karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: karaolidis:a11dd05dbac717a17aec9bc17885bdb07f0286da
Branches Tags
karaolidis:main karaolidis:wireguard karaolidis:kubernetes
..
compare: karaolidis:main
Branches Tags
karaolidis:main karaolidis:wireguard karaolidis:kubernetes

67 Commits
a11dd05dba ... main

Author SHA1 Message Date
Nikolaos Karaolidis
2c3abfa403 Add grafana system & traefik dashboards 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-09-06 17:22:56 +01:00
Nikolaos Karaolidis
4f3bf154c0 Fix substituter settings 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-09-05 12:31:41 +01:00
Nikolaos Karaolidis
6ac95006cf Remove sish idle timeout 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-09-05 10:21:32 +00:00
Nikolaos Karaolidis
987ecc4935 Fix duplicate trusted nix user 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-09-05 10:19:43 +00:00
Nikolaos Karaolidis
0ceab452be Add attic 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-09-03 15:03:30 +01:00
Nikolaos Karaolidis
dd34a05ee8 Silence uwsm 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-09-03 10:49:17 +00:00
Nikolaos Karaolidis
35b9dd0cfc Remove elara sudo password 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-09-03 10:49:05 +00:00
Nikolaos Karaolidis
cf0d77b4d9 Update nvf 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-09-03 07:53:08 +00:00
Nikolaos Karaolidis
20b38b0467 Add sish tcp forwarding 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-09-01 16:33:35 +01:00
Nikolaos Karaolidis
f7112f73d7 Fix installer completions 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-09-01 14:37:59 +01:00
Nikolaos Karaolidis
8975de670a Update elara, jupiter 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-09-01 14:21:21 +01:00
Nikolaos Karaolidis
77baa2640f Add git host cli tools 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-09-01 12:55:05 +01:00
Nikolaos Karaolidis
8a21f9bbc7 Fix pinentry 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-31 18:16:41 +03:00
Nikolaos Karaolidis
02fce06e94 Update 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-31 13:06:33 +03:00
Nikolaos Karaolidis
10ae9082ba Add nvf persistence 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-29 14:00:43 +00:00
Nikolaos Karaolidis
85a62a84da Add hyprsunset 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-29 13:54:28 +00:00
Nikolaos Karaolidis
6883541678 Update gpg pinentry 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-29 13:54:07 +00:00
Nikolaos Karaolidis
2292c5663c Update nvf 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-29 13:32:11 +00:00
Nikolaos Karaolidis
56b53752bd Disable toggleterm winbar 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-28 12:58:48 +00:00
Nikolaos Karaolidis
ac06ba4fc6 Disable kitty window management 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-28 11:38:48 +00:00
Nikolaos Karaolidis
332b981f9b Fix neovim wsl 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-28 11:38:30 +00:00
Nikolaos Karaolidis
0ffc3e6df2 Update nvf 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-28 10:00:19 +00:00
Nikolaos Karaolidis
641d97f793 Add nvf 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-27 10:29:05 +00:00
Nikolaos Karaolidis
afe0298b1c Add zellij 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-26 11:41:55 +00:00
Nikolaos Karaolidis
deb460989e Update nixos-wsl 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-26 07:11:49 +00:00
Nikolaos Karaolidis
26fb9785b8 Update gitmodules 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-23 11:45:18 +03:00
Nikolaos Karaolidis
1877efac1d Add some GUI tools on elara 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-20 14:45:53 +00:00
Nikolaos Karaolidis
a3f6127cf8 Add cgroup v2 note 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-19 11:08:41 +00:00
Nikolaos Karaolidis
af53af5630 Let's hope WSL is not against company policy 
If you are looking at this, you know who you are

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-19 11:00:12 +00:00
Nikolaos Karaolidis
cd4976e22d Disable hyprland animations on elara 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-18 21:14:01 +03:00
Nikolaos Karaolidis
1550d6cdd4 Remove personal obsidian vault from elara 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-18 14:03:34 -04:00
Nikolaos Karaolidis
334778287d Update elara drive 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-18 13:46:02 -04:00
Nikolaos Karaolidis
dedbe814d5 Add hyper-v modules to installer 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-18 13:35:08 -04:00
Nikolaos Karaolidis
9b9c38c265 Update install script 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-18 13:32:46 -04:00
Nikolaos Karaolidis
fd78a2b3a2 Virtualize elara 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-18 13:07:20 -04:00
Nikolaos Karaolidis
063d3e57b3 Update sas flake 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-18 12:15:02 +03:00
Nikolaos Karaolidis
12c7181490 Optimize patching 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-18 11:46:33 +03:00
Nikolaos Karaolidis
adf022169e Use docker base image pkg 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-18 11:11:12 +03:00
Nikolaos Karaolidis
09fbf7150c Use overlay 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-17 21:24:31 +03:00
Nikolaos Karaolidis
795ea28583 Flakify lib, sas 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-17 16:47:20 +03:00
Nikolaos Karaolidis
4129589665 Disable fail2ban 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-17 10:59:13 +03:00
Nikolaos Karaolidis
62bd6e557b Add klog 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-16 14:00:12 +03:00
Nikolaos Karaolidis
bbe3219985 Add sonder 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-16 13:21:47 +03:00
Nikolaos Karaolidis
f0554a6a61 Disable system-wide ssh agent 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-16 12:59:07 +03:00
Nikolaos Karaolidis
197bfc447b Fix SSH identities bug 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-16 12:38:09 +03:00
Nikolaos Karaolidis
37888fd991 Commit submodules 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-15 22:07:52 +03:00
Nikolaos Karaolidis
7b93b1ac5b Add ncspot 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-15 14:33:36 +03:00
Nikolaos Karaolidis
9792e6b05b Add elara keybinds 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-15 14:33:11 +03:00
Nikolaos Karaolidis
a039938333 Add sas input 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-15 14:32:44 +03:00
Nikolaos Karaolidis
573d3dccc2 Remove GitLab CI 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-15 14:30:55 +03:00
Nikolaos Karaolidis
0665ded197 Reorganize secrets 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-15 09:58:03 +03:00
Nikolaos Karaolidis
2da836953b Enable copilot on elara 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-13 10:45:19 +03:00
Nikolaos Karaolidis
ca575c9a4c Add vscode smooth scrolling 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-13 10:21:40 +03:00
Nikolaos Karaolidis
9159756011 Add spicetify 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-13 10:21:30 +03:00
Nikolaos Karaolidis
1a1fe30c96 Switch secrets to SSH 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-11 17:12:03 +02:00
Nikolaos Karaolidis
a9875aa0e0 Update 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-11 17:10:45 +02:00
Nikolaos Karaolidis
b18dba83a4 Fix steam-ln 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-09 20:24:18 +02:00
Nikolaos Karaolidis
1234d7d455 Add lanzaboote 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-09 18:09:43 +02:00
Nikolaos Karaolidis
6873ecc0df Add hugo vscode extension 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-04 11:56:50 +02:00
Nikolaos Karaolidis
96da7fdb0c Update flake template 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-04 10:51:21 +02:00
Nikolaos Karaolidis
027ecdf887 Edit Jellyfin library order 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-01 12:52:50 +01:00
Nikolaos Karaolidis
300f2ff34f Add SAS ssh aliases 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-01 11:50:35 +01:00
Nikolaos Karaolidis
d8f143db13 Update SAS tunnel implementation 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-01 11:37:16 +01:00
Nikolaos Karaolidis
98dae8cb02 Update ssh keys 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-01 09:43:52 +01:00
Nikolaos Karaolidis
9126dfed0d Fix gitea runner images 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-07-31 12:27:59 +01:00
Nikolaos Karaolidis
4512cce3d4 Fix gitea runner registration 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-07-31 11:19:16 +01:00
Nikolaos Karaolidis
f1593c2c56 Update 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-07-31 00:42:01 +01:00
265 changed files with 24170 additions and 18116 deletions
Expand all files Collapse all files

7
.gitignore vendored Normal file
View File

@@ -0,0 +1,7 @@
# ---> Nix
# Ignore build outputs from performing a nix-build or `nix build` command
result
result-*
# Ignore automatically generated direnv output
.direnv

27
.gitlab-ci.yml
View File

@@ -1,27 +0,0 @@
stages:
- build
- test
variables:
GIT_SUBMODULE_STRATEGY: recursive
cache: &global_cache
key:
files:
- flake.lock
- flake.nix
paths:
- /nix/store
policy: pull-push
build:
image: nixos/nix
stage: build
timeout: 48h
cache:
<<: *global_cache
script:
- nix --experimental-features 'nix-command flakes' flake check --show-trace
include:
- template: Jobs/Secret-Detection.gitlab-ci.yml

10
.gitmodules vendored
View File

@@ -1,3 +1,9 @@
[submodule "secrets"] [submodule "secrets"]
path = secrets path = submodules/secrets
url = https://git.karaolidis.com/karaolidis/nix-secrets.git url = git@karaolidis.com:karaolidis/nix-secrets.git
[submodule "sas"]
path = submodules/sas
url = git@karaolidis.com:karaolidis/nix-sas.git
[submodule "lib"]
path = submodules/lib
url = git@karaolidis.com:karaolidis/nix-lib.git

16
README.md
View File

@@ -7,7 +7,6 @@ NixOS dotfiles and configuration for various hosts and users.
- [`flake.lock`](./flake.lock) and [`flake.nix`](./flake.nix): Core Nix flake files defining the repository's dependencies and entry points. - [`flake.lock`](./flake.lock) and [`flake.nix`](./flake.nix): Core Nix flake files defining the repository's dependencies and entry points.
- [`hosts/`](./hosts): All host-specific configurations. - [`hosts/`](./hosts): All host-specific configurations.
- [`common/`](./hosts/common): Shared configuration definitions. - [`common/`](./hosts/common): Shared configuration definitions.
- [`shells/`](./hosts/common/shells): Nix dev shells. - [`shells/`](./hosts/common/shells): Nix dev shells.
- [`configs/`](./hosts/common/configs): System configurations applicable to all hosts. - [`configs/`](./hosts/common/configs): System configurations applicable to all hosts.
@@ -17,15 +16,16 @@ NixOS dotfiles and configuration for various hosts and users.
- [`gui/`](./hosts/common/configs/user/gui): GUI-related settings. - [`gui/`](./hosts/common/configs/user/gui): GUI-related settings.
- `<name>/`: Individual host configurations. - `<name>/`: Individual host configurations.
- [`overlays/`](./overlays/): Custom patches.
- [`packages/`](./packages/): Custom packages. - [`packages/`](./packages/): Custom packages.
- [`lib/`](./lib): Nix library function definitions and utilities. - [`scripts/`](./scripts): Utility scripts for managing the repository.
- [`add-host.sh`](./scripts/add-host.sh): Instantiate the keys for a new host configuration.
- [`scripts/`](./lib/scripts): Utility scripts for managing the repository. - [`remove-host.sh`](./scripts/remove-host.sh): Remove references to a host.
- [`add-host.sh`](./lib/scripts/add-host.sh): Instantiate the keys for a new host configuration. - [`update-keys.sh`](./scripts/update-keys.sh): Update the encryption keys in all relevant files using `sops.yaml` configurations.
- [`remove-host.sh`](./lib/scripts/remove-host.sh): Remove references to a host. - [`update.sh`](./scripts/update.sh): Update flake and all packages.
- [`update-keys.sh`](./lib/scripts/update-keys.sh): Update the encryption keys in all relevant files using `sops.yaml` configurations. - [`cache.sh`](./scripts/cache.sh): Build all `nixosConfiguration`s and push them to `attic`.
- [`update.sh`](./lib/scripts/update.sh): Update flake and all packages.
Any `options.nix` files create custom option definitions when present. Any `options.nix` files create custom option definitions when present.

361
flake.lock generated
View File

@@ -5,17 +5,16 @@
"astal": [ "astal": [
"astal" "astal"
], ],
"gnim": "gnim",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1752328525, "lastModified": 1756487002,
"narHash": "sha256-0aaVFLQxY1dKIS5jzwhbO847yIdr3U0o2heUzC5iat4=", "narHash": "sha256-hN9RfNXy53qAkT68T+IYZpl68uE1uPOVMkw0MqC43KA=",
"owner": "aylur", "owner": "aylur",
"repo": "ags", "repo": "ags",
"rev": "2eb3ea54311b0f7ba9d333d661d12cda1ed5507e", "rev": "8ff792dba6cc82eed10e760f551075564dd0a407",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -31,11 +30,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1752404970, "lastModified": 1756474652,
"narHash": "sha256-XULTToDUkIshNXEO+YP2mAHdQv8bxWDvKjbamBfOC8E=", "narHash": "sha256-iiBU6itpEqE0spXeNJ3uJTfioSyKYjt5bNepykpDXTE=",
"owner": "aylur", "owner": "aylur",
"repo": "astal", "repo": "astal",
"rev": "2c5eb54f39e1710c6e2c80915a240978beb3269a", "rev": "20bd8318e4136fbd3d4eb2d64dbabc3acbc915dd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -44,6 +43,21 @@
"type": "github" "type": "github"
} }
}, },
"crane": {
"locked": {
"lastModified": 1754269165,
"narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=",
"owner": "ipetkov",
"repo": "crane",
"rev": "444e81206df3f7d92780680e45858e31d2f07a08",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"disko": { "disko": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -65,6 +79,20 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat": {
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"revCount": 69,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-input-patcher": { "flake-input-patcher": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -90,17 +118,14 @@
}, },
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": "nixpkgs-lib"
"nur",
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1733312601, "lastModified": 1754487366,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -129,19 +154,25 @@
"type": "github" "type": "github"
} }
}, },
"gnim": { "gitignore": {
"flake": false, "inputs": {
"nixpkgs": [
"lanzaboote",
"pre-commit-hooks-nix",
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1751928958, "lastModified": 1709087332,
"narHash": "sha256-vQY2L+Hnp6F1MHFa3UbMft1goGw3iODI5M+96Z7P+9Q=", "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "aylur", "owner": "hercules-ci",
"repo": "gnim", "repo": "gitignore.nix",
"rev": "9bffa83f52f711b13e3c139454623a9aea4f5552", "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "aylur", "owner": "hercules-ci",
"repo": "gnim", "repo": "gitignore.nix",
"type": "github" "type": "github"
} }
}, },
@@ -152,11 +183,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1753675338, "lastModified": 1756579987,
"narHash": "sha256-KDS9sr7dddH97lUXa7oxfRqphBlCA6JxZO4m/Z4W06I=", "narHash": "sha256-duCce8zGsaMsrqqOmLOsuaV1PVIw/vXWnKuLKZClsGg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "e4b032ba5113664f0b8b23d956e59ce8e0bc349d", "rev": "99a69bdf8a3c6bf038c4121e9c4b6e99706a187a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -165,13 +196,104 @@
"type": "github" "type": "github"
} }
}, },
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": [
"flake-compat"
],
"flake-parts": [
"flake-parts"
],
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1754297745,
"narHash": "sha256-aD6/scLN3L4ZszmNbhhd3JQ9Pzv1ScYFphz14wHinfs=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "892cbdca865d6b42f9c0d222fe309f7720259855",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "lanzaboote",
"type": "github"
}
},
"lib": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": [
"treefmt-nix"
]
},
"locked": {
"lastModified": 1755506074,
"narHash": "sha256-SztuKbAPppW5grMJLSGO5rBCXEWCOfhb39cPDONEUfo=",
"ref": "refs/heads/main",
"rev": "ac85b6f608ed88d424621ec30f3848d621383487",
"revCount": 6,
"type": "git",
"url": "https://git.karaolidis.com/karaolidis/nix-lib.git"
},
"original": {
"type": "git",
"url": "https://git.karaolidis.com/karaolidis/nix-lib.git"
}
},
"mnw": {
"locked": {
"lastModified": 1748710831,
"narHash": "sha256-eZu2yH3Y2eA9DD3naKWy/sTxYS5rPK2hO7vj8tvUCSU=",
"owner": "Gerg-L",
"repo": "mnw",
"rev": "cff958a4e050f8d917a6ff3a5624bc4681c6187d",
"type": "github"
},
"original": {
"owner": "Gerg-L",
"repo": "mnw",
"type": "github"
}
},
"nixos-wsl": {
"inputs": {
"flake-compat": [
"flake-compat"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1755774185,
"narHash": "sha256-XjKqiTA19mkoBkja0VOy90qp2gC1f2fGgsLb9m1lg5Q=",
"owner": "karaolidis",
"repo": "NixOS-WSL",
"rev": "b1f426697f62006b99fac0cc25a106626c78f874",
"type": "github"
},
"original": {
"owner": "karaolidis",
"ref": "extra-files",
"repo": "NixOS-WSL",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1753549186, "lastModified": 1756542300,
"narHash": "sha256-Znl7rzuxKg/Mdm6AhimcKynM7V3YeNDIcLjBuoBcmNs=", "narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "17f6bd177404d6d43017595c5264756764444ab8", "rev": "d7600c775f877cd87b4f5a831c28aa94137377aa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -181,19 +303,36 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-lib": {
"locked": {
"lastModified": 1753579242,
"narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nur": { "nur": {
"inputs": { "inputs": {
"flake-parts": "flake-parts", "flake-parts": [
"flake-parts"
],
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1753691404, "lastModified": 1756630008,
"narHash": "sha256-1sZg24xTL6k3ktFrOWOf0/bhYIYzND+cfsxb5VDRahU=", "narHash": "sha256-weZiVKbiWQzTifm6qCxzhxghEu5mbh9mWNUdkzOLCR0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "e3fe68989cba00e16de704432a7a760fb1f7e573", "rev": "f6a5a7b60dd6065e78ef06390767e689ffa3c23f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -202,6 +341,36 @@
"type": "github" "type": "github"
} }
}, },
"nvf": {
"inputs": {
"flake-compat": [
"flake-compat"
],
"flake-parts": [
"flake-parts"
],
"mnw": "mnw",
"nixpkgs": [
"nixpkgs"
],
"systems": [
"systems"
]
},
"locked": {
"lastModified": 1755463179,
"narHash": "sha256-5Ggb1Mhf7ZlRgGi2puCa2PvWs6KbMnWBlW6KW7Vf79Y=",
"owner": "NotAShelf",
"repo": "nvf",
"rev": "03833118267ad32226b014b360692bdce9d6e082",
"type": "github"
},
"original": {
"owner": "NotAShelf",
"repo": "nvf",
"type": "github"
}
},
"nvidia-patch": { "nvidia-patch": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -212,11 +381,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1753078133, "lastModified": 1756052001,
"narHash": "sha256-z+cvobe/+6pSVmwVrI+/k4lt7CjsQtfhlMaAlLQcSPY=", "narHash": "sha256-dlLqyHxqiFAoIwshKe9X3PzXcJ+up88Qb2JVQswFaNE=",
"owner": "icewind1991", "owner": "icewind1991",
"repo": "nvidia-patch-nixos", "repo": "nvidia-patch-nixos",
"rev": "b5bb7576a5a951cea1a46703f488ac76fa827876", "rev": "780af7357d942fad2ddd9f325615a5f6ea7e37ee",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -225,13 +394,39 @@
"type": "github" "type": "github"
} }
}, },
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": [
"lanzaboote",
"flake-compat"
],
"gitignore": "gitignore",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1750779888,
"narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"quadlet-nix": { "quadlet-nix": {
"locked": { "locked": {
"lastModified": 1753321053, "lastModified": 1754008153,
"narHash": "sha256-7d9eSy3qhzVut64dKzDriKo44LfXRCS5ykk4BAbNfVU=", "narHash": "sha256-MYT1mDtSkiVg343agxgBFsnuNU3xS8vRy399JXX1Vw0=",
"owner": "SEIAROTg", "owner": "SEIAROTg",
"repo": "quadlet-nix", "repo": "quadlet-nix",
"rev": "172f2a786615dccc153550832f0bf2f373d5d261", "rev": "1b2d27d460d8c7e4da5ba44ede463b427160b5c4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -245,13 +440,20 @@
"ags": "ags", "ags": "ags",
"astal": "astal", "astal": "astal",
"disko": "disko", "disko": "disko",
"flake-compat": "flake-compat",
"flake-input-patcher": "flake-input-patcher", "flake-input-patcher": "flake-input-patcher",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"home-manager": "home-manager", "home-manager": "home-manager",
"lanzaboote": "lanzaboote",
"lib": "lib",
"nixos-wsl": "nixos-wsl",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nur": "nur", "nur": "nur",
"nvf": "nvf",
"nvidia-patch": "nvidia-patch", "nvidia-patch": "nvidia-patch",
"quadlet-nix": "quadlet-nix", "quadlet-nix": "quadlet-nix",
"sas": "sas",
"secrets": "secrets", "secrets": "secrets",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"spicetify-nix": "spicetify-nix", "spicetify-nix": "spicetify-nix",
@@ -259,20 +461,67 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
} }
}, },
"secrets": { "rust-overlay": {
"flake": false, "inputs": {
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1753458351, "lastModified": 1754189623,
"narHash": "sha256-wsZQkEA3YYouRu7wjepetS6rnwLEr00wMpIQsxbZNTU=", "narHash": "sha256-fstu5eb30UYwsxow0aQqkzxNxGn80UZjyehQVNVHuBk=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "c582ff7f0d8a7ea689ae836dfb1773f1814f472a",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"sas": {
"inputs": {
"lib": [
"lib"
],
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": [
"treefmt-nix"
]
},
"locked": {
"lastModified": 1755532656,
"narHash": "sha256-xYb5dJej3emyr4oWWAhkMP8rPc3kdVOXGZcIbAx1Y/I=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "6ce176beb34bfe0ac65131564c1fa3f5d0aca1fe", "rev": "b01f3f8456903cb1bde9637cc23b456b47354138",
"revCount": 26, "revCount": 11,
"type": "git", "type": "git",
"url": "https://git.karaolidis.com/karaolidis/nix-secrets.git" "url": "ssh://git@karaolidis.com/karaolidis/nix-sas.git"
}, },
"original": { "original": {
"type": "git", "type": "git",
"url": "https://git.karaolidis.com/karaolidis/nix-secrets.git" "url": "ssh://git@karaolidis.com/karaolidis/nix-sas.git"
}
},
"secrets": {
"flake": false,
"locked": {
"lastModified": 1756900832,
"narHash": "sha256-sMne4dvYzcdbDVcMPY6NLVHiZbgjtDrxttKG0Vig8WQ=",
"ref": "refs/heads/main",
"rev": "adac63f6daffb4e14ce0fb94e93eb987e2460064",
"revCount": 38,
"type": "git",
"url": "ssh://git@karaolidis.com/karaolidis/nix-secrets.git"
},
"original": {
"type": "git",
"url": "ssh://git@karaolidis.com/karaolidis/nix-secrets.git"
} }
}, },
"sops-nix": { "sops-nix": {
@@ -282,11 +531,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1752544651, "lastModified": 1754988908,
"narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=", "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "2c8def626f54708a9c38a5861866660395bb3461", "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -305,11 +554,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1753591727, "lastModified": 1756614537,
"narHash": "sha256-Ow+qyFckroPS4SQFHcFZ8mKh3HIQ2pQdC6DRjiYF9EE=", "narHash": "sha256-qyszmZO9CEKAlj5NBQo1AIIADm5Fgqs5ZggW1sU1TVo=",
"owner": "Gerg-L", "owner": "Gerg-L",
"repo": "spicetify-nix", "repo": "spicetify-nix",
"rev": "26c488b60360e15db372483d826cec89ac532980", "rev": "374eb5d97092b97f7aaafd58a2012943b388c0df",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -340,11 +589,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1753439394, "lastModified": 1755934250,
"narHash": "sha256-Bv9h1AJegLI8uAhiJ1sZ4XAndYxhgf38tMgCQwiEpmc=", "narHash": "sha256-CsDojnMgYsfshQw3t4zjRUkmMmUdZGthl16bXVWgRYU=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "2673921c03d6e75fdf4aa93e025772608d1482cf", "rev": "74e1a52d5bd9430312f8d1b8b0354c92c17453e5",
"type": "github" "type": "github"
}, },
"original": { "original": {

