diff --git a/common/fish/config.fish b/common/fish/config.fish index f4c8387..2f5fb60 100755 --- a/common/fish/config.fish +++ b/common/fish/config.fish @@ -42,13 +42,17 @@ if test -f /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh set --prepend --export --global fish_user_paths $HOME/.nix-profile/bin /nix/var/nix/profiles/default/bin end -if has_command nnn - source $DOTFILES_PATH/common/nnn/config.fish +if has_command direnv + direnv hook fish | source end # everything after this is ONLY relevant to interactive shells status --is-interactive || exit +if has_command nnn + source $DOTFILES_PATH/common/nnn/config.fish +end + for f in prompt key-bindings source $FISH_PATH/$f.fish end diff --git a/common/helix/languages.toml b/common/helix/languages.toml index b537d32..72ff30e 100644 --- a/common/helix/languages.toml +++ b/common/helix/languages.toml @@ -6,6 +6,11 @@ auto-format = true name = "html" auto-format = false +[[language]] +name = "nix" +auto-format = true +formatter = { command = "nixpkgs-fmt", args = [] } + [[language]] name = "fish" auto-format = true diff --git a/os/linux/nix/.sops.yaml b/os/linux/nix/.sops.yaml index e2cfbbf..a073525 100644 --- a/os/linux/nix/.sops.yaml +++ b/os/linux/nix/.sops.yaml @@ -2,11 +2,11 @@ keys: - &daniel age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45 # pass age-key | rg '# pub' - &sshd-at-beefcake age1k8s590x34ghz7yrjyrgzkd24j252srf0mhfy34halp4frwr065csrlt2ev # ssh beefcake "nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'" creation_rules: - - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ + - path_regex: secrets/[^/]+\.(ya?ml|json|env|ini)$ key_groups: - age: - *daniel - - path_regex: secrets/beefcake/[^/]+\.(yaml|json|env|ini)$ + - path_regex: secrets/beefcake/[^/]+\.(ya?ml|json|env|ini)$ key_groups: - age: - *daniel diff --git a/os/linux/nix/daniel.nix b/os/linux/nix/daniel.nix new file mode 100644 index 0000000..905d8f2 --- /dev/null +++ b/os/linux/nix/daniel.nix @@ -0,0 +1,75 @@ +{ pkgs, ... }: { + home.username = "daniel"; + home.homeDirectory = "/home/daniel/.home"; + home.stateVersion = "23.05"; + + programs.home-manager.enable = true; + + programs.direnv.enable = true; + programs.nix-direnv.enable = true; + + programs.fish.enable = true; + + programs.nix-index = { + enable = true; + enableFishIntegration = true; + }; + + home.pointerCursor = { + name = "Catppuccin-Mocha-Sapphire-Cursors"; + package = pkgs.catppuccin-cursors.mochaSapphire; + size = 64; # TODO: this doesn't seem to work -- at least in Sway + }; + + programs.firefox = { + enable = true; + + package = (pkgs.firefox.override { extraNativeMessagingHosts = [ pkgs.passff-host ]; }); + + # extensions = with pkgs.nur.repos.rycee.firefox-addons; [ + # ublock-origin + # ]; # TODO: would be nice to have _all_ my firefox stuff managed here instead of Firefox Sync maybe? + + profiles = { + daniel = { + id = 0; + settings = { + "general.smoothScroll" = true; + }; + + extraConfig = '' + user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); + // user_pref("full-screen-api.ignore-widgets", true); + user_pref("media.ffmpeg.vaapi.enabled", true); + user_pref("media.rdd-vpx.enabled", true); + ''; + + userChrome = '' + /* Remove close button*/ .titlebar-buttonbox-container{ display:none } + + #webrtcIndicator { + display: none; + } + + #main-window[tabsintitlebar="true"]:not([extradragspace="true"]) #TabsToolbar>.toolbar-items { + opacity: 0; + pointer-events: none; + } + + #main-window:not([tabsintitlebar="true"]) #TabsToolbar { + visibility: collapse !important; + } + ''; + + # userContent = '' + # ''; + }; + + }; + }; + + # wayland.windowManager.sway = { + # enable = true; + # }; # TODO: would be nice to have my sway config declared here instead of symlinked in by dotfiles scripts? + # maybe we can share somehow so things for nix-y systems and non-nix-y systems alike +} diff --git a/os/linux/nix/flake.lock b/os/linux/nix/flake.lock index 578a368..7d21de4 100644 --- a/os/linux/nix/flake.lock +++ b/os/linux/nix/flake.lock @@ -6,11 +6,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1690530040, - "narHash": "sha256-xuEvYkll4AB++/aatW3x8eXCsv9Kz7rujfOK3uzxTIQ=", + "lastModified": 1690574004, + "narHash": "sha256-1bF8WGiYe9AwhVaRN2VcyIPmQsnxRL5BPQC1hAe3K64=", "ref": "refs/heads/master", - "rev": "8aab004307252563e0b2c8de55e13bdf9891c892", - "revCount": 63, + "rev": "02bf4481bc8d057a7ef4ae01467f8bd574ccb1c1", + "revCount": 71, "type": "git", "url": "ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git" }, @@ -19,6 +19,27 @@ "url": "ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git" } }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1690739034, + "narHash": "sha256-roW02IaiQ3gnEEDMCDWL5YyN+C4nBf/te6vfL7rG0jk=", + "owner": "nix-community", + "repo": "disko", + "rev": "4015740375676402a2ee6adebc3c30ea625b9a94", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "master", + "repo": "disko", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -92,11 +113,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1690370995, - "narHash": "sha256-9z//23jGegLJrf3ITStLwVf715O39dq5u48Kr/XW14U=", + "lastModified": 1691252436, + "narHash": "sha256-SKKPKYOnFcwqECehxoFBMLv29CZXC5qCDuETSuXd82g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f3fbbc36b4e179a5985b9ab12624e9dfe7989341", + "rev": "9607b9149c9d81fdf3dc4f3bcc278da146ffbd77", "type": "github" }, "original": { @@ -109,6 +130,7 @@ "root": { "inputs": { "api-lyte-dev": "api-lyte-dev", + "disko": "disko", "home-manager": "home-manager", "nixpkgs": "nixpkgs_2", "sops-nix": "sops-nix" diff --git a/os/linux/nix/flake.nix b/os/linux/nix/flake.nix index c4ad082..15e9fd5 100644 --- a/os/linux/nix/flake.nix +++ b/os/linux/nix/flake.nix @@ -1,17 +1,14 @@ # Welcome to my nix config! I'm just getting started with flakes, so please # forgive the mess. -# TODO: would be nice to get hardware congigs in here as well - # TODO: declarative disks with https://github.com/nix-community/disko # TODO: home-manager? - { inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05"; - # TODO: this could be a tarball? fully recompiling this on every change suuuucks + # TODO: