fw"]; + verdict = "drop"; + + allowedTCPPorts = [ + 22 + 5201 + ]; + allowedUDPPorts = [ + 22 + 5201 + config.systemd.network.netdevs.wg0.wireguardConfig.ListenPort + config.systemd.network.netdevs.wg1.wireguardConfig.ListenPort + ]; + }; + + vpn-to-wan-nat = { + from = ["vpn"]; + to = ["wan"]; + masquerade = true; + verdict = "accept"; + }; + }; }; }; }; @@ -214,6 +231,7 @@ wireguardPeerConfig = { AllowedIPs = [ "10.0.0.1/32" + "192.168.0.0/16" ]; PersistentKeepalive = 15; PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path; @@ -238,6 +256,7 @@ wireguardPeerConfig = { AllowedIPs = [ "10.0.0.3/31" + "192.168.0.0/16" ]; PersistentKeepalive = 15; PresharedKeyFile = builtins.toString config.sops.secrets.wg1-peer0-psk.path; @@ -252,6 +271,15 @@ address = [ "10.0.0.0/31" ]; + + routes = [ + { + routeConfig = { + Destination = "192.168.0.0/16"; + MultiPathRoute = "10.0.0.1 1"; + }; + } + ]; }; systemd.network.networks.wg1 = { enable = true; @@ -259,6 +287,15 @@ address = [ "10.0.0.2/31" ]; + + routes = [ + { + routeConfig = { + Destination = "192.168.0.0/16"; + MultiPathRoute = "10.0.0.3 1"; + }; + } + ]; }; environment.systemPackages = [ diff --git a/nix/os/devices/sj-bm-hostkey0/configuration.nix b/nix/os/devices/sj-bm-hostkey0/configuration.nix index fd11bc0..37e1468 100644 --- a/nix/os/devices/sj-bm-hostkey0/configuration.nix +++ b/nix/os/devices/sj-bm-hostkey0/configuration.nix @@ -120,6 +120,13 @@ in { # No local firewall. nat.enable = true; firewall.enable = false; + + firewall.allowedTCPPorts = [ + 5201 + ]; + firewall.allowedUDPPorts = [ + 5201 + ]; }; disko.devices = let From 236db31c63920c633a63f1438df1ef2972f7c034 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 1 Jun 2024 10:55:57 +0200 Subject: [PATCH 091/305] fixup! nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 32 +++++++++++++------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index d5b10d8..ded9d76 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1717032306, - "narHash": "sha256-s3Sis+M1qTSVIehHrEKBzHBpqprIFJli5V6WojkJnYE=", + "lastModified": 1717097713, + "narHash": "sha256-M0tIapdiiB2piVTDK+aL7AnsjS656AY7l7htKN0dnQM=", "owner": "nix-community", "repo": "disko", - "rev": "8ea5bcccc03111bdedaeaae9380dfab61e9deb33", + "rev": "9d5c673a6611b7bf448dbfb0843c75b9cce9cf1f", "type": "github" }, "original": { @@ -59,11 +59,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1714641030, - "narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=", + "lastModified": 1715865404, + "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e", + "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9", "type": "github" }, "original": { @@ -150,11 +150,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1717055643, - "narHash": "sha256-PerX/wPewJJh7vjnPFgWrAGw2UmClTMokeCAqijsxu0=", + "lastModified": 1717079168, + "narHash": "sha256-cwuWQMbzUVQHoVEzhfbvo2Ba8FEbhR6kJU2CRUPalnQ=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "24600ff2f0cde2cd182c26eab38f2e8c6db1c0b6", + "rev": "385af57ffb2eeb1689ea1b31583c75981b141c12", "type": "github" }, "original": { @@ -184,11 +184,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1716826272, - "narHash": "sha256-txqMPqKkJ9sqwE59RHp/rvHy1eFXIzqI+Mww/7JmAg4=", + "lastModified": 1717084324, + "narHash": "sha256-YvezQmRHuYosnMz48jJDS5JSvkm+smpbPlBKftp+lkI=", "ref": "main", - "rev": "3a002c5a6476f98ae7c88be25ac9c18ef4974699", - "revCount": 73, + "rev": "ce0128942303fd0a8869252027315d6a0cca731e", + "revCount": 76, "type": "git", "url": "https://codeberg.org/adamcstephens/nixos-x13s" }, @@ -244,11 +244,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1715534503, - "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=", + "lastModified": 1716948383, + "narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2057814051972fa1453ddfb0d98badbea9b83c06", + "rev": "ad57eef4ef0659193044870c731987a6df5cf56b", "type": "github" }, "original": { From fe4800191cca85987e2d44e346fc0f8429f71d83 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 1 Jun 2024 10:56:05 +0200 Subject: [PATCH 092/305] chore: reorg codium plugins --- nix/home-manager/programs/vscode/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/nix/home-manager/programs/vscode/default.nix b/nix/home-manager/programs/vscode/default.nix index 56f423d..d4dd64d 100644 --- a/nix/home-manager/programs/vscode/default.nix +++ b/nix/home-manager/programs/vscode/default.nix @@ -19,16 +19,17 @@ in { # }) ] ++ (with pkgsVscodium.vscode-extensions; [ - bbenoist.nix eamodio.gitlens mkhl.direnv - jnoortheen.nix-ide tomoki1207.pdf vscodevim.vim + bbenoist.nix + jnoortheen.nix-ide + # kamadorueda.alejandra + ms-vscode.theme-tomorrowkit nonylene.dark-molokai-theme - kamadorueda.alejandra # TODO: these are not in nixpkgs From d286bd64968f6273c6e398dc9729b5d5101c27e5 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 1 Jun 2024 13:51:49 +0200 Subject: [PATCH 093/305] nix/os/devices/srv0-dmz0: bump versions --- nix/os/devices/srv0-dmz0/flake.lock | 28 ++++++++++++++-------------- nix/os/devices/srv0-dmz0/flake.nix | 4 ++-- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/nix/os/devices/srv0-dmz0/flake.lock b/nix/os/devices/srv0-dmz0/flake.lock index 5008566..4e1a641 100644 --- a/nix/os/devices/srv0-dmz0/flake.lock +++ b/nix/os/devices/srv0-dmz0/flake.lock @@ -7,43 +7,43 @@ ] }, "locked": { - "lastModified": 1703367386, - "narHash": "sha256-FMbm48UGrBfOWGt8+opuS+uLBLQlRfhiYXhHNcYMS5k=", + "lastModified": 1716736833, + "narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=", "owner": "nix-community", "repo": "home-manager", - "rev": "d5824a76bc6bb93d1dce9ebbbcb09a9b6abcc224", + "rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-23.11", + "ref": "release-24.05", "repo": "home-manager", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1703467016, - "narHash": "sha256-/5A/dNPhbQx/Oa2d+Get174eNI3LERQ7u6WTWOlR1eQ=", + "lastModified": 1717144377, + "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d02d818f22c777aa4e854efc3242ec451e5d462a", + "rev": "805a384895c696f802a9bf5bf4720f37385df547", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-23.11", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-master": { "locked": { - "lastModified": 1703766384, - "narHash": "sha256-PN7mpVqo/Rf/XIIJv7Kuc4MVvF349F9hBipcGjr4HNg=", + "lastModified": 1717242134, + "narHash": "sha256-2X835ZESUaQ/KZEuG9HkoEB7h0USG5uvkSUmLzFkxAE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "05d50dc97a11f0382514bb062ce470ce7da20dfd", + "rev": "61c1d282153dbfcb5fe413c228d172d0fe7c2a7e", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1703643441, - "narHash": "sha256-UsAtbIwxBuciNfiwY9g+jiLDyvYIaO5jai8avtAK+EE=", + "lastModified": 1717216113, + "narHash": "sha256-DniggN0kphCCBpGlS2WyDPoNqxQoRFlhN2GMk35OHiM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f930306a698f1ae7045cf3265693b7ebc9512f23", + "rev": "21959d8d44197094aebc74ead6ca4a53bcce0adb", "type": "github" }, "original": { diff --git a/nix/os/devices/srv0-dmz0/flake.nix b/nix/os/devices/srv0-dmz0/flake.nix index 991b38a..f2af929 100644 --- a/nix/os/devices/srv0-dmz0/flake.nix +++ b/nix/os/devices/srv0-dmz0/flake.nix @@ -1,10 +1,10 @@ { - inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; inputs.nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small"; inputs.nixpkgs-master.url = "github:nixos/nixpkgs/master"; inputs.home-manager = { - url = "github:nix-community/home-manager/release-23.11"; + url = "github:nix-community/home-manager/release-24.05"; inputs.nixpkgs.follows = "nixpkgs"; }; From 7d113c32573bf82f4990faaf1c582cffdb544f99 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 1 Jun 2024 14:07:47 +0200 Subject: [PATCH 094/305] nix/os/devices/sj-srv1: bump versions --- nix/os/devices/sj-srv1/flake.lock | 28 ++++++++++++++-------------- nix/os/devices/sj-srv1/flake.nix | 4 ++-- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/nix/os/devices/sj-srv1/flake.lock b/nix/os/devices/sj-srv1/flake.lock index 56c2d36..4e1a641 100644 --- a/nix/os/devices/sj-srv1/flake.lock +++ b/nix/os/devices/sj-srv1/flake.lock @@ -7,43 +7,43 @@ ] }, "locked": { - "lastModified": 1700392168, - "narHash": "sha256-v5LprEFx3u4+1vmds9K0/i7sHjT0IYGs7u9v54iz/OA=", + "lastModified": 1716736833, + "narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=", "owner": "nix-community", "repo": "home-manager", - "rev": "28535c3a34d79071f2ccb68671971ce0c0984d7e", + "rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-23.05", + "ref": "release-24.05", "repo": "home-manager", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1700501263, - "narHash": "sha256-M0U063Ba2DKL4lMYI7XW13Rsk5tfUXnIYiAVa39AV/0=", + "lastModified": 1717144377, + "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f741f8a839912e272d7e87ccf4b9dbc6012cdaf9", + "rev": "805a384895c696f802a9bf5bf4720f37385df547", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-23.05", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-master": { "locked": { - "lastModified": 1700758842, - "narHash": "sha256-WNpG3F/0dktkYbG6O8Put9GtBw4C4vb1KwtIibfXYEE=", + "lastModified": 1717242134, + "narHash": "sha256-2X835ZESUaQ/KZEuG9HkoEB7h0USG5uvkSUmLzFkxAE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "359d577687ea3eb033590cf1259f0355e30b9c6f", + "rev": "61c1d282153dbfcb5fe413c228d172d0fe7c2a7e", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1700641131, - "narHash": "sha256-M3bsoVMQM2PcuBWb6n1KDNeMX87svcSj/4qlBcVqs3k=", + "lastModified": 1717216113, + "narHash": "sha256-DniggN0kphCCBpGlS2WyDPoNqxQoRFlhN2GMk35OHiM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "da41de71f62bf7fb989a04e39629b8adbf8aa8b5", + "rev": "21959d8d44197094aebc74ead6ca4a53bcce0adb", "type": "github" }, "original": { diff --git a/nix/os/devices/sj-srv1/flake.nix b/nix/os/devices/sj-srv1/flake.nix index c315b8e..f2af929 100644 --- a/nix/os/devices/sj-srv1/flake.nix +++ b/nix/os/devices/sj-srv1/flake.nix @@ -1,10 +1,10 @@ { - inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05"; + inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; inputs.nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small"; inputs.nixpkgs-master.url = "github:nixos/nixpkgs/master"; inputs.home-manager = { - url = "github:nix-community/home-manager/release-23.05"; + url = "github:nix-community/home-manager/release-24.05"; inputs.nixpkgs.follows = "nixpkgs"; }; From 18d10b08997aaf3ff0500282821f74a78fb1e723 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 1 Jun 2024 15:06:06 +0200 Subject: [PATCH 095/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 28 +++++++++++++------------- nix/os/devices/steveej-x13s/flake.nix | 4 ++-- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index ded9d76..29fb447 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1717097713, - "narHash": "sha256-M0tIapdiiB2piVTDK+aL7AnsjS656AY7l7htKN0dnQM=", + "lastModified": 1717177033, + "narHash": "sha256-G3CZJafCO8WDy3dyA2EhpUJEmzd5gMJ2IdItAg0Hijw=", "owner": "nix-community", "repo": "disko", - "rev": "9d5c673a6611b7bf448dbfb0843c75b9cce9cf1f", + "rev": "0274af4c92531ebfba4a5bd493251a143bc51f3c", "type": "github" }, "original": { @@ -111,16 +111,16 @@ ] }, "locked": { - "lastModified": 1716729592, - "narHash": "sha256-Y3bOjoh2cFBqZN0Jw1zUdyr7tjygyxl2bD/QY73GZP0=", + "lastModified": 1716736833, + "narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=", "owner": "nix-community", "repo": "home-manager", - "rev": "2c78a57c544dd19b07442350727ced097e1aa6e6", + "rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-23.11", + "ref": "release-24.05", "repo": "home-manager", "type": "github" } @@ -150,11 +150,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1717079168, - "narHash": "sha256-cwuWQMbzUVQHoVEzhfbvo2Ba8FEbhR6kJU2CRUPalnQ=", + "lastModified": 1717155741, + "narHash": "sha256-lLe3nDxAI5hP0Gc8x3rnhaXQ4fKgK+dhTM1KREvtBGw=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "385af57ffb2eeb1689ea1b31583c75981b141c12", + "rev": "959cc7fd4487753916376d563f3a33fa5f4636ee", "type": "github" }, "original": { @@ -260,16 +260,16 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1716633019, - "narHash": "sha256-xim1b5/HZYbWaZKyI7cn9TJCM6ewNVZnesRr00mXeS4=", + "lastModified": 1717144377, + "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9d29cd266cebf80234c98dd0b87256b6be0af44e", + "rev": "805a384895c696f802a9bf5bf4720f37385df547", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-23.11", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 43e7a4b..92c6ea6 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -1,6 +1,6 @@ { inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; # required for home-manager modules nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; @@ -13,7 +13,7 @@ mobile-nixos.flake = false; home-manager = { - url = "github:nix-community/home-manager/release-23.11"; + url = "github:nix-community/home-manager/release-24.05"; inputs.nixpkgs.follows = "nixpkgs"; }; From 3486324b6cca2e6d3c70cb588bb4728addf3a2ad Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 1 Jun 2024 15:17:19 +0200 Subject: [PATCH 096/305] nix/os/devices/router0-nfmnk: bump versions --- nix/os/devices/router0-nfmnk/flake.lock | 34 ++++++++++++------------- nix/os/devices/router0-nfmnk/flake.nix | 4 +-- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/nix/os/devices/router0-nfmnk/flake.lock b/nix/os/devices/router0-nfmnk/flake.lock index 424aa6f..8284b8f 100644 --- a/nix/os/devices/router0-nfmnk/flake.lock +++ b/nix/os/devices/router0-nfmnk/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1716431128, - "narHash": "sha256-t3T8HlX3udO6f4ilLcN+j5eC3m2gqsouzSGiriKK6vk=", + "lastModified": 1717177033, + "narHash": "sha256-G3CZJafCO8WDy3dyA2EhpUJEmzd5gMJ2IdItAg0Hijw=", "owner": "nix-community", "repo": "disko", - "rev": "7ffc4354dfeb37c8c725ae1465f04a9b45ec8606", + "rev": "0274af4c92531ebfba4a5bd493251a143bc51f3c", "type": "github" }, "original": { @@ -48,16 +48,16 @@ ] }, "locked": { - "lastModified": 1715381426, - "narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=", + "lastModified": 1716736833, + "narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=", "owner": "nix-community", "repo": "home-manager", - "rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4", + "rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-23.11", + "ref": "release-24.05", "repo": "home-manager", "type": "github" } @@ -85,27 +85,27 @@ }, "nixpkgs": { "locked": { - "lastModified": 1716361217, - "narHash": "sha256-mzZDr00WUiUXVm1ujBVv6A0qRd8okaITyUp4ezYRgc4=", + "lastModified": 1717144377, + "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "46397778ef1f73414b03ed553a3368f0e7e33c2f", + "rev": "805a384895c696f802a9bf5bf4720f37385df547", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-23.11", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1716509168, - "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=", + "lastModified": 1716948383, + "narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "bfb7a882678e518398ce9a31a881538679f6f092", + "rev": "ad57eef4ef0659193044870c731987a6df5cf56b", "type": "github" }, "original": { @@ -132,11 +132,11 @@ ] }, "locked": { - "lastModified": 1716425501, - "narHash": "sha256-BSLhmGYY1khyyBAjraR+N0Pa9Nha/et5yQQlEZxcfkU=", + "lastModified": 1717058062, + "narHash": "sha256-R8Gb2MlJzfBE76DVWFmfZWODMdAanqxFnK+OOmkoQ7E=", "owner": "numtide", "repo": "srvos", - "rev": "1122cd50a23647e09c3e7a679d37ec02113bc412", + "rev": "414d1039a58b667e4512ad9f7068aa935ebf8d59", "type": "github" }, "original": { diff --git a/nix/os/devices/router0-nfmnk/flake.nix b/nix/os/devices/router0-nfmnk/flake.nix index d38b355..6e7501b 100644 --- a/nix/os/devices/router0-nfmnk/flake.nix +++ b/nix/os/devices/router0-nfmnk/flake.nix @@ -1,9 +1,9 @@ { inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; - home-manager.url = "github:nix-community/home-manager/release-23.11"; + home-manager.url = "github:nix-community/home-manager/release-24.05"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; disko.url = "github:nix-community/disko"; From ae86a8b860fde21c602a9a7527dd76fdaaea78dd Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 1 Jun 2024 21:43:21 +0200 Subject: [PATCH 097/305] nix/os/devices/sj-bm-hostkey0: bump versions --- nix/os/devices/sj-bm-hostkey0/flake.lock | 54 ++++++++++++------------ nix/os/devices/sj-bm-hostkey0/flake.nix | 6 +-- 2 files changed, 30 insertions(+), 30 deletions(-) diff --git a/nix/os/devices/sj-bm-hostkey0/flake.lock b/nix/os/devices/sj-bm-hostkey0/flake.lock index 3df4715..e7b642c 100644 --- a/nix/os/devices/sj-bm-hostkey0/flake.lock +++ b/nix/os/devices/sj-bm-hostkey0/flake.lock @@ -8,11 +8,11 @@ ] }, "locked": { - "lastModified": 1712513517, - "narHash": "sha256-VuLm5tTMqfS82NZAsNfsW7U+pTZ1+GcOU7gYR/Fb1Z4=", + "lastModified": 1716745752, + "narHash": "sha256-8K1R9Yg4r08rYk86Yq+lu3E9L3uRUb4xMqYHgl0VGS0=", "owner": "ipetkov", "repo": "crane", - "rev": "9caad1eb0c69a13ee6467035353b71a76c85ea53", + "rev": "19ca94ec2d288de334ae932107816b4a97736cd8", "type": "github" }, "original": { @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1716168343, - "narHash": "sha256-82oT27w9smpItZ+PyN2C0PjIwZYbIocwXSM4u1igXuc=", + "lastModified": 1717177033, + "narHash": "sha256-G3CZJafCO8WDy3dyA2EhpUJEmzd5gMJ2IdItAg0Hijw=", "owner": "nix-community", "repo": "disko", - "rev": "6f01b9710bc4d3bf006eb8df928b4b15e0430901", + "rev": "0274af4c92531ebfba4a5bd493251a143bc51f3c", "type": "github" }, "original": { @@ -90,21 +90,21 @@ "home-manager": { "inputs": { "nixpkgs": [ - "nixpkgs-unstable" + "nixpkgs" ] }, "locked": { - "lastModified": 1715337759, - "narHash": "sha256-40LDJ1bgnIDHMq9ooNKAe6pg8ukxmecvfrF5yELPrWs=", + "lastModified": 1716736833, + "narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=", "owner": "nix-community", "repo": "home-manager", - "rev": "f61917cbaa6dba317e757aefd0bbb56403aff2f8", + "rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6", "type": "github" }, "original": { "owner": "nix-community", + "ref": "release-24.05", "repo": "home-manager", - "rev": "f61917cbaa6dba317e757aefd0bbb56403aff2f8", "type": "github" } }, @@ -117,11 +117,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1715869050, - "narHash": "sha256-FWfM+mzsJDQv129Xj696JjG1mnAQ3faopVGDRNM3lhY=", + "lastModified": 1717155741, + "narHash": "sha256-lLe3nDxAI5hP0Gc8x3rnhaXQ4fKgK+dhTM1KREvtBGw=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "f9caece23b14ccd308e72ee56c77e6cff62c2c46", + "rev": "959cc7fd4487753916376d563f3a33fa5f4636ee", "type": "github" }, "original": { @@ -147,11 +147,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1712439257, - "narHash": "sha256-aSpiNepFOMk9932HOax0XwNxbA38GOUVOiXfUVPOrck=", + "lastModified": 1716509168, + "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ff0dbd94265ac470dda06a657d5fe49de93b4599", + "rev": "bfb7a882678e518398ce9a31a881538679f6f092", "type": "github" }, "original": { @@ -163,11 +163,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1715961556, - "narHash": "sha256-+NpbZRCRisUHKQJZF3CT+xn14ZZQO+KjxIIanH3Pvn4=", + "lastModified": 1716948383, + "narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4a6b83b05df1a8bd7d99095ec4b4d271f2956b64", + "rev": "ad57eef4ef0659193044870c731987a6df5cf56b", "type": "github" }, "original": { @@ -179,16 +179,16 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1716061101, - "narHash": "sha256-H0eCta7ahEgloGIwE/ihkyGstOGu+kQwAiHvwVoXaA0=", + "lastModified": 1717144377, + "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e7cc61784ddf51c81487637b3031a6dd2d6673a2", + "rev": "805a384895c696f802a9bf5bf4720f37385df547", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-23.11", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } @@ -211,11 +211,11 @@ ] }, "locked": { - "lastModified": 1716166358, - "narHash": "sha256-SmCc4nKUXgYb8bBGJ3+N+l/2MBROue2x9+CyJ2of24w=", + "lastModified": 1717058062, + "narHash": "sha256-R8Gb2MlJzfBE76DVWFmfZWODMdAanqxFnK+OOmkoQ7E=", "owner": "numtide", "repo": "srvos", - "rev": "d368bfdc3a409482b92290a105bcacc108a49d24", + "rev": "414d1039a58b667e4512ad9f7068aa935ebf8d59", "type": "github" }, "original": { diff --git a/nix/os/devices/sj-bm-hostkey0/flake.nix b/nix/os/devices/sj-bm-hostkey0/flake.nix index 234df54..aee0abd 100644 --- a/nix/os/devices/sj-bm-hostkey0/flake.nix +++ b/nix/os/devices/sj-bm-hostkey0/flake.nix @@ -1,12 +1,12 @@ { inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; get-flake.url = "github:ursi/get-flake"; - home-manager.url = "github:nix-community/home-manager/f61917cbaa6dba317e757aefd0bbb56403aff2f8"; - home-manager.inputs.nixpkgs.follows = "nixpkgs-unstable"; + home-manager.url = "github:nix-community/home-manager/release-24.05"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; disko.url = "github:nix-community/disko"; disko.inputs.nixpkgs.follows = "nixpkgs"; From 4c18f0a7abafe3b163036654f0f4cfb4c5da8654 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 1 Jun 2024 21:46:09 +0200 Subject: [PATCH 098/305] fix(*): adapt to nixos-24.05 changes --- flake.lock | 19 ++++++++++++++++++- flake.nix | 3 ++- nix/home-manager/profiles/gnome-desktop.nix | 2 +- nix/home-manager/profiles/sway-desktop.nix | 2 +- nix/home-manager/programs/gpg-agent.nix | 16 ++++------------ nix/os/containers/mailserver.nix | 10 +++++++++- nix/os/containers/syncthing.nix | 2 ++ nix/os/containers/webserver.nix | 10 ++++++++-- .../devices/sj-bm-hostkey0/configuration.nix | 1 - nix/os/devices/sj-srv1/system.nix | 16 ++++++++++------ nix/os/profiles/containers/configuration.nix | 1 + nix/os/snippets/mycelium.nix | 1 - 12 files changed, 56 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index e190bf6..3fc54a5 100644 --- a/flake.lock +++ b/flake.lock @@ -619,6 +619,22 @@ "type": "github" } }, + "nixpkgs-2405": { + "locked": { + "lastModified": 1717144377, + "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "805a384895c696f802a9bf5bf4720f37385df547", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-lib": { "locked": { "dir": "lib", @@ -825,11 +841,12 @@ "nix-vscode-extensions": "nix-vscode-extensions", "nixos-anywhere": "nixos-anywhere", "nixpkgs": [ - "nixpkgs-2311" + "nixpkgs-2405" ], "nixpkgs-2211": "nixpkgs-2211", "nixpkgs-2305": "nixpkgs-2305", "nixpkgs-2311": "nixpkgs-2311", + "nixpkgs-2405": "nixpkgs-2405", "nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-vscodium": "nixpkgs-vscodium", "nixpkgs-wayland": "nixpkgs-wayland", diff --git a/flake.nix b/flake.nix index d333b92..75cd5b0 100644 --- a/flake.nix +++ b/flake.nix @@ -11,8 +11,9 @@ radicalePkgs.follows = "nixpkgs-2211"; nixpkgs-2305.url = "github:nixos/nixpkgs/nixos-23.05"; nixpkgs-2311.url = "github:nixos/nixpkgs/nixos-23.11"; + nixpkgs-2405.url = "github:nixos/nixpkgs/nixos-24.05"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; - nixpkgs.follows = "nixpkgs-2311"; + nixpkgs.follows = "nixpkgs-2405"; flake-parts.url = "github:hercules-ci/flake-parts"; get-flake.url = "github:ursi/get-flake"; diff --git a/nix/home-manager/profiles/gnome-desktop.nix b/nix/home-manager/profiles/gnome-desktop.nix index b0a7a7b..b803ea5 100644 --- a/nix/home-manager/profiles/gnome-desktop.nix +++ b/nix/home-manager/profiles/gnome-desktop.nix @@ -23,7 +23,7 @@ in { # Hidden=true # ''; - services.gpg-agent.pinentryFlavor = "gnome3"; + services.gpg-agent.pinentryPackage = pkgs.pinentry-gnome3; dconf.settings = let manualKeybindings = [ diff --git a/nix/home-manager/profiles/sway-desktop.nix b/nix/home-manager/profiles/sway-desktop.nix index 8942c65..6581006 100644 --- a/nix/home-manager/profiles/sway-desktop.nix +++ b/nix/home-manager/profiles/sway-desktop.nix @@ -36,7 +36,7 @@ in { enable = true; }; - services.gpg-agent.pinentryFlavor = "gnome3"; + services.gpg-agent.pinentryPackage = pkgs.pinentry-gnome3; home.packages = [ pkgs.swayidle diff --git a/nix/home-manager/programs/gpg-agent.nix b/nix/home-manager/programs/gpg-agent.nix index da4ce37..069c7ca 100644 --- a/nix/home-manager/programs/gpg-agent.nix +++ b/nix/home-manager/programs/gpg-agent.nix @@ -4,17 +4,9 @@ config, ... }: { - home.packages = - [ - pkgs.gcr - ] - ++ ( - if config.services.gpg-agent.pinentryFlavor == "gtk2" - then [pkgs.pinentry-gtk2] - else if config.services.gpg-agent.pinentryFlavor == "gnome3" - then [pkgs.pinentry-gnome] - else [] - ); + home.packages = [ + pkgs.gcr + ]; programs.gpg.enable = true; services.gpg-agent = { @@ -22,7 +14,7 @@ enableScDaemon = true; enableSshSupport = true; grabKeyboardAndMouse = true; - pinentryFlavor = lib.mkDefault "gtk2"; + pinentryPackage = lib.mkDefault pkgs.pinentry-gtk2; extraConfig = '' no-allow-external-cache ''; diff --git a/nix/os/containers/mailserver.nix b/nix/os/containers/mailserver.nix index d113925..48483a1 100644 --- a/nix/os/containers/mailserver.nix +++ b/nix/os/containers/mailserver.nix @@ -1,15 +1,17 @@ { - repoFlake, + specialArgs, hostAddress, localAddress, imapsPort ? 993, sievePort ? 4190, autoStart ? false, }: { + inherit specialArgs; config = { pkgs, config, lib, + repoFlake, ... }: { system.stateVersion = "21.11"; # Did you read the comment? @@ -21,6 +23,12 @@ ../profiles/common/user.nix ]; + networking.firewall.enable = true; + networking.firewall.allowedTCPPorts = [ + imapsPort + sievePort + ]; + # FIXME: find out how to use the `defaultSopsFile` so i don't have to specify each secret separately # sops.defaultSopsFile = ./mailserver_secrets.yaml; diff --git a/nix/os/containers/syncthing.nix b/nix/os/containers/syncthing.nix index 72aaab8..d2fc85f 100644 --- a/nix/os/containers/syncthing.nix +++ b/nix/os/containers/syncthing.nix @@ -1,10 +1,12 @@ { + specialArgs, hostAddress, localAddress, syncthingPort ? 22000, syncthingLocalAnnouncePort ? 21027, autoStart ? false, }: { + inherit specialArgs; config = { config, pkgs, diff --git a/nix/os/containers/webserver.nix b/nix/os/containers/webserver.nix index df3c445..4a7de86 100644 --- a/nix/os/containers/webserver.nix +++ b/nix/os/containers/webserver.nix @@ -1,5 +1,5 @@ { - repoFlake, + specialArgs, hostAddress, localAddress, httpPort ? 80, @@ -8,10 +8,12 @@ }: let domain = "www.stefanjunker.de"; in { + inherit specialArgs; config = { config, pkgs, lib, + repoFlake, ... }: { system.stateVersion = "22.05"; # Did you read the comment? @@ -22,7 +24,11 @@ in { repoFlake.inputs.sops-nix.nixosModules.sops ]; - networking.firewall.enable = false; + networking.firewall.enable = true; + networking.firewall.allowedTCPPorts = [ + httpPort + httpsPort + ]; sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; sops.secrets.hedgedoc_environment_file = { diff --git a/nix/os/devices/sj-bm-hostkey0/configuration.nix b/nix/os/devices/sj-bm-hostkey0/configuration.nix index 37e1468..305e361 100644 --- a/nix/os/devices/sj-bm-hostkey0/configuration.nix +++ b/nix/os/devices/sj-bm-hostkey0/configuration.nix @@ -58,7 +58,6 @@ in { home.packages = [ pkgs.nil - pkgs.rnix-lsp pkgs.nixd pkgs.nixpkgs-fmt pkgs.alejandra diff --git a/nix/os/devices/sj-srv1/system.nix b/nix/os/devices/sj-srv1/system.nix index c481d5d..93f93d0 100644 --- a/nix/os/devices/sj-srv1/system.nix +++ b/nix/os/devices/sj-srv1/system.nix @@ -3,6 +3,7 @@ lib, config, repoFlake, + nodeFlake, nodeName, ... }: { @@ -73,7 +74,9 @@ containers = { mailserver = import ../../containers/mailserver.nix { - inherit repoFlake; + specialArgs = { + inherit repoFlake nodeFlake; + }; autoStart = true; @@ -87,7 +90,9 @@ webserver = import ../../containers/webserver.nix { - inherit repoFlake; + specialArgs = { + inherit repoFlake nodeFlake; + }; autoStart = true; @@ -99,6 +104,9 @@ }; syncthing = import ../../containers/syncthing.nix { + specialArgs = { + inherit repoFlake nodeFlake; + }; autoStart = true; hostAddress = "192.168.100.14"; @@ -108,10 +116,6 @@ }; }; - home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { - inherit pkgs; - }; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/nix/os/profiles/containers/configuration.nix b/nix/os/profiles/containers/configuration.nix index 7462c08..6c0b092 100644 --- a/nix/os/profiles/containers/configuration.nix +++ b/nix/os/profiles/containers/configuration.nix @@ -3,6 +3,7 @@ imports = [ ../../snippets/systemd-resolved.nix + ../../snippets/nix-settings.nix # ../../modules/ddclient-ovh.nix # ../../modules/ddclient-hetzner.nix ]; diff --git a/nix/os/snippets/mycelium.nix b/nix/os/snippets/mycelium.nix index 64bfae5..4d1a173 100644 --- a/nix/os/snippets/mycelium.nix +++ b/nix/os/snippets/mycelium.nix @@ -7,7 +7,6 @@ ... }: { imports = [ - "${nodeFlake.inputs.nixpkgs-unstable}/nixos/modules/services/networking/mycelium.nix" ]; sops.secrets.mycelium-key = { From 93cf777ce76981ccce23038944cc70c5fc05524b Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 2 Jun 2024 23:26:07 +0200 Subject: [PATCH 099/305] feat(webserver): add forgejo --- flake.lock | 17 ++++++++++ flake.nix | 4 +++ nix/os/containers/webserver.nix | 40 ++++++++++++++++++++++++ nix/os/containers/webserver_secrets.yaml | 10 ++++-- 4 files changed, 68 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 3fc54a5..25e159b 100644 --- a/flake.lock +++ b/flake.lock @@ -769,6 +769,22 @@ "type": "github" } }, + "nixpkgs_forgejo": { + "locked": { + "lastModified": 1715981093, + "narHash": "sha256-jGhHUB5MUF3mWtBG1l+3Lag67y7K9JtI+8ulDBVp8zE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "08bda672588b2d613f05311bd4f2e6e23065a3fe", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "08bda672588b2d613f05311bd4f2e6e23065a3fe", + "type": "github" + } + }, "ofi-pass": { "flake": false, "locked": { @@ -850,6 +866,7 @@ "nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-vscodium": "nixpkgs-vscodium", "nixpkgs-wayland": "nixpkgs-wayland", + "nixpkgs_forgejo": "nixpkgs_forgejo", "ofi-pass": "ofi-pass", "openvscode-server": "openvscode-server", "prs": "prs", diff --git a/flake.nix b/flake.nix index 75cd5b0..c1204cb 100644 --- a/flake.nix +++ b/flake.nix @@ -116,6 +116,10 @@ flake = false; url = "github:espanso/espanso/db97658d1d80697a635b57801696c594eacf057b"; }; + + # remove when https://github.com/NixOS/nixpkgs/pull/312523 is merged and backported + nixpkgs_forgejo.url = "github:NixOS/nixpkgs/08bda672588b2d613f05311bd4f2e6e23065a3fe"; + # nixpkgs_forgejo.url = "github:steveej-forks/nixpkgs/9c3519ab3beb11b8d997281f8922330f707df419"; }; outputs = inputs @ { diff --git a/nix/os/containers/webserver.nix b/nix/os/containers/webserver.nix index 4a7de86..1fb6e17 100644 --- a/nix/os/containers/webserver.nix +++ b/nix/os/containers/webserver.nix @@ -18,12 +18,20 @@ in { }: { system.stateVersion = "22.05"; # Did you read the comment? + disabledModules = [ + "services/misc/forgejo.nix" + ]; + imports = [ + "${repoFlake.inputs.nixpkgs_forgejo}/nixos/modules/services/misc/forgejo.nix" + ../profiles/containers/configuration.nix repoFlake.inputs.sops-nix.nixosModules.sops ]; + sops.defaultSopsFile = ./webserver_secrets.yaml; + networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ httpPort @@ -73,6 +81,12 @@ in { reverse_proxy http://127.0.0.1:${builtins.toString config.services.lldap.settings.http_port} ''; }; + + virtualHosts."forgejo.${domain}" = { + extraConfig = '' + reverse_proxy http://127.0.0.1:${builtins.toString config.services.forgejo.settings.server.HTTP_PORT} + ''; + }; }; services.hedgedoc = { @@ -223,6 +237,27 @@ in { }; }; + sops.secrets.FORGEJO_JWT_SECRET = {}; + sops.secrets.FORGEJO_INTERNAL_TOKEN = {}; + sops.secrets.FORGEJO_SECRET_KEY = {}; + + services.forgejo = { + enable = true; + package = repoFlake.inputs.nixpkgs_forgejo.legacyPackages.${pkgs.system}.forgejo; + settings = { + service.DISABLE_REGISTRATION = true; + server.HTTP_ADDR = "127.0.0.1"; + server.DISABLE_SSH = true; + server.ROOT_URL = "https://forgejo.${domain}"; + server.HTTP_PORT = 3001; + }; + secrets = { + oauth2.JWT_SECRET = lib.mkForce config.sops.secrets.FORGEJO_JWT_SECRET.path; + security.INTERNAL_TOKEN = lib.mkForce config.sops.secrets.FORGEJO_INTERNAL_TOKEN.path; + security.SECRET_KEY = lib.mkForce config.sops.secrets.FORGEJO_SECRET_KEY.path; + }; + }; + systemd.services.lldap.serviceConfig.User = config.users.users.lldap.name; systemd.services.lldap.serviceConfig.Group = config.users.groups.lldap.name; systemd.services.lldap.serviceConfig.DynamicUser = lib.mkForce false; @@ -259,6 +294,11 @@ in { hostPath = "/var/lib/container-volumes/webserver/var-lib-lldap"; isReadOnly = false; }; + + "/var/lib/forgejo" = { + hostPath = "/var/lib/container-volumes/webserver/var-lib-forgejo"; + isReadOnly = false; + }; }; # extraFlags = ["--resolv-conf=bind-host"]; diff --git a/nix/os/containers/webserver_secrets.yaml b/nix/os/containers/webserver_secrets.yaml index 29bb119..9804f67 100644 --- a/nix/os/containers/webserver_secrets.yaml +++ b/nix/os/containers/webserver_secrets.yaml @@ -4,6 +4,10 @@ authelia_jwtSecret: ENC[AES256_GCM,data:CtvhPJDlM8kZDh3MWI6jBEIK5P/Rc0ZY3JfQ/1qn lldap_jwtSecret: ENC[AES256_GCM,data:Jd05K5zZZcdFY9P+PM1ycpl4eKr7THXzlEC2gxhfq0kZ0c7NrmqpnxLFyMOoq0oZwFXQ3aE29N+dYYCbWgEs0g==,iv:k9Y4XZcFSUaaOvooMzH1AlHaI/RiZZ0cpSqTU6jzsUU=,tag:EHwIMQ00Z+IrXAKgugMbmQ==,type:str] lldap_adminPassword: ENC[AES256_GCM,data:qZviC+/V25iHWS2d5KKrMfCLmmWKAkXoiLW3NJyZWIvMRbFPtfJGv/5e++idcKNLdPHRgvGpdeTpOdZNK7ETSQ==,iv:jX8bzgYVXZfMQ8Qxa7WaUiQFE/mBmQWZ3o000njeEC8=,tag:4Rd3WVGIw1rBLKND4xPbMg==,type:str] lldap_environmentFile: ENC[AES256_GCM,data:TpdO1N2MgHWI4TipvlwfVjnKppzpluI9WA3ejbgT8jrRXXTCA94PS734wDHLtEAIwKdIQd/JGDS+1kbdvgDL3F3HIOX5HLz9h7CtkDBYT6qOy0Zb0tNHjmJco6dL/iMwuzglXxu2460nadO+lHoTs3DA3lesghzpJzm41hgElzcxXS2sa/hsV+kjmbyfu6Xi94kbqcHBLA/mppWmLSgJN6wu/bO07XfaSB1ghHnAR7BL9XZDjoNDzljZAXDpDBw3WD6mwoZeIjGbkEuL4nUnkS6CkA+y7IORA24XGGAczRxZp4vLfUOnnlFCPGIHBsRTbrTB4bcEDBK4+5gHfNhXxvD5VlNMb4TPqYdcEIxkgMxZNLV5U2LTlzn18HNOCvsPb9XOOtY21j6qHMMQDXZREmn5NsW0HXM4gNZ0fC9UEe1MYBhyE3gGEGDzzDUrrQCGLm7/1OC7NRlzuI7M/5DlgcREwK1PkjPDmfRCAq86l0N5lMP/A7MMq2SJWcZvf+ot3fInugq485773vgWWl2Rodl08SZ8YHnzj0L6anPu856v2BsIotE0iRJSCpzA2ZgOJ9RViBfoq6F3beJKLnGN7oGb8XBviRTnXrTN6BTuFyv3dIZ7qcuTGTY+ucjRXfGJ1TVlVQBbiqhQDz5c9D5e0RVnRe3AkMXeDMOd4GlWW5gsJSuZtlYq1aMEf/Bx+4WMyY/Wh+Jk1xxf30bth5L1dW82p6fNFhEuKabtkBALOg/CQzYczMeGP9ai6BWgZL8QPlQoEUpHh59Vz91V6unQSOJ2PNr5wzC6j75IKInVjcp4d1S9K2UAxg+HETn5p9T1sBRdAAVz0YgO5902FwDTsA+2x6Q=,iv:U94CNFxQ8kyIYdH0EyqQIJ3s7QKaLlMa+5coO0dQnto=,tag:KZEizL99W5BtcaXSnYXFhg==,type:str] +#ENC[AES256_GCM,data:uNqahO8WF6QFNkbPnQq2UDKn/gFt0H56keUb,iv:CDVKC3ER5rsKoMmBi2g5g+F3ZfKc3+Rs8bjxFhgSPZ4=,tag:oGPl6TB/nghGwWvVBLFlGQ==,type:comment] +FORGEJO_JWT_SECRET: ENC[AES256_GCM,data:nVz9x7+K+rBIZxuQP7o0WNFHUz89eR9cwBjfSAx9/WH5PF+/aWazZOJpVg==,iv:4qpHo143fe/sVhKfYDwxr+YiBZ2q/WWViYSwoxz0i/k=,tag:smSsJsqa6uZKarcoOMUjwQ==,type:str] +FORGEJO_INTERNAL_TOKEN: ENC[AES256_GCM,data:EIono9HSyvp1nQM0ij3ln3IUXO4moFbRgVddeV0BZBXmZG05jdjZ1SIXo/BxoSmRKnjllR7P00CpajNM5zORldlsBId5oAYL5GZtY3/nmxeXucJidknuow22G7Z8wRJJGBdishbgQhmc,iv:1D93gTUF1+DUR8qLJgML+oUhvSslhxEjGnbBC/PWHXw=,tag:NZB+mwba4TzLcUANZLDRTw==,type:str] +FORGEJO_SECRET_KEY: ENC[AES256_GCM,data:CewYFZtcXKUD5/oSM0Q32rhw+urdA0eQhdYp8EFHUXxEtL6f5NWK6IOwIlMuEv1/FjtTWlqxWekOZpmxBRzwnw==,iv:qLyVB7Nc+rDbBoO5g82/vPdykwOATHCSDLhvS+fK9PM=,tag:4NMhUvKmrRd6qrcQq3R8wA==,type:str] sops: kms: [] gcp_kms: [] @@ -19,8 +23,8 @@ sops: eWdXVHg5MTlQQU9GeElPeUZXUlBlaTgKceDu3tLbQM/DxY0tJYJTPy2Dl/SBYaoc KfMZOkc322/NvgWu/3Ke0hV1/eMk8EICwXbSwHhXr5a0+cwPZ9xV4A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-17T11:48:04Z" - mac: ENC[AES256_GCM,data:Bgmm5+IrFdnTG907cZe0cnSmbWLyNDVYyABFj5eRuGsYCthclRM9WEKktvJg2RVYcND39IEH/FiFR/Hxf5YgrUcU7HKEXKzn7U4AGcREh2tb5EVTELjAJ4e00omNoD1gmFOklRS9AWce1g03AGzfbzM68enpDUkxWWTU2FOPei8=,iv:A9V4EsMAIoEs7j/eWy06Y9RExz+N/PT70TBNSViswKc=,tag:287n8ygaEj/40vh1x2IQig==,type:str] + lastmodified: "2024-06-02T20:35:16Z" + mac: ENC[AES256_GCM,data:2aE4orgaTz9x9TeZcTavXNGnPJnb1tlTINutT6X7KktOlcCpWfBqjWZ3ggXGXwMYIc7FhwTS7bWrDYC/nuvaiG/TcSyy8bshEdzawyAHXhs22pPE0uiXl+n67jUJvMrVnSPjaw66g5AzyU7MYkgw+FqncLPQDZtSyVH+F2GYINA=,iv:Ou0f9q/T5s3c6UrWHu1QIoze4v/Wi+u1FhiwXyglHog=,tag:ZoDkCDh7fFm7YfnVSO6Zgw==,type:str] pgp: - created_at: "2023-07-09T17:51:27Z" enc: |- @@ -38,4 +42,4 @@ sops: -----END PGP MESSAGE----- fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 From ce20251ad672a3bff517bede2b10c0102b0b8c5c Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 2 Jun 2024 23:26:26 +0200 Subject: [PATCH 100/305] feat(steveej-x13s): build aarch64 locally --- nix/os/devices/steveej-x13s/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 9f4ef00..bc0f3c2 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -93,7 +93,7 @@ protocol = "ssh-ng"; systems = [ "x86_64-linux" - "aarch64-linux" + # "aarch64-linux" ]; supportedFeatures = [ "big-parallel" From 47e03a7a5da4af29e44976dc9719afbac9d19549 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 2 Jun 2024 23:27:14 +0200 Subject: [PATCH 101/305] feat(router0-dmz0): use (forked) nixos-sbc and bump to nixos-24.05 / linux-6.9 --- nix/os/devices/router0-dmz0/configuration.nix | 133 +++++------------- nix/os/devices/router0-dmz0/flake.lock | 55 ++++++-- nix/os/devices/router0-dmz0/flake.nix | 51 +++---- 3 files changed, 95 insertions(+), 144 deletions(-) diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 5ee4b53..337f4d6 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -11,8 +11,8 @@ }: let inherit (nodeFlake.inputs) - bpir3 nixos-nftables-firewall + nixos-sbc ; vlanRangeStart = builtins.head vlanRange; @@ -86,31 +86,30 @@ then bridgeInterfaceName else "${bridgeInterfaceName}.${toString vlanid}"; - exposedHost = "sj-srv1.dmz.internal"; + dmzExposedHost = "sj-srv1.dmz.internal"; + dmzExposedHostIpv4 = mkVlanIpv4HostAddr { + vlanid = vlansByName.dmz.id; + host = 99; + cidr = false; + }; + # "sj-srv1.dmz.internal"; in { imports = [ + nixos-sbc.nixosModules.default + nixos-sbc.nixosModules.boards.bananapi.bpir3 + { + sbc.version = "0.2"; + sbc.bootstrap.rootFilesystem = "btrfs"; + sbc.wireless.wifi.acceptRegulatoryResponsibility = true; + } + repoFlake.inputs.sops-nix.nixosModules.sops ../../profiles/common/user.nix - - "${bpir3}/lib/sd-image-mt7986.nix" + ../../snippets/nix-settings.nix nixos-nftables-firewall.nixosModules.default - { - nix.nixPath = [ - "nixpkgs=${pkgs.path}" - ]; - - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - - nix.settings.max-jobs = lib.mkDefault "auto"; - nix.settings.cores = lib.mkDefault 0; - } - { services.openssh.enable = true; services.openssh.settings.PermitRootLogin = "yes"; @@ -193,12 +192,10 @@ in { after = ["hook"]; rules = let wanInterfaces = builtins.concatStringsSep ", " config.networking.nftables.firewall.zones.wan.interfaces; - in - # ***TODO***: if this hostname doesn't resolve it'll break the whole ruleset - [ - "iifname { ${wanInterfaces} } tcp dport 220 redirect to 22" - "iifname { ${wanInterfaces} } dnat ip to ${exposedHost}" - ]; + in [ + "iifname { ${wanInterfaces} } tcp dport 220 redirect to 22" + "iifname { ${wanInterfaces} } dnat ip to ${dmzExposedHostIpv4}" + ]; }; }; }; @@ -811,7 +808,7 @@ in { # wireless access point services.hostapd = { enable = true; - package = nodeFlake.packages.${system}.hostapd_patched; + # package = nodeFlake.packages.${system}.hostapd_patched; radios = let # generated with https://miniwebtool.com/mac-address-generator/ mkBssid = i: "34:56:ce:0f:ed:4${toString i}"; @@ -1105,19 +1102,14 @@ in { ) vlanRangeWith0; - # interface = bridgeInterfaceName; - # bind-interfaces = true; - # dhcp-host = "192.168.10.1"; + # TODO: double-check that this works + dhcp-host = "1c:69:7a:07:08:5f,${dmzExposedHostIpv4},${dmzExposedHost}"; - # local domains - # local = "/${getVlanDomain {vlanid = 0;}/"; - # domain = getVlanDomain {vlanid = 0;}; expand-hosts = true; # don't use /etc/hosts as this would advertise ${nodeName} as localhost no-hosts = true; - # address = "/${nodeName}.lan/${fwLanHostAddr}"; server = [ # upstream DNS servers @@ -1175,80 +1167,19 @@ in { # ]; cname = [ - "mailserver.svc.stefanjunker.de,${exposedHost}" - "www.stefanjunker.de,${exposedHost}" - "hedgedoc.www.stefanjunker.de,${exposedHost}" - "jitsi.www.stefanjunker.de,${exposedHost}" - "lldap.www.stefanjunker.de,${exposedHost}" + "mailserver.svc.stefanjunker.de,${dmzExposedHost}" + "www.stefanjunker.de,${dmzExposedHost}" + "hedgedoc.www.stefanjunker.de,${dmzExposedHost}" + "jitsi.www.stefanjunker.de,${dmzExposedHost}" + "lldap.www.stefanjunker.de,${dmzExposedHost}" + "forgejo.www.stefanjunker.de,${dmzExposedHost}" ]; }; }; - # The service irqbalance is useful as it assigns certain IRQ calls to specific CPUs instead of letting the first CPU core to handle everything. This is supposed to increase performance by hitting CPU cache more often. - # disable for now as i think it causes wifi issues - services.irqbalance.enable = false; + system.stateVersion = "24.05"; - system.stateVersion = "23.05"; - - boot.kernelPackages = pkgs.linuxPackages_bpir3_6_6; - # We exclude a number of modules included in the default list. A non-insignificant amount do - # not apply to embedded hardware like this, so simply skip the defaults. - # - # Custom kernel is required as a lot of MTK components misbehave when built as modules. - # They fail to load properly, leaving the system without working ethernet, they'll oops on - # remove. MTK-DSA parts and PCIe were observed to do this. - boot.initrd.includeDefaultModules = false; - boot.initrd.kernelModules = ["rfkill" "cfg80211" "mt7915e"]; - boot.initrd.availableKernelModules = ["nvme"]; - - boot.kernelParams = ["console=ttyS0,115200"]; - hardware.enableRedistributableFirmware = true; - # Wireless hardware exists, regulatory database is essential. - hardware.wirelessRegulatoryDatabase = true; - - # Extlinux compatible with custom uboot patches in this repo, which also provide unique - # MAC addresses instead of the non-unique one that gets used by a lot of MTK devices... - boot.loader.grub.enable = false; - boot.loader.generic-extlinux-compatible.enable = true; - # Known to work with u-boot; bz2, lzma, and lz4 should be safe too, need to test. - boot.initrd.compressor = "gzip"; - hardware.deviceTree.filter = "mt7986a-bananapi-bpi-r3.dtb"; - - hardware.deviceTree.overlays = [ - { - name = "bpir3-sd-enable"; - dtsFile = "${bpir3}/bpir3-dts/mt7986a-bananapi-bpi-r3-sd.dts"; - } - { - name = "bpir3-nand-enable"; - dtsFile = "${bpir3}/bpir3-dts/mt7986a-bananapi-bpi-r3-nand.dts"; - } - { - name = "bpi-r3 wifi training data"; - dtsFile = "${bpir3}/bpir3-dts/mt7986a-bananapi-bpi-r3-wirless.dts"; - } - { - name = "reset button disable"; - dtsFile = "${bpir3}/bpir3-dts/mt7986a-bananapi-bpi-r3-pcie-button.dts"; - } - { - name = "mt7986a efuses"; - dtsFile = "${bpir3}/bpir3-dts/mt7986a-efuse-device-tree-node.dts"; - } - ]; - - boot.initrd.preDeviceCommands = '' - if [ ! -d /sys/bus/pci/devices/0000:01:00.0 ]; then - if [ -d /sys/bus/pci/devices/0000:00:00.0 ]; then - # Remove PCI bridge, then rescan. NVMe init crashes if PCI bridge not removed first - echo 1 > /sys/bus/pci/devices/0000:00:00.0/remove - # Rescan brings PCI root back and brings the NVMe device in. - echo 1 > /sys/bus/pci/rescan - else - info "PCIe bridge missing" - fi - fi - ''; + # boot.kernelPackages = pkgs.linuxPackages_bpir3_6_6; environment.systemPackages = [ pkgs.ethtool diff --git a/nix/os/devices/router0-dmz0/flake.lock b/nix/os/devices/router0-dmz0/flake.lock index 6447ca0..ba9afef 100644 --- a/nix/os/devices/router0-dmz0/flake.lock +++ b/nix/os/devices/router0-dmz0/flake.lock @@ -84,16 +84,16 @@ ] }, "locked": { - "lastModified": 1714043624, - "narHash": "sha256-Xn2r0Jv95TswvPlvamCC46wwNo8ALjRCMBJbGykdhcM=", + "lastModified": 1716736833, + "narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=", "owner": "nix-community", "repo": "home-manager", - "rev": "86853e31dc1b62c6eeed11c667e8cdd0285d4411", + "rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-23.11", + "ref": "release-24.05", "repo": "home-manager", "type": "github" } @@ -135,18 +135,55 @@ "type": "github" } }, + "nixos-sbc": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717352972, + "narHash": "sha256-nMLhyLen1Q7+8Bchr4rxC6dGze2+Bxm2jIxuAAKrC7w=", + "owner": "steveej-forks", + "repo": "nakato_nixos-sbc", + "rev": "b04407e73daf3ac9f6eea161b74f8cf990666fe0", + "type": "github" + }, + "original": { + "owner": "steveej-forks", + "ref": "kernel-6.9_and_cross-compile", + "repo": "nakato_nixos-sbc", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1714409183, - "narHash": "sha256-Wacm/DrzLD7mjFGnSxxyGkJgg2unU/dNdNgdngBH+RU=", + "lastModified": 1717144377, + "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "576ecd43d3b864966b4423a853412d6177775e8b", + "rev": "805a384895c696f802a9bf5bf4720f37385df547", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-23.11", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1716948383, + "narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "ad57eef4ef0659193044870c731987a6df5cf56b", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -177,7 +214,9 @@ "home-manager": "home-manager", "hostapd": "hostapd", "nixos-nftables-firewall": "nixos-nftables-firewall", + "nixos-sbc": "nixos-sbc", "nixpkgs": "nixpkgs", + "nixpkgs-unstable": "nixpkgs-unstable", "openwrt": "openwrt", "srvos": "srvos" } diff --git a/nix/os/devices/router0-dmz0/flake.nix b/nix/os/devices/router0-dmz0/flake.nix index 2d02246..f1b6a04 100644 --- a/nix/os/devices/router0-dmz0/flake.nix +++ b/nix/os/devices/router0-dmz0/flake.nix @@ -1,10 +1,11 @@ { inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; get-flake.url = "github:ursi/get-flake"; - home-manager.url = "github:nix-community/home-manager/release-23.11"; + home-manager.url = "github:nix-community/home-manager/release-24.05"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; disko.url = "github:nix-community/disko"; @@ -19,6 +20,9 @@ bpir3.inputs.nixpkgs.follows = "nixpkgs"; + nixos-sbc.url = "github:steveej-forks/nakato_nixos-sbc/kernel-6.9_and_cross-compile"; + nixos-sbc.inputs.nixpkgs.follows = "nixpkgs"; + nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall"; nixos-nftables-firewall.inputs.nixpkgs.follows = "nixpkgs"; @@ -40,7 +44,7 @@ self, get-flake, nixpkgs, - bpir3, + nixos-sbc, ... }: let nativeSystem = "aarch64-linux"; @@ -77,23 +81,9 @@ # flake registry { + nixpkgs.overlays = builtins.attrValues self.overlays; nix.registry.nixpkgs.flake = nixpkgs; } - - { - nixpkgs.overlays = [ - (final: previous: let - bpir3Pkgs = previous.callPackage "${bpir3}/pkgs" {}; - in { - inherit - (bpir3Pkgs) - linuxPackages_bpir3 - linuxPackages_bpir3_6_6 - linuxPackages_bpir3_latest - ; - }) - ]; - } ] ++ extraModules; } @@ -114,23 +104,14 @@ }; }; - packages = let - mkPatchedHostapd = pkgs: - pkgs.hostapd.overrideDerivation (attrs: { - patches = - attrs.patches - ++ [ - "${self.inputs.openwrt}/package/network/services/hostapd/patches/710-vlan_no_bridge.patch" - ]; - }); - in { - "${nativeSystem}" = { - hostapd_patched = mkPatchedHostapd pkgs; - }; - - cross = { - hostapd_patched = mkPatchedHostapd pkgsCross; - }; + overlays.default = final: previous: { + hostapd = previous.hostapd.overrideDerivation (attrs: { + patches = + attrs.patches + ++ [ + "${self.inputs.openwrt}/package/network/services/hostapd/patches/710-vlan_no_bridge.patch" + ]; + }); }; }; } From 62c97c3b0ab45bd9e1f7d39ce97a895a8311dd2d Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 3 Jun 2024 15:39:45 +0200 Subject: [PATCH 102/305] nix/os/devices/sj-bm-hostkey0: bump versions --- nix/os/devices/sj-bm-hostkey0/flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/nix/os/devices/sj-bm-hostkey0/flake.lock b/nix/os/devices/sj-bm-hostkey0/flake.lock index e7b642c..5ede153 100644 --- a/nix/os/devices/sj-bm-hostkey0/flake.lock +++ b/nix/os/devices/sj-bm-hostkey0/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1717177033, - "narHash": "sha256-G3CZJafCO8WDy3dyA2EhpUJEmzd5gMJ2IdItAg0Hijw=", + "lastModified": 1717415925, + "narHash": "sha256-KhclrqEQFrDr6Z8WqtvCdqtR7Fg35aMyfk7ANtx34Ys=", "owner": "nix-community", "repo": "disko", - "rev": "0274af4c92531ebfba4a5bd493251a143bc51f3c", + "rev": "b106b5df3654d83197aff4826e3e34a5a5335b1c", "type": "github" }, "original": { @@ -117,11 +117,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1717155741, - "narHash": "sha256-lLe3nDxAI5hP0Gc8x3rnhaXQ4fKgK+dhTM1KREvtBGw=", + "lastModified": 1717421726, + "narHash": "sha256-51B13+DTS+ZzbGPWIMMA9VwxJ34gVpbzQb0YxlzI96s=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "959cc7fd4487753916376d563f3a33fa5f4636ee", + "rev": "c2c1243876382b8ed987f820864c66323ee33cb9", "type": "github" }, "original": { @@ -163,11 +163,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1716948383, - "narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=", + "lastModified": 1717196966, + "narHash": "sha256-yZKhxVIKd2lsbOqYd5iDoUIwsRZFqE87smE2Vzf6Ck0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ad57eef4ef0659193044870c731987a6df5cf56b", + "rev": "57610d2f8f0937f39dbd72251e9614b1561942d8", "type": "github" }, "original": { @@ -211,11 +211,11 @@ ] }, "locked": { - "lastModified": 1717058062, - "narHash": "sha256-R8Gb2MlJzfBE76DVWFmfZWODMdAanqxFnK+OOmkoQ7E=", + "lastModified": 1717376170, + "narHash": "sha256-603uKDAsg8KKVvMzNxIgTrHvXu6vRYx32NO3tuQCIg4=", "owner": "numtide", "repo": "srvos", - "rev": "414d1039a58b667e4512ad9f7068aa935ebf8d59", + "rev": "96998137e26a92debda49fc2a32d4852d754abb4", "type": "github" }, "original": { From 63b1b50e60f1a2c09835bdabb279f39340fddb27 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 6 Jun 2024 22:30:07 +0200 Subject: [PATCH 103/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 30 +++++++++++++------------- nix/os/devices/steveej-x13s/flake.nix | 2 +- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 29fb447..11efe8a 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1717177033, - "narHash": "sha256-G3CZJafCO8WDy3dyA2EhpUJEmzd5gMJ2IdItAg0Hijw=", + "lastModified": 1717637172, + "narHash": "sha256-geTO9YL1V9zYGxupuZvKFWxh6II9sH2bjI1dmEVhVYQ=", "owner": "nix-community", "repo": "disko", - "rev": "0274af4c92531ebfba4a5bd493251a143bc51f3c", + "rev": "713aa3df481782719aed4d8c20ad31a9effe3564", "type": "github" }, "original": { @@ -111,11 +111,11 @@ ] }, "locked": { - "lastModified": 1716736833, - "narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=", + "lastModified": 1717527182, + "narHash": "sha256-vWSkg6AMok1UUQiSYVdGMOXKD2cDFnajITiSi0Zjd1A=", "owner": "nix-community", "repo": "home-manager", - "rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6", + "rev": "845a5c4c073f74105022533907703441e0464bc3", "type": "github" }, "original": { @@ -150,11 +150,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1717155741, - "narHash": "sha256-lLe3nDxAI5hP0Gc8x3rnhaXQ4fKgK+dhTM1KREvtBGw=", + "lastModified": 1717682630, + "narHash": "sha256-yLqfhVyAhfwEjvN4pptkfsZtPLJ50BEV8yFaYKf79g4=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "959cc7fd4487753916376d563f3a33fa5f4636ee", + "rev": "c62def95216c1e25a0795faab49458dc7ff26ad5", "type": "github" }, "original": { @@ -228,11 +228,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1716948383, - "narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=", + "lastModified": 1717602782, + "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ad57eef4ef0659193044870c731987a6df5cf56b", + "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", "type": "github" }, "original": { @@ -260,11 +260,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1717144377, - "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", + "lastModified": 1717555607, + "narHash": "sha256-WZ1s48OODmRJ3DHC+I/DtM3tDRuRJlNqMvxvAPTD7ec=", "owner": "nixos", "repo": "nixpkgs", - "rev": "805a384895c696f802a9bf5bf4720f37385df547", + "rev": "0b8e7a1ae5a94da2e1ee3f3030a32020f6254105", "type": "github" }, "original": { diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 92c6ea6..e838765 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -17,7 +17,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?ref=main"; + nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s"; # nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?ref=refs/tags/2024-02-28"; # nixos-x13s.url = "path:/home/steveej/src/others/nixos-x13s"; # nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; From 098d262b58ae48e87a86994cdc0e4e2613721dd8 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 8 Jun 2024 13:53:19 +0200 Subject: [PATCH 104/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 11efe8a..543c6fa 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1717637172, - "narHash": "sha256-geTO9YL1V9zYGxupuZvKFWxh6II9sH2bjI1dmEVhVYQ=", + "lastModified": 1717770040, + "narHash": "sha256-eq9gP060TqWqRf2k4WO5FrG49rVq5Jy3Ptusg0CFdds=", "owner": "nix-community", "repo": "disko", - "rev": "713aa3df481782719aed4d8c20ad31a9effe3564", + "rev": "398acc470f7c2d68621db01900f053e6000129c4", "type": "github" }, "original": { @@ -150,11 +150,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1717682630, - "narHash": "sha256-yLqfhVyAhfwEjvN4pptkfsZtPLJ50BEV8yFaYKf79g4=", + "lastModified": 1717750556, + "narHash": "sha256-nyHHuwOHaIh8WCxaQb7QoTReV09ydhHLYwEVHQg2Hek=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "c62def95216c1e25a0795faab49458dc7ff26ad5", + "rev": "b3aaff8143fdd96fc3829738c7abe739204e6c18", "type": "github" }, "original": { @@ -186,14 +186,13 @@ "locked": { "lastModified": 1717084324, "narHash": "sha256-YvezQmRHuYosnMz48jJDS5JSvkm+smpbPlBKftp+lkI=", - "ref": "main", + "ref": "refs/heads/main", "rev": "ce0128942303fd0a8869252027315d6a0cca731e", "revCount": 76, "type": "git", "url": "https://codeberg.org/adamcstephens/nixos-x13s" }, "original": { - "ref": "main", "type": "git", "url": "https://codeberg.org/adamcstephens/nixos-x13s" } @@ -260,11 +259,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1717555607, - "narHash": "sha256-WZ1s48OODmRJ3DHC+I/DtM3tDRuRJlNqMvxvAPTD7ec=", + "lastModified": 1717696253, + "narHash": "sha256-1+ua0ggXlYYPLTmMl3YeYYsBXDSCqT+Gw3u6l4gvMhA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "0b8e7a1ae5a94da2e1ee3f3030a32020f6254105", + "rev": "9b5328b7f761a7bbdc0e332ac4cf076a3eedb89b", "type": "github" }, "original": { From 4a42e3fe3ce51fc0d6e1ba53b53ac5250ed0549c Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 8 Jun 2024 20:39:44 +0200 Subject: [PATCH 105/305] nix/os/devices/router0-ifog: bump versions --- nix/os/devices/router0-ifog/flake.lock | 151 +++++++++++++++++++++++++ nix/os/devices/router0-ifog/flake.nix | 19 ++++ 2 files changed, 170 insertions(+) create mode 100644 nix/os/devices/router0-ifog/flake.lock create mode 100644 nix/os/devices/router0-ifog/flake.nix diff --git a/nix/os/devices/router0-ifog/flake.lock b/nix/os/devices/router0-ifog/flake.lock new file mode 100644 index 0000000..b9719a9 --- /dev/null +++ b/nix/os/devices/router0-ifog/flake.lock @@ -0,0 +1,151 @@ +{ + "nodes": { + "dependencyDagOfSubmodule": { + "inputs": { + "nixpkgs": [ + "nixos-nftables-firewall", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1656615370, + "narHash": "sha256-IZDqz1aSySoqf1qtVQg+oJMHfC4IlT55Zoa7EkjvPug=", + "owner": "thelegy", + "repo": "nix-dependencyDagOfSubmodule", + "rev": "98eb563d80b35acafbfc1abb9ccee569c1efb19c", + "type": "github" + }, + "original": { + "owner": "thelegy", + "repo": "nix-dependencyDagOfSubmodule", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717770040, + "narHash": "sha256-eq9gP060TqWqRf2k4WO5FrG49rVq5Jy3Ptusg0CFdds=", + "owner": "nix-community", + "repo": "disko", + "rev": "398acc470f7c2d68621db01900f053e6000129c4", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717527182, + "narHash": "sha256-vWSkg6AMok1UUQiSYVdGMOXKD2cDFnajITiSi0Zjd1A=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "845a5c4c073f74105022533907703441e0464bc3", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.05", + "repo": "home-manager", + "type": "github" + } + }, + "nixos-nftables-firewall": { + "inputs": { + "dependencyDagOfSubmodule": "dependencyDagOfSubmodule", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1715521768, + "narHash": "sha256-BQkkBqDemoPRd2a4G94I9w9fNE0IxWtVsQ9SalnNqCQ=", + "owner": "thelegy", + "repo": "nixos-nftables-firewall", + "rev": "2c5a19966b4dfc5ca92df7eb250c68f90be653c8", + "type": "github" + }, + "original": { + "owner": "thelegy", + "repo": "nixos-nftables-firewall", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1717696253, + "narHash": "sha256-1+ua0ggXlYYPLTmMl3YeYYsBXDSCqT+Gw3u6l4gvMhA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "9b5328b7f761a7bbdc0e332ac4cf076a3eedb89b", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1717602782, + "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "disko": "disko", + "home-manager": "home-manager", + "nixos-nftables-firewall": "nixos-nftables-firewall", + "nixpkgs": "nixpkgs", + "nixpkgs-unstable": "nixpkgs-unstable", + "srvos": "srvos" + } + }, + "srvos": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717807544, + "narHash": "sha256-djHfn29HdlfWdmyeu3rqlVS8k5q/xRh2P0mX2RAafb0=", + "owner": "numtide", + "repo": "srvos", + "rev": "64ae31cb29923128f27a503a550ee4fb1631c4c6", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "srvos", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/nix/os/devices/router0-ifog/flake.nix b/nix/os/devices/router0-ifog/flake.nix new file mode 100644 index 0000000..6e7501b --- /dev/null +++ b/nix/os/devices/router0-ifog/flake.nix @@ -0,0 +1,19 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + + home-manager.url = "github:nix-community/home-manager/release-24.05"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + + disko.url = "github:nix-community/disko"; + disko.inputs.nixpkgs.follows = "nixpkgs"; + srvos.url = "github:numtide/srvos"; + srvos.inputs.nixpkgs.follows = "nixpkgs"; + + nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall"; + nixos-nftables-firewall.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = _: {}; +} From 2f60cd571a61bd85ca501732693d4671069d0f4b Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 8 Jun 2024 21:04:38 +0200 Subject: [PATCH 106/305] feat: migrate nfmnk to ifog, add hosthatch --- .sops.yaml | 17 +- flake.nix | 3 +- nix/os/devices/router0-dmz0/configuration.nix | 110 +++++- .../router0-hosthatch/configuration.nix | 340 ++++++++++++++++++ .../default.nix | 2 +- .../flake.lock | 30 +- .../flake.nix | 0 .../router0-hosthatch/variables.crypt.nix | Bin 0 -> 202 bytes .../configuration.nix | 25 +- nix/os/devices/router0-ifog/default.nix | 34 ++ .../devices/router0-ifog/variables.crypt.nix | Bin 0 -> 261 bytes .../devices/router0-nfmnk/variables.crypt.nix | Bin 53 -> 0 bytes secrets/router0-dmz0/secrets.yaml | 8 +- secrets/router0-hosthatch/secrets.yaml | 43 +++ .../secrets.yaml | 32 +- secrets/shared-users.yaml | 131 +++---- 16 files changed, 656 insertions(+), 119 deletions(-) create mode 100644 nix/os/devices/router0-hosthatch/configuration.nix rename nix/os/devices/{router0-nfmnk => router0-hosthatch}/default.nix (91%) rename nix/os/devices/{router0-nfmnk => router0-hosthatch}/flake.lock (78%) rename nix/os/devices/{router0-nfmnk => router0-hosthatch}/flake.nix (100%) create mode 100644 nix/os/devices/router0-hosthatch/variables.crypt.nix rename nix/os/devices/{router0-nfmnk => router0-ifog}/configuration.nix (93%) create mode 100644 nix/os/devices/router0-ifog/default.nix create mode 100644 nix/os/devices/router0-ifog/variables.crypt.nix delete mode 100644 nix/os/devices/router0-nfmnk/variables.crypt.nix create mode 100644 secrets/router0-hosthatch/secrets.yaml rename secrets/{router0-nfmnk => router0-ifog}/secrets.yaml (71%) diff --git a/.sops.yaml b/.sops.yaml index 607bce0..69bfd81 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -16,8 +16,10 @@ keys: - &sj-srv1 age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - &srv0-dmz0 age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 - &router0-dmz0 age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86 - - &router0-nfmnk age1x8fcjgaknfh5m2s4f0r2mjtfdjkuyj74y39jmh28k2pp5hmn25nschlra9 + - &router0-ifog age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00 + - &router0-hosthatch age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4 - &sj-bm-hostkey0 age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44 + creation_rules: - path_regex: ^(.+/|)secrets/[^/]+$ key_groups: @@ -35,7 +37,8 @@ creation_rules: - *sj-vps-htz0 - *sj-srv1 - *sj-bm-hostkey0 - - *router0-nfmnk + - *router0-ifog + - *router0-hosthatch - path_regex: ^secrets/steveej-t14/.+$ key_groups: - pgp: @@ -75,12 +78,18 @@ creation_rules: - *steveej age: - *router0-dmz0 - - path_regex: ^secrets/router0-nfmnk/.+$ + - path_regex: ^secrets/router0-ifog/.+$ key_groups: - pgp: - *steveej age: - - *router0-nfmnk + - *router0-ifog + - path_regex: ^secrets/router0-hosthatch/.+$ + key_groups: + - pgp: + - *steveej + age: + - *router0-hosthatch - path_regex: ^secrets/sj-vps-htz0/.+$ key_groups: - pgp: diff --git a/flake.nix b/flake.nix index c1204cb..8405916 100644 --- a/flake.nix +++ b/flake.nix @@ -162,7 +162,8 @@ # "srv0-dmz0" # # "router0-dmz0" - "router0-nfmnk" + "router0-ifog" + "router0-hosthatch" "sj-srv1" "sj-bm-hostkey0" diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 337f4d6..a006d60 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -208,7 +208,7 @@ in { vlan.interfaces = builtins.map (vlanid: (mkInterfaceName {inherit vlanid;})) vlanRange; # lan.ipv4Addresses = ["192.168.0.0/16"]; wan.interfaces = ["wan" "lan0"]; - vpn.interfaces = ["wg0" "wg1"]; + vpn.interfaces = ["wg0" "wg1" "wg2"]; } // # generate a zone for each vlan @@ -367,11 +367,11 @@ in { systemd.network = { wait-online.anyInterface = true; netdevs = let - router0-nmfk_wg0Endpoint = "${repoFlake.colmena.router0-nfmnk.deployment.targetHost}:${ + router0-ifog_wg0Endpoint = "${repoFlake.colmena.router0-ifog.deployment.targetHost}:${ builtins.toString repoFlake .nixosConfigurations - .router0-nfmnk + .router0-ifog .config .systemd .network @@ -381,11 +381,11 @@ in { .ListenPort }"; - router0-nmfk_wg1Endpoint = "${repoFlake.colmena.router0-nfmnk.deployment.targetHost}:${ + router0-ifog_wg1Endpoint = "${repoFlake.colmena.router0-ifog.deployment.targetHost}:${ builtins.toString repoFlake .nixosConfigurations - .router0-nfmnk + .router0-ifog .config .systemd .network @@ -394,6 +394,20 @@ in { .wireguardConfig .ListenPort }"; + + router0-hosthatch_wg0Endpoint = "${repoFlake.colmena.router0-hosthatch.deployment.targetHost}:${ + builtins.toString + repoFlake + .nixosConfigurations + .router0-hosthatch + .config + .systemd + .network + .netdevs + .wg0 + .wireguardConfig + .ListenPort + }"; in { # Create the bridge interface @@ -442,7 +456,7 @@ in { PersistentKeepalive = 15; PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path; PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; - Endpoint = router0-nmfk_wg0Endpoint; + Endpoint = router0-ifog_wg0Endpoint; }; } ]; @@ -468,7 +482,43 @@ in { PersistentKeepalive = 15; PresharedKeyFile = builtins.toString config.sops.secrets.wg1-peer0-psk.path; PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; - Endpoint = router0-nmfk_wg1Endpoint; + Endpoint = router0-ifog_wg1Endpoint; + }; + } + ]; + }; + + wg2 = { + enable = true; + netdevConfig = { + Name = "wg2"; + Kind = "wireguard"; + }; + wireguardConfig = { + PrivateKeyFile = builtins.toString config.sops.secrets.wg0-privatekey.path; + FirewallMark = 102; + }; + wireguardPeers = [ + { + wireguardPeerConfig = { + AllowedIPs = [ + # this allows all traffic to be routed through this interface + "0.0.0.0/0" + + # # alternatively, specific destinations could be allowed + + # # remote peer wg addr + # "10.0.0.0/32" + + # "1.1.1.1/32" + # # ifconfig.co. + # "172.67.168.106" + # "104.21.54.91" + ]; + PersistentKeepalive = 15; + PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path; + PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; + Endpoint = router0-hosthatch_wg0Endpoint; }; } ]; @@ -513,6 +563,21 @@ in { # ip rule add fwmark 101 priority 0 table 101 # ip rule add fwmark 101 priority 1 prohibit routingPolicyRules = [ + { + routingPolicyRuleConfig = { + FirewallMark = 100; + Priority = 30000; + Table = 100; + }; + } + { + routingPolicyRuleConfig = { + FirewallMark = 100; + Priority = 30001; + Table = 100; + Type = "prohibit"; + }; + } { routingPolicyRuleConfig = { FirewallMark = 101; @@ -530,16 +595,16 @@ in { } { routingPolicyRuleConfig = { - FirewallMark = 100; + FirewallMark = 102; Priority = 30000; - Table = 100; + Table = 102; }; } { routingPolicyRuleConfig = { - FirewallMark = 100; + FirewallMark = 102; Priority = 30001; - Table = 100; + Table = 102; Type = "prohibit"; }; } @@ -596,6 +661,12 @@ in { Table = 100; }; } + { + routeConfig = { + Gateway = "_dhcp4"; + Table = 102; + }; + } ]; }; @@ -696,7 +767,8 @@ in { routes = [ { routeConfig = { - Destination = "185.143.101.42/32"; + # test the set uprouting to a specific IP + Destination = "${repoFlake.colmena.sj-bm-hostkey0.deployment.targetHost}/32"; MultiPathRoute = "10.0.0.0 1"; }; } @@ -711,12 +783,24 @@ in { routes = [ { routeConfig = { - Destination = "185.143.101.42/32"; + Destination = "${repoFlake.colmena.sj-bm-hostkey0.deployment.targetHost}/32"; MultiPathRoute = "10.0.0.2 1"; }; } ]; }; + + "50-wg2" = { + enable = true; + matchConfig.Name = "wg2"; + address = [ + "10.0.1.1/31" + ]; + + routes = [ + # TODO: add a testing route here + ]; + }; } # configuration for the hostapd dynamic interfaces # * netdev type vlan diff --git a/nix/os/devices/router0-hosthatch/configuration.nix b/nix/os/devices/router0-hosthatch/configuration.nix new file mode 100644 index 0000000..b6b2146 --- /dev/null +++ b/nix/os/devices/router0-hosthatch/configuration.nix @@ -0,0 +1,340 @@ +{ + repoFlake, + pkgs, + lib, + config, + nodeFlake, + nodeName, + localDomainName, + system, + variables, + ... +}: { + system.stateVersion = "24.05"; + + imports = [ + nodeFlake.inputs.disko.nixosModules.disko + nodeFlake.inputs.srvos.nixosModules.mixins-terminfo + + repoFlake.inputs.sops-nix.nixosModules.sops + + ../../snippets/nix-settings.nix + ../../profiles/common/user.nix + + nodeFlake.inputs.nixos-nftables-firewall.nixosModules.default + + { + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "yes"; + + users.commonUsers = { + enable = true; + enableNonRoot = false; + rootPasswordFile = config.sops.secrets.passwords-root.path; + }; + + # sops.age.keyFile = "/etc/age.key"; + # sops.age.sshKeyPaths = []; + + sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.secrets.passwords-root.neededForUsers = true; + } + + # TODO: extract this into single-disk VM BIOS module + { + boot.loader.systemd-boot.enable = false; + boot.loader.grub.efiSupport = false; + + # forcing seems required or else there's an error about duplicated devices + boot.loader.grub.devices = lib.mkForce ["/dev/vda"]; + + disko.devices.disk.vda = { + device = "/dev/vda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = ["-f"]; # Override existing partition + subvolumes = { + # Subvolume name is different from mountpoint + "/rootfs" = { + mountpoint = "/"; + }; + "/nix" = { + mountOptions = ["noatime"]; + mountpoint = "/nix"; + }; + "/boot" = { + mountpoint = "/boot"; + }; + }; + }; + }; + }; + }; + }; + + boot.initrd.kernelModules = [ + "virtio_balloon" + "virtio_scsi" + "virtio_net" + "virtio_pci" + "virtio_ring" + "virtio" + "scsi_mod" + + "virtio_blk" + "virtio_ring" + "ata_piix" + "pata_acpi" + "ata_generic" + ]; + } + ]; + + # sops.secrets.ssh_host_ed25519_key = { + # sopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + # format = "yaml"; + + # path = "/etc/ssh/ssh_host_ed25519_key"; + # mode = "0600"; + # }; + # sops.secrets.ssh_host_ed25519_key_pub = { + # sopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + # format = "yaml"; + + # path = "/etc/ssh/ssh_host_ed25519_key.pub"; + # mode = "0600"; + # }; + # sops.secrets.ssh_host_rsa_key = { + # sopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + # format = "yaml"; + + # path = "/etc/ssh/ssh_host_rsa_key"; + # mode = "0600"; + # }; + # sops.secrets.ssh_host_rsa_key_pub = { + # sopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + # format = "yaml"; + + # path = "/etc/ssh/ssh_host_rsa_key.pub"; + # mode = "0644"; + # }; + + boot = { + kernel = { + sysctl = { + "net.ipv4.conf.all.forwarding" = true; + "net.ipv6.conf.all.forwarding" = true; + }; + }; + }; + + networking = { + hostName = nodeName; + useNetworkd = true; + useDHCP = true; + usePredictableInterfaceNames = false; + + interfaces.eth0.ipv4.addresses = [ + { + address = variables.ipv4; + prefixLength = variables.ipv4length; + } + ]; + defaultGateway = { + interface = "eth0"; + address = variables.ipv4gateway; + }; + nameservers = [ + variables.ipv4dns + ]; + + # these will be configured via nftables + nat.enable = lib.mkForce false; + firewall.enable = lib.mkForce false; + + # Use the nftables firewall instead of the base nixos scripted rules. + # This flake provides a similar utility to the base nixos scripting. + # https://github.com/thelegy/nixos-nftables-firewall/tree/main + + nftables = { + enable = true; + + firewall = { + enable = true; + snippets.nnf-common.enable = true; + + zones.wan = { + interfaces = ["eth0"]; + }; + + zones.vpn = { + interfaces = ["wg0" "wg1"]; + }; + + rules = { + to-fw = { + from = "all"; + to = ["fw"]; + verdict = "drop"; + + allowedTCPPorts = [ + 22 + 5201 + ]; + allowedUDPPorts = [ + 22 + 5201 + config.systemd.network.netdevs.wg0.wireguardConfig.ListenPort + config.systemd.network.netdevs.wg1.wireguardConfig.ListenPort + ]; + }; + + vpn-to-wan-nat = { + from = ["vpn"]; + to = ["wan"]; + masquerade = true; + verdict = "accept"; + }; + }; + }; + }; + }; + + sops.secrets.wg0-privatekey = { + mode = "440"; + group = "systemd-network"; + }; + sops.secrets.wg0-peer0-psk = { + mode = "440"; + group = "systemd-network"; + }; + sops.secrets.wg1-privatekey = { + mode = "440"; + group = "systemd-network"; + }; + sops.secrets.wg1-peer0-psk = { + mode = "440"; + group = "systemd-network"; + }; + + systemd.network.enable = true; + systemd.network.netdevs.wg0 = { + enable = true; + netdevConfig = { + Name = "wg0"; + Kind = "wireguard"; + }; + wireguardConfig = { + ListenPort = 51820; + # PublicKey /RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM= + PrivateKeyFile = builtins.toString config.sops.secrets.wg0-privatekey.path; + }; + wireguardPeers = [ + { + wireguardPeerConfig = { + AllowedIPs = [ + "10.0.1.1/32" + "192.168.0.0/16" + ]; + PersistentKeepalive = 15; + PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path; + PublicKey = "hsjIenUFV/FBqplIKxSL/Zn2zDAfojlIKHMxPA6RC04="; + }; + } + ]; + }; + systemd.network.netdevs.wg1 = { + enable = true; + netdevConfig = { + Name = "wg1"; + Kind = "wireguard"; + }; + wireguardConfig = { + ListenPort = 51821; + # PublicKey /RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM= + PrivateKeyFile = builtins.toString config.sops.secrets.wg1-privatekey.path; + }; + wireguardPeers = [ + { + wireguardPeerConfig = { + AllowedIPs = [ + "10.0.1.3/31" + "192.168.0.0/16" + ]; + PersistentKeepalive = 15; + PresharedKeyFile = builtins.toString config.sops.secrets.wg1-peer0-psk.path; + PublicKey = "Ha5hsarCRO8LX9SrkopUeP14ebLdFgxXUC0ezrobax4="; + }; + } + ]; + }; + systemd.network.networks.wg0 = { + enable = true; + matchConfig.Name = "wg0"; + address = [ + "10.0.1.0/31" + ]; + + routes = [ + { + routeConfig = { + Destination = "192.168.0.0/16"; + MultiPathRoute = "10.0.1.1 1"; + }; + } + ]; + }; + systemd.network.networks.wg1 = { + enable = true; + matchConfig.Name = "wg1"; + address = [ + "10.0.1.2/31" + ]; + + routes = [ + { + routeConfig = { + Destination = "192.168.0.0/16"; + MultiPathRoute = "10.0.1.3 1"; + }; + } + ]; + }; + + environment.systemPackages = [ + pkgs.ethtool + pkgs.neovim + pkgs.tmux + + pkgs.wireguard-tools + pkgs.tshark + + (pkgs.writeShellScriptBin "dbg-ip" '' + echo links: + ip -br -c l + echo + echo addresses: + ip -br -c a + echo + echo vlans: + bridge -c vlan + '') + + (pkgs.writeShellScriptBin "dbg-dnsmasq" '' + # get the rendered in-use config + pgrep -a dnsmasq | grep -Eo '[^ ]*conf' | xargs cat | grep -Eo '[^=]*conf' | xargs cat + '') + ]; +} diff --git a/nix/os/devices/router0-nfmnk/default.nix b/nix/os/devices/router0-hosthatch/default.nix similarity index 91% rename from nix/os/devices/router0-nfmnk/default.nix rename to nix/os/devices/router0-hosthatch/default.nix index 1fe13e3..202e206 100644 --- a/nix/os/devices/router0-nfmnk/default.nix +++ b/nix/os/devices/router0-hosthatch/default.nix @@ -8,7 +8,7 @@ variables = import ./variables.crypt.nix; in { meta.nodeSpecialArgs.${nodeName} = { - inherit repoFlake nodeName nodeFlake system; + inherit repoFlake nodeName nodeFlake system variables; packages' = repoFlake.packages.${system}; nodePackages' = nodeFlake.packages.${system}; }; diff --git a/nix/os/devices/router0-nfmnk/flake.lock b/nix/os/devices/router0-hosthatch/flake.lock similarity index 78% rename from nix/os/devices/router0-nfmnk/flake.lock rename to nix/os/devices/router0-hosthatch/flake.lock index 8284b8f..1fc4feb 100644 --- a/nix/os/devices/router0-nfmnk/flake.lock +++ b/nix/os/devices/router0-hosthatch/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1717177033, - "narHash": "sha256-G3CZJafCO8WDy3dyA2EhpUJEmzd5gMJ2IdItAg0Hijw=", + "lastModified": 1717915259, + "narHash": "sha256-VsGPboaleIlPELHY5cNTrXK4jHVmgUra8uC6h7KVC5c=", "owner": "nix-community", "repo": "disko", - "rev": "0274af4c92531ebfba4a5bd493251a143bc51f3c", + "rev": "1bbdb06f14e2621290b250e631cf3d8948e4d19b", "type": "github" }, "original": { @@ -48,11 +48,11 @@ ] }, "locked": { - "lastModified": 1716736833, - "narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=", + "lastModified": 1717527182, + "narHash": "sha256-vWSkg6AMok1UUQiSYVdGMOXKD2cDFnajITiSi0Zjd1A=", "owner": "nix-community", "repo": "home-manager", - "rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6", + "rev": "845a5c4c073f74105022533907703441e0464bc3", "type": "github" }, "original": { @@ -85,11 +85,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1717144377, - "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", + "lastModified": 1717696253, + "narHash": "sha256-1+ua0ggXlYYPLTmMl3YeYYsBXDSCqT+Gw3u6l4gvMhA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "805a384895c696f802a9bf5bf4720f37385df547", + "rev": "9b5328b7f761a7bbdc0e332ac4cf076a3eedb89b", "type": "github" }, "original": { @@ -101,11 +101,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1716948383, - "narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=", + "lastModified": 1717786204, + "narHash": "sha256-4q0s6m0GUcN7q+Y2DqD27iLvbcd1G50T2lv08kKxkSI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ad57eef4ef0659193044870c731987a6df5cf56b", + "rev": "051f920625ab5aabe37c920346e3e69d7d34400e", "type": "github" }, "original": { @@ -132,11 +132,11 @@ ] }, "locked": { - "lastModified": 1717058062, - "narHash": "sha256-R8Gb2MlJzfBE76DVWFmfZWODMdAanqxFnK+OOmkoQ7E=", + "lastModified": 1717807544, + "narHash": "sha256-djHfn29HdlfWdmyeu3rqlVS8k5q/xRh2P0mX2RAafb0=", "owner": "numtide", "repo": "srvos", - "rev": "414d1039a58b667e4512ad9f7068aa935ebf8d59", + "rev": "64ae31cb29923128f27a503a550ee4fb1631c4c6", "type": "github" }, "original": { diff --git a/nix/os/devices/router0-nfmnk/flake.nix b/nix/os/devices/router0-hosthatch/flake.nix similarity index 100% rename from nix/os/devices/router0-nfmnk/flake.nix rename to nix/os/devices/router0-hosthatch/flake.nix diff --git a/nix/os/devices/router0-hosthatch/variables.crypt.nix b/nix/os/devices/router0-hosthatch/variables.crypt.nix new file mode 100644 index 0000000000000000000000000000000000000000..38c17df5604314571d09b3b420ae023ca33ac67e GIT binary patch literal 202 zcmZQ@_Y83kiVO&0*wia+CLYMKMnfrnuhe7XMTcLzns6>wp8e<6#vGlSMx|ZpMMV=Q zx!>9U@2AzA^KB;-d@C43p555LE-l7oIp2G;n8R8gO^J*Ael$$4N|=|BoUFDxW5SNf zZcE%2G)<{Grx<46#Qks&Z}jb-Uk^60=S4nU*Rr55Q&l5ra$$JzgZDe4L;2ckIuB%) zaKtkj6qcUcdn%yu+q?3(>20pEbU_-~N}pTj@;F9!2&0`n(cNo0?m8 z3m$O&Grw$mp?wR(9r0u46``x=Ox?wP{eSUJ%SRmY0c-fLFhuRVkg8*B)w`-|sbs;@ z+KVz1yjeH1wRF8%lAZHDCg#WIjdF))t~j%&&$TFP`Q?&J>_YcKZmyqdQrLUB&hYhw X*@s#dOffXQ7Pouf@dFdCxV8WQVZVk` literal 0 HcmV?d00001 diff --git a/nix/os/devices/router0-nfmnk/variables.crypt.nix b/nix/os/devices/router0-nfmnk/variables.crypt.nix deleted file mode 100644 index acf532e1284091842c3971ac16a862e90d7d2604..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 53 zcmZQ@_Y83kiVO&0sF}7TWclq+&8-r`1{}wFPCK>~YaN*sZG2uobj#k{2TB*$oAMQ> Kd7W1K#{~dH@)p$q diff --git a/secrets/router0-dmz0/secrets.yaml b/secrets/router0-dmz0/secrets.yaml index 852aeb4..6500efe 100644 --- a/secrets/router0-dmz0/secrets.yaml +++ b/secrets/router0-dmz0/secrets.yaml @@ -5,7 +5,9 @@ ssh_host_ed25519_key: ENC[AES256_GCM,data:XQjTqNADLhisxPBIJ7x0bs3qgQk0u4q9HKSDuk ssh_host_ed25519_key_pub: ENC[AES256_GCM,data:MQ0q/I6clKNz6uzoztGA06vOjIbpK6Dsf3WbgddRA0B8nEJ4EUmRBT0KkX3o+LZmQPhmURHWWFtOSqvAzkyoxAoBZEh98H3IDsLE5PgcNbxK3dAh36+AAMPLzVFnHLyaWLQW,iv:9XIw29PkSHCeU7C2GuSJ+J+mBrwOrbSMmm7kOtCkiyI=,tag:x3JqFF08f2eVfOrrQ1gzYw==,type:str] ssh_host_rsa_key: ENC[AES256_GCM,data:tFGQ77X5Y1TRR2F0EJ4hmauE9ABILP6V0CSmzb1QLaH6VlhriXSE1UQcQ2Rc73CR7+JLjLbggL7RKpkA8gJQq/ubhiXHJokBEo6rfBXETVepv0HlyX5UvzWhi6iKBE5YsYyyBI1VWDcx+oTR8+daqnKwbbqPeDUpC2coT3S9svEsKXeb3YOMxJ9X/Rvh96UtMmlk7WeZa2JvOP3k62HROVo8QRYXeQWTO87TCzVdU7OWnbRIuC6bu+32Uy70AsIu39fazX7WqIUxaeO/oNHsay0/TBXKNu2El0JRG8tHCHdXe1tahniGbGH5xeEZmgLTOjHntw5UIdxZbgvcbxmt9seDXUxjhhEMS8eHWaxnRDSI7n2KOb/3UaBQ3BHnYpuRjW++uFBgRHxxANlYfpfEdz/LNexdPb9+QCw80r38uZxP8yD5/PxFV/Y+gSX+WnNE0YQnBDtHFjKhHpqpm2P4Ek3hLzjXh6CPzUZru6LAO/FklcLCGaq94fDC5wW3K0x1UvyfMjBwwyeSymcV95YcZu8Ty280jRhG8l719KkEJjnBdnB25PQ5gEwc34dG5xH5HwVUDPIM9v9m+cXtldUIk3BH4PiTEI1aZsZx50BtBhxybAxhTqNElrP+/2W73muTSQboDIB1Xb2NhArLB6XnnVhVUD/Pg/9wiDUY0mYyr0eIp9AmBfSmSIDjFyVUB9o+gv/B+LpxwxPKmsPt3MRKWoZw+bIGTI82UqBv0eX6Xqq71H4DYFnJ3J+n+Jzp5ww5mSPPHffZZFSBbZSpTk8El4L5II/hyyxk7yJopt19AAsw+UgLJDO31XnyiGAEbbDdwjuCWQMmuzKJ6H7c7UGDXLO92jAlXwEWT5fwzG6Wvu5+n/OToz3CN1Cv40uwVb/fOqmzep9hoOrXeuzmnGULfGmwItjuJoMkfmPUq8obAuj5ml0YduU2eLbe15OlD2Vg2I+BH0WuCPYnnCrLyX8ixhJEuGGDkhGhaKMHaMjNuMOGmDQ6oRCVU8BA/zDgnF/GrcHgIe742Yh68PyaH2j+iX6/5YvUB+R1sDnrgfXlgET1V+nny+fD4GBnP+RKYtdGG0P4y3AYlACQE9sJ6Nkb8CTVb2Va6L3rXzeyJG2FtYkUKxxwDUv/KyieclHiJpdawunOLVkmI6p/iaZIThrdGA5p7b01/WOyJFA9aI3oU2f2rMYBLGHYirrRs3WtS7ExhKriHpgax574UIcW0mecFto9dHkGlBOTQy+Zp1GARnePXKZcyKm2qhTIjw0ho/DUe3+t1knbR6WJCwl1LDtfpPD2KPDDH+HpHm3EoiA1mDSp6lYMVxwBr2eBmFPKuPkkAL/3Bf6SKlEp1UCDee7BPlzS9kwmIEt/EuIohbMDdyaHtulW31Hdrsai8fCxc7AAzgsmoMBp2Smwoe3C8K5K8RaNp6v4boY8WBH3rLjAFTmOPB7TiZfplQjV8triZS3JFopNjvCglfZSXxSs+RjZUgSgL/1fFLT2m0Mp1XPMvGZlD73TzJ5RH5WWlxliaau42Q4vXRFUK+ZFx0SvwOO5xZvRNtAOfipEoqscKOopV+HHl74DJEk/xLibWJmkEBqoVbf1BFDUAiRSSb/0RdfCAGaj1mqV68szVtLt3jB1AJm9iu9RNU047HHQeOi++8g6lOpHmhsksfQLAucLVtLTrXpHDEAugDbSXrwPkhWa2Ej+Iva1p2vteIExcT+8h3WiXkamDBZALpJcLkDSazgAmmrB+6u6odsyin9Z5zB55EN2iz24nGNgyylt9FehC4/2SNHMX42hZ/JPQw51+vZQLoLQv+oOJAVXGBHeDy3kDl60fL6Fr5jZ0YOfO+rFGk4bDpXYjq27ahLv763tVs8SrgMseNWNWTakZUAXuYPbP3GBFEjTPHM4216WABj2cC3zSmrnbEyNRMWTdsm46ASZvhZo4wO8eTrndvy44Q2UKOFOh1sYCY4jjCWCI74pEV3rRcBJASuUipep65ZwXOlFOXu7uiaG01/KWofn4JzzrlX3MfhKsUBaEDTUXwDGw0RAEHQXb3rvfiIjCQBcpy8kM1fBR97K5LFJzZ2/qf2bPGs0yxma1O0Z6TT/2Uk2n62jK2xIM7gvTjPOVDP2etHKVxMpMjhTAbRj4K3568HZM/POBC5AORLAtBAo14CNxRMN8f05Gs13wn9ZI+pqiaOpTTnfH1xL9fd/6I03utzMKnoR8IVhrQLDLT6OAIkdeJX8s99R/J/nTOApk3XACWqjmMTcWtwt6g3x2iTk/1jTTn70rYVr8JLHHCt+bd5H/eDUiq9HpG1oFEZPXuvgATOovru0YVtmVx+yea0jWpJOsK+/SZjYAfvAKh0ZNr8dKHug/gGEpp6SfFBI+c4ywR1kM83OUHLaI/dOU9rLeCKktB+UcvTPoLhHLbTAlTrizeRmYY16Z1a+47LvwX944js3TZZkxqylz73cekWidYiiLNbiHwACftOK/GwZCG0WrVfcSi6pJYDgPgbcqFohaKI7ltKZgTlHGT1mZr1IH1RnauZmN/MkBEKVHO3E/PFgKkWNcXQi4uV2P3j8aHHc0RJrxx7qAFFXCYEwu02pv9nmul/HClLMmDYHDY1lHZvIIyPcsmr1ZkCFRV4UtnZRtXhHNAZCGFRX+y5HQXnubjPmV5I2R/gcLLi//2vIE6V2i8SpEJZlVweLpjRYwb6H6xFTuvHN+9Y5pd3rFx2BapR0AzYdOXUVqKF5ewrfE/1iitsEeDJj8OqmNzpmLBrnROnPyPh/+KGWBG5Nm4QKVMhP7XN1F+Fr7sTxw1ignXsfSwH8v/ELMzxVLu3ijWxvmk3/eOsrKYB/x3h6I1SFWZUoTjVPAmlNAnYl90Xf+FMPiII11+zrYwsJbCh25gmSvtKR+hmoTxXbJ2w5E2cFoVHMBOmS8Uo8L0BDOUzUE64cPl/v119BafVUOohLF1l3Ob19td+sMvqX8OHLGgB+/r6jKmUPnNNEzbDAogMydcVVjtPRIoDScw4ExxuxILN4/V+VulyAgU29OvFWS6+r5Y+bjqgqMg55Of0le3HUqt65qMuqiaUR5P/9WP+H666GsYTSg5I5gPJv0FF6tqXCWE9mpQ4sk2/BiWWaNeojxyhyH/cv4fbUmcee6K3+P+liXyFGGAWdBP5uGb+BzIfSaXVN3xEBPWAAe+BMkJrxbc6FSS12Wkh+bLM+NJH7XaoDl6+8LtF3bstsCoXvQgNlXHlbt4/aIIFEBShlYSQwLMDcey1VB4pu4SBv2HXwaX9zXPd+MGH77DeQU4yBkrElly51/68yzdSGpe6mNFy57Hc3UJBW1pNbds5Gxu+jFbQ6Phxvn38u9V8cphjxzgig0uZjkKHYx0EwFjBqmfrP0hQDnpcyg5QCPhnXOthmVL4jkJs3OrRHhoYRgbXpaVRMpVMLFeeSqcQABaRK5ibpB81WP8yCJPIMsbWW7sDTCiIyLq6qW5pKNq8/l3sq042+6bJgJ3CfDYdNKJCTF/09F5JKkpXeIxL4MGqvg5nOoyiahDQsUzMT3dwGg7IWqxQidcJ576XSBkR2qNwUrl6qq87JP+Zo3RJbA5bpPubm6sUonWE3hRGg4LWceVBO34J/wutWVt4W7dXnK5WVhJv8UHJcbgWR9dMpWkbeMpakqlRRLOTibztMFkx3xyIMmZS+cNyhRyatw+DwX/opuY+bl8X4yKgNOuW/w6r06r4MrL78MTjqZDQ4xkCSL3x3KWr2Tf4lAX6sdwKTzdBdzvFuLeuijngrvRYRyk/3jk/o4ujfHMdrergMjlP5Js7ICZSLhXHHOc2Hc5oPaBIx59r6FynA+W6ROmk5kVF2BNkRlP6/oV5Apn3MMUnDc4YjHaowt8UVkIHZOEL8hxymYDR4g9y1wOoIwKCorBQa5jsXH+AEop3hlsv4uqzrrcGGQhfQEW0Vb1fG4N0VAyWEodaw7wOY3XCrW7yHjIgRM3Is+juT7jMeACW+OQuvQHTS/9bc9n9sXjjVwsvoHROLxsXMFO9HablXaEKzFL1oGXpnavYf/MuZMwALsPish2Mmj9fONNMBo1yYy/j+8GzHCqByDS1ZPnlzPQD0ztGNwNfOOhNOqamqaE9GNHv92yQIf/KKGhnjFH/I9IlzA28eaaSVql/1vdhRAI2G1WxpgyQ1ryRPLYHA/Qw9OYrb+jIxHj9uqfohShgIqnv6TCXRmByfyU6Te3oqKLyezKj7tPCqv1la1ostycmE4msAs4EI7pe1OZcRulPkUJrZCPkvo+EYTw8AfGmwHFb5foQ4wk8pkjTvo1zHmjy0GjMAZpcmDHfyHAyoaED6DUKAHRBbMdSqQJWmzhHkzn5oRCR6UlWSyxRZ1wBIKn+T+kcn28XiLlJrJVK3n2CQkE1c3EfFemnimo0Yc9yNQZygfZjr2W2TnmtAZ5jHiMmv7E8CPxBQBd/pf29z/uAEwQIqVFSHxkVaVjHW5wlhfWwOuj0xZFly,iv:mXE8xpXFBYSJce9pg+g3OedMS9+ZHOHHwydCY0NbGRQ=,tag:cEqbUu9Y1PFKXwaeqioXWA==,type:str] ssh_host_rsa_key_pub: ENC[AES256_GCM,data:N60bGf/6KNRhVUq1EIbPVo3aBDDKEpMBr5+Gt3+FMPt3uQEaKk8jBg5mOdxWMTPoLg1ZP/Pme8afoM+Skc0b50WnpErF3Ox1w+4eM0oMJYOhIvHLGURNM3Dba5MgA7YfhPdTsVdjD2yks2vYqhdtEvzTTgCJbFimVJlp+wDqE6czPgMjD03c7oJDtv38OBtc1vRMzVw3cIuyxz2yNnXQxiMgTR6pZN7+Brami2dfXOHEVgymmlU5PRE8Ykerq2fB36N5uqu4/xSPaHaM+/f2OA/TLlYYB+sGMDExZfbO/vsiRBLvTY/f4KG2mEkmH+IFH1bk6UF47xTFEe8tHN/TlLo+9OmjZTph221ZYnOsIqBY+F822ctZEe8Ikz9Ti4F1ApvxxRcWHajbgQnDJdDiHJvt3OHal4rNBtYwxxV/MDZtvKSVxmFwgx7nwNP0oKhAigQkU7Mvp1q5p3dZsdbGCUeFm2S5/qIxWPfr7wg4xocLNSsLW1EpGo6A2RUXWIV+lPuZd9dNEjGC5zKKAgMI94is6MtMXgqlFqTcZuQ9hvhoVDcFhVSJylu8pzk9d/tKviwcd98jHAhdfGpnc9eJbtyBU6/HvxLzQpsbFjwa3LGirEdtgxRZn2nJx++0U6XuLcbGwjOVAhkde6g2vFv5hsC6KaZQcp4AFvMvEdJyrnb0b2TOeOD8zEljb8u2q/eexCRSjGpobEINwu5qV+tF9eHIJ1YFzhCSmmLGKXjc7bC8uv5ffl39JmAbUrffd18zqae+Xpijd+QzwF425NG9+PksAt+PPzt4SDgGfKBIpMNFxIb18oo88z4YDLuNzRy/HVF90JV0LlAxES4ZOxoWUjJPrR6dGxNRANYOyFGmoN+yG3B9kd1NRGRNGh5P9EtZBxlPIi24djzF1n4GQSW1NFDgoGcxaXhk0PlpPxwuHK0X9FkFDDzQUYNBhx7py+hev5rBUCs7Yhj5xgcM88fdLRZi8MulNws=,iv:8c3hDcJ8wzTugmJ3Mhzx/qEXnnlpFefBmRTG/MqyeEg=,tag:uSz6+CYu9uQa0C2DXnHPUA==,type:str] -wlan0_saePasswordsFile: ENC[AES256_GCM,data:ylY1LwMYlHdvYIVPIIr65BuxkW/BHCikkbGO5nNSU9WVekWiDXNIt2EQ2sYcdqnvZMGvcG0G4SQvCwpNO8ihh/RqcLYpTxldI8zwSqAwvATu7prV8l2bCvBQ+NXZ3yAW,iv:L6ncjd0u316gF/3InI7cuqO1kDpH7ahWGcsssYfb2YU=,tag:IAqt8vSDjW3OasOTJ44PeQ==,type:str] +#ENC[AES256_GCM,data:QOMW5ALQD+CIXyqRAUzZfv42HvMfq9qiTho=,iv:/KlPuB6aBBhdMvJ9kYClfFRBMC0bSF16/EKrnH/Ifsk=,tag:Wwfk7YnNvla06I2/ajTd4g==,type:comment] +#ENC[AES256_GCM,data:6/aUsWY875jPKZZiJLL3TWYeZT9VOjoJBDwjRTfjnUHcc/NTTeQRPvb+keJeMt5kfWmAzieYpslvz21UktTKqHO/,iv:+zwyh6nAP7DRhQX48/BmMCbv3W3wKfUiAWCvu8UvS8A=,tag:doc142ZXZO6ajPcuWftdtA==,type:comment] +#ENC[AES256_GCM,data:GG3qBrBJSmJfUun5+0fKkp7J280oW3r5tGGjm9UMolUsZCYYv5E=,iv:gFGxT9Jr/d3fVouWEphJUxW/Hid8dAIvldkxYHb9DvM=,tag:DkgD7SIgIYyk5Ne/lGWcwQ==,type:comment] wlan0_wpaPskFile: ENC[AES256_GCM,data:I/30uOrCPoWqnNq4WelPsDMevrmO+TuzmNrjMtPeCLS5MncX7BnX20YV5LxLsLCJS0NmCEqE58pgpeQEaUUcR0YRejCdO0yZnpMRbla6IR/irNSR/xctDQmMV6HYe6IKWE2d2LA/qWTkj+uBGJ0NtAsPIRLknuCwT8SLjClzF4/WCdoqHvxhBCESxhd3OTYr9op9uxk94iRxKsFfUBuNnckIeT/tQKqOQIHlkpperGBNRtTZ9q+Glb6lqFO1o/BJ8tAGpw0qyNO48jrRAtiIG3sauMH+UPWp86AYPhwQjwA6iDReFoH5KhZsohJSTX4vwoj46yycOTPu/loHrxySBSrYuRyOuIv7mwpRVZgJP+c3ZcngVncE3YQhLA==,iv:AlQIFKqcFSnyH1LrRN/XaTTocsMjZM20YHWcz7S3gCE=,tag:octNvum5lOOUOS6ALJ0x4g==,type:str] wg0-privatekey: ENC[AES256_GCM,data:5/5llD0itgdKhZ53IbtkwfhO+qUI+/xBCxnfQOg9yjS7knvUINURY7rl/F8=,iv:86t6XuY4a1rHY3kmC3XB6WwwPZVWAyM2saGqEZaHdJ0=,tag:4xemlclKI4RIxAe60HGuuQ==,type:str] wg0-publickey: ENC[AES256_GCM,data:D/RU+43/bYhg1lRZE9zA52AIWGd2KRF0EQcvteS4CtQN0Yy65vjGqVEkjyk=,iv:BmS0TfUQXRt1tdWBBKIUi+DqXCLTXePzbq4dUYSlQQw=,tag:qglrKjhcSBPtqNd6YCMlPQ==,type:str] @@ -28,8 +30,8 @@ sops: THRNR0tEUzhPdFFhWWxvZlpKYmZKM2MKxc5s1jsci8jPOrvZAoofVNvHT4o9P6yv J8rALQQXgql6obK51Q/Doyzvo1RJ0T7epiWEAZm5B3vDrf6KqbWBYw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-25T19:21:30Z" - mac: ENC[AES256_GCM,data:TulnMjElIqQOgimCrMRk5kIXYED8GvnTQeefoeTCpgndl9fbraPjB5O4VMPJkotgWDSn4DF7QTUSarVB/6Th87xe08RxdOAW1maj5i3ZlMeKoGOHGNp3nVEpaaC455qtW9ZfXW1gxoG+HRBtsFJe3ZYV2gban+ByDVwiEdr501w=,iv:LQVUB+LE0xSBznHayhEGKXvJsz0r9Y3iDhS6JGx2paA=,tag:QR2Fh+GqOiLb4j2xKE3E7g==,type:str] + lastmodified: "2024-06-12T19:21:06Z" + mac: ENC[AES256_GCM,data:42wdJ1DCSnoBjzbKDMqYJgraQxYpsdIJ/TylLnQA93iX4YojA25b3McAIPFDxgu8jg8/nwyXVLRVlkI6ZKuRxi12K3BPrQfMvNqmBa4/SYvvMD7ywiMB7+k72ebx+ulRmj2TDz9f8koVVkD7crAgM/eIGOm3CbfwXqK0t5w2sm0=,iv:5QaQZCjacNBlgx4Q/RjRbXtvz5KzP/W1tUrtySJC1t0=,tag:4sb9lJkg56/L/gQZ192GEw==,type:str] pgp: - created_at: "2023-08-11T16:15:11Z" enc: |- diff --git a/secrets/router0-hosthatch/secrets.yaml b/secrets/router0-hosthatch/secrets.yaml new file mode 100644 index 0000000..9891362 --- /dev/null +++ b/secrets/router0-hosthatch/secrets.yaml @@ -0,0 +1,43 @@ +#ENC[AES256_GCM,data:62US77UkclVlR3klMH6P/oYC006vFa6DEVgvmemMFh6INuw95NyRwJaiMs4EGaNFuX+jkfBbtlm0MQK73rXfGxg=,iv:UALT0vebke8KDPdroZnC3rSUCB0CmlX9dfbLqNAlJ7Y=,tag:iKxAWDTdUZDBD0PWfomeWQ==,type:comment] +passwords-root: ENC[AES256_GCM,data:ummvEe+5HipUvVEyHLA6NULuWJuPyv2VqlXEZFp/UdybLU+1t/VRo+KPLYRPpXQBbsBaHVa/XOiOqLK9dPDHuVZBavnTTMC3Yg==,iv:pqjtzPH+T8CLJsJusi5CpVklPUAnioIoTjBXAR3y620=,tag:vrGzZlRX1TJ5b6Wxt29V+Q==,type:str] +wg0-privatekey: ENC[AES256_GCM,data:6BR3zB5oDPu5XyM5pgrdXoYKvwf+rAK7ngDzLcIQZnr4JH2YXH9UWERjVpg=,iv:2Z3yG+fWC4diGANCurCEpA5ybEpMdE1t/rviRJtUE0Q=,tag:4sqnLfAnxQOAci37RCY6jQ==,type:str] +wg0-publickey: ENC[AES256_GCM,data:7QLstpkyVDFU5oxgRdVYdBOZB1tjKMbzxgZtCYp3G1+AO85ir6kNXo8P65U=,iv:XRnPg93nnSR3h+R/K2rh1QYgmdJTE6i17ZomMf0BJ9k=,tag:fhyySGI0y5swGp3ot+q3pA==,type:str] +wg0-peer0-psk: ENC[AES256_GCM,data:p5V/8fFEmozG6nFCpHNcWNdunYlHxnsnW+YjTAIEXlm2ku4yEL45H9t9/Sw=,iv:jDZMhrZIJwaDWm+s6aXVWovdo116q2D5cUyHzMdWCIU=,tag:M5IebfGfeL6VW+OOgtARpA==,type:str] +wg1-privatekey: ENC[AES256_GCM,data:dcD5isfYT+diae7tS6OSEQiqEkrpUxw0io8EqaSUaaFxKf2RAqSqxEXkhzU=,iv:HVB+uJG0SwxH3gbSpyZJZnzadVK2MYWvaZ3t7vPXn3E=,tag:/q7hgBA45Hq3446w83ConA==,type:str] +wg1-publickey: ENC[AES256_GCM,data:08fRjmGysmgGwXgwGqtMmO4iMWNIOucRnD7l4qaCh1hVWAk2BbO3OcHw010=,iv:PfKUVRyjEVT2BBUCmruR026n/P2kT2Papq46DOFq3rE=,tag:AhyI1yHdEucmQEo6iHnznQ==,type:str] +wg1-peer0-psk: ENC[AES256_GCM,data:zlQv7B2Xm+QUzevsYDD2ckIp3PdEAOSEPv6UKYLKRUGWXKE9eLhC1dNq5t8=,iv:kehiDKfew68S2pfRFq5OyTm+Ixo05uiAiHDg30xhP4Y=,tag:0GSr1d26ALehewMF5b6woQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuRzJxaGJVclFwZE9ZT3BP + OHNEaVg5ZVl0Nm9YTWo3Q1lmSEw5dnRoRVY0CkpCeWxXU0RybU45Y3RvVkxJYkEv + TjJsb3AyNVR6QmJVbnJsZzE3S0VmQjgKLS0tIHVHSTZVOHc4R0E1TWNETWNlWEty + czc2YUdudGdnVlZteXBmaHZaV1NWbGcK6jWSkOEBYN+1HQ+IZdBKknYo96Aydp/s + +hK8V6qEyCkAqWLYEnZ5ErMEc8OcOyYCQnYyCb10SWJvye+uyX8SZg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-09T14:08:09Z" + mac: ENC[AES256_GCM,data:nCwAca0MktoxUb0W+1B7+4UP5IOG4cuj2BhJBxjDV4gjYBSKYJs5gSdYytjOpu76ePXSUHgyiPH0Joe5ESubaUN4zPIWMLpkEk6WjXnmXRTY8B5ZZ+AVR2lxNi7UtiCyx0yjAVZFxuk33MmKR2yXMLEqE6U/70fccJlY+dbTaVU=,iv:QTafba+auq3Zv/xoBzHmnIMmfDAynqApAcr/T0Uh/2g=,tag:RREUDKF4Kruy0AEFDqSVuw==,type:str] + pgp: + - created_at: "2024-06-09T14:07:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQEMA0SHG/zF3227AQgAkYv+dSMKF647ApqeslZpv22LmhdphDTSQjaRJdIK4gM4 + kv4aJ4L0K/fDqKtsbszbAnuratJnOxnhGaydTX5Ob9tb5QbFfmC2C4OED6hB/enu + hsP9BpsA945Keqf27NyXgxnLDVr6OXcpZqWZbYqHmWDx+BHrw500hgFb91ejzf3c + 6KF2Rrp4PsUl58D6LcSFxfqcna7l2+Ptx+k2vfInSkyPit/5tjry8SyBbUFWPwz2 + gVj9MN0bLCMqhToFh532GSDmnxNd8d1Sb8G1riJ4JaTHStV3s6KebF90ws3FtC5n + y0f/BbjkSqEqNIKFplPZ4Cx6O7WsXbH1hU1Dgba9G9JeAYVAFyi+OnCV49ugZ93p + uwGhpXmP6RbGVT6JB/beAdUToTdP0EfdVE4LlxkssEFd8HHzO8kD2u7k7glkDEq7 + Ox1QlDrMuz0zRE6D5B4DwXrWvAOw/TjvydWjyS6HCg== + =5YRC + -----END PGP MESSAGE----- + fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/secrets/router0-nfmnk/secrets.yaml b/secrets/router0-ifog/secrets.yaml similarity index 71% rename from secrets/router0-nfmnk/secrets.yaml rename to secrets/router0-ifog/secrets.yaml index 20fc3f6..96cb8ea 100644 --- a/secrets/router0-nfmnk/secrets.yaml +++ b/secrets/router0-ifog/secrets.yaml @@ -14,31 +14,31 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age1x8fcjgaknfh5m2s4f0r2mjtfdjkuyj74y39jmh28k2pp5hmn25nschlra9 + - recipient: age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3TmJFN2pLczE2eXg1bUZv - dXlmV2hzWHI1dkdHcnk3S0FaU1N5d3RlSnlzCmxObnZqKzFhLzloVWxxSmRPVEJD - ZUJlUi9lL2NkNFJESkZiM0Q2Tk00MEUKLS0tIEthd3FZeXNJbzBuU01EMGxUY0VW - cVlibElsOVR4RG15RTR3bnh0MVgvK3MKhaZLzdlPmFW04Qjk8V7Lkr2EZW8nZT4Z - X3yM7cyoinI9N0zwfArXMnThp2u8w86romQ52e6oy7LCKeKqrLpQ+A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuNmRsNDJRbHZmS3JmOVht + c1kyKzBXdGxkQXErQlhXUzBmMm12eXNCVlVVCm9KUCtZeWJWYWVJUFhYRUlLVDdD + Nk9Wdk5WeXl2ZGNybGxnZWtGR2thTDgKLS0tIEovQnU0bzRCdEp6RnVvZCtUTlFL + dFBOcE9leDQrYzVQNUpLZzJBYlBYaE0KyKVh0VDpbA2eIh9d+KhCYKjbl4fHPt07 + fVbbDEz67bWNjaH6Yg6xlNQIhv9prUK2isckVizpUANmOKxPJ2ia2Q== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-05-26T17:23:41Z" mac: ENC[AES256_GCM,data:Ez/79vUHs+9B/v2qlUiPQeuYHRdvjUg1jJOt3C6xEnncDQ2fH0CUxKEIfjgJR7eatwvZSznprv2wCD8Ik0SKunjRI1UGe5JmrVstqoSDbo+MxpdwrqA8zC5unpRUYenvyo9m8ZW/DnjKz0ArorYjA9vid878MdemkHtSjjZzik8=,iv:2CkmPRjYYt7q7HAdEjIbJHaSUG6Yr92pEkk+Dd3E7LE=,tag:S8LPb0mEjRZQqawX310SOg==,type:str] pgp: - - created_at: "2024-05-25T18:38:40Z" + - created_at: "2024-06-08T18:36:55Z" enc: |- -----BEGIN PGP MESSAGE----- - hQEMA0SHG/zF3227AQf/YU2onj7KSmYwuZUOVjSKcLEC5H73eRR6qAms5vlHoIot - SDlMdcYsoz3nStqb0QTEACmChYy1ZpwCSqkVsPzyhQNlu9xuUiZU2VUV2M7umLjU - EL2hbVD/tdPhf4hb1sHWfHWYaIb9nZ++Y0Gnl+6fKcZMPRL1t1FCAv77Wh7qocKh - RI5EkhSOm0O0Yv17F42bG2xMEP+Bkjd/76fvZeic7q7MF9gt08Mzs/pDnvxjYYP6 - nrR2zlbiCEhZBpbWNexlqWbl8TXpZq/HIkaDrplJExp78XQETSi8YCqIPhbD11NU - aKD7XwAtcGJqzaQNHpo0dcgGC/ZlBM2JFuT3f1FhOdJcAbor1d3CVA2sUOMUfCB1 - eKqJaNsiS5lYmtVlEsRu3YISNP/b8byLihoEliQSq/CA6Du9ya/ffqAuErh/biEv - 03KS+MO49uxXvER3XU0SFEYT+ecWPbNfllMGJJk= - =/YnW + hQEMA0SHG/zF3227AQf/VntYsys2fb7NslwBbEwQ4VYh8OOWtCGhqbVw045QflFD + 2hS1cT85MDNTwPnnDW4NYbf3UEIq12eXVDFR8+4S4mMun68OmxEf3UhSB6k2cDgh + iwM6HdAh13cC4UfYBpEq/NTr9omdoXPrcjQNYxqm8OBRNf1126L5XmQ4NT2Lg8Yw + 2HcDIxrl9vX1X8OYd7fwc7TIJpVYCmG2UhVrz+gS4q51s1hi1t1BZdeUhU9RpSdZ + Mu2HlB68t597wAXOB88K+zJG4+uUQrpz9V2Xd/lfzFIeQtwLcA/NdoZs+AMEQE+j + wa5FPI08uF68KbwzXYCq2NEPKA4SX9UzlirJjdAukdJeAfqO5woWkuDHmDj+nDDS + fSwL7mVNd43h9uO3PXi7j8kj32dwLcBSjkeuN1+gaTBLixzzp0drLTD1DkeY8kBS + ROvWaNhXsrm+uB9d8aaznqfWS9C+3PE5fY9untPIUA== + =f2HS -----END PGP MESSAGE----- fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B unencrypted_suffix: _unencrypted diff --git a/secrets/shared-users.yaml b/secrets/shared-users.yaml index f0d6b66..6e5bbf7 100644 --- a/secrets/shared-users.yaml +++ b/secrets/shared-users.yaml @@ -16,109 +16,118 @@ sops: - recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0djVXd2MvMGx5c2RMd1dM - SkFVL3VUeksyRjZmTkNKZWl6Y2N1M2NWZldrCkpzYy9aMTRzSGU3SlJLUGszUWI5 - NnZDb21MMmd6Rk1iaW4vMDROcS9MQXMKLS0tIHQ4S2FqdFRPNlFJcmtnNkVIazdS - OS9oNTdjQ29YamgrUlZ4N1JtUExuQlUKPsFIiNz0jxcA91+i6WeSTchO8F/9WjWO - SgGsoRYKCXIXmIunib19LqI3DW4yE5YoLsvh6UMhFcKsqKObhf91IA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0WWlBR1NxR3dFZzl5U2tQ + UDVmL0VTZ3hISDIzei9GYnVUSnZ5cmFHVUJnCkQ4dEd1bmR6b0N6VFVqNmVsOG9o + b3hZalkyMXJaWEpxRlhRSWc2V09HT0UKLS0tIGJRc0lCTk9md0xDMlB3U1JMWDM2 + VmpLVXdFcG1wZ2pJTFc1NnphalVxV28KAY9l6szySiyYEwsdyVkngwUo7NhkZcQv + u46mxDco2mx6oAN+xhSWOwcUl6n8VR8p/voS/eA0uibNAN0myfoJ1Q== -----END AGE ENCRYPTED FILE----- - recipient: age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwcjFscitrdTJQVFlUbDQ4 - SEZFb2IzYzc2TDV0ZHV3RFJPekhvYnFFM0JNClE4U1hLaWtKaFA0anMzVWhra3F0 - d0NjcmRuUkU3bktBbDR0ZFZBQ3RGaXcKLS0tIEgzamVrdnBrYzdmOVQ5cTI4ZVAx - TVdNMHQ5dCtJN1QrN1d4SkFIVHRQQlUKDAXRh+T7ds0k5qNMjYzhlXKIka42EwXF - eQLAeqPkggpJy/N5B4Ia0k/QwBm9TXRgyE8hqf/GMnX0D0oW4CT2ig== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwUW54c2VvWWVjeWNRMWlt + U1M3TnBod1RVTC9Fc0IwdGs1UGREM0VKVlZnClhUVHpVTzBEL1lpN1BuTzJ3bVNO + aU5oMENnbCtuYVJNLzJJT0RENVNQTEkKLS0tIGRIaWpSWVlvZmllcjNoUzVhdnlK + RUIzMW5vMlFRUWgrTmhxaFJIODFPOVkKdK4ztFlYPv2pu1dGElvIVhPMM3nntV3u + I4iAVNDmTvLkIkogqpr05efuH5C0e53P4t+JwjysEjk7Lh7UQuqBZw== -----END AGE ENCRYPTED FILE----- - recipient: age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3OVJzamVZTGhmSk1MQTMx - ckJOSUtpcU9wOGphV0QvSVh0VkFEc2RldEFZCnhQL3JVWmprQ1RJYlJwNHdvYVI0 - YTFLeFprTUJ0dENEQWxhMWg1eHVKZVUKLS0tIC84RzNaOUVMWjhMdGM0RVl5Wk5m - c2ExOXJBdE5pY2g0MXlxbHJTekNjQXcK/P3Q2oxcS10nETrUKBbHRK946MPNtn18 - MbkiVGUy4LFVQWv4Zeg0QtXg/vY7ToEAB0sSZq9zgFrorhaaTWoZ3g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMTFZJTldobVg2a3hrMUZT + aVp5YjlRREtzUCtRSUpFSkJNUEZBaU5NbERZCmJBeGZHbFl4dVVqcS8raHh3OW1J + b0p3ZDZNbUR1OThtSmMzZWVHZy9OTWcKLS0tIER2d0hGdEJCV05nY0hMcHMzV0tX + YWlFUDNndFc1eitnbXpuWi9WbExKUGcKwV+QGI33JB0bE1XpQdjsxMs8E2jpjzu6 + Ex0XRInsP6YjH+yJu8mMGh92rroKNxoSZ3Ku/JLlTFxreFUwwW0iKA== -----END AGE ENCRYPTED FILE----- - recipient: age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZSHkvcEdNdnhhVEZBNVBY - akpUdkgyTm44Zm1XclBrbG1tUzBQMHlBZUNvCndlVjRKOVczYUZBeWpacHQ4OTJC - T1pvdFQ2MExKNnBoQ1ZRb3RQeW1NeDAKLS0tIDBQT28yTzVoZ0h5SVlESVNoYXR2 - aU5mMWloSmpSalVhR0RWRGpTTmdHbG8KG2kC5cgaGluNtQti1WdfJFNg5ZICDIxn - Zp9amoUvT19cb1pjV5l7P8+EKg15+4BY9eGAB74yzR/R675YhRhygw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVRFF4dEd6ZGs0dWpwT3V1 + QTZBM094RU42YVFLWUpuYjZOelNtTkwyVHpjCnlzNGxkRHRhYktXbGltT09tQ2J0 + cjRjc0Z6d0lVOHA0Rmg0RTllYUhoaGcKLS0tIDkzVk9uc0ZqS0N6d0VqVjhrbkkv + eW9vMHBsYXZZMkRnK05BRFlCREpQeUkKYmA5u+zcuBd5hE0wSkq0/n7T+h/BqXlm + PPZNYMNeVwdQx+vcedpi+eZ83bm73KBEcRn2B7fyrrQdjj7sSK+afQ== -----END AGE ENCRYPTED FILE----- - recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3dkE3OFFQTXFpWWlZRHhS - Y2xKa0tkZTEwU09xaHd5R2NqYnFlanRlRkhzCnV5QUZ1QUxkcHpWMUtXNkdJakx3 - cTluR045QTZJSldDdjhhTFNOSmhIbDQKLS0tIEFDdnQ0RDlERTUrb1dWSW9OcmVW - Tk8xZEVPS1gyWGZUckZrdFFpbmlEUmcKWSqJ5bJ/vY79y9CA7KSvg8+I5nyP8PmZ - /EZEFld4gx3nQ+A9nWTU+WCL7vouZWO47AEraEkMu2I5Y4XprarcRw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQd2d5U2tyeDE5Y1dnR0Nh + djF0S1AzTDJaZU9HdTVEd1MwQ0tnUlNTUFRFCk1BVHdzM2k4S0lZYlo0SGNJSXUz + enVOQ1BDdVcwTVA0NDQyM1JZQzJJZ28KLS0tIGJYdDA3TDRzdUMvV21nL0FhY0U4 + WmpmS1p0dVUyN01NM0JlLzZXdEVIeDgKk0TG9dNInrDCYPQ3gP8y4Q0ELS0JYbqb + wBY7bTcD8INyFESQE33taajmzCtgP4Cw/9M6XHUBWYPuxiFgwGLLhQ== -----END AGE ENCRYPTED FILE----- - recipient: age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbGJQSVRCZnVHVzNuSkRV - K2JMc2xjQmk5SlRoV2QwakNmRmtBK3duaWhrCkIrQ3pHdUtRYVpQVWdpZEpSZkw0 - OGpCVEZjZVBjQnoxRThOTG5XREFrcWsKLS0tIFlMWGF0WU1IcHRva0laSmpkZHpG - LzlYaEpvSnlLM1psVkgxQ2lTM0tmMWcKlbgNVUxycS0OlBnMhQTHIQG6ymXvewJP - byY+qCJBzU1Nc3XuLhng9NkwH/E7YCrjC9ExSYMhwJmlT9k5T1mG/g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQaDFjVlpWdVViVjBNcGhy + cldxYUl1dzZkL1JYTDkyMkRGMWJZbHhDZmowCmtQV05XOGpGbFBZWDFaZGloY1R4 + eG5VOGwrVTIvVmxtRzdtVUpZVmpyOU0KLS0tIGFqeEFIUUFwM3c5cVpuU2RxTmVS + eHNvazBsSTljcWN4cHVobUU3cllSVGcKmAP+IXlvZwNt8f+OuhYKZCB/c5+20yfG + 93BSrSZgw0mc8qSeS5pK5WMICRG+IGNEPgDg0f43icgaogL/rwaFmQ== -----END AGE ENCRYPTED FILE----- - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMTXdJajRyRlNvdGIxYTJn - NGFJN1pqRmtadDc5amhBTVNnQkRiZ3A2UVUwCmltVnhrWVJRL09qM2RqbEJKUmVu - STkzYzlhRld4emtrbTJsWFQ4VkdCcVEKLS0tIEVVcVRDWU9HK2s3OERBUmFFN1NF - L0RwTm9qUXBTYWlra2JXM3hsc2NUNVUKUFgLswYYPZJMn0TcvSFnjfR4NAwdYjAO - p4ZmxLaXFWY4E4lnsg2Ka8BUc7C8IXZprj0Qh1o3K4v0LXsSrmfKag== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVSG5qbnVFbGM4dndlUkto + UE9Jc0Y5YjQ0QXJqWVd0Umo5UVNjY1kwTlQwCjdQaEMxY0VncmlrTHM3WWo2cWJh + Y0J3MHkxZHZyOGRxWHA1cktCWFR1dTQKLS0tIHZFb0diQllCQ0wwUjdGeHNDeGlD + NitOWm5CeWRrc0dyTUFYdTdtUjI3TXMK/7IyFuIPWOZHpWz32Ds1nTQYEKFCthSz + d3N60YmYevNGWrMgOEcsg3LoAq8aOtWWj5bHVDKXMSniAf4sN0MWUg== -----END AGE ENCRYPTED FILE----- - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsU2ttUWJ5UkdWNzFkb2du - cTl2VkVmVGVzTUxlTm5jSkZUL1F5SzIvQlFRCnY1WnFWc2RMRnhOWlI2aGU4ZW5C - STU1K0V3WS9JdDU2dWE3QVA4bE4vWVEKLS0tIGJWR3NxZEcxak5hME5hQVJiOW8y - RFlXc0pOdVdNQ0lxR1JMNXpEdU9rQlkKZmZ/FUX3k7KrzXnyFBkpRE2DsJCC5O/Q - 3KkMqWsR/93N+ujs8DhDv49sNFmdYLzexpNEsDbXour5FwvB/0scIA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJajkzVTFVYjFEUE1WVVZ5 + dW04VmZraFlXL0xnMVYyN0lhbHJxQ1IreXlRCmkvNXZDeTJLOG11bXN1ZzFFeVNE + RVpCb3gvaElVZ2FKRCtGVDlBalY3dTQKLS0tIE5hUG5BUnNnejJBS1lOQ0FRcDRx + endRb0VjcmVrbSsxOHlwL0M1MFFLR2cK8melHXX8FyxCKYlY1VEeZ8YX55KwsLQn + UTpCRodnPPh0Q0RaNyjvlQPbyW1V6fjoPPsLyYc3SyqyuNWKkpv41Q== -----END AGE ENCRYPTED FILE----- - recipient: age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOYnNiYkpqaCtySGdIU295 - NkdjRGE4SHpVY2pXR1Q5TzloRVViYk5yRDFnCjFpbHE2RDg1RGZzdVZOdzlJSEVD - bUcvMUc0ZTJZZktsMVNkenR2RUl0NEEKLS0tIDR1Ym9OcFZFWk82ZXA4NWhxZ08w - L3lPZmd2TTBuZkkrOEtWYXBHNnppTGsKn6ez/ALZ/6oYs+rGghSij8iobHNVsmDX - Pg7yRSSBNUMSR4Dr3a/nGDuFEhLzTd/DyWSMAqnvo3kdETc0DB6tuQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4QU1Zc1lhT0JkZk9vdlZN + UnphdTR3UEdsUUVBbVZkS2NFVC95Q3QrcFVJCmJZYWJKY3dOYys2SGViQ1RPYXZJ + NEc1RFNJTEFJMDY4eWtzUUxTUm5NYVkKLS0tIEIxOTIwUXAwcHhrQ3RHWjNkRjRx + NGJPWkNMd3g5TkR5SHVjeXlDNDg4MkEKaunoz1UUX7jVGtRCZtEa3qFNUH7iuo+S + RcmWF3p7VUoKEau9F0Wvp5FtbySZQ59vwjMUnuTXagd6RecncaR0Ww== -----END AGE ENCRYPTED FILE----- - - recipient: age1x8fcjgaknfh5m2s4f0r2mjtfdjkuyj74y39jmh28k2pp5hmn25nschlra9 + - recipient: age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwR293bFZZT2tnRk8xeUJM - N1V4UWxHSDNsdldXdENpY0ZtSTc3dlNnQ0ZnCnFvWDhzS0xoSjhyZ0dwUGlQYnFm - WGdiVzBhZmJ6OEZCTXJ6MzhTVC9CbE0KLS0tIEhPNU9NTHFIT05jN2ZnL3doUHBj - VHpucmdFbU8rZ3VHYTNNZG5VUXp0aTgKYY/Zq+Rpeql+opkVFLubXdFi/abWeeSu - 1LPMEFezGuuMnRDQlWrNAd6mR1yDW1T62md/wAH5O2quinVO5kKOjA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyeVJWMS9SU2pvWGdZaU5h + WUFxeE9OUTRFcnFLd3d4OEVZWHNpNFlEbFhrCnk1bGhSZ0piWlpGR2tpV2dIQlNP + em4xNEFBU1F0SEFhRnNva3phMnBPZTgKLS0tIFVkcFZKbjRvWFdVd1VDMkhRUHRy + ZjB3WlhmUDE2WHNEL1I0dWpKdkNybWcKXTmTurT3N3X1RLSZ+xbGEnafZ9Y8FEg/ + pcGVHWj4eZ6bWKwEYiRRxcxlEC5ZRsEuunhULU3GajChYv4wz+xXqg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0TGIzZVYvZGxIUENyRWJ4 + blh0Ym5WZEhSeVp0S3RvRUhjcGtoVVpBSzFBClgvQnN5NGo5Z21vZmM4UTJhRy9F + cmtTajRmRmlZMjBYcjFraEo1OHUzYVEKLS0tIHlQeTZlclF4V1FmaERDUjJJZ2Q5 + UldneUZ6b1g2WG9kd0dHR2JXYVN0Uk0KAdEYkEL++Ge/YKPOHNUNETVxpH9vyfaA + MN5uPQWLp0+Tt9/jFOhc8S5P320me+2k+yKp/cPEcSuvNzipS63FYg== -----END AGE ENCRYPTED FILE----- lastmodified: "2023-07-06T20:14:22Z" mac: ENC[AES256_GCM,data:GPWu5DjjJ1ki+HRuedGdDCt+2V0RPbOsD/yWJxPIkgu5923vnF8y9y4V6e6+ZsTqHv4hsKeCjKtUnh2Ldn+xadwJmqrIxyJ8NzH5TOvcBxAab9cJCp/yKENw0O1WMUTlDPelvQKMDwbgiebaVVfxbQPUEfJGOgkHkyXrgqN94FU=,iv:h9YALYahUl7mRJmZKjArEfaMrfW9YZkVYd2CEooF13Q=,tag:wotqxup/ouG/bEVOZCs19w==,type:str] pgp: - - created_at: "2024-05-25T18:40:21Z" + - created_at: "2024-06-09T14:07:43Z" enc: |- -----BEGIN PGP MESSAGE----- - hQEMA0SHG/zF3227AQf+OkqA8iyYdOxo+43xpHvS9flq9TGucdzI+jldU0M7usG1 - 9lh51h7gY6p4xtX+yt5+7bzqaNYQtXlG/WvnK/9E9df4vLiAUmKbUM3jN2OhgHzm - 8/WM7yez27EEqdKuipWG7NEGwCHHCEdN33m1BJ+nt7bKJ56yiNbg5TcaJhmZrirv - qiFmDKV1jJ80o+vRz6oaSYYh6YYOuEUkOufidJKQfSJCsC3xbPqwcJYfmAGNm2j5 - A/m0N4QVNW/vxO2cEKv4e0RXqQc3BsycGu7TBAZr4QbX9o1zPY82uvCWYNbGq9x4 - sgrXoXzBoGocPlEyaTaoD73zdx4di2qcnmWkIt5o29JcAW5w0g10kmuZfKfX8utm - L2wQ0gODvXHul5pBNt3Hgei+C8SMtfg3HPHjYK0F3iXt+KoIYDcl/NOWZmRuOD6F - l9iXEDrVmkcjRXNshHtQgxYSi+WSs3LiNMqU244= - =d1S1 + hQEMA0SHG/zF3227AQf9Giz/3hRC91WPtMzoR7MVPQWmiOQDtPcqUMVRoNn4Sq68 + zdCU4MAUBkQ2ZsrCMn5ITcVzEYsSRqegqAZX0cVL7/4KYi2QK8qh0WTR78cqO3za + GFtmWRG5m7jchreK39cqOJETui7zY832UMqLSeNw8ZSZb3SGZDZf6690iSldJrmi + Ty9jKdhjo8Kahap3uyoODB89JmsJFuR5V9emmB0XHhQfwAgltntScHICwQqoUIcQ + qIP93AJ1TYVq1yuTFbTut1aX6Xgue8rtiPF9bqrITQlDsoCNhztNrohRrp8wYtj2 + KG0j9QwXFaU4eaVo1xgxBlD2B0xjSrysHGMGmJ75ytJcAXKrpus95u5aVTB9orDI + fZRyy34XmZaaMhr+n/EsmGP3EDQyO4AFu2Ht+yqrCUSo4Ia7gq1H297xunmztvB+ + jASXZF42ip0Svfs5fqDQ0JBT4Skvk1VXI3McUGk= + =lXHq -----END PGP MESSAGE----- fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B unencrypted_suffix: _unencrypted From cd0835f6dc74b29854c8dbb5c7ad4e3c450fff09 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 12 Jun 2024 22:18:52 +0200 Subject: [PATCH 107/305] router0-dmz0: disable SAE options --- nix/os/devices/router0-dmz0/configuration.nix | 27 +++++++++++-------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index a006d60..43dd7d3 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -125,7 +125,7 @@ in { sops.secrets.passwords-root.neededForUsers = true; - sops.secrets.wlan0_saePasswordsFile = {}; + # sops.secrets.wlan0_saePasswordsFile = {}; sops.secrets.wlan0_wpaPskFile = {}; } ]; @@ -614,8 +614,8 @@ in { "10-lan0-wan" = { matchConfig.Name = "lan0"; networkConfig = { - # start a DHCP Client for IPv4 Addressing/Routing - DHCP = "ipv4"; + # start a DHCP Client for IPv4/6 Addressing/Routing + DHCP = true; # accept Router Advertisements for Stateless IPv6 Autoconfiguraton (SLAAC) IPv6AcceptRA = true; DNSOverTLS = true; @@ -639,8 +639,8 @@ in { "10-wan" = { matchConfig.Name = "wan"; networkConfig = { - # start a DHCP Client for IPv4 Addressing/Routing - DHCP = "ipv4"; + # start a DHCP Client for IPv4/6 Addressing/Routing + DHCP = true; # accept Router Advertisements for Stateless IPv6 Autoconfiguraton (SLAAC) IPv6AcceptRA = true; DNSOverTLS = true; @@ -914,11 +914,16 @@ in { ssid = "mlsia"; bssid = mkBssid 0; - # authentication.mode = "wpa3-sae"; - authentication.mode = "wpa3-sae-transition"; + authentication.mode = + "wpa2-sha256" + # "wpa3-sae-transition" + # "wpa3-sae" + ; authentication.wpaPskFile = config.sops.secrets."${iface}_wpaPskFile".path; - authentication.saePasswordsFile = config.sops.secrets."${iface}_saePasswordsFile".path; + + # TODO: unfortunately SAE passwords don't work per VLAN like PSKs do + # authentication.saePasswordsFile = config.sops.secrets."${iface}_saePasswordsFile".path; # see https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf for reference settings = { @@ -988,9 +993,9 @@ in { # IEEE 802.11i (authentication) related configuration # Encrypt management frames to protect against deauthentication and similar attacks - ieee80211w = 1; - sae_require_mfp = 1; - sae_groups = "19 20 21"; + ieee80211w = 0; + sae_require_mfp = 0; + # sae_groups = "19 20 21"; # [ENABLE-TLSv1.3] = enable TLSv1.3 (experimental - disabled by default) tls_flags = "[ENABLE-TLSv1.3]"; From ef016ac70af34810eb476eb6e3ce0d8934f6b792 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 12 Jun 2024 22:22:46 +0200 Subject: [PATCH 108/305] feat(webserver/forgejo): set up SSH --- nix/os/containers/webserver.nix | 19 ++++++++++++++++--- nix/os/devices/sj-srv1/system.nix | 1 + 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/nix/os/containers/webserver.nix b/nix/os/containers/webserver.nix index 1fb6e17..31dd49b 100644 --- a/nix/os/containers/webserver.nix +++ b/nix/os/containers/webserver.nix @@ -2,8 +2,9 @@ specialArgs, hostAddress, localAddress, - httpPort ? 80, - httpsPort ? 443, + httpPort, + httpsPort, + forgejoSshPort, autoStart ? false, }: let domain = "www.stefanjunker.de"; @@ -36,6 +37,7 @@ in { networking.firewall.allowedTCPPorts = [ httpPort httpsPort + forgejoSshPort ]; sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; @@ -247,9 +249,13 @@ in { settings = { service.DISABLE_REGISTRATION = true; server.HTTP_ADDR = "127.0.0.1"; - server.DISABLE_SSH = true; + server.START_SSH_SERVER = true; + server.SSH_PORT = forgejoSshPort; server.ROOT_URL = "https://forgejo.${domain}"; server.HTTP_PORT = 3001; + + # TODO: how do i get a 3072 length SSH key with the yubikey? + "ssh.minimum_key_sizes".RSA = 2048; }; secrets = { oauth2.JWT_SECRET = lib.mkForce config.sops.secrets.FORGEJO_JWT_SECRET.path; @@ -318,6 +324,13 @@ in { hostPort = httpsPort; protocol = "tcp"; } + + { + # forgejo ssh + containerPort = forgejoSshPort; + hostPort = forgejoSshPort; + protocol = "tcp"; + } ]; inherit hostAddress localAddress; diff --git a/nix/os/devices/sj-srv1/system.nix b/nix/os/devices/sj-srv1/system.nix index 93f93d0..434cf27 100644 --- a/nix/os/devices/sj-srv1/system.nix +++ b/nix/os/devices/sj-srv1/system.nix @@ -101,6 +101,7 @@ httpPort = 80; httpsPort = 443; + forgejoSshPort = 2222; }; syncthing = import ../../containers/syncthing.nix { From 0a5d068d8369631b9f54599e4c1c817659855f60 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 12 Jun 2024 22:23:27 +0200 Subject: [PATCH 109/305] wayland: add waypipe --- nix/home-manager/profiles/wayland-desktop.nix | 4 +++- nix/os/devices/sj-bm-hostkey0/configuration.nix | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/nix/home-manager/profiles/wayland-desktop.nix b/nix/home-manager/profiles/wayland-desktop.nix index cf77c15..38231da 100644 --- a/nix/home-manager/profiles/wayland-desktop.nix +++ b/nix/home-manager/profiles/wayland-desktop.nix @@ -33,7 +33,7 @@ in { home.packages = with pkgs; [ # required by network-manager-applet - pkgs.networkmanagerapplet + networkmanagerapplet wlr-randr wayout @@ -59,6 +59,8 @@ in { # probably required by flameshot # xdg-desktop-portal xdg-desktop-portal-wlr # grim + + waypipe ] ++ ( lib.lists.optionals (!pkgs.stdenv.isAarch64) diff --git a/nix/os/devices/sj-bm-hostkey0/configuration.nix b/nix/os/devices/sj-bm-hostkey0/configuration.nix index 305e361..90219c2 100644 --- a/nix/os/devices/sj-bm-hostkey0/configuration.nix +++ b/nix/os/devices/sj-bm-hostkey0/configuration.nix @@ -85,6 +85,9 @@ in { version = "1.88.1"; yarnCache = attrs.yarnCache.overrideAttrs (_: {outputHash = "sha256-89c6GYLT2RzHqwxBKegYqB6g5rEJ6/nH53cnfV7b0Ts=";}); })) + + pkgs.waypipe + ]; }; From 095b757e29d351607fbc35d9aa49d424e9f2f036 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 12 Jun 2024 22:23:43 +0200 Subject: [PATCH 110/305] programs: reconfig chromium and neovim --- nix/home-manager/programs/chromium.nix | 3 +++ nix/home-manager/programs/neovim/vimrc | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/nix/home-manager/programs/chromium.nix b/nix/home-manager/programs/chromium.nix index 2d9070d..b130b11 100644 --- a/nix/home-manager/programs/chromium.nix +++ b/nix/home-manager/programs/chromium.nix @@ -42,6 +42,9 @@ # unhook {id = "khncfooichmfjbepaaaebmommgaepoid";} + + # polkadotjs + {id = "mopnmbcafieddcagagdcbnhejhlodfdd";} ] ++ (lib.lists.optionals ((builtins.match "^steveej.*" name) != null) [ # Vimium C diff --git a/nix/home-manager/programs/neovim/vimrc b/nix/home-manager/programs/neovim/vimrc index c002c2b..f3cb42b 100644 --- a/nix/home-manager/programs/neovim/vimrc +++ b/nix/home-manager/programs/neovim/vimrc @@ -49,8 +49,8 @@ let g:ctrlp_custom_ignore = { \ 'dir': '\v[\/]\.(git|hg|svn)$$', \ 'file': '\v\.(exe|so|dll)$$', \ } -let g:ctrlp_max_files=0 -let g:ctrlp_max_depth=1000 +"let g:ctrlp_max_files=0 +"let g:ctrlp_max_depth=1000 "let g:ctrlp_match_func = { 'match': 'pymatcher#PyMatch' } "let g:pydiction_location = '~/.vim/bundle/pydiction/complete-dict' From bb2ddbbf6dfb629b4143658a49d478a8b9c6a6ec Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 12 Jun 2024 22:23:57 +0200 Subject: [PATCH 111/305] router0-dmz0: allow iperf UDP from VLAns --- nix/os/devices/router0-dmz0/configuration.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 43dd7d3..d27db2b 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -275,13 +275,17 @@ in { vlan-to-fw = { allowedUDPPortRanges = [ + { + from = 53; + to = 53; + } { from = 67; to = 68; } { - from = 53; - to = 53; + from = 5201; + to = 5201; } ]; allowedTCPPortRanges = [ From dc3832b7c7ebdc9747f3737c4291a287f7825021 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 12 Jun 2024 22:24:31 +0200 Subject: [PATCH 112/305] fix(mycelium): package name --- nix/os/snippets/mycelium.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/os/snippets/mycelium.nix b/nix/os/snippets/mycelium.nix index 4d1a173..a990aea 100644 --- a/nix/os/snippets/mycelium.nix +++ b/nix/os/snippets/mycelium.nix @@ -16,7 +16,7 @@ services.mycelium = { enable = true; - package = nodeFlake.inputs.mycelium.packages.${system}.mycelium; + package = nodeFlake.inputs.mycelium.packages.${system}.myceliumd; keyFile = config.sops.secrets.mycelium-key.path; addHostedPublicNodes = true; peers = [ From 85cca6fc05c18983ca620cc85155f8c98de256b1 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 12 Jun 2024 22:24:50 +0200 Subject: [PATCH 113/305] x13s: bump flake inputs --- nix/os/devices/steveej-x13s/flake.lock | 58 +++++++++++++------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 543c6fa..6112c1e 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -8,11 +8,11 @@ ] }, "locked": { - "lastModified": 1716745752, - "narHash": "sha256-8K1R9Yg4r08rYk86Yq+lu3E9L3uRUb4xMqYHgl0VGS0=", + "lastModified": 1717951870, + "narHash": "sha256-hGLeRxSEeFz9WvmQ4s4AuMJ5InLSZvoczDdXkWSFi1A=", "owner": "ipetkov", "repo": "crane", - "rev": "19ca94ec2d288de334ae932107816b4a97736cd8", + "rev": "17d9e9dedd58dde2c562a4296934c6d6a0844534", "type": "github" }, "original": { @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1717770040, - "narHash": "sha256-eq9gP060TqWqRf2k4WO5FrG49rVq5Jy3Ptusg0CFdds=", + "lastModified": 1718008439, + "narHash": "sha256-nlh/2uD5p2SAdkn6Zuey20yaR5FFWvhL3poapDGNE4Y=", "owner": "nix-community", "repo": "disko", - "rev": "398acc470f7c2d68621db01900f053e6000129c4", + "rev": "c1cfbfad7cb45f0c177b35b59ba67d1b5fc7ca82", "type": "github" }, "original": { @@ -59,11 +59,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1715865404, - "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=", + "lastModified": 1717285511, + "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9", + "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", "type": "github" }, "original": { @@ -150,11 +150,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1717750556, - "narHash": "sha256-nyHHuwOHaIh8WCxaQb7QoTReV09ydhHLYwEVHQg2Hek=", + "lastModified": 1718019143, + "narHash": "sha256-ItNbxzz+iwjOVTV81fkXqmFc973WRlUO6UpBl0Ea33Q=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "b3aaff8143fdd96fc3829738c7abe739204e6c18", + "rev": "cc0fec3ca38b175156e3c4954d2c140cd47513d0", "type": "github" }, "original": { @@ -184,11 +184,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1717084324, - "narHash": "sha256-YvezQmRHuYosnMz48jJDS5JSvkm+smpbPlBKftp+lkI=", + "lastModified": 1717861316, + "narHash": "sha256-qQ0CzTVeGyweKSxASGZj/H5qP07vRiZH5Pp2oH5lY24=", "ref": "refs/heads/main", - "rev": "ce0128942303fd0a8869252027315d6a0cca731e", - "revCount": 76, + "rev": "65b22fab10524bb63eedf432a8dcb75cc38c6c7d", + "revCount": 79, "type": "git", "url": "https://codeberg.org/adamcstephens/nixos-x13s" }, @@ -215,23 +215,23 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1714640452, - "narHash": "sha256-QBx10+k6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94=", + "lastModified": 1717284937, + "narHash": "sha256-lIbdfCsf8LMFloheeE6N31+BMIeixqyQWbSr2vk79EQ=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1717602782, - "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", + "lastModified": 1717786204, + "narHash": "sha256-4q0s6m0GUcN7q+Y2DqD27iLvbcd1G50T2lv08kKxkSI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", + "rev": "051f920625ab5aabe37c920346e3e69d7d34400e", "type": "github" }, "original": { @@ -243,11 +243,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1716948383, - "narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=", + "lastModified": 1717602782, + "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ad57eef4ef0659193044870c731987a6df5cf56b", + "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", "type": "github" }, "original": { @@ -259,11 +259,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1717696253, - "narHash": "sha256-1+ua0ggXlYYPLTmMl3YeYYsBXDSCqT+Gw3u6l4gvMhA=", + "lastModified": 1717952948, + "narHash": "sha256-mJi4/gjiwQlSaxjA6AusXBN/6rQRaPCycR7bd8fydnQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9b5328b7f761a7bbdc0e332ac4cf076a3eedb89b", + "rev": "2819fffa7fa42156680f0d282c60d81e8fb185b7", "type": "github" }, "original": { From 786d7890820e167dd18b3357022af2ac52316e26 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 13 Jun 2024 16:41:58 +0200 Subject: [PATCH 114/305] chore: cleanup prev container --- nix/os/containers/backup-target.nix | 87 ----------------------------- 1 file changed, 87 deletions(-) delete mode 100644 nix/os/containers/backup-target.nix diff --git a/nix/os/containers/backup-target.nix b/nix/os/containers/backup-target.nix deleted file mode 100644 index 608ac47..0000000 --- a/nix/os/containers/backup-target.nix +++ /dev/null @@ -1,87 +0,0 @@ -{ - hostAddress, - localAddress, - containerBackupCfg, - sshPort ? containerBackupCfg.portInt, - autoStart ? false, -}: { - config = { - config, - pkgs, - lib, - ... - }: { - system.stateVersion = "22.05"; # Did you read the comment? - - imports = [../profiles/containers/configuration.nix]; - - networking.firewall.enable = false; - - # services.ddclientovh = { - # enable = true; - # domain = containerBackupCfg.addr; - # }; - - services.openssh.enable = true; - - users.extraUsers."${containerBackupCfg.user}" = { - uid = 2000; - group = containerBackupCfg.group; - shell = pkgs.bashInteractive; - home = "/${containerBackupCfg.targetPath}"; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNI3H0BRSYOZ/MbTs9J80doJwSd1HymFOP5quNt0J48vxZ5FPVrT2FHpQiNrCcYbCKRsU4X8AiGUHiXC0PapQQ3JDkqp6WZoqBNDx6BI7RadyH1TqVQPlou3pQmCAogzfBInruR53YTDmQqXiPwfM0okPOXgiBNjDfZXOX4+CyUfkmZZwASoicTInqWGkn1sFnh4tyXIkgWflg0njlVmfkVvH71+evvKLYHtoNpVXazkQ0SXbyuW5f3mSta7TNkpC3HbBm+4n+WxYGySrlRLWQhTo+aoWUKk9h5zvECDNpwRtbqzt+bA9nKrdg180ceu8hruwvWNiC6PPA2GW9Z1+VKROviGu1C3dliE/pPCBtK+ZoRVv2CGE+pmAuQsB9Nif9tk5tY6HJhuLNxKYiMfQkiLsDYv6KdZXUIVK/4BIDkZuQNnjhdOQBLnea0ANOhutA9gnjxnsd3UT6ovfazg5gud7n3u4yBtzjTkRrqWZ63eM1NmUVOgMWHQ715pV+hJfOFGqzRBEe3g/p3bWNgpROBYJbG1H8l9DN7emG4FGWsb1HeNFwQ5lS0Zsezb7qzahr4vSmHNugVw7w8ONt5dPbPI9wQnWvkkuHH76P/NYy6OC6lHrN1rXyA1okqdPr06YAZnCot+Pqdgn/ijxgp06J3dtkhin+Q7PoQbGff3ERIw== bkp" - ]; - - packages = with pkgs; [btrfs-progs]; - - isSystemUser = true; - }; - - security.sudo = { - enable = true; - extraRules = [ - { - users = ["bkp"]; - commands = [ - { - command = "/etc/profiles/per-user/bkp/bin/btrfs"; - options = ["NOPASSWD"]; - } - { - command = "/run/current-system/sw/bin/readlink"; - options = ["NOPASSWD"]; - } - { - command = "/run/current-system/sw/bin/test"; - options = ["NOPASSWD"]; - } - ]; - } - ]; - }; - }; - - inherit autoStart; - - bindMounts = { - "/${containerBackupCfg.targetPath}" = { - hostPath = "/var/lib/container-volumes/backup-target"; - isReadOnly = false; - }; - }; - - extraFlags = ["--resolv-conf=bind-host"]; - - privateNetwork = true; - forwardPorts = [ - { - # ssh - containerPort = 22; - hostPort = sshPort; - protocol = "tcp"; - } - ]; - - inherit hostAddress localAddress; -} From f8eea2b6c7871e74fef9d3ef128eea2d4f64bdaa Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 19 Jun 2024 23:13:24 +0200 Subject: [PATCH 115/305] feat(router0-dmz0): tune wifi for compatibility with x13s windows --- nix/os/devices/router0-dmz0/configuration.nix | 67 +++++++++++++++---- 1 file changed, 54 insertions(+), 13 deletions(-) diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index d27db2b..06715a1 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -1,3 +1,4 @@ +# TODO: don't pull in bluez (or any bluetooth components) { repoFlake, pkgs, @@ -904,13 +905,53 @@ in { wlan0 = { band = "2g"; countryCode = "CH"; - channel = 0; # ACS + channel = 0; # 0 would mean Automatic Channel Selection + + settings = { + # TODO: with 1 the x13s on windows can't connect, however this slows the AP down. + # ieee80211n = 1; + + # Exclude DFS channels from ACS + # This option can be used to exclude all DFS channels from the ACS channel list + # in cases where the driver supports DFS channels. + acs_exclude_dfs = 0; + + # Disassociate stations based on excessive transmission failures or other + # indications of connection loss. This depends on the driver capabilities and + # may not be available with all drivers. + disassoc_low_ack = 0; + }; # use 'iw phy#1 info' to determine your VHT capabilities wifi4 = { enable = true; - capabilities = ["HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935"]; + require = false; + capabilities = [ + "HT20" + "HT40+" + "LDPC" + "SHORT-GI-20" + "SHORT-GI-40" + "TX-STBC" + "RX-STBC1" + "MAX-AMSDU-7935" + + # "DELAYED-BA" + # "DSSS_CCK-40" + "40-INTOLERANT" + ]; }; + + wifi5 = { + enable = false; + require = false; + }; + + wifi6 = { + enable = false; + require = false; + }; + networks = { wlan0 = let iface = "wlan0"; @@ -918,6 +959,9 @@ in { ssid = "mlsia"; bssid = mkBssid 0; + # enables debug logging + logLevel = 0; + authentication.mode = "wpa2-sha256" # "wpa3-sae-transition" @@ -931,23 +975,20 @@ in { # see https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf for reference settings = { + # disable syslog because it duplicates stdout + logger_syslog = lib.mkForce 0; + # bridge = bridgeInterfaceName; # wpa_psk_file = config.sops.secrets.wlan0_wpaPskFile.path; # not yet supported on hostapd 2.10 # sae_password_file = config.sops.secrets.wlan0_saePasswordsFile.path; - # enables debug logging - logger_stdout_level = lib.mkForce 0; - logger_stdout = -1; - # logger_syslog_level= lib.mkForce 0; - # resources on vlan tagging # https://wireless.wiki.kernel.org/en/users/Documentation/hostapd#dynamic_vlan_tagging # https://forum.openwrt.org/t/individual-per-passphrase-wifi-vlans-using-wpa-psk-file-no-radius-required/161696/4 dynamic_vlan = 1; - # this option currently requires a patch to hostapd vlan_no_bridge = 1; @@ -997,15 +1038,15 @@ in { # IEEE 802.11i (authentication) related configuration # Encrypt management frames to protect against deauthentication and similar attacks - ieee80211w = 0; - sae_require_mfp = 0; + ieee80211w = 1; + # sae_require_mfp = 1; # sae_groups = "19 20 21"; # [ENABLE-TLSv1.3] = enable TLSv1.3 (experimental - disabled by default) tls_flags = "[ENABLE-TLSv1.3]"; - ieee8021x = 0; - eap_server = 0; + ieee8021x = 1; + eap_server = 1; }; }; @@ -1276,7 +1317,7 @@ in { environment.systemPackages = [ pkgs.ethtool - pkgs.neovim + pkgs.vim pkgs.wireguard-tools pkgs.tshark From 8fbeab3598d744a105dc49eb93bb2719b6746285 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 20 Jun 2024 10:23:29 +0200 Subject: [PATCH 116/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 44 +++++++++++++------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 6112c1e..6c66731 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1718008439, - "narHash": "sha256-nlh/2uD5p2SAdkn6Zuey20yaR5FFWvhL3poapDGNE4Y=", + "lastModified": 1718846788, + "narHash": "sha256-9dtXYtEkmXoUJV+PGLqscqF7qTn4AIhAKpFWRFU2NYs=", "owner": "nix-community", "repo": "disko", - "rev": "c1cfbfad7cb45f0c177b35b59ba67d1b5fc7ca82", + "rev": "e1174d991944a01eaaa04bc59c6281edca4c0e6e", "type": "github" }, "original": { @@ -111,11 +111,11 @@ ] }, "locked": { - "lastModified": 1717527182, - "narHash": "sha256-vWSkg6AMok1UUQiSYVdGMOXKD2cDFnajITiSi0Zjd1A=", + "lastModified": 1718530513, + "narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=", "owner": "nix-community", "repo": "home-manager", - "rev": "845a5c4c073f74105022533907703441e0464bc3", + "rev": "a1fddf0967c33754271761d91a3d921772b30d0e", "type": "github" }, "original": { @@ -150,11 +150,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1718019143, - "narHash": "sha256-ItNbxzz+iwjOVTV81fkXqmFc973WRlUO6UpBl0Ea33Q=", + "lastModified": 1718789228, + "narHash": "sha256-T68Ei2sIExC8R37gpWzDAcdh9mv/FLMzlmRzmr1D6nw=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "cc0fec3ca38b175156e3c4954d2c140cd47513d0", + "rev": "a0e6560add3ffd763a77656a586734be272a344e", "type": "github" }, "original": { @@ -184,11 +184,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1717861316, - "narHash": "sha256-qQ0CzTVeGyweKSxASGZj/H5qP07vRiZH5Pp2oH5lY24=", + "lastModified": 1718132227, + "narHash": "sha256-1AFLd779W8m+q4tfr8TB0oza9GTbVxVrGzg3iZmuYAQ=", "ref": "refs/heads/main", - "rev": "65b22fab10524bb63eedf432a8dcb75cc38c6c7d", - "revCount": 79, + "rev": "a95fcbdb0b90f46be425cfa8d88fc92b89cdf536", + "revCount": 81, "type": "git", "url": "https://codeberg.org/adamcstephens/nixos-x13s" }, @@ -227,11 +227,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1717786204, - "narHash": "sha256-4q0s6m0GUcN7q+Y2DqD27iLvbcd1G50T2lv08kKxkSI=", + "lastModified": 1718530797, + "narHash": "sha256-pup6cYwtgvzDpvpSCFh1TEUjw2zkNpk8iolbKnyFmmU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "051f920625ab5aabe37c920346e3e69d7d34400e", + "rev": "b60ebf54c15553b393d144357375ea956f89e9a9", "type": "github" }, "original": { @@ -243,11 +243,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1717602782, - "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", + "lastModified": 1717974879, + "narHash": "sha256-GTO3C88+5DX171F/gVS3Qga/hOs/eRMxPFpiHq2t+D8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", + "rev": "c7b821ba2e1e635ba5a76d299af62821cbcb09f3", "type": "github" }, "original": { @@ -259,11 +259,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1717952948, - "narHash": "sha256-mJi4/gjiwQlSaxjA6AusXBN/6rQRaPCycR7bd8fydnQ=", + "lastModified": 1718717462, + "narHash": "sha256-qddfQLMaWR2gxfEzUM/zFZVK6H1kTv9WBQSBQxbP3MU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2819fffa7fa42156680f0d282c60d81e8fb185b7", + "rev": "938aa157bbd6e3c6fd7dcb77998b1f92c2ad1631", "type": "github" }, "original": { From 635197ff8a2a5d3d530c4f9999051e1e087fc0dc Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 23 Jun 2024 21:07:48 +0200 Subject: [PATCH 117/305] add openvscode-server module --- .../programs/openvscode-server.nix | 41 +++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 nix/home-manager/programs/openvscode-server.nix diff --git a/nix/home-manager/programs/openvscode-server.nix b/nix/home-manager/programs/openvscode-server.nix new file mode 100644 index 0000000..d9239b2 --- /dev/null +++ b/nix/home-manager/programs/openvscode-server.nix @@ -0,0 +1,41 @@ +{ + pkgs, + nodeFlake, + repoFlake, + ... +}: let + pkgsUnstable = import nodeFlake.inputs.nixpkgs-unstable {inherit (pkgs) system config;}; + pkgsVscodium = import repoFlake.inputs.nixpkgs-vscodium {inherit (pkgs) system config;}; +in { + home.packages = [ + pkgs.nil + pkgs.nixd + pkgs.nixpkgs-fmt + pkgs.alejandra + pkgs.nixfmt + + # TODO: automate linking this + # 1. get the commit with: `codium --version` + # 2. create the binary directory: `mkdir -p /home/steveej/.vscodium-server/bin/c8ce3ba4bc6b30b3b10edc61481cb85b1d2396bc/bin/` + # 3. link the binary. this relies on the client-side setting `"remote.SSH.experimental.serverBinaryName": "openvscode-server"` : ln -s $(which openvscode-server) /home/steveej/.vscodium-server/bin/c8ce3ba4bc6b30b3b10edc61481cb85b1d2396bc/bin/ + + /* + e.g.: + ``` + ( + set -e + export COMMIT=$(codium --version | rg '^[0-9a-f]{40}$') + ssh bm-hostkey0 "pkill -9 openvscode; rm -rf /home/steveej/.vscodium-server/bin/$COMMIT; mkdir -p /home/steveej/.vscodium-server/bin/$COMMIT/bin/; ln -s \$(which openvscode-server) /home/steveej/.vscodium-server/bin/$COMMIT/bin/" + ) + ``` + */ + + (pkgsVscodium.openvscode-server.overrideAttrs (attrs: { + src = repoFlake.inputs.openvscode-server; + version = "1.88.1"; + yarnCache = attrs.yarnCache.overrideAttrs (_: {outputHash = "sha256-89c6GYLT2RzHqwxBKegYqB6g5rEJ6/nH53cnfV7b0Ts=";}); + })) + + pkgs.waypipe + ]; +} From d8f23dd4d09499a7a70a2664cd46c559e05766bf Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 3 Jul 2024 10:23:49 +0200 Subject: [PATCH 118/305] nix/os/devices/router0-hosthatch: bump versions --- nix/os/devices/router0-hosthatch/flake.lock | 30 ++++++++++----------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/nix/os/devices/router0-hosthatch/flake.lock b/nix/os/devices/router0-hosthatch/flake.lock index 1fc4feb..f66687f 100644 --- a/nix/os/devices/router0-hosthatch/flake.lock +++ b/nix/os/devices/router0-hosthatch/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1717915259, - "narHash": "sha256-VsGPboaleIlPELHY5cNTrXK4jHVmgUra8uC6h7KVC5c=", + "lastModified": 1719864345, + "narHash": "sha256-e4Pw+30vFAxuvkSTaTypd9zYemB/QlWcH186dsGT+Ms=", "owner": "nix-community", "repo": "disko", - "rev": "1bbdb06f14e2621290b250e631cf3d8948e4d19b", + "rev": "544a80a69d6e2da04e4df7ec8210a858de8c7533", "type": "github" }, "original": { @@ -48,11 +48,11 @@ ] }, "locked": { - "lastModified": 1717527182, - "narHash": "sha256-vWSkg6AMok1UUQiSYVdGMOXKD2cDFnajITiSi0Zjd1A=", + "lastModified": 1719827385, + "narHash": "sha256-qs+nU20Sm8czHg3bhGCqiH+8e13BJyRrKONW34g3i50=", "owner": "nix-community", "repo": "home-manager", - "rev": "845a5c4c073f74105022533907703441e0464bc3", + "rev": "391ca6e950c2525b4f853cbe29922452c14eda82", "type": "github" }, "original": { @@ -85,11 +85,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1717696253, - "narHash": "sha256-1+ua0ggXlYYPLTmMl3YeYYsBXDSCqT+Gw3u6l4gvMhA=", + "lastModified": 1719838683, + "narHash": "sha256-Zw9rQjHz1ilNIimEXFeVa1ERNRBF8DoXDhLAZq5B4pE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9b5328b7f761a7bbdc0e332ac4cf076a3eedb89b", + "rev": "d032c1a6dfad4eedec7e35e91986becc699d7d69", "type": "github" }, "original": { @@ -101,11 +101,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1717786204, - "narHash": "sha256-4q0s6m0GUcN7q+Y2DqD27iLvbcd1G50T2lv08kKxkSI=", + "lastModified": 1719848872, + "narHash": "sha256-H3+EC5cYuq+gQW8y0lSrrDZfH71LB4DAf+TDFyvwCNA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "051f920625ab5aabe37c920346e3e69d7d34400e", + "rev": "00d80d13810dbfea8ab4ed1009b09100cca86ba8", "type": "github" }, "original": { @@ -132,11 +132,11 @@ ] }, "locked": { - "lastModified": 1717807544, - "narHash": "sha256-djHfn29HdlfWdmyeu3rqlVS8k5q/xRh2P0mX2RAafb0=", + "lastModified": 1719965291, + "narHash": "sha256-IQiO6VNESSmgxQkpI1q86pqxRw0SZ45iSeM1jsmBpSw=", "owner": "numtide", "repo": "srvos", - "rev": "64ae31cb29923128f27a503a550ee4fb1631c4c6", + "rev": "1844f1a15ef530c963bb07c3846172fccbfb9f74", "type": "github" }, "original": { From 1ec6cf039110941513cd0f367bee4d4438c6af8c Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 3 Jul 2024 10:24:27 +0200 Subject: [PATCH 119/305] nix/os/devices/router0-ifog: bump versions --- nix/os/devices/router0-ifog/flake.lock | 30 +++++++++++++------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/nix/os/devices/router0-ifog/flake.lock b/nix/os/devices/router0-ifog/flake.lock index b9719a9..f66687f 100644 --- a/nix/os/devices/router0-ifog/flake.lock +++ b/nix/os/devices/router0-ifog/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1717770040, - "narHash": "sha256-eq9gP060TqWqRf2k4WO5FrG49rVq5Jy3Ptusg0CFdds=", + "lastModified": 1719864345, + "narHash": "sha256-e4Pw+30vFAxuvkSTaTypd9zYemB/QlWcH186dsGT+Ms=", "owner": "nix-community", "repo": "disko", - "rev": "398acc470f7c2d68621db01900f053e6000129c4", + "rev": "544a80a69d6e2da04e4df7ec8210a858de8c7533", "type": "github" }, "original": { @@ -48,11 +48,11 @@ ] }, "locked": { - "lastModified": 1717527182, - "narHash": "sha256-vWSkg6AMok1UUQiSYVdGMOXKD2cDFnajITiSi0Zjd1A=", + "lastModified": 1719827385, + "narHash": "sha256-qs+nU20Sm8czHg3bhGCqiH+8e13BJyRrKONW34g3i50=", "owner": "nix-community", "repo": "home-manager", - "rev": "845a5c4c073f74105022533907703441e0464bc3", + "rev": "391ca6e950c2525b4f853cbe29922452c14eda82", "type": "github" }, "original": { @@ -85,11 +85,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1717696253, - "narHash": "sha256-1+ua0ggXlYYPLTmMl3YeYYsBXDSCqT+Gw3u6l4gvMhA=", + "lastModified": 1719838683, + "narHash": "sha256-Zw9rQjHz1ilNIimEXFeVa1ERNRBF8DoXDhLAZq5B4pE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9b5328b7f761a7bbdc0e332ac4cf076a3eedb89b", + "rev": "d032c1a6dfad4eedec7e35e91986becc699d7d69", "type": "github" }, "original": { @@ -101,11 +101,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1717602782, - "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", + "lastModified": 1719848872, + "narHash": "sha256-H3+EC5cYuq+gQW8y0lSrrDZfH71LB4DAf+TDFyvwCNA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", + "rev": "00d80d13810dbfea8ab4ed1009b09100cca86ba8", "type": "github" }, "original": { @@ -132,11 +132,11 @@ ] }, "locked": { - "lastModified": 1717807544, - "narHash": "sha256-djHfn29HdlfWdmyeu3rqlVS8k5q/xRh2P0mX2RAafb0=", + "lastModified": 1719965291, + "narHash": "sha256-IQiO6VNESSmgxQkpI1q86pqxRw0SZ45iSeM1jsmBpSw=", "owner": "numtide", "repo": "srvos", - "rev": "64ae31cb29923128f27a503a550ee4fb1631c4c6", + "rev": "1844f1a15ef530c963bb07c3846172fccbfb9f74", "type": "github" }, "original": { From fce60720324f1f2cfb1c6a981013ab299b585c59 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 3 Jul 2024 10:27:48 +0200 Subject: [PATCH 120/305] nix/os/devices/sj-srv1: bump versions --- nix/os/devices/sj-srv1/flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/nix/os/devices/sj-srv1/flake.lock b/nix/os/devices/sj-srv1/flake.lock index 4e1a641..c1facdb 100644 --- a/nix/os/devices/sj-srv1/flake.lock +++ b/nix/os/devices/sj-srv1/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1716736833, - "narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=", + "lastModified": 1719827385, + "narHash": "sha256-qs+nU20Sm8czHg3bhGCqiH+8e13BJyRrKONW34g3i50=", "owner": "nix-community", "repo": "home-manager", - "rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6", + "rev": "391ca6e950c2525b4f853cbe29922452c14eda82", "type": "github" }, "original": { @@ -23,11 +23,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1717144377, - "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", + "lastModified": 1719838683, + "narHash": "sha256-Zw9rQjHz1ilNIimEXFeVa1ERNRBF8DoXDhLAZq5B4pE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "805a384895c696f802a9bf5bf4720f37385df547", + "rev": "d032c1a6dfad4eedec7e35e91986becc699d7d69", "type": "github" }, "original": { @@ -39,11 +39,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1717242134, - "narHash": "sha256-2X835ZESUaQ/KZEuG9HkoEB7h0USG5uvkSUmLzFkxAE=", + "lastModified": 1719994746, + "narHash": "sha256-C37FhwcMCwKOxxcxN3alPXnI8TTedWLqAjl+Vwf49Sw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "61c1d282153dbfcb5fe413c228d172d0fe7c2a7e", + "rev": "90e277972a4cba6149f3b5a9f681de4a034ad060", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1717216113, - "narHash": "sha256-DniggN0kphCCBpGlS2WyDPoNqxQoRFlhN2GMk35OHiM=", + "lastModified": 1719958352, + "narHash": "sha256-InEKcwWZoNKakuPqGqo3skypFO7DJOvCsRIoJ9DhJt8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "21959d8d44197094aebc74ead6ca4a53bcce0adb", + "rev": "1efee2bb34d5f0db946c7292de1d4392c3601d37", "type": "github" }, "original": { From 92be66cbb5eeeb959eb74b1f8a2dc24be935a731 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 22 Jul 2024 14:49:43 +0200 Subject: [PATCH 121/305] nix/os/devices/sj-srv1: bump versions --- nix/os/devices/sj-srv1/flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/nix/os/devices/sj-srv1/flake.lock b/nix/os/devices/sj-srv1/flake.lock index c1facdb..1753028 100644 --- a/nix/os/devices/sj-srv1/flake.lock +++ b/nix/os/devices/sj-srv1/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1719827385, - "narHash": "sha256-qs+nU20Sm8czHg3bhGCqiH+8e13BJyRrKONW34g3i50=", + "lastModified": 1720042825, + "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=", "owner": "nix-community", "repo": "home-manager", - "rev": "391ca6e950c2525b4f853cbe29922452c14eda82", + "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", "type": "github" }, "original": { @@ -23,11 +23,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1719838683, - "narHash": "sha256-Zw9rQjHz1ilNIimEXFeVa1ERNRBF8DoXDhLAZq5B4pE=", + "lastModified": 1721548954, + "narHash": "sha256-7cCC8+Tdq1+3OPyc3+gVo9dzUNkNIQfwSDJ2HSi2u3o=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d032c1a6dfad4eedec7e35e91986becc699d7d69", + "rev": "63d37ccd2d178d54e7fb691d7ec76000740ea24a", "type": "github" }, "original": { @@ -39,11 +39,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1719994746, - "narHash": "sha256-C37FhwcMCwKOxxcxN3alPXnI8TTedWLqAjl+Vwf49Sw=", + "lastModified": 1721651541, + "narHash": "sha256-h20QbZhK6EiWjG3pEAtQYqqLDeA5YZXYfBVF7Hm7j/M=", "owner": "nixos", "repo": "nixpkgs", - "rev": "90e277972a4cba6149f3b5a9f681de4a034ad060", + "rev": "af81d1b24bcf039613a11ae4bcc03b7415d7cae0", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1719958352, - "narHash": "sha256-InEKcwWZoNKakuPqGqo3skypFO7DJOvCsRIoJ9DhJt8=", + "lastModified": 1721615467, + "narHash": "sha256-/foTRkSnMwwS3BeVlUNenyIPehCyDgovOPmz5tL6OkQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1efee2bb34d5f0db946c7292de1d4392c3601d37", + "rev": "176e4e9d36742841406578db792d3278ef6974c7", "type": "github" }, "original": { From b30596b3a6be3846c482686bb9afed4eaab8eafb Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 26 Jul 2024 13:47:57 +0200 Subject: [PATCH 122/305] rename sj-bm-hostkey0 -> hstk0 --- .sops.yaml | 15 +- flake.nix | 3 +- .../{sj-bm-hostkey0 => hstk0}/.gitignore | 0 .../{sj-bm-hostkey0 => hstk0}/README.md | 0 nix/os/devices/hstk0/configuration.nix | 155 +++++++++++ .../{sj-bm-hostkey0 => hstk0}/default.nix | 0 nix/os/devices/hstk0/flake.lock | 124 +++++++++ .../{sj-bm-hostkey0 => hstk0}/flake.nix | 15 +- .../devices/sj-bm-hostkey0/configuration.nix | 244 ----------------- nix/os/devices/sj-bm-hostkey0/flake.lock | 245 ------------------ secrets/hstk0/mycelium_priv_key.bin.enc | 26 ++ secrets/hstk0/secrets.yaml | 36 +++ .../sj-bm-hostkey0/mycelium_priv_key.bin.enc | 26 -- secrets/sj-bm-hostkey0/secrets.yaml | 36 --- 14 files changed, 348 insertions(+), 577 deletions(-) rename nix/os/devices/{sj-bm-hostkey0 => hstk0}/.gitignore (100%) rename nix/os/devices/{sj-bm-hostkey0 => hstk0}/README.md (100%) create mode 100644 nix/os/devices/hstk0/configuration.nix rename nix/os/devices/{sj-bm-hostkey0 => hstk0}/default.nix (100%) create mode 100644 nix/os/devices/hstk0/flake.lock rename nix/os/devices/{sj-bm-hostkey0 => hstk0}/flake.nix (77%) delete mode 100644 nix/os/devices/sj-bm-hostkey0/configuration.nix delete mode 100644 nix/os/devices/sj-bm-hostkey0/flake.lock create mode 100644 secrets/hstk0/mycelium_priv_key.bin.enc create mode 100644 secrets/hstk0/secrets.yaml delete mode 100644 secrets/sj-bm-hostkey0/mycelium_priv_key.bin.enc delete mode 100644 secrets/sj-bm-hostkey0/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml index 69bfd81..8f66652 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -18,7 +18,7 @@ keys: - &router0-dmz0 age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86 - &router0-ifog age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00 - &router0-hosthatch age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4 - - &sj-bm-hostkey0 age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44 + - &hstk0 age10xwq7a4y256yhv02j0u80te0vt4krgfjc68r0uw07t96z7ggmpwqtv38a0 creation_rules: - path_regex: ^(.+/|)secrets/[^/]+$ @@ -36,7 +36,7 @@ creation_rules: - *sj-vps-htz0 - *sj-srv1 - - *sj-bm-hostkey0 + - *hstk0 - *router0-ifog - *router0-hosthatch - path_regex: ^secrets/steveej-t14/.+$ @@ -102,12 +102,12 @@ creation_rules: - *steveej age: - *sj-srv1 - - path_regex: ^secrets/sj-bm-hostkey0/.+$ + - path_regex: ^secrets/hstk0/.+$ key_groups: - pgp: - *steveej age: - - *sj-bm-hostkey0 + - *hstk0 - path_regex: ^secrets/steveej-x13s/.+$ key_groups: - pgp: @@ -120,10 +120,3 @@ creation_rules: - *steveej age: - *steveej-x13s - - *sj-bm-hostkey0 - - path_regex: ^secrets/sj-bm-hostkey0/.+$ - key_groups: - - pgp: - - *steveej - age: - - *sj-bm-hostkey0 diff --git a/flake.nix b/flake.nix index 8405916..22b036b 100644 --- a/flake.nix +++ b/flake.nix @@ -166,7 +166,8 @@ "router0-hosthatch" "sj-srv1" - "sj-bm-hostkey0" + + "hstk0" # "retro" ]); diff --git a/nix/os/devices/sj-bm-hostkey0/.gitignore b/nix/os/devices/hstk0/.gitignore similarity index 100% rename from nix/os/devices/sj-bm-hostkey0/.gitignore rename to nix/os/devices/hstk0/.gitignore diff --git a/nix/os/devices/sj-bm-hostkey0/README.md b/nix/os/devices/hstk0/README.md similarity index 100% rename from nix/os/devices/sj-bm-hostkey0/README.md rename to nix/os/devices/hstk0/README.md diff --git a/nix/os/devices/hstk0/configuration.nix b/nix/os/devices/hstk0/configuration.nix new file mode 100644 index 0000000..ea3c795 --- /dev/null +++ b/nix/os/devices/hstk0/configuration.nix @@ -0,0 +1,155 @@ +{ + modulesPath, + repoFlake, + packages', + pkgs, + lib, + config, + nodeFlake, + nodeName, + system, + ... +}: { + disabledModules = [ + ]; + + imports = [ + nodeFlake.inputs.disko.nixosModules.disko + repoFlake.inputs.sops-nix.nixosModules.sops + + nodeFlake.inputs.srvos.nixosModules.roles-nix-remote-builder + { + roles.nix-remote-builder.schedulerPublicKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQ22z5rDdCLYH+MEoEt+tXJXTJqoeZNqvJl2n4aB+Kn steveej@steveej-x13s" + + # TODO: make this a reference to the private key's secret + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8FHuK0k86iBWq41+NAhVwJqH1ZpGJe+q01m7iLviz6 root@steveej-t14" + ]; + } + + ../../snippets/nix-settings.nix + { + nix.settings.sandbox = lib.mkForce "relaxed"; + } + + ../../snippets/mycelium.nix + + # user config + ../../profiles/common/user.nix + { + users.commonUsers = { + enable = true; + enableNonRoot = true; + }; + } + + ../../snippets/home-manager-with-zsh.nix + # { + # home-manager.users.steveej = {pkgs, ...}: { + # imports = [ + # ../../../home-manager/programs/pass.nix + # ../../../home-manager/programs/openvscode-server.nix + # ]; + # }; + # } + ]; + + services.openssh = { + enable = true; + openFirewall = true; + settings.PermitRootLogin = "yes"; + extraConfig = '' + StreamLocalBindUnlink yes + ''; + }; + + boot = { + kernel = { + sysctl = { + "net.ipv4.conf.all.forwarding" = true; + "net.ipv6.conf.all.forwarding" = true; + }; + }; + }; + + networking = { + hostName = nodeName; + useNetworkd = true; + useDHCP = true; + + nat.enable = true; + firewall.enable = true; + + firewall.allowedTCPPorts = [ + 5201 + ]; + firewall.allowedUDPPorts = [ + 5201 + ]; + }; + + disko.devices = let + disk = id: { + type = "disk"; + device = "/dev/${id}"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + mdadm = { + size = "100%"; + content = { + type = "mdraid"; + name = "raid0"; + }; + }; + }; + }; + }; + in { + disk = { + sda = disk "sda"; + sdb = disk "sdb"; + }; + mdadm = { + raid0 = { + type = "mdadm"; + level = 0; + content = { + type = "gpt"; + partitions = { + primary = { + size = "100%"; + content = { + type = "filesystem"; + format = "btrfs"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; + + system.stateVersion = "24.05"; + + boot.kernelPackages = pkgs.linuxPackages_latest; + boot.initrd.includeDefaultModules = true; + boot.initrd.kernelModules = [ + "dm-raid" + "dm-integrity" + "xhci_pci_renesas" + ]; + + hardware.enableRedistributableFirmware = true; + + virtualisation.libvirtd.enable = true; + + boot.binfmt.emulatedSystems = [ + "aarch64-linux" + ]; +} diff --git a/nix/os/devices/sj-bm-hostkey0/default.nix b/nix/os/devices/hstk0/default.nix similarity index 100% rename from nix/os/devices/sj-bm-hostkey0/default.nix rename to nix/os/devices/hstk0/default.nix diff --git a/nix/os/devices/hstk0/flake.lock b/nix/os/devices/hstk0/flake.lock new file mode 100644 index 0000000..8389a6a --- /dev/null +++ b/nix/os/devices/hstk0/flake.lock @@ -0,0 +1,124 @@ +{ + "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1719401812, + "narHash": "sha256-QONBQ/arBsKZNJuSd3sMIkSYFlBoRJpvf1jGlMfcOuI=", + "owner": "nix-community", + "repo": "disko", + "rev": "b6a1262796b2990ec3cc60bb2ec23583f35b2f43", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "get-flake": { + "locked": { + "lastModified": 1714237590, + "narHash": "sha256-9gtHdGbzFHaR20xORN8IYd67ROWS+1nqQ5CsPf9MD8I=", + "owner": "ursi", + "repo": "get-flake", + "rev": "a6c57417d1b857b8be53aba4095869a0f438c502", + "type": "github" + }, + "original": { + "owner": "ursi", + "repo": "get-flake", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1718530513, + "narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "a1fddf0967c33754271761d91a3d921772b30d0e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.05", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1719253556, + "narHash": "sha256-A/76RFUVxZ/7Y8+OMVL1Lc8LRhBxZ8ZE2bpMnvZ1VpY=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "fc07dc3bdf2956ddd64f24612ea7fc894933eb2e", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1719254875, + "narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "disko": "disko", + "get-flake": "get-flake", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "nixpkgs-unstable": "nixpkgs-unstable", + "srvos": "srvos" + } + }, + "srvos": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1719189969, + "narHash": "sha256-6MSZrWvXSvUKIr0iC9eSbQ09NSm+j1Oh4o9Gentu1CU=", + "owner": "numtide", + "repo": "srvos", + "rev": "4f314be1307c8d5f1fb3d882a67e09dbdf285850", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "srvos", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/nix/os/devices/sj-bm-hostkey0/flake.nix b/nix/os/devices/hstk0/flake.nix similarity index 77% rename from nix/os/devices/sj-bm-hostkey0/flake.nix rename to nix/os/devices/hstk0/flake.nix index aee0abd..8f0a7f4 100644 --- a/nix/os/devices/sj-bm-hostkey0/flake.nix +++ b/nix/os/devices/hstk0/flake.nix @@ -12,8 +12,6 @@ disko.inputs.nixpkgs.follows = "nixpkgs"; srvos.url = "github:numtide/srvos"; srvos.inputs.nixpkgs.follows = "nixpkgs"; - - mycelium.url = "github:threefoldtech/mycelium"; }; # outputs = _: {}; @@ -25,7 +23,7 @@ ... } @ attrs: let system = "x86_64-linux"; - nodeName = "sj-bm-hostkey0"; + nodeName = "hostkey-0"; mkNixosConfiguration = {extraModules ? [], ...} @ attrs: nixpkgs.lib.nixosSystem ( @@ -41,17 +39,6 @@ modules = [ ./configuration.nix - - # flake registry - { - nix.registry.nixpkgs.flake = nixpkgs; - } - - ({lib, ...}: { - nixpkgs.overlays = [ - (final: previous: {}) - ]; - }) ] ++ extraModules; } diff --git a/nix/os/devices/sj-bm-hostkey0/configuration.nix b/nix/os/devices/sj-bm-hostkey0/configuration.nix deleted file mode 100644 index 90219c2..0000000 --- a/nix/os/devices/sj-bm-hostkey0/configuration.nix +++ /dev/null @@ -1,244 +0,0 @@ -{ - modulesPath, - repoFlake, - packages', - pkgs, - lib, - config, - nodeFlake, - nodeName, - system, - ... -}: let - pkgsUnstable = import nodeFlake.inputs.nixpkgs-unstable {inherit (pkgs) system config;}; - pkgsVscodium = import repoFlake.inputs.nixpkgs-vscodium {inherit (pkgs) system config;}; -in { - disabledModules = [ - ]; - - imports = [ - nodeFlake.inputs.disko.nixosModules.disko - repoFlake.inputs.sops-nix.nixosModules.sops - - nodeFlake.inputs.srvos.nixosModules.roles-nix-remote-builder - { - roles.nix-remote-builder.schedulerPublicKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQ22z5rDdCLYH+MEoEt+tXJXTJqoeZNqvJl2n4aB+Kn steveej@steveej-x13s" - - # TODO: make this a reference to the private key's secret - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8FHuK0k86iBWq41+NAhVwJqH1ZpGJe+q01m7iLviz6 root@steveej-t14" - ]; - } - - ../../profiles/common/user.nix - ../../snippets/nix-settings.nix - ../../snippets/nix-settings-holo-chain.nix - { - nix.settings.sandbox = lib.mkForce "relaxed"; - } - - ../../snippets/holo-zerotier.nix - - # TODO - # ./network.nix - # ./monitoring.nix - - # user config - ../../snippets/home-manager-with-zsh.nix - { - users.commonUsers = { - enable = true; - enableNonRoot = true; - }; - - home-manager.users.steveej = {pkgs, ...}: { - imports = [ - ../../../home-manager/programs/pass.nix - ]; - - home.packages = [ - pkgs.nil - pkgs.nixd - pkgs.nixpkgs-fmt - pkgs.alejandra - pkgs.nixfmt - - repoFlake.packages.${system}.rperf - - # TODO: automate linking this - # 1. get the commit with: `codium --version` - # 2. create the binary directory: `mkdir -p /home/steveej/.vscodium-server/bin/c8ce3ba4bc6b30b3b10edc61481cb85b1d2396bc/bin/` - # 3. link the binary. this relies on the client-side setting `"remote.SSH.experimental.serverBinaryName": "openvscode-server"` : ln -s $(which openvscode-server) /home/steveej/.vscodium-server/bin/c8ce3ba4bc6b30b3b10edc61481cb85b1d2396bc/bin/ - - /* - e.g.: - ``` - ( - set -e - export COMMIT=$(codium --version | rg '^[0-9a-f]{40}$') - ssh bm-hostkey0 "pkill -9 openvscode; rm -rf /home/steveej/.vscodium-server/bin/$COMMIT; mkdir -p /home/steveej/.vscodium-server/bin/$COMMIT/bin/; ln -s \$(which openvscode-server) /home/steveej/.vscodium-server/bin/$COMMIT/bin/" - ) - ``` - */ - (pkgsVscodium.openvscode-server.overrideAttrs (attrs: { - src = repoFlake.inputs.openvscode-server; - version = "1.88.1"; - yarnCache = attrs.yarnCache.overrideAttrs (_: {outputHash = "sha256-89c6GYLT2RzHqwxBKegYqB6g5rEJ6/nH53cnfV7b0Ts=";}); - })) - - pkgs.waypipe - - ]; - }; - - programs.zsh.enable = true; - users.defaultUserShell = pkgs.zsh; - environment.pathsToLink = ["/share/zsh"]; - } - - ../../snippets/mycelium.nix - ]; - - services.openssh.enable = true; - services.openssh.settings.PermitRootLogin = "yes"; - services.openssh.extraConfig = '' - StreamLocalBindUnlink yes - ''; - - boot = { - kernel = { - sysctl = { - "net.ipv4.conf.all.forwarding" = true; - "net.ipv6.conf.all.forwarding" = true; - }; - }; - }; - - networking = { - hostName = nodeName; - useNetworkd = true; - useDHCP = true; - - # No local firewall. - nat.enable = true; - firewall.enable = false; - - firewall.allowedTCPPorts = [ - 5201 - ]; - firewall.allowedUDPPorts = [ - 5201 - ]; - }; - - disko.devices = let - disk = id: { - type = "disk"; - device = "/dev/${id}"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1M"; - type = "EF02"; # for grub MBR - }; - mdadm = { - size = "100%"; - content = { - type = "mdraid"; - name = "raid0"; - }; - }; - }; - }; - }; - in { - disk = { - sda = disk "sda"; - sdb = disk "sdb"; - }; - mdadm = { - raid0 = { - type = "mdadm"; - level = 0; - content = { - type = "gpt"; - partitions = { - primary = { - size = "100%"; - content = { - type = "filesystem"; - format = "btrfs"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; - - system.stateVersion = "23.11"; - - boot.kernelPackages = pkgs.linuxPackages_latest; - boot.initrd.includeDefaultModules = true; - boot.initrd.kernelModules = [ - "dm-raid" - "dm-integrity" - "xhci_pci_renesas" - ]; - - hardware.enableRedistributableFirmware = true; - - environment.systemPackages = [ - pkgs.hdparm - pkgs.fuse - ]; - - programs.fuse.userAllowOther = true; - - services.caddy.enable = true; - services.caddy.email = "mail@stefanjunker.de"; - services.caddy.globalConfig = '' - auto_https disable_redirects - ''; - services.caddy.virtualHosts = let - holochainDomain = "dev.infra.holochain.org"; - in { - "${nodeName}.