Merge remote-tracking branch 'origin/main'
This commit is contained in:
commit
5289c6de6f
15 changed files with 659 additions and 81 deletions
|
@ -42,13 +42,17 @@ if test -f /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
|
||||||
set --prepend --export --global fish_user_paths $HOME/.nix-profile/bin /nix/var/nix/profiles/default/bin
|
set --prepend --export --global fish_user_paths $HOME/.nix-profile/bin /nix/var/nix/profiles/default/bin
|
||||||
end
|
end
|
||||||
|
|
||||||
if has_command nnn
|
if has_command direnv
|
||||||
source $DOTFILES_PATH/common/nnn/config.fish
|
direnv hook fish | source
|
||||||
end
|
end
|
||||||
|
|
||||||
# everything after this is ONLY relevant to interactive shells
|
# everything after this is ONLY relevant to interactive shells
|
||||||
status --is-interactive || exit
|
status --is-interactive || exit
|
||||||
|
|
||||||
|
if has_command nnn
|
||||||
|
source $DOTFILES_PATH/common/nnn/config.fish
|
||||||
|
end
|
||||||
|
|
||||||
for f in prompt key-bindings
|
for f in prompt key-bindings
|
||||||
source $FISH_PATH/$f.fish
|
source $FISH_PATH/$f.fish
|
||||||
end
|
end
|
||||||
|
|
|
@ -6,6 +6,11 @@ auto-format = true
|
||||||
name = "html"
|
name = "html"
|
||||||
auto-format = false
|
auto-format = false
|
||||||
|
|
||||||
|
[[language]]
|
||||||
|
name = "nix"
|
||||||
|
auto-format = true
|
||||||
|
formatter = { command = "nixpkgs-fmt", args = [] }
|
||||||
|
|
||||||
[[language]]
|
[[language]]
|
||||||
name = "fish"
|
name = "fish"
|
||||||
auto-format = true
|
auto-format = true
|
||||||
|
|
|
@ -2,11 +2,11 @@ keys:
|
||||||
- &daniel age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45 # pass age-key | rg '# pub'
|
- &daniel age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45 # pass age-key | rg '# pub'
|
||||||
- &sshd-at-beefcake age1k8s590x34ghz7yrjyrgzkd24j252srf0mhfy34halp4frwr065csrlt2ev # ssh beefcake "nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'"
|
- &sshd-at-beefcake age1k8s590x34ghz7yrjyrgzkd24j252srf0mhfy34halp4frwr065csrlt2ev # ssh beefcake "nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'"
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
|
- path_regex: secrets/[^/]+\.(ya?ml|json|env|ini)$
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *daniel
|
- *daniel
|
||||||
- path_regex: secrets/beefcake/[^/]+\.(yaml|json|env|ini)$
|
- path_regex: secrets/beefcake/[^/]+\.(ya?ml|json|env|ini)$
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *daniel
|
- *daniel
|
||||||
|
|
75
os/linux/nix/daniel.nix
Normal file
75
os/linux/nix/daniel.nix
Normal file
|
@ -0,0 +1,75 @@
|
||||||
|
{ pkgs, ... }: {
|
||||||
|
home.username = "daniel";
|
||||||
|
home.homeDirectory = "/home/daniel/.home";
|
||||||
|
home.stateVersion = "23.05";
|
||||||
|
|
||||||
|
programs.home-manager.enable = true;
|
||||||
|
|
||||||
|
programs.direnv.enable = true;
|
||||||
|
programs.nix-direnv.enable = true;
|
||||||
|
|
||||||
|
programs.fish.enable = true;
|
||||||
|
|
||||||
|
programs.nix-index = {
|
||||||
|
enable = true;
|
||||||
|
enableFishIntegration = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
home.pointerCursor = {
|
||||||
|
name = "Catppuccin-Mocha-Sapphire-Cursors";
|
||||||
|
package = pkgs.catppuccin-cursors.mochaSapphire;
|
||||||
|
size = 64; # TODO: this doesn't seem to work -- at least in Sway
|
||||||
|
};
|
||||||
|
|
||||||
|
programs.firefox = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
package = (pkgs.firefox.override { extraNativeMessagingHosts = [ pkgs.passff-host ]; });