127
flake.nix
View File

@@ -1,5 +1,6 @@
{ {
inputs = { inputs = {
# Configuration
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
home-manager = { home-manager = {
@@ -7,33 +8,21 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
disko = { # Packages
url = "github:nix-community/disko/latest"; nur = {
inputs.nixpkgs.follows = "nixpkgs"; url = "github:nix-community/NUR";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-parts.follows = "flake-parts";
};
}; };
# DevOps
sops-nix = { sops-nix = {
url = "github:Mic92/sops-nix"; url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
secrets = {
url = "git+https://git.karaolidis.com/karaolidis/nix-secrets.git";
flake = false;
};
systems.url = "github:nix-systems/default";
nur = {
url = "github:nix-community/NUR";
inputs.nixpkgs.follows = "nixpkgs";
};
flake-utils = {
url = "github:numtide/flake-utils";
inputs.systems.follows = "systems";
};
treefmt-nix = { treefmt-nix = {
url = "github:numtide/treefmt-nix"; url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@@ -47,6 +36,66 @@
}; };
}; };
# Personal
lib = {
# FIXME: https://github.com/NixOS/nix/issues/12281
url = "git+https://git.karaolidis.com/karaolidis/nix-lib.git";
inputs = {
nixpkgs.follows = "nixpkgs";
treefmt-nix.follows = "treefmt-nix";
};
};
sas = {
# FIXME: https://github.com/NixOS/nix/issues/12281
url = "git+ssh://git@karaolidis.com/karaolidis/nix-sas.git";
inputs = {
nixpkgs.follows = "nixpkgs";
lib.follows = "lib";
treefmt-nix.follows = "treefmt-nix";
};
};
secrets = {
# FIXME: https://github.com/NixOS/nix/issues/12281
url = "git+ssh://git@karaolidis.com/karaolidis/nix-secrets.git";
flake = false;
};
# Hardware
disko = {
url = "github:nix-community/disko/latest";
inputs.nixpkgs.follows = "nixpkgs";
};
lanzaboote = {
url = "github:nix-community/lanzaboote";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-compat.follows = "flake-compat";
flake-parts.follows = "flake-parts";
};
};
nixos-wsl = {
url = "github:karaolidis/NixOS-WSL/extra-files";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-compat.follows = "flake-compat";
};
};
# Applications
nvf = {
url = "github:NotAShelf/nvf";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-compat.follows = "flake-compat";
flake-parts.follows = "flake-parts";
systems.follows = "systems";
};
};
quadlet-nix.url = "github:SEIAROTg/quadlet-nix"; quadlet-nix.url = "github:SEIAROTg/quadlet-nix";
nvidia-patch = { nvidia-patch = {
@@ -77,17 +126,30 @@
systems.follows = "systems"; systems.follows = "systems";
}; };
}; };
# Transitive Dependencies
systems.url = "github:nix-systems/default";
flake-parts.url = "github:hercules-ci/flake-parts";
flake-utils = {
url = "github:numtide/flake-utils";
inputs.systems.follows = "systems";
};
flake-compat.url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz";
}; };
outputs = outputs =
inputs: unpatchedInputs:
let let
mkInputs = patchInputs =
system: system:
let let
patcher = inputs.flake-input-patcher.lib.${system}; patcher = unpatchedInputs.flake-input-patcher.lib.${system};
patches = import ./patches.nix { inherit patcher; };
in in
patcher.patch inputs (import ./patches.nix { inherit patcher; }); if patches != { } then patcher.patch unpatchedInputs patches else unpatchedInputs;
mkNixosConfiguration = mkNixosConfiguration =
inputs: system: modules: inputs: system: modules:
@@ -96,14 +158,21 @@
specialArgs = { inherit inputs system; }; specialArgs = { inherit inputs system; };
}; };
in in
( {
overlays.default = import ./overlays;
}
// (
let let
system = "x86_64-linux"; system = "x86_64-linux";
inputs = mkInputs system; inputs = patchInputs system;
pkgs = import inputs.nixpkgs { pkgs = import inputs.nixpkgs {
inherit system; inherit system;
config.allowUnfree = true; config.allowUnfree = true;
overlays = [
inputs.lib.overlays.default
inputs.self.overlays.default
];
}; };
treefmt = inputs.treefmt-nix.lib.evalModule pkgs ./treefmt.nix; treefmt = inputs.treefmt-nix.lib.evalModule pkgs ./treefmt.nix;
@@ -118,11 +187,9 @@
}; };
devShells.${system} = import ./hosts/common/shells { inherit pkgs; }; devShells.${system} = import ./hosts/common/shells { inherit pkgs; };
lib.${system} = import ./lib { inherit pkgs; }; packages.${system} = import ./packages { inherit pkgs; };
packages.${system} = import ./packages { inherit pkgs inputs system; };
formatter.${system} = treefmt.config.build.wrapper; formatter.${system} = treefmt.config.build.wrapper;
checks.formatting.${system} = treefmt.config.build.check inputs.self; checks.${system}.formatting = treefmt.config.build.check inputs.self;
} }
); );
} }

5
hosts/common/configs/system/cloudflared/default.nix
View File

@@ -1,5 +0,0 @@
{ ... }:
{
# https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/create-local-tunnel/
services.cloudflared.enable = true;
}

22
hosts/common/configs/system/dnsmasq/default.nix
View File

@@ -1,22 +0,0 @@
{ lib, pkgs, ... }:
{
networking.networkmanager.dns = "dnsmasq";
environment.etc."NetworkManager/dnsmasq.d/10-bind-interfaces.conf".source =
(pkgs.formats.keyValue {
mkKeyValue =
name: value:
if value == true then
name
else if value == false then
""
else
lib.generators.mkKeyValueDefault { } "=" name value;
listsAsDuplicateKeys = true;
}).generate
"10-bind-interfaces.conf"
{
bind-interfaces = true;
listen-address = [ "127.0.0.1" ];
};
}

14
hosts/common/configs/system/fail2ban/default.nix Normal file
View File

@@ -0,0 +1,14 @@
{ ... }:
{
environment.persistence."/persist/state"."/var/lib/fail2ban" = { };
services.fail2ban = {
enable = true;
bantime = "24h";
bantime-increment = {
enable = true;
maxtime = "720h";
overalljails = true;
};
};
}

4
hosts/common/configs/system/gpg-agent/default.nix
View File

@@ -1,4 +0,0 @@
{ ... }:
{
programs.gnupg.agent.enable = true;
}

22
hosts/common/configs/system/lanzaboote/default.nix Normal file
View File

@@ -0,0 +1,22 @@
{
inputs,
lib,
pkgs,
...
}:
{
imports = [ inputs.lanzaboote.nixosModules.lanzaboote ];
environment = {
persistence."/persist/state"."/var/lib/sbctl" = { };
systemPackages = with pkgs; [ sbctl ];
};
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
}

7
hosts/common/configs/system/libvirt/default.nix
View File

@@ -1,9 +1,4 @@
{ { config, pkgs, ... }:
config,
lib,
pkgs,
...
}:
{ {
virtualisation = { virtualisation = {
libvirtd = { libvirtd = {

5
hosts/common/configs/system/nix-install/install.completion.zsh
View File

@@ -4,6 +4,7 @@ _nix-install_completion() {
'-m[Mode: 'install' or 'repair']:mode:(install repair)' '-m[Mode: 'install' or 'repair']:mode:(install repair)'
'-h[Host to configure]:host:($(_list_hosts))' '-h[Host to configure]:host:($(_list_hosts))'
'-k[Key file to copy to user config]:key:($(_list_keys))' '-k[Key file to copy to user config]:key:($(_list_keys))'
'-s[Enroll secure boot keys on current device]'
'-c[Copy configuration to target]' '-c[Copy configuration to target]'
'-r[Reboot after completion]' '-r[Reboot after completion]'
) )
@@ -17,8 +18,8 @@ _nix-install_completion() {
_list_keys() { _list_keys() {
local flake="$(realpath ${words[2]})" local flake="$(realpath ${words[2]})"
if [[ -d "$flake/secrets" ]]; then if [[ -d "$flake/submodules/secrets/domains" ]]; then
find "$flake/secrets" -type f -name 'key.txt' | sed -E 's|^.*/secrets/([^/]+)/key.txt$|\1|' | sort -u find "$flake/submodules/secrets/domains" -type f -name 'key.txt' | sed -E 's|^.*/submodules/secrets/domains/([^/]+)/key.txt$|\1|' | sort -u
fi fi
} }

73
hosts/common/configs/system/nix-install/install.sh
View File

@@ -1,13 +1,14 @@
# shellcheck shell=bash # shellcheck shell=bash
usage() { usage() {
echo "Usage: $0 flake -m install|repair -h host [-k key] [-p password_file] [-c] [-r]" echo "Usage: $0 flake -m install|repair -h host [-k key] [-p password_file] [-s] [-c] [-r]"
echo echo
echo "Options:" echo "Options:"
echo " flake Directory containing the flake.nix file." echo " flake Directory containing the flake.nix file."
echo " -m mode Mode: 'install' or 'repair'." echo " -m mode Mode: 'install' or 'repair'."
echo " -h host Host to configure." echo " -h host Host to configure."
echo " -k key Key file to copy to user config." echo " -k key Key file to copy to user config."
echo " -s Enroll secure boot keys on current device."
echo " -c Copy configuration to target." echo " -c Copy configuration to target."
echo " -r Reboot after completion." echo " -r Reboot after completion."
exit 1 exit 1
@@ -35,23 +36,24 @@ check_flake() {
} }
check_host() { check_host() {
if ! nix flake show --quiet --json "$flake" 2>/dev/null | jq -e ".nixosConfigurations[\"$host\"]" &>/dev/null; then if ! nix flake show --allow-import-from-derivation --quiet --json "$flake" 2>/dev/null | jq -e ".nixosConfigurations[\"$host\"]" &>/dev/null; then
echo "Host '$host' not found in flake." echo "Host '$host' not found in flake."
exit 1 exit 1
fi fi
} }
check_key() { check_key() {
if [[ -n "$key" ]] && [[ ! -f "$flake/secrets/$key/key.txt" ]]; then if [[ -n "$key" ]] && [[ ! -f "$flake/submodules/secrets/domains/$key/key.txt" ]]; then
echo "Key '$key' not found." echo "Key '$key' not found."
exit 1 exit 1
fi fi
} }
set_password_file() { set_password_file() {
SOPS_AGE_KEY_FILE="$flake/secrets/$key/key.txt" SOPS_AGE_KEY_FILE="$flake/submodules/secrets/domains/$key/key.txt"
export SOPS_AGE_KEY_FILE export SOPS_AGE_KEY_FILE
sops --decrypt --extract "['luks']" "$flake/secrets/hosts/$host/secrets.yaml" > /tmp/keyfile install -m 600 /dev/null /tmp/keyfile
sops --decrypt --extract "['luks']" "$flake/submodules/secrets/hosts/$host/secrets.yaml" > /tmp/keyfile
unset SOPS_AGE_KEY_FILE unset SOPS_AGE_KEY_FILE
} }
@@ -62,9 +64,9 @@ prepare_disk() {
disko -m "$disko_mode" --yes-wipe-all-disks --root-mountpoint "$root" "$flake/hosts/$host/format.nix" disko -m "$disko_mode" --yes-wipe-all-disks --root-mountpoint "$root" "$flake/hosts/$host/format.nix"
} }
copy_keys() { copy_sops_keys() {
mkdir -p "$root/persist/state/etc/ssh" mkdir -p "$root/persist/state/etc/ssh"
cp -f "$flake/secrets/hosts/$host/ssh_host_ed25519_key" "$root/persist/state/etc/ssh/ssh_host_ed25519_key" cp -f "$flake/submodules/secrets/hosts/$host/ssh_host_ed25519_key" "$root/persist/state/etc/ssh/ssh_host_ed25519_key"
for path in "$flake/hosts/$host/users"/*; do for path in "$flake/hosts/$host/users"/*; do
if [[ -z "$key" ]]; then if [[ -z "$key" ]]; then
@@ -75,7 +77,7 @@ copy_keys() {
user=$(basename "$path") user=$(basename "$path")
mkdir -p "$root/persist/state/home/$user/.config/sops-nix" mkdir -p "$root/persist/state/home/$user/.config/sops-nix"
cp -f "$flake/secrets/$key/key.txt" "$root/persist/state/home/$user/.config/sops-nix/key.txt" cp -f "$flake/submodules/secrets/domains/$key/key.txt" "$root/persist/state/home/$user/.config/sops-nix/key.txt"
owner=$(cat "$flake/hosts/$host/users/$user/uid") owner=$(cat "$flake/hosts/$host/users/$user/uid")
group=100 group=100
@@ -87,26 +89,46 @@ copy_keys() {
done done
} }
install() { copy_secure_boot_keys() {
mkdir -p "$root/persist/state/var/lib/sbctl/keys"/{db,KEK,PK}
SOPS_AGE_KEY_FILE="$flake/submodules/secrets/domains/$key/key.txt"
export SOPS_AGE_KEY_FILE
sops --decrypt --extract "['guid']" "$flake/submodules/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/GUID"
sops --decrypt --extract "['keys']['kek']['key']" "$flake/submodules/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/KEK/KEK.key"
sops --decrypt --extract "['keys']['kek']['pem']" "$flake/submodules/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/KEK/KEK.pem"
sops --decrypt --extract "['keys']['pk']['key']" "$flake/submodules/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/PK/PK.key"
sops --decrypt --extract "['keys']['pk']['pem']" "$flake/submodules/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/PK/PK.pem"
sops --decrypt --extract "['keys']['db']['key']" "$flake/submodules/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/db/db.key"
sops --decrypt --extract "['keys']['db']['pem']" "$flake/submodules/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/db/db.pem"
chmod 400 "$root/persist/state/var/lib/sbctl/keys"/*/*
unset SOPS_AGE_KEY_FILE
mkdir -p "$root/var/lib/sbctl"
mount --bind -o X-fstrim.notrim,x-gvfs-hide "$root/persist/state/var/lib/sbctl" "$root/var/lib/sbctl"
}
install_nixos() {
nixos-install --root "$root" --flake "$flake#$host" --no-root-passwd nixos-install --root "$root" --flake "$flake#$host" --no-root-passwd
} }
enroll_secure_boot() {
sbctl enroll-keys --microsoft
}
copy_config() { copy_config() {
echo "Copying configuration..." echo "Copying configuration..."
mkdir -p "$root/persist/user/etc/nixos" mkdir -p "$root/persist/user/etc"
rm -rf "$root/persist/user/etc/nixos" rm -rf "$root/persist/user/etc/nixos"
cp -r "$flake" "$root/persist/user/etc/nixos" cp -r "$flake" "$root/persist/user/etc/nixos"
} }
finish() {
echo "Rebooting system..."
trap - EXIT
cleanup
reboot
}
cleanup() { cleanup() {
rm -f /tmp/keyfile rm -f /tmp/keyfile
if [[ -d "$root" ]]; then umount "$root/var/lib/sbctl"; fi
if [[ -n "$host" ]]; then disko -m "unmount" "$flake/hosts/$host/format.nix"; fi if [[ -n "$host" ]]; then disko -m "unmount" "$flake/hosts/$host/format.nix"; fi
if [[ -d "$root" ]]; then rmdir "$root"; fi if [[ -d "$root" ]]; then rmdir "$root"; fi
} }
@@ -124,14 +146,16 @@ main() {
mode="" mode=""
host="" host=""
key="" key=""
enroll_secure_boot_flag="false"
copy_config_flag="false" copy_config_flag="false"
reboot_flag="false" reboot_flag="false"
while getopts "m:h:k:cr" opt; do while getopts "m:h:k:scr" opt; do
case "$opt" in case "$opt" in
m) mode="$OPTARG" ;; m) mode="$OPTARG" ;;
h) host="$OPTARG" ;; h) host="$OPTARG" ;;
k) key="$OPTARG" ;; k) key="$OPTARG" ;;
s) enroll_secure_boot_flag="true" ;;
c) copy_config_flag="true" ;; c) copy_config_flag="true" ;;
r) reboot_flag="true" ;; r) reboot_flag="true" ;;
*) usage ;; *) usage ;;
@@ -153,10 +177,17 @@ main() {
;; ;;
esac esac
copy_keys copy_sops_keys
install copy_secure_boot_keys
install_nixos
[[ "$enroll_secure_boot_flag" == "true" ]] && enroll_secure_boot
[[ "$copy_config_flag" == "true" ]] && copy_config [[ "$copy_config_flag" == "true" ]] && copy_config
[[ "$reboot_flag" == "true" ]] && finish
cleanup
[[ "$reboot_flag" == "true" ]] && reboot
} }
main "$@" main "$@"

