all: switch from barrier to rkvm

configs/smug.nix

@@ -56,9 +56,9 @@ in
             ];
           }
           {
-            name = "Barrier";
+            name = "KVM";
             commands = [
-              "barriers -a 127.0.0.1 -f --disable-crypto"
+              "sudo rkvm-server /etc/rkvm/server.toml"
             ];
             panes = [
               {

flake.lock

@@ -562,11 +562,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1707101062,
-        "narHash": "sha256-2GJWMoIzetP6isvu62XBoeLMG00x6QkjuY9w51pSC8s=",
+        "lastModified": 1709134824,
+        "narHash": "sha256-vBuZkJoM8JqThSO/TntmzjngnHsthqRZltt5gWpVmJk=",
         "ref": "main",
-        "rev": "e358f0a9ba75dba44b5b7853a6387c7e8a67ae26",
-        "revCount": 126,
+        "rev": "86158f5100491f8701cf3ff057bc6e958c71d2e5",
+        "revCount": 128,
         "type": "git",
         "url": "ssh://xin-secrets-ro/qbit/xin-secrets.git"
       },

hosts/europa/default.nix

@@ -9,9 +9,6 @@ let
   inherit (inputs.stable.legacyPackages.${pkgs.system}) chirp beets;
   inherit (builtins) readFile;
   inherit (xinlib) jobToUserService;
-  #doom-emacs = inputs.nix-doom-emacs.packages.${pkgs.system}.default.override {
-  #  doomPrivateDir = ../../configs/doom.d;
-  #};
   peerixUser =
     if builtins.hasAttr "peerix" config.users.users
     then config.users.users.peerix.name
@@ -36,6 +33,7 @@ let
       path = [ pkgs.taskobs ] ++ pkgs.taskobs.buildInputs;
     }
   ];
+  rkvmTomlFmt = pkgs.formats.toml { };
 in
 {
   _module.args.isUnstable = true;
@@ -43,6 +41,18 @@ in
   imports = [ ./hardware-configuration.nix ../../pkgs ];
 
   sops.secrets = {
+    rkvm_cert = {
+      sopsFile = config.xin-secrets.europa.qbit;
+      owner = "root";
+      group = "wheel";
+      mode = "400";
+    };
+    rkvm_key = {
+      sopsFile = config.xin-secrets.europa.qbit;
+      owner = "root";
+      group = "wheel";
+      mode = "400";
+    };
     fastmail = {
       sopsFile = config.xin-secrets.europa.qbit;
       owner = "qbit";
@@ -304,7 +314,19 @@ in
   ];
 
   environment = {
-    etc."barrier.conf" = { text = readFile ../../configs/barrier.conf; };
+    etc."rkvm/server.toml" = {
+      text = readFile
+        (rkvmTomlFmt.generate "server.toml" {
+          listen = "127.0.0.1:24800";
+          switch-keys = [
+            "caps-lock"
+            "left-alt"
+          ];
+          certificate = "${config.sops.secrets.rkvm_cert.path}";
+          key = "${config.sops.secrets.rkvm_key.path}";
+          password = "fake";
+        });
+    };
     sessionVariables = {
       XDG_BIN_HOME = "\${HOME}/.local/bin";
       XDG_CACHE_HOME = "\${HOME}/.cache";
@@ -318,7 +340,6 @@ in
 
     systemPackages = with pkgs; [
       arduino
-      barrier
       beets # stable
       calibre
       chirp # stable

hosts/stan/default.nix

@@ -19,9 +19,7 @@ let
     if builtins.hasAttr "peerix" config.users.users
     then config.users.users.peerix.name
     else "root";
-  #doom-emacs = inputs.nix-doom-emacs.packages.${pkgs.system}.default.override {
-  #  doomPrivateDir = ../../configs/doom.d;
-  #};
+  rkvmTomlFmt = pkgs.formats.toml { };
 in
 {
   _module.args.isUnstable = true;
@@ -122,6 +120,12 @@ in
   sshFidoAgent.enable = true;
 
   sops.secrets = {
+    rkvm_cert = {
+      sopsFile = config.xin-secrets.stan.main;
+      owner = "root";
+      group = "wheel";
+      mode = "400";
+    };
     vm_pass = {
       sopsFile = config.xin-secrets.stan.main;
       owner = "root";
@@ -177,7 +181,6 @@ in
       };
     };
     systemPackages = with pkgs; [
-      barrier
       fzf
       google-chrome
       ispell
@@ -265,6 +268,14 @@ in
   };
 
   services = {
+    rkvm.client = {
+      enable = true;
+      settings = {
+        certificate = "${config.sops.secrets.rkvm_cert.path}";
+        password = "fake";
+        server = "127.0.0.1:24800";
+      };
+    };
     restic = {
       backups = {
         remote = {