karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Review shell scripts

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2025-01-22 14:07:22 +00:00
parent 8f94687b2b
commit bcbda92c46
27 changed files with 273 additions and 259 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
hosts/common/configs/system/backup/backup.sh
View File

@@ -1,4 +1,4 @@
if [[ "${EUID}" -ne 0 ]]; then
if [[ "$EUID" -ne 0 ]]; then
echo "Please run the script as root."
exit 1
fi
@@ -10,11 +10,11 @@ usage() {
cleanup() {
if [ -d "/persist.bak" ]; then btrfs -q subvolume delete "/persist.bak"; fi
if [ -n "${backup_location}" ]; then rm -f "${backup_location}.tmp"; fi
if [ -n "$backup_location" ]; then rm -f "$backup_location.tmp"; fi
if [ -n "${mount_location}" ]; then
if mount | grep -q "${mount_location}"; then umount "${mount_location}"; fi
if [ -d "${mount_location}" ]; then rmdir "${mount_location}"; fi
if [ -n "$mount_location" ]; then
if mount | grep -q "$mount_location"; then umount "$mount_location"; fi
if [ -d "$mount_location" ]; then rmdir "$mount_location"; fi
fi
}
@@ -25,40 +25,40 @@ mount_location=""
trap cleanup EXIT
while getopts "m:b:" opt; do
case "${opt}" in
m) partition="${OPTARG}" ;;
b) backup_location="${OPTARG}" ;;
case "$opt" in
m) partition="$OPTARG" ;;
b) backup_location="$OPTARG" ;;
*) usage ;;
esac
done
if [ -n "${partition}" ]; then
if [ -n "$partition" ]; then
mount_location=$(mktemp -d /mnt/backup.XXXXXX)
echo "Mounting ${partition} at ${mount_location}..."
mount "${partition}" "${mount_location}"
echo "Mounting $partition at $mount_location..."
mount "$partition" "$mount_location"
fi
if [ -z "${mount_location}" ]; then
if [[ "${backup_location}" != /* ]]; then
backup_location="$(realpath "${backup_location}")"
if [ -z "$mount_location" ]; then
if [[ "$backup_location" != /* ]]; then
backup_location="$(realpath "$backup_location")"
fi
else
if [[ "${backup_location}" = /* ]]; then
if [[ "$backup_location" = /* ]]; then
echo "Error: When a partition is mounted, backup_location must be relative."
exit 1
fi
backup_location="$(realpath "${mount_location}/${backup_location}")"
backup_location="$(realpath "$mount_location/$backup_location")"
fi
backup_location="${backup_location}/$(hostname)-$(date +%Y-%m-%d-%H-%M-%S).btrfs.gz"
backup_location="$backup_location/$(hostname)-$(date +%Y-%m-%d-%H-%M-%S).btrfs.gz"
echo "Creating /persist snapshot..."
btrfs -q subvolume snapshot -r "/persist" "/persist.bak"
echo "Creating backup at ${backup_location}..."
btrfs -q send "/persist.bak" | gzip > "${backup_location}.tmp"
echo "Creating backup at $backup_location..."
btrfs -q send "/persist.bak" | gzip > "$backup_location.tmp"
mv "${backup_location}.tmp" "${backup_location}"
mv "$backup_location.tmp" "$backup_location"
echo "Backup completed successfully!"

18
hosts/common/configs/system/impermanence/scripts/start.sh
View File

@@ -1,19 +1,19 @@
echo "Starting impermanence mount with source: ${source}, target: ${target}, path: ${path}."
echo "Starting impermanence mount with source: $source, target: $target, path: $path."
source_current="${source}"
target_current="${target}"
source_current="$source"
target_current="$target"
IFS='/' read -ra path_parts <<< "${path}"
IFS='/' read -ra path_parts <<< "$path"
unset "path_parts[-1]"
for part in "${path_parts[@]}"; do
source_current="${source_current}/${part}"
target_current="${target_current}/${part}"
source_current="$source_current/$part"
target_current="$target_current/$part"
if [[ ! -d "${source_current}" ]]; then
if [[ ! -d "$source_current" ]]; then
break
fi
read -r mode owner group <<< "$(stat -c '%a %u %g' "${source_current}")"
install -d -m "${mode}" -o "${owner}" -g "${group}" "${target_current}"
read -r mode owner group <<< "$(stat -c '%a %u %g' "$source_current")"
install -d -m "$mode" -o "$owner" -g "$group" "$target_current"
done