${holochainDomain}" = { - extraConfig = '' - handle_path /s3/* { - reverse_proxy http://127.0.0.1:9000 - } - ''; - }; - }; - - # home-manager.users.steveej = _: { - # imports = [ - # ../../../home-manager/configuration/text-minimal.nix - # ]; - - # home.sessionVariables = { - # }; - - # home.packages = with pkgs; [ - # ]; - # }; - - virtualisation.libvirtd.enable = true; - virtualisation.docker.enable = true; - - virtualisation.podman.enable = true; - virtualisation.podman.autoPrune.enable = true; - # virtualisation.podman.dockerSocket.enable = true; - - boot.binfmt.emulatedSystems = [ - "aarch64-linux" - ]; - - steveej.holo-zerotier = { - enable = true; - autostart = false; - }; -} diff --git a/nix/os/devices/sj-bm-hostkey0/flake.lock b/nix/os/devices/sj-bm-hostkey0/flake.lock deleted file mode 100644 index 5ede153..0000000 --- a/nix/os/devices/sj-bm-hostkey0/flake.lock +++ /dev/null @@ -1,245 +0,0 @@ -{ - "nodes": { - "crane": { - "inputs": { - "nixpkgs": [ - "mycelium", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1716745752, - "narHash": "sha256-8K1R9Yg4r08rYk86Yq+lu3E9L3uRUb4xMqYHgl0VGS0=", - "owner": "ipetkov", - "repo": "crane", - "rev": "19ca94ec2d288de334ae932107816b4a97736cd8", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, - "disko": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1717415925, - "narHash": "sha256-KhclrqEQFrDr6Z8WqtvCdqtR7Fg35aMyfk7ANtx34Ys=", - "owner": "nix-community", - "repo": "disko", - "rev": "b106b5df3654d83197aff4826e3e34a5a5335b1c", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "disko", - "type": "github" - } - }, - "flake-compat": { - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "revCount": 57, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" - } - }, - "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "id": "flake-utils", - "type": "indirect" - } - }, - "get-flake": { - "locked": { - "lastModified": 1714237590, - "narHash": "sha256-9gtHdGbzFHaR20xORN8IYd67ROWS+1nqQ5CsPf9MD8I=", - "owner": "ursi", - "repo": "get-flake", - "rev": "a6c57417d1b857b8be53aba4095869a0f438c502", - "type": "github" - }, - "original": { - "owner": "ursi", - "repo": "get-flake", - "type": "github" - } - }, - "home-manager": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1716736833, - "narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "release-24.05", - "repo": "home-manager", - "type": "github" - } - }, - "mycelium": { - "inputs": { - "crane": "crane", - "flake-compat": "flake-compat", - "flake-utils": "flake-utils", - "nix-filter": "nix-filter", - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1717421726, - "narHash": "sha256-51B13+DTS+ZzbGPWIMMA9VwxJ34gVpbzQb0YxlzI96s=", - "owner": "threefoldtech", - "repo": "mycelium", - "rev": "c2c1243876382b8ed987f820864c66323ee33cb9", - "type": "github" - }, - "original": { - "owner": "threefoldtech", - "repo": "mycelium", - "type": "github" - } - }, - "nix-filter": { - "locked": { - "lastModified": 1710156097, - "narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=", - "owner": "numtide", - "repo": "nix-filter", - "rev": "3342559a24e85fc164b295c3444e8a139924675b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "nix-filter", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1716509168, - "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "bfb7a882678e518398ce9a31a881538679f6f092", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1717196966, - "narHash": "sha256-yZKhxVIKd2lsbOqYd5iDoUIwsRZFqE87smE2Vzf6Ck0=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "57610d2f8f0937f39dbd72251e9614b1561942d8", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1717144377, - "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "805a384895c696f802a9bf5bf4720f37385df547", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "root": { - "inputs": { - "disko": "disko", - "get-flake": "get-flake", - "home-manager": "home-manager", - "mycelium": "mycelium", - "nixpkgs": "nixpkgs_2", - "nixpkgs-unstable": "nixpkgs-unstable", - "srvos": "srvos" - } - }, - "srvos": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1717376170, - "narHash": "sha256-603uKDAsg8KKVvMzNxIgTrHvXu6vRYx32NO3tuQCIg4=", - "owner": "numtide", - "repo": "srvos", - "rev": "96998137e26a92debda49fc2a32d4852d754abb4", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "srvos", - "type": "github" - } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/secrets/hstk0/mycelium_priv_key.bin.enc b/secrets/hstk0/mycelium_priv_key.bin.enc new file mode 100644 index 0000000..49f69ca --- /dev/null +++ b/secrets/hstk0/mycelium_priv_key.bin.enc @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:2DcYHv5RCSoM3olKYZhn4BTwEROwC4+JZ/PQxF4SV7I=,iv:B27a2XnhgiHW3HAh/MnTUonmhkWvaZkmG2c2JPWV05A=,tag:TKZ/rFzQH0uvbOFoeas3Ag==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age10xwq7a4y256yhv02j0u80te0vt4krgfjc68r0uw07t96z7ggmpwqtv38a0", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwKzZsYytMYkd0WTF1TW5a\nZGpQcUYyUjYzY2UrQVp2bHhJTHRSR013Z1h3CmtjSEFaOGE5WDNDZElkM0c2N0Nh\nQTFRU2hvdlpGYlhsUlZoUGZSaWg1UTgKLS0tIHNNWUw0YytRTm5pRTFXTndBamVL\nbTJUNGNSdTloZXM4OWhrN1dlVFpHUGcKq+owmJktDTqpOgtD/makczGkRTphCtb/\nKnL1ig8xdnG+DdyhVCDmtjC7tAFgSUJBZnQi8ervh+yXOXvTJfGglg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-05-17T14:49:38Z", + "mac": "ENC[AES256_GCM,data:HqeOxzTlr6tyDWmSpvAthf/puD1wdv3a3Nv8qdt9GcR2UqmByreFPRktTwRL53NvCW+8QGSrUjah7fB2GWsuSVXowSSkY5h8W5s0O+YkFLXo9K67hhtEk+4QwYKQk5w4ZdlAEFrgDAzCFr27Mron53VLhVo0DA6GesgywTLf/B4=,iv:uV/dpuhxXl39MTzystHafirJH0mVnLsT+0h9jh4Epm8=,tag:s5uRzLtcfyNuWau9RteyvA==,type:str]", + "pgp": [ + { + "created_at": "2024-06-26T19:27:08Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQEMA0SHG/zF3227AQf+NduNIJaTv/DNmY3dGucui5Ud/ONikEdt/8q3M/iSNeQy\njdHjDbHu0UDBwKqD0Pmhs3StWSv2cs4UDvxPtaPV2sN8/WjeAUZJ1Sf2+k1Duy3n\ns40TpaHAf66JuDRkkFaYt5114AE1ypbMp29S0nv9OTpvAFy7FWtw1dsgKskQOWxW\nTnkxfttpaMoCVoUTjPZFbfPE3WJrp+r20QzwzelX5xl3SGmYvdPVDCPp1S54q+gY\n4l3b5R2wvGv3IAA0l7tKtmFe6XqzYlATOSUaP3+qHTKnXFmT1GAr3o+mLRJOG5/R\ny2CJS0wR9JKowAk23ubc1gYxcc/gIUzi5BGMvM4GlNJcAb3Q/nBs5WtjnHrk7zPK\nzzhV758th72GKhzJko6qUFwcfjaIB6h3o0NQAAlVCMXKUWk4KFY1TCgpLbd0Z6Gm\nv8tE1CFUViT/8Ys+2x7UYeWqN53ZWsioGzrk2F4=\n=sXbx\n-----END PGP MESSAGE-----", + "fp": "6F7069FE6B96E894E60EC45C6EEFA706CB17E89B" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/secrets/hstk0/secrets.yaml b/secrets/hstk0/secrets.yaml new file mode 100644 index 0000000..7b6c7fe --- /dev/null +++ b/secrets/hstk0/secrets.yaml @@ -0,0 +1,36 @@ +tf-eval-minio-root: ENC[AES256_GCM,data:83SacYkxLHU2fHbHNiLG9owDgakOY/nrZBnlDgltRlQDTSW9HkKejVrKtTaixjbxKCgsy9sgJBv8LZtqwthgZ6MI942YU2pJHL8le1wBsuY=,iv:uXbOw/9ljYjWCdafhupVJA7tIvcL801xszI8lrQnQIA=,tag:yolnZdYD1KZJFnH2gs8zzw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age10xwq7a4y256yhv02j0u80te0vt4krgfjc68r0uw07t96z7ggmpwqtv38a0 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuVXBDSTgwVWtpN01ldjdv + UWIxNEZFVVowbFk4bnRNSEl6M1pHcUdIelFFClVHK211enBkODljWHVYNmFYM0gx + L01hVFFSeExtQmFXbytzSEMrbVMxYTAKLS0tIG9lMnBTMXJMMUZUcTRFcThrd1Ny + bEhlUzFqU2hkbXBZaldzeTdCbnhOdTgKsCcLlqcl+fnvZ8EGKNWlbSbLQvzx099E + fC/QlagRvdmVfsFpOQnd0cFzQ1X0EDAx6XcGF8mHBrAKqCS9GCAIyA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-08T16:59:30Z" + mac: ENC[AES256_GCM,data:VIA7UaP1c2kli+BuppPl4LH1jiU9qAfqvfejZ0Mv0E8CxQ0eLAMJVkZIzSygLCx00cPbqAkESrniCeLYagyEP4tS/cff2ngplzig4uFbZzniYMXcYF9VIAyBhGgQGEZlZPgh4r4wmBdUFfhc0CPzmYt0obJ1LXElGdAoeM4OcPs=,iv:KPFJX2qJaxMwvrw/R8xrw5Fk5FRyTQdxq7DnszToy88=,tag:/H7iPZlWk2qMrWbwZdeF5w==,type:str] + pgp: + - created_at: "2024-06-26T19:27:08Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQEMA0SHG/zF3227AQgA1qnWMAoXFJsx0A9dX2qFhRUHOlO+VKOi678pGQu4Pwld + wUdqAylrtaLDsr+kFwLvsGUKKHzfvaQH/EfEChQb2L9njzQjwNwmgZPAq6NqZAmB + EhudaY7R12Lb507Fsh/k7dgOFTuH0/ceKtW+QKF3SVVa+DwgOx8VRP3LJwGW4PQq + mRmPkyjnuFmepziTULe0ZPvO6PaH8FvLISBvMkBH+IGXat98OVgqGFzxHkpA3pey + 8w7mKDEi6i6g72GrrjuWFuh5JjSSb3og1ziO4O8XQ7mHqbUYwc4NfeVTYD7thdyh + OsijkXHvvHkRidTjTn4ZEzxFaNgTvzRB0V7r/jEu3tJcASfyDt4sXkKv84xu29Pp + BYZLj9xUrS30bmI8NOP77sy/3++ppX96oKhi91S7F0HZcznJPOhS+YtomXCCGvS9 + qaN8kkDXt5k5dkLd2+eft7CCF8+lwf6XX/qEjPw= + =+0h1 + -----END PGP MESSAGE----- + fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/secrets/sj-bm-hostkey0/mycelium_priv_key.bin.enc b/secrets/sj-bm-hostkey0/mycelium_priv_key.bin.enc deleted file mode 100644 index 77036fc..0000000 --- a/secrets/sj-bm-hostkey0/mycelium_priv_key.bin.enc +++ /dev/null @@ -1,26 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:2DcYHv5RCSoM3olKYZhn4BTwEROwC4+JZ/PQxF4SV7I=,iv:B27a2XnhgiHW3HAh/MnTUonmhkWvaZkmG2c2JPWV05A=,tag:TKZ/rFzQH0uvbOFoeas3Ag==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwenVpMFlQbC9PR1NDTWIy\nYi93VHlTZHg1NHJ0UXNIcFFGV08zRzlyTm00Cnp2RlpuMVBsc3dWOVZVODVBQ09H\nby9GWm1pSVlya0I3b0o2T2RhZGFrc0UKLS0tIGRQK1hPQjlkWjBFb3pSRXE5MnFY\nNFkvdTg3T0FZWVZWK2thRU55a0hWYUkKPHaAqvnyaP0sG47rJD40d4r6vjMjNEif\nq0X+BT3vR1Wd2vFKhWkcrS531jX3JUX5wEPFfbqWY3SEeunkbx43Ew==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2024-05-17T14:49:38Z", - "mac": "ENC[AES256_GCM,data:HqeOxzTlr6tyDWmSpvAthf/puD1wdv3a3Nv8qdt9GcR2UqmByreFPRktTwRL53NvCW+8QGSrUjah7fB2GWsuSVXowSSkY5h8W5s0O+YkFLXo9K67hhtEk+4QwYKQk5w4ZdlAEFrgDAzCFr27Mron53VLhVo0DA6GesgywTLf/B4=,iv:uV/dpuhxXl39MTzystHafirJH0mVnLsT+0h9jh4Epm8=,tag:s5uRzLtcfyNuWau9RteyvA==,type:str]", - "pgp": [ - { - "created_at": "2024-05-17T14:49:38Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQEMA0SHG/zF3227AQf/XROsC15JsLhhO8or+6hYHYVig4cEiazJeo+lAm83WdYj\nQ/rAgQg4hSR6i84UOfPKCGS5Rv3TTkt1VsUgibwAvLdT65SB32pe5SCT68L0yHL1\nXabvMmmREbJW+zwhEz3G2ggzBrnoDE4l3npTYjrhsjEPmRJNBO3g7rigWtRL1iDR\nYl6IrBYB/NGEkfJ0lNWoY6K911Gb0TCVQXO/CMT0xbp9GTIhry9WUX1eWK/fiymP\nnJH3XSGmL2GAZnBIosFkrQlBDxHXC2Xi7kktFnzCgwrZBGYXn9ftC7toHPvn48cV\nuTzcFc2VHXxFLbDwSY/EOsfjSGjaaYXodCr2xHbkR9JcAZvLvs76by2wCzXKM8CR\nueuvS31Ah02r0JD1z8ZXWX3+etMvJEkEk3Nsngbo/r70/qtRTp/eLkTuYjzcUFMU\nXv40Izg+PiFxAOo2RK7RLRdD+YTXuddG/jxSXQY=\n=zrcf\n-----END PGP MESSAGE-----", - "fp": "6F7069FE6B96E894E60EC45C6EEFA706CB17E89B" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.8.1" - } -} \ No newline at end of file diff --git a/secrets/sj-bm-hostkey0/secrets.yaml b/secrets/sj-bm-hostkey0/secrets.yaml deleted file mode 100644 index b98d798..0000000 --- a/secrets/sj-bm-hostkey0/secrets.yaml +++ /dev/null @@ -1,36 +0,0 @@ -tf-eval-minio-root: ENC[AES256_GCM,data:83SacYkxLHU2fHbHNiLG9owDgakOY/nrZBnlDgltRlQDTSW9HkKejVrKtTaixjbxKCgsy9sgJBv8LZtqwthgZ6MI942YU2pJHL8le1wBsuY=,iv:uXbOw/9ljYjWCdafhupVJA7tIvcL801xszI8lrQnQIA=,tag:yolnZdYD1KZJFnH2gs8zzw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBa2YwTDAyWUZqRjFPWnc3 - R2FySXZ4d2RxRjlLTkZFblZIOUNPUS9kM1EwCjUrNTE2cmx6bGVTOXljZVllQzJG - clBPa1BjcC9GQ3Z6N0xYSFMvZ0J2c0EKLS0tIFQzQ2NHdmJBTFdNck53NVVyejRN - Y0xhYnI3MlhnbjhTS1dFMUdNZFdnSjgK4cl3R943LNMxA3dODf8nsSdmINkKIjB+ - fgp2whfSacWQchsWgpzdiayQoZ9XlWoklmTAX+yN0J8Q3j3CBb3S5g== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-08T16:59:30Z" - mac: ENC[AES256_GCM,data:VIA7UaP1c2kli+BuppPl4LH1jiU9qAfqvfejZ0Mv0E8CxQ0eLAMJVkZIzSygLCx00cPbqAkESrniCeLYagyEP4tS/cff2ngplzig4uFbZzniYMXcYF9VIAyBhGgQGEZlZPgh4r4wmBdUFfhc0CPzmYt0obJ1LXElGdAoeM4OcPs=,iv:KPFJX2qJaxMwvrw/R8xrw5Fk5FRyTQdxq7DnszToy88=,tag:/H7iPZlWk2qMrWbwZdeF5w==,type:str] - pgp: - - created_at: "2023-11-23T20:47:08Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - wcBMA0SHG/zF3227AQf/VZ3eNZsb6emw7b5N9rgkRqTW3QvHe/w2QJcjCjp4Hk2M - Es2jYS6EaMLvduiSf6Xl5qHoQNS+HfM3GBKyRdgP/AcrjXXqj5CzmmbMYk5MY2oU - qseV4VFvvk9i9gbHaGbbntixYHBDeBSEHb/k7jWfUxz4wPhSWxpsEW/UQ1UabDgU - C54m3l9NoJw8oseDHOW7gTPW1mm1KFVBqaJ9zeZX5FHSJ0OBDj015wuGwTxkR7pv - /NL1Xg3wtpYHEhRKh1qxqwijW6EkTK9aAJFutkkYE9nI4x48cLCHjDg1GbXgYQkn - 5rPRZPPmWhJPJIyCZIX1RkrVSXSIkI2Vjr3iKpEfltJRAY1KD6PSI3rWRHPDbM7B - oFIdVwLKvV1tBrdVk+3M+nDrXwEshBJUt7r9GTdsWVxjdFgCteTkgkSnzM2y5mbG - AUodj6a/Fvni4sYQka1QbRLn - =YLrT - -----END PGP MESSAGE----- - fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B - unencrypted_suffix: _unencrypted - version: 3.8.1 From f293ff290c1cdbe99970e82a22dba8046e021c8b Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 26 Jul 2024 13:56:20 +0200 Subject: [PATCH 123/305] router0-dmz0: manage secrets --- secrets/router0-dmz0/secrets.yaml | 38 +++++++++++++++---------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/secrets/router0-dmz0/secrets.yaml b/secrets/router0-dmz0/secrets.yaml index 6500efe..d2ef8f6 100644 --- a/secrets/router0-dmz0/secrets.yaml +++ b/secrets/router0-dmz0/secrets.yaml @@ -8,7 +8,7 @@ ssh_host_rsa_key_pub: ENC[AES256_GCM,data:N60bGf/6KNRhVUq1EIbPVo3aBDDKEpMBr5+Gt3 #ENC[AES256_GCM,data:QOMW5ALQD+CIXyqRAUzZfv42HvMfq9qiTho=,iv:/KlPuB6aBBhdMvJ9kYClfFRBMC0bSF16/EKrnH/Ifsk=,tag:Wwfk7YnNvla06I2/ajTd4g==,type:comment] #ENC[AES256_GCM,data:6/aUsWY875jPKZZiJLL3TWYeZT9VOjoJBDwjRTfjnUHcc/NTTeQRPvb+keJeMt5kfWmAzieYpslvz21UktTKqHO/,iv:+zwyh6nAP7DRhQX48/BmMCbv3W3wKfUiAWCvu8UvS8A=,tag:doc142ZXZO6ajPcuWftdtA==,type:comment] #ENC[AES256_GCM,data:GG3qBrBJSmJfUun5+0fKkp7J280oW3r5tGGjm9UMolUsZCYYv5E=,iv:gFGxT9Jr/d3fVouWEphJUxW/Hid8dAIvldkxYHb9DvM=,tag:DkgD7SIgIYyk5Ne/lGWcwQ==,type:comment] -wlan0_wpaPskFile: ENC[AES256_GCM,data:I/30uOrCPoWqnNq4WelPsDMevrmO+TuzmNrjMtPeCLS5MncX7BnX20YV5LxLsLCJS0NmCEqE58pgpeQEaUUcR0YRejCdO0yZnpMRbla6IR/irNSR/xctDQmMV6HYe6IKWE2d2LA/qWTkj+uBGJ0NtAsPIRLknuCwT8SLjClzF4/WCdoqHvxhBCESxhd3OTYr9op9uxk94iRxKsFfUBuNnckIeT/tQKqOQIHlkpperGBNRtTZ9q+Glb6lqFO1o/BJ8tAGpw0qyNO48jrRAtiIG3sauMH+UPWp86AYPhwQjwA6iDReFoH5KhZsohJSTX4vwoj46yycOTPu/loHrxySBSrYuRyOuIv7mwpRVZgJP+c3ZcngVncE3YQhLA==,iv:AlQIFKqcFSnyH1LrRN/XaTTocsMjZM20YHWcz7S3gCE=,tag:octNvum5lOOUOS6ALJ0x4g==,type:str] +wlan0_wpaPskFile: ENC[AES256_GCM,data:vVr1XQnlLcD3y7Cglta1vvBDyqIxvx0eR2X/rye1so3wYsH/Nhoy4AAa8X+CSjrXYSa0j/Sv1obbzoWxQbSvfTtM+Yx1woMoLosB3wjCB4XBtHQ0X1kQK6x6DsdrAT752mTGojaAlCoKqAXxC2uGT0dUnN8EapPejEYXrJnr4l604/Ku2/q2/+YPy3W3nKQirZjcv/5ugRr2cCFqmyseQAH9JmeaHrkDnrReyePCTIKKmbH4NTMrPR3+mTPmj7dmccKjooP3V44ZQbTZ1iPKT9p40pZQWy5mw60SM1YMd/mvf1DAfWuKSNZn5/JS/iDSUcMZVVpcIQs8EYddxEmVXMiDk2iEqcsksiEzJO6XhmTSDoThQoJwsra+tg==,iv:3iXEQv7hW7NBwD+1SkZq9z25eIavtM9pMxGi04f/a4g=,tag:x2aD4eySjODkuqXo+G/7Dg==,type:str] wg0-privatekey: ENC[AES256_GCM,data:5/5llD0itgdKhZ53IbtkwfhO+qUI+/xBCxnfQOg9yjS7knvUINURY7rl/F8=,iv:86t6XuY4a1rHY3kmC3XB6WwwPZVWAyM2saGqEZaHdJ0=,tag:4xemlclKI4RIxAe60HGuuQ==,type:str] wg0-publickey: ENC[AES256_GCM,data:D/RU+43/bYhg1lRZE9zA52AIWGd2KRF0EQcvteS4CtQN0Yy65vjGqVEkjyk=,iv:BmS0TfUQXRt1tdWBBKIUi+DqXCLTXePzbq4dUYSlQQw=,tag:qglrKjhcSBPtqNd6YCMlPQ==,type:str] wg0-peer0-psk: ENC[AES256_GCM,data:859rOfvyaeaH07s06IT2qJZjXcWZiXazQPUImYOMngTj+xNop8UHX0iDegA=,iv:V7cR9mGQrk6aKctY+1egYFhBiveqc0OwrQSJxByk0zk=,tag:WF5via8rVm8Leol5rANPqQ==,type:str] @@ -21,31 +21,31 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86 + - recipient: age1vr69hfmjgkqu47g5hjacet6n2tq4rhwnvdrmfa6n6l7fkqvvafnsaccf8u enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6NDRCejdyRzY4Q3RwY3Nk - REV5RklTUWluQzVZZ3V0VUdKTnF3TFRzTUVFCnZxUXRaRlJXSWRqVWZwNG55OW5P - T1RHT0xXaDc0bkFCNHZQdW53aWpZMHcKLS0tIDVIWTM4VjN0UXdxK3ptOEtMWG1r - THRNR0tEUzhPdFFhWWxvZlpKYmZKM2MKxc5s1jsci8jPOrvZAoofVNvHT4o9P6yv - J8rALQQXgql6obK51Q/Doyzvo1RJ0T7epiWEAZm5B3vDrf6KqbWBYw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2RTBvZEFjNDRhOUl4Rkd3 + cm5FWHpIUUlMZDl5dStlb3J2eGNndDZNNGh3CnJFcWFSSDlpY1hycWpxN1Z0OVkz + T0hTV20vNnFGQzhNVDNhMlF1d2FMNFEKLS0tIEZaajFqTjk1NjlqcE82eXVDekhL + NUhhK2oxUTAxeGxVSlBkUzdHbUpuaGMKYNvJWkKoNbdrwXHyoih22+aV+6F1yhTl + 9RplfG43PTV6tNJUScthRnCHo0CLNHwF39sb9y2kt7y8fVs2vuPzzg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-12T19:21:06Z" - mac: ENC[AES256_GCM,data:42wdJ1DCSnoBjzbKDMqYJgraQxYpsdIJ/TylLnQA93iX4YojA25b3McAIPFDxgu8jg8/nwyXVLRVlkI6ZKuRxi12K3BPrQfMvNqmBa4/SYvvMD7ywiMB7+k72ebx+ulRmj2TDz9f8koVVkD7crAgM/eIGOm3CbfwXqK0t5w2sm0=,iv:5QaQZCjacNBlgx4Q/RjRbXtvz5KzP/W1tUrtySJC1t0=,tag:4sb9lJkg56/L/gQZ192GEw==,type:str] + lastmodified: "2024-07-26T07:56:29Z" + mac: ENC[AES256_GCM,data:vNe8pUFhcZyeh/T1o1PQGvpQEEV4pEXSqC+Ssi7RXZfHe33hmhJoOyfj1KytJnUAE22BWXzuNQdwMj+mmuUP8bAdgLZPWZjU3g2H7O6NTOUHHBymZSXnMvzzPBlHZDw9GzUkgEdbze/SLzEL6ZjplBIr+DOEDfkC9TsDokie+f4=,iv:HhHJXk+mo6WxKIs41wtCVwxG2j3C+em3dR6fDNnhMn4=,tag:Wzr21Rk7hB7+6zK6XfWbig==,type:str] pgp: - - created_at: "2023-08-11T16:15:11Z" + - created_at: "2024-07-13T14:51:09Z" enc: |- -----BEGIN PGP MESSAGE----- - wcBMA0SHG/zF3227AQf+LuGZY70bnoWRAzpxCJnxtf0UfoYkIQoVGeHdnjJ5DTx+ - NXtGN+gYTfuCUIf1lQRnd8FdQbDUSuHFmaDKFFts3SJR24ZO3N761Ye429FycMp3 - pyx5RYs1qXYMilN/RLSnEqrsjOpnO21VpxuAxbe9HY5Wp0jLDGdUvpdk2mQqqhx8 - ZYFbEs9ZZHq568k9ELpJcudlNnvkZPoecMsFiAWP1oh7V0cSacfSUJiqXA2/Ug1a - 8vweej2pwJ6kaoLIFqjD6qI2rKNtSC+woHD517kldLr6BMetNNc/gEiyat2zOGRB - 596SIBBf3eCvXCHSMJDtOWsT977CUO2pz+DPTmdqMtJRAbbz9Ks22jtPViAFZDzY - pyDwCuX2hTJ2c7r3KA0o7lG4pfvfLkOqXXcV3SnSBvYy4fuhLp2Id+1GWCOD0o1O - v5QlxcXSMuOeGygclwHdxzs+ - =NQjH + hQEMA0SHG/zF3227AQf/T6Q1PsQ+qH2gGRrF29Ng9LehcKu2UMjTN3uKCgy7klPm + Pd5qLxQA94GNz/70AL0sOUdc04R7pWWsswBuhNj1semefH/DAMRDfCt9+DpV23Lz + bswCQXWqpDy0CUKULwLoMRbcM5PZcsnRsa5xky07uub7GyZ8m+UFzD1ISzn9bbIQ + Sg5MTIegQC1QDYZLWFpP/kSf1AvZUG3HfMee9tapyMgEaMVW7XAy+C/DrIIEdnAk + 6m/QWD+PyDfJf2RA9URoezpSgi4foCuc1PAX4k8Oq71YRjBZWSrBtVa6sfCvsfdF + cEKvXJk3X2/glYRiQrIfib9QRjewWwOcfEV4R2knZtJeAa8ppOZQAfO0YFAzZPd/ + yIBsHXBG3gXRBUe+dGF3nKaA2mFuktK2GRI78lON0oDrHm2a02n9dwyYG/HnvgNZ + sEc6lNHEV2ERedCeaTfAgCg6kWTWgP1ckkY3IAdHgg== + =nn0o -----END PGP MESSAGE----- fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B unencrypted_suffix: _unencrypted From b10d800586fb508c7466a1bb48392a27224f48fb Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 26 Jul 2024 13:59:27 +0200 Subject: [PATCH 124/305] flake: update --- flake.lock | 46 +++++++++++++++++++++++----------------------- flake.nix | 6 ++++-- 2 files changed, 27 insertions(+), 25 deletions(-) diff --git a/flake.lock b/flake.lock index 25e159b..a62330d 100644 --- a/flake.lock +++ b/flake.lock @@ -80,11 +80,11 @@ ] }, "locked": { - "lastModified": 1713459701, - "narHash": "sha256-LjQ11ASxnv/FXfb8QnrIyMkyqSqcBPX+lFK8gu0jSQE=", + "lastModified": 1720226507, + "narHash": "sha256-yHVvNsgrpyNTXZBEokL8uyB2J6gB1wEx0KOJzoeZi1A=", "owner": "ipetkov", "repo": "crane", - "rev": "45ea0059fb325132fdc3c39faffb0941d25d08d3", + "rev": "0aed560c5c0a61c9385bddff471a13036203e11c", "type": "github" }, "original": { @@ -101,11 +101,11 @@ ] }, "locked": { - "lastModified": 1701905325, - "narHash": "sha256-lda63LmEIlDMeCgWfjr3/wb487XPllBByfrGRieyEk4=", + "lastModified": 1718008439, + "narHash": "sha256-nlh/2uD5p2SAdkn6Zuey20yaR5FFWvhL3poapDGNE4Y=", "owner": "nix-community", "repo": "disko", - "rev": "1144887c6f4d2dcbb2316a24364ef53e25b0fcfe", + "rev": "c1cfbfad7cb45f0c177b35b59ba67d1b5fc7ca82", "type": "github" }, "original": { @@ -242,11 +242,11 @@ ] }, "locked": { - "lastModified": 1701473968, - "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=", + "lastModified": 1717285511, + "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5", + "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", "type": "github" }, "original": { @@ -500,11 +500,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1712738767, - "narHash": "sha256-H02MqBYW6ekafiO8ol8gZq1JwGM1eQYLXhHrnFouBJg=", + "lastModified": 1718803059, + "narHash": "sha256-MYvDgSPWdF0hP6vzOhpqY+2a66ZLELFj+MUP5S/+dBY=", "owner": "numtide", "repo": "nixos-anywhere", - "rev": "05854a92a58f4332e9e55ef3aef1570b8ae8bc72", + "rev": "ce18c086d8ca143d43ab20b3db20ab1e3e62c519", "type": "github" }, "original": { @@ -516,7 +516,7 @@ }, "nixos-images": { "inputs": { - "nixos-2311": [ + "nixos-stable": [ "nixos-anywhere", "nixos-stable" ], @@ -526,11 +526,11 @@ ] }, "locked": { - "lastModified": 1702375325, - "narHash": "sha256-kEdrh6IB7xh7YDwZ0ZVCngCs+uoS9gx4ydEoJRnM1Is=", + "lastModified": 1717994219, + "narHash": "sha256-ueTu01bYU5QXdL77psMkApYHpk339xNHg/M7ZzP3uPI=", "owner": "nix-community", "repo": "nixos-images", - "rev": "d655cc02fcb9ecdcca4f3fb307e291a4b5be1339", + "rev": "e2fd329c3a39a90bb43e1e2cf47c180ed57831bf", "type": "github" }, "original": { @@ -541,16 +541,16 @@ }, "nixos-stable": { "locked": { - "lastModified": 1702233072, - "narHash": "sha256-H5G2wgbim2Ku6G6w+NSaQaauv6B6DlPhY9fMvArKqRo=", + "lastModified": 1717696253, + "narHash": "sha256-1+ua0ggXlYYPLTmMl3YeYYsBXDSCqT+Gw3u6l4gvMhA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "781e2a9797ecf0f146e81425c822dca69fe4a348", + "rev": "9b5328b7f761a7bbdc0e332ac4cf076a3eedb89b", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.11", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } @@ -1039,11 +1039,11 @@ ] }, "locked": { - "lastModified": 1702376629, - "narHash": "sha256-9uAY8a7JN4DvLe/g4OoldqPbcNZ09YOVXID+CkIqL70=", + "lastModified": 1717850719, + "narHash": "sha256-npYqVg+Wk4oxnWrnVG7416fpfrlRhp/lQ6wQ4DHI8YE=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "390018a9398f9763bfc05ffe6443ce0622cb9ba6", + "rev": "4fc1c45a5f50169f9f29f6a98a438fb910b834ed", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 22b036b..4df5593 100644 --- a/flake.nix +++ b/flake.nix @@ -212,12 +212,14 @@ packages = let dcpj4110dw = pkgs.callPackage (self + /nix/pkgs/dcpj4110dw) {}; + craneLibFn = (inputs.crane.mkLib inputs.nixpkgs.legacyPackages.${system}).overrideToolchain; + craneLib = - inputs.crane.lib.${system}.overrideToolchain + craneLibFn inputs'.fenix.packages.stable.toolchain; craneLibOfiPass = - inputs.crane.lib.${system}.overrideToolchain + craneLibFn ( inputs'.fenix.packages.stable.toolchain # .override { From f43d86e63f902eb5e8accfd67232d4dc6d2c5aef Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 26 Jul 2024 13:59:34 +0200 Subject: [PATCH 125/305] flake: use my fork of prs for zsh completion --- flake.lock | 8 ++++---- flake.nix | 5 ++++- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index a62330d..6d26926 100644 --- a/flake.lock +++ b/flake.lock @@ -821,17 +821,17 @@ "prs": { "flake": false, "locked": { - "lastModified": 1710690510, - "narHash": "sha256-MvQ0B35NF/AuGHBMa201FkFlU/UX0WXMcBRxTJwpUFw=", + "lastModified": 1719086486, + "narHash": "sha256-YQYiN1T7YHYQYv6GoRNdi7Jq93+U+ydoF64tZxuVW+0=", "owner": "timvisee", "repo": "prs", - "rev": "b0d7c2f193de501c880c41e486299c420c1f6e6b", + "rev": "07f17a93d19fb6bc92c9c7f3ae3f5cc750b1f973", "type": "gitlab" }, "original": { "owner": "timvisee", - "ref": "master", "repo": "prs", + "rev": "07f17a93d19fb6bc92c9c7f3ae3f5cc750b1f973", "type": "gitlab" } }, diff --git a/flake.nix b/flake.nix index 4df5593..3e8d9b5 100644 --- a/flake.nix +++ b/flake.nix @@ -78,7 +78,10 @@ }; prs = { - url = "gitlab:timvisee/prs/master"; + # https://gitlab.com/timvisee/prs/-/merge_requests/42/ + # $ find "$(dirname $(readlink $(which prs)))/.." -name "_prs" + url = "gitlab:timvisee/prs/07f17a93d19fb6bc92c9c7f3ae3f5cc750b1f973"; + # url = "gitlab:steveej/prs/zsh-autocomplete-query"; flake = false; }; From d81f342a217c899c1ab93fa42de1fbca823ecc79 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 26 Jul 2024 14:01:23 +0200 Subject: [PATCH 126/305] devshells: add screen --- nix/devShells.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nix/devShells.nix b/nix/devShells.nix index 0ef989d..709f5fd 100644 --- a/nix/devShells.nix +++ b/nix/devShells.nix @@ -80,6 +80,8 @@ in { jq yq wireguard-tools + + screen ]; # Set Environment Variables From a8ff34b8201dca020c92b3f2918cb530f387a71e Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 26 Jul 2024 14:01:59 +0200 Subject: [PATCH 127/305] router0-dmz0: update and tweak wifi --- .sops.yaml | 2 +- nix/os/devices/router0-dmz0/configuration.nix | 34 ++++---- nix/os/devices/router0-dmz0/flake.lock | 81 +++++++------------ nix/os/devices/router0-dmz0/flake.nix | 10 +-- 4 files changed, 53 insertions(+), 74 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 8f66652..b807986 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -15,7 +15,7 @@ keys: - &sj-vps-htz0 age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - &sj-srv1 age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - &srv0-dmz0 age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 - - &router0-dmz0 age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86 + - &router0-dmz0 age1vr69hfmjgkqu47g5hjacet6n2tq4rhwnvdrmfa6n6l7fkqvvafnsaccf8u - &router0-ifog age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00 - &router0-hosthatch age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4 - &hstk0 age10xwq7a4y256yhv02j0u80te0vt4krgfjc68r0uw07t96z7ggmpwqtv38a0 diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 06715a1..1486713 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -770,13 +770,13 @@ in { ]; routes = [ - { - routeConfig = { - # test the set uprouting to a specific IP - Destination = "${repoFlake.colmena.sj-bm-hostkey0.deployment.targetHost}/32"; - MultiPathRoute = "10.0.0.0 1"; - }; - } + # { + # routeConfig = { + # # test the set uprouting to a specific IP + # Destination = "${repoFlake.colmena.sj-bm-hostkey0.deployment.targetHost}/32"; + # MultiPathRoute = "10.0.0.0 1"; + # }; + # } ]; }; "50-wg1" = { @@ -786,12 +786,12 @@ in { "10.0.0.3/31" ]; routes = [ - { - routeConfig = { - Destination = "${repoFlake.colmena.sj-bm-hostkey0.deployment.targetHost}/32"; - MultiPathRoute = "10.0.0.2 1"; - }; - } + # { + # routeConfig = { + # Destination = "${repoFlake.colmena.sj-bm-hostkey0.deployment.targetHost}/32"; + # MultiPathRoute = "10.0.0.2 1"; + # }; + # } ]; }; @@ -904,7 +904,8 @@ in { in { wlan0 = { band = "2g"; - countryCode = "CH"; + # FIXME: apparently setting this could cause bugs, testing disabling it for a while. + # countryCode = "CH"; channel = 0; # 0 would mean Automatic Channel Selection settings = { @@ -1047,6 +1048,11 @@ in { ieee8021x = 1; eap_server = 1; + + multicast_to_unicast = 0; + + skip_inactivity_poll = 0; + disassoc_low_ack = 0; }; }; diff --git a/nix/os/devices/router0-dmz0/flake.lock b/nix/os/devices/router0-dmz0/flake.lock index ba9afef..ac9c8e0 100644 --- a/nix/os/devices/router0-dmz0/flake.lock +++ b/nix/os/devices/router0-dmz0/flake.lock @@ -1,26 +1,5 @@ { "nodes": { - "bpir3": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1712309414, - "narHash": "sha256-Z1bK3rlZhI1qVDU3qS4cqZBIQL2xomtUPYHdxQgRuw0=", - "owner": "steveej-forks", - "repo": "nixos-bpir3", - "rev": "4cfe402142e6ef76d83fcd7c92d75029a39d3997", - "type": "github" - }, - "original": { - "owner": "steveej-forks", - "ref": "pr_kernel_config_for_nixpkgs_update", - "repo": "nixos-bpir3", - "type": "github" - } - }, "dependencyDagOfSubmodule": { "inputs": { "nixpkgs": [ @@ -49,11 +28,11 @@ ] }, "locked": { - "lastModified": 1714405407, - "narHash": "sha256-h3pOvHCXkSdp1KOZqtkQmHgkR7VaOJXDhqhumk7sZLY=", + "lastModified": 1720661479, + "narHash": "sha256-nsGgA14vVn0GGiqEfomtVgviRJCuSR3UEopfP8ixW1I=", "owner": "nix-community", "repo": "disko", - "rev": "5eaf747af38dd272e1ab28a8ec4bd972424b07cf", + "rev": "786965e1b1ed3fd2018d78399984f461e2a44689", "type": "github" }, "original": { @@ -84,11 +63,11 @@ ] }, "locked": { - "lastModified": 1716736833, - "narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=", + "lastModified": 1720042825, + "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=", "owner": "nix-community", "repo": "home-manager", - "rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6", + "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", "type": "github" }, "original": { @@ -101,11 +80,11 @@ "hostapd": { "flake": false, "locked": { - "lastModified": 1713985129, - "narHash": "sha256-TBC+vZMFPApHAlw5FDPGqgZeYNskdvF56mJsSBoAm1M=", + "lastModified": 1720791870, + "narHash": "sha256-8dEM8oXfFngxdumug+soQqeXefej3WC/kgv8aLmGvNk=", "ref": "refs/heads/main", - "rev": "1dda619ed291edddf979d4513ddc59abf0a30c9e", - "revCount": 19546, + "rev": "7b8517d1974fa728e07dabcbd788c6ef6a8a96dd", + "revCount": 19652, "type": "git", "url": "git://w1.fi/hostap.git?branch=main" }, @@ -122,11 +101,11 @@ ] }, "locked": { - "lastModified": 1709392539, - "narHash": "sha256-cZ7vOO5KmvVQMHnpi1hBX+bUJlVL6cK8I3m2SPHANtg=", + "lastModified": 1715521768, + "narHash": "sha256-BQkkBqDemoPRd2a4G94I9w9fNE0IxWtVsQ9SalnNqCQ=", "owner": "thelegy", "repo": "nixos-nftables-firewall", - "rev": "412ea84967cd087fc668ef6994f419bd16ac1174", + "rev": "2c5a19966b4dfc5ca92df7eb250c68f90be653c8", "type": "github" }, "original": { @@ -142,27 +121,26 @@ ] }, "locked": { - "lastModified": 1717352972, - "narHash": "sha256-nMLhyLen1Q7+8Bchr4rxC6dGze2+Bxm2jIxuAAKrC7w=", - "owner": "steveej-forks", - "repo": "nakato_nixos-sbc", - "rev": "b04407e73daf3ac9f6eea161b74f8cf990666fe0", + "lastModified": 1720165368, + "narHash": "sha256-gTTaQoMeD9s0X/qvzkfnQ6IyYP7qam406sXQ8sbq1P0=", + "owner": "nakato", + "repo": "nixos-sbc", + "rev": "ddb8f1a16f1b6ebb32cb7b13125e45d65673905e", "type": "github" }, "original": { - "owner": "steveej-forks", - "ref": "kernel-6.9_and_cross-compile", - "repo": "nakato_nixos-sbc", + "owner": "nakato", + "repo": "nixos-sbc", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1717144377, - "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", + "lastModified": 1720691131, + "narHash": "sha256-CWT+KN8aTPyMIx8P303gsVxUnkinIz0a/Cmasz1jyIM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "805a384895c696f802a9bf5bf4720f37385df547", + "rev": "a046c1202e11b62cbede5385ba64908feb7bfac4", "type": "github" }, "original": { @@ -174,11 +152,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1716948383, - "narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=", + "lastModified": 1720542800, + "narHash": "sha256-ZgnNHuKV6h2+fQ5LuqnUaqZey1Lqqt5dTUAiAnqH0QQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ad57eef4ef0659193044870c731987a6df5cf56b", + "rev": "feb2849fdeb70028c70d73b848214b00d324a497", "type": "github" }, "original": { @@ -208,7 +186,6 @@ }, "root": { "inputs": { - "bpir3": "bpir3", "disko": "disko", "get-flake": "get-flake", "home-manager": "home-manager", @@ -228,11 +205,11 @@ ] }, "locked": { - "lastModified": 1714444742, - "narHash": "sha256-FOWYXEEtwYKAGmXgKVYli/VsA8XpeR+4wNKt+3M/9b4=", + "lastModified": 1720691926, + "narHash": "sha256-VE9ZfWRbyBjps5GV8KXiF8XodAykmwRpcJtPiVWCu8M=", "owner": "numtide", "repo": "srvos", - "rev": "b18e74f2245eaae150bc753821079c2512fe1516", + "rev": "e3e8ff545ef14f13c69a0f743078637fde952018", "type": "github" }, "original": { diff --git a/nix/os/devices/router0-dmz0/flake.nix b/nix/os/devices/router0-dmz0/flake.nix index f1b6a04..c177972 100644 --- a/nix/os/devices/router0-dmz0/flake.nix +++ b/nix/os/devices/router0-dmz0/flake.nix @@ -13,14 +13,10 @@ srvos.url = "github:numtide/srvos"; srvos.inputs.nixpkgs.follows = "nixpkgs"; - bpir3.url = - "github:steveej-forks/nixos-bpir3/pr_kernel_config_for_nixpkgs_update" - # "/home/steveej/src/steveej/nixos-bpir3" + nixos-sbc.url = + "github:nakato/nixos-sbc" + # "github:steveej-forks/nakato_nixos-sbc/kernel-6.9_and_cross-compile" ; - - bpir3.inputs.nixpkgs.follows = "nixpkgs"; - - nixos-sbc.url = "github:steveej-forks/nakato_nixos-sbc/kernel-6.9_and_cross-compile"; nixos-sbc.inputs.nixpkgs.follows = "nixpkgs"; nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall"; From effadec3874a157ebe6ef068c6973869fdfd9caf Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 26 Jul 2024 14:02:27 +0200 Subject: [PATCH 128/305] reencrypt secrets --- secrets/shared-users.yaml | 134 +++++++++++++++--------------- secrets/work-holo/zerotierone.txt | 10 +-- 2 files changed, 70 insertions(+), 74 deletions(-) diff --git a/secrets/shared-users.yaml b/secrets/shared-users.yaml index 6e5bbf7..bc05028 100644 --- a/secrets/shared-users.yaml +++ b/secrets/shared-users.yaml @@ -16,118 +16,118 @@ sops: - recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0WWlBR1NxR3dFZzl5U2tQ - UDVmL0VTZ3hISDIzei9GYnVUSnZ5cmFHVUJnCkQ4dEd1bmR6b0N6VFVqNmVsOG9o - b3hZalkyMXJaWEpxRlhRSWc2V09HT0UKLS0tIGJRc0lCTk9md0xDMlB3U1JMWDM2 - VmpLVXdFcG1wZ2pJTFc1NnphalVxV28KAY9l6szySiyYEwsdyVkngwUo7NhkZcQv - u46mxDco2mx6oAN+xhSWOwcUl6n8VR8p/voS/eA0uibNAN0myfoJ1Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFNEhXWDlsNjFIdXdZQkVa + T3RJeWZQOWgva2lMdHZ2MG54QURQK1ZGQnhzCmwvUWZYaGlIeTQ5WStscXU2Y3NM + am9ybGhkdHE5M25uUXVMNmtRRkZlVTgKLS0tIGovcUZFdnkxdjZDck1TczVOTXND + cUdkdEJ0TFBqUmo3US82M0JIZ2ZwcHcKSbLAajoj/GcQIe2LDSTIKy8Ztuw719hF + UIUsPBI8QsUJcLFYm9S47wm6If82Rmj2h4A0wk7dkPj5onSrdFqyiQ== -----END AGE ENCRYPTED FILE----- - recipient: age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwUW54c2VvWWVjeWNRMWlt - U1M3TnBod1RVTC9Fc0IwdGs1UGREM0VKVlZnClhUVHpVTzBEL1lpN1BuTzJ3bVNO - aU5oMENnbCtuYVJNLzJJT0RENVNQTEkKLS0tIGRIaWpSWVlvZmllcjNoUzVhdnlK - RUIzMW5vMlFRUWgrTmhxaFJIODFPOVkKdK4ztFlYPv2pu1dGElvIVhPMM3nntV3u - I4iAVNDmTvLkIkogqpr05efuH5C0e53P4t+JwjysEjk7Lh7UQuqBZw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPWW9kd2tUYTkyaEROMjBK + NmZPZ3ZBRVpjL0VOeDNHS0libndFeE9TQ1NNCisrVFhza1JwYWt1VVBmSWd0VlQ5 + cDd2LzUyUllUQjdBMldlRFl0R1NxWXMKLS0tIEVIQ3RsZUJjUXVURHl2VEtaZ0xM + MFkwbU1RTnNPdHk5cW9laDhuNS9Ua1kK2QRHbLlQuQRHpjLBTNUV9qkn0+3J7AgV + H/WJH2cIjJcloRkV/vllLQA6Xd2V6aYPyWKaj0htnlthvCcDFa+6vA== -----END AGE ENCRYPTED FILE----- - recipient: age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMTFZJTldobVg2a3hrMUZT - aVp5YjlRREtzUCtRSUpFSkJNUEZBaU5NbERZCmJBeGZHbFl4dVVqcS8raHh3OW1J - b0p3ZDZNbUR1OThtSmMzZWVHZy9OTWcKLS0tIER2d0hGdEJCV05nY0hMcHMzV0tX - YWlFUDNndFc1eitnbXpuWi9WbExKUGcKwV+QGI33JB0bE1XpQdjsxMs8E2jpjzu6 - Ex0XRInsP6YjH+yJu8mMGh92rroKNxoSZ3Ku/JLlTFxreFUwwW0iKA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6M08vb2l0Rmo3WFRBZWRQ + b2crK3VQR3ZRNE53VzY5U3JkSFNYNXFyUkFnCmJXVlEzSTRKUVp5Y2U3SUtOa2Vj + RlA5WVZ6b3VhWnpJdXlkOWV3VjBxSkUKLS0tIExxYWZNNXpXdTR6eUszRU5CWWZv + RTE3aytzYmR6dUxWSktXNE5kUnFOQmMKwnk9/LjT5sMyyVyFCfTjwTN8I493tRky + Pj2y8u/M+d4s6llA+k5zEBB2yYE+VPRqF4dz3XwqDDomHJb98YAh5w== -----END AGE ENCRYPTED FILE----- - recipient: age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVRFF4dEd6ZGs0dWpwT3V1 - QTZBM094RU42YVFLWUpuYjZOelNtTkwyVHpjCnlzNGxkRHRhYktXbGltT09tQ2J0 - cjRjc0Z6d0lVOHA0Rmg0RTllYUhoaGcKLS0tIDkzVk9uc0ZqS0N6d0VqVjhrbkkv - eW9vMHBsYXZZMkRnK05BRFlCREpQeUkKYmA5u+zcuBd5hE0wSkq0/n7T+h/BqXlm - PPZNYMNeVwdQx+vcedpi+eZ83bm73KBEcRn2B7fyrrQdjj7sSK+afQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQMnorb0s4NFpTdmkyVUxl + Q1ZHRi9QWktTTW5xaWYzUnQrUmNzMXZPemxBCnFVZ2lWeUpPd2hlTjJ0VmJNaWFQ + UFdGTHFxQjVZRGlwTjZ5TURPVzF0RGcKLS0tIGVmZExBMWhmV0RhRDVUNXJyUjUz + L2FsWUhGQWlNSUlJVnNLYkdqakhCbmsKAtnEPfI2fPjRPimEVI7yX4VrYzHvNfnS + juJbqMO6cy544O/5r2mkgUgo7VmUtFHmyrUFgmtpx3Hu22fdGmX4vQ== -----END AGE ENCRYPTED FILE----- - recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQd2d5U2tyeDE5Y1dnR0Nh - djF0S1AzTDJaZU9HdTVEd1MwQ0tnUlNTUFRFCk1BVHdzM2k4S0lZYlo0SGNJSXUz - enVOQ1BDdVcwTVA0NDQyM1JZQzJJZ28KLS0tIGJYdDA3TDRzdUMvV21nL0FhY0U4 - WmpmS1p0dVUyN01NM0JlLzZXdEVIeDgKk0TG9dNInrDCYPQ3gP8y4Q0ELS0JYbqb - wBY7bTcD8INyFESQE33taajmzCtgP4Cw/9M6XHUBWYPuxiFgwGLLhQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRdXFTUFNhZlptSWMvdndq + aisyNFJ0WjIxa2dYYkptS2FwcGRTTktZNUJBCk1ZWC9sbDYwQUxaQVdqeTE3R1VY + NUZSMjlrRW5USGZBaENGdDJSM0prUlUKLS0tIHBXc1dNYXZkL1NBMThrMkJnSTl1 + cUR3dUZKV1FTK2dKK1FTZndtOW9Ed1kKStJ6/ER1SAGrBGJN4gXjTY0otsRoT9jN + 6sMeD82p4Y3OUOz6QhtzLquwa5pV23TVP0CG4ilK8xPX4K/JklNQmg== -----END AGE ENCRYPTED FILE----- - - recipient: age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86 + - recipient: age1vr69hfmjgkqu47g5hjacet6n2tq4rhwnvdrmfa6n6l7fkqvvafnsaccf8u enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQaDFjVlpWdVViVjBNcGhy - cldxYUl1dzZkL1JYTDkyMkRGMWJZbHhDZmowCmtQV05XOGpGbFBZWDFaZGloY1R4 - eG5VOGwrVTIvVmxtRzdtVUpZVmpyOU0KLS0tIGFqeEFIUUFwM3c5cVpuU2RxTmVS - eHNvazBsSTljcWN4cHVobUU3cllSVGcKmAP+IXlvZwNt8f+OuhYKZCB/c5+20yfG - 93BSrSZgw0mc8qSeS5pK5WMICRG+IGNEPgDg0f43icgaogL/rwaFmQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4TDJ0VjJGV1RyVmdjSlly + OEpNbCtxN3dBR1dMYms4Q3U4cW1RU0VWRmswCkpORVRHMmpYRUhsaHVCQ1d3Mmhh + TkY2TFdiWnVieENPeXk2R3oxclJtUzAKLS0tIDFEZFBKUUx4OHgycWozRVBkeWFs + YUpBRWU1Mzg0YlVGb3BXUzQ5Q0MxZk0K8SXgkE0Ixo16alXjSE+ILnE/ZoOWyYVL + +u4LvOur6brdVyvkm8tQjkfzFBwUYMJesgLO5Ws3NBj7dAg/ec1kDg== -----END AGE ENCRYPTED FILE----- - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVSG5qbnVFbGM4dndlUkto - UE9Jc0Y5YjQ0QXJqWVd0Umo5UVNjY1kwTlQwCjdQaEMxY0VncmlrTHM3WWo2cWJh - Y0J3MHkxZHZyOGRxWHA1cktCWFR1dTQKLS0tIHZFb0diQllCQ0wwUjdGeHNDeGlD - NitOWm5CeWRrc0dyTUFYdTdtUjI3TXMK/7IyFuIPWOZHpWz32Ds1nTQYEKFCthSz - d3N60YmYevNGWrMgOEcsg3LoAq8aOtWWj5bHVDKXMSniAf4sN0MWUg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYV2tnZVBMeHhjVTFoYm9E + V3l2dWhvYlRDQzNnS0RKc0g4L1R5WDZzcDNBCjN6RXhHMzhzOG1BSWgwcWNqa2dO + WTdwSVRXbkhVbjI0R1lrY1Zhbk1qSmsKLS0tIGpVaXd6czI5S3VYTTdqNVhGbjB3 + cVZFdXFqVGtwSURSRENzSWhtSnZQaW8KIn14YKiCs3JupsvbY7NAzc2zMoGS0BM9 + Vp0dPXlEL9iT5H96jpn/W1ODRqbjmIOs4vCmmb2etvytSnoLNqgx8w== -----END AGE ENCRYPTED FILE----- - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJajkzVTFVYjFEUE1WVVZ5 - dW04VmZraFlXL0xnMVYyN0lhbHJxQ1IreXlRCmkvNXZDeTJLOG11bXN1ZzFFeVNE - RVpCb3gvaElVZ2FKRCtGVDlBalY3dTQKLS0tIE5hUG5BUnNnejJBS1lOQ0FRcDRx - endRb0VjcmVrbSsxOHlwL0M1MFFLR2cK8melHXX8FyxCKYlY1VEeZ8YX55KwsLQn - UTpCRodnPPh0Q0RaNyjvlQPbyW1V6fjoPPsLyYc3SyqyuNWKkpv41Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCampiMk9BNGVVWUhRdVAy + aW5Db1BYV1FWMCtmRkhiLzZDWWIyckdTaVFnCktPaXppVk9telNGV00yRGJkeFRE + MkU3R1dtd0ZBWE9IUzEvbGlmWkpXeEEKLS0tIEpDWjk3WVZ4c2RIbVdscTZiSUV0 + RDNsSE1CREhpeG5lM2pPRmhkL1NxdjQK6YQBGQT2LscB4+J3y8zUg+eX67CAfDZ/ + zfi7D4W8z3vJZ49329gc5bmjjvYpauWdo/WDsgRYZbvQMil3ug/7dA== -----END AGE ENCRYPTED FILE----- - - recipient: age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44 + - recipient: age10xwq7a4y256yhv02j0u80te0vt4krgfjc68r0uw07t96z7ggmpwqtv38a0 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4QU1Zc1lhT0JkZk9vdlZN - UnphdTR3UEdsUUVBbVZkS2NFVC95Q3QrcFVJCmJZYWJKY3dOYys2SGViQ1RPYXZJ - NEc1RFNJTEFJMDY4eWtzUUxTUm5NYVkKLS0tIEIxOTIwUXAwcHhrQ3RHWjNkRjRx - NGJPWkNMd3g5TkR5SHVjeXlDNDg4MkEKaunoz1UUX7jVGtRCZtEa3qFNUH7iuo+S - RcmWF3p7VUoKEau9F0Wvp5FtbySZQ59vwjMUnuTXagd6RecncaR0Ww== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZjFUL2pxSkNrRjRhb3RE + dVRqbWJrbXd6Sk8yOHEyN0tKQ3hSNnlROEN3Cm44VkxJMDB0Y2daZm5CWEl2TDJL + cUZjRUtYOFlBRUhMMkRBWWk5a05zV00KLS0tIEJySHY5UGJMSjJVMmxMSWp1UlMr + TnhhNERwaGN3TC95S04ybVhoVWM0N1kK9vAj3s57u+3dWVpAb1ttJUZ8hzFmqgWg + yUHXwwfRphdlNr+53kCbZ8XxT9+doeB1nvlrn/9s0J90Alqv6k/vDQ== -----END AGE ENCRYPTED FILE----- - recipient: age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyeVJWMS9SU2pvWGdZaU5h - WUFxeE9OUTRFcnFLd3d4OEVZWHNpNFlEbFhrCnk1bGhSZ0piWlpGR2tpV2dIQlNP - em4xNEFBU1F0SEFhRnNva3phMnBPZTgKLS0tIFVkcFZKbjRvWFdVd1VDMkhRUHRy - ZjB3WlhmUDE2WHNEL1I0dWpKdkNybWcKXTmTurT3N3X1RLSZ+xbGEnafZ9Y8FEg/ - pcGVHWj4eZ6bWKwEYiRRxcxlEC5ZRsEuunhULU3GajChYv4wz+xXqg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvSHdiQlFDdHJoQVFwSDNN + UUwxMkJ0cmFPcWZrUlNOUHZvd29hY3dVVEM4CitzRVMyWHhiV2wvaGlwRmczTkRr + YXhqS2JjWWc0QlRQUkVoQ05BMkNpZXcKLS0tIGJwTW1IQmg4T0FYRTJ3UWhzV0l5 + TTBrMnBkZ3JGZ0FVakNTR3A5VzNCd28K3CFTudi0ac6MNFdnr0AASIghZGuGdt+i + owcUnRFuJg87RPgSsAWvh1mRMHyBTUEBBop62Lp44H8hLcTXwVRwFg== -----END AGE ENCRYPTED FILE----- - recipient: age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0TGIzZVYvZGxIUENyRWJ4 - blh0Ym5WZEhSeVp0S3RvRUhjcGtoVVpBSzFBClgvQnN5NGo5Z21vZmM4UTJhRy9F - cmtTajRmRmlZMjBYcjFraEo1OHUzYVEKLS0tIHlQeTZlclF4V1FmaERDUjJJZ2Q5 - UldneUZ6b1g2WG9kd0dHR2JXYVN0Uk0KAdEYkEL++Ge/YKPOHNUNETVxpH9vyfaA - MN5uPQWLp0+Tt9/jFOhc8S5P320me+2k+yKp/cPEcSuvNzipS63FYg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwL0JNbmNFUEF0VGlWNk5N + SnRNNStpSDcyQ0N4Qy9UNGtlaXc0YS91dVFNCkhZcEY0L1FvaVl1dHdDamEyVE9r + amJaZUxYQ2tqa0pwVHdHZ2RXTFBGSXcKLS0tIFBSTm5pZ1BFMWhpNUl1M3VuSGli + T1drTFFKUFR2MVVtNGhqYmFCQVduWkUKOLhOpIBiYaOZ7JR1X3WYVUq7IESdu2pw + bAsmmjFymFcLvlm2IdFxb1xEh3hj1c6TdzeKkU1dnUSe8N4wnCQJpg== -----END AGE ENCRYPTED FILE----- lastmodified: "2023-07-06T20:14:22Z" mac: ENC[AES256_GCM,data:GPWu5DjjJ1ki+HRuedGdDCt+2V0RPbOsD/yWJxPIkgu5923vnF8y9y4V6e6+ZsTqHv4hsKeCjKtUnh2Ldn+xadwJmqrIxyJ8NzH5TOvcBxAab9cJCp/yKENw0O1WMUTlDPelvQKMDwbgiebaVVfxbQPUEfJGOgkHkyXrgqN94FU=,iv:h9YALYahUl7mRJmZKjArEfaMrfW9YZkVYd2CEooF13Q=,tag:wotqxup/ouG/bEVOZCs19w==,type:str] pgp: - - created_at: "2024-06-09T14:07:43Z" + - created_at: "2024-07-13T14:51:09Z" enc: |- -----BEGIN PGP MESSAGE----- - hQEMA0SHG/zF3227AQf9Giz/3hRC91WPtMzoR7MVPQWmiOQDtPcqUMVRoNn4Sq68 - zdCU4MAUBkQ2ZsrCMn5ITcVzEYsSRqegqAZX0cVL7/4KYi2QK8qh0WTR78cqO3za - GFtmWRG5m7jchreK39cqOJETui7zY832UMqLSeNw8ZSZb3SGZDZf6690iSldJrmi - Ty9jKdhjo8Kahap3uyoODB89JmsJFuR5V9emmB0XHhQfwAgltntScHICwQqoUIcQ - qIP93AJ1TYVq1yuTFbTut1aX6Xgue8rtiPF9bqrITQlDsoCNhztNrohRrp8wYtj2 - KG0j9QwXFaU4eaVo1xgxBlD2B0xjSrysHGMGmJ75ytJcAXKrpus95u5aVTB9orDI - fZRyy34XmZaaMhr+n/EsmGP3EDQyO4AFu2Ht+yqrCUSo4Ia7gq1H297xunmztvB+ - jASXZF42ip0Svfs5fqDQ0JBT4Skvk1VXI3McUGk= - =lXHq + hQEMA0SHG/zF3227AQgA1FWn6ZQmFi4IRZJtOShKpjdHEPGbD2s8PHD3pYv8edkQ + NnAi/vJimCsTHCLUpzW23jF+CIbUet7s8BWhETAcX+UGp29YbYaaqM2R//FISEQX + JcGGMAnsD0oOX69CCZiKaV0/jLUTU/Aiy+nVgKtMCdWrH54lGd4gKcl0uLRTVz6v + VSaS/zvSK8cxz6il6L37evBw+cC378THiUGkSjJhiAaWVO3oyDW+cTjDodcMC4dU + kk9VPkdGie7vHMuZduADtKkHLHrQRfNLl8SVH0oXko/PJVyNgHar0JoZbRfXoPt6 + xUsAUqSz7XFHDB153FAvJpBMW+JtuzOI9b6w4a4ZadJcAf2f/Lj5Ud9WLEumZ9ig + 75b5Phh6HwqnXiaz+gEvQyfcsHzQjWasIiN/JN27UZ9k6IJQ3LYwqYIY2k8Q3wZ7 + IgSFqNlqLyDlI8FPGIlOKU8iqOlNKKziyhFYgNY= + =Ayke -----END PGP MESSAGE----- fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B unencrypted_suffix: _unencrypted diff --git a/secrets/work-holo/zerotierone.txt b/secrets/work-holo/zerotierone.txt index ba5eb65..38a76e4 100644 --- a/secrets/work-holo/zerotierone.txt +++ b/secrets/work-holo/zerotierone.txt @@ -8,19 +8,15 @@ "age": [ { "recipient": "age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsRStxckpMNE5qaWx6NVBa\nb3RsVzRWZmhWM21HZldINkZsSEJ5N1kzMjA0CkZUUHVZUlcwTDBKSHg1YWVrWkVG\nVy8xalhiK3ZkY05WL1RyS1lOaE9jd2sKLS0tIE5JOEU2U2NlWE1VSmdNTEdSNGR6\nUUV1b3BhaVdOK2tNaldWNXRqOWEvclEKRgZ9VGYvzd8SyQhhNfk4auwfi1ms8E6f\nthS9Cv2UbC9jpBWR2ISuY4z4O5/6hLPZjuwJaJZlTjterIjl0rvyfw==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHRVVJWTBHRFdpOHZxTGZ2\nb2dLRmVmL2ZnMG43QzhUZktHdFQ0S1h5NG1FCnh3MmQzTDdtK2YwSmxNQkRBTFNG\nV0p5VjY4aFRIeU13aUZ6cmRDVXRjazAKLS0tIEM1VUUxNEpjNkI0NTd1NXhIUUQx\neVdwS3pMWi9DNWkvYjdhVlY1VzdoS3MK/vB6PRn4vCcR0RrV3gIzilZD9vWaSJxv\nETOC4TlVweiT8UVB/M0gCBnIdCceeft57h2iS4ljqD8zLEgGKdwgWQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByYWNzWm5ZQVFRNWRSQ3I2\nckQ0YVc0NlJPYVFvYi9Zd2ZNaVh3UG91T2xNClVDaGtvcHlvUnZTOVgyV242OHhy\nWW84NW9LZ242Nk5RalBWUUFITmEvaVEKLS0tIEtOemlTWHYwU3RTVUFoQU8yNU9N\nMlJnL2ZjWVh1RWJwMEpXUjZQZDIxb0kKKbe3H99dII7ni0NQv/QcotAQ4OdrV87/\nro5JVYotk/m0NtS76nJ0NuNpkz4/r4D0XE1r/y3eRH/q+JHyjHFX1w==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2023-07-01T20:19:12Z", "mac": "ENC[AES256_GCM,data:aIizzl+WFLI8rwp9r9p3kJIsbAISp8vRnSUQKKRIY8V8WdjBNuR+ebSlMf8kBg4e+D9hpTGEY0byv8bpgx/1m5MMEXIDBiBb8GHBk8qwB/3JWsBMyCHOyylw9AAgteyCDEKMCHgU/ZBvExW9n5gnuvkngKK8X1imrNG2ySL9cIo=,iv:UFacq8BdavyiHGRAcKq9obdAD7ZsW8wqugkvtbpi8pw=,tag:fkoaJKrA54tNlTLbAwRsug==,type:str]", "pgp": [ { - "created_at": "2024-04-04T18:27:45Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQEMA0SHG/zF3227AQf+Iq3qq7AWUE7jHzk8kW5VtfPhINqRadMhVWgt6/1oSebZ\nu6NTWAmjxhII9yGGfVxfCg7xqumw+M62UfTQZ6BbqxcDEavgITzUm/U/IiZ12z3f\nG6LfhMuuoCP2vvOYLYHpX363Ig7idudUBrM0MShun8iN8fuSEH24QJGLsO1WKX7b\nML+XKvPi+lrtit/1sXw55e1ixYafUhilAS54XrpwLXBw+ItpmgpvQBboVkneBP5U\nrs68ABQBQf4tTh+kFvwBDyV+EDGR5D58XtaDR2R1AhRIb433R8MV3XCvnnHdYWPx\nHBJSVFlRw7j5X6Bag+fTX0zvvmbtmGwQ72DSdJGl39JcAZQcBY50RtmNvn9YtWq3\nQkM3DcJ2Wfec//ugJ5uGBGujAzmKjW5dHLCzu5errPRckk/7ARGIUmxcLzWQXR2I\nwgTbKpEu1jwhrOiWIZODD4OOwilOSEWf14CEotU=\n=yoRw\n-----END PGP MESSAGE-----", + "created_at": "2024-06-26T19:27:08Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQEMA0SHG/zF3227AQgAgxxDv/vq2N5Hn37enDmLSjOegRW+IbDE/M3zbEvaKh9R\n+UdPf2+9oBjMLX42fOdSihGIHbrQtfG37nFLcJb/W1+Kay205INSDLSWIyUlyNvT\nwtPSVBZdgCbH5rW8yoX5xaS6Fdm1ANCof+hYyQxNtC7LgcgHLKvubhPrsckEoul1\nVuL0g9DGFysxnb4MCOZyFmziucwTKvLFzkaIb68PAYigPJG+wWVx5G/CvoC7Mzxp\nVYApk/6OnHR8TZOhtpnD9Q7Uj5g2ZGAJWE/B2z6xY2m9NJNC8UEL0QypVOnqBaSq\nyDDwrfOdTHqm3u0huJ4mV3cXzzb6RtRw89AuXS+6O9JcATtlFBazwos44yV/WAKz\nT3ZOZ4oD6elvqnvj9J7oOIwuPylaXd802YQSzPrfWQSqMUYds0gt3gklfIx+/SRm\nqBvQqStPmm3njU1TEPU3xrTywDSWGDKXCklnkVM=\n=CPPt\n-----END PGP MESSAGE-----", "fp": "6F7069FE6B96E894E60EC45C6EEFA706CB17E89B" } ], From a206fe41d04da69f42d115fdfdcba0978b5ffd17 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 26 Jul 2024 14:02:54 +0200 Subject: [PATCH 129/305] lib: make adbusers a default group --- nix/os/lib/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/os/lib/default.nix b/nix/os/lib/default.nix index ab904ae..a66bf01 100644 --- a/nix/os/lib/default.nix +++ b/nix/os/lib/default.nix @@ -24,6 +24,7 @@ in { "dialout" "cdrom" "fuse" + "adbusers" ]; openssh.authorizedKeys.keys = keys.users.steveej.openssh; From 1f9a4db286bff5e343a340200c13e65c004436fc Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 26 Jul 2024 14:04:09 +0200 Subject: [PATCH 130/305] sway-desktop: remove annoying sway exit shortcut --- nix/home-manager/profiles/sway-desktop.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nix/home-manager/profiles/sway-desktop.nix b/nix/home-manager/profiles/sway-desktop.nix index 6581006..dcf6544 100644 --- a/nix/home-manager/profiles/sway-desktop.nix +++ b/nix/home-manager/profiles/sway-desktop.nix @@ -138,7 +138,8 @@ in { "${modifier}+Control+Shift+Up" = "move workspace to output up"; "${modifier}+Control+Shift+Down" = "move workspace to output down"; - "${modifier}+Shift+e" = "exec ${pkgs.sway}/bin/swaymsg exit"; + # TODO: i've been hitting this one accidentally way too often. find a better place. + # "${modifier}+Shift+e" = "exec ${pkgs.sway}/bin/swaymsg exit"; "${modifier}+q" = "kill"; "${modifier}+Shift+q" = "exec ${pkgs.sway}/bin/swaymsg -t get_tree | ${pkgs.jq}/bin/jq 'recurse(.nodes[], .floating_nodes[]) | select(.focused).pid' | ${pkgs.findutils}/bin/xargs -L1 kill -9"; From 5c26cce9a67bee684b1474004fe8d7bbb772120b Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 26 Jul 2024 14:04:28 +0200 Subject: [PATCH 131/305] graphical-fullblown: use unstable telegram and signal --- nix/home-manager/configuration/graphical-fullblown.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index f66d319..da2e4d3 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -107,8 +107,8 @@ in { # FIXME: depends on insecure openssl 1.1.1t # kotatogram-desktop - tdesktop - signal-desktop + pkgsUnstable.tdesktop + pkgsUnstable.signal-desktop thunderbird From 219d2a3d17852f3e22e93cfab5e3308a4c3aaa36 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 26 Jul 2024 14:04:45 +0200 Subject: [PATCH 132/305] wayland: disable hardware cursors as of recent cursors have disappeard sometimes and only a sway restart has helped. this might workaround that bug --- nix/home-manager/profiles/wayland-desktop.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/home-manager/profiles/wayland-desktop.nix b/nix/home-manager/profiles/wayland-desktop.nix index 38231da..73fc23a 100644 --- a/nix/home-manager/profiles/wayland-desktop.nix +++ b/nix/home-manager/profiles/wayland-desktop.nix @@ -73,6 +73,7 @@ in { XDG_SESSION_TYPE = "wayland"; NIXOS_OZONE_WL = "1"; MOZ_ENABLE_WAYLAND = "1"; + WLR_NO_HARDWARE_CURSORS = "1"; }; home.pointerCursor = { From 8dd2f02ddea1bb913e08d70c598d60375820d066 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 26 Jul 2024 14:05:55 +0200 Subject: [PATCH 133/305] programs: use ungoogled-chromium and remove pass --- nix/home-manager/programs/chromium.nix | 1 + nix/home-manager/programs/pass.nix | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/home-manager/programs/chromium.nix b/nix/home-manager/programs/chromium.nix index b130b11..be021d5 100644 --- a/nix/home-manager/programs/chromium.nix +++ b/nix/home-manager/programs/chromium.nix @@ -57,6 +57,7 @@ in { programs.chromium = { enable = true; inherit extensions; + package = pkgs.ungoogled-chromium; }; programs.brave = { diff --git a/nix/home-manager/programs/pass.nix b/nix/home-manager/programs/pass.nix index 7c1f221..2d533c9 100644 --- a/nix/home-manager/programs/pass.nix +++ b/nix/home-manager/programs/pass.nix @@ -10,7 +10,6 @@ home.packages = with pkgs; [ gnupg - pass # broken on wayland # rofi-pass From 778ba75ebe7834af3a407a2c2c0b8743939aa96c Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 26 Jul 2024 14:07:12 +0200 Subject: [PATCH 134/305] nix-settings: fix flake nixpkgs registry and allow ca-derivations --- nix/os/snippets/nix-settings.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/nix/os/snippets/nix-settings.nix b/nix/os/snippets/nix-settings.nix index d0e616b..4b7104e 100644 --- a/nix/os/snippets/nix-settings.nix +++ b/nix/os/snippets/nix-settings.nix @@ -18,6 +18,7 @@ in { nix.settings.experimental-features = [ "nix-command" "flakes" + "ca-derivations" ]; nix.settings.system-features = [ @@ -27,7 +28,12 @@ in { "nixos-test" ]; - nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs; + # nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs; + nix.registry.nixpkgs.to = { + type = "path"; + path = nodeFlake.inputs.nixpkgs.outPath; + narHash = nodeFlake.inputs.nixpkgs.narHash; + }; nix.package = pkgsUnstable.nixVersions.latest; } From d7ceee417161dc2c4c84d50fb18c839136f9fa3c Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 26 Jul 2024 14:08:24 +0200 Subject: [PATCH 135/305] mycelium: don't use custom package --- nix/os/snippets/mycelium.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/os/snippets/mycelium.nix b/nix/os/snippets/mycelium.nix index a990aea..236e1fe 100644 --- a/nix/os/snippets/mycelium.nix +++ b/nix/os/snippets/mycelium.nix @@ -16,7 +16,7 @@ services.mycelium = { enable = true; - package = nodeFlake.inputs.mycelium.packages.${system}.myceliumd; + # package = nodeFlake.inputs.mycelium.packages.${system}.myceliumd; keyFile = config.sops.secrets.mycelium-key.path; addHostedPublicNodes = true; peers = [ From ea0d87fb89a73594eddad6c7115d1d21d53937ef Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 26 Jul 2024 14:09:34 +0200 Subject: [PATCH 136/305] steveej-x13s: use latest ath11k firmware and relax nix sandbox --- nix/os/devices/steveej-x13s/configuration.nix | 13 ++- nix/os/devices/steveej-x13s/flake.lock | 81 +++++++++++-------- nix/os/devices/steveej-x13s/flake.nix | 12 +++ 3 files changed, 73 insertions(+), 33 deletions(-) diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index bc0f3c2..bed5eea 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -18,7 +18,7 @@ services.illum.enable = true; - systemd.services.bluetooth-mac = { + systemd.services.bluetooth-x13s-mac = lib.mkForce { enable = true; path = [ pkgs.systemd @@ -194,6 +194,10 @@ # ]; }; + hardware.firmware = lib.mkBefore [ + nodeFlake.packages.${system}.x13s-ath11k-firmware + ]; + # see https://linrunner.de/tlp/ # TODO: find an equivalent to tlp that supports this machine services.tlp = { @@ -223,4 +227,11 @@ enable = true; autostart = false; }; + + services.udev.packages = [ + pkgs.android-udev-rules + ]; + programs.adb.enable = true; + + nix.settings.sandbox = lib.mkForce "relaxed"; } diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 6c66731..1335373 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -1,5 +1,21 @@ { "nodes": { + "ath11k-firmware": { + "flake": false, + "locked": { + "lastModified": 1720482684, + "narHash": "sha256-p6ifwtRNUOyQ2FN2VhSXS6dcrvrtiFZawu/iVXQ4uR0=", + "ref": "refs/heads/main", + "rev": "bb527dcebac835c47ed4f5428a7687769fa9b1b2", + "revCount": 152, + "type": "git", + "url": "https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git" + }, + "original": { + "type": "git", + "url": "https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git" + } + }, "crane": { "inputs": { "nixpkgs": [ @@ -28,11 +44,11 @@ ] }, "locked": { - "lastModified": 1718846788, - "narHash": "sha256-9dtXYtEkmXoUJV+PGLqscqF7qTn4AIhAKpFWRFU2NYs=", + "lastModified": 1721266288, + "narHash": "sha256-MsyTzXu9CJVcBr44ct8ILKF/Ro7VlF+tVZTylzAoXSs=", "owner": "nix-community", "repo": "disko", - "rev": "e1174d991944a01eaaa04bc59c6281edca4c0e6e", + "rev": "e8e8d9a3a9c1d0e654ccda7834bf0288a9d15c47", "type": "github" }, "original": { @@ -59,11 +75,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1717285511, - "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", + "lastModified": 1719994518, + "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", + "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", "type": "github" }, "original": { @@ -111,11 +127,11 @@ ] }, "locked": { - "lastModified": 1718530513, - "narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=", + "lastModified": 1720042825, + "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=", "owner": "nix-community", "repo": "home-manager", - "rev": "a1fddf0967c33754271761d91a3d921772b30d0e", + "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", "type": "github" }, "original": { @@ -128,11 +144,11 @@ "mobile-nixos": { "flake": false, "locked": { - "lastModified": 1715627339, - "narHash": "sha256-HJ6V7hc64iBqXlZ8kH4sXmUzPH+0Hn6wYURmZmL5LFk=", + "lastModified": 1721250279, + "narHash": "sha256-S47+MFnArDvR7OFCXU0BQoyLCBwSZws+t+bany7Ol6w=", "owner": "NixOS", "repo": "mobile-nixos", - "rev": "655c8830d5fe2eae79c8fc0bab8033b34c8456eb", + "rev": "472073a51745cca03257cf625582252cdd04ec21", "type": "github" }, "original": { @@ -150,11 +166,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1718789228, - "narHash": "sha256-T68Ei2sIExC8R37gpWzDAcdh9mv/FLMzlmRzmr1D6nw=", + "lastModified": 1721210676, + "narHash": "sha256-6hwlFcRPbfW+tOrKnnx3AL/yWjXqkXHoiIpbFsPMEAg=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "a0e6560add3ffd763a77656a586734be272a344e", + "rev": "767060eb8bd5abcc8e375bdb8f0984bcb27936da", "type": "github" }, "original": { @@ -184,11 +200,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1718132227, - "narHash": "sha256-1AFLd779W8m+q4tfr8TB0oza9GTbVxVrGzg3iZmuYAQ=", + "lastModified": 1721131656, + "narHash": "sha256-0EoouVAaS8GHZJitpzQ9S4s4Gps4hkzr8yQcgYkLxwo=", "ref": "refs/heads/main", - "rev": "a95fcbdb0b90f46be425cfa8d88fc92b89cdf536", - "revCount": 81, + "rev": "f1a2bace41471300aa2b0c5c98e6e37087532e16", + "revCount": 91, "type": "git", "url": "https://codeberg.org/adamcstephens/nixos-x13s" }, @@ -215,23 +231,23 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1717284937, - "narHash": "sha256-lIbdfCsf8LMFloheeE6N31+BMIeixqyQWbSr2vk79EQ=", + "lastModified": 1719876945, + "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1718530797, - "narHash": "sha256-pup6cYwtgvzDpvpSCFh1TEUjw2zkNpk8iolbKnyFmmU=", + "lastModified": 1720957393, + "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b60ebf54c15553b393d144357375ea956f89e9a9", + "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", "type": "github" }, "original": { @@ -243,11 +259,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1717974879, - "narHash": "sha256-GTO3C88+5DX171F/gVS3Qga/hOs/eRMxPFpiHq2t+D8=", + "lastModified": 1720957393, + "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c7b821ba2e1e635ba5a76d299af62821cbcb09f3", + "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", "type": "github" }, "original": { @@ -259,11 +275,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1718717462, - "narHash": "sha256-qddfQLMaWR2gxfEzUM/zFZVK6H1kTv9WBQSBQxbP3MU=", + "lastModified": 1720954236, + "narHash": "sha256-1mEKHp4m9brvfQ0rjCca8P1WHpymK3TOr3v34ydv9bs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "938aa157bbd6e3c6fd7dcb77998b1f92c2ad1631", + "rev": "53e81e790209e41f0c1efa9ff26ff2fd7ab35e27", "type": "github" }, "original": { @@ -275,6 +291,7 @@ }, "root": { "inputs": { + "ath11k-firmware": "ath11k-firmware", "disko": "disko", "get-flake": "get-flake", "home-manager": "home-manager", diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index e838765..8d1328a 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -23,12 +23,17 @@ # nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; mycelium.url = "github:threefoldtech/mycelium"; + ath11k-firmware = { + url = "git+https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git"; + flake = false; + }; }; outputs = { self, get-flake, nixpkgs, + ath11k-firmware, ... }: let targetPlatform = "aarch64-linux"; @@ -90,5 +95,12 @@ ]; }; }; + packages.${targetPlatform} = { + x13s-ath11k-firmware = nixpkgs.legacyPackages.${targetPlatform}.runCommand "x13s-ath11k-firmware-before" {} '' + mkdir -p $out/lib/firmware/ath11k/WCN6855/hw2.1/ + cp -v ${ath11k-firmware}/WCN6855/hw2.1/{board-2,regdb}.bin $out/lib/firmware/ath11k/WCN6855/hw2.1/ + cp -v ${ath11k-firmware}/WCN6855/hw2.1/1.1/WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41/{amss,m3}.bin $out/lib/firmware/ath11k/WCN6855/hw2.1/ + ''; + }; }; } From 122d4072bbcb03d20a0708e9fbffcd32b3733392 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 26 Jul 2024 14:29:47 +0200 Subject: [PATCH 137/305] sj-srv1: nix flake update --- nix/os/devices/sj-srv1/flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/nix/os/devices/sj-srv1/flake.lock b/nix/os/devices/sj-srv1/flake.lock index 1753028..c9a9b7b 100644 --- a/nix/os/devices/sj-srv1/flake.lock +++ b/nix/os/devices/sj-srv1/flake.lock @@ -23,11 +23,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1721548954, - "narHash": "sha256-7cCC8+Tdq1+3OPyc3+gVo9dzUNkNIQfwSDJ2HSi2u3o=", + "lastModified": 1721821769, + "narHash": "sha256-PhmkdTJs2SfqKzSyDB74rDKp1MH4mGk0pG/+WqrnGEw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "63d37ccd2d178d54e7fb691d7ec76000740ea24a", + "rev": "d0907b75146a0ccc1ec0d6c3db287ec287588ef6", "type": "github" }, "original": { @@ -39,11 +39,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1721651541, - "narHash": "sha256-h20QbZhK6EiWjG3pEAtQYqqLDeA5YZXYfBVF7Hm7j/M=", + "lastModified": 1721994782, + "narHash": "sha256-wgKA32fOqeIb9FmgnDGVarcu9kBzNpa8XSwITLhCaMk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "af81d1b24bcf039613a11ae4bcc03b7415d7cae0", + "rev": "8b41014ce0ba673e74049db2da7c030cb27f720c", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1721615467, - "narHash": "sha256-/foTRkSnMwwS3BeVlUNenyIPehCyDgovOPmz5tL6OkQ=", + "lastModified": 1721973884, + "narHash": "sha256-Vsn2P1YOFzxMog3Iefy9Ky9KW+PvipnaT/kkVyOKLWg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "176e4e9d36742841406578db792d3278ef6974c7", + "rev": "4a8e77c70685d5bb20aaafe1422888e33b4ae9f2", "type": "github" }, "original": { From 5324e1390b3afde481536c783721d37951a678e8 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 26 Jul 2024 14:31:25 +0200 Subject: [PATCH 138/305] steveej-x13s: add x64-linux-dev-01 builder --- nix/os/devices/steveej-x13s/configuration.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index bed5eea..b47f2db 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -99,6 +99,22 @@ "big-parallel" "kvm" ]; + maxJobs = 0; + } + + { + hostName = "x64-linux-dev-01.dev.infra.holochain.org"; + sshUser = "nix-remote-builder"; + sshKey = config.sops.secrets.builder-private-key.path; + protocol = "ssh-ng"; + systems = [ + "x86_64-linux" + # "aarch64-linux" + ]; + supportedFeatures = [ + "big-parallel" + "kvm" + ]; maxJobs = 32; } ]; From f31e335d75f8c543dbebd6828c2060185842b79c Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 26 Jul 2024 14:31:55 +0200 Subject: [PATCH 139/305] steveej-x13s: disable syncthing --- nix/os/devices/steveej-x13s/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index b47f2db..d538058 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -176,6 +176,8 @@ ../../../home-manager/configuration/graphical-fullblown.nix ]; + services.syncthing.enable = lib.mkForce false; + home.sessionVariables = {}; home.packages = with pkgs; [ From 1a177053ffd04ab294dec1c954a05519ffcb5977 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 26 Jul 2024 17:55:05 +0200 Subject: [PATCH 140/305] toplevel flake: remove nixpkgs_forgejo --- flake.lock | 17 ----------------- flake.nix | 4 ---- 2 files changed, 21 deletions(-) diff --git a/flake.lock b/flake.lock index 6d26926..c5cd20b 100644 --- a/flake.lock +++ b/flake.lock @@ -769,22 +769,6 @@ "type": "github" } }, - "nixpkgs_forgejo": { - "locked": { - "lastModified": 1715981093, - "narHash": "sha256-jGhHUB5MUF3mWtBG1l+3Lag67y7K9JtI+8ulDBVp8zE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "08bda672588b2d613f05311bd4f2e6e23065a3fe", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "08bda672588b2d613f05311bd4f2e6e23065a3fe", - "type": "github" - } - }, "ofi-pass": { "flake": false, "locked": { @@ -866,7 +850,6 @@ "nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-vscodium": "nixpkgs-vscodium", "nixpkgs-wayland": "nixpkgs-wayland", - "nixpkgs_forgejo": "nixpkgs_forgejo", "ofi-pass": "ofi-pass", "openvscode-server": "openvscode-server", "prs": "prs", diff --git a/flake.nix b/flake.nix index 3e8d9b5..768c194 100644 --- a/flake.nix +++ b/flake.nix @@ -119,10 +119,6 @@ flake = false; url = "github:espanso/espanso/db97658d1d80697a635b57801696c594eacf057b"; }; - - # remove when https://github.com/NixOS/nixpkgs/pull/312523 is merged and backported - nixpkgs_forgejo.url = "github:NixOS/nixpkgs/08bda672588b2d613f05311bd4f2e6e23065a3fe"; - # nixpkgs_forgejo.url = "github:steveej-forks/nixpkgs/9c3519ab3beb11b8d997281f8922330f707df419"; }; outputs = inputs @ { From 1533077234997c0bc88be77550cbd8dc7ef4b18c Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 26 Jul 2024 18:02:15 +0200 Subject: [PATCH 141/305] sj-srv1,containers: debug and streamline networking config; update and track forgejo here after an update to nixpkgs on sj-srv1 the networking for the `webserver` container wasn't working. this caused me to debug the situation and changing lots of things around. the culprit was most likely some impure state file on the server that caused the `ve-webserver` interface not to persist its IP. after renaming the webserver container the problem went away. i reverted all the IP changes and am keeping the other changes as opporunistic improvements --- nix/os/containers/mailserver.nix | 5 +--- nix/os/containers/syncthing.nix | 3 -- nix/os/containers/webserver.nix | 17 +++++------ nix/os/devices/sj-srv1/flake.lock | 31 +++++++++++++++----- nix/os/devices/sj-srv1/flake.nix | 4 +++ nix/os/devices/sj-srv1/system.nix | 6 +++- nix/os/profiles/containers/configuration.nix | 10 ++++++- nix/os/snippets/systemd-resolved.nix | 7 ++--- 8 files changed, 53 insertions(+), 30 deletions(-) diff --git a/nix/os/containers/mailserver.nix b/nix/os/containers/mailserver.nix index 48483a1..b906d8b 100644 --- a/nix/os/containers/mailserver.nix +++ b/nix/os/containers/mailserver.nix @@ -14,7 +14,7 @@ repoFlake, ... }: { - system.stateVersion = "21.11"; # Did you read the comment? + system.stateVersion = "22.05"; # Did you read the comment? imports = [ ../profiles/containers/configuration.nix @@ -23,7 +23,6 @@ ../profiles/common/user.nix ]; - networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ imapsPort sievePort @@ -211,8 +210,6 @@ }; }; - # extraFlags = ["--resolv-conf=bind-host"]; - privateNetwork = true; forwardPorts = [ { diff --git a/nix/os/containers/syncthing.nix b/nix/os/containers/syncthing.nix index d2fc85f..12421c7 100644 --- a/nix/os/containers/syncthing.nix +++ b/nix/os/containers/syncthing.nix @@ -16,7 +16,6 @@ imports = [../profiles/containers/configuration.nix]; - networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ # syncthing gui 8384 @@ -38,8 +37,6 @@ }; }; - extraFlags = ["--resolv-conf=bind-host"]; - privateNetwork = true; forwardPorts = [ { diff --git a/nix/os/containers/webserver.nix b/nix/os/containers/webserver.nix index 31dd49b..c2c166c 100644 --- a/nix/os/containers/webserver.nix +++ b/nix/os/containers/webserver.nix @@ -15,6 +15,7 @@ in { pkgs, lib, repoFlake, + nodeFlake, ... }: { system.stateVersion = "22.05"; # Did you read the comment? @@ -24,7 +25,7 @@ in { ]; imports = [ - "${repoFlake.inputs.nixpkgs_forgejo}/nixos/modules/services/misc/forgejo.nix" + "${nodeFlake.inputs.nixpkgs-unstable}/nixos/modules/services/misc/forgejo.nix" ../profiles/containers/configuration.nix @@ -33,7 +34,6 @@ in { sops.defaultSopsFile = ./webserver_secrets.yaml; - networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ httpPort httpsPort @@ -48,11 +48,11 @@ in { services.caddy = { enable = true; + logFormat = '' + level ERROR + ''; virtualHosts."${domain}" = { - extraConfig = let - port = "${builtins.toString config.services.authelia.instances.default.settings.server.port}"; - path = "${config.services.authelia.instances.default.settings.server.path}"; - in '' + extraConfig = '' redir /hedgedoc* https://hedgedoc.${domain} file_server /*/* { @@ -245,7 +245,7 @@ in { services.forgejo = { enable = true; - package = repoFlake.inputs.nixpkgs_forgejo.legacyPackages.${pkgs.system}.forgejo; + package = nodeFlake.inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.forgejo; settings = { service.DISABLE_REGISTRATION = true; server.HTTP_ADDR = "127.0.0.1"; @@ -307,9 +307,6 @@ in { }; }; - # extraFlags = ["--resolv-conf=bind-host"]; - # networking.useHostResolvConf = true; - privateNetwork = true; forwardPorts = [ { diff --git a/nix/os/devices/sj-srv1/flake.lock b/nix/os/devices/sj-srv1/flake.lock index c9a9b7b..5985819 100644 --- a/nix/os/devices/sj-srv1/flake.lock +++ b/nix/os/devices/sj-srv1/flake.lock @@ -23,11 +23,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1721821769, - "narHash": "sha256-PhmkdTJs2SfqKzSyDB74rDKp1MH4mGk0pG/+WqrnGEw=", + "lastModified": 1721949857, + "narHash": "sha256-DID446r8KsmJhbCzx4el8d9SnPiE8qa6+eEQOJ40vR0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d0907b75146a0ccc1ec0d6c3db287ec287588ef6", + "rev": "a1cc729dcbc31d9b0d11d86dc7436163548a9665", "type": "github" }, "original": { @@ -39,11 +39,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1721994782, - "narHash": "sha256-wgKA32fOqeIb9FmgnDGVarcu9kBzNpa8XSwITLhCaMk=", + "lastModified": 1722006690, + "narHash": "sha256-Y84/ZDxUvJhRDaqM67VjHyAbZ26j9/XRKH/zN9fGRBU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8b41014ce0ba673e74049db2da7c030cb27f720c", + "rev": "bb7d08ac86ae13fad7166d6082a2d8d0582c6ef3", "type": "github" }, "original": { @@ -69,12 +69,29 @@ "type": "github" } }, + "nixpkgs_forgejo": { + "locked": { + "lastModified": 1717596097, + "narHash": "sha256-ozSU3HYgTbUgyXfGEIdYzGNfCRtuV/Xw7O4ECsLigtk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "af4ac075a3e97cb239078e187112afdf380cd47b", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "af4ac075a3e97cb239078e187112afdf380cd47b", + "type": "github" + } + }, "root": { "inputs": { "home-manager": "home-manager", "nixpkgs": "nixpkgs", "nixpkgs-master": "nixpkgs-master", - "nixpkgs-unstable": "nixpkgs-unstable" + "nixpkgs-unstable": "nixpkgs-unstable", + "nixpkgs_forgejo": "nixpkgs_forgejo" } } }, diff --git a/nix/os/devices/sj-srv1/flake.nix b/nix/os/devices/sj-srv1/flake.nix index f2af929..5d25964 100644 --- a/nix/os/devices/sj-srv1/flake.nix +++ b/nix/os/devices/sj-srv1/flake.nix @@ -8,5 +8,9 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + # remove when https://github.com/NixOS/nixpkgs/pull/312523 is merged and backported + inputs.nixpkgs_forgejo.url = "github:NixOS/nixpkgs/af4ac075a3e97cb239078e187112afdf380cd47b"; + # nixpkgs_forgejo.url = "github:steveej-forks/nixpkgs/9c3519ab3beb11b8d997281f8922330f707df419"; + outputs = _: {}; } diff --git a/nix/os/devices/sj-srv1/system.nix b/nix/os/devices/sj-srv1/system.nix index 434cf27..dcb3658 100644 --- a/nix/os/devices/sj-srv1/system.nix +++ b/nix/os/devices/sj-srv1/system.nix @@ -13,6 +13,7 @@ networking.firewall.enable = true; networking.nftables.enable = true; + networking.nftables.flushRuleset = true; networking.firewall.allowedTCPPorts = [ # iperf3 @@ -31,6 +32,9 @@ internalInterfaces = ["ve-*"]; externalInterface = "eth0"; }; + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + }; # virtualization virtualisation = {docker.enable = false;}; @@ -87,7 +91,7 @@ sievePort = 4190; }; - webserver = + web = import ../../containers/webserver.nix { specialArgs = { diff --git a/nix/os/profiles/containers/configuration.nix b/nix/os/profiles/containers/configuration.nix index 6c0b092..84f749a 100644 --- a/nix/os/profiles/containers/configuration.nix +++ b/nix/os/profiles/containers/configuration.nix @@ -1,6 +1,14 @@ -{...}: { +{pkgs, ...}: { networking.useHostResolvConf = false; + networking.firewall.enable = true; + networking.nftables.enable = true; + networking.nftables.flushRuleset = true; + + environment.systemPackages = [ + pkgs.dnsutils + ]; + imports = [ ../../snippets/systemd-resolved.nix ../../snippets/nix-settings.nix diff --git a/nix/os/snippets/systemd-resolved.nix b/nix/os/snippets/systemd-resolved.nix index 57dfb86..8ade1e2 100644 --- a/nix/os/snippets/systemd-resolved.nix +++ b/nix/os/snippets/systemd-resolved.nix @@ -13,9 +13,8 @@ enable = true; dnssec = "true"; domains = ["~."]; - extraConfig = '' - # TODO: figure out why "true" doesn't work - DNSOverTLS=opportunistic - ''; + + # TODO: figure out why "true" doesn't work + dnsovertls = "opportunistic"; }; } From fd706db158728c7f1d95be03a9878b4735afb7b1 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 2 Aug 2024 09:25:09 +0200 Subject: [PATCH 142/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 44 +++++++++++++------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 1335373..4d3d60a 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -44,11 +44,11 @@ ] }, "locked": { - "lastModified": 1721266288, - "narHash": "sha256-MsyTzXu9CJVcBr44ct8ILKF/Ro7VlF+tVZTylzAoXSs=", + "lastModified": 1722476845, + "narHash": "sha256-7gZ8uf3qOox8Vrwd+p9EhUHHLhhK8lis/5KcXGmIaow=", "owner": "nix-community", "repo": "disko", - "rev": "e8e8d9a3a9c1d0e654ccda7834bf0288a9d15c47", + "rev": "7e1b215a0a96efb306ad6440bf706d2b307dc267", "type": "github" }, "original": { @@ -144,11 +144,11 @@ "mobile-nixos": { "flake": false, "locked": { - "lastModified": 1721250279, - "narHash": "sha256-S47+MFnArDvR7OFCXU0BQoyLCBwSZws+t+bany7Ol6w=", + "lastModified": 1722056346, + "narHash": "sha256-50fcuCppaLMfSOTFO4IkCBs4folToCwlhTgc6IdZFHg=", "owner": "NixOS", "repo": "mobile-nixos", - "rev": "472073a51745cca03257cf625582252cdd04ec21", + "rev": "717ce90cfadffa449480bae2e155185c651e9993", "type": "github" }, "original": { @@ -166,11 +166,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1721210676, - "narHash": "sha256-6hwlFcRPbfW+tOrKnnx3AL/yWjXqkXHoiIpbFsPMEAg=", + "lastModified": 1722421086, + "narHash": "sha256-Po8GvfDt4O646w1IDIcRdiRIxnqVLv/OwBhr5nOazLw=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "767060eb8bd5abcc8e375bdb8f0984bcb27936da", + "rev": "e4d7be8556b259a2204f19d6a0537da3aa7d7a3e", "type": "github" }, "original": { @@ -200,11 +200,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1721131656, - "narHash": "sha256-0EoouVAaS8GHZJitpzQ9S4s4Gps4hkzr8yQcgYkLxwo=", + "lastModified": 1722396240, + "narHash": "sha256-t4C/I1CttOGFLYzzjd6zNOPvPleykqbPwO0YT19S6jI=", "ref": "refs/heads/main", - "rev": "f1a2bace41471300aa2b0c5c98e6e37087532e16", - "revCount": 91, + "rev": "a59ae21e47538cecddadc220ea16a7b8e2485f66", + "revCount": 97, "type": "git", "url": "https://codeberg.org/adamcstephens/nixos-x13s" }, @@ -243,11 +243,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1720957393, - "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", + "lastModified": 1722421184, + "narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", + "rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58", "type": "github" }, "original": { @@ -259,11 +259,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1720957393, - "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", + "lastModified": 1722062969, + "narHash": "sha256-QOS0ykELUmPbrrUGmegAUlpmUFznDQeR4q7rFhl8eQg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", + "rev": "b73c2221a46c13557b1b3be9c2070cc42cf01eb3", "type": "github" }, "original": { @@ -275,11 +275,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1720954236, - "narHash": "sha256-1mEKHp4m9brvfQ0rjCca8P1WHpymK3TOr3v34ydv9bs=", + "lastModified": 1722372011, + "narHash": "sha256-B2xRiC3NEJy/82ugtareBkRqEkPGpMyjaLxaR8LBxNs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "53e81e790209e41f0c1efa9ff26ff2fd7ab35e27", + "rev": "cf05eeada35e122770c5c14add958790fcfcbef5", "type": "github" }, "original": { From fa45a3a1e3af0cf1ab0255713d236576e3005f0d Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 3 Aug 2024 18:13:53 +0200 Subject: [PATCH 143/305] chromium: switch back to full chromium for extensions support --- nix/home-manager/programs/chromium.nix | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/nix/home-manager/programs/chromium.nix b/nix/home-manager/programs/chromium.nix index be021d5..e48456e 100644 --- a/nix/home-manager/programs/chromium.nix +++ b/nix/home-manager/programs/chromium.nix @@ -42,22 +42,29 @@ # unhook {id = "khncfooichmfjbepaaaebmommgaepoid";} - - # polkadotjs - {id = "mopnmbcafieddcagagdcbnhejhlodfdd";} ] ++ (lib.lists.optionals ((builtins.match "^steveej.*" name) != null) [ + # polkadotjs + {id = "mopnmbcafieddcagagdcbnhejhlodfdd";} + + # rabby wallet + {id = "acmacodkjbdgmoleebolmdjonilkdbch";} + # Vimium C {id = "hfjbmagddngcpeloejdejnfgbamkjaeg";} # always right {id = "npjpaghfnndnnmjiliibnkmdfgbojokj";} + + # shazam music + {id = "mmioliijnhnoblpgimnlajmefafdfilb";} ]); in { programs.chromium = { enable = true; inherit extensions; - package = pkgs.ungoogled-chromium; + # TODO: extensions currently don't work with ungoogled-chromium + package = pkgs.chromium; }; programs.brave = { @@ -67,6 +74,4 @@ in { && !pkgs.stdenv.targetPlatform.isAarch64; inherit extensions; }; - - programs.browserpass = {browsers = ["chromium" "brave"];}; } From c64db438a28dff412b2c3635bd6e8944ee871cd9 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 3 Aug 2024 18:14:18 +0200 Subject: [PATCH 144/305] router0-dmz0: further wifi tweaking with these settings i did not get a single disconnect after 3-4 hours of testing. --- nix/os/devices/router0-dmz0/configuration.nix | 149 ++---------------- 1 file changed, 10 insertions(+), 139 deletions(-) diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 1486713..0691c01 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -909,7 +909,7 @@ in { channel = 0; # 0 would mean Automatic Channel Selection settings = { - # TODO: with 1 the x13s on windows can't connect, however this slows the AP down. + # TODO: this would be faster but x13s on windows can't connect when it's enabled. # ieee80211n = 1; # Exclude DFS channels from ACS @@ -921,6 +921,11 @@ in { # indications of connection loss. This depends on the driver capabilities and # may not be available with all drivers. disassoc_low_ack = 0; + + skip_inactivity_poll = 1; + + # TODO: check if this is required. multicast can be more efficient so it'd be nice to disable this. + multicast_to_unicast = 1; }; # use 'iw phy#1 info' to determine your VHT capabilities @@ -1038,7 +1043,8 @@ in { wmm_enabled = 1; # IEEE 802.11i (authentication) related configuration - # Encrypt management frames to protect against deauthentication and similar attacks + # Encrypt management frames to protect against deauthentication and similar attacks. + # 0 := disabled; 1 := optional; 2 := required ieee80211w = 1; # sae_require_mfp = 1; # sae_groups = "19 20 21"; @@ -1046,147 +1052,12 @@ in { # [ENABLE-TLSv1.3] = enable TLSv1.3 (experimental - disabled by default) tls_flags = "[ENABLE-TLSv1.3]"; - ieee8021x = 1; - eap_server = 1; - - multicast_to_unicast = 0; - - skip_inactivity_poll = 0; - disassoc_low_ack = 0; + ieee8021x = 0; + eap_server = 0; }; }; - - # wlan0-1 = { - # ssid = "mlsia-testing"; - # authentication = { - # mode = "wpa3-sae-transition"; - # }; - - # bssid = mkBssid 1; - # settings = { - # bridge = bridgeInterfaceName; - # }; - # }; - - # wlan0-1 = { - # ssid = "justtestingwifi-wpa3"; - # authentication = { - # mode = "wpa3-sae"; - # saePasswordsFile = config.sops.secrets.wlan0_1_saePasswordFile.path; - # }; - - # bssid = mkBssid 1; - # settings = { - # bridge = bridgeInterfaceName; - # }; - # }; - - # Uncomment when needed otherwise remove - # wlan0-1 = { - # ssid = "koteczkowo3"; - # authentication = { - # mode = "none"; # this is overriden by settings - # }; - # managementFrameProtection = "optional"; - # bssid = "e6:02:43:07:00:00"; - # settings = { - # bridge = bridgeInterfaceName; - # wpa = lib.mkForce 2; - # wpa_key_mgmt = "WPA-PSK"; - # wpa_pairwise = "CCMP"; - # wpa_psk_file = config.sops.secrets.legacyWifiPassword.path; - # }; - # }; }; }; - - # wlan1 = { - # band = "5g"; - # # channels with 160 MHz width in Poland: 36, 52, 100 i 116 - # channel = 0; # ACS - # countryCode = "PL"; - - # # use 'iw phy#1 info' to determine your VHT capabilities - # wifi4 = { - # enable = true; - # capabilities = ["HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935"]; - # }; - # wifi5 = { - # enable = true; - # operatingChannelWidth = "160"; - # capabilities = ["RXLDPC" "SHORT-GI-80" "SHORT-GI-160" "TX-STBC-2BY1" "SU-BEAMFORMER" "SU-BEAMFORMEE" "MU-BEAMFORMER" "MU-BEAMFORMEE" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "SOUNDING-DIMENSION-4" "BF-ANTENNA-4" "VHT160" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7"]; - # }; - # wifi6 = { - # enable = true; - # singleUserBeamformer = true; - # singleUserBeamformee = true; - # multiUserBeamformer = true; - # operatingChannelWidth = "160"; - # }; - # settings = { - # # these two are mandatory for wifi 5 & 6 to work - # vht_oper_centr_freq_seg0_idx = 50; - # he_oper_centr_freq_seg0_idx = 50; - - # # The "tx_queue_data2_burst" parameter in Linux refers to the burst size for - # # transmitting data packets from the second data queue of a network interface. - # # It determines the number of packets that can be sent in a burst. - # # Adjusting this parameter can impact network throughput and latency. - # tx_queue_data2_burst = 2; - - # # The "he_bss_color" parameter in Wi-Fi 6 (802.11ax) refers to the BSS Color field in the HE (High Efficiency) MAC header. - # # BSS Color is a mechanism introduced in Wi-Fi 6 to mitigate interference and improve network efficiency in dense deployment scenarios. - # # It allows multiple overlapping Basic Service Sets (BSS) to differentiate and coexist in the same area without causing excessive interference. - # he_bss_color = 63; # was set to 128 by openwrt but range of possible values in 2.10 is 1-63 - - # # Magic values that were set by openwrt but I didn't bother inspecting every single one - # he_spr_sr_control = 3; - # he_default_pe_duration = 4; - # he_rts_threshold = 1023; - - # he_mu_edca_qos_info_param_count = 0; - # he_mu_edca_qos_info_q_ack = 0; - # he_mu_edca_qos_info_queue_request = 0; - # he_mu_edca_qos_info_txop_request = 0; - - # # he_mu_edca_ac_be_aci=0; missing in 2.10 - # he_mu_edca_ac_be_aifsn = 8; - # he_mu_edca_ac_be_ecwmin = 9; - # he_mu_edca_ac_be_ecwmax = 10; - # he_mu_edca_ac_be_timer = 255; - - # he_mu_edca_ac_bk_aifsn = 15; - # he_mu_edca_ac_bk_aci = 1; - # he_mu_edca_ac_bk_ecwmin = 9; - # he_mu_edca_ac_bk_ecwmax = 10; - # he_mu_edca_ac_bk_timer = 255; - - # he_mu_edca_ac_vi_ecwmin = 5; - # he_mu_edca_ac_vi_ecwmax = 7; - # he_mu_edca_ac_vi_aifsn = 5; - # he_mu_edca_ac_vi_aci = 2; - # he_mu_edca_ac_vi_timer = 255; - - # he_mu_edca_ac_vo_aifsn = 5; - # he_mu_edca_ac_vo_aci = 3; - # he_mu_edca_ac_vo_ecwmin = 5; - # he_mu_edca_ac_vo_ecwmax = 7; - # he_mu_edca_ac_vo_timer = 255; - # }; - # networks = { - # wlan1 = { - # ssid = "koteczkowo5"; - # authentication = { - # mode = "wpa3-sae"; - # saePasswordsFile = config.sops.secrets.wifiPassword.path; # Use saePasswordsFile if possible. - # }; - # bssid = "36:b9:02:21:08:a2"; - # settings = { - # bridge = bridgeInterfaceName; - # }; - # }; - # }; - # }; }; }; From 186488456c64cdb4a952aa110239bc2f482dbeeb Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 3 Aug 2024 18:15:16 +0200 Subject: [PATCH 145/305] steveej-x13s: re-enable syncthing and cleanup --- nix/os/devices/steveej-x13s/configuration.nix | 20 ------------------- nix/os/devices/steveej-x13s/flake.nix | 3 --- 2 files changed, 23 deletions(-) diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index d538058..63f932e 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -176,8 +176,6 @@ ../../../home-manager/configuration/graphical-fullblown.nix ]; - services.syncthing.enable = lib.mkForce false; - home.sessionVariables = {}; home.packages = with pkgs; [ @@ -185,7 +183,6 @@ # TODO: currently unsupported services.gammastep.enable = lib.mkForce false; - # programs.chromium.enable = lib.mkForce false; }; boot = { @@ -193,23 +190,6 @@ loader.efi.canTouchEfiVariables = lib.mkForce false; loader.efi.efiSysMountPoint = "/boot"; blacklistedKernelModules = ["wwan"]; - - # kernelParams = let - # dtbName = "sc8280xp-lenovo-thinkpad-x13s.dtb"; - # in lib.mkForce [ - # # needed to boot - # "dtb=${dtbName}" - - # # jhovold recommended - # "efi=noruntime" - # "clk_ignore_unused" - # "pd_ignore_unused" - # # "regulator_ignore_unused" - # "arm64.nopauth" - - # # blacklist graphics in initrd so the firmware can load from disk - # "rd.driver.blacklist=msm" - # ]; }; hardware.firmware = lib.mkBefore [ diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 8d1328a..8a30dbe 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -9,9 +9,6 @@ disko.inputs.nixpkgs.follows = "nixpkgs"; - mobile-nixos.url = "github:NixOS/mobile-nixos"; - mobile-nixos.flake = false; - home-manager = { url = "github:nix-community/home-manager/release-24.05"; inputs.nixpkgs.follows = "nixpkgs"; From 7f8bf5c5258b559aafdf8cc67f3c736e8b584076 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 4 Aug 2024 09:31:50 +0200 Subject: [PATCH 146/305] feat(toplevel): add x13s (proprietary) bluetooth and wifi firmware this allows them to be reused more easily --- flake.lock | 30 ++++++++++++++ flake.nix | 37 ++++++++++++++++++ misc/x13s_bt_firmware/hpnv21g.b8c.crypt.fw | Bin 0 -> 6378 bytes nix/os/devices/steveej-x13s/configuration.nix | 4 +- nix/os/devices/steveej-x13s/flake.lock | 34 ---------------- nix/os/devices/steveej-x13s/flake.nix | 10 ----- 6 files changed, 70 insertions(+), 45 deletions(-) create mode 100755 misc/x13s_bt_firmware/hpnv21g.b8c.crypt.fw diff --git a/flake.lock b/flake.lock index c5cd20b..03b4e3b 100644 --- a/flake.lock +++ b/flake.lock @@ -33,6 +33,22 @@ "type": "github" } }, + "ath11k-firmware": { + "flake": false, + "locked": { + "lastModified": 1720482684, + "narHash": "sha256-p6ifwtRNUOyQ2FN2VhSXS6dcrvrtiFZawu/iVXQ4uR0=", + "ref": "refs/heads/main", + "rev": "bb527dcebac835c47ed4f5428a7687769fa9b1b2", + "revCount": 152, + "type": "git", + "url": "https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git" + }, + "original": { + "type": "git", + "url": "https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git" + } + }, "brainwart_x13s-nixos": { "flake": false, "locked": { @@ -823,6 +839,7 @@ "inputs": { "adamcstephens_stop-export": "adamcstephens_stop-export", "aphorme_launcher": "aphorme_launcher", + "ath11k-firmware": "ath11k-firmware", "brainwart_x13s-nixos": "brainwart_x13s-nixos", "colmena": "colmena", "crane": "crane", @@ -860,6 +877,7 @@ "salut": "salut", "sops-nix": "sops-nix", "srvos": "srvos", + "x13s-bt-firmware": "x13s-bt-firmware", "yofi": "yofi" } }, @@ -1057,6 +1075,18 @@ "type": "github" } }, + "x13s-bt-firmware": { + "flake": false, + "locked": { + "narHash": "sha256-FCWkZp+MtEGS5lS5+pxmpCl4wU9GGRegolebcmCN7RU=", + "type": "file", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/qca/hpbtfw21.tlv?id=2ba1beaae0c649ce8a50baecc8df9e81cd524e65" + }, + "original": { + "type": "file", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/qca/hpbtfw21.tlv?id=2ba1beaae0c649ce8a50baecc8df9e81cd524e65" + } + }, "yofi": { "inputs": { "flake-utils": "flake-utils_4", diff --git a/flake.nix b/flake.nix index 768c194..a63a5c2 100644 --- a/flake.nix +++ b/flake.nix @@ -119,6 +119,31 @@ flake = false; url = "github:espanso/espanso/db97658d1d80697a635b57801696c594eacf057b"; }; + + x13s-bt-firmware = { + flake = false; + + # revisions for this file: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/log/qca/hpbtfw21.tlv + + # 2024-07-29 + # not working well + # url = "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/qca/hpbtfw21.tlv?id=d118dc8ad5562ac0ae0c07be748cbe35a9361b47"; + + # 2024-05-30 + # url = "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/qca/hpbtfw21.tlv?id=436b0a920352d13290043d9ec9e50c420ab10f92"; + + # 2023-12-18 + # not working well + # url = "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/qca/hpbtfw21.tlv?id=598f5bd22361d7e92eebe8452d1f8013a1d35b9a"; + + # 2013-01-17 + url = "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/qca/hpbtfw21.tlv?id=2ba1beaae0c649ce8a50baecc8df9e81cd524e65"; + }; + + ath11k-firmware = { + url = "git+https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git"; + flake = false; + }; }; outputs = inputs @ { @@ -337,6 +362,18 @@ buildInputs = [ ]; }; + + x13s-bt-firmware = pkgs.runCommand "x13s-bt-firmware" {} '' + mkdir -p $out/lib/firmware/qca + cp -v ${self}/misc/x13s_bt_firmware/hpnv21g.b8c.crypt.fw $out/lib/firmware/qca/hpnv21.bin + cp -v ${inputs.x13s-bt-firmware} $out/lib/firmware/qca//hpbtfw21.tlv + ''; + + x13s-ath11k-firmware = pkgs.runCommand "x13s-ath11k-firmware-before" {} '' + mkdir -p $out/lib/firmware/ath11k/WCN6855/hw2.1/ + cp -v ${inputs.ath11k-firmware}/WCN6855/hw2.1/{board-2,regdb}.bin $out/lib/firmware/ath11k/WCN6855/hw2.1/ + cp -v ${inputs.ath11k-firmware}/WCN6855/hw2.1/1.1/WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41/{amss,m3}.bin $out/lib/firmware/ath11k/WCN6855/hw2.1/ + ''; }; formatter = pkgs.alejandra; diff --git a/misc/x13s_bt_firmware/hpnv21g.b8c.crypt.fw b/misc/x13s_bt_firmware/hpnv21g.b8c.crypt.fw new file mode 100755 index 0000000000000000000000000000000000000000..ea5b5b88fbfe2fd9b4df0142dd11527fbf002756 GIT binary patch literal 6378 zcmZQ@_Y83kiVO&0D4$-+{OVh|XP`58y^PP|6)cM`m0k*Q*jeYOw&=}Og>zfJN@V1G z4i`RtW>MP9z&H)_D85jc?d_t6?@J!taaGemILcu1m14aK<;rrKm->q`szX`q*Oq7pVGgnRgnc%9s z^U7+K5AYj3<#oyPyONod{`>~_3cK&z+y5Dyl<^3YI;GUjoUvx*-Gl0Ty`TMvZ1p&` zeDz{U^`+S*b@|-VH6GI*E`9Rr#kJIVGk)C(7ZdoAlaVncK5(?>npzIhkQNQa!Ty>CgI6hY^yK*REREJYVv!3>iyFii1Q+Zh&z2@i4T`7e|q!Y0wXWMv`dWfOE@e7&K;IXGjQ0S zr_9Fl?+HtpX2*?Uqo|L&tp4$b_|9Sbym)4R?iA*ouKf+yFC2DY&6l)z=(qd(n&>~; zX~joq+0bFjfh(FH|Jw&d8y;pa;W+du*mYjwy`oNe1@cAHAL-VNMC1=hnslMJ>L2N&l<{xs~74Bf- zy4dLS`bQcD#`_}YI(TbT&RjcV-@Y}v;t5Z$rkRy5Se1Kt*=qB5GmOe!g*Vxi2hY_D ztDYiopJ9o}1-4^M?N=-q=ki~XIouU~b>H?aUwZs~I;*$dm=K+FsM7G0!*Lc9?e!In zhgcN!*MvE982rD!#IkjrQ!(>lmU8WGizSY7roAOzwFTB%%&Wrh>BW7Py>zHFWAno$ zLPw8qB$&v_@c9ZIn)v%U7t?L|+w3QTtH0A5-tIHiXXE$&Ip-G%i17A=xBj{I;F(pUJM-48O3rCkw+|{xTh8;_ zsd)4jSCyv9l#U*g`Z)!oy@uqD_y&J^XfOWG$Vo|ediHw$xQEQ_ z3x03+yeg42zj8Xa>&p81|8;-m*{gRyF0h_3*=c%>XvNp=rzK5aS9D+6)v{qdLs5zR zw``WM_u^Cj_D9t3F5j7WFyf%xZ>NO+4vE|sx>7YC>=IX+es->|vDu}J3bqGnno3N2 zLW(c$eRTD-uho^f1E#l5uzk#(qV-CxFF0n;vBZGKPi1Fbf8i*fQTD`P6?<#b+h6Hg z5-~d3Ik9VJWKNxZ>C?s)_rrwG^gi!MNPM5NNyuVzm$hQc#=039<*GxH`0EN-kM`M zXKi|4HWW{ne73+dtw3}wN3U9Rb5{GuWebcqUv?wM-TU;`>i^vE zFm1K?>Ejbu|5o&u>^RG^Ys*#lc7uhx4(zXc{jI&vV8>yTitcai=iE0&^zEu-(p`1% zWu?R})>y}1a~_?z+$%YC&f0U+eDtsJ9uQ%Sc^R>D-PGN>+qkyQ(z;Wor!(O;FQ=&R z)tqCzN5213aTD9T=E`rS`loIeHZ$q1kY!!|C%LLp*2O;V#cP9(zaOGIW^ee-`8t37 zveS1@N-H-Waa!T29Q-9;J7rJRUYn`O%L>$&?0?1)$o=O$m*(vZ z4aACj=CF*7u6emuX&NkeeuTUBe9Fy zRjw)A`^jKs`!uDG*YMT-iE?`u=scIY{5dMTAbtJ|X+75fje}OV3y$sxIJz_?cgrDe zIkm%EvV_BT&JbN=n|EX4jCmJ|3-{PgFn3E{*74u^{olHRcPgS{DbLOnom2Y7SRdf_ z#P`Snaa}ddn-v$fzx>_3>*2Y7#mpVr5ejJrpUac$|8ur)d$?HI@VAy<^YqKAuiN?zqxn01 zbT0ljtbL)UY`AveYag3%XMz5{oo(swQ}k2rv}bRZc<4F9`h&ik@V}J#0&W6|%h)gN z*HYK^2)njpeznEiQ!M{^k0&0CERrJrRNoWxSDozeD&4U0`D5X%h3Bswi(od~ z(({Lh$@}dpl^IKW#Q#=)=zHb1>SUdN((D4`xk2x(?F2Jk+!2_dX~VBqKDG1~dsv__lMW@;~{5uS!Q{^lv?9v zrn`GX$)25d6XuC432vNh5S738RK=f|juU#9&x*7iuu3V`nsG@ZEVubUW(wa8(M5kA zonKUXH9}XbeSx~br8W5xGLt^Omp`p&es^uGR;cA!l}EeLz5X4b)bEt%zx@ml4aImX@Dr<>M(Zmd2keDBMQ4#TOAc5lmF zF0P%rM@1pdHd^fYPiu?+jWy1TcUDc>{E+vqde+y@e?GHX+hW|W_rE??Gi_7-r9%@} z^Jy91`zE3FP1Bm8ck+CRC%8J}FVm zFeQ*0~u;99?h?Sf-xGXMSM=q&eBm={x0{~$v@`{s??ab-HmQ^F_4wf}zkW!udr z)zEhR^qS*J(Wbfk_Pp6$%h7$X)a_l4gwj0KHk}I!3(|DV+5Fe<`EI)Hguqk9#|29a zyN~UtF8nitL3{?2CdbKzQ}6!t^Y$*X*ft?Gd->1UlU@EriyWUVSJDfO{F>hx>)|8w zC+mJzpnt})jFQXmWmhNPpAvoF&_&QB;IPN<-hbyi+E3XmzA*LcJsyoKufN|vdwuba z6MlDiH}_6vJf@&r{5Sa5mk_7vb1e&OBNhEVxCW`dn_*dz7uivmV(^nevf|shJJs6D z&-h>ZF>zs7W|_w|jvE2a4JV7l*7X15PMWQAeA|!QCG(9}&Fe|{xY0)@d`I{xk#wGj zK3;2vZRy#oiY^AfmwO^-ihBZC70P5R$P^MGahe{3rW3`()R zro}cjEylUlPjptT^tH{ecji`FJ)QEHTdYy>%(p{3?c@IZliz=O_4-?DJ$c2SH*q+7 z8XvZpn)-I?Hp#2=jBj@Qv)#G2h*>;!^3EUo+d{IR6u(*}zc_tfzpK8N#G9L2=hh3% zVqA1s<$fnW^DZsHH-C=axMonfmDw=iX2+4X4&UcxwLHStCiQMT&Ne%$PxppbFk4IB zO8$_*p9VW0N&WPn)RXfr@9?`eHP3cyksWOeW%JH2FHGk%pL5eeCAoEvLXvWJ5+ zK=!@t8(n@=Pfcr0`}Xq%Oz*4B1;4(U8vjb*pqcU%#oC3ojCxO4rt)fQX;^ZYPuaic zYURSbG%42X02PsBcP{ys())H1-?$1h<^(YvSJ@gr;r8zryfwR=w|z5sb@BU#;Cse( z|9lL4?q72WV^LVT!^kx8%~G|cq3;!MAKJC{?1J0vR3KLs^$}3 zqVpo_uaur;lYLsk-uC(SM8`(?7c6(y@?~QSh@pl-bGU#Bk|e<@$@?_N))u zS=s#VnD03*5%Nu51cj0??Cs@P&?1k#;nyTl14Xcjc*!VQTi_Ly@%(FR>6+YAS zUo2MGI&Epwnt2J^PA;8nJ&$AV+*Mt@ap6}ZZZez>KQm2V{!XOWeKW<Kl_!q;aDCX$sCn1fy=ahzW(-aR$W|q=Di8&)~^Dk9^Z2h zuTjeVGa<%eN#SPT#oJ+g>6vG$(lJXD<7Q(nliOgWvWFoeHqo zda69e&C8p`QbOV8?(0s=f4JnIHk)v6LjPo!)wNMkfv1z)gp%eh+Hhs{8_B+FX%9?v z-=;23HVzBo{panyT%_iY;h~xfQVVn+^n7l(Fta#>@9i7ivJ|%^tISJexuWHtuDMyA zYkIJ7|9#`v#VxsQokGb8p~)=wj|M~+Og`=SGo!+%&w1bO{*0Y>mqchve_vG@z38{~ z$N7AV*9k9{Ha^79sTb&HTK8{DrRw&T+}W&8t(xo2rsTg3*u{~4UA|CIH%p&wZ`eLH zsSPTZe*a|_dvrfkH+23lky{DBzA>;_yb62wN<}&#ux*!hNWkoAdkb&fxcbn+HSW^g zoVgP7|IM5B?qlEm_TSt*2@6zsc0IIqnUim$=R7BR!8ODFRL{AQU)~Bm$p7*vy3J=# zS=!QuFwH{4yMJTXmjrsb)ISm)P**cMLpxH>uC`&IH$w% z;_ypD;g&i(*}zpRICEytJMmOWKUq=X#!s13j7Fly>s~ndIS7=!obz7q`@*}gYS!)z zj5+Kfc4U@opyIO6We--Hf4}YY`S#SK>x1}wD!(0Q3|!#&v}L|mmPCZk&M=$GjcueYu<%*NW`OFmg|OB<-BIuVrhacHvEVcl*DJEjdM51xqK&9ag>( z6*6;{CsW&$n1k!D3CvxzX-=J@PR<9z<#K+8#?2ONJATBvPOfX-cesIjPr{p{Qr?=S z{ehQ0v|m&Hck#-_v*-M`ahWvUzj%D>>0erkx}268>ZexTt0~e6`ZamC-naCMg4ZE` z9<%WaoSW-eE}%G3y>vy~3trdg|5eeE^8*iiHy@G{h%;~xkjgQ<(tPqe=UYp`_uQX7 zmO2ODV}0OJus^f;qVMO3*PoV4z18#S-lF!%-(*e#kK-jt?>V-~=M$6mbaHOio*=k% z|0k7`vNjuz-)Q1cz86|5D;=WPkga!bfAq>Dx7z2uU;OY0U*7pBl}(a9k6ernn!juN zbo9%@glFfp&slud7XO@|N54e0+}!^8@57Hqu0@?LiO=iIqQaj# zik{7#d&l5?=z59pg3=x5pTB>#+#-cN{DkKG`%B)6ue4*d+%5I>9NQ|tM4Jnq79kAo zeb=woJ=-6+t2Ru!^InawUx(6EwRFGVf|r?c-+$F+isV)p3PIGQ+255^a~ouecv--}}bQtBSkI z$LWLrPT8iFCPrI!`U}4bWvRMgV0HT4x)T$7_mtmxsrM{FdY(4FpT*hxWfqT}9-WEQ zT)Zc5_8P0S+4sJ?Jn%H@T3R~4MD5IV6T82wzMHd!p5^p=!4=c^!}DiK%43enUWQ*K zz7)>!{LOCsyOC-8_D3QiwTDe4n)|vfBOJck9$fOK@_f{+si8CTsvi83^ZexUWzS-V zB?}_FSP!UrMz6_!KC|OLe-HDOXpM`)YFQ^F9y`?)1fSsh$dWN(a?7513@(?m_B`Ku zO1*CHlP8T%Yv$yI-90wVhWX-4hTqHY-Y|5%S^wSVPU)TRrg!~XZmbWuHY?Wcrk>Bg zo%$d5DEFoJ<}bTh^nUq5w~nLyYhOQ$zuD3GZsMG~UpDnUPdt{Gzqq-s@MFHmG3^4! zQxZx(1+J~4^Jk^4Uw6DO6*07DcnfpZ2*Iy4Cfu@`DBL)2F{JiR0=HQuW?^ zkF$+ytLMr0=@WbpO>_8QS6$dyuwcS(|4g^lj1?Mc!g`u(C+bu$$XGh*t_pXdlfV|q zY)-+cQ!n4=5m8VqNq^txGA(4;sRf@eyenEEro(?+=v-aUvLn{a?fDkXOyU!s>0OCj zTeLOCG&k5eF`ZAO`JFMp8T-q`VY&6ugUHa=Vx8=&X*$x^@<(5q9;Yh!9YHsli&gv;W%|11J0@4)^c=Bh4#U}sa zoay!VMMLV>c0a_j_hGELZ2PvE7(ptFUUtgoJPT#m7SXex7Q- zb4KUwq=|P8TREjxFWM_sTWs_o_3^5&hx@;tyY*M@{LGw6&B+(t)}H$E?D|ulDTkle zG1+BR#oIf@=e=taOqnI@{7Y`C?ScD;_c{cwUMh7WVgcJeUfU%qg6D(J_OYiI6eV-7 X-7@w1YtMjvMM1JjlFJfj_c8$hH1=NC literal 0 HcmV?d00001 diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 63f932e..41a9b8c 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -7,6 +7,7 @@ nodeName, localDomainName, system, + packages', ... }: { nixos-x13s = { @@ -193,7 +194,8 @@ }; hardware.firmware = lib.mkBefore [ - nodeFlake.packages.${system}.x13s-ath11k-firmware + packages'.x13s-bt-firmware + packages'.x13s-ath11k-firmware ]; # see https://linrunner.de/tlp/ diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 4d3d60a..724c6e9 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -1,21 +1,5 @@ { "nodes": { - "ath11k-firmware": { - "flake": false, - "locked": { - "lastModified": 1720482684, - "narHash": "sha256-p6ifwtRNUOyQ2FN2VhSXS6dcrvrtiFZawu/iVXQ4uR0=", - "ref": "refs/heads/main", - "rev": "bb527dcebac835c47ed4f5428a7687769fa9b1b2", - "revCount": 152, - "type": "git", - "url": "https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git" - }, - "original": { - "type": "git", - "url": "https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git" - } - }, "crane": { "inputs": { "nixpkgs": [ @@ -141,22 +125,6 @@ "type": "github" } }, - "mobile-nixos": { - "flake": false, - "locked": { - "lastModified": 1722056346, - "narHash": "sha256-50fcuCppaLMfSOTFO4IkCBs4folToCwlhTgc6IdZFHg=", - "owner": "NixOS", - "repo": "mobile-nixos", - "rev": "717ce90cfadffa449480bae2e155185c651e9993", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "mobile-nixos", - "type": "github" - } - }, "mycelium": { "inputs": { "crane": "crane", @@ -291,11 +259,9 @@ }, "root": { "inputs": { - "ath11k-firmware": "ath11k-firmware", "disko": "disko", "get-flake": "get-flake", "home-manager": "home-manager", - "mobile-nixos": "mobile-nixos", "mycelium": "mycelium", "nixos-x13s": "nixos-x13s", "nixpkgs": "nixpkgs_3", diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 8a30dbe..110c2ae 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -20,17 +20,12 @@ # nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; mycelium.url = "github:threefoldtech/mycelium"; - ath11k-firmware = { - url = "git+https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git"; - flake = false; - }; }; outputs = { self, get-flake, nixpkgs, - ath11k-firmware, ... }: let targetPlatform = "aarch64-linux"; @@ -93,11 +88,6 @@ }; }; packages.${targetPlatform} = { - x13s-ath11k-firmware = nixpkgs.legacyPackages.${targetPlatform}.runCommand "x13s-ath11k-firmware-before" {} '' - mkdir -p $out/lib/firmware/ath11k/WCN6855/hw2.1/ - cp -v ${ath11k-firmware}/WCN6855/hw2.1/{board-2,regdb}.bin $out/lib/firmware/ath11k/WCN6855/hw2.1/ - cp -v ${ath11k-firmware}/WCN6855/hw2.1/1.1/WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41/{amss,m3}.bin $out/lib/firmware/ath11k/WCN6855/hw2.1/ - ''; }; }; } From 53481414df4a24aff7f26161a7b6ad42e82a847e Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 13 Jun 2024 16:42:55 +0200 Subject: [PATCH 147/305] feat: experimental k3s + nix-snapshotter snippet --- nix/os/containers/mycelium/configuration.nix | 0 nix/os/containers/mycelium/flake.lock | 141 ++++++++ nix/os/containers/mycelium/flake.nix | 340 ++++++++++++++++++ nix/os/devices/steveej-x13s/configuration.nix | 16 +- nix/os/devices/steveej-x13s/flake.lock | 62 +++- nix/os/devices/steveej-x13s/flake.nix | 6 + nix/os/snippets/k3s-w-nix-snapshotter.nix | 41 +++ 7 files changed, 602 insertions(+), 4 deletions(-) create mode 100644 nix/os/containers/mycelium/configuration.nix create mode 100644 nix/os/containers/mycelium/flake.lock create mode 100644 nix/os/containers/mycelium/flake.nix create mode 100644 nix/os/snippets/k3s-w-nix-snapshotter.nix diff --git a/nix/os/containers/mycelium/configuration.nix b/nix/os/containers/mycelium/configuration.nix new file mode 100644 index 0000000..e69de29 diff --git a/nix/os/containers/mycelium/flake.lock b/nix/os/containers/mycelium/flake.lock new file mode 100644 index 0000000..899ee98 --- /dev/null +++ b/nix/os/containers/mycelium/flake.lock @@ -0,0 +1,141 @@ +{ + "nodes": { + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nix-snapshotter", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1704152458, + "narHash": "sha256-DS+dGw7SKygIWf9w4eNBUZsK+4Ug27NwEWmn2tnbycg=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "88a2cd8166694ba0b6cb374700799cec53aef527", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "nix-snapshotter": { + "inputs": { + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1715438114, + "narHash": "sha256-btb702TXuhDg0D6tW0dCOy4+II9Wl6BJ0LvpT+O9wrs=", + "owner": "pdtpartners", + "repo": "nix-snapshotter", + "rev": "7b251c9356bc7bb383ebeedcd0045b3ae431bff7", + "type": "github" + }, + "original": { + "owner": "pdtpartners", + "repo": "nix-snapshotter", + "type": "github" + } + }, + "nixlib": { + "locked": { + "lastModified": 1712450863, + "narHash": "sha256-K6IkdtMtq9xktmYPj0uaYc8NsIqHuaAoRBaMgu9Fvrw=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "3c62b6a12571c9a7f65ab037173ee153d539905f", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixos-generators": { + "inputs": { + "nixlib": "nixlib", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1718025593, + "narHash": "sha256-WZ1gdKq/9u1Ns/oXuNsDm+W0salonVA0VY1amw8urJ4=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "35c20ba421dfa5059e20e0ef2343c875372bdcf3", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1718086528, + "narHash": "sha256-hoB7B7oPgypePz16cKWawPfhVvMSXj4G/qLsfFuhFjw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "47b604b07d1e8146d5398b42d3306fdebd343986", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-systemd256": { + "locked": { + "lastModified": 1718397913, + "narHash": "sha256-omV+dq3GdXQQTaewxhkBgxM4Bbwqa4D9FVS4dTITxOQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "962cf03fb8c782c5e00f465397e03dc84284acc9", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "962cf03fb8c782c5e00f465397e03dc84284acc9", + "type": "github" + } + }, + "root": { + "inputs": { + "nix-snapshotter": "nix-snapshotter", + "nixos-generators": "nixos-generators", + "nixpkgs": "nixpkgs", + "nixpkgs-systemd256": "nixpkgs-systemd256" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/nix/os/containers/mycelium/flake.nix b/nix/os/containers/mycelium/flake.nix new file mode 100644 index 0000000..6f247a1 --- /dev/null +++ b/nix/os/containers/mycelium/flake.nix @@ -0,0 +1,340 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; + nixpkgs-systemd256.url = "github:NixOS/nixpkgs/962cf03fb8c782c5e00f465397e03dc84284acc9"; + nixos-generators = { + url = "github:nix-community/nixos-generators"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nix-snapshotter = { + url = "github:pdtpartners/nix-snapshotter"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + outputs = { + self, + nixpkgs, + nixos-generators, + ... + }: let + systems = [ + "aarch64-linux" + "x86_64-linux" + ]; + forAllSystems = nixpkgs.lib.genAttrs systems; + in { + nixosConfigurations.default = + nixpkgs.lib.nixosSystem + { + system = "aarch64-linux"; + + specialArgs = {}; + + modules = [ + ({ + config, + modulesPath, + pkgs, + lib, + ... + }: { + nixpkgs.overlays = [ + (final: previous: { + # inherit (self.inputs.nixpkgs-systemd256.legacyPackages.${pkgs.system}) systemd systemdMinimal; + # systemd = + # self.inputs.nixpkgs-systemd256.legacyPackages.${pkgs.system}.systemd.overrideAttrs (prevAttrs: { + # src = /home/steveej/src/others/systemd; + + # withAppArmor = false; + # withRepart = false; + # withHomed = false; + # withAcl = false; + # withEfi = false; + # withBootloader = false; + # withCryptsetup = false; + # withLibBPF = false; + # withOomd = false; + # withFido2 = false; + # withApparmor = false; + # withDocumentation = false; + # withUtmp = false; + # withQrencode = false; + # withVmspawn = false; + # withMachined = false; + # withLogTrace = true; + # withArchive = false; + # # don't need these but cause errors for exampel files not found + # # withLogind = false; + # }) + # pkgs.systemdMinimal.override { + # # getting errors with these disabled + # withCoredump = true; + # withCompression = true; + # withLogind = true; + # withSysusers = true; + # withUserDb = true; + # } + # pkgs.systemdMinimal + # pkgs.systemd.override { + # withRepart = false; + # withHomed = false; + # withAcl = false; + # withEfi = false; + # withBootloader = false; + # withCryptsetup = false; + # withLibBPF = false; + # withOomd = false; + # withFido2 = false; + # withApparmor = false; + # withDocumentation = false; + # withUtmp = false; + # withQrencode = false; + # withVmspawn = false; + # withMachined = false; + # withLogTrace = true; + # # don't need these but cause errors for exampel files not found + # # withLogind = false; + # } + # ; + }) + ]; + + imports = [ + (modulesPath + "/profiles/minimal.nix") + ]; + system.stateVersion = "24.05"; + + # https://github.com/hercules-ci/arion/blob/c24c185e67f093298a081900b49ca18716077dec/src/nix/modules/nixos/container-systemd.nix + boot.isContainer = true; + # boot.tmp.useTmpfs = true; + boot.loader.grub.enable = lib.mkForce false; + boot.loader.systemd-boot.enable = lib.mkForce false; + services.journald.console = "/dev/console"; + services.journald.storage = "none"; + # boot.specialFileSystems = lib.mkForce {}; + + services.nscd.enable = false; + system.nssModules = lib.mkForce []; + systemd.services.systemd-logind.enable = false; + systemd.services.console-getty.enable = true; + + systemd.sockets.nix-daemon.enable = false; + systemd.services.nix-daemon.enable = false; + systemd.oomd.enable = false; + networking.useDHCP = false; + networking.firewall.enable = false; + boot.postBootCommands = '' + ls -lha /run + mkdir -p /run/wrappers + ''; + # services.udev.enable = false; + + # TODO: this is only needed because `/run/current-system` is missing + # environment.variables.PATH = "${lib.makeBinPath config.environment.systemPackages}:$PATH"; + + services.mycelium.enable = false; + services.mycelium.keyFile = "/var/lib/secrets/mycelium-keyfile"; + systemd.services.mycelium.serviceConfig.DynamicUser = lib.mkForce false; + systemd.services.mycelium.serviceConfig.User = lib.mkForce "root"; + systemd.services.mycelium.serviceConfig.ExecStart = lib.mkForce (pkgs.writeShellScript "mycelium" '' + while true; do + ls -lha $CREDENTIALS_DIRECTORY + sleep 5 + done + ''); + + systemd.services.testing-credentials = { + description = "testing credentials"; + wantedBy = ["multi-user.target"]; + path = [pkgs.coreutils]; + + serviceConfig = { + SyslogIdentifier = "testing-credential"; + StateDirectory = "testing-credentials"; + # DynamicUser = true; + # User = "tc"; + # ProtectHome = true; + # ProtectSystem = true; + LoadCredential = [ + "mycelium-keyfile:${self.nixosConfigurations.default.config.services.mycelium.keyFile}" + "hosts:/etc/hosts" + ]; + SetCredential = "nosecret:not secret string"; + ExecStart = lib.mkForce (pkgs.writeShellScript "mycelium" '' + cd $STATE_DIRECTORY + env + while true; do + ls -lha $CREDENTIALS_DIRECTORY + sleep 5 + done + ''); + }; + }; + + services.caddy = { + enable = true; + globalConfig = '' + auto_https off + ''; + virtualHosts.":80" = { + extraConfig = '' + respond "hello from ${config.networking.hostName}" + ''; + }; + }; + }) + ]; + }; + packages = forAllSystems (system: let + name = "mycelium"; + inherit (self.inputs) nix-snapshotter; + + config = { + entrypoint = "${self.nixosConfigurations.default.config.system.build.toplevel}/init"; + # port = 2379; + args = [ + ]; + # nodePort = 30001; + }; + + myceliumPorts = { + tcp = [9651]; + udp = [9650 9651]; + }; + + inherit + (config) + entrypoint + # port + + args + # nodePort + + ; + + pkgs = import nixpkgs { + overlays = [nix-snapshotter.overlays.default]; + }; + + image = pkgs.nix-snapshotter.buildImage { + inherit name; + resolvedByNix = true; + config = { + entrypoint = [entrypoint]; + env = [ + # this is read by the `/init` script and prevents various incompatible commands like mount, etc. + # the value of this doesn't seem to matter as long as it's not an empty string. + "container=nerd" + ]; + volumes = { + # "/var/lib/private/mycelium/key.bin" = {}; + }; + copyToRoot = [ + # self.nixosConfigurations.default.config.system.build.toplevel + ]; + }; + }; + in { + k8s = let + pod = pkgs.writeText "${name}-pod.json" (builtins.toJSON { + apiVersion = "v1"; + kind = "Pod"; + metadata = { + inherit name; + labels = {inherit name;}; + }; + spec.containers = [ + { + inherit name args; + image = "nix:0${image}"; + ports = [ + { + name = "mycelium-tcp-0"; + containerPort = builtins.elemAt myceliumPorts.tcp 0; + } + { + name = "mycelium-udp-0"; + protocol = "UDP"; + containerPort = builtins.elemAt myceliumPorts.udp 0; + } + { + name = "mycelium-udp-1"; + protocol = "UDP"; + containerPort = builtins.elemAt myceliumPorts.udp 1; + } + ]; + } + ]; + }); + + service = pkgs.writeText "${name}-service.json" (builtins.toJSON { + apiVersion = "v1"; + kind = "Service"; + metadata.name = "${name}-service"; + spec = { + type = "NodePort"; + selector = {inherit name;}; + ports = [ + { + name = "mycelium-tcp-0"; + port = builtins.elemAt myceliumPorts.tcp 0 + 50000; + targetPort = "mycelium-tcp-0"; + } + { + name = "mycelium-udp-0"; + protocol = "UDP"; + port = builtins.elemAt myceliumPorts.udp 0 + 50000; + targetPort = "mycelium-udp-0"; + } + { + name = "mycelium-udp-1"; + protocol = "UDP"; + port = builtins.elemAt myceliumPorts.udp 1 + 50000; + targetPort = "mycelium-udp-1"; + } + ]; + }; + }); + in + pkgs.runCommand "declarative-k8s" {} '' + mkdir -p $out/share/k8s + cp ${pod} $out/share/k8s/ + cp ${service} $out/share/k8s/ + ''; + + inherit image; + + start = pkgs.writeShellApplication { + name = "start"; + text = '' + set -x + rm -rf ./result + nix build --impure .#image + sudo nix2container load ./result + sudo -E nerdctl run --name ${name} --privileged -dt \ + --volume "$PWD/key.bin.crypt:${self.nixosConfigurations.default.config.services.mycelium.keyFile}:ro" \ + "nix:0$(readlink result):latest" + ''; + }; + + stop = pkgs.writeShellApplication { + name = "stop"; + text = '' + set +e + sudo -E nerdctl stop -t 60 ${name} + sudo -E nerdctl rm --force ${name} + sudo -E nerdctl system prune --all --force + sudo systemctl stop nix-snapshotter + sudo systemctl stop containerd + mount | rg -No '(/var/lib/container|/tmp/initial)[^ ]+' | tac | xargs sudo umount -l + sudo systemctl start containerd + sudo systemctl start nix-snapshotter + ''; + + # tmpfs on /run/credentials/mycelium.service type tmpfs (ro,nosuid,nodev,noexec,relatime,nosymfollow,size=1024k,nr_inodes=1024,mode=700,noswap) + + # mount -t tmpfs tmpfs /run/credentials/mycelium.service -o ro,nosuid,nodev,noexec,relatime,nosymfollow,size=1024k,nr_inodes=1024,mode=700,noswap + }; + }); + }; +} diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 41a9b8c..8fd0122 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -10,6 +10,12 @@ packages', ... }: { + nixpkgs.overlays = [ + (final: previous: { + # inherit (nodeFlake.inputs.nixpkgs-systemd256.legacyPackages.${system}) systemd systemdMinimal; + }) + ]; + nixos-x13s = { enable = true; # TODO: use hardware address @@ -87,6 +93,8 @@ sops.secrets.builder-private-key = {}; nix.distributedBuilds = true; nix.buildMachines = [ + # test these with: sudo nix store ping --store 'ssh-ng://nix-remote-builder@sj-bm-hostkey0.dev.infra.holochain.org?ssh-key=/run/secrets/builder-private-key' + { hostName = "sj-bm-hostkey0.dev.infra.holochain.org"; sshUser = "nix-remote-builder"; @@ -148,6 +156,8 @@ ../../snippets/radicale.nix ../../snippets/holo-zerotier.nix + + ../../snippets/k3s-w-nix-snapshotter.nix ]; networking.hostName = nodeName; @@ -210,11 +220,11 @@ # android on linux virtualisation.waydroid.enable = false; - virtualisation.podman.enable = true; - virtualisation.podman.dockerCompat = true; - hardware.ledger.enable = true; + virtualisation.containers.enable = true; + virtualisation.podman.enable = true; + nix.settings.substituters = [ "https://nixos-x13s.cachix.org" ]; diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 724c6e9..9633bbc 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -54,7 +54,44 @@ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nix-snapshotter", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1704152458, + "narHash": "sha256-DS+dGw7SKygIWf9w4eNBUZsK+4Ug27NwEWmn2tnbycg=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "88a2cd8166694ba0b6cb374700799cec53aef527", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, @@ -162,9 +199,31 @@ "type": "github" } }, + "nix-snapshotter": { + "inputs": { + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717948701, + "narHash": "sha256-G7SXaZ7J4yO4OQEKSZPVWcccfV87uyLech0jEOU350g=", + "owner": "yu-re-ka", + "repo": "nix-snapshotter", + "rev": "c10b066a4b1bb3451507c141636014e3335e579e", + "type": "github" + }, + "original": { + "owner": "yu-re-ka", + "repo": "nix-snapshotter", + "type": "github" + } + }, "nixos-x13s": { "inputs": { - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "nixpkgs": "nixpkgs_2" }, "locked": { @@ -263,6 +322,7 @@ "get-flake": "get-flake", "home-manager": "home-manager", "mycelium": "mycelium", + "nix-snapshotter": "nix-snapshotter", "nixos-x13s": "nixos-x13s", "nixpkgs": "nixpkgs_3", "nixpkgs-unstable": "nixpkgs-unstable" diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 110c2ae..6b8ed7e 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -20,6 +20,12 @@ # nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; mycelium.url = "github:threefoldtech/mycelium"; + + nix-snapshotter = { + url = "github:yu-re-ka/nix-snapshotter"; + # url = "github:pdtpartners/nix-snapshotter"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { diff --git a/nix/os/snippets/k3s-w-nix-snapshotter.nix b/nix/os/snippets/k3s-w-nix-snapshotter.nix new file mode 100644 index 0000000..0243018 --- /dev/null +++ b/nix/os/snippets/k3s-w-nix-snapshotter.nix @@ -0,0 +1,41 @@ +# experiment with k3s, nix-snapshotter, and nixos images +{ + nodeFlake, + nodeFlakeInputs', + pkgs, + lib, + system, + ... +}: { + # (1) Import nixos module. + imports = [ + nodeFlake.inputs.nix-snapshotter.nixosModules.default + ]; + + # (2) Add overlay. + nixpkgs.overlays = [nodeFlake.inputs.nix-snapshotter.overlays.default]; + + # (3) Enable service. + virtualisation.containerd = { + enable = true; + k3sIntegration = false; + nixSnapshotterIntegration = true; + + # TODO: understand if this has an influence on the systemd LoadCredential issue + settings.plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options.SystemdCgroup = lib.mkForce true; + }; + services.nix-snapshotter = { + enable = true; + }; + + # (4) Add a containerd CLI like nerdctl. + environment.systemPackages = [ + pkgs.nerdctl + nodeFlake.inputs.nix-snapshotter.packages.${system}.default + ]; + + services.k3s = { + enable = false; + setKubeConfig = true; + }; +} From 97a658762fb4ecf3c66a7afad252686d6caa8857 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 4 Aug 2024 14:49:06 +0200 Subject: [PATCH 148/305] feat: remove executable bit on x13s bt fw --- misc/x13s_bt_firmware/hpnv21g.b8c.crypt.fw | Bin 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 misc/x13s_bt_firmware/hpnv21g.b8c.crypt.fw diff --git a/misc/x13s_bt_firmware/hpnv21g.b8c.crypt.fw b/misc/x13s_bt_firmware/hpnv21g.b8c.crypt.fw old mode 100755 new mode 100644 From a8cc01ce6f2dcdab096891dd55de8a00f8dcbee4 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 5 Aug 2024 15:22:06 +0200 Subject: [PATCH 149/305] chore: remove .gitlab.ci.yaml --- .gitlab-ci.yml | 10 ---------- 1 file changed, 10 deletions(-) delete mode 100644 .gitlab-ci.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index efb4d91..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,10 +0,0 @@ -stages: - - build - -build: - stage: build - tags: - - nix - script: - # Test the nix-shell - - just run-with-channels 'nix-shell --run "echo OK"' From ca75a5e4388b22f97bb267d377596f4d1f58b06f Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 8 Aug 2024 14:33:02 +0200 Subject: [PATCH 150/305] router0-dmz0: bump inputs /w kernel 6.10, mtk --- nix/os/devices/router0-dmz0/flake.lock | 47 +++++++++++++------------- nix/os/devices/router0-dmz0/flake.nix | 5 ++- 2 files changed, 28 insertions(+), 24 deletions(-) diff --git a/nix/os/devices/router0-dmz0/flake.lock b/nix/os/devices/router0-dmz0/flake.lock index ac9c8e0..769e9a9 100644 --- a/nix/os/devices/router0-dmz0/flake.lock +++ b/nix/os/devices/router0-dmz0/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1720661479, - "narHash": "sha256-nsGgA14vVn0GGiqEfomtVgviRJCuSR3UEopfP8ixW1I=", + "lastModified": 1723080788, + "narHash": "sha256-C5LbM5VMdcolt9zHeLQ0bYMRjUL+N+AL5pK7/tVTdes=", "owner": "nix-community", "repo": "disko", - "rev": "786965e1b1ed3fd2018d78399984f461e2a44689", + "rev": "ffc1f95f6c28e1c6d1e587b51a2147027a3e45ed", "type": "github" }, "original": { @@ -80,11 +80,11 @@ "hostapd": { "flake": false, "locked": { - "lastModified": 1720791870, - "narHash": "sha256-8dEM8oXfFngxdumug+soQqeXefej3WC/kgv8aLmGvNk=", + "lastModified": 1723046327, + "narHash": "sha256-803SwotTiTX3eXZ70sTi51oGufgDsLDvUPiJrsECXVo=", "ref": "refs/heads/main", - "rev": "7b8517d1974fa728e07dabcbd788c6ef6a8a96dd", - "revCount": 19652, + "rev": "c6faa8936604a5a24b36600ab893725350d894bd", + "revCount": 19755, "type": "git", "url": "git://w1.fi/hostap.git?branch=main" }, @@ -121,26 +121,27 @@ ] }, "locked": { - "lastModified": 1720165368, - "narHash": "sha256-gTTaQoMeD9s0X/qvzkfnQ6IyYP7qam406sXQ8sbq1P0=", - "owner": "nakato", - "repo": "nixos-sbc", - "rev": "ddb8f1a16f1b6ebb32cb7b13125e45d65673905e", + "lastModified": 1723112495, + "narHash": "sha256-1nt+81yKDAWsHt2v8yYHceZ9mmIon2RcJC3lP1NIQJQ=", + "owner": "steveej-forks", + "repo": "nakato_nixos-sbc", + "rev": "f0c85455056dcbfdf8a8cc985db490e7bfb75f36", "type": "github" }, "original": { - "owner": "nakato", - "repo": "nixos-sbc", + "owner": "steveej-forks", + "ref": "kernel-6.10_and_cross-compile_mtkbump", + "repo": "nakato_nixos-sbc", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1720691131, - "narHash": "sha256-CWT+KN8aTPyMIx8P303gsVxUnkinIz0a/Cmasz1jyIM=", + "lastModified": 1722869614, + "narHash": "sha256-7ojM1KSk3mzutD7SkrdSflHXEujPvW1u7QuqWoTLXQU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a046c1202e11b62cbede5385ba64908feb7bfac4", + "rev": "883180e6550c1723395a3a342f830bfc5c371f6b", "type": "github" }, "original": { @@ -152,11 +153,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1720542800, - "narHash": "sha256-ZgnNHuKV6h2+fQ5LuqnUaqZey1Lqqt5dTUAiAnqH0QQ=", + "lastModified": 1722813957, + "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=", "owner": "nixos", "repo": "nixpkgs", - "rev": "feb2849fdeb70028c70d73b848214b00d324a497", + "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa", "type": "github" }, "original": { @@ -205,11 +206,11 @@ ] }, "locked": { - "lastModified": 1720691926, - "narHash": "sha256-VE9ZfWRbyBjps5GV8KXiF8XodAykmwRpcJtPiVWCu8M=", + "lastModified": 1723077922, + "narHash": "sha256-FY5UMtlBCcbMxk+ykmZzYYtm7l/uUKwiMNYbFgqG5yg=", "owner": "numtide", "repo": "srvos", - "rev": "e3e8ff545ef14f13c69a0f743078637fde952018", + "rev": "f389064525b8330f20106231762f52854490654e", "type": "github" }, "original": { diff --git a/nix/os/devices/router0-dmz0/flake.nix b/nix/os/devices/router0-dmz0/flake.nix index c177972..41f2f35 100644 --- a/nix/os/devices/router0-dmz0/flake.nix +++ b/nix/os/devices/router0-dmz0/flake.nix @@ -14,8 +14,11 @@ srvos.inputs.nixpkgs.follows = "nixpkgs"; nixos-sbc.url = - "github:nakato/nixos-sbc" + # "github:nakato/nixos-sbc" # "github:steveej-forks/nakato_nixos-sbc/kernel-6.9_and_cross-compile" + # "github:steveej-forks/nakato_nixos-sbc/kernel-6.10_and_cross-compile" + "github:steveej-forks/nakato_nixos-sbc/kernel-6.10_and_cross-compile_mtkbump" + # "git+file:///home/steveej/src/others/nakato_nixos-sbc/" ; nixos-sbc.inputs.nixpkgs.follows = "nixpkgs"; From 98dd749c900c91a8a1a59c0f7eb05d10672bca14 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 8 Aug 2024 14:37:38 +0200 Subject: [PATCH 151/305] x13s: try signal in waydroid instead of nixos --- nix/home-manager/configuration/graphical-fullblown.nix | 3 ++- nix/os/devices/steveej-x13s/configuration.nix | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index da2e4d3..a43cab8 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -108,7 +108,8 @@ in { # FIXME: depends on insecure openssl 1.1.1t # kotatogram-desktop pkgsUnstable.tdesktop - pkgsUnstable.signal-desktop + # TODO: remove or reuse this depending on whether waydroid signal works + # pkgsUnstable.signal-desktop thunderbird diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 8fd0122..4f2a4e7 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -219,7 +219,7 @@ }; # android on linux - virtualisation.waydroid.enable = false; + virtualisation.waydroid.enable = true; hardware.ledger.enable = true; virtualisation.containers.enable = true; From 34417fb7bc64de49a46c905bb40e2d17173926b4 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 16 Aug 2024 15:52:33 +0200 Subject: [PATCH 152/305] nix/os/devices/sj-srv1: bump versions --- nix/os/devices/sj-srv1/flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/nix/os/devices/sj-srv1/flake.lock b/nix/os/devices/sj-srv1/flake.lock index 5985819..75efad0 100644 --- a/nix/os/devices/sj-srv1/flake.lock +++ b/nix/os/devices/sj-srv1/flake.lock @@ -23,11 +23,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1721949857, - "narHash": "sha256-DID446r8KsmJhbCzx4el8d9SnPiE8qa6+eEQOJ40vR0=", + "lastModified": 1723688146, + "narHash": "sha256-sqLwJcHYeWLOeP/XoLwAtYjr01TISlkOfz+NG82pbdg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a1cc729dcbc31d9b0d11d86dc7436163548a9665", + "rev": "c3d4ac725177c030b1e289015989da2ad9d56af0", "type": "github" }, "original": { @@ -39,11 +39,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1722006690, - "narHash": "sha256-Y84/ZDxUvJhRDaqM67VjHyAbZ26j9/XRKH/zN9fGRBU=", + "lastModified": 1723816116, + "narHash": "sha256-EjAHH2CHixotYKJ39gC8kLuYKy2QUeOKgjLVD1xaROU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "bb7d08ac86ae13fad7166d6082a2d8d0582c6ef3", + "rev": "a800d4bb3ffebe4219b60bd5c81e53a323f72627", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1721973884, - "narHash": "sha256-Vsn2P1YOFzxMog3Iefy9Ky9KW+PvipnaT/kkVyOKLWg=", + "lastModified": 1723764322, + "narHash": "sha256-1V4C7f7sUjslxreqbpvBzitl9I2nY7nOrR17DjnatcU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4a8e77c70685d5bb20aaafe1422888e33b4ae9f2", + "rev": "03bd12dcf88b6aabc047fbf909bda4c7e344416c", "type": "github" }, "original": { From 547e0f6305a36c2a9f2a6024d69bec59e5f9c5e1 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 16 Aug 2024 16:29:52 +0200 Subject: [PATCH 153/305] nix/os/devices/sj-srv1: bump versions --- nix/os/devices/sj-srv1/flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nix/os/devices/sj-srv1/flake.lock b/nix/os/devices/sj-srv1/flake.lock index 75efad0..7696638 100644 --- a/nix/os/devices/sj-srv1/flake.lock +++ b/nix/os/devices/sj-srv1/flake.lock @@ -39,11 +39,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1723816116, - "narHash": "sha256-EjAHH2CHixotYKJ39gC8kLuYKy2QUeOKgjLVD1xaROU=", + "lastModified": 1723817722, + "narHash": "sha256-m8o4Qpje/eeBfbWzikjkMMBYrzxRomDtPBSxJ6xGBcA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a800d4bb3ffebe4219b60bd5c81e53a323f72627", + "rev": "c49d0387e0b2ee9a53f5298eaaa6b2d37809962f", "type": "github" }, "original": { From 99f8c7a2f0dbe0bd3dea297c130c51e66ed6bffb Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 16 Aug 2024 16:47:21 +0200 Subject: [PATCH 154/305] debug(sj-srv1): rename container web -> websrv0 it's unclear why this is needed, however the IP address for the container wouldn't come up otherwise --- nix/os/devices/sj-srv1/system.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/os/devices/sj-srv1/system.nix b/nix/os/devices/sj-srv1/system.nix index dcb3658..b862faa 100644 --- a/nix/os/devices/sj-srv1/system.nix +++ b/nix/os/devices/sj-srv1/system.nix @@ -91,7 +91,7 @@ sievePort = 4190; }; - web = + websrv0 = import ../../containers/webserver.nix { specialArgs = { From c66a7c65c24122c9fe84e1f060fe6dd206b78a4a Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 17 Aug 2024 17:15:22 +0200 Subject: [PATCH 155/305] router0-dmz0: wifi tweaking --- nix/os/devices/router0-dmz0/configuration.nix | 35 +++++++++++++------ nix/os/devices/router0-dmz0/flake.lock | 6 ++-- 2 files changed, 27 insertions(+), 14 deletions(-) diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 0691c01..a84a298 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -916,16 +916,6 @@ in { # This option can be used to exclude all DFS channels from the ACS channel list # in cases where the driver supports DFS channels. acs_exclude_dfs = 0; - - # Disassociate stations based on excessive transmission failures or other - # indications of connection loss. This depends on the driver capabilities and - # may not be available with all drivers. - disassoc_low_ack = 0; - - skip_inactivity_poll = 1; - - # TODO: check if this is required. multicast can be more efficient so it'd be nice to disable this. - multicast_to_unicast = 1; }; # use 'iw phy#1 info' to determine your VHT capabilities @@ -942,9 +932,11 @@ in { "RX-STBC1" "MAX-AMSDU-7935" + "40-INTOLERANT" + + # not supported by BPI-R3 module # "DELAYED-BA" # "DSSS_CCK-40" - "40-INTOLERANT" ]; }; @@ -1052,8 +1044,29 @@ in { # [ENABLE-TLSv1.3] = enable TLSv1.3 (experimental - disabled by default) tls_flags = "[ENABLE-TLSv1.3]"; + # TODO: debugging for wifi drops happens below here + # Require IEEE 802.1X authorization ieee8021x = 0; + + # Optionally, hostapd can be configured to use an integrated EAP server + # to process EAP authentication locally without need for an external RADIUS + # server. This functionality can be used both as a local authentication server + # for IEEE 802.1X/EAPOL and as a RADIUS server for other devices. + + # Use integrated EAP server instead of external RADIUS authentication + # server. This is also needed if hostapd is configured to act as a RADIUS + # authentication server. eap_server = 0; + + # Disassociate stations based on excessive transmission failures or other + # indications of connection loss. This depends on the driver capabilities and + # may not be available with all drivers. + disassoc_low_ack = 0; + + skip_inactivity_poll = 1; + + # TODO: check if this is required. multicast can be more efficient so it'd be nice to disable this. + multicast_to_unicast = 0; }; }; }; diff --git a/nix/os/devices/router0-dmz0/flake.lock b/nix/os/devices/router0-dmz0/flake.lock index 769e9a9..d155575 100644 --- a/nix/os/devices/router0-dmz0/flake.lock +++ b/nix/os/devices/router0-dmz0/flake.lock @@ -121,11 +121,11 @@ ] }, "locked": { - "lastModified": 1723112495, - "narHash": "sha256-1nt+81yKDAWsHt2v8yYHceZ9mmIon2RcJC3lP1NIQJQ=", + "lastModified": 1723893138, + "narHash": "sha256-TCGUFSBIaItvaFa+ydPII+Ayrn3OHfV1220RLgtWh5s=", "owner": "steveej-forks", "repo": "nakato_nixos-sbc", - "rev": "f0c85455056dcbfdf8a8cc985db490e7bfb75f36", + "rev": "5fb94671a47229e269383e736cb1764c94803ebb", "type": "github" }, "original": { From 08cc57ada1827ef4707132451e4ee9d2eddbfc24 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 17 Aug 2024 17:19:34 +0200 Subject: [PATCH 156/305] feat: bump nix-direnv and tweak vscode nix LSP settings --- .envrc | 6 +++--- .vscode/settings.json | 19 ++++++++++++++++--- 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/.envrc b/.envrc index 831c737..fd277e4 100644 --- a/.envrc +++ b/.envrc @@ -1,5 +1,5 @@ -if ! has nix_direnv_version || ! nix_direnv_version 3.0.4; then - source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.4/direnvrc" "sha256-DzlYZ33mWF/Gs8DDeyjr8mnVmQGx7ASYqA5WlxwvBG4=" +if ! has nix_direnv_version || ! nix_direnv_version 3.0.5; then + source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.5/direnvrc" "sha256-RuwIS+QKFj/T9M2TFXScjBsLR6V3A17YVoEW/Q6AZ1w=" fi -use_flake .#develop +use flake .#develop diff --git a/.vscode/settings.json b/.vscode/settings.json index 0691bf9..8ace7b1 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,6 +1,19 @@ { - "nixEnvSelector.nixFile": "${workspaceRoot}/shell.nix", - "[nix]": { - "editor.defaultFormatter": "jnoortheen.nix-ide" + "nix.serverSettings": { + // settings for 'nil' LSP + "nil": { + "autoArchive": true, + "diagnostics": { + "ignored": [ + "unused_binding", + "unused_with" + ] + }, + "formatting": { + "command": [ + "alejandra", + ] + } + } }, } From 3852bc30ad01b1d421db2d73f1e2afb3eecc4452 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 18 Aug 2024 14:26:02 +0200 Subject: [PATCH 157/305] graphical-fullblown: add xournalpp for PDF annotation --- nix/home-manager/configuration/graphical-fullblown.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index a43cab8..79be77f 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -171,6 +171,7 @@ in { pcmanfm # mendeley evince + xournalpp # File Synchronzation maestral From 885329094ed4ac2193c6fd35f763cafe80a405e0 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 18 Aug 2024 14:26:31 +0200 Subject: [PATCH 158/305] graphical-fullblown: remove lapce and helix as i'm not using them --- nix/home-manager/configuration/graphical-fullblown.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 79be77f..ef47a83 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -141,8 +141,8 @@ in { nethogs # Code Editing and Programming - pkgsUnstable.lapce - pkgsUnstable.helix + # TODO(remove or use): pkgsUnstable.lapce + # TODO(remve or use): pkgsUnstable.helix # Image/Graphic/Design Tools gnome.eog From a105680d8bd071b3ff71cd41a9946d53ddf26168 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 22 Aug 2024 14:31:32 +0200 Subject: [PATCH 159/305] feat(router0-dmz0): add another set of DNS servers --- nix/os/devices/router0-dmz0/configuration.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index a84a298..4d82178 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -1143,8 +1143,11 @@ in { "2a01:4f8:151:34aa::198" "2a01:4f8:141:316d::117" - # cloudflare and google - # "9.9.9.9" "8.8.8.8" "1.1.1.1" + # https://dismail.de/info.html#dns + "116.203.32.217" + "2a01:4f8:1c1b:44aa::1" + "159.69.114.157" + "2a01:4f8:c17:739a::2" ]; domain = From a21c2f544c9053d547dcc6d5c1fc8c37f5d1bb39 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 22 Aug 2024 14:33:00 +0200 Subject: [PATCH 160/305] chore: cleanup and refactor --- flake.nix | 12 +- nix/os/devices/steveej-x13s/default.nix | 2 +- nix/os/devices/steveej-x13s/flake.nix | 54 +++--- nix/os/devices/voodoo/.gitignore | 1 - nix/os/devices/voodoo/configuration.nix | 85 --------- nix/os/devices/voodoo/default.nix | 35 ---- nix/os/devices/voodoo/flake.lock | 225 ------------------------ nix/os/devices/voodoo/flake.nix | 81 --------- 8 files changed, 35 insertions(+), 460 deletions(-) delete mode 100644 nix/os/devices/voodoo/.gitignore delete mode 100644 nix/os/devices/voodoo/configuration.nix delete mode 100644 nix/os/devices/voodoo/default.nix delete mode 100644 nix/os/devices/voodoo/flake.lock delete mode 100644 nix/os/devices/voodoo/flake.nix diff --git a/flake.nix b/flake.nix index a63a5c2..9b68e10 100644 --- a/flake.nix +++ b/flake.nix @@ -185,22 +185,23 @@ # "justyna-p300" # "srv0-dmz0" - # # "router0-dmz0" + # "router0-dmz0" "router0-ifog" "router0-hosthatch" "sj-srv1" "hstk0" - - # "retro" ]); + flake.lib = { + inherit withSystem; + }; + # this makes nixos-anywhere work flake.nixosConfigurations = let colmenaHive = (inputs.colmena.lib.makeHive self.outputs.colmena).nodes; router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations; - retro = (inputs.get-flake ./nix/os/devices/retro).nixosConfigurations; in ( colmenaHive // { @@ -210,9 +211,6 @@ # nixos-rebuild switch --flake .\#router0-dmz0_cross --build-host localhost --target-host root@192.168.10.1 router0-dmz0_cross = router0-dmz0.cross; - # nixos-install --flake .\#retro_cross - retro_cross = retro.cross; - steveej-x13s_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations.cross; steveej-x13s-rmvbl_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s-rmvbl).nixosConfigurations.cross; } diff --git a/nix/os/devices/steveej-x13s/default.nix b/nix/os/devices/steveej-x13s/default.nix index fa66cf4..e6d8ece 100644 --- a/nix/os/devices/steveej-x13s/default.nix +++ b/nix/os/devices/steveej-x13s/default.nix @@ -30,7 +30,7 @@ # nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system}; imports = [ - (repoFlake + "/nix/os/devices/${nodeName}/configuration.nix") + ./configuration.nix ]; }; } diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 6b8ed7e..5104910 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -34,24 +34,31 @@ nixpkgs, ... }: let - targetPlatform = "aarch64-linux"; - buildPlatform = "x86_64-linux"; + nativeSystem = "aarch64-linux"; + nodeName = "steveej-x13s"; + + pkgs = nixpkgs.legacyPackages.${nativeSystem}; + pkgsCross = import self.inputs.nixpkgs { + system = "x86_64-linux"; + crossSystem = { + config = "aarch64-unknown-linux-gnu"; + }; + }; + repoFlake = get-flake ../../../..; - mkNixosConfiguration = { - nodeName, - extraModules ? [], - ... - } @ attrs: + mkNixosConfiguration = {extraModules ? [], ...} @ attrs: nixpkgs.lib.nixosSystem ( nixpkgs.lib.attrsets.recursiveUpdate attrs { specialArgs = (import ./default.nix { - system = targetPlatform; - inherit nodeName repoFlake; + system = nativeSystem; + inherit nodeName; + inherit repoFlake; + repoFlakeWithSystem = repoFlake.lib.withSystem; nodeFlake = self; }) .meta @@ -60,7 +67,13 @@ modules = [ - # repoFlake.nixosModules.hardware-x13s + ./configuration.nix + + # flake registry + { + nixpkgs.overlays = builtins.attrValues self.overlays; + nix.registry.nixpkgs.flake = nixpkgs; + } ] ++ extraModules; } @@ -70,30 +83,21 @@ inherit mkNixosConfiguration; }; - nixosConfigurations = let - nodeName = "steveej-x13s"; - in { + overlays = {}; + + nixosConfigurations = { native = mkNixosConfiguration { - inherit nodeName; - system = targetPlatform; - extraModules = [ - ./configuration.nix - ]; + system = nativeSystem; }; cross = mkNixosConfiguration { - inherit nodeName; extraModules = [ - ./configuration.nix - { - nixpkgs.buildPlatform.system = buildPlatform; - nixpkgs.hostPlatform.system = targetPlatform; + nixpkgs.buildPlatform.system = "x86_64-linux"; + nixpkgs.hostPlatform.system = nativeSystem; } ]; }; }; - packages.${targetPlatform} = { - }; }; } diff --git a/nix/os/devices/voodoo/.gitignore b/nix/os/devices/voodoo/.gitignore deleted file mode 100644 index b2be92b..0000000 --- a/nix/os/devices/voodoo/.gitignore +++ /dev/null @@ -1 +0,0 @@ -result diff --git a/nix/os/devices/voodoo/configuration.nix b/nix/os/devices/voodoo/configuration.nix deleted file mode 100644 index d6ae93c..0000000 --- a/nix/os/devices/voodoo/configuration.nix +++ /dev/null @@ -1,85 +0,0 @@ -{ - repoFlake, - pkgs, - lib, - config, - nodeFlake, - nodeName, - localDomainName, - system, - ... -}: let -in { - imports = [ - # repoFlake.inputs.sops-nix.nixosModules.sops - - # ../../profiles/common/user.nix - - { - nix.nixPath = [ - "nixpkgs=${pkgs.path}" - ]; - - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - - nix.settings.max-jobs = lib.mkDefault "auto"; - nix.settings.cores = lib.mkDefault 0; - } - - { - services.openssh.enable = true; - services.openssh.settings.PermitRootLogin = "yes"; - - # users.commonUsers = { - # enable = true; - # enableNonRoot = false; - # rootPasswordFile = config.sops.secrets.passwords-root.path; - # }; - - users.users.root.password = "voodoo"; - - # sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; - # sops.defaultSopsFormat = "yaml"; - - # sops.secrets.passwords-root.neededForUsers = true; - } - ]; - - networking = { - hostName = nodeName; - useNetworkd = false; - useDHCP = true; - firewall.enable = false; - }; - - system.stateVersion = "23.11"; - - # We exclude a number of modules included in the default list. A non-insignificant amount do - # not apply to embedded hardware like this, so simply skip the defaults. - # - # Custom kernel is required as a lot of MTK components misbehave when built as modules. - # They fail to load properly, leaving the system without working ethernet, they'll oops on - # remove. MTK-DSA parts and PCIe were observed to do this. - - # boot.initrd.includeDefaultModules = false; - # boot.initrd.kernelModules = ["rfkill" "cfg80211" "mt7915e"]; - # boot.initrd.availableKernelModules = ["nvme"]; - - hardware.enableRedistributableFirmware = false; - - # Extlinux compatible with custom uboot patches in this repo, which also provide unique - # MAC addresses instead of the non-unique one that gets used by a lot of MTK devices... - boot.loader.grub.enable = true; - - environment.systemPackages = [ - # pkgs.pciutils - ]; - - fileSystems."/".label = "voodoo_root"; - boot.loader.grub.devices = [ - "/dev/disk/by-id/usb-ST313640_A_20171021-0" - ]; -} diff --git a/nix/os/devices/voodoo/default.nix b/nix/os/devices/voodoo/default.nix deleted file mode 100644 index e43dbc4..0000000 --- a/nix/os/devices/voodoo/default.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - system ? "i586-linux", - nodeName, - repoFlake, - nodeFlake, - localDomainName ? "internal", - ... -}: { - meta.nodeSpecialArgs.${nodeName} = { - inherit repoFlake nodeName nodeFlake system; - packages' = repoFlake.packages.${system}; - nodePackages' = nodeFlake.packages.${system}; - - inherit localDomainName; - }; - - meta.nodeNixpkgs.${nodeName} = - import nodeFlake.inputs.nixpkgs.outPath - { - inherit system; - }; - - ${nodeName} = { - deployment.targetHost = "${nodeName}.${localDomainName}"; - deployment.replaceUnknownProfiles = true; - - # nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system}; - - imports = [ - ./configuration.nix - ]; - - networking.hostName = nodeName; - }; -} diff --git a/nix/os/devices/voodoo/flake.lock b/nix/os/devices/voodoo/flake.lock deleted file mode 100644 index 089ad5e..0000000 --- a/nix/os/devices/voodoo/flake.lock +++ /dev/null @@ -1,225 +0,0 @@ -{ - "nodes": { - "bpir3": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1703603768, - "narHash": "sha256-ZViXHNt7ClqNtlRO9iot+LxiSbBvZi/RR+/6Q7W6UV8=", - "owner": "steveej-forks", - "repo": "nixos-bpir3", - "rev": "47cb545b92c136d1482a66b940c4719c40eb5fe3", - "type": "github" - }, - "original": { - "owner": "steveej-forks", - "ref": "linux-6.6", - "repo": "nixos-bpir3", - "type": "github" - } - }, - "dependencyDagOfSubmodule": { - "inputs": { - "nixpkgs": [ - "nixos-nftables-firewall", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1656615370, - "narHash": "sha256-IZDqz1aSySoqf1qtVQg+oJMHfC4IlT55Zoa7EkjvPug=", - "owner": "thelegy", - "repo": "nix-dependencyDagOfSubmodule", - "rev": "98eb563d80b35acafbfc1abb9ccee569c1efb19c", - "type": "github" - }, - "original": { - "owner": "thelegy", - "repo": "nix-dependencyDagOfSubmodule", - "type": "github" - } - }, - "disko": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1703532766, - "narHash": "sha256-ojjW3cuNmqL5uqDWohwLoO8dYpheM5+AfgsNmGIMwG8=", - "owner": "nix-community", - "repo": "disko", - "rev": "1b191113874dee97796749bb21eac3d84735c70a", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "disko", - "type": "github" - } - }, - "get-flake": { - "locked": { - "lastModified": 1694475786, - "narHash": "sha256-s5wDmPooMUNIAAsxxCMMh9g68AueGg63DYk2hVZJbc8=", - "owner": "ursi", - "repo": "get-flake", - "rev": "ac54750e3b95dab6ec0726d77f440efe6045bec1", - "type": "github" - }, - "original": { - "owner": "ursi", - "repo": "get-flake", - "type": "github" - } - }, - "home-manager": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1703527373, - "narHash": "sha256-AjypRssRtS6F3xkf7rE3/bXkIF2WJOZLbTIspjcE1zM=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "80679ea5074ab7190c4cce478c600057cfb5edae", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "master", - "repo": "home-manager", - "type": "github" - } - }, - "hostapd": { - "flake": false, - "locked": { - "lastModified": 1703346062, - "narHash": "sha256-SHSBKIgKc5zEGhKDT2v+yGERTJHf8pe+9ZPUwJBTJKQ=", - "ref": "refs/heads/main", - "rev": "196d6c83b9cb7d298fdc92684dc37115348b159e", - "revCount": 19119, - "type": "git", - "url": "git://w1.fi/hostap.git?branch=main" - }, - "original": { - "type": "git", - "url": "git://w1.fi/hostap.git?branch=main" - } - }, - "nixos-nftables-firewall": { - "inputs": { - "dependencyDagOfSubmodule": "dependencyDagOfSubmodule", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1703279052, - "narHash": "sha256-0rbG/9SwaWtXT7ZuifMq+7wvfxDpZrjr0zdMcM4KK+E=", - "owner": "thelegy", - "repo": "nixos-nftables-firewall", - "rev": "3bf23aeb346e772d157816e6b72a742a6c97db80", - "type": "github" - }, - "original": { - "owner": "thelegy", - "repo": "nixos-nftables-firewall", - "type": "github" - } - }, - "nixos-stable": { - "locked": { - "lastModified": 1703068421, - "narHash": "sha256-WSw5Faqlw75McIflnl5v7qVD/B3S2sLh+968bpOGrWA=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d65bceaee0fb1e64363f7871bc43dc1c6ecad99f", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1703255338, - "narHash": "sha256-Z6wfYJQKmDN9xciTwU3cOiOk+NElxdZwy/FiHctCzjU=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "6df37dc6a77654682fe9f071c62b4242b5342e04", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "openwrt": { - "flake": false, - "locked": { - "lastModified": 1691699580, - "narHash": "sha256-CV+ufXPEr5Nz2O2FBnnuPeHNsFQ7c5s0uW39u/q3cUo=", - "ref": "main", - "rev": "847984c773d819d5579d5abae4b80a4983103ed9", - "revCount": 58166, - "type": "git", - "url": "https://github.com/openwrt/openwrt.git" - }, - "original": { - "ref": "main", - "rev": "847984c773d819d5579d5abae4b80a4983103ed9", - "type": "git", - "url": "https://github.com/openwrt/openwrt.git" - } - }, - "root": { - "inputs": { - "bpir3": "bpir3", - "disko": "disko", - "get-flake": "get-flake", - "home-manager": "home-manager", - "hostapd": "hostapd", - "nixos-nftables-firewall": "nixos-nftables-firewall", - "nixpkgs": "nixpkgs", - "openwrt": "openwrt", - "srvos": "srvos" - } - }, - "srvos": { - "inputs": { - "nixos-stable": "nixos-stable", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1703469109, - "narHash": "sha256-hTQJ9uV43Vt8UXwervEj9mbDoQSN1mD3lwwPChG8jy8=", - "owner": "numtide", - "repo": "srvos", - "rev": "52d07db520046c4775f1047e68a05dcb53bba9ec", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "srvos", - "type": "github" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/nix/os/devices/voodoo/flake.nix b/nix/os/devices/voodoo/flake.nix deleted file mode 100644 index 7e94241..0000000 --- a/nix/os/devices/voodoo/flake.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ - inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; - - get-flake.url = "github:ursi/get-flake"; - - disko.inputs.nixpkgs.follows = "nixpkgs"; - srvos.url = "github:numtide/srvos"; - srvos.inputs.nixpkgs.follows = "nixpkgs"; - }; - - outputs = { - self, - get-flake, - nixpkgs, - ... - }: let - targetPlatform = "i686-linux"; - buildPlatform = "x86_64-linux"; - nodeName = "voodoo"; - - pkgs = nixpkgs.legacyPackages.${targetPlatform}; - pkgsCross = import self.inputs.nixpkgs { - system = buildPlatform; - crossSystem = { - config = "pentium2-unknown-linux-gnu"; - }; - }; - - mkNixosConfiguration = {extraModules ? [], ...} @ attrs: - nixpkgs.lib.nixosSystem ( - nixpkgs.lib.attrsets.recursiveUpdate - attrs - { - specialArgs = - (import ./default.nix { - system = targetPlatform; - inherit nodeName; - - repoFlake = get-flake ../../../..; - nodeFlake = self; - }) - .meta - .nodeSpecialArgs - .${nodeName}; - - modules = - [ - ./configuration.nix - - # flake registry - { - nix.registry.nixpkgs.flake = nixpkgs; - } - - { - nixpkgs.overlays = [ - (final: previous: {}) - ]; - } - ] - ++ extraModules; - } - ); - in { - nixosConfigurations = { - native = mkNixosConfiguration { - system = targetPlatform; - }; - - cross = mkNixosConfiguration { - extraModules = [ - { - nixpkgs.buildPlatform.system = buildPlatform; - nixpkgs.hostPlatform.system = targetPlatform; - } - ]; - }; - }; - }; -} From 8d99d23d8ac260ba69f31ae7c69c1e8b6ba03c63 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 22 Aug 2024 14:33:12 +0200 Subject: [PATCH 161/305] chromium: phantom wallet extension --- nix/home-manager/programs/chromium.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nix/home-manager/programs/chromium.nix b/nix/home-manager/programs/chromium.nix index e48456e..712eb42 100644 --- a/nix/home-manager/programs/chromium.nix +++ b/nix/home-manager/programs/chromium.nix @@ -50,6 +50,9 @@ # rabby wallet {id = "acmacodkjbdgmoleebolmdjonilkdbch";} + # phantom wallet + {id = "bfnaelmomeimhlpmgjnjophhpkkoljpa";} + # Vimium C {id = "hfjbmagddngcpeloejdejnfgbamkjaeg";} From dc30b07bf99776b8d4cdfa244580940a34d90466 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 22 Aug 2024 14:33:39 +0200 Subject: [PATCH 162/305] sj-srv1: configure libvirt and external filesystem --- nix/os/devices/sj-srv1/system.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/nix/os/devices/sj-srv1/system.nix b/nix/os/devices/sj-srv1/system.nix index b862faa..bd23a9e 100644 --- a/nix/os/devices/sj-srv1/system.nix +++ b/nix/os/devices/sj-srv1/system.nix @@ -121,6 +121,14 @@ }; }; + virtualisation.libvirtd = { + enable = true; + onShutdown = "shutdown"; + parallelShutdown = 3; + }; + + fileSystems."/mnt/8078-532D".device = "/dev/disk/by-uuid/8078-532D"; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave From e1d4a1019a42f65fdb478bd28ba32162598279c9 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 22 Aug 2024 14:34:01 +0200 Subject: [PATCH 163/305] feat(steveej-x13s): update and limit space usage on /boot --- nix/os/devices/steveej-x13s/configuration.nix | 2 ++ nix/os/devices/steveej-x13s/flake.lock | 24 +++++++++---------- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 4f2a4e7..f10f307 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -198,6 +198,8 @@ boot = { loader.systemd-boot.enable = true; + loader.systemd-boot.configurationLimit = 5; + loader.efi.canTouchEfiVariables = lib.mkForce false; loader.efi.efiSysMountPoint = "/boot"; blacklistedKernelModules = ["wwan"]; diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 9633bbc..8805ba8 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1722476845, - "narHash": "sha256-7gZ8uf3qOox8Vrwd+p9EhUHHLhhK8lis/5KcXGmIaow=", + "lastModified": 1723685519, + "narHash": "sha256-GkXQIoZmW2zCPp1YFtAYGg/xHNyFH/Mgm79lcs81rq0=", "owner": "nix-community", "repo": "disko", - "rev": "7e1b215a0a96efb306ad6440bf706d2b307dc267", + "rev": "276a0d055a720691912c6a34abb724e395c8e38a", "type": "github" }, "original": { @@ -171,11 +171,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1722421086, - "narHash": "sha256-Po8GvfDt4O646w1IDIcRdiRIxnqVLv/OwBhr5nOazLw=", + "lastModified": 1722599161, + "narHash": "sha256-befejQIW6Tc6znCpEW4MrrTLT8c6kRszAmxvB+ojFJo=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "e4d7be8556b259a2204f19d6a0537da3aa7d7a3e", + "rev": "c5ac0a8cf3341a53bb136bbbb42ede4f62041c24", "type": "github" }, "original": { @@ -270,11 +270,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1722421184, - "narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=", + "lastModified": 1723637854, + "narHash": "sha256-med8+5DSWa2UnOqtdICndjDAEjxr5D7zaIiK4pn0Q7c=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58", + "rev": "c3aa7b8938b17aebd2deecf7be0636000d62a2b9", "type": "github" }, "original": { @@ -302,11 +302,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1722372011, - "narHash": "sha256-B2xRiC3NEJy/82ugtareBkRqEkPGpMyjaLxaR8LBxNs=", + "lastModified": 1723688146, + "narHash": "sha256-sqLwJcHYeWLOeP/XoLwAtYjr01TISlkOfz+NG82pbdg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "cf05eeada35e122770c5c14add958790fcfcbef5", + "rev": "c3d4ac725177c030b1e289015989da2ad9d56af0", "type": "github" }, "original": { From 84b473d38cb34c32c4a9a02a8b3d633ecc209826 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 24 Aug 2024 00:16:29 +0200 Subject: [PATCH 164/305] feat(sj-srv1): switch to hostBridge set up the hostside veth interfaces seem to be buggy and this is more efficient anyway. --- nix/os/containers/mailserver.nix | 3 ++- nix/os/containers/syncthing.nix | 3 ++- nix/os/containers/webserver.nix | 3 ++- nix/os/devices/sj-srv1/system.nix | 36 ++++++++++++++++++++++++------- 4 files changed, 34 insertions(+), 11 deletions(-) diff --git a/nix/os/containers/mailserver.nix b/nix/os/containers/mailserver.nix index b906d8b..c821bf4 100644 --- a/nix/os/containers/mailserver.nix +++ b/nix/os/containers/mailserver.nix @@ -1,5 +1,6 @@ { specialArgs, + hostBridge, hostAddress, localAddress, imapsPort ? 993, @@ -227,5 +228,5 @@ } ]; - inherit hostAddress localAddress; + inherit hostBridge hostAddress localAddress; } diff --git a/nix/os/containers/syncthing.nix b/nix/os/containers/syncthing.nix index 12421c7..8c0ba82 100644 --- a/nix/os/containers/syncthing.nix +++ b/nix/os/containers/syncthing.nix @@ -1,5 +1,6 @@ { specialArgs, + hostBridge, hostAddress, localAddress, syncthingPort ? 22000, @@ -56,5 +57,5 @@ } ]; - inherit hostAddress localAddress; + inherit hostBridge hostAddress localAddress; } diff --git a/nix/os/containers/webserver.nix b/nix/os/containers/webserver.nix index c2c166c..0611f60 100644 --- a/nix/os/containers/webserver.nix +++ b/nix/os/containers/webserver.nix @@ -1,5 +1,6 @@ { specialArgs, + hostBridge, hostAddress, localAddress, httpPort, @@ -330,5 +331,5 @@ in { } ]; - inherit hostAddress localAddress; + inherit hostBridge hostAddress localAddress; } diff --git a/nix/os/devices/sj-srv1/system.nix b/nix/os/devices/sj-srv1/system.nix index bd23a9e..985ed24 100644 --- a/nix/os/devices/sj-srv1/system.nix +++ b/nix/os/devices/sj-srv1/system.nix @@ -29,9 +29,26 @@ networking.nat = { enable = true; - internalInterfaces = ["ve-*"]; externalInterface = "eth0"; + internalInterfaces = ["br0"]; }; + + networking.bridges = { + br0 = { + interfaces = []; + }; + }; + networking.interfaces = { + br0 = { + ipv4.addresses = [ + { + address = "192.168.101.1"; + prefixLength = 24; + } + ]; + }; + }; + boot.kernel.sysctl = { "net.ipv4.ip_forward" = 1; }; @@ -84,14 +101,15 @@ autoStart = true; - hostAddress = "192.168.100.10"; - localAddress = "192.168.100.11"; + hostBridge = "br0"; + hostAddress = "192.168.101.1"; + localAddress = "192.168.101.10/24"; imapsPort = 993; sievePort = 4190; }; - websrv0 = + webserver = import ../../containers/webserver.nix { specialArgs = { @@ -100,8 +118,9 @@ autoStart = true; - hostAddress = "192.168.100.12"; - localAddress = "192.168.100.13"; + hostBridge = "br0"; + hostAddress = "192.168.101.1"; + localAddress = "192.168.101.11/24"; httpPort = 80; httpsPort = 443; @@ -114,8 +133,9 @@ }; autoStart = true; - hostAddress = "192.168.100.14"; - localAddress = "192.168.100.15"; + hostBridge = "br0"; + hostAddress = "192.168.101.1"; + localAddress = "192.168.101.12/24"; syncthingPort = 22000; }; From 7d0515d6f0f39a62b6bf738208536ee365604d15 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 24 Aug 2024 00:18:17 +0200 Subject: [PATCH 165/305] feat(router0-dmz0,sj-srv1): use bridged macvlan as main dmz interface this allows guest VMs to communicate with the host via their macvtap connection. --- nix/os/devices/router0-dmz0/configuration.nix | 14 +++++--- nix/os/devices/sj-srv1/system.nix | 36 +++++++++++++++++-- 2 files changed, 44 insertions(+), 6 deletions(-) diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 4d82178..33a6ed3 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -87,13 +87,16 @@ then bridgeInterfaceName else "${bridgeInterfaceName}.${toString vlanid}"; - dmzExposedHost = "sj-srv1.dmz.internal"; + dmzExposedHost = "sj-srv1"; + dmzExposedHostDomain = "dmz.internal"; + dmzExposedHostFQDN = "${dmzExposedHost}.${dmzExposedHostDomain}"; dmzExposedHostIpv4 = mkVlanIpv4HostAddr { vlanid = vlansByName.dmz.id; host = 99; cidr = false; }; - # "sj-srv1.dmz.internal"; + + dmzExposedHostMACaddr = repoFlake.nixosConfigurations.${dmzExposedHost}.config.systemd.network.netdevs."10-dmz0".netdevConfig.MACAddress; in { imports = [ nixos-sbc.nixosModules.default @@ -1126,8 +1129,11 @@ in { ) vlanRangeWith0; - # TODO: double-check that this works - dhcp-host = "1c:69:7a:07:08:5f,${dmzExposedHostIpv4},${dmzExposedHost}"; + dhcp-host = builtins.concatStringsSep "," [ + dmzExposedHostMACaddr + dmzExposedHostIpv4 + dmzExposedHostFQDN + ]; expand-hosts = true; diff --git a/nix/os/devices/sj-srv1/system.nix b/nix/os/devices/sj-srv1/system.nix index 985ed24..a6498a4 100644 --- a/nix/os/devices/sj-srv1/system.nix +++ b/nix/os/devices/sj-srv1/system.nix @@ -25,12 +25,12 @@ networking.usePredictableInterfaceNames = false; networking.useNetworkd = true; - networking.useDHCP = true; + networking.useDHCP = false; networking.nat = { enable = true; - externalInterface = "eth0"; internalInterfaces = ["br0"]; + externalInterface = "dmz0"; }; networking.bridges = { @@ -49,8 +49,40 @@ }; }; + systemd.network.netdevs."10-dmz0" = { + enable = true; + netdevConfig = { + Name = "dmz0"; + Kind = "macvlan"; + MACAddress = "1c:69:7a:07:08:6f"; + }; + + macvlanConfig = { + Mode = "bridge"; + }; + }; + + systemd.network.networks."20-eth0" = { + enable = true; + matchConfig.Name = "eth0"; + + # TODO: i'm not sure if and if so why this is required + macvlan = [ + "dmz0" + ]; + + DHCP = "no"; + }; + + systemd.network.networks."30-dmz0" = { + enable = true; + matchConfig.Name = "dmz0"; + DHCP = "yes"; + }; + boot.kernel.sysctl = { "net.ipv4.ip_forward" = 1; + "net.ipv6.ip_forward" = 1; }; # virtualization From c3a0ad708e805451897f2bad41dda88ada1b323c Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 24 Aug 2024 01:02:59 +0200 Subject: [PATCH 166/305] fix(sj-srv1): DRY hostAddress and eth0 link status --- nix/os/devices/sj-srv1/system.nix | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/nix/os/devices/sj-srv1/system.nix b/nix/os/devices/sj-srv1/system.nix index a6498a4..d8c2797 100644 --- a/nix/os/devices/sj-srv1/system.nix +++ b/nix/os/devices/sj-srv1/system.nix @@ -6,7 +6,9 @@ nodeFlake, nodeName, ... -}: { +}: let + hostBridgeAddress = "192.168.101.1"; +in { imports = [ ../../snippets/systemd-resolved.nix ]; @@ -42,7 +44,7 @@ br0 = { ipv4.addresses = [ { - address = "192.168.101.1"; + address = hostBridgeAddress; prefixLength = 24; } ]; @@ -66,6 +68,9 @@ enable = true; matchConfig.Name = "eth0"; + linkConfig.RequiredForOnline = "carrier"; + networkConfig.LinkLocalAddressing = "no"; + # TODO: i'm not sure if and if so why this is required macvlan = [ "dmz0" @@ -134,7 +139,7 @@ autoStart = true; hostBridge = "br0"; - hostAddress = "192.168.101.1"; + hostAddress = hostBridgeAddress; localAddress = "192.168.101.10/24"; imapsPort = 993; @@ -151,7 +156,7 @@ autoStart = true; hostBridge = "br0"; - hostAddress = "192.168.101.1"; + hostAddress = hostBridgeAddress; localAddress = "192.168.101.11/24"; httpPort = 80; @@ -166,7 +171,7 @@ autoStart = true; hostBridge = "br0"; - hostAddress = "192.168.101.1"; + hostAddress = hostBridgeAddress; localAddress = "192.168.101.12/24"; syncthingPort = 22000; From aa5e296c23f76754ca8e0f8bba1c672754ff90da Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 6 Sep 2024 10:38:27 +0200 Subject: [PATCH 167/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 76 ++++++++++++++++---------- nix/os/devices/steveej-x13s/flake.nix | 7 ++- 2 files changed, 53 insertions(+), 30 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 8805ba8..bc4eade 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1723685519, - "narHash": "sha256-GkXQIoZmW2zCPp1YFtAYGg/xHNyFH/Mgm79lcs81rq0=", + "lastModified": 1725377834, + "narHash": "sha256-tqoAO8oT6zEUDXte98cvA1saU9+1dLJQe3pMKLXv8ps=", "owner": "nix-community", "repo": "disko", - "rev": "276a0d055a720691912c6a34abb724e395c8e38a", + "rev": "e55f9a8678adc02024a4877c2a403e3f6daf24fe", "type": "github" }, "original": { @@ -96,11 +96,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1719994518, - "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "lastModified": 1725234343, + "narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", + "rev": "567b938d64d4b4112ee253b9274472dc3a346eb6", "type": "github" }, "original": { @@ -162,6 +162,23 @@ "type": "github" } }, + "linux-jhovold": { + "flake": false, + "locked": { + "lastModified": 1725261528, + "narHash": "sha256-p2rP8fErEnrlrkl2l4ZfnWOG2U/ohAC9blx+sTpU4+I=", + "owner": "jhovold", + "repo": "linux", + "rev": "2997053728cd0675469399212061423e63b48c1f", + "type": "github" + }, + "original": { + "owner": "jhovold", + "ref": "wip/sc8280xp-6.11-rc6", + "repo": "linux", + "type": "github" + } + }, "mycelium": { "inputs": { "crane": "crane", @@ -171,11 +188,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1722599161, - "narHash": "sha256-befejQIW6Tc6znCpEW4MrrTLT8c6kRszAmxvB+ojFJo=", + "lastModified": 1725529869, + "narHash": "sha256-ekEL4HrZbAeoZmopkxvZ4Z4ufkUEv09b4liGnIIiryc=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "c5ac0a8cf3341a53bb136bbbb42ede4f62041c24", + "rev": "43c774cc1d5bae9558d0086e2be334812cafe2be", "type": "github" }, "original": { @@ -224,20 +241,21 @@ "nixos-x13s": { "inputs": { "flake-parts": "flake-parts_2", + "linux-jhovold": "linux-jhovold", "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1722396240, - "narHash": "sha256-t4C/I1CttOGFLYzzjd6zNOPvPleykqbPwO0YT19S6jI=", - "ref": "refs/heads/main", - "rev": "a59ae21e47538cecddadc220ea16a7b8e2485f66", - "revCount": 97, + "lastModified": 1725606185, + "narHash": "sha256-ur40KNuaj90nv3tmNhozvNvhLWxFzyodtkYi/JOBZLE=", + "ref": "refs/heads/remaintain", + "rev": "759bf531bb9ffa1a45cabb01c6ee1bdb23b9b49b", + "revCount": 101, "type": "git", - "url": "https://codeberg.org/adamcstephens/nixos-x13s" + "url": "file:///home/steveej/src/others/nixos-x13s" }, "original": { "type": "git", - "url": "https://codeberg.org/adamcstephens/nixos-x13s" + "url": "file:///home/steveej/src/others/nixos-x13s" } }, "nixpkgs": { @@ -258,23 +276,23 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1719876945, - "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", + "lastModified": 1725233747, + "narHash": "sha256-Ss8QWLXdr2JCBPcYChJhz4xJm+h/xjl4G0c0XlP6a74=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1723637854, - "narHash": "sha256-med8+5DSWa2UnOqtdICndjDAEjxr5D7zaIiK4pn0Q7c=", + "lastModified": 1725432240, + "narHash": "sha256-+yj+xgsfZaErbfYM3T+QvEE2hU7UuE+Jf0fJCJ8uPS0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c3aa7b8938b17aebd2deecf7be0636000d62a2b9", + "rev": "ad416d066ca1222956472ab7d0555a6946746a80", "type": "github" }, "original": { @@ -286,11 +304,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1722062969, - "narHash": "sha256-QOS0ykELUmPbrrUGmegAUlpmUFznDQeR4q7rFhl8eQg=", + "lastModified": 1725432240, + "narHash": "sha256-+yj+xgsfZaErbfYM3T+QvEE2hU7UuE+Jf0fJCJ8uPS0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b73c2221a46c13557b1b3be9c2070cc42cf01eb3", + "rev": "ad416d066ca1222956472ab7d0555a6946746a80", "type": "github" }, "original": { @@ -302,11 +320,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1723688146, - "narHash": "sha256-sqLwJcHYeWLOeP/XoLwAtYjr01TISlkOfz+NG82pbdg=", + "lastModified": 1725407940, + "narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c3d4ac725177c030b1e289015989da2ad9d56af0", + "rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3", "type": "github" }, "original": { diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 5104910..511f6fc 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -14,7 +14,12 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s"; + nixos-x13s.url = + # "git+https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?branch=remaintain" + "/home/steveej/src/others/nixos-x13s" + # + ; + # nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?ref=refs/tags/2024-02-28"; # nixos-x13s.url = "path:/home/steveej/src/others/nixos-x13s"; # nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; From 4dbe17929c5286ebc351eb268ca64dcaa7881c4f Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 10 Sep 2024 09:56:27 +0200 Subject: [PATCH 168/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index bc4eade..1e4bcd7 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -148,11 +148,11 @@ ] }, "locked": { - "lastModified": 1720042825, - "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=", + "lastModified": 1725703823, + "narHash": "sha256-tDgM4d8mLK0Hd6YMB2w1BqMto1XBXADOzPEaLl10VI4=", "owner": "nix-community", "repo": "home-manager", - "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", + "rev": "208df2e558b73b6a1f0faec98493cb59a25f62ba", "type": "github" }, "original": { @@ -288,11 +288,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1725432240, - "narHash": "sha256-+yj+xgsfZaErbfYM3T+QvEE2hU7UuE+Jf0fJCJ8uPS0=", + "lastModified": 1725634671, + "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ad416d066ca1222956472ab7d0555a6946746a80", + "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", "type": "github" }, "original": { @@ -320,11 +320,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1725407940, - "narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=", + "lastModified": 1725826545, + "narHash": "sha256-L64N1rpLlXdc94H+F6scnrbuEu+utC03cDDVvvJGOME=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3", + "rev": "f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9", "type": "github" }, "original": { From a78bc5488b1c4d5e6706730cfc79179492d8131e Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 8 Oct 2024 23:46:08 +0200 Subject: [PATCH 169/305] feat(obs-studio): add os snippet --- .../configuration/graphical-fullblown.nix | 2 -- nix/home-manager/programs/obs-studio.nix | 2 +- nix/os/devices/steveej-x13s/configuration.nix | 4 ++- nix/os/snippets/obs-studio.nix | 31 +++++++++++++++++++ 4 files changed, 35 insertions(+), 4 deletions(-) create mode 100644 nix/os/snippets/obs-studio.nix diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index ef47a83..d636b62 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -33,8 +33,6 @@ in { ../programs/libreoffice.nix ../programs/neovim.nix ../programs/vscode - - ../programs/obs-studio.nix ]; home.sessionVariables.HM_CONFIG = "graphical-fullblown"; diff --git a/nix/home-manager/programs/obs-studio.nix b/nix/home-manager/programs/obs-studio.nix index 8673eb0..b053e24 100644 --- a/nix/home-manager/programs/obs-studio.nix +++ b/nix/home-manager/programs/obs-studio.nix @@ -9,7 +9,7 @@ builtins.map (plugin: (plugin.overrideAttrs (attrs: { meta = lib.mkMerge [ {inherit (attrs) meta;} - {meta.platforms = ["aarch64-linux"];} + {meta.platforms = [pkgs.stdenv.system];} ]; }))) (with pkgs.obs-studio-plugins; [ diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index f10f307..2d2e6b0 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -72,10 +72,12 @@ nodeFlake.inputs.disko.nixosModules.disko ./disko.nix + ../../profiles/common/user.nix + ../../snippets/nix-settings.nix ../../snippets/nix-settings-holo-chain.nix ../../snippets/mycelium.nix - ../../profiles/common/user.nix + ../../snippets/obs-studio.nix { services.openssh.enable = true; diff --git a/nix/os/snippets/obs-studio.nix b/nix/os/snippets/obs-studio.nix new file mode 100644 index 0000000..c46305e --- /dev/null +++ b/nix/os/snippets/obs-studio.nix @@ -0,0 +1,31 @@ +{config, ...}: let + # TODO: make configurable + homeUser = "steveej"; +in { + boot.extraModulePackages = [ + config.boot.kernelPackages.v4l2loopback.out + ]; + + # Activate kernel modules (choose from built-ins and extra ones) + boot.kernelModules = [ + # Virtual Camera + "v4l2loopback" + # Virtual Microphone, built-in + "snd-aloop" + ]; + + # exclusive_caps: Skype, Zoom, Teams etc. will only show device when actually streaming + # card_label: Name of virtual camera, how it'll show up in Skype, Zoom, Teams + # https://github.com/umlaeute/v4l2loopback + boot.extraModprobeConfig = '' + options v4l2loopback devices=1 video_nr=1 card_label="OBSCam" exclusive_caps=1 + ''; + + security.polkit.enable = true; + + home-manager.users.