karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Review shell scripts

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2025-01-22 14:07:22 +00:00
parent 8f94687b2b
commit bcbda92c46
27 changed files with 273 additions and 259 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
hosts/common/configs/system/backup/backup.sh
View File

@@ -1,4 +1,4 @@
if [[ "${EUID}" -ne 0 ]]; then if [[ "$EUID" -ne 0 ]]; then
echo "Please run the script as root." echo "Please run the script as root."
exit 1 exit 1
fi fi
@@ -10,11 +10,11 @@ usage() {
cleanup() { cleanup() {
if [ -d "/persist.bak" ]; then btrfs -q subvolume delete "/persist.bak"; fi if [ -d "/persist.bak" ]; then btrfs -q subvolume delete "/persist.bak"; fi
if [ -n "${backup_location}" ]; then rm -f "${backup_location}.tmp"; fi if [ -n "$backup_location" ]; then rm -f "$backup_location.tmp"; fi
if [ -n "${mount_location}" ]; then if [ -n "$mount_location" ]; then
if mount | grep -q "${mount_location}"; then umount "${mount_location}"; fi if mount | grep -q "$mount_location"; then umount "$mount_location"; fi
if [ -d "${mount_location}" ]; then rmdir "${mount_location}"; fi if [ -d "$mount_location" ]; then rmdir "$mount_location"; fi
fi fi
} }
@@ -25,40 +25,40 @@ mount_location=""
trap cleanup EXIT trap cleanup EXIT
while getopts "m:b:" opt; do while getopts "m:b:" opt; do
case "${opt}" in case "$opt" in
m) partition="${OPTARG}" ;; m) partition="$OPTARG" ;;
b) backup_location="${OPTARG}" ;; b) backup_location="$OPTARG" ;;
*) usage ;; *) usage ;;
esac esac
done done
if [ -n "${partition}" ]; then if [ -n "$partition" ]; then
mount_location=$(mktemp -d /mnt/backup.XXXXXX) mount_location=$(mktemp -d /mnt/backup.XXXXXX)
echo "Mounting ${partition} at ${mount_location}..." echo "Mounting $partition at $mount_location..."
mount "${partition}" "${mount_location}" mount "$partition" "$mount_location"
fi fi
if [ -z "${mount_location}" ]; then if [ -z "$mount_location" ]; then
if [[ "${backup_location}" != /* ]]; then if [[ "$backup_location" != /* ]]; then
backup_location="$(realpath "${backup_location}")" backup_location="$(realpath "$backup_location")"
fi fi
else else
if [[ "${backup_location}" = /* ]]; then if [[ "$backup_location" = /* ]]; then
echo "Error: When a partition is mounted, backup_location must be relative." echo "Error: When a partition is mounted, backup_location must be relative."
exit 1 exit 1
fi fi
backup_location="$(realpath "${mount_location}/${backup_location}")" backup_location="$(realpath "$mount_location/$backup_location")"
fi fi
backup_location="${backup_location}/$(hostname)-$(date +%Y-%m-%d-%H-%M-%S).btrfs.gz" backup_location="$backup_location/$(hostname)-$(date +%Y-%m-%d-%H-%M-%S).btrfs.gz"
echo "Creating /persist snapshot..." echo "Creating /persist snapshot..."
btrfs -q subvolume snapshot -r "/persist" "/persist.bak" btrfs -q subvolume snapshot -r "/persist" "/persist.bak"
echo "Creating backup at ${backup_location}..." echo "Creating backup at $backup_location..."
btrfs -q send "/persist.bak" | gzip > "${backup_location}.tmp" btrfs -q send "/persist.bak" | gzip > "$backup_location.tmp"
mv "${backup_location}.tmp" "${backup_location}" mv "$backup_location.tmp" "$backup_location"
echo "Backup completed successfully!" echo "Backup completed successfully!"

18
hosts/common/configs/system/impermanence/scripts/start.sh
View File

@@ -1,19 +1,19 @@
echo "Starting impermanence mount with source: ${source}, target: ${target}, path: ${path}." echo "Starting impermanence mount with source: $source, target: $target, path: $path."
source_current="${source}" source_current="$source"
target_current="${target}" target_current="$target"
IFS='/' read -ra path_parts <<< "${path}" IFS='/' read -ra path_parts <<< "$path"
unset "path_parts[-1]" unset "path_parts[-1]"
for part in "${path_parts[@]}"; do for part in "${path_parts[@]}"; do
source_current="${source_current}/${part}" source_current="$source_current/$part"
target_current="${target_current}/${part}" target_current="$target_current/$part"
if [[ ! -d "${source_current}" ]]; then if [[ ! -d "$source_current" ]]; then
break break
fi fi
read -r mode owner group <<< "$(stat -c '%a %u %g' "${source_current}")" read -r mode owner group <<< "$(stat -c '%a %u %g' "$source_current")"
install -d -m "${mode}" -o "${owner}" -g "${group}" "${target_current}" install -d -m "$mode" -o "$owner" -g "$group" "$target_current"
done done

