Compare commits
	
		
			205 Commits
		
	
	
		
			kubernetes
			...
			wireguard
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 84a5ff6fd4 | |||
| d617183438 | |||
| aca10fdc66 | |||
| b9d57d2d58 | |||
| 0ba22f6eea | |||
| 06a644bc35 | |||
| f68fdf9211 | |||
| f819c8c5e3 | |||
| 6505f74ef3 | |||
| 000a8c64b4 | |||
| ea0113c10a | |||
| 58d4f9e8bb | |||
| 403cf00290 | |||
| aa47cdb954 | |||
| 5abd8ef3b0 | |||
| 548666f86c | |||
| 0b15c9c3fa | |||
| 229169de0f | |||
| d43ca1c8c1 | |||
| adb09135ce | |||
| 34b625a402 | |||
| eeed06af5e | |||
| 880a2e1cfa | |||
| 090ae66aa6 | |||
| 8b23486d4a | |||
| 24ac4753eb | |||
| c5d0933648 | |||
| 946b598054 | |||
| b388794f40 | |||
| 515458d11f | |||
| c31bca3634 | |||
| b12fa0e811 | |||
| 1f44a8b6bc | |||
| 0481bc2785 | |||
| 53544429d3 | |||
| e1e38ba336 | |||
| ba74461ed8 | |||
| 3a03406b99 | |||
| 7bdf24a5ec | |||
| c0c1f06b09 | |||
| 80e374ebc6 | |||
| fba4691ae0 | |||
| 9273514e2a | |||
| 52e3183244 | |||
| bf82f4b52e | |||
| 3c09cf9f69 | |||
| 1a445ab6fd | |||
| 3f1531fbd1 | |||
| dc5a91ebf7 | |||
| b3dd72de22 | |||
| e55135163d | |||
| 6ed4c4917a | |||
| eb7fc4a122 | |||
| 10e0980f8f | |||
| bdaac67bf2 | |||
| ad46eb6546 | |||
| e9ffd4d839 | |||
| 881b18065a | |||
| 4676201fce | |||
| 5566bc3677 | |||
| 98a44e8bf6 | |||
| b0bc3b5184 | |||
| 4354a2149b | |||
| a271e892c3 | |||
| ae66cfd854 | |||
| 28f86e0915 | |||
| 95b79ab224 | |||
| d90ad86c16 | |||
| 709ed4b9ac | |||
| 8e30a685d3 | |||
| 14377d7e1c | |||
| 457e1b0bf7 | |||
| cafcdbe7cc | |||
| e362f8c6e0 | |||
| 4893d413c8 | |||
| 2cbbc0f768 | |||
| 19285a264f | |||
| b631d466ff | |||
| 62671b894c | |||
| 1688be2abc | |||
| d995698feb | |||
| 3610611615 | |||
| 05f5576e1f | |||
| c233b5a11a | |||
| a2af7705ff | |||
| bea4f73c7a | |||
| cbcf4d2f66 | |||
| 12c1bb0cd8 | |||
| b4e9b8c2dc | |||
| d995375c16 | |||
| 8346e89b9f | |||
| ab1c9a4a78 | |||
| 1c554f1700 | |||
| 2f47f70d0b | |||
| 0bc4665b87 | |||
| d07e77a577 | |||
| 89401a72b7 | |||
| 855edc83f4 | |||
| 8b2cebae3b | |||
| 3b87843d5b | |||
| 345bb1fac1 | |||
| 2605ae9bc4 | |||
| de9c5481cb | |||
| d928efb31e | |||
| d39fcd50ab | |||
| 586f478d7c | |||
| 5d255bd05b | |||
| c98bc5a4c7 | |||
| e06443b99c | |||
| af0ce9b306 | |||
| f340da73e2 | |||
| 6f639cbd8f | |||
| 8973cde998 | |||
| 0cc1e79966 | |||
| e4ff6f13b1 | |||
| 9c22042983 | |||
| 8846f664dc | |||
| c0a098dcb2 | |||
| 4d7e0d23aa | |||
| 7a3129ba5f | |||
| 7b46e959af | |||
| e227cab2d7 | |||
| 2cf48bf516 | |||
| 6d23f35b59 | |||
| 6a593fcf3f | |||
| c1fd2b0f21 | |||
| 9d19064874 | |||
| d34fd0cd91 | |||
| 725b238a1e | |||
| 91104fc4b0 | |||
| d8374fe7b7 | |||
| 77b8dbfd76 | |||
| 3444645ec9 | |||
| 93c13d8537 | |||
| a3dc4129d6 | |||
| f843deafbe | |||
| 083b9055bc | |||
| c5dc372dca | |||
| 64e802bd46 | |||
| 0ae8128304 | |||
| 3360e7f8c3 | |||
| e0602dd1a0 | |||
| 8064aba0cd | |||
| 354e9937b6 | |||
| 2202f2bae8 | |||
| 0235b1146f | |||
| 75a0a59c3d | |||
| eadbccf2fa | |||
| 5c75205343 | |||
| 7737abc45e | |||
| 5f905e76c6 | |||
| 3d2a972ea3 | |||
| 0e8f5b3fbe | |||
| b03012abf8 | |||
| fce62de41d | |||
| 16ef0a2a6b | |||
| a0d7075e01 | |||
| e631eab4dd | |||
| c1ad0974f1 | |||
| 223b3427e3 | |||
| eeb39db533 | |||
| 0799ab4db7 | |||
| 2888bb8b72 | |||
| 22c82653dd | |||
| aa04f12542 | |||
| a467f953bb | |||
| 7fa058293b | |||
| 5eb9766572 | |||
| 8a9d75808a | |||
| 04ec3ba23b | |||
| ce96ec6bf7 | |||
| c4d8cc951d | |||
| 720dfba42e | |||
| 6404435fbe | |||
| b6635d01c2 | |||
| 3e67e2a299 | |||
| fd1cc6a4ff | |||
| 29910f19ab | |||
| a23e4c6908 | |||
| 9f1dd0001d | |||
| e9833141ad | |||
| c907cdeca6 | |||
| 97a042adcd | |||
| 05e04268da | |||
| c4ab675582 | |||
| 36b08fbf81 | |||
| 54ec0d98cb | |||
| 76552af3af | |||
| e16c26cd11 | |||
| f94a7a5b55 | |||
| 73ae6a6a73 | |||
| ad5039fc3c | |||
| b269139b70 | |||
| 418c3b5905 | |||
| 4e3cab57bc | |||
| bd174523f5 | |||
| 8692df6e2f | |||
| 9917cecf15 | |||
| cd44264c2a | |||
| baae420d9e | |||
| c58bab44c5 | |||
| 1ec76fbe5b | |||
| a38f203f5d | |||
| e5747150bc | |||
| 3c1cfbceb8 | 
							
								
								
									
										2
									
								
								.gitattributes
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								.gitattributes
									
									
									
									
										vendored
									
									
								
							| @@ -1,2 +0,0 @@ | ||||
| **/wallpapers/*.jpg filter=lfs diff=lfs merge=lfs -text | ||||
| **/wallpapers/*.png filter=lfs diff=lfs merge=lfs -text | ||||
							
								
								
									
										1
									
								
								.gitmodules
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										1
									
								
								.gitmodules
									
									
									
									
										vendored
									
									
								
							| @@ -2,7 +2,6 @@ | ||||
| 	path = submodules/nixpkgs | ||||
| 	url = git@github.com:karaolidis/nixpkgs.git | ||||
| 	branch = integration | ||||
|  | ||||
| [submodule "submodules/home-manager"] | ||||
| 	path = submodules/home-manager | ||||
| 	url = git@github.com:karaolidis/home-manager.git | ||||
|   | ||||
							
								
								
									
										3
									
								
								.vscode/settings.json
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										3
									
								
								.vscode/settings.json
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,3 @@ | ||||
| { | ||||
|   "sops.defaults.ageKeyFile": "./secrets/personal/key.txt" | ||||
| } | ||||
							
								
								
									
										16
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										16
									
								
								README.md
									
									
									
									
									
								
							| @@ -7,6 +7,7 @@ NixOS dotfiles and configuration for various hosts and users. | ||||
| - [`flake.lock`](./flake.lock) and [`flake.nix`](./flake.nix): Core Nix flake files defining the repository's dependencies and entry points. | ||||
|  | ||||
| - [`hosts/`](./hosts): All host-specific configurations. | ||||
|  | ||||
|   - [`common/`](./hosts/common): Shared configuration definitions. | ||||
|     - [`shells/`](./hosts/common/shells): Nix dev shells. | ||||
|     - [`configs/`](./hosts/common/configs): System configurations applicable to all hosts. | ||||
| @@ -16,9 +17,12 @@ NixOS dotfiles and configuration for various hosts and users. | ||||
|         - [`gui/`](./hosts/common/configs/user/gui): GUI-related settings. | ||||
|   - `<name>/`: Individual host configurations. | ||||
|  | ||||
| - [`packages/`](./packages/): Custom packages. | ||||
|  | ||||
| - `secrets/<namespace>/`: Global secrets for individual namespaces that apply across all hosts. | ||||
|  | ||||
| - [`lib/`](./lib): Nix library function definitions and utilities. | ||||
|  | ||||
|   - [`scripts/`](./lib/scripts): Utility scripts for managing the repository. | ||||
|     - [`add-host.sh`](./lib/scripts/add-host.sh): Instantiate the keys for a new host configuration. | ||||
|     - [`remove-host.sh`](./lib/scripts/remove-host.sh): Remove references to a host. | ||||
| @@ -33,8 +37,10 @@ Any `options.nix` files create custom option definitions when present. | ||||
|  | ||||
| Below is a table of all hosts, with links to their respective README files, which may provide further details and/or post-installation checklists. | ||||
|  | ||||
| | Host        | README                                                   | | ||||
| |-------------|----------------------------------------------------------| | ||||
| | `installer` | [hosts/installer/README.md](./hosts/installer/README.md) | | ||||
| | `eirene`    | [hosts/eirene/README.md](./hosts/eirene/README.md)       | | ||||
| | `elara`     | [hosts/elara/README.md](./hosts/elara/README.md)         | | ||||
| | Host          | README                                                       | | ||||
| | ------------- | ------------------------------------------------------------ | | ||||
| | `installer`   | [hosts/installer/README.md](./hosts/installer/README.md)     | | ||||
| | `himalia`     | [hosts/himalia/README.md](./hosts/himalia/README.md)         | | ||||
| | `elara`       | [hosts/elara/README.md](./hosts/elara/README.md)             | | ||||
| | `jupiter`     | [hosts/jupiter/README.md](./hosts/jupiter/README.md)         | | ||||
| | `jupiter-vps` | [hosts/jupiter-vps/README.md](./hosts/jupiter-vps/README.md) | | ||||
|   | ||||
							
								
								
									
										104
									
								
								flake.lock
									
									
									
										generated
									
									
									
								
							
							
						
						
									
										104
									
								
								flake.lock
									
									
									
										generated
									
									
									
								
							| @@ -10,15 +10,16 @@ | ||||
|         ] | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1736090999, | ||||
|         "narHash": "sha256-B5CJuHqfJrzPa7tObK0H9669/EClSHpa/P7B9EuvElU=", | ||||
|         "lastModified": 1744557573, | ||||
|         "narHash": "sha256-XAyj0iDuI51BytJ1PwN53uLpzTDdznPDQFG4RwihlTQ=", | ||||
|         "owner": "aylur", | ||||
|         "repo": "ags", | ||||
|         "rev": "5527c3c07d92c11e04e7fd99d58429493dba7e3c", | ||||
|         "rev": "3ed9737bdbc8fc7a7c7ceef2165c9109f336bff6", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "aylur", | ||||
|         "ref": "main", | ||||
|         "repo": "ags", | ||||
|         "type": "github" | ||||
|       } | ||||
| @@ -30,15 +31,16 @@ | ||||
|         ] | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1736497508, | ||||
|         "narHash": "sha256-murrCQMYKtZ8rkZ5O726ZCsCDee1l3ZdmV8yC9gRaIc=", | ||||
|         "lastModified": 1749559749, | ||||
|         "narHash": "sha256-TM95tg1G7S6rVBBoMwurXMz8Il4xlnuZ2TI4h6lfZzg=", | ||||
|         "owner": "aylur", | ||||
|         "repo": "astal", | ||||
|         "rev": "ef4f95608481414053ecdbe4de29bd86fb452813", | ||||
|         "rev": "dd8a4662f2f17fb4326a7bd0fb2d054f5d477ba3", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "aylur", | ||||
|         "ref": "main", | ||||
|         "repo": "astal", | ||||
|         "type": "github" | ||||
|       } | ||||
| @@ -50,35 +52,20 @@ | ||||
|         ] | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1736437680, | ||||
|         "narHash": "sha256-9Sy17XguKdEU9M5peTrkWSlI/O5IAqjHzdzxbXnc30g=", | ||||
|         "lastModified": 1749436314, | ||||
|         "narHash": "sha256-CqmqU5FRg5AadtIkxwu8ulDSOSoIisUMZRLlcED3Q5w=", | ||||
|         "owner": "nix-community", | ||||
|         "repo": "disko", | ||||
|         "rev": "4d5d07d37ff773338e40a92088f45f4f88e509c8", | ||||
|         "rev": "dfa4d1b9c39c0342ef133795127a3af14598017a", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "nix-community", | ||||
|         "ref": "master", | ||||
|         "repo": "disko", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "flake-compat": { | ||||
|       "flake": false, | ||||
|       "locked": { | ||||
|         "lastModified": 1733328505, | ||||
|         "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", | ||||
|         "owner": "edolstra", | ||||
|         "repo": "flake-compat", | ||||
|         "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "edolstra", | ||||
|         "repo": "flake-compat", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "flake-parts": { | ||||
|       "inputs": { | ||||
|         "nixpkgs-lib": [ | ||||
| @@ -116,6 +103,7 @@ | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "numtide", | ||||
|         "ref": "main", | ||||
|         "repo": "flake-utils", | ||||
|         "type": "github" | ||||
|       } | ||||
| @@ -127,11 +115,11 @@ | ||||
|         ] | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1736504054, | ||||
|         "narHash": "sha256-Mb0aIdOIg5ge0Lju1zogdAcfklRciR8G0NY6R423oek=", | ||||
|         "lastModified": 1749678254, | ||||
|         "narHash": "sha256-6I+qez0MnHu9M2spLj3LsGA/cUGgfx17/hMPvmrUMoU=", | ||||
|         "owner": "karaolidis", | ||||
|         "repo": "home-manager", | ||||
|         "rev": "baa0e7a14088ff1ed891afe4c6457faf40aa30a6", | ||||
|         "rev": "e248f54290b483a47c7550f69faecb8ed97e4831", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
| @@ -143,11 +131,11 @@ | ||||
|     }, | ||||
|     "nixpkgs": { | ||||
|       "locked": { | ||||
|         "lastModified": 1738059769, | ||||
|         "narHash": "sha256-SBOwc5HSi0zThWoj3EfYh673X1d1dc78N2qCtcJmIvo=", | ||||
|         "lastModified": 1749678247, | ||||
|         "narHash": "sha256-K83Q3c/o5CdMB3Npk3P1kCIz6FcUuJV8E4k6z1YN8AQ=", | ||||
|         "owner": "karaolidis", | ||||
|         "repo": "nixpkgs", | ||||
|         "rev": "befe9d27e7e7be485aae35d541f135c8471bd508", | ||||
|         "rev": "4d408c92fe165ab68f012a3fa36d4c58d84e83bd", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
| @@ -163,22 +151,41 @@ | ||||
|         "nixpkgs": [ | ||||
|           "nixpkgs" | ||||
|         ], | ||||
|         "treefmt-nix": "treefmt-nix" | ||||
|         "treefmt-nix": [ | ||||
|           "treefmt-nix" | ||||
|         ] | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1736500613, | ||||
|         "narHash": "sha256-OCEXlRyOIMzxrhmnzoX32e241A7+Z+zsuyR7i6AG608=", | ||||
|         "lastModified": 1749675110, | ||||
|         "narHash": "sha256-NkDE/JyeQJmLtpXjyFZK2wKs5K7isap7MBIzoYMC9nk=", | ||||
|         "owner": "nix-community", | ||||
|         "repo": "NUR", | ||||
|         "rev": "d51e847f68700c38f850a62c2b3e728864a38cde", | ||||
|         "rev": "0e8328c18d801a253ed5dfd17bd78254d9669d06", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "nix-community", | ||||
|         "ref": "main", | ||||
|         "repo": "NUR", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "quadlet-nix": { | ||||
|       "locked": { | ||||
|         "lastModified": 1749099346, | ||||
|         "narHash": "sha256-5gi/YaLVsFztGvVH45eB6jsBmZf+HnvDeSA9RXUqbcY=", | ||||
|         "owner": "SEIAROTg", | ||||
|         "repo": "quadlet-nix", | ||||
|         "rev": "d4119a3423f938427252ba8bbdbe8ce040751864", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "SEIAROTg", | ||||
|         "ref": "main", | ||||
|         "repo": "quadlet-nix", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "root": { | ||||
|       "inputs": { | ||||
|         "ags": "ags", | ||||
| @@ -188,9 +195,11 @@ | ||||
|         "home-manager": "home-manager", | ||||
|         "nixpkgs": "nixpkgs", | ||||
|         "nur": "nur", | ||||
|         "quadlet-nix": "quadlet-nix", | ||||
|         "sops-nix": "sops-nix", | ||||
|         "spicetify-nix": "spicetify-nix", | ||||
|         "systems": "systems" | ||||
|         "systems": "systems", | ||||
|         "treefmt-nix": "treefmt-nix" | ||||
|       } | ||||
|     }, | ||||
|     "sops-nix": { | ||||
| @@ -200,22 +209,22 @@ | ||||
|         ] | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1736203741, | ||||
|         "narHash": "sha256-eSjkBwBdQk+TZWFlLbclF2rAh4JxbGg8az4w/Lfe7f4=", | ||||
|         "lastModified": 1749592509, | ||||
|         "narHash": "sha256-VunQzfZFA+Y6x3wYi2UE4DEQ8qKoAZZCnZPUlSoqC+A=", | ||||
|         "owner": "Mic92", | ||||
|         "repo": "sops-nix", | ||||
|         "rev": "c9c88f08e3ee495e888b8d7c8624a0b2519cb773", | ||||
|         "rev": "50754dfaa0e24e313c626900d44ef431f3210138", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "Mic92", | ||||
|         "ref": "master", | ||||
|         "repo": "sops-nix", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "spicetify-nix": { | ||||
|       "inputs": { | ||||
|         "flake-compat": "flake-compat", | ||||
|         "nixpkgs": [ | ||||
|           "nixpkgs" | ||||
|         ], | ||||
| @@ -224,15 +233,16 @@ | ||||
|         ] | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1736482561, | ||||
|         "narHash": "sha256-f4hvN4MF26NIYeFA/H1sVW6KU5X9/jy9l95WrMsNUIU=", | ||||
|         "lastModified": 1749357231, | ||||
|         "narHash": "sha256-AbrPgGFVYR45TlYLHYTppayG0xzOG9XXhi+1j3Klbw8=", | ||||
|         "owner": "Gerg-L", | ||||
|         "repo": "spicetify-nix", | ||||
|         "rev": "77fb1ae39e0f5c60a7d0bd6ce078b9c56e3356cb", | ||||
|         "rev": "03783416f7416715c52166d4e8ba0492a7149397", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "Gerg-L", | ||||
|         "ref": "master", | ||||
|         "repo": "spicetify-nix", | ||||
|         "type": "github" | ||||
|       } | ||||
| @@ -256,20 +266,20 @@ | ||||
|     "treefmt-nix": { | ||||
|       "inputs": { | ||||
|         "nixpkgs": [ | ||||
|           "nur", | ||||
|           "nixpkgs" | ||||
|         ] | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1733222881, | ||||
|         "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", | ||||
|         "lastModified": 1749194973, | ||||
|         "narHash": "sha256-eEy8cuS0mZ2j/r/FE0/LYBSBcIs/MKOIVakwHVuqTfk=", | ||||
|         "owner": "numtide", | ||||
|         "repo": "treefmt-nix", | ||||
|         "rev": "49717b5af6f80172275d47a418c9719a31a78b53", | ||||
|         "rev": "a05be418a1af1198ca0f63facb13c985db4cb3c5", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "numtide", | ||||
|         "ref": "main", | ||||
|         "repo": "treefmt-nix", | ||||
|         "type": "github" | ||||
|       } | ||||
|   | ||||
							
								
								
									
										114
									
								
								flake.nix
									
									
									
									
									
								
							
							
						
						
									
										114
									
								
								flake.nix
									
									
									
									
									
								
							| @@ -32,12 +32,20 @@ | ||||
|     }; | ||||
|  | ||||
|     disko = { | ||||
|       url = "github:nix-community/disko"; | ||||
|       type = "github"; | ||||
|       owner = "nix-community"; | ||||
|       repo = "disko"; | ||||
|       ref = "master"; | ||||
|  | ||||
|       inputs.nixpkgs.follows = "nixpkgs"; | ||||
|     }; | ||||
|  | ||||
|     sops-nix = { | ||||
|       url = "github:Mic92/sops-nix"; | ||||
|       type = "github"; | ||||
|       owner = "Mic92"; | ||||
|       repo = "sops-nix"; | ||||
|       ref = "master"; | ||||
|  | ||||
|       inputs.nixpkgs.follows = "nixpkgs"; | ||||
|     }; | ||||
|  | ||||
| @@ -49,22 +57,57 @@ | ||||
|     }; | ||||
|  | ||||
|     nur = { | ||||
|       url = "github:nix-community/NUR"; | ||||
|       inputs.nixpkgs.follows = "nixpkgs"; | ||||
|       type = "github"; | ||||
|       owner = "nix-community"; | ||||
|       repo = "NUR"; | ||||
|       ref = "main"; | ||||
|  | ||||
|       inputs = { | ||||
|         nixpkgs.follows = "nixpkgs"; | ||||
|         treefmt-nix.follows = "treefmt-nix"; | ||||
|       }; | ||||
|     }; | ||||
|  | ||||
|     flake-utils = { | ||||
|       url = "github:numtide/flake-utils"; | ||||
|       type = "github"; | ||||
|       owner = "numtide"; | ||||
|       repo = "flake-utils"; | ||||
|       ref = "main"; | ||||
|  | ||||
|       inputs.systems.follows = "systems"; | ||||
|     }; | ||||
|  | ||||
|     treefmt-nix = { | ||||
|       type = "github"; | ||||
|       owner = "numtide"; | ||||
|       repo = "treefmt-nix"; | ||||
|       ref = "main"; | ||||
|  | ||||
|       inputs.nixpkgs.follows = "nixpkgs"; | ||||
|     }; | ||||
|  | ||||
|     quadlet-nix = { | ||||
|       type = "github"; | ||||
|       owner = "SEIAROTg"; | ||||
|       repo = "quadlet-nix"; | ||||
|       ref = "main"; | ||||
|     }; | ||||
|  | ||||
|     astal = { | ||||
|       url = "github:aylur/astal"; | ||||
|       type = "github"; | ||||
|       owner = "aylur"; | ||||
|       repo = "astal"; | ||||
|       ref = "main"; | ||||
|  | ||||
|       inputs.nixpkgs.follows = "nixpkgs"; | ||||
|     }; | ||||
|  | ||||
|     ags = { | ||||
|       url = "github:aylur/ags"; | ||||
|       type = "github"; | ||||
|       owner = "aylur"; | ||||
|       repo = "ags"; | ||||
|       ref = "main"; | ||||
|  | ||||
|       inputs = { | ||||
|         nixpkgs.follows = "nixpkgs"; | ||||
|         astal.follows = "astal"; | ||||
| @@ -72,7 +115,11 @@ | ||||
|     }; | ||||
|  | ||||
|     spicetify-nix = { | ||||
|       url = "github:Gerg-L/spicetify-nix"; | ||||
|       type = "github"; | ||||
|       owner = "Gerg-L"; | ||||
|       repo = "spicetify-nix"; | ||||
|       ref = "master"; | ||||
|  | ||||
|       inputs = { | ||||
|         nixpkgs.follows = "nixpkgs"; | ||||
|         systems.follows = "systems"; | ||||
| @@ -90,9 +137,9 @@ | ||||
|           specialArgs = { inherit inputs system; }; | ||||
|         }; | ||||
|  | ||||
|         eirene = nixpkgs.lib.nixosSystem rec { | ||||
|         himalia = nixpkgs.lib.nixosSystem rec { | ||||
|           system = "x86_64-linux"; | ||||
|           modules = [ ./hosts/eirene ]; | ||||
|           modules = [ ./hosts/himalia ]; | ||||
|           specialArgs = { inherit inputs system; }; | ||||
|         }; | ||||
|  | ||||
| @@ -101,26 +148,37 @@ | ||||
|           modules = [ ./hosts/elara ]; | ||||
|           specialArgs = { inherit inputs system; }; | ||||
|         }; | ||||
|       }; | ||||
|     } | ||||
|     // inputs.flake-utils.lib.eachDefaultSystem ( | ||||
|       system: | ||||
|       let | ||||
|         pkgs = nixpkgs.legacyPackages.${system}; | ||||
|       in | ||||
|       { | ||||
|         devShells = { | ||||
|           bun = import ./hosts/common/shells/bun { inherit pkgs; }; | ||||
|           c = import ./hosts/common/shells/c { inherit pkgs; }; | ||||
|           go = import ./hosts/common/shells/go { inherit pkgs; }; | ||||
|           java = import ./hosts/common/shells/java { inherit pkgs; }; | ||||
|           nix = import ./hosts/common/shells/nix { inherit pkgs; }; | ||||
|           nodejs = import ./hosts/common/shells/nodejs { inherit pkgs; }; | ||||
|           python = import ./hosts/common/shells/python { inherit pkgs; }; | ||||
|  | ||||
|         jupiter = nixpkgs.lib.nixosSystem rec { | ||||
|           system = "x86_64-linux"; | ||||
|           modules = [ ./hosts/jupiter ]; | ||||
|           specialArgs = { inherit inputs system; }; | ||||
|         }; | ||||
|  | ||||
|         formatter = pkgs.nixfmt-rfc-style; | ||||
|         jupiter-vps = nixpkgs.lib.nixosSystem rec { | ||||
|           system = "x86_64-linux"; | ||||
|           modules = [ ./hosts/jupiter-vps ]; | ||||
|           specialArgs = { inherit inputs system; }; | ||||
|         }; | ||||
|       }; | ||||
|     } | ||||
|     // inputs.flake-utils.lib.eachSystem [ "x86_64-linux" ] ( | ||||
|       system: | ||||
|       let | ||||
|         pkgs = import nixpkgs { | ||||
|           inherit system; | ||||
|           config.allowUnfree = true; | ||||
|         }; | ||||
|  | ||||
|         treefmt = inputs.treefmt-nix.lib.evalModule pkgs ./treefmt.nix; | ||||
|       in | ||||
|       { | ||||
|         devShells = import ./hosts/common/shells { inherit pkgs; }; | ||||
|         lib = import ./lib { inherit pkgs; }; | ||||
|         packages = import ./packages { inherit pkgs inputs system; }; | ||||
|  | ||||
|         formatter = treefmt.config.build.wrapper; | ||||
|         checks.formatting = treefmt.config.build.check self; | ||||
|       } | ||||
|     ); | ||||
|  | ||||
| } | ||||
|   | ||||
							
