diff --git a/.sops.yaml b/.sops.yaml index 9b0bac5..63161c3 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,9 +1,11 @@ keys: - &xps13 age1x8qsd7kxxjvan4psvnvua3r0emljsnq07agxnu6jqw56ky8z6faqyjq0e3 - &pi age1y2s7ah49jmhd8n05q7tw0gjcnv3390s0uxp3ewjqueekq7a7rvdqzytgd2 + - &server age107mmu7nkjfpm7ygp25zpj69m06ftckc9gh7a37umkjq0y7ac34msd6uj3u creation_rules: - path_regex: secrets/secrets.yaml$ key_groups: - age: - *xps13 - *pi + - *server diff --git a/Makefile b/Makefile index 56e710e..f970db3 100644 --- a/Makefile +++ b/Makefile @@ -6,4 +6,4 @@ rebuild-pi: NIX_SSHOPTS="-o IdentitiesOnly=yes -i ~/.ssh/id_rsa" nixos-rebuild switch --flake .#pi --target-host pi --build-host server --use-remote-sudo deploy-server: - nixos-rebuild switch --flake .#server --target-host server --build-host server --use-remote-sudo --ask-sudo-password + nixos-rebuild switch --flake .#server --target-host server --build-host server --sudo --ask-sudo-password diff --git a/devices/asus/configuration.nix b/devices/asus/configuration.nix index 66244d7..23eb51b 100644 --- a/devices/asus/configuration.nix +++ b/devices/asus/configuration.nix @@ -1,12 +1,7 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). -{ - config, - lib, - pkgs, - ... -}: { +{ config, lib, pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix @@ -32,19 +27,13 @@ services.desktopManager.cosmic.enable = true; services.displayManager.cosmic-greeter.enable = true; - nix.settings.experimental-features = ["nix-command" "flakes"]; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.polen = { isNormalUser = true; - extraGroups = ["wheel"]; # Enable ‘sudo’ for the user. - packages = with pkgs; [ - neovim - tree - htop - git - ranger - ]; + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + packages = with pkgs; [ neovim tree htop git ranger ]; }; # List packages installed in system profile. @@ -73,7 +62,7 @@ }; # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [2283]; + networking.firewall.allowedTCPPorts = [ 2283 ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. # networking.firewall.enable = false; diff --git a/devices/asus/hardware-configuration.nix b/devices/asus/hardware-configuration.nix index 4dbb315..047b62f 100644 --- a/devices/asus/hardware-configuration.nix +++ b/devices/asus/hardware-configuration.nix @@ -4,34 +4,32 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.availableKernelModules = + [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/50ea20bc-d9bb-40c7-8e4a-34e31da665b5"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/50ea20bc-d9bb-40c7-8e4a-34e31da665b5"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/9267-2ED4"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/9267-2ED4"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; - fileSystems."/data" = - { device = "/dev/disk/by-uuid/465aa01d-2cc4-4955-bebb-b44c21528e4f"; - fsType = "ext4"; - }; + fileSystems."/data" = { + device = "/dev/disk/by-uuid/465aa01d-2cc4-4955-bebb-b44c21528e4f"; + fsType = "ext4"; + }; swapDevices = - [ { device = "/dev/disk/by-uuid/90dd6c81-79a7-45e2-b063-e263cabf1c28"; } - ]; + [{ device = "/dev/disk/by-uuid/90dd6c81-79a7-45e2-b063-e263cabf1c28"; }]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's @@ -42,5 +40,6 @@ # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.cpu.intel.updateMicrocode = + lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/devices/latoure/configuration.nix b/devices/latoure/configuration.nix index dab7ee0..1e01f13 100644 --- a/devices/latoure/configuration.nix +++ b/devices/latoure/configuration.nix @@ -1,11 +1,7 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running 'nixos-help'). -{ - config, - pkgs, - ... -}: { +{ config, pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix @@ -35,7 +31,7 @@ # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - nix.settings.experimental-features = ["nix-command" "flakes"]; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; #nix.settings.trusted-users = [ "polen" "polensky" ]; #nix.settings.extra-platforms = config.boot.binfmt.emulatedSystems; #boot.binfmt.emulatedSystems = ["aarch64-linux"]; @@ -98,7 +94,7 @@ users.users.polensky = { isNormalUser = true; description = "polensky"; - extraGroups = ["networkmanager" "wheel"]; + extraGroups = [ "networkmanager" "wheel" ]; shell = pkgs.zsh; }; @@ -109,13 +105,7 @@ # List packages installed in system profile. To search, run: # $ nix search wget - environment.systemPackages = with pkgs; [ - htop-vim - ranger - neovim - wget - git - ]; + environment.systemPackages = with pkgs; [ htop-vim ranger neovim wget git ]; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. diff --git a/devices/latoure/hardware-configuration.nix b/devices/latoure/hardware-configuration.nix index b3bbb9b..96106c2 100644 --- a/devices/latoure/hardware-configuration.nix +++ b/devices/latoure/hardware-configuration.nix @@ -4,44 +4,52 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "xhci_pci" "pata_marvell" "firewire_ohci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; + boot.initrd.availableKernelModules = [ + "uhci_hcd" + "ehci_pci" + "ahci" + "xhci_pci" + "pata_marvell" + "firewire_ohci" + "usb_storage" + "usbhid" + "sd_mod" + "sr_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/62a34abf-561a-410d-b913-eb2ad7ede6f5"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/62a34abf-561a-410d-b913-eb2ad7ede6f5"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/9B7B-A012"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/9B7B-A012"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; - fileSystems."