diff --git a/configs/alacritty.nix b/configs/alacritty.nix new file mode 100644 index 0000000..678c978 --- /dev/null +++ b/configs/alacritty.nix @@ -0,0 +1,30 @@ +{ pkgs, ... }: +let + settings = { + font = { + normal = { + family = "Go Mono"; + }; + size = 6; + }; + + colors = { + primary = { + background = "#ffffea"; + foreground = "#000000"; + }; + }; + }; + settingsFormat = pkgs.formats.toml { }; + settingsFile = settingsFormat.generate "alacritty.toml" settings; +in +{ + config = { + environment = { + etc = { + "xdg/alacritty/alacritty.toml".text = builtins.readFile settingsFile; + }; + }; + fonts = { packages = with pkgs; [ go-font ]; }; + }; +} diff --git a/configs/default.nix b/configs/default.nix index efa925d..94ac843 100644 --- a/configs/default.nix +++ b/configs/default.nix @@ -1,18 +1,20 @@ { ... }: { imports = [ + ./alacritty.nix ./ca.nix ./ci.nix ./colemak.nix ./dns.nix ./doas.nix ./git.nix - ./neovim.nix - ./peerix.nix ./manager.nix - ./tmux.nix + ./neovim.nix ./net-overlay.nix - ./zsh.nix ./nix.nix + ./peerix.nix + ./polybar.nix + ./tmux.nix ./update.nix + ./zsh.nix ]; } diff --git a/configs/hardened.nix b/configs/hardened.nix index b882c0a..86c49bb 100644 --- a/configs/hardened.nix +++ b/configs/hardened.nix @@ -1,7 +1,7 @@ { lib, ... }: with lib; { environment = { - memoryAllocator.provider = mkDefault "scudo"; + memoryAllocator.provider = mkDefault "libc"; variables.SCUDO_OPTIONS = mkDefault "ZeroContents=1"; }; diff --git a/configs/polybar.nix b/configs/polybar.nix new file mode 100644 index 0000000..bed0d4a --- /dev/null +++ b/configs/polybar.nix @@ -0,0 +1,125 @@ +{ pkgs, ... }: +let + barBase = { + background = "\${colors.background}"; + foreground = "\${colors.foreground}"; + + border-color = "#DEDeff"; + border-size = "2pt"; + + width = "100%"; + height = "24pt"; + + enable-ipc = true; + + font-0 = "Go Mono;3"; + + line-size = "3pt"; + module-margin = 1; + padding = 2; + radius = 15; + separator = "|"; + + modules-left = "xworkspaces"; + modules-right = "wifi ethernet memory cpu battery date"; + }; + settings = { + colors = { + background = "#ffffea"; + background-alt = "#373B41"; + foreground = "#000000"; + primary = "#F0C674"; + secondary = "#8ABEB7"; + alert = "#A54242"; + disabled = "#707880"; + }; + + "module/cpu" = { + type = "internal/cpu"; + interval = 2; + format-prefix = "CPU: "; + label = "%percentage:2%%"; + }; + + "module/date" = { + type = "internal/date"; + interval = 1; + + date = "%H:%M"; + date-alt = "%Y-%m-%d %H:%M:%S"; + + label = "%date%"; + }; + + "module/memory" = { + type = "internal/memory"; + interval = 2; + format-prefix = "RAM: "; + label = "%percentage_used:2%%"; + }; + + "module/xworkspaces" = { + type = "internal/xworkspaces"; + }; + + "module/xwindow" = { + type = "internal/xwindow"; + }; + + "module/systray" = { + type = "internal/tray"; + }; + + "module/battery" = { + type = "internal/battery"; + full-at = 99; + low-at = 5; + + # $ ls -1 /sys/class/power_supply/ + battery = "BAT1"; + adapter = "ACAD"; + + poll-interval = 5; + + time-format = "%H:%M"; + + label-charging = "+%percentage%%"; + label-discharging = "-%percentage%%"; + label-low = "BATTERY