karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: karaolidis:main
Branches Tags
karaolidis:main karaolidis:wireguard karaolidis:kubernetes
..
compare: karaolidis:34034a3550c6ece1bea0e3ee2c05371e7e6baaec
Branches Tags
karaolidis:main karaolidis:wireguard karaolidis:kubernetes

1 Commits
main ... 34034a3550

Author SHA1 Message Date
Nikolaos Karaolidis
34034a3550 Update sas flake 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-18 11:46:59 +03:00
106 changed files with 857 additions and 26738 deletions
Expand all files Collapse all files

2
.gitmodules vendored
View File

@@ -4,6 +4,6 @@
[submodule "sas"] [submodule "sas"]
path = submodules/sas path = submodules/sas
url = git@karaolidis.com:karaolidis/nix-sas.git url = git@karaolidis.com:karaolidis/nix-sas.git
[submodule "lib"] [submodule "submodules/lib"]
path = submodules/lib path = submodules/lib
url = git@karaolidis.com:karaolidis/nix-lib.git url = git@karaolidis.com:karaolidis/nix-lib.git

11
README.md
View File

@@ -20,12 +20,11 @@ NixOS dotfiles and configuration for various hosts and users.
- [`packages/`](./packages/): Custom packages. - [`packages/`](./packages/): Custom packages.
- [`scripts/`](./scripts): Utility scripts for managing the repository. - [`scripts/`](./lib/scripts): Utility scripts for managing the repository.
- [`add-host.sh`](./scripts/add-host.sh): Instantiate the keys for a new host configuration. - [`add-host.sh`](./lib/scripts/add-host.sh): Instantiate the keys for a new host configuration.
- [`remove-host.sh`](./scripts/remove-host.sh): Remove references to a host. - [`remove-host.sh`](./lib/scripts/remove-host.sh): Remove references to a host.
- [`update-keys.sh`](./scripts/update-keys.sh): Update the encryption keys in all relevant files using `sops.yaml` configurations. - [`update-keys.sh`](./lib/scripts/update-keys.sh): Update the encryption keys in all relevant files using `sops.yaml` configurations.
- [`update.sh`](./scripts/update.sh): Update flake and all packages. - [`update.sh`](./lib/scripts/update.sh): Update flake and all packages.
- [`cache.sh`](./scripts/cache.sh): Build all `nixosConfiguration`s and push them to `attic`.
Any `options.nix` files create custom option definitions when present. Any `options.nix` files create custom option definitions when present.

158
flake.lock generated
View File

@@ -10,11 +10,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1756487002, "lastModified": 1754932414,
"narHash": "sha256-hN9RfNXy53qAkT68T+IYZpl68uE1uPOVMkw0MqC43KA=", "narHash": "sha256-V8c+68Axn5AGDCaG9Zv+EqNU4D6xWPHNXLIapq6AGiM=",
"owner": "aylur", "owner": "aylur",
"repo": "ags", "repo": "ags",
"rev": "8ff792dba6cc82eed10e760f551075564dd0a407", "rev": "9e6912b51d7bc58f35d10b11be1a126b926b56d3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -30,11 +30,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1756474652, "lastModified": 1754893912,
"narHash": "sha256-iiBU6itpEqE0spXeNJ3uJTfioSyKYjt5bNepykpDXTE=", "narHash": "sha256-kzU/3A4k+d3PsgMLohzSh4KJybTqvzqibUVqV2yXCGY=",
"owner": "aylur", "owner": "aylur",
"repo": "astal", "repo": "astal",
"rev": "20bd8318e4136fbd3d4eb2d64dbabc3acbc915dd", "rev": "5d4eef66392b0dff99a63a4f39ff886624bd69dd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -80,17 +80,19 @@
} }
}, },
"flake-compat": { "flake-compat": {
"flake": false,
"locked": { "locked": {
"lastModified": 1733328505, "lastModified": 1747046372,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "owner": "edolstra",
"revCount": 69, "repo": "flake-compat",
"type": "tarball", "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz" "type": "github"
}, },
"original": { "original": {
"type": "tarball", "owner": "edolstra",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" "repo": "flake-compat",
"type": "github"
} }
}, },
"flake-input-patcher": { "flake-input-patcher": {
@@ -183,11 +185,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1756579987, "lastModified": 1755442500,
"narHash": "sha256-duCce8zGsaMsrqqOmLOsuaV1PVIw/vXWnKuLKZClsGg=", "narHash": "sha256-RHK4H6SWzkAtW/5WBHsyugaXJX25yr5y7FAZznxcBJs=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "99a69bdf8a3c6bf038c4121e9c4b6e99706a187a", "rev": "d2ffdedfc39c591367b1ddf22b4ce107f029dcc3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -199,9 +201,7 @@
"lanzaboote": { "lanzaboote": {
"inputs": { "inputs": {
"crane": "crane", "crane": "crane",
"flake-compat": [ "flake-compat": "flake-compat",
"flake-compat"
],
"flake-parts": [ "flake-parts": [
"flake-parts" "flake-parts"
], ],
@@ -248,52 +248,13 @@
"url": "https://git.karaolidis.com/karaolidis/nix-lib.git" "url": "https://git.karaolidis.com/karaolidis/nix-lib.git"
} }
}, },
"mnw": {
"locked": {
"lastModified": 1748710831,
"narHash": "sha256-eZu2yH3Y2eA9DD3naKWy/sTxYS5rPK2hO7vj8tvUCSU=",
"owner": "Gerg-L",
"repo": "mnw",
"rev": "cff958a4e050f8d917a6ff3a5624bc4681c6187d",
"type": "github"
},
"original": {
"owner": "Gerg-L",
"repo": "mnw",
"type": "github"
}
},
"nixos-wsl": {
"inputs": {
"flake-compat": [
"flake-compat"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1755774185,
"narHash": "sha256-XjKqiTA19mkoBkja0VOy90qp2gC1f2fGgsLb9m1lg5Q=",
"owner": "karaolidis",
"repo": "NixOS-WSL",
"rev": "b1f426697f62006b99fac0cc25a106626c78f874",
"type": "github"
},
"original": {
"owner": "karaolidis",
"ref": "extra-files",
"repo": "NixOS-WSL",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1756542300, "lastModified": 1755186698,
"narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=", "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d7600c775f877cd87b4f5a831c28aa94137377aa", "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -328,11 +289,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1756630008, "lastModified": 1755452770,
"narHash": "sha256-weZiVKbiWQzTifm6qCxzhxghEu5mbh9mWNUdkzOLCR0=", "narHash": "sha256-oc8xrqvVIoDxbfTlbkE1XQ7O88TgNZn5FOZKLiuIEmg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "f6a5a7b60dd6065e78ef06390767e689ffa3c23f", "rev": "eab62298402c7cdfdefda647a4046befa3a84051",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -341,36 +302,6 @@
"type": "github" "type": "github"
} }
}, },
"nvf": {
"inputs": {
"flake-compat": [
"flake-compat"
],
"flake-parts": [
"flake-parts"
],
"mnw": "mnw",
"nixpkgs": [
"nixpkgs"
],
"systems": [
"systems"
]
},
"locked": {
"lastModified": 1755463179,
"narHash": "sha256-5Ggb1Mhf7ZlRgGi2puCa2PvWs6KbMnWBlW6KW7Vf79Y=",
"owner": "NotAShelf",
"repo": "nvf",
"rev": "03833118267ad32226b014b360692bdce9d6e082",
"type": "github"
},
"original": {
"owner": "NotAShelf",
"repo": "nvf",
"type": "github"
}
},
"nvidia-patch": { "nvidia-patch": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -381,11 +312,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1756052001, "lastModified": 1755069017,
"narHash": "sha256-dlLqyHxqiFAoIwshKe9X3PzXcJ+up88Qb2JVQswFaNE=", "narHash": "sha256-cTD5WfZRK2mwrSktlYcrk6DOEEkQbE1z78O16TF293c=",
"owner": "icewind1991", "owner": "icewind1991",
"repo": "nvidia-patch-nixos", "repo": "nvidia-patch-nixos",
"rev": "780af7357d942fad2ddd9f325615a5f6ea7e37ee", "rev": "d187885c14bdd8520d40f527134d536168f8d92b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -440,17 +371,14 @@
"ags": "ags", "ags": "ags",
"astal": "astal", "astal": "astal",
"disko": "disko", "disko": "disko",
"flake-compat": "flake-compat",
"flake-input-patcher": "flake-input-patcher", "flake-input-patcher": "flake-input-patcher",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"home-manager": "home-manager", "home-manager": "home-manager",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"lib": "lib", "lib": "lib",
"nixos-wsl": "nixos-wsl",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nur": "nur", "nur": "nur",
"nvf": "nvf",
"nvidia-patch": "nvidia-patch", "nvidia-patch": "nvidia-patch",
"quadlet-nix": "quadlet-nix", "quadlet-nix": "quadlet-nix",
"sas": "sas", "sas": "sas",
@@ -495,11 +423,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1755532656, "lastModified": 1755506147,
"narHash": "sha256-xYb5dJej3emyr4oWWAhkMP8rPc3kdVOXGZcIbAx1Y/I=", "narHash": "sha256-B4e60+9j1cMEhAjpvgcNSSJbzPe2CUpAo2av15xd/0M=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "b01f3f8456903cb1bde9637cc23b456b47354138", "rev": "ebe2f986fc82df849d879f5b0af403c78ead2002",
"revCount": 11, "revCount": 10,
"type": "git", "type": "git",
"url": "ssh://git@karaolidis.com/karaolidis/nix-sas.git" "url": "ssh://git@karaolidis.com/karaolidis/nix-sas.git"
}, },
@@ -511,11 +439,11 @@
"secrets": { "secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1756900832, "lastModified": 1755454846,
"narHash": "sha256-sMne4dvYzcdbDVcMPY6NLVHiZbgjtDrxttKG0Vig8WQ=", "narHash": "sha256-tbI+AcQGvtucMKKr+VHM53ZI6upPBjD9kR5PCyF4K60=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "adac63f6daffb4e14ce0fb94e93eb987e2460064", "rev": "c1a835c4f9ba9915671c79b3241f4d4863f11323",
"revCount": 38, "revCount": 33,
"type": "git", "type": "git",
"url": "ssh://git@karaolidis.com/karaolidis/nix-secrets.git" "url": "ssh://git@karaolidis.com/karaolidis/nix-secrets.git"
}, },
@@ -554,11 +482,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1756614537, "lastModified": 1755405549,
"narHash": "sha256-qyszmZO9CEKAlj5NBQo1AIIADm5Fgqs5ZggW1sU1TVo=", "narHash": "sha256-0vJD6WhL1jfXbnpH6r8yr1RgzB8mGFWIWokKHaJMJ/4=",
"owner": "Gerg-L", "owner": "Gerg-L",
"repo": "spicetify-nix", "repo": "spicetify-nix",
"rev": "374eb5d97092b97f7aaafd58a2012943b388c0df", "rev": "df1f5d4c0633040937358755defff9f07e9c0a73",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -589,11 +517,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1755934250, "lastModified": 1754847726,
"narHash": "sha256-CsDojnMgYsfshQw3t4zjRUkmMmUdZGthl16bXVWgRYU=", "narHash": "sha256-2vX8QjO5lRsDbNYvN9hVHXLU6oMl+V/PsmIiJREG4rE=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "74e1a52d5bd9430312f8d1b8b0354c92c17453e5", "rev": "7d81f6fb2e19bf84f1c65135d1060d829fae2408",
"type": "github" "type": "github"
}, },
"original": { "original": {

114
flake.nix
View File

@@ -1,6 +1,5 @@
{ {
inputs = { inputs = {
# Configuration
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
home-manager = { home-manager = {
@@ -8,19 +7,55 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# Packages disko = {
nur = { url = "github:nix-community/disko/latest";
url = "github:nix-community/NUR"; inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
lanzaboote = {
url = "github:nix-community/lanzaboote";
inputs = { inputs = {
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
flake-parts.follows = "flake-parts"; flake-parts.follows = "flake-parts";
}; };
}; };
# DevOps # FIXME: https://github.com/NixOS/nix/issues/12281
sops-nix = { lib = {
url = "github:Mic92/sops-nix"; url = "git+https://git.karaolidis.com/karaolidis/nix-lib.git";
inputs.nixpkgs.follows = "nixpkgs"; inputs = {
nixpkgs.follows = "nixpkgs";
treefmt-nix.follows = "treefmt-nix";
};
};
# FIXME: https://github.com/NixOS/nix/issues/12281
sas = {
url = "git+ssh://git@karaolidis.com/karaolidis/nix-sas.git";
inputs = {
nixpkgs.follows = "nixpkgs";
lib.follows = "lib";
treefmt-nix.follows = "treefmt-nix";
};
};
# FIXME: https://github.com/NixOS/nix/issues/12281
secrets = {
url = "git+ssh://git@karaolidis.com/karaolidis/nix-secrets.git";
flake = false;
};
nur = {
url = "github:nix-community/NUR";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-parts.follows = "flake-parts";
};
}; };
treefmt-nix = { treefmt-nix = {
@@ -36,66 +71,6 @@
}; };
}; };
# Personal
lib = {
# FIXME: https://github.com/NixOS/nix/issues/12281
url = "git+https://git.karaolidis.com/karaolidis/nix-lib.git";
inputs = {
nixpkgs.follows = "nixpkgs";
treefmt-nix.follows = "treefmt-nix";
};
};
sas = {
# FIXME: https://github.com/NixOS/nix/issues/12281
url = "git+ssh://git@karaolidis.com/karaolidis/nix-sas.git";
inputs = {
nixpkgs.follows = "nixpkgs";
lib.follows = "lib";
treefmt-nix.follows = "treefmt-nix";
};
};
secrets = {
# FIXME: https://github.com/NixOS/nix/issues/12281
url = "git+ssh://git@karaolidis.com/karaolidis/nix-secrets.git";
flake = false;
};
# Hardware
disko = {
url = "github:nix-community/disko/latest";
inputs.nixpkgs.follows = "nixpkgs";
};
lanzaboote = {
url = "github:nix-community/lanzaboote";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-compat.follows = "flake-compat";
flake-parts.follows = "flake-parts";
};
};
nixos-wsl = {
url = "github:karaolidis/NixOS-WSL/extra-files";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-compat.follows = "flake-compat";
};
};
# Applications
nvf = {
url = "github:NotAShelf/nvf";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-compat.follows = "flake-compat";
flake-parts.follows = "flake-parts";
systems.follows = "systems";
};
};
quadlet-nix.url = "github:SEIAROTg/quadlet-nix"; quadlet-nix.url = "github:SEIAROTg/quadlet-nix";
nvidia-patch = { nvidia-patch = {
@@ -127,7 +102,6 @@
}; };
}; };
# Transitive Dependencies
systems.url = "github:nix-systems/default"; systems.url = "github:nix-systems/default";
flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.url = "github:hercules-ci/flake-parts";
@@ -136,8 +110,6 @@
url = "github:numtide/flake-utils"; url = "github:numtide/flake-utils";
inputs.systems.follows = "systems"; inputs.systems.follows = "systems";
}; };
flake-compat.url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz";
}; };
outputs = outputs =

5
hosts/common/configs/system/cloudflared/default.nix Normal file
View File

@@ -0,0 +1,5 @@
{ ... }:
{
# https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/create-local-tunnel/
services.cloudflared.enable = true;
}

22
hosts/common/configs/system/dnsmasq/default.nix Normal file
View File

@@ -0,0 +1,22 @@
{ lib, pkgs, ... }:
{
networking.networkmanager.dns = "dnsmasq";
environment.etc."NetworkManager/dnsmasq.d/10-bind-interfaces.conf".source =
(pkgs.formats.keyValue {
mkKeyValue =
name: value:
if value == true then
name
else if value == false then
""
else
lib.generators.mkKeyValueDefault { } "=" name value;
listsAsDuplicateKeys = true;
}).generate
"10-bind-interfaces.conf"
{
bind-interfaces = true;
listen-address = [ "127.0.0.1" ];
};
}

4
hosts/common/configs/system/gpg-agent/default.nix Normal file
View File

@@ -0,0 +1,4 @@
{ ... }:
{
programs.gnupg.agent.enable = true;
}

7
hosts/common/configs/system/libvirt/default.nix
View File

@@ -1,4 +1,9 @@
{ config, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
{ {
virtualisation = { virtualisation = {
libvirtd = { libvirtd = {

4
hosts/common/configs/system/nix-install/install.completion.zsh
View File

@@ -18,8 +18,8 @@ _nix-install_completion() {
_list_keys() { _list_keys() {
local flake="$(realpath ${words[2]})" local flake="$(realpath ${words[2]})"
if [[ -d "$flake/submodules/secrets/domains" ]]; then if [[ -d "$flake/secrets" ]]; then
find "$flake/submodules/secrets/domains" -type f -name 'key.txt' | sed -E 's|^.*/submodules/secrets/domains/([^/]+)/key.txt$|\1|' | sort -u find "$flake/secrets" -type f -name 'key.txt' | sed -E 's|^.*/secrets/([^/]+)/key.txt$|\1|' | sort -u
fi fi
} }