								
								
									
										4
									
								
								hosts/.gitignore
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										4
									
								
								hosts/.gitignore
									
									
									
									
										vendored
									
									
								
							| @@ -1,2 +1,2 @@ | ||||
| */secrets/ssh_host_ed25519_key | ||||
| */secrets/.decrypted~* | ||||
| **/secrets/ssh_host_ed25519_key | ||||
| **/secrets/.decrypted~* | ||||
|   | ||||
| @@ -1,16 +0,0 @@ | ||||
| _backup_completion() { | ||||
|   local options=( | ||||
|     '-m[Partition to mount for backup]:partition:($(_partitions))' | ||||
|     '-b[Backup directory]:backup directory:_files -/' | ||||
|   ) | ||||
|   local curcontext="$curcontext" state line | ||||
|   typeset -A opt_args | ||||
|  | ||||
|   _partitions() { | ||||
|     lsblk -rno NAME | sed 's/^/\/dev\//' | ||||
|   } | ||||
|  | ||||
|   _arguments -s $options | ||||
| } | ||||
|  | ||||
| compdef _backup_completion backup | ||||
| @@ -1,64 +0,0 @@ | ||||
| if [[ "$EUID" -ne 0 ]]; then | ||||
|   echo "Please run the script as root." | ||||
|   exit 1 | ||||
| fi | ||||
|  | ||||
| usage() { | ||||
|   echo "Usage: $0 [-m partition] [-b backup_location]" | ||||
|   exit 1 | ||||
| } | ||||
|  | ||||
| cleanup() { | ||||
|   if [ -d "/persist.bak" ]; then btrfs -q subvolume delete "/persist.bak"; fi | ||||
|   if [ -n "$backup_location" ]; then rm -f "$backup_location.tmp"; fi | ||||
|  | ||||
|   if [ -n "$mount_location" ]; then | ||||
|     if mount | grep -q "$mount_location"; then umount "$mount_location"; fi | ||||
|     if [ -d "$mount_location" ]; then rmdir "$mount_location"; fi | ||||
|   fi | ||||
| } | ||||
|  | ||||
| partition="" | ||||
| backup_location="" | ||||
| mount_location="" | ||||
|  | ||||
| trap cleanup EXIT | ||||
|  | ||||
| while getopts "m:b:" opt; do | ||||
|   case "$opt" in | ||||
|     m) partition="$OPTARG" ;; | ||||
|     b) backup_location="$OPTARG" ;; | ||||
|     *) usage ;; | ||||
|   esac | ||||
| done | ||||
|  | ||||
| if [ -n "$partition" ]; then | ||||
|   mount_location=$(mktemp -d /mnt/backup.XXXXXX) | ||||
|   echo "Mounting $partition at $mount_location..." | ||||
|   mount "$partition" "$mount_location" | ||||
| fi | ||||
|  | ||||
| if [ -z "$mount_location" ]; then | ||||
|   if [[ "$backup_location" != /* ]]; then | ||||
|     backup_location="$(realpath "$backup_location")" | ||||
|   fi | ||||
| else | ||||
|   if [[ "$backup_location" = /* ]]; then | ||||
|     echo "Error: When a partition is mounted, backup_location must be relative." | ||||
|     exit 1 | ||||
|   fi | ||||
|  | ||||
|   backup_location="$(realpath "$mount_location/$backup_location")" | ||||
| fi | ||||
|  | ||||
| backup_location="$backup_location/$(hostname)-$(date +%Y-%m-%d-%H-%M-%S).btrfs.gz" | ||||
|  | ||||
| echo "Creating /persist snapshot..." | ||||
| btrfs -q subvolume snapshot -r "/persist" "/persist.bak" | ||||
|  | ||||
| echo "Creating backup at $backup_location..." | ||||
| btrfs -q send "/persist.bak" | gzip > "$backup_location.tmp" | ||||
|  | ||||
| mv "$backup_location.tmp" "$backup_location" | ||||
|  | ||||
| echo "Backup completed successfully!" | ||||
| @@ -1,20 +0,0 @@ | ||||
| { pkgs, ... }: | ||||
| { | ||||
|   environment.systemPackages = [ | ||||
|     (pkgs.writeShellApplication { | ||||
|       name = "backup"; | ||||
|       runtimeInputs = with pkgs; [ | ||||
|         btrfs-progs | ||||
|         coreutils-full | ||||
|         util-linux | ||||
|       ]; | ||||
|       text = builtins.readFile ./backup.sh; | ||||
|     }) | ||||
|   ]; | ||||
|  | ||||
|   home-manager.sharedModules = [ | ||||
|     { | ||||
|       programs.zsh.initExtra = builtins.readFile ./backup.completion.zsh; | ||||
|     } | ||||
|   ]; | ||||
| } | ||||
| @@ -8,15 +8,11 @@ | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   environment.persistence."/persist"."/var/lib/bluetooth" = { }; | ||||
|   environment.persistence."/persist/state"."/var/lib/bluetooth" = { }; | ||||
|  | ||||
|   systemd.services.bluetooth.after = [ | ||||
|     config.environment.persistence."/persist"."/var/lib/bluetooth".mount | ||||
|     config.environment.persistence."/persist/state"."/var/lib/bluetooth".mount | ||||
|   ]; | ||||
|  | ||||
|   home-manager.sharedModules = [ | ||||
|     { | ||||
|       services.mpris-proxy.enable = config.services.pipewire.enable; | ||||
|     } | ||||
|   ]; | ||||
|   home-manager.sharedModules = [ { services.mpris-proxy.enable = config.services.pipewire.enable; } ]; | ||||
| } | ||||
|   | ||||
| @@ -10,11 +10,8 @@ | ||||
|       timeout = 1; | ||||
|       efi.canTouchEfiVariables = true; | ||||
|     }; | ||||
|  | ||||
|     initrd.systemd.enable = true; | ||||
|     kernelPackages = pkgs.linuxPackages_latest; | ||||
|     supportedFilesystems = [ | ||||
|       "btrfs" | ||||
|       "ntfs" | ||||
|     ]; | ||||
|   }; | ||||
| } | ||||
|   | ||||
							
								
								
									
										33
									
								
								hosts/common/configs/system/btrbk/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										33
									
								
								hosts/common/configs/system/btrbk/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,33 @@ | ||||
| { ... }: | ||||
| { | ||||
|   systemd.tmpfiles.rules = [ | ||||
|     "d /persist/user.bak 0755 root root" | ||||
|     "d /persist/state.bak 0755 root root" | ||||
|   ]; | ||||
|  | ||||
|   services.btrbk = { | ||||
|     ioSchedulingClass = "idle"; | ||||
|     niceness = 19; | ||||
|     instances = { | ||||
|       persist-user = { | ||||
|         onCalendar = "hourly"; | ||||
|         settings.volume."/persist" = { | ||||
|           subvolume = "user"; | ||||
|           snapshot_dir = "user.bak"; | ||||
|           snapshot_preserve_min = "latest"; | ||||
|           snapshot_preserve = "48h 14d 4w 6m"; | ||||
|         }; | ||||
|       }; | ||||
|  | ||||
|       persist-state = { | ||||
|         onCalendar = "daily"; | ||||
|         settings.volume."/persist" = { | ||||
|           subvolume = "state"; | ||||
|           snapshot_dir = "state.bak"; | ||||
|           snapshot_preserve_min = "latest"; | ||||
|           snapshot_preserve = "7d 4w 3m"; | ||||
|         }; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
| @@ -1,7 +1,14 @@ | ||||
| { ... }: | ||||
| { pkgs, ... }: | ||||
| { | ||||
|   boot = { | ||||
|     initrd.supportedFilesystems = [ "btrfs" ]; | ||||
|     supportedFilesystems = [ "btrfs" ]; | ||||
|   }; | ||||
|  | ||||
|   services.btrfs.autoScrub = { | ||||
|     enable = true; | ||||
|     interval = "weekly"; | ||||
|   }; | ||||
|  | ||||
|   environment.systemPackages = with pkgs; [ compsize ]; | ||||
| } | ||||
|   | ||||
| @@ -1,4 +0,0 @@ | ||||
| { ... }: | ||||
| { | ||||
|   imports = [ ./options.nix ]; | ||||
| } | ||||
							
								
								
									
										7
									
								
								hosts/common/configs/system/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								hosts/common/configs/system/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | ||||
| { ... }: | ||||
| { | ||||
|   imports = [ | ||||
|     ./cpu/options.nix | ||||
|     ./impermanence/options.nix | ||||
|   ]; | ||||
| } | ||||
							
								
								
									
										22
									
								
								hosts/common/configs/system/dnsmasq/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										22
									