34
hosts/common/configs/system/impermanence/scripts/stop.sh
View File

@@ -1,38 +1,38 @@
echo "Stopping impermanence mount with source: ${source}, target: ${target}, path: ${path}." echo "Stopping impermanence mount with source: $source, target: $target, path: $path."
source_current="${source}" source_current="$source"
target_current="${target}" target_current="$target"
IFS='/' read -ra path_parts <<< "${path}" IFS='/' read -ra path_parts <<< "$path"
unset "path_parts[-1]" unset "path_parts[-1]"
for part in "${path_parts[@]}"; do for part in "${path_parts[@]}"; do
source_current="${source_current}/${part}" source_current="$source_current/$part"
target_current="${target_current}/${part}" target_current="$target_current/$part"
if [[ ! -d "${target_current}" ]]; then if [[ ! -d "$target_current" ]]; then
break break
fi fi
if [[ -d "${source_current}" ]]; then if [[ -d "$source_current" ]]; then
continue continue
fi fi
read -r mode owner group <<< "$(stat -c '%a %u %g' "${target_current}")" read -r mode owner group <<< "$(stat -c '%a %u %g' "$target_current")"
install -d -m "${mode}" -o "${owner}" -g "${group}" "${source_current}" install -d -m "$mode" -o "$owner" -g "$group" "$source_current"
done done
source=$(realpath -m "${source}/${path}") source=$(realpath -m "$source/$path")
target=$(realpath -m "${target}/${path}") target=$(realpath -m "$target/$path")
if [[ ! -e "${target}" ]] || { [[ -d "${target}" ]] && [[ -z "$(ls -A "${target}")" ]]; } || { [[ -f "${target}" ]] && [[ ! -s "${target}" ]]; }; then if [[ ! -e "$target" ]] || { [[ -d "$target" ]] && [[ -z "$(ls -A "$target")" ]]; } || { [[ -f "$target" ]] && [[ ! -s "$target" ]]; }; then
exit 0 exit 0
fi fi
if [[ -e "${source}" ]]; then if [[ -e "$source" ]]; then
>&2 echo "Error: Source ${source} already exists. Cannot move ${target} to ${source}." >&2 echo "Error: Source $source already exists. Cannot move $target to $source."
exit 1 exit 1
fi fi
echo "Moving target ${target} to source ${source}." echo "Moving target $target to source $source."
mv "${target}" "${source}" mv "$target" "$source"

4
hosts/common/configs/system/impermanence/scripts/wipe.sh
View File

@@ -17,11 +17,11 @@ mount "/dev/mapper/$DEVICE" /mnt/btrfs
if [[ -e /mnt/btrfs/@ ]]; then if [[ -e /mnt/btrfs/@ ]]; then
mkdir -p /mnt/btrfs/@.bak mkdir -p /mnt/btrfs/@.bak
timestamp=$(date --date="@$(stat -c %Y /mnt/btrfs/@)" "+%Y-%m-%d_%H:%M:%S") timestamp=$(date --date="@$(stat -c %Y /mnt/btrfs/@)" "+%Y-%m-%d_%H:%M:%S")
mv /mnt/btrfs/@ "/mnt/btrfs/@.bak/${timestamp}" mv /mnt/btrfs/@ "/mnt/btrfs/@.bak/$timestamp"
fi fi
find /mnt/btrfs/@.bak/ -maxdepth 1 -mtime +14 | while IFS= read -r i; do find /mnt/btrfs/@.bak/ -maxdepth 1 -mtime +14 | while IFS= read -r i; do
delete_subvolume_recursively "${i}" delete_subvolume_recursively "$i"
done done
btrfs subvolume create /mnt/btrfs/@ btrfs subvolume create /mnt/btrfs/@

2
hosts/common/configs/system/nix-cleanup/cleanup.sh
View File

@@ -27,7 +27,7 @@ mount "/dev/mapper/$DEVICE" /mnt/btrfs
if [[ -e /mnt/btrfs/@.bak ]]; then if [[ -e /mnt/btrfs/@.bak ]]; then
if [[ -n "$(ls -A /mnt/btrfs/@.bak)" ]]; then if [[ -n "$(ls -A /mnt/btrfs/@.bak)" ]]; then
for i in /mnt/btrfs/@.bak/*; do for i in /mnt/btrfs/@.bak/*; do
delete_subvolume_recursively "${i}" delete_subvolume_recursively "$i"
done done
else else
echo "/mnt/btrfs/@.bak is empty. Nothing to delete." echo "/mnt/btrfs/@.bak is empty. Nothing to delete."

15
hosts/common/configs/system/nix-install/install.completion.zsh
View File

@@ -1,6 +1,5 @@
_nix-install_completion() { _nix-install_completion() {
local -a options local options=(
options=(
'1:flake:_directories' '1:flake:_directories'
'-m[Mode: 'install' or 'repair']:mode:(install repair)' '-m[Mode: 'install' or 'repair']:mode:(install repair)'
'-h[Host to configure]:host:($(_list_hosts))' '-h[Host to configure]:host:($(_list_hosts))'
@@ -11,16 +10,16 @@ _nix-install_completion() {
) )
_list_hosts() { _list_hosts() {
flake="$(realpath ${words[2]})" local flake="$(realpath ${words[2]})"
if [[ -f "${flake}/flake.nix" ]]; then if [[ -f "$flake/flake.nix" ]]; then
nix flake show --quiet --json "${flake}" 2>/dev/null | jq -r '.nixosConfigurations | keys[]' nix flake show --quiet --json "$flake" 2>/dev/null | jq -r '.nixosConfigurations | keys[]'
fi fi
} }
_list_keys() { _list_keys() {
flake="$(realpath ${words[2]})" local flake="$(realpath ${words[2]})"
if [[ -d "${flake}/secrets" ]]; then if [[ -d "$flake/secrets" ]]; then
find "${flake}/secrets" -type f -name 'key.txt' | sed -E 's|^.*/secrets/([^/]+)/key.txt$|\1|' | sort -u find "$flake/secrets" -type f -name 'key.txt' | sed -E 's|^.*/secrets/([^/]+)/key.txt$|\1|' | sort -u
fi fi
} }