34
hosts/common/configs/system/impermanence/scripts/stop.sh
View File

@@ -1,38 +1,38 @@
echo "Stopping impermanence mount with source: ${source}, target: ${target}, path: ${path}."
echo "Stopping impermanence mount with source: $source, target: $target, path: $path."
source_current="${source}"
target_current="${target}"
source_current="$source"
target_current="$target"
IFS='/' read -ra path_parts <<< "${path}"
IFS='/' read -ra path_parts <<< "$path"
unset "path_parts[-1]"
for part in "${path_parts[@]}"; do
source_current="${source_current}/${part}"
target_current="${target_current}/${part}"
source_current="$source_current/$part"
target_current="$target_current/$part"
if [[ ! -d "${target_current}" ]]; then
if [[ ! -d "$target_current" ]]; then
break
fi
if [[ -d "${source_current}" ]]; then
if [[ -d "$source_current" ]]; then
continue
fi
read -r mode owner group <<< "$(stat -c '%a %u %g' "${target_current}")"
install -d -m "${mode}" -o "${owner}" -g "${group}" "${source_current}"
read -r mode owner group <<< "$(stat -c '%a %u %g' "$target_current")"
install -d -m "$mode" -o "$owner" -g "$group" "$source_current"
done
source=$(realpath -m "${source}/${path}")
target=$(realpath -m "${target}/${path}")
source=$(realpath -m "$source/$path")
target=$(realpath -m "$target/$path")
if [[ ! -e "${target}" ]] || { [[ -d "${target}" ]] && [[ -z "$(ls -A "${target}")" ]]; } || { [[ -f "${target}" ]] && [[ ! -s "${target}" ]]; }; then
if [[ ! -e "$target" ]] || { [[ -d "$target" ]] && [[ -z "$(ls -A "$target")" ]]; } || { [[ -f "$target" ]] && [[ ! -s "$target" ]]; }; then
exit 0
fi
if [[ -e "${source}" ]]; then
>&2 echo "Error: Source ${source} already exists. Cannot move ${target} to ${source}."
if [[ -e "$source" ]]; then
>&2 echo "Error: Source $source already exists. Cannot move $target to $source."
exit 1
fi
echo "Moving target ${target} to source ${source}."
mv "${target}" "${source}"
echo "Moving target $target to source $source."
mv "$target" "$source"

4
hosts/common/configs/system/impermanence/scripts/wipe.sh
View File

@@ -17,11 +17,11 @@ mount "/dev/mapper/$DEVICE" /mnt/btrfs
if [[ -e /mnt/btrfs/@ ]]; then
mkdir -p /mnt/btrfs/@.bak
timestamp=$(date --date="@$(stat -c %Y /mnt/btrfs/@)" "+%Y-%m-%d_%H:%M:%S")
mv /mnt/btrfs/@ "/mnt/btrfs/@.bak/${timestamp}"
mv /mnt/btrfs/@ "/mnt/btrfs/@.bak/$timestamp"
fi
find /mnt/btrfs/@.bak/ -maxdepth 1 -mtime +14 | while IFS= read -r i; do
delete_subvolume_recursively "${i}"
delete_subvolume_recursively "$i"
done
btrfs subvolume create /mnt/btrfs/@

2
hosts/common/configs/system/nix-cleanup/cleanup.sh
View File

@@ -27,7 +27,7 @@ mount "/dev/mapper/$DEVICE" /mnt/btrfs
if [[ -e /mnt/btrfs/@.bak ]]; then
if [[ -n "$(ls -A /mnt/btrfs/@.bak)" ]]; then
for i in /mnt/btrfs/@.bak/*; do
delete_subvolume_recursively "${i}"
delete_subvolume_recursively "$i"
done
else
echo "/mnt/btrfs/@.bak is empty. Nothing to delete."

15
hosts/common/configs/system/nix-install/install.completion.zsh
View File

@@ -1,6 +1,5 @@
_nix-install_completion() {
local -a options
options=(
local options=(
'1:flake:_directories'
'-m[Mode: 'install' or 'repair']:mode:(install repair)'
'-h[Host to configure]:host:($(_list_hosts))'
@@ -11,16 +10,16 @@ _nix-install_completion() {
)
_list_hosts() {
flake="$(realpath ${words[2]})"
if [[ -f "${flake}/flake.nix" ]]; then
nix flake show --quiet --json "${flake}" 2>/dev/null | jq -r '.nixosConfigurations | keys[]'
local flake="$(realpath ${words[2]})"
if [[ -f "$flake/flake.nix" ]]; then
nix flake show --quiet --json "$flake" 2>/dev/null | jq -r '.nixosConfigurations | keys[]'
fi
}
_list_keys() {
flake="$(realpath ${words[2]})"
if [[ -d "${flake}/secrets" ]]; then
find "${flake}/secrets" -type f -name 'key.txt' | sed -E 's|^.*/secrets/([^/]+)/key.txt$|\1|' | sort -u
local flake="$(realpath ${words[2]})"
if [[ -d "$flake/secrets" ]]; then
find "$flake/secrets" -type f -name 'key.txt' | sed -E 's|^.*/secrets/([^/]+)/key.txt$|\1|' | sort -u
fi
}

