Merge remote-tracking branch 'refs/remotes/origin/main'

2025-03-02 22:50:07 +02:00
parent 10e0ab4813 604cd9315d
commit 15f3bf07e7
16 changed files with 125 additions and 23 deletions
--- a/hosts/eldrid/configuration.nix
+++ b/hosts/eldrid/configuration.nix
@ -2,6 +2,7 @@
 {
  pkgs,
  inputs,
+  config,
  ...
 }: {
  imports = with inputs; [
@ -13,13 +14,29 @@
    ./programs.nix
    ./stylix.nix
    ./users.nix
+    ./sops.nix
  ];

  desktop = {
    hyprland.enable = true;
  };

-  nix.settings.experimental-features = ["nix-command" "flakes"];
+  nix = {
+    settings.experimental-features = ["nix-command" "flakes"];
+    distributedBuilds = true;
+    settings.builders-use-substitutes = true;
+    buildMachines = [
+      {
+        hostName = "dunamis";
+        sshUser = "remotebuild";
+        system = "x86_64-linux";
+        sshKey = config.sops.secrets."ssh-private-eldrid-rmbuild".path;
+        supportedFeatures = ["nixos-test" "big-parallel" "kvm" "benchmark"];
+        publicHostKey = builtins.readFile "${inputs.mysecrets}/ssh/ssh_host_ed25519_dunamis.base64";
+      }
+    ];
+  };
+
  system.stateVersion = "25.05";

  time.timeZone = "Europe/Kyiv";
--- a/hosts/eldrid/programs.nix
+++ b/hosts/eldrid/programs.nix
@ -10,8 +10,9 @@
    clean.extraArgs = "--keep-since 7d --keep 3";
    flake = "/home/user/.config/nixos";
  };
+  programs.fish.enable = true;
  environment.systemPackages = with pkgs; [
    helix
-    nushell
+    # nushell
  ];
 }
--- a/hosts/eldrid/sops.nix
+++ b/hosts/eldrid/sops.nix
@ -0,0 +1,25 @@
+{inputs, ...}: let
+  secretsPath = builtins.toString inputs.mysecrets;
+in {
+  imports = [
+    inputs.sops-nix.nixosModules.sops
+  ];
+
+  sops = {
+    age = {
+      sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
+      keyFile = "/var/lib/sops-nix/key.txt";
+      generateKey = true;
+    };
+    defaultSopsFile = "${secretsPath}/secrets.yaml";
+    secrets = {
+      "user-password-hashed" = {};
+      "ssh-private-eldrid-rmbuild" = {};
+      "ssh-private-eldrid-user" = {
+        path = "/home/user/.ssh/id_ed25519";
+        mode = "0400";
+        owner = "user";
+      };
+    };
+  };
+}
--- a/hosts/eldrid/stylix.nix
+++ b/hosts/eldrid/stylix.nix
@ -12,14 +12,18 @@
  ];
  stylix = {
    enable = true;
-    base16Scheme = "${pkgs.base16-schemes}/share/themes/helios.yaml";
+    base16Scheme = "${pkgs.base16-schemes}/share/themes/tomorrow-night.yaml";
    polarity = "dark";
    cursor = {
      package = pkgs.google-cursor;
      name = "GoogleDot-Blue";
      size = 24;
    };
-    image = ../../wallpapers/wallhaven-d5qlwj.jpg;
+    image = builtins.fetchurl {
+      url = "https://w.wallhaven.cc/full/9m/wallhaven-9mwzwk.jpg";
+      name = "wallhaven-9mwzwk";
+      sha256 = "0pj2k30mfhqr02dzdj40z62awmy58s5gg5mm4xzxiialclbd5n8d";
+    };
    opacity.terminal = 0.9;
    fonts = {
      sizes = {
--- a/hosts/eldrid/users.nix
+++ b/hosts/eldrid/users.nix
@ -4,7 +4,7 @@
    user = {
      isNormalUser = true;
      extraGroups = ["wheel" "video" "libvirtd" "dialout"];
-      shell = pkgs.nushell;
+      shell = pkgs.fish;
    };
    # work = {
    #   isNormalUser = true;
--- a/hosts/eldrid/users/user/programs.nix
+++ b/hosts/eldrid/users/user/programs.nix
@ -1,6 +1,6 @@
 {pkgs, ...}: {
  shell = {
-    nushell.enable = true;
+    fish.enable = true;
    oh-my-posh.enable = true;
  };

--- a/hosts/sarien/configuration.nix
+++ b/hosts/sarien/configuration.nix
@ -13,6 +13,7 @@
    ./programs.nix
    ./stylix.nix
    ./users.nix
+    ./sops.nix
  ];

  desktop = {
--- a/hosts/sarien/hardware-conf.nix
+++ b/hosts/sarien/hardware-conf.nix
@ -69,6 +69,10 @@
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