/data" = - { device = "/dev/disk/by-uuid/b7de7b88-6239-4340-9e7a-6486814bbd83"; - fsType = "ext4"; - }; + fileSystems."/data" = { + device = "/dev/disk/by-uuid/b7de7b88-6239-4340-9e7a-6486814bbd83"; + fsType = "ext4"; + }; - fileSystems."/data1" = - { device = "/dev/disk/by-uuid/86a239f2-50a5-4c26-9534-0636fb718fc8"; - fsType = "ext4"; - }; + fileSystems."/data1" = { + device = "/dev/disk/by-uuid/86a239f2-50a5-4c26-9534-0636fb718fc8"; + fsType = "ext4"; + }; - fileSystems."/home" = - { device = "/dev/disk/by-uuid/5181dbcf-7e00-46d9-ac04-c22d4c4e9827"; - fsType = "ext4"; - }; + fileSystems."/home" = { + device = "/dev/disk/by-uuid/5181dbcf-7e00-46d9-ac04-c22d4c4e9827"; + fsType = "ext4"; + }; swapDevices = - [ { device = "/dev/disk/by-uuid/29ac34a7-fa51-489b-b9da-8c5d02bdd2c4"; } - ]; + [{ device = "/dev/disk/by-uuid/29ac34a7-fa51-489b-b9da-8c5d02bdd2c4"; }]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's @@ -52,5 +60,6 @@ # networking.interfaces.enp7s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.cpu.intel.updateMicrocode = + lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/devices/macbook/configuration.nix b/devices/macbook/configuration.nix index 46f5578..147421d 100644 --- a/devices/macbook/configuration.nix +++ b/devices/macbook/configuration.nix @@ -1,11 +1,5 @@ -{ - pkgs, - inputs, - system, - config, - ... -}: let - my-emacs = pkgs.emacsNativeComp; +{ pkgs, inputs, system, config, ... }: +let my-emacs = pkgs.emacsNativeComp; in { nixpkgs.config.allowUnfree = true; @@ -24,7 +18,7 @@ in { colima git gnupg - (pass.withExtensions (exts: [exts.pass-otp])) + (pass.withExtensions (exts: [ exts.pass-otp ])) # emacs my-emacs @@ -56,23 +50,28 @@ in { "brave-browser" "qutebrowser" "stremio" + "firefox" # work "slack" "tunnelblick" "dbeaver-community" "claude" + "adobe-acrobat-reader" # doom emacs "font-symbols-only-nerd-font" + + # media + "inkscape" + "obs" ]; }; - nix = { # Necessary for using flakes on this system. settings.experimental-features = "nix-command flakes"; extraOptions = '' - extra-platforms = x86_64-darwin aarm64-darwin + extra-platforms = x86_64-darwin aarch64-darwin aarch64-linux ''; gc = { automatic = true; @@ -83,6 +82,31 @@ in { }; options = "--delete-older-than 15d"; }; + + linux-builder = { + enable = true; + }; + + distributedBuilds = true; + buildMachines = [ + { + hostName = "server.local"; + sshUser = "polen"; + sshKey = "/Users/charles/.ssh/id_ed25519"; + systems = [ "x86_64-linux" "aarch64-linux" ]; + # optional but recommended: + maxJobs = 4; # how many concurrent builds to send + speedFactor = 1; # relative priority vs other builders + supportedFeatures = [ "nixos-test" "big-parallel" "kvm" ]; + } + ]; + settings.builders-use-substitutes = true; + + settings = { + extra-substituters = [ "s3://rc-nix-binary-cache?region=ca-central-1" ]; + extra-trusted-public-keys = [ "rc-nix-cache:3nJzc2e0wK0zpTmiphHLYJWOMuKJ0Fj/TOF5ulUxr/Q=" ]; + secret-key-files = [ "/Users/charles/.config/nix/rc-nix-cache-priv-key.pem" ]; + }; }; # Create /etc/zshrc that loads the nix-darwin environment. @@ -90,9 +114,7 @@ in { programs.direnv.enable = true; programs.gnupg.agent.enable = true; - services.yabai = { - enable = true; - }; + services.yabai = { enable = true; }; services.skhd.enable = true; services.emacs = { @@ -107,15 +129,13 @@ in { system.defaults.dock = { autohide = true; - persistent-apps = []; + persistent-apps = [ ]; show-recents = false; static-only = true; tilesize = 32; }; - system.defaults.menuExtraClock = { - Show24Hour = true; - }; + system.defaults.menuExtraClock = { Show24Hour = true; }; launchd.user.agents.remap-keys = { serviceConfig = { @@ -123,7 +143,8 @@ in { "/usr/bin/hidutil" "property" "--set" - '' { + '' + { "UserKeyMapping":[ {"HIDKeyboardModifierMappingSrc":0x700000039,"HIDKeyboardModifierMappingDst":0x7000000E7} ] diff --git a/devices/pi/configuration.nix b/devices/pi/configuration.nix index b3be1d7..22e717f 100644 --- a/devices/pi/configuration.nix +++ b/devices/pi/configuration.nix @@ -1,16 +1,11 @@ -{ - inputs, - config, - pkgs, - lib, - ... -}: let +{ inputs, config, pkgs, lib, ... }: +let user = "polen"; hostname = "pi"; in { boot = { kernelPackages = pkgs.linuxKernel.packages.linux_rpi3; - initrd.availableKernelModules = ["xhci_pci" "usbhid" "usb_storage"]; + initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ]; loader = { grub.enable = false; generic-extlinux-compatible.enable = true; @@ -21,16 +16,14 @@ in { "/" = { device = "/dev/disk/by-label/NIXOS_SD"; fsType = "ext4"; - options = ["noatime"]; + options = [ "noatime" ]; }; }; - swapDevices = [ - { - device = "/var/lib/swapfile"; - size = 10 * 1024; - } - ]; + swapDevices = [{ + device = "/var/lib/swapfile"; + size = 10 * 1024; + }]; #sops.defaultSopsFile = ../../secrets/secrets.yaml; #sops.defaultSopsFormat = "yaml"; @@ -41,12 +34,6 @@ in { networkmanager.enable = true; wireless.enable = false; hostName = hostname; - firewall.allowedTCPPorts = [80 443]; - }; - - services.pihole-ftl = { - enable = true; - openFirewallDHCP = true; }; services.prometheus.exporters = { @@ -54,24 +41,21 @@ in { node.openFirewall = true; }; - nix.settings.trusted-users = [user]; + nix.settings.trusted-users = [ user ]; - environment.systemPackages = with pkgs; [ - htop-vim - neovim - curl - wget - ranger - ]; + environment.systemPackages = with pkgs; [ htop-vim neovim curl wget ranger ]; services.openssh.enable = true; users = { mutableUsers = false; - users."