diff --git a/flake.lock b/flake.lock index 9de0072..221eaa1 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ ] }, "locked": { - "lastModified": 1764714051, - "narHash": "sha256-AjcMlM3UoavFoLzr0YrcvsIxALShjyvwe+o7ikibpCM=", + "lastModified": 1765900596, + "narHash": "sha256-+hn8v9jkkLP9m+o0Nm5SiEq10W0iWDSotH2XfjU45fA=", "owner": "hyprwm", "repo": "aquamarine", - "rev": "a43bedcceced5c21ad36578ed823e6099af78214", + "rev": "d83c97f8f5c0aae553c1489c7d9eff3eadcadace", "type": "github" }, "original": { @@ -124,6 +124,28 @@ "type": "github" } }, + "blueprint_2": { + "inputs": { + "nixpkgs": [ + "mypackages", + "nixpkgs" + ], + "systems": "systems_2" + }, + "locked": { + "lastModified": 1763308703, + "narHash": "sha256-O9Y+Wer8wOh+N+4kcCK5p/VLrXyX+ktk0/s3HdZvJzk=", + "owner": "numtide", + "repo": "blueprint", + "rev": "5a9bba070f801d63e2af3c9ef00b86b212429f4f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "blueprint", + "type": "github" + } + }, "chaotic": { "inputs": { "flake-schemas": "flake-schemas", @@ -153,11 +175,11 @@ }, "crane": { "locked": { - "lastModified": 1731098351, - "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=", + "lastModified": 1766194365, + "narHash": "sha256-4AFsUZ0kl6MXSm4BaQgItD0VGlEKR3iq7gIaL7TjBvc=", "owner": "ipetkov", "repo": "crane", - "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28", + "rev": "7d8ec2c71771937ab99790b45e6d9b93d15d9379", "type": "github" }, "original": { @@ -368,7 +390,43 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_4" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_4": { + "inputs": { + "systems": "systems_6" }, "locked": { "lastModified": 1731533236, @@ -414,11 +472,11 @@ "zon2nix": "zon2nix" }, "locked": { - "lastModified": 1766101315, - "narHash": "sha256-FZLl2/ufs2l4XBNO5gelF9g0XmrAvyTiiHJ7GRTB0aI=", + "lastModified": 1766784567, + "narHash": "sha256-fpRgcNFEGRidNTDk3CVsvKxWIgB9Ph5EM+q5DGe6CI8=", "owner": "ghostty-org", "repo": "ghostty", - "rev": "fa0a982ff26ac851b6cb5d31717ad3deb037be9c", + "rev": "c00d7fc5c4dc28bfa14935a84c70591d7103c284", "type": "github" }, "original": { @@ -490,6 +548,24 @@ "type": "gitlab" } }, + "helium-browser": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "utils": "utils" + }, + "locked": { + "lastModified": 1766767872, + "narHash": "sha256-3CkM0Wm8Bq3081SjfWTZ99KDlbn4qoH8TTjZ47EvHX4=", + "path": "/storage/git/helium-browser-nix-flake", + "type": "path" + }, + "original": { + "path": "/storage/git/helium-browser-nix-flake", + "type": "path" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -497,11 +573,11 @@ ] }, "locked": { - "lastModified": 1765980955, - "narHash": "sha256-rB45jv4uwC90vM9UZ70plfvY/2Kdygs+zlQ07dGQFk4=", + "lastModified": 1766682973, + "narHash": "sha256-GKO35onS711ThCxwWcfuvbIBKXwriahGqs+WZuJ3v9E=", "owner": "nix-community", "repo": "home-manager", - "rev": "89c9508bbe9b40d36b3dc206c2483ef176f15173", + "rev": "91cdb0e2d574c64fae80d221f4bf09d5592e9ec2", "type": "github" }, "original": { @@ -589,11 +665,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1766078604, - "narHash": "sha256-ECrUjlHZw/jQaLYS1lb10V3gmcHsYgJUgFtP9Z+aOKo=", + "lastModified": 1766787391, + "narHash": "sha256-YDEf0chnHpMl+symW6UJDM/nvffUO4l7/Orpm4MQBe0=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "6175ecd4c4ba817c4620f66a75e1e11da7c7a8ca", + "rev": "d7f26038ee2b44f3d02fe2a7556bafb91a02f46e", "type": "github" }, "original": { @@ -635,11 +711,11 @@ ] }, "locked": { - "lastModified": 1764812575, - "narHash": "sha256-1bK1yGgaR82vajUrt6z+BSljQvFn91D74WJ/vJsydtE=", + "lastModified": 1765643131, + "narHash": "sha256-CCGohW5EBIRy4B7vTyBMqPgsNcaNenVad/wszfddET0=", "owner": "hyprwm", "repo": "hyprland-guiutils", - "rev": "fd321368a40c782cfa299991e5584ca338e36ebe", + "rev": "e50ae912813bdfa8372d62daf454f48d6df02297", "type": "github" }, "original": { @@ -660,11 +736,11 @@ ] }, "locked": { - "lastModified": 1759610243, - "narHash": "sha256-+KEVnKBe8wz+a6dTLq8YDcF3UrhQElwsYJaVaHXJtoI=", + "lastModified": 1765214753, + "narHash": "sha256-P9zdGXOzToJJgu5sVjv7oeOGPIIwrd9hAUAP3PsmBBs=", "owner": "hyprwm", "repo": "hyprland-protocols", - "rev": "bd153e76f751f150a09328dbdeb5e4fab9d23622", + "rev": "3f3860b869014c00e8b9e0528c7b4ddc335c21ab", "type": "github" }, "original": { @@ -729,11 +805,11 @@ ] }, "locked": { - "lastModified": 1762891302, - "narHash": "sha256-0SpAxDdbuQamQKh2vnQ9oLr0k3ERF6xlnAsviT/6QEw=", + "lastModified": 1766160737, + "narHash": "sha256-Z4ZxrRiB9gwnJlPWw6vHE3nXnQipntlBEvygyienhFc=", "owner": "hyprwm", "repo": "hyprsunset", - "rev": "a9243e37778cbe43b1e8566f26956cb3d20cf811", + "rev": "3a73694a796ed6a8dd871de130fa0f09fcea9eb2", "type": "github" }, "original": { @@ -806,11 +882,11 @@ ] }, "locked": { - "lastModified": 1764962281, - "narHash": "sha256-rGbEMhTTyTzw4iyz45lch5kXseqnqcEpmrHdy+zHsfo=", + "lastModified": 1766160771, + "narHash": "sha256-roINUGikWRqqgKrD4iotKbGj3ZKJl3hjMz5l/SyKrHw=", "owner": "hyprwm", "repo": "hyprutils", - "rev": "fe686486ac867a1a24f99c753bb40ffed338e4b0", + "rev": "5ac060bfcf2f12b3a6381156ebbc13826a05b09f", "type": "github" }, "original": { @@ -860,11 +936,11 @@ ] }, "locked": { - "lastModified": 1764872015, - "narHash": "sha256-INI9AVrQG5nJZFvGPSiUZ9FEUZJLfGdsqjF1QSak7Gc=", + "lastModified": 1766253200, + "narHash": "sha256-26qPwrd3od+xoYVywSB7hC2cz9ivN46VPLlrsXyGxvE=", "owner": "hyprwm", "repo": "hyprwire", - "rev": "7997451dcaab7b9d9d442f18985d514ec5891608", + "rev": "1079777525b30a947c8d657fac158e00ae85de9d", "type": "github" }, "original": { @@ -873,6 +949,64 @@ "type": "github" } }, + "ixx": { + "inputs": { + "flake-utils": [ + "mypackages", + "nix-bwrapper", + "nuschtosSearch", + "flake-utils" + ], + "nixpkgs": [ + "mypackages", + "nix-bwrapper", + "nuschtosSearch", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754860581, + "narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=", + "owner": "NuschtOS", + "repo": "ixx", + "rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "ref": "v0.1.1", + "repo": "ixx", + "type": "github" + } + }, + "ixx_2": { + "inputs": { + "flake-utils": [ + "nix-bwrapper", + "nuschtosSearch", + "flake-utils" + ], + "nixpkgs": [ + "nix-bwrapper", + "nuschtosSearch", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754860581, + "narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=", + "owner": "NuschtOS", + "repo": "ixx", + "rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "ref": "v0.1.1", + "repo": "ixx", + "type": "github" + } + }, "jovian": { "inputs": { "nix-github-actions": "nix-github-actions", @@ -905,11 +1039,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1766225539, - "narHash": "sha256-0Y6o3oUmQCxrzLIvZTcUAQCPEXAc+tU+N3ZjmzdrC28=", + "lastModified": 1766582277, + "narHash": "sha256-mUZRMKId7Uycwnt31RytPwhmY/8UTbk92ckZWHoS0Eg=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "14455220bef50f8df94f05e5763cdf51bc704acd", + "rev": "4c78502846c1ef668eedbd4f55d818ebac5388ac", "type": "github" }, "original": { @@ -918,6 +1052,26 @@ "type": "github" } }, + "mypackages": { + "inputs": { + "blueprint": "blueprint_2", + "nix-bwrapper": "nix-bwrapper", + "nixpkgs": [ + "nixpkgs" + ], + "zen-browser": "zen-browser" + }, + "locked": { + "lastModified": 1767081883, + "narHash": "sha256-L8+rA/HCaJaDrVLRbifRyQoFANN96Y2Sq8E8Fbx+Qkc=", + "path": "/storage/git/packages-blueprint", + "type": "path" + }, + "original": { + "path": "/storage/git/packages-blueprint", + "type": "path" + } + }, "mysecrets": { "flake": false, "locked": { @@ -948,11 +1102,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1766090778, - "narHash": "sha256-e1SOJYHe5IbKFIOpWswB/4nIog1Zx5iXA4YB49XTFxE=", + "lastModified": 1766765523, + "narHash": "sha256-DCk3GKdKZNjpvNuDy9ZVfVwCy3tlm96/UZnYkJO7N44=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "d06ab0308d797dc4b2f9025d5952cca90afd11a7", + "rev": "a3e638c75d07de759421e6f34bd69c3f9a0a3567", "type": "github" }, "original": { @@ -981,11 +1135,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1766085543, - "narHash": "sha256-96X+37m2HH8IG3BzXEN3d4eHeUbiu9g1Q+KJQRX/Jpw=", + "lastModified": 1766751930, + "narHash": "sha256-83/YSW6c58i/iwGzAFApuMy6MCgoIaROeCcoIGh+ViU=", "owner": "YaLTeR", "repo": "niri", - "rev": "c4462d0c7fddfc11c9e98d43e3ef68a5b3c844ca", + "rev": "b5640d5293ad8dca06cb447692ea7cbb21680eb1", "type": "github" }, "original": { @@ -994,6 +1148,51 @@ "type": "github" } }, + "nix-bwrapper": { + "inputs": { + "nixpkgs": [ + "mypackages", + "nixpkgs" + ], + "nuschtosSearch": "nuschtosSearch", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1766319780, + "narHash": "sha256-Uh5180wjvBtSgtJ9zccZ7hu7bd7nvrnb6ff0nDwT2Rw=", + "owner": "Naxdy", + "repo": "nix-bwrapper", + "rev": "3b0d58d4d3e8da89147369d803926998798443e4", + "type": "github" + }, + "original": { + "owner": "Naxdy", + "repo": "nix-bwrapper", + "type": "github" + } + }, + "nix-bwrapper_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "nuschtosSearch": "nuschtosSearch_2", + "treefmt-nix": "treefmt-nix_2" + }, + "locked": { + "lastModified": 1766319780, + "narHash": "sha256-Uh5180wjvBtSgtJ9zccZ7hu7bd7nvrnb6ff0nDwT2Rw=", + "owner": "Naxdy", + "repo": "nix-bwrapper", + "rev": "3b0d58d4d3e8da89147369d803926998798443e4", + "type": "github" + }, + "original": { + "owner": "Naxdy", + "repo": "nix-bwrapper", + "type": "github" + } + }, "nix-flatpak": { "locked": { "lastModified": 1754777568, @@ -1079,11 +1278,11 @@ }, "nixos-facter-modules": { "locked": { - "lastModified": 1765442039, - "narHash": "sha256-k3lYQ+A1F7aTz8HnlU++bd9t/x/NP2A4v9+x6opcVg0=", + "lastModified": 1766558141, + "narHash": "sha256-Ud9v49ZPsoDBFuyJSQ2Mpw1ZgAH/aMwUwwzrVoetNus=", "owner": "numtide", "repo": "nixos-facter-modules", - "rev": "9dd775ee92de63f14edd021d59416e18ac2c00f1", + "rev": "e796d536e3d83de74267069e179dc620a608ed7d", "type": "github" }, "original": { @@ -1094,11 +1293,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1765779637, - "narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=", + "lastModified": 1766651565, + "narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1306659b587dc277866c7b69eb97e5f07864d8c4", + "rev": "3e2499d5539c16d0d173ba53552a4ff8547f4539", "type": "github" }, "original": { @@ -1110,11 +1309,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1765838191, - "narHash": "sha256-m5KWt1nOm76ILk/JSCxBM4MfK3rYY7Wq9/TZIIeGnT8=", + "lastModified": 1766736597, + "narHash": "sha256-BASnpCLodmgiVn0M1MU2Pqyoz0aHwar/0qLkp7CjvSQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c6f52ebd45e5925c188d1a20119978aa4ffd5ef6", + "rev": "f560ccec6b1116b22e6ed15f4c510997d99d5852", "type": "github" }, "original": { @@ -1124,6 +1323,22 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1766070988, + "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nur": { "inputs": { "flake-parts": [ @@ -1149,6 +1364,51 @@ "type": "github" } }, + "nuschtosSearch": { + "inputs": { + "flake-utils": "flake-utils_2", + "ixx": "ixx", + "nixpkgs": [ + "mypackages", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758662783, + "narHash": "sha256-igrxT+/MnmcftPOHEb+XDwAMq3Xg1Xy7kVYQaHhPlAg=", + "owner": "NuschtOS", + "repo": "search", + "rev": "7d4c0fc4ffe3bd64e5630417162e9e04e64b27a4", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "repo": "search", + "type": "github" + } + }, + "nuschtosSearch_2": { + "inputs": { + "flake-utils": "flake-utils_3", + "ixx": "ixx_2", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758662783, + "narHash": "sha256-igrxT+/MnmcftPOHEb+XDwAMq3Xg1Xy7kVYQaHhPlAg=", + "owner": "NuschtOS", + "repo": "search", + "rev": "7d4c0fc4ffe3bd64e5630417162e9e04e64b27a4", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "repo": "search", + "type": "github" + } + }, "pre-commit": { "inputs": { "flake-compat": "flake-compat_3", @@ -1182,11 +1442,11 @@ ] }, "locked": { - "lastModified": 1765016596, - "narHash": "sha256-rhSqPNxDVow7OQKi4qS5H8Au0P4S3AYbawBSmJNUtBQ=", + "lastModified": 1765911976, + "narHash": "sha256-t3T/xm8zstHRLx+pIHxVpQTiySbKqcQbK+r+01XVKc0=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "548fc44fca28a5e81c5d6b846e555e6b9c2a5a3c", + "rev": "b68b780b69702a090c8bb1b973bab13756cc7a27", "type": "github" }, "original": { @@ -1224,12 +1484,15 @@ "disko": "disko", "dms": "dms", "ghostty": "ghostty", + "helium-browser": "helium-browser", "home-manager": "home-manager", "hyprland": "hyprland", "hyprsunset": "hyprsunset", "lanzaboote": "lanzaboote", + "mypackages": "mypackages", "mysecrets": "mysecrets", "niri-flake": "niri-flake", + "nix-bwrapper": "nix-bwrapper_2", "nix-flatpak": "nix-flatpak", "nix-index-database": "nix-index-database", "nixos-cosmic": "nixos-cosmic", @@ -1238,8 +1501,9 @@ "nixpkgs-stable": "nixpkgs-stable", "sops-nix": "sops-nix", "stylix": "stylix", - "systems": "systems", + "systems": "systems_5", "vicinae": "vicinae", + "zen-browser": "zen-browser_2", "zmx": "zmx" } }, @@ -1272,11 +1536,11 @@ ] }, "locked": { - "lastModified": 1731897198, - "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=", + "lastModified": 1766285238, + "narHash": "sha256-DqVXFZ4ToiFHgnxebMWVL70W+U+JOxpmfD37eWD/Qc8=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5", + "rev": "c4249d0c370d573d95e33b472014eae4f2507c2f", "type": "github" }, "original": { @@ -1313,11 +1577,11 @@ ] }, "locked": { - "lastModified": 1765836173, - "narHash": "sha256-hWRYfdH2ONI7HXbqZqW8Q1y9IRbnXWvtvt/ONZovSNY=", + "lastModified": 1766289575, + "narHash": "sha256-BOKCwOQQIP4p9z8DasT5r+qjri3x7sPCOq+FTjY8Z+o=", "owner": "mic92", "repo": "sops-nix", - "rev": "443a7f2e7e118c4fc63b7fae05ab3080dd0e5c63", + "rev": "9836912e37aef546029e48c8749834735a6b9dad", "type": "github" }, "original": { @@ -1349,11 +1613,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1765897595, - "narHash": "sha256-NgTRxiEC5y96zrhdBygnY+mSzk5FWMML39PcRGVJmxg=", + "lastModified": 1766603026, + "narHash": "sha256-J2DDdRqSU4w9NNgkMfmMeaLIof5PXtS9RG7y6ckDvQE=", "owner": "danth", "repo": "stylix", - "rev": "e6829552d4bb659ebab00f08c61d8c62754763f3", + "rev": "551df12ee3ebac52c5712058bd97fd9faa4c3430", "type": "github" }, "original": { @@ -1392,6 +1656,66 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_5": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_6": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tinted-foot": { "flake": false, "locked": { @@ -1473,6 +1797,65 @@ "type": "github" } }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "mypackages", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758728421, + "narHash": "sha256-ySNJ008muQAds2JemiyrWYbwbG+V7S5wg3ZVKGHSFu8=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "5eda4ee8121f97b218f7cc73f5172098d458f1d1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758728421, + "narHash": "sha256-ySNJ008muQAds2JemiyrWYbwbG+V7S5wg3ZVKGHSFu8=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "5eda4ee8121f97b218f7cc73f5172098d458f1d1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "vicinae": { "inputs": { "nixpkgs": [ @@ -1483,11 +1866,11 @@ ] }, "locked": { - "lastModified": 1765982567, - "narHash": "sha256-lii6QTyRYIaQk9eDsvwzSZ1ZlICQoP/sIAWDGlXVpbI=", + "lastModified": 1766796267, + "narHash": "sha256-X0BnS+bb7pj8LwIaTkJeU9CZ8Nqh4sNjyN5JQXggOvc=", "owner": "vicinaehq", "repo": "vicinae", - "rev": "69f8a116929b9bc5f4b0e3b822a148ae657bb9c6", + "rev": "b6229556c2cbabda6ce9c63863b11265b2dba134", "type": "github" }, "original": { @@ -1557,11 +1940,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1765935116, - "narHash": "sha256-lNyckAdrhNKXsi9pNOBYajntNFlWs+BITVoIZuNuwX0=", + "lastModified": 1766429945, + "narHash": "sha256-9Kv4gWagx/u4RfZJzBMAoagW9ava5waxd+XoTkzqF7E=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "979eab242e60cf481a31d9de508a1bdaf2dcf7d4", + "rev": "0dde7ca1d3a8e8c5082533d76084e2aa02bef70e", "type": "github" }, "original": { @@ -1570,6 +1953,45 @@ "type": "github" } }, + "zen-browser": { + "inputs": { + "nixpkgs": [ + "mypackages", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1766377218, + "narHash": "sha256-y3g3OqPB0tmRjbHJNnJKivSQRtAJR+/9S1xbxBWEatg=", + "owner": "youwen5", + "repo": "zen-browser-flake", + "rev": "2f61341b32dd69c07e147188e67e09ba2bb99c33", + "type": "github" + }, + "original": { + "owner": "youwen5", + "repo": "zen-browser-flake", + "type": "github" + } + }, + "zen-browser_2": { + "inputs": { + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1766377218, + "narHash": "sha256-y3g3OqPB0tmRjbHJNnJKivSQRtAJR+/9S1xbxBWEatg=", + "owner": "youwen5", + "repo": "zen-browser-flake", + "rev": "2f61341b32dd69c07e147188e67e09ba2bb99c33", + "type": "github" + }, + "original": { + "owner": "youwen5", + "repo": "zen-browser-flake", + "type": "github" + } + }, "zig": { "inputs": { "flake-compat": [ @@ -1601,7 +2023,7 @@ }, "zig2nix": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_4", "nixpkgs": [ "nixpkgs" ] diff --git a/flake.nix b/flake.nix index 24913fa..84f546a 100644 --- a/flake.nix +++ b/flake.nix @@ -6,14 +6,17 @@ chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable"; # TODO: unpin when refactor