26
hosts/common/configs/system/nix-install/install.sh
View File

@@ -43,17 +43,17 @@ check_host() {
} }
check_key() { check_key() {
if [[ -n "$key" ]] && [[ ! -f "$flake/submodules/secrets/domains/$key/key.txt" ]]; then if [[ -n "$key" ]] && [[ ! -f "$flake/secrets/$key/key.txt" ]]; then
echo "Key '$key' not found." echo "Key '$key' not found."
exit 1 exit 1
fi fi
} }
set_password_file() { set_password_file() {
SOPS_AGE_KEY_FILE="$flake/submodules/secrets/domains/$key/key.txt" SOPS_AGE_KEY_FILE="$flake/secrets/$key/key.txt"
export SOPS_AGE_KEY_FILE export SOPS_AGE_KEY_FILE
install -m 600 /dev/null /tmp/keyfile install -m 600 /dev/null /tmp/keyfile
sops --decrypt --extract "['luks']" "$flake/submodules/secrets/hosts/$host/secrets.yaml" > /tmp/keyfile sops --decrypt --extract "['luks']" "$flake/secrets/hosts/$host/secrets.yaml" > /tmp/keyfile
unset SOPS_AGE_KEY_FILE unset SOPS_AGE_KEY_FILE
} }
@@ -66,7 +66,7 @@ prepare_disk() {
copy_sops_keys() { copy_sops_keys() {
mkdir -p "$root/persist/state/etc/ssh" mkdir -p "$root/persist/state/etc/ssh"
cp -f "$flake/submodules/secrets/hosts/$host/ssh_host_ed25519_key" "$root/persist/state/etc/ssh/ssh_host_ed25519_key" cp -f "$flake/secrets/hosts/$host/ssh_host_ed25519_key" "$root/persist/state/etc/ssh/ssh_host_ed25519_key"
for path in "$flake/hosts/$host/users"/*; do for path in "$flake/hosts/$host/users"/*; do
if [[ -z "$key" ]]; then if [[ -z "$key" ]]; then
@@ -77,7 +77,7 @@ copy_sops_keys() {
user=$(basename "$path") user=$(basename "$path")
mkdir -p "$root/persist/state/home/$user/.config/sops-nix" mkdir -p "$root/persist/state/home/$user/.config/sops-nix"
cp -f "$flake/submodules/secrets/domains/$key/key.txt" "$root/persist/state/home/$user/.config/sops-nix/key.txt" cp -f "$flake/secrets/$key/key.txt" "$root/persist/state/home/$user/.config/sops-nix/key.txt"
owner=$(cat "$flake/hosts/$host/users/$user/uid") owner=$(cat "$flake/hosts/$host/users/$user/uid")
group=100 group=100
@@ -92,16 +92,16 @@ copy_sops_keys() {
copy_secure_boot_keys() { copy_secure_boot_keys() {
mkdir -p "$root/persist/state/var/lib/sbctl/keys"/{db,KEK,PK} mkdir -p "$root/persist/state/var/lib/sbctl/keys"/{db,KEK,PK}
SOPS_AGE_KEY_FILE="$flake/submodules/secrets/domains/$key/key.txt" SOPS_AGE_KEY_FILE="$flake/secrets/$key/key.txt"
export SOPS_AGE_KEY_FILE export SOPS_AGE_KEY_FILE
sops --decrypt --extract "['guid']" "$flake/submodules/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/GUID" sops --decrypt --extract "['guid']" "$flake/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/GUID"
sops --decrypt --extract "['keys']['kek']['key']" "$flake/submodules/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/KEK/KEK.key" sops --decrypt --extract "['keys']['kek']['key']" "$flake/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/KEK/KEK.key"
sops --decrypt --extract "['keys']['kek']['pem']" "$flake/submodules/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/KEK/KEK.pem" sops --decrypt --extract "['keys']['kek']['pem']" "$flake/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/KEK/KEK.pem"
sops --decrypt --extract "['keys']['pk']['key']" "$flake/submodules/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/PK/PK.key" sops --decrypt --extract "['keys']['pk']['key']" "$flake/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/PK/PK.key"
sops --decrypt --extract "['keys']['pk']['pem']" "$flake/submodules/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/PK/PK.pem" sops --decrypt --extract "['keys']['pk']['pem']" "$flake/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/PK/PK.pem"
sops --decrypt --extract "['keys']['db']['key']" "$flake/submodules/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/db/db.key" sops --decrypt --extract "['keys']['db']['key']" "$flake/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/db/db.key"
sops --decrypt --extract "['keys']['db']['pem']" "$flake/submodules/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/db/db.pem" sops --decrypt --extract "['keys']['db']['pem']" "$flake/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/db/db.pem"
chmod 400 "$root/persist/state/var/lib/sbctl/keys"/*/* chmod 400 "$root/persist/state/var/lib/sbctl/keys"/*/*

40
hosts/common/configs/system/nix/default.nix
View File

@@ -1,51 +1,29 @@
{ { config, inputs, ... }:
config,
inputs,
lib,
...
}:
{ {
sops = { sops = {
secrets = { secrets = {
"git/credentials/github.com/tokens/public".sopsFile = "git/credentials/github.com/public/username".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/github.com/public/password".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml"; "${inputs.secrets}/domains/personal/secrets.yaml";
"nix/cache/nix.karaolidis.com".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
}; };
templates = { templates.nix-access-tokens = {
nix-access-tokens = { content = ''
content = '' access-tokens = github.com=${config.sops.placeholder."git/credentials/github.com/public/password"}
access-tokens = github.com=${config.sops.placeholder."git/credentials/github.com/tokens/public"} '';
''; group = "users";
group = "users";
mode = "0440";
};
nix-netrc = {
content = ''
machine nix.karaolidis.com
password ${config.sops.placeholder."nix/cache/nix.karaolidis.com"}
'';
group = "users";
mode = "0440";
};
}; };
}; };
nix = { nix = {
settings = { settings = {
trusted-users = lib.mkAfter [ "@wheel" ];
use-xdg-base-directories = true; use-xdg-base-directories = true;
experimental-features = [ experimental-features = [
"nix-command" "nix-command"
"flakes" "flakes"
]; ];
download-buffer-size = 524288000; download-buffer-size = 524288000;
substituters = lib.mkBefore [ "https://nix.karaolidis.com/main" ];
trusted-substituters = config.nix.settings.substituters;
trusted-public-keys = lib.mkBefore [ "main:nJVRBnv73MDkwuV5sgm52m4E2ImOhWHvY12qzjPegAk=" ];
netrc-file = config.sops.templates.nix-netrc.path;
}; };
channel.enable = false; channel.enable = false;

2
hosts/common/configs/system/ssh/default.nix
View File

@@ -12,7 +12,7 @@
jupiter-sish = { jupiter-sish = {
publicKeyFile = "${inputs.secrets}/hosts/jupiter/ssh_sish_ed25519_key.pub"; publicKeyFile = "${inputs.secrets}/hosts/jupiter/ssh_sish_ed25519_key.pub";
extraHostNames = [ "tunnel.karaolidis.com" ]; extraHostNames = [ "karaolidis.com" ];
}; };
jupiter-vps = { jupiter-vps = {

5
hosts/common/configs/system/sshd/default.nix
View File

@@ -1,6 +1,9 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
environment.systemPackages = with pkgs; [ kitty.terminfo ]; environment.systemPackages = with pkgs; [
kitty.terminfo
tmux.terminfo
];
services.openssh = { services.openssh = {
enable = true; enable = true;

10
hosts/common/configs/system/tmux/default.nix Normal file
View File

@@ -0,0 +1,10 @@
{ ... }:
{
programs.tmux = {
enable = true;
clock24 = true;
historyLimit = 10000;
keyMode = "vi";
newSession = true;
};
}

33
hosts/common/configs/user/console/attic/default.nix
View File

@@ -1,33 +0,0 @@
{ user, home }:
{
config,
inputs,
pkgs,
...
}:
let
hmConfig = config.home-manager.users.${user};
in
{
home-manager.users.${user} = {
sops = {
secrets."nix/cache/nix.karaolidis.com".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
templates."attic" = {
content = builtins.readFile (
(pkgs.formats.toml { }).generate "config.toml" {
default-server = "main";
servers."main" = {
endpoint = "https://nix.karaolidis.com/";
token = hmConfig.sops.placeholder."nix/cache/nix.karaolidis.com";
};
}
);
path = "${home}/.config/attic/config.toml";
};
};
home.packages = with pkgs; [ attic-client ];
};
}

41
hosts/common/configs/user/console/btop/default.nix
View File

@@ -1,34 +1,17 @@
{ user, home }: { user, home }:
{ lib, pkgs, ... }: { ... }:
{ {
home-manager.users.${user} = { home-manager.users.${user}.programs.btop = {
programs.btop = { enable = true;
enable = true; settings = {
settings = { theme_background = false;
color_theme = "matugen"; presets = "";
theme_background = false; vim_keys = true;
presets = ""; shown_boxes = "cpu mem net proc gpu0 gpu1";
vim_keys = true; update_ms = 1000;
shown_boxes = "cpu mem net proc gpu0 gpu1"; proc_tree = true;
update_ms = 1000; cpu_single_graph = true;
proc_tree = true; disks_filter = "/ /nix /persist";
cpu_single_graph = true;
disks_filter = "/ /nix /persist";
};
};
theme = {
template.".config/btop/themes/matugen.theme".source = ./theme.theme;
reloadExtraConfig = "${
lib.meta.getExe (
pkgs.writeShellApplication {
name = "reload-btop";
runtimeInputs = with pkgs; [ procps ];
text = "exec pkill btop -SIGUSR2";
}
)
} &";
}; };
}; };
} }

36
hosts/common/configs/user/console/git/default.nix
View File

@@ -41,41 +41,5 @@ in
); );
}; };
}; };
home = {
packages = with pkgs; [
(pkgs.writeShellApplication {
name = "gh";
runtimeInputs = with pkgs; [ gh ];
text = builtins.readFile ./gh.sh;
})
(pkgs.writeShellApplication {
name = "glab";
runtimeInputs = with pkgs; [ glab ];
text = builtins.readFile ./glab.sh;
})
(pkgs.writeShellApplication {
name = "tea";
runtimeInputs = with pkgs; [ tea ];
text = builtins.readFile ./tea.sh;
})
];
sessionVariables = {
GITEA_HOST = "git.karaolidis.com";
GITEA_SSH_HOST = "karaolidis.com";
};
};
xdg.configFile = {
"gh/config.yml".source = (pkgs.formats.yaml { }).generate "config.yml" {
version = 1;
git_protocol = "ssh";
};
"glab-cli/config.yml".source = (pkgs.formats.yaml { }).generate "config.yml" {
git_protocol = "ssh";
};
};
}; };
} }

8
hosts/common/configs/user/console/git/gh.sh
View File

@@ -1,8 +0,0 @@
# shellcheck shell=bash
GH_HOST="${GH_HOST:-github.com}"
GH_TOKEN=$(sed -n "s#https://[^:]*:\([^@]*\)@${GH_HOST}#\1#p" "$HOME/.config/git/credentials")
export GH_TOKEN
exec gh "$@"

8
hosts/common/configs/user/console/git/glab.sh
View File

@@ -1,8 +0,0 @@
# shellcheck shell=bash
GITLAB_HOST="${GITLAB_HOST:-gitlab.com}"
GITLAB_TOKEN=$(sed -n "s#https://[^:]*:\([^@]*\)@${GITLAB_HOST}#\1#p" "$HOME/.config/git/credentials")
export GITLAB_TOKEN
exec glab "$@"

13
hosts/common/configs/user/console/git/tea.sh
View File

@@ -1,13 +0,0 @@
# shellcheck shell=bash
GITEA_HOST="${GITEA_HOST:-gitea.com}"
GITEA_SSH_HOST="${GITEA_SSH_HOST:-gitea.com}"
GITEA_TOKEN=$(sed -n "s#https://[^:]*:\([^@]*\)@${GITEA_HOST}#\1#p" "$HOME/.config/git/credentials")
GITEA_INSTANCE_URL="https://${GITEA_HOST}"
GITEA_INSTANCE_SSH_HOST="$GITEA_SSH_HOST"
export GITEA_TOKEN
export GITEA_INSTANCE_URL
export GITEA_INSTANCE_SSH_HOST
exec tea "$@"

4
hosts/common/configs/user/console/gpg-agent/default.nix
View File

@@ -20,10 +20,6 @@
enable = true; enable = true;
defaultCacheTtl = 31536000; defaultCacheTtl = 31536000;
maxCacheTtl = 31536000; maxCacheTtl = 31536000;
pinentry = {
package = pkgs.pinentry-all;
program = "pinentry-tty";
};
}; };
systemd.user = { systemd.user = {

22
hosts/common/configs/user/console/home-manager/default.nix
View File

@@ -1,10 +1,5 @@
{ user, home }: { user, home }:
{ { config, inputs, ... }:
config,
inputs,
lib,
...
}:
{ {
imports = [ inputs.home-manager.nixosModules.default ]; imports = [ inputs.home-manager.nixosModules.default ];
@@ -20,17 +15,10 @@
home.stateVersion = "24.11"; home.stateVersion = "24.11";
systemd.user.startServices = true; systemd.user.startServices = true;
nix.settings = { nix.settings.experimental-features = [
inherit (config.nix.settings) "nix-command"
use-xdg-base-directories "flakes"
experimental-features ];
download-buffer-size
substituters
trusted-substituters
trusted-public-keys
netrc-file
;
};
}; };
}; };
} }

311
hosts/common/configs/user/console/neovim/default.nix
View File

@@ -1,299 +1,22 @@
{ user, home }: { user, home }:
{ ... }:
{ {
inputs, home-manager.users.${user}.programs = {
lib, neovim = {
pkgs, enable = true;
... defaultEditor = true;
}: viAlias = true;
{ vimAlias = true;
environment.persistence = { vimdiffAlias = true;
"/persist/state"."${home}/.local/share/nvf" = { }; extraConfig = ''
"/persist/cache"."${home}/.cache/nvf" = { }; set tabstop=2
}; set shiftwidth=2
set expandtab
home-manager.users.${user} = { set smartindent
imports = [ inputs.nvf.homeManagerModules.default ]; set mouse=
'';
programs = {
nvf = {
enable = true;
defaultEditor = true;
settings = {
vim = {
enableLuaLoader = true;
viAlias = true;
vimAlias = true;
autocomplete = {
blink-cmp.enable = true;
};
binds = {
# hardtime-nvim.enable = true;
whichKey.enable = true;
};
clipboard = {
enable = true;
providers.wl-copy.enable = true;
registers = "unnamedplus";
};
comments = {
comment-nvim.enable = true;
};
# dashboard = {
# alpha.enable = true;
# };
filetree = {
neo-tree = {
enable = true;
setupOpts = {
git_status_async = true;
window.mappings = lib.generators.mkLuaInline ''
{
["<space>"] = "noop",
}
'';
};
};
};
# formatter = {
# conform-nvim.enable = true;
# };
git = {
enable = true;
# git-conflict.enable = true;
gitsigns.enable = true;
# neogit.enable = true;
};
languages = {
enableDAP = true;
enableFormat = true;
enableTreesitter = true;
enableExtraDiagnostics = true;
assembly.enable = true;
bash.enable = true;
clang.enable = true;
csharp.enable = true;
css.enable = true;
go.enable = true;
html.enable = true;
java.enable = true;
lua.enable = true;
markdown.enable = true;
nix = {
enable = true;
format.type = "nixfmt";
lsp.options.nil = {
nix = {
maxMemoryMB = null;
flake = {
autoArchive = true;
autoEvalInputs = true;
};
};
};
};
php.enable = true;
python.enable = true;
rust.enable = true;
sql.enable = true;
svelte.enable = true;
ts.enable = true;
yaml.enable = true;
};
lsp = {
enable = true;
formatOnSave = true;
# nvim-docs-view.enable = true;
# otter-nvim.enable = true;
# trouble.enable = true;
};
# minimap = {
# codewindow.enable = true;
# };
notify = {
nvim-notify.enable = true;
};
options = {
tabstop = 2;
shiftwidth = 2;
expandtab = true;
smartindent = true;
};
# projects = {
# project-nvim.enable = true;
# };
searchCase = "smart";
# snippets = {
# luasnip.enable = true;
# };
tabline = {
nvimBufferline = {
enable = true;
mappings.closeCurrent = "<leader>bd";
setupOpts.options = {
indicator.style = "icon";
show_close_icon = false;
show_buffer_close_icons = false;
};
};
};
telescope = {
enable = true;
setupOpts.defaults.file_ignore_patterns = [
"node_modules"
"%.venv/"
"%.git/"
"dist/"
"build/"
"target/"
"result/"
];
};
terminal = {
toggleterm = {
enable = true;
setupOpts.winbar.enabled = false;
};
};
treesitter = {
enable = true;
context.enable = true;
fold = true;
textobjects.enable = true;
};
ui = {
# breadcrumbs = {
# enable = true;
# navbuddy.enable = true;
# };
colorizer.enable = true;
# fastaction.enable = true;
# illuminate.enable = true;
};
undoFile.enable = true;
utility = {
# diffview-nvim.enable = true;
# icon-picker.enable = true;
# images = {
# img-clip.enable = true;
# };
# mkdir.enable = true;
motion = {
precognition.enable = true;
};
# nvim-biscuits.enable = true;
# smart-splits.enable = true;
surround.enable = true;
# undotree.enable = true;
# yazi-nvim.enable = true;
};
visuals = {
# cinnamon-nvim.enable = true;
# fidget-nvim.enable = true;
# highlight-undo.enable = true;
indent-blankline.enable = true;
nvim-cursorline.enable = true;
# nvim-scrollbar.enable = true;
nvim-web-devicons.enable = true;
};
keymaps = [
{
mode = [ "n" ];
key = "<C-b>";
action = "<C-b>zz";
silent = true;
noremap = true;
desc = "Page up and center";
}
{
mode = [ "n" ];
key = "<C-u>";
action = "<C-u>zz";
silent = true;
noremap = true;
desc = "Half-page up and center";
}
{
mode = [ "n" ];
key = "<C-d>";
action = "<C-d>zz";
silent = true;
noremap = true;
desc = "Half-page down and center";
}
{
mode = [ "n" ];
key = "<C-f>";
action = "<C-f>zz";
silent = true;
noremap = true;
desc = "Page down and center";
}
{
mode = [ "n" ];
key = "<leader>ww";
action = "<cmd>w<CR>";
silent = true;
desc = "Save";
}
{
mode = [ "n" ];
key = "<leader>wq";
action = "<cmd>wq<CR>";
silent = true;
desc = "Save & Quit";
}
{
mode = [ "n" ];
key = "<leader>ee";
action = "<cmd>Neotree toggle<CR>";
silent = true;
desc = "Toggle Neo-tree";
}
{
mode = [ "n" ];
key = "<leader>ef";
action = "<cmd>Neotree reveal<CR>";
silent = true;
desc = "Reveal file in Neo-tree";
}
];
};
};
};
zsh = {
p10k.extraRightPromptElements = [ "vim_shell" ];
shellAliases.v = "nvim";
};
}; };
zsh.p10k.extraRightPromptElements = [ "vim_shell" ];
}; };
} }

20
hosts/common/configs/user/console/sops/default.nix
View File

@@ -3,18 +3,12 @@
{ {
environment.persistence."/persist/state"."${home}/.config/sops-nix/key.txt" = { }; environment.persistence."/persist/state"."${home}/.config/sops-nix/key.txt" = { };
home-manager.users.${user} = home-manager.users.${user} = {
let imports = [ inputs.sops-nix.homeManagerModules.sops ];
sopsKeyFile =
if config.environment.impermanence.enable then
config.environment.persistence."/persist/state"."${home}/.config/sops-nix/key.txt".source
else
"${home}/.config/sops-nix/key.txt";
in
{
imports = [ inputs.sops-nix.homeManagerModules.sops ];
sops.age.keyFile = sopsKeyFile; sops.age.keyFile =
home.sessionVariables.SOPS_AGE_KEY_FILE = sopsKeyFile; config.environment.persistence."/persist/state"."${home}/.config/sops-nix/key.txt".source;
}; home.sessionVariables.SOPS_AGE_KEY_FILE =
config.environment.persistence."/persist/state"."${home}/.config/sops-nix/key.txt".source;
};
} }

2
hosts/common/configs/user/console/ssh-agent/default.nix
View File

@@ -3,6 +3,6 @@
{ {
home-manager.users.${user} = { home-manager.users.${user} = {
services.ssh-agent.enable = true; services.ssh-agent.enable = true;
programs.ssh.matchBlocks."*".addKeysToAgent = "yes"; programs.ssh.addKeysToAgent = "yes";
}; };
} }