${user}" = { - isNormalUser = true; - #hashedPasswordFile = config.sops.secrets.pi_user_pass.path; - extraGroups = ["wheel" "pihole"]; + users = { + "${user}" = { + isNormalUser = true; + #hashedPasswordFile = config.sops.secrets.pi_user_pass.path; + extraGroups = [ "wheel" ]; + }; + lauria = { isNormalUser = true; }; }; }; diff --git a/devices/server/configuration.nix b/devices/server/configuration.nix index 1d06a11..567109b 100644 --- a/devices/server/configuration.nix +++ b/devices/server/configuration.nix @@ -1,23 +1,17 @@ -{ - config, - pkgs, - ... -}: let - user = "polen"; +{ config, pkgs, ... }: +let user = "polen"; in { - imports = [ - ./hardware-configuration.nix - ]; + imports = [ ./hardware-configuration.nix ]; boot.loader = { grub = { enable = true; - devices = ["/dev/sda"]; + devices = [ "/dev/sda" ]; }; }; #boot.kernelModules = ["msr"]; - boot.binfmt.emulatedSystems = ["aarch64-linux"]; + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; virtualisation.docker.enable = true; @@ -46,6 +40,14 @@ in { reverse_proxy http://127.0.0.1:8096 ''; + virtualHosts."grafana.polensky.me".extraConfig = '' + reverse_proxy http://127.0.0.1:3000 + ''; + + virtualHosts."git.polensky.me".extraConfig = '' + reverse_proxy http://127.0.0.1:3001 + ''; + virtualHosts."pb.polensky.me".extraConfig = '' request_body { max_size 10MB @@ -62,6 +64,33 @@ in { file_server try_files {path} /index.html ''; + + virtualHosts."prixdugaz.ca".extraConfig = '' + reverse_proxy http://127.0.0.1:8080 + ''; + }; + + services.prixdugaz = { + enable = true; + openFirewall = true; # 8080 + }; + + services.forgejo = { + enable = true; + lfs.enable = true; + settings = { + server = { + DOMAIN = "git.polensky.me"; + ROOT_URL = "https://git.polensky.me/"; + HTTP_PORT = 3001; + }; + service = { + DISABLE_REGISTRATION = true; + }; + actions = { + ENABLED = true; + }; + }; }; # observability @@ -69,6 +98,7 @@ in { grafana = { enable = true; settings = { + security.secret_key = "SW2YcwTIb9zpOOhoPsMm"; server = { http_addr = "0.0.0.0"; http_port = 3000; @@ -77,29 +107,31 @@ in { }; prometheus = { enable = true; - exporters = { - node.enable = true; + exporters = { + node.enable = true; + systemd.enable = true; }; scrapeConfigs = [ { job_name = "node-exporters-lan"; - static_configs = [ - { - targets = ["127.0.0.1:9100"]; - labels = { - instance = "server"; - }; - } - ]; + static_configs = [{ + targets = [ "127.0.0.1:9100" ]; + labels = { instance = "server"; }; + }]; + } + { + job_name = "systemd-exporters-lan"; + static_configs = [{ + targets = [ "127.0.0.1:9558" ]; + labels = { instance = "server"; }; + }]; } ]; }; }; systemd.services.jellyfin = { - environment = { - DOTNET_SYSTEM_IO_DISABLEFILELOCKING = "1"; - }; + environment = { DOTNET_SYSTEM_IO_DISABLEFILELOCKING = "1"; }; }; # media @@ -145,13 +177,13 @@ in { fileSystems."/mnt/latoure-data" = { device = "latoure.local:/data"; fsType = "nfs"; - options = ["x-systemd.automount" "noauto" "x-systemd.idle-timeout=600"]; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; }; fileSystems."/mnt/latoure-data1" = { device = "latoure.local:/data1"; fsType = "nfs"; - options = ["_netdev"]; + options = [ "_netdev" ]; }; networking = { @@ -167,6 +199,7 @@ in { 9000 # mealie 8989 # sonarr 10222 # taskchampion-sync-server + 51966 # for ssh ]; firewall.allowedUDPPorts = [ 5353 # mDNS @@ -176,12 +209,23 @@ in { time.timeZone = "America/Toronto"; users.users."${user}" = { - extraGroups = ["wheel" "transmission" "jellyfin" "polensky" "docker"]; + isNormalUser = true; + group = "polen"; + extraGroups = [ "wheel" "transmission" "jellyfin" "polensky" "docker" ]; shell = pkgs.zsh; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6O2MJqR+P/FwRyVSz1HWYhMtIwh16ozBU71Y2vf0oNDQ6DZ5T8Bvp5/4uSJgS8lOl3qYyNy0e0zJMIyfFVJnu89ycKBEdixA4HqWOUQGiyvn1C4s740jHolOzN1xNB24PDXFz0vHcVb+G5nU/xeKeaq0vrszrkK2zctqXshw94/x3ah0m3fr5CwM4S2RY/VODOdt11fllFEvN8HGE2mQTPn5sJzwtGW20npQ5iJ7ShugPbC4D1G2JU1R7MqkvWEpq9OFVb1prTpJM+i/lcqCn3lBv8XxpKKnD3q+48eeO1geosAsG/kgUWPDildbzcSfytgj7/TCTujx2ow4ZUfS4kWUrNaXM3M99SG61rFN7zLMAv14SOSsgegmX3q0ZAwOieUhCifqIqdfFr5QjEUP11ALofYRC6567X1YrEVXZFFnZSXMKGkBKpTxx0jaTTGnFSd6F49kDlI30cKJnVUgAK5nESissdEFn3UGRSFfxmjZkYvhY5l3LqtbO3kEutJU= polen@polen-xps" ]; }; + users.groups.polen = { }; + + # SOPS secrets + sops = { + defaultSopsFile = ../../secrets/secrets.yaml; + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + secrets = { }; + }; + environment.systemPackages = with pkgs; [ neovim htop-vim @@ -205,8 +249,8 @@ in { nixpkgs.config.allowUnfree = true; nix = { - settings.experimental-features = ["nix-command" "flakes"]; - settings.trusted-users = ["polen"]; + settings.experimental-features = [ "nix-command" "flakes" ]; + settings.trusted-users = [ "polen" ]; # settings.extra-platforms = config.boot.binfmt.emulatedSystems; gc = { automatic = true; diff --git a/devices/server/hardware-configuration.nix b/devices/server/hardware-configuration.nix index a59b1e5..3e46e9b 100644 --- a/devices/server/hardware-configuration.nix +++ b/devices/server/hardware-configuration.nix @@ -1,30 +1,22 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; +{ config, lib, pkgs, modulesPath, ... }: { + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "hpsa" "usb_storage" "usbhid" "sd_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; + boot.initrd.availableKernelModules = + [ "uhci_hcd" "ehci_pci" "hpsa" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; fileSystems."