is fixed dms.url = "github:AvengeMedia/DankMaterialShell/42a283"; + # TODO: remove disko disko.url = "github:nix-community/disko/latest"; ghostty.url = "github:ghostty-org/ghostty"; home-manager.url = "github:nix-community/home-manager"; hyprland.url = "github:hyprwm/Hyprland"; hyprsunset.url = "github:hyprwm/hyprsunset"; lanzaboote.url = "github:nix-community/lanzaboote"; + mypackages.url = "path:/storage/git/packages-blueprint"; mysecrets.url = "git+ssh://gitea@gitea.linerds.us/unexplrd/nix-secrets"; niri-flake.url = "github:sodiboo/niri-flake"; + nix-bwrapper.url = "github:Naxdy/nix-bwrapper"; nix-flatpak.url = "github:gmodena/nix-flatpak"; nix-index-database.url = "github:nix-community/nix-index-database"; nixos-cosmic.url = "github:lilyinstarlight/nixos-cosmic"; @@ -24,8 +27,11 @@ stylix.url = "github:danth/stylix"; systems.url = "github:nix-systems/default"; vicinae.url = "github:vicinaehq/vicinae"; + zen-browser.url = "github:youwen5/zen-browser-flake"; zmx.url = "github:brittonr/zmx"; + helium-browser.url = "path:/storage/git/helium-browser-nix-flake"; + # the absolute horror of input deduplication blueprint.inputs.nixpkgs.follows = "nixpkgs"; blueprint.inputs.systems.follows = "systems"; chaotic.inputs.home-manager.follows = "home-manager"; @@ -45,9 +51,13 @@ hyprsunset.inputs.nixpkgs.follows = "nixpkgs"; hyprsunset.inputs.systems.follows = "hyprland/systems"; lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; + mypackages.inputs.nixpkgs.follows = "nixpkgs"; mysecrets.flake = false; niri-flake.inputs.nixpkgs-stable.follows = "nixpkgs-stable"; niri-flake.inputs.nixpkgs.follows = "nixpkgs"; + nix-bwrapper.inputs.nixpkgs.follows = "nixpkgs"; + nix-bwrapper.inputs.nuschtosSearch.inputs.nixpkgs.follows = "nixpkgs"; + nix-bwrapper.inputs.treefmt-nix.inputs.nixpkgs.follows = "nixpkgs"; nix-index-database.inputs.nixpkgs.follows = "nixpkgs"; nixos-cosmic.inputs.nixpkgs-stable.follows = "nixpkgs-stable"; nixos-cosmic.inputs.nixpkgs.follows = "nixpkgs"; @@ -57,6 +67,7 @@ vicinae.inputs.nixpkgs.follows = "nixpkgs"; vicinae.inputs.systems.follows = "systems"; zmx.inputs.zig2nix.inputs.nixpkgs.follows = "nixpkgs"; + helium-browser.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = inputs: inputs.blueprint {inherit inputs;}; diff --git a/hosts/sarien/misc/default.nix b/hosts/sarien/misc/default.nix index cbbe9ef..cc8d3bd 100644 --- a/hosts/sarien/misc/default.nix +++ b/hosts/sarien/misc/default.nix @@ -1,5 +1,5 @@ { imports = [ - # ./distributed-build.nix + ./distributed-build.nix ]; } diff --git a/hosts/sarien/misc/distributed-build.nix b/hosts/sarien/misc/distributed-build.nix new file mode 100644 index 0000000..4c8ed8e --- /dev/null +++ b/hosts/sarien/misc/distributed-build.nix @@ -0,0 +1,28 @@ +{ + config, + inputs, + ... +}: let + inherit (builtins) readFile; + inherit (config.networking) hostName; + inherit (config.sops) secrets; + inherit (inputs) mysecrets; + pubHost = readFile "${mysecrets}/ssh/ssh_host_ed25519_dunamis.base64"; +in { + nix = { + distributedBuilds = true; + buildMachines = [ + { + hostName = "dunamis"; + maxJobs = 3; + protocol = "ssh-ng"; + publicHostKey = pubHost; + speedFactor = 2; + sshKey = secrets."ssh-${hostName}-user".path; + sshUser = "nix-ssh"; + supportedFeatures = ["benchmark" "big-parallel" "kvm" "nixos-test"]; + system = "x86_64-linux"; + } + ]; + }; +} diff --git a/justfile b/justfile index 8a90e63..e91e220 100644 --- a/justfile +++ b/justfile @@ -1,5 +1,5 @@ set unstable -flake_path := "/etc/nixos" +flake_path := "path:/etc/nixos" privesc := if which("sudo") != "" { "sudo" @@ -13,22 +13,35 @@ privesc := if which("sudo") != "" { error("No privilege escalation tool found") } +alias b := build +alias sw := switch +alias up := update +alias upp := update-input +alias gc := collect-garbage +alias ca := clean-all + default: @just --list # Rebuild and switch [group('nix')] -sw: - nh os switch {{flake_path}} +build: + nh os build {{flake_path}} + @rm -f result + +# Don't want to enter password 3 times with doas/run0 +[group('nix')] +switch: + {{privesc}} nixos-rebuild switch --flake {{flake_path}} # Update and switch [group('nix')] -up: +update: nh os switch --update {{flake_path}} # Update specific input: `just upp nixpkgs` [group('nix')] -upp input: +update-input input: nix flake update {{input}} # Test @@ -38,12 +51,12 @@ test: # Collect garbage [group('nix')] -gc: +collect-garbage: nix-collect-garbage --delete-old {{privesc}} nix-collect-garbage -d {{privesc}} /run/current-system/bin/switch-to-configuration boot # Run `nh clean all` [group('nix')] -ca: +clean-all: nh clean all diff --git a/modules/hm-programs/fish.nix b/modules/hm-programs/fish.nix deleted file mode 100644 index 91caf35..0000000 --- a/modules/hm-programs/fish.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: let - inherit (lib) mkIf mkEnableOption getExe; -in { - programs = { - atuin = { - enable = true; - flags = [ - "--disable-up-arrow" - ]; - }; - fish = { - enable = true; # friendly interactive shell in rust - shellAliases = { - cd = "z"; - ed = "$EDITOR"; - jf = "jj-fzf"; # think of jeff - jo = "joshuto"; # think of josh - l = "ls -lah"; - la = "ls -ah"; - ll = "ls -lh"; - p = "pueue"; - s = "systemctl"; - stui = "systemctl-tui"; - }; - shellAbbrs = { - pa = "pueue add --"; - pl = "pueue log"; - }; - interactiveShellInit = '' - bind \e\[3\;5~ kill-word - bind \cH backward-kill-word - set fish_greeting - set fish_cursor_default block blink - # ${getExe pkgs.bat-extras.batman} --export-env | source - if test -e ~/.profile; source ~/.profile; end - ''; - }; - }; -} diff --git a/modules/home/desktop/dms/programs/niri.nix b/modules/home/desktop/dms/programs/niri.nix index d806f11..27a2d16 100644 --- a/modules/home/desktop/dms/programs/niri.nix +++ b/modules/home/desktop/dms/programs/niri.nix @@ -57,7 +57,7 @@ in { variant = "colemak_dh" + ( - if osConfig.module.host.name == "dunamis" + if osConfig.unexplrd.host.name == "dunamis" then "_ortho" else "" ) diff --git a/modules/home/desktop/dms/services.nix b/modules/home/desktop/dms/services.nix index 843a584..4f66280 100644 --- a/modules/home/desktop/dms/services.nix +++ b/modules/home/desktop/dms/services.nix @@ -34,11 +34,11 @@ }; }; in { - polkit-agent = mkGraphicalService { - Service = { - Type = "simple"; - ExecStart = pkgs.mate.mate-polkit + "/libexec/polkit-mate-authentication-agent-1"; - }; - }; + # polkit-agent = mkGraphicalService { + # Service = { + # Type = "simple"; + # ExecStart = pkgs.mate.mate-polkit + "/libexec/polkit-mate-authentication-agent-1"; + # }; + # }; }; } diff --git a/modules/home/programs/atuin.nix b/modules/home/programs/atuin.nix new file mode 100644 index 0000000..f44e958 --- /dev/null +++ b/modules/home/programs/atuin.nix @@ -0,0 +1,7 @@ +{ + programs.atuin = { + flags = [ + "--disable-up-arrow" + ]; + }; +} diff --git a/modules/home/programs/default.nix b/modules/home/programs/default.nix index 4f09470..7c82d40 100644 --- a/modules/home/programs/default.nix +++ b/modules/home/programs/default.nix @@ -1,6 +1,15 @@ { imports = [ + ./atuin.nix + ./fish.nix + ./ghostty.nix + ./helix.nix + ./kitty.nix + ./oh-my-posh.nix ./syncthing.nix + ./wezterm.nix ./wl-kbptr.nix + ./yazi.nix + ./zed-editor.nix ]; } diff --git a/modules/home/programs/fish.nix b/modules/home/programs/fish.nix new file mode 100644 index 0000000..8aa9dca --- /dev/null +++ b/modules/home/programs/fish.nix @@ -0,0 +1,34 @@ +{ + pkgs, + lib, + ... +}: let + inherit (lib) getExe; +in { + programs.fish = { + shellAliases = { + cd = "z"; + ed = "$EDITOR"; + jf = "jj-fzf"; # think of jeff + jo = "joshuto"; # think of josh + l = "ls -lah"; + la = "ls -ah"; + ll = "ls -lh"; + p = "pueue"; + s = "systemctl"; + stui = "systemctl-tui"; + }; + shellAbbrs = { + pa = "pueue add --"; + pl = "pueue log"; + }; + interactiveShellInit = '' + bind \e\[3\;5~ kill-word + bind \cH backward-kill-word + set fish_greeting + set fish_cursor_default block blink + # ${getExe pkgs.bat-extras.batman} --export-env | source + if test -e ~/.profile; source ~/.profile; end + ''; + }; +} diff --git a/modules/hm-programs/ghostty.nix b/modules/home/programs/ghostty.nix similarity index 93% rename from modules/hm-programs/ghostty.nix rename to modules/home/programs/ghostty.nix index b81330e..0a23519 100644 --- a/modules/hm-programs/ghostty.nix +++ b/modules/home/programs/ghostty.nix @@ -5,7 +5,6 @@ ... }: { programs.ghostty = { - enable = true; package = perSystem.ghostty.ghostty; settings = { gtk-single-instance = true; diff --git a/modules/hm-programs/helix.nix b/modules/home/programs/helix.nix similarity index 98% rename from modules/hm-programs/helix.nix rename to modules/home/programs/helix.nix index dc7cdd5..3cc13ed 100644 --- a/modules/hm-programs/helix.nix +++ b/modules/home/programs/helix.nix @@ -7,8 +7,7 @@ inherit (lib) getExe; in { programs.helix = { - enable = true; # vim-like editor in rust - defaultEditor = true; + # defaultEditor = true; settings = { editor = { bufferline = "multiple"; diff --git a/modules/hm-programs/kitty.nix b/modules/home/programs/kitty.nix similarity index 91% rename from modules/hm-programs/kitty.nix rename to modules/home/programs/kitty.nix index c23425e..b7bf07e 100644 --- a/modules/hm-programs/kitty.nix +++ b/modules/home/programs/kitty.nix @@ -4,7 +4,6 @@ ... }: { programs.kitty = { - enable = true; settings = { tab_bar_edge = "bottom"; tab_bar_align = "left"; diff --git a/modules/hm-programs/oh-my-posh.nix b/modules/home/programs/oh-my-posh.nix similarity index 99% rename from modules/hm-programs/oh-my-posh.nix rename to modules/home/programs/oh-my-posh.nix index 86b8c58..13c97bb 100644 --- a/modules/hm-programs/oh-my-posh.nix +++ b/modules/home/programs/oh-my-posh.nix @@ -4,7 +4,6 @@ ... }: { programs.oh-my-posh = { - enable = true; settings = { # version = 2; final_space = true; diff --git a/modules/hm-programs/wezterm.nix b/modules/home/programs/wezterm.nix similarity index 99% rename from modules/hm-programs/wezterm.nix rename to modules/home/programs/wezterm.nix index b783ff7..243f18e 100644 --- a/modules/hm-programs/wezterm.nix +++ b/modules/home/programs/wezterm.nix @@ -6,7 +6,6 @@ ... }: { programs.wezterm = { - enable = true; # package = inputs.wezterm.packages.${pkgs.system}.default; extraConfig = let arrows = { diff --git a/modules/hm-programs/yazi.nix b/modules/home/programs/yazi.nix similarity index 96% rename from modules/hm-programs/yazi.nix rename to modules/home/programs/yazi.nix index e44597f..92766e3 100644 --- a/modules/hm-programs/yazi.nix +++ b/modules/home/programs/yazi.nix @@ -5,8 +5,6 @@ ... }: { programs.yazi = { - enable = true; # file manager in rust - enableNushellIntegration = true; shellWrapperName = "y"; settings = { opener = { diff --git a/modules/hm-programs/zed.nix b/modules/home/programs/zed-editor.nix similarity index 98% rename from modules/hm-programs/zed.nix rename to modules/home/programs/zed-editor.nix index 3f2c8fe..7fb8974 100644 --- a/modules/hm-programs/zed.nix +++ b/modules/home/programs/zed-editor.nix @@ -4,10 +4,9 @@ lib, ... }: let - inherit (lib) getExe; + inherit (lib) getExe mkForce; in { programs.zed-editor = { - enable = true; extensions = [ "bash" "fsharp" diff --git a/modules/nixos/desktop/common/default.nix b/modules/nixos/desktop/common/default.nix index 00993b4..ea84d8f 100644 --- a/modules/nixos/desktop/common/default.nix +++ b/modules/nixos/desktop/common/default.nix @@ -6,11 +6,6 @@ ./pipewire.nix ]; fonts.fontDir.enable = true; - security = { - pam = { - services.greetd.enableGnomeKeyring = config.services.greetd.enable && config.services.gnome.gnome-keyring.enable; - }; - }; services.udisks2.enable = true; programs.dconf.enable = true; } diff --git a/modules/nixos/desktop/common/gnome-keyring.nix b/modules/nixos/desktop/common/gnome-keyring.nix index e7da911..e460636 100644 --- a/modules/nixos/desktop/common/gnome-keyring.nix +++ b/modules/nixos/desktop/common/gnome-keyring.nix @@ -5,21 +5,16 @@ ... }: let inherit (lib) mkEnableOption mkIf; - cfg = config.module.desktop.gnome-keyring; + cfg = config.module.gnome-keyring; in { options = { - module.desktop.gnome-keyring.enable = mkEnableOption "enable gnome keyring"; + module.gnome-keyring.enable = mkEnableOption "enable gnome keyring"; }; config = mkIf cfg.enable { - environment.systemPackages = with pkgs; [ - gcr_4 - libsecret - ]; + environment.systemPackages = with pkgs; [gcr_4 libsecret]; programs.seahorse.enable = true; services.gnome.gnome-keyring.enable = true; - xdg.portal.config.common = { - "org.freedesktop.impl.portal.Secret" = ["gnome-keyring"]; - }; + xdg.portal.config.common."org.freedesktop.impl.portal.Secret" = ["gnome-keyring"]; }; } diff --git a/modules/nixos/desktop/common/greeter.nix b/modules/nixos/desktop/common/greeter.nix index 7cb11e6..77678f6 100644 --- a/modules/nixos/desktop/common/greeter.nix +++ b/modules/nixos/desktop/common/greeter.nix @@ -31,6 +31,7 @@ in { }; }) (mkIf (cfg.displayManager == "greetd") { + security.pam.services.greetd.enableGnomeKeyring = config.services.greetd.enable && config.services.gnome.gnome-keyring.enable; programs.regreet.enable = true; services.greetd = { enable = true; diff --git a/modules/nixos/desktop/common/pipewire.nix b/modules/nixos/desktop/common/pipewire.nix index 4c0af56..25ae535 100644 --- a/modules/nixos/desktop/common/pipewire.nix +++ b/modules/nixos/desktop/common/pipewire.nix @@ -5,57 +5,60 @@ }: let inherit (lib) mkEnableOption mkIf; - cfg = config.sound.pipewire; + cfg = config.module.pipewire; in { options = { - sound.pipewire.enable = mkEnableOption "enable pipewire"; + module.pipewire.enable = mkEnableOption "enable pipewire"; }; config = mkIf cfg.enable { - security.rtkit.enable = true; + security.rtkit = { + enable = true; + args = ["--no-canary"]; + }; services.pulseaudio.enable = false; services.pipewire = { enable = true; alsa.enable = true; pulse.enable = true; - - extraConfig = { - pipewire = { - "92-low-latency" = { - "context.properties" = { - "default.clock.rate" = 48000; - "default.clock.allowed-rates" = [ - 44100 - 48000 - 88200 - 96000 - ]; - - "default.clock.min-quantum" = 512; - "default.clock.quantum" = 4096; - "default.clock.max-quantum" = 8192; - }; - }; - - "93-no-resampling" = { - "context.properties" = { - "default.clock.rate" = 48000; - "default.clock.allowed-rates" = [ - 44100 - 48000 - 96000 - 192000 - ]; - }; - }; - - "94-no-upmixing" = { - "stream.properties" = { - "channelmix.upmix" = false; - }; - }; - }; + # extraConfig.pipewire."92-low-latency" = { + # "context.properties" = { + # "default.clock.rate" = 48000; + # "default.clock.quantum" = 32; + # "default.clock.min-quantum" = 32; + # "default.clock.max-quantum" = 32; + # }; + # }; + wireplumber.extraConfig."10-alsa-vm" = { + "api.alsa.period-size" = 1024 / 2; # seems to fix random crackling }; + extraConfig.pipewire-pulse."93-auto-connect" = { + "pulse.cmd" = [ + { + cmd = "load-module"; + args = "module-switch-on-connect"; + } + ]; + }; + # extraConfig.pipewire-pulse."92-low-latency" = { + # "context.properties" = [ + # { + # name = "libpipewire-module-protocol-pulse"; + # args = {}; + # } + # ]; + # "pulse.properties" = { + # "pulse.min.req" = "32/48000"; + # "pulse.default.req" = "32/48000"; + # "pulse.max.req" = "32/48000"; + # "pulse.min.quantum" = "32/48000"; + # "pulse.max.quantum" = "32/48000"; + # }; + # "stream.properties" = { + # "node.latency" = "32/48000"; + # "resample.quality" = 1; + # }; + # }; }; }; } diff --git a/modules/nixos/desktop/cosmic/default.nix b/modules/nixos/desktop/cosmic/default.nix index d76da4b..9a6474f 100644 --- a/modules/nixos/desktop/cosmic/default.nix +++ b/modules/nixos/desktop/cosmic/default.nix @@ -17,7 +17,7 @@ in { }; config = mkIf cfg.enable { module.desktop.displayManager = "cosmic"; - sound.pipewire.enable = true; + module.pipewire.enable = true; environment.sessionVariables.COSMIC_DATA_CONTROL_ENABLED = 1; services.desktopManager.cosmic.enable = true; diff --git a/modules/nixos/desktop/default.nix b/modules/nixos/desktop/default.nix index 0e9293f..7f05925 100644 --- a/modules/nixos/desktop/default.nix +++ b/modules/nixos/desktop/default.nix @@ -4,8 +4,8 @@ ./cosmic ./dms ./gnome - ./hyprland - ./niri - ./plasma + # ./hyprland + # ./niri + # ./plasma ]; } diff --git a/modules/nixos/desktop/dms/default.nix b/modules/nixos/desktop/dms/default.nix index dc314b9..3c0bdb0 100644 --- a/modules/nixos/desktop/dms/default.nix +++ b/modules/nixos/desktop/dms/default.nix @@ -23,26 +23,25 @@ in { enable = true; extraPortals = with pkgs; [xdg-desktop-portal-gnome xdg-desktop-portal-gtk]; config.niri.default = ["gnome" "gtk"]; + config.common."org.freedesktop.impl.portal.Secret" = ["gnome-keyring"]; }; - module.desktop.gnome-keyring.enable = true; - sound.pipewire.enable = true; + module.gnome-keyring.enable = true; + module.pipewire.enable = true; services.gvfs.enable = true; - - programs.niri = { - enable = true; - package = perSystem.niri-flake.niri-unstable; - }; - systemd.user.services.niri-flake-polkit.enable = false; - programs.dankMaterialShell = { - enable = true; - greeter = { + programs = { + niri.enable = true; + niri.package = perSystem.niri-flake.niri-unstable; + dankMaterialShell = { enable = true; - configHome = "/home/user"; - compositor.name = "niri"; + greeter = { + enable = true; + configHome = "/home/user"; + compositor.name = "niri"; + }; }; }; }; diff --git a/modules/nixos/desktop/gnome/default.nix b/modules/nixos/desktop/gnome/default.nix index 67966d7..c2bffeb 100644 --- a/modules/nixos/desktop/gnome/default.nix +++ b/modules/nixos/desktop/gnome/default.nix @@ -14,7 +14,7 @@ in { config = lib.mkMerge [ (mkIf cfg.enable { module.desktop.displayManager = "gdm"; - sound.pipewire.enable = true; + module.pipewire.enable = true; services.desktopManager.gnome.enable = true; environment.gnome.excludePackages = with pkgs; [ orca diff --git a/modules/nixos/desktop/jay.nix b/modules/nixos/desktop/jay.nix index 3a87650..df566c0 100644 --- a/modules/nixos/desktop/jay.nix +++ b/modules/nixos/desktop/jay.nix @@ -5,7 +5,7 @@ ... }: let inherit (lib) mkIf mkEnableOption getExe; - cfg = config.desktop.niri; + cfg = config.desktop.jay; in { options = { desktop.niri.enable = diff --git a/modules/nixos/desktop/niri/default.nix b/modules/nixos/desktop/niri/default.nix index 15a48dd..94b38c4 100644 --- a/modules/nixos/desktop/niri/default.nix +++ b/modules/nixos/desktop/niri/default.nix @@ -15,11 +15,9 @@ in { }; config = lib.mkMerge [ (mkIf cfg.enable { - module.desktop = { - displayManager = "greetd"; - gnome-keyring.enable = true; - }; - sound.pipewire.enable = true; + module.desktop.displayManager = "greetd"; + module.gnome-keyring.enable = true; + module.pipewire.enable = true; # nixpkgs.overlays = [inputs.niri.overlays.default]; diff --git a/modules/nixos/system/common.nix b/modules/nixos/system/common.nix deleted file mode 100644 index f02f145..0000000 --- a/modules/nixos/system/common.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ - lib, - pkgs, - ... -}: { - boot.tmp.cleanOnBoot = lib.mkDefault true; - - console.font = "${pkgs.spleen}/share/consolefonts/spleen-16x32.psfu"; - - environment = { - ldso32 = null; - # memoryAllocator.provider = "mimalloc"; # weird memory consumption stuff - variables = { - LESS = "-R --mouse"; - }; - }; - - networking.networkmanager.enable = true; - - services.openssh.settings = { - X11Forwarding = false; - KbdInteractiveAuthentication = false; - PasswordAuthentication = false; - UseDns = false; - # unbind gnupg sockets if they exists - StreamLocalBindUnlink = true; - - # Use key exchange algorithms recommended by `nixpkgs#ssh-audit` - KexAlgorithms = [ - "curve25519-sha256" - "curve25519-sha256@libssh.org" - "diffie-hellman-group16-sha512" - "diffie-hellman-group18-sha512" - "sntrup761x25519-sha512@openssh.com" - ]; - }; - - services.journald.extraConfig = '' - SystemMaxUse=1G - ''; - systemd.coredump.extraConfig = '' - Storage=none - ProcessSizeMax=0 - ''; -} diff --git a/modules/nixos/system/default.nix b/modules/nixos/system/default.nix deleted file mode 100644 index cc0f6a2..0000000 --- a/modules/nixos/system/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - imports = [ - ./common.nix - ./misc - ./stylix - ./virt - ]; -} diff --git a/modules/nixos/system/misc/default.nix b/modules/nixos/system/misc/default.nix deleted file mode 100644 index 5b2f67f..0000000 --- a/modules/nixos/system/misc/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - imports = [ - ./opentabletdriver.nix - ./qmk-vial.nix - ]; -} diff --git a/modules/nixos/system/misc/opentabletdriver.nix b/modules/nixos/system/misc/opentabletdriver.nix deleted file mode 100644 index d2fcf65..0000000 --- a/modules/nixos/system/misc/opentabletdriver.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - config, - lib, - ... -}: let - inherit (lib) mkIf mkEnableOption; -in { - options = { - module.misc.opentabletdriver.enable = - mkEnableOption "enables opentabletdriver"; - }; - config = mkIf config.module.misc.opentabletdriver.enable { - hardware.opentabletdriver = { - enable = true; - daemon.enable = true; - blacklistedKernelModules = [ - "hid-uclogic" - "wacom" - ]; - }; - }; -} diff --git a/modules/nixos/system/misc/qmk-vial.nix b/modules/nixos/system/misc/qmk-vial.nix deleted file mode 100644 index 8dd01a3..0000000 --- a/modules/nixos/system/misc/qmk-vial.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - config, - lib, - ... -}: let - inherit (lib) mkIf mkEnableOption; -in { - options = { - module.misc.qmk-vial.enable = - mkEnableOption "adds a udev rule for vial keyboards"; - }; - config = mkIf config.module.misc.qmk-vial.enable { - services.udev.extraRules = '' - KERNEL=="hidraw*", SUBSYSTEM=="hidraw", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl" - ''; - }; -} diff --git a/modules/nixos/system/virt/default.nix b/modules/nixos/system/virt/default.nix deleted file mode 100644 index f2229d6..0000000 --- a/modules/nixos/system/virt/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - imports = [ - ./libvirt.nix - ./podman.nix - ./docker.nix - ]; -} diff --git a/modules/nixos/system/virt/docker.nix b/modules/nixos/system/virt/docker.nix deleted file mode 100644 index 7333aa6..0000000 --- a/modules/nixos/system/virt/docker.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - # pkgs, - config, - lib, - ... -}: -with lib; let - cfg = config.module.virt.docker; -in { - options = { - module.virt.docker.enable = - mkEnableOption "enable docker"; - }; - config = mkIf cfg.enable { - virtualisation.docker = { - enable = true; - rootless = { - enable = true; - setSocketVariable = true; - }; - storageDriver = "btrfs"; - autoPrune.enable = true; - #defaultNetwork.settings = { - # dns_enabled = true; - #}; - }; - virtualisation.oci-containers.backend = "docker"; - }; -} diff --git a/modules/nixos/system/virt/libvirt.nix b/modules/nixos/system/virt/libvirt.nix deleted file mode 100644 index ee70551..0000000 --- a/modules/nixos/system/virt/libvirt.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - pkgs, - config, - lib, - ... -}: -with lib; let - cfg = config.module.virt.libvirt; -in { - options = { - module.virt.libvirt.enable = - mkEnableOption "enables virtualisation"; - }; - config = mkIf cfg.enable { - virtualisation.libvirtd = { - enable = true; - qemu = { - package = pkgs.qemu_kvm; - runAsRoot = false; - swtpm.enable = true; - vhostUserPackages = [pkgs.virtiofsd]; - # ovmf = { - # enable = true; - # packages = [ - # (pkgs.OVMF.override { - # secureBoot = true; - # tpmSupport = true; - # }) - # .fd - # ]; - # }; - }; - }; - }; -} diff --git a/modules/nixos/system/virt/podman.nix b/modules/nixos/system/virt/podman.nix deleted file mode 100644 index 3d7a816..0000000 --- a/modules/nixos/system/virt/podman.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - pkgs, - config, - lib, - ... -}: -with lib; let - cfg = config.module.virt.podman; -in { - options = { - module.virt.podman.enable = - mkEnableOption "enables podman"; - }; - config = mkIf cfg.enable { - virtualisation = { - containers.enable = true; - podman = { - enable = true; - dockerCompat = true; - defaultNetwork.settings.dns_enabled = true; - }; - }; - virtualisation.oci-containers.backend = "podman"; - environment.systemPackages = with pkgs; [ - podman-tui - podman-compose - ]; - }; -} diff --git a/modules/programs-nixos/docker.nix b/modules/programs-nixos/docker.nix new file mode 100644 index 0000000..e04f8d5 --- /dev/null +++ b/modules/programs-nixos/docker.nix @@ -0,0 +1,20 @@ +{ + # pkgs, + config, + lib, + ... +}: { + virtualisation.docker = { + enable = true; + rootless = { + enable = true; + setSocketVariable = true; + }; + storageDriver = "btrfs"; + autoPrune.enable = true; + #defaultNetwork.settings = { + # dns_enabled = true; + #}; + }; + virtualisation.oci-containers.backend = "docker"; +} diff --git a/modules/programs-nixos/libvirt.nix b/modules/programs-nixos/libvirt.nix new file mode 100644 index 0000000..791d9ee --- /dev/null +++ b/modules/programs-nixos/libvirt.nix @@ -0,0 +1,26 @@ +{ + pkgs, + config, + lib, + ... +}: { + virtualisation.libvirtd = { + enable = true; + qemu = { + package = pkgs.qemu_kvm; + runAsRoot = false; + swtpm.enable = true; + vhostUserPackages = [pkgs.virtiofsd]; + # ovmf = { + # enable = true; + # packages = [ + # (pkgs.OVMF.override { + # secureBoot = true; + # tpmSupport = true; + # }) + # .fd + # ]; + # }; + }; + }; +} diff --git a/modules/programs-nixos/opentabletdriver.nix b/modules/programs-nixos/opentabletdriver.nix