81
hosts/common/configs/system/nix-install/install.sh
View File

@@ -13,7 +13,7 @@ usage() {
} }
check_root() { check_root() {
if [[ "${EUID}" -ne 0 ]]; then if [[ "$EUID" -ne 0 ]]; then
echo "Please run the script as root." echo "Please run the script as root."
exit 1 exit 1
fi fi
@@ -27,41 +27,41 @@ check_network() {
} }
check_flake() { check_flake() {
if [[ ! -f "${flake}/flake.nix" ]]; then if [[ ! -f "$flake/flake.nix" ]]; then
echo "flake.nix not found in ${flake}." echo "flake.nix not found in $flake."
exit 1 exit 1
fi fi
} }
check_host() { check_host() {
if ! nix flake show --quiet --json "${flake}" 2>/dev/null | jq -e ".nixosConfigurations[\"${host}\"]" &>/dev/null; then if ! nix flake show --quiet --json "$flake" 2>/dev/null | jq -e ".nixosConfigurations[\"$host\"]" &>/dev/null; then
echo "Host '${host}' not found in flake." echo "Host '$host' not found in flake."
exit 1 exit 1
fi fi
} }
check_key() { check_key() {
if [[ -n "${key}" ]] && [[ ! -f "${flake}/secrets/${key}/key.txt" ]]; then if [[ -n "$key" ]] && [[ ! -f "$flake/secrets/$key/key.txt" ]]; then
echo "Key '${key}' not found." echo "Key '$key' not found."
exit 1 exit 1
fi fi
} }
set_password_file() { set_password_file() {
if [[ -n "${password_file}" ]]; then if [[ -n "$password_file" ]]; then
if [[ ! -f "${password_file}" ]]; then if [[ ! -f "$password_file" ]]; then
echo "LUKS key file '${password_file}' not found." echo "LUKS key file '$password_file' not found."
exit 1 exit 1
fi fi
ln -sf "${password_file}" /tmp/installer.key ln -sf "$password_file" /tmp/installer.key
else else
echo "Enter password for LUKS encryption:" echo "Enter password for LUKS encryption:"
IFS= read -r -s password IFS= read -r -s password
echo "Enter password again to confirm: " echo "Enter password again to confirm: "
IFS= read -r -s password_check IFS= read -r -s password_check
[ "${password}" != "${password_check}" ] [ "$password" != "$password_check" ]
echo -n "${password}" > /tmp/installer.key echo -n "$password" > /tmp/installer.key
unset password password_check unset password password_check
fi fi
} }
@@ -69,35 +69,34 @@ set_password_file() {
prepare_disk() { prepare_disk() {
local disko_mode="$1" local disko_mode="$1"
root=$(mktemp -d /mnt/install.XXXXXX) root=$(mktemp -d /mnt/install.XXXXXX)
disko -m "${disko_mode}" --yes-wipe-all-disks --root-mountpoint "${root}" "${flake}/hosts/${host}/format.nix" --arg device "\"${device}\"" disko -m "$disko_mode" --yes-wipe-all-disks --root-mountpoint "$root" "$flake/hosts/$host/format.nix" --arg device "\"$device\""
} }
copy_keys() { copy_keys() {
mkdir -p "${root}/persist/etc/ssh" mkdir -p "$root/persist/etc/ssh"
cp "${flake}/hosts/${host}/secrets/ssh_host_ed25519_key" "${root}/persist/etc/ssh/ssh_host_ed25519_key" cp "$flake/hosts/$host/secrets/ssh_host_ed25519_key" "$root/persist/etc/ssh/ssh_host_ed25519_key"
for path in "${flake}/hosts/${host}/users"/*; do for path in "$flake/hosts/$host/users"/*; do
if [[ -z "${key}" ]]; then if [[ -z "$key" ]]; then
continue continue
fi fi
user=$(basename "${path}") local user
mkdir -p "${root}/persist/home/${user}/.config/sops-nix" user=$(basename "$path")
cp "${flake}/secrets/${key}/key.txt" "${root}/persist/home/${user}/.config/sops-nix/key.txt" mkdir -p "$root/persist/home/$user/.config/sops-nix"
uid=$(cat "${flake}/hosts/${host}/users/${user}/uid") cp "$flake/secrets/$key/key.txt" "$root/persist/home/$user/.config/sops-nix/key.txt"
gid=100 chown -R "$(cat "$flake/hosts/$host/users/$user/uid"):100" "$root/persist/home/$user"
chown -R "${uid}:${gid}" "${root}/persist/home/${user}"
done done
} }
install() { install() {
nixos-install --root "${root}" --flake "${flake}#${host}" --no-root-passwd nixos-install --root "$root" --flake "$flake#$host" --no-root-passwd
} }
copy_config() { copy_config() {
echo "Copying configuration..." echo "Copying configuration..."
rm -rf "${root}/persist/etc/nixos" rm -rf "$root/persist/etc/nixos"
cp -r "${flake}" "${root}/persist/etc/nixos" cp -r "$flake" "$root/persist/etc/nixos"
} }
finish() { finish() {
@@ -109,8 +108,8 @@ finish() {
cleanup() { cleanup() {
rm -f /tmp/installer.key rm -f /tmp/installer.key
if [[ -n "${host}" && -n "${device}" ]]; then disko -m "unmount" "${flake}/hosts/${host}/format.nix" --arg device "\"${device}\""; fi if [[ -n "$host" && -n "$device" ]]; then disko -m "unmount" "$flake/hosts/$host/format.nix" --arg device "\"$device\""; fi
if [[ -d "${root}" ]]; then rmdir "${root}"; fi if [[ -d "$root" ]]; then rmdir "$root"; fi
} }
check_root check_root
@@ -132,18 +131,18 @@ copy_config_flag="false"
reboot_flag="false" reboot_flag="false"
while getopts "m:h:k:p:cr" opt; do while getopts "m:h:k:p:cr" opt; do
case "${opt}" in case "$opt" in
m) mode="${OPTARG}" ;; m) mode="$OPTARG" ;;
h) host="${OPTARG}" ;; h) host="$OPTARG" ;;
k) key="${OPTARG}" ;; k) key="$OPTARG" ;;
p) password_file="${OPTARG}" ;; p) password_file="$OPTARG" ;;
c) copy_config_flag="true" ;; c) copy_config_flag="true" ;;
r) reboot_flag="true" ;; r) reboot_flag="true" ;;
*) usage ;; *) usage ;;
esac esac
done done
if [[ -z "${mode}" || -z "${host}" ]]; then if [[ -z "$mode" || -z "$host" ]]; then
usage usage
fi fi
@@ -151,23 +150,23 @@ check_host
check_key check_key
until set_password_file; do echo "Passwords did not match, please try again."; done until set_password_file; do echo "Passwords did not match, please try again."; done
device=$(grep -oP '(?<=device = ")[^"]+' "${flake}/hosts/${host}/default.nix") device=$(grep -oP '(?<=device = ")[^"]+' "$flake/hosts/$host/default.nix")
case "${mode}" in case "$mode" in
install) install)
prepare_disk "destroy,format,mount" prepare_disk "destroy,format,mount"
copy_keys copy_keys
install install
if [[ "${copy_config_flag}" == "true" ]]; then copy_config; fi if [[ "$copy_config_flag" == "true" ]]; then copy_config; fi
if [[ "${reboot_flag}" == "true" ]]; then finish; fi if [[ "$reboot_flag" == "true" ]]; then finish; fi
;; ;;
repair) repair)
prepare_disk "mount" prepare_disk "mount"
install install
if [[ "${reboot_flag}" == "true" ]]; then finish; fi if [[ "$reboot_flag" == "true" ]]; then finish; fi
;; ;;
*) *)
echo "Invalid mode: ${mode}" echo "Invalid mode: $mode"
usage usage
;; ;;
esac esac