81
hosts/common/configs/system/nix-install/install.sh
View File

@@ -13,7 +13,7 @@ usage() {
}
check_root() {
if [[ "${EUID}" -ne 0 ]]; then
if [[ "$EUID" -ne 0 ]]; then
echo "Please run the script as root."
exit 1
fi
@@ -27,41 +27,41 @@ check_network() {
}
check_flake() {
if [[ ! -f "${flake}/flake.nix" ]]; then
echo "flake.nix not found in ${flake}."
if [[ ! -f "$flake/flake.nix" ]]; then
echo "flake.nix not found in $flake."
exit 1
fi
}
check_host() {
if ! nix flake show --quiet --json "${flake}" 2>/dev/null | jq -e ".nixosConfigurations[\"${host}\"]" &>/dev/null; then
echo "Host '${host}' not found in flake."
if ! nix flake show --quiet --json "$flake" 2>/dev/null | jq -e ".nixosConfigurations[\"$host\"]" &>/dev/null; then
echo "Host '$host' not found in flake."
exit 1
fi
}
check_key() {
if [[ -n "${key}" ]] && [[ ! -f "${flake}/secrets/${key}/key.txt" ]]; then
echo "Key '${key}' not found."
if [[ -n "$key" ]] && [[ ! -f "$flake/secrets/$key/key.txt" ]]; then
echo "Key '$key' not found."
exit 1
fi
}
set_password_file() {
if [[ -n "${password_file}" ]]; then
if [[ ! -f "${password_file}" ]]; then
echo "LUKS key file '${password_file}' not found."
if [[ -n "$password_file" ]]; then
if [[ ! -f "$password_file" ]]; then
echo "LUKS key file '$password_file' not found."
exit 1
fi
ln -sf "${password_file}" /tmp/installer.key
ln -sf "$password_file" /tmp/installer.key
else
echo "Enter password for LUKS encryption:"
IFS= read -r -s password
echo "Enter password again to confirm: "
IFS= read -r -s password_check
[ "${password}" != "${password_check}" ]
echo -n "${password}" > /tmp/installer.key
[ "$password" != "$password_check" ]
echo -n "$password" > /tmp/installer.key
unset password password_check
fi
}
@@ -69,35 +69,34 @@ set_password_file() {
prepare_disk() {
local disko_mode="$1"
root=$(mktemp -d /mnt/install.XXXXXX)
disko -m "${disko_mode}" --yes-wipe-all-disks --root-mountpoint "${root}" "${flake}/hosts/${host}/format.nix" --arg device "\"${device}\""
disko -m "$disko_mode" --yes-wipe-all-disks --root-mountpoint "$root" "$flake/hosts/$host/format.nix" --arg device "\"$device\""
}
copy_keys() {
mkdir -p "${root}/persist/etc/ssh"
cp "${flake}/hosts/${host}/secrets/ssh_host_ed25519_key" "${root}/persist/etc/ssh/ssh_host_ed25519_key"
mkdir -p "$root/persist/etc/ssh"
cp "$flake/hosts/$host/secrets/ssh_host_ed25519_key" "$root/persist/etc/ssh/ssh_host_ed25519_key"
for path in "${flake}/hosts/${host}/users"/*; do
if [[ -z "${key}" ]]; then
for path in "$flake/hosts/$host/users"/*; do
if [[ -z "$key" ]]; then
continue
fi
user=$(basename "${path}")
mkdir -p "${root}/persist/home/${user}/.config/sops-nix"
cp "${flake}/secrets/${key}/key.txt" "${root}/persist/home/${user}/.config/sops-nix/key.txt"
uid=$(cat "${flake}/hosts/${host}/users/${user}/uid")
gid=100
chown -R "${uid}:${gid}" "${root}/persist/home/${user}"
local user
user=$(basename "$path")
mkdir -p "$root/persist/home/$user/.config/sops-nix"
cp "$flake/secrets/$key/key.txt" "$root/persist/home/$user/.config/sops-nix/key.txt"
chown -R "$(cat "$flake/hosts/$host/users/$user/uid"):100" "$root/persist/home/$user"
done
}
install() {
nixos-install --root "${root}" --flake "${flake}#${host}" --no-root-passwd
nixos-install --root "$root" --flake "$flake#$host" --no-root-passwd
}
copy_config() {
echo "Copying configuration..."
rm -rf "${root}/persist/etc/nixos"
cp -r "${flake}" "${root}/persist/etc/nixos"
rm -rf "$root/persist/etc/nixos"
cp -r "$flake" "$root/persist/etc/nixos"
}
finish() {
@@ -109,8 +108,8 @@ finish() {
cleanup() {
rm -f /tmp/installer.key
if [[ -n "${host}" && -n "${device}" ]]; then disko -m "unmount" "${flake}/hosts/${host}/format.nix" --arg device "\"${device}\""; fi
if [[ -d "${root}" ]]; then rmdir "${root}"; fi
if [[ -n "$host" && -n "$device" ]]; then disko -m "unmount" "$flake/hosts/$host/format.nix" --arg device "\"$device\""; fi
if [[ -d "$root" ]]; then rmdir "$root"; fi
}
check_root
@@ -132,18 +131,18 @@ copy_config_flag="false"
reboot_flag="false"
while getopts "m:h:k:p:cr" opt; do
case "${opt}" in
m) mode="${OPTARG}" ;;
h) host="${OPTARG}" ;;
k) key="${OPTARG}" ;;
p) password_file="${OPTARG}" ;;
case "$opt" in
m) mode="$OPTARG" ;;
h) host="$OPTARG" ;;
k) key="$OPTARG" ;;
p) password_file="$OPTARG" ;;
c) copy_config_flag="true" ;;
r) reboot_flag="true" ;;
*) usage ;;
esac
done
if [[ -z "${mode}" || -z "${host}" ]]; then
if [[ -z "$mode" || -z "$host" ]]; then
usage
fi
@@ -151,23 +150,23 @@ check_host
check_key
until set_password_file; do echo "Passwords did not match, please try again."; done
device=$(grep -oP '(?<=device = ")[^"]+' "${flake}/hosts/${host}/default.nix")
device=$(grep -oP '(?<=device = ")[^"]+' "$flake/hosts/$host/default.nix")
case "${mode}" in
case "$mode" in
install)
prepare_disk "destroy,format,mount"
copy_keys
install
if [[ "${copy_config_flag}" == "true" ]]; then copy_config; fi
if [[ "${reboot_flag}" == "true" ]]; then finish; fi
if [[ "$copy_config_flag" == "true" ]]; then copy_config; fi
if [[ "$reboot_flag" == "true" ]]; then finish; fi
;;
repair)
prepare_disk "mount"
install
if [[ "${reboot_flag}" == "true" ]]; then finish; fi
if [[ "$reboot_flag" == "true" ]]; then finish; fi
;;
*)
echo "Invalid mode: ${mode}"
echo "Invalid mode: $mode"
usage
;;
esac

