diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index 4b2eebe..c88bece 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -15,10 +15,10 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v31 + - uses: cachix/install-nix-action@v25 - name: Run alejandra - run: nix develop --command alejandra --check . + run: nix run nixpkgs#alejandra -- --check . flake-check: name: Flake check @@ -26,9 +26,9 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v31 + - uses: cachix/install-nix-action@v25 - - uses: cachix/cachix-action@v16 + - uses: cachix/cachix-action@v14 with: name: alarsyo authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' @@ -46,6 +46,7 @@ jobs: fail-fast: false matrix: name: + - ansel - grafanaDashboards/nginx - grafanaDashboards/node-exporter - kaleidoscope-udev-rules @@ -55,9 +56,9 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v31 + - uses: cachix/install-nix-action@v25 - - uses: cachix/cachix-action@v16 + - uses: cachix/cachix-action@v14 with: name: alarsyo authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' @@ -77,18 +78,15 @@ jobs: name: - boreal - hades - - talos + - hephaestus - thanatos steps: - - name: Delete huge unnecessary tools folder - run: rm -rf /opt/hostedtoolcache - - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v31 + - uses: cachix/install-nix-action@v25 - - uses: cachix/cachix-action@v16 + - uses: cachix/cachix-action@v14 with: name: alarsyo authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' diff --git a/.lohr b/.lohr index 5450957..c20d109 100644 --- a/.lohr +++ b/.lohr @@ -1,4 +1,3 @@ git@github.com:alarsyo/nixos-config git@gitlab.com:alarsyo/nixos-config git@git.sr.ht:~alarsyo/nixos-config -git@codeberg.org:alarsyo/nixos-config diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 7057c85..885597b 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -23,47 +23,35 @@ in { programs.gnupg.agent = { enable = true; enableSSHSupport = true; - pinentryPackage = pkgs.pinentry-qt; + pinentryFlavor = "qt"; }; services = { xserver = { enable = true; - # NOTE: could use `mkOptionDefault` but this feels more explicit - videoDrivers = - if config.my.gui.isNvidia - then ["nvidia"] - else options.services.xserver.videoDrivers.default; + windowManager.i3.enable = true; xkb = { layout = "fr"; variant = "us"; }; - }; - - libinput = { - enable = true; - touchpad = { - naturalScrolling = true; + libinput = { + enable = true; + touchpad = { + naturalScrolling = true; + }; }; }; - logind.lidSwitch = "suspend"; - - printing = { - enable = true; - cups-pdf.enable = true; - }; - - udev.packages = [pkgs.chrysalis]; + logind.lidSwitch = "ignore"; }; environment.systemPackages = builtins.attrValues { inherit (pkgs) - arandr chrysalis - discord + evince feh + firefox ffmpeg gimp-with-plugins imagemagick @@ -78,10 +66,58 @@ in { zathura ; - inherit (pkgs.kdePackages) okular; + inherit (pkgs.gnome) nautilus; + + inherit (pkgs.libsForQt5) okular; + + discord = pkgs.discord.override {nss = pkgs.nss_latest;}; }; - networking.networkmanager.enable = true; + networking.networkmanager = { + enable = true; + + dispatcherScripts = [ + { + source = let + grep = "${pkgs.gnugrep}/bin/grep"; + nmcli = "${pkgs.networkmanager}/bin/nmcli"; + in + pkgs.writeShellScript "disable_wifi_on_ethernet" '' + export LC_ALL=C + date >> /tmp/disable_wifi_on_ethernet.log + echo START "$@" >> /tmp/disable_wifi_on_ethernet.log + + beginswith() { case $2 in "$1"*) true;; *) false;; esac; } + + is_ethernet_interface () + { + local type="$(${nmcli} dev show "$1" | grep 'GENERAL\.TYPE:' | awk '{ print $2 }')" + test "$type" = "ethernet" || beginswith enp "$1" + } + + hotspot_enabled () + { + ${nmcli} dev | ${grep} -q "hotspot" + } + + if is_ethernet_interface "$1" && ! hotspot_enabled; then + echo "change in ethernet and not in hotspot mode" >> /tmp/disable_wifi_on_ethernet.log + if [ "$2" = "up" ]; then + echo "turning wifi off" >> /tmp/disable_wifi_on_ethernet.log + nmcli radio wifi off + fi + + if [ "$2" = "down" ]; then + echo "turning wifi on" >> /tmp/disable_wifi_on_ethernet.log + nmcli radio wifi on + fi + fi + echo END "$@" >> /tmp/disable_wifi_on_ethernet.log + ''; + type = "basic"; + } + ]; + }; programs.nm-applet.enable = true; programs.steam.enable = true; diff --git a/base/nix.nix b/base/nix.nix index 01ba76e..b5923a7 100644 --- a/base/nix.nix +++ b/base/nix.nix @@ -2,7 +2,7 @@ nixpkgs.config.allowUnfree = true; nix = { - package = pkgs.lixPackageSets.latest.lix; + package = pkgs.nixStable; gc = { automatic = true; diff --git a/base/programs.nix b/base/programs.nix index 064c3e1..0f82f19 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -21,25 +21,36 @@ inherit (pkgs) # shell usage + bat fd file ripgrep + sd + tokei tree wget + jq pciutils usbutils # development + + agenix + alejandra git git-crypt git-lfs gnumake gnupg + pinentry-qt python3 - shellcheck vim # terminal utilities + + dogdns + du-dust htop + ldns # drill unzip zip ; diff --git a/flake.lock b/flake.lock index 1f387d7..bf02982 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1736955230, - "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", + "lastModified": 1707830867, + "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=", "owner": "ryantm", "repo": "agenix", - "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", + "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", "type": "github" }, "original": { @@ -48,11 +48,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1743598667, - "narHash": "sha256-ViE7NoFWytYO2uJONTAX35eGsvTYXNHjWALeHAg8OQY=", + "lastModified": 1709286488, + "narHash": "sha256-RDpTZ72zLu05djvXRzK76Ysqp9zSdh84ax/edEaJucs=", "owner": "nix-community", "repo": "disko", - "rev": "329d3d7e8bc63dd30c39e14e6076db590a6eabe6", + "rev": "bde7dd352c07d43bd5b8245e6c39074a391fdd46", "type": "github" }, "original": { @@ -67,11 +67,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "lastModified": 1709126324, + "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", "owner": "numtide", "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "rev": "d465f4819400de7c8d874d50b982301f28a84605", "type": "github" }, "original": { @@ -81,24 +81,6 @@ "type": "github" } }, - "flake-utils_2": { - "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -127,50 +109,27 @@ ] }, "locked": { - "lastModified": 1758463745, - "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=", + "lastModified": 1709204054, + "narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=", "owner": "nix-community", "repo": "home-manager", - "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3", + "rev": "2f3367769a93b226c467551315e9e270c3f78b15", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-25.05", + "ref": "master", "repo": "home-manager", "type": "github" } }, - "jujutsu": { - "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": [ - "nixpkgs" - ], - "rust-overlay": "rust-overlay" - }, - "locked": { - "lastModified": 1762395739, - "narHash": "sha256-YUrjP2tzABdy4eAV1hPmgYWU8ChcJ5B4IlmQUGm95ro=", - "owner": "jj-vcs", - "repo": "jj", - "rev": "aa2b76978c4a23cb01c61629a11b1254af3ad0d9", - "type": "github" - }, - "original": { - "owner": "jj-vcs", - "ref": "v0.35.0", - "repo": "jj", - "type": "github" - } - }, "nixos-hardware": { "locked": { - "lastModified": 1762847253, - "narHash": "sha256-BWWnUUT01lPwCWUvS0p6Px5UOBFeXJ8jR+ZdLX8IbrU=", + "lastModified": 1709147990, + "narHash": "sha256-vpXMWoaCtMYJ7lisJedCRhQG9BSsInEyZnnG5GfY9tQ=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "899dc449bc6428b9ee6b3b8f771ca2b0ef945ab9", + "rev": "33a97b5814d36ddd65ad678ad07ce43b1a67f159", "type": "github" }, "original": { @@ -198,11 +157,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1742541432, - "narHash": "sha256-hPzDbmo3T64R1rt8i8WonR/4VrSbE8ZxY6wFIguC4sc=", + "lastModified": 1709271102, + "narHash": "sha256-Z2sBL/HRRTNABsU8E5XsP+FXBEyBoi6oMwm5bV7lSFw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fa6ab1d7fdf29a4ff0ac65f01ffdaea84f105280", + "rev": "09c1497ce5d4ed4a0edfdd44450d3048074cb300", "type": "github" }, "original": { @@ -214,11 +173,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1743259260, - "narHash": "sha256-ArWLUgRm1tKHiqlhnymyVqi5kLNCK5ghvm06mfCl4QY=", + "lastModified": 1708815994, + "narHash": "sha256-hL7N/ut2Xu0NaDxDMsw2HagAjgDskToGiyZOWriiLYM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "eb0e0f21f15c559d2ac7633dc81d079d1caf5f5f", + "rev": "9a9dae8f6319600fa9aebde37f340975cab4b8c0", "type": "github" }, "original": { @@ -230,16 +189,16 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1763622513, - "narHash": "sha256-1jQnuyu82FpiSxowrF/iFK6Toh9BYprfDqfs4BB+19M=", + "lastModified": 1709150264, + "narHash": "sha256-HofykKuisObPUfj0E9CJVfaMhawXkYx3G8UIFR/XQ38=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c58bc7f5459328e4afac201c5c4feb7c818d604b", + "rev": "9099616b93301d5cf84274b184a3a5ec69e94e08", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-25.05", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -250,33 +209,11 @@ "disko": "disko", "flake-utils": "flake-utils", "home-manager": "home-manager_2", - "jujutsu": "jujutsu", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_3", "nixpkgs-unstable-small": "nixpkgs-unstable-small" } }, - "rust-overlay": { - "inputs": { - "nixpkgs": [ - "jujutsu", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1755139244, - "narHash": "sha256-SN1BFA00m+siVAQiGLtTwjv9LV9TH5n8tQcSziV6Nv4=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "aeae248beb2a419e39d483dd9b7fec924aba8d4d", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, "systems": { "locked": { "lastModified": 1681028828, @@ -306,21 +243,6 @@ "repo": "default", "type": "github" } - }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 9a1ee4d..c0f7351 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,7 @@ type = "github"; owner = "NixOS"; repo = "nixpkgs"; - ref = "nixos-25.05"; + ref = "nixos-unstable"; }; nixpkgs-unstable-small = { @@ -25,7 +25,7 @@ type = "github"; owner = "nix-community"; repo = "home-manager"; - ref = "release-25.05"; + ref = "master"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -49,14 +49,6 @@ repo = "disko"; ref = "master"; }; - - jujutsu = { - type = "github"; - owner = "jj-vcs"; - repo = "jj"; - ref = "v0.35.0"; - inputs.nixpkgs.follows = "nixpkgs"; - }; }; outputs = { @@ -70,15 +62,20 @@ { nixosModules = { home = { - home-manager.backupFileExtension = "hm-backup"; home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.users.alarsyo = import ./home; home-manager.verbose = true; }; - nix-registry = { - nix.registry.nixpkgs.flake = nixpkgs; - nix.registry.unstable.flake = inputs.nixpkgs-unstable-small; + nix-path = { + nix = { + nixPath = [ + "nixpkgs=${inputs.nixpkgs}" + ]; + registry = { + nixpkgs.flake = inputs.nixpkgs; + }; + }; }; }; @@ -99,7 +96,6 @@ }) agenix.overlays.default - inputs.jujutsu.overlays.default ] ++ builtins.attrValues self.overlays; sharedModules = @@ -145,6 +141,20 @@ ++ sharedModules; }; + hephaestus = nixpkgs.lib.nixosSystem rec { + inherit system; + modules = + [ + ./hephaestus.nix + + inputs.nixos-hardware.nixosModules.common-cpu-amd + inputs.nixos-hardware.nixosModules.common-gpu-amd + inputs.nixos-hardware.nixosModules.common-pc-laptop + inputs.nixos-hardware.nixosModules.common-pc-ssd + ] + ++ sharedModules; + }; + talos = nixpkgs.lib.nixosSystem { inherit system; modules = @@ -167,16 +177,11 @@ }; }; } - // inputs.flake-utils.lib.eachDefaultSystem (system: let - pkgs = nixpkgs.legacyPackages.${system}; - in { + // inputs.flake-utils.lib.eachDefaultSystem (system: { packages = inputs.flake-utils.lib.flattenTree - (import ./pkgs {inherit pkgs;}); - devShells.default = pkgs.mkShellNoCC { - buildInputs = [ - pkgs.alejandra - ]; - }; + (import ./pkgs { + pkgs = import nixpkgs {inherit system;}; + }); }); } diff --git a/hephaestus.nix b/hephaestus.nix new file mode 100644 index 0000000..1bb452a --- /dev/null +++ b/hephaestus.nix @@ -0,0 +1,23 @@ +{...}: { + imports = [ + # Default configuration + ./base + + # Module definitions + ./modules + + # Service definitions + ./services + + # Host-specific config + ./hosts/hephaestus + ]; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? +} diff --git a/home/default.nix b/home/default.nix index 570fbd4..2c74b55 100644 --- a/home/default.nix +++ b/home/default.nix @@ -2,7 +2,6 @@ imports = [ ./alacritty.nix ./bat.nix - ./direnv.nix ./emacs.nix ./env.nix ./firefox.nix @@ -10,8 +9,8 @@ ./flameshot.nix ./git.nix ./gtk.nix - ./jj.nix ./laptop.nix + ./lorri.nix ./mail.nix ./rbw.nix ./rofi.nix diff --git a/home/emacs.nix b/home/emacs.nix index 529439b..47d3776 100644 --- a/home/emacs.nix +++ b/home/emacs.nix @@ -24,14 +24,11 @@ in { inherit (pkgs) sqlite # needed by org-roam - + # fonts used by my config + emacs-all-the-icons-fonts - ; - - inherit - (pkgs.nerd-fonts) - iosevka + iosevka-bin ; }; # make sure above fonts are discoverable @@ -46,7 +43,7 @@ in { programs.emacs = { enable = true; - package = pkgs.emacs30-pgtk; + package = pkgs.emacs29; extraPackages = epkgs: [epkgs.vterm epkgs.pdf-tools pkgs.lilypond epkgs.mu4e]; }; }; diff --git a/home/fish/functions/exit.fish b/home/fish/functions/exit.fish deleted file mode 100644 index 2ca78d7..0000000 --- a/home/fish/functions/exit.fish +++ /dev/null @@ -1,5 +0,0 @@ -function exit \ - --description "Disown all jobs started from this shell to avoid killing them on exit" \ - --on-event fish_exit - jobs -q; and disown (jobs -p) -end diff --git a/home/fish/functions/nfl.fish b/home/fish/functions/nfl.fish index 48674c4..bac1d05 100644 --- a/home/fish/functions/nfl.fish +++ b/home/fish/functions/nfl.fish @@ -1,4 +1,7 @@ function nfl set -l flags "--commit-lock-file" - nix flake update $flags $argv + for flake in $argv + set -a flags "--update-input" "$flake" + end + nix flake lock $flags end diff --git a/home/gtk.nix b/home/gtk.nix index 7be7d77..762c413 100644 --- a/home/gtk.nix +++ b/home/gtk.nix @@ -20,20 +20,16 @@ in { gtk2 = { # No garbage polluting my $HOME - # - # I had this enabled but some program somehow couldn't find my - # configuration there. I think it was nm-applet. - # - #configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc"; + configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc"; }; iconTheme = { - package = pkgs.gnome-themes-extra; + package = pkgs.gnome.gnome-themes-extra; name = "Adwaita"; }; theme = { - package = pkgs.gnome-themes-extra; + package = pkgs.gnome.gnome-themes-extra; name = "Adwaita"; }; }; diff --git a/home/jj.nix b/home/jj.nix deleted file mode 100644 index 5f266f8..0000000 --- a/home/jj.nix +++ /dev/null @@ -1,8 +0,0 @@ -{pkgs, ...}: { - home.packages = [ - pkgs.jujutsu - ]; - xdg.configFile = { - "jj/config.toml".source = ./jj/config.toml; - }; -} diff --git a/home/jj/config.toml b/home/jj/config.toml deleted file mode 100644 index fd339cd..0000000 --- a/home/jj/config.toml +++ /dev/null @@ -1,106 +0,0 @@ -[user] -name = "Antoine Martin" -email = "antoine@alarsyo.net" - -[ui] -diff-editor = ":builtin" -paginate = "auto" -editor = "vim" -pager = "less -FRX" -default-command = "logstatus" - -[ui.movement] -edit = false - -[git] -subprocess = true - -[snapshot] -auto-track = "none()" - -[aliases] -pdiff = ["diff", "-r", "@-"] -tug = ["bookmark", "move", "--from", "closest_bookmark(@-)", "--to", "@-"] -ll = ["log", "-T", "builtin_log_detailed"] -l = ["log", "-T", "builtin_log_compact"] -logstatus = ["util", "exec", "--", "sh", "-c", "jj status && jj log"] - -[revset-aliases] -'closest_bookmark(to)' = 'heads(::to & bookmarks())' - -[templates] -log = "builtin_log_comfortable" - -log_node = ''' -coalesce( - if(!self, label("elided", "~")), - label( - separate(" ", - if(current_working_copy, "working_copy"), - if(immutable, "immutable"), - if(conflict, "conflict"), - if(description.starts_with("wip:"), "wip"), - if(description.starts_with("private:"), "private"), - ), - coalesce( - if(current_working_copy, "@"), - if(immutable, "◆"), - if(conflict, "×"), - if(description.starts_with("wip:"), "!"), - if(description.starts_with("private:"), "!"), - "○", - ) - ) -) -''' - -draft_commit_description = "commit_description_verbose(self)" - -[template-aliases] -"commit_description_verbose(commit)" = ''' -concat( - commit_description(commit), - "JJ: ignore-rest\n", - diff.git(), -) -''' -"changelog_entry(file)" = ''' -concat( - "* ", - f.path(), - ":\n", -) -''' -"commit_description_changelog(commit)" = ''' -concat( - commit.description(), "\n", - surround("", "\n", diff.files().map(|f| if(!commit.description().contains(f.path()), - changelog_entry(f) - ) - ).join("")), - "JJ: This commit contains the following changes:\n", - indent("JJ: ", diff.stat(72)), -) -''' -"commit_description(commit)" = ''' -concat( - commit.description(), "\n", - "JJ: This commit contains the following changes:\n", - indent("JJ: ", diff.stat(72)), -) -''' - -[[--scope]] ---when.repositories = ["~/work/lrde/"] -[--scope.user] -email = "amartin@lrde.epita.fr" - -[[--scope]] ---when.repositories = ["~/work/prologin/"] -[--scope.user] -email = "antoine.martin@prologin.org" - -[[--scope]] ---when.repositories = ["~/work/epita/"] -[--scope.user] -email = "antoine4.martin@epita.fr" diff --git a/home/direnv.nix b/home/lorri.nix similarity index 55% rename from home/direnv.nix rename to home/lorri.nix index 9c1b086..0d7e2e3 100644 --- a/home/direnv.nix +++ b/home/lorri.nix @@ -9,15 +9,17 @@ mkIf ; - cfg = config.my.home.direnv; + cfg = config.my.home.lorri; in { - options.my.home.direnv = { - enable = (mkEnableOption "setup direnv usage") // {default = true;}; + options.my.home.lorri = { + enable = (mkEnableOption "lorri daemon setup") // {default = true;}; }; config = mkIf cfg.enable { + services.lorri.enable = true; programs.direnv = { enable = true; + # FIXME: proper file, not lorri.nix