LOW"; + }; + + "module/wifi" = { + type = "internal/network"; + interface-type = "wireless"; + + accumulate-stats = true; + + label-connected = "%essid% %netspeed%"; + }; + + "module/ethernet" = { + type = "internal/network"; + interface-type = "wired"; + + accumulate-stats = true; + + label-connected = "%netspeed%"; + }; + + "bar/europa" = barBase // { }; + "bar/clunk" = barBase // { }; + }; + settingsFormat = pkgs.formats.ini { }; + settingsFile = settingsFormat.generate "polybar-config.ini" settings; +in +{ + config = { + environment = { + systemPackages = [ pkgs.polybar ]; + etc = { + "xdg/polybar/config.ini".text = builtins.readFile settingsFile; + }; + }; + fonts = { packages = [ pkgs.go-font ]; }; + }; +} diff --git a/flake.lock b/flake.lock index 1f3dce7..0d5d290 100644 --- a/flake.lock +++ b/flake.lock @@ -43,11 +43,11 @@ ] }, "locked": { - "lastModified": 1705452289, - "narHash": "sha256-i/WodLabBcmRr9hdSv5jzDigL1hRYuI8vNh+xTbGt+g=", + "lastModified": 1706581965, + "narHash": "sha256-1H7dRdK9LJ7+2X1XQtbwXr+QMqtVVo/ZF0/LIvkjdK8=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "74ab0227ee495e526f2dd57ea684b34f6396445a", + "rev": "91b9daf672c957ef95a05491a75f62e6a01d5aaf", "type": "github" }, "original": { @@ -110,11 +110,11 @@ ] }, "locked": { - "lastModified": 1700085029, - "narHash": "sha256-lxI1Lubo3tG3GeMVIPXM+TXBPTEtTZFVUrxWcIBzRbQ=", + "lastModified": 1706538267, + "narHash": "sha256-1LKxeGiH18qTf5uyQowEHpd0+ytXs8s0MspLxXelXzM=", "owner": "qbit", "repo": "gostart", - "rev": "650550af32e0d001e0728fe3b95aaa0be8ed8f45", + "rev": "06238dbfc214e7cd8663d199ec9b2cb2f727a5c1", "type": "github" }, "original": { @@ -161,11 +161,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1705312285, - "narHash": "sha256-rd+dY+v61Y8w3u9bukO/hB55Xl4wXv4/yC8rCGVnK5U=", + "lastModified": 1706182238, + "narHash": "sha256-Ti7CerGydU7xyrP/ow85lHsOpf+XMx98kQnPoQCSi1g=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "bee2202bec57e521e3bd8acd526884b9767d7fa0", + "rev": "f84eaffc35d1a655e84749228cde19922fcf55f1", "type": "github" }, "original": { @@ -361,11 +361,11 @@ ] }, "locked": { - "lastModified": 1705356877, - "narHash": "sha256-274jL1cH64DcXUXebVMZBRUsTs3FvFlPIPkCN/yhSnI=", + "lastModified": 1706410821, + "narHash": "sha256-iCfXspqUOPLwRobqQNAQeKzprEyVowLMn17QaRPQc+M=", "owner": "Mic92", "repo": "sops-nix", - "rev": "87755331580fdf23df7e39b46d63ac88236bf42c", + "rev": "73bf36912e31a6b21af6e0f39218e067283c67ef", "type": "github" }, "original": { @@ -376,11 +376,11 @@ }, "stable": { "locked": { - "lastModified": 1705524007, - "narHash": "sha256-XyjcYXCJBO9cshjp98d8aG/DAgu0gPFBBWvgHPiwt7E=", + "lastModified": 1706625233, + "narHash": "sha256-DLlMXRloZm22UvHa1F3K1Perd0PhSmtlCUglyjIwlek=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ad9669c74e7ef4f6a13040851fef9aa05f8ceb7b", + "rev": "5b8cd3c2523ab08051ef5d5a5f8164aee3e67410", "type": "github" }, "original": { @@ -392,10 +392,10 @@ }, "stable_2": { "locked": { - "lastModified": 1702161203, - "narHash": "sha256-nq40oP9Pk/bC9/3ShxUah2FWsyHcObtS2NU5rV8shXY=", - "path": "/nix/store/2mk1z2xf4v5rnpml75gbmgv6bv6i4nig-source", - "rev": "901fc6ea49ca9e9bbf636c48e2611588802e7b16", + "lastModified": 