2
hosts/common/configs/system/timezone/timezone.sh
View File

@@ -1,7 +1,7 @@
case "$2" in case "$2" in
connectivity-change) connectivity-change)
if timezone=$(curl --fail https://ipapi.co/timezone); then if timezone=$(curl --fail https://ipapi.co/timezone); then
timedatectl set-timezone "${timezone}" timedatectl set-timezone "$timezone"
fi fi
;; ;;
esac esac

24
hosts/common/configs/user/console/gpg-agent/import-gpg-keys.sh
View File

@@ -1,23 +1,23 @@
install -d -m 700 "${GNUPGHOME}" install -d -m 700 "$GNUPGHOME"
for dir in "${HOME}"/.config/sops-nix/secrets/gpg/*; do for dir in "$HOME"/.config/sops-nix/secrets/gpg/*; do
keyfile="${dir}/key" keyfile="$dir/key"
passfile="${dir}/pass" passfile="$dir/pass"
if [[ ! -f "${keyfile}" ]]; then if [[ ! -f "$keyfile" ]]; then
continue continue
fi fi
if [[ -f "${passfile}" ]]; then if [[ -f "$passfile" ]]; then
gpg2 --batch --yes --pinentry-mode loopback --passphrase-file "${passfile}" --import "${keyfile}" gpg2 --batch --yes --pinentry-mode loopback --passphrase-file "$passfile" --import "$keyfile"
else else
gpg2 --batch --yes --import "${keyfile}" gpg2 --batch --yes --import "$keyfile"
fi fi
gpg2 --with-colons --import-options show-only --import "${keyfile}" | grep '^fpr' | cut -d: -f10 | while read -r KEY_ID; do gpg2 --with-colons --import-options show-only --import "$keyfile" | grep '^fpr' | cut -d: -f10 | while read -r key_id; do
echo "${KEY_ID}:6:" >> "${GNUPGHOME}"/otrust.txt echo "$key_id:6:" >> "$GNUPGHOME"/otrust.txt
done done
done done
gpg2 --import-ownertrust "${GNUPGHOME}"/otrust.txt gpg2 --import-ownertrust "$GNUPGHOME"/otrust.txt
rm "${GNUPGHOME}"/otrust.txt rm "$GNUPGHOME"/otrust.txt