${homeUser} = _: { + imports = [ + ../../home-manager/programs/obs-studio.nix + ]; + }; +} From 9d9ec38477dabd04bb81a274dadfe4a9bfdc3dbe Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 9 Oct 2024 00:02:32 +0200 Subject: [PATCH 170/305] feat(sway-desktop): set up for screensharing of headless outputs --- nix/home-manager/profiles/sway-desktop.nix | 17 +++++++++++++++++ nix/home-manager/programs/waybar.nix | 9 ++++++++- nix/os/snippets/sway-desktop.nix | 19 +++++++++++++++++++ 3 files changed, 44 insertions(+), 1 deletion(-) diff --git a/nix/home-manager/profiles/sway-desktop.nix b/nix/home-manager/profiles/sway-desktop.nix index dcf6544..bdd3f2d 100644 --- a/nix/home-manager/profiles/sway-desktop.nix +++ b/nix/home-manager/profiles/sway-desktop.nix @@ -1,3 +1,20 @@ +/* +TODO: create helper scripts for sharing of a screen portion +``` + +# this will create a new output named HEADLESS-. increments by 1 with each invocation even if the output is `unplug`ged. +swaymsg create_output + +# find the name and the workspace number +swaymsg -t get_outputs | jq '.[] | select(.name | test("HEADLESS-.*")) | (.name, .current_workspace)' + +swaymsg output HEADLESS-1 mode 1920@108060Hz + +# mirror the headless workspace on the current one +nix run nixpkgs\#wl-mirror -- HEADLESS-1 + +# shift windows to the workspace and switch the focus to it +*/ { pkgs, config, diff --git a/nix/home-manager/programs/waybar.nix b/nix/home-manager/programs/waybar.nix index 05392c5..b6137e1 100644 --- a/nix/home-manager/programs/waybar.nix +++ b/nix/home-manager/programs/waybar.nix @@ -22,7 +22,14 @@ layer = "top"; position = "bottom"; height = 30; - output = ["*"]; + output = + # hide the bar on HEADDLESS displays as i use them only for screensharing + ( + builtins.genList (i: "!HEADLESS-${builtins.toString i}") 99 + ) + ++ [ + "*" + ]; # output = [ # "eDP-1" # "DP-*" diff --git a/nix/os/snippets/sway-desktop.nix b/nix/os/snippets/sway-desktop.nix index ec6859c..8d6d9f1 100644 --- a/nix/os/snippets/sway-desktop.nix +++ b/nix/os/snippets/sway-desktop.nix @@ -40,6 +40,25 @@ in { wlr = { enable = true; + settings = { + screencast = { + chooser_type = "dmenu"; + # display the output as a list in favor of the default mouse selection + chooser_cmd = lib.getExe (pkgs.writeShellApplication { + name = "chooser_cmd"; + runtimeInputs = [ + pkgs.sway + pkgs.jq + pkgs.fuzzel + pkgs.gnused + ]; + text = '' + swaymsg -t get_outputs | jq '.[] | "\(.name)@\(.current_mode.width)x\(.current_mode.height) on \(.model)"' | sed 's/"//g' | fuzzel -d | sed 's/@.*//' + ''; + }); + max_fps = 30; + }; + }; }; # keep the behaviour in < 1.17, which uses the first portal implementation found in lexicographical order, use the following: From 79da6a79ccf0a686c5f2872657f5ed5114305bd4 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 10 Oct 2024 09:02:21 +0200 Subject: [PATCH 171/305] nix/os/devices/sj-srv1: bump versions --- nix/os/devices/sj-srv1/flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/nix/os/devices/sj-srv1/flake.lock b/nix/os/devices/sj-srv1/flake.lock index 7696638..298eec6 100644 --- a/nix/os/devices/sj-srv1/flake.lock +++ b/nix/os/devices/sj-srv1/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1720042825, - "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=", + "lastModified": 1726989464, + "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "owner": "nix-community", "repo": "home-manager", - "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", + "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "type": "github" }, "original": { @@ -23,11 +23,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1723688146, - "narHash": "sha256-sqLwJcHYeWLOeP/XoLwAtYjr01TISlkOfz+NG82pbdg=", + "lastModified": 1728328465, + "narHash": "sha256-a0a0M1TmXMK34y3M0cugsmpJ4FJPT/xsblhpiiX1CXo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c3d4ac725177c030b1e289015989da2ad9d56af0", + "rev": "1bfbbbe5bbf888d675397c66bfdb275d0b99361c", "type": "github" }, "original": { @@ -39,11 +39,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1723817722, - "narHash": "sha256-m8o4Qpje/eeBfbWzikjkMMBYrzxRomDtPBSxJ6xGBcA=", + "lastModified": 1728542791, + "narHash": "sha256-yQ0g6j/9Nxq+Cu3DU0QmWr7OkSx04sO5ER3ObExFkC8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c49d0387e0b2ee9a53f5298eaaa6b2d37809962f", + "rev": "cb9ac608fc12d66e505293a74e51bc61b87697a5", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1723764322, - "narHash": "sha256-1V4C7f7sUjslxreqbpvBzitl9I2nY7nOrR17DjnatcU=", + "lastModified": 1728534991, + "narHash": "sha256-wLUZyvtOOowAz0kTrU2MoC4nXWniFaVezGyzuEt5HPc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "03bd12dcf88b6aabc047fbf909bda4c7e344416c", + "rev": "6b955bdbb9efe4a5c047746323951fe1bdf8d01b", "type": "github" }, "original": { From 32c17a671f0c0bb53c5801a0c5ff883aa25c2358 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 10 Oct 2024 09:05:01 +0200 Subject: [PATCH 172/305] nix/os/devices/sj-srv1: bump versions --- nix/os/devices/sj-srv1/flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nix/os/devices/sj-srv1/flake.lock b/nix/os/devices/sj-srv1/flake.lock index 298eec6..d26bc57 100644 --- a/nix/os/devices/sj-srv1/flake.lock +++ b/nix/os/devices/sj-srv1/flake.lock @@ -39,11 +39,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1728542791, - "narHash": "sha256-yQ0g6j/9Nxq+Cu3DU0QmWr7OkSx04sO5ER3ObExFkC8=", + "lastModified": 1728543552, + "narHash": "sha256-3OR+2XHHo+USlAz7T30VKnPxR7k3GeErkXM0Wm/Ctzw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "cb9ac608fc12d66e505293a74e51bc61b87697a5", + "rev": "f4f573fde42d181f22c95e10822856399c24feeb", "type": "github" }, "original": { From 070d3037d28ff9896f3c6423f22cba39760daff7 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 13 Oct 2024 19:44:54 +0200 Subject: [PATCH 173/305] hedgedoc: add session life and secret --- nix/os/containers/webserver_secrets.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nix/os/containers/webserver_secrets.yaml b/nix/os/containers/webserver_secrets.yaml index 9804f67..dc8058b 100644 --- a/nix/os/containers/webserver_secrets.yaml +++ b/nix/os/containers/webserver_secrets.yaml @@ -1,4 +1,4 @@ -hedgedoc_environment_file: ENC[AES256_GCM,data:uBaATOTIkCkboAfaB7d6G2G4AfKszipQe+mc0XPJHik30wLppCKpEc61ELLbiZ1xGaOEWKUSMHc0GyBapykrgEe0UUYJ0Ukpq9bj9/J2VC7BLu1ABbr+pWpJR68+IOKY2GWlioSDIL6JwaGIjLV5sLrUjJgtwzAYrqAU13VS5RVHtGtz+7TgwHIJADoec+jSRhkh82g198eaAUbKyAFB9yhXFWgq6ozh8RgtkYKAP7LXIuyJt9BYJoNQ,iv:MCMJph0W1PC0n9h7xhPMxtJINQP+QRBf2anzXEzydwc=,tag:zj2o+/JpBRTYgYpSMJedPw==,type:str] +hedgedoc_environment_file: ENC[AES256_GCM,data:ciVnpDXq5CZltHcAHJQNeKfelQlKhyXfGkUeuvwFBq8QUQDNEgLOVZ5X7Yw3kPGAvXEozK2Nz3aFfOpbGt76OmNdJ2TQNxOEpcHDJEvAoYSc/XTcctfDQmqga6MMWWAjIO3LXpFa9UD9riP6yUFNwGOB7waIvV7yD+D+QILwUyNda0/iVHtC/6HO8Yaj3nK6Fp1IDclppobIQ/MdzG+cy+yN7h0XUNOzMh91DGAC3ePIB5DX90wlXTzsox9HWWAUTh6Lpss=,iv:X7fROtc0Fn9AnZkWHAs8XFwIInBowQZzRJuLWSKSGWM=,tag:gKysRtqBhTtwLnxDv2QGBA==,type:str] authelia_storageEncryptionKey: ENC[AES256_GCM,data:BLj2+w0jUOiiqljd4WcYt90I1Y/tm6vYRn9IPvv7k+ykjeWeafDcb9LpAbYZ82iAbCDZ6cDnTIJSH50TYFM1Bw==,iv:DfrFuTMS6rzWS1F7hIloD7Eb9N6LV6MDsPGEidTCIkM=,tag:4TxiUuWj8LLCAe+3SQWthA==,type:str] authelia_jwtSecret: ENC[AES256_GCM,data:CtvhPJDlM8kZDh3MWI6jBEIK5P/Rc0ZY3JfQ/1qn2FyZ0kOE9CMznRQdzi125Mlh+LgfhS00aeY/esuSJ1YKnw==,iv:o29+Ja4E4USpxD5Bgg4nGpj1WdK+uJJeuyqa3c92Pys=,tag:Ko/6PqIM7FyvqMJAepTNKw==,type:str] lldap_jwtSecret: ENC[AES256_GCM,data:Jd05K5zZZcdFY9P+PM1ycpl4eKr7THXzlEC2gxhfq0kZ0c7NrmqpnxLFyMOoq0oZwFXQ3aE29N+dYYCbWgEs0g==,iv:k9Y4XZcFSUaaOvooMzH1AlHaI/RiZZ0cpSqTU6jzsUU=,tag:EHwIMQ00Z+IrXAKgugMbmQ==,type:str] @@ -23,8 +23,8 @@ sops: eWdXVHg5MTlQQU9GeElPeUZXUlBlaTgKceDu3tLbQM/DxY0tJYJTPy2Dl/SBYaoc KfMZOkc322/NvgWu/3Ke0hV1/eMk8EICwXbSwHhXr5a0+cwPZ9xV4A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-02T20:35:16Z" - mac: ENC[AES256_GCM,data:2aE4orgaTz9x9TeZcTavXNGnPJnb1tlTINutT6X7KktOlcCpWfBqjWZ3ggXGXwMYIc7FhwTS7bWrDYC/nuvaiG/TcSyy8bshEdzawyAHXhs22pPE0uiXl+n67jUJvMrVnSPjaw66g5AzyU7MYkgw+FqncLPQDZtSyVH+F2GYINA=,iv:Ou0f9q/T5s3c6UrWHu1QIoze4v/Wi+u1FhiwXyglHog=,tag:ZoDkCDh7fFm7YfnVSO6Zgw==,type:str] + lastmodified: "2024-10-13T17:41:14Z" + mac: ENC[AES256_GCM,data:1mqRRPa4tP1OFxC3Oo5uJhk3H79jxObUeIsIab8fOrafsrw9tbrqpb9lRgziR3C0ssDagb0deA6PAGH6YWvSU716Ayr3p+Ih2sXOkbkp8wV/u3AULsDUzSUglshgM5f1Hf5jvL7xoWBOzek8eMGIkFFFwu0VmkqwpqOalXY0Kxk=,iv:cC4hRQZlLuOyktS0pER6Ef0f7qVxMXfS8w9Q5p7AlTA=,tag:/maJgYz/Ks3iaQZr+WSUUA==,type:str] pgp: - created_at: "2023-07-09T17:51:27Z" enc: |- From 46df99c190cf2aa4910aba438403cc439cbbe1e4 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 13 Oct 2024 20:06:36 +0200 Subject: [PATCH 174/305] feat(pkgs/logseq): bump to 0.10.9 --- flake.lock | 28 +++++----------------------- flake.nix | 11 +++-------- nix/pkgs/logseq/Containerfile | 11 ++++------- nix/pkgs/logseq/README.md | 13 +++++++++++-- nix/pkgs/logseq/default.nix | 2 +- 5 files changed, 24 insertions(+), 41 deletions(-) diff --git a/flake.lock b/flake.lock index 03b4e3b..2bf44e4 100644 --- a/flake.lock +++ b/flake.lock @@ -412,33 +412,16 @@ "type": "github" } }, - "linux_x13s": { + "logseq_0_10_9_aarch64_appimage": { "flake": false, "locked": { - "lastModified": 1706261399, - "narHash": "sha256-NJSN4j2VbFIPerb/bFqmaYbcHjxF3u6lijuXpC0USYo=", - "owner": "jhovold", - "repo": "linux", - "rev": "b929f8eed9ad1f156cae932dea741bc4383e6367", - "type": "github" - }, - "original": { - "owner": "jhovold", - "ref": "wip/sc8280xp-v6.7", - "repo": "linux", - "type": "github" - } - }, - "logseq_0_10_5_aarch64_appimage": { - "flake": false, - "locked": { - "narHash": "sha256-5uHRJpNcAzVRqyF5eR2sY0u/Q9rHXWh/g36/sehmSys=", + "narHash": "sha256-b/zzQ3hNfaSUAJmhKuZaYTY0LX7Jwch182vbNrWBh6w=", "type": "file", - "url": "https://www.stefanjunker.de/downloads/Logseq-0.10.5.AppImage" + "url": "https://www.stefanjunker.de/downloads/Logseq-0.10.9.AppImage" }, "original": { "type": "file", - "url": "https://www.stefanjunker.de/downloads/Logseq-0.10.5.AppImage" + "url": "https://www.stefanjunker.de/downloads/Logseq-0.10.9.AppImage" } }, "nix-eval-jobs": { @@ -853,8 +836,7 @@ "flake-parts": "flake-parts", "get-flake": "get-flake", "jay": "jay", - "linux_x13s": "linux_x13s", - "logseq_0_10_5_aarch64_appimage": "logseq_0_10_5_aarch64_appimage", + "logseq_0_10_9_aarch64_appimage": "logseq_0_10_9_aarch64_appimage", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-anywhere": "nixos-anywhere", "nixpkgs": [ diff --git a/flake.nix b/flake.nix index 9b68e10..e4fd840 100644 --- a/flake.nix +++ b/flake.nix @@ -105,14 +105,9 @@ url = "git+https://codeberg.org/adamcstephens/stop-export.git"; }; - # alsa-ucm-conf = { - # flake = false; - # url = "github:alsa-project/alsa-ucm-conf/master"; - # }; - - logseq_0_10_5_aarch64_appimage = { + logseq_0_10_9_aarch64_appimage = { flake = false; - url = "https://www.stefanjunker.de/downloads/Logseq-0.10.5.AppImage"; + url = "https://www.stefanjunker.de/downloads/Logseq-0.10.9.AppImage"; }; espanso = { @@ -349,7 +344,7 @@ logseq = pkgs.callPackage ./nix/pkgs/logseq (lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 { - overrideSrc = self.inputs.logseq_0_10_5_aarch64_appimage; + overrideSrc = self.inputs.logseq_0_10_9_aarch64_appimage; }); rperf = craneLib.buildPackage { diff --git a/nix/pkgs/logseq/Containerfile b/nix/pkgs/logseq/Containerfile index e61e2b9..ba1afd8 100644 --- a/nix/pkgs/logseq/Containerfile +++ b/nix/pkgs/logseq/Containerfile @@ -4,7 +4,8 @@ # build-docker.yml and change the release channel from :latest to :testing # Builder image -FROM clojure:temurin-11-tools-deps-1.11.1.1208-bullseye-slim as builder +# FROM clojure:temurin-11-tools-deps-1.11.1.1208-bullseye-slim as builder +FROM clojure:temurin-11-tools-deps-bullseye-slim as builder ARG DEBIAN_FRONTEND=noninteractive @@ -20,15 +21,11 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ # install NodeJS & yarn RUN curl -sL https://deb.nodesource.com/setup_18.x | bash - -RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | \ - tee /etc/apt/trusted.gpg.d/yarn.gpg && \ - echo "deb https://dl.yarnpkg.com/debian/ stable main" | \ - tee /etc/apt/sources.list.d/yarn.list && \ - apt-get update && apt-get install -y nodejs yarn +RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | tee /etc/apt/trusted.gpg.d/yarn.gpg && echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && apt-get update && apt-get install -y nodejs yarn WORKDIR /data -ENV VERSION=0.10.5 +ENV VERSION=0.10.9 # build Logseq static resources RUN git clone -b ${VERSION} https://github.com/logseq/logseq.git . diff --git a/nix/pkgs/logseq/README.md b/nix/pkgs/logseq/README.md index e7be282..c6f46bd 100644 --- a/nix/pkgs/logseq/README.md +++ b/nix/pkgs/logseq/README.md @@ -2,10 +2,19 @@ this is pseudocode that serves as a reminder -1. podman build -f Containerfile +1. podman build -f Containerfile -t logseq +2. CONTAINER_ID=$(podman container create logseq) 2. podman unshare 3. podman mount $CONTAINER_ID -4. upload the AppImaeg +4. copy and upload the AppImage. e.g. + ``` + cp /home/steveej/.local/share/containers/storage/overlay/f932ca9f11ea2bfd6b221118eb54775a623bc519bfe38188afcbad51dda2777f/merged/Logseq-0.10.9.AppImage . + exit + scp Logseq-0.10.9.AppImage root@www.stefanjunker.de:/var/lib/container-volumes/webserver/var-www/stefanjunker.de/htdocs/caddy/downloads/ + ``` +5. podman unshare +6. podman unmount + # resources diff --git a/nix/pkgs/logseq/default.nix b/nix/pkgs/logseq/default.nix index c1dffd0..a50818a 100644 --- a/nix/pkgs/logseq/default.nix +++ b/nix/pkgs/logseq/default.nix @@ -14,7 +14,7 @@ stdenv.mkDerivation (finalAttrs: let inherit (finalAttrs) pname version src appimageContents; in { pname = "logseq"; - version = "0.10.5"; + version = "0.10.9"; src = if overrideSrc != null From efebdd14c78b2e1b539f0d533cf31fdf161b98ec Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 13 Oct 2024 20:10:55 +0200 Subject: [PATCH 175/305] chore(flake): cleanup --- flake.lock | 52 ---------------------------------------------------- flake.nix | 24 +++++------------------- 2 files changed, 5 insertions(+), 71 deletions(-) diff --git a/flake.lock b/flake.lock index 2bf44e4..bcb8046 100644 --- a/flake.lock +++ b/flake.lock @@ -1,21 +1,5 @@ { "nodes": { - "adamcstephens_stop-export": { - "flake": false, - "locked": { - "lastModified": 1710028874, - "narHash": "sha256-D15vE/boUSGSig3EMx1dCeu7N7S92wiRMJKZ1h9mBjM=", - "ref": "refs/heads/main", - "rev": "3404021b7caf7dea1ce9c8d4ece36dc26575bc47", - "revCount": 17, - "type": "git", - "url": "https://codeberg.org/adamcstephens/stop-export.git" - }, - "original": { - "type": "git", - "url": "https://codeberg.org/adamcstephens/stop-export.git" - } - }, "aphorme_launcher": { "flake": false, "locked": { @@ -49,23 +33,6 @@ "url": "https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git" } }, - "brainwart_x13s-nixos": { - "flake": false, - "locked": { - "lastModified": 1705565623, - "narHash": "sha256-sisr/dFIz8p3/Y7mz+arWxjeiBmUTQkMqkF9j3c2dWE=", - "owner": "BrainWart", - "repo": "x13s-nixos", - "rev": "29002122d86a1009ba70e7a4ca3063e5404c77a2", - "type": "github" - }, - "original": { - "owner": "BrainWart", - "ref": "flake", - "repo": "x13s-nixos", - "type": "github" - } - }, "colmena": { "inputs": { "flake-compat": "flake-compat", @@ -131,22 +98,6 @@ "type": "github" } }, - "dotfiles": { - "flake": false, - "locked": { - "lastModified": 1541334338, - "narHash": "sha256-9QAq7bjITpaO8A8qD8IVoa+89Bg13CEwxf771d9S/Ag=", - "owner": "steveeJ", - "repo": "dotfiles", - "rev": "9a8484f7094edc1b533bad3be71c511ba8ff45eb", - "type": "gitlab" - }, - "original": { - "owner": "steveeJ", - "repo": "dotfiles", - "type": "gitlab" - } - }, "espanso": { "flake": false, "locked": { @@ -820,17 +771,14 @@ }, "root": { "inputs": { - "adamcstephens_stop-export": "adamcstephens_stop-export", "aphorme_launcher": "aphorme_launcher", "ath11k-firmware": "ath11k-firmware", - "brainwart_x13s-nixos": "brainwart_x13s-nixos", "colmena": "colmena", "crane": "crane", "disko": [ "nixos-anywhere", "disko" ], - "dotfiles": "dotfiles", "espanso": "espanso", "fenix": "fenix", "flake-parts": "flake-parts", diff --git a/flake.nix b/flake.nix index e4fd840..ea60cac 100644 --- a/flake.nix +++ b/flake.nix @@ -1,10 +1,11 @@ # flake.nix { inputs = { - dotfiles = { - url = "gitlab:steveeJ/dotfiles"; - flake = false; - }; + # TODO: where has this been used? + # dotfiles = { + # url = "git+https://forgejo.www.stefanjunker.de/steveej/dotfiles.git"; + # flake = false; + # }; # flake and infra basics nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; @@ -90,21 +91,6 @@ flake = false; }; - ### inputs for thinkpad x13s - # see https://github.com/jhovold/linux/wiki/X13s for status updates - linux_x13s.url = "github:jhovold/linux/wip/sc8280xp-v6.7"; - linux_x13s.flake = false; - - brainwart_x13s-nixos = { - url = "github:BrainWart/x13s-nixos/flake"; - flake = false; - }; - - adamcstephens_stop-export = { - flake = false; - url = "git+https://codeberg.org/adamcstephens/stop-export.git"; - }; - logseq_0_10_9_aarch64_appimage = { flake = false; url = "https://www.stefanjunker.de/downloads/Logseq-0.10.9.AppImage"; From 0d502247fc0981204ff448f73df139c23dd67299 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 13 Oct 2024 20:11:27 +0200 Subject: [PATCH 176/305] fixup! feat(pkgs/logseq): bump to 0.10.9 --- nix/home-manager/configuration/graphical-fullblown.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index d636b62..442a5d8 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -39,7 +39,15 @@ in { home.sessionVariables.GOPATH = "$HOME/src/go"; home.sessionVariables.PATH = pkgs.lib.concatStringsSep ":" ["$HOME/.local/bin" "$PATH"]; + nixpkgs.config.allowInsecurePredicate = pkg: + builtins.elem (lib.getName pkg) [ + "electron-28.3.3" + "electron-27.3.11" + ]; + nixpkgs.config.permittedInsecurePackages = [ + "electron-28.3.3" + "electron-27.3.11" ]; home.packages = From 4b76a845ea2df37d784f2a813931cd610cdf41fb Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 13 Oct 2024 20:11:42 +0200 Subject: [PATCH 177/305] refactor(vscode): cleanup and fmt --- nix/home-manager/programs/vscode/default.nix | 56 +++++++++++--------- 1 file changed, 30 insertions(+), 26 deletions(-) diff --git a/nix/home-manager/programs/vscode/default.nix b/nix/home-manager/programs/vscode/default.nix index d4dd64d..77c4ec9 100644 --- a/nix/home-manager/programs/vscode/default.nix +++ b/nix/home-manager/programs/vscode/default.nix @@ -18,40 +18,44 @@ in { # sha256 = "1qc1qsahfx1nvznq4adplx63w5d94xhafngv76vnqjjbzhv991v2"; # }) ] - ++ (with pkgsVscodium.vscode-extensions; [ - eamodio.gitlens - mkhl.direnv - tomoki1207.pdf - vscodevim.vim + ++ (with pkgsVscodium.vscode-extensions; + [ + eamodio.gitlens + mkhl.direnv + tomoki1207.pdf + vscodevim.vim - bbenoist.nix - jnoortheen.nix-ide - # kamadorueda.alejandra + bbenoist.nix + jnoortheen.nix-ide + # kamadorueda.alejandra - ms-vscode.theme-tomorrowkit - nonylene.dark-molokai-theme + ms-vscode.theme-tomorrowkit + nonylene.dark-molokai-theme - # TODO: these are not in nixpkgs + ms-python.vscode-pylance - # fredwangwang.vscode-hcl-format - # hashicorp.hcl - # mindaro-dev.file-downloader - # ms-vscode.remote-explorer + # TODO: these are not in nixpkgs - # TODO: not compatible with vscodium - # ms-vscode-remote.remote-ssh - ] ++ (let + # fredwangwang.vscode-hcl-format + # hashicorp.hcl + # mindaro-dev.file-downloader + # ms-vscode.remote-explorer + + # TODO: not compatible with vscodium + # ms-vscode-remote.remote-ssh + ] + ++ (let extensions = repoFlake.inputs.nix-vscode-extensions.extensions.${pkgs.system}; - in (with extensions.vscode-marketplace; [ - tamasfe.even-better-toml + in (with extensions.vscode-marketplace; [ + tamasfe.even-better-toml - serayuzgur.crates - rust-lang.rust-analyzer - swellaby.vscode-rust-test-adapter + serayuzgur.crates + rust-lang.rust-analyzer + swellaby.vscode-rust-test-adapter - golang.go - jeff-hykin.better-go-syntax - ]))); + golang.go + jeff-hykin.better-go-syntax + ]))); mutableExtensionsDir = true; }; From f707f7ddc44fdb5f2ebddb0b33050252fb03fa8b Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 13 Oct 2024 20:12:07 +0200 Subject: [PATCH 178/305] chore(graphical-fullblown): cleanup --- nix/home-manager/configuration/graphical-fullblown.nix | 7 +++---- nix/home-manager/profiles/common.nix | 1 - 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 442a5d8..e498f29 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -109,15 +109,14 @@ in { aspellDicts.de # skypeforlinux # pkgsUnstable.jitsi-meet-electron - thunderbird + thunderbird-115 + # betterbird # FIXME: depends on insecure openssl 1.1.1t # kotatogram-desktop pkgsUnstable.tdesktop # TODO: remove or reuse this depending on whether waydroid signal works - # pkgsUnstable.signal-desktop - - thunderbird + pkgsUnstable.signal-desktop # gnome.cheese diff --git a/nix/home-manager/profiles/common.nix b/nix/home-manager/profiles/common.nix index 3fb8e69..2f5b051 100644 --- a/nix/home-manager/profiles/common.nix +++ b/nix/home-manager/profiles/common.nix @@ -15,7 +15,6 @@ allowUnfree = true; permittedInsecurePackages = [ - "nix-2.15.3" ]; }; From 3e942d1a4175a8023bf14c5b05df2dd3c15f409b Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 13 Oct 2024 20:13:52 +0200 Subject: [PATCH 179/305] feat(sway,steveej-x13s): bumps and new display notes --- nix/home-manager/profiles/sway-desktop.nix | 11 ++++ nix/os/devices/steveej-x13s/flake.lock | 58 ++++++++-------------- nix/os/devices/steveej-x13s/flake.nix | 21 ++++---- nix/os/snippets/sway-desktop.nix | 8 +-- 4 files changed, 47 insertions(+), 51 deletions(-) diff --git a/nix/home-manager/profiles/sway-desktop.nix b/nix/home-manager/profiles/sway-desktop.nix index bdd3f2d..1acf089 100644 --- a/nix/home-manager/profiles/sway-desktop.nix +++ b/nix/home-manager/profiles/sway-desktop.nix @@ -97,6 +97,17 @@ in { pkgs.fuzzel ]; + # TODO: configure kanshi to always set the 5K resolution + # DP-1 "Philips Consumer Electronics Company PHL 499P9 AU02419010010 (DP-1 via DP)" + # Make: Philips Consumer Electronics Company + # Model: PHL 499P9 + # Serial: AU02419010010 + # Physical size: 1190x340 mm + # Enabled: yes + # Modes: + # 3840x1080 px, 59.967999 Hz (preferred) + # 5120x1440 px, 59.977001 Hz (current) + wayland.windowManager.sway = { enable = true; systemd.enable = true; diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 1e4bcd7..66da2af 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -165,16 +165,16 @@ "linux-jhovold": { "flake": false, "locked": { - "lastModified": 1725261528, - "narHash": "sha256-p2rP8fErEnrlrkl2l4ZfnWOG2U/ohAC9blx+sTpU4+I=", + "lastModified": 1728631036, + "narHash": "sha256-1LnClVjY6WS+IR9eqPFA7gzXm0cio3mY23NXj9cKHHs=", "owner": "jhovold", "repo": "linux", - "rev": "2997053728cd0675469399212061423e63b48c1f", + "rev": "6a97bc22fa36010400b91e6d5979741c391112c3", "type": "github" }, "original": { "owner": "jhovold", - "ref": "wip/sc8280xp-6.11-rc6", + "ref": "wip/sc8280xp-6.12-rc2", "repo": "linux", "type": "github" } @@ -185,7 +185,9 @@ "flake-compat": "flake-compat", "flake-utils": "flake-utils", "nix-filter": "nix-filter", - "nixpkgs": "nixpkgs" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1725529869, @@ -242,29 +244,29 @@ "inputs": { "flake-parts": "flake-parts_2", "linux-jhovold": "linux-jhovold", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1725606185, - "narHash": "sha256-ur40KNuaj90nv3tmNhozvNvhLWxFzyodtkYi/JOBZLE=", + "lastModified": 1728680044, + "narHash": "sha256-kDqUDwEEv1KPOObmdnO3zb5mFthFDHoPgzVDpmRIq44=", "ref": "refs/heads/remaintain", - "rev": "759bf531bb9ffa1a45cabb01c6ee1bdb23b9b49b", - "revCount": 101, + "rev": "f691c125485b6764ebef0b9f148613d79de95525", + "revCount": 109, "type": "git", - "url": "file:///home/steveej/src/others/nixos-x13s" + "url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?branch=remaintain" }, "original": { "type": "git", - "url": "file:///home/steveej/src/others/nixos-x13s" + "url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?branch=remaintain" } }, "nixpkgs": { "locked": { - "lastModified": 1716509168, - "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=", + "lastModified": 1725432240, + "narHash": "sha256-+yj+xgsfZaErbfYM3T+QvEE2hU7UuE+Jf0fJCJ8uPS0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bfb7a882678e518398ce9a31a881538679f6f092", + "rev": "ad416d066ca1222956472ab7d0555a6946746a80", "type": "github" }, "original": { @@ -288,37 +290,21 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1725634671, - "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", + "lastModified": 1728621521, + "narHash": "sha256-Fk8C/cywdAP//XjK1/CF2VMIRoQjhosCor71p84ff+c=", "owner": "nixos", "repo": "nixpkgs", - "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", + "rev": "7045aa75c71e90ae3bbb486d35414b08add9c424", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-unstable", + "ref": "nixos-unstable-small", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_2": { - "locked": { - "lastModified": 1725432240, - "narHash": "sha256-+yj+xgsfZaErbfYM3T+QvEE2hU7UuE+Jf0fJCJ8uPS0=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ad416d066ca1222956472ab7d0555a6946746a80", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1725826545, "narHash": "sha256-L64N1rpLlXdc94H+F6scnrbuEu+utC03cDDVvvJGOME=", @@ -342,7 +328,7 @@ "mycelium": "mycelium", "nix-snapshotter": "nix-snapshotter", "nixos-x13s": "nixos-x13s", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "nixpkgs-unstable": "nixpkgs-unstable" } }, diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 511f6fc..61a760d 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -1,9 +1,10 @@ { inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; + # nixpkgs.follows = "nixpkgs-unstable"; # required for home-manager modules - nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small"; get-flake.url = "github:ursi/get-flake"; @@ -15,8 +16,13 @@ }; nixos-x13s.url = - # "git+https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?branch=remaintain" - "/home/steveej/src/others/nixos-x13s" + "git+https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?branch=remaintain" + # 6.11.0 + # "git+https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?branch=remaintain&rev=6b9efe77ca80653354981c720af3c4241ac71490" + # 6.12.0-rc6 + # "git+https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?branch=remaintain&rev=bd580ee9c35fcb8a720122d5bb2f903f1b7395ee" + # "git+https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?branch=remaintain&rev=1286d20be2321a1a2d27f5d09257ebaf54ce0630" + #"/home/steveej/src/others/nixos-x13s" # ; @@ -25,6 +31,7 @@ # nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; mycelium.url = "github:threefoldtech/mycelium"; + mycelium.inputs.nixpkgs.follows = "nixpkgs"; nix-snapshotter = { url = "github:yu-re-ka/nix-snapshotter"; @@ -42,14 +49,6 @@ nativeSystem = "aarch64-linux"; nodeName = "steveej-x13s"; - pkgs = nixpkgs.legacyPackages.${nativeSystem}; - pkgsCross = import self.inputs.nixpkgs { - system = "x86_64-linux"; - crossSystem = { - config = "aarch64-unknown-linux-gnu"; - }; - }; - repoFlake = get-flake ../../../..; mkNixosConfiguration = {extraModules ? [], ...} @ attrs: diff --git a/nix/os/snippets/sway-desktop.nix b/nix/os/snippets/sway-desktop.nix index 8d6d9f1..71008cb 100644 --- a/nix/os/snippets/sway-desktop.nix +++ b/nix/os/snippets/sway-desktop.nix @@ -74,10 +74,10 @@ in { extraPortals = [ # repoFlake.inputs.nixpkgs-wayland.packages.${pkgs.system}.xdg-desktop-portal-wlr - # pkgs.xdg-desktop-portal-gtk - (pkgs.xdg-desktop-portal-gtk.override (_: { - buildPortalsInGnome = false; - })) + pkgs.xdg-desktop-portal-gtk + # (pkgs.xdg-desktop-portal-gtk.override (_: { + # buildPortalsInGnome = false; + # })) ]; }; From ce458b02baa9657511564cbe6353fd502efb37ad Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 13 Oct 2024 20:16:50 +0200 Subject: [PATCH 180/305] wip(redshift): attempt to re-enable --- nix/home-manager/programs/redshift.nix | 11 +++++++++-- nix/os/devices/steveej-x13s/configuration.nix | 2 +- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/nix/home-manager/programs/redshift.nix b/nix/home-manager/programs/redshift.nix index 0946b2e..6fb73d0 100644 --- a/nix/home-manager/programs/redshift.nix +++ b/nix/home-manager/programs/redshift.nix @@ -7,15 +7,22 @@ in { services.gammastep = { enable = true; + provider = "manual"; + enableVerboseLogging = true; inherit (passwords.location.stefan) longitude latitude; temperature = { - day = 6700; + # day = 6700; + day = 3000; night = 3000; }; tray = true; settings = { + general = { + adjustment-method = "wayland"; + }; gammastep = { - brightness-day = 1.0; + # brightness-day = 1.0; + brightness-day = 0.5; brightness-night = 0.5; }; }; diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 2d2e6b0..6871f80 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -195,7 +195,7 @@ ]; # TODO: currently unsupported - services.gammastep.enable = lib.mkForce false; + services.gammastep.enable = true; }; boot = { From 062abf22c05b2f99a46a7dade83651ea725f2afb Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 13 Oct 2024 20:17:35 +0200 Subject: [PATCH 181/305] wip(router0-dmz0): attempt IPv6 SLAAC, RA, and DHCP setup --- nix/os/devices/router0-dmz0/configuration.nix | 128 +++++++++++++----- nix/os/devices/router0-dmz0/flake.lock | 38 +++--- 2 files changed, 110 insertions(+), 56 deletions(-) diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 33a6ed3..cd7f53b 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -188,8 +188,8 @@ in { # TODO: configure packet_priority for VLANs (see https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains#Base_chain_priority, https://wiki.nftables.org/wiki-nftables/index.php/Setting_packet_metainformation#packet_priority) nftables = { enable = true; - stopRuleset = ""; + stopRuleset = ""; chains = { prerouting = { "exposeHost" = { @@ -206,6 +206,9 @@ in { firewall = { enable = true; + snippets.nnf-common.enable = true; + # included in the above + # snippets.nnf-conntrack.enable = true; zones = { lan.interfaces = [(mkInterfaceName {vlanid = 0;})]; @@ -559,7 +562,49 @@ in { vlanRange ) ); - networks = + networks = let + commonWanOptions = { + networkConfig = { + # start a DHCP Client for IPv4/6 Addressing/Routing + DHCP = true; + DNSOverTLS = true; + DNSSEC = true; + IPForward = true; + + # accept Router Advertisements for Stateless IPv6 Autoconfiguraton (SLAAC) + IPv6AcceptRA = true; + IPv6PrivacyExtensions = false; + DHCPPrefixDelegation = true; + }; + dhcpV4Config = { + UseDNS = false; + UseDomains = false; + UseHostname = false; + }; + dhcpV6Config = { + UseDNS = false; + UseDomains = false; + UseHostname = false; + PrefixDelegationHint = "::/56"; + UseDelegatedPrefix = true; + WithoutRA = "solicit"; + }; + ipv6AcceptRAConfig = { + UseDNS = false; + UseDomains = false; + }; + + # TODO: enable these somehow + # extraConfig = '' + # [IPv6AcceptRA] + # # FIXME: supported in nixos-24.11 + # DHCPv6Client=solicit + + # # FIXME: not supported at all yet + # UsePREF64=true + # ''; + }; + in { # places options here that should always exist "lo" = { @@ -619,20 +664,16 @@ in { ]; }; # use lan0 as secondary WAN interface - "10-lan0-wan" = { + "10-lan0-wan" = lib.attrsets.recursiveUpdate commonWanOptions { matchConfig.Name = "lan0"; - networkConfig = { - # start a DHCP Client for IPv4/6 Addressing/Routing - DHCP = true; - # accept Router Advertisements for Stateless IPv6 Autoconfiguraton (SLAAC) - IPv6AcceptRA = true; - DNSOverTLS = true; - DNSSEC = true; - IPv6PrivacyExtensions = false; - IPForward = true; - }; + # make routing on this interface a dependency for network-online.target + # linkConfig.RequiredForOnline = "routable"; linkConfig.RequiredForOnline = "no"; + dhcpV4Config = { + RouteMetric = 2000; + }; + # similar to # ip route add default via 172.16.0.1 table 101 routes = [ @@ -644,22 +685,16 @@ in { } ]; }; - "10-wan" = { + "10-wan" = lib.attrsets.recursiveUpdate commonWanOptions { matchConfig.Name = "wan"; - networkConfig = { - # start a DHCP Client for IPv4/6 Addressing/Routing - DHCP = true; - # accept Router Advertisements for Stateless IPv6 Autoconfiguraton (SLAAC) - IPv6AcceptRA = true; - DNSOverTLS = true; - DNSSEC = true; - IPv6PrivacyExtensions = false; - IPForward = true; - }; # make routing on this interface a dependency for network-online.target # linkConfig.RequiredForOnline = "routable"; linkConfig.RequiredForOnline = "no"; + dhcpV4Config = { + RouteMetric = 1000; + }; + # similar to # ip route add default via 192.168.0.1 table 100 routes = [ @@ -835,6 +870,19 @@ in { ]; networkConfig = { ConfigureWithoutCarrier = true; + + # the client shouldn't be allowed to send us RAs, that would be weird. + IPv6AcceptRA = false; + + DHCPPrefixDelegation = true; + IPv6SendRA = true; + }; + + dhcpPrefixDelegationConfig = { + UplinkInterface = "wan"; + Assign = true; + SubnetId = vlanid; + Announce = true; }; linkConfig.RequiredForOnline = "no"; @@ -873,19 +921,19 @@ in { ]; }; - "50-${mkInterfaceName {inherit vlanid;}}" = { - matchConfig.Name = "${mkInterfaceName {inherit vlanid;}}"; - address = [ - (mkVlanIpv4HostAddr { - inherit vlanid; - host = 1; - }) - ]; - networkConfig = { - ConfigureWithoutCarrier = true; - }; - linkConfig.RequiredForOnline = "no"; - }; + # "50-${mkInterfaceName {inherit vlanid;}}" = { + # matchConfig.Name = "${mkInterfaceName {inherit vlanid;}}"; + # address = [ + # (mkVlanIpv4HostAddr { + # inherit vlanid; + # host = 1; + # }) + # ]; + # networkConfig = { + # ConfigureWithoutCarrier = true; + # }; + # linkConfig.RequiredForOnline = "no"; + # }; }) ( builtins.map @@ -1099,6 +1147,9 @@ in { local-ttl = 0; dhcp-ttl = 0; + # v6 config + enable-ra = true; + dhcp-range = let mkDhcpRange = { tag, @@ -1117,6 +1168,9 @@ in { cidr = false; }) "12h" + # "slaac" + # "ra-stateless" + # "ra-names" ]; in builtins.map diff --git a/nix/os/devices/router0-dmz0/flake.lock b/nix/os/devices/router0-dmz0/flake.lock index d155575..33a204d 100644 --- a/nix/os/devices/router0-dmz0/flake.lock +++ b/nix/os/devices/router0-dmz0/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1723080788, - "narHash": "sha256-C5LbM5VMdcolt9zHeLQ0bYMRjUL+N+AL5pK7/tVTdes=", + "lastModified": 1728109432, + "narHash": "sha256-wmbErh8FG7dRKOtMMpHUqDtFjeqt9Zjx4zssSeTalwU=", "owner": "nix-community", "repo": "disko", - "rev": "ffc1f95f6c28e1c6d1e587b51a2147027a3e45ed", + "rev": "48ebb577855fb2398653f033b3b2208a9249203d", "type": "github" }, "original": { @@ -63,11 +63,11 @@ ] }, "locked": { - "lastModified": 1720042825, - "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=", + "lastModified": 1726989464, + "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "owner": "nix-community", "repo": "home-manager", - "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", + "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "type": "github" }, "original": { @@ -80,11 +80,11 @@ "hostapd": { "flake": false, "locked": { - "lastModified": 1723046327, - "narHash": "sha256-803SwotTiTX3eXZ70sTi51oGufgDsLDvUPiJrsECXVo=", + "lastModified": 1727905939, + "narHash": "sha256-LZHwXN8lBcDpKQVB3GcYI0SVzj6WXd2E0GDqhQh503w=", "ref": "refs/heads/main", - "rev": "c6faa8936604a5a24b36600ab893725350d894bd", - "revCount": 19755, + "rev": "d84323d05ef30cdcf343884ac34420caf72145bd", + "revCount": 19910, "type": "git", "url": "git://w1.fi/hostap.git?branch=main" }, @@ -137,11 +137,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1722869614, - "narHash": "sha256-7ojM1KSk3mzutD7SkrdSflHXEujPvW1u7QuqWoTLXQU=", + "lastModified": 1728067476, + "narHash": "sha256-/uJcVXuBt+VFCPQIX+4YnYrHaubJSx4HoNsJVNRgANM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "883180e6550c1723395a3a342f830bfc5c371f6b", + "rev": "6e6b3dd395c3b1eb9be9f2d096383a8d05add030", "type": "github" }, "original": { @@ -153,11 +153,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1722813957, - "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=", + "lastModified": 1728018373, + "narHash": "sha256-NOiTvBbRLIOe5F6RbHaAh6++BNjsb149fGZd1T4+KBg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa", + "rev": "bc947f541ae55e999ffdb4013441347d83b00feb", "type": "github" }, "original": { @@ -206,11 +206,11 @@ ] }, "locked": { - "lastModified": 1723077922, - "narHash": "sha256-FY5UMtlBCcbMxk+ykmZzYYtm7l/uUKwiMNYbFgqG5yg=", + "lastModified": 1728127082, + "narHash": "sha256-MDU/aVPcR5Fk+x1B+SAsyYG47k5cvFvGTrqZIev2Jck=", "owner": "numtide", "repo": "srvos", - "rev": "f389064525b8330f20106231762f52854490654e", + "rev": "7aaa72eb804248436ea20c084a7891a383e23b02", "type": "github" }, "original": { From 28812ffb2c1501f5b4c64272ffca95fc16e4e4f3 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 13 Oct 2024 20:18:35 +0200 Subject: [PATCH 182/305] feat(steveej-x13s): enable cups / printing --- nix/os/devices/steveej-x13s/configuration.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 6871f80..330525c 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -25,6 +25,15 @@ services.illum.enable = true; + # printint and autodiscovery of printers + services.printing.enable = true; + services.printing.drivers = [pkgs.hplip]; + services.avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; + systemd.services.bluetooth-x13s-mac = lib.mkForce { enable = true; path = [ From c8b6ec939440342759e3b1fb76ef186bd56a7bd2 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 13 Oct 2024 20:18:56 +0200 Subject: [PATCH 183/305] feat(steveej-x13s,holo-chain): change remote builder and disable cache.holo.host --- nix/os/devices/steveej-x13s/configuration.nix | 9 ++++----- nix/os/snippets/nix-settings-holo-chain.nix | 2 +- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 330525c..ba57af4 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -104,10 +104,9 @@ sops.secrets.builder-private-key = {}; nix.distributedBuilds = true; nix.buildMachines = [ - # test these with: sudo nix store ping --store 'ssh-ng://nix-remote-builder@sj-bm-hostkey0.dev.infra.holochain.org?ssh-key=/run/secrets/builder-private-key' - + # test these with: sudo nix store ping --store 'ssh-ng://nix-remote-builder@?ssh-key=/run/secrets/builder-private-key' { - hostName = "sj-bm-hostkey0.dev.infra.holochain.org"; + hostName = "buildbot-nix-0.infra.holochain.org"; sshUser = "nix-remote-builder"; sshKey = config.sops.secrets.builder-private-key.path; protocol = "ssh-ng"; @@ -119,7 +118,7 @@ "big-parallel" "kvm" ]; - maxJobs = 0; + maxJobs = 16; } { @@ -135,7 +134,7 @@ "big-parallel" "kvm" ]; - maxJobs = 32; + maxJobs = 0; } ]; } diff --git a/nix/os/snippets/nix-settings-holo-chain.nix b/nix/os/snippets/nix-settings-holo-chain.nix index 660695c..d975cea 100644 --- a/nix/os/snippets/nix-settings-holo-chain.nix +++ b/nix/os/snippets/nix-settings-holo-chain.nix @@ -3,7 +3,7 @@ substituters = [ "https://holochain-ci.cachix.org" "https://holochain-ci-internal.cachix.org" - "https://cache.holo.host/" + # "https://cache.holo.host/" ]; trusted-public-keys = [ From f49979961e6a2d2d40aab97e31976ac083a4f6ce Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 13 Oct 2024 20:19:26 +0200 Subject: [PATCH 184/305] chore: some random comments --- nix/os/devices/steveej-x13s/configuration.nix | 1 + nix/os/devices/steveej-x13s/disko.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index ba57af4..c1e4a20 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -13,6 +13,7 @@ nixpkgs.overlays = [ (final: previous: { # inherit (nodeFlake.inputs.nixpkgs-systemd256.legacyPackages.${system}) systemd systemdMinimal; + # inherit (nodeFlake.inputs.nixpkgs-unstable.legacyPackages.${system}) libcamera libcamera-qcam; }) ]; diff --git a/nix/os/devices/steveej-x13s/disko.nix b/nix/os/devices/steveej-x13s/disko.nix index 973c2a4..89f6dd8 100644 --- a/nix/os/devices/steveej-x13s/disko.nix +++ b/nix/os/devices/steveej-x13s/disko.nix @@ -4,6 +4,7 @@ x13s-nvme = { type = "disk"; device = "/dev/disk/by-id/nvme-KBG5AZNT1T02_LA_KIOXIA_52QC84BEEJS6"; + # device = "/dev/disk/by-id/nvme-Corsair_MP600_CORE_MINI_A7SIB33902BQLN"; content = { type = "gpt"; partitions = { From 64d1184518c62072de5e7f109602101a690e21aa Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 13 Oct 2024 20:19:35 +0200 Subject: [PATCH 185/305] feat(myceluim): disable autostart while leaving service available --- nix/os/snippets/mycelium.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/nix/os/snippets/mycelium.nix b/nix/os/snippets/mycelium.nix index 236e1fe..6d211cf 100644 --- a/nix/os/snippets/mycelium.nix +++ b/nix/os/snippets/mycelium.nix @@ -4,8 +4,11 @@ nodeName, config, system, + lib, ... -}: { +}: let + cfg.autostart = false; +in { imports = [ ]; @@ -27,4 +30,6 @@ extraArgs = [ ]; }; + + systemd.services.mycelium.wantedBy = lib.mkIf (!cfg.autostart) (lib.mkForce []); } From 42ac12b9485ca230595a4ccec6c303148bda4651 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 13 Oct 2024 20:20:00 +0200 Subject: [PATCH 186/305] cleanup passwords --- nix/variables/passwords.crypt.nix | Bin 1002 -> 548 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/nix/variables/passwords.crypt.nix b/nix/variables/passwords.crypt.nix index ce2f0fc97f99a196d969a321031d007834214cee..3edf90a0be7fbfab297ca26ede15d1e2e2a3d59a 100644 GIT binary patch literal 548 zcmZQ@_Y83kiVO&0sAk$3S^i;vziaS;W#TJVzh7^YZ)A2wIN)N&hu5D|x7<)ojd<<8 z?s@AW z;V*Z-eWfm|`Edu6EejGKewyaGG^XhJI|;6D>u0SwC*AOS`JY`sCajH-Kjohy&$IYh z%bh5NnbWP-1U%24c>hGnC9#s9o?EW2t#4pouj+lByW@%D_gSe%uRq+MS=v8&*PF9R zD+5m?{IRw9(4Z5y`t8jFa=xd#ll(8UDqJ*Coc8Cq=-K^yj%}OQwW4m#n*@a@zkf>q zKYjG5SP&^3yLn^1Sy%a~UOv$`))$wWH|J#DuV(uhxT#DzH-gW?Ij1&Z+na`?$9h#G zZ+hsT4Y}a=eS_PC?V;%}Hq3c+`kmANd>$JX`_QX_~Xs&=+OK!Q*U8h&BYa)e_TGf{6L-Kp&7gUI_D@FD$a4)WSb*dQ60|daCz%y zC4-_P&wlxuNt$lk#9DXf>dn50?pqCaubg$sd+Q_FpR=09?co*C2{Qc|SEhXqV0``U zS6BHrg}4gQ6yrNHbN*ZD2)Ql$Xt%;g2}go53*U>ee%MvQ`=_M#TW5sy zjmHw_zn?3Aop~t0UVCFf{RIPgr`hKhuJw#N8B{5lSCKCld}Qg%rn>2z8$U1a_&aT$ N+H}3!E%#j2jR8UQ8(9DV literal 1002 zcmZQ@_Y83kiVO&0D6L(ieSiBYcHXpAxo@xD@w=vx%~T#)ow4)R-SW$6j^P4 zWR>y4V_wl&azcMpD{OBkC>>kNw(!=*Bfg4{&X~-+VOYGYIqS8O{ww|hJE!jpE3Zml zF1GIp`gTIb>sAZv7K3)-nHObl7%WPBcOugc3!c3hNEw}dS`AYC?_ZJMXjdN8w zmRIdBH1EfLqcrdS*6$1(E*=b16O`TL92k?irHH>=ykzEwrQ2x@oQHq!`AfoC=?XuV3w*Kews>nCZ-* z|6X$@nAim?Z06LiI+?iim5SCu+)~=OU-j9W{yPju3ojeJJC$O-Ga|8V zG1twn^3H~-Pu{ncNwaG5-3;hF&EB}zNx5`E?Wy=GyPUnULMtqLS_E_BWjM07-d3OW zzQ!&|W!W9}TX*t)Ijf#r#?=^n*Sbyq{zr}KXU~(nndWC7NMZBTlRk9OVZz&v!hZ8N zfiH?PK1J>NIj>mZ{nG$@F_mi->|9+zQpRfa*Y|FowNO5jPSjGASpPTY+}hkJ zpNn)I8#}MduWJ2y&@FYZ`y2LvW1O6k9E)zRma*O;QEia*wm~3$pTf1*7i-h5FF$u! z@*&qXk?kd`c%R$9R8C{86AqcwxVi6Pv`~%hV#(KPlK<^pSy?pqHl9?KnYnh_$xN|@ z{PWcBu06rLU~iO)@{5)6otLg&Yx9|`(G=MEVu^WP^~?)Rgp(Z2FP# z12>o5UNqBf*8P*F-zMGJk!cOugZdf9HOzU*)8?*DuX^JJq`N z#OJ_94dd(8I Date: Sun, 13 Oct 2024 20:30:23 +0200 Subject: [PATCH 187/305] feat(oci): add user-ubuntu with nix user install --- oci/user-ubuntu/Containerfile | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 oci/user-ubuntu/Containerfile diff --git a/oci/user-ubuntu/Containerfile b/oci/user-ubuntu/Containerfile new file mode 100644 index 0000000..8afa2ce --- /dev/null +++ b/oci/user-ubuntu/Containerfile @@ -0,0 +1,27 @@ +FROM ubuntu + +ARG USERNAME=user +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + +# Create the user +RUN groupadd --gid $USER_GID $USERNAME \ + && useradd --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # + # [Optional] Add sudo support. Omit if you don't need to install software after connecting. + && apt-get update \ + && apt-get install -y sudo \ + && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + && chmod 0440 /etc/sudoers.d/$USERNAME + +# ******************************************************** +# * Anything else you want to do like clean up goes here * +# ******************************************************** + +# [Optional] Set the default user. Omit if you want to keep the default as root. +USER $USERNAME + + +ENV DEBIAN_FRONTEND=noninteractive +RUN sudo apt install -y curl xz-utils +RUN curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s - install --init none --no-confirm From def42226f1b9098bf3d36c58ce05ff0c4c65cd05 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 14 Oct 2024 17:44:31 +0200 Subject: [PATCH 188/305] feat(steveej-x13s): enable scanning via sane --- nix/os/devices/steveej-x13s/configuration.nix | 1 + nix/os/lib/default.nix | 2 ++ 2 files changed, 3 insertions(+) diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index c1e4a20..81ddf3c 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -34,6 +34,7 @@ nssmdns4 = true; openFirewall = true; }; + hardware.sane.enable = true; # enables support for SANE scanners systemd.services.bluetooth-x13s-mac = lib.mkForce { enable = true; diff --git a/nix/os/lib/default.nix b/nix/os/lib/default.nix index a66bf01..9537cf0 100644 --- a/nix/os/lib/default.nix +++ b/nix/os/lib/default.nix @@ -25,6 +25,8 @@ in { "cdrom" "fuse" "adbusers" + "scanner" + "lp" ]; openssh.authorizedKeys.keys = keys.users.steveej.openssh; From 7f97ee3d4759c5d4b520027baf9feb80c762f4bd Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 16 Oct 2024 23:01:57 +0200 Subject: [PATCH 189/305] fix(sj-srv1,containers, systemd-resolved): resolve via dhcp, host, and never use fallbacks --- nix/os/devices/sj-srv1/system.nix | 23 ++++++++++++++++++++ nix/os/profiles/containers/configuration.nix | 17 +++++++++++++-- nix/os/snippets/systemd-resolved.nix | 4 +++- 3 files changed, 41 insertions(+), 3 deletions(-) diff --git a/nix/os/devices/sj-srv1/system.nix b/nix/os/devices/sj-srv1/system.nix index d8c2797..978ce76 100644 --- a/nix/os/devices/sj-srv1/system.nix +++ b/nix/os/devices/sj-srv1/system.nix @@ -11,6 +11,23 @@ in { imports = [ ../../snippets/systemd-resolved.nix + { + # make sure it uses the DNS that comes in via DHCP + networking.nameservers = lib.mkForce []; + services.resolved.enable = true; + + # provide DNS to the containers + services.resolved.extraConfig = '' + DNSStubListenerExtra=${hostBridgeAddress} + ''; + networking.firewall.interfaces.br0.allowedTCPPorts = [53]; + networking.firewall.interfaces.br0.allowedUDPPorts = [53]; + } + ]; + + programs.wireshark.enable = true; + environment.systemPackages = [ + pkgs.dnsutils ]; networking.firewall.enable = true; @@ -83,6 +100,9 @@ in { enable = true; matchConfig.Name = "dmz0"; DHCP = "yes"; + + dhcpV4Config.UseDNS = true; + dhcpV6Config.UseDNS = true; }; boot.kernel.sysctl = { @@ -134,6 +154,7 @@ in { mailserver = import ../../containers/mailserver.nix { specialArgs = { inherit repoFlake nodeFlake; + hostAddress = hostBridgeAddress; }; autoStart = true; @@ -151,6 +172,7 @@ in { { specialArgs = { inherit repoFlake nodeFlake; + hostAddress = hostBridgeAddress; }; autoStart = true; @@ -167,6 +189,7 @@ in { syncthing = import ../../containers/syncthing.nix { specialArgs = { inherit repoFlake nodeFlake; + hostAddress = hostBridgeAddress; }; autoStart = true; diff --git a/nix/os/profiles/containers/configuration.nix b/nix/os/profiles/containers/configuration.nix index 84f749a..28ebb64 100644 --- a/nix/os/profiles/containers/configuration.nix +++ b/nix/os/profiles/containers/configuration.nix @@ -1,16 +1,29 @@ -{pkgs, ...}: { +{ + hostAddress, + pkgs, + lib, + ... +}: { networking.useHostResolvConf = false; networking.firewall.enable = true; networking.nftables.enable = true; networking.nftables.flushRuleset = true; + networking.nameservers = lib.mkForce [hostAddress]; + environment.systemPackages = [ pkgs.dnsutils ]; imports = [ - ../../snippets/systemd-resolved.nix + { + # keep DNS set up to a minimum: only query the container host + services.resolved.enable = lib.mkForce false; + networking.nameservers = [ + hostAddress + ]; + } ../../snippets/nix-settings.nix # ../../modules/ddclient-ovh.nix # ../../modules/ddclient-hetzner.nix diff --git a/nix/os/snippets/systemd-resolved.nix b/nix/os/snippets/systemd-resolved.nix index 8ade1e2..1995545 100644 --- a/nix/os/snippets/systemd-resolved.nix +++ b/nix/os/snippets/systemd-resolved.nix @@ -1,4 +1,4 @@ -{ +{lib, ...}: { networking.nameservers = [ # https://dnsforge.de/ "176.9.93.198" @@ -16,5 +16,7 @@ # TODO: figure out why "true" doesn't work dnsovertls = "opportunistic"; + + fallbackDns = lib.mkForce []; }; } From 4c71887ea64c1763ddb0edbfe185ba3d8bdee5c9 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 16 Oct 2024 18:27:42 +0200 Subject: [PATCH 190/305] feat(router0-dmz0, sj-srv1/containers/webserver): set up kanidm --- flake.lock | 17 +++ flake.nix | 3 + nix/devShells.nix | 5 + nix/os/containers/webserver.nix | 144 +++++++++++++++++- nix/os/containers/webserver_secrets.yaml | 6 +- nix/os/devices/router0-dmz0/configuration.nix | 1 + nix/os/devices/sj-srv1/flake.lock | 18 +-- 7 files changed, 181 insertions(+), 13 deletions(-) diff --git a/flake.lock b/flake.lock index bcb8046..5f2e241 100644 --- a/flake.lock +++ b/flake.lock @@ -585,6 +585,22 @@ "type": "github" } }, + "nixpkgs-kanidm": { + "locked": { + "lastModified": 1729071019, + "narHash": "sha256-c4J/ZiMbjMf98FawO5XJaTWqvrvIXpxnIpxu4OV3CGA=", + "owner": "steveej-forks", + "repo": "nixpkgs", + "rev": "984b1d5a286d3a072b840b30ec49d96878d01e64", + "type": "github" + }, + "original": { + "owner": "steveej-forks", + "ref": "kanidm", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-lib": { "locked": { "dir": "lib", @@ -794,6 +810,7 @@ "nixpkgs-2305": "nixpkgs-2305", "nixpkgs-2311": "nixpkgs-2311", "nixpkgs-2405": "nixpkgs-2405", + "nixpkgs-kanidm": "nixpkgs-kanidm", "nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-vscodium": "nixpkgs-vscodium", "nixpkgs-wayland": "nixpkgs-wayland", diff --git a/flake.nix b/flake.nix index ea60cac..f6c7b3c 100644 --- a/flake.nix +++ b/flake.nix @@ -125,6 +125,8 @@ url = "git+https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git"; flake = false; }; + + nixpkgs-kanidm.url = "github:steveej-forks/nixpkgs/kanidm"; }; outputs = inputs @ { @@ -360,6 +362,7 @@ devShells = let all = import ./nix/devShells.nix { inherit + self self' inputs' pkgs diff --git a/nix/devShells.nix b/nix/devShells.nix index 709f5fd..7ffa977 100644 --- a/nix/devShells.nix +++ b/nix/devShells.nix @@ -1,4 +1,5 @@ { + self, self', inputs', pkgs, @@ -82,9 +83,13 @@ in { wireguard-tools screen + + inputs'.nixpkgs-kanidm.legacyPackages.kanidm ]; # Set Environment Variables RUST_BACKTRACE = 1; + + KANIDM_URL = self.nixosConfigurations.sj-srv1.config.containers.webserver.config.services.kanidm.serverSettings.origin; }; } diff --git a/nix/os/containers/webserver.nix b/nix/os/containers/webserver.nix index 0611f60..456ef59 100644 --- a/nix/os/containers/webserver.nix +++ b/nix/os/containers/webserver.nix @@ -17,16 +17,19 @@ in { lib, repoFlake, nodeFlake, + system, ... }: { system.stateVersion = "22.05"; # Did you read the comment? disabledModules = [ "services/misc/forgejo.nix" + "services/security/kanidm.nix" ]; imports = [ "${nodeFlake.inputs.nixpkgs-unstable}/nixos/modules/services/misc/forgejo.nix" + "${repoFlake.inputs.nixpkgs-kanidm}/nixos/modules/services/security/kanidm.nix" ../profiles/containers/configuration.nix @@ -90,6 +93,16 @@ in { reverse_proxy http://127.0.0.1:${builtins.toString config.services.forgejo.settings.server.HTTP_PORT} ''; }; + + virtualHosts."kanidm.${domain}" = { + extraConfig = '' + reverse_proxy https://${builtins.toString config.services.kanidm.serverSettings.bindaddress} { + transport http { + tls_server_name ${config.services.kanidm.serverSettings.domain} + } + } + ''; + }; }; services.hedgedoc = { @@ -116,12 +129,34 @@ in { url = "ldap://127.0.0.1:${builtins.toString config.services.lldap.settings.ldap_port}"; bindDn = "uid=admin,ou=people,dc=stefanjunker,dc=de"; # these are set via the `environmentFile` - bindCredentials = "$LDAP_ADMIN_PASSWORD"; + # bindCredentials = "$LDAP_ADMIN_PASSWORD"; searchBase = "ou=people,dc=stefanjunker,dc=de"; searchFilter = "(&(memberOf=cn=hedgedoc,ou=groups,dc=stefanjunker,dc=de)(uid={{username}}))"; useridField = "uid"; }; + oauth2 = let + originURL = config.services.kanidm.serverSettings.origin; + in { + providerName = "kanidm (${originURL})"; + + authorizationURL = "${originURL}/ui/oauth2"; + tokenURL = "${originURL}/oauth2/token"; + userProfileURL = "${originURL}/oauth2/openid/hedgedoc/userinfo"; + + scope = "openid email profile"; + # rolesClaim = "roles"; + # accessRole = "role/hedgedoc"; + + userProfileUsernameAttr = "name"; + userProfileDisplayNameAttr = "displayname"; + userProfileEmailAttr = "email"; + + clientID = "hedgedoc"; + # set via the `environmentFile` + # clientSecret = "$CMD_OAUTH2_CLIENT_SECRET"; + }; + uploadsPath = "/var/lib/hedgedoc/uploads"; }; @@ -268,6 +303,108 @@ in { systemd.services.lldap.serviceConfig.User = config.users.users.lldap.name; systemd.services.lldap.serviceConfig.Group = config.users.groups.lldap.name; systemd.services.lldap.serviceConfig.DynamicUser = lib.mkForce false; + + # combine a path watcher with a service that transfers the certs by caddy to kanidm + systemd.paths.kanidm-tls-watch = { + enable = true; + requiredBy = ["kanidm.service"]; + pathConfig = { + PathChanged = [ + "${config.services.caddy.dataDir}/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${config.services.kanidm.serverSettings.domain}/${config.services.kanidm.serverSettings.domain}.key" + "${config.services.caddy.dataDir}/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${config.services.kanidm.serverSettings.domain}/${config.services.kanidm.serverSettings.domain}.crt" + ]; + Unit = "kanidm-tls-update.service"; + }; + }; + systemd.services.kanidm-tls-update = let + dbDir = + builtins.dirOf + config.services.kanidm.serverSettings.db_path; + in { + enable = true; + requiredBy = ["kanidm.service"]; + unitConfig = { + # ConditionPathExists = [ + # "${config.services.caddy.dataDir}/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${config.services.kanidm.serverSettings.domain}/${config.services.kanidm.serverSettings.domain}.key" + # "${config.services.caddy.dataDir}/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${config.services.kanidm.serverSettings.domain}/${config.services.kanidm.serverSettings.domain}.crt" + # ]; + }; + serviceConfig.Type = "oneshot"; + script = let + tlsDir = builtins.dirOf config.services.kanidm.serverSettings.tls_key; + in '' + set -xe + + cat "${config.services.caddy.dataDir}/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${config.services.kanidm.serverSettings.domain}/${config.services.kanidm.serverSettings.domain}.key" > tls.key + cat "${config.services.caddy.dataDir}/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${config.services.kanidm.serverSettings.domain}/${config.services.kanidm.serverSettings.domain}.crt" > tls.chain + + chown ${config.systemd.services.kanidm.serviceConfig.User}:${config.systemd.services.kanidm.serviceConfig.Group} tls.{key,chain} + chmod 400 tls.{key,chain} + + # create the kanidm directory in case it's missing + if [[ ! -d ${tlsDir} ]]; then + mkdir -p ${tlsDir} + chown -R ${config.systemd.services.kanidm.serviceConfig.User}:${config.systemd.services.kanidm.serviceConfig.Group} ${tlsDir} + chmod 700 ${tlsDir} + fi + + mv tls.key ${config.services.kanidm.serverSettings.tls_key} + mv tls.chain ${config.services.kanidm.serverSettings.tls_chain} + + if [[ ! -d ${dbDir} ]]; then + mkdir -p ${dbDir} + chown -R ${config.systemd.services.kanidm.serviceConfig.User}:${config.systemd.services.kanidm.serviceConfig.Group} ${dbDir} + chmod 700 ${dbDir} + fi + ''; + }; + + systemd.services.kanidm.serviceConfig = let + dbDir = + builtins.dirOf + config.services.kanidm.serverSettings.db_path; + # stateDir = "/var/lib/${config.systemd.services.kanidm.serviceConfig.StateDirectory}"; + in { + # ExecStartPre = '' + # mkdir -p ${dbDir} + # ''; + BindPaths = [ + dbDir + # stateDir + ]; + }; + + services.kanidm = let + dataDir = "/var/lib/kanidm"; + in { + package = repoFlake.inputs.nixpkgs-kanidm.legacyPackages.${pkgs.system}.kanidm; + + enablePam = false; + enableClient = false; + + enableServer = true; + serverSettings = { + role = "WriteReplica"; + log_level = "debug"; + + domain = "kanidm.${domain}"; + origin = "https://kanidm.${domain}"; + + db_path = "${dataDir}/db/kanidm.db"; + + bindaddress = "127.0.0.1:8444"; + + # don't expose ldap + # ldapbindaddress = "[::1]:6636"; + + tls_key = "${dataDir}/tls/tls.key"; + tls_chain = "${dataDir}/tls/tls.chain"; + + online_backup = { + schedule = "00 06 * * *"; + }; + }; + }; }; inherit autoStart; @@ -306,6 +443,11 @@ in { hostPath = "/var/lib/container-volumes/webserver/var-lib-forgejo"; isReadOnly = false; }; + + "/var/lib/kanidm" = { + hostPath = "/var/lib/container-volumes/webserver/var-lib-kanidm"; + isReadOnly = false; + }; }; privateNetwork = true; diff --git a/nix/os/containers/webserver_secrets.yaml b/nix/os/containers/webserver_secrets.yaml index dc8058b..033e618 100644 --- a/nix/os/containers/webserver_secrets.yaml +++ b/nix/os/containers/webserver_secrets.yaml @@ -1,4 +1,4 @@ -hedgedoc_environment_file: ENC[AES256_GCM,data:ciVnpDXq5CZltHcAHJQNeKfelQlKhyXfGkUeuvwFBq8QUQDNEgLOVZ5X7Yw3kPGAvXEozK2Nz3aFfOpbGt76OmNdJ2TQNxOEpcHDJEvAoYSc/XTcctfDQmqga6MMWWAjIO3LXpFa9UD9riP6yUFNwGOB7waIvV7yD+D+QILwUyNda0/iVHtC/6HO8Yaj3nK6Fp1IDclppobIQ/MdzG+cy+yN7h0XUNOzMh91DGAC3ePIB5DX90wlXTzsox9HWWAUTh6Lpss=,iv:X7fROtc0Fn9AnZkWHAs8XFwIInBowQZzRJuLWSKSGWM=,tag:gKysRtqBhTtwLnxDv2QGBA==,type:str] +hedgedoc_environment_file: ENC[AES256_GCM,data:gPTokPMGBAN/lGGeUs95vg45yVrrSmFCKWTjlMV4V+YnflcqiaZvifX9+0fe3DELwNL4kY4st4N0MadhLkTiSieyp46fP8Dujk4Prhi7JWweBDsN4WtxcwJfAdowgh5LTzqM3zggC/J9NGR/zgJGLYraOqsFueXycxDxntE+8MlepYFGsND4WbFHNRvsVd7xUWerZZD+JFhws2sjwC9DqoJ+mBX4u9J2faSrL3okBGwRpEZlJhe6/8pT0l1aVxI0b/9UsLUL/him/vVqY8ygMP8O95gzuDEaCtwSXw08ylhb3g3YHdMh9ZOe9dPNVocVFrB15HfxeY4KzRCVfvgmBsSiUrgUAZQ8aav2ZWHPKQ==,iv:AVtx/43MK5KVxP59olEmbkUzLhd0cBjPpVeiAJGELfM=,tag:Hd3edeUzLgHnwAwPiMGp4A==,type:str] authelia_storageEncryptionKey: ENC[AES256_GCM,data:BLj2+w0jUOiiqljd4WcYt90I1Y/tm6vYRn9IPvv7k+ykjeWeafDcb9LpAbYZ82iAbCDZ6cDnTIJSH50TYFM1Bw==,iv:DfrFuTMS6rzWS1F7hIloD7Eb9N6LV6MDsPGEidTCIkM=,tag:4TxiUuWj8LLCAe+3SQWthA==,type:str] authelia_jwtSecret: ENC[AES256_GCM,data:CtvhPJDlM8kZDh3MWI6jBEIK5P/Rc0ZY3JfQ/1qn2FyZ0kOE9CMznRQdzi125Mlh+LgfhS00aeY/esuSJ1YKnw==,iv:o29+Ja4E4USpxD5Bgg4nGpj1WdK+uJJeuyqa3c92Pys=,tag:Ko/6PqIM7FyvqMJAepTNKw==,type:str] lldap_jwtSecret: ENC[AES256_GCM,data:Jd05K5zZZcdFY9P+PM1ycpl4eKr7THXzlEC2gxhfq0kZ0c7NrmqpnxLFyMOoq0oZwFXQ3aE29N+dYYCbWgEs0g==,iv:k9Y4XZcFSUaaOvooMzH1AlHaI/RiZZ0cpSqTU6jzsUU=,tag:EHwIMQ00Z+IrXAKgugMbmQ==,type:str] @@ -23,8 +23,8 @@ sops: eWdXVHg5MTlQQU9GeElPeUZXUlBlaTgKceDu3tLbQM/DxY0tJYJTPy2Dl/SBYaoc KfMZOkc322/NvgWu/3Ke0hV1/eMk8EICwXbSwHhXr5a0+cwPZ9xV4A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-13T17:41:14Z" - mac: ENC[AES256_GCM,data:1mqRRPa4tP1OFxC3Oo5uJhk3H79jxObUeIsIab8fOrafsrw9tbrqpb9lRgziR3C0ssDagb0deA6PAGH6YWvSU716Ayr3p+Ih2sXOkbkp8wV/u3AULsDUzSUglshgM5f1Hf5jvL7xoWBOzek8eMGIkFFFwu0VmkqwpqOalXY0Kxk=,iv:cC4hRQZlLuOyktS0pER6Ef0f7qVxMXfS8w9Q5p7AlTA=,tag:/maJgYz/Ks3iaQZr+WSUUA==,type:str] + lastmodified: "2024-10-16T12:28:51Z" + mac: ENC[AES256_GCM,data:nrd2czzJlBcFfwn6lzh4qqco+/XsU2J6BqvQqMtskh3mL4Xx25IAzxiCno0KlNGr6o4YsuZP5anOX9RvrDq76Us3JQ7pDi3iQGPhmg+SE9u3Rwqn1/3YConvdfPV2DNB+tuyG3UVoRqpA4d+HdcYjN9n1UKk54R6UdSm9UrA+zc=,iv:Juupyet09zUAMu7bmVxq+/Q0bXJAzR0wAyt6vKNns3w=,tag:owdUWuXrQcDdiWi+1geY9A==,type:str] pgp: - created_at: "2023-07-09T17:51:27Z" enc: |- diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index cd7f53b..8507ade 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -1260,6 +1260,7 @@ in { "jitsi.www.stefanjunker.de,${dmzExposedHost}" "lldap.www.stefanjunker.de,${dmzExposedHost}" "forgejo.www.stefanjunker.de,${dmzExposedHost}" + "kanidm.www.stefanjunker.de,${dmzExposedHost}" ]; }; }; diff --git a/nix/os/devices/sj-srv1/flake.lock b/nix/os/devices/sj-srv1/flake.lock index d26bc57..322288b 100644 --- a/nix/os/devices/sj-srv1/flake.lock +++ b/nix/os/devices/sj-srv1/flake.lock @@ -23,11 +23,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1728328465, - "narHash": "sha256-a0a0M1TmXMK34y3M0cugsmpJ4FJPT/xsblhpiiX1CXo=", + "lastModified": 1728909085, + "narHash": "sha256-WLxED18lodtQiayIPDE5zwAfkPJSjHJ35UhZ8h3cJUg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1bfbbbe5bbf888d675397c66bfdb275d0b99361c", + "rev": "c0b1da36f7c34a7146501f684e9ebdf15d2bebf8", "type": "github" }, "original": { @@ -39,11 +39,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1728543552, - "narHash": "sha256-3OR+2XHHo+USlAz7T30VKnPxR7k3GeErkXM0Wm/Ctzw=", + "lastModified": 1729086167, + "narHash": "sha256-Vh6kOiQHefsr6Zin4Xi+VH06leuNZuMyP8YkkGo/Naw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f4f573fde42d181f22c95e10822856399c24feeb", + "rev": "6b1ffdb0976ac367aeea173b8e69de62828a4ca7", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1728534991, - "narHash": "sha256-wLUZyvtOOowAz0kTrU2MoC4nXWniFaVezGyzuEt5HPc=", + "lastModified": 1729077633, + "narHash": "sha256-6sIuRVqVMHq9ZwcEVdpf2BuZeuLIUgvFznhIfsc75Jo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6b955bdbb9efe4a5c047746323951fe1bdf8d01b", + "rev": "8f1d45587bd9af3dbf5146aa8a1347e20421597b", "type": "github" }, "original": { From bd8630681bbf1907a82548aa2461a358481432c4 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 16 Oct 2024 18:28:17 +0200 Subject: [PATCH 191/305] WIP k3s --- nix/os/containers/mycelium/flake.lock | 45 +++++----------- nix/os/containers/mycelium/flake.nix | 42 +++++++++++---- nix/os/snippets/k3s-w-nix-snapshotter.nix | 63 +++++++++++++++-------- 3 files changed, 86 insertions(+), 64 deletions(-) diff --git a/nix/os/containers/mycelium/flake.lock b/nix/os/containers/mycelium/flake.lock index 899ee98..0a7597d 100644 --- a/nix/os/containers/mycelium/flake.lock +++ b/nix/os/containers/mycelium/flake.lock @@ -46,11 +46,11 @@ ] }, "locked": { - "lastModified": 1715438114, - "narHash": "sha256-btb702TXuhDg0D6tW0dCOy4+II9Wl6BJ0LvpT+O9wrs=", + "lastModified": 1723875769, + "narHash": "sha256-66GofByLJ+S4ZZphIC+vJKeL9VJ2bzH2VbcJ3OqteMM=", "owner": "pdtpartners", "repo": "nix-snapshotter", - "rev": "7b251c9356bc7bb383ebeedcd0045b3ae431bff7", + "rev": "6eaadfd8f89e5e7d79b2013626bbd36e388159da", "type": "github" }, "original": { @@ -61,11 +61,11 @@ }, "nixlib": { "locked": { - "lastModified": 1712450863, - "narHash": "sha256-K6IkdtMtq9xktmYPj0uaYc8NsIqHuaAoRBaMgu9Fvrw=", + "lastModified": 1728781282, + "narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "3c62b6a12571c9a7f65ab037173ee153d539905f", + "rev": "16340f605f4e8e5cf07fd74dcbe692eee2d4f51b", "type": "github" }, "original": { @@ -82,11 +82,11 @@ ] }, "locked": { - "lastModified": 1718025593, - "narHash": "sha256-WZ1gdKq/9u1Ns/oXuNsDm+W0salonVA0VY1amw8urJ4=", + "lastModified": 1728867876, + "narHash": "sha256-NCyOA8WZNoojmXH+kBDrQj3LwvakYNzSc0h+LTXkmPE=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "35c20ba421dfa5059e20e0ef2343c875372bdcf3", + "rev": "fdf142111597f6c6283cf5ffe092b6293a3911d0", "type": "github" }, "original": { @@ -97,42 +97,25 @@ }, "nixpkgs": { "locked": { - "lastModified": 1718086528, - "narHash": "sha256-hoB7B7oPgypePz16cKWawPfhVvMSXj4G/qLsfFuhFjw=", + "lastModified": 1728897630, + "narHash": "sha256-0utJPs4o2Mody8GDwo4hnGuxc8dJqju4u9lLJY4d/Lw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "47b604b07d1e8146d5398b42d3306fdebd343986", + "rev": "c9f0b4a395289ce18727e2a8e43cae6796693ccc", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.05", + "ref": "nixos-unstable-small", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs-systemd256": { - "locked": { - "lastModified": 1718397913, - "narHash": "sha256-omV+dq3GdXQQTaewxhkBgxM4Bbwqa4D9FVS4dTITxOQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "962cf03fb8c782c5e00f465397e03dc84284acc9", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "962cf03fb8c782c5e00f465397e03dc84284acc9", - "type": "github" - } - }, "root": { "inputs": { "nix-snapshotter": "nix-snapshotter", "nixos-generators": "nixos-generators", - "nixpkgs": "nixpkgs", - "nixpkgs-systemd256": "nixpkgs-systemd256" + "nixpkgs": "nixpkgs" } } }, diff --git a/nix/os/containers/mycelium/flake.nix b/nix/os/containers/mycelium/flake.nix index 6f247a1..c139c0e 100644 --- a/nix/os/containers/mycelium/flake.nix +++ b/nix/os/containers/mycelium/flake.nix @@ -1,7 +1,7 @@ { inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; - nixpkgs-systemd256.url = "github:NixOS/nixpkgs/962cf03fb8c782c5e00f465397e03dc84284acc9"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable-small"; + # nixpkgs-systemd256.url = "github:NixOS/nixpkgs/962cf03fb8c782c5e00f465397e03dc84284acc9"; nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; @@ -102,7 +102,7 @@ imports = [ (modulesPath + "/profiles/minimal.nix") ]; - system.stateVersion = "24.05"; + system.stateVersion = "24.11"; # https://github.com/hercules-ci/arion/blob/c24c185e67f093298a081900b49ca18716077dec/src/nix/modules/nixos/container-systemd.nix boot.isContainer = true; @@ -116,22 +116,37 @@ services.nscd.enable = false; system.nssModules = lib.mkForce []; systemd.services.systemd-logind.enable = false; - systemd.services.console-getty.enable = true; + systemd.services.console-getty.enable = false; systemd.sockets.nix-daemon.enable = false; systemd.services.nix-daemon.enable = false; systemd.oomd.enable = false; networking.useDHCP = false; networking.firewall.enable = false; + + # system.build.earlyMountScript = + # lib.mkForce '' + # ''; + # system.activationScripts.specialfs = + # lib.mkForce '' + # ''; boot.postBootCommands = '' ls -lha /run mkdir -p /run/wrappers ''; + + boot.kernelParams = [ + "systemd.log_level=debug" + ]; + # services.udev.enable = false; # TODO: this is only needed because `/run/current-system` is missing # environment.variables.PATH = "${lib.makeBinPath config.environment.systemPackages}:$PATH"; + systemd.mounts = lib.mkForce []; + fileSystems = lib.mkForce {}; + services.mycelium.enable = false; services.mycelium.keyFile = "/var/lib/secrets/mycelium-keyfile"; systemd.services.mycelium.serviceConfig.DynamicUser = lib.mkForce false; @@ -151,17 +166,18 @@ serviceConfig = { SyslogIdentifier = "testing-credential"; StateDirectory = "testing-credentials"; - # DynamicUser = true; + DynamicUser = true; # User = "tc"; # ProtectHome = true; - # ProtectSystem = true; - LoadCredential = [ - "mycelium-keyfile:${self.nixosConfigurations.default.config.services.mycelium.keyFile}" - "hosts:/etc/hosts" - ]; - SetCredential = "nosecret:not secret string"; + ProtectSystem = true; + # LoadCredential = [ + # "mycelium-keyfile:${self.nixosConfigurations.default.config.services.mycelium.keyFile}" + # "hosts:/etc/hosts" + # ]; + SetCredential = "mycelium-keyfile:not secret string"; ExecStart = lib.mkForce (pkgs.writeShellScript "mycelium" '' cd $STATE_DIRECTORY + pwd env while true; do ls -lha $CREDENTIALS_DIRECTORY @@ -228,6 +244,9 @@ ]; volumes = { # "/var/lib/private/mycelium/key.bin" = {}; + # "/run" = {}; + # "/tmp" = {}; + # "/etc" = {}; }; copyToRoot = [ # self.nixosConfigurations.default.config.system.build.toplevel @@ -312,6 +331,7 @@ nix build --impure .#image sudo nix2container load ./result sudo -E nerdctl run --name ${name} --privileged -dt \ + --cgroup-manager cgroupfs \ --volume "$PWD/key.bin.crypt:${self.nixosConfigurations.default.config.services.mycelium.keyFile}:ro" \ "nix:0$(readlink result):latest" ''; diff --git a/nix/os/snippets/k3s-w-nix-snapshotter.nix b/nix/os/snippets/k3s-w-nix-snapshotter.nix index 0243018..d6f1279 100644 --- a/nix/os/snippets/k3s-w-nix-snapshotter.nix +++ b/nix/os/snippets/k3s-w-nix-snapshotter.nix @@ -5,37 +5,56 @@ pkgs, lib, system, + config, ... -}: { +}: let + cfg = config.steveej.k3s; + + # TODO: make this configurable + homeUser = "steveej"; +in { + options.steveej.k3s = { + enable = lib.mkOption { + description = "steveej's k3s distro"; + type = lib.types.bool; + default = true; + }; + }; + # (1) Import nixos module. imports = [ nodeFlake.inputs.nix-snapshotter.nixosModules.default ]; - # (2) Add overlay. - nixpkgs.overlays = [nodeFlake.inputs.nix-snapshotter.overlays.default]; + config = lib.mkIf cfg.enable { + # (2) Add overlay. + nixpkgs.overlays = [nodeFlake.inputs.nix-snapshotter.overlays.default]; - # (3) Enable service. - virtualisation.containerd = { - enable = true; - k3sIntegration = false; - nixSnapshotterIntegration = true; + # (3) Enable service. + virtualisation.containerd = { + enable = true; + nixSnapshotterIntegration = true; - # TODO: understand if this has an influence on the systemd LoadCredential issue - settings.plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options.SystemdCgroup = lib.mkForce true; - }; - services.nix-snapshotter = { - enable = true; - }; + # TODO: understand if this has an influence on the systemd LoadCredential issue + # settings.plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options.SystemdCgroup = lib.mkForce true; + }; + services.nix-snapshotter = { + enable = true; + }; - # (4) Add a containerd CLI like nerdctl. - environment.systemPackages = [ - pkgs.nerdctl - nodeFlake.inputs.nix-snapshotter.packages.${system}.default - ]; + # (4) Add a containerd CLI like nerdctl. + environment.systemPackages = [ + pkgs.nerdctl + nodeFlake.inputs.nix-snapshotter.packages.${system}.default + ]; - services.k3s = { - enable = false; - setKubeConfig = true; + services.k3s = { + enable = false; + setKubeConfig = true; + }; + + # home-manager.users."${homeUser}" = _: { + # home.sessionVariables.CONTAINERD_ADDRESS = "/run/user/1000/containerd/containerd.sock"; + # }; }; } From 79f69c57240c655ed28fcae3af928c280a016688 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 19 Oct 2024 00:37:13 +0200 Subject: [PATCH 192/305] vscodium: add treefmt-vscode however, still needs a bump to version >=1.90 --- flake.lock | 12 ++++++------ nix/home-manager/programs/vscode/default.nix | 2 ++ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 5f2e241..b92ef8e 100644 --- a/flake.lock +++ b/flake.lock @@ -425,11 +425,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1713549455, - "narHash": "sha256-wMHTvhl7Yl+nNVspchN7e337DBAM2LhHlcHnfAPhGEY=", + "lastModified": 1729216050, + "narHash": "sha256-eVfbrE7JnaxFeGndHjTGGxuFoqZ6+/CjS2qfvV1HsXg=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "15529741a0f9c2b90a725ef5eb2262468a2f40a6", + "rev": "4dfd7581aaf0f25d3b7695a10dcfb1dfe4ebb953", "type": "github" }, "original": { @@ -507,11 +507,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1712222121, - "narHash": "sha256-8f3glF4uwsPlDvaKDRgXD9xGe4YoCH4jA8ICxy/NbCo=", + "lastModified": 1713805509, + "narHash": "sha256-YgSEan4CcrjivCNO5ZNzhg7/8ViLkZ4CB/GrGBVSudo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "23ff7d9dc4f3d553939e7bfe0d2667198f993536", + "rev": "1e1dc66fe68972a76679644a5577828b6a7e8be4", "type": "github" }, "original": { diff --git a/nix/home-manager/programs/vscode/default.nix b/nix/home-manager/programs/vscode/default.nix index 77c4ec9..6dbbb63 100644 --- a/nix/home-manager/programs/vscode/default.nix +++ b/nix/home-manager/programs/vscode/default.nix @@ -55,6 +55,8 @@ in { golang.go jeff-hykin.better-go-syntax + + ibecker.treefmt-vscode ]))); mutableExtensionsDir = true; }; From 56955abbe8993347c78799048387333a1af59d1e Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 22 Oct 2024 17:07:45 +0200 Subject: [PATCH 193/305] nix/os/devices/sj-srv1: bump versions --- nix/os/devices/sj-srv1/flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/nix/os/devices/sj-srv1/flake.lock b/nix/os/devices/sj-srv1/flake.lock index 322288b..89ab52c 100644 --- a/nix/os/devices/sj-srv1/flake.lock +++ b/nix/os/devices/sj-srv1/flake.lock @@ -23,11 +23,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1728909085, - "narHash": "sha256-WLxED18lodtQiayIPDE5zwAfkPJSjHJ35UhZ8h3cJUg=", + "lastModified": 1729449015, + "narHash": "sha256-Gf04dXB0n4q0A9G5nTGH3zuMGr6jtJppqdeljxua1fo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c0b1da36f7c34a7146501f684e9ebdf15d2bebf8", + "rev": "89172919243df199fe237ba0f776c3e3e3d72367", "type": "github" }, "original": { @@ -39,11 +39,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1729086167, - "narHash": "sha256-Vh6kOiQHefsr6Zin4Xi+VH06leuNZuMyP8YkkGo/Naw=", + "lastModified": 1729607844, + "narHash": "sha256-MNSAdzoShiZN4bhpB2Eet6R4Qyj9oLLSHuADMcrBIA4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6b1ffdb0976ac367aeea173b8e69de62828a4ca7", + "rev": "87c6221b509d1390128f0461d975724ec617724c", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1729077633, - "narHash": "sha256-6sIuRVqVMHq9ZwcEVdpf2BuZeuLIUgvFznhIfsc75Jo=", + "lastModified": 1729577921, + "narHash": "sha256-bxktXyAj3818+okqwaR9L/F4UREnry0OEjnYqwYVdkc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8f1d45587bd9af3dbf5146aa8a1347e20421597b", + "rev": "29dccd64f527eebafce219e7ca2bfda5fee75456", "type": "github" }, "original": { From a6ca006c149ee1dc72591d1d773a94f7d9465bcc Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 2 Nov 2024 22:45:19 +0100 Subject: [PATCH 194/305] cleanup x13s expressions --- flake.nix | 4 - nix/os/devices/steveej-x13s/configuration.nix | 8 - nix/os/modules/hardware.thinkpad-x13s.nix | 240 ------------------ 3 files changed, 252 deletions(-) delete mode 100644 nix/os/modules/hardware.thinkpad-x13s.nix diff --git a/flake.nix b/flake.nix index f6c7b3c..5b5057e 100644 --- a/flake.nix +++ b/flake.nix @@ -370,9 +370,5 @@ }; in (all // {default = all.develop;}); }; - - flake.nixosModules = { - # thinkpad-x13s = { pkgs, config, lib, options, ... } @ args: (import ./nix/os/modules/hardware.thinkpad-x13s.nix (args // { inherit self; })); - }; }); } diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 81ddf3c..c1c70b2 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -239,14 +239,6 @@ virtualisation.containers.enable = true; virtualisation.podman.enable = true; - nix.settings.substituters = [ - "https://nixos-x13s.cachix.org" - ]; - - nix.settings.trusted-public-keys = [ - "nixos-x13s.cachix.org-1:SzroHbidolBD3Sf6UusXp12YZ+a5ynWv0RtYF0btFos=" - ]; - steveej.holo-zerotier = { enable = true; autostart = false; diff --git a/nix/os/modules/hardware.thinkpad-x13s.nix b/nix/os/modules/hardware.thinkpad-x13s.nix deleted file mode 100644 index 1e7223d..0000000 --- a/nix/os/modules/hardware.thinkpad-x13s.nix +++ /dev/null @@ -1,240 +0,0 @@ -{ - self, - pkgs, - config, - lib, - options, - ... -}: let - # TODO: introduce options for these - kernelPdMapper = true; - cfg = config.hardware.thinkpad-x13s; -in { - options.hardware.thinkpad-x13s = { - # TODO: respect this - enable = lib.mkEnableOption "x13s hardware support"; - - bluetoothMac = lib.mkOption { - type = lib.types.str; - description = "mac address to set on boot"; - }; - }; - config = let - inherit (config.boot.loader) efi; - kp = [ - { - name = "x13s-cfg"; - patch = null; - extraStructuredConfig = with lib.kernel; { - EFI_ARMSTUB_DTB_LOADER = lib.mkForce yes; - OF_OVERLAY = lib.mkForce yes; - BTRFS_FS = lib.mkForce yes; - BTRFS_FS_POSIX_ACL = lib.mkForce yes; - MEDIA_CONTROLLER = lib.mkForce yes; - SND_USB_AUDIO_USE_MEDIA_CONTROLLER = lib.mkForce yes; - SND_USB = lib.mkForce yes; - SND_USB_AUDIO = lib.mkForce module; - USB_XHCI_PCI = lib.mkForce module; - NO_HZ_FULL = lib.mkForce yes; - HZ_100 = lib.mkForce yes; - HZ_250 = lib.mkForce no; - DRM_AMDGPU = lib.mkForce no; - DRM_NOUVEAU = lib.mkForce no; - QCOM_TSENS = lib.mkForce yes; - NVMEM_QCOM_QFPROM = lib.mkForce yes; - ARM_QCOM_CPUFREQ_NVMEM = lib.mkForce yes; - VIRTIO_PCI = lib.mkForce module; - # forthcoming kernel work: QCOM_PD_MAPPER = lib.mkForce module; - }; - } - ]; - - qrtr = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/qrtr.nix" {}; - pd-mapper = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/pd-mapper.nix" { - inherit qrtr; - }; - - # We can't quite move to mainline linux - linux_x13s_pkg = {buildLinux, ...} @ args: - buildLinux (args - // rec { - version = "6.7.0"; - modDirVersion = lib.versions.pad 3 version; - extraMeta.branch = lib.versions.majorMinor version; - - src = self.inputs.linux_x13s; - kernelPatches = (args.kernelPatches or []) ++ kp; - } - // (args.argsOverride or {})); - - # we add additional configuration on top of te normal configuration above - # using the extraStructuredConfig option on the kernel patch - linux_x13s = pkgs.callPackage linux_x13s_pkg { - defconfig = "johan_defconfig"; - }; - - linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s; - dtbName = "sc8280xp-lenovo-thinkpad-x13s.dtb"; - dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/${dtbName}"; - - x13s_alsa-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs (prev: { - src = self.inputs.alsa-ucm-conf; - }); - alsa-ucm-conf-env.ALSA_CONFIG_UCM2 = "${x13s_alsa-ucm-conf}/share/alsa/ucm2"; - in - lib.mkIf cfg.enable - { - nixpkgs.overlays = [ - ( - final: prev: { - x13s_extra-firmware = - pkgs.callPackage - "${self.inputs.adamcstephens_stop-export}/hardware/x13s/extra-firmware.nix" - {}; - - inherit qrtr pd-mapper; - } - ) - ]; - - # ensure the x13s' dtb file is in the boot partition - # TODO:: is this needed for the VT display somehow? - system.activationScripts.x13s-dtb = '' - in_package="${dtb}" - esp_tool_folder="${efi.efiSysMountPoint}/" - in_esp="''${esp_tool_folder}${dtbName}" - >&2 echo "Ensuring $in_esp in EFI System Partition" - if ! ${pkgs.diffutils}/bin/cmp --silent "$in_package" "$in_esp"; then - >&2 echo "Copying $in_package -> $in_esp" - mkdir -p "$esp_tool_folder" - cp "$in_package" "$in_esp" - sync - fi - ''; - - boot = { - loader.systemd-boot.enable = true; - loader.systemd-boot.extraFiles = { - "${dtbName}" = dtb; - }; - loader.efi.canTouchEfiVariables = false; - loader.efi.efiSysMountPoint = "/boot"; - - blacklistedKernelModules = ["wwan"]; - - kernelPackages = linuxPackages_x13s; - - kernelParams = [ - "dtb=${dtbName}" - - "boot.shell_on_fail" - - # jhovold recommended - "efi=noruntime" - "clk_ignore_unused" - "pd_ignore_unused" - "arm64.nopauth" - - # blacklist graphics in initrd so the firmware can load from disk - "rd.driver.blacklist=msm" - ]; - - initrd = { - includeDefaultModules = false; - - # kernelModules = [ - # "nvme" - # "phy_qcom_qmp_pcie" - # "pcie_qcom" - - # "i2c_core" - # "i2c_hid" - # "i2c_hid_of" - # "i2c_qcom_geni" - - # "leds_qcom_lpg" - # "pwm_bl" - # "qrtr" - # "pmic_glink_altmode" - # "gpio_sbu_mux" - # "phy_qcom_qmp_combo" - # "gpucc_sc8280xp" - # "dispcc_sc8280xp" - # "phy_qcom_edp" - # "panel_edp" - # # "msm" - - # ]; - - availableKernelModules = [ - "i2c_hid" - "i2c_hid_of" - "i2c_qcom_geni" - "leds_qcom_lpg" - "pwm_bl" - "qrtr" - "pmic_glink_altmode" - "gpio_sbu_mux" - "phy_qcom_qmp_combo" - "panel_edp" - # "msm" - "phy_qcom_edp" - "i2c_core" - "i2c_hid" - "i2c_hid_of" - "i2c_qcom_geni" - "pcie_qcom" - "phy_qcom_qmp_combo" - "phy_qcom_qmp_pcie" - "phy_qcom_qmp_usb" - "phy_qcom_snps_femto_v2" - "phy_qcom_usb_hs" - "nvme" - - "usbcore" - "xhci_hcd" - "usbhid" - "usb_storage" - "uas" - ]; - }; - }; - - # default is performance - powerManagement.cpuFreqGovernor = "ondemand"; - - hardware.enableAllFirmware = true; - hardware.firmware = [ - # pkgs.linux-firmware - - pkgs.x13s_extra-firmware - ]; - - systemd.services.pd-mapper = { - wantedBy = ["multi-user.target"]; - - serviceConfig = { - ExecStart = "${lib.getExe pd-mapper}"; - Restart = "always"; - }; - }; - - environment.sessionVariables = alsa-ucm-conf-env; - systemd.user.services.pipewire.environment = alsa-ucm-conf-env; - systemd.user.services.wireplumber.environment = alsa-ucm-conf-env; - - systemd.services.bluetooth = { - serviceConfig = { - # disabled because btmgmt call hangs - ExecStartPre = [ - "" - "${pkgs.util-linux}/bin/rfkill block bluetooth" - "${pkgs.bluez5-experimental}/bin/btmgmt public-addr ${cfg.bluetoothMac}" - "${pkgs.util-linux}/bin/rfkill unblock bluetooth" - ]; - RestartSec = 5; - Restart = "on-failure"; - }; - }; - }; -} From 6a22e605ce675faf91fce16ed89346b6d616ca9e Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 2 Nov 2024 22:46:08 +0100 Subject: [PATCH 195/305] bump logseq --- flake.nix | 6 --- nix/pkgs/logseq/default.nix | 89 ++++++++++++++++++++++--------------- 2 files changed, 52 insertions(+), 43 deletions(-) diff --git a/flake.nix b/flake.nix index 5b5057e..8d82517 100644 --- a/flake.nix +++ b/flake.nix @@ -329,12 +329,6 @@ ssh root@${self.colmena.sj-vps-htz0.deployment.targetHost} -L 8385:syncthing.containers:8384 ''; - logseq = - pkgs.callPackage ./nix/pkgs/logseq - (lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 { - overrideSrc = self.inputs.logseq_0_10_9_aarch64_appimage; - }); - rperf = craneLib.buildPackage { src = inputs.rperf; nativeBuildInputs = [ diff --git a/nix/pkgs/logseq/default.nix b/nix/pkgs/logseq/default.nix index a50818a..159d03b 100644 --- a/nix/pkgs/logseq/default.nix +++ b/nix/pkgs/logseq/default.nix @@ -3,9 +3,13 @@ stdenv, fetchurl, appimageTools, + unzip, makeWrapper, - # graphs will not sync without matching upstream's major electron version + # Notice: graphs will not sync without matching upstream's major electron version + # the specific electron version is set at top-level file to preserve override interface. + # whenever updating this package also sync electron version at top-level file. electron_27, + autoPatchelfHook, git, nix-update-script, overrideSrc ? null, @@ -22,62 +26,73 @@ in { else (fetchurl { url = "https://github.com/logseq/logseq/releases/download/${version}/logseq-linux-x64-${version}.AppImage"; - hash = "sha256-F3YbqgvL04P0nXaIVkJlCq/z8hUE0M0UutkBs2omuBE="; + hash = "sha256-F3YbqgvL04P0nXaIVkJlCq/z8hUE0M0UutkBs2omuBe="; name = "${pname}-${version}.AppImage"; }); - appimageContents = appimageTools.extract { - inherit pname src version; - }; + nativeBuildInputs = + [makeWrapper] + ++ lib.optionals stdenv.hostPlatform.isLinux [autoPatchelfHook] + ++ lib.optionals stdenv.hostPlatform.isDarwin [unzip]; + buildInputs = [stdenv.cc.cc.lib]; - dontUnpack = true; + dontUnpack = stdenv.hostPlatform.isLinux; dontConfigure = true; dontBuild = true; - nativeBuildInputs = [makeWrapper]; + installPhase = + '' + runHook preInstall + '' + + lib.optionalString stdenv.hostPlatform.isLinux ( + let + appimageContents = appimageTools.extract {inherit pname src version;}; + in '' + mkdir -p $out/bin $out/share/logseq $out/share/applications + cp -a ${appimageContents}/{locales,resources} $out/share/logseq + cp -a ${appimageContents}/Logseq.desktop $out/share/applications/logseq.desktop - installPhase = '' - runHook preInstall + # remove the `git` in `dugite` because we want the `git` in `nixpkgs` + chmod +w -R $out/share/logseq/resources/app/node_modules/dugite/git + chmod +w $out/share/logseq/resources/app/node_modules/dugite + rm -rf $out/share/logseq/resources/app/node_modules/dugite/git + chmod -w $out/share/logseq/resources/app/node_modules/dugite - mkdir -p $out/bin $out/share/${pname} $out/share/applications - cp -a ${appimageContents}/{locales,resources} $out/share/${pname} - cp -a ${appimageContents}/Logseq.desktop $out/share/applications/${pname}.desktop + mkdir -p $out/share/pixmaps + ln -s $out/share/logseq/resources/app/icons/logseq.png $out/share/pixmaps/logseq.png - # remove the `git` in `dugite` because we want the `git` in `nixpkgs` - if test -e $out/share/${pname}/resources/app/node_modules/dugite/git; then - chmod +w -R $out/share/${pname}/resources/app/node_modules/dugite/git - chmod +w $out/share/${pname}/resources/app/node_modules/dugite - rm -rf $out/share/${pname}/resources/app/node_modules/dugite/git - chmod -w $out/share/${pname}/resources/app/node_modules/dugite - fi + substituteInPlace $out/share/applications/logseq.desktop \ + --replace Exec=Logseq Exec=logseq \ + --replace Icon=Logseq Icon=logseq + '' + ) + + lib.optionalString stdenv.hostPlatform.isDarwin '' + mkdir -p $out/{Applications/Logseq.app,bin} + cp -R . $out/Applications/Logseq.app + makeWrapper $out/Applications/Logseq.app/Contents/MacOS/Logseq $out/bin/logseq + '' + + '' + runHook postInstall + ''; - mkdir -p $out/share/pixmaps - ln -s $out/share/${pname}/resources/app/icons/logseq.png $out/share/pixmaps/${pname}.png - - substituteInPlace $out/share/applications/${pname}.desktop \ - --replace Exec=Logseq Exec=${pname} \ - --replace Icon=Logseq Icon=${pname} - - runHook postInstall - ''; - - postFixup = '' + postFixup = lib.optionalString stdenv.hostPlatform.isLinux '' # set the env "LOCAL_GIT_DIRECTORY" for dugite so that we can use the git in nixpkgs - makeWrapper ${electron_27}/bin/electron $out/bin/${pname} \ + makeWrapper ${electron_27}/bin/electron $out/bin/logseq \ --set "LOCAL_GIT_DIRECTORY" ${git} \ - --add-flags $out/share/${pname}/resources/app \ - --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \ - --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [stdenv.cc.cc.lib]}" + --add-flags $out/share/logseq/resources/app \ + --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" ''; passthru.updateScript = nix-update-script {}; meta = { - description = "A local-first, non-linear, outliner notebook for organizing and sharing your personal knowledge base"; + description = "Local-first, non-linear, outliner notebook for organizing and sharing your personal knowledge base"; homepage = "https://github.com/logseq/logseq"; changelog = "https://github.com/logseq/logseq/releases/tag/${version}"; license = lib.licenses.agpl3Plus; - maintainers = with lib.maintainers; []; - platforms = ["x86_64-linux" "aarch64-linux"]; + sourceProvenance = with lib.sourceTypes; [binaryNativeCode]; + maintainers = with lib.maintainers; [cheeseecake]; + platforms = ["x86_64-linux" "aarch64-linux"] ++ lib.platforms.darwin; + mainProgram = "logseq"; }; }) From 9d2311bcac91c647edc9d2a3dafeffaecc819897 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 2 Nov 2024 22:47:53 +0100 Subject: [PATCH 196/305] WIP: debug mycelium nixos container on containerd --- nix/os/containers/mycelium/configuration.nix | 0 nix/os/containers/mycelium/flake.nix | 10 +++++----- 2 files changed, 5 insertions(+), 5 deletions(-) delete mode 100644 nix/os/containers/mycelium/configuration.nix diff --git a/nix/os/containers/mycelium/configuration.nix b/nix/os/containers/mycelium/configuration.nix deleted file mode 100644 index e69de29..0000000 diff --git a/nix/os/containers/mycelium/flake.nix b/nix/os/containers/mycelium/flake.nix index c139c0e..fa8340a 100644 --- a/nix/os/containers/mycelium/flake.nix +++ b/nix/os/containers/mycelium/flake.nix @@ -159,17 +159,16 @@ ''); systemd.services.testing-credentials = { - description = "testing credentials"; wantedBy = ["multi-user.target"]; path = [pkgs.coreutils]; serviceConfig = { - SyslogIdentifier = "testing-credential"; - StateDirectory = "testing-credentials"; - DynamicUser = true; + # SyslogIdentifier = "testing-credentials"; + # StateDirectory = "testing-credentials"; + # DynamicUser = true; # User = "tc"; # ProtectHome = true; - ProtectSystem = true; + # ProtectSystem = true; # LoadCredential = [ # "mycelium-keyfile:${self.nixosConfigurations.default.config.services.mycelium.keyFile}" # "hosts:/etc/hosts" @@ -241,6 +240,7 @@ # this is read by the `/init` script and prevents various incompatible commands like mount, etc. # the value of this doesn't seem to matter as long as it's not an empty string. "container=nerd" + "SYSTEMD_LOG_LEVEL=debug" ]; volumes = { # "/var/lib/private/mycelium/key.bin" = {}; From c8509fbf7b7c77e2e72a67cee89d97d02b1cdb8f Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 2 Nov 2024 22:48:20 +0100 Subject: [PATCH 197/305] feat(steveej-x13s and treewide): get most recent libcamera with fixes --- flake.lock | 268 ++++++++---------- flake.nix | 29 -- .../configuration/graphical-fullblown.nix | 47 ++- nix/home-manager/profiles/common.nix | 18 ++ nix/home-manager/profiles/sway-desktop.nix | 19 +- nix/home-manager/programs/firefox.nix | 7 +- nix/home-manager/programs/libreoffice.nix | 2 +- nix/os/devices/steveej-x13s/configuration.nix | 36 ++- nix/os/devices/steveej-x13s/flake.lock | 86 +++--- nix/os/devices/steveej-x13s/flake.nix | 59 +++- nix/os/snippets/holo-zerotier.nix | 2 +- nix/os/snippets/home-manager-with-zsh.nix | 1 + nix/os/snippets/sway-desktop.nix | 5 +- 13 files changed, 308 insertions(+), 271 deletions(-) diff --git a/flake.lock b/flake.lock index b92ef8e..5d64be7 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "aphorme_launcher": { "flake": false, "locked": { - "lastModified": 1713530567, - "narHash": "sha256-p1ZIMMDyQWVzoeyHb3sbeV6XQwbIDoQwJU8ynI8hGUI=", + "lastModified": 1719922896, + "narHash": "sha256-mOtCz42NFQn+0xPF3gBX4WHfo5UEClSsJ/tF8RdFQkY=", "owner": "Iaphetes", "repo": "aphorme_launcher", - "rev": "abc42c3d9e98dfd2c910cf348110232ff25129b4", + "rev": "c7c7ce9f91a31cced181fa501a2cad3c68035def", "type": "github" }, "original": { @@ -20,11 +20,11 @@ "ath11k-firmware": { "flake": false, "locked": { - "lastModified": 1720482684, - "narHash": "sha256-p6ifwtRNUOyQ2FN2VhSXS6dcrvrtiFZawu/iVXQ4uR0=", + "lastModified": 1729352325, + "narHash": "sha256-U2rdpaKV09mLDIt7MNdbolE8HBzXawXoo7uo3HY5gBk=", "ref": "refs/heads/main", - "rev": "bb527dcebac835c47ed4f5428a7687769fa9b1b2", - "revCount": 152, + "rev": "4c8ae2fb2b78d5b0bebed63fe8b0f348f9fbc33e", + "revCount": 160, "type": "git", "url": "https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git" }, @@ -43,11 +43,11 @@ "stable": "stable" }, "locked": { - "lastModified": 1711386353, - "narHash": "sha256-gWEpb8Hybnoqb4O4tmpohGZk6+aerAbJpywKcFIiMlg=", + "lastModified": 1728263678, + "narHash": "sha256-gyUVsPAWY9AgVKjrNPoowrIr5BvK4gI0UkDXvv8iSxA=", "owner": "zhaofengli", "repo": "colmena", - "rev": "cd65ef7a25cdc75052fbd04b120aeb066c3881db", + "rev": "b0a62f234fae02a006123e661ff70e62af16106b", "type": "github" }, "original": { @@ -57,17 +57,12 @@ } }, "crane": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, "locked": { - "lastModified": 1720226507, - "narHash": "sha256-yHVvNsgrpyNTXZBEokL8uyB2J6gB1wEx0KOJzoeZi1A=", + "lastModified": 1730060262, + "narHash": "sha256-RMgSVkZ9H03sxC+Vh4jxtLTCzSjPq18UWpiM0gq6shQ=", "owner": "ipetkov", "repo": "crane", - "rev": "0aed560c5c0a61c9385bddff471a13036203e11c", + "rev": "498d9f122c413ee1154e8131ace5a35a80d8fa76", "type": "github" }, "original": { @@ -84,11 +79,11 @@ ] }, "locked": { - "lastModified": 1718008439, - "narHash": "sha256-nlh/2uD5p2SAdkn6Zuey20yaR5FFWvhL3poapDGNE4Y=", + "lastModified": 1727359191, + "narHash": "sha256-5PltTychnExFwzpEnY3WhOywaMV/M6NxYI/y3oXuUtw=", "owner": "nix-community", "repo": "disko", - "rev": "c1cfbfad7cb45f0c177b35b59ba67d1b5fc7ca82", + "rev": "67dc29be3036cc888f0b9d4f0a788ee0f6768700", "type": "github" }, "original": { @@ -123,11 +118,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1713421495, - "narHash": "sha256-5vVF9W1tJT+WdfpWAEG76KywktKDAW/71mVmNHEHjac=", + "lastModified": 1730442928, + "narHash": "sha256-U1DWb5c3EfkA7pqx5V1H4AWRA+EaE6UJ0lIRvK1RxgM=", "owner": "nix-community", "repo": "fenix", - "rev": "fd47b1f9404fae02a4f38bd9f4b12bad7833c96b", + "rev": "87b4d20f896c99018dde4702a9c6157b516f2a76", "type": "github" }, "original": { @@ -170,11 +165,11 @@ }, "flake-compat_3": { "locked": { - "lastModified": 1688025799, - "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=", + "lastModified": 1717312683, + "narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=", "owner": "nix-community", "repo": "flake-compat", - "rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c", + "rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea", "type": "github" }, "original": { @@ -188,11 +183,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1712014858, - "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", + "lastModified": 1727826117, + "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", + "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", "type": "github" }, "original": { @@ -209,11 +204,11 @@ ] }, "locked": { - "lastModified": 1717285511, - "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", + "lastModified": 1726153070, + "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", + "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a", "type": "github" }, "original": { @@ -231,11 +226,11 @@ ] }, "locked": { - "lastModified": 1701473968, - "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=", + "lastModified": 1722555600, + "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5", + "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", "type": "github" }, "original": { @@ -282,11 +277,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { @@ -315,11 +310,11 @@ }, "get-flake": { "locked": { - "lastModified": 1694475786, - "narHash": "sha256-s5wDmPooMUNIAAsxxCMMh9g68AueGg63DYk2hVZJbc8=", + "lastModified": 1714237590, + "narHash": "sha256-9gtHdGbzFHaR20xORN8IYd67ROWS+1nqQ5CsPf9MD8I=", "owner": "ursi", "repo": "get-flake", - "rev": "ac54750e3b95dab6ec0726d77f440efe6045bec1", + "rev": "a6c57417d1b857b8be53aba4095869a0f438c502", "type": "github" }, "original": { @@ -331,11 +326,11 @@ "jay": { "flake": false, "locked": { - "lastModified": 1713529603, - "narHash": "sha256-PjHxMABsAbQ6ZkjsmdREQ5D4CTtxCF1aRlyEqKsXMls=", + "lastModified": 1730371037, + "narHash": "sha256-oMVScShS67LZz3BeZTABDQWHv8hZqBXuj+ng14OIr9E=", "owner": "mahkoh", "repo": "jay", - "rev": "670588fe4dc5ea1051e34d51c99282f6c8c4d2b2", + "rev": "f36993eb6eea000f386fbf5bfa3d08dac1bd43c1", "type": "github" }, "original": { @@ -350,11 +345,11 @@ "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1713105314, - "narHash": "sha256-X3URKbcgIy4UaQGrsy3DmY5x+fePQ5IYaa76YewoUE0=", + "lastModified": 1730031145, + "narHash": "sha256-GZz0LGkeduajnF7zUuPu5evNyoOATcSsRZCkG1OqiwY=", "owner": "nix-community", "repo": "lib-aggregate", - "rev": "f347ed9a1cab12c27541ed4d173e2f2d5c9bc0bb", + "rev": "7d235f23a84b54c39b1579b68b13e1ff83f5b1ad", "type": "github" }, "original": { @@ -383,11 +378,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1705242886, - "narHash": "sha256-TLj334vRwFtSym3m+NnKcNCnKKPNoTC/TDZL40vmOso=", + "lastModified": 1730389079, + "narHash": "sha256-g/CJ/KKe5MGsVx1oCBl0F9aCdcNSDeOw8H7e5QDGa2c=", "owner": "nix-community", "repo": "nix-eval-jobs", - "rev": "6b03a93296faf174b97546fd573c8b379f523a8d", + "rev": "7f9159a16584ee86eed077c8a73e845690b7d513", "type": "github" }, "original": { @@ -405,11 +400,11 @@ ] }, "locked": { - "lastModified": 1701208414, - "narHash": "sha256-xrQ0FyhwTZK6BwKhahIkUVZhMNk21IEI1nUcWSONtpo=", + "lastModified": 1720066371, + "narHash": "sha256-uPlLYH2S0ACj0IcgaK9Lsf4spmJoGejR9DotXiXSBZQ=", "owner": "nix-community", "repo": "nix-github-actions", - "rev": "93e39cc1a087d65bcf7a132e75a650c44dd2b734", + "rev": "622f829f5fe69310a866c8a6cd07e747c44ef820", "type": "github" }, "original": { @@ -425,11 +420,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1729216050, - "narHash": "sha256-eVfbrE7JnaxFeGndHjTGGxuFoqZ6+/CjS2qfvV1HsXg=", + "lastModified": 1730426202, + "narHash": "sha256-swwKpE3lrdvcSh6Hjyf/eSe/zPnsZgeVlSl+B4yBpeo=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "4dfd7581aaf0f25d3b7695a10dcfb1dfe4ebb953", + "rev": "96dcbddd24edc60ad47f41bb2a73e06099eba4af", "type": "github" }, "original": { @@ -450,11 +445,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1718803059, - "narHash": "sha256-MYvDgSPWdF0hP6vzOhpqY+2a66ZLELFj+MUP5S/+dBY=", + "lastModified": 1729496181, + "narHash": "sha256-LrCxIU6laEf4JD1QtOBNr+PASY6CbNPpUrjLIUizt+Y=", "owner": "numtide", "repo": "nixos-anywhere", - "rev": "ce18c086d8ca143d43ab20b3db20ab1e3e62c519", + "rev": "51d347d35caec995d36d1450cb5bb183318c7fb7", "type": "github" }, "original": { @@ -476,11 +471,11 @@ ] }, "locked": { - "lastModified": 1717994219, - "narHash": "sha256-ueTu01bYU5QXdL77psMkApYHpk339xNHg/M7ZzP3uPI=", + "lastModified": 1727367213, + "narHash": "sha256-7O4pi8MmcJpA0nYUQkdolvKGyu6zNjf2gFYD1Q0xppc=", "owner": "nix-community", "repo": "nixos-images", - "rev": "e2fd329c3a39a90bb43e1e2cf47c180ed57831bf", + "rev": "3e7978bab153f39f3fc329ad346d35a8871420f7", "type": "github" }, "original": { @@ -491,11 +486,11 @@ }, "nixos-stable": { "locked": { - "lastModified": 1717696253, - "narHash": "sha256-1+ua0ggXlYYPLTmMl3YeYYsBXDSCqT+Gw3u6l4gvMhA=", + "lastModified": 1727264057, + "narHash": "sha256-KQPI8CTTnB9CrJ7LrmLC4VWbKZfljEPBXOFGZFRpxao=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9b5328b7f761a7bbdc0e332ac4cf076a3eedb89b", + "rev": "759537f06e6999e141588ff1c9be7f3a5c060106", "type": "github" }, "original": { @@ -555,11 +550,11 @@ }, "nixpkgs-2311": { "locked": { - "lastModified": 1713344939, - "narHash": "sha256-jpHkAt0sG2/J7ueKnG7VvLLkBYUMQbXQ2L8OBpVG53s=", + "lastModified": 1720535198, + "narHash": "sha256-zwVvxrdIzralnSbcpghA92tWu2DV2lwv89xZc8MTrbg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e402c3eb6d88384ca6c52ef1c53e61bdc9b84ddd", + "rev": "205fd4226592cc83fd4c0885a3e4c9c400efabb5", "type": "github" }, "original": { @@ -571,11 +566,11 @@ }, "nixpkgs-2405": { "locked": { - "lastModified": 1717144377, - "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", + "lastModified": 1730327045, + "narHash": "sha256-xKel5kd1AbExymxoIfQ7pgcX6hjw9jCgbiBjiUfSVJ8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "805a384895c696f802a9bf5bf4720f37385df547", + "rev": "080166c15633801df010977d9d7474b4a6c549d7", "type": "github" }, "original": { @@ -603,29 +598,23 @@ }, "nixpkgs-lib": { "locked": { - "dir": "lib", - "lastModified": 1711703276, - "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089", - "type": "github" + "lastModified": 1727825735, + "narHash": "sha256-0xHYkMkeLVQAMa7gvkddbPqpxph+hDzdu1XdGPJR+Os=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz" }, "original": { - "dir": "lib", - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz" } }, "nixpkgs-lib_2": { "locked": { - "lastModified": 1713055793, - "narHash": "sha256-vIrZQykYW32RnlI2lT/gCcB59BOIqqrAmPirBdiirrc=", + "lastModified": 1729990941, + "narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "361d8a4f443bbfab20bd6d222f9022b8c6665906", + "rev": "7d68864343650322045894951602d6e82b5296d7", "type": "github" }, "original": { @@ -636,27 +625,27 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1713434076, - "narHash": "sha256-+/p5edwlkqKZc6GDAQl+92Hoe1f3NNbUF9uj+X9H3pU=", + "lastModified": 1729973466, + "narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8494ae076b7878d61a7d2d25e89a847fe8f8364c", + "rev": "cd3e8833d70618c4eea8df06f95b364b016d4950", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-23.11", + "ref": "release-24.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1713297878, - "narHash": "sha256-hOkzkhLT59wR8VaMbh1ESjtZLbGi+XNaBN6h49SPqEc=", + "lastModified": 1730200266, + "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "66adc1e47f8784803f2deb6cacd5e07264ec2d5c", + "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", "type": "github" }, "original": { @@ -668,11 +657,11 @@ }, "nixpkgs-vscodium": { "locked": { - "lastModified": 1713297878, - "narHash": "sha256-hOkzkhLT59wR8VaMbh1ESjtZLbGi+XNaBN6h49SPqEc=", + "lastModified": 1730200266, + "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "66adc1e47f8784803f2deb6cacd5e07264ec2d5c", + "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", "type": "github" }, "original": { @@ -690,11 +679,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1713543674, - "narHash": "sha256-vQPF8Y36O99EuS0aVIZDlO9SuwlXzGfzQGNKeaBTFxg=", + "lastModified": 1730425081, + "narHash": "sha256-c8JK1Zuc9QjfLfbnAEtB3uHz5pd+RMgMiR263TEtwAs=", "owner": "nix-community", "repo": "nixpkgs-wayland", - "rev": "ee21b656ea43b305c8f7e25ab2994aec375083eb", + "rev": "968d7a95604a2ec252ce9912199dfa9ec6410ff0", "type": "github" }, "original": { @@ -705,11 +694,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1703134684, - "narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=", + "lastModified": 1723221148, + "narHash": "sha256-7pjpeQlZUNQ4eeVntytU3jkw9dFK3k1Htgk2iuXjaD8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d6863cbcbbb80e71cecfc03356db1cda38919523", + "rev": "154bcb95ad51bc257c2ce4043a725de6ca700ef6", "type": "github" }, "original": { @@ -721,11 +710,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1713297878, - "narHash": "sha256-hOkzkhLT59wR8VaMbh1ESjtZLbGi+XNaBN6h49SPqEc=", + "lastModified": 1730200266, + "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "66adc1e47f8784803f2deb6cacd5e07264ec2d5c", + "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", "type": "github" }, "original": { @@ -738,11 +727,11 @@ "ofi-pass": { "flake": false, "locked": { - "lastModified": 1691863924, - "narHash": "sha256-Vkm3QXjkLIu0RnM0w+upzAF9M7atKBPYqiV7f+eBKJY=", + "lastModified": 1723412133, + "narHash": "sha256-rOVbz4v1+DHPJMvRtxdOFWdOHlaxI7G2vm0bgEV/0Cg=", "owner": "sereinity", "repo": "ofi-pass", - "rev": "b20bd3440686429b113821c51a68b799675d5bb0", + "rev": "2b6aa6a3fc0504e63df4ac3449e0065a1a4d19d0", "type": "github" }, "original": { @@ -821,7 +810,6 @@ "nixpkgs-2211" ], "rperf": "rperf", - "salut": "salut", "sops-nix": "sops-nix", "srvos": "srvos", "x13s-bt-firmware": "x13s-bt-firmware", @@ -847,11 +835,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1713373173, - "narHash": "sha256-octd9BFY9G/Gbr4KfwK4itZp4Lx+qvJeRRcYnN+dEH8=", + "lastModified": 1730386175, + "narHash": "sha256-0Uq+/B8eu7pw8B8pxuGdFYKjcVLwNMcHfDxU9sXh7rg=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "46702ffc1a02a2ac153f1d1ce619ec917af8f3a6", + "rev": "0ba893e1a00d92557ac91efb771d72eee36ca687", "type": "github" }, "original": { @@ -861,22 +849,6 @@ "type": "github" } }, - "salut": { - "flake": false, - "locked": { - "lastModified": 1671283721, - "narHash": "sha256-W0lhhImSXtYJDeMbxyEioYu/Bh7ZclwR1/5DzNbxM8o=", - "owner": "snakedye", - "repo": "salut", - "rev": "aa57c4d190812908a9c32cd49cff14390c6dfdcb", - "type": "gitlab" - }, - "original": { - "owner": "snakedye", - "repo": "salut", - "type": "gitlab" - } - }, "sops-nix": { "inputs": { "nixpkgs": [ @@ -885,11 +857,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1713532771, - "narHash": "sha256-vfKxhYVMzG2tg48/1rewBoSLCrKIjQsG1j7Nm/Y2gf4=", + "lastModified": 1729999681, + "narHash": "sha256-qm0uCtM9bg97LeJTKQ8dqV/FvqRN+ompyW4GIJruLuw=", "owner": "Mic92", "repo": "sops-nix", - "rev": "a929a011a09db735abc45a8a45d1ff7fdee62755", + "rev": "1666d16426abe79af5c47b7c0efa82fd31bf4c56", "type": "github" }, "original": { @@ -905,11 +877,11 @@ ] }, "locked": { - "lastModified": 1713533513, - "narHash": "sha256-nv5GmWaGryyZU8ihQIYLZWasqaXTZKGTjsypG0TRw9Q=", + "lastModified": 1730335989, + "narHash": "sha256-hG7H+EcNZfNa5tsUzMX+NBYpG4viCTvfRp5t7ZUnKW8=", "owner": "numtide", "repo": "srvos", - "rev": "d8945920cb8e98dc737d1fc2d42607f5916c34cf", + "rev": "b80b3ffabd20e39b579f45a33e638bbb1b297b60", "type": "github" }, "original": { @@ -920,16 +892,16 @@ }, "stable": { "locked": { - "lastModified": 1696039360, - "narHash": "sha256-g7nIUV4uq1TOVeVIDEZLb005suTWCUjSY0zYOlSBsyE=", + "lastModified": 1724316499, + "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "32dcb45f66c0487e92db8303a798ebc548cadedc", + "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.05", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } @@ -987,11 +959,11 @@ ] }, "locked": { - "lastModified": 1717850719, - "narHash": "sha256-npYqVg+Wk4oxnWrnVG7416fpfrlRhp/lQ6wQ4DHI8YE=", + "lastModified": 1727252110, + "narHash": "sha256-3O7RWiXpvqBcCl84Mvqa8dXudZ1Bol1ubNdSmQt7nF4=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "4fc1c45a5f50169f9f29f6a98a438fb910b834ed", + "rev": "1bff2ba6ec22bc90e9ad3f7e94cca0d37870afa3", "type": "github" }, "original": { @@ -1009,11 +981,11 @@ ] }, "locked": { - "lastModified": 1702979157, - "narHash": "sha256-RnFBbLbpqtn4AoJGXKevQMCGhra4h6G2MPcuTSZZQ+g=", + "lastModified": 1723303070, + "narHash": "sha256-krGNVA30yptyRonohQ+i9cnK+CfCpedg6z3qzqVJcTs=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "2961375283668d867e64129c22af532de8e77734", + "rev": "14c092e0326de759e16b37535161b3cb9770cea3", "type": "github" }, "original": { @@ -1042,11 +1014,11 @@ ] }, "locked": { - "lastModified": 1710356110, - "narHash": "sha256-dLYYHNiimcY5WMOnYs9zHVKdjqoPhdFhbEJa2h5hel0=", + "lastModified": 1725018627, + "narHash": "sha256-uBEU/aKl9jlJ8vIK556TaqSBEHx6/t6AE4fbt/AoRfA=", "owner": "l4l", "repo": "yofi", - "rev": "0d7af4653fa8f119a4aee0b7981edc88a6c7e892", + "rev": "09901e75cbdf2147553ab888adde480e57baa0d1", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 8d82517..1b33c04 100644 --- a/flake.nix +++ b/flake.nix @@ -73,11 +73,6 @@ flake = false; }; - salut = { - url = "gitlab:snakedye/salut"; - flake = false; - }; - prs = { # https://gitlab.com/timvisee/prs/-/merge_requests/42/ # $ find "$(dirname $(readlink $(which prs)))/.." -name "_prs" @@ -235,32 +230,8 @@ dcpj4110dwDriver = dcpj4110dw.driver; dcpj4110dwCupswrapper = dcpj4110dw.cupswrapper; - # broken as of 2023-04-27 because it doesn't load without a config - # aphorme_launcher = craneLib.buildPackage {src = inputs.aphorme_launcher;}; - # yofi = inputs'.yofi.packages.default; - # ofi-pass = craneLibOfiPass.buildPackage {src = inputs.ofi-pass;}; - inherit (inputs'.colmena.packages) colmena; - # jay = pkgs.callPackage (self + /nix/pkgs/jay.nix) { - # src = inputs.jay; - # rustPlatform = pkgs.makeRustPlatform { - # cargo = inputs'.fenix.packages.stable.toolchain; - # rustc = inputs'.fenix.packages.stable.toolchain; - # }; - # }; - - salut = craneLib.buildPackage { - src = inputs.salut; - nativeBuildInputs = [ - pkgs.pkg-config - ]; - buildInputs = [ - pkgs.libxkbcommon - pkgs.fontconfig - ]; - }; - prs = pkgs.callPackage ({ diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index e498f29..5798fac 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -50,6 +50,17 @@ in { "electron-27.3.11" ]; + nixpkgs.config.allowUnfree = [ + "electron-28.3.3" + "electron-27.3.11" + ]; + + # nixpkgs.config.allowUnfreePredicate = pkg: + # builtins.elem (lib.getName pkg) [ + # "smartgithg" + # "electron-27.3.11" + # ]; + home.packages = [] ++ (with pkgs; [ @@ -109,7 +120,7 @@ in { aspellDicts.de # skypeforlinux # pkgsUnstable.jitsi-meet-electron - thunderbird-115 + thunderbird-128 # betterbird # FIXME: depends on insecure openssl 1.1.1t @@ -118,8 +129,6 @@ in { # TODO: remove or reuse this depending on whether waydroid signal works pkgsUnstable.signal-desktop - # gnome.cheese - # Virtualization virt-manager @@ -136,6 +145,8 @@ in { yt-dlp (writeShellScriptBin "youtube-dl-audio" "${yt-dlp}/bin/yt-dlp --extract-audio --audio-format best --audio-quality 9 \${@:?}") libwebcam + libcamera + snapshot # Network Tools tcpdump @@ -200,7 +211,7 @@ in { # dex coreutils lsof - xdg_utils + xdg-utils xdg-user-dirs dconf picocom @@ -229,14 +240,26 @@ in { # libretro.snes9x2010 # retroarchFull - packages'.logseq - # (pkgs.runCommand "logseq-wrapper" - # { - # nativeBuildInputs = [ pkgs.makeWrapper ]; - # } '' - # makeWrapper ${pkgs.logseq}/bin/logseq $out/bin/logseq \ - # --set NIXOS_OZONE_WL "" - # '') + ( + pkgs.logseq.overrideAttrs ( + attrs: + lib.attrsets.recursiveUpdate + attrs + ( + lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 { + src = repoFlake.inputs.logseq_0_10_9_aarch64_appimage; + meta.platforms = ["aarch64-linux"]; + } + ) + ) + ) + + # ( + # pkgsUnstable.callPackage (repoFlake + "/nix/pkgs/logseq") + # (lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 { + # overrideSrc = repoFlake.inputs.logseq_0_10_9_aarch64_appimage; + # }) + # ) ]) ++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [ ]) diff --git a/nix/home-manager/profiles/common.nix b/nix/home-manager/profiles/common.nix index 2f5b051..d5b0c7e 100644 --- a/nix/home-manager/profiles/common.nix +++ b/nix/home-manager/profiles/common.nix @@ -13,9 +13,27 @@ nixpkgs.config = { allowBroken = false; allowUnfree = true; + allowUnsupportedSystem = true; + + allowInsecurePredicate = pkg: + builtins.elem (lib.getName pkg) [ + "electron-28.3.3" + "electron-27.3.11" + "electron" + ]; permittedInsecurePackages = [ + "electron-28.3.3" + "electron-27.3.11" + "electron" ]; + + allowUnfreePredicate = pkg: + builtins.elem (lib.getName pkg) [ + "obsidian" + "vivaldi" + "aspell-dict-en-science" + ]; }; home.keyboard = { diff --git a/nix/home-manager/profiles/sway-desktop.nix b/nix/home-manager/profiles/sway-desktop.nix index 1acf089..8cfe85a 100644 --- a/nix/home-manager/profiles/sway-desktop.nix +++ b/nix/home-manager/profiles/sway-desktop.nix @@ -33,22 +33,8 @@ in { imports = [ ../profiles/wayland-desktop.nix ../programs/waybar.nix - # ../programs/salut.nix ]; - # TODO: autostart - # environment.loginShellInit = '' - # if [[ "$(tty)" == /dev/tty1 ]]; then - # echo starting sway.. - # exec sway - # fi - # ''; - - services = { - # TODO: doesn't work with 2 screens - # flameshot.enable = true; - }; - services.dunst = { enable = true; }; @@ -73,7 +59,6 @@ in { pkgs.ttf_bitstream_vera pkgs.noto-fonts - pkgs.noto-fonts-cjk pkgs.noto-fonts-cjk-sans pkgs.noto-fonts-cjk-serif pkgs.noto-fonts-emoji @@ -88,12 +73,12 @@ in { pkgs.dina-font pkgs.monoid pkgs.hermit - # found on colemickens' repo + ### found on colemickens' repo pkgs.gelasio # metric-compatible with Georgia pkgs.powerline-symbols pkgs.iosevka-comfy.comfy-fixed - # experimental stuff + ## experimental stuff pkgs.fuzzel ]; diff --git a/nix/home-manager/programs/firefox.nix b/nix/home-manager/programs/firefox.nix index 05beab4..993cbc4 100644 --- a/nix/home-manager/programs/firefox.nix +++ b/nix/home-manager/programs/firefox.nix @@ -1,6 +1,9 @@ {pkgs, ...}: { - programs.librewolf = {enable = true;}; - programs.firefox = {enable = true;}; + programs.librewolf = {enable = false;}; + programs.firefox = { + enable = true; + package = pkgs.firefox-esr-128; + }; # home.file.".mozilla/native-messaging-hosts/passff.json".source = "${pkgs.passff-host}/share/passff-host/passff.json"; } diff --git a/nix/home-manager/programs/libreoffice.nix b/nix/home-manager/programs/libreoffice.nix index f5921e2..17d0a24 100644 --- a/nix/home-manager/programs/libreoffice.nix +++ b/nix/home-manager/programs/libreoffice.nix @@ -1,3 +1,3 @@ {pkgs, ...}: { - home.packages = with pkgs; [libreoffice-fresh]; + home.packages = [pkgs.libreoffice]; } diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index c1c70b2..831f1f0 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -10,12 +10,7 @@ packages', ... }: { - nixpkgs.overlays = [ - (final: previous: { - # inherit (nodeFlake.inputs.nixpkgs-systemd256.legacyPackages.${system}) systemd systemdMinimal; - # inherit (nodeFlake.inputs.nixpkgs-unstable.legacyPackages.${system}) libcamera libcamera-qcam; - }) - ]; + nixpkgs.overlays = [nodeFlake.overlays.default]; nixos-x13s = { enable = true; @@ -114,27 +109,44 @@ protocol = "ssh-ng"; systems = [ "x86_64-linux" - # "aarch64-linux" ]; supportedFeatures = [ "big-parallel" "kvm" + "nixos-test" ]; maxJobs = 16; } + { + hostName = "aarch64-linux-builder-0.infra.holochain.org"; + sshUser = "nix-remote-builder"; + sshKey = config.sops.secrets.builder-private-key.path; + protocol = "ssh-ng"; + systems = [ + "aarch64-linux" + ]; + supportedFeatures = [ + "big-parallel" + "kvm" + "nixos-test" + ]; + maxJobs = 4; + } + { hostName = "x64-linux-dev-01.dev.infra.holochain.org"; sshUser = "nix-remote-builder"; sshKey = config.sops.secrets.builder-private-key.path; protocol = "ssh-ng"; systems = [ - "x86_64-linux" - # "aarch64-linux" + # "x86_64-linux" + "aarch64-linux" ]; supportedFeatures = [ "big-parallel" "kvm" + "nixos-test" ]; maxJobs = 0; } @@ -199,12 +211,14 @@ ../../../home-manager/configuration/graphical-fullblown.nix ]; + nixpkgs.overlays = [nodeFlake.overlays.default]; + home.sessionVariables = {}; home.packages = with pkgs; [ ]; - # TODO: currently unsupported + # TODO(upstream): currently unsupported on x13s services.gammastep.enable = true; }; @@ -250,4 +264,6 @@ programs.adb.enable = true; nix.settings.sandbox = lib.mkForce "relaxed"; + + systemd.user.services.wireplumber.environment.LIBCAMERA_IPA_PROXY_PATH = "${pkgs.libcamera}/libexec/libcamera"; } diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 66da2af..5425600 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1725377834, - "narHash": "sha256-tqoAO8oT6zEUDXte98cvA1saU9+1dLJQe3pMKLXv8ps=", + "lastModified": 1730190761, + "narHash": "sha256-o5m5WzvY6cGIDupuOvjgNSS8AN6yP2iI9MtUC6q/uos=", "owner": "nix-community", "repo": "disko", - "rev": "e55f9a8678adc02024a4877c2a403e3f6daf24fe", + "rev": "3979285062d6781525cded0f6c4ff92e71376b55", "type": "github" }, "original": { @@ -148,11 +148,11 @@ ] }, "locked": { - "lastModified": 1725703823, - "narHash": "sha256-tDgM4d8mLK0Hd6YMB2w1BqMto1XBXADOzPEaLl10VI4=", + "lastModified": 1726989464, + "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "owner": "nix-community", "repo": "home-manager", - "rev": "208df2e558b73b6a1f0faec98493cb59a25f62ba", + "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "type": "github" }, "original": { @@ -165,16 +165,16 @@ "linux-jhovold": { "flake": false, "locked": { - "lastModified": 1728631036, - "narHash": "sha256-1LnClVjY6WS+IR9eqPFA7gzXm0cio3mY23NXj9cKHHs=", + "lastModified": 1730186574, + "narHash": "sha256-QjStPt3c/v55lJUgn4Rdx/WTaQKdUxNL9nwkIKQ8O2Q=", "owner": "jhovold", "repo": "linux", - "rev": "6a97bc22fa36010400b91e6d5979741c391112c3", + "rev": "699d5b0ccdc1a343ded65aa876f0b720ca7dada9", "type": "github" }, "original": { "owner": "jhovold", - "ref": "wip/sc8280xp-6.12-rc2", + "ref": "wip/sc8280xp-6.12-rc5", "repo": "linux", "type": "github" } @@ -190,11 +190,11 @@ ] }, "locked": { - "lastModified": 1725529869, - "narHash": "sha256-ekEL4HrZbAeoZmopkxvZ4Z4ufkUEv09b4liGnIIiryc=", + "lastModified": 1730381857, + "narHash": "sha256-PbEoM+AnZTuo9xtwcDcTH9FZAzPzfBhX41+zVVTdgRo=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "43c774cc1d5bae9558d0086e2be334812cafe2be", + "rev": "8a2b564c8e279d4afd0a10058b4481799a7513e1", "type": "github" }, "original": { @@ -247,17 +247,18 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1728680044, - "narHash": "sha256-kDqUDwEEv1KPOObmdnO3zb5mFthFDHoPgzVDpmRIq44=", - "ref": "refs/heads/remaintain", - "rev": "f691c125485b6764ebef0b9f148613d79de95525", - "revCount": 109, + "lastModified": 1730215039, + "narHash": "sha256-GxhtLAsdpZX2SndSu/AoKugk/vht5RZ47FTcrYILDew=", + "ref": "bump", + "rev": "ff41877fbdf32f2029ade902f10142afb053d2da", + "revCount": 116, "type": "git", - "url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?branch=remaintain" + "url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git" }, "original": { + "ref": "bump", "type": "git", - "url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?branch=remaintain" + "url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git" } }, "nixpkgs": { @@ -288,29 +289,13 @@ "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" } }, - "nixpkgs-unstable": { + "nixpkgs-stable": { "locked": { - "lastModified": 1728621521, - "narHash": "sha256-Fk8C/cywdAP//XjK1/CF2VMIRoQjhosCor71p84ff+c=", + "lastModified": 1730327045, + "narHash": "sha256-xKel5kd1AbExymxoIfQ7pgcX6hjw9jCgbiBjiUfSVJ8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7045aa75c71e90ae3bbb486d35414b08add9c424", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable-small", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1725826545, - "narHash": "sha256-L64N1rpLlXdc94H+F6scnrbuEu+utC03cDDVvvJGOME=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9", + "rev": "080166c15633801df010977d9d7474b4a6c549d7", "type": "github" }, "original": { @@ -320,6 +305,22 @@ "type": "github" } }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1730200266, + "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "disko": "disko", @@ -328,7 +329,10 @@ "mycelium": "mycelium", "nix-snapshotter": "nix-snapshotter", "nixos-x13s": "nixos-x13s", - "nixpkgs": "nixpkgs_2", + "nixpkgs": [ + "nixpkgs-stable" + ], + "nixpkgs-stable": "nixpkgs-stable", "nixpkgs-unstable": "nixpkgs-unstable" } }, diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 61a760d..aa74be0 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -1,22 +1,21 @@ { inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; - # nixpkgs.follows = "nixpkgs-unstable"; - - # required for home-manager modules - nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small"; + nixpkgs.follows = "nixpkgs-stable"; + nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; get-flake.url = "github:ursi/get-flake"; disko.inputs.nixpkgs.follows = "nixpkgs"; home-manager = { + # url = "github:nix-community/home-manager/master"; url = "github:nix-community/home-manager/release-24.05"; inputs.nixpkgs.follows = "nixpkgs"; }; nixos-x13s.url = - "git+https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?branch=remaintain" + "git+https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?ref=bump" # 6.11.0 # "git+https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?branch=remaintain&rev=6b9efe77ca80653354981c720af3c4241ac71490" # 6.12.0-rc6 @@ -75,7 +74,6 @@ # flake registry { - nixpkgs.overlays = builtins.attrValues self.overlays; nix.registry.nixpkgs.flake = nixpkgs; } ] @@ -87,7 +85,52 @@ inherit mkNixosConfiguration; }; - overlays = {}; + overlays.libcamera = final: previous: { + wireplumber = previous.wireplumber.overrideAttrs (_: { + version = "git"; + src = previous.fetchFromGitLab { + domain = "gitlab.freedesktop.org"; + owner = "pipewire"; + repo = "wireplumber"; + rev = "71f868233792f10848644319dbdc97a4f147d554"; + hash = "sha256-VX3OFsBK9AbISm/XTx8p05ak+z/VcKXfUXhB9aI9ev8="; + }; + }); + + libcamera = previous.libcamera.overrideAttrs (_: { + postFixup = '' + ../src/ipa/ipa-sign-install.sh src/ipa-priv-key.pem $out/lib/libcamera/ipa_*.so + ''; + }); + + libcamera-qcam = previous.libcamera-qcam.overrideAttrs (_: { + postFixup = '' + ../src/ipa/ipa-sign-install.sh src/ipa-priv-key.pem $out/lib/libcamera/ipa_*.so + ''; + }); + }; + + overlays.default = final: previous: let + inherit (previous.stdenv) system; + pkgsUnstable = import self.inputs.nixpkgs-unstable.outPath { + inherit system; + overlays = [self.overlays.libcamera]; + }; + in { + inherit + (pkgsUnstable) + libcamera + ; + + webkitgtk = previous.webkitgtk.overrideAttrs (attrs: { + preConfigure = + attrs.preConfigure + + '' + export NIX_BUILD_CORES="$((NIX_BUILD_CORES > 8 ? 8 : NIX_BUILD_CORES))" + export NUMBER_OF_PROCESSORS="$NIX_BUILD_CORES" + ''; + }); + }; nixosConfigurations = { native = mkNixosConfiguration { diff --git a/nix/os/snippets/holo-zerotier.nix b/nix/os/snippets/holo-zerotier.nix index 8b09cea..8ea2be5 100644 --- a/nix/os/snippets/holo-zerotier.nix +++ b/nix/os/snippets/holo-zerotier.nix @@ -11,7 +11,7 @@ in { }; config = { - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "zerotierone" ]; + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) ["zerotierone"]; services.zerotierone = { enable = cfg.enable; diff --git a/nix/os/snippets/home-manager-with-zsh.nix b/nix/os/snippets/home-manager-with-zsh.nix index 63f4962..266a125 100644 --- a/nix/os/snippets/home-manager-with-zsh.nix +++ b/nix/os/snippets/home-manager-with-zsh.nix @@ -4,6 +4,7 @@ repoFlakeInputs', packages', pkgs, + lib, ... }: let # TODO: make this configurable diff --git a/nix/os/snippets/sway-desktop.nix b/nix/os/snippets/sway-desktop.nix index 71008cb..f8d21b0 100644 --- a/nix/os/snippets/sway-desktop.nix +++ b/nix/os/snippets/sway-desktop.nix @@ -18,7 +18,7 @@ in { services.gvfs = { enable = true; - package = lib.mkForce pkgs.gnome3.gvfs; + package = lib.mkForce pkgs.gnome.gvfs; }; environment.systemPackages = with pkgs; [ @@ -36,7 +36,7 @@ in { # FIXME: `true` breaks xdg-open from alacritty: # $ xdg-open "https://github.com/" # Error: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: No such interface “org.freedesktop.portal.OpenURI” on object at path /org/freedesktop/portal/desktop - xdgOpenUsePortal = true; + xdgOpenUsePortal = false; wlr = { enable = true; @@ -89,6 +89,7 @@ in { alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; + wireplumber.enable = true; # If you want to use JACK applications, uncomment this #jack.enable = true; }; From efc3c4fa71522e4e251e55556b6ff020082ab7bd Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 11 Nov 2024 21:44:09 +0100 Subject: [PATCH 198/305] flake,devshells: add nix4vscode and nixvim --- flake.lock | 444 +++++++++++++++++++++++++---- flake.nix | 5 + nix/devShells.nix | 1 + nix/scripts/nix4vscode/config.toml | 5 + 4 files changed, 394 insertions(+), 61 deletions(-) create mode 100644 nix/scripts/nix4vscode/config.toml diff --git a/flake.lock b/flake.lock index 5d64be7..785838f 100644 --- a/flake.lock +++ b/flake.lock @@ -37,17 +37,18 @@ "inputs": { "flake-compat": "flake-compat", "flake-utils": "flake-utils", + "nix-github-actions": "nix-github-actions", "nixpkgs": [ "nixpkgs" ], "stable": "stable" }, "locked": { - "lastModified": 1728263678, - "narHash": "sha256-gyUVsPAWY9AgVKjrNPoowrIr5BvK4gI0UkDXvv8iSxA=", + "lastModified": 1731093438, + "narHash": "sha256-n1UeNT2PrbOlLNa+EhFMrniUN4BtGqCw9R9/qWpzNEA=", "owner": "zhaofengli", "repo": "colmena", - "rev": "b0a62f234fae02a006123e661ff70e62af16106b", + "rev": "c4d72269affff3abbe7175d363e6c0edf1b0e167", "type": "github" }, "original": { @@ -58,11 +59,11 @@ }, "crane": { "locked": { - "lastModified": 1730060262, - "narHash": "sha256-RMgSVkZ9H03sxC+Vh4jxtLTCzSjPq18UWpiM0gq6shQ=", + "lastModified": 1730652660, + "narHash": "sha256-+XVYfmVXAiYA0FZT7ijHf555dxCe+AoAT5A6RU+6vSo=", "owner": "ipetkov", "repo": "crane", - "rev": "498d9f122c413ee1154e8131ace5a35a80d8fa76", + "rev": "a4ca93905455c07cb7e3aca95d4faf7601cba458", "type": "github" }, "original": { @@ -71,6 +72,27 @@ "type": "github" } }, + "devshell": { + "inputs": { + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1728330715, + "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", + "owner": "numtide", + "repo": "devshell", + "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -118,11 +140,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1730442928, - "narHash": "sha256-U1DWb5c3EfkA7pqx5V1H4AWRA+EaE6UJ0lIRvK1RxgM=", + "lastModified": 1730788380, + "narHash": "sha256-jzniRMqEjqYC7yyx0nIiiEnQ4xlZQMnA7R6mvyYZER8=", "owner": "nix-community", "repo": "fenix", - "rev": "87b4d20f896c99018dde4702a9c6157b516f2a76", + "rev": "280efe0e9b7b824518091a5aff76065785f81649", "type": "github" }, "original": { @@ -178,16 +200,46 @@ "type": "github" } }, + "flake-compat_4": { + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "revCount": 57, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, + "flake-compat_5": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1727826117, - "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", "type": "github" }, "original": { @@ -239,6 +291,27 @@ "type": "github" } }, + "flake-parts_4": { + "inputs": { + "nixpkgs-lib": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1659877975, @@ -274,7 +347,7 @@ }, "flake-utils_3": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1726560853, @@ -292,7 +365,7 @@ }, "flake-utils_4": { "inputs": { - "systems": "systems_3" + "systems": "systems_4" }, "locked": { "lastModified": 1710146030, @@ -323,6 +396,77 @@ "type": "github" } }, + "git-hooks": { + "inputs": { + "flake-compat": "flake-compat_5", + "gitignore": "gitignore", + "nixpkgs": [ + "nixvim", + "nixpkgs" + ], + "nixpkgs-stable": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730814269, + "narHash": "sha256-fWPHyhYE6xvMI1eGY3pwBTq85wcy1YXqdzTZF+06nOg=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "d70155fdc00df4628446352fc58adc640cd705c2", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "nixvim", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1726989464, + "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.05", + "repo": "home-manager", + "type": "github" + } + }, "jay": { "flake": false, "locked": { @@ -345,11 +489,11 @@ "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1730031145, - "narHash": "sha256-GZz0LGkeduajnF7zUuPu5evNyoOATcSsRZCkG1OqiwY=", + "lastModified": 1730635946, + "narHash": "sha256-CdeoMnMXpCq4wBWEWHfUUs68zoyAJLfp1JmfXWtmAgc=", "owner": "nix-community", "repo": "lib-aggregate", - "rev": "7d235f23a84b54c39b1579b68b13e1ff83f5b1ad", + "rev": "d0ecc1890f77e9e170f2de279d6902d84a0cbc51", "type": "github" }, "original": { @@ -370,11 +514,32 @@ "url": "https://www.stefanjunker.de/downloads/Logseq-0.10.9.AppImage" } }, + "nix-darwin": { + "inputs": { + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1731153869, + "narHash": "sha256-3Ftf9oqOypcEyyrWJ0baVkRpvQqroK/SVBFLvU3nPuc=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "5c74ab862c8070cbf6400128a1b56abb213656da", + "type": "github" + }, + "original": { + "owner": "lnl7", + "repo": "nix-darwin", + "type": "github" + } + }, "nix-eval-jobs": { "inputs": { "flake-parts": "flake-parts_3", - "nix-github-actions": "nix-github-actions", - "nixpkgs": "nixpkgs_2", + "nix-github-actions": "nix-github-actions_2", + "nixpkgs": "nixpkgs_4", "treefmt-nix": "treefmt-nix_2" }, "locked": { @@ -392,6 +557,27 @@ } }, "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "colmena", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729742964, + "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, + "nix-github-actions_2": { "inputs": { "nixpkgs": [ "nixpkgs-wayland", @@ -420,11 +606,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1730426202, - "narHash": "sha256-swwKpE3lrdvcSh6Hjyf/eSe/zPnsZgeVlSl+B4yBpeo=", + "lastModified": 1731030477, + "narHash": "sha256-RhkVjPXsfkqK0Dn3zmaRIBkb0L7kexTdpOJ7ldByHtM=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "96dcbddd24edc60ad47f41bb2a73e06099eba4af", + "rev": "35de68b66b5ac51a18c707fa7069151fc6dca168", "type": "github" }, "original": { @@ -433,6 +619,26 @@ "type": "github" } }, + "nix4vscode": { + "inputs": { + "nixpkgs": "nixpkgs_2", + "rust-overlay": "rust-overlay", + "systems": "systems_2" + }, + "locked": { + "lastModified": 1730496654, + "narHash": "sha256-gRoV9Xa6l0Kz0Vzr3hL+KSb+lGyWob98ha+OqK+QjwM=", + "owner": "nix-community", + "repo": "nix4vscode", + "rev": "719a109d0e2357be98a00145e557e9eef85ec059", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix4vscode", + "type": "github" + } + }, "nixos-anywhere": { "inputs": { "disko": "disko", @@ -566,11 +772,11 @@ }, "nixpkgs-2405": { "locked": { - "lastModified": 1730327045, - "narHash": "sha256-xKel5kd1AbExymxoIfQ7pgcX6hjw9jCgbiBjiUfSVJ8=", + "lastModified": 1730741070, + "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "080166c15633801df010977d9d7474b4a6c549d7", + "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", "type": "github" }, "original": { @@ -598,23 +804,23 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1727825735, - "narHash": "sha256-0xHYkMkeLVQAMa7gvkddbPqpxph+hDzdu1XdGPJR+Os=", + "lastModified": 1730504152, + "narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" } }, "nixpkgs-lib_2": { "locked": { - "lastModified": 1729990941, - "narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=", + "lastModified": 1730595754, + "narHash": "sha256-F6DyPKY2WAUf8fpaT9vQwwRUs74InQM36ng//h9wNhY=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "7d68864343650322045894951602d6e82b5296d7", + "rev": "2376a861a1a15f05339245fbaa4422f2d1bdf485", "type": "github" }, "original": { @@ -625,11 +831,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1729973466, - "narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=", + "lastModified": 1730602179, + "narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cd3e8833d70618c4eea8df06f95b364b016d4950", + "rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c", "type": "github" }, "original": { @@ -641,11 +847,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1730200266, - "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=", + "lastModified": 1730531603, + "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", + "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", "type": "github" }, "original": { @@ -657,11 +863,11 @@ }, "nixpkgs-vscodium": { "locked": { - "lastModified": 1730200266, - "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=", + "lastModified": 1730785428, + "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", + "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7", "type": "github" }, "original": { @@ -676,14 +882,14 @@ "flake-compat": "flake-compat_3", "lib-aggregate": "lib-aggregate", "nix-eval-jobs": "nix-eval-jobs", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1730425081, - "narHash": "sha256-c8JK1Zuc9QjfLfbnAEtB3uHz5pd+RMgMiR263TEtwAs=", + "lastModified": 1730824362, + "narHash": "sha256-gRQr2K0vo2xuaPC8v11ZkViVlvj3SSn5DwzLYLhlEJ4=", "owner": "nix-community", "repo": "nixpkgs-wayland", - "rev": "968d7a95604a2ec252ce9912199dfa9ec6410ff0", + "rev": "c20dd1acb20fb0bb10671f43435ee7df7c6b8657", "type": "github" }, "original": { @@ -693,6 +899,38 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1722421184, + "narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1722415718, + "narHash": "sha256-5US0/pgxbMksF92k1+eOa8arJTJiPvsdZj9Dl+vJkM4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c3392ad349a5227f4a3464dce87bcc5046692fce", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1723221148, "narHash": "sha256-7pjpeQlZUNQ4eeVntytU3jkw9dFK3k1Htgk2iuXjaD8=", @@ -708,13 +946,13 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_5": { "locked": { - "lastModified": 1730200266, - "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=", + "lastModified": 1730531603, + "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", + "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", "type": "github" }, "original": { @@ -724,6 +962,34 @@ "type": "github" } }, + "nixvim": { + "inputs": { + "devshell": "devshell", + "flake-compat": "flake-compat_4", + "flake-parts": "flake-parts_4", + "git-hooks": "git-hooks", + "home-manager": "home-manager", + "nix-darwin": "nix-darwin", + "nixpkgs": [ + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix_3" + }, + "locked": { + "lastModified": 1730550779, + "narHash": "sha256-2stntmqw/GBOVEoPV4oCLHZljpeSBfZn8wkcJpei+ng=", + "owner": "nix-community", + "repo": "nixvim", + "rev": "91c06026075f08a3c865fdc46cc6db8e2af35a1e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "nixos-24.05", + "repo": "nixvim", + "type": "github" + } + }, "ofi-pass": { "flake": false, "locked": { @@ -791,6 +1057,7 @@ "jay": "jay", "logseq_0_10_9_aarch64_appimage": "logseq_0_10_9_aarch64_appimage", "nix-vscode-extensions": "nix-vscode-extensions", + "nix4vscode": "nix4vscode", "nixos-anywhere": "nixos-anywhere", "nixpkgs": [ "nixpkgs-2405" @@ -803,6 +1070,7 @@ "nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-vscodium": "nixpkgs-vscodium", "nixpkgs-wayland": "nixpkgs-wayland", + "nixvim": "nixvim", "ofi-pass": "ofi-pass", "openvscode-server": "openvscode-server", "prs": "prs", @@ -835,11 +1103,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1730386175, - "narHash": "sha256-0Uq+/B8eu7pw8B8pxuGdFYKjcVLwNMcHfDxU9sXh7rg=", + "lastModified": 1730749868, + "narHash": "sha256-b8UMpLh61z6T4J1NObustAuFGoJiAKBTaPTrEf3Amts=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "0ba893e1a00d92557ac91efb771d72eee36ca687", + "rev": "b51f9bc736dc0472481a47d7c05de2901323e543", "type": "github" }, "original": { @@ -849,6 +1117,24 @@ "type": "github" } }, + "rust-overlay": { + "inputs": { + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1722565199, + "narHash": "sha256-2eek4vZKsYg8jip2WQWvAOGMMboQ40DIrllpsI6AlU4=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "a9cd2009fb2eeacfea785b45bdbbc33612bba1f1", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "sops-nix": { "inputs": { "nixpkgs": [ @@ -857,11 +1143,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1729999681, - "narHash": "sha256-qm0uCtM9bg97LeJTKQ8dqV/FvqRN+ompyW4GIJruLuw=", + "lastModified": 1730746162, + "narHash": "sha256-ZGmI+3AbT8NkDdBQujF+HIxZ+sWXuyT6X8B49etWY2g=", "owner": "Mic92", "repo": "sops-nix", - "rev": "1666d16426abe79af5c47b7c0efa82fd31bf4c56", + "rev": "59d6988329626132eaf107761643f55eb979eef1", "type": "github" }, "original": { @@ -877,11 +1163,11 @@ ] }, "locked": { - "lastModified": 1730335989, - "narHash": "sha256-hG7H+EcNZfNa5tsUzMX+NBYpG4viCTvfRp5t7ZUnKW8=", + "lastModified": 1730682372, + "narHash": "sha256-GU8ghhVS7ctcV4Cy1W3X/N6KtmJNVptirIzkA7NMxp8=", "owner": "numtide", "repo": "srvos", - "rev": "b80b3ffabd20e39b579f45a33e638bbb1b297b60", + "rev": "a9f2ae9fb213b6175c71cd6aecfdb366979d2e0c", "type": "github" }, "original": { @@ -892,11 +1178,11 @@ }, "stable": { "locked": { - "lastModified": 1724316499, - "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", + "lastModified": 1730883749, + "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", + "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede", "type": "github" }, "original": { @@ -951,6 +1237,21 @@ "type": "github" } }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -994,6 +1295,27 @@ "type": "github" } }, + "treefmt-nix_3": { + "inputs": { + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730321837, + "narHash": "sha256-vK+a09qq19QNu2MlLcvN4qcRctJbqWkX7ahgPZ/+maI=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "746901bb8dba96d154b66492a29f5db0693dbfcc", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "x13s-bt-firmware": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index 1b33c04..f4dce46 100644 --- a/flake.nix +++ b/flake.nix @@ -122,6 +122,11 @@ }; nixpkgs-kanidm.url = "github:steveej-forks/nixpkgs/kanidm"; + nix4vscode.url = "github:nix-community/nix4vscode"; + nixvim = { + url = "github:nix-community/nixvim/nixos-24.05"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = inputs @ { diff --git a/nix/devShells.nix b/nix/devShells.nix index 7ffa977..fabf520 100644 --- a/nix/devShells.nix +++ b/nix/devShells.nix @@ -85,6 +85,7 @@ in { screen inputs'.nixpkgs-kanidm.legacyPackages.kanidm + inputs'.nix4vscode.packages.default ]; # Set Environment Variables diff --git a/nix/scripts/nix4vscode/config.toml b/nix/scripts/nix4vscode/config.toml new file mode 100644 index 0000000..55c54da --- /dev/null +++ b/nix/scripts/nix4vscode/config.toml @@ -0,0 +1,5 @@ +vscode_version = "1.94.2" + +[[extensions]] +publisher_name = "FelixZeller" +extension_name = "markdown-oxide" From 0e1ddd4fd396167a8e1dcc8ddae2cc05dbfae1b3 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 11 Nov 2024 21:45:17 +0100 Subject: [PATCH 199/305] chore(flake): attempt update of prs however not proceed v0.5.2 has broken shell completion, not clear why yet --- flake.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index f4dce46..1a53f44 100644 --- a/flake.nix +++ b/flake.nix @@ -74,10 +74,8 @@ }; prs = { - # https://gitlab.com/timvisee/prs/-/merge_requests/42/ - # $ find "$(dirname $(readlink $(which prs)))/.." -name "_prs" + # url = "gitlab:timvisee/prs/v0.5.2"; url = "gitlab:timvisee/prs/07f17a93d19fb6bc92c9c7f3ae3f5cc750b1f973"; - # url = "gitlab:steveej/prs/zsh-autocomplete-query"; flake = false; }; From 70401e484afafcaae57ccd0aa8f0f675548774ea Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 11 Nov 2024 21:46:26 +0100 Subject: [PATCH 200/305] nix/neovim: switch to using nixvim and partially migrate --- nix/home-manager/programs/neovim.nix | 250 +++++++++++++++------------ 1 file changed, 143 insertions(+), 107 deletions(-) diff --git a/nix/home-manager/programs/neovim.nix b/nix/home-manager/programs/neovim.nix index e169eea..be7e02b 100644 --- a/nix/home-manager/programs/neovim.nix +++ b/nix/home-manager/programs/neovim.nix @@ -1,131 +1,167 @@ { + repoFlake, pkgs, lib, ... -}: let -in { - # FIXME: this doesn't work - home.sessionVariables.EDITOR = "nvim"; +}: { + imports = [ + repoFlake.inputs.nixvim.homeManagerModules.nixvim + ]; - programs.neovim = { + programs.nixvim = { enable = true; + defaultEditor = true; + vimdiffAlias = true; + vimAlias = true; extraPython3Packages = ps: with ps; []; - extraConfig = builtins.readFile ./neovim/vimrc; + # extraConfigVim = builtins.readFile ./neovim/vimrc; - plugins = with pkgs; - [ - # yaml-folds - { - plugin = vimUtils.buildVimPlugin { - name = "vim-yaml-folds"; - src = fetchFromGitHub { - owner = "pedrohdz"; - repo = "vim-yaml-folds"; - rev = "890ccd8e5370808d569e96dbb06cbeca2cf5993a"; - sha256 = "018z6xcwrq58q6lj6gwhrifjaxkmrlkkg0n86s6mjjlwkbs2qa4m"; - }; - buildInputs = [zip vim]; - }; - } + clipboard = { + register = "unnamedplus"; + providers.wl-copy.enable = true; + }; - { - plugin = vimUtils.buildVimPlugin { - name = "vim-yaml"; - src = fetchFromGitHub { - owner = "stephpy"; - repo = "vim-yaml"; - rev = "e97e063b16eba4e593d620676a0a15fa98613979"; - sha256 = "0vqahbrnr43lxanpziyrmzaqqb3cmyny8ry1xvmy2xyd1larzfrk"; - }; - }; - } + plugins = { + airline = { + enable = true; + settings = { + powerline_fonts = true; + skip_empty_sections = true; + theme = "papercolor"; + }; + }; + fugitive.enable = true; + gitblame.enable = true; + lsp = { + enable = true; + }; - # broken 2021-06-08 - # { - # plugin = vimUtils.buildVimPlugin { - # name = "vim-markdown-toc"; - # src = fetchFromGitHub { - # owner = "mzlogin"; - # repo = "vim-markdown-toc"; - # rev = "b7bb6c37033d3a6c93906af48dc0e689bd948638"; - # sha256 = "026xf2gid4qivwawh7if3nfk7zja9di0flhdzdx82lvil9x48lyz"; - # }; - # }; - # } + nix.enable = true; - # broken 2021-06-08 - # { - # plugin = vimUtils.buildVimPlugin { - # name = "vim-perl"; - # src = fetchFromGitHub { - # owner = "vim-perl"; - # repo = "vim-perl"; - # rev = "f330b5d474c44e6cfae22ba50868093dea3e9adb"; - # sha256 = "1dy40ixgixj0536c5ggra51b4yd1lbw4j6l0j5zc3diasb7m2gvr"; - # }; - # }; - # } + # TODO: enable in next release + # numbertoggle.enable = true; - { - plugin = vimUtils.buildVimPlugin { - name = "git-blame"; - src = fetchFromGitHub { - "owner" = "zivyangll"; - "repo" = "git-blame.vim"; - "rev" = "9d144b7bed5d8f1c9259551768b7f3b3d1294917"; - "sha256" = "06zb5xcc59k25rpwl46j82fcqckiznmj97v6i0mwlb8jhqqrhy9j"; - }; - }; - } - ] - ++ (with pkgs.vimPlugins; [ - delimitMate - vim-airline - vim-airline-themes - ctrlp - vim-css-color - rainbow_parentheses - vim-colorschemes - vim-colorstepper - vim-signify - fugitive - vim-indent-guides - UltiSnips - fzfWrapper + # successfor to ctrlp and fzf + telescope.enable = true; - ncm2 - ncm2-bufword - ncm2-path - ncm2-tmux - ncm2-ultisnips - nvim-yarp + todo-comments.enable = true; - LanguageClient-neovim + toggleterm.enable = true; - Improved-AnsiEsc - tabular + treesitter = { + enable = true; - # Nix - vim-addon-nix - tlib - vim-addon-vim2nix + grammarPackages = with pkgs.vimPlugins.nvim-treesitter.builtGrammars; [ + bash + json + lua + make + markdown + nix + regex + toml + vim + vimdoc + xml + yaml + ]; + }; - # LaTeX - vim-latex-live-preview - vimtex + treesitter-context.enable = true; + treesitter-refactor.enable = true; - # YAML - vim-yaml + # This plugin trims trailing whitespace and lines. + trim.enable = true; + }; - # markdown - vim-markdown - vim-markdown-toc + # plugins = with pkgs; + # [ + # # yaml-folds + # { + # plugin = vimUtils.buildVimPlugin { + # name = "vim-yaml-folds"; + # src = fetchFromGitHub { + # owner = "pedrohdz"; + # repo = "vim-yaml-folds"; + # rev = "890ccd8e5370808d569e96dbb06cbeca2cf5993a"; + # sha256 = "018z6xcwrq58q6lj6gwhrifjaxkmrlkkg0n86s6mjjlwkbs2qa4m"; + # }; + # buildInputs = [zip vim]; + # }; + # } - # misc syntax support - vim-bazel - maktaba - ]); + # { + # plugin = vimUtils.buildVimPlugin { + # name = "vim-yaml"; + # src = fetchFromGitHub { + # owner = "stephpy"; + # repo = "vim-yaml"; + # rev = "e97e063b16eba4e593d620676a0a15fa98613979"; + # sha256 = "0vqahbrnr43lxanpziyrmzaqqb3cmyny8ry1xvmy2xyd1larzfrk"; + # }; + # }; + # } + + # { + # plugin = vimUtils.buildVimPlugin { + # name = "git-blame"; + # src = fetchFromGitHub { + # "owner" = "zivyangll"; + # "repo" = "git-blame.vim"; + # "rev" = "9d144b7bed5d8f1c9259551768b7f3b3d1294917"; + # "sha256" = "06zb5xcc59k25rpwl46j82fcqckiznmj97v6i0mwlb8jhqqrhy9j"; + # }; + # }; + # } + # ] + # ++ (with pkgs.vimPlugins; [ + # delimitMate + # vim-airline + # vim-airline-themes + # ctrlp + # vim-css-color + # rainbow_parentheses + # vim-colorschemes + # vim-colorstepper + # vim-signify + # fugitive + # vim-indent-guides + # UltiSnips + # fzfWrapper + + # ncm2 + # ncm2-bufword + # ncm2-path + # ncm2-tmux + # ncm2-ultisnips + # nvim-yarp + + # LanguageClient-neovim + + # Improved-AnsiEsc + # tabular + + # # Nix + # vim-addon-nix + # tlib + # vim-addon-vim2nix + + # # LaTeX + # vim-latex-live-preview + # vimtex + + # # YAML + # vim-yaml + + # # markdown + # vim-markdown + # vim-markdown-toc + + # # misc syntax support + # vim-bazel + # maktaba + # ]); }; } From b85be7893a0b881d137555d5d30bcfc9fc72dfd7 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 11 Nov 2024 21:47:46 +0100 Subject: [PATCH 201/305] feat(steveej-x13s,graphical-fullblown): bump kernel and use libcamera w/ deps from unstable --- .../configuration/graphical-fullblown.nix | 5 +-- nix/os/devices/steveej-x13s/flake.lock | 34 +++++++++--------- nix/os/devices/steveej-x13s/flake.nix | 35 +++++++++++++------ nix/os/lib/default.nix | 1 + 4 files changed, 46 insertions(+), 29 deletions(-) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 5798fac..82aa101 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -8,8 +8,9 @@ packages', ... }: let - # pkgsMaster = nodeFlake.inputs.nixpkgs-master.legacyPackages.${pkgs.system}; - pkgsUnstable = import nodeFlake.inputs.nixpkgs-unstable {inherit (pkgs) system config;}; + pkgsUnstable = + pkgs.pkgsUnstable + or (import nodeFlake.inputs.nixpkgs-unstable {inherit (pkgs) system config overlays;}); in { imports = [ ../profiles/common.nix diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 5425600..e9dcc75 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1730190761, - "narHash": "sha256-o5m5WzvY6cGIDupuOvjgNSS8AN6yP2iI9MtUC6q/uos=", + "lastModified": 1731060864, + "narHash": "sha256-aYE7oAYZ+gPU1mPNhM0JwLAQNgjf0/JK1BF1ln2KBgk=", "owner": "nix-community", "repo": "disko", - "rev": "3979285062d6781525cded0f6c4ff92e71376b55", + "rev": "5e40e02978e3bd63c2a6a9fa6fa8ba0e310e747f", "type": "github" }, "original": { @@ -165,16 +165,16 @@ "linux-jhovold": { "flake": false, "locked": { - "lastModified": 1730186574, - "narHash": "sha256-QjStPt3c/v55lJUgn4Rdx/WTaQKdUxNL9nwkIKQ8O2Q=", + "lastModified": 1730883079, + "narHash": "sha256-+ZU70M+mqo9SZNLkVtCM0+TdXEh7X39Kxmk6z58GMaM=", "owner": "jhovold", "repo": "linux", - "rev": "699d5b0ccdc1a343ded65aa876f0b720ca7dada9", + "rev": "9e9890798b6b4e81db66c572ee6acd291cf8cb77", "type": "github" }, "original": { "owner": "jhovold", - "ref": "wip/sc8280xp-6.12-rc5", + "ref": "wip/sc8280xp-6.12-rc6", "repo": "linux", "type": "github" } @@ -247,11 +247,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1730215039, - "narHash": "sha256-GxhtLAsdpZX2SndSu/AoKugk/vht5RZ47FTcrYILDew=", + "lastModified": 1731101150, + "narHash": "sha256-M9xa6UX6eidLFEfwHWkHkFJ+OgjuFqCIvuqsDSReyy4=", "ref": "bump", - "rev": "ff41877fbdf32f2029ade902f10142afb053d2da", - "revCount": 116, + "rev": "b74e8bfe82f059a5854cfc40f7206191edff365d", + "revCount": 117, "type": "git", "url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git" }, @@ -291,11 +291,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1730327045, - "narHash": "sha256-xKel5kd1AbExymxoIfQ7pgcX6hjw9jCgbiBjiUfSVJ8=", + "lastModified": 1730883749, + "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "080166c15633801df010977d9d7474b4a6c549d7", + "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede", "type": "github" }, "original": { @@ -307,11 +307,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1730200266, - "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=", + "lastModified": 1730785428, + "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", + "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7", "type": "github" }, "original": { diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index aa74be0..09b27a1 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -85,7 +85,12 @@ inherit mkNixosConfiguration; }; - overlays.libcamera = final: previous: { + overlays.libcamera = final: previous: let + webkitgtkPreConfigure = '' + export NIX_BUILD_CORES="$((NIX_BUILD_CORES > 2 ? 2 : NIX_BUILD_CORES))" + export NUMBER_OF_PROCESSORS="$NIX_BUILD_CORES" + ''; + in { wireplumber = previous.wireplumber.overrideAttrs (_: { version = "git"; src = previous.fetchFromGitLab { @@ -108,6 +113,21 @@ ../src/ipa/ipa-sign-install.sh src/ipa-priv-key.pem $out/lib/libcamera/ipa_*.so ''; }); + + webkitgtk = previous.webkitgtk.overrideAttrs (attrs: { + preConfigure = + attrs.preConfigure + webkitgtkPreConfigure; + }); + + webkitgtk_4_1 = previous.webkitgtk_4_1.overrideAttrs (attrs: { + preConfigure = + attrs.preConfigure + webkitgtkPreConfigure; + }); + + webkitgtk_6_0 = previous.webkitgtk_6_0.overrideAttrs (attrs: { + preConfigure = + attrs.preConfigure + webkitgtkPreConfigure; + }); }; overlays.default = final: previous: let @@ -117,19 +137,14 @@ overlays = [self.overlays.libcamera]; }; in { + inherit pkgsUnstable; inherit (pkgsUnstable) libcamera + webkitgtk + webkitgtk_4_1 + webkitgtk_6_0 ; - - webkitgtk = previous.webkitgtk.overrideAttrs (attrs: { - preConfigure = - attrs.preConfigure - + '' - export NIX_BUILD_CORES="$((NIX_BUILD_CORES > 8 ? 8 : NIX_BUILD_CORES))" - export NUMBER_OF_PROCESSORS="$NIX_BUILD_CORES" - ''; - }); }; nixosConfigurations = { diff --git a/nix/os/lib/default.nix b/nix/os/lib/default.nix index 9537cf0..03bf5e7 100644 --- a/nix/os/lib/default.nix +++ b/nix/os/lib/default.nix @@ -27,6 +27,7 @@ in { "adbusers" "scanner" "lp" + "kvm" ]; openssh.authorizedKeys.keys = keys.users.steveej.openssh; From 439a8184392924adf13d71389265281b83372c0c Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 11 Nov 2024 21:48:45 +0100 Subject: [PATCH 202/305] feat(vscodium): bump and add markdown-oxide extensions --- .../configuration/graphical-fullblown.nix | 5 ++++ .../programs/openvscode-server.nix | 4 +-- nix/home-manager/programs/vscode/default.nix | 30 +++++++++++++------ 3 files changed, 28 insertions(+), 11 deletions(-) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 82aa101..ac0914d 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -34,6 +34,11 @@ in { ../programs/libreoffice.nix ../programs/neovim.nix ../programs/vscode + { + home.packages = [ + pkgsUnstable.markdown-oxide + ]; + } ]; home.sessionVariables.HM_CONFIG = "graphical-fullblown"; diff --git a/nix/home-manager/programs/openvscode-server.nix b/nix/home-manager/programs/openvscode-server.nix index d9239b2..6e74406 100644 --- a/nix/home-manager/programs/openvscode-server.nix +++ b/nix/home-manager/programs/openvscode-server.nix @@ -32,8 +32,8 @@ in { (pkgsVscodium.openvscode-server.overrideAttrs (attrs: { src = repoFlake.inputs.openvscode-server; - version = "1.88.1"; - yarnCache = attrs.yarnCache.overrideAttrs (_: {outputHash = "sha256-89c6GYLT2RzHqwxBKegYqB6g5rEJ6/nH53cnfV7b0Ts=";}); + version = "1.94.2"; + yarnCache = attrs.yarnCache.overrideAttrs (_: {outputHash = "sha256-89c6GYLT2RzHqwxBKegYqB6g5rEJ6/nH53cnfV7b0Tt=";}); })) pkgs.waypipe diff --git a/nix/home-manager/programs/vscode/default.nix b/nix/home-manager/programs/vscode/default.nix index 6dbbb63..2746fcb 100644 --- a/nix/home-manager/programs/vscode/default.nix +++ b/nix/home-manager/programs/vscode/default.nix @@ -46,18 +46,30 @@ in { ] ++ (let extensions = repoFlake.inputs.nix-vscode-extensions.extensions.${pkgs.system}; - in (with extensions.vscode-marketplace; [ - tamasfe.even-better-toml + in ( + with extensions.vscode-marketplace; + with extensions.vscode-marketplace-release; [ + tamasfe.even-better-toml - serayuzgur.crates - rust-lang.rust-analyzer - swellaby.vscode-rust-test-adapter + serayuzgur.crates + rust-lang.rust-analyzer + swellaby.vscode-rust-test-adapter - golang.go - jeff-hykin.better-go-syntax + golang.go + jeff-hykin.better-go-syntax - ibecker.treefmt-vscode - ]))); + ibecker.treefmt-vscode + ] + ))) + ++ [ + (pkgsVscodium.vscode-utils.extensionFromVscodeMarketplace + { + name = "markdown-oxide"; + publisher = "felixzeller"; + version = "1.1.0"; + sha256 = "07l37hkg106m3nl9530l7i39iw1kibckv1zi4n23gbp7srdrwbs3"; + }) + ]; mutableExtensionsDir = true; }; From b60a4e2b535cf0bdf3731ed497700c013db35f52 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 11 Nov 2024 21:49:08 +0100 Subject: [PATCH 203/305] chore(systemd-resolved): prepare listening on IPv6 locally --- nix/os/snippets/systemd-resolved.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/nix/os/snippets/systemd-resolved.nix b/nix/os/snippets/systemd-resolved.nix index 1995545..3b8c145 100644 --- a/nix/os/snippets/systemd-resolved.nix +++ b/nix/os/snippets/systemd-resolved.nix @@ -18,5 +18,10 @@ dnsovertls = "opportunistic"; fallbackDns = lib.mkForce []; + + # TODO: IPv6 + # extraConfig = '' + # DNSStubListenerExtra=[::1]:53 + # ''; }; } From 7c9b745a3e66debfbe20ed0131872ff3ed20a2ab Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 14 Nov 2024 14:46:32 +0100 Subject: [PATCH 204/305] feat(vscode): manage extensions --- nix/home-manager/programs/vscode/default.nix | 4 +- .../programs/vscode}/nix4vscode/config.toml | 4 ++ .../programs/vscode/nix4vscode/default.nix | 56 +++++++++++++++++++ 3 files changed, 61 insertions(+), 3 deletions(-) rename nix/{scripts => home-manager/programs/vscode}/nix4vscode/config.toml (58%) create mode 100644 nix/home-manager/programs/vscode/nix4vscode/default.nix diff --git a/nix/home-manager/programs/vscode/default.nix b/nix/home-manager/programs/vscode/default.nix index 2746fcb..1318aaf 100644 --- a/nix/home-manager/programs/vscode/default.nix +++ b/nix/home-manager/programs/vscode/default.nix @@ -25,9 +25,8 @@ in { tomoki1207.pdf vscodevim.vim - bbenoist.nix + # bbenoist.nix jnoortheen.nix-ide - # kamadorueda.alejandra ms-vscode.theme-tomorrowkit nonylene.dark-molokai-theme @@ -75,7 +74,6 @@ in { home.packages = [ pkgs.nixpkgs-fmt - pkgs.alejandra pkgs.nil ]; } diff --git a/nix/scripts/nix4vscode/config.toml b/nix/home-manager/programs/vscode/nix4vscode/config.toml similarity index 58% rename from nix/scripts/nix4vscode/config.toml rename to nix/home-manager/programs/vscode/nix4vscode/config.toml index 55c54da..38f9978 100644 --- a/nix/scripts/nix4vscode/config.toml +++ b/nix/home-manager/programs/vscode/nix4vscode/config.toml @@ -3,3 +3,7 @@ vscode_version = "1.94.2" [[extensions]] publisher_name = "FelixZeller" extension_name = "markdown-oxide" + +[[extensions]] +publisher_name = "ibecker" +extension_name = "treefmt-vscode" diff --git a/nix/home-manager/programs/vscode/nix4vscode/default.nix b/nix/home-manager/programs/vscode/nix4vscode/default.nix new file mode 100644 index 0000000..5cc0669 --- /dev/null +++ b/nix/home-manager/programs/vscode/nix4vscode/default.nix @@ -0,0 +1,56 @@ +{ + pkgs, + lib, +}: let + inherit (pkgs.stdenv) isDarwin isLinux isi686 isx86_64 isAarch32 isAarch64; + vscode-utils = pkgs.vscode-utils; + merge = lib.attrsets.recursiveUpdate; +in + merge + (merge + (merge + (merge + { + "felixzeller"."markdown-oxide" = vscode-utils.extensionFromVscodeMarketplace { + name = "markdown-oxide"; + publisher = "felixzeller"; + version = "1.1.0"; + sha256 = "07l37hkg106m3nl9530l7i39iw1kibckv1zi4n23gbp7srdrwbs3"; + }; + } + (lib.attrsets.optionalAttrs (isLinux && (isi686 || isx86_64)) { + "ibecker"."treefmt-vscode" = vscode-utils.extensionFromVscodeMarketplace { + name = "treefmt-vscode"; + publisher = "ibecker"; + version = "2.1.0"; + sha256 = "1r17wjpw8xiha5r9h3146facxghpcp416zf8551sw93cmam9ky6j"; + arch = "linux-x64"; + }; + })) + (lib.attrsets.optionalAttrs (isLinux && (isAarch32 || isAarch64)) { + "ibecker"."treefmt-vscode" = vscode-utils.extensionFromVscodeMarketplace { + name = "treefmt-vscode"; + publisher = "ibecker"; + version = "2.1.0"; + sha256 = "0swvl7fkjcwp43grnrhnmy60a5m3hfwawk204byi8hhbczy131li"; + arch = "linux-arm64"; + }; + })) + (lib.attrsets.optionalAttrs (isDarwin && (isi686 || isx86_64)) { + "ibecker"."treefmt-vscode" = vscode-utils.extensionFromVscodeMarketplace { + name = "treefmt-vscode"; + publisher = "ibecker"; + version = "2.1.0"; + sha256 = "1swq9hy6a9nzkrn07j21g59pyk2m7aqsfi1pphl9l9y8p4zwiaqm"; + arch = "darwin-x64"; + }; + })) + (lib.attrsets.optionalAttrs (isDarwin && (isAarch32 || isAarch64)) { + "ibecker"."treefmt-vscode" = vscode-utils.extensionFromVscodeMarketplace { + name = "treefmt-vscode"; + publisher = "ibecker"; + version = "2.1.0"; + sha256 = "1xg3wnn3f1kvsz5a09l0cjpzfm3l9va73cahbvl14mx3n6734r2m"; + arch = "darwin-arm64"; + }; + }) From 80250b0179d67b42e8687a944e986a14f1dc4aac Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 14 Nov 2024 14:47:14 +0100 Subject: [PATCH 205/305] feat: prepare for treefmt-nix --- .vscode/settings.json | 2 +- flake.lock | 21 +++++++++++++++++++++ flake.nix | 6 +++++- nix/devShells.nix | 1 + 4 files changed, 28 insertions(+), 2 deletions(-) diff --git a/.vscode/settings.json b/.vscode/settings.json index 8ace7b1..79eb182 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -11,7 +11,7 @@ }, "formatting": { "command": [ - "alejandra", + "treefmt-nix", ] } } diff --git a/flake.lock b/flake.lock index 785838f..4ea2cd8 100644 --- a/flake.lock +++ b/flake.lock @@ -1080,6 +1080,7 @@ "rperf": "rperf", "sops-nix": "sops-nix", "srvos": "srvos", + "treefmt-nix": "treefmt-nix_4", "x13s-bt-firmware": "x13s-bt-firmware", "yofi": "yofi" } @@ -1316,6 +1317,26 @@ "type": "github" } }, + "treefmt-nix_4": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730321837, + "narHash": "sha256-vK+a09qq19QNu2MlLcvN4qcRctJbqWkX7ahgPZ/+maI=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "746901bb8dba96d154b66492a29f5db0693dbfcc", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "x13s-bt-firmware": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index 1a53f44..d1d4106 100644 --- a/flake.nix +++ b/flake.nix @@ -125,6 +125,10 @@ url = "github:nix-community/nixvim/nixos-24.05"; inputs.nixpkgs.follows = "nixpkgs"; }; + treefmt-nix = { + url = "github:numtide/treefmt-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = inputs @ { @@ -325,7 +329,7 @@ ''; }; - formatter = pkgs.alejandra; + formatter = inputs.treefmt-nix.formatter.