new file mode 100644 index 0000000..c9c9b5c --- /dev/null +++ b/modules/programs-nixos/opentabletdriver.nix @@ -0,0 +1,14 @@ +{ + config, + lib, + ... +}: { + hardware.opentabletdriver = { + enable = true; + daemon.enable = true; + blacklistedKernelModules = [ + "hid-uclogic" + "wacom" + ]; + }; +} diff --git a/modules/programs-nixos/podman.nix b/modules/programs-nixos/podman.nix new file mode 100644 index 0000000..de4a483 --- /dev/null +++ b/modules/programs-nixos/podman.nix @@ -0,0 +1,20 @@ +{ + pkgs, + config, + lib, + ... +}: { + virtualisation = { + containers.enable = true; + podman = { + enable = true; + dockerCompat = true; + defaultNetwork.settings.dns_enabled = true; + }; + }; + virtualisation.oci-containers.backend = "podman"; + environment.systemPackages = with pkgs; [ + podman-tui + podman-compose + ]; +} diff --git a/modules/programs-nixos/qmk-vial.nix b/modules/programs-nixos/qmk-vial.nix new file mode 100644 index 0000000..b02814e --- /dev/null +++ b/modules/programs-nixos/qmk-vial.nix @@ -0,0 +1,9 @@ +{ + config, + lib, + ... +}: { + services.udev.extraRules = '' + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl" + ''; +} diff --git a/modules/shared/nixos/boot/default.nix b/modules/shared/nixos/boot/default.nix deleted file mode 100644 index 2f08972..0000000 --- a/modules/shared/nixos/boot/default.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - inputs, - pkgs, - ... -}: { - imports = with inputs; [ - chaotic.nixosModules.default - ./loader.nix - ./lanzaboote.nix - ]; - boot = { - consoleLogLevel = 0; - kernel.sysctl."vm.swappiness" = 10; - # kernelPackages = pkgs.linuxPackages_cachyos; - kernelPackages = pkgs.linuxPackages_latest; - plymouth.enable = true; - initrd = { - systemd.enable = true; - }; - }; -} diff --git a/modules/shared/nixos/boot/loader.nix b/modules/shared/nixos/boot/loader.nix deleted file mode 100644 index 338e389..0000000 --- a/modules/shared/nixos/boot/loader.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - config, - lib, - ... -}: { - boot.loader = { - timeout = 0; - efi.canTouchEfiVariables = true; - systemd-boot = { - consoleMode = "auto"; - configurationLimit = lib.mkOverride 1337 10; - }; - }; -} diff --git a/modules/shared/nixos/default.nix b/modules/shared/nixos/default.nix index 3ba5f4a..c2b2033 100644 --- a/modules/shared/nixos/default.nix +++ b/modules/shared/nixos/default.nix @@ -6,23 +6,25 @@ ... }: let inherit (lib) mkDefault mkOption mkEnableOption mkIf; - cfg = config.module.config; + cfg = config.unexplrd.config; + cfgHost = config.unexplrd.host; in { imports = [ - ./boot ./hardware ./misc + ./module/lanzaboote.nix + ./module/locale.nix ./networking ./nix ./security - ./locale.nix + ./stylix ./programs.nix ./services.nix ./sops.nix ./users.nix ]; options = { - module.host = { + unexplrd.host = { name = mkOption { type = lib.types.str; }; @@ -36,7 +38,7 @@ in { type = lib.types.enum ["laptop" "server" "workstation"]; }; }; - module.config = { + unexplrd.config = { laptop.homeRowMods = mkEnableOption "set to have mods on asdfjkl;"; powerSave = mkEnableOption "set to use various power saving daemons"; secureBoot = mkEnableOption "set if secure boot is configured"; @@ -50,11 +52,9 @@ in { }; config = lib.mkMerge [ { - system.stateVersion = config.module.host.stateVersion; - networking = { - hostName = config.module.host.name; - hostId = config.module.host.id; - }; + system.stateVersion = cfgHost.stateVersion; + networking.hostName = cfgHost.name; + networking.hostId = cfgHost.id; } { boot.initrd.systemd.tpm2.enable = mkDefault cfg.tpmDiskUnlock; diff --git a/modules/shared/nixos/misc/default.nix b/modules/shared/nixos/misc/default.nix index 82640cb..006bb5f 100644 --- a/modules/shared/nixos/misc/default.nix +++ b/modules/shared/nixos/misc/default.nix @@ -1,3 +1,59 @@ { - imports = [./slim.nix ./zram.nix]; + lib, + pkgs, + # inputs, + ... +}: { + imports = [ + # inputs.chaotic.nixosModules.default + ./slim.nix + ]; + boot = { + consoleLogLevel = 0; + kernel.sysctl."vm.swappiness" = 10; + plymouth.enable = true; + initrd = { + systemd.enable = true; + }; + + kernelPackages = pkgs.linuxPackages_latest; + # kernelPackages = pkgs.linuxPackages_cachyos; + + loader = { + timeout = 0; + efi.canTouchEfiVariables = true; + systemd-boot = { + consoleMode = "auto"; + configurationLimit = lib.mkOverride 1337 10; + }; + }; + tmp.cleanOnBoot = lib.mkDefault true; + }; + + console.font = "${pkgs.spleen}/share/consolefonts/spleen-16x32.psfu"; + + environment = { + ldso32 = null; + # memoryAllocator.provider = "mimalloc"; # weird memory consumption stuff + variables = { + LESS = "-R --mouse"; + }; + }; + + networking.networkmanager.enable = true; + + services.journald.extraConfig = '' + SystemMaxUse=1G + ''; + systemd.coredump.extraConfig = '' + Storage=none + ProcessSizeMax=0 + ''; + + zramSwap = { + enable = true; + algorithm = "zstd"; + memoryPercent = 25; + priority = 5; + }; } diff --git a/modules/shared/nixos/misc/zram.nix b/modules/shared/nixos/misc/zram.nix deleted file mode 100644 index ff44dcc..0000000 --- a/modules/shared/nixos/misc/zram.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - zramSwap = { - enable = true; - algorithm = "zstd"; - memoryPercent = 25; - priority = 5; - }; -} diff --git a/modules/shared/nixos/boot/lanzaboote.nix b/modules/shared/nixos/module/lanzaboote.nix similarity index 78% rename from modules/shared/nixos/boot/lanzaboote.nix rename to modules/shared/nixos/module/lanzaboote.nix index b690032..eefd959 100644 --- a/modules/shared/nixos/boot/lanzaboote.nix +++ b/modules/shared/nixos/module/lanzaboote.nix @@ -8,7 +8,7 @@ ]; boot = { lanzaboote = { - enable = config.module.config.secureBoot; + enable = config.unexplrd.config.secureBoot; pkiBundle = "/var/lib/sbctl"; }; }; diff --git a/modules/shared/nixos/locale.nix b/modules/shared/nixos/module/locale.nix similarity index 87% rename from modules/shared/nixos/locale.nix rename to modules/shared/nixos/module/locale.nix index 2152c35..42ef302 100644 --- a/modules/shared/nixos/locale.nix +++ b/modules/shared/nixos/module/locale.nix @@ -4,9 +4,10 @@ ... }: let inherit (lib) types mkOption; + cfg = config.unexplrd.config; in { options = { - module.config = { + unexplrd.config = { locale = mkOption { type = types.strMatching "[a-z]{2}_[A-Z]{2}\\.UTF-8"; default = "en_US.UTF-8"; @@ -19,9 +20,9 @@ in { }; }; config = { - time.timeZone = config.module.config.timeZone; + time.timeZone = cfg.timeZone; i18n = let - inherit (config.module.config) locale; + inherit (cfg) locale; in { defaultLocale = locale; extraLocaleSettings = { diff --git a/modules/shared/nixos/networking/default.nix b/modules/shared/nixos/networking/default.nix index 3d78438..8181d1b 100644 --- a/modules/shared/nixos/networking/default.nix +++ b/modules/shared/nixos/networking/default.nix @@ -1,18 +1,11 @@ { - networking = { - hosts = import ./hosts.nix; - networkmanager = { - ethernet.macAddress = "stable"; - wifi = { - macAddress = "random"; - scanRandMacAddress = true; - }; - }; - wireless.iwd = { - settings = { - General.AddressRandomization = "network"; - Settings.AlwaysRandomizeAddress = true; - }; - }; + networking.networkmanager = { + ethernet.macAddress = "stable"; + wifi.macAddress = "random"; + wifi.scanRandMacAddress = true; + }; + networking.wireless.iwd = { + settings.General.AddressRandomization = "network"; + settings.Settings.AlwaysRandomizeAddress = true; }; } diff --git a/modules/shared/nixos/networking/hosts.nix b/modules/shared/nixos/networking/hosts.nix index e45d310..15abef9 100644 --- a/modules/shared/nixos/networking/hosts.nix +++ b/modules/shared/nixos/networking/hosts.nix @@ -1,3 +1,5 @@ { - "192.168.1.42" = ["dunamis"]; + networking.hosts = { + "192.168.1.42" = ["dunamis"]; + }; } diff --git a/modules/shared/nixos/nix/common.nix b/modules/shared/nixos/nix/common.nix index e5e7ff4..dc5cccf 100644 --- a/modules/shared/nixos/nix/common.nix +++ b/modules/shared/nixos/nix/common.nix @@ -1,7 +1,7 @@ { pkgs, # inputs, - config, + # config, lib, ... }: { @@ -15,33 +15,35 @@ automatic = true; dates = ["weekly"]; }; - settings = { - auto-optimise-store = true; - experimental-features = [ - "nix-command" - "flakes" - # for container in builds support - "auto-allocate-uids" - "cgroups" - - # Enable the use of the fetchClosure built-in function in the Nix language. - # "fetch-closure" - - # Allow derivation builders to call Nix, and thus build derivations recursively. - # "recursive-nix" - - # Allow the use of the impure-env