6
hosts/common/configs/user/console/ssh/default.nix
View File

@@ -1,9 +1,5 @@
{ user, home }: { user, home }:
{ ... }: { ... }:
{ {
home-manager.users.${user}.programs.ssh = { home-manager.users.${user}.programs.ssh.enable = true;
enable = true;
enableDefaultConfig = false;
matchBlocks."*".identitiesOnly = true;
};
} }

2
hosts/common/configs/user/console/syncthing/default.nix
View File

@@ -14,13 +14,11 @@
"syncthing/key" = { "syncthing/key" = {
owner = user; owner = user;
group = "users"; group = "users";
mode = "0440";
}; };
# openssl req -new -x509 -key key.pem -out cert.pem -days 9999 -subj "/CN=syncthing" # openssl req -new -x509 -key key.pem -out cert.pem -days 9999 -subj "/CN=syncthing"
"syncthing/cert" = { "syncthing/cert" = {
owner = user; owner = user;
group = "users"; group = "users";
mode = "0440";
}; };
}; };

5
hosts/common/configs/user/console/tmux/default.nix Normal file
View File

@@ -0,0 +1,5 @@
{ user, home }:
{ ... }:
{
home-manager.users.${user}.programs.tmux.enable = true;
}

2
hosts/common/configs/user/console/yazi/default.nix
View File

@@ -23,7 +23,7 @@ in
opener = { opener = {
edit = [ edit = [
{ {
run = "${hmConfig.programs.nvf.finalPackage}/bin/nvim \"$@\""; run = "${hmConfig.programs.neovim.finalPackage}/bin/nvim \"$@\"";
desc = "nvim"; desc = "nvim";
block = true; block = true;
} }

26
hosts/common/configs/user/console/zellij/default.nix
View File

@@ -1,26 +0,0 @@
{ user, home }:
{ ... }:
{
home-manager.users.${user} = {
programs.zellij = {
enable = true;
settings = {
theme = "matugen";
pane_frames = false;
copy_command = "wl-copy";
ui.pane_frames.hide_session_name = true;
pane_viewport_serialization = true;
scrollback_lines_to_serialize = 0;
show_startup_tips = false;
show_release_notes = false;
};
};
theme.template.".config/zellij/themes/matugen.kdl".source = ./theme.kdl;
};
}

128
hosts/common/configs/user/console/zellij/theme.kdl
View File

@@ -1,128 +0,0 @@
themes {
matugen {
text_unselected {
base {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
background {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
emphasis_0 {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
emphasis_1 {{colors.secondary.default.red}} {{colors.secondary.default.green}} {{colors.secondary.default.blue}}
emphasis_2 {{colors.tertiary.default.red}} {{colors.tertiary.default.green}} {{colors.tertiary.default.blue}}
emphasis_3 {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
}
text_selected {
base {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
background {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
emphasis_0 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_1 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_2 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_3 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
}
ribbon_unselected {
base {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
background {{colors.surface_container.default.red}} {{colors.surface_container.default.green}} {{colors.surface_container.default.blue}}
emphasis_0 {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
emphasis_1 {{colors.secondary.default.red}} {{colors.secondary.default.green}} {{colors.secondary.default.blue}}
emphasis_2 {{colors.tertiary.default.red}} {{colors.tertiary.default.green}} {{colors.tertiary.default.blue}}
emphasis_3 {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
}
ribbon_selected {
base {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
background {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
emphasis_0 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_1 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_2 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_3 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
}
table_title {
base {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
background {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
emphasis_0 {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
emphasis_1 {{colors.secondary.default.red}} {{colors.secondary.default.green}} {{colors.secondary.default.blue}}
emphasis_2 {{colors.tertiary.default.red}} {{colors.tertiary.default.green}} {{colors.tertiary.default.blue}}
emphasis_3 {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
}
table_cell_unselected {
base {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
background {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
emphasis_0 {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
emphasis_1 {{colors.secondary.default.red}} {{colors.secondary.default.green}} {{colors.secondary.default.blue}}
emphasis_2 {{colors.tertiary.default.red}} {{colors.tertiary.default.green}} {{colors.tertiary.default.blue}}
emphasis_3 {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
}
table_cell_selected {
base {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
background {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
emphasis_0 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_1 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_2 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_3 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
}
list_unselected {
base {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
background {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
emphasis_0 {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
emphasis_1 {{colors.secondary.default.red}} {{colors.secondary.default.green}} {{colors.secondary.default.blue}}
emphasis_2 {{colors.tertiary.default.red}} {{colors.tertiary.default.green}} {{colors.tertiary.default.blue}}
emphasis_3 {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
}
list_selected {
base {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
background {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
emphasis_0 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_1 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_2 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_3 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
}
frame_unselected {
base {{colors.outline_variant.default.red}} {{colors.outline_variant.default.green}} {{colors.outline_variant.default.blue}}
background {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
emphasis_0 0
emphasis_1 0
emphasis_2 0
emphasis_3 0
}
frame_selected {
base {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
background {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
emphasis_0 0
emphasis_1 0
emphasis_2 0
emphasis_3 0
}
frame_highlight {
base {{colors.error.default.red}} {{colors.error.default.green}} {{colors.error.default.blue}}
background {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
emphasis_0 0
emphasis_1 0
emphasis_2 0
emphasis_3 0
}
exit_code_success {
base {{colors.success.default.red}} {{colors.success.default.green}} {{colors.success.default.blue}}
background 0
emphasis_0 0
emphasis_1 0
emphasis_2 0
emphasis_3 0
}
exit_code_error {
base {{colors.error.default.red}} {{colors.error.default.green}} {{colors.error.default.blue}}
background 0
emphasis_0 0
emphasis_1 0
emphasis_2 0
emphasis_3 0
}
multiplayer_user_colors {
player_1 0
player_2 0
player_3 0
player_4 0
player_5 0
player_6 0
player_7 0
player_8 0
player_9 0
player_10 0
}
}
}

26
hosts/common/configs/user/gui/btop/default.nix Normal file
View File

@@ -0,0 +1,26 @@
{ user, home }:
{
config,
lib,
pkgs,
...
}:
{
home-manager.users.${user} = {
programs.btop.settings.color_theme = "matugen";
theme = {
template.".config/btop/themes/matugen.theme".source = ./theme.theme;
reloadExtraConfig = "${
lib.meta.getExe (
pkgs.writeShellApplication {
name = "reload-btop";
runtimeInputs = with pkgs; [ procps ];
text = "exec pkill btop -SIGUSR2";
}
)
} &";
};
};
}

0
hosts/common/configs/user/console/btop/theme.theme → hosts/common/configs/user/gui/btop/theme.theme
View File

2
hosts/common/configs/user/gui/hyprland/default.nix
View File

@@ -154,7 +154,7 @@
programs.zsh = { programs.zsh = {
loginExtra = lib.mkAfter '' loginExtra = lib.mkAfter ''
if uwsm check may-start > /dev/null; then if uwsm check may-start; then
exec uwsm start hyprland-uwsm.desktop exec uwsm start hyprland-uwsm.desktop
fi fi
''; '';

5
hosts/common/configs/user/gui/hyprsunset/default.nix
View File

@@ -1,5 +0,0 @@
{ user, home }:
{ ... }:
{
home-manager.users.${user}.services.hyprsunset.enable = true;
}

50
hosts/common/configs/user/gui/kitty/default.nix
View File

@@ -26,56 +26,6 @@ in
enable_audio_bell = false; enable_audio_bell = false;
}; };
keybindings =
{ }
// builtins.listToAttrs (
builtins.map
(k: {
name = k;
value = "no_op";
})
[
# Window management
"kitty_mod+enter"
"kitty_mod+n"
"kitty_mod+w"
"kitty_mod+]"
"kitty_mod+["
"kitty_mod+f"
"kitty_mod+b"
"kitty_mod+`"
"kitty_mod+r"
"kitty_mod+1"
"kitty_mod+2"
"kitty_mod+3"
"kitty_mod+4"
"kitty_mod+5"
"kitty_mod+6"
"kitty_mod+7"
"kitty_mod+8"
"kitty_mod+9"
"kitty_mod+0"
"kitty_mod+f7"
"kitty_mod+f8"
# Tab management
"kitty_mod+right"
"shift+cmd+]"
"ctrl+tab"
"kitty_mod+left"
"shift+cmd+["
"ctrl+shift+tab"
"kitty_mod+t"
"kitty_mod+q"
"kitty_mod+."
"kitty_mod+,"
"kitty_mod+alt+t"
# Layout management
"kitty_mod+l"
]
);
extraConfig = '' extraConfig = ''
include theme.conf include theme.conf
''; '';

11
hosts/elara/README.md
View File

@@ -4,12 +4,7 @@
This host uses private SAS repositories. You can find the imports for these in: This host uses private SAS repositories. You can find the imports for these in:
You must build the system once with `sas.build.private = false;`. Then, connect to the SAS VPN, and rebuild the system. - [./default.nix](./default.nix)
- [./users/nikara/default.nix](./users/nikara/default.nix)
## Installation Instructions You must build the system once with these imports commented out. Then, connect to the SAS VPN, uncomment them, and rebuild the system.
1. Using a separate Nix system, run `hosts/elara/build-tarball.sh`
2. Copy the generated tarball to the Elara host
3. On the Elara host, run `wsl --import NixOS $env:USERPROFILE\NixOS nixos.wsl --version 2` in PowerShell
4. Enable `cgroup v2` support by setting `kernelCommandLine=cgroup_no_v1=all` in `.wslconfig` in your Windows home directory
5. Optionally, run `wsl --set-default nixos` to make NixOS the default WSL distribution

23
hosts/elara/build-tarball.sh
View File

@@ -1,23 +0,0 @@
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
temp=$(mktemp -d)
cleanup() {
rm -rf "$temp"
}
trap cleanup EXIT
install -d -m 755 "$temp/etc/ssh"
cp ./submodules/secrets/hosts/elara/ssh_host_ed25519_key "$temp/etc/ssh/ssh_host_ed25519_key"
install -d -m 700 "$temp/home/nikara"
install -d -m 755 "$temp/home/nikara/.config/sops-nix"
cp ./submodules/secrets/domains/sas/key.txt "$temp/home/nikara/.config/sops-nix/key.txt"
sudo nix run .#nixosConfigurations.elara.config.system.build.tarballBuilder -- \
--extra-files "$temp" \
--chown /home/nikara 1000:100

29
hosts/elara/configs/globalprotect/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{ config, inputs, ... }:
{
sops.secrets = {
"globalprotect/email".sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
"globalprotect/gateway".sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
"globalprotect/ssh/key".sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
"ntfy/username".sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
"ntfy/password".sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
};
sas.globalprotect = {
enable = true;
email.file = config.sops.secrets."globalprotect/email".path;
gateway.file = config.sops.secrets."globalprotect/gateway".path;
sish = {
host = "karaolidis.com";
port = "2222";
keyFile = config.sops.secrets."globalprotect/ssh/key".path;
};
ntfy = {
url = "https://ntfy.karaolidis.com/sas";
username.file = config.sops.secrets."ntfy/username".path;
password.file = config.sops.secrets."ntfy/password".path;
};
};
}

4
hosts/elara/configs/podman/default.nix
View File

@@ -1,4 +0,0 @@
{ lib, ... }:
{
virtualisation.containers.storage.settings.storage.driver = lib.mkForce "overlay";
}

6
hosts/elara/configs/ssh/default.nix
View File

@@ -33,14 +33,16 @@
HostName github.com HostName github.com
IdentityFile /root/.ssh/ssh_sas_ed25519_key IdentityFile /root/.ssh/ssh_sas_ed25519_key
IdentitiesOnly yes IdentitiesOnly yes
UserKnownHostsFile ${pkgs.sshKnownHosts.github}
Host gitlab.sas.com Host gitlab.sas.com
User git User git
HostName gitlab.sas.com HostName gitlab.sas.com
IdentityFile /root/.ssh/ssh_sas_ed25519_key IdentityFile /root/.ssh/ssh_sas_ed25519_key
IdentitiesOnly yes IdentitiesOnly yes
${lib.strings.optionalString config.sas.build.private "UserKnownHostsFile ${pkgs.sshKnownHosts.sas-gitlab}"}
''; '';
knownHostsFiles =
with pkgs.sshKnownHosts;
([ github ] ++ lib.lists.optionals config.sas.build.private [ sas-gitlab ]);
}; };
} }

42
hosts/elara/default.nix
View File

@@ -1,4 +1,4 @@
{ inputs, lib, ... }: { config, inputs, ... }:
{ {
nixpkgs.overlays = [ nixpkgs.overlays = [
inputs.lib.overlays.default inputs.lib.overlays.default
@@ -8,34 +8,57 @@
]; ];
imports = [ imports = [
inputs.nixos-wsl.nixosModules.default
inputs.sas.nixosModules.default
./hardware
./options.nix ./options.nix
inputs.disko.nixosModules.disko
./format.nix
./hardware
inputs.sas.nixosModules.default
../common/configs/system ../common/configs/system
../common/configs/system/bluetooth
../common/configs/system/boot
../common/configs/system/brightnessctl
../common/configs/system/btrbk
../common/configs/system/btrfs
../common/configs/system/cloudflared
../common/configs/system/dnsmasq
../common/configs/system/documentation ../common/configs/system/documentation
../common/configs/system/getty
../common/configs/system/git ../common/configs/system/git
../common/configs/system/gpg-agent
../common/configs/system/impermanence ../common/configs/system/impermanence
../common/configs/system/lanzaboote
../common/configs/system/libvirt
../common/configs/system/neovim ../common/configs/system/neovim
../common/configs/system/networkmanager
../common/configs/system/nix ../common/configs/system/nix
../common/configs/system/nix-cleanup
../common/configs/system/nix-install
../common/configs/system/nix-ld ../common/configs/system/nix-ld
../common/configs/system/nix-update ../common/configs/system/nix-update
../common/configs/system/nixpkgs ../common/configs/system/nixpkgs
../common/configs/system/ntp
../common/configs/system/pipewire
../common/configs/system/podman ../common/configs/system/podman
../common/configs/system/power
../common/configs/system/printing
../common/configs/system/smartmontools
../common/configs/system/sops ../common/configs/system/sops
../common/configs/system/ssh ../common/configs/system/ssh
../common/configs/system/sshd
../common/configs/system/sudo ../common/configs/system/sudo
../common/configs/system/system ../common/configs/system/system
../common/configs/system/timezone
../common/configs/system/tmux
../common/configs/system/upower
../common/configs/system/users ../common/configs/system/users
../common/configs/system/zsh ../common/configs/system/zsh
./configs/globalprotect
./configs/nix ./configs/nix
./configs/pki ./configs/pki
./configs/podman
./configs/ssh ./configs/ssh
./users/nikara ./users/nikara
@@ -43,7 +66,8 @@
networking.hostName = "elara"; networking.hostName = "elara";
sas.build.private = false; sas.build.private = true;
environment.impermanence.enable = lib.mkForce false; environment.impermanence.device =
config.disko.devices.disk.usb.content.partitions.root.content.content.device;
} }

87
hosts/elara/format.nix Normal file
View File

@@ -0,0 +1,87 @@
{
disko.devices = {
disk.usb = {
device = "/dev/disk/by-id/ata-Samsung_SSD_990_EVO_1TB_S7GCNL0XA04998F";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "esp";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
swap = {
name = "swap";
size = "32G";
content = {
type = "swap";
resumeDevice = true;
};
};
root = {
name = "root";
size = "100%";
content = {
name = "usb";
type = "luks";
passwordFile = "/tmp/keyfile";
settings = {
allowDiscards = true;
};
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes =
let
mountOptions = [
"compress=zstd:3"
"noatime"
"user_subvol_rm_allowed"
];
in
{
"@" = {
mountpoint = "/";
inherit mountOptions;
};
"@persist" = {
mountpoint = "/persist";
inherit mountOptions;
};
"@persist/user" = {
mountpoint = "/persist/user";
inherit mountOptions;
};
"@persist/state" = {
mountpoint = "/persist/state";
inherit mountOptions;
};
"@persist/cache" = {
mountpoint = "/persist/cache";
inherit mountOptions;
};
"@nix" = {
mountpoint = "/nix";
inherit mountOptions;
};
};
};
};
};
};
};
};
};
}

19
hosts/elara/hardware/default.nix
View File

@@ -1,10 +1,19 @@
{ ... }: { ... }:
{ {
imports = [ ./display.nix ]; boot.initrd.kernelModules = [
"xhci_pci"
"uas"
"sd_mod"
];
wsl = { services.tlp.settings.DISK_DEVICES = "sda";
enable = true;
tarball.configPath = ../../../.; # By default, this host runs on an external SSD attached to himalia...
startMenuLaunchers = true; imports = [ ../../himalia/hardware ];
# ...but it can also run attached to a SAS-provided laptop.
specialisation.sas.configuration = {
disabledModules = [ ../../himalia/hardware ];
imports = [ ./sas ];
}; };
} }

6
hosts/elara/hardware/display.nix
View File

@@ -1,6 +0,0 @@
{ ... }:
{
home-manager.sharedModules = [
{ programs.vscode.profiles.default.userSettings."window.zoomLevel" = (1.25 - 1) / 0.2; }
];
}

28
hosts/elara/hardware/sas/default.nix Normal file
View File

@@ -0,0 +1,28 @@
{ ... }:
{
imports = [
./display.nix
./keybinds.nix
];
hardware = {
enableAllFirmware = true;
cpu = {
cores = 8;
threads = 12;
intel.updateMicrocode = true;
};
};
boot = {
kernelModules = [ "kvm-intel" ];
initrd.kernelModules = [
"thunderbolt"
"vmd"
"nvme"
];
};
services.fstrim.enable = true;
}

30
hosts/elara/hardware/sas/display.nix Normal file
View File

@@ -0,0 +1,30 @@
{ ... }:
{
boot.kernelParams = [ "video=eDP-1:1920x1200@60" ];
home-manager.sharedModules = [
{
wayland.windowManager.hyprland.settings = {
monitor = [
"eDP-1, preferred, 0x0, 1"
", maxwidth, auto-center-up, 1"
];
workspace = [
"1, monitor:eDP-1, layoutopt:orientation:left"
"2, monitor:eDP-1, layoutopt:orientation:left"
"3, monitor:eDP-1, layoutopt:orientation:left"
"4, monitor:eDP-1, layoutopt:orientation:left"
"5, monitor:eDP-1, layoutopt:orientation:left"
"6, monitor:eDP-1, layoutopt:orientation:left"
"7, monitor:eDP-1, layoutopt:orientation:left"
"8, monitor:eDP-1, layoutopt:orientation:left"
"9, monitor:eDP-1, layoutopt:orientation:left"
"10, monitor:eDP-1, layoutopt:orientation:left"
];
};
programs.vscode.profiles.default.userSettings."window.zoomLevel" = (1.25 - 1) / 0.2;
}
];
}

15
hosts/elara/hardware/sas/keybinds.nix Normal file
View File

@@ -0,0 +1,15 @@
{ lib, pkgs, ... }:
{
home-manager.sharedModules = [
{
wayland.windowManager.hyprland.settings.bindle =
let
brightnessctl = lib.meta.getExe pkgs.brightnessctl;
in
[
", XF86MonBrightnessUp, exec, ${brightnessctl} -q s 5%+"
", XF86MonBrightnessDown, exec, ${brightnessctl} -q s 5%-"
];
}
];
}