/" = { device = "/dev/disk/by-uuid/a4ba3cce-bbdd-470d-9874-71f3aea9ea13"; fsType = "ext4"; }; - swapDevices = [ - {device = "/dev/disk/by-uuid/6fc86a5b-ac4b-41ed-a7c9-56f734f5e711";} - ]; + swapDevices = + [{ device = "/dev/disk/by-uuid/6fc86a5b-ac4b-41ed-a7c9-56f734f5e711"; }]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's @@ -37,5 +29,6 @@ # networking.interfaces.enp4s0f1.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.cpu.intel.updateMicrocode = + lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/devices/xps13/assets/avatar.jpg b/devices/xps13/assets/avatar.jpg new file mode 100644 index 0000000..39a5ecb Binary files /dev/null and b/devices/xps13/assets/avatar.jpg differ diff --git a/devices/xps13/configuration.nix b/devices/xps13/configuration.nix index 6cc43df..aa5c988 100644 --- a/devices/xps13/configuration.nix +++ b/devices/xps13/configuration.nix @@ -1,12 +1,7 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running 'nixos-help'). -{ - config, - pkgs, - inputs, - ... -}: { +{ config, pkgs, inputs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix @@ -16,27 +11,31 @@ hardware.bluetooth = { enable = true; - powerOnBoot = true; + powerOnBoot = false; }; services.blueman.enable = true; services.openssh.enable = true; - services.power-profiles-daemon.enable = true; + services.power-profiles-daemon.enable = false; services.upower.enable = true; # Bootloader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - boot.kernelModules = ["msr"]; + boot.kernelModules = [ "msr" ]; + + boot.extraModprobeConfig = '' + options snd_hda_intel power_save=1 + ''; networking.hostName = "xps13"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. nix = { - settings.experimental-features = ["nix-command" "flakes"]; - settings.trusted-users = ["polen"]; + settings.experimental-features = [ "nix-command" "flakes" ]; + settings.trusted-users = [ "polen" ]; settings.extra-platforms = config.boot.binfmt.emulatedSystems; gc = { automatic = true; @@ -44,7 +43,7 @@ options = "--delete-older-than 15d"; }; }; - boot.binfmt.emulatedSystems = ["aarch64-linux"]; + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; @@ -68,14 +67,15 @@ services.displayManager.sddm = { enable = true; - theme = "${import ./sddm-theme.nix {inherit pkgs;}}"; + theme = "${import ./sddm-theme.nix { inherit pkgs; }}"; + package = pkgs.kdePackages.sddm; }; # Define a user account. Don't forget to set a password with 'passwd'. users.users.polen = { isNormalUser = true; description = "polen"; - extraGroups = ["networkmanager" "wheel"]; + extraGroups = [ "networkmanager" "wheel" ]; shell = pkgs.zsh; }; @@ -97,7 +97,7 @@ # Desktop waybar mako - swww + awww wdisplays libnotify bemenu @@ -105,12 +105,10 @@ pamixer networkmanagerapplet wl-clipboard - libsForQt5.qt5.qtquickcontrols2 - libsForQt5.qt5.qtgraphicaleffects ntfs3g - # Nix related - nixfmt-classic + kdePackages.qtdeclarative + kdePackages.qtsvg ]; programs.zsh.enable = true; @@ -121,6 +119,12 @@ withUWSM = true; }; + programs.weylus = { + enable = true; + users = [ "polen" ]; + openFirewall = true; + }; + services.gvfs.enable = true; # to make pass work @@ -134,7 +138,7 @@ programs.seahorse.enable = true; xdg.portal.enable = true; - xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk]; + xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; environment.sessionVariables = { NIXOS_OZONE_WL = "1"; diff --git a/devices/xps13/hardware-configuration.nix b/devices/xps13/hardware-configuration.nix index 99be3ee..20fdb62 100644 --- a/devices/xps13/hardware-configuration.nix +++ b/devices/xps13/hardware-configuration.nix @@ -4,29 +4,28 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.availableKernelModules = + [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/6faa62c9-8566-4ed7-b372-355e04ac4ca6"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/6faa62c9-8566-4ed7-b372-355e04ac4ca6"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/A769-2F96"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/A769-2F96"; + fsType = "vfat"; + }; - fileSystems."/home" = - { device = "/dev/disk/by-uuid/8b28694c-3401-4545-9974-521674baa450"; - fsType = "ext4"; - }; + fileSystems."