								
								hosts/common/configs/system/dnsmasq/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,22 @@ | ||||
| { lib, pkgs, ... }: | ||||
| { | ||||
|   networking.networkmanager.dns = "dnsmasq"; | ||||
|  | ||||
|   environment.etc."NetworkManager/dnsmasq.d/10-bind-interfaces.conf".source = | ||||
|     (pkgs.formats.keyValue { | ||||
|       mkKeyValue = | ||||
|         name: value: | ||||
|         if value == true then | ||||
|           name | ||||
|         else if value == false then | ||||
|           "" | ||||
|         else | ||||
|           lib.generators.mkKeyValueDefault { } "=" name value; | ||||
|       listsAsDuplicateKeys = true; | ||||
|     }).generate | ||||
|       "10-bind-interfaces.conf" | ||||
|       { | ||||
|         bind-interfaces = true; | ||||
|         listen-address = [ "127.0.0.1" ]; | ||||
|       }; | ||||
| } | ||||
| @@ -1,29 +0,0 @@ | ||||
| { config, pkgs, ... }: | ||||
| { | ||||
|   virtualisation.docker = { | ||||
|     enable = true; | ||||
|     enableOnBoot = false; | ||||
|     storageDriver = "btrfs"; | ||||
|  | ||||
|     daemon.settings = { | ||||
|       experimental = true; | ||||
|       ipv6 = true; | ||||
|       fixed-cidr-v6 = "fd00::/80"; | ||||
|     }; | ||||
|  | ||||
|     autoPrune = { | ||||
|       enable = true; | ||||
|       flags = [ "--all" ]; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   environment = { | ||||
|     persistence."/persist"."/var/lib/docker" = { }; | ||||
|     systemPackages = with pkgs; [ docker-compose ]; | ||||
|   }; | ||||
|  | ||||
|   systemd = { | ||||
|     services.docker.after = [ config.environment.persistence."/persist"."/var/lib/docker".mount ]; | ||||
|     sockets.docker.after = [ config.environment.persistence."/persist"."/var/lib/docker".mount ]; | ||||
|   }; | ||||
| } | ||||
| @@ -1,5 +1,10 @@ | ||||
| { ... }: | ||||
| { pkgs, ... }: | ||||
| { | ||||
|   environment.systemPackages = with pkgs; [ | ||||
|     man-pages | ||||
|     man-pages-posix | ||||
|   ]; | ||||
|  | ||||
|   documentation = { | ||||
|     enable = true; | ||||
|  | ||||
|   | ||||
| @@ -1,48 +1,16 @@ | ||||
| { config, pkgs, ... }: | ||||
| { | ||||
|   imports = [ ./options.nix ]; | ||||
|  | ||||
|   boot.initrd.systemd = { | ||||
|     enable = true; | ||||
|  | ||||
|     initrdBin = with pkgs; [ | ||||
|       coreutils | ||||
|       util-linux | ||||
|       findutils | ||||
|       btrfs-progs | ||||
|     ]; | ||||
|  | ||||
|     services.impermanence = { | ||||
|       description = "Rollback BTRFS subvolumes to a pristine state"; | ||||
|       wantedBy = [ "initrd.target" ]; | ||||
|       before = [ "sysroot.mount" ]; | ||||
|       after = [ | ||||
|         "cryptsetup.target" | ||||
|         "local-fs-pre.target" | ||||
|       ]; | ||||
|       unitConfig.DefaultDependencies = false; | ||||
|       serviceConfig.Type = "oneshot"; | ||||
|       environment.DEVICE = config.environment.impermanence.device; | ||||
|       script = builtins.readFile ./scripts/wipe.sh; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   # uuidgen -r | tr -d - | ||||
|   # https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/administration/systemd-state.section.md | ||||
|   # https://github.com/NixOS/nixpkgs/pull/286140/files | ||||
|   # https://git.eisfunke.com/config/nixos/-/blob/e65e1dc21d06d07b454005762b177ef151f8bfb6/nixos/machine-id.nix | ||||
|   sops.secrets."machineId".mode = "0444"; | ||||
|   sops.secrets.machineId.mode = "0444"; | ||||
|  | ||||
|   environment = { | ||||
|     etc."machine-id".source = pkgs.runCommandLocal "machine-id-link" { } '' | ||||
|       ln -s ${config.sops.secrets."machineId".path} $out | ||||
|     ''; | ||||
|     impermanence.enable = true; | ||||
|  | ||||
|     persistence."/persist" = { | ||||
|       "/etc/nixos" = { }; | ||||
|       "/var/lib/nixos" = { }; | ||||
|       "/var/lib/systemd" = { }; | ||||
|       "/var/log" = { }; | ||||
|     }; | ||||
|     etc.machine-id.source = pkgs.runCommandLocal "machine-id-link" { } '' | ||||
|       ln -s ${config.sops.secrets.machineId.path} $out | ||||
|     ''; | ||||
|   }; | ||||
| } | ||||
|   | ||||
| @@ -1,6 +1,7 @@ | ||||
| { | ||||
|   config, | ||||
|   lib, | ||||
|   pkgs, | ||||
|   utils, | ||||
|   ... | ||||
| }: | ||||
| @@ -47,12 +48,16 @@ in | ||||
|     with lib; | ||||
|     with types; | ||||
|     { | ||||
|       impermanence.device = mkOption { | ||||
|         type = str; | ||||
|         default = config.disko.devices.disk.main.content.partitions.root.content.name; | ||||
|         description = '' | ||||
|           LUKS BTRFS partition to wipe on boot. | ||||
|         ''; | ||||
|       impermanence = { | ||||
|         enable = mkEnableOption "Impermanence"; | ||||
|  | ||||
|         device = mkOption { | ||||
|           type = str; | ||||
|           default = config.disko.devices.disk.main.content.partitions.root.content.content.device; | ||||
|           description = '' | ||||
|             LUKS BTRFS partition to wipe on boot. | ||||
|           ''; | ||||
|         }; | ||||
|       }; | ||||
|  | ||||
|       persistence = | ||||
| @@ -116,6 +121,19 @@ in | ||||
|                         type = str; | ||||
|                         readOnly = true; | ||||
|                       }; | ||||
|  | ||||
|                       create = mkOption { | ||||
|                         type = enum [ | ||||
|                           "none" | ||||
|                           "file" | ||||
|                           "directory" | ||||
|                         ]; | ||||
|                         default = "none"; | ||||
|                         description = '' | ||||
|                           Whether to create the file or directory | ||||
|                           in persistence if it does not exist. | ||||
|                         ''; | ||||
|                       }; | ||||
|                     }; | ||||
|                   } | ||||
|                 ) | ||||
| @@ -179,8 +197,31 @@ in | ||||
|     let | ||||
|       all = lib.lists.flatten (builtins.concatMap builtins.attrValues (builtins.attrValues cfg)); | ||||
|     in | ||||
|     { | ||||
|       fileSystems = builtins.mapAttrs (_: _: { neededForBoot = true; }) cfg; | ||||
|     lib.mkIf config.environment.impermanence.enable { | ||||
|       boot.initrd.systemd = { | ||||
|         enable = true; | ||||
|  | ||||
|         initrdBin = with pkgs; [ | ||||
|           coreutils | ||||
|           util-linux | ||||
|           findutils | ||||
|           btrfs-progs | ||||
|         ]; | ||||
|  | ||||
|         services.impermanence = { | ||||
|           description = "Rollback BTRFS subvolumes to a pristine state"; | ||||
|           wantedBy = [ "initrd.target" ]; | ||||
|           before = [ "sysroot.mount" ]; | ||||
|           after = [ | ||||
|             "cryptsetup.target" | ||||
|             "local-fs-pre.target" | ||||
|           ]; | ||||
|           unitConfig.DefaultDependencies = false; | ||||
|           serviceConfig.Type = "oneshot"; | ||||
|           environment.DEVICE = config.environment.impermanence.device; | ||||
|           script = builtins.readFile ./scripts/wipe.sh; | ||||
|         }; | ||||
|       }; | ||||
|  | ||||
|       systemd = { | ||||
|         mounts = builtins.map (c: { | ||||
| @@ -229,6 +270,7 @@ in | ||||
|                 source=${lib.strings.escapeShellArg c._sourceRoot} | ||||
|                 target=${lib.strings.escapeShellArg c._targetRoot} | ||||
|                 path=${lib.strings.escapeShellArg c.path} | ||||
|                 create=${lib.strings.escapeShellArg c.create} | ||||
|  | ||||
|                 ${builtins.readFile ./scripts/start.sh} | ||||
|               ''; | ||||
| @@ -236,6 +278,7 @@ in | ||||
|                 source=${lib.strings.escapeShellArg c._sourceRoot} | ||||
|                 target=${lib.strings.escapeShellArg c._targetRoot} | ||||
|                 path=${lib.strings.escapeShellArg c.path} | ||||
|                 create=${lib.strings.escapeShellArg c.create} | ||||
|  | ||||
|                 ${builtins.readFile ./scripts/stop.sh} | ||||
|               ''; | ||||
| @@ -244,6 +287,19 @@ in | ||||
|         ); | ||||
|       }; | ||||
|  | ||||
|       fileSystems = builtins.mapAttrs (_: _: { neededForBoot = true; }) cfg // { | ||||
|         "/persist".neededForBoot = true; | ||||
|       }; | ||||
|  | ||||
|       environment.persistence = { | ||||
|         "/persist/user"."/etc/nixos" = { }; | ||||
|         "/persist/state" = { | ||||
|           "/var/lib/nixos" = { }; | ||||
|           "/var/lib/systemd" = { }; | ||||
|           "/var/log" = { }; | ||||
|         }; | ||||
|       }; | ||||
|  | ||||
|       assertions = | ||||
|         let | ||||
|           paths = builtins.map (c: c.path) all; | ||||
|   | ||||
| @@ -1,19 +1,49 @@ | ||||
| echo "Starting impermanence mount with source: $source, target: $target, path: $path." | ||||
| # shellcheck shell=bash | ||||
|  | ||||
| # shellcheck disable=SC2154 | ||||
| echo "Starting impermanence mount with source: $source, target: $target, path: $path, create: $create" | ||||
|  | ||||
| source_current="$source" | ||||
| target_current="$target" | ||||
|  | ||||
| IFS='/' read -ra path_parts <<< "$path" | ||||
| unset "path_parts[-1]" | ||||
| IFS='/' read -ra parts <<< "$path" | ||||
| leaf="${parts[-1]}" | ||||
|  | ||||
| for part in "${path_parts[@]}"; do | ||||
|   source_current="$source_current/$part" | ||||
|   target_current="$target_current/$part" | ||||
| for part in "${parts[@]}"; do | ||||
|   source_current+="/$part" | ||||
|   target_current+="/$part" | ||||
|  | ||||
|   if [[ ! -d "$source_current" ]]; then | ||||
|   if [[ -e "$source_current" ]]; then | ||||
|     read -r mode owner group <<< "$(stat -c '%a %u %g' "$source_current")" | ||||
|  | ||||
|     if [[ -d "$source_current" ]]; then | ||||
|       install -d -m "$mode" -o "$owner" -g "$group" "$target_current" | ||||
|       continue | ||||
|     fi | ||||
|  | ||||
|     if [[ "$part" != "$leaf" ]]; then | ||||
|       echo "Error: $source_current is not a directory, persistence for $path can not be applied." | ||||
|       exit 1 | ||||
|     fi | ||||
|  | ||||
|     install -m "$mode" -o "$owner" -g "$group" /dev/null "$target_current" | ||||
|   fi | ||||
|  | ||||
|   if [[ "$create" == "none" ]]; then | ||||
|     break | ||||
|   fi | ||||
|  | ||||
|   read -r mode owner group <<< "$(stat -c '%a %u %g' "$source_current")" | ||||
|   install -d -m "$mode" -o "$owner" -g "$group" "$target_current" | ||||
|   if [[ -e "$target_current" ]]; then | ||||
|     template="$target_current" | ||||
|   else | ||||
|     template="${source_current%/*}" | ||||
|   fi | ||||
|  | ||||
|   read -r mode owner group <<< "$(stat -c '%a %u %g' "$template")" | ||||
|  | ||||
|   if [[ "$part" == "$leaf" && "$create" == "file" ]]; then | ||||
|     install -m "$mode" -o "$owner" -g "$group" /dev/null "$source_current" | ||||
|   else | ||||
|     install -d -m "$mode" -o "$owner" -g "$group" "$source_current" | ||||
|   fi | ||||
| done | ||||
|   | ||||
| @@ -1,4 +1,7 @@ | ||||
| echo "Stopping impermanence mount with source: $source, target: $target, path: $path." | ||||
| # shellcheck shell=bash | ||||
|  | ||||
| # shellcheck disable=SC2154 | ||||
| echo "Stopping impermanence mount with source: $source, target: $target, path: $path, create: $create" | ||||
|  | ||||
| source_current="$source" | ||||
| target_current="$target" | ||||
|   | ||||
| @@ -1,3 +1,5 @@ | ||||
| # shellcheck shell=bash | ||||
|  | ||||
| delete_subvolume_recursively() { | ||||
|   IFS=$'\n' | ||||
|   for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do | ||||
| @@ -6,21 +8,27 @@ delete_subvolume_recursively() { | ||||
|   btrfs subvolume delete "$1" | ||||
| } | ||||
|  | ||||
| if [[ -z "$DEVICE" ]]; then | ||||
|   echo "Error: DEVICE variable is not set." | ||||
|   exit 1 | ||||
| fi | ||||
|  | ||||
| mkdir -p /mnt/btrfs | ||||
| mount "/dev/mapper/$DEVICE" /mnt/btrfs | ||||
| mount "$DEVICE" /mnt/btrfs | ||||
|  | ||||
| if [[ -e /mnt/btrfs/@ ]]; then | ||||
|   mkdir -p /mnt/btrfs/@.bak | ||||
|   timestamp=$(date --date="@$(stat -c %Y /mnt/btrfs/@)" "+%Y-%m-%d_%H:%M:%S") | ||||
|   mv /mnt/btrfs/@ "/mnt/btrfs/@.bak/$timestamp" | ||||
|   timestamp=$(date --date="@$(stat -c %Y /mnt/btrfs/@)" "+%Y%m%dT%H%M") | ||||
|   base="@.$timestamp" | ||||
|  | ||||
|   target="/mnt/btrfs/@.bak/$base" | ||||
|   if [[ -e "$target" ]]; then | ||||
|     i=1 | ||||
|     while [[ -e "/mnt/btrfs/@.bak/${base}_$i" ]]; do | ||||
|       (( i++ )) | ||||
|     done | ||||
|     target="/mnt/btrfs/@.bak/${base}_$i" | ||||
|   fi | ||||
|  | ||||
|   mv /mnt/btrfs/@ "$target" | ||||
| fi | ||||
|  | ||||
| find /mnt/btrfs/@.bak/ -maxdepth 1 -mtime +14 | while IFS= read -r i; do | ||||
| find /mnt/btrfs/@.bak/ -maxdepth 1 -mtime +7 | while IFS= read -r i; do | ||||
|   delete_subvolume_recursively "$i" | ||||
| done | ||||
|  | ||||
|   | ||||
| @@ -1,212 +0,0 @@ | ||||
| { config, ... }: | ||||
| { | ||||
|   bootstrap-node-bootstrapper-crb = { | ||||
|     apiVersion = "rbac.authorization.k8s.io/v1"; | ||||
|     kind = "ClusterRoleBinding"; | ||||
|     metadata = { | ||||
|       name = "create-csrs-for-bootstrapping"; | ||||
|     }; | ||||
|     subjects = [ | ||||
|       { | ||||
|         kind = "Group"; | ||||
|         name = "system:bootstrappers"; | ||||
|         apiGroup = "rbac.authorization.k8s.io"; | ||||
|       } | ||||
|     ]; | ||||
|     roleRef = { | ||||
|       kind = "ClusterRole"; | ||||
|       name = "system:node-bootstrapper"; | ||||
|       apiGroup = "rbac.authorization.k8s.io"; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   bootstrap-csr-nodeclient-crb = { | ||||
|     apiVersion = "rbac.authorization.k8s.io/v1"; | ||||
|     kind = "ClusterRoleBinding"; | ||||
|     metadata = { | ||||
|       name = "auto-approve-csrs-for-group"; | ||||
|     }; | ||||
|     subjects = [ | ||||
|       { | ||||
|         kind = "Group"; | ||||
|         name = "system:bootstrappers"; | ||||
|         apiGroup = "rbac.authorization.k8s.io"; | ||||
|       } | ||||
|     ]; | ||||
|     roleRef = { | ||||
|       kind = "ClusterRole"; | ||||
|       name = "system:certificates.k8s.io:certificatesigningrequests:nodeclient"; | ||||
|       apiGroup = "rbac.authorization.k8s.io"; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   bootstrap-csr-selfnodeclient-crb = { | ||||
|     apiVersion = "rbac.authorization.k8s.io/v1"; | ||||
|     kind = "ClusterRoleBinding"; | ||||
|     metadata = { | ||||
|       name = "auto-approve-renewals-for-nodes"; | ||||
|     }; | ||||
|     subjects = [ | ||||
|       { | ||||
|         kind = "Group"; | ||||
|         name = "system:nodes"; | ||||
|         apiGroup = "rbac.authorization.k8s.io"; | ||||
|       } | ||||
|     ]; | ||||
|     roleRef = { | ||||
|       kind = "ClusterRole"; | ||||
|       name = "system:certificates.k8s.io:certificatesigningrequests:selfnodeclient"; | ||||
|       apiGroup = "rbac.authorization.k8s.io"; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   csr-approver-cr = { | ||||
|     apiVersion = "rbac.authorization.k8s.io/v1"; | ||||
|     kind = "ClusterRole"; | ||||
|     metadata = { | ||||
|       name = "kubelet-csr-approver"; | ||||
|     }; | ||||
|     rules = [ | ||||
|       { | ||||
|         apiGroups = [ "certificates.k8s.io" ]; | ||||
|         resources = [ "certificatesigningrequests" ]; | ||||
|         verbs = [ | ||||
|           "get" | ||||
|           "list" | ||||
|           "watch" | ||||
|         ]; | ||||
|       } | ||||
|       { | ||||
|         apiGroups = [ "coordination.k8s.io" ]; | ||||
|         resources = [ "leases" ]; | ||||
|         verbs = [ | ||||
|           "create" | ||||
|           "get" | ||||
|           "update" | ||||
|         ]; | ||||
|       } | ||||
|       { | ||||
|         apiGroups = [ "certificates.k8s.io" ]; | ||||
|         resources = [ "certificatesigningrequests/approval" ]; | ||||
|         verbs = [ "update" ]; | ||||
|       } | ||||
|       { | ||||
|         apiGroups = [ "certificates.k8s.io" ]; | ||||
|         resourceNames = [ "kubernetes.io/kubelet-serving" ]; | ||||
|         resources = [ "signers" ]; | ||||
|         verbs = [ "approve" ]; | ||||
|       } | ||||
|       { | ||||
|         apiGroups = [ "" ]; | ||||
|         resources = [ "events" ]; | ||||
|         verbs = [ "create" ]; | ||||
|       } | ||||
|     ]; | ||||
|   }; | ||||
|  | ||||
|   csr-approver-crb = { | ||||
|     apiVersion = "rbac.authorization.k8s.io/v1"; | ||||
|     kind = "ClusterRoleBinding"; | ||||
|     metadata = { | ||||
|       name = "kubelet-csr-approver"; | ||||
|       namespace = "kube-system"; | ||||
|     }; | ||||
|     roleRef = { | ||||
|       apiGroup = "rbac.authorization.k8s.io"; | ||||
|       kind = "ClusterRole"; | ||||
|       name = "kubelet-csr-approver"; | ||||
|     }; | ||||
|     subjects = [ | ||||
|       { | ||||
|         kind = "ServiceAccount"; | ||||
|         name = "kubelet-csr-approver"; | ||||
|         namespace = "kube-system"; | ||||
|       } | ||||
|     ]; | ||||
|   }; | ||||
|  | ||||
|   csr-approver-sa = { | ||||
|     apiVersion = "v1"; | ||||
|     kind = "ServiceAccount"; | ||||
|     metadata = { | ||||
|       name = "kubelet-csr-approver"; | ||||
|       namespace = "kube-system"; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   csr-approver-d = { | ||||
|     apiVersion = "apps/v1"; | ||||
|     kind = "Deployment"; | ||||
|     metadata = { | ||||
|       name = "kubelet-csr-approver"; | ||||
|       namespace = "kube-system"; | ||||
|     }; | ||||
|     spec = { | ||||
|       replicas = 1; | ||||
|       selector = { | ||||
|         matchLabels = { | ||||
|           app = "kubelet-csr-approver"; | ||||
|         }; | ||||
|       }; | ||||
|       template = { | ||||
|         metadata = { | ||||
|           labels = { | ||||
|             app = "kubelet-csr-approver"; | ||||
|           }; | ||||
|         }; | ||||
|         spec = { | ||||
|           serviceAccountName = "kubelet-csr-approver"; | ||||
|           containers = [ | ||||
|             { | ||||
|               name = "kubelet-csr-approver"; | ||||
|               image = "postfinance/kubelet-csr-approver:latest"; | ||||
|               args = [ | ||||
|                 "-metrics-bind-address" | ||||
|                 ":8080" | ||||
|                 "-health-probe-bind-address" | ||||
|                 ":8081" | ||||
|               ]; | ||||
|               livenessProbe = { | ||||
|                 httpGet = { | ||||
|                   path = "/healthz"; | ||||
|                   port = 8081; | ||||
|                 }; | ||||
|               }; | ||||
|               resources = { | ||||
|                 requests = { | ||||
|                   cpu = "100m"; | ||||
|                   memory = "200Mi"; | ||||
|                 }; | ||||
|               }; | ||||
|               env = [ | ||||
|                 { | ||||
|                   name = "PROVIDER_REGEX"; | ||||
|                   value = "^${config.services.kubernetes.kubelet.hostname}$"; | ||||
|                 } | ||||
|                 { | ||||
|                   name = "PROVIDER_IP_PREFIXES"; | ||||
|                   value = "10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,127.0.0.0/8,169.254.0.0/16,::1/128,fe80::/10,fc00::/7"; | ||||
|                 } | ||||
|                 { | ||||
|                   name = "MAX_EXPIRATION_SEC"; | ||||
|                   value = "31622400"; | ||||
|                 } | ||||
|                 { | ||||
|                   name = "BYPASS_DNS_RESOLUTION"; | ||||
|                   value = "true"; | ||||
|                 } | ||||
|               ]; | ||||
|             } | ||||
|           ]; | ||||
|           tolerations = [ | ||||
|             { | ||||
|               effect = "NoSchedule"; | ||||
|               key = "node-role.kubernetes.io/control-plane"; | ||||
|               operator = "Equal"; | ||||
|             } | ||||
|           ]; | ||||
|         }; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
| @@ -1,7 +0,0 @@ | ||||
| { config, lib, ... }: | ||||
| { | ||||
|   services.kubernetes.addonManager.bootstrapAddons = lib.mkMerge [ | ||||
|     (import ./bootstrap { inherit config; }) | ||||
|     (import ./metrics-server { }) | ||||
|   ]; | ||||
| } | ||||
| @@ -1,297 +0,0 @@ | ||||
| { ... }: | ||||
| { | ||||
|   metrics-server-sa = { | ||||
|     apiVersion = "v1"; | ||||
|     kind = "ServiceAccount"; | ||||
|     metadata = { | ||||
|       labels = { | ||||
|         k8s-app = "metrics-server"; | ||||
|       }; | ||||
|       name = "metrics-server"; | ||||
|       namespace = "kube-system"; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   metrics-server-metrics-reader-cr = { | ||||
|     apiVersion = "rbac.authorization.k8s.io/v1"; | ||||
|     kind = "ClusterRole"; | ||||
|     metadata = { | ||||
|       labels = { | ||||
|         k8s-app = "metrics-server"; | ||||
|         "rbac.authorization.k8s.io/aggregate-to-admin" = "true"; | ||||
|         "rbac.authorization.k8s.io/aggregate-to-edit" = "true"; | ||||
|         "rbac.authorization.k8s.io/aggregate-to-view" = "true"; | ||||
|       }; | ||||
|       name = "system:aggregated-metrics-reader"; | ||||
|     }; | ||||
|     rules = [ | ||||
|       { | ||||
|         apiGroups = [ "metrics.k8s.io" ]; | ||||
|         resources = [ | ||||
|           "pods" | ||||
|           "nodes" | ||||
|         ]; | ||||
|         verbs = [ | ||||
|           "get" | ||||
|           "list" | ||||
|           "watch" | ||||
|         ]; | ||||
|       } | ||||
|     ]; | ||||
|   }; | ||||
|  | ||||
|   metrics-server-cr = { | ||||
|     apiVersion = "rbac.authorization.k8s.io/v1"; | ||||
|     kind = "ClusterRole"; | ||||
|     metadata = { | ||||
|       labels = { | ||||
|         k8s-app = "metrics-server"; | ||||
|       }; | ||||
|       name = "system:metrics-server"; | ||||
|     }; | ||||
|     rules = [ | ||||
|       { | ||||
|         apiGroups = [ "" ]; | ||||
|         resources = [ "nodes/metrics" ]; | ||||
|         verbs = [ "get" ]; | ||||
|       } | ||||
|       { | ||||
|         apiGroups = [ "" ]; | ||||
|         resources = [ | ||||
|           "pods" | ||||
|           "nodes" | ||||
|         ]; | ||||
|         verbs = [ | ||||
|           "get" | ||||
|           "list" | ||||
|           "watch" | ||||
|         ]; | ||||
|       } | ||||
|     ]; | ||||
|   }; | ||||
|  | ||||
|   metrics-server-rb = { | ||||
|     apiVersion = "rbac.authorization.k8s.io/v1"; | ||||
|     kind = "RoleBinding"; | ||||
|     metadata = { | ||||
|       labels = { | ||||
|         k8s-app = "metrics-server"; | ||||
|       }; | ||||
|       name = "metrics-server-auth-reader"; | ||||
|       namespace = "kube-system"; | ||||
|     }; | ||||
|     roleRef = { | ||||
|       apiGroup = "rbac.authorization.k8s.io"; | ||||
|       kind = "Role"; | ||||
|       name = "extension-apiserver-authentication-reader"; | ||||
|     }; | ||||
|     subjects = [ | ||||
|       { | ||||
|         kind = "ServiceAccount"; | ||||
|         name = "metrics-server"; | ||||
|         namespace = "kube-system"; | ||||
|       } | ||||
|     ]; | ||||
|   }; | ||||
|  | ||||
|   metrics-server-auth-delegator-crb = { | ||||
|     apiVersion = "rbac.authorization.k8s.io/v1"; | ||||
|     kind = "ClusterRoleBinding"; | ||||
|     metadata = { | ||||
|       labels = { | ||||
|         k8s-app = "metrics-server"; | ||||
|       }; | ||||
|       name = "metrics-server:system:auth-delegator"; | ||||
|     }; | ||||
|     roleRef = { | ||||
|       apiGroup = "rbac.authorization.k8s.io"; | ||||
|       kind = "ClusterRole"; | ||||
|       name = "system:auth-delegator"; | ||||
|     }; | ||||
|     subjects = [ | ||||
|       { | ||||
|         kind = "ServiceAccount"; | ||||
|         name = "metrics-server"; | ||||
|         namespace = "kube-system"; | ||||
|       } | ||||
|     ]; | ||||
|   }; | ||||
|  | ||||
|   metrics-server-crb = { | ||||
|     apiVersion = "rbac.authorization.k8s.io/v1"; | ||||
|     kind = "ClusterRoleBinding"; | ||||
|     metadata = { | ||||
|       labels = { | ||||
|         k8s-app = "metrics-server"; | ||||
|       }; | ||||
|       name = "system:metrics-server"; | ||||
|     }; | ||||
|     roleRef = { | ||||
|       apiGroup = "rbac.authorization.k8s.io"; | ||||
|       kind = "ClusterRole"; | ||||
|       name = "system:metrics-server"; | ||||
|     }; | ||||
|     subjects = [ | ||||
|       { | ||||
|         kind = "ServiceAccount"; | ||||
|         name = "metrics-server"; | ||||
|         namespace = "kube-system"; | ||||
|       } | ||||
|     ]; | ||||
|   }; | ||||
|  | ||||
|   metrics-server-s = { | ||||
|     apiVersion = "v1"; | ||||
|     kind = "Service"; | ||||
|     metadata = { | ||||
|       labels = { | ||||
|         k8s-app = "metrics-server"; | ||||
|       }; | ||||
|       name = "metrics-server"; | ||||
|       namespace = "kube-system"; | ||||
|     }; | ||||
|     spec = { | ||||
|       ports = [ | ||||
|         { | ||||
|           name = "https"; | ||||
|           port = 443; | ||||
|           protocol = "TCP"; | ||||
|           targetPort = "https"; | ||||
|         } | ||||
|       ]; | ||||
|       selector = { | ||||
|         k8s-app = "metrics-server"; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   metrics-server-d = { | ||||
|     apiVersion = "apps/v1"; | ||||
|     kind = "Deployment"; | ||||
|     metadata = { | ||||
|       labels = { | ||||
|         k8s-app = "metrics-server"; | ||||
|       }; | ||||
|       name = "metrics-server"; | ||||
|       namespace = "kube-system"; | ||||
|     }; | ||||
|     spec = { | ||||
|       selector = { | ||||
|         matchLabels = { | ||||
|           k8s-app = "metrics-server"; | ||||
|         }; | ||||
|       }; | ||||
|       strategy = { | ||||
|         rollingUpdate = { | ||||
|           maxUnavailable = 0; | ||||
|         }; | ||||
|       }; | ||||
|       template = { | ||||
|         metadata = { | ||||
|           labels = { | ||||
|             k8s-app = "metrics-server"; | ||||
|           }; | ||||
|         }; | ||||
|         spec = { | ||||
|           containers = [ | ||||
|             { | ||||
|               args = [ | ||||
|                 "--cert-dir=/tmp" | ||||
|                 "--secure-port=10250" | ||||
|                 "--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname" | ||||
|                 "--kubelet-use-node-status-port" | ||||
|                 "--metric-resolution=15s" | ||||
|               ]; | ||||
|               image = "registry.k8s.io/metrics-server/metrics-server:v0.7.2"; | ||||
|               imagePullPolicy = "IfNotPresent"; | ||||
|               livenessProbe = { | ||||
|                 failureThreshold = 3; | ||||
|                 httpGet = { | ||||
|                   path = "/livez"; | ||||
|                   port = "https"; | ||||
|                   scheme = "HTTPS"; | ||||
|                 }; | ||||
|                 periodSeconds = 10; | ||||
|               }; | ||||
|               name = "metrics-server"; | ||||
|               ports = [ | ||||
|                 { | ||||
|                   containerPort = 10250; | ||||
|                   name = "https"; | ||||
|                   protocol = "TCP"; | ||||
|                 } | ||||
|               ]; | ||||
|               readinessProbe = { | ||||
|                 failureThreshold = 3; | ||||
|                 httpGet = { | ||||
|                   path = "/readyz"; | ||||
|                   port = "https"; | ||||
|                   scheme = "HTTPS"; | ||||
|                 }; | ||||
|                 initialDelaySeconds = 20; | ||||
|                 periodSeconds = 10; | ||||
|               }; | ||||
|               resources = { | ||||
|                 requests = { | ||||
|                   cpu = "100m"; | ||||
|                   memory = "200Mi"; | ||||
|                 }; | ||||
|               }; | ||||
|               securityContext = { | ||||
|                 allowPrivilegeEscalation = false; | ||||
|                 capabilities = { | ||||
|                   drop = [ "ALL" ]; | ||||
|                 }; | ||||
|                 readOnlyRootFilesystem = true; | ||||
|                 runAsNonRoot = true; | ||||
|                 runAsUser = 1000; | ||||
|                 seccompProfile = { | ||||
|                   type = "RuntimeDefault"; | ||||
|                 }; | ||||
|               }; | ||||
|               volumeMounts = [ | ||||
|                 { | ||||
|                   mountPath = "/tmp"; | ||||
