diff --git a/.sops.yaml b/.sops.yaml index 63161c3..9b0bac5 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,11 +1,9 @@ keys: - &xps13 age1x8qsd7kxxjvan4psvnvua3r0emljsnq07agxnu6jqw56ky8z6faqyjq0e3 - &pi age1y2s7ah49jmhd8n05q7tw0gjcnv3390s0uxp3ewjqueekq7a7rvdqzytgd2 - - &server age107mmu7nkjfpm7ygp25zpj69m06ftckc9gh7a37umkjq0y7ac34msd6uj3u creation_rules: - path_regex: secrets/secrets.yaml$ key_groups: - age: - *xps13 - *pi - - *server diff --git a/Makefile b/Makefile index f970db3..56e710e 100644 --- a/Makefile +++ b/Makefile @@ -6,4 +6,4 @@ rebuild-pi: NIX_SSHOPTS="-o IdentitiesOnly=yes -i ~/.ssh/id_rsa" nixos-rebuild switch --flake .#pi --target-host pi --build-host server --use-remote-sudo deploy-server: - nixos-rebuild switch --flake .#server --target-host server --build-host server --sudo --ask-sudo-password + nixos-rebuild switch --flake .#server --target-host server --build-host server --use-remote-sudo --ask-sudo-password diff --git a/devices/asus/configuration.nix b/devices/asus/configuration.nix index 23eb51b..66244d7 100644 --- a/devices/asus/configuration.nix +++ b/devices/asus/configuration.nix @@ -1,7 +1,12 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). -{ config, lib, pkgs, ... }: { +{ + config, + lib, + pkgs, + ... +}: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix @@ -27,13 +32,19 @@ services.desktopManager.cosmic.enable = true; services.displayManager.cosmic-greeter.enable = true; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nix.settings.experimental-features = ["nix-command" "flakes"]; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.polen = { isNormalUser = true; - extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - packages = with pkgs; [ neovim tree htop git ranger ]; + extraGroups = ["wheel"]; # Enable ‘sudo’ for the user. + packages = with pkgs; [ + neovim + tree + htop + git + ranger + ]; }; # List packages installed in system profile. @@ -62,7 +73,7 @@ }; # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ 2283 ]; + networking.firewall.allowedTCPPorts = [2283]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. # networking.firewall.enable = false; diff --git a/devices/asus/hardware-configuration.nix b/devices/asus/hardware-configuration.nix index 047b62f..4dbb315 100644 --- a/devices/asus/hardware-configuration.nix +++ b/devices/asus/hardware-configuration.nix @@ -4,32 +4,34 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = - [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = { - device = "/dev/disk/by-uuid/50ea20bc-d9bb-40c7-8e4a-34e31da665b5"; - fsType = "ext4"; - }; + fileSystems."/" = + { device = "/dev/disk/by-uuid/50ea20bc-d9bb-40c7-8e4a-34e31da665b5"; + fsType = "ext4"; + }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/9267-2ED4"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/9267-2ED4"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; - fileSystems."/data" = { - device = "/dev/disk/by-uuid/465aa01d-2cc4-4955-bebb-b44c21528e4f"; - fsType = "ext4"; - }; + fileSystems."/data" = + { device = "/dev/disk/by-uuid/465aa01d-2cc4-4955-bebb-b44c21528e4f"; + fsType = "ext4"; + }; swapDevices = - [{ device = "/dev/disk/by-uuid/90dd6c81-79a7-45e2-b063-e263cabf1c28"; }]; + [ { device = "/dev/disk/by-uuid/90dd6c81-79a7-45e2-b063-e263cabf1c28"; } + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's @@ -40,6 +42,5 @@ # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = - lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/devices/latoure/configuration.nix b/devices/latoure/configuration.nix index 1e01f13..dab7ee0 100644 --- a/devices/latoure/configuration.nix +++ b/devices/latoure/configuration.nix @@ -1,7 +1,11 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running 'nixos-help'). -{ config, pkgs, ... }: { +{ + config, + pkgs, + ... +}: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix @@ -31,7 +35,7 @@ # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nix.settings.experimental-features = ["nix-command" "flakes"]; #nix.settings.trusted-users = [ "polen" "polensky" ]; #nix.settings.extra-platforms = config.boot.binfmt.emulatedSystems; #boot.binfmt.emulatedSystems = ["aarch64-linux"]; @@ -94,7 +98,7 @@ users.users.polensky = { isNormalUser = true; description = "polensky"; - extraGroups = [ "networkmanager" "wheel" ]; + extraGroups = ["networkmanager" "wheel"]; shell = pkgs.zsh; }; @@ -105,7 +109,13 @@ # List packages installed in system profile. To search, run: # $ nix search wget - environment.systemPackages = with pkgs; [ htop-vim ranger neovim wget git ]; + environment.systemPackages = with pkgs; [ + htop-vim + ranger + neovim + wget + git + ]; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. diff --git a/devices/latoure/hardware-configuration.nix b/devices/latoure/hardware-configuration.nix index 96106c2..b3bbb9b 100644 --- a/devices/latoure/hardware-configuration.nix +++ b/devices/latoure/hardware-configuration.nix @@ -4,52 +4,44 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ - "uhci_hcd" - "ehci_pci" - "ahci" - "xhci_pci" - "pata_marvell" - "firewire_ohci" - "usb_storage" - "usbhid" - "sd_mod" - "sr_mod" - ]; + boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "xhci_pci" "pata_marvell" "firewire_ohci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = { - device = "/dev/disk/by-uuid/62a34abf-561a-410d-b913-eb2ad7ede6f5"; - fsType = "ext4"; - }; + fileSystems."