28
hosts/common/configs/user/console/nix-develop/default.nix
View File

@@ -20,16 +20,34 @@
in in
'' ''
nix-develop() { nix-develop() {
if [ -z "$1" ]; then local devshell=""
echo "Usage: nix-develop <shell>"
while getopts "s:" opt; do
case $opt in
s)
devshell=$OPTARG
;;
*)
echo "Usage: nix-develop [-s <devshell>]"
return 1 return 1
;;
esac
done
if [[ -z "$devshell" ]]; then
if [ ! -f flake.nix ]; then cp "${./template.nix}" flake.nix; fi
nix develop -c "$SHELL"
else
nix develop self#"$devshell" -c "$SHELL"
fi fi
nix develop self#"$1" -c "$SHELL"
} }
_nix-develop_completion() { _nix-develop_completion() {
local shells=(${devShells}) local options=(
compadd -- $shells '-s[Dev shell from root flake]:shell:(${devShells})'
)
_arguments -s $options
} }
compdef _nix-develop_completion nix-develop compdef _nix-develop_completion nix-develop

0
hosts/common/configs/user/console/nix-direnv/template.nix → hosts/common/configs/user/console/nix-develop/template.nix
View File

62
hosts/common/configs/user/console/nix-direnv/default.nix
View File

@@ -30,36 +30,38 @@
in in
'' ''
nix-direnv() { nix-direnv() {
if [ -z "$1" ]; then local devshell=""
local hide=false
while getopts "s:h" opt; do
case $opt in
s)
devshell=$OPTARG
;;
h)
hide=true
;;
*)
echo "Usage: nix-direnv [-s <devshell>] [-h]"
return 1
;;
esac
done
if [[ -z "$devshell" ]]; then
echo "use flake" > .envrc echo "use flake" > .envrc
if [ ! -f flake.nix ]; then cp "${../nix-develop/template.nix}" flake.nix; fi
if [ ! -f flake.nix ]; then
echo "Do you want to create an empty flake.nix? (y/N)"
read -r answer
if [[ "$answer" =~ ^[Yy]$ ]]; then
cp "${./template.nix}" flake.nix
fi
fi
else else
echo "use flake self#$1" > .envrc echo "use flake self#$devshell" > .envrc
fi fi
if git rev-parse --is-inside-work-tree &> /dev/null; then if hide && git rev-parse --is-inside-work-tree &>/dev/null; then
if ! grep -q "^\.envrc$" .gitignore .git/info/exclude; then local top
echo "Do you want to hide the .envrc file from git? (y/N)" top=$(git rev-parse --show-toplevel)
read -r answer if ! grep -q "^\.envrc$" "$top/.gitignore" "$top/.git/info/exclude"; then echo "$(realpath --relative-to="$top" .envrc)" >> "$top/.git/info/exclude"; fi
if [[ "$answer" =~ ^[Yy]$ ]]; then if [ -z "$devshell" ]; then
echo ".envrc" >> .git/info/exclude if ! grep -q "^flake.nix$" "$top/.gitignore" "$top/.git/info/exclude"; then echo "flake.nix" >> "$top/.git/info/exclude"; fi
fi if ! grep -q "^flake.lock$" "$top/.gitignore" "$top/.git/info/exclude"; then echo "flake.lock" >> "$top/.git/info/exclude"; fi
fi
if [ -f flake.nix ] && ! grep -q "^flake.nix$" .gitignore .git/info/exclude; then
echo "Do you want to hide the flake.nix and flake.lock files from git? (y/N)"
read -r answer
if [[ "$answer" =~ ^[Yy]$ ]]; then
echo "flake.nix" >> .git/info/exclude
echo "flake.lock" >> .git/info/exclude
fi
fi fi
fi fi
@@ -67,8 +69,12 @@
} }
_nix-direnv_completion() { _nix-direnv_completion() {
local shells=(${devShells}) local options=(
compadd -- $shells '-s[Dev shell from root flake]:shell:(${devShells})'
'-h[Hide .envrc and flake.nix in git]'
)
_arguments -s $options
} }
compdef _nix-direnv_completion nix-direnv compdef _nix-direnv_completion nix-direnv

2
hosts/common/configs/user/console/zsh/options.nix
View File

@@ -19,7 +19,7 @@ in
with cfg; with cfg;
{ {
initExtra = '' initExtra = ''
export P10K_EXTRA_RIGHT_PROMPT_ELEMENTS=(${strings.concatStringsSep " " cfg.p10k.extraRightPromptElements}) export P10K_EXTRA_RIGHT_PROMPT_ELEMENTS=(${strings.concatStringsSep " " p10k.extraRightPromptElements})
''; '';
}; };
} }