/home" = { + device = "/dev/disk/by-uuid/8b28694c-3401-4545-9974-521674baa450"; + fsType = "ext4"; + }; swapDevices = [ ]; @@ -38,5 +37,6 @@ # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.cpu.intel.updateMicrocode = + lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/devices/xps13/sddm-theme.nix b/devices/xps13/sddm-theme.nix index 3df1e26..91e13d7 100644 --- a/devices/xps13/sddm-theme.nix +++ b/devices/xps13/sddm-theme.nix @@ -1,19 +1,21 @@ -{pkgs}: let +{ pkgs }: +let image = ./assets/a_forest_of_trees_with_fog.jpg; -in - pkgs.stdenv.mkDerivation { - name = "sddm-theme"; - src = pkgs.fetchFromGitHub { - owner = "MarianArlt"; - repo = "sddm-sugar-dark"; - rev = "ceb2c455663429be03ba62d9f898c571650ef7fe"; - sha256 = "flOspjpYezPvGZ6b4R/Mr18N7N3JdytCSwwu6mf4owQ="; - }; - installPhase = '' - mkdir -p $out - cp -R ./* $out/ - cd $out/ - rm Background.jpg - cp -r ${image} $out/Background.jpg - ''; - } + avatar = ./assets/avatar.jpg; +in pkgs.stdenv.mkDerivation { + name = "sddm-theme"; + src = pkgs.fetchFromGitHub { + owner = "xCaptaiN09"; + repo = "pixie-sddm"; + rev = "12a5f459ebd6d699be42c188c10976c8bb7076d7"; + sha256 = "sha256-lmE/49ySuAZDh5xLochWqfSw9qWrIV+fYaK5T2Ckck8="; + }; + installPhase = '' + mkdir -p $out + cp -R ./* $out/ + rm $out/assets/background.jpg + rm $out/assets/avatar.jpg + cp ${image} $out/assets/background.jpg + cp ${avatar} $out/assets/avatar.jpg + ''; +} diff --git a/flake.lock b/flake.lock index 5b9d858..87e5555 100644 --- a/flake.lock +++ b/flake.lock @@ -2,19 +2,38 @@ "nodes": { "disko": { "inputs": { - "nixpkgs": "nixpkgs" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { - "lastModified": 1760701190, - "narHash": "sha256-y7UhnWlER8r776JsySqsbTUh2Txf7K30smfHlqdaIQw=", + "lastModified": 1773889306, + "narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=", "owner": "nix-community", "repo": "disko", - "rev": "3a9450b26e69dcb6f8de6e2b07b3fc1c288d85f5", + "rev": "5ad85c82cc52264f4beddc934ba57f3789f28347", "type": "github" }, "original": { - "id": "disko", - "type": "indirect" + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1751685974, + "narHash": "sha256-NKw96t+BgHIYzHUjkTK95FqYRVKB8DHpVhefWSz/kTw=", + "ref": "refs/heads/main", + "rev": "549f2762aebeff29a2e5ece7a7dc0f955281a1d1", + "revCount": 92, + "type": "git", + "url": "https://git.lix.systems/lix-project/flake-compat.git" + }, + "original": { + "type": "git", + "url": "https://git.lix.systems/lix-project/flake-compat.git" } }, "flake-parts": { @@ -22,11 +41,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "lastModified": 1777898446, + "narHash": "sha256-tTEOTTjMHd8Vffn4hehLTPgOXXxJ27xfkf4DoyZgD7s=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "rev": "5d82aa3d6b5da25dbfec1a995750a70a03b8c659", "type": "github" }, "original": { @@ -37,14 +56,18 @@ }, "flake-parts_2": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_2" + "nixpkgs-lib": [ + "vimix", + "nvf", + "nixpkgs" + ] }, "locked": { - "lastModified": 1741352980, - "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", "type": "github" }, "original": { @@ -55,7 +78,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1731533236, @@ -71,13 +94,33 @@ "type": "github" } }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1776184304, + "narHash": "sha256-No6QGBmIv5ChiwKCcbkxjdEQ/RO2ZS1gD7SFy6EZ7rc=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3c7524c68348ef79ce48308e0978611a050089b2", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "mnw": { "locked": { - "lastModified": 1742255973, - "narHash": "sha256-XfEGVKatTgEMMOVb4SNp1LYLQOSzzrFTDMVDTZFyMVE=", + "lastModified": 1777828893, + "narHash": "sha256-gVWVnmyNr74BVKfhMMZDWkhx2699dhmZ2g0W8TTHtkk=", "owner": "Gerg-L", "repo": "mnw", - "rev": "b982dbd5e6d55d4438832b3567c09bc2a129649d", + "rev": "c1c0b544bfabe6669b5a6a0383ccb475fe60258b", "type": "github" }, "original": { @@ -86,44 +129,39 @@ "type": "github" } }, - "nil": { + "ndg": { "inputs": { - "flake-utils": [ - "vimix", - "nvf", - "flake-utils" - ], "nixpkgs": [ "vimix", "nvf", "nixpkgs" - ], - "rust-overlay": "rust-overlay" + ] }, "locked": { - "lastModified": 1741118843, - "narHash": "sha256-ggXU3RHv6NgWw+vc+HO4/9n0GPufhTIUjVuLci8Za8c=", - "owner": "oxalica", - "repo": "nil", - "rev": "577d160da311cc7f5042038456a0713e9863d09e", + "lastModified": 1776882296, + "narHash": "sha256-DWZozXwMsgvUqfVlL1mQ8dOxW7GJ/8CdyaDN+1niZRg=", + "owner": "feel-co", + "repo": "ndg", + "rev": "ab7d78d4884b3a34968cf9fa3d16c0c1246d5c6e", "type": "github" }, "original": { - "owner": "oxalica", - "repo": "nil", + "owner": "feel-co", + "ref": "refs/tags/v2.6.0", + "repo": "ndg", "type": "github" } }, "nix-darwin": { "inputs": { - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1761339987, - "narHash": "sha256-IUaawVwItZKi64IA6kF6wQCLCzpXbk2R46dHn8sHkig=", + "lastModified": 1775037210, + "narHash": "sha256-KM2WYj6EA7M/FVZVCl3rqWY+TFV5QzSyyGE2gQxeODU=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "7cd9aac79ee2924a85c211d21fafd394b06a38de", + "rev": "06648f4902343228ce2de79f291dd5a58ee12146", "type": "github" }, "original": { @@ -132,13 +170,29 @@ "type": "github" } }, + "nixos-hardware": { + "locked": { + "lastModified": 1775490113, + "narHash": "sha256-2ZBhDNZZwYkRmefK5XLOusCJHnoeKkoN95hoSGgMxWM=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "c775c2772ba56e906cbeb4e0b2db19079ef11ff7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1752596105, - "narHash": "sha256-lFNVsu/mHLq3q11MuGkMhUUoSXEdQjCHvpReaGP1S2k=", + "lastModified": 