nix-direnv = { enable = true; }; diff --git a/home/mail.nix b/home/mail.nix index d48b580..d03fbf9 100644 --- a/home/mail.nix +++ b/home/mail.nix @@ -81,7 +81,6 @@ in { aliases = [ "alarsyo@alarsyo.net" "antoine@amartin.email" - "mail@antoinemartin.fr" ]; flavor = "plain"; # default setting passwordCommand = "${pkgs.rbw}/bin/rbw get webmail.migadu.com ${email_perso}"; @@ -117,7 +116,7 @@ in { userName = "amartin"; realName = myName; flavor = "plain"; # default setting - passwordCommand = "${pkgs.rbw}/bin/rbw get lre.epita.fr amartin"; + passwordCommand = "${pkgs.rbw}/bin/rbw get lrde.epita.fr amartin"; mbsync = { enable = true; create = "both"; diff --git a/home/tmux.nix b/home/tmux.nix index 45401c3..3f72959 100644 --- a/home/tmux.nix +++ b/home/tmux.nix @@ -19,7 +19,6 @@ in { config = mkIf cfg.enable { programs.tmux = { enable = true; - escapeTime = 0; baseIndex = 1; terminal = "screen-256color"; clock24 = true; @@ -34,10 +33,9 @@ in { ''; } { - plugin = pkgs.tmuxPlugins.catppuccin; + plugin = tmuxPlugins.tmux-colors-solarized; extraConfig = '' - set -g @catppuccin_flavor 'latte' - set -g @catppuccin_window_status_style "rounded" + set -g @colors-solarized 'light' ''; } ]; diff --git a/home/tridactylrc b/home/tridactylrc index b0b07d2..e3611ef 100644 --- a/home/tridactylrc +++ b/home/tridactylrc @@ -5,11 +5,6 @@ " as an enforced single point of truth for Tridactyl's configuration. sanitize tridactyllocal tridactylsync -" Ergo-L chars, alternating between right and left hand. I also omitted -" punctuation like `-` and `,`. Tridactyl supports it but the visual hints won't -" look as good. -set hintchars rnteisualfhvdockzgxyq - " Ctrl-F should use the browser's native 'find' functionality. unbind @@ -23,10 +18,8 @@ bind , nohlsearch " case insensitive if lowercase, case sensitive if using some uppercase letters set findcase smart -set modeindicatormodes {"ignore": "false"} - " New reddit is bad -" autocmd DocStart ^http(s?)://www.reddit.com js tri.excmds.urlmodify("-t", "www", "old") +autocmd DocStart ^http(s?)://www.reddit.com js tri.excmds.urlmodify("-t", "www", "old") " Orange site / Reddit / Lobste.rs specific hints to toggle comments bind ;c hint -Jc [class*="expand"],[class="togg"],[class="comment_folder"] @@ -38,14 +31,8 @@ set editorcmd emacsclient -c set yankto both blacklistadd calendar.google.com -blacklistadd keybr.com -blacklistadd ergol.org -blacklistadd monkeytype.com blacklistadd jellyfin.alarsyo.net blacklistadd localhost blacklistadd netflix.com blacklistadd primevideo.com blacklistadd youtube.com - -" prevent teams from crashing -seturl teams.microsoft.com superignore true diff --git a/home/x/cursor.nix b/home/x/cursor.nix index aa3ebbb..04378b0 100644 --- a/home/x/cursor.nix +++ b/home/x/cursor.nix @@ -16,16 +16,12 @@ in { config = mkIf cfg.enable { home.pointerCursor = { - #package = pkgs.capitaine-cursors; - #name = "capitaine-cursors"; - #package = pkgs.catppuccin-cursors.frappeDark; - #name = "catppuccin-frappe-dark-cursors"; - package = pkgs.bibata-cursors; - name = "Bibata-Modern-Classic"; - # https://unix.stackexchange.com/a/743543 - size = 24; + package = pkgs.capitaine-cursors; + name = "capitaine-cursors"; + # available sizes for capitaine-cursors are: + # 24, 30, 36, 48, 60, 72 + size = 30; x11.enable = true; - gtk.enable = true; }; }; } diff --git a/home/x/i3.nix b/home/x/i3.nix index 0fefa09..665a237 100644 --- a/home/x/i3.nix +++ b/home/x/i3.nix @@ -6,12 +6,11 @@ }: let inherit (lib) - mkEnableOption mkIf mkOptionDefault ; - isEnabled = config.my.home.x.i3.enable; + isEnabled = config.my.home.x.enable; myTerminal = # FIXME: fix when terminal is setup in home @@ -27,10 +26,6 @@ i3Theme = config.my.theme.i3Theme; in { - options.my.home.x.i3 = { - enable = mkEnableOption "i3wm configuration"; - }; - config = mkIf isEnabled { my.home = { flameshot.enable = true; diff --git a/home/x/i3bar.nix b/home/x/i3bar.nix index a00e483..580b65e 100644 --- a/home/x/i3bar.nix +++ b/home/x/i3bar.nix @@ -13,7 +13,7 @@ types ; - isEnabled = config.my.home.x.i3.enable; + isEnabled = config.my.home.x.enable; i3BarTheme = config.my.theme.i3BarTheme; cfg = config.my.home.x.i3bar; in { @@ -41,6 +41,7 @@ in { inherit (pkgs) # FIXME: is this useful? + font-awesome ; }; diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index 12b56fa..f820f69 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -24,12 +24,10 @@ boot.tmp.useTmpfs = true; - boot.supportedFilesystems = { - btrfs = true; - ntfs = true; - }; - - services.xserver.windowManager.i3.enable = true; + boot.supportedFilesystems = [ + "btrfs" + "ntfs" + ]; services.btrfs = { autoScrub = { @@ -86,6 +84,7 @@ services = { openssh = { enable = true; + forwardX11 = true; }; }; my.gui = { @@ -93,23 +92,18 @@ isNvidia = true; }; - hardware = { - bluetooth = { - enable = true; - powerOnBoot = false; - }; - nvidia = { - open = true; - modesetting.enable = true; - }; + my.wakeonwlan.interfaces.phy0.methods = [ + "magic-packet" + "disconnect" + "gtk-rekey-failure" + "eap-identity-request" + "rfkill-release" + ]; + + services.udev.packages = [pkgs.chrysalis]; + + hardware.bluetooth = { + enable = true; + powerOnBoot = false; }; - - environment.systemPackages = with pkgs; [foot waybar wofi]; - - programs.hyprland.enable = true; - programs.hyprlock.enable = true; - programs.waybar.enable = true; - programs.foot.enable = true; - services.displayManager.sddm.wayland.enable = true; - services.power-profiles-daemon.enable = true; } diff --git a/hosts/boreal/home.nix b/hosts/boreal/home.nix index f7425b6..10516ae 100644 --- a/hosts/boreal/home.nix +++ b/hosts/boreal/home.nix @@ -4,11 +4,11 @@ ... }: { home-manager.users.alarsyo = { - home.stateVersion = "20.09"; + # TODO: can probably upgrade me + home.stateVersion = "21.05"; # Keyboard settings & i3 settings my.home.x.enable = true; - my.home.x.i3.enable = true; my.home.x.i3bar.temperature.chip = "k10temp-pci-*"; my.home.x.i3bar.temperature.inputs = ["Tccd1"]; my.home.x.i3bar.networking.throughput_interfaces = ["enp8s0" "wlp4s0"]; @@ -20,11 +20,13 @@ inherit (pkgs) # some websites only work there :( + chromium darktable hugin enblend-enfuse # dev + rustup ; diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index 5f5355b..4f4c02e 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -57,7 +57,7 @@ in { my.services = { fail2ban.enable = true; - forgejo = { + gitea = { enable = true; privatePort = 8082; }; @@ -81,12 +81,6 @@ in { secretConfigFile = config.age.secrets."matrix-synapse/secret-config".path; }; - mealie = { - enable = true; - port = 8090; - credentialsFile = config.age.secrets."mealie/secret-config".path; - }; - microbin = { enable = true; privatePort = 8088; @@ -118,8 +112,13 @@ in { secretKeyFile = config.age.secrets."paperless/secret-key".path; }; + photoprism = { + enable = true; + port = 8084; + }; + pleroma = { - enable = false; + enable = true; port = 8086; secretConfigFile = config.age.secrets."pleroma/pleroma-config".path; }; @@ -157,53 +156,6 @@ in { services = { openssh.enable = true; vnstat.enable = true; - - gitlab-runner = { - enable = true; - settings = { - concurrent = 4; - }; - services = { - nix = { - authenticationTokenConfigFile = config.age.secrets."gitlab-runner/hades-nix-runner-env".path; - dockerImage = "alpine"; - dockerVolumes = [ - "/nix/store:/nix/store:ro" - "/nix/var/nix/db:/nix/var/nix/db:ro" - "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro" - ]; - dockerDisableCache = true; - preBuildScript = pkgs.writeScript "setup-container" '' - mkdir -p -m 0755 /nix/var/log/nix/drvs - mkdir -p -m 0755 /nix/var/nix/gcroots - mkdir -p -m 0755 /nix/var/nix/profiles - mkdir -p -m 0755 /nix/var/nix/temproots - mkdir -p -m 0755 /nix/var/nix/userpool - mkdir -p -m 1777 /nix/var/nix/gcroots/per-user - mkdir -p -m 1777 /nix/var/nix/profiles/per-user - mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root - mkdir -p -m 0700 "$HOME/.nix-defexpr" - - . ${pkgs.nix}/etc/profile.d/nix.sh - - ${pkgs.nix}/bin/nix-env -i ${lib.concatStringsSep " " (with pkgs; [nix cacert git openssh])} - - ${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable - ${pkgs.nix}/bin/nix-channel --update nixpkgs - - mkdir -p ~/.config/nix - echo "experimental-features = nix-command flakes" > ~/.config/nix/nix.conf - ''; - environmentVariables = { - ENV = "/etc/profile"; - USER = "root"; - NIX_REMOTE = "daemon"; - PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin"; - NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"; - }; - }; - }; - }; }; virtualisation.docker.enable = true; diff --git a/hosts/hades/home.nix b/hosts/hades/home.nix index a3737e5..3f83cc4 100644 --- a/hosts/hades/home.nix +++ b/hosts/hades/home.nix @@ -1,6 +1,8 @@ {config, ...