1706176172, + "narHash": "sha256-+kOLrH4DNw6EMITqXosMqoQUyIGWTMYVYcqALP8+PPc=", + "path": "/nix/store/a2y0kc4g4xlxg5r50565y45734q4mssd-source", + "rev": "72d28a6d71c30f0242c18317520bc3f4d822e794", "type": "path" }, "original": { @@ -450,11 +450,11 @@ ] }, "locked": { - "lastModified": 1700230166, - "narHash": "sha256-4C3zisZ2YZRUzWagNgbKnLjSP2W1lCdqDvusuF7LFeQ=", + "lastModified": 1706541995, + "narHash": "sha256-H08lKKLU3db/USh17x2sD6f6Zf5tRr0r3cFQEMHF3vQ=", "owner": "qbit", "repo": "ts-reverse-proxy", - "rev": "4a932dae8d68ed4de61b8d2c9d096127171cbf48", + "rev": "32dcd0f1a301833230b003efb84b148ba39230b2", "type": "github" }, "original": { @@ -470,11 +470,11 @@ ] }, "locked": { - "lastModified": 1702158663, - "narHash": "sha256-GaNzTaOuFk3oWQnPugtXsAW/BUxLDna9O2MGjeSYamg=", + "lastModified": 1706542526, + "narHash": "sha256-L0+rDINoY9fpSpn+Xf0LZfF4ItbKi3snLTXgvm0SUyQ=", "owner": "qbit", "repo": "tsvnstat", - "rev": "8503704a62b535db058dc499233e6045ee2bd53f", + "rev": "163b4b642e4c44a4929d3a8d17179436b6739451", "type": "github" }, "original": { @@ -485,11 +485,11 @@ }, "unstable": { "locked": { - "lastModified": 1705556346, - "narHash": "sha256-2+ZUEFCKlctTsut81S84xkCccMsZLLX7DA/U3xZ3BqY=", + "lastModified": 1706672657, + "narHash": "sha256-API05c0SDZrmzz1wpqt/K3iCwlaOqDeDfZGp0YGQnek=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cefcf19e1c6d4255b2aede5535d04064f6917e9b", + "rev": "632751bf0ceeefc74af7a9d2335ea923ad9c831a", "type": "github" }, "original": { @@ -500,11 +500,11 @@ }, "unstableSmall": { "locked": { - "lastModified": 1705429789, - "narHash": "sha256-7gQju9WiToi7wI6oahTXiqwJu2RZoV0cg8OGa9YhEvw=", + "lastModified": 1706631780, + "narHash": "sha256-prq+Rk/1drYmoG5Xm/ttzyYux2NNn5ZGX0Lt3j69VBo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cc3ab0e45687d15cb21663a95f5a53a05abd39e4", + "rev": "d3c09ae008dbb08a238aadfad70d5a168bc63e29", "type": "github" }, "original": { @@ -516,11 +516,11 @@ }, "unstable_2": { "locked": { - "lastModified": 1702397419, - "narHash": "sha256-CBMSwZHT7GLq2JdOPWAVDBaYFbUHWD1+jPFrYk0JeLM=", + "lastModified": 1706278372, + "narHash": "sha256-SYceUQX1wjDQQsdws5MjNOWXE79GESFp/9uc4w3tZDo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "73ca2df642228129df7a968bad6499732dbc7ddd", + "rev": "6081df2649d246e60d9d0165c79bea8ac3a97816", "type": "github" }, "original": { @@ -553,11 +553,11 @@ "unstable": "unstable_2" }, "locked": { - "lastModified": 1703787975, - "narHash": "sha256-KCIiOu/LU3juaw+MipIsJOWkwU1QlIMlQZ+JuKEoRhY=", + "lastModified": 1706280764, + "narHash": "sha256-hvqQwniv9DTXHHf9wXdSus5aaZUMX+cPjm0BU5sT4cI=", "ref": "main", - "rev": "0934337798b36835864df2fe8298aeb86a7bbc6c", - "revCount": 121, + "rev": "28c6b8651be883f28933d2646221098394c1fdab", + "revCount": 125, "type": "git", "url": "ssh://xin-secrets-ro/qbit/xin-secrets.git" }, @@ -574,11 +574,11 @@ ] }, "locked": { - "lastModified": 1699892883, - "narHash": "sha256-ilSljUKveIjUd0dHJhZiAZ3rwKqO7ZBslvBsPEzQ7/U=", + "lastModified": 1706533372, + "narHash": "sha256-hKUfvEYQWSfb9y99wUE4V8qqKbkCTlP+P9rpJLMZhZQ=", "owner": "qbit", "repo": "xintray", - "rev": "fd0dbedf136831e5eefd4fceaf8ad1f973c084e0", + "rev": "2db51608995317dcae33c450a2cabf6580cb8210", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 