|                   name = "tmp-dir"; | ||||
|                 } | ||||
|               ]; | ||||
|             } | ||||
|           ]; | ||||
|           nodeSelector = { | ||||
|             "kubernetes.io/os" = "linux"; | ||||
|           }; | ||||
|           priorityClassName = "system-cluster-critical"; | ||||
|           serviceAccountName = "metrics-server"; | ||||
|           volumes = [ | ||||
|             { | ||||
|               emptyDir = { }; | ||||
|               name = "tmp-dir"; | ||||
|             } | ||||
|           ]; | ||||
|         }; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   metrics-server-apis = { | ||||
|     apiVersion = "apiregistration.k8s.io/v1"; | ||||
|     kind = "APIService"; | ||||
|     metadata = { | ||||
|       labels = { | ||||
|         k8s-app = "metrics-server"; | ||||
|       }; | ||||
|       name = "v1beta1.metrics.k8s.io"; | ||||
|     }; | ||||
|     spec = { | ||||
|       group = "metrics.k8s.io"; | ||||
|       groupPriorityMinimum = 100; | ||||
|       insecureSkipTLSVerify = true; | ||||
|       service = { | ||||
|         name = "metrics-server"; | ||||
|         namespace = "kube-system"; | ||||
|       }; | ||||
|       version = "v1beta1"; | ||||
|       versionPriority = 100; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
| @@ -1,233 +0,0 @@ | ||||
| { | ||||
|   config, | ||||
|   lib, | ||||
|   pkgs, | ||||
|   ... | ||||
| }: | ||||
| let | ||||
|   adminKubeconfig = config.services.kubernetes.lib.mkKubeConfig "admin" { | ||||
|     caFile = config.sops.secrets."kubernetes/ca/crt".path; | ||||
|     keyFile = config.sops.secrets."kubernetes/accounts/admin/key".path; | ||||
|     certFile = config.sops.secrets."kubernetes/accounts/admin/crt".path; | ||||
|     server = config.services.kubernetes.apiserverAddress; | ||||
|   }; | ||||
| in | ||||
| { | ||||
|   imports = [ | ||||
|     ./addons | ||||
|     ./secrets | ||||
|   ]; | ||||
|  | ||||
|   environment = { | ||||
|     persistence."/persist" = { | ||||
|       "/var/lib/containerd" = { }; | ||||
|       "/var/lib/kubernetes" = { }; | ||||
|       "/var/lib/kubelet" = { }; | ||||
|       "/var/lib/etcd" = { }; | ||||
|     }; | ||||
|  | ||||
|     etc."kubeconfig".source = adminKubeconfig; | ||||
|     systemPackages = with pkgs; [ kubectl ]; | ||||
|   }; | ||||
|  | ||||
|   services = { | ||||
|     kubernetes = { | ||||
|       roles = [ | ||||
|         "master" | ||||
|         "node" | ||||
|       ]; | ||||
|  | ||||
|       masterAddress = "localhost"; | ||||
|       easyCerts = false; | ||||
|       caFile = config.sops.secrets."kubernetes/ca/crt".path; | ||||
|       addonManager.enable = true; | ||||
|  | ||||
|       apiserver = { | ||||
|         allowPrivileged = true; | ||||
|  | ||||
|         clientCaFile = config.sops.secrets."kubernetes/ca/crt".path; | ||||
|         kubeletClientCaFile = config.sops.secrets."kubernetes/ca/crt".path; | ||||
|         tlsKeyFile = config.sops.secrets."kubernetes/apiserver/cert/key".path; | ||||
|         tlsCertFile = config.sops.secrets."kubernetes/apiserver/cert/crt".path; | ||||
|         kubeletClientKeyFile = config.sops.secrets."kubernetes/apiserver/kubelet-client/key".path; | ||||
|         kubeletClientCertFile = config.sops.secrets."kubernetes/apiserver/kubelet-client/crt".path; | ||||
|         proxyClientKeyFile = config.sops.secrets."kubernetes/front-proxy/client/key".path; | ||||
|         proxyClientCertFile = config.sops.secrets."kubernetes/front-proxy/client/crt".path; | ||||
|         serviceAccountSigningKeyFile = config.sops.secrets."kubernetes/sa/key".path; | ||||
|         serviceAccountKeyFile = config.sops.secrets."kubernetes/sa/pub".path; | ||||
|  | ||||
|         extraOpts = lib.strings.concatStringsSep " " [ | ||||
|           "--enable-bootstrap-token-auth=true" | ||||
|           "--token-auth-file=${config.sops.secrets."kubernetes/accounts/kubelet-bootstrap/csv".path}" | ||||
|           "--requestheader-client-ca-file=${config.sops.secrets."kubernetes/front-proxy/ca/crt".path}" | ||||
|           "--requestheader-allowed-names=front-proxy-client" | ||||
|           "--requestheader-extra-headers-prefix=X-Remote-Extra-" | ||||
|           "--requestheader-group-headers=X-Remote-Group" | ||||
|           "--requestheader-username-headers=X-Remote-User" | ||||
|         ]; | ||||
|  | ||||
|         etcd = { | ||||
|           servers = [ "https://etcd.local:2379" ]; | ||||
|           caFile = config.sops.secrets."kubernetes/etcd/ca/crt".path; | ||||
|           keyFile = config.sops.secrets."kubernetes/apiserver/etcd-client/key".path; | ||||
|           certFile = config.sops.secrets."kubernetes/apiserver/etcd-client/crt".path; | ||||
|         }; | ||||
|       }; | ||||
|  | ||||
|       controllerManager = { | ||||
|         rootCaFile = config.sops.secrets."kubernetes/ca/crt".path; | ||||
|         serviceAccountKeyFile = config.sops.secrets."kubernetes/sa/key".path; | ||||
|  | ||||
|         extraOpts = lib.strings.concatStringsSep " " [ | ||||
|           "--client-ca-file=${config.sops.secrets."kubernetes/ca/crt".path}" | ||||
|           "--cluster-signing-cert-file=${config.sops.secrets."kubernetes/ca/crt".path}" | ||||
|           "--cluster-signing-key-file=${config.sops.secrets."kubernetes/ca/key".path}" | ||||
|           "--requestheader-client-ca-file=${config.sops.secrets."kubernetes/front-proxy/ca/crt".path}" | ||||
|         ]; | ||||
|  | ||||
|         kubeconfig = { | ||||
|           caFile = config.sops.secrets."kubernetes/ca/crt".path; | ||||
|           keyFile = config.sops.secrets."kubernetes/accounts/controller-manager/key".path; | ||||
|           certFile = config.sops.secrets."kubernetes/accounts/controller-manager/crt".path; | ||||
|         }; | ||||
|       }; | ||||
|  | ||||
|       kubelet = { | ||||
|         clientCaFile = config.sops.secrets."kubernetes/ca/crt".path; | ||||
|  | ||||
|         extraOpts = lib.strings.concatStringsSep " " [ | ||||
|           "--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubeconfig" | ||||
|           "--kubeconfig=/var/lib/kubelet/kubeconfig" | ||||
|           "--cert-dir=/var/lib/kubelet" | ||||
|         ]; | ||||
|  | ||||
|         extraConfig = { | ||||
|           failSwapOn = false; | ||||
|           rotateCertificates = true; | ||||
|           serverTLSBootstrap = true; | ||||
|           memorySwap.swapBehavior = "LimitedSwap"; | ||||
|         }; | ||||
|  | ||||
|         featureGates = { | ||||
|           RotateKubeletServerCertificate = true; | ||||
|           NodeSwap = true; | ||||
|         }; | ||||
|       }; | ||||
|  | ||||
|       proxy.kubeconfig = { | ||||
|         caFile = config.sops.secrets."kubernetes/ca/crt".path; | ||||
|         keyFile = config.sops.secrets."kubernetes/accounts/proxy/key".path; | ||||
|         certFile = config.sops.secrets."kubernetes/accounts/proxy/crt".path; | ||||
|       }; | ||||
|  | ||||
|       scheduler.kubeconfig = { | ||||
|         caFile = config.sops.secrets."kubernetes/ca/crt".path; | ||||
|         keyFile = config.sops.secrets."kubernetes/accounts/scheduler/key".path; | ||||
|         certFile = config.sops.secrets."kubernetes/accounts/scheduler/crt".path; | ||||
|       }; | ||||
|     }; | ||||
|  | ||||
|     etcd = { | ||||
|       keyFile = config.sops.secrets."kubernetes/etcd/server/key".path; | ||||
|       certFile = config.sops.secrets."kubernetes/etcd/server/crt".path; | ||||
|       peerKeyFile = config.sops.secrets."kubernetes/etcd/peer/key".path; | ||||
|       peerCertFile = config.sops.secrets."kubernetes/etcd/peer/crt".path; | ||||
|       trustedCaFile = config.sops.secrets."kubernetes/etcd/ca/crt".path; | ||||
|       peerTrustedCaFile = config.sops.secrets."kubernetes/etcd/ca/crt".path; | ||||
|       listenClientUrls = [ "https://127.0.0.1:2379" ]; | ||||
|       listenPeerUrls = [ "https://127.0.0.1:2380" ]; | ||||
|       advertiseClientUrls = [ "https://etcd.local:2379" ]; | ||||
|       initialCluster = [ "${config.services.kubernetes.masterAddress}=https://etcd.local:2380" ]; | ||||
|       initialAdvertisePeerUrls = [ "https://etcd.local:2380" ]; | ||||
|     }; | ||||
|  | ||||
|     flannel.kubeconfig = config.services.kubernetes.lib.mkKubeConfig "flannel" { | ||||
|       caFile = config.sops.secrets."kubernetes/ca/crt".path; | ||||
|       keyFile = config.sops.secrets."kubernetes/accounts/flannel/key".path; | ||||
|       certFile = config.sops.secrets."kubernetes/accounts/flannel/crt".path; | ||||
|       server = config.services.kubernetes.apiserverAddress; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   networking = { | ||||
|     firewall.enable = false; | ||||
|     extraHosts = lib.strings.optionalString (config.services.etcd.enable) '' | ||||
|       127.0.0.1 etcd.${config.services.kubernetes.addons.dns.clusterDomain} etcd.local | ||||
|     ''; | ||||
|   }; | ||||
|  | ||||
|   systemd.services = { | ||||
|     kube-addon-manager = { | ||||
|       after = [ | ||||
|         "sops-nix.service" | ||||
|         config.environment.persistence."/persist"."/var/lib/kubernetes".mount | ||||
|       ]; | ||||
|  | ||||
|       environment.KUBECONFIG = config.services.kubernetes.lib.mkKubeConfig "addon-manager" { | ||||
|         caFile = config.sops.secrets."kubernetes/ca/crt".path; | ||||
|         keyFile = config.sops.secrets."kubernetes/accounts/addon-manager/key".path; | ||||
|         certFile = config.sops.secrets."kubernetes/accounts/addon-manager/crt".path; | ||||
|         server = config.services.kubernetes.apiserverAddress; | ||||
|       }; | ||||
|  | ||||
|       serviceConfig.PermissionsStartOnly = true; | ||||
|  | ||||
|       preStart = '' | ||||
|         export KUBECONFIG=${adminKubeconfig} | ||||
|         ${config.services.kubernetes.package}/bin/kubectl apply -f ${ | ||||
|           lib.strings.concatStringsSep " \\\n -f " ( | ||||
|             lib.attrsets.mapAttrsToList ( | ||||
|               n: v: pkgs.writeText "${n}.json" (builtins.toJSON v) | ||||
|             ) config.services.kubernetes.addonManager.bootstrapAddons | ||||
|           ) | ||||
|         } | ||||
|       ''; | ||||
|     }; | ||||
|  | ||||
|     kubelet = { | ||||
|       preStart = '' | ||||
|         mkdir -p /etc/kubernetes | ||||
|         cat > /etc/kubernetes/bootstrap-kubeconfig <<EOF | ||||
|         apiVersion: v1 | ||||
|         kind: Config | ||||
|         clusters: | ||||
|         - cluster: | ||||
|             certificate-authority: ${config.sops.secrets."kubernetes/ca/crt".path} | ||||
|             server: ${config.services.kubernetes.apiserverAddress} | ||||
|           name: local | ||||
|         contexts: | ||||
|         - context: | ||||
|             cluster: local | ||||
|             user: kubelet-bootstrap | ||||
|           name: bootstrap | ||||
|         current-context: bootstrap | ||||
|         preferences: {} | ||||
|         users: | ||||
|         - name: kubelet-bootstrap | ||||
|           user: | ||||
|             token: $(<${config.sops.secrets."kubernetes/accounts/kubelet-bootstrap/token".path}) | ||||
|         EOF | ||||
|       ''; | ||||
|  | ||||
|       after = [ | ||||
|         "sops-nix.service" | ||||
|         config.environment.persistence."/persist"."/var/lib/kubelet".mount | ||||
|       ]; | ||||
|     }; | ||||
|  | ||||
|     kube-apiserver.after = [ | ||||
|       "sops-nix.service" | ||||
|       config.environment.persistence."/persist"."/var/lib/kubernetes".mount | ||||
|     ]; | ||||
|  | ||||
|     etcd.after = [ | ||||
|       "sops-nix.service" | ||||
|       config.environment.persistence."/persist"."/var/lib/etcd".mount | ||||
|     ]; | ||||
|  | ||||
|     kube-controller-manager.after = [ "sops-nix.service" ]; | ||||
|     kube-proxy.after = [ "sops-nix.service" ]; | ||||
|     kube-scheduler.after = [ "sops-nix.service" ]; | ||||
|     flannel.after = [ "sops-nix.service" ]; | ||||
|   }; | ||||
| } | ||||
| @@ -1,204 +0,0 @@ | ||||
| { ... }: | ||||
| { | ||||
|   sops.secrets = { | ||||
|     "kubernetes/ca/crt" = { | ||||
|       owner = "kubernetes"; | ||||
|       group = "users"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/ca/key" = { | ||||
|       owner = "kubernetes"; | ||||
|       group = "users"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/front-proxy/ca/crt" = { | ||||
|       owner = "kubernetes"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/front-proxy/ca/key" = { | ||||
|       owner = "kubernetes"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/etcd/ca/crt" = { | ||||
|       owner = "etcd"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/etcd/ca/key" = { | ||||
|       owner = "etcd"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/apiserver/cert/crt" = { | ||||
|       owner = "kubernetes"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/apiserver/cert/key" = { | ||||
|       owner = "kubernetes"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/apiserver/kubelet-client/crt" = { | ||||
|       owner = "kubernetes"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/apiserver/kubelet-client/key" = { | ||||
|       owner = "kubernetes"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/apiserver/etcd-client/crt" = { | ||||
|       owner = "kubernetes"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/apiserver/etcd-client/key" = { | ||||
|       owner = "kubernetes"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/front-proxy/client/crt" = { | ||||
|       owner = "kubernetes"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/front-proxy/client/key" = { | ||||
|       owner = "kubernetes"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/etcd/server/crt" = { | ||||
|       owner = "etcd"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/etcd/server/key" = { | ||||
|       owner = "etcd"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/etcd/peer/crt" = { | ||||
|       owner = "etcd"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/etcd/peer/key" = { | ||||
|       owner = "etcd"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/sa/key" = { | ||||
|       owner = "kubernetes"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/sa/pub" = { | ||||
|       owner = "kubernetes"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/accounts/admin/crt" = { | ||||
|       group = "kubernetes"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/accounts/admin/key" = { | ||||
|       group = "kubernetes"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/accounts/controller-manager/crt" = { | ||||
|       owner = "kubernetes"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/accounts/controller-manager/key" = { | ||||
|       owner = "kubernetes"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/accounts/addon-manager/crt" = { | ||||
|       owner = "kubernetes"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/accounts/addon-manager/key" = { | ||||
|       owner = "kubernetes"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/accounts/scheduler/crt" = { | ||||
|       owner = "kubernetes"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/accounts/scheduler/key" = { | ||||
|       owner = "kubernetes"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/accounts/proxy/crt" = { | ||||
|       owner = "kubernetes"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/accounts/proxy/key" = { | ||||
|       owner = "kubernetes"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/accounts/flannel/crt" = { | ||||
|       owner = "kubernetes"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/accounts/flannel/key" = { | ||||
|       owner = "kubernetes"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/accounts/kubelet-bootstrap/token" = { | ||||
|       owner = "kubernetes"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/accounts/kubelet-bootstrap/csv" = { | ||||
|       owner = "kubernetes"; | ||||
|       group = "kubernetes"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
| @@ -1,210 +0,0 @@ | ||||
| #!/usr/bin/env -S nix shell nixpkgs#openssl nixpkgs#yq-go nixpkgs#sops -c bash | ||||
|  | ||||
| set -o errexit | ||||
| set -o pipefail | ||||
|  | ||||
| generate_ca() { | ||||
|   local target_dir=$1 | ||||
|   local ca_name=$2 | ||||
|   local ca_days=$3 | ||||
|   local cn=$4 | ||||
|  | ||||
|   mkdir -p "${target_dir}" | ||||
|   local ca_key=${target_dir}/${ca_name}.key | ||||
|   local ca_cert=${target_dir}/${ca_name}.crt | ||||
|  | ||||
|   openssl genrsa -out "${ca_key}" 2048 | ||||
|   openssl req -x509 -new -nodes -key "${ca_key}" -days "${ca_days}" -out "${ca_cert}" -subj "/CN=${cn}" | ||||
| } | ||||
|  | ||||
| generate_alt_names() { | ||||
|   local hosts=("$@") | ||||
|   local dns=0 | ||||
|   local ip=0 | ||||
|   local alt_names="" | ||||
|  | ||||
|   for host in "${hosts[@]}"; do | ||||
|     if [[ ${host} =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | ||||
|       alt_names="${alt_names}IP.${ip} = ${host}\n" | ||||
|       ((ip++)) | ||||
|     else | ||||
|       alt_names="${alt_names}DNS.${dns} = ${host}\n" | ||||
|       ((dns++)) | ||||
|     fi | ||||
|   done | ||||
|  | ||||
|   echo -e "${alt_names}" | ||||
| } | ||||
|  | ||||
| generate_cnf() { | ||||
|   local target_dir=$1 | ||||
|   local cnf_name=$2 | ||||
|   local cn=$3 | ||||
|   local hosts=("${@:4}") | ||||
|  | ||||
|   mkdir -p "${target_dir}" | ||||
|   local cnf_file=${target_dir}/${cnf_name}.cnf | ||||
|  | ||||
|   cat <<EOF > "${cnf_file}" | ||||
| [req] | ||||
| prompt = no | ||||
|  | ||||
| [ req_ext ] | ||||
| subjectAltName = @alt_names | ||||
|  | ||||
| [ alt_names ] | ||||
| $(generate_alt_names "${hosts[@]}") | ||||
|  | ||||
| [ v3_ext ] | ||||
| authorityKeyIdentifier=keyid,issuer:always | ||||
| basicConstraints=CA:FALSE | ||||
| keyUsage=keyEncipherment,dataEncipherment,digitalSignature | ||||
| extendedKeyUsage=serverAuth,clientAuth | ||||
| subjectAltName=@alt_names | ||||
| EOF | ||||
| } | ||||
|  | ||||
| generate_crt() { | ||||
|   local target_dir=$1 | ||||
|   local cert_name=$2 | ||||
|   local cert_days=$3 | ||||
|   local cn=$4 | ||||
|   local o=$5 | ||||
|   local ca_key=$6 | ||||
|   local ca_cert=$7 | ||||
|   local hosts=("${@:8}") | ||||
|  | ||||
|   mkdir -p "${target_dir}" | ||||
|   local cert_key=${target_dir}/${cert_name}.key | ||||
|   local cert_csr=${target_dir}/${cert_name}.csr | ||||
|   local cert_cert=${target_dir}/${cert_name}.crt | ||||
|  | ||||
|   openssl genrsa -out "${cert_key}" 2048 | ||||
|  | ||||
|   local subject="/CN=${cn}" | ||||
|   if [ -n "${o}" ]; then | ||||
|     subject="${subject}/O=${o}" | ||||
|   fi | ||||
|  | ||||
|   if [ -n "${hosts}" ]; then | ||||
|     generate_cnf "${target_dir}" "${cert_name}" "${cn}" "${hosts[@]}" | ||||
|     openssl req -new -key "${cert_key}" -out "${cert_csr}" -subj "${subject}" -config "${target_dir}"/"${cert_name}".cnf | ||||
|     openssl x509 -req -in "${cert_csr}" -CA "${ca_cert}" -CAkey "${ca_key}" -CAcreateserial -out "${cert_cert}" -days "${cert_days}" -extfile "${target_dir}"/"${cert_name}".cnf -extensions v3_ext | ||||
|   else | ||||
|     openssl req -new -key "${cert_key}" -out "${cert_csr}" -subj "${subject}" | ||||
|     openssl x509 -req -in "${cert_csr}" -CA "${ca_cert}" -CAkey "${ca_key}" -CAcreateserial -out "${cert_cert}" -days "${cert_days}" | ||||
|   fi | ||||
| } | ||||
|  | ||||
| generate_key_pair() { | ||||
|   local target_dir=$1 | ||||
|   local key_name=$2 | ||||
|  | ||||
|   mkdir -p "${target_dir}" | ||||
|   local private_key=${target_dir}/${key_name}.key | ||||
|   local public_key=${target_dir}/${key_name}.pub | ||||
|  | ||||
|   openssl genrsa -out "${private_key}" 2048 | ||||
|   openssl rsa -in "${private_key}" -pubout -out "${public_key}" | ||||
| } | ||||
|  | ||||
| generate_auth_token() { | ||||
|   local target_dir=$1 | ||||
|   local token_name=$2 | ||||
|   local user=$3 | ||||
|   local id=$4 | ||||
|   local groups=$5 | ||||
|  | ||||
|   mkdir -p "${target_dir}" | ||||
|   local token_file="${target_dir}/${token_name}.token" | ||||
|   local token_auth_file="${target_dir}/${token_name}.csv" | ||||
|  | ||||
|   token="$(head -c 16 /dev/urandom | od -An -t x | tr -d ' ')" | ||||
|   echo "${token}" > "${token_file}" | ||||
|   echo "${token},${user},${id},\"${groups}\"" > "${token_auth_file}" | ||||
| } | ||||
|  | ||||
| DEFAULT_CA_DAYS=3650 | ||||
|  | ||||
| if [[ -z "$SOPS_AGE_KEY_FILE" ]]; then | ||||
|   echo "Please set the SOPS_AGE_KEY_FILE environment variable" | ||||
|   exit 1 | ||||
| fi | ||||
|  | ||||
| hostname=${1:-$(hostname)} | ||||
|  | ||||
| if [ -z "${hostname}" ]; then | ||||
|   echo "Usage: $0 [hostname]" | ||||
|   exit 1 | ||||
| fi | ||||
|  | ||||
| generate_ca out ca ${DEFAULT_CA_DAYS} kubernetes-ca "" | ||||
| generate_ca out/front-proxy ca ${DEFAULT_CA_DAYS} kubernetes-front-proxy-ca "" | ||||
| generate_ca out/etcd ca ${DEFAULT_CA_DAYS} etcd-ca "" | ||||
|  | ||||
| generate_crt out/apiserver cert ${DEFAULT_CA_DAYS} kube-apiserver "" out/ca.key out/ca.crt "kubernetes" "kubernetes.default" "kubernetes.default.svc" "kubernetes.default.svc.cluster" "kubernetes.default.svc.cluster.local" "localhost" "10.0.0.1" "127.0.0.1" | ||||
| generate_crt out/apiserver kubelet-client ${DEFAULT_CA_DAYS} kube-apiserver-kubelet-client system:masters out/ca.key out/ca.crt "" | ||||
| generate_crt out/apiserver etcd-client ${DEFAULT_CA_DAYS} kube-apiserver-etcd-client "" out/etcd/ca.key out/etcd/ca.crt "" | ||||
| generate_crt out/front-proxy client ${DEFAULT_CA_DAYS} front-proxy-client "" out/front-proxy/ca.key out/front-proxy/ca.crt "" | ||||
| generate_crt out/etcd server ${DEFAULT_CA_DAYS} kube-etcd "" out/etcd/ca.key out/etcd/ca.crt "etcd.local" "etcd.cluster.local" "localhost" "127.0.0.1" | ||||
| generate_crt out/etcd peer ${DEFAULT_CA_DAYS} kube-etcd-peer "" out/etcd/ca.key out/etcd/ca.crt "etcd.local" "etcd.cluster.local" "localhost" "127.0.0.1" | ||||
|  | ||||
| generate_key_pair out sa | ||||
|  | ||||
| generate_crt out/accounts admin ${DEFAULT_CA_DAYS} kubernetes-admin system:masters out/ca.key out/ca.crt "" | ||||
| generate_crt out/accounts users ${DEFAULT_CA_DAYS} kubernetes-users system:masters out/ca.key out/ca.crt "" | ||||
| generate_crt out/accounts controller-manager ${DEFAULT_CA_DAYS} system:kube-controller-manager "" out/ca.key out/ca.crt "" | ||||
| generate_crt out/accounts addon-manager ${DEFAULT_CA_DAYS} system:kube-addon-manager "" out/ca.key out/ca.crt "" | ||||
| generate_crt out/accounts scheduler ${DEFAULT_CA_DAYS} system:kube-scheduler "" out/ca.key out/ca.crt "" | ||||
| generate_crt out/accounts proxy ${DEFAULT_CA_DAYS} system:kube-proxy "" out/ca.key out/ca.crt "" | ||||
| generate_crt out/accounts flannel ${DEFAULT_CA_DAYS} flannel-client "" out/ca.key out/ca.crt "" | ||||
|  | ||||
| generate_auth_token out/accounts kubelet-bootstrap "kubelet-bootstrap" 10001 "system:bootstrappers" | ||||
|  | ||||
| sops_config="../../../../../$(hostname)/secrets/sops.yaml" | ||||
| secrets_file="../../../../../$(hostname)/secrets/secrets.yaml" | ||||
| decrypted_secrets_file="../../../../../$(hostname)/secrets/.decrypted~secrets.yaml" | ||||
| sops -d "${secrets_file}" > "${decrypted_secrets_file}" | ||||
|  | ||||
| yq -i ' | ||||
|   del(.kubernetes) | | ||||
|   .kubernetes.ca.crt = load_str("out/ca.crt") | | ||||
|   .kubernetes.ca.key = load_str("out/ca.key") | | ||||
|   .kubernetes.front-proxy.ca.crt = load_str("out/front-proxy/ca.crt") | | ||||
|   .kubernetes.front-proxy.ca.key = load_str("out/front-proxy/ca.key") | | ||||
|   .kubernetes.etcd.ca.crt = load_str("out/etcd/ca.crt") | | ||||
|   .kubernetes.etcd.ca.key = load_str("out/etcd/ca.key") | | ||||
|   .kubernetes.apiserver.cert.crt = load_str("out/apiserver/cert.crt") | | ||||
|   .kubernetes.apiserver.cert.key = load_str("out/apiserver/cert.key") | | ||||
|   .kubernetes.apiserver.kubelet-client.crt = load_str("out/apiserver/kubelet-client.crt") | | ||||
|   .kubernetes.apiserver.kubelet-client.key = load_str("out/apiserver/kubelet-client.key") | | ||||
|   .kubernetes.apiserver.etcd-client.crt = load_str("out/apiserver/etcd-client.crt") | | ||||
|   .kubernetes.apiserver.etcd-client.key = load_str("out/apiserver/etcd-client.key") | | ||||
|   .kubernetes.front-proxy.client.crt = load_str("out/front-proxy/client.crt") | | ||||
|   .kubernetes.front-proxy.client.key = load_str("out/front-proxy/client.key") | | ||||
|   .kubernetes.etcd.server.crt = load_str("out/etcd/server.crt") | | ||||
|   .kubernetes.etcd.server.key = load_str("out/etcd/server.key") | | ||||
|   .kubernetes.etcd.peer.crt = load_str("out/etcd/peer.crt") | | ||||
|   .kubernetes.etcd.peer.key = load_str("out/etcd/peer.key") | | ||||
|   .kubernetes.sa.key = load_str("out/sa.key") | | ||||
|   .kubernetes.sa.pub = load_str("out/sa.pub") | | ||||
|   .kubernetes.accounts.admin.crt = load_str("out/accounts/admin.crt") | | ||||
|   .kubernetes.accounts.admin.key = load_str("out/accounts/admin.key") | | ||||
|   .kubernetes.accounts.users.crt = load_str("out/accounts/users.crt") | | ||||
|   .kubernetes.accounts.users.key = load_str("out/accounts/users.key") | | ||||
|   .kubernetes.accounts.controller-manager.crt = load_str("out/accounts/controller-manager.crt") | | ||||
|   .kubernetes.accounts.controller-manager.key = load_str("out/accounts/controller-manager.key") | | ||||
|   .kubernetes.accounts.addon-manager.crt = load_str("out/accounts/addon-manager.crt") | | ||||
|   .kubernetes.accounts.addon-manager.key = load_str("out/accounts/addon-manager.key") | | ||||
|   .kubernetes.accounts.scheduler.crt = load_str("out/accounts/scheduler.crt") | | ||||
|   .kubernetes.accounts.scheduler.key = load_str("out/accounts/scheduler.key") | | ||||
|   .kubernetes.accounts.proxy.crt = load_str("out/accounts/proxy.crt") | | ||||
|   .kubernetes.accounts.proxy.key = load_str("out/accounts/proxy.key") | | ||||
|   .kubernetes.accounts.flannel.crt = load_str("out/accounts/flannel.crt") | | ||||
|   .kubernetes.accounts.flannel.key = load_str("out/accounts/flannel.key") | | ||||
|   .kubernetes.accounts.kubelet-bootstrap.token = load_str("out/accounts/kubelet-bootstrap.token") | | ||||
|   .kubernetes.accounts.kubelet-bootstrap.csv = load_str("out/accounts/kubelet-bootstrap.csv") | ||||
| ' "${decrypted_secrets_file}" | ||||
|  | ||||
| sops --config "${sops_config}" -e "${decrypted_secrets_file}" > "${secrets_file}" | ||||
| rm -rf out | ||||
| @@ -1,4 +1,9 @@ | ||||
| { config, pkgs, ... }: | ||||
| { | ||||
|   config, | ||||
|   lib, | ||||
|   pkgs, | ||||
|   ... | ||||
| }: | ||||
| { | ||||
|   virtualisation = { | ||||
|     libvirtd = { | ||||
| @@ -12,16 +17,20 @@ | ||||
|     spiceUSBRedirection.enable = true; | ||||
|   }; | ||||
|  | ||||
|   systemd.services.libvirtd-network-default = { | ||||
|     description = "Start Default Virtual Network for Libvirt"; | ||||
|     script = "${config.virtualisation.libvirtd.package}/bin/virsh net-start default"; | ||||
|     preStop = "${config.virtualisation.libvirtd.package}/bin/virsh net-destroy default"; | ||||
|     serviceConfig = { | ||||
|       Type = "oneshot"; | ||||
|       RemainAfterExit = true; | ||||
|   systemd.services = { | ||||
|     libvirtd.after = [ "NetworkManager.service" ]; | ||||
|  | ||||
|     libvirtd-network-default = { | ||||
|       description = "Start Default Virtual Network for Libvirt"; | ||||
|       script = "${config.virtualisation.libvirtd.package}/bin/virsh net-start default"; | ||||
|       preStop = "${config.virtualisation.libvirtd.package}/bin/virsh net-destroy default"; | ||||
|       serviceConfig = { | ||||
|         Type = "oneshot"; | ||||
|         RemainAfterExit = true; | ||||
|       }; | ||||
|       wantedBy = [ "libvirtd.service" ]; | ||||
|       after = [ "libvirtd.service" ]; | ||||
|     }; | ||||
|     wantedBy = [ "libvirtd.service" ]; | ||||
|     after = [ "libvirtd.service" ]; | ||||
|   }; | ||||
|  | ||||
|   environment = { | ||||
| @@ -32,7 +41,7 @@ | ||||
|       "ovmf/edk2-i386-vars.fd".source = | ||||
|         "${config.virtualisation.libvirtd.qemu.package}/share/qemu/edk2-i386-vars.fd"; | ||||
|     }; | ||||
|     persistence."/persist"."/var/lib/libvirt" = { }; | ||||
|     persistence."/persist/state"."/var/lib/libvirt" = { }; | ||||
|   }; | ||||
|  | ||||
|   programs.virt-manager.enable = true; | ||||
|   | ||||
| @@ -1,10 +0,0 @@ | ||||
| { config, ... }: | ||||
| { | ||||
|   networking.networkmanager.enable = true; | ||||
|  | ||||
|   environment.persistence."/persist"."/etc/NetworkManager/system-connections" = { }; | ||||
|  | ||||
|   systemd.services.NetworkManager.after = [ | ||||
|     config.environment.persistence."/persist"."/etc/NetworkManager/system-connections".mount | ||||
|   ]; | ||||
| } | ||||
							