${system}; devShells = let all = import ./nix/devShells.nix { diff --git a/nix/devShells.nix b/nix/devShells.nix index fabf520..1358f30 100644 --- a/nix/devShells.nix +++ b/nix/devShells.nix @@ -24,6 +24,7 @@ in { self'.devShells.install ]; packages = with pkgs; [ + self'.formatter inputs'.colmena.packages.colmena dconf2nix inputs'.nixos-anywhere.packages.nixos-anywhere From 27c6c4f9fac615341df0d673c5f233c358bccdf3 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 15 Nov 2024 10:17:56 +0100 Subject: [PATCH 206/305] feat: introduce treefmt and fmt all --- .gitignore | 3 + .sops.yaml | 140 +- .vscode/settings.json | 36 +- README.md | 56 +- default.nix | 7 +- flake.lock | 208 ++- flake.nix | 471 ++++--- nix/container-images/build.sh | 4 +- nix/container-images/default.nix | 176 +-- nix/default.nix | 42 +- nix/devShells.nix | 22 +- .../configuration/graphical-fullblown.nix | 49 +- .../configuration/graphical-gnome3.nix | 17 +- .../configuration/graphical-removable.nix | 143 +- nix/home-manager/lib.nix | 29 +- nix/home-manager/profiles/common.nix | 79 +- nix/home-manager/profiles/dotfiles.nix | 43 +- .../profiles/dotfiles/vcsh.tmpl.nix | 62 +- .../profiles/experimental-desktop.nix | 14 +- nix/home-manager/profiles/gnome-desktop.nix | 115 +- nix/home-manager/profiles/nix-channels.nix | 38 +- nix/home-manager/profiles/qtile-desktop.nix | 21 +- nix/home-manager/profiles/sway-desktop.nix | 235 ++-- nix/home-manager/profiles/wayland-desktop.nix | 21 +- nix/home-manager/programs/chromium.nix | 38 +- nix/home-manager/programs/espanso.nix | 115 +- nix/home-manager/programs/firefox.nix | 7 +- nix/home-manager/programs/gpg-agent.nix | 10 +- nix/home-manager/programs/homeshick.nix | 35 +- nix/home-manager/programs/libreoffice.nix | 5 +- nix/home-manager/programs/neovim.nix | 12 +- nix/home-manager/programs/obs-studio.nix | 34 +- .../programs/openvscode-server.nix | 32 +- nix/home-manager/programs/pass.nix | 5 +- nix/home-manager/programs/radicale.nix | 80 +- nix/home-manager/programs/redshift.nix | 10 +- nix/home-manager/programs/salut.nix | 21 +- nix/home-manager/programs/vscode/default.nix | 49 +- .../programs/vscode/nix4vscode/default.nix | 72 +- nix/home-manager/programs/waybar.css | 7 +- nix/home-manager/programs/waybar.nix | 20 +- nix/home-manager/programs/zsh.nix | 125 +- nix/modules/flake-parts/colmena.nix | 5 +- nix/modules/flake-parts/perSystem/default.nix | 61 +- nix/os/cachix.nix | 14 +- nix/os/cachix/nixpkgs-wayland.nix | 4 +- nix/os/containers/backup.nix | 157 ++- nix/os/containers/mailserver.nix | 358 +++--- nix/os/containers/mailserver_secrets.yaml | 66 +- nix/os/containers/mycelium/flake.nix | 641 ++++----- nix/os/containers/syncthing.nix | 33 +- nix/os/containers/webserver.nix | 778 +++++------ nix/os/containers/webserver_secrets.yaml | 66 +- nix/os/devices/default.nix | 58 +- nix/os/devices/disk.nix | 53 +- nix/os/devices/elias-e525/boot.nix | 3 +- nix/os/devices/elias-e525/configuration.nix | 3 +- nix/os/devices/elias-e525/default.nix | 10 +- nix/os/devices/elias-e525/flake.nix | 2 +- nix/os/devices/elias-e525/hw.nix | 2 +- nix/os/devices/elias-e525/pkg.nix | 18 +- nix/os/devices/elias-e525/system.nix | 15 +- nix/os/devices/elias-e525/user.nix | 13 +- nix/os/devices/fwhost1/boot.nix | 3 +- nix/os/devices/fwhost1/configuration.nix | 3 +- nix/os/devices/fwhost1/hw.nix | 3 +- nix/os/devices/fwhost1/pkg.nix | 18 +- nix/os/devices/fwhost1/system.nix | 19 +- nix/os/devices/fwhost1/user.nix | 10 +- nix/os/devices/fwhost1/versions.nix | 7 +- nix/os/devices/fwhost1/versions.tmpl.nix | 7 +- nix/os/devices/fwhost2/boot.nix | 3 +- nix/os/devices/fwhost2/configuration.nix | 3 +- nix/os/devices/fwhost2/hw.nix | 3 +- nix/os/devices/fwhost2/pkg.nix | 18 +- nix/os/devices/fwhost2/system.nix | 20 +- nix/os/devices/fwhost2/user.nix | 10 +- nix/os/devices/fwhost2/versions.nix | 7 +- nix/os/devices/fwhost2/versions.tmpl.nix | 7 +- nix/os/devices/hstk0/README.md | 3 +- nix/os/devices/hstk0/configuration.nix | 99 +- nix/os/devices/hstk0/default.nix | 19 +- nix/os/devices/hstk0/flake.nix | 57 +- nix/os/devices/hydra.json | 34 +- nix/os/devices/justyna-p300/boot.nix | 3 +- nix/os/devices/justyna-p300/configuration.nix | 3 +- nix/os/devices/justyna-p300/default.nix | 10 +- nix/os/devices/justyna-p300/flake.nix | 4 +- nix/os/devices/justyna-p300/hw.nix | 16 +- nix/os/devices/justyna-p300/pkg.nix | 45 +- nix/os/devices/justyna-p300/system.nix | 19 +- nix/os/devices/justyna-p300/user.nix | 12 +- nix/os/devices/router0-dmz0/configuration.nix | 1145 ++++++++--------- nix/os/devices/router0-dmz0/default.nix | 21 +- nix/os/devices/router0-dmz0/flake.nix | 107 +- .../router0-hosthatch/configuration.nix | 35 +- nix/os/devices/router0-hosthatch/default.nix | 20 +- nix/os/devices/router0-hosthatch/flake.nix | 2 +- nix/os/devices/router0-ifog/configuration.nix | 35 +- nix/os/devices/router0-ifog/default.nix | 20 +- nix/os/devices/router0-ifog/flake.nix | 2 +- nix/os/devices/sj-srv1/boot.nix | 4 +- nix/os/devices/sj-srv1/configuration.nix | 8 +- nix/os/devices/sj-srv1/default.nix | 10 +- nix/os/devices/sj-srv1/flake.nix | 2 +- nix/os/devices/sj-srv1/hw.nix | 6 +- nix/os/devices/sj-srv1/system.nix | 116 +- nix/os/devices/sj-vps-htz0/boot.nix | 5 +- nix/os/devices/sj-vps-htz0/configuration.nix | 8 +- nix/os/devices/sj-vps-htz0/default.nix | 10 +- nix/os/devices/sj-vps-htz0/flake.nix | 2 +- nix/os/devices/sj-vps-htz0/hw.nix | 6 +- nix/os/devices/sj-vps-htz0/system.nix | 42 +- nix/os/devices/srv0-dmz0/README.md | 3 +- nix/os/devices/srv0-dmz0/configuration.nix | 26 +- nix/os/devices/srv0-dmz0/default.nix | 10 +- nix/os/devices/srv0-dmz0/flake.nix | 2 +- .../srv0.home-ch.stefanjunker.de/boot.nix | 4 +- .../configuration.nix | 5 +- .../srv0.home-ch.stefanjunker.de/hw.nix | 6 +- .../srv0.home-ch.stefanjunker.de/pkg.nix | 23 +- .../srv0.home-ch.stefanjunker.de/system.nix | 25 +- .../srv0.home-ch.stefanjunker.de/versions.nix | 3 +- .../versions.tmpl.nix | 3 +- .../steveej-nuc7pjyh-work/configuration.nix | 3 +- nix/os/devices/steveej-nuc7pjyh-work/hw.nix | 2 +- .../devices/steveej-nuc7pjyh-work/system.nix | 8 +- nix/os/devices/steveej-nuc7pjyh-work/user.nix | 15 +- nix/os/devices/steveej-pa600/boot.nix | 3 +- .../devices/steveej-pa600/configuration.nix | 3 +- nix/os/devices/steveej-pa600/hw.nix | 6 +- nix/os/devices/steveej-pa600/pkg.nix | 13 +- nix/os/devices/steveej-pa600/system.nix | 18 +- nix/os/devices/steveej-pa600/user.nix | 13 +- nix/os/devices/steveej-pa600/versions.nix | 7 +- .../devices/steveej-pa600/versions.tmpl.nix | 7 +- .../configuration.nix | 3 +- .../steveej-rmvbl-mmc-SL32G_0x259093f6/hw.nix | 2 +- .../system.nix | 2 +- .../steveej-rmvbl-sdep0/configuration.nix | 13 +- nix/os/devices/steveej-rmvbl-sdep0/hw.nix | 2 +- nix/os/devices/steveej-rmvbl-sdep0/system.nix | 2 +- .../devices/steveej-rmvbl-sdep0/versions.nix | 22 +- .../steveej-rmvbl-sdep0/versions.tmpl.nix | 7 +- nix/os/devices/steveej-t14/boot.nix | 5 +- nix/os/devices/steveej-t14/configuration.nix | 5 +- nix/os/devices/steveej-t14/default.nix | 16 +- nix/os/devices/steveej-t14/flake.nix | 2 +- nix/os/devices/steveej-t14/hw.nix | 63 +- nix/os/devices/steveej-t14/pkg.nix | 54 +- nix/os/devices/steveej-t14/system.nix | 34 +- nix/os/devices/steveej-t14/user.nix | 15 +- .../steveej-utilitepro/configuration.nix | 41 +- .../hardware-configuration.nix | 16 +- .../steveej-x13s-rmvbl/configuration.nix | 26 +- nix/os/devices/steveej-x13s-rmvbl/default.nix | 22 +- nix/os/devices/steveej-x13s-rmvbl/disko.nix | 23 +- nix/os/devices/steveej-x13s-rmvbl/flake.nix | 115 +- nix/os/devices/steveej-x13s/configuration.nix | 80 +- nix/os/devices/steveej-x13s/default.nix | 22 +- nix/os/devices/steveej-x13s/disko.nix | 23 +- nix/os/devices/steveej-x13s/flake.nix | 241 ++-- .../vmd102066.contaboserver.net/boot.nix | 5 +- .../configuration.nix | 5 +- .../vmd102066.contaboserver.net/default.nix | 10 +- .../vmd102066.contaboserver.net/flake.nix | 2 +- .../vmd102066.contaboserver.net/hw.nix | 6 +- .../vmd102066.contaboserver.net/pkg.nix | 25 +- .../vmd102066.contaboserver.net/system.nix | 33 +- nix/os/lib/default.nix | 25 +- nix/os/modules/ddclient-hetzner.nix | 13 +- nix/os/modules/ddclient-ovh.nix | 9 +- nix/os/modules/initrd-network.nix | 12 +- nix/os/modules/natrouter.nix | 7 +- nix/os/modules/opinionatedDisk.nix | 39 +- nix/os/profiles/common/configuration.nix | 11 +- nix/os/profiles/common/hw.nix | 11 +- nix/os/profiles/common/system.nix | 13 +- nix/os/profiles/common/user.nix | 90 +- nix/os/profiles/containers/configuration.nix | 13 +- nix/os/profiles/graphical-gnome-xorg.nix | 12 +- nix/os/profiles/graphical/boot.nix | 7 +- nix/os/profiles/graphical/configuration.nix | 9 +- nix/os/profiles/graphical/hw.nix | 4 +- nix/os/profiles/graphical/system.nix | 20 +- nix/os/profiles/install-medium/iso/iso.nix | 48 +- nix/os/profiles/removable-medium/boot.nix | 5 +- .../removable-medium/configuration.nix | 3 +- nix/os/profiles/removable-medium/hw.nix | 2 +- nix/os/profiles/removable-medium/pkg.nix | 3 +- nix/os/profiles/removable-medium/system.nix | 12 +- nix/os/snippets/bluetooth.nix | 7 +- nix/os/snippets/holo-zerotier.nix | 48 +- nix/os/snippets/home-manager-with-zsh.nix | 21 +- nix/os/snippets/k3s-w-nix-snapshotter.nix | 16 +- nix/os/snippets/mycelium.nix | 19 +- nix/os/snippets/nix-settings-holo-chain.nix | 2 +- nix/os/snippets/nix-settings.nix | 14 +- nix/os/snippets/obs-studio.nix | 16 +- nix/os/snippets/radicale.nix | 19 +- nix/os/snippets/sway-desktop.nix | 66 +- nix/os/snippets/systemd-resolved.nix | 7 +- nix/os/snippets/timezone.nix | 6 +- nix/pkgs/browserpass/default.nix | 44 +- nix/pkgs/dcpj4110dw/default.nix | 63 +- nix/pkgs/default.nix | 5 +- nix/pkgs/duplicacy/default.nix | 5 +- nix/pkgs/duplicacy/shell.nix | 24 +- nix/pkgs/jay.nix | 2 +- nix/pkgs/logseq/README.md | 27 +- nix/pkgs/logseq/default.nix | 156 +-- nix/pkgs/magmawm.nix | 7 +- nix/pkgs/mfcl3770cdw.nix | 48 +- nix/pkgs/nozbe/default.nix | 104 +- nix/pkgs/posh.nix | 166 +-- nix/pkgs/slirp4netns.nix | 10 +- nix/pkgs/staruml.nix | 92 +- nix/scripts/pre-eval-fixed.sh | 6 +- nix/tests/buildvmwithbootloader/build-vm.nix | 30 +- nix/tests/buildvmwithbootloader/build-vm.sh | 12 +- .../buildvmwithbootloader/configuration.nix | 22 +- nix/tests/buildvmwithbootloader/debug-vm.sh | 7 +- nix/tests/test-vm.nix | 8 +- nix/variables/passwords.crypt.nix | Bin 548 -> 614 bytes nix/variables/versions.nix | 19 +- nix/variables/versions.tmpl.nix | 7 +- scripts/sway-swapoutputworkspaces.sh | 52 +- secrets/holochain-infra/nomad.yaml | 66 +- secrets/hstk0/secrets.yaml | 66 +- secrets/router0-dmz0/secrets.yaml | 66 +- secrets/router0-hosthatch/secrets.yaml | 66 +- secrets/router0-ifog/secrets.yaml | 66 +- secrets/servers/dyndns.yaml | 66 +- secrets/shared-users.yaml | 246 ++-- secrets/sj-srv1/secrets.yaml | 66 +- secrets/sj-vps-htz0/secrets.yaml | 66 +- secrets/steveej-x13s/secrets.yaml | 66 +- 237 files changed, 5440 insertions(+), 5214 deletions(-) diff --git a/.gitignore b/.gitignore index 92102e5..fbfe182 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,6 @@ .env **/result .direnv/ + +# nixago: ignore-linked-files +/treefmt.toml \ No newline at end of file diff --git a/.sops.yaml b/.sops.yaml index b807986..10ba410 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -18,105 +18,105 @@ keys: - &router0-dmz0 age1vr69hfmjgkqu47g5hjacet6n2tq4rhwnvdrmfa6n6l7fkqvvafnsaccf8u - &router0-ifog age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00 - &router0-hosthatch age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4 - - &hstk0 age10xwq7a4y256yhv02j0u80te0vt4krgfjc68r0uw07t96z7ggmpwqtv38a0 + - &hstk0 age10xwq7a4y256yhv02j0u80te0vt4krgfjc68r0uw07t96z7ggmpwqtv38a0 creation_rules: - path_regex: ^(.+/|)secrets/[^/]+$ key_groups: - - pgp: - - *steveej - age: - - *steveej-t14 - - *steveej-x13s - - *elias-e525 - - *justyna-p300 + - pgp: + - *steveej + age: + - *steveej-t14 + - *steveej-x13s + - *elias-e525 + - *justyna-p300 - - *srv0-dmz0 - - *router0-dmz0 + - *srv0-dmz0 + - *router0-dmz0 - - *sj-vps-htz0 - - *sj-srv1 - - *hstk0 - - *router0-ifog - - *router0-hosthatch + - *sj-vps-htz0 + - *sj-srv1 + - *hstk0 + - *router0-ifog + - *router0-hosthatch - path_regex: ^secrets/steveej-t14/.+$ key_groups: - - pgp: - - *steveej - age: - - *steveej-t14 + - pgp: + - *steveej + age: + - *steveej-t14 - path_regex: ^secrets/desktop/.+$ key_groups: - - pgp: - - *steveej - age: - - *steveej-t14 - - *steveej-x13s + - pgp: + - *steveej + age: + - *steveej-t14 + - *steveej-x13s - path_regex: ^secrets/servers/.+$ key_groups: - - pgp: - - *steveej - age: - - *sj-vps-htz0 - - *sj-srv1 + - pgp: + - *steveej + age: + - *sj-vps-htz0 + - *sj-srv1 - path_regex: ^nix/os/containers/.+_secrets.+$ key_groups: - - pgp: - - *steveej - age: - - *sj-vps-htz0 - - *sj-srv1 + - pgp: + - *steveej + age: + - *sj-vps-htz0 + - *sj-srv1 - path_regex: ^secrets/holochain-infra/.+$ key_groups: - - pgp: - - *steveej - age: - - *srv0-dmz0 + - pgp: + - *steveej + age: + - *srv0-dmz0 - path_regex: ^secrets/router0-dmz0/.+$ key_groups: - - pgp: - - *steveej - age: - - *router0-dmz0 + - pgp: + - *steveej + age: + - *router0-dmz0 - path_regex: ^secrets/router0-ifog/.+$ key_groups: - - pgp: - - *steveej - age: - - *router0-ifog + - pgp: + - *steveej + age: + - *router0-ifog - path_regex: ^secrets/router0-hosthatch/.+$ key_groups: - - pgp: - - *steveej - age: - - *router0-hosthatch + - pgp: + - *steveej + age: + - *router0-hosthatch - path_regex: ^secrets/sj-vps-htz0/.+$ key_groups: - - pgp: - - *steveej - age: - - *sj-vps-htz0 + - pgp: + - *steveej + age: + - *sj-vps-htz0 - path_regex: ^secrets/sj-srv1/.+$ key_groups: - - pgp: - - *steveej - age: - - *sj-srv1 + - pgp: + - *steveej + age: + - *sj-srv1 - path_regex: ^secrets/hstk0/.+$ key_groups: - - pgp: - - *steveej - age: - - *hstk0 + - pgp: + - *steveej + age: + - *hstk0 - path_regex: ^secrets/steveej-x13s/.+$ key_groups: - - pgp: - - *steveej - age: - - *steveej-x13s + - pgp: + - *steveej + age: + - *steveej-x13s - path_regex: ^secrets/work-holo/.+$ key_groups: - - pgp: - - *steveej - age: - - *steveej-x13s + - pgp: + - *steveej + age: + - *steveej-x13s diff --git a/.vscode/settings.json b/.vscode/settings.json index 79eb182..28f81bc 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,19 +1,21 @@ { - "nix.serverSettings": { - // settings for 'nil' LSP - "nil": { - "autoArchive": true, - "diagnostics": { - "ignored": [ - "unused_binding", - "unused_with" - ] - }, - "formatting": { - "command": [ - "treefmt-nix", - ] - } - } - }, + "editor.defaultFormatter": "ibecker.treefmt-vscode", + "editor.formatOnSave": true, + "nix.enableLanguageServer": true, + "nix.serverPath": "nil", + "nix.serverSettings": { + // settings for 'nil' LSP + "nil": { + "autoArchive": true, + "diagnostics": { + "ignored": ["unused_binding", "unused_with"] + }, + "formatting": { + "command": ["treefmt-nix", "--stdin", ".nil.nix"] + } + } + }, + "[nix]": { + "editor.defaultFormatter": "jnoortheen.nix-ide" + } } diff --git a/README.md b/README.md index d59de56..5d32951 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,5 @@ # steveej's infra + This repository helps me to manage all computer infrastructure. This is mostly achieved with the help of [Nix](https://nixos.org). @@ -19,7 +20,7 @@ In the unlikely case that you actually read this and have any questions please d - [ ] development environments - [x] (Semi-) automatic synchronization of important repositories - [x] Modification strategy - The approach is to use vcsh for the dotfiles + The approach is to use vcsh for the dotfiles - [x] dotfiles - [x] Toplevel Justfile for simple actions - [x] mount/umount disks @@ -39,39 +40,46 @@ In the unlikely case that you actually read this and have any questions please d - [x] sj-pve0 - [x] use an existing secret management framework - [x] adapt (or abandon?) _just_ recipes - - [x] `rebuild-this-device` - - [x] `update-this-device` - - [x] `rebuild-remote-device` - - [x] `update-remote-device` - evaluate, and understand a path to using these tools in a pull-based fashion: + - [x] `rebuild-this-device` + - [x] `update-this-device` + - [x] `rebuild-remote-device` + - [x] `update-remote-device` + + evaluate, and understand a path to using these tools in a pull-based fashion: + - [x] [colmena](https://github.com/zhaofengli/colmena) - * bootstrapping: https://github.com/zhaofengli/colmena/issues/68 + - bootstrapping: https://github.com/zhaofengli/colmena/issues/68 - [ ] deploy-rs -- [x] 🚧 find a better alternative for the qtile-desktop - current issues: - - floating windows often get lost in the background - - plugging in-/out- screen crashes the desktop - evaluate: - - [x] ~~🚧 gnome3 + pop-shell~~ - - [x] ~~leftwm + eww (+ wayland?)~~ +- [x] 🚧 find a better alternative for the qtile-desktop + current issues: + + - floating windows often get lost in the background + - plugging in-/out- screen crashes the desktop + + evaluate: + + - [x] ~~🚧 gnome3 + pop-shell~~ + - [x] ~~leftwm + eww (+ wayland?)~~ + - [ ] (Re-)document bootstrap process - [ ] `apt install sudo cryptsetup` as a requirements on a deb admin machine - [ ] a new machine - [ ] an install media - [ ] Design disaster recovery - [ ] Automatic synchronization of other state files - see https://gitlab.com/steveeJ/nix-expressions/issues/2 -- [ ] Recycle *\_archived* +- [ ] Recycle _\_archived_ - [ ] container migrations - [ ] ensure DDNS is updated _before_ the containers are started - ## Bugs + - [ ] home-manager leaves ~/.gnupg at 0755 ## Usage -*(These are reminders for my future self)* + +_(These are reminders for my future self)_ ``` just --list @@ -80,15 +88,17 @@ just --list ## Bootstrap ### A new machine -* ensure the dotfiles repo has a branch with the new machine's hostname -* boot with an install media and go through setup +- ensure the dotfiles repo has a branch with the new machine's hostname + +- boot with an install media and go through setup #### Post-Install Setup -* `chmod --recursive g-rwx,o-rwx ~/.gnupg` -* `gpg2 --edit-card; fetch` -* clone password-manager and infra repositories -* gpg2: ultimately trust my own key + +- `chmod --recursive g-rwx,o-rwx ~/.gnupg` +- `gpg2 --edit-card; fetch` +- clone password-manager and infra repositories +- gpg2: ultimately trust my own key ## Swapping out a disk diff --git a/default.nix b/default.nix index 75e1dbb..6aba02e 100644 --- a/default.nix +++ b/default.nix @@ -4,6 +4,9 @@ # Having pkgs default to is fine though, and it lets you use short # commands such as: # nix-build -A mypackage -{pkgs ? import {}}: { - pkgs = import ./nix/pkgs {inherit pkgs;}; +{ + pkgs ? import { }, +}: +{ + pkgs = import ./nix/pkgs { inherit pkgs; }; } diff --git a/flake.lock b/flake.lock index 4ea2cd8..10413b3 100644 --- a/flake.lock +++ b/flake.lock @@ -346,6 +346,81 @@ } }, "flake-utils_3": { + "locked": { + "lastModified": 1653893745, + "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_4": { + "locked": { + "lastModified": 1653893745, + "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_5": { + "locked": { + "lastModified": 1653893745, + "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_6": { + "locked": { + "lastModified": 1653893745, + "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_7": { + "locked": { + "lastModified": 1653893745, + "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_8": { "inputs": { "systems": "systems_3" }, @@ -363,7 +438,7 @@ "type": "github" } }, - "flake-utils_4": { + "flake-utils_9": { "inputs": { "systems": "systems_4" }, @@ -485,7 +560,7 @@ }, "lib-aggregate": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_8", "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { @@ -639,6 +714,126 @@ "type": "github" } }, + "nixago": { + "inputs": { + "flake-utils": "flake-utils_3", + "nixago-exts": "nixago-exts", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1714086354, + "narHash": "sha256-yKVQMxL9p7zCWUhnGhDzRVT8sDgHoI3V595lBK0C2YA=", + "owner": "jmgilman", + "repo": "nixago", + "rev": "5133633e9fe6b144c8e00e3b212cdbd5a173b63d", + "type": "github" + }, + "original": { + "owner": "jmgilman", + "repo": "nixago", + "type": "github" + } + }, + "nixago-exts": { + "inputs": { + "flake-utils": "flake-utils_4", + "nixago": "nixago_2", + "nixpkgs": [ + "nixago", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1676070308, + "narHash": "sha256-QaJ65oc2l8iwQIGWUJ0EKjCeSuuCM/LqR8RauxZUUkc=", + "owner": "nix-community", + "repo": "nixago-extensions", + "rev": "e5380cb0456f4ea3c86cf94e3039eb856bf07d0b", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixago-extensions", + "type": "github" + } + }, + "nixago-exts_2": { + "inputs": { + "flake-utils": "flake-utils_6", + "nixago": "nixago_3", + "nixpkgs": [ + "nixago", + "nixago-exts", + "nixago", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1655508669, + "narHash": "sha256-BDDdo5dZQMmwNH/GNacy33nPBnCpSIydWFPZs0kkj/g=", + "owner": "nix-community", + "repo": "nixago-extensions", + "rev": "3022a932ce109258482ecc6568c163e8d0b426aa", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixago-extensions", + "type": "github" + } + }, + "nixago_2": { + "inputs": { + "flake-utils": "flake-utils_5", + "nixago-exts": "nixago-exts_2", + "nixpkgs": [ + "nixago", + "nixago-exts", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1676070010, + "narHash": "sha256-iYzJIWptE1EUD8VINAg66AAMUajizg8JUYN3oBmb8no=", + "owner": "nix-community", + "repo": "nixago", + "rev": "d480ba6c0c16e2c5c0bd2122852d6a0c9ad1ed0e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "rename-config-data", + "repo": "nixago", + "type": "github" + } + }, + "nixago_3": { + "inputs": { + "flake-utils": "flake-utils_7", + "nixpkgs": [ + "nixago", + "nixago-exts", + "nixago", + "nixago-exts", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1655405483, + "narHash": "sha256-Crd49aZWNrpczlRTOwWGfwBMsTUoG9vlHDKQC7cx264=", + "owner": "nix-community", + "repo": "nixago", + "rev": "e6a9566c18063db5b120e69e048d3627414e327d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixago", + "type": "github" + } + }, "nixos-anywhere": { "inputs": { "disko": "disko", @@ -847,11 +1042,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1730531603, - "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "lastModified": 1731319897, + "narHash": "sha256-PbABj4tnbWFMfBp6OcUK5iGy1QY+/Z96ZcLpooIbuEI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", + "rev": "dc460ec76cbff0e66e269457d7b728432263166c", "type": "github" }, "original": { @@ -1058,6 +1253,7 @@ "logseq_0_10_9_aarch64_appimage": "logseq_0_10_9_aarch64_appimage", "nix-vscode-extensions": "nix-vscode-extensions", "nix4vscode": "nix4vscode", + "nixago": "nixago", "nixos-anywhere": "nixos-anywhere", "nixpkgs": [ "nixpkgs-2405" @@ -1351,7 +1547,7 @@ }, "yofi": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_9", "nixpkgs": [ "nixpkgs" ] diff --git a/flake.nix b/flake.nix index d1d4106..e36297d 100644 --- a/flake.nix +++ b/flake.nix @@ -43,10 +43,7 @@ url = "github:nix-community/fenix"; inputs.nixpkgs.follows = "nixpkgs"; }; - crane = { - url = "github:ipetkov/crane"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + crane.url = "github:ipetkov/crane"; sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; @@ -129,218 +126,276 @@ url = "github:numtide/treefmt-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; + nixago.url = "github:jmgilman/nixago"; + nixago.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = inputs @ { - self, - flake-parts, - nixpkgs, - ... - }: let - inherit (nixpkgs) lib; + outputs = + inputs@{ + self, + flake-parts, + nixpkgs, + ... + }: + let + inherit (nixpkgs) lib; - systems = [ - "x86_64-linux" - "aarch64-linux" - ]; - in - flake-parts.lib.mkFlake {inherit inputs;} - ({withSystem, ...}: { - flake.colmena = - lib.lists.foldl (sum: cur: lib.attrsets.recursiveUpdate sum cur) - { - meta.nixpkgs = import inputs.nixpkgs.outPath { - system = builtins.elemAt systems 0; - }; - } - # FIXME: this doesn't seem to work to apply overlays into a node's nixpkgs import - # try this instead: https://github.com/zhaofengli/colmena/issues/60#issuecomment-1510496861 - (builtins.map - (nodeName: - import ./nix/os/devices/${nodeName} { - inherit nodeName; - repoFlake = self; - repoFlakeWithSystem = withSystem; - nodeFlake = self.inputs.get-flake ./nix/os/devices/${nodeName}; - }) [ - "steveej-t14" - "steveej-x13s" - "steveej-x13s-rmvbl" - # "elias-e525" - # "justyna-p300" - - # "srv0-dmz0" - # "router0-dmz0" - "router0-ifog" - "router0-hosthatch" - - "sj-srv1" - - "hstk0" - ]); - - flake.lib = { - inherit withSystem; - }; - - # this makes nixos-anywhere work - flake.nixosConfigurations = let - colmenaHive = (inputs.colmena.lib.makeHive self.outputs.colmena).nodes; - router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations; - in ( - colmenaHive - // { - router0-dmz0 = router0-dmz0.native; - - # for now deploy directly with: - # nixos-rebuild switch --flake .\#router0-dmz0_cross --build-host localhost --target-host root@192.168.10.1 - router0-dmz0_cross = router0-dmz0.cross; - - steveej-x13s_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations.cross; - steveej-x13s-rmvbl_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s-rmvbl).nixosConfigurations.cross; - } - ); - - inherit systems; - - perSystem = { - self', - inputs', - system, - config, - lib, - pkgs, - ... - }: { - imports = [ - ./nix/modules/flake-parts/perSystem/default.nix - ]; - - packages = let - dcpj4110dw = pkgs.callPackage (self + /nix/pkgs/dcpj4110dw) {}; - - craneLibFn = (inputs.crane.mkLib inputs.nixpkgs.legacyPackages.${system}).overrideToolchain; - - craneLib = - craneLibFn - inputs'.fenix.packages.stable.toolchain; - - craneLibOfiPass = - craneLibFn + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; + in + flake-parts.lib.mkFlake { inherit inputs; } ( + { withSystem, ... }: + { + flake.colmena = + lib.lists.foldl (sum: cur: lib.attrsets.recursiveUpdate sum cur) + { meta.nixpkgs = import inputs.nixpkgs.outPath { system = builtins.elemAt systems 0; }; } + # FIXME: this doesn't seem to work to apply overlays into a node's nixpkgs import + # try this instead: https://github.com/zhaofengli/colmena/issues/60#issuecomment-1510496861 ( - inputs'.fenix.packages.stable.toolchain - # .override { - # date = "1.60.0"; - # } + builtins.map + ( + nodeName: + import ./nix/os/devices/${nodeName} { + inherit nodeName; + repoFlake = self; + repoFlakeWithSystem = withSystem; + nodeFlake = self.inputs.get-flake ./nix/os/devices/${nodeName}; + } + ) + [ + "steveej-t14" + "steveej-x13s" + "steveej-x13s-rmvbl" + # "elias-e525" + # "justyna-p300" + + # "srv0-dmz0" + # "router0-dmz0" + "router0-ifog" + "router0-hosthatch" + + "sj-srv1" + + "hstk0" + ] ); - in { - dcpj4110dwDriver = dcpj4110dw.driver; - dcpj4110dwCupswrapper = dcpj4110dw.cupswrapper; - inherit (inputs'.colmena.packages) colmena; - - prs = - pkgs.callPackage - ({ - pkgs, - dbus, - glib, - gpgme, - gtk3, - libxcb, - libxkbcommon, - installShellFiles, - pkg-config, - python3, - }: - craneLib.buildPackage { - pname = "prs"; - version = inputs.prs.shortRev; - src = inputs.prs; - nativeBuildInputs = [gpgme installShellFiles pkg-config python3]; - - buildInputs = [ - dbus - glib - gpgme - gtk3 - libxcb - libxkbcommon - ]; - - cargoExtraArgs = "--features backend-gpgme"; - - postInstall = '' - for shell in bash fish zsh; do - installShellCompletion --cmd prs --$shell <($out/bin/prs internal completions $shell --stdout) - done - ''; - }) - {}; - - nomad = inputs'.nixpkgs-unstable.legacyPackages.nomad_1_6; - - ledger-live-desktop-wrapped = pkgs.writeShellScriptBin "ledger-live-desktop-wrapped" '' - set -x - pkill -9 wayland-proxy-v - export NIXOS_OZONE_WL="" - ${pkgs.wayland-proxy-virtwl}/bin/wayland-proxy-virtwl \ - --wayland-display=wayland-3 \ - --xwayland-binary=${pkgs.xwayland}/bin/Xwayland \ - --x-display=3 \ - & - # --x-unscale=3 \ - #--verbose \ - - export PROXYPID="$!" - - trap "kill -9 \$PROXYPID" EXIT - # trap "pkill -9 wayland-proxy-v" EXIT - - env \ - WAYLAND_DISPLAY=wayland-3 \ - DISPLAY=:3 \ - ledger-live-desktop - ''; - - syncthing-container-webui = pkgs.writeShellScriptBin "reverse-port-forward-syncthing-container" '' - ssh root@${self.colmena.sj-vps-htz0.deployment.targetHost} -L 8385:syncthing.containers:8384 - ''; - - rperf = craneLib.buildPackage { - src = inputs.rperf; - nativeBuildInputs = [ - pkgs.pkg-config - ]; - buildInputs = [ - ]; - }; - - x13s-bt-firmware = pkgs.runCommand "x13s-bt-firmware" {} '' - mkdir -p $out/lib/firmware/qca - cp -v ${self}/misc/x13s_bt_firmware/hpnv21g.b8c.crypt.fw $out/lib/firmware/qca/hpnv21.bin - cp -v ${inputs.x13s-bt-firmware} $out/lib/firmware/qca//hpbtfw21.tlv - ''; - - x13s-ath11k-firmware = pkgs.runCommand "x13s-ath11k-firmware-before" {} '' - mkdir -p $out/lib/firmware/ath11k/WCN6855/hw2.1/ - cp -v ${inputs.ath11k-firmware}/WCN6855/hw2.1/{board-2,regdb}.bin $out/lib/firmware/ath11k/WCN6855/hw2.1/ - cp -v ${inputs.ath11k-firmware}/WCN6855/hw2.1/1.1/WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41/{amss,m3}.bin $out/lib/firmware/ath11k/WCN6855/hw2.1/ - ''; + flake.lib = { + inherit withSystem; }; - formatter = inputs.treefmt-nix.formatter.${system}; + # this makes nixos-anywhere work + flake.nixosConfigurations = + let + colmenaHive = (inputs.colmena.lib.makeHive self.outputs.colmena).nodes; + router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations; + in + colmenaHive + // { + router0-dmz0 = router0-dmz0.native; - devShells = let - all = import ./nix/devShells.nix { - inherit - self - self' - inputs' - pkgs - ; + # for now deploy directly with: + # nixos-rebuild switch --flake .\#router0-dmz0_cross --build-host localhost --target-host root@192.168.10.1 + router0-dmz0_cross = router0-dmz0.cross; + + steveej-x13s_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations.cross; + steveej-x13s-rmvbl_cross = + (inputs.get-flake ./nix/os/devices/steveej-x13s-rmvbl).nixosConfigurations.cross; }; - in (all // {default = all.develop;}); - }; - }); + + inherit systems; + + perSystem = + { + self', + inputs', + system, + config, + lib, + pkgs, + ... + }: + { + imports = [ ./nix/modules/flake-parts/perSystem/default.nix ]; + + packages = + let + dcpj4110dw = pkgs.callPackage (self + /nix/pkgs/dcpj4110dw) { }; + + craneLibFn = (inputs.crane.mkLib inputs.nixpkgs.legacyPackages.${system}).overrideToolchain; + + craneLib = craneLibFn inputs'.fenix.packages.stable.toolchain; + in + { + dcpj4110dwDriver = dcpj4110dw.driver; + dcpj4110dwCupswrapper = dcpj4110dw.cupswrapper; + + inherit (inputs'.colmena.packages) colmena; + + prs = pkgs.callPackage ( + { + dbus, + glib, + gpgme, + gtk3, + libxcb, + libxkbcommon, + installShellFiles, + pkg-config, + python3, + }: + craneLib.buildPackage { + pname = "prs"; + version = inputs.prs.shortRev; + src = inputs.prs; + nativeBuildInputs = [ + gpgme + installShellFiles + pkg-config + python3 + ]; + + buildInputs = [ + dbus + glib + gpgme + gtk3 + libxcb + libxkbcommon + ]; + + cargoExtraArgs = "--features backend-gpgme"; + + postInstall = '' + for shell in bash fish zsh; do + installShellCompletion --cmd prs --$shell <($out/bin/prs internal completions $shell --stdout) + done + ''; + } + ) { }; + + nomad = inputs'.nixpkgs-unstable.legacyPackages.nomad_1_6; + + ledger-live-desktop-wrapped = pkgs.writeShellScriptBin "ledger-live-desktop-wrapped" '' + set -x + pkill -9 wayland-proxy-v + export NIXOS_OZONE_WL="" + ${pkgs.wayland-proxy-virtwl}/bin/wayland-proxy-virtwl \ + --wayland-display=wayland-3 \ + --xwayland-binary=${pkgs.xwayland}/bin/Xwayland \ + --x-display=3 \ + & + # --x-unscale=3 \ + #--verbose \ + + export PROXYPID="$!" + + trap "kill -9 \$PROXYPID" EXIT + # trap "pkill -9 wayland-proxy-v" EXIT + + env \ + WAYLAND_DISPLAY=wayland-3 \ + DISPLAY=:3 \ + ledger-live-desktop + ''; + + syncthing-container-webui = pkgs.writeShellScriptBin "reverse-port-forward-syncthing-container" '' + ssh root@${self.colmena.sj-vps-htz0.deployment.targetHost} -L 8385:syncthing.containers:8384 + ''; + + rperf = craneLib.buildPackage { + src = inputs.rperf; + nativeBuildInputs = [ pkgs.pkg-config ]; + buildInputs = [ ]; + }; + + x13s-bt-firmware = pkgs.runCommand "x13s-bt-firmware" { } '' + mkdir -p $out/lib/firmware/qca + cp -v ${self}/misc/x13s_bt_firmware/hpnv21g.b8c.crypt.fw $out/lib/firmware/qca/hpnv21.bin + cp -v ${inputs.x13s-bt-firmware} $out/lib/firmware/qca//hpbtfw21.tlv + ''; + + x13s-ath11k-firmware = pkgs.runCommand "x13s-ath11k-firmware-before" { } '' + mkdir -p $out/lib/firmware/ath11k/WCN6855/hw2.1/ + cp -v ${inputs.ath11k-firmware}/WCN6855/hw2.1/{board-2,regdb}.bin $out/lib/firmware/ath11k/WCN6855/hw2.1/ + cp -v ${inputs.ath11k-firmware}/WCN6855/hw2.1/1.1/WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41/{amss,m3}.bin $out/lib/firmware/ath11k/WCN6855/hw2.1/ + ''; + }; + + formatter = + let + settingsNix = { + projectRootFile = ".git/config"; + + package = inputs'.nixpkgs-unstable.legacyPackages.treefmt2; + + programs = { + nixfmt.enable = true; + deadnix.enable = true; + statix.enable = true; + + shfmt.enable = true; + shellcheck.enable = true; + + prettier.enable = true; + } // pkgs.lib.optionalAttrs (pkgs.system != "riscv64-linux") { shellcheck.enable = true; }; + + settings = { + global.excludes = [ + "LICENSE" + "secrets/" + ".git-crypt/" + + # unsupported extensions + "*.{enc,gif,png,svg,tape,mts,lock,mod,sum,toml,env,envrc,gitignore}" + ]; + + formatter = { + deadnix = { + priority = 1; + }; + + nixfmt = { + priority = 2; + }; + + statix = { + priority = 3; + }; + + prettier = { + options = [ + "--tab-width" + "2" + ]; + includes = [ "*.{css,html,js,json,jsx,md,mdx,scss,ts,yaml}" ]; + }; + }; + }; + }; + eval = inputs.treefmt-nix.lib.evalModule pkgs settingsNix; + in + eval.config.build.wrapper.overrideAttrs (_: { + passthru = { + inherit (eval.config) package settings; + }; + }); + + devShells = + let + all = import ./nix/devShells.nix { + inherit + self + self' + inputs' + pkgs + ; + }; + in + all // { default = all.develop; }; + }; + } + ); } diff --git a/nix/container-images/build.sh b/nix/container-images/build.sh index 6cfab1a..1025cb4 100755 --- a/nix/container-images/build.sh +++ b/nix/container-images/build.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash set -xe -[ ! -z "$NAME" ] +[ -n "$NAME" ] nix-build . --show-trace -A "$NAME" -docker image rm "$NAME":latest --force +docker image rm "$NAME":latest --force docker load -i result diff --git a/nix/container-images/default.nix b/nix/container-images/default.nix index 7dcab2a..67f516d 100644 --- a/nix/container-images/default.nix +++ b/nix/container-images/default.nix @@ -1,6 +1,10 @@ -{pkgs ? import {}}: let - baseEnv = ["SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"]; -in rec { +{ + pkgs ? import { }, +}: +let + baseEnv = [ "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]; +in +rec { base = pkgs.dockerTools.buildImage rec { name = "base"; @@ -21,59 +25,70 @@ in rec { interactive_base = pkgs.dockerTools.buildImage { name = "interactive_base"; fromImage = base; - contents = with pkgs; [procps zsh coreutils neovim]; + contents = with pkgs; [ + procps + zsh + coreutils + neovim + ]; - config = {Cmd = ["/bin/zsh"];}; + config = { + Cmd = [ "/bin/zsh" ]; + }; }; - s3ql = let - entrypoint = pkgs.writeScript "entrypoint" '' - #!${pkgs.stdenv.shell} + s3ql = + let + entrypoint = pkgs.writeScript "entrypoint" '' + #!${pkgs.stdenv.shell} - if [ -z "$S3QL_BUCKET" ]; then - echo S3QL_BUCKET not set - exit 1 - fi + if [ -z "$S3QL_BUCKET" ]; then + echo S3QL_BUCKET not set + exit 1 + fi - if [ -z "$S3QL_STORAGE_URL" ]; then - echo S3QL_STORAGE_URL not set - exit 1 - fi + if [ -z "$S3QL_STORAGE_URL" ]; then + echo S3QL_STORAGE_URL not set + exit 1 + fi - if [ -z "$S3QL_CACHESIZE" ]; then - echo S3QL_CACHESIZE not set - exit 1 - fi + if [ -z "$S3QL_CACHESIZE" ]; then + echo S3QL_CACHESIZE not set + exit 1 + fi - set -x + set -x - if [ "$S3QL_SKIP_FSCK" != "1" ]; then - fsck.s3ql \ - --authfile $S3QL_AUTHINFO2 \ + if [ "$S3QL_SKIP_FSCK" != "1" ]; then + fsck.s3ql \ + --authfile $S3QL_AUTHINFO2 \ + --log none \ + --cachedir $S3QL_CACHE_DIR \ + $S3QL_STORAGE_URL + fi + + exec mount.s3ql \ + --cachedir "$S3QL_CACHE_DIR" \ + --authfile "$S3QL_AUTHINFO2" \ + --cachesize "$S3QL_CACHESIZE" \ + --fg \ + --compress lzma-6 \ + --threads 4 \ --log none \ - --cachedir $S3QL_CACHE_DIR \ - $S3QL_STORAGE_URL - fi + --allow-root \ + "$S3QL_STORAGE_URL" \ + /bucket - exec mount.s3ql \ - --cachedir "$S3QL_CACHE_DIR" \ - --authfile "$S3QL_AUTHINFO2" \ - --cachesize "$S3QL_CACHESIZE" \ - --fg \ - --compress lzma-6 \ - --threads 4 \ - --log none \ - --allow-root \ - "$S3QL_STORAGE_URL" \ - /bucket - - # FIXME: touch .isbucket after mount - ''; - in + # FIXME: touch .isbucket after mount + ''; + in pkgs.dockerTools.buildImage { name = "s3ql"; fromImage = interactive_base; - contents = [pkgs.s3ql pkgs.fuse]; + contents = [ + pkgs.s3ql + pkgs.fuse + ]; runAsRoot = '' #!${pkgs.stdenv.shell} @@ -84,57 +99,58 @@ in rec { ''; config = { - Env = - baseEnv - ++ [ - "HOME=/home/s3ql" - "S3QL_CACHE_DIR=/var/cache/s3ql" - "S3QL_AUTHINFO2=/etc/s3ql/authinfo2" - "CONTAINER_ENTRYPOINT=${entrypoint}" - ]; - Cmd = [entrypoint]; + Env = baseEnv ++ [ + "HOME=/home/s3ql" + "S3QL_CACHE_DIR=/var/cache/s3ql" + "S3QL_AUTHINFO2=/etc/s3ql/authinfo2" + "CONTAINER_ENTRYPOINT=${entrypoint}" + ]; + Cmd = [ entrypoint ]; Volumes = { - "/var/cache/s3ql" = {}; - "/etc/s3ql/authinfo2" = {}; - "/buckets" = {}; - "/tmp" = {}; + "/var/cache/s3ql" = { }; + "/etc/s3ql/authinfo2" = { }; + "/buckets" = { }; + "/tmp" = { }; }; }; }; - syncthing = let - entrypoint = pkgs.writeScript "entrypoint" '' - #!${pkgs.stdenv.shell} - set -x - if [ ! -e /data/.isbucket ]; then - echo ERROR: Bucket not mounted at /data - exit 1 - fi + syncthing = + let + entrypoint = pkgs.writeScript "entrypoint" '' + #!${pkgs.stdenv.shell} + set -x + if [ ! -e /data/.isbucket ]; then + echo ERROR: Bucket not mounted at /data + exit 1 + fi - if [ -z "$SYNCTHING_GUI_ADDRESS" ]; then - echo ERROR: SYNCTHING_GUI_ADDRESS is not set - exit 1 - fi + if [ -z "$SYNCTHING_GUI_ADDRESS" ]; then + echo ERROR: SYNCTHING_GUI_ADDRESS is not set + exit 1 + fi - if [ ! -w "$SYNCTHING_HOME" ]; then - echo ERROR : SYNCTHING_HOME is not writable - fi + if [ ! -w "$SYNCTHING_HOME" ]; then + echo ERROR : SYNCTHING_HOME is not writable + fi - exec syncthing \ - -home $SYNCTHING_HOME \ - -gui-address=$SYNCTHING_GUI_ADDRESS \ - -no-browser - ''; - in + exec syncthing \ + -home $SYNCTHING_HOME \ + -gui-address=$SYNCTHING_GUI_ADDRESS \ + -no-browser + ''; + in pkgs.dockerTools.buildImage { name = "syncthing"; fromImage = interactive_base; contents = pkgs.syncthing; config = { - Env = baseEnv ++ ["SYNCTHING_HOME=/home/syncthing"]; - Cmd = [entrypoint]; - Volumes = {"/data" = {};}; + Env = baseEnv ++ [ "SYNCTHING_HOME=/home/syncthing" ]; + Cmd = [ entrypoint ]; + Volumes = { + "/data" = { }; + }; }; }; } diff --git a/nix/default.nix b/nix/default.nix index 888a4e9..f8947e0 100644 --- a/nix/default.nix +++ b/nix/default.nix @@ -1,26 +1,34 @@ -{versionsPath}: let +{ versionsPath }: +let channelVersions = import versionsPath; - mkChannelSource = name: let - channelVersion = builtins.getAttr name channelVersions; - in + mkChannelSource = + name: + let + channelVersion = builtins.getAttr name channelVersions; + in builtins.fetchGit { # Descriptive name to make the store path easier to identify inherit name; inherit (channelVersion) url ref rev; }; - nixPath = builtins.concatStringsSep ":" (builtins.map - (elemName: let - elem = builtins.getAttr elemName channelVersions; - elemPath = mkChannelSource elemName; - suffix = - if builtins.hasAttr "suffix" elem - then elem.suffix - else ""; - in - builtins.concatStringsSep "=" [elemName elemPath] + suffix) - (builtins.attrNames channelVersions)); - pkgs = import (mkChannelSource "nixpkgs") {}; -in { + nixPath = builtins.concatStringsSep ":" ( + builtins.map ( + elemName: + let + elem = builtins.getAttr elemName channelVersions; + elemPath = mkChannelSource elemName; + suffix = if builtins.hasAttr "suffix" elem then elem.suffix else ""; + in + builtins.concatStringsSep "=" [ + elemName + elemPath + ] + + suffix + ) (builtins.attrNames channelVersions) + ); + pkgs = import (mkChannelSource "nixpkgs") { }; +in +{ inherit nixPath; channelSources = pkgs.writeText "channels.rc" '' export NIX_PATH=${nixPath} diff --git a/nix/devShells.nix b/nix/devShells.nix index 1358f30..d6c55f6 100644 --- a/nix/devShells.nix +++ b/nix/devShells.nix @@ -3,9 +3,8 @@ self', inputs', pkgs, -}: let - pkgsUnstable = inputs'.nixpkgs-unstable.legacyPackages; -in { +}: +{ install = pkgs.mkShell { name = "infra-install"; packages = with pkgs; [ @@ -20,11 +19,9 @@ in { develop = pkgs.mkShell { name = "infra-develop"; - inputsFrom = [ - self'.devShells.install - ]; + inputsFrom = [ self'.devShells.install ]; packages = with pkgs; [ - self'.formatter + self'.formatter # .package inputs'.colmena.packages.colmena dconf2nix inputs'.nixos-anywhere.packages.nixos-anywhere @@ -92,6 +89,15 @@ in { # Set Environment Variables RUST_BACKTRACE = 1; - KANIDM_URL = self.nixosConfigurations.sj-srv1.config.containers.webserver.config.services.kanidm.serverSettings.origin; + KANIDM_URL = + self.nixosConfigurations.sj-srv1.config.containers.webserver.config.services.kanidm.serverSettings.origin; + + shellHook = + (self.inputs.nixago.lib.${pkgs.system}.make { + data = self'.formatter.settings; + output = "treefmt.toml"; + format = "toml"; + }).shellHook + + ''''; }; } diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index ac0914d..0f1eda9 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -5,13 +5,14 @@ # these come in via home-manager.extraSpecialArgs and are specific to each node nodeFlake, repoFlake, - packages', ... -}: let +}: +let pkgsUnstable = pkgs.pkgsUnstable - or (import nodeFlake.inputs.nixpkgs-unstable {inherit (pkgs) system config overlays;}); -in { + or (import nodeFlake.inputs.nixpkgs-unstable { inherit (pkgs) system config overlays; }); +in +{ imports = [ ../profiles/common.nix # ../profiles/dotfiles.nix @@ -34,18 +35,18 @@ in { ../programs/libreoffice.nix ../programs/neovim.nix ../programs/vscode - { - home.packages = [ - pkgsUnstable.markdown-oxide - ]; - } + { home.packages = [ pkgsUnstable.markdown-oxide ]; } ]; home.sessionVariables.HM_CONFIG = "graphical-fullblown"; home.sessionVariables.GOPATH = "$HOME/src/go"; - home.sessionVariables.PATH = pkgs.lib.concatStringsSep ":" ["$HOME/.local/bin" "$PATH"]; + home.sessionVariables.PATH = pkgs.lib.concatStringsSep ":" [ + "$HOME/.local/bin" + "$PATH" + ]; - nixpkgs.config.allowInsecurePredicate = pkg: + nixpkgs.config.allowInsecurePredicate = + pkg: builtins.elem (lib.getName pkg) [ "electron-28.3.3" "electron-27.3.11" @@ -68,8 +69,7 @@ in { # ]; home.packages = - [] - ++ (with pkgs; [ + (with pkgs; [ # Authentication # cacert # fprintd @@ -246,19 +246,15 @@ in { # libretro.snes9x2010 # retroarchFull - ( - pkgs.logseq.overrideAttrs ( - attrs: - lib.attrsets.recursiveUpdate - attrs - ( - lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 { - src = repoFlake.inputs.logseq_0_10_9_aarch64_appimage; - meta.platforms = ["aarch64-linux"]; - } - ) + (pkgs.logseq.overrideAttrs ( + attrs: + lib.attrsets.recursiveUpdate attrs ( + lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 { + src = repoFlake.inputs.logseq_0_10_9_aarch64_appimage; + meta.platforms = [ "aarch64-linux" ]; + } ) - ) + )) # ( # pkgsUnstable.callPackage (repoFlake + "/nix/pkgs/logseq") @@ -267,8 +263,7 @@ in { # }) # ) ]) - ++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [ - ]) + ++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [ ]) ++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [ pkgsUnstable.ledger-live-desktop diff --git a/nix/home-manager/configuration/graphical-gnome3.nix b/nix/home-manager/configuration/graphical-gnome3.nix index 12e1948..5eaebd1 100644 --- a/nix/home-manager/configuration/graphical-gnome3.nix +++ b/nix/home-manager/configuration/graphical-gnome3.nix @@ -1,13 +1,8 @@ +{ pkgs, ... }: { - pkgs, - config, - ... -}: { - home.packages = - [] - ++ (with pkgs; [ - gnome.gnome-tweaks - gnome.gnome-keyring - gnome.seahorse - ]); + home.packages = with pkgs; [ + gnome.gnome-tweaks + gnome.gnome-keyring + gnome.seahorse + ]; } diff --git a/nix/home-manager/configuration/graphical-removable.nix b/nix/home-manager/configuration/graphical-removable.nix index faac0d5..d6296a2 100644 --- a/nix/home-manager/configuration/graphical-removable.nix +++ b/nix/home-manager/configuration/graphical-removable.nix @@ -1,8 +1,5 @@ +{ pkgs, ... }: { - pkgs, - config, - ... -}: { imports = [ ../profiles/common.nix ../profiles/qtile-desktop.nix @@ -16,89 +13,87 @@ ../programs/pass.nix ]; - home.packages = - [] - ++ (with pkgs; [ - # Nix package related tools - patchelf - nix-index - nix-prefetch-scripts + home.packages = with pkgs; [ + # Nix package related tools + patchelf + nix-index + nix-prefetch-scripts - # Version Control Systems - gitless + # Version Control Systems + gitless - # Process/System Administration - htop - gnome.gnome-tweaks - xorg.xhost - dmidecode - evtest + # Process/System Administration + htop + gnome.gnome-tweaks + xorg.xhost + dmidecode + evtest - # Archive Managers - sshfs-fuse - xarchive - p7zip - zip - unzip - gzip - lzop + # Archive Managers + sshfs-fuse + xarchive + p7zip + zip + unzip + gzip + lzop - # Password Management - gnome.gnome-keyring - gnome.seahorse + # Password Management + gnome.gnome-keyring + gnome.seahorse - # Remote Control Tools - remmina - freerdp + # Remote Control Tools + remmina + freerdp - # Network Tools - openvpn - tcpdump - iftop - iperf - bind - socat + # Network Tools + openvpn + tcpdump + iftop + iperf + bind + socat - # samba - iptables - nftables - wireshark + # samba + iptables + nftables + wireshark - # Code Editors - xclip - xsel + # Code Editors + xclip + xsel - # Image/Graphic/Design Tools - gnome.eog - gimp - inkscape + # Image/Graphic/Design Tools + gnome.eog + gimp + inkscape - # Misc Development Tools - qrcode - jq - cdrtools + # Misc Development Tools + qrcode + jq + cdrtools - # Document Processing and Management - zathura + # Document Processing and Management + zathura - # File Synchronzation - rsync + # File Synchronzation + rsync - # Filesystem Tools - ntfs3g - ddrescue - ncdu - woeusb - unetbootin - pcmanfm - hdparm - testdisk - binwalk - gptfdisk + # Filesystem Tools + ntfs3g + ddrescue + ncdu + woeusb + unetbootin + pcmanfm + hdparm + testdisk + binwalk + gptfdisk - packages'.myPython + packages'.myPython - # Virtualization - virtmanager - ]); + # Virtualization + virtmanager + ]; } diff --git a/nix/home-manager/lib.nix b/nix/home-manager/lib.nix index b731c1d..7436034 100644 --- a/nix/home-manager/lib.nix +++ b/nix/home-manager/lib.nix @@ -1,14 +1,19 @@ -{}: let -in { - mkSimpleTrayService = {execStart}: { - Unit = { - Description = ""; - After = ["graphical-session-pre.target"]; - PartOf = ["graphical-session.target"]; +_: { + mkSimpleTrayService = + { execStart }: + { + Unit = { + Description = ""; + After = [ "graphical-session-pre.target" ]; + PartOf = [ "graphical-session.target" ]; + }; + + Install = { + WantedBy = [ "graphical-session.target" ]; + }; + + Service = { + ExecStart = execStart; + }; }; - - Install = {WantedBy = ["graphical-session.target"];}; - - Service = {ExecStart = execStart;}; - }; } diff --git a/nix/home-manager/profiles/common.nix b/nix/home-manager/profiles/common.nix index d5b0c7e..e51dd7b 100644 --- a/nix/home-manager/profiles/common.nix +++ b/nix/home-manager/profiles/common.nix @@ -1,8 +1,5 @@ +{ pkgs, lib, ... }: { - pkgs, - lib, - ... -}: { home.stateVersion = lib.mkDefault "23.11"; # TODO: re-enable this with the appropriate version? @@ -15,7 +12,8 @@ allowUnfree = true; allowUnsupportedSystem = true; - allowInsecurePredicate = pkg: + allowInsecurePredicate = + pkg: builtins.elem (lib.getName pkg) [ "electron-28.3.3" "electron-27.3.11" @@ -28,7 +26,8 @@ "electron" ]; - allowUnfreePredicate = pkg: + allowUnfreePredicate = + pkg: builtins.elem (lib.getName pkg) [ "obsidian" "vivaldi" @@ -56,47 +55,45 @@ programs.command-not-found.enable = true; programs.fzf.enable = true; - home.packages = - [] - ++ (with pkgs; [ - coreutils + home.packages = with pkgs; [ + coreutils - vcsh + vcsh - htop - iperf3 - nethogs + htop + iperf3 + nethogs - # Authentication - cacert - openssl - mkpasswd + # Authentication + cacert + openssl + mkpasswd - just - ripgrep - du-dust + just + ripgrep + du-dust - elfutils - exfat - file - tree - pwgen - proot + elfutils + exfat + file + tree + pwgen + proot - parted - pv - tmux - wget - curl + parted + pv + tmux + wget + curl - # git helpers - git-crypt - gitFull - pastebinit - gist - mr + # git helpers + git-crypt + gitFull + pastebinit + gist + mr - usbutils - pciutils - ]); + usbutils + pciutils + ]; } diff --git a/nix/home-manager/profiles/dotfiles.nix b/nix/home-manager/profiles/dotfiles.nix index 670ea75..a7bddd9 100644 --- a/nix/home-manager/profiles/dotfiles.nix +++ b/nix/home-manager/profiles/dotfiles.nix @@ -1,45 +1,4 @@ -{ - repoFlake, - pkgs, - config, - repoHttps ? "https://gitlab.com/steveeJ/dotfiles.git", - repoSsh ? "git@gitlab.com:/steveeJ/dotfiles.git", - ... -}: let - repoBareLocal = - pkgs.runCommand "fetchbare" - { - outputHashMode = "recursive"; - outputHashAlgo = "sha256"; - outputHash = "0000000000000000000000000000000000000000000000000000"; - } '' - ( - set -xe - export GIT_SSL_CAINFO=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt - export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt - ${pkgs.git}/bin/git clone --mirror ${repoHttps} $out - ) - ''; - vcshActivationScript = pkgs.writeScript "activation-script" '' - export HOST=$(hostname -s) - - function set_remotes { - ${pkgs.vcsh}/bin/vcsh dotfiles remote set-url origin $1 - ${pkgs.vcsh}/bin/vcsh dotfiles remote set-url --push origin $2 - } - - if ! test -d $HOME/.config/vcsh/repo.d/dotfiles.git; then - echo Cloning dotfiles for $HOST... - ${pkgs.vcsh}/bin/vcsh clone -b $HOST ${repoBareLocal} dotfiles - set_remotes ${repoHttps} ${repoSsh} - else - set_remotes ${repoBareLocal} ${repoSsh} - echo Updating dotfiles for $HOST... - ${pkgs.vcsh}/bin/vcsh pull $HOST || true - set_remotes ${repoHttps} ${repoSsh} - fi - ''; -in { +_: { # TODO: fix the dotfiles # home.activation.vcsh = config.lib.dag.entryAfter["linkGeneration"] '' # $DRY_RUN_CMD ${vcshActivationScript} diff --git a/nix/home-manager/profiles/dotfiles/vcsh.tmpl.nix b/nix/home-manager/profiles/dotfiles/vcsh.tmpl.nix index 84d629f..2a866f2 100644 --- a/nix/home-manager/profiles/dotfiles/vcsh.tmpl.nix +++ b/nix/home-manager/profiles/dotfiles/vcsh.tmpl.nix @@ -3,38 +3,40 @@ repoHttps ? "https://gitlab.com/steveeJ/dotfiles.git", repoSsh ? "git@gitlab.com:/steveeJ/dotfiles.git", ... -}: let +}: +let repoBareLocal = pkgs.runCommand "fetchbare" - { - outputHashMode = "recursive"; - outputHashAlgo = "sha256"; - outputHash = "0000000000000000000000000000000000000000000000000000"; - } '' - ( - set -xe - export GIT_SSL_CAINFO=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt - export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt - ${pkgs.git}/bin/git clone --mirror ${repoHttps} $out - ) - ''; + { + outputHashMode = "recursive"; + outputHashAlgo = "sha256"; + outputHash = "0000000000000000000000000000000000000000000000000000"; + } + '' + ( + set -xe + export GIT_SSL_CAINFO=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt + export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt + ${pkgs.git}/bin/git clone --mirror ${repoHttps} $out + ) + ''; in - pkgs.writeScript "activation-script" '' - export HOST=$(hostname -s) +pkgs.writeScript "activation-script" '' + export HOST=$(hostname -s) - function set_remotes { - ${pkgs.vcsh}/bin/vcsh dotfiles remote set-url origin $1 - ${pkgs.vcsh}/bin/vcsh dotfiles remote set-url --push origin $2 - } + function set_remotes { + ${pkgs.vcsh}/bin/vcsh dotfiles remote set-url origin $1 + ${pkgs.vcsh}/bin/vcsh dotfiles remote set-url --push origin $2 + } - if ! test -d $HOME/.config/vcsh/repo.d/dotfiles.git; then - echo Cloning dotfiles for $HOST... - ${pkgs.vcsh}/bin/vcsh clone -b $HOST ${repoBareLocal} dotfiles - set_remotes ${repoHttps} ${repoSsh} - else - set_remotes ${repoBareLocal} ${repoSsh} - echo Updating dotfiles for $HOST... - ${pkgs.vcsh}/bin/vcsh pull $HOST || true - set_remotes ${repoHttps} ${repoSsh} - fi - '' + if ! test -d $HOME/.config/vcsh/repo.d/dotfiles.git; then + echo Cloning dotfiles for $HOST... + ${pkgs.vcsh}/bin/vcsh clone -b $HOST ${repoBareLocal} dotfiles + set_remotes ${repoHttps} ${repoSsh} + else + set_remotes ${repoBareLocal} ${repoSsh} + echo Updating dotfiles for $HOST... + ${pkgs.vcsh}/bin/vcsh pull $HOST || true + set_remotes ${repoHttps} ${repoSsh} + fi +'' diff --git a/nix/home-manager/profiles/experimental-desktop.nix b/nix/home-manager/profiles/experimental-desktop.nix index 13d87d7..d57a051 100644 --- a/nix/home-manager/profiles/experimental-desktop.nix +++ b/nix/home-manager/profiles/experimental-desktop.nix @@ -1,16 +1,6 @@ +{ packages', ... }: { - pkgs, - config, - lib, - nodeFlake, - packages', - ... -}: let - pkgsUnstable = pkgs.callPackage nodeFlake.inputs.nixpkgs-unstable.outPath {}; -in { - imports = [ - ../profiles/wayland-desktop.nix - ]; + imports = [ ../profiles/wayland-desktop.nix ]; home.packages = [ # experimental WMs diff --git a/nix/home-manager/profiles/gnome-desktop.nix b/nix/home-manager/profiles/gnome-desktop.nix index b803ea5..5051205 100644 --- a/nix/home-manager/profiles/gnome-desktop.nix +++ b/nix/home-manager/profiles/gnome-desktop.nix @@ -1,13 +1,6 @@ +{ pkgs, ... }: { - pkgs, - config, - lib, - ... -}: let -in { - imports = [ - ../profiles/wayland-desktop.nix - ]; + imports = [ ../profiles/wayland-desktop.nix ]; services = { gnome-keyring.enable = false; @@ -25,85 +18,83 @@ in { services.gpg-agent.pinentryPackage = pkgs.pinentry-gnome3; - dconf.settings = let - manualKeybindings = [ - { - binding = "Print"; - command = "flameshot gui"; - name = "flameshot"; - } + dconf.settings = + let + manualKeybindings = [ + { + binding = "Print"; + command = "flameshot gui"; + name = "flameshot"; + } - { - binding = "t"; - command = "alacritty"; - name = "alacritty"; - } - ]; + { + binding = "t"; + command = "alacritty"; + name = "alacritty"; + } + ]; - numWorkspaces = 10; - customKeybindingBaseName = "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom"; - customKeybindingsNames = - builtins.genList (i: "/${customKeybindingBaseName}${toString i}/") - ( - (builtins.length manualKeybindings) - + numWorkspaces # for sending to the workspace + numWorkspaces = 10; + customKeybindingBaseName = "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom"; + customKeybindingsNames = builtins.genList (i: "/${customKeybindingBaseName}${toString i}/") ( + (builtins.length manualKeybindings) + numWorkspaces # for sending to the workspace ); - workspacesKeyBindingsOffset = builtins.length manualKeybindings; + workspacesKeyBindingsOffset = builtins.length manualKeybindings; - # with this we can make use of all number keys [0-9] - mapToNumber = i: - if i < 10 - then i - else if i == 10 - then 0 - else throw "i exceeds 10: ${i}"; - in + # with this we can make use of all number keys [0-9] + mapToNumber = + i: + if i < 10 then + i + else if i == 10 then + 0 + else + throw "i exceeds 10: ${i}"; + in { "org/gnome/settings-daemon/plugins/media-keys" = { custom-keybindings = customKeybindingsNames; screenreader = "@as []"; - screensaver = ["l"]; + screensaver = [ "l" ]; }; # disable the builtin [1-9] functionality - "org/gnome/shell/keybindings" = builtins.listToAttrs ((builtins.genList - (i: { - name = "switch-to-application-${toString (i + 1)}"; - value = []; - }) - numWorkspaces) + "org/gnome/shell/keybindings" = builtins.listToAttrs ( + (builtins.genList (i: { + name = "switch-to-application-${toString (i + 1)}"; + value = [ ]; + }) numWorkspaces) ++ [ { name = "toggle-overview"; - value = []; + value = [ ]; } - ]); + ] + ); # remap it to switching to the workspaces - "org/gnome/desktop/wm/keybindings" = builtins.listToAttrs (builtins.genList - (i: { + "org/gnome/desktop/wm/keybindings" = builtins.listToAttrs ( + builtins.genList (i: { name = "switch-to-workspace-${toString (i + 1)}"; - value = [ - "${toString (mapToNumber (i + 1))}" - ]; - }) - numWorkspaces); + value = [ "${toString (mapToNumber (i + 1))}" ]; + }) numWorkspaces + ); } - // builtins.listToAttrs (builtins.genList - (i: { + // builtins.listToAttrs ( + builtins.genList (i: { name = "${customKeybindingBaseName}${toString i}"; value = builtins.elemAt manualKeybindings i; - }) - (builtins.length manualKeybindings)) - // builtins.listToAttrs (builtins.genList - (i: { + }) (builtins.length manualKeybindings) + ) + // builtins.listToAttrs ( + builtins.genList (i: { name = "${customKeybindingBaseName}${toString (workspacesKeyBindingsOffset + i)}"; value = { binding = "${toString (mapToNumber (i + 1))}"; command = "wmctrl -r :ACTIVE: -t ${toString i}"; name = "Send to workspace ${toString (i + 1)}"; }; - }) - numWorkspaces); + }) numWorkspaces + ); } diff --git a/nix/home-manager/profiles/nix-channels.nix b/nix/home-manager/profiles/nix-channels.nix index 68f21c7..fc52ec6 100644 --- a/nix/home-manager/profiles/nix-channels.nix +++ b/nix/home-manager/profiles/nix-channels.nix @@ -1,28 +1,22 @@ +{ pkgs, config, ... }: { - pkgs, - config, - ... -}: let -in { home.file.".nix-channels".text = ""; - home.activation.removeExistingNixChannels = config.lib.dag.entryBefore ["checkLinkTargets"] '' - $DRY_RUN_CMD ${ - pkgs.writeScript "activation-script" '' - set -ex - if test -f $HOME/.nix-channels; then - echo Uninstalling available channels... - if test -f $HOME/.nix-channel; then - while read url channel; do - nix-channel --remove $channel - done < $HOME/.nix-channel - fi - echo Moving existing file away... - touch $HOME/.nix-channels.dummy - mv --backup=numbered $HOME/.nix-channels.dummy $HOME/.nix-channels - rm $HOME/.nix-channels + home.activation.removeExistingNixChannels = config.lib.dag.entryBefore [ "checkLinkTargets" ] '' + $DRY_RUN_CMD ${pkgs.writeScript "activation-script" '' + set -ex + if test -f $HOME/.nix-channels; then + echo Uninstalling available channels... + if test -f $HOME/.nix-channel; then + while read url channel; do + nix-channel --remove $channel + done < $HOME/.nix-channel fi - '' - }; + echo Moving existing file away... + touch $HOME/.nix-channels.dummy + mv --backup=numbered $HOME/.nix-channels.dummy $HOME/.nix-channels + rm $HOME/.nix-channels + fi + ''}; ''; } diff --git a/nix/home-manager/profiles/qtile-desktop.nix b/nix/home-manager/profiles/qtile-desktop.nix index da12f62..7aa492f 100644 --- a/nix/home-manager/profiles/qtile-desktop.nix +++ b/nix/home-manager/profiles/qtile-desktop.nix @@ -1,14 +1,14 @@ -{ - pkgs, - config, - ... -}: let - inherit (import ../lib.nix {}) mkSimpleTrayService; +{ pkgs, ... }: +let audio = pkgs.writeShellScript "audio" '' export PATH=${ with pkgs; - lib.makeBinPath [pulseaudio findutils gnugrep] + lib.makeBinPath [ + pulseaudio + findutils + gnugrep + ] }:$PATH export MUTEFILE=''${TEMPDIR:-/tmp}/.qtilemute @@ -33,7 +33,7 @@ terminalCommand = "${pkgs.alacritty}/bin/alacritty"; dpmsScript = pkgs.writeShellScript "dpmsScript" '' - export PATH=${with pkgs; lib.makeBinPath [xorg.xset]}:$PATH + export PATH=${with pkgs; lib.makeBinPath [ xorg.xset ]}:$PATH set -xe @@ -56,7 +56,7 @@ ''; screenLockCommand = pkgs.writeShellScript "screenLock" '' - export PATH=${with pkgs; lib.makeBinPath [i3lock]}:$PATH + export PATH=${with pkgs; lib.makeBinPath [ i3lock ]}:$PATH revert() { ${dpmsScript} default @@ -251,7 +251,8 @@ def print_new_window(window): print("new window: ", window) ''; -in { +in +{ services = { gnome-keyring.enable = true; blueman-applet.enable = true; diff --git a/nix/home-manager/profiles/sway-desktop.nix b/nix/home-manager/profiles/sway-desktop.nix index 8cfe85a..8924a3a 100644 --- a/nix/home-manager/profiles/sway-desktop.nix +++ b/nix/home-manager/profiles/sway-desktop.nix @@ -1,35 +1,35 @@ /* -TODO: create helper scripts for sharing of a screen portion -``` + TODO: create helper scripts for sharing of a screen portion + ``` -# this will create a new output named HEADLESS-. increments by 1 with each invocation even if the output is `unplug`ged. -swaymsg create_output + # this will create a new output named HEADLESS-. increments by 1 with each invocation even if the output is `unplug`ged. + swaymsg create_output -# find the name and the workspace number -swaymsg -t get_outputs | jq '.[] | select(.name | test("HEADLESS-.*")) | (.name, .current_workspace)' + # find the name and the workspace number + swaymsg -t get_outputs | jq '.[] | select(.name | test("HEADLESS-.*")) | (.name, .current_workspace)' -swaymsg output HEADLESS-1 mode 1920@108060Hz + swaymsg output HEADLESS-1 mode 1920@108060Hz -# mirror the headless workspace on the current one -nix run nixpkgs\#wl-mirror -- HEADLESS-1 + # mirror the headless workspace on the current one + nix run nixpkgs\#wl-mirror -- HEADLESS-1 -# shift windows to the workspace and switch the focus to it + # shift windows to the workspace and switch the focus to it */ { pkgs, config, lib, # packages', - repoFlakeInputs', ... -}: let - inherit (import ../lib.nix {}) mkSimpleTrayService; +}: +let lockCmd = "${pkgs.swaylock}/bin/swaylock -efF --color '#000000'"; displayOffCmd = "${pkgs.sway}/bin/swaymsg 'output * power off'"; displayOnCmd = "${pkgs.sway}/bin/swaymsg 'output * power on'"; swapOutputWorkspaces = ../../../scripts/sway-swapoutputworkspaces.sh; -in { +in +{ imports = [ ../profiles/wayland-desktop.nix ../programs/waybar.nix @@ -98,112 +98,121 @@ in { systemd.enable = true; xwayland = false; - config = let - modifier = "Mod4"; - inherit (config.wayland.windowManager.sway.config) left right up down; - in { - inherit modifier; - bars = []; + config = + let + modifier = "Mod4"; + inherit (config.wayland.windowManager.sway.config) + left + right + up + down + ; + in + { + inherit modifier; + bars = [ ]; - input = { - "type:keyboard" = - { - xkb_layout = config.home.keyboard.layout; - xkb_variant = config.home.keyboard.variant; - } - // lib.attrsets.optionalAttrs (builtins.length (config.home.keyboard.options or []) > 0) { - xkb_options = builtins.concatStringsSep "," config.home.keyboard.options; + input = { + "type:keyboard" = + { + xkb_layout = config.home.keyboard.layout; + xkb_variant = config.home.keyboard.variant; + } + // lib.attrsets.optionalAttrs (builtins.length (config.home.keyboard.options or [ ]) > 0) { + xkb_options = builtins.concatStringsSep "," config.home.keyboard.options; + }; + + "type:touchpad" = { + natural_scroll = "enabled"; }; - "type:touchpad" = { - natural_scroll = "enabled"; + # alternatively run this command + # swaymsg input "1386:914:Wacom_Intuos_Pro_S_Pen" tool_mode "* relative" + # and then switch to a different VT (alt+ctrl+f2) and back + "1386:914:Wacom_Intuos_Pro_S_Pen" = { + tool_mode = "* relative"; + }; }; - # alternatively run this command - # swaymsg input "1386:914:Wacom_Intuos_Pro_S_Pen" tool_mode "* relative" - # and then switch to a different VT (alt+ctrl+f2) and back - "1386:914:Wacom_Intuos_Pro_S_Pen" = { - tool_mode = "* relative"; + keybindings = lib.mkOptionDefault { + # as of 2023-05-21 the `!!` arg parsing mode was broken for me on yofi + # "${modifier}+d" = "exec ${packages'.yofi}/bin/yofi binapps"; + "${modifier}+d" = "exec ${pkgs.fuzzel}/bin/fuzzel --show-actions"; + + # only 1-9 exist on the default config + "${modifier}+0" = "workspace number 0"; + "${modifier}+Shift+0" = "move container to workspace number 0"; + + # disable splitting for now as i sometimes trigger it accidentally and then get stuck with it + "${modifier}+b" = "nop"; + "${modifier}+v" = "nop"; + + # move workspace to output + "${modifier}+Control+Shift+${left}" = "move workspace to output left"; + "${modifier}+Control+Shift+${right}" = "move workspace to output right"; + "${modifier}+Control+Shift+${up}" = "move workspace to output up"; + "${modifier}+Control+Shift+${down}" = "move workspace to output down"; + # move workspace to output with arrow keys + "${modifier}+Control+Shift+Left" = "move workspace to output left"; + "${modifier}+Control+Shift+Right" = "move workspace to output right"; + "${modifier}+Control+Shift+Up" = "move workspace to output up"; + "${modifier}+Control+Shift+Down" = "move workspace to output down"; + + # TODO: i've been hitting this one accidentally way too often. find a better place. + # "${modifier}+Shift+e" = "exec ${pkgs.sway}/bin/swaymsg exit"; + "${modifier}+q" = "kill"; + "${modifier}+Shift+q" = "exec ${pkgs.sway}/bin/swaymsg -t get_tree | ${pkgs.jq}/bin/jq 'recurse(.nodes[], .floating_nodes[]) | select(.focused).pid' | ${pkgs.findutils}/bin/xargs -L1 kill -9"; + + "${modifier}+x" = "exec ${swapOutputWorkspaces}"; + + "${modifier}+Ctrl+l" = "exec ${lockCmd}"; + + "--locked XF86AudioPlay" = "exec ${pkgs.playerctl}/bin/playerctl play-pause"; + "XF86AudioPrev" = "exec ${pkgs.playerctl}/bin/playerctl previous"; + "XF86AudioNext" = "exec ${pkgs.playerctl}/bin/playerctl next"; + + "XF86AudioRaiseVolume" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --change-volume +5"; + "XF86AudioLowerVolume" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --change-volume -5"; + "--locked XF86AudioMute" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --toggle-mute"; + + "Print" = "exec ${pkgs.shotman}/bin/shotman --capture region"; }; + + terminal = "alacritty"; + startup = + [ + { + command = builtins.toString ( + pkgs.writeShellScript "ensure-graphical-session" '' + ( + ${pkgs.coreutils}/bin/sleep 0.2 + ${pkgs.systemd}/bin/systemctl --user restart graphical-session.target + ) & + '' + ); + } + ] + ++ lib.optionals config.services.swayidle.enable [ + { + command = builtins.toString ( + pkgs.writeShellScript "ensure-graphical-session" '' + ( + ${pkgs.coreutils}/bin/sleep 0.2 + ${pkgs.systemd}/bin/systemctl --user restart swayidle + ) & + '' + ); + } + ]; + + colors.focused = lib.mkOptionDefault { childBorder = lib.mkForce "#ffa500"; }; + + window.titlebar = false; + window.border = 4; + + # this maps to focus_on_window_activation + focus.newWindow = "urgent"; }; - - keybindings = lib.mkOptionDefault { - # as of 2023-05-21 the `!!` arg parsing mode was broken for me on yofi - # "${modifier}+d" = "exec ${packages'.yofi}/bin/yofi binapps"; - "${modifier}+d" = "exec ${pkgs.fuzzel}/bin/fuzzel --show-actions"; - - # only 1-9 exist on the default config - "${modifier}+0" = "workspace number 0"; - "${modifier}+Shift+0" = "move container to workspace number 0"; - - # disable splitting for now as i sometimes trigger it accidentally and then get stuck with it - "${modifier}+b" = "nop"; - "${modifier}+v" = "nop"; - - # move workspace to output - "${modifier}+Control+Shift+${left}" = "move workspace to output left"; - "${modifier}+Control+Shift+${right}" = "move workspace to output right"; - "${modifier}+Control+Shift+${up}" = "move workspace to output up"; - "${modifier}+Control+Shift+${down}" = "move workspace to output down"; - # move workspace to output with arrow keys - "${modifier}+Control+Shift+Left" = "move workspace to output left"; - "${modifier}+Control+Shift+Right" = "move workspace to output right"; - "${modifier}+Control+Shift+Up" = "move workspace to output up"; - "${modifier}+Control+Shift+Down" = "move workspace to output down"; - - # TODO: i've been hitting this one accidentally way too often. find a better place. - # "${modifier}+Shift+e" = "exec ${pkgs.sway}/bin/swaymsg exit"; - "${modifier}+q" = "kill"; - "${modifier}+Shift+q" = "exec ${pkgs.sway}/bin/swaymsg -t get_tree | ${pkgs.jq}/bin/jq 'recurse(.nodes[], .floating_nodes[]) | select(.focused).pid' | ${pkgs.findutils}/bin/xargs -L1 kill -9"; - - "${modifier}+x" = "exec ${swapOutputWorkspaces}"; - - "${modifier}+Ctrl+l" = "exec ${lockCmd}"; - - "--locked XF86AudioPlay" = "exec ${pkgs.playerctl}/bin/playerctl play-pause"; - "XF86AudioPrev" = "exec ${pkgs.playerctl}/bin/playerctl previous"; - "XF86AudioNext" = "exec ${pkgs.playerctl}/bin/playerctl next"; - - "XF86AudioRaiseVolume" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --change-volume +5"; - "XF86AudioLowerVolume" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --change-volume -5"; - "--locked XF86AudioMute" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --toggle-mute"; - - "Print" = "exec ${pkgs.shotman}/bin/shotman --capture region"; - }; - - terminal = "alacritty"; - startup = - [ - { - command = builtins.toString (pkgs.writeShellScript "ensure-graphical-session" '' - ( - ${pkgs.coreutils}/bin/sleep 0.2 - ${pkgs.systemd}/bin/systemctl --user restart graphical-session.target - ) & - ''); - } - ] - ++ lib.optionals config.services.swayidle.enable [ - { - command = builtins.toString (pkgs.writeShellScript "ensure-graphical-session" '' - ( - ${pkgs.coreutils}/bin/sleep 0.2 - ${pkgs.systemd}/bin/systemctl --user restart swayidle - ) & - ''); - } - ]; - - colors.focused = lib.mkOptionDefault { - childBorder = lib.mkForce "#ffa500"; - }; - - window.titlebar = false; - window.border = 4; - - # this maps to focus_on_window_activation - focus.newWindow = "urgent"; - }; }; services.swayidle = { diff --git a/nix/home-manager/profiles/wayland-desktop.nix b/nix/home-manager/profiles/wayland-desktop.nix index 73fc23a..4f8fc22 100644 --- a/nix/home-manager/profiles/wayland-desktop.nix +++ b/nix/home-manager/profiles/wayland-desktop.nix @@ -1,16 +1,14 @@ { pkgs, - config, lib, repoFlake, - nodeFlake, ... -}: let - inherit (import ../lib.nix {}) mkSimpleTrayService; +}: +let nixpkgs-wayland' = repoFlake.inputs.nixpkgs-wayland.packages.${pkgs.system}; - wayprompt = nixpkgs-wayland'.wayprompt; -in { +in +{ fonts.fontconfig.enable = true; # services.gpg-agent.pinentryFlavor = lib.mkForce null; @@ -26,11 +24,12 @@ in { systemd.user.targets.tray = { Unit = { Description = "Home Manager System Tray"; - Requires = ["graphical-session-pre.target"]; + Requires = [ "graphical-session-pre.target" ]; }; }; - home.packages = with pkgs; + home.packages = + with pkgs; [ # required by network-manager-applet networkmanagerapplet @@ -62,11 +61,9 @@ in { waypipe ] - ++ ( - lib.lists.optionals (!pkgs.stdenv.isAarch64) + ++ (lib.lists.optionals (!pkgs.stdenv.isAarch64) # TODO: broken on aarch64 - [ - ] + [ ] ); home.sessionVariables = { diff --git a/nix/home-manager/programs/chromium.nix b/nix/home-manager/programs/chromium.nix index 712eb42..8d12110 100644 --- a/nix/home-manager/programs/chromium.nix +++ b/nix/home-manager/programs/chromium.nix @@ -3,14 +3,15 @@ lib, pkgs, ... -}: let +}: +let extensions = [ #undetectable adblocker - {id = "gcfcpohokifjldeandkfjoboemihipmb";} + { id = "gcfcpohokifjldeandkfjoboemihipmb"; } # ublock origin - {id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";} + { id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # # YT ad block # {id = "cmedhionkhpnakcndndgjdbohmhepckk";} @@ -19,15 +20,15 @@ # {id = "cfhdojbkjhnklbpkdaibdccddilifddb";} # Cookie Notice Blocker - {id = "odhmfmnoejhihkmfebnolljiibpnednn";} + { id = "odhmfmnoejhihkmfebnolljiibpnednn"; } # i don't care about cookies - {id = "fihnjjcciajhdojfnbdddfaoknhalnja";} + { id = "fihnjjcciajhdojfnbdddfaoknhalnja"; } # NopeCHA - {id = "dknlfmjaanfblgfdfebhijalfmhmjjjo";} + { id = "dknlfmjaanfblgfdfebhijalfmhmjjjo"; } # h264ify - {id = "aleakchihdccplidncghkekgioiakgal";} + { id = "aleakchihdccplidncghkekgioiakgal"; } # clippy # {id = "honbeilkanbghjimjoniipnnehlmhggk"} @@ -38,31 +39,32 @@ } # cookie autodelete - {id = "fhcgjolkccmbidfldomjliifgaodjagh";} + { id = "fhcgjolkccmbidfldomjliifgaodjagh"; } # unhook - {id = "khncfooichmfjbepaaaebmommgaepoid";} + { id = "khncfooichmfjbepaaaebmommgaepoid"; } ] ++ (lib.lists.optionals ((builtins.match "^steveej.*" name) != null) [ # polkadotjs - {id = "mopnmbcafieddcagagdcbnhejhlodfdd";} + { id = "mopnmbcafieddcagagdcbnhejhlodfdd"; } # rabby wallet - {id = "acmacodkjbdgmoleebolmdjonilkdbch";} + { id = "acmacodkjbdgmoleebolmdjonilkdbch"; } # phantom wallet - {id = "bfnaelmomeimhlpmgjnjophhpkkoljpa";} + { id = "bfnaelmomeimhlpmgjnjophhpkkoljpa"; } # Vimium C - {id = "hfjbmagddngcpeloejdejnfgbamkjaeg";} + { id = "hfjbmagddngcpeloejdejnfgbamkjaeg"; } # always right - {id = "npjpaghfnndnnmjiliibnkmdfgbojokj";} + { id = "npjpaghfnndnnmjiliibnkmdfgbojokj"; } # shazam music - {id = "mmioliijnhnoblpgimnlajmefafdfilb";} + { id = "mmioliijnhnoblpgimnlajmefafdfilb"; } ]); -in { +in +{ programs.chromium = { enable = true; inherit extensions; @@ -72,9 +74,7 @@ in { programs.brave = { # TODO: enable this on aarch64-linux - enable = - true - && !pkgs.stdenv.targetPlatform.isAarch64; + enable = true && !pkgs.stdenv.targetPlatform.isAarch64; inherit extensions; }; } diff --git a/nix/home-manager/programs/espanso.nix b/nix/home-manager/programs/espanso.nix index 86d6371..8297183 100644 --- a/nix/home-manager/programs/espanso.nix +++ b/nix/home-manager/programs/espanso.nix @@ -1,8 +1,5 @@ +{ pkgs, ... }: { - pkgs, - repoFlake, - ... -}: { services.espanso = { package = pkgs.espanso-wayland; # package = pkgs.espanso-wayland.overrideAttrs (_: { @@ -24,64 +21,62 @@ # backend = "Clipboard"; }; }; - matches = let - playerctl = '' - ${pkgs.coreutils}/bin/env DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(${pkgs.coreutils}/bin/id -u)/bus" ${pkgs.playerctl}/bin/playerctl''; - in { - default = { - matches = [ - { - trigger = ":vpos"; - replace = "{{output}}"; - vars = [ - { - name = "output"; - type = "script"; - params = { - args = [ - (pkgs.writeScript "espanso" '' - #! ${pkgs.python3}/bin/python - import subprocess, os, math, datetime + matches = + let + playerctl = ''${pkgs.coreutils}/bin/env DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(${pkgs.coreutils}/bin/id -u)/bus" ${pkgs.playerctl}/bin/playerctl''; + in + { + default = { + matches = [ + { + trigger = ":vpos"; + replace = "{{output}}"; + vars = [ + { + name = "output"; + type = "script"; + params = { + args = [ + (pkgs.writeScript "espanso" '' + #! ${pkgs.python3}/bin/python + import subprocess, os, math, datetime - id=str(os.getuid()) - result=subprocess.run(args=["${pkgs.playerctl}/bin/playerctl", "position"], env={"DBUS_SESSION_BUS_ADDRESS": "unix:path=/run/user/"+id+"/bus"},capture_output=True) - result.check_returncode() + id=str(os.getuid()) + result=subprocess.run(args=["${pkgs.playerctl}/bin/playerctl", "position"], env={"DBUS_SESSION_BUS_ADDRESS": "unix:path=/run/user/"+id+"/bus"},capture_output=True) + result.check_returncode() - position_secs = math.trunc(float(result.stdout)) - position_human = datetime.timedelta(seconds=position_secs) - print("%s - %s" % (position_human, position_secs)) - '') - ]; - }; - } - ]; - } - { - trigger = ":vtit"; - replace = "{{output}}"; - vars = [ - { - name = "output"; - type = "script"; - params = { - args = [ - (pkgs.writeShellScript "espanso" - "${playerctl} metadata title") - ]; - }; - } - ]; - } - { - trigger = ":dunno"; - replace = "¯\\_(ツ)_/¯"; - } - { - trigger = ":shrug"; - replace = "¯\\_(ツ)_/¯"; - } - ]; + position_secs = math.trunc(float(result.stdout)) + position_human = datetime.timedelta(seconds=position_secs) + print("%s - %s" % (position_human, position_secs)) + '') + ]; + }; + } + ]; + } + { + trigger = ":vtit"; + replace = "{{output}}"; + vars = [ + { + name = "output"; + type = "script"; + params = { + args = [ (pkgs.writeShellScript "espanso" "${playerctl} metadata title") ]; + }; + } + ]; + } + { + trigger = ":dunno"; + replace = "¯\\_(ツ)_/¯"; + } + { + trigger = ":shrug"; + replace = "¯\\_(ツ)_/¯"; + } + ]; + }; }; - }; }; } diff --git a/nix/home-manager/programs/firefox.nix b/nix/home-manager/programs/firefox.nix index 993cbc4..d07f3aa 100644 --- a/nix/home-manager/programs/firefox.nix +++ b/nix/home-manager/programs/firefox.nix @@ -1,5 +1,8 @@ -{pkgs, ...}: { - programs.librewolf = {enable = false;}; +{ pkgs, ... }: +{ + programs.librewolf = { + enable = false; + }; programs.firefox = { enable = true; package = pkgs.firefox-esr-128; diff --git a/nix/home-manager/programs/gpg-agent.nix b/nix/home-manager/programs/gpg-agent.nix index 069c7ca..41ab604 100644 --- a/nix/home-manager/programs/gpg-agent.nix +++ b/nix/home-manager/programs/gpg-agent.nix @@ -1,12 +1,6 @@ +{ lib, pkgs, ... }: { - lib, - pkgs, - config, - ... -}: { - home.packages = [ - pkgs.gcr - ]; + home.packages = [ pkgs.gcr ]; programs.gpg.enable = true; services.gpg-agent = { diff --git a/nix/home-manager/programs/homeshick.nix b/nix/home-manager/programs/homeshick.nix index cbd4964..4ba0dfe 100644 --- a/nix/home-manager/programs/homeshick.nix +++ b/nix/home-manager/programs/homeshick.nix @@ -1,32 +1,25 @@ +{ pkgs, config, ... }: { - pkgs, - config, - ... -}: let - # TODO: clean up the impurity in here -in { home.sessionVariables.HOMESHICK_DIR = "${pkgs.homeshick}"; - home.activation.bootstrapRepos = config.lib.dag.entryAfter ["writeBoundary"] '' - $DRY_RUN_CMD ${ - pkgs.writeScript "activation-script" '' - set -e - echo home-manager path is ${config.home.path} - echo home is $HOME + home.activation.bootstrapRepos = config.lib.dag.entryAfter [ "writeBoundary" ] '' + $DRY_RUN_CMD ${pkgs.writeScript "activation-script" '' + set -e + echo home-manager path is ${config.home.path} + echo home is $HOME - source ${pkgs.homeshick}/homeshick.sh - type homeshick + source ${pkgs.homeshick}/homeshick.sh + type homeshick - # echo Updating homeshick - # ln -sfT ${pkgs.homeshick} "$HOMESICK_REPOS"/.homeshick - # mv -Tf "$HOMESICK_REPOS"/{.,}homeshick - '' - }; + # echo Updating homeshick + # ln -sfT ${pkgs.homeshick} "$HOMESICK_REPOS"/.homeshick + # mv -Tf "$HOMESICK_REPOS"/{.,}homeshick + ''}; ''; nixpkgs.config = { - packageOverrides = pkgs: - with pkgs; { + packageOverrides = + pkgs: with pkgs; { homeshick = builtins.fetchGit { url = "https://github.com/andsens/homeshick.git"; ref = "master"; diff --git a/nix/home-manager/programs/libreoffice.nix b/nix/home-manager/programs/libreoffice.nix index 17d0a24..1e846d4 100644 --- a/nix/home-manager/programs/libreoffice.nix +++ b/nix/home-manager/programs/libreoffice.nix @@ -1,3 +1,4 @@ -{pkgs, ...}: { - home.packages = [pkgs.libreoffice]; +{ pkgs, ... }: +{ + home.packages = [ pkgs.libreoffice ]; } diff --git a/nix/home-manager/programs/neovim.nix b/nix/home-manager/programs/neovim.nix index be7e02b..fcc299f 100644 --- a/nix/home-manager/programs/neovim.nix +++ b/nix/home-manager/programs/neovim.nix @@ -1,12 +1,6 @@ +{ repoFlake, pkgs, ... }: { - repoFlake, - pkgs, - lib, - ... -}: { - imports = [ - repoFlake.inputs.nixvim.homeManagerModules.nixvim - ]; + imports = [ repoFlake.inputs.nixvim.homeManagerModules.nixvim ]; programs.nixvim = { enable = true; @@ -14,7 +8,7 @@ vimdiffAlias = true; vimAlias = true; - extraPython3Packages = ps: with ps; []; + extraPython3Packages = ps: with ps; [ ]; # extraConfigVim = builtins.readFile ./neovim/vimrc; diff --git a/nix/home-manager/programs/obs-studio.nix b/nix/home-manager/programs/obs-studio.nix index b053e24..d99747d 100644 --- a/nix/home-manager/programs/obs-studio.nix +++ b/nix/home-manager/programs/obs-studio.nix @@ -1,21 +1,25 @@ +{ pkgs, lib, ... }: { - pkgs, - lib, - ... -}: { programs.obs-studio = { enable = true; plugins = - builtins.map (plugin: (plugin.overrideAttrs (attrs: { - meta = lib.mkMerge [ - {inherit (attrs) meta;} - {meta.platforms = [pkgs.stdenv.system];} - ]; - }))) - (with pkgs.obs-studio-plugins; [ - # wlrobs - obs-backgroundremoval - obs-pipewire-audio-capture - ]); + builtins.map + ( + plugin: + (plugin.overrideAttrs (attrs: { + meta = lib.mkMerge [ + { inherit (attrs) meta; } + { meta.platforms = [ pkgs.stdenv.system ]; } + ]; + })) + ) + ( + with pkgs.obs-studio-plugins; + [ + # wlrobs + obs-backgroundremoval + obs-pipewire-audio-capture + ] + ); }; } diff --git a/nix/home-manager/programs/openvscode-server.nix b/nix/home-manager/programs/openvscode-server.nix index 6e74406..165ff4e 100644 --- a/nix/home-manager/programs/openvscode-server.nix +++ b/nix/home-manager/programs/openvscode-server.nix @@ -1,12 +1,8 @@ +{ pkgs, repoFlake, ... }: +let + pkgsVscodium = import repoFlake.inputs.nixpkgs-vscodium { inherit (pkgs) system config; }; +in { - pkgs, - nodeFlake, - repoFlake, - ... -}: let - pkgsUnstable = import nodeFlake.inputs.nixpkgs-unstable {inherit (pkgs) system config;}; - pkgsVscodium = import repoFlake.inputs.nixpkgs-vscodium {inherit (pkgs) system config;}; -in { home.packages = [ pkgs.nil pkgs.nixd @@ -20,20 +16,22 @@ in { # 3. link the binary. this relies on the client-side setting `"remote.SSH.experimental.serverBinaryName": "openvscode-server"` : ln -s $(which openvscode-server) /home/steveej/.vscodium-server/bin/c8ce3ba4bc6b30b3b10edc61481cb85b1d2396bc/bin/ /* - e.g.: - ``` - ( - set -e - export COMMIT=$(codium --version | rg '^[0-9a-f]{40}$') - ssh bm-hostkey0 "pkill -9 openvscode; rm -rf /home/steveej/.vscodium-server/bin/$COMMIT; mkdir -p /home/steveej/.vscodium-server/bin/$COMMIT/bin/; ln -s \$(which openvscode-server) /home/steveej/.vscodium-server/bin/$COMMIT/bin/" - ) - ``` + e.g.: + ``` + ( + set -e + export COMMIT=$(codium --version | rg '^[0-9a-f]{40}$') + ssh bm-hostkey0 "pkill -9 openvscode; rm -rf /home/steveej/.vscodium-server/bin/$COMMIT; mkdir -p /home/steveej/.vscodium-server/bin/$COMMIT/bin/; ln -s \$(which openvscode-server) /home/steveej/.vscodium-server/bin/$COMMIT/bin/" + ) + ``` */ (pkgsVscodium.openvscode-server.overrideAttrs (attrs: { src = repoFlake.inputs.openvscode-server; version = "1.94.2"; - yarnCache = attrs.yarnCache.overrideAttrs (_: {outputHash = "sha256-89c6GYLT2RzHqwxBKegYqB6g5rEJ6/nH53cnfV7b0Tt=";}); + yarnCache = attrs.yarnCache.overrideAttrs (_: { + outputHash = "sha256-89c6GYLT2RzHqwxBKegYqB6g5rEJ6/nH53cnfV7b0Tt="; + }); })) pkgs.waypipe diff --git a/nix/home-manager/programs/pass.nix b/nix/home-manager/programs/pass.nix index 2d533c9..056d08d 100644 --- a/nix/home-manager/programs/pass.nix +++ b/nix/home-manager/programs/pass.nix @@ -1,8 +1,5 @@ +{ repoFlake, pkgs, ... }: { - repoFlake, - pkgs, - ... -}: { # required by pass-otp # home.sessionVariables.PASSWORD_STORE_EXTENSIONS_DIR = "$HOME/.nix-profile/lib/password-store/extensions"; # home.sessionVariables.PASSWORD_STORE_ENABLE_EXTENSIONS = "true"; diff --git a/nix/home-manager/programs/radicale.nix b/nix/home-manager/programs/radicale.nix index 207b9e6..be31268 100644 --- a/nix/home-manager/programs/radicale.nix +++ b/nix/home-manager/programs/radicale.nix @@ -4,7 +4,8 @@ pkgs, osConfig, ... -}: let +}: +let libdecsync = pkgs.python3Packages.buildPythonPackage rec { pname = "libdecsync"; version = "2.2.1"; @@ -38,50 +39,51 @@ # pkgs.libxcrypt ]; - propagatedBuildInputs = [libdecsync pkgs.python3Packages.setuptools]; + propagatedBuildInputs = [ + libdecsync + pkgs.python3Packages.setuptools + ]; }; radicale-decsync = pkgs.radicale.overrideAttrs (old: { - propagatedBuildInputs = - old.propagatedBuildInputs - ++ [radicale-storage-decsync]; + propagatedBuildInputs = old.propagatedBuildInputs ++ [ radicale-storage-decsync ]; }); - mkRadicaleService = { - suffix, - port, - }: let - radicale-config = pkgs.writeText "radicale-config-${suffix}" '' - [server] - hosts = localhost:${builtins.toString port} + mkRadicaleService = + { suffix, port }: + let + radicale-config = pkgs.writeText "radicale-config-${suffix}" '' + [server] + hosts = localhost:${builtins.toString port} - [auth] - type = htpasswd - htpasswd_filename = ${osConfig.sops.secrets.radicale_htpasswd.path} - htpasswd_encryption = bcrypt + [auth] + type = htpasswd + htpasswd_filename = ${osConfig.sops.secrets.radicale_htpasswd.path} + htpasswd_encryption = bcrypt - [storage] - type = radicale_storage_decsync - filesystem_folder = ${config.xdg.dataHome}/radicale/radicale-${suffix} - decsync_dir = ${config.xdg.dataHome}/decsync/decsync-${suffix} - ''; - in { - systemd.user.services."radicale-${suffix}" = { - Unit.Description = "Radicale with DecSync (${suffix})"; - Service = { - ExecStart = "${radicale-decsync}/bin/radicale -C ${radicale-config}"; - Restart = "on-failure"; + [storage] + type = radicale_storage_decsync + filesystem_folder = ${config.xdg.dataHome}/radicale/radicale-${suffix} + decsync_dir = ${config.xdg.dataHome}/decsync/decsync-${suffix} + ''; + in + { + systemd.user.services."radicale-${suffix}" = { + Unit.Description = "Radicale with DecSync (${suffix})"; + Service = { + ExecStart = "${radicale-decsync}/bin/radicale -C ${radicale-config}"; + Restart = "on-failure"; + }; + Install.WantedBy = [ "default.target" ]; }; - Install.WantedBy = ["default.target"]; }; - }; in - builtins.foldl' (sum: cur: lib.recursiveUpdate sum (mkRadicaleService cur)) {} [ - { - suffix = "personal"; - port = 5232; - } - { - suffix = "family"; - port = 5233; - } - ] +builtins.foldl' (sum: cur: lib.recursiveUpdate sum (mkRadicaleService cur)) { } [ + { + suffix = "personal"; + port = 5232; + } + { + suffix = "family"; + port = 5233; + } +] diff --git a/nix/home-manager/programs/redshift.nix b/nix/home-manager/programs/redshift.nix index 6fb73d0..9e45594 100644 --- a/nix/home-manager/programs/redshift.nix +++ b/nix/home-manager/programs/redshift.nix @@ -1,10 +1,8 @@ -{ - pkgs, - config, - ... -}: let +_: +let passwords = import ../../variables/passwords.crypt.nix; -in { +in +{ services.gammastep = { enable = true; provider = "manual"; diff --git a/nix/home-manager/programs/salut.nix b/nix/home-manager/programs/salut.nix index 6a2894d..415e3be 100644 --- a/nix/home-manager/programs/salut.nix +++ b/nix/home-manager/programs/salut.nix @@ -1,18 +1,11 @@ -{ - pkgs, - config, - lib, - packages', - ... -}: +{ pkgs, packages', ... }: # useful testing command: # for i in `seq 0 10`; do nix shell nixpkgs#libnotify --command notify-send notifiiiiiii "$i"; sleep 1; done let - inherit (import ../lib.nix {}) mkSimpleTrayService; -in { - home.packages = [ - packages'.salut - ]; + inherit (import ../lib.nix { }) mkSimpleTrayService; +in +{ + home.packages = [ packages'.salut ]; xdg.configFile."salut/config.ini" = { enable = true; @@ -34,7 +27,5 @@ in { onChange = "${pkgs.systemd}/bin/systemctl --user restart salut"; }; - systemd.user.services.salut = mkSimpleTrayService { - execStart = "${packages'.salut}/bin/salut"; - }; + systemd.user.services.salut = mkSimpleTrayService { execStart = "${packages'.salut}/bin/salut"; }; } diff --git a/nix/home-manager/programs/vscode/default.nix b/nix/home-manager/programs/vscode/default.nix index 1318aaf..d6f3f8f 100644 --- a/nix/home-manager/programs/vscode/default.nix +++ b/nix/home-manager/programs/vscode/default.nix @@ -1,24 +1,14 @@ +{ pkgs, repoFlake, ... }: +let + pkgsVscodium = import repoFlake.inputs.nixpkgs-vscodium { inherit (pkgs) system config; }; +in { - pkgs, - nodeFlake, - repoFlake, - ... -}: let - pkgsVscodium = import repoFlake.inputs.nixpkgs-vscodium {inherit (pkgs) system config;}; -in { programs.vscode = { enable = true; package = pkgsVscodium.vscodium; extensions = - [ - # TODO: how can i install (this) vsix(s) directly? - # (builtins.fetchurl { - # # https://open-vsx.org/extension/jeanp413/open-remote-ssh - # url = "https://open-vsx.org/api/jeanp413/open-remote-ssh/0.0.45/file/jeanp413.open-remote-ssh-0.0.45.vsix"; - # sha256 = "1qc1qsahfx1nvznq4adplx63w5d94xhafngv76vnqjjbzhv991v2"; - # }) - ] - ++ (with pkgsVscodium.vscode-extensions; + ( + with pkgsVscodium.vscode-extensions; [ eamodio.gitlens mkhl.direnv @@ -43,11 +33,13 @@ in { # TODO: not compatible with vscodium # ms-vscode-remote.remote-ssh ] - ++ (let - extensions = repoFlake.inputs.nix-vscode-extensions.extensions.${pkgs.system}; - in ( + ++ ( + let + extensions = repoFlake.inputs.nix-vscode-extensions.extensions.${pkgs.system}; + in with extensions.vscode-marketplace; - with extensions.vscode-marketplace-release; [ + with extensions.vscode-marketplace-release; + [ tamasfe.even-better-toml serayuzgur.crates @@ -59,15 +51,15 @@ in { ibecker.treefmt-vscode ] - ))) + ) + ) ++ [ - (pkgsVscodium.vscode-utils.extensionFromVscodeMarketplace - { - name = "markdown-oxide"; - publisher = "felixzeller"; - version = "1.1.0"; - sha256 = "07l37hkg106m3nl9530l7i39iw1kibckv1zi4n23gbp7srdrwbs3"; - }) + (pkgsVscodium.vscode-utils.extensionFromVscodeMarketplace { + name = "markdown-oxide"; + publisher = "felixzeller"; + version = "1.1.0"; + sha256 = "07l37hkg106m3nl9530l7i39iw1kibckv1zi4n23gbp7srdrwbs3"; + }) ]; mutableExtensionsDir = true; }; @@ -151,4 +143,3 @@ in { # xyz.plsql-language # yzane.markdown-pdf # zxh404.vscode-proto3 - diff --git a/nix/home-manager/programs/vscode/nix4vscode/default.nix b/nix/home-manager/programs/vscode/nix4vscode/default.nix index 5cc0669..3c5a268 100644 --- a/nix/home-manager/programs/vscode/nix4vscode/default.nix +++ b/nix/home-manager/programs/vscode/nix4vscode/default.nix @@ -1,12 +1,17 @@ -{ - pkgs, - lib, -}: let - inherit (pkgs.stdenv) isDarwin isLinux isi686 isx86_64 isAarch32 isAarch64; - vscode-utils = pkgs.vscode-utils; +{ pkgs, lib }: +let + inherit (pkgs.stdenv) + isDarwin + isLinux + isi686 + isx86_64 + isAarch32 + isAarch64 + ; + inherit (pkgs) vscode-utils; merge = lib.attrsets.recursiveUpdate; in - merge +merge (merge (merge (merge @@ -18,39 +23,50 @@ in sha256 = "07l37hkg106m3nl9530l7i39iw1kibckv1zi4n23gbp7srdrwbs3"; }; } - (lib.attrsets.optionalAttrs (isLinux && (isi686 || isx86_64)) { + ( + lib.attrsets.optionalAttrs (isLinux && (isi686 || isx86_64)) { + "ibecker"."treefmt-vscode" = vscode-utils.extensionFromVscodeMarketplace { + name = "treefmt-vscode"; + publisher = "ibecker"; + version = "2.1.0"; + sha256 = "1r17wjpw8xiha5r9h3146facxghpcp416zf8551sw93cmam9ky6j"; + arch = "linux-x64"; + }; + } + ) + ) + ( + lib.attrsets.optionalAttrs (isLinux && (isAarch32 || isAarch64)) { "ibecker"."treefmt-vscode" = vscode-utils.extensionFromVscodeMarketplace { name = "treefmt-vscode"; publisher = "ibecker"; version = "2.1.0"; - sha256 = "1r17wjpw8xiha5r9h3146facxghpcp416zf8551sw93cmam9ky6j"; - arch = "linux-x64"; + sha256 = "0swvl7fkjcwp43grnrhnmy60a5m3hfwawk204byi8hhbczy131li"; + arch = "linux-arm64"; }; - })) - (lib.attrsets.optionalAttrs (isLinux && (isAarch32 || isAarch64)) { + } + ) + ) + ( + lib.attrsets.optionalAttrs (isDarwin && (isi686 || isx86_64)) { "ibecker"."treefmt-vscode" = vscode-utils.extensionFromVscodeMarketplace { name = "treefmt-vscode"; publisher = "ibecker"; version = "2.1.0"; - sha256 = "0swvl7fkjcwp43grnrhnmy60a5m3hfwawk204byi8hhbczy131li"; - arch = "linux-arm64"; + sha256 = "1swq9hy6a9nzkrn07j21g59pyk2m7aqsfi1pphl9l9y8p4zwiaqm"; + arch = "darwin-x64"; }; - })) - (lib.attrsets.optionalAttrs (isDarwin && (isi686 || isx86_64)) { + } + ) + ) + ( + lib.attrsets.optionalAttrs (isDarwin && (isAarch32 || isAarch64)) { "ibecker"."treefmt-vscode" = vscode-utils.extensionFromVscodeMarketplace { name = "treefmt-vscode"; publisher = "ibecker"; version = "2.1.0"; - sha256 = "1swq9hy6a9nzkrn07j21g59pyk2m7aqsfi1pphl9l9y8p4zwiaqm"; - arch = "darwin-x64"; + sha256 = "1xg3wnn3f1kvsz5a09l0cjpzfm3l9va73cahbvl14mx3n6734r2m"; + arch = "darwin-arm64"; }; - })) - (lib.attrsets.optionalAttrs (isDarwin && (isAarch32 || isAarch64)) { - "ibecker"."treefmt-vscode" = vscode-utils.extensionFromVscodeMarketplace { - name = "treefmt-vscode"; - publisher = "ibecker"; - version = "2.1.0"; - sha256 = "1xg3wnn3f1kvsz5a09l0cjpzfm3l9va73cahbvl14mx3n6734r2m"; - arch = "darwin-arm64"; - }; - }) + } + ) diff --git a/nix/home-manager/programs/waybar.css b/nix/home-manager/programs/waybar.css index 60eff50..664a47f 100644 --- a/nix/home-manager/programs/waybar.css +++ b/nix/home-manager/programs/waybar.css @@ -1,6 +1,5 @@ - #custom-cputemp { - padding: 0 10px; - background-color: #f0932b; - color: #ffffff; + padding: 0 10px; + background-color: #f0932b; + color: #ffffff; } diff --git a/nix/home-manager/programs/waybar.nix b/nix/home-manager/programs/waybar.nix index b6137e1..a559dfc 100644 --- a/nix/home-manager/programs/waybar.nix +++ b/nix/home-manager/programs/waybar.nix @@ -1,9 +1,5 @@ +{ pkgs, repoFlake, ... }: { - pkgs, - config, - repoFlake, - ... -}: { home.packages = [ # required by any bar that has a tray plugin pkgs.libappindicator-gtk3 @@ -12,10 +8,9 @@ programs.waybar = { enable = true; - package = repoFlake.inputs.nixpkgs-wayland.outputs.packages.${pkgs.stdenv.hostPlatform.system}.waybar; - style = - pkgs.lib.readFile "${pkgs.waybar.src}/resources/style.css" - + pkgs.lib.readFile ./waybar.css; + package = + repoFlake.inputs.nixpkgs-wayland.outputs.packages.${pkgs.stdenv.hostPlatform.system}.waybar; + style = pkgs.lib.readFile "${pkgs.waybar.src}/resources/style.css" + pkgs.lib.readFile ./waybar.css; systemd.enable = true; settings = { mainBar = { @@ -24,12 +19,7 @@ height = 30; output = # hide the bar on HEADDLESS displays as i use them only for screensharing - ( - builtins.genList (i: "!HEADLESS-${builtins.toString i}") 99 - ) - ++ [ - "*" - ]; + (builtins.genList (i: "!HEADLESS-${builtins.toString i}") 99) ++ [ "*" ]; # output = [ # "eDP-1" # "DP-*" diff --git a/nix/home-manager/programs/zsh.nix b/nix/home-manager/programs/zsh.nix index 40e603d..333d3d7 100644 --- a/nix/home-manager/programs/zsh.nix +++ b/nix/home-manager/programs/zsh.nix @@ -3,27 +3,29 @@ lib, pkgs, ... -}: let - just-plugin = let - plugin_file = pkgs.writeText "_just" '' - #compdef just - #autload +}: +let + just-plugin = + let + plugin_file = pkgs.writeText "_just" '' + #compdef just + #autload - alias justl="\just --list" - alias juste="\just --evaluate" + alias justl="\just --list" + alias juste="\just --evaluate" - local subcmds=() + local subcmds=() - while read -r line ; do - if [[ ! $line == Available* ]] ; - then - subcmds+=(''${line/[[:space:]]*\#/:}) - fi - done < <(just --list) + while read -r line ; do + if [[ ! $line == Available* ]] ; + then + subcmds+=(''${line/[[:space:]]*\#/:}) + fi + done < <(just --list) - _describe 'command' subcmds - ''; - in + _describe 'command' subcmds + ''; + in pkgs.stdenv.mkDerivation { name = "just-completions"; version = "0.1.0"; @@ -35,7 +37,8 @@ chmod --recursive a-w $out ''; }; -in { +in +{ programs.zsh = { enable = true; @@ -46,56 +49,59 @@ in { # will be called again by oh-my-zsh enableCompletion = false; enableAutosuggestions = true; - initExtra = let - inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")''; - in '' - if test ! -n "$TMPDIR" -a -z "$TMPDIR"; then - unset TMPDIR - fi + initExtra = + let + inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")''; + in + '' + if test ! -n "$TMPDIR" -a -z "$TMPDIR"; then + unset TMPDIR + fi - if test ! -n "$TMP" -a -z "$TMP"; then - unset TMP - fi + if test ! -n "$TMP" -a -z "$TMP"; then + unset TMP + fi - PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}✓%f.%F{red}✗ ($?%))%f %F{blue}%~%f${inNixShell}%F{magenta}$(git_prompt_info)%f$prompt_newline%_%F{%(!.red.green)}$(prompt_char)%f ' - RPROMPT="" + PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}✓%f.%F{red}✗ ($?%))%f %F{blue}%~%f${inNixShell}%F{magenta}$(git_prompt_info)%f$prompt_newline%_%F{%(!.red.green)}$(prompt_char)%f ' + RPROMPT="" - # Automatic rehash - zstyle ':completion:*' rehash true + # Automatic rehash + zstyle ':completion:*' rehash true - if [ -f $HOME/.shrc.d/sh_aliases ]; then - . $HOME/.shrc.d/sh_aliases - fi + if [ -f $HOME/.shrc.d/sh_aliases ]; then + . $HOME/.shrc.d/sh_aliases + fi - ${ - if builtins.hasAttr "homeshick" pkgs - then '' - source ${pkgs.homeshick}/homeshick.sh - fpath=(${pkgs.homeshick}/completions $fpath) - '' - else "" - } + ${ + if builtins.hasAttr "homeshick" pkgs then + '' + source ${pkgs.homeshick}/homeshick.sh + fpath=(${pkgs.homeshick}/completions $fpath) + '' + else + "" + } - # Disable intercepting of ctrl-s and ctrl-q as flow control. - stty stop ''' -ixoff -ixon + # Disable intercepting of ctrl-s and ctrl-q as flow control. + stty stop ''' -ixoff -ixon - # don't cd into directories when executed - unsetopt AUTO_CD + # don't cd into directories when executed + unsetopt AUTO_CD - # print lines without termination - setopt PROMPT_CR - setopt PROMPT_SP - export PROMPT_EOL_MARK="" + # print lines without termination + setopt PROMPT_CR + setopt PROMPT_SP + export PROMPT_EOL_MARK="" - ${lib.optionalString config.services.gpg-agent.enable '' - export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh" - ''} + ${lib.optionalString config.services.gpg-agent.enable '' + export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh" + ''} - ${lib.optionalString config.programs.neovim.enable '' - export EDITOR="nvim" - ''} - ''; + ${lib.optionalString config.programs.neovim.enable '' + export EDITOR="nvim" + ''} + ''; plugins = [ { @@ -128,7 +134,10 @@ in { oh-my-zsh = { enable = true; theme = "tjkirch"; - plugins = ["git" "sudo"]; + plugins = [ + "git" + "sudo" + ]; }; }; } diff --git a/nix/modules/flake-parts/colmena.nix b/nix/modules/flake-parts/colmena.nix index ee885cf..136a5a1 100644 --- a/nix/modules/flake-parts/colmena.nix +++ b/nix/modules/flake-parts/colmena.nix @@ -1,7 +1,8 @@ -{lib, ...}: { +{ lib, ... }: +{ options.flake.colmena = lib.mkOption { # type = lib.types.attrsOf lib.types.unspecified; type = lib.types.raw; - default = {}; + default = { }; }; } diff --git a/nix/modules/flake-parts/perSystem/default.nix b/nix/modules/flake-parts/perSystem/default.nix index a752173..da1e42a 100644 --- a/nix/modules/flake-parts/perSystem/default.nix +++ b/nix/modules/flake-parts/perSystem/default.nix @@ -1,38 +1,37 @@ +{ pkgs, ... }: { - inputs', - system, - config, - lib, - pkgs, - ... -}: { packages = { - myPython = pkgs.python310.withPackages (ps: + myPython = pkgs.python310.withPackages ( + ps: with ps; - [ - pep8 - yapf - flake8 - # autopep8 (broken) - # pylint (broken) - ipython - llfuse - dugong - defusedxml - wheel - pip - virtualenv - cffi - # pyopenssl - urllib3 - # mistune (insecure) - sympy + [ + pep8 + yapf + flake8 + # autopep8 (broken) + # pylint (broken) + ipython + llfuse + dugong + defusedxml + wheel + pip + virtualenv + cffi + # pyopenssl + urllib3 + # mistune (insecure) + sympy - flask + flask - pyaml - requests - ] - ++ [pkgs.pypi2nix pkgs.libffi]); + pyaml + requests + ] + ++ [ + pkgs.pypi2nix + pkgs.libffi + ] + ); }; } diff --git a/nix/os/cachix.nix b/nix/os/cachix.nix index d888840..0d14a2f 100644 --- a/nix/os/cachix.nix +++ b/nix/os/cachix.nix @@ -1,14 +1,12 @@ # WARN: this file will get overwritten by $ cachix use -{ - pkgs, - lib, - ... -}: let +{ lib, ... }: +let folder = ./cachix; - toImport = name: value: folder + ("/" + name); + toImport = name: _value: folder + ("/" + name); filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key; imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder)); -in { +in +{ inherit imports; - nix.settings.substituters = ["https://cache.nixos.org/"]; + nix.settings.substituters = [ "https://cache.nixos.org/" ]; } diff --git a/nix/os/cachix/nixpkgs-wayland.nix b/nix/os/cachix/nixpkgs-wayland.nix index 499e6e0..1c0cca7 100644 --- a/nix/os/cachix/nixpkgs-wayland.nix +++ b/nix/os/cachix/nixpkgs-wayland.nix @@ -1,8 +1,6 @@ { nix = { - settings.substituters = [ - "https://nixpkgs-wayland.cachix.org" - ]; + settings.substituters = [ "https://nixpkgs-wayland.cachix.org" ]; settings.trusted-public-keys = [ "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA=" ]; diff --git a/nix/os/containers/backup.nix b/nix/os/containers/backup.nix index 864aa20..2c2c171 100644 --- a/nix/os/containers/backup.nix +++ b/nix/os/containers/backup.nix @@ -5,88 +5,107 @@ subvolumes, targetPathSuffix ? "", autoStart ? false, -}: let +}: +let passwords = import ../../variables/passwords.crypt.nix; subvolumeParentDir = "/var/lib/container-volumes"; -in { - config = {pkgs, ...}: { - system.stateVersion = "20.03"; # Did you read the comment? +in +{ + config = + { pkgs, ... }: + { + system.stateVersion = "20.03"; # Did you read the comment? - imports = [../profiles/containers/configuration.nix]; + imports = [ ../profiles/containers/configuration.nix ]; - environment.systemPackages = with pkgs; [btrfs-progs btrbk]; + environment.systemPackages = with pkgs; [ + btrfs-progs + btrbk + ]; - networking.firewall.enable = true; + networking.firewall.enable = true; - systemd.services."bkp-sync" = { - enable = true; - description = "bkp-sync service"; + systemd.services."bkp-sync" = { + enable = true; + description = "bkp-sync service"; - serviceConfig = {Type = "oneshot";}; + serviceConfig = { + Type = "oneshot"; + }; - after = ["bkp-run.service"]; + after = [ "bkp-run.service" ]; - requires = ["bkp-run.service"]; + requires = [ "bkp-run.service" ]; - path = with pkgs; [utillinux]; - script = '' - set -x - true - ''; - }; - - systemd.services."bkp-run" = { - enable = true; - description = "bkp-run"; - - serviceConfig = {Type = "oneshot";}; - - partOf = ["bkp-sync.service"]; - - path = with pkgs; [btrfs-progs btrbk coreutils]; - - script = let - btrbkConf = pkgs.writeText "cfg" '' - timestamp_format long - ssh_identity ${passwords.storage.backupTarget.keyPath} - ssh_user ${passwords.storage.backupTarget.user} - ssh_compression no - backend_remote btrfs-progs-sudo - compat_remote busybox - btrfs_commit_delete each - snapshot_create onchange - snapshot_preserve_min latest - snapshot_preserve 7d 4w - target_preserve_min latest - target_preserve 7d 4w 12m *y - - volume ${subvolumeParentDir} - target ${passwords.storage.backupTarget.target}/container-volumes/${targetPathSuffix} - ${builtins.foldl' (sum: elem: sum + " subvolume " + elem + "\n") "" - subvolumes} + path = with pkgs; [ utillinux ]; + script = '' + set -x + true ''; - in '' - #! ${pkgs.bash}/bin/bash - set -Eeuxo pipefail + }; - btrbk -c ${btrbkConf} --progress ''${@:-run} - ''; - }; + systemd.services."bkp-run" = { + enable = true; + description = "bkp-run"; - systemd.timers."bkp" = { - description = "Timer to trigger bkp periodically"; - enable = true; - wantedBy = ["timer.target" "multi-user.target"]; - timerConfig = { - # Obtained using `systemd-analyze calendar "Wed 23:00"` - # OnCalendar = "Wed *-*-* 23:00:00"; - OnStartupSec = "1m"; - Unit = "bkp-sync.service"; - OnUnitInactiveSec = "2h"; - Persistent = "true"; + serviceConfig = { + Type = "oneshot"; + }; + + partOf = [ "bkp-sync.service" ]; + + path = with pkgs; [ + btrfs-progs + btrbk + coreutils + ]; + + script = + let + btrbkConf = pkgs.writeText "cfg" '' + timestamp_format long + ssh_identity ${passwords.storage.backupTarget.keyPath} + ssh_user ${passwords.storage.backupTarget.user} + ssh_compression no + backend_remote btrfs-progs-sudo + compat_remote busybox + btrfs_commit_delete each + snapshot_create onchange + snapshot_preserve_min latest + snapshot_preserve 7d 4w + target_preserve_min latest + target_preserve 7d 4w 12m *y + + volume ${subvolumeParentDir} + target ${passwords.storage.backupTarget.target}/container-volumes/${targetPathSuffix} + ${builtins.foldl' (sum: elem: sum + " subvolume " + elem + "\n") "" subvolumes} + ''; + in + '' + #! ${pkgs.bash}/bin/bash + set -Eeuxo pipefail + + btrbk -c ${btrbkConf} --progress ''${@:-run} + ''; + }; + + systemd.timers."bkp" = { + description = "Timer to trigger bkp periodically"; + enable = true; + wantedBy = [ + "timer.target" + "multi-user.target" + ]; + timerConfig = { + # Obtained using `systemd-analyze calendar "Wed 23:00"` + # OnCalendar = "Wed *-*-* 23:00:00"; + OnStartupSec = "1m"; + Unit = "bkp-sync.service"; + OnUnitInactiveSec = "2h"; + Persistent = "true"; + }; }; }; - }; inherit autoStart; @@ -114,10 +133,10 @@ in { } ]; - extraFlags = ["--resolv-conf=bind-host"]; + extraFlags = [ "--resolv-conf=bind-host" ]; privateNetwork = true; - forwardPorts = []; + forwardPorts = [ ]; inherit hostAddress localAddress; } diff --git a/nix/os/containers/mailserver.nix b/nix/os/containers/mailserver.nix index c821bf4..0be078c 100644 --- a/nix/os/containers/mailserver.nix +++ b/nix/os/containers/mailserver.nix @@ -6,198 +6,206 @@ imapsPort ? 993, sievePort ? 4190, autoStart ? false, -}: { +}: +{ inherit specialArgs; - config = { - pkgs, - config, - lib, - repoFlake, - ... - }: { - system.stateVersion = "22.05"; # Did you read the comment? + config = + { + pkgs, + config, + repoFlake, + ... + }: + { + system.stateVersion = "22.05"; # Did you read the comment? - imports = [ - ../profiles/containers/configuration.nix + imports = [ + ../profiles/containers/configuration.nix - repoFlake.inputs.sops-nix.nixosModules.sops - ../profiles/common/user.nix - ]; + repoFlake.inputs.sops-nix.nixosModules.sops + ../profiles/common/user.nix + ]; - networking.firewall.allowedTCPPorts = [ - imapsPort - sievePort - ]; + networking.firewall.allowedTCPPorts = [ + imapsPort + sievePort + ]; - # FIXME: find out how to use the `defaultSopsFile` so i don't have to specify each secret separately - # sops.defaultSopsFile = ./mailserver_secrets.yaml; + # FIXME: find out how to use the `defaultSopsFile` so i don't have to specify each secret separately + # sops.defaultSopsFile = ./mailserver_secrets.yaml; - sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; - sops.secrets.email_mailStefanjunkerDe = { - sopsFile = ./mailserver_secrets.yaml; - owner = config.users.users.steveej.name; - }; - sops.secrets.email_mailStefanjunkerDeHetzner = { - sopsFile = ./mailserver_secrets.yaml; - owner = config.users.users.steveej.name; - }; - sops.secrets.email_schtifATwebDe = { - sopsFile = ./mailserver_secrets.yaml; - owner = config.users.users.steveej.name; - }; - sops.secrets.email_dovecot_steveej = { - sopsFile = ./mailserver_secrets.yaml; - owner = config.users.users.dovecot2.name; - }; + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + sops.secrets.email_mailStefanjunkerDe = { + sopsFile = ./mailserver_secrets.yaml; + owner = config.users.users.steveej.name; + }; + sops.secrets.email_mailStefanjunkerDeHetzner = { + sopsFile = ./mailserver_secrets.yaml; + owner = config.users.users.steveej.name; + }; + sops.secrets.email_schtifATwebDe = { + sopsFile = ./mailserver_secrets.yaml; + owner = config.users.users.steveej.name; + }; + sops.secrets.email_dovecot_steveej = { + sopsFile = ./mailserver_secrets.yaml; + owner = config.users.users.dovecot2.name; + }; - # TODO: switch to something other than ddclient as it's no longer maintained + # TODO: switch to something other than ddclient as it's no longer maintained - # TODO: switch to a let's encrypt certificate - sops.secrets.dovecotSslServerCert = { - sopsFile = ./mailserver_secrets.yaml; - owner = config.users.users.dovecot2.name; - }; - sops.secrets.dovecotSslServerKey = { - sopsFile = ./mailserver_secrets.yaml; - owner = config.users.users.dovecot2.name; - }; - services.dovecot2 = { - enable = true; + # TODO: switch to a let's encrypt certificate + sops.secrets.dovecotSslServerCert = { + sopsFile = ./mailserver_secrets.yaml; + owner = config.users.users.dovecot2.name; + }; + sops.secrets.dovecotSslServerKey = { + sopsFile = ./mailserver_secrets.yaml; + owner = config.users.users.dovecot2.name; + }; + services.dovecot2 = { + enable = true; - modules = [pkgs.dovecot_pigeonhole]; - protocols = ["sieve"]; + modules = [ pkgs.dovecot_pigeonhole ]; + protocols = [ "sieve" ]; - enableImap = true; - enableLmtp = true; - enablePAM = true; - showPAMFailure = true; - mailLocation = "maildir:~/.maildir"; - sslServerCert = config.sops.secrets.dovecotSslServerCert.path; - sslServerKey = config.sops.secrets.dovecotSslServerKey.path; + enableImap = true; + enableLmtp = true; + enablePAM = true; + showPAMFailure = true; + mailLocation = "maildir:~/.maildir"; + sslServerCert = config.sops.secrets.dovecotSslServerCert.path; + sslServerKey = config.sops.secrets.dovecotSslServerKey.path; - #configFile = "/etc/dovecot/dovecot2_manual.conf"; - extraConfig = '' - auth_mechanisms = cram-md5 digest-md5 - auth_verbose = yes + #configFile = "/etc/dovecot/dovecot2_manual.conf"; + extraConfig = '' + auth_mechanisms = cram-md5 digest-md5 + auth_verbose = yes - passdb { - driver = passwd-file - args = scheme=CRYPT username_format=%u /etc/dovecot/users - } + passdb { + driver = passwd-file + args = scheme=CRYPT username_format=%u /etc/dovecot/users + } - protocol lda { - postmaster_address = "mail@stefanjunker.de" - mail_plugins = $mail_plugins sieve - } + protocol lda { + postmaster_address = "mail@stefanjunker.de" + mail_plugins = $mail_plugins sieve + } - protocol imap { - mail_max_userip_connections = 64 - } - ''; - }; - - environment.etc."dovecot/users".source = config.sops.secrets.email_dovecot_steveej.path; - - systemd.services.steveej-getmail-stefanjunker = { - enable = true; - wantedBy = ["multi-user.target"]; - serviceConfig.User = "steveej"; - serviceConfig.Group = "dovecot2"; - serviceConfig.RestartSec = 600; - serviceConfig.Restart = "always"; - description = "Getmail service"; - path = [pkgs.getmail6]; - script = let - rc = pkgs.writeText "mailATstefanjunker.de.getmail.rc" '' - [options] - verbose = 1 - read_all = 0 - delete_after = 30 - - [retriever] - type = SimpleIMAPSSLRetriever - server = ssl0.ovh.net - port = 993 - username = mail@stefanjunker.de - password_command = ("${pkgs.coreutils}/bin/cat", "${config.sops.secrets.email_mailStefanjunkerDe.path}") - mailboxes = ('INBOX',) - - [destination] - type = MDA_external - path = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda + protocol imap { + mail_max_userip_connections = 64 + } ''; - in '' - getmail --idle=INBOX --rcfile=${rc} - ''; + }; + + environment.etc."dovecot/users".source = config.sops.secrets.email_dovecot_steveej.path; + + systemd.services.steveej-getmail-stefanjunker = { + enable = true; + wantedBy = [ "multi-user.target" ]; + serviceConfig.User = "steveej"; + serviceConfig.Group = "dovecot2"; + serviceConfig.RestartSec = 600; + serviceConfig.Restart = "always"; + description = "Getmail service"; + path = [ pkgs.getmail6 ]; + script = + let + rc = pkgs.writeText "mailATstefanjunker.de.getmail.rc" '' + [options] + verbose = 1 + read_all = 0 + delete_after = 30 + + [retriever] + type = SimpleIMAPSSLRetriever + server = ssl0.ovh.net + port = 993 + username = mail@stefanjunker.de + password_command = ("${pkgs.coreutils}/bin/cat", "${config.sops.secrets.email_mailStefanjunkerDe.path}") + mailboxes = ('INBOX',) + + [destination] + type = MDA_external + path = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda + ''; + in + '' + getmail --idle=INBOX --rcfile=${rc} + ''; + }; + + systemd.services.steveej-getmail-stefanjunker-hetzner = { + enable = true; + wantedBy = [ "multi-user.target" ]; + serviceConfig.User = "steveej"; + serviceConfig.Group = "dovecot2"; + serviceConfig.RestartSec = 60; + serviceConfig.Restart = "always"; + description = "Getmail service"; + path = [ pkgs.getmail6 ]; + script = + let + rc = pkgs.writeText "mailATstefanjunker.de.getmail.rc" '' + [options] + verbose = 2 + read_all = 0 + delete_after = 30 + + [retriever] + type = SimpleIMAPSSLRetriever + server = mail.your-server.de + port = 993 + username = mail@stefanjunker.de + password_command = ("${pkgs.coreutils}/bin/cat", "${config.sops.secrets.email_mailStefanjunkerDeHetzner.path}") + mailboxes = ('INBOX',) + + [destination] + type = MDA_external + path = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda + ''; + in + '' + getmail --rcfile=${rc} --idle=INBOX + ''; + }; + + systemd.services.steveej-getmail-webde = { + enable = true; + wantedBy = [ "multi-user.target" ]; + serviceConfig.User = "steveej"; + serviceConfig.Group = "dovecot2"; + description = "Getmail service"; + path = [ pkgs.getmail6 ]; + serviceConfig.RestartSec = 1000; + serviceConfig.Restart = "always"; + script = + let + rc = pkgs.writeText "schtifATweb.de.getmail.rc" '' + [options] + verbose = 1 + read_all = 0 + delete_after = 30 + + [retriever] + type = SimpleIMAPSSLRetriever + server = imap.web.de + port = 993 + username = schtif + password_command = ("${pkgs.coreutils}/bin/cat", "${config.sops.secrets.email_schtifATwebDe.path}") + mailboxes = ('INBOX',) + + [destination] + type = Maildir + path = ~/.maildir/ + ''; + in + '' + getmail --rcfile=${rc} --idle=INBOX + ''; + }; }; - systemd.services.steveej-getmail-stefanjunker-hetzner = { - enable = true; - wantedBy = ["multi-user.target"]; - serviceConfig.User = "steveej"; - serviceConfig.Group = "dovecot2"; - serviceConfig.RestartSec = 60; - serviceConfig.Restart = "always"; - description = "Getmail service"; - path = [pkgs.getmail6]; - script = let - rc = pkgs.writeText "mailATstefanjunker.de.getmail.rc" '' - [options] - verbose = 2 - read_all = 0 - delete_after = 30 - - [retriever] - type = SimpleIMAPSSLRetriever - server = mail.your-server.de - port = 993 - username = mail@stefanjunker.de - password_command = ("${pkgs.coreutils}/bin/cat", "${config.sops.secrets.email_mailStefanjunkerDeHetzner.path}") - mailboxes = ('INBOX',) - - [destination] - type = MDA_external - path = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda - ''; - in '' - getmail --rcfile=${rc} --idle=INBOX - ''; - }; - - systemd.services.steveej-getmail-webde = { - enable = true; - wantedBy = ["multi-user.target"]; - serviceConfig.User = "steveej"; - serviceConfig.Group = "dovecot2"; - description = "Getmail service"; - path = [pkgs.getmail6]; - serviceConfig.RestartSec = 1000; - serviceConfig.Restart = "always"; - script = let - rc = pkgs.writeText "schtifATweb.de.getmail.rc" '' - [options] - verbose = 1 - read_all = 0 - delete_after = 30 - - [retriever] - type = SimpleIMAPSSLRetriever - server = imap.web.de - port = 993 - username = schtif - password_command = ("${pkgs.coreutils}/bin/cat", "${config.sops.secrets.email_schtifATwebDe.path}") - mailboxes = ('INBOX',) - - [destination] - type = Maildir - path = ~/.maildir/ - ''; - in '' - getmail --rcfile=${rc} --idle=INBOX - ''; - }; - }; - inherit autoStart; bindMounts = { diff --git a/nix/os/containers/mailserver_secrets.yaml b/nix/os/containers/mailserver_secrets.yaml index ffb595a..f519b36 100644 --- a/nix/os/containers/mailserver_secrets.yaml +++ b/nix/os/containers/mailserver_secrets.yaml @@ -7,37 +7,37 @@ dovecotSslServerCert: ENC[AES256_GCM,data:ylK0IIj2vdY0mXOqSgA5zYmFYGote/uMtDWy2r dovecotSslServerKey: ENC[AES256_GCM,data:KYpQZbioLGrp/6R6j/c4uJhBpoDT2aj7UffQQug8Otzr/0rk51tavsjg4YRQGIv+ZpFYpWAuHbhW4O8AsRgpi0AX3hKsZICEdNubfK5zfd+SInXveaVFbHHjOuzcqftraUrqx9APu+omk4LlpxpWTbj/bAcRnRBn0C093AeJNi1giaCZd4NxmmkYqwYzrjUc6LYHvICEnjA87ZVpeOKE/6B2Ng5QWDKhZNmjy7YDXAk4DS+P2grLmoGvnz6ubtaypSzaKXYTFz/uxEvtCCPlIaJHm3Nz0i0j1rjX3S/w3c26zuIFtwCmAQzGnHyQwbx7ILwCXfnyQnpM7+R5+fxcYvcK2GEJyTGzg/JFa++TI1YO+wpknjzxK3Sa8aX0pUbx/TEjnY3+tRnx7YNuih2ZNZrPHy8uJJtO9Aef84Sq5vLQG5n1/ya0pVhjCbs1pgpeK/qT3ikLbkcJg6NxAq3hqqQdR4TTkZBwKLVfzcMXLDZB0GphhVvtO0W7afRCE+nA/FPDT2NN6WLD15cN5F8w6USi0iQlwFb+TE8nt1ghhoGmwCMx+lX1Bk/jdIlYtJ62T8+T3nRVJ6ZRlUa1rkbAADaWZVvLR2/ylaEkeYFo/CC6lUg4DWPCVoGFxaWaU+ZaIDjbiYcqGQFBwq8JZ44hAOyJQpb7N1zgDVyPh/xr+ukmjutFuu97FY55VTn+8eipRiR4TZpPRH+KvB/FmlLNaim76YZCRH9Dv2ENbz9fXpWv7P+yh06+ci9HKvjNAzR6NRr368tK2srEEhWzFv+nAsRetzc2VcfwNMcg5/mvlWHVZSmONXC5adEo/W5XgJgUnH/fkz5IRPY/1iteq8PTCPUkubzF+qT2+suzEDnvgXlaKsqHkrk+n8YySl+GRABnasmnBYdb8vboDM41ptw3PXDoL+l07o6KxTwPOWWl9BVNMT8VzL7gAl+dlxjkEUSqn53OrsYDluxefBa3c0rfvk8CCvOMjgLkagK9O+VavqJEo00zd3f0ZzMcIoRebuDzYILw3DTrG/qyLXGsRoybBr+qcuSVBzM5RnjcToFJO4W/0EIdH1drZmqHdNgSNwPPRSNCivrhV25syUCrTee/xkDVUr47z67pK/5Mh0ewlwq0hcl/dBoA0YP/PptntK0CHfistD8chNtdMk3PyzqSiFaDPQ3T4wdc3zTNUjXeQ5643k5weJXFPg4tUuCCa8HxUJHd5sLnNY0OaRBwh2SLkQlcXYFQDzVHSoVscR3tf+57L7aF2hVQT2QtJKdZQjOyMg5YK0UlVc3tkyPZzyjOVaP7eTCRKwXI1NminHmmy1ZzZ+w+8+oX8cfvE9HdbqDoDp0MnkicS0+5S0lZwkRWrjUx/gS4aMWLbCHUQHY8wm+fmyDLJ/oI4ukdUI5YLOutlCsIY+aotnVMoORgdd/EPeZVYJmci/pvMjPF9Eard0aD4rLA7z/HwGgc3VEGmNluE+20BXO3bFIqwa9tzMqzOJB0qglP35MjVGiUe6Svq13DAmSOnzN+WqcVbTMJG8J1bwKqvmaN8AEpO0zU94ZhHspUtGyQQ0D6sMsw9jqJ1WyLE7aXeFR6OHrpw3DC2mCpr/qX8QFsveeyB83Za2+CuVVi2sqGAKYzkwlUPkeuaxfBak0apwJsF2trT1uMvPOuIda8k4XhtYLxah2BDJZIoMqUVz2xcN4OuW8bdSX/lepsyZZO34VEQDLBa2dxCCHJmCKf6io/0YlswNKGDQh+DI935KTdqBnHSJ9IjvADQuu+K37aS0L9V0ZLXiM5SBQtbB7kQpHjvivq97ru7QpFqJf8HCl1vDs4gJ/NV+J0+CX6dQTQOtHvwxD2CPGiiSv40ycoJAcwiqTh5T+hRPtca6bSes/jGN5iQjfLCRbwvL/ItLLAK3F2cEIdKZnfhJkdEAIwWFLvR4R5I7ZcCK5GgKz5dPROup8BAONA8XxcJWXaXV0YkfEmCDbZYMFC7pcx4NAnGp881RyAaG/HlstBHHVagpP2fwZ8K0J/2KPillOq/Die+vNc2++hx4EuftvNkZhSd+7zIYNKHQd0M4Ea74flgmmW5lG73bE1BkhVd2DsgEDihH19/vJjFH4PxKINKp0ij4jMyq9w+WsGiUqSDaQz/MZJ8wjzaSjvmSj4qlOAitr/s3f041e77rMb0W2ieCtYEy7IsebIqIWgKn/crm5FhyUtBCPEqFZgAKS313bXUio8LktqXCrZjZ0ZG8DmQG6hnK4PstKlIUQoNuFnb8Bp1zDgY4i2hb6Zmu7NnqnOaJJTjSGwaZOav0oMousn67BuFtwoMaGp+OjCopZ3HPfg19usnjvWpOgccXWYlQc0HOlGXUq+otKlXtQwAjUvz50GmV+lY3t4rpCgqk+pj9iH62xuzDQ01FOXl+v3Ehnw97mNJk9YarueG0Hl/1f6dhwXnjeEv35LLyWUjQolOoYgycEkgQ/cCCOSm7zgK1VT0oTLFISai8IG0qDP9HCszteHZhp+y4bsXQfAJTY11QLr7hx9/nQmVlHksDN5Wsno4wbkT+D2xb5EaDU2RBqZfTVcbRBWRtAhQcRPxdaUXyI7oKEaFg8fvQZ8wK/Ae+L18ub+Latb5W69dUVT6I13tPleXDl1oen9BXzaX7sygSpY4lJoXlu+SCKyNTMrC36PrB39QUWosw03ZsiKT5xjgN5+1m32yv4cg8lAwNCR4xxShrnhSbZ328yifaAuTnSawZmUGBVxPx4glVcvNUOXW2UvVtmeKU0SG1E+UGBAq7/UfaadMM7BsjyaaKpBa/tXZTm0rn8UiFqujvgNjQ3F/3ybRdlO5d6eMI9Na+1gqg6qxYSGR0H0wAdPhtyGRxpumehAQGeMKd49Sg6jspaf3NAjjuZ0Yp+eJV9652WqVZ7xtCNqRURV353h+XPGR+ZZ9siHRDQ+NcbxPkfbHw0/RTvZvEIdaDi5+DLh6tgIxMEtOpwTlfFrOUDaIcmWvzk92VtBFuafvoGzTipryTnMszjCsUTvyEPN8jPd6r8UmOFGXF2aVNksmn/bI97i4s1kYLgY8XsEOyx+Q9pUTkTEMn2JWgnEcSOAtaX1ZskHnfueKzUPb+/YWb+z8SNCgnUqHqa42qBqwlhdshzYhhfKhEisUptirzzp1kcbyHrug5PzHxh8Qri2pjHxSHYQ5sjig6K6B1YEuHP6uo19fL6BdgGlhKroiOF/6TMAcE9V3+yqvDdsW/IC0QXLHIBKC7wlDgLc25ltGogD/76P6tViDAb6+HNSSXJO056Ovq0z2BrXhnq1AmWa99mVnOLJwafRWPZC,iv:XxnAsh6yx9gICi3N6oTttpGXvguGZImWNIMp9srDJLM=,tag:M9gFSD5PNIfoCLet6Vy6QA==,type:str] hetznerDnsApiToken: ENC[AES256_GCM,data:JfL4Xg9TZu4Og35g0SwfrI1uxiqgdFa7p5AQcfiPwLY=,iv:yOak3uXX7CNglu8O2UW/1sOI7BGZxpRQAFJCvRbzU0Y=,tag:6orkQIy7BxACziLWpYoS5Q==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWaE9nNytUbXhWeWZYWndn - R3pMV3N1NjJPK2gzUDl2YitxWEU4NUFPRUJ3Cm1tMGhGcU56bSs5SUIzRmhqVHN2 - dXIzYlkvS1JnWnladGdXTnRKMXNOWncKLS0tIGhyRFhFV1VRVXVYN1pJWjNFd1Rj - bENCWmVNUEJyZFBpRmYwbWVndFJGcUEKzvkGz3WycSrU4qPcBhs4cSCn/9TQ62sl - T6TuDra97qJJ1Pg9VZGHT/OoSleLA4s0qpNlAxnAnNaO0conTsREZQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-17T12:01:21Z" - mac: ENC[AES256_GCM,data:003nzaNWdXLscJy9XZcwAb93M9Eo3Bdg9s5MHHiv4/TitaaZE7VghWHKv5DrcoA0GGdN9SnIVqHd+o6OPVER91XLVxoiX7ixtlu1RIRfqdama3RRPtSki5wP5wPz6qF4vRBIKfrTpZK7thXLYs2NhCB9HJYljNhcgLtzEG5bWgY=,iv:tEP530Pij3bt3hc5PCYGjFFyPiKgo34dHm23Xtmrxt8=,tag:macr/U8R5+wktTBJ9OqI/w==,type:str] - pgp: - - created_at: "2023-07-02T20:30:30Z" - enc: |- - -----BEGIN PGP MESSAGE----- + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWaE9nNytUbXhWeWZYWndn + R3pMV3N1NjJPK2gzUDl2YitxWEU4NUFPRUJ3Cm1tMGhGcU56bSs5SUIzRmhqVHN2 + dXIzYlkvS1JnWnladGdXTnRKMXNOWncKLS0tIGhyRFhFV1VRVXVYN1pJWjNFd1Rj + bENCWmVNUEJyZFBpRmYwbWVndFJGcUEKzvkGz3WycSrU4qPcBhs4cSCn/9TQ62sl + T6TuDra97qJJ1Pg9VZGHT/OoSleLA4s0qpNlAxnAnNaO0conTsREZQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-07-17T12:01:21Z" + mac: ENC[AES256_GCM,data:003nzaNWdXLscJy9XZcwAb93M9Eo3Bdg9s5MHHiv4/TitaaZE7VghWHKv5DrcoA0GGdN9SnIVqHd+o6OPVER91XLVxoiX7ixtlu1RIRfqdama3RRPtSki5wP5wPz6qF4vRBIKfrTpZK7thXLYs2NhCB9HJYljNhcgLtzEG5bWgY=,iv:tEP530Pij3bt3hc5PCYGjFFyPiKgo34dHm23Xtmrxt8=,tag:macr/U8R5+wktTBJ9OqI/w==,type:str] + pgp: + - created_at: "2023-07-02T20:30:30Z" + enc: |- + -----BEGIN PGP MESSAGE----- - wcBMA0SHG/zF3227AQgAli6PQTNwh9N5Oo1LJvHysQNdxdZAq4QbfcwcIfpJIDds - 0TQs28EeSttv47P2ga4Nb1O5dVUnlvwbP+uV9RbioYF4LfZ2/uNlS1lSGwsLbPcf - SsY+U2WvpJgyo3EWQRusR/OXLFg0EdqDPDseH1w1u8tGALDrewre5oBjrMa0GRbb - 5F8lK/FVxSJxz70UkHgE7c6pSqPpznlgVduUwoOWnlhTw4aet7lLik+/C9K7LBDc - Q04sW1W2yqYr2882xPAUwfBhgfZQ1Uld5aDwqwPH+1Ttx26e7JrGSFaIX8GTVVpc - RJqN6uman5at3lOaEKXS1qf7T9ZI003CvdFwHS1G89JRAemdeK4bur5wS3VXBhDx - 44fHgmDcOohHilTahwmyXCT70KjjHbd9665vAhsl0N9aOrOBdOgq0HmLjNzAQkz5 - uGcEfsNiUXPngkNrh/Nvhh9w - =yHDZ - -----END PGP MESSAGE----- - fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B - unencrypted_suffix: _unencrypted - version: 3.7.3 + wcBMA0SHG/zF3227AQgAli6PQTNwh9N5Oo1LJvHysQNdxdZAq4QbfcwcIfpJIDds + 0TQs28EeSttv47P2ga4Nb1O5dVUnlvwbP+uV9RbioYF4LfZ2/uNlS1lSGwsLbPcf + SsY+U2WvpJgyo3EWQRusR/OXLFg0EdqDPDseH1w1u8tGALDrewre5oBjrMa0GRbb + 5F8lK/FVxSJxz70UkHgE7c6pSqPpznlgVduUwoOWnlhTw4aet7lLik+/C9K7LBDc + Q04sW1W2yqYr2882xPAUwfBhgfZQ1Uld5aDwqwPH+1Ttx26e7JrGSFaIX8GTVVpc + RJqN6uman5at3lOaEKXS1qf7T9ZI003CvdFwHS1G89JRAemdeK4bur5wS3VXBhDx + 44fHgmDcOohHilTahwmyXCT70KjjHbd9665vAhsl0N9aOrOBdOgq0HmLjNzAQkz5 + uGcEfsNiUXPngkNrh/Nvhh9w + =yHDZ + -----END PGP MESSAGE----- + fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/nix/os/containers/mycelium/flake.nix b/nix/os/containers/mycelium/flake.nix index fa8340a..1527acf 100644 --- a/nix/os/containers/mycelium/flake.nix +++ b/nix/os/containers/mycelium/flake.nix @@ -11,350 +11,361 @@ inputs.nixpkgs.follows = "nixpkgs"; }; }; - outputs = { - self, - nixpkgs, - nixos-generators, - ... - }: let - systems = [ - "aarch64-linux" - "x86_64-linux" - ]; - forAllSystems = nixpkgs.lib.genAttrs systems; - in { - nixosConfigurations.default = - nixpkgs.lib.nixosSystem - { + outputs = + { self, nixpkgs, ... }: + let + systems = [ + "aarch64-linux" + "x86_64-linux" + ]; + forAllSystems = nixpkgs.lib.genAttrs systems; + in + { + nixosConfigurations.default = nixpkgs.lib.nixosSystem { system = "aarch64-linux"; - specialArgs = {}; + specialArgs = { }; modules = [ - ({ - config, - modulesPath, - pkgs, - lib, - ... - }: { - nixpkgs.overlays = [ - (final: previous: { - # inherit (self.inputs.nixpkgs-systemd256.legacyPackages.${pkgs.system}) systemd systemdMinimal; - # systemd = - # self.inputs.nixpkgs-systemd256.legacyPackages.${pkgs.system}.systemd.overrideAttrs (prevAttrs: { - # src = /home/steveej/src/others/systemd; + ( + { + config, + modulesPath, + pkgs, + lib, + ... + }: + { + nixpkgs.overlays = [ + (_final: _previous: { + # inherit (self.inputs.nixpkgs-systemd256.legacyPackages.${pkgs.system}) systemd systemdMinimal; + # systemd = + # self.inputs.nixpkgs-systemd256.legacyPackages.${pkgs.system}.systemd.overrideAttrs (prevAttrs: { + # src = /home/steveej/src/others/systemd; - # withAppArmor = false; - # withRepart = false; - # withHomed = false; - # withAcl = false; - # withEfi = false; - # withBootloader = false; - # withCryptsetup = false; - # withLibBPF = false; - # withOomd = false; - # withFido2 = false; - # withApparmor = false; - # withDocumentation = false; - # withUtmp = false; - # withQrencode = false; - # withVmspawn = false; - # withMachined = false; - # withLogTrace = true; - # withArchive = false; - # # don't need these but cause errors for exampel files not found - # # withLogind = false; - # }) - # pkgs.systemdMinimal.override { - # # getting errors with these disabled - # withCoredump = true; - # withCompression = true; - # withLogind = true; - # withSysusers = true; - # withUserDb = true; - # } - # pkgs.systemdMinimal - # pkgs.systemd.override { - # withRepart = false; - # withHomed = false; - # withAcl = false; - # withEfi = false; - # withBootloader = false; - # withCryptsetup = false; - # withLibBPF = false; - # withOomd = false; - # withFido2 = false; - # withApparmor = false; - # withDocumentation = false; - # withUtmp = false; - # withQrencode = false; - # withVmspawn = false; - # withMachined = false; - # withLogTrace = true; - # # don't need these but cause errors for exampel files not found - # # withLogind = false; - # } - # ; - }) - ]; + # withAppArmor = false; + # withRepart = false; + # withHomed = false; + # withAcl = false; + # withEfi = false; + # withBootloader = false; + # withCryptsetup = false; + # withLibBPF = false; + # withOomd = false; + # withFido2 = false; + # withApparmor = false; + # withDocumentation = false; + # withUtmp = false; + # withQrencode = false; + # withVmspawn = false; + # withMachined = false; + # withLogTrace = true; + # withArchive = false; + # # don't need these but cause errors for exampel files not found + # # withLogind = false; + # }) + # pkgs.systemdMinimal.override { + # # getting errors with these disabled + # withCoredump = true; + # withCompression = true; + # withLogind = true; + # withSysusers = true; + # withUserDb = true; + # } + # pkgs.systemdMinimal + # pkgs.systemd.override { + # withRepart = false; + # withHomed = false; + # withAcl = false; + # withEfi = false; + # withBootloader = false; + # withCryptsetup = false; + # withLibBPF = false; + # withOomd = false; + # withFido2 = false; + # withApparmor = false; + # withDocumentation = false; + # withUtmp = false; + # withQrencode = false; + # withVmspawn = false; + # withMachined = false; + # withLogTrace = true; + # # don't need these but cause errors for exampel files not found + # # withLogind = false; + # } + # ; + }) + ]; - imports = [ - (modulesPath + "/profiles/minimal.nix") - ]; - system.stateVersion = "24.11"; + imports = [ (modulesPath + "/profiles/minimal.nix") ]; + system.stateVersion = "24.11"; - # https://github.com/hercules-ci/arion/blob/c24c185e67f093298a081900b49ca18716077dec/src/nix/modules/nixos/container-systemd.nix - boot.isContainer = true; - # boot.tmp.useTmpfs = true; - boot.loader.grub.enable = lib.mkForce false; - boot.loader.systemd-boot.enable = lib.mkForce false; - services.journald.console = "/dev/console"; - services.journald.storage = "none"; - # boot.specialFileSystems = lib.mkForce {}; + # https://github.com/hercules-ci/arion/blob/c24c185e67f093298a081900b49ca18716077dec/src/nix/modules/nixos/container-systemd.nix + boot.isContainer = true; + # boot.tmp.useTmpfs = true; + boot.loader.grub.enable = lib.mkForce false; + boot.loader.systemd-boot.enable = lib.mkForce false; + services.journald.console = "/dev/console"; + services.journald.storage = "none"; + # boot.specialFileSystems = lib.mkForce {}; - services.nscd.enable = false; - system.nssModules = lib.mkForce []; - systemd.services.systemd-logind.enable = false; - systemd.services.console-getty.enable = false; + services.nscd.enable = false; + system.nssModules = lib.mkForce [ ]; + systemd.services.systemd-logind.enable = false; + systemd.services.console-getty.enable = false; - systemd.sockets.nix-daemon.enable = false; - systemd.services.nix-daemon.enable = false; - systemd.oomd.enable = false; - networking.useDHCP = false; - networking.firewall.enable = false; + systemd.sockets.nix-daemon.enable = false; + systemd.services.nix-daemon.enable = false; + systemd.oomd.enable = false; + networking.useDHCP = false; + networking.firewall.enable = false; - # system.build.earlyMountScript = - # lib.mkForce '' - # ''; - # system.activationScripts.specialfs = - # lib.mkForce '' - # ''; - boot.postBootCommands = '' - ls -lha /run - mkdir -p /run/wrappers - ''; + # system.build.earlyMountScript = + # lib.mkForce '' + # ''; + # system.activationScripts.specialfs = + # lib.mkForce '' + # ''; + boot.postBootCommands = '' + ls -lha /run + mkdir -p /run/wrappers + ''; - boot.kernelParams = [ - "systemd.log_level=debug" - ]; + boot.kernelParams = [ "systemd.log_level=debug" ]; - # services.udev.enable = false; + # services.udev.enable = false; - # TODO: this is only needed because `/run/current-system` is missing - # environment.variables.PATH = "${lib.makeBinPath config.environment.systemPackages}:$PATH"; + # TODO: this is only needed because `/run/current-system` is missing + # environment.variables.PATH = "${lib.makeBinPath config.environment.systemPackages}:$PATH"; - systemd.mounts = lib.mkForce []; - fileSystems = lib.mkForce {}; + systemd.mounts = lib.mkForce [ ]; + fileSystems = lib.mkForce { }; - services.mycelium.enable = false; - services.mycelium.keyFile = "/var/lib/secrets/mycelium-keyfile"; - systemd.services.mycelium.serviceConfig.DynamicUser = lib.mkForce false; - systemd.services.mycelium.serviceConfig.User = lib.mkForce "root"; - systemd.services.mycelium.serviceConfig.ExecStart = lib.mkForce (pkgs.writeShellScript "mycelium" '' - while true; do - ls -lha $CREDENTIALS_DIRECTORY - sleep 5 - done - ''); - - systemd.services.testing-credentials = { - wantedBy = ["multi-user.target"]; - path = [pkgs.coreutils]; - - serviceConfig = { - # SyslogIdentifier = "testing-credentials"; - # StateDirectory = "testing-credentials"; - # DynamicUser = true; - # User = "tc"; - # ProtectHome = true; - # ProtectSystem = true; - # LoadCredential = [ - # "mycelium-keyfile:${self.nixosConfigurations.default.config.services.mycelium.keyFile}" - # "hosts:/etc/hosts" - # ]; - SetCredential = "mycelium-keyfile:not secret string"; - ExecStart = lib.mkForce (pkgs.writeShellScript "mycelium" '' - cd $STATE_DIRECTORY - pwd - env + services.mycelium.enable = false; + services.mycelium.keyFile = "/var/lib/secrets/mycelium-keyfile"; + systemd.services.mycelium.serviceConfig.DynamicUser = lib.mkForce false; + systemd.services.mycelium.serviceConfig.User = lib.mkForce "root"; + systemd.services.mycelium.serviceConfig.ExecStart = lib.mkForce ( + pkgs.writeShellScript "mycelium" '' while true; do ls -lha $CREDENTIALS_DIRECTORY sleep 5 done - ''); - }; - }; + '' + ); - services.caddy = { - enable = true; - globalConfig = '' - auto_https off - ''; - virtualHosts.":80" = { - extraConfig = '' - respond "hello from ${config.networking.hostName}" + systemd.services.testing-credentials = { + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.coreutils ]; + + serviceConfig = { + # SyslogIdentifier = "testing-credentials"; + # StateDirectory = "testing-credentials"; + # DynamicUser = true; + # User = "tc"; + # ProtectHome = true; + # ProtectSystem = true; + # LoadCredential = [ + # "mycelium-keyfile:${self.nixosConfigurations.default.config.services.mycelium.keyFile}" + # "hosts:/etc/hosts" + # ]; + SetCredential = "mycelium-keyfile:not secret string"; + ExecStart = lib.mkForce ( + pkgs.writeShellScript "mycelium" '' + cd $STATE_DIRECTORY + pwd + env + while true; do + ls -lha $CREDENTIALS_DIRECTORY + sleep 5 + done + '' + ); + }; + }; + + services.caddy = { + enable = true; + globalConfig = '' + auto_https off ''; + virtualHosts.":80" = { + extraConfig = '' + respond "hello from ${config.networking.hostName}" + ''; + }; }; - }; - }) - ]; - }; - packages = forAllSystems (system: let - name = "mycelium"; - inherit (self.inputs) nix-snapshotter; - - config = { - entrypoint = "${self.nixosConfigurations.default.config.system.build.toplevel}/init"; - # port = 2379; - args = [ - ]; - # nodePort = 30001; - }; - - myceliumPorts = { - tcp = [9651]; - udp = [9650 9651]; - }; - - inherit - (config) - entrypoint - # port - - args - # nodePort - - ; - - pkgs = import nixpkgs { - overlays = [nix-snapshotter.overlays.default]; - }; - - image = pkgs.nix-snapshotter.buildImage { - inherit name; - resolvedByNix = true; - config = { - entrypoint = [entrypoint]; - env = [ - # this is read by the `/init` script and prevents various incompatible commands like mount, etc. - # the value of this doesn't seem to matter as long as it's not an empty string. - "container=nerd" - "SYSTEMD_LOG_LEVEL=debug" - ]; - volumes = { - # "/var/lib/private/mycelium/key.bin" = {}; - # "/run" = {}; - # "/tmp" = {}; - # "/etc" = {}; - }; - copyToRoot = [ - # self.nixosConfigurations.default.config.system.build.toplevel - ]; - }; - }; - in { - k8s = let - pod = pkgs.writeText "${name}-pod.json" (builtins.toJSON { - apiVersion = "v1"; - kind = "Pod"; - metadata = { - inherit name; - labels = {inherit name;}; - }; - spec.containers = [ - { - inherit name args; - image = "nix:0${image}"; - ports = [ - { - name = "mycelium-tcp-0"; - containerPort = builtins.elemAt myceliumPorts.tcp 0; - } - { - name = "mycelium-udp-0"; - protocol = "UDP"; - containerPort = builtins.elemAt myceliumPorts.udp 0; - } - { - name = "mycelium-udp-1"; - protocol = "UDP"; - containerPort = builtins.elemAt myceliumPorts.udp 1; - } - ]; } - ]; - }); + ) + ]; + }; + packages = forAllSystems ( + system: + let + name = "mycelium"; + inherit (self.inputs) nix-snapshotter; - service = pkgs.writeText "${name}-service.json" (builtins.toJSON { - apiVersion = "v1"; - kind = "Service"; - metadata.name = "${name}-service"; - spec = { - type = "NodePort"; - selector = {inherit name;}; - ports = [ - { - name = "mycelium-tcp-0"; - port = builtins.elemAt myceliumPorts.tcp 0 + 50000; - targetPort = "mycelium-tcp-0"; - } - { - name = "mycelium-udp-0"; - protocol = "UDP"; - port = builtins.elemAt myceliumPorts.udp 0 + 50000; - targetPort = "mycelium-udp-0"; - } - { - name = "mycelium-udp-1"; - protocol = "UDP"; - port = builtins.elemAt myceliumPorts.udp 1 + 50000; - targetPort = "mycelium-udp-1"; - } + config = { + entrypoint = "${self.nixosConfigurations.default.config.system.build.toplevel}/init"; + # port = 2379; + args = [ ]; + # nodePort = 30001; + }; + + myceliumPorts = { + tcp = [ 9651 ]; + udp = [ + 9650 + 9651 ]; }; - }); - in - pkgs.runCommand "declarative-k8s" {} '' - mkdir -p $out/share/k8s - cp ${pod} $out/share/k8s/ - cp ${service} $out/share/k8s/ - ''; - inherit image; + inherit (config) + entrypoint + # port - start = pkgs.writeShellApplication { - name = "start"; - text = '' - set -x - rm -rf ./result - nix build --impure .#image - sudo nix2container load ./result - sudo -E nerdctl run --name ${name} --privileged -dt \ - --cgroup-manager cgroupfs \ - --volume "$PWD/key.bin.crypt:${self.nixosConfigurations.default.config.services.mycelium.keyFile}:ro" \ - "nix:0$(readlink result):latest" - ''; - }; + args + # nodePort - stop = pkgs.writeShellApplication { - name = "stop"; - text = '' - set +e - sudo -E nerdctl stop -t 60 ${name} - sudo -E nerdctl rm --force ${name} - sudo -E nerdctl system prune --all --force - sudo systemctl stop nix-snapshotter - sudo systemctl stop containerd - mount | rg -No '(/var/lib/container|/tmp/initial)[^ ]+' | tac | xargs sudo umount -l - sudo systemctl start containerd - sudo systemctl start nix-snapshotter - ''; + ; - # tmpfs on /run/credentials/mycelium.service type tmpfs (ro,nosuid,nodev,noexec,relatime,nosymfollow,size=1024k,nr_inodes=1024,mode=700,noswap) + pkgs = import nixpkgs { overlays = [ nix-snapshotter.overlays.default ]; }; - # mount -t tmpfs tmpfs /run/credentials/mycelium.service -o ro,nosuid,nodev,noexec,relatime,nosymfollow,size=1024k,nr_inodes=1024,mode=700,noswap - }; - }); - }; + image = pkgs.nix-snapshotter.buildImage { + inherit name; + resolvedByNix = true; + config = { + entrypoint = [ entrypoint ]; + env = [ + # this is read by the `/init` script and prevents various incompatible commands like mount, etc. + # the value of this doesn't seem to matter as long as it's not an empty string. + "container=nerd" + "SYSTEMD_LOG_LEVEL=debug" + ]; + volumes = { + # "/var/lib/private/mycelium/key.bin" = {}; + # "/run" = {}; + # "/tmp" = {}; + # "/etc" = {}; + }; + copyToRoot = [ + # self.nixosConfigurations.default.config.system.build.toplevel + ]; + }; + }; + in + { + k8s = + let + pod = pkgs.writeText "${name}-pod.json" ( + builtins.toJSON { + apiVersion = "v1"; + kind = "Pod"; + metadata = { + inherit name; + labels = { + inherit name; + }; + }; + spec.containers = [ + { + inherit name args; + image = "nix:0${image}"; + ports = [ + { + name = "mycelium-tcp-0"; + containerPort = builtins.elemAt myceliumPorts.tcp 0; + } + { + name = "mycelium-udp-0"; + protocol = "UDP"; + containerPort = builtins.elemAt myceliumPorts.udp 0; + } + { + name = "mycelium-udp-1"; + protocol = "UDP"; + containerPort = builtins.elemAt myceliumPorts.udp 1; + } + ]; + } + ]; + } + ); + + service = pkgs.writeText "${name}-service.json" ( + builtins.toJSON { + apiVersion = "v1"; + kind = "Service"; + metadata.name = "${name}-service"; + spec = { + type = "NodePort"; + selector = { + inherit name; + }; + ports = [ + { + name = "mycelium-tcp-0"; + port = builtins.elemAt myceliumPorts.tcp 0 + 50000; + targetPort = "mycelium-tcp-0"; + } + { + name = "mycelium-udp-0"; + protocol = "UDP"; + port = builtins.elemAt myceliumPorts.udp 0 + 50000; + targetPort = "mycelium-udp-0"; + } + { + name = "mycelium-udp-1"; + protocol = "UDP"; + port = builtins.elemAt myceliumPorts.udp 1 + 50000; + targetPort = "mycelium-udp-1"; + } + ]; + }; + } + ); + in + pkgs.runCommand "declarative-k8s" { } '' + mkdir -p $out/share/k8s + cp ${pod} $out/share/k8s/ + cp ${service} $out/share/k8s/ + ''; + + inherit image; + + start = pkgs.writeShellApplication { + name = "start"; + text = '' + set -x + rm -rf ./result + nix build --impure .#image + sudo nix2container load ./result + sudo -E nerdctl run --name ${name} --privileged -dt \ + --cgroup-manager cgroupfs \ + --volume "$PWD/key.bin.crypt:${self.nixosConfigurations.default.config.services.mycelium.keyFile}:ro" \ + "nix:0$(readlink result):latest" + ''; + }; + + stop = pkgs.writeShellApplication { + name = "stop"; + text = '' + set +e + sudo -E nerdctl stop -t 60 ${name} + sudo -E nerdctl rm --force ${name} + sudo -E nerdctl system prune --all --force + sudo systemctl stop nix-snapshotter + sudo systemctl stop containerd + mount | rg -No '(/var/lib/container|/tmp/initial)[^ ]+' | tac | xargs sudo umount -l + sudo systemctl start containerd + sudo systemctl start nix-snapshotter + ''; + + # tmpfs on /run/credentials/mycelium.service type tmpfs (ro,nosuid,nodev,noexec,relatime,nosymfollow,size=1024k,nr_inodes=1024,mode=700,noswap) + + # mount -t tmpfs tmpfs /run/credentials/mycelium.service -o ro,nosuid,nodev,noexec,relatime,nosymfollow,size=1024k,nr_inodes=1024,mode=700,noswap + }; + } + ); + }; } diff --git a/nix/os/containers/syncthing.nix b/nix/os/containers/syncthing.nix index 8c0ba82..51b7dcf 100644 --- a/nix/os/containers/syncthing.nix +++ b/nix/os/containers/syncthing.nix @@ -6,28 +6,27 @@ syncthingPort ? 22000, syncthingLocalAnnouncePort ? 21027, autoStart ? false, -}: { +}: +{ inherit specialArgs; - config = { - config, - pkgs, - ... - }: { - system.stateVersion = "20.05"; # Did you read the comment? + config = + { ... }: + { + system.stateVersion = "20.05"; # Did you read the comment? - imports = [../profiles/containers/configuration.nix]; + imports = [ ../profiles/containers/configuration.nix ]; - networking.firewall.allowedTCPPorts = [ - # syncthing gui - 8384 - ]; + networking.firewall.allowedTCPPorts = [ + # syncthing gui + 8384 + ]; - services.syncthing = { - enable = true; - openDefaultPorts = true; - guiAddress = "0.0.0.0:8384"; + services.syncthing = { + enable = true; + openDefaultPorts = true; + guiAddress = "0.0.0.0:8384"; + }; }; - }; inherit autoStart; diff --git a/nix/os/containers/webserver.nix b/nix/os/containers/webserver.nix index 456ef59..b20fa28 100644 --- a/nix/os/containers/webserver.nix +++ b/nix/os/containers/webserver.nix @@ -7,405 +7,417 @@ httpsPort, forgejoSshPort, autoStart ? false, -}: let +}: +let domain = "www.stefanjunker.de"; -in { +in +{ inherit specialArgs; - config = { - config, - pkgs, - lib, - repoFlake, - nodeFlake, - system, - ... - }: { - system.stateVersion = "22.05"; # Did you read the comment? + config = + { + config, + pkgs, + lib, + repoFlake, + nodeFlake, + system, + ... + }: + { + system.stateVersion = "22.05"; # Did you read the comment? - disabledModules = [ - "services/misc/forgejo.nix" - "services/security/kanidm.nix" - ]; - - imports = [ - "${nodeFlake.inputs.nixpkgs-unstable}/nixos/modules/services/misc/forgejo.nix" - "${repoFlake.inputs.nixpkgs-kanidm}/nixos/modules/services/security/kanidm.nix" - - ../profiles/containers/configuration.nix - - repoFlake.inputs.sops-nix.nixosModules.sops - ]; - - sops.defaultSopsFile = ./webserver_secrets.yaml; - - networking.firewall.allowedTCPPorts = [ - httpPort - httpsPort - forgejoSshPort - ]; - - sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; - sops.secrets.hedgedoc_environment_file = { - sopsFile = ./webserver_secrets.yaml; - owner = config.users.users.hedgedoc.name; - }; - - services.caddy = { - enable = true; - logFormat = '' - level ERROR - ''; - virtualHosts."${domain}" = { - extraConfig = '' - redir /hedgedoc* https://hedgedoc.${domain} - - file_server /*/* { - browse - root /var/www/stefanjunker.de/htdocs/caddy - pass_thru - } - - # respond "Hi" - # respond (not /*/*) "Hi" - ''; - }; - - virtualHosts."hedgedoc.${domain}" = { - extraConfig = '' - reverse_proxy http://[::1]:3000 - ''; - }; - - virtualHosts."authelia.${domain}" = { - extraConfig = '' - reverse_proxy http://127.0.0.1:${builtins.toString config.services.authelia.instances.default.settings.server.port} - ''; - }; - - virtualHosts."lldap.${domain}" = { - extraConfig = '' - reverse_proxy http://127.0.0.1:${builtins.toString config.services.lldap.settings.http_port} - ''; - }; - - virtualHosts."forgejo.${domain}" = { - extraConfig = '' - reverse_proxy http://127.0.0.1:${builtins.toString config.services.forgejo.settings.server.HTTP_PORT} - ''; - }; - - virtualHosts."kanidm.${domain}" = { - extraConfig = '' - reverse_proxy https://${builtins.toString config.services.kanidm.serverSettings.bindaddress} { - transport http { - tls_server_name ${config.services.kanidm.serverSettings.domain} - } - } - ''; - }; - }; - - services.hedgedoc = { - enable = true; - settings = { - domain = "hedgedoc.${domain}"; - urlPath = ""; - protocolUseSSL = true; - db = { - dialect = "sqlite"; - storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite"; - }; - - allowAnonymous = false; - allowAnonymousEdits = false; - allowGravatar = false; - allowFreeURL = false; - defaultPermission = "private"; - - allowEmailRegister = false; - email = false; - - ldap = { - url = "ldap://127.0.0.1:${builtins.toString config.services.lldap.settings.ldap_port}"; - bindDn = "uid=admin,ou=people,dc=stefanjunker,dc=de"; - # these are set via the `environmentFile` - # bindCredentials = "$LDAP_ADMIN_PASSWORD"; - searchBase = "ou=people,dc=stefanjunker,dc=de"; - searchFilter = "(&(memberOf=cn=hedgedoc,ou=groups,dc=stefanjunker,dc=de)(uid={{username}}))"; - useridField = "uid"; - }; - - oauth2 = let - originURL = config.services.kanidm.serverSettings.origin; - in { - providerName = "kanidm (${originURL})"; - - authorizationURL = "${originURL}/ui/oauth2"; - tokenURL = "${originURL}/oauth2/token"; - userProfileURL = "${originURL}/oauth2/openid/hedgedoc/userinfo"; - - scope = "openid email profile"; - # rolesClaim = "roles"; - # accessRole = "role/hedgedoc"; - - userProfileUsernameAttr = "name"; - userProfileDisplayNameAttr = "displayname"; - userProfileEmailAttr = "email"; - - clientID = "hedgedoc"; - # set via the `environmentFile` - # clientSecret = "$CMD_OAUTH2_CLIENT_SECRET"; - }; - - uploadsPath = "/var/lib/hedgedoc/uploads"; - }; - - environmentFile = config.sops.secrets.hedgedoc_environment_file.path; - }; - - services.jitsi-meet = { - enable = false; - hostName = "meet.${domain}"; - config = { - prejoinPageEnabled = true; - }; - caddy.enable = true; - nginx.enable = false; - }; - - sops.secrets.authelia_storageEncryptionKey = { - sopsFile = ./webserver_secrets.yaml; - owner = config.users.users.authelia-default.name; - }; - - sops.secrets.authelia_jwtSecret = { - sopsFile = ./webserver_secrets.yaml; - owner = config.users.users.authelia-default.name; - }; - - services.authelia.instances.default = let - baseDir = "/var/lib/authelia-default"; - in { - enable = true; - secrets.storageEncryptionKeyFile = config.sops.secrets.authelia_storageEncryptionKey.path; - secrets.jwtSecretFile = config.sops.secrets.authelia_jwtSecret.path; - settings = { - theme = "auto"; - default_2fa_method = "totp"; - log.level = "debug"; - - server = { - disable_healthcheck = true; - host = "127.0.0.1"; - port = 9091; - # path = "authelia"; - }; - - storage = { - local.path = "${baseDir}/authelia.sqlite"; - }; - - authentication_backend = { - file.path = "${baseDir}/first_factor.yaml"; - file.search.email = true; - file.search.case_insensitive = false; - }; - - access_control = { - default_policy = "one_factor"; - }; - - session.domain = "stefanjunker.de"; - - notifier = { - disable_startup_check = true; - filesystem.filename = "${baseDir}/notification.txt"; - }; - }; - }; - - users.groups.lldap = {}; - users.users.lldap = { - isSystemUser = true; - group = "lldap"; - }; - - sops.secrets.lldap_jwtSecret = { - sopsFile = ./webserver_secrets.yaml; - owner = config.users.users.lldap.name; - }; - - sops.secrets.lldap_adminPassword = { - sopsFile = ./webserver_secrets.yaml; - owner = config.users.users.lldap.name; - }; - - sops.secrets.lldap_environmentFile = { - sopsFile = ./webserver_secrets.yaml; - owner = config.users.users.lldap.name; - }; - - services.lldap = { - enable = true; - environment = { - LLDAP_JWT_SECRET_FILE = config.sops.secrets.lldap_jwtSecret.path; - LLDAP_LDAP_USER_PASS_FILE = config.sops.secrets.lldap_adminPassword.path; - }; - environmentFile = config.sops.secrets.lldap_environmentFile.path; - - settings = { - verbose = true; - - ldap_base_dn = "dc=stefanjunker,dc=de"; - http_url = "https://lldap.${domain}"; - - ## Options to configure SMTP parameters, to send password reset emails. - ## To set these options from environment variables, use the following format - ## (example with "password"): LLDAP_SMTP_OPTIONS__PASSWORD - smtp_options = { - ## Whether to enabled password reset via email, from LLDAP. - enable_password_reset = true; - - # port = 465; - ## How the connection is encrypted, either "NONE" (no encryption), "TLS" or "STARTTLS". - # smtp_encryption = "TLS"; - }; - - # database_url = "sqlite:///var/lib/lldap/users.db?mode=rwc"; - }; - }; - - sops.secrets.FORGEJO_JWT_SECRET = {}; - sops.secrets.FORGEJO_INTERNAL_TOKEN = {}; - sops.secrets.FORGEJO_SECRET_KEY = {}; - - services.forgejo = { - enable = true; - package = nodeFlake.inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.forgejo; - settings = { - service.DISABLE_REGISTRATION = true; - server.HTTP_ADDR = "127.0.0.1"; - server.START_SSH_SERVER = true; - server.SSH_PORT = forgejoSshPort; - server.ROOT_URL = "https://forgejo.${domain}"; - server.HTTP_PORT = 3001; - - # TODO: how do i get a 3072 length SSH key with the yubikey? - "ssh.minimum_key_sizes".RSA = 2048; - }; - secrets = { - oauth2.JWT_SECRET = lib.mkForce config.sops.secrets.FORGEJO_JWT_SECRET.path; - security.INTERNAL_TOKEN = lib.mkForce config.sops.secrets.FORGEJO_INTERNAL_TOKEN.path; - security.SECRET_KEY = lib.mkForce config.sops.secrets.FORGEJO_SECRET_KEY.path; - }; - }; - - systemd.services.lldap.serviceConfig.User = config.users.users.lldap.name; - systemd.services.lldap.serviceConfig.Group = config.users.groups.lldap.name; - systemd.services.lldap.serviceConfig.DynamicUser = lib.mkForce false; - - # combine a path watcher with a service that transfers the certs by caddy to kanidm - systemd.paths.kanidm-tls-watch = { - enable = true; - requiredBy = ["kanidm.service"]; - pathConfig = { - PathChanged = [ - "${config.services.caddy.dataDir}/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${config.services.kanidm.serverSettings.domain}/${config.services.kanidm.serverSettings.domain}.key" - "${config.services.caddy.dataDir}/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${config.services.kanidm.serverSettings.domain}/${config.services.kanidm.serverSettings.domain}.crt" - ]; - Unit = "kanidm-tls-update.service"; - }; - }; - systemd.services.kanidm-tls-update = let - dbDir = - builtins.dirOf - config.services.kanidm.serverSettings.db_path; - in { - enable = true; - requiredBy = ["kanidm.service"]; - unitConfig = { - # ConditionPathExists = [ - # "${config.services.caddy.dataDir}/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${config.services.kanidm.serverSettings.domain}/${config.services.kanidm.serverSettings.domain}.key" - # "${config.services.caddy.dataDir}/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${config.services.kanidm.serverSettings.domain}/${config.services.kanidm.serverSettings.domain}.crt" - # ]; - }; - serviceConfig.Type = "oneshot"; - script = let - tlsDir = builtins.dirOf config.services.kanidm.serverSettings.tls_key; - in '' - set -xe - - cat "${config.services.caddy.dataDir}/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${config.services.kanidm.serverSettings.domain}/${config.services.kanidm.serverSettings.domain}.key" > tls.key - cat "${config.services.caddy.dataDir}/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${config.services.kanidm.serverSettings.domain}/${config.services.kanidm.serverSettings.domain}.crt" > tls.chain - - chown ${config.systemd.services.kanidm.serviceConfig.User}:${config.systemd.services.kanidm.serviceConfig.Group} tls.{key,chain} - chmod 400 tls.{key,chain} - - # create the kanidm directory in case it's missing - if [[ ! -d ${tlsDir} ]]; then - mkdir -p ${tlsDir} - chown -R ${config.systemd.services.kanidm.serviceConfig.User}:${config.systemd.services.kanidm.serviceConfig.Group} ${tlsDir} - chmod 700 ${tlsDir} - fi - - mv tls.key ${config.services.kanidm.serverSettings.tls_key} - mv tls.chain ${config.services.kanidm.serverSettings.tls_chain} - - if [[ ! -d ${dbDir} ]]; then - mkdir -p ${dbDir} - chown -R ${config.systemd.services.kanidm.serviceConfig.User}:${config.systemd.services.kanidm.serviceConfig.Group} ${dbDir} - chmod 700 ${dbDir} - fi - ''; - }; - - systemd.services.kanidm.serviceConfig = let - dbDir = - builtins.dirOf - config.services.kanidm.serverSettings.db_path; - # stateDir = "/var/lib/${config.systemd.services.kanidm.serviceConfig.StateDirectory}"; - in { - # ExecStartPre = '' - # mkdir -p ${dbDir} - # ''; - BindPaths = [ - dbDir - # stateDir + disabledModules = [ + "services/misc/forgejo.nix" + "services/security/kanidm.nix" ]; - }; - services.kanidm = let - dataDir = "/var/lib/kanidm"; - in { - package = repoFlake.inputs.nixpkgs-kanidm.legacyPackages.${pkgs.system}.kanidm; + imports = [ + "${nodeFlake.inputs.nixpkgs-unstable}/nixos/modules/services/misc/forgejo.nix" + "${repoFlake.inputs.nixpkgs-kanidm}/nixos/modules/services/security/kanidm.nix" - enablePam = false; - enableClient = false; + ../profiles/containers/configuration.nix - enableServer = true; - serverSettings = { - role = "WriteReplica"; - log_level = "debug"; + repoFlake.inputs.sops-nix.nixosModules.sops + ]; - domain = "kanidm.${domain}"; - origin = "https://kanidm.${domain}"; + sops.defaultSopsFile = ./webserver_secrets.yaml; - db_path = "${dataDir}/db/kanidm.db"; + networking.firewall.allowedTCPPorts = [ + httpPort + httpsPort + forgejoSshPort + ]; - bindaddress = "127.0.0.1:8444"; + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + sops.secrets.hedgedoc_environment_file = { + sopsFile = ./webserver_secrets.yaml; + owner = config.users.users.hedgedoc.name; + }; - # don't expose ldap - # ldapbindaddress = "[::1]:6636"; + services.caddy = { + enable = true; + logFormat = '' + level ERROR + ''; + virtualHosts."${domain}" = { + extraConfig = '' + redir /hedgedoc* https://hedgedoc.${domain} - tls_key = "${dataDir}/tls/tls.key"; - tls_chain = "${dataDir}/tls/tls.chain"; + file_server /*/* { + browse + root /var/www/stefanjunker.de/htdocs/caddy + pass_thru + } - online_backup = { - schedule = "00 06 * * *"; + # respond "Hi" + # respond (not /*/*) "Hi" + ''; + }; + + virtualHosts."hedgedoc.${domain}" = { + extraConfig = '' + reverse_proxy http://[::1]:3000 + ''; + }; + + virtualHosts."authelia.${domain}" = { + extraConfig = '' + reverse_proxy http://127.0.0.1:${builtins.toString config.services.authelia.instances.default.settings.server.port} + ''; + }; + + virtualHosts."lldap.${domain}" = { + extraConfig = '' + reverse_proxy http://127.0.0.1:${builtins.toString config.services.lldap.settings.http_port} + ''; + }; + + virtualHosts."forgejo.${domain}" = { + extraConfig = '' + reverse_proxy http://127.0.0.1:${builtins.toString config.services.forgejo.settings.server.HTTP_PORT} + ''; + }; + + virtualHosts."kanidm.${domain}" = { + extraConfig = '' + reverse_proxy https://${builtins.toString config.services.kanidm.serverSettings.bindaddress} { + transport http { + tls_server_name ${config.services.kanidm.serverSettings.domain} + } + } + ''; }; }; + + services.hedgedoc = { + enable = true; + settings = { + domain = "hedgedoc.