/" = + { device = "/dev/disk/by-uuid/62a34abf-561a-410d-b913-eb2ad7ede6f5"; + fsType = "ext4"; + }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/9B7B-A012"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/9B7B-A012"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; - fileSystems."/data" = { - device = "/dev/disk/by-uuid/b7de7b88-6239-4340-9e7a-6486814bbd83"; - fsType = "ext4"; - }; + fileSystems."/data" = + { device = "/dev/disk/by-uuid/b7de7b88-6239-4340-9e7a-6486814bbd83"; + fsType = "ext4"; + }; - fileSystems."/data1" = { - device = "/dev/disk/by-uuid/86a239f2-50a5-4c26-9534-0636fb718fc8"; - fsType = "ext4"; - }; + fileSystems."/data1" = + { device = "/dev/disk/by-uuid/86a239f2-50a5-4c26-9534-0636fb718fc8"; + fsType = "ext4"; + }; - fileSystems."/home" = { - device = "/dev/disk/by-uuid/5181dbcf-7e00-46d9-ac04-c22d4c4e9827"; - fsType = "ext4"; - }; + fileSystems."/home" = + { device = "/dev/disk/by-uuid/5181dbcf-7e00-46d9-ac04-c22d4c4e9827"; + fsType = "ext4"; + }; swapDevices = - [{ device = "/dev/disk/by-uuid/29ac34a7-fa51-489b-b9da-8c5d02bdd2c4"; }]; + [ { device = "/dev/disk/by-uuid/29ac34a7-fa51-489b-b9da-8c5d02bdd2c4"; } + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's @@ -60,6 +52,5 @@ # networking.interfaces.enp7s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = - lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/devices/macbook/configuration.nix b/devices/macbook/configuration.nix index 147421d..46f5578 100644 --- a/devices/macbook/configuration.nix +++ b/devices/macbook/configuration.nix @@ -1,5 +1,11 @@ -{ pkgs, inputs, system, config, ... }: -let my-emacs = pkgs.emacsNativeComp; +{ + pkgs, + inputs, + system, + config, + ... +}: let + my-emacs = pkgs.emacsNativeComp; in { nixpkgs.config.allowUnfree = true; @@ -18,7 +24,7 @@ in { colima git gnupg - (pass.withExtensions (exts: [ exts.pass-otp ])) + (pass.withExtensions (exts: [exts.pass-otp])) # emacs my-emacs @@ -50,28 +56,23 @@ in { "brave-browser" "qutebrowser" "stremio" - "firefox" # work "slack" "tunnelblick" "dbeaver-community" "claude" - "adobe-acrobat-reader" # doom emacs "font-symbols-only-nerd-font" - - # media - "inkscape" - "obs" ]; }; + nix = { # Necessary for using flakes on this system. settings.experimental-features = "nix-command flakes"; extraOptions = '' - extra-platforms = x86_64-darwin aarch64-darwin aarch64-linux + extra-platforms = x86_64-darwin aarm64-darwin ''; gc = { automatic = true; @@ -82,31 +83,6 @@ in { }; options = "--delete-older-than 15d"; }; - - linux-builder = { - enable = true; - }; - - distributedBuilds = true; - buildMachines = [ - { - hostName = "server.local"; - sshUser = "polen"; - sshKey = "/Users/charles/.ssh/id_ed25519"; - systems = [ "x86_64-linux" "aarch64-linux" ]; - # optional but recommended: - maxJobs = 4; # how many concurrent builds to send - speedFactor = 1; # relative priority vs other builders - supportedFeatures = [ "nixos-test" "big-parallel" "kvm" ]; - } - ]; - settings.builders-use-substitutes = true; - - settings = { - extra-substituters = [ "s3://rc-nix-binary-cache?region=ca-central-1" ]; - extra-trusted-public-keys = [ "rc-nix-cache:3nJzc2e0wK0zpTmiphHLYJWOMuKJ0Fj/TOF5ulUxr/Q=" ]; - secret-key-files = [ "/Users/charles/.config/nix/rc-nix-cache-priv-key.pem" ]; - }; }; # Create /etc/zshrc that loads the nix-darwin environment. @@ -114,7 +90,9 @@ in { programs.direnv.enable = true; programs.gnupg.agent.enable = true; - services.yabai = { enable = true; }; + services.yabai = { + enable = true; + }; services.skhd.enable = true; services.emacs = { @@ -129,13 +107,15 @@ in { system.defaults.dock = { autohide = true; - persistent-apps = [ ]; + persistent-apps = []; show-recents = false; static-only = true; tilesize = 32; }; - system.defaults.menuExtraClock = { Show24Hour = true; }; + system.defaults.menuExtraClock = { + Show24Hour = true; + }; launchd.user.agents.remap-keys = { serviceConfig = { @@ -143,8 +123,7 @@ in { "/usr/bin/hidutil" "property" "--set" - '' - { + '' { "UserKeyMapping":[ {"HIDKeyboardModifierMappingSrc":0x700000039,"HIDKeyboardModifierMappingDst":0x7000000E7} ] diff --git a/devices/pi/configuration.nix b/devices/pi/configuration.nix index 22e717f..b3be1d7 100644 --- a/devices/pi/configuration.nix +++ b/devices/pi/configuration.nix @@ -1,11 +1,16 @@ -{ inputs, config, pkgs, lib, ... }: -let +{ + inputs, + config, + pkgs, + lib, + ... +}: let user = "polen"; hostname = "pi"; in { boot = { kernelPackages = pkgs.linuxKernel.packages.linux_rpi3; - initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ]; + initrd.availableKernelModules = ["xhci_pci" "usbhid" "usb_storage"]; loader = { grub.enable = false; generic-extlinux-compatible.enable = true; @@ -16,14 +21,16 @@ in { "/" = { device = "/dev/disk/by-label/NIXOS_SD"; fsType = "ext4"; - options = [ "noatime" ]; + options = ["noatime"]; }; }; - swapDevices = [{ - device = "/var/lib/swapfile"; - size = 10 * 1024; - }]; + swapDevices = [ + { + device = "/var/lib/swapfile"; + size = 10 * 1024; + } + ]; #sops.defaultSopsFile = ../../secrets/secrets.yaml; #sops.defaultSopsFormat = "yaml"; @@ -34,6 +41,12 @@ in { networkmanager.enable = true; wireless.enable = false; hostName = hostname; + firewall.allowedTCPPorts = [80 443]; + }; + + services.pihole-ftl = { + enable = true; + openFirewallDHCP = true; }; services.prometheus.exporters = { @@ -41,21 +54,24 @@ in { node.openFirewall = true; }; - nix.settings.trusted-users = [ user ]; + nix.settings.trusted-users = [user]; - environment.systemPackages = with pkgs; [ htop-vim neovim curl wget ranger ]; + environment.systemPackages = with pkgs; [ + htop-vim + neovim + curl + wget + ranger + ]; services.openssh.enable = true; users = { mutableUsers = false; - users = { - "${user}" = { - isNormalUser = true; - #hashedPasswordFile = config.sops.secrets.pi_user_pass.path; - extraGroups = [ "wheel" ]; - }; - lauria = { isNormalUser = true; }; + users."