this could be a release tarball? fully recompiling this on every change suuuucks api-lyte-dev.url = "git+ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git"; home-manager = { @@ -21,6 +18,13 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + disko = { + url = "github:nix-community/disko/master"; # NOTE: lock update! + + # use the version of nixpkgs we specified above rather than the one HM would ordinarily use + inputs.nixpkgs.follows = "nixpkgs"; + }; + sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; @@ -45,6 +49,24 @@ } ]; }; + + thinker = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.disko.nixosModules.disko + ./machines/thinker-disks.nix + { _module.args.disks = [ "/dev/nvme0n1" ]; } + ./machines/thinker.nix + inputs.home-manager.nixosModules.home-manager + inputs.sops-nix.nixosModules.sops + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.daniel = import ./daniel.nix; + } + ]; + }; }; }; } diff --git a/os/linux/nix/machines/beefcake.nix b/os/linux/nix/machines/beefcake.nix index 4385c42..5744c01 100644 --- a/os/linux/nix/machines/beefcake.nix +++ b/os/linux/nix/machines/beefcake.nix @@ -5,53 +5,61 @@ { config, pkgs, ... }: rec { nix.settings.experimental-features = [ "nix-command" "flakes" ]; imports = [ - # ./beefcake-hardware.nix ]; - services.api-lyte-dev = { + services.api-lyte-dev = rec { enable = true; port = 5757; stateDir = "/var/lib/api-lyte-dev"; - configFile = sops.secrets.api-lyte-dev.path; + configFile = sops.secrets."api.lyte.dev".path; + user = "api-lyte-dev"; + group = user; }; + systemd.services.api-lyte-dev.environment.LOG_LEVEL = "debug"; + sops = { - defaultSopsFile = ../secrets/beefcake/example.yaml; + defaultSopsFile = ../secrets/beefcake/secrets.yml; age = { sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; keyFile = "/var/lib/sops-nix/key.txt"; generateKey = true; }; secrets = { - api-lyte-dev = { - sopsFile = ../secrets/beefcake/api-lyte-dev.json; - format = "json"; + # example-key = { + # # see these and other options' documentation here: + # # https://github.com/Mic92/sops-nix#set-secret-permissionowner-and-allow-services-to-access-it + + # # set permissions: + # # mode = "0440"; + # # owner = config.users.users.nobody.name; + # # group = config.users.users.nobody.group; + + # # restart service when a secret changes or is newly initialized + # # restartUnits = [ "home-assistant.service" ]; + + # # symlink to certain directories + # path = "/var/lib/my-example-key/secrets.yaml"; + + # # for use as a user password + # # neededForUsers = true; + # }; + + # subdirectory + # "myservice/my_subdir/my_secret" = { }; + + "api.lyte.dev" = { path = "${services.api-lyte-dev.stateDir}/secrets.json"; + # TODO: would be cool to assert that it's correctly-formatted JSON? mode = "0440"; owner = services.api-lyte-dev.user; group = services.api-lyte-dev.group; }; - example-key = { - # see these and other options' documentation here: - # https://github.com/Mic92/sops-nix#set-secret-permissionowner-and-allow-services-to-access-it - - # set permissions: - # mode = "0440"; - # owner = config.users.users.nobody.name; - # group = config.users.users.nobody.group; - - # restart service when a secret changes or is newly initialized - # restartUnits = [ "home-assistant.service" ]; - - # symlink to certain directories - path = "/var/lib/my-example-key/secrets.yaml"; - - # for use as a user password - # neededForUsers = true; - }; - "myservice/my_subdir/my_secret" = { }; + plausible-admin-password = {}; + plausible-erlang-cookie = {}; + plausible-secret-key-base = {}; }; }; @@ -312,23 +320,25 @@ services.clickhouse.enable = true; services.plausible = { - enable = false; # TODO: enable this and fix access? probably need a proper secrets management system that integrates with nix (sops-nix?) - # otherwise we can probably chown these files to a group that plausible has access to for reading - releaseCookiePath = "/root/plausible-erlang-cookie"; + enable = true; + releaseCookiePath = config.sops.secrets.plausible-erlang-cookie.path; database = { clickhouse.setup = true; - postgres.setup = true; + postgres = { + setup = false; + dbname = "plausible"; + }; }; server = { baseUrl = "http://beefcake.hare-cod.ts.net:8899"; disableRegistration = true; port = 8899; - secretKeybaseFile = "/root/plusible-secret-key-base"; + secretKeybaseFile = config.sops.secrets.plausible-secret-key-base.path; }; adminUser = { - activate = true; + activate = false; email = "daniel@lyte.dev"; - passwordFile = "/root/plausible-admin-password"; + passwordFile = config.sops.secrets.plausible-admin-password.path; }; }; @@ -357,21 +367,22 @@ authentication = pkgs.lib.mkOverride 10 '' #type database DBuser auth-method local all postgres peer map=superuser_map + local all daniel peer map=superuser_map local sameuser all peer map=superuser_map - local plausible plausible peer map=superuser_map + local plausible plausible peer map=superuser_map # lan ipv4 host all all 10.0.0.0/24 trust # tailnet ipv4 - host all all 100.64.0.0/10 trust + host all all 100.64.0.0/10 trust ''; identMap = '' # ArbitraryMapName systemUser DBUser - superuser_map root postgres - superuser_map postgres postgres - superuser_map daniel postgres + superuser_map root postgres + superuser_map postgres postgres + superuser_map daniel postgres # Let other names login as themselves superuser_map /^(.*)$ \1 ''; diff --git a/os/linux/nix/machines/thinker-disks.nix b/os/linux/nix/machines/thinker-disks.nix new file mode 100644 index 0000000..b0e7ef8 --- /dev/null +++ b/os/linux/nix/machines/thinker-disks.nix @@ -0,0 +1,60 @@ +{ disks ? [ "/dev/vda" ], ... }: { + disko.devices = { + disk = { + vdb = { + type = "disk"; + device = builtins.elemAt disks 0; + content = { + type = "gpt"; + partitions = { + ESP = { + label = "EFI"; + name = "ESP"; + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "defaults" + ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + extraOpenArgs = [ "--allow-discards" ]; + # if you want to use the key for interactive login be sure there is no trailing newline + # for example use `echo -n "password" > /tmp/secret.key` + keyFile = "/tmp/secret.key"; # Interactive + # settings.keyFile = "/tmp/password.key"; + # additionalKeyFiles = ["/tmp/additionalSecret.key"]; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/os/linux/nix/machines/thinker-hardware.nix b/os/linux/nix/machines/thinker-hardware.nix new file mode 100644 index 0000000..29217e6 --- /dev/null +++ b/os/linux/nix/machines/thinker-hardware.nix @@ -0,0 +1,27 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/os/linux/nix/machines/thinker.nix b/os/linux/nix/machines/thinker.nix new file mode 100644 index 0000000..bf4e6ee --- /dev/null +++ b/os/linux/nix/machines/thinker.nix @@ -0,0 +1,328 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running `nixos-help`). + +{ pkgs, nixpkgs, ... }: + +let + dbus-sway-environment = pkgs.writeTextFile { + name = "dbus-sway-environment"; + destination = "/bin/dbus-sway-environment"; + executable = true; + + text = '' + dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway + systemctl --user stop wireplumber xdg-desktop-portal xdg-desktop-portal-wlr + systemctl --user start wireplumber xdg-desktop-portal xdg-desktop-portal-wlr + ''; + }; + + # TODO: hibernation? + + # TODO: fonts? right now, I'm just installing to ~/.local/share/fonts + + configure-gtk = pkgs.writeTextFile { + name = "configure-gtk"; + destination = "/bin/configure-gtk"; + executable = true; + text = + let + schema = pkgs.gsettings-desktop-schemas; + datadir = "${schema}/share/gsettings-schemas/${schema.name}"; + in + '' + export XDG_DATA_DIRS="${datadir}:$XDG_DATA_DIRS + gnome_schema = org.gnome.desktop.interface + gsettings set $gnome_schema gtk-theme 'Catppuccin-Mocha' + ''; + }; +in +{ + imports = + [ + # Include the results of the hardware scan. + ./thinker-hardware.nix + ]; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + nixpkgs.config = { + allowUnfree = true; + packageOverrides = pkgs: { + vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; + }; + }; + + hardware.opengl = { + enable = true; + driSupport32Bit = true; + driSupport = true; + + extraPackages = with pkgs; [ + intel-media-driver # LIBVA_DRIVER_NAME=iHD + vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) + vaapiVdpau + libvdpau-va-gl + ]; + }; + + xdg.portal = { + enable = true; + wlr.enable = true; + }; + + programs.sway = { + enable = true; + wrapperFeatures.gtk = true; + }; + + networking.hostName = "thinker"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networking.networkmanager.enable = true; + + security.polkit.enable = true; + security.rtkit.enable = true; + + programs.fish.enable = true; + users.defaultUserShell = pkgs.fish; + + services.pipewire = { + enable = true; + wireplumber.enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # pulse.support32Bit = true; + jack.enable = true; + }; + + # Set your time zone. + time.timeZone = "America/Chicago"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + useXkbConfig = true; + }; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + + # Configure keymap in X11 + services.xserver.layout = "us"; + services.xserver.xkbOptions = "ctrl:nocaps"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # sound.enable = true; + # hardware.pulseaudio.support32Bit = true; + hardware.pulseaudio.support32Bit = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.daniel = { + isNormalUser = true; + home = "/home/daniel/.home"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev" + ]; + extraGroups = [ "wheel" "video" ]; + packages = [ ]; + }; + + services.dbus.enable = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + + # TODO: my font? + # TODO: wayland screensharing + # TODO: wireplumber? + environment.systemPackages = with pkgs; [ + age + bat + bind + bottom + brightnessctl + broot + clang + curl + delta + dog + dtach + dua + exa + fd + feh + file + fwupd + gcc + gimp + git + git-lfs + grim + helix + hexyl + htop + inkscape + inotify-tools + iputils + killall + kitty + krita + libinput + libinput-gestures + libnotify + lutris + gnumake + mako + mosh + nmap + nnn + nil + nixpkgs-fmt + noto-fonts + pamixer + (pass.withExtensions (exts: [ exts.pass-otp ])) + pavucontrol + pciutils + pgcli + playerctl + pulseaudio + pulsemixer + rclone + restic + ripgrep + rsync + rtx + sd + skim + slurp + sops + steam + swaybg + swayidle + swaylock + traceroute + unzip + vlc + vulkan-tools + watchexec + waybar + wget + wireplumber + wine + wl-clipboard + wofi + xh + zathura + zstd + ]; + + services.pcscd.enable = true; + services.gnome.gnome-keyring.enable = true; + programs.gnupg.agent = { + enable = true; + pinentryFlavor = "gnome3"; + enableSSHSupport = true; + }; + + programs.thunar.enable = true; + + services.tailscale = { + enable = true; + }; + + environment.variables = { + EDITOR = "hx"; + }; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + }; + listenAddresses = [ + { addr = "0.0.0.0"; port = 22; } + ]; + }; + + services.postgresql = { + enable = true; + ensureDatabases = [ "daniel" ]; + ensureUsers = [ + { + name = "daniel"; + ensurePermissions = { + "DATABASE daniel" = "ALL PRIVILEGES"; + }; + } + ]; + enableTCPIP = true; + + package = pkgs.postgresql_15; + + authentication = pkgs.lib.mkOverride 10 '' + #type database DBuser auth-method + local all postgres peer map=superuser_map + local all daniel peer map=superuser_map + local sameuser all peer map=superuser_map + + # lan ipv4 + host all all 10.0.0.0/24 trust + host all all 127.0.0.1/32 trust + + # tailnet ipv4 + host all all 100.64.0.0/10 trust + ''; + + identMap = '' + # ArbitraryMapName systemUser DBUser + superuser_map root postgres + superuser_map postgres postgres + superuser_map daniel postgres + # Let other names login as themselves + superuser_map /^(.*)$ \1 + ''; + }; + + # Open ports in the firewall. + networking.firewall.allowedTCPPorts = [ 22 ]; + networking.firewall.allowedUDPPorts = [ ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It's perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? + +} + diff --git a/os/linux/nix/machines/virt.nix b/os/linux/nix/machines/virt.nix deleted file mode 100644 index e69de29..0000000 diff --git a/os/linux/nix/secrets/beefcake/api-lyte-dev.json b/os/linux/nix/secrets/beefcake/api-lyte-dev.json deleted file mode 100644 index 9e349bd..0000000 --- a/os/linux/nix/secrets/beefcake/api-lyte-dev.