38
hosts/common/configs/user/gui/gaming/scripts/steam-ln.sh
View File

@@ -1,5 +1,5 @@
STEAM="${HOME}/.local/share/Steam/steamapps/common" STEAM="$HOME/.local/share/Steam/steamapps/common"
GAMES="${HOME}/Games" GAMES="$HOME/Games"
EXCLUDE=( EXCLUDE=(
"Proton - Experimental" "Proton - Experimental"
@@ -11,47 +11,47 @@ EXCLUDE=(
is_excluded() { is_excluded() {
local dir=$1 local dir=$1
for exclude in "${EXCLUDE[@]}"; do for exclude in "${EXCLUDE[@]}"; do
if [[ "${dir}" == "${exclude}" ]]; then if [[ "$dir" == "$exclude" ]]; then
return 0 return 0
fi fi
done done
return 1 return 1
} }
for game in "${STEAM}"/*/; do for game in "$STEAM"/*/; do
name=$(basename "${game}") name=$(basename "$game")
if is_excluded "${name}"; then if is_excluded "$name"; then
echo "Excluding ${name} from symlink creation." echo "Excluding $name from symlink creation."
continue continue
fi fi
if [[ -L "${GAMES}/${name}" ]]; then if [[ -L "$GAMES/$name" ]]; then
continue continue
fi fi
if [[ -d "${GAMES}/${name}" || -f "${GAMES}/${name}" ]]; then if [[ -d "$GAMES/$name" || -f "$GAMES/$name" ]]; then
>&2 echo "Error: ${name} is already a regular directory or file." >&2 echo "Error: $name is already a regular directory or file."
continue continue
fi fi
echo "Creating symlink for ${name}..." echo "Creating symlink for $name..."
ln -s "${game}" "${GAMES}/${name}" ln -s "$game" "$GAMES/$name"
done done
for link in "${GAMES}"/*; do for link in "$GAMES"/*; do
target=$(readlink "${link}") target=$(readlink "$link")
if [[ ! "${target}" == "${STEAM}/"* ]]; then if [[ ! "$target" == "$STEAM/"* ]]; then
continue continue
fi fi
name=$(basename "${target}") name=$(basename "$target")
if [[ -e "${target}" ]] && ! is_excluded "${name}"; then if [[ -e "$target" ]] && ! is_excluded "$name"; then
continue continue
fi fi
echo "Removing symlink ${link}..." echo "Removing symlink $link..."
rm "${link}" rm "$link"
done done

18
hosts/common/configs/user/gui/gtk/default.nix
View File

@@ -66,23 +66,23 @@ in
dconf dconf
]; ];
text = '' text = ''
MODE=$(cat "${hmConfig.theme.configDir}/mode") mode=$(cat "${hmConfig.theme.configDir}/mode")
if [ "$MODE" = "light" ]; then if [ "$mode" = "light" ]; then
GTK_THEME="adw-gtk3" gtk_theme="adw-gtk3"
else else
GTK_THEME="adw-gtk3-dark" gtk_theme="adw-gtk3-dark"
fi fi
if [[ -v DBUS_SESSION_BUS_ADDRESS ]]; then if [[ -v DBUS_SESSION_BUS_ADDRESS ]]; then
DCONF_DBUS_RUN_SESSION="" dconf_dbus_run_session=""
else else
DCONF_DBUS_RUN_SESSION="dbus-run-session --dbus-daemon=dbus-daemon" dconf_dbus_run_session="dbus-run-session --dbus-daemon=dbus-daemon"
fi fi
$DCONF_DBUS_RUN_SESSION bash -c " $dconf_dbus_run_session bash -c "
dconf write /org/gnome/desktop/interface/gtk-theme \"'$GTK_THEME'\" dconf write /org/gnome/desktop/interface/gtk-theme \"'$gtk_theme'\"
dconf write /org/gnome/desktop/interface/color-scheme \"'prefer-$MODE'\" dconf write /org/gnome/desktop/interface/color-scheme \"'prefer-$mode'\"
" "
''; '';
} }

12
hosts/common/configs/user/gui/theme/theme.sh
View File

@@ -11,7 +11,7 @@ set_wallpaper() {
} }
toggle_mode() { toggle_mode() {
if [[ "$(cat "${CONFIG}"/mode)" = "light" ]]; then if [[ "$(cat "$CONFIG"/mode)" = "light" ]]; then
mode="dark" mode="dark"
else else
mode="light" mode="light"
@@ -19,16 +19,16 @@ toggle_mode() {
} }
usage() { usage() {
echo "Usage: theme [-m {light|dark|toggle}] [-w <file>]" echo "Usage: $0 [-m {light|dark|toggle}] [-w <file>]"
exit 1 exit 1
} }
finish() { finish() {
[[ -n "${wallpaper}" ]] && ln -sf "${wallpaper}" "${CONFIG}"/wallpaper [[ -n "$wallpaper" ]] && ln -sf "$wallpaper" "$CONFIG"/wallpaper
[[ -n "${mode}" ]] && echo "${mode}" > "${CONFIG}"/mode [[ -n "$mode" ]] && echo "$mode" > "$CONFIG"/mode
"${INIT}" > /dev/null "$INIT" > /dev/null
"${RELOAD}" > /dev/null "$RELOAD" > /dev/null
} }
# Parse arguments # Parse arguments

4
hosts/common/shells/python/default.nix
View File

@@ -23,14 +23,10 @@ pkgs.mkShell {
if [ -d "$TOP/.venv" ]; then if [ -d "$TOP/.venv" ]; then
source "$TOP/.venv/bin/activate" source "$TOP/.venv/bin/activate"
else else
echo "No virtual environment found. Do you want to create one? (y/N)"
read -r answer
if [[ "$answer" =~ ^[Yy]$ ]]; then
python -m venv "$TOP/.venv" python -m venv "$TOP/.venv"
source "$TOP/.venv/bin/activate" source "$TOP/.venv/bin/activate"
pip install --upgrade pip pip install --upgrade pip
if [ -f "$TOP/requirements.txt" ]; then pip install -r "$TOP/requirements.txt"; fi if [ -f "$TOP/requirements.txt" ]; then pip install -r "$TOP/requirements.txt"; fi
fi fi
fi
''; '';
} }