+  services.thermald.enable = true;
+  services.upower.enable = true;
+  powerManagement.powertop.enable = true;
+
  services.udev.extraHwdb = ''
    evdev:input:b0011v0001p0001eAB83*
      KEYBOARD_KEY_d5=sysrq
--- a/hosts/sarien/sops.nix
+++ b/hosts/sarien/sops.nix
@ -0,0 +1,24 @@
+{inputs, ...}: let
+  secretsPath = builtins.toString inputs.mysecrets;
+in {
+  imports = [
+    inputs.sops-nix.nixosModules.sops
+  ];
+
+  sops = {
+    age = {
+      sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
+      keyFile = "/var/lib/sops-nix/key.txt";
+      generateKey = true;
+    };
+    defaultSopsFile = "${secretsPath}/secrets.yaml";
+    secrets = {
+      "user-password-hashed" = {};
+      "ssh-private-sarien-user" = {
+        path = "/home/user/.ssh/id_ed25519";
+        mode = "0400";
+        owner = "user";
+      };
+    };
+  };
+}
--- a/hosts/sarien/stylix.nix
+++ b/hosts/sarien/stylix.nix
@ -12,7 +12,7 @@
  ];
  stylix = {
    enable = true;
-    base16Scheme = "${pkgs.base16-schemes}/share/themes/onedark.yaml";
+    base16Scheme = "${pkgs.base16-schemes}/share/themes/tomorrow-night.yaml";
    polarity = "dark";
    cursor = {
      package = pkgs.google-cursor;
@ -20,10 +20,10 @@
      size = 24;
    };
    image = builtins.fetchurl {
-      url = "https://w.wallhaven.cc/full/57/wallhaven-573e81.png";
-      name = "wallhaven-573e81";
-      sha256 = "1ygsmmzk6icnvkr18s2r3mqh2kmigwb1424chji730cjhm8zc3cx";
-    }; # ../../wallpapers/wallhaven-jxmo1y.jpg;
+      url = "https://w.wallhaven.cc/full/9m/wallhaven-9mwzwk.jpg";
+      name = "wallhaven-9mwzwk";
+      sha256 = "0pj2k30mfhqr02dzdj40z62awmy58s5gg5mm4xzxiialclbd5n8d";
+    };
    opacity.terminal = 0.9;
    fonts = {
      sizes = {
--- a/hosts/sarien/users.nix
+++ b/hosts/sarien/users.nix
@ -1,15 +1,24 @@
-{pkgs, ...}: {
+{
+  inputs,
+  config,
+  pkgs,
+  ...
+}: let
+  sopSec = config.sops.secrets;
+  secrets = inputs.mysecrets;
+in {
  nix.settings.trusted-users = ["user"];
+  users.mutableUsers = false;
  users.users = {
    user = {
+      hashedPasswordFile = sopSec."user-password-hashed".path;
      isNormalUser = true;
      extraGroups = ["wheel" "video" "libvirtd" "dialout"];
      shell = pkgs.fish;
+      openssh.authorizedKeys.keyFiles = [
+        "${secrets}/ssh/id_ed25519_sarien_user.pub"
+        "${secrets}/ssh/id_ed25519_eldrid_user.pub"
+      ];
    };
-    # work = {
-    #   isNormalUser = true;
-    #   extraGroups = ["video"];
-    #   shell = pkgs.nushell;
-    # };
  };
 }
--- a/hosts/sarien/users/user/flatpak.nix
+++ b/hosts/sarien/users/user/flatpak.nix
@ -4,6 +4,7 @@
  ];
  services.flatpak = {
    enable = true;
+    uninstallUnmanaged = true;
    remotes = [
      {
        name = "flathub";
--- a/hosts/sarien/users/user/home-configuration.nix
+++ b/hosts/sarien/users/user/home-configuration.nix
@ -1,5 +1,6 @@
 {inputs, ...}: {
  imports = with inputs; [
+    nix-index-database.hmModules.nix-index
    self.homeModules.desktop
    self.homeModules.programs
    ./programs.nix
--- a/hosts/sarien/users/user/programs.nix
+++ b/hosts/sarien/users/user/programs.nix
@ -7,6 +7,7 @@

  console.yazi.enable = true;

+  stylix.targets.fzf.enable = false;
  programs = {
    bat.enable = true;
    btop = {
@ -15,7 +16,13 @@
    };
    eza.enable = true;
    fd.enable = true;
-    fzf.enable = true;
+    fzf = {
+      enable = true;
+      defaultOptions = ["--color=16"];
+    };
+    pay-respects.enable = true;
+    nix-index.enable = true;
+    nix-index-database.comma.enable = true;
    gitui.enable = true;
    git = {
      enable = true;
@ -38,6 +45,7 @@
  editor = {
    helix.enable = true;
    neve.enable = true;
+    zed.enable = true;
  };

  home.packages = with pkgs; [
@ -45,14 +53,16 @@
    flatpak # flatpak cli
    trashy # trash cli
    procs # ps in rust
+    ouch # archive manager in runt
    dust # du in rust
    fend # calc in rust
+    moar # better pager
    tree # tree util
    rbw # bitwarden cli in rust
-    zip # zip util
+    pinentry-qt # pinentry for rbw
    vial # qmk keyboard configuring app
-    unzip # unzip util
    waycheck # check wayland protocols
    virt-manager # libvirt gui
  ];
+  systemd.user.settings.Manager.DefaultEnvironment.PAGER = "moar";
 }