								
								
									
										10
									
								
								hosts/common/configs/system/networkmanager/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										10
									
								
								hosts/common/configs/system/networkmanager/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,10 @@ | ||||
| { config, ... }: | ||||
| { | ||||
|   networking.networkmanager.enable = true; | ||||
|  | ||||
|   environment.persistence."/persist/state"."/etc/NetworkManager/system-connections" = { }; | ||||
|  | ||||
|   systemd.services.NetworkManager.after = [ | ||||
|     config.environment.persistence."/persist/state"."/etc/NetworkManager/system-connections".mount | ||||
|   ]; | ||||
| } | ||||
| @@ -1,3 +1,5 @@ | ||||
| # shellcheck shell=bash | ||||
|  | ||||
| if [[ "${EUID}" -ne 0 ]]; then | ||||
|   echo "Please run the script as root." | ||||
|   exit 1 | ||||
| @@ -16,13 +18,8 @@ if [[ -e /mnt/btrfs && -n $(mountpoint -q /mnt/btrfs) ]]; then | ||||
|   exit 1 | ||||
| fi | ||||
|  | ||||
| if [[ -z "$DEVICE" ]]; then | ||||
|   echo "Error: DEVICE variable is not set." | ||||
|   exit 1 | ||||
| fi | ||||
|  | ||||
| mkdir -p /mnt/btrfs | ||||
| mount "/dev/mapper/$DEVICE" /mnt/btrfs | ||||
| mount "$DEVICE" /mnt/btrfs | ||||
|  | ||||
| if [[ -e /mnt/btrfs/@.bak ]]; then | ||||
|   if [[ -n "$(ls -A /mnt/btrfs/@.bak)" ]]; then | ||||
|   | ||||
| @@ -8,6 +8,7 @@ | ||||
|         iputils | ||||
|         jq | ||||
|         nix | ||||
|         sops | ||||
|         inputs.disko.packages.${system}.disko | ||||
|       ]; | ||||
|       text = builtins.readFile ./install.sh; | ||||
| @@ -15,8 +16,6 @@ | ||||
|   ]; | ||||
|  | ||||
|   home-manager.sharedModules = [ | ||||
|     { | ||||
|       programs.zsh.initExtra = builtins.readFile ./install.completion.zsh; | ||||
|     } | ||||
|     { programs.zsh.initContent = builtins.readFile ./install.completion.zsh; } | ||||
|   ]; | ||||
| } | ||||
|   | ||||
| @@ -4,7 +4,6 @@ _nix-install_completion() { | ||||
|     '-m[Mode: 'install' or 'repair']:mode:(install repair)' | ||||
|     '-h[Host to configure]:host:($(_list_hosts))' | ||||
|     '-k[Key file to copy to user config]:key:($(_list_keys))' | ||||
|     '-p[LUKS password file to use for encryption]:password_file:_files' | ||||
|     '-c[Copy configuration to target]' | ||||
|     '-r[Reboot after completion]' | ||||
|   ) | ||||
|   | ||||
| @@ -1,3 +1,5 @@ | ||||
| # shellcheck shell=bash | ||||
|  | ||||
| usage() { | ||||
|   echo "Usage: $0 flake -m install|repair -h host [-k key] [-p password_file] [-c] [-r]" | ||||
|   echo | ||||
| @@ -6,7 +8,6 @@ usage() { | ||||
|   echo "  -m mode             Mode: 'install' or 'repair'." | ||||
|   echo "  -h host             Host to configure." | ||||
|   echo "  -k key              Key file to copy to user config." | ||||
|   echo "  -p password_file    LUKS password file to use for encryption." | ||||
|   echo "  -c                  Copy configuration to target." | ||||
|   echo "  -r                  Reboot after completion." | ||||
|   exit 1 | ||||
| @@ -48,34 +49,22 @@ check_key() { | ||||
| } | ||||
|  | ||||
| set_password_file() { | ||||
|   if [[ -n "$password_file" ]]; then | ||||
|     if [[ ! -f "$password_file" ]]; then | ||||
|       echo "LUKS key file '$password_file' not found." | ||||
|       exit 1 | ||||
|     fi | ||||
|  | ||||
|     ln -sf "$(realpath "$password_file")" /tmp/installer.key | ||||
|   else | ||||
|     echo "Enter password for LUKS encryption:" | ||||
|     IFS= read -r -s password | ||||
|     echo "Enter password again to confirm: " | ||||
|     IFS= read -r -s password_check | ||||
|     [ "$password" != "$password_check" ] | ||||
|     echo -n "$password" > /tmp/installer.key | ||||
|     unset password password_check | ||||
|   fi | ||||
|   SOPS_AGE_KEY_FILE="$flake/secrets/$key/key.txt" | ||||
|   export SOPS_AGE_KEY_FILE | ||||
|   sops --decrypt --extract "['luks']" "$flake/hosts/$host/secrets/secrets.yaml" > /tmp/keyfile | ||||
|   unset SOPS_AGE_KEY_FILE | ||||
| } | ||||
|  | ||||
| prepare_disk() { | ||||
|   local disko_mode="$1" | ||||
|   mkdir -p /mnt | ||||
|   root=$(mktemp -d /mnt/install.XXXXXX) | ||||
|   disko -m "$disko_mode" --yes-wipe-all-disks --root-mountpoint "$root" "$flake/hosts/$host/format.nix" --arg device "\"$device\"" | ||||
|   disko -m "$disko_mode" --yes-wipe-all-disks --root-mountpoint "$root" "$flake/hosts/$host/format.nix" | ||||
| } | ||||
|  | ||||
| copy_keys() { | ||||
|   mkdir -p "$root/persist/etc/ssh" | ||||
|   cp "$flake/hosts/$host/secrets/ssh_host_ed25519_key" "$root/persist/etc/ssh/ssh_host_ed25519_key" | ||||
|   mkdir -p "$root/persist/state/etc/ssh" | ||||
|   cp -f "$flake/hosts/$host/secrets/ssh_host_ed25519_key" "$root/persist/state/etc/ssh/ssh_host_ed25519_key" | ||||
|  | ||||
|   for path in "$flake/hosts/$host/users"/*; do | ||||
|     if [[ -z "$key" ]]; then | ||||
| @@ -84,9 +73,17 @@ copy_keys() { | ||||
|  | ||||
|     local user | ||||
|     user=$(basename "$path") | ||||
|     mkdir -p "$root/persist/home/$user/.config/sops-nix" | ||||
|     cp "$flake/secrets/$key/key.txt" "$root/persist/home/$user/.config/sops-nix/key.txt" | ||||
|     chown -R "$(cat "$flake/hosts/$host/users/$user/uid"):100" "$root/persist/home/$user" | ||||
|  | ||||
|     mkdir -p "$root/persist/state/home/$user/.config/sops-nix" | ||||
|     cp -f "$flake/secrets/$key/key.txt" "$root/persist/state/home/$user/.config/sops-nix/key.txt" | ||||
|  | ||||
|     owner=$(cat "$flake/hosts/$host/users/$user/uid") | ||||
|     group=100 | ||||
|     chown "$owner:$group" \ | ||||
|       "$root/persist/state/home/$user" \ | ||||
|       "$root/persist/state/home/$user/.config" \ | ||||
|       "$root/persist/state/home/$user/.config/sops-nix" \ | ||||
|       "$root/persist/state/home/$user/.config/sops-nix/key.txt" | ||||
|   done | ||||
| } | ||||
|  | ||||
| @@ -96,8 +93,9 @@ install() { | ||||
|  | ||||
| copy_config() { | ||||
|   echo "Copying configuration..." | ||||
|   rm -rf "$root/persist/etc/nixos" | ||||
|   cp -r "$flake" "$root/persist/etc/nixos" | ||||
|   mkdir -p "$root/persist/user/etc/nixos" | ||||
|   rm -rf "$root/persist/user/etc/nixos" | ||||
|   cp -r "$flake" "$root/persist/user/etc/nixos" | ||||
| } | ||||
|  | ||||
| finish() { | ||||
| @@ -108,66 +106,57 @@ finish() { | ||||
| } | ||||
|  | ||||
| cleanup() { | ||||
|   rm -f /tmp/installer.key | ||||
|   if [[ -n "$host" && -n "$device" ]]; then disko -m "unmount" "$flake/hosts/$host/format.nix" --arg device "\"$device\""; fi | ||||
|   rm -f /tmp/keyfile | ||||
|   if [[ -n "$host" ]]; then disko -m "unmount" "$flake/hosts/$host/format.nix"; fi | ||||
|   if [[ -d "$root" ]]; then rmdir "$root"; fi | ||||
| } | ||||
|  | ||||
| check_root | ||||
| check_network | ||||
| main() { | ||||
|   check_root | ||||
|   check_network | ||||
|  | ||||
| if [[ "$#" -lt 1 ]]; then | ||||
|   usage | ||||
| fi | ||||
|   if [[ "$#" -lt 1 ]]; then usage; fi | ||||
|  | ||||
| flake="$(realpath "$1")" | ||||
| check_flake | ||||
| shift | ||||
|   flake="$(realpath "$1")" | ||||
|   check_flake | ||||
|   shift | ||||
|  | ||||
| mode="" | ||||
| host="" | ||||
| key="" | ||||
| password_file="" | ||||
| copy_config_flag="false" | ||||
| reboot_flag="false" | ||||
|   mode="" | ||||
|   host="" | ||||
|   key="" | ||||
|   copy_config_flag="false" | ||||
|   reboot_flag="false" | ||||
|  | ||||
| while getopts "m:h:k:p:cr" opt; do | ||||
|   case "$opt" in | ||||
|     m) mode="$OPTARG" ;; | ||||
|     h) host="$OPTARG" ;; | ||||
|     k) key="$OPTARG" ;; | ||||
|     p) password_file="$OPTARG" ;; | ||||
|     c) copy_config_flag="true" ;; | ||||
|     r) reboot_flag="true" ;; | ||||
|     *) usage ;; | ||||
|   while getopts "m:h:k:cr" opt; do | ||||
|     case "$opt" in | ||||
|       m) mode="$OPTARG" ;; | ||||
|       h) host="$OPTARG" ;; | ||||
|       k) key="$OPTARG" ;; | ||||
|       c) copy_config_flag="true" ;; | ||||
|       r) reboot_flag="true" ;; | ||||
|       *) usage ;; | ||||
|     esac | ||||
|   done | ||||
|  | ||||
|   if [[ -z "$mode" || -z "$host" ]]; then usage; fi | ||||
|  | ||||
|   check_host | ||||
|   check_key | ||||
|   set_password_file | ||||
|  | ||||
|   case "$mode" in | ||||
|     install) prepare_disk "destroy,format,mount";; | ||||
|     repair) prepare_disk "mount";; | ||||
|     *) | ||||
|       echo "Invalid mode: $mode" | ||||
|       usage | ||||
|       ;; | ||||
|   esac | ||||
| done | ||||
|  | ||||
| if [[ -z "$mode" || -z "$host" ]]; then | ||||
|   usage | ||||
| fi | ||||
|   copy_keys | ||||
|   install | ||||
|   [[ "$copy_config_flag" == "true" ]] && copy_config | ||||
|   [[ "$reboot_flag" == "true" ]] && finish | ||||
| } | ||||
|  | ||||
| check_host | ||||
| check_key | ||||
| until set_password_file; do echo "Passwords did not match, please try again."; done | ||||
|  | ||||
| device=$(grep -oP '(?<=device = ")[^"]+' "$flake/hosts/$host/default.nix") | ||||
|  | ||||
| case "$mode" in | ||||
|   install) | ||||
|     prepare_disk "destroy,format,mount" | ||||
|     copy_keys | ||||
|     install | ||||
|     if [[ "$copy_config_flag" == "true" ]]; then copy_config; fi | ||||
|     if [[ "$reboot_flag" == "true" ]]; then finish; fi | ||||
|     ;; | ||||
|   repair) | ||||
|     prepare_disk "mount" | ||||
|     install | ||||
|     if [[ "$reboot_flag" == "true" ]]; then finish; fi | ||||
|     ;; | ||||
|   *) | ||||
|     echo "Invalid mode: $mode" | ||||
|     usage | ||||
|     ;; | ||||
| esac | ||||
| main "$@" | ||||
|   | ||||
| @@ -1,7 +1,4 @@ | ||||
| { ... }: | ||||
| { | ||||
|   programs.nix-ld = { | ||||
|     enable = true; | ||||
|     libraries = [ ]; | ||||
|   }; | ||||
|   programs.nix-ld.enable = true; | ||||
| } | ||||
|   | ||||
							
								
								
									
										12
									
								
								hosts/common/configs/system/nix-update/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										12
									
								
								hosts/common/configs/system/nix-update/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,12 @@ | ||||
| { pkgs, ... }: | ||||
| { | ||||
|   nixpkgs.overlays = [ | ||||
|     (final: prev: { | ||||
|       nix-update = prev.nix-update.overrideAttrs (oldAttrs: { | ||||
|         patches = oldAttrs.patches or [ ] ++ [ ./source-attribute.patch ]; | ||||
|       }); | ||||
|     }) | ||||
|   ]; | ||||
|  | ||||
|   environment.systemPackages = with pkgs; [ nix-update ]; | ||||
| } | ||||
							
								
								
									
										127
									
								
								hosts/common/configs/system/nix-update/source-attribute.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										127
									
								
								hosts/common/configs/system/nix-update/source-attribute.patch
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,127 @@ | ||||
| diff --git a/nix_update/__init__.py b/nix_update/__init__.py | ||||
| index 89bbe45..93f9322 100644 | ||||
| --- a/nix_update/__init__.py | ||||
| +++ b/nix_update/__init__.py | ||||
| @@ -124,6 +124,12 @@ def parse_args(args: list[str]) -> Options: | ||||
|          default=[], | ||||
|      ) | ||||
|   | ||||
| +    parser.add_argument( | ||||
| +        "--src-attr", | ||||
| +        help="Src attribute", | ||||
| +        default="src", | ||||
| +    ) | ||||
| + | ||||
|      a = parser.parse_args(args) | ||||
|      extra_flags = ["--extra-experimental-features", "flakes nix-command"] | ||||
|      if a.system: | ||||
| @@ -146,6 +152,7 @@ def parse_args(args: list[str]) -> Options: | ||||
|          version=a.version, | ||||
|          version_preference=VersionPreference.from_str(a.version), | ||||
|          attribute=a.attribute, | ||||
| +        source_attribute=a.src_attr, | ||||
|          test=a.test, | ||||
|          version_regex=a.version_regex, | ||||
|          review=a.review, | ||||
| diff --git a/nix_update/eval.py b/nix_update/eval.py | ||||
| index 1767056..f85ea69 100644 | ||||
| --- a/nix_update/eval.py | ||||
| +++ b/nix_update/eval.py | ||||
| @@ -105,12 +105,19 @@ class Package: | ||||
|  def eval_expression( | ||||
|      escaped_import_path: str, | ||||
|      attr: str, | ||||
| +    source_attr: str, | ||||
|      flake: bool, | ||||
|      system: str | None, | ||||
|      override_filename: str | None, | ||||
|  ) -> str: | ||||
|      system = f'"{system}"' if system else "builtins.currentSystem" | ||||
|   | ||||
| +    source_attrs = source_attr.rpartition(".") | ||||
| +    source_attr_last = source_attrs[-1] or source_attr | ||||
| +    source_attr_all_but_last = ( | ||||
| +        f".{source_attrs[0]}" if source_attr_last != source_attr else "" | ||||
| +    ) | ||||
| + | ||||
|      if flake: | ||||
|          sanitize_position = ( | ||||
|              f""" | ||||
| @@ -164,8 +171,8 @@ let | ||||
|      raw_version_position | ||||
|    else if pkg ? isPhpExtension then | ||||
|      raw_version_position | ||||
| -  else if (builtins.unsafeGetAttrPos "src" pkg) != null then | ||||
| -    sanitizePosition (builtins.unsafeGetAttrPos "src" pkg) | ||||
| +  else if (builtins.unsafeGetAttrPos "{source_attr_last}" pkg) != null then | ||||
| +    sanitizePosition (builtins.unsafeGetAttrPos "{source_attr_last}" pkg{source_attr_all_but_last}) | ||||
|    else | ||||
|      sanitizePosition (positionFromMeta pkg); | ||||
|  in {{ | ||||
| @@ -174,11 +181,11 @@ in {{ | ||||
|    inherit raw_version_position; | ||||
|    filename = position.file; | ||||
|    line = position.line; | ||||
| -  urls = pkg.src.urls or null; | ||||
| -  url = pkg.src.url or null; | ||||
| -  rev = pkg.src.rev or null; | ||||
| -  tag = pkg.src.tag or null; | ||||
| -  hash = pkg.src.outputHash or null; | ||||
| +  urls = pkg.{source_attr}.urls or null; | ||||
| +  url = pkg.{source_attr}.url or null; | ||||
| +  rev = pkg.{source_attr}.rev or null; | ||||
| +  tag = pkg.{source_attr}.tag or null; | ||||
| +  hash = pkg.{source_attr}.outputHash or null; | ||||
|    go_modules = pkg.goModules.outputHash or null; | ||||
|    go_modules_old = pkg.go-modules.outputHash or null; | ||||
|    cargo_deps = pkg.cargoDeps.outputHash or null; | ||||
| @@ -205,7 +212,7 @@ in {{ | ||||
|    mix_deps = pkg.mixFodDeps.outputHash or null; | ||||
|    tests = builtins.attrNames (pkg.passthru.tests or {{}}); | ||||
|    has_update_script = {has_update_script}; | ||||
| -  src_homepage = pkg.src.meta.homepage or null; | ||||
| +  src_homepage = pkg.{source_attr}.meta.homepage or null; | ||||
|    changelog = pkg.meta.changelog or null; | ||||
|    maintainers = pkg.meta.maintainers or null; | ||||
|  }}""" | ||||
| @@ -215,6 +222,7 @@ def eval_attr(opts: Options) -> Package: | ||||
|      expr = eval_expression( | ||||
|          opts.escaped_import_path, | ||||
|          opts.escaped_attribute, | ||||
| +        opts.source_attribute, | ||||
|          opts.flake, | ||||
|          opts.system, | ||||
|          opts.override_filename, | ||||
| diff --git a/nix_update/options.py b/nix_update/options.py | ||||
| index 2d07b77..ab5c305 100644 | ||||
| --- a/nix_update/options.py | ||||
| +++ b/nix_update/options.py | ||||
| @@ -8,6 +8,7 @@ from .version.version import VersionPreference | ||||
|  @dataclass | ||||
|  class Options: | ||||
|      attribute: str | ||||
| +    source_attribute: str = "src" | ||||
|      flake: bool = False | ||||
|      version: str = "stable" | ||||
|      version_preference: VersionPreference = VersionPreference.STABLE | ||||
| @@ -33,4 +34,7 @@ class Options: | ||||
|   | ||||
|      def __post_init__(self) -> None: | ||||
|          self.escaped_attribute = ".".join(map(json.dumps, self.attribute.split("."))) | ||||
| +        self.escaped_source_attribute = ".".join( | ||||
| +            map(json.dumps, self.source_attribute.split(".")) | ||||
| +        ) | ||||
|          self.escaped_import_path = json.dumps(self.import_path) | ||||
| diff --git a/nix_update/update.py b/nix_update/update.py | ||||
| index 82b7bc5..464bf3d 100644 | ||||
| --- a/nix_update/update.py | ||||
| +++ b/nix_update/update.py | ||||
| @@ -155,7 +155,7 @@ def git_prefetch(x: tuple[str, tuple[str, str]]) -> tuple[str, str]: | ||||
|   | ||||
|   | ||||
|  def update_src_hash(opts: Options, filename: str, current_hash: str) -> None: | ||||
| -    target_hash = nix_prefetch(opts, "src") | ||||
| +    target_hash = nix_prefetch(opts, opts.source_attribute) | ||||
|      replace_hash(filename, current_hash, target_hash) | ||||
|   | ||||
|   | ||||
| @@ -1,8 +1,19 @@ | ||||
| { config, inputs, ... }: | ||||
| { | ||||
|   sops.secrets."nix/accessTokens/github" = { | ||||
|     sopsFile = ../../../../../secrets/personal/secrets.yaml; | ||||
|     group = "users"; | ||||
|   sops = { | ||||
|     secrets = { | ||||
|       "git/credentials/github.com/public/username".sopsFile = | ||||
|         ../../../../../secrets/personal/secrets.yaml; | ||||
|       "git/credentials/github.com/public/password".sopsFile = | ||||
|         ../../../../../secrets/personal/secrets.yaml; | ||||
|     }; | ||||
|  | ||||
|     templates.nix-access-tokens = { | ||||
|       content = '' | ||||
|         access-tokens = github.com=${config.sops.placeholder."git/credentials/github.com/public/password"} | ||||
|       ''; | ||||
|       group = "users"; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   nix = { | ||||
| @@ -12,14 +23,18 @@ | ||||
|         "nix-command" | ||||
|         "flakes" | ||||
|       ]; | ||||
|       download-buffer-size = 524288000; | ||||
|     }; | ||||
|  | ||||
|     registry.self.flake = inputs.self; | ||||
|     channel.enable = false; | ||||
|  | ||||
|     gc.automatic = true; | ||||
|     optimise.automatic = true; | ||||
|  | ||||
|     registry.self.flake = inputs.self; | ||||
|  | ||||
|     extraOptions = '' | ||||
|       !include ${config.sops.secrets."nix/accessTokens/github".path} | ||||
|       !include ${config.sops.templates.nix-access-tokens.path} | ||||
|     ''; | ||||
|   }; | ||||
| } | ||||
|   | ||||
| @@ -1,6 +1,9 @@ | ||||
| { inputs, ... }: | ||||
| { inputs, system, ... }: | ||||
| { | ||||
|   imports = [ inputs.nur.modules.nixos.default ]; | ||||
|  | ||||
|   nixpkgs.config.allowUnfree = true; | ||||
|   nixpkgs = { | ||||
|     hostPlatform = system; | ||||
|     config.allowUnfree = true; | ||||
|   }; | ||||
| } | ||||
|   | ||||
| @@ -8,12 +8,16 @@ | ||||
|     }; | ||||
|     pulse.enable = true; | ||||
|     jack.enable = true; | ||||
|     extraConfig.pipewire-pulse = { | ||||
|       pulse.cmd = [ | ||||
|     extraConfig.pipewire-pulse.pipewire-pulse = { | ||||
|       "pulse.cmd" = [ | ||||
|         { | ||||
|           cmd = "load-module"; | ||||
|           args = "module-switch-on-connect"; | ||||
|         } | ||||
|         { | ||||
|           cmd = "load-module"; | ||||
|           args = "module-combine-sink"; | ||||
|         } | ||||
|       ]; | ||||
|     }; | ||||
|   }; | ||||
|   | ||||
							
								
								
									
										24
									
								
								hosts/common/configs/system/podman/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										24
									
								
								hosts/common/configs/system/podman/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,24 @@ | ||||
| { pkgs, inputs, ... }: | ||||
| { | ||||
|   imports = [ inputs.quadlet-nix.nixosModules.quadlet ]; | ||||
|  | ||||
|   virtualisation = { | ||||
|     podman.enable = true; | ||||
|  | ||||
|     containers = { | ||||
|       enable = true; | ||||
|       storage.settings.storage.driver = "btrfs"; | ||||
|     }; | ||||
|  | ||||
|     quadlet.autoEscape = true; | ||||
|   }; | ||||
|  | ||||
|   environment = { | ||||
|     persistence."/persist/state"."/var/lib/containers".create = "directory"; | ||||
|  | ||||
|     systemPackages = with pkgs; [ | ||||
|       podman-compose | ||||
|       kompose | ||||
|     ]; | ||||
|   }; | ||||
| } | ||||
							