setting. - # "configurable-impure-env" - ]; - use-xdg-base-directories = true; - }; }; - # no longer need to pre-allocate build users for everything - nix.settings.auto-allocate-uids = lib.mkDefault true; - # Needs a patch in Nix to work properly: https://github.com/NixOS/nix/pull/13135 - nix.settings.use-cgroups = true; + nix.settings = { + auto-optimise-store = true; + experimental-features = [ + "nix-command" + "flakes" - # for container in builds support - nix.settings.system-features = ["uid-range"]; - systemd.services.nix-daemon.serviceConfig.RestrictNamespaces = lib.mkForce []; # (lib.remove "~cgroup" config.systemd.services.nix-daemon.serviceConfig.RestrictNamespaces); + # for container in builds support + "auto-allocate-uids" + "cgroups" + + # Enable the use of the fetchClosure built-in function in the Nix language. + # "fetch-closure" + + # Allow derivation builders to call Nix, and thus build derivations recursively. + # "recursive-nix" + + # Allow the use of the impure-env setting. + # "configurable-impure-env" + ]; + # no longer need to pre-allocate build users for everything + auto-allocate-uids = lib.mkDefault true; + + # Needs a patch in Nix to work properly: https://github.com/NixOS/nix/pull/13135 + use-cgroups = true; + + # for container in builds support + system-features = ["uid-range"]; + + use-xdg-base-directories = true; + }; } diff --git a/modules/shared/nixos/nix/default.nix b/modules/shared/nixos/nix/default.nix index 398a988..8337c0f 100644 --- a/modules/shared/nixos/nix/default.nix +++ b/modules/shared/nixos/nix/default.nix @@ -1,7 +1,6 @@ { imports = [ ./common.nix - ./distibuted-build.nix ./substituters.nix ]; } diff --git a/modules/shared/nixos/nix/distibuted-build.nix b/modules/shared/nixos/nix/distibuted-build.nix deleted file mode 100644 index 66b46ef..0000000 --- a/modules/shared/nixos/nix/distibuted-build.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ - config, - inputs, - lib, - ... -}: let - isBuildHost = config.module.host.name == "dunamis"; -in { - config = lib.mkMerge [ - (lib.mkIf isBuildHost { - nix = let - inherit (builtins) readFile; - inherit (config.users.users) user; - in { - sshServe = { - enable = true; - keys = map (f: readFile f) user.openssh.authorizedKeys.keyFiles; - protocol = "ssh-ng"; - trusted = true; - write = true; - }; - }; - }) - (lib.mkIf (!isBuildHost) { - nix = let - inherit (builtins) readFile; - inherit (config.networking) hostName; - inherit (config.sops) secrets; - inherit (inputs) mysecrets; - pubHost = readFile "${mysecrets}/ssh/ssh_host_ed25519_dunamis.base64"; - in { - distributedBuilds = true; - buildMachines = [ - { - hostName = "dunamis"; - maxJobs = 3; - protocol = "ssh-ng"; - publicHostKey = pubHost; - speedFactor = 2; - sshKey = secrets."ssh-${hostName}-user".path; - sshUser = "nix-ssh"; - supportedFeatures = ["benchmark" "big-parallel" "kvm" "nixos-test"]; - system = "x86_64-linux"; - } - ]; - }; - }) - ]; -} diff --git a/modules/shared/nixos/programs.nix b/modules/shared/nixos/programs.nix index c24da69..a21576b 100644 --- a/modules/shared/nixos/programs.nix +++ b/modules/shared/nixos/programs.nix @@ -14,6 +14,7 @@ }; environment.systemPackages = with pkgs; [ (lib.hiPrio uutils-coreutils-noprefix) + git helix nushell ]; diff --git a/modules/shared/nixos/security/boot.nix b/modules/shared/nixos/security/boot.nix index 6390055..c6cabf5 100644 --- a/modules/shared/nixos/security/boot.nix +++ b/modules/shared/nixos/security/boot.nix @@ -66,7 +66,7 @@ # Userspace # restrict usage of ptrace - "kernel.yama.ptrace_scope" = 2; + # "kernel.yama.ptrace_scope" = 2; # breaks anti-cheat # ASLR memory protection (64-bit systems) "vm.mmap_rnd_bits" = 32; @@ -94,8 +94,8 @@ "net.core.default_qdisc" = "cake"; }; boot.kernelParams = [ - "systemd.unified_cgroup_hierarchy=1" - "cgroup_no_v1=all" + # "systemd.unified_cgroup_hierarchy=1" + # "cgroup_no_v1=all" "amd_iommu=force_isolation" "debugfs=off" "efi=disable_early_pci_dma" diff --git a/modules/shared/nixos/security/coredump.nix b/modules/shared/nixos/security/coredump.nix new file mode 100644 index 0000000..3316531 --- /dev/null +++ b/modules/shared/nixos/security/coredump.nix @@ -0,0 +1,11 @@ +{ + security.pam.loginLimits = [ + { + domain = "*"; # Applies to all users/sessions + type = "-"; # Set both soft and hard limits + item = "core"; # The soft/hard limit item + value = "0"; # Core dumps size is limited to 0 (effectively disabled) + } + ]; + systemd.coredump.enable = false; +} diff --git a/modules/shared/nixos/security/default.nix b/modules/shared/nixos/security/default.nix index 04bf959..1f09627 100644 --- a/modules/shared/nixos/security/default.nix +++ b/modules/shared/nixos/security/default.nix @@ -4,44 +4,39 @@ pkgs, ... }: let - inherit (lib) mkIf mkDefault; - systemd-services-hardened = fetchGit { - url = "https://github.com/wallago/nix-system-services-hardened.git"; - ref = "main"; - rev = "3c6c8738868277aa145e0f17c645172b1c9d81e3"; - }; - fromHardened = a: map (f: "${systemd-services-hardened}/services/${f}.nix") a; + inherit (lib) mkIf; in { - imports = - [./boot.nix ./ssh.nix] - ++ fromHardened [ - "accounts-daemon" - "getty" - # "nix-daemon" # TODO: breaks cgroups, ... - "nscd" - "rescue" - "sshd" - "systemd-machined" - "systemd-rfkill" - "systemd-udevd" - ]; + imports = [ + ./boot.nix + ./coredump.nix + ./services.nix + ./ssh.nix + ]; + networking.modemmanager.enable = false; + + nix.settings.allowed-users = ["@users"]; + nix.settings.trusted-users = ["@wheel"]; + + environment.systemPackages = with pkgs; [ + (mkIf config.security.doas.enable doas-sudo-shim) + ]; + security = lib.attrsets.recursiveUpdate { # doas.enable = true; polkit.enable = true; sudo-rs.enable = false; sudo.enable = false; + + wrappers = { + newgrp.enable = false; + pkexec.enable = false; + sg.enable = false; + su.enable = false; + }; } { sudo-rs.execWheelOnly = true; - pam.loginLimits = [ - { - domain = "*"; # Applies to all users/sessions - type = "-"; # Set both soft and hard limits - item = "core"; # The soft/hard limit item - value = "0"; # Core dumps size is limited to 0 (effectively disabled) - } - ]; # pam.sshAgentAuth.enable = true; polkit.extraConfig = '' polkit.addRule(function(action, subject) { @@ -61,25 +56,20 @@ in { ''; }; - environment.systemPackages = with pkgs; [ - (mkIf config.security.doas.enable doas-sudo-shim) # if doas install doas sudo shim - ]; - systemd.coredump.enable = false; - services = { - chrony = { - enable = true; - enableNTS = true; - servers = [ - "time.cloudflare.com iburst nts" - "ntppool1.time.nl iburst nts" - "nts.netnod.se iburst nts" - "ptbtime1.ptb.de iburst nts" - "time.dfm.dk iburst nts" - "time.cifelli.xyz iburst nts" - ]; - }; - dbus.implementation = "broker"; + services.dbus.implementation = "broker"; + services.chrony = { + enable = true; + enableRTCTrimming = false; + enableNTS = true; + extraConfig = "rtcsync"; + extraFlags = ["-r" "-s"]; + servers = [ + "time.cloudflare.com iburst nts" + "ntppool1.time.nl iburst nts" + "nts.netnod.se iburst nts" + "ptbtime1.ptb.de iburst nts" + "time.dfm.dk iburst nts" + "time.cifelli.xyz iburst nts" + ]; }; - - nix.settings.allowed-users = mkDefault ["@users"]; } diff --git a/modules/shared/nixos/security/services.nix b/modules/shared/nixos/security/services.nix new file mode 100644 index 0000000..706670b --- /dev/null +++ b/modules/shared/nixos/security/services.nix @@ -0,0 +1,29 @@ +{ + # config, + lib, + # pkgs, + ... +}: let + systemd-services-hardened = fetchGit { + url = "https://github.com/wallago/nix-system-services-hardened.git"; + ref = "main"; + rev = "3c6c8738868277aa145e0f17c645172b1c9d81e3"; + }; + fromHardened = a: map (f: "${systemd-services-hardened}/services/${f}.nix") a; +in { + imports = fromHardened [ + "accounts-daemon" + "getty" + # "nix-daemon" # TODO: breaks cgroups, ... + "nscd" + "rescue" + "sshd" + "systemd-machined" + "systemd-rfkill" + "systemd-udevd" + ]; + systemd.services = { + nix-daemon.serviceConfig.RestrictNamespaces = lib.mkForce []; + sshd.serviceConfig.ProtectHome = lib.mkForce "no"; + }; +} diff --git a/modules/shared/nixos/services.nix b/modules/shared/nixos/services.nix index 60bbcd2..5d34b29 100644 --- a/modules/shared/nixos/services.nix +++ b/modules/shared/nixos/services.nix @@ -3,7 +3,7 @@ lib.attrsets.recursiveUpdate { # hardware.openrgb.enable = true; avahi.enable = true; - dnscrypt-proxy.enable = true; + # dnscrypt-proxy.enable = true; flatpak.enable = true; fstrim.enable = true; fwupd.enable = true; diff --git a/modules/nixos/system/stylix/default.nix b/modules/shared/nixos/stylix/default.nix similarity index 99% rename from modules/nixos/system/stylix/default.nix rename to modules/shared/nixos/stylix/default.nix index 67616a6..f8de81e 100644 --- a/modules/nixos/system/stylix/default.nix +++ b/modules/shared/nixos/stylix/default.nix @@ -9,7 +9,7 @@ inherit (lib) optionalAttrs; inherit (lib.types) bool str; - cfg = config.module.stylix; + cfg = config.unexplrd.stylix; fromBase16Schemes = f: "${pkgs.base16-schemes}/share/themes/${f}.yaml"; @@ -312,7 +312,7 @@ in { ]; options = { - module.stylix = { + unexplrd.stylix = { enable = mkEnableOption "enable stylix"; useCursor = mkOption { diff --git a/modules/nixos/system/stylix/wallpapers.nix b/modules/shared/nixos/stylix/wallpapers.nix similarity index 100% rename from modules/nixos/system/stylix/wallpapers.nix rename to modules/shared/nixos/stylix/wallpapers.nix diff --git a/modules/shared/nixos/users.nix b/modules/shared/nixos/users.nix index 05b4181..46570d0 100644 --- a/modules/shared/nixos/users.nix +++ b/modules/shared/nixos/users.nix @@ -2,20 +2,18 @@ inputs, config, pkgs, - lib, ... }: let - inherit (config.networking) hostName; inherit (config.sops) secrets; inherit (inputs) mysecrets; sshKeys = f: "${mysecrets}/ssh/user/id_${f}_ed25519.pub"; in { - users.groups.admin = {}; + users = { + mutableUsers = false; - nix.settings.trusted-users = ["user" "admin"]; - users.mutableUsers = false; - users.users = { - admin = { + # groups.admin = {}; + + users.admin = { isNormalUser = true; description = "System administrator"; extraGroups = ["wheel"]; # wheel = sudo @@ -28,7 +26,7 @@ in { "sarien" ]; }; - user = { + users.user = { extraGroups = ["video" "libvirtd" "dialout"]; hashedPasswordFile = secrets."user-password-hashed".path; isNormalUser = true; diff --git a/modules/users/user/common.nix b/modules/users/user/common.nix index c97e05d..7734cf3 100644 --- a/modules/users/user/common.nix +++ b/modules/users/user/common.nix @@ -33,5 +33,5 @@ music = homeDir "music"; }; - dconf.settings."org/gnome/desktop/interface".enable-animations = false; + # dconf.settings."org/gnome/desktop/interface".enable-animations = false; } diff --git a/modules/users/user/default.nix b/modules/users/user/default.nix index 8499b4a..d96f163 100644 --- a/modules/users/user/default.nix +++ b/modules/users/user/default.nix @@ -3,5 +3,6 @@ ./common.nix ./flatpak.nix ./programs.nix + ./services.nix ]; } diff --git a/modules/users/user/flatpak.nix b/modules/users/user/flatpak.nix index c9170ee..7944f95 100644 --- a/modules/users/user/flatpak.nix +++ b/modules/users/user/flatpak.nix @@ -1,5 +1,7 @@ { + config, inputs, + lib, pkgs, ... }: { @@ -34,9 +36,7 @@ "com.github.PintaProject.Pinta" # bootleg paint "org.gimp.GIMP" # the holy gimp "org.kde.kdenlive" # video editor - { - appId = "com.collabora.Office"; - } + "com.collabora.Office" # libreoffice but pretty pixel-wasting ui ] ++ [ # chatting @@ -71,10 +71,10 @@ "com.bitwarden.desktop" "com.github.johnfactotum.Foliate" # book reader "com.github.tchx84.Flatseal" # control flatpak permissions - "com.logseq.Logseq" + # "com.logseq.Logseq" "com.obsproject.Studio" "com.usebottles.bottles" # wine containers - "de.capypara.FieldMonitor" # libvirt + "de.capypara.FieldMonitor" # qemu and rdp/vnc client "org.qbittorrent.qBittorrent" # torrents "io.github.amit9838.mousam" # weather "io.github.finefindus.Hieroglyphic" # find latex symbols (in rust) @@ -83,6 +83,7 @@ "md.obsidian.Obsidian" "me.iepure.devtoolbox" # some cool utils "org.nicotine_plus.Nicotine" # soulseek + (lib.mkIf config.programs.distrobox.enable "com.ranfdev.DistroShelf") ]; overrides = let homeNoNetwork = { diff --git a/modules/users/user/programs.nix b/modules/users/user/programs.nix index 64ebf6e..2c9da9d 100644 --- a/modules/users/user/programs.nix +++ b/modules/users/user/programs.nix @@ -11,18 +11,9 @@ inherit (osConfig.virtualisation) libvirtd; inherit (osConfig.hardware) bluetooth; in { - imports = with flake.modules.hm-programs; - [ - yazi - helix - fish - oh-my-posh - wezterm - ghostty - ] - ++ [./vicinae.nix]; - - syncthing.enable = true; + imports = with flake.homeModules; [ + programs + ]; systemd.user.settings.Manager.DefaultEnvironment = { TERMINAL = "wezterm"; @@ -37,14 +28,19 @@ in { # NPM_CONFIG_TMP = ''"$XDG_RUNTIME_DIR"/npm''; }; - services = { - # pueue.enable = true; # process queue in rust - ssh-agent.enable = true; - }; - programs = lib.attrsets.recursiveUpdate { + atuin.enable = true; + fish.enable = true; # friendly interactive shell in rust + oh-my-posh.enable = true; + + helix.enable = true; + yazi.enable = true; + + wezterm.enable = true; + ghostty.enable = true; + bat.enable = true; # cat in rust btop.enable = true; # direnv.enable = true; @@ -60,6 +56,7 @@ in { nix-index-database.comma.enable = true; nix-index.enable = true; nix-your-shell.enable = true; + obsidian.enable = true; pay-respects.enable = true; # thefuck in rust ripgrep.enable = true; # grep in rust zellij.enable = true; @@ -68,16 +65,31 @@ in { } { btop.settings.update_ms = 200; + btop.package = pkgs.btop-rocm; difftastic.git.enable = true; difftastic.git.diffToolMode = true; - git.signing.format = "ssh"; + helix.defaultEditor = true; + git.signing.format = "ssh"; git.settings.alias.cl = "clone"; git.settings.alias.co = "checkout"; keychain.keys = ["id_ed25519"]; + + obsidian.package = perSystem.mypackages.obsidian-bwrapped.override { + bwrapperOpts = { + sockets.x11 = false; + mounts.readWrite = [ + "$HOME/Obsidian" + ]; + }; + }; + # obsidian.vaults = { + # personal.target = "Obsidian/Personal"; + # university.target = "Obsidian/University"; + # }; }; home.packages = with pkgs; @@ -103,6 +115,70 @@ in { systemctl-tui # systemctl tui in rust trashy # trash cli in rust up # ultimate plumber in go + + (perSystem.mypackages.prismlauncher-bwrapped.override { + addPkgs = with pkgs; [mangohud gamemode gamescope glfw3-minecraft]; + packageOverrides = { + jdks = with pkgs; [ + # graalvmPackages.graalvm-ce + # zulu8 + zulu17 + zulu + ]; + }; + }) + (perSystem.mypackages.zen-browser-bwrapped.override { + bwrapperOpts = { + sockets.x11 = false; + }; + }) + (perSystem.mypackages.legcord-bwrapped.override { + bwrapperOpts = { + sockets.x11 = false; + }; + }) + (perSystem.mypackages.helium-browser-bwrapped.override { + bwrapperOpts = { + sockets.x11 = false; + mounts.readWrite = [ + # "$XDG_DOCUMENTS_DIR" + "$XDG_DOWNLOAD_DIR" + # "$XDG_MUSIC_DIR" + # "$XDG_VIDEOS_DIR" + # "$XDG_PICTURES_DIR" + ]; + }; + }) + (pkgs.mkBwrapper rec { + app = { + addPkgs = with pkgs; [mangohud gamemode gamescope]; + package = pkgs.heroic.override { + extraPkgs = pkgs: app.addPkgs; + }; + id = "com.heroicgameslauncher.hgl_bwrapper"; + runScript = "heroic"; + # isFhsenv = true; + }; + dbus.session.talks = [ + "com.canonical.Unity" + "org.freedesktop.Notifications" + "org.freedesktop.PowerManagement" + "org.freedesktop.ScreenSaver" + "org.gnome.SettingsDaemon.MediaKeys" + "org.kde.StatusNotifierWatcher" + ]; + dbus.system.talks = [ + "org.freedesktop.UDisks2" + "org.freedesktop.UPower" + ]; + mounts.readWrite = [ + "/storage/games/heroic" + "$HOME/.config/wine-tools" + ]; + mounts.read = [ + "$XDG_CONFIG_HOME/mangohud" + ]; + }) ] ++ [ (pkgs.writeShellApplication { @@ -150,6 +226,8 @@ in { # sonusmix # pipewire routing tool in rust ]; + xdg.systemDirs.data = ["/home/user/.bwrapper/helium/local/share"]; + # xdg.desktopEntries.uni = { # actions."Copy".exec = "fish -c \"~/.local/bin/uni --copy\""; # categories = ["Utility" "X-Launch" "Network"]; diff --git a/modules/users/user/services.nix b/modules/users/user/services.nix new file mode 100644 index 0000000..766b48e --- /dev/null +++ b/modules/users/user/services.nix @@ -0,0 +1,17 @@ +{inputs, ...}: { + imports = [inputs.vicinae.homeManagerModules.default]; + + syncthing.enable = true; + + services.easyeffects.enable = true; + + # services.pueue.enable = true; # process queue in rust + services.ssh-agent.enable = true; + + services.vicinae = { + enable = true; + systemd.enable = true; + }; + + xdg.configFile."vicinae/settings.json".enable = false; +} diff --git a/modules/users/user/vicinae.nix b/modules/users/user/vicinae.nix deleted file mode 100644 index 73342df..0000000 --- a/modules/users/user/vicinae.nix +++ /dev/null @@ -1,7 +0,0 @@ -{inputs, ...}: { - imports = [inputs.vicinae.homeManagerModules.default]; - - services.vicinae.enable = true; - - xdg.configFile."vicinae/vicinae.json".enable = false; -}