|
||||||
|
|
||||||
|
# extensions = with pkgs.nur.repos.rycee.firefox-addons; [
|
||||||
|
# ublock-origin
|
||||||
|
# ]; # TODO: would be nice to have _all_ my firefox stuff managed here instead of Firefox Sync maybe?
|
||||||
|
|
||||||
|
profiles = {
|
||||||
|
daniel = {
|
||||||
|
id = 0;
|
||||||
|
settings = {
|
||||||
|
"general.smoothScroll" = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true);
|
||||||
|
// user_pref("full-screen-api.ignore-widgets", true);
|
||||||
|
user_pref("media.ffmpeg.vaapi.enabled", true);
|
||||||
|
user_pref("media.rdd-vpx.enabled", true);
|
||||||
|
'';
|
||||||
|
|
||||||
|
userChrome = ''
|
||||||
|
/* Remove close button*/ .titlebar-buttonbox-container{ display:none }
|
||||||
|
|
||||||
|
#webrtcIndicator {
|
||||||
|
display: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
#main-window[tabsintitlebar="true"]:not([extradragspace="true"]) #TabsToolbar>.toolbar-items {
|
||||||
|
opacity: 0;
|
||||||
|
pointer-events: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
#main-window:not([tabsintitlebar="true"]) #TabsToolbar {
|
||||||
|
visibility: collapse !important;
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
|
||||||
|
# userContent = ''
|
||||||
|
# '';
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# wayland.windowManager.sway = {
|
||||||
|
# enable = true;
|
||||||
|
# }; # TODO: would be nice to have my sway config declared here instead of symlinked in by dotfiles scripts?
|
||||||
|
# maybe we can share somehow so things for nix-y systems and non-nix-y systems alike
|
||||||
|
}
|
|
@ -6,11 +6,11 @@
|
||||||
"nixpkgs": "nixpkgs"
|
"nixpkgs": "nixpkgs"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1690530040,
|
"lastModified": 1690574004,
|
||||||
"narHash": "sha256-xuEvYkll4AB++/aatW3x8eXCsv9Kz7rujfOK3uzxTIQ=",
|
"narHash": "sha256-1bF8WGiYe9AwhVaRN2VcyIPmQsnxRL5BPQC1hAe3K64=",
|
||||||
"ref": "refs/heads/master",
|
"ref": "refs/heads/master",
|
||||||
"rev": "8aab004307252563e0b2c8de55e13bdf9891c892",
|
"rev": "02bf4481bc8d057a7ef4ae01467f8bd574ccb1c1",
|
||||||
"revCount": 63,
|
"revCount": 71,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git"
|
"url": "ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git"
|
||||||
},
|
},
|
||||||
|
@ -19,6 +19,27 @@
|
||||||
"url": "ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git"
|
"url": "ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"disko": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1690739034,
|
||||||
|
"narHash": "sha256-roW02IaiQ3gnEEDMCDWL5YyN+C4nBf/te6vfL7rG0jk=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "disko",
|
||||||
|
"rev": "4015740375676402a2ee6adebc3c30ea625b9a94",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"ref": "master",
|
||||||
|
"repo": "disko",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"flake-utils": {
|
"flake-utils": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"systems": "systems"
|
"systems": "systems"
|
||||||
|
@ -92,11 +113,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1690370995,
|
"lastModified": 1691252436,
|
||||||
"narHash": "sha256-9z//23jGegLJrf3ITStLwVf715O39dq5u48Kr/XW14U=",
|
"narHash": "sha256-SKKPKYOnFcwqECehxoFBMLv29CZXC5qCDuETSuXd82g=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "f3fbbc36b4e179a5985b9ab12624e9dfe7989341",
|
"rev": "9607b9149c9d81fdf3dc4f3bcc278da146ffbd77",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -109,6 +130,7 @@
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"api-lyte-dev": "api-lyte-dev",
|
"api-lyte-dev": "api-lyte-dev",
|
||||||
|
"disko": "disko",
|
||||||
"home-manager": "home-manager",
|
"home-manager": "home-manager",
|
||||||
"nixpkgs": "nixpkgs_2",
|
"nixpkgs": "nixpkgs_2",
|
||||||
"sops-nix": "sops-nix"
|
"sops-nix": "sops-nix"
|
||||||
|
|
|
@ -1,17 +1,14 @@
|
||||||
# Welcome to my nix config! I'm just getting started with flakes, so please
|
# Welcome to my nix config! I'm just getting started with flakes, so please
|
||||||
# forgive the mess.
|
# forgive the mess.
|
||||||
|
|
||||||
# TODO: would be nice to get hardware congigs in here as well
|
|
||||||
|
|
||||||
# TODO: declarative disks with https://github.com/nix-community/disko
|
# TODO: declarative disks with https://github.com/nix-community/disko
|
||||||
# TODO: home-manager?
|
# TODO: home-manager?
|
||||||
|
|
||||||
|
|
||||||
{
|
{
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
|
||||||
|
|
||||||
# TODO: this could be a tarball? fully recompiling this on every change suuuucks
|
# TODO: this could be a release tarball? fully recompiling this on every change suuuucks
|
||||||
api-lyte-dev.url = "git+ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git";
|
api-lyte-dev.url = "git+ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git";
|
||||||
|
|
||||||
home-manager = {
|
home-manager = {
|
||||||
|
@ -21,6 +18,13 @@
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
disko = {
|
||||||
|
url = "github:nix-community/disko/master"; # NOTE: lock update!