1765934234, + "narHash": "sha256-pJjWUzNnjbIAMIc5gRFUuKCDQ9S1cuh3b2hKgA7Mc4A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dab3a6e781554f965bde3def0aa2fda4eb8f1708", + "rev": "af84f9d270d404c17699522fab95bbf928a2d92f", "type": "github" }, "original": { @@ -150,23 +204,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1730504152, - "narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" - } - }, - "nixpkgs-lib_2": { - "locked": { - "lastModified": 1740877520, - "narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=", + "lastModified": 1777168982, + "narHash": "sha256-GOkGPcboWE9BmGCRMLX3worL4EMnsnG8MyKmXNeYuhQ=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "147dee35aab2193b174e4c0868bd80ead5ce755c", + "rev": "f5901329dade4a6ea039af1433fb087bd9c1fe14", "type": "github" }, "original": { @@ -177,27 +219,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1747728033, - "narHash": "sha256-NnXFQu7g4LnvPIPfJmBuZF7LFy/fey2g2+LCzjQhTUk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "2f9173bde1d3fbf1ad26ff6d52f952f9e9da52ea", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1761114652, - "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=", + "lastModified": 1775710090, + "narHash": "sha256-ar3rofg+awPB8QXDaFJhJ2jJhu+KqN/PRCXeyuXR76E=", "owner": "nixos", "repo": "nixpkgs", - "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c", + "rev": "4c1018dae018162ec878d42fec712642d214fdfa", "type": "github" }, "original": { @@ -207,13 +233,29 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { - "lastModified": 1760596604, - "narHash": "sha256-J/i5K6AAz/y5dBePHQOuzC7MbhyTOKsd/GLezSbEFiM=", + "lastModified": 1775036866, + "narHash": "sha256-ZojAnPuCdy657PbTq5V0Y+AHKhZAIwSIT2cb8UgAz/U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3cbe716e2346710d6e1f7c559363d14e11c32a43", + "rev": "6201e203d09599479a3b3450ed24fa81537ebc4e", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1775888245, + "narHash": "sha256-nwASzrRDD1JBEu/o8ekKYEXm/oJW6EMCzCRdrwcLe90=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "13043924aaa7375ce482ebe2494338e058282925", "type": "github" }, "original": { @@ -225,11 +267,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1744098102, - "narHash": "sha256-tzCdyIJj9AjysC3OuKA+tMD/kDEDAF9mICPDU7ix0JA=", + "lastModified": 1777578337, + "narHash": "sha256-Ad49moKWeXtKBJNy2ebiTQUEgdLyvGmTeykAQ9xM+Z4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c8cd81426f45942bb2906d5ed2fe21d2f19d95b7", + "rev": "15f4ee454b1dce334612fa6843b3e05cf546efab", "type": "github" }, "original": { @@ -241,16 +283,16 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1743076231, - "narHash": "sha256-yQugdVfi316qUfqzN8JMaA2vixl+45GxNm4oUfXlbgw=", + "lastModified": 1774386573, + "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6c5963357f3c1c840201eda129a99d455074db04", + "rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixpkgs-unstable", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -259,14 +301,15 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ] + ], + "noctalia-qs": "noctalia-qs" }, "locked": { - "lastModified": 1769187095, - "narHash": "sha256-1EpJcnYSIpkHnMChluK6LoDtOkjkPOl/zqhZyqGefqs=", + "lastModified": 1776240823, + "narHash": "sha256-QAdipw26rtLJWKY7EWX7k+pyvCQwF4+PObggxWbiT74=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "ee2e9cdb0c7618e00d4c78b359d461733416a673", + "rev": "76b03be48965cb01faabe167f80a8995fb76a92e", "type": "github" }, "original": { @@ -275,21 +318,44 @@ "type": "github" } }, + "noctalia-qs": { + "inputs": { + "nixpkgs": [ + "noctalia", + "nixpkgs" + ], + "systems": "systems", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1775957204, + "narHash": "sha256-d4CVRtAty2GzDYXx4xYQmR+nlOjjKovyprQfZhgLckU=", + "owner": "noctalia-dev", + "repo": "noctalia-qs", + "rev": "68e82fe34c68ee839a9c37e3466820e266af0c86", + "type": "github" + }, + "original": { + "owner": "noctalia-dev", + "repo": "noctalia-qs", + "type": "github" + } + }, "nvf": { "inputs": { + "flake-compat": "flake-compat", "flake-parts": "flake-parts_2", - "flake-utils": "flake-utils", "mnw": "mnw", - "nil": "nil", + "ndg": "ndg", "nixpkgs": "nixpkgs_6", - "systems": "systems_2" + "systems": "systems_3" }, "locked": { - "lastModified": 1744192993, - "narHash": "sha256-dvMcjQ2yKD21qnP6ylgo5Gj6d0FYKvATe6S6Zf8X0J4=", + "lastModified": 1777837065, + "narHash": "sha256-uRD6a4uNno3SsAw0E0E6xqbiK7pX63Ad1F37q5fyz9g=", "owner": "notashelf", "repo": "nvf", - "rev": "67d9aa7cb585b315473b9558c307db5ccdc9f9bb", + "rev": "7ec206a5d9a7d5d27900d81a6bb382823902276d", "type": "github" }, "original": { @@ -298,49 +364,48 @@ "type": "github" } }, + "prixdugaz": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1777505579, + "narHash": "sha256-e1oq8b4hFTH/C2zyGdRB4X4BdFg+wrf3yw7JjHav++w=", + "ref": "refs/heads/main", + "rev": "ed8b91db4647564f21b376fea6390c1167dcc027", + "revCount": 35, + "type": "git", + "url": "ssh://git@github.com/Polensky/prixdugaz" + }, + "original": { + "type": "git", + "url": "ssh://git@github.com/Polensky/prixdugaz" + } + }, "root": { "inputs": { "disko": "disko", + "home-manager": "home-manager", "nix-darwin": "nix-darwin", - "nixpkgs": "nixpkgs_3", + "nixos-hardware": "nixos-hardware", + "nixpkgs": "nixpkgs_2", "noctalia": "noctalia", + "prixdugaz": "prixdugaz", "sops-nix": "sops-nix", "vimix": "vimix" } }, - "rust-overlay": { - "inputs": { - "nixpkgs": [ - "vimix", - "nvf", - "nil", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1741055476, - "narHash": "sha256-52vwEV0oS2lCnx3c/alOFGglujZTLmObit7K8VblnS8=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "aefb7017d710f150970299685e8d8b549d653649", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, "sops-nix": { "inputs": { "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1760998189, - "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=", + "lastModified": 1776119890, + "narHash": "sha256-Zm6bxLNnEOYuS/SzrAGsYuXSwk3cbkRQZY0fJnk8a5M=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3", + "rev": "d4971dd58c6627bfee52a1ad4237637c0a2fb0cd", "type": "github" }, "original": { @@ -351,16 +416,16 @@ }, "systems": { "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", "type": "github" }, "original": { "owner": "nix-systems", - "repo": "default", + "repo": "default-linux", "type": "github" } }, @@ -379,6 +444,43 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "noctalia", + "noctalia-qs", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1775636079, + "narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "vimix": { "inputs": { "flake-parts": "flake-parts", @@ -386,11 +488,11 @@ "nvf": "nvf" }, "locked": { - "lastModified": 1752113669, - "narHash": "sha256-Szf9YJ9u51zK7tGdX39e/7mGjgFX8oa5S/ro6+AoJlY=", + "lastModified": 1777899228, + "narHash": "sha256-BtBQzhkhBEIpPfx6gEOo84tIPQmJecqSE3WyDvCfE3Y=", "owner": "Polensky", "repo": "vimix", - "rev": "7dc2e5e1050ca567809a228eacc8da381778cc05", + "rev": "1bc9e35738fb9dc50ef0935bc9c03f734dd8426b", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 5ac8689..82a4fab 100644 --- a/flake.nix +++ b/flake.nix @@ -10,76 +10,78 @@ url = "github:noctalia-dev/noctalia-shell"; inputs.nixpkgs.follows = "nixpkgs"; }; + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + prixdugaz.url = "git+ssh://git@github.com/Polensky/prixdugaz"; + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; }; - outputs = { - nixpkgs, - nix-darwin, - sops-nix, - disko, - ... - } @ inputs: { - nixosConfigurations = { - default = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; - system = "x86_64-linux"; - modules = [ - ./devices/xps13/configuration.nix - ./modules - ]; + outputs = { nixpkgs, nix-darwin, sops-nix, disko, home-manager + , nixos-hardware, ... }@inputs: { + nixosConfigurations = { + default = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs; }; + system = "x86_64-linux"; + modules = [ + nixos-hardware.nixosModules.dell-xps-13-9370 + ./devices/xps13/configuration.nix + ./modules + ]; + }; + latoure = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs; }; + system = "x86_64-linux"; + modules = [ ./devices/latoure/configuration.nix ./modules ]; + }; + asus = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs; }; + system = "x86_64-linux"; + modules = [ ./devices/asus/configuration.nix ./modules ]; + }; + server = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs; }; + system = "x86_64-linux"; + modules = [ + disko.nixosModules.disko + sops-nix.nixosModules.sops + ./devices/server/configuration.nix + ./modules + inputs.prixdugaz.nixosModules.default + ]; + }; + pi = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs; }; + system = "aarch64-linux"; + modules = [ + "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix" + ./devices/pi/configuration.nix + sops-nix.nixosModules.sops + { + sdImage.compressImage = false; + nixpkgs.overlays = [ + (final: super: { + makeModulesClosure = x: + super.makeModulesClosure (x // { allowMissing = true; }); + }) + ]; + } + ]; + }; }; - latoure = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; - system = "x86_64-linux"; - modules = [ - ./devices/latoure/configuration.nix - ./modules - ]; - }; - asus = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; - system = "x86_64-linux"; - modules = [ - ./devices/asus/configuration.nix - ./modules - ]; - }; - server = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; - system = "x86_64-linux"; - modules = [ - disko.nixosModules.disko - ./devices/server/configuration.nix - ./modules - ]; - }; - pi = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; - system = "aarch64-linux"; - modules = [ - "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix" - ./devices/pi/configuration.nix - sops-nix.nixosModules.sops - { - sdImage.compressImage = false; - nixpkgs.overlays = [ - (final: super: { - makeModulesClosure = x: - super.makeModulesClosure (x // {allowMissing = true;}); - }) - ]; - } - ]; - }; - }; - darwinConfigurations = { - "mbp-m4" = nix-darwin.lib.darwinSystem { - modules = [./devices/macbook/configuration.nix]; - specialArgs = { - inherit inputs; - system = "aarch64-darwin"; + darwinConfigurations = { + "mbp-m4" = nix-darwin.lib.darwinSystem { + modules = [ ./devices/macbook/configuration.nix ]; + specialArgs = { + inherit inputs; + system = "aarch64-darwin"; + }; }; }; }; - }; } diff --git a/modules/default.nix b/modules/default.nix index feec28c..68afca3 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,5 +1 @@ -{...