								
								
									
										4
									
								
								hosts/common/configs/system/power/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										4
									
								
								hosts/common/configs/system/power/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,4 @@ | ||||
| { ... }: | ||||
| { | ||||
|   powerManagement.enable = true; | ||||
| } | ||||
| @@ -1,5 +0,0 @@ | ||||
| { pkgs, ... }: | ||||
| { | ||||
|   environment.systemPackages = with pkgs; [ powertop ]; | ||||
|   powerManagement.powertop.enable = true; | ||||
| } | ||||
| @@ -18,19 +18,19 @@ | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   environment.persistence."/persist" = { | ||||
|   environment.persistence."/persist/state" = { | ||||
|     "/var/lib/cups/ppd" = { }; | ||||
|     "/var/lib/cups/printers.conf" = { }; | ||||
|   }; | ||||
|  | ||||
|   systemd = { | ||||
|     services.cups.after = [ | ||||
|       config.environment.persistence."/persist"."/var/lib/cups/ppd".mount | ||||
|       config.environment.persistence."/persist"."/var/lib/cups/printers.conf".mount | ||||
|       config.environment.persistence."/persist/state"."/var/lib/cups/ppd".mount | ||||
|       config.environment.persistence."/persist/state"."/var/lib/cups/printers.conf".mount | ||||
|     ]; | ||||
|     sockets.cups.after = [ | ||||
|       config.environment.persistence."/persist"."/var/lib/cups/ppd".mount | ||||
|       config.environment.persistence."/persist"."/var/lib/cups/printers.conf".mount | ||||
|       config.environment.persistence."/persist/state"."/var/lib/cups/ppd".mount | ||||
|       config.environment.persistence."/persist/state"."/var/lib/cups/printers.conf".mount | ||||
|     ]; | ||||
|   }; | ||||
| } | ||||
|   | ||||
							
								
								
									
										7
									
								
								hosts/common/configs/system/smartmontools/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								hosts/common/configs/system/smartmontools/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | ||||
| { pkgs, ... }: | ||||
| { | ||||
|   environment.systemPackages = with pkgs; [ | ||||
|     smartmontools | ||||
|     nvme-cli | ||||
|   ]; | ||||
| } | ||||
| @@ -8,13 +8,27 @@ | ||||
|   imports = [ inputs.sops-nix.nixosModules.sops ]; | ||||
|  | ||||
|   environment = { | ||||
|     persistence."/persist"."/etc/ssh/ssh_host_ed25519_key" = { }; | ||||
|     systemPackages = with pkgs; [ sops ]; | ||||
|     persistence."/persist/state"."/etc/ssh/ssh_host_ed25519_key" = { }; | ||||
|  | ||||
|     systemPackages = with pkgs; [ | ||||
|       sops | ||||
|       age | ||||
|       ssh-to-age | ||||
|     ]; | ||||
|   }; | ||||
|  | ||||
|   sops.age = { | ||||
|     generateKey = true; | ||||
|     sshKeyPaths = [ config.environment.persistence."/persist"."/etc/ssh/ssh_host_ed25519_key".source ]; | ||||
|     keyFile = "/var/lib/sops-nix/key.txt"; | ||||
|   sops = { | ||||
|     defaultSopsFile = ../../../../. + "/${config.networking.hostName}/secrets/secrets.yaml"; | ||||
|  | ||||
|     age = { | ||||
|       generateKey = true; | ||||
|       keyFile = "/var/lib/sops-nix/key.txt"; | ||||
|  | ||||
|       sshKeyPaths = | ||||
|         if config.environment.impermanence.enable then | ||||
|           [ config.environment.persistence."/persist/state"."/etc/ssh/ssh_host_ed25519_key".source ] | ||||
|         else | ||||
|           [ "/etc/ssh/ssh_host_ed25519_key" ]; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
|   | ||||
							
								
								
									
										4
									
								
								hosts/common/configs/system/ssh-agent/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										4
									
								
								hosts/common/configs/system/ssh-agent/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,4 @@ | ||||
| { ... }: | ||||
| { | ||||
|   programs.ssh.startAgent = true; | ||||
| } | ||||
| @@ -1,12 +1,23 @@ | ||||
| { ... }: | ||||
| { | ||||
|   programs.ssh = { | ||||
|     startAgent = true; | ||||
|   programs.ssh.knownHosts = { | ||||
|     installer.publicKeyFile = ../../../../installer/secrets/ssh_host_ed25519_key.pub; | ||||
|     elara.publicKeyFile = ../../../../elara/secrets/ssh_host_ed25519_key.pub; | ||||
|     himalia.publicKeyFile = ../../../../himalia/secrets/ssh_host_ed25519_key.pub; | ||||
|  | ||||
|     knownHosts = { | ||||
|       installer.publicKeyFile = ../../../../installer/secrets/ssh_host_ed25519_key.pub; | ||||
|       eirene.publicKeyFile = ../../../../eirene/secrets/ssh_host_ed25519_key.pub; | ||||
|       elara.publicKeyFile = ../../../../elara/secrets/ssh_host_ed25519_key.pub; | ||||
|     jupiter = { | ||||
|       publicKeyFile = ../../../../jupiter/secrets/ssh_host_ed25519_key.pub; | ||||
|       extraHostNames = [ "karaolidis.com" ]; | ||||
|     }; | ||||
|  | ||||
|     jupiter-sish = { | ||||
|       publicKeyFile = ../../../../jupiter/users/storm/configs/console/podman/sish/ssh_host_ed25519_key.pub; | ||||
|       extraHostNames = [ "karaolidis.com" ]; | ||||
|     }; | ||||
|  | ||||
|     jupiter-vps = { | ||||
|       publicKeyFile = ../../../../jupiter-vps/secrets/ssh_host_ed25519_key.pub; | ||||
|       extraHostNames = [ "vps.karaolidis.com" ]; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
|   | ||||
							
								
								
									
										27
									
								
								hosts/common/configs/system/sshd/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										27
									
								
								hosts/common/configs/system/sshd/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,27 @@ | ||||
| { ... }: | ||||
| { | ||||
|   environment = { | ||||
|     enableAllTerminfo = true; | ||||
|     persistence."/persist/state"."/var/lib/fail2ban" = { }; | ||||
|   }; | ||||
|  | ||||
|   services = { | ||||
|     openssh = { | ||||
|       enable = true; | ||||
|       settings = { | ||||
|         PasswordAuthentication = false; | ||||
|         PrintMotd = false; | ||||
|       }; | ||||
|     }; | ||||
|  | ||||
|     fail2ban = { | ||||
|       enable = true; | ||||
|       bantime = "24h"; | ||||
|       bantime-increment = { | ||||
|         enable = true; | ||||
|         maxtime = "720h"; | ||||
|         overalljails = true; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
							
								
								
									
										4
									
								
								hosts/common/configs/system/sudo/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										4
									
								
								hosts/common/configs/system/sudo/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,4 @@ | ||||
| { ... }: | ||||
| { | ||||
|   security.pam.services.sudo.nodelay = true; | ||||
| } | ||||
| @@ -1,17 +1,4 @@ | ||||
| { inputs, ... }: | ||||
| { ... }: | ||||
| { | ||||
|   system = { | ||||
|     autoUpgrade = { | ||||
|       enable = true; | ||||
|       flake = inputs.self.outPath; | ||||
|       flags = [ | ||||
|         "--update-input" | ||||
|         "nixpkgs" | ||||
|         "-L" | ||||
|       ]; | ||||
|       dates = "02:00"; | ||||
|     }; | ||||
|  | ||||
|     stateVersion = "24.11"; | ||||
|   }; | ||||
|   system.stateVersion = "24.11"; | ||||
| } | ||||
|   | ||||
| @@ -1,3 +1,5 @@ | ||||
| # shellcheck shell=bash | ||||
|  | ||||
| case "$2" in | ||||
|   connectivity-change) | ||||
|     if timezone=$(curl --fail https://ipapi.co/timezone); then | ||||
|   | ||||
| @@ -1,12 +0,0 @@ | ||||
| { ... }: | ||||
| { | ||||
|   services.tlp = { | ||||
|     enable = true; | ||||
|     settings = { | ||||
|       CPU_SCALING_GOVERNOR_ON_AC = "performance"; | ||||
|       CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; | ||||
|       CPU_ENERGY_PERF_POLICY_ON_AC = "performance"; | ||||
|       CPU_ENERGY_PERF_POLICY_ON_BAT = "power"; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
| @@ -1,4 +0,0 @@ | ||||
| { pkgs, ... }: | ||||
| { | ||||
|   environment.systemPackages = with pkgs; [ tree ]; | ||||
| } | ||||
							
								
								
									
										8
									
								
								hosts/common/configs/system/upower/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								hosts/common/configs/system/upower/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,8 @@ | ||||
| { ... }: | ||||
| { | ||||
|   services.upower = { | ||||
|     enable = true; | ||||
|     allowRiskyCriticalPowerAction = true; | ||||
|     criticalPowerAction = "Ignore"; | ||||
|   }; | ||||
| } | ||||
| @@ -1,4 +0,0 @@ | ||||
| { pkgs, ... }: | ||||
| { | ||||
|   environment.systemPackages = with pkgs; [ wget ]; | ||||
| } | ||||
| @@ -6,7 +6,9 @@ | ||||
|   }; | ||||
|  | ||||
|   environment = { | ||||
|     persistence."/persist"."/var/lib/zsh" = { }; | ||||
|     persistence."/persist/state"."/var/lib/zsh" = { }; | ||||
|     pathsToLink = [ "/share/zsh" ]; | ||||
|   }; | ||||
|  | ||||
|   systemd.tmpfiles.rules = [ "d /var/lib/zsh 0755 root root" ]; | ||||
| } | ||||
|   | ||||
| @@ -17,7 +17,7 @@ | ||||
|  | ||||
|   users.users.${user}.extraGroups = [ "adbusers" ]; | ||||
|  | ||||
|   environment.persistence."/persist" = { | ||||
|   environment.persistence."/persist/state" = { | ||||
|     "${home}/.local/share/android/adbkey" = { }; | ||||
|     "${home}/.local/share/android/adbkey.pub" = { }; | ||||
|   }; | ||||
|   | ||||
| @@ -8,6 +8,4 @@ | ||||
|     "video" | ||||
|     "inputs" | ||||
|   ]; | ||||
|  | ||||
|   home-manager.users.${user}.home.packages = with pkgs; [ brightnessctl ]; | ||||
| } | ||||
|   | ||||
| @@ -14,7 +14,7 @@ | ||||
|       update_ms = 1000; | ||||
|       proc_tree = true; | ||||
|       cpu_single_graph = true; | ||||
|       disks_filter = "/ /nix /persist /cache"; | ||||
|       disks_filter = "/ /nix /persist"; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
|   | ||||
							
								
								
									
										22
									
								
								hosts/common/configs/user/console/dive/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										22
									
								
								hosts/common/configs/user/console/dive/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,22 @@ | ||||
| { | ||||
|   user ? throw "user argument is required", | ||||
|   home ? throw "home argument is required", | ||||
| }: | ||||
| { | ||||
|   config, | ||||
|   lib, | ||||
|   pkgs, | ||||
|   ... | ||||
| }: | ||||
| let | ||||
|   hmConfig = config.home-manager.users.${user}; | ||||
| in | ||||
| { | ||||
|   home-manager.users.${user} = { | ||||
|     home.packages = with pkgs; [ dive ]; | ||||
|  | ||||
|     xdg.configFile."dive/config.yaml" = lib.mkIf ( | ||||
|       config.virtualisation.podman.enable || hmConfig.services.podman.enable | ||||
|     ) { source = (pkgs.formats.yaml { }).generate "config.yaml" { container-engine = "podman"; }; }; | ||||
|   }; | ||||
| } | ||||
| @@ -1,55 +0,0 @@ | ||||
| { | ||||
|   user ? throw "user argument is required", | ||||
|   home ? throw "home argument is required", | ||||
|   rootless ? true, | ||||
| }: | ||||
| { | ||||
|   config, | ||||
|   lib, | ||||
|   pkgs, | ||||
|   ... | ||||
| }: | ||||
| lib.mkMerge [ | ||||
|   { | ||||
|     virtualisation.docker.rootless = { | ||||
|       enable = rootless; | ||||
|       setSocketVariable = true; | ||||
|       enableOnBoot = false; | ||||
|       storageDriver = "btrfs"; | ||||
|  | ||||
|       daemon.settings = { | ||||
|         experimental = true; | ||||
|         ipv6 = true; | ||||
|         fixed-cidr-v6 = "fd00::/80"; | ||||
|       }; | ||||
|  | ||||
|       autoPrune = { | ||||
|         enable = true; | ||||
|         flags = [ "--all" ]; | ||||
|       }; | ||||
|     }; | ||||
|  | ||||
|     home-manager.users.${user}.home = { | ||||
|       packages = with pkgs; [ docker-compose ]; | ||||
|  | ||||
|       sessionVariables = { | ||||
|         DOCKER_CONFIG = "${home}/.config/docker"; | ||||
|       }; | ||||
|     }; | ||||
|   } | ||||
|   (lib.mkIf rootless { | ||||
|     environment.persistence."/persist"."${home}/.local/share/docker" = { }; | ||||
|  | ||||
|     systemd.user = { | ||||
|       services.docker.after = [ | ||||
|         config.environment.persistence."/persist"."${home}/.local/share/docker".mount | ||||
|       ]; | ||||
|       sockets.docker.after = [ | ||||
|         config.environment.persistence."/persist"."${home}/.local/share/docker".mount | ||||
|       ]; | ||||
|     }; | ||||
|   }) | ||||
|   (lib.mkIf (!rootless) { | ||||
|     users.users.${user}.extraGroups = [ "docker" ]; | ||||
|   }) | ||||
| ] | ||||
| @@ -4,5 +4,8 @@ | ||||
| }: | ||||
| { pkgs, ... }: | ||||
| { | ||||
|   home-manager.users.${user}.home.packages = with pkgs; [ ffmpeg ]; | ||||
|   home-manager.users.${user}.home.packages = with pkgs; [ | ||||
|     ffmpeg | ||||
|     mediainfo | ||||
|   ]; | ||||
| } | ||||
|   | ||||
| @@ -1,3 +1,5 @@ | ||||
| # shellcheck shell=bash | ||||
|  | ||||
| git interpret-trailers --if-exists doNothing --trailer \ | ||||
|   "Signed-off-by: $(git config user.name) <$(git config user.email)>" \ | ||||
|   --in-place "$1" | ||||
|   | ||||
| @@ -1,3 +1,5 @@ | ||||
| # shellcheck shell=bash | ||||
|  | ||||
| install -d -m 700 "$GNUPGHOME" | ||||
|  | ||||
| KEYS="$HOME/.config/sops-nix/secrets/gpg" | ||||
|   | ||||
| @@ -9,9 +9,7 @@ | ||||
|   programs.dconf.enable = true; | ||||
|  | ||||
|   home-manager = { | ||||
|     extraSpecialArgs = { | ||||
|       inherit inputs; | ||||
|     }; | ||||
|     extraSpecialArgs = { inherit inputs; }; | ||||
|     backupFileExtension = "bak"; | ||||
|     useUserPackages = true; | ||||
|     useGlobalPkgs = true; | ||||
|   | ||||
							
								
								
									
										15
									
								
								hosts/common/configs/user/console/ip/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										15
									
								
								hosts/common/configs/user/console/ip/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,15 @@ | ||||
| { | ||||
|   user ? throw "user argument is required", | ||||
|   home ? throw "home argument is required", | ||||
| }: | ||||
| { pkgs, ... }: | ||||
| { | ||||
|   home-manager.users.${user}.home.packages = with pkgs; [ | ||||
|     iproute2 | ||||
|     iptables | ||||
|     ipset | ||||
|     ethtool | ||||
|     tcpdump | ||||
|     ipcalc | ||||
|   ]; | ||||
| } | ||||
| @@ -9,51 +9,19 @@ | ||||
|   ... | ||||
| }: | ||||
| { | ||||
|   nixpkgs.overlays = [ | ||||
|     (final: prev: { | ||||
|       k9s = prev.k9s.overrideAttrs (oldAttrs: { | ||||
|         patches = oldAttrs.patches or [ ] ++ [ ./remove-splash.patch ]; | ||||
|       }); | ||||
|     }) | ||||
|   ]; | ||||
|  | ||||
|   environment.persistence = { | ||||
|     "/persist"."${home}/.kube" = { }; | ||||
|     "/cache"."${home}/.kube/cache" = { }; | ||||
|   }; | ||||
|  | ||||
|   users.users.${user}.extraGroups = [ "kubernetes" ]; | ||||
|  | ||||
|   sops.secrets = { | ||||
|     "kubernetes/accounts/${user}/crt" = { | ||||
|       key = "kubernetes/accounts/users/crt"; | ||||
|       group = "users"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|  | ||||
|     "kubernetes/accounts/${user}/key" = { | ||||
|       key = "kubernetes/accounts/users/key"; | ||||
|       group = "users"; | ||||
|       mode = "0440"; | ||||
|     }; | ||||
|     "/persist/user"."${home}/.kube" = { }; | ||||
|     "/persist/cache"."${home}/.kube/cache" = { }; | ||||
|   }; | ||||
|  | ||||
|   home-manager.users.${user} = { | ||||
|     home = { | ||||
|       packages = with pkgs; [ | ||||
|         kubectl | ||||
|         kustomize | ||||
|         kubernetes-helm | ||||
|         kompose | ||||
|       ]; | ||||
|  | ||||
|       file.".kube/local".source = config.services.kubernetes.lib.mkKubeConfig user { | ||||
|         caFile = config.sops.secrets."kubernetes/ca/crt".path; | ||||
|         certFile = config.sops.secrets."kubernetes/accounts/${user}/crt".path; | ||||
|         keyFile = config.sops.secrets."kubernetes/accounts/${user}/key".path; | ||||
|         server = config.services.kubernetes.apiserverAddress; | ||||
|       }; | ||||
|     }; | ||||
|     home.packages = with pkgs; [ | ||||
|       kubectl | ||||
|       kustomize | ||||
|       kubernetes-helm | ||||
|       kompose | ||||
|       kind | ||||
|     ]; | ||||
|  | ||||
|     programs = { | ||||
|       k9s = { | ||||
| @@ -67,19 +35,20 @@ | ||||
|           ui = { | ||||
|             skin = "matugen"; | ||||
|             logoless = true; | ||||
|             splashless = true; | ||||
|             reactive = true; | ||||
|           }; | ||||
|         }; | ||||
|       }; | ||||
|  | ||||
|       zsh = { | ||||
|         initExtra = '' | ||||
|         initContent = '' | ||||
|           kubeswitch() { | ||||
|             local target="$HOME/.kube/$1" | ||||
|             local config="$HOME/.kube/config" | ||||
|  | ||||
|             if [[ -f "$target" && "$target" != "$config" ]]; then | ||||
|               ln -sf "$target" "$config" | ||||
|               ln -srf "$target" "$config" | ||||
|               echo "Switched kube context to $1" | ||||
|               p10k reload | ||||
|             else | ||||
| @@ -101,6 +70,6 @@ | ||||
|       }; | ||||
|     }; | ||||
|  | ||||
|     theme.template."${home}/.config/k9s/skins/matugen.yaml".source = ./theme.yaml; | ||||
|     theme.template.".config/k9s/skins/matugen.yaml".source = ./theme.yaml; | ||||
|   }; | ||||
| } | ||||
|   | ||||
| @@ -1,123 +0,0 @@ | ||||
| diff --git a/internal/ui/splash.go b/internal/ui/splash.go | ||||
| index bfe58e46..21683c53 100644 | ||||
| --- a/internal/ui/splash.go | ||||
| +++ b/internal/ui/splash.go | ||||
| @@ -3,14 +3,6 @@ | ||||
|   | ||||
|  package ui | ||||
|   | ||||
| -import ( | ||||
| -	"fmt" | ||||
| -	"strings" | ||||
| - | ||||
| -	"github.com/derailed/k9s/internal/config" | ||||
| -	"github.com/derailed/tview" | ||||
| -) | ||||
| - | ||||
|  // LogoSmall K9s small log. | ||||
|  var LogoSmall = []string{ | ||||
|  	` ____  __.________       `, | ||||
| @@ -30,42 +22,3 @@ var LogoBig = []string{ | ||||
|  	`|____|__ \ /____//____  >\______  /_______ \___|`, | ||||
|  	`        \/            \/        \/        \/    `, | ||||
|  } | ||||
| - | ||||
| -// Splash represents a splash screen. | ||||
| -type Splash struct { | ||||
| -	*tview.Flex | ||||
| -} | ||||
| - | ||||
| -// NewSplash instantiates a new splash screen with product and company info. | ||||
| -func NewSplash(styles *config.Styles, version string) *Splash { | ||||
| -	s := Splash{Flex: tview.NewFlex()} | ||||
| -	s.SetBackgroundColor(styles.BgColor()) | ||||
| - | ||||
| -	logo := tview.NewTextView() | ||||
| -	logo.SetDynamicColors(true) | ||||
| -	logo.SetTextAlign(tview.AlignCenter) | ||||
| -	s.layoutLogo(logo, styles) | ||||
| - | ||||
| -	vers := tview.NewTextView() | ||||
| -	vers.SetDynamicColors(true) | ||||
| -	vers.SetTextAlign(tview.AlignCenter) | ||||
| -	s.layoutRev(vers, version, styles) | ||||
| - | ||||
| -	s.SetDirection(tview.FlexRow) | ||||
| -	s.AddItem(logo, 10, 1, false) | ||||
| -	s.AddItem(vers, 1, 1, false) | ||||
| - | ||||
| -	return &s | ||||
| -} | ||||
| - | ||||
| -func (s *Splash) layoutLogo(t *tview.TextView, styles *config.Styles) { | ||||
| -	logo := strings.Join(LogoBig, fmt.Sprintf("\n[%s::b]", styles.Body().LogoColor)) | ||||
| -	fmt.Fprintf(t, "%s[%s::b]%s\n", | ||||
| -		strings.Repeat("\n", 2), | ||||
| -		styles.Body().LogoColor, | ||||
| -		logo) | ||||
| -} | ||||
| - | ||||
| -func (s *Splash) layoutRev(t *tview.TextView, rev string, styles *config.Styles) { | ||||
| -	fmt.Fprintf(t, "[%s::b]Revision [red::b]%s", styles.Body().FgColor, rev) | ||||
| -} | ||||
| diff --git a/internal/ui/splash_test.go b/internal/ui/splash_test.go | ||||
| deleted file mode 100644 | ||||
| index 69b4b50d..00000000 | ||||
| --- a/internal/ui/splash_test.go | ||||
| +++ /dev/null | ||||
| @@ -1,22 +0,0 @@ | ||||
| -// SPDX-License-Identifier: Apache-2.0 | ||||
| -// Copyright Authors of K9s | ||||
| - | ||||
| -package ui_test | ||||
| - | ||||
| -import ( | ||||
| -	"testing" | ||||
| - | ||||
| -	"github.com/derailed/k9s/internal/config" | ||||
| -	"github.com/derailed/k9s/internal/ui" | ||||
| -	"github.com/stretchr/testify/assert" | ||||
| -) | ||||
| - | ||||
| -func TestNewSplash(t *testing.T) { | ||||
| -	s := ui.NewSplash(config.NewStyles(), "bozo") | ||||
| - | ||||
| -	x, y, w, h := s.GetRect() | ||||
| -	assert.Equal(t, 0, x) | ||||
| -	assert.Equal(t, 0, y) | ||||
| -	assert.Equal(t, 15, w) | ||||
| -	assert.Equal(t, 10, h) | ||||
| -} | ||||
| diff --git a/internal/view/app.go b/internal/view/app.go | ||||
| index 4ac7e7c2..2b3a3fc5 100644 | ||||
| --- a/internal/view/app.go | ||||
| +++ b/internal/view/app.go | ||||
| @@ -35,7 +35,6 @@ import ( | ||||
|  var ExitStatus = "" | ||||
|   | ||||
|  const ( | ||||
| -	splashDelay      = 1 * time.Second | ||||
|  	clusterRefresh   = 15 * time.Second | ||||
|  	clusterInfoWidth = 50 | ||||
|  	clusterInfoPad   = 15 | ||||
| @@ -165,8 +164,7 @@ func (a *App) layout(ctx context.Context) { | ||||
|  	} | ||||
|  	main.AddItem(flash, 1, 1, false) | ||||
|   | ||||
| -	a.Main.AddPage("main", main, true, false) | ||||
| -	a.Main.AddPage("splash", ui.NewSplash(a.Styles, a.version), true, true) | ||||
| +	a.Main.AddPage("main", main, true, true) | ||||
|  	a.toggleHeader(!a.Config.K9s.IsHeadless(), !a.Config.K9s.IsLogoless()) | ||||
|  } | ||||
|   | ||||
| @@ -520,10 +518,7 @@ func (a *App) Run() error { | ||||
|  	a.Resume() | ||||
|   | ||||
|  	go func() { | ||||
| -		<-time.After(splashDelay) | ||||
|  		a.QueueUpdateDraw(func() { | ||||
| -			a.Main.SwitchToPage("main") | ||||
| -			// if command bar is already active, focus it | ||||
|  			if a.CmdBuff().IsActive() { | ||||
|  				a.SetFocus(a.Prompt()) | ||||
|  			} | ||||
| @@ -4,5 +4,5 @@ | ||||
| }: | ||||
| { pkgs, ... }: | ||||
| { | ||||
|   home-manager.users.${user}.home.packages = [ (pkgs.callPackage ./package.nix { }) ]; | ||||
|   home-manager.users.${user}.home.packages = with pkgs; [ mprocs ]; | ||||
| } | ||||
							