}: { home-manager.users.alarsyo = { - home.stateVersion = "22.05"; + # TODO: can probably upgrade me + home.stateVersion = "21.05"; + my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; }; } diff --git a/hosts/hades/secrets.nix b/hosts/hades/secrets.nix index eb0fa3b..23b2cdb 100644 --- a/hosts/hades/secrets.nix +++ b/hosts/hades/secrets.nix @@ -13,7 +13,7 @@ // attrs; in lib.mapAttrs toSecret { - "gitlab-runner/hades-nix-runner-env" = {}; + "gandi/api-key" = {}; "lohr/shared-secret" = {}; @@ -21,8 +21,6 @@ owner = "matrix-synapse"; }; - "mealie/secret-config" = {}; - "microbin/secret-config" = {}; "miniflux/admin-credentials" = {}; @@ -31,8 +29,6 @@ owner = "nextcloud"; }; - "ovh/credentials" = {}; - "paperless/admin-password" = {}; "paperless/secret-key" = {}; diff --git a/hosts/hephaestus/default.nix b/hosts/hephaestus/default.nix new file mode 100644 index 0000000..8eb7d45 --- /dev/null +++ b/hosts/hephaestus/default.nix @@ -0,0 +1,246 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). +{ + config, + lib, + pkgs, + ... +}: { + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ./home.nix + ./secrets.nix + ]; + + hardware.amdgpu.opencl = false; + + boot.kernelPackages = pkgs.linuxPackages; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # boot.initrd.systemd.enable = true; + # boot.plymouth.enable = true; + # boot.kernelParams = ["quiet"]; + + boot.initrd.secrets = { + "/crypto_keyfile.bin" = null; + }; + + boot.tmp.useTmpfs = true; + + services.btrfs = { + autoScrub = { + enable = true; + fileSystems = ["/"]; + }; + }; + + networking.hostName = "hephaestus"; # Define your hostname. + networking.domain = "alarsyo.net"; + + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "Europe/Paris"; + + # List services that you want to enable: + my.services = { + tailscale = { + enable = true; + useRoutingFeatures = "client"; + }; + + pipewire.enable = true; + + restic-backup = { + enable = true; + repo = "b2:hephaestus-backup"; + passwordFile = config.age.secrets."restic-backup/hephaestus-password".path; + environmentFile = config.age.secrets."restic-backup/hephaestus-credentials".path; + + timerConfig = { + OnCalendar = "*-*-* 13:00:00"; # laptop only gets used during the day + }; + + paths = [ + "/home/alarsyo" + ]; + exclude = [ + "/home/alarsyo/Downloads" + + # Rust builds using half my storage capacity + "/home/alarsyo/**/target" + "/home/alarsyo/work/rust/build" + + # don't backup nixpkgs + "/home/alarsyo/work/nixpkgs" + + "/home/alarsyo/go" + + # C build crap + "*.a" + "*.o" + "*.so" + + ".direnv" + + # test vms + "*.qcow2" + + # secrets stay offline + "/home/alarsyo/**/secrets" + + # ignore all dotfiles as .config and .cache can become quite big + "/home/alarsyo/.*" + ]; + }; + }; + + virtualisation.docker.enable = true; + virtualisation.libvirtd.enable = true; + programs.dconf.enable = true; + + services = { + tlp = { + enable = true; + settings = { + START_CHARGE_THRESH_BAT0 = 70; + STOP_CHARGE_THRESH_BAT0 = 80; + }; + }; + fwupd.enable = true; + openssh.enable = true; + }; + + my.gui.enable = true; + my.displayManager.sddm.enable = lib.mkForce false; + + hardware.bluetooth = { + enable = true; + powerOnBoot = false; + settings.General.Experimental = true; + }; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "fr_FR.UTF-8"; + LC_IDENTIFICATION = "fr_FR.UTF-8"; + LC_MEASUREMENT = "fr_FR.UTF-8"; + LC_MONETARY = "fr_FR.UTF-8"; + LC_NAME = "fr_FR.UTF-8"; + LC_PAPER = "fr_FR.UTF-8"; + LC_TELEPHONE = "fr_FR.UTF-8"; + }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the KDE Plasma Desktop Environment. + services.xserver.displayManager.sddm.enable = true; + services.xserver.desktopManager.plasma5.enable = true; + services.power-profiles-daemon.enable = false; + + services.autorandr = { + enable = true; + profiles = { + default = { + fingerprint = { + "eDP-1" = "00ffffffffffff0030e42c0600000000001c0104a51f117802aa95955e598e271b5054000000010101010101010101010101010101012e3680a070381f403020350035ae1000001ab62c80f4703816403020350035ae1000001a000000fe004c4720446973706c61790a2020000000fe004c503134305746412d535044340018"; + }; + config = { + "eDP-1" = { + enable = true; + crtc = 0; + primary = true; + position = "0x0"; + mode = "1920x1080"; + }; + }; + }; + dock = { + fingerprint = { + "eDP-1" = "00ffffffffffff0030e42c0600000000001c0104a51f117802aa95955e598e271b5054000000010101010101010101010101010101012e3680a070381f403020350035ae1000001ab62c80f4703816403020350035ae1000001a000000fe004c4720446973706c61790a2020000000fe004c503134305746412d535044340018"; + "DP-4" = "00ffffffffffff0026cd4161fb060000021e0104a5351e783aee35a656529d280b5054b74f00714f818081c081009500b300d1c0d1cf023a801871382d40582c45000f282100001e000000fd00374c1e5512000a202020202020000000ff0031313634383030323031373837000000fc00504c32343933480a202020202001c9020318f14b9002030411121305141f012309070183010000023a801871382d40582c45000f282100001e8c0ad08a20e02d10103e96000f2821000018011d007251d01e206e2855000f282100001e8c0ad090204031200c4055000f28210000182a4480a070382740302035000f282100001a00000000000000000000000000a1"; + "DP-5" = "00ffffffffffff0026cd4561990000001f1c0104a5351e783ace65a657519f270f5054b30c00714f818081c081009500b300d1c00101023a801871382d40582c45000f282100001e000000fd00374c1e5311000a202020202020000000ff0031313634384238383030313533000000fc00504c32343933480a202020202001d3020318f14b9002030411121305141f012309070183010000023a801871382d40582c45000f282100001e8c0ad08a20e02d10103e96000f2821000018011d007251d01e206e2855000f282100001e8c0ad090204031200c4055000f28210000180000000000000000000000000000000000000000000000000000000000000035"; + }; + config = { + "eDP-1" = { + enable = true; + primary = false; + position = "3000x840"; + mode = "1920x1080"; + }; + "DP-4" = { + enable = true; + primary = true; + position = "0x420"; + mode = "1920x1080"; + }; + "DP-5" = { + enable = true; + primary = false; + position = "1920x0"; + mode = "1920x1080"; + rotate = "left"; + }; + }; + }; + dock-lid-closed = { + fingerprint = { + "DP-4" = "00ffffffffffff0026cd4161fb060000021e0104a5351e783aee35a656529d280b5054b74f00714f818081c081009500b300d1c0d1cf023a801871382d40582c45000f282100001e000000fd00374c1e5512000a202020202020000000ff0031313634383030323031373837000000fc00504c32343933480a202020202001c9020318f14b9002030411121305141f012309070183010000023a801871382d40582c45000f282100001e8c0ad08a20e02d10103e96000f2821000018011d007251d01e206e2855000f282100001e8c0ad090204031200c4055000f28210000182a4480a070382740302035000f282100001a00000000000000000000000000a1"; + "DP-5" = "00ffffffffffff0026cd4561990000001f1c0104a5351e783ace65a657519f270f5054b30c00714f818081c081009500b300d1c00101023a801871382d40582c45000f282100001e000000fd00374c1e5311000a202020202020000000ff0031313634384238383030313533000000fc00504c32343933480a202020202001d3020318f14b9002030411121305141f012309070183010000023a801871382d40582c45000f282100001e8c0ad08a20e02d10103e96000f2821000018011d007251d01e206e2855000f282100001e8c0ad090204031200c4055000f28210000180000000000000000000000000000000000000000000000000000000000000035"; + }; + config = { + "DP-4" = { + enable = true; + primary = true; + position = "0x420"; + mode = "1920x1080"; + }; + "DP-5" = { + enable = true; + primary = false; + position = "1920x0"; + mode = "1920x1080"; + rotate = "left"; + }; + }; + }; + }; + }; + + systemd.services.autorandr-lid-listener = { + wantedBy = ["multi-user.target"]; + description = "Listening for lid events to invoke autorandr"; + + serviceConfig = { + Type = "simple"; + ExecStart = let + stdbufExe = lib.getExe' pkgs.coreutils "stdbuf"; + libinputExe = lib.getExe' pkgs.libinput "libinput"; + grepExe = lib.getExe pkgs.gnugrep; + autorandrExe = lib.getExe pkgs.autorandr; + in + pkgs.writeShellScript "lid-listener.sh" '' + ${stdbufExe} -oL ${libinputExe} debug-events | + ${grepExe} -E --line-buffered '^[[:space:]-]+event[0-9]+[[:space:]]+SWITCH_TOGGLE[[:space:]]' | + while read line; do + ${pkgs.systemd}/bin/systemctl start --no-block autorandr.service + done + ''; + Restart = "always"; + RestartSec = "30"; + }; + }; + + # Configure console keymap + console.keyMap = "us"; + + programs.light.enable = true; +} diff --git a/hosts/hephaestus/hardware-configuration.nix b/hosts/hephaestus/hardware-configuration.nix new file mode 100644 index 0000000..7a033a7 --- /dev/null +++ b/hosts/hephaestus/hardware-configuration.nix @@ -0,0 +1,45 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/54ded736-367c-4081-9978-9e2d8f61cb1b"; + fsType = "btrfs"; + options = ["subvol=@"]; + }; + + boot.initrd.luks.devices."luks-df96458d-45a1-4a30-8633-58feeff603f8".device = "/dev/disk/by-uuid/df96458d-45a1-4a30-8633-58feeff603f8"; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/826A-23F7"; + fsType = "vfat"; + }; + + swapDevices = []; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp2s0f0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/hephaestus/home.nix b/hosts/hephaestus/home.nix new file mode 100644 index 0000000..3f17233 --- /dev/null +++ b/hosts/hephaestus/home.nix @@ -0,0 +1,49 @@ +{ + config, + pkgs, + ... +}: { + home-manager.users.alarsyo = { + # TODO: can probably upgrade me + home.stateVersion = "21.05"; + + my.home.laptop.enable = true; + + # Keyboard settings & i3 settings + my.home.x.enable = true; + my.home.x.i3bar.temperature.chip = "k10temp-pci-*"; + my.home.x.i3bar.temperature.inputs = ["Tctl"]; + my.home.x.i3bar.networking.throughput_interfaces = ["wlp3s0" "enp6s0f3u1u1"]; + my.home.emacs.enable = true; + + my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; + + # TODO: place in global home conf + services.dunst.enable = true; + + home.packages = builtins.attrValues { + inherit + (pkgs) + # some websites only work there :( + + chromium + darktable + # dev + + rustup + gdb + valgrind + arandr + zotero + ; + + inherit + (pkgs.packages) + ansel + spot + ; + + inherit (pkgs.wineWowPackages) stable; + }; + }; +} diff --git a/hosts/hephaestus/secrets.nix b/hosts/hephaestus/secrets.nix new file mode 100644 index 0000000..dc35e6d --- /dev/null +++ b/hosts/hephaestus/secrets.