}: { - imports = [ - ./pocketbase.nix - ]; -} +{ ... }: { imports = [ ./pocketbase.nix ]; } diff --git a/modules/pocketbase.nix b/modules/pocketbase.nix index 464c487..d462711 100644 --- a/modules/pocketbase.nix +++ b/modules/pocketbase.nix @@ -1,10 +1,5 @@ -{ - config, - pkgs, - lib, - ... -}: let - cfg = config.services.pocketbase; +{ config, pkgs, lib, ... }: +let cfg = config.services.pocketbase; in { options.services.pocketbase = { enable = lib.mkEnableOption "PocketBase backend"; @@ -12,7 +7,8 @@ in { dataDir = lib.mkOption { type = lib.types.path; default = "/var/lib/pocketbase"; - description = "Working directory containing the PocketBase binary and data."; + description = + "Working directory containing the PocketBase binary and data."; }; openFirewall = lib.mkOption { @@ -47,19 +43,18 @@ in { description = "Log file used for both stdout and stderr."; }; - package = lib.mkPackageOption pkgs "pocketbase" {}; + package = lib.mkPackageOption pkgs "pocketbase" { }; }; config = lib.mkIf cfg.enable { # Optional: ensure the directory exists with proper ownership - systemd.tmpfiles.rules = [ - "d ${cfg.dataDir} 0700 ${cfg.user} ${cfg.group} -" - ]; + systemd.tmpfiles.rules = + [ "d ${cfg.dataDir} 0700 ${cfg.user} ${cfg.group} -" ]; systemd.services.pocketbase = { description = "PocketBase"; - wantedBy = ["multi-user.target"]; - after = ["network.target"]; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; serviceConfig = { Type = "simple"; @@ -71,7 +66,11 @@ in { WorkingDirectory = cfg.dataDir; ExecStart = '' - ${lib.getExe cfg.package} serve --dir ${cfg.dataDir}/pb_data --http=0.0.0.0:${toString cfg.port} + ${ + lib.getExe cfg.package + } serve --dir ${cfg.dataDir}/pb_data --http=0.0.0.0:${ + toString cfg.port + } ''; # Switch to systemd stdout/stderr logging by default @@ -80,8 +79,7 @@ in { StandardError = "append:${cfg.logFile}"; }; }; - networking.firewall = lib.mkIf cfg.openFirewall { - allowedTCPPorts = [cfg.port]; - }; + networking.firewall = + lib.mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.port ]; }; }; } diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 31da3d2..2aeb5f0 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -1,21 +1,37 @@ pi_user_pass: ENC[AES256_GCM,data:X5u07UvEov5eYWks,iv:SPDFU01/5WThCSZjj1pExNZENhmIG2W6LvHfpPH5TS0=,tag:z5bhJ2TrX6Bevd40O1nPxg==,type:str] +luna_telegram_token: ENC[AES256_GCM,data:LWzEamz5SFK4HC+zR+6seTrVsTR0kQGETD6DSHMW3fMeFbUQm6/K+d8mc6Wg7w==,iv:LqvyTIkniNiqEAK76+Uqq4cYHnddmjMId+HQBjHk68o=,tag:knP6aqkLwGeEIAYMyET3Xg==,type:str] +luna_gateway_token: ENC[AES256_GCM,data:NV13qS8Vj0/HcvPM34Z90kFBoezpKeyhYKIWfU8zkHbOK7pHkl8yNACmUBszgjhbP4baqmO61isd94TxN4AjoA==,iv:j+9SfQoRMWeZbCjAm6/D5hwDBLl/0IOyu34DYphWz2o=,tag:od78mpifFMajv9eQfmnp1w==,type:str] +ollama_api_key: ENC[AES256_GCM,data:ZaTeAcipRZBsZ0krHhc/UNZ0+P4AaA2aT3WHGKkg4PaikYB+TWXPGYV+BjTbn2KOXynabwwNwIyT,iv:Po25iPPd7VlYfaYqtDrLEbjZBdJ7af8mgEW8tYgs3iM=,tag:CMl2ECJxRTIB+AFND+9tKQ==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1x8qsd7kxxjvan4psvnvua3r0emljsnq07agxnu6jqw56ky8z6faqyjq0e3 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxN2ZzTUpSeWRWejVxVm4y - dzF3MU9DOTBTZUF0Y3I2SUVURGZCZDBqTVV3ClNwL29hejN2OFdVaHk2TEppNWFj - V3NYcEM4RHNyWUszWFlLa2pXa2FyVmsKLS0tIExOL254cGh4RkJDandqZzJ2RjRi - b3AxOTd2VmdHdXd5c3NNTkJoYW12bUUKbX199Z7jI6nornm0erzm7dSQ+XuxAnXb - glw60TnUSnLUWIHTTx/jVSRR4uO5I6FzxUUfVJ2BMOn/eUNa5BJ70A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzRy9DblE4WnhEc1kvcjcw + ZVBEeVVoRUMxNUZ6Q09QZXdYcEZaSGp0UHpFCnc3UnZOZThLdDYwN05GUjJqYnhK + Z0tZMXo2N0J4R2ZPLzRLcS83QVRBZncKLS0tICs3dDVIV0s2ZTRBQk5wMVE3WjVP + NENYZHlvR3U3Um5XWm90RW01eEM3eHMKewyXEa9TInEFz65LoDo8BHBdjibdYF4r + DGQtPlYF5yuVd8PVMATxMBhs/6hXJLfK2Y54NEeJo2gydyq11Lpm2Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-07T04:04:03Z" - mac: ENC[AES256_GCM,data:7UGKhfZg3SNg1f74nQiax4F7CB8NC12uIpTlQDtb8d1iiu5AdPZHwzlkpXbzkIp26g61pI8qXcvdjmToWjaWzsbUZ2Mo8/HEzOtV8HzxAeQFAyYBhIFAS0q0WzN/yijI7fQeHKnhZ/YCUuHQAZ94bBBSnkVTVOKf6mR7Pu1klr4=,iv:DzOwKxrcJse6yyOw+l7+wgEGBI36HWnebLE7js4VRiE=,tag:BIR67kZzZJZo+Kfie4wIvw==,type:str] - pgp: [] + - recipient: age1y2s7ah49jmhd8n05q7tw0gjcnv3390s0uxp3ewjqueekq7a7rvdqzytgd2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGMlBaWURCSTd6cjRYTTB1 + VWQvTHBFaDgrMFRpb0crRld6ZjVOUXkrb0cwCnFpcE1nSERwUlowRW54SnEwTk9u + S2N1Rm9kUCtWM3pEWmh1aE1HU3oxT1UKLS0tIE5HSXdFT29XazloR0VjVDVqQWVq + RURoYXdtZFh2djVaem15Qjk4UFhBOEEKEjAuKJ8vpVKoBO8ioyH4EcXVmEkfwrQh + JtDzik9QwZgUNdamWu5BhDlNA1Jmu87VYchhR4CXIS5OG4ticUqr7g== + -----END AGE ENCRYPTED FILE----- + - recipient: age107mmu7nkjfpm7ygp25zpj69m06ftckc9gh7a37umkjq0y7ac34msd6uj3u + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBodExKajhTZzRZdWlXWG9n + V09sRDZrK0gvaDI4TmtzUmR0cUF0OFl1OGxJCmNUMk5aWkV3LzYzeTJJMDFlR0p4 + Qlp0STk4dFN3WGswb05BRHlOQit2VGMKLS0tIGJTVkp0Y1Yrd2pqMm1yUlJaYkMy + TzlCMWpMQ1hRMTRObWNyN2Q0YWtsZmcKFHVmvu6U0Qw+EUsBEmdST2cyQ3rZyh6w + 62vmALGxE2NWDYQmwtHJmYqeO14HHEDclUErQiCmUt+hLgOLF2MxwA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-04-09T02:00:03Z" + mac: ENC[AES256_GCM,data:2/JIsd2iOg2yTMzxwnVuk1pKxNJy80g09SgcCLLP0rwziKNORELQw5z8ipgVxRee2irqPSNFsAPfvjQFnq3nGOKuf1zbSATOzt4yySWigS7Q7il1OEtf6rdNXPruTQU+R8R3ZpqE0IhYZ1iPyCU+vIlBdHzgLEThdnQeWE3XvAc=,iv:Xc7uCgvHysg3w/fAC1aPLozU1tROcywRlWQLS/kUCYQ=,tag:c5NF6cjqaCJ8r6tfPVuUxw==,type:str] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.11.0