2
hosts/common/configs/system/timezone/timezone.sh
View File

@@ -1,7 +1,7 @@
case "$2" in
connectivity-change)
if timezone=$(curl --fail https://ipapi.co/timezone); then
timedatectl set-timezone "${timezone}"
timedatectl set-timezone "$timezone"
fi
;;
esac

24
hosts/common/configs/user/console/gpg-agent/import-gpg-keys.sh
View File

@@ -1,23 +1,23 @@
install -d -m 700 "${GNUPGHOME}"
install -d -m 700 "$GNUPGHOME"
for dir in "${HOME}"/.config/sops-nix/secrets/gpg/*; do
keyfile="${dir}/key"
passfile="${dir}/pass"
for dir in "$HOME"/.config/sops-nix/secrets/gpg/*; do
keyfile="$dir/key"
passfile="$dir/pass"
if [[ ! -f "${keyfile}" ]]; then
if [[ ! -f "$keyfile" ]]; then
continue
fi
if [[ -f "${passfile}" ]]; then
gpg2 --batch --yes --pinentry-mode loopback --passphrase-file "${passfile}" --import "${keyfile}"
if [[ -f "$passfile" ]]; then
gpg2 --batch --yes --pinentry-mode loopback --passphrase-file "$passfile" --import "$keyfile"
else
gpg2 --batch --yes --import "${keyfile}"
gpg2 --batch --yes --import "$keyfile"
fi
gpg2 --with-colons --import-options show-only --import "${keyfile}" | grep '^fpr' | cut -d: -f10 | while read -r KEY_ID; do
echo "${KEY_ID}:6:" >> "${GNUPGHOME}"/otrust.txt
gpg2 --with-colons --import-options show-only --import "$keyfile" | grep '^fpr' | cut -d: -f10 | while read -r key_id; do
echo "$key_id:6:" >> "$GNUPGHOME"/otrust.txt
done
done
gpg2 --import-ownertrust "${GNUPGHOME}"/otrust.txt
rm "${GNUPGHOME}"/otrust.txt
gpg2 --import-ownertrust "$GNUPGHOME"/otrust.txt
rm "$GNUPGHOME"/otrust.txt

30
hosts/common/configs/user/console/nix-develop/default.nix
View File

@@ -20,16 +20,34 @@
in
''
nix-develop() {
if [ -z "$1" ]; then
echo "Usage: nix-develop <shell>"
return 1
local devshell=""
while getopts "s:" opt; do
case $opt in
s)
devshell=$OPTARG
;;
*)
echo "Usage: nix-develop [-s <devshell>]"
return 1
;;
esac
done
if [[ -z "$devshell" ]]; then
if [ ! -f flake.nix ]; then cp "${./template.nix}" flake.nix; fi
nix develop -c "$SHELL"
else
nix develop self#"$devshell" -c "$SHELL"
fi
nix develop self#"$1" -c "$SHELL"
}
_nix-develop_completion() {
local shells=(${devShells})
compadd -- $shells
local options=(
'-s[Dev shell from root flake]:shell:(${devShells})'
)
_arguments -s $options
}
compdef _nix-develop_completion nix-develop