${user}" = { + isNormalUser = true; + #hashedPasswordFile = config.sops.secrets.pi_user_pass.path; + extraGroups = ["wheel" "pihole"]; }; }; diff --git a/devices/server/configuration.nix b/devices/server/configuration.nix index 567109b..1d06a11 100644 --- a/devices/server/configuration.nix +++ b/devices/server/configuration.nix @@ -1,17 +1,23 @@ -{ config, pkgs, ... }: -let user = "polen"; +{ + config, + pkgs, + ... +}: let + user = "polen"; in { - imports = [ ./hardware-configuration.nix ]; + imports = [ + ./hardware-configuration.nix + ]; boot.loader = { grub = { enable = true; - devices = [ "/dev/sda" ]; + devices = ["/dev/sda"]; }; }; #boot.kernelModules = ["msr"]; - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + boot.binfmt.emulatedSystems = ["aarch64-linux"]; virtualisation.docker.enable = true; @@ -40,14 +46,6 @@ in { reverse_proxy http://127.0.0.1:8096 ''; - virtualHosts."grafana.polensky.me".extraConfig = '' - reverse_proxy http://127.0.0.1:3000 - ''; - - virtualHosts."git.polensky.me".extraConfig = '' - reverse_proxy http://127.0.0.1:3001 - ''; - virtualHosts."pb.polensky.me".extraConfig = '' request_body { max_size 10MB @@ -64,33 +62,6 @@ in { file_server try_files {path} /index.html ''; - - virtualHosts."prixdugaz.ca".extraConfig = '' - reverse_proxy http://127.0.0.1:8080 - ''; - }; - - services.prixdugaz = { - enable = true; - openFirewall = true; # 8080 - }; - - services.forgejo = { - enable = true; - lfs.enable = true; - settings = { - server = { - DOMAIN = "git.polensky.me"; - ROOT_URL = "https://git.polensky.me/"; - HTTP_PORT = 3001; - }; - service = { - DISABLE_REGISTRATION = true; - }; - actions = { - ENABLED = true; - }; - }; }; # observability @@ -98,7 +69,6 @@ in { grafana = { enable = true; settings = { - security.secret_key = "SW2YcwTIb9zpOOhoPsMm"; server = { http_addr = "0.0.0.0"; http_port = 3000; @@ -107,31 +77,29 @@ in { }; prometheus = { enable = true; - exporters = { - node.enable = true; - systemd.enable = true; + exporters = { + node.enable = true; }; scrapeConfigs = [ { job_name = "node-exporters-lan"; - static_configs = [{ - targets = [ "127.0.0.1:9100" ]; - labels = { instance = "server"; }; - }]; - } - { - job_name = "systemd-exporters-lan"; - static_configs = [{ - targets = [ "127.0.0.1:9558" ]; - labels = { instance = "server"; }; - }]; + static_configs = [ + { + targets = ["127.0.0.1:9100"]; + labels = { + instance = "server"; + }; + } + ]; } ]; }; }; systemd.services.jellyfin = { - environment = { DOTNET_SYSTEM_IO_DISABLEFILELOCKING = "1"; }; + environment = { + DOTNET_SYSTEM_IO_DISABLEFILELOCKING = "1"; + }; }; # media @@ -177,13 +145,13 @@ in { fileSystems."/mnt/latoure-data" = { device = "latoure.local:/data"; fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + options = ["x-systemd.automount" "noauto" "x-systemd.idle-timeout=600"]; }; fileSystems."/mnt/latoure-data1" = { device = "latoure.local:/data1"; fsType = "nfs"; - options = [ "_netdev" ]; + options = ["_netdev"]; }; networking = { @@ -199,7 +167,6 @@ in { 9000 # mealie 8989 # sonarr 10222 # taskchampion-sync-server - 51966 # for ssh ]; firewall.allowedUDPPorts = [ 5353 # mDNS @@ -209,23 +176,12 @@ in { time.timeZone = "America/Toronto"; users.users."${user}" = { - isNormalUser = true; - group = "polen"; - extraGroups = [ "wheel" "transmission" "jellyfin" "polensky" "docker" ]; + extraGroups = ["wheel" "transmission" "jellyfin" "polensky" "docker"]; shell = pkgs.zsh; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6O2MJqR+P/FwRyVSz1HWYhMtIwh16ozBU71Y2vf0oNDQ6DZ5T8Bvp5/4uSJgS8lOl3qYyNy0e0zJMIyfFVJnu89ycKBEdixA4HqWOUQGiyvn1C4s740jHolOzN1xNB24PDXFz0vHcVb+G5nU/xeKeaq0vrszrkK2zctqXshw94/x3ah0m3fr5CwM4S2RY/VODOdt11fllFEvN8HGE2mQTPn5sJzwtGW20npQ5iJ7ShugPbC4D1G2JU1R7MqkvWEpq9OFVb1prTpJM+i/lcqCn3lBv8XxpKKnD3q+48eeO1geosAsG/kgUWPDildbzcSfytgj7/TCTujx2ow4ZUfS4kWUrNaXM3M99SG61rFN7zLMAv14SOSsgegmX3q0ZAwOieUhCifqIqdfFr5QjEUP11ALofYRC6567X1YrEVXZFFnZSXMKGkBKpTxx0jaTTGnFSd6F49kDlI30cKJnVUgAK5nESissdEFn3UGRSFfxmjZkYvhY5l3LqtbO3kEutJU= polen@polen-xps" ]; }; - users.groups.polen = { }; - - # SOPS secrets - sops = { - defaultSopsFile = ../../secrets/secrets.yaml; - age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - secrets = { }; - }; - environment.systemPackages = with pkgs; [ neovim htop-vim @@ -249,8 +205,8 @@ in { nixpkgs.config.allowUnfree = true; nix = { - settings.experimental-features = [ "nix-command" "flakes" ]; - settings.trusted-users = [ "polen" ]; + settings.experimental-features = ["nix-command" "flakes"]; + settings.trusted-users = ["polen"]; # settings.extra-platforms = config.boot.binfmt.emulatedSystems; gc = { automatic = true; diff --git a/devices/server/hardware-configuration.nix b/devices/server/hardware-configuration.nix index 3e46e9b..a59b1e5 100644 --- a/devices/server/hardware-configuration.nix +++ b/devices/server/hardware-configuration.nix @@ -1,22 +1,30 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: { - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = - [ "uhci_hcd" "ehci_pci" "hpsa" "usb_storage" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "hpsa" "usb_storage" "usbhid" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; fileSystems."