8
hosts/common/configs/system/nix-update/default.nix
View File

@@ -1,12 +1,4 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
nixpkgs.overlays = [
(final: prev: {
nix-update = prev.nix-update.overrideAttrs (oldAttrs: {
patches = oldAttrs.patches or [ ] ++ [ ./source-attribute.patch ];
});
})
];
environment.systemPackages = with pkgs; [ nix-update ]; environment.systemPackages = with pkgs; [ nix-update ];
} }

127
hosts/common/configs/system/nix-update/source-attribute.patch
View File

@@ -1,127 +0,0 @@
diff --git a/nix_update/__init__.py b/nix_update/__init__.py
index 89bbe45..93f9322 100644
--- a/nix_update/__init__.py
+++ b/nix_update/__init__.py
@@ -124,6 +124,12 @@ def parse_args(args: list[str]) -> Options:
default=[],
)
+ parser.add_argument(
+ "--src-attr",
+ help="Src attribute",
+ default="src",
+ )
+
a = parser.parse_args(args)
extra_flags = ["--extra-experimental-features", "flakes nix-command"]
if a.system:
@@ -146,6 +152,7 @@ def parse_args(args: list[str]) -> Options:
version=a.version,
version_preference=VersionPreference.from_str(a.version),
attribute=a.attribute,
+ source_attribute=a.src_attr,
test=a.test,
version_regex=a.version_regex,
review=a.review,
diff --git a/nix_update/eval.py b/nix_update/eval.py
index 1767056..f85ea69 100644
--- a/nix_update/eval.py
+++ b/nix_update/eval.py
@@ -105,12 +105,19 @@ class Package:
def eval_expression(
escaped_import_path: str,
attr: str,
+ source_attr: str,
flake: bool,
system: str | None,
override_filename: str | None,
) -> str:
system = f'"{system}"' if system else "builtins.currentSystem"
+ source_attrs = source_attr.rpartition(".")
+ source_attr_last = source_attrs[-1] or source_attr
+ source_attr_all_but_last = (
+ f".{source_attrs[0]}" if source_attr_last != source_attr else ""
+ )
+
if flake:
sanitize_position = (
f"""
@@ -164,8 +171,8 @@ let
raw_version_position
else if pkg ? isPhpExtension then
raw_version_position
- else if (builtins.unsafeGetAttrPos "src" pkg) != null then
- sanitizePosition (builtins.unsafeGetAttrPos "src" pkg)
+ else if (builtins.unsafeGetAttrPos "{source_attr_last}" pkg) != null then
+ sanitizePosition (builtins.unsafeGetAttrPos "{source_attr_last}" pkg{source_attr_all_but_last})
else
sanitizePosition (positionFromMeta pkg);
in {{
@@ -174,11 +181,11 @@ in {{
inherit raw_version_position;
filename = position.file;
line = position.line;
- urls = pkg.src.urls or null;
- url = pkg.src.url or null;
- rev = pkg.src.rev or null;
- tag = pkg.src.tag or null;
- hash = pkg.src.outputHash or null;
+ urls = pkg.{source_attr}.urls or null;
+ url = pkg.{source_attr}.url or null;
+ rev = pkg.{source_attr}.rev or null;
+ tag = pkg.{source_attr}.tag or null;
+ hash = pkg.{source_attr}.outputHash or null;
go_modules = pkg.goModules.outputHash or null;
go_modules_old = pkg.go-modules.outputHash or null;
cargo_deps = pkg.cargoDeps.outputHash or null;
@@ -205,7 +212,7 @@ in {{
mix_deps = pkg.mixFodDeps.outputHash or null;
tests = builtins.attrNames (pkg.passthru.tests or {{}});
has_update_script = {has_update_script};
- src_homepage = pkg.src.meta.homepage or null;
+ src_homepage = pkg.{source_attr}.meta.homepage or null;
changelog = pkg.meta.changelog or null;
maintainers = pkg.meta.maintainers or null;
}}"""
@@ -215,6 +222,7 @@ def eval_attr(opts: Options) -> Package:
expr = eval_expression(
opts.escaped_import_path,
opts.escaped_attribute,
+ opts.source_attribute,
opts.flake,
opts.system,
opts.override_filename,
diff --git a/nix_update/options.py b/nix_update/options.py
index 2d07b77..ab5c305 100644
--- a/nix_update/options.py
+++ b/nix_update/options.py
@@ -8,6 +8,7 @@ from .version.version import VersionPreference
@dataclass
class Options:
attribute: str
+ source_attribute: str = "src"
flake: bool = False
version: str = "stable"
version_preference: VersionPreference = VersionPreference.STABLE
@@ -33,4 +34,7 @@ class Options:
def __post_init__(self) -> None:
self.escaped_attribute = ".".join(map(json.dumps, self.attribute.split(".")))
+ self.escaped_source_attribute = ".".join(
+ map(json.dumps, self.source_attribute.split("."))
+ )
self.escaped_import_path = json.dumps(self.import_path)
diff --git a/nix_update/update.py b/nix_update/update.py
index 82b7bc5..464bf3d 100644
--- a/nix_update/update.py
+++ b/nix_update/update.py
@@ -155,7 +155,7 @@ def git_prefetch(x: tuple[str, tuple[str, str]]) -> tuple[str, str]:
def update_src_hash(opts: Options, filename: str, current_hash: str) -> None:
- target_hash = nix_prefetch(opts, "src")
+ target_hash = nix_prefetch(opts, opts.source_attribute)
replace_hash(filename, current_hash, target_hash)

40
hosts/common/configs/system/nix/default.nix
View File

@@ -1,27 +1,51 @@
{ config, inputs, ... }: {
config,
inputs,
lib,
...
}:
{ {
sops = { sops = {
secrets = { secrets = {
"git/credentials/github.com/public/username".sopsFile = "${inputs.secrets}/personal/secrets.yaml"; "git/credentials/github.com/tokens/public".sopsFile =
"git/credentials/github.com/public/password".sopsFile = "${inputs.secrets}/personal/secrets.yaml"; "${inputs.secrets}/domains/personal/secrets.yaml";
"nix/cache/nix.karaolidis.com".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
}; };
templates.nix-access-tokens = { templates = {
content = '' nix-access-tokens = {
access-tokens = github.com=${config.sops.placeholder."git/credentials/github.com/public/password"} content = ''
''; access-tokens = github.com=${config.sops.placeholder."git/credentials/github.com/tokens/public"}
group = "users"; '';
group = "users";
mode = "0440";
};
nix-netrc = {
content = ''
machine nix.karaolidis.com
password ${config.sops.placeholder."nix/cache/nix.karaolidis.com"}
'';
group = "users";
mode = "0440";
};
}; };
}; };
nix = { nix = {
settings = { settings = {
trusted-users = lib.mkAfter [ "@wheel" ];
use-xdg-base-directories = true; use-xdg-base-directories = true;
experimental-features = [ experimental-features = [
"nix-command" "nix-command"
"flakes" "flakes"
]; ];
download-buffer-size = 524288000; download-buffer-size = 524288000;
substituters = lib.mkBefore [ "https://nix.karaolidis.com/main" ];
trusted-substituters = config.nix.settings.substituters;
trusted-public-keys = lib.mkBefore [ "main:nJVRBnv73MDkwuV5sgm52m4E2ImOhWHvY12qzjPegAk=" ];
netrc-file = config.sops.templates.nix-netrc.path;
}; };
channel.enable = false; channel.enable = false;

4
hosts/common/configs/system/nixpkgs/default.nix
View File

@@ -1,7 +1,5 @@
{ inputs, system, ... }: { system, ... }:
{ {
imports = [ inputs.nur.modules.nixos.default ];
nixpkgs = { nixpkgs = {
hostPlatform = system; hostPlatform = system;
config.allowUnfree = true; config.allowUnfree = true;

14
hosts/common/configs/system/podman/default.nix
View File

@@ -2,20 +2,6 @@
{ {
imports = [ inputs.quadlet-nix.nixosModules.quadlet ]; imports = [ inputs.quadlet-nix.nixosModules.quadlet ];
# FIXME: https://github.com/containers/crun/pull/1807
nixpkgs.overlays = [
(final: prev: {
crun = prev.crun.overrideAttrs (oldAttrs: {
patches = oldAttrs.patches or [ ] ++ [
(builtins.fetchurl {
url = "https://patch-diff.githubusercontent.com/raw/containers/crun/pull/1807.patch";
sha256 = "sha256:13ax2scvd27s341wy0b9gpfyn47gjvg9fvbl8al3905dblqhdlr0";
})
];
});
})
];
virtualisation = { virtualisation = {
podman.enable = true; podman.enable = true;

4
hosts/common/configs/system/ssh-agent/default.nix
View File

@@ -1,4 +0,0 @@
{ ... }:
{
programs.ssh.startAgent = true;
}

2
hosts/common/configs/system/ssh/default.nix
View File

@@ -12,7 +12,7 @@
jupiter-sish = { jupiter-sish = {
publicKeyFile = "${inputs.secrets}/hosts/jupiter/ssh_sish_ed25519_key.pub"; publicKeyFile = "${inputs.secrets}/hosts/jupiter/ssh_sish_ed25519_key.pub";
extraHostNames = [ "karaolidis.com" ]; extraHostNames = [ "tunnel.karaolidis.com" ];
}; };
jupiter-vps = { jupiter-vps = {

31
hosts/common/configs/system/sshd/default.nix
View File

@@ -1,31 +1,12 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
environment = { environment.systemPackages = with pkgs; [ kitty.terminfo ];
systemPackages = with pkgs; [
kitty.terminfo
tmux.terminfo
];
persistence."/persist/state"."/var/lib/fail2ban" = { }; services.openssh = {
}; enable = true;
settings = {
services = { PasswordAuthentication = false;
openssh = { PrintMotd = false;
enable = true;
settings = {
PasswordAuthentication = false;
PrintMotd = false;
};
};
fail2ban = {
enable = true;
bantime = "24h";
bantime-increment = {
enable = true;
maxtime = "720h";
overalljails = true;
};
}; };
}; };
} }

10
hosts/common/configs/system/tmux/default.nix
View File

@@ -1,10 +0,0 @@
{ ... }:
{
programs.tmux = {
enable = true;
clock24 = true;
historyLimit = 10000;
keyMode = "vi";
newSession = true;
};
}

8
hosts/common/configs/user/console/android/default.nix
View File

@@ -1,14 +1,6 @@
{ user, home }: { user, home }:
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
nixpkgs.overlays = [
(final: prev: {
android-tools = prev.android-tools.overrideAttrs (oldAttrs: {
patches = oldAttrs.patches or [ ] ++ [ ./env-var-user-home.patch ];
});
})
];
programs.adb.enable = true; programs.adb.enable = true;
services.gvfs.enable = true; services.gvfs.enable = true;

33
hosts/common/configs/user/console/attic/default.nix Normal file
View File

@@ -0,0 +1,33 @@
{ user, home }:
{
config,
inputs,
pkgs,
...
}:
let
hmConfig = config.home-manager.users.${user};
in
{
home-manager.users.${user} = {
sops = {
secrets."nix/cache/nix.karaolidis.com".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
templates."attic" = {
content = builtins.readFile (
(pkgs.formats.toml { }).generate "config.toml" {
default-server = "main";
servers."main" = {
endpoint = "https://nix.karaolidis.com/";
token = hmConfig.sops.placeholder."nix/cache/nix.karaolidis.com";
};
}
);
path = "${home}/.config/attic/config.toml";
};
};
home.packages = with pkgs; [ attic-client ];
};
}

41
hosts/common/configs/user/console/btop/default.nix
View File

@@ -1,17 +1,34 @@
{ user, home }: { user, home }:
{ ... }: { lib, pkgs, ... }:
{ {
home-manager.users.${user}.programs.btop = { home-manager.users.${user} = {
enable = true; programs.btop = {
settings = { enable = true;
theme_background = false; settings = {
presets = ""; color_theme = "matugen";
vim_keys = true; theme_background = false;
shown_boxes = "cpu mem net proc gpu0 gpu1"; presets = "";
update_ms = 1000; vim_keys = true;
proc_tree = true; shown_boxes = "cpu mem net proc gpu0 gpu1";
cpu_single_graph = true; update_ms = 1000;
disks_filter = "/ /nix /persist"; proc_tree = true;
cpu_single_graph = true;
disks_filter = "/ /nix /persist";
};
};
theme = {
template.".config/btop/themes/matugen.theme".source = ./theme.theme;
reloadExtraConfig = "${
lib.meta.getExe (
pkgs.writeShellApplication {
name = "reload-btop";
runtimeInputs = with pkgs; [ procps ];
text = "exec pkill btop -SIGUSR2";
}
)
} &";
}; };
}; };
} }

0
hosts/common/configs/user/gui/btop/theme.theme → hosts/common/configs/user/console/btop/theme.theme
View File

36
hosts/common/configs/user/console/git/default.nix
View File

@@ -41,5 +41,41 @@ in
); );
}; };
}; };
home = {
packages = with pkgs; [
(pkgs.writeShellApplication {
name = "gh";
runtimeInputs = with pkgs; [ gh ];
text = builtins.readFile ./gh.sh;
})
(pkgs.writeShellApplication {
name = "glab";
runtimeInputs = with pkgs; [ glab ];
text = builtins.readFile ./glab.sh;
})
(pkgs.writeShellApplication {
name = "tea";
runtimeInputs = with pkgs; [ tea ];
text = builtins.readFile ./tea.sh;
})
];
sessionVariables = {
GITEA_HOST = "git.karaolidis.com";
GITEA_SSH_HOST = "karaolidis.com";
};
};
xdg.configFile = {
"gh/config.yml".source = (pkgs.formats.yaml { }).generate "config.yml" {
version = 1;
git_protocol = "ssh";
};
"glab-cli/config.yml".source = (pkgs.formats.yaml { }).generate "config.yml" {
git_protocol = "ssh";
};
};
}; };
} }

8
hosts/common/configs/user/console/git/gh.sh Normal file
View File

@@ -0,0 +1,8 @@
# shellcheck shell=bash
GH_HOST="${GH_HOST:-github.com}"
GH_TOKEN=$(sed -n "s#https://[^:]*:\([^@]*\)@${GH_HOST}#\1#p" "$HOME/.config/git/credentials")
export GH_TOKEN
exec gh "$@"

8
hosts/common/configs/user/console/git/glab.sh Normal file
View File

@@ -0,0 +1,8 @@
# shellcheck shell=bash
GITLAB_HOST="${GITLAB_HOST:-gitlab.com}"
GITLAB_TOKEN=$(sed -n "s#https://[^:]*:\([^@]*\)@${GITLAB_HOST}#\1#p" "$HOME/.config/git/credentials")
export GITLAB_TOKEN
exec glab "$@"