1490fbc..c117cac 100644 --- a/flake.nix +++ b/flake.nix @@ -218,6 +218,7 @@ europa = buildSys "x86_64-linux" unstable [ nixos-hardware.nixosModules.framework-11th-gen-intel ] "europa"; + clunk = buildSys "x86_64-linux" unstable [ ] "clunk"; pwntie = buildSys "x86_64-linux" stable [ ] "pwntie"; stan = buildSys "x86_64-linux" unstable [ nixos-hardware.nixosModules.framework-11th-gen-intel @@ -393,7 +394,7 @@ checks = let - buildList = [ "europa" "stan" "h" "box" "faf" "weather" ]; + buildList = [ "europa" "stan" "h" "box" "faf" "weather" "clunk" ]; in with unstable.lib; foldl' recursiveUpdate { } (mapAttrsToList diff --git a/gui/default.nix b/gui/default.nix index 45cfc3f..ac8633f 100644 --- a/gui/default.nix +++ b/gui/default.nix @@ -102,6 +102,7 @@ with lib; { SSH_AUTH_SOCK = "$HOME/.traygent"; }; systemPackages = with pkgs; (xinlib.filterList [ + alacritty bc beyt black diff --git a/hosts/box/default.nix b/hosts/box/default.nix index f611a94..98806a4 100644 --- a/hosts/box/default.nix +++ b/hosts/box/default.nix @@ -1,7 +1,6 @@ { config , lib , pkgs -, isUnstable , xinlib , ... }: @@ -207,15 +206,17 @@ in # "services/home-automation/home-assistant.nix" #]; - environment.systemPackages = with pkgs; [ - tmux - mosh - apg - git - signify - glowing-bear - rtl_433 - ]; + environment = { + systemPackages = with pkgs; [ + tmux + mosh + apg + git + signify + glowing-bear + rtl_433 + ]; + }; security.acme = { acceptTerms = true; @@ -512,7 +513,7 @@ in fwupd.enable = true; zfs = { - autoSnapshot={ + autoSnapshot = { enable = true; daily = 3; hourly = 8; diff --git a/hosts/clunk/default.nix b/hosts/clunk/default.nix new file mode 100644 index 0000000..d424ddf --- /dev/null +++ b/hosts/clunk/default.nix @@ -0,0 +1,90 @@ +{ pkgs +, ... +}: +let + pubKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa" + ]; +in +{ + _module.args.isUnstable = true; + imports = [ + ./hardware-configuration.nix + ]; + + hardware.rtl-sdr.enable = true; + + boot = { + loader.grub = { + enable = true; + devices = [ + "/dev/disk/by-id/wwn-0x5001b448be78d64a" + ]; + }; + kernelPackages = pkgs.linuxPackages_latest; + }; + nixpkgs.config.allowUnsupportedSystem = true; + + networking = { + hostName = "clunk"; + networkmanager.enable = true; + firewall = { + enable = true; + allowedTCPPorts = [ 22 ]; + checkReversePath = "loose"; + }; + }; + + environment.systemPackages = with pkgs; [ + alacritty + direwolf + polybar + python3 + python3Packages.nomadnet + python3Packages.rns + rofi + rtl-sdr + tncattach + + # no GLSL ES 3.10 + # (callPackage ../../pkgs/zutty.nix { }) + ]; + + services = { + fwupd = { + enable = true; + enableTestRemote = true; + }; + xserver = { + enable = true; + + displayManager.lightdm.enable = true; + + videoDrivers = [ "intel" ]; + deviceSection = '' + Option "DRI" "2" + Option "TearFree" "true" + ''; + + libinput.enable = true; + + windowManager.xmonad = { + enable = true; + extraPackages = haskellPackages: with haskellPackages; [ xmonad-contrib hostname ]; + config = builtins.readFile ./xmonad.hs; + }; + }; + }; + + users = { + users = { + root = { openssh.authorizedKeys.keys = pubKeys; }; + qbit = { + openssh.authorizedKeys.keys = pubKeys; + extraGroups = [ "dialout" "libvirtd" "plugdev" ]; + }; + }; + }; + + system.stateVersion = "22.11"; +} diff --git a/hosts/clunk/hardware-configuration.nix b/hosts/clunk/hardware-configuration.nix new file mode 100644 index 0000000..7bf8d10 --- /dev/null +++ b/hosts/clunk/hardware-configuration.nix @@ -0,0 +1,31 @@ +{ config, lib, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + initrd = { + availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "usb_storage" "ums_realtek" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ ]; + extraModulePackages = [ ]; + }; + + fileSystems."/" = + { + device = "/dev/disk/by-uuid/d97f80ac-63fe-43d3-a3f5-3c385a41a068"; + fsType = "ext4"; + }; + + swapDevices = + [{ device = "/dev/disk/by-uuid/b70a6cac-996e-4a05-a3d0-17c7acf90f08"; }]; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/clunk/xmonad.hs b/hosts/clunk/xmonad.hs new file mode 100644 index 0000000..d9b6cd5 --- /dev/null +++ b/hosts/clunk/xmonad.hs @@ -0,0 +1,142 @@ +{-# LANGUAGE QuasiQuotes #-} + +import qualified Data.Map as M +import Data.Monoid +import Network.HostName +import XMonad +import XMonad.Actions.CycleWS +import XMonad.Hooks.EwmhDesktops +import XMonad.Hooks.ManageDocks +import XMonad.Hooks.UrgencyHook +import XMonad.Layout.Decoration +import XMonad.Layout.LayoutModifier +import XMonad.Layout.Simplest (Simplest(..)) +import XMonad.Layout.Spacing +import XMonad.Layout.SubLayouts +import XMonad.Layout.Tabbed +import XMonad.Layout.WindowNavigation +import qualified XMonad.StackSet as W +import XMonad.Util.EZConfig +import XMonad.Util.NamedWindows +import XMonad.Util.Run +import XMonad.Util.SpawnOnce + +data LibNotifyUrgencyHook = + LibNotifyUrgencyHook + deriving (Read, Show) + +instance UrgencyHook LibNotifyUrgencyHook where + urgencyHook LibNotifyUrgencyHook w = do + name <- getName w + Just idx <- fmap (W.findTag w) $ gets windowset + safeSpawn "notify-send" [show name, "workspace " ++ idx] + +main :: IO () +main = do + hostname <- getHostName + xmonad $ + ewmh $ + withUrgencyHook LibNotifyUrgencyHook $ + def + { normalBorderColor = "#666666" + , focusedBorderColor = "darkgrey" + , focusFollowsMouse = False + , terminal = "alacritty" + , workspaces = myWorkspaces + , startupHook = myStartupHook hostname + , layoutHook = myLayoutHook + , keys = \c -> myKeys c `M.union` XMonad.keys def c + , manageHook = manageDocks <+> myManageHook <+> manageHook def + } `removeKeysP` + ["M-p"] -- don't clober emacs. + +myKeys :: XConfig t -> M.Map (KeyMask, KeySym) (X ()) +myKeys (XConfig {XMonad.modMask = modm}) = + M.fromList + [ ((modm .|. shiftMask, xK_Right), shiftToNext) + , ((modm .|. shiftMask, xK_Left), shiftToPrev) + , ((modm, xK_r), spawn "rofi -show run") + , ((modm .|. controlMask, xK_h), sendMessage $ pullGroup L) + , ((modm .|. controlMask, xK_l), sendMessage $ pullGroup R) + , ((modm .|. controlMask, xK_k), sendMessage $ pullGroup U) + , ((modm .|. controlMask, xK_j), sendMessage $ pullGroup D) + , ((modm .