7
hosts/elara/users/nikara/configs/console/gpg/default.nix
View File

@@ -1,10 +1,5 @@
{ user, home }: { user, home }:
{ { config, inputs, ... }:
config,
inputs,
pkgs,
...
}:
let let
hmConfig = config.home-manager.users.${user}; hmConfig = config.home-manager.users.${user};
in in

6
hosts/elara/users/nikara/configs/console/neovim/default.nix
View File

@@ -1,6 +0,0 @@
{ user, home }:
{ pkgs, ... }:
{
home-manager.users.${user}.programs.nvf.settings.vim.clipboard.providers.wl-copy.package =
pkgs.wsl-wl-clipboard;
}

66
hosts/elara/users/nikara/configs/console/podman/default.nix
View File

@@ -10,45 +10,41 @@ let
hmConfig = config.home-manager.users.${user}; hmConfig = config.home-manager.users.${user};
in in
{ {
home-manager.users.${user} = { home-manager.users.${user}.sops = {
sops = { secrets = {
secrets = { "registry/personal/git.karaolidis.com" = {
"registry/personal/git.karaolidis.com" = { sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; key = "registry/git.karaolidis.com";
key = "registry/git.karaolidis.com";
};
"registry/personal/docker.io" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "registry/docker.io";
};
"registry/sas/cr.sas.com" = {
sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
key = "registry/cr.sas.com";
};
}; };
templates.containers-auth = { "registry/personal/docker.io" = {
content = builtins.readFile ( sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
(pkgs.formats.json { }).generate "auth.json" { key = "registry/docker.io";
auths = { };
"git.karaolidis.com" = {
auth = hmConfig.sops.placeholder."registry/personal/git.karaolidis.com"; "registry/sas/cr.sas.com" = {
}; sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
"docker.io" = { key = "registry/cr.sas.com";
auth = hmConfig.sops.placeholder."registry/personal/docker.io";
};
"cr.sas.com" = {
auth = hmConfig.sops.placeholder."registry/sas/cr.sas.com";
};
};
}
);
path = "${home}/.config/containers/auth.json";
}; };
}; };
services.podman.settings.storage.storage.driver = lib.mkForce "overlay"; templates.containers-auth = {
content = builtins.readFile (
(pkgs.formats.json { }).generate "auth.json" {
auths = {
"git.karaolidis.com" = {
auth = hmConfig.sops.placeholder."registry/personal/git.karaolidis.com";
};
"docker.io" = {
auth = hmConfig.sops.placeholder."registry/personal/docker.io";
};
"cr.sas.com" = {
auth = hmConfig.sops.placeholder."registry/sas/cr.sas.com";
};
};
}
);
path = "${home}/.config/containers/auth.json";
};
}; };
} }

2
hosts/elara/users/nikara/configs/console/sas/default.nix
View File

@@ -54,10 +54,8 @@ in
packages = packages =
with pkgs; with pkgs;
[ [
gcc
gopls gopls
go-tools go-tools
delve
golangci-lint golangci-lint
golangci-lint-langserver golangci-lint-langserver
] ]

214
hosts/elara/users/nikara/configs/console/ssh/default.nix
View File

@@ -46,158 +46,118 @@ in
key = "ssh/rsa/pass"; key = "ssh/rsa/pass";
}; };
"git/credentials/personal/git.karaolidis.com/username" = { "git/credentials/personal/git.karaolidis.com/admin/username" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "git/credentials/git.karaolidis.com/username"; key = "git/credentials/git.karaolidis.com/admin/username";
}; };
"git/credentials/personal/git.karaolidis.com/tokens/admin" = { "git/credentials/personal/git.karaolidis.com/admin/password" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "git/credentials/git.karaolidis.com/tokens/admin"; key = "git/credentials/git.karaolidis.com/admin/password";
}; };
"git/credentials/sas/github.com/username" = { "git/credentials/sas/github.com/admin/username" = {
sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
key = "git/credentials/github.com/username"; key = "git/credentials/github.com/admin/username";
}; };
"git/credentials/sas/github.com/tokens/admin" = { "git/credentials/sas/github.com/admin/password" = {
sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
key = "git/credentials/github.com/tokens/admin"; key = "git/credentials/github.com/admin/password";
};
"git/credentials/personal/github.com/username" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "git/credentials/github.com/username";
};
"git/credentials/personal/github.com/tokens/admin" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "git/credentials/github.com/tokens/admin";
};
"git/credentials/personal/gitlab.com/username" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "git/credentials/gitlab.com/username";
};
"git/credentials/personal/gitlab.com/tokens/admin" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "git/credentials/gitlab.com/tokens/admin";
};
"git/credentials/personal/gitea.com/username" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "git/credentials/gitea.com/username";
};
"git/credentials/personal/gitea.com/tokens/admin" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "git/credentials/gitea.com/tokens/admin";
}; };
}; };
templates."git/credentials" = { templates."git/credentials" = {
content = '' content = ''
https://${hmConfig.sops.placeholder."git/credentials/personal/git.karaolidis.com/username"}:${ https://${hmConfig.sops.placeholder."git/credentials/personal/git.karaolidis.com/admin/username"}:${
hmConfig.sops.placeholder."git/credentials/personal/git.karaolidis.com/tokens/admin" hmConfig.sops.placeholder."git/credentials/personal/git.karaolidis.com/admin/password"
}@git.karaolidis.com }@git.karaolidis.com
https://${hmConfig.sops.placeholder."git/credentials/sas/github.com/username"}:${ https://${hmConfig.sops.placeholder."git/credentials/sas/github.com/admin/username"}:${
hmConfig.sops.placeholder."git/credentials/sas/github.com/tokens/admin" hmConfig.sops.placeholder."git/credentials/sas/github.com/admin/password"
}@github.com }@github.com
https://${hmConfig.sops.placeholder."git/credentials/personal/gitlab.com/username"}:${
hmConfig.sops.placeholder."git/credentials/personal/gitlab.com/tokens/admin"
}@gitlab.com
https://${hmConfig.sops.placeholder."git/credentials/personal/gitea.com/username"}:${
hmConfig.sops.placeholder."git/credentials/personal/gitea.com/tokens/admin"
}@gitea.com
''; '';
path = "${home}/.config/git/credentials"; path = "${home}/.config/git/credentials";
}; };
}; };
programs = { programs = {
ssh.matchBlocks = { ssh = {
"karaolidis.com" = { matchBlocks = {
hostname = "karaolidis.com"; "karaolidis.com" = {
user = "nick"; hostname = "karaolidis.com";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key"; user = "nick";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
identitiesOnly = true;
};
"github.com" = {
hostname = "github.com";
user = "git";
identityFile = [ "${home}/.ssh/ssh_personal_ed25519_key" ];
identitiesOnly = true;
};
"gitlab.com" = {
hostname = "gitlab.com";
user = "git";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
identitiesOnly = true;
};
"github.sas.com" = {
hostname = "github.com";
user = "git";
identityFile = [ "${home}/.ssh/ssh_sas_ed25519_key" ];
identitiesOnly = true;
};
"cldlgn.fyi.sas.com" = {
inherit user;
hostname = "cldlgn.fyi.sas.com";
identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
identitiesOnly = true;
};
"gitlab.sas.com" = {
hostname = "gitlab.sas.com";
user = "git";
identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
identitiesOnly = true;
};
"gerrit-svi.unx.sas.com" = {
hostname = "gerrit-svi.unx.sas.com";
user = "nikara";
port = 29418;
identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
identitiesOnly = true;
};
"artifactlfs.unx.sas.com" = {
hostname = "artifactlfs.unx.sas.com";
user = "nikara";
port = 1339;
identityFile = "${home}/.ssh/ssh_sas_rsa_key";
identitiesOnly = true;
};
}; };
"tunnel.karaolidis.com" = { userKnownHostsFile = builtins.concatStringsSep " " (
hostname = "tunnel.karaolidis.com"; with pkgs.sshKnownHosts;
user = "nick"; (
port = 2222; [
identityFile = "${home}/.ssh/ssh_personal_ed25519_key"; "${home}/.ssh/known_hosts"
}; github
gitlab
"github.com" = { ]
hostname = "github.com"; ++ lib.lists.optionals config.sas.build.private [
user = "git"; sas-cldlgn
identityFile = [ "${home}/.ssh/ssh_personal_ed25519_key" ]; sas-gitlab
userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.github; sas-gerrit
}; sas-artifact
]
"gitlab.com" = { )
hostname = "gitlab.com"; );
user = "git";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.gitlab;
};
"gitea.com" = {
hostname = "gitea.com";
user = "git";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.gitea;
};
"github.sas.com" = {
hostname = "github.com";
user = "git";
identityFile = [ "${home}/.ssh/ssh_sas_ed25519_key" ];
userKnownHostsFile = lib.mkIf config.sas.build.private (
builtins.toString pkgs.sshKnownHosts.github
);
};
"cldlgn.fyi.sas.com" = {
inherit user;
hostname = "cldlgn.fyi.sas.com";
identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
userKnownHostsFile = lib.mkIf config.sas.build.private (
builtins.toString pkgs.sshKnownHosts.sas-cldlgn
);
};
"gitlab.sas.com" = {
hostname = "gitlab.sas.com";
user = "git";
identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
userKnownHostsFile = lib.mkIf config.sas.build.private (
builtins.toString pkgs.sshKnownHosts.sas-gitlab
);
};
"gerrit-svi.unx.sas.com" = {
hostname = "gerrit-svi.unx.sas.com";
user = "nikara";
port = 29418;
identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
userKnownHostsFile = lib.mkIf config.sas.build.private (
builtins.toString pkgs.sshKnownHosts.sas-gerrit
);
};
"artifactlfs.unx.sas.com" = {
hostname = "artifactlfs.unx.sas.com";
user = "nikara";
port = 1339;
identityFile = "${home}/.ssh/ssh_sas_rsa_key";
userKnownHostsFile = lib.mkIf config.sas.build.private (
builtins.toString pkgs.sshKnownHosts.sas-artifact
);
};
}; };
git.extraConfig.url = { git.extraConfig.url = {

5
hosts/elara/users/nikara/configs/console/wsl/default.nix
View File

@@ -1,5 +0,0 @@
{ user, home }:
{ pkgs, ... }:
{
home-manager.users.${user}.home.packages = with pkgs; [ wsl-wl-clipboard ];
}

5
hosts/elara/users/nikara/configs/gui/kitty/default.nix
View File

@@ -1,5 +0,0 @@
{ user, home }:
{ ... }:
{
home-manager.users.${user}.programs.kitty.settings.hide_window_decorations = true;
}

20
hosts/elara/users/nikara/configs/gui/obsidian/default.nix
View File

@@ -1,5 +1,23 @@
{ user, home }: { user, home }:
{ ... }: { ... }:
{ {
home-manager.users.${user}.programs.obsidian.vaults."Documents/Obsidian/master".enable = true; home-manager.users.${user} = {
programs.obsidian.vaults = {
"Documents/Obsidian/personal/master".enable = true;
"Documents/Obsidian/sas/master".enable = true;
};
services.syncthing.settings.folders.obsidian = {
label = "Obsidian";
path = "${home}/Documents/Obsidian/personal";
devices = [
"amalthea"
"ganymede"
];
maxConflicts = 0;
};
home.file."Documents/Obsidian/personal/.stignore".source =
../../../../../../common/configs/user/gui/obsidian/.stignore;
};
} }

44
hosts/elara/users/nikara/configs/gui/vscode/default.nix
View File

@@ -1,30 +1,26 @@
{ user, home }: { user, home }:
{ lib, ... }: { ... }:
{ {
home-manager.users.${user} = { home-manager.users.${user}.programs.vscode = {
programs.vscode = { languages = {
languages = { c.enable = true;
c.enable = true; go.enable = true;
go.enable = true; hugo.enable = true;
hugo.enable = true; java.enable = true;
java.enable = true; jinja.enable = true;
jinja.enable = true; lua.enable = true;
lua.enable = true; markdown.enable = true;
markdown.enable = true; nix.enable = true;
nix.enable = true; podman.enable = true;
podman.enable = true; python.enable = true;
python.enable = true; rest.enable = true;
rest.enable = true; rust.enable = true;
rust.enable = true; sas.enable = true;
sas.enable = true; sops.enable = true;
sops.enable = true; typescript.enable = true;
typescript.enable = true; yaml.enable = true;
yaml.enable = true;
};
copilot.enable = true;
}; };
home.sessionVariables.DONT_PROMPT_WSL_INSTALL = "1"; copilot.enable = true;
}; };
} }

45
hosts/elara/users/nikara/default.nix
View File

@@ -14,7 +14,8 @@ in
imports = [ imports = [
(import ../../../common/configs/user { inherit user home; }) (import ../../../common/configs/user { inherit user home; })
(import ../../../common/configs/user/console/attic { inherit user home; }) (import ../../../common/configs/user/console/android { inherit user home; })
(import ../../../common/configs/user/console/brightnessctl { inherit user home; })
(import ../../../common/configs/user/console/btop { inherit user home; }) (import ../../../common/configs/user/console/btop { inherit user home; })
(import ../../../common/configs/user/console/dive { inherit user home; }) (import ../../../common/configs/user/console/dive { inherit user home; })
(import ../../../common/configs/user/console/fastfetch { inherit user home; }) (import ../../../common/configs/user/console/fastfetch { inherit user home; })
@@ -26,41 +27,69 @@ in
(import ../../../common/configs/user/console/ip { inherit user home; }) (import ../../../common/configs/user/console/ip { inherit user home; })
(import ../../../common/configs/user/console/jq { inherit user home; }) (import ../../../common/configs/user/console/jq { inherit user home; })
(import ../../../common/configs/user/console/kubernetes { inherit user home; }) (import ../../../common/configs/user/console/kubernetes { inherit user home; })
(import ../../../common/configs/user/console/libvirt { inherit user home; })
(import ../../../common/configs/user/console/lsof { inherit user home; }) (import ../../../common/configs/user/console/lsof { inherit user home; })
(import ../../../common/configs/user/console/mprocs { inherit user home; }) (import ../../../common/configs/user/console/mprocs { inherit user home; })
(import ../../../common/configs/user/console/ncdu { inherit user home; }) (import ../../../common/configs/user/console/ncdu { inherit user home; })
(import ../../../common/configs/user/console/ncspot { inherit user home; })
(import ../../../common/configs/user/console/neovim { inherit user home; }) (import ../../../common/configs/user/console/neovim { inherit user home; })
(import ../../../common/configs/user/console/nix { inherit user home; }) (import ../../../common/configs/user/console/nix { inherit user home; })
(import ../../../common/configs/user/console/nix-cleanup { inherit user home; })
(import ../../../common/configs/user/console/nix-develop { inherit user home; }) (import ../../../common/configs/user/console/nix-develop { inherit user home; })
(import ../../../common/configs/user/console/nix-direnv { inherit user home; }) (import ../../../common/configs/user/console/nix-direnv { inherit user home; })
(import ../../../common/configs/user/console/ouch { inherit user home; }) (import ../../../common/configs/user/console/ouch { inherit user home; })
(import ../../../common/configs/user/console/pipewire { inherit user home; })
(import ../../../common/configs/user/console/podman { inherit user home; }) (import ../../../common/configs/user/console/podman { inherit user home; })
(import ../../../common/configs/user/console/sops { inherit user home; }) (import ../../../common/configs/user/console/sops { inherit user home; })
(import ../../../common/configs/user/console/ssh { inherit user home; }) (import ../../../common/configs/user/console/ssh { inherit user home; })
(import ../../../common/configs/user/console/ssh-agent { inherit user home; }) (import ../../../common/configs/user/console/ssh-agent { inherit user home; })
(import ../../../common/configs/user/console/syncthing { inherit user home; })
(import ../../../common/configs/user/console/tmux { inherit user home; })
(import ../../../common/configs/user/console/tree { inherit user home; }) (import ../../../common/configs/user/console/tree { inherit user home; })
(import ../../../common/configs/user/console/wget { inherit user home; }) (import ../../../common/configs/user/console/wget { inherit user home; })
(import ../../../common/configs/user/console/xdg { inherit user home; }) (import ../../../common/configs/user/console/xdg { inherit user home; })
(import ../../../common/configs/user/console/yazi { inherit user home; }) (import ../../../common/configs/user/console/yazi { inherit user home; })
(import ../../../common/configs/user/console/zellij { inherit user home; }) (import ../../../common/configs/user/console/yt-dlp { inherit user home; })
(import ../../../common/configs/user/console/zoxide { inherit user home; }) (import ../../../common/configs/user/console/zoxide { inherit user home; })
(import ../../../common/configs/user/console/zsh { inherit user home; }) (import ../../../common/configs/user/console/zsh { inherit user home; })
(import ../../../common/configs/user/gui/astal { inherit user home; })
(import ../../../common/configs/user/gui/bluetooth { inherit user home; })
(import ../../../common/configs/user/gui/btop { inherit user home; })
(import ../../../common/configs/user/gui/clipbook { inherit user home; })
(import ../../../common/configs/user/gui/cliphist { inherit user home; })
(import ../../../common/configs/user/gui/emoji { inherit user home; })
(import ../../../common/configs/user/gui/feh { inherit user home; })
(import ../../../common/configs/user/gui/firefox { inherit user home; })
(import ../../../common/configs/user/gui/gtk { inherit user home; }) (import ../../../common/configs/user/gui/gtk { inherit user home; })
(import ../../../common/configs/user/gui/hypridle { inherit user home; })
(import ../../../common/configs/user/gui/hyprland { inherit user home; })
(import ../../../common/configs/user/gui/hyprpicker { inherit user home; })
(import ../../../common/configs/user/gui/hyprshot { inherit user home; })
(import ../../../common/configs/user/gui/kitty { inherit user home; }) (import ../../../common/configs/user/gui/kitty { inherit user home; })
(import ../../../common/configs/user/gui/libreoffice { inherit user home; })
(import ../../../common/configs/user/gui/mpv { inherit user home; })
(import ../../../common/configs/user/gui/networkmanager { inherit user home; })
(import ../../../common/configs/user/gui/obs { inherit user home; })
(import ../../../common/configs/user/gui/obsidian { inherit user home; }) (import ../../../common/configs/user/gui/obsidian { inherit user home; })
(import ../../../common/configs/user/gui/pipewire { inherit user home; })
(import ../../../common/configs/user/gui/qalculate { inherit user home; })
(import ../../../common/configs/user/gui/qt { inherit user home; }) (import ../../../common/configs/user/gui/qt { inherit user home; })
(import ../../../common/configs/user/gui/rofi { inherit user home; })
(import ../../../common/configs/user/gui/rquickshare { inherit user home; })
(import ../../../common/configs/user/gui/swww { inherit user home; })
(import ../../../common/configs/user/gui/theme { inherit user home; }) (import ../../../common/configs/user/gui/theme { inherit user home; })
(import ../../../common/configs/user/gui/vscode { inherit user home; }) (import ../../../common/configs/user/gui/vscode { inherit user home; })
(import ../../../common/configs/user/gui/wev { inherit user home; })
(import ../../../common/configs/user/gui/wl-clipboard { inherit user home; })
(import ../../../common/configs/user/gui/x11 { inherit user home; })
(import ../../../common/configs/user/gui/xdg { inherit user home; })
(import ./configs/console/gpg { inherit user home; }) (import ./configs/console/gpg { inherit user home; })
(import ./configs/console/neovim { inherit user home; })
(import ./configs/console/podman { inherit user home; }) (import ./configs/console/podman { inherit user home; })
(import ./configs/console/sas { inherit user home; }) (import ./configs/console/sas { inherit user home; })
(import ./configs/console/ssh { inherit user home; }) (import ./configs/console/ssh { inherit user home; })
(import ./configs/console/wsl { inherit user home; })
(import ./configs/gui/kitty { inherit user home; })
(import ./configs/gui/obsidian { inherit user home; }) (import ./configs/gui/obsidian { inherit user home; })
(import ./configs/gui/vscode { inherit user home; }) (import ./configs/gui/vscode { inherit user home; })
]; ];
@@ -85,13 +114,9 @@ in
]; ];
linger = true; linger = true;
uid = lib.strings.toInt (builtins.readFile ./uid); uid = lib.strings.toInt (builtins.readFile ./uid);
openssh.authorizedKeys.keyFiles = [
"${inputs.secrets}/domains/personal/id_ed25519.pub"
"${inputs.secrets}/domains/sas/id_ed25519.pub"
];
}; };
wsl.defaultUser = user; services.getty.autologinUser = user;
home-manager.users.${user}.home = { home-manager.users.${user}.home = {
username = user; username = user;