/" = { device = "/dev/disk/by-uuid/a4ba3cce-bbdd-470d-9874-71f3aea9ea13"; fsType = "ext4"; }; - swapDevices = - [{ device = "/dev/disk/by-uuid/6fc86a5b-ac4b-41ed-a7c9-56f734f5e711"; }]; + swapDevices = [ + {device = "/dev/disk/by-uuid/6fc86a5b-ac4b-41ed-a7c9-56f734f5e711";} + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's @@ -29,6 +37,5 @@ # networking.interfaces.enp4s0f1.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = - lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/devices/xps13/assets/avatar.jpg b/devices/xps13/assets/avatar.jpg deleted file mode 100644 index 39a5ecb..0000000 Binary files a/devices/xps13/assets/avatar.jpg and /dev/null differ diff --git a/devices/xps13/configuration.nix b/devices/xps13/configuration.nix index aa5c988..6cc43df 100644 --- a/devices/xps13/configuration.nix +++ b/devices/xps13/configuration.nix @@ -1,7 +1,12 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running 'nixos-help'). -{ config, pkgs, inputs, ... }: { +{ + config, + pkgs, + inputs, + ... +}: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix @@ -11,31 +16,27 @@ hardware.bluetooth = { enable = true; - powerOnBoot = false; + powerOnBoot = true; }; services.blueman.enable = true; services.openssh.enable = true; - services.power-profiles-daemon.enable = false; + services.power-profiles-daemon.enable = true; services.upower.enable = true; # Bootloader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - boot.kernelModules = [ "msr" ]; - - boot.extraModprobeConfig = '' - options snd_hda_intel power_save=1 - ''; + boot.kernelModules = ["msr"]; networking.hostName = "xps13"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. nix = { - settings.experimental-features = [ "nix-command" "flakes" ]; - settings.trusted-users = [ "polen" ]; + settings.experimental-features = ["nix-command" "flakes"]; + settings.trusted-users = ["polen"]; settings.extra-platforms = config.boot.binfmt.emulatedSystems; gc = { automatic = true; @@ -43,7 +44,7 @@ options = "--delete-older-than 15d"; }; }; - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + boot.binfmt.emulatedSystems = ["aarch64-linux"]; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; @@ -67,15 +68,14 @@ services.displayManager.sddm = { enable = true; - theme = "${import ./sddm-theme.nix { inherit pkgs; }}"; - package = pkgs.kdePackages.sddm; + theme = "${import ./sddm-theme.nix {inherit pkgs;}}"; }; # Define a user account. Don't forget to set a password with 'passwd'. users.users.polen = { isNormalUser = true; description = "polen"; - extraGroups = [ "networkmanager" "wheel" ]; + extraGroups = ["networkmanager" "wheel"]; shell = pkgs.zsh; }; @@ -97,7 +97,7 @@ # Desktop waybar mako - awww + swww wdisplays libnotify bemenu @@ -105,10 +105,12 @@ pamixer networkmanagerapplet wl-clipboard + libsForQt5.qt5.qtquickcontrols2 + libsForQt5.qt5.qtgraphicaleffects ntfs3g - kdePackages.qtdeclarative - kdePackages.qtsvg + # Nix related + nixfmt-classic ]; programs.zsh.enable = true; @@ -119,12 +121,6 @@ withUWSM = true; }; - programs.weylus = { - enable = true; - users = [ "polen" ]; - openFirewall = true; - }; - services.gvfs.enable = true; # to make pass work @@ -138,7 +134,7 @@ programs.seahorse.enable = true; xdg.portal.enable = true; - xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; + xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk]; environment.sessionVariables = { NIXOS_OZONE_WL = "1"; diff --git a/devices/xps13/hardware-configuration.nix b/devices/xps13/hardware-configuration.nix index 20fdb62..99be3ee 100644 --- a/devices/xps13/hardware-configuration.nix +++ b/devices/xps13/hardware-configuration.nix @@ -4,28 +4,29 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = - [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = { - device = "/dev/disk/by-uuid/6faa62c9-8566-4ed7-b372-355e04ac4ca6"; - fsType = "ext4"; - }; + fileSystems."/" = + { device = "/dev/disk/by-uuid/6faa62c9-8566-4ed7-b372-355e04ac4ca6"; + fsType = "ext4"; + }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/A769-2F96"; - fsType = "vfat"; - }; + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/A769-2F96"; + fsType = "vfat"; + }; - fileSystems."/home" = { - device = "/dev/disk/by-uuid/8b28694c-3401-4545-9974-521674baa450"; - fsType = "ext4"; - }; + fileSystems."