diff --git a/flake.nix b/flake.nix index 5a10dea..3e81b04 100644 --- a/flake.nix +++ b/flake.nix @@ -39,7 +39,7 @@ url = "github:abenz1267/walker"; inputs.nixpkgs.follows = "nixpkgs"; }; - mysecrets.url = "path:/home/user/nix-secrets"; + mysecrets.url = "git+ssh://gitea@gitea.linerds.us/unexplrd/nix-secrets"; mysecrets.flake = false; }; diff --git a/hosts/eldrid/configuration.nix b/hosts/eldrid/configuration.nix index d3c9b7f..fc53041 100644 --- a/hosts/eldrid/configuration.nix +++ b/hosts/eldrid/configuration.nix @@ -2,6 +2,7 @@ { pkgs, inputs, + config, ... }: { imports = with inputs; [ @@ -13,13 +14,29 @@ ./programs.nix ./stylix.nix ./users.nix + ./sops.nix ]; desktop = { hyprland.enable = true; }; - nix.settings.experimental-features = ["nix-command" "flakes"]; + nix = { + settings.experimental-features = ["nix-command" "flakes"]; + distributedBuilds = true; + settings.builders-use-substitutes = true; + buildMachines = [ + { + hostName = "dunamis"; + sshUser = "remotebuild"; + system = "x86_64-linux"; + sshKey = config.sops.secrets."ssh-private-eldrid-rmbuild".path; + supportedFeatures = ["nixos-test" "big-parallel" "kvm" "benchmark"]; + publicHostKey = builtins.readFile "${inputs.mysecrets}/ssh/ssh_host_ed25519_dunamis.base64"; + } + ]; + }; + system.stateVersion = "25.05"; time.timeZone = "Europe/Kyiv"; diff --git a/hosts/eldrid/programs.nix b/hosts/eldrid/programs.nix index 3abc859..9cbccdc 100644 --- a/hosts/eldrid/programs.nix +++ b/hosts/eldrid/programs.nix @@ -10,8 +10,9 @@ clean.extraArgs = "--keep-since 7d --keep 3"; flake = "/home/user/.config/nixos"; }; + programs.fish.enable = true; environment.systemPackages = with pkgs; [ helix - nushell + # nushell ]; } diff --git a/hosts/eldrid/sops.nix b/hosts/eldrid/sops.nix new file mode 100644 index 0000000..e1d6b29 --- /dev/null +++ b/hosts/eldrid/sops.nix @@ -0,0 +1,25 @@ +{inputs, ...}: let + secretsPath = builtins.toString inputs.mysecrets; +in { + imports = [ + inputs.sops-nix.nixosModules.sops + ]; + + sops = { + age = { + sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + keyFile = "/var/lib/sops-nix/key.txt"; + generateKey = true; + }; + defaultSopsFile = "${secretsPath}/secrets.yaml"; + secrets = { + "user-password-hashed" = {}; + "ssh-private-eldrid-rmbuild" = {}; + "ssh-private-eldrid-user" = { + path = "/home/user/.ssh/id_ed25519"; + mode = "0400"; + owner = "user"; + }; + }; + }; +} diff --git a/hosts/eldrid/stylix.nix b/hosts/eldrid/stylix.nix index 1546c18..26af5d3 100644 --- a/hosts/eldrid/stylix.nix +++ b/hosts/eldrid/stylix.nix @@ -12,14 +12,18 @@ ]; stylix = { enable = true; - base16Scheme = "${pkgs.base16-schemes}/share/themes/helios.yaml"; + base16Scheme = "${pkgs.base16-schemes}/share/themes/tomorrow-night.yaml"; polarity = "dark"; cursor = { package = pkgs.google-cursor; name = "GoogleDot-Blue"; size = 24; }; - image = ../../wallpapers/wallhaven-d5qlwj.jpg; + image = builtins.fetchurl { + url = "https://w.wallhaven.cc/full/9m/wallhaven-9mwzwk.jpg"; + name = "wallhaven-9mwzwk"; + sha256 = "0pj2k30mfhqr02dzdj40z62awmy58s5gg5mm4xzxiialclbd5n8d"; + }; opacity.terminal = 0.9; fonts = { sizes = { diff --git a/hosts/eldrid/users.nix b/hosts/eldrid/users.nix index 18d4cb4..f92dbe9 100644 --- a/hosts/eldrid/users.nix +++ b/hosts/eldrid/users.nix @@ -4,7 +4,7 @@ user = { isNormalUser = true; extraGroups = ["wheel" "video" "libvirtd" "dialout"]; - shell = pkgs.nushell; + shell = pkgs.fish; }; # work = { # isNormalUser = true; diff --git a/hosts/eldrid/users/user/programs.nix b/hosts/eldrid/users/user/programs.nix index fcc38f6..c586b0d 100644 --- a/hosts/eldrid/users/user/programs.nix +++ b/hosts/eldrid/users/user/programs.nix @@ -1,6 +1,6 @@ {pkgs, ...