3
hosts/himalia/default.nix
View File

@@ -21,6 +21,7 @@
../common/configs/system/documentation ../common/configs/system/documentation
../common/configs/system/getty ../common/configs/system/getty
../common/configs/system/git ../common/configs/system/git
../common/configs/system/gpg-agent
../common/configs/system/impermanence ../common/configs/system/impermanence
../common/configs/system/lanzaboote ../common/configs/system/lanzaboote
../common/configs/system/libvirt ../common/configs/system/libvirt
@@ -40,10 +41,10 @@
../common/configs/system/smartmontools ../common/configs/system/smartmontools
../common/configs/system/sops ../common/configs/system/sops
../common/configs/system/ssh ../common/configs/system/ssh
../common/configs/system/sshd
../common/configs/system/sudo ../common/configs/system/sudo
../common/configs/system/system ../common/configs/system/system
../common/configs/system/timezone ../common/configs/system/timezone
../common/configs/system/tmux
../common/configs/system/upower ../common/configs/system/upower
../common/configs/system/users ../common/configs/system/users
../common/configs/system/zsh ../common/configs/system/zsh

12
hosts/himalia/hardware/keybinds.nix
View File

@@ -29,6 +29,18 @@
", XF86Launch4, exec, ${asusctl} profile -n" ", XF86Launch4, exec, ${asusctl} profile -n"
", XF86TouchpadToggle, exec, ${touchpadHelper} asuf1209:00-2808:0219-touchpad" ", XF86TouchpadToggle, exec, ${touchpadHelper} asuf1209:00-2808:0219-touchpad"
]; ];
bind =
let
farmAura = lib.meta.getExe (
pkgs.writeShellApplication {
name = "farm-aura";
runtimeInputs = with pkgs; [ genact ];
text = builtins.readFile ./scripts/farm-aura.sh;
}
);
in
[ ", XF86Launch3, exec, uwsm app -- $term ${farmAura}" ];
}; };
} }
]; ];

13
hosts/himalia/hardware/scripts/farm-aura.sh Executable file
View File

@@ -0,0 +1,13 @@
# shellcheck shell=bash
SESSION_NAME="aura-farm-$$"
tmux new-session -d -s "$SESSION_NAME" "genact -s 25"
tmux set-hook -t "$SESSION_NAME" pane-exited "run-shell 'tmux kill-session -t $SESSION_NAME'"
for _ in {1..4}; do
tmux split-window -t "$SESSION_NAME" -h "genact -s 25"
done
tmux select-layout -t "$SESSION_NAME" tiled
tmux attach-session -t "$SESSION_NAME"

94
hosts/himalia/users/nick/configs/console/ssh/default.nix
View File

@@ -19,82 +19,56 @@ in
"ssh/pass".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; "ssh/pass".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/git.karaolidis.com/username".sopsFile = "git/credentials/git.karaolidis.com/admin/username".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml"; "${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/git.karaolidis.com/tokens/admin".sopsFile = "git/credentials/git.karaolidis.com/admin/password".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/github.com/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/github.com/tokens/admin".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/gitlab.com/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/gitlab.com/tokens/admin".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/gitea.com/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/gitea.com/tokens/admin".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml"; "${inputs.secrets}/domains/personal/secrets.yaml";
}; };
templates."git/credentials" = { templates."git/credentials" = {
content = '' content = ''
https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/username"}:${ https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/username"}:${
hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/tokens/admin" hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/password"
}@git.karaolidis.com }@git.karaolidis.com
https://${hmConfig.sops.placeholder."git/credentials/github.com/username"}:${
hmConfig.sops.placeholder."git/credentials/github.com/tokens/admin"
}@github.com
https://${hmConfig.sops.placeholder."git/credentials/gitlab.com/username"}:${
hmConfig.sops.placeholder."git/credentials/gitlab.com/tokens/admin"
}@gitlab.com
https://${hmConfig.sops.placeholder."git/credentials/gitea.com/username"}:${
hmConfig.sops.placeholder."git/credentials/gitea.com/tokens/admin"
}@gitea.com
''; '';
path = "${home}/.config/git/credentials"; path = "${home}/.config/git/credentials";
}; };
}; };
programs = { programs = {
ssh.matchBlocks = { ssh = {
"karaolidis.com" = { matchBlocks = {
hostname = "karaolidis.com"; "karaolidis.com" = {
user = "nick"; hostname = "karaolidis.com";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key"; user = "nick";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
identitiesOnly = true;
};
"github.com" = {
hostname = "github.com";
user = "git";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
identitiesOnly = true;
};
"gitlab.com" = {
hostname = "gitlab.com";
user = "git";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
identitiesOnly = true;
};
}; };
"tunnel.karaolidis.com" = { userKnownHostsFile = builtins.concatStringsSep " " (
hostname = "tunnel.karaolidis.com"; with pkgs.sshKnownHosts;
user = "nick"; [
port = 2222; "${home}/.ssh/known_hosts"
identityFile = "${home}/.ssh/ssh_personal_ed25519_key"; github
}; gitlab
]
"github.com" = { );
hostname = "github.com";
user = "git";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.github;
};
"gitlab.com" = {
hostname = "gitlab.com";
user = "git";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.gitlab;
};
"gitea.com" = {
hostname = "gitea.com";
user = "git";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.gitea;
};
}; };
clipbook.bookmarks."SSH Key Passphrase".source = hmConfig.sops.secrets."ssh/pass".path; clipbook.bookmarks."SSH Key Passphrase".source = hmConfig.sops.secrets."ssh/pass".path;

6
hosts/himalia/users/nick/default.nix
View File

@@ -15,7 +15,6 @@ in
(import ../../../common/configs/user { inherit user home; }) (import ../../../common/configs/user { inherit user home; })
(import ../../../common/configs/user/console/android { inherit user home; }) (import ../../../common/configs/user/console/android { inherit user home; })
(import ../../../common/configs/user/console/attic { inherit user home; })
(import ../../../common/configs/user/console/brightnessctl { inherit user home; }) (import ../../../common/configs/user/console/brightnessctl { inherit user home; })
(import ../../../common/configs/user/console/btop { inherit user home; }) (import ../../../common/configs/user/console/btop { inherit user home; })
(import ../../../common/configs/user/console/dive { inherit user home; }) (import ../../../common/configs/user/console/dive { inherit user home; })
@@ -44,17 +43,18 @@ in
(import ../../../common/configs/user/console/ssh { inherit user home; }) (import ../../../common/configs/user/console/ssh { inherit user home; })
(import ../../../common/configs/user/console/ssh-agent { inherit user home; }) (import ../../../common/configs/user/console/ssh-agent { inherit user home; })
(import ../../../common/configs/user/console/syncthing { inherit user home; }) (import ../../../common/configs/user/console/syncthing { inherit user home; })
(import ../../../common/configs/user/console/tmux { inherit user home; })
(import ../../../common/configs/user/console/tree { inherit user home; }) (import ../../../common/configs/user/console/tree { inherit user home; })
(import ../../../common/configs/user/console/wget { inherit user home; }) (import ../../../common/configs/user/console/wget { inherit user home; })
(import ../../../common/configs/user/console/xdg { inherit user home; }) (import ../../../common/configs/user/console/xdg { inherit user home; })
(import ../../../common/configs/user/console/yazi { inherit user home; }) (import ../../../common/configs/user/console/yazi { inherit user home; })
(import ../../../common/configs/user/console/yt-dlp { inherit user home; }) (import ../../../common/configs/user/console/yt-dlp { inherit user home; })
(import ../../../common/configs/user/console/zellij { inherit user home; })
(import ../../../common/configs/user/console/zoxide { inherit user home; }) (import ../../../common/configs/user/console/zoxide { inherit user home; })
(import ../../../common/configs/user/console/zsh { inherit user home; }) (import ../../../common/configs/user/console/zsh { inherit user home; })
(import ../../../common/configs/user/gui/astal { inherit user home; }) (import ../../../common/configs/user/gui/astal { inherit user home; })
(import ../../../common/configs/user/gui/bluetooth { inherit user home; }) (import ../../../common/configs/user/gui/bluetooth { inherit user home; })
(import ../../../common/configs/user/gui/btop { inherit user home; })
(import ../../../common/configs/user/gui/clipbook { inherit user home; }) (import ../../../common/configs/user/gui/clipbook { inherit user home; })
(import ../../../common/configs/user/gui/cliphist { inherit user home; }) (import ../../../common/configs/user/gui/cliphist { inherit user home; })
(import ../../../common/configs/user/gui/darktable { inherit user home; }) (import ../../../common/configs/user/gui/darktable { inherit user home; })
@@ -74,7 +74,6 @@ in
(import ../../../common/configs/user/gui/hyprland { inherit user home; }) (import ../../../common/configs/user/gui/hyprland { inherit user home; })
(import ../../../common/configs/user/gui/hyprpicker { inherit user home; }) (import ../../../common/configs/user/gui/hyprpicker { inherit user home; })
(import ../../../common/configs/user/gui/hyprshot { inherit user home; }) (import ../../../common/configs/user/gui/hyprshot { inherit user home; })
(import ../../../common/configs/user/gui/hyprsunset { inherit user home; })
(import ../../../common/configs/user/gui/kitty { inherit user home; }) (import ../../../common/configs/user/gui/kitty { inherit user home; })
(import ../../../common/configs/user/gui/libreoffice { inherit user home; }) (import ../../../common/configs/user/gui/libreoffice { inherit user home; })
(import ../../../common/configs/user/gui/mpv { inherit user home; }) (import ../../../common/configs/user/gui/mpv { inherit user home; })
@@ -124,7 +123,6 @@ in
]; ];
linger = true; linger = true;
uid = lib.strings.toInt (builtins.readFile ./uid); uid = lib.strings.toInt (builtins.readFile ./uid);
openssh.authorizedKeys.keyFiles = [ "${inputs.secrets}/domains/personal/id_ed25519.pub" ];
}; };
services.getty.autologinUser = user; services.getty.autologinUser = user;

3
hosts/installer/default.nix
View File

@@ -19,6 +19,7 @@
../common/configs/system/documentation ../common/configs/system/documentation
../common/configs/system/getty ../common/configs/system/getty
../common/configs/system/git ../common/configs/system/git
../common/configs/system/gpg-agent
../common/configs/system/impermanence ../common/configs/system/impermanence
../common/configs/system/lanzaboote ../common/configs/system/lanzaboote
../common/configs/system/neovim ../common/configs/system/neovim
@@ -33,10 +34,10 @@
../common/configs/system/power ../common/configs/system/power
../common/configs/system/sops ../common/configs/system/sops
../common/configs/system/ssh ../common/configs/system/ssh
../common/configs/system/sshd
../common/configs/system/sudo ../common/configs/system/sudo
../common/configs/system/system ../common/configs/system/system
../common/configs/system/timezone ../common/configs/system/timezone
../common/configs/system/tmux
../common/configs/system/users ../common/configs/system/users
../common/configs/system/zsh ../common/configs/system/zsh

3
hosts/installer/hardware/default.nix
View File

@@ -9,9 +9,6 @@
"xhci_pci" "xhci_pci"
"usb_storage" "usb_storage"
"sd_mod" "sd_mod"
"hv_vmbus"
"hv_storvsc"
"hyperv_keyboard"
]; ];
services.fstrim.enable = true; services.fstrim.enable = true;

94
hosts/installer/users/nick/configs/console/ssh/default.nix
View File

@@ -19,81 +19,55 @@ in
"ssh/pass".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; "ssh/pass".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/git.karaolidis.com/username".sopsFile = "git/credentials/git.karaolidis.com/admin/username".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml"; "${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/git.karaolidis.com/tokens/admin".sopsFile = "git/credentials/git.karaolidis.com/admin/password".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/github.com/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/github.com/tokens/admin".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/gitlab.com/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/gitlab.com/tokens/admin".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/gitea.com/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/gitea.com/tokens/admin".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml"; "${inputs.secrets}/domains/personal/secrets.yaml";
}; };
templates."git/credentials" = { templates."git/credentials" = {
content = '' content = ''
https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/username"}:${ https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/username"}:${
hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/tokens/admin" hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/password"
}@git.karaolidis.com }@git.karaolidis.com
https://${hmConfig.sops.placeholder."git/credentials/github.com/username"}:${
hmConfig.sops.placeholder."git/credentials/github.com/tokens/admin"
}@github.com
https://${hmConfig.sops.placeholder."git/credentials/gitlab.com/username"}:${
hmConfig.sops.placeholder."git/credentials/gitlab.com/tokens/admin"
}@gitlab.com
https://${hmConfig.sops.placeholder."git/credentials/gitea.com/username"}:${
hmConfig.sops.placeholder."git/credentials/gitea.com/tokens/admin"
}@gitea.com
''; '';
path = "${home}/.config/git/credentials"; path = "${home}/.config/git/credentials";
}; };
}; };
programs.ssh.matchBlocks = { programs.ssh = {
"karaolidis.com" = { matchBlocks = {
hostname = "karaolidis.com"; "karaolidis.com" = {
user = "nick"; hostname = "karaolidis.com";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key"; user = "nick";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
identitiesOnly = true;
};
"github.com" = {
hostname = "github.com";
user = "git";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
identitiesOnly = true;
};
"gitlab.com" = {
hostname = "gitlab.com";
user = "git";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
identitiesOnly = true;
};
}; };
"tunnel.karaolidis.com" = { userKnownHostsFile = builtins.concatStringsSep " " (
hostname = "tunnel.karaolidis.com"; with pkgs.sshKnownHosts;
user = "nick"; [
port = 2222; "${home}/.ssh/known_hosts"
identityFile = "${home}/.ssh/ssh_personal_ed25519_key"; github
}; gitlab
]
"github.com" = { );
hostname = "github.com";
user = "git";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.github;
};
"gitlab.com" = {
hostname = "gitlab.com";
user = "git";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.gitlab;
};
"gitea.com" = {
hostname = "gitea.com";
user = "git";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.gitea;
};
}; };
}; };
} }

4
hosts/installer/users/nick/default.nix
View File

@@ -14,7 +14,6 @@ in
imports = [ imports = [
(import ../../../common/configs/user { inherit user home; }) (import ../../../common/configs/user { inherit user home; })
(import ../../../common/configs/user/console/attic { inherit user home; })
(import ../../../common/configs/user/console/brightnessctl { inherit user home; }) (import ../../../common/configs/user/console/brightnessctl { inherit user home; })
(import ../../../common/configs/user/console/btop { inherit user home; }) (import ../../../common/configs/user/console/btop { inherit user home; })
(import ../../../common/configs/user/console/fastfetch { inherit user home; }) (import ../../../common/configs/user/console/fastfetch { inherit user home; })
@@ -32,11 +31,11 @@ in
(import ../../../common/configs/user/console/sops { inherit user home; }) (import ../../../common/configs/user/console/sops { inherit user home; })
(import ../../../common/configs/user/console/ssh { inherit user home; }) (import ../../../common/configs/user/console/ssh { inherit user home; })
(import ../../../common/configs/user/console/ssh-agent { inherit user home; }) (import ../../../common/configs/user/console/ssh-agent { inherit user home; })
(import ../../../common/configs/user/console/tmux { inherit user home; })
(import ../../../common/configs/user/console/tree { inherit user home; }) (import ../../../common/configs/user/console/tree { inherit user home; })
(import ../../../common/configs/user/console/wget { inherit user home; }) (import ../../../common/configs/user/console/wget { inherit user home; })
(import ../../../common/configs/user/console/xdg { inherit user home; }) (import ../../../common/configs/user/console/xdg { inherit user home; })
(import ../../../common/configs/user/console/yazi { inherit user home; }) (import ../../../common/configs/user/console/yazi { inherit user home; })
(import ../../../common/configs/user/console/zellij { inherit user home; })
(import ../../../common/configs/user/console/zoxide { inherit user home; }) (import ../../../common/configs/user/console/zoxide { inherit user home; })
(import ../../../common/configs/user/console/zsh { inherit user home; }) (import ../../../common/configs/user/console/zsh { inherit user home; })
@@ -64,7 +63,6 @@ in
]; ];
linger = true; linger = true;
uid = lib.strings.toInt (builtins.readFile ./uid); uid = lib.strings.toInt (builtins.readFile ./uid);
openssh.authorizedKeys.keyFiles = [ "${inputs.secrets}/domains/personal/id_ed25519.pub" ];
}; };
services.getty.autologinUser = user; services.getty.autologinUser = user;

2
hosts/jupiter-vps/README.md
View File

@@ -2,7 +2,7 @@
## Installation Instructions ## Installation Instructions
1. Provision an OVHcloud VPS (ideally running Ubuntu) 1. Provision an OVHcloud VPS (ideally running Ubuntu).
2. Add personal public key 2. Add personal public key
3. Add a CNAME entry for `vps.karaolidis.com` pointing to the VPS IP/host 3. Add a CNAME entry for `vps.karaolidis.com` pointing to the VPS IP/host
4. Run `hosts/jupiter-vps/install.sh` 4. Run `hosts/jupiter-vps/install.sh`