${domain}"; + urlPath = ""; + protocolUseSSL = true; + db = { + dialect = "sqlite"; + storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite"; + }; + + allowAnonymous = false; + allowAnonymousEdits = false; + allowGravatar = false; + allowFreeURL = false; + defaultPermission = "private"; + + allowEmailRegister = false; + email = false; + + ldap = { + url = "ldap://127.0.0.1:${builtins.toString config.services.lldap.settings.ldap_port}"; + bindDn = "uid=admin,ou=people,dc=stefanjunker,dc=de"; + # these are set via the `environmentFile` + # bindCredentials = "$LDAP_ADMIN_PASSWORD"; + searchBase = "ou=people,dc=stefanjunker,dc=de"; + searchFilter = "(&(memberOf=cn=hedgedoc,ou=groups,dc=stefanjunker,dc=de)(uid={{username}}))"; + useridField = "uid"; + }; + + oauth2 = + let + originURL = config.services.kanidm.serverSettings.origin; + in + { + providerName = "kanidm (${originURL})"; + + authorizationURL = "${originURL}/ui/oauth2"; + tokenURL = "${originURL}/oauth2/token"; + userProfileURL = "${originURL}/oauth2/openid/hedgedoc/userinfo"; + + scope = "openid email profile"; + # rolesClaim = "roles"; + # accessRole = "role/hedgedoc"; + + userProfileUsernameAttr = "name"; + userProfileDisplayNameAttr = "displayname"; + userProfileEmailAttr = "email"; + + clientID = "hedgedoc"; + # set via the `environmentFile` + # clientSecret = "$CMD_OAUTH2_CLIENT_SECRET"; + }; + + uploadsPath = "/var/lib/hedgedoc/uploads"; + }; + + environmentFile = config.sops.secrets.hedgedoc_environment_file.path; + }; + + services.jitsi-meet = { + enable = false; + hostName = "meet.${domain}"; + config = { + prejoinPageEnabled = true; + }; + caddy.enable = true; + nginx.enable = false; + }; + + sops.secrets.authelia_storageEncryptionKey = { + sopsFile = ./webserver_secrets.yaml; + owner = config.users.users.authelia-default.name; + }; + + sops.secrets.authelia_jwtSecret = { + sopsFile = ./webserver_secrets.yaml; + owner = config.users.users.authelia-default.name; + }; + + services.authelia.instances.default = + let + baseDir = "/var/lib/authelia-default"; + in + { + enable = true; + secrets.storageEncryptionKeyFile = config.sops.secrets.authelia_storageEncryptionKey.path; + secrets.jwtSecretFile = config.sops.secrets.authelia_jwtSecret.path; + settings = { + theme = "auto"; + default_2fa_method = "totp"; + log.level = "debug"; + + server = { + disable_healthcheck = true; + host = "127.0.0.1"; + port = 9091; + # path = "authelia"; + }; + + storage = { + local.path = "${baseDir}/authelia.sqlite"; + }; + + authentication_backend = { + file.path = "${baseDir}/first_factor.yaml"; + file.search.email = true; + file.search.case_insensitive = false; + }; + + access_control = { + default_policy = "one_factor"; + }; + + session.domain = "stefanjunker.de"; + + notifier = { + disable_startup_check = true; + filesystem.filename = "${baseDir}/notification.txt"; + }; + }; + }; + + users.groups.lldap = { }; + users.users.lldap = { + isSystemUser = true; + group = "lldap"; + }; + + sops.secrets.lldap_jwtSecret = { + sopsFile = ./webserver_secrets.yaml; + owner = config.users.users.lldap.name; + }; + + sops.secrets.lldap_adminPassword = { + sopsFile = ./webserver_secrets.yaml; + owner = config.users.users.lldap.name; + }; + + sops.secrets.lldap_environmentFile = { + sopsFile = ./webserver_secrets.yaml; + owner = config.users.users.lldap.name; + }; + + services.lldap = { + enable = true; + environment = { + LLDAP_JWT_SECRET_FILE = config.sops.secrets.lldap_jwtSecret.path; + LLDAP_LDAP_USER_PASS_FILE = config.sops.secrets.lldap_adminPassword.path; + }; + environmentFile = config.sops.secrets.lldap_environmentFile.path; + + settings = { + verbose = true; + + ldap_base_dn = "dc=stefanjunker,dc=de"; + http_url = "https://lldap.${domain}"; + + ## Options to configure SMTP parameters, to send password reset emails. + ## To set these options from environment variables, use the following format + ## (example with "password"): LLDAP_SMTP_OPTIONS__PASSWORD + smtp_options = { + ## Whether to enabled password reset via email, from LLDAP. + enable_password_reset = true; + + # port = 465; + ## How the connection is encrypted, either "NONE" (no encryption), "TLS" or "STARTTLS". + # smtp_encryption = "TLS"; + }; + + # database_url = "sqlite:///var/lib/lldap/users.db?mode=rwc"; + }; + }; + + sops.secrets.FORGEJO_JWT_SECRET = { }; + sops.secrets.FORGEJO_INTERNAL_TOKEN = { }; + sops.secrets.FORGEJO_SECRET_KEY = { }; + + services.forgejo = { + enable = true; + package = nodeFlake.inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.forgejo; + settings = { + service.DISABLE_REGISTRATION = true; + server.HTTP_ADDR = "127.0.0.1"; + server.START_SSH_SERVER = true; + server.SSH_PORT = forgejoSshPort; + server.ROOT_URL = "https://forgejo.${domain}"; + server.HTTP_PORT = 3001; + + # TODO: how do i get a 3072 length SSH key with the yubikey? + "ssh.minimum_key_sizes".RSA = 2048; + }; + secrets = { + oauth2.JWT_SECRET = lib.mkForce config.sops.secrets.FORGEJO_JWT_SECRET.path; + security.INTERNAL_TOKEN = lib.mkForce config.sops.secrets.FORGEJO_INTERNAL_TOKEN.path; + security.SECRET_KEY = lib.mkForce config.sops.secrets.FORGEJO_SECRET_KEY.path; + }; + }; + + systemd.services.lldap.serviceConfig.User = config.users.users.lldap.name; + systemd.services.lldap.serviceConfig.Group = config.users.groups.lldap.name; + systemd.services.lldap.serviceConfig.DynamicUser = lib.mkForce false; + + # combine a path watcher with a service that transfers the certs by caddy to kanidm + systemd.paths.kanidm-tls-watch = { + enable = true; + requiredBy = [ "kanidm.service" ]; + pathConfig = { + PathChanged = [ + "${config.services.caddy.dataDir}/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${config.services.kanidm.serverSettings.domain}/${config.services.kanidm.serverSettings.domain}.key" + "${config.services.caddy.dataDir}/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${config.services.kanidm.serverSettings.domain}/${config.services.kanidm.serverSettings.domain}.crt" + ]; + Unit = "kanidm-tls-update.service"; + }; + }; + systemd.services.kanidm-tls-update = + let + dbDir = builtins.dirOf config.services.kanidm.serverSettings.db_path; + in + { + enable = true; + requiredBy = [ "kanidm.service" ]; + unitConfig = { + # ConditionPathExists = [ + # "${config.services.caddy.dataDir}/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${config.services.kanidm.serverSettings.domain}/${config.services.kanidm.serverSettings.domain}.key" + # "${config.services.caddy.dataDir}/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${config.services.kanidm.serverSettings.domain}/${config.services.kanidm.serverSettings.domain}.crt" + # ]; + }; + serviceConfig.Type = "oneshot"; + script = + let + tlsDir = builtins.dirOf config.services.kanidm.serverSettings.tls_key; + in + '' + set -xe + + cat "${config.services.caddy.dataDir}/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${config.services.kanidm.serverSettings.domain}/${config.services.kanidm.serverSettings.domain}.key" > tls.key + cat "${config.services.caddy.dataDir}/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${config.services.kanidm.serverSettings.domain}/${config.services.kanidm.serverSettings.domain}.crt" > tls.chain + + chown ${config.systemd.services.kanidm.serviceConfig.User}:${config.systemd.services.kanidm.serviceConfig.Group} tls.{key,chain} + chmod 400 tls.{key,chain} + + # create the kanidm directory in case it's missing + if [[ ! -d ${tlsDir} ]]; then + mkdir -p ${tlsDir} + chown -R ${config.systemd.services.kanidm.serviceConfig.User}:${config.systemd.services.kanidm.serviceConfig.Group} ${tlsDir} + chmod 700 ${tlsDir} + fi + + mv tls.key ${config.services.kanidm.serverSettings.tls_key} + mv tls.chain ${config.services.kanidm.serverSettings.tls_chain} + + if [[ ! -d ${dbDir} ]]; then + mkdir -p ${dbDir} + chown -R ${config.systemd.services.kanidm.serviceConfig.User}:${config.systemd.services.kanidm.serviceConfig.Group} ${dbDir} + chmod 700 ${dbDir} + fi + ''; + }; + + systemd.services.kanidm.serviceConfig = + let + dbDir = builtins.dirOf config.services.kanidm.serverSettings.db_path; + in + # stateDir = "/var/lib/${config.systemd.services.kanidm.serviceConfig.StateDirectory}"; + { + # ExecStartPre = '' + # mkdir -p ${dbDir} + # ''; + BindPaths = [ + dbDir + # stateDir + ]; + }; + + services.kanidm = + let + dataDir = "/var/lib/kanidm"; + in + { + package = repoFlake.inputs.nixpkgs-kanidm.legacyPackages.${pkgs.system}.kanidm; + + enablePam = false; + enableClient = false; + + enableServer = true; + serverSettings = { + role = "WriteReplica"; + log_level = "debug"; + + domain = "kanidm.${domain}"; + origin = "https://kanidm.${domain}"; + + db_path = "${dataDir}/db/kanidm.db"; + + bindaddress = "127.0.0.1:8444"; + + # don't expose ldap + # ldapbindaddress = "[::1]:6636"; + + tls_key = "${dataDir}/tls/tls.key"; + tls_chain = "${dataDir}/tls/tls.chain"; + + online_backup = { + schedule = "00 06 * * *"; + }; + }; + }; }; - }; inherit autoStart; diff --git a/nix/os/containers/webserver_secrets.yaml b/nix/os/containers/webserver_secrets.yaml index 033e618..62dc6e8 100644 --- a/nix/os/containers/webserver_secrets.yaml +++ b/nix/os/containers/webserver_secrets.yaml @@ -9,37 +9,37 @@ FORGEJO_JWT_SECRET: ENC[AES256_GCM,data:nVz9x7+K+rBIZxuQP7o0WNFHUz89eR9cwBjfSAx9 FORGEJO_INTERNAL_TOKEN: ENC[AES256_GCM,data:EIono9HSyvp1nQM0ij3ln3IUXO4moFbRgVddeV0BZBXmZG05jdjZ1SIXo/BxoSmRKnjllR7P00CpajNM5zORldlsBId5oAYL5GZtY3/nmxeXucJidknuow22G7Z8wRJJGBdishbgQhmc,iv:1D93gTUF1+DUR8qLJgML+oUhvSslhxEjGnbBC/PWHXw=,tag:NZB+mwba4TzLcUANZLDRTw==,type:str] FORGEJO_SECRET_KEY: ENC[AES256_GCM,data:CewYFZtcXKUD5/oSM0Q32rhw+urdA0eQhdYp8EFHUXxEtL6f5NWK6IOwIlMuEv1/FjtTWlqxWekOZpmxBRzwnw==,iv:qLyVB7Nc+rDbBoO5g82/vPdykwOATHCSDLhvS+fK9PM=,tag:4NMhUvKmrRd6qrcQq3R8wA==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0SkxFSkJQb29UeVRnZnFh - U3BJeGZ1NUVzMk0ycXBvWExyZDcveXZrd2pJCmpCeS80VE5McWVHQnZpaHFERmNh - YWZIMHRtQkd5Vm54MWR3bkhUUDRvejQKLS0tIG9NSkpCSkEyZFRyOXorWE1KLytP - eWdXVHg5MTlQQU9GeElPeUZXUlBlaTgKceDu3tLbQM/DxY0tJYJTPy2Dl/SBYaoc - KfMZOkc322/NvgWu/3Ke0hV1/eMk8EICwXbSwHhXr5a0+cwPZ9xV4A== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-16T12:28:51Z" - mac: ENC[AES256_GCM,data:nrd2czzJlBcFfwn6lzh4qqco+/XsU2J6BqvQqMtskh3mL4Xx25IAzxiCno0KlNGr6o4YsuZP5anOX9RvrDq76Us3JQ7pDi3iQGPhmg+SE9u3Rwqn1/3YConvdfPV2DNB+tuyG3UVoRqpA4d+HdcYjN9n1UKk54R6UdSm9UrA+zc=,iv:Juupyet09zUAMu7bmVxq+/Q0bXJAzR0wAyt6vKNns3w=,tag:owdUWuXrQcDdiWi+1geY9A==,type:str] - pgp: - - created_at: "2023-07-09T17:51:27Z" - enc: |- - -----BEGIN PGP MESSAGE----- + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0SkxFSkJQb29UeVRnZnFh + U3BJeGZ1NUVzMk0ycXBvWExyZDcveXZrd2pJCmpCeS80VE5McWVHQnZpaHFERmNh + YWZIMHRtQkd5Vm54MWR3bkhUUDRvejQKLS0tIG9NSkpCSkEyZFRyOXorWE1KLytP + eWdXVHg5MTlQQU9GeElPeUZXUlBlaTgKceDu3tLbQM/DxY0tJYJTPy2Dl/SBYaoc + KfMZOkc322/NvgWu/3Ke0hV1/eMk8EICwXbSwHhXr5a0+cwPZ9xV4A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-10-16T12:28:51Z" + mac: ENC[AES256_GCM,data:nrd2czzJlBcFfwn6lzh4qqco+/XsU2J6BqvQqMtskh3mL4Xx25IAzxiCno0KlNGr6o4YsuZP5anOX9RvrDq76Us3JQ7pDi3iQGPhmg+SE9u3Rwqn1/3YConvdfPV2DNB+tuyG3UVoRqpA4d+HdcYjN9n1UKk54R6UdSm9UrA+zc=,iv:Juupyet09zUAMu7bmVxq+/Q0bXJAzR0wAyt6vKNns3w=,tag:owdUWuXrQcDdiWi+1geY9A==,type:str] + pgp: + - created_at: "2023-07-09T17:51:27Z" + enc: |- + -----BEGIN PGP MESSAGE----- - wcBMA0SHG/zF3227AQgAs92CvegZAcuyNllIp9zHUp7jFqfXhuoAOKKmOZvN4TBD - gQM7jKAXXwbMy90gGWF9EkdMzeBqG4S9ZM8gPAYcZkt98F0PGu6wBSvvYnUdDOcO - 8tvhEhBSE19xCIR7BeG9bhooEJ1V3LSZzrwyikeHUHAqDQLrwM7jrPOef22PIzH+ - XPtwWMVwVzwRJTZ/uV11vIV60b0zfnB8ZJzv7RbXsob8octy4LRe6Vb0BUd5ON3w - YULnyMlFFGekiqAPBk0K5Xib35qBu6mtnmxWzVUqT4pgiShoZsRQs3At1Onm7Cku - bqIDMoCYTvSzwDCOYp2+ni/ZOIuDvBiRCPoNuLjkD9JRAcCbjuxA6w0eaJKFTzoI - F1olIecBtQOQQn+iXya/rx69wDtR9965gecWRMbRg6tYncumpdQB//MWALhVmr6i - g+ZF+9NNqOTKsBzEnuGsZRnI - =iXfo - -----END PGP MESSAGE----- - fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B - unencrypted_suffix: _unencrypted - version: 3.8.1 + wcBMA0SHG/zF3227AQgAs92CvegZAcuyNllIp9zHUp7jFqfXhuoAOKKmOZvN4TBD + gQM7jKAXXwbMy90gGWF9EkdMzeBqG4S9ZM8gPAYcZkt98F0PGu6wBSvvYnUdDOcO + 8tvhEhBSE19xCIR7BeG9bhooEJ1V3LSZzrwyikeHUHAqDQLrwM7jrPOef22PIzH+ + XPtwWMVwVzwRJTZ/uV11vIV60b0zfnB8ZJzv7RbXsob8octy4LRe6Vb0BUd5ON3w + YULnyMlFFGekiqAPBk0K5Xib35qBu6mtnmxWzVUqT4pgiShoZsRQs3At1Onm7Cku + bqIDMoCYTvSzwDCOYp2+ni/ZOIuDvBiRCPoNuLjkD9JRAcCbjuxA6w0eaJKFTzoI + F1olIecBtQOQQn+iXya/rx69wDtR9965gecWRMbRg6tYncumpdQB//MWALhVmr6i + g+ZF+9NNqOTKsBzEnuGsZRnI + =iXfo + -----END PGP MESSAGE----- + fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/nix/os/devices/default.nix b/nix/os/devices/default.nix index bc8e0ad..02b0212 100644 --- a/nix/os/devices/default.nix +++ b/nix/os/devices/default.nix @@ -1,20 +1,25 @@ { dir, - pkgs ? import {}, - ownLib ? import ../lib/default.nix {inherit (pkgs) lib;}, + pkgs ? import { }, + ownLib ? import ../lib/default.nix { inherit (pkgs) lib; }, gitRoot ? "$(git rev-parse --show-toplevel)", # FIXME: why do these need explicit mentioning? moreargs ? "", rebuildarg ? "", ... -} @ args: let - rebuildargsSudo = ["switch" "boot"]; - rebuild = { - gitRoot, - rebuildarg ? "dry-activate", - moreargs ? "", - ... - }: +}@args: +let + rebuildargsSudo = [ + "switch" + "boot" + ]; + rebuild = + { + gitRoot, + rebuildarg ? "dry-activate", + moreargs ? "", + ... + }: pkgs.writeScript "script" '' #!/usr/bin/env bash set -xe @@ -30,25 +35,24 @@ ${ if - (builtins.elem rebuildarg rebuildargsSudo) - && (builtins.match ".*--target-host.*" moreargs) == null - then "sudo -E \\" - else "" + (builtins.elem rebuildarg rebuildargsSudo) && (builtins.match ".*--target-host.*" moreargs) == null + then + "sudo -E \\" + else + "" } nixos-rebuild --show-trace -I nixos-config=''${NIXOS_CONFIG} ${rebuildarg} ${moreargs} ''; -in { - recipes = - { - rebuild = - rebuild { - inherit gitRoot; - inherit moreargs; - inherit rebuildarg; - } - # // pkgs.lib.attrsets.optionalAttrs (moreargs != "") { inherit moreargs; } - # // pkgs.lib.attrsets.optionalAttrs (rebuildarg != "") { inherit rebuildarg; } - ; +in +{ + recipes = { + rebuild = rebuild { + inherit gitRoot; + inherit moreargs; + inherit rebuildarg; } - // (import ./disk.nix (args // {inherit pkgs ownLib gitRoot;})); + # // pkgs.lib.attrsets.optionalAttrs (moreargs != "") { inherit moreargs; } + # // pkgs.lib.attrsets.optionalAttrs (rebuildarg != "") { inherit rebuildarg; } + ; + } // (import ./disk.nix (args // { inherit pkgs ownLib gitRoot; })); } diff --git a/nix/os/devices/disk.nix b/nix/os/devices/disk.nix index f62c6a9..f639344 100644 --- a/nix/os/devices/disk.nix +++ b/nix/os/devices/disk.nix @@ -3,40 +3,29 @@ ownLib, dir, gitRoot, - diskId ? - (import ((builtins.getEnv "PWD") + "/${dir}/hw.nix") - {}) - .hardware - .opinionatedDisk - .diskId, + diskId ? (import ((builtins.getEnv "PWD") + "/${dir}/hw.nix") { }).hardware.opinionatedDisk.diskId, encrypted ? - (import ((builtins.getEnv "PWD") + "/${dir}/hw.nix") - {}) - .hardware - .opinionatedDisk - .encrypted, + (import ((builtins.getEnv "PWD") + "/${dir}/hw.nix") { }).hardware.opinionatedDisk.encrypted, previousDiskId ? "", ... -}: let +}: +let mntRootVol = "/mnt/${diskId}-root"; -in rec { +in +rec { diskMount = pkgs.writeScript "script" '' #!/usr/bin/env bash set -xe echo Mounting ${diskId} ${pkgs.lib.strings.optionalString encrypted '' - sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ - ownLib.disk.luksName diskId - } + sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId} ''} sleep 1 sudo vgchange -ay ${ownLib.disk.volumeGroup diskId} sudo mkdir -p /mnt sudo mkdir ${mntRootVol} sudo mount ${ownLib.disk.rootFsDevice diskId} ${mntRootVol} - sudo mount ${ - ownLib.disk.rootFsDevice diskId - } ${mntRootVol}/nixos/home -o subvol=home + sudo mount ${ownLib.disk.rootFsDevice diskId} ${mntRootVol}/nixos/home -o subvol=home sudo mount ${ownLib.disk.bootFsDevice diskId} ${mntRootVol}/nixos/boot ''; @@ -73,9 +62,7 @@ in rec { #!/usr/bin/env bash set -xe - read -p "Continue to format ${ - ownLib.disk.bootGrubDevice diskId - } (YES/n)? " choice + read -p "Continue to format ${ownLib.disk.bootGrubDevice diskId} (YES/n)? " choice case "$choice" in YES ) echo "Continuing in 3 seconds..."; sleep 3;; n|N ) echo "Exiting..."; exit 0;; @@ -122,15 +109,11 @@ in rec { ${pkgs.lib.strings.optionalString encrypted '' # Encrypt sudo cryptsetup luksFormat ${ownLib.disk.bootLuksDevice diskId} - - sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ - ownLib.disk.luksName diskId - } + sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId} ''} # LVM - sudo vgcreate ${ownLib.disk.volumeGroup diskId} ${ - ownLib.disk.lvmPv diskId encrypted - } + sudo vgcreate ${ownLib.disk.volumeGroup diskId} ${ownLib.disk.lvmPv diskId encrypted} sudo lvcreate ${ownLib.disk.volumeGroup diskId} -L 2G -n swap sudo lvcreate ${ownLib.disk.volumeGroup diskId} -l 100%FREE -n root @@ -154,9 +137,7 @@ in rec { #!/usr/bin/env bash set -xe - read -p "Continue to relabel ${ - ownLib.disk.bootGrubDevice diskId - } (YES/n)?" choice + read -p "Continue to relabel ${ownLib.disk.bootGrubDevice diskId} (YES/n)?" choice case "$choice" in YES ) echo "Continuing in 3 seconds..."; sleep 3;; n|N ) echo "Exiting..."; exit 0;; @@ -187,13 +168,9 @@ in rec { if test "${previousDiskId}"; then - ${ - pkgs.lib.strings.optionalString encrypted '' - sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ - ownLib.disk.luksName diskId - } - '' - } + ${pkgs.lib.strings.optionalString encrypted '' + sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId} + ''} sync sleep 1 if sudo vgs ${previousDiskId}; then diff --git a/nix/os/devices/elias-e525/boot.nix b/nix/os/devices/elias-e525/boot.nix index ab6c098..6698046 100644 --- a/nix/os/devices/elias-e525/boot.nix +++ b/nix/os/devices/elias-e525/boot.nix @@ -1,4 +1,5 @@ -{lib, ...}: { +{ lib, ... }: +{ boot.loader.grub.efiSupport = lib.mkForce false; boot.loader.efi.canTouchEfiVariables = lib.mkForce false; } diff --git a/nix/os/devices/elias-e525/configuration.nix b/nix/os/devices/elias-e525/configuration.nix index d39da6f..ea92869 100644 --- a/nix/os/devices/elias-e525/configuration.nix +++ b/nix/os/devices/elias-e525/configuration.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ imports = [ ../../profiles/common/configuration.nix ../../profiles/graphical/configuration.nix diff --git a/nix/os/devices/elias-e525/default.nix b/nix/os/devices/elias-e525/default.nix index 4b4d676..ba02693 100644 --- a/nix/os/devices/elias-e525/default.nix +++ b/nix/os/devices/elias-e525/default.nix @@ -3,17 +3,17 @@ repoFlake, nodeFlake, ... -}: let +}: +let system = "x86_64-linux"; -in { +in +{ meta.nodeSpecialArgs.${nodeName} = { inherit repoFlake nodeName nodeFlake; packages' = repoFlake.packages.${system}; }; - meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { - inherit system; - }; + meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; }; ${nodeName} = { deployment.targetHost = "elias-e525.lan"; diff --git a/nix/os/devices/elias-e525/flake.nix b/nix/os/devices/elias-e525/flake.nix index 3f73b91..d5bd2c5 100644 --- a/nix/os/devices/elias-e525/flake.nix +++ b/nix/os/devices/elias-e525/flake.nix @@ -6,5 +6,5 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = _: {}; + outputs = _: { }; } diff --git a/nix/os/devices/elias-e525/hw.nix b/nix/os/devices/elias-e525/hw.nix index 269281c..23d4edb 100644 --- a/nix/os/devices/elias-e525/hw.nix +++ b/nix/os/devices/elias-e525/hw.nix @@ -1,4 +1,4 @@ -{...}: { +_: { # TASK: new device hardware.opinionatedDisk = { enable = true; diff --git a/nix/os/devices/elias-e525/pkg.nix b/nix/os/devices/elias-e525/pkg.nix index e119032..57d813e 100644 --- a/nix/os/devices/elias-e525/pkg.nix +++ b/nix/os/devices/elias-e525/pkg.nix @@ -1,8 +1,5 @@ -{ - pkgs, - lib, - ... -}: let +{ pkgs, lib, ... }: +let homeEnv = keyboard: { imports = [ ../../../home-manager/profiles/common.nix @@ -22,26 +19,27 @@ rustdesk ]; }; -in { - services.gnome = builtins.mapAttrs (attr: value: lib.mkForce value) { +in +{ + services.gnome = builtins.mapAttrs (_attr: value: lib.mkForce value) { gnome-remote-desktop.enable = true; }; home-manager.users.steveej = homeEnv { layout = "en"; - options = ["nodeadkey"]; + options = [ "nodeadkey" ]; variant = "altgr-intl"; }; home-manager.users.elias = homeEnv { layout = "de"; - options = []; + options = [ ]; variant = ""; }; home-manager.users.justyna = homeEnv { layout = "de"; - options = []; + options = [ ]; variant = ""; }; diff --git a/nix/os/devices/elias-e525/system.nix b/nix/os/devices/elias-e525/system.nix index 6763062..d2a3efe 100644 --- a/nix/os/devices/elias-e525/system.nix +++ b/nix/os/devices/elias-e525/system.nix @@ -1,10 +1,5 @@ +{ pkgs, lib, ... }: { - pkgs, - lib, - config, - ... -}: let -in { # TASK: new device networking.hostName = "elias-e525"; # Define your hostname. @@ -38,11 +33,13 @@ in { # udev.packages = [ pkgs.gnome3.gnome-settings-daemon ]; }; - security.pki.certificateFiles = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"]; + security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]; - services.xserver.videoDrivers = ["modesetting"]; + services.xserver.videoDrivers = [ "modesetting" ]; boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; - nix.gc = {automatic = true;}; + nix.gc = { + automatic = true; + }; } diff --git a/nix/os/devices/elias-e525/user.nix b/nix/os/devices/elias-e525/user.nix index 196c96a..c4690cf 100644 --- a/nix/os/devices/elias-e525/user.nix +++ b/nix/os/devices/elias-e525/user.nix @@ -1,12 +1,9 @@ -{ - config, - pkgs, - lib, - ... -}: let +{ config, pkgs, ... }: +let keys = import ../../../variables/keys.nix; - inherit (pkgs.callPackage ../../lib/default.nix {}) mkUser; -in { + inherit (pkgs.callPackage ../../lib/default.nix { }) mkUser; +in +{ sops.secrets.sharedUsers-elias = { sopsFile = ../../../../secrets/shared-users.yaml; neededForUsers = true; diff --git a/nix/os/devices/fwhost1/boot.nix b/nix/os/devices/fwhost1/boot.nix index 4d8c1d1..639698f 100644 --- a/nix/os/devices/fwhost1/boot.nix +++ b/nix/os/devices/fwhost1/boot.nix @@ -1,4 +1,5 @@ -{lib, ...}: { +{ lib, ... }: +{ boot.loader.grub.efiInstallAsRemovable = lib.mkForce true; boot.loader.efi.canTouchEfiVariables = lib.mkForce false; } diff --git a/nix/os/devices/fwhost1/configuration.nix b/nix/os/devices/fwhost1/configuration.nix index ed238cb..fbdc4c0 100644 --- a/nix/os/devices/fwhost1/configuration.nix +++ b/nix/os/devices/fwhost1/configuration.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ imports = [ ../../profiles/common/configuration.nix ../../modules/opinionatedDisk.nix diff --git a/nix/os/devices/fwhost1/hw.nix b/nix/os/devices/fwhost1/hw.nix index 6c1aaaf..43334ed 100644 --- a/nix/os/devices/fwhost1/hw.nix +++ b/nix/os/devices/fwhost1/hw.nix @@ -1,5 +1,4 @@ -{...}: let -in { +_: { # TASK: new device hardware.opinionatedDisk = { enable = true; diff --git a/nix/os/devices/fwhost1/pkg.nix b/nix/os/devices/fwhost1/pkg.nix index 6650ad9..aacf501 100644 --- a/nix/os/devices/fwhost1/pkg.nix +++ b/nix/os/devices/fwhost1/pkg.nix @@ -1,17 +1,17 @@ -{pkgs, ...}: { - nixpkgs.config.packageOverrides = pkgs: - with pkgs; { - nixPath = - (import ../../../default.nix { - versionsPath = ./versions.nix; - }) - .nixPath; +{ pkgs, ... }: +{ + nixpkgs.config.packageOverrides = + pkgs: with pkgs; { + inherit ((import ../../../default.nix { versionsPath = ./versions.nix; })) nixPath; }; home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; }; - environment.systemPackages = with pkgs; [iw wirelesstools]; + environment.systemPackages = with pkgs; [ + iw + wirelesstools + ]; system.stateVersion = "21.11"; } diff --git a/nix/os/devices/fwhost1/system.nix b/nix/os/devices/fwhost1/system.nix index abe1717..548caec 100644 --- a/nix/os/devices/fwhost1/system.nix +++ b/nix/os/devices/fwhost1/system.nix @@ -1,12 +1,8 @@ -{ - pkgs, - lib, - config, - ... -}: let - keys = import ../../../variables/keys.nix; +{ pkgs, lib, ... }: +let passwords = import ../../../variables/passwords.crypt.nix; -in { +in +{ # TASK: new device networking.hostName = "fwhost1"; # Define your hostname. @@ -21,11 +17,14 @@ in { networking.firewall.logRefusedConnections = false; networking.usePredictableInterfaceNames = false; - networking.bridges.breth.interfaces = ["eth0" "eth1"]; + networking.bridges.breth.interfaces = [ + "eth0" + "eth1" + ]; networking.bridges.breth.rstp = true; networking.defaultGateway.address = "172.172.171.10"; - networking.nameservers = ["172.172.171.10"]; + networking.nameservers = [ "172.172.171.10" ]; # WAN interfaces, currently unused because the OPNsense guest acts as a router. networking.vlans.wan1.id = 3; diff --git a/nix/os/devices/fwhost1/user.nix b/nix/os/devices/fwhost1/user.nix index 98f59ba..958608a 100644 --- a/nix/os/devices/fwhost1/user.nix +++ b/nix/os/devices/fwhost1/user.nix @@ -1,9 +1 @@ -{ - config, - pkgs, - ... -}: let - passwords = import ../../../variables/passwords.crypt.nix; - keys = import ../../../variables/keys.nix; - inherit (import ../../lib/default.nix {}) mkUser; -in {} +_: { } diff --git a/nix/os/devices/fwhost1/versions.nix b/nix/os/devices/fwhost1/versions.nix index c6dac79..276eb87 100644 --- a/nix/os/devices/fwhost1/versions.nix +++ b/nix/os/devices/fwhost1/versions.nix @@ -4,9 +4,12 @@ let ref = "nixos-21.11"; rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb"; }; -in { +in +{ inherit nixpkgs; - nixos = nixpkgs // {suffix = "/nixos";}; + nixos = nixpkgs // { + suffix = "/nixos"; + }; "channels-nixos-stable" = nixpkgs; "channels-nixos-unstable" = { diff --git a/nix/os/devices/fwhost1/versions.tmpl.nix b/nix/os/devices/fwhost1/versions.tmpl.nix index c9dc8a9..d3d0c19 100644 --- a/nix/os/devices/fwhost1/versions.tmpl.nix +++ b/nix/os/devices/fwhost1/versions.tmpl.nix @@ -6,9 +6,12 @@ let <% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d ' ' -%>''; }; -in { +in +{ inherit nixpkgs; - nixos = nixpkgs // {suffix = "/nixos";}; + nixos = nixpkgs // { + suffix = "/nixos"; + }; "channels-nixos-stable" = nixpkgs; "channels-nixos-unstable" = { diff --git a/nix/os/devices/fwhost2/boot.nix b/nix/os/devices/fwhost2/boot.nix index 4d8c1d1..639698f 100644 --- a/nix/os/devices/fwhost2/boot.nix +++ b/nix/os/devices/fwhost2/boot.nix @@ -1,4 +1,5 @@ -{lib, ...}: { +{ lib, ... }: +{ boot.loader.grub.efiInstallAsRemovable = lib.mkForce true; boot.loader.efi.canTouchEfiVariables = lib.mkForce false; } diff --git a/nix/os/devices/fwhost2/configuration.nix b/nix/os/devices/fwhost2/configuration.nix index ed238cb..fbdc4c0 100644 --- a/nix/os/devices/fwhost2/configuration.nix +++ b/nix/os/devices/fwhost2/configuration.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ imports = [ ../../profiles/common/configuration.nix ../../modules/opinionatedDisk.nix diff --git a/nix/os/devices/fwhost2/hw.nix b/nix/os/devices/fwhost2/hw.nix index c207b8c..a8891e3 100644 --- a/nix/os/devices/fwhost2/hw.nix +++ b/nix/os/devices/fwhost2/hw.nix @@ -1,5 +1,4 @@ -{...}: let -in { +_: { # TASK: new device hardware.opinionatedDisk = { enable = true; diff --git a/nix/os/devices/fwhost2/pkg.nix b/nix/os/devices/fwhost2/pkg.nix index 6650ad9..aacf501 100644 --- a/nix/os/devices/fwhost2/pkg.nix +++ b/nix/os/devices/fwhost2/pkg.nix @@ -1,17 +1,17 @@ -{pkgs, ...}: { - nixpkgs.config.packageOverrides = pkgs: - with pkgs; { - nixPath = - (import ../../../default.nix { - versionsPath = ./versions.nix; - }) - .nixPath; +{ pkgs, ... }: +{ + nixpkgs.config.packageOverrides = + pkgs: with pkgs; { + inherit ((import ../../../default.nix { versionsPath = ./versions.nix; })) nixPath; }; home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; }; - environment.systemPackages = with pkgs; [iw wirelesstools]; + environment.systemPackages = with pkgs; [ + iw + wirelesstools + ]; system.stateVersion = "21.11"; } diff --git a/nix/os/devices/fwhost2/system.nix b/nix/os/devices/fwhost2/system.nix index 54da0ba..652347f 100644 --- a/nix/os/devices/fwhost2/system.nix +++ b/nix/os/devices/fwhost2/system.nix @@ -1,13 +1,8 @@ -{ - pkgs, - lib, - config, - utils, - ... -}: let - keys = import ../../../variables/keys.nix; +{ pkgs, lib, ... }: +let passwords = import ../../../variables/passwords.crypt.nix; -in { +in +{ # TASK: new device networking.hostName = "fwhost2"; # Define your hostname. @@ -22,11 +17,14 @@ in { networking.firewall.logRefusedConnections = false; networking.usePredictableInterfaceNames = false; - networking.bridges.breth.interfaces = ["eth0" "eth1"]; + networking.bridges.breth.interfaces = [ + "eth0" + "eth1" + ]; networking.bridges.breth.rstp = true; networking.defaultGateway.address = "172.172.171.10"; - networking.nameservers = ["172.172.171.10"]; + networking.nameservers = [ "172.172.171.10" ]; # WAN interfaces, currently unused because the OPNsense guest acts as a router. networking.vlans.wan1.id = 3; diff --git a/nix/os/devices/fwhost2/user.nix b/nix/os/devices/fwhost2/user.nix index d7dc0dc..47efa02 100644 --- a/nix/os/devices/fwhost2/user.nix +++ b/nix/os/devices/fwhost2/user.nix @@ -1,12 +1,4 @@ -{ - config, - pkgs, - ... -}: let - passwords = import ../../../variables/passwords.crypt.nix; - keys = import ../../../variables/keys.nix; - inherit (import ../../lib/default.nix {inherit (pkgs) lib;}) mkUser; -in { +_: { # users.extraUsers.steveej2 = mkUser { # uid = 1001; # openssh.authorizedKeys.keys = keys.users.steveej.openssh; diff --git a/nix/os/devices/fwhost2/versions.nix b/nix/os/devices/fwhost2/versions.nix index c6dac79..276eb87 100644 --- a/nix/os/devices/fwhost2/versions.nix +++ b/nix/os/devices/fwhost2/versions.nix @@ -4,9 +4,12 @@ let ref = "nixos-21.11"; rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb"; }; -in { +in +{ inherit nixpkgs; - nixos = nixpkgs // {suffix = "/nixos";}; + nixos = nixpkgs // { + suffix = "/nixos"; + }; "channels-nixos-stable" = nixpkgs; "channels-nixos-unstable" = { diff --git a/nix/os/devices/fwhost2/versions.tmpl.nix b/nix/os/devices/fwhost2/versions.tmpl.nix index c9dc8a9..d3d0c19 100644 --- a/nix/os/devices/fwhost2/versions.tmpl.nix +++ b/nix/os/devices/fwhost2/versions.tmpl.nix @@ -6,9 +6,12 @@ let <% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d ' ' -%>''; }; -in { +in +{ inherit nixpkgs; - nixos = nixpkgs // {suffix = "/nixos";}; + nixos = nixpkgs // { + suffix = "/nixos"; + }; "channels-nixos-stable" = nixpkgs; "channels-nixos-unstable" = { diff --git a/nix/os/devices/hstk0/README.md b/nix/os/devices/hstk0/README.md index d70e379..60ee180 100644 --- a/nix/os/devices/hstk0/README.md +++ b/nix/os/devices/hstk0/README.md @@ -1,7 +1,6 @@ ## bootstrapping ``` -# TODO: generate an SSH host-key and deploy it via --extra-files +# TODO: generate an SSH host-key and deploy it via --extra-files nixos-anywhere --flake .\#sj-bm-hostkey0 root@185.130.227.252 ``` - diff --git a/nix/os/devices/hstk0/configuration.nix b/nix/os/devices/hstk0/configuration.nix index ea3c795..32fad43 100644 --- a/nix/os/devices/hstk0/configuration.nix +++ b/nix/os/devices/hstk0/configuration.nix @@ -1,17 +1,14 @@ { - modulesPath, repoFlake, - packages', pkgs, lib, - config, nodeFlake, nodeName, system, ... -}: { - disabledModules = [ - ]; +}: +{ + disabledModules = [ ]; imports = [ nodeFlake.inputs.disko.nixosModules.disko @@ -28,9 +25,7 @@ } ../../snippets/nix-settings.nix - { - nix.settings.sandbox = lib.mkForce "relaxed"; - } + { nix.settings.sandbox = lib.mkForce "relaxed"; } ../../snippets/mycelium.nix @@ -80,60 +75,58 @@ nat.enable = true; firewall.enable = true; - firewall.allowedTCPPorts = [ - 5201 - ]; - firewall.allowedUDPPorts = [ - 5201 - ]; + firewall.allowedTCPPorts = [ 5201 ]; + firewall.allowedUDPPorts = [ 5201 ]; }; - disko.devices = let - disk = id: { - type = "disk"; - device = "/dev/${id}"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1M"; - type = "EF02"; # for grub MBR - }; - mdadm = { - size = "100%"; - content = { - type = "mdraid"; - name = "raid0"; + disko.devices = + let + disk = id: { + type = "disk"; + device = "/dev/${id}"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + mdadm = { + size = "100%"; + content = { + type = "mdraid"; + name = "raid0"; + }; }; }; }; }; - }; - in { - disk = { - sda = disk "sda"; - sdb = disk "sdb"; - }; - mdadm = { - raid0 = { - type = "mdadm"; - level = 0; - content = { - type = "gpt"; - partitions = { - primary = { - size = "100%"; - content = { - type = "filesystem"; - format = "btrfs"; - mountpoint = "/"; + in + { + disk = { + sda = disk "sda"; + sdb = disk "sdb"; + }; + mdadm = { + raid0 = { + type = "mdadm"; + level = 0; + content = { + type = "gpt"; + partitions = { + primary = { + size = "100%"; + content = { + type = "filesystem"; + format = "btrfs"; + mountpoint = "/"; + }; }; }; }; }; }; }; - }; system.stateVersion = "24.05"; @@ -149,7 +142,5 @@ virtualisation.libvirtd.enable = true; - boot.binfmt.emulatedSystems = [ - "aarch64-linux" - ]; + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; } diff --git a/nix/os/devices/hstk0/default.nix b/nix/os/devices/hstk0/default.nix index 86b5f1a..62e6cc1 100644 --- a/nix/os/devices/hstk0/default.nix +++ b/nix/os/devices/hstk0/default.nix @@ -3,19 +3,22 @@ repoFlake, nodeFlake, ... -}: let +}: +let system = "x86_64-linux"; -in { +in +{ meta.nodeSpecialArgs.${nodeName} = { - inherit repoFlake nodeName nodeFlake system; + inherit + repoFlake + nodeName + nodeFlake + system + ; packages' = repoFlake.packages.${system}; }; - meta.nodeNixpkgs.${nodeName} = - import nodeFlake.inputs.nixpkgs.outPath - { - inherit system; - }; + meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; }; ${nodeName} = { deployment.targetHost = "185.130.224.33"; diff --git a/nix/os/devices/hstk0/flake.nix b/nix/os/devices/hstk0/flake.nix index 8f0a7f4..6c9b22f 100644 --- a/nix/os/devices/hstk0/flake.nix +++ b/nix/os/devices/hstk0/flake.nix @@ -16,38 +16,37 @@ # outputs = _: {}; - outputs = { - self, - get-flake, - nixpkgs, - ... - } @ attrs: let - system = "x86_64-linux"; - nodeName = "hostkey-0"; + outputs = + { + self, + get-flake, + nixpkgs, + ... + }: + let + system = "x86_64-linux"; + nodeName = "hostkey-0"; - mkNixosConfiguration = {extraModules ? [], ...} @ attrs: - nixpkgs.lib.nixosSystem ( - nixpkgs.lib.attrsets.recursiveUpdate - attrs + mkNixosConfiguration = { - specialArgs = { - nodeFlake = self; - repoFlake = get-flake ../../../..; - inherit nodeName; - }; + extraModules ? [ ], + ... + }@attrs: + nixpkgs.lib.nixosSystem ( + nixpkgs.lib.attrsets.recursiveUpdate attrs { + specialArgs = { + nodeFlake = self; + repoFlake = get-flake ../../../..; + inherit nodeName; + }; - modules = - [ - ./configuration.nix - ] - ++ extraModules; - } - ); - in { - nixosConfigurations = { - native = mkNixosConfiguration { - inherit system; + modules = [ ./configuration.nix ] ++ extraModules; + } + ); + in + { + nixosConfigurations = { + native = mkNixosConfiguration { inherit system; }; }; }; - }; } diff --git a/nix/os/devices/hydra.json b/nix/os/devices/hydra.json index 3723c24..a0204bc 100644 --- a/nix/os/devices/hydra.json +++ b/nix/os/devices/hydra.json @@ -1,16 +1,24 @@ { - "enabled": 1, - "hidden": false, - "description": "Jobsets", - "nixexprinput": "src", - "nixexprpath": "default.nix", - "checkinterval": 300, - "schedulingshares": 100, - "enableemail": false, - "emailoverride": "", - "keepnr": 3, - "inputs": { - "src": { "type": "git", "value": "git://github.com/shlevy/declarative-hydra-example.git", "emailresponsible": false }, - "nixpkgs": { "type": "git", "value": "git://github.com/NixOS/nixpkgs.git release-16.03", "emailresponsible": false } + "enabled": 1, + "hidden": false, + "description": "Jobsets", + "nixexprinput": "src", + "nixexprpath": "default.nix", + "checkinterval": 300, + "schedulingshares": 100, + "enableemail": false, + "emailoverride": "", + "keepnr": 3, + "inputs": { + "src": { + "type": "git", + "value": "git://github.com/shlevy/declarative-hydra-example.git", + "emailresponsible": false + }, + "nixpkgs": { + "type": "git", + "value": "git://github.com/NixOS/nixpkgs.git release-16.03", + "emailresponsible": false } + } } diff --git a/nix/os/devices/justyna-p300/boot.nix b/nix/os/devices/justyna-p300/boot.nix index 85006ed..9d6bbe7 100644 --- a/nix/os/devices/justyna-p300/boot.nix +++ b/nix/os/devices/justyna-p300/boot.nix @@ -1,4 +1,5 @@ -{lib, ...}: { +{ lib, ... }: +{ boot.loader.grub.efiInstallAsRemovable = lib.mkForce false; boot.loader.efi.canTouchEfiVariables = lib.mkForce false; boot.loader.grub.efiSupport = lib.mkForce false; diff --git a/nix/os/devices/justyna-p300/configuration.nix b/nix/os/devices/justyna-p300/configuration.nix index f2cb3f7..e636106 100644 --- a/nix/os/devices/justyna-p300/configuration.nix +++ b/nix/os/devices/justyna-p300/configuration.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ imports = [ ../../profiles/common/configuration.nix ../../profiles/graphical/configuration.nix diff --git a/nix/os/devices/justyna-p300/default.nix b/nix/os/devices/justyna-p300/default.nix index 907e60b..427ce7e 100644 --- a/nix/os/devices/justyna-p300/default.nix +++ b/nix/os/devices/justyna-p300/default.nix @@ -3,17 +3,17 @@ repoFlake, nodeFlake, ... -}: let +}: +let system = "x86_64-linux"; -in { +in +{ meta.nodeSpecialArgs.${nodeName} = { inherit repoFlake nodeName nodeFlake; packages' = repoFlake.packages.${system}; }; - meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { - inherit system; - }; + meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; }; ${nodeName} = { deployment.targetHost = nodeName; diff --git a/nix/os/devices/justyna-p300/flake.nix b/nix/os/devices/justyna-p300/flake.nix index 3e68abe..9b8b8ed 100644 --- a/nix/os/devices/justyna-p300/flake.nix +++ b/nix/os/devices/justyna-p300/flake.nix @@ -6,8 +6,8 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - inputs.disko.url = github:nix-community/disko; + inputs.disko.url = "github:nix-community/disko"; inputs.disko.inputs.nixpkgs.follows = "nixpkgs"; - outputs = _: {}; + outputs = _: { }; } diff --git a/nix/os/devices/justyna-p300/hw.nix b/nix/os/devices/justyna-p300/hw.nix index 0924dd2..b68e082 100644 --- a/nix/os/devices/justyna-p300/hw.nix +++ b/nix/os/devices/justyna-p300/hw.nix @@ -1,12 +1,6 @@ +{ nodeFlake, ... }: { - repoFlake, - nodeFlake, - lib, - ... -}: { - imports = [ - nodeFlake.inputs.disko.nixosModules.disko - ]; + imports = [ nodeFlake.inputs.disko.nixosModules.disko ]; disko.devices.disk.sda = { device = "/dev/sda"; @@ -20,7 +14,7 @@ start = "0"; end = "1M"; part-type = "primary"; - flags = ["bios_grub"]; + flags = [ "bios_grub" ]; } { name = "root"; @@ -30,14 +24,14 @@ bootable = true; content = { type = "btrfs"; - extraArgs = ["-f"]; # Override existing partition + extraArgs = [ "-f" ]; # Override existing partition subvolumes = { # Subvolume name is different from mountpoint "/rootfs" = { mountpoint = "/"; }; "/nix" = { - mountOptions = ["noatime"]; + mountOptions = [ "noatime" ]; }; }; }; diff --git a/nix/os/devices/justyna-p300/pkg.nix b/nix/os/devices/justyna-p300/pkg.nix index e780b7e..d23cfb0 100644 --- a/nix/os/devices/justyna-p300/pkg.nix +++ b/nix/os/devices/justyna-p300/pkg.nix @@ -3,7 +3,8 @@ lib, packages', ... -}: let +}: +let homeEnv = keyboard: { imports = [ ../../../home-manager/profiles/common.nix @@ -23,15 +24,19 @@ rustdesk ]; }; -in { - services.gnome = builtins.mapAttrs (attr: value: lib.mkForce value) { +in +{ + services.gnome = builtins.mapAttrs (_attr: value: lib.mkForce value) { gnome-remote-desktop.enable = true; }; - services.printing.drivers = lib.mkForce (with packages'; [ - dcpj4110dwDriver - dcpj4110dwCupswrapper - ]); + services.printing.drivers = lib.mkForce ( + with packages'; + [ + dcpj4110dwDriver + dcpj4110dwCupswrapper + ] + ); services.printing.extraConf = '' LogLevel debug @@ -39,31 +44,29 @@ in { home-manager.users.steveej = homeEnv { layout = "en"; - options = ["nodeadkey"]; + options = [ "nodeadkey" ]; variant = "altgr-intl"; }; home-manager.users.elias = homeEnv { layout = "de"; - options = []; + options = [ ]; variant = ""; }; home-manager.users.justyna = lib.attrsets.recursiveUpdate - (homeEnv { - layout = "de"; - options = []; - variant = ""; - }) - { - services.syncthing.enable = true; - services.syncthing.tray = true; + (homeEnv { + layout = "de"; + options = [ ]; + variant = ""; + }) + { + services.syncthing.enable = true; + services.syncthing.tray = true; - home.packages = with pkgs; [ - session-desktop - ]; - }; + home.packages = with pkgs; [ session-desktop ]; + }; system.stateVersion = "21.11"; } diff --git a/nix/os/devices/justyna-p300/system.nix b/nix/os/devices/justyna-p300/system.nix index 44c3db9..82a7b02 100644 --- a/nix/os/devices/justyna-p300/system.nix +++ b/nix/os/devices/justyna-p300/system.nix @@ -1,11 +1,8 @@ -{ - pkgs, - lib, - config, - ... -}: let +{ pkgs, lib, ... }: +let passwords = import ../../../variables/passwords.crypt.nix; -in { +in +{ networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ # iperf3 @@ -39,11 +36,13 @@ in { # udev.packages = [ pkgs.gnome3.gnome-settings-daemon ]; }; - security.pki.certificateFiles = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"]; + security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]; - services.xserver.videoDrivers = ["modesetting"]; + services.xserver.videoDrivers = [ "modesetting" ]; boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; - nix.gc = {automatic = true;}; + nix.gc = { + automatic = true; + }; } diff --git a/nix/os/devices/justyna-p300/user.nix b/nix/os/devices/justyna-p300/user.nix index 6d86c59..c4690cf 100644 --- a/nix/os/devices/justyna-p300/user.nix +++ b/nix/os/devices/justyna-p300/user.nix @@ -1,11 +1,9 @@ -{ - config, - pkgs, - ... -}: let +{ config, pkgs, ... }: +let keys = import ../../../variables/keys.nix; - inherit (pkgs.callPackage ../../lib/default.nix {}) mkUser; -in { + inherit (pkgs.callPackage ../../lib/default.nix { }) mkUser; +in +{ sops.secrets.sharedUsers-elias = { sopsFile = ../../../../secrets/shared-users.yaml; neededForUsers = true; diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 8507ade..7395600 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -9,33 +9,33 @@ localDomainName, system, ... -}: let - inherit - (nodeFlake.inputs) - nixos-nftables-firewall - nixos-sbc - ; +}: +let + inherit (nodeFlake.inputs) nixos-nftables-firewall nixos-sbc; vlanRangeStart = builtins.head vlanRange; vlanRangeEnd = builtins.elemAt vlanRange ((builtins.length vlanRange) - 1); vlanRange = builtins.map (vlanid: (lib.strings.toInt vlanid)) (builtins.attrNames vlans); - vlanRangeWith0 = [0] ++ vlanRange; + vlanRangeWith0 = [ 0 ] ++ vlanRange; - mkVlanIpv4HostAddr = { - vlanid, - host, - thirdIpv4SegmentMin ? 20, - cidr ? true, - }: let - # reserve the first subnet for vlanid == 0 - # number the other subnets continously from there - offset = - if vlanid == 0 - then thirdIpv4SegmentMin - else thirdIpv4SegmentMin + 1 - vlanRangeStart; - in - builtins.concatStringsSep "." - ["192" "168" (toString (vlanid + offset)) "${toString host}${lib.strings.optionalString cidr "/24"}"]; + mkVlanIpv4HostAddr = + { + vlanid, + host, + thirdIpv4SegmentMin ? 20, + cidr ? true, + }: + let + # reserve the first subnet for vlanid == 0 + # number the other subnets continously from there + offset = if vlanid == 0 then thirdIpv4SegmentMin else thirdIpv4SegmentMin + 1 - vlanRangeStart; + in + builtins.concatStringsSep "." [ + "192" + "168" + (toString (vlanid + offset)) + "${toString host}${lib.strings.optionalString cidr "/24"}" + ]; defaultVlan = { name = "${localDomainName}"; @@ -62,30 +62,25 @@ "15".packet_priority = -10; }; - vlansByName = - lib.attrsets.mapAttrs' - ( - vlanid': attrs: - lib.attrsets.nameValuePair - attrs.name - (attrs - // { - id = lib.strings.toInt vlanid'; - id' = vlanid'; - }) + vlansByName = lib.attrsets.mapAttrs' ( + vlanid': attrs: + lib.attrsets.nameValuePair attrs.name ( + attrs + // { + id = lib.strings.toInt vlanid'; + id' = vlanid'; + } ) - vlans; + ) vlans; - getVlanDomain = {vlanid}: - if vlanid == 0 - then defaultVlan.name - else vlans."${toString vlanid}".name + "." + defaultVlan.name; + getVlanDomain = + { vlanid }: + if vlanid == 0 then defaultVlan.name else vlans."${toString vlanid}".name + "." + defaultVlan.name; bridgeInterfaceName = "br-lan"; - mkInterfaceName = {vlanid}: - if vlanid == 0 - then bridgeInterfaceName - else "${bridgeInterfaceName}.${toString vlanid}"; + mkInterfaceName = + { vlanid }: + if vlanid == 0 then bridgeInterfaceName else "${bridgeInterfaceName}.${toString vlanid}"; dmzExposedHost = "sj-srv1"; dmzExposedHostDomain = "dmz.internal"; @@ -96,8 +91,10 @@ cidr = false; }; - dmzExposedHostMACaddr = repoFlake.nixosConfigurations.${dmzExposedHost}.config.systemd.network.netdevs."10-dmz0".netdevConfig.MACAddress; -in { + dmzExposedHostMACaddr = + repoFlake.nixosConfigurations.${dmzExposedHost}.config.systemd.network.netdevs."10-dmz0".netdevConfig.MACAddress; +in +{ imports = [ nixos-sbc.nixosModules.default nixos-sbc.nixosModules.boards.bananapi.bpir3 @@ -130,7 +127,7 @@ in { sops.secrets.passwords-root.neededForUsers = true; # sops.secrets.wlan0_saePasswordsFile = {}; - sops.secrets.wlan0_wpaPskFile = {}; + sops.secrets.wlan0_wpaPskFile = { }; } ]; @@ -193,13 +190,15 @@ in { chains = { prerouting = { "exposeHost" = { - after = ["hook"]; - rules = let - wanInterfaces = builtins.concatStringsSep ", " config.networking.nftables.firewall.zones.wan.interfaces; - in [ - "iifname { ${wanInterfaces} } tcp dport 220 redirect to 22" - "iifname { ${wanInterfaces} } dnat ip to ${dmzExposedHostIpv4}" - ]; + after = [ "hook" ]; + rules = + let + wanInterfaces = builtins.concatStringsSep ", " config.networking.nftables.firewall.zones.wan.interfaces; + in + [ + "iifname { ${wanInterfaces} } tcp dport 220 redirect to 22" + "iifname { ${wanInterfaces} } dnat ip to ${dmzExposedHostIpv4}" + ]; }; }; }; @@ -211,149 +210,157 @@ in { # snippets.nnf-conntrack.enable = true; zones = { - lan.interfaces = [(mkInterfaceName {vlanid = 0;})]; - vlan.interfaces = builtins.map (vlanid: (mkInterfaceName {inherit vlanid;})) vlanRange; + lan.interfaces = [ (mkInterfaceName { vlanid = 0; }) ]; + vlan.interfaces = builtins.map (vlanid: (mkInterfaceName { inherit vlanid; })) vlanRange; # lan.ipv4Addresses = ["192.168.0.0/16"]; - wan.interfaces = ["wan" "lan0"]; - vpn.interfaces = ["wg0" "wg1" "wg2"]; + wan.interfaces = [ + "wan" + "lan0" + ]; + vpn.interfaces = [ + "wg0" + "wg1" + "wg2" + ]; } // # generate a zone for each vlan - lib.attrsets.mapAttrs - (key: value: { - interfaces = [(mkInterfaceName {vlanid = value.id;})]; - }) - vlansByName; - rules = let - ipv6IcmpTypes = [ - "destination-unreachable" - "echo-reply" - "echo-request" - "packet-too-big" - "parameter-problem" - "time-exceeded" + lib.attrsets.mapAttrs (_key: value: { + interfaces = [ (mkInterfaceName { vlanid = value.id; }) ]; + }) vlansByName; + rules = + let + ipv6IcmpTypes = [ + "destination-unreachable" + "echo-reply" + "echo-request" + "packet-too-big" + "parameter-problem" + "time-exceeded" - # Without the nd-* ones ipv6 will not work. - "nd-neighbor-solicit" - "nd-router-advert" - "nd-neighbor-advert" - ]; - ipv4IcmpTypes = [ - "destination-unreachable" - "echo-reply" - "echo-request" - "source-quench" - "time-exceeded" - "router-advertisement" - ]; - allowIcmpLines = [ - "ip protocol icmp icmp type { ${builtins.concatStringsSep ", " ipv4IcmpTypes} } accept" - "ip6 nexthdr icmpv6 icmpv6 type { ${builtins.concatStringsSep ", " ipv6IcmpTypes} } accept" - ]; - in { - fw = { - from = ["fw"]; - verdict = "accept"; - }; - - office-to-dmz = { - from = ["office"]; - to = ["dmz"]; - verdict = "accept"; - }; - - lan-to-fw = { - from = ["lan"]; - to = ["fw" "lan"]; - verdict = "accept"; - }; - - lan-to-wan = { - from = ["lan"]; - to = ["wan"]; - verdict = "accept"; - }; - - vlan-to-wan = { - from = ["vlan"]; - to = ["wan"]; - verdict = "accept"; - }; - - vlan-to-fw = { - allowedUDPPortRanges = [ - { - from = 53; - to = 53; - } - { - from = 67; - to = 68; - } - { - from = 5201; - to = 5201; - } + # Without the nd-* ones ipv6 will not work. + "nd-neighbor-solicit" + "nd-router-advert" + "nd-neighbor-advert" ]; - allowedTCPPortRanges = [ - { - from = 22; - to = 22; - } - { - from = 53; - to = 53; - } - { - from = 5201; - to = 5201; - } + ipv4IcmpTypes = [ + "destination-unreachable" + "echo-reply" + "echo-request" + "source-quench" + "time-exceeded" + "router-advertisement" ]; - from = ["vlan"]; - to = ["fw"]; - extraLines = - allowIcmpLines - ++ [ - "drop" + allowIcmpLines = [ + "ip protocol icmp icmp type { ${builtins.concatStringsSep ", " ipv4IcmpTypes} } accept" + "ip6 nexthdr icmpv6 icmpv6 type { ${builtins.concatStringsSep ", " ipv6IcmpTypes} } accept" + ]; + in + { + fw = { + from = [ "fw" ]; + verdict = "accept"; + }; + + office-to-dmz = { + from = [ "office" ]; + to = [ "dmz" ]; + verdict = "accept"; + }; + + lan-to-fw = { + from = [ "lan" ]; + to = [ + "fw" + "lan" ]; - }; + verdict = "accept"; + }; - to-wan-nat = { - from = ["lan" "vlan"]; - to = ["wan"]; - masquerade = true; - verdict = "accept"; - }; + lan-to-wan = { + from = [ "lan" ]; + to = [ "wan" ]; + verdict = "accept"; + }; - wan-to-dmz = { - from = ["wan"]; - to = ["dmz"]; - verdict = "accept"; - }; + vlan-to-wan = { + from = [ "vlan" ]; + to = [ "wan" ]; + verdict = "accept"; + }; - wan-to-fw = { - from = ["wan"]; - to = ["fw"]; - allowedTCPPortRanges = [ - { - from = 22; - to = 22; - } - ]; - extraLines = - allowIcmpLines - ++ [ - "drop" + vlan-to-fw = { + allowedUDPPortRanges = [ + { + from = 53; + to = 53; + } + { + from = 67; + to = 68; + } + { + from = 5201; + to = 5201; + } ]; - }; + allowedTCPPortRanges = [ + { + from = 22; + to = 22; + } + { + from = 53; + to = 53; + } + { + from = 5201; + to = 5201; + } + ]; + from = [ "vlan" ]; + to = [ "fw" ]; + extraLines = allowIcmpLines ++ [ "drop" ]; + }; - to-vpn-nat = { - from = ["lan" "vlan"]; - to = ["vpn"]; - masquerade = false; - verdict = "accept"; + to-wan-nat = { + from = [ + "lan" + "vlan" + ]; + to = [ "wan" ]; + masquerade = true; + verdict = "accept"; + }; + + wan-to-dmz = { + from = [ "wan" ]; + to = [ "dmz" ]; + verdict = "accept"; + }; + + wan-to-fw = { + from = [ "wan" ]; + to = [ "fw" ]; + allowedTCPPortRanges = [ + { + from = 22; + to = 22; + } + ]; + extraLines = allowIcmpLines ++ [ "drop" ]; + }; + + to-vpn-nat = { + from = [ + "lan" + "vlan" + ]; + to = [ "vpn" ]; + masquerade = false; + verdict = "accept"; + }; }; - }; }; }; }; @@ -377,49 +384,14 @@ in { systemd.network = { wait-online.anyInterface = true; - netdevs = let - router0-ifog_wg0Endpoint = "${repoFlake.colmena.router0-ifog.deployment.targetHost}:${ - builtins.toString - repoFlake - .nixosConfigurations - .router0-ifog - .config - .systemd - .network - .netdevs - .wg0 - .wireguardConfig - .ListenPort - }"; + netdevs = + let + router0-ifog_wg0Endpoint = "${repoFlake.colmena.router0-ifog.deployment.targetHost}:${builtins.toString repoFlake.nixosConfigurations.router0-ifog.config.systemd.network.netdevs.wg0.wireguardConfig.ListenPort}"; - router0-ifog_wg1Endpoint = "${repoFlake.colmena.router0-ifog.deployment.targetHost}:${ - builtins.toString - repoFlake - .nixosConfigurations - .router0-ifog - .config - .systemd - .network - .netdevs - .wg1 - .wireguardConfig - .ListenPort - }"; + router0-ifog_wg1Endpoint = "${repoFlake.colmena.router0-ifog.deployment.targetHost}:${builtins.toString repoFlake.nixosConfigurations.router0-ifog.config.systemd.network.netdevs.wg1.wireguardConfig.ListenPort}"; - router0-hosthatch_wg0Endpoint = "${repoFlake.colmena.router0-hosthatch.deployment.targetHost}:${ - builtins.toString - repoFlake - .nixosConfigurations - .router0-hosthatch - .config - .systemd - .network - .netdevs - .wg0 - .wireguardConfig - .ListenPort - }"; - in + router0-hosthatch_wg0Endpoint = "${repoFlake.colmena.router0-hosthatch.deployment.targetHost}:${builtins.toString repoFlake.nixosConfigurations.router0-hosthatch.config.systemd.network.netdevs.wg0.wireguardConfig.ListenPort}"; + in { # Create the bridge interface "20-${bridgeInterfaceName}" = { @@ -536,75 +508,71 @@ in { }; } # generate the vlan devices. these will be tagged on the main bridge - // builtins.foldl' - (acc: cur: acc // cur) - {} - ( + // builtins.foldl' (acc: cur: acc // cur) { } ( builtins.map - ({ - vlanid, - vlanid', - }: { - "20-${mkInterfaceName {inherit vlanid;}}" = { - netdevConfig = { - Kind = "vlan"; - Name = "${mkInterfaceName {inherit vlanid;}}"; - }; - vlanConfig.Id = vlanid; - }; - }) - ( - builtins.map - (vlanid: { - inherit vlanid; - vlanid' = builtins.toString vlanid; - }) - vlanRange - ) + ( + { vlanid, vlanid' }: + { + "20-${mkInterfaceName { inherit vlanid; }}" = { + netdevConfig = { + Kind = "vlan"; + Name = "${mkInterfaceName { inherit vlanid; }}"; + }; + vlanConfig.Id = vlanid; + }; + } + ) + ( + builtins.map (vlanid: { + inherit vlanid; + vlanid' = builtins.toString vlanid; + }) vlanRange + ) ); - networks = let - commonWanOptions = { - networkConfig = { - # start a DHCP Client for IPv4/6 Addressing/Routing - DHCP = true; - DNSOverTLS = true; - DNSSEC = true; - IPForward = true; + networks = + let + commonWanOptions = { + networkConfig = { + # start a DHCP Client for IPv4/6 Addressing/Routing + DHCP = true; + DNSOverTLS = true; + DNSSEC = true; + IPForward = true; - # accept Router Advertisements for Stateless IPv6 Autoconfiguraton (SLAAC) - IPv6AcceptRA = true; - IPv6PrivacyExtensions = false; - DHCPPrefixDelegation = true; - }; - dhcpV4Config = { - UseDNS = false; - UseDomains = false; - UseHostname = false; - }; - dhcpV6Config = { - UseDNS = false; - UseDomains = false; - UseHostname = false; - PrefixDelegationHint = "::/56"; - UseDelegatedPrefix = true; - WithoutRA = "solicit"; - }; - ipv6AcceptRAConfig = { - UseDNS = false; - UseDomains = false; - }; + # accept Router Advertisements for Stateless IPv6 Autoconfiguraton (SLAAC) + IPv6AcceptRA = true; + IPv6PrivacyExtensions = false; + DHCPPrefixDelegation = true; + }; + dhcpV4Config = { + UseDNS = false; + UseDomains = false; + UseHostname = false; + }; + dhcpV6Config = { + UseDNS = false; + UseDomains = false; + UseHostname = false; + PrefixDelegationHint = "::/56"; + UseDelegatedPrefix = true; + WithoutRA = "solicit"; + }; + ipv6AcceptRAConfig = { + UseDNS = false; + UseDomains = false; + }; - # TODO: enable these somehow - # extraConfig = '' - # [IPv6AcceptRA] - # # FIXME: supported in nixos-24.11 - # DHCPv6Client=solicit + # TODO: enable these somehow + # extraConfig = '' + # [IPv6AcceptRA] + # # FIXME: supported in nixos-24.11 + # DHCPv6Client=solicit - # # FIXME: not supported at all yet - # UsePREF64=true - # ''; - }; - in + # # FIXME: not supported at all yet + # UsePREF64=true + # ''; + }; + in { # places options here that should always exist "lo" = { @@ -771,7 +739,7 @@ in { # Configure the bridge for its desired function "40-${bridgeInterfaceName}" = { matchConfig.Name = bridgeInterfaceName; - bridgeConfig = {}; + bridgeConfig = { }; address = [ (mkVlanIpv4HostAddr { vlanid = 0; @@ -793,19 +761,13 @@ in { } ]; - vlan = ( - builtins.map - (vlanid: (mkInterfaceName {inherit vlanid;})) - vlanRange - ); + vlan = builtins.map (vlanid: (mkInterfaceName { inherit vlanid; })) vlanRange; }; "50-wg0" = { enable = true; matchConfig.Name = "wg0"; - address = [ - "10.0.0.1/31" - ]; + address = [ "10.0.0.1/31" ]; routes = [ # { @@ -820,9 +782,7 @@ in { "50-wg1" = { enable = true; matchConfig.Name = "wg1"; - address = [ - "10.0.0.3/31" - ]; + address = [ "10.0.0.3/31" ]; routes = [ # { # routeConfig = { @@ -836,9 +796,7 @@ in { "50-wg2" = { enable = true; matchConfig.Name = "wg2"; - address = [ - "10.0.1.1/31" - ]; + address = [ "10.0.1.1/31" ]; routes = [ # TODO: add a testing route here @@ -849,280 +807,278 @@ in { # * netdev type vlan # * host address for vlan # * vlan config for wlan interface - // builtins.foldl' - (acc: cur: acc // cur) - {} - (builtins.map - ({ - vlanid, - vlanid', - }: { - # configure the tagged vlan device with an address and vlan filtering. - # dnsmasq is configured to serve the respective /24 range on each tagged device. - # this device only receives traffic for the given vlanid and sends tagged traffic to the bridge. - "41-${mkInterfaceName {inherit vlanid;}}" = { - matchConfig.Name = "${mkInterfaceName {inherit vlanid;}}"; - address = [ - (mkVlanIpv4HostAddr { - inherit vlanid; - host = 1; - }) - ]; - networkConfig = { - ConfigureWithoutCarrier = true; + // builtins.foldl' (acc: cur: acc // cur) { } ( + builtins.map + ( + { vlanid, vlanid' }: + { + # configure the tagged vlan device with an address and vlan filtering. + # dnsmasq is configured to serve the respective /24 range on each tagged device. + # this device only receives traffic for the given vlanid and sends tagged traffic to the bridge. + "41-${mkInterfaceName { inherit vlanid; }}" = { + matchConfig.Name = "${mkInterfaceName { inherit vlanid; }}"; + address = [ + (mkVlanIpv4HostAddr { + inherit vlanid; + host = 1; + }) + ]; + networkConfig = { + ConfigureWithoutCarrier = true; - # the client shouldn't be allowed to send us RAs, that would be weird. - IPv6AcceptRA = false; + # the client shouldn't be allowed to send us RAs, that would be weird. + IPv6AcceptRA = false; - DHCPPrefixDelegation = true; - IPv6SendRA = true; - }; - - dhcpPrefixDelegationConfig = { - UplinkInterface = "wan"; - Assign = true; - SubnetId = vlanid; - Announce = true; - }; - - linkConfig.RequiredForOnline = "no"; - linkConfig.ActivationPolicy = "always-up"; - - bridgeVLANs = [ - { - bridgeVLANConfig = { - VLAN = vlanid; + DHCPPrefixDelegation = true; + IPv6SendRA = true; }; - } - ]; - }; - # configure the wlan interface as a bridge member that - # * only gets traffic for vid 15 - # * untags traffic after receiving it - # * tags traffic that comes out of it - "41-wlan0.${vlanid'}" = { - matchConfig.Name = "wlan0.${vlanid'}"; - networkConfig = { - Bridge = bridgeInterfaceName; - ConfigureWithoutCarrier = true; - }; - - linkConfig.RequiredForOnline = "no"; - - bridgeVLANs = [ - { - bridgeVLANConfig = { - VLAN = vlanid; - PVID = vlanid; - EgressUntagged = vlanid; + dhcpPrefixDelegationConfig = { + UplinkInterface = "wan"; + Assign = true; + SubnetId = vlanid; + Announce = true; }; - } - ]; - }; - # "50-${mkInterfaceName {inherit vlanid;}}" = { - # matchConfig.Name = "${mkInterfaceName {inherit vlanid;}}"; - # address = [ - # (mkVlanIpv4HostAddr { - # inherit vlanid; - # host = 1; - # }) - # ]; - # networkConfig = { - # ConfigureWithoutCarrier = true; - # }; - # linkConfig.RequiredForOnline = "no"; - # }; - }) - ( - builtins.map - (vlanid: { - inherit vlanid; - vlanid' = builtins.toString vlanid; - }) - vlanRange - )); + linkConfig.RequiredForOnline = "no"; + linkConfig.ActivationPolicy = "always-up"; + + bridgeVLANs = [ + { + bridgeVLANConfig = { + VLAN = vlanid; + }; + } + ]; + }; + + # configure the wlan interface as a bridge member that + # * only gets traffic for vid 15 + # * untags traffic after receiving it + # * tags traffic that comes out of it + "41-wlan0.${vlanid'}" = { + matchConfig.Name = "wlan0.${vlanid'}"; + networkConfig = { + Bridge = bridgeInterfaceName; + ConfigureWithoutCarrier = true; + }; + + linkConfig.RequiredForOnline = "no"; + + bridgeVLANs = [ + { + bridgeVLANConfig = { + VLAN = vlanid; + PVID = vlanid; + EgressUntagged = vlanid; + }; + } + ]; + }; + + # "50-${mkInterfaceName {inherit vlanid;}}" = { + # matchConfig.Name = "${mkInterfaceName {inherit vlanid;}}"; + # address = [ + # (mkVlanIpv4HostAddr { + # inherit vlanid; + # host = 1; + # }) + # ]; + # networkConfig = { + # ConfigureWithoutCarrier = true; + # }; + # linkConfig.RequiredForOnline = "no"; + # }; + } + ) + ( + builtins.map (vlanid: { + inherit vlanid; + vlanid' = builtins.toString vlanid; + }) vlanRange + ) + ); }; # wireless access point services.hostapd = { enable = true; # package = nodeFlake.packages.${system}.hostapd_patched; - radios = let - # generated with https://miniwebtool.com/mac-address-generator/ - mkBssid = i: "34:56:ce:0f:ed:4${toString i}"; - in { - wlan0 = { - band = "2g"; - # FIXME: apparently setting this could cause bugs, testing disabling it for a while. - # countryCode = "CH"; - channel = 0; # 0 would mean Automatic Channel Selection + radios = + let + # generated with https://miniwebtool.com/mac-address-generator/ + mkBssid = i: "34:56:ce:0f:ed:4${toString i}"; + in + { + wlan0 = { + band = "2g"; + # FIXME: apparently setting this could cause bugs, testing disabling it for a while. + # countryCode = "CH"; + channel = 0; # 0 would mean Automatic Channel Selection - settings = { - # TODO: this would be faster but x13s on windows can't connect when it's enabled. - # ieee80211n = 1; + settings = { + # TODO: this would be faster but x13s on windows can't connect when it's enabled. + # ieee80211n = 1; - # Exclude DFS channels from ACS - # This option can be used to exclude all DFS channels from the ACS channel list - # in cases where the driver supports DFS channels. - acs_exclude_dfs = 0; - }; + # Exclude DFS channels from ACS + # This option can be used to exclude all DFS channels from the ACS channel list + # in cases where the driver supports DFS channels. + acs_exclude_dfs = 0; + }; - # use 'iw phy#1 info' to determine your VHT capabilities - wifi4 = { - enable = true; - require = false; - capabilities = [ - "HT20" - "HT40+" - "LDPC" - "SHORT-GI-20" - "SHORT-GI-40" - "TX-STBC" - "RX-STBC1" - "MAX-AMSDU-7935" + # use 'iw phy#1 info' to determine your VHT capabilities + wifi4 = { + enable = true; + require = false; + capabilities = [ + "HT20" + "HT40+" + "LDPC" + "SHORT-GI-20" + "SHORT-GI-40" + "TX-STBC" + "RX-STBC1" + "MAX-AMSDU-7935" - "40-INTOLERANT" + "40-INTOLERANT" - # not supported by BPI-R3 module - # "DELAYED-BA" - # "DSSS_CCK-40" - ]; - }; + # not supported by BPI-R3 module + # "DELAYED-BA" + # "DSSS_CCK-40" + ]; + }; - wifi5 = { - enable = false; - require = false; - }; + wifi5 = { + enable = false; + require = false; + }; - wifi6 = { - enable = false; - require = false; - }; + wifi6 = { + enable = false; + require = false; + }; - networks = { - wlan0 = let - iface = "wlan0"; - in { - ssid = "mlsia"; - bssid = mkBssid 0; - - # enables debug logging - logLevel = 0; - - authentication.mode = - "wpa2-sha256" - # "wpa3-sae-transition" - # "wpa3-sae" - ; - - authentication.wpaPskFile = config.sops.secrets."${iface}_wpaPskFile".path; - - # TODO: unfortunately SAE passwords don't work per VLAN like PSKs do - # authentication.saePasswordsFile = config.sops.secrets."${iface}_saePasswordsFile".path; - - # see https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf for reference - settings = { - # disable syslog because it duplicates stdout - logger_syslog = lib.mkForce 0; - - # bridge = bridgeInterfaceName; - - # wpa_psk_file = config.sops.secrets.wlan0_wpaPskFile.path; - # not yet supported on hostapd 2.10 - # sae_password_file = config.sops.secrets.wlan0_saePasswordsFile.path; - - # resources on vlan tagging - # https://wireless.wiki.kernel.org/en/users/Documentation/hostapd#dynamic_vlan_tagging - # https://forum.openwrt.org/t/individual-per-passphrase-wifi-vlans-using-wpa-psk-file-no-radius-required/161696/4 - - dynamic_vlan = 1; - # this option currently requires a patch to hostapd - vlan_no_bridge = 1; - - /* - not used due to the above vlan_no_bridge setting - vlan_tagged_interface = bridgeInterfaceName; - vlan_naming = 1; - vlan_bridge = "br-${iface}."; - */ - - vlan_file = let - generated = - builtins.map - ( - vlanid: "${builtins.toString vlanid} ${iface}.${builtins.toString vlanid}" - ) - vlanRange; - - wildcard = [ - # Optional wildcard entry matching all VLAN IDs. The first # in the interface - # name will be replaced with the VLAN ID. The network interfaces are created - # (and removed) dynamically based on the use. - # see https://w1.fi/cgit/hostap/tree/hostapd/hostapd.vlan - "* ${iface}.#" - ]; - - file = - pkgs.writeText "hostapd.vlan" - (builtins.concatStringsSep "\n" (generated ++ wildcard)); - filePath = toString file; + networks = { + wlan0 = + let + iface = "wlan0"; in - filePath; + { + ssid = "mlsia"; + bssid = mkBssid 0; - wpa_key_mgmt = lib.mkForce (builtins.concatStringsSep " " [ - "WPA-PSK" + # enables debug logging + logLevel = 0; - # TODO: the printer can't connect when this is on - # "WPA-PSK-SHA256" + authentication.mode = "wpa2-sha256" + # "wpa3-sae-transition" + # "wpa3-sae" + ; - # unfortunately SAE doesn't support VLAN passwords in the way i'd like to use them - # "SAE" - ]); + authentication.wpaPskFile = config.sops.secrets."${iface}_wpaPskFile".path; - # wpa_psk_radius = 0; - wpa_pairwise = "CCMP"; - wmm_enabled = 1; + # TODO: unfortunately SAE passwords don't work per VLAN like PSKs do + # authentication.saePasswordsFile = config.sops.secrets."${iface}_saePasswordsFile".path; - # IEEE 802.11i (authentication) related configuration - # Encrypt management frames to protect against deauthentication and similar attacks. - # 0 := disabled; 1 := optional; 2 := required - ieee80211w = 1; - # sae_require_mfp = 1; - # sae_groups = "19 20 21"; + # see https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf for reference + settings = { + # disable syslog because it duplicates stdout + logger_syslog = lib.mkForce 0; - # [ENABLE-TLSv1.3] = enable TLSv1.3 (experimental - disabled by default) - tls_flags = "[ENABLE-TLSv1.3]"; + # bridge = bridgeInterfaceName; - # TODO: debugging for wifi drops happens below here - # Require IEEE 802.1X authorization - ieee8021x = 0; + # wpa_psk_file = config.sops.secrets.wlan0_wpaPskFile.path; + # not yet supported on hostapd 2.10 + # sae_password_file = config.sops.secrets.wlan0_saePasswordsFile.path; - # Optionally, hostapd can be configured to use an integrated EAP server - # to process EAP authentication locally without need for an external RADIUS - # server. This functionality can be used both as a local authentication server - # for IEEE 802.1X/EAPOL and as a RADIUS server for other devices. + # resources on vlan tagging + # https://wireless.wiki.kernel.org/en/users/Documentation/hostapd#dynamic_vlan_tagging + # https://forum.openwrt.org/t/individual-per-passphrase-wifi-vlans-using-wpa-psk-file-no-radius-required/161696/4 - # Use integrated EAP server instead of external RADIUS authentication - # server. This is also needed if hostapd is configured to act as a RADIUS - # authentication server. - eap_server = 0; + dynamic_vlan = 1; + # this option currently requires a patch to hostapd + vlan_no_bridge = 1; - # Disassociate stations based on excessive transmission failures or other - # indications of connection loss. This depends on the driver capabilities and - # may not be available with all drivers. - disassoc_low_ack = 0; + /* + not used due to the above vlan_no_bridge setting + vlan_tagged_interface = bridgeInterfaceName; + vlan_naming = 1; + vlan_bridge = "br-${iface}."; + */ - skip_inactivity_poll = 1; + vlan_file = + let + generated = builtins.map ( + vlanid: "${builtins.toString vlanid} ${iface}.${builtins.toString vlanid}" + ) vlanRange; - # TODO: check if this is required. multicast can be more efficient so it'd be nice to disable this. - multicast_to_unicast = 0; - }; + wildcard = [ + # Optional wildcard entry matching all VLAN IDs. The first # in the interface + # name will be replaced with the VLAN ID. The network interfaces are created + # (and removed) dynamically based on the use. + # see https://w1.fi/cgit/hostap/tree/hostapd/hostapd.vlan + "* ${iface}.#" + ]; + + file = pkgs.writeText "hostapd.vlan" (builtins.concatStringsSep "\n" (generated ++ wildcard)); + filePath = toString file; + in + filePath; + + wpa_key_mgmt = lib.mkForce ( + builtins.concatStringsSep " " [ + "WPA-PSK" + + # TODO: the printer can't connect when this is on + # "WPA-PSK-SHA256" + + # unfortunately SAE doesn't support VLAN passwords in the way i'd like to use them + # "SAE" + ] + ); + + # wpa_psk_radius = 0; + wpa_pairwise = "CCMP"; + wmm_enabled = 1; + + # IEEE 802.11i (authentication) related configuration + # Encrypt management frames to protect against deauthentication and similar attacks. + # 0 := disabled; 1 := optional; 2 := required + ieee80211w = 1; + # sae_require_mfp = 1; + # sae_groups = "19 20 21"; + + # [ENABLE-TLSv1.3] = enable TLSv1.3 (experimental - disabled by default) + tls_flags = "[ENABLE-TLSv1.3]"; + + # TODO: debugging for wifi drops happens below here + # Require IEEE 802.1X authorization + ieee8021x = 0; + + # Optionally, hostapd can be configured to use an integrated EAP server + # to process EAP authentication locally without need for an external RADIUS + # server. This functionality can be used both as a local authentication server + # for IEEE 802.1X/EAPOL and as a RADIUS server for other devices. + + # Use integrated EAP server instead of external RADIUS authentication + # server. This is also needed if hostapd is configured to act as a RADIUS + # authentication server. + eap_server = 0; + + # Disassociate stations based on excessive transmission failures or other + # indications of connection loss. This depends on the driver capabilities and + # may not be available with all drivers. + disassoc_low_ack = 0; + + skip_inactivity_poll = 1; + + # TODO: check if this is required. multicast can be more efficient so it'd be nice to disable this. + multicast_to_unicast = 0; + }; + }; }; }; }; - }; }; services.resolved.enable = false; @@ -1150,38 +1106,35 @@ in { # v6 config enable-ra = true; - dhcp-range = let - mkDhcpRange = { - tag, - vlanid, - }: - builtins.concatStringsSep "," [ - tag - (mkVlanIpv4HostAddr { - inherit vlanid; - host = 100; - cidr = false; - }) - (mkVlanIpv4HostAddr { - inherit vlanid; - host = 199; - cidr = false; - }) - "12h" - # "slaac" - # "ra-stateless" - # "ra-names" - ]; - in - builtins.map - ( + dhcp-range = + let + mkDhcpRange = + { tag, vlanid }: + builtins.concatStringsSep "," [ + tag + (mkVlanIpv4HostAddr { + inherit vlanid; + host = 100; + cidr = false; + }) + (mkVlanIpv4HostAddr { + inherit vlanid; + host = 199; + cidr = false; + }) + "12h" + # "slaac" + # "ra-stateless" + # "ra-names" + ]; + in + builtins.map ( vlanid: - mkDhcpRange { - tag = mkInterfaceName {inherit vlanid;}; - inherit vlanid; - } - ) - vlanRangeWith0; + mkDhcpRange { + tag = mkInterfaceName { inherit vlanid; }; + inherit vlanid; + } + ) vlanRangeWith0; dhcp-host = builtins.concatStringsSep "," [ dmzExposedHostMACaddr @@ -1211,39 +1164,33 @@ in { ]; domain = - [ - "/${getVlanDomain {vlanid = 0;}}/,local" - ] - ++ builtins.map - ( - vlanid: "${getVlanDomain {inherit vlanid;}},${mkVlanIpv4HostAddr { - inherit vlanid; - host = 0; - cidr = true; - }},local" - ) - vlanRangeWith0; + [ "/${getVlanDomain { vlanid = 0; }}/,local" ] + ++ builtins.map ( + vlanid: + "${getVlanDomain { inherit vlanid; }},${ + mkVlanIpv4HostAddr { + inherit vlanid; + host = 0; + cidr = true; + } + },local" + ) vlanRangeWith0; # TODO: compare this to using `interface-name` - dynamic-host = - [ + dynamic-host = builtins.map ( + vlanid: + builtins.concatStringsSep "," [ + # "${getVlanDomain{inherit vlanid;}}" "0.0.0.1" (mkInterfaceName {inherit vlanid;}) + "${nodeName}.${getVlanDomain { inherit vlanid; }}" + "0.0.0.1" + (mkInterfaceName { inherit vlanid; }) ] - ++ builtins.map - ( - vlanid: - builtins.concatStringsSep "," [ - # "${getVlanDomain{inherit vlanid;}}" "0.0.0.1" (mkInterfaceName {inherit vlanid;}) - "${nodeName}.${getVlanDomain {inherit vlanid;}}" - "0.0.0.1" - (mkInterfaceName {inherit vlanid;}) - ] - ) - vlanRangeWith0; + ) vlanRangeWith0; - dhcp-option-force = - builtins.map - (vlanid: "${mkInterfaceName {inherit vlanid;}},option:domain-search,${getVlanDomain {inherit vlanid;}}") - vlanRangeWith0; + dhcp-option-force = builtins.map ( + vlanid: + "${mkInterfaceName { inherit vlanid; }},option:domain-search,${getVlanDomain { inherit vlanid; }}" + ) vlanRangeWith0; # auth-server = [ # (builtins.concatStringsSep "," [ diff --git a/nix/os/devices/router0-dmz0/default.nix b/nix/os/devices/router0-dmz0/default.nix index 9dd8d5e..a0520dc 100644 --- a/nix/os/devices/router0-dmz0/default.nix +++ b/nix/os/devices/router0-dmz0/default.nix @@ -5,25 +5,24 @@ nodeFlake, localDomainName ? "internal", ... -}: { +}: +{ meta.nodeSpecialArgs.${nodeName} = { - inherit repoFlake nodeName nodeFlake system; + inherit + repoFlake + nodeName + nodeFlake + system + ; packages' = repoFlake.packages.${system}; nodePackages' = nodeFlake.packages.${system}; - inherit - (nodeFlake.inputs.bpir3.packages.${system}) - armTrustedFirmwareMT7986 - ; + inherit (nodeFlake.inputs.bpir3.packages.${system}) armTrustedFirmwareMT7986; inherit localDomainName; }; - meta.nodeNixpkgs.${nodeName} = - import nodeFlake.inputs.nixpkgs.outPath - { - inherit system; - }; + meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; }; ${nodeName} = { deployment.targetHost = "${nodeName}.${localDomainName}"; diff --git a/nix/os/devices/router0-dmz0/flake.nix b/nix/os/devices/router0-dmz0/flake.nix index 41f2f35..fc8504b 100644 --- a/nix/os/devices/router0-dmz0/flake.nix +++ b/nix/os/devices/router0-dmz0/flake.nix @@ -18,8 +18,8 @@ # "github:steveej-forks/nakato_nixos-sbc/kernel-6.9_and_cross-compile" # "github:steveej-forks/nakato_nixos-sbc/kernel-6.10_and_cross-compile" "github:steveej-forks/nakato_nixos-sbc/kernel-6.10_and_cross-compile_mtkbump" - # "git+file:///home/steveej/src/others/nakato_nixos-sbc/" - ; + # "git+file:///home/steveej/src/others/nakato_nixos-sbc/" + ; nixos-sbc.inputs.nixpkgs.follows = "nixpkgs"; nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall"; @@ -39,43 +39,34 @@ # }; }; - outputs = { - self, - get-flake, - nixpkgs, - nixos-sbc, - ... - }: let - nativeSystem = "aarch64-linux"; - nodeName = "router0-dmz0"; + outputs = + { + self, + get-flake, + nixpkgs, + ... + }: + let + nativeSystem = "aarch64-linux"; + nodeName = "router0-dmz0"; - pkgs = nixpkgs.legacyPackages.${nativeSystem}; - pkgsCross = import self.inputs.nixpkgs { - system = "x86_64-linux"; - crossSystem = { - config = "aarch64-unknown-linux-gnu"; - }; - }; - - mkNixosConfiguration = {extraModules ? [], ...} @ attrs: - nixpkgs.lib.nixosSystem ( - nixpkgs.lib.attrsets.recursiveUpdate - attrs + mkNixosConfiguration = { - specialArgs = - (import ./default.nix { - system = nativeSystem; - inherit nodeName; + extraModules ? [ ], + ... + }@attrs: + nixpkgs.lib.nixosSystem ( + nixpkgs.lib.attrsets.recursiveUpdate attrs { + specialArgs = + (import ./default.nix { + system = nativeSystem; + inherit nodeName; - repoFlake = get-flake ../../../..; - nodeFlake = self; - }) - .meta - .nodeSpecialArgs - .${nodeName}; + repoFlake = get-flake ../../../..; + nodeFlake = self; + }).meta.nodeSpecialArgs.${nodeName}; - modules = - [ + modules = [ ./configuration.nix # flake registry @@ -83,34 +74,30 @@ nixpkgs.overlays = builtins.attrValues self.overlays; nix.registry.nixpkgs.flake = nixpkgs; } - ] - ++ extraModules; - } - ); - in { - nixosConfigurations = { - native = mkNixosConfiguration { - system = nativeSystem; - }; - - cross = mkNixosConfiguration { - extraModules = [ - { - nixpkgs.buildPlatform.system = "x86_64-linux"; - nixpkgs.hostPlatform.system = nativeSystem; + ] ++ extraModules; } - ]; - }; - }; + ); + in + { + nixosConfigurations = { + native = mkNixosConfiguration { system = nativeSystem; }; - overlays.default = final: previous: { - hostapd = previous.hostapd.overrideDerivation (attrs: { - patches = - attrs.patches - ++ [ + cross = mkNixosConfiguration { + extraModules = [ + { + nixpkgs.buildPlatform.system = "x86_64-linux"; + nixpkgs.hostPlatform.system = nativeSystem; + } + ]; + }; + }; + + overlays.default = _final: previous: { + hostapd = previous.hostapd.overrideDerivation (attrs: { + patches = attrs.patches ++ [ "${self.inputs.openwrt}/package/network/services/hostapd/patches/710-vlan_no_bridge.patch" ]; - }); + }); + }; }; - }; } diff --git a/nix/os/devices/router0-hosthatch/configuration.nix b/nix/os/devices/router0-hosthatch/configuration.nix index b6b2146..af02b3d 100644 --- a/nix/os/devices/router0-hosthatch/configuration.nix +++ b/nix/os/devices/router0-hosthatch/configuration.nix @@ -5,11 +5,11 @@ config, nodeFlake, nodeName, - localDomainName, system, variables, ... -}: { +}: +{ system.stateVersion = "24.05"; imports = [ @@ -48,7 +48,7 @@ boot.loader.grub.efiSupport = false; # forcing seems required or else there's an error about duplicated devices - boot.loader.grub.devices = lib.mkForce ["/dev/vda"]; + boot.loader.grub.devices = lib.mkForce [ "/dev/vda" ]; disko.devices.disk.vda = { device = "/dev/vda"; @@ -64,14 +64,14 @@ size = "100%"; content = { type = "btrfs"; - extraArgs = ["-f"]; # Override existing partition + extraArgs = [ "-f" ]; # Override existing partition subvolumes = { # Subvolume name is different from mountpoint "/rootfs" = { mountpoint = "/"; }; "/nix" = { - mountOptions = ["noatime"]; + mountOptions = [ "noatime" ]; mountpoint = "/nix"; }; "/boot" = { @@ -156,9 +156,7 @@ interface = "eth0"; address = variables.ipv4gateway; }; - nameservers = [ - variables.ipv4dns - ]; + nameservers = [ variables.ipv4dns ]; # these will be configured via nftables nat.enable = lib.mkForce false; @@ -176,17 +174,20 @@ snippets.nnf-common.enable = true; zones.wan = { - interfaces = ["eth0"]; + interfaces = [ "eth0" ]; }; zones.vpn = { - interfaces = ["wg0" "wg1"]; + interfaces = [ + "wg0" + "wg1" + ]; }; rules = { to-fw = { from = "all"; - to = ["fw"]; + to = [ "fw" ]; verdict = "drop"; allowedTCPPorts = [ @@ -202,8 +203,8 @@ }; vpn-to-wan-nat = { - from = ["vpn"]; - to = ["wan"]; + from = [ "vpn" ]; + to = [ "wan" ]; masquerade = true; verdict = "accept"; }; @@ -283,9 +284,7 @@ systemd.network.networks.wg0 = { enable = true; matchConfig.Name = "wg0"; - address = [ - "10.0.1.0/31" - ]; + address = [ "10.0.1.0/31" ]; routes = [ { @@ -299,9 +298,7 @@ systemd.network.networks.wg1 = { enable = true; matchConfig.Name = "wg1"; - address = [ - "10.0.1.2/31" - ]; + address = [ "10.0.1.2/31" ]; routes = [ { diff --git a/nix/os/devices/router0-hosthatch/default.nix b/nix/os/devices/router0-hosthatch/default.nix index 202e206..fd2c485 100644 --- a/nix/os/devices/router0-hosthatch/default.nix +++ b/nix/os/devices/router0-hosthatch/default.nix @@ -4,20 +4,24 @@ repoFlake, nodeFlake, ... -}: let +}: +let variables = import ./variables.crypt.nix; -in { +in +{ meta.nodeSpecialArgs.${nodeName} = { - inherit repoFlake nodeName nodeFlake system variables; + inherit + repoFlake + nodeName + nodeFlake + system + variables + ; packages' = repoFlake.packages.${system}; nodePackages' = nodeFlake.packages.${system}; }; - meta.nodeNixpkgs.${nodeName} = - import nodeFlake.inputs.nixpkgs.outPath - { - inherit system; - }; + meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; }; ${nodeName} = { deployment.targetHost = variables.ipv4; diff --git a/nix/os/devices/router0-hosthatch/flake.nix b/nix/os/devices/router0-hosthatch/flake.nix index 6e7501b..3057b9a 100644 --- a/nix/os/devices/router0-hosthatch/flake.nix +++ b/nix/os/devices/router0-hosthatch/flake.nix @@ -15,5 +15,5 @@ nixos-nftables-firewall.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = _: {}; + outputs = _: { }; } diff --git a/nix/os/devices/router0-ifog/configuration.nix b/nix/os/devices/router0-ifog/configuration.nix index 6aadabb..9bc91ee 100644 --- a/nix/os/devices/router0-ifog/configuration.nix +++ b/nix/os/devices/router0-ifog/configuration.nix @@ -5,11 +5,11 @@ config, nodeFlake, nodeName, - localDomainName, system, variables, ... -}: { +}: +{ system.stateVersion = "23.11"; imports = [ @@ -48,7 +48,7 @@ boot.loader.grub.efiSupport = false; # forcing seems required or else there's an error about duplicated devices - boot.loader.grub.devices = lib.mkForce ["/dev/vda"]; + boot.loader.grub.devices = lib.mkForce [ "/dev/vda" ]; disko.devices.disk.vda = { device = "/dev/vda"; @@ -64,14 +64,14 @@ size = "100%"; content = { type = "btrfs"; - extraArgs = ["-f"]; # Override existing partition + extraArgs = [ "-f" ]; # Override existing partition subvolumes = { # Subvolume name is different from mountpoint "/rootfs" = { mountpoint = "/"; }; "/nix" = { - mountOptions = ["noatime"]; + mountOptions = [ "noatime" ]; mountpoint = "/nix"; }; "/boot" = { @@ -156,9 +156,7 @@ interface = "eth0"; address = variables.ipv4gateway; }; - nameservers = [ - variables.ipv4dns - ]; + nameservers = [ variables.ipv4dns ]; # these will be configured via nftables nat.enable = lib.mkForce false; @@ -176,17 +174,20 @@ snippets.nnf-common.enable = true; zones.wan = { - interfaces = ["eth0"]; + interfaces = [ "eth0" ]; }; zones.vpn = { - interfaces = ["wg0" "wg1"]; + interfaces = [ + "wg0" + "wg1" + ]; }; rules = { to-fw = { from = "all"; - to = ["fw"]; + to = [ "fw" ]; verdict = "drop"; allowedTCPPorts = [ @@ -202,8 +203,8 @@ }; vpn-to-wan-nat = { - from = ["vpn"]; - to = ["wan"]; + from = [ "vpn" ]; + to = [ "wan" ]; masquerade = true; verdict = "accept"; }; @@ -283,9 +284,7 @@ systemd.network.networks.wg0 = { enable = true; matchConfig.Name = "wg0"; - address = [ - "10.0.0.0/31" - ]; + address = [ "10.0.0.0/31" ]; routes = [ { @@ -299,9 +298,7 @@ systemd.network.networks.wg1 = { enable = true; matchConfig.Name = "wg1"; - address = [ - "10.0.0.2/31" - ]; + address = [ "10.0.0.2/31" ]; routes = [ { diff --git a/nix/os/devices/router0-ifog/default.nix b/nix/os/devices/router0-ifog/default.nix index 202e206..fd2c485 100644 --- a/nix/os/devices/router0-ifog/default.nix +++ b/nix/os/devices/router0-ifog/default.nix @@ -4,20 +4,24 @@ repoFlake, nodeFlake, ... -}: let +}: +let variables = import ./variables.crypt.nix; -in { +in +{ meta.nodeSpecialArgs.${nodeName} = { - inherit repoFlake nodeName nodeFlake system variables; + inherit + repoFlake + nodeName + nodeFlake + system + variables + ; packages' = repoFlake.packages.${system}; nodePackages' = nodeFlake.packages.${system}; }; - meta.nodeNixpkgs.${nodeName} = - import nodeFlake.inputs.nixpkgs.outPath - { - inherit system; - }; + meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; }; ${nodeName} = { deployment.targetHost = variables.ipv4; diff --git a/nix/os/devices/router0-ifog/flake.nix b/nix/os/devices/router0-ifog/flake.nix index 6e7501b..3057b9a 100644 --- a/nix/os/devices/router0-ifog/flake.nix +++ b/nix/os/devices/router0-ifog/flake.nix @@ -15,5 +15,5 @@ nixos-nftables-firewall.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = _: {}; + outputs = _: { }; } diff --git a/nix/os/devices/sj-srv1/boot.nix b/nix/os/devices/sj-srv1/boot.nix index 59a5051..974f788 100644 --- a/nix/os/devices/sj-srv1/boot.nix +++ b/nix/os/devices/sj-srv1/boot.nix @@ -1,3 +1 @@ -{lib, ...}: { - boot.extraModulePackages = []; -} +_: { boot.extraModulePackages = [ ]; } diff --git a/nix/os/devices/sj-srv1/configuration.nix b/nix/os/devices/sj-srv1/configuration.nix index bada0c3..9f49bd1 100644 --- a/nix/os/devices/sj-srv1/configuration.nix +++ b/nix/os/devices/sj-srv1/configuration.nix @@ -1,10 +1,6 @@ +{ nodeName, config, ... }: { - nodeName, - config, - pkgs, - ... -}: { - disabledModules = []; + disabledModules = [ ]; imports = [ ../../profiles/common/configuration.nix { diff --git a/nix/os/devices/sj-srv1/default.nix b/nix/os/devices/sj-srv1/default.nix index 94458cb..6ec896d 100644 --- a/nix/os/devices/sj-srv1/default.nix +++ b/nix/os/devices/sj-srv1/default.nix @@ -3,17 +3,17 @@ repoFlake, nodeFlake, ... -}: let +}: +let system = "x86_64-linux"; -in { +in +{ meta.nodeSpecialArgs.${nodeName} = { inherit repoFlake nodeName nodeFlake; packages' = repoFlake.packages.${system}; }; - meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { - inherit system; - }; + meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; }; ${nodeName} = { deployment.targetHost = "${nodeName}.dmz.internal"; diff --git a/nix/os/devices/sj-srv1/flake.nix b/nix/os/devices/sj-srv1/flake.nix index 5d25964..20a919c 100644 --- a/nix/os/devices/sj-srv1/flake.nix +++ b/nix/os/devices/sj-srv1/flake.nix @@ -12,5 +12,5 @@ inputs.nixpkgs_forgejo.url = "github:NixOS/nixpkgs/af4ac075a3e97cb239078e187112afdf380cd47b"; # nixpkgs_forgejo.url = "github:steveej-forks/nixpkgs/9c3519ab3beb11b8d997281f8922330f707df419"; - outputs = _: {}; + outputs = _: { }; } diff --git a/nix/os/devices/sj-srv1/hw.nix b/nix/os/devices/sj-srv1/hw.nix index 65a001d..328266b 100644 --- a/nix/os/devices/sj-srv1/hw.nix +++ b/nix/os/devices/sj-srv1/hw.nix @@ -1,4 +1,5 @@ -{...}: let +_: +let stage1Modules = [ "virtio_balloon" "virtio_scsi" @@ -38,7 +39,8 @@ "cdc_ether" "uas" ]; -in { +in +{ hardware.opinionatedDisk = { enable = true; encrypted = false; diff --git a/nix/os/devices/sj-srv1/system.nix b/nix/os/devices/sj-srv1/system.nix index 978ce76..5aea904 100644 --- a/nix/os/devices/sj-srv1/system.nix +++ b/nix/os/devices/sj-srv1/system.nix @@ -6,29 +6,29 @@ nodeFlake, nodeName, ... -}: let +}: +let hostBridgeAddress = "192.168.101.1"; -in { +in +{ imports = [ ../../snippets/systemd-resolved.nix { # make sure it uses the DNS that comes in via DHCP - networking.nameservers = lib.mkForce []; + networking.nameservers = lib.mkForce [ ]; services.resolved.enable = true; # provide DNS to the containers services.resolved.extraConfig = '' DNSStubListenerExtra=${hostBridgeAddress} ''; - networking.firewall.interfaces.br0.allowedTCPPorts = [53]; - networking.firewall.interfaces.br0.allowedUDPPorts = [53]; + networking.firewall.interfaces.br0.allowedTCPPorts = [ 53 ]; + networking.firewall.interfaces.br0.allowedUDPPorts = [ 53 ]; } ]; programs.wireshark.enable = true; - environment.systemPackages = [ - pkgs.dnsutils - ]; + environment.systemPackages = [ pkgs.dnsutils ]; networking.firewall.enable = true; networking.nftables.enable = true; @@ -48,13 +48,13 @@ in { networking.nat = { enable = true; - internalInterfaces = ["br0"]; + internalInterfaces = [ "br0" ]; externalInterface = "dmz0"; }; networking.bridges = { br0 = { - interfaces = []; + interfaces = [ ]; }; }; networking.interfaces = { @@ -89,9 +89,7 @@ in { networkConfig.LinkLocalAddressing = "no"; # TODO: i'm not sure if and if so why this is required - macvlan = [ - "dmz0" - ]; + macvlan = [ "dmz0" ]; DHCP = "no"; }; @@ -111,45 +109,49 @@ in { }; # virtualization - virtualisation = {docker.enable = false;}; + virtualisation = { + docker.enable = false; + }; - nix.gc = {automatic = true;}; + nix.gc = { + automatic = true; + }; sops.secrets.restic-password.sopsFile = ../../../../secrets/${nodeName}/secrets.yaml; # adapted from https://github.com/lilyinstarlight/foosteros/blob/5c75ded111878970fd4f600c7adc013f971d5e71/config/restic.nix - services.restic.backups.${nodeName} = let - btrfs = "${pkgs.btrfs-progs}/bin/btrfs"; - in { - initialize = true; - repository = "sftp://u217879-sub3@u217879-sub3.your-storagebox.de:23/restic/${nodeName}"; + services.restic.backups.${nodeName} = + let + btrfs = "${pkgs.btrfs-progs}/bin/btrfs"; + in + { + initialize = true; + repository = "sftp://u217879-sub3@u217879-sub3.your-storagebox.de:23/restic/${nodeName}"; - paths = [ - "/backup" - ]; + paths = [ "/backup" ]; - pruneOpts = [ - "--keep-daily 7" - "--keep-weekly 5" - "--keep-monthly 12" - "--keep-yearly 2" - ]; + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 5" + "--keep-monthly 12" + "--keep-yearly 2" + ]; - timerConfig = { - OnCalendar = lib.mkDefault "daily"; - Persistent = true; + timerConfig = { + OnCalendar = lib.mkDefault "daily"; + Persistent = true; + }; + + passwordFile = config.sops.secrets.restic-password.path; + + backupPrepareCommand = '' + ${btrfs} su snapshot -r /var/lib/container-volumes /backup/container-volumes + ''; + backupCleanupCommand = '' + ${btrfs} su delete /backup/container-volumes + ''; }; - passwordFile = config.sops.secrets.restic-password.path; - - backupPrepareCommand = '' - ${btrfs} su snapshot -r /var/lib/container-volumes /backup/container-volumes - ''; - backupCleanupCommand = '' - ${btrfs} su delete /backup/container-volumes - ''; - }; - containers = { mailserver = import ../../containers/mailserver.nix { specialArgs = { @@ -167,25 +169,23 @@ in { sievePort = 4190; }; - webserver = - import ../../containers/webserver.nix - { - specialArgs = { - inherit repoFlake nodeFlake; - hostAddress = hostBridgeAddress; - }; - - autoStart = true; - - hostBridge = "br0"; + webserver = import ../../containers/webserver.nix { + specialArgs = { + inherit repoFlake nodeFlake; hostAddress = hostBridgeAddress; - localAddress = "192.168.101.11/24"; - - httpPort = 80; - httpsPort = 443; - forgejoSshPort = 2222; }; + autoStart = true; + + hostBridge = "br0"; + hostAddress = hostBridgeAddress; + localAddress = "192.168.101.11/24"; + + httpPort = 80; + httpsPort = 443; + forgejoSshPort = 2222; + }; + syncthing = import ../../containers/syncthing.nix { specialArgs = { inherit repoFlake nodeFlake; diff --git a/nix/os/devices/sj-vps-htz0/boot.nix b/nix/os/devices/sj-vps-htz0/boot.nix index 5713789..ed21f9c 100644 --- a/nix/os/devices/sj-vps-htz0/boot.nix +++ b/nix/os/devices/sj-vps-htz0/boot.nix @@ -1,4 +1,5 @@ -{lib, ...}: { +{ lib, ... }: +{ boot.loader.grub.efiSupport = lib.mkForce false; - boot.extraModulePackages = []; + boot.extraModulePackages = [ ]; } diff --git a/nix/os/devices/sj-vps-htz0/configuration.nix b/nix/os/devices/sj-vps-htz0/configuration.nix index b734123..0f9e008 100644 --- a/nix/os/devices/sj-vps-htz0/configuration.nix +++ b/nix/os/devices/sj-vps-htz0/configuration.nix @@ -1,10 +1,6 @@ +{ nodeName, config, ... }: { - nodeName, - config, - pkgs, - ... -}: { - disabledModules = []; + disabledModules = [ ]; imports = [ ../../profiles/common/configuration.nix { diff --git a/nix/os/devices/sj-vps-htz0/default.nix b/nix/os/devices/sj-vps-htz0/default.nix index 12e0271..7683a53 100644 --- a/nix/os/devices/sj-vps-htz0/default.nix +++ b/nix/os/devices/sj-vps-htz0/default.nix @@ -3,17 +3,17 @@ repoFlake, nodeFlake, ... -}: let +}: +let system = "x86_64-linux"; -in { +in +{ meta.nodeSpecialArgs.${nodeName} = { inherit repoFlake nodeName nodeFlake; packages' = repoFlake.packages.${system}; }; - meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { - inherit system; - }; + meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; }; ${nodeName} = { deployment.targetHost = "${nodeName}.infra.stefanjunker.de"; diff --git a/nix/os/devices/sj-vps-htz0/flake.nix b/nix/os/devices/sj-vps-htz0/flake.nix index c315b8e..f8ca24f 100644 --- a/nix/os/devices/sj-vps-htz0/flake.nix +++ b/nix/os/devices/sj-vps-htz0/flake.nix @@ -8,5 +8,5 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = _: {}; + outputs = _: { }; } diff --git a/nix/os/devices/sj-vps-htz0/hw.nix b/nix/os/devices/sj-vps-htz0/hw.nix index 7566a02..080bb40 100644 --- a/nix/os/devices/sj-vps-htz0/hw.nix +++ b/nix/os/devices/sj-vps-htz0/hw.nix @@ -1,4 +1,5 @@ -{...}: let +_: +let stage1Modules = [ "virtio_balloon" "virtio_scsi" @@ -14,7 +15,8 @@ "pata_acpi" "ata_generic" ]; -in { +in +{ hardware.opinionatedDisk = { enable = true; encrypted = false; diff --git a/nix/os/devices/sj-vps-htz0/system.nix b/nix/os/devices/sj-vps-htz0/system.nix index 7efcbbd..7380a35 100644 --- a/nix/os/devices/sj-vps-htz0/system.nix +++ b/nix/os/devices/sj-vps-htz0/system.nix @@ -1,16 +1,14 @@ { pkgs, - lib, config, - repoFlake, nodeName, ... -}: let +}: +let wireguardPort = 51820; -in { - imports = [ - ../../snippets/systemd-resolved.nix - ]; +in +{ + imports = [ ../../snippets/systemd-resolved.nix ]; networking.firewall.enable = true; networking.nftables.enable = true; @@ -19,9 +17,7 @@ in { # iperf3 5201 ]; - networking.firewall.allowedUDPPorts = [ - wireguardPort - ]; + networking.firewall.allowedUDPPorts = [ wireguardPort ]; networking.firewall.logRefusedConnections = false; @@ -38,7 +34,7 @@ in { "prefixLength" = 29; } ]; - ipv6.addresses = []; + ipv6.addresses = [ ]; }; networking.defaultGateway = { @@ -53,7 +49,10 @@ in { networking.nat = { enable = true; - internalInterfaces = ["ve-*" "wg*"]; + internalInterfaces = [ + "ve-*" + "wg*" + ]; externalInterface = "eth0"; }; @@ -70,15 +69,12 @@ in { networking.wireguard.interfaces.wg0 = { # eth0 MTU (1400) - 80 mtu = 1320; - ips = [ - "192.168.99.1/31" - ]; - listenPort = - wireguardPort; + ips = [ "192.168.99.1/31" ]; + listenPort = wireguardPort; privateKeyFile = config.sops.secrets.wg0-private.path; peers = [ { - allowedIPs = ["192.168.99.2/32"]; + allowedIPs = [ "192.168.99.2/32" ]; publicKey = "O3k4jEdX6jkV1fHP/J8KSH5tvi+n1VvnBTD5na6Naw0="; presharedKeyFile = config.sops.secrets.wg0-psk-steveej-psk.path; } @@ -86,14 +82,18 @@ in { }; # virtualization - virtualisation = {docker.enable = false;}; + virtualisation = { + docker.enable = false; + }; services.spice-vdagentd.enable = true; services.qemuGuest.enable = true; - nix.gc = {automatic = true;}; + nix.gc = { + automatic = true; + }; - containers = {}; + containers = { }; home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; diff --git a/nix/os/devices/srv0-dmz0/README.md b/nix/os/devices/srv0-dmz0/README.md index 92893b6..c76c8a0 100644 --- a/nix/os/devices/srv0-dmz0/README.md +++ b/nix/os/devices/srv0-dmz0/README.md @@ -1,7 +1,6 @@ ## bootstrapping ``` -# TODO: generate an SSH host-key and deploy it via --extra-files +# TODO: generate an SSH host-key and deploy it via --extra-files nixos-anywhere --flake .\#srv0-dmz0 root@srv0.dmz0.noosphere.life ``` - diff --git a/nix/os/devices/srv0-dmz0/configuration.nix b/nix/os/devices/srv0-dmz0/configuration.nix index b59afac..83c38ab 100644 --- a/nix/os/devices/srv0-dmz0/configuration.nix +++ b/nix/os/devices/srv0-dmz0/configuration.nix @@ -1,14 +1,14 @@ { modulesPath, repoFlake, - packages', - pkgs, config, ... -}: let +}: +let disk = "/dev/disk/by-id/ata-INTEL_SSDSC2BW240A4_PHDA435602332403GN"; -in { - disabledModules = []; +in +{ + disabledModules = [ ]; imports = [ repoFlake.inputs.disko.nixosModules.disko repoFlake.inputs.srvos.nixosModules.server @@ -23,7 +23,7 @@ in { ]; ## bare-metal machines - srvos.boot.consoles = ["tty0"]; + srvos.boot.consoles = [ "tty0" ]; boot.loader.grub.enable = false; boot.loader.efi.canTouchEfiVariables = false; @@ -39,7 +39,7 @@ in { start = "0"; end = "1M"; part-type = "primary"; - flags = ["bios_grub"]; + flags = [ "bios_grub" ]; } { name = "ESP"; @@ -60,14 +60,14 @@ in { bootable = true; content = { type = "btrfs"; - extraArgs = ["-f"]; # Override existing partition + extraArgs = [ "-f" ]; # Override existing partition subvolumes = { # Subvolume name is different from mountpoint "/rootfs" = { mountpoint = "/"; }; "/nix" = { - mountOptions = ["noatime"]; + mountOptions = [ "noatime" ]; }; }; }; @@ -109,7 +109,7 @@ in { networking.nat = { enable = true; - internalInterfaces = ["ve-+"]; + internalInterfaces = [ "ve-+" ]; externalInterface = "eth0"; }; @@ -119,9 +119,11 @@ in { # virtualization # virtualisation = {docker.enable = true;}; - nix.gc = {automatic = true;}; + nix.gc = { + automatic = true; + }; - containers = {}; + containers = { }; # sops.secrets.holochain-nomad-agent-ca = { # sopsFile = ../../../../secrets/holochain-infra/nomad.yaml; diff --git a/nix/os/devices/srv0-dmz0/default.nix b/nix/os/devices/srv0-dmz0/default.nix index 5c0b7bb..3af624b 100644 --- a/nix/os/devices/srv0-dmz0/default.nix +++ b/nix/os/devices/srv0-dmz0/default.nix @@ -3,17 +3,17 @@ repoFlake, nodeFlake, ... -}: let +}: +let system = "x86_64-linux"; -in { +in +{ meta.nodeSpecialArgs.${nodeName} = { inherit repoFlake nodeName nodeFlake; packages' = repoFlake.packages.${system}; }; - meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { - inherit system; - }; + meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; }; ${nodeName} = { deployment.targetHost = "srv0.dmz0.noosphere.life"; diff --git a/nix/os/devices/srv0-dmz0/flake.nix b/nix/os/devices/srv0-dmz0/flake.nix index f2af929..2f27989 100644 --- a/nix/os/devices/srv0-dmz0/flake.nix +++ b/nix/os/devices/srv0-dmz0/flake.nix @@ -8,5 +8,5 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = _: {}; + outputs = _: { }; } diff --git a/nix/os/devices/srv0.home-ch.stefanjunker.de/boot.nix b/nix/os/devices/srv0.home-ch.stefanjunker.de/boot.nix index fe0b621..9ddbde9 100644 --- a/nix/os/devices/srv0.home-ch.stefanjunker.de/boot.nix +++ b/nix/os/devices/srv0.home-ch.stefanjunker.de/boot.nix @@ -1,4 +1,4 @@ -{lib, ...}: { +_: { boot.loader.grub.efiSupport = true; - boot.extraModulePackages = []; + boot.extraModulePackages = [ ]; } diff --git a/nix/os/devices/srv0.home-ch.stefanjunker.de/configuration.nix b/nix/os/devices/srv0.home-ch.stefanjunker.de/configuration.nix index 28a63fb..b29548c 100644 --- a/nix/os/devices/srv0.home-ch.stefanjunker.de/configuration.nix +++ b/nix/os/devices/srv0.home-ch.stefanjunker.de/configuration.nix @@ -1,5 +1,6 @@ -{...}: { - disabledModules = []; +{ ... }: +{ + disabledModules = [ ]; imports = [ ../../profiles/common/configuration.nix ../../modules/opinionatedDisk.nix diff --git a/nix/os/devices/srv0.home-ch.stefanjunker.de/hw.nix b/nix/os/devices/srv0.home-ch.stefanjunker.de/hw.nix index 8815036..a89e29a 100644 --- a/nix/os/devices/srv0.home-ch.stefanjunker.de/hw.nix +++ b/nix/os/devices/srv0.home-ch.stefanjunker.de/hw.nix @@ -1,4 +1,5 @@ -{...}: let +_: +let stage1Modules = [ "aesni_intel" "kvm-intel" @@ -17,7 +18,8 @@ "xhci_hcd" "xhci_pci" ]; -in { +in +{ # TASK: new device hardware.opinionatedDisk = { enable = true; diff --git a/nix/os/devices/srv0.home-ch.stefanjunker.de/pkg.nix b/nix/os/devices/srv0.home-ch.stefanjunker.de/pkg.nix index b6c8038..607e7f3 100644 --- a/nix/os/devices/srv0.home-ch.stefanjunker.de/pkg.nix +++ b/nix/os/devices/srv0.home-ch.stefanjunker.de/pkg.nix @@ -1,16 +1,8 @@ +{ config, pkgs, ... }: { - config, - pkgs, - lib, - ... -}: { - nixpkgs.config.packageOverrides = pkgs: - with pkgs; { - nixPath = - (import ../../../default.nix { - versionsPath = ./versions.nix; - }) - .nixPath; + nixpkgs.config.packageOverrides = + pkgs: with pkgs; { + inherit ((import ../../../default.nix { versionsPath = ./versions.nix; })) nixPath; }; home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; @@ -20,7 +12,12 @@ { hostName = "localhost"; system = "x86_64-linux"; - supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"]; + supportedFeatures = [ + "kvm" + "nixos-test" + "big-parallel" + "benchmark" + ]; maxJobs = 4; } ]; diff --git a/nix/os/devices/srv0.home-ch.stefanjunker.de/system.nix b/nix/os/devices/srv0.home-ch.stefanjunker.de/system.nix index e677958..84bb74d 100644 --- a/nix/os/devices/srv0.home-ch.stefanjunker.de/system.nix +++ b/nix/os/devices/srv0.home-ch.stefanjunker.de/system.nix @@ -1,11 +1,4 @@ -{ - pkgs, - lib, - config, - ... -}: let - keys = import ../../../variables/keys.nix; -in { +_: { # TASK: new device networking.hostName = "srv0"; # Define your hostname. # networking.domain = "home-ch.stefanjunker.de"; @@ -37,7 +30,7 @@ in { networking.nat = { enable = true; - internalInterfaces = ["ve-+"]; + internalInterfaces = [ "ve-+" ]; externalInterface = "eth0"; }; @@ -45,14 +38,20 @@ in { # services.kubernetes.roles = ["master" "node"]; # virtualization - virtualisation = {docker.enable = true;}; + virtualisation = { + docker.enable = true; + }; - nix.gc = {automatic = true;}; + nix.gc = { + automatic = true; + }; networking.useHostResolvConf = false; - services.resolved = {enable = true;}; + services.resolved = { + enable = true; + }; - containers = {}; + containers = { }; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions diff --git a/nix/os/devices/srv0.home-ch.stefanjunker.de/versions.nix b/nix/os/devices/srv0.home-ch.stefanjunker.de/versions.nix index bb546e6..1bc2086 100644 --- a/nix/os/devices/srv0.home-ch.stefanjunker.de/versions.nix +++ b/nix/os/devices/srv0.home-ch.stefanjunker.de/versions.nix @@ -4,7 +4,8 @@ let ref = "nixos-22.05"; rev = "040c6d8374d090f46ab0e99f1f7c27a4529ecffd"; }; -in { +in +{ inherit nixpkgs; "channels-nixos-stable" = nixpkgs; "nixpkgs-master" = { diff --git a/nix/os/devices/srv0.home-ch.stefanjunker.de/versions.tmpl.nix b/nix/os/devices/srv0.home-ch.stefanjunker.de/versions.tmpl.nix index 511138c..5817e21 100644 --- a/nix/os/devices/srv0.home-ch.stefanjunker.de/versions.tmpl.nix +++ b/nix/os/devices/srv0.home-ch.stefanjunker.de/versions.tmpl.nix @@ -6,7 +6,8 @@ let <% git ls-remote https://github.com/nixos/nixpkgs nixos-22.05 | awk '{ print $1 }' | tr -d ' ' -%>''; }; -in { +in +{ inherit nixpkgs; "channels-nixos-stable" = nixpkgs; "nixpkgs-master" = { diff --git a/nix/os/devices/steveej-nuc7pjyh-work/configuration.nix b/nix/os/devices/steveej-nuc7pjyh-work/configuration.nix index a15e1aa..d009275 100644 --- a/nix/os/devices/steveej-nuc7pjyh-work/configuration.nix +++ b/nix/os/devices/steveej-nuc7pjyh-work/configuration.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ imports = [ ../../profiles/common/configuration.nix ../../profiles/graphical/configuration.nix diff --git a/nix/os/devices/steveej-nuc7pjyh-work/hw.nix b/nix/os/devices/steveej-nuc7pjyh-work/hw.nix index 6d8eadd..76ab1b9 100644 --- a/nix/os/devices/steveej-nuc7pjyh-work/hw.nix +++ b/nix/os/devices/steveej-nuc7pjyh-work/hw.nix @@ -1,4 +1,4 @@ -{...}: { +_: { # TASK: new device hardware.encryptedDisk = { enable = true; diff --git a/nix/os/devices/steveej-nuc7pjyh-work/system.nix b/nix/os/devices/steveej-nuc7pjyh-work/system.nix index 73d39d9..efe0db2 100644 --- a/nix/os/devices/steveej-nuc7pjyh-work/system.nix +++ b/nix/os/devices/steveej-nuc7pjyh-work/system.nix @@ -1,11 +1,7 @@ +{ pkgs, lib, ... }: { - pkgs, - lib, - ... -}: let -in { services.udev.extraRules = ''SUBSYSTEM=="sgx", MODE="0660", GROUP="sgx"''; - users.groups.sgx = {}; + users.groups.sgx = { }; networking.hostName = "steveej-nuc7pjyh-work"; # Define your hostname. boot.kernelPackages = lib.mkForce pkgs.linuxPackages_sgx_latest; } diff --git a/nix/os/devices/steveej-nuc7pjyh-work/user.nix b/nix/os/devices/steveej-nuc7pjyh-work/user.nix index 2b72309..e37d392 100644 --- a/nix/os/devices/steveej-nuc7pjyh-work/user.nix +++ b/nix/os/devices/steveej-nuc7pjyh-work/user.nix @@ -1,12 +1,9 @@ -{ - config, - pkgs, - ... -}: let - passwords = import ../../../variables/passwords.crypt.nix; +{ pkgs, ... }: +let keys = import ../../../variables/keys.nix; - inherit (import ../../lib/default.nix {inherit (pkgs) lib;}) mkUser; -in { + inherit (import ../../lib/default.nix { inherit (pkgs) lib; }) mkUser; +in +{ users.extraUsers.sjunker = mkUser { uid = 1001; openssh.authorizedKeys.keys = keys.users.steveej.openssh; @@ -14,7 +11,7 @@ in { image = "quay.io/enarx/fedora"; run_args = "-v /dev/sgx:/dev/sgx"; }; - extraGroups = ["sgx"]; + extraGroups = [ "sgx" ]; subUidRanges = [ { diff --git a/nix/os/devices/steveej-pa600/boot.nix b/nix/os/devices/steveej-pa600/boot.nix index 4d8c1d1..639698f 100644 --- a/nix/os/devices/steveej-pa600/boot.nix +++ b/nix/os/devices/steveej-pa600/boot.nix @@ -1,4 +1,5 @@ -{lib, ...}: { +{ lib, ... }: +{ boot.loader.grub.efiInstallAsRemovable = lib.mkForce true; boot.loader.efi.canTouchEfiVariables = lib.mkForce false; } diff --git a/nix/os/devices/steveej-pa600/configuration.nix b/nix/os/devices/steveej-pa600/configuration.nix index 37f4c61..68ad190 100644 --- a/nix/os/devices/steveej-pa600/configuration.nix +++ b/nix/os/devices/steveej-pa600/configuration.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ imports = [ ../../profiles/common/configuration.nix ../../profiles/graphical/configuration.nix diff --git a/nix/os/devices/steveej-pa600/hw.nix b/nix/os/devices/steveej-pa600/hw.nix index a563c1a..651a6e2 100644 --- a/nix/os/devices/steveej-pa600/hw.nix +++ b/nix/os/devices/steveej-pa600/hw.nix @@ -1,4 +1,5 @@ -{...}: let +_: +let stage1Modules = [ "aesni_intel" "kvm-intel" @@ -7,7 +8,8 @@ "xhci_pci" "hxci_hcd" ]; -in { +in +{ # TASK: new device hardware.opinionatedDisk = { enable = true; diff --git a/nix/os/devices/steveej-pa600/pkg.nix b/nix/os/devices/steveej-pa600/pkg.nix index 1db742a..360c17b 100644 --- a/nix/os/devices/steveej-pa600/pkg.nix +++ b/nix/os/devices/steveej-pa600/pkg.nix @@ -1,11 +1,8 @@ -{pkgs, ...}: { - nixpkgs.config.packageOverrides = pkgs: - with pkgs; { - nixPath = - (import ../../../default.nix { - versionsPath = ./versions.nix; - }) - .nixPath; +{ pkgs, ... }: +{ + nixpkgs.config.packageOverrides = + pkgs: with pkgs; { + inherit ((import ../../../default.nix { versionsPath = ./versions.nix; })) nixPath; }; home-manager.users.steveej = import ../../../home-manager/configuration/graphical-fullblown.nix { inherit pkgs; diff --git a/nix/os/devices/steveej-pa600/system.nix b/nix/os/devices/steveej-pa600/system.nix index 02256d8..2a4551a 100644 --- a/nix/os/devices/steveej-pa600/system.nix +++ b/nix/os/devices/steveej-pa600/system.nix @@ -1,11 +1,5 @@ +{ pkgs, lib, ... }: { - pkgs, - lib, - config, - ... -}: let - keys = import ../../../variables/keys.nix; -in { # TASK: new device networking.hostName = "steveej-pa600"; # Define your hostname. @@ -20,7 +14,11 @@ in { services.printing = { enable = true; - drivers = with pkgs; [hplip mfcl3770cdw.driver mfcl3770cdw.cupswrapper]; + drivers = with pkgs; [ + hplip + mfcl3770cdw.driver + mfcl3770cdw.cupswrapper + ]; }; services.fprintd.enable = true; @@ -29,9 +27,9 @@ in { sudo.fprintAuth = true; }; - security.pki.certificateFiles = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"]; + security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]; - services.xserver.videoDrivers = ["modesetting"]; + services.xserver.videoDrivers = [ "modesetting" ]; services.xserver.serverFlagsSection = '' Option "BlankTime" "0" Option "StandbyTime" "0" diff --git a/nix/os/devices/steveej-pa600/user.nix b/nix/os/devices/steveej-pa600/user.nix index 4b85fea..bb94098 100644 --- a/nix/os/devices/steveej-pa600/user.nix +++ b/nix/os/devices/steveej-pa600/user.nix @@ -1,12 +1,9 @@ -{ - config, - pkgs, - ... -}: let - passwords = import ../../../variables/passwords.crypt.nix; +{ pkgs, ... }: +let keys = import ../../../variables/keys.nix; - inherit (import ../../lib/default.nix {inherit (pkgs) lib;}) mkUser; -in { + inherit (import ../../lib/default.nix { inherit (pkgs) lib; }) mkUser; +in +{ users.extraUsers.steveej2 = mkUser { uid = 1001; openssh.authorizedKeys.keys = keys.users.steveej.openssh; diff --git a/nix/os/devices/steveej-pa600/versions.nix b/nix/os/devices/steveej-pa600/versions.nix index ce6b116..e7d4567 100644 --- a/nix/os/devices/steveej-pa600/versions.nix +++ b/nix/os/devices/steveej-pa600/versions.nix @@ -4,9 +4,12 @@ let ref = "nixos-20.09"; rev = "e065200fc90175a8f6e50e76ef10a48786126e1c"; }; -in { +in +{ inherit nixpkgs; - nixos = nixpkgs // {suffix = "/nixos";}; + nixos = nixpkgs // { + suffix = "/nixos"; + }; "channels-nixos-stable" = nixpkgs; "channels-nixos-unstable" = { url = "https://github.com/NixOS/nixpkgs/"; diff --git a/nix/os/devices/steveej-pa600/versions.tmpl.nix b/nix/os/devices/steveej-pa600/versions.tmpl.nix index 96f7be3..08f1a43 100644 --- a/nix/os/devices/steveej-pa600/versions.tmpl.nix +++ b/nix/os/devices/steveej-pa600/versions.tmpl.nix @@ -6,9 +6,12 @@ let <% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d ' ' -%>''; }; -in { +in +{ inherit nixpkgs; - nixos = nixpkgs // {suffix = "/nixos";}; + nixos = nixpkgs // { + suffix = "/nixos"; + }; "channels-nixos-stable" = nixpkgs; "channels-nixos-unstable" = { url = "https://github.com/NixOS/nixpkgs/"; diff --git a/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/configuration.nix b/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/configuration.nix index b32a198..9682eb6 100644 --- a/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/configuration.nix +++ b/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/configuration.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ imports = [ ../../profiles/common/configuration.nix ../../profiles/graphical/configuration.nix diff --git a/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/hw.nix b/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/hw.nix index 14df96a..4af1def 100644 --- a/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/hw.nix +++ b/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/hw.nix @@ -1,4 +1,4 @@ -{...}: { +_: { # TASK: new device hardware.encryptedDisk = { enable = true; diff --git a/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/system.nix b/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/system.nix index 4329e5c..7f69ec0 100644 --- a/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/system.nix +++ b/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/system.nix @@ -1,3 +1,3 @@ -{...}: { +_: { networking.hostName = "steveej-rmvbl-mmc-SL32G_0x259093f6"; # Define your hostname. } diff --git a/nix/os/devices/steveej-rmvbl-sdep0/configuration.nix b/nix/os/devices/steveej-rmvbl-sdep0/configuration.nix index d49dbd3..861a9ea 100644 --- a/nix/os/devices/steveej-rmvbl-sdep0/configuration.nix +++ b/nix/os/devices/steveej-rmvbl-sdep0/configuration.nix @@ -1,11 +1,8 @@ -{...}: { - nixpkgs.config.packageOverrides = pkgs: - with pkgs; { - nixPath = - (import ../../../default.nix { - versionsPath = ./versions.nix; - }) - .nixPath; +{ ... }: +{ + nixpkgs.config.packageOverrides = + pkgs: with pkgs; { + inherit ((import ../../../default.nix { versionsPath = ./versions.nix; })) nixPath; }; imports = [ diff --git a/nix/os/devices/steveej-rmvbl-sdep0/hw.nix b/nix/os/devices/steveej-rmvbl-sdep0/hw.nix index 408b2a9..c42f909 100644 --- a/nix/os/devices/steveej-rmvbl-sdep0/hw.nix +++ b/nix/os/devices/steveej-rmvbl-sdep0/hw.nix @@ -1,4 +1,4 @@ -{...}: { +_: { # TASK: new device hardware.opinionatedDisk.diskId = "usb-SanDisk_Extreme_Pro_12345978EC62-0:0"; hardware.opinionatedDisk.encrypted = true; diff --git a/nix/os/devices/steveej-rmvbl-sdep0/system.nix b/nix/os/devices/steveej-rmvbl-sdep0/system.nix index 5bad73f..d409681 100644 --- a/nix/os/devices/steveej-rmvbl-sdep0/system.nix +++ b/nix/os/devices/steveej-rmvbl-sdep0/system.nix @@ -1,4 +1,4 @@ -{...}: { +_: { networking.hostName = "steveej-rmvbl-sdep0"; # Define your hostname. system.stateVersion = "21.05"; } diff --git a/nix/os/devices/steveej-rmvbl-sdep0/versions.nix b/nix/os/devices/steveej-rmvbl-sdep0/versions.nix index f8759b8..3771f25 100644 --- a/nix/os/devices/steveej-rmvbl-sdep0/versions.nix +++ b/nix/os/devices/steveej-rmvbl-sdep0/versions.nix @@ -2,35 +2,33 @@ let nixpkgs = { url = "https://github.com/NixOS/nixpkgs/"; ref = "nixos-22.11"; - rev = '' - 0040164e473509b4aee6aedb3b923e400d6df10b''; + rev = ''0040164e473509b4aee6aedb3b923e400d6df10b''; }; -in { +in +{ inherit nixpkgs; - nixos = nixpkgs // {suffix = "/nixos";}; + nixos = nixpkgs // { + suffix = "/nixos"; + }; "channels-nixos-stable" = nixpkgs; "channels-nixos-unstable" = { url = "https://github.com/NixOS/nixpkgs/"; ref = "nixos-unstable"; - rev = '' - d9f759f2ea8d265d974a6e1259bd510ac5844c5d''; + rev = ''d9f759f2ea8d265d974a6e1259bd510ac5844c5d''; }; "channels-nixos-unstable-small" = { url = "https://github.com/NixOS/nixpkgs/"; ref = "nixos-unstable-small"; - rev = '' - 9c34c8adba80180608794cce600b10183b048942''; + rev = ''9c34c8adba80180608794cce600b10183b048942''; }; "nixpkgs-master" = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; - rev = '' - f9adb566707a492bd3d17fee1e223695d939b52a''; + rev = ''f9adb566707a492bd3d17fee1e223695d939b52a''; }; "home-manager-module" = { url = "https://github.com/nix-community/home-manager"; ref = "release-22.11"; - rev = '' - d6f3ba090ed090ae664ab5bac329654093aae725''; + rev = ''d6f3ba090ed090ae664ab5bac329654093aae725''; }; } diff --git a/nix/os/devices/steveej-rmvbl-sdep0/versions.tmpl.nix b/nix/os/devices/steveej-rmvbl-sdep0/versions.tmpl.nix index a0fa34a..92abc4a 100644 --- a/nix/os/devices/steveej-rmvbl-sdep0/versions.tmpl.nix +++ b/nix/os/devices/steveej-rmvbl-sdep0/versions.tmpl.nix @@ -6,9 +6,12 @@ let <% git ls-remote https://github.com/nixos/nixpkgs nixos-22.11 | awk '{ print $1 }' | tr -d ' ' -%>''; }; -in { +in +{ inherit nixpkgs; - nixos = nixpkgs // {suffix = "/nixos";}; + nixos = nixpkgs // { + suffix = "/nixos"; + }; "channels-nixos-stable" = nixpkgs; "channels-nixos-unstable" = { url = "https://github.com/NixOS/nixpkgs/"; diff --git a/nix/os/devices/steveej-t14/boot.nix b/nix/os/devices/steveej-t14/boot.nix index 281d09e..d3ff0b5 100644 --- a/nix/os/devices/steveej-t14/boot.nix +++ b/nix/os/devices/steveej-t14/boot.nix @@ -1,8 +1,5 @@ +{ lib, pkgs, ... }: { - lib, - pkgs, - ... -}: { boot.loader.grub.efiInstallAsRemovable = lib.mkForce true; boot.loader.efi.canTouchEfiVariables = lib.mkForce false; boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; diff --git a/nix/os/devices/steveej-t14/configuration.nix b/nix/os/devices/steveej-t14/configuration.nix index a094278..f5ccca0 100644 --- a/nix/os/devices/steveej-t14/configuration.nix +++ b/nix/os/devices/steveej-t14/configuration.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ imports = [ ../../snippets/home-manager-with-zsh.nix ../../snippets/nix-settings-holo-chain.nix @@ -19,7 +20,7 @@ ./boot.nix # samba seerver - ({lib, ...}: { + (_: { # networking.firewall.enable = lib.mkForce false; services.samba-wsdd.enable = true; # make shares visible for windows 10 clients networking.firewall.allowedTCPPorts = [ diff --git a/nix/os/devices/steveej-t14/default.nix b/nix/os/devices/steveej-t14/default.nix index bcb5e94..d7e6d28 100644 --- a/nix/os/devices/steveej-t14/default.nix +++ b/nix/os/devices/steveej-t14/default.nix @@ -4,26 +4,24 @@ repoFlakeWithSystem, nodeFlake, ... -}: let +}: +let system = "x86_64-linux"; -in { +in +{ meta.nodeSpecialArgs.${nodeName} = { inherit repoFlake nodeName nodeFlake; packages' = repoFlake.packages.${system}; - repoFlakeInputs' = repoFlakeWithSystem system ({inputs', ...}: inputs'); + repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs'); }; - meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { - inherit system; - }; + meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; }; ${nodeName} = { deployment.targetHost = nodeName; deployment.replaceUnknownProfiles = false; deployment.allowLocalDeployment = true; - imports = [ - (repoFlake + "/nix/os/devices/${nodeName}/configuration.nix") - ]; + imports = [ (repoFlake + "/nix/os/devices/${nodeName}/configuration.nix") ]; }; } diff --git a/nix/os/devices/steveej-t14/flake.nix b/nix/os/devices/steveej-t14/flake.nix index d2a549b..504ce45 100644 --- a/nix/os/devices/steveej-t14/flake.nix +++ b/nix/os/devices/steveej-t14/flake.nix @@ -12,5 +12,5 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = _: {}; + outputs = _: { }; } diff --git a/nix/os/devices/steveej-t14/hw.nix b/nix/os/devices/steveej-t14/hw.nix index 1b905e0..0fa593a 100644 --- a/nix/os/devices/steveej-t14/hw.nix +++ b/nix/os/devices/steveej-t14/hw.nix @@ -1,5 +1,4 @@ -{lib, ...}: let -in { +_: { # TASK: new device hardware.opinionatedDisk = { enable = true; @@ -66,16 +65,56 @@ in { enable = false; levels = [ # ["level auto" 0 60] - [0 0 60] - [1 60 65] - [1 65 75] - [2 75 78] - [3 78 80] - [4 80 82] - [5 82 84] - [6 84 86] - [7 86 88] - ["level full-speed" 88 999] + [ + 0 + 0 + 60 + ] + [ + 1 + 60 + 65 + ] + [ + 1 + 65 + 75 + ] + [ + 2 + 75 + 78 + ] + [ + 3 + 78 + 80 + ] + [ + 4 + 80 + 82 + ] + [ + 5 + 82 + 84 + ] + [ + 6 + 84 + 86 + ] + [ + 7 + 86 + 88 + ] + [ + "level full-speed" + 88 + 999 + ] ]; extraArgs = [ diff --git a/nix/os/devices/steveej-t14/pkg.nix b/nix/os/devices/steveej-t14/pkg.nix index 0cc3c04..4e53eaf 100644 --- a/nix/os/devices/steveej-t14/pkg.nix +++ b/nix/os/devices/steveej-t14/pkg.nix @@ -1,14 +1,7 @@ +{ pkgs, ... }: { - pkgs, - lib, - repoFlake, - nodeFlake, - ... -}: { system.stateVersion = "23.05"; - home-manager.users.root = _: { - home.stateVersion = "22.05"; - }; + home-manager.users.root = _: { home.stateVersion = "22.05"; }; home-manager.users.steveej = _: { home.stateVersion = "22.05"; imports = [ @@ -21,10 +14,9 @@ }) ]; - home.sessionVariables = {}; + home.sessionVariables = { }; - home.packages = with pkgs; [ - ]; + home.packages = with pkgs; [ ]; }; # TODO: fix the following errors with regreet @@ -38,26 +30,28 @@ # # (regreet:505614): Gtk-WARNING **: 10:31:42.532: Theme parser warning: :6:17-18: Empty declaration # Failed to create /var/empty/.cache for shader cache (Operation not permitted)---disabling. - services.greetd = let - # exec "${pkgs.greetd.gtkgreet}/bin/gtkgreet -l; swaymsg exit" - swayConfig = pkgs.writeText "greetd-sway-config" '' - # `-l` activates layer-shell mode. Notice that `swaymsg exit` will run after gtkgreet. - exec "dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK; ${pkgs.greetd.regreet}/bin/regreet; swaymsg exit" - bindsym Mod4+shift+e exec swaynag \ - -t warning \ - -m 'What do you want to do?' \ - -b 'Poweroff' 'systemctl poweroff' \ - -b 'Reboot' 'systemctl reboot' - ''; - in { - enable = false; - settings = { - vt = 1; - default_session = { - command = "${pkgs.sway}/bin/sway --config ${swayConfig}"; + services.greetd = + let + # exec "${pkgs.greetd.gtkgreet}/bin/gtkgreet -l; swaymsg exit" + swayConfig = pkgs.writeText "greetd-sway-config" '' + # `-l` activates layer-shell mode. Notice that `swaymsg exit` will run after gtkgreet. + exec "dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK; ${pkgs.greetd.regreet}/bin/regreet; swaymsg exit" + bindsym Mod4+shift+e exec swaynag \ + -t warning \ + -m 'What do you want to do?' \ + -b 'Poweroff' 'systemctl poweroff' \ + -b 'Reboot' 'systemctl reboot' + ''; + in + { + enable = false; + settings = { + vt = 1; + default_session = { + command = "${pkgs.sway}/bin/sway --config ${swayConfig}"; + }; }; }; - }; environment.etc."greetd/environments".text = '' sway diff --git a/nix/os/devices/steveej-t14/system.nix b/nix/os/devices/steveej-t14/system.nix index 04fb60a..db19a3b 100644 --- a/nix/os/devices/steveej-t14/system.nix +++ b/nix/os/devices/steveej-t14/system.nix @@ -2,10 +2,10 @@ pkgs, lib, config, - nodeName, repoFlake, ... -}: let +}: +let localTcpPorts = [ 22 @@ -21,12 +21,11 @@ 22000 21027 ]; -in { +in +{ nix.settings = { - substituters = [ - ]; - trusted-public-keys = [ - ]; + substituters = [ ]; + trusted-public-keys = [ ]; }; nix.distributedBuilds = true; @@ -39,7 +38,7 @@ in { system = "x86_64-linux"; maxJobs = 32; speedFactor = 100; - supportedFeatures = repoFlake.nixosConfigurations.steveej-t14.config.nix.settings.system-features ++ []; + supportedFeatures = repoFlake.nixosConfigurations.steveej-t14.config.nix.settings.system-features; } { @@ -50,16 +49,15 @@ in { system = "aarch64-linux"; maxJobs = 32; speedFactor = 100; - supportedFeatures = repoFlake.nixosConfigurations.router0-dmz0.config.nix.settings.system-features ++ []; + supportedFeatures = repoFlake.nixosConfigurations.router0-dmz0.config.nix.settings.system-features; } ]; networking.networkmanager.enable = true; - networking.extraHosts = '' - ''; + networking.extraHosts = ''''; - networking.bridges."virbr1".interfaces = []; + networking.bridges."virbr1".interfaces = [ ]; networking.interfaces."virbr1".ipv4.addresses = [ { address = "10.254.254.254"; @@ -92,7 +90,9 @@ in { # virtualization virtualisation = { - libvirtd = {enable = true;}; + libvirtd = { + enable = true; + }; virtualbox.host = { enable = false; @@ -110,13 +110,11 @@ in { # client min protocol = NT1 ''; - security.pki.certificateFiles = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"]; + security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]; - services.xserver.videoDrivers = lib.mkForce ["amdgpu"]; + services.xserver.videoDrivers = lib.mkForce [ "amdgpu" ]; hardware.ledger.enable = true; - boot.binfmt.emulatedSystems = [ - "aarch64-linux" - ]; + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; } diff --git a/nix/os/devices/steveej-t14/user.nix b/nix/os/devices/steveej-t14/user.nix index 6068f93..dacf1f4 100644 --- a/nix/os/devices/steveej-t14/user.nix +++ b/nix/os/devices/steveej-t14/user.nix @@ -1,19 +1,16 @@ -{ - config, - pkgs, - lib, - ... -}: let +{ config, pkgs, ... }: +let keys = import ../../../variables/keys.nix; - inherit (pkgs.callPackage ../../lib/default.nix {}) mkUser; -in { + inherit (pkgs.callPackage ../../lib/default.nix { }) mkUser; +in +{ users.users.steveej2 = mkUser { uid = 1001; openssh.authorizedKeys.keys = keys.users.steveej.openssh; hashedPasswordFile = config.sops.secrets.sharedUsers-steveej.path; }; - nix.settings.trusted-users = ["steveej"]; + nix.settings.trusted-users = [ "steveej" ]; security.pam.u2f.enable = true; security.pam.services.steveej.u2fAuth = true; diff --git a/nix/os/devices/steveej-utilitepro/configuration.nix b/nix/os/devices/steveej-utilitepro/configuration.nix index 06cc7d1..76a34c8 100644 --- a/nix/os/devices/steveej-utilitepro/configuration.nix +++ b/nix/os/devices/steveej-utilitepro/configuration.nix @@ -1,13 +1,11 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ - config, - pkgs, - ... -}: let +{ config, pkgs, ... }: +let passwords = import ../common/passwords.crypt.nix; -in { +in +{ # The NixOS release to be compatible with for stateful data such as databases. system.stateVersion = "16.03"; nix.maxJobs = 4; @@ -19,22 +17,18 @@ in { ''; nixpkgs.config = { - packageOverrides = super: let - self = super.pkgs; - in { + packageOverrides = super: { linux_4_1 = super.linux_4_1.override { - kernelPatches = - super.linux_4_1.kernelPatches - ++ [ - { - patch = ./patches/utilitepro-kernel-dts.patch; - name = "utilitepro-dts"; - } - { - patch = ./patches/utilitepro-kernel-dts-Makefile.patch; - name = "utilitepro-dts-Makefile"; - } - ]; + kernelPatches = super.linux_4_1.kernelPatches ++ [ + { + patch = ./patches/utilitepro-kernel-dts.patch; + name = "utilitepro-dts"; + } + { + patch = ./patches/utilitepro-kernel-dts-Makefile.patch; + name = "utilitepro-dts-Makefile"; + } + ]; # add "CONFIG_PPP_FILTER y" option to the set of kernel options extraConfig = '' BTRFS_FS y @@ -279,7 +273,10 @@ in { uid = 1000; isNormalUser = true; home = "/home/steveej"; - extraGroups = ["wheel" "libvirtd"]; + extraGroups = [ + "wheel" + "libvirtd" + ]; # FIXME: this is deprecated but so is this device probably hashedPassword = passwords.users.steveej; openssh.authorizedKeys.keys = [ diff --git a/nix/os/devices/steveej-utilitepro/hardware-configuration.nix b/nix/os/devices/steveej-utilitepro/hardware-configuration.nix index a325b30..1d3e463 100644 --- a/nix/os/devices/steveej-utilitepro/hardware-configuration.nix +++ b/nix/os/devices/steveej-utilitepro/hardware-configuration.nix @@ -1,17 +1,13 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. +{ ... }: { - config, - lib, - pkgs, - ... -}: { - imports = []; + imports = [ ]; - boot.initrd.availableKernelModules = []; - boot.kernelModules = []; - boot.extraModulePackages = []; + boot.initrd.availableKernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; hardware.enableAllFirmware = true; @@ -24,5 +20,5 @@ device = "/dev/disk/by-uuid/f1e7e913-93a0-4258-88f9-f65041d91d66"; }; - swapDevices = []; + swapDevices = [ ]; } diff --git a/nix/os/devices/steveej-x13s-rmvbl/configuration.nix b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix index 9aec1e2..39e93de 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/configuration.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix @@ -5,10 +5,10 @@ lib, config, nodeName, - localDomainName, system, ... -}: { +}: +{ nixos-x13s = { enable = true; # TODO: use hardware address @@ -41,8 +41,8 @@ echo $? ) ''; - requiredBy = ["bluetooth.service"]; - before = ["bluetooth.service"]; + requiredBy = [ "bluetooth.service" ]; + before = [ "bluetooth.service" ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; @@ -103,20 +103,15 @@ ]; system.stateVersion = "23.11"; - home-manager.users.root = _: { - home.stateVersion = "23.11"; - }; + home-manager.users.root = _: { home.stateVersion = "23.11"; }; home-manager.users.steveej = _: { home.stateVersion = "23.11"; - imports = [ - ../../../home-manager/configuration/graphical-fullblown.nix - ]; + imports = [ ../../../home-manager/configuration/graphical-fullblown.nix ]; - home.sessionVariables = {}; + home.sessionVariables = { }; - home.packages = with pkgs; [ - ]; + home.packages = with pkgs; [ ]; # TODO: currently unsupported services.gammastep.enable = lib.mkForce false; @@ -127,7 +122,7 @@ loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = lib.mkForce false; loader.efi.efiSysMountPoint = "/boot"; - blacklistedKernelModules = ["wwan"]; + blacklistedKernelModules = [ "wwan" ]; initrd.kernelModules = [ "uas" @@ -153,7 +148,8 @@ "firmware/qcom/sc8280xp/LENOVO/21BX/qccdsp8280.mbn".source = pkgs.linux-firmware; "firmware/qcom/sc8280xp/LENOVO/21BX/qcdxkmsuc8280.mbn".source = pkgs.linux-firmware; "firmware/qcom/sc8280xp/LENOVO/21BX/qcslpi8280.mbn".source = pkgs.linux-firmware; - "firmware/qcom/sc8280xp/LENOVO/21BX/qcvss8280.mbn".source = nodeFlake.inputs.nixos-x13s.packages.${system}."x13s/extra-firmware"; + "firmware/qcom/sc8280xp/LENOVO/21BX/qcvss8280.mbn".source = + nodeFlake.inputs.nixos-x13s.packages.${system}."x13s/extra-firmware"; }; }; diff --git a/nix/os/devices/steveej-x13s-rmvbl/default.nix b/nix/os/devices/steveej-x13s-rmvbl/default.nix index fa66cf4..2ba48d2 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/default.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/default.nix @@ -6,21 +6,23 @@ nodeFlake, localDomainName ? "internal", ... -}: { +}: +{ meta.nodeSpecialArgs.${nodeName} = { - inherit repoFlake nodeName nodeFlake system; + inherit + repoFlake + nodeName + nodeFlake + system + ; packages' = repoFlake.packages.${system}; nodePackages' = nodeFlake.packages.${system}; - repoFlakeInputs' = repoFlakeWithSystem system ({inputs', ...}: inputs'); + repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs'); inherit localDomainName; }; - meta.nodeNixpkgs.${nodeName} = - import nodeFlake.inputs.nixpkgs.outPath - { - inherit system; - }; + meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; }; ${nodeName} = { deployment.targetHost = "${nodeName}.${localDomainName}"; @@ -29,8 +31,6 @@ # nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system}; - imports = [ - (repoFlake + "/nix/os/devices/${nodeName}/configuration.nix") - ]; + imports = [ (repoFlake + "/nix/os/devices/${nodeName}/configuration.nix") ]; }; } diff --git a/nix/os/devices/steveej-x13s-rmvbl/disko.nix b/nix/os/devices/steveej-x13s-rmvbl/disko.nix index e56b0d1..2eb097a 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/disko.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/disko.nix @@ -14,9 +14,7 @@ type = "filesystem"; format = "vfat"; mountpoint = "/boot"; - mountOptions = [ - "defaults" - ]; + mountOptions = [ "defaults" ]; }; }; luks = { @@ -24,7 +22,7 @@ content = { type = "luks"; name = "x13s-usb-crypt"; - extraOpenArgs = []; + extraOpenArgs = [ ]; # disable settings.keyFile if you want to use interactive password entry #passwordFile = "/tmp/secret.key"; # Interactive settings = { @@ -36,19 +34,28 @@ # additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; content = { type = "btrfs"; - extraArgs = ["-f"]; + extraArgs = [ "-f" ]; subvolumes = { "/root" = { mountpoint = "/"; - mountOptions = ["compress=zstd" "noatime"]; + mountOptions = [ + "compress=zstd" + "noatime" + ]; }; "/home" = { mountpoint = "/home"; - mountOptions = ["compress=zstd" "noatime"]; + mountOptions = [ + "compress=zstd" + "noatime" + ]; }; "/nix" = { mountpoint = "/nix"; - mountOptions = ["compress=zstd" "noatime"]; + mountOptions = [ + "compress=zstd" + "noatime" + ]; }; "/swap" = { mountpoint = "/.swapvol"; diff --git a/nix/os/devices/steveej-x13s-rmvbl/flake.nix b/nix/os/devices/steveej-x13s-rmvbl/flake.nix index bcc82bb..043907d 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/flake.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/flake.nix @@ -22,71 +22,66 @@ nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = { - self, - get-flake, - nixpkgs, - ... - }: let - system = "aarch64-linux"; - buildPlatform = "x86_64-linux"; - repoFlake = get-flake ../../../..; - in { - lib = { - mkNixosConfiguration = { - nodeName, - extraModules ? [], - ... - } @ attrs: - nixpkgs.lib.nixosSystem ( - nixpkgs.lib.attrsets.recursiveUpdate - attrs + outputs = + { + self, + get-flake, + nixpkgs, + ... + }: + let + system = "aarch64-linux"; + buildPlatform = "x86_64-linux"; + repoFlake = get-flake ../../../..; + in + { + lib = { + mkNixosConfiguration = { - specialArgs = - (import ./default.nix { - inherit system; - inherit nodeName repoFlake; + nodeName, + extraModules ? [ ], + ... + }@attrs: + nixpkgs.lib.nixosSystem ( + nixpkgs.lib.attrsets.recursiveUpdate attrs { + specialArgs = + (import ./default.nix { + inherit system; + inherit nodeName repoFlake; - nodeFlake = self; - }) - .meta - .nodeSpecialArgs - .${nodeName}; + nodeFlake = self; + }).meta.nodeSpecialArgs.${nodeName}; - modules = - [ - # repoFlake.nixosModules.hardware-x13s - ] - ++ extraModules; - } - ); - }; - - nixosConfigurations = let - nodeName = "steveej-x13s-rmvbl"; - in { - native = self.lib.mkNixosConfiguration { - inherit system nodeName; - extraModules = [ - ./configuration.nix - - { - users.commonUsers.installPassword = "install"; - } - ]; + modules = extraModules; + } + ); }; - cross = self.lib.mkNixosConfiguration { - inherit nodeName; - extraModules = [ - ./configuration.nix + nixosConfigurations = + let + nodeName = "steveej-x13s-rmvbl"; + in + { + native = self.lib.mkNixosConfiguration { + inherit system nodeName; + extraModules = [ + ./configuration.nix - { - nixpkgs.buildPlatform.system = buildPlatform; - nixpkgs.hostPlatform.system = system; - } - ]; - }; + { users.commonUsers.installPassword = "install"; } + ]; + }; + + cross = self.lib.mkNixosConfiguration { + inherit nodeName; + extraModules = [ + ./configuration.nix + + { + nixpkgs.buildPlatform.system = buildPlatform; + nixpkgs.hostPlatform.system = system; + } + ]; + }; + }; }; - }; } diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 831f1f0..21462e0 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -5,12 +5,12 @@ lib, config, nodeName, - localDomainName, system, packages', ... -}: { - nixpkgs.overlays = [nodeFlake.overlays.default]; +}: +{ + nixpkgs.overlays = [ nodeFlake.overlays.default ]; nixos-x13s = { enable = true; @@ -23,7 +23,7 @@ # printint and autodiscovery of printers services.printing.enable = true; - services.printing.drivers = [pkgs.hplip]; + services.printing.drivers = [ pkgs.hplip ]; services.avahi = { enable = true; nssmdns4 = true; @@ -57,8 +57,8 @@ echo $? ) ''; - requiredBy = ["bluetooth.service"]; - before = ["bluetooth.service"]; + requiredBy = [ "bluetooth.service" ]; + before = [ "bluetooth.service" ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; @@ -98,7 +98,7 @@ enableNonRoot = true; }; - sops.secrets.builder-private-key = {}; + sops.secrets.builder-private-key = { }; nix.distributedBuilds = true; nix.buildMachines = [ # test these with: sudo nix store ping --store 'ssh-ng://nix-remote-builder@?ssh-key=/run/secrets/builder-private-key' @@ -107,9 +107,7 @@ sshUser = "nix-remote-builder"; sshKey = config.sops.secrets.builder-private-key.path; protocol = "ssh-ng"; - systems = [ - "x86_64-linux" - ]; + systems = [ "x86_64-linux" ]; supportedFeatures = [ "big-parallel" "kvm" @@ -123,9 +121,7 @@ sshUser = "nix-remote-builder"; sshKey = config.sops.secrets.builder-private-key.path; protocol = "ssh-ng"; - systems = [ - "aarch64-linux" - ]; + systems = [ "aarch64-linux" ]; supportedFeatures = [ "big-parallel" "kvm" @@ -154,24 +150,27 @@ } # TODO: create syncthing os snippet - (let - tcp = [22000]; - udp = [ - 22000 - 21027 - ]; - in { - # TODO: upstream feature for inverse rule to work: `! --in-interface zt+` - networking.firewall.interfaces."en+".allowedTCPPorts = tcp; - networking.firewall.interfaces."en+".allowedUDPPorts = udp; - networking.firewall.interfaces."wl+".allowedTCPPorts = tcp; - networking.firewall.interfaces."wl+".allowedUDPPorts = udp; + ( + let + tcp = [ 22000 ]; + udp = [ + 22000 + 21027 + ]; + in + { + # TODO: upstream feature for inverse rule to work: `! --in-interface zt+` + networking.firewall.interfaces."en+".allowedTCPPorts = tcp; + networking.firewall.interfaces."en+".allowedUDPPorts = udp; + networking.firewall.interfaces."wl+".allowedTCPPorts = tcp; + networking.firewall.interfaces."wl+".allowedUDPPorts = udp; - networking.firewall.allowedTCPPorts = [ - # iperf3 - 5201 - ]; - }) + networking.firewall.allowedTCPPorts = [ + # iperf3 + 5201 + ]; + } + ) ../../snippets/home-manager-with-zsh.nix ../../snippets/sway-desktop.nix @@ -201,22 +200,17 @@ ]; system.stateVersion = "23.11"; - home-manager.users.root = _: { - home.stateVersion = "23.11"; - }; + home-manager.users.root = _: { home.stateVersion = "23.11"; }; home-manager.users.steveej = _: { home.stateVersion = "23.11"; - imports = [ - ../../../home-manager/configuration/graphical-fullblown.nix - ]; + imports = [ ../../../home-manager/configuration/graphical-fullblown.nix ]; - nixpkgs.overlays = [nodeFlake.overlays.default]; + nixpkgs.overlays = [ nodeFlake.overlays.default ]; - home.sessionVariables = {}; + home.sessionVariables = { }; - home.packages = with pkgs; [ - ]; + home.packages = with pkgs; [ ]; # TODO(upstream): currently unsupported on x13s services.gammastep.enable = true; @@ -228,7 +222,7 @@ loader.efi.canTouchEfiVariables = lib.mkForce false; loader.efi.efiSysMountPoint = "/boot"; - blacklistedKernelModules = ["wwan"]; + blacklistedKernelModules = [ "wwan" ]; }; hardware.firmware = lib.mkBefore [ @@ -258,9 +252,7 @@ autostart = false; }; - services.udev.packages = [ - pkgs.android-udev-rules - ]; + services.udev.packages = [ pkgs.android-udev-rules ]; programs.adb.enable = true; nix.settings.sandbox = lib.mkForce "relaxed"; diff --git a/nix/os/devices/steveej-x13s/default.nix b/nix/os/devices/steveej-x13s/default.nix index e6d8ece..bb170b2 100644 --- a/nix/os/devices/steveej-x13s/default.nix +++ b/nix/os/devices/steveej-x13s/default.nix @@ -6,21 +6,23 @@ nodeFlake, localDomainName ? "internal", ... -}: { +}: +{ meta.nodeSpecialArgs.${nodeName} = { - inherit repoFlake nodeName nodeFlake system; + inherit + repoFlake + nodeName + nodeFlake + system + ; packages' = repoFlake.packages.${system}; nodePackages' = nodeFlake.packages.${system}; - repoFlakeInputs' = repoFlakeWithSystem system ({inputs', ...}: inputs'); + repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs'); inherit localDomainName; }; - meta.nodeNixpkgs.${nodeName} = - import nodeFlake.inputs.nixpkgs.outPath - { - inherit system; - }; + meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; }; ${nodeName} = { deployment.targetHost = "${nodeName}.${localDomainName}"; @@ -29,8 +31,6 @@ # nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system}; - imports = [ - ./configuration.nix - ]; + imports = [ ./configuration.nix ]; }; } diff --git a/nix/os/devices/steveej-x13s/disko.nix b/nix/os/devices/steveej-x13s/disko.nix index 89f6dd8..40b2118 100644 --- a/nix/os/devices/steveej-x13s/disko.nix +++ b/nix/os/devices/steveej-x13s/disko.nix @@ -15,9 +15,7 @@ type = "filesystem"; format = "vfat"; mountpoint = "/boot"; - mountOptions = [ - "defaults" - ]; + mountOptions = [ "defaults" ]; }; }; luks = { @@ -25,7 +23,7 @@ content = { type = "luks"; name = "x13s-nvme-crypt"; - extraOpenArgs = []; + extraOpenArgs = [ ]; # disable settings.keyFile if you want to use interactive password entry #passwordFile = "/tmp/secret.key"; # Interactive settings = { @@ -37,19 +35,28 @@ # additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; content = { type = "btrfs"; - extraArgs = ["-f"]; + extraArgs = [ "-f" ]; subvolumes = { "/root" = { mountpoint = "/"; - mountOptions = ["compress=zstd" "noatime"]; + mountOptions = [ + "compress=zstd" + "noatime" + ]; }; "/home" = { mountpoint = "/home"; - mountOptions = ["compress=zstd" "noatime"]; + mountOptions = [ + "compress=zstd" + "noatime" + ]; }; "/nix" = { mountpoint = "/nix"; - mountOptions = ["compress=zstd" "noatime"]; + mountOptions = [ + "compress=zstd" + "noatime" + ]; }; "/swap" = { mountpoint = "/.swapvol"; diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 09b27a1..e9c58e1 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -14,16 +14,15 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - nixos-x13s.url = - "git+https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?ref=bump" - # 6.11.0 - # "git+https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?branch=remaintain&rev=6b9efe77ca80653354981c720af3c4241ac71490" - # 6.12.0-rc6 - # "git+https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?branch=remaintain&rev=bd580ee9c35fcb8a720122d5bb2f903f1b7395ee" - # "git+https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?branch=remaintain&rev=1286d20be2321a1a2d27f5d09257ebaf54ce0630" - #"/home/steveej/src/others/nixos-x13s" - # - ; + nixos-x13s.url = "git+https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?ref=bump" + # 6.11.0 + # "git+https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?branch=remaintain&rev=6b9efe77ca80653354981c720af3c4241ac71490" + # 6.12.0-rc6 + # "git+https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?branch=remaintain&rev=bd580ee9c35fcb8a720122d5bb2f903f1b7395ee" + # "git+https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?branch=remaintain&rev=1286d20be2321a1a2d27f5d09257ebaf54ce0630" + #"/home/steveej/src/others/nixos-x13s" + # + ; # nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?ref=refs/tags/2024-02-28"; # nixos-x13s.url = "path:/home/steveej/src/others/nixos-x13s"; @@ -39,127 +38,125 @@ }; }; - outputs = { - self, - get-flake, - nixpkgs, - ... - }: let - nativeSystem = "aarch64-linux"; - nodeName = "steveej-x13s"; + outputs = + { + self, + get-flake, + nixpkgs, + ... + }: + let + nativeSystem = "aarch64-linux"; + nodeName = "steveej-x13s"; - repoFlake = get-flake ../../../..; + repoFlake = get-flake ../../../..; - mkNixosConfiguration = {extraModules ? [], ...} @ attrs: - nixpkgs.lib.nixosSystem ( - nixpkgs.lib.attrsets.recursiveUpdate - attrs + mkNixosConfiguration = { - specialArgs = - (import ./default.nix { - system = nativeSystem; - inherit nodeName; + extraModules ? [ ], + ... + }@attrs: + nixpkgs.lib.nixosSystem ( + nixpkgs.lib.attrsets.recursiveUpdate attrs { + specialArgs = + (import ./default.nix { + system = nativeSystem; + inherit nodeName; - inherit repoFlake; - repoFlakeWithSystem = repoFlake.lib.withSystem; - nodeFlake = self; - }) - .meta - .nodeSpecialArgs - .${nodeName}; + inherit repoFlake; + repoFlakeWithSystem = repoFlake.lib.withSystem; + nodeFlake = self; + }).meta.nodeSpecialArgs.${nodeName}; - modules = - [ + modules = [ ./configuration.nix # flake registry - { - nix.registry.nixpkgs.flake = nixpkgs; - } - ] - ++ extraModules; - } - ); - in { - lib = { - inherit mkNixosConfiguration; - }; - - overlays.libcamera = final: previous: let - webkitgtkPreConfigure = '' - export NIX_BUILD_CORES="$((NIX_BUILD_CORES > 2 ? 2 : NIX_BUILD_CORES))" - export NUMBER_OF_PROCESSORS="$NIX_BUILD_CORES" - ''; - in { - wireplumber = previous.wireplumber.overrideAttrs (_: { - version = "git"; - src = previous.fetchFromGitLab { - domain = "gitlab.freedesktop.org"; - owner = "pipewire"; - repo = "wireplumber"; - rev = "71f868233792f10848644319dbdc97a4f147d554"; - hash = "sha256-VX3OFsBK9AbISm/XTx8p05ak+z/VcKXfUXhB9aI9ev8="; - }; - }); - - libcamera = previous.libcamera.overrideAttrs (_: { - postFixup = '' - ../src/ipa/ipa-sign-install.sh src/ipa-priv-key.pem $out/lib/libcamera/ipa_*.so - ''; - }); - - libcamera-qcam = previous.libcamera-qcam.overrideAttrs (_: { - postFixup = '' - ../src/ipa/ipa-sign-install.sh src/ipa-priv-key.pem $out/lib/libcamera/ipa_*.so - ''; - }); - - webkitgtk = previous.webkitgtk.overrideAttrs (attrs: { - preConfigure = - attrs.preConfigure + webkitgtkPreConfigure; - }); - - webkitgtk_4_1 = previous.webkitgtk_4_1.overrideAttrs (attrs: { - preConfigure = - attrs.preConfigure + webkitgtkPreConfigure; - }); - - webkitgtk_6_0 = previous.webkitgtk_6_0.overrideAttrs (attrs: { - preConfigure = - attrs.preConfigure + webkitgtkPreConfigure; - }); - }; - - overlays.default = final: previous: let - inherit (previous.stdenv) system; - pkgsUnstable = import self.inputs.nixpkgs-unstable.outPath { - inherit system; - overlays = [self.overlays.libcamera]; - }; - in { - inherit pkgsUnstable; - inherit - (pkgsUnstable) - libcamera - webkitgtk - webkitgtk_4_1 - webkitgtk_6_0 - ; - }; - - nixosConfigurations = { - native = mkNixosConfiguration { - system = nativeSystem; - }; - - cross = mkNixosConfiguration { - extraModules = [ - { - nixpkgs.buildPlatform.system = "x86_64-linux"; - nixpkgs.hostPlatform.system = nativeSystem; + { nix.registry.nixpkgs.flake = nixpkgs; } + ] ++ extraModules; } - ]; + ); + in + { + lib = { + inherit mkNixosConfiguration; + }; + + overlays.libcamera = + _final: previous: + let + webkitgtkPreConfigure = '' + export NIX_BUILD_CORES="$((NIX_BUILD_CORES > 2 ? 2 : NIX_BUILD_CORES))" + export NUMBER_OF_PROCESSORS="$NIX_BUILD_CORES" + ''; + in + { + wireplumber = previous.wireplumber.overrideAttrs (_: { + version = "git"; + src = previous.fetchFromGitLab { + domain = "gitlab.freedesktop.org"; + owner = "pipewire"; + repo = "wireplumber"; + rev = "71f868233792f10848644319dbdc97a4f147d554"; + hash = "sha256-VX3OFsBK9AbISm/XTx8p05ak+z/VcKXfUXhB9aI9ev8="; + }; + }); + + libcamera = previous.libcamera.overrideAttrs (_: { + postFixup = '' + ../src/ipa/ipa-sign-install.sh src/ipa-priv-key.pem $out/lib/libcamera/ipa_*.so + ''; + }); + + libcamera-qcam = previous.libcamera-qcam.overrideAttrs (_: { + postFixup = '' + ../src/ipa/ipa-sign-install.sh src/ipa-priv-key.pem $out/lib/libcamera/ipa_*.so + ''; + }); + + webkitgtk = previous.webkitgtk.overrideAttrs (attrs: { + preConfigure = attrs.preConfigure + webkitgtkPreConfigure; + }); + + webkitgtk_4_1 = previous.webkitgtk_4_1.overrideAttrs (attrs: { + preConfigure = attrs.preConfigure + webkitgtkPreConfigure; + }); + + webkitgtk_6_0 = previous.webkitgtk_6_0.overrideAttrs (attrs: { + preConfigure = attrs.preConfigure + webkitgtkPreConfigure; + }); + }; + + overlays.default = + _final: previous: + let + inherit (previous.stdenv) system; + pkgsUnstable = import self.inputs.nixpkgs-unstable.outPath { + inherit system; + overlays = [ self.overlays.libcamera ]; + }; + in + { + inherit pkgsUnstable; + inherit (pkgsUnstable) + libcamera + webkitgtk + webkitgtk_4_1 + webkitgtk_6_0 + ; + }; + + nixosConfigurations = { + native = mkNixosConfiguration { system = nativeSystem; }; + + cross = mkNixosConfiguration { + extraModules = [ + { + nixpkgs.buildPlatform.system = "x86_64-linux"; + nixpkgs.hostPlatform.system = nativeSystem; + } + ]; + }; }; }; - }; } diff --git a/nix/os/devices/vmd102066.contaboserver.net/boot.nix b/nix/os/devices/vmd102066.contaboserver.net/boot.nix index 5713789..ed21f9c 100644 --- a/nix/os/devices/vmd102066.contaboserver.net/boot.nix +++ b/nix/os/devices/vmd102066.contaboserver.net/boot.nix @@ -1,4 +1,5 @@ -{lib, ...}: { +{ lib, ... }: +{ boot.loader.grub.efiSupport = lib.mkForce false; - boot.extraModulePackages = []; + boot.extraModulePackages = [ ]; } diff --git a/nix/os/devices/vmd102066.contaboserver.net/configuration.nix b/nix/os/devices/vmd102066.contaboserver.net/configuration.nix index 28a63fb..b29548c 100644 --- a/nix/os/devices/vmd102066.contaboserver.net/configuration.nix +++ b/nix/os/devices/vmd102066.contaboserver.net/configuration.nix @@ -1,5 +1,6 @@ -{...}: { - disabledModules = []; +{ ... }: +{ + disabledModules = [ ]; imports = [ ../../profiles/common/configuration.nix ../../modules/opinionatedDisk.nix diff --git a/nix/os/devices/vmd102066.contaboserver.net/default.nix b/nix/os/devices/vmd102066.contaboserver.net/default.nix index db025f1..958331e 100644 --- a/nix/os/devices/vmd102066.contaboserver.net/default.nix +++ b/nix/os/devices/vmd102066.contaboserver.net/default.nix @@ -1,17 +1,17 @@ -{repoFlake, ...}: let +{ repoFlake, ... }: +let nodeName = "vmd102066.contaboserver.net"; system = "x86_64-linux"; nodeFlake = repoFlake.inputs.get-flake ./.; -in { +in +{ meta.nodeSpecialArgs.${nodeName} = { inherit nodeName nodeFlake; packages' = repoFlake.packages.${system}; }; - meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { - inherit system; - }; + meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; }; ${nodeName} = { deployment.targetHost = nodeName; diff --git a/nix/os/devices/vmd102066.contaboserver.net/flake.nix b/nix/os/devices/vmd102066.contaboserver.net/flake.nix index d432f24..0547466 100644 --- a/nix/os/devices/vmd102066.contaboserver.net/flake.nix +++ b/nix/os/devices/vmd102066.contaboserver.net/flake.nix @@ -8,5 +8,5 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = _: {}; + outputs = _: { }; } diff --git a/nix/os/devices/vmd102066.contaboserver.net/hw.nix b/nix/os/devices/vmd102066.contaboserver.net/hw.nix index e09b10e..392bb1b 100644 --- a/nix/os/devices/vmd102066.contaboserver.net/hw.nix +++ b/nix/os/devices/vmd102066.contaboserver.net/hw.nix @@ -1,4 +1,5 @@ -{...}: let +_: +let stage1Modules = [ "aesni_intel" "kvm-intel" @@ -11,7 +12,8 @@ "virtio" "scsi_mod" ]; -in { +in +{ # TASK: new device hardware.opinionatedDisk = { enable = true; diff --git a/nix/os/devices/vmd102066.contaboserver.net/pkg.nix b/nix/os/devices/vmd102066.contaboserver.net/pkg.nix index 96cfc55..2857a30 100644 --- a/nix/os/devices/vmd102066.contaboserver.net/pkg.nix +++ b/nix/os/devices/vmd102066.contaboserver.net/pkg.nix @@ -1,9 +1,5 @@ +{ config, pkgs, ... }: { - config, - pkgs, - lib, - ... -}: { home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; }; @@ -12,7 +8,12 @@ { hostName = "localhost"; system = "x86_64-linux"; - supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"]; + supportedFeatures = [ + "kvm" + "nixos-test" + "big-parallel" + "benchmark" + ]; maxJobs = 4; } ]; @@ -22,7 +23,7 @@ hydraURL = "http://localhost:3000"; # externally visible URL notificationSender = "hydra@${config.networking.hostName}.stefanjunker.de"; # e-mail of hydra service # a standalone hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines - buildMachinesFiles = []; + buildMachinesFiles = [ ]; # you will probably also want, otherwise *everything* will be built from scratch useSubstitutes = true; }; @@ -30,7 +31,13 @@ services.gitlab-runner = { enable = false; - extraPackages = with pkgs; [bash gitlab-runner nix gitFull git-crypt]; + extraPackages = with pkgs; [ + bash + gitlab-runner + nix + gitFull + git-crypt + ]; concurrent = 2; checkInterval = 0; @@ -39,7 +46,7 @@ executor = "shell"; runUntagged = true; registrationConfigFile = "/etc/secrets/gitlab-runner/nix-runner.registration"; - tagList = ["nix"]; + tagList = [ "nix" ]; }; }; }; diff --git a/nix/os/devices/vmd102066.contaboserver.net/system.nix b/nix/os/devices/vmd102066.contaboserver.net/system.nix index 45c6b0c..cebed6a 100644 --- a/nix/os/devices/vmd102066.contaboserver.net/system.nix +++ b/nix/os/devices/vmd102066.contaboserver.net/system.nix @@ -1,13 +1,9 @@ -{ - pkgs, - lib, - config, - nodeName, - ... -}: let +{ pkgs, config, ... }: +let keys = import ../../../variables/keys.nix; passwords = import ../../../variables/passwords.crypt.nix; -in { +in +{ networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ # iperf3 @@ -37,7 +33,7 @@ in { networking.nat = { enable = true; - internalInterfaces = ["ve-+"]; + internalInterfaces = [ "ve-+" ]; externalInterface = "eth0"; }; @@ -45,7 +41,9 @@ in { # services.kubernetes.roles = ["master" "node"]; # virtualization - virtualisation = {docker.enable = true;}; + virtualisation = { + docker.enable = true; + }; services.spice-vdagentd.enable = true; services.qemuGuest.enable = true; @@ -53,7 +51,7 @@ in { systemd.services."sshd-status" = { enable = true; description = "sshd-status service"; - path = [pkgs.systemd]; + path = [ pkgs.systemd ]; script = '' systemctl status sshd | grep -i tasks ''; @@ -73,11 +71,13 @@ in { # }; # }; - nix.gc = {automatic = true;}; + nix.gc = { + automatic = true; + }; boot.initrd.network = { enable = true; - udhcpc.extraArgs = ["-x hostname:${config.networking.hostName}"]; + udhcpc.extraArgs = [ "-x hostname:${config.networking.hostName}" ]; ssh = { enable = true; @@ -104,7 +104,12 @@ in { inherit config; hostAddress = "192.168.100.16"; localAddress = "192.168.100.17"; - subvolumes = ["mailserver" "webserver" "backup" "syncthing"]; + subvolumes = [ + "mailserver" + "webserver" + "backup" + "syncthing" + ]; }; bkpTarget = import ../../containers/backup-target.nix { diff --git a/nix/os/lib/default.nix b/nix/os/lib/default.nix index 03bf5e7..b4f4dcc 100644 --- a/nix/os/lib/default.nix +++ b/nix/os/lib/default.nix @@ -1,10 +1,10 @@ -{ - lib, - config, -}: let +{ lib, config }: +let keys = import ../../variables/keys.nix; -in { - mkUser = args: +in +{ + mkUser = + args: lib.mkMerge [ { isNormalUser = true; @@ -45,7 +45,7 @@ in { # LVM doesn't allow most characters in VG names # TODO: replace this with a whitelist for: [a-zA-Z0-9.-_+] - volumeGroup = diskId: builtins.replaceStrings [":"] [""] diskId; + volumeGroup = diskId: builtins.replaceStrings [ ":" ] [ "" ] diskId; # This is important at install-time bootGrubDevice = diskId: "/dev/disk/by-id/" + diskId; @@ -56,15 +56,10 @@ in { # Cannot use the disk ID here because might be different at install vs. runtime. # Example: MMC card which is used in the internal reader vs. USB reader - bootFsDevice = diskId: - "/dev/disk/by-partlabel/" + (shortenGptPartlabel ("2-" + diskId)); - bootLuksDevice = diskId: - "/dev/disk/by-partlabel/" + (shortenGptPartlabel ("3-" + diskId)); + bootFsDevice = diskId: "/dev/disk/by-partlabel/" + (shortenGptPartlabel ("2-" + diskId)); + bootLuksDevice = diskId: "/dev/disk/by-partlabel/" + (shortenGptPartlabel ("3-" + diskId)); luksName = diskId: (volumeGroup diskId) + "pv"; luksPhysicalVolume = diskId: "/dev/mapper/" + (luksName diskId); - lvmPv = diskId: encrypted: - if encrypted == true - then luksPhysicalVolume diskId - else bootLuksDevice diskId; + lvmPv = diskId: encrypted: if encrypted then luksPhysicalVolume diskId else bootLuksDevice diskId; }; } diff --git a/nix/os/modules/ddclient-hetzner.nix b/nix/os/modules/ddclient-hetzner.nix index 893620a..622ae62 100644 --- a/nix/os/modules/ddclient-hetzner.nix +++ b/nix/os/modules/ddclient-hetzner.nix @@ -1,14 +1,9 @@ +{ lib, ... }: { - lib, - config, - ... -}: let - cfg = config.services.ddclient-hetzner; -in { options.services.ddclient-hetzner = with lib; { enable = mkEnableOption "Enable ddclient-hetzner"; - zone = mkOption {type = types.str;}; - domains = mkOption {type = types.listOf types.str;}; - passwordFile = mkOption {type = types.path;}; + zone = mkOption { type = types.str; }; + domains = mkOption { type = types.listOf types.str; }; + passwordFile = mkOption { type = types.path; }; }; } diff --git a/nix/os/modules/ddclient-ovh.nix b/nix/os/modules/ddclient-ovh.nix index 9b0321d..150d688 100644 --- a/nix/os/modules/ddclient-ovh.nix +++ b/nix/os/modules/ddclient-ovh.nix @@ -1,12 +1,7 @@ +{ lib, ... }: { - lib, - config, - ... -}: let - cfg = config.services.ddclientovh; -in { options.services.ddclientovh = with lib; { enable = mkEnableOption "Enable ddclient-ovh"; - domain = mkOption {type = types.str;}; + domain = mkOption { type = types.str; }; }; } diff --git a/nix/os/modules/initrd-network.nix b/nix/os/modules/initrd-network.nix index e517d62..4ca89cf 100644 --- a/nix/os/modules/initrd-network.nix +++ b/nix/os/modules/initrd-network.nix @@ -4,7 +4,8 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.boot.initrd.network; udhcpcScript = pkgs.writeScript "udhcp-script" '' @@ -25,7 +26,8 @@ with lib; let ''; udhcpcArgs = toString cfg.udhcpc.extraArgs; -in { +in +{ options = { boot.initrd.network.enable = mkOption { type = types.bool; @@ -46,7 +48,7 @@ in { }; boot.initrd.network.udhcpc.extraArgs = mkOption { - default = []; + default = [ ]; type = types.listOf types.str; description = '' Additional command-line arguments passed verbatim to udhcpc if @@ -74,9 +76,9 @@ in { }; config = mkIf cfg.enable { - warnings = ["Enabled SSH for stage1"]; + warnings = [ "Enabled SSH for stage1" ]; - boot.initrd.kernelModules = ["af_packet"]; + boot.initrd.kernelModules = [ "af_packet" ]; boot.initrd.extraUtilsCommands = '' copy_bin_and_libs ${pkgs.mkinitcpio-nfs-utils}/bin/ipconfig diff --git a/nix/os/modules/natrouter.nix b/nix/os/modules/natrouter.nix index 62af2a8..d853c28 100644 --- a/nix/os/modules/natrouter.nix +++ b/nix/os/modules/natrouter.nix @@ -1,9 +1,6 @@ +{ lib, ... }: +with lib; { - lib, - config, - ... -}: -with lib; { # TODO # Provide a NAT/DHCP Router # diff --git a/nix/os/modules/opinionatedDisk.nix b/nix/os/modules/opinionatedDisk.nix index dbe449b..db2bbbf 100644 --- a/nix/os/modules/opinionatedDisk.nix +++ b/nix/os/modules/opinionatedDisk.nix @@ -4,18 +4,17 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.hardware.opinionatedDisk; - ownLib = pkgs.callPackage ../lib/default.nix {}; + ownLib = pkgs.callPackage ../lib/default.nix { }; - earlyDiskId = cfg: - if cfg.earlyDiskIdOverride != "" - then cfg.earlyDiskIdOverride - else cfg.diskId; -in { + earlyDiskId = cfg: if cfg.earlyDiskIdOverride != "" then cfg.earlyDiskIdOverride else cfg.diskId; +in +{ options.hardware.opinionatedDisk = { enable = mkEnableOption "Enable opinionated filesystem layout"; - diskId = mkOption {type = types.str;}; + diskId = mkOption { type = types.str; }; encrypted = mkOption { default = true; type = types.bool; @@ -36,31 +35,30 @@ in { fileSystems."/" = { device = ownLib.disk.rootFsDevice cfg.diskId; fsType = "btrfs"; - options = ["subvol=nixos"]; + options = [ "subvol=nixos" ]; }; fileSystems."