13
hosts/common/configs/user/console/git/tea.sh Normal file
View File

@@ -0,0 +1,13 @@
# shellcheck shell=bash
GITEA_HOST="${GITEA_HOST:-gitea.com}"
GITEA_SSH_HOST="${GITEA_SSH_HOST:-gitea.com}"
GITEA_TOKEN=$(sed -n "s#https://[^:]*:\([^@]*\)@${GITEA_HOST}#\1#p" "$HOME/.config/git/credentials")
GITEA_INSTANCE_URL="https://${GITEA_HOST}"
GITEA_INSTANCE_SSH_HOST="$GITEA_SSH_HOST"
export GITEA_TOKEN
export GITEA_INSTANCE_URL
export GITEA_INSTANCE_SSH_HOST
exec tea "$@"

4
hosts/common/configs/user/console/gpg-agent/default.nix
View File

@@ -20,6 +20,10 @@
enable = true; enable = true;
defaultCacheTtl = 31536000; defaultCacheTtl = 31536000;
maxCacheTtl = 31536000; maxCacheTtl = 31536000;
pinentry = {
package = pkgs.pinentry-all;
program = "pinentry-tty";
};
}; };
systemd.user = { systemd.user = {

22
hosts/common/configs/user/console/home-manager/default.nix
View File

@@ -1,5 +1,10 @@
{ user, home }: { user, home }:
{ config, inputs, ... }: {
config,
inputs,
lib,
...
}:
{ {
imports = [ inputs.home-manager.nixosModules.default ]; imports = [ inputs.home-manager.nixosModules.default ];
@@ -15,10 +20,17 @@
home.stateVersion = "24.11"; home.stateVersion = "24.11";
systemd.user.startServices = true; systemd.user.startServices = true;
nix.settings.experimental-features = [ nix.settings = {
"nix-command" inherit (config.nix.settings)
"flakes" use-xdg-base-directories
]; experimental-features
download-buffer-size
substituters
trusted-substituters
trusted-public-keys
netrc-file
;
};
}; };
}; };
} }

311
hosts/common/configs/user/console/neovim/default.nix
View File

@@ -1,22 +1,299 @@
{ user, home }: { user, home }:
{ ... }:
{ {
home-manager.users.${user}.programs = { inputs,
neovim = { lib,
enable = true; pkgs,
defaultEditor = true; ...
viAlias = true; }:
vimAlias = true; {
vimdiffAlias = true; environment.persistence = {
extraConfig = '' "/persist/state"."${home}/.local/share/nvf" = { };
set tabstop=2 "/persist/cache"."${home}/.cache/nvf" = { };
set shiftwidth=2 };
set expandtab
set smartindent
set mouse=
'';
};
zsh.p10k.extraRightPromptElements = [ "vim_shell" ]; home-manager.users.${user} = {
imports = [ inputs.nvf.homeManagerModules.default ];
programs = {
nvf = {
enable = true;
defaultEditor = true;
settings = {
vim = {
enableLuaLoader = true;
viAlias = true;
vimAlias = true;
autocomplete = {
blink-cmp.enable = true;
};
binds = {
# hardtime-nvim.enable = true;
whichKey.enable = true;
};
clipboard = {
enable = true;
providers.wl-copy.enable = true;
registers = "unnamedplus";
};
comments = {
comment-nvim.enable = true;
};
# dashboard = {
# alpha.enable = true;
# };
filetree = {
neo-tree = {
enable = true;
setupOpts = {
git_status_async = true;
window.mappings = lib.generators.mkLuaInline ''
{
["<space>"] = "noop",
}
'';
};
};
};
# formatter = {
# conform-nvim.enable = true;
# };
git = {
enable = true;
# git-conflict.enable = true;
gitsigns.enable = true;
# neogit.enable = true;
};
languages = {
enableDAP = true;
enableFormat = true;
enableTreesitter = true;
enableExtraDiagnostics = true;
assembly.enable = true;
bash.enable = true;
clang.enable = true;
csharp.enable = true;
css.enable = true;
go.enable = true;
html.enable = true;
java.enable = true;
lua.enable = true;
markdown.enable = true;
nix = {
enable = true;
format.type = "nixfmt";
lsp.options.nil = {
nix = {
maxMemoryMB = null;
flake = {
autoArchive = true;
autoEvalInputs = true;
};
};
};
};
php.enable = true;
python.enable = true;
rust.enable = true;
sql.enable = true;
svelte.enable = true;
ts.enable = true;
yaml.enable = true;
};
lsp = {
enable = true;
formatOnSave = true;
# nvim-docs-view.enable = true;
# otter-nvim.enable = true;
# trouble.enable = true;
};
# minimap = {
# codewindow.enable = true;
# };
notify = {
nvim-notify.enable = true;
};
options = {
tabstop = 2;
shiftwidth = 2;
expandtab = true;
smartindent = true;
};
# projects = {
# project-nvim.enable = true;
# };
searchCase = "smart";
# snippets = {
# luasnip.enable = true;
# };
tabline = {
nvimBufferline = {
enable = true;
mappings.closeCurrent = "<leader>bd";
setupOpts.options = {
indicator.style = "icon";
show_close_icon = false;
show_buffer_close_icons = false;
};
};
};
telescope = {
enable = true;
setupOpts.defaults.file_ignore_patterns = [
"node_modules"
"%.venv/"
"%.git/"
"dist/"
"build/"
"target/"
"result/"
];
};
terminal = {
toggleterm = {
enable = true;
setupOpts.winbar.enabled = false;
};
};
treesitter = {
enable = true;
context.enable = true;
fold = true;
textobjects.enable = true;
};
ui = {
# breadcrumbs = {
# enable = true;
# navbuddy.enable = true;
# };
colorizer.enable = true;
# fastaction.enable = true;
# illuminate.enable = true;
};
undoFile.enable = true;
utility = {
# diffview-nvim.enable = true;
# icon-picker.enable = true;
# images = {
# img-clip.enable = true;
# };
# mkdir.enable = true;
motion = {
precognition.enable = true;
};
# nvim-biscuits.enable = true;
# smart-splits.enable = true;
surround.enable = true;
# undotree.enable = true;
# yazi-nvim.enable = true;
};
visuals = {
# cinnamon-nvim.enable = true;
# fidget-nvim.enable = true;
# highlight-undo.enable = true;
indent-blankline.enable = true;
nvim-cursorline.enable = true;
# nvim-scrollbar.enable = true;
nvim-web-devicons.enable = true;
};
keymaps = [
{
mode = [ "n" ];
key = "<C-b>";
action = "<C-b>zz";
silent = true;
noremap = true;
desc = "Page up and center";
}
{
mode = [ "n" ];
key = "<C-u>";
action = "<C-u>zz";
silent = true;
noremap = true;
desc = "Half-page up and center";
}
{
mode = [ "n" ];
key = "<C-d>";
action = "<C-d>zz";
silent = true;
noremap = true;
desc = "Half-page down and center";
}
{
mode = [ "n" ];
key = "<C-f>";
action = "<C-f>zz";
silent = true;
noremap = true;
desc = "Page down and center";
}
{
mode = [ "n" ];
key = "<leader>ww";
action = "<cmd>w<CR>";
silent = true;
desc = "Save";
}
{
mode = [ "n" ];
key = "<leader>wq";
action = "<cmd>wq<CR>";
silent = true;
desc = "Save & Quit";
}
{
mode = [ "n" ];
key = "<leader>ee";
action = "<cmd>Neotree toggle<CR>";
silent = true;
desc = "Toggle Neo-tree";
}
{
mode = [ "n" ];
key = "<leader>ef";
action = "<cmd>Neotree reveal<CR>";
silent = true;
desc = "Reveal file in Neo-tree";
}
];
};
};
};
zsh = {
p10k.extraRightPromptElements = [ "vim_shell" ];
shellAliases.v = "nvim";
};
};
}; };
} }

39
hosts/common/configs/user/console/nix-develop/template.nix
View File

@@ -1,42 +1,31 @@
{ {
inputs = { inputs = {
nixpkgs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
type = "github";
owner = "karaolidis";
repo = "nixpkgs";
ref = "integration";
};
flake-utils = {
type = "github";
owner = "numtide";
repo = "flake-utils";
ref = "main";
};
treefmt-nix = { treefmt-nix = {
type = "github"; url = "github:numtide/treefmt-nix";
owner = "numtide";
repo = "treefmt-nix";
ref = "main";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
}; };
outputs = outputs =
{ self, nixpkgs, ... }@inputs: inputs:
inputs.flake-utils.lib.eachDefaultSystem ( (
system:
let let
pkgs = nixpkgs.legacyPackages.${system}; system = "x86_64-linux";
pkgs = import inputs.nixpkgs {
inherit system;
config.allowUnfree = true;
};
treefmt = inputs.treefmt-nix.lib.evalModule pkgs ./treefmt.nix; treefmt = inputs.treefmt-nix.lib.evalModule pkgs ./treefmt.nix;
in in
{ {
devShells.default = pkgs.mkShell { packages = with pkgs; [ ]; }; devShells.${system}.default = pkgs.mkShell { packages = with pkgs; [ ]; };
formatter = treefmt.config.build.wrapper; formatter.${system} = treefmt.config.build.wrapper;
checks.formatting = treefmt.config.build.check self; checks.formatting.${system} = treefmt.config.build.check inputs.self;
} }
); );
} }

6
hosts/common/configs/user/console/nix-develop/treefmt.nix
View File

@@ -9,9 +9,5 @@
}; };
}; };
settings = { settings.global.excludes = [ ".envrc" ];
global = {
excludes = [ ".envrc" ];
};
};
} }

20
hosts/common/configs/user/console/sops/default.nix
View File

@@ -3,12 +3,18 @@
{ {
environment.persistence."/persist/state"."${home}/.config/sops-nix/key.txt" = { }; environment.persistence."/persist/state"."${home}/.config/sops-nix/key.txt" = { };
home-manager.users.${user} = { home-manager.users.${user} =
imports = [ inputs.sops-nix.homeManagerModules.sops ]; let
sopsKeyFile =
if config.environment.impermanence.enable then
config.environment.persistence."/persist/state"."${home}/.config/sops-nix/key.txt".source
else
"${home}/.config/sops-nix/key.txt";
in
{
imports = [ inputs.sops-nix.homeManagerModules.sops ];
sops.age.keyFile = sops.age.keyFile = sopsKeyFile;
config.environment.persistence."/persist/state"."${home}/.config/sops-nix/key.txt".source; home.sessionVariables.SOPS_AGE_KEY_FILE = sopsKeyFile;
home.sessionVariables.SOPS_AGE_KEY_FILE = };
config.environment.persistence."/persist/state"."${home}/.config/sops-nix/key.txt".source;
};
} }

2
hosts/common/configs/user/console/ssh-agent/default.nix
View File

@@ -3,6 +3,6 @@
{ {
home-manager.users.${user} = { home-manager.users.${user} = {
services.ssh-agent.enable = true; services.ssh-agent.enable = true;
programs.ssh.addKeysToAgent = "yes"; programs.ssh.matchBlocks."*".addKeysToAgent = "yes";
}; };
} }

6
hosts/common/configs/user/console/ssh/default.nix
View File

@@ -1,5 +1,9 @@
{ user, home }: { user, home }:
{ ... }: { ... }:
{ {
home-manager.users.${user}.programs.ssh.enable = true; home-manager.users.${user}.programs.ssh = {
enable = true;
enableDefaultConfig = false;
matchBlocks."*".identitiesOnly = true;
};
} }

2
hosts/common/configs/user/console/syncthing/default.nix
View File

@@ -14,11 +14,13 @@
"syncthing/key" = { "syncthing/key" = {
owner = user; owner = user;
group = "users"; group = "users";
mode = "0440";
}; };
# openssl req -new -x509 -key key.pem -out cert.pem -days 9999 -subj "/CN=syncthing" # openssl req -new -x509 -key key.pem -out cert.pem -days 9999 -subj "/CN=syncthing"
"syncthing/cert" = { "syncthing/cert" = {
owner = user; owner = user;
group = "users"; group = "users";
mode = "0440";
}; };
}; };

5
hosts/common/configs/user/console/tmux/default.nix
View File

@@ -1,5 +0,0 @@
{ user, home }:
{ ... }:
{
home-manager.users.${user}.programs.tmux.enable = true;
}

8
hosts/common/configs/user/console/yazi/default.nix
View File

@@ -3,13 +3,10 @@
config, config,
lib, lib,
pkgs, pkgs,
inputs,
system,
... ...
}: }:
let let
hmConfig = config.home-manager.users.${user}; hmConfig = config.home-manager.users.${user};
selfPkgs = inputs.self.packages.${system};
in in
{ {
home-manager.users.${user} = { home-manager.users.${user} = {
@@ -26,7 +23,7 @@ in
opener = { opener = {
edit = [ edit = [
{ {
run = "${hmConfig.programs.neovim.finalPackage}/bin/nvim \"$@\""; run = "${hmConfig.programs.nvf.finalPackage}/bin/nvim \"$@\"";
desc = "nvim"; desc = "nvim";
block = true; block = true;
} }
@@ -187,9 +184,8 @@ in
ouch ouch
mount mount
mediainfo mediainfo
custom-shell
; ;
custom-shell = selfPkgs.yazi-plugin-custom-shell;
}; };
}; };

26
hosts/common/configs/user/console/zellij/default.nix Normal file
View File

@@ -0,0 +1,26 @@
{ user, home }:
{ ... }:
{
home-manager.users.${user} = {
programs.zellij = {
enable = true;
settings = {
theme = "matugen";
pane_frames = false;
copy_command = "wl-copy";
ui.pane_frames.hide_session_name = true;
pane_viewport_serialization = true;
scrollback_lines_to_serialize = 0;
show_startup_tips = false;
show_release_notes = false;
};
};
theme.template.".config/zellij/themes/matugen.kdl".source = ./theme.kdl;
};
}

128
hosts/common/configs/user/console/zellij/theme.kdl Normal file
View File

@@ -0,0 +1,128 @@
themes {
matugen {
text_unselected {
base {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
background {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
emphasis_0 {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
emphasis_1 {{colors.secondary.default.red}} {{colors.secondary.default.green}} {{colors.secondary.default.blue}}
emphasis_2 {{colors.tertiary.default.red}} {{colors.tertiary.default.green}} {{colors.tertiary.default.blue}}
emphasis_3 {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
}
text_selected {
base {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
background {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
emphasis_0 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_1 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_2 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_3 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
}
ribbon_unselected {
base {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
background {{colors.surface_container.default.red}} {{colors.surface_container.default.green}} {{colors.surface_container.default.blue}}
emphasis_0 {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
emphasis_1 {{colors.secondary.default.red}} {{colors.secondary.default.green}} {{colors.secondary.default.blue}}
emphasis_2 {{colors.tertiary.default.red}} {{colors.tertiary.default.green}} {{colors.tertiary.default.blue}}
emphasis_3 {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
}
ribbon_selected {
base {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
background {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
emphasis_0 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_1 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_2 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_3 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
}
table_title {
base {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
background {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
emphasis_0 {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
emphasis_1 {{colors.secondary.default.red}} {{colors.secondary.default.green}} {{colors.secondary.default.blue}}
emphasis_2 {{colors.tertiary.default.red}} {{colors.tertiary.default.green}} {{colors.tertiary.default.blue}}
emphasis_3 {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
}
table_cell_unselected {
base {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
background {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
emphasis_0 {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
emphasis_1 {{colors.secondary.default.red}} {{colors.secondary.default.green}} {{colors.secondary.default.blue}}
emphasis_2 {{colors.tertiary.default.red}} {{colors.tertiary.default.green}} {{colors.tertiary.default.blue}}
emphasis_3 {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
}
table_cell_selected {
base {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
background {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
emphasis_0 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_1 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_2 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_3 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
}
list_unselected {
base {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
background {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
emphasis_0 {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
emphasis_1 {{colors.secondary.default.red}} {{colors.secondary.default.green}} {{colors.secondary.default.blue}}
emphasis_2 {{colors.tertiary.default.red}} {{colors.tertiary.default.green}} {{colors.tertiary.default.blue}}
emphasis_3 {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
}
list_selected {
base {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
background {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
emphasis_0 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_1 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_2 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_3 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
}
frame_unselected {
base {{colors.outline_variant.default.red}} {{colors.outline_variant.default.green}} {{colors.outline_variant.default.blue}}
background {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
emphasis_0 0
emphasis_1 0
emphasis_2 0
emphasis_3 0
}
frame_selected {
base {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
background {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
emphasis_0 0
emphasis_1 0
emphasis_2 0
emphasis_3 0
}
frame_highlight {
base {{colors.error.default.red}} {{colors.error.default.green}} {{colors.error.default.blue}}
background {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
emphasis_0 0
emphasis_1 0
emphasis_2 0
emphasis_3 0
}
exit_code_success {
base {{colors.success.default.red}} {{colors.success.default.green}} {{colors.success.default.blue}}
background 0
emphasis_0 0
emphasis_1 0
emphasis_2 0
emphasis_3 0
}
exit_code_error {
base {{colors.error.default.red}} {{colors.error.default.green}} {{colors.error.default.blue}}
background 0
emphasis_0 0
emphasis_1 0
emphasis_2 0
emphasis_3 0
}
multiplayer_user_colors {
player_1 0
player_2 0
player_3 0
player_4 0
player_5 0
player_6 0
player_7 0
player_8 0
player_9 0
player_10 0
}
}
}

2
hosts/common/configs/user/console/zsh/default.nix
View File

@@ -11,7 +11,7 @@
home-manager.users.${user} = { home-manager.users.${user} = {
programs.zsh = { programs.zsh = {
enable = true; enable = true;
dotDir = ".config/zsh"; dotDir = "${home}/.config/zsh";
autocd = true; autocd = true;
history = { history = {
path = "${home}/.local/share/zsh/history"; path = "${home}/.local/share/zsh/history";

6
hosts/common/configs/user/gui/astal/config/widget/components/Tray.tsx
View File

@@ -10,6 +10,12 @@ const TrayButton = ({ item }: { item: Tray.TrayItem }) => (
tooltipMarkup={createBinding(item, "tooltipMarkup")} tooltipMarkup={createBinding(item, "tooltipMarkup")}
usePopover={false} usePopover={false}
menuModel={createBinding(item, "menuModel")} menuModel={createBinding(item, "menuModel")}
onRealize={(self) => {
createBinding(item, "action_group").as((action_group) =>
self.insert_action_group("dbusmenu", action_group),
);
self.insert_action_group("dbusmenu", item.action_group);
}}
> >
<icon gicon={createBinding(item, "gicon")} /> <icon gicon={createBinding(item, "gicon")} />
</menubutton> </menubutton>