2
hosts/jupiter-vps/install.sh
View File

@@ -12,6 +12,6 @@ cleanup() {
trap cleanup EXIT trap cleanup EXIT
install -d -m 755 "$temp/etc/ssh" install -d -m 755 "$temp/etc/ssh"
cp ./submodules/secrets/hosts/jupiter-vps/ssh_host_ed25519_key "$temp/etc/ssh/ssh_host_ed25519_key" cp ./secrets/hosts/jupiter-vps/ssh_host_ed25519_key "$temp/etc/ssh/ssh_host_ed25519_key"
nix run github:nix-community/nixos-anywhere -- --flake .#jupiter-vps --extra-files "$temp" --target-host ubuntu@vps.karaolidis.com -i ~/.ssh/ssh_personal_ed25519_key nix run github:nix-community/nixos-anywhere -- --flake .#jupiter-vps --extra-files "$temp" --target-host ubuntu@vps.karaolidis.com -i ~/.ssh/ssh_personal_ed25519_key

2
hosts/jupiter/hardware/default.nix
View File

@@ -93,6 +93,6 @@
xserver.videoDrivers = [ "nvidia" ]; xserver.videoDrivers = [ "nvidia" ];
fstrim.enable = true; fstrim.enable = true;
tlp.settings.DISK_DEVICES = lib.mkDefault "nvme0n1 nvme1n1"; tlp.settings.DISK_DEVICES = lib.mkDefault "nvme0n1 nvme1n1";
logind.settings.Login.HandleLidSwitch = "ignore"; logind.lidSwitch = "ignore";
}; };
} }

3
hosts/jupiter/users/nick/default.nix
View File

@@ -14,7 +14,6 @@ in
imports = [ imports = [
(import ../../../common/configs/user { inherit user home; }) (import ../../../common/configs/user { inherit user home; })
(import ../../../common/configs/user/console/attic { inherit user home; })
(import ../../../common/configs/user/console/brightnessctl { inherit user home; }) (import ../../../common/configs/user/console/brightnessctl { inherit user home; })
(import ../../../common/configs/user/console/btop { inherit user home; }) (import ../../../common/configs/user/console/btop { inherit user home; })
(import ../../../common/configs/user/console/fastfetch { inherit user home; }) (import ../../../common/configs/user/console/fastfetch { inherit user home; })
@@ -31,11 +30,11 @@ in
(import ../../../common/configs/user/console/ouch { inherit user home; }) (import ../../../common/configs/user/console/ouch { inherit user home; })
(import ../../../common/configs/user/console/podman { inherit user home; }) (import ../../../common/configs/user/console/podman { inherit user home; })
(import ../../../common/configs/user/console/sops { inherit user home; }) (import ../../../common/configs/user/console/sops { inherit user home; })
(import ../../../common/configs/user/console/tmux { inherit user home; })
(import ../../../common/configs/user/console/tree { inherit user home; }) (import ../../../common/configs/user/console/tree { inherit user home; })
(import ../../../common/configs/user/console/wget { inherit user home; }) (import ../../../common/configs/user/console/wget { inherit user home; })
(import ../../../common/configs/user/console/xdg { inherit user home; }) (import ../../../common/configs/user/console/xdg { inherit user home; })
(import ../../../common/configs/user/console/yazi { inherit user home; }) (import ../../../common/configs/user/console/yazi { inherit user home; })
(import ../../../common/configs/user/console/zellij { inherit user home; })
(import ../../../common/configs/user/console/zoxide { inherit user home; }) (import ../../../common/configs/user/console/zoxide { inherit user home; })
(import ../../../common/configs/user/console/zsh { inherit user home; }) (import ../../../common/configs/user/console/zsh { inherit user home; })

127
hosts/jupiter/users/storm/configs/console/podman/attic/default.nix
View File

@@ -1,127 +0,0 @@
{ user, home }:
{
config,
inputs,
pkgs,
...
}:
let
hmConfig = config.home-manager.users.${user};
inherit (hmConfig.virtualisation.quadlet) containers volumes networks;
in
{
home-manager.users.${user} = {
sops = {
secrets = {
"attic/postgresql".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
"attic/rs256".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
"attic/admin".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
};
templates = {
attic-postgresql-env.content = ''
POSTGRES_PASSWORD=${hmConfig.sops.placeholder."attic/postgresql"}
'';
attic-env.content = ''
ATTIC_TOKEN=${hmConfig.sops.placeholder."attic/admin"}
'';
attic.content = builtins.readFile (
(pkgs.formats.toml { }).generate "server.toml" {
listen = "[::]:8080";
allowed-hosts = [ "nix.karaolidis.com" ];
api-endpoint = "https://nix.karaolidis.com/";
database.url = "postgres://attic:${
hmConfig.sops.placeholder."attic/postgresql"
}@attic-postgresql:5432/attic";
storage = {
type = "local";
path = "/var/lib/attic";
};
chunking = {
nar-size-threshold = 65536;
min-size = 16384;
avg-size = 65536;
max-size = 262144;
};
compression = {
type = "zstd";
level = 8;
};
garbage-collection = {
interval = "12 hours";
default-retention-period = "1 month";
};
jwt.signing.token-rs256-secret-base64 = hmConfig.sops.placeholder."attic/rs256";
}
);
};
};
systemd.user.tmpfiles.rules = [
"d /mnt/storage/private/storm/containers/storage/volumes/attic/_data 700 storm storm"
];
virtualisation.quadlet = {
networks.attic = { };
volumes.attic-postgresql = { };
containers = {
attic = {
containerConfig = {
image = "docker-archive:${pkgs.dockerImages.attic}";
networks = [
networks.attic.ref
networks.traefik.ref
];
volumes = [
"/mnt/storage/private/storm/containers/storage/volumes/attic/_data:/var/lib/attic"
"${hmConfig.sops.templates.attic.path}:/etc/attic/server.toml"
];
environmentFiles = [ hmConfig.sops.templates.attic-env.path ];
exec = [
"--config"
"/etc/attic/server.toml"
];
labels = [
"traefik.enable=true"
"traefik.http.routers.attic.rule=Host(`nix.karaolidis.com`)"
];
};
unitConfig = {
After = [
"${containers.attic-postgresql._serviceName}.service"
"sops-nix.service"
];
Requires = [ "${containers.attic-postgresql._serviceName}.service" ];
};
};
attic-postgresql = {
containerConfig = {
image = "docker-archive:${pkgs.dockerImages.postgresql}";
networks = [ networks.attic.ref ];
volumes = [ "${volumes.attic-postgresql.ref}:/var/lib/postgresql/data" ];
environments = {
POSTGRES_DB = "attic";
POSTGRES_USER = "attic";
};
environmentFiles = [ hmConfig.sops.templates.attic-postgresql-env.path ];
};
unitConfig.After = [ "sops-nix.service" ];
};
};
};
};
}

22
hosts/jupiter/users/storm/configs/console/podman/attic/post-start.sh
View File

@@ -1,22 +0,0 @@
# shellcheck shell=sh
attic login main https://nix.karaolidis.com/ "$ATTIC_TOKEN"
CACHE_NAME="main"
while true; do
out=$(attic cache info "$CACHE_NAME" 2>&1)
status=$?
if [ $status -eq 0 ]; then
break
elif echo "$out" | grep -q "NoSuchCache"; then
attic cache create "$CACHE_NAME"
elif echo "$out" | grep -q "404"; then
sleep 0.1
else
echo "Unexpected error:"
echo "$out"
break
fi
done

1
hosts/jupiter/users/storm/configs/console/podman/default.nix
View File

@@ -10,7 +10,6 @@ let
in in
{ {
imports = [ imports = [
(import ./attic { inherit user home; })
(import ./authelia { inherit user home; }) (import ./authelia { inherit user home; })
(import ./gitea { inherit user home; }) (import ./gitea { inherit user home; })
(import ./grafana { inherit user home; }) (import ./grafana { inherit user home; })

18
hosts/jupiter/users/storm/configs/console/podman/sish/default.nix
View File

@@ -11,15 +11,7 @@ let
inherit (hmConfig.virtualisation.quadlet) networks; inherit (hmConfig.virtualisation.quadlet) networks;
in in
{ {
networking.firewall = { networking.firewall.allowedTCPPorts = [ 2222 ];
allowedTCPPorts = [ 2222 ];
allowedTCPPortRanges = [
{
from = 61000;
to = 61999;
}
];
};
home-manager.users.${user} = { home-manager.users.${user} = {
sops.secrets."sish/ssh/key".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml"; sops.secrets."sish/ssh/key".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
@@ -40,6 +32,7 @@ in
name = "authorized_keys"; name = "authorized_keys";
text = lib.strings.concatStringsSep "\n" [ text = lib.strings.concatStringsSep "\n" [
(builtins.readFile "${inputs.secrets}/domains/personal/id_ed25519.pub") (builtins.readFile "${inputs.secrets}/domains/personal/id_ed25519.pub")
(builtins.readFile "${inputs.secrets}/domains/sas/id_globalprotect_ed25519.pub")
]; ];
}; };
in in
@@ -52,10 +45,7 @@ in
"traefik.http.routers.sish.rule=HostRegexp(`^(.+\.)?tunnel\.karaolidis\.com$`)" "traefik.http.routers.sish.rule=HostRegexp(`^(.+\.)?tunnel\.karaolidis\.com$`)"
"traefik.http.services.sish.loadbalancer.server.port=80" "traefik.http.services.sish.loadbalancer.server.port=80"
]; ];
publishPorts = [ publishPorts = [ "2222:2222/tcp" ];
"2222:2222/tcp"
"61000-61999:61000-61999/tcp"
];
exec = [ exec = [
"--ssh-address=0.0.0.0:2222" "--ssh-address=0.0.0.0:2222"
"--http-address=0.0.0.0:80" "--http-address=0.0.0.0:80"
@@ -66,11 +56,9 @@ in
"--bind-random-ports=false" "--bind-random-ports=false"
"--bind-random-aliases=false" "--bind-random-aliases=false"
"--bind-random-subdomains=false" "--bind-random-subdomains=false"
"--port-bind-range=61000-61999"
"--welcome-message=\"\"" "--welcome-message=\"\""
"--domain=tunnel.karaolidis.com" "--domain=tunnel.karaolidis.com"
"--proxy-ssl-termination=true" "--proxy-ssl-termination=true"
"--idle-connection=false"
]; ];
}; };

3
hosts/jupiter/users/storm/default.nix
View File

@@ -14,16 +14,15 @@ in
imports = [ imports = [
(import ../../../common/configs/user { inherit user home; }) (import ../../../common/configs/user { inherit user home; })
(import ../../../common/configs/user/console/attic { inherit user home; })
(import ../../../common/configs/user/console/brightnessctl { inherit user home; }) (import ../../../common/configs/user/console/brightnessctl { inherit user home; })
(import ../../../common/configs/user/console/btop { inherit user home; }) (import ../../../common/configs/user/console/btop { inherit user home; })
(import ../../../common/configs/user/console/home-manager { inherit user home; }) (import ../../../common/configs/user/console/home-manager { inherit user home; })
(import ../../../common/configs/user/console/neovim { inherit user home; }) (import ../../../common/configs/user/console/neovim { inherit user home; })
(import ../../../common/configs/user/console/podman { inherit user home; }) (import ../../../common/configs/user/console/podman { inherit user home; })
(import ../../../common/configs/user/console/sops { inherit user home; }) (import ../../../common/configs/user/console/sops { inherit user home; })
(import ../../../common/configs/user/console/tmux { inherit user home; })
(import ../../../common/configs/user/console/tree { inherit user home; }) (import ../../../common/configs/user/console/tree { inherit user home; })
(import ../../../common/configs/user/console/yazi { inherit user home; }) (import ../../../common/configs/user/console/yazi { inherit user home; })
(import ../../../common/configs/user/console/zellij { inherit user home; })
(import ../../../common/configs/user/console/zoxide { inherit user home; }) (import ../../../common/configs/user/console/zoxide { inherit user home; })
(import ../../../common/configs/user/console/zsh { inherit user home; }) (import ../../../common/configs/user/console/zsh { inherit user home; })

5
overlays/attic-client/default.nix
View File

@@ -1,5 +0,0 @@
final: prev:
# FIXME: https://github.com/zhaofengli/attic/pull/280
prev.attic-client.overrideAttrs (oldAttrs: {
patches = oldAttrs.patches or [ ] ++ [ ./stdout-logging.patch ];
})

321
overlays/attic-client/stdout-logging.patch
View File

@@ -1,321 +0,0 @@
diff --git a/client/src/command/cache.rs b/client/src/command/cache.rs
index af01378..0602b3b 100644
--- a/client/src/command/cache.rs
+++ b/client/src/command/cache.rs
@@ -189,7 +189,7 @@ async fn create_cache(sub: Create) -> Result<()> {
};
api.create_cache(cache, request).await?;
- eprintln!(
+ println!(
"✨ Created cache \"{}\" on \"{}\"",
cache.as_str(),
server_name.as_str()
@@ -239,7 +239,7 @@ async fn configure_cache(sub: Configure) -> Result<()> {
let api = ApiClient::from_server_config(server.clone())?;
api.configure_cache(cache, &patch).await?;
- eprintln!(
+ println!(
"✅ Configured \"{}\" on \"{}\"",
cache.as_str(),
server_name.as_str()
@@ -254,12 +254,12 @@ async fn destroy_cache(sub: Destroy) -> Result<()> {
let (server_name, server, cache) = config.resolve_cache(&sub.cache)?;
if !sub.no_confirm {
- eprintln!("When you destory a cache:");
- eprintln!();
- eprintln!("1. Everyone will lose access.");
- eprintln!("2. The underlying data won't be deleted immediately.");
- eprintln!("3. You may not be able to create a cache of the same name.");
- eprintln!();
+ println!("When you destory a cache:");
+ println!();
+ println!("1. Everyone will lose access.");
+ println!("2. The underlying data won't be deleted immediately.");
+ println!("3. You may not be able to create a cache of the same name.");
+ println!();
let answer: String = Input::new()
.with_prompt(format!(
@@ -278,7 +278,7 @@ async fn destroy_cache(sub: Destroy) -> Result<()> {
let api = ApiClient::from_server_config(server.clone())?;
api.destroy_cache(cache).await?;
- eprintln!("🗑️ The cache was destroyed.");
+ println!("🗑️ The cache was destroyed.");
Ok(())
}
@@ -291,40 +291,40 @@ async fn show_cache_config(sub: Info) -> Result<()> {
let cache_config = api.get_cache_config(cache).await?;
if let Some(is_public) = cache_config.is_public {
- eprintln!(" Public: {}", is_public);
+ println!(" Public: {}", is_public);
}
if let Some(public_key) = cache_config.public_key {
- eprintln!(" Public Key: {}", public_key);
+ println!(" Public Key: {}", public_key);
}
if let Some(substituter_endpoint) = cache_config.substituter_endpoint {
- eprintln!("Binary Cache Endpoint: {}", substituter_endpoint);
+ println!("Binary Cache Endpoint: {}", substituter_endpoint);
}
if let Some(api_endpoint) = cache_config.api_endpoint {
- eprintln!(" API Endpoint: {}", api_endpoint);
+ println!(" API Endpoint: {}", api_endpoint);
}
if let Some(store_dir) = cache_config.store_dir {
- eprintln!(" Store Directory: {}", store_dir);
+ println!(" Store Directory: {}", store_dir);
}
if let Some(priority) = cache_config.priority {
- eprintln!(" Priority: {}", priority);
+ println!(" Priority: {}", priority);
}
if let Some(upstream_cache_key_names) = cache_config.upstream_cache_key_names {
- eprintln!(" Upstream Cache Keys: {:?}", upstream_cache_key_names);
+ println!(" Upstream Cache Keys: {:?}", upstream_cache_key_names);
}
if let Some(retention_period) = cache_config.retention_period {
match retention_period {
RetentionPeriodConfig::Period(period) => {
- eprintln!(" Retention Period: {:?}", period);
+ println!(" Retention Period: {:?}", period);
}
RetentionPeriodConfig::Global => {
- eprintln!(" Retention Period: Global Default");
+ println!(" Retention Period: Global Default");
}
}
}
diff --git a/client/src/command/login.rs b/client/src/command/login.rs
index 9abcea7..6cadd59 100644
--- a/client/src/command/login.rs
+++ b/client/src/command/login.rs
@@ -28,7 +28,7 @@ pub async fn run(opts: Opts) -> Result<()> {
let mut config_m = config.as_mut();
if let Some(server) = config_m.servers.get_mut(&sub.name) {
- eprintln!("✍️ Overwriting server \"{}\"", sub.name.as_str());
+ println!("✍️ Overwriting server \"{}\"", sub.name.as_str());
server.endpoint = sub.endpoint.to_owned();
@@ -38,7 +38,7 @@ pub async fn run(opts: Opts) -> Result<()> {
});
}
} else {
- eprintln!("✍️ Configuring server \"{}\"", sub.name.as_str());
+ println!("✍️ Configuring server \"{}\"", sub.name.as_str());
config_m.servers.insert(
sub.name.to_owned(),
diff --git a/client/src/command/push.rs b/client/src/command/push.rs
index b2bb661..5d39549 100644
--- a/client/src/command/push.rs
+++ b/client/src/command/push.rs
@@ -91,7 +91,7 @@ impl PushContext {
return Ok(());
} else {
- eprintln!("⚙️ Pushing {num_missing_paths} paths to \"{cache}\" on \"{server}\" ({num_already_cached} already cached, {num_upstream} in upstream)...",
+ println!("⚙️ Pushing {num_missing_paths} paths to \"{cache}\" on \"{server}\" ({num_already_cached} already cached, {num_upstream} in upstream)...",
cache = self.cache_name.as_str(),
server = self.server_name.as_str(),
num_missing_paths = plan.store_path_map.len(),
diff --git a/client/src/command/use.rs b/client/src/command/use.rs
index 37d8cd6..d87f65e 100644
--- a/client/src/command/use.rs
+++ b/client/src/command/use.rs
@@ -34,15 +34,15 @@ pub async fn run(opts: Opts) -> Result<()> {
let public_key = cache_config.public_key
.ok_or_else(|| anyhow!("The server did not tell us which public key it uses. Is signing managed by the client?"))?;
- eprintln!(
+ println!(
"Configuring Nix to use \"{cache}\" on \"{server_name}\":",
cache = cache.as_str(),
server_name = server_name.as_str(),
);
// Modify nix.conf
- eprintln!("+ Substituter: {}", substituter);
- eprintln!("+ Trusted Public Key: {}", public_key);
+ println!("+ Substituter: {}", substituter);
+ println!("+ Trusted Public Key: {}", public_key);
let mut nix_config = NixConfig::load().await?;
nix_config.add_substituter(&substituter);
@@ -50,7 +50,7 @@ pub async fn run(opts: Opts) -> Result<()> {
// Modify netrc
if let Some(token) = server.token()? {
- eprintln!("+ Access Token");
+ println!("+ Access Token");
let mut nix_netrc = NixNetrc::load().await?;
let host = Url::parse(&substituter)?
diff --git a/client/src/command/watch_store.rs b/client/src/command/watch_store.rs
index 24eaf7a..aec0c33 100644
--- a/client/src/command/watch_store.rs
+++ b/client/src/command/watch_store.rs
@@ -91,7 +91,7 @@ pub async fn run(opts: Opts) -> Result<()> {
watcher.watch(&store_dir, RecursiveMode::NonRecursive)?;
- eprintln!(
+ println!(
"👀 Pushing new store paths to \"{cache}\" on \"{server}\"",
cache = cache.as_str(),
server = server_name.as_str(),
diff --git a/client/src/push.rs b/client/src/push.rs
index 309bd4b..2fea414 100644
--- a/client/src/push.rs
+++ b/client/src/push.rs
@@ -595,7 +595,7 @@ pub async fn upload_path(
};
mp.suspend(|| {
- eprintln!(
+ println!(
"✅ {} ({})",
path.as_os_str().to_string_lossy(),
info_string
diff --git a/server/src/database/migration/m20230112_000004_migrate_nar_remote_files_to_chunks.rs b/server/src/database/migration/m20230112_000004_migrate_nar_remote_files_to_chunks.rs
index 42d70a6..6bbe585 100644
--- a/server/src/database/migration/m20230112_000004_migrate_nar_remote_files_to_chunks.rs
+++ b/server/src/database/migration/m20230112_000004_migrate_nar_remote_files_to_chunks.rs
@@ -24,7 +24,7 @@ impl MigrationTrait for Migration {
// When this migration is run, we assume that there are no
// preexisting chunks.
- eprintln!("* Migrating NARs to chunks...");
+ println!("* Migrating NARs to chunks...");
// Add a temporary column into `chunk` to store the related `nar_id`.
manager
diff --git a/server/src/database/migration/m20230112_000005_drop_old_nar_columns.rs b/server/src/database/migration/m20230112_000005_drop_old_nar_columns.rs
index 9d29b66..7436b4a 100644
--- a/server/src/database/migration/m20230112_000005_drop_old_nar_columns.rs
+++ b/server/src/database/migration/m20230112_000005_drop_old_nar_columns.rs
@@ -16,7 +16,7 @@ impl MigrationName for Migration {
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
- eprintln!("* Migrating NAR schema...");
+ println!("* Migrating NAR schema...");
if manager.get_database_backend() == DatabaseBackend::Sqlite {
// Just copy all data to a new table
diff --git a/server/src/lib.rs b/server/src/lib.rs
index 0314e69..89644e1 100644
--- a/server/src/lib.rs
+++ b/server/src/lib.rs
@@ -217,7 +217,7 @@ async fn fallback(_: Uri) -> ServerResult<()> {
/// Runs the API server.
pub async fn run_api_server(cli_listen: Option<SocketAddr>, config: Config) -> Result<()> {
- eprintln!("Starting API server...");
+ println!("Starting API server...");
let state = StateInner::new(config).await;
@@ -239,7 +239,7 @@ pub async fn run_api_server(cli_listen: Option<SocketAddr>, config: Config) -> R
.layer(TraceLayer::new_for_http())
.layer(CatchPanicLayer::new());
- eprintln!("Listening on {:?}...", listen);
+ println!("Listening on {:?}...", listen);
let listener = TcpListener::bind(&listen).await?;
@@ -256,7 +256,7 @@ pub async fn run_api_server(cli_listen: Option<SocketAddr>, config: Config) -> R
/// Runs database migrations.
pub async fn run_migrations(config: Config) -> Result<()> {
- eprintln!("Running migrations...");
+ println!("Running migrations...");
let state = StateInner::new(config).await;
let db = state.database().await?;
diff --git a/server/src/main.rs b/server/src/main.rs
index c5f08df..3a37c23 100644
--- a/server/src/main.rs
+++ b/server/src/main.rs
@@ -121,14 +121,14 @@ fn init_logging(tokio_console: bool) {
.init();
if tokio_console {
- eprintln!("Note: tokio-console is enabled");
+ println!("Note: tokio-console is enabled");
}
}
fn dump_version() {
#[cfg(debug_assertions)]
- eprintln!("Attic Server {} (debug)", env!("CARGO_PKG_VERSION"));
+ println!("Attic Server {} (debug)", env!("CARGO_PKG_VERSION"));
#[cfg(not(debug_assertions))]
- eprintln!("Attic Server {} (release)", env!("CARGO_PKG_VERSION"));
+ println!("Attic Server {} (release)", env!("CARGO_PKG_VERSION"));
}
diff --git a/server/src/oobe.rs b/server/src/oobe.rs
index d3d912d..98ef88c 100644
--- a/server/src/oobe.rs
+++ b/server/src/oobe.rs
@@ -77,25 +77,25 @@ pub async fn run_oobe() -> Result<()> {
token.encode(&SignatureType::RS256(key), &None, &None)?
};
- eprintln!();
- eprintln!("-----------------");
- eprintln!("Welcome to Attic!");
- eprintln!();
- eprintln!("A simple setup using SQLite and local storage has been configured for you in:");
- eprintln!();
- eprintln!(" {}", config_path.to_str().unwrap());
- eprintln!();
- eprintln!("Run the following command to log into this server:");
- eprintln!();
- eprintln!(" attic login local http://localhost:8080 {root_token}");
- eprintln!();
- eprintln!("Documentations and guides:");
- eprintln!();
- eprintln!(" https://docs.attic.rs");
- eprintln!();
- eprintln!("Enjoy!");
- eprintln!("-----------------");
- eprintln!();
+ println!();
+ println!("-----------------");
+ println!("Welcome to Attic!");
+ println!();
+ println!("A simple setup using SQLite and local storage has been configured for you in:");
+ println!();
+ println!(" {}", config_path.to_str().unwrap());
+ println!();
+ println!("Run the following command to log into this server:");
+ println!();
+ println!(" attic login local http://localhost:8080 {root_token}");
+ println!();
+ println!("Documentations and guides:");
+ println!();
+ println!(" https://docs.attic.rs");
+ println!();
+ println!("Enjoy!");
+ println!("-----------------");
+ println!();
Ok(())
}