|. controlMask, xK_m), withFocused (sendMessage . MergeAll)) + , ((modm .|. controlMask, xK_u), withFocused (sendMessage . UnMerge)) + , ((modm .|. controlMask, xK_period), onGroup W.focusUp') + , ((modm .|. controlMask, xK_comma), onGroup W.focusDown') + ] + +myWorkspaces :: [String] +myWorkspaces = + clickable $ ["main", "2", "3", "4", "5", "6", "7", "8", "console"] + where + clickable l = + [ "%{A1:xdotool key alt+" ++ show (n) ++ "&:}" ++ ws ++ "%{A}" + | (i, ws) <- zip [1 :: Int .. 9 :: Int] l + , let n = i + ] + +myTabTheme :: Theme +myTabTheme = + def + { activeTextColor = "#000" + , activeColor = "#ffffea" + , inactiveColor = "#dedeff" + , urgentBorderColor = "red" + } + +myLayoutHook :: + XMonad.Layout.LayoutModifier.ModifiedLayout + WindowNavigation + (XMonad.Layout.LayoutModifier.ModifiedLayout + (XMonad.Layout.Decoration.Decoration + XMonad.Layout.Tabbed.TabbedDecoration + XMonad.Layout.Decoration.DefaultShrinker) + (XMonad.Layout.LayoutModifier.ModifiedLayout + (Sublayout Simplest) + (XMonad.Layout.LayoutModifier.ModifiedLayout + Spacing + (Choose + (XMonad.Layout.LayoutModifier.ModifiedLayout + (XMonad.Layout.Decoration.Decoration + XMonad.Layout.Tabbed.TabbedDecoration + XMonad.Layout.Decoration.DefaultShrinker) + (XMonad.Layout.LayoutModifier.ModifiedLayout + (Sublayout Simplest) + Tall)) + (Choose + (Mirror + (XMonad.Layout.LayoutModifier.ModifiedLayout + (XMonad.Layout.Decoration.Decoration + XMonad.Layout.Tabbed.TabbedDecoration + XMonad.Layout.Decoration.DefaultShrinker) + (XMonad.Layout.LayoutModifier.ModifiedLayout + (Sublayout Simplest) + Tall))) + Full))))) + Window +myLayoutHook = + windowNavigation $ + subTabbed $ + spacingRaw True (Border 30 5 5 5) True (Border 10 10 10 10) True $ + (tiled ||| Mirror tiled ||| Full) + where + tiled = + addTabs shrinkText myTabTheme . subLayout [] Simplest $ + Tall nmaster delta ratio + nmaster = 1 + ratio = 0.5 + delta = 0.03 + +myManageHook :: Query (Data.Monoid.Endo WindowSet) +myManageHook = + composeAll + [ className =? "mpv" --> doFloat + , className =? "VLC" --> doFloat + , className =? "Pinentry-gtk-2" --> doFloat + , className =? "Pinentry-gnome3" --> doFloat + , className =? "XConsole" --> doF (W.shift (myWorkspaces !! 8)) + ] + +myStartupHook hostname = do + spawn ("pkill polybar; polybar " ++ hostname) diff --git a/hosts/europa/default.nix b/hosts/europa/default.nix index 19130f6..3490b22 100644 --- a/hosts/europa/default.nix +++ b/hosts/europa/default.nix @@ -413,6 +413,7 @@ in tea thunderbird tigervnc + tncattach unzip veilid virt-manager diff --git a/hosts/h/default.nix b/hosts/h/default.nix index 5d648fb..b20f634 100644 --- a/hosts/h/default.nix +++ b/hosts/h/default.nix @@ -72,6 +72,13 @@ in kernelParams = [ "net.ifnames=0" ]; }; + nix = { + settings = { + allowed-users = lib.mkForce [ "root" ]; + trusted-users = lib.mkForce [ "root" ]; + }; + }; + tailscale.sshOnly = true; nixpkgs.overlays = [ @@ -218,7 +225,6 @@ in }; environment = { - memoryAllocator.provider = "libc"; systemPackages = with pkgs; [ inetutils @@ -236,6 +242,7 @@ in zonemaster-cli sqlite + python3Packages.nomadnet ]; }; diff --git a/hosts/stan/default.nix b/hosts/stan/default.nix index 