/home" = + { device = "/dev/disk/by-uuid/8b28694c-3401-4545-9974-521674baa450"; + fsType = "ext4"; + }; swapDevices = [ ]; @@ -37,6 +38,5 @@ # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = - lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/devices/xps13/sddm-theme.nix b/devices/xps13/sddm-theme.nix index 91e13d7..3df1e26 100644 --- a/devices/xps13/sddm-theme.nix +++ b/devices/xps13/sddm-theme.nix @@ -1,21 +1,19 @@ -{ pkgs }: -let +{pkgs}: let image = ./assets/a_forest_of_trees_with_fog.jpg; - avatar = ./assets/avatar.jpg; -in pkgs.stdenv.mkDerivation { - name = "sddm-theme"; - src = pkgs.fetchFromGitHub { - owner = "xCaptaiN09"; - repo = "pixie-sddm"; - rev = "12a5f459ebd6d699be42c188c10976c8bb7076d7"; - sha256 = "sha256-lmE/49ySuAZDh5xLochWqfSw9qWrIV+fYaK5T2Ckck8="; - }; - installPhase = '' - mkdir -p $out - cp -R ./* $out/ - rm $out/assets/background.jpg - rm $out/assets/avatar.jpg - cp ${image} $out/assets/background.jpg - cp ${avatar} $out/assets/avatar.jpg - ''; -} +in + pkgs.stdenv.mkDerivation { + name = "sddm-theme"; + src = pkgs.fetchFromGitHub { + owner = "MarianArlt"; + repo = "sddm-sugar-dark"; + rev = "ceb2c455663429be03ba62d9f898c571650ef7fe"; + sha256 = "flOspjpYezPvGZ6b4R/Mr18N7N3JdytCSwwu6mf4owQ="; + }; + installPhase = '' + mkdir -p $out + cp -R ./* $out/ + cd $out/ + rm Background.jpg + cp -r ${image} $out/Background.jpg + ''; + } diff --git a/flake.lock b/flake.lock index 87e5555..5b9d858 100644 --- a/flake.lock +++ b/flake.lock @@ -2,38 +2,19 @@ "nodes": { "disko": { "inputs": { - "nixpkgs": [ - "nixpkgs" - ] + "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1773889306, - "narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=", + "lastModified": 1760701190, + "narHash": "sha256-y7UhnWlER8r776JsySqsbTUh2Txf7K30smfHlqdaIQw=", "owner": "nix-community", "repo": "disko", - "rev": "5ad85c82cc52264f4beddc934ba57f3789f28347", + "rev": "3a9450b26e69dcb6f8de6e2b07b3fc1c288d85f5", "type": "github" }, "original": { - "owner": "nix-community", - "repo": "disko", - "type": "github" - } - }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1751685974, - "narHash": "sha256-NKw96t+BgHIYzHUjkTK95FqYRVKB8DHpVhefWSz/kTw=", - "ref": "refs/heads/main", - "rev": "549f2762aebeff29a2e5ece7a7dc0f955281a1d1", - "revCount": 92, - "type": "git", - "url": "https://git.lix.systems/lix-project/flake-compat.git" - }, - "original": { - "type": "git", - "url": "https://git.lix.systems/lix-project/flake-compat.git" + "id": "disko", + "type": "indirect" } }, "flake-parts": { @@ -41,11 +22,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1777898446, - "narHash": "sha256-tTEOTTjMHd8Vffn4hehLTPgOXXxJ27xfkf4DoyZgD7s=", + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "5d82aa3d6b5da25dbfec1a995750a70a03b8c659", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", "type": "github" }, "original": { @@ -56,18 +37,14 @@ }, "flake-parts_2": { "inputs": { - "nixpkgs-lib": [ - "vimix", - "nvf", - "nixpkgs" - ] + "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1769996383, - "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "lastModified": 1741352980, + "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", "type": "github" }, "original": { @@ -78,7 +55,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems_2" + "systems": "systems" }, "locked": { "lastModified": 1731533236, @@ -94,33 +71,13 @@ "type": "github" } }, - "home-manager": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1776184304, - "narHash": "sha256-No6QGBmIv5ChiwKCcbkxjdEQ/RO2ZS1gD7SFy6EZ7rc=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "3c7524c68348ef79ce48308e0978611a050089b2", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, "mnw": { "locked": { - "lastModified": 1777828893, - "narHash": "sha256-gVWVnmyNr74BVKfhMMZDWkhx2699dhmZ2g0W8TTHtkk=", + "lastModified": 1742255973, + "narHash": "sha256-XfEGVKatTgEMMOVb4SNp1LYLQOSzzrFTDMVDTZFyMVE=", "owner": "Gerg-L", "repo": "mnw", - "rev": "c1c0b544bfabe6669b5a6a0383ccb475fe60258b", + "rev": "b982dbd5e6d55d4438832b3567c09bc2a129649d", "type": "github" }, "original": { @@ -129,39 +86,44 @@ "type": "github" } }, - "ndg": { + "nil": { "inputs": { + "flake-utils": [ + "vimix", + "nvf", + "flake-utils" + ], "nixpkgs": [ "vimix", "nvf", "nixpkgs" - ] + ], + "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1776882296, - "narHash": "sha256-DWZozXwMsgvUqfVlL1mQ8dOxW7GJ/8CdyaDN+1niZRg=", - "owner": "feel-co", - "repo": "ndg", - "rev": "ab7d78d4884b3a34968cf9fa3d16c0c1246d5c6e", + "lastModified": 1741118843, + "narHash": "sha256-ggXU3RHv6NgWw+vc+HO4/9n0GPufhTIUjVuLci8Za8c=", + "owner": "oxalica", + "repo": "nil", + "rev": "577d160da311cc7f5042038456a0713e9863d09e", "type": "github" }, "original": { - "owner": "feel-co", - "ref": "refs/tags/v2.6.0", - "repo": "ndg", + "owner": "oxalica", + "repo": "nil", "type": "github" } }, "nix-darwin": { "inputs": { - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1775037210, - "narHash": "sha256-KM2WYj6EA7M/FVZVCl3rqWY+TFV5QzSyyGE2gQxeODU=", + "lastModified": 1761339987, + "narHash": "sha256-IUaawVwItZKi64IA6kF6wQCLCzpXbk2R46dHn8sHkig=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "06648f4902343228ce2de79f291dd5a58ee12146", + "rev": "7cd9aac79ee2924a85c211d21fafd394b06a38de", "type": "github" }, "original": { @@ -170,29 +132,13 @@ "type": "github" } }, - "nixos-hardware": { - "locked": { - "lastModified": 1775490113, - "narHash": "sha256-2ZBhDNZZwYkRmefK5XLOusCJHnoeKkoN95hoSGgMxWM=", - "owner": "NixOS", - "repo": "nixos-hardware", - "rev": "c775c2772ba56e906cbeb4e0b2db19079ef11ff7", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "master", - "repo": "nixos-hardware", - "type": "github" - } - }, "nixpkgs": { "locked": { - "lastModified": 1765934234, - "narHash": "sha256-pJjWUzNnjbIAMIc5gRFUuKCDQ9S1cuh3b2hKgA7Mc4A=", + "lastModified": 1752596105, + "narHash": "sha256-lFNVsu/mHLq3q11MuGkMhUUoSXEdQjCHvpReaGP1S2k=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "af84f9d270d404c17699522fab95bbf928a2d92f", + "rev": "dab3a6e781554f965bde3def0aa2fda4eb8f1708", "type": "github" }, "original": { @@ -204,11 +150,23 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1777168982, - "narHash": "sha256-GOkGPcboWE9BmGCRMLX3worL4EMnsnG8MyKmXNeYuhQ=", + "lastModified": 1730504152, + "narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" + } + }, + "nixpkgs-lib_2": { + "locked": { + "lastModified": 1740877520, + "narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "f5901329dade4a6ea039af1433fb087bd9c1fe14", + "rev": "147dee35aab2193b174e4c0868bd80ead5ce755c", "type": "github" }, "original": { @@ -219,31 +177,31 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1775710090, - "narHash": "sha256-ar3rofg+awPB8QXDaFJhJ2jJhu+KqN/PRCXeyuXR76E=", - "owner": "nixos", + "lastModified": 1747728033, + "narHash": "sha256-NnXFQu7g4LnvPIPfJmBuZF7LFy/fey2g2+LCzjQhTUk=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "4c1018dae018162ec878d42fec712642d214fdfa", + "rev": "2f9173bde1d3fbf1ad26ff6d52f952f9e9da52ea", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable", + "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_3": { "locked": { - "lastModified": 1775036866, - "narHash": "sha256-ZojAnPuCdy657PbTq5V0Y+AHKhZAIwSIT2cb8UgAz/U=", - "owner": "NixOS", + "lastModified": 1761114652, + "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "6201e203d09599479a3b3450ed24fa81537ebc4e", + "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "nixos", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" @@ -251,11 +209,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1775888245, - "narHash": "sha256-nwASzrRDD1JBEu/o8ekKYEXm/oJW6EMCzCRdrwcLe90=", + "lastModified": 1760596604, + "narHash": "sha256-J/i5K6AAz/y5dBePHQOuzC7MbhyTOKsd/GLezSbEFiM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "13043924aaa7375ce482ebe2494338e058282925", + "rev": "3cbe716e2346710d6e1f7c559363d14e11c32a43", "type": "github" }, "original": { @@ -267,11 +225,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1777578337, - "narHash": "sha256-Ad49moKWeXtKBJNy2ebiTQUEgdLyvGmTeykAQ9xM+Z4=", + "lastModified": 1744098102, + "narHash": "sha256-tzCdyIJj9AjysC3OuKA+tMD/kDEDAF9mICPDU7ix0JA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "15f4ee454b1dce334612fa6843b3e05cf546efab", + "rev": "c8cd81426f45942bb2906d5ed2fe21d2f19d95b7", "type": "github" }, "original": { @@ -283,16 +241,16 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1774386573, - "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=", + "lastModified": 1743076231, + "narHash": "sha256-yQugdVfi316qUfqzN8JMaA2vixl+45GxNm4oUfXlbgw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9", + "rev": "6c5963357f3c1c840201eda129a99d455074db04", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -301,15 +259,14 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ], - "noctalia-qs": "noctalia-qs" + ] }, "locked": { - "lastModified": 1776240823, - "narHash": "sha256-QAdipw26rtLJWKY7EWX7k+pyvCQwF4+PObggxWbiT74=", + "lastModified": 1769187095, + "narHash": "sha256-1EpJcnYSIpkHnMChluK6LoDtOkjkPOl/zqhZyqGefqs=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "76b03be48965cb01faabe167f80a8995fb76a92e", + "rev": "ee2e9cdb0c7618e00d4c78b359d461733416a673", "type": "github" }, "original": { @@ -318,94 +275,72 @@ "type": "github" } }, - "noctalia-qs": { - "inputs": { - "nixpkgs": [ - "noctalia", - "nixpkgs" - ], - "systems": "systems", - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1775957204, - "narHash": "sha256-d4CVRtAty2GzDYXx4xYQmR+nlOjjKovyprQfZhgLckU=", - "owner": "noctalia-dev", - "repo": "noctalia-qs", - "rev": "68e82fe34c68ee839a9c37e3466820e266af0c86", - "type": "github" - }, - "original": { - "owner": "noctalia-dev", - "repo": "noctalia-qs", - "type": "github" - } - }, "nvf": { "inputs": { - "flake-compat": "flake-compat", "flake-parts": "flake-parts_2", - "mnw": "mnw", - "ndg": "ndg", - "nixpkgs": "nixpkgs_6", - "systems": "systems_3" - }, - "locked": { - "lastModified": 1777837065, - "narHash": "sha256-uRD6a4uNno3SsAw0E0E6xqbiK7pX63Ad1F37q5fyz9g=", - "owner": "notashelf", - "repo": "nvf", - "rev": "7ec206a5d9a7d5d27900d81a6bb382823902276d", - "type": "github" - }, - "original": { - "owner": "notashelf", - "repo": "nvf", - "type": "github" - } - }, - "prixdugaz": { - "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_3" + "mnw": "mnw", + "nil": "nil", + "nixpkgs": "nixpkgs_6", + "systems": "systems_2" }, "locked": { - "lastModified": 1777505579, - "narHash": "sha256-e1oq8b4hFTH/C2zyGdRB4X4BdFg+wrf3yw7JjHav++w=", - "ref": "refs/heads/main", - "rev": "ed8b91db4647564f21b376fea6390c1167dcc027", - "revCount": 35, - "type": "git", - "url": "ssh://git@github.com/Polensky/prixdugaz" + "lastModified": 1744192993, + "narHash": "sha256-dvMcjQ2yKD21qnP6ylgo5Gj6d0FYKvATe6S6Zf8X0J4=", + "owner": "notashelf", + "repo": "nvf", + "rev": "67d9aa7cb585b315473b9558c307db5ccdc9f9bb", + "type": "github" }, "original": { - "type": "git", - "url": "ssh://git@github.com/Polensky/prixdugaz" + "owner": "notashelf", + "repo": "nvf", + "type": "github" } }, "root": { "inputs": { "disko": "disko", - "home-manager": "home-manager", "nix-darwin": "nix-darwin", - "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "noctalia": "noctalia", - "prixdugaz": "prixdugaz", "sops-nix": "sops-nix", "vimix": "vimix" } }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "vimix", + "nvf", + "nil", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741055476, + "narHash": "sha256-52vwEV0oS2lCnx3c/alOFGglujZTLmObit7K8VblnS8=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "aefb7017d710f150970299685e8d8b549d653649", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "sops-nix": { "inputs": { "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1776119890, - "narHash": "sha256-Zm6bxLNnEOYuS/SzrAGsYuXSwk3cbkRQZY0fJnk8a5M=", + "lastModified": 