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "DISCORD_BOT_TOKEN": "ENC[AES256_GCM,data:oRMz8tyyFO/ztTUQTjz+X4VLPJDkpDM8Jn6gCbvZk4FzDHpHI784msX3UPGJFE9ZbvVc5etpXYTMeCQ=,iv:Q0LqiD3+2U48LLb91yrC/hXdXf1jS+Dq7xEtq9qwhAo=,tag:rsNykECJ15SskVOnQxrONg==,type:str]", - "DISCORD_OWNER_USER_ID": "ENC[AES256_GCM,data:ImAA85aKgOwdoLSdXTJ6Fodd,iv:1DjAgq5OU56kee6PMRjsHOVCEcQ7XZ3HAWMv51A+OnY=,tag:KfjwuZuWKGOjD2Zi/V1zMw==,type:str]", - "OPENAI_TOKEN": "ENC[AES256_GCM,data:mM0D+UXD0cu45gfEeLKaJioHcJ8lM5TA1ao+IzYHdGc8L1IBNiKN+/D8rkr6wFwrpBQQ,iv:99UAkefC+PlAU5bJILQExZAoHR48RhMvvMVJbXRyIwE=,tag:NLYoaJcjFRsjGwmwu37qwA==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWdXdGQ1Y4UHMzdnpNQ2tJ\nQzNTNHpCN3JyRVdPTmYwQ0ZSQ1E1czZMVnkwCnc0M2ZXbHVscWJIYXA3ejArMTB3\neXZnYWV3b1Q5VzlrRWFMbUVmb3pLNVEKLS0tIGtXVGYrTnh4dCtvVWdVd21VZWQr\nOEdSZk5CYXJDUHBwbFhIZW1Ob0dQU00K7Vc9lRZAljJ4HjHyQqcj82wIRT4MMkuV\n9105iqIbCLW+3Jc9BQkDgq6lIdZ62xhuHMa0vycvD/DOKJuyUwerAQ==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1k8s590x34ghz7yrjyrgzkd24j252srf0mhfy34halp4frwr065csrlt2ev", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5WWpXeFR6YVZDcXkxcTUz\nbm9KTkF6bVhybDJYR3RuNVlScit2eHAxNmdBCnlPZzB3azA1Nzlhbm84N1czNDZJ\ndjdpdkcvRVgzcTg0UnBOdmo0bnB5eFUKLS0tIFVNZzk3WlEwQTNrVUtFZU5YM2Q3\nRmZDUUw4eHBOZXpwN3B2SDlXZmtPT2sKCgvPtxgRehJmfz4b1qIQLauwh8SddVK3\ndAtU8W5UcNYiDd8de2is2mxzcuNzvD3R0BorrO1SSpulQSdPj6gabw==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2023-07-28T07:39:26Z", - "mac": "ENC[AES256_GCM,data:IfjCRLyAPQpMMGqDLFxkw/McYdWeNwVayvcMhzU6XDnC79LFYhUcAw2927pnHawezS6qI1Aaj5rY8eT93MZ5K3Gk1JW0S/wuitmUGvOT0VaRbVskqd9VFgg/5bcFntfpKUDgwmvs7vfDfdFY0v0S2cAQ5nP9GAkcet4+stCYzOM=,iv:CqMhU52vSdhL9jOnaD3mZ2tmo8c3u4dOvr9qsZY/v0U=,tag:wnmTTnW2iq5dowoTROICcA==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.7.3" - } -} \ No newline at end of file diff --git a/os/linux/nix/secrets/beefcake/secrets.yml b/os/linux/nix/secrets/beefcake/secrets.yml new file mode 100644 index 0000000..618caee --- /dev/null +++ b/os/linux/nix/secrets/beefcake/secrets.yml @@ -0,0 +1,43 @@ +hello: ENC[AES256_GCM,data:zFcid19gJKCNO6uThYyDzQ+KCxsBC/Fjma9AhyddOraK9siZtcpBWyPhnIkq9Q==,iv:1j1sEZcZS5+NUbIRHNE5L41lDMuLGAqWw9QJNOmtxuE=,tag:dDPq3rGesiA7khX/GPMVhQ==,type:str] +example_key: ENC[AES256_GCM,data:EyQzVVXEgm20i62hFA==,iv:Z/gQF3lUcg7Ox66yWgBhi9aJqkN9nwIhcprSbC+fbdI=,tag:enULK/yFVQjNpRk0u4RFAg==,type:str] +#ENC[AES256_GCM,data:S7g4kg1/4oztGaattpyo1Q==,iv:/JYp8w/ONJLIRXfiyhc7us4BZ+eg6UZeMWYHWSYXiGE=,tag:Ec02qXNPU+TsKf55cV/nlA==,type:comment] +example_array: + - ENC[AES256_GCM,data:ava5NqrxDX3u3Tr8vZQ=,iv:Q+c2aZx3buUKNUf8NeMxWsSsXtqk4PLbYM0PzVrgyKs=,tag:kVCv9FMQTkQwvGfH4t3HCg==,type:str] + - ENC[AES256_GCM,data:ZHOtZT1VPqGUmOG2t3g=,iv:NI/xo4/ws3VSR+Bc3D0ClPqqfKyTHTfyvb48xAPEBvs=,tag:2DddoLwa8i5CdVIxbA+HUA==,type:str] +example_number: ENC[AES256_GCM,data:AifVPuuPnEw2lQ==,iv:/L/vG2znNlM35u4ZGM31bweTeuXc0qH136tCVK/xOEs=,tag:h60Zz1zQaDZqEO8+I/vZYg==,type:float] +example_booleans: + - ENC[AES256_GCM,data:GD3U7Q==,iv:ahTK9d6m8lQkjd2sS9Yo6V3EyFWoyEbeQG6Uke4hF40=,tag:rykfnfaLz39V+SJbomu5Zw==,type:bool] + - ENC[AES256_GCM,data:hK/CtTQ=,iv:EFXdBumvMKdaXdd97vUBIMKIaw1rMfUt+/irkRZGc4Y=,tag:JofhZ5SS+jzRe6WJmP34Xg==,type:bool] +plausible-admin-password: ENC[AES256_GCM,data:dC9olypZgMLdPOsmjthOaa/fMLtbGBlF9A==,iv:GU2ccj10TKQ0KW9b9X9AgYnvhS/wMVqYTyxr6Xt50Gk=,tag:ypQ0VtutVD8wgdfm40QZkw==,type:str] +plausible-erlang-cookie: ENC[AES256_GCM,data:zhmC+D6EjIE8Rw91lIrMqY0QIazTX1e1jBzcZJP/76B9VvHWZ5bCkP1+KdfCY0lk3wIEq5vRfb8=,iv:RNNjlV3OFtXn1N0a5fEb/3FWzcHX19wtCLMdaVlKNJ0=,tag:8iU5oFVbzd0eMe5Mo1PiAw==,type:str] +plausible-secret-key-base: ENC[AES256_GCM,data:ylakPGzY4S9640krl0fxYgm0Getf0+I7zthyTqTD/IpVhz5xgYBYx3Y2lSNa9Oi9yQ7+f9OdOBC6nc7n6MuUBg==,iv:YLPax/cRjMdIFti26gJd8COKr+3jXNZ7HCA5VvQVyAo=,tag:LHqYi590oEIp1IihLcFTtw==,type:str] +api.lyte.dev: ENC[AES256_GCM,data:14C5GQ41m/g7qHPzxlYoWjKWDOcm7MEDkuSofiuLfRNc/nji61t1eDbKX3d+SQL1UBchJFoBrWrUxnf0mUERhED1196z8vUq2jKEkcqKCAUS3soECInlb8zcxTcxaTFjYSjp1vUBdAn05AqLsF+hh9Bsm4fMQYjnHEZke9EmPZhuTlUdZa4eLv3+L3xAPHk2QIHQhdsjcTjGAZRMZOgTEcCvtGlb5pQuo11XmR2JzwzOXMC51WFDeOIWMAdO80yQBAdILso7rp1Nts/lwF0Bc9t7bNdHyoVTOA==,iv:jWGqUpXOTb/O972qXOqeX0EMFQLDKwaNHBqlpuGrZOk=,tag:uwB/jlAgESkLZ+vJ/OeV0A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDOHpnQlJkTWlUNXlxNzVY + WkF4ci9hTzg3S0tJM2RZMGlIcC9nNlgrdjEwCjRvaDBpb1ZoOWNtNkE1NDVXQVJY + UGZyZ2FpalQyUlpSU056TFRpUXlBNTgKLS0tIFNCSWdiQ25yNDdsdUtlUGZLS0h1 + N3Z4NWRvcXN2a2xKMjlRM2lPZEhhekEKtolJt3EAZXlqq6UKV43Z2EJW4hkfZMJ8 + 06Se+Eim/PS3H1gjRdZ9SV45ghRmLy2OSMKTJxN78HFcJeDpp5CQnA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1k8s590x34ghz7yrjyrgzkd24j252srf0mhfy34halp4frwr065csrlt2ev + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJTittdVRqRTRWSlBpRnpY + NmlIKzdoOFNxSnNoTFpwRVN3UGdJaHhRMldjCmRrRlo5V1luN0dabFBCWDhZaU9V + c05VeUxMQi9oM3czaDFFUEw3aHp4T1EKLS0tIHFqTVlXTnE5ZkoxRk9ESGo3MzAr + b0lTRjVCMU9ELzdvbFBJZ0tHbGtsYkEKLEcXCEikC3T3hfVOYKtWcNSGmfg28y+f + nGC4dQh9EciEbk1ZBbN3i6YSNULDoMSH172KBmRyt1ogr1ZPyCNqtg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-07-28T21:11:56Z" + mac: ENC[AES256_GCM,data:V/Gdc3LEwlNlfSqUzQFHFmtJQVaQ5wGXZmzoBpwHzhyHQpEkezHBwhq4XTCuXH5XPpjmWvih/dAbOn9EBA6gvPSX1DB0j/JvHvK9b8+BpjlL4xtnYaBql2eQgCWLKqzZMGCnbwONWi+1sjowK1ac4zPnXhEr52EIES31hV8KHKU=,iv:4NzQxve+iKhRcQVxfXbDsQz1sBU+pnm9x/HQnv2TLgc=,tag:zLYKf+tEUsXApNdc1hLjhw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/os/linux/nix/sway/config b/os/linux/nix/sway/config new file mode 100644 index 0000000..abf20ad --- /dev/null +++ b/os/linux/nix/sway/config @@ -0,0 +1,2 @@ +exec dbus-sway-environment +exec configure-gtk diff --git a/os/linux/sway/lock b/os/linux/sway/lock index 1029830..d424e42 100644 --- a/os/linux/sway/lock +++ b/os/linux/sway/lock @@ -19,6 +19,11 @@ line-color=111111cc line-uses-ring ring-color=111111cc -ring-clear-color=f4bf75 +ring-clear-color=f9e2af ring-ver-color=66d9ef -ring-wrong-color=f92672 +ring-wrong-color=f38ba8 + +text-color=ffffff +text-clear-color=ffffff +text-ver-color=ffffff +text-wrong-color=f38ba8