0
hosts/common/configs/user/console/nix-direnv/template.nix → hosts/common/configs/user/console/nix-develop/template.nix
View File

62
hosts/common/configs/user/console/nix-direnv/default.nix
View File

@@ -30,36 +30,38 @@
in
''
nix-direnv() {
if [ -z "$1" ]; then
echo "use flake" > .envrc
local devshell=""
local hide=false
if [ ! -f flake.nix ]; then
echo "Do you want to create an empty flake.nix? (y/N)"
read -r answer
if [[ "$answer" =~ ^[Yy]$ ]]; then
cp "${./template.nix}" flake.nix
fi
fi
while getopts "s:h" opt; do
case $opt in
s)
devshell=$OPTARG
;;
h)
hide=true
;;
*)
echo "Usage: nix-direnv [-s <devshell>] [-h]"
return 1
;;
esac
done
if [[ -z "$devshell" ]]; then
echo "use flake" > .envrc
if [ ! -f flake.nix ]; then cp "${../nix-develop/template.nix}" flake.nix; fi
else
echo "use flake self#$1" > .envrc
echo "use flake self#$devshell" > .envrc
fi
if git rev-parse --is-inside-work-tree &> /dev/null; then
if ! grep -q "^\.envrc$" .gitignore .git/info/exclude; then
echo "Do you want to hide the .envrc file from git? (y/N)"
read -r answer
if [[ "$answer" =~ ^[Yy]$ ]]; then
echo ".envrc" >> .git/info/exclude
fi
fi
if [ -f flake.nix ] && ! grep -q "^flake.nix$" .gitignore .git/info/exclude; then
echo "Do you want to hide the flake.nix and flake.lock files from git? (y/N)"
read -r answer
if [[ "$answer" =~ ^[Yy]$ ]]; then
echo "flake.nix" >> .git/info/exclude
echo "flake.lock" >> .git/info/exclude
fi
if hide && git rev-parse --is-inside-work-tree &>/dev/null; then
local top
top=$(git rev-parse --show-toplevel)
if ! grep -q "^\.envrc$" "$top/.gitignore" "$top/.git/info/exclude"; then echo "$(realpath --relative-to="$top" .envrc)" >> "$top/.git/info/exclude"; fi
if [ -z "$devshell" ]; then
if ! grep -q "^flake.nix$" "$top/.gitignore" "$top/.git/info/exclude"; then echo "flake.nix" >> "$top/.git/info/exclude"; fi
if ! grep -q "^flake.lock$" "$top/.gitignore" "$top/.git/info/exclude"; then echo "flake.lock" >> "$top/.git/info/exclude"; fi
fi
fi
@@ -67,8 +69,12 @@
}
_nix-direnv_completion() {
local shells=(${devShells})
compadd -- $shells
local options=(
'-s[Dev shell from root flake]:shell:(${devShells})'
'-h[Hide .envrc and flake.nix in git]'
)
_arguments -s $options
}
compdef _nix-direnv_completion nix-direnv

2
hosts/common/configs/user/console/zsh/options.nix
View File

@@ -19,7 +19,7 @@ in
with cfg;
{
initExtra = ''
export P10K_EXTRA_RIGHT_PROMPT_ELEMENTS=(${strings.concatStringsSep " " cfg.p10k.extraRightPromptElements})
export P10K_EXTRA_RIGHT_PROMPT_ELEMENTS=(${strings.concatStringsSep " " p10k.extraRightPromptElements})
'';
};
}

38
hosts/common/configs/user/gui/gaming/scripts/steam-ln.sh
View File

@@ -1,5 +1,5 @@
STEAM="${HOME}/.local/share/Steam/steamapps/common"
GAMES="${HOME}/Games"
STEAM="$HOME/.local/share/Steam/steamapps/common"
GAMES="$HOME/Games"
EXCLUDE=(
"Proton - Experimental"
@@ -11,47 +11,47 @@ EXCLUDE=(
is_excluded() {
local dir=$1
for exclude in "${EXCLUDE[@]}"; do
if [[ "${dir}" == "${exclude}" ]]; then
if [[ "$dir" == "$exclude" ]]; then
return 0
fi
done
return 1
}
for game in "${STEAM}"/*/; do
name=$(basename "${game}")
for game in "$STEAM"/*/; do
name=$(basename "$game")
if is_excluded "${name}"; then
echo "Excluding ${name} from symlink creation."
if is_excluded "$name"; then
echo "Excluding $name from symlink creation."
continue
fi
if [[ -L "${GAMES}/${name}" ]]; then
if [[ -L "$GAMES/$name" ]]; then
continue
fi
if [[ -d "${GAMES}/${name}" || -f "${GAMES}/${name}" ]]; then
>&2 echo "Error: ${name} is already a regular directory or file."
if [[ -d "$GAMES/$name" || -f "$GAMES/$name" ]]; then
>&2 echo "Error: $name is already a regular directory or file."
continue
fi
echo "Creating symlink for ${name}..."
ln -s "${game}" "${GAMES}/${name}"
echo "Creating symlink for $name..."
ln -s "$game" "$GAMES/$name"
done
for link in "${GAMES}"/*; do
target=$(readlink "${link}")
for link in "$GAMES"/*; do
target=$(readlink "$link")
if [[ ! "${target}" == "${STEAM}/"* ]]; then
if [[ ! "$target" == "$STEAM/"* ]]; then
continue
fi
name=$(basename "${target}")
name=$(basename "$target")
if [[ -e "${target}" ]] && ! is_excluded "${name}"; then
if [[ -e "$target" ]] && ! is_excluded "$name"; then
continue
fi
echo "Removing symlink ${link}..."
rm "${link}"
echo "Removing symlink $link..."
rm "$link"
done