/home" = { device = ownLib.disk.rootFsDevice cfg.diskId; fsType = "btrfs"; - options = ["subvol=home"]; + options = [ "subvol=home" ]; }; - swapDevices = [{device = ownLib.disk.swapFsDevice cfg.diskId;}]; + swapDevices = [ { device = ownLib.disk.swapFsDevice cfg.diskId; } ]; boot.loader.grub = { device = ownLib.disk.bootGrubDevice (earlyDiskId cfg); enableCryptodisk = cfg.encrypted; }; - boot.initrd.luks.devices = - lib.optionalAttrs cfg.encrypted - (builtins.listToAttrs [ + boot.initrd.luks.devices = lib.optionalAttrs cfg.encrypted ( + builtins.listToAttrs [ { - name = let - splitstring = - builtins.split "/" (ownLib.disk.bootLuksDevice cfg.diskId); - lastelem = (builtins.length splitstring) - 1; - in + name = + let + splitstring = builtins.split "/" (ownLib.disk.bootLuksDevice cfg.diskId); + lastelem = (builtins.length splitstring) - 1; + in builtins.elemAt splitstring lastelem; value = { device = ownLib.disk.bootLuksDevice cfg.diskId; @@ -69,6 +67,7 @@ in { allowDiscards = true; }; } - ]); + ] + ); }; } diff --git a/nix/os/profiles/common/configuration.nix b/nix/os/profiles/common/configuration.nix index 7c1f786..61b4cb8 100644 --- a/nix/os/profiles/common/configuration.nix +++ b/nix/os/profiles/common/configuration.nix @@ -2,11 +2,9 @@ config, pkgs, repoFlake, - nodeFlake, - repoFlakeInputs', - packages', ... -}: { +}: +{ imports = [ repoFlake.inputs.sops-nix.nixosModules.sops @@ -30,7 +28,10 @@ boot.tmp.useTmpfs = true; # Workaround for nm-pptp to enforce module load - boot.kernelModules = ["nf_conntrack_proto_gre" "nf_conntrack_pptp"]; + boot.kernelModules = [ + "nf_conntrack_proto_gre" + "nf_conntrack_pptp" + ]; nixpkgs.config = { allowBroken = false; diff --git a/nix/os/profiles/common/hw.nix b/nix/os/profiles/common/hw.nix index 80bdc31..4d6eb74 100644 --- a/nix/os/profiles/common/hw.nix +++ b/nix/os/profiles/common/hw.nix @@ -1,5 +1,12 @@ -{...}: { +_: { hardware.trackpoint.emulateWheel = true; - boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" "cryptd"]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "usb_storage" + "sd_mod" + "rtsx_pci_sdmmc" + "cryptd" + ]; } diff --git a/nix/os/profiles/common/system.nix b/nix/os/profiles/common/system.nix index f576a28..edf8717 100644 --- a/nix/os/profiles/common/system.nix +++ b/nix/os/profiles/common/system.nix @@ -1,10 +1,5 @@ +{ pkgs, nodeName, ... }: { - config, - pkgs, - lib, - nodeName, - ... -}: { networking.hostName = builtins.elemAt (builtins.split "\\." nodeName) 0; # Define your hostname. networking.domain = builtins.elemAt (builtins.split "(^[^\\.]+\.)" nodeName) 2; @@ -15,11 +10,13 @@ ''; # Fonts, I18N, Date ... - fonts.packages = [pkgs.corefonts]; + fonts.packages = [ pkgs.corefonts ]; console.font = "lat9w-16"; - i18n = {defaultLocale = "en_US.UTF-8";}; + i18n = { + defaultLocale = "en_US.UTF-8"; + }; time.timeZone = "Etc/UTC"; services.gpm.enable = true; diff --git a/nix/os/profiles/common/user.nix b/nix/os/profiles/common/user.nix index 27b7427..6c799c9 100644 --- a/nix/os/profiles/common/user.nix +++ b/nix/os/profiles/common/user.nix @@ -3,7 +3,8 @@ pkgs, lib, ... -}: let +}: +let keys = import ../../../variables/keys.nix; inherit (import ../../lib/default.nix { @@ -16,7 +17,8 @@ inherit (lib) types; cfg = config.users.commonUsers; -in { +in +{ options.users.commonUsers = { enable = lib.mkOption { default = true; @@ -39,57 +41,53 @@ in { type = types.str; }; }; - config = lib.mkIf cfg.enable (lib.mkMerge [ - (lib.mkIf (cfg.installPassword == "") { - sops.secrets.sharedUsers-root = { - sopsFile = ../../../../secrets/shared-users.yaml; - neededForUsers = true; - format = "yaml"; - }; + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + (lib.mkIf (cfg.installPassword == "") { + sops.secrets.sharedUsers-root = { + sopsFile = ../../../../secrets/shared-users.yaml; + neededForUsers = true; + format = "yaml"; + }; - sops.secrets.sharedUsers-steveej = lib.mkIf cfg.enableNonRoot { - sopsFile = ../../../../secrets/shared-users.yaml; - neededForUsers = true; - format = "yaml"; - }; + sops.secrets.sharedUsers-steveej = lib.mkIf cfg.enableNonRoot { + sopsFile = ../../../../secrets/shared-users.yaml; + neededForUsers = true; + format = "yaml"; + }; - sops.secrets.sharedSshKeys-steveej = lib.mkIf cfg.enableNonRoot { - sopsFile = ../../../../secrets/shared-users.yaml; - # neededForUsers = true; - format = "yaml"; - }; - }) + sops.secrets.sharedSshKeys-steveej = lib.mkIf cfg.enableNonRoot { + sopsFile = ../../../../secrets/shared-users.yaml; + # neededForUsers = true; + format = "yaml"; + }; + }) - { - users.mutableUsers = cfg.installPassword != ""; + { + users.mutableUsers = cfg.installPassword != ""; - users.users.root = lib.mkMerge [ - { - openssh.authorizedKeys.keys = keys.users.steveej.openssh; - } + users.users.root = lib.mkMerge [ + { openssh.authorizedKeys.keys = keys.users.steveej.openssh; } - (lib.mkIf (cfg.installPassword != "") { - password = cfg.installPassword; - }) + (lib.mkIf (cfg.installPassword != "") { password = cfg.installPassword; }) - (lib.mkIf (cfg.installPassword == "") { - hashedPasswordFile = cfg.rootPasswordFile; - }) - ]; + (lib.mkIf (cfg.installPassword == "") { hashedPasswordFile = cfg.rootPasswordFile; }) + ]; - users.users.steveej = lib.mkIf cfg.enableNonRoot (mkUser (lib.mkMerge [ - { - uid = 1000; - } + users.users.steveej = lib.mkIf cfg.enableNonRoot ( + mkUser ( + lib.mkMerge [ + { uid = 1000; } - (lib.mkIf (cfg.installPassword != "") { - password = cfg.installPassword; - }) + (lib.mkIf (cfg.installPassword != "") { password = cfg.installPassword; }) - (lib.mkIf (cfg.installPassword == "") { - hashedPasswordFile = config.sops.secrets.sharedUsers-steveej.path; - }) - ])); - } - ]); + (lib.mkIf (cfg.installPassword == "") { + hashedPasswordFile = config.sops.secrets.sharedUsers-steveej.path; + }) + ] + ) + ); + } + ] + ); } diff --git a/nix/os/profiles/containers/configuration.nix b/nix/os/profiles/containers/configuration.nix index 28ebb64..40fd3f4 100644 --- a/nix/os/profiles/containers/configuration.nix +++ b/nix/os/profiles/containers/configuration.nix @@ -3,26 +3,23 @@ pkgs, lib, ... -}: { +}: +{ networking.useHostResolvConf = false; networking.firewall.enable = true; networking.nftables.enable = true; networking.nftables.flushRuleset = true; - networking.nameservers = lib.mkForce [hostAddress]; + networking.nameservers = lib.mkForce [ hostAddress ]; - environment.systemPackages = [ - pkgs.dnsutils - ]; + environment.systemPackages = [ pkgs.dnsutils ]; imports = [ { # keep DNS set up to a minimum: only query the container host services.resolved.enable = lib.mkForce false; - networking.nameservers = [ - hostAddress - ]; + networking.nameservers = [ hostAddress ]; } ../../snippets/nix-settings.nix # ../../modules/ddclient-ovh.nix diff --git a/nix/os/profiles/graphical-gnome-xorg.nix b/nix/os/profiles/graphical-gnome-xorg.nix index bfd4036..a13dd07 100644 --- a/nix/os/profiles/graphical-gnome-xorg.nix +++ b/nix/os/profiles/graphical-gnome-xorg.nix @@ -1,8 +1,5 @@ +{ pkgs, lib, ... }: { - pkgs, - lib, - ... -}: { services.xserver = { enable = true; libinput.enable = true; @@ -98,8 +95,11 @@ support32Bit = true; }; - services.dbus.packages = with pkgs; [dconf]; + services.dbus.packages = with pkgs; [ dconf ]; # More Services - environment.systemPackages = [pkgs.gnome.adwaita-icon-theme pkgs.gnomeExtensions.appindicator]; + environment.systemPackages = [ + pkgs.gnome.adwaita-icon-theme + pkgs.gnomeExtensions.appindicator + ]; } diff --git a/nix/os/profiles/graphical/boot.nix b/nix/os/profiles/graphical/boot.nix index 91b4ae9..4bf6ca4 100644 --- a/nix/os/profiles/graphical/boot.nix +++ b/nix/os/profiles/graphical/boot.nix @@ -1,5 +1,4 @@ -{config, ...}: { - boot.extraModulePackages = [ - config.boot.kernelPackages.v4l2loopback - ]; +{ config, ... }: +{ + boot.extraModulePackages = [ config.boot.kernelPackages.v4l2loopback ]; } diff --git a/nix/os/profiles/graphical/configuration.nix b/nix/os/profiles/graphical/configuration.nix index b9cf53e..477a93d 100644 --- a/nix/os/profiles/graphical/configuration.nix +++ b/nix/os/profiles/graphical/configuration.nix @@ -1,3 +1,8 @@ -{pkgs, ...}: { - imports = [./boot.nix ./system.nix ./hw.nix]; +{ ... }: +{ + imports = [ + ./boot.nix + ./system.nix + ./hw.nix + ]; } diff --git a/nix/os/profiles/graphical/hw.nix b/nix/os/profiles/graphical/hw.nix index abb1e68..821f5bf 100644 --- a/nix/os/profiles/graphical/hw.nix +++ b/nix/os/profiles/graphical/hw.nix @@ -1,3 +1 @@ -{...}: { - hardware.enableAllFirmware = true; -} +_: { hardware.enableAllFirmware = true; } diff --git a/nix/os/profiles/graphical/system.nix b/nix/os/profiles/graphical/system.nix index ce49500..42eccfb 100644 --- a/nix/os/profiles/graphical/system.nix +++ b/nix/os/profiles/graphical/system.nix @@ -1,11 +1,6 @@ +{ pkgs, ... }: { - pkgs, - lib, - ... -}: { - imports = [ - ../../snippets/bluetooth.nix - ]; + imports = [ ../../snippets/bluetooth.nix ]; networking.networkmanager = { enable = true; @@ -26,7 +21,11 @@ services.pcscd.enable = true; hardware.opengl.enable = true; - services.udev.packages = [pkgs.libu2f-host pkgs.yubikey-personalization pkgs.android-udev-rules]; + services.udev.packages = [ + pkgs.libu2f-host + pkgs.yubikey-personalization + pkgs.android-udev-rules + ]; services.udev.extraRules = '' # OnePlusOne ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess" @@ -53,6 +52,9 @@ services.printing = { enable = true; - drivers = with pkgs; [mfcl3770cdwlpr mfcl3770cdwcupswrapper]; + drivers = with pkgs; [ + mfcl3770cdwlpr + mfcl3770cdwcupswrapper + ]; }; } diff --git a/nix/os/profiles/install-medium/iso/iso.nix b/nix/os/profiles/install-medium/iso/iso.nix index 394aece..a32f3f6 100644 --- a/nix/os/profiles/install-medium/iso/iso.nix +++ b/nix/os/profiles/install-medium/iso/iso.nix @@ -5,25 +5,26 @@ pkgs, lib, ... -}: let +}: +let nixos-init-script = '' #!${pkgs.stdenv.shell} export HOME=/root export PATH=${ - pkgs.lib.makeBinPath [ - config.nix.package - pkgs.systemd - pkgs.gnugrep - pkgs.gnused - config.system.build.nixos-rebuild - config.system.build.nixos-install - pkgs.utillinux - pkgs.e2fsprogs - pkgs.coreutils - pkgs.hdparm - ] - }:$PATH + pkgs.lib.makeBinPath [ + config.nix.package + pkgs.systemd + pkgs.gnugrep + pkgs.gnused + config.system.build.nixos-rebuild + config.system.build.nixos-install + pkgs.utillinux + pkgs.e2fsprogs + pkgs.coreutils + pkgs.hdparm + ] + }:$PATH export NIX_PATH=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels set -xe @@ -61,7 +62,8 @@ nixos-install reboot ''; -in { +in +{ imports = [ @@ -70,13 +72,11 @@ in { # ]; - isoImage.isoName = - lib.mkForce - "${config.isoImage.isoBaseName}-${pkgs.stdenv.hostPlatform.system}.iso"; + isoImage.isoName = lib.mkForce "${config.isoImage.isoBaseName}-${pkgs.stdenv.hostPlatform.system}.iso"; boot.loader.timeout = lib.mkForce 0; boot.postBootCommands = ""; - environment.systemPackages = []; + environment.systemPackages = [ ]; users.users.root = { openssh.authorizedKeys.keys = [ @@ -85,18 +85,18 @@ in { }; services.gpm.enable = true; - systemd.services.sshd.wantedBy = lib.mkForce ["multi-user.target"]; + systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ]; systemd.services.nixos-init = { script = nixos-init-script; - path = with pkgs; []; + path = with pkgs; [ ]; description = "Initialize /dev/vda from configuration.nix found at /dev/vdb"; enable = true; - wantedBy = ["multi-user.target"]; - after = ["multi-user.target"]; - requires = ["network-online.target"]; + wantedBy = [ "multi-user.target" ]; + after = [ "multi-user.target" ]; + requires = [ "network-online.target" ]; restartIfChanged = false; unitConfig.X-StopOnRemoval = false; diff --git a/nix/os/profiles/removable-medium/boot.nix b/nix/os/profiles/removable-medium/boot.nix index e0938bd..17a1dba 100644 --- a/nix/os/profiles/removable-medium/boot.nix +++ b/nix/os/profiles/removable-medium/boot.nix @@ -1,5 +1,6 @@ -{lib, ...}: { +{ lib, ... }: +{ boot.loader.grub.efiInstallAsRemovable = lib.mkForce true; boot.loader.efi.canTouchEfiVariables = lib.mkForce false; - boot.extraModulePackages = []; + boot.extraModulePackages = [ ]; } diff --git a/nix/os/profiles/removable-medium/configuration.nix b/nix/os/profiles/removable-medium/configuration.nix index 95ca049..ad7def0 100644 --- a/nix/os/profiles/removable-medium/configuration.nix +++ b/nix/os/profiles/removable-medium/configuration.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ imports = [ ../../modules/opinionatedDisk.nix diff --git a/nix/os/profiles/removable-medium/hw.nix b/nix/os/profiles/removable-medium/hw.nix index 17c16b0..0f7cbec 100644 --- a/nix/os/profiles/removable-medium/hw.nix +++ b/nix/os/profiles/removable-medium/hw.nix @@ -1,4 +1,4 @@ -{...}: { +_: { hardware.opinionatedDisk.enable = true; hardware.enableAllFirmware = true; } diff --git a/nix/os/profiles/removable-medium/pkg.nix b/nix/os/profiles/removable-medium/pkg.nix index 5a54115..d27081f 100644 --- a/nix/os/profiles/removable-medium/pkg.nix +++ b/nix/os/profiles/removable-medium/pkg.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ home-manager.users.steveej = import ../../../home-manager/configuration/graphical-removable.nix { inherit pkgs; }; diff --git a/nix/os/profiles/removable-medium/system.nix b/nix/os/profiles/removable-medium/system.nix index 7586a85..243edf7 100644 --- a/nix/os/profiles/removable-medium/system.nix +++ b/nix/os/profiles/removable-medium/system.nix @@ -1,13 +1,9 @@ -{ - config, - lib, - pkgs, - ... -}: let -in { +_: { services.illum.enable = true; - services.printing = {enable = false;}; + services.printing = { + enable = false; + }; services.spice-vdagentd.enable = true; services.qemuGuest.enable = true; diff --git a/nix/os/snippets/bluetooth.nix b/nix/os/snippets/bluetooth.nix index a4cfeca..090217e 100644 --- a/nix/os/snippets/bluetooth.nix +++ b/nix/os/snippets/bluetooth.nix @@ -1,10 +1,7 @@ +{ pkgs, ... }: { - pkgs, - lib, - ... -}: { # required for running blueman-applet in user sessions - services.dbus.packages = with pkgs; [blueman]; + services.dbus.packages = with pkgs; [ blueman ]; hardware.bluetooth.enable = true; services.blueman.enable = true; } diff --git a/nix/os/snippets/holo-zerotier.nix b/nix/os/snippets/holo-zerotier.nix index 8ea2be5..4371b78 100644 --- a/nix/os/snippets/holo-zerotier.nix +++ b/nix/os/snippets/holo-zerotier.nix @@ -1,48 +1,48 @@ -{ - config, - lib, - ... -}: let +{ config, lib, ... }: +let cfg = config.steveej.holo-zerotier; -in { +in +{ options.steveej.holo-zerotier = { enable = lib.mkEnableOption "Enable holo-zerotier"; - autostart = lib.mkOption {default = false;}; + autostart = lib.mkOption { default = false; }; }; config = { - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) ["zerotierone"]; + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "zerotierone" ]; services.zerotierone = { - enable = cfg.enable; + inherit (cfg) enable; joinNetworks = [ # moved to the service below as it's now secret ]; }; - systemd.services.zerotierone.wantedBy = lib.mkIf (!cfg.autostart) (lib.mkForce []); + systemd.services.zerotierone.wantedBy = lib.mkIf (!cfg.autostart) (lib.mkForce [ ]); systemd.services.zerotieroneSecretNetworks = { - enable = cfg.enable; - requiredBy = ["zerotierone.service"]; - partOf = ["zerotierone.service"]; + inherit (cfg) enable; + requiredBy = [ "zerotierone.service" ]; + partOf = [ "zerotierone.service" ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; - script = let - secret = config.sops.secrets.zerotieroneNetworks; - in '' - # include the secret's hash to trigger a restart on change - # ${builtins.hashString "sha256" (builtins.toJSON secret)} + script = + let + secret = config.sops.secrets.zerotieroneNetworks; + in + '' + # include the secret's hash to trigger a restart on change + # ${builtins.hashString "sha256" (builtins.toJSON secret)} - ${config.systemd.services.zerotierone.preStart} + ${config.systemd.services.zerotierone.preStart} - rm -rf /var/lib/zerotier-one/networks.d/*.conf - for network in `grep -v '#' ${secret.path}`; do - touch /var/lib/zerotier-one/networks.d/''${network}.conf - done - ''; + rm -rf /var/lib/zerotier-one/networks.d/*.conf + for network in `grep -v '#' ${secret.path}`; do + touch /var/lib/zerotier-one/networks.d/''${network}.conf + done + ''; }; sops.secrets.zerotieroneNetworks = { diff --git a/nix/os/snippets/home-manager-with-zsh.nix b/nix/os/snippets/home-manager-with-zsh.nix index 266a125..47ddd8a 100644 --- a/nix/os/snippets/home-manager-with-zsh.nix +++ b/nix/os/snippets/home-manager-with-zsh.nix @@ -4,9 +4,9 @@ repoFlakeInputs', packages', pkgs, - lib, ... -}: let +}: +let # TODO: make this configurable homeUser = "steveej"; commonHomeImports = [ @@ -14,10 +14,9 @@ ../../home-manager/programs/neovim.nix ../../home-manager/programs/zsh.nix ]; -in { - imports = [ - nodeFlake.inputs.home-manager.nixosModules.home-manager - ]; +in +{ + imports = [ nodeFlake.inputs.home-manager.nixosModules.home-manager ]; # TODO: investigate an issue with the "name" arg contained here, which causes problems with home-manager # home-manager.extraSpecialArgs = specialArgs; @@ -34,15 +33,11 @@ in { home-manager.useGlobalPkgs = false; home-manager.useUserPackages = true; - home-manager.users.root = _: { - imports = commonHomeImports; - }; + home-manager.users.root = _: { imports = commonHomeImports; }; - home-manager.users."${homeUser}" = _: { - imports = commonHomeImports; - }; + home-manager.users."${homeUser}" = _: { imports = commonHomeImports; }; programs.zsh.enable = true; users.defaultUserShell = pkgs.zsh; - environment.pathsToLink = ["/share/zsh"]; + environment.pathsToLink = [ "/share/zsh" ]; } diff --git a/nix/os/snippets/k3s-w-nix-snapshotter.nix b/nix/os/snippets/k3s-w-nix-snapshotter.nix index d6f1279..1774650 100644 --- a/nix/os/snippets/k3s-w-nix-snapshotter.nix +++ b/nix/os/snippets/k3s-w-nix-snapshotter.nix @@ -1,18 +1,18 @@ # experiment with k3s, nix-snapshotter, and nixos images { nodeFlake, - nodeFlakeInputs', pkgs, lib, system, config, ... -}: let +}: +let cfg = config.steveej.k3s; - # TODO: make this configurable - homeUser = "steveej"; -in { +in +# TODO: make this configurable +{ options.steveej.k3s = { enable = lib.mkOption { description = "steveej's k3s distro"; @@ -22,13 +22,11 @@ in { }; # (1) Import nixos module. - imports = [ - nodeFlake.inputs.nix-snapshotter.nixosModules.default - ]; + imports = [ nodeFlake.inputs.nix-snapshotter.nixosModules.default ]; config = lib.mkIf cfg.enable { # (2) Add overlay. - nixpkgs.overlays = [nodeFlake.inputs.nix-snapshotter.overlays.default]; + nixpkgs.overlays = [ nodeFlake.inputs.nix-snapshotter.overlays.default ]; # (3) Enable service. virtualisation.containerd = { diff --git a/nix/os/snippets/mycelium.nix b/nix/os/snippets/mycelium.nix index 6d211cf..990477e 100644 --- a/nix/os/snippets/mycelium.nix +++ b/nix/os/snippets/mycelium.nix @@ -1,16 +1,15 @@ { repoFlake, - nodeFlake, nodeName, config, - system, lib, ... -}: let +}: +let cfg.autostart = false; -in { - imports = [ - ]; +in +{ + imports = [ ]; sops.secrets.mycelium-key = { format = "binary"; @@ -22,14 +21,12 @@ in { # package = nodeFlake.inputs.mycelium.packages.${system}.myceliumd; keyFile = config.sops.secrets.mycelium-key.path; addHostedPublicNodes = true; - peers = [ - ]; + peers = [ ]; # tunName = "mycelium-pub"; - extraArgs = [ - ]; + extraArgs = [ ]; }; - systemd.services.mycelium.wantedBy = lib.mkIf (!cfg.autostart) (lib.mkForce []); + systemd.services.mycelium.wantedBy = lib.mkIf (!cfg.autostart) (lib.mkForce [ ]); } diff --git a/nix/os/snippets/nix-settings-holo-chain.nix b/nix/os/snippets/nix-settings-holo-chain.nix index d975cea..b660f1c 100644 --- a/nix/os/snippets/nix-settings-holo-chain.nix +++ b/nix/os/snippets/nix-settings-holo-chain.nix @@ -1,4 +1,4 @@ -{pkgs, ...}: { +_: { nix.settings = { substituters = [ "https://holochain-ci.cachix.org" diff --git a/nix/os/snippets/nix-settings.nix b/nix/os/snippets/nix-settings.nix index 4b7104e..6daaaef 100644 --- a/nix/os/snippets/nix-settings.nix +++ b/nix/os/snippets/nix-settings.nix @@ -3,17 +3,17 @@ pkgs, lib, ... -}: let - pkgsUnstable = import nodeFlake.inputs.nixpkgs-unstable {inherit (pkgs) system config;}; -in { +}: +let + pkgsUnstable = import nodeFlake.inputs.nixpkgs-unstable { inherit (pkgs) system config; }; +in +{ nix.daemonCPUSchedPolicy = "idle"; nix.daemonIOSchedClass = "idle"; nix.settings.max-jobs = lib.mkDefault "auto"; nix.settings.cores = lib.mkDefault 0; nix.settings.sandbox = true; - nix.nixPath = [ - "nixpkgs=${pkgs.path}" - ]; + nix.nixPath = [ "nixpkgs=${pkgs.path}" ]; nix.settings.experimental-features = [ "nix-command" @@ -32,7 +32,7 @@ in { nix.registry.nixpkgs.to = { type = "path"; path = nodeFlake.inputs.nixpkgs.outPath; - narHash = nodeFlake.inputs.nixpkgs.narHash; + inherit (nodeFlake.inputs.nixpkgs) narHash; }; nix.package = pkgsUnstable.nixVersions.latest; diff --git a/nix/os/snippets/obs-studio.nix b/nix/os/snippets/obs-studio.nix index c46305e..8a99fcb 100644 --- a/nix/os/snippets/obs-studio.nix +++ b/nix/os/snippets/obs-studio.nix @@ -1,10 +1,10 @@ -{config, ...}: let +{ config, ... }: +let # TODO: make configurable homeUser = "steveej"; -in { - boot.extraModulePackages = [ - config.boot.kernelPackages.v4l2loopback.out - ]; +in +{ + boot.extraModulePackages = [ config.boot.kernelPackages.v4l2loopback.out ]; # Activate kernel modules (choose from built-ins and extra ones) boot.kernelModules = [ @@ -23,9 +23,5 @@ in { security.polkit.enable = true; - home-manager.users.${homeUser} = _: { - imports = [ - ../../home-manager/programs/obs-studio.nix - ]; - }; + home-manager.users.${homeUser} = _: { imports = [ ../../home-manager/programs/obs-studio.nix ]; }; } diff --git a/nix/os/snippets/radicale.nix b/nix/os/snippets/radicale.nix index 69628bf..709b601 100644 --- a/nix/os/snippets/radicale.nix +++ b/nix/os/snippets/radicale.nix @@ -1,13 +1,14 @@ { config, - lib, pkgs, repoFlakeInputs', ... -}: let +}: +let # TODO: make configurable homeUser = "steveej"; -in { +in +{ sops.secrets.radicale_htpasswd = { sopsFile = ../../../secrets/desktop/radicale_htpasswd; format = "binary"; @@ -19,11 +20,13 @@ in { # TODO: bump these to latest and make it work ( args: - import ../../home-manager/programs/radicale.nix (args - // { - osConfig = config; - pkgs = repoFlakeInputs'.radicalePkgs.legacyPackages; - }) + import ../../home-manager/programs/radicale.nix ( + args + // { + osConfig = config; + pkgs = repoFlakeInputs'.radicalePkgs.legacyPackages; + } + ) ) ]; }; diff --git a/nix/os/snippets/sway-desktop.nix b/nix/os/snippets/sway-desktop.nix index f8d21b0..a40eb85 100644 --- a/nix/os/snippets/sway-desktop.nix +++ b/nix/os/snippets/sway-desktop.nix @@ -3,10 +3,12 @@ lib, config, ... -}: let +}: +let # TODO: make this configurable homeUser = "steveej"; -in { +in +{ services.xserver.serverFlagsSection = '' Option "BlankTime" "0" Option "StandbyTime" "0" @@ -28,7 +30,7 @@ in { # required by swaywm security.polkit.enable = true; - security.pam.services.swaylock = {}; + security.pam.services.swaylock = { }; # test these on https://mozilla.github.io/webrtc-landing/gum_test.html xdg.portal = { @@ -44,18 +46,20 @@ in { screencast = { chooser_type = "dmenu"; # display the output as a list in favor of the default mouse selection - chooser_cmd = lib.getExe (pkgs.writeShellApplication { - name = "chooser_cmd"; - runtimeInputs = [ - pkgs.sway - pkgs.jq - pkgs.fuzzel - pkgs.gnused - ]; - text = '' - swaymsg -t get_outputs | jq '.[] | "\(.name)@\(.current_mode.width)x\(.current_mode.height) on \(.model)"' | sed 's/"//g' | fuzzel -d | sed 's/@.*//' - ''; - }); + chooser_cmd = lib.getExe ( + pkgs.writeShellApplication { + name = "chooser_cmd"; + runtimeInputs = [ + pkgs.sway + pkgs.jq + pkgs.fuzzel + pkgs.gnused + ]; + text = '' + swaymsg -t get_outputs | jq '.[] | "\(.name)@\(.current_mode.width)x\(.current_mode.height) on \(.model)"' | sed 's/"//g' | fuzzel -d | sed 's/@.*//' + ''; + } + ); max_fps = 30; }; }; @@ -101,8 +105,8 @@ in { # autologin steveej on tty1 # TODO: make user configurable systemd.services."autovt@tty1".description = "Autologin at the TTY1"; - systemd.services."autovt@tty1".after = ["systemd-logind.service"]; # without it user session not started and xorg can't be run from this tty - systemd.services."autovt@tty1".wantedBy = ["multi-user.target"]; + systemd.services."autovt@tty1".after = [ "systemd-logind.service" ]; # without it user session not started and xorg can't be run from this tty + systemd.services."autovt@tty1".wantedBy = [ "multi-user.target" ]; systemd.services."autovt@tty1".serviceConfig = { ExecStart = [ "" # override upstream default with an empty ExecStart @@ -112,21 +116,21 @@ in { Type = "idle"; }; - programs = let - steveejSwayOnTty1 = '' - if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then - exec sway - fi - ''; - in { - bash.loginShellInit = steveejSwayOnTty1; - # TODO: only do this when zsh is enabled. first naiv attempt lead infinite recursion - zsh.loginShellInit = steveejSwayOnTty1; - }; + programs = + let + steveejSwayOnTty1 = '' + if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then + exec sway + fi + ''; + in + { + bash.loginShellInit = steveejSwayOnTty1; + # TODO: only do this when zsh is enabled. first naiv attempt lead infinite recursion + zsh.loginShellInit = steveejSwayOnTty1; + }; home-manager.users."${homeUser}" = _: { - imports = [ - ../../home-manager/profiles/sway-desktop.nix - ]; + imports = [ ../../home-manager/profiles/sway-desktop.nix ]; }; } diff --git a/nix/os/snippets/systemd-resolved.nix b/nix/os/snippets/systemd-resolved.nix index 3b8c145..f7c2301 100644 --- a/nix/os/snippets/systemd-resolved.nix +++ b/nix/os/snippets/systemd-resolved.nix @@ -1,4 +1,5 @@ -{lib, ...}: { +{ lib, ... }: +{ networking.nameservers = [ # https://dnsforge.de/ "176.9.93.198" @@ -12,12 +13,12 @@ services.resolved = { enable = true; dnssec = "true"; - domains = ["~."]; + domains = [ "~." ]; # TODO: figure out why "true" doesn't work dnsovertls = "opportunistic"; - fallbackDns = lib.mkForce []; + fallbackDns = lib.mkForce [ ]; # TODO: IPv6 # extraConfig = '' diff --git a/nix/os/snippets/timezone.nix b/nix/os/snippets/timezone.nix index 25aee48..67db1e8 100644 --- a/nix/os/snippets/timezone.nix +++ b/nix/os/snippets/timezone.nix @@ -1,5 +1,7 @@ -{lib, ...}: let +{ lib, ... }: +let passwords = import ../../variables/passwords.crypt.nix; -in { +in +{ time.timeZone = lib.mkDefault passwords.timeZone.stefan; } diff --git a/nix/pkgs/browserpass/default.nix b/nix/pkgs/browserpass/default.nix index 5b13732..34a6977 100644 --- a/nix/pkgs/browserpass/default.nix +++ b/nix/pkgs/browserpass/default.nix @@ -1,27 +1,27 @@ -with import {}; - stdenv.mkDerivation rec { - broken = true; +with import { }; +stdenv.mkDerivation rec { + broken = true; - name = "browserpass"; - version = "2.0.9"; + name = "browserpass"; + version = "2.0.9"; - src = fetchzip { - url = "https://github.com/dannyvankooten/browserpass/releases/download/${version}/${name}-linux64.zip"; - sha256 = "1nygcfjhyrcvbdmz4hjphcnmr4lm9y24lpdkdcjix6vbsjs0hipw"; - stripRoot = false; - }; + src = fetchzip { + url = "https://github.com/dannyvankooten/browserpass/releases/download/${version}/${name}-linux64.zip"; + sha256 = "1nygcfjhyrcvbdmz4hjphcnmr4lm9y24lpdkdcjix6vbsjs0hipw"; + stripRoot = false; + }; - buildPhase = ":"; + buildPhase = ":"; - libPath = lib.makeLibraryPath []; - installPhase = '' - set -x - patchelf --set-interpreter ${glibc}/lib/ld-linux-x86-64.so.2 browserpass-linux64 + libPath = lib.makeLibraryPath [ ]; + installPhase = '' + set -x + patchelf --set-interpreter ${glibc}/lib/ld-linux-x86-64.so.2 browserpass-linux64 - mkdir -p $out/bin - cp -a * $out/bin/ - # wrapProgram $out/bin/browserpass-linux64 \ - # --prefix LD_LIBRARY_PATH : "${libPath}" - # - ''; - } + mkdir -p $out/bin + cp -a * $out/bin/ + # wrapProgram $out/bin/browserpass-linux64 \ + # --prefix LD_LIBRARY_PATH : "${libPath}" + # + ''; +} diff --git a/nix/pkgs/dcpj4110dw/default.nix b/nix/pkgs/dcpj4110dw/default.nix index 8a4f6a6..93f59c7 100644 --- a/nix/pkgs/dcpj4110dw/default.nix +++ b/nix/pkgs/dcpj4110dw/default.nix @@ -16,7 +16,8 @@ file, proot, bash, -}: let +}: +let model = "dcpj4110dw"; version = "3.0.1-1"; src = fetchurl { @@ -24,12 +25,16 @@ sha256 = "sha256-ryKDsSkabAD2X3WLmeqjdB3+4DXdJ0qUz3O64DV+ixw="; }; reldir = "opt/brother/Printers/${model}/"; -in rec { +in +rec { driver = pkgsi686Linux.stdenv.mkDerivation rec { inherit src version; name = "${model}drv-${version}"; - nativeBuildInputs = [dpkg makeWrapper]; + nativeBuildInputs = [ + dpkg + makeWrapper + ]; unpackPhase = "dpkg-deb -x $src $out"; @@ -45,7 +50,18 @@ in rec { mv $out/${reldir}/lpd/filter${model} $out/${reldir}/lpd/.wrapped_filter${model} cat <<-EOF >$out/${reldir}/lpd/.wrapper_inner_filter${model} - export PATH=\$PATH:${lib.makeBinPath [gawk file a2ps coreutils ghostscript gnugrep gnused which]} + export PATH=\$PATH:${ + lib.makeBinPath [ + gawk + file + a2ps + coreutils + ghostscript + gnugrep + gnused + which + ] + } exec $out/${reldir}/lpd/.wrapped_filter${model} EOF chmod +x $out/${reldir}/lpd/.wrapper_inner_filter${model} @@ -64,10 +80,13 @@ in rec { meta = { description = "Brother ${lib.strings.toUpper model} driver"; homepage = "http://www.brother.com/"; - sourceProvenance = with lib.sourceTypes; [binaryNativeCode]; + sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ]; # license = lib.licenses.unfree; - platforms = ["x86_64-linux" "i686-linux"]; - maintainers = [lib.maintainers.steveej]; + platforms = [ + "x86_64-linux" + "i686-linux" + ]; + maintainers = [ lib.maintainers.steveej ]; }; }; @@ -81,14 +100,29 @@ in rec { name = "${model}cupswrapper-${version}"; - nativeBuildInputs = [dpkg makeWrapper]; - buildInputs = [cups ghostscript a2ps gawk]; + nativeBuildInputs = [ + dpkg + makeWrapper + ]; + buildInputs = [ + cups + ghostscript + a2ps + gawk + ]; unpackPhase = "dpkg-deb -x $src $out"; installPhase = '' wrapProgram $out/${reldir}/cupswrapper/cupswrapper${model} \ - --prefix PATH : ${lib.makeBinPath [coreutils ghostscript gnugrep gnused]} + --prefix PATH : ${ + lib.makeBinPath [ + coreutils + ghostscript + gnugrep + gnused + ] + } patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \ $out/${reldir}/cupswrapper/brcupsconfpt1 @@ -100,10 +134,13 @@ in rec { meta = { description = "Brother ${lib.strings.toUpper model} CUPS wrapper driver"; homepage = "http://www.brother.com/"; - sourceProvenance = with lib.sourceTypes; [binaryNativeCode]; + sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ]; license = lib.licenses.gpl2; - platforms = ["x86_64-linux" "i686-linux"]; - maintainers = [lib.maintainers.steveej]; + platforms = [ + "x86_64-linux" + "i686-linux" + ]; + maintainers = [ lib.maintainers.steveej ]; }; }; } diff --git a/nix/pkgs/default.nix b/nix/pkgs/default.nix index 6f114b2..78b37a6 100644 --- a/nix/pkgs/default.nix +++ b/nix/pkgs/default.nix @@ -1,5 +1,6 @@ -{pkgs}: { - duplicacy = pkgs.callPackage ../pkgs/duplicacy {}; +{ pkgs }: +{ + duplicacy = pkgs.callPackage ../pkgs/duplicacy { }; staruml = pkgs.callPackage ../pkgs/staruml.nix { inherit (pkgs.gnome2) GConf; libgcrypt = pkgs.libgcrypt_1_5; diff --git a/nix/pkgs/duplicacy/default.nix b/nix/pkgs/duplicacy/default.nix index 7a3fc19..b961a17 100644 --- a/nix/pkgs/duplicacy/default.nix +++ b/nix/pkgs/duplicacy/default.nix @@ -1,7 +1,4 @@ -{ - buildGoPackage, - fetchFromGitHub, -}: +{ buildGoPackage, fetchFromGitHub }: buildGoPackage rec { name = "duplicay-${version}"; version = "2.1.2"; diff --git a/nix/pkgs/duplicacy/shell.nix b/nix/pkgs/duplicacy/shell.nix index 051e832..045572c 100644 --- a/nix/pkgs/duplicacy/shell.nix +++ b/nix/pkgs/duplicacy/shell.nix @@ -1,12 +1,12 @@ -with import {}; - stdenv.mkDerivation { - name = "env"; - buildInputs = [ - zsh - go - go2nix - dep2nix - nix-prefetch-github - (callPackage ./default.nix {}) - ]; - } +with import { }; +stdenv.mkDerivation { + name = "env"; + buildInputs = [ + zsh + go + go2nix + dep2nix + nix-prefetch-github + (callPackage ./default.nix { }) + ]; +} diff --git a/nix/pkgs/jay.nix b/nix/pkgs/jay.nix index a4c2db4..9a7b0e5 100644 --- a/nix/pkgs/jay.nix +++ b/nix/pkgs/jay.nix @@ -31,6 +31,6 @@ rustPlatform.buildRustPackage rec { homepage = "https://github.com/mahkoh/jay"; license = licenses.gpl3; platforms = platforms.linux; - maintainers = with maintainers; [dit7ya]; + maintainers = with maintainers; [ dit7ya ]; }; } diff --git a/nix/pkgs/logseq/README.md b/nix/pkgs/logseq/README.md index c6f46bd..0c596b6 100644 --- a/nix/pkgs/logseq/README.md +++ b/nix/pkgs/logseq/README.md @@ -4,20 +4,19 @@ this is pseudocode that serves as a reminder 1. podman build -f Containerfile -t logseq 2. CONTAINER_ID=$(podman container create logseq) -2. podman unshare -3. podman mount $CONTAINER_ID -4. copy and upload the AppImage. e.g. - ``` - cp /home/steveej/.local/share/containers/storage/overlay/f932ca9f11ea2bfd6b221118eb54775a623bc519bfe38188afcbad51dda2777f/merged/Logseq-0.10.9.AppImage . - exit - scp Logseq-0.10.9.AppImage root@www.stefanjunker.de:/var/lib/container-volumes/webserver/var-www/stefanjunker.de/htdocs/caddy/downloads/ - ``` -5. podman unshare -6. podman unmount - +3. podman unshare +4. podman mount $CONTAINER_ID +5. copy and upload the AppImage. e.g. + ``` + cp /home/steveej/.local/share/containers/storage/overlay/f932ca9f11ea2bfd6b221118eb54775a623bc519bfe38188afcbad51dda2777f/merged/Logseq-0.10.9.AppImage . + exit + scp Logseq-0.10.9.AppImage root@www.stefanjunker.de:/var/lib/container-volumes/webserver/var-www/stefanjunker.de/htdocs/caddy/downloads/ + ``` +6. podman unshare +7. podman unmount # resources -* https://github.com/logseq/logseq/blob/dc5127b48a7874627bd9ab63696f7ddf821b90a7/docs/develop-logseq.md?plain=1#L90 -* https://github.com/logseq/logseq/blob/master/Dockerfile -* https://github.com/randomwangran/logseq-nix-flake +- https://github.com/logseq/logseq/blob/dc5127b48a7874627bd9ab63696f7ddf821b90a7/docs/develop-logseq.md?plain=1#L90 +- https://github.com/logseq/logseq/blob/master/Dockerfile +- https://github.com/randomwangran/logseq-nix-flake diff --git a/nix/pkgs/logseq/default.nix b/nix/pkgs/logseq/default.nix index 159d03b..b3c2c0c 100644 --- a/nix/pkgs/logseq/default.nix +++ b/nix/pkgs/logseq/default.nix @@ -14,85 +14,93 @@ nix-update-script, overrideSrc ? null, }: -stdenv.mkDerivation (finalAttrs: let - inherit (finalAttrs) pname version src appimageContents; -in { - pname = "logseq"; - version = "0.10.9"; +stdenv.mkDerivation ( + finalAttrs: + let + inherit (finalAttrs) pname version src; + in + { + pname = "logseq"; + version = "0.10.9"; - src = - if overrideSrc != null - then overrideSrc - else - (fetchurl { - url = "https://github.com/logseq/logseq/releases/download/${version}/logseq-linux-x64-${version}.AppImage"; - hash = "sha256-F3YbqgvL04P0nXaIVkJlCq/z8hUE0M0UutkBs2omuBe="; - name = "${pname}-${version}.AppImage"; - }); + src = + if overrideSrc != null then + overrideSrc + else + (fetchurl { + url = "https://github.com/logseq/logseq/releases/download/${version}/logseq-linux-x64-${version}.AppImage"; + hash = "sha256-F3YbqgvL04P0nXaIVkJlCq/z8hUE0M0UutkBs2omuBe="; + name = "${pname}-${version}.AppImage"; + }); - nativeBuildInputs = - [makeWrapper] - ++ lib.optionals stdenv.hostPlatform.isLinux [autoPatchelfHook] - ++ lib.optionals stdenv.hostPlatform.isDarwin [unzip]; - buildInputs = [stdenv.cc.cc.lib]; + nativeBuildInputs = + [ makeWrapper ] + ++ lib.optionals stdenv.hostPlatform.isLinux [ autoPatchelfHook ] + ++ lib.optionals stdenv.hostPlatform.isDarwin [ unzip ]; + buildInputs = [ stdenv.cc.cc.lib ]; - dontUnpack = stdenv.hostPlatform.isLinux; - dontConfigure = true; - dontBuild = true; + dontUnpack = stdenv.hostPlatform.isLinux; + dontConfigure = true; + dontBuild = true; - installPhase = - '' - runHook preInstall - '' - + lib.optionalString stdenv.hostPlatform.isLinux ( - let - appimageContents = appimageTools.extract {inherit pname src version;}; - in '' - mkdir -p $out/bin $out/share/logseq $out/share/applications - cp -a ${appimageContents}/{locales,resources} $out/share/logseq - cp -a ${appimageContents}/Logseq.desktop $out/share/applications/logseq.desktop - - # remove the `git` in `dugite` because we want the `git` in `nixpkgs` - chmod +w -R $out/share/logseq/resources/app/node_modules/dugite/git - chmod +w $out/share/logseq/resources/app/node_modules/dugite - rm -rf $out/share/logseq/resources/app/node_modules/dugite/git - chmod -w $out/share/logseq/resources/app/node_modules/dugite - - mkdir -p $out/share/pixmaps - ln -s $out/share/logseq/resources/app/icons/logseq.png $out/share/pixmaps/logseq.png - - substituteInPlace $out/share/applications/logseq.desktop \ - --replace Exec=Logseq Exec=logseq \ - --replace Icon=Logseq Icon=logseq + installPhase = '' - ) - + lib.optionalString stdenv.hostPlatform.isDarwin '' - mkdir -p $out/{Applications/Logseq.app,bin} - cp -R . $out/Applications/Logseq.app - makeWrapper $out/Applications/Logseq.app/Contents/MacOS/Logseq $out/bin/logseq - '' - + '' - runHook postInstall + runHook preInstall + '' + + lib.optionalString stdenv.hostPlatform.isLinux ( + let + appimageContents = appimageTools.extract { inherit pname src version; }; + in + '' + mkdir -p $out/bin $out/share/logseq $out/share/applications + cp -a ${appimageContents}/{locales,resources} $out/share/logseq + cp -a ${appimageContents}/Logseq.desktop $out/share/applications/logseq.desktop + + # remove the `git` in `dugite` because we want the `git` in `nixpkgs` + chmod +w -R $out/share/logseq/resources/app/node_modules/dugite/git + chmod +w $out/share/logseq/resources/app/node_modules/dugite + rm -rf $out/share/logseq/resources/app/node_modules/dugite/git + chmod -w $out/share/logseq/resources/app/node_modules/dugite + + mkdir -p $out/share/pixmaps + ln -s $out/share/logseq/resources/app/icons/logseq.png $out/share/pixmaps/logseq.png + + substituteInPlace $out/share/applications/logseq.desktop \ + --replace Exec=Logseq Exec=logseq \ + --replace Icon=Logseq Icon=logseq + '' + ) + + lib.optionalString stdenv.hostPlatform.isDarwin '' + mkdir -p $out/{Applications/Logseq.app,bin} + cp -R . $out/Applications/Logseq.app + makeWrapper $out/Applications/Logseq.app/Contents/MacOS/Logseq $out/bin/logseq + '' + + '' + runHook postInstall + ''; + + postFixup = lib.optionalString stdenv.hostPlatform.isLinux '' + # set the env "LOCAL_GIT_DIRECTORY" for dugite so that we can use the git in nixpkgs + makeWrapper ${electron_27}/bin/electron $out/bin/logseq \ + --set "LOCAL_GIT_DIRECTORY" ${git} \ + --add-flags $out/share/logseq/resources/app \ + --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" ''; - postFixup = lib.optionalString stdenv.hostPlatform.isLinux '' - # set the env "LOCAL_GIT_DIRECTORY" for dugite so that we can use the git in nixpkgs - makeWrapper ${electron_27}/bin/electron $out/bin/logseq \ - --set "LOCAL_GIT_DIRECTORY" ${git} \ - --add-flags $out/share/logseq/resources/app \ - --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" - ''; + passthru.updateScript = nix-update-script { }; - passthru.updateScript = nix-update-script {}; - - meta = { - description = "Local-first, non-linear, outliner notebook for organizing and sharing your personal knowledge base"; - homepage = "https://github.com/logseq/logseq"; - changelog = "https://github.com/logseq/logseq/releases/tag/${version}"; - license = lib.licenses.agpl3Plus; - sourceProvenance = with lib.sourceTypes; [binaryNativeCode]; - maintainers = with lib.maintainers; [cheeseecake]; - platforms = ["x86_64-linux" "aarch64-linux"] ++ lib.platforms.darwin; - mainProgram = "logseq"; - }; -}) + meta = { + description = "Local-first, non-linear, outliner notebook for organizing and sharing your personal knowledge base"; + homepage = "https://github.com/logseq/logseq"; + changelog = "https://github.com/logseq/logseq/releases/tag/${version}"; + license = lib.licenses.agpl3Plus; + sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ]; + maintainers = with lib.maintainers; [ cheeseecake ]; + platforms = [ + "x86_64-linux" + "aarch64-linux" + ] ++ lib.platforms.darwin; + mainProgram = "logseq"; + }; + } +) diff --git a/nix/pkgs/magmawm.nix b/nix/pkgs/magmawm.nix index 2d4c335..c1850c1 100644 --- a/nix/pkgs/magmawm.nix +++ b/nix/pkgs/magmawm.nix @@ -8,7 +8,6 @@ libinput, libxkbcommon, mesa, - pango, udev, dbus, libGL, @@ -18,9 +17,7 @@ craneLib.buildPackage { pname = "magmawm"; version = src.rev; - nativeBuildInputs = [ - pkg-config - ]; + nativeBuildInputs = [ pkg-config ]; buildInputs = [ wayland @@ -45,6 +42,6 @@ craneLib.buildPackage { homepage = "https://github.com/MagmaWM/MagmaWM"; license = licenses.gpl3; platforms = platforms.linux; - maintainers = with maintainers; []; + maintainers = with maintainers; [ ]; }; } diff --git a/nix/pkgs/mfcl3770cdw.nix b/nix/pkgs/mfcl3770cdw.nix index 5c04cbf..142c1c0 100644 --- a/nix/pkgs/mfcl3770cdw.nix +++ b/nix/pkgs/mfcl3770cdw.nix @@ -11,7 +11,8 @@ which, perl, lib, -}: let +}: +let model = "mfcl3770cdw"; version = "1.0.2-0"; src = fetchurl { @@ -19,12 +20,16 @@ sha256 = "09fhbzhpjymhkwxqyxzv24b06ybmajr6872yp7pri39595mhrvay"; }; reldir = "opt/brother/Printers/${model}/"; -in rec { +in +rec { driver = stdenv.mkDerivation rec { inherit src version; name = "${model}drv-${version}"; - nativeBuildInputs = [dpkg makeWrapper]; + nativeBuildInputs = [ + dpkg + makeWrapper + ]; unpackPhase = "dpkg-deb -x $src $out"; @@ -36,8 +41,14 @@ in rec { --replace "PRINTER =~" "PRINTER = \"${model}\"; #" wrapProgram $dir/lpd/filter_${model} \ --prefix PATH : ${ - lib.makeBinPath [coreutils ghostscript gnugrep gnused which] - } + lib.makeBinPath [ + coreutils + ghostscript + gnugrep + gnused + which + ] + } # need to use i686 glibc here, these are 32bit proprietary binaries interpreter=${pkgsi686Linux.glibc}/lib/ld-linux.so.2 patchelf --set-interpreter "$interpreter" $dir/lpd/brmfcl3770cdwfilter @@ -47,8 +58,11 @@ in rec { description = "Brother ${lib.strings.toUpper model} driver"; homepage = "http://www.brother.com/"; license = lib.licenses.unfree; - platforms = ["x86_64-linux" "i686-linux"]; - maintainers = [lib.maintainers.steveej]; + platforms = [ + "x86_64-linux" + "i686-linux" + ]; + maintainers = [ lib.maintainers.steveej ]; }; }; @@ -56,7 +70,10 @@ in rec { inherit version src; name = "${model}cupswrapper-${version}"; - nativeBuildInputs = [dpkg makeWrapper]; + nativeBuildInputs = [ + dpkg + makeWrapper + ]; unpackPhase = "dpkg-deb -x $src $out"; @@ -68,7 +85,13 @@ in rec { --replace "basedir =~" "basedir = \"$basedir\"; #" \ --replace "PRINTER =~" "PRINTER = \"${model}\"; #" wrapProgram $dir/cupswrapper/brother_lpdwrapper_${model} \ - --prefix PATH : ${lib.makeBinPath [coreutils gnugrep gnused]} + --prefix PATH : ${ + lib.makeBinPath [ + coreutils + gnugrep + gnused + ] + } mkdir -p $out/lib/cups/filter mkdir -p $out/share/cups/model ln $dir/cupswrapper/brother_lpdwrapper_${model} $out/lib/cups/filter @@ -79,8 +102,11 @@ in rec { description = "Brother ${lib.strings.toUpper model} CUPS wrapper driver"; homepage = "http://www.brother.com/"; license = lib.licenses.gpl2; - platforms = ["x86_64-linux" "i686-linux"]; - maintainers = [lib.maintainers.steveej]; + platforms = [ + "x86_64-linux" + "i686-linux" + ]; + maintainers = [ lib.maintainers.steveej ]; }; }; } diff --git a/nix/pkgs/nozbe/default.nix b/nix/pkgs/nozbe/default.nix index 368add8..e5ac519 100644 --- a/nix/pkgs/nozbe/default.nix +++ b/nix/pkgs/nozbe/default.nix @@ -1,60 +1,60 @@ -with import {}; - stdenv.mkDerivation rec { - name = "nozbe"; - version = "3.6.3"; +with import { }; +stdenv.mkDerivation rec { + name = "nozbe"; + version = "3.6.3"; - src = fetchzip { - url = "https://files.nozbe.com/linux/linux64_newest.tar.gz"; - sha256 = "08hag0kv23psqa1pl9kardz90scgk21rsr5xxfg8jvmnxy2nc858"; - stripRoot = false; - }; + src = fetchzip { + url = "https://files.nozbe.com/linux/linux64_newest.tar.gz"; + sha256 = "08hag0kv23psqa1pl9kardz90scgk21rsr5xxfg8jvmnxy2nc858"; + stripRoot = false; + }; - buildInputs = [makeWrapper]; + buildInputs = [ makeWrapper ]; - buildPhase = ":"; + buildPhase = ":"; - libPath = lib.makeLibraryPath [ - alsaLib - atk - cairo - cups - dbus - expat - freetype - fontconfig - gnome3.gconf - gcc.cc - gdk_pixbuf - gtk2-x11 - glib - pango - nss - nspr - systemd.lib - xorg.libX11 - xorg.libXcursor - xorg.libXcomposite - xorg.libXext - xorg.libXfixes - xorg.libXdamage - xorg.libXi - xorg.libXrandr - xorg.libXrender - xorg.libXtst - xorg.libXScrnSaver - ]; - installPhase = '' - pushd Nozbe-${version} - ls -lha + libPath = lib.makeLibraryPath [ + alsaLib + atk + cairo + cups + dbus + expat + freetype + fontconfig + gnome3.gconf + gcc.cc + gdk_pixbuf + gtk2-x11 + glib + pango + nss + nspr + systemd.lib + xorg.libX11 + xorg.libXcursor + xorg.libXcomposite + xorg.libXext + xorg.libXfixes + xorg.libXdamage + xorg.libXi + xorg.libXrandr + xorg.libXrender + xorg.libXtst + xorg.libXScrnSaver + ]; + installPhase = '' + pushd Nozbe-${version} + ls -lha - patchelf --set-interpreter ${stdenv.glibc}/lib/ld-linux-x86-64.so.2 Nozbe + patchelf --set-interpreter ${stdenv.glibc}/lib/ld-linux-x86-64.so.2 Nozbe - mkdir -p $out/bin - cp -a * $out/ + mkdir -p $out/bin + cp -a * $out/ - wrapProgram $out/Nozbe \ - --prefix LD_LIBRARY_PATH : "${libPath}" + wrapProgram $out/Nozbe \ + --prefix LD_LIBRARY_PATH : "${libPath}" - ln -sf ../Nozbe $out/bin/ - ''; - } + ln -sf ../Nozbe $out/bin/ + ''; +} diff --git a/nix/pkgs/posh.nix b/nix/pkgs/posh.nix index 4d993ba..b7ad5cb 100644 --- a/nix/pkgs/posh.nix +++ b/nix/pkgs/posh.nix @@ -1,42 +1,44 @@ # posh makes use of podman to run an encapsulated shell session -{pkgs, ...}: let - cniConfigDir = let - loopback = pkgs.writeText "00-loopback.conf" '' - { - "cniVersion": "0.3.0", - "type": "loopback" - } - ''; - - podman-bridge = pkgs.writeText "87-podman-bridge.conflist" '' - { +{ pkgs, ... }: +let + cniConfigDir = + let + loopback = pkgs.writeText "00-loopback.conf" '' + { "cniVersion": "0.3.0", - "name": "podman", - "plugins": [ - { - "type": "bridge", - "bridge": "cni0", - "isGateway": true, - "ipMasq": true, - "ipam": { - "type": "host-local", - "subnet": "10.88.0.0/16", - "routes": [ - { "dst": "0.0.0.0/0" } - ] + "type": "loopback" + } + ''; + + podman-bridge = pkgs.writeText "87-podman-bridge.conflist" '' + { + "cniVersion": "0.3.0", + "name": "podman", + "plugins": [ + { + "type": "bridge", + "bridge": "cni0", + "isGateway": true, + "ipMasq": true, + "ipam": { + "type": "host-local", + "subnet": "10.88.0.0/16", + "routes": [ + { "dst": "0.0.0.0/0" } + ] + } + }, + { + "type": "portmap", + "capabilities": { + "portMappings": true + } } - }, - { - "type": "portmap", - "capabilities": { - "portMappings": true - } - } - ] - } - ''; - in - pkgs.runCommand "cniConfig" {} '' + ] + } + ''; + in + pkgs.runCommand "cniConfig" { } '' set -x mkdir $out; ln -s ${loopback} $out/${loopback.name} @@ -125,54 +127,58 @@ } ''; in - { - image, - pull ? "always", - global_args ? "", - run_args ? "", - userns ? "keep-id", - }: - (pkgs.writeScriptBin "posh" '' - #! ${pkgs.bash}/bin/bash - source /etc/profile +{ + image, + pull ? "always", + global_args ? "", + run_args ? "", + userns ? "keep-id", +}: +(pkgs.writeScriptBin "posh" '' + #! ${pkgs.bash}/bin/bash + source /etc/profile - test -S "$SSH_AUTH_SOCK" && ssh="-v $SSH_AUTH_SOCK:$SSH_AUTH_SOCK -e SSH_AUTH_SOCK" - tty -s && tty="-t" entrypoint=--entrypoint='["/usr/bin/env","bash","-il"]' || quiet="-q" + test -S "$SSH_AUTH_SOCK" && ssh="-v $SSH_AUTH_SOCK:$SSH_AUTH_SOCK -e SSH_AUTH_SOCK" + tty -s && tty="-t" entrypoint=--entrypoint='["/usr/bin/env","bash","-il"]' || quiet="-q" - # define these as variables so we can override them at runtime - POSH_IMAGE=${image} - POSH_PULL=${pull} + # define these as variables so we can override them at runtime + POSH_IMAGE=${image} + POSH_PULL=${pull} - if [ "$1" == "-c" ]; then - # We've most likely been spawned by sshd and are interested in $2 whitch contains the command string - shift - # TODO parse the beginning of the command for POSH_* overrides - fi + if [ "$1" == "-c" ]; then + # We've most likely been spawned by sshd and are interested in $2 whitch contains the command string + shift + # TODO parse the beginning of the command for POSH_* overrides + fi - test "$@" && cmd=( -c "$@") + test "$@" && cmd=( -c "$@") - HOME_CONTAINERS_CONFIGDIR="$HOME/.config/containers" - HOME_POLICY_JSON="$HOME_CONTAINERS_CONFIGDIR/policy.json" - test -d $HOME_CONTAINERS_CONFIGIDR || mkdir $HOME_CONTAINERS_CONFIGIDR - ln -sf ${policy-json} $HOME_POLICY_JSON + HOME_CONTAINERS_CONFIGDIR="$HOME/.config/containers" + HOME_POLICY_JSON="$HOME_CONTAINERS_CONFIGDIR/policy.json" + test -d $HOME_CONTAINERS_CONFIGIDR || mkdir $HOME_CONTAINERS_CONFIGIDR + ln -sf ${policy-json} $HOME_POLICY_JSON - set -x - exec ${pkgs.podman}/bin/podman \ - --cgroup-manager=cgroupfs \ - ${global_args} \ - run \ - --annotation=io.crun.keep_original_groups=1 \ - --config ${podmanConfig} \ - --conmon ${pkgs.conmon}/bin/conmon --runtime ${pkgs.crun}/bin/crun \ - --rm -i --network host --pull=''${POSH_PULL} \ - $tty $ssh -e HOME -v $HOME:$HOME -w $HOME \ - ${ - if userns != null - then "--userns=" + userns - else "" - } \ - ${run_args} \ - ''${POSH_IMAGE} /usr/bin/env bash -l "''${cmd[@]}" - '') - .overrideAttrs (attrs: attrs // {passthru = {shellPath = "/bin/posh";};}) + set -x + exec ${pkgs.podman}/bin/podman \ + --cgroup-manager=cgroupfs \ + ${global_args} \ + run \ + --annotation=io.crun.keep_original_groups=1 \ + --config ${podmanConfig} \ + --conmon ${pkgs.conmon}/bin/conmon --runtime ${pkgs.crun}/bin/crun \ + --rm -i --network host --pull=''${POSH_PULL} \ + $tty $ssh -e HOME -v $HOME:$HOME -w $HOME \ + ${if userns != null then "--userns=" + userns else ""} \ + ${run_args} \ + ''${POSH_IMAGE} /usr/bin/env bash -l "''${cmd[@]}" +'').overrideAttrs + ( + attrs: + attrs + // { + passthru = { + shellPath = "/bin/posh"; + }; + } + ) diff --git a/nix/pkgs/slirp4netns.nix b/nix/pkgs/slirp4netns.nix index ffcc730..5e50ecf 100644 --- a/nix/pkgs/slirp4netns.nix +++ b/nix/pkgs/slirp4netns.nix @@ -18,7 +18,13 @@ stdenv.mkDerivation rec { sha256 = "0kqncza4kgqkqiki569j7ym9pvp7879i6q2z0djvda9y0i6b80w4"; }; - buildInputs = [autoconf automake libtool gnumake gcc]; + buildInputs = [ + autoconf + automake + libtool + gnumake + gcc + ]; configurePhase = '' ./autogen.sh @@ -37,7 +43,7 @@ stdenv.mkDerivation rec { description = "User-mode networking for unprivileged network namespaces"; homepage = "https://github.com/rootless-containers/slirp4netns"; license = null; - maintainers = [maintainers.steveej]; + maintainers = [ maintainers.steveej ]; platforms = platforms.all; }; } diff --git a/nix/pkgs/staruml.nix b/nix/pkgs/staruml.nix index a0e9d90..35399ad 100644 --- a/nix/pkgs/staruml.nix +++ b/nix/pkgs/staruml.nix @@ -15,7 +15,8 @@ libgcrypt, dbus, systemd, -}: let +}: +let inherit (stdenv) lib; LD_LIBRARY_PATH = lib.makeLibraryPath [ glib @@ -30,55 +31,56 @@ dbus ]; in - stdenv.mkDerivation rec { - version = "2.8.1"; - name = "staruml-${version}"; +stdenv.mkDerivation rec { + version = "2.8.1"; + name = "staruml-${version}"; - src = - if stdenv.system == "i686-linux" - then - fetchurl - { - url = "http://staruml.io/download/release/v${version}/StarUML-v${version}-32-bit.deb"; - sha256 = "0vb3k9m3l6pmsid4shlk0xdjsriq3gxzm8q7l04didsppg0vvq1n"; - } - else - fetchurl { - url = "https://s3.amazonaws.com/staruml-bucket/releases-v2/StarUML-v${version}-64-bit.deb"; - sha256 = "05gzrnlssjkhyh0wv019d4r7p40lxnsa1sghazll6f233yrqmxb0"; - }; + src = + if stdenv.system == "i686-linux" then + fetchurl { + url = "http://staruml.io/download/release/v${version}/StarUML-v${version}-32-bit.deb"; + sha256 = "0vb3k9m3l6pmsid4shlk0xdjsriq3gxzm8q7l04didsppg0vvq1n"; + } + else + fetchurl { + url = "https://s3.amazonaws.com/staruml-bucket/releases-v2/StarUML-v${version}-64-bit.deb"; + sha256 = "05gzrnlssjkhyh0wv019d4r7p40lxnsa1sghazll6f233yrqmxb0"; + }; - buildInputs = [dpkg]; + buildInputs = [ dpkg ]; - nativeBuildInputs = [makeWrapper]; + nativeBuildInputs = [ makeWrapper ]; - unpackPhase = '' - mkdir pkg - dpkg-deb -x $src pkg - sourceRoot=pkg - ''; + unpackPhase = '' + mkdir pkg + dpkg-deb -x $src pkg + sourceRoot=pkg + ''; - installPhase = '' - mkdir $out - mv opt/staruml $out/bin + installPhase = '' + mkdir $out + mv opt/staruml $out/bin - mkdir -p $out/lib - ln -s ${stdenv.cc.cc.lib}/lib/libstdc++.so.6 $out/lib/ - ln -s ${systemd.lib}/lib/libudev.so.1 $out/lib/libudev.so.0 + mkdir -p $out/lib + ln -s ${stdenv.cc.cc.lib}/lib/libstdc++.so.6 $out/lib/ + ln -s ${systemd.lib}/lib/libudev.so.1 $out/lib/libudev.so.0 - for binary in StarUML Brackets-node; do - ${patchelf}/bin/patchelf \ - --interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \ - $out/bin/$binary - wrapProgram $out/bin/$binary \ - --prefix LD_LIBRARY_PATH : $out/lib:${LD_LIBRARY_PATH} - done - ''; + for binary in StarUML Brackets-node; do + ${patchelf}/bin/patchelf \ + --interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \ + $out/bin/$binary + wrapProgram $out/bin/$binary \ + --prefix LD_LIBRARY_PATH : $out/lib:${LD_LIBRARY_PATH} + done + ''; - meta = with stdenv.lib; { - description = "A sophisticated software modeler"; - homepage = "http://staruml.io/"; - license = licenses.unfree; - platforms = ["i686-linux" "x86_64-linux"]; - }; - } + meta = with stdenv.lib; { + description = "A sophisticated software modeler"; + homepage = "http://staruml.io/"; + license = licenses.unfree; + platforms = [ + "i686-linux" + "x86_64-linux" + ]; + }; +} diff --git a/nix/scripts/pre-eval-fixed.sh b/nix/scripts/pre-eval-fixed.sh index 25a3e36..ec7b14e 100755 --- a/nix/scripts/pre-eval-fixed.sh +++ b/nix/scripts/pre-eval-fixed.sh @@ -3,7 +3,7 @@ set -xe INFILE="${1:?Please set arg1 to INFILE}" OUTFILE="${2:?Please set arg2 to OUTFILE}" # sha256-1fm94N2Y9ptXVN6ni0nJyPRK+nsvoeliqBcFyjlaTH4= -# sha256:0zjcb8wwl18pm1ifk89gggx4mx68r54qp9yyaibrpxlqvphbvyfm -hash=$(nix-build ${INFILE} --arg pkgs 'import {}' --arg config 'null' 2>&1 | rg -o 'got.*(sha256[:-].+)$' -r '$1') +# sha256:0zjcb8wwl18pm1ifk89gggx4mx68r54qp9yyaibrpxlqvphbvyfm +hash=$(nix-build "${INFILE}" --arg pkgs 'import {}' --arg config 'null' 2>&1 | rg -o 'got.*(sha256[:-].+)$' -r '$1') -sed -E "s/0{52}/${hash}/" ${INFILE} > ${OUTFILE} +sed -E "s/0{52}/${hash}/" "${INFILE}" >"${OUTFILE}" diff --git a/nix/tests/buildvmwithbootloader/build-vm.nix b/nix/tests/buildvmwithbootloader/build-vm.nix index be819b6..a085713 100644 --- a/nix/tests/buildvmwithbootloader/build-vm.nix +++ b/nix/tests/buildvmwithbootloader/build-vm.nix @@ -3,20 +3,14 @@ vmPkgsPath, buildPkgsPath, nixosConfigPath, -}: let - buildPkgs = import buildPkgsPath {}; - vmPkgs' = import vmPkgsPath {}; - vmPkgs = - vmPkgs' - // { - runtimeShell = "${vmPkgs'.bash}/${vmPkgs'.bash.shellPath}"; - }; +}: +let + vmPkgs' = import vmPkgsPath { }; + vmPkgs = vmPkgs' // { + runtimeShell = "${vmPkgs'.bash}/${vmPkgs'.bash.shellPath}"; + }; - importWithPkgs = { - path, - pkgs, - }: args: - import path (args // {inherit pkgs;}); + importWithPkgs = { path, pkgs }: args: import path (args // { inherit pkgs; }); nixosConfig = importWithPkgs { path = "${nixosConfigPath}"; @@ -36,8 +30,10 @@ modules = [ nixosConfig vmConfig - {virtualisation.useBootLoader = true;} + { virtualisation.useBootLoader = true; } ]; - }) - .config; -in {vmWithBootLoaderMixed = vmWithBootLoaderConfigMixed.system.build.vm;} + }).config; +in +{ + vmWithBootLoaderMixed = vmWithBootLoaderConfigMixed.system.build.vm; +} diff --git a/nix/tests/buildvmwithbootloader/build-vm.sh b/nix/tests/buildvmwithbootloader/build-vm.sh index 520e0c8..3ee6ee0 100755 --- a/nix/tests/buildvmwithbootloader/build-vm.sh +++ b/nix/tests/buildvmwithbootloader/build-vm.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash set -x -rm *.qcow2 +rm ./*.qcow2 rm result* set -e @@ -8,9 +8,9 @@ BUILD_NIXPKGS="${BUILD_NIXPKGS:-${HOME}/src/github/NixOS/nixpkgs.dev}" NIXOS_CONFIG="${NIXOS_CONFIG_OVERRIDE:-${PWD}/configuration.nix}" nix-build -K --show-trace build-vm.nix \ - --arg vmPkgsPath '' \ - --argstr buildPkgsPath "${BUILD_NIXPKGS}" \ - --argstr nixosConfigPath "${NIXOS_CONFIG}" \ - -A vmWithBootLoaderMixed + --arg vmPkgsPath '' \ + --argstr buildPkgsPath "${BUILD_NIXPKGS}" \ + --argstr nixosConfigPath "${NIXOS_CONFIG}" \ + -A vmWithBootLoaderMixed -./result/bin/run-*-vm +"./result/bin/run-*-vm" diff --git a/nix/tests/buildvmwithbootloader/configuration.nix b/nix/tests/buildvmwithbootloader/configuration.nix index 92072fe..49dc463 100644 --- a/nix/tests/buildvmwithbootloader/configuration.nix +++ b/nix/tests/buildvmwithbootloader/configuration.nix @@ -1,9 +1,5 @@ +{ lib, ... }: { - pkgs, - lib, - ... -}: let -in { boot.loader.grub = { enable = true; version = 2; @@ -22,13 +18,23 @@ in { allowDiscards = true; } ]; - fileSystems."/" = {label = "root";}; + fileSystems."/" = { + label = "root"; + }; - fileSystems."/boot" = {label = "boot";}; + fileSystems."/boot" = { + label = "boot"; + }; boot.tmpOnTmpfs = true; - boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "usb_storage" + "sd_mod" + "rtsx_pci_sdmmc" + ]; users.extraUsers.root.initialPassword = lib.mkForce "toorroot"; users.mutableUsers = false; diff --git a/nix/tests/buildvmwithbootloader/debug-vm.sh b/nix/tests/buildvmwithbootloader/debug-vm.sh index 0d11067..8e3bdce 100755 --- a/nix/tests/buildvmwithbootloader/debug-vm.sh +++ b/nix/tests/buildvmwithbootloader/debug-vm.sh @@ -1,3 +1,5 @@ +#!/usr/bin/env bash + # /nix/store/lya9qyl9z5xb4vzdzh4vzcr7gfssk47z-qemu-host-cpu-only-for-vm-tests-2.12.0/bin/qemu-kvm \ # -cpu \ # kvm64 \ @@ -24,7 +26,6 @@ # -drive \ # index=0,id=drive1,file=/home/steveej/src/steveej/nix-expressions/nixos.qcow2,cache=writeback,werror=report,if=virtio \ - /nix/store/0i6fr8vv559a50w0vipvd22r0kkg1kx1-qemu-host-cpu-only-for-vm-tests-3.0.0/bin/qemu-kvm -cpu kvm64 -name nixos -m 384 -smp 1 -device virtio-rng-pci -net nic,netdev=user.0,model=virtio -netdev user,id=user.0 -virtfs local,path=/nix/store,security_model=none,mount_tag=store -virtfs local,path=/tmp/nix-vm.BXlbOnli8K/xchg,security_model=none,mount_tag=xchg -virtfs local,path=/tmp/nix-vm.BXlbOnli8K/xchg,security_model=none,mount_tag=shared \ - -drive index=1,id=drive2,file=/tmp/nix-vm.BXlbOnli8K/disk.img,media=disk,if=virtio \ - -drive index=0,id=drive1,file=/home/steveej/src/steveej/nix-expressions/tests/nixos.qcow2,cache=writeback,werror=report,if=virtio \ + -drive index=1,id=drive2,file=/tmp/nix-vm.BXlbOnli8K/disk.img,media=disk,if=virtio \ + -drive index=0,id=drive1,file=/home/steveej/src/steveej/nix-expressions/tests/nixos.qcow2,cache=writeback,werror=report,if=virtio diff --git a/nix/tests/test-vm.nix b/nix/tests/test-vm.nix index 55053e2..fc956b6 100644 --- a/nix/tests/test-vm.nix +++ b/nix/tests/test-vm.nix @@ -1,10 +1,4 @@ -{ - lib, - config, - pkgs, - fetchgit, - ... -}: { +_: { boot.consoleLogLevel = 6; users.users.root.initialPassword = "root"; systemd.services."serial-getty@ttyS0".enable = true; diff --git a/nix/variables/passwords.crypt.nix b/nix/variables/passwords.crypt.nix index 3edf90a0be7fbfab297ca26ede15d1e2e2a3d59a..91d2eb6f7622aac0161301d74855d603090caaa7 100644 GIT binary patch literal 614 zcmZQ@_Y83kiVO&0u;bf4-6U*1TUXbV<<_e*V{be@biRkR?To(vw55W z=4ocpZF3hbXF5{n{K461!>Kl-)$2E}?KJwFqUTuTSr}+EQ(nn{>-IjM%TFVkU!}tj*M#}$?1KFvA*oSSzYzo!(Rx_%IY>AttF$IjfU7jETX&yLt_UZ*^cjNVkLX6j%Wli)d-j><#cjV-k z;K|{Gt6o^7 z;9GE|cG6+BOZ%K!H=ds}qiJ(csM!4JRw^~zYg2sHE$5}2W!8QhHuK2>mcXsoZCW!+ zmd@SyUFY@ng9o3#)Vuvihd0m9rN&}aEg%0bkI(ikm)Io28u_P4{%bLMJt1Z;+c|%6 zCd1GT4=?^W z;V*Z-eWfm|`Edu6EejGKewyaGG^XhJI|;6D>u0SwC*AOS`JY`sCajH-Kjohy&$IYh z%bh5NnbWP-1U%24c>hGnC9#s9o?EW2t#4pouj+lByW@%D_gSe%uRq+MS=v8&*PF9R zD+5m?{IRw9(4Z5y`t8jFa=xd#ll(8UDqJ*Coc8Cq=-K^yj%}OQwW4m#n*@a@zkf>q zKYjG5SP&^3yLn^1Sy%a~UOv$`))$wWH|J#DuV(uhxT#DzH-gW?Ij1&Z+na`?$9h#G zZ+hsT4Y}a=eS_PC?V;%}Hq3c+`kmANd>$JX`_QX_~Xs&=+OK!Q*U8h&BYa)e_TGf{6L-Kp&7gUI_D@FD$a4)WSb*dQ60|daCz%y zC4-_P&wlxuNt$lk#9DXf>dn50?pqCaubg$sd+Q_FpR=09?co*C2{Qc|SEhXqV0``U zS6BHrg}4gQ6yrNHbN*ZD2)Ql$Xt%;g2}go53*U>ee%MvQ`=_M#TW5sy zjmHw_zn?3Aop~t0UVCFf{RIPgr`hKhuJw#N8B{5lSCKCld}Qg%rn>2z8$U1a_&aT$ N+H}3!E%#j2jR8UQ8(9DV diff --git a/nix/variables/versions.nix b/nix/variables/versions.nix index 535d7d3..6d441a6 100644 --- a/nix/variables/versions.nix +++ b/nix/variables/versions.nix @@ -2,29 +2,28 @@ let nixpkgs = { url = "https://github.com/NixOS/nixpkgs/"; ref = "nixos-22.11"; - rev = '' - 5b7cd5c39befee629be284970415b6eb3b0ff000''; + rev = ''5b7cd5c39befee629be284970415b6eb3b0ff000''; }; -in { +in +{ inherit nixpkgs; - nixos = nixpkgs // {suffix = "/nixos";}; + nixos = nixpkgs // { + suffix = "/nixos"; + }; "channels-nixos-stable" = nixpkgs; "channels-nixos-unstable" = { url = "https://github.com/NixOS/nixpkgs/"; ref = "nixos-unstable"; - rev = '' - 4bb072f0a8b267613c127684e099a70e1f6ff106''; + rev = ''4bb072f0a8b267613c127684e099a70e1f6ff106''; }; "nixpkgs-master" = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; - rev = '' - a8636efe2df64047cd58898010a72f73efd56722''; + rev = ''a8636efe2df64047cd58898010a72f73efd56722''; }; "home-manager-module" = { url = "https://github.com/nix-community/home-manager"; ref = "release-22.11"; - rev = '' - 83110c259889230b324bb2d35bef78bf5f214a1f''; + rev = ''83110c259889230b324bb2d35bef78bf5f214a1f''; }; } diff --git a/nix/variables/versions.tmpl.nix b/nix/variables/versions.tmpl.nix index e0734f1..66e90e3 100644 --- a/nix/variables/versions.tmpl.nix +++ b/nix/variables/versions.tmpl.nix @@ -6,9 +6,12 @@ let <% git ls-remote https://github.com/nixos/nixpkgs nixos-22.11 | awk '{ print $1 }' | tr -d ' ' -%>''; }; -in { +in +{ inherit nixpkgs; - nixos = nixpkgs // {suffix = "/nixos";}; + nixos = nixpkgs // { + suffix = "/nixos"; + }; "channels-nixos-stable" = nixpkgs; "channels-nixos-unstable" = { url = "https://github.com/NixOS/nixpkgs/"; diff --git a/scripts/sway-swapoutputworkspaces.sh b/scripts/sway-swapoutputworkspaces.sh index 9f8f637..6ed8d64 100755 --- a/scripts/sway-swapoutputworkspaces.sh +++ b/scripts/sway-swapoutputworkspaces.sh @@ -9,33 +9,33 @@ workspace_active=$(swaymsg -t get_workspaces | jq -r '.[] | select(.focused==tru # If any of the outputs doesn't have a workspace, do nothing if [ "$workspace1" = null ] || [ "$workspace2" = null ]; then - exit 0 + exit 0 else - # If script is provided with `follow` argument, then follow focused workspace - if [ "$1" = "follow" ]; then - if [ "$workspace1" = "$workspace_active" ]; then - swaymsg move workspace to output "$output2" - swaymsg workspace "$workspace2" - swaymsg move workspace to output "$output1" - swaymsg workspace "$workspace2" - else - swaymsg workspace "$workspace1" - swaymsg move workspace to output "$output2" - swaymsg workspace "$workspace2" - swaymsg move workspace to output "$output1" - fi - # Else focus stays with focused output + # If script is provided with `follow` argument, then follow focused workspace + if [ "$1" = "follow" ]; then + if [ "$workspace1" = "$workspace_active" ]; then + swaymsg move workspace to output "$output2" + swaymsg workspace "$workspace2" + swaymsg move workspace to output "$output1" + swaymsg workspace "$workspace2" else - if [ "$workspace1" = "$workspace_active" ]; then - swaymsg move workspace to output "$output2" - swaymsg workspace "$workspace2" - swaymsg move workspace to output "$output1" - else - swaymsg workspace "$workspace1" - swaymsg move workspace to output "$output2" - swaymsg workspace "$workspace2" - swaymsg move workspace to output "$output1" - swaymsg workspace "$workspace1" - fi + swaymsg workspace "$workspace1" + swaymsg move workspace to output "$output2" + swaymsg workspace "$workspace2" + swaymsg move workspace to output "$output1" fi + # Else focus stays with focused output + else + if [ "$workspace1" = "$workspace_active" ]; then + swaymsg move workspace to output "$output2" + swaymsg workspace "$workspace2" + swaymsg move workspace to output "$output1" + else + swaymsg workspace "$workspace1" + swaymsg move workspace to output "$output2" + swaymsg workspace "$workspace2" + swaymsg move workspace to output "$output1" + swaymsg workspace "$workspace1" + fi + fi fi diff --git a/secrets/holochain-infra/nomad.yaml b/secrets/holochain-infra/nomad.yaml index 89bcb33..f0fe5cd 100644 --- a/secrets/holochain-infra/nomad.yaml +++ b/secrets/holochain-infra/nomad.yaml @@ -4,37 +4,37 @@ holochain-nomad-cli-key: ENC[AES256_GCM,data:Kl7EJI1V5HGeE9nogY5rujwe8MQYA6tIc3b holochain-global-nomad-client-cert: ENC[AES256_GCM,data:eiPqZA5kCi5HPa5AlCTKmOD9r0uU5DlSClNTvg6asWybYZcipiQ6Md+cXxMl3VnemwBbxS8KxjuPg6k63SA+gypEW+XZP7VtCdHl4d65MOfIT6CpzTDVi0FUj58z2v7W6XfgAu33uDxTy+e4+SX69duUmmKicwe+CLK2ckfR3U32s39GKBDKYBZ8DTsAJmex45hf17rwcKsaMM142zgBcn2wbuNF46US8iWf4pKXJ4827pgD1HZ2Ry/IgFcRdSXGdsuAU9FcsuwTNfVftOtf/XGxrIJsvCoC7t/SalQSH4eg5s1N9N68vruKlV6AfVNIiQwfwdJ9ldeTOT3of/Fmu0ftiLaq5ZZ97zxd9Bean49EmJw5VEf63+cWKPonLxls1CV02dy1ua9zrjyX37Jz4dQiS02lZF/ljfcaGL+5TOQaX0oEIAA5tl7uaR/UIV7lqfFMZDUtQMHkYAkPkV/VF8wgyE8mD88KqKU+AdsL2yEyKo7VBAe/pYtGWsbyYhemmmpfPnUkt3wz+YQc7zs+MzaI/Z36BIGtY6ObNUfg++4dYXdoMrHufeRbihsLJ69m/bjF0qYtGCjrEPqTwF7WuWSz28to/ZOVrUKZgH8MOMoKKedzZ+kbzs9+hPDawCHs9VtiFo4d/roHBKMquDZVc6+VYtCjj8xjG8TJoJVWlKQogKa3zoWA0ZPwywwWb2V2ehocOk7MRxFZcek4gjvIJ7Ud6aom7dq3HIJJJYxwdVh7pJO9tJhW1T5R/n9g8zrANzXUvMyt55zUZytjF3pPFfaE7en+9LCf4h7AUocI1gOToUC9hlv/uhTOLCYU5S1xAtrlvvX4QSkmTyBTHe9XeOIZbI7LjzINRuO/XFKN/4dqz5/q195OprOBxg2fv1ETPJUwSN66PFYGh6VqhZZf/NokW1qYyrC0kW8lP/EZN6YGhQTyDRrSn3Y+U3nJuVEcydAKTSwzafR4pO4V6U02/CnBH8IqMsNMIhPPPwC1Wntqne3Rabdbx6ZWOxHQuv3cEPEronKGeeU4ADLBPSWnvGcVZuwgxzVpvVwCWtF59Aiew4pmWd8sqLnTOKrxY9BsV9nwRv0ZGE8l0NwiRGw2YIGWaXup0kwl6UVkSOgSuKqvIff09t3XXRINcwIh13jSAipsDpDjqT59qE0Uoc6/lV63eQKkqYs0wFTwc/XXZ2RJusNX+PDDCRW8xykmu4HC+rX7EMeF53xfDEi4wJGoSCySn3idt33A/QotnjDOl385/lkXwgVz4RjCiiCY016fje+78j7RBH3q,iv:nSXO+1ALy6Ie5aNIEm1ZZgZwOdJLrHjO+BwKVbbZQ7c=,tag:n4V165c86IQ3QHzYb1ThJA==,type:str] holochain-global-client-nomad-key: ENC[AES256_GCM,data:9w+1CYOXgm+xvg9iER+cLJBlKLyYmanr93tZ8xTl63ZIKho6DJLqGPCYdjlG4sHWyQUM6/Dpaa490yC4CToLX5MuUnSvqiaSgugcGqPa1DhlRYVsa8j5rdp90EDMoarN7xKe0ShIRW2GTT9S5EEyF2qdZUAFybpDPX2laZZ44UBz1QvlCp7gzs0duO4b95WPTHmlhfaw0BVF7FhFqkAHtH6qg24qEtwB3I4NmW5UsTKR+tbUCEyQcADQr1CrXhIHkQ8yZ52rc42H6gRQXoVrJomJgtiXf28ARY5K1oZMmICLDw==,iv:FSiRHgbqpKEYINVBLYp1A9YgroLT07GMDFqT/k8Vyqs=,tag:XX7oQhllDmrRLCEiMMYsfA==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtQmFtWk8vSHYydmt5OW5I - Z2JCVFJ0MHRoWkU1QXpzY1NGOFU5NHF1SkNzCkN6SEVXUlhnRHZKVXcrVStYRHFL - R2g5WG5tbExSVkVYMFlFL2tnWHlCNW8KLS0tIG5CaURNSjQ3QkRUS1FkdjljbmNB - YUwvY0hIZkhJcEZLUkFMWXBjMW1VSFUKBDDoDAbVaex00VRjuWKifbTrtKaHz7m8 - M3nrwfIcjsJiMs9vJXWh5J/dhRTWQp0kEZRaCtxN6gDz+dDE3TVAiw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-12T09:51:29Z" - mac: ENC[AES256_GCM,data:Eq/hdaWf9+CG2jLQsL2Sw+IHy0vef7cC0IR5xL3jooYbmilRYS2Lj+lRckVcLKTRHjLBlJmnY20wbL/iNwlyTsY3MkCTEMAg1aY2GVPq3/gL0Gl0/Em4pktfVLZGVTZLt6mKzAJMWM9RdTapW5sRlywZ4/fa1YQwoQQ3tFVWm4U=,iv:+Oy+dBT0B5k5eItscLlXrRzbPO1u8eQNBwoDLnZC06I=,tag:hVwJwd6m6oCOlQ0jC8H+Ew==,type:str] - pgp: - - created_at: "2023-07-12T10:09:31Z" - enc: |- - -----BEGIN PGP MESSAGE----- + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtQmFtWk8vSHYydmt5OW5I + Z2JCVFJ0MHRoWkU1QXpzY1NGOFU5NHF1SkNzCkN6SEVXUlhnRHZKVXcrVStYRHFL + R2g5WG5tbExSVkVYMFlFL2tnWHlCNW8KLS0tIG5CaURNSjQ3QkRUS1FkdjljbmNB + YUwvY0hIZkhJcEZLUkFMWXBjMW1VSFUKBDDoDAbVaex00VRjuWKifbTrtKaHz7m8 + M3nrwfIcjsJiMs9vJXWh5J/dhRTWQp0kEZRaCtxN6gDz+dDE3TVAiw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-07-12T09:51:29Z" + mac: ENC[AES256_GCM,data:Eq/hdaWf9+CG2jLQsL2Sw+IHy0vef7cC0IR5xL3jooYbmilRYS2Lj+lRckVcLKTRHjLBlJmnY20wbL/iNwlyTsY3MkCTEMAg1aY2GVPq3/gL0Gl0/Em4pktfVLZGVTZLt6mKzAJMWM9RdTapW5sRlywZ4/fa1YQwoQQ3tFVWm4U=,iv:+Oy+dBT0B5k5eItscLlXrRzbPO1u8eQNBwoDLnZC06I=,tag:hVwJwd6m6oCOlQ0jC8H+Ew==,type:str] + pgp: + - created_at: "2023-07-12T10:09:31Z" + enc: |- + -----BEGIN PGP MESSAGE----- - wcBMA0SHG/zF3227AQgAlXTAMih9lsxCEvh3UyK8vxuhnmnlluf22D+oz/e0JabE - DirPEM4FUlCV+8j+Hia5mKpgWJFDcMK0FqxIQvUwTj/I9AnIB740kcr5TVPcOWOU - 9TPmhjLT8RRhQWu8/URUnjdiF1YypOHYfUItSw/agTJa89T4ZJFsaA9IjNdZBUq8 - e0eTF+7Ha0wfll+V+veOPfL53uYuuIoDXoi5wwAjYa2433QsdLwUTKrRi4dNrQyo - dYnYltYRAe/4w/sFCkMlLRpo47J5m7SEggXrM8wni8QpTOJzOIqCP7XTm8MX3MKE - pU25kh0iCsBaNfwD34NF2Ti5l9aUuRWmy0EI+wcTKtJRAaMojKInR/TB8Tj4OD2O - p2IVFwZlPGgOOwZUTn5wyWWSuZD8JRJHxrYETpejXtPIGtnSkiVgphYlD/bagPA5 - eHRQH6uDdKM+/6FXnNMiu50G - =itdA - -----END PGP MESSAGE----- - fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B - unencrypted_suffix: _unencrypted - version: 3.7.3 + wcBMA0SHG/zF3227AQgAlXTAMih9lsxCEvh3UyK8vxuhnmnlluf22D+oz/e0JabE + DirPEM4FUlCV+8j+Hia5mKpgWJFDcMK0FqxIQvUwTj/I9AnIB740kcr5TVPcOWOU + 9TPmhjLT8RRhQWu8/URUnjdiF1YypOHYfUItSw/agTJa89T4ZJFsaA9IjNdZBUq8 + e0eTF+7Ha0wfll+V+veOPfL53uYuuIoDXoi5wwAjYa2433QsdLwUTKrRi4dNrQyo + dYnYltYRAe/4w/sFCkMlLRpo47J5m7SEggXrM8wni8QpTOJzOIqCP7XTm8MX3MKE + pU25kh0iCsBaNfwD34NF2Ti5l9aUuRWmy0EI+wcTKtJRAaMojKInR/TB8Tj4OD2O + p2IVFwZlPGgOOwZUTn5wyWWSuZD8JRJHxrYETpejXtPIGtnSkiVgphYlD/bagPA5 + eHRQH6uDdKM+/6FXnNMiu50G + =itdA + -----END PGP MESSAGE----- + fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/secrets/hstk0/secrets.yaml b/secrets/hstk0/secrets.yaml index 7b6c7fe..044372c 100644 --- a/secrets/hstk0/secrets.yaml +++ b/secrets/hstk0/secrets.yaml @@ -1,36 +1,36 @@ tf-eval-minio-root: ENC[AES256_GCM,data:83SacYkxLHU2fHbHNiLG9owDgakOY/nrZBnlDgltRlQDTSW9HkKejVrKtTaixjbxKCgsy9sgJBv8LZtqwthgZ6MI942YU2pJHL8le1wBsuY=,iv:uXbOw/9ljYjWCdafhupVJA7tIvcL801xszI8lrQnQIA=,tag:yolnZdYD1KZJFnH2gs8zzw==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age10xwq7a4y256yhv02j0u80te0vt4krgfjc68r0uw07t96z7ggmpwqtv38a0 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuVXBDSTgwVWtpN01ldjdv - UWIxNEZFVVowbFk4bnRNSEl6M1pHcUdIelFFClVHK211enBkODljWHVYNmFYM0gx - L01hVFFSeExtQmFXbytzSEMrbVMxYTAKLS0tIG9lMnBTMXJMMUZUcTRFcThrd1Ny - bEhlUzFqU2hkbXBZaldzeTdCbnhOdTgKsCcLlqcl+fnvZ8EGKNWlbSbLQvzx099E - fC/QlagRvdmVfsFpOQnd0cFzQ1X0EDAx6XcGF8mHBrAKqCS9GCAIyA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-08T16:59:30Z" - mac: ENC[AES256_GCM,data:VIA7UaP1c2kli+BuppPl4LH1jiU9qAfqvfejZ0Mv0E8CxQ0eLAMJVkZIzSygLCx00cPbqAkESrniCeLYagyEP4tS/cff2ngplzig4uFbZzniYMXcYF9VIAyBhGgQGEZlZPgh4r4wmBdUFfhc0CPzmYt0obJ1LXElGdAoeM4OcPs=,iv:KPFJX2qJaxMwvrw/R8xrw5Fk5FRyTQdxq7DnszToy88=,tag:/H7iPZlWk2qMrWbwZdeF5w==,type:str] - pgp: - - created_at: "2024-06-26T19:27:08Z" - enc: |- - -----BEGIN PGP MESSAGE----- + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age10xwq7a4y256yhv02j0u80te0vt4krgfjc68r0uw07t96z7ggmpwqtv38a0 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuVXBDSTgwVWtpN01ldjdv + UWIxNEZFVVowbFk4bnRNSEl6M1pHcUdIelFFClVHK211enBkODljWHVYNmFYM0gx + L01hVFFSeExtQmFXbytzSEMrbVMxYTAKLS0tIG9lMnBTMXJMMUZUcTRFcThrd1Ny + bEhlUzFqU2hkbXBZaldzeTdCbnhOdTgKsCcLlqcl+fnvZ8EGKNWlbSbLQvzx099E + fC/QlagRvdmVfsFpOQnd0cFzQ1X0EDAx6XcGF8mHBrAKqCS9GCAIyA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-08T16:59:30Z" + mac: ENC[AES256_GCM,data:VIA7UaP1c2kli+BuppPl4LH1jiU9qAfqvfejZ0Mv0E8CxQ0eLAMJVkZIzSygLCx00cPbqAkESrniCeLYagyEP4tS/cff2ngplzig4uFbZzniYMXcYF9VIAyBhGgQGEZlZPgh4r4wmBdUFfhc0CPzmYt0obJ1LXElGdAoeM4OcPs=,iv:KPFJX2qJaxMwvrw/R8xrw5Fk5FRyTQdxq7DnszToy88=,tag:/H7iPZlWk2qMrWbwZdeF5w==,type:str] + pgp: + - created_at: "2024-06-26T19:27:08Z" + enc: |- + -----BEGIN PGP MESSAGE----- - hQEMA0SHG/zF3227AQgA1qnWMAoXFJsx0A9dX2qFhRUHOlO+VKOi678pGQu4Pwld - wUdqAylrtaLDsr+kFwLvsGUKKHzfvaQH/EfEChQb2L9njzQjwNwmgZPAq6NqZAmB - EhudaY7R12Lb507Fsh/k7dgOFTuH0/ceKtW+QKF3SVVa+DwgOx8VRP3LJwGW4PQq - mRmPkyjnuFmepziTULe0ZPvO6PaH8FvLISBvMkBH+IGXat98OVgqGFzxHkpA3pey - 8w7mKDEi6i6g72GrrjuWFuh5JjSSb3og1ziO4O8XQ7mHqbUYwc4NfeVTYD7thdyh - OsijkXHvvHkRidTjTn4ZEzxFaNgTvzRB0V7r/jEu3tJcASfyDt4sXkKv84xu29Pp - BYZLj9xUrS30bmI8NOP77sy/3++ppX96oKhi91S7F0HZcznJPOhS+YtomXCCGvS9 - qaN8kkDXt5k5dkLd2+eft7CCF8+lwf6XX/qEjPw= - =+0h1 - -----END PGP MESSAGE----- - fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B - unencrypted_suffix: _unencrypted - version: 3.8.1 + hQEMA0SHG/zF3227AQgA1qnWMAoXFJsx0A9dX2qFhRUHOlO+VKOi678pGQu4Pwld + wUdqAylrtaLDsr+kFwLvsGUKKHzfvaQH/EfEChQb2L9njzQjwNwmgZPAq6NqZAmB + EhudaY7R12Lb507Fsh/k7dgOFTuH0/ceKtW+QKF3SVVa+DwgOx8VRP3LJwGW4PQq + mRmPkyjnuFmepziTULe0ZPvO6PaH8FvLISBvMkBH+IGXat98OVgqGFzxHkpA3pey + 8w7mKDEi6i6g72GrrjuWFuh5JjSSb3og1ziO4O8XQ7mHqbUYwc4NfeVTYD7thdyh + OsijkXHvvHkRidTjTn4ZEzxFaNgTvzRB0V7r/jEu3tJcASfyDt4sXkKv84xu29Pp + BYZLj9xUrS30bmI8NOP77sy/3++ppX96oKhi91S7F0HZcznJPOhS+YtomXCCGvS9 + qaN8kkDXt5k5dkLd2+eft7CCF8+lwf6XX/qEjPw= + =+0h1 + -----END PGP MESSAGE----- + fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/secrets/router0-dmz0/secrets.yaml b/secrets/router0-dmz0/secrets.yaml index d2ef8f6..113f950 100644 --- a/secrets/router0-dmz0/secrets.yaml +++ b/secrets/router0-dmz0/secrets.yaml @@ -16,37 +16,37 @@ wg1-privatekey: ENC[AES256_GCM,data:Q3zb6oLhBqW+D063S37O2vZD3PSn3yIYWWkOtZwvpmMm wg1-publickey: ENC[AES256_GCM,data:7svFjRVdWBmrUt2qzHSmgBo4HPwJR6I6p3rZg2U+h1uVhQwCnUCH6JATVZs=,iv:xWUKpjmmrf/U8T8XmdL4Ox+aqkftnh8oeORCkhtJoBU=,tag:+k+E13X+EbZxfiq0MoGIEg==,type:str] wg1-peer0-psk: ENC[AES256_GCM,data:egtyccOYD4NAUTunpvVXTJwjtSdJJT8v5O9Wl7NoCKy2eDzrQvrEEK8Zzts=,iv:D7EQkj2Oz2JJIF6slTLq3A4esKN6VfkOA+odHvjSeUE=,tag:z/blOUXX1JOyqtXgMldnlg==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vr69hfmjgkqu47g5hjacet6n2tq4rhwnvdrmfa6n6l7fkqvvafnsaccf8u - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2RTBvZEFjNDRhOUl4Rkd3 - cm5FWHpIUUlMZDl5dStlb3J2eGNndDZNNGh3CnJFcWFSSDlpY1hycWpxN1Z0OVkz - T0hTV20vNnFGQzhNVDNhMlF1d2FMNFEKLS0tIEZaajFqTjk1NjlqcE82eXVDekhL - NUhhK2oxUTAxeGxVSlBkUzdHbUpuaGMKYNvJWkKoNbdrwXHyoih22+aV+6F1yhTl - 9RplfG43PTV6tNJUScthRnCHo0CLNHwF39sb9y2kt7y8fVs2vuPzzg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-26T07:56:29Z" - mac: ENC[AES256_GCM,data:vNe8pUFhcZyeh/T1o1PQGvpQEEV4pEXSqC+Ssi7RXZfHe33hmhJoOyfj1KytJnUAE22BWXzuNQdwMj+mmuUP8bAdgLZPWZjU3g2H7O6NTOUHHBymZSXnMvzzPBlHZDw9GzUkgEdbze/SLzEL6ZjplBIr+DOEDfkC9TsDokie+f4=,iv:HhHJXk+mo6WxKIs41wtCVwxG2j3C+em3dR6fDNnhMn4=,tag:Wzr21Rk7hB7+6zK6XfWbig==,type:str] - pgp: - - created_at: "2024-07-13T14:51:09Z" - enc: |- - -----BEGIN PGP MESSAGE----- + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vr69hfmjgkqu47g5hjacet6n2tq4rhwnvdrmfa6n6l7fkqvvafnsaccf8u + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2RTBvZEFjNDRhOUl4Rkd3 + cm5FWHpIUUlMZDl5dStlb3J2eGNndDZNNGh3CnJFcWFSSDlpY1hycWpxN1Z0OVkz + T0hTV20vNnFGQzhNVDNhMlF1d2FMNFEKLS0tIEZaajFqTjk1NjlqcE82eXVDekhL + NUhhK2oxUTAxeGxVSlBkUzdHbUpuaGMKYNvJWkKoNbdrwXHyoih22+aV+6F1yhTl + 9RplfG43PTV6tNJUScthRnCHo0CLNHwF39sb9y2kt7y8fVs2vuPzzg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-07-26T07:56:29Z" + mac: ENC[AES256_GCM,data:vNe8pUFhcZyeh/T1o1PQGvpQEEV4pEXSqC+Ssi7RXZfHe33hmhJoOyfj1KytJnUAE22BWXzuNQdwMj+mmuUP8bAdgLZPWZjU3g2H7O6NTOUHHBymZSXnMvzzPBlHZDw9GzUkgEdbze/SLzEL6ZjplBIr+DOEDfkC9TsDokie+f4=,iv:HhHJXk+mo6WxKIs41wtCVwxG2j3C+em3dR6fDNnhMn4=,tag:Wzr21Rk7hB7+6zK6XfWbig==,type:str] + pgp: + - created_at: "2024-07-13T14:51:09Z" + enc: |- + -----BEGIN PGP MESSAGE----- - hQEMA0SHG/zF3227AQf/T6Q1PsQ+qH2gGRrF29Ng9LehcKu2UMjTN3uKCgy7klPm - Pd5qLxQA94GNz/70AL0sOUdc04R7pWWsswBuhNj1semefH/DAMRDfCt9+DpV23Lz - bswCQXWqpDy0CUKULwLoMRbcM5PZcsnRsa5xky07uub7GyZ8m+UFzD1ISzn9bbIQ - Sg5MTIegQC1QDYZLWFpP/kSf1AvZUG3HfMee9tapyMgEaMVW7XAy+C/DrIIEdnAk - 6m/QWD+PyDfJf2RA9URoezpSgi4foCuc1PAX4k8Oq71YRjBZWSrBtVa6sfCvsfdF - cEKvXJk3X2/glYRiQrIfib9QRjewWwOcfEV4R2knZtJeAa8ppOZQAfO0YFAzZPd/ - yIBsHXBG3gXRBUe+dGF3nKaA2mFuktK2GRI78lON0oDrHm2a02n9dwyYG/HnvgNZ - sEc6lNHEV2ERedCeaTfAgCg6kWTWgP1ckkY3IAdHgg== - =nn0o - -----END PGP MESSAGE----- - fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B - unencrypted_suffix: _unencrypted - version: 3.8.1 + hQEMA0SHG/zF3227AQf/T6Q1PsQ+qH2gGRrF29Ng9LehcKu2UMjTN3uKCgy7klPm + Pd5qLxQA94GNz/70AL0sOUdc04R7pWWsswBuhNj1semefH/DAMRDfCt9+DpV23Lz + bswCQXWqpDy0CUKULwLoMRbcM5PZcsnRsa5xky07uub7GyZ8m+UFzD1ISzn9bbIQ + Sg5MTIegQC1QDYZLWFpP/kSf1AvZUG3HfMee9tapyMgEaMVW7XAy+C/DrIIEdnAk + 6m/QWD+PyDfJf2RA9URoezpSgi4foCuc1PAX4k8Oq71YRjBZWSrBtVa6sfCvsfdF + cEKvXJk3X2/glYRiQrIfib9QRjewWwOcfEV4R2knZtJeAa8ppOZQAfO0YFAzZPd/ + yIBsHXBG3gXRBUe+dGF3nKaA2mFuktK2GRI78lON0oDrHm2a02n9dwyYG/HnvgNZ + sEc6lNHEV2ERedCeaTfAgCg6kWTWgP1ckkY3IAdHgg== + =nn0o + -----END PGP MESSAGE----- + fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/secrets/router0-hosthatch/secrets.yaml b/secrets/router0-hosthatch/secrets.yaml index 9891362..c0606da 100644 --- a/secrets/router0-hosthatch/secrets.yaml +++ b/secrets/router0-hosthatch/secrets.yaml @@ -7,37 +7,37 @@ wg1-privatekey: ENC[AES256_GCM,data:dcD5isfYT+diae7tS6OSEQiqEkrpUxw0io8EqaSUaaFx wg1-publickey: ENC[AES256_GCM,data:08fRjmGysmgGwXgwGqtMmO4iMWNIOucRnD7l4qaCh1hVWAk2BbO3OcHw010=,iv:PfKUVRyjEVT2BBUCmruR026n/P2kT2Papq46DOFq3rE=,tag:AhyI1yHdEucmQEo6iHnznQ==,type:str] wg1-peer0-psk: ENC[AES256_GCM,data:zlQv7B2Xm+QUzevsYDD2ckIp3PdEAOSEPv6UKYLKRUGWXKE9eLhC1dNq5t8=,iv:kehiDKfew68S2pfRFq5OyTm+Ixo05uiAiHDg30xhP4Y=,tag:0GSr1d26ALehewMF5b6woQ==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuRzJxaGJVclFwZE9ZT3BP - OHNEaVg5ZVl0Nm9YTWo3Q1lmSEw5dnRoRVY0CkpCeWxXU0RybU45Y3RvVkxJYkEv - TjJsb3AyNVR6QmJVbnJsZzE3S0VmQjgKLS0tIHVHSTZVOHc4R0E1TWNETWNlWEty - czc2YUdudGdnVlZteXBmaHZaV1NWbGcK6jWSkOEBYN+1HQ+IZdBKknYo96Aydp/s - +hK8V6qEyCkAqWLYEnZ5ErMEc8OcOyYCQnYyCb10SWJvye+uyX8SZg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-09T14:08:09Z" - mac: ENC[AES256_GCM,data:nCwAca0MktoxUb0W+1B7+4UP5IOG4cuj2BhJBxjDV4gjYBSKYJs5gSdYytjOpu76ePXSUHgyiPH0Joe5ESubaUN4zPIWMLpkEk6WjXnmXRTY8B5ZZ+AVR2lxNi7UtiCyx0yjAVZFxuk33MmKR2yXMLEqE6U/70fccJlY+dbTaVU=,iv:QTafba+auq3Zv/xoBzHmnIMmfDAynqApAcr/T0Uh/2g=,tag:RREUDKF4Kruy0AEFDqSVuw==,type:str] - pgp: - - created_at: "2024-06-09T14:07:43Z" - enc: |- - -----BEGIN PGP MESSAGE----- + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuRzJxaGJVclFwZE9ZT3BP + OHNEaVg5ZVl0Nm9YTWo3Q1lmSEw5dnRoRVY0CkpCeWxXU0RybU45Y3RvVkxJYkEv + TjJsb3AyNVR6QmJVbnJsZzE3S0VmQjgKLS0tIHVHSTZVOHc4R0E1TWNETWNlWEty + czc2YUdudGdnVlZteXBmaHZaV1NWbGcK6jWSkOEBYN+1HQ+IZdBKknYo96Aydp/s + +hK8V6qEyCkAqWLYEnZ5ErMEc8OcOyYCQnYyCb10SWJvye+uyX8SZg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-09T14:08:09Z" + mac: ENC[AES256_GCM,data:nCwAca0MktoxUb0W+1B7+4UP5IOG4cuj2BhJBxjDV4gjYBSKYJs5gSdYytjOpu76ePXSUHgyiPH0Joe5ESubaUN4zPIWMLpkEk6WjXnmXRTY8B5ZZ+AVR2lxNi7UtiCyx0yjAVZFxuk33MmKR2yXMLEqE6U/70fccJlY+dbTaVU=,iv:QTafba+auq3Zv/xoBzHmnIMmfDAynqApAcr/T0Uh/2g=,tag:RREUDKF4Kruy0AEFDqSVuw==,type:str] + pgp: + - created_at: "2024-06-09T14:07:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- - hQEMA0SHG/zF3227AQgAkYv+dSMKF647ApqeslZpv22LmhdphDTSQjaRJdIK4gM4 - kv4aJ4L0K/fDqKtsbszbAnuratJnOxnhGaydTX5Ob9tb5QbFfmC2C4OED6hB/enu - hsP9BpsA945Keqf27NyXgxnLDVr6OXcpZqWZbYqHmWDx+BHrw500hgFb91ejzf3c - 6KF2Rrp4PsUl58D6LcSFxfqcna7l2+Ptx+k2vfInSkyPit/5tjry8SyBbUFWPwz2 - gVj9MN0bLCMqhToFh532GSDmnxNd8d1Sb8G1riJ4JaTHStV3s6KebF90ws3FtC5n - y0f/BbjkSqEqNIKFplPZ4Cx6O7WsXbH1hU1Dgba9G9JeAYVAFyi+OnCV49ugZ93p - uwGhpXmP6RbGVT6JB/beAdUToTdP0EfdVE4LlxkssEFd8HHzO8kD2u7k7glkDEq7 - Ox1QlDrMuz0zRE6D5B4DwXrWvAOw/TjvydWjyS6HCg== - =5YRC - -----END PGP MESSAGE----- - fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B - unencrypted_suffix: _unencrypted - version: 3.8.1 + hQEMA0SHG/zF3227AQgAkYv+dSMKF647ApqeslZpv22LmhdphDTSQjaRJdIK4gM4 + kv4aJ4L0K/fDqKtsbszbAnuratJnOxnhGaydTX5Ob9tb5QbFfmC2C4OED6hB/enu + hsP9BpsA945Keqf27NyXgxnLDVr6OXcpZqWZbYqHmWDx+BHrw500hgFb91ejzf3c + 6KF2Rrp4PsUl58D6LcSFxfqcna7l2+Ptx+k2vfInSkyPit/5tjry8SyBbUFWPwz2 + gVj9MN0bLCMqhToFh532GSDmnxNd8d1Sb8G1riJ4JaTHStV3s6KebF90ws3FtC5n + y0f/BbjkSqEqNIKFplPZ4Cx6O7WsXbH1hU1Dgba9G9JeAYVAFyi+OnCV49ugZ93p + uwGhpXmP6RbGVT6JB/beAdUToTdP0EfdVE4LlxkssEFd8HHzO8kD2u7k7glkDEq7 + Ox1QlDrMuz0zRE6D5B4DwXrWvAOw/TjvydWjyS6HCg== + =5YRC + -----END PGP MESSAGE----- + fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/secrets/router0-ifog/secrets.yaml b/secrets/router0-ifog/secrets.yaml index 96cb8ea..0566d57 100644 --- a/secrets/router0-ifog/secrets.yaml +++ b/secrets/router0-ifog/secrets.yaml @@ -9,37 +9,37 @@ wg1-privatekey: ENC[AES256_GCM,data:dcD5isfYT+diae7tS6OSEQiqEkrpUxw0io8EqaSUaaFx wg1-publickey: ENC[AES256_GCM,data:08fRjmGysmgGwXgwGqtMmO4iMWNIOucRnD7l4qaCh1hVWAk2BbO3OcHw010=,iv:PfKUVRyjEVT2BBUCmruR026n/P2kT2Papq46DOFq3rE=,tag:AhyI1yHdEucmQEo6iHnznQ==,type:str] wg1-peer0-psk: ENC[AES256_GCM,data:zlQv7B2Xm+QUzevsYDD2ckIp3PdEAOSEPv6UKYLKRUGWXKE9eLhC1dNq5t8=,iv:kehiDKfew68S2pfRFq5OyTm+Ixo05uiAiHDg30xhP4Y=,tag:0GSr1d26ALehewMF5b6woQ==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuNmRsNDJRbHZmS3JmOVht - c1kyKzBXdGxkQXErQlhXUzBmMm12eXNCVlVVCm9KUCtZeWJWYWVJUFhYRUlLVDdD - Nk9Wdk5WeXl2ZGNybGxnZWtGR2thTDgKLS0tIEovQnU0bzRCdEp6RnVvZCtUTlFL - dFBOcE9leDQrYzVQNUpLZzJBYlBYaE0KyKVh0VDpbA2eIh9d+KhCYKjbl4fHPt07 - fVbbDEz67bWNjaH6Yg6xlNQIhv9prUK2isckVizpUANmOKxPJ2ia2Q== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-26T17:23:41Z" - mac: ENC[AES256_GCM,data:Ez/79vUHs+9B/v2qlUiPQeuYHRdvjUg1jJOt3C6xEnncDQ2fH0CUxKEIfjgJR7eatwvZSznprv2wCD8Ik0SKunjRI1UGe5JmrVstqoSDbo+MxpdwrqA8zC5unpRUYenvyo9m8ZW/DnjKz0ArorYjA9vid878MdemkHtSjjZzik8=,iv:2CkmPRjYYt7q7HAdEjIbJHaSUG6Yr92pEkk+Dd3E7LE=,tag:S8LPb0mEjRZQqawX310SOg==,type:str] - pgp: - - created_at: "2024-06-08T18:36:55Z" - enc: |- - -----BEGIN PGP MESSAGE----- + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuNmRsNDJRbHZmS3JmOVht + c1kyKzBXdGxkQXErQlhXUzBmMm12eXNCVlVVCm9KUCtZeWJWYWVJUFhYRUlLVDdD + Nk9Wdk5WeXl2ZGNybGxnZWtGR2thTDgKLS0tIEovQnU0bzRCdEp6RnVvZCtUTlFL + dFBOcE9leDQrYzVQNUpLZzJBYlBYaE0KyKVh0VDpbA2eIh9d+KhCYKjbl4fHPt07 + fVbbDEz67bWNjaH6Yg6xlNQIhv9prUK2isckVizpUANmOKxPJ2ia2Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-05-26T17:23:41Z" + mac: ENC[AES256_GCM,data:Ez/79vUHs+9B/v2qlUiPQeuYHRdvjUg1jJOt3C6xEnncDQ2fH0CUxKEIfjgJR7eatwvZSznprv2wCD8Ik0SKunjRI1UGe5JmrVstqoSDbo+MxpdwrqA8zC5unpRUYenvyo9m8ZW/DnjKz0ArorYjA9vid878MdemkHtSjjZzik8=,iv:2CkmPRjYYt7q7HAdEjIbJHaSUG6Yr92pEkk+Dd3E7LE=,tag:S8LPb0mEjRZQqawX310SOg==,type:str] + pgp: + - created_at: "2024-06-08T18:36:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- - hQEMA0SHG/zF3227AQf/VntYsys2fb7NslwBbEwQ4VYh8OOWtCGhqbVw045QflFD - 2hS1cT85MDNTwPnnDW4NYbf3UEIq12eXVDFR8+4S4mMun68OmxEf3UhSB6k2cDgh - iwM6HdAh13cC4UfYBpEq/NTr9omdoXPrcjQNYxqm8OBRNf1126L5XmQ4NT2Lg8Yw - 2HcDIxrl9vX1X8OYd7fwc7TIJpVYCmG2UhVrz+gS4q51s1hi1t1BZdeUhU9RpSdZ - Mu2HlB68t597wAXOB88K+zJG4+uUQrpz9V2Xd/lfzFIeQtwLcA/NdoZs+AMEQE+j - wa5FPI08uF68KbwzXYCq2NEPKA4SX9UzlirJjdAukdJeAfqO5woWkuDHmDj+nDDS - fSwL7mVNd43h9uO3PXi7j8kj32dwLcBSjkeuN1+gaTBLixzzp0drLTD1DkeY8kBS - ROvWaNhXsrm+uB9d8aaznqfWS9C+3PE5fY9untPIUA== - =f2HS - -----END PGP MESSAGE----- - fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B - unencrypted_suffix: _unencrypted - version: 3.8.1 + hQEMA0SHG/zF3227AQf/VntYsys2fb7NslwBbEwQ4VYh8OOWtCGhqbVw045QflFD + 2hS1cT85MDNTwPnnDW4NYbf3UEIq12eXVDFR8+4S4mMun68OmxEf3UhSB6k2cDgh + iwM6HdAh13cC4UfYBpEq/NTr9omdoXPrcjQNYxqm8OBRNf1126L5XmQ4NT2Lg8Yw + 2HcDIxrl9vX1X8OYd7fwc7TIJpVYCmG2UhVrz+gS4q51s1hi1t1BZdeUhU9RpSdZ + Mu2HlB68t597wAXOB88K+zJG4+uUQrpz9V2Xd/lfzFIeQtwLcA/NdoZs+AMEQE+j + wa5FPI08uF68KbwzXYCq2NEPKA4SX9UzlirJjdAukdJeAfqO5woWkuDHmDj+nDDS + fSwL7mVNd43h9uO3PXi7j8kj32dwLcBSjkeuN1+gaTBLixzzp0drLTD1DkeY8kBS + ROvWaNhXsrm+uB9d8aaznqfWS9C+3PE5fY9untPIUA== + =f2HS + -----END PGP MESSAGE----- + fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/secrets/servers/dyndns.yaml b/secrets/servers/dyndns.yaml index 94768bd..b93a80f 100644 --- a/secrets/servers/dyndns.yaml +++ b/secrets/servers/dyndns.yaml @@ -1,37 +1,37 @@ dyndns_www.stefanjunker.de: ENC[AES256_GCM,data:xHpC/V9OWCMpTKs1,iv:gW6f6kQedbdxbz1zJAY6xceoeG/LqPG/Ss3DaBm/Ta0=,tag:v2V/hzRg+xgO8zpwyIBVXA==,type:str] dyndns_mailserver.svc.stefanjunker.de: ENC[AES256_GCM,data:auVHa5n4335mNXAy,iv:WZMOA+Z7/w+Jsu5193WwERXZrt/5JDiMUKIZo8ieT7w=,tag:YmEDp/0gjgPY2kg9GNKmxQ==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnWFR1cWJkWFl3SHphNVlt - NmI0eDFJanVLVlFKeWcydDNaclp0VlQveVJnCnRBc0JTUzZkV0l6cWdaNko3YUNM - bWZRaGpYMHZWWkRPMjY4SEF3S200YlUKLS0tIExrWGhjM01YdS85U000Q2o1TjUw - VFpZb0dEL2w5NWErR245MUplZE9xN28KiGaqrH9wYZ2goHKYygLgPZIZmUCosHc0 - RNaMVrIv7I9dPMiqlKdSl1Xp/ePa9gxUhVCpsFIZmlrlhHxv0TLtkQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-14T20:50:30Z" - mac: ENC[AES256_GCM,data:09EAhiFSNroQKelSHF0YdJl8INdYVcjK4BfiOktY+Nx1GK2BA6T8grvIHGB1UZaDvS/AzjcSIq+5ZnyfBU13Ks8zH5oQ11La48FheE3bL38KS+JNgqw3F53w/NUVFkYFp2YRuCqkg8/OBmT3OONLggF7ziuQEByW5NlOUdLejkA=,iv:qe4kBBxxpFdKNszbvZlIXjA2Ybc+NAU2GkMcSviZczE=,tag:98ABbbVh5qPnAzo0xkZ81w==,type:str] - pgp: - - created_at: "2023-11-23T12:05:35Z" - enc: |- - -----BEGIN PGP MESSAGE----- + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnWFR1cWJkWFl3SHphNVlt + NmI0eDFJanVLVlFKeWcydDNaclp0VlQveVJnCnRBc0JTUzZkV0l6cWdaNko3YUNM + bWZRaGpYMHZWWkRPMjY4SEF3S200YlUKLS0tIExrWGhjM01YdS85U000Q2o1TjUw + VFpZb0dEL2w5NWErR245MUplZE9xN28KiGaqrH9wYZ2goHKYygLgPZIZmUCosHc0 + RNaMVrIv7I9dPMiqlKdSl1Xp/ePa9gxUhVCpsFIZmlrlhHxv0TLtkQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-07-14T20:50:30Z" + mac: ENC[AES256_GCM,data:09EAhiFSNroQKelSHF0YdJl8INdYVcjK4BfiOktY+Nx1GK2BA6T8grvIHGB1UZaDvS/AzjcSIq+5ZnyfBU13Ks8zH5oQ11La48FheE3bL38KS+JNgqw3F53w/NUVFkYFp2YRuCqkg8/OBmT3OONLggF7ziuQEByW5NlOUdLejkA=,iv:qe4kBBxxpFdKNszbvZlIXjA2Ybc+NAU2GkMcSviZczE=,tag:98ABbbVh5qPnAzo0xkZ81w==,type:str] + pgp: + - created_at: "2023-11-23T12:05:35Z" + enc: |- + -----BEGIN PGP MESSAGE----- - wcBMA0SHG/zF3227AQgAjfBO/8RSFW5aIhchSLLvhNzhIF+p2f4KZTAiT0uhB5u6 - T10j8i0q5IV9XVDdRXxYZwBn6LDFOJ6WJ7hIv61Ri+jCGZ8N8Mr6OA7HyB+6zQmg - 3PON+5qJC8FHFHiW+bB7NEULdlILS5Q6E3atjGmgOHKYq2O5L+IZgxp5Udt/oXuF - CqIW22M/9ftEipgG2b2Txgq1PTNFWI8gYRVacuSU5UD687EacH4fTDyIdXk01FMW - LmIh9h64kA5b6VALma1C2ztP0uvCUOSfVsvKJEILOb/kTb0qCdSkEM44onXTCHM+ - fBo140l54Cy1aIxFPsU8J/KkVbQ9Q6dOxIxrpaEQP9JRAUrBpLwbVLpWww2WFwG3 - nTplRw3DzGTGoV7CgdzRRhjv7fkb+h5eWLpFqSj6r2MG5PnEjnnDiBaa611sDN// - ijdeSDMnCT93t6BEeNKvmTPS - =60WW - -----END PGP MESSAGE----- - fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B - unencrypted_suffix: _unencrypted - version: 3.7.3 + wcBMA0SHG/zF3227AQgAjfBO/8RSFW5aIhchSLLvhNzhIF+p2f4KZTAiT0uhB5u6 + T10j8i0q5IV9XVDdRXxYZwBn6LDFOJ6WJ7hIv61Ri+jCGZ8N8Mr6OA7HyB+6zQmg + 3PON+5qJC8FHFHiW+bB7NEULdlILS5Q6E3atjGmgOHKYq2O5L+IZgxp5Udt/oXuF + CqIW22M/9ftEipgG2b2Txgq1PTNFWI8gYRVacuSU5UD687EacH4fTDyIdXk01FMW + LmIh9h64kA5b6VALma1C2ztP0uvCUOSfVsvKJEILOb/kTb0qCdSkEM44onXTCHM+ + fBo140l54Cy1aIxFPsU8J/KkVbQ9Q6dOxIxrpaEQP9JRAUrBpLwbVLpWww2WFwG3 + nTplRw3DzGTGoV7CgdzRRhjv7fkb+h5eWLpFqSj6r2MG5PnEjnnDiBaa611sDN// + ijdeSDMnCT93t6BEeNKvmTPS + =60WW + -----END PGP MESSAGE----- + fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/secrets/shared-users.yaml b/secrets/shared-users.yaml index bc05028..a7e26dd 100644 --- a/secrets/shared-users.yaml +++ b/secrets/shared-users.yaml @@ -8,127 +8,127 @@ sharedUsers-radicale: ENC[AES256_GCM,data:Mn1QIwQDX0ZnZ0Jbk1RYY60k+XbbGPYYf+NG3x sharedUsers-elias: ENC[AES256_GCM,data:RsGDCguYkqegKhkO20lr8HjrTABAaNJmDiGK3DhhbX1sOLMweZwDtESvYjCfAOzWpiAaFh0BqevMkuUcEYQTBubSX+X0EZ0dFrdbVxIe7lq7Dosds98SqKLL4zWqe2y2qsphvj+oAz7Utg==,iv:JXIbyqAUt1OcB+bvgK6H2NU6Ip4nWRJ1/Hje75FfHC4=,tag:kPFALVkf1GbRj1J85SZm6Q==,type:str] sharedUsers-justyna: ENC[AES256_GCM,data:BGVp2QppWWaYHK3rwLlyy7SOWxSqKGsn7lemWe0KUzgiQc6D8ivYvXdGaAhJNvhgVTxlK6BZOacG4NESWf5hi7sN8AkwTT/6pa9WzhQQGNnwZIaVulXeddzFlebbh8pAt0WYV82DRejX3Q==,iv:RMysIp0pMnCLhWogWiGq4IpZA43sd0DPj3jeV0oRkY8=,tag:VvXPzyGAoATlSedvV2prJA==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFNEhXWDlsNjFIdXdZQkVa - T3RJeWZQOWgva2lMdHZ2MG54QURQK1ZGQnhzCmwvUWZYaGlIeTQ5WStscXU2Y3NM - am9ybGhkdHE5M25uUXVMNmtRRkZlVTgKLS0tIGovcUZFdnkxdjZDck1TczVOTXND - cUdkdEJ0TFBqUmo3US82M0JIZ2ZwcHcKSbLAajoj/GcQIe2LDSTIKy8Ztuw719hF - UIUsPBI8QsUJcLFYm9S47wm6If82Rmj2h4A0wk7dkPj5onSrdFqyiQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPWW9kd2tUYTkyaEROMjBK - NmZPZ3ZBRVpjL0VOeDNHS0libndFeE9TQ1NNCisrVFhza1JwYWt1VVBmSWd0VlQ5 - cDd2LzUyUllUQjdBMldlRFl0R1NxWXMKLS0tIEVIQ3RsZUJjUXVURHl2VEtaZ0xM - MFkwbU1RTnNPdHk5cW9laDhuNS9Ua1kK2QRHbLlQuQRHpjLBTNUV9qkn0+3J7AgV - H/WJH2cIjJcloRkV/vllLQA6Xd2V6aYPyWKaj0htnlthvCcDFa+6vA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6M08vb2l0Rmo3WFRBZWRQ - b2crK3VQR3ZRNE53VzY5U3JkSFNYNXFyUkFnCmJXVlEzSTRKUVp5Y2U3SUtOa2Vj - RlA5WVZ6b3VhWnpJdXlkOWV3VjBxSkUKLS0tIExxYWZNNXpXdTR6eUszRU5CWWZv - RTE3aytzYmR6dUxWSktXNE5kUnFOQmMKwnk9/LjT5sMyyVyFCfTjwTN8I493tRky - Pj2y8u/M+d4s6llA+k5zEBB2yYE+VPRqF4dz3XwqDDomHJb98YAh5w== - -----END AGE ENCRYPTED FILE----- - - recipient: age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQMnorb0s4NFpTdmkyVUxl - Q1ZHRi9QWktTTW5xaWYzUnQrUmNzMXZPemxBCnFVZ2lWeUpPd2hlTjJ0VmJNaWFQ - UFdGTHFxQjVZRGlwTjZ5TURPVzF0RGcKLS0tIGVmZExBMWhmV0RhRDVUNXJyUjUz - L2FsWUhGQWlNSUlJVnNLYkdqakhCbmsKAtnEPfI2fPjRPimEVI7yX4VrYzHvNfnS - juJbqMO6cy544O/5r2mkgUgo7VmUtFHmyrUFgmtpx3Hu22fdGmX4vQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRdXFTUFNhZlptSWMvdndq - aisyNFJ0WjIxa2dYYkptS2FwcGRTTktZNUJBCk1ZWC9sbDYwQUxaQVdqeTE3R1VY - NUZSMjlrRW5USGZBaENGdDJSM0prUlUKLS0tIHBXc1dNYXZkL1NBMThrMkJnSTl1 - cUR3dUZKV1FTK2dKK1FTZndtOW9Ed1kKStJ6/ER1SAGrBGJN4gXjTY0otsRoT9jN - 6sMeD82p4Y3OUOz6QhtzLquwa5pV23TVP0CG4ilK8xPX4K/JklNQmg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1vr69hfmjgkqu47g5hjacet6n2tq4rhwnvdrmfa6n6l7fkqvvafnsaccf8u - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4TDJ0VjJGV1RyVmdjSlly - OEpNbCtxN3dBR1dMYms4Q3U4cW1RU0VWRmswCkpORVRHMmpYRUhsaHVCQ1d3Mmhh - TkY2TFdiWnVieENPeXk2R3oxclJtUzAKLS0tIDFEZFBKUUx4OHgycWozRVBkeWFs - YUpBRWU1Mzg0YlVGb3BXUzQ5Q0MxZk0K8SXgkE0Ixo16alXjSE+ILnE/ZoOWyYVL - +u4LvOur6brdVyvkm8tQjkfzFBwUYMJesgLO5Ws3NBj7dAg/ec1kDg== - -----END AGE ENCRYPTED FILE----- - - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYV2tnZVBMeHhjVTFoYm9E - V3l2dWhvYlRDQzNnS0RKc0g4L1R5WDZzcDNBCjN6RXhHMzhzOG1BSWgwcWNqa2dO - WTdwSVRXbkhVbjI0R1lrY1Zhbk1qSmsKLS0tIGpVaXd6czI5S3VYTTdqNVhGbjB3 - cVZFdXFqVGtwSURSRENzSWhtSnZQaW8KIn14YKiCs3JupsvbY7NAzc2zMoGS0BM9 - Vp0dPXlEL9iT5H96jpn/W1ODRqbjmIOs4vCmmb2etvytSnoLNqgx8w== - -----END AGE ENCRYPTED FILE----- - - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCampiMk9BNGVVWUhRdVAy - aW5Db1BYV1FWMCtmRkhiLzZDWWIyckdTaVFnCktPaXppVk9telNGV00yRGJkeFRE - MkU3R1dtd0ZBWE9IUzEvbGlmWkpXeEEKLS0tIEpDWjk3WVZ4c2RIbVdscTZiSUV0 - RDNsSE1CREhpeG5lM2pPRmhkL1NxdjQK6YQBGQT2LscB4+J3y8zUg+eX67CAfDZ/ - zfi7D4W8z3vJZ49329gc5bmjjvYpauWdo/WDsgRYZbvQMil3ug/7dA== - -----END AGE ENCRYPTED FILE----- - - recipient: age10xwq7a4y256yhv02j0u80te0vt4krgfjc68r0uw07t96z7ggmpwqtv38a0 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZjFUL2pxSkNrRjRhb3RE - dVRqbWJrbXd6Sk8yOHEyN0tKQ3hSNnlROEN3Cm44VkxJMDB0Y2daZm5CWEl2TDJL - cUZjRUtYOFlBRUhMMkRBWWk5a05zV00KLS0tIEJySHY5UGJMSjJVMmxMSWp1UlMr - TnhhNERwaGN3TC95S04ybVhoVWM0N1kK9vAj3s57u+3dWVpAb1ttJUZ8hzFmqgWg - yUHXwwfRphdlNr+53kCbZ8XxT9+doeB1nvlrn/9s0J90Alqv6k/vDQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvSHdiQlFDdHJoQVFwSDNN - UUwxMkJ0cmFPcWZrUlNOUHZvd29hY3dVVEM4CitzRVMyWHhiV2wvaGlwRmczTkRr - YXhqS2JjWWc0QlRQUkVoQ05BMkNpZXcKLS0tIGJwTW1IQmg4T0FYRTJ3UWhzV0l5 - TTBrMnBkZ3JGZ0FVakNTR3A5VzNCd28K3CFTudi0ac6MNFdnr0AASIghZGuGdt+i - owcUnRFuJg87RPgSsAWvh1mRMHyBTUEBBop62Lp44H8hLcTXwVRwFg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwL0JNbmNFUEF0VGlWNk5N - SnRNNStpSDcyQ0N4Qy9UNGtlaXc0YS91dVFNCkhZcEY0L1FvaVl1dHdDamEyVE9r - amJaZUxYQ2tqa0pwVHdHZ2RXTFBGSXcKLS0tIFBSTm5pZ1BFMWhpNUl1M3VuSGli - T1drTFFKUFR2MVVtNGhqYmFCQVduWkUKOLhOpIBiYaOZ7JR1X3WYVUq7IESdu2pw - bAsmmjFymFcLvlm2IdFxb1xEh3hj1c6TdzeKkU1dnUSe8N4wnCQJpg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-06T20:14:22Z" - mac: ENC[AES256_GCM,data:GPWu5DjjJ1ki+HRuedGdDCt+2V0RPbOsD/yWJxPIkgu5923vnF8y9y4V6e6+ZsTqHv4hsKeCjKtUnh2Ldn+xadwJmqrIxyJ8NzH5TOvcBxAab9cJCp/yKENw0O1WMUTlDPelvQKMDwbgiebaVVfxbQPUEfJGOgkHkyXrgqN94FU=,iv:h9YALYahUl7mRJmZKjArEfaMrfW9YZkVYd2CEooF13Q=,tag:wotqxup/ouG/bEVOZCs19w==,type:str] - pgp: - - created_at: "2024-07-13T14:51:09Z" - enc: |- - -----BEGIN PGP MESSAGE----- + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFNEhXWDlsNjFIdXdZQkVa + T3RJeWZQOWgva2lMdHZ2MG54QURQK1ZGQnhzCmwvUWZYaGlIeTQ5WStscXU2Y3NM + am9ybGhkdHE5M25uUXVMNmtRRkZlVTgKLS0tIGovcUZFdnkxdjZDck1TczVOTXND + cUdkdEJ0TFBqUmo3US82M0JIZ2ZwcHcKSbLAajoj/GcQIe2LDSTIKy8Ztuw719hF + UIUsPBI8QsUJcLFYm9S47wm6If82Rmj2h4A0wk7dkPj5onSrdFqyiQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPWW9kd2tUYTkyaEROMjBK + NmZPZ3ZBRVpjL0VOeDNHS0libndFeE9TQ1NNCisrVFhza1JwYWt1VVBmSWd0VlQ5 + cDd2LzUyUllUQjdBMldlRFl0R1NxWXMKLS0tIEVIQ3RsZUJjUXVURHl2VEtaZ0xM + MFkwbU1RTnNPdHk5cW9laDhuNS9Ua1kK2QRHbLlQuQRHpjLBTNUV9qkn0+3J7AgV + H/WJH2cIjJcloRkV/vllLQA6Xd2V6aYPyWKaj0htnlthvCcDFa+6vA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6M08vb2l0Rmo3WFRBZWRQ + b2crK3VQR3ZRNE53VzY5U3JkSFNYNXFyUkFnCmJXVlEzSTRKUVp5Y2U3SUtOa2Vj + RlA5WVZ6b3VhWnpJdXlkOWV3VjBxSkUKLS0tIExxYWZNNXpXdTR6eUszRU5CWWZv + RTE3aytzYmR6dUxWSktXNE5kUnFOQmMKwnk9/LjT5sMyyVyFCfTjwTN8I493tRky + Pj2y8u/M+d4s6llA+k5zEBB2yYE+VPRqF4dz3XwqDDomHJb98YAh5w== + -----END AGE ENCRYPTED FILE----- + - recipient: age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQMnorb0s4NFpTdmkyVUxl + Q1ZHRi9QWktTTW5xaWYzUnQrUmNzMXZPemxBCnFVZ2lWeUpPd2hlTjJ0VmJNaWFQ + UFdGTHFxQjVZRGlwTjZ5TURPVzF0RGcKLS0tIGVmZExBMWhmV0RhRDVUNXJyUjUz + L2FsWUhGQWlNSUlJVnNLYkdqakhCbmsKAtnEPfI2fPjRPimEVI7yX4VrYzHvNfnS + juJbqMO6cy544O/5r2mkgUgo7VmUtFHmyrUFgmtpx3Hu22fdGmX4vQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRdXFTUFNhZlptSWMvdndq + aisyNFJ0WjIxa2dYYkptS2FwcGRTTktZNUJBCk1ZWC9sbDYwQUxaQVdqeTE3R1VY + NUZSMjlrRW5USGZBaENGdDJSM0prUlUKLS0tIHBXc1dNYXZkL1NBMThrMkJnSTl1 + cUR3dUZKV1FTK2dKK1FTZndtOW9Ed1kKStJ6/ER1SAGrBGJN4gXjTY0otsRoT9jN + 6sMeD82p4Y3OUOz6QhtzLquwa5pV23TVP0CG4ilK8xPX4K/JklNQmg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1vr69hfmjgkqu47g5hjacet6n2tq4rhwnvdrmfa6n6l7fkqvvafnsaccf8u + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4TDJ0VjJGV1RyVmdjSlly + OEpNbCtxN3dBR1dMYms4Q3U4cW1RU0VWRmswCkpORVRHMmpYRUhsaHVCQ1d3Mmhh + TkY2TFdiWnVieENPeXk2R3oxclJtUzAKLS0tIDFEZFBKUUx4OHgycWozRVBkeWFs + YUpBRWU1Mzg0YlVGb3BXUzQ5Q0MxZk0K8SXgkE0Ixo16alXjSE+ILnE/ZoOWyYVL + +u4LvOur6brdVyvkm8tQjkfzFBwUYMJesgLO5Ws3NBj7dAg/ec1kDg== + -----END AGE ENCRYPTED FILE----- + - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYV2tnZVBMeHhjVTFoYm9E + V3l2dWhvYlRDQzNnS0RKc0g4L1R5WDZzcDNBCjN6RXhHMzhzOG1BSWgwcWNqa2dO + WTdwSVRXbkhVbjI0R1lrY1Zhbk1qSmsKLS0tIGpVaXd6czI5S3VYTTdqNVhGbjB3 + cVZFdXFqVGtwSURSRENzSWhtSnZQaW8KIn14YKiCs3JupsvbY7NAzc2zMoGS0BM9 + Vp0dPXlEL9iT5H96jpn/W1ODRqbjmIOs4vCmmb2etvytSnoLNqgx8w== + -----END AGE ENCRYPTED FILE----- + - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCampiMk9BNGVVWUhRdVAy + aW5Db1BYV1FWMCtmRkhiLzZDWWIyckdTaVFnCktPaXppVk9telNGV00yRGJkeFRE + MkU3R1dtd0ZBWE9IUzEvbGlmWkpXeEEKLS0tIEpDWjk3WVZ4c2RIbVdscTZiSUV0 + RDNsSE1CREhpeG5lM2pPRmhkL1NxdjQK6YQBGQT2LscB4+J3y8zUg+eX67CAfDZ/ + zfi7D4W8z3vJZ49329gc5bmjjvYpauWdo/WDsgRYZbvQMil3ug/7dA== + -----END AGE ENCRYPTED FILE----- + - recipient: age10xwq7a4y256yhv02j0u80te0vt4krgfjc68r0uw07t96z7ggmpwqtv38a0 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZjFUL2pxSkNrRjRhb3RE + dVRqbWJrbXd6Sk8yOHEyN0tKQ3hSNnlROEN3Cm44VkxJMDB0Y2daZm5CWEl2TDJL + cUZjRUtYOFlBRUhMMkRBWWk5a05zV00KLS0tIEJySHY5UGJMSjJVMmxMSWp1UlMr + TnhhNERwaGN3TC95S04ybVhoVWM0N1kK9vAj3s57u+3dWVpAb1ttJUZ8hzFmqgWg + yUHXwwfRphdlNr+53kCbZ8XxT9+doeB1nvlrn/9s0J90Alqv6k/vDQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvSHdiQlFDdHJoQVFwSDNN + UUwxMkJ0cmFPcWZrUlNOUHZvd29hY3dVVEM4CitzRVMyWHhiV2wvaGlwRmczTkRr + YXhqS2JjWWc0QlRQUkVoQ05BMkNpZXcKLS0tIGJwTW1IQmg4T0FYRTJ3UWhzV0l5 + TTBrMnBkZ3JGZ0FVakNTR3A5VzNCd28K3CFTudi0ac6MNFdnr0AASIghZGuGdt+i + owcUnRFuJg87RPgSsAWvh1mRMHyBTUEBBop62Lp44H8hLcTXwVRwFg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwL0JNbmNFUEF0VGlWNk5N + SnRNNStpSDcyQ0N4Qy9UNGtlaXc0YS91dVFNCkhZcEY0L1FvaVl1dHdDamEyVE9r + amJaZUxYQ2tqa0pwVHdHZ2RXTFBGSXcKLS0tIFBSTm5pZ1BFMWhpNUl1M3VuSGli + T1drTFFKUFR2MVVtNGhqYmFCQVduWkUKOLhOpIBiYaOZ7JR1X3WYVUq7IESdu2pw + bAsmmjFymFcLvlm2IdFxb1xEh3hj1c6TdzeKkU1dnUSe8N4wnCQJpg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-07-06T20:14:22Z" + mac: ENC[AES256_GCM,data:GPWu5DjjJ1ki+HRuedGdDCt+2V0RPbOsD/yWJxPIkgu5923vnF8y9y4V6e6+ZsTqHv4hsKeCjKtUnh2Ldn+xadwJmqrIxyJ8NzH5TOvcBxAab9cJCp/yKENw0O1WMUTlDPelvQKMDwbgiebaVVfxbQPUEfJGOgkHkyXrgqN94FU=,iv:h9YALYahUl7mRJmZKjArEfaMrfW9YZkVYd2CEooF13Q=,tag:wotqxup/ouG/bEVOZCs19w==,type:str] + pgp: + - created_at: "2024-07-13T14:51:09Z" + enc: |- + -----BEGIN PGP MESSAGE----- - hQEMA0SHG/zF3227AQgA1FWn6ZQmFi4IRZJtOShKpjdHEPGbD2s8PHD3pYv8edkQ - NnAi/vJimCsTHCLUpzW23jF+CIbUet7s8BWhETAcX+UGp29YbYaaqM2R//FISEQX - JcGGMAnsD0oOX69CCZiKaV0/jLUTU/Aiy+nVgKtMCdWrH54lGd4gKcl0uLRTVz6v - VSaS/zvSK8cxz6il6L37evBw+cC378THiUGkSjJhiAaWVO3oyDW+cTjDodcMC4dU - kk9VPkdGie7vHMuZduADtKkHLHrQRfNLl8SVH0oXko/PJVyNgHar0JoZbRfXoPt6 - xUsAUqSz7XFHDB153FAvJpBMW+JtuzOI9b6w4a4ZadJcAf2f/Lj5Ud9WLEumZ9ig - 75b5Phh6HwqnXiaz+gEvQyfcsHzQjWasIiN/JN27UZ9k6IJQ3LYwqYIY2k8Q3wZ7 - IgSFqNlqLyDlI8FPGIlOKU8iqOlNKKziyhFYgNY= - =Ayke - -----END PGP MESSAGE----- - fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B - unencrypted_suffix: _unencrypted - version: 3.7.3 + hQEMA0SHG/zF3227AQgA1FWn6ZQmFi4IRZJtOShKpjdHEPGbD2s8PHD3pYv8edkQ + NnAi/vJimCsTHCLUpzW23jF+CIbUet7s8BWhETAcX+UGp29YbYaaqM2R//FISEQX + JcGGMAnsD0oOX69CCZiKaV0/jLUTU/Aiy+nVgKtMCdWrH54lGd4gKcl0uLRTVz6v + VSaS/zvSK8cxz6il6L37evBw+cC378THiUGkSjJhiAaWVO3oyDW+cTjDodcMC4dU + kk9VPkdGie7vHMuZduADtKkHLHrQRfNLl8SVH0oXko/PJVyNgHar0JoZbRfXoPt6 + xUsAUqSz7XFHDB153FAvJpBMW+JtuzOI9b6w4a4ZadJcAf2f/Lj5Ud9WLEumZ9ig + 75b5Phh6HwqnXiaz+gEvQyfcsHzQjWasIiN/JN27UZ9k6IJQ3LYwqYIY2k8Q3wZ7 + IgSFqNlqLyDlI8FPGIlOKU8iqOlNKKziyhFYgNY= + =Ayke + -----END PGP MESSAGE----- + fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/secrets/sj-srv1/secrets.yaml b/secrets/sj-srv1/secrets.yaml index 2303d41..40a927b 100644 --- a/secrets/sj-srv1/secrets.yaml +++ b/secrets/sj-srv1/secrets.yaml @@ -2,37 +2,37 @@ passwords-root: ENC[AES256_GCM,data:mDQXWfH3zcvIifhmFdB5rfuiImHLX0Wb2WuR5Jb4lBII72AN9sEy436nHKLHdDHYDgzBkTHXDz63SfK28GEckJJKXHPcKuYl/g==,iv:M8tcUyUVuYAIesuGxQHQ/JRDlzeklTBAVgD1oBzsbVM=,tag:E8g5Qo1zAJkCvNPDeAv7pw==,type:str] restic-password: ENC[AES256_GCM,data:0cTVlqHCW/xCk7y3ikh0RtVk/5xFOrcrnQmMbIBtfOd7PYbiTUzwBtYXwOaXO4ob7/+KJUEwhl5TzX/Of1J+y7ML7JbpNPtLr8r0gzDYOvBPY5GlmkDGcorz7QTaomuDprJkoD06lJWme/L893u7rxwamF222D2JvGz5FfTuWfaRWb1PcehBkew89gjdAgqFJJwqlX1vwvQDPg6yj+vnk9ZqR/E967bbQeN/G/qGJ9xfVmeuOPYoZH2IrL0Zgif/FLqZWZtlJ1JnRUBXsVN6FZXfT1Q82euLPOpaUHrFJjAF26PuTwVreIjcBLX3wqc8vhAYWfc+RThS3ITwNdNTSA==,iv:KBqME0cqIIX15xPgKi5mBalk01tswj8xVd8rFETX9zU=,tag:V6KltIGVarWXP1R5lY2FAw==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUOFB4VWUyT1pqVWF6b01v - ZmEyeG0zSjRsWTRkWW9FUmtUWlNiS3VTN2dNClcvQitVUDk1d3oxTnErRG1wZmpL - dHlkZnE2VlVUOGMyeW0xNmo5OHdmbmcKLS0tIFlnbXNvUWRPWGI2KzkrMW01Y0E2 - czdzaWhBRWJyb0pBSnphamZVZDgyMDAKjTYixgD7CzJImvPFRYJKJXefXqxSA6I0 - iOyW6E++Ax0MsYll77sR9eMNMgPCromY3uzKVJe640HKY/E1cLoi0Q== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-19T20:25:37Z" - mac: ENC[AES256_GCM,data:gAn4HAJRiejixDApIBZD87JjHLyOnC9LvYR0E4oDa0GVu6/BLVNbie0zG1TdnYl4LAuLa0rf4gkSDCLNvjkBGesGb7oez06WAHJd3VAK6wyFYxQSxKA8U5OZu8nozciuatTCvc/JL1ZjxxGlDFDSHSP2m1PsB6br2e0g8oL1vJw=,iv:7rOU6w+Ly+OYEnF5SikijEpauMp5lhTae74zDi2vF+U=,tag:EURfxNbEe4ZLFF4l19EzFA==,type:str] - pgp: - - created_at: "2023-08-11T16:31:41Z" - enc: |- - -----BEGIN PGP MESSAGE----- + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUOFB4VWUyT1pqVWF6b01v + ZmEyeG0zSjRsWTRkWW9FUmtUWlNiS3VTN2dNClcvQitVUDk1d3oxTnErRG1wZmpL + dHlkZnE2VlVUOGMyeW0xNmo5OHdmbmcKLS0tIFlnbXNvUWRPWGI2KzkrMW01Y0E2 + czdzaWhBRWJyb0pBSnphamZVZDgyMDAKjTYixgD7CzJImvPFRYJKJXefXqxSA6I0 + iOyW6E++Ax0MsYll77sR9eMNMgPCromY3uzKVJe640HKY/E1cLoi0Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-01-19T20:25:37Z" + mac: ENC[AES256_GCM,data:gAn4HAJRiejixDApIBZD87JjHLyOnC9LvYR0E4oDa0GVu6/BLVNbie0zG1TdnYl4LAuLa0rf4gkSDCLNvjkBGesGb7oez06WAHJd3VAK6wyFYxQSxKA8U5OZu8nozciuatTCvc/JL1ZjxxGlDFDSHSP2m1PsB6br2e0g8oL1vJw=,iv:7rOU6w+Ly+OYEnF5SikijEpauMp5lhTae74zDi2vF+U=,tag:EURfxNbEe4ZLFF4l19EzFA==,type:str] + pgp: + - created_at: "2023-08-11T16:31:41Z" + enc: |- + -----BEGIN PGP MESSAGE----- - wcBMA0SHG/zF3227AQf+ONiHDN6/hgu1g4WBaQOtAd3tnruoG+O9pbv/IIR86T3n - TIQElcQNsWJpHpoTeXB9G+H3HPh1f3z95tdHwQZOD78HpP0B7sOqx/KUOSJqTkC7 - R8jsuAxrIpidr9MIxAypsK5UE3SnZodf6E0IhWR5H26oWXtKPRd2TIBEMwbJZ4dZ - JLZ1D1pYIrJfNez1SP9r8SBMaKJgxLn65sFzonj8j6C+8CpStun2ykLfflsoQzXP - kiCzxG/IR9fA7fyq38h+QdeQgcX7/kyhC/g1tnfDoZRjmcS7gA2yI9Dlxr08cOvy - 0Dbruq0tykU0isHSPQHgKQpX/7PD5aV3mXTyvNyzEtJRASftwq7H5sDJXvAXWLMT - eKfUnGyPanQqVNA/jAPhOj/tAIVQZbL4UIPOlT6REfxmNk9tl7JSDhMJzKAEdkk7 - C5Jot9exml6467YZkApBm0eM - =HulH - -----END PGP MESSAGE----- - fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B - unencrypted_suffix: _unencrypted - version: 3.7.3 + wcBMA0SHG/zF3227AQf+ONiHDN6/hgu1g4WBaQOtAd3tnruoG+O9pbv/IIR86T3n + TIQElcQNsWJpHpoTeXB9G+H3HPh1f3z95tdHwQZOD78HpP0B7sOqx/KUOSJqTkC7 + R8jsuAxrIpidr9MIxAypsK5UE3SnZodf6E0IhWR5H26oWXtKPRd2TIBEMwbJZ4dZ + JLZ1D1pYIrJfNez1SP9r8SBMaKJgxLn65sFzonj8j6C+8CpStun2ykLfflsoQzXP + kiCzxG/IR9fA7fyq38h+QdeQgcX7/kyhC/g1tnfDoZRjmcS7gA2yI9Dlxr08cOvy + 0Dbruq0tykU0isHSPQHgKQpX/7PD5aV3mXTyvNyzEtJRASftwq7H5sDJXvAXWLMT + eKfUnGyPanQqVNA/jAPhOj/tAIVQZbL4UIPOlT6REfxmNk9tl7JSDhMJzKAEdkk7 + C5Jot9exml6467YZkApBm0eM + =HulH + -----END PGP MESSAGE----- + fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/secrets/sj-vps-htz0/secrets.yaml b/secrets/sj-vps-htz0/secrets.yaml index 5eba76e..09a13a2 100644 --- a/secrets/sj-vps-htz0/secrets.yaml +++ b/secrets/sj-vps-htz0/secrets.yaml @@ -5,37 +5,37 @@ wg0-public: ENC[AES256_GCM,data:AnEK0wlEIlVrz0nubLWr3lv7R1ddzA/RPjP0CosyEJzCJU6c wg0-psk-steveej-psk: ENC[AES256_GCM,data:Z5txIdXKVshlqMBLEnW/ulFiQSmMKj6m1vLE8fuL+zl+tJxh9EX/XvjLaC4=,iv:h4ypudvQAKPM7+5vQNAb69JntdZPNa8Km6wd14ovCHc=,tag:t7ZbbcpRCTAF7zP8vKPpJw==,type:str] wg0-psk-steveej-public: ENC[AES256_GCM,data:KU6aRVK06RkyvvYFzFZaCplz1HyirSfpjW+jjvHP+eTMs3hfhFUnPSZRCN4=,iv:2A019CQD2vjcOmX6PFpDaDCo8yN9oA9kdKxiW1e3Dss=,tag:kfRENOJY7RnwWGN1eOeEhQ==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUOFB4VWUyT1pqVWF6b01v - ZmEyeG0zSjRsWTRkWW9FUmtUWlNiS3VTN2dNClcvQitVUDk1d3oxTnErRG1wZmpL - dHlkZnE2VlVUOGMyeW0xNmo5OHdmbmcKLS0tIFlnbXNvUWRPWGI2KzkrMW01Y0E2 - czdzaWhBRWJyb0pBSnphamZVZDgyMDAKjTYixgD7CzJImvPFRYJKJXefXqxSA6I0 - iOyW6E++Ax0MsYll77sR9eMNMgPCromY3uzKVJe640HKY/E1cLoi0Q== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-08-13T17:03:01Z" - mac: ENC[AES256_GCM,data:AtD2QZsLpOLQB7Jcb0Cn+zGUK/fMzuVhQ2r5f4jL3dttqfaDa4k+bUMP7wQ9RW6cUXm5ps+s1t9TkRUi2P7bkQjtEuyiTGAUiM8OnkJQ26npITWWs8giekKq01m2DlZufWRcrZrQU43EgVNDqRTVlMK1IoVS4zqNwqt4tXG6YWk=,iv:F+BbR5aGg+6/0LBxpC+AoNT4dLutvkgeUJszkMrV5xk=,tag:4Cvd4nG+h1+hXg/NzH0wRg==,type:str] - pgp: - - created_at: "2023-08-11T16:31:41Z" - enc: |- - -----BEGIN PGP MESSAGE----- + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUOFB4VWUyT1pqVWF6b01v + ZmEyeG0zSjRsWTRkWW9FUmtUWlNiS3VTN2dNClcvQitVUDk1d3oxTnErRG1wZmpL + dHlkZnE2VlVUOGMyeW0xNmo5OHdmbmcKLS0tIFlnbXNvUWRPWGI2KzkrMW01Y0E2 + czdzaWhBRWJyb0pBSnphamZVZDgyMDAKjTYixgD7CzJImvPFRYJKJXefXqxSA6I0 + iOyW6E++Ax0MsYll77sR9eMNMgPCromY3uzKVJe640HKY/E1cLoi0Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-08-13T17:03:01Z" + mac: ENC[AES256_GCM,data:AtD2QZsLpOLQB7Jcb0Cn+zGUK/fMzuVhQ2r5f4jL3dttqfaDa4k+bUMP7wQ9RW6cUXm5ps+s1t9TkRUi2P7bkQjtEuyiTGAUiM8OnkJQ26npITWWs8giekKq01m2DlZufWRcrZrQU43EgVNDqRTVlMK1IoVS4zqNwqt4tXG6YWk=,iv:F+BbR5aGg+6/0LBxpC+AoNT4dLutvkgeUJszkMrV5xk=,tag:4Cvd4nG+h1+hXg/NzH0wRg==,type:str] + pgp: + - created_at: "2023-08-11T16:31:41Z" + enc: |- + -----BEGIN PGP MESSAGE----- - wcBMA0SHG/zF3227AQf+ONiHDN6/hgu1g4WBaQOtAd3tnruoG+O9pbv/IIR86T3n - TIQElcQNsWJpHpoTeXB9G+H3HPh1f3z95tdHwQZOD78HpP0B7sOqx/KUOSJqTkC7 - R8jsuAxrIpidr9MIxAypsK5UE3SnZodf6E0IhWR5H26oWXtKPRd2TIBEMwbJZ4dZ - JLZ1D1pYIrJfNez1SP9r8SBMaKJgxLn65sFzonj8j6C+8CpStun2ykLfflsoQzXP - kiCzxG/IR9fA7fyq38h+QdeQgcX7/kyhC/g1tnfDoZRjmcS7gA2yI9Dlxr08cOvy - 0Dbruq0tykU0isHSPQHgKQpX/7PD5aV3mXTyvNyzEtJRASftwq7H5sDJXvAXWLMT - eKfUnGyPanQqVNA/jAPhOj/tAIVQZbL4UIPOlT6REfxmNk9tl7JSDhMJzKAEdkk7 - C5Jot9exml6467YZkApBm0eM - =HulH - -----END PGP MESSAGE----- - fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B - unencrypted_suffix: _unencrypted - version: 3.7.3 + wcBMA0SHG/zF3227AQf+ONiHDN6/hgu1g4WBaQOtAd3tnruoG+O9pbv/IIR86T3n + TIQElcQNsWJpHpoTeXB9G+H3HPh1f3z95tdHwQZOD78HpP0B7sOqx/KUOSJqTkC7 + R8jsuAxrIpidr9MIxAypsK5UE3SnZodf6E0IhWR5H26oWXtKPRd2TIBEMwbJZ4dZ + JLZ1D1pYIrJfNez1SP9r8SBMaKJgxLn65sFzonj8j6C+8CpStun2ykLfflsoQzXP + kiCzxG/IR9fA7fyq38h+QdeQgcX7/kyhC/g1tnfDoZRjmcS7gA2yI9Dlxr08cOvy + 0Dbruq0tykU0isHSPQHgKQpX/7PD5aV3mXTyvNyzEtJRASftwq7H5sDJXvAXWLMT + eKfUnGyPanQqVNA/jAPhOj/tAIVQZbL4UIPOlT6REfxmNk9tl7JSDhMJzKAEdkk7 + C5Jot9exml6467YZkApBm0eM + =HulH + -----END PGP MESSAGE----- + fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/secrets/steveej-x13s/secrets.yaml b/secrets/steveej-x13s/secrets.yaml index b69d6fa..a76e0dc 100644 --- a/secrets/steveej-x13s/secrets.yaml +++ b/secrets/steveej-x13s/secrets.yaml @@ -1,36 +1,36 @@ builder-private-key: ENC[AES256_GCM,data:KG5V86SDVM5LfFPZI5rjKGvYwqLZInEqpwdIJPAiF7fMdG3rTq3JgNJCQr0eOhfmLwT3KEN2Fv0mHZS4smMGdh0WCkza8CzRn/KFY8gqEWxxdff1Wqj7+2/5lSI8I7Qp2EW+eaAgU53PPOh/M3Cgm/Rraw2ARmIJNIgtuJC8ZeZlsh3sl0tacF9rgSrP8p4xAH3C/QUs1HW+10eL9F3STtAV+ZBruU68lNmCdiyqKjg3O3qdRFsjdGWAwHNHL42cEm3il4PofyS5fDDF4otQktZa5n8832ukF5Aj6RNgJwubrsxB9+1M9s7hD1UQyKo6oQKJr1GXNK+IPyXAvdxckZ8INhsxP4c4v8GzR0zJK4MfESx0r67ciGLOcYulNBDOMSbD57oW+wRvCI2eZlpB3ugBcUm/rsQbgFVEX8q6jD8WipJ+Q3hz1zWq45s66XooFmnwc2nBhT6cRmtGzTJCcDpiovgj5tKXSXrWfwYO7tWr7lYg8T4zhfplZBtQOaqTUrAOhW7IRT5Lo/310cMRcp1h44TSnpWXZN7l,iv:DOUijPr4wHmjNIniF2IRjinXZ6iyg8Z1Nt5EgFfX5Zw=,tag:VWxHpfpyphtu6XLR1yKugg==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByZWRvaWFlU25sYkdTejg3 - YXRrVHhHaDN2anR0WWJmcDdCZDNLUFhiU2hrCmZSNWNFbVd3Wm95SU9iNmhqaVE1 - TlFuYzFNOVFEekYvWjlQWEpqbzZCU1UKLS0tIFczTHlsN2lNdlh3clI2VEI4Y0lI - dUQ5ZE9keUtxVU5mMklGODRjSld0TnMKGWu7m6/q6PhS1R8N9YBsxDs9O76U6Bta - wr8Tqr/1JLWoSLbPapltKH8+hKAb84LeILezVS1SrL+mjf2KYa3WQQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-01T16:50:35Z" - mac: ENC[AES256_GCM,data:wDnv7wZLks2EME+JqlBtagVaDZEo9ap3d6xFfnBy2/D4wrJhhYlo8vOYM8GFXEhfa0Jek+9ZlkmXYerLNWLMiUMKWIvk0cvHjxBaR2wcxt9FnynPT9W9hSX7UFhM/eTiJviksOESTI7pqNh9X7ggLSZ0c+O5mBxxEh/bcjz8vIU=,iv:vgvmyvUkZBapCpRbPU3cDgmHsc5NwHzCsMzjHvr/Xc0=,tag:FMI0YrwdCPIFe8tnLQr69w==,type:str] - pgp: - - created_at: "2024-04-04T18:26:01Z" - enc: |- - -----BEGIN PGP MESSAGE----- + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByZWRvaWFlU25sYkdTejg3 + YXRrVHhHaDN2anR0WWJmcDdCZDNLUFhiU2hrCmZSNWNFbVd3Wm95SU9iNmhqaVE1 + TlFuYzFNOVFEekYvWjlQWEpqbzZCU1UKLS0tIFczTHlsN2lNdlh3clI2VEI4Y0lI + dUQ5ZE9keUtxVU5mMklGODRjSld0TnMKGWu7m6/q6PhS1R8N9YBsxDs9O76U6Bta + wr8Tqr/1JLWoSLbPapltKH8+hKAb84LeILezVS1SrL+mjf2KYa3WQQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-05-01T16:50:35Z" + mac: ENC[AES256_GCM,data:wDnv7wZLks2EME+JqlBtagVaDZEo9ap3d6xFfnBy2/D4wrJhhYlo8vOYM8GFXEhfa0Jek+9ZlkmXYerLNWLMiUMKWIvk0cvHjxBaR2wcxt9FnynPT9W9hSX7UFhM/eTiJviksOESTI7pqNh9X7ggLSZ0c+O5mBxxEh/bcjz8vIU=,iv:vgvmyvUkZBapCpRbPU3cDgmHsc5NwHzCsMzjHvr/Xc0=,tag:FMI0YrwdCPIFe8tnLQr69w==,type:str] + pgp: + - created_at: "2024-04-04T18:26:01Z" + enc: |- + -----BEGIN PGP MESSAGE----- - hQEMA0SHG/zF3227AQgAn6CqJhclheA82nJm39h/52Ir/gVGRZz1ViK157MxRVs3 - NSrNZCPW+x9vGExPWJ8wnT3KZ7jeo7jEbJ260WSp4xwQtCuUrDR6Oyp0mrtN6SMo - 4hHZo+OwLb3brQGHOng43Hedk6E74ZRMyUr5mmRKLTC1l9GeKtf3HoSvNq+bS7B8 - SrmkemzsS2SrXYE7Qslzhi8QKwby8nsjN2pE5hk12wZKefT4XP3q+lf7n2QeboG0 - 8d4u+706BO4DoxtnXPs1Gop3sJ3TZdAXTdfjnuv+LDMOmIDoVp1tgXRPiAvCfMPV - 9YiFS/WYMD5OA69SPBjCWIMPMw8PIU8OuHjy71eXlNJeAXeVLp70pGQOiPOZSvtl - vmfiPWOZnX+6jSpsSfmEa8FxAZYLgHUayF8YMtHi3kdz3x0kWMx3Pzvjvs4BfIyd - pp7PTfMycrk67Y3lcokNswt/fle0tN6xuqP4Uv4zWw== - =y1Sk - -----END PGP MESSAGE----- - fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B - unencrypted_suffix: _unencrypted - version: 3.8.1 + hQEMA0SHG/zF3227AQgAn6CqJhclheA82nJm39h/52Ir/gVGRZz1ViK157MxRVs3 + NSrNZCPW+x9vGExPWJ8wnT3KZ7jeo7jEbJ260WSp4xwQtCuUrDR6Oyp0mrtN6SMo + 4hHZo+OwLb3brQGHOng43Hedk6E74ZRMyUr5mmRKLTC1l9GeKtf3HoSvNq+bS7B8 + SrmkemzsS2SrXYE7Qslzhi8QKwby8nsjN2pE5hk12wZKefT4XP3q+lf7n2QeboG0 + 8d4u+706BO4DoxtnXPs1Gop3sJ3TZdAXTdfjnuv+LDMOmIDoVp1tgXRPiAvCfMPV + 9YiFS/WYMD5OA69SPBjCWIMPMw8PIU8OuHjy71eXlNJeAXeVLp70pGQOiPOZSvtl + vmfiPWOZnX+6jSpsSfmEa8FxAZYLgHUayF8YMtHi3kdz3x0kWMx3Pzvjvs4BfIyd + pp7PTfMycrk67Y3lcokNswt/fle0tN6xuqP4Uv4zWw== + =y1Sk + -----END PGP MESSAGE----- + fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B + unencrypted_suffix: _unencrypted + version: 3.8.1 From 7c08a002cf2b501541d1fd6348bf02d6b9245859 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 16 Nov 2024 20:55:43 +0100 Subject: [PATCH 207/305] feat(vscode): inline nix4vscode call --- nix/devShells.nix | 1 - nix/home-manager/programs/vscode/default.nix | 52 +++++++++++--- .../programs/vscode/nix4vscode/config.toml | 9 --- .../programs/vscode/nix4vscode/default.nix | 72 ------------------- 4 files changed, 41 insertions(+), 93 deletions(-) delete mode 100644 nix/home-manager/programs/vscode/nix4vscode/config.toml delete mode 100644 nix/home-manager/programs/vscode/nix4vscode/default.nix diff --git a/nix/devShells.nix b/nix/devShells.nix index d6c55f6..293af3c 100644 --- a/nix/devShells.nix +++ b/nix/devShells.nix @@ -83,7 +83,6 @@ screen inputs'.nixpkgs-kanidm.legacyPackages.kanidm - inputs'.nix4vscode.packages.default ]; # Set Environment Variables diff --git a/nix/home-manager/programs/vscode/default.nix b/nix/home-manager/programs/vscode/default.nix index d6f3f8f..5fbf2d1 100644 --- a/nix/home-manager/programs/vscode/default.nix +++ b/nix/home-manager/programs/vscode/default.nix @@ -1,4 +1,10 @@ -{ pkgs, repoFlake, ... }: +{ + config, + pkgs, + repoFlake, + lib, + ... +}: let pkgsVscodium = import repoFlake.inputs.nixpkgs-vscodium { inherit (pkgs) system config; }; in @@ -48,19 +54,43 @@ in golang.go jeff-hykin.better-go-syntax - - ibecker.treefmt-vscode ] ) ) - ++ [ - (pkgsVscodium.vscode-utils.extensionFromVscodeMarketplace { - name = "markdown-oxide"; - publisher = "felixzeller"; - version = "1.1.0"; - sha256 = "07l37hkg106m3nl9530l7i39iw1kibckv1zi4n23gbp7srdrwbs3"; - }) - ]; + ++ ( + let + nix4vscodeConfig = pkgs.writeText "nix4vscode.toml" '' + vscode_version = "${config.programs.vscode.package.version}" + + [[extensions]] + publisher_name = "FelixZeller" + extension_name = "markdown-oxide" + + [[extensions]] + publisher_name = "ibecker" + extension_name = "treefmt-vscode" + ''; + nix4vscode = + pkgs.runCommand "nix4vscode.nix" + { + __noChroot = true; + nativeBuildInputs = [ repoFlake.inputs.nix4vscode.packages.${pkgs.stdenv.system}.default ]; + } + '' + export RUST_BACKTRACE=full + export HOME=$(mktemp -d) + nix4vscode ${nix4vscodeConfig} > $out + ''; + nix4vscodeExtensions = builtins.removeAttrs (pkgs.callPackage nix4vscode { }) [ + "override" + "overrideDerivation" + ]; + nix4vscodeExtensions' = lib.attrsets.mapAttrsToList ( + _: v: builtins.head (builtins.attrValues v) + ) nix4vscodeExtensions; + in + nix4vscodeExtensions' + ); mutableExtensionsDir = true; }; diff --git a/nix/home-manager/programs/vscode/nix4vscode/config.toml b/nix/home-manager/programs/vscode/nix4vscode/config.toml deleted file mode 100644 index 38f9978..0000000 --- a/nix/home-manager/programs/vscode/nix4vscode/config.toml +++ /dev/null @@ -1,9 +0,0 @@ -vscode_version = "1.94.2" - -[[extensions]] -publisher_name = "FelixZeller" -extension_name = "markdown-oxide" - -[[extensions]] -publisher_name = "ibecker" -extension_name = "treefmt-vscode" diff --git a/nix/home-manager/programs/vscode/nix4vscode/default.nix b/nix/home-manager/programs/vscode/nix4vscode/default.nix deleted file mode 100644 index 3c5a268..0000000 --- a/nix/home-manager/programs/vscode/nix4vscode/default.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ pkgs, lib }: -let - inherit (pkgs.stdenv) - isDarwin - isLinux - isi686 - isx86_64 - isAarch32 - isAarch64 - ; - inherit (pkgs) vscode-utils; - merge = lib.attrsets.recursiveUpdate; -in -merge - (merge - (merge - (merge - { - "felixzeller"."markdown-oxide" = vscode-utils.extensionFromVscodeMarketplace { - name = "markdown-oxide"; - publisher = "felixzeller"; - version = "1.1.0"; - sha256 = "07l37hkg106m3nl9530l7i39iw1kibckv1zi4n23gbp7srdrwbs3"; - }; - } - ( - lib.attrsets.optionalAttrs (isLinux && (isi686 || isx86_64)) { - "ibecker"."treefmt-vscode" = vscode-utils.extensionFromVscodeMarketplace { - name = "treefmt-vscode"; - publisher = "ibecker"; - version = "2.1.0"; - sha256 = "1r17wjpw8xiha5r9h3146facxghpcp416zf8551sw93cmam9ky6j"; - arch = "linux-x64"; - }; - } - ) - ) - ( - lib.attrsets.optionalAttrs (isLinux && (isAarch32 || isAarch64)) { - "ibecker"."treefmt-vscode" = vscode-utils.extensionFromVscodeMarketplace { - name = "treefmt-vscode"; - publisher = "ibecker"; - version = "2.1.0"; - sha256 = "0swvl7fkjcwp43grnrhnmy60a5m3hfwawk204byi8hhbczy131li"; - arch = "linux-arm64"; - }; - } - ) - ) - ( - lib.attrsets.optionalAttrs (isDarwin && (isi686 || isx86_64)) { - "ibecker"."treefmt-vscode" = vscode-utils.extensionFromVscodeMarketplace { - name = "treefmt-vscode"; - publisher = "ibecker"; - version = "2.1.0"; - sha256 = "1swq9hy6a9nzkrn07j21g59pyk2m7aqsfi1pphl9l9y8p4zwiaqm"; - arch = "darwin-x64"; - }; - } - ) - ) - ( - lib.attrsets.optionalAttrs (isDarwin && (isAarch32 || isAarch64)) { - "ibecker"."treefmt-vscode" = vscode-utils.extensionFromVscodeMarketplace { - name = "treefmt-vscode"; - publisher = "ibecker"; - version = "2.1.0"; - sha256 = "1xg3wnn3f1kvsz5a09l0cjpzfm3l9va73cahbvl14mx3n6734r2m"; - arch = "darwin-arm64"; - }; - } - ) From 1ac1cb45b406e1215e5dfbfa8c4d36ffdd8023c2 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 16 Nov 2024 20:56:29 +0100 Subject: [PATCH 208/305] feat(formatter/deadnix): ignore _ bindings a bit more mercy :-) --- flake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/flake.nix b/flake.nix index e36297d..b80df88 100644 --- a/flake.nix +++ b/flake.nix @@ -355,6 +355,7 @@ formatter = { deadnix = { priority = 1; + options = [ "--no-underscore" ]; }; nixfmt = { From c4abade9e84b4fde5426ea700d3630263c802c80 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 16 Nov 2024 20:56:53 +0100 Subject: [PATCH 209/305] change a shared secret --- secrets/shared-users.yaml | 250 +++++++++++++++++++------------------- 1 file changed, 126 insertions(+), 124 deletions(-) diff --git a/secrets/shared-users.yaml b/secrets/shared-users.yaml index a7e26dd..c3d101e 100644 --- a/secrets/shared-users.yaml +++ b/secrets/shared-users.yaml @@ -1,6 +1,8 @@ #ENC[AES256_GCM,data:aqlLlXgwwtjBYxytS2H33KbN0z8pHijFXKBAPQyQ7cxE8iO6tDfn/3kEVaEa1YaiYUMXACX2Ow==,iv:uKTUsccWAqrBkdG/ymCZB1pcumRreGv/2rIn6YG8Y7c=,tag:NWDO4dPRA45Ki4ymGblGIg==,type:comment] sharedUsers-root: ENC[AES256_GCM,data:RhMqzHmMzsPZnskGAKQ5GEagkAmtCqbp3FI4XPWweq6U8WcML+XEOKBfRoemK6yMHpSobBUPEHudNDeVxhGLH1VREmO6+JVZ/3dz44qWudhyuAj2CHiVkVgMlSfOKIbY9FLLxXxfySnEsQ==,iv:EYWeRKI+nFpEkxtBJ57xH6V4arE+hVAHy5ht9v8P1oQ=,tag:I5WA5+FjJ3lF30dth3H2ug==,type:str] -sharedUsers-steveej: ENC[AES256_GCM,data:vuvklQJFb0kziB/qr7LNiTB30T/1UmZUV3YE3fFpKLZSlxqwYR7e8pnj94hFMhCtPquw3qdtB8vFAIQSb2LxXUgsfNo1bmkGJU86vz3Vy9Js7oua7KlLyZjoFNpMBgbD7swyXns=,iv:nsymZS1wQ7QSL5ZqoVx/ygaP4UR/e0cYIXHg+UyhbYs=,tag:+/N1QRESOUUK/XJXgiyFfg==,type:str] +#ENC[AES256_GCM,data:d9jstVxMebNWmJHo79RF0YdurMqwRoDrFzbwjoQ=,iv:UG+qk8hc/WiCviJSCmrUyQZATDD1gBhqiYU6spf7Zo4=,tag:4HNfJQh+3GEP+MHqg1KNHA==,type:comment] +#ENC[AES256_GCM,data:4FjqAy/pZMkBFC7aq6Jqx+TqCtU=,iv:iWxPm8etDkAIuz9op4ck5AgszLuEN9cXXixzO705afc=,tag:MC03p7Kqk0srtDjbov91LA==,type:comment] +sharedUsers-steveej: ENC[AES256_GCM,data:almzynLh7RHcjTFOQWVaGk027uAanFcE+AYVhcbzSs5Xwd9sZR5+Ckbb//YxT/Imz9WKVG7z+bxPuhYPgbzUPCyxUu6/X9ZeCF0gmffyTbXVQHpo2W+71Zcob2Mbt9yMAF1146Dr1Q5R2w==,iv:fHMmtO3U6f/0ZNjxcvm0vOx/W/BYWvpD3WtzLNejGpA=,tag:tsLziHECG323TCKBLO6FzA==,type:str] sharedSshKeys-steveej: ENC[AES256_GCM,data:Cj8aoHYN95kOuFwMIr+gYTtvE2MNMT6WhHg+r5cEvfgLbI6EJQdMBU30nhJZ8S7uRwJwyVEnqw9qgaZYVorXrIh4oZoQBT6g0UGQ5b5lhtfj86omP7w/NukvpjUPBJEUL+JgvaNGsAbAmExPb1yQY9f/kn2QuyY31pTywcV6qeSHHlK8I2cpei5RxtuG2IX+EjvDXZ3CtQwLY7YrhLvv0K+N8XlEusnytNkXLfjRgd0dJqNLQdkuzrjFPQnuzkxoBBmwfheO8CaTpmH1C5z/dbmeIP5H9GY2gnBCu5xB2zp8ZerVi2E3teW5EZ+Sh+lz/5DOuVpPn3G8W7l4fTM8iX2IHeakjlpYewx1wmW9SZdV/zxyt5rQUtmMj3F+IVktbOWsOyXwSz0CDUlKkVKJdvzATlWdIjteKTwKEgS8RWjg5H7mGylfxyg6YrHYAHTZjC4J1Qz2CwWmAFxzpFCkHvF6QwAOUg+ST+crfw4DiSamb6SKjIg7LNz6VZTOeji6+71Q59u6g2RcdgNowzgrrQCAw7qHnewbFX/2IOW+pdASCB/q9/7218yM6fzMtcPHPiDpZ2tLHQd+45zxZpbUXXCNdNm5v9OTjjK+uA0ARLOVCw5gtd2FbKsJcwyMhXY/h028tgdRhsXIalLolorrYBPx9hR+UHU0TNihspajoNYJCTuJccMiwo8N9AT1DIdUXcOxrQL80RvWY0S6rBzES3q7a91aC/lGEmS/beO7MDgOKaEV+qwPZOLOZXWAesqsR3sKzpOdPx1gFrLvX6vIhAtzuteH0KvKujIAhCg0sEz3Ct/A1S2uNtohz8CstvEEqP6GiR6/X+sQRgxOcXGPQglz68FFKOErIz5XZJBz5+14u/lady1jxhXnVW0cxZDgmqmAvNbrQ9JjNgBvremaDUvuO5R5V5K4MHAMsNQ5yxE9iScXEfwmEvo+Gj4huJwXvwLDE/1TqIaQWX6LfZKOOZ93ivhj7eEiAz7TsLojdNUeDhnWGOYcWbEkMNzYyPb7obN/HgKzcuSixpYm+IZu4sOzXyoO5Lblzd7OObtG4P9jIj4cdxF+vm/s6MYYxtst7jRwzcv9vMLETDXx40IOSqTo2e8New2e/D003T4jx2sis0+68Iyg9m8ltEYb85v6oGFshIdafIGKBaNHm/zIL4Dw03M8kxxfuVuWZD8S2P3bnfryfA4lbOZttv2DnlPZf/Dfb+Ax5qTe5yn4uzLYDTqq9rIqdoNYUmx1OaxGa69oTIqCpL7FC6xe+9NnTEdojl9svZUhtGfThiphYcK72lryqrTyYVuAOa3WjZtHgUJ5lU8x79eExXyDexmC4RNDszar+qMiwlzMC977qsKczfTGe2audm5PLaLTYhWSOZ1p83d/xhFWhLmqjqHrPF5kYrnG+W4ZuVIqxJOrLHQhseKc4fFZrF/XCusgIcoDEq81M/EmHeEDcuWEYldn1pjbE8yzb2ZgfG8mycNh8z41lKsalKmesyZs0k0IvWmrdCpLXqWl/TgsPSO1q+zbQHyfiNewoZec3GC8k1k64zrG3CNI8bP40L6i4Uo/GFPS/y0OjgQhww+He0bWY7yP9MKqdbahpdYQE9kYU5yoJTUG+ZYRir6h6o/JmTJQy4QIvwmcx2jiiA5XXpj3cYAJ9/3eHDFCeg==,iv:QeYNlLR97tdC9i5N909GnoNyBwNNiuljF/eVbdhvGXg=,tag:lBWDaaZMQRPX/4Ln+oUQPA==,type:str] #ENC[AES256_GCM,data:8u2UAE6lXi0e6qKJxB3VP1k7hmfUYRcejXoR7K6NIQ9E7AqOlMiLDyQFw77NBlqpy0G6mPVOnC+XskGAscm3TLFzs7+o+/i0IxH7uDPwoh+U,iv:n4wheHkpPbnKeXb4DTxwks2bph4LO6xQW6LcrlA4jKU=,tag:mgwa7rYvqoubFdQDXJADZQ==,type:comment] sharedUsers-radicale: ENC[AES256_GCM,data:Mn1QIwQDX0ZnZ0Jbk1RYY60k+XbbGPYYf+NG3xQz3oR14CqSVy3hjQEkqcezwj/v2ELrLWid2hK+lDtY,iv:TNoJ7Kq3WDkkPBLG3a+N/A8yBZcx7Gc0jaBToYX3Y5M=,tag:VU5P4YtzMv1FVc3ugig8TA==,type:str] @@ -8,127 +10,127 @@ sharedUsers-radicale: ENC[AES256_GCM,data:Mn1QIwQDX0ZnZ0Jbk1RYY60k+XbbGPYYf+NG3x sharedUsers-elias: ENC[AES256_GCM,data:RsGDCguYkqegKhkO20lr8HjrTABAaNJmDiGK3DhhbX1sOLMweZwDtESvYjCfAOzWpiAaFh0BqevMkuUcEYQTBubSX+X0EZ0dFrdbVxIe7lq7Dosds98SqKLL4zWqe2y2qsphvj+oAz7Utg==,iv:JXIbyqAUt1OcB+bvgK6H2NU6Ip4nWRJ1/Hje75FfHC4=,tag:kPFALVkf1GbRj1J85SZm6Q==,type:str] sharedUsers-justyna: ENC[AES256_GCM,data:BGVp2QppWWaYHK3rwLlyy7SOWxSqKGsn7lemWe0KUzgiQc6D8ivYvXdGaAhJNvhgVTxlK6BZOacG4NESWf5hi7sN8AkwTT/6pa9WzhQQGNnwZIaVulXeddzFlebbh8pAt0WYV82DRejX3Q==,iv:RMysIp0pMnCLhWogWiGq4IpZA43sd0DPj3jeV0oRkY8=,tag:VvXPzyGAoATlSedvV2prJA==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFNEhXWDlsNjFIdXdZQkVa - T3RJeWZQOWgva2lMdHZ2MG54QURQK1ZGQnhzCmwvUWZYaGlIeTQ5WStscXU2Y3NM - am9ybGhkdHE5M25uUXVMNmtRRkZlVTgKLS0tIGovcUZFdnkxdjZDck1TczVOTXND - cUdkdEJ0TFBqUmo3US82M0JIZ2ZwcHcKSbLAajoj/GcQIe2LDSTIKy8Ztuw719hF - UIUsPBI8QsUJcLFYm9S47wm6If82Rmj2h4A0wk7dkPj5onSrdFqyiQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPWW9kd2tUYTkyaEROMjBK - NmZPZ3ZBRVpjL0VOeDNHS0libndFeE9TQ1NNCisrVFhza1JwYWt1VVBmSWd0VlQ5 - cDd2LzUyUllUQjdBMldlRFl0R1NxWXMKLS0tIEVIQ3RsZUJjUXVURHl2VEtaZ0xM - MFkwbU1RTnNPdHk5cW9laDhuNS9Ua1kK2QRHbLlQuQRHpjLBTNUV9qkn0+3J7AgV - H/WJH2cIjJcloRkV/vllLQA6Xd2V6aYPyWKaj0htnlthvCcDFa+6vA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6M08vb2l0Rmo3WFRBZWRQ - b2crK3VQR3ZRNE53VzY5U3JkSFNYNXFyUkFnCmJXVlEzSTRKUVp5Y2U3SUtOa2Vj - RlA5WVZ6b3VhWnpJdXlkOWV3VjBxSkUKLS0tIExxYWZNNXpXdTR6eUszRU5CWWZv - RTE3aytzYmR6dUxWSktXNE5kUnFOQmMKwnk9/LjT5sMyyVyFCfTjwTN8I493tRky - Pj2y8u/M+d4s6llA+k5zEBB2yYE+VPRqF4dz3XwqDDomHJb98YAh5w== - -----END AGE ENCRYPTED FILE----- - - recipient: age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQMnorb0s4NFpTdmkyVUxl - Q1ZHRi9QWktTTW5xaWYzUnQrUmNzMXZPemxBCnFVZ2lWeUpPd2hlTjJ0VmJNaWFQ - UFdGTHFxQjVZRGlwTjZ5TURPVzF0RGcKLS0tIGVmZExBMWhmV0RhRDVUNXJyUjUz - L2FsWUhGQWlNSUlJVnNLYkdqakhCbmsKAtnEPfI2fPjRPimEVI7yX4VrYzHvNfnS - juJbqMO6cy544O/5r2mkgUgo7VmUtFHmyrUFgmtpx3Hu22fdGmX4vQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRdXFTUFNhZlptSWMvdndq - aisyNFJ0WjIxa2dYYkptS2FwcGRTTktZNUJBCk1ZWC9sbDYwQUxaQVdqeTE3R1VY - NUZSMjlrRW5USGZBaENGdDJSM0prUlUKLS0tIHBXc1dNYXZkL1NBMThrMkJnSTl1 - cUR3dUZKV1FTK2dKK1FTZndtOW9Ed1kKStJ6/ER1SAGrBGJN4gXjTY0otsRoT9jN - 6sMeD82p4Y3OUOz6QhtzLquwa5pV23TVP0CG4ilK8xPX4K/JklNQmg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1vr69hfmjgkqu47g5hjacet6n2tq4rhwnvdrmfa6n6l7fkqvvafnsaccf8u - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4TDJ0VjJGV1RyVmdjSlly - OEpNbCtxN3dBR1dMYms4Q3U4cW1RU0VWRmswCkpORVRHMmpYRUhsaHVCQ1d3Mmhh - TkY2TFdiWnVieENPeXk2R3oxclJtUzAKLS0tIDFEZFBKUUx4OHgycWozRVBkeWFs - YUpBRWU1Mzg0YlVGb3BXUzQ5Q0MxZk0K8SXgkE0Ixo16alXjSE+ILnE/ZoOWyYVL - +u4LvOur6brdVyvkm8tQjkfzFBwUYMJesgLO5Ws3NBj7dAg/ec1kDg== - -----END AGE ENCRYPTED FILE----- - - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYV2tnZVBMeHhjVTFoYm9E - V3l2dWhvYlRDQzNnS0RKc0g4L1R5WDZzcDNBCjN6RXhHMzhzOG1BSWgwcWNqa2dO - WTdwSVRXbkhVbjI0R1lrY1Zhbk1qSmsKLS0tIGpVaXd6czI5S3VYTTdqNVhGbjB3 - cVZFdXFqVGtwSURSRENzSWhtSnZQaW8KIn14YKiCs3JupsvbY7NAzc2zMoGS0BM9 - Vp0dPXlEL9iT5H96jpn/W1ODRqbjmIOs4vCmmb2etvytSnoLNqgx8w== - -----END AGE ENCRYPTED FILE----- - - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCampiMk9BNGVVWUhRdVAy - aW5Db1BYV1FWMCtmRkhiLzZDWWIyckdTaVFnCktPaXppVk9telNGV00yRGJkeFRE - MkU3R1dtd0ZBWE9IUzEvbGlmWkpXeEEKLS0tIEpDWjk3WVZ4c2RIbVdscTZiSUV0 - RDNsSE1CREhpeG5lM2pPRmhkL1NxdjQK6YQBGQT2LscB4+J3y8zUg+eX67CAfDZ/ - zfi7D4W8z3vJZ49329gc5bmjjvYpauWdo/WDsgRYZbvQMil3ug/7dA== - -----END AGE ENCRYPTED FILE----- - - recipient: age10xwq7a4y256yhv02j0u80te0vt4krgfjc68r0uw07t96z7ggmpwqtv38a0 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZjFUL2pxSkNrRjRhb3RE - dVRqbWJrbXd6Sk8yOHEyN0tKQ3hSNnlROEN3Cm44VkxJMDB0Y2daZm5CWEl2TDJL - cUZjRUtYOFlBRUhMMkRBWWk5a05zV00KLS0tIEJySHY5UGJMSjJVMmxMSWp1UlMr - TnhhNERwaGN3TC95S04ybVhoVWM0N1kK9vAj3s57u+3dWVpAb1ttJUZ8hzFmqgWg - yUHXwwfRphdlNr+53kCbZ8XxT9+doeB1nvlrn/9s0J90Alqv6k/vDQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvSHdiQlFDdHJoQVFwSDNN - UUwxMkJ0cmFPcWZrUlNOUHZvd29hY3dVVEM4CitzRVMyWHhiV2wvaGlwRmczTkRr - YXhqS2JjWWc0QlRQUkVoQ05BMkNpZXcKLS0tIGJwTW1IQmg4T0FYRTJ3UWhzV0l5 - TTBrMnBkZ3JGZ0FVakNTR3A5VzNCd28K3CFTudi0ac6MNFdnr0AASIghZGuGdt+i - owcUnRFuJg87RPgSsAWvh1mRMHyBTUEBBop62Lp44H8hLcTXwVRwFg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwL0JNbmNFUEF0VGlWNk5N - SnRNNStpSDcyQ0N4Qy9UNGtlaXc0YS91dVFNCkhZcEY0L1FvaVl1dHdDamEyVE9r - amJaZUxYQ2tqa0pwVHdHZ2RXTFBGSXcKLS0tIFBSTm5pZ1BFMWhpNUl1M3VuSGli - T1drTFFKUFR2MVVtNGhqYmFCQVduWkUKOLhOpIBiYaOZ7JR1X3WYVUq7IESdu2pw - bAsmmjFymFcLvlm2IdFxb1xEh3hj1c6TdzeKkU1dnUSe8N4wnCQJpg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-06T20:14:22Z" - mac: ENC[AES256_GCM,data:GPWu5DjjJ1ki+HRuedGdDCt+2V0RPbOsD/yWJxPIkgu5923vnF8y9y4V6e6+ZsTqHv4hsKeCjKtUnh2Ldn+xadwJmqrIxyJ8NzH5TOvcBxAab9cJCp/yKENw0O1WMUTlDPelvQKMDwbgiebaVVfxbQPUEfJGOgkHkyXrgqN94FU=,iv:h9YALYahUl7mRJmZKjArEfaMrfW9YZkVYd2CEooF13Q=,tag:wotqxup/ouG/bEVOZCs19w==,type:str] - pgp: - - created_at: "2024-07-13T14:51:09Z" - enc: |- - -----BEGIN PGP MESSAGE----- + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFNEhXWDlsNjFIdXdZQkVa + T3RJeWZQOWgva2lMdHZ2MG54QURQK1ZGQnhzCmwvUWZYaGlIeTQ5WStscXU2Y3NM + am9ybGhkdHE5M25uUXVMNmtRRkZlVTgKLS0tIGovcUZFdnkxdjZDck1TczVOTXND + cUdkdEJ0TFBqUmo3US82M0JIZ2ZwcHcKSbLAajoj/GcQIe2LDSTIKy8Ztuw719hF + UIUsPBI8QsUJcLFYm9S47wm6If82Rmj2h4A0wk7dkPj5onSrdFqyiQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPWW9kd2tUYTkyaEROMjBK + NmZPZ3ZBRVpjL0VOeDNHS0libndFeE9TQ1NNCisrVFhza1JwYWt1VVBmSWd0VlQ5 + cDd2LzUyUllUQjdBMldlRFl0R1NxWXMKLS0tIEVIQ3RsZUJjUXVURHl2VEtaZ0xM + MFkwbU1RTnNPdHk5cW9laDhuNS9Ua1kK2QRHbLlQuQRHpjLBTNUV9qkn0+3J7AgV + H/WJH2cIjJcloRkV/vllLQA6Xd2V6aYPyWKaj0htnlthvCcDFa+6vA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6M08vb2l0Rmo3WFRBZWRQ + b2crK3VQR3ZRNE53VzY5U3JkSFNYNXFyUkFnCmJXVlEzSTRKUVp5Y2U3SUtOa2Vj + RlA5WVZ6b3VhWnpJdXlkOWV3VjBxSkUKLS0tIExxYWZNNXpXdTR6eUszRU5CWWZv + RTE3aytzYmR6dUxWSktXNE5kUnFOQmMKwnk9/LjT5sMyyVyFCfTjwTN8I493tRky + Pj2y8u/M+d4s6llA+k5zEBB2yYE+VPRqF4dz3XwqDDomHJb98YAh5w== + -----END AGE ENCRYPTED FILE----- + - recipient: age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQMnorb0s4NFpTdmkyVUxl + Q1ZHRi9QWktTTW5xaWYzUnQrUmNzMXZPemxBCnFVZ2lWeUpPd2hlTjJ0VmJNaWFQ + UFdGTHFxQjVZRGlwTjZ5TURPVzF0RGcKLS0tIGVmZExBMWhmV0RhRDVUNXJyUjUz + L2FsWUhGQWlNSUlJVnNLYkdqakhCbmsKAtnEPfI2fPjRPimEVI7yX4VrYzHvNfnS + juJbqMO6cy544O/5r2mkgUgo7VmUtFHmyrUFgmtpx3Hu22fdGmX4vQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRdXFTUFNhZlptSWMvdndq + aisyNFJ0WjIxa2dYYkptS2FwcGRTTktZNUJBCk1ZWC9sbDYwQUxaQVdqeTE3R1VY + NUZSMjlrRW5USGZBaENGdDJSM0prUlUKLS0tIHBXc1dNYXZkL1NBMThrMkJnSTl1 + cUR3dUZKV1FTK2dKK1FTZndtOW9Ed1kKStJ6/ER1SAGrBGJN4gXjTY0otsRoT9jN + 6sMeD82p4Y3OUOz6QhtzLquwa5pV23TVP0CG4ilK8xPX4K/JklNQmg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1vr69hfmjgkqu47g5hjacet6n2tq4rhwnvdrmfa6n6l7fkqvvafnsaccf8u + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4TDJ0VjJGV1RyVmdjSlly + OEpNbCtxN3dBR1dMYms4Q3U4cW1RU0VWRmswCkpORVRHMmpYRUhsaHVCQ1d3Mmhh + TkY2TFdiWnVieENPeXk2R3oxclJtUzAKLS0tIDFEZFBKUUx4OHgycWozRVBkeWFs + YUpBRWU1Mzg0YlVGb3BXUzQ5Q0MxZk0K8SXgkE0Ixo16alXjSE+ILnE/ZoOWyYVL + +u4LvOur6brdVyvkm8tQjkfzFBwUYMJesgLO5Ws3NBj7dAg/ec1kDg== + -----END AGE ENCRYPTED FILE----- + - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYV2tnZVBMeHhjVTFoYm9E + V3l2dWhvYlRDQzNnS0RKc0g4L1R5WDZzcDNBCjN6RXhHMzhzOG1BSWgwcWNqa2dO + WTdwSVRXbkhVbjI0R1lrY1Zhbk1qSmsKLS0tIGpVaXd6czI5S3VYTTdqNVhGbjB3 + cVZFdXFqVGtwSURSRENzSWhtSnZQaW8KIn14YKiCs3JupsvbY7NAzc2zMoGS0BM9 + Vp0dPXlEL9iT5H96jpn/W1ODRqbjmIOs4vCmmb2etvytSnoLNqgx8w== + -----END AGE ENCRYPTED FILE----- + - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCampiMk9BNGVVWUhRdVAy + aW5Db1BYV1FWMCtmRkhiLzZDWWIyckdTaVFnCktPaXppVk9telNGV00yRGJkeFRE + MkU3R1dtd0ZBWE9IUzEvbGlmWkpXeEEKLS0tIEpDWjk3WVZ4c2RIbVdscTZiSUV0 + RDNsSE1CREhpeG5lM2pPRmhkL1NxdjQK6YQBGQT2LscB4+J3y8zUg+eX67CAfDZ/ + zfi7D4W8z3vJZ49329gc5bmjjvYpauWdo/WDsgRYZbvQMil3ug/7dA== + -----END AGE ENCRYPTED FILE----- + - recipient: age10xwq7a4y256yhv02j0u80te0vt4krgfjc68r0uw07t96z7ggmpwqtv38a0 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZjFUL2pxSkNrRjRhb3RE + dVRqbWJrbXd6Sk8yOHEyN0tKQ3hSNnlROEN3Cm44VkxJMDB0Y2daZm5CWEl2TDJL + cUZjRUtYOFlBRUhMMkRBWWk5a05zV00KLS0tIEJySHY5UGJMSjJVMmxMSWp1UlMr + TnhhNERwaGN3TC95S04ybVhoVWM0N1kK9vAj3s57u+3dWVpAb1ttJUZ8hzFmqgWg + yUHXwwfRphdlNr+53kCbZ8XxT9+doeB1nvlrn/9s0J90Alqv6k/vDQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvSHdiQlFDdHJoQVFwSDNN + UUwxMkJ0cmFPcWZrUlNOUHZvd29hY3dVVEM4CitzRVMyWHhiV2wvaGlwRmczTkRr + YXhqS2JjWWc0QlRQUkVoQ05BMkNpZXcKLS0tIGJwTW1IQmg4T0FYRTJ3UWhzV0l5 + TTBrMnBkZ3JGZ0FVakNTR3A5VzNCd28K3CFTudi0ac6MNFdnr0AASIghZGuGdt+i + owcUnRFuJg87RPgSsAWvh1mRMHyBTUEBBop62Lp44H8hLcTXwVRwFg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwL0JNbmNFUEF0VGlWNk5N + SnRNNStpSDcyQ0N4Qy9UNGtlaXc0YS91dVFNCkhZcEY0L1FvaVl1dHdDamEyVE9r + amJaZUxYQ2tqa0pwVHdHZ2RXTFBGSXcKLS0tIFBSTm5pZ1BFMWhpNUl1M3VuSGli + T1drTFFKUFR2MVVtNGhqYmFCQVduWkUKOLhOpIBiYaOZ7JR1X3WYVUq7IESdu2pw + bAsmmjFymFcLvlm2IdFxb1xEh3hj1c6TdzeKkU1dnUSe8N4wnCQJpg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-16T19:17:41Z" + mac: ENC[AES256_GCM,data:WWOWqwrUtpJWY7o7M6Aac7B9O6tw91yNiL74Fg0TKq4OH/0TGHI7YJK4c9swXs95jctFvFL9qQPTNEENgnqhJyZJGuc2qTsSaKERsSReaV4gURNEm2J2R52EQkyZXRbrn0oSoDazORqRXQo1KvULV75fyIPtsE1OcU/1/TPkWHY=,iv:XwyR6rM+0eTmKg4+vpQx26iKgKm0NL6siKxLoF3MufM=,tag:ks777fUl7uUgn7W48zBoMg==,type:str] + pgp: + - created_at: "2024-07-13T14:51:09Z" + enc: |- + -----BEGIN PGP MESSAGE----- - hQEMA0SHG/zF3227AQgA1FWn6ZQmFi4IRZJtOShKpjdHEPGbD2s8PHD3pYv8edkQ - NnAi/vJimCsTHCLUpzW23jF+CIbUet7s8BWhETAcX+UGp29YbYaaqM2R//FISEQX - JcGGMAnsD0oOX69CCZiKaV0/jLUTU/Aiy+nVgKtMCdWrH54lGd4gKcl0uLRTVz6v - VSaS/zvSK8cxz6il6L37evBw+cC378THiUGkSjJhiAaWVO3oyDW+cTjDodcMC4dU - kk9VPkdGie7vHMuZduADtKkHLHrQRfNLl8SVH0oXko/PJVyNgHar0JoZbRfXoPt6 - xUsAUqSz7XFHDB153FAvJpBMW+JtuzOI9b6w4a4ZadJcAf2f/Lj5Ud9WLEumZ9ig - 75b5Phh6HwqnXiaz+gEvQyfcsHzQjWasIiN/JN27UZ9k6IJQ3LYwqYIY2k8Q3wZ7 - IgSFqNlqLyDlI8FPGIlOKU8iqOlNKKziyhFYgNY= - =Ayke - -----END PGP MESSAGE----- - fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B - unencrypted_suffix: _unencrypted - version: 3.7.3 + hQEMA0SHG/zF3227AQgA1FWn6ZQmFi4IRZJtOShKpjdHEPGbD2s8PHD3pYv8edkQ + NnAi/vJimCsTHCLUpzW23jF+CIbUet7s8BWhETAcX+UGp29YbYaaqM2R//FISEQX + JcGGMAnsD0oOX69CCZiKaV0/jLUTU/Aiy+nVgKtMCdWrH54lGd4gKcl0uLRTVz6v + VSaS/zvSK8cxz6il6L37evBw+cC378THiUGkSjJhiAaWVO3oyDW+cTjDodcMC4dU + kk9VPkdGie7vHMuZduADtKkHLHrQRfNLl8SVH0oXko/PJVyNgHar0JoZbRfXoPt6 + xUsAUqSz7XFHDB153FAvJpBMW+JtuzOI9b6w4a4ZadJcAf2f/Lj5Ud9WLEumZ9ig + 75b5Phh6HwqnXiaz+gEvQyfcsHzQjWasIiN/JN27UZ9k6IJQ3LYwqYIY2k8Q3wZ7 + IgSFqNlqLyDlI8FPGIlOKU8iqOlNKKziyhFYgNY= + =Ayke + -----END PGP MESSAGE----- + fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B + unencrypted_suffix: _unencrypted + version: 3.8.1 From 61492aefc6883ca0319fe0a40e11629dd87de548 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 16 Nov 2024 20:55:43 +0100 Subject: [PATCH 210/305] feat(vscode): inline nix4vscode call --- nix/devShells.nix | 4 ++-- nix/home-manager/programs/vscode/default.nix | 25 +++++++++++++++----- nix/os/snippets/nix-settings.nix | 1 + 3 files changed, 22 insertions(+), 8 deletions(-) diff --git a/nix/devShells.nix b/nix/devShells.nix index 293af3c..b86a82a 100644 --- a/nix/devShells.nix +++ b/nix/devShells.nix @@ -91,12 +91,12 @@ KANIDM_URL = self.nixosConfigurations.sj-srv1.config.containers.webserver.config.services.kanidm.serverSettings.origin; - shellHook = + shellHook = builtins.concatStringsSep "\n" [ (self.inputs.nixago.lib.${pkgs.system}.make { data = self'.formatter.settings; output = "treefmt.toml"; format = "toml"; }).shellHook - + ''''; + ]; }; } diff --git a/nix/home-manager/programs/vscode/default.nix b/nix/home-manager/programs/vscode/default.nix index 5fbf2d1..1dbfcea 100644 --- a/nix/home-manager/programs/vscode/default.nix +++ b/nix/home-manager/programs/vscode/default.nix @@ -59,7 +59,7 @@ in ) ++ ( let - nix4vscodeConfig = pkgs.writeText "nix4vscode.toml" '' + nix4vscodeToml = pkgs.writeText "nix4vscode.toml" '' vscode_version = "${config.programs.vscode.package.version}" [[extensions]] @@ -70,18 +70,31 @@ in publisher_name = "ibecker" extension_name = "treefmt-vscode" ''; - nix4vscode = + nix4vscodeNix = pkgs.runCommand "nix4vscode.nix" { + # nix4vscode needs internet access __noChroot = true; - nativeBuildInputs = [ repoFlake.inputs.nix4vscode.packages.${pkgs.stdenv.system}.default ]; + requiredSystemFeatures = [ "recursive-nix" ]; + buildInputs = [ + pkgs.nix + pkgs.cacert + repoFlake.inputs.nix4vscode.packages.${pkgs.stdenv.system}.default + # pkgs.strace + ]; + # outputHashAlgo = "sha256"; + # outputHashMode = "recursive"; + # outputHash = lib.fakeSha256; } '' - export RUST_BACKTRACE=full + # set -x + # export RUST_BACKTRACE=full + # export RUST_LOG=trace export HOME=$(mktemp -d) - nix4vscode ${nix4vscodeConfig} > $out + # strace -ffZyyY + nix4vscode ${nix4vscodeToml} > $out ''; - nix4vscodeExtensions = builtins.removeAttrs (pkgs.callPackage nix4vscode { }) [ + nix4vscodeExtensions = builtins.removeAttrs (pkgs.callPackage nix4vscodeNix { }) [ "override" "overrideDerivation" ]; diff --git a/nix/os/snippets/nix-settings.nix b/nix/os/snippets/nix-settings.nix index 6daaaef..6340977 100644 --- a/nix/os/snippets/nix-settings.nix +++ b/nix/os/snippets/nix-settings.nix @@ -19,6 +19,7 @@ in "nix-command" "flakes" "ca-derivations" + "recursive-nix" ]; nix.settings.system-features = [ From 720892ea597c8ae9a9043ec9178444e41d8938ca Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 23 Nov 2024 14:41:22 +0100 Subject: [PATCH 211/305] flake: copy all of self in get-flake args --- flake.nix | 51 +++++++-------------------------------------------- 1 file changed, 7 insertions(+), 44 deletions(-) diff --git a/flake.nix b/flake.nix index b80df88..562a280 100644 --- a/flake.nix +++ b/flake.nix @@ -161,7 +161,7 @@ inherit nodeName; repoFlake = self; repoFlakeWithSystem = withSystem; - nodeFlake = self.inputs.get-flake ./nix/os/devices/${nodeName}; + nodeFlake = self.inputs.get-flake (self + "/nix/os/devices/${nodeName}"); } ) [ @@ -190,7 +190,7 @@ flake.nixosConfigurations = let colmenaHive = (inputs.colmena.lib.makeHive self.outputs.colmena).nodes; - router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations; + router0-dmz0 = (inputs.get-flake (self + "/nix/os/devices/router0-dmz0")).nixosConfigurations; in colmenaHive // { @@ -200,7 +200,7 @@ # nixos-rebuild switch --flake .\#router0-dmz0_cross --build-host localhost --target-host root@192.168.10.1 router0-dmz0_cross = router0-dmz0.cross; - steveej-x13s_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations.cross; + steveej-x13s_cross = (inputs.get-flake (self + "./nix/os/devices/steveej-x13s")).nixosConfigurations.cross; steveej-x13s-rmvbl_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s-rmvbl).nixosConfigurations.cross; }; @@ -234,47 +234,10 @@ inherit (inputs'.colmena.packages) colmena; - prs = pkgs.callPackage ( - { - dbus, - glib, - gpgme, - gtk3, - libxcb, - libxkbcommon, - installShellFiles, - pkg-config, - python3, - }: - craneLib.buildPackage { - pname = "prs"; - version = inputs.prs.shortRev; - src = inputs.prs; - nativeBuildInputs = [ - gpgme - installShellFiles - pkg-config - python3 - ]; - - buildInputs = [ - dbus - glib - gpgme - gtk3 - libxcb - libxkbcommon - ]; - - cargoExtraArgs = "--features backend-gpgme"; - - postInstall = '' - for shell in bash fish zsh; do - installShellCompletion --cmd prs --$shell <($out/bin/prs internal completions $shell --stdout) - done - ''; - } - ) { }; + prs = pkgs.prs.overrideAttrs(_: { + src = inputs.prs; + version = inputs.prs.shortRev; + }); nomad = inputs'.nixpkgs-unstable.legacyPackages.nomad_1_6; From b228938d63ee1f9137ca62ea1e685c9e1a1a951f Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 23 Nov 2024 14:42:12 +0100 Subject: [PATCH 212/305] vscode: keep only nixfmt-rfc-style --- nix/home-manager/programs/openvscode-server.nix | 4 +--- nix/home-manager/programs/vscode/default.nix | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/nix/home-manager/programs/openvscode-server.nix b/nix/home-manager/programs/openvscode-server.nix index 165ff4e..4b01360 100644 --- a/nix/home-manager/programs/openvscode-server.nix +++ b/nix/home-manager/programs/openvscode-server.nix @@ -6,9 +6,7 @@ in home.packages = [ pkgs.nil pkgs.nixd - pkgs.nixpkgs-fmt - pkgs.alejandra - pkgs.nixfmt + pkgs.nixfmt-rfc-style # TODO: automate linking this # 1. get the commit with: `codium --version` diff --git a/nix/home-manager/programs/vscode/default.nix b/nix/home-manager/programs/vscode/default.nix index 1dbfcea..fb5e527 100644 --- a/nix/home-manager/programs/vscode/default.nix +++ b/nix/home-manager/programs/vscode/default.nix @@ -108,8 +108,8 @@ in }; home.packages = [ - pkgs.nixpkgs-fmt pkgs.nil + pkgs.nixfmt-rfc-style ]; } # TODO: automate From 2a1043932d4a0548a5b5fbfc6db9bbd642c2137c Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 23 Nov 2024 14:42:52 +0100 Subject: [PATCH 213/305] router0-dmz0: bump to 24.11 --- nix/os/devices/router0-dmz0/configuration.nix | 5 +- nix/os/devices/router0-dmz0/flake.lock | 50 +++++++++---------- nix/os/devices/router0-dmz0/flake.nix | 10 ++-- 3 files changed, 36 insertions(+), 29 deletions(-) diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 7395600..4c8b5ee 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -384,6 +384,10 @@ in systemd.network = { wait-online.anyInterface = true; + config.networkConfig = { + IPv4Forwarding = true; + IPv6Forwarding = true; + }; netdevs = let router0-ifog_wg0Endpoint = "${repoFlake.colmena.router0-ifog.deployment.targetHost}:${builtins.toString repoFlake.nixosConfigurations.router0-ifog.config.systemd.network.netdevs.wg0.wireguardConfig.ListenPort}"; @@ -537,7 +541,6 @@ in DHCP = true; DNSOverTLS = true; DNSSEC = true; - IPForward = true; # accept Router Advertisements for Stateless IPv6 Autoconfiguraton (SLAAC) IPv6AcceptRA = true; diff --git a/nix/os/devices/router0-dmz0/flake.lock b/nix/os/devices/router0-dmz0/flake.lock index 33a204d..6fe1eed 100644 --- a/nix/os/devices/router0-dmz0/flake.lock +++ b/nix/os/devices/router0-dmz0/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1728109432, - "narHash": "sha256-wmbErh8FG7dRKOtMMpHUqDtFjeqt9Zjx4zssSeTalwU=", + "lastModified": 1732221404, + "narHash": "sha256-fWTyjgGt+BHmkeJ5IxOR4zGF4/uc+ceWmhBjOBSVkgQ=", "owner": "nix-community", "repo": "disko", - "rev": "48ebb577855fb2398653f033b3b2208a9249203d", + "rev": "97c0c4d7072f19b598ed332e9f7f8ad562c6885b", "type": "github" }, "original": { @@ -63,16 +63,16 @@ ] }, "locked": { - "lastModified": 1726989464, - "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", + "lastModified": 1731880681, + "narHash": "sha256-FmYTkIyPBUxSWgA7DPIVTsCCMvSSbs56yOtHpLNSnKg=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", + "rev": "aecd341dfead1c3ef7a3c15468ecd71e8343b7c6", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.05", + "ref": "release-24.11", "repo": "home-manager", "type": "github" } @@ -80,11 +80,11 @@ "hostapd": { "flake": false, "locked": { - "lastModified": 1727905939, - "narHash": "sha256-LZHwXN8lBcDpKQVB3GcYI0SVzj6WXd2E0GDqhQh503w=", + "lastModified": 1732101105, + "narHash": "sha256-u/n1vkmRBpcq669kXpCdgfF5I+gL7DkV/0wWhyc2sSA=", "ref": "refs/heads/main", - "rev": "d84323d05ef30cdcf343884ac34420caf72145bd", - "revCount": 19910, + "rev": "25d29d65aa6df173eb9f6b44d4dc0536df66b4ba", + "revCount": 20028, "type": "git", "url": "git://w1.fi/hostap.git?branch=main" }, @@ -121,43 +121,43 @@ ] }, "locked": { - "lastModified": 1723893138, - "narHash": "sha256-TCGUFSBIaItvaFa+ydPII+Ayrn3OHfV1220RLgtWh5s=", + "lastModified": 1732269090, + "narHash": "sha256-tISFHFFb96UbgFZ3a36q2lfaKcXzxAyVt50GykfSqUM=", "owner": "steveej-forks", "repo": "nakato_nixos-sbc", - "rev": "5fb94671a47229e269383e736cb1764c94803ebb", + "rev": "e67d80bf50a725ff3b0003d92f9280a33dbf8967", "type": "github" }, "original": { "owner": "steveej-forks", - "ref": "kernel-6.10_and_cross-compile_mtkbump", + "ref": "wifi-workaround", "repo": "nakato_nixos-sbc", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1728067476, - "narHash": "sha256-/uJcVXuBt+VFCPQIX+4YnYrHaubJSx4HoNsJVNRgANM=", + "lastModified": 1731755305, + "narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6e6b3dd395c3b1eb9be9f2d096383a8d05add030", + "rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-24.05", + "ref": "nixos-24.11", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1728018373, - "narHash": "sha256-NOiTvBbRLIOe5F6RbHaAh6++BNjsb149fGZd1T4+KBg=", + "lastModified": 1732014248, + "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "bc947f541ae55e999ffdb4013441347d83b00feb", + "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", "type": "github" }, "original": { @@ -206,11 +206,11 @@ ] }, "locked": { - "lastModified": 1728127082, - "narHash": "sha256-MDU/aVPcR5Fk+x1B+SAsyYG47k5cvFvGTrqZIev2Jck=", + "lastModified": 1732050592, + "narHash": "sha256-WuGCnlt1xhHJfsHpPXdV3gH9Khe4gJ1+abWCHFcddvM=", "owner": "numtide", "repo": "srvos", - "rev": "7aaa72eb804248436ea20c084a7891a383e23b02", + "rev": "be4533b50ac69cd871ab73d4101c47b397b8c143", "type": "github" }, "original": { diff --git a/nix/os/devices/router0-dmz0/flake.nix b/nix/os/devices/router0-dmz0/flake.nix index fc8504b..3ed95ae 100644 --- a/nix/os/devices/router0-dmz0/flake.nix +++ b/nix/os/devices/router0-dmz0/flake.nix @@ -1,11 +1,11 @@ { inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; get-flake.url = "github:ursi/get-flake"; - home-manager.url = "github:nix-community/home-manager/release-24.05"; + home-manager.url = "github:nix-community/home-manager/release-24.11"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; disko.url = "github:nix-community/disko"; @@ -17,7 +17,7 @@ # "github:nakato/nixos-sbc" # "github:steveej-forks/nakato_nixos-sbc/kernel-6.9_and_cross-compile" # "github:steveej-forks/nakato_nixos-sbc/kernel-6.10_and_cross-compile" - "github:steveej-forks/nakato_nixos-sbc/kernel-6.10_and_cross-compile_mtkbump" + "github:steveej-forks/nakato_nixos-sbc/wifi-workaround" # "git+file:///home/steveej/src/others/nakato_nixos-sbc/" ; nixos-sbc.inputs.nixpkgs.follows = "nixpkgs"; @@ -37,6 +37,8 @@ # url = "file+https://raw.githubusercontent.com/openwrt/openwrt/847984c773d819d5579d5abae4b80a4983103ed9/package/network/services/hostapd/patches/710-vlan_no_bridge.patch"; # flake = false; # }; + + # repoFlake.url = "path:../../../.."; }; outputs = @@ -63,6 +65,8 @@ inherit nodeName; repoFlake = get-flake ../../../..; + # repoFlake = get-flake ./.; + # repoFlake = self.inputs.repoFlake; nodeFlake = self; }).meta.nodeSpecialArgs.${nodeName}; From 229b3cb0d39fd8dfe88f3ca4bb8d46f889f1d929 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 23 Nov 2024 14:43:21 +0100 Subject: [PATCH 214/305] steveej-x13s: bump kernel --- nix/os/devices/steveej-x13s/configuration.nix | 2 +- nix/os/devices/steveej-x13s/flake.lock | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 21462e0..3d49400 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -127,7 +127,7 @@ "kvm" "nixos-test" ]; - maxJobs = 4; + maxJobs = 8; } { diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index e9dcc75..6846e10 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -165,16 +165,16 @@ "linux-jhovold": { "flake": false, "locked": { - "lastModified": 1730883079, - "narHash": "sha256-+ZU70M+mqo9SZNLkVtCM0+TdXEh7X39Kxmk6z58GMaM=", + "lastModified": 1731424601, + "narHash": "sha256-+ErrKhGSyiBJGwO1XrfxzsLoGWoJmVD2ldi5Ag5uJqE=", "owner": "jhovold", "repo": "linux", - "rev": "9e9890798b6b4e81db66c572ee6acd291cf8cb77", + "rev": "15326bf5cbf6526eefb10cb5bc112a6a95990ec2", "type": "github" }, "original": { "owner": "jhovold", - "ref": "wip/sc8280xp-6.12-rc6", + "ref": "wip/sc8280xp-6.12-rc7", "repo": "linux", "type": "github" } @@ -247,11 +247,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1731101150, - "narHash": "sha256-M9xa6UX6eidLFEfwHWkHkFJ+OgjuFqCIvuqsDSReyy4=", + "lastModified": 1731793780, + "narHash": "sha256-gOpR24dG7PUktUmlF2nDg0nqvlli7ZC179ngYMpGlfw=", "ref": "bump", - "rev": "b74e8bfe82f059a5854cfc40f7206191edff365d", - "revCount": 117, + "rev": "b957608c2a0b7808f17588be2f38d8ddb6321b2f", + "revCount": 118, "type": "git", "url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git" }, From 9f191484f982ec1c10a8d9456c2fd30768d1d218 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 24 Nov 2024 16:10:30 +0100 Subject: [PATCH 215/305] format secrets via nix fmt --- secrets/shared-users.yaml | 246 +++++++++++++++++++------------------- 1 file changed, 123 insertions(+), 123 deletions(-) diff --git a/secrets/shared-users.yaml b/secrets/shared-users.yaml index c3d101e..df86def 100644 --- a/secrets/shared-users.yaml +++ b/secrets/shared-users.yaml @@ -10,127 +10,127 @@ sharedUsers-radicale: ENC[AES256_GCM,data:Mn1QIwQDX0ZnZ0Jbk1RYY60k+XbbGPYYf+NG3x sharedUsers-elias: ENC[AES256_GCM,data:RsGDCguYkqegKhkO20lr8HjrTABAaNJmDiGK3DhhbX1sOLMweZwDtESvYjCfAOzWpiAaFh0BqevMkuUcEYQTBubSX+X0EZ0dFrdbVxIe7lq7Dosds98SqKLL4zWqe2y2qsphvj+oAz7Utg==,iv:JXIbyqAUt1OcB+bvgK6H2NU6Ip4nWRJ1/Hje75FfHC4=,tag:kPFALVkf1GbRj1J85SZm6Q==,type:str] sharedUsers-justyna: ENC[AES256_GCM,data:BGVp2QppWWaYHK3rwLlyy7SOWxSqKGsn7lemWe0KUzgiQc6D8ivYvXdGaAhJNvhgVTxlK6BZOacG4NESWf5hi7sN8AkwTT/6pa9WzhQQGNnwZIaVulXeddzFlebbh8pAt0WYV82DRejX3Q==,iv:RMysIp0pMnCLhWogWiGq4IpZA43sd0DPj3jeV0oRkY8=,tag:VvXPzyGAoATlSedvV2prJA==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFNEhXWDlsNjFIdXdZQkVa - T3RJeWZQOWgva2lMdHZ2MG54QURQK1ZGQnhzCmwvUWZYaGlIeTQ5WStscXU2Y3NM - am9ybGhkdHE5M25uUXVMNmtRRkZlVTgKLS0tIGovcUZFdnkxdjZDck1TczVOTXND - cUdkdEJ0TFBqUmo3US82M0JIZ2ZwcHcKSbLAajoj/GcQIe2LDSTIKy8Ztuw719hF - UIUsPBI8QsUJcLFYm9S47wm6If82Rmj2h4A0wk7dkPj5onSrdFqyiQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPWW9kd2tUYTkyaEROMjBK - NmZPZ3ZBRVpjL0VOeDNHS0libndFeE9TQ1NNCisrVFhza1JwYWt1VVBmSWd0VlQ5 - cDd2LzUyUllUQjdBMldlRFl0R1NxWXMKLS0tIEVIQ3RsZUJjUXVURHl2VEtaZ0xM - MFkwbU1RTnNPdHk5cW9laDhuNS9Ua1kK2QRHbLlQuQRHpjLBTNUV9qkn0+3J7AgV - H/WJH2cIjJcloRkV/vllLQA6Xd2V6aYPyWKaj0htnlthvCcDFa+6vA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6M08vb2l0Rmo3WFRBZWRQ - b2crK3VQR3ZRNE53VzY5U3JkSFNYNXFyUkFnCmJXVlEzSTRKUVp5Y2U3SUtOa2Vj - RlA5WVZ6b3VhWnpJdXlkOWV3VjBxSkUKLS0tIExxYWZNNXpXdTR6eUszRU5CWWZv - RTE3aytzYmR6dUxWSktXNE5kUnFOQmMKwnk9/LjT5sMyyVyFCfTjwTN8I493tRky - Pj2y8u/M+d4s6llA+k5zEBB2yYE+VPRqF4dz3XwqDDomHJb98YAh5w== - -----END AGE ENCRYPTED FILE----- - - recipient: age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQMnorb0s4NFpTdmkyVUxl - Q1ZHRi9QWktTTW5xaWYzUnQrUmNzMXZPemxBCnFVZ2lWeUpPd2hlTjJ0VmJNaWFQ - UFdGTHFxQjVZRGlwTjZ5TURPVzF0RGcKLS0tIGVmZExBMWhmV0RhRDVUNXJyUjUz - L2FsWUhGQWlNSUlJVnNLYkdqakhCbmsKAtnEPfI2fPjRPimEVI7yX4VrYzHvNfnS - juJbqMO6cy544O/5r2mkgUgo7VmUtFHmyrUFgmtpx3Hu22fdGmX4vQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRdXFTUFNhZlptSWMvdndq - aisyNFJ0WjIxa2dYYkptS2FwcGRTTktZNUJBCk1ZWC9sbDYwQUxaQVdqeTE3R1VY - NUZSMjlrRW5USGZBaENGdDJSM0prUlUKLS0tIHBXc1dNYXZkL1NBMThrMkJnSTl1 - cUR3dUZKV1FTK2dKK1FTZndtOW9Ed1kKStJ6/ER1SAGrBGJN4gXjTY0otsRoT9jN - 6sMeD82p4Y3OUOz6QhtzLquwa5pV23TVP0CG4ilK8xPX4K/JklNQmg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1vr69hfmjgkqu47g5hjacet6n2tq4rhwnvdrmfa6n6l7fkqvvafnsaccf8u - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4TDJ0VjJGV1RyVmdjSlly - OEpNbCtxN3dBR1dMYms4Q3U4cW1RU0VWRmswCkpORVRHMmpYRUhsaHVCQ1d3Mmhh - TkY2TFdiWnVieENPeXk2R3oxclJtUzAKLS0tIDFEZFBKUUx4OHgycWozRVBkeWFs - YUpBRWU1Mzg0YlVGb3BXUzQ5Q0MxZk0K8SXgkE0Ixo16alXjSE+ILnE/ZoOWyYVL - +u4LvOur6brdVyvkm8tQjkfzFBwUYMJesgLO5Ws3NBj7dAg/ec1kDg== - -----END AGE ENCRYPTED FILE----- - - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYV2tnZVBMeHhjVTFoYm9E - V3l2dWhvYlRDQzNnS0RKc0g4L1R5WDZzcDNBCjN6RXhHMzhzOG1BSWgwcWNqa2dO - WTdwSVRXbkhVbjI0R1lrY1Zhbk1qSmsKLS0tIGpVaXd6czI5S3VYTTdqNVhGbjB3 - cVZFdXFqVGtwSURSRENzSWhtSnZQaW8KIn14YKiCs3JupsvbY7NAzc2zMoGS0BM9 - Vp0dPXlEL9iT5H96jpn/W1ODRqbjmIOs4vCmmb2etvytSnoLNqgx8w== - -----END AGE ENCRYPTED FILE----- - - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCampiMk9BNGVVWUhRdVAy - aW5Db1BYV1FWMCtmRkhiLzZDWWIyckdTaVFnCktPaXppVk9telNGV00yRGJkeFRE - MkU3R1dtd0ZBWE9IUzEvbGlmWkpXeEEKLS0tIEpDWjk3WVZ4c2RIbVdscTZiSUV0 - RDNsSE1CREhpeG5lM2pPRmhkL1NxdjQK6YQBGQT2LscB4+J3y8zUg+eX67CAfDZ/ - zfi7D4W8z3vJZ49329gc5bmjjvYpauWdo/WDsgRYZbvQMil3ug/7dA== - -----END AGE ENCRYPTED FILE----- - - recipient: age10xwq7a4y256yhv02j0u80te0vt4krgfjc68r0uw07t96z7ggmpwqtv38a0 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZjFUL2pxSkNrRjRhb3RE - dVRqbWJrbXd6Sk8yOHEyN0tKQ3hSNnlROEN3Cm44VkxJMDB0Y2daZm5CWEl2TDJL - cUZjRUtYOFlBRUhMMkRBWWk5a05zV00KLS0tIEJySHY5UGJMSjJVMmxMSWp1UlMr - TnhhNERwaGN3TC95S04ybVhoVWM0N1kK9vAj3s57u+3dWVpAb1ttJUZ8hzFmqgWg - yUHXwwfRphdlNr+53kCbZ8XxT9+doeB1nvlrn/9s0J90Alqv6k/vDQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvSHdiQlFDdHJoQVFwSDNN - UUwxMkJ0cmFPcWZrUlNOUHZvd29hY3dVVEM4CitzRVMyWHhiV2wvaGlwRmczTkRr - YXhqS2JjWWc0QlRQUkVoQ05BMkNpZXcKLS0tIGJwTW1IQmg4T0FYRTJ3UWhzV0l5 - TTBrMnBkZ3JGZ0FVakNTR3A5VzNCd28K3CFTudi0ac6MNFdnr0AASIghZGuGdt+i - owcUnRFuJg87RPgSsAWvh1mRMHyBTUEBBop62Lp44H8hLcTXwVRwFg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwL0JNbmNFUEF0VGlWNk5N - SnRNNStpSDcyQ0N4Qy9UNGtlaXc0YS91dVFNCkhZcEY0L1FvaVl1dHdDamEyVE9r - amJaZUxYQ2tqa0pwVHdHZ2RXTFBGSXcKLS0tIFBSTm5pZ1BFMWhpNUl1M3VuSGli - T1drTFFKUFR2MVVtNGhqYmFCQVduWkUKOLhOpIBiYaOZ7JR1X3WYVUq7IESdu2pw - bAsmmjFymFcLvlm2IdFxb1xEh3hj1c6TdzeKkU1dnUSe8N4wnCQJpg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-16T19:17:41Z" - mac: ENC[AES256_GCM,data:WWOWqwrUtpJWY7o7M6Aac7B9O6tw91yNiL74Fg0TKq4OH/0TGHI7YJK4c9swXs95jctFvFL9qQPTNEENgnqhJyZJGuc2qTsSaKERsSReaV4gURNEm2J2R52EQkyZXRbrn0oSoDazORqRXQo1KvULV75fyIPtsE1OcU/1/TPkWHY=,iv:XwyR6rM+0eTmKg4+vpQx26iKgKm0NL6siKxLoF3MufM=,tag:ks777fUl7uUgn7W48zBoMg==,type:str] - pgp: - - created_at: "2024-07-13T14:51:09Z" - enc: |- - -----BEGIN PGP MESSAGE----- + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFNEhXWDlsNjFIdXdZQkVa + T3RJeWZQOWgva2lMdHZ2MG54QURQK1ZGQnhzCmwvUWZYaGlIeTQ5WStscXU2Y3NM + am9ybGhkdHE5M25uUXVMNmtRRkZlVTgKLS0tIGovcUZFdnkxdjZDck1TczVOTXND + cUdkdEJ0TFBqUmo3US82M0JIZ2ZwcHcKSbLAajoj/GcQIe2LDSTIKy8Ztuw719hF + UIUsPBI8QsUJcLFYm9S47wm6If82Rmj2h4A0wk7dkPj5onSrdFqyiQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPWW9kd2tUYTkyaEROMjBK + NmZPZ3ZBRVpjL0VOeDNHS0libndFeE9TQ1NNCisrVFhza1JwYWt1VVBmSWd0VlQ5 + cDd2LzUyUllUQjdBMldlRFl0R1NxWXMKLS0tIEVIQ3RsZUJjUXVURHl2VEtaZ0xM + MFkwbU1RTnNPdHk5cW9laDhuNS9Ua1kK2QRHbLlQuQRHpjLBTNUV9qkn0+3J7AgV + H/WJH2cIjJcloRkV/vllLQA6Xd2V6aYPyWKaj0htnlthvCcDFa+6vA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6M08vb2l0Rmo3WFRBZWRQ + b2crK3VQR3ZRNE53VzY5U3JkSFNYNXFyUkFnCmJXVlEzSTRKUVp5Y2U3SUtOa2Vj + RlA5WVZ6b3VhWnpJdXlkOWV3VjBxSkUKLS0tIExxYWZNNXpXdTR6eUszRU5CWWZv + RTE3aytzYmR6dUxWSktXNE5kUnFOQmMKwnk9/LjT5sMyyVyFCfTjwTN8I493tRky + Pj2y8u/M+d4s6llA+k5zEBB2yYE+VPRqF4dz3XwqDDomHJb98YAh5w== + -----END AGE ENCRYPTED FILE----- + - recipient: age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQMnorb0s4NFpTdmkyVUxl + Q1ZHRi9QWktTTW5xaWYzUnQrUmNzMXZPemxBCnFVZ2lWeUpPd2hlTjJ0VmJNaWFQ + UFdGTHFxQjVZRGlwTjZ5TURPVzF0RGcKLS0tIGVmZExBMWhmV0RhRDVUNXJyUjUz + L2FsWUhGQWlNSUlJVnNLYkdqakhCbmsKAtnEPfI2fPjRPimEVI7yX4VrYzHvNfnS + juJbqMO6cy544O/5r2mkgUgo7VmUtFHmyrUFgmtpx3Hu22fdGmX4vQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRdXFTUFNhZlptSWMvdndq + aisyNFJ0WjIxa2dYYkptS2FwcGRTTktZNUJBCk1ZWC9sbDYwQUxaQVdqeTE3R1VY + NUZSMjlrRW5USGZBaENGdDJSM0prUlUKLS0tIHBXc1dNYXZkL1NBMThrMkJnSTl1 + cUR3dUZKV1FTK2dKK1FTZndtOW9Ed1kKStJ6/ER1SAGrBGJN4gXjTY0otsRoT9jN + 6sMeD82p4Y3OUOz6QhtzLquwa5pV23TVP0CG4ilK8xPX4K/JklNQmg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1vr69hfmjgkqu47g5hjacet6n2tq4rhwnvdrmfa6n6l7fkqvvafnsaccf8u + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4TDJ0VjJGV1RyVmdjSlly + OEpNbCtxN3dBR1dMYms4Q3U4cW1RU0VWRmswCkpORVRHMmpYRUhsaHVCQ1d3Mmhh + TkY2TFdiWnVieENPeXk2R3oxclJtUzAKLS0tIDFEZFBKUUx4OHgycWozRVBkeWFs + YUpBRWU1Mzg0YlVGb3BXUzQ5Q0MxZk0K8SXgkE0Ixo16alXjSE+ILnE/ZoOWyYVL + +u4LvOur6brdVyvkm8tQjkfzFBwUYMJesgLO5Ws3NBj7dAg/ec1kDg== + -----END AGE ENCRYPTED FILE----- + - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYV2tnZVBMeHhjVTFoYm9E + V3l2dWhvYlRDQzNnS0RKc0g4L1R5WDZzcDNBCjN6RXhHMzhzOG1BSWgwcWNqa2dO + WTdwSVRXbkhVbjI0R1lrY1Zhbk1qSmsKLS0tIGpVaXd6czI5S3VYTTdqNVhGbjB3 + cVZFdXFqVGtwSURSRENzSWhtSnZQaW8KIn14YKiCs3JupsvbY7NAzc2zMoGS0BM9 + Vp0dPXlEL9iT5H96jpn/W1ODRqbjmIOs4vCmmb2etvytSnoLNqgx8w== + -----END AGE ENCRYPTED FILE----- + - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCampiMk9BNGVVWUhRdVAy + aW5Db1BYV1FWMCtmRkhiLzZDWWIyckdTaVFnCktPaXppVk9telNGV00yRGJkeFRE + MkU3R1dtd0ZBWE9IUzEvbGlmWkpXeEEKLS0tIEpDWjk3WVZ4c2RIbVdscTZiSUV0 + RDNsSE1CREhpeG5lM2pPRmhkL1NxdjQK6YQBGQT2LscB4+J3y8zUg+eX67CAfDZ/ + zfi7D4W8z3vJZ49329gc5bmjjvYpauWdo/WDsgRYZbvQMil3ug/7dA== + -----END AGE ENCRYPTED FILE----- + - recipient: age10xwq7a4y256yhv02j0u80te0vt4krgfjc68r0uw07t96z7ggmpwqtv38a0 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZjFUL2pxSkNrRjRhb3RE + dVRqbWJrbXd6Sk8yOHEyN0tKQ3hSNnlROEN3Cm44VkxJMDB0Y2daZm5CWEl2TDJL + cUZjRUtYOFlBRUhMMkRBWWk5a05zV00KLS0tIEJySHY5UGJMSjJVMmxMSWp1UlMr + TnhhNERwaGN3TC95S04ybVhoVWM0N1kK9vAj3s57u+3dWVpAb1ttJUZ8hzFmqgWg + yUHXwwfRphdlNr+53kCbZ8XxT9+doeB1nvlrn/9s0J90Alqv6k/vDQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvSHdiQlFDdHJoQVFwSDNN + UUwxMkJ0cmFPcWZrUlNOUHZvd29hY3dVVEM4CitzRVMyWHhiV2wvaGlwRmczTkRr + YXhqS2JjWWc0QlRQUkVoQ05BMkNpZXcKLS0tIGJwTW1IQmg4T0FYRTJ3UWhzV0l5 + TTBrMnBkZ3JGZ0FVakNTR3A5VzNCd28K3CFTudi0ac6MNFdnr0AASIghZGuGdt+i + owcUnRFuJg87RPgSsAWvh1mRMHyBTUEBBop62Lp44H8hLcTXwVRwFg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwL0JNbmNFUEF0VGlWNk5N + SnRNNStpSDcyQ0N4Qy9UNGtlaXc0YS91dVFNCkhZcEY0L1FvaVl1dHdDamEyVE9r + amJaZUxYQ2tqa0pwVHdHZ2RXTFBGSXcKLS0tIFBSTm5pZ1BFMWhpNUl1M3VuSGli + T1drTFFKUFR2MVVtNGhqYmFCQVduWkUKOLhOpIBiYaOZ7JR1X3WYVUq7IESdu2pw + bAsmmjFymFcLvlm2IdFxb1xEh3hj1c6TdzeKkU1dnUSe8N4wnCQJpg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-16T19:17:41Z" + mac: ENC[AES256_GCM,data:WWOWqwrUtpJWY7o7M6Aac7B9O6tw91yNiL74Fg0TKq4OH/0TGHI7YJK4c9swXs95jctFvFL9qQPTNEENgnqhJyZJGuc2qTsSaKERsSReaV4gURNEm2J2R52EQkyZXRbrn0oSoDazORqRXQo1KvULV75fyIPtsE1OcU/1/TPkWHY=,iv:XwyR6rM+0eTmKg4+vpQx26iKgKm0NL6siKxLoF3MufM=,tag:ks777fUl7uUgn7W48zBoMg==,type:str] + pgp: + - created_at: "2024-07-13T14:51:09Z" + enc: |- + -----BEGIN PGP MESSAGE----- - hQEMA0SHG/zF3227AQgA1FWn6ZQmFi4IRZJtOShKpjdHEPGbD2s8PHD3pYv8edkQ - NnAi/vJimCsTHCLUpzW23jF+CIbUet7s8BWhETAcX+UGp29YbYaaqM2R//FISEQX - JcGGMAnsD0oOX69CCZiKaV0/jLUTU/Aiy+nVgKtMCdWrH54lGd4gKcl0uLRTVz6v - VSaS/zvSK8cxz6il6L37evBw+cC378THiUGkSjJhiAaWVO3oyDW+cTjDodcMC4dU - kk9VPkdGie7vHMuZduADtKkHLHrQRfNLl8SVH0oXko/PJVyNgHar0JoZbRfXoPt6 - xUsAUqSz7XFHDB153FAvJpBMW+JtuzOI9b6w4a4ZadJcAf2f/Lj5Ud9WLEumZ9ig - 75b5Phh6HwqnXiaz+gEvQyfcsHzQjWasIiN/JN27UZ9k6IJQ3LYwqYIY2k8Q3wZ7 - IgSFqNlqLyDlI8FPGIlOKU8iqOlNKKziyhFYgNY= - =Ayke - -----END PGP MESSAGE----- - fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B - unencrypted_suffix: _unencrypted - version: 3.8.1 + hQEMA0SHG/zF3227AQgA1FWn6ZQmFi4IRZJtOShKpjdHEPGbD2s8PHD3pYv8edkQ + NnAi/vJimCsTHCLUpzW23jF+CIbUet7s8BWhETAcX+UGp29YbYaaqM2R//FISEQX + JcGGMAnsD0oOX69CCZiKaV0/jLUTU/Aiy+nVgKtMCdWrH54lGd4gKcl0uLRTVz6v + VSaS/zvSK8cxz6il6L37evBw+cC378THiUGkSjJhiAaWVO3oyDW+cTjDodcMC4dU + kk9VPkdGie7vHMuZduADtKkHLHrQRfNLl8SVH0oXko/PJVyNgHar0JoZbRfXoPt6 + xUsAUqSz7XFHDB153FAvJpBMW+JtuzOI9b6w4a4ZadJcAf2f/Lj5Ud9WLEumZ9ig + 75b5Phh6HwqnXiaz+gEvQyfcsHzQjWasIiN/JN27UZ9k6IJQ3LYwqYIY2k8Q3wZ7 + IgSFqNlqLyDlI8FPGIlOKU8iqOlNKKziyhFYgNY= + =Ayke + -----END PGP MESSAGE----- + fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B + unencrypted_suffix: _unencrypted + version: 3.8.1 From b782ec6f1d4d3063bb967bbc4de725c9588a0e3d Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 24 Nov 2024 16:09:58 +0100 Subject: [PATCH 216/305] feat(flake,stevee-x13s): bump to 24.11 --- flake.lock | 353 ++++++++++-------- flake.nix | 98 ++++- .../configuration/graphical-fullblown.nix | 24 +- nix/home-manager/programs/neovim.nix | 4 +- nix/home-manager/programs/vscode/default.nix | 78 ++-- nix/os/devices/srv0-dmz0/configuration.nix | 85 ----- nix/os/devices/steveej-x13s/configuration.nix | 3 +- nix/os/devices/steveej-x13s/flake.lock | 42 +-- nix/os/devices/steveej-x13s/flake.nix | 31 +- nix/pkgs/logseq/default.nix | 106 ------ 10 files changed, 349 insertions(+), 475 deletions(-) delete mode 100644 nix/pkgs/logseq/default.nix diff --git a/flake.lock b/flake.lock index 10413b3..9444d77 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ "ath11k-firmware": { "flake": false, "locked": { - "lastModified": 1729352325, - "narHash": "sha256-U2rdpaKV09mLDIt7MNdbolE8HBzXawXoo7uo3HY5gBk=", + "lastModified": 1731586248, + "narHash": "sha256-tbBbkJcvPMWGhnoUXgWVOs/+G6OqDDF2QzS0MiuYqHg=", "ref": "refs/heads/main", - "rev": "4c8ae2fb2b78d5b0bebed63fe8b0f348f9fbc33e", - "revCount": 160, + "rev": "a162f69e038fca67a875c78baec684aed39a99f1", + "revCount": 161, "type": "git", "url": "https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git" }, @@ -44,11 +44,11 @@ "stable": "stable" }, "locked": { - "lastModified": 1731093438, - "narHash": "sha256-n1UeNT2PrbOlLNa+EhFMrniUN4BtGqCw9R9/qWpzNEA=", + "lastModified": 1731527002, + "narHash": "sha256-dI9I6suECoIAmbS4xcrqF8r2pbmed8WWm5LIF1yWPw8=", "owner": "zhaofengli", "repo": "colmena", - "rev": "c4d72269affff3abbe7175d363e6c0edf1b0e167", + "rev": "e3ad42138015fcdf2524518dd564a13145c72ea1", "type": "github" }, "original": { @@ -59,11 +59,11 @@ }, "crane": { "locked": { - "lastModified": 1730652660, - "narHash": "sha256-+XVYfmVXAiYA0FZT7ijHf555dxCe+AoAT5A6RU+6vSo=", + "lastModified": 1731974733, + "narHash": "sha256-enYSSZVVl15FI5p+0Y5/Ckf5DZAvXe6fBrHxyhA/njc=", "owner": "ipetkov", "repo": "crane", - "rev": "a4ca93905455c07cb7e3aca95d4faf7601cba458", + "rev": "3cb338ce81076ce5e461cf77f7824476addb0e1c", "type": "github" }, "original": { @@ -140,11 +140,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1730788380, - "narHash": "sha256-jzniRMqEjqYC7yyx0nIiiEnQ4xlZQMnA7R6mvyYZER8=", + "lastModified": 1732343620, + "narHash": "sha256-IuOzr1HjFK8RxeDITfe1LQKgbUjgqlgeGc8jf9tKAuY=", "owner": "nix-community", "repo": "fenix", - "rev": "280efe0e9b7b824518091a5aff76065785f81649", + "rev": "cb6515f398908e1c74dea085e72b3e3a0a81c6e2", "type": "github" }, "original": { @@ -214,22 +214,6 @@ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" } }, - "flake-compat_5": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" @@ -327,6 +311,24 @@ "type": "github" } }, + "flake-utils_10": { + "inputs": { + "systems": "systems_5" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "flake-utils_2": { "inputs": { "systems": "systems" @@ -425,11 +427,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -443,11 +445,11 @@ "systems": "systems_4" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -473,7 +475,10 @@ }, "git-hooks": { "inputs": { - "flake-compat": "flake-compat_5", + "flake-compat": [ + "nixvim", + "flake-compat" + ], "gitignore": "gitignore", "nixpkgs": [ "nixvim", @@ -485,11 +490,11 @@ ] }, "locked": { - "lastModified": 1730814269, - "narHash": "sha256-fWPHyhYE6xvMI1eGY3pwBTq85wcy1YXqdzTZF+06nOg=", + "lastModified": 1732021966, + "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "d70155fdc00df4628446352fc58adc640cd705c2", + "rev": "3308484d1a443fc5bc92012435d79e80458fe43c", "type": "github" }, "original": { @@ -528,28 +533,55 @@ ] }, "locked": { - "lastModified": 1726989464, - "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", + "lastModified": 1732025103, + "narHash": "sha256-qjEI64RKvDxRyEarY0jTzrZMa8ebezh2DEZmJJrpVdo=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", + "rev": "a46e702093a5c46e192243edbd977d5749e7f294", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.05", "repo": "home-manager", "type": "github" } }, + "ixx": { + "inputs": { + "flake-utils": [ + "nixvim", + "nuschtosSearch", + "flake-utils" + ], + "nixpkgs": [ + "nixvim", + "nuschtosSearch", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729958008, + "narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=", + "owner": "NuschtOS", + "repo": "ixx", + "rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "ref": "v0.0.6", + "repo": "ixx", + "type": "github" + } + }, "jay": { "flake": false, "locked": { - "lastModified": 1730371037, - "narHash": "sha256-oMVScShS67LZz3BeZTABDQWHv8hZqBXuj+ng14OIr9E=", + "lastModified": 1732192756, + "narHash": "sha256-gI7HULlHkPTnO2kXihafN0fsHwN2ekxC9jFcmbxDh04=", "owner": "mahkoh", "repo": "jay", - "rev": "f36993eb6eea000f386fbf5bfa3d08dac1bd43c1", + "rev": "723608ce771d8f8393c660f0d9cfb66663b47048", "type": "github" }, "original": { @@ -564,11 +596,11 @@ "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1730635946, - "narHash": "sha256-CdeoMnMXpCq4wBWEWHfUUs68zoyAJLfp1JmfXWtmAgc=", + "lastModified": 1731845570, + "narHash": "sha256-5reOtlm18XLnh3ezruPOg2wQO+MB7ztsFaIzSUAzeh8=", "owner": "nix-community", "repo": "lib-aggregate", - "rev": "d0ecc1890f77e9e170f2de279d6902d84a0cbc51", + "rev": "7a1d37b2b16f32536628df9cea6a2003d79a49f9", "type": "github" }, "original": { @@ -577,18 +609,6 @@ "type": "github" } }, - "logseq_0_10_9_aarch64_appimage": { - "flake": false, - "locked": { - "narHash": "sha256-b/zzQ3hNfaSUAJmhKuZaYTY0LX7Jwch182vbNrWBh6w=", - "type": "file", - "url": "https://www.stefanjunker.de/downloads/Logseq-0.10.9.AppImage" - }, - "original": { - "type": "file", - "url": "https://www.stefanjunker.de/downloads/Logseq-0.10.9.AppImage" - } - }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -597,11 +617,11 @@ ] }, "locked": { - "lastModified": 1731153869, - "narHash": "sha256-3Ftf9oqOypcEyyrWJ0baVkRpvQqroK/SVBFLvU3nPuc=", + "lastModified": 1732016537, + "narHash": "sha256-XwXUK+meYnlhdQz2TVE4Wv+tsx1CkdGbDPt1tRzCNH4=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "5c74ab862c8070cbf6400128a1b56abb213656da", + "rev": "61cee20168a3ebb71a9efd70a55adebaadfbe4d4", "type": "github" }, "original": { @@ -618,11 +638,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1730389079, - "narHash": "sha256-g/CJ/KKe5MGsVx1oCBl0F9aCdcNSDeOw8H7e5QDGa2c=", + "lastModified": 1731682758, + "narHash": "sha256-o54e8oNPPNmU7zHm3uTvsbbQLi7EKX3S6EEndXFG594=", "owner": "nix-community", "repo": "nix-eval-jobs", - "rev": "7f9159a16584ee86eed077c8a73e845690b7d513", + "rev": "d926bcd5206c0b7afe47bed92557c8cd5e882b36", "type": "github" }, "original": { @@ -681,11 +701,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1731030477, - "narHash": "sha256-RhkVjPXsfkqK0Dn3zmaRIBkb0L7kexTdpOJ7ldByHtM=", + "lastModified": 1732326629, + "narHash": "sha256-JOnNXfPTm/Ge3JyKd5TXytIEr1Tn11tnmrEiRBiDZLQ=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "35de68b66b5ac51a18c707fa7069151fc6dca168", + "rev": "b2dbcc5bbfc981ef7a9e02b502c3b64ae0ee60d5", "type": "github" }, "original": { @@ -846,11 +866,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1729496181, - "narHash": "sha256-LrCxIU6laEf4JD1QtOBNr+PASY6CbNPpUrjLIUizt+Y=", + "lastModified": 1731763758, + "narHash": "sha256-zcoxeMRGPpOd46dLeo2bgGLkjW5w50VC5DwZlvZD+A4=", "owner": "numtide", "repo": "nixos-anywhere", - "rev": "51d347d35caec995d36d1450cb5bb183318c7fb7", + "rev": "80a2e7d6d9816a80fd412befd5f173836e675185", "type": "github" }, "original": { @@ -933,50 +953,18 @@ "type": "github" } }, - "nixpkgs-2305": { + "nixpkgs-2411": { "locked": { - "lastModified": 1704290814, - "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=", + "lastModified": 1731755305, + "narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", + "rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-23.