728dbdc..a55912d 100644 --- a/hosts/stan/default.nix +++ b/hosts/stan/default.nix @@ -133,6 +133,21 @@ in group = "wheel"; mode = "400"; }; + restic_password_file = { + sopsFile = config.xin-secrets.stan.main; + owner = "root"; + mode = "400"; + }; + restic_env_file = { + sopsFile = config.xin-secrets.stan.main; + owner = "root"; + mode = "400"; + }; + restic_repo_file = { + sopsFile = config.xin-secrets.stan.main; + owner = "root"; + mode = "400"; + }; }; users.users.root = userBase; @@ -193,6 +208,20 @@ in }; services = { + restic = { + backups = { + remote = { + initialize = true; + environmentFile = "${config.sops.secrets.restic_env_file.path}"; + passwordFile = "${config.sops.secrets.restic_password_file.path}"; + repositoryFile = "${config.sops.secrets.restic_repo_file.path}"; + + paths = [ "/home/abieber" ]; + + pruneOpts = [ "--keep-daily 7" "--keep-weekly 2" "--keep-monthly 2" ]; + }; + }; + }; rsyslogd = { enable = testingMode; defaultConfig = '' diff --git a/hosts/stan/hardware-configuration.nix b/hosts/stan/hardware-configuration.nix index d74e53f..173efed 100644 --- a/hosts/stan/hardware-configuration.nix +++ b/hosts/stan/hardware-configuration.nix @@ -1,5 +1,4 @@ { pkgs -, config , lib , modulesPath , ... diff --git a/overlays/default.nix b/overlays/default.nix index 99019a4..d7041e3 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -4,52 +4,17 @@ }: let inherit (xinlib) prIsOpen; - tailscale = prIsOpen.overlay 0 import ./tailscale.nix; matrix-synapse = prIsOpen.overlay 0 (import ./matrix-synapse.nix); heisenbridge = prIsOpen.overlay 0 (import ./heisenbridge.nix); in { - nixpkgs.overlays = - if isUnstable + nixpkgs.overlays = [ heisenbridge ] ++ + (if isUnstable then [ - tailscale - heisenbridge - (_: super: { - cloud-hypervisor = super.cloud-hypervisor.overrideAttrs (_: { - cargoTestFlags = [ "--bins" ]; - }); - }) - (_: super: { - clementine = super.clementine.overrideAttrs (_: { - patches = [ - (super.fetchpatch { - name = "clementine-di-radio-fix.diff"; - url = "https://patch-diff.githubusercontent.com/raw/clementine-player/Clementine/pull/7217.diff"; - hash = "sha256-kaKc2YFkXJRPibbKbBCHvlm6Y/H9zS83ohMxtUNUFlM="; - }) - ]; - }); - }) ] else [ - #rex - (_: super: { - python3 = super.python3.override { - packageOverrides = _: python-super: { - pillow = python-super.pillow.overrideAttrs (_: rec { - version = "10.0.1"; - src = python-super.fetchPypi { - pname = "Pillow"; - inherit version; - hash = "sha256-1ylnsGvpMA/tXPvItbr87sSL983H2rZrHSVJA1KHGR0="; - }; - }); - }; - }; - }) matrix-synapse - heisenbridge - ]; + ]); } # Example Python dep overlay # (self: super: { diff --git a/pkgs/sliding-sync.nix b/pkgs/sliding-sync.nix index a714d08..3252294 100644 --- a/pkgs/sliding-sync.nix +++ b/pkgs/sliding-sync.nix @@ -6,13 +6,13 @@ with lib; buildGoModule rec { pname = "sliding-sync"; - version = "0.99.14"; + version = "0.99.15"; src = fetchFromGitHub { owner = "matrix-org"; repo = pname; rev = "v${version}"; - hash = "sha256-C6osjpmz6cpqtzi2GEkLgNeXsF/Cfj9p1pPqYqxVg3Y="; + hash = "sha256-9JYR9fBxtv+3E+l+l26jryqEstnOUm657VsKsDRzD9g="; }; vendorHash = "sha256-THjvc0TepIBFOTte7t63Dmadf3HMuZ9m0YzQMI5e5Pw=";