}: { shell = { - nushell.enable = true; + fish.enable = true; oh-my-posh.enable = true; }; diff --git a/hosts/sarien/configuration.nix b/hosts/sarien/configuration.nix index 12eaa33..e133b08 100644 --- a/hosts/sarien/configuration.nix +++ b/hosts/sarien/configuration.nix @@ -13,6 +13,7 @@ ./programs.nix ./stylix.nix ./users.nix + ./sops.nix ]; desktop = { diff --git a/hosts/sarien/hardware-conf.nix b/hosts/sarien/hardware-conf.nix index 5029b02..0d39959 100644 --- a/hosts/sarien/hardware-conf.nix +++ b/hosts/sarien/hardware-conf.nix @@ -69,6 +69,10 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + services.thermald.enable = true; + services.upower.enable = true; + powerManagement.powertop.enable = true; + services.udev.extraHwdb = '' evdev:input:b0011v0001p0001eAB83* KEYBOARD_KEY_d5=sysrq diff --git a/hosts/sarien/sops.nix b/hosts/sarien/sops.nix new file mode 100644 index 0000000..45f3202 --- /dev/null +++ b/hosts/sarien/sops.nix @@ -0,0 +1,24 @@ +{inputs, ...}: let + secretsPath = builtins.toString inputs.mysecrets; +in { + imports = [ + inputs.sops-nix.nixosModules.sops + ]; + + sops = { + age = { + sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + keyFile = "/var/lib/sops-nix/key.txt"; + generateKey = true; + }; + defaultSopsFile = "${secretsPath}/secrets.yaml"; + secrets = { + "user-password-hashed" = {}; + "ssh-private-sarien-user" = { + path = "/home/user/.ssh/id_ed25519"; + mode = "0400"; + owner = "user"; + }; + }; + }; +} diff --git a/hosts/sarien/stylix.nix b/hosts/sarien/stylix.nix index 9d5d581..26af5d3 100644 --- a/hosts/sarien/stylix.nix +++ b/hosts/sarien/stylix.nix @@ -12,7 +12,7 @@ ]; stylix = { enable = true; - base16Scheme = "${pkgs.base16-schemes}/share/themes/onedark.yaml"; + base16Scheme = "${pkgs.base16-schemes}/share/themes/tomorrow-night.yaml"; polarity = "dark"; cursor = { package = pkgs.google-cursor; @@ -20,10 +20,10 @@ size = 24; }; image = builtins.fetchurl { - url = "https://w.wallhaven.cc/full/57/wallhaven-573e81.png"; - name = "wallhaven-573e81"; - sha256 = "1ygsmmzk6icnvkr18s2r3mqh2kmigwb1424chji730cjhm8zc3cx"; - }; # ../../wallpapers/wallhaven-jxmo1y.jpg; + url = "https://w.wallhaven.cc/full/9m/wallhaven-9mwzwk.jpg"; + name = "wallhaven-9mwzwk"; + sha256 = "0pj2k30mfhqr02dzdj40z62awmy58s5gg5mm4xzxiialclbd5n8d"; + }; opacity.terminal = 0.9; fonts = { sizes = { diff --git a/hosts/sarien/users.nix b/hosts/sarien/users.nix index f92dbe9..d165bdd 100644 --- a/hosts/sarien/users.nix +++ b/hosts/sarien/users.nix @@ -1,15 +1,24 @@ -{pkgs, ...