								
								
									
										31
									
								
								hosts/common/configs/user/console/ncspot/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										31
									
								
								hosts/common/configs/user/console/ncspot/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,31 @@ | ||||
| { | ||||
|   user ? throw "user argument is required", | ||||
|   home ? throw "home argument is required", | ||||
| }: | ||||
| { lib, pkgs, ... }: | ||||
| { | ||||
|   environment.persistence = { | ||||
|     "/persist/state"."${home}/.config/ncspot/userstate.cbor" = { }; | ||||
|     "/persist/cache"."${home}/.cache/ncspot" = { }; | ||||
|   }; | ||||
|  | ||||
|   home-manager.users.${user} = { | ||||
|     programs.ncspot.enable = true; | ||||
|  | ||||
|     theme = { | ||||
|       template.".config/ncspot/config.toml".source = ./theme.toml; | ||||
|  | ||||
|       reloadExtraConfig = "${ | ||||
|         lib.meta.getExe ( | ||||
|           pkgs.writeShellApplication { | ||||
|             name = "reload-ncspot"; | ||||
|             runtimeInputs = with pkgs; [ netcat ]; | ||||
|             text = '' | ||||
|               printf "reload\n" | nc -W 1 -U "''${XDG_RUNTIME_DIR:-/run/user/$UID}/ncspot/ncspot.sock" | ||||
|             ''; | ||||
|           } | ||||
|         ) | ||||
|       } &"; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
							
								
								
									
										23
									
								
								hosts/common/configs/user/console/ncspot/theme.toml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								hosts/common/configs/user/console/ncspot/theme.toml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| use_nerdfont = true | ||||
| volnorm = true | ||||
| default_keybindings = true | ||||
| library_tabs = [ "albums", "artists", "playlists", "browse" ] | ||||
|  | ||||
| [theme] | ||||
| background = "{{colors.surface.default.hex}}" | ||||
| primary = "{{colors.on_surface.default.hex}}" | ||||
| secondary = "{{colors.inverse_surface.default.hex}}" | ||||
| title = "{{colors.primary.default.hex}}" | ||||
| playing = "{{colors.primary.default.hex}}" | ||||
| playing_bg = "{{colors.surface.default.hex}}" | ||||
| highlight = "{{colors.on_primary.default.hex}}" | ||||
| highlight_bg = "{{colors.primary.default.hex}}" | ||||
| playing_selected = "{{colors.on_primary.default.hex}}" | ||||
| error = "{{colors.on_error.default.hex}}" | ||||
| error_bg = "{{colors.error.default.hex}}" | ||||
| statusbar = "{{colors.primary.default.hex}}" | ||||
| statusbar_progress = "{{colors.primary.default.hex}}" | ||||
| statusbar_bg = "{{colors.surface.default.hex}}" | ||||
| cmdline = "{{colors.on_surface.default.hex}}" | ||||
| cmdline_bg = "{{colors.surface.default.hex}}" | ||||
| search_match = "{{colors.tertiary.default.hex}}" | ||||
| @@ -12,7 +12,7 @@ | ||||
|   home-manager.users.${user}.programs.zsh = { | ||||
|     shellAliases.nd = "nix-develop"; | ||||
|  | ||||
|     initExtra = | ||||
|     initContent = | ||||
|       let | ||||
|         devShells = lib.strings.concatStringsSep " " ( | ||||
|           lib.attrsets.mapAttrsToList (key: _: key) inputs.self.devShells.${system} | ||||
| @@ -35,7 +35,16 @@ | ||||
|           done | ||||
|  | ||||
|           if [[ -z "$devshell" ]]; then | ||||
|             if [ ! -f flake.nix ]; then cp "${./template.nix}" flake.nix; fi | ||||
|             if [ ! -f flake.nix ]; then | ||||
|               cp "${./template.nix}" flake.nix | ||||
|               chmod 755 flake.nix | ||||
|             fi | ||||
|  | ||||
|             if [ ! treefmt.nix ]; then | ||||
|               cp "${./treefmt.nix}" treefmt.nix | ||||
|               chmod 755 treefmt.nix | ||||
|             fi | ||||
|  | ||||
|             nix develop -c "$SHELL" | ||||
|           else | ||||
|             nix develop self#"$devshell" -c "$SHELL" | ||||
|   | ||||
| @@ -8,23 +8,35 @@ | ||||
|     }; | ||||
|  | ||||
|     flake-utils = { | ||||
|       url = "github:numtide/flake-utils"; | ||||
|       type = "github"; | ||||
|       owner = "numtide"; | ||||
|       repo = "flake-utils"; | ||||
|       ref = "main"; | ||||
|     }; | ||||
|  | ||||
|     treefmt-nix = { | ||||
|       type = "github"; | ||||
|       owner = "numtide"; | ||||
|       repo = "treefmt-nix"; | ||||
|       ref = "main"; | ||||
|  | ||||
|       inputs.nixpkgs.follows = "nixpkgs"; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   outputs = | ||||
|     { nixpkgs, ... }@inputs: | ||||
|     { self, nixpkgs, ... }@inputs: | ||||
|     inputs.flake-utils.lib.eachDefaultSystem ( | ||||
|       system: | ||||
|       let | ||||
|         pkgs = nixpkgs.legacyPackages.${system}; | ||||
|         treefmt = inputs.treefmt-nix.lib.evalModule pkgs ./treefmt.nix; | ||||
|       in | ||||
|       { | ||||
|         devShells.default = pkgs.mkShell { | ||||
|           packages = [ ]; | ||||
|         }; | ||||
|         devShells.default = pkgs.mkShell { packages = with pkgs; [ ]; }; | ||||
|  | ||||
|         formatter = pkgs.nixfmt-rfc-style; | ||||
|         formatter = treefmt.config.build.wrapper; | ||||
|         checks.formatting = treefmt.config.build.check self; | ||||
|       } | ||||
|     ); | ||||
| } | ||||
|   | ||||
							
								
								
									
										17
									
								
								hosts/common/configs/user/console/nix-develop/treefmt.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										17
									
								
								hosts/common/configs/user/console/nix-develop/treefmt.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,17 @@ | ||||
| { ... }: | ||||
| { | ||||
|   projectRootFile = "flake.nix"; | ||||
|  | ||||
|   programs = { | ||||
|     nixfmt = { | ||||
|       enable = true; | ||||
|       strict = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   settings = { | ||||
|     global = { | ||||
|       excludes = [ ".envrc" ]; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
| @@ -10,83 +10,19 @@ | ||||
|   ... | ||||
| }: | ||||
| { | ||||
|   home-manager.users.${user} = { | ||||
|     programs = { | ||||
|       direnv = { | ||||
|         enable = true; | ||||
|         silent = true; | ||||
|         nix-direnv.enable = true; | ||||
|         enableZshIntegration = true; | ||||
|   home-manager.users.${user}.programs = { | ||||
|     direnv = { | ||||
|       enable = true; | ||||
|       silent = true; | ||||
|       nix-direnv.enable = true; | ||||
|       enableZshIntegration = true; | ||||
|  | ||||
|       config = { | ||||
|         global.warn_timeout = 0; | ||||
|       }; | ||||
|  | ||||
|       zsh = { | ||||
|         shellAliases.nde = "nix-direnv"; | ||||
|  | ||||
|         initExtra = | ||||
|           let | ||||
|             devShells = lib.strings.concatStringsSep " " ( | ||||
|               lib.attrsets.mapAttrsToList (key: _: key) inputs.self.devShells.${system} | ||||
|             ); | ||||
|           in | ||||
|           '' | ||||
|             nix-direnv() { | ||||
|               local devshell="" | ||||
|               local hide=false | ||||
|  | ||||
|               while getopts "s:h" opt; do | ||||
|                 case $opt in | ||||
|                   s) | ||||
|                     devshell=$OPTARG | ||||
|                     ;; | ||||
|                   h) | ||||
|                     hide=true | ||||
|                     ;; | ||||
|                   *) | ||||
|                     echo "Usage: nix-direnv [-s <devshell>] [-h]" | ||||
|                     return 1 | ||||
|                     ;; | ||||
|                 esac | ||||
|               done | ||||
|  | ||||
|               if [[ -z "$devshell" ]]; then | ||||
|                 echo "use flake" > .envrc | ||||
|                 if [ ! -f flake.nix ]; then cp "${../nix-develop/template.nix}" flake.nix; fi | ||||
|               else | ||||
|                 echo "use flake self#$devshell" > .envrc | ||||
|               fi | ||||
|  | ||||
|               if hide && git rev-parse --is-inside-work-tree &>/dev/null; then | ||||
|                 local top | ||||
|                 top=$(git rev-parse --show-toplevel) | ||||
|                 if ! grep -q "^\.envrc$" "$top/.gitignore" "$top/.git/info/exclude"; then echo "$(realpath --relative-to="$top" .envrc)" >> "$top/.git/info/exclude"; fi | ||||
|                 if [ -z "$devshell" ]; then | ||||
|                   if ! grep -q "^flake.nix$" "$top/.gitignore" "$top/.git/info/exclude"; then echo "flake.nix" >> "$top/.git/info/exclude"; fi | ||||
|                   if ! grep -q "^flake.lock$" "$top/.gitignore" "$top/.git/info/exclude"; then echo "flake.lock" >> "$top/.git/info/exclude"; fi | ||||
|                 fi | ||||
|               fi | ||||
|  | ||||
|               direnv allow | ||||
|             } | ||||
|  | ||||
|             _nix-direnv_completion() { | ||||
|               local options=( | ||||
|                 '-s[Dev shell from root flake]:shell:(${devShells})' | ||||
|                 '-h[Hide .envrc and flake.nix in git]' | ||||
|               ) | ||||
|  | ||||
|               _arguments -s $options | ||||
|             } | ||||
|  | ||||
|             compdef _nix-direnv_completion nix-direnv | ||||
|           ''; | ||||
|  | ||||
|         p10k.extraRightPromptElements = [ "direnv" ]; | ||||
|       }; | ||||
|     }; | ||||
|  | ||||
|     # https://github.com/direnv/direnv/wiki/Customizing-cache-location | ||||
|     xdg.configFile = { | ||||
|       "direnv/direnvrc".text = '' | ||||
|       # https://github.com/direnv/direnv/wiki/Customizing-cache-location | ||||
|       stdlib = '' | ||||
|         declare -A direnv_layout_dirs | ||||
|         direnv_layout_dir() { | ||||
|           local hash path | ||||
| @@ -97,17 +33,89 @@ | ||||
|           )}" | ||||
|         } | ||||
|       ''; | ||||
|     }; | ||||
|  | ||||
|       "direnv/direnv.toml".source = ( | ||||
|         (pkgs.formats.toml { }).generate "direnv.toml" { | ||||
|           global.warn_timeout = 0; | ||||
|         } | ||||
|       ); | ||||
|     zsh = { | ||||
|       shellAliases.nde = "nix-direnv"; | ||||
|  | ||||
|       initContent = | ||||
|         let | ||||
|           devShells = lib.strings.concatStringsSep " " ( | ||||
|             lib.attrsets.mapAttrsToList (key: _: key) inputs.self.devShells.${system} | ||||
|           ); | ||||
|         in | ||||
|         '' | ||||
|           nix-direnv() { | ||||
|             local devshell="" | ||||
|             local hide=false | ||||
|  | ||||
|             while getopts "s:h" opt; do | ||||
|               case $opt in | ||||
|                 s) | ||||
|                   devshell="$OPTARG" | ||||
|                   ;; | ||||
|                 h) | ||||
|                   hide=true | ||||
|                   ;; | ||||
|                 *) | ||||
|                   echo "Usage: nix-direnv [-s <devshell>] [-h]" | ||||
|                   return 1 | ||||
|                   ;; | ||||
|               esac | ||||
|             done | ||||
|  | ||||
|             if [[ -z "$devshell" ]]; then | ||||
|               if "$hide"; then | ||||
|                 echo "use flake path:." > .envrc; | ||||
|               else | ||||
|                 echo "use flake" > .envrc; | ||||
|               fi | ||||
|  | ||||
|               if [ ! -f flake.nix ]; then | ||||
|                 cp "${../nix-develop/template.nix}" flake.nix | ||||
|                 chmod 755 flake.nix | ||||
|               fi | ||||
|  | ||||
|               if [ ! -f treefmt.nix ]; then | ||||
|                 cp "${../nix-develop/treefmt.nix}" treefmt.nix | ||||
|                 chmod 755 treefmt.nix | ||||
|               fi | ||||
|             else | ||||
|               echo "use flake self#$devshell" > .envrc | ||||
|             fi | ||||
|  | ||||
|             if "$hide" && git rev-parse --is-inside-work-tree &>/dev/null; then | ||||
|               local top | ||||
|               top="$(git rev-parse --show-toplevel)" | ||||
|               if ! grep -q "^\.envrc$" "$top/.gitignore" "$top/.git/info/exclude"; then echo "$(realpath --relative-to="$top" .envrc)" >> "$top/.git/info/exclude"; fi | ||||
|               if [ -z "$devshell" ]; then | ||||
|                 if ! grep -q "^flake.nix$" "$top/.gitignore" "$top/.git/info/exclude"; then echo "flake.nix" >> "$top/.git/info/exclude"; fi | ||||
|                 if ! grep -q "^flake.lock$" "$top/.gitignore" "$top/.git/info/exclude"; then echo "flake.lock" >> "$top/.git/info/exclude"; fi | ||||
|                 if ! grep -q "^treefmt.nix$" "$top/.gitignore" "$top/.git/info/exclude"; then echo "treefmt.nix" >> "$top/.git/info/exclude"; fi | ||||
|               fi | ||||
|             fi | ||||
|  | ||||
|             direnv allow | ||||
|           } | ||||
|  | ||||
|           _nix-direnv_completion() { | ||||
|             local options=( | ||||
|               '-s[Dev shell from root flake]:shell:(${devShells})' | ||||
|               '-h[Hide .envrc and flake.nix in git]' | ||||
|             ) | ||||
|  | ||||
|             _arguments -s $options | ||||
|           } | ||||
|  | ||||
|           compdef _nix-direnv_completion nix-direnv | ||||
|         ''; | ||||
|  | ||||
|       p10k.extraRightPromptElements = [ "direnv" ]; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   environment.persistence = { | ||||
|     "/persist"."${home}/.local/share/direnv/allow" = { }; | ||||
|     "/cache"."${home}/.cache/direnv" = { }; | ||||
|     "/persist/state"."${home}/.local/share/direnv/allow" = { }; | ||||
|     "/persist/cache"."${home}/.cache/direnv" = { }; | ||||
|   }; | ||||
| } | ||||
|   | ||||
| @@ -2,12 +2,16 @@ | ||||
|   user ? throw "user argument is required", | ||||
|   home ? throw "home argument is required", | ||||
| }: | ||||
| { ... }: | ||||
| { pkgs, ... }: | ||||
| { | ||||
|   environment.persistence."/cache"."${home}/.cache/nix" = { }; | ||||
|   environment.persistence."/persist/cache"."${home}/.cache/nix" = { }; | ||||
|  | ||||
|   home-manager.users.${user}.programs.zsh.shellAliases = { | ||||
|     nrs = "sudo nixos-rebuild switch --flake .#$(hostname) --show-trace"; | ||||
|     nrb = "sudo nixos-rebuild boot --flake .#$(hostname) --show-trace"; | ||||
|   home-manager.users.${user} = { | ||||
|     home.packages = with pkgs; [ nurl ]; | ||||
|  | ||||
|     programs.zsh.shellAliases = { | ||||
|       nrs = "sudo nixos-rebuild switch --flake .#$(hostname) --show-trace"; | ||||
|       nrb = "sudo nixos-rebuild boot --flake .#$(hostname) --show-trace"; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
|   | ||||
| @@ -4,5 +4,5 @@ | ||||
| }: | ||||
| { pkgs, ... }: | ||||
| { | ||||
|   home-manager.users.${user}.home.packages = [ (pkgs.callPackage ./package.nix { }) ]; | ||||
|   home-manager.users.${user}.home.packages = with pkgs; [ ouch ]; | ||||
| } | ||||
| @@ -4,16 +4,17 @@ | ||||
| }: | ||||
| { config, pkgs, ... }: | ||||
| { | ||||
|   environment.persistence."/persist"."${home}/.local/state/wireplumber" = { }; | ||||
|   environment.persistence."/persist/state"."${home}/.local/state/wireplumber" = { }; | ||||
|  | ||||
|   systemd.user.services.wireplumber.after = [ | ||||
|     config.environment.persistence."/persist"."${home}/.local/state/wireplumber".mount | ||||
|     config.environment.persistence."/persist/state"."${home}/.local/state/wireplumber".mount | ||||
|   ]; | ||||
|  | ||||
|   home-manager.users.${user} = { | ||||
|     home.packages = with pkgs; [ | ||||
|       wireplumber | ||||
|       playerctl | ||||
|       easyeffects | ||||
|     ]; | ||||
|  | ||||
|     services.playerctld.enable = true; | ||||
|   | ||||
							
								
								
									
										33
									
								
								hosts/common/configs/user/console/podman/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										33
									
								
								hosts/common/configs/user/console/podman/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,33 @@ | ||||
| { | ||||
|   user ? throw "user argument is required", | ||||
|   home ? throw "home argument is required", | ||||
| }: | ||||
| { | ||||
|   lib, | ||||
|   pkgs, | ||||
|   inputs, | ||||
|   ... | ||||
| }: | ||||
| { | ||||
|   environment.persistence."/persist/state"."${home}/.local/share/containers".create = "directory"; | ||||
|  | ||||
|   home-manager.users.${user} = { | ||||
|     imports = [ inputs.quadlet-nix.homeManagerModules.quadlet ]; | ||||
|  | ||||
|     services.podman = { | ||||
|       enable = true; | ||||
|       settings.storage.storage.driver = "btrfs"; | ||||
|     }; | ||||
|  | ||||
|     virtualisation.quadlet.autoEscape = true; | ||||
|  | ||||
|     home = { | ||||
|       packages = with pkgs; [ | ||||
|         podman-compose | ||||
|         kompose | ||||
|       ]; | ||||
|  | ||||
|       sessionVariables.REGISTRY_AUTH_FILE = "${home}/.config/containers/auth.json"; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
| @@ -1,21 +0,0 @@ | ||||
| { | ||||
|   user ? throw "user argument is required", | ||||
|   home ? throw "home argument is required", | ||||
| }: | ||||
| { ... }: | ||||
| { | ||||
|   environment.persistence."/cache"."${home}/.cache/ranger" = { }; | ||||
|  | ||||
|   home-manager.users.${user}.programs = { | ||||
|     ranger = { | ||||
|       enable = true; | ||||
|  | ||||
|       settings = { | ||||
|         preview_images = true; | ||||
|         preview_images_method = "kitty"; | ||||
|       }; | ||||
|     }; | ||||
|  | ||||
|     zsh.p10k.extraRightPromptElements = [ "ranger" ]; | ||||
|   }; | ||||
| } | ||||
| @@ -4,14 +4,14 @@ | ||||
| }: | ||||
| { config, inputs, ... }: | ||||
| { | ||||
|   environment.persistence."/persist"."${home}/.config/sops-nix/key.txt" = { }; | ||||
|   environment.persistence."/persist/state"."${home}/.config/sops-nix/key.txt" = { }; | ||||
|  | ||||
|   home-manager.users.${user} = { | ||||
|     imports = [ inputs.sops-nix.homeManagerModules.sops ]; | ||||
|  | ||||
|     sops.age.keyFile = | ||||
|       config.environment.persistence."/persist"."${home}/.config/sops-nix/key.txt".source; | ||||
|       config.environment.persistence."/persist/state"."${home}/.config/sops-nix/key.txt".source; | ||||
|     home.sessionVariables.SOPS_AGE_KEY_FILE = | ||||
|       config.environment.persistence."/persist"."${home}/.config/sops-nix/key.txt".source; | ||||
|       config.environment.persistence."/persist/state"."${home}/.config/sops-nix/key.txt".source; | ||||
|   }; | ||||
| } | ||||
|   | ||||
| @@ -2,9 +2,10 @@ | ||||
|   user ? throw "user argument is required", | ||||
|   home ? throw "home argument is required", | ||||
| }: | ||||
| { inputs, ... }: | ||||
| { ... }: | ||||
| { | ||||
|   home-manager.users.${user} = { | ||||
|     imports = [ inputs.nur.modules.homeManager.default ]; | ||||
|     services.ssh-agent.enable = true; | ||||
|     programs.ssh.addKeysToAgent = "yes"; | ||||
|   }; | ||||
| } | ||||
| @@ -2,24 +2,7 @@ | ||||
|   user ? throw "user argument is required", | ||||
|   home ? throw "home argument is required", | ||||
| }: | ||||
| { ... }: | ||||
| { | ||||
|   config, | ||||
|   lib, | ||||
|   pkgs, | ||||
|   ... | ||||
| }: | ||||
| { | ||||
|   home-manager.users.${user} = { | ||||
|     programs.ssh = { | ||||
|       enable = true; | ||||
|       addKeysToAgent = "yes"; | ||||
|       userKnownHostsFile = lib.strings.concatStringsSep " " [ | ||||
|         ../../../../../installer/secrets/ssh_host_ed25519_key.pub | ||||
|         ../../../../../eirene/secrets/ssh_host_ed25519_key.pub | ||||
|         ../../../../../elara/secrets/ssh_host_ed25519_key.pub | ||||
|       ]; | ||||
|     }; | ||||
|  | ||||
|     services.ssh-agent.enable = true; | ||||
|   }; | ||||
|   home-manager.users.${user}.programs.ssh.enable = true; | ||||
| } | ||||
|   | ||||
| @@ -4,7 +4,7 @@ | ||||
| }: | ||||
| { config, pkgs, ... }: | ||||
| { | ||||
|   environment.persistence."/persist" = { | ||||
|   environment.persistence."/persist/user" = { | ||||
|     "${home}/Desktop" = { }; | ||||
|     "${home}/Documents" = { }; | ||||
|     "${home}/Downloads" = { }; | ||||
| @@ -18,8 +18,6 @@ | ||||
|   }; | ||||
|  | ||||
|   home-manager.users.${user} = { | ||||
|     imports = [ (import ./options.nix { inherit home; }) ]; | ||||
|  | ||||
|     xdg = { | ||||
|       enable = true; | ||||
|       mimeApps.enable = true; | ||||
|   | ||||
| @@ -1,112 +0,0 @@ | ||||
| { | ||||
|   home ? throw "home argument is required", | ||||
| }: | ||||
| { config, lib, ... }: | ||||
| let | ||||
|   cfg = config.xdg; | ||||
| in | ||||
| { | ||||
|   options.xdg = | ||||
|     with lib; | ||||
|     with types; | ||||
|     { | ||||
|       relativeCacheHome = mkOption { | ||||
|         type = str; | ||||
|         readOnly = true; | ||||
|         default = ".cache"; | ||||
|         description = "Relative path to directory holding application caches."; | ||||
|       }; | ||||
|  | ||||
|       relativeConfigHome = mkOption { | ||||
|         type = str; | ||||
|         readOnly = true; | ||||
|         default = ".config"; | ||||
|         description = "Relative path to directory holding application configurations."; | ||||
|       }; | ||||
|  | ||||
|       relativeDataHome = mkOption { | ||||
|         type = str; | ||||
|         readOnly = true; | ||||
|         default = ".local/share"; | ||||
|         description = "Relative path to directory holding application data."; | ||||
|       }; | ||||
|  | ||||
|       relativeStateHome = mkOption { | ||||
|         type = str; | ||||
|         readOnly = true; | ||||
|         default = ".local/state"; | ||||
|         description = "Relative path to directory holding application states."; | ||||
|       }; | ||||
|  | ||||
|       userDirs = { | ||||
|         relativeDesktop = mkOption { | ||||
|           type = str; | ||||
|           readOnly = true; | ||||
|           default = "Desktop"; | ||||
|           description = "Relative path to the Desktop directory."; | ||||
|         }; | ||||
|  | ||||
|         relativeDocuments = mkOption { | ||||
|           type = str; | ||||
|           readOnly = true; | ||||
|           default = "Documents"; | ||||
|           description = "Relative path to the Documents directory."; | ||||
|         }; | ||||
|  | ||||
|         relativeDownload = mkOption { | ||||
|           type = str; | ||||
|           readOnly = true; | ||||
|           default = "Downloads"; | ||||
|           description = "Relative path to the Downloads directory."; | ||||
|         }; | ||||
|  | ||||
|         relativeMusic = mkOption { | ||||
|           type = str; | ||||
|           readOnly = true; | ||||
|           default = "Music"; | ||||
|           description = "Relative path to the Music directory."; | ||||
|         }; | ||||
|  | ||||
|         relativePictures = mkOption { | ||||
|           type = str; | ||||
|           readOnly = true; | ||||
|           default = "Pictures"; | ||||
|           description = "Relative path to the Pictures directory."; | ||||
|         }; | ||||
|  | ||||
|         relativeTemplates = mkOption { | ||||
|           type = str; | ||||
|           readOnly = true; | ||||
|           default = "Templates"; | ||||
|           description = "Relative path to the Templates directory."; | ||||
|         }; | ||||
|  | ||||
|         relativeVideos = mkOption { | ||||
|           type = str; | ||||
|           readOnly = true; | ||||
|           default = "Videos"; | ||||
|           description = "Relative path to the Videos directory."; | ||||
|         }; | ||||
|       }; | ||||
|     }; | ||||
|  | ||||
|   config.xdg = | ||||
|     with lib; | ||||
|     with cfg; | ||||
|     { | ||||
|       cacheHome = mkDefault "${home}/${relativeCacheHome}"; | ||||
|       configHome = mkDefault "${home}/${relativeConfigHome}"; | ||||
|       dataHome = mkDefault "${home}/${relativeDataHome}"; | ||||
|       stateHome = mkDefault "${home}/${relativeStateHome}"; | ||||
|  | ||||
|       userDirs = with userDirs; { | ||||
|         desktop = mkDefault "${home}/${relativeDesktop}"; | ||||
|         documents = mkDefault "${home}/${relativeDocuments}"; | ||||
|         download = mkDefault "${home}/${relativeDownload}"; | ||||
|         music = mkDefault "${home}/${relativeMusic}"; | ||||
|         pictures = mkDefault "${home}/${relativePictures}"; | ||||
|         templates = mkDefault "${home}/${relativeTemplates}"; | ||||
|         videos = mkDefault "${home}/${relativeVideos}"; | ||||
|       }; | ||||
|     }; | ||||
| } | ||||
							