18
hosts/common/configs/user/gui/gtk/default.nix
View File

@@ -66,23 +66,23 @@ in
dconf
];
text = ''
MODE=$(cat "${hmConfig.theme.configDir}/mode")
mode=$(cat "${hmConfig.theme.configDir}/mode")
if [ "$MODE" = "light" ]; then
GTK_THEME="adw-gtk3"
if [ "$mode" = "light" ]; then
gtk_theme="adw-gtk3"
else
GTK_THEME="adw-gtk3-dark"
gtk_theme="adw-gtk3-dark"
fi
if [[ -v DBUS_SESSION_BUS_ADDRESS ]]; then
DCONF_DBUS_RUN_SESSION=""
dconf_dbus_run_session=""
else
DCONF_DBUS_RUN_SESSION="dbus-run-session --dbus-daemon=dbus-daemon"
dconf_dbus_run_session="dbus-run-session --dbus-daemon=dbus-daemon"
fi
$DCONF_DBUS_RUN_SESSION bash -c "
dconf write /org/gnome/desktop/interface/gtk-theme \"'$GTK_THEME'\"
dconf write /org/gnome/desktop/interface/color-scheme \"'prefer-$MODE'\"
$dconf_dbus_run_session bash -c "
dconf write /org/gnome/desktop/interface/gtk-theme \"'$gtk_theme'\"
dconf write /org/gnome/desktop/interface/color-scheme \"'prefer-$mode'\"
"
'';
}

12
hosts/common/configs/user/gui/theme/theme.sh
View File

@@ -11,7 +11,7 @@ set_wallpaper() {
}
toggle_mode() {
if [[ "$(cat "${CONFIG}"/mode)" = "light" ]]; then
if [[ "$(cat "$CONFIG"/mode)" = "light" ]]; then
mode="dark"
else
mode="light"
@@ -19,16 +19,16 @@ toggle_mode() {
}
usage() {
echo "Usage: theme [-m {light|dark|toggle}] [-w <file>]"
echo "Usage: $0 [-m {light|dark|toggle}] [-w <file>]"
exit 1
}
finish() {
[[ -n "${wallpaper}" ]] && ln -sf "${wallpaper}" "${CONFIG}"/wallpaper
[[ -n "${mode}" ]] && echo "${mode}" > "${CONFIG}"/mode
[[ -n "$wallpaper" ]] && ln -sf "$wallpaper" "$CONFIG"/wallpaper
[[ -n "$mode" ]] && echo "$mode" > "$CONFIG"/mode
"${INIT}" > /dev/null
"${RELOAD}" > /dev/null
"$INIT" > /dev/null
"$RELOAD" > /dev/null
}
# Parse arguments

12
hosts/common/shells/python/default.nix
View File

@@ -23,14 +23,10 @@ pkgs.mkShell {
if [ -d "$TOP/.venv" ]; then
source "$TOP/.venv/bin/activate"
else
echo "No virtual environment found. Do you want to create one? (y/N)"
read -r answer
if [[ "$answer" =~ ^[Yy]$ ]]; then
python -m venv "$TOP/.venv"
source "$TOP/.venv/bin/activate"
pip install --upgrade pip
if [ -f "$TOP/requirements.txt" ]; then pip install -r "$TOP/requirements.txt"; fi
fi
python -m venv "$TOP/.venv"
source "$TOP/.venv/bin/activate"
pip install --upgrade pip
if [ -f "$TOP/requirements.txt" ]; then pip install -r "$TOP/requirements.txt"; fi
fi
'';
}

8
hosts/eirene/hardware/scripts/card.sh
View File

@@ -1,10 +1,10 @@
AMD=/dev/dri/by-path/pci-0000:06:00.0-card
NVIDIA=/dev/dri/by-path/pci-0000:01:00.0-card
if [[ -e "${AMD}" ]]; then
CARD=${AMD}
if [[ -e "$AMD" ]]; then
card=$AMD
else
CARD=${NVIDIA}
card=$NVIDIA
fi
ln -sf "${CARD}" "${HOME}"/.config/hypr/card
ln -sf "$card" "$HOME"/.config/hypr/card