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + options, + ... +}: { + config.age = { + secrets = let + toSecret = name: {...} @ attrs: + { + file = ./../../modules/secrets + "/${name}.age"; + } + // attrs; + in + lib.mapAttrs toSecret { + "restic-backup/hephaestus-credentials" = {}; + "restic-backup/hephaestus-password" = {}; + + "users/alarsyo-hashed-password" = {}; + "users/root-hashed-password" = {}; + }; + }; +} diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index bf11f17..a7994c8 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -16,16 +16,9 @@ ./secrets.nix ]; - boot.kernelPackages = pkgs.linuxPackages_6_12; - # Set Wi-Fi regulatory domain. Currently always set to '00' (world), and could - # lead to bad Wi-Fi performance - boot.kernelParams = ["cfg80211.ieee80211_regdom=FR"]; - boot.extraModulePackages = with config.boot.kernelPackages; [ - v4l2loopback - ]; - boot.extraModprobeConfig = '' - options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1 - ''; + hardware.amdgpu.opencl = false; + + boot.kernelPackages = pkgs.linuxPackages_6_6; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot = { @@ -48,10 +41,7 @@ networking.domain = "alarsyo.net"; # Pick only one of the below networking options. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - networking.networkmanager = { - enable = true; - wifi.powersave = true; - }; + networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. # Set your time zone. time.timeZone = "Europe/Paris"; @@ -61,6 +51,7 @@ # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; programs = { + dconf.enable = true; light.enable = true; }; services = { @@ -69,10 +60,7 @@ }; virtualisation = { docker.enable = true; - libvirtd.enable = false; - virtualbox.host = { - enable = false; - }; + libvirtd.enable = true; }; my.services = { @@ -82,54 +70,10 @@ }; pipewire.enable = true; - - restic-backup = { - enable = true; - repo = "b2:talos-backup"; - passwordFile = config.age.secrets."restic-backup/talos-password".path; - environmentFile = config.age.secrets."restic-backup/talos-credentials".path; - - timerConfig = { - OnCalendar = "*-*-* 13:00:00"; # laptop only gets used during the day - }; - - paths = [ - "/home/alarsyo" - ]; - exclude = [ - "/home/alarsyo/Downloads" - - # Rust builds using half my storage capacity - "/home/alarsyo/**/target" - "/home/alarsyo/work/rust/build" - - # don't backup nixpkgs - "/home/alarsyo/work/nixpkgs" - - "/home/alarsyo/go" - - # C build crap - "*.a" - "*.o" - "*.so" - - ".direnv" - - # test vms - "*.qcow2" - "*.vbox" - "*.vdi" - - # secrets stay offline - "/home/alarsyo/**/secrets" - - # ignore all dotfiles as .config and .cache can become quite big - "/home/alarsyo/.*" - ]; - }; }; my.gui.enable = true; + my.displayManager.sddm.enable = lib.mkForce false; hardware.bluetooth = { enable = true; @@ -137,7 +81,6 @@ settings.General.Experimental = true; }; - hardware.keyboard.qmk.enable = true; # Configure console keymap console.keyMap = "us"; @@ -153,31 +96,22 @@ LC_TELEPHONE = "fr_FR.UTF-8"; }; + # Enable the X11 windowing system. + services.xserver.enable = true; + # Enable the KDE Plasma Desktop Environment. - services.desktopManager.plasma6.enable = true; - services.desktopManager.cosmic.enable = true; + services.xserver.displayManager.sddm = { + enable = true; + wayland.enable = true; + }; + services.xserver.desktopManager.plasma5.enable = true; services.power-profiles-daemon.enable = true; - environment.systemPackages = [ - pkgs.foot - # FIXME: is this needed? - pkgs.darkman - ]; - - #programs.hyprland.enable = true; + programs.hyprland.enable = true; programs.sway = { enable = true; wrapperFeatures.gtk = true; }; - - # TODO: These are overriden by files from - # ~/.config/xdg-desktop-portal/sway-portals.conf so they should be moved to - # home - xdg.portal.config.sway = { - "org.freedesktop.impl.portal.Settings" = "darkman"; - "org.freedesktop.impl.portal.Inhibit" = "none"; - }; - # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. diff --git a/hosts/talos/disko-config.nix b/hosts/talos/disko-config.nix index 5146330..b59cd1a 100644 --- a/hosts/talos/disko-config.nix +++ b/hosts/talos/disko-config.nix @@ -20,7 +20,7 @@ }; }; luks = { - size = "600G"; + size = "100%"; content = { type = "luks"; name = "crypted"; @@ -35,24 +35,19 @@ type = "btrfs"; extraArgs = ["-f"]; subvolumes = { - "@" = { + "/root" = { mountpoint = "/"; mountOptions = ["compress=zstd" "noatime"]; }; - "@home" = { + "/home" = { mountpoint = "/home"; mountOptions = ["compress=zstd" "noatime"]; }; - "@nix" = { + "/nix" = { mountpoint = "/nix"; mountOptions = ["compress=zstd" "noatime"]; }; - "@persist" = { - mountpoint = "/persist"; - mountOptions = ["compress=zstd" "noatime"]; - }; - "@snapshots" = {}; - "@swap" = { + "/swap" = { mountpoint = "/.swapvol"; swap.swapfile.size = "8G"; }; diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 8a189d3..2dce6f6 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -1,16 +1,10 @@ { config, - lib, pkgs, ... -}: let - inherit - (lib) - mkOptionDefault - ; -in { +}: { home-manager.users.alarsyo = { - home.stateVersion = "23.11"; + home.stateVersion = "24.05"; my.home.laptop.enable = true; @@ -23,197 +17,32 @@ in { my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; - services = { - # TODO: place in global home conf - dunst.enable = true; - wlsunset = { - enable = true; - latitude = 48.9; - longitude = 2.3; - temperature = { - day = 6500; - night = 3500; - }; - }; - darkman = { - enable = true; - settings = { - lat = 48.9; - lng = 2.3; - }; - }; - playerctld.enable = true; - }; + # TODO: place in global home conf + services.dunst.enable = true; home.packages = builtins.attrValues { inherit (pkgs) - #ansel - chromium # some websites only work there :( - font-awesome # for pretty icons - gnome-solanum - nwg-displays - shikane # output autoconfig - swaybg + # some websites only work there :( + + chromium + darktable + # dev + + rustup + gdb + valgrind + arandr zotero - grim - wl-clipboard - slurp ; - inherit - (pkgs.packages) - spot - ; + #inherit + # (pkgs.packages) + # ansel + # spot + # ; + + inherit (pkgs.wineWowPackages) stable; }; - - wayland.windowManager.sway = let - logoutMode = "[L]ogout, [S]uspend, [P]oweroff, [R]eboot"; - lock = "swaylock --daemonize --image ~/.wallpaper --scaling fill"; - in { - enable = true; - swaynag.enable = true; - wrapperFeatures.gtk = true; - config = { - modifier = "Mod4"; - input = { - "type:keyboard" = { - xkb_layout = "fr,fr"; - xkb_variant = "us,ergol"; - xkb_options = "grp:shift_caps_toggle"; - }; - "type:touchpad" = { - dwt = "enabled"; - tap = "enabled"; - middle_emulation = "enabled"; - natural_scroll = "enabled"; - }; - }; - output = { - "eDP-1" = { - scale = "1.5"; - }; - }; - fonts = { - names = ["Iosevka Fixed" "FontAwesome6Free"]; - size = 9.0; - }; - bars = []; - - workspaceAutoBackAndForth = true; - bindkeysToCode = true; - keybindings = mkOptionDefault { - "Mod4+Shift+a" = "exec shikanectl reload"; - "Mod4+Shift+e" = ''mode "${logoutMode}"''; - "Mod4+i" = "exec emacsclient --create-frame"; - "Mod4+Control+l" = "exec ${lock}"; - "XF86AudioMute" = "exec wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"; - "XF86AudioLowerVolume" = "exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%- -l 1.2"; - "XF86AudioRaiseVolume" = "exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+ -l 1.2"; - "XF86MonBrightnessUp" = "exec light -A 5"; - "XF86MonBrightnessDown" = "exec light -U 5"; - "XF86AudioPlay" = "exec --no-startup-id playerctl play-pause"; - "XF86AudioPause" = "exec --no-startup-id playerctl play-pause"; - "XF86AudioPrev" = "exec --no-startup-id playerctl previous"; - "XF86AudioNext" = "exec --no-startup-id playerctl next"; - }; - - modes = mkOptionDefault { - "${logoutMode}" = { - "l" = "exec --no-startup-id swaymsg exit, mode default"; - "s" = "exec --no-startup-id systemctl suspend, mode default"; - "p" = "exec --no-startup-id systemctl