26
hosts/common/configs/user/gui/btop/default.nix
View File

@@ -1,26 +0,0 @@
{ user, home }:
{
config,
lib,
pkgs,
...
}:
{
home-manager.users.${user} = {
programs.btop.settings.color_theme = "matugen";
theme = {
template.".config/btop/themes/matugen.theme".source = ./theme.theme;
reloadExtraConfig = "${
lib.meta.getExe (
pkgs.writeShellApplication {
name = "reload-btop";
runtimeInputs = with pkgs; [ procps ];
text = "exec pkill btop -SIGUSR2";
}
)
} &";
};
};
}

51
hosts/common/configs/user/gui/darktable/default.nix
View File

@@ -1,24 +1,6 @@
{ user, home }: { user, home }:
{ pkgs, ... }:
{ {
config,
inputs,
pkgs,
system,
...
}:
let
selfPkgs = inputs.self.packages.${system};
hmConfig = config.home-manager.users.${user};
in
{
nixpkgs.overlays = [
(final: prev: {
darktable = prev.darktable.overrideAttrs (oldAttrs: {
patches = oldAttrs.patches or [ ] ++ [ ./better-copy-and-import.patch ];
});
})
];
environment.persistence = { environment.persistence = {
"/persist/state" = { "/persist/state" = {
"${home}/.config/darktable/data.db" = { }; "${home}/.config/darktable/data.db" = { };
@@ -28,21 +10,10 @@ in
}; };
home-manager.users.${user} = { home-manager.users.${user} = {
home = { home.packages = with pkgs; [
packages = darktable
with pkgs; exiftool
with selfPkgs; ];
[
darktable
exiftool
darktable-ghost-cms-publish
];
sessionVariables = {
GHOST_URL = "https://photos.karaolidis.com";
GHOST_ADMIN_API_KEY_PATH = hmConfig.sops.secrets."jupiter/photos.karaolidis.com/admin".path;
};
};
xdg.configFile = { xdg.configFile = {
"darktable/darktablerc".source = (pkgs.formats.keyValue { }).generate "darktablerc" { "darktable/darktablerc".source = (pkgs.formats.keyValue { }).generate "darktablerc" {
@@ -69,19 +40,13 @@ in
"darktable/luarc".text = '' "darktable/luarc".text = ''
require "tools/script_manager" require "tools/script_manager"
require "tools/publish"
''; '';
"darktable/lua/lib".source = "${selfPkgs.darktable-lua-scripts}/lib"; "darktable/lua/lib".source = "${pkgs.darktable-lua-scripts}/lib";
"darktable/lua/tools/script_manager.lua".source = "darktable/lua/tools/script_manager.lua".source =
"${selfPkgs.darktable-lua-scripts}/tools/script_manager.lua"; "${pkgs.darktable-lua-scripts}/tools/script_manager.lua";
"darktable/lua/tools/publish.lua".source =
"${selfPkgs.darktable-ghost-cms-publish}/lib/darktable-ghost-cms-publish/publish.lua";
"darktable/luts".source = selfPkgs.darktable-hald-clut; "darktable/luts".source = pkgs.darktable-hald-clut;
}; };
sops.secrets."jupiter/photos.karaolidis.com/admin".sopsFile =
"${inputs.secrets}/personal/secrets.yaml";
}; };
} }

6
hosts/common/configs/user/gui/gaming/steam/steam-ln.sh
View File

@@ -26,7 +26,7 @@ is_excluded() {
} }
for game in "$STEAM"/*/; do for game in "$STEAM"/*/; do
name=$(basename "$game") name="$(basename "$game")"
if is_excluded "$name"; then if is_excluded "$name"; then
echo "Excluding $name from symlink creation." echo "Excluding $name from symlink creation."
@@ -47,13 +47,13 @@ for game in "$STEAM"/*/; do
done done
for link in "$GAMES"/*; do for link in "$GAMES"/*; do
target=$(readlink -f "$link") target="$(readlink -f "$link" || echo "")"
if [[ ! "$target" == "$STEAM/"* ]]; then if [[ ! "$target" == "$STEAM/"* ]]; then
continue continue
fi fi
name=$(basename "$target") name="$(basename "$target")"
if [[ -e "$target" ]] && ! is_excluded "$name"; then if [[ -e "$target" ]] && ! is_excluded "$name"; then
continue continue

10
hosts/common/configs/user/gui/hyprland/default.nix
View File

@@ -6,14 +6,6 @@
... ...
}: }:
{ {
nixpkgs.overlays = [
(final: prev: {
hyprland = prev.hyprland.overrideAttrs (oldAttrs: {
patches = oldAttrs.patches or [ ] ++ [ ./fix-maxwidth-resolution-mode.patch ];
});
})
];
programs.hyprland = { programs.hyprland = {
enable = true; enable = true;
withUWSM = true; withUWSM = true;
@@ -162,7 +154,7 @@
programs.zsh = { programs.zsh = {
loginExtra = lib.mkAfter '' loginExtra = lib.mkAfter ''
if uwsm check may-start; then if uwsm check may-start > /dev/null; then
exec uwsm start hyprland-uwsm.desktop exec uwsm start hyprland-uwsm.desktop
fi fi
''; '';

5
hosts/common/configs/user/gui/hyprsunset/default.nix Normal file
View File

@@ -0,0 +1,5 @@
{ user, home }:
{ ... }:
{
home-manager.users.${user}.services.hyprsunset.enable = true;
}

50
hosts/common/configs/user/gui/kitty/default.nix
View File

@@ -26,6 +26,56 @@ in
enable_audio_bell = false; enable_audio_bell = false;
}; };
keybindings =
{ }
// builtins.listToAttrs (
builtins.map
(k: {
name = k;
value = "no_op";
})
[
# Window management
"kitty_mod+enter"
"kitty_mod+n"
"kitty_mod+w"
"kitty_mod+]"
"kitty_mod+["
"kitty_mod+f"
"kitty_mod+b"
"kitty_mod+`"
"kitty_mod+r"
"kitty_mod+1"
"kitty_mod+2"
"kitty_mod+3"
"kitty_mod+4"
"kitty_mod+5"
"kitty_mod+6"
"kitty_mod+7"
"kitty_mod+8"
"kitty_mod+9"
"kitty_mod+0"
"kitty_mod+f7"
"kitty_mod+f8"
# Tab management
"kitty_mod+right"
"shift+cmd+]"
"ctrl+tab"
"kitty_mod+left"
"shift+cmd+["
"ctrl+shift+tab"
"kitty_mod+t"
"kitty_mod+q"
"kitty_mod+."
"kitty_mod+,"
"kitty_mod+alt+t"
# Layout management
"kitty_mod+l"
]
);
extraConfig = '' extraConfig = ''
include theme.conf include theme.conf
''; '';

6
hosts/common/configs/user/gui/mpv/default.nix
View File

@@ -1,12 +1,6 @@
{ user, home }: { user, home }:
{ pkgs, ... }: { pkgs, ... }:
{ {
nixpkgs.overlays = [
(final: prev: {
mpv = pkgs.mpv-unwrapped.wrapper { mpv = pkgs.mpv-unwrapped.override { cddaSupport = true; }; };
})
];
home-manager.users.${user} = { home-manager.users.${user} = {
programs.mpv = { programs.mpv = {
enable = true; enable = true;

33
hosts/common/configs/user/gui/obsidian/default.nix
View File

@@ -4,11 +4,9 @@
lib, lib,
pkgs, pkgs,
inputs, inputs,
system,
... ...
}: }:
let let
selfPkgs = inputs.self.packages.${system};
hmConfig = config.home-manager.users.${user}; hmConfig = config.home-manager.users.${user};
in in
{ {
@@ -78,9 +76,9 @@ in
} }
]; ];
communityPlugins = [ communityPlugins = with pkgs; [
{ {
pkg = selfPkgs.obsidian-plugin-better-word-count; pkg = obsidianPlugins.better-word-count;
settings = { settings = {
statusBar = [ statusBar = [
{ {
@@ -106,7 +104,7 @@ in
}; };
} }
{ {
pkg = selfPkgs.obsidian-plugin-dataview; pkg = obsidianPlugins.dataview;
settings = { settings = {
enableDataviewJs = true; enableDataviewJs = true;
enableInlineDataviewJs = true; enableInlineDataviewJs = true;
@@ -116,7 +114,7 @@ in
}; };
} }
{ {
pkg = selfPkgs.obsidian-plugin-excalidraw; pkg = obsidianPlugins.excalidraw;
settings = { settings = {
folder = "Inbox"; folder = "Inbox";
templateFilePath = "Templates"; templateFilePath = "Templates";
@@ -139,7 +137,7 @@ in
}; };
} }
{ {
pkg = selfPkgs.obsidian-plugin-kanban; pkg = obsidianPlugins.kanban;
settings = { settings = {
move-tags = true; move-tags = true;
move-dates = true; move-dates = true;
@@ -153,7 +151,7 @@ in
}; };
} }
{ {
pkg = selfPkgs.obsidian-plugin-languagetool; pkg = obsidianPlugins.languagetool;
settings = { settings = {
shouldAutoCheck = true; shouldAutoCheck = true;
pickyMode = true; pickyMode = true;
@@ -162,7 +160,7 @@ in
}; };
} }
{ {
pkg = selfPkgs.obsidian-plugin-linter; pkg = obsidianPlugins.linter;
settings = { settings = {
lintOnSave = true; lintOnSave = true;
displayChanged = false; displayChanged = false;
@@ -302,7 +300,7 @@ in
}; };
} }
{ {
pkg = selfPkgs.obsidian-plugin-map-view; pkg = obsidianPlugins.map-view;
settings = { settings = {
"markerIconRules" = [ "markerIconRules" = [
{ {
@@ -388,21 +386,21 @@ in
}; };
} }
{ {
pkg = selfPkgs.obsidian-plugin-minimal-settings; pkg = obsidianPlugins.minimal-settings;
settings = { settings = {
editorFont = "var(--font-monospace)"; editorFont = "var(--font-monospace)";
}; };
} }
{ {
pkg = selfPkgs.obsidian-plugin-outliner; pkg = obsidianPlugins.outliner;
settings = { settings = {
styleLists = false; styleLists = false;
stickCursor = "never"; stickCursor = "never";
}; };
} }
(selfPkgs.obsidian-plugin-style-settings) (obsidianPlugins.style-settings)
{ {
pkg = selfPkgs.obsidian-plugin-tasks; pkg = obsidianPlugins.tasks;
settings = { settings = {
globalQuery = "short mode"; globalQuery = "short mode";
globalFilter = "#todo"; globalFilter = "#todo";
@@ -548,10 +546,10 @@ in
}; };
}; };
} }
(selfPkgs.obsidian-plugin-url-into-selection) (obsidianPlugins.url-into-selection)
]; ];
themes = [ selfPkgs.obsidian-theme-minimal ]; themes = with pkgs; [ obsidianThemes.minimal ];
hotkeys = { hotkeys = {
"command-palette:open" = [ { key = "F1"; } ]; "command-palette:open" = [ { key = "F1"; } ];
@@ -608,6 +606,7 @@ in
} }
) hmConfig.programs.obsidian.vaults; ) hmConfig.programs.obsidian.vaults;
sops.secrets."google/cloud/obsidian/geocoding".sopsFile = "${inputs.secrets}/personal/secrets.yaml"; sops.secrets."google/cloud/obsidian/geocoding".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml";
}; };
} }

17
hosts/common/configs/user/gui/spicetify/default.nix
View File

@@ -7,18 +7,9 @@
... ...
}: }:
let let
selfLib = inputs.self.lib.${system};
hmConfig = config.home-manager.users.${user}; hmConfig = config.home-manager.users.${user};
in in
{ {
nixpkgs.overlays = [
(final: prev: {
spicetify-cli = prev.spicetify-cli.overrideAttrs (oldAttrs: {
patches = oldAttrs.patches or [ ] ++ [ ./user-colors.patch ];
});
})
];
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ 57621 ]; allowedTCPPorts = [ 57621 ];
allowedUDPPorts = [ 5353 ]; allowedUDPPorts = [ 5353 ];
@@ -64,21 +55,21 @@ in
]; ];
}; };
sops.secrets."spotify/username".sopsFile = "${inputs.secrets}/personal/secrets.yaml"; sops.secrets."spotify/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
xdg.configFile = { xdg.configFile = {
"spotify/prefs.init" = { "spotify/prefs.init" = {
source = ./config/prefs; source = ./config/prefs;
onChange = '' onChange = ''
${selfLib.runtime.merge.keyValue} "${home}/.config/spotify/prefs.init" "${home}/.config/spotify/prefs" ${lib.runtime.merge.keyValue} "${home}/.config/spotify/prefs.init" "${home}/.config/spotify/prefs"
''; '';
}; };
"spotify/prefs-user.init" = { "spotify/prefs-user.init" = {
source = ./config/prefs-user; source = ./config/prefs-user;
onChange = '' onChange = ''
user = $(cat "${hmConfig.sops.secrets."spotify/username".path}") user=$(cat "${hmConfig.sops.secrets."spotify/username".path}")
${selfLib.runtime.merge.keyValue} "${home}/.config/spotify/prefs-user.init" "${home}/.config/spotify/Users/''${user}-user/prefs" ${lib.runtime.merge.keyValue} "${home}/.config/spotify/prefs-user.init" "${home}/.config/spotify/Users/''${user}-user/prefs"
''; '';
}; };
}; };

24
hosts/common/configs/user/gui/vscode/copilot.nix Normal file
View File

@@ -0,0 +1,24 @@
{
config,
lib,
pkgs,
...
}:
lib.mkIf config.programs.vscode.copilot.enable {
programs.vscode.profiles.default = {
extensions = with pkgs.vscode-extensions; [
github.copilot
github.copilot-chat
];
userSettings = {
"github.copilot.enable" = {
"*" = true;
plaintext = true;
markdown = true;
};
"chat.editing.alwaysSaveWithGeneratedChanges" = true;
};
};
}

1
hosts/common/configs/user/gui/vscode/default.nix
View File

@@ -83,6 +83,7 @@ in
"terminal.integrated.fontFamily" = "terminal.integrated.fontFamily" =
builtins.concatStringsSep ", " hmConfig.theme.font.monospace.names; builtins.concatStringsSep ", " hmConfig.theme.font.monospace.names;
"terminal.integrated.fontSize" = hmConfig.theme.font.size; "terminal.integrated.fontSize" = hmConfig.theme.font.size;
"terminal.integrated.smoothScrolling" = true;
"update.mode" = "none"; "update.mode" = "none";
"window.autoDetectColorScheme" = true; "window.autoDetectColorScheme" = true;
"window.autoDetectHighContrast" = false; "window.autoDetectHighContrast" = false;

11
hosts/common/configs/user/gui/vscode/langs/hugo/default.nix Normal file
View File

@@ -0,0 +1,11 @@
{
config,
lib,
pkgs,
...
}:
lib.mkIf config.programs.vscode.languages.hugo.enable {
programs.vscode.profiles.default.extensions = with pkgs.vscode-extensions; [
budparr.language-hugo-vscode
];
}

37
hosts/common/configs/user/gui/vscode/options.nix
View File

@@ -1,17 +1,10 @@
{ { lib, ... }:
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.vscode;
in
{ {
options.programs.vscode = with lib; { options.programs.vscode = with lib; {
languages = { languages = {
c.enable = mkEnableOption "C"; c.enable = mkEnableOption "C";
go.enable = mkEnableOption "Go"; go.enable = mkEnableOption "Go";
hugo.enable = mkEnableOption "Hugo";
java.enable = mkEnableOption "Java"; java.enable = mkEnableOption "Java";
jinja.enable = mkEnableOption "Jinja"; jinja.enable = mkEnableOption "Jinja";
lua.enable = mkEnableOption "Lua"; lua.enable = mkEnableOption "Lua";
@@ -34,6 +27,7 @@ in
imports = [ imports = [
./langs/c ./langs/c
./langs/go ./langs/go
./langs/hugo
./langs/java ./langs/java
./langs/jinja ./langs/jinja
./langs/lua ./langs/lua
@@ -48,28 +42,7 @@ in
./langs/svelte ./langs/svelte
./langs/typescript ./langs/typescript
./langs/yaml ./langs/yaml
./copilot.nix
]; ];
config = {
programs.vscode.profiles.default = {
extensions =
with pkgs.vscode-extensions;
[ ]
++ lib.lists.optionals cfg.copilot.enable [
github.copilot
github.copilot-chat
];
userSettings = lib.mkMerge [
(lib.mkIf cfg.copilot.enable {
"github.copilot.enable" = {
"*" = true;
plaintext = true;
markdown = true;
};
"chat.editing.alwaysSaveWithGeneratedChanges" = true;
})
];
};
};
} }

11
hosts/elara/README.md
View File

@@ -4,7 +4,12 @@
This host uses private SAS repositories. You can find the imports for these in: This host uses private SAS repositories. You can find the imports for these in:
- [./default.nix](./default.nix) You must build the system once with `sas.build.private = false;`. Then, connect to the SAS VPN, and rebuild the system.
- [./users/nikara/default.nix](./users/nikara/default.nix)
You must build the system once with these imports commented out. Then, connect to the SAS VPN, uncomment them, and rebuild the system. ## Installation Instructions
1. Using a separate Nix system, run `hosts/elara/build-tarball.sh`
2. Copy the generated tarball to the Elara host
3. On the Elara host, run `wsl --import NixOS $env:USERPROFILE\NixOS nixos.wsl --version 2` in PowerShell
4. Enable `cgroup v2` support by setting `kernelCommandLine=cgroup_no_v1=all` in `.wslconfig` in your Windows home directory
5. Optionally, run `wsl --set-default nixos` to make NixOS the default WSL distribution

23
hosts/elara/build-tarball.sh Executable file
View File

@@ -0,0 +1,23 @@
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
temp=$(mktemp -d)
cleanup() {
rm -rf "$temp"
}
trap cleanup EXIT
install -d -m 755 "$temp/etc/ssh"
cp ./submodules/secrets/hosts/elara/ssh_host_ed25519_key "$temp/etc/ssh/ssh_host_ed25519_key"
install -d -m 700 "$temp/home/nikara"
install -d -m 755 "$temp/home/nikara/.config/sops-nix"
cp ./submodules/secrets/domains/sas/key.txt "$temp/home/nikara/.config/sops-nix/key.txt"
sudo nix run .#nixosConfigurations.elara.config.system.build.tarballBuilder -- \
--extra-files "$temp" \
--chown /home/nikara 1000:100

