From 8464dc008418de5fb3db30bf84fbb465b52e04e8 Mon Sep 17 00:00:00 2001 From: unexplrd Date: Tue, 25 Mar 2025 00:22:39 +0200 Subject: [PATCH] yeah Signed-off-by: unexplrd --- hosts/dunamis/catppuccin.nix | 9 ------ hosts/dunamis/configuration.nix | 9 +++++- hosts/dunamis/hardware.nix | 21 ++++++++++++++ hosts/dunamis/users.nix | 13 +-------- hosts/dunamis/users/user/catppuccin.nix | 9 ------ hosts/dunamis/users/user/flatpak.nix | 28 ++++++------------- .../dunamis/users/user/home-configuration.nix | 1 - hosts/dunamis/users/user/sops.nix | 26 ----------------- hosts/sarien/configuration.nix | 2 +- modules/home/programs/editor/helix.nix | 26 +++++++++-------- modules/home/programs/shell/fish.nix | 7 +++-- 11 files changed, 59 insertions(+), 92 deletions(-) delete mode 100644 hosts/dunamis/catppuccin.nix delete mode 100644 hosts/dunamis/users/user/catppuccin.nix delete mode 100644 hosts/dunamis/users/user/sops.nix diff --git a/hosts/dunamis/catppuccin.nix b/hosts/dunamis/catppuccin.nix deleted file mode 100644 index 1a34af7..0000000 --- a/hosts/dunamis/catppuccin.nix +++ /dev/null @@ -1,9 +0,0 @@ -{inputs, ...}: { - imports = with inputs; [ - catppuccin.nixosModules.catppuccin - ]; - catppuccin = { - enable = true; - flavor = "latte"; - }; -} diff --git a/hosts/dunamis/configuration.nix b/hosts/dunamis/configuration.nix index 89cdcf0..1dd865e 100644 --- a/hosts/dunamis/configuration.nix +++ b/hosts/dunamis/configuration.nix @@ -1,5 +1,6 @@ { pkgs, + config, inputs, ... }: { @@ -12,7 +13,6 @@ ./programs.nix ./stylix.nix # ./stylix-light.nix - # ./catppuccin.nix ./disko.nix ./users.nix ./sops.nix @@ -26,6 +26,13 @@ channel.enable = false; settings.experimental-features = ["nix-command" "flakes"]; daemonCPUSchedPolicy = "idle"; + sshServe.enable = true; + sshServe.keys = let + s = inputs.mysecrets; + in [ + (builtins.readFile + "${s}/ssh/id_ed25519_sarien_user.pub") + ]; }; system.stateVersion = "25.05"; diff --git a/hosts/dunamis/hardware.nix b/hosts/dunamis/hardware.nix index d58980d..093c80e 100644 --- a/hosts/dunamis/hardware.nix +++ b/hosts/dunamis/hardware.nix @@ -27,6 +27,27 @@ ]; }; }; + boot.kernelParams = [ + "mitigations=auto" + "spectre_v2=on" + "spectre_bhi=on" + "spec_store_bypass_disable=on" + "tsx=off" + "kvm.nx_huge_pages=force" + "nosmt=force" + "l1d_flush=on" + "spec_rstack_overflow=safe-ret" + "gather_data_sampling=force" + "reg_file_data_sampling=on" + "module.sig_enforce=1" + "lockdown=confidentiality" + "intel_iommu=on" + "amd_iommu=force_isolation" + "efi=disable_early_pci_dma" + "iommu=force" + "iommu.passthrough=0" + "iommu.strict=1" + ]; hardware.graphics = { enable = true; diff --git a/hosts/dunamis/users.nix b/hosts/dunamis/users.nix index 6521d7d..1218067 100644 --- a/hosts/dunamis/users.nix +++ b/hosts/dunamis/users.nix @@ -9,7 +9,7 @@ in { nix.settings.trusted-users = [ "user" - "remotebuild" + "nix-ssh" ]; users.mutableUsers = false; users.users = { @@ -23,16 +23,5 @@ in { "${secrets}/ssh/id_ed25519_eldrid_user.pub" ]; }; - remotebuild = { - isNormalUser = true; - createHome = false; - group = "remotebuild"; - openssh.authorizedKeys.keyFiles = [ - "${secrets}/ssh/id_ed25519_sarien_user.pub" - "${secrets}/ssh/id_ed25519_eldrid_user.pub" - "${secrets}/ssh/id_ed25519_eldrid_rmbuild.pub" - ]; - }; }; - users.groups.remotebuild = {}; } diff --git a/hosts/dunamis/users/user/catppuccin.nix b/hosts/dunamis/users/user/catppuccin.nix deleted file mode 100644 index 3b83235..0000000 --- a/hosts/dunamis/users/user/catppuccin.nix +++ /dev/null @@ -1,9 +0,0 @@ -{inputs, ...