poweroff, mode default"; - "r" = "exec --no-startup-id systemctl reboot, mode default"; - "Escape" = "mode default"; - "Return" = "mode default"; - }; - }; - - menu = "fuzzel --list-executables-in-path"; - - startup = [ - {command = "shikane";} - {command = "waybar";} - { - command = "swaybg --image ~/.wallpaper --mode fill"; - always = true; - } - {command = "swayidle -w idlehint 1 before-sleep \"${lock}\"";} - ]; - }; - - extraConfig = '' - bindswitch --reload --locked lid:off output eDP-1 enable; - bindswitch --reload --locked lid:on output eDP-1 disable; - - bindgesture swipe:right workspace prev - bindgesture swipe:left workspace next - - set $rosewater #dc8a78 - set $flamingo #dd7878 - set $pink #ea76cb - set $mauve #8839ef - set $red #d20f39 - set $maroon #e64553 - set $peach #fe640b - set $yellow #df8e1d - set $green #40a02b - set $teal #179299 - set $sky #04a5e5 - set $sapphire #209fb5 - set $blue #1e66f5 - set $lavender #7287fd - set $text #4c4f69 - set $subtext1 #5c5f77 - set $subtext0 #6c6f85 - set $overlay2 #7c7f93 - set $overlay1 #8c8fa1 - set $overlay0 #9ca0b0 - set $surface2 #acb0be - set $surface1 #bcc0cc - set $surface0 #ccd0da - set $base #eff1f5 - set $mantle #e6e9ef - set $crust #dce0e8 - - # target title bg text indicator border - client.focused $lavender $lavender $base $rosewater $lavender - client.focused_inactive $overlay0 $base $text $rosewater $overlay0 - client.unfocused $overlay0 $base $text $rosewater $overlay0 - client.urgent $peach $base $peach $overlay0 $peach - client.placeholder $overlay0 $base $text $overlay0 $overlay0 - client.background $base - - smart_borders on - default_border pixel 3 - gaps inner 5 - gaps outer 3 - ''; - }; - - programs = { - fuzzel.enable = true; - swaylock.enable = true; - waybar = { - enable = true; - }; - }; - - home.sessionVariables = { - NIXOS_OZONE_WL = "1"; - }; - }; - - # FIXME: belongs elsewhere - services = { - logind = { - lidSwitch = "suspend"; - lidSwitchExternalPower = "ignore"; - extraConfig = '' - IdleAction=suspend - IdleActionSec=10min - ''; - }; - upower.enable = true; }; } diff --git a/hosts/talos/secrets.nix b/hosts/talos/secrets.nix index e5fae61..387f511 100644 --- a/hosts/talos/secrets.nix +++ b/hosts/talos/secrets.nix @@ -13,8 +13,8 @@ // attrs; in lib.mapAttrs toSecret { - "restic-backup/talos-credentials" = {}; - "restic-backup/talos-password" = {}; + #"restic-backup/hephaestus-credentials" = {}; + #"restic-backup/hephaestus-password" = {}; "users/alarsyo-hashed-password" = {}; "users/root-hashed-password" = {}; diff --git a/hosts/thanatos/default.nix b/hosts/thanatos/default.nix index afa74c0..15cf5ce 100644 --- a/hosts/thanatos/default.nix +++ b/hosts/thanatos/default.nix @@ -35,56 +35,6 @@ in { }; services = { - gitlab-runner = { - enable = true; - settings = { - concurrent = 4; - }; - services = { - nix = { - authenticationTokenConfigFile = config.age.secrets."gitlab-runner/thanatos-nix-runner-env".path; - dockerImage = "alpine"; - dockerVolumes = [ - "/nix/store:/nix/store:ro" - "/nix/var/nix/db:/nix/var/nix/db:ro" - "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro" - ]; - dockerDisableCache = true; - preBuildScript = pkgs.writeScript "setup-container" '' - mkdir -p -m 0755 /nix/var/log/nix/drvs - mkdir -p -m 0755 /nix/var/nix/gcroots - mkdir -p -m 0755 /nix/var/nix/profiles - mkdir -p -m 0755 /nix/var/nix/temproots - mkdir -p -m 0755 /nix/var/nix/userpool - mkdir -p -m 1777 /nix/var/nix/gcroots/per-user - mkdir -p -m 1777 /nix/var/nix/profiles/per-user - mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root - mkdir -p -m 0700 "$HOME/.nix-defexpr" - - . ${pkgs.nix}/etc/profile.d/nix.sh - - ${pkgs.nix}/bin/nix-env -i ${lib.concatStringsSep " " (with pkgs; [nix cacert git openssh])} - - ${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable - ${pkgs.nix}/bin/nix-channel --update nixpkgs - - mkdir -p ~/.config/nix - echo "experimental-features = nix-command flakes" > ~/.config/nix/nix.conf - ''; - environmentVariables = { - ENV = "/etc/profile"; - USER = "root"; - NIX_REMOTE = "daemon"; - PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin"; - NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"; - }; - }; - default = { - authenticationTokenConfigFile = config.age.secrets."gitlab-runner/thanatos-runner-env".path; - dockerImage = "debian:stable"; - }; - }; - }; openssh.enable = true; }; @@ -93,6 +43,4 @@ in { environment.systemPackages = with pkgs; [ docker-compose ]; - - nix.gc.automatic = lib.mkForce false; } diff --git a/hosts/thanatos/home.nix b/hosts/thanatos/home.nix index bacc60b..3f83cc4 100644 --- a/hosts/thanatos/home.nix +++ b/hosts/thanatos/home.nix @@ -1,6 +1,7 @@ {config, ...}: { home-manager.users.alarsyo = { - home.stateVersion = "23.11"; + # TODO: can probably upgrade me + home.stateVersion = "21.05"; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; }; diff --git a/hosts/thanatos/secrets.nix b/hosts/thanatos/secrets.nix index bd58902..3fbc379 100644 --- a/hosts/thanatos/secrets.nix +++ b/hosts/thanatos/secrets.nix @@ -15,8 +15,6 @@ lib.mapAttrs toSecret { "users/alarsyo-hashed-password" = {}; "users/root-hashed-password" = {}; - "gitlab-runner/thanatos-runner-env" = {}; - "gitlab-runner/thanatos-nix-runner-env" = {}; }; }; } diff --git a/modules/sddm.nix b/modules/sddm.nix index de57ae5..ee50f5e 100644 --- a/modules/sddm.nix +++ b/modules/sddm.nix @@ -15,17 +15,23 @@ in { options.my.displayManager.sddm.enable = mkEnableOption "SDDM setup"; config = mkIf cfg.enable { - services.displayManager.sddm = { + services.xserver.displayManager.sddm = { enable = true; - theme = "catppuccin-latte"; - wayland.enable = true; + theme = "sugar-candy"; }; - environment.systemPackages = [ - (pkgs.catppuccin-sddm.override - { - flavor = "latte"; - }) - ]; + environment.systemPackages = builtins.attrValues { + inherit + (pkgs.packages) + sddm-sugar-candy + ; + + inherit + (pkgs.libsForQt5.qt5) + qtgraphicaleffects + qtquickcontrols2 + qtsvg + ; + }; }; } diff --git a/modules/secrets/gitlab-runner/hades-nix-runner-env.age b/modules/secrets/gitlab-runner/hades-nix-runner-env.age deleted file mode 100644 index 88cf224..0000000 --- a/modules/secrets/gitlab-runner/hades-nix-runner-env.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 k2gHjw S9umvubn93fPFsh/ogqAohdlvDOLYxm3hHrliw5vqAQ -EG8RYYX7i2GazNTb/bnzCPs2zrIYN/kOulJc4e5pTW4 --> ssh-ed25519 pX8y2g ux6qHpLuHTleRYpAIvO3iDztVsxPGlcu1+jzs1+MHF0 -R5wtxwQyqB1Hc6KI0U9tUOYxzHBtvkzQkgy6Z8AoOYc ---- w1Wpu3guHKTT0FDAR6KaFYLHaXYsEdCWX/7IuM2wb7Q -=nbg\\!IizA,pg pPa\p/_ut8nCL5,a ssh-ed25519 k2gHjw gFnRWwKy4sm1O4/zeVXcUk3Y451FFZmOfuDY/lI9RW0 -8Mpdm4n7JzepEg2+KRs0HfkrtVTMk0oRFBUZ7Sf08Jw --> ssh-ed25519 6UUuZw cAAsvPXReyc5s3ornw5wPSuJ3dSwcxUaG+TxJnIu8Ak -hKk7q/8jltBMXoB1G29GQBH0v/IWu29r1tGfI9QrpgU ---- 1YEL0aF6L1Hg74seiR6rUBaaPfX9/R5rc1a6O9P8skQ -4on0%lٷFv1! =-)4܅hSg D^| skS; BTo'hJ\NCu#[t>x" gZo\m \ No newline at end of file diff --git a/modules/secrets/gitlab-runner/thanatos-runner-env.age b/modules/secrets/gitlab-runner/thanatos-runner-env.age deleted file mode 100644 index fbbe156..0000000 Binary files a/modules/secrets/gitlab-runner/thanatos-runner-env.age and /dev/null differ diff --git a/modules/secrets/mealie/secret-config.age b/modules/secrets/mealie/secret-config.age deleted file mode 100644 index cd02884..0000000 Binary files a/modules/secrets/mealie/secret-config.age and /dev/null differ diff --git a/modules/secrets/ovh/credentials.age b/modules/secrets/ovh/credentials.age deleted file mode 100644 index ab487ae..0000000 --- a/modules/secrets/ovh/credentials.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 k2gHjw XED7gkKAp1ioBegA7ryqULRF1BORpW74esfIGp9zPE8 -ANxnQN+tox9KYdZvNZFZvQxOymckldPQMhFnz6fSIBo --> ssh-ed25519 pX8y2g 9wgPqL6GoOxad5AAUmDAYj0h/57AEM8VsQKq1pGTtjM -SxD++XJioZLpt6C8Xse5Nmz4wtL0Fb5NKWo5ijKpyv8 ---- 3qOJnkY3Uc4fIex9mgz2+w+su5dS7K7Tmtk1hiqkn9M -XeaLQ H2*ZT P;(jC̀k viħk`]mB ,,?!{%e(Su-SD=H#q=U;=O G+_oP]RL$ֳ\0N!"&%N<,v1ʑj1 \ No newline at end of file diff --git a/modules/secrets/restic-backup/hephaestus-credentials.age b/modules/secrets/restic-backup/hephaestus-credentials.age new file mode 100644 index 0000000..77a80ed --- /dev/null +++ b/modules/secrets/restic-backup/hephaestus-credentials.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 k2gHjw tTdHZJpSocTHlznYH9eRzeZkrYBbsdT4F8jV1FKw/yk +xKIkYhL/A8wTy6LqDkTuUvm4rhDI6+DXwjzl43PcR8E +-> ssh-ed25519 SYm+hA vzQCZWYdgG0yxUEyGJ4Q8EAh1Kzw5CutDa6q6XSaels +Y7VqpvLfrUvWZcXqGeulRld9kff03kgzz22UBW77AOw +-> j-c8-grease +WeQ +--- KHLA1KlfWM432GDbPIiKInzZeqVRJZ2YCKtF3qClfgs +85|Qx_5': A?ڡ ؊oAx)rd!(Ѩ5~\Ld"^ZZ^V/5˕ݦa诲ḷo]O/Eue \ No newline at end of file diff --git a/modules/secrets/restic-backup/hephaestus-password.age b/modules/secrets/restic-backup/hephaestus-password.age new file mode 100644 index 0000000..3ed4290 --- /dev/null +++ b/modules/secrets/restic-backup/hephaestus-password.