5
overlays/default.nix
View File

@@ -1,19 +1,17 @@
final: prev: final: prev:
{ {
android-tools = import ./android-tools final prev; android-tools = import ./android-tools final prev;
attic-client = import ./attic-client final prev;
darktable = import ./darktable final prev; darktable = import ./darktable final prev;
hyprland = import ./hyprland final prev; hyprland = import ./hyprland final prev;
mpv = import ./mpv final prev; mpv = import ./mpv final prev;
ncspot = import ./ncspot final prev;
spicetify-cli = import ./spicetify-cli final prev; spicetify-cli = import ./spicetify-cli final prev;
tea = import ./tea final prev;
telepresence = import ./telepresence final prev; telepresence = import ./telepresence final prev;
} }
// (import ../packages { pkgs = final; }) // (import ../packages { pkgs = final; })
// { // {
dockerImages = prev.dockerImages or { } // { dockerImages = prev.dockerImages or { } // {
adguardhome = final.docker-image-adguardhome; adguardhome = final.docker-image-adguardhome;
attic = final.docker-image-attic;
authelia = final.docker-image-authelia; authelia = final.docker-image-authelia;
base = final.docker-image-base; base = final.docker-image-base;
comentario = final.docker-image-comentario; comentario = final.docker-image-comentario;
@@ -84,7 +82,6 @@ final: prev:
}; };
sshKnownHosts = prev.sshKnownHosts or { } // { sshKnownHosts = prev.sshKnownHosts or { } // {
gitea = final.ssh-known-hosts-gitea;
github = final.ssh-known-hosts-github; github = final.ssh-known-hosts-github;
gitlab = final.ssh-known-hosts-gitlab; gitlab = final.ssh-known-hosts-gitlab;
}; };

15
overlays/ncspot/default.nix Normal file
View File

@@ -0,0 +1,15 @@
final: prev:
# FIXME: https://github.com/hrkfdn/ncspot/issues/1681#issuecomment-3186274719
prev.ncspot.overrideAttrs (oldAttrs: rec {
src = prev.fetchFromGitHub {
owner = "hrkfdn";
repo = "ncspot";
rev = "aac67d631f25bbc79f509d34aa85e6daff954830";
hash = "sha256-B6BA1ksfDEySZH6gzkU5khOzwXAmeHbMHsx3sXd9lbs=";
};
cargoDeps = prev.rustPlatform.fetchCargoVendor {
inherit src;
hash = "sha256-HrQJiIzSvu/vR03UdnCcU6TGToBDKKDC6XscjvX3KPE=";
};
})

10
overlays/tea/default.nix
View File

@@ -1,10 +0,0 @@
final: prev:
prev.tea.overrideAttrs (oldAttrs: {
patches = oldAttrs.patches or [ ] ++ [
(builtins.fetchurl {
url = "https://gitea.com/gitea/tea/pulls/639.patch";
sha256 = "sha256:0c5gpi6aajd3h0wp7lrvj5qk9wsqhgbap7ijvl0x117v0g8mgzvs";
})
./instance-ssh-host-env.patch
];
})

174
overlays/tea/instance-ssh-host-env.patch
View File

@@ -1,174 +0,0 @@
diff --git a/modules/config/login.go b/modules/config/login.go
index 3b77fb9..94de9cd 100644
--- a/modules/config/login.go
+++ b/modules/config/login.go
@@ -13,6 +13,7 @@ import (
"net/http/cookiejar"
"net/url"
"os"
+ "strconv"
"strings"
"time"
@@ -200,6 +201,63 @@ func UpdateLogin(login *Login) error {
return saveConfig()
}
+// CreateLoginFromEnvVars returns a login based on environment variables, or nil if no login can be created
+func CreateLoginFromEnvVars() (*Login, error) {
+ var token string
+
+ giteaToken := os.Getenv("GITEA_TOKEN")
+ githubToken := os.Getenv("GH_TOKEN")
+ giteaInstanceURL := os.Getenv("GITEA_INSTANCE_URL")
+ instanceInsecure := os.Getenv("GITEA_INSTANCE_INSECURE")
+ giteaInstanceSSHHost := os.Getenv("GITEA_INSTANCE_SSH_HOST")
+ insecure := false
+ if len(instanceInsecure) > 0 {
+ insecure, _ = strconv.ParseBool(instanceInsecure)
+ }
+
+ // if no tokens are set, or no instance url for gitea fail fast
+ if len(giteaInstanceURL) == 0 || (len(giteaToken) == 0 && len(githubToken) == 0) {
+ return nil, nil
+ }
+
+ token = giteaToken
+ if len(giteaToken) == 0 {
+ token = githubToken
+ }
+
+ login := &Login{
+ Name: "GITEA_LOGIN_VIA_ENV",
+ URL: giteaInstanceURL,
+ Token: token,
+ SSHHost: giteaInstanceSSHHost,
+ Insecure: insecure,
+ SSHKey: "",
+ SSHCertPrincipal: "",
+ SSHKeyFingerprint: "",
+ SSHAgent: false,
+ VersionCheck: true,
+ Created: time.Now().Unix(),
+ }
+
+ client := login.Client()
+ u, _, err := client.GetMyUserInfo()
+ if err != nil {
+ return nil, fmt.Errorf("failed to validate token: %s", err)
+ }
+
+ login.User = u.UserName
+
+ if login.SSHHost == "" {
+ parsedURL, err := url.Parse(giteaInstanceURL)
+ if err != nil {
+ return nil, err
+ }
+ login.SSHHost = parsedURL.Host
+ }
+
+ return login, nil
+}
+
// Client returns a client to operate Gitea API. You may provide additional modifiers
// for the client like gitea.SetBasicAuth() for customization
func (l *Login) Client(options ...gitea.ClientOption) *gitea.Client {
diff --git a/modules/context/context.go b/modules/context/context.go
index aec5592..636eeec 100644
--- a/modules/context/context.go
+++ b/modules/context/context.go
@@ -9,9 +9,7 @@ import (
"log"
"os"
"path"
- "strconv"
"strings"
- "time"
"code.gitea.io/tea/modules/config"
"code.gitea.io/tea/modules/git"
@@ -108,16 +106,6 @@ func InitCommand(cmd *cli.Command) *TeaContext {
c.RepoSlug = repoFlag
}
- // override config user with env variable
- envLogin := GetLoginByEnvVar()
- if envLogin != nil {
- _, err := utils.ValidateAuthenticationMethod(envLogin.URL, envLogin.Token, "", "", false, "", "")
- if err != nil {
- log.Fatal(err.Error())
- }
- c.Login = envLogin
- }
-
// override login from flag, or use default login if repo based detection failed
if len(loginFlag) != 0 {
c.Login = config.GetLoginByName(loginFlag)
@@ -196,10 +184,25 @@ func contextFromLocalRepo(repoPath, remoteValue string) (*git.TeaRepo, *config.L
return repo, nil, "", fmt.Errorf("Remote '%s' not found in this Git repository", remoteValue)
}
+ envLogin, err := config.CreateLoginFromEnvVars()
+ if err != nil {
+ log.Fatal(err.Error())
+ }
+
logins, err := config.GetLogins()
if err != nil {
return repo, nil, "", err
}
+
+ if envLogin != nil {
+ _, err := utils.ValidateAuthenticationMethod(envLogin.URL, envLogin.Token, "", "", false, "", "")
+ if err != nil {
+ log.Fatal(err.Error())
+ }
+
+ logins = append([]config.Login{*envLogin}, logins...)
+ }
+
for _, l := range logins {
sshHost := l.GetSSHHost()
for _, u := range remoteConfig.URLs {
@@ -223,40 +226,3 @@ func contextFromLocalRepo(repoPath, remoteValue string) (*git.TeaRepo, *config.L
return repo, nil, "", errNotAGiteaRepo
}
-
-// GetLoginByEnvVar returns a login based on environment variables, or nil if no login can be created
-func GetLoginByEnvVar() *config.Login {
- var token string
-
- giteaToken := os.Getenv("GITEA_TOKEN")
- githubToken := os.Getenv("GH_TOKEN")
- giteaInstanceURL := os.Getenv("GITEA_INSTANCE_URL")
- instanceInsecure := os.Getenv("GITEA_INSTANCE_INSECURE")
- insecure := false
- if len(instanceInsecure) > 0 {
- insecure, _ = strconv.ParseBool(instanceInsecure)
- }
-
- // if no tokens are set, or no instance url for gitea fail fast
- if len(giteaInstanceURL) == 0 || (len(giteaToken) == 0 && len(githubToken) == 0) {
- return nil
- }
-
- token = giteaToken
- if len(giteaToken) == 0 {
- token = githubToken
- }
-
- return &config.Login{
- Name: "GITEA_LOGIN_VIA_ENV",
- URL: giteaInstanceURL,
- Token: token,
- Insecure: insecure,
- SSHKey: "",
- SSHCertPrincipal: "",
- SSHKeyFingerprint: "",
- SSHAgent: false,
- Created: time.Now().Unix(),
- VersionCheck: false,
- }
-}

8
packages/comentario/default.nix
View File

@@ -2,14 +2,14 @@
# AUTO-UPDATE: nix-update --flake comentario --version=branch=dev --subpackage frontend # AUTO-UPDATE: nix-update --flake comentario --version=branch=dev --subpackage frontend
pkgs.buildGoModule (finalAttrs: { pkgs.buildGoModule (finalAttrs: {
pname = "comentario"; pname = "comentario";
version = "3.14.0-unstable-2025-08-29"; version = "3.14.0-unstable-2025-08-08";
src = pkgs.fetchFromGitLab { src = pkgs.fetchFromGitLab {
owner = "comentario"; owner = "comentario";
repo = "comentario"; repo = "comentario";
# FIXME: Stable rev once type error is fixed # FIXME: Stable rev once type error is fixed
rev = "90773f976366318389f9d5aa457e6303e6159740"; rev = "7380d55820827db82f9d191ad82cd35cdbf08cfa";
hash = "sha256-f0Y+OdbsG8eA2kD17b4QWaL0hAuoF476XtYm/aFOmLY="; hash = "sha256-uWpHrI4K/VfekW4PDaJXyqjyCGXbYnsGwV0OCSsfw3s=";
}; };
patches = [ patches = [
@@ -37,7 +37,7 @@ pkgs.buildGoModule (finalAttrs: {
missingHashes = ./missing-hashes.json; missingHashes = ./missing-hashes.json;
offlineCache = pkgs.yarn-berry.fetchYarnBerryDeps { offlineCache = pkgs.yarn-berry.fetchYarnBerryDeps {
inherit (finalFrontendAttrs) src patches missingHashes; inherit (finalFrontendAttrs) src patches missingHashes;
hash = "sha256-bn/PNgk7ZjCzGSj7BQQCB+5RY+ivJGYZa2/GC4eRjPY="; hash = "sha256-HGxWvdFDTCPoDD6ry30gfprvpDAMoQJ0RHMkCzOcVRs=";
}; };
nativeBuildInputs = with pkgs; [ nativeBuildInputs = with pkgs; [

6
packages/darktable/lua-scripts/default.nix
View File

@@ -2,13 +2,13 @@
# AUTO-UPDATE: nix-update --flake --version=branch=master darktable-lua-scripts # AUTO-UPDATE: nix-update --flake --version=branch=master darktable-lua-scripts
pkgs.stdenv.mkDerivation { pkgs.stdenv.mkDerivation {
pname = "lua-scripts"; pname = "lua-scripts";
version = "release-2.0.0-unstable-2025-08-18"; version = "release-2.0.0-unstable-2025-07-05";
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "darktable-org"; owner = "darktable-org";
repo = "lua-scripts"; repo = "lua-scripts";
rev = "c95547caa72f7b136b5192dd19a535da3fbe4e9b"; rev = "aed3275943f218e559c58b98579ceafb02e220da";
hash = "sha256-Qt3DkmNH/ZWY3uI8UvhSM4dDt7KDQlJqOnPmsySGGwU="; hash = "sha256-vRE0kxqbjdjwU+S0Eu44ctYulYPgD0XsrTsz1ESq6t0=";
}; };
installPhase = '' installPhase = ''

4
packages/default.nix
View File

@@ -6,7 +6,6 @@
darktable-lua-scripts = import ./darktable/lua-scripts { inherit pkgs; }; darktable-lua-scripts = import ./darktable/lua-scripts { inherit pkgs; };
docker-image-adguardhome = import ./docker/adguardhome { inherit pkgs; }; docker-image-adguardhome = import ./docker/adguardhome { inherit pkgs; };
docker-image-attic = import ./docker/attic { inherit pkgs; };
docker-image-authelia = import ./docker/authelia { inherit pkgs; }; docker-image-authelia = import ./docker/authelia { inherit pkgs; };
docker-image-base = import ./docker/base { inherit pkgs; }; docker-image-base = import ./docker/base { inherit pkgs; };
docker-image-comentario = import ./docker/comentario { inherit pkgs; }; docker-image-comentario = import ./docker/comentario { inherit pkgs; };
@@ -87,11 +86,8 @@
shlink = import ./shlink { inherit pkgs; }; shlink = import ./shlink { inherit pkgs; };
shlink-web-client = import ./shlink-web-client { inherit pkgs; }; shlink-web-client = import ./shlink-web-client { inherit pkgs; };
ssh-known-hosts-gitea = import ./ssh/known-hosts/gitea { inherit pkgs; };
ssh-known-hosts-github = import ./ssh/known-hosts/github { inherit pkgs; }; ssh-known-hosts-github = import ./ssh/known-hosts/github { inherit pkgs; };
ssh-known-hosts-gitlab = import ./ssh/known-hosts/gitlab { inherit pkgs; }; ssh-known-hosts-gitlab = import ./ssh/known-hosts/gitlab { inherit pkgs; };
wsl-wl-clipboard = import ./wsl-wl-clipboard { inherit pkgs; };
yazi-plugin-custom-shell = import ./yazi/plugins/custom-shell { inherit pkgs; }; yazi-plugin-custom-shell = import ./yazi/plugins/custom-shell { inherit pkgs; };
} }

34
packages/docker/attic/default.nix
View File

@@ -1,34 +0,0 @@
{ pkgs, ... }:
let
entrypoint = pkgs.writeTextFile {
name = "entrypoint";
executable = true;
destination = "/bin/entrypoint";
text = builtins.readFile ./entrypoint.sh;
};
in
pkgs.dockerTools.buildImage {
name = "attic";
fromImage = pkgs.docker-image-base;
copyToRoot = pkgs.buildEnv {
name = "root";
paths = with pkgs; [
entrypoint
attic-server
attic-client
];
pathsToLink = [ "/bin" ];
};
config = {
Entrypoint = [ "entrypoint" ];
ExposedPorts = {
"8080/tcp" = { };
};
WorkingDir = "/var/lib/atticd";
Volumes = {
"/var/lib/atticd" = { };
};
};
}

16
packages/docker/attic/entrypoint.sh
View File

@@ -1,16 +0,0 @@
#!/usr/bin/env sh
set -o errexit
set -o nounset
atticd "$@" &
PID=$!
if [ -f /etc/attic/post-start.sh ]; then
# shellcheck disable=SC1091
. /etc/attic/post-start.sh
fi
trap 'kill -KILL "$PID"' INT TERM
wait "$PID"
exit $?