1760998189, + "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=", "owner": "Mic92", "repo": "sops-nix", - "rev": "d4971dd58c6627bfee52a1ad4237637c0a2fb0cd", + "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3", "type": "github" }, "original": { @@ -416,16 +351,16 @@ }, "systems": { "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "type": "github" }, "original": { "owner": "nix-systems", - "repo": "default-linux", + "repo": "default", "type": "github" } }, @@ -444,43 +379,6 @@ "type": "github" } }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "noctalia", - "noctalia-qs", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1775636079, - "narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, "vimix": { "inputs": { "flake-parts": "flake-parts", @@ -488,11 +386,11 @@ "nvf": "nvf" }, "locked": { - "lastModified": 1777899228, - "narHash": "sha256-BtBQzhkhBEIpPfx6gEOo84tIPQmJecqSE3WyDvCfE3Y=", + "lastModified": 1752113669, + "narHash": "sha256-Szf9YJ9u51zK7tGdX39e/7mGjgFX8oa5S/ro6+AoJlY=", "owner": "Polensky", "repo": "vimix", - "rev": "1bc9e35738fb9dc50ef0935bc9c03f734dd8426b", + "rev": "7dc2e5e1050ca567809a228eacc8da381778cc05", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 82a4fab..5ac8689 100644 --- a/flake.nix +++ b/flake.nix @@ -10,78 +10,76 @@ url = "github:noctalia-dev/noctalia-shell"; inputs.nixpkgs.follows = "nixpkgs"; }; - disko = { - url = "github:nix-community/disko"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - home-manager = { - url = "github:nix-community/home-manager"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - prixdugaz.url = "git+ssh://git@github.com/Polensky/prixdugaz"; - nixos-hardware.url = "github:NixOS/nixos-hardware/master"; }; - outputs = { nixpkgs, nix-darwin, sops-nix, disko, home-manager - , nixos-hardware, ... }@inputs: { - nixosConfigurations = { - default = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; - system = "x86_64-linux"; - modules = [ - nixos-hardware.nixosModules.dell-xps-13-9370 - ./devices/xps13/configuration.nix - ./modules - ]; - }; - latoure = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; - system = "x86_64-linux"; - modules = [ ./devices/latoure/configuration.nix ./modules ]; - }; - asus = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; - system = "x86_64-linux"; - modules = [ ./devices/asus/configuration.nix ./modules ]; - }; - server = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; - system = "x86_64-linux"; - modules = [ - disko.nixosModules.disko - sops-nix.nixosModules.sops - ./devices/server/configuration.nix - ./modules - inputs.prixdugaz.nixosModules.default - ]; - }; - pi = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; - system = "aarch64-linux"; - modules = [ - "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix" - ./devices/pi/configuration.nix - sops-nix.nixosModules.sops - { - sdImage.compressImage = false; - nixpkgs.overlays = [ - (final: super: { - makeModulesClosure = x: - super.makeModulesClosure (x // { allowMissing = true; }); - }) - ]; - } - ]; - }; + outputs = { + nixpkgs, + nix-darwin, + sops-nix, + disko, + ... + } @ inputs: { + nixosConfigurations = { + default = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + system = "x86_64-linux"; + modules = [ + ./devices/xps13/configuration.nix + ./modules + ]; }; - darwinConfigurations = { - "mbp-m4" = nix-darwin.lib.darwinSystem { - modules = [ ./devices/macbook/configuration.nix ]; - specialArgs = { - inherit inputs; - system = "aarch64-darwin"; - }; + latoure = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + system = "x86_64-linux"; + modules = [ + ./devices/latoure/configuration.nix + ./modules + ]; + }; + asus = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + system = "x86_64-linux"; + modules = [ + ./devices/asus/configuration.nix + ./modules + ]; + }; + server = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + system = "x86_64-linux"; + modules = [ + disko.nixosModules.disko + ./devices/server/configuration.nix + ./modules + ]; + }; + pi = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + system = "aarch64-linux"; + modules = [ + "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix" + ./devices/pi/configuration.nix + sops-nix.nixosModules.sops + { + sdImage.compressImage = false; + nixpkgs.overlays = [ + (final: super: { + makeModulesClosure = x: + super.makeModulesClosure (x // {allowMissing = true;}); + }) + ]; + } + ]; + }; + }; + darwinConfigurations = { + "mbp-m4" = nix-darwin.lib.darwinSystem { + modules = [./devices/macbook/configuration.nix]; + specialArgs = { + inherit inputs; + system = "aarch64-darwin"; }; }; }; + }; } diff --git a/modules/default.nix b/modules/default.nix index 68afca3..feec28c 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1 +1,5 @@ -{ ... }: { imports = [ ./pocketbase.nix ]; } +{...