39
hosts/elara/configs/git/default.nix
View File

@@ -1,39 +0,0 @@
{
config,
inputs,
system,
lib,
...
}:
let
selfPkgs = inputs.self.packages.${system};
in
# Configured for the root user to allow private builds
{
sops.secrets."ssh/sas/ed25519/key" = {
sopsFile = "${inputs.secrets}/sas/secrets.yaml";
key = "ssh/ed25519/key";
path = "/root/.ssh/ssh_sas_ed25519_key";
};
programs.ssh = {
extraConfig = ''
Host github.com
User git
HostName github.com
IdentityFile /root/.ssh/ssh_sas_ed25519_key
Host gitlab.sas.com
User git
HostName gitlab.sas.com
IdentityFile /root/.ssh/ssh_sas_ed25519_key
'';
knownHostsFiles =
with selfPkgs;
(
[ ssh-known-hosts-github ]
++ lib.lists.optionals config.sas.build.private [ ssh-known-hosts-sas-gitlab ]
);
};
}

4
hosts/elara/configs/nix/default.nix Normal file
View File

@@ -0,0 +1,4 @@
{ inputs, ... }:
{
nix.registry.sas.flake = inputs.sas;
}

12
hosts/elara/configs/pki/default.nix
View File

@@ -1,15 +1,11 @@
{ {
config, config,
inputs,
system,
lib, lib,
pkgs,
... ...
}: }:
let
selfPkgs = inputs.self.packages.${system};
in
{ {
security.pki.certificateFiles = lib.lists.optionals config.sas.build.private [ security.pki.certificateFiles =
"${selfPkgs.sas-cacert}/etc/ssl/certs/ca-bundle.crt" with pkgs;
]; lib.lists.optionals config.sas.build.private [ "${sas-cacert}/etc/ssl/certs/ca-bundle.crt" ];
} }

4
hosts/elara/configs/podman/default.nix Normal file
View File

@@ -0,0 +1,4 @@
{ lib, ... }:
{
virtualisation.containers.storage.settings.storage.driver = lib.mkForce "overlay";
}

46
hosts/elara/configs/ssh/default.nix Normal file
View File

@@ -0,0 +1,46 @@
{
config,
inputs,
lib,
pkgs,
...
}:
{
sops.secrets = {
"ssh/personal/key" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "ssh/key";
path = "/root/.ssh/ssh_personal_ed25519_key";
};
"ssh/sas/ed25519/key" = {
sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
key = "ssh/ed25519/key";
path = "/root/.ssh/ssh_sas_ed25519_key";
};
};
programs.ssh = {
extraConfig = ''
Host karaolidis.com
User git
HostName karaolidis.com
IdentityFile /root/.ssh/ssh_personal_ed25519_key
IdentitiesOnly yes
Host github.sas.com
User git
HostName github.com
IdentityFile /root/.ssh/ssh_sas_ed25519_key
IdentitiesOnly yes
UserKnownHostsFile ${pkgs.sshKnownHosts.github}
Host gitlab.sas.com
User git
HostName gitlab.sas.com
IdentityFile /root/.ssh/ssh_sas_ed25519_key
IdentitiesOnly yes
${lib.strings.optionalString config.sas.build.private "UserKnownHostsFile ${pkgs.sshKnownHosts.sas-gitlab}"}
'';
};
}

50
hosts/elara/default.nix
View File

@@ -1,63 +1,49 @@
{ config, inputs, ... }: { inputs, lib, ... }:
{ {
imports = [ nixpkgs.overlays = [
./options.nix inputs.lib.overlays.default
inputs.self.overlays.default
inputs.nur.overlays.default
inputs.sas.overlays.default
];
imports = [
inputs.nixos-wsl.nixosModules.default
inputs.sas.nixosModules.default
inputs.disko.nixosModules.disko
./format.nix
./hardware ./hardware
./options.nix
../common/configs/system ../common/configs/system
../common/configs/system/bluetooth
../common/configs/system/boot
../common/configs/system/brightnessctl
../common/configs/system/btrbk
../common/configs/system/btrfs
../common/configs/system/cloudflared
../common/configs/system/dnsmasq
../common/configs/system/documentation ../common/configs/system/documentation
../common/configs/system/getty
../common/configs/system/git ../common/configs/system/git
../common/configs/system/gpg-agent
../common/configs/system/impermanence ../common/configs/system/impermanence
../common/configs/system/libvirt
../common/configs/system/neovim ../common/configs/system/neovim
../common/configs/system/networkmanager
../common/configs/system/nix ../common/configs/system/nix
../common/configs/system/nix-cleanup
../common/configs/system/nix-install
../common/configs/system/nix-ld ../common/configs/system/nix-ld
../common/configs/system/nix-update ../common/configs/system/nix-update
../common/configs/system/nixpkgs ../common/configs/system/nixpkgs
../common/configs/system/ntp
../common/configs/system/pipewire
../common/configs/system/podman ../common/configs/system/podman
../common/configs/system/power
../common/configs/system/printing
../common/configs/system/smartmontools
../common/configs/system/sops ../common/configs/system/sops
../common/configs/system/ssh ../common/configs/system/ssh
../common/configs/system/ssh-agent ../common/configs/system/sshd
../common/configs/system/sudo ../common/configs/system/sudo
../common/configs/system/system ../common/configs/system/system
../common/configs/system/timezone
../common/configs/system/tmux
../common/configs/system/upower
../common/configs/system/users ../common/configs/system/users
../common/configs/system/zsh ../common/configs/system/zsh
./configs/git ./configs/nix
"${inputs.secrets}/hosts/elara/configs/globalprotect"
./configs/pki ./configs/pki
./configs/podman
./configs/ssh
./users/nikara ./users/nikara
]; ];
networking.hostName = "elara"; networking.hostName = "elara";
sas.build.private = true; sas.build.private = false;
environment.impermanence.device = environment.impermanence.enable = lib.mkForce false;
config.disko.devices.disk.usb.content.partitions.root.content.content.device;
} }

87
hosts/elara/format.nix
View File

@@ -1,87 +0,0 @@
{
disko.devices = {
disk.usb = {
device = "/dev/disk/by-id/ata-Samsung_SSD_990_EVO_1TB_S7GCNL0XA04998F";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "esp";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
swap = {
name = "swap";
size = "32G";
content = {
type = "swap";
resumeDevice = true;
};
};
root = {
name = "root";
size = "100%";
content = {
name = "usb";
type = "luks";
passwordFile = "/tmp/keyfile";
settings = {
allowDiscards = true;
};
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes =
let
mountOptions = [
"compress=zstd:3"
"noatime"
"user_subvol_rm_allowed"
];
in
{
"@" = {
mountpoint = "/";
inherit mountOptions;
};
"@persist" = {
mountpoint = "/persist";
inherit mountOptions;
};
"@persist/user" = {
mountpoint = "/persist/user";
inherit mountOptions;
};
"@persist/state" = {
mountpoint = "/persist/state";
inherit mountOptions;
};
"@persist/cache" = {
mountpoint = "/persist/cache";
inherit mountOptions;
};
"@nix" = {
mountpoint = "/nix";
inherit mountOptions;
};
};
};
};
};
};
};
};
};
}

19
hosts/elara/hardware/default.nix
View File

@@ -1,19 +1,10 @@
{ ... }: { ... }:
{ {
boot.initrd.kernelModules = [ imports = [ ./display.nix ];
"xhci_pci"
"uas"
"sd_mod"
];
services.tlp.settings.DISK_DEVICES = "sda"; wsl = {
enable = true;
# By default, this host runs on an external SSD attached to himalia... tarball.configPath = ../../../.;
imports = [ ../../himalia/hardware ]; startMenuLaunchers = true;
# ...but it can also run attached to a SAS-provided laptop.
specialisation.sas.configuration = {
disabledModules = [ ../../himalia/hardware ];
imports = [ ./sas ];
}; };
} }

6
hosts/elara/hardware/display.nix Normal file
View File

@@ -0,0 +1,6 @@
{ ... }:
{
home-manager.sharedModules = [
{ programs.vscode.profiles.default.userSettings."window.zoomLevel" = (1.25 - 1) / 0.2; }
];
}

25
hosts/elara/hardware/sas/default.nix
View File

@@ -1,25 +0,0 @@
{ ... }:
{
imports = [ ./display.nix ];
hardware = {
enableAllFirmware = true;
cpu = {
cores = 8;
threads = 12;
intel.updateMicrocode = true;
};
};
boot = {
kernelModules = [ "kvm-intel" ];
initrd.kernelModules = [
"thunderbolt"
"vmd"
"nvme"
];
};
services.fstrim.enable = true;
}

30
hosts/elara/hardware/sas/display.nix
View File

@@ -1,30 +0,0 @@
{ ... }:
{
boot.kernelParams = [ "video=eDP-1:1920x1200@60" ];
home-manager.sharedModules = [
{
wayland.windowManager.hyprland.settings = {
monitor = [
"eDP-1, preferred, 0x0, 1"
", maxwidth, auto-center-up, 1"
];
workspace = [
"1, monitor:eDP-1, layoutopt:orientation:left"
"2, monitor:eDP-1, layoutopt:orientation:left"
"3, monitor:eDP-1, layoutopt:orientation:left"
"4, monitor:eDP-1, layoutopt:orientation:left"
"5, monitor:eDP-1, layoutopt:orientation:left"
"6, monitor:eDP-1, layoutopt:orientation:left"
"7, monitor:eDP-1, layoutopt:orientation:left"
"8, monitor:eDP-1, layoutopt:orientation:left"
"9, monitor:eDP-1, layoutopt:orientation:left"
"10, monitor:eDP-1, layoutopt:orientation:left"
];
};
programs.vscode.profiles.default.userSettings."window.zoomLevel" = (1.25 - 1) / 0.2;
}
];
}

9
hosts/elara/users/nikara/configs/console/c/default.nix
View File

@@ -1,9 +0,0 @@
{ user, home }:
{ pkgs, ... }:
{
home-manager.users.${user}.home.packages = with pkgs; [
gcc
cmake
gnumake
];
}

109
hosts/elara/users/nikara/configs/console/git/default.nix
View File

@@ -1,109 +0,0 @@
{ user, home }:
{
config,
inputs,
lib,
system,
pkgs,
...
}:
let
hmConfig = config.home-manager.users.${user};
selfPkgs = inputs.self.packages.${system};
in
{
home-manager.users.${user} = {
sops = {
secrets = {
"git/credentials/personal/git.karaolidis.com/admin/username" = {
sopsFile = "${inputs.secrets}/personal/secrets.yaml";
key = "git/credentials/git.karaolidis.com/admin/username";
};
"git/credentials/personal/git.karaolidis.com/admin/password" = {
sopsFile = "${inputs.secrets}/personal/secrets.yaml";
key = "git/credentials/git.karaolidis.com/admin/password";
};
"git/credentials/sas/github.com/admin/username" = {
sopsFile = "${inputs.secrets}/sas/secrets.yaml";
key = "git/credentials/github.com/admin/username";
};
"git/credentials/sas/github.com/admin/password" = {
sopsFile = "${inputs.secrets}/sas/secrets.yaml";
key = "git/credentials/github.com/admin/password";
};
};
templates."git/credentials" = {
content = ''
https://${hmConfig.sops.placeholder."git/credentials/personal/git.karaolidis.com/admin/username"}:${
hmConfig.sops.placeholder."git/credentials/personal/git.karaolidis.com/admin/password"
}@git.karaolidis.com
https://${hmConfig.sops.placeholder."git/credentials/sas/github.com/admin/username"}:${
hmConfig.sops.placeholder."git/credentials/sas/github.com/admin/password"
}@github.com
'';
path = "${home}/.config/git/credentials";
};
};
programs = {
git.extraConfig.core.sshCommand = lib.meta.getExe (
pkgs.writeShellApplication {
name = "git-ssh-key-wrapper";
runtimeInputs = with pkgs; [ openssh ];
text = builtins.readFile ./git-ssh-key-wrapper.sh;
}
);
ssh = {
matchBlocks = {
"github.com" = {
hostname = "github.com";
user = "git";
identityFile = [
"${home}/.ssh/ssh_sas_ed25519_key"
"${home}/.ssh/ssh_personal_ed25519_key"
];
};
"gitlab.sas.com" = {
hostname = "gitlab.sas.com";
user = "git";
identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
};
"gerrit-svi.unx.sas.com" = {
hostname = "gerrit-svi.unx.sas.com";
user = "nikara";
port = 29418;
identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
};
"artifactlfs.unx.sas.com" = {
hostname = "artifactlfs.unx.sas.com";
user = "nikara";
port = 1339;
identityFile = "${home}/.ssh/ssh_sas_rsa_key";
};
};
userKnownHostsFiles =
with selfPkgs;
(
[
ssh-known-hosts-github
ssh-known-hosts-gitlab
]
++ lib.lists.optionals config.sas.build.private [
ssh-known-hosts-sas-gitlab
ssh-known-hosts-sas-gerrit
ssh-known-hosts-sas-artifact
]
);
};
};
};
}

16
hosts/elara/users/nikara/configs/console/git/git-ssh-key-wrapper.sh
View File

@@ -1,16 +0,0 @@
# shellcheck shell=bash
key="$HOME/.ssh/ssh_personal_ed25519_key"
if [[ "$*" == *"git@github.com"* ]]; then
if [[ "$*" == *"sas-institute-rnd-product/"* ||
"$*" == *"sas-institute-rnd-internal/"* ||
"$*" == *"sas-institute-rnd-pipeline-test/"* ||
"$*" == *"_sasinst/"* ]]; then
key="$HOME/.ssh/ssh_sas_ed25519_key"
fi
exec ssh -i "$key" "$@"
fi
exec ssh "$@"

26
hosts/elara/users/nikara/configs/console/go/default.nix
View File

@@ -1,26 +0,0 @@
{ user, home }:
{ pkgs, ... }:
{
environment.persistence."/persist/cache"."${home}/.local/share/go" = { };
home-manager.users.${user} = {
programs.go = {
enable = true;
goPath = ".local/share/go";
};
home = {
packages = with pkgs; [
gopls
go-tools
golangci-lint
golangci-lint-langserver
];
sessionVariables = {
GOPROXY = "goproxy.unx.sas.com";
GONOSUMDB = "*.sas.com,sassoftware.io";
};
};
};
}

15
hosts/elara/users/nikara/configs/console/gpg/default.nix
View File

@@ -1,5 +1,10 @@
{ user, home }: { user, home }:
{ config, inputs, ... }: {
config,
inputs,
pkgs,
...
}:
let let
hmConfig = config.home-manager.users.${user}; hmConfig = config.home-manager.users.${user};
in in
@@ -7,22 +12,22 @@ in
home-manager.users.${user} = { home-manager.users.${user} = {
sops.secrets = { sops.secrets = {
"gpg/personal/key" = { "gpg/personal/key" = {
sopsFile = "${inputs.secrets}/personal/secrets.yaml"; sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "gpg/key"; key = "gpg/key";
}; };
"gpg/personal/pass" = { "gpg/personal/pass" = {
sopsFile = "${inputs.secrets}/personal/secrets.yaml"; sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "gpg/pass"; key = "gpg/pass";
}; };
"gpg/sas/key" = { "gpg/sas/key" = {
sopsFile = "${inputs.secrets}/sas/secrets.yaml"; sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
key = "gpg/key"; key = "gpg/key";
}; };
"gpg/sas/pass" = { "gpg/sas/pass" = {
sopsFile = "${inputs.secrets}/sas/secrets.yaml"; sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
key = "gpg/pass"; key = "gpg/pass";
}; };
}; };

23
hosts/elara/users/nikara/configs/console/gradle/default.nix
View File

@@ -1,23 +0,0 @@
{ user, home }:
{ config, pkgs, ... }:
let
hmConfig = config.home-manager.users.${user};
in
{
environment.persistence."/persist/cache"."${home}/.local/share/gradle" = { };
home-manager.users.${user} = {
programs.gradle = {
enable = true;
home = ".local/share/gradle";
};
sops.templates."gradle.properties" = {
content = ''
cdpUser=${hmConfig.sops.placeholder."artifactory/cdp/user"}
cdpPassword=${hmConfig.sops.placeholder."artifactory/cdp/password"}
'';
path = "${home}/.local/share/gradle/gradle.properties";
};
};
}

8
hosts/elara/users/nikara/configs/console/java/default.nix
View File

@@ -1,8 +0,0 @@
{ user, home }:
{ pkgs, ... }:
{
home-manager.users.${user}.programs.java = {
enable = true;
package = pkgs.jdk17;
};
}

17
hosts/elara/users/nikara/configs/console/kubernetes/default.nix
View File

@@ -1,17 +0,0 @@
{ user, home }:
{ pkgs, ... }:
{
nixpkgs.overlays = [
(final: prev: {
telepresence = prev.telepresence.overrideAttrs (oldAttrs: {
patches = oldAttrs.patches or [ ] ++ [ ./extend-timeout.patch ];
});
})
];
home-manager.users.${user}.home.packages = with pkgs; [
telepresence
kubeval
calicoctl
];
}

6
hosts/elara/users/nikara/configs/console/neovim/default.nix Normal file
View File

@@ -0,0 +1,6 @@
{ user, home }:
{ pkgs, ... }:
{
home-manager.users.${user}.programs.nvf.settings.vim.clipboard.providers.wl-copy.package =
pkgs.wsl-wl-clipboard;
}

66
hosts/elara/users/nikara/configs/console/podman/default.nix
View File

@@ -10,41 +10,45 @@ let
hmConfig = config.home-manager.users.${user}; hmConfig = config.home-manager.users.${user};
in in
{ {
home-manager.users.${user}.sops = { home-manager.users.${user} = {
secrets = { sops = {
"registry/personal/docker.io" = { secrets = {
sopsFile = "${inputs.secrets}/personal/secrets.yaml"; "registry/personal/git.karaolidis.com" = {
key = "registry/docker.io"; sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "registry/git.karaolidis.com";
};
"registry/personal/docker.io" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "registry/docker.io";
};
"registry/sas/cr.sas.com" = {
sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
key = "registry/cr.sas.com";
};
}; };
"registry/personal/registry.karaolidis.com" = { templates.containers-auth = {
sopsFile = "${inputs.secrets}/personal/secrets.yaml"; content = builtins.readFile (
key = "registry/registry.karaolidis.com"; (pkgs.formats.json { }).generate "auth.json" {
}; auths = {
"git.karaolidis.com" = {
"registry/sas/cr.sas.com" = { auth = hmConfig.sops.placeholder."registry/personal/git.karaolidis.com";
sopsFile = "${inputs.secrets}/sas/secrets.yaml"; };
key = "registry/cr.sas.com"; "docker.io" = {
auth = hmConfig.sops.placeholder."registry/personal/docker.io";
};
"cr.sas.com" = {
auth = hmConfig.sops.placeholder."registry/sas/cr.sas.com";
};
};
}
);
path = "${home}/.config/containers/auth.json";
}; };
}; };
templates.containers-auth = { services.podman.settings.storage.storage.driver = lib.mkForce "overlay";
content = builtins.readFile (
(pkgs.formats.json { }).generate "auth.json" {
auths = {
"docker.io" = {
auth = hmConfig.sops.placeholder."registry/personal/docker.io";
};
"registry.karaolidis.com" = {
auth = hmConfig.sops.placeholder."registry/personal/registry.karaolidis.com";
};
"cr.sas.com" = {
auth = hmConfig.sops.placeholder."registry/sas/cr.sas.com";
};
};
}
);
path = "${home}/.config/containers/auth.json";
};
}; };
} }