}: { - imports = with inputs; [ - catppuccin.homeManagerModules.catppuccin - ]; - catppuccin = { - enable = true; - flavor = "latte"; - }; -} diff --git a/hosts/dunamis/users/user/flatpak.nix b/hosts/dunamis/users/user/flatpak.nix index b6b300d..133ff0b 100644 --- a/hosts/dunamis/users/user/flatpak.nix +++ b/hosts/dunamis/users/user/flatpak.nix @@ -22,24 +22,23 @@ "com.obsproject.Studio" "com.bitwarden.desktop" "com.github.tchx84.Flatseal" + "de.haeckerfelix.Fragments" "org.qbittorrent.qBittorrent" # "com.transmissionbt.Transmission" "com.usebottles.bottles" "com.logseq.Logseq" "org.octave.Octave" - "io.github.martchus.syncthingtray" # chatting "org.signal.Signal" "im.riot.Riot" "org.telegram.desktop" "io.github.spacingbat3.webcord" - # "dev.vencord.Vesktop" "org.mozilla.Thunderbird" # media - "org.atheme.audacious" + "io.bassi.Amberol" "io.freetubeapp.FreeTube" #"io.github.celluloid_player.Celluloid" # "io.mpv.Mpv" @@ -62,38 +61,29 @@ Context = { sockets = ["wayland" "!x11" "!fallback-x11"]; filesystems = [ + "!host" + "!home" + "!~/.ssh" "xdg-run/pipewire-0" "xdg-config/gtk-3.0:ro" "xdg-config/gtk-4.0:ro" - # "~/.local/share/fonts:ro" "~/.local/share/icons:ro" - # "~/.nix-profile/share/icons:ro" - # "~/.nix-profile/share/fonts:ro" "/nix/store:ro" ]; }; Environment = { - XCURSOR_PATH = "/run/host/user-share/icons:/run/host/share/icons"; ELECTRON_OZONE_PLATFORM_HINT = "wayland"; - #GTK_THEME = "adw-gtk3"; }; }; - "io.github.martchus.syncthingtray".Context.filesystems = ["/storage/games/heroic/Factorio/game/saves"]; - "org.octave.Octave".Context.sockets = ["x11"]; - "org.octave.Octave".Environment = {QT_QPA_PLATFORM = "xcb";}; "com.valvesoftware.Steam" = { Context = { sockets = ["x11" "wayland"]; filesystems = ["/storage/games/steam"]; }; - Environment = { - STEAM_FORCE_DESKTOPUI_SCALING = "1.3"; - }; + Environment.STEAM_FORCE_DESKTOPUI_SCALING = "1.3"; }; "org.signal.Signal" = { - Environment = { - SIGNAL_PASSWORD_STORE = "gnome-libsecret"; - }; + Environment.SIGNAL_PASSWORD_STORE = "gnome-libsecret"; }; "net.lutris.Lutris".Context = { sockets = ["x11" "wayland"]; @@ -104,9 +94,7 @@ filesystems = ["/storage/games/heroic" "~/games/heroic"]; }; "com.usebottles.Bottles" = { - Context = { - sockets = ["x11" "wayland"]; - }; + Context.sockets = ["x11" "wayland"]; }; }; }; diff --git a/hosts/dunamis/users/user/home-configuration.nix b/hosts/dunamis/users/user/home-configuration.nix index ab676c6..128acc8 100644 --- a/hosts/dunamis/users/user/home-configuration.nix +++ b/hosts/dunamis/users/user/home-configuration.nix @@ -5,7 +5,6 @@ self.homeModules.programs ./programs.nix ./flatpak.nix - # ./sops.nix ]; desktop = { niri.enable = true; diff --git a/hosts/dunamis/users/user/sops.nix b/hosts/dunamis/users/user/sops.nix deleted file mode 100644 index f637bb0..0000000 --- a/hosts/dunamis/users/user/sops.nix +++ /dev/null @@ -1,26 +0,0 @@ -{inputs, ...