}: { +{ + inputs, + config, + pkgs, + ... +}: let + sopSec = config.sops.secrets; + secrets = inputs.mysecrets; +in { nix.settings.trusted-users = ["user"]; + users.mutableUsers = false; users.users = { user = { + hashedPasswordFile = sopSec."user-password-hashed".path; isNormalUser = true; extraGroups = ["wheel" "video" "libvirtd" "dialout"]; shell = pkgs.fish; + openssh.authorizedKeys.keyFiles = [ + "${secrets}/ssh/id_ed25519_sarien_user.pub" + "${secrets}/ssh/id_ed25519_eldrid_user.pub" + ]; }; - # work = { - # isNormalUser = true; - # extraGroups = ["video"]; - # shell = pkgs.nushell; - # }; }; } diff --git a/hosts/sarien/users/user/flatpak.nix b/hosts/sarien/users/user/flatpak.nix index 23f31e6..c5a2235 100644 --- a/hosts/sarien/users/user/flatpak.nix +++ b/hosts/sarien/users/user/flatpak.nix @@ -4,6 +4,7 @@ ]; services.flatpak = { enable = true; + uninstallUnmanaged = true; remotes = [ { name = "flathub"; diff --git a/hosts/sarien/users/user/home-configuration.nix b/hosts/sarien/users/user/home-configuration.nix index 0811d9d..9d5ec8e 100644 --- a/hosts/sarien/users/user/home-configuration.nix +++ b/hosts/sarien/users/user/home-configuration.nix @@ -1,5 +1,6 @@ {inputs, ...}: { imports = with inputs; [ + nix-index-database.hmModules.nix-index self.homeModules.desktop self.homeModules.programs ./programs.nix diff --git a/hosts/sarien/users/user/programs.nix b/hosts/sarien/users/user/programs.nix index 1d31f78..5e99840 100644 --- a/hosts/sarien/users/user/programs.nix +++ b/hosts/sarien/users/user/programs.nix @@ -7,6 +7,7 @@ console.yazi.enable = true; + stylix.targets.fzf.enable = false; programs = { bat.enable = true; btop = { @@ -15,7 +16,13 @@ }; eza.enable = true; fd.enable = true; - fzf.enable = true; + fzf = { + enable = true; + defaultOptions = ["--color=16"]; + }; + pay-respects.enable = true; + nix-index.enable = true; + nix-index-database.comma.enable = true; gitui.enable = true; git = { enable = true; @@ -38,6 +45,7 @@ editor = { helix.enable = true; neve.enable = true; + zed.enable = true; }; home.packages = with pkgs; [ @@ -45,14 +53,16 @@ flatpak # flatpak cli trashy # trash cli procs # ps in rust + ouch # archive manager in runt dust # du in rust fend # calc in rust + moar # better pager tree # tree util rbw # bitwarden cli in rust - zip # zip util + pinentry-qt # pinentry for rbw vial # qmk keyboard configuring app - unzip # unzip util waycheck # check wayland protocols virt-manager # libvirt gui ]; + systemd.user.settings.Manager.DefaultEnvironment.PAGER = "moar"; } diff --git a/modules/home/desktop/hyprland/default.nix b/modules/home/desktop/hyprland/default.nix index f6420ed..71e8db3 100644 --- a/modules/home/desktop/hyprland/default.nix +++ b/modules/home/desktop/hyprland/default.nix @@ -37,7 +37,10 @@ in { settings = { input = { kb_layout = "us,ua"; - resolve_binds_by_sym = 0; + resolve_binds_by_sym = + if hostname == "dunamis" + then 1 + else 0; repeat_rate = 50; repeat_delay = 300; # mouse @@ -157,6 +160,8 @@ in { scroller = { column_widths = "onethird onehalf twothirds one"; window_heights = "onethird onehalf twothirds one"; + gesture_scroll_fingers = 3; + gesture_overview_fingers = 3; jump_labels_font = "${config.stylix.fonts.sansSerif.name}"; jump_labels_color = "0xff${config.lib.stylix.colors.base0A}"; }; @@ -364,7 +369,7 @@ in { "$mod ALT, mouse:272, resizewindow" ]; gestures = { - workspace_swipe = true; + workspace_swipe = false; workspace_swipe_fingers = 3; workspace_swipe_distance = 300; };