84
hosts/elara/users/nikara/configs/console/sas/default.nix
View File

@@ -1,8 +1,84 @@
{ user, home }: { user, home }:
{ inputs, ... }:
{ {
home-manager.users.${user}.sops.secrets = { config,
"artifactory/cdp/user".sopsFile = "${inputs.secrets}/sas/secrets.yaml"; inputs,
"artifactory/cdp/password".sopsFile = "${inputs.secrets}/sas/secrets.yaml"; pkgs,
lib,
...
}:
let
hmConfig = config.home-manager.users.${user};
in
{
environment.persistence."/persist/cache" = {
"${home}/.local/share/go" = { };
"${home}/.local/share/gradle" = { };
};
home-manager.users.${user} = {
sops = {
secrets = {
"artifactory/cdp/user".sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
"artifactory/cdp/password".sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
"viya/orders-api/key".sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
"viya/orders-api/secret".sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
};
templates."gradle.properties" = {
content = ''
cdpUser=${hmConfig.sops.placeholder."artifactory/cdp/user"}
cdpPassword=${hmConfig.sops.placeholder."artifactory/cdp/password"}
'';
path = "${home}/.local/share/gradle/gradle.properties";
};
};
programs = {
go = {
enable = true;
goPath = ".local/share/go";
};
gradle = {
enable = true;
home = ".local/share/gradle";
};
java = {
enable = true;
package = pkgs.jdk17;
};
};
home = {
packages =
with pkgs;
[
gcc
gopls
go-tools
delve
golangci-lint
golangci-lint-langserver
]
++ lib.lists.optionals config.sas.build.private [
viya4-orders-cli
sagew
sonder
klog
];
sessionVariables = {
GOPROXY = "goproxy.unx.sas.com";
GONOSUMDB = "*.sas.com,sassoftware.io";
};
};
xdg.configFile."viya4-orders-cli/config.yaml" = lib.mkIf config.sas.build.private {
source = (pkgs.formats.yaml { }).generate "config.yaml" {
clientCredentialsIdFile = hmConfig.sops.secrets."viya/orders-api/key".path;
clientCredentialsSecretFile = hmConfig.sops.secrets."viya/orders-api/secret".path;
};
};
}; };
} }

238
hosts/elara/users/nikara/configs/console/ssh/default.nix
View File

@@ -2,70 +2,212 @@
{ {
config, config,
inputs, inputs,
system, pkgs,
lib, lib,
... ...
}: }:
let let
hmConfig = config.home-manager.users.${user}; hmConfig = config.home-manager.users.${user};
selfPkgs = inputs.self.packages.${system};
in in
{ {
home-manager.users.${user} = { home-manager.users.${user} = {
sops.secrets = { sops = {
"ssh/personal/key" = { secrets = {
sopsFile = "${inputs.secrets}/personal/secrets.yaml"; "ssh/personal/key" = {
key = "ssh/key"; sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
path = "${home}/.ssh/ssh_personal_ed25519_key"; key = "ssh/key";
path = "${home}/.ssh/ssh_personal_ed25519_key";
};
"ssh/personal/pass" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "ssh/pass";
};
"ssh/sas/ed25519/key" = {
sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
key = "ssh/ed25519/key";
path = "${home}/.ssh/ssh_sas_ed25519_key";
};
"ssh/sas/ed25519/pass" = {
sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
key = "ssh/ed25519/pass";
};
"ssh/sas/rsa/key" = {
sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
key = "ssh/rsa/key";
path = "${home}/.ssh/ssh_sas_rsa_key";
};
"ssh/sas/rsa/pass" = {
sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
key = "ssh/rsa/pass";
};
"git/credentials/personal/git.karaolidis.com/username" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "git/credentials/git.karaolidis.com/username";
};
"git/credentials/personal/git.karaolidis.com/tokens/admin" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "git/credentials/git.karaolidis.com/tokens/admin";
};
"git/credentials/sas/github.com/username" = {
sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
key = "git/credentials/github.com/username";
};
"git/credentials/sas/github.com/tokens/admin" = {
sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
key = "git/credentials/github.com/tokens/admin";
};
"git/credentials/personal/github.com/username" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "git/credentials/github.com/username";
};
"git/credentials/personal/github.com/tokens/admin" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "git/credentials/github.com/tokens/admin";
};
"git/credentials/personal/gitlab.com/username" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "git/credentials/gitlab.com/username";
};
"git/credentials/personal/gitlab.com/tokens/admin" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "git/credentials/gitlab.com/tokens/admin";
};
"git/credentials/personal/gitea.com/username" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "git/credentials/gitea.com/username";
};
"git/credentials/personal/gitea.com/tokens/admin" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "git/credentials/gitea.com/tokens/admin";
};
}; };
"ssh/personal/pass" = { templates."git/credentials" = {
sopsFile = "${inputs.secrets}/personal/secrets.yaml"; content = ''
key = "ssh/pass"; https://${hmConfig.sops.placeholder."git/credentials/personal/git.karaolidis.com/username"}:${
}; hmConfig.sops.placeholder."git/credentials/personal/git.karaolidis.com/tokens/admin"
}@git.karaolidis.com
"ssh/sas/ed25519/key" = { https://${hmConfig.sops.placeholder."git/credentials/sas/github.com/username"}:${
sopsFile = "${inputs.secrets}/sas/secrets.yaml"; hmConfig.sops.placeholder."git/credentials/sas/github.com/tokens/admin"
key = "ssh/ed25519/key"; }@github.com
path = "${home}/.ssh/ssh_sas_ed25519_key"; https://${hmConfig.sops.placeholder."git/credentials/personal/gitlab.com/username"}:${
}; hmConfig.sops.placeholder."git/credentials/personal/gitlab.com/tokens/admin"
}@gitlab.com
"ssh/sas/ed25519/pass" = { https://${hmConfig.sops.placeholder."git/credentials/personal/gitea.com/username"}:${
sopsFile = "${inputs.secrets}/sas/secrets.yaml"; hmConfig.sops.placeholder."git/credentials/personal/gitea.com/tokens/admin"
key = "ssh/ed25519/pass"; }@gitea.com
}; '';
path = "${home}/.config/git/credentials";
"ssh/sas/rsa/key" = {
sopsFile = "${inputs.secrets}/sas/secrets.yaml";
key = "ssh/rsa/key";
path = "${home}/.ssh/ssh_sas_rsa_key";
};
"ssh/sas/rsa/pass" = {
sopsFile = "${inputs.secrets}/sas/secrets.yaml";
key = "ssh/rsa/pass";
}; };
}; };
programs = { programs = {
ssh = { ssh.matchBlocks = {
matchBlocks = { "karaolidis.com" = {
"karaolidis.com" = { hostname = "karaolidis.com";
hostname = "karaolidis.com"; user = "nick";
user = "nick"; identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
};
"cldlgn.fyi.sas.com" = {
inherit user;
hostname = "cldlgn.fyi.sas.com";
identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
};
}; };
userKnownHostsFiles = "tunnel.karaolidis.com" = {
with selfPkgs; hostname = "tunnel.karaolidis.com";
lib.lists.optionals config.sas.build.private [ ssh-known-hosts-sas-cldlgn ]; user = "nick";
port = 2222;
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
};
"github.com" = {
hostname = "github.com";
user = "git";
identityFile = [ "${home}/.ssh/ssh_personal_ed25519_key" ];
userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.github;
};
"gitlab.com" = {
hostname = "gitlab.com";
user = "git";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.gitlab;
};
"gitea.com" = {
hostname = "gitea.com";
user = "git";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.gitea;
};
"github.sas.com" = {
hostname = "github.com";
user = "git";
identityFile = [ "${home}/.ssh/ssh_sas_ed25519_key" ];
userKnownHostsFile = lib.mkIf config.sas.build.private (
builtins.toString pkgs.sshKnownHosts.github
);
};
"cldlgn.fyi.sas.com" = {
inherit user;
hostname = "cldlgn.fyi.sas.com";
identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
userKnownHostsFile = lib.mkIf config.sas.build.private (
builtins.toString pkgs.sshKnownHosts.sas-cldlgn
);
};
"gitlab.sas.com" = {
hostname = "gitlab.sas.com";
user = "git";
identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
userKnownHostsFile = lib.mkIf config.sas.build.private (
builtins.toString pkgs.sshKnownHosts.sas-gitlab
);
};
"gerrit-svi.unx.sas.com" = {
hostname = "gerrit-svi.unx.sas.com";
user = "nikara";
port = 29418;
identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
userKnownHostsFile = lib.mkIf config.sas.build.private (
builtins.toString pkgs.sshKnownHosts.sas-gerrit
);
};
"artifactlfs.unx.sas.com" = {
hostname = "artifactlfs.unx.sas.com";
user = "nikara";
port = 1339;
identityFile = "${home}/.ssh/ssh_sas_rsa_key";
userKnownHostsFile = lib.mkIf config.sas.build.private (
builtins.toString pkgs.sshKnownHosts.sas-artifact
);
};
};
git.extraConfig.url = {
"git@github.sas.com:sas-institute-rnd-product".insteadOf =
"git@github.com:sas-institute-rnd-product";
"git@github.sas.com:sas-institute-rnd-internal".insteadOf =
"git@github.com:sas-institute-rnd-internal";
"git@github.sas.com:sas-institute-rnd-pipeline-test".insteadOf =
"git@github.com:sas-institute-rnd-pipeline-test";
"git@github.sas.com:Nick-Karaolidis_sasinst".insteadOf = "git@github.com:Nick-Karaolidis_sasinst";
}; };
clipbook.bookmarks = { clipbook.bookmarks = {

29
hosts/elara/users/nikara/configs/console/viya4-orders-cli/default.nix
View File

@@ -1,29 +0,0 @@
{ user, home }:
{
config,
inputs,
pkgs,
system,
...
}:
let
selfPkgs = inputs.self.packages.${system};
hmConfig = config.home-manager.users.${user};
in
{
home-manager.users.${user} = {
sops.secrets = {
"viya/orders-api/key".sopsFile = "${inputs.secrets}/sas/secrets.yaml";
"viya/orders-api/secret".sopsFile = "${inputs.secrets}/sas/secrets.yaml";
};
home.packages = [ selfPkgs.viya4-orders-cli ];
xdg.configFile."viya4-orders-cli/config.yaml".source =
(pkgs.formats.yaml { }).generate "config.yaml"
{
clientCredentialsIdFile = hmConfig.sops.secrets."viya/orders-api/key".path;
clientCredentialsSecretFile = hmConfig.sops.secrets."viya/orders-api/secret".path;
};
};
}

5
hosts/elara/users/nikara/configs/console/wsl/default.nix Normal file
View File

@@ -0,0 +1,5 @@
{ user, home }:
{ pkgs, ... }:
{
home-manager.users.${user}.home.packages = with pkgs; [ wsl-wl-clipboard ];
}

5
hosts/elara/users/nikara/configs/gui/kitty/default.nix Normal file
View File

@@ -0,0 +1,5 @@
{ user, home }:
{ ... }:
{
home-manager.users.${user}.programs.kitty.settings.hide_window_decorations = true;
}

20
hosts/elara/users/nikara/configs/gui/obsidian/default.nix
View File

@@ -1,23 +1,5 @@
{ user, home }: { user, home }:
{ ... }: { ... }:
{ {
home-manager.users.${user} = { home-manager.users.${user}.programs.obsidian.vaults."Documents/Obsidian/master".enable = true;
programs.obsidian.vaults = {
"Documents/Obsidian/personal/master".enable = true;
"Documents/Obsidian/sas/master".enable = true;
};
services.syncthing.settings.folders.obsidian = {
label = "Obsidian";
path = "${home}/Documents/Obsidian/personal";
devices = [
"amalthea"
"ganymede"
];
maxConflicts = 0;
};
home.file."Documents/Obsidian/personal/.stignore".source =
../../../../../../common/configs/user/gui/obsidian/.stignore;
};
} }

43
hosts/elara/users/nikara/configs/gui/vscode/default.nix
View File

@@ -1,21 +1,30 @@
{ user, home }: { user, home }:
{ ... }: { lib, ... }:
{ {
home-manager.users.${user}.programs.vscode.languages = { home-manager.users.${user} = {
c.enable = true; programs.vscode = {
go.enable = true; languages = {
java.enable = true; c.enable = true;
jinja.enable = true; go.enable = true;
lua.enable = true; hugo.enable = true;
markdown.enable = true; java.enable = true;
nix.enable = true; jinja.enable = true;
podman.enable = true; lua.enable = true;
python.enable = true; markdown.enable = true;
rest.enable = true; nix.enable = true;
rust.enable = true; podman.enable = true;
sas.enable = true; python.enable = true;
sops.enable = true; rest.enable = true;
typescript.enable = true; rust.enable = true;
yaml.enable = true; sas.enable = true;
sops.enable = true;
typescript.enable = true;
yaml.enable = true;
};
copilot.enable = true;
};
home.sessionVariables.DONT_PROMPT_WSL_INSTALL = "1";
}; };
} }

54
hosts/elara/users/nikara/default.nix
View File

@@ -14,8 +14,7 @@ in
imports = [ imports = [
(import ../../../common/configs/user { inherit user home; }) (import ../../../common/configs/user { inherit user home; })
(import ../../../common/configs/user/console/android { inherit user home; }) (import ../../../common/configs/user/console/attic { inherit user home; })
(import ../../../common/configs/user/console/brightnessctl { inherit user home; })
(import ../../../common/configs/user/console/btop { inherit user home; }) (import ../../../common/configs/user/console/btop { inherit user home; })
(import ../../../common/configs/user/console/dive { inherit user home; }) (import ../../../common/configs/user/console/dive { inherit user home; })
(import ../../../common/configs/user/console/fastfetch { inherit user home; }) (import ../../../common/configs/user/console/fastfetch { inherit user home; })
@@ -27,83 +26,48 @@ in
(import ../../../common/configs/user/console/ip { inherit user home; }) (import ../../../common/configs/user/console/ip { inherit user home; })
(import ../../../common/configs/user/console/jq { inherit user home; }) (import ../../../common/configs/user/console/jq { inherit user home; })
(import ../../../common/configs/user/console/kubernetes { inherit user home; }) (import ../../../common/configs/user/console/kubernetes { inherit user home; })
(import ../../../common/configs/user/console/libvirt { inherit user home; })
(import ../../../common/configs/user/console/lsof { inherit user home; }) (import ../../../common/configs/user/console/lsof { inherit user home; })
(import ../../../common/configs/user/console/mprocs { inherit user home; }) (import ../../../common/configs/user/console/mprocs { inherit user home; })
(import ../../../common/configs/user/console/ncdu { inherit user home; }) (import ../../../common/configs/user/console/ncdu { inherit user home; })
(import ../../../common/configs/user/console/ncspot { inherit user home; })
(import ../../../common/configs/user/console/neovim { inherit user home; }) (import ../../../common/configs/user/console/neovim { inherit user home; })
(import ../../../common/configs/user/console/nix { inherit user home; }) (import ../../../common/configs/user/console/nix { inherit user home; })
(import ../../../common/configs/user/console/nix-cleanup { inherit user home; })
(import ../../../common/configs/user/console/nix-develop { inherit user home; }) (import ../../../common/configs/user/console/nix-develop { inherit user home; })
(import ../../../common/configs/user/console/nix-direnv { inherit user home; }) (import ../../../common/configs/user/console/nix-direnv { inherit user home; })
(import ../../../common/configs/user/console/ouch { inherit user home; }) (import ../../../common/configs/user/console/ouch { inherit user home; })
(import ../../../common/configs/user/console/pipewire { inherit user home; })
(import ../../../common/configs/user/console/podman { inherit user home; }) (import ../../../common/configs/user/console/podman { inherit user home; })
(import ../../../common/configs/user/console/sops { inherit user home; }) (import ../../../common/configs/user/console/sops { inherit user home; })
(import ../../../common/configs/user/console/ssh { inherit user home; }) (import ../../../common/configs/user/console/ssh { inherit user home; })
(import ../../../common/configs/user/console/ssh-agent { inherit user home; }) (import ../../../common/configs/user/console/ssh-agent { inherit user home; })
(import ../../../common/configs/user/console/syncthing { inherit user home; })
(import ../../../common/configs/user/console/tmux { inherit user home; })
(import ../../../common/configs/user/console/tree { inherit user home; }) (import ../../../common/configs/user/console/tree { inherit user home; })
(import ../../../common/configs/user/console/wget { inherit user home; }) (import ../../../common/configs/user/console/wget { inherit user home; })
(import ../../../common/configs/user/console/xdg { inherit user home; }) (import ../../../common/configs/user/console/xdg { inherit user home; })
(import ../../../common/configs/user/console/yazi { inherit user home; }) (import ../../../common/configs/user/console/yazi { inherit user home; })
(import ../../../common/configs/user/console/yt-dlp { inherit user home; }) (import ../../../common/configs/user/console/zellij { inherit user home; })
(import ../../../common/configs/user/console/zoxide { inherit user home; }) (import ../../../common/configs/user/console/zoxide { inherit user home; })
(import ../../../common/configs/user/console/zsh { inherit user home; }) (import ../../../common/configs/user/console/zsh { inherit user home; })
(import ../../../common/configs/user/gui/astal { inherit user home; })
(import ../../../common/configs/user/gui/bluetooth { inherit user home; })
(import ../../../common/configs/user/gui/btop { inherit user home; })
(import ../../../common/configs/user/gui/clipbook { inherit user home; })
(import ../../../common/configs/user/gui/cliphist { inherit user home; })
(import ../../../common/configs/user/gui/emoji { inherit user home; })
(import ../../../common/configs/user/gui/feh { inherit user home; })
(import ../../../common/configs/user/gui/firefox { inherit user home; })
(import ../../../common/configs/user/gui/gtk { inherit user home; }) (import ../../../common/configs/user/gui/gtk { inherit user home; })
(import ../../../common/configs/user/gui/hypridle { inherit user home; })
(import ../../../common/configs/user/gui/hyprland { inherit user home; })
(import ../../../common/configs/user/gui/hyprpicker { inherit user home; })
(import ../../../common/configs/user/gui/hyprshot { inherit user home; })
(import ../../../common/configs/user/gui/kitty { inherit user home; }) (import ../../../common/configs/user/gui/kitty { inherit user home; })
(import ../../../common/configs/user/gui/libreoffice { inherit user home; })
(import ../../../common/configs/user/gui/mpv { inherit user home; })
(import ../../../common/configs/user/gui/networkmanager { inherit user home; })
(import ../../../common/configs/user/gui/obs { inherit user home; })
(import ../../../common/configs/user/gui/obsidian { inherit user home; }) (import ../../../common/configs/user/gui/obsidian { inherit user home; })
(import ../../../common/configs/user/gui/pipewire { inherit user home; })
(import ../../../common/configs/user/gui/qalculate { inherit user home; })
(import ../../../common/configs/user/gui/qt { inherit user home; }) (import ../../../common/configs/user/gui/qt { inherit user home; })
(import ../../../common/configs/user/gui/rofi { inherit user home; })
(import ../../../common/configs/user/gui/rquickshare { inherit user home; })
(import ../../../common/configs/user/gui/swww { inherit user home; })
(import ../../../common/configs/user/gui/theme { inherit user home; }) (import ../../../common/configs/user/gui/theme { inherit user home; })
(import ../../../common/configs/user/gui/vscode { inherit user home; }) (import ../../../common/configs/user/gui/vscode { inherit user home; })
(import ../../../common/configs/user/gui/wev { inherit user home; })
(import ../../../common/configs/user/gui/wl-clipboard { inherit user home; })
(import ../../../common/configs/user/gui/x11 { inherit user home; })
(import ../../../common/configs/user/gui/xdg { inherit user home; })
(import ./configs/console/c { inherit user home; })
(import ./configs/console/git { inherit user home; })
(import ./configs/console/go { inherit user home; })
(import ./configs/console/gpg { inherit user home; }) (import ./configs/console/gpg { inherit user home; })
(import ./configs/console/gradle { inherit user home; }) (import ./configs/console/neovim { inherit user home; })
(import ./configs/console/java { inherit user home; })
(import ./configs/console/kubernetes { inherit user home; })
(import ./configs/console/podman { inherit user home; }) (import ./configs/console/podman { inherit user home; })
(import ./configs/console/sas { inherit user home; }) (import ./configs/console/sas { inherit user home; })
(import ./configs/console/ssh { inherit user home; }) (import ./configs/console/ssh { inherit user home; })
(import ./configs/console/viya4-orders-cli { inherit user home; }) (import ./configs/console/wsl { inherit user home; })
(import ./configs/gui/kitty { inherit user home; })
(import ./configs/gui/obsidian { inherit user home; }) (import ./configs/gui/obsidian { inherit user home; })
(import ./configs/gui/vscode { inherit user home; }) (import ./configs/gui/vscode { inherit user home; })
]; ];
# mkpasswd -s # mkpasswd -s
sops.secrets."${user}-password" = { sops.secrets."${user}-password" = {
sopsFile = "${inputs.secrets}/sas/secrets.yaml"; sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
key = "password"; key = "password";
neededForUsers = true; neededForUsers = true;
}; };
@@ -121,9 +85,13 @@ in
]; ];
linger = true; linger = true;
uid = lib.strings.toInt (builtins.readFile ./uid); uid = lib.strings.toInt (builtins.readFile ./uid);
openssh.authorizedKeys.keyFiles = [
"${inputs.secrets}/domains/personal/id_ed25519.pub"
"${inputs.secrets}/domains/sas/id_ed25519.pub"
];
}; };
services.getty.autologinUser = user; wsl.defaultUser = user;
home-manager.users.${user}.home = { home-manager.users.${user}.home = {
username = user; username = user;