8
hosts/eirene/hardware/scripts/mouse.sh
View File

@@ -5,10 +5,10 @@ SEARCH_STRINGS=(
)
for search_string in "${SEARCH_STRINGS[@]}"; do
echo "Searching for devices matching: ${search_string}"
echo "Searching for devices matching: $search_string"
for f in $(grep -l "${search_string}" /sys/bus/usb/devices/*/product 2>/dev/null | sed "s/product/power\\/control/"); do
echo "Setting power control to 'on' for: ${f}"
echo on >| "${f}"
for f in $(grep -l "$search_string" /sys/bus/usb/devices/*/product 2>/dev/null | sed "s/product/power\\/control/"); do
echo "Setting power control to 'on' for: $f"
echo on >| "$f"
done
done

20
hosts/elara/users/nikara/configs/console/gradle/default.nix Normal file
View File

@@ -0,0 +1,20 @@
{
user ? throw "user argument is required",
home ? throw "home argument is required",
}:
{ pkgs, ... }:
{
environment.persistence."/cache"."${home}/.local/share/gradle" = { };
home-manager.users.${user} = {
programs.gradle = {
enable = true;
home = ".local/share/gradle";
};
sops.secrets."artifactory" = {
sopsFile = ../../../../../../../secrets/sas/secrets.yaml;
path = "${home}/.local/share/gradle/gradle.properties";
};
};
}

22
hosts/elara/users/nikara/configs/console/java/default.nix
View File

@@ -4,24 +4,8 @@
}:
{ pkgs, ... }:
{
environment.persistence."/cache"."${home}/.local/share/gradle" = { };
home-manager.users.${user} = {
programs = {
java = {
enable = true;
package = pkgs.jdk17;
};
gradle = {
enable = true;
home = ".local/share/gradle";
};
};
sops.secrets."artifactory" = {
sopsFile = ../../../../../../../secrets/sas/secrets.yaml;
path = "${home}/.local/share/gradle/gradle.properties";
};
home-manager.users.${user}.programs.java = {
enable = true;
package = pkgs.jdk17;
};
}

8
hosts/elara/users/nikara/configs/console/snyk/default.nix
View File

@@ -1,8 +0,0 @@
{
user ? throw "user argument is required",
home ? throw "home argument is required",
}:
{ lib, pkgs, ... }:
{
home-manager.users.${user}.home.packages = with pkgs; [ snyk ];
}

2
hosts/elara/users/nikara/default.nix
View File

@@ -74,9 +74,9 @@ in
(import ./configs/console/docker { inherit user home; })
(import ./configs/console/git { inherit user home; })
(import ./configs/console/go { inherit user home; })
(import ./configs/console/gradle { inherit user home; })
(import ./configs/console/java { inherit user home; })
(import ./configs/console/kubernetes { inherit user home; })
(import ./configs/console/snyk { inherit user home; })
(import ./configs/gui/obsidian { inherit user home; })
(import ./configs/gui/vscode { inherit user home; })

18
lib/runtime/merge/key-value.sh
View File

@@ -1,13 +1,13 @@
SOURCE_FILE=$(realpath -m "$1")
TARGET_FILE=$(realpath -m "$2")
source=$(realpath -m "$1")
target=$(realpath -m "$2")
if [[ -f "${TARGET_FILE}" ]]; then
TEMP_FILE=$(mktemp)
awk -F '=' 'NR==FNR{a[$1]=$0;next}($1 in a){$0=a[$1]}1' "${SOURCE_FILE}" "${TARGET_FILE}" > "${TEMP_FILE}"
mv "${TEMP_FILE}" "${TARGET_FILE}"
if [[ -f "$target" ]]; then
temp=$(mktemp)
awk -F '=' 'NR==FNR{a[$1]=$0;next}($1 in a){$0=a[$1]}1' "$source" "$target" > "$temp"
mv "$temp" "$target"
else
mkdir -p "$(dirname "${TARGET_FILE}")"
cp "${SOURCE_FILE}" "${TARGET_FILE}"
mkdir -p "$(dirname "$target")"
cp "$source" "$target"
fi
echo "Configuration file ${TARGET_FILE} has been updated."
echo "Configuration file $target has been updated."