8
packages/littlelink-server/default.nix
View File

@@ -2,18 +2,18 @@
# AUTO-UPDATE: nix-update --flake --version=branch=master littlelink-server # AUTO-UPDATE: nix-update --flake --version=branch=master littlelink-server
pkgs.stdenv.mkDerivation (finalAttrs: { pkgs.stdenv.mkDerivation (finalAttrs: {
pname = "littlelink-server"; pname = "littlelink-server";
version = "0-unstable-2025-08-25"; version = "0-unstable-2025-07-30";
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "techno-tim"; owner = "techno-tim";
repo = "littlelink-server"; repo = "littlelink-server";
rev = "9c65c4f389a92b2bf2ca85e545960ef3be4e72e9"; rev = "bc1b832bfa02bd901d3592820bb9f2eaa6b65b30";
hash = "sha256-nd3dMWuYz2Af5XokTgMJdF0U2L98EW6CVuDGSXSOlls="; hash = "sha256-5IDwp/mv0mRsLPxbzZfYxV3hE0U2iJEJitj5OlEhVvs=";
}; };
offlineCache = pkgs.fetchYarnDeps { offlineCache = pkgs.fetchYarnDeps {
yarnLock = finalAttrs.src + "/yarn.lock"; yarnLock = finalAttrs.src + "/yarn.lock";
hash = "sha256-Ikd2PUBIPTTv7e08HbANk4chwMtObyZtnd6pyiWKqps="; hash = "sha256-HbidudAixPNkW3/TAjcDnVZoMyrHein4+sV0QGaZWIo=";
}; };
nativeBuildInputs = with pkgs; [ nativeBuildInputs = with pkgs; [

2
packages/obsidian/plugins/dataview/default.nix
View File

@@ -12,8 +12,8 @@ pkgs.buildNpmPackage (finalAttrs: {
}; };
patches = [ ./package-lock.patch ]; patches = [ ./package-lock.patch ];
makeCacheWritable = true; makeCacheWritable = true;
npmDepsHash = "sha256-9RZCDzY9ETs7DPQfBxig92rhA2iCOOKVqwbUJeTGqrY="; npmDepsHash = "sha256-9RZCDzY9ETs7DPQfBxig92rhA2iCOOKVqwbUJeTGqrY=";
npmPackFlags = [ "--ignore-scripts" ]; npmPackFlags = [ "--ignore-scripts" ];

6
packages/obsidian/plugins/excalidraw/default.nix
View File

@@ -2,13 +2,13 @@
# AUTO-UPDATE: nix-update --flake obsidian-plugin-excalidraw --subpackage mathjaxToSVG # AUTO-UPDATE: nix-update --flake obsidian-plugin-excalidraw --subpackage mathjaxToSVG
pkgs.buildNpmPackage (finalAttrs: { pkgs.buildNpmPackage (finalAttrs: {
pname = "obsidian.plugins.excalidraw"; pname = "obsidian.plugins.excalidraw";
version = "2.15.1"; version = "2.14.3";
pkg = pkgs.fetchFromGitHub { pkg = pkgs.fetchFromGitHub {
owner = "zsviczian"; owner = "zsviczian";
repo = "obsidian-excalidraw-plugin"; repo = "obsidian-excalidraw-plugin";
rev = finalAttrs.version; rev = finalAttrs.version;
hash = "sha256-EsyR5PTZkR+/+5F9mteZ06smbX0mhxtbagO6ZDloHgs="; hash = "sha256-cZAxCJFlw+ShO5YQDkzw58Y4W+cqRb9oyjp/xHRX6cE=";
}; };
mathjaxToSVG = pkgs.buildNpmPackage { mathjaxToSVG = pkgs.buildNpmPackage {
@@ -32,7 +32,7 @@ pkgs.buildNpmPackage (finalAttrs: {
patches = [ ./package-lock.patch ]; patches = [ ./package-lock.patch ];
npmDepsHash = "sha256-QuhHPLjPpZNKZH7qhOr77CCZS9+ls35+ka4WYOEt4zI="; npmDepsHash = "sha256-OKIK8zyadoAmX5BciqJzhHM8cl0vRnCywlMrNhcUWHI=";
npmPackFlags = [ "--ignore-scripts" ]; npmPackFlags = [ "--ignore-scripts" ];
configurePhase = '' configurePhase = ''

18
packages/obsidian/plugins/excalidraw/package-lock.patch
View File

@@ -1,13 +1,13 @@
diff --git a/package-lock.json b/package-lock.json diff --git a/package-lock.json b/package-lock.json
index 21d66bd..fc0b033 100644 index 033dbdd..fcb5477 100644
--- a/package-lock.json --- a/package-lock.json
+++ b/package-lock.json +++ b/package-lock.json
@@ -11,7 +11,7 @@ @@ -11,7 +11,7 @@
"dependencies": { "dependencies": {
"@popperjs/core": "^2.11.8", "@popperjs/core": "^2.11.8",
"@zsviczian/colormaster": "^1.2.2", "@zsviczian/colormaster": "^1.2.2",
- "@zsviczian/excalidraw": "0.18.0-31", - "@zsviczian/excalidraw": "0.18.0-27",
+ "@zsviczian/excalidraw": "0.18.0-37", + "@zsviczian/excalidraw": "0.18.0-30",
"chroma-js": "^3.1.2", "chroma-js": "^3.1.2",
"clsx": "^2.0.0", "clsx": "^2.0.0",
"es6-promise-pool": "2.5.0", "es6-promise-pool": "2.5.0",
@@ -15,12 +15,12 @@ index 21d66bd..fc0b033 100644
"license": "MIT" "license": "MIT"
}, },
"node_modules/@zsviczian/excalidraw": { "node_modules/@zsviczian/excalidraw": {
- "version": "0.18.0-31", - "version": "0.18.0-27",
- "resolved": "https://registry.npmjs.org/@zsviczian/excalidraw/-/excalidraw-0.18.0-31.tgz", - "resolved": "https://registry.npmjs.org/@zsviczian/excalidraw/-/excalidraw-0.18.0-27.tgz",
- "integrity": "sha512-A1wyp8EVOhCdoxdX7middc8LoLpjPLtxiSTeBbdMtungl8VQzAcQ2tSGCkncK/8RBcBaUk44Hr6KcWjezHnQew==", - "integrity": "sha512-cigzCO65+EB+Y4G9LYEK/kVf2R3nNqNjEhGWqi5tZ0AcHEKPsMHAn6CtU36V6crRdojZLtyg5RASIdkxy4zZCA==",
+ "version": "0.18.0-37", + "version": "0.18.0-30",
+ "resolved": "https://registry.npmjs.org/@zsviczian/excalidraw/-/excalidraw-0.18.0-37.tgz", + "resolved": "https://registry.npmjs.org/@zsviczian/excalidraw/-/excalidraw-0.18.0-30.tgz",
+ "integrity": "sha512-SC4a6wj6IzE9HucxImDoOPcojojW/8FSry1hSA+hXfU350DhY6VlpFQ1DHJMPqVgIkFHB/hbCHt3klV+66+ouw==", + "integrity": "sha512-jeiejbAqCPq1kg76kxNV2+PpBf8yDCdcgPqZ6O4TOX+2IKpw0/K9Y16VPjGDO7SWGRBCi82WM98Vf09tdl5KaQ==",
+ "license": "MIT", + "license": "MIT",
"dependencies": { "dependencies": {
"@braintree/sanitize-url": "6.0.2", "@braintree/sanitize-url": "6.0.2",

6
packages/obsidian/plugins/tasks/default.nix
View File

@@ -2,18 +2,18 @@
# AUTO-UPDATE: nix-update --flake obsidian-plugin-tasks # AUTO-UPDATE: nix-update --flake obsidian-plugin-tasks
pkgs.stdenv.mkDerivation (finalAttrs: { pkgs.stdenv.mkDerivation (finalAttrs: {
pname = "tasks"; pname = "tasks";
version = "7.21.0"; version = "7.20.0";
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "obsidian-tasks-group"; owner = "obsidian-tasks-group";
repo = "obsidian-tasks"; repo = "obsidian-tasks";
rev = finalAttrs.version; rev = finalAttrs.version;
hash = "sha256-/7vTXAsMHWOopscdKldbXpvQvEl4qcnV3HpYClZWUsg="; hash = "sha256-K9/H2BgruB1O9KwW+xoiCsuXFfu6o4xZDCI40OEmh+o=";
}; };
offlineCache = pkgs.fetchYarnDeps { offlineCache = pkgs.fetchYarnDeps {
yarnLock = finalAttrs.src + "/yarn.lock"; yarnLock = finalAttrs.src + "/yarn.lock";
hash = "sha256-PXMN/05G1FIiR93seJSBilZDzXMv3o3cXDaEOUC71s0="; hash = "sha256-ecPZvpMQkL2o0X4qx6h1jwQVZrtTC3+Aj7n/SBLRQbo=";
}; };
nativeBuildInputs = with pkgs; [ nativeBuildInputs = with pkgs; [

6
packages/obsidian/plugins/url-into-selection/default.nix
View File

@@ -2,16 +2,16 @@
# AUTO-UPDATE: nix-update --flake obsidian-plugin-url-into-selection # AUTO-UPDATE: nix-update --flake obsidian-plugin-url-into-selection
pkgs.buildNpmPackage (finalAttrs: { pkgs.buildNpmPackage (finalAttrs: {
pname = "url-into-selection"; pname = "url-into-selection";
version = "1.11.4"; version = "1.11.3";
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "denolehov"; owner = "denolehov";
repo = "obsidian-url-into-selection"; repo = "obsidian-url-into-selection";
rev = finalAttrs.version; rev = finalAttrs.version;
hash = "sha256-8yzx1ryMf7gRGbdD7zL3I1Q+W1RwcubTo42o6O3zCDY="; hash = "sha256-B793Lpt/3ddj9xvpNSsiHjsa1yP7ZXhQFLBUPfCriAw=";
}; };
npmDepsHash = "sha256-/EVidF6Wn/AFFgqYIJjUErpZyfliNtCSHMMS1n6GBew="; npmDepsHash = "sha256-DKjYtQ6KycPEms5BdyOXw6iNb9MgNOyJg8haL+cZHMk=";
npmPackFlags = [ "--ignore-scripts" ]; npmPackFlags = [ "--ignore-scripts" ];
installPhase = '' installPhase = ''

4
packages/obsidian/themes/minimal/default.nix
View File

@@ -2,13 +2,13 @@
# AUTO-UPDATE: nix-update --flake obsidian-theme-minimal # AUTO-UPDATE: nix-update --flake obsidian-theme-minimal
pkgs.buildNpmPackage (finalAttrs: { pkgs.buildNpmPackage (finalAttrs: {
pname = "minimal"; pname = "minimal";
version = "8.0.4"; version = "8.0.3";
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "kepano"; owner = "kepano";
repo = "obsidian-minimal"; repo = "obsidian-minimal";
rev = finalAttrs.version; rev = finalAttrs.version;
hash = "sha256-TGToK2k9zpd5LappqlkGgxJliXqE4HzsBq07c4IN+T4="; hash = "sha256-pLfmIRY/opTgxYsvyNa9MVN9NziCTrjDTM/oBfhxEc0=";
}; };
npmDepsHash = "sha256-R+XeEkDP0MxNQsFCWmHXKtLBcmiOTv9Nw7t2e27kvQg="; npmDepsHash = "sha256-R+XeEkDP0MxNQsFCWmHXKtLBcmiOTv9Nw7t2e27kvQg=";

6
packages/oidcwarden/default.nix
View File

@@ -3,16 +3,16 @@
# FIXME: https://github.com/dani-garcia/vaultwarden/pull/3899 # FIXME: https://github.com/dani-garcia/vaultwarden/pull/3899
pkgs.rustPlatform.buildRustPackage (finalAttrs: { pkgs.rustPlatform.buildRustPackage (finalAttrs: {
pname = "oidcwarden"; pname = "oidcwarden";
version = "2025.8.1-1"; version = "2025.6.1-3";
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "Timshel"; owner = "Timshel";
repo = "OIDCWarden"; repo = "OIDCWarden";
rev = "v${finalAttrs.version}"; rev = "v${finalAttrs.version}";
hash = "sha256-yH2qewIV79hBDRn0KFj2mULpD2tTm5+8E2kIN8uMWHM="; hash = "sha256-I4zOWIU8iBQeLMMQSVcKc3w+WodiZ6MDYnKR7H/+v0Y=";
}; };
cargoHash = "sha256-ZPCRFBaISCIlPY/x3lTqxuePgZXcOLvgyOrw2XVcAVw="; cargoHash = "sha256-fMePvMnefdcN90Y3BPqcKNXyg7tUd64IOUnOQis/qTU=";
env.VW_VERSION = finalAttrs.version; env.VW_VERSION = finalAttrs.version;

4
packages/prometheus-podman-exporter/default.nix
View File

@@ -2,13 +2,13 @@
# AUTO-UPDATE: nix-update --flake prometheus-podman-exporter # AUTO-UPDATE: nix-update --flake prometheus-podman-exporter
pkgs.buildGoModule (finalAttrs: { pkgs.buildGoModule (finalAttrs: {
pname = "prometheus-podman-exporter"; pname = "prometheus-podman-exporter";
version = "1.18.0"; version = "1.17.2";
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "containers"; owner = "containers";
repo = "prometheus-podman-exporter"; repo = "prometheus-podman-exporter";
rev = "v${finalAttrs.version}"; rev = "v${finalAttrs.version}";
hash = "sha256-hrecxJp78c8LruXTGRDU6zNWnyh+vwgCpVJsm026NYw="; hash = "sha256-TlQQbeYcCTZKF6DUKM+UE8iU9KC5tLpCtee62sNbW8s=";
}; };
vendorHash = null; vendorHash = null;

9
packages/shlink-web-client/default.nix
View File

@@ -2,19 +2,16 @@
# AUTO-UPDATE: nix-update --flake shlink-web-client # AUTO-UPDATE: nix-update --flake shlink-web-client
pkgs.buildNpmPackage (finalAttrs: { pkgs.buildNpmPackage (finalAttrs: {
pname = "shlink-web-client"; pname = "shlink-web-client";
version = "4.5.1"; version = "4.5.0";
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "shlinkio"; owner = "shlinkio";
repo = finalAttrs.pname; repo = finalAttrs.pname;
rev = "v${finalAttrs.version}"; rev = "v${finalAttrs.version}";
hash = "sha256-ieRTXAYlF0IOt/dlXuHUGvvT1J+TYVWaoNQbYZFLOZ4="; hash = "sha256-pIB1WH5iRyr0yNjqxK+bC7qh5fSzYMdOzlut1ohjSkg=";
}; };
patches = [ ./package-lock.patch ]; npmDepsHash = "sha256-Kn2hVMxQpNi3SwGElymNojaUyc/QMbi+9oIuFEkLeLw=";
npmDepsHash = "sha256-q1LUimy7rQe3cKMZEI0SflGeUhthykLpcvJz1oLSkfY=";
npmFlags = [ "--legacy-peer-deps" ];
homepage = "/web"; homepage = "/web";

24553
packages/shlink-web-client/package-lock.patch
View File

File diff suppressed because it is too large Load Diff

4
packages/shlink/default.nix
View File

@@ -2,11 +2,11 @@
# AUTO-UPDATE: nix-update --flake shlink # AUTO-UPDATE: nix-update --flake shlink
pkgs.stdenv.mkDerivation (finalAttrs: { pkgs.stdenv.mkDerivation (finalAttrs: {
pname = "shlink"; pname = "shlink";
version = "4.5.2"; version = "4.5.0";
src = pkgs.fetchzip { src = pkgs.fetchzip {
url = "https://github.com/shlinkio/shlink/releases/download/v${finalAttrs.version}/shlink${finalAttrs.version}_php8.4_dist.zip"; url = "https://github.com/shlinkio/shlink/releases/download/v${finalAttrs.version}/shlink${finalAttrs.version}_php8.4_dist.zip";
sha256 = "sha256-1ZKC/o3IPPfVWxyAIkiaLN70XXLXHKalAvEG63Xrmes="; sha256 = "sha256-IndszqEW3pUaBIHBh4eIkPF2sM/KawANAW1wWx8tRdU=";
}; };
installPhase = '' installPhase = ''

16
packages/ssh/known-hosts/gitea/default.nix
View File

@@ -1,16 +0,0 @@
{ pkgs, ... }:
pkgs.stdenv.mkDerivation {
pname = "ssh-known-hosts-gitea";
version = "0-unstable-2025-09-01";
src = pkgs.lib.fetchers.sshKnownHosts {
host = "gitea.com";
hash = "sha256-xibPjdZdkUSQS+YLfVsanFfAEnKfAPxgRAz138sNJ6c=";
};
phases = [ "installPhase" ];
installPhase = ''
cp $src $out
'';
}

Some files were not shown because too many files have changed in this diff Show More