15
hosts/himalia/configs/ssh/default.nix Normal file
View File

@@ -0,0 +1,15 @@
{ inputs, ... }:
{
sops.secrets."ssh/key" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
path = "/root/.ssh/ssh_personal_ed25519_key";
};
programs.ssh.extraConfig = ''
Host karaolidis.com
User git
HostName karaolidis.com
IdentityFile /root/.ssh/ssh_personal_ed25519_key
IdentitiesOnly yes
'';
}

13
hosts/himalia/default.nix
View File

@@ -1,5 +1,11 @@
{ inputs, ... }: { inputs, ... }:
{ {
nixpkgs.overlays = [
inputs.lib.overlays.default
inputs.self.overlays.default
inputs.nur.overlays.default
];
imports = [ imports = [
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
./format.nix ./format.nix
@@ -15,8 +21,8 @@
../common/configs/system/documentation ../common/configs/system/documentation
../common/configs/system/getty ../common/configs/system/getty
../common/configs/system/git ../common/configs/system/git
../common/configs/system/gpg-agent
../common/configs/system/impermanence ../common/configs/system/impermanence
../common/configs/system/lanzaboote
../common/configs/system/libvirt ../common/configs/system/libvirt
../common/configs/system/neovim ../common/configs/system/neovim
../common/configs/system/networkmanager ../common/configs/system/networkmanager
@@ -34,15 +40,16 @@
../common/configs/system/smartmontools ../common/configs/system/smartmontools
../common/configs/system/sops ../common/configs/system/sops
../common/configs/system/ssh ../common/configs/system/ssh
../common/configs/system/ssh-agent ../common/configs/system/sshd
../common/configs/system/sudo ../common/configs/system/sudo
../common/configs/system/system ../common/configs/system/system
../common/configs/system/timezone ../common/configs/system/timezone
../common/configs/system/tmux
../common/configs/system/upower ../common/configs/system/upower
../common/configs/system/users ../common/configs/system/users
../common/configs/system/zsh ../common/configs/system/zsh
./configs/ssh
./users/nick ./users/nick
]; ];

12
hosts/himalia/hardware/keybinds.nix
View File

@@ -29,18 +29,6 @@
", XF86Launch4, exec, ${asusctl} profile -n" ", XF86Launch4, exec, ${asusctl} profile -n"
", XF86TouchpadToggle, exec, ${touchpadHelper} asuf1209:00-2808:0219-touchpad" ", XF86TouchpadToggle, exec, ${touchpadHelper} asuf1209:00-2808:0219-touchpad"
]; ];
bind =
let
farmAura = lib.meta.getExe (
pkgs.writeShellApplication {
name = "farm-aura";
runtimeInputs = with pkgs; [ genact ];
text = builtins.readFile ./scripts/farm-aura.sh;
}
);
in
[ ", XF86Launch3, exec, uwsm app -- $term ${farmAura}" ];
}; };
} }
]; ];

13
hosts/himalia/hardware/scripts/farm-aura.sh
View File

@@ -1,13 +0,0 @@
# shellcheck shell=bash
SESSION_NAME="aura-farm-$$"
tmux new-session -d -s "$SESSION_NAME" "genact -s 25"
tmux set-hook -t "$SESSION_NAME" pane-exited "run-shell 'tmux kill-session -t $SESSION_NAME'"
for _ in {1..4}; do
tmux split-window -t "$SESSION_NAME" -h "genact -s 25"
done
tmux select-layout -t "$SESSION_NAME" tiled
tmux attach-session -t "$SESSION_NAME"

48
hosts/himalia/users/nick/configs/console/git/default.nix
View File

@@ -1,48 +0,0 @@
{ user, home }:
{
config,
inputs,
lib,
system,
...
}:
let
hmConfig = config.home-manager.users.${user};
selfPkgs = inputs.self.packages.${system};
in
{
home-manager.users.${user} = {
sops = {
secrets = {
"git/credentials/git.karaolidis.com/admin/username".sopsFile =
"${inputs.secrets}/personal/secrets.yaml";
"git/credentials/git.karaolidis.com/admin/password".sopsFile =
"${inputs.secrets}/personal/secrets.yaml";
};
templates."git/credentials" = {
content = ''
https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/username"}:${
hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/password"
}@git.karaolidis.com
'';
path = "${home}/.config/git/credentials";
};
};
programs.ssh = {
matchBlocks = {
"github.com" = {
hostname = "github.com";
user = "git";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
};
};
userKnownHostsFiles = with selfPkgs; [
ssh-known-hosts-github
ssh-known-hosts-gitlab
];
};
};
}

4
hosts/himalia/users/nick/configs/console/gpg/default.nix
View File

@@ -6,8 +6,8 @@ in
{ {
home-manager.users.${user} = { home-manager.users.${user} = {
sops.secrets = { sops.secrets = {
"gpg/key".sopsFile = "${inputs.secrets}/personal/secrets.yaml"; "gpg/key".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
"gpg/pass".sopsFile = "${inputs.secrets}/personal/secrets.yaml"; "gpg/pass".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
}; };
programs.clipbook.bookmarks."GPG Passphrase".source = hmConfig.sops.secrets."gpg/pass".path; programs.clipbook.bookmarks."GPG Passphrase".source = hmConfig.sops.secrets."gpg/pass".path;

10
hosts/himalia/users/nick/configs/console/podman/default.nix
View File

@@ -11,20 +11,20 @@ in
{ {
home-manager.users.${user}.sops = { home-manager.users.${user}.sops = {
secrets = { secrets = {
"registry/docker.io".sopsFile = "${inputs.secrets}/personal/secrets.yaml"; "registry/git.karaolidis.com".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
"registry/registry.karaolidis.com".sopsFile = "${inputs.secrets}/personal/secrets.yaml"; "registry/docker.io".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
}; };
templates."containers-auth.json" = { templates."containers-auth.json" = {
content = builtins.readFile ( content = builtins.readFile (
(pkgs.formats.json { }).generate "auth.json" { (pkgs.formats.json { }).generate "auth.json" {
auths = { auths = {
"git.karaolidis.com" = {
auth = hmConfig.sops.placeholder."registry/git.karaolidis.com";
};
"docker.io" = { "docker.io" = {
auth = hmConfig.sops.placeholder."registry/docker.io"; auth = hmConfig.sops.placeholder."registry/docker.io";
}; };
"registry.karaolidis.com" = {
auth = hmConfig.sops.placeholder."registry/registry.karaolidis.com";
};
}; };
} }
); );

98
hosts/himalia/users/nick/configs/console/ssh/default.nix
View File

@@ -1,19 +1,103 @@
{ user, home }: { user, home }:
{ config, inputs, ... }: {
config,
inputs,
pkgs,
...
}:
let let
hmConfig = config.home-manager.users.${user}; hmConfig = config.home-manager.users.${user};
in in
{ {
home-manager.users.${user} = { home-manager.users.${user} = {
sops.secrets = { sops = {
"ssh/key" = { secrets = {
sopsFile = "${inputs.secrets}/personal/secrets.yaml"; "ssh/key" = {
path = "${home}/.ssh/ssh_personal_ed25519_key"; sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
path = "${home}/.ssh/ssh_personal_ed25519_key";
};
"ssh/pass".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/git.karaolidis.com/username".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/git.karaolidis.com/tokens/admin".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/github.com/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/github.com/tokens/admin".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/gitlab.com/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/gitlab.com/tokens/admin".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/gitea.com/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/gitea.com/tokens/admin".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml";
}; };
"ssh/pass".sopsFile = "${inputs.secrets}/personal/secrets.yaml"; templates."git/credentials" = {
content = ''
https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/username"}:${
hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/tokens/admin"
}@git.karaolidis.com
https://${hmConfig.sops.placeholder."git/credentials/github.com/username"}:${
hmConfig.sops.placeholder."git/credentials/github.com/tokens/admin"
}@github.com
https://${hmConfig.sops.placeholder."git/credentials/gitlab.com/username"}:${
hmConfig.sops.placeholder."git/credentials/gitlab.com/tokens/admin"
}@gitlab.com
https://${hmConfig.sops.placeholder."git/credentials/gitea.com/username"}:${
hmConfig.sops.placeholder."git/credentials/gitea.com/tokens/admin"
}@gitea.com
'';
path = "${home}/.config/git/credentials";
};
}; };
programs.clipbook.bookmarks."SSH Key Passphrase".source = hmConfig.sops.secrets."ssh/pass".path; programs = {
ssh.matchBlocks = {
"karaolidis.com" = {
hostname = "karaolidis.com";
user = "nick";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
};
"tunnel.karaolidis.com" = {
hostname = "tunnel.karaolidis.com";
user = "nick";
port = 2222;
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
};
"github.com" = {
hostname = "github.com";
user = "git";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.github;
};
"gitlab.com" = {
hostname = "gitlab.com";
user = "git";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.gitlab;
};
"gitea.com" = {
hostname = "gitea.com";
user = "git";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.gitea;
};
};
clipbook.bookmarks."SSH Key Passphrase".source = hmConfig.sops.secrets."ssh/pass".path;
};
}; };
} }

1
hosts/himalia/users/nick/configs/gui/vscode/default.nix
View File

@@ -4,6 +4,7 @@
home-manager.users.${user}.programs.vscode.languages = { home-manager.users.${user}.programs.vscode.languages = {
c.enable = true; c.enable = true;
go.enable = true; go.enable = true;
hugo.enable = true;
java.enable = true; java.enable = true;
lua.enable = true; lua.enable = true;
markdown.enable = true; markdown.enable = true;

9
hosts/himalia/users/nick/default.nix
View File

@@ -15,6 +15,7 @@ in
(import ../../../common/configs/user { inherit user home; }) (import ../../../common/configs/user { inherit user home; })
(import ../../../common/configs/user/console/android { inherit user home; }) (import ../../../common/configs/user/console/android { inherit user home; })
(import ../../../common/configs/user/console/attic { inherit user home; })
(import ../../../common/configs/user/console/brightnessctl { inherit user home; }) (import ../../../common/configs/user/console/brightnessctl { inherit user home; })
(import ../../../common/configs/user/console/btop { inherit user home; }) (import ../../../common/configs/user/console/btop { inherit user home; })
(import ../../../common/configs/user/console/dive { inherit user home; }) (import ../../../common/configs/user/console/dive { inherit user home; })
@@ -43,18 +44,17 @@ in
(import ../../../common/configs/user/console/ssh { inherit user home; }) (import ../../../common/configs/user/console/ssh { inherit user home; })
(import ../../../common/configs/user/console/ssh-agent { inherit user home; }) (import ../../../common/configs/user/console/ssh-agent { inherit user home; })
(import ../../../common/configs/user/console/syncthing { inherit user home; }) (import ../../../common/configs/user/console/syncthing { inherit user home; })
(import ../../../common/configs/user/console/tmux { inherit user home; })
(import ../../../common/configs/user/console/tree { inherit user home; }) (import ../../../common/configs/user/console/tree { inherit user home; })
(import ../../../common/configs/user/console/wget { inherit user home; }) (import ../../../common/configs/user/console/wget { inherit user home; })
(import ../../../common/configs/user/console/xdg { inherit user home; }) (import ../../../common/configs/user/console/xdg { inherit user home; })
(import ../../../common/configs/user/console/yazi { inherit user home; }) (import ../../../common/configs/user/console/yazi { inherit user home; })
(import ../../../common/configs/user/console/yt-dlp { inherit user home; }) (import ../../../common/configs/user/console/yt-dlp { inherit user home; })
(import ../../../common/configs/user/console/zellij { inherit user home; })
(import ../../../common/configs/user/console/zoxide { inherit user home; }) (import ../../../common/configs/user/console/zoxide { inherit user home; })
(import ../../../common/configs/user/console/zsh { inherit user home; }) (import ../../../common/configs/user/console/zsh { inherit user home; })
(import ../../../common/configs/user/gui/astal { inherit user home; }) (import ../../../common/configs/user/gui/astal { inherit user home; })
(import ../../../common/configs/user/gui/bluetooth { inherit user home; }) (import ../../../common/configs/user/gui/bluetooth { inherit user home; })
(import ../../../common/configs/user/gui/btop { inherit user home; })
(import ../../../common/configs/user/gui/clipbook { inherit user home; }) (import ../../../common/configs/user/gui/clipbook { inherit user home; })
(import ../../../common/configs/user/gui/cliphist { inherit user home; }) (import ../../../common/configs/user/gui/cliphist { inherit user home; })
(import ../../../common/configs/user/gui/darktable { inherit user home; }) (import ../../../common/configs/user/gui/darktable { inherit user home; })
@@ -74,6 +74,7 @@ in
(import ../../../common/configs/user/gui/hyprland { inherit user home; }) (import ../../../common/configs/user/gui/hyprland { inherit user home; })
(import ../../../common/configs/user/gui/hyprpicker { inherit user home; }) (import ../../../common/configs/user/gui/hyprpicker { inherit user home; })
(import ../../../common/configs/user/gui/hyprshot { inherit user home; }) (import ../../../common/configs/user/gui/hyprshot { inherit user home; })
(import ../../../common/configs/user/gui/hyprsunset { inherit user home; })
(import ../../../common/configs/user/gui/kitty { inherit user home; }) (import ../../../common/configs/user/gui/kitty { inherit user home; })
(import ../../../common/configs/user/gui/libreoffice { inherit user home; }) (import ../../../common/configs/user/gui/libreoffice { inherit user home; })
(import ../../../common/configs/user/gui/mpv { inherit user home; }) (import ../../../common/configs/user/gui/mpv { inherit user home; })
@@ -94,7 +95,6 @@ in
(import ../../../common/configs/user/gui/x11 { inherit user home; }) (import ../../../common/configs/user/gui/x11 { inherit user home; })
(import ../../../common/configs/user/gui/xdg { inherit user home; }) (import ../../../common/configs/user/gui/xdg { inherit user home; })
(import ./configs/console/git { inherit user home; })
(import ./configs/console/gpg { inherit user home; }) (import ./configs/console/gpg { inherit user home; })
(import ./configs/console/podman { inherit user home; }) (import ./configs/console/podman { inherit user home; })
(import ./configs/console/ssh { inherit user home; }) (import ./configs/console/ssh { inherit user home; })
@@ -106,7 +106,7 @@ in
# mkpasswd -s # mkpasswd -s
sops.secrets."${user}-password" = { sops.secrets."${user}-password" = {
sopsFile = "${inputs.secrets}/personal/secrets.yaml"; sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "password"; key = "password";
neededForUsers = true; neededForUsers = true;
}; };
@@ -124,6 +124,7 @@ in
]; ];
linger = true; linger = true;
uid = lib.strings.toInt (builtins.readFile ./uid); uid = lib.strings.toInt (builtins.readFile ./uid);
openssh.authorizedKeys.keyFiles = [ "${inputs.secrets}/domains/personal/id_ed25519.pub" ];
}; };
services.getty.autologinUser = user; services.getty.autologinUser = user;

Some files were not shown because too many files have changed in this diff Show More