8
hosts/eirene/hardware/scripts/card.sh
View File

@@ -1,10 +1,10 @@
AMD=/dev/dri/by-path/pci-0000:06:00.0-card AMD=/dev/dri/by-path/pci-0000:06:00.0-card
NVIDIA=/dev/dri/by-path/pci-0000:01:00.0-card NVIDIA=/dev/dri/by-path/pci-0000:01:00.0-card
if [[ -e "${AMD}" ]]; then if [[ -e "$AMD" ]]; then
CARD=${AMD} card=$AMD
else else
CARD=${NVIDIA} card=$NVIDIA
fi fi
ln -sf "${CARD}" "${HOME}"/.config/hypr/card ln -sf "$card" "$HOME"/.config/hypr/card

8
hosts/eirene/hardware/scripts/mouse.sh
View File

@@ -5,10 +5,10 @@ SEARCH_STRINGS=(
) )
for search_string in "${SEARCH_STRINGS[@]}"; do for search_string in "${SEARCH_STRINGS[@]}"; do
echo "Searching for devices matching: ${search_string}" echo "Searching for devices matching: $search_string"
for f in $(grep -l "${search_string}" /sys/bus/usb/devices/*/product 2>/dev/null | sed "s/product/power\\/control/"); do for f in $(grep -l "$search_string" /sys/bus/usb/devices/*/product 2>/dev/null | sed "s/product/power\\/control/"); do
echo "Setting power control to 'on' for: ${f}" echo "Setting power control to 'on' for: $f"
echo on >| "${f}" echo on >| "$f"
done done
done done

20
hosts/elara/users/nikara/configs/console/gradle/default.nix Normal file
View File

@@ -0,0 +1,20 @@
{
user ? throw "user argument is required",
home ? throw "home argument is required",
}:
{ pkgs, ... }:
{
environment.persistence."/cache"."${home}/.local/share/gradle" = { };
home-manager.users.${user} = {
programs.gradle = {
enable = true;
home = ".local/share/gradle";
};
sops.secrets."artifactory" = {
sopsFile = ../../../../../../../secrets/sas/secrets.yaml;
path = "${home}/.local/share/gradle/gradle.properties";
};
};
}

18
hosts/elara/users/nikara/configs/console/java/default.nix
View File

@@ -4,24 +4,8 @@
}: }:
{ pkgs, ... }: { pkgs, ... }:
{ {
environment.persistence."/cache"."${home}/.local/share/gradle" = { }; home-manager.users.${user}.programs.java = {
home-manager.users.${user} = {
programs = {
java = {
enable = true; enable = true;
package = pkgs.jdk17; package = pkgs.jdk17;
}; };
gradle = {
enable = true;
home = ".local/share/gradle";
};
};
sops.secrets."artifactory" = {
sopsFile = ../../../../../../../secrets/sas/secrets.yaml;
path = "${home}/.local/share/gradle/gradle.properties";
};
};
} }

8
hosts/elara/users/nikara/configs/console/snyk/default.nix
View File

@@ -1,8 +0,0 @@
{
user ? throw "user argument is required",
home ? throw "home argument is required",
}:
{ lib, pkgs, ... }:
{
home-manager.users.${user}.home.packages = with pkgs; [ snyk ];
}

2
hosts/elara/users/nikara/default.nix
View File

@@ -74,9 +74,9 @@ in
(import ./configs/console/docker { inherit user home; }) (import ./configs/console/docker { inherit user home; })
(import ./configs/console/git { inherit user home; }) (import ./configs/console/git { inherit user home; })
(import ./configs/console/go { inherit user home; }) (import ./configs/console/go { inherit user home; })
(import ./configs/console/gradle { inherit user home; })
(import ./configs/console/java { inherit user home; }) (import ./configs/console/java { inherit user home; })
(import ./configs/console/kubernetes { inherit user home; }) (import ./configs/console/kubernetes { inherit user home; })
(import ./configs/console/snyk { inherit user home; })
(import ./configs/gui/obsidian { inherit user home; }) (import ./configs/gui/obsidian { inherit user home; })
(import ./configs/gui/vscode { inherit user home; }) (import ./configs/gui/vscode { inherit user home; })

18
lib/runtime/merge/key-value.sh
View File

@@ -1,13 +1,13 @@
SOURCE_FILE=$(realpath -m "$1") source=$(realpath -m "$1")
TARGET_FILE=$(realpath -m "$2") target=$(realpath -m "$2")
if [[ -f "${TARGET_FILE}" ]]; then if [[ -f "$target" ]]; then
TEMP_FILE=$(mktemp) temp=$(mktemp)
awk -F '=' 'NR==FNR{a[$1]=$0;next}($1 in a){$0=a[$1]}1' "${SOURCE_FILE}" "${TARGET_FILE}" > "${TEMP_FILE}" awk -F '=' 'NR==FNR{a[$1]=$0;next}($1 in a){$0=a[$1]}1' "$source" "$target" > "$temp"
mv "${TEMP_FILE}" "${TARGET_FILE}" mv "$temp" "$target"
else else
mkdir -p "$(dirname "${TARGET_FILE}")" mkdir -p "$(dirname "$target")"
cp "${SOURCE_FILE}" "${TARGET_FILE}" cp "$source" "$target"
fi fi
echo "Configuration file ${TARGET_FILE} has been updated." echo "Configuration file $target has been updated."