}: { + imports = [ + ./pocketbase.nix + ]; +} diff --git a/modules/pocketbase.nix b/modules/pocketbase.nix index d462711..464c487 100644 --- a/modules/pocketbase.nix +++ b/modules/pocketbase.nix @@ -1,5 +1,10 @@ -{ config, pkgs, lib, ... }: -let cfg = config.services.pocketbase; +{ + config, + pkgs, + lib, + ... +}: let + cfg = config.services.pocketbase; in { options.services.pocketbase = { enable = lib.mkEnableOption "PocketBase backend"; @@ -7,8 +12,7 @@ in { dataDir = lib.mkOption { type = lib.types.path; default = "/var/lib/pocketbase"; - description = - "Working directory containing the PocketBase binary and data."; + description = "Working directory containing the PocketBase binary and data."; }; openFirewall = lib.mkOption { @@ -43,18 +47,19 @@ in { description = "Log file used for both stdout and stderr."; }; - package = lib.mkPackageOption pkgs "pocketbase" { }; + package = lib.mkPackageOption pkgs "pocketbase" {}; }; config = lib.mkIf cfg.enable { # Optional: ensure the directory exists with proper ownership - systemd.tmpfiles.rules = - [ "d ${cfg.dataDir} 0700 ${cfg.user} ${cfg.group} -" ]; + systemd.tmpfiles.rules = [ + "d ${cfg.dataDir} 0700 ${cfg.user} ${cfg.group} -" + ]; systemd.services.pocketbase = { description = "PocketBase"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; + wantedBy = ["multi-user.target"]; + after = ["network.target"]; serviceConfig = { Type = "simple"; @@ -66,11 +71,7 @@ in { WorkingDirectory = cfg.dataDir; ExecStart = '' - ${ - lib.getExe cfg.package - } serve --dir ${cfg.dataDir}/pb_data --http=0.0.0.0:${ - toString cfg.port - } + ${lib.getExe cfg.package} serve --dir ${cfg.dataDir}/pb_data --http=0.0.0.0:${toString cfg.port} ''; # Switch to systemd stdout/stderr logging by default @@ -79,7 +80,8 @@ in { StandardError = "append:${cfg.logFile}"; }; }; - networking.firewall = - lib.mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.port ]; }; + networking.firewall = lib.mkIf cfg.openFirewall { + allowedTCPPorts = [cfg.port]; + }; }; } diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 2aeb5f0..31da3d2 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -1,37 +1,21 @@ pi_user_pass: ENC[AES256_GCM,data:X5u07UvEov5eYWks,iv:SPDFU01/5WThCSZjj1pExNZENhmIG2W6LvHfpPH5TS0=,tag:z5bhJ2TrX6Bevd40O1nPxg==,type:str] -luna_telegram_token: ENC[AES256_GCM,data:LWzEamz5SFK4HC+zR+6seTrVsTR0kQGETD6DSHMW3fMeFbUQm6/K+d8mc6Wg7w==,iv:LqvyTIkniNiqEAK76+Uqq4cYHnddmjMId+HQBjHk68o=,tag:knP6aqkLwGeEIAYMyET3Xg==,type:str] -luna_gateway_token: ENC[AES256_GCM,data:NV13qS8Vj0/HcvPM34Z90kFBoezpKeyhYKIWfU8zkHbOK7pHkl8yNACmUBszgjhbP4baqmO61isd94TxN4AjoA==,iv:j+9SfQoRMWeZbCjAm6/D5hwDBLl/0IOyu34DYphWz2o=,tag:od78mpifFMajv9eQfmnp1w==,type:str] -ollama_api_key: ENC[AES256_GCM,data:ZaTeAcipRZBsZ0krHhc/UNZ0+P4AaA2aT3WHGKkg4PaikYB+TWXPGYV+BjTbn2KOXynabwwNwIyT,iv:Po25iPPd7VlYfaYqtDrLEbjZBdJ7af8mgEW8tYgs3iM=,tag:CMl2ECJxRTIB+AFND+9tKQ==,type:str] sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] age: - recipient: age1x8qsd7kxxjvan4psvnvua3r0emljsnq07agxnu6jqw56ky8z6faqyjq0e3 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzRy9DblE4WnhEc1kvcjcw - ZVBEeVVoRUMxNUZ6Q09QZXdYcEZaSGp0UHpFCnc3UnZOZThLdDYwN05GUjJqYnhK - Z0tZMXo2N0J4R2ZPLzRLcS83QVRBZncKLS0tICs3dDVIV0s2ZTRBQk5wMVE3WjVP - NENYZHlvR3U3Um5XWm90RW01eEM3eHMKewyXEa9TInEFz65LoDo8BHBdjibdYF4r - DGQtPlYF5yuVd8PVMATxMBhs/6hXJLfK2Y54NEeJo2gydyq11Lpm2Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxN2ZzTUpSeWRWejVxVm4y + dzF3MU9DOTBTZUF0Y3I2SUVURGZCZDBqTVV3ClNwL29hejN2OFdVaHk2TEppNWFj + V3NYcEM4RHNyWUszWFlLa2pXa2FyVmsKLS0tIExOL254cGh4RkJDandqZzJ2RjRi + b3AxOTd2VmdHdXd5c3NNTkJoYW12bUUKbX199Z7jI6nornm0erzm7dSQ+XuxAnXb + glw60TnUSnLUWIHTTx/jVSRR4uO5I6FzxUUfVJ2BMOn/eUNa5BJ70A== -----END AGE ENCRYPTED FILE----- - - recipient: age1y2s7ah49jmhd8n05q7tw0gjcnv3390s0uxp3ewjqueekq7a7rvdqzytgd2 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGMlBaWURCSTd6cjRYTTB1 - VWQvTHBFaDgrMFRpb0crRld6ZjVOUXkrb0cwCnFpcE1nSERwUlowRW54SnEwTk9u - S2N1Rm9kUCtWM3pEWmh1aE1HU3oxT1UKLS0tIE5HSXdFT29XazloR0VjVDVqQWVq - RURoYXdtZFh2djVaem15Qjk4UFhBOEEKEjAuKJ8vpVKoBO8ioyH4EcXVmEkfwrQh - JtDzik9QwZgUNdamWu5BhDlNA1Jmu87VYchhR4CXIS5OG4ticUqr7g== - -----END AGE ENCRYPTED FILE----- - - recipient: age107mmu7nkjfpm7ygp25zpj69m06ftckc9gh7a37umkjq0y7ac34msd6uj3u - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBodExKajhTZzRZdWlXWG9n - V09sRDZrK0gvaDI4TmtzUmR0cUF0OFl1OGxJCmNUMk5aWkV3LzYzeTJJMDFlR0p4 - Qlp0STk4dFN3WGswb05BRHlOQit2VGMKLS0tIGJTVkp0Y1Yrd2pqMm1yUlJaYkMy - TzlCMWpMQ1hRMTRObWNyN2Q0YWtsZmcKFHVmvu6U0Qw+EUsBEmdST2cyQ3rZyh6w - 62vmALGxE2NWDYQmwtHJmYqeO14HHEDclUErQiCmUt+hLgOLF2MxwA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-04-09T02:00:03Z" - mac: ENC[AES256_GCM,data:2/JIsd2iOg2yTMzxwnVuk1pKxNJy80g09SgcCLLP0rwziKNORELQw5z8ipgVxRee2irqPSNFsAPfvjQFnq3nGOKuf1zbSATOzt4yySWigS7Q7il1OEtf6rdNXPruTQU+R8R3ZpqE0IhYZ1iPyCU+vIlBdHzgLEThdnQeWE3XvAc=,iv:Xc7uCgvHysg3w/fAC1aPLozU1tROcywRlWQLS/kUCYQ=,tag:c5NF6cjqaCJ8r6tfPVuUxw==,type:str] + lastmodified: "2024-11-07T04:04:03Z" + mac: ENC[AES256_GCM,data:7UGKhfZg3SNg1f74nQiax4F7CB8NC12uIpTlQDtb8d1iiu5AdPZHwzlkpXbzkIp26g61pI8qXcvdjmToWjaWzsbUZ2Mo8/HEzOtV8HzxAeQFAyYBhIFAS0q0WzN/yijI7fQeHKnhZ/YCUuHQAZ94bBBSnkVTVOKf6mR7Pu1klr4=,iv:DzOwKxrcJse6yyOw+l7+wgEGBI36HWnebLE7js4VRiE=,tag:BIR67kZzZJZo+Kfie4wIvw==,type:str] + pgp: [] unencrypted_suffix: _unencrypted - version: 3.11.0 + version: 3.8.1