From d9df333e58f47f8b0d82fe7825a63ad9764b14fc Mon Sep 17 00:00:00 2001 From: unexplrd Date: Wed, 26 Mar 2025 00:10:37 +0200 Subject: [PATCH] eldrid Signed-off-by: unexplrd --- hosts/eldrid/configuration.nix | 35 ++++++++----- .../{hardware-conf.nix => hardware.nix} | 0 hosts/eldrid/sops.nix | 28 ++++++++++- hosts/eldrid/stylix-light.nix | 50 +++++++++++++++++++ hosts/eldrid/stylix.nix | 28 +++++------ hosts/eldrid/users/user/flatpak.nix | 35 +++++-------- 6 files changed, 122 insertions(+), 54 deletions(-) rename hosts/eldrid/{hardware-conf.nix => hardware.nix} (100%) create mode 100644 hosts/eldrid/stylix-light.nix diff --git a/hosts/eldrid/configuration.nix b/hosts/eldrid/configuration.nix index d854fa4..01cd7ee 100644 --- a/hosts/eldrid/configuration.nix +++ b/hosts/eldrid/configuration.nix @@ -1,8 +1,8 @@ # device-specific setup { pkgs, - inputs, config, + inputs, ... }: { imports = with inputs; [ @@ -10,28 +10,30 @@ lix.nixosModules.default self.nixosModules.desktop self.nixosModules.system - ./hardware-conf.nix + ./hardware.nix ./programs.nix ./stylix.nix ./users.nix - ./sops.nix ]; desktop = { - hyprland.enable = true; - # cosmic.enable = true; + niri.enable = true; }; nix = { - settings.experimental-features = ["nix-command" "flakes"]; + channel.enable = false; + daemonCPUSchedPolicy = "idle"; + settings = { + experimental-features = ["nix-command" "flakes"]; + builders-use-substitutes = true; + }; distributedBuilds = true; - settings.builders-use-substitutes = true; buildMachines = [ { hostName = "dunamis"; - sshUser = "remotebuild"; + sshUser = "nix-ssh"; system = "x86_64-linux"; - sshKey = config.sops.secrets."ssh-private-eldrid-rmbuild".path; + sshKey = config.sops.secrets."ssh-eldrid-user".path; supportedFeatures = ["nixos-test" "big-parallel" "kvm" "benchmark"]; publicHostKey = builtins.readFile "${inputs.mysecrets}/ssh/ssh_host_ed25519_dunamis.base64"; } @@ -46,10 +48,8 @@ networking = { networkmanager.enable = true; hostName = "eldrid"; - # required for syncthing - firewall = { - allowedTCPPorts = [22000]; - allowedUDPPorts = [21027 22000]; + hosts = { + "192.168.1.42" = ["dunamis"]; }; }; @@ -75,6 +75,15 @@ flatpak.enable = true; fstrim.enable = true; openssh.enable = true; + syncthing.openDefaultPorts = true; + dnscrypt-proxy2 = { + enable = true; + settings = { + require_dnssec = true; + server_names = ["mullvad-doh"]; + bootstrap_resolvers = ["9.9.9.11:53" "9.9.9.9:53"]; + }; + }; }; services.scx = { enable = true; diff --git a/hosts/eldrid/hardware-conf.nix b/hosts/eldrid/hardware.nix similarity index 100% rename from hosts/eldrid/hardware-conf.nix rename to hosts/eldrid/hardware.nix diff --git a/hosts/eldrid/sops.nix b/hosts/eldrid/sops.nix index b914584..bf833b9 100644 --- a/hosts/eldrid/sops.nix +++ b/hosts/eldrid/sops.nix @@ -14,17 +14,41 @@ in { defaultSopsFile = "${secretsPath}/secrets.yaml"; secrets = { "user-password-hashed".neededForUsers = true; - "ssh-private-eldrid-rmbuild" = {}; "ssh-config" = { path = "/home/user/.ssh/config"; mode = "0400"; owner = "user"; }; - "ssh-private-eldrid-user" = { + "ssh-eldrid-user" = { path = "/home/user/.ssh/id_ed25519"; mode = "0400"; owner = "user"; }; + "ssh-eldrid-user.pub" = { + path = "/home/user/.ssh/id_ed25519.pub"; + mode = "0400"; + owner = "user"; + }; + "ssh-unexplrd" = { + path = "/home/user/.ssh/id_unexplrd_ed25519"; + mode = "0400"; + owner = "user"; + }; + "ssh-unexplrd.pub" = { + path = "/home/user/.ssh/id_unexplrd_ed25519.pub"; + mode = "0400"; + owner = "user"; + }; + "ssh-uni" = { + path = "/home/user/.ssh/id_uni_ed25519"; + mode = "0400"; + owner = "user"; + }; + "ssh-uni.pub" = { + path = "/home/user/.ssh/id_uni_ed25519.pub"; + mode = "0400"; + owner = "user"; + }; }; }; } diff --git a/hosts/eldrid/stylix-light.nix b/hosts/eldrid/stylix-light.nix new file mode 100644 index 0000000..c130cc2 --- /dev/null +++ b/hosts/eldrid/stylix-light.nix @@ -0,0 +1,50 @@ +{ + pkgs, + inputs, + config, + ... +}: { + imports = with inputs; [ + stylix.nixosModules.stylix + ]; + environment.systemPackages = with pkgs; [ + nerd-fonts.iosevka + ]; + stylix = { + enable = true; + base16Scheme = "${pkgs.base16-schemes}/share/themes/nord-light.yaml"; + polarity = "light"; + cursor = { + package = pkgs.bibata-cursors; + name = "Bibata-Modern-Ice"; + size = 24; + }; + image = builtins.fetchurl { + url = "https://w.wallhaven.cc/full/e7/wallhaven-e7djlk.png"; + name = "wallhaven-e7djlk.png"; + sha256 = "1mwvnmflp0z1biyyhfz7mjn7i1nna94n7jyns3na2shbfkaq7i0h"; + }; + opacity.terminal = 0.9; + fonts = { + sizes = { + applications = 13; + desktop = 14; + popups = 13; + terminal = 15; + }; + serif = { + package = pkgs.nerd-fonts.iosevka; + name = "Iosevka Nerd Font Propo"; + }; + sansSerif = config.stylix.fonts.serif; + monospace = { + package = pkgs.nerd-fonts.iosevka-term; + name = "IosevkaTerm Nerd Font Mono"; + }; + emoji = { + package = pkgs.noto-fonts-emoji; + name = "Noto Color Emoji"; + }; + }; + }; +} diff --git a/hosts/eldrid/stylix.nix b/hosts/eldrid/stylix.nix index 3e113c5..522bff6 100644 --- a/hosts/eldrid/stylix.nix +++ b/hosts/eldrid/stylix.nix @@ -1,28 +1,28 @@ { pkgs, inputs, + config, ... }: { - imports = [ - inputs.stylix.nixosModules.stylix + imports = with inputs; [ + stylix.nixosModules.stylix ]; environment.systemPackages = with pkgs; [ - #papirus-icon-theme nerd-fonts.iosevka ]; stylix = { enable = true; - base16Scheme = "${pkgs.base16-schemes}/share/themes/tomorrow.yaml"; - polarity = "light"; + base16Scheme = "${pkgs.base16-schemes}/share/themes/nord.yaml"; + polarity = "dark"; cursor = { package = pkgs.bibata-cursors; - name = "Bibata-Modern-Ice"; + name = "Bibata-Modern-Classic"; size = 24; }; image = builtins.fetchurl { - url = "https://w.wallhaven.cc/full/d6/wallhaven-d6163o.jpg"; - name = "wallhaven-d6163o"; - sha256 = "c6d298be1520546c0440d64d1073e33a356043e2481a8a67e940d5262c0c2e28"; + url = "https://w.wallhaven.cc/full/l8/wallhaven-l8l9gq.png"; + name = "wallhaven-l8l9gq.png"; + sha256 = "0ypr44sg0fn55m1b52dgr1nnscpi2p6rfkjsm7vvrdqw7bafbx2z"; }; opacity.terminal = 0.9; fonts = { @@ -36,15 +36,11 @@ package = pkgs.nerd-fonts.iosevka; name = "Iosevka Nerd Font Propo"; }; - sansSerif = { - package = pkgs.nerd-fonts.iosevka; - name = "Iosevka Nerd Font Propo"; - }; + sansSerif = config.stylix.fonts.serif; monospace = { - package = pkgs.nerd-fonts.iosevka; - name = "Iosevka Nerd Font Mono"; + package = pkgs.nerd-fonts.iosevka-term; + name = "IosevkaTerm Nerd Font Mono"; }; - emoji = { package = pkgs.noto-fonts-emoji; name = "Noto Color Emoji"; diff --git a/hosts/eldrid/users/user/flatpak.nix b/hosts/eldrid/users/user/flatpak.nix index 23f31e6..f31061e 100644 --- a/hosts/eldrid/users/user/flatpak.nix +++ b/hosts/eldrid/users/user/flatpak.nix @@ -1,9 +1,10 @@ {inputs, ...}: { - imports = [ - inputs.nix-flatpak.homeManagerModules.nix-flatpak + imports = with inputs; [ + nix-flatpak.homeManagerModules.nix-flatpak ]; services.flatpak = { enable = true; + uninstallUnmanaged = true; remotes = [ { name = "flathub"; @@ -16,17 +17,17 @@ ]; packages = [ # misc - "io.github.zen_browser.zen" + "app.zen_browser.zen" "net.mullvad.MullvadBrowser" "com.obsproject.Studio" "com.bitwarden.desktop" "com.github.tchx84.Flatseal" + "de.haeckerfelix.Fragments" "org.qbittorrent.qBittorrent" # "com.transmissionbt.Transmission" "com.usebottles.bottles" "com.logseq.Logseq" - "io.github.martchus.syncthingtray" # chatting "org.signal.Signal" @@ -36,7 +37,7 @@ "org.mozilla.Thunderbird" # media - "org.atheme.audacious" + "io.bassi.Amberol" "io.freetubeapp.FreeTube" #"io.github.celluloid_player.Celluloid" # "io.mpv.Mpv" @@ -58,38 +59,29 @@ Context = { sockets = ["wayland" "!x11" "!fallback-x11"]; filesystems = [ + "!host" + "!home" + "!~/.ssh" "xdg-run/pipewire-0" "xdg-config/gtk-3.0:ro" "xdg-config/gtk-4.0:ro" - # "~/.local/share/fonts:ro" "~/.local/share/icons:ro" - # "~/.nix-profile/share/icons:ro" - # "~/.nix-profile/share/fonts:ro" "/nix/store:ro" ]; }; Environment = { - XCURSOR_PATH = "/run/host/user-share/icons:/run/host/share/icons"; ELECTRON_OZONE_PLATFORM_HINT = "wayland"; - #GTK_THEME = "adw-gtk3"; }; }; - "io.github.martchus.syncthingtray".Context.filesystems = ["/storage/games/heroic/Factorio/game/saves"]; - "org.octave.Octave".Context.sockets = ["x11"]; - "org.octave.Octave".Environment = {QT_QPA_PLATFORM = "xcb";}; "com.valvesoftware.Steam" = { Context = { sockets = ["x11" "wayland"]; filesystems = ["/storage/games/steam"]; }; - Environment = { - STEAM_FORCE_DESKTOPUI_SCALING = "1.3"; - }; + Environment.STEAM_FORCE_DESKTOPUI_SCALING = "1.3"; }; "org.signal.Signal" = { - Environment = { - SIGNAL_PASSWORD_STORE = "gnome-libsecret"; - }; + Environment.SIGNAL_PASSWORD_STORE = "gnome-libsecret"; }; "net.lutris.Lutris".Context = { sockets = ["x11" "wayland"]; @@ -100,10 +92,7 @@ filesystems = ["/storage/games/heroic" "~/games/heroic"]; }; "com.usebottles.Bottles" = { - Context = { - sockets = ["x11" "wayland"]; - filesystems = ["/home/user/docs/nure/tex-template/assets/BridgeKSG"]; - }; + Context.sockets = ["x11" "wayland"]; }; }; };