22
lib/scripts/add-host.sh
View File

@@ -9,24 +9,24 @@ if [[ "$#" -ne 2 ]]; then
exit 1 exit 1
fi fi
HOST="$1" host="$1"
mkdir -p "./hosts/${HOST}/secrets" mkdir -p "./hosts/$host/secrets"
ssh-keygen -t ed25519 -f "./hosts/${HOST}/secrets/ssh_host_ed25519_key" -N "" ssh-keygen -t ed25519 -f "./hosts/$host/secrets/ssh_host_ed25519_key" -N ""
AGE_KEY=$(nix shell nixpkgs#ssh-to-age --command bash -c "cat './hosts/${HOST}/secrets/ssh_host_ed25519_key.pub' | ssh-to-age") age_key=$(nix shell nixpkgs#ssh-to-age --command bash -c "cat './hosts/$host/secrets/ssh_host_ed25519_key.pub' | ssh-to-age")
find . -type f -name "sops.yaml" | while IFS= read -r SOPS_FILE; do find . -type f -name "sops.yaml" | while IFS= read -r sops_file; do
sed -i "/- hosts:/a\ - &${HOST} ${AGE_KEY}" "${SOPS_FILE}" sed -i "/- hosts:/a\ - &$host $age_key" "$sops_file"
sed -i "/- age:/a\ - *${HOST}" "${SOPS_FILE}" sed -i "/- age:/a\ - *$host" "$sops_file"
done done
sed -i "/knownHosts = {/a\ ${HOST}.publicKeyFile = ../../../../${HOST}/secrets/ssh_host_ed25519_key.pub;" ./hosts/common/configs/system/ssh/default.nix sed -i "/knownHosts = {/a\ $host.publicKeyFile = ../../../../$host/secrets/ssh_host_ed25519_key.pub;" ./hosts/common/configs/system/ssh/default.nix
sed -i "/userKnownHostsFile = lib.strings.concatStringsSep \" \" \[/a\ ../../../../../${HOST}/secrets/ssh_host_ed25519_key.pub" ./hosts/common/configs/user/console/ssh/default.nix sed -i "/userKnownHostsFile = lib.strings.concatStringsSep \" \" \[/a\ ../../../../../$host/secrets/ssh_host_ed25519_key.pub" ./hosts/common/configs/user/console/ssh/default.nix
"$(dirname "$0")/update-keys.sh" "$2" "$(dirname "$0")/update-keys.sh" "$2"
echo "Host ${HOST} has been successfully added." echo "Host $host has been successfully added."
echo "You can generate SSH key pairs for any users that need to connect to user@host using the following command:" echo "You can generate SSH key pairs for any users that need to connect to user@host using the following command:"
echo "ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_${HOST}_<user>" echo "ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_$host_<user>"

18
lib/scripts/remove-host.sh
View File

@@ -9,21 +9,21 @@ if [[ "$#" -ne 2 ]]; then
exit 1 exit 1
fi fi
HOST="$1" host="$1"
AGE_KEY=$(nix shell nixpkgs#ssh-to-age --command bash -c "cat './hosts/${HOST}/secrets/ssh_host_ed25519_key.pub' | ssh-to-age") age_key=$(nix shell nixpkgs#ssh-to-age --command bash -c "cat './hosts/$host/secrets/ssh_host_ed25519_key.pub' | ssh-to-age")
find . -type f -name "sops.yaml" | while IFS= read -r SOPS_FILE; do find . -type f -name "sops.yaml" | while IFS= read -r sops_file; do
sed -i "/ - &${HOST} ${AGE_KEY}/d" "${SOPS_FILE}" sed -i "/ - &$host $age_key/d" "$sops_file"
sed -i "/ - \*${HOST}/d" "${SOPS_FILE}" sed -i "/ - \*$host/d" "$sops_file"
done done
sed -i "/${HOST}/d" ./hosts/common/configs/system/ssh/default.nix sed -i "/$host/d" ./hosts/common/configs/system/ssh/default.nix
sed -i "/${HOST}/d" ./hosts/common/configs/user/console/ssh/default.nix sed -i "/$host/d" ./hosts/common/configs/user/console/ssh/default.nix
"$(dirname "$0")/update-keys.sh" "$2" "$(dirname "$0")/update-keys.sh" "$2"
rm -rf "./hosts/${HOST}" rm -rf "./hosts/$host"
echo "Host ${HOST} has been successfully removed." echo "Host $host has been successfully removed."
echo "Please remove SSH key pairs for any users that used to connect to this host." echo "Please remove SSH key pairs for any users that used to connect to this host."

12
lib/scripts/update-keys.sh
View File

@@ -11,13 +11,13 @@ fi
export SOPS_AGE_KEY_FILE="$1" export SOPS_AGE_KEY_FILE="$1"
find . -type f -name 'sops.yaml' | while IFS= read -r SOPS_FILE; do find . -type f -name 'sops.yaml' | while IFS= read -r sops_file; do
dir=$(dirname "${SOPS_FILE}") dir=$(dirname "$sops_file")
echo "${dir}" echo "$dir"
find "${dir}" -maxdepth 1 -type f -regextype posix-extended \ find "$dir" -maxdepth 1 -type f -regextype posix-extended \
-regex '.+\.(yaml|yml|json|env|ini|bin)' \ -regex '.+\.(yaml|yml|json|env|ini|bin)' \
! -name 'sops.yaml' | while IFS= read -r file; do ! -name 'sops.yaml' | while IFS= read -r file; do
echo "${file}" echo "$file"
nix shell nixpkgs#sops --command sops --config "${SOPS_FILE}" updatekeys "${file}" -y nix shell nixpkgs#sops --command sops --config "$sops_file" updatekeys "$file" -y
done done
done done