22
lib/scripts/add-host.sh
View File

@@ -9,24 +9,24 @@ if [[ "$#" -ne 2 ]]; then
exit 1
fi
HOST="$1"
host="$1"
mkdir -p "./hosts/${HOST}/secrets"
mkdir -p "./hosts/$host/secrets"
ssh-keygen -t ed25519 -f "./hosts/${HOST}/secrets/ssh_host_ed25519_key" -N ""
ssh-keygen -t ed25519 -f "./hosts/$host/secrets/ssh_host_ed25519_key" -N ""
AGE_KEY=$(nix shell nixpkgs#ssh-to-age --command bash -c "cat './hosts/${HOST}/secrets/ssh_host_ed25519_key.pub' | ssh-to-age")
age_key=$(nix shell nixpkgs#ssh-to-age --command bash -c "cat './hosts/$host/secrets/ssh_host_ed25519_key.pub' | ssh-to-age")
find . -type f -name "sops.yaml" | while IFS= read -r SOPS_FILE; do
sed -i "/- hosts:/a\ - &${HOST} ${AGE_KEY}" "${SOPS_FILE}"
sed -i "/- age:/a\ - *${HOST}" "${SOPS_FILE}"
find . -type f -name "sops.yaml" | while IFS= read -r sops_file; do
sed -i "/- hosts:/a\ - &$host $age_key" "$sops_file"
sed -i "/- age:/a\ - *$host" "$sops_file"
done
sed -i "/knownHosts = {/a\ ${HOST}.publicKeyFile = ../../../../${HOST}/secrets/ssh_host_ed25519_key.pub;" ./hosts/common/configs/system/ssh/default.nix
sed -i "/userKnownHostsFile = lib.strings.concatStringsSep \" \" \[/a\ ../../../../../${HOST}/secrets/ssh_host_ed25519_key.pub" ./hosts/common/configs/user/console/ssh/default.nix
sed -i "/knownHosts = {/a\ $host.publicKeyFile = ../../../../$host/secrets/ssh_host_ed25519_key.pub;" ./hosts/common/configs/system/ssh/default.nix
sed -i "/userKnownHostsFile = lib.strings.concatStringsSep \" \" \[/a\ ../../../../../$host/secrets/ssh_host_ed25519_key.pub" ./hosts/common/configs/user/console/ssh/default.nix
"$(dirname "$0")/update-keys.sh" "$2"
echo "Host ${HOST} has been successfully added."
echo "Host $host has been successfully added."
echo "You can generate SSH key pairs for any users that need to connect to user@host using the following command:"
echo "ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_${HOST}_<user>"
echo "ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_$host_<user>"

18
lib/scripts/remove-host.sh
View File

@@ -9,21 +9,21 @@ if [[ "$#" -ne 2 ]]; then
exit 1
fi
HOST="$1"
host="$1"
AGE_KEY=$(nix shell nixpkgs#ssh-to-age --command bash -c "cat './hosts/${HOST}/secrets/ssh_host_ed25519_key.pub' | ssh-to-age")
age_key=$(nix shell nixpkgs#ssh-to-age --command bash -c "cat './hosts/$host/secrets/ssh_host_ed25519_key.pub' | ssh-to-age")
find . -type f -name "sops.yaml" | while IFS= read -r SOPS_FILE; do
sed -i "/ - &${HOST} ${AGE_KEY}/d" "${SOPS_FILE}"
sed -i "/ - \*${HOST}/d" "${SOPS_FILE}"
find . -type f -name "sops.yaml" | while IFS= read -r sops_file; do
sed -i "/ - &$host $age_key/d" "$sops_file"
sed -i "/ - \*$host/d" "$sops_file"
done
sed -i "/${HOST}/d" ./hosts/common/configs/system/ssh/default.nix
sed -i "/${HOST}/d" ./hosts/common/configs/user/console/ssh/default.nix
sed -i "/$host/d" ./hosts/common/configs/system/ssh/default.nix
sed -i "/$host/d" ./hosts/common/configs/user/console/ssh/default.nix
"$(dirname "$0")/update-keys.sh" "$2"
rm -rf "./hosts/${HOST}"
rm -rf "./hosts/$host"
echo "Host ${HOST} has been successfully removed."
echo "Host $host has been successfully removed."
echo "Please remove SSH key pairs for any users that used to connect to this host."

12
lib/scripts/update-keys.sh
View File

@@ -11,13 +11,13 @@ fi
export SOPS_AGE_KEY_FILE="$1"
find . -type f -name 'sops.yaml' | while IFS= read -r SOPS_FILE; do
dir=$(dirname "${SOPS_FILE}")
echo "${dir}"
find "${dir}" -maxdepth 1 -type f -regextype posix-extended \
find . -type f -name 'sops.yaml' | while IFS= read -r sops_file; do
dir=$(dirname "$sops_file")
echo "$dir"
find "$dir" -maxdepth 1 -type f -regextype posix-extended \
-regex '.+\.(yaml|yml|json|env|ini|bin)' \
! -name 'sops.yaml' | while IFS= read -r file; do
echo "${file}"
nix shell nixpkgs#sops --command sops --config "${SOPS_FILE}" updatekeys "${file}" -y
echo "$file"
nix shell nixpkgs#sops --command sops --config "$sops_file" updatekeys "$file" -y
done
done