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 k2gHjw 2/spllcr7Fo+1sQ4VJW/MywBVUcpKEbicv4vZQyre0c +Vc2Wugxc5M4i73UKMFXWA2PeHgUOm/+HekoeYt9ycro +-> ssh-ed25519 SYm+hA KFjo2JVxpdOey8A7GAKeZci+ezE0RYBRKR8vNtloU3M +SAzpTjF/RGOgjawT2Sk5H7TNnk/SdbksuAcZZqakJOs +-> !!6BS-grease GsH7hĩے2cH^X_zv'!Zkš_0}Yoje<.^[q4pP \ No newline at end of file diff --git a/modules/secrets/restic-backup/talos-credentials.age b/modules/secrets/restic-backup/talos-credentials.age deleted file mode 100644 index 967a671..0000000 --- a/modules/secrets/restic-backup/talos-credentials.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 k2gHjw WWJQxqfxQzLmBFPpTzuKBMhAl+ZxnQdvnaDvfpwxR00 -tEsf6xSw/MP/qJnr/SyLlkEEf/LaI7IxjVzaxRwh5FI --> ssh-ed25519 nh0dAQ yRu0VZqx+DuB3SSQaVtg+txuRu9OyJDfLDNCKg9XYk0 -xTpucapaejG2EMrZLIDt46JD3QYM4XXT1Y2F77HPQO8 ---- uZjO0dDIFesU2B/GkjpqrOJas1+K6hGbQAdFV/t1GOk -BV͵\ 8 ۑ[%l^>9\E5j(6g;(I7CS4v6iSXC`OT\;Iݜ6_ky-qKlKӠh?t \ No newline at end of file diff --git a/modules/secrets/restic-backup/talos-password.age b/modules/secrets/restic-backup/talos-password.age deleted file mode 100644 index 244ab8d..0000000 Binary files a/modules/secrets/restic-backup/talos-password.age and /dev/null differ diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index ffa49fd..2496adb 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -4,33 +4,26 @@ let boreal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAagal1aqZh52wEmgsw7fkCzO41o4Cx+nV4wJGZuX1RP root@boreal"; hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxw8CtKUPAiPdKDEnuS7UyRrZN5BkUwsy5UPVF8V+lt root@hades"; + hephaestus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7Cp+n5+huof68QlAoJV8bVf5h5p9kEZFAVpltWopdL root@hephaestus"; talos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBYcmL9HZJ9SqB9OJwQ0Nt6ZbvHZTS+fzM8A6D5MPZs root@talos"; thanatos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID8JEAWk/8iSl8fN6/f76JkmVFwtyixTpLol4zSVsnVw root@thanatos"; - machines = [boreal hades talos thanatos]; + machines = [boreal hades hephaestus talos thanatos]; all = users ++ machines; in { "gandi/api-key.age".publicKeys = [alarsyo hades]; - "gitlab-runner/hades-nix-runner-env.age".publicKeys = [alarsyo hades]; - "gitlab-runner/thanatos-runner-env.age".publicKeys = [alarsyo thanatos]; - "gitlab-runner/thanatos-nix-runner-env.age".publicKeys = [alarsyo thanatos]; - "lohr/shared-secret.age".publicKeys = [alarsyo hades]; "matrix-synapse/secret-config.age".publicKeys = [alarsyo hades]; - "mealie/secret-config.age".publicKeys = [alarsyo hades]; - "microbin/secret-config.age".publicKeys = [alarsyo hades]; "miniflux/admin-credentials.age".publicKeys = [alarsyo hades]; "nextcloud/admin-pass.age".publicKeys = [alarsyo hades]; - "ovh/credentials.age".publicKeys = [alarsyo hades]; - "paperless/admin-password.age".publicKeys = [alarsyo hades]; "paperless/secret-key.age".publicKeys = [alarsyo hades]; @@ -40,8 +33,8 @@ in { "restic-backup/boreal-credentials.age".publicKeys = [alarsyo boreal]; "restic-backup/hades-password.age".publicKeys = [alarsyo hades]; "restic-backup/hades-credentials.age".publicKeys = [alarsyo hades]; - "restic-backup/talos-password.age".publicKeys = [alarsyo talos]; - "restic-backup/talos-credentials.age".publicKeys = [alarsyo talos]; + "restic-backup/hephaestus-password.age".publicKeys = [alarsyo hephaestus]; + "restic-backup/hephaestus-credentials.age".publicKeys = [alarsyo hephaestus]; "users/root-hashed-password.age".publicKeys = machines ++ [alarsyo]; "users/alarsyo-hashed-password.age".publicKeys = machines ++ [alarsyo]; diff --git a/pkgs/ansel/default.nix b/pkgs/ansel/default.nix new file mode 100644 index 0000000..43f5998 --- /dev/null +++ b/pkgs/ansel/default.nix @@ -0,0 +1,155 @@ +{ + cmake, + colord, + colord-gtk, + curl, + dav1d, + desktop-file-utils, + exiftool, + exiv2, + fetchFromGitHub, + glib, + gmic, + graphicsmagick, + gtk3, + icu, + intltool, + isocodes, + jasper, + json-glib, + lcms, + lensfun, + lib, + libXdmcp, + libXtst, + libaom, + libavif, + libdatrie, + libde265, + libepoxy, + libffi, + libgcrypt, + libgpg-error, + libheif, + libjpeg, + libpsl, + librsvg, + libsecret, + libselinux, + libsepol, + libsoup, + libsysprof-capture, + libthai, + libwebp, + libxkbcommon, + libxml2, + libxslt, + llvmPackages, + openexr_3, + openjpeg, + osm-gps-map, + pcre, + pcre2, + perlPackages, + pkg-config, + pugixml, + python3Packages, + rav1e, + sqlite, + stdenv, + util-linux, + wrapGAppsHook, + x265, +}: +stdenv.mkDerivation { + pname = "ansel"; + version = "unstable-2024-01-05"; + + src = fetchFromGitHub { + owner = "aurelienpierreeng"; + repo = "ansel"; + rev = "e2c4a0a60cd80f741dd3d3c6ab72be9ac11234fb"; + hash = "sha256-Kg020MHy9fn1drCk+66f25twqczvD/5evutDODqOjYM="; + fetchSubmodules = true; + }; + + nativeBuildInputs = [ + cmake + desktop-file-utils + exiftool + intltool + libxml2 + llvmPackages.clang + llvmPackages.llvm + pkg-config + perlPackages.perl + python3Packages.jsonschema + wrapGAppsHook + ]; + + buildInputs = [ + colord + colord-gtk + curl + dav1d + exiv2 + json-glib + glib + gmic + graphicsmagick + gtk3 + icu + isocodes + jasper + lcms + lensfun + libaom + libavif + libdatrie + libde265 + libepoxy + libffi + libgcrypt + libgpg-error + libheif + libjpeg + libpsl + librsvg + libsecret + libselinux + libsepol + libsoup + libsysprof-capture + libthai + libwebp + libXdmcp + libxkbcommon + libxslt + libXtst + openexr_3 + openjpeg + osm-gps-map + pcre + pcre2 + perlPackages.Po4a + pugixml + rav1e + sqlite + util-linux + x265 + ]; + + preFixup = '' + gappsWrapperArgs+=( + --prefix LD_LIBRARY_PATH ":" "$out/lib/ansel" + ) + ''; + + meta = { + description = "A darktable fork minus the bloat plus some design vision"; + homepage = "https://ansel.photos/"; + license = lib.licenses.gpl3Plus; + mainProgram = "ansel"; + platforms = lib.platforms.linux; + }; +} diff --git a/pkgs/default.nix b/pkgs/default.nix index f9beb0d..fc7fdd0 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,6 +1,7 @@ {pkgs}: { + ansel = pkgs.callPackage ./ansel {}; sddm-sugar-candy = pkgs.callPackage ./sddm-sugar-candy {}; kaleidoscope-udev-rules = pkgs.callPackage ./kaleidoscope-udev-rules {}; - grafanaDashboards = pkgs.lib.recurseIntoAttrs (pkgs.callPackage ./grafana-dashboards {}); + grafanaDashboards = pkgs.recurseIntoAttrs (pkgs.callPackage ./grafana-dashboards {}); spot = pkgs.python3Packages.toPythonModule (pkgs.callPackage ./spot {}); } diff --git a/pkgs/spot/default.nix b/pkgs/spot/default.nix index 28e7609..5aba50e 100644 --- a/pkgs/spot/default.nix +++ b/pkgs/spot/default.nix @@ -3,7 +3,7 @@ fetchurl, python3, }: let - version = "2.14.1"; + version = "2.11.6"; in stdenv.mkDerivation { inherit version; @@ -15,6 +15,6 @@ in src = fetchurl { url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz"; - sha256 = "sha256-Jd+KavTkuzrmdRWsmOPTfEMDpoLjOqpm5y10s5RZpTA="; + sha256 = "sha256-ppJ5T4nA2zlWulkZvdUxPjcuDeNAAKkCLynhxukcU4o="; }; } diff --git a/services/default.nix b/services/default.nix index 51e37bf..86d2fe6 100644 --- a/services/default.nix +++ b/services/default.nix @@ -3,13 +3,11 @@ ./vaultwarden.nix ./fail2ban.nix ./fava.nix - ./forgejo ./gitea ./immich.nix ./jellyfin.nix ./lohr.nix ./matrix.nix - ./mealie.nix ./media.nix ./microbin.nix ./miniflux.nix diff --git a/services/forgejo/default.nix b/services/forgejo/default.nix deleted file mode 100644 index 9d40402..0000000 --- a/services/forgejo/default.nix +++ /dev/null @@ -1,129 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - inherit - (lib) - mkEnableOption - mkIf - mkOption - ; - - cfg = config.my.services.forgejo; - my = config.my; - - domain = config.networking.domain; - hostname = config.networking.hostName; - fqdn = "${hostname}.${domain}"; - - forgejoUser = "git"; -in { - options.my.services.forgejo = let - inherit (lib) types; - in { - enable = mkEnableOption "Personal Git hosting with Forgejo"; - - privatePort = mkOption { - type = types.port; - default = 8082; - example = 8082; - description = "Port to serve the app"; - }; - }; - - config = mkIf cfg.enable { - # use git as user to have `git clone git@git.domain` - users.users.${forgejoUser} = { - description = "Forgejo Service"; - home = config.services.forgejo.stateDir; - useDefaultShell = true; - group = forgejoUser; - - # the systemd service for the forgejo module seems to hardcode the group as - # forgejo, so, uh, just in case? - extraGroups = ["forgejo"]; - - isSystemUser = true; - }; - users.groups.${forgejoUser} = {}; - - services.forgejo = { - enable = true; - user = forgejoUser; - group = config.users.users.${forgejoUser}.group; - stateDir = "/var/lib/${forgejoUser}"; - - lfs.enable = true; - - settings = { - server = { - ROOT_URL = "https://git.${domain}/"; - DOMAIN = "git.