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-2311": { - "locked": { - "lastModified": 1720535198, - "narHash": "sha256-zwVvxrdIzralnSbcpghA92tWu2DV2lwv89xZc8MTrbg=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "205fd4226592cc83fd4c0885a3e4c9c400efabb5", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-2405": { - "locked": { - "lastModified": 1730741070, - "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-24.05", + "ref": "nixos-24.11", "repo": "nixpkgs", "type": "github" } @@ -1011,11 +999,11 @@ }, "nixpkgs-lib_2": { "locked": { - "lastModified": 1730595754, - "narHash": "sha256-F6DyPKY2WAUf8fpaT9vQwwRUs74InQM36ng//h9wNhY=", + "lastModified": 1731805462, + "narHash": "sha256-yhEMW4MBi+IAyEJyiKbnFvY1uARyMKJpLUhkczI49wk=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "2376a861a1a15f05339245fbaa4422f2d1bdf485", + "rev": "b9f04e3cf71c23bea21d2768051e6b3068d44734", "type": "github" }, "original": { @@ -1024,29 +1012,29 @@ "type": "github" } }, - "nixpkgs-stable": { + "nixpkgs-logseq": { "locked": { - "lastModified": 1730602179, - "narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=", - "owner": "NixOS", + "lastModified": 1732454357, + "narHash": "sha256-HIGUjCmPRHdjHHnq8Jb7Nr+atCZ5fIX15fNruoFwY0U=", + "owner": "steveej-forks", "repo": "nixpkgs", - "rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c", + "rev": "5eac36380d52534313b1c139c07a04bd0fcb3fdf", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "release-24.05", + "owner": "steveej-forks", + "ref": "logseq-linux-arm64", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1731319897, - "narHash": "sha256-PbABj4tnbWFMfBp6OcUK5iGy1QY+/Z96ZcLpooIbuEI=", + "lastModified": 1732014248, + "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "dc460ec76cbff0e66e269457d7b728432263166c", + "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", "type": "github" }, "original": { @@ -1058,11 +1046,11 @@ }, "nixpkgs-vscodium": { "locked": { - "lastModified": 1730785428, - "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=", + "lastModified": 1732014248, + "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7", + "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", "type": "github" }, "original": { @@ -1080,11 +1068,11 @@ "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1730824362, - "narHash": "sha256-gRQr2K0vo2xuaPC8v11ZkViVlvj3SSn5DwzLYLhlEJ4=", + "lastModified": 1732358371, + "narHash": "sha256-u5O4gq5SgWNuYR/8X9GECB3QO3JFAwwl+o2sVEMIveA=", "owner": "nix-community", "repo": "nixpkgs-wayland", - "rev": "c20dd1acb20fb0bb10671f43435ee7df7c6b8657", + "rev": "74c2d35df49f9c8090654a7be11710e627dc9811", "type": "github" }, "original": { @@ -1095,11 +1083,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1722421184, - "narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=", + "lastModified": 1732014248, + "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58", + "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", "type": "github" }, "original": { @@ -1127,11 +1115,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1723221148, - "narHash": "sha256-7pjpeQlZUNQ4eeVntytU3jkw9dFK3k1Htgk2iuXjaD8=", + "lastModified": 1730958623, + "narHash": "sha256-JwQZIGSYnRNOgDDoIgqKITrPVil+RMWHsZH1eE1VGN0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "154bcb95ad51bc257c2ce4043a725de6ca700ef6", + "rev": "85f7e662eda4fa3a995556527c87b2524b691933", "type": "github" }, "original": { @@ -1143,11 +1131,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1730531603, - "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "lastModified": 1732014248, + "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", + "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", "type": "github" }, "original": { @@ -1168,23 +1156,46 @@ "nixpkgs": [ "nixpkgs" ], + "nuschtosSearch": "nuschtosSearch", "treefmt-nix": "treefmt-nix_3" }, "locked": { - "lastModified": 1730550779, - "narHash": "sha256-2stntmqw/GBOVEoPV4oCLHZljpeSBfZn8wkcJpei+ng=", + "lastModified": 1732315025, + "narHash": "sha256-vPAMWd5/akE3U3B8uXzi05X/9fUd71sZaOnfBrX4AR0=", "owner": "nix-community", "repo": "nixvim", - "rev": "91c06026075f08a3c865fdc46cc6db8e2af35a1e", + "rev": "c1271fa10a54a3b35db6040dd6e779f349af52bf", "type": "github" }, "original": { "owner": "nix-community", - "ref": "nixos-24.05", "repo": "nixvim", "type": "github" } }, + "nuschtosSearch": { + "inputs": { + "flake-utils": "flake-utils_9", + "ixx": "ixx", + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1731936508, + "narHash": "sha256-z0BSSf78LkxIrrFXZYmCoRRAxAmxMUKpK7CyxQRvkZI=", + "owner": "NuschtOS", + "repo": "search", + "rev": "fe07070f811b717a4626d01fab714a87d422a9e1", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "repo": "search", + "type": "github" + } + }, "ofi-pass": { "flake": false, "locked": { @@ -1250,19 +1261,17 @@ "flake-parts": "flake-parts", "get-flake": "get-flake", "jay": "jay", - "logseq_0_10_9_aarch64_appimage": "logseq_0_10_9_aarch64_appimage", "nix-vscode-extensions": "nix-vscode-extensions", "nix4vscode": "nix4vscode", "nixago": "nixago", "nixos-anywhere": "nixos-anywhere", "nixpkgs": [ - "nixpkgs-2405" + "nixpkgs-2411" ], "nixpkgs-2211": "nixpkgs-2211", - "nixpkgs-2305": "nixpkgs-2305", - "nixpkgs-2311": "nixpkgs-2311", - "nixpkgs-2405": "nixpkgs-2405", + "nixpkgs-2411": "nixpkgs-2411", "nixpkgs-kanidm": "nixpkgs-kanidm", + "nixpkgs-logseq": "nixpkgs-logseq", "nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-vscodium": "nixpkgs-vscodium", "nixpkgs-wayland": "nixpkgs-wayland", @@ -1300,11 +1309,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1730749868, - "narHash": "sha256-b8UMpLh61z6T4J1NObustAuFGoJiAKBTaPTrEf3Amts=", + "lastModified": 1732050317, + "narHash": "sha256-G5LUEOC4kvB/Xbkglv0Noi04HnCfryur7dVjzlHkgpI=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "b51f9bc736dc0472481a47d7c05de2901323e543", + "rev": "c0bbbb3e5d7d1d1d60308c8270bfd5b250032bb4", "type": "github" }, "original": { @@ -1336,15 +1345,14 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable" + ] }, "locked": { - "lastModified": 1730746162, - "narHash": "sha256-ZGmI+3AbT8NkDdBQujF+HIxZ+sWXuyT6X8B49etWY2g=", + "lastModified": 1732186149, + "narHash": "sha256-N9JGWe/T8BC0Tss2Cv30plvZUYoiRmykP7ZdY2on2b0=", "owner": "Mic92", "repo": "sops-nix", - "rev": "59d6988329626132eaf107761643f55eb979eef1", + "rev": "53c853fb1a7e4f25f68805ee25c83d5de18dc699", "type": "github" }, "original": { @@ -1360,11 +1368,11 @@ ] }, "locked": { - "lastModified": 1730682372, - "narHash": "sha256-GU8ghhVS7ctcV4Cy1W3X/N6KtmJNVptirIzkA7NMxp8=", + "lastModified": 1732285851, + "narHash": "sha256-I7bH3fiSr01AT7zj+bQA8IrtD08cP5NgQU11gZ6OEFc=", "owner": "numtide", "repo": "srvos", - "rev": "a9f2ae9fb213b6175c71cd6aecfdb366979d2e0c", + "rev": "8f6d75e9636d54319752b166ccbe86a66113e999", "type": "github" }, "original": { @@ -1449,6 +1457,21 @@ "type": "github" } }, + "systems_5": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -1500,11 +1523,11 @@ ] }, "locked": { - "lastModified": 1730321837, - "narHash": "sha256-vK+a09qq19QNu2MlLcvN4qcRctJbqWkX7ahgPZ/+maI=", + "lastModified": 1732111664, + "narHash": "sha256-XWHuPWcP59QnHEewdZJXBX1TA2lAP78Vz4daG6tfIr4=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "746901bb8dba96d154b66492a29f5db0693dbfcc", + "rev": "62003fdad7a5ab7b6af3ea9bd7290e4c220277d0", "type": "github" }, "original": { @@ -1520,11 +1543,11 @@ ] }, "locked": { - "lastModified": 1730321837, - "narHash": "sha256-vK+a09qq19QNu2MlLcvN4qcRctJbqWkX7ahgPZ/+maI=", + "lastModified": 1732292307, + "narHash": "sha256-5WSng844vXt8uytT5djmqBCkopyle6ciFgteuA9bJpw=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "746901bb8dba96d154b66492a29f5db0693dbfcc", + "rev": "705df92694af7093dfbb27109ce16d828a79155f", "type": "github" }, "original": { @@ -1547,7 +1570,7 @@ }, "yofi": { "inputs": { - "flake-utils": "flake-utils_9", + "flake-utils": "flake-utils_10", "nixpkgs": [ "nixpkgs" ] diff --git a/flake.nix b/flake.nix index 562a280..162fea3 100644 --- a/flake.nix +++ b/flake.nix @@ -10,11 +10,9 @@ # flake and infra basics nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; radicalePkgs.follows = "nixpkgs-2211"; - nixpkgs-2305.url = "github:nixos/nixpkgs/nixos-23.05"; - nixpkgs-2311.url = "github:nixos/nixpkgs/nixos-23.11"; - nixpkgs-2405.url = "github:nixos/nixpkgs/nixos-24.05"; + nixpkgs-2411.url = "github:nixos/nixpkgs/nixos-24.11"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; - nixpkgs.follows = "nixpkgs-2405"; + nixpkgs.follows = "nixpkgs-2411"; flake-parts.url = "github:hercules-ci/flake-parts"; get-flake.url = "github:ursi/get-flake"; @@ -45,8 +43,10 @@ }; crane.url = "github:ipetkov/crane"; - sops-nix.url = "github:Mic92/sops-nix"; - sops-nix.inputs.nixpkgs.follows = "nixpkgs"; + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # applications aphorme_launcher = { @@ -81,10 +81,7 @@ flake = false; }; - logseq_0_10_9_aarch64_appimage = { - flake = false; - url = "https://www.stefanjunker.de/downloads/Logseq-0.10.9.AppImage"; - }; + nixpkgs-logseq.url = "github:steveej-forks/nixpkgs/logseq-linux-arm64"; espanso = { flake = false; @@ -117,17 +114,23 @@ }; nixpkgs-kanidm.url = "github:steveej-forks/nixpkgs/kanidm"; - nix4vscode.url = "github:nix-community/nix4vscode"; + nix4vscode = { + url = "github:nix-community/nix4vscode"; + # inputs.nixpkgs.follows = "nixpkgs"; + }; nixvim = { - url = "github:nix-community/nixvim/nixos-24.05"; + # TODO: pin to nixos-24.11 once available + url = "github:nix-community/nixvim"; inputs.nixpkgs.follows = "nixpkgs"; }; treefmt-nix = { url = "github:numtide/treefmt-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; - nixago.url = "github:jmgilman/nixago"; - nixago.inputs.nixpkgs.follows = "nixpkgs"; + nixago = { + url = "github:jmgilman/nixago"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = @@ -200,7 +203,8 @@ # nixos-rebuild switch --flake .\#router0-dmz0_cross --build-host localhost --target-host root@192.168.10.1 router0-dmz0_cross = router0-dmz0.cross; - steveej-x13s_cross = (inputs.get-flake (self + "./nix/os/devices/steveej-x13s")).nixosConfigurations.cross; + steveej-x13s_cross = + (inputs.get-flake (self + "./nix/os/devices/steveej-x13s")).nixosConfigurations.cross; steveej-x13s-rmvbl_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s-rmvbl).nixosConfigurations.cross; }; @@ -227,6 +231,65 @@ craneLibFn = (inputs.crane.mkLib inputs.nixpkgs.legacyPackages.${system}).overrideToolchain; craneLib = craneLibFn inputs'.fenix.packages.stable.toolchain; + + _prsPackage = + { + lib, + rustPlatform, + installShellFiles, + pkg-config, + python3, + glib, + gpgme, + gtk3, + stdenv, + cargoHash ? "sha256-T57RqIzurpYLHyeFhvqxmC+DoB6zUf+iTu1YkMmwtp8=", + src, + version, + }: + + rustPlatform.buildRustPackage rec { + pname = "prs"; + + inherit src version cargoHash; + + nativeBuildInputs = [ + gpgme + installShellFiles + pkg-config + python3 + ]; + + cargoBuildFlags = [ + "--no-default-features" + "--features=alias,backend-gpgme,clipboard,notify,select-fzf-bin,select-skim-bin,tomb,totp" + ]; + + buildInputs = [ + glib + gpgme + gtk3 + ]; + + postInstall = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) '' + for shell in bash fish zsh; do + installShellCompletion --cmd prs --$shell <($out/bin/prs internal completions $shell --stdout) + done + ''; + + meta = with lib; { + description = "Secure, fast & convenient password manager CLI using GPG and git to sync"; + homepage = "https://gitlab.com/timvisee/prs"; + changelog = "https://gitlab.com/timvisee/prs/-/blob/v${version}/CHANGELOG.md"; + license = with licenses; [ + lgpl3Only # lib + gpl3Only # everything else + ]; + maintainers = with maintainers; [ dotlambda ]; + mainProgram = "prs"; + }; + }; + in { dcpj4110dwDriver = dcpj4110dw.driver; @@ -234,10 +297,11 @@ inherit (inputs'.colmena.packages) colmena; - prs = pkgs.prs.overrideAttrs(_: { + prs = pkgs.callPackage _prsPackage { src = inputs.prs; version = inputs.prs.shortRev; - }); + cargoHash = "sha256-oXuAKOHIfwUvcS0qXDTe68DN+MUNS4TAKV986vxdeh8="; + }; nomad = inputs'.nixpkgs-unstable.legacyPackages.nomad_1_6; diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 0f1eda9..bd0c584 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -11,6 +11,10 @@ let pkgsUnstable = pkgs.pkgsUnstable or (import nodeFlake.inputs.nixpkgs-unstable { inherit (pkgs) system config overlays; }); + + pkgsLogseq = + pkgs.pkgsLogseq + or (import repoFlake.inputs.nixpkgs-logseq { inherit (pkgs) system config overlays; }); in { imports = [ @@ -143,7 +147,7 @@ in # freerdp # Audio/Video Players - ffmpeg + # ffmpeg vlc # v4l-utils # audacity @@ -246,24 +250,8 @@ in # libretro.snes9x2010 # retroarchFull - (pkgs.logseq.overrideAttrs ( - attrs: - lib.attrsets.recursiveUpdate attrs ( - lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 { - src = repoFlake.inputs.logseq_0_10_9_aarch64_appimage; - meta.platforms = [ "aarch64-linux" ]; - } - ) - )) - - # ( - # pkgsUnstable.callPackage (repoFlake + "/nix/pkgs/logseq") - # (lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 { - # overrideSrc = repoFlake.inputs.logseq_0_10_9_aarch64_appimage; - # }) - # ) + pkgsLogseq.logseq ]) - ++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [ ]) ++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [ pkgsUnstable.ledger-live-desktop diff --git a/nix/home-manager/programs/neovim.nix b/nix/home-manager/programs/neovim.nix index fcc299f..d5f60dc 100644 --- a/nix/home-manager/programs/neovim.nix +++ b/nix/home-manager/programs/neovim.nix @@ -21,8 +21,8 @@ airline = { enable = true; settings = { - powerline_fonts = true; - skip_empty_sections = true; + powerline_fonts = 1; + skip_empty_sections = 1; theme = "papercolor"; }; }; diff --git a/nix/home-manager/programs/vscode/default.nix b/nix/home-manager/programs/vscode/default.nix index fb5e527..0ffd528 100644 --- a/nix/home-manager/programs/vscode/default.nix +++ b/nix/home-manager/programs/vscode/default.nix @@ -13,49 +13,47 @@ in enable = true; package = pkgsVscodium.vscodium; extensions = - ( - with pkgsVscodium.vscode-extensions; + with pkgsVscodium.vscode-extensions; + [ + eamodio.gitlens + mkhl.direnv + tomoki1207.pdf + vscodevim.vim + + # bbenoist.nix + jnoortheen.nix-ide + + ms-vscode.theme-tomorrowkit + nonylene.dark-molokai-theme + + ms-python.vscode-pylance + + # TODO: these are not in nixpkgs + + # fredwangwang.vscode-hcl-format + # hashicorp.hcl + # mindaro-dev.file-downloader + # ms-vscode.remote-explorer + + # TODO: not compatible with vscodium + # ms-vscode-remote.remote-ssh + ] + ++ ( + let + extensions = repoFlake.inputs.nix-vscode-extensions.extensions.${pkgs.system}; + in + with extensions.vscode-marketplace; + with extensions.vscode-marketplace-release; [ - eamodio.gitlens - mkhl.direnv - tomoki1207.pdf - vscodevim.vim + tamasfe.even-better-toml - # bbenoist.nix - jnoortheen.nix-ide + serayuzgur.crates + rust-lang.rust-analyzer + swellaby.vscode-rust-test-adapter - ms-vscode.theme-tomorrowkit - nonylene.dark-molokai-theme - - ms-python.vscode-pylance - - # TODO: these are not in nixpkgs - - # fredwangwang.vscode-hcl-format - # hashicorp.hcl - # mindaro-dev.file-downloader - # ms-vscode.remote-explorer - - # TODO: not compatible with vscodium - # ms-vscode-remote.remote-ssh + golang.go + jeff-hykin.better-go-syntax ] - ++ ( - let - extensions = repoFlake.inputs.nix-vscode-extensions.extensions.${pkgs.system}; - in - with extensions.vscode-marketplace; - with extensions.vscode-marketplace-release; - [ - tamasfe.even-better-toml - - serayuzgur.crates - rust-lang.rust-analyzer - swellaby.vscode-rust-test-adapter - - golang.go - jeff-hykin.better-go-syntax - ] - ) ) ++ ( let @@ -79,7 +77,7 @@ in buildInputs = [ pkgs.nix pkgs.cacert - repoFlake.inputs.nix4vscode.packages.${pkgs.stdenv.system}.default + (pkgs.callPackage "${repoFlake.inputs.nix4vscode.outPath}/nix/package.nix" { }) # pkgs.strace ]; # outputHashAlgo = "sha256"; diff --git a/nix/os/devices/srv0-dmz0/configuration.nix b/nix/os/devices/srv0-dmz0/configuration.nix index 83c38ab..5514edf 100644 --- a/nix/os/devices/srv0-dmz0/configuration.nix +++ b/nix/os/devices/srv0-dmz0/configuration.nix @@ -125,91 +125,6 @@ in containers = { }; - # sops.secrets.holochain-nomad-agent-ca = { - # sopsFile = ../../../../secrets/holochain-infra/nomad.yaml; - # owner = config.users.extraUsers.nomad.name; - # group = config.users.groups.nomad.name; - # }; - # sops.secrets.holochain-global-nomad-client-cert = { - # sopsFile = ../../../../secrets/holochain-infra/nomad.yaml; - # owner = config.users.extraUsers.nomad.name; - # group = config.users.groups.nomad.name; - # }; - # sops.secrets.holochain-global-client-nomad-key = { - # sopsFile = ../../../../secrets/holochain-infra/nomad.yaml; - # owner = config.users.extraUsers.nomad.name; - # group = config.users.groups.nomad.name; - # }; - - # services.nomad = { - # enable = true; - # package = packages'.nomad; - # enableDocker = false; - # dropPrivileges = false; - - # extraPackages = [ - # pkgs.coreutils - # pkgs.nix - # pkgs.bash - # pkgs.gitFull - # pkgs.cacert - # ]; - - # settings = { - # server.enabled = false; - - # client = { - # enabled = true; - # server_join = { - # retry_join = [ - # "infra.holochain.org" - # ]; - # retry_interval = "60s"; - # }; - - # node_class = "testing"; - - # meta = { - # inherit (pkgs.targetPlatform) system; - - # features = builtins.concatStringsSep "," [ - # "poc-1" - # "poc-2" - # "ipv4-nat" - # "nix" - # "nixos" - # "holoport" - # ]; - - # machine_type = "baremetal"; - # }; - # }; - - # tls = { - # http = true; - # rpc = true; - # ca_file = config.sops.secrets.holochain-nomad-agent-ca.path; - # cert_file = config.sops.secrets.holochain-global-nomad-client-cert.path; - # key_file = config.sops.secrets.holochain-global-client-nomad-key.path; - - # verify_server_hostname = true; - # verify_https_client = true; - # }; - - # plugin.raw_exec.config.enabled = true; - # }; - # }; - - # users.extraUsers.nomad.isNormalUser = true; - # users.extraUsers.nomad.isSystemUser = false; - # users.extraUsers.nomad.group = "nomad"; - # users.extraUsers.nomad.home = config.services.nomad.settings.data_dir; - # users.extraUsers.nomad.createHome = true; - # users.groups.nomad.members = ["nomad"]; - - # systemd.services.nomad.serviceConfig.User = "nomad"; - # systemd.services.nomad.serviceConfig.Group = "nomad"; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 3d49400..d28a328 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -83,7 +83,8 @@ ../../snippets/nix-settings.nix ../../snippets/nix-settings-holo-chain.nix ../../snippets/mycelium.nix - ../../snippets/obs-studio.nix + + # ../../snippets/obs-studio.nix { services.openssh.enable = true; diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 6846e10..a6d5009 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1731060864, - "narHash": "sha256-aYE7oAYZ+gPU1mPNhM0JwLAQNgjf0/JK1BF1ln2KBgk=", + "lastModified": 1732284644, + "narHash": "sha256-REGLarOB5McRMmFtOgNihEXXQILY6+2UBAY8lw8CJCI=", "owner": "nix-community", "repo": "disko", - "rev": "5e40e02978e3bd63c2a6a9fa6fa8ba0e310e747f", + "rev": "abc8baff333ac9dca930fc4921a26a8fc248e442", "type": "github" }, "original": { @@ -148,16 +148,16 @@ ] }, "locked": { - "lastModified": 1726989464, - "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", + "lastModified": 1732319136, + "narHash": "sha256-wpmPl6FkAF9Jj5C/rzANgpUjfzQrUYOn267LnzKU2uI=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", + "rev": "f8831cc700030e11fc91da9ef6270593e6440edc", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.05", + "ref": "release-24.11", "repo": "home-manager", "type": "github" } @@ -190,11 +190,11 @@ ] }, "locked": { - "lastModified": 1730381857, - "narHash": "sha256-PbEoM+AnZTuo9xtwcDcTH9FZAzPzfBhX41+zVVTdgRo=", + "lastModified": 1732269459, + "narHash": "sha256-KIn7TfNknBiCoM/RedPqW3Im9X0Iiwig3hHAAhkTDLg=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "8a2b564c8e279d4afd0a10058b4481799a7513e1", + "rev": "430ec6b272a4654d0ccbf053bfad8a594eff4016", "type": "github" }, "original": { @@ -247,11 +247,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1731793780, - "narHash": "sha256-gOpR24dG7PUktUmlF2nDg0nqvlli7ZC179ngYMpGlfw=", + "lastModified": 1731796298, + "narHash": "sha256-ZjIcp1WskJw+fH5AjrYbb+GoKGsVmPcXsmLFiS6L0NI=", "ref": "bump", - "rev": "b957608c2a0b7808f17588be2f38d8ddb6321b2f", - "revCount": 118, + "rev": "b78fc5d593e6f7b85f8b1d3585098ac333b5dc76", + "revCount": 119, "type": "git", "url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git" }, @@ -291,27 +291,27 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1730883749, - "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=", + "lastModified": 1731755305, + "narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede", + "rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-24.05", + "ref": "nixos-24.11", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1730785428, - "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=", + "lastModified": 1732014248, + "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7", + "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", "type": "github" }, "original": { diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index e9c58e1..8a381b5 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -1,7 +1,7 @@ { inputs = { nixpkgs.follows = "nixpkgs-stable"; - nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05"; + nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; get-flake.url = "github:ursi/get-flake"; @@ -10,7 +10,7 @@ home-manager = { # url = "github:nix-community/home-manager/master"; - url = "github:nix-community/home-manager/release-24.05"; + url = "github:nix-community/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -127,24 +127,15 @@ }); }; - overlays.default = - _final: previous: - let - inherit (previous.stdenv) system; - pkgsUnstable = import self.inputs.nixpkgs-unstable.outPath { - inherit system; - overlays = [ self.overlays.libcamera ]; - }; - in - { - inherit pkgsUnstable; - inherit (pkgsUnstable) - libcamera - webkitgtk - webkitgtk_4_1 - webkitgtk_6_0 - ; - }; + overlays.default = _final: _previous: { + # inherit pkgsUnstable; + # inherit (pkgsUnstable) + # libcamera + # webkitgtk + # webkitgtk_4_1 + # webkitgtk_6_0 + # ; + }; nixosConfigurations = { native = mkNixosConfiguration { system = nativeSystem; }; diff --git a/nix/pkgs/logseq/default.nix b/nix/pkgs/logseq/default.nix deleted file mode 100644 index b3c2c0c..0000000 --- a/nix/pkgs/logseq/default.nix +++ /dev/null @@ -1,106 +0,0 @@ -{ - lib, - stdenv, - fetchurl, - appimageTools, - unzip, - makeWrapper, - # Notice: graphs will not sync without matching upstream's major electron version - # the specific electron version is set at top-level file to preserve override interface. - # whenever updating this package also sync electron version at top-level file. - electron_27, - autoPatchelfHook, - git, - nix-update-script, - overrideSrc ? null, -}: -stdenv.mkDerivation ( - finalAttrs: - let - inherit (finalAttrs) pname version src; - in - { - pname = "logseq"; - version = "0.10.9"; - - src = - if overrideSrc != null then - overrideSrc - else - (fetchurl { - url = "https://github.com/logseq/logseq/releases/download/${version}/logseq-linux-x64-${version}.AppImage"; - hash = "sha256-F3YbqgvL04P0nXaIVkJlCq/z8hUE0M0UutkBs2omuBe="; - name = "${pname}-${version}.AppImage"; - }); - - nativeBuildInputs = - [ makeWrapper ] - ++ lib.optionals stdenv.hostPlatform.isLinux [ autoPatchelfHook ] - ++ lib.optionals stdenv.hostPlatform.isDarwin [ unzip ]; - buildInputs = [ stdenv.cc.cc.lib ]; - - dontUnpack = stdenv.hostPlatform.isLinux; - dontConfigure = true; - dontBuild = true; - - installPhase = - '' - runHook preInstall - '' - + lib.optionalString stdenv.hostPlatform.isLinux ( - let - appimageContents = appimageTools.extract { inherit pname src version; }; - in - '' - mkdir -p $out/bin $out/share/logseq $out/share/applications - cp -a ${appimageContents}/{locales,resources} $out/share/logseq - cp -a ${appimageContents}/Logseq.desktop $out/share/applications/logseq.desktop - - # remove the `git` in `dugite` because we want the `git` in `nixpkgs` - chmod +w -R $out/share/logseq/resources/app/node_modules/dugite/git - chmod +w $out/share/logseq/resources/app/node_modules/dugite - rm -rf $out/share/logseq/resources/app/node_modules/dugite/git - chmod -w $out/share/logseq/resources/app/node_modules/dugite - - mkdir -p $out/share/pixmaps - ln -s $out/share/logseq/resources/app/icons/logseq.png $out/share/pixmaps/logseq.png - - substituteInPlace $out/share/applications/logseq.desktop \ - --replace Exec=Logseq Exec=logseq \ - --replace Icon=Logseq Icon=logseq - '' - ) - + lib.optionalString stdenv.hostPlatform.isDarwin '' - mkdir -p $out/{Applications/Logseq.app,bin} - cp -R . $out/Applications/Logseq.app - makeWrapper $out/Applications/Logseq.app/Contents/MacOS/Logseq $out/bin/logseq - '' - + '' - runHook postInstall - ''; - - postFixup = lib.optionalString stdenv.hostPlatform.isLinux '' - # set the env "LOCAL_GIT_DIRECTORY" for dugite so that we can use the git in nixpkgs - makeWrapper ${electron_27}/bin/electron $out/bin/logseq \ - --set "LOCAL_GIT_DIRECTORY" ${git} \ - --add-flags $out/share/logseq/resources/app \ - --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" - ''; - - passthru.updateScript = nix-update-script { }; - - meta = { - description = "Local-first, non-linear, outliner notebook for organizing and sharing your personal knowledge base"; - homepage = "https://github.com/logseq/logseq"; - changelog = "https://github.com/logseq/logseq/releases/tag/${version}"; - license = lib.licenses.agpl3Plus; - sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ]; - maintainers = with lib.maintainers; [ cheeseecake ]; - platforms = [ - "x86_64-linux" - "aarch64-linux" - ] ++ lib.platforms.darwin; - mainProgram = "logseq"; - }; - } -) From f0ca02815c5a6a028569a38f491a41ab784b6c19 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 25 Nov 2024 22:47:25 +0100 Subject: [PATCH 217/305] prs: add skim to PATH --- flake.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/flake.nix b/flake.nix index 162fea3..f843959 100644 --- a/flake.nix +++ b/flake.nix @@ -246,6 +246,8 @@ cargoHash ? "sha256-T57RqIzurpYLHyeFhvqxmC+DoB6zUf+iTu1YkMmwtp8=", src, version, + makeWrapper, + skim, }: rustPlatform.buildRustPackage rec { @@ -258,6 +260,7 @@ installShellFiles pkg-config python3 + makeWrapper ]; cargoBuildFlags = [ @@ -277,6 +280,11 @@ done ''; + postFixup = '' + wrapProgram $out/bin/prs \ + --prefix PATH : ${lib.makeBinPath [ skim ]} + ''; + meta = with lib; { description = "Secure, fast & convenient password manager CLI using GPG and git to sync"; homepage = "https://gitlab.com/timvisee/prs"; From f39004077e0851e33fa338a274c40988477b38e2 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 26 Nov 2024 09:53:11 +0100 Subject: [PATCH 218/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index a6d5009..737930d 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1732284644, - "narHash": "sha256-REGLarOB5McRMmFtOgNihEXXQILY6+2UBAY8lw8CJCI=", + "lastModified": 1732540163, + "narHash": "sha256-5EYzmoTpem2IB9JWzd41sL98pz3lyyCSTiCjv08i4Uk=", "owner": "nix-community", "repo": "disko", - "rev": "abc8baff333ac9dca930fc4921a26a8fc248e442", + "rev": "2ed5e30fc7e34adf455db8b02b9151d3922a54ea", "type": "github" }, "original": { @@ -148,11 +148,11 @@ ] }, "locked": { - "lastModified": 1732319136, - "narHash": "sha256-wpmPl6FkAF9Jj5C/rzANgpUjfzQrUYOn267LnzKU2uI=", + "lastModified": 1732466619, + "narHash": "sha256-T1e5oceypZu3Q8vzICjv1X/sGs9XfJRMW5OuXHgpB3c=", "owner": "nix-community", "repo": "home-manager", - "rev": "f8831cc700030e11fc91da9ef6270593e6440edc", + "rev": "f3111f62a23451114433888902a55cf0692b408d", "type": "github" }, "original": { @@ -291,11 +291,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1731755305, - "narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=", + "lastModified": 1732350895, + "narHash": "sha256-GcOQbOgmwlsRhpLGSwZJwLbo3pu9ochMETuRSS1xpz4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4", + "rev": "0c582677378f2d9ffcb01490af2f2c678dcb29d3", "type": "github" }, "original": { From 3ed8334e588fc7a352fcee08762963b8c0114874 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 28 Nov 2024 10:32:39 +0100 Subject: [PATCH 219/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 28 +++++++++++++------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 737930d..6c01ff7 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1732540163, - "narHash": "sha256-5EYzmoTpem2IB9JWzd41sL98pz3lyyCSTiCjv08i4Uk=", + "lastModified": 1732742778, + "narHash": "sha256-i+Uw8VOHzQe9YdNwKRbzvaPWLE07tYVqUDzSFTXhRgk=", "owner": "nix-community", "repo": "disko", - "rev": "2ed5e30fc7e34adf455db8b02b9151d3922a54ea", + "rev": "341482e2f4d888e3f60cae1c12c3df896e7230d8", "type": "github" }, "original": { @@ -165,16 +165,16 @@ "linux-jhovold": { "flake": false, "locked": { - "lastModified": 1731424601, - "narHash": "sha256-+ErrKhGSyiBJGwO1XrfxzsLoGWoJmVD2ldi5Ag5uJqE=", + "lastModified": 1731933860, + "narHash": "sha256-F9PtGVeT3i6EYt3uNp5PaFKPXiWOe6T8Y5U5WzXHauE=", "owner": "jhovold", "repo": "linux", - "rev": "15326bf5cbf6526eefb10cb5bc112a6a95990ec2", + "rev": "24dcd44a39079e920512fc280fa08907be2a6c31", "type": "github" }, "original": { "owner": "jhovold", - "ref": "wip/sc8280xp-6.12-rc7", + "ref": "wip/sc8280xp-6.12", "repo": "linux", "type": "github" } @@ -247,11 +247,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1731796298, - "narHash": "sha256-ZjIcp1WskJw+fH5AjrYbb+GoKGsVmPcXsmLFiS6L0NI=", + "lastModified": 1732612250, + "narHash": "sha256-DHEaAHXiQaMbJrfQjTagh4N3ihupXMRgrh6DIoMUpyo=", "ref": "bump", - "rev": "b78fc5d593e6f7b85f8b1d3585098ac333b5dc76", - "revCount": 119, + "rev": "01295d13cef642d26000c85ddf96681345d4377b", + "revCount": 120, "type": "git", "url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git" }, @@ -307,11 +307,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1732014248, - "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", + "lastModified": 1732521221, + "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", + "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", "type": "github" }, "original": { From 1ab3ba4879e84cc0a4fbb71acbfc316c88c40a28 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 3 Dec 2024 12:10:08 +0100 Subject: [PATCH 220/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 6c01ff7..7a2fec2 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1732742778, - "narHash": "sha256-i+Uw8VOHzQe9YdNwKRbzvaPWLE07tYVqUDzSFTXhRgk=", + "lastModified": 1733168902, + "narHash": "sha256-8dupm9GfK+BowGdQd7EHK5V61nneLfr9xR6sc5vtDi0=", "owner": "nix-community", "repo": "disko", - "rev": "341482e2f4d888e3f60cae1c12c3df896e7230d8", + "rev": "785c1e02c7e465375df971949b8dcbde9ec362e5", "type": "github" }, "original": { @@ -148,11 +148,11 @@ ] }, "locked": { - "lastModified": 1732466619, - "narHash": "sha256-T1e5oceypZu3Q8vzICjv1X/sGs9XfJRMW5OuXHgpB3c=", + "lastModified": 1733050161, + "narHash": "sha256-lYnT+EYE47f5yY3KS/Kd4pJ6CO9fhCqumkYYkQ3TK20=", "owner": "nix-community", "repo": "home-manager", - "rev": "f3111f62a23451114433888902a55cf0692b408d", + "rev": "62d536255879be574ebfe9b87c4ac194febf47c5", "type": "github" }, "original": { @@ -291,11 +291,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1732350895, - "narHash": "sha256-GcOQbOgmwlsRhpLGSwZJwLbo3pu9ochMETuRSS1xpz4=", + "lastModified": 1733120037, + "narHash": "sha256-En+gSoVJ3iQKPDU1FHrR6zIxSLXKjzKY+pnh9tt+Yts=", "owner": "nixos", "repo": "nixpkgs", - "rev": "0c582677378f2d9ffcb01490af2f2c678dcb29d3", + "rev": "f9f0d5c5380be0a599b1fb54641fa99af8281539", "type": "github" }, "original": { @@ -307,11 +307,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1732521221, - "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", + "lastModified": 1733015953, + "narHash": "sha256-t4BBVpwG9B4hLgc6GUBuj3cjU7lP/PJfpTHuSqE+crk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", + "rev": "ac35b104800bff9028425fec3b6e8a41de2bbfff", "type": "github" }, "original": { From bbbc5557660576d6b77adb35561ea9b3c7171706 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 5 Dec 2024 12:21:56 +0100 Subject: [PATCH 221/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 88 ++++++++++++++++---------- nix/os/devices/steveej-x13s/flake.nix | 10 ++- 2 files changed, 57 insertions(+), 41 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 7a2fec2..872c7cf 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -96,11 +96,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1725234343, - "narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=", + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "567b938d64d4b4112ee253b9274472dc3a346eb6", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { @@ -148,16 +148,16 @@ ] }, "locked": { - "lastModified": 1733050161, - "narHash": "sha256-lYnT+EYE47f5yY3KS/Kd4pJ6CO9fhCqumkYYkQ3TK20=", + "lastModified": 1733389730, + "narHash": "sha256-KZMu4ddMll5khS0rYkJsVD0hVqjMNHlhTM3PCQar0Ag=", "owner": "nix-community", "repo": "home-manager", - "rev": "62d536255879be574ebfe9b87c4ac194febf47c5", + "rev": "65912bc6841cf420eb8c0a20e03df7cbbff5963f", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.11", + "ref": "master", "repo": "home-manager", "type": "github" } @@ -165,16 +165,16 @@ "linux-jhovold": { "flake": false, "locked": { - "lastModified": 1731933860, - "narHash": "sha256-F9PtGVeT3i6EYt3uNp5PaFKPXiWOe6T8Y5U5WzXHauE=", + "lastModified": 1733214488, + "narHash": "sha256-nhS3FgdJm1KBjAuTePgcQ4oXzigyDufQfz2TUUahHtM=", "owner": "jhovold", "repo": "linux", - "rev": "24dcd44a39079e920512fc280fa08907be2a6c31", + "rev": "ccd13b9fd1a31c869789e2320e777bfdc150face", "type": "github" }, "original": { "owner": "jhovold", - "ref": "wip/sc8280xp-6.12", + "ref": "wip/sc8280xp-6.13-rc1", "repo": "linux", "type": "github" } @@ -244,14 +244,15 @@ "inputs": { "flake-parts": "flake-parts_2", "linux-jhovold": "linux-jhovold", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "x13s-bt-linux-firmware": "x13s-bt-linux-firmware" }, "locked": { - "lastModified": 1732612250, - "narHash": "sha256-DHEaAHXiQaMbJrfQjTagh4N3ihupXMRgrh6DIoMUpyo=", + "lastModified": 1733393262, + "narHash": "sha256-cbpUix+ggnZtTT7Rtr1+A+iX+fI+KpduaGOOTXhaQWU=", "ref": "bump", - "rev": "01295d13cef642d26000c85ddf96681345d4377b", - "revCount": 120, + "rev": "b116d698f4b531a7577ccb875ca6a8106b9d63ee", + "revCount": 127, "type": "git", "url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git" }, @@ -263,39 +264,39 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725432240, - "narHash": "sha256-+yj+xgsfZaErbfYM3T+QvEE2hU7UuE+Jf0fJCJ8uPS0=", - "owner": "NixOS", + "lastModified": 1733393026, + "narHash": "sha256-hpUyV0NHnIZpFzN6p7udW6Jh+m9tlLvCcNf1/wG5pQY=", + "owner": "steveej-forks", "repo": "nixpkgs", - "rev": "ad416d066ca1222956472ab7d0555a6946746a80", + "rev": "b1714b7f9e5761ad965a4df7602105f1e159b89e", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixos-unstable", + "owner": "steveej-forks", + "ref": "steveej-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-lib": { "locked": { - "lastModified": 1725233747, - "narHash": "sha256-Ss8QWLXdr2JCBPcYChJhz4xJm+h/xjl4G0c0XlP6a74=", + "lastModified": 1733096140, + "narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" } }, "nixpkgs-stable": { "locked": { - "lastModified": 1733120037, - "narHash": "sha256-En+gSoVJ3iQKPDU1FHrR6zIxSLXKjzKY+pnh9tt+Yts=", + "lastModified": 1733261153, + "narHash": "sha256-eq51hyiaIwtWo19fPEeE0Zr2s83DYMKJoukNLgGGpek=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f9f0d5c5380be0a599b1fb54641fa99af8281539", + "rev": "b681065d0919f7eb5309a93cea2cfa84dec9aa88", "type": "github" }, "original": { @@ -307,15 +308,15 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1733015953, - "narHash": "sha256-t4BBVpwG9B4hLgc6GUBuj3cjU7lP/PJfpTHuSqE+crk=", - "owner": "nixos", + "lastModified": 1733393026, + "narHash": "sha256-hpUyV0NHnIZpFzN6p7udW6Jh+m9tlLvCcNf1/wG5pQY=", + "owner": "steveej-forks", "repo": "nixpkgs", - "rev": "ac35b104800bff9028425fec3b6e8a41de2bbfff", + "rev": "b1714b7f9e5761ad965a4df7602105f1e159b89e", "type": "github" }, "original": { - "owner": "nixos", + "owner": "steveej-forks", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" @@ -330,7 +331,7 @@ "nix-snapshotter": "nix-snapshotter", "nixos-x13s": "nixos-x13s", "nixpkgs": [ - "nixpkgs-stable" + "nixpkgs-unstable" ], "nixpkgs-stable": "nixpkgs-stable", "nixpkgs-unstable": "nixpkgs-unstable" @@ -350,6 +351,23 @@ "repo": "default", "type": "github" } + }, + "x13s-bt-linux-firmware": { + "flake": false, + "locked": { + "lastModified": 1733240564, + "narHash": "sha256-348f+wuX7x8xqaBRkraTclupdnRcwL/z2l/1Bs/reXc=", + "ref": "refs/heads/main", + "rev": "06aea4d8bfd5ca3624b56162b24339d7b0449913", + "revCount": 4282, + "type": "git", + "url": "git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git" + }, + "original": { + "rev": "06aea4d8bfd5ca3624b56162b24339d7b0449913", + "type": "git", + "url": "git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git" + } } }, "root": "root", diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 8a381b5..70f78ea 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -1,16 +1,16 @@ { inputs = { - nixpkgs.follows = "nixpkgs-stable"; + nixpkgs.follows = "nixpkgs-unstable"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11"; - nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs-unstable.url = "github:steveej-forks/nixpkgs/nixos-unstable"; get-flake.url = "github:ursi/get-flake"; disko.inputs.nixpkgs.follows = "nixpkgs"; home-manager = { - # url = "github:nix-community/home-manager/master"; - url = "github:nix-community/home-manager/release-24.11"; + url = "github:nix-community/home-manager/master"; + # url = "github:nix-community/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -23,8 +23,6 @@ #"/home/steveej/src/others/nixos-x13s" # ; - - # nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?ref=refs/tags/2024-02-28"; # nixos-x13s.url = "path:/home/steveej/src/others/nixos-x13s"; # nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; From c69fe3b11c86636a37262ca824cd8eb959d71370 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 5 Dec 2024 21:50:11 +0100 Subject: [PATCH 222/305] feat: update x13s to linux-6.13-rc1 and use nixos-unstable --- flake.lock | 191 ++++++++---------- flake.nix | 26 --- .../configuration/graphical-fullblown.nix | 6 +- nix/home-manager/profiles/qtile-desktop.nix | 2 +- nix/home-manager/profiles/sway-desktop.nix | 4 +- nix/os/devices/steveej-x13s/configuration.nix | 10 +- 6 files changed, 102 insertions(+), 137 deletions(-) diff --git a/flake.lock b/flake.lock index 9444d77..e08285d 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ "ath11k-firmware": { "flake": false, "locked": { - "lastModified": 1731586248, - "narHash": "sha256-tbBbkJcvPMWGhnoUXgWVOs/+G6OqDDF2QzS0MiuYqHg=", + "lastModified": 1733258345, + "narHash": "sha256-th2svNLc74sVI/P+y1/Yck1IW+RIUnxL+NF2HLrsSxI=", "ref": "refs/heads/main", - "rev": "a162f69e038fca67a875c78baec684aed39a99f1", - "revCount": 161, + "rev": "ff9dd08208c5705a3867fc132dcedb5d31c901e2", + "revCount": 163, "type": "git", "url": "https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git" }, @@ -59,11 +59,11 @@ }, "crane": { "locked": { - "lastModified": 1731974733, - "narHash": "sha256-enYSSZVVl15FI5p+0Y5/Ckf5DZAvXe6fBrHxyhA/njc=", + "lastModified": 1733286231, + "narHash": "sha256-mlIDSv1/jqWnH8JTiOV7GMUNPCXL25+6jmD+7hdxx5o=", "owner": "ipetkov", "repo": "crane", - "rev": "3cb338ce81076ce5e461cf77f7824476addb0e1c", + "rev": "af1556ecda8bcf305820f68ec2f9d77b41d9cc80", "type": "github" }, "original": { @@ -140,11 +140,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1732343620, - "narHash": "sha256-IuOzr1HjFK8RxeDITfe1LQKgbUjgqlgeGc8jf9tKAuY=", + "lastModified": 1733380458, + "narHash": "sha256-H+IQB6cJ7ji/YD537pcSUWlwGGJ49RoYylBonyNW9hk=", "owner": "nix-community", "repo": "fenix", - "rev": "cb6515f398908e1c74dea085e72b3e3a0a81c6e2", + "rev": "08c9e4e29865b60cb81189f8e4de0dccaf297865", "type": "github" }, "original": { @@ -219,11 +219,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { @@ -533,11 +533,11 @@ ] }, "locked": { - "lastModified": 1732025103, - "narHash": "sha256-qjEI64RKvDxRyEarY0jTzrZMa8ebezh2DEZmJJrpVdo=", + "lastModified": 1733175814, + "narHash": "sha256-zFOtOaqjzZfPMsm1mwu98syv3y+jziAq5DfWygaMtLg=", "owner": "nix-community", "repo": "home-manager", - "rev": "a46e702093a5c46e192243edbd977d5749e7f294", + "rev": "bf23fe41082aa0289c209169302afd3397092f22", "type": "github" }, "original": { @@ -577,11 +577,11 @@ "jay": { "flake": false, "locked": { - "lastModified": 1732192756, - "narHash": "sha256-gI7HULlHkPTnO2kXihafN0fsHwN2ekxC9jFcmbxDh04=", + "lastModified": 1732789238, + "narHash": "sha256-Yc87dku8r8m7YeVT9VBwfXYPdEfQbb8JKWbOMts6VqY=", "owner": "mahkoh", "repo": "jay", - "rev": "723608ce771d8f8393c660f0d9cfb66663b47048", + "rev": "558fe3d3cef435108c7d31f9b3503263a14d38b0", "type": "github" }, "original": { @@ -596,11 +596,11 @@ "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1731845570, - "narHash": "sha256-5reOtlm18XLnh3ezruPOg2wQO+MB7ztsFaIzSUAzeh8=", + "lastModified": 1733055216, + "narHash": "sha256-yB2y7tGJxDI/SDQ0D7b6ocRtLTPm93u8ybdIKQGXRDE=", "owner": "nix-community", "repo": "lib-aggregate", - "rev": "7a1d37b2b16f32536628df9cea6a2003d79a49f9", + "rev": "f67bf0781c69a46bf3a1469f83c98518aa3054c3", "type": "github" }, "original": { @@ -617,11 +617,11 @@ ] }, "locked": { - "lastModified": 1732016537, - "narHash": "sha256-XwXUK+meYnlhdQz2TVE4Wv+tsx1CkdGbDPt1tRzCNH4=", + "lastModified": 1733105089, + "narHash": "sha256-Qs3YmoLYUJ8g4RkFj2rMrzrP91e4ShAioC9s+vG6ENM=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "61cee20168a3ebb71a9efd70a55adebaadfbe4d4", + "rev": "c6b65d946097baf3915dd51373251de98199280d", "type": "github" }, "original": { @@ -638,11 +638,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1731682758, - "narHash": "sha256-o54e8oNPPNmU7zHm3uTvsbbQLi7EKX3S6EEndXFG594=", + "lastModified": 1732631228, + "narHash": "sha256-/7Wyhp00yecUMPNz79gGZpjos8OLHqOfdiWWIQfZA1M=", "owner": "nix-community", "repo": "nix-eval-jobs", - "rev": "d926bcd5206c0b7afe47bed92557c8cd5e882b36", + "rev": "8f56354b794624689851b2d86c2ce0209cc8f0cf", "type": "github" }, "original": { @@ -681,11 +681,11 @@ ] }, "locked": { - "lastModified": 1720066371, - "narHash": "sha256-uPlLYH2S0ACj0IcgaK9Lsf4spmJoGejR9DotXiXSBZQ=", + "lastModified": 1731952509, + "narHash": "sha256-p4gB3Rhw8R6Ak4eMl8pqjCPOLCZRqaehZxdZ/mbFClM=", "owner": "nix-community", "repo": "nix-github-actions", - "rev": "622f829f5fe69310a866c8a6cd07e747c44ef820", + "rev": "7b5f051df789b6b20d259924d349a9ba3319b226", "type": "github" }, "original": { @@ -701,11 +701,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1732326629, - "narHash": "sha256-JOnNXfPTm/Ge3JyKd5TXytIEr1Tn11tnmrEiRBiDZLQ=", + "lastModified": 1733363815, + "narHash": "sha256-J2XTeJ0xQMPPo2QnPLM1ewhqCh/Okgfonr5N6Pdt7b8=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "b2dbcc5bbfc981ef7a9e02b502c3b64ae0ee60d5", + "rev": "ffe6b403ba758f8a057a227de2f7235ef3dc61c0", "type": "github" }, "original": { @@ -721,11 +721,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1730496654, - "narHash": "sha256-gRoV9Xa6l0Kz0Vzr3hL+KSb+lGyWob98ha+OqK+QjwM=", + "lastModified": 1733089477, + "narHash": "sha256-G08QoIxpJlnP9PiUdo2ypmKOrgodwVD6pWEa/8CaDOE=", "owner": "nix-community", "repo": "nix4vscode", - "rev": "719a109d0e2357be98a00145e557e9eef85ec059", + "rev": "60f266d2584461611a9e91ad44bbda5c1b0f91f8", "type": "github" }, "original": { @@ -866,11 +866,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1731763758, - "narHash": "sha256-zcoxeMRGPpOd46dLeo2bgGLkjW5w50VC5DwZlvZD+A4=", + "lastModified": 1733093391, + "narHash": "sha256-tktgkyaBCJDJs0qVyREpETTcpDY7FZbnDurTAM9jIOE=", "owner": "numtide", "repo": "nixos-anywhere", - "rev": "80a2e7d6d9816a80fd412befd5f173836e675185", + "rev": "9ba099b2ead073e0801b863c880be03a981f2dd1", "type": "github" }, "original": { @@ -955,11 +955,11 @@ }, "nixpkgs-2411": { "locked": { - "lastModified": 1731755305, - "narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=", + "lastModified": 1733261153, + "narHash": "sha256-eq51hyiaIwtWo19fPEeE0Zr2s83DYMKJoukNLgGGpek=", "owner": "nixos", "repo": "nixpkgs", - "rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4", + "rev": "b681065d0919f7eb5309a93cea2cfa84dec9aa88", "type": "github" }, "original": { @@ -987,23 +987,23 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1730504152, - "narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=", + "lastModified": 1733096140, + "narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" } }, "nixpkgs-lib_2": { "locked": { - "lastModified": 1731805462, - "narHash": "sha256-yhEMW4MBi+IAyEJyiKbnFvY1uARyMKJpLUhkczI49wk=", + "lastModified": 1733015484, + "narHash": "sha256-qiyO0GrTvbp869U4VGX5GhAZ00fSiPXszvosY1AgKQ8=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "b9f04e3cf71c23bea21d2768051e6b3068d44734", + "rev": "0e4fdd4a0ab733276b6d2274ff84ae353f17129e", "type": "github" }, "original": { @@ -1030,11 +1030,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1732014248, - "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", + "lastModified": 1733212471, + "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", + "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", "type": "github" }, "original": { @@ -1046,11 +1046,11 @@ }, "nixpkgs-vscodium": { "locked": { - "lastModified": 1732014248, - "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", + "lastModified": 1733212471, + "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", + "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", "type": "github" }, "original": { @@ -1068,11 +1068,11 @@ "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1732358371, - "narHash": "sha256-u5O4gq5SgWNuYR/8X9GECB3QO3JFAwwl+o2sVEMIveA=", + "lastModified": 1733388169, + "narHash": "sha256-WCfVVHIuxnz4O7O9BY76apUkA//ujG7rqkjAWCw0ujY=", "owner": "nix-community", "repo": "nixpkgs-wayland", - "rev": "74c2d35df49f9c8090654a7be11710e627dc9811", + "rev": "fe88399ae2d22a5381c65a51f8e5a0e4f2e7a38b", "type": "github" }, "original": { @@ -1083,11 +1083,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1732014248, - "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", + "lastModified": 1722421184, + "narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", + "rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58", "type": "github" }, "original": { @@ -1115,11 +1115,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1730958623, - "narHash": "sha256-JwQZIGSYnRNOgDDoIgqKITrPVil+RMWHsZH1eE1VGN0=", + "lastModified": 1732238832, + "narHash": "sha256-sQxuJm8rHY20xq6Ah+GwIUkF95tWjGRd1X8xF+Pkk38=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "85f7e662eda4fa3a995556527c87b2524b691933", + "rev": "8edf06bea5bcbee082df1b7369ff973b91618b8d", "type": "github" }, "original": { @@ -1131,11 +1131,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1732014248, - "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", + "lastModified": 1733212471, + "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", + "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", "type": "github" }, "original": { @@ -1160,11 +1160,11 @@ "treefmt-nix": "treefmt-nix_3" }, "locked": { - "lastModified": 1732315025, - "narHash": "sha256-vPAMWd5/akE3U3B8uXzi05X/9fUd71sZaOnfBrX4AR0=", + "lastModified": 1733355056, + "narHash": "sha256-EOldkOLdgUVIa8ZJiHkqjD6yaW+AZiZwd94aBqfZERY=", "owner": "nix-community", "repo": "nixvim", - "rev": "c1271fa10a54a3b35db6040dd6e779f349af52bf", + "rev": "277dbeb607210f6a6db656ac7eee9eef3143070c", "type": "github" }, "original": { @@ -1183,11 +1183,11 @@ ] }, "locked": { - "lastModified": 1731936508, - "narHash": "sha256-z0BSSf78LkxIrrFXZYmCoRRAxAmxMUKpK7CyxQRvkZI=", + "lastModified": 1733006402, + "narHash": "sha256-BC1CecAQISV5Q4LZK72Gx0+faemOwaChiD9rMVfDPoA=", "owner": "NuschtOS", "repo": "search", - "rev": "fe07070f811b717a4626d01fab714a87d422a9e1", + "rev": "16307548b7a1247291c84ae6a12c0aacb07dfba2", "type": "github" }, "original": { @@ -1286,7 +1286,6 @@ "sops-nix": "sops-nix", "srvos": "srvos", "treefmt-nix": "treefmt-nix_4", - "x13s-bt-firmware": "x13s-bt-firmware", "yofi": "yofi" } }, @@ -1309,11 +1308,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1732050317, - "narHash": "sha256-G5LUEOC4kvB/Xbkglv0Noi04HnCfryur7dVjzlHkgpI=", + "lastModified": 1733330394, + "narHash": "sha256-1jwtAQYtErSsfkEQFvZJ9wJBrLGltzlvZKZzPXhpfpE=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "c0bbbb3e5d7d1d1d60308c8270bfd5b250032bb4", + "rev": "f499faf72bcd2abbfbf3d7171e5191100547a3df", "type": "github" }, "original": { @@ -1348,11 +1347,11 @@ ] }, "locked": { - "lastModified": 1732186149, - "narHash": "sha256-N9JGWe/T8BC0Tss2Cv30plvZUYoiRmykP7ZdY2on2b0=", + "lastModified": 1733128155, + "narHash": "sha256-m6/qwJAJYcidGMEdLqjKzRIjapK4nUfMq7rDCTmZajc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "53c853fb1a7e4f25f68805ee25c83d5de18dc699", + "rev": "c6134b6fff6bda95a1ac872a2a9d5f32e3c37856", "type": "github" }, "original": { @@ -1368,11 +1367,11 @@ ] }, "locked": { - "lastModified": 1732285851, - "narHash": "sha256-I7bH3fiSr01AT7zj+bQA8IrtD08cP5NgQU11gZ6OEFc=", + "lastModified": 1733365027, + "narHash": "sha256-Vl0pOGckECuFoMbiotwj65jjoFE8Mc2yUXNIllttxkI=", "owner": "numtide", "repo": "srvos", - "rev": "8f6d75e9636d54319752b166ccbe86a66113e999", + "rev": "6047d415ca8dc7eae73dd17c832f7dc08ad544f4", "type": "github" }, "original": { @@ -1523,11 +1522,11 @@ ] }, "locked": { - "lastModified": 1732111664, - "narHash": "sha256-XWHuPWcP59QnHEewdZJXBX1TA2lAP78Vz4daG6tfIr4=", + "lastModified": 1732894027, + "narHash": "sha256-2qbdorpq0TXHBWbVXaTqKoikN4bqAtAplTwGuII+oAc=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "62003fdad7a5ab7b6af3ea9bd7290e4c220277d0", + "rev": "6209c381904cab55796c5d7350e89681d3b2a8ef", "type": "github" }, "original": { @@ -1543,11 +1542,11 @@ ] }, "locked": { - "lastModified": 1732292307, - "narHash": "sha256-5WSng844vXt8uytT5djmqBCkopyle6ciFgteuA9bJpw=", + "lastModified": 1733222881, + "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "705df92694af7093dfbb27109ce16d828a79155f", + "rev": "49717b5af6f80172275d47a418c9719a31a78b53", "type": "github" }, "original": { @@ -1556,18 +1555,6 @@ "type": "github" } }, - "x13s-bt-firmware": { - "flake": false, - "locked": { - "narHash": "sha256-FCWkZp+MtEGS5lS5+pxmpCl4wU9GGRegolebcmCN7RU=", - "type": "file", - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/qca/hpbtfw21.tlv?id=2ba1beaae0c649ce8a50baecc8df9e81cd524e65" - }, - "original": { - "type": "file", - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/qca/hpbtfw21.tlv?id=2ba1beaae0c649ce8a50baecc8df9e81cd524e65" - } - }, "yofi": { "inputs": { "flake-utils": "flake-utils_10", diff --git a/flake.nix b/flake.nix index f843959..d0761cf 100644 --- a/flake.nix +++ b/flake.nix @@ -88,26 +88,6 @@ url = "github:espanso/espanso/db97658d1d80697a635b57801696c594eacf057b"; }; - x13s-bt-firmware = { - flake = false; - - # revisions for this file: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/log/qca/hpbtfw21.tlv - - # 2024-07-29 - # not working well - # url = "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/qca/hpbtfw21.tlv?id=d118dc8ad5562ac0ae0c07be748cbe35a9361b47"; - - # 2024-05-30 - # url = "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/qca/hpbtfw21.tlv?id=436b0a920352d13290043d9ec9e50c420ab10f92"; - - # 2023-12-18 - # not working well - # url = "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/qca/hpbtfw21.tlv?id=598f5bd22361d7e92eebe8452d1f8013a1d35b9a"; - - # 2013-01-17 - url = "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/qca/hpbtfw21.tlv?id=2ba1beaae0c649ce8a50baecc8df9e81cd524e65"; - }; - ath11k-firmware = { url = "git+https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git"; flake = false; @@ -346,12 +326,6 @@ buildInputs = [ ]; }; - x13s-bt-firmware = pkgs.runCommand "x13s-bt-firmware" { } '' - mkdir -p $out/lib/firmware/qca - cp -v ${self}/misc/x13s_bt_firmware/hpnv21g.b8c.crypt.fw $out/lib/firmware/qca/hpnv21.bin - cp -v ${inputs.x13s-bt-firmware} $out/lib/firmware/qca//hpbtfw21.tlv - ''; - x13s-ath11k-firmware = pkgs.runCommand "x13s-ath11k-firmware-before" { } '' mkdir -p $out/lib/firmware/ath11k/WCN6855/hw2.1/ cp -v ${inputs.ath11k-firmware}/WCN6855/hw2.1/{board-2,regdb}.bin $out/lib/firmware/ath11k/WCN6855/hw2.1/ diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index bd0c584..77ea7c9 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -116,7 +116,7 @@ in # gnome.gnome-keyring gcr - gnome.seahorse + seahorse # Language Support hunspellDicts.en-us @@ -171,7 +171,7 @@ in # TODO(remve or use): pkgsUnstable.helix # Image/Graphic/Design Tools - gnome.eog + eog # gimp # imagemagick # exiv2 @@ -193,7 +193,7 @@ in # cdrtools # Document Processing and Management - gnome.nautilus + nautilus pcmanfm # mendeley evince diff --git a/nix/home-manager/profiles/qtile-desktop.nix b/nix/home-manager/profiles/qtile-desktop.nix index 7aa492f..84d9c21 100644 --- a/nix/home-manager/profiles/qtile-desktop.nix +++ b/nix/home-manager/profiles/qtile-desktop.nix @@ -287,7 +287,7 @@ in networkmanagerapplet gnome-icon-theme gnome.gnome-themes-extra - gnome.adwaita-icon-theme + adwaita-icon-theme lxappearance xorg.xcursorthemes pavucontrol diff --git a/nix/home-manager/profiles/sway-desktop.nix b/nix/home-manager/profiles/sway-desktop.nix index 8924a3a..c6b1e1f 100644 --- a/nix/home-manager/profiles/sway-desktop.nix +++ b/nix/home-manager/profiles/sway-desktop.nix @@ -46,14 +46,14 @@ in pkgs.swaylock ## themes - pkgs.gnome.adwaita-icon-theme + pkgs.adwaita-icon-theme pkgs.hicolor-icon-theme pkgs.gnome-icon-theme ## fonts + # pkgs.nerd-fonts # TODO: reinstall selected ones pkgs.dejavu_fonts # just a basic good fond pkgs.font-awesome_5 # needed by i3status-rust - pkgs.nerdfonts pkgs.font-awesome pkgs.roboto pkgs.ttf_bitstream_vera diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index d28a328..8082748 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -181,7 +181,7 @@ ../../snippets/holo-zerotier.nix - ../../snippets/k3s-w-nix-snapshotter.nix + # ../../snippets/k3s-w-nix-snapshotter.nix ]; networking.hostName = nodeName; @@ -223,11 +223,15 @@ loader.efi.canTouchEfiVariables = lib.mkForce false; loader.efi.efiSysMountPoint = "/boot"; - blacklistedKernelModules = [ "wwan" ]; + blacklistedKernelModules = [ + "wwan" + "qcom_soundwire" + "snd_soc_qcom_sdw" + "snd_soc_sc8280xp" + ]; }; hardware.firmware = lib.mkBefore [ - packages'.x13s-bt-firmware packages'.x13s-ath11k-firmware ]; From 63907b1b170821e4d7f2ca2d2a3317a2071db9a4 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 5 Dec 2024 22:11:05 +0100 Subject: [PATCH 223/305] nix/os/devices/sj-srv1: bump versions --- nix/os/devices/sj-srv1/flake.lock | 28 ++++++++++++++-------------- nix/os/devices/sj-srv1/flake.nix | 4 ++-- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/nix/os/devices/sj-srv1/flake.lock b/nix/os/devices/sj-srv1/flake.lock index 89ab52c..fcc671a 100644 --- a/nix/os/devices/sj-srv1/flake.lock +++ b/nix/os/devices/sj-srv1/flake.lock @@ -7,43 +7,43 @@ ] }, "locked": { - "lastModified": 1726989464, - "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", + "lastModified": 1733050161, + "narHash": "sha256-lYnT+EYE47f5yY3KS/Kd4pJ6CO9fhCqumkYYkQ3TK20=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", + "rev": "62d536255879be574ebfe9b87c4ac194febf47c5", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.05", + "ref": "release-24.11", "repo": "home-manager", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1729449015, - "narHash": "sha256-Gf04dXB0n4q0A9G5nTGH3zuMGr6jtJppqdeljxua1fo=", + "lastModified": 1733261153, + "narHash": "sha256-eq51hyiaIwtWo19fPEeE0Zr2s83DYMKJoukNLgGGpek=", "owner": "nixos", "repo": "nixpkgs", - "rev": "89172919243df199fe237ba0f776c3e3e3d72367", + "rev": "b681065d0919f7eb5309a93cea2cfa84dec9aa88", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-24.05", + "ref": "nixos-24.11", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-master": { "locked": { - "lastModified": 1729607844, - "narHash": "sha256-MNSAdzoShiZN4bhpB2Eet6R4Qyj9oLLSHuADMcrBIA4=", + "lastModified": 1733431865, + "narHash": "sha256-aBcHSuMZURsEtZaCT5DG3r5DtikpjdvCC6aL1rZ3WNY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "87c6221b509d1390128f0461d975724ec617724c", + "rev": "2e0d114024866e4c1c9b628b5b873c22bc8f9397", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1729577921, - "narHash": "sha256-bxktXyAj3818+okqwaR9L/F4UREnry0OEjnYqwYVdkc=", + "lastModified": 1733380312, + "narHash": "sha256-ywntxT10Om755wkB9tYgJwEwELQZKYAO5WcNuHv1vjI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "29dccd64f527eebafce219e7ca2bfda5fee75456", + "rev": "a772498086eac57d97065a980a21fc0f304e3192", "type": "github" }, "original": { diff --git a/nix/os/devices/sj-srv1/flake.nix b/nix/os/devices/sj-srv1/flake.nix index 20a919c..e4de055 100644 --- a/nix/os/devices/sj-srv1/flake.nix +++ b/nix/os/devices/sj-srv1/flake.nix @@ -1,10 +1,10 @@ { - inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; + inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; inputs.nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small"; inputs.nixpkgs-master.url = "github:nixos/nixpkgs/master"; inputs.home-manager = { - url = "github:nix-community/home-manager/release-24.05"; + url = "github:nix-community/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; }; From 5cb20fcb5d9ee71ebcdd80d9e05e732a679f9938 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 6 Dec 2024 09:34:12 +0100 Subject: [PATCH 224/305] nix/os/devices/sj-srv1: bump versions --- nix/os/devices/sj-srv1/flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/nix/os/devices/sj-srv1/flake.lock b/nix/os/devices/sj-srv1/flake.lock index fcc671a..6259208 100644 --- a/nix/os/devices/sj-srv1/flake.lock +++ b/nix/os/devices/sj-srv1/flake.lock @@ -39,11 +39,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1733431865, - "narHash": "sha256-aBcHSuMZURsEtZaCT5DG3r5DtikpjdvCC6aL1rZ3WNY=", + "lastModified": 1733472523, + "narHash": "sha256-7uLfmBHYgipmt9QbyA6/9U79vZJDlD1F8Cl4ArLUwSc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2e0d114024866e4c1c9b628b5b873c22bc8f9397", + "rev": "de5658c9e4d0d47a03c8fd91c1ff7e5a368d3ac5", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1733380312, - "narHash": "sha256-ywntxT10Om755wkB9tYgJwEwELQZKYAO5WcNuHv1vjI=", + "lastModified": 1733426878, + "narHash": "sha256-boWvvAttPEXJbi5TiRqRuLE78mic+asXrCpcEm9XIK8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a772498086eac57d97065a980a21fc0f304e3192", + "rev": "21e9e52183fd52452c26a1d7957b0299a37fa83a", "type": "github" }, "original": { From ab020ae8eba577ce39df11faeb64395f2704d81c Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 6 Dec 2024 10:27:41 +0100 Subject: [PATCH 225/305] refactor(sj-srv1) --- nix/os/devices/sj-srv1/boot.nix | 1 - nix/os/devices/sj-srv1/configuration.nix | 3 --- nix/os/devices/sj-srv1/hw.nix | 3 +++ 3 files changed, 3 insertions(+), 4 deletions(-) delete mode 100644 nix/os/devices/sj-srv1/boot.nix diff --git a/nix/os/devices/sj-srv1/boot.nix b/nix/os/devices/sj-srv1/boot.nix deleted file mode 100644 index 974f788..0000000 --- a/nix/os/devices/sj-srv1/boot.nix +++ /dev/null @@ -1 +0,0 @@ -_: { boot.extraModulePackages = [ ]; } diff --git a/nix/os/devices/sj-srv1/configuration.nix b/nix/os/devices/sj-srv1/configuration.nix index 9f49bd1..5184bd1 100644 --- a/nix/os/devices/sj-srv1/configuration.nix +++ b/nix/os/devices/sj-srv1/configuration.nix @@ -17,10 +17,7 @@ }; } - ../../modules/opinionatedDisk.nix - ./system.nix ./hw.nix - ./boot.nix ]; } diff --git a/nix/os/devices/sj-srv1/hw.nix b/nix/os/devices/sj-srv1/hw.nix index 328266b..ca9158b 100644 --- a/nix/os/devices/sj-srv1/hw.nix +++ b/nix/os/devices/sj-srv1/hw.nix @@ -41,6 +41,9 @@ let ]; in { + imports = [ + ../../modules/opinionatedDisk.nix + ]; hardware.opinionatedDisk = { enable = true; encrypted = false; From dc4a9e6a27f868e8590a174972315a2c25734d74 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 10 Dec 2024 14:18:11 +0100 Subject: [PATCH 226/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 872c7cf..4a77348 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -148,11 +148,11 @@ ] }, "locked": { - "lastModified": 1733389730, - "narHash": "sha256-KZMu4ddMll5khS0rYkJsVD0hVqjMNHlhTM3PCQar0Ag=", + "lastModified": 1733769654, + "narHash": "sha256-aVvYDt8eitZVF6fdOrSoIzYRkQ5Gh6kfRvqkiaDRLL0=", "owner": "nix-community", "repo": "home-manager", - "rev": "65912bc6841cf420eb8c0a20e03df7cbbff5963f", + "rev": "e952e94955dcc6fa2120c1430789fc41363f5237", "type": "github" }, "original": { @@ -292,11 +292,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1733261153, - "narHash": "sha256-eq51hyiaIwtWo19fPEeE0Zr2s83DYMKJoukNLgGGpek=", + "lastModified": 1733550349, + "narHash": "sha256-NcGumB4Lr6KSDq+nIqXtNA8QwAQKDSZT7N9OTGWbTrs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b681065d0919f7eb5309a93cea2cfa84dec9aa88", + "rev": "e2605d0744c2417b09f8bf850dfca42fcf537d34", "type": "github" }, "original": { @@ -308,11 +308,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1733393026, + "lastModified": 1733417465, "narHash": "sha256-hpUyV0NHnIZpFzN6p7udW6Jh+m9tlLvCcNf1/wG5pQY=", "owner": "steveej-forks", "repo": "nixpkgs", - "rev": "b1714b7f9e5761ad965a4df7602105f1e159b89e", + "rev": "bd3ea645591cd61e8140067b459e974f756b528a", "type": "github" }, "original": { From ea8258e4d95cc9470e9f72e072ffb9f9c6a61c3e Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 10 Dec 2024 15:21:09 +0100 Subject: [PATCH 227/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 4a77348..be351ac 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -308,11 +308,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1733417465, - "narHash": "sha256-hpUyV0NHnIZpFzN6p7udW6Jh+m9tlLvCcNf1/wG5pQY=", + "lastModified": 1733759999, + "narHash": "sha256-463SNPWmz46iLzJKRzO3Q2b0Aurff3U1n0nYItxq7jU=", "owner": "steveej-forks", "repo": "nixpkgs", - "rev": "bd3ea645591cd61e8140067b459e974f756b528a", + "rev": "a73246e2eef4c6ed172979932bc80e1404ba2d56", "type": "github" }, "original": { From d09c7c2f7ec134d4a59056b9ab9d18aa14eb8967 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 10 Dec 2024 21:22:52 +0100 Subject: [PATCH 228/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 16 ++++---- nix/os/devices/steveej-x13s/flake.nix | 52 -------------------------- 2 files changed, 8 insertions(+), 60 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index be351ac..9fb86c5 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -165,16 +165,16 @@ "linux-jhovold": { "flake": false, "locked": { - "lastModified": 1733214488, - "narHash": "sha256-nhS3FgdJm1KBjAuTePgcQ4oXzigyDufQfz2TUUahHtM=", + "lastModified": 1733829848, + "narHash": "sha256-eSMC7QBA4N6oKNemce/7tuyjGHHnXDjoLJLyxHaJrJI=", "owner": "jhovold", "repo": "linux", - "rev": "ccd13b9fd1a31c869789e2320e777bfdc150face", + "rev": "bc85c6f253096667ccbf2a60d37070f347e67ae4", "type": "github" }, "original": { "owner": "jhovold", - "ref": "wip/sc8280xp-6.13-rc1", + "ref": "wip/sc8280xp-6.13-rc2", "repo": "linux", "type": "github" } @@ -248,11 +248,11 @@ "x13s-bt-linux-firmware": "x13s-bt-linux-firmware" }, "locked": { - "lastModified": 1733393262, - "narHash": "sha256-cbpUix+ggnZtTT7Rtr1+A+iX+fI+KpduaGOOTXhaQWU=", + "lastModified": 1733855385, + "narHash": "sha256-+13My4h6WUJ+M10gKS0aVUlyIdp4zKqB6FKxyCAyxQ0=", "ref": "bump", - "rev": "b116d698f4b531a7577ccb875ca6a8106b9d63ee", - "revCount": 127, + "rev": "c95058f8aa1b361df3874429c5dc0f694f9cba78", + "revCount": 128, "type": "git", "url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git" }, diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 70f78ea..b94efdb 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -80,59 +80,7 @@ inherit mkNixosConfiguration; }; - overlays.libcamera = - _final: previous: - let - webkitgtkPreConfigure = '' - export NIX_BUILD_CORES="$((NIX_BUILD_CORES > 2 ? 2 : NIX_BUILD_CORES))" - export NUMBER_OF_PROCESSORS="$NIX_BUILD_CORES" - ''; - in - { - wireplumber = previous.wireplumber.overrideAttrs (_: { - version = "git"; - src = previous.fetchFromGitLab { - domain = "gitlab.freedesktop.org"; - owner = "pipewire"; - repo = "wireplumber"; - rev = "71f868233792f10848644319dbdc97a4f147d554"; - hash = "sha256-VX3OFsBK9AbISm/XTx8p05ak+z/VcKXfUXhB9aI9ev8="; - }; - }); - - libcamera = previous.libcamera.overrideAttrs (_: { - postFixup = '' - ../src/ipa/ipa-sign-install.sh src/ipa-priv-key.pem $out/lib/libcamera/ipa_*.so - ''; - }); - - libcamera-qcam = previous.libcamera-qcam.overrideAttrs (_: { - postFixup = '' - ../src/ipa/ipa-sign-install.sh src/ipa-priv-key.pem $out/lib/libcamera/ipa_*.so - ''; - }); - - webkitgtk = previous.webkitgtk.overrideAttrs (attrs: { - preConfigure = attrs.preConfigure + webkitgtkPreConfigure; - }); - - webkitgtk_4_1 = previous.webkitgtk_4_1.overrideAttrs (attrs: { - preConfigure = attrs.preConfigure + webkitgtkPreConfigure; - }); - - webkitgtk_6_0 = previous.webkitgtk_6_0.overrideAttrs (attrs: { - preConfigure = attrs.preConfigure + webkitgtkPreConfigure; - }); - }; - overlays.default = _final: _previous: { - # inherit pkgsUnstable; - # inherit (pkgsUnstable) - # libcamera - # webkitgtk - # webkitgtk_4_1 - # webkitgtk_6_0 - # ; }; nixosConfigurations = { From dbd76da8a872af6c6f2efa8bb431e7d39064eb90 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 18 Dec 2024 12:58:49 +0100 Subject: [PATCH 229/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 40 +++++++++++++------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 9fb86c5..0298fc1 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1733168902, - "narHash": "sha256-8dupm9GfK+BowGdQd7EHK5V61nneLfr9xR6sc5vtDi0=", + "lastModified": 1734343412, + "narHash": "sha256-b7G8oFp0Nj01BYUJ6ENC9Qf/HsYAIZvN9k/p0Kg/PFU=", "owner": "nix-community", "repo": "disko", - "rev": "785c1e02c7e465375df971949b8dcbde9ec362e5", + "rev": "a08bfe06b39e94eec98dd089a2c1b18af01fef19", "type": "github" }, "original": { @@ -148,11 +148,11 @@ ] }, "locked": { - "lastModified": 1733769654, - "narHash": "sha256-aVvYDt8eitZVF6fdOrSoIzYRkQ5Gh6kfRvqkiaDRLL0=", + "lastModified": 1734344598, + "narHash": "sha256-wNX3hsScqDdqKWOO87wETUEi7a/QlPVgpC/Lh5rFOuA=", "owner": "nix-community", "repo": "home-manager", - "rev": "e952e94955dcc6fa2120c1430789fc41363f5237", + "rev": "83ecd50915a09dca928971139d3a102377a8d242", "type": "github" }, "original": { @@ -165,16 +165,16 @@ "linux-jhovold": { "flake": false, "locked": { - "lastModified": 1733829848, - "narHash": "sha256-eSMC7QBA4N6oKNemce/7tuyjGHHnXDjoLJLyxHaJrJI=", + "lastModified": 1734331387, + "narHash": "sha256-q49Gk6MNWX5cZZlls3mcZ1UloDtOjJGEVTFNQD/UtWM=", "owner": "jhovold", "repo": "linux", - "rev": "bc85c6f253096667ccbf2a60d37070f347e67ae4", + "rev": "e6114ad3a4a32e01978f87af5844e03d50b7732b", "type": "github" }, "original": { "owner": "jhovold", - "ref": "wip/sc8280xp-6.13-rc2", + "ref": "wip/sc8280xp-6.13-rc3", "repo": "linux", "type": "github" } @@ -190,11 +190,11 @@ ] }, "locked": { - "lastModified": 1732269459, - "narHash": "sha256-KIn7TfNknBiCoM/RedPqW3Im9X0Iiwig3hHAAhkTDLg=", + "lastModified": 1734517344, + "narHash": "sha256-TlYqTCs3CxHsq7JTIeQwWpz86MYqYjXdGzNavt4hPm8=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "430ec6b272a4654d0ccbf053bfad8a594eff4016", + "rev": "74719ba7cacb96e2d9251ce57760474e6973a14e", "type": "github" }, "original": { @@ -248,11 +248,11 @@ "x13s-bt-linux-firmware": "x13s-bt-linux-firmware" }, "locked": { - "lastModified": 1733855385, - "narHash": "sha256-+13My4h6WUJ+M10gKS0aVUlyIdp4zKqB6FKxyCAyxQ0=", + "lastModified": 1734517017, + "narHash": "sha256-JniqRUL5LF/iqR7+oC0km2Dl/WOg6PsnZoDxWjMOezs=", "ref": "bump", - "rev": "c95058f8aa1b361df3874429c5dc0f694f9cba78", - "revCount": 128, + "rev": "77c000d82d6ca0078effb963e08bedce009534ab", + "revCount": 129, "type": "git", "url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git" }, @@ -292,11 +292,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1733550349, - "narHash": "sha256-NcGumB4Lr6KSDq+nIqXtNA8QwAQKDSZT7N9OTGWbTrs=", + "lastModified": 1734323986, + "narHash": "sha256-m/lh6hYMIWDYHCAsn81CDAiXoT3gmxXI9J987W5tZrE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e2605d0744c2417b09f8bf850dfca42fcf537d34", + "rev": "394571358ce82dff7411395829aa6a3aad45b907", "type": "github" }, "original": { From cb2ca003a7244d93b9010fb5e0b200c8cb9e9d88 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 21 Dec 2024 20:10:26 +0100 Subject: [PATCH 230/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 18 +++++++++--------- nix/os/devices/steveej-x13s/flake.nix | 5 ++++- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 0298fc1..b9137ab 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1734343412, - "narHash": "sha256-b7G8oFp0Nj01BYUJ6ENC9Qf/HsYAIZvN9k/p0Kg/PFU=", + "lastModified": 1734701201, + "narHash": "sha256-hk0roBX10j/hospoWIJIJj3i2skd7Oml6yKQBx7mTFk=", "owner": "nix-community", "repo": "disko", - "rev": "a08bfe06b39e94eec98dd089a2c1b18af01fef19", + "rev": "2ee76c861af3b895b3b104bae04777b61397485b", "type": "github" }, "original": { @@ -148,11 +148,11 @@ ] }, "locked": { - "lastModified": 1734344598, - "narHash": "sha256-wNX3hsScqDdqKWOO87wETUEi7a/QlPVgpC/Lh5rFOuA=", + "lastModified": 1734800693, + "narHash": "sha256-IkE+72r4yiC1ZyMfo8EHdEZAs2wQRwNJ2aRwzFbR3Hk=", "owner": "nix-community", "repo": "home-manager", - "rev": "83ecd50915a09dca928971139d3a102377a8d242", + "rev": "99f54cdfef395bb3de1c7b8dd422412de65b038d", "type": "github" }, "original": { @@ -292,11 +292,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1734323986, - "narHash": "sha256-m/lh6hYMIWDYHCAsn81CDAiXoT3gmxXI9J987W5tZrE=", + "lastModified": 1734737257, + "narHash": "sha256-GIMyMt1pkkoXdCq9un859bX6YQZ/iYtukb9R5luazLM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "394571358ce82dff7411395829aa6a3aad45b907", + "rev": "1c6e20d41d6a9c1d737945962160e8571df55daa", "type": "github" }, "original": { diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index b94efdb..d1ba325 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -14,7 +14,10 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - nixos-x13s.url = "git+https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?ref=bump" + nixos-x13s.url = + "git+https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?ref=bump" + # 6.13-rc2 + # "git+https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?ref=bump&rev=c95058f8aa1b361df3874429c5dc0f694f9cba78" # 6.11.0 # "git+https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?branch=remaintain&rev=6b9efe77ca80653354981c720af3c4241ac71490" # 6.12.0-rc6 From b44e6b5c21b4c95b2f06b2c545444eccc712e12c Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 21 Dec 2024 22:45:36 +0100 Subject: [PATCH 231/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index b9137ab..6495b77 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -148,11 +148,11 @@ ] }, "locked": { - "lastModified": 1734800693, - "narHash": "sha256-IkE+72r4yiC1ZyMfo8EHdEZAs2wQRwNJ2aRwzFbR3Hk=", + "lastModified": 1734808199, + "narHash": "sha256-MxlUcLjE8xLbrI1SJ2B2jftlg4wdutEILa3fgqwA98I=", "owner": "nix-community", "repo": "home-manager", - "rev": "99f54cdfef395bb3de1c7b8dd422412de65b038d", + "rev": "f342df3ad938f205a913973b832f52c12546aac6", "type": "github" }, "original": { @@ -248,11 +248,11 @@ "x13s-bt-linux-firmware": "x13s-bt-linux-firmware" }, "locked": { - "lastModified": 1734517017, - "narHash": "sha256-JniqRUL5LF/iqR7+oC0km2Dl/WOg6PsnZoDxWjMOezs=", + "lastModified": 1734814904, + "narHash": "sha256-+bjvOEXRmy1j3tbwYFBCy5Ego8YrYQah7osIDigF/Uc=", "ref": "bump", - "rev": "77c000d82d6ca0078effb963e08bedce009534ab", - "revCount": 129, + "rev": "3c79ed01fb15d9e1f2c6226dae1a2ee883c77c8e", + "revCount": 130, "type": "git", "url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git" }, From 9b07038b527063d1fceb07a6ef8132a3f424eb13 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 23 Dec 2024 13:54:17 +0100 Subject: [PATCH 232/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 29 ++++++++++++++++++++------ nix/os/devices/steveej-x13s/flake.nix | 5 +++++ 2 files changed, 28 insertions(+), 6 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 6495b77..f0c68c3 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -1,5 +1,21 @@ { "nodes": { + "ath11k-firmware": { + "flake": false, + "locked": { + "lastModified": 1733258345, + "narHash": "sha256-th2svNLc74sVI/P+y1/Yck1IW+RIUnxL+NF2HLrsSxI=", + "ref": "refs/heads/main", + "rev": "ff9dd08208c5705a3867fc132dcedb5d31c901e2", + "revCount": 163, + "type": "git", + "url": "https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git" + }, + "original": { + "type": "git", + "url": "https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git" + } + }, "crane": { "inputs": { "nixpkgs": [ @@ -148,11 +164,11 @@ ] }, "locked": { - "lastModified": 1734808199, - "narHash": "sha256-MxlUcLjE8xLbrI1SJ2B2jftlg4wdutEILa3fgqwA98I=", + "lastModified": 1734944412, + "narHash": "sha256-36QfCAl8V6nMIRUCgiC79VriJPUXXkHuR8zQA1vAtSU=", "owner": "nix-community", "repo": "home-manager", - "rev": "f342df3ad938f205a913973b832f52c12546aac6", + "rev": "8264bfe3a064d704c57df91e34b795b6ac7bad9e", "type": "github" }, "original": { @@ -292,11 +308,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1734737257, - "narHash": "sha256-GIMyMt1pkkoXdCq9un859bX6YQZ/iYtukb9R5luazLM=", + "lastModified": 1734875076, + "narHash": "sha256-Pzyb+YNG5u3zP79zoi8HXYMs15Q5dfjDgwCdUI5B0nY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1c6e20d41d6a9c1d737945962160e8571df55daa", + "rev": "1807c2b91223227ad5599d7067a61665c52d1295", "type": "github" }, "original": { @@ -324,6 +340,7 @@ }, "root": { "inputs": { + "ath11k-firmware": "ath11k-firmware", "disko": "disko", "get-flake": "get-flake", "home-manager": "home-manager", diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index d1ba325..80084ee 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -29,6 +29,11 @@ # nixos-x13s.url = "path:/home/steveej/src/others/nixos-x13s"; # nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; + ath11k-firmware = { + url = "git+https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git"; + flake = false; + }; + mycelium.url = "github:threefoldtech/mycelium"; mycelium.inputs.nixpkgs.follows = "nixpkgs"; From ca7aa45c180f414e7fed7eeacec203413dfab1db Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 23 Dec 2024 14:10:28 +0100 Subject: [PATCH 233/305] git: ignore debug-logs --- .gitignore | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index fbfe182..8c927b6 100644 --- a/.gitignore +++ b/.gitignore @@ -6,4 +6,6 @@ .direnv/ # nixago: ignore-linked-files -/treefmt.toml \ No newline at end of file +/treefmt.toml + +/debug-logs From 39cf9758631cc4773c9ef045ac5fd8fcc9c8b96e Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 23 Dec 2024 14:10:46 +0100 Subject: [PATCH 234/305] feat(flake): remove ath11k firmware from top-levle --- flake.lock | 17 ----------------- flake.nix | 11 ----------- 2 files changed, 28 deletions(-) diff --git a/flake.lock b/flake.lock index e08285d..be310a5 100644 --- a/flake.lock +++ b/flake.lock @@ -17,22 +17,6 @@ "type": "github" } }, - "ath11k-firmware": { - "flake": false, - "locked": { - "lastModified": 1733258345, - "narHash": "sha256-th2svNLc74sVI/P+y1/Yck1IW+RIUnxL+NF2HLrsSxI=", - "ref": "refs/heads/main", - "rev": "ff9dd08208c5705a3867fc132dcedb5d31c901e2", - "revCount": 163, - "type": "git", - "url": "https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git" - }, - "original": { - "type": "git", - "url": "https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git" - } - }, "colmena": { "inputs": { "flake-compat": "flake-compat", @@ -1249,7 +1233,6 @@ "root": { "inputs": { "aphorme_launcher": "aphorme_launcher", - "ath11k-firmware": "ath11k-firmware", "colmena": "colmena", "crane": "crane", "disko": [ diff --git a/flake.nix b/flake.nix index d0761cf..17c8f97 100644 --- a/flake.nix +++ b/flake.nix @@ -88,11 +88,6 @@ url = "github:espanso/espanso/db97658d1d80697a635b57801696c594eacf057b"; }; - ath11k-firmware = { - url = "git+https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git"; - flake = false; - }; - nixpkgs-kanidm.url = "github:steveej-forks/nixpkgs/kanidm"; nix4vscode = { url = "github:nix-community/nix4vscode"; @@ -325,12 +320,6 @@ nativeBuildInputs = [ pkgs.pkg-config ]; buildInputs = [ ]; }; - - x13s-ath11k-firmware = pkgs.runCommand "x13s-ath11k-firmware-before" { } '' - mkdir -p $out/lib/firmware/ath11k/WCN6855/hw2.1/ - cp -v ${inputs.ath11k-firmware}/WCN6855/hw2.1/{board-2,regdb}.bin $out/lib/firmware/ath11k/WCN6855/hw2.1/ - cp -v ${inputs.ath11k-firmware}/WCN6855/hw2.1/1.1/WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41/{amss,m3}.bin $out/lib/firmware/ath11k/WCN6855/hw2.1/ - ''; }; formatter = From b565cba77d0d0b33063a6d63bd4d6b93b421c448 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 23 Dec 2024 14:11:02 +0100 Subject: [PATCH 235/305] feat(flake/devshells/default): add pulsemixer to default --- nix/devShells.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/devShells.nix b/nix/devShells.nix index b86a82a..a94d136 100644 --- a/nix/devShells.nix +++ b/nix/devShells.nix @@ -67,6 +67,7 @@ # hedgedoc-cli xwayland + pulsemixer (pkgs.writeShellScriptBin "rflk" '' exec nix run nixpkgs#$@ From 3def5d58dd6a8a9cff4ac1e03e61c0700ab5338b Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 23 Dec 2024 14:11:34 +0100 Subject: [PATCH 236/305] chore: TODO comments --- nix/home-manager/programs/chromium.nix | 1 + nix/os/devices/steveej-x13s/configuration.nix | 2 ++ 2 files changed, 3 insertions(+) diff --git a/nix/home-manager/programs/chromium.nix b/nix/home-manager/programs/chromium.nix index 8d12110..aa3f531 100644 --- a/nix/home-manager/programs/chromium.nix +++ b/nix/home-manager/programs/chromium.nix @@ -57,6 +57,7 @@ let # Vimium C { id = "hfjbmagddngcpeloejdejnfgbamkjaeg"; } + # TODO: this causes scrolling the tab bar all the way to the end. look for a different one or report # always right { id = "npjpaghfnndnnmjiliibnkmdfgbojokj"; } diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 8082748..957e658 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -84,6 +84,8 @@ ../../snippets/nix-settings-holo-chain.nix ../../snippets/mycelium.nix + # TODO: broken with: v4l2loopback-0.13.2-6.13.0-rc3.drv + # make: *** [Makefile:53: v4l2loopback.ko] Error 2 # ../../snippets/obs-studio.nix { From ff34c174006ab98cc43f4b27a365fe80ec304ca6 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 23 Dec 2024 14:12:33 +0100 Subject: [PATCH 237/305] feat(nix/devices/steveej-x13s): use linaro ath11k firmware this significantly improves wifi speed (2x-3x speedup) --- nix/os/devices/steveej-x13s/configuration.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 957e658..25ed3a8 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -233,8 +233,13 @@ ]; }; + # TODO: debug this collision: collision between `/nix/store/cb32qlzc4pm6h4arw59kxqyzbvgnmx7g-b43-firmware-6.30.163.46-zstd/lib/firmware/b43/a0g0bsinitvals5.fw.zst' and `/nix/store/niffz3cf0v91y5knz0an29fwvm8amigm-b43-firmware-5.100.138-zstd/lib/firmware/b43/a0g0bsinitvals5.fw.zst' hardware.firmware = lib.mkBefore [ - packages'.x13s-ath11k-firmware + (pkgs.runCommand "x13s-ath11k-firmware-before" { } '' + mkdir -p $out/lib/firmware/ath11k/WCN6855/hw2.1/ + cp -v ${nodeFlake.inputs.ath11k-firmware}/WCN6855/hw2.1/{board-2,regdb}.bin $out/lib/firmware/ath11k/WCN6855/hw2.1/ + cp -v ${nodeFlake.inputs.ath11k-firmware}/WCN6855/hw2.1/1.1/WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41/{amss,m3}.bin $out/lib/firmware/ath11k/WCN6855/hw2.1/ + '') ]; # see https://linrunner.de/tlp/ From 1e649fc3f229f863f6ec75cf7dc706bbe1505b0d Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 23 Dec 2024 20:07:09 +0100 Subject: [PATCH 238/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index f0c68c3..33ac094 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -181,16 +181,16 @@ "linux-jhovold": { "flake": false, "locked": { - "lastModified": 1734331387, - "narHash": "sha256-q49Gk6MNWX5cZZlls3mcZ1UloDtOjJGEVTFNQD/UtWM=", + "lastModified": 1734949573, + "narHash": "sha256-m1O1PLTDYrpt62+aj850I/xBLKbAulx+JlXj99KWjfw=", "owner": "jhovold", "repo": "linux", - "rev": "e6114ad3a4a32e01978f87af5844e03d50b7732b", + "rev": "2f0b291243ef93a37f93608d373e21a322af41a2", "type": "github" }, "original": { "owner": "jhovold", - "ref": "wip/sc8280xp-6.13-rc3", + "ref": "wip/sc8280xp-6.13-rc4", "repo": "linux", "type": "github" } @@ -264,11 +264,11 @@ "x13s-bt-linux-firmware": "x13s-bt-linux-firmware" }, "locked": { - "lastModified": 1734814904, - "narHash": "sha256-+bjvOEXRmy1j3tbwYFBCy5Ego8YrYQah7osIDigF/Uc=", + "lastModified": 1734962407, + "narHash": "sha256-UjVcYBzg0WJh8cGH67JYZRm5BFPemQFGkEUFPJh0SXc=", "ref": "bump", - "rev": "3c79ed01fb15d9e1f2c6226dae1a2ee883c77c8e", - "revCount": 130, + "rev": "5583f444c6abb38ca88cf2046bb792bea01a5496", + "revCount": 132, "type": "git", "url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git" }, From 50804cb67e6573174dbf3dbff044db026344fa15 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 23 Dec 2024 22:17:58 +0100 Subject: [PATCH 239/305] nix/os/devices/sj-srv1: bump versions --- nix/os/devices/sj-srv1/flake.lock | 118 ++++++++++++++++++++++-------- nix/os/devices/sj-srv1/flake.nix | 5 +- 2 files changed, 90 insertions(+), 33 deletions(-) diff --git a/nix/os/devices/sj-srv1/flake.lock b/nix/os/devices/sj-srv1/flake.lock index 6259208..8ab4b67 100644 --- a/nix/os/devices/sj-srv1/flake.lock +++ b/nix/os/devices/sj-srv1/flake.lock @@ -1,5 +1,21 @@ { "nodes": { + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -7,11 +23,11 @@ ] }, "locked": { - "lastModified": 1733050161, - "narHash": "sha256-lYnT+EYE47f5yY3KS/Kd4pJ6CO9fhCqumkYYkQ3TK20=", + "lastModified": 1734366194, + "narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=", "owner": "nix-community", "repo": "home-manager", - "rev": "62d536255879be574ebfe9b87c4ac194febf47c5", + "rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f", "type": "github" }, "original": { @@ -21,13 +37,36 @@ "type": "github" } }, + "nixos-dns": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1725163709, + "narHash": "sha256-VqUwWZBBdDE0Jk1tRW6Bsg978R6rTILrvsqjfjHz2HY=", + "owner": "Janik-Haag", + "repo": "nixos-dns", + "rev": "ac41b8690c8db01af1eb77ea2fd330a1c43d814f", + "type": "github" + }, + "original": { + "owner": "Janik-Haag", + "repo": "nixos-dns", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1733261153, - "narHash": "sha256-eq51hyiaIwtWo19fPEeE0Zr2s83DYMKJoukNLgGGpek=", + "lastModified": 1734875076, + "narHash": "sha256-Pzyb+YNG5u3zP79zoi8HXYMs15Q5dfjDgwCdUI5B0nY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b681065d0919f7eb5309a93cea2cfa84dec9aa88", + "rev": "1807c2b91223227ad5599d7067a61665c52d1295", "type": "github" }, "original": { @@ -39,11 +78,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1733472523, - "narHash": "sha256-7uLfmBHYgipmt9QbyA6/9U79vZJDlD1F8Cl4ArLUwSc=", + "lastModified": 1734988233, + "narHash": "sha256-Ucfnxq1rF/GjNP3kTL+uTfgdoE9a3fxDftSfeLIS8mA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "de5658c9e4d0d47a03c8fd91c1ff7e5a368d3ac5", + "rev": "de1864217bfa9b5845f465e771e0ecb48b30e02d", "type": "github" }, "original": { @@ -55,11 +94,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1733426878, - "narHash": "sha256-boWvvAttPEXJbi5TiRqRuLE78mic+asXrCpcEm9XIK8=", + "lastModified": 1734962273, + "narHash": "sha256-Xu8m+P0dXpRsYqPY1XfOvYaLd8NVpQyiMYrzwwNFyiM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "21e9e52183fd52452c26a1d7957b0299a37fa83a", + "rev": "fc9c33366b98237cc759cdd90ef6058f5a1cb9dd", "type": "github" }, "original": { @@ -69,29 +108,48 @@ "type": "github" } }, - "nixpkgs_forgejo": { - "locked": { - "lastModified": 1717596097, - "narHash": "sha256-ozSU3HYgTbUgyXfGEIdYzGNfCRtuV/Xw7O4ECsLigtk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "af4ac075a3e97cb239078e187112afdf380cd47b", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "af4ac075a3e97cb239078e187112afdf380cd47b", - "type": "github" - } - }, "root": { "inputs": { "home-manager": "home-manager", + "nixos-dns": "nixos-dns", "nixpkgs": "nixpkgs", "nixpkgs-master": "nixpkgs-master", - "nixpkgs-unstable": "nixpkgs-unstable", - "nixpkgs_forgejo": "nixpkgs_forgejo" + "nixpkgs-unstable": "nixpkgs-unstable" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "id": "systems", + "type": "indirect" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixos-dns", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1714058656, + "narHash": "sha256-Qv4RBm4LKuO4fNOfx9wl40W2rBbv5u5m+whxRYUMiaA=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "c6aaf729f34a36c445618580a9f95a48f5e4e03f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" } } }, diff --git a/nix/os/devices/sj-srv1/flake.nix b/nix/os/devices/sj-srv1/flake.nix index e4de055..44bc6db 100644 --- a/nix/os/devices/sj-srv1/flake.nix +++ b/nix/os/devices/sj-srv1/flake.nix @@ -8,9 +8,8 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - # remove when https://github.com/NixOS/nixpkgs/pull/312523 is merged and backported - inputs.nixpkgs_forgejo.url = "github:NixOS/nixpkgs/af4ac075a3e97cb239078e187112afdf380cd47b"; - # nixpkgs_forgejo.url = "github:steveej-forks/nixpkgs/9c3519ab3beb11b8d997281f8922330f707df419"; + inputs.nixos-dns.url = "github:Janik-Haag/nixos-dns"; + inputs.nixos-dns.inputs.nixpkgs.follows = "nixpkgs"; outputs = _: { }; } From 1acccd12131b8e112742a5cd8f737007ed3f77df Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 23 Dec 2024 23:48:45 +0100 Subject: [PATCH 240/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 33ac094..872a45a 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -164,11 +164,11 @@ ] }, "locked": { - "lastModified": 1734944412, - "narHash": "sha256-36QfCAl8V6nMIRUCgiC79VriJPUXXkHuR8zQA1vAtSU=", + "lastModified": 1734992499, + "narHash": "sha256-f9UyHMTb+BwF6RDZ8eO9HOkSlKeeSPBlcYhMmV1UNIk=", "owner": "nix-community", "repo": "home-manager", - "rev": "8264bfe3a064d704c57df91e34b795b6ac7bad9e", + "rev": "f1b1786ea77739dcd181b920d430e30fb1608b8a", "type": "github" }, "original": { From 2068e953a38983c648f5213cd14d109f80ab1263 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 24 Dec 2024 13:34:21 +0100 Subject: [PATCH 241/305] workaround(logseq): use self-built aarch64-linux appimage --- flake.lock | 8 ++++---- flake.nix | 2 +- nix/home-manager/configuration/graphical-fullblown.nix | 6 +----- nix/os/devices/sj-srv1/flake.nix | 3 --- nix/pkgs/logseq/Containerfile | 1 + 5 files changed, 7 insertions(+), 13 deletions(-) diff --git a/flake.lock b/flake.lock index be310a5..7a82d26 100644 --- a/flake.lock +++ b/flake.lock @@ -998,16 +998,16 @@ }, "nixpkgs-logseq": { "locked": { - "lastModified": 1732454357, - "narHash": "sha256-HIGUjCmPRHdjHHnq8Jb7Nr+atCZ5fIX15fNruoFwY0U=", + "lastModified": 1735042470, + "narHash": "sha256-3A8afs4dVdbafOG4Rgg5ie2wk8b6ekzOce8JNNXq4/w=", "owner": "steveej-forks", "repo": "nixpkgs", - "rev": "5eac36380d52534313b1c139c07a04bd0fcb3fdf", + "rev": "24134ba2d4c2bb54e3736b3c66c0ba95551f2834", "type": "github" }, "original": { "owner": "steveej-forks", - "ref": "logseq-linux-arm64", + "ref": "logseq-linux-arm64-selfbuilt-appimage", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index 17c8f97..02c982c 100644 --- a/flake.nix +++ b/flake.nix @@ -81,7 +81,7 @@ flake = false; }; - nixpkgs-logseq.url = "github:steveej-forks/nixpkgs/logseq-linux-arm64"; + nixpkgs-logseq.url = "github:steveej-forks/nixpkgs/logseq-linux-arm64-selfbuilt-appimage"; espanso = { flake = false; diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 77ea7c9..78d8ff3 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -11,10 +11,6 @@ let pkgsUnstable = pkgs.pkgsUnstable or (import nodeFlake.inputs.nixpkgs-unstable { inherit (pkgs) system config overlays; }); - - pkgsLogseq = - pkgs.pkgsLogseq - or (import repoFlake.inputs.nixpkgs-logseq { inherit (pkgs) system config overlays; }); in { imports = [ @@ -250,7 +246,7 @@ in # libretro.snes9x2010 # retroarchFull - pkgsLogseq.logseq + (pkgs.callPackage "${repoFlake.inputs.nixpkgs-logseq}/pkgs/by-name/lo/logseq/package.nix" {}) ]) ++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [ pkgsUnstable.ledger-live-desktop diff --git a/nix/os/devices/sj-srv1/flake.nix b/nix/os/devices/sj-srv1/flake.nix index 44bc6db..f5f7b6e 100644 --- a/nix/os/devices/sj-srv1/flake.nix +++ b/nix/os/devices/sj-srv1/flake.nix @@ -8,8 +8,5 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - inputs.nixos-dns.url = "github:Janik-Haag/nixos-dns"; - inputs.nixos-dns.inputs.nixpkgs.follows = "nixpkgs"; - outputs = _: { }; } diff --git a/nix/pkgs/logseq/Containerfile b/nix/pkgs/logseq/Containerfile index ba1afd8..339d58e 100644 --- a/nix/pkgs/logseq/Containerfile +++ b/nix/pkgs/logseq/Containerfile @@ -10,6 +10,7 @@ FROM clojure:temurin-11-tools-deps-bullseye-slim as builder ARG DEBIAN_FRONTEND=noninteractive # Install reqs +RUN echo 1 RUN apt-get update && apt-get install -y --no-install-recommends \ curl \ ca-certificates \ From b2fc3b11175cef1f0f2f8ab59a182dec0e889282 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 24 Dec 2024 20:40:26 +0100 Subject: [PATCH 242/305] chore(router0-dmz0): update and rotate key --- .sops.yaml | 2 +- nix/os/devices/router0-dmz0/flake.lock | 53 +++--- nix/os/devices/router0-dmz0/flake.nix | 4 +- secrets/router0-dmz0/secrets.yaml | 66 +++---- secrets/shared-users.yaml | 237 ++++++++++++------------- 5 files changed, 176 insertions(+), 186 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 10ba410..9e709f9 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -15,7 +15,7 @@ keys: - &sj-vps-htz0 age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - &sj-srv1 age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - &srv0-dmz0 age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 - - &router0-dmz0 age1vr69hfmjgkqu47g5hjacet6n2tq4rhwnvdrmfa6n6l7fkqvvafnsaccf8u + - &router0-dmz0 age1qju6ms625tlgcjwc9p447seu2p8gu0cr63e5gv5y0wx9mvgmre9slxzzs0 - &router0-ifog age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00 - &router0-hosthatch age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4 - &hstk0 age10xwq7a4y256yhv02j0u80te0vt4krgfjc68r0uw07t96z7ggmpwqtv38a0 diff --git a/nix/os/devices/router0-dmz0/flake.lock b/nix/os/devices/router0-dmz0/flake.lock index 6fe1eed..102d2d8 100644 --- a/nix/os/devices/router0-dmz0/flake.lock +++ b/nix/os/devices/router0-dmz0/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1732221404, - "narHash": "sha256-fWTyjgGt+BHmkeJ5IxOR4zGF4/uc+ceWmhBjOBSVkgQ=", + "lastModified": 1734701201, + "narHash": "sha256-hk0roBX10j/hospoWIJIJj3i2skd7Oml6yKQBx7mTFk=", "owner": "nix-community", "repo": "disko", - "rev": "97c0c4d7072f19b598ed332e9f7f8ad562c6885b", + "rev": "2ee76c861af3b895b3b104bae04777b61397485b", "type": "github" }, "original": { @@ -63,11 +63,11 @@ ] }, "locked": { - "lastModified": 1731880681, - "narHash": "sha256-FmYTkIyPBUxSWgA7DPIVTsCCMvSSbs56yOtHpLNSnKg=", + "lastModified": 1734366194, + "narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=", "owner": "nix-community", "repo": "home-manager", - "rev": "aecd341dfead1c3ef7a3c15468ecd71e8343b7c6", + "rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f", "type": "github" }, "original": { @@ -80,11 +80,11 @@ "hostapd": { "flake": false, "locked": { - "lastModified": 1732101105, - "narHash": "sha256-u/n1vkmRBpcq669kXpCdgfF5I+gL7DkV/0wWhyc2sSA=", + "lastModified": 1734953168, + "narHash": "sha256-fMzGrnLPOtMPlY/Myyj93p7rKMi3xHoR7PXZOXjVui8=", "ref": "refs/heads/main", - "rev": "25d29d65aa6df173eb9f6b44d4dc0536df66b4ba", - "revCount": 20028, + "rev": "fd9bf2cc2f59834b5d9c50a23ac7a833d21eefb2", + "revCount": 20150, "type": "git", "url": "git://w1.fi/hostap.git?branch=main" }, @@ -121,27 +121,26 @@ ] }, "locked": { - "lastModified": 1732269090, - "narHash": "sha256-tISFHFFb96UbgFZ3a36q2lfaKcXzxAyVt50GykfSqUM=", - "owner": "steveej-forks", - "repo": "nakato_nixos-sbc", - "rev": "e67d80bf50a725ff3b0003d92f9280a33dbf8967", + "lastModified": 1734884731, + "narHash": "sha256-8DaMF6XNZobeZo+sOf13nifri0mRXYDAUTh5AD4h4aM=", + "owner": "nakato", + "repo": "nixos-sbc", + "rev": "2e6bfee808b5291b365795ed11931e1702d30386", "type": "github" }, "original": { - "owner": "steveej-forks", - "ref": "wifi-workaround", - "repo": "nakato_nixos-sbc", + "owner": "nakato", + "repo": "nixos-sbc", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1731755305, - "narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=", + "lastModified": 1734875076, + "narHash": "sha256-Pzyb+YNG5u3zP79zoi8HXYMs15Q5dfjDgwCdUI5B0nY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4", + "rev": "1807c2b91223227ad5599d7067a61665c52d1295", "type": "github" }, "original": { @@ -153,11 +152,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1732014248, - "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", + "lastModified": 1734649271, + "narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", + "rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507", "type": "github" }, "original": { @@ -206,11 +205,11 @@ ] }, "locked": { - "lastModified": 1732050592, - "narHash": "sha256-WuGCnlt1xhHJfsHpPXdV3gH9Khe4gJ1+abWCHFcddvM=", + "lastModified": 1734915306, + "narHash": "sha256-cXoiU+doyRAZ/tcCCGcJjwK2bEZbRcuC0E+ZrnmgFOI=", "owner": "numtide", "repo": "srvos", - "rev": "be4533b50ac69cd871ab73d4101c47b397b8c143", + "rev": "31c75c0d702f940aeb89eacc9c5dbde5d43df338", "type": "github" }, "original": { diff --git a/nix/os/devices/router0-dmz0/flake.nix b/nix/os/devices/router0-dmz0/flake.nix index 3ed95ae..0f5866e 100644 --- a/nix/os/devices/router0-dmz0/flake.nix +++ b/nix/os/devices/router0-dmz0/flake.nix @@ -14,10 +14,10 @@ srvos.inputs.nixpkgs.follows = "nixpkgs"; nixos-sbc.url = - # "github:nakato/nixos-sbc" + "github:nakato/nixos-sbc" + # "github:steveej-forks/nakato_nixos-sbc/wifi-workaround" # "github:steveej-forks/nakato_nixos-sbc/kernel-6.9_and_cross-compile" # "github:steveej-forks/nakato_nixos-sbc/kernel-6.10_and_cross-compile" - "github:steveej-forks/nakato_nixos-sbc/wifi-workaround" # "git+file:///home/steveej/src/others/nakato_nixos-sbc/" ; nixos-sbc.inputs.nixpkgs.follows = "nixpkgs"; diff --git a/secrets/router0-dmz0/secrets.yaml b/secrets/router0-dmz0/secrets.yaml index 113f950..8c14dc9 100644 --- a/secrets/router0-dmz0/secrets.yaml +++ b/secrets/router0-dmz0/secrets.yaml @@ -16,37 +16,37 @@ wg1-privatekey: ENC[AES256_GCM,data:Q3zb6oLhBqW+D063S37O2vZD3PSn3yIYWWkOtZwvpmMm wg1-publickey: ENC[AES256_GCM,data:7svFjRVdWBmrUt2qzHSmgBo4HPwJR6I6p3rZg2U+h1uVhQwCnUCH6JATVZs=,iv:xWUKpjmmrf/U8T8XmdL4Ox+aqkftnh8oeORCkhtJoBU=,tag:+k+E13X+EbZxfiq0MoGIEg==,type:str] wg1-peer0-psk: ENC[AES256_GCM,data:egtyccOYD4NAUTunpvVXTJwjtSdJJT8v5O9Wl7NoCKy2eDzrQvrEEK8Zzts=,iv:D7EQkj2Oz2JJIF6slTLq3A4esKN6VfkOA+odHvjSeUE=,tag:z/blOUXX1JOyqtXgMldnlg==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vr69hfmjgkqu47g5hjacet6n2tq4rhwnvdrmfa6n6l7fkqvvafnsaccf8u - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2RTBvZEFjNDRhOUl4Rkd3 - cm5FWHpIUUlMZDl5dStlb3J2eGNndDZNNGh3CnJFcWFSSDlpY1hycWpxN1Z0OVkz - T0hTV20vNnFGQzhNVDNhMlF1d2FMNFEKLS0tIEZaajFqTjk1NjlqcE82eXVDekhL - NUhhK2oxUTAxeGxVSlBkUzdHbUpuaGMKYNvJWkKoNbdrwXHyoih22+aV+6F1yhTl - 9RplfG43PTV6tNJUScthRnCHo0CLNHwF39sb9y2kt7y8fVs2vuPzzg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-26T07:56:29Z" - mac: ENC[AES256_GCM,data:vNe8pUFhcZyeh/T1o1PQGvpQEEV4pEXSqC+Ssi7RXZfHe33hmhJoOyfj1KytJnUAE22BWXzuNQdwMj+mmuUP8bAdgLZPWZjU3g2H7O6NTOUHHBymZSXnMvzzPBlHZDw9GzUkgEdbze/SLzEL6ZjplBIr+DOEDfkC9TsDokie+f4=,iv:HhHJXk+mo6WxKIs41wtCVwxG2j3C+em3dR6fDNnhMn4=,tag:Wzr21Rk7hB7+6zK6XfWbig==,type:str] - pgp: - - created_at: "2024-07-13T14:51:09Z" - enc: |- - -----BEGIN PGP MESSAGE----- + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1qju6ms625tlgcjwc9p447seu2p8gu0cr63e5gv5y0wx9mvgmre9slxzzs0 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRNE9VK05aYlRKcXRBak1h + Sk5GS08zUE93U2VSL2FYTTllS3Fjb2I5R1ZZCjFtL1RZUWVvbzdlcnBCN1NJbE5S + QW9paVFDaldhSVh2eitoaStpZU94T2MKLS0tIHV4ajZFdEl0TjFNNXhhTlFBaGMz + S0Y0WjA5eXovc2pUUzdUY0ZEZVN1dkUKNuvEcQ5lmVUNan4fj0tfwXc3JUfV8opV + KCBiiPEIBRwryWg7CLo7qgFU9nRTnA7Wjjo2vnh9nLLnIjNSmc/ECQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-07-26T07:56:29Z" + mac: ENC[AES256_GCM,data:vNe8pUFhcZyeh/T1o1PQGvpQEEV4pEXSqC+Ssi7RXZfHe33hmhJoOyfj1KytJnUAE22BWXzuNQdwMj+mmuUP8bAdgLZPWZjU3g2H7O6NTOUHHBymZSXnMvzzPBlHZDw9GzUkgEdbze/SLzEL6ZjplBIr+DOEDfkC9TsDokie+f4=,iv:HhHJXk+mo6WxKIs41wtCVwxG2j3C+em3dR6fDNnhMn4=,tag:Wzr21Rk7hB7+6zK6XfWbig==,type:str] + pgp: + - created_at: "2024-12-24T19:36:20Z" + enc: |- + -----BEGIN PGP MESSAGE----- - hQEMA0SHG/zF3227AQf/T6Q1PsQ+qH2gGRrF29Ng9LehcKu2UMjTN3uKCgy7klPm - Pd5qLxQA94GNz/70AL0sOUdc04R7pWWsswBuhNj1semefH/DAMRDfCt9+DpV23Lz - bswCQXWqpDy0CUKULwLoMRbcM5PZcsnRsa5xky07uub7GyZ8m+UFzD1ISzn9bbIQ - Sg5MTIegQC1QDYZLWFpP/kSf1AvZUG3HfMee9tapyMgEaMVW7XAy+C/DrIIEdnAk - 6m/QWD+PyDfJf2RA9URoezpSgi4foCuc1PAX4k8Oq71YRjBZWSrBtVa6sfCvsfdF - cEKvXJk3X2/glYRiQrIfib9QRjewWwOcfEV4R2knZtJeAa8ppOZQAfO0YFAzZPd/ - yIBsHXBG3gXRBUe+dGF3nKaA2mFuktK2GRI78lON0oDrHm2a02n9dwyYG/HnvgNZ - sEc6lNHEV2ERedCeaTfAgCg6kWTWgP1ckkY3IAdHgg== - =nn0o - -----END PGP MESSAGE----- - fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B - unencrypted_suffix: _unencrypted - version: 3.8.1 + hQEMA0SHG/zF3227AQf/RIzNBL+pVy3msNL8iuGdPXywQhS4JPgP9QqiYu8hqTsw + ja/jx8ShJmLjC5i7D8nwwbUyY1DJTSdHcRblcsROgo4DgthdtuprJlSQIPZhaW5Q + Rbo52yT1LkzypUcSQFIDY2QFpPw2zL3ZmPyIwg7YCI3seNQckv93nZQzpLx2Ifad + hLU0+C8tU94z+sgqLq0OVryZb6taQP/h41niFKHZtemnykA03JIbCmyl1HZDEtRJ + 1xSFpAKAtfzdhR5SfrGYtSBj7FysanfSEi4Gxxp7VcfqBVYTHAOsDLFnFCEwr13H + sopUdgCeZdZTBFgzS+AVb0zcHti/YJ9xUNrIKJXwAdJcAS9w3Y4MqcbEdcFp/CD5 + W8w7WZjHm8ly0qm2DgyQmd3040V64mt5cDe7+8YRqu5cZILyKpRGwUx3ES0eJ+g3 + g2P8+l5NEvzTX3ldXHObOUVebLouZrxd6UjWvUo= + =mYf/ + -----END PGP MESSAGE----- + fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/secrets/shared-users.yaml b/secrets/shared-users.yaml index df86def..ea85269 100644 --- a/secrets/shared-users.yaml +++ b/secrets/shared-users.yaml @@ -10,127 +10,118 @@ sharedUsers-radicale: ENC[AES256_GCM,data:Mn1QIwQDX0ZnZ0Jbk1RYY60k+XbbGPYYf+NG3x sharedUsers-elias: ENC[AES256_GCM,data:RsGDCguYkqegKhkO20lr8HjrTABAaNJmDiGK3DhhbX1sOLMweZwDtESvYjCfAOzWpiAaFh0BqevMkuUcEYQTBubSX+X0EZ0dFrdbVxIe7lq7Dosds98SqKLL4zWqe2y2qsphvj+oAz7Utg==,iv:JXIbyqAUt1OcB+bvgK6H2NU6Ip4nWRJ1/Hje75FfHC4=,tag:kPFALVkf1GbRj1J85SZm6Q==,type:str] sharedUsers-justyna: ENC[AES256_GCM,data:BGVp2QppWWaYHK3rwLlyy7SOWxSqKGsn7lemWe0KUzgiQc6D8ivYvXdGaAhJNvhgVTxlK6BZOacG4NESWf5hi7sN8AkwTT/6pa9WzhQQGNnwZIaVulXeddzFlebbh8pAt0WYV82DRejX3Q==,iv:RMysIp0pMnCLhWogWiGq4IpZA43sd0DPj3jeV0oRkY8=,tag:VvXPzyGAoATlSedvV2prJA==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFNEhXWDlsNjFIdXdZQkVa - T3RJeWZQOWgva2lMdHZ2MG54QURQK1ZGQnhzCmwvUWZYaGlIeTQ5WStscXU2Y3NM - am9ybGhkdHE5M25uUXVMNmtRRkZlVTgKLS0tIGovcUZFdnkxdjZDck1TczVOTXND - cUdkdEJ0TFBqUmo3US82M0JIZ2ZwcHcKSbLAajoj/GcQIe2LDSTIKy8Ztuw719hF - UIUsPBI8QsUJcLFYm9S47wm6If82Rmj2h4A0wk7dkPj5onSrdFqyiQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPWW9kd2tUYTkyaEROMjBK - NmZPZ3ZBRVpjL0VOeDNHS0libndFeE9TQ1NNCisrVFhza1JwYWt1VVBmSWd0VlQ5 - cDd2LzUyUllUQjdBMldlRFl0R1NxWXMKLS0tIEVIQ3RsZUJjUXVURHl2VEtaZ0xM - MFkwbU1RTnNPdHk5cW9laDhuNS9Ua1kK2QRHbLlQuQRHpjLBTNUV9qkn0+3J7AgV - H/WJH2cIjJcloRkV/vllLQA6Xd2V6aYPyWKaj0htnlthvCcDFa+6vA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6M08vb2l0Rmo3WFRBZWRQ - b2crK3VQR3ZRNE53VzY5U3JkSFNYNXFyUkFnCmJXVlEzSTRKUVp5Y2U3SUtOa2Vj - RlA5WVZ6b3VhWnpJdXlkOWV3VjBxSkUKLS0tIExxYWZNNXpXdTR6eUszRU5CWWZv - RTE3aytzYmR6dUxWSktXNE5kUnFOQmMKwnk9/LjT5sMyyVyFCfTjwTN8I493tRky - Pj2y8u/M+d4s6llA+k5zEBB2yYE+VPRqF4dz3XwqDDomHJb98YAh5w== - -----END AGE ENCRYPTED FILE----- - - recipient: age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQMnorb0s4NFpTdmkyVUxl - Q1ZHRi9QWktTTW5xaWYzUnQrUmNzMXZPemxBCnFVZ2lWeUpPd2hlTjJ0VmJNaWFQ - UFdGTHFxQjVZRGlwTjZ5TURPVzF0RGcKLS0tIGVmZExBMWhmV0RhRDVUNXJyUjUz - L2FsWUhGQWlNSUlJVnNLYkdqakhCbmsKAtnEPfI2fPjRPimEVI7yX4VrYzHvNfnS - juJbqMO6cy544O/5r2mkgUgo7VmUtFHmyrUFgmtpx3Hu22fdGmX4vQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRdXFTUFNhZlptSWMvdndq - aisyNFJ0WjIxa2dYYkptS2FwcGRTTktZNUJBCk1ZWC9sbDYwQUxaQVdqeTE3R1VY - NUZSMjlrRW5USGZBaENGdDJSM0prUlUKLS0tIHBXc1dNYXZkL1NBMThrMkJnSTl1 - cUR3dUZKV1FTK2dKK1FTZndtOW9Ed1kKStJ6/ER1SAGrBGJN4gXjTY0otsRoT9jN - 6sMeD82p4Y3OUOz6QhtzLquwa5pV23TVP0CG4ilK8xPX4K/JklNQmg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1vr69hfmjgkqu47g5hjacet6n2tq4rhwnvdrmfa6n6l7fkqvvafnsaccf8u - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4TDJ0VjJGV1RyVmdjSlly - OEpNbCtxN3dBR1dMYms4Q3U4cW1RU0VWRmswCkpORVRHMmpYRUhsaHVCQ1d3Mmhh - TkY2TFdiWnVieENPeXk2R3oxclJtUzAKLS0tIDFEZFBKUUx4OHgycWozRVBkeWFs - YUpBRWU1Mzg0YlVGb3BXUzQ5Q0MxZk0K8SXgkE0Ixo16alXjSE+ILnE/ZoOWyYVL - +u4LvOur6brdVyvkm8tQjkfzFBwUYMJesgLO5Ws3NBj7dAg/ec1kDg== - -----END AGE ENCRYPTED FILE----- - - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYV2tnZVBMeHhjVTFoYm9E - V3l2dWhvYlRDQzNnS0RKc0g4L1R5WDZzcDNBCjN6RXhHMzhzOG1BSWgwcWNqa2dO - WTdwSVRXbkhVbjI0R1lrY1Zhbk1qSmsKLS0tIGpVaXd6czI5S3VYTTdqNVhGbjB3 - cVZFdXFqVGtwSURSRENzSWhtSnZQaW8KIn14YKiCs3JupsvbY7NAzc2zMoGS0BM9 - Vp0dPXlEL9iT5H96jpn/W1ODRqbjmIOs4vCmmb2etvytSnoLNqgx8w== - -----END AGE ENCRYPTED FILE----- - - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCampiMk9BNGVVWUhRdVAy - aW5Db1BYV1FWMCtmRkhiLzZDWWIyckdTaVFnCktPaXppVk9telNGV00yRGJkeFRE - MkU3R1dtd0ZBWE9IUzEvbGlmWkpXeEEKLS0tIEpDWjk3WVZ4c2RIbVdscTZiSUV0 - RDNsSE1CREhpeG5lM2pPRmhkL1NxdjQK6YQBGQT2LscB4+J3y8zUg+eX67CAfDZ/ - zfi7D4W8z3vJZ49329gc5bmjjvYpauWdo/WDsgRYZbvQMil3ug/7dA== - -----END AGE ENCRYPTED FILE----- - - recipient: age10xwq7a4y256yhv02j0u80te0vt4krgfjc68r0uw07t96z7ggmpwqtv38a0 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZjFUL2pxSkNrRjRhb3RE - dVRqbWJrbXd6Sk8yOHEyN0tKQ3hSNnlROEN3Cm44VkxJMDB0Y2daZm5CWEl2TDJL - cUZjRUtYOFlBRUhMMkRBWWk5a05zV00KLS0tIEJySHY5UGJMSjJVMmxMSWp1UlMr - TnhhNERwaGN3TC95S04ybVhoVWM0N1kK9vAj3s57u+3dWVpAb1ttJUZ8hzFmqgWg - yUHXwwfRphdlNr+53kCbZ8XxT9+doeB1nvlrn/9s0J90Alqv6k/vDQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvSHdiQlFDdHJoQVFwSDNN - UUwxMkJ0cmFPcWZrUlNOUHZvd29hY3dVVEM4CitzRVMyWHhiV2wvaGlwRmczTkRr - YXhqS2JjWWc0QlRQUkVoQ05BMkNpZXcKLS0tIGJwTW1IQmg4T0FYRTJ3UWhzV0l5 - TTBrMnBkZ3JGZ0FVakNTR3A5VzNCd28K3CFTudi0ac6MNFdnr0AASIghZGuGdt+i - owcUnRFuJg87RPgSsAWvh1mRMHyBTUEBBop62Lp44H8hLcTXwVRwFg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwL0JNbmNFUEF0VGlWNk5N - SnRNNStpSDcyQ0N4Qy9UNGtlaXc0YS91dVFNCkhZcEY0L1FvaVl1dHdDamEyVE9r - amJaZUxYQ2tqa0pwVHdHZ2RXTFBGSXcKLS0tIFBSTm5pZ1BFMWhpNUl1M3VuSGli - T1drTFFKUFR2MVVtNGhqYmFCQVduWkUKOLhOpIBiYaOZ7JR1X3WYVUq7IESdu2pw - bAsmmjFymFcLvlm2IdFxb1xEh3hj1c6TdzeKkU1dnUSe8N4wnCQJpg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-16T19:17:41Z" - mac: ENC[AES256_GCM,data:WWOWqwrUtpJWY7o7M6Aac7B9O6tw91yNiL74Fg0TKq4OH/0TGHI7YJK4c9swXs95jctFvFL9qQPTNEENgnqhJyZJGuc2qTsSaKERsSReaV4gURNEm2J2R52EQkyZXRbrn0oSoDazORqRXQo1KvULV75fyIPtsE1OcU/1/TPkWHY=,iv:XwyR6rM+0eTmKg4+vpQx26iKgKm0NL6siKxLoF3MufM=,tag:ks777fUl7uUgn7W48zBoMg==,type:str] - pgp: - - created_at: "2024-07-13T14:51:09Z" - enc: |- - -----BEGIN PGP MESSAGE----- + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6T2hmV3BOU0M1MTloWktK + YTRXS3lTcERncjNpaFlhRlljNWlJQURmdW1FCmQzNEFFZ2VxTmdmZ21idzZEUHVZ + clFMZU1tTG9kWkNFVzdXK0NYQjVMMnMKLS0tIHVwRzlpR2VwcXlCdUxUbTN4YWcy + Y3dqOXlTeDZRU3YycUtqTXpKcWt4bk0KT71rTNU/kZci9u3NahgR3/fL6IHHxVdu + unIWav0e6cZVQXKw29Pji966zuB5Rv0vb+5LAYsXzC0E6vtiC7kwzA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxM0NiZ1RIekpsY2pDVEh0 + MldzL0Zna045QVY5TnAwYU1rTitQMkxOZ1M4Ck80a2dnTlFxYkZyKzE3emFTa29R + THNTblJuU1g0Zlg1RlhMV0JsY3ZpR0UKLS0tIGhLWFZOcS9za0Riak9QUVZ1dGhZ + SnVNUTJFWnVHTDZKZzFBME5ZZzFBWE0K6jMchwT9eJOqyBhSiyg0XS69KxWc2Xx1 + SJS0acLF+Lcrw0xEr856846P/bH+l/SY4Ii7Mv0b38GOb5KPGra3cA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBENVQ5MHZ3VXBMbUdBTHFN + Z09QTDdyWFpHUG9LWGdqZXhBRm90ZnBsNFhJClJpaTFCaSt6Q0E1UlR0WEljWjVv + UE1LUDZ1by9zYmhibGJHRGpKT2RhbzQKLS0tIEhKYTlTcmw2NDBDVGluc1N0Y2Rl + d2dsU0ZnMFVlYnJtai9UWDJROG9JTWcKeCVOvRWUJutoFOhDLni2CpgKUUvxTFUS + NNozeDy27P+ZZFDHxBGPoJhJmAKt7Vs4FpdAYJM1xeZWd4BgakdUZw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIMWxSQ3ovamNoaFovcDRi + NGVRRGNZZDJoVWdhMDBhRU9VZHNzMUkzV1RFCjgzQ1FDdSsyMWYrZC9iZXBDa1NJ + dThoNms4aW5iQVBzK21URXkrQjFQR3cKLS0tIDFmR2o4OEpxZnJheGJTWHRMNDBV + djkrN0xTR25zeEVjYnpMbllZRHcySGsKvPzezvh4MF5TvrqEAg5z/nDRw8iviIx0 + wcnO7RQZGSZ71Cv0T11dIpAixUE90l5b6xHKdaeS8vtYFTKdw8FjKg== + -----END AGE ENCRYPTED FILE----- + - recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5ZW9HdjNSTE5xWlVWY01R + bXAyWVZhcjlkbFVneXhaVnZOQkQ5amszeDJJCjVWa3lLSWhBUDYyd1N1QlZ3T2Fs + QkN2MDViUGwyV0w4NGJiZHhaQ0VjcW8KLS0tIFNkZnNJbXpFOVZsdjREbWFwQ1RB + RTVML1czWWk1QkYzMlVwOWVXNVRwancKKngA02rNH1ZN2jvJ4QZcN07djYzzqoPo + OFeFoOHOKNz3Obwlxv6eW1bd0AP/MT7VR+cTDdaAxwNf8I1gEC9bjw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1qju6ms625tlgcjwc9p447seu2p8gu0cr63e5gv5y0wx9mvgmre9slxzzs0 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkdG5NWlVURFA0TDhWak5u + R0tmR3JiMThtNnpqM05yQWZTdVAxZTQ4TEcwCndjSlYvMTg1NlRvSHhmdmNMRzhS + MjgwMU5ZcnVnWVplY1lOc1JQNFkxMDQKLS0tIHhHenE2SmdFcC95ampNbmdOSDJX + ZnJLR0RKZ3FrOUxRSU11dlh5ZzBidmcK7PsJYwMJpv9YoaYiN+U20HA2opK2IUnF + elU57b01ZOZM5nfpnyZBdqZO6VRDAZC2h81z+BCNXUQus4SSNQi0aw== + -----END AGE ENCRYPTED FILE----- + - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2bzBRSi9qOEsxR0Z4RTNt + U0VKT0o3b3I0dXJxSHRSVnFiR3BWOUNTR2ljCmlHWWZnTGJKeWNhTWxKaEVrbWdG + M2twejZqaFU2RU8wemVxWHlpQVJYZWcKLS0tIDA5Y1Q0RWJvbUlGUHpKN1BIMGM2 + cGU2bXpEaVNRcko4TVlBMG9KdnJibjQK86rJ3S+JQhD8+gCkr748z1oVy55ukOMv + c408QBFGToOuzvaRbOIb8lhci4ImuSJJE7TZUzgYsADEAaeudDKVtw== + -----END AGE ENCRYPTED FILE----- + - recipient: age10xwq7a4y256yhv02j0u80te0vt4krgfjc68r0uw07t96z7ggmpwqtv38a0 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5WHJjQThud1IzSHk2Z0Zn + L2NybEJyMVdoRWszb0lZTlcyN1ppa1BOSmdzCitZa2thNkJyWWxKU0IxdnhrVXNI + Q2dXL1BST1hzMy9PZWpVcU1lckcvdVkKLS0tIDd1VXBGRmdkdnV6UHdzbU1UMjVB + WjB5akxEeUd2eS95ZnZHSUFXSmNXWncK3VXZqfKo8jat4gbn/5YSL/cV5qILqV5b + E/OBRFStWmfhuCZJzCDhU9a0QJocW+UkkI4XRzDDaN66gEmZe+u7mA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2cE5lLy9ZNXdXb0owcnZk + S0JRSkc4Q2p4bGxPSG14VjlKZ3NMMUpEd2drClBGU0FyaGJ1WCtHVHRzYTFqRXpz + VWJvTlBEcXg4TVVLZzV4djE2bUhIRVEKLS0tICtSTCtNS2dON0pIMHNzWmE5Q253 + c3loYWpFd0h6N3FpdkdpZGdHZjU0aE0K2zsQNBl1jdhLWf1PeGVo+deCc6BwnTo4 + tUg59pWQ5BvwMQx0kjhEoa29S1QUU4Or4erPPoHS5teK4Llv0s2gRQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUNHNvaU5sUDEvd3JGWUFa + VjZDbm9VMXpjQWhCYTRxbUlEREErT0tDUXpRCnN4YXhVVW8zTi9ZZmVUYWwwRHhH + dXd0dnB5WE9sTDZ2R3d4MlFiWlFZcmsKLS0tIENJSTNvNWV3SlVwRk15RDRpNllQ + YmZuei9iVFMvcytqS3podTZZb2g3S0kK+qGQ8LkLO6v8T718dyD5j5CTC+UwBaCn + 9dxkh9MWkKknRL89MHbV9gVG/StiOa+USGqulXEGbapiZ9q1JYCa7A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-16T19:17:41Z" + mac: ENC[AES256_GCM,data:WWOWqwrUtpJWY7o7M6Aac7B9O6tw91yNiL74Fg0TKq4OH/0TGHI7YJK4c9swXs95jctFvFL9qQPTNEENgnqhJyZJGuc2qTsSaKERsSReaV4gURNEm2J2R52EQkyZXRbrn0oSoDazORqRXQo1KvULV75fyIPtsE1OcU/1/TPkWHY=,iv:XwyR6rM+0eTmKg4+vpQx26iKgKm0NL6siKxLoF3MufM=,tag:ks777fUl7uUgn7W48zBoMg==,type:str] + pgp: + - created_at: "2024-12-24T19:36:21Z" + enc: |- + -----BEGIN PGP MESSAGE----- - hQEMA0SHG/zF3227AQgA1FWn6ZQmFi4IRZJtOShKpjdHEPGbD2s8PHD3pYv8edkQ - NnAi/vJimCsTHCLUpzW23jF+CIbUet7s8BWhETAcX+UGp29YbYaaqM2R//FISEQX - JcGGMAnsD0oOX69CCZiKaV0/jLUTU/Aiy+nVgKtMCdWrH54lGd4gKcl0uLRTVz6v - VSaS/zvSK8cxz6il6L37evBw+cC378THiUGkSjJhiAaWVO3oyDW+cTjDodcMC4dU - kk9VPkdGie7vHMuZduADtKkHLHrQRfNLl8SVH0oXko/PJVyNgHar0JoZbRfXoPt6 - xUsAUqSz7XFHDB153FAvJpBMW+JtuzOI9b6w4a4ZadJcAf2f/Lj5Ud9WLEumZ9ig - 75b5Phh6HwqnXiaz+gEvQyfcsHzQjWasIiN/JN27UZ9k6IJQ3LYwqYIY2k8Q3wZ7 - IgSFqNlqLyDlI8FPGIlOKU8iqOlNKKziyhFYgNY= - =Ayke - -----END PGP MESSAGE----- - fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B - unencrypted_suffix: _unencrypted - version: 3.8.1 + hQEMA0SHG/zF3227AQgAqL1QC5kKDaMVQQp9Lboe3krFMW6MxBjilO3BvGYoXHKu + kKP4hJomuF8wqkKzwsXZihIoXmc767/lKG7AIIMnMJjShGgIjSU668l0guuxlGdT + r58W+JvA1Hu6LadQ6iPS5dVJgW0MJj5YGG0+EPljHVjFIXOKJff+09jBv2648kDh + SuuDVwFueX88qgKLnGNw/JWsmG6TRb8WPpbtK0zd30Y/guTRdx57+W4GcLz6zs98 + kkU/VwAKy8ghkXlDyG/TBWipgj+xPGvOIRYiddZc6FBE14e5Miyuw4vgtLaYIWpS + aDB0BUbjmCaiVyZ3PF8nzJcUj3thAepkGyGIgPAgCNJcAW0hIzLoYdU9Dt5kxmGf + tCH3/l3nOuqFZ2EFe6xlBuYEfkjCDLMnDD6W4gvJTkOjfYDWuF0TldyfXeGken+J + BYeYA3OGTslhrVlXSPQeY1OqITnbqbPgwLkd7D0= + =Nc6x + -----END PGP MESSAGE----- + fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B + unencrypted_suffix: _unencrypted + version: 3.8.1 From 1cd51edc366a238befc684273c412f7ec195f4ee Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 30 Dec 2024 08:46:28 +0100 Subject: [PATCH 243/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 872a45a..a50936c 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -44,11 +44,11 @@ ] }, "locked": { - "lastModified": 1734701201, - "narHash": "sha256-hk0roBX10j/hospoWIJIJj3i2skd7Oml6yKQBx7mTFk=", + "lastModified": 1735468753, + "narHash": "sha256-2dt1nOe9zf9pDkf5Kn7FUFyPRo581s0n90jxYXJ94l0=", "owner": "nix-community", "repo": "disko", - "rev": "2ee76c861af3b895b3b104bae04777b61397485b", + "rev": "84a5b93637cc16cbfcc61b6e1684d626df61eb21", "type": "github" }, "original": { @@ -164,11 +164,11 @@ ] }, "locked": { - "lastModified": 1734992499, - "narHash": "sha256-f9UyHMTb+BwF6RDZ8eO9HOkSlKeeSPBlcYhMmV1UNIk=", + "lastModified": 1735381016, + "narHash": "sha256-CyCZFhMUkuYbSD6bxB/r43EdmDE7hYeZZPTCv0GudO4=", "owner": "nix-community", "repo": "home-manager", - "rev": "f1b1786ea77739dcd181b920d430e30fb1608b8a", + "rev": "10e99c43cdf4a0713b4e81d90691d22c6a58bdf2", "type": "github" }, "original": { @@ -206,11 +206,11 @@ ] }, "locked": { - "lastModified": 1734517344, - "narHash": "sha256-TlYqTCs3CxHsq7JTIeQwWpz86MYqYjXdGzNavt4hPm8=", + "lastModified": 1735206569, + "narHash": "sha256-U6iAzHxCpqT4x3zUfA9keoe8Gw0iy7INJS8Wt3fSPF4=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "74719ba7cacb96e2d9251ce57760474e6973a14e", + "rev": "78dcb1a8f2808bcc23f11ac7123a837eda3f6369", "type": "github" }, "original": { @@ -308,11 +308,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1734875076, - "narHash": "sha256-Pzyb+YNG5u3zP79zoi8HXYMs15Q5dfjDgwCdUI5B0nY=", + "lastModified": 1735412871, + "narHash": "sha256-Qoz0ow6jDGUIBHxduc7Y1cjYFS71tvEGJV5Src/mj98=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1807c2b91223227ad5599d7067a61665c52d1295", + "rev": "9f94733f93e4fe6e82f516efae007096e4ab5a21", "type": "github" }, "original": { From 005ab4edf716289b72f533e4d3da5d45a1458440 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 3 Jan 2025 20:52:33 +0100 Subject: [PATCH 244/305] feat(vscodium): add json5 extension --- nix/home-manager/programs/vscode/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nix/home-manager/programs/vscode/default.nix b/nix/home-manager/programs/vscode/default.nix index 0ffd528..c86f824 100644 --- a/nix/home-manager/programs/vscode/default.nix +++ b/nix/home-manager/programs/vscode/default.nix @@ -53,6 +53,8 @@ in golang.go jeff-hykin.better-go-syntax + + blueglassblock.better-json5 ] ) ++ ( From b88c5e044081f0fcba2a9ea5cbf23e6ae47b246d Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 7 Jan 2025 17:58:42 +0100 Subject: [PATCH 245/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index a50936c..397cafd 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -44,11 +44,11 @@ ] }, "locked": { - "lastModified": 1735468753, - "narHash": "sha256-2dt1nOe9zf9pDkf5Kn7FUFyPRo581s0n90jxYXJ94l0=", + "lastModified": 1736199437, + "narHash": "sha256-TdU0a/x8048rbbJmkKWzSY1CtsbbGKNkIJcMdr8Zf4Q=", "owner": "nix-community", "repo": "disko", - "rev": "84a5b93637cc16cbfcc61b6e1684d626df61eb21", + "rev": "49f8aa791f81ff2402039b3efe0c35b9386c4bcf", "type": "github" }, "original": { @@ -164,11 +164,11 @@ ] }, "locked": { - "lastModified": 1735381016, - "narHash": "sha256-CyCZFhMUkuYbSD6bxB/r43EdmDE7hYeZZPTCv0GudO4=", + "lastModified": 1736204492, + "narHash": "sha256-CoBPRgkUex9Iz6qGSzi/BFVUQjndB0PmME2B6eEyeCs=", "owner": "nix-community", "repo": "home-manager", - "rev": "10e99c43cdf4a0713b4e81d90691d22c6a58bdf2", + "rev": "20665c6efa83d71020c8730f26706258ba5c6b2a", "type": "github" }, "original": { @@ -308,11 +308,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1735412871, - "narHash": "sha256-Qoz0ow6jDGUIBHxduc7Y1cjYFS71tvEGJV5Src/mj98=", + "lastModified": 1736061677, + "narHash": "sha256-DjkQPnkAfd7eB522PwnkGhOMuT9QVCZspDpJJYyOj60=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9f94733f93e4fe6e82f516efae007096e4ab5a21", + "rev": "cbd8ec4de4469333c82ff40d057350c30e9f7d36", "type": "github" }, "original": { From ff582afe4ab4c7fa5baf0f34b9fe5cd2af3746b8 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 8 Jan 2025 01:14:05 +0100 Subject: [PATCH 246/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 397cafd..290f558 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -324,11 +324,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1733759999, - "narHash": "sha256-463SNPWmz46iLzJKRzO3Q2b0Aurff3U1n0nYItxq7jU=", + "lastModified": 1736274150, + "narHash": "sha256-kucNsE9V9/jTQ3QsTP2+UeIHvmYOomBR0+ecjVSSUfA=", "owner": "steveej-forks", "repo": "nixpkgs", - "rev": "a73246e2eef4c6ed172979932bc80e1404ba2d56", + "rev": "d8de481c687c467d22ed7b0b398240f806f2c4b9", "type": "github" }, "original": { From baa0ea64e38b4848a9a675820f11f121d0c4f975 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 16 Jan 2025 12:24:07 +0100 Subject: [PATCH 247/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 34 +++++++++++++------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 290f558..a27a6c8 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -44,11 +44,11 @@ ] }, "locked": { - "lastModified": 1736199437, - "narHash": "sha256-TdU0a/x8048rbbJmkKWzSY1CtsbbGKNkIJcMdr8Zf4Q=", + "lastModified": 1736711425, + "narHash": "sha256-8hKhPQuMtXfJi+4lPvw3FBk/zSJVHeb726Zo0uF1PP8=", "owner": "nix-community", "repo": "disko", - "rev": "49f8aa791f81ff2402039b3efe0c35b9386c4bcf", + "rev": "f720e64ec37fa16ebba6354eadf310f81555cc07", "type": "github" }, "original": { @@ -164,11 +164,11 @@ ] }, "locked": { - "lastModified": 1736204492, - "narHash": "sha256-CoBPRgkUex9Iz6qGSzi/BFVUQjndB0PmME2B6eEyeCs=", + "lastModified": 1736785676, + "narHash": "sha256-TY0jUwR3EW0fnS0X5wXMAVy6h4Z7Y6a3m+Yq++C9AyE=", "owner": "nix-community", "repo": "home-manager", - "rev": "20665c6efa83d71020c8730f26706258ba5c6b2a", + "rev": "fc52a210b60f2f52c74eac41a8647c1573d2071d", "type": "github" }, "original": { @@ -181,16 +181,16 @@ "linux-jhovold": { "flake": false, "locked": { - "lastModified": 1734949573, - "narHash": "sha256-m1O1PLTDYrpt62+aj850I/xBLKbAulx+JlXj99KWjfw=", + "lastModified": 1736759316, + "narHash": "sha256-cNqR3H797YcCsHutwNGdV+u6T0AUh17TGev/LCqNCy8=", "owner": "jhovold", "repo": "linux", - "rev": "2f0b291243ef93a37f93608d373e21a322af41a2", + "rev": "1ca98ace316a107b488b33959ce012b5875edbef", "type": "github" }, "original": { "owner": "jhovold", - "ref": "wip/sc8280xp-6.13-rc4", + "ref": "wip/sc8280xp-6.13-rc7", "repo": "linux", "type": "github" } @@ -264,11 +264,11 @@ "x13s-bt-linux-firmware": "x13s-bt-linux-firmware" }, "locked": { - "lastModified": 1734962407, - "narHash": "sha256-UjVcYBzg0WJh8cGH67JYZRm5BFPemQFGkEUFPJh0SXc=", + "lastModified": 1737021191, + "narHash": "sha256-w4B4UHtCH3+gX8qTl2m6RURCB7OyKjSy1SMr/Q4aB0w=", "ref": "bump", - "rev": "5583f444c6abb38ca88cf2046bb792bea01a5496", - "revCount": 132, + "rev": "00a940407a7ccc144d887e25c7568c1573c488ce", + "revCount": 134, "type": "git", "url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git" }, @@ -308,11 +308,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1736061677, - "narHash": "sha256-DjkQPnkAfd7eB522PwnkGhOMuT9QVCZspDpJJYyOj60=", + "lastModified": 1736916166, + "narHash": "sha256-puPDoVKxkuNmYIGMpMQiK8bEjaACcCksolsG36gdaNQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "cbd8ec4de4469333c82ff40d057350c30e9f7d36", + "rev": "e24b4c09e963677b1beea49d411cd315a024ad3a", "type": "github" }, "original": { From 7f0252ea8f891f381ee4051ba2e2d807080093c4 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 18 Jan 2025 21:59:12 +0100 Subject: [PATCH 248/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 22 +++++++++++----------- nix/os/devices/steveej-x13s/flake.nix | 3 ++- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index a27a6c8..91c87e3 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -44,11 +44,11 @@ ] }, "locked": { - "lastModified": 1736711425, - "narHash": "sha256-8hKhPQuMtXfJi+4lPvw3FBk/zSJVHeb726Zo0uF1PP8=", + "lastModified": 1737038063, + "narHash": "sha256-rMEuiK69MDhjz1JgbaeQ9mBDXMJ2/P8vmOYRbFndXsk=", "owner": "nix-community", "repo": "disko", - "rev": "f720e64ec37fa16ebba6354eadf310f81555cc07", + "rev": "bf0abfde48f469c256f2b0f481c6281ff04a5db2", "type": "github" }, "original": { @@ -164,15 +164,15 @@ ] }, "locked": { - "lastModified": 1736785676, - "narHash": "sha256-TY0jUwR3EW0fnS0X5wXMAVy6h4Z7Y6a3m+Yq++C9AyE=", - "owner": "nix-community", + "lastModified": 1737233786, + "narHash": "sha256-WO6owkCecetn7bbu/ofy8aftO3rPCHUeq5GlVLsfS4M=", + "owner": "steveej-forks", "repo": "home-manager", - "rev": "fc52a210b60f2f52c74eac41a8647c1573d2071d", + "rev": "40ecdf4fc8bb698b8cbdb2ddb0ed5b1868e43c1a", "type": "github" }, "original": { - "owner": "nix-community", + "owner": "steveej-forks", "ref": "master", "repo": "home-manager", "type": "github" @@ -308,11 +308,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1736916166, - "narHash": "sha256-puPDoVKxkuNmYIGMpMQiK8bEjaACcCksolsG36gdaNQ=", + "lastModified": 1737165118, + "narHash": "sha256-s40Kk/OulP3J/1JvC3VT16U4r/Xw6Qdi7SRw3LYkPWs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e24b4c09e963677b1beea49d411cd315a024ad3a", + "rev": "6a3ae7a5a12fb8cac2d59d7df7cbd95f9b2f0566", "type": "github" }, "original": { diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 80084ee..eb90b4f 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -9,7 +9,8 @@ disko.inputs.nixpkgs.follows = "nixpkgs"; home-manager = { - url = "github:nix-community/home-manager/master"; + url = "github:steveej-forks/home-manager/master"; + # url = "github:nix-community/home-manager/master"; # url = "github:nix-community/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; }; From 56fc1bda1af851119494b813e424425929d9c21d Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 19 Jan 2025 23:37:18 +0100 Subject: [PATCH 249/305] x13s: tweak audio --- nix/home-manager/profiles/wayland-desktop.nix | 10 +++++++--- nix/os/devices/steveej-x13s/configuration.nix | 6 +++--- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/nix/home-manager/profiles/wayland-desktop.nix b/nix/home-manager/profiles/wayland-desktop.nix index 4f8fc22..2f0d2ee 100644 --- a/nix/home-manager/profiles/wayland-desktop.nix +++ b/nix/home-manager/profiles/wayland-desktop.nix @@ -47,14 +47,18 @@ in # TODO: whwat's this for? # wltype - pavucontrol - playerctl - pasystray qt5.qtwayland qt6.qtwayland # libsForQt5.qt5.qtwayland # libsForQt6.qt6.qtwayland + # audio + playerctl + helvum + pasystray + sonusmix + pwvucontrol + # probably required by flameshot # xdg-desktop-portal xdg-desktop-portal-wlr # grim diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 25ed3a8..649472f 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -227,9 +227,9 @@ loader.efi.efiSysMountPoint = "/boot"; blacklistedKernelModules = [ "wwan" - "qcom_soundwire" - "snd_soc_qcom_sdw" - "snd_soc_sc8280xp" + # "qcom_soundwire" + # "snd_soc_qcom_sdw" + # "snd_soc_sc8280xp" ]; }; From eb99d0526c1d5c966ecdaf8a7d954f442fc28375 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 19 Jan 2025 23:38:55 +0100 Subject: [PATCH 250/305] firefox: add profiles with extensions --- flake.lock | 67 +++- flake.nix | 5 + nix/home-manager/programs/firefox.nix | 344 +++++++++++++++++- nix/os/devices/steveej-x13s/configuration.nix | 1 - 4 files changed, 413 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 7a82d26..e1a2e8f 100644 --- a/flake.lock +++ b/flake.lock @@ -280,6 +280,27 @@ "type": "github" } }, + "flake-parts_5": { + "inputs": { + "nixpkgs-lib": [ + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1659877975, @@ -1157,6 +1178,28 @@ "type": "github" } }, + "nur": { + "inputs": { + "flake-parts": "flake-parts_5", + "nixpkgs": [ + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix_4" + }, + "locked": { + "lastModified": 1737225765, + "narHash": "sha256-wyJcROV/d6POpZRlfk79EWsRHZH0iP6aC5uhmM1cH98=", + "owner": "nix-community", + "repo": "NUR", + "rev": "7c2500d3cc3a1d4f51493ba208721ea7c2a4380f", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, "nuschtosSearch": { "inputs": { "flake-utils": "flake-utils_9", @@ -1259,6 +1302,7 @@ "nixpkgs-vscodium": "nixpkgs-vscodium", "nixpkgs-wayland": "nixpkgs-wayland", "nixvim": "nixvim", + "nur": "nur", "ofi-pass": "ofi-pass", "openvscode-server": "openvscode-server", "prs": "prs", @@ -1268,7 +1312,7 @@ "rperf": "rperf", "sops-nix": "sops-nix", "srvos": "srvos", - "treefmt-nix": "treefmt-nix_4", + "treefmt-nix": "treefmt-nix_5", "yofi": "yofi" } }, @@ -1519,6 +1563,27 @@ } }, "treefmt-nix_4": { + "inputs": { + "nixpkgs": [ + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733222881, + "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "49717b5af6f80172275d47a418c9719a31a78b53", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_5": { "inputs": { "nixpkgs": [ "nixpkgs" diff --git a/flake.nix b/flake.nix index 02c982c..de419fc 100644 --- a/flake.nix +++ b/flake.nix @@ -106,6 +106,11 @@ url = "github:jmgilman/nixago"; inputs.nixpkgs.follows = "nixpkgs"; }; + + nur = { + url = "github:nix-community/NUR"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = diff --git a/nix/home-manager/programs/firefox.nix b/nix/home-manager/programs/firefox.nix index d07f3aa..170c89c 100644 --- a/nix/home-manager/programs/firefox.nix +++ b/nix/home-manager/programs/firefox.nix @@ -1,4 +1,274 @@ -{ pkgs, ... }: +{ + repoFlake, + pkgs, + config, + lib, + ... +}: +let + # Search extension names with below command: + # nix flake show --json "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons" --all-systems | jq -r '.packages."x86_64-linux" | keys[]' | rg QUERY + ryceeAddons = with repoFlake.inputs.nur.legacyPackages.${pkgs.system}.repos.rycee.firefox-addons; [ + ublock-origin + + # bypass-paywalls-clean (can't use, was creating popups) + consent-o-matic + terms-of-service-didnt-read + + auto-tab-discard + + # redirector # For nixos wiki + darkreader + + facebook-container + control-panel-for-twitter + # containerise + facebook-tracking-removal + vimium + cookie-autodelete + auto-tab-discard + ]; + + customAddons = [ + + ]; + + search = { + force = true; + default = "DuckDuckGo"; + privateDefault = "DuckDuckGo"; + }; + + mkProfile = + override: + lib.recursiveUpdate { + extensions = ryceeAddons ++ customAddons; + inherit search; + + settings = { + # automatically enable extensions + "extensions.autoDisableScopes" = 0; + + "middlemouse.paste" = false; + + "browser.download.useDownloadDir" = false; + "browser.tabs.insertAfterCurrent" = true; + "browser.tabs.warnOnClose" = true; + "browser.toolbars.bookmarks.visibility" = "never"; + "browser.quitShortcut.disabled" = false; + + # restore the previous session automatically + "browser.startup.page" = 3; + "browser.sessionstore.resume_from_crash" = true; + "browser.sessionstore.restore_pinned_tabs_on_demand" = true; + "browser.sessionstore.restore_on_demand" = true; + + "browser.urlbar.suggest.bookmark" = true; + "browser.urlbar.suggest.engines" = true; + "browser.urlbar.suggest.history" = true; + "browser.urlbar.suggest.openpage" = true; + "browser.urlbar.suggest.topsites" = false; + "browser.urlbar.trimHttps" = true; + + "sidebar.position_start" = false; + "findbar.highlightAll" = true; + + "browser.tabs.hoverPreview.enabled" = true; + + # Disable fx accounts + "identity.fxaccounts.enabled" = false; + # Disable "save password" prompt + "signon.rememberSignons" = false; + # Harden + "privacy.trackingprotection.enabled" = true; + "dom.security.https_only_mode" = true; + + # Disable irritating first-run stuff + "browser.disableResetPrompt" = true; + "browser.download.panel.shown" = true; + "browser.feeds.showFirstRunUI" = false; + "browser.messaging-system.whatsNewPanel.enabled" = false; + "browser.rights.3.shown" = true; + "browser.shell.checkDefaultBrowser" = false; + "browser.shell.defaultBrowserCheckCount" = 1; + "browser.startup.homepage_override.mstone" = "ignore"; + "browser.uitour.enabled" = false; + "startup.homepage_override_url" = ""; + "trailhead.firstrun.didSeeAboutWelcome" = true; + "browser.bookmarks.restore_default_bookmarks" = false; + "browser.bookmarks.addedImportButton" = true; + + # Disable "Save to Pocket" or Pocket entirely + "extensions.pocket.enabled" = false; + + # Disable telemetry + "toolkit.telemetry.enabled" = false; + "toolkit.telemetry.unified" = false; + "toolkit.telemetry.archive.enabled" = false; + "datareporting.healthreport.uploadEnabled" = false; + "app.shield.optoutstudies.enabled" = false; + "browser.discovery.enabled" = false; + "browser.newtabpage.activity-stream.feeds.telemetry" = false; + "browser.newtabpage.activity-stream.telemetry" = false; + "browser.ping-centre.telemetry" = false; + "datareporting.healthreport.service.enabled" = false; + "datareporting.policy.dataSubmissionEnabled" = false; + "datareporting.sessions.current.clean" = true; + "devtools.onboarding.telemetry.logged" = false; + "toolkit.telemetry.bhrPing.enabled" = false; + "toolkit.telemetry.firstShutdownPing.enabled" = false; + "toolkit.telemetry.hybridContent.enabled" = false; + "toolkit.telemetry.newProfilePing.enabled" = false; + "toolkit.telemetry.prompted" = 2; + "toolkit.telemetry.rejected" = true; + "toolkit.telemetry.reportingpolicy.firstRun" = false; + "toolkit.telemetry.server" = ""; + "toolkit.telemetry.shutdownPingSender.enabled" = false; + "toolkit.telemetry.unifiedIsOptIn" = false; + "toolkit.telemetry.updatePing.enabled" = false; + + # Disable any feeds on the new tab page + "browser.newtabpage.activity-stream.showTopSites" = false; + "browser.newtabpage.activity-stream.default.sites" = lib.mkForce [ ]; + "browser.newtabpage.activity-stream.discoverystream.enabled" = false; + "browser.newtabpage.activity-stream.feeds.topsites" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; + "browser.newtabpage.blocked" = lib.genAttrs [ + # Youtube + "26UbzFJ7qT9/4DhodHKA1Q==" + # Facebook + "4gPpjkxgZzXPVtuEoAL9Ig==" + # Wikipedia + "eV8/WsSLxHadrTL1gAxhug==" + # Reddit + "gLv0ja2RYVgxKdp0I5qwvA==" + # Amazon + "K00ILysCaEq8+bEqV/3nuw==" + # Twitter + "T9nJot5PurhJSy8n038xGA==" + ] (_: 1); + "browser.topsites.blockedSponsors" = [ + "adidas" + "temuaffiliateprogram.pxf" + "s.click.aliexpress" + ]; + + # enable userChrome + "toolkit.legacyUserProfileCustomizations.stylesheets" = true; + }; + + userChrome = + let + name = override.color or colors.grey; + value = colorValues."${name}".normal; + valueBright = colorValues."${name}".bright; + valueDark = colorValues."${name}".dark; + in + '' + /* TODO: set regular toolbar background color */ + + /* default */ + #TabsToolbar { + background: ${valueDark} !important; + } + + /* default tab */ + #TabsToolbar #tabbrowser-tabs .tabbrowser-tab .tab-content { + background: ${value} !important; + } + + /* selected tab */ + #TabsToolbar #tabbrowser-tabs .tabbrowser-tab[selected] .tab-content { + background: ${valueBright} !important; + } + + /* hovered tab */ + #TabsToolbar #tabbrowser-tabs .tabbrowser-tab:hover:not([selected]) .tab-content { + background: ${valueBright} !important; + } + + /* unloaded/pending tab */ + #TabsToolbar #tabbrowser-tabs .tabbrowser-tab[pending] .tab-content { + background: ${valueDark} !important; + } + ''; + + # /* new tab */ + # #TabsToolbar #tabbrowser-tabs #tabs-newtab-button .toolbarbutton-icon { + # background: unset !important; + # } + + # #TabsToolbar #tabbrowser-tabs #tabs-newtab-button { + # /* background: var(--default_tabs_bg_newtab) !important; + # } + + # /* hovered new tab */ + # #TabsToolbar #tabbrowser-tabs #tabs-newtab-button:hover { + # background: var(--default_tabs_bg_newtab_hovered) !important; + # } + + } (builtins.removeAttrs override [ "color" ]); + + # TODO: insert the id automatically + mkProfiles = attrs: builtins.mapAttrs (_k: v: v) attrs; + + colors = builtins.mapAttrs (name: _: name) colorValues; + + colorValues = { + blue = { + normal = "#37adff"; + bright = "#00acff"; # Brighter blue + dark = "#2c8dd3"; # Darker blue + }; + green = { + normal = "#51cd00"; + bright = "#5ae200"; # Brighter green + dark = "#45ad00"; # Darker green + }; + orange = { + normal = "#ff9800"; + bright = "#ffb74d"; # Brighter orange + dark = "#c76a00"; # Darker orange + }; + red = { + normal = "#f6685e"; + bright = "#ff4336"; # Brighter red + dark = "#aa463f"; # Darker red + }; + yellow = { + normal = "#ffeb3b"; + bright = "#fff350"; # Brighter yellow + dark = "#c6a700"; # Darker yellow + }; + purple = { + normal = "#9c27b0"; + bright = "#ab47bc"; # Brighter purple + dark = "#7b1fa2"; # Darker purple + }; + pink = { + normal = "#e91e63"; + bright = "#ff6090"; # Brighter pink + dark = "#c2185b"; # Darker pink + }; + brown = { + normal = "#795548"; + bright = "#a88b6f"; # Brighter brown + dark = "#4e3b30"; # Darker brown + }; + grey = { + normal = "#9e9e9e"; + bright = "#bdbdbd"; # Brighter grey + dark = "#757575"; # Darker grey + }; + teal = { + normal = "#009688"; + bright = "#26c6da"; # Brighter teal + dark = "#00796b"; # Darker teal + }; + }; + +in { programs.librewolf = { enable = false; @@ -6,7 +276,77 @@ programs.firefox = { enable = true; package = pkgs.firefox-esr-128; + + profiles = mkProfiles { + "personal" = mkProfile { + id = 0; + isDefault = true; + color = colors.blue; + }; + "personal-finance" = mkProfile { + id = 1; + color = colors.green; + }; + "business" = mkProfile { + id = 2; + color = colors.teal; + }; + "dev-admin" = mkProfile { + id = 3; + color = colors.teal; + }; + "dev-holo" = mkProfile { + id = 4; + color = colors.red; + }; + "dev-infra" = mkProfile { + id = 5; + color = colors.yellow; + }; + "justyna" = mkProfile { + id = 6; + color = colors.pink; + }; + "justyna-office" = mkProfile { + id = 7; + color = colors.pink; + }; + }; + }; - # home.file.".mozilla/native-messaging-hosts/passff.json".source = "${pkgs.passff-host}/share/passff-host/passff.json"; + # create one desktop entry for each profile + xdg.desktopEntries = lib.mapAttrs' ( + k: _v: + lib.nameValuePair "firefox-profile-${k}" { + categories = [ + "Network" + "WebBrowser" + ]; + exec = "${lib.getExe config.programs.firefox.package} -P ${k}"; + genericName = "Web Browser"; + icon = + builtins.replaceStrings [ ".desktop" ] [ "" ] + config.programs.firefox.package.desktopItem.name; + mimeType = [ + "text/html" + "text/xml" + "application/xhtml+xml" + "application/vnd.mozilla.xul+xml" + "x-scheme-handler/http" + "x-scheme-handler/https" + ]; + name = "Firefox: ${k}"; + startupNotify = true; + settings.StartupWMClass = + # To group windows of different profiles. + # Set WM_CLASS on Xorg using --class, set app-id on Wayland using --name. + #if profile.name == "default" + #then "firefox" + #else "firefox-${profile.name}"; + "firefox"; + terminal = false; + type = "Application"; + } + ) config.programs.firefox.profiles; } diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 649472f..a4746dc 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -87,7 +87,6 @@ # TODO: broken with: v4l2loopback-0.13.2-6.13.0-rc3.drv # make: *** [Makefile:53: v4l2loopback.ko] Error 2 # ../../snippets/obs-studio.nix - { services.openssh.enable = true; services.openssh.settings.PermitRootLogin = "yes"; From 44341dbc5adbbba2da58b8c978e26b6156d8e596 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 21 Jan 2025 10:08:54 +0100 Subject: [PATCH 251/305] firefox: change profiles and their colors --- nix/home-manager/programs/firefox.nix | 124 ++++++++++++++++++-------- 1 file changed, 85 insertions(+), 39 deletions(-) diff --git a/nix/home-manager/programs/firefox.nix b/nix/home-manager/programs/firefox.nix index 170c89c..a24cdfe 100644 --- a/nix/home-manager/programs/firefox.nix +++ b/nix/home-manager/programs/firefox.nix @@ -18,7 +18,7 @@ let auto-tab-discard # redirector # For nixos wiki - darkreader + # darkreader facebook-container control-panel-for-twitter @@ -156,17 +156,41 @@ let # enable userChrome "toolkit.legacyUserProfileCustomizations.stylesheets" = true; + "devtools.chrome.enabled" = true; + "devtools.debugger.remote-enabled" = true; + + # disable translations for some languages + "browser.translations.neverTranslateLanguages" = ["en" "de"]; + "browser.translations.automaticallyPopup" = false; + + }; userChrome = let name = override.color or colors.grey; value = colorValues."${name}".normal; - valueBright = colorValues."${name}".bright; - valueDark = colorValues."${name}".dark; + valueBright = colorValues."${name}".highlight; + valueDark = colorValues."${name}".inactive; in '' - /* TODO: set regular toolbar background color */ + @namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"); /* only needed once */ + + #nav-bar { + background-color: ${value} !important; + color: black !important; + } + + /* don't show close button on background tabs */ + #tabbrowser-tabs[closebuttons="activetab"] .tabbrowser-tab:not([selected]):not([pinned]):not([hover]) .tab-close-button { + display: none !important; + } + + /* show close button on hover */ + #tabbrowser-tabs[closebuttons="activetab"] .tabbrowser-tab:not([selected]):not([pinned]):hover .tab-close-button { + display: -moz-inline-box !important; + } + /* default */ #TabsToolbar { @@ -176,11 +200,13 @@ let /* default tab */ #TabsToolbar #tabbrowser-tabs .tabbrowser-tab .tab-content { background: ${value} !important; + opacity: 0.8 } /* selected tab */ #TabsToolbar #tabbrowser-tabs .tabbrowser-tab[selected] .tab-content { background: ${valueBright} !important; + box-shadow: 0 8px 16px 0 rgba(0,0,0,0.2), 0 6px 20px 0 rgba(0,0,0,0.19); } /* hovered tab */ @@ -217,54 +243,54 @@ let colorValues = { blue = { - normal = "#37adff"; - bright = "#00acff"; # Brighter blue - dark = "#2c8dd3"; # Darker blue + normal = "#49b1fc"; + highlight = "#05a9fc"; # Brighter blue + inactive = "#1f81c6"; # Darker blue }; green = { normal = "#51cd00"; - bright = "#5ae200"; # Brighter green - dark = "#45ad00"; # Darker green + highlight = "#5ae200"; # Brighter green + inactive = "#45ad00"; # Darker green }; orange = { normal = "#ff9800"; - bright = "#ffb74d"; # Brighter orange - dark = "#c76a00"; # Darker orange + highlight = "#ffb74d"; # Brighter orange + inactive = "#c76a00"; # Darker orange }; red = { normal = "#f6685e"; - bright = "#ff4336"; # Brighter red - dark = "#aa463f"; # Darker red + highlight = "#ff4336"; # Brighter red + inactive = "#aa463f"; # Darker red }; yellow = { - normal = "#ffeb3b"; - bright = "#fff350"; # Brighter yellow - dark = "#c6a700"; # Darker yellow + normal = "#fced4b"; + highlight = "#fce705"; # Brighter yellow + inactive = "#dbbe00"; # Darker yellow }; purple = { normal = "#9c27b0"; - bright = "#ab47bc"; # Brighter purple - dark = "#7b1fa2"; # Darker purple + highlight = "#ab47bc"; # Brighter purple + inactive = "#7b1fa2"; # Darker purple }; pink = { normal = "#e91e63"; - bright = "#ff6090"; # Brighter pink - dark = "#c2185b"; # Darker pink + highlight = "#ff6090"; # Brighter pink + inactive = "#c2185b"; # Darker pink }; brown = { normal = "#795548"; - bright = "#a88b6f"; # Brighter brown - dark = "#4e3b30"; # Darker brown + highlight = "#a88b6f"; # Brighter brown + inactive = "#4e3b30"; # Darker brown }; grey = { normal = "#9e9e9e"; - bright = "#bdbdbd"; # Brighter grey - dark = "#757575"; # Darker grey + highlight = "#bdbdbd"; # Brighter grey + inactive = "#757575"; # Darker grey }; teal = { normal = "#009688"; - bright = "#26c6da"; # Brighter teal - dark = "#00796b"; # Darker teal + highlight = "#26c6da"; # Brighter teal + inactive = "#00796b"; # Darker teal }; }; @@ -283,32 +309,52 @@ in isDefault = true; color = colors.blue; }; - "personal-finance" = mkProfile { + "comms" = mkProfile { id = 1; - color = colors.green; + color = colors.blue; }; - "business" = mkProfile { + "admin" = mkProfile { id = 2; - color = colors.teal; + color = colors.blue; }; - "dev-admin" = mkProfile { + "infra" = mkProfile { id = 3; - color = colors.teal; + color = colors.blue; }; - "dev-holo" = mkProfile { + "finance" = mkProfile { id = 4; - color = colors.red; - }; - "dev-infra" = mkProfile { - id = 5; color = colors.yellow; }; - "justyna" = mkProfile { + "business-admin" = mkProfile { + id = 5; + color = colors.teal; + }; + "business-comms" = mkProfile { id = 6; + color = colors.teal; + }; + "business-dev" = mkProfile { + id = 7; + color = colors.teal; + }; + "holo-dev" = mkProfile { + id = 8; + color = colors.green; + }; + "holo-infra" = mkProfile { + id = 9; + color = colors.green; + }; + "holo-comms" = mkProfile { + id = 10; + color = colors.green; + }; + "justyna" = mkProfile { + id = 11; color = colors.pink; }; "justyna-office" = mkProfile { - id = 7; + id = 12; color = colors.pink; }; }; From c8b4dcb15a4e041bfcb910d9d96f5ebbb1bde42b Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 21 Jan 2025 10:09:02 +0100 Subject: [PATCH 252/305] feat(vscode): add color picker extension --- nix/home-manager/programs/vscode/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nix/home-manager/programs/vscode/default.nix b/nix/home-manager/programs/vscode/default.nix index c86f824..fe7e190 100644 --- a/nix/home-manager/programs/vscode/default.nix +++ b/nix/home-manager/programs/vscode/default.nix @@ -69,6 +69,10 @@ in [[extensions]] publisher_name = "ibecker" extension_name = "treefmt-vscode" + + [[extensions]] + publisher_name = "AntiAntiSepticeye" + extension_name = "vscode-color-picker" ''; nix4vscodeNix = pkgs.runCommand "nix4vscode.nix" From 990f219e241445f23d6fcdb0c4b25b951b444f61 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 21 Jan 2025 19:10:18 +0100 Subject: [PATCH 253/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 91c87e3..1be097c 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -308,11 +308,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1737165118, - "narHash": "sha256-s40Kk/OulP3J/1JvC3VT16U4r/Xw6Qdi7SRw3LYkPWs=", + "lastModified": 1737299813, + "narHash": "sha256-Qw2PwmkXDK8sPQ5YQ/y/icbQ+TYgbxfjhgnkNJyT1X8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6a3ae7a5a12fb8cac2d59d7df7cbd95f9b2f0566", + "rev": "107d5ef05c0b1119749e381451389eded30fb0d5", "type": "github" }, "original": { From c06d2e19bfcc6d3651651657a6d7db901637868d Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 23 Jan 2025 10:01:23 +0100 Subject: [PATCH 254/305] nix/os/devices/sj-srv1: bump versions --- nix/os/devices/sj-srv1/flake.lock | 99 ++++--------------------------- 1 file changed, 12 insertions(+), 87 deletions(-) diff --git a/nix/os/devices/sj-srv1/flake.lock b/nix/os/devices/sj-srv1/flake.lock index 8ab4b67..623708a 100644 --- a/nix/os/devices/sj-srv1/flake.lock +++ b/nix/os/devices/sj-srv1/flake.lock @@ -1,21 +1,5 @@ { "nodes": { - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -23,11 +7,11 @@ ] }, "locked": { - "lastModified": 1734366194, - "narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=", + "lastModified": 1736373539, + "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", "owner": "nix-community", "repo": "home-manager", - "rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f", + "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", "type": "github" }, "original": { @@ -37,36 +21,13 @@ "type": "github" } }, - "nixos-dns": { - "inputs": { - "flake-compat": "flake-compat", - "nixpkgs": [ - "nixpkgs" - ], - "systems": "systems", - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1725163709, - "narHash": "sha256-VqUwWZBBdDE0Jk1tRW6Bsg978R6rTILrvsqjfjHz2HY=", - "owner": "Janik-Haag", - "repo": "nixos-dns", - "rev": "ac41b8690c8db01af1eb77ea2fd330a1c43d814f", - "type": "github" - }, - "original": { - "owner": "Janik-Haag", - "repo": "nixos-dns", - "type": "github" - } - }, "nixpkgs": { "locked": { - "lastModified": 1734875076, - "narHash": "sha256-Pzyb+YNG5u3zP79zoi8HXYMs15Q5dfjDgwCdUI5B0nY=", + "lastModified": 1737404927, + "narHash": "sha256-e1WgPJpIYbOuokjgylcsuoEUCB4Jl2rQXa2LUD6XAG8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1807c2b91223227ad5599d7067a61665c52d1295", + "rev": "ae584d90cbd0396a422289ee3efb1f1c9d141dc3", "type": "github" }, "original": { @@ -78,11 +39,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1734988233, - "narHash": "sha256-Ucfnxq1rF/GjNP3kTL+uTfgdoE9a3fxDftSfeLIS8mA=", + "lastModified": 1737621708, + "narHash": "sha256-EJRzBfAi7XlPlyQuGgyCctX6PpR1P7nMnRxrHOnfXj0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "de1864217bfa9b5845f465e771e0ecb48b30e02d", + "rev": "f0413353abad5d3826571102243795bb80ed5444", "type": "github" }, "original": { @@ -94,11 +55,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1734962273, - "narHash": "sha256-Xu8m+P0dXpRsYqPY1XfOvYaLd8NVpQyiMYrzwwNFyiM=", + "lastModified": 1737597992, + "narHash": "sha256-FECKBxkd+w5I/fhsquthDiw/r/MdCpqmKikBU9yQGug=", "owner": "nixos", "repo": "nixpkgs", - "rev": "fc9c33366b98237cc759cdd90ef6058f5a1cb9dd", + "rev": "d0bb4699177f691c8e558b32b3bdc38bc112f76f", "type": "github" }, "original": { @@ -111,46 +72,10 @@ "root": { "inputs": { "home-manager": "home-manager", - "nixos-dns": "nixos-dns", "nixpkgs": "nixpkgs", "nixpkgs-master": "nixpkgs-master", "nixpkgs-unstable": "nixpkgs-unstable" } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "id": "systems", - "type": "indirect" - } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "nixos-dns", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1714058656, - "narHash": "sha256-Qv4RBm4LKuO4fNOfx9wl40W2rBbv5u5m+whxRYUMiaA=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "c6aaf729f34a36c445618580a9f95a48f5e4e03f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } } }, "root": "root", From aec69ec8ffc373a5ad73c022b5f96169e332d0d6 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 25 Jan 2025 10:08:11 +0100 Subject: [PATCH 255/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 1be097c..5f6abae 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -181,16 +181,16 @@ "linux-jhovold": { "flake": false, "locked": { - "lastModified": 1736759316, - "narHash": "sha256-cNqR3H797YcCsHutwNGdV+u6T0AUh17TGev/LCqNCy8=", + "lastModified": 1737386371, + "narHash": "sha256-FIbwr2WKslYbC/AIBNcUgoEpDm0aB8knhHYQ6m2bu6k=", "owner": "jhovold", "repo": "linux", - "rev": "1ca98ace316a107b488b33959ce012b5875edbef", + "rev": "5602f2f7c53f5c0d2566f493224b82f55ed68abb", "type": "github" }, "original": { "owner": "jhovold", - "ref": "wip/sc8280xp-6.13-rc7", + "ref": "wip/sc8280xp-6.13", "repo": "linux", "type": "github" } @@ -264,11 +264,11 @@ "x13s-bt-linux-firmware": "x13s-bt-linux-firmware" }, "locked": { - "lastModified": 1737021191, - "narHash": "sha256-w4B4UHtCH3+gX8qTl2m6RURCB7OyKjSy1SMr/Q4aB0w=", + "lastModified": 1737753654, + "narHash": "sha256-y4KjuDsLZ9bNwF+7fmDBSDjhZSXQykewS0ncxNoeNvA=", "ref": "bump", - "rev": "00a940407a7ccc144d887e25c7568c1573c488ce", - "revCount": 134, + "rev": "fe236e55c5fcdb8fb194ade6dc62ab67f396537e", + "revCount": 135, "type": "git", "url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git" }, @@ -308,11 +308,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1737299813, - "narHash": "sha256-Qw2PwmkXDK8sPQ5YQ/y/icbQ+TYgbxfjhgnkNJyT1X8=", + "lastModified": 1737672001, + "narHash": "sha256-YnHJJ19wqmibLQdUeq9xzE6CjrMA568KN/lFPuSVs4I=", "owner": "nixos", "repo": "nixpkgs", - "rev": "107d5ef05c0b1119749e381451389eded30fb0d5", + "rev": "035f8c0853c2977b24ffc4d0a42c74f00b182cd8", "type": "github" }, "original": { From 68e1dc9267b13ee4136f19609b47c0f520912f64 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 2 Feb 2025 13:17:55 +0100 Subject: [PATCH 256/305] feat(codium): add emojisense extension --- nix/home-manager/programs/vscode/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nix/home-manager/programs/vscode/default.nix b/nix/home-manager/programs/vscode/default.nix index fe7e190..3aa5b9a 100644 --- a/nix/home-manager/programs/vscode/default.nix +++ b/nix/home-manager/programs/vscode/default.nix @@ -55,6 +55,8 @@ in jeff-hykin.better-go-syntax blueglassblock.better-json5 + + bierner.emojisense ] ) ++ ( From 65145576a2e6df9607a74b9d8f75eb9caf8fd9a2 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 4 Feb 2025 11:00:52 +0100 Subject: [PATCH 257/305] firefox: add youtube-unhook and enable pipewire --- nix/home-manager/programs/firefox.nix | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/nix/home-manager/programs/firefox.nix b/nix/home-manager/programs/firefox.nix index a24cdfe..1bffa89 100644 --- a/nix/home-manager/programs/firefox.nix +++ b/nix/home-manager/programs/firefox.nix @@ -8,7 +8,7 @@ let # Search extension names with below command: # nix flake show --json "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons" --all-systems | jq -r '.packages."x86_64-linux" | keys[]' | rg QUERY - ryceeAddons = with repoFlake.inputs.nur.legacyPackages.