								
								
									
										208
									
								
								hosts/common/configs/user/console/yazi/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										208
									
								
								hosts/common/configs/user/console/yazi/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,208 @@ | ||||
| { | ||||
|   user ? throw "user argument is required", | ||||
|   home ? throw "home argument is required", | ||||
| }: | ||||
| { | ||||
|   config, | ||||
|   lib, | ||||
|   pkgs, | ||||
|   inputs, | ||||
|   system, | ||||
|   ... | ||||
| }: | ||||
| let | ||||
|   hmConfig = config.home-manager.users.${user}; | ||||
|   selfPkgs = inputs.self.packages.${system}; | ||||
| in | ||||
| { | ||||
|   home-manager.users.${user} = { | ||||
|     programs = { | ||||
|       yazi = { | ||||
|         enable = true; | ||||
|         enableZshIntegration = true; | ||||
|  | ||||
|         settings = { | ||||
|           mgr = { | ||||
|             show_hidden = true; | ||||
|           }; | ||||
|  | ||||
|           opener = { | ||||
|             edit = | ||||
|               [ | ||||
|                 { | ||||
|                   run = "${hmConfig.programs.neovim.finalPackage}/bin/nvim \"$@\""; | ||||
|                   desc = "nvim"; | ||||
|                   block = true; | ||||
|                 } | ||||
|               ] | ||||
|               ++ lib.lists.optional hmConfig.programs.vscode.enable { | ||||
|                 run = "${hmConfig.programs.vscode.package}/bin/code \"$@\""; | ||||
|                 desc = "code"; | ||||
|                 orphan = true; | ||||
|               }; | ||||
|             open = [ | ||||
|               { | ||||
|                 run = "uwsm app -- xdg-open \"$1\""; | ||||
|                 desc = "Open"; | ||||
|               } | ||||
|             ]; | ||||
|             reveal = [ | ||||
|               { | ||||
|                 run = "uwsm app -- xdg-open \"$(dirname \"$1\")\""; | ||||
|                 desc = "Reveal"; | ||||
|               } | ||||
|             ]; | ||||
|             extract = [ | ||||
|               { | ||||
|                 run = "ouch d -y \"$@\""; | ||||
|                 desc = "Extract here with ouch"; | ||||
|               } | ||||
|             ]; | ||||
|             play = [ | ||||
|               { | ||||
|                 run = "uwsm app -- mpv \"$@\""; | ||||
|                 orphan = true; | ||||
|               } | ||||
|             ]; | ||||
|           }; | ||||
|  | ||||
|           plugin = { | ||||
|             prepend_preloaders = [ | ||||
|               { | ||||
|                 mime = "{audio,video,image}/*"; | ||||
|                 run = "mediainfo"; | ||||
|               } | ||||
|               { | ||||
|                 mime = "application/subrip"; | ||||
|                 run = "mediainfo"; | ||||
|               } | ||||
|             ]; | ||||
|  | ||||
|             prepend_previewers = [ | ||||
|               { | ||||
|                 mime = "{audio,video,image}/*"; | ||||
|                 run = "mediainfo"; | ||||
|               } | ||||
|               { | ||||
|                 mime = "application/subrip"; | ||||
|                 run = "mediainfo"; | ||||
|               } | ||||
|               { | ||||
|                 mime = "application/*zip"; | ||||
|                 run = "ouch"; | ||||
|               } | ||||
|               { | ||||
|                 mime = "application/x-tar"; | ||||
|                 run = "ouch"; | ||||
|               } | ||||
|               { | ||||
|                 mime = "application/x-bzip2"; | ||||
|                 run = "ouch"; | ||||
|               } | ||||
|               { | ||||
|                 mime = "application/x-7z-compressed"; | ||||
|                 run = "ouch"; | ||||
|               } | ||||
|               { | ||||
|                 mime = "application/x-rar"; | ||||
|                 run = "ouch"; | ||||
|               } | ||||
|               { | ||||
|                 mime = "application/x-xz"; | ||||
|                 run = "ouch"; | ||||
|               } | ||||
|               { | ||||
|                 mime = "application/xz"; | ||||
|                 run = "ouch"; | ||||
|               } | ||||
|             ]; | ||||
|           }; | ||||
|         }; | ||||
|  | ||||
|         keymap = { | ||||
|           mgr.prepend_keymap = [ | ||||
|             { | ||||
|               on = "<Enter>"; | ||||
|               run = "plugin smart-enter"; | ||||
|               desc = "Enter the child directory, or open the file"; | ||||
|             } | ||||
|             { | ||||
|               on = ";"; | ||||
|               run = "plugin custom-shell -- auto --interactive"; | ||||
|               desc = "Run a shell command"; | ||||
|             } | ||||
|             { | ||||
|               on = ":"; | ||||
|               run = "plugin custom-shell -- auto --interactive --block"; | ||||
|               desc = "Run a shell command (block until finishes)"; | ||||
|             } | ||||
|             { | ||||
|               on = "!"; | ||||
|               run = "shell \"$SHELL\" --block"; | ||||
|               desc = "Open $SHELL here"; | ||||
|             } | ||||
|             { | ||||
|               on = "C"; | ||||
|               run = "plugin ouch"; | ||||
|               desc = "Compress"; | ||||
|             } | ||||
|             { | ||||
|               on = "M"; | ||||
|               run = "plugin chmod"; | ||||
|               desc = "Chmod on selected files"; | ||||
|             } | ||||
|             { | ||||
|               on = "<C-m>"; | ||||
|               run = "plugin mount"; | ||||
|               desc = "Open the mount menu"; | ||||
|             } | ||||
|           ]; | ||||
|         }; | ||||
|  | ||||
|         initLua = '' | ||||
|           Status:children_add(function(self) | ||||
|             local h = self._current.hovered | ||||
|             if not h or not h.link_to then | ||||
|               return "" | ||||
|             end | ||||
|  | ||||
|             return " -> " .. tostring(h.link_to) | ||||
|           end, 3300, Status.LEFT) | ||||
|  | ||||
|           Status:children_add(function() | ||||
|           	local h = cx.active.current.hovered | ||||
|           	if not h then | ||||
|               return "" | ||||
|           	end | ||||
|  | ||||
|           	return ui.Line { | ||||
|           		ui.Span(ya.user_name(h.cha.uid) or tostring(h.cha.uid)), | ||||
|           		":", | ||||
|           		ui.Span(ya.group_name(h.cha.gid) or tostring(h.cha.gid)), | ||||
|           		" ", | ||||
|           	} | ||||
|           end, 500, Status.RIGHT) | ||||
|         ''; | ||||
|  | ||||
|         plugins = with pkgs.yaziPlugins; { | ||||
|           inherit | ||||
|             smart-enter | ||||
|             chmod | ||||
|             ouch | ||||
|             mount | ||||
|             mediainfo | ||||
|             ; | ||||
|  | ||||
|           custom-shell = selfPkgs.yazi-plugin-custom-shell; | ||||
|         }; | ||||
|       }; | ||||
|  | ||||
|       zsh = { | ||||
|         shellAliases.y = "yazi"; | ||||
|         p10k.extraRightPromptElements = [ "yazi" ]; | ||||
|       }; | ||||
|     }; | ||||
|  | ||||
|     theme.template.".config/yazi/theme.toml".source = ./theme.toml; | ||||
|   }; | ||||
| } | ||||
							
								
								
									
										101
									
								
								hosts/common/configs/user/console/yazi/theme.toml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										101
									
								
								hosts/common/configs/user/console/yazi/theme.toml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,101 @@ | ||||
| [mgr] | ||||
| cwd = { fg = "{{colors.primary.default.hex}}" } | ||||
|  | ||||
| preview_hovered = { } | ||||
|  | ||||
| find_keyword = { fg = "{{colors.tertiary.default.hex}}", bold = true, italic = true, underline = true } | ||||
| find_position = { fg = "{{colors.tertiary.default.hex}}", bg = "reset", bold = true, italic = true } | ||||
|  | ||||
| marker_selected = { fg = "{{colors.primary.default.hex}}", bg = "{{colors.primary.default.hex}}" } | ||||
| marker_copied   = { fg = "{{colors.secondary.default.hex}}",  bg = "{{colors.secondary.default.hex}}" } | ||||
| marker_cut      = { fg = "{{colors.secondary.default.hex}}",    bg = "{{colors.secondary.default.hex}}" } | ||||
| marker_marked   = { fg = "{{colors.tertiary.default.hex}}",   bg = "{{colors.tertiary.default.hex}}" } | ||||
|  | ||||
| count_selected = { fg = "{{colors.on_primary.default.hex}}", bg = "{{colors.primary.default.hex}}" } | ||||
| count_copied   = { fg = "{{colors.on_secondary.default.hex}}", bg = "{{colors.secondary.default.hex}}" } | ||||
| count_cut      = { fg = "{{colors.on_secondary.default.hex}}", bg = "{{colors.secondary.default.hex}}" } | ||||
|  | ||||
| border_style  = { fg = "{{colors.outline.default.hex}}" } | ||||
|  | ||||
| [tabs] | ||||
| active   = { fg = "{{colors.on_primary.default.hex}}", bg = "{{colors.primary.default.hex}}", bold = true } | ||||
| inactive = { fg = "{{colors.on_surface_variant.default.hex}}", bg = "{{colors.surface_dim.default.hex}}" } | ||||
|  | ||||
| sep_inner = { open = "", close = "" } | ||||
| sep_outer = { open = "", close = "" } | ||||
|  | ||||
| [mode] | ||||
| normal_main = { fg = "{{colors.on_primary.default.hex}}", bg = "{{colors.primary.default.hex}}", bold = true } | ||||
| normal_alt  = { fg = "{{colors.on_primary_container.default.hex}}", bg = "{{colors.primary_container.default.hex}}" } | ||||
|  | ||||
| select_main = { fg = "{{colors.on_secondary.default.hex}}", bg = "{{colors.secondary.default.hex}}", bold = true } | ||||
| select_alt  = { fg = "{{colors.on_secondary_container.default.hex}}", bg = "{{colors.secondary_container.default.hex}}" } | ||||
|  | ||||
| unset_main = { fg = "{{colors.on_tertiary.default.hex}}", bg = "{{colors.tertiary.default.hex}}", bold = true } | ||||
| unset_alt  = { fg = "{{colors.on_tertiary_container.default.hex}}", bg = "{{colors.tertiary_container.default.hex}}" } | ||||
|  | ||||
| [status] | ||||
| sep_left  = { open = "", close = "" } | ||||
| sep_right = { open = "", close = "" } | ||||
|  | ||||
| perm_sep   = { fg = "{{colors.scrim.default.hex}}" } | ||||
| perm_type  = { fg = "{{colors.primary.default.hex}}" } | ||||
| perm_read  = { fg = "{{colors.primary.default.hex}}" } | ||||
| perm_write = { fg = "{{colors.secondary.default.hex}}" } | ||||
| perm_exec  = { fg = "{{colors.tertiary.default.hex}}" } | ||||
|  | ||||
| progress_label  = { bold = true } | ||||
| progress_normal = { fg = "{{colors.primary.default.hex}}", bg = "{{colors.primary_container.default.hex}}" } | ||||
| progress_error  = { fg = "{{colors.error.default.hex}}", bg = "{{colors.error_container.default.hex}}" } | ||||
|  | ||||
| [which] | ||||
| mask            = { bg = "{{colors.surface.default.hex}}" } | ||||
| cand            = { fg = "{{colors.primary.default.hex}}" } | ||||
| rest            = { fg = "{{colors.primary_container.default.hex}}" } | ||||
| desc            = { fg = "{{colors.on_surface.default.hex}}" } | ||||
| separator_style = { fg = "{{colors.scrim.default.hex}}" } | ||||
|  | ||||
| [confirm] | ||||
| border     = { fg = "{{colors.primary.default.hex}}" } | ||||
| title      = { fg = "{{colors.primary.default.hex}}" } | ||||
|  | ||||
| [spot] | ||||
| border = { fg = "{{colors.primary.default.hex}}" } | ||||
| title  = { fg = "{{colors.primary.default.hex}}" } | ||||
|  | ||||
| tbl_col  = { fg = "{{colors.primary.default.hex}}" } | ||||
| tbl_cell = { fg = "{{colors.secondary.default.hex}}", reversed = true } | ||||
|  | ||||
| [notify] | ||||
| title_info  = { fg = "{{colors.info.default.hex}}" } | ||||
| title_warn  = { fg = "{{colors.warning.default.hex}}" } | ||||
| title_error = { fg = "{{colors.error.default.hex}}" } | ||||
|  | ||||
| [pick] | ||||
| border   = { fg = "{{colors.primary.default.hex}}" } | ||||
| active   = { fg = "{{colors.secondary.default.hex}}", bold = true } | ||||
|  | ||||
| [input] | ||||
| border   = { fg = "{{colors.primary.default.hex}}" } | ||||
|  | ||||
| [cmp] | ||||
| border   = { fg = "{{colors.primary.default.hex}}" } | ||||
|  | ||||
| [tasks] | ||||
| border  = { fg = "{{colors.primary.default.hex}}" } | ||||
| hovered = { fg = "{{colors.secondary.default.hex}}", bold = true } | ||||
|  | ||||
| [help] | ||||
| on      = { fg = "{{colors.primary.default.hex}}" } | ||||
| run     = { fg = "{{colors.secondary.default.hex}}" } | ||||
| footer  = { fg = "{{colors.surface.default.hex}}", bg = "{{colors.on_surface.default.hex}}" } | ||||
|  | ||||
| [icon] | ||||
| prepend_dirs  = [ | ||||
|   { name = ".cache", text = "" }, | ||||
|   { name = ".local", text = "" }, | ||||
| 	{ name = "Games", text = "" }, | ||||
| 	{ name = "git", text = "" }, | ||||
| 	{ name = "Templates", text = "" }, | ||||
| 	{ name = "VMs", text = "" }, | ||||
| ] | ||||
							
								
								
									
										13
									
								
								hosts/common/configs/user/console/zoxide/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										13
									
								
								hosts/common/configs/user/console/zoxide/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,13 @@ | ||||
| { | ||||
|   user ? throw "user argument is required", | ||||
|   home ? throw "home argument is required", | ||||
| }: | ||||
| { ... }: | ||||
| { | ||||
|   environment.persistence."/persist/state"."${home}/.local/share/zoxide" = { }; | ||||
|  | ||||
|   home-manager.users.${user}.programs.zoxide = { | ||||
|     enable = true; | ||||
|     enableZshIntegration = true; | ||||
|   }; | ||||
| } | ||||
| @@ -5,15 +5,13 @@ | ||||
| { config, pkgs, ... }: | ||||
| { | ||||
|   environment = { | ||||
|     persistence."/persist"."${home}/.local/share/zsh" = { }; | ||||
|     persistence."/persist/state"."${home}/.local/share/zsh" = { }; | ||||
|     # If we set this under home-manager.users.${user}.home.sessionVariables, | ||||
|     # it runs too late in the init process and zsh fails. | ||||
|     sessionVariables.ZDOTDIR = "$HOME/.config/zsh"; | ||||
|   }; | ||||
|  | ||||
|   home-manager.users.${user} = { | ||||
|     imports = [ ./options.nix ]; | ||||
|  | ||||
|     programs.zsh = { | ||||
|       enable = true; | ||||
|       dotDir = ".config/zsh"; | ||||
| @@ -33,7 +31,7 @@ | ||||
|           file = "share/zsh-powerlevel10k/powerlevel10k.zsh-theme"; | ||||
|         } | ||||
|       ]; | ||||
|       initExtra = '' | ||||
|       initContent = '' | ||||
|         source ${./.p10k.zsh} | ||||
|       ''; | ||||
|     }; | ||||
|   | ||||
| @@ -18,7 +18,7 @@ in | ||||
|     with lib; | ||||
|     with cfg; | ||||
|     { | ||||
|       initExtra = '' | ||||
|       initContent = '' | ||||
|         export P10K_EXTRA_RIGHT_PROMPT_ELEMENTS=(${strings.concatStringsSep " " p10k.extraRightPromptElements}) | ||||
|       ''; | ||||
|     }; | ||||
|   | ||||
							
								
								
									
										16
									
								
								hosts/common/configs/user/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										16
									
								
								hosts/common/configs/user/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,16 @@ | ||||
| { | ||||
|   user ? throw "user argument is required", | ||||
|   home ? throw "home argument is required", | ||||
| }: | ||||
| { ... }: | ||||
| { | ||||
|   imports = [ ./options.nix ]; | ||||
|  | ||||
|   home-manager.users.${user}.imports = [ | ||||
|     ./console/zsh/options.nix | ||||
|     ./gui/clipbook/options.nix | ||||
|     ./gui/hyprland/options.nix | ||||
|     (import ./gui/theme/options.nix { inherit user home; }) | ||||
|     ./gui/vscode/options.nix | ||||
|   ]; | ||||
| } | ||||
| @@ -1,10 +1,12 @@ | ||||
| import { App } from "astal/gtk3" | ||||
| import Bar from "./widget/Bar" | ||||
| import { monitorFile } from "astal/file" | ||||
| import { exec } from "astal/process" | ||||
| import GLib from "gi://GLib" | ||||
| import { App } from "astal/gtk3"; | ||||
| import { monitorFile } from "astal/file"; | ||||
| import { exec } from "astal/process"; | ||||
| import GLib from "gi://GLib"; | ||||
| import Left from "./widget/Left"; | ||||
| import Center from "./widget/Center"; | ||||
| import Right from "./widget/Right"; | ||||
|  | ||||
| const HOME = GLib.getenv("HOME") | ||||
| const HOME = GLib.getenv("HOME"); | ||||
| const css = `${HOME}/.config/astal/theme.css`; | ||||
| const scss = `${HOME}/.config/astal/theme.sass`; | ||||
|  | ||||
| @@ -18,6 +20,10 @@ exec(`sassc ${scss} ${css}`); | ||||
| App.start({ | ||||
|   css, | ||||
|   main() { | ||||
|     App.get_monitors().map(Bar) | ||||
|     App.get_monitors().map((monitor) => { | ||||
|       Left(monitor); | ||||
|       Center(monitor); | ||||
|       Right(monitor); | ||||
|     }); | ||||
|   }, | ||||
| }) | ||||
| }); | ||||
|   | ||||
| @@ -1,26 +1,26 @@ | ||||
| export const SRC: string | ||||
| export const SRC: string; | ||||
|  | ||||
| declare module "inline:*" { | ||||
|   const content: string | ||||
|   export default content | ||||
|   const content: string; | ||||
|   export default content; | ||||
| } | ||||
|  | ||||
| declare module "*.scss" { | ||||
|   const content: string | ||||
|   export default content | ||||
|   const content: string; | ||||
|   export default content; | ||||
| } | ||||
|  | ||||
| declare module "*.sass" { | ||||
|   const content: string | ||||
|   export default content | ||||
|   const content: string; | ||||
|   export default content; | ||||
| } | ||||
|  | ||||
| declare module "*.blp" { | ||||
|   const content: string | ||||
|   export default content | ||||
|   const content: string; | ||||
|   export default content; | ||||
| } | ||||
|  | ||||
| declare module "*.css" { | ||||
|   const content: string | ||||
|   export default content | ||||
|   const content: string; | ||||
|   export default content; | ||||
| } | ||||
|   | ||||
| @@ -1,3 +1,16 @@ | ||||
| import { Gdk } from "astal/gtk3"; | ||||
| import Hyprland from "gi://AstalHyprland"; | ||||
|  | ||||
| export const range = (length: number, start = 1) => { | ||||
|   return Array.from({ length }, (n, i) => i + start); | ||||
| }; | ||||
|  | ||||
| export const getHyprlandMonitor = (gdkmonitor: Gdk.Monitor) => { | ||||
|   const hyprland = Hyprland.get_default(); | ||||
|   const display = Gdk.Display.get_default()!; | ||||
|   const screen = display.get_default_screen(); | ||||
|   for (let i = 0; i < display.get_n_monitors(); ++i) { | ||||
|     if (gdkmonitor === display.get_monitor(i)) | ||||
|       return hyprland.get_monitor_by_name(screen.get_monitor_plug_name(i)!); | ||||
|   } | ||||
| }; | ||||
|   | ||||
| @@ -7,6 +7,6 @@ | ||||
|     "module": "ES2022", | ||||
|     "moduleResolution": "Bundler", | ||||
|     "jsx": "react-jsx", | ||||
|     "jsxImportSource": "astal/gtk3", | ||||
|     "jsxImportSource": "astal/gtk3" | ||||
|   } | ||||
| } | ||||
|   | ||||
| @@ -1,29 +0,0 @@ | ||||
| import { App, Astal, Gtk, Gdk } from 'astal/gtk3' | ||||
| import Launcher from './components/Launcher'; | ||||
| import Workspace from './components/Workspaces'; | ||||
| import Date from './components/Date'; | ||||
| import Systray from './components/Tray'; | ||||
|  | ||||
| const anchor = Astal.WindowAnchor.TOP | ||||
|   | Astal.WindowAnchor.LEFT | ||||
|   | Astal.WindowAnchor.RIGHT; | ||||
|  | ||||
| export default (monitor: Gdk.Monitor) => <window | ||||
|   className='bar' | ||||
|   gdkmonitor={monitor} | ||||
|   exclusivity={Astal.Exclusivity.EXCLUSIVE} | ||||
|   anchor={anchor} | ||||
|   application={App}> | ||||
|   <centerbox className='widgets'> | ||||
|     <box hexpand halign={Gtk.Align.START}> | ||||
|       <Launcher /> | ||||
|       <Workspace /> | ||||
|     </box> | ||||
|     <box hexpand halign={Gtk.Align.CENTER}> | ||||
|       <Date /> | ||||
|     </box> | ||||
|     <box hexpand halign={Gtk.Align.END}> | ||||
|       <Systray /> | ||||
|     </box> | ||||
|   </centerbox> | ||||
| </window> | ||||
Some files were not shown because too many files have changed in this diff Show More
		Reference in New Issue
	
	Block a user