${domain}"; - HTTP_ADDR = "127.0.0.1"; - HTTP_PORT = cfg.privatePort; - }; - log.LEVEL = "Warn"; # [ "Trace" "Debug" "Info" "Warn" "Error" "Critical" ] - repository = { - ENABLE_PUSH_CREATE_USER = true; - DEFAULT_BRANCH = "main"; - }; - - # NOTE: temporarily remove this for initial setup - service.DISABLE_REGISTRATION = true; - - # only send cookies via HTTPS - session.COOKIE_SECURE = true; - - DEFAULT.APP_NAME = "Personal Forge"; - }; - - # NixOS module uses `forgejo dump` to backup repositories and the database, - # but it produces a single .zip file that's not very restic friendly. - # I configure my backup system manually below. - dump.enable = false; - - database = { - type = "postgres"; - # user needs to be the same as forgejo user - user = forgejoUser; - name = forgejoUser; - }; - }; - - # FIXME: Borg *could* be backing up files while they're being edited by - # forgejo, so it may produce corrupt files in the snapshot if I push stuff - # around midnight. I'm not sure how `forgejo dump` handles this either, - # though. - my.services.restic-backup = { - paths = [ - config.services.forgejo.lfs.contentDir - config.services.forgejo.repositoryRoot - ]; - }; - - # NOTE: no need to use postgresql.ensureDatabases because the forgejo module - # takes care of this automatically - services.postgresqlBackup = { - databases = [config.services.forgejo.database.name]; - }; - - services.nginx = { - virtualHosts = { - "git.${domain}" = { - forceSSL = true; - useACMEHost = fqdn; - - locations."/" = { - proxyPass = "http://127.0.0.1:${toString cfg.privatePort}"; - }; - }; - }; - }; - - security.acme.certs.${fqdn}.extraDomainNames = ["git.${domain}"]; - - systemd.services.forgejo.preStart = "${pkgs.coreutils}/bin/ln -sfT ${./templates} ${config.services.forgejo.stateDir}/custom/templates"; - }; -} diff --git a/services/forgejo/templates/home.tmpl b/services/forgejo/templates/home.tmpl deleted file mode 100644 index c2d3ee2..0000000 --- a/services/forgejo/templates/home.tmpl +++ /dev/null @@ -1,17 +0,0 @@ -{{template "base/head" .}} -
-
-
-
- -
-
-

- {{AppName}} -

-

alarsyo's personal projects are hosted here

-
-
-
-
-{{template "base/footer" .}} diff --git a/services/immich.nix b/services/immich.nix index 511e9e0..89e4721 100644 --- a/services/immich.nix +++ b/services/immich.nix @@ -74,7 +74,7 @@ in { proxy_connect_timeout 600; proxy_read_timeout 600; proxy_send_timeout 600; - client_max_body_size 1000m; + client_max_body_size 100m; access_log syslog:server=unix:/dev/log,tag=immich; ''; }; diff --git a/services/lohr.nix b/services/lohr.nix index cc491a8..a86a0b3 100644 --- a/services/lohr.nix +++ b/services/lohr.nix @@ -20,7 +20,7 @@ secrets = config.my.secrets; lohrPkg = let - flake = builtins.getFlake "github:alarsyo/lohr?rev=cdb5808c0ced349c027aa203fda52afe95782b26"; + flake = builtins.getFlake "github:alarsyo/lohr?rev=58503cc8b95c8b627f6ae7e56740609e91f323cd"; in flake.defaultPackage."x86_64-linux"; # FIXME: use correct system in { diff --git a/services/mealie.nix b/services/mealie.nix deleted file mode 100644 index 4483b17..0000000 --- a/services/mealie.nix +++ /dev/null @@ -1,102 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - inherit - (lib) - mkEnableOption - mkIf - mkOption - ; - - cfg = config.my.services.mealie; - my = config.my; - - domain = config.networking.domain; - hostname = config.networking.hostName; - fqdn = "${hostname}.${domain}"; - listenAddress = "127.0.0.1"; -in { - options.my.services.mealie = let - inherit (lib) types; - in { - enable = mkEnableOption "Mealie"; - port = mkOption { - type = types.port; - example = 8080; - description = "Internal port for Mealie webapp"; - }; - credentialsFile = lib.mkOption { - type = types.nullOr types.path; - default = null; - example = "/run/secrets/mealie-credentials.env"; - description = '' - File containing credentials used in mealie such as {env}`POSTGRES_PASSWORD` - or sensitive LDAP options. - - Expects the format of an `EnvironmentFile=`, as described by {manpage}`systemd.exec(5)`. - ''; - }; - }; - - config = mkIf cfg.enable { - services.mealie = { - inherit listenAddress; - inherit (cfg) credentialsFile; - - enable = true; - package = pkgs.mealie; - port = cfg.port; - - settings = { - ALLOW_SIGNUP = "false"; - BASE_URL = "https://mealie.${domain}"; - TZ = config.time.timeZone; - DB_ENGINE = "postgres"; - POSTGRES_URL_OVERRIDE = "postgresql://mealie:@/mealie?host=/run/postgresql"; - }; - }; - - systemd.services.mealie = { - after = ["postgresql.service"]; - requires = ["postgresql.service"]; - serviceConfig = { - TimeoutStartSec = 600; - }; - }; - - # Set-up database - services.postgresql = { - enable = true; - ensureDatabases = ["mealie"]; - ensureUsers = [ - { - name = "mealie"; - ensureDBOwnership = true; - } - ]; - }; - - services.postgresqlBackup = { - databases = ["mealie"]; - }; - - services.nginx.virtualHosts."mealie.${domain}" = { - forceSSL = true; - useACMEHost = fqdn; - - locations."/" = { - proxyPass = "http://${listenAddress}:${toString cfg.port}/"; - proxyWebsockets = true; - }; - }; - - security.acme.certs.${fqdn}.extraDomainNames = ["mealie.${domain}"]; - - my.services.restic-backup = { - paths = ["/var/lib/mealie"]; - }; - }; -} diff --git a/services/nextcloud.nix b/services/nextcloud.nix index b46ab7a..39e39c7 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -62,11 +62,15 @@ in { hostName = "cloud.${domain}"; https = true; - package = pkgs.nextcloud31; + package = pkgs.nextcloud27; maxUploadSize = "1G"; config = { + overwriteProtocol = "https"; + + defaultPhoneRegion = "FR"; + dbtype = "pgsql"; dbuser = "nextcloud"; dbname = dbName; @@ -75,11 +79,6 @@ in { adminuser = "admin"; adminpassFile = cfg.adminpassFile; }; - - settings = { - default_phone_region = "FR"; - overwriteprotocol = "https"; - }; }; users.groups.media.members = ["nextcloud"]; diff --git a/services/nginx.nix b/services/nginx.nix index e17c29b..6781549 100644 --- a/services/nginx.nix +++ b/services/nginx.nix @@ -66,8 +66,8 @@ in { gandiKey = config.my.secrets.gandiKey; in { "${fqdn}" = { - dnsProvider = "ovh"; - credentialsFile = config.age.secrets."ovh/credentials".path; + dnsProvider = "gandiv5"; + credentialsFile = config.age.secrets."gandi/api-key".path; group = "nginx"; }; }; diff --git a/services/paperless.nix b/services/paperless.nix index 96f785c..92bd8e4 100644 --- a/services/paperless.nix +++ b/services/paperless.nix @@ -50,13 +50,14 @@ in { enable = true; port = cfg.port; passwordFile = cfg.passwordFile; - settings = { + extraConfig = { # Postgres settings PAPERLESS_DBHOST = "/run/postgresql"; PAPERLESS_DBUSER = "paperless"; PAPERLESS_DBNAME = "paperless"; - PAPERLESS_URL = "https://${paperlessDomain}"; + PAPERLESS_ALLOWED_HOSTS = paperlessDomain; + PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}"; PAPERLESS_OCR_LANGUAGE = "fra+eng"; PAPERLESS_OCR_MODE = "skip"; diff --git a/services/photoprism.nix b/services/photoprism.nix index 3c2d2df..f7f6628 100644 --- a/services/photoprism.nix +++ b/services/photoprism.nix @@ -61,7 +61,7 @@ in { proxy_connect_timeout 600; proxy_read_timeout 600; proxy_send_timeout 600; - client_max_body_size 500m; + client_max_body_size 100m; access_log syslog:server=unix:/dev/log,tag=photoprism; ''; }; diff --git a/services/pipewire.nix b/services/pipewire.nix index 913cc28..04d8135 100644 --- a/services/pipewire.nix +++ b/services/pipewire.nix @@ -22,6 +22,8 @@ in { # HACK: services.pipewire.alsa doesn't exist on 20.09, avoid evaluating this # config (my 20.09 machine is a server anyway) config = optionalAttrs (options ? services.pipewire.alsa) (mkIf cfg.enable { + # from NixOS wiki, causes conflicts with pipewire + sound.enable = false; # recommended for pipewire as well security.rtkit.enable = true; services.pipewire = { diff --git a/services/postgresql.nix b/services/postgresql.nix index cb5d2d1..1d39111 100644 --- a/services/postgresql.nix +++ b/services/postgresql.nix @@ -1,11 +1,10 @@ { config, pkgs, - lib, ... }: { # set postgresql version so we don't get any bad surprise config.services.postgresql = { - package = pkgs.postgresql_17; + package = pkgs.postgresql_15; }; } diff --git a/services/restic-backup.nix b/services/restic-backup.nix index d3d3e63..cad1127 100644 --- a/services/restic-backup.nix +++ b/services/restic-backup.nix @@ -98,7 +98,7 @@ in { environmentFile = cfg.environmentFile; extraBackupArgs = - ["--verbose=1"] + ["--verbose=2"] ++ optional (builtins.length cfg.exclude != 0) excludeArg; timerConfig = cfg.timerConfig; diff --git a/talos.nix b/talos.nix index f38777d..c969790 100644 --- a/talos.nix +++ b/talos.nix @@ -19,5 +19,5 @@ # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.11"; # Did you read the comment? + system.stateVersion = "24.05"; # Did you read the comment? } diff --git a/todo.org b/todo.org deleted file mode 100644 index d1a045d..0000000 --- a/todo.org +++ /dev/null @@ -1,8 +0,0 @@ -* TODO Take a look at goldwarden when 24.05 releases - -https://github.com/quexten/goldwarden - -* TODO Setup sway correctly -** TODO This includes moving it to a proper module - -* TODO Create an adwaita package with symlinks for nm-applet icons