}: let - secretsPath = builtins.toString inputs.mysecrets; -in { - # imports = with inputs; [ - # sops-nix.homeManagerModules.sops - # ]; - # sops = { - # age.keyFile = "/var/lib/sops-nix/key.txt"; - - # defaultSopsFile = "${secretsPath}/secrets.yaml"; - # validateSopsFiles = false; - - # secrets = { - # "ssh/private/dunamis-user" = { - # path = "/home/user/.ssh/id_ed25519"; - # }; - # }; - home.file."id_ed25519_pub" = { - source = "${secretsPath}/ssh/user/id_dunamis_ed25519.pub"; - target = ".ssh/id_ed25519.pub"; - }; - home.file."id_uni_ed25519_pub" = { - source = "${secretsPath}/ssh/user/id_uni_ed25519.pub"; - target = ".ssh/id_uni_ed25519.pub"; - }; -} diff --git a/hosts/sarien/configuration.nix b/hosts/sarien/configuration.nix index 8896e45..aec4116 100644 --- a/hosts/sarien/configuration.nix +++ b/hosts/sarien/configuration.nix @@ -33,7 +33,7 @@ buildMachines = [ { hostName = "dunamis"; - sshUser = "user"; + sshUser = "nix-ssh"; system = "x86_64-linux"; sshKey = config.sops.secrets."ssh-sarien-user".path; supportedFeatures = ["nixos-test" "big-parallel" "kvm" "benchmark"]; diff --git a/modules/home/programs/editor/helix.nix b/modules/home/programs/editor/helix.nix index 572e53e..259e044 100644 --- a/modules/home/programs/editor/helix.nix +++ b/modules/home/programs/editor/helix.nix @@ -17,10 +17,14 @@ in { defaultEditor = true; settings = { editor = { - line-number = "relative"; bufferline = "multiple"; cursorline = true; - lsp.display-messages = true; + inline-diagnostics.cursor-line = "warning"; + line-number = "relative"; + lsp = { + display-messages = true; + display-inlay-hints = true; + }; cursor-shape = { insert = "bar"; normal = "block"; @@ -60,9 +64,9 @@ in { language-server = with lib; { clangd.command = "${pkgs.clang-tools}/bin/clangd"; markdown-oxide.command = getExe pkgs.markdown-oxide; - nil.command = getExe pkgs.nil; + # nil.command = getExe pkgs.nil; nixd.command = getExe pkgs.nixd; - rust-analyzer.command = getExe pkgs.rust-analyzer; + # rust-analyzer.command = getExe pkgs.rust-analyzer; # texlab.command = getExe pkgs.texlab; tinymist.command = getExe pkgs.tinymist; }; @@ -70,7 +74,7 @@ in { { name = "nix"; auto-format = true; - formatter.command = "${pkgs.alejandra}/bin/alejandra"; + formatter.command = lib.getExe pkgs.alejandra; language-servers = ["nixd"]; } # { @@ -101,12 +105,12 @@ in { auto-format = true; formatter.command = "${pkgs.clang-tools}/bin/clang-format"; } - { - name = "rust"; - auto-format = true; - language-servers = ["rust-analyzer"]; - formatter.command = "${pkgs.rustfmt}/bin/rustfmt"; - } + # { + # name = "rust"; + # auto-format = true; + # language-servers = ["rust-analyzer"]; + # formatter.command = lib.getExe pkgs.rustfmt; + # } ]; }; }; diff --git a/modules/home/programs/shell/fish.nix b/modules/home/programs/shell/fish.nix index 87dae39..960362d 100644 --- a/modules/home/programs/shell/fish.nix +++ b/modules/home/programs/shell/fish.nix @@ -24,8 +24,11 @@ in { direnv.enable = true; direnv.silent = true; nix-your-shell.enable = true; - keychain.enable = true; - keychain.extraFlags = ["--quiet" "--noask"]; + keychain = { + enable = true; + # extraFlags = ["--quiet" "--noask"]; + keys = ["id_ed25519"]; + }; fish = { enable = true; shellAliases = {