${pkgs.system}.repos.rycee.firefox-addons; [ + ryceeAddons = with pkgs.nur.repos.rycee.firefox-addons; [ ublock-origin # bypass-paywalls-clean (can't use, was creating popups) @@ -27,6 +27,8 @@ let vimium cookie-autodelete auto-tab-discard + + youtube-recommended-videos ]; customAddons = [ @@ -163,7 +165,8 @@ let "browser.translations.neverTranslateLanguages" = ["en" "de"]; "browser.translations.automaticallyPopup" = false; - + # enable pipewire (and libcamera) sources + "media.webrtc.camera.allow-pipewire" = true; }; userChrome = @@ -296,6 +299,14 @@ let in { + nixpkgs.overlays = [ + repoFlake.inputs.nur.overlay + ]; + + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + "youtube-recommended-videos" + ]; + programs.librewolf = { enable = false; }; From 143b0a10e3b05517fe67ebabbe6235e1b4ddead6 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 7 Feb 2025 11:54:32 +0100 Subject: [PATCH 258/305] flake: add local-xwayland command for ad-hoc X usage --- flake.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/flake.nix b/flake.nix index de419fc..37bd557 100644 --- a/flake.nix +++ b/flake.nix @@ -278,6 +278,16 @@ }; }; + + local-xwayland = pkgs.writeShellScriptBin "local-xwayland" '' + set -x + ${pkgs.wayland-proxy-virtwl}/bin/wayland-proxy-virtwl \ + --wayland-display=wayland-3 \ + --xwayland-binary=${pkgs.xwayland}/bin/Xwayland \ + --x-display=0 \ + # --x-unscale=3 \ + --verbose + ''; in { dcpj4110dwDriver = dcpj4110dw.driver; @@ -325,6 +335,8 @@ nativeBuildInputs = [ pkgs.pkg-config ]; buildInputs = [ ]; }; + + inherit local-xwayland; }; formatter = From d629f4b3545a138d46b083cdb7d4d3c7f5ecc2ed Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 7 Feb 2025 11:55:14 +0100 Subject: [PATCH 259/305] Justfile: convenience commands to working with the router0-dmz0 locally --- Justfile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Justfile b/Justfile index 095f050..d48ce8c 100755 --- a/Justfile +++ b/Justfile @@ -309,3 +309,9 @@ cachix-use name: update-sops-keys: for file in $(egrep -lr '"?sops"?:') secrets; do sops updatekeys -y $file; done + +deploy-router0-dmz0: + NIX_SSHOPTS="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o CheckHostIP=no" nixos-rebuild switch --impure --flake .\#router0-dmz0 --target-host root@192.168.20.1 + +ttyusb: + screen -fa /dev/ttyUSB0 115200 From 05973a61a5b62c0a41e2704693992919034f0e7a Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 7 Feb 2025 11:56:00 +0100 Subject: [PATCH 260/305] feat(router0-dmz0): bump pkgs, adjust VLAN ids, use SFP with quirks --- nix/os/devices/router0-dmz0/configuration.nix | 316 ++++++++++-------- nix/os/devices/router0-dmz0/flake.lock | 44 +-- nix/os/devices/router0-dmz0/flake.nix | 3 +- secrets/router0-dmz0/secrets.yaml | 13 +- 4 files changed, 215 insertions(+), 161 deletions(-) diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 4c8b5ee..07c6b1c 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -43,23 +43,17 @@ let }; vlans = { - "10".name = "mgmt"; - "10".packet_priority = 0; + "2".name = "dmz"; + "2".packet_priority = -5; - "11".name = "dmz"; - "11".packet_priority = -5; + "3".name = "iot"; + "3".packet_priority = -5; - "12".name = "iot"; - "12".packet_priority = -5; + "4".name = "office"; + "4".packet_priority = -10; - "13".name = "office"; - "13".packet_priority = -10; - - "14".name = "guests"; - "14".packet_priority = 10; - - "15".name = "iot2"; - "15".packet_priority = -10; + "5".name = "guests"; + "5".packet_priority = 10; }; vlansByName = lib.attrsets.mapAttrs' ( @@ -382,12 +376,77 @@ in group = "systemd-network"; }; + # TODO: this shouldn't be necessary _at all_ + systemd.services.sfp-quirk = { + enable = true; + wantedBy = [ + "network.target" + "multi-user.target" + ]; + + requires = [ + "sys-subsystem-net-devices-lan4.device" + "sys-subsystem-net-devices-eth1.device" + ]; + + after = [ + "sys-subsystem-net-devices-lan4.device" + "sys-subsystem-net-devices-eth1.device" + ]; + + path = [ + pkgs.ethtool + pkgs.iproute2 + pkgs.coreutils + ]; + + script = '' + set -xeE + + ip l set dev lan4 down + ip l set dev eth1 down + + sleep 0.5 + + ethtool -s lan4 duplex full autoneg off + ethtool -s eth1 duplex full autoneg off + + sleep 0.5 + + ip l set dev lan4 up + ip l set dev eth1 up + + echo quirk applied, fingers crossed. + ''; + }; + systemd.network = { wait-online.anyInterface = true; config.networkConfig = { IPv4Forwarding = true; IPv6Forwarding = true; }; + links = { + # TODO: this doesn't work, thus shoving it into a quirk service. however, there's a proper solution beyond any of this. + # "00-eth1" = { + # enable = true; + # matchConfig.Name = "eth1"; + # linkConfig = { + # # BitsPerSecond = "2500M"; + # Duplex= "full"; + # AutoNegotiation = false; + # }; + # }; + # "00-lan4" = { + # enable = true; + # matchConfig.Name = "lan4@eth0"; + # linkConfig = { + # # BitsPerSecond = "1000M"; + # Duplex= "full"; + # AutoNegotiation = false; + # }; + # }; + }; netdevs = let router0-ifog_wg0Endpoint = "${repoFlake.colmena.router0-ifog.deployment.targetHost}:${builtins.toString repoFlake.nixosConfigurations.router0-ifog.config.systemd.network.netdevs.wg0.wireguardConfig.ListenPort}"; @@ -425,26 +484,24 @@ in }; wireguardPeers = [ { - wireguardPeerConfig = { - AllowedIPs = [ - # this allows all traffic to be routed through this interface - "0.0.0.0/0" + AllowedIPs = [ + # this allows all traffic to be routed through this interface + "0.0.0.0/0" - # # alternatively, specific destinations could be allowed + # # alternatively, specific destinations could be allowed - # # remote peer wg addr - # "10.0.0.0/32" + # # remote peer wg addr + # "10.0.0.0/32" - # "1.1.1.1/32" - # # ifconfig.co. - # "172.67.168.106" - # "104.21.54.91" - ]; - PersistentKeepalive = 15; - PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path; - PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; - Endpoint = router0-ifog_wg0Endpoint; - }; + # "1.1.1.1/32" + # # ifconfig.co. + # "172.67.168.106" + # "104.21.54.91" + ]; + PersistentKeepalive = 15; + PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path; + PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; + Endpoint = router0-ifog_wg0Endpoint; } ]; }; @@ -461,16 +518,14 @@ in }; wireguardPeers = [ { - wireguardPeerConfig = { - AllowedIPs = [ - # this allows all traffic to be routed through this interface - "0.0.0.0/0" - ]; - PersistentKeepalive = 15; - PresharedKeyFile = builtins.toString config.sops.secrets.wg1-peer0-psk.path; - PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; - Endpoint = router0-ifog_wg1Endpoint; - }; + AllowedIPs = [ + # this allows all traffic to be routed through this interface + "0.0.0.0/0" + ]; + PersistentKeepalive = 15; + PresharedKeyFile = builtins.toString config.sops.secrets.wg1-peer0-psk.path; + PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; + Endpoint = router0-ifog_wg1Endpoint; } ]; }; @@ -487,26 +542,24 @@ in }; wireguardPeers = [ { - wireguardPeerConfig = { - AllowedIPs = [ - # this allows all traffic to be routed through this interface - "0.0.0.0/0" + AllowedIPs = [ + # this allows all traffic to be routed through this interface + "0.0.0.0/0" - # # alternatively, specific destinations could be allowed + # # alternatively, specific destinations could be allowed - # # remote peer wg addr - # "10.0.0.0/32" + # # remote peer wg addr + # "10.0.0.0/32" - # "1.1.1.1/32" - # # ifconfig.co. - # "172.67.168.106" - # "104.21.54.91" - ]; - PersistentKeepalive = 15; - PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path; - PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; - Endpoint = router0-hosthatch_wg0Endpoint; - }; + # "1.1.1.1/32" + # # ifconfig.co. + # "172.67.168.106" + # "104.21.54.91" + ]; + PersistentKeepalive = 15; + PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path; + PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; + Endpoint = router0-hosthatch_wg0Endpoint; } ]; }; @@ -588,49 +641,37 @@ in # ip rule add fwmark 101 priority 1 prohibit routingPolicyRules = [ { - routingPolicyRuleConfig = { - FirewallMark = 100; - Priority = 30000; - Table = 100; - }; + FirewallMark = 100; + Priority = 30000; + Table = 100; } { - routingPolicyRuleConfig = { - FirewallMark = 100; - Priority = 30001; - Table = 100; - Type = "prohibit"; - }; + FirewallMark = 100; + Priority = 30001; + Table = 100; + Type = "prohibit"; } { - routingPolicyRuleConfig = { - FirewallMark = 101; - Priority = 30000; - Table = 101; - }; + FirewallMark = 101; + Priority = 30000; + Table = 101; } { - routingPolicyRuleConfig = { - FirewallMark = 101; - Priority = 30001; - Table = 101; - Type = "prohibit"; - }; + FirewallMark = 101; + Priority = 30001; + Table = 101; + Type = "prohibit"; } { - routingPolicyRuleConfig = { - FirewallMark = 102; - Priority = 30000; - Table = 102; - }; + FirewallMark = 102; + Priority = 30000; + Table = 102; } { - routingPolicyRuleConfig = { - FirewallMark = 102; - Priority = 30001; - Table = 102; - Type = "prohibit"; - }; + FirewallMark = 102; + Priority = 30001; + Table = 102; + Type = "prohibit"; } ]; }; @@ -649,10 +690,8 @@ in # ip route add default via 172.16.0.1 table 101 routes = [ { - routeConfig = { - Gateway = "_dhcp4"; - Table = 101; - }; + Gateway = "_dhcp4"; + Table = 101; } ]; }; @@ -670,16 +709,12 @@ in # ip route add default via 192.168.0.1 table 100 routes = [ { - routeConfig = { - Gateway = "_dhcp4"; - Table = 100; - }; + Gateway = "_dhcp4"; + Table = 100; } { - routeConfig = { - Gateway = "_dhcp4"; - Table = 102; - }; + Gateway = "_dhcp4"; + Table = 102; } ]; }; @@ -695,11 +730,9 @@ in bridgeVLANs = [ { - bridgeVLANConfig = { - VLAN = vlansByName.dmz.id; - PVID = vlansByName.dmz.id; - EgressUntagged = vlansByName.dmz.id; - }; + VLAN = vlansByName.dmz.id; + PVID = vlansByName.dmz.id; + EgressUntagged = vlansByName.dmz.id; } ]; }; @@ -714,11 +747,9 @@ in bridgeVLANs = [ { - bridgeVLANConfig = { - VLAN = vlansByName.office.id; - PVID = vlansByName.office.id; - EgressUntagged = vlansByName.office.id; - }; + VLAN = vlansByName.office.id; + PVID = vlansByName.office.id; + EgressUntagged = vlansByName.office.id; } ]; }; @@ -733,9 +764,39 @@ in bridgeVLANs = [ { - bridgeVLANConfig = { - VLAN = "${toString vlanRangeStart}-${toString vlanRangeEnd}"; - }; + VLAN = "${toString vlanRangeStart}-${toString vlanRangeEnd}"; + } + ]; + }; + "30-lan4" = { + matchConfig.Name = "lan4"; + networkConfig = { + Bridge = bridgeInterfaceName; + ConfigureWithoutCarrier = true; + }; + linkConfig.RequiredForOnline = "enslaved"; + + bridgeVLANs = [ + { + VLAN = vlansByName.office.id; + PVID = vlansByName.office.id; + EgressUntagged = vlansByName.office.id; + } + ]; + }; + "30-eth1" = { + matchConfig.Name = "eth1"; + networkConfig = { + Bridge = bridgeInterfaceName; + ConfigureWithoutCarrier = true; + }; + linkConfig.RequiredForOnline = "enslaved"; + + bridgeVLANs = [ + { + VLAN = vlansByName.dmz.id; + PVID = vlansByName.dmz.id; + EgressUntagged = vlansByName.dmz.id; } ]; }; @@ -758,9 +819,7 @@ in bridgeVLANs = [ { - bridgeVLANConfig = { - VLAN = "${toString vlanRangeStart}-${toString vlanRangeEnd}"; - }; + VLAN = "${toString vlanRangeStart}-${toString vlanRangeEnd}"; } ]; @@ -774,11 +833,9 @@ in routes = [ # { - # routeConfig = { # # test the set uprouting to a specific IP # Destination = "${repoFlake.colmena.sj-bm-hostkey0.deployment.targetHost}/32"; # MultiPathRoute = "10.0.0.0 1"; - # }; # } ]; }; @@ -788,10 +845,8 @@ in address = [ "10.0.0.3/31" ]; routes = [ # { - # routeConfig = { # Destination = "${repoFlake.colmena.sj-bm-hostkey0.deployment.targetHost}/32"; # MultiPathRoute = "10.0.0.2 1"; - # }; # } ]; }; @@ -848,9 +903,7 @@ in bridgeVLANs = [ { - bridgeVLANConfig = { - VLAN = vlanid; - }; + VLAN = vlanid; } ]; }; @@ -870,11 +923,9 @@ in bridgeVLANs = [ { - bridgeVLANConfig = { - VLAN = vlanid; - PVID = vlanid; - EgressUntagged = vlanid; - }; + VLAN = vlanid; + PVID = vlanid; + EgressUntagged = vlanid; } ]; }; @@ -1215,13 +1266,14 @@ in }; }; - system.stateVersion = "24.05"; + system.stateVersion = "24.11"; # boot.kernelPackages = pkgs.linuxPackages_bpir3_6_6; environment.systemPackages = [ pkgs.ethtool pkgs.vim + pkgs.iperf3 pkgs.wireguard-tools pkgs.tshark diff --git a/nix/os/devices/router0-dmz0/flake.lock b/nix/os/devices/router0-dmz0/flake.lock index 102d2d8..8f55026 100644 --- a/nix/os/devices/router0-dmz0/flake.lock +++ b/nix/os/devices/router0-dmz0/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1734701201, - "narHash": "sha256-hk0roBX10j/hospoWIJIJj3i2skd7Oml6yKQBx7mTFk=", + "lastModified": 1738148035, + "narHash": "sha256-KYOATYEwaKysL3HdHdS5kbQMXvzS4iPJzJrML+3TKAo=", "owner": "nix-community", "repo": "disko", - "rev": "2ee76c861af3b895b3b104bae04777b61397485b", + "rev": "18d0a984cc2bc82cf61df19523a34ad463aa7f54", "type": "github" }, "original": { @@ -63,11 +63,11 @@ ] }, "locked": { - "lastModified": 1734366194, - "narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=", + "lastModified": 1736373539, + "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", "owner": "nix-community", "repo": "home-manager", - "rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f", + "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", "type": "github" }, "original": { @@ -80,11 +80,11 @@ "hostapd": { "flake": false, "locked": { - "lastModified": 1734953168, - "narHash": "sha256-fMzGrnLPOtMPlY/Myyj93p7rKMi3xHoR7PXZOXjVui8=", + "lastModified": 1738518662, + "narHash": "sha256-MeE2FTG7Jh4BqchSvevJH7IsqTotjemndLzev8TkiRk=", "ref": "refs/heads/main", - "rev": "fd9bf2cc2f59834b5d9c50a23ac7a833d21eefb2", - "revCount": 20150, + "rev": "c12fc97e3b59742e0c5743fceae6a87a8b13a576", + "revCount": 20282, "type": "git", "url": "git://w1.fi/hostap.git?branch=main" }, @@ -121,11 +121,11 @@ ] }, "locked": { - "lastModified": 1734884731, - "narHash": "sha256-8DaMF6XNZobeZo+sOf13nifri0mRXYDAUTh5AD4h4aM=", + "lastModified": 1738254353, + "narHash": "sha256-SYpvOn0v/wi8lrgEBhobjKFvFWPlJ3gP7SZPfyw9td0=", "owner": "nakato", "repo": "nixos-sbc", - "rev": "2e6bfee808b5291b365795ed11931e1702d30386", + "rev": "21be4ab012197a2eea4bbff8315c40f26f715a18", "type": "github" }, "original": { @@ -136,11 +136,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1734875076, - "narHash": "sha256-Pzyb+YNG5u3zP79zoi8HXYMs15Q5dfjDgwCdUI5B0nY=", + "lastModified": 1738702386, + "narHash": "sha256-nJj8f78AYAxl/zqLiFGXn5Im1qjFKU8yBPKoWEeZN5M=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1807c2b91223227ad5599d7067a61665c52d1295", + "rev": "030ba1976b7c0e1a67d9716b17308ccdab5b381e", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1734649271, - "narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=", + "lastModified": 1738680400, + "narHash": "sha256-ooLh+XW8jfa+91F1nhf9OF7qhuA/y1ChLx6lXDNeY5U=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507", + "rev": "799ba5bffed04ced7067a91798353d360788b30d", "type": "github" }, "original": { @@ -205,11 +205,11 @@ ] }, "locked": { - "lastModified": 1734915306, - "narHash": "sha256-cXoiU+doyRAZ/tcCCGcJjwK2bEZbRcuC0E+ZrnmgFOI=", + "lastModified": 1738198321, + "narHash": "sha256-lhnHBXO9Y8xEn92JqxjancdL8Gh16ONuxZp60iZfmX4=", "owner": "numtide", "repo": "srvos", - "rev": "31c75c0d702f940aeb89eacc9c5dbde5d43df338", + "rev": "7d5a4aaadac9ff63f9ed4347df95175aceee5079", "type": "github" }, "original": { diff --git a/nix/os/devices/router0-dmz0/flake.nix b/nix/os/devices/router0-dmz0/flake.nix index 0f5866e..cdad18f 100644 --- a/nix/os/devices/router0-dmz0/flake.nix +++ b/nix/os/devices/router0-dmz0/flake.nix @@ -15,7 +15,8 @@ nixos-sbc.url = "github:nakato/nixos-sbc" - # "github:steveej-forks/nakato_nixos-sbc/wifi-workaround" + # "github:steveej-forks/nakato_nixos-sbc//bpi-r3_kernel-6.12" + # "github:steveej-forks/nakato_nixos-sbc//bpi-r3_kernel-6.13" # "github:steveej-forks/nakato_nixos-sbc/kernel-6.9_and_cross-compile" # "github:steveej-forks/nakato_nixos-sbc/kernel-6.10_and_cross-compile" # "git+file:///home/steveej/src/others/nakato_nixos-sbc/" diff --git a/secrets/router0-dmz0/secrets.yaml b/secrets/router0-dmz0/secrets.yaml index 8c14dc9..9990851 100644 --- a/secrets/router0-dmz0/secrets.yaml +++ b/secrets/router0-dmz0/secrets.yaml @@ -1,6 +1,7 @@ #ENC[AES256_GCM,data:ZkUrwF6DTQFainYhDA==,iv:VDjRBF4WfPmJdKtUpZYJcOPxoUYT3DUxAC9ct7EvFss=,tag:efllkpv2SxRv6+DyuqRQCQ==,type:comment] -#ENC[AES256_GCM,data:QydWKuMH8uixprFup1rEwvPkKAMw0yat9MOOK1DleeCJ5tqRqrPh9NiOpJs6nve8Rmji3WyrHAkUaK9zT/f8VKk=,iv:I6OHO6sLTtFBV6CYGmLh5owCrNjzS/LBjOjW9VovGlE=,tag:Vg0IZSFbYa7UQvuPpmMVKw==,type:comment] -passwords-root: ENC[AES256_GCM,data:+8IcZ4pbJ1qIjRCK7oycmgOVWy6hzc2oDISYMMqE9SmgRE//PQ5ABwtBtpaghrhZTXrUV2l3qsvTHD9UdYRNMB1VBlM6vn4Iug==,iv:2eUIa46QNby++yLK9dax/SD7Ajtj+U0ptheRuKV9r+g=,tag:5tA5rhm1eztDh7Q4d+C1BQ==,type:str] +#ENC[AES256_GCM,data:2luPn7XRMTtgNpz0QLXQwF92kbBLdjJoUdFKdayy0A==,iv:dr//F4r/8k9zSzkWXUlVT+81iYLTX2rmXIp+Z9Lt4XY=,tag:RZTSqCqqmRxBvWqHqmF7Gw==,type:comment] +#ENC[AES256_GCM,data:SjwWciLOzMxrq/QV00Q+gt1sNXwl6N/eTHsN9jeFHwFeOQrZ0M7/36WgjSVHpGlVmklzd0LiOB+LhNlzqysM6RI=,iv:vznczLEeyTmCxExlkFiv8ftQy+3z0LyAg8vhcpGT4M8=,tag:+QgSJtX7FFLfMnPLhrgcvQ==,type:comment] +passwords-root: ENC[AES256_GCM,data:BzQYUCGJwyA/mUohN3OkKdjkuHUfOgYFs01W/F1WM7i/UyOXA3HooUjbGe1KVQkn5NGTvWvR6t3CCr2o4Bjvq2pXrH+92a1kpQ==,iv:9PCLNVUyI2R0F5LmLe9spp7q65pwMJ9TUHmT/VtPazM=,tag:apsIgXhOkoZ8Gb0UshKg7g==,type:str] ssh_host_ed25519_key: ENC[AES256_GCM,data:XQjTqNADLhisxPBIJ7x0bs3qgQk0u4q9HKSDukRbzel7hUiDqc6ELQAvffRqJQUtAS5Cfz9PzVcnyEA4wapvK7RLFavOmaN2MhcnQR24oQks5RVYmlvcems02Qovd15iE07XR4KCDcmQ5/XM5v4/RxW2zYzV5Il67Vzhij2wA9bJ7D3sbKUfyc6pBoIXvURbq6QO8ZMIU6ckAuOqG2230KwXLdz/ld0s3Ir1q/7t+rrrS7BPkeA+SRdYhb5XDOTKtfgFxNvdI6DSETV+q67xAalAkM/cZ2rqHJQd+wgH2VIPyiGqeq6LvPT0vmopFJn0CqQA2HauQAmBNIAtXel8GbK+qA11XilMx+hp6qhVH+BnSWWY3GriGfaGlpUZ0E7uymqRkpRwBcHmZto6E/E/XUxBfISVyJf/2RcTy10RelWLJtNuaXT2eHgXmZ/uAlcTGlCYYirr5g3iAGUoqxYbWlZb9SdqVO/0PLCZo7AkDWxk57wer/lHOG59ZpoiZnanaMIaNqJ7Tsslvvm0JuoP,iv:2U5IpWTRyQ8basBRoYpFe6Ycc5qdeCUAUTwlEHttRJU=,tag:jA0mFsMxWKq7dnkGQWNP9Q==,type:str] ssh_host_ed25519_key_pub: ENC[AES256_GCM,data:MQ0q/I6clKNz6uzoztGA06vOjIbpK6Dsf3WbgddRA0B8nEJ4EUmRBT0KkX3o+LZmQPhmURHWWFtOSqvAzkyoxAoBZEh98H3IDsLE5PgcNbxK3dAh36+AAMPLzVFnHLyaWLQW,iv:9XIw29PkSHCeU7C2GuSJ+J+mBrwOrbSMmm7kOtCkiyI=,tag:x3JqFF08f2eVfOrrQ1gzYw==,type:str] ssh_host_rsa_key: ENC[AES256_GCM,data:tFGQ77X5Y1TRR2F0EJ4hmauE9ABILP6V0CSmzb1QLaH6VlhriXSE1UQcQ2Rc73CR7+JLjLbggL7RKpkA8gJQq/ubhiXHJokBEo6rfBXETVepv0HlyX5UvzWhi6iKBE5YsYyyBI1VWDcx+oTR8+daqnKwbbqPeDUpC2coT3S9svEsKXeb3YOMxJ9X/Rvh96UtMmlk7WeZa2JvOP3k62HROVo8QRYXeQWTO87TCzVdU7OWnbRIuC6bu+32Uy70AsIu39fazX7WqIUxaeO/oNHsay0/TBXKNu2El0JRG8tHCHdXe1tahniGbGH5xeEZmgLTOjHntw5UIdxZbgvcbxmt9seDXUxjhhEMS8eHWaxnRDSI7n2KOb/3UaBQ3BHnYpuRjW++uFBgRHxxANlYfpfEdz/LNexdPb9+QCw80r38uZxP8yD5/PxFV/Y+gSX+WnNE0YQnBDtHFjKhHpqpm2P4Ek3hLzjXh6CPzUZru6LAO/FklcLCGaq94fDC5wW3K0x1UvyfMjBwwyeSymcV95YcZu8Ty280jRhG8l719KkEJjnBdnB25PQ5gEwc34dG5xH5HwVUDPIM9v9m+cXtldUIk3BH4PiTEI1aZsZx50BtBhxybAxhTqNElrP+/2W73muTSQboDIB1Xb2NhArLB6XnnVhVUD/Pg/9wiDUY0mYyr0eIp9AmBfSmSIDjFyVUB9o+gv/B+LpxwxPKmsPt3MRKWoZw+bIGTI82UqBv0eX6Xqq71H4DYFnJ3J+n+Jzp5ww5mSPPHffZZFSBbZSpTk8El4L5II/hyyxk7yJopt19AAsw+UgLJDO31XnyiGAEbbDdwjuCWQMmuzKJ6H7c7UGDXLO92jAlXwEWT5fwzG6Wvu5+n/OToz3CN1Cv40uwVb/fOqmzep9hoOrXeuzmnGULfGmwItjuJoMkfmPUq8obAuj5ml0YduU2eLbe15OlD2Vg2I+BH0WuCPYnnCrLyX8ixhJEuGGDkhGhaKMHaMjNuMOGmDQ6oRCVU8BA/zDgnF/GrcHgIe742Yh68PyaH2j+iX6/5YvUB+R1sDnrgfXlgET1V+nny+fD4GBnP+RKYtdGG0P4y3AYlACQE9sJ6Nkb8CTVb2Va6L3rXzeyJG2FtYkUKxxwDUv/KyieclHiJpdawunOLVkmI6p/iaZIThrdGA5p7b01/WOyJFA9aI3oU2f2rMYBLGHYirrRs3WtS7ExhKriHpgax574UIcW0mecFto9dHkGlBOTQy+Zp1GARnePXKZcyKm2qhTIjw0ho/DUe3+t1knbR6WJCwl1LDtfpPD2KPDDH+HpHm3EoiA1mDSp6lYMVxwBr2eBmFPKuPkkAL/3Bf6SKlEp1UCDee7BPlzS9kwmIEt/EuIohbMDdyaHtulW31Hdrsai8fCxc7AAzgsmoMBp2Smwoe3C8K5K8RaNp6v4boY8WBH3rLjAFTmOPB7TiZfplQjV8triZS3JFopNjvCglfZSXxSs+RjZUgSgL/1fFLT2m0Mp1XPMvGZlD73TzJ5RH5WWlxliaau42Q4vXRFUK+ZFx0SvwOO5xZvRNtAOfipEoqscKOopV+HHl74DJEk/xLibWJmkEBqoVbf1BFDUAiRSSb/0RdfCAGaj1mqV68szVtLt3jB1AJm9iu9RNU047HHQeOi++8g6lOpHmhsksfQLAucLVtLTrXpHDEAugDbSXrwPkhWa2Ej+Iva1p2vteIExcT+8h3WiXkamDBZALpJcLkDSazgAmmrB+6u6odsyin9Z5zB55EN2iz24nGNgyylt9FehC4/2SNHMX42hZ/JPQw51+vZQLoLQv+oOJAVXGBHeDy3kDl60fL6Fr5jZ0YOfO+rFGk4bDpXYjq27ahLv763tVs8SrgMseNWNWTakZUAXuYPbP3GBFEjTPHM4216WABj2cC3zSmrnbEyNRMWTdsm46ASZvhZo4wO8eTrndvy44Q2UKOFOh1sYCY4jjCWCI74pEV3rRcBJASuUipep65ZwXOlFOXu7uiaG01/KWofn4JzzrlX3MfhKsUBaEDTUXwDGw0RAEHQXb3rvfiIjCQBcpy8kM1fBR97K5LFJzZ2/qf2bPGs0yxma1O0Z6TT/2Uk2n62jK2xIM7gvTjPOVDP2etHKVxMpMjhTAbRj4K3568HZM/POBC5AORLAtBAo14CNxRMN8f05Gs13wn9ZI+pqiaOpTTnfH1xL9fd/6I03utzMKnoR8IVhrQLDLT6OAIkdeJX8s99R/J/nTOApk3XACWqjmMTcWtwt6g3x2iTk/1jTTn70rYVr8JLHHCt+bd5H/eDUiq9HpG1oFEZPXuvgATOovru0YVtmVx+yea0jWpJOsK+/SZjYAfvAKh0ZNr8dKHug/gGEpp6SfFBI+c4ywR1kM83OUHLaI/dOU9rLeCKktB+UcvTPoLhHLbTAlTrizeRmYY16Z1a+47LvwX944js3TZZkxqylz73cekWidYiiLNbiHwACftOK/GwZCG0WrVfcSi6pJYDgPgbcqFohaKI7ltKZgTlHGT1mZr1IH1RnauZmN/MkBEKVHO3E/PFgKkWNcXQi4uV2P3j8aHHc0RJrxx7qAFFXCYEwu02pv9nmul/HClLMmDYHDY1lHZvIIyPcsmr1ZkCFRV4UtnZRtXhHNAZCGFRX+y5HQXnubjPmV5I2R/gcLLi//2vIE6V2i8SpEJZlVweLpjRYwb6H6xFTuvHN+9Y5pd3rFx2BapR0AzYdOXUVqKF5ewrfE/1iitsEeDJj8OqmNzpmLBrnROnPyPh/+KGWBG5Nm4QKVMhP7XN1F+Fr7sTxw1ignXsfSwH8v/ELMzxVLu3ijWxvmk3/eOsrKYB/x3h6I1SFWZUoTjVPAmlNAnYl90Xf+FMPiII11+zrYwsJbCh25gmSvtKR+hmoTxXbJ2w5E2cFoVHMBOmS8Uo8L0BDOUzUE64cPl/v119BafVUOohLF1l3Ob19td+sMvqX8OHLGgB+/r6jKmUPnNNEzbDAogMydcVVjtPRIoDScw4ExxuxILN4/V+VulyAgU29OvFWS6+r5Y+bjqgqMg55Of0le3HUqt65qMuqiaUR5P/9WP+H666GsYTSg5I5gPJv0FF6tqXCWE9mpQ4sk2/BiWWaNeojxyhyH/cv4fbUmcee6K3+P+liXyFGGAWdBP5uGb+BzIfSaXVN3xEBPWAAe+BMkJrxbc6FSS12Wkh+bLM+NJH7XaoDl6+8LtF3bstsCoXvQgNlXHlbt4/aIIFEBShlYSQwLMDcey1VB4pu4SBv2HXwaX9zXPd+MGH77DeQU4yBkrElly51/68yzdSGpe6mNFy57Hc3UJBW1pNbds5Gxu+jFbQ6Phxvn38u9V8cphjxzgig0uZjkKHYx0EwFjBqmfrP0hQDnpcyg5QCPhnXOthmVL4jkJs3OrRHhoYRgbXpaVRMpVMLFeeSqcQABaRK5ibpB81WP8yCJPIMsbWW7sDTCiIyLq6qW5pKNq8/l3sq042+6bJgJ3CfDYdNKJCTF/09F5JKkpXeIxL4MGqvg5nOoyiahDQsUzMT3dwGg7IWqxQidcJ576XSBkR2qNwUrl6qq87JP+Zo3RJbA5bpPubm6sUonWE3hRGg4LWceVBO34J/wutWVt4W7dXnK5WVhJv8UHJcbgWR9dMpWkbeMpakqlRRLOTibztMFkx3xyIMmZS+cNyhRyatw+DwX/opuY+bl8X4yKgNOuW/w6r06r4MrL78MTjqZDQ4xkCSL3x3KWr2Tf4lAX6sdwKTzdBdzvFuLeuijngrvRYRyk/3jk/o4ujfHMdrergMjlP5Js7ICZSLhXHHOc2Hc5oPaBIx59r6FynA+W6ROmk5kVF2BNkRlP6/oV5Apn3MMUnDc4YjHaowt8UVkIHZOEL8hxymYDR4g9y1wOoIwKCorBQa5jsXH+AEop3hlsv4uqzrrcGGQhfQEW0Vb1fG4N0VAyWEodaw7wOY3XCrW7yHjIgRM3Is+juT7jMeACW+OQuvQHTS/9bc9n9sXjjVwsvoHROLxsXMFO9HablXaEKzFL1oGXpnavYf/MuZMwALsPish2Mmj9fONNMBo1yYy/j+8GzHCqByDS1ZPnlzPQD0ztGNwNfOOhNOqamqaE9GNHv92yQIf/KKGhnjFH/I9IlzA28eaaSVql/1vdhRAI2G1WxpgyQ1ryRPLYHA/Qw9OYrb+jIxHj9uqfohShgIqnv6TCXRmByfyU6Te3oqKLyezKj7tPCqv1la1ostycmE4msAs4EI7pe1OZcRulPkUJrZCPkvo+EYTw8AfGmwHFb5foQ4wk8pkjTvo1zHmjy0GjMAZpcmDHfyHAyoaED6DUKAHRBbMdSqQJWmzhHkzn5oRCR6UlWSyxRZ1wBIKn+T+kcn28XiLlJrJVK3n2CQkE1c3EfFemnimo0Yc9yNQZygfZjr2W2TnmtAZ5jHiMmv7E8CPxBQBd/pf29z/uAEwQIqVFSHxkVaVjHW5wlhfWwOuj0xZFly,iv:mXE8xpXFBYSJce9pg+g3OedMS9+ZHOHHwydCY0NbGRQ=,tag:cEqbUu9Y1PFKXwaeqioXWA==,type:str] @@ -8,7 +9,7 @@ ssh_host_rsa_key_pub: ENC[AES256_GCM,data:N60bGf/6KNRhVUq1EIbPVo3aBDDKEpMBr5+Gt3 #ENC[AES256_GCM,data:QOMW5ALQD+CIXyqRAUzZfv42HvMfq9qiTho=,iv:/KlPuB6aBBhdMvJ9kYClfFRBMC0bSF16/EKrnH/Ifsk=,tag:Wwfk7YnNvla06I2/ajTd4g==,type:comment] #ENC[AES256_GCM,data:6/aUsWY875jPKZZiJLL3TWYeZT9VOjoJBDwjRTfjnUHcc/NTTeQRPvb+keJeMt5kfWmAzieYpslvz21UktTKqHO/,iv:+zwyh6nAP7DRhQX48/BmMCbv3W3wKfUiAWCvu8UvS8A=,tag:doc142ZXZO6ajPcuWftdtA==,type:comment] #ENC[AES256_GCM,data:GG3qBrBJSmJfUun5+0fKkp7J280oW3r5tGGjm9UMolUsZCYYv5E=,iv:gFGxT9Jr/d3fVouWEphJUxW/Hid8dAIvldkxYHb9DvM=,tag:DkgD7SIgIYyk5Ne/lGWcwQ==,type:comment] -wlan0_wpaPskFile: ENC[AES256_GCM,data:vVr1XQnlLcD3y7Cglta1vvBDyqIxvx0eR2X/rye1so3wYsH/Nhoy4AAa8X+CSjrXYSa0j/Sv1obbzoWxQbSvfTtM+Yx1woMoLosB3wjCB4XBtHQ0X1kQK6x6DsdrAT752mTGojaAlCoKqAXxC2uGT0dUnN8EapPejEYXrJnr4l604/Ku2/q2/+YPy3W3nKQirZjcv/5ugRr2cCFqmyseQAH9JmeaHrkDnrReyePCTIKKmbH4NTMrPR3+mTPmj7dmccKjooP3V44ZQbTZ1iPKT9p40pZQWy5mw60SM1YMd/mvf1DAfWuKSNZn5/JS/iDSUcMZVVpcIQs8EYddxEmVXMiDk2iEqcsksiEzJO6XhmTSDoThQoJwsra+tg==,iv:3iXEQv7hW7NBwD+1SkZq9z25eIavtM9pMxGi04f/a4g=,tag:x2aD4eySjODkuqXo+G/7Dg==,type:str] +wlan0_wpaPskFile: ENC[AES256_GCM,data:yB/1MLibWzQuV+LnM01DoOaImu6aCHB9TMsIDaby9MxjRCQNuI7qxc5dvTQ3RtA1V6at97r3ufw0W2Vwtkf8Mu3l/UL33nWoX8n4RAykF5HkDK+l1hzdW+41wZMZPc+NDE6ZgMSNG3N9gipHSjYQ+vU6KPX9RQwWTUbJiWWYtii+hi9NXMa7sBvjl1WUQtrKdAmc+7flAEFxOY1pOvkj87yOQDybQYdx268Gh2wkfgtacet4zwWvC/VGNrN2p3Eub8S16vHAZZKeW+2rr4U/GiOeS65CSk9srOGwlD6IboTUXSAoSChJmevnm+cgkzZsuOKS7knEZPjQ+l2Z+K4l3FnB8+CVvHw/DlUAG0pFgw49NfBGczGSAFh34b0k,iv:2AkphYXeupcDvB5KXlnuC7QsVJdBZHnR684045DJtfw=,tag:YFNcunSPVJUSLIPTTQ7szA==,type:str] wg0-privatekey: ENC[AES256_GCM,data:5/5llD0itgdKhZ53IbtkwfhO+qUI+/xBCxnfQOg9yjS7knvUINURY7rl/F8=,iv:86t6XuY4a1rHY3kmC3XB6WwwPZVWAyM2saGqEZaHdJ0=,tag:4xemlclKI4RIxAe60HGuuQ==,type:str] wg0-publickey: ENC[AES256_GCM,data:D/RU+43/bYhg1lRZE9zA52AIWGd2KRF0EQcvteS4CtQN0Yy65vjGqVEkjyk=,iv:BmS0TfUQXRt1tdWBBKIUi+DqXCLTXePzbq4dUYSlQQw=,tag:qglrKjhcSBPtqNd6YCMlPQ==,type:str] wg0-peer0-psk: ENC[AES256_GCM,data:859rOfvyaeaH07s06IT2qJZjXcWZiXazQPUImYOMngTj+xNop8UHX0iDegA=,iv:V7cR9mGQrk6aKctY+1egYFhBiveqc0OwrQSJxByk0zk=,tag:WF5via8rVm8Leol5rANPqQ==,type:str] @@ -30,8 +31,8 @@ sops: S0Y0WjA5eXovc2pUUzdUY0ZEZVN1dkUKNuvEcQ5lmVUNan4fj0tfwXc3JUfV8opV KCBiiPEIBRwryWg7CLo7qgFU9nRTnA7Wjjo2vnh9nLLnIjNSmc/ECQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-26T07:56:29Z" - mac: ENC[AES256_GCM,data:vNe8pUFhcZyeh/T1o1PQGvpQEEV4pEXSqC+Ssi7RXZfHe33hmhJoOyfj1KytJnUAE22BWXzuNQdwMj+mmuUP8bAdgLZPWZjU3g2H7O6NTOUHHBymZSXnMvzzPBlHZDw9GzUkgEdbze/SLzEL6ZjplBIr+DOEDfkC9TsDokie+f4=,iv:HhHJXk+mo6WxKIs41wtCVwxG2j3C+em3dR6fDNnhMn4=,tag:Wzr21Rk7hB7+6zK6XfWbig==,type:str] + lastmodified: "2025-02-05T09:44:59Z" + mac: ENC[AES256_GCM,data:P2bEHq4ZBg2Y8RPmUSuIOxWxJdYTUpTD5nXv3vqAHOU0t5ZlyOjFUPYejGBLdvd++v+plwo4lYG4/JJ3/LFIM/n2f1kFOOPSIt6yox6oYHHzJRly2kBfyIpUz4q+1c/xhMjpcQdAlWEdIQLm80BMUpny9y2KhVYot9TvTNTSkxM=,iv:uso8kcW8gildOD7FF1Xvage2dccQ8GkMI6nDCaUw2qc=,tag:urKtsRoGqwoZzk7DuMCINw==,type:str] pgp: - created_at: "2024-12-24T19:36:20Z" enc: |- @@ -49,4 +50,4 @@ sops: -----END PGP MESSAGE----- fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.1 From 1429fd02a46656319675b9bc77dbedcc94caa796 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 11 Feb 2025 10:10:00 +0100 Subject: [PATCH 261/305] nix/os/devices/sj-srv1: bump versions --- nix/os/devices/sj-srv1/flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/nix/os/devices/sj-srv1/flake.lock b/nix/os/devices/sj-srv1/flake.lock index 623708a..ca3df1d 100644 --- a/nix/os/devices/sj-srv1/flake.lock +++ b/nix/os/devices/sj-srv1/flake.lock @@ -23,11 +23,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1737404927, - "narHash": "sha256-e1WgPJpIYbOuokjgylcsuoEUCB4Jl2rQXa2LUD6XAG8=", + "lastModified": 1739055578, + "narHash": "sha256-2MhC2Bgd06uI1A0vkdNUyDYsMD0SLNGKtD8600mZ69A=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ae584d90cbd0396a422289ee3efb1f1c9d141dc3", + "rev": "a45fa362d887f4d4a7157d95c28ca9ce2899b70e", "type": "github" }, "original": { @@ -39,11 +39,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1737621708, - "narHash": "sha256-EJRzBfAi7XlPlyQuGgyCctX6PpR1P7nMnRxrHOnfXj0=", + "lastModified": 1739263600, + "narHash": "sha256-f0k9Kf+kpRqieSf9nlRMLyWe5oujqSOwaNWSyfwMiIE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f0413353abad5d3826571102243795bb80ed5444", + "rev": "f9e486552fc8213d31cadd772fc883789f76199d", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1737597992, - "narHash": "sha256-FECKBxkd+w5I/fhsquthDiw/r/MdCpqmKikBU9yQGug=", + "lastModified": 1739184465, + "narHash": "sha256-7Z9kNbr6qZwPG1z/6Hn/re4SS9nu1krxyknyNeCBh/o=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d0bb4699177f691c8e558b32b3bdc38bc112f76f", + "rev": "58edd1e2acbc9be9fe29964344c6419db013141e", "type": "github" }, "original": { From 49ae6f1854f607945173aff83d14f6895e8474bd Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 11 Feb 2025 13:24:14 +0100 Subject: [PATCH 262/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 42 +++++++++++++------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 5f6abae..35b4497 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -3,11 +3,11 @@ "ath11k-firmware": { "flake": false, "locked": { - "lastModified": 1733258345, - "narHash": "sha256-th2svNLc74sVI/P+y1/Yck1IW+RIUnxL+NF2HLrsSxI=", + "lastModified": 1738780660, + "narHash": "sha256-xDKtJUEksN/kuL49AtTyerCKn1XCJQH3zzcQV+m7r5Q=", "ref": "refs/heads/main", - "rev": "ff9dd08208c5705a3867fc132dcedb5d31c901e2", - "revCount": 163, + "rev": "ae4407c02a434534590dec3e0ef26b371fd7888b", + "revCount": 165, "type": "git", "url": "https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git" }, @@ -44,11 +44,11 @@ ] }, "locked": { - "lastModified": 1737038063, - "narHash": "sha256-rMEuiK69MDhjz1JgbaeQ9mBDXMJ2/P8vmOYRbFndXsk=", + "lastModified": 1738765162, + "narHash": "sha256-3Z40qHaFScWUCVQrGc4Y+RdoPsh1R/wIh+AN4cTXP0I=", "owner": "nix-community", "repo": "disko", - "rev": "bf0abfde48f469c256f2b0f481c6281ff04a5db2", + "rev": "ff3568858c54bd306e9e1f2886f0f781df307dff", "type": "github" }, "original": { @@ -181,16 +181,16 @@ "linux-jhovold": { "flake": false, "locked": { - "lastModified": 1737386371, - "narHash": "sha256-FIbwr2WKslYbC/AIBNcUgoEpDm0aB8knhHYQ6m2bu6k=", + "lastModified": 1739194097, + "narHash": "sha256-vPoE9Hu2dXqZh7n0BMQwXx9Q2pFRdsu17bhFaHrgi8Q=", "owner": "jhovold", "repo": "linux", - "rev": "5602f2f7c53f5c0d2566f493224b82f55ed68abb", + "rev": "7a06e4bfc53f53969db374662de9e5f43e3c3d1d", "type": "github" }, "original": { "owner": "jhovold", - "ref": "wip/sc8280xp-6.13", + "ref": "wip/sc8280xp-6.14-rc2", "repo": "linux", "type": "github" } @@ -206,11 +206,11 @@ ] }, "locked": { - "lastModified": 1735206569, - "narHash": "sha256-U6iAzHxCpqT4x3zUfA9keoe8Gw0iy7INJS8Wt3fSPF4=", + "lastModified": 1739197353, + "narHash": "sha256-KhXCjlXYX1DIFjbDtFsR2WOeUvsrsYao06u9ixl+kM8=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "78dcb1a8f2808bcc23f11ac7123a837eda3f6369", + "rev": "f58df6c244826a43897efe9471b165ddf8d7480a", "type": "github" }, "original": { @@ -264,11 +264,11 @@ "x13s-bt-linux-firmware": "x13s-bt-linux-firmware" }, "locked": { - "lastModified": 1737753654, - "narHash": "sha256-y4KjuDsLZ9bNwF+7fmDBSDjhZSXQykewS0ncxNoeNvA=", + "lastModified": 1739273873, + "narHash": "sha256-Gjyp1W1YIGcnXUOIZLHwVHvrhfidxMAGNfDYHcpYwjM=", "ref": "bump", - "rev": "fe236e55c5fcdb8fb194ade6dc62ab67f396537e", - "revCount": 135, + "rev": "6784c72db5476449c9be197ed1bfd4fa9bf8b6a7", + "revCount": 136, "type": "git", "url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git" }, @@ -308,11 +308,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1737672001, - "narHash": "sha256-YnHJJ19wqmibLQdUeq9xzE6CjrMA568KN/lFPuSVs4I=", + "lastModified": 1739055578, + "narHash": "sha256-2MhC2Bgd06uI1A0vkdNUyDYsMD0SLNGKtD8600mZ69A=", "owner": "nixos", "repo": "nixpkgs", - "rev": "035f8c0853c2977b24ffc4d0a42c74f00b182cd8", + "rev": "a45fa362d887f4d4a7157d95c28ca9ce2899b70e", "type": "github" }, "original": { From e658e27576de749c8ef19abdee2642d045002757 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 14 Feb 2025 16:46:06 +0100 Subject: [PATCH 263/305] bump nix_direnv --- .envrc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.envrc b/.envrc index fd277e4..90160da 100644 --- a/.envrc +++ b/.envrc @@ -1,5 +1,5 @@ -if ! has nix_direnv_version || ! nix_direnv_version 3.0.5; then - source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.5/direnvrc" "sha256-RuwIS+QKFj/T9M2TFXScjBsLR6V3A17YVoEW/Q6AZ1w=" +if ! has nix_direnv_version || ! nix_direnv_version 3.0.6; then + source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.6/direnvrc" "sha256-RYcUJaRMf8oF5LznDrlCXbkOQrywm0HDv1VjYGaJGdM=" fi use flake .#develop From c0daa9e6e9b96558e81e0e1fcbef69ae1e7ce5a8 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 14 Feb 2025 16:46:28 +0100 Subject: [PATCH 264/305] chore: bump and reconfigure treefmt-nix, include just fmt --- .vscode/settings.json | 7 +- Justfile | 432 +++++++++--------- flake.nix | 15 +- nix/devShells.nix | 10 +- nix/home-manager/programs/firefox.nix | 15 +- nix/os/devices/router0-dmz0/flake.nix | 11 +- nix/os/devices/steveej-x13s/configuration.nix | 1 - nix/os/devices/steveej-x13s/flake.nix | 9 +- nix/os/profiles/install-medium/iso/Justfile | 2 +- secrets/router0-dmz0/secrets.yaml | 66 +-- secrets/shared-users.yaml | 228 ++++----- services/home-ch/router-family.lan/Justfile | 18 +- services/home-ch/router-wan.dmz/Justfile | 12 +- 13 files changed, 419 insertions(+), 407 deletions(-) diff --git a/.vscode/settings.json b/.vscode/settings.json index 28f81bc..660429d 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -11,11 +11,10 @@ "ignored": ["unused_binding", "unused_with"] }, "formatting": { - "command": ["treefmt-nix", "--stdin", ".nil.nix"] + "command": ["treefmt", "--stdin", ".nil.nix"] } } }, - "[nix]": { - "editor.defaultFormatter": "jnoortheen.nix-ide" - } + "treefmt.command": "treefmt", + "treefmt.config": "" } diff --git a/Justfile b/Justfile index d48ce8c..3521e0b 100755 --- a/Justfile +++ b/Justfile @@ -2,316 +2,316 @@ # echo "{{invocation_directory()}}/nix/variables/versions.tmpl.nix" _usage: - just -l + just -l # Re-render the default versions update-default-versions: - nix flake update + nix flake update _get_nix_path versionsPath: - echo $(set -x; nix-build --no-link --show-trace {{invocation_directory()}}/nix/default.nix -A channelSources --argstr versionsPath {{versionsPath}}) + echo $(set -x; nix-build --no-link --show-trace {{ invocation_directory() }}/nix/default.nix -A channelSources --argstr versionsPath {{ versionsPath }}) _device recipe dir +moreargs="": - #!/usr/bin/env bash - set -ex - unset NIX_PATH - source $(just -v _get_nix_path {{invocation_directory()}}/{{dir}}/versions.nix) - $(set -x; nix-build --no-link --show-trace $(dirname {{dir}})/default.nix -A recipes.{{recipe}} --argstr dir {{dir}} {{moreargs}}) + #!/usr/bin/env bash + set -ex + unset NIX_PATH + source $(just -v _get_nix_path {{ invocation_directory() }}/{{ dir }}/versions.nix) + $(set -x; nix-build --no-link --show-trace $(dirname {{ dir }})/default.nix -A recipes.{{ recipe }} --argstr dir {{ dir }} {{ moreargs }}) _render_templates: - #!/usr/bin/env bash - set -ex - if ! ip route get 1.1.1.1; then - echo No route to WAN. Skipping template rendering... - else - source $(just -v _get_nix_path {{invocation_directory()}}/nix/variables/versions.nix) - # nix/scripts/pre-eval-fixed.sh nix/home-manager/profiles/dotfiles/vcsh{.tmpl,}.nix - fi + #!/usr/bin/env bash + set -ex + if ! ip route get 1.1.1.1; then + echo No route to WAN. Skipping template rendering... + else + source $(just -v _get_nix_path {{ invocation_directory() }}/nix/variables/versions.nix) + # nix/scripts/pre-eval-fixed.sh nix/home-manager/profiles/dotfiles/vcsh{.tmpl,}.nix + fi rebuild-remote-device device +rebuildargs="dry-activate": - #!/usr/bin/env bash - set -ex - nix run .#colmena -- apply --impure --on {{device}} {{rebuildargs}} + #!/usr/bin/env bash + set -ex + nix run .#colmena -- apply --impure --on {{ device }} {{ rebuildargs }} # Rebuild this device's NixOS rebuild-this-device +rebuildargs="dry-activate": - nix run .#colmena -- apply-local --impure --sudo {{rebuildargs}} + nix run .#colmena -- apply-local --impure --sudo {{ rebuildargs }} # Re-render the versions of a remote device and rebuild its environment update-remote-device devicename +rebuildargs='build': - #!/usr/bin/env bash - set -e + #!/usr/bin/env bash + set -e - ( - set -xe - cd nix/os/devices/{{devicename}} - nix flake update - ) + ( + set -xe + cd nix/os/devices/{{ devicename }} + nix flake update + ) - just -v rebuild-remote-device {{devicename}} {{rebuildargs}} + just -v rebuild-remote-device {{ devicename }} {{ rebuildargs }} - git commit -v nix/os/devices/{{devicename}}/flake.{nix,lock} -m "nix/os/devices/{{devicename}}: bump versions" + git commit -v nix/os/devices/{{ devicename }}/flake.{nix,lock} -m "nix/os/devices/{{ devicename }}: bump versions" # Re-render the versions of the current device and rebuild its environment update-this-device rebuild-mode='switch' +moreargs='': - #!/usr/bin/env bash - set -e + #!/usr/bin/env bash + set -e - ( - set -xe - cd nix/os/devices/$(hostname -s) - nix flake update - ) + ( + set -xe + cd nix/os/devices/$(hostname -s) + nix flake update + ) - just -v rebuild-this-device {{rebuild-mode}} {{moreargs}} + just -v rebuild-this-device {{ rebuild-mode }} {{ moreargs }} - git commit -v nix/os/devices/$(hostname -s)/flake.{nix,lock} -m "nix/os/devices/$(hostname -s): bump versions" + git commit -v nix/os/devices/$(hostname -s)/flake.{nix,lock} -m "nix/os/devices/$(hostname -s): bump versions" # Rebuild an offline system rebuild-disk device: - #!/usr/bin/env bash - set -xe + #!/usr/bin/env bash + set -xe - just -v disk-mount {{device}} - trap "set +e; just -v disk-umount {{device}}" EXIT - just -v disk-install {{device}} + just -v disk-mount {{ device }} + trap "set +e; just -v disk-umount {{ device }}" EXIT + just -v disk-install {{ device }} # Re-render the versions of the given offline system and reinstall it in offline-mode update-disk dir: - #!/usr/bin/env bash - set -exuo pipefail + #!/usr/bin/env bash + set -exuo pipefail - dir={{dir}} + dir={{ dir }} - template={{dir}}/versions.tmpl.nix - outfile={{dir}}/versions.nix + template={{ dir }}/versions.tmpl.nix + outfile={{ dir }}/versions.nix - if ! test -e ${template}; then - template="$(just _DEFAULT_VERSION_TMPL)" - fi + if ! test -e ${template}; then + template="$(just _DEFAULT_VERSION_TMPL)" + fi - esh -o ${outfile} ${template} - if ! test "$(git diff ${outfile})"; then - echo Already on latest versions - exit 0 - fi + esh -o ${outfile} ${template} + if ! test "$(git diff ${outfile})"; then + echo Already on latest versions + exit 0 + fi - export SYSREBUILD_LOG=.{{dir}}_sysrebuild.log - just -v rebuild-disk {{dir}} || { - echo ERROR: Update of {{dir}} failed, reverting ${outfile}... - exit 1 - } + export SYSREBUILD_LOG=.{{ dir }}_sysrebuild.log + just -v rebuild-disk {{ dir }} || { + echo ERROR: Update of {{ dir }} failed, reverting ${outfile}... + exit 1 + } - git commit -v ${outfile} -m "${dir}: bump versions" + git commit -v ${outfile} -m "${dir}: bump versions" # Iterate on a qtile config by running it inside Xephyr. (un-/grab the mouse with Ctrl + Shift-L) hm-iterate-qtile: - #!/usr/bin/env bash - set -xe - home-manager switch || just -v rebuild-this-device switch - Xephyr -ac -br -resizeable :1 & - XEPHYR_PID=$! - echo ${XEPHYR_PID} - DISPLAY=:1 $(grep qtile ~/.xsession) & - echo "Xephyr started. un-/grab the mouse with Ctrl + Shift-L" - wait $! - kill ${XEPHYR_PID} + #!/usr/bin/env bash + set -xe + home-manager switch || just -v rebuild-this-device switch + Xephyr -ac -br -resizeable :1 & + XEPHYR_PID=$! + echo ${XEPHYR_PID} + DISPLAY=:1 $(grep qtile ~/.xsession) & + echo "Xephyr started. un-/grab the mouse with Ctrl + Shift-L" + wait $! + kill ${XEPHYR_PID} # !!! DANGERIOUS !!! This wipes the disk which is configured for the given device. disk-prepare dir: - just -v _device diskPrepare {{dir}} + just -v _device diskPrepare {{ dir }} disk-relabel dir previous: - just -v _device diskRelabel {{dir}} --argstr previousDiskId {{previous}} + just -v _device diskRelabel {{ dir }} --argstr previousDiskId {{ previous }} # Mount the target disk specified by device configuration directory. The 'dir' argument points to a device configuration, e.g. 'nix/os/devices/steveej-live-mmc-SL32G_0x259093f6' disk-mount dir: - just -v _device diskMount {{dir}} + just -v _device diskMount {{ dir }} + # Unmount target disk, specified by device configuration directory disk-umount dir: - just -v _device diskUmount {{dir}} + just -v _device diskUmount {{ dir }} # Perform an offline installation on the mounted target disk, specified by device configuration directory disk-install dir: _render_templates - just -v _device diskInstall {{dir}} - + just -v _device diskInstall {{ dir }} verify-n-unlock sshserver attempts="10": - #!/usr/bin/env bash - set -e - env \ - GETPW="just _get_pass_entry Infrastructure/VPS/{{sshserver}} DRIVE_PW" \ - SSHOPTS="$(just _get_pass_entry Infrastructure/VPS/{{sshserver}} SSHOPTS)" \ - VNCSOCK="$(just _get_pass_entry Infrastructure/VPS/{{sshserver}} VNCSOCK)" \ - VNCPW="$(just _get_pass_entry Infrastructure/VPS/{{sshserver}} VNCPW)" \ - \ - just _verify-n-unlock {{sshserver}} {{attempts}} + #!/usr/bin/env bash + set -e + env \ + GETPW="just _get_pass_entry Infrastructure/VPS/{{ sshserver }} DRIVE_PW" \ + SSHOPTS="$(just _get_pass_entry Infrastructure/VPS/{{ sshserver }} SSHOPTS)" \ + VNCSOCK="$(just _get_pass_entry Infrastructure/VPS/{{ sshserver }} VNCSOCK)" \ + VNCPW="$(just _get_pass_entry Infrastructure/VPS/{{ sshserver }} VNCPW)" \ + \ + just _verify-n-unlock {{ sshserver }} {{ attempts }} _verify-n-unlock sshserver attempts: - #!/usr/bin/env bash - set -e - : ${VNCSOCK:?VNCSOCK must be set} - : ${VNCPW:?VNCPW must be set} + #!/usr/bin/env bash + set -e + : ${VNCSOCK:?VNCSOCK must be set} + : ${VNCPW:?VNCPW must be set} - export MAGICK_ARGS="-filter Catrom -density 72 -resample 300 -contrast -normalize -despeckle -type grayscale -sharpen 1 -posterize 3 -negate -gamma 100 -blur 1x65535" - export TESS_ARGS="-c debug_file=/dev/null --psm 4" + export MAGICK_ARGS="-filter Catrom -density 72 -resample 300 -contrast -normalize -despeckle -type grayscale -sharpen 1 -posterize 3 -negate -gamma 100 -blur 1x65535" + export TESS_ARGS="-c debug_file=/dev/null --psm 4" - function send() { - local what="${1:?need something to send}" - ssh -4 ${SSHOPTS:?need sshopts} root@{{sshserver}} "echo -e ${what}>> /dev/tty0" &>/dev/null - } + function send() { + local what="${1:?need something to send}" + ssh -4 ${SSHOPTS:?need sshopts} root@{{ sshserver }} "echo -e ${what}>> /dev/tty0" &>/dev/null + } - function expect() { - local what="${1:?need something to expect}" - vncdo --server=${VNCSOCK} --password=${VNCPW} --disable-desktop-resizing --nocursor capture $PWD/screenshot.bmp - convert ${MAGICK_ARGS} screenshot.bmp screenshot.tiff - tesseract ${TESS_ARGS} screenshot.tiff screenshot - grep --quiet "${what}" screenshot.txt - } + function expect() { + local what="${1:?need something to expect}" + vncdo --server=${VNCSOCK} --password=${VNCPW} --disable-desktop-resizing --nocursor capture $PWD/screenshot.bmp + convert ${MAGICK_ARGS} screenshot.bmp screenshot.tiff + tesseract ${TESS_ARGS} screenshot.tiff screenshot + grep --quiet "${what}" screenshot.txt + } - function send_and_expect() { - local send="${1:?need something to send}" - local expect="${2:?need something to expect}" - if ! send "${send}"; then - echo warning: cannot send > /dev/stderr - return -1 - fi - expect "${expect}" - } + function send_and_expect() { + local send="${1:?need something to send}" + local expect="${2:?need something to expect}" + if ! send "${send}"; then + echo warning: cannot send > /dev/stderr + return -1 + fi + expect "${expect}" + } - trap 'E=$?; set +e; rm screenshot.*; echo Exiting...; kill $(jobs -p | cut -d " " -f 4); exit $E' EXIT + trap 'E=$?; set +e; rm screenshot.*; echo Exiting...; kill $(jobs -p | cut -d " " -f 4); exit $E' EXIT - for i in `seq 1 {{attempts}}`; do - echo Attempt $i... - expect="$(pwgen -0 12)" - send="'\0033\0143'${expect}" - if send_and_expect "${send}" "${expect}"; then - pipe=$(mktemp -u) - mkfifo ${pipe} - exec 3<>${pipe} - rm ${pipe} + for i in `seq 1 {{ attempts }}`; do + echo Attempt $i... + expect="$(pwgen -0 12)" + send="'\0033\0143'${expect}" + if send_and_expect "${send}" "${expect}"; then + pipe=$(mktemp -u) + mkfifo ${pipe} + exec 3<>${pipe} + rm ${pipe} - echo Verification succeeded at attempt $i. Unlocking remote drive... - ssh -4 ${SSHOPTS} root@{{sshserver}} "cryptsetup-askpass" <&3 &>/dev/null & - eval ${GETPW} | head -n1 >&3 + echo Verification succeeded at attempt $i. Unlocking remote drive... + ssh -4 ${SSHOPTS} root@{{ sshserver }} "cryptsetup-askpass" <&3 &>/dev/null & + eval ${GETPW} | head -n1 >&3 - for j in `seq 1 120`; do - sleep 0.5 - if expect '— success'; then - echo Unlock successful. - exit 0 - fi - done + for j in `seq 1 120`; do + sleep 0.5 + if expect '— success'; then + echo Unlock successful. + exit 0 + fi + done - echo Unlock failed... - exit 1 - fi - done - echo Verification failed {{attempts}} times. Giving up... - exit 1 + echo Unlock failed... + exit 1 + fi + done + echo Verification failed {{ attempts }} times. Giving up... + exit 1 _get_pass_entry path key: - pass show {{path}}| grep -E "^{{key}}:" | sed -E 's/^[^:]+: *//g' + pass show {{ path }}| grep -E "^{{ key }}:" | sed -E 's/^[^:]+: *//g' run-with-channels +cmds: - #!/usr/bin/env bash - source $(just -v _get_nix_path {{invocation_directory()}}/nix/variables/versions.nix) - {{cmds}} + #!/usr/bin/env bash + source $(just -v _get_nix_path {{ invocation_directory() }}/nix/variables/versions.nix) + {{ cmds }} install-config config root: - sudo just run-with-channels nixos-install -I nixos-config={{invocation_directory()}}/{{config}} --root {{root}} --no-root-passwd + sudo just run-with-channels nixos-install -I nixos-config={{ invocation_directory() }}/{{ config }} --root {{ root }} --no-root-passwd # Switch between gpg-card capable devices which have a copy of the same key switch-gpg-card: - #!/usr/bin/env bash - # - # Derived from https://github.com/drduh/YubiKey-Guide/issues/19. - # - # Connect the new device and then run this script to make it known to gnupg. - # - set -xe - KEY_ID=$(gpg --card-status | rg sec | rg -o '[0-9A-Z]{16}') + #!/usr/bin/env bash + # + # Derived from https://github.com/drduh/YubiKey-Guide/issues/19. + # + # Connect the new device and then run this script to make it known to gnupg. + # + set -xe + KEY_ID=$(gpg --card-status | rg sec | rg -o '[0-9A-Z]{16}') - # export pubkey and ownertrust - gpg2 --output "${KEY_ID}".pubkey --export "${KEY_ID}" - # if this fails the trust in the key is missing and can be fixed with `gpg --edit-key ${KEY_ID}` - gpg2 --export-ownertrust | rg "${KEY_ID}" > "${KEY_ID}".ownertrust + # export pubkey and ownertrust + gpg2 --output "${KEY_ID}".pubkey --export "${KEY_ID}" + # if this fails the trust in the key is missing and can be fixed with `gpg --edit-key ${KEY_ID}` + gpg2 --export-ownertrust | rg "${KEY_ID}" > "${KEY_ID}".ownertrust - # delete the key - gpg --yes --delete-secret-and-public-keys "${KEY_ID}" + # delete the key + gpg --yes --delete-secret-and-public-keys "${KEY_ID}" - # import pubkey and ownertrust back and cleanup - gpg2 --import "${KEY_ID}".pubkey - gpg2 --import-ownertrust < "${KEY_ID}".ownertrust - rm "${KEY_ID}".{pubkey,ownertrust} + # import pubkey and ownertrust back and cleanup + gpg2 --import "${KEY_ID}".pubkey + gpg2 --import-ownertrust < "${KEY_ID}".ownertrust + rm "${KEY_ID}".{pubkey,ownertrust} - # refresh the gpg agent - gpg-connect-agent "scd serialno" "learn --force" /bye - gpg --card-status + # refresh the gpg agent + gpg-connect-agent "scd serialno" "learn --force" /bye + gpg --card-status # Connect to `remote` UUID, and turn it into a short name uuid-to-device-name remote: - #!/usr/bin/env bash - set -e -o pipefail - ssh {{remote}} 'nix run nixpkgs.dmidecode -c dmidecode -s system-uuid' | xxhsum --quiet -H1 | awk '{print $1}' + #!/usr/bin/env bash + set -e -o pipefail + ssh {{ remote }} 'nix run nixpkgs.dmidecode -c dmidecode -s system-uuid' | xxhsum --quiet -H1 | awk '{print $1}' test-connection: - #! /usr/bin/env nix-shell - #! nix-shell -p curl zsh - #! nix-shell -i zsh - #! nix-shell --pure + #! /usr/bin/env nix-shell + #! nix-shell -p curl zsh + #! nix-shell -i zsh + #! nix-shell --pure - while true; do - FAILURE="false" - output=$( - echo "$(date)\n---" - for url in \ - "https://172.16.0.1:65443/0.7/gui/#/login/" \ - "https://192.168.0.1" \ - "http://172.172.171.9" \ - "https://172.172.171.10:65443" \ - "https://172.172.171.11:65443" \ - "https://172.172.171.13:443" \ - "https://172.172.171.14:443" \ - "http://172.172.171.15:22" \ - "http://172.172.171.16:22" \ - "https://crates.io" \ - "https://holo.host" \ - ; \ - do - print "trying ${url}": $( - curl_output=$(curl --http0.9 -k --head --connect-timeout 0.5 ${url} 2>&1) - # if [ $? -ne 0 ]; then - if [[ "$curl_output" == *timeout* ]]; then - echo failure: $(echo ${curl_output} | tail -n1) - # BUG: outer FAILURE is not set by this - FAILURE="true" - else - echo success - fi - ) - done - ) - clear - echo ${output} + while true; do + FAILURE="false" + output=$( + echo "$(date)\n---" + for url in \ + "https://172.16.0.1:65443/0.7/gui/#/login/" \ + "https://192.168.0.1" \ + "http://172.172.171.9" \ + "https://172.172.171.10:65443" \ + "https://172.172.171.11:65443" \ + "https://172.172.171.13:443" \ + "https://172.172.171.14:443" \ + "http://172.172.171.15:22" \ + "http://172.172.171.16:22" \ + "https://crates.io" \ + "https://holo.host" \ + ; \ + do + print "trying ${url}": $( + curl_output=$(curl --http0.9 -k --head --connect-timeout 0.5 ${url} 2>&1) + # if [ $? -ne 0 ]; then + if [[ "$curl_output" == *timeout* ]]; then + echo failure: $(echo ${curl_output} | tail -n1) + # BUG: outer FAILURE is not set by this + FAILURE="true" + else + echo success + fi + ) + done + ) + clear + echo ${output} - if [[ ${FAILURE} == "true" ]]; then - echo something failed - tracepath -m5 -n1 172.16.0.1 - tracepath -m5 -n1 192.168.0.1 - fi + if [[ ${FAILURE} == "true" ]]; then + echo something failed + tracepath -m5 -n1 172.16.0.1 + tracepath -m5 -n1 192.168.0.1 + fi - sleep 5 - done + sleep 5 + done cachix-use name: - nix run nixpkgs/nixos-unstable#cachix -- use {{name}} -m nixos -d nix/os/ + nix run nixpkgs/nixos-unstable#cachix -- use {{ name }} -m nixos -d nix/os/ update-sops-keys: - for file in $(egrep -lr '"?sops"?:') secrets; do sops updatekeys -y $file; done + for file in $(egrep -lr '"?sops"?:') secrets; do sops updatekeys -y $file; done deploy-router0-dmz0: - NIX_SSHOPTS="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o CheckHostIP=no" nixos-rebuild switch --impure --flake .\#router0-dmz0 --target-host root@192.168.20.1 + NIX_SSHOPTS="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o CheckHostIP=no" nixos-rebuild switch --impure --flake .\#router0-dmz0 --target-host root@192.168.20.1 ttyusb: - screen -fa /dev/ttyUSB0 115200 + screen -fa /dev/ttyUSB0 115200 diff --git a/flake.nix b/flake.nix index 37bd557..1710071 100644 --- a/flake.nix +++ b/flake.nix @@ -278,7 +278,6 @@ }; }; - local-xwayland = pkgs.writeShellScriptBin "local-xwayland" '' set -x ${pkgs.wayland-proxy-virtwl}/bin/wayland-proxy-virtwl \ @@ -287,7 +286,7 @@ --x-display=0 \ # --x-unscale=3 \ --verbose - ''; + ''; in { dcpj4110dwDriver = dcpj4110dw.driver; @@ -355,6 +354,13 @@ shellcheck.enable = true; prettier.enable = true; + just = { + enable = true; + includes = [ + "*/Justfile" + "Justfile" + ]; + }; } // pkgs.lib.optionalAttrs (pkgs.system != "riscv64-linux") { shellcheck.enable = true; }; settings = { @@ -410,7 +416,10 @@ ; }; in - all // { default = all.develop; }; + all + // { + default = all.develop; + }; }; } ); diff --git a/nix/devShells.nix b/nix/devShells.nix index a94d136..f55f056 100644 --- a/nix/devShells.nix +++ b/nix/devShells.nix @@ -93,11 +93,11 @@ self.nixosConfigurations.sj-srv1.config.containers.webserver.config.services.kanidm.serverSettings.origin; shellHook = builtins.concatStringsSep "\n" [ - (self.inputs.nixago.lib.${pkgs.system}.make { - data = self'.formatter.settings; - output = "treefmt.toml"; - format = "toml"; - }).shellHook + # (self.inputs.nixago.lib.${pkgs.system}.make { + # data = self'.formatter.settings; + # output = "treefmt.toml"; + # format = "toml"; + # }).shellHook ]; }; } diff --git a/nix/home-manager/programs/firefox.nix b/nix/home-manager/programs/firefox.nix index 1bffa89..8115434 100644 --- a/nix/home-manager/programs/firefox.nix +++ b/nix/home-manager/programs/firefox.nix @@ -162,7 +162,10 @@ let "devtools.debugger.remote-enabled" = true; # disable translations for some languages - "browser.translations.neverTranslateLanguages" = ["en" "de"]; + "browser.translations.neverTranslateLanguages" = [ + "en" + "de" + ]; "browser.translations.automaticallyPopup" = false; # enable pipewire (and libcamera) sources @@ -300,12 +303,14 @@ let in { nixpkgs.overlays = [ - repoFlake.inputs.nur.overlay + repoFlake.inputs.nur.overlay ]; - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - "youtube-recommended-videos" - ]; + nixpkgs.config.allowUnfreePredicate = + pkg: + builtins.elem (lib.getName pkg) [ + "youtube-recommended-videos" + ]; programs.librewolf = { enable = false; diff --git a/nix/os/devices/router0-dmz0/flake.nix b/nix/os/devices/router0-dmz0/flake.nix index cdad18f..d56e72a 100644 --- a/nix/os/devices/router0-dmz0/flake.nix +++ b/nix/os/devices/router0-dmz0/flake.nix @@ -13,12 +13,11 @@ srvos.url = "github:numtide/srvos"; srvos.inputs.nixpkgs.follows = "nixpkgs"; - nixos-sbc.url = - "github:nakato/nixos-sbc" - # "github:steveej-forks/nakato_nixos-sbc//bpi-r3_kernel-6.12" - # "github:steveej-forks/nakato_nixos-sbc//bpi-r3_kernel-6.13" - # "github:steveej-forks/nakato_nixos-sbc/kernel-6.9_and_cross-compile" - # "github:steveej-forks/nakato_nixos-sbc/kernel-6.10_and_cross-compile" + nixos-sbc.url = "github:nakato/nixos-sbc" + # "github:steveej-forks/nakato_nixos-sbc//bpi-r3_kernel-6.12" + # "github:steveej-forks/nakato_nixos-sbc//bpi-r3_kernel-6.13" + # "github:steveej-forks/nakato_nixos-sbc/kernel-6.9_and_cross-compile" + # "github:steveej-forks/nakato_nixos-sbc/kernel-6.10_and_cross-compile" # "git+file:///home/steveej/src/others/nakato_nixos-sbc/" ; nixos-sbc.inputs.nixpkgs.follows = "nixpkgs"; diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index a4746dc..befd81a 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -6,7 +6,6 @@ config, nodeName, system, - packages', ... }: { diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index eb90b4f..5cb0e60 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -15,8 +15,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - nixos-x13s.url = - "git+https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?ref=bump" + nixos-x13s.url = "git+https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?ref=bump" # 6.13-rc2 # "git+https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?ref=bump&rev=c95058f8aa1b361df3874429c5dc0f694f9cba78" # 6.11.0 @@ -89,8 +88,10 @@ inherit mkNixosConfiguration; }; - overlays.default = _final: _previous: { - }; + overlays.default = + _final: _previous: + { + }; nixosConfigurations = { native = mkNixosConfiguration { system = nativeSystem; }; diff --git a/nix/os/profiles/install-medium/iso/Justfile b/nix/os/profiles/install-medium/iso/Justfile index bcd3c66..099a8aa 100644 --- a/nix/os/profiles/install-medium/iso/Justfile +++ b/nix/os/profiles/install-medium/iso/Justfile @@ -1,2 +1,2 @@ build: - nix-build '' -A config.system.build.isoImage -I nixos-config=iso.nix + nix-build '' -A config.system.build.isoImage -I nixos-config=iso.nix diff --git a/secrets/router0-dmz0/secrets.yaml b/secrets/router0-dmz0/secrets.yaml index 9990851..b797baa 100644 --- a/secrets/router0-dmz0/secrets.yaml +++ b/secrets/router0-dmz0/secrets.yaml @@ -17,37 +17,37 @@ wg1-privatekey: ENC[AES256_GCM,data:Q3zb6oLhBqW+D063S37O2vZD3PSn3yIYWWkOtZwvpmMm wg1-publickey: ENC[AES256_GCM,data:7svFjRVdWBmrUt2qzHSmgBo4HPwJR6I6p3rZg2U+h1uVhQwCnUCH6JATVZs=,iv:xWUKpjmmrf/U8T8XmdL4Ox+aqkftnh8oeORCkhtJoBU=,tag:+k+E13X+EbZxfiq0MoGIEg==,type:str] wg1-peer0-psk: ENC[AES256_GCM,data:egtyccOYD4NAUTunpvVXTJwjtSdJJT8v5O9Wl7NoCKy2eDzrQvrEEK8Zzts=,iv:D7EQkj2Oz2JJIF6slTLq3A4esKN6VfkOA+odHvjSeUE=,tag:z/blOUXX1JOyqtXgMldnlg==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1qju6ms625tlgcjwc9p447seu2p8gu0cr63e5gv5y0wx9mvgmre9slxzzs0 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRNE9VK05aYlRKcXRBak1h - Sk5GS08zUE93U2VSL2FYTTllS3Fjb2I5R1ZZCjFtL1RZUWVvbzdlcnBCN1NJbE5S - QW9paVFDaldhSVh2eitoaStpZU94T2MKLS0tIHV4ajZFdEl0TjFNNXhhTlFBaGMz - S0Y0WjA5eXovc2pUUzdUY0ZEZVN1dkUKNuvEcQ5lmVUNan4fj0tfwXc3JUfV8opV - KCBiiPEIBRwryWg7CLo7qgFU9nRTnA7Wjjo2vnh9nLLnIjNSmc/ECQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-02-05T09:44:59Z" - mac: ENC[AES256_GCM,data:P2bEHq4ZBg2Y8RPmUSuIOxWxJdYTUpTD5nXv3vqAHOU0t5ZlyOjFUPYejGBLdvd++v+plwo4lYG4/JJ3/LFIM/n2f1kFOOPSIt6yox6oYHHzJRly2kBfyIpUz4q+1c/xhMjpcQdAlWEdIQLm80BMUpny9y2KhVYot9TvTNTSkxM=,iv:uso8kcW8gildOD7FF1Xvage2dccQ8GkMI6nDCaUw2qc=,tag:urKtsRoGqwoZzk7DuMCINw==,type:str] - pgp: - - created_at: "2024-12-24T19:36:20Z" - enc: |- - -----BEGIN PGP MESSAGE----- + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1qju6ms625tlgcjwc9p447seu2p8gu0cr63e5gv5y0wx9mvgmre9slxzzs0 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRNE9VK05aYlRKcXRBak1h + Sk5GS08zUE93U2VSL2FYTTllS3Fjb2I5R1ZZCjFtL1RZUWVvbzdlcnBCN1NJbE5S + QW9paVFDaldhSVh2eitoaStpZU94T2MKLS0tIHV4ajZFdEl0TjFNNXhhTlFBaGMz + S0Y0WjA5eXovc2pUUzdUY0ZEZVN1dkUKNuvEcQ5lmVUNan4fj0tfwXc3JUfV8opV + KCBiiPEIBRwryWg7CLo7qgFU9nRTnA7Wjjo2vnh9nLLnIjNSmc/ECQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-02-05T09:44:59Z" + mac: ENC[AES256_GCM,data:P2bEHq4ZBg2Y8RPmUSuIOxWxJdYTUpTD5nXv3vqAHOU0t5ZlyOjFUPYejGBLdvd++v+plwo4lYG4/JJ3/LFIM/n2f1kFOOPSIt6yox6oYHHzJRly2kBfyIpUz4q+1c/xhMjpcQdAlWEdIQLm80BMUpny9y2KhVYot9TvTNTSkxM=,iv:uso8kcW8gildOD7FF1Xvage2dccQ8GkMI6nDCaUw2qc=,tag:urKtsRoGqwoZzk7DuMCINw==,type:str] + pgp: + - created_at: "2024-12-24T19:36:20Z" + enc: |- + -----BEGIN PGP MESSAGE----- - hQEMA0SHG/zF3227AQf/RIzNBL+pVy3msNL8iuGdPXywQhS4JPgP9QqiYu8hqTsw - ja/jx8ShJmLjC5i7D8nwwbUyY1DJTSdHcRblcsROgo4DgthdtuprJlSQIPZhaW5Q - Rbo52yT1LkzypUcSQFIDY2QFpPw2zL3ZmPyIwg7YCI3seNQckv93nZQzpLx2Ifad - hLU0+C8tU94z+sgqLq0OVryZb6taQP/h41niFKHZtemnykA03JIbCmyl1HZDEtRJ - 1xSFpAKAtfzdhR5SfrGYtSBj7FysanfSEi4Gxxp7VcfqBVYTHAOsDLFnFCEwr13H - sopUdgCeZdZTBFgzS+AVb0zcHti/YJ9xUNrIKJXwAdJcAS9w3Y4MqcbEdcFp/CD5 - W8w7WZjHm8ly0qm2DgyQmd3040V64mt5cDe7+8YRqu5cZILyKpRGwUx3ES0eJ+g3 - g2P8+l5NEvzTX3ldXHObOUVebLouZrxd6UjWvUo= - =mYf/ - -----END PGP MESSAGE----- - fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B - unencrypted_suffix: _unencrypted - version: 3.9.1 + hQEMA0SHG/zF3227AQf/RIzNBL+pVy3msNL8iuGdPXywQhS4JPgP9QqiYu8hqTsw + ja/jx8ShJmLjC5i7D8nwwbUyY1DJTSdHcRblcsROgo4DgthdtuprJlSQIPZhaW5Q + Rbo52yT1LkzypUcSQFIDY2QFpPw2zL3ZmPyIwg7YCI3seNQckv93nZQzpLx2Ifad + hLU0+C8tU94z+sgqLq0OVryZb6taQP/h41niFKHZtemnykA03JIbCmyl1HZDEtRJ + 1xSFpAKAtfzdhR5SfrGYtSBj7FysanfSEi4Gxxp7VcfqBVYTHAOsDLFnFCEwr13H + sopUdgCeZdZTBFgzS+AVb0zcHti/YJ9xUNrIKJXwAdJcAS9w3Y4MqcbEdcFp/CD5 + W8w7WZjHm8ly0qm2DgyQmd3040V64mt5cDe7+8YRqu5cZILyKpRGwUx3ES0eJ+g3 + g2P8+l5NEvzTX3ldXHObOUVebLouZrxd6UjWvUo= + =mYf/ + -----END PGP MESSAGE----- + fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/secrets/shared-users.yaml b/secrets/shared-users.yaml index ea85269..428b745 100644 --- a/secrets/shared-users.yaml +++ b/secrets/shared-users.yaml @@ -10,118 +10,118 @@ sharedUsers-radicale: ENC[AES256_GCM,data:Mn1QIwQDX0ZnZ0Jbk1RYY60k+XbbGPYYf+NG3x sharedUsers-elias: ENC[AES256_GCM,data:RsGDCguYkqegKhkO20lr8HjrTABAaNJmDiGK3DhhbX1sOLMweZwDtESvYjCfAOzWpiAaFh0BqevMkuUcEYQTBubSX+X0EZ0dFrdbVxIe7lq7Dosds98SqKLL4zWqe2y2qsphvj+oAz7Utg==,iv:JXIbyqAUt1OcB+bvgK6H2NU6Ip4nWRJ1/Hje75FfHC4=,tag:kPFALVkf1GbRj1J85SZm6Q==,type:str] sharedUsers-justyna: ENC[AES256_GCM,data:BGVp2QppWWaYHK3rwLlyy7SOWxSqKGsn7lemWe0KUzgiQc6D8ivYvXdGaAhJNvhgVTxlK6BZOacG4NESWf5hi7sN8AkwTT/6pa9WzhQQGNnwZIaVulXeddzFlebbh8pAt0WYV82DRejX3Q==,iv:RMysIp0pMnCLhWogWiGq4IpZA43sd0DPj3jeV0oRkY8=,tag:VvXPzyGAoATlSedvV2prJA==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6T2hmV3BOU0M1MTloWktK - YTRXS3lTcERncjNpaFlhRlljNWlJQURmdW1FCmQzNEFFZ2VxTmdmZ21idzZEUHVZ - clFMZU1tTG9kWkNFVzdXK0NYQjVMMnMKLS0tIHVwRzlpR2VwcXlCdUxUbTN4YWcy - Y3dqOXlTeDZRU3YycUtqTXpKcWt4bk0KT71rTNU/kZci9u3NahgR3/fL6IHHxVdu - unIWav0e6cZVQXKw29Pji966zuB5Rv0vb+5LAYsXzC0E6vtiC7kwzA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxM0NiZ1RIekpsY2pDVEh0 - MldzL0Zna045QVY5TnAwYU1rTitQMkxOZ1M4Ck80a2dnTlFxYkZyKzE3emFTa29R - THNTblJuU1g0Zlg1RlhMV0JsY3ZpR0UKLS0tIGhLWFZOcS9za0Riak9QUVZ1dGhZ - SnVNUTJFWnVHTDZKZzFBME5ZZzFBWE0K6jMchwT9eJOqyBhSiyg0XS69KxWc2Xx1 - SJS0acLF+Lcrw0xEr856846P/bH+l/SY4Ii7Mv0b38GOb5KPGra3cA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBENVQ5MHZ3VXBMbUdBTHFN - Z09QTDdyWFpHUG9LWGdqZXhBRm90ZnBsNFhJClJpaTFCaSt6Q0E1UlR0WEljWjVv - UE1LUDZ1by9zYmhibGJHRGpKT2RhbzQKLS0tIEhKYTlTcmw2NDBDVGluc1N0Y2Rl - d2dsU0ZnMFVlYnJtai9UWDJROG9JTWcKeCVOvRWUJutoFOhDLni2CpgKUUvxTFUS - NNozeDy27P+ZZFDHxBGPoJhJmAKt7Vs4FpdAYJM1xeZWd4BgakdUZw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIMWxSQ3ovamNoaFovcDRi - NGVRRGNZZDJoVWdhMDBhRU9VZHNzMUkzV1RFCjgzQ1FDdSsyMWYrZC9iZXBDa1NJ - dThoNms4aW5iQVBzK21URXkrQjFQR3cKLS0tIDFmR2o4OEpxZnJheGJTWHRMNDBV - djkrN0xTR25zeEVjYnpMbllZRHcySGsKvPzezvh4MF5TvrqEAg5z/nDRw8iviIx0 - wcnO7RQZGSZ71Cv0T11dIpAixUE90l5b6xHKdaeS8vtYFTKdw8FjKg== - -----END AGE ENCRYPTED FILE----- - - recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5ZW9HdjNSTE5xWlVWY01R - bXAyWVZhcjlkbFVneXhaVnZOQkQ5amszeDJJCjVWa3lLSWhBUDYyd1N1QlZ3T2Fs - QkN2MDViUGwyV0w4NGJiZHhaQ0VjcW8KLS0tIFNkZnNJbXpFOVZsdjREbWFwQ1RB - RTVML1czWWk1QkYzMlVwOWVXNVRwancKKngA02rNH1ZN2jvJ4QZcN07djYzzqoPo - OFeFoOHOKNz3Obwlxv6eW1bd0AP/MT7VR+cTDdaAxwNf8I1gEC9bjw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1qju6ms625tlgcjwc9p447seu2p8gu0cr63e5gv5y0wx9mvgmre9slxzzs0 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkdG5NWlVURFA0TDhWak5u - R0tmR3JiMThtNnpqM05yQWZTdVAxZTQ4TEcwCndjSlYvMTg1NlRvSHhmdmNMRzhS - MjgwMU5ZcnVnWVplY1lOc1JQNFkxMDQKLS0tIHhHenE2SmdFcC95ampNbmdOSDJX - ZnJLR0RKZ3FrOUxRSU11dlh5ZzBidmcK7PsJYwMJpv9YoaYiN+U20HA2opK2IUnF - elU57b01ZOZM5nfpnyZBdqZO6VRDAZC2h81z+BCNXUQus4SSNQi0aw== - -----END AGE ENCRYPTED FILE----- - - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2bzBRSi9qOEsxR0Z4RTNt - U0VKT0o3b3I0dXJxSHRSVnFiR3BWOUNTR2ljCmlHWWZnTGJKeWNhTWxKaEVrbWdG - M2twejZqaFU2RU8wemVxWHlpQVJYZWcKLS0tIDA5Y1Q0RWJvbUlGUHpKN1BIMGM2 - cGU2bXpEaVNRcko4TVlBMG9KdnJibjQK86rJ3S+JQhD8+gCkr748z1oVy55ukOMv - c408QBFGToOuzvaRbOIb8lhci4ImuSJJE7TZUzgYsADEAaeudDKVtw== - -----END AGE ENCRYPTED FILE----- - - recipient: age10xwq7a4y256yhv02j0u80te0vt4krgfjc68r0uw07t96z7ggmpwqtv38a0 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5WHJjQThud1IzSHk2Z0Zn - L2NybEJyMVdoRWszb0lZTlcyN1ppa1BOSmdzCitZa2thNkJyWWxKU0IxdnhrVXNI - Q2dXL1BST1hzMy9PZWpVcU1lckcvdVkKLS0tIDd1VXBGRmdkdnV6UHdzbU1UMjVB - WjB5akxEeUd2eS95ZnZHSUFXSmNXWncK3VXZqfKo8jat4gbn/5YSL/cV5qILqV5b - E/OBRFStWmfhuCZJzCDhU9a0QJocW+UkkI4XRzDDaN66gEmZe+u7mA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2cE5lLy9ZNXdXb0owcnZk - S0JRSkc4Q2p4bGxPSG14VjlKZ3NMMUpEd2drClBGU0FyaGJ1WCtHVHRzYTFqRXpz - VWJvTlBEcXg4TVVLZzV4djE2bUhIRVEKLS0tICtSTCtNS2dON0pIMHNzWmE5Q253 - c3loYWpFd0h6N3FpdkdpZGdHZjU0aE0K2zsQNBl1jdhLWf1PeGVo+deCc6BwnTo4 - tUg59pWQ5BvwMQx0kjhEoa29S1QUU4Or4erPPoHS5teK4Llv0s2gRQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUNHNvaU5sUDEvd3JGWUFa - VjZDbm9VMXpjQWhCYTRxbUlEREErT0tDUXpRCnN4YXhVVW8zTi9ZZmVUYWwwRHhH - dXd0dnB5WE9sTDZ2R3d4MlFiWlFZcmsKLS0tIENJSTNvNWV3SlVwRk15RDRpNllQ - YmZuei9iVFMvcytqS3podTZZb2g3S0kK+qGQ8LkLO6v8T718dyD5j5CTC+UwBaCn - 9dxkh9MWkKknRL89MHbV9gVG/StiOa+USGqulXEGbapiZ9q1JYCa7A== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-16T19:17:41Z" - mac: ENC[AES256_GCM,data:WWOWqwrUtpJWY7o7M6Aac7B9O6tw91yNiL74Fg0TKq4OH/0TGHI7YJK4c9swXs95jctFvFL9qQPTNEENgnqhJyZJGuc2qTsSaKERsSReaV4gURNEm2J2R52EQkyZXRbrn0oSoDazORqRXQo1KvULV75fyIPtsE1OcU/1/TPkWHY=,iv:XwyR6rM+0eTmKg4+vpQx26iKgKm0NL6siKxLoF3MufM=,tag:ks777fUl7uUgn7W48zBoMg==,type:str] - pgp: - - created_at: "2024-12-24T19:36:21Z" - enc: |- - -----BEGIN PGP MESSAGE----- + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6T2hmV3BOU0M1MTloWktK + YTRXS3lTcERncjNpaFlhRlljNWlJQURmdW1FCmQzNEFFZ2VxTmdmZ21idzZEUHVZ + clFMZU1tTG9kWkNFVzdXK0NYQjVMMnMKLS0tIHVwRzlpR2VwcXlCdUxUbTN4YWcy + Y3dqOXlTeDZRU3YycUtqTXpKcWt4bk0KT71rTNU/kZci9u3NahgR3/fL6IHHxVdu + unIWav0e6cZVQXKw29Pji966zuB5Rv0vb+5LAYsXzC0E6vtiC7kwzA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxM0NiZ1RIekpsY2pDVEh0 + MldzL0Zna045QVY5TnAwYU1rTitQMkxOZ1M4Ck80a2dnTlFxYkZyKzE3emFTa29R + THNTblJuU1g0Zlg1RlhMV0JsY3ZpR0UKLS0tIGhLWFZOcS9za0Riak9QUVZ1dGhZ + SnVNUTJFWnVHTDZKZzFBME5ZZzFBWE0K6jMchwT9eJOqyBhSiyg0XS69KxWc2Xx1 + SJS0acLF+Lcrw0xEr856846P/bH+l/SY4Ii7Mv0b38GOb5KPGra3cA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBENVQ5MHZ3VXBMbUdBTHFN + Z09QTDdyWFpHUG9LWGdqZXhBRm90ZnBsNFhJClJpaTFCaSt6Q0E1UlR0WEljWjVv + UE1LUDZ1by9zYmhibGJHRGpKT2RhbzQKLS0tIEhKYTlTcmw2NDBDVGluc1N0Y2Rl + d2dsU0ZnMFVlYnJtai9UWDJROG9JTWcKeCVOvRWUJutoFOhDLni2CpgKUUvxTFUS + NNozeDy27P+ZZFDHxBGPoJhJmAKt7Vs4FpdAYJM1xeZWd4BgakdUZw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIMWxSQ3ovamNoaFovcDRi + NGVRRGNZZDJoVWdhMDBhRU9VZHNzMUkzV1RFCjgzQ1FDdSsyMWYrZC9iZXBDa1NJ + dThoNms4aW5iQVBzK21URXkrQjFQR3cKLS0tIDFmR2o4OEpxZnJheGJTWHRMNDBV + djkrN0xTR25zeEVjYnpMbllZRHcySGsKvPzezvh4MF5TvrqEAg5z/nDRw8iviIx0 + wcnO7RQZGSZ71Cv0T11dIpAixUE90l5b6xHKdaeS8vtYFTKdw8FjKg== + -----END AGE ENCRYPTED FILE----- + - recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5ZW9HdjNSTE5xWlVWY01R + bXAyWVZhcjlkbFVneXhaVnZOQkQ5amszeDJJCjVWa3lLSWhBUDYyd1N1QlZ3T2Fs + QkN2MDViUGwyV0w4NGJiZHhaQ0VjcW8KLS0tIFNkZnNJbXpFOVZsdjREbWFwQ1RB + RTVML1czWWk1QkYzMlVwOWVXNVRwancKKngA02rNH1ZN2jvJ4QZcN07djYzzqoPo + OFeFoOHOKNz3Obwlxv6eW1bd0AP/MT7VR+cTDdaAxwNf8I1gEC9bjw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1qju6ms625tlgcjwc9p447seu2p8gu0cr63e5gv5y0wx9mvgmre9slxzzs0 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkdG5NWlVURFA0TDhWak5u + R0tmR3JiMThtNnpqM05yQWZTdVAxZTQ4TEcwCndjSlYvMTg1NlRvSHhmdmNMRzhS + MjgwMU5ZcnVnWVplY1lOc1JQNFkxMDQKLS0tIHhHenE2SmdFcC95ampNbmdOSDJX + ZnJLR0RKZ3FrOUxRSU11dlh5ZzBidmcK7PsJYwMJpv9YoaYiN+U20HA2opK2IUnF + elU57b01ZOZM5nfpnyZBdqZO6VRDAZC2h81z+BCNXUQus4SSNQi0aw== + -----END AGE ENCRYPTED FILE----- + - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2bzBRSi9qOEsxR0Z4RTNt + U0VKT0o3b3I0dXJxSHRSVnFiR3BWOUNTR2ljCmlHWWZnTGJKeWNhTWxKaEVrbWdG + M2twejZqaFU2RU8wemVxWHlpQVJYZWcKLS0tIDA5Y1Q0RWJvbUlGUHpKN1BIMGM2 + cGU2bXpEaVNRcko4TVlBMG9KdnJibjQK86rJ3S+JQhD8+gCkr748z1oVy55ukOMv + c408QBFGToOuzvaRbOIb8lhci4ImuSJJE7TZUzgYsADEAaeudDKVtw== + -----END AGE ENCRYPTED FILE----- + - recipient: age10xwq7a4y256yhv02j0u80te0vt4krgfjc68r0uw07t96z7ggmpwqtv38a0 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5WHJjQThud1IzSHk2Z0Zn + L2NybEJyMVdoRWszb0lZTlcyN1ppa1BOSmdzCitZa2thNkJyWWxKU0IxdnhrVXNI + Q2dXL1BST1hzMy9PZWpVcU1lckcvdVkKLS0tIDd1VXBGRmdkdnV6UHdzbU1UMjVB + WjB5akxEeUd2eS95ZnZHSUFXSmNXWncK3VXZqfKo8jat4gbn/5YSL/cV5qILqV5b + E/OBRFStWmfhuCZJzCDhU9a0QJocW+UkkI4XRzDDaN66gEmZe+u7mA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2cE5lLy9ZNXdXb0owcnZk + S0JRSkc4Q2p4bGxPSG14VjlKZ3NMMUpEd2drClBGU0FyaGJ1WCtHVHRzYTFqRXpz + VWJvTlBEcXg4TVVLZzV4djE2bUhIRVEKLS0tICtSTCtNS2dON0pIMHNzWmE5Q253 + c3loYWpFd0h6N3FpdkdpZGdHZjU0aE0K2zsQNBl1jdhLWf1PeGVo+deCc6BwnTo4 + tUg59pWQ5BvwMQx0kjhEoa29S1QUU4Or4erPPoHS5teK4Llv0s2gRQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUNHNvaU5sUDEvd3JGWUFa + VjZDbm9VMXpjQWhCYTRxbUlEREErT0tDUXpRCnN4YXhVVW8zTi9ZZmVUYWwwRHhH + dXd0dnB5WE9sTDZ2R3d4MlFiWlFZcmsKLS0tIENJSTNvNWV3SlVwRk15RDRpNllQ + YmZuei9iVFMvcytqS3podTZZb2g3S0kK+qGQ8LkLO6v8T718dyD5j5CTC+UwBaCn + 9dxkh9MWkKknRL89MHbV9gVG/StiOa+USGqulXEGbapiZ9q1JYCa7A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-16T19:17:41Z" + mac: ENC[AES256_GCM,data:WWOWqwrUtpJWY7o7M6Aac7B9O6tw91yNiL74Fg0TKq4OH/0TGHI7YJK4c9swXs95jctFvFL9qQPTNEENgnqhJyZJGuc2qTsSaKERsSReaV4gURNEm2J2R52EQkyZXRbrn0oSoDazORqRXQo1KvULV75fyIPtsE1OcU/1/TPkWHY=,iv:XwyR6rM+0eTmKg4+vpQx26iKgKm0NL6siKxLoF3MufM=,tag:ks777fUl7uUgn7W48zBoMg==,type:str] + pgp: + - created_at: "2024-12-24T19:36:21Z" + enc: |- + -----BEGIN PGP MESSAGE----- - hQEMA0SHG/zF3227AQgAqL1QC5kKDaMVQQp9Lboe3krFMW6MxBjilO3BvGYoXHKu - kKP4hJomuF8wqkKzwsXZihIoXmc767/lKG7AIIMnMJjShGgIjSU668l0guuxlGdT - r58W+JvA1Hu6LadQ6iPS5dVJgW0MJj5YGG0+EPljHVjFIXOKJff+09jBv2648kDh - SuuDVwFueX88qgKLnGNw/JWsmG6TRb8WPpbtK0zd30Y/guTRdx57+W4GcLz6zs98 - kkU/VwAKy8ghkXlDyG/TBWipgj+xPGvOIRYiddZc6FBE14e5Miyuw4vgtLaYIWpS - aDB0BUbjmCaiVyZ3PF8nzJcUj3thAepkGyGIgPAgCNJcAW0hIzLoYdU9Dt5kxmGf - tCH3/l3nOuqFZ2EFe6xlBuYEfkjCDLMnDD6W4gvJTkOjfYDWuF0TldyfXeGken+J - BYeYA3OGTslhrVlXSPQeY1OqITnbqbPgwLkd7D0= - =Nc6x - -----END PGP MESSAGE----- - fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B - unencrypted_suffix: _unencrypted - version: 3.8.1 + hQEMA0SHG/zF3227AQgAqL1QC5kKDaMVQQp9Lboe3krFMW6MxBjilO3BvGYoXHKu + kKP4hJomuF8wqkKzwsXZihIoXmc767/lKG7AIIMnMJjShGgIjSU668l0guuxlGdT + r58W+JvA1Hu6LadQ6iPS5dVJgW0MJj5YGG0+EPljHVjFIXOKJff+09jBv2648kDh + SuuDVwFueX88qgKLnGNw/JWsmG6TRb8WPpbtK0zd30Y/guTRdx57+W4GcLz6zs98 + kkU/VwAKy8ghkXlDyG/TBWipgj+xPGvOIRYiddZc6FBE14e5Miyuw4vgtLaYIWpS + aDB0BUbjmCaiVyZ3PF8nzJcUj3thAepkGyGIgPAgCNJcAW0hIzLoYdU9Dt5kxmGf + tCH3/l3nOuqFZ2EFe6xlBuYEfkjCDLMnDD6W4gvJTkOjfYDWuF0TldyfXeGken+J + BYeYA3OGTslhrVlXSPQeY1OqITnbqbPgwLkd7D0= + =Nc6x + -----END PGP MESSAGE----- + fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/services/home-ch/router-family.lan/Justfile b/services/home-ch/router-family.lan/Justfile index c599600..c15ed68 100644 --- a/services/home-ch/router-family.lan/Justfile +++ b/services/home-ch/router-family.lan/Justfile @@ -1,12 +1,12 @@ _run_ssh_cmd cmd: - ssh root@router-family.lan "{{cmd}}" + ssh root@router-family.lan "{{ cmd }}" post-setup: - just -v _run_ssh_cmd "opkg update" - just -v _run_ssh_cmd "opkg install luci-ssl luci-app-ddns" - just -v _run_ssh_cmd "opkg install luci-app-samba samba36-server" - just -v _run_ssh_cmd "opkg install block-mount blockd kmod-fs-vfat kmod-usb-storage usbutils kmod-usb-storage-uas kmod-fs-btrfs btrfs-progs" - # multiuser SFTP - just -v _run_ssh_cmd "opkg install openssh-server openssh-sftp-server" - just -v _run_ssh_cmd "opkg install sudo coreutils-readlink" - just -v _run_ssh_cmd "/etc/init.d/uhttpd restart" + just -v _run_ssh_cmd "opkg update" + just -v _run_ssh_cmd "opkg install luci-ssl luci-app-ddns" + just -v _run_ssh_cmd "opkg install luci-app-samba samba36-server" + just -v _run_ssh_cmd "opkg install block-mount blockd kmod-fs-vfat kmod-usb-storage usbutils kmod-usb-storage-uas kmod-fs-btrfs btrfs-progs" + # multiuser SFTP + just -v _run_ssh_cmd "opkg install openssh-server openssh-sftp-server" + just -v _run_ssh_cmd "opkg install sudo coreutils-readlink" + just -v _run_ssh_cmd "/etc/init.d/uhttpd restart" diff --git a/services/home-ch/router-wan.dmz/Justfile b/services/home-ch/router-wan.dmz/Justfile index 921adb4..6f818a8 100644 --- a/services/home-ch/router-wan.dmz/Justfile +++ b/services/home-ch/router-wan.dmz/Justfile @@ -1,9 +1,9 @@ _run_ssh_cmd cmd: - ssh root@router-wan.dmz "{{cmd}}" + ssh root@router-wan.dmz "{{ cmd }}" post-setup: - just -v _run_ssh_cmd "opkg update" - just -v _run_ssh_cmd "opkg install luci-ssl" - just -v _run_ssh_cmd "opkg install luci-app-mwan3" - # multiuser SFTP - just -v _run_ssh_cmd "/etc/init.d/uhttpd restart" + just -v _run_ssh_cmd "opkg update" + just -v _run_ssh_cmd "opkg install luci-ssl" + just -v _run_ssh_cmd "opkg install luci-app-mwan3" + # multiuser SFTP + just -v _run_ssh_cmd "/etc/init.d/uhttpd restart" From 6690b896157f12b4e784e5e1d325c80d77a6f0d2 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 14 Feb 2025 16:48:48 +0100 Subject: [PATCH 265/305] use gimp for wayland from an upstream PR --- flake.lock | 29 +++++++++++++++---- flake.nix | 5 ++++ .../configuration/graphical-fullblown.nix | 3 +- 3 files changed, 30 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index e1a2e8f..2d6529c 100644 --- a/flake.lock +++ b/flake.lock @@ -974,6 +974,22 @@ "type": "github" } }, + "nixpkgs-gimp": { + "locked": { + "lastModified": 1735507908, + "narHash": "sha256-VA+khC0S0di6w5Yv1kBNRpAihnt2prT/ehQzsKMhEoA=", + "owner": "jtojnar", + "repo": "nixpkgs", + "rev": "771cf18187fefcfaababd35834917c621447fee8", + "type": "github" + }, + "original": { + "owner": "jtojnar", + "ref": "gimp-meson", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-kanidm": { "locked": { "lastModified": 1729071019, @@ -1035,11 +1051,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1733212471, - "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", + "lastModified": 1739446958, + "narHash": "sha256-+/bYK3DbPxMIvSL4zArkMX0LQvS7rzBKXnDXLfKyRVc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", + "rev": "2ff53fe64443980e139eaa286017f53f88336dd0", "type": "github" }, "original": { @@ -1296,6 +1312,7 @@ ], "nixpkgs-2211": "nixpkgs-2211", "nixpkgs-2411": "nixpkgs-2411", + "nixpkgs-gimp": "nixpkgs-gimp", "nixpkgs-kanidm": "nixpkgs-kanidm", "nixpkgs-logseq": "nixpkgs-logseq", "nixpkgs-unstable": "nixpkgs-unstable", @@ -1590,11 +1607,11 @@ ] }, "locked": { - "lastModified": 1733222881, - "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", + "lastModified": 1738953846, + "narHash": "sha256-yrK3Hjcr8F7qS/j2F+r7C7o010eVWWlm4T1PrbKBOxQ=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "49717b5af6f80172275d47a418c9719a31a78b53", + "rev": "4f09b473c936d41582dd744e19f34ec27592c5fd", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 1710071..a8cfb9d 100644 --- a/flake.nix +++ b/flake.nix @@ -111,6 +111,8 @@ url = "github:nix-community/NUR"; inputs.nixpkgs.follows = "nixpkgs"; }; + + nixpkgs-gimp.url = "github:jtojnar/nixpkgs/gimp-meson"; }; outputs = @@ -336,6 +338,9 @@ }; inherit local-xwayland; + + inherit (inputs'.nixpkgs-gimp.legacyPackages) gimp; + }; formatter = diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 78d8ff3..c984c54 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -246,8 +246,9 @@ in # libretro.snes9x2010 # retroarchFull - (pkgs.callPackage "${repoFlake.inputs.nixpkgs-logseq}/pkgs/by-name/lo/logseq/package.nix" {}) + (pkgs.callPackage "${repoFlake.inputs.nixpkgs-logseq}/pkgs/by-name/lo/logseq/package.nix" { }) ]) + ++ (with repoFlake.packages.${pkgs.system}; [ gimp ]) ++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [ pkgsUnstable.ledger-live-desktop From b5654b0de19ee69eedfb4da08766064eacc97152 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 17 Feb 2025 15:51:50 +0100 Subject: [PATCH 266/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 35b4497..d6dc600 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -3,11 +3,11 @@ "ath11k-firmware": { "flake": false, "locked": { - "lastModified": 1738780660, - "narHash": "sha256-xDKtJUEksN/kuL49AtTyerCKn1XCJQH3zzcQV+m7r5Q=", + "lastModified": 1739552113, + "narHash": "sha256-jO57Sqz/9BGgTfECm4Cs9yi8uFcd3YxpJjG5J7sj4Z8=", "ref": "refs/heads/main", - "rev": "ae4407c02a434534590dec3e0ef26b371fd7888b", - "revCount": 165, + "rev": "eb147907112ebb2874426f679ed722201548cc33", + "revCount": 167, "type": "git", "url": "https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git" }, @@ -44,11 +44,11 @@ ] }, "locked": { - "lastModified": 1738765162, - "narHash": "sha256-3Z40qHaFScWUCVQrGc4Y+RdoPsh1R/wIh+AN4cTXP0I=", + "lastModified": 1739791827, + "narHash": "sha256-l6ooDEtfzet9qRQxlb5A+H6eY7VPpdiGMwqX0nqD1xM=", "owner": "nix-community", "repo": "disko", - "rev": "ff3568858c54bd306e9e1f2886f0f781df307dff", + "rev": "af4a580628e98302bb922c01e1169ce08d7bee57", "type": "github" }, "original": { @@ -206,11 +206,11 @@ ] }, "locked": { - "lastModified": 1739197353, - "narHash": "sha256-KhXCjlXYX1DIFjbDtFsR2WOeUvsrsYao06u9ixl+kM8=", + "lastModified": 1739291535, + "narHash": "sha256-69p2Eu/3OvKmCtuafv/yPPwsBQJjAfxThk2U+7yTGVQ=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "f58df6c244826a43897efe9471b165ddf8d7480a", + "rev": "f420a9c0c82527ba8deb89c436f8e704bb61920c", "type": "github" }, "original": { @@ -308,11 +308,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1739055578, - "narHash": "sha256-2MhC2Bgd06uI1A0vkdNUyDYsMD0SLNGKtD8600mZ69A=", + "lastModified": 1739624908, + "narHash": "sha256-f84lBmLl4tkDp1ZU5LBTSFzlxXP4926DVW3KnXrke10=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a45fa362d887f4d4a7157d95c28ca9ce2899b70e", + "rev": "a60651b217d2e529729cbc7d989c19f3941b9250", "type": "github" }, "original": { From 867d5552b6764b3a61047ea508a6d1f6502f0137 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 17 Feb 2025 17:16:29 +0100 Subject: [PATCH 267/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index d6dc600..32f5f40 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -181,16 +181,16 @@ "linux-jhovold": { "flake": false, "locked": { - "lastModified": 1739194097, - "narHash": "sha256-vPoE9Hu2dXqZh7n0BMQwXx9Q2pFRdsu17bhFaHrgi8Q=", + "lastModified": 1739778587, + "narHash": "sha256-fMt2Ao9+y71/x7zaUxzpu28M9Ugie6yl4N9lufxhc2Q=", "owner": "jhovold", "repo": "linux", - "rev": "7a06e4bfc53f53969db374662de9e5f43e3c3d1d", + "rev": "a2890743ed6d5cdfd2591cebf2d06af8dfd9180d", "type": "github" }, "original": { "owner": "jhovold", - "ref": "wip/sc8280xp-6.14-rc2", + "ref": "wip/sc8280xp-6.14-rc3", "repo": "linux", "type": "github" } @@ -264,11 +264,11 @@ "x13s-bt-linux-firmware": "x13s-bt-linux-firmware" }, "locked": { - "lastModified": 1739273873, - "narHash": "sha256-Gjyp1W1YIGcnXUOIZLHwVHvrhfidxMAGNfDYHcpYwjM=", + "lastModified": 1739804099, + "narHash": "sha256-CK192CNcOtO0v8y0QT+vpWhlvJ8qm6vSszTBBW7Fu84=", "ref": "bump", - "rev": "6784c72db5476449c9be197ed1bfd4fa9bf8b6a7", - "revCount": 136, + "rev": "4736fc5861dd329e0e41fde67d7cc9452470a368", + "revCount": 137, "type": "git", "url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git" }, From f12d3d85a39baf1eef746c80c6792f245aaea84c Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 17 Feb 2025 17:18:01 +0100 Subject: [PATCH 268/305] chore: nur.overlay update --- nix/home-manager/programs/firefox.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/home-manager/programs/firefox.nix b/nix/home-manager/programs/firefox.nix index 8115434..196ee23 100644 --- a/nix/home-manager/programs/firefox.nix +++ b/nix/home-manager/programs/firefox.nix @@ -303,7 +303,7 @@ let in { nixpkgs.overlays = [ - repoFlake.inputs.nur.overlay + repoFlake.inputs.nur.overlays.default ]; nixpkgs.config.allowUnfreePredicate = From 54655b773d7954321b2af7626ac320dd8a7b039a Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 18 Feb 2025 11:09:50 +0100 Subject: [PATCH 269/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 32f5f40..bfcd633 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -44,11 +44,11 @@ ] }, "locked": { - "lastModified": 1739791827, - "narHash": "sha256-l6ooDEtfzet9qRQxlb5A+H6eY7VPpdiGMwqX0nqD1xM=", + "lastModified": 1739841949, + "narHash": "sha256-lSOXdgW/1zi/SSu7xp71v+55D5Egz8ACv0STkj7fhbs=", "owner": "nix-community", "repo": "disko", - "rev": "af4a580628e98302bb922c01e1169ce08d7bee57", + "rev": "15dbf8cebd8e2655a883b74547108e089f051bf0", "type": "github" }, "original": { @@ -308,11 +308,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1739624908, - "narHash": "sha256-f84lBmLl4tkDp1ZU5LBTSFzlxXP4926DVW3KnXrke10=", + "lastModified": 1739758141, + "narHash": "sha256-uq6A2L7o1/tR6VfmYhZWoVAwb3gTy7j4Jx30MIrH0rE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a60651b217d2e529729cbc7d989c19f3941b9250", + "rev": "c618e28f70257593de75a7044438efc1c1fc0791", "type": "github" }, "original": { From fe7930c50b40e4442faca37f0380656be4da792c Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 18 Feb 2025 18:25:02 +0100 Subject: [PATCH 270/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index bfcd633..a78ec03 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -324,11 +324,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1736274150, - "narHash": "sha256-kucNsE9V9/jTQ3QsTP2+UeIHvmYOomBR0+ecjVSSUfA=", + "lastModified": 1739875727, + "narHash": "sha256-QZCdMYUT4QM0sXLugCNYXRsl9prxBMh4kzg1qdS8Te4=", "owner": "steveej-forks", "repo": "nixpkgs", - "rev": "d8de481c687c467d22ed7b0b398240f806f2c4b9", + "rev": "a5d3e7fdbad883a050e0d780694d0a219675c13f", "type": "github" }, "original": { From d1a0771733a17f4d552738390e1eae09d70f91ae Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 20 Feb 2025 10:32:17 +0100 Subject: [PATCH 271/305] x13s: bump nixpkgs-unstable, use signal from 3rd party flake, add extra-container --- .../configuration/graphical-fullblown.nix | 3 +- nix/home-manager/programs/libreoffice.nix | 8 +- nix/os/devices/steveej-x13s/configuration.nix | 2 + nix/os/devices/steveej-x13s/flake.lock | 86 +++++++++++++++++-- nix/os/devices/steveej-x13s/flake.nix | 10 +++ 5 files changed, 100 insertions(+), 9 deletions(-) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index c984c54..4363d05 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -132,8 +132,7 @@ in # FIXME: depends on insecure openssl 1.1.1t # kotatogram-desktop pkgsUnstable.tdesktop - # TODO: remove or reuse this depending on whether waydroid signal works - pkgsUnstable.signal-desktop + nodeFlake.inputs.signal-desktop.packages.${pkgs.system}.default # Virtualization virt-manager diff --git a/nix/home-manager/programs/libreoffice.nix b/nix/home-manager/programs/libreoffice.nix index 1e846d4..2091dc8 100644 --- a/nix/home-manager/programs/libreoffice.nix +++ b/nix/home-manager/programs/libreoffice.nix @@ -1,4 +1,8 @@ -{ pkgs, ... }: +{ pkgs, nodeFlake, ... }: + +let + pkgsStable = nodeFlake.inputs.nixpkgs-stable.legacyPackages.${pkgs.system}; +in { - home.packages = [ pkgs.libreoffice ]; + home.packages = [ pkgsStable.libreoffice ]; } diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index befd81a..472fcb5 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -83,6 +83,8 @@ ../../snippets/nix-settings-holo-chain.nix ../../snippets/mycelium.nix + nodeFlake.inputs.extra-container.nixosModules.default + # TODO: broken with: v4l2loopback-0.13.2-6.13.0-rc3.drv # make: *** [Makefile:53: v4l2loopback.ko] Error 2 # ../../snippets/obs-studio.nix diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index a78ec03..b92be30 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -56,6 +56,27 @@ "type": "indirect" } }, + "extra-container": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1734542275, + "narHash": "sha256-wnRkafo4YrIuvJeRsOmfStxIzi7ty2I0OtGMO9chwJc=", + "owner": "erikarvstedt", + "repo": "extra-container", + "rev": "fa723fb67201c1b4610fd3d608681da362f800eb", + "type": "github" + }, + "original": { + "owner": "erikarvstedt", + "repo": "extra-container", + "type": "github" + } + }, "flake-compat": { "locked": { "lastModified": 1696426674, @@ -129,6 +150,24 @@ "inputs": { "systems": "systems" }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, "locked": { "lastModified": 1710146030, "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", @@ -199,7 +238,7 @@ "inputs": { "crane": "crane", "flake-compat": "flake-compat", - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nix-filter": "nix-filter", "nixpkgs": [ "nixpkgs" @@ -324,11 +363,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1739875727, - "narHash": "sha256-QZCdMYUT4QM0sXLugCNYXRsl9prxBMh4kzg1qdS8Te4=", + "lastModified": 1739899529, + "narHash": "sha256-+YAryDpuWmJm+xx8xAAGrN7TQoBF/3DSJvhSxFtr7us=", "owner": "steveej-forks", "repo": "nixpkgs", - "rev": "a5d3e7fdbad883a050e0d780694d0a219675c13f", + "rev": "4c624626f381e0cc1aa4e4a052dc6322342b2801", "type": "github" }, "original": { @@ -342,6 +381,7 @@ "inputs": { "ath11k-firmware": "ath11k-firmware", "disko": "disko", + "extra-container": "extra-container", "get-flake": "get-flake", "home-manager": "home-manager", "mycelium": "mycelium", @@ -351,7 +391,28 @@ "nixpkgs-unstable" ], "nixpkgs-stable": "nixpkgs-stable", - "nixpkgs-unstable": "nixpkgs-unstable" + "nixpkgs-unstable": "nixpkgs-unstable", + "signal-desktop": "signal-desktop" + } + }, + "signal-desktop": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1739931434, + "narHash": "sha256-XIcisx/PG/Li6l9A0k7T1ule3yX7VCGBQmKpljbbJmU=", + "owner": "youwen5", + "repo": "signal-desktop-flake", + "rev": "6f0ec210e6a2a0060ad1297d9f5a0871c4aeac36", + "type": "github" + }, + "original": { + "owner": "youwen5", + "repo": "signal-desktop-flake", + "type": "github" } }, "systems": { @@ -369,6 +430,21 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "x13s-bt-linux-firmware": { "flake": false, "locked": { diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 5cb0e60..d703881 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -42,6 +42,16 @@ # url = "github:pdtpartners/nix-snapshotter"; inputs.nixpkgs.follows = "nixpkgs"; }; + + extra-container = { + url = "github:erikarvstedt/extra-container"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + signal-desktop = { + url = "github:youwen5/signal-desktop-flake"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = From 31c3d5ab882ae7a93c1da47b40fd25bab4fa7091 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 28 Feb 2025 23:47:37 +0100 Subject: [PATCH 272/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 108 ++++++++++--------------- nix/os/devices/steveej-x13s/flake.nix | 1 + 2 files changed, 45 insertions(+), 64 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index b92be30..d5aeb83 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -3,11 +3,11 @@ "ath11k-firmware": { "flake": false, "locked": { - "lastModified": 1739552113, - "narHash": "sha256-jO57Sqz/9BGgTfECm4Cs9yi8uFcd3YxpJjG5J7sj4Z8=", + "lastModified": 1740768947, + "narHash": "sha256-tEsr12MppEi8i/YqDSSJffgQ4NgDRIoUwM9r96x3xtI=", "ref": "refs/heads/main", - "rev": "eb147907112ebb2874426f679ed722201548cc33", - "revCount": 167, + "rev": "646e008ec53a8bb9ae16ebf98a65b29eaefd6da4", + "revCount": 170, "type": "git", "url": "https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git" }, @@ -17,18 +17,12 @@ } }, "crane": { - "inputs": { - "nixpkgs": [ - "mycelium", - "nixpkgs" - ] - }, "locked": { - "lastModified": 1717951870, - "narHash": "sha256-hGLeRxSEeFz9WvmQ4s4AuMJ5InLSZvoczDdXkWSFi1A=", + "lastModified": 1739936662, + "narHash": "sha256-x4syUjNUuRblR07nDPeLDP7DpphaBVbUaSoeZkFbGSk=", "owner": "ipetkov", "repo": "crane", - "rev": "17d9e9dedd58dde2c562a4296934c6d6a0844534", + "rev": "19de14aaeb869287647d9461cbd389187d8ecdb7", "type": "github" }, "original": { @@ -44,11 +38,11 @@ ] }, "locked": { - "lastModified": 1739841949, - "narHash": "sha256-lSOXdgW/1zi/SSu7xp71v+55D5Egz8ACv0STkj7fhbs=", + "lastModified": 1740485968, + "narHash": "sha256-WK+PZHbfDjLyveXAxpnrfagiFgZWaTJglewBWniTn2Y=", "owner": "nix-community", "repo": "disko", - "rev": "15dbf8cebd8e2655a883b74547108e089f051bf0", + "rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940", "type": "github" }, "original": { @@ -79,12 +73,12 @@ }, "flake-compat": { "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "revCount": 57, + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "revCount": 69, "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz" }, "original": { "type": "tarball", @@ -169,11 +163,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -220,16 +214,16 @@ "linux-jhovold": { "flake": false, "locked": { - "lastModified": 1739778587, - "narHash": "sha256-fMt2Ao9+y71/x7zaUxzpu28M9Ugie6yl4N9lufxhc2Q=", + "lastModified": 1740384000, + "narHash": "sha256-UWjjl1+tF8s7QOSUdJ/UDkXYZLa9gMedY6/p/xBu++Y=", "owner": "jhovold", "repo": "linux", - "rev": "a2890743ed6d5cdfd2591cebf2d06af8dfd9180d", + "rev": "726299a6b3c485852c139035fca7e9d6e2fd05b2", "type": "github" }, "original": { "owner": "jhovold", - "ref": "wip/sc8280xp-6.14-rc3", + "ref": "wip/sc8280xp-6.14-rc4", "repo": "linux", "type": "github" } @@ -245,11 +239,11 @@ ] }, "locked": { - "lastModified": 1739291535, - "narHash": "sha256-69p2Eu/3OvKmCtuafv/yPPwsBQJjAfxThk2U+7yTGVQ=", + "lastModified": 1739962680, + "narHash": "sha256-NMzLvWH6it3Uqo3XgocEb77EqGz4t4ozpzqta+v0qFQ=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "f420a9c0c82527ba8deb89c436f8e704bb61920c", + "rev": "ddde1622fa27c3121994126c5d6af85abe88ff0f", "type": "github" }, "original": { @@ -260,11 +254,11 @@ }, "nix-filter": { "locked": { - "lastModified": 1710156097, - "narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=", + "lastModified": 1731533336, + "narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=", "owner": "numtide", "repo": "nix-filter", - "rev": "3342559a24e85fc164b295c3444e8a139924675b", + "rev": "f7653272fd234696ae94229839a99b73c9ab7de0", "type": "github" }, "original": { @@ -299,15 +293,17 @@ "inputs": { "flake-parts": "flake-parts_2", "linux-jhovold": "linux-jhovold", - "nixpkgs": "nixpkgs", + "nixpkgs": [ + "nixpkgs" + ], "x13s-bt-linux-firmware": "x13s-bt-linux-firmware" }, "locked": { - "lastModified": 1739804099, - "narHash": "sha256-CK192CNcOtO0v8y0QT+vpWhlvJ8qm6vSszTBBW7Fu84=", + "lastModified": 1740779842, + "narHash": "sha256-856hhifYTuyqVcVA8XebEQlZTNwYWdQPgfZGpAwpm/Y=", "ref": "bump", - "rev": "4736fc5861dd329e0e41fde67d7cc9452470a368", - "revCount": 137, + "rev": "df9d37e84a65fd5e80c6b70da43a0de299e440e1", + "revCount": 140, "type": "git", "url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git" }, @@ -317,22 +313,6 @@ "url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git" } }, - "nixpkgs": { - "locked": { - "lastModified": 1733393026, - "narHash": "sha256-hpUyV0NHnIZpFzN6p7udW6Jh+m9tlLvCcNf1/wG5pQY=", - "owner": "steveej-forks", - "repo": "nixpkgs", - "rev": "b1714b7f9e5761ad965a4df7602105f1e159b89e", - "type": "github" - }, - "original": { - "owner": "steveej-forks", - "ref": "steveej-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-lib": { "locked": { "lastModified": 1733096140, @@ -347,11 +327,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1739758141, - "narHash": "sha256-uq6A2L7o1/tR6VfmYhZWoVAwb3gTy7j4Jx30MIrH0rE=", + "lastModified": 1740603184, + "narHash": "sha256-t+VaahjQAWyA+Ctn2idyo1yxRIYpaDxMgHkgCNiMJa4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c618e28f70257593de75a7044438efc1c1fc0791", + "rev": "f44bd8ca21e026135061a0a57dcf3d0775b67a49", "type": "github" }, "original": { @@ -363,11 +343,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1739899529, - "narHash": "sha256-+YAryDpuWmJm+xx8xAAGrN7TQoBF/3DSJvhSxFtr7us=", + "lastModified": 1740776530, + "narHash": "sha256-dO9Zt91vxRe0Lx4KeUa6MLBTSiC+m5SZWyGHSV0OLu8=", "owner": "steveej-forks", "repo": "nixpkgs", - "rev": "4c624626f381e0cc1aa4e4a052dc6322342b2801", + "rev": "88555f4386e2533c004d0cbdac6b74e10b9a4a96", "type": "github" }, "original": { @@ -402,11 +382,11 @@ ] }, "locked": { - "lastModified": 1739931434, - "narHash": "sha256-XIcisx/PG/Li6l9A0k7T1ule3yX7VCGBQmKpljbbJmU=", + "lastModified": 1740441565, + "narHash": "sha256-ijjkH7ocjjw5b78Eakr2SS7lG14Dq9mlMzee5ehKsjk=", "owner": "youwen5", "repo": "signal-desktop-flake", - "rev": "6f0ec210e6a2a0060ad1297d9f5a0871c4aeac36", + "rev": "00811bcb7ec38db7dc37613736f0c0978dab4988", "type": "github" }, "original": { diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index d703881..e82c81d 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -28,6 +28,7 @@ ; # nixos-x13s.url = "path:/home/steveej/src/others/nixos-x13s"; # nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; + nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; ath11k-firmware = { url = "git+https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git"; From 89a9e8d5076d531a888c4b3ebd948388dad630ae Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 10 Mar 2025 11:35:08 +0100 Subject: [PATCH 273/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 38 +++++++++++++------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index d5aeb83..5a430e0 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -3,11 +3,11 @@ "ath11k-firmware": { "flake": false, "locked": { - "lastModified": 1740768947, - "narHash": "sha256-tEsr12MppEi8i/YqDSSJffgQ4NgDRIoUwM9r96x3xtI=", + "lastModified": 1741293326, + "narHash": "sha256-Ew0d2h1pHqJB8SC0pEYezU5lMknvlcYazVVYCtjW3OY=", "ref": "refs/heads/main", - "rev": "646e008ec53a8bb9ae16ebf98a65b29eaefd6da4", - "revCount": 170, + "rev": "bc6359cb7ad38b7bc4de6580b7a3c70851c0cafb", + "revCount": 173, "type": "git", "url": "https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git" }, @@ -18,11 +18,11 @@ }, "crane": { "locked": { - "lastModified": 1739936662, - "narHash": "sha256-x4syUjNUuRblR07nDPeLDP7DpphaBVbUaSoeZkFbGSk=", + "lastModified": 1741148495, + "narHash": "sha256-EV8KUaIZ2/CdBXlutXrHoZYbWPeB65p5kKZk71gvDRI=", "owner": "ipetkov", "repo": "crane", - "rev": "19de14aaeb869287647d9461cbd389187d8ecdb7", + "rev": "75390a36cd0c2cdd5f1aafd8a9f827d7107f2e53", "type": "github" }, "original": { @@ -239,11 +239,11 @@ ] }, "locked": { - "lastModified": 1739962680, - "narHash": "sha256-NMzLvWH6it3Uqo3XgocEb77EqGz4t4ozpzqta+v0qFQ=", + "lastModified": 1741267372, + "narHash": "sha256-bNuSB8t2OUuOon3YLq5BAcsO/36/BS6hwCOG479qzpw=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "ddde1622fa27c3121994126c5d6af85abe88ff0f", + "rev": "08b0b9e14269904e34214a6be4ad4c175f860566", "type": "github" }, "original": { @@ -327,11 +327,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1740603184, - "narHash": "sha256-t+VaahjQAWyA+Ctn2idyo1yxRIYpaDxMgHkgCNiMJa4=", + "lastModified": 1741445498, + "narHash": "sha256-F5Em0iv/CxkN5mZ9hRn3vPknpoWdcdCyR0e4WklHwiE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f44bd8ca21e026135061a0a57dcf3d0775b67a49", + "rev": "52e3095f6d812b91b22fb7ad0bfc1ab416453634", "type": "github" }, "original": { @@ -343,11 +343,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1740776530, - "narHash": "sha256-dO9Zt91vxRe0Lx4KeUa6MLBTSiC+m5SZWyGHSV0OLu8=", + "lastModified": 1741601863, + "narHash": "sha256-Q7HpGRTKPpzHsEufKw1+23Lr9gpUmNKlDENpkq5hkfw=", "owner": "steveej-forks", "repo": "nixpkgs", - "rev": "88555f4386e2533c004d0cbdac6b74e10b9a4a96", + "rev": "b8d0e6492e41db830822e0e65d4dc250b1b0b259", "type": "github" }, "original": { @@ -382,11 +382,11 @@ ] }, "locked": { - "lastModified": 1740441565, - "narHash": "sha256-ijjkH7ocjjw5b78Eakr2SS7lG14Dq9mlMzee5ehKsjk=", + "lastModified": 1741231843, + "narHash": "sha256-ZPaM7yNZ5GdkCw0QIOt3i9lDjl6OPfTg+XZC4delSE0=", "owner": "youwen5", "repo": "signal-desktop-flake", - "rev": "00811bcb7ec38db7dc37613736f0c0978dab4988", + "rev": "6009db6eb62934b1bcac10ad029ca6eb37c285e7", "type": "github" }, "original": { From 6b0f6519f629cb0ff49a94161350ee7b91a8c6a2 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 10 Mar 2025 13:05:14 +0100 Subject: [PATCH 274/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 5a430e0..4897e97 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -214,16 +214,16 @@ "linux-jhovold": { "flake": false, "locked": { - "lastModified": 1740384000, - "narHash": "sha256-UWjjl1+tF8s7QOSUdJ/UDkXYZLa9gMedY6/p/xBu++Y=", + "lastModified": 1740983234, + "narHash": "sha256-3QykehVbxJJhCUAL4sZ/bxtHrNYrkhMF0K8DPE5tcOw=", "owner": "jhovold", "repo": "linux", - "rev": "726299a6b3c485852c139035fca7e9d6e2fd05b2", + "rev": "29912bfc7c8a54baf65a5c4c4aee7cbb32990527", "type": "github" }, "original": { "owner": "jhovold", - "ref": "wip/sc8280xp-6.14-rc4", + "ref": "wip/sc8280xp-6.14-rc5", "repo": "linux", "type": "github" } @@ -299,11 +299,11 @@ "x13s-bt-linux-firmware": "x13s-bt-linux-firmware" }, "locked": { - "lastModified": 1740779842, - "narHash": "sha256-856hhifYTuyqVcVA8XebEQlZTNwYWdQPgfZGpAwpm/Y=", + "lastModified": 1741602064, + "narHash": "sha256-Jp+UGb/1lMd2EcA6eeDG8tFOUXyZXTlElcc4CA0lLHw=", "ref": "bump", - "rev": "df9d37e84a65fd5e80c6b70da43a0de299e440e1", - "revCount": 140, + "rev": "4b33de16a0c94f3c7f3ca07995c2b9b8ea21c925", + "revCount": 141, "type": "git", "url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git" }, From 345e6064aa6d22633aca08741d1f6b691ee0433a Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 17 Mar 2025 16:30:23 +0100 Subject: [PATCH 275/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 40 +++++++++++++------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 4897e97..c8439b2 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -38,11 +38,11 @@ ] }, "locked": { - "lastModified": 1740485968, - "narHash": "sha256-WK+PZHbfDjLyveXAxpnrfagiFgZWaTJglewBWniTn2Y=", + "lastModified": 1741786315, + "narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=", "owner": "nix-community", "repo": "disko", - "rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940", + "rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de", "type": "github" }, "original": { @@ -214,16 +214,16 @@ "linux-jhovold": { "flake": false, "locked": { - "lastModified": 1740983234, - "narHash": "sha256-3QykehVbxJJhCUAL4sZ/bxtHrNYrkhMF0K8DPE5tcOw=", + "lastModified": 1742216967, + "narHash": "sha256-SGtSwpn8YdCZac4vwse4HrdzyXL6aGuPBGL0hGn3aog=", "owner": "jhovold", "repo": "linux", - "rev": "29912bfc7c8a54baf65a5c4c4aee7cbb32990527", + "rev": "7659429a6d897f0bd52d4871f8bb0f1e716afdfc", "type": "github" }, "original": { "owner": "jhovold", - "ref": "wip/sc8280xp-6.14-rc5", + "ref": "wip/sc8280xp-6.14-rc7", "repo": "linux", "type": "github" } @@ -239,11 +239,11 @@ ] }, "locked": { - "lastModified": 1741267372, - "narHash": "sha256-bNuSB8t2OUuOon3YLq5BAcsO/36/BS6hwCOG479qzpw=", + "lastModified": 1741874867, + "narHash": "sha256-s+EoBgc6Va1VOjx2r5Ke2z5fOBMcmr9aRIFnja0SknM=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "08b0b9e14269904e34214a6be4ad4c175f860566", + "rev": "837c6d95455abcb781a2e680436d7f6e337840ae", "type": "github" }, "original": { @@ -299,11 +299,11 @@ "x13s-bt-linux-firmware": "x13s-bt-linux-firmware" }, "locked": { - "lastModified": 1741602064, - "narHash": "sha256-Jp+UGb/1lMd2EcA6eeDG8tFOUXyZXTlElcc4CA0lLHw=", + "lastModified": 1742221600, + "narHash": "sha256-lpXvG7Tu6Qti8AnvRXydLYV8oUOjEBY9wRnsVBERRkA=", "ref": "bump", - "rev": "4b33de16a0c94f3c7f3ca07995c2b9b8ea21c925", - "revCount": 141, + "rev": "7a10b19edcd05f2bf437a4e2c60aa357343ba530", + "revCount": 142, "type": "git", "url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git" }, @@ -327,11 +327,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1741445498, - "narHash": "sha256-F5Em0iv/CxkN5mZ9hRn3vPknpoWdcdCyR0e4WklHwiE=", + "lastModified": 1742136038, + "narHash": "sha256-DDe16FJk18sadknQKKG/9FbwEro7A57tg9vB5kxZ8kY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "52e3095f6d812b91b22fb7ad0bfc1ab416453634", + "rev": "a1185f4064c18a5db37c5c84e5638c78b46e3341", "type": "github" }, "original": { @@ -343,11 +343,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1741601863, - "narHash": "sha256-Q7HpGRTKPpzHsEufKw1+23Lr9gpUmNKlDENpkq5hkfw=", + "lastModified": 1742221454, + "narHash": "sha256-d5bBhe2tG6FxUDhMbs8NYicUpkb70vNvZSmf1nO23+U=", "owner": "steveej-forks", "repo": "nixpkgs", - "rev": "b8d0e6492e41db830822e0e65d4dc250b1b0b259", + "rev": "03e05422d0ee0fcfc6b668a38b18ce1666c1da79", "type": "github" }, "original": { From 6c062cc022fec2e1430129ca608669f96eca48fe Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 29 Mar 2025 13:30:57 +0100 Subject: [PATCH 276/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 40 +++++++++++++------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index c8439b2..4a96e71 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -18,11 +18,11 @@ }, "crane": { "locked": { - "lastModified": 1741148495, - "narHash": "sha256-EV8KUaIZ2/CdBXlutXrHoZYbWPeB65p5kKZk71gvDRI=", + "lastModified": 1742317686, + "narHash": "sha256-ScJYnUykEDhYeCepoAWBbZWx2fpQ8ottyvOyGry7HqE=", "owner": "ipetkov", "repo": "crane", - "rev": "75390a36cd0c2cdd5f1aafd8a9f827d7107f2e53", + "rev": "66cb0013f9a99d710b167ad13cbd8cc4e64f2ddb", "type": "github" }, "original": { @@ -214,16 +214,16 @@ "linux-jhovold": { "flake": false, "locked": { - "lastModified": 1742216967, - "narHash": "sha256-SGtSwpn8YdCZac4vwse4HrdzyXL6aGuPBGL0hGn3aog=", + "lastModified": 1742827326, + "narHash": "sha256-HJdy4JgRvFojago9I0InGPkAwsJ0xv7NvVS05JygWsc=", "owner": "jhovold", "repo": "linux", - "rev": "7659429a6d897f0bd52d4871f8bb0f1e716afdfc", + "rev": "cf34af9cea0db94254af3897c5e403364cb2eb5b", "type": "github" }, "original": { "owner": "jhovold", - "ref": "wip/sc8280xp-6.14-rc7", + "ref": "wip/sc8280xp-6.14", "repo": "linux", "type": "github" } @@ -239,11 +239,11 @@ ] }, "locked": { - "lastModified": 1741874867, - "narHash": "sha256-s+EoBgc6Va1VOjx2r5Ke2z5fOBMcmr9aRIFnja0SknM=", + "lastModified": 1742897527, + "narHash": "sha256-yhA9KYzOC7QLa+4pFVBrwWsjDWGvuWl9l0YVBwxw4cg=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "837c6d95455abcb781a2e680436d7f6e337840ae", + "rev": "60d8f4a9f102bf12cc4bc05fca8a252fccd10fe5", "type": "github" }, "original": { @@ -299,11 +299,11 @@ "x13s-bt-linux-firmware": "x13s-bt-linux-firmware" }, "locked": { - "lastModified": 1742221600, - "narHash": "sha256-lpXvG7Tu6Qti8AnvRXydLYV8oUOjEBY9wRnsVBERRkA=", + "lastModified": 1743245017, + "narHash": "sha256-zCZc3p8zD9GOKxnlghzXOZbewVKQkkEvcDO+XT+iyrY=", "ref": "bump", - "rev": "7a10b19edcd05f2bf437a4e2c60aa357343ba530", - "revCount": 142, + "rev": "f4591e4478838272ec024c2bd346001af919a79a", + "revCount": 143, "type": "git", "url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git" }, @@ -327,11 +327,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1742136038, - "narHash": "sha256-DDe16FJk18sadknQKKG/9FbwEro7A57tg9vB5kxZ8kY=", + "lastModified": 1742937945, + "narHash": "sha256-lWc+79eZRyvHp/SqMhHTMzZVhpxkRvthsP1Qx6UCq0E=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a1185f4064c18a5db37c5c84e5638c78b46e3341", + "rev": "d02d88f8de5b882ccdde0465d8fa2db3aa1169f7", "type": "github" }, "original": { @@ -382,11 +382,11 @@ ] }, "locked": { - "lastModified": 1741231843, - "narHash": "sha256-ZPaM7yNZ5GdkCw0QIOt3i9lDjl6OPfTg+XZC4delSE0=", + "lastModified": 1742243404, + "narHash": "sha256-j3jdXEU+c6xPa4zdzN2PYNsRkdlgldb1q0aBY50+AdM=", "owner": "youwen5", "repo": "signal-desktop-flake", - "rev": "6009db6eb62934b1bcac10ad029ca6eb37c285e7", + "rev": "226d1cbe55bd07d9f66bf801619a7495189e102d", "type": "github" }, "original": { From ec51fe950100965436b11973647fe3eee7d586be Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 29 Mar 2025 14:17:53 +0100 Subject: [PATCH 277/305] nix/os/devices/sj-srv1: bump versions --- nix/os/devices/sj-srv1/flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/nix/os/devices/sj-srv1/flake.lock b/nix/os/devices/sj-srv1/flake.lock index ca3df1d..965becb 100644 --- a/nix/os/devices/sj-srv1/flake.lock +++ b/nix/os/devices/sj-srv1/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1736373539, - "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", + "lastModified": 1742655702, + "narHash": "sha256-jbqlw4sPArFtNtA1s3kLg7/A4fzP4GLk9bGbtUJg0JQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", + "rev": "0948aeedc296f964140d9429223c7e4a0702a1ff", "type": "github" }, "original": { @@ -23,11 +23,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1739055578, - "narHash": "sha256-2MhC2Bgd06uI1A0vkdNUyDYsMD0SLNGKtD8600mZ69A=", + "lastModified": 1742937945, + "narHash": "sha256-lWc+79eZRyvHp/SqMhHTMzZVhpxkRvthsP1Qx6UCq0E=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a45fa362d887f4d4a7157d95c28ca9ce2899b70e", + "rev": "d02d88f8de5b882ccdde0465d8fa2db3aa1169f7", "type": "github" }, "original": { @@ -39,11 +39,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1739263600, - "narHash": "sha256-f0k9Kf+kpRqieSf9nlRMLyWe5oujqSOwaNWSyfwMiIE=", + "lastModified": 1743252354, + "narHash": "sha256-GlfWG+TO05PBUiRixMOVocD5k6H5WhCSZEdaVMMdpn8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f9e486552fc8213d31cadd772fc883789f76199d", + "rev": "91b17e868dc5f3e28f42c2d9c72957718c64be63", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1739184465, - "narHash": "sha256-7Z9kNbr6qZwPG1z/6Hn/re4SS9nu1krxyknyNeCBh/o=", + "lastModified": 1743210622, + "narHash": "sha256-AagCXne3DGJARB7kxCjcBgJddT/J2CC7SSe7I6kFqso=", "owner": "nixos", "repo": "nixpkgs", - "rev": "58edd1e2acbc9be9fe29964344c6419db013141e", + "rev": "800863744b6d0ef3c748a094a15e7f9d361f62fb", "type": "github" }, "original": { From 355c91e1943108516e80e1514a335c714f1b63af Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 29 Mar 2025 14:22:57 +0100 Subject: [PATCH 278/305] nix/os/devices/sj-srv1: bump versions --- nix/os/devices/sj-srv1/flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nix/os/devices/sj-srv1/flake.lock b/nix/os/devices/sj-srv1/flake.lock index 965becb..0ef80e0 100644 --- a/nix/os/devices/sj-srv1/flake.lock +++ b/nix/os/devices/sj-srv1/flake.lock @@ -39,11 +39,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1743252354, - "narHash": "sha256-GlfWG+TO05PBUiRixMOVocD5k6H5WhCSZEdaVMMdpn8=", + "lastModified": 1743254031, + "narHash": "sha256-GifcLAPF2NEySxuv9C5iN3eR4vz6mxbisaVN74p79HM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "91b17e868dc5f3e28f42c2d9c72957718c64be63", + "rev": "2a7891ae2fc1eec4b45f9dbf17960fb95c98913a", "type": "github" }, "original": { From 0530cb380cb98f4865ccfd96f08b24945541ede4 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 29 Mar 2025 14:30:14 +0100 Subject: [PATCH 279/305] nix/os/devices/sj-srv1: bump versions --- nix/os/devices/sj-srv1/flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nix/os/devices/sj-srv1/flake.lock b/nix/os/devices/sj-srv1/flake.lock index 0ef80e0..d6b7948 100644 --- a/nix/os/devices/sj-srv1/flake.lock +++ b/nix/os/devices/sj-srv1/flake.lock @@ -39,11 +39,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1743254031, - "narHash": "sha256-GifcLAPF2NEySxuv9C5iN3eR4vz6mxbisaVN74p79HM=", + "lastModified": 1743254955, + "narHash": "sha256-eHJC57weyFeUUQupDVc3C4JXeOvQmoFevIOJNoO1ct4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2a7891ae2fc1eec4b45f9dbf17960fb95c98913a", + "rev": "f379fb12ef434d3945bfd3a334a664a32a9e1d18", "type": "github" }, "original": { From 0623fda71e4717f065846f8f314f4b96c20eccc7 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 29 Mar 2025 14:31:44 +0100 Subject: [PATCH 280/305] nix/os/devices/sj-srv1: bump versions --- nix/os/devices/sj-srv1/flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nix/os/devices/sj-srv1/flake.lock b/nix/os/devices/sj-srv1/flake.lock index d6b7948..9308419 100644 --- a/nix/os/devices/sj-srv1/flake.lock +++ b/nix/os/devices/sj-srv1/flake.lock @@ -39,11 +39,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1743254955, - "narHash": "sha256-eHJC57weyFeUUQupDVc3C4JXeOvQmoFevIOJNoO1ct4=", + "lastModified": 1743255017, + "narHash": "sha256-Hu/Z2QaR5vwNsiorIspsCSBCC+rLx6xlgultoALDaWU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f379fb12ef434d3945bfd3a334a664a32a9e1d18", + "rev": "88728aef577d8235c6427701231121f0f9731c74", "type": "github" }, "original": { From d7ba49138872910dffff45479f093ac5fee6bf5a Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 29 Mar 2025 14:56:08 +0100 Subject: [PATCH 281/305] nix/os/devices/sj-srv1: bump versions --- nix/os/devices/sj-srv1/flake.lock | 23 ++++++++++++++++++++--- nix/os/devices/sj-srv1/flake.nix | 2 ++ 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/nix/os/devices/sj-srv1/flake.lock b/nix/os/devices/sj-srv1/flake.lock index 9308419..9961108 100644 --- a/nix/os/devices/sj-srv1/flake.lock +++ b/nix/os/devices/sj-srv1/flake.lock @@ -37,13 +37,29 @@ "type": "github" } }, + "nixpkgs-kanidm": { + "locked": { + "lastModified": 1729071019, + "narHash": "sha256-c4J/ZiMbjMf98FawO5XJaTWqvrvIXpxnIpxu4OV3CGA=", + "owner": "steveej-forks", + "repo": "nixpkgs", + "rev": "984b1d5a286d3a072b840b30ec49d96878d01e64", + "type": "github" + }, + "original": { + "owner": "steveej-forks", + "ref": "kanidm", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-master": { "locked": { - "lastModified": 1743255017, - "narHash": "sha256-Hu/Z2QaR5vwNsiorIspsCSBCC+rLx6xlgultoALDaWU=", + "lastModified": 1743256265, + "narHash": "sha256-1GJtabBAEwSkwKgSBe+osLCYwcRr5zx5H7ipuoVkO/4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "88728aef577d8235c6427701231121f0f9731c74", + "rev": "5dab1e63b3efccf767a54b0b978b41fe7410aff0", "type": "github" }, "original": { @@ -73,6 +89,7 @@ "inputs": { "home-manager": "home-manager", "nixpkgs": "nixpkgs", + "nixpkgs-kanidm": "nixpkgs-kanidm", "nixpkgs-master": "nixpkgs-master", "nixpkgs-unstable": "nixpkgs-unstable" } diff --git a/nix/os/devices/sj-srv1/flake.nix b/nix/os/devices/sj-srv1/flake.nix index f5f7b6e..213d325 100644 --- a/nix/os/devices/sj-srv1/flake.nix +++ b/nix/os/devices/sj-srv1/flake.nix @@ -3,6 +3,8 @@ inputs.nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small"; inputs.nixpkgs-master.url = "github:nixos/nixpkgs/master"; + inputs.nixpkgs-kanidm.url = "github:steveej-forks/nixpkgs/kanidm"; + inputs.home-manager = { url = "github:nix-community/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; From f251fa81a1d37501ae340bd884e662c12b6e38c9 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 29 Mar 2025 15:27:14 +0100 Subject: [PATCH 282/305] feat: use kanidm from nixpkgs-unstable --- nix/devShells.nix | 2 +- nix/os/containers/webserver.nix | 12 +++++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/nix/devShells.nix b/nix/devShells.nix index f55f056..aa4eda5 100644 --- a/nix/devShells.nix +++ b/nix/devShells.nix @@ -83,7 +83,7 @@ screen - inputs'.nixpkgs-kanidm.legacyPackages.kanidm + inputs'.nixpkgs-unstable.legacyPackages.kanidm ]; # Set Environment Variables diff --git a/nix/os/containers/webserver.nix b/nix/os/containers/webserver.nix index b20fa28..10bc091 100644 --- a/nix/os/containers/webserver.nix +++ b/nix/os/containers/webserver.nix @@ -23,6 +23,12 @@ in system, ... }: + let + nixpkgs-kanidm = + # nodeFlake.inputs.nixpkgs-kanidm + nodeFlake.inputs.nixpkgs-unstable + ; + in { system.stateVersion = "22.05"; # Did you read the comment? @@ -33,7 +39,7 @@ in imports = [ "${nodeFlake.inputs.nixpkgs-unstable}/nixos/modules/services/misc/forgejo.nix" - "${repoFlake.inputs.nixpkgs-kanidm}/nixos/modules/services/security/kanidm.nix" + "${nixpkgs-kanidm}/nixos/modules/services/security/kanidm.nix" ../profiles/containers/configuration.nix @@ -313,6 +319,7 @@ in systemd.services.lldap.serviceConfig.DynamicUser = lib.mkForce false; # combine a path watcher with a service that transfers the certs by caddy to kanidm + # TODO: had an issue where the certificate in kanidm was expired, despite caddy having a refreshed certificate systemd.paths.kanidm-tls-watch = { enable = true; requiredBy = [ "kanidm.service" ]; @@ -389,7 +396,7 @@ in dataDir = "/var/lib/kanidm"; in { - package = repoFlake.inputs.nixpkgs-kanidm.legacyPackages.${pkgs.system}.kanidm; + package = nixpkgs-kanidm.legacyPackages.${pkgs.system}.kanidm; enablePam = false; enableClient = false; @@ -402,7 +409,6 @@ in domain = "kanidm.${domain}"; origin = "https://kanidm.${domain}"; - db_path = "${dataDir}/db/kanidm.db"; bindaddress = "127.0.0.1:8444"; From 49e03de1c49731bd494ac37592c7dd3ee0c8abeb Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 29 Mar 2025 15:44:58 +0100 Subject: [PATCH 283/305] flake: remove nixpkgs-{logseq,kanidm} --- flake.lock | 46 +++---------------- flake.nix | 3 +- .../configuration/graphical-fullblown.nix | 3 +- nix/home-manager/profiles/common.nix | 6 +-- nix/pkgs/logseq/Containerfile | 2 +- 5 files changed, 12 insertions(+), 48 deletions(-) diff --git a/flake.lock b/flake.lock index 2d6529c..595341f 100644 --- a/flake.lock +++ b/flake.lock @@ -706,11 +706,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1733363815, - "narHash": "sha256-J2XTeJ0xQMPPo2QnPLM1ewhqCh/Okgfonr5N6Pdt7b8=", + "lastModified": 1740852064, + "narHash": "sha256-A2zUu1n8Bg505s/GUIYUSQFLmYJAvx/01A2OkGAkevk=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "ffe6b403ba758f8a057a227de2f7235ef3dc61c0", + "rev": "1b34da949d188b205b4132c2b726415fa19d5086", "type": "github" }, "original": { @@ -928,11 +928,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1713805509, - "narHash": "sha256-YgSEan4CcrjivCNO5ZNzhg7/8ViLkZ4CB/GrGBVSudo=", + "lastModified": 1740547748, + "narHash": "sha256-Ly2fBL1LscV+KyCqPRufUBuiw+zmWrlJzpWOWbahplg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1e1dc66fe68972a76679644a5577828b6a7e8be4", + "rev": "3a05eebede89661660945da1f151959900903b6a", "type": "github" }, "original": { @@ -990,22 +990,6 @@ "type": "github" } }, - "nixpkgs-kanidm": { - "locked": { - "lastModified": 1729071019, - "narHash": "sha256-c4J/ZiMbjMf98FawO5XJaTWqvrvIXpxnIpxu4OV3CGA=", - "owner": "steveej-forks", - "repo": "nixpkgs", - "rev": "984b1d5a286d3a072b840b30ec49d96878d01e64", - "type": "github" - }, - "original": { - "owner": "steveej-forks", - "ref": "kanidm", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-lib": { "locked": { "lastModified": 1733096140, @@ -1033,22 +1017,6 @@ "type": "github" } }, - "nixpkgs-logseq": { - "locked": { - "lastModified": 1735042470, - "narHash": "sha256-3A8afs4dVdbafOG4Rgg5ie2wk8b6ekzOce8JNNXq4/w=", - "owner": "steveej-forks", - "repo": "nixpkgs", - "rev": "24134ba2d4c2bb54e3736b3c66c0ba95551f2834", - "type": "github" - }, - "original": { - "owner": "steveej-forks", - "ref": "logseq-linux-arm64-selfbuilt-appimage", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-unstable": { "locked": { "lastModified": 1739446958, @@ -1313,8 +1281,6 @@ "nixpkgs-2211": "nixpkgs-2211", "nixpkgs-2411": "nixpkgs-2411", "nixpkgs-gimp": "nixpkgs-gimp", - "nixpkgs-kanidm": "nixpkgs-kanidm", - "nixpkgs-logseq": "nixpkgs-logseq", "nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-vscodium": "nixpkgs-vscodium", "nixpkgs-wayland": "nixpkgs-wayland", diff --git a/flake.nix b/flake.nix index a8cfb9d..72eceec 100644 --- a/flake.nix +++ b/flake.nix @@ -81,14 +81,13 @@ flake = false; }; - nixpkgs-logseq.url = "github:steveej-forks/nixpkgs/logseq-linux-arm64-selfbuilt-appimage"; + # nixpkgs-logseq.url = "github:steveej-forks/nixpkgs/logseq-linux-arm64-selfbuilt-appimage"; espanso = { flake = false; url = "github:espanso/espanso/db97658d1d80697a635b57801696c594eacf057b"; }; - nixpkgs-kanidm.url = "github:steveej-forks/nixpkgs/kanidm"; nix4vscode = { url = "github:nix-community/nix4vscode"; # inputs.nixpkgs.follows = "nixpkgs"; diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 4363d05..305cd8d 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -245,7 +245,8 @@ in # libretro.snes9x2010 # retroarchFull - (pkgs.callPackage "${repoFlake.inputs.nixpkgs-logseq}/pkgs/by-name/lo/logseq/package.nix" { }) + pkgs.logseq-bin + # (pkgs.callPackage "${repoFlake.inputs.nixpkgs-logseq}/pkgs/by-name/lo/logseq-bin/package.nix" { }) ]) ++ (with repoFlake.packages.${pkgs.system}; [ gimp ]) ++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [ diff --git a/nix/home-manager/profiles/common.nix b/nix/home-manager/profiles/common.nix index e51dd7b..77f6e57 100644 --- a/nix/home-manager/profiles/common.nix +++ b/nix/home-manager/profiles/common.nix @@ -15,14 +15,12 @@ allowInsecurePredicate = pkg: builtins.elem (lib.getName pkg) [ - "electron-28.3.3" - "electron-27.3.11" + "electron-32.3.3" "electron" ]; permittedInsecurePackages = [ - "electron-28.3.3" - "electron-27.3.11" + "electron-32.3.3" "electron" ]; diff --git a/nix/pkgs/logseq/Containerfile b/nix/pkgs/logseq/Containerfile index 339d58e..97464d1 100644 --- a/nix/pkgs/logseq/Containerfile +++ b/nix/pkgs/logseq/Containerfile @@ -20,7 +20,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ zip # install NodeJS & yarn -RUN curl -sL https://deb.nodesource.com/setup_18.x | bash - +RUN curl -sL https://deb.nodesource.com/setup_20.x | bash - RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | tee /etc/apt/trusted.gpg.d/yarn.gpg && echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && apt-get update && apt-get install -y nodejs yarn From 42f82df2ef6025bafeb951ef10354f6b77e7a0a1 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 29 Mar 2025 15:47:52 +0100 Subject: [PATCH 284/305] remove insecure yubikey-manager-qt --- nix/home-manager/configuration/graphical-fullblown.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 305cd8d..d5b69c2 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -106,7 +106,6 @@ in # Password Management gnupg # yubikey-manager - yubikey-manager-qt yubikey-personalization yubikey-personalization-gui From 50afd4e7c90d74cb435e4b8b0865eb5be1c41ff1 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 29 Mar 2025 15:48:45 +0100 Subject: [PATCH 285/305] add some vscode extensions --- nix/home-manager/programs/vscode/default.nix | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/nix/home-manager/programs/vscode/default.nix b/nix/home-manager/programs/vscode/default.nix index 3aa5b9a..df72028 100644 --- a/nix/home-manager/programs/vscode/default.nix +++ b/nix/home-manager/programs/vscode/default.nix @@ -45,16 +45,17 @@ in with extensions.vscode-marketplace; with extensions.vscode-marketplace-release; [ - tamasfe.even-better-toml serayuzgur.crates rust-lang.rust-analyzer swellaby.vscode-rust-test-adapter + tamasfe.even-better-toml golang.go jeff-hykin.better-go-syntax - blueglassblock.better-json5 + nefrob.vscode-just-syntax + # fabianlauer.vs-code-xml-format bierner.emojisense ] @@ -75,7 +76,16 @@ in [[extensions]] publisher_name = "AntiAntiSepticeye" extension_name = "vscode-color-picker" + + # [[extensions]] + # publisher_name = "nefrob" + # extension_name = "vscode-just-syntax" + + [[extensions]] + publisher_name = "fabianlauer" + extension_name = "vs-code-xml-format" ''; + nix4vscodeNix = pkgs.runCommand "nix4vscode.nix" { From 22455cab036cee1ecf0249463c06ffd50ac4bcc1 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 29 Mar 2025 15:49:17 +0100 Subject: [PATCH 286/305] srv1: unmount vm storage --- nix/os/devices/sj-srv1/system.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nix/os/devices/sj-srv1/system.nix b/nix/os/devices/sj-srv1/system.nix index 5aea904..c5e4c43 100644 --- a/nix/os/devices/sj-srv1/system.nix +++ b/nix/os/devices/sj-srv1/system.nix @@ -207,7 +207,8 @@ in parallelShutdown = 3; }; - fileSystems."/mnt/8078-532D".device = "/dev/disk/by-uuid/8078-532D"; + # VM storage + # fileSystems."/mnt/8078-532D".device = "/dev/disk/by-uuid/8078-532D"; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions From a549b5e22b9e92dc53e9fa41d2a801b843eadbe1 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 29 Mar 2025 15:49:30 +0100 Subject: [PATCH 287/305] steveej-x13s: enable NAT --- nix/os/devices/steveej-x13s/configuration.nix | 9 +++++++++ nix/os/devices/steveej-x13s/flake.lock | 6 +++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 472fcb5..316dc8d 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -84,6 +84,15 @@ ../../snippets/mycelium.nix nodeFlake.inputs.extra-container.nixosModules.default + { + networking.nat = { + enable = true; + internalInterfaces = ["ve-+"]; + # externalInterface = "enu1u1u2"; + # Lazy IPv6 connectivity for the container + # enableIPv6 = true; + }; + } # TODO: broken with: v4l2loopback-0.13.2-6.13.0-rc3.drv # make: *** [Makefile:53: v4l2loopback.ko] Error 2 diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 4a96e71..b0fd80a 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -343,11 +343,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1742221454, - "narHash": "sha256-d5bBhe2tG6FxUDhMbs8NYicUpkb70vNvZSmf1nO23+U=", + "lastModified": 1743251636, + "narHash": "sha256-ozpMykG34AT0xOYmst43eh1KTYba7QEaDzeCkPWzIP4=", "owner": "steveej-forks", "repo": "nixpkgs", - "rev": "03e05422d0ee0fcfc6b668a38b18ce1666c1da79", + "rev": "2a75dc2e69a7c3e786ebe0663613a9a7ee1c108f", "type": "github" }, "original": { From c3f14786049f5efa6f9a98fcc0c9845853570e35 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 29 Mar 2025 15:51:21 +0100 Subject: [PATCH 288/305] cleanup --- nix/os/containers/webserver.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/nix/os/containers/webserver.nix b/nix/os/containers/webserver.nix index 10bc091..6389cc5 100644 --- a/nix/os/containers/webserver.nix +++ b/nix/os/containers/webserver.nix @@ -24,10 +24,7 @@ in ... }: let - nixpkgs-kanidm = - # nodeFlake.inputs.nixpkgs-kanidm - nodeFlake.inputs.nixpkgs-unstable - ; + nixpkgs-kanidm = nodeFlake.inputs.nixpkgs-unstable; in { system.stateVersion = "22.05"; # Did you read the comment? From ff279090e5e53c4c2f42248979997814f29b1367 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 5 Apr 2025 16:35:27 +0200 Subject: [PATCH 289/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 24 ++++++++++++------------ nix/os/devices/steveej-x13s/flake.nix | 3 ++- 2 files changed, 14 insertions(+), 13 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index b0fd80a..6b3ab4a 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -38,11 +38,11 @@ ] }, "locked": { - "lastModified": 1741786315, - "narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=", + "lastModified": 1743598667, + "narHash": "sha256-ViE7NoFWytYO2uJONTAX35eGsvTYXNHjWALeHAg8OQY=", "owner": "nix-community", "repo": "disko", - "rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de", + "rev": "329d3d7e8bc63dd30c39e14e6076db590a6eabe6", "type": "github" }, "original": { @@ -327,11 +327,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1742937945, - "narHash": "sha256-lWc+79eZRyvHp/SqMhHTMzZVhpxkRvthsP1Qx6UCq0E=", + "lastModified": 1743703532, + "narHash": "sha256-s1KLDALEeqy+ttrvqV3jx9mBZEvmthQErTVOAzbjHZs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d02d88f8de5b882ccdde0465d8fa2db3aa1169f7", + "rev": "bdb91860de2f719b57eef819b5617762f7120c70", "type": "github" }, "original": { @@ -343,16 +343,16 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1743251636, - "narHash": "sha256-ozpMykG34AT0xOYmst43eh1KTYba7QEaDzeCkPWzIP4=", - "owner": "steveej-forks", + "lastModified": 1743814133, + "narHash": "sha256-drDyYyUmjeYGiHmwB9eOPTQRjmrq3Yz26knwmMPLZFk=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "2a75dc2e69a7c3e786ebe0663613a9a7ee1c108f", + "rev": "250b695f41e0e2f5afbf15c6b12480de1fe0001b", "type": "github" }, "original": { - "owner": "steveej-forks", - "ref": "nixos-unstable", + "owner": "nixos", + "ref": "nixos-unstable-small", "repo": "nixpkgs", "type": "github" } diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index e82c81d..469cf92 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -2,7 +2,8 @@ inputs = { nixpkgs.follows = "nixpkgs-unstable"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11"; - nixpkgs-unstable.url = "github:steveej-forks/nixpkgs/nixos-unstable"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small"; + # nixpkgs-unstable.url = "github:steveej-forks/nixpkgs/nixos-unstable"; get-flake.url = "github:ursi/get-flake"; From eebb87ff147a40c20aabe995dae32cf6dc6869a9 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 5 Apr 2025 21:33:13 +0200 Subject: [PATCH 290/305] tweak gpg related code --- Justfile | 8 ++++++-- nix/home-manager/configuration/graphical-fullblown.nix | 2 +- nix/home-manager/programs/gpg-agent.nix | 4 ++-- nix/os/devices/steveej-x13s/configuration.nix | 5 +++++ 4 files changed, 14 insertions(+), 5 deletions(-) diff --git a/Justfile b/Justfile index 3521e0b..414e736 100755 --- a/Justfile +++ b/Justfile @@ -222,7 +222,7 @@ install-config config root: sudo just run-with-channels nixos-install -I nixos-config={{ invocation_directory() }}/{{ config }} --root {{ root }} --no-root-passwd # Switch between gpg-card capable devices which have a copy of the same key -switch-gpg-card: +switch-gpg-card key-id="6EEFA706CB17E89B": #!/usr/bin/env bash # # Derived from https://github.com/drduh/YubiKey-Guide/issues/19. @@ -230,7 +230,11 @@ switch-gpg-card: # Connect the new device and then run this script to make it known to gnupg. # set -xe - KEY_ID=$(gpg --card-status | rg sec | rg -o '[0-9A-Z]{16}') + if [[ -n "{{key-id}}" ]]; then + KEY_ID="{{key-id}}" + else + KEY_ID=$(gpg --card-status | rg sec | rg -o '[0-9A-Z]{16}') + fi # export pubkey and ownertrust gpg2 --output "${KEY_ID}".pubkey --export "${KEY_ID}" diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index d5b69c2..ec6e88a 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -105,7 +105,7 @@ in # Password Management gnupg - # yubikey-manager + yubikey-manager yubikey-personalization yubikey-personalization-gui diff --git a/nix/home-manager/programs/gpg-agent.nix b/nix/home-manager/programs/gpg-agent.nix index 41ab604..b81c150 100644 --- a/nix/home-manager/programs/gpg-agent.nix +++ b/nix/home-manager/programs/gpg-agent.nix @@ -1,11 +1,11 @@ -{ lib, pkgs, ... }: +{ lib, pkgs, osConfig, ... }: { home.packages = [ pkgs.gcr ]; programs.gpg.enable = true; services.gpg-agent = { enable = true; - enableScDaemon = true; + enableScDaemon = !osConfig.services.pcscd.enable; enableSshSupport = true; grabKeyboardAndMouse = true; pinentryPackage = lib.mkDefault pkgs.pinentry-gtk2; diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 316dc8d..d5c9475 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -161,6 +161,11 @@ ]; } + { + # yubikey / smartcard. only set to `true` for `ykman piv` commands. + services.pcscd.enable = false; + } + # TODO: create syncthing os snippet ( let From c650afda2542f1c8130d113e935b7bcf9f8dfcba Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 5 Apr 2025 21:33:25 +0200 Subject: [PATCH 291/305] use upstream nixpkgs src built logseq package --- nix/home-manager/configuration/graphical-fullblown.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index ec6e88a..50bfbad 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -244,7 +244,8 @@ in # libretro.snes9x2010 # retroarchFull - pkgs.logseq-bin + # pkgs.logseq-bin + pkgs.logseq # (pkgs.callPackage "${repoFlake.inputs.nixpkgs-logseq}/pkgs/by-name/lo/logseq-bin/package.nix" { }) ]) ++ (with repoFlake.packages.${pkgs.system}; [ gimp ]) From 73bb3e07684dd71c88d7a91c5cec7031463de338 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 5 Apr 2025 21:42:33 +0200 Subject: [PATCH 292/305] Add 1 git-crypt collaborator New collaborators: CB17E89B Stefan Junker --- ...6F7069FE6B96E894E60EC45C6EEFA706CB17E89B.gpg | Bin 469 -> 725 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/.git-crypt/keys/default/0/6F7069FE6B96E894E60EC45C6EEFA706CB17E89B.gpg b/.git-crypt/keys/default/0/6F7069FE6B96E894E60EC45C6EEFA706CB17E89B.gpg index 9587742f4afa5fabf0455247308b16f5f2413e3d..fd34c43fe02fe7a343108f65cfb65e0639fda9c2 100644 GIT binary patch literal 725 zcmZo=;$i0RD-(afUn9@R|KESLw_Zo6&FZKH`V5ut;}*ZX9&lVk>7Buuo08U+_slkF@~h!>kahwW6u(lnG_~kkkUoM`S`GQOM!)(nT2fAg1HkR^F>))|yQKRP3jhFsRPkiCp$2KYL z{gj1MuS!~e>wneKSaNRz>lYW7_l*DQr{ zX%FRJm){Rd>X~#vm@(!+`y|Z;8#nxPouB^c{0|%EDc6-nr~Yfo%9S{BH@IYujq<;( zezsd`Rj%X;RSZJBz zFScwlSD1%V&hELtna-KNV-o4+wT00@~$Ewy^srQqo zXaDCDy~Qij?;TdczHf>5S@(5!zePsr)f9z?1em^Z`g$}V^3nlj#s^nlPCol&muaz* z`>)#`y^IUbPJH&F*IIzFHD6<$%*K7MZ>_RUy=uzyh0pkIwZxo@o>R8EzmM?@|0}~G zu614IL#0n3|0Qoft?e5c%qouG)l#VYS@WTfyY1bdw09-eC2CSqt#|hDEYXWS8~xC# zQ;>CsNx;`jOxr)d p(Y9?GgZS!a-zVS8WjazCc4zm2msUN>$BK1YzsgE^PJD601pvk6V445` literal 469 zcmZo= zvSzbSj6EP4`f2I8D~W7ZOf=r7F=*VqdoDKd^fjGLe!Uf8vlT3+79VuyEbTg9Tr%-t zvs6Q_WGm`mKKK{jnAK2m$E8s`|`VNVshSd9DX_`u?uZ- z5IG7PnJ(?(&A}_6o{5|L0z_@Z>Lf^{Sfs z4b#3n+F-5E$hmjE+`96tLm$?EoflZnCugE@=>RjM&F$G6O{r8nq{po1GGdw z&hb$BV8(46zS+XzVsMnl63Jg0OCFhpUTl8;bk53oVR@?(?^hIW{UK0Nbvv( From 42ad2df7514d8d9e4b0f27647358fa401c36ca0e Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 5 Apr 2025 23:00:17 +0200 Subject: [PATCH 293/305] feat: additional ssh key --- nix/variables/keys.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/variables/keys.nix b/nix/variables/keys.nix index 8eb8229..bd140a9 100644 --- a/nix/variables/keys.nix +++ b/nix/variables/keys.nix @@ -3,6 +3,7 @@ steveej = { openssh = [ # active, current + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC98w24rC+0YwkR/60VvuHVo+HaojvrM0rre0WCj1s1YVFiLPycsAKhZvl/yo06RKgkhChGb0tHZRGseQSmyb+rEbuNFxXQZnjOylT4jlrQvFR+S9WulkHrLMU0wodwEOpTrzJr/zqThEy3pj61KpC+Yhj9FfCn/p3l7HvL2yp3j+TyclyGbEQtt3Dgo1Ls5ZiD5FVhZAMkto4mK9fThyKjQhT6dUu47j2mxhT5OB8gHNtmPvpdQAUQCNrIz4oP5gilGKsWILmXM0/UwnrSXVdR2cUeiRkKqT0h/Q5jp/+/aW8oDoNYluHw2unWJcMTF0zoVWy/IcuNBTqzfiAhiDICCJN9Y0IXf4KhYN2mGtYJjioEVzmaIp/djxDt1Ra4PTNk1DqazRX72XgXcC9hFskLgiRSGSTR1EJk8dmfN0fE9Kv7IwgmHpyGciUy9WIX4o/eYHt7uO8cmJldtt9dPT7OV3DqGWrmgdCgzV5hVrxPVyOyvuLZa2J1N3T/5v1a8zrsyJ0KwuWH64VJqjVL7dTSKCyHKKIwx5ksLwIpFXBxPiypgCtYyvM6IY7PzF492cBucKimD5wd4f5mY5YxEGZC53/ZgodFVQJkyjmIiO/E06KUjLilmnSzf/nOtk3hoiWK8av47mr8otj+UCfWx6xXVKvGAjSOt4MEzUDDG3D+nw== cardno:17_673_091" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAIODJoJ7Chi8jPTGmKQ5MlB7+TgNGznreeRW/K34v1ey23/FlnIxP9XyyLkzojKALTfAQYgqzrQV3HDSRwhd1rXB7YLq1/CiVWRJvDMTkJiOCV515eiUJGXu1G8e12d/USPNBMEzMJGvqBCIGYen5OxXkyIHIREfePNi5k337G5z9fiuiggxJl9ty6qZ4XIRgFQj9jAoShixP/+99I7XrGWeFQ1BmLZWzi20SQGKvogYnOszDZFqBAHGFnCFYHaTz2jOXXCtQsa27gr8D2iLRFaxvhB7XMK+VbpDcZGjmfRJ701XxFv15GFnFAV71hTaYqj/Ebpw9Vs02+gUp3+tt cardno:000608695695" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAIODJoJ7Chi8jPTGmKQ5MlB7+TgNGznreeRW/K34v1ey23/FlnIxP9XyyLkzojKALTfAQYgqzrQV3HDSRwhd1rXB7YLq1/CiVWRJvDMTkJiOCV515eiUJGXu1G8e12d/USPNBMEzMJGvqBCIGYen5OxXkyIHIREfePNi5k337G5z9fiuiggxJl9ty6qZ4XIRgFQj9jAoShixP/+99I7XrGWeFQ1BmLZWzi20SQGKvogYnOszDZFqBAHGFnCFYHaTz2jOXXCtQsa27gr8D2iLRFaxvhB7XMK+VbpDcZGjmfRJ701XxFv15GFnFAV71hTaYqj/Ebpw9Vs02+gUp3+tt cardno:000605247559" From 63f3ec7a199f62d22040b3b1ec0fec52623fdc2e Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 5 Apr 2025 23:00:29 +0200 Subject: [PATCH 294/305] remove hstk0 from toplevel --- flake.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/flake.nix b/flake.nix index 72eceec..832b535 100644 --- a/flake.nix +++ b/flake.nix @@ -161,8 +161,6 @@ "router0-hosthatch" "sj-srv1" - - "hstk0" ] ); From 397fe36c957fb2c349e2010a20827c03d42676d9 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 8 Apr 2025 15:17:49 +0200 Subject: [PATCH 295/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 28 +++++++++++++------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 6b3ab4a..e1569c1 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -214,16 +214,16 @@ "linux-jhovold": { "flake": false, "locked": { - "lastModified": 1742827326, - "narHash": "sha256-HJdy4JgRvFojago9I0InGPkAwsJ0xv7NvVS05JygWsc=", + "lastModified": 1744034672, + "narHash": "sha256-Fa2qBQm6V7GsrWbFZ1aAfMX/849N/xs9AzFj/V3NWuw=", "owner": "jhovold", "repo": "linux", - "rev": "cf34af9cea0db94254af3897c5e403364cb2eb5b", + "rev": "3ceba4ec8dfa3ec7d9929249b666c89f911a27d9", "type": "github" }, "original": { "owner": "jhovold", - "ref": "wip/sc8280xp-6.14", + "ref": "wip/sc8280xp-6.15-rc1", "repo": "linux", "type": "github" } @@ -299,11 +299,11 @@ "x13s-bt-linux-firmware": "x13s-bt-linux-firmware" }, "locked": { - "lastModified": 1743245017, - "narHash": "sha256-zCZc3p8zD9GOKxnlghzXOZbewVKQkkEvcDO+XT+iyrY=", + "lastModified": 1744051984, + "narHash": "sha256-MsRtNPRyPaXmvBDKmpMvzTPbwP/z1kJl+6touKO634g=", "ref": "bump", - "rev": "f4591e4478838272ec024c2bd346001af919a79a", - "revCount": 143, + "rev": "c15672e2607e4b1b118f86cbcff9924824ec0cc2", + "revCount": 144, "type": "git", "url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git" }, @@ -327,11 +327,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1743703532, - "narHash": "sha256-s1KLDALEeqy+ttrvqV3jx9mBZEvmthQErTVOAzbjHZs=", + "lastModified": 1743975612, + "narHash": "sha256-o4FjFOUmjSRMK7dn0TFdAT0RRWUWD+WsspPHa+qEQT8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "bdb91860de2f719b57eef819b5617762f7120c70", + "rev": "a880f49904d68b5e53338d1e8c7bf80f59903928", "type": "github" }, "original": { @@ -343,11 +343,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1743814133, - "narHash": "sha256-drDyYyUmjeYGiHmwB9eOPTQRjmrq3Yz26knwmMPLZFk=", + "lastModified": 1744049787, + "narHash": "sha256-Xrcdw5arr01TL1pxvtyQGPBCMg8Budp7ejOG5H9u7cE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "250b695f41e0e2f5afbf15c6b12480de1fe0001b", + "rev": "48382072d09ce1c72f2a6f716afaecd643226542", "type": "github" }, "original": { From 403c11ccbc83e9961feddc90a25899b1877c81ca Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 11 Apr 2025 10:57:51 +0200 Subject: [PATCH 296/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index e1569c1..3be3ea9 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -38,11 +38,11 @@ ] }, "locked": { - "lastModified": 1743598667, - "narHash": "sha256-ViE7NoFWytYO2uJONTAX35eGsvTYXNHjWALeHAg8OQY=", + "lastModified": 1744145203, + "narHash": "sha256-I2oILRiJ6G+BOSjY+0dGrTPe080L3pbKpc+gCV3Nmyk=", "owner": "nix-community", "repo": "disko", - "rev": "329d3d7e8bc63dd30c39e14e6076db590a6eabe6", + "rev": "76c0a6dba345490508f36c1aa3c7ba5b6b460989", "type": "github" }, "original": { @@ -327,11 +327,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1743975612, - "narHash": "sha256-o4FjFOUmjSRMK7dn0TFdAT0RRWUWD+WsspPHa+qEQT8=", + "lastModified": 1744168086, + "narHash": "sha256-S9M4HddBCxbbX1CKSyDYgZ8NCVyHcbKnBfoUXeRu2jQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a880f49904d68b5e53338d1e8c7bf80f59903928", + "rev": "60e405b241edb6f0573f3d9f944617fe33ac4a73", "type": "github" }, "original": { @@ -343,11 +343,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1744049787, - "narHash": "sha256-Xrcdw5arr01TL1pxvtyQGPBCMg8Budp7ejOG5H9u7cE=", + "lastModified": 1744306397, + "narHash": "sha256-TBdLB9rV5C1/0p+y3wyQ7RYQXNLS/XipWtx/KP3OCyw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "48382072d09ce1c72f2a6f716afaecd643226542", + "rev": "060577c3f0747822c128725585f8b76726abae0d", "type": "github" }, "original": { @@ -382,11 +382,11 @@ ] }, "locked": { - "lastModified": 1742243404, - "narHash": "sha256-j3jdXEU+c6xPa4zdzN2PYNsRkdlgldb1q0aBY50+AdM=", + "lastModified": 1744248553, + "narHash": "sha256-eQM3xXdqKJ5fDn/COmdJvfNtjhEBB2ePe5g3cgN2+hU=", "owner": "youwen5", "repo": "signal-desktop-flake", - "rev": "226d1cbe55bd07d9f66bf801619a7495189e102d", + "rev": "095b99ce990cc448c76d67e094521fd794948d7c", "type": "github" }, "original": { From 2d69c31b3b0586b5c5c02605b77084ff6feda94f Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 17 Apr 2025 20:17:11 +0200 Subject: [PATCH 297/305] update steveej-x13s and some exclusive packages for it --- .../configuration/graphical-fullblown.nix | 2 +- nix/home-manager/programs/firefox.nix | 2 +- nix/os/devices/steveej-x13s/flake.lock | 16 ++++++++-------- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 50bfbad..921c4dc 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -131,7 +131,7 @@ in # FIXME: depends on insecure openssl 1.1.1t # kotatogram-desktop pkgsUnstable.tdesktop - nodeFlake.inputs.signal-desktop.packages.${pkgs.system}.default + pkgsUnstable.signal-desktop-source # Virtualization virt-manager diff --git a/nix/home-manager/programs/firefox.nix b/nix/home-manager/programs/firefox.nix index 196ee23..2f0e99a 100644 --- a/nix/home-manager/programs/firefox.nix +++ b/nix/home-manager/programs/firefox.nix @@ -317,7 +317,7 @@ in }; programs.firefox = { enable = true; - package = pkgs.firefox-esr-128; + # package = pkgs.firefox-esr-128; profiles = mkProfiles { "personal" = mkProfile { diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 3be3ea9..4246491 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -214,16 +214,16 @@ "linux-jhovold": { "flake": false, "locked": { - "lastModified": 1744034672, - "narHash": "sha256-Fa2qBQm6V7GsrWbFZ1aAfMX/849N/xs9AzFj/V3NWuw=", + "lastModified": 1744636104, + "narHash": "sha256-p4voWqXIqupN+7NhSXvF9xuGErA5jv3tS3TdgPlYdMw=", "owner": "jhovold", "repo": "linux", - "rev": "3ceba4ec8dfa3ec7d9929249b666c89f911a27d9", + "rev": "344c8e59eee25351d19652f654e6968f34d7702c", "type": "github" }, "original": { "owner": "jhovold", - "ref": "wip/sc8280xp-6.15-rc1", + "ref": "wip/sc8280xp-6.15-rc2", "repo": "linux", "type": "github" } @@ -299,11 +299,11 @@ "x13s-bt-linux-firmware": "x13s-bt-linux-firmware" }, "locked": { - "lastModified": 1744051984, - "narHash": "sha256-MsRtNPRyPaXmvBDKmpMvzTPbwP/z1kJl+6touKO634g=", + "lastModified": 1744800981, + "narHash": "sha256-ZWkkXWtlRzJgF6fmGVPim2LhzrntwbWhMvDqO+DUPV0=", "ref": "bump", - "rev": "c15672e2607e4b1b118f86cbcff9924824ec0cc2", - "revCount": 144, + "rev": "66640a57be73d702cbf7edde5ef3a8f565cbc92c", + "revCount": 145, "type": "git", "url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git" }, From bef4f69fd292dc4ef07df6d0537eab1341264563 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 18 Apr 2025 16:52:55 +0200 Subject: [PATCH 298/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 20 ++++++++++---------- nix/os/devices/steveej-x13s/flake.nix | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 4246491..17dfe32 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -38,11 +38,11 @@ ] }, "locked": { - "lastModified": 1744145203, - "narHash": "sha256-I2oILRiJ6G+BOSjY+0dGrTPe080L3pbKpc+gCV3Nmyk=", + "lastModified": 1744940522, + "narHash": "sha256-TNoetfICvd29DhxRPpmyKItQBDlqSvKcV+wGNkn14jk=", "owner": "nix-community", "repo": "disko", - "rev": "76c0a6dba345490508f36c1aa3c7ba5b6b460989", + "rev": "51d33bbb7f1e74ba5f9d9a77357735149da99081", "type": "github" }, "original": { @@ -327,11 +327,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1744168086, - "narHash": "sha256-S9M4HddBCxbbX1CKSyDYgZ8NCVyHcbKnBfoUXeRu2jQ=", + "lastModified": 1744440957, + "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "60e405b241edb6f0573f3d9f944617fe33ac4a73", + "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", "type": "github" }, "original": { @@ -343,16 +343,16 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1744306397, - "narHash": "sha256-TBdLB9rV5C1/0p+y3wyQ7RYQXNLS/XipWtx/KP3OCyw=", + "lastModified": 1744932701, + "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "060577c3f0747822c128725585f8b76726abae0d", + "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-unstable-small", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 469cf92..ffd00f9 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -2,7 +2,7 @@ inputs = { nixpkgs.follows = "nixpkgs-unstable"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11"; - nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # nixpkgs-unstable.url = "github:steveej-forks/nixpkgs/nixos-unstable"; get-flake.url = "github:ursi/get-flake"; From 91f6dcd21d060ca5c1151c239357acf035ac54c3 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 25 Apr 2025 14:38:47 +0200 Subject: [PATCH 299/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 46 +++++++++++++------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 17dfe32..53e5237 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -38,11 +38,11 @@ ] }, "locked": { - "lastModified": 1744940522, - "narHash": "sha256-TNoetfICvd29DhxRPpmyKItQBDlqSvKcV+wGNkn14jk=", + "lastModified": 1745502102, + "narHash": "sha256-LqhRwzvIVPEjH0TaPgwzqpyhW6DtCrvz7FnUJDoUZh8=", "owner": "nix-community", "repo": "disko", - "rev": "51d33bbb7f1e74ba5f9d9a77357735149da99081", + "rev": "ca27b88c88948d96feeee9ed814cbd34f53d0d70", "type": "github" }, "original": { @@ -214,16 +214,16 @@ "linux-jhovold": { "flake": false, "locked": { - "lastModified": 1744636104, - "narHash": "sha256-p4voWqXIqupN+7NhSXvF9xuGErA5jv3tS3TdgPlYdMw=", + "lastModified": 1745394888, + "narHash": "sha256-yRTPjHTcg1gwRuYOsnzyVft7Dt8KCZE3W+DOrV3ruLI=", "owner": "jhovold", "repo": "linux", - "rev": "344c8e59eee25351d19652f654e6968f34d7702c", + "rev": "f4e0af2c7a2ef3a3ef4efdf8f240b31f643c3588", "type": "github" }, "original": { "owner": "jhovold", - "ref": "wip/sc8280xp-6.15-rc2", + "ref": "wip/sc8280xp-6.15-rc3", "repo": "linux", "type": "github" } @@ -239,11 +239,11 @@ ] }, "locked": { - "lastModified": 1742897527, - "narHash": "sha256-yhA9KYzOC7QLa+4pFVBrwWsjDWGvuWl9l0YVBwxw4cg=", + "lastModified": 1745503977, + "narHash": "sha256-6TNl1yfmtLDtFp7LUevJn4FlsTE4V6DKkD7fjrG+Ivw=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "60d8f4a9f102bf12cc4bc05fca8a252fccd10fe5", + "rev": "82b34a3e6ece2102e1b3b700322dbf698a51162a", "type": "github" }, "original": { @@ -299,11 +299,11 @@ "x13s-bt-linux-firmware": "x13s-bt-linux-firmware" }, "locked": { - "lastModified": 1744800981, - "narHash": "sha256-ZWkkXWtlRzJgF6fmGVPim2LhzrntwbWhMvDqO+DUPV0=", + "lastModified": 1745574995, + "narHash": "sha256-m6tiiAioOtDBn+BGnAjt+FI1t57S6gB9n/VkbqpXFDY=", "ref": "bump", - "rev": "66640a57be73d702cbf7edde5ef3a8f565cbc92c", - "revCount": 145, + "rev": "465bfd5d456851cc214a22959386b1d5087c0bce", + "revCount": 146, "type": "git", "url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git" }, @@ -327,11 +327,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1744440957, - "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", + "lastModified": 1745487689, + "narHash": "sha256-FQoi3R0NjQeBAsEOo49b5tbDPcJSMWc3QhhaIi9eddw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", + "rev": "5630cf13cceac06cefe9fc607e8dfa8fb342dde3", "type": "github" }, "original": { @@ -343,11 +343,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1744932701, - "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", + "lastModified": 1745391562, + "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", + "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7", "type": "github" }, "original": { @@ -382,11 +382,11 @@ ] }, "locked": { - "lastModified": 1744248553, - "narHash": "sha256-eQM3xXdqKJ5fDn/COmdJvfNtjhEBB2ePe5g3cgN2+hU=", + "lastModified": 1745037528, + "narHash": "sha256-twzHVBNEX6daUCFwtjn3X7WaJnwRqHeAxX0MB7kosHo=", "owner": "youwen5", "repo": "signal-desktop-flake", - "rev": "095b99ce990cc448c76d67e094521fd794948d7c", + "rev": "1b41af6489574da6ba1e0186235c87acbf57163f", "type": "github" }, "original": { From e63abdcc4237da3a7a8b385f3bd5d2c8f8c88e57 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 29 Apr 2025 11:00:08 +0200 Subject: [PATCH 300/305] nix/os/devices/steveej-x13s: bump versions --- nix/os/devices/steveej-x13s/flake.lock | 40 +++++++++++++------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 53e5237..28474a5 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -38,11 +38,11 @@ ] }, "locked": { - "lastModified": 1745502102, - "narHash": "sha256-LqhRwzvIVPEjH0TaPgwzqpyhW6DtCrvz7FnUJDoUZh8=", + "lastModified": 1745812220, + "narHash": "sha256-hotBG0EJ9VmAHJYF0yhWuTVZpENHvwcJ2SxvIPrXm+g=", "owner": "nix-community", "repo": "disko", - "rev": "ca27b88c88948d96feeee9ed814cbd34f53d0d70", + "rev": "d0c543d740fad42fe2c035b43c9d41127e073c78", "type": "github" }, "original": { @@ -214,16 +214,16 @@ "linux-jhovold": { "flake": false, "locked": { - "lastModified": 1745394888, - "narHash": "sha256-yRTPjHTcg1gwRuYOsnzyVft7Dt8KCZE3W+DOrV3ruLI=", + "lastModified": 1745847827, + "narHash": "sha256-ewM7Rpd6On6ys3OkcWOtR7TNWSRZRLZpRP7L9syhn6s=", "owner": "jhovold", "repo": "linux", - "rev": "f4e0af2c7a2ef3a3ef4efdf8f240b31f643c3588", + "rev": "1786db28b335abb5a0fa1e8a27e9950a73f64acf", "type": "github" }, "original": { "owner": "jhovold", - "ref": "wip/sc8280xp-6.15-rc3", + "ref": "wip/sc8280xp-6.15-rc4", "repo": "linux", "type": "github" } @@ -239,11 +239,11 @@ ] }, "locked": { - "lastModified": 1745503977, - "narHash": "sha256-6TNl1yfmtLDtFp7LUevJn4FlsTE4V6DKkD7fjrG+Ivw=", + "lastModified": 1745847266, + "narHash": "sha256-n3qpWRRLvI1WpAhOFIhZAZNrMsROw5CBig9glDEWBf8=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "82b34a3e6ece2102e1b3b700322dbf698a51162a", + "rev": "ea4e77c638f8dd49e87af9e73b32d8aec3283795", "type": "github" }, "original": { @@ -299,11 +299,11 @@ "x13s-bt-linux-firmware": "x13s-bt-linux-firmware" }, "locked": { - "lastModified": 1745574995, - "narHash": "sha256-m6tiiAioOtDBn+BGnAjt+FI1t57S6gB9n/VkbqpXFDY=", + "lastModified": 1745914252, + "narHash": "sha256-u8hbsI+oW+cO+omdGeY6Q+Z/NvVZaHIZS70f1mq1gac=", "ref": "bump", - "rev": "465bfd5d456851cc214a22959386b1d5087c0bce", - "revCount": 146, + "rev": "8bd7972c74b12b45aee190ce2ddd6960a0771af6", + "revCount": 147, "type": "git", "url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git" }, @@ -327,11 +327,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1745487689, - "narHash": "sha256-FQoi3R0NjQeBAsEOo49b5tbDPcJSMWc3QhhaIi9eddw=", + "lastModified": 1745742390, + "narHash": "sha256-1rqa/XPSJqJg21BKWjzJZC7yU0l/YTVtjRi0RJmipus=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5630cf13cceac06cefe9fc607e8dfa8fb342dde3", + "rev": "26245db0cb552047418cfcef9a25da91b222d6c7", "type": "github" }, "original": { @@ -343,11 +343,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1745391562, - "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=", + "lastModified": 1745794561, + "narHash": "sha256-T36rUZHUART00h3dW4sV5tv4MrXKT7aWjNfHiZz7OHg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7", + "rev": "5461b7fa65f3ca74cef60be837fd559a8918eaa0", "type": "github" }, "original": { From 9b6ea1c51b961aa4d7a5aafaf79c791baa71c644 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 1 May 2025 14:22:26 +0200 Subject: [PATCH 301/305] firefox: go back to firefox-esr, add display-anchor extension --- nix/home-manager/programs/firefox.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nix/home-manager/programs/firefox.nix b/nix/home-manager/programs/firefox.nix index 2f0e99a..8251d11 100644 --- a/nix/home-manager/programs/firefox.nix +++ b/nix/home-manager/programs/firefox.nix @@ -29,6 +29,8 @@ let auto-tab-discard youtube-recommended-videos + + display-_anchors ]; customAddons = [ @@ -317,7 +319,7 @@ in }; programs.firefox = { enable = true; - # package = pkgs.firefox-esr-128; + package = pkgs.firefox-esr; profiles = mkProfiles { "personal" = mkProfile { From b99b06edf6cb72b67b82ecfa38c86a871de72511 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 1 May 2025 14:23:01 +0200 Subject: [PATCH 302/305] steveej-x13s: bump flake --- nix/os/devices/steveej-x13s/flake.lock | 48 ++++++++++++++++++-------- 1 file changed, 33 insertions(+), 15 deletions(-) diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 28474a5..8ee318a 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -72,6 +72,21 @@ } }, "flake-compat": { + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "locked": { "lastModified": 1733328505, "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", @@ -85,7 +100,7 @@ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" } }, - "flake-compat_2": { + "flake-compat_3": { "flake": false, "locked": { "lastModified": 1696426674, @@ -176,12 +191,15 @@ } }, "get-flake": { + "inputs": { + "flake-compat": "flake-compat" + }, "locked": { - "lastModified": 1714237590, - "narHash": "sha256-9gtHdGbzFHaR20xORN8IYd67ROWS+1nqQ5CsPf9MD8I=", + "lastModified": 1745945175, + "narHash": "sha256-JGDbJRl5v1snA4JX+yp6m3UA6Mazr59Hrgz+UhhP91M=", "owner": "ursi", "repo": "get-flake", - "rev": "a6c57417d1b857b8be53aba4095869a0f438c502", + "rev": "38401aa2b3a99c77d0c02727471e99e7de2fc366", "type": "github" }, "original": { @@ -231,7 +249,7 @@ "mycelium": { "inputs": { "crane": "crane", - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "flake-utils": "flake-utils_2", "nix-filter": "nix-filter", "nixpkgs": [ @@ -239,11 +257,11 @@ ] }, "locked": { - "lastModified": 1745847266, - "narHash": "sha256-n3qpWRRLvI1WpAhOFIhZAZNrMsROw5CBig9glDEWBf8=", + "lastModified": 1745920427, + "narHash": "sha256-E5uUuKv7Mn0/EfmffRQZpSeATcSzJFVeYVF6Cn7KbJc=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "ea4e77c638f8dd49e87af9e73b32d8aec3283795", + "rev": "1eec5651bf5f194b7f7875ec2483582ccebf1cc1", "type": "github" }, "original": { @@ -269,7 +287,7 @@ }, "nix-snapshotter": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat_3", "flake-parts": "flake-parts", "nixpkgs": [ "nixpkgs" @@ -327,11 +345,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1745742390, - "narHash": "sha256-1rqa/XPSJqJg21BKWjzJZC7yU0l/YTVtjRi0RJmipus=", + "lastModified": 1746055187, + "narHash": "sha256-3dqArYSMP9hM7Qpy5YWhnSjiqniSaT2uc5h2Po7tmg0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "26245db0cb552047418cfcef9a25da91b222d6c7", + "rev": "3e362ce63e16b9572d8c2297c04f7c19ab6725a5", "type": "github" }, "original": { @@ -343,11 +361,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1745794561, - "narHash": "sha256-T36rUZHUART00h3dW4sV5tv4MrXKT7aWjNfHiZz7OHg=", + "lastModified": 1745930157, + "narHash": "sha256-y3h3NLnzRSiUkYpnfvnS669zWZLoqqI6NprtLQ+5dck=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5461b7fa65f3ca74cef60be837fd559a8918eaa0", + "rev": "46e634be05ce9dc6d4db8e664515ba10b78151ae", "type": "github" }, "original": { From 4123104552ef1a23f4ffec59260cfb9df39938bf Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 2 May 2025 22:41:44 +0200 Subject: [PATCH 303/305] firefox: istilldontcareaboutcookies --- nix/home-manager/programs/firefox.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/home-manager/programs/firefox.nix b/nix/home-manager/programs/firefox.nix index 8251d11..51c7a93 100644 --- a/nix/home-manager/programs/firefox.nix +++ b/nix/home-manager/programs/firefox.nix @@ -27,6 +27,7 @@ let vimium cookie-autodelete auto-tab-discard + istilldontcareaboutcookies youtube-recommended-videos From be974b10e4f92e68fb50ffc5e07626acbb643f1b Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 13 May 2025 16:02:32 +0200 Subject: [PATCH 304/305] nix/os/devices/sj-srv1: bump versions --- nix/os/devices/sj-srv1/flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/nix/os/devices/sj-srv1/flake.lock b/nix/os/devices/sj-srv1/flake.lock index 9961108..05230e2 100644 --- a/nix/os/devices/sj-srv1/flake.lock +++ b/nix/os/devices/sj-srv1/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1742655702, - "narHash": "sha256-jbqlw4sPArFtNtA1s3kLg7/A4fzP4GLk9bGbtUJg0JQ=", + "lastModified": 1747020534, + "narHash": "sha256-D/6rkiC6w2p+4SwRiVKrWIeYzun8FBg7NlMKMwQMxO0=", "owner": "nix-community", "repo": "home-manager", - "rev": "0948aeedc296f964140d9429223c7e4a0702a1ff", + "rev": "b4bbdc6fde16fc2051fcde232f6e288cd22007ca", "type": "github" }, "original": { @@ -23,11 +23,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1742937945, - "narHash": "sha256-lWc+79eZRyvHp/SqMhHTMzZVhpxkRvthsP1Qx6UCq0E=", + "lastModified": 1746957726, + "narHash": "sha256-k9ut1LSfHCr0AW82ttEQzXVCqmyWVA5+SHJkS5ID/Jo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d02d88f8de5b882ccdde0465d8fa2db3aa1169f7", + "rev": "a39ed32a651fdee6842ec930761e31d1f242cb94", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1743256265, - "narHash": "sha256-1GJtabBAEwSkwKgSBe+osLCYwcRr5zx5H7ipuoVkO/4=", + "lastModified": 1747142919, + "narHash": "sha256-84jJ5uDXws7EYch+4fxmfoCCTWRWZCXCCVM0Dh65ZH8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5dab1e63b3efccf767a54b0b978b41fe7410aff0", + "rev": "60bdd7db9e890967224c2244be45beecd7d6e448", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1743210622, - "narHash": "sha256-AagCXne3DGJARB7kxCjcBgJddT/J2CC7SSe7I6kFqso=", + "lastModified": 1747114929, + "narHash": "sha256-GnQGiZiOnGfxM9oVhgqOJk0Qv1aZ11p5Aloac2tdoKY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "800863744b6d0ef3c748a094a15e7f9d361f62fb", + "rev": "fab95ba4b9523f310644e6e6087c0014535c8e02", "type": "github" }, "original": { From f59930c49edcc293d348eeb15a88d6014155c0e2 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 14 May 2025 10:46:20 +0200 Subject: [PATCH 305/305] feat(syncthing): expose scan folder via samba --- nix/os/containers/syncthing.nix | 54 +++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/nix/os/containers/syncthing.nix b/nix/os/containers/syncthing.nix index 51b7dcf..921662f 100644 --- a/nix/os/containers/syncthing.nix +++ b/nix/os/containers/syncthing.nix @@ -5,6 +5,7 @@ localAddress, syncthingPort ? 22000, syncthingLocalAnnouncePort ? 21027, + smbTcpPort ? 445, autoStart ? false, }: { @@ -26,6 +27,54 @@ openDefaultPorts = true; guiAddress = "0.0.0.0:8384"; }; + + services.samba = { + enable = true; + securityType = "user"; + openFirewall = true; + settings = { + global = { + "workgroup" = "DMZ"; + "server string" = "syncthing"; + "netbios name" = "syncthing"; + "security" = "user"; + #"use sendfile" = "yes"; + #"max protocol" = "smb2"; + # note: localhost is the ipv6 localhost ::1 + "hosts allow" = "192.168.23. 127.0.0.1 localhost"; + "hosts deny" = "0.0.0.0/0"; + "guest account" = "nobody"; + "map to guest" = "bad user"; + }; + "scan-stefan" = { + "path" = "/var/lib/syncthing/Sync/Home::Scan::Stefan"; + "browseable" = "yes"; + "read only" = "no"; + "guest ok" = "no"; + "create mask" = "0644"; + "directory mask" = "0755"; + "force user" = "syncthing"; + "force group" = "syncthing"; + }; + + "scan-justyna" = { + "path" = "/var/lib/syncthing/Sync/Home::Scan::Justyna"; + "browseable" = "yes"; + "read only" = "no"; + "guest ok" = "no"; + "create mask" = "0644"; + "directory mask" = "0755"; + "force user" = "syncthing"; + "force group" = "syncthing"; + }; + }; + }; + + + # TODO: find out if smbpasswd file is still used and set it here. or find an alternative + # sops.secrets.smbpasswd = { + # }; + # environment.etc."samba/smbpasswd".source = config.sops.secrets.smbpasswd.text; }; inherit autoStart; @@ -54,6 +103,11 @@ hostPort = syncthingLocalAnnouncePort; protocol = "udp"; } + { + containerPort = 445; + hostPort = smbTcpPort; + protocol = "tcp"; + } ]; inherit hostBridge hostAddress localAddress;