|
||||||
|
|
||||||
|
# use the version of nixpkgs we specified above rather than the one HM would ordinarily use
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
|
|
||||||
sops-nix = {
|
sops-nix = {
|
||||||
url = "github:Mic92/sops-nix";
|
url = "github:Mic92/sops-nix";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
@ -45,6 +49,24 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
thinker = inputs.nixpkgs.lib.nixosSystem {
|
||||||
|
system = "x86_64-linux";
|
||||||
|
specialArgs = { inherit inputs; };
|
||||||
|
modules = [
|
||||||
|
inputs.disko.nixosModules.disko
|
||||||
|
./machines/thinker-disks.nix
|
||||||
|
{ _module.args.disks = [ "/dev/nvme0n1" ]; }
|
||||||
|
./machines/thinker.nix
|
||||||
|
inputs.home-manager.nixosModules.home-manager
|
||||||
|
inputs.sops-nix.nixosModules.sops
|
||||||
|
{
|
||||||
|
home-manager.useGlobalPkgs = true;
|
||||||
|
home-manager.useUserPackages = true;
|
||||||
|
home-manager.users.daniel = import ./daniel.nix;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,53 +5,61 @@
|
||||||
{ config, pkgs, ... }: rec {
|
{ config, pkgs, ... }: rec {
|
||||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||||
imports = [
|
imports = [
|
||||||
# <sops-nix/modules/sops>
|
|
||||||
./beefcake-hardware.nix
|
./beefcake-hardware.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
services.api-lyte-dev = {
|
services.api-lyte-dev = rec {
|
||||||
enable = true;
|
enable = true;
|
||||||
port = 5757;
|
port = 5757;
|
||||||
stateDir = "/var/lib/api-lyte-dev";
|
stateDir = "/var/lib/api-lyte-dev";
|
||||||
configFile = sops.secrets.api-lyte-dev.path;
|
configFile = sops.secrets."api.lyte.dev".path;
|
||||||
|
user = "api-lyte-dev";
|
||||||
|
group = user;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.services.api-lyte-dev.environment.LOG_LEVEL = "debug";
|
||||||
|
|
||||||
sops = {
|
sops = {
|
||||||
defaultSopsFile = ../secrets/beefcake/example.yaml;
|
defaultSopsFile = ../secrets/beefcake/secrets.yml;
|
||||||
age = {
|
age = {
|
||||||
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
keyFile = "/var/lib/sops-nix/key.txt";
|
keyFile = "/var/lib/sops-nix/key.txt";
|
||||||
generateKey = true;
|
generateKey = true;
|
||||||
};
|
};
|
||||||
secrets = {
|
secrets = {
|
||||||
api-lyte-dev = {
|
# example-key = {
|
||||||
sopsFile = ../secrets/beefcake/api-lyte-dev.json;
|
# # see these and other options' documentation here:
|
||||||
format = "json";
|
# # https://github.com/Mic92/sops-nix#set-secret-permissionowner-and-allow-services-to-access-it
|
||||||
|
|
||||||
|
# # set permissions:
|
||||||
|
# # mode = "0440";
|
||||||
|
# # owner = config.users.users.nobody.name;
|
||||||
|
# # group = config.users.users.nobody.group;
|
||||||
|
|
||||||
|
# # restart service when a secret changes or is newly initialized
|
||||||
|
# # restartUnits = [ "home-assistant.service" ];
|
||||||
|
|
||||||
|
# # symlink to certain directories
|
||||||
|
# path = "/var/lib/my-example-key/secrets.yaml";
|
||||||
|
|
||||||
|
# # for use as a user password
|
||||||
|
# # neededForUsers = true;
|
||||||
|
# };
|
||||||
|
|
||||||
|
# subdirectory
|
||||||
|
# "myservice/my_subdir/my_secret" = { };
|
||||||
|
|
||||||
|
"api.lyte.dev" = {
|
||||||
path = "${services.api-lyte-dev.stateDir}/secrets.json";
|
path = "${services.api-lyte-dev.stateDir}/secrets.json";
|
||||||
|
# TODO: would be cool to assert that it's correctly-formatted JSON?
|
||||||
mode = "0440";
|
mode = "0440";
|
||||||
owner = services.api-lyte-dev.user;
|
owner = services.api-lyte-dev.user;
|
||||||
group = services.api-lyte-dev.group;
|
group = services.api-lyte-dev.group;
|
||||||
};
|
};
|
||||||
|
|
||||||
example-key = {
|
plausible-admin-password = {};
|
||||||
# see these and other options' documentation here:
|
plausible-erlang-cookie = {};
|
||||||
# https://github.com/Mic92/sops-nix#set-secret-permissionowner-and-allow-services-to-access-it
|
plausible-secret-key-base = {};
|
||||||
|
|
||||||
# set permissions:
|
|
||||||
# mode = "0440";
|
|
||||||
# owner = config.users.users.nobody.name;
|
|
||||||
# group = config.users.users.nobody.group;
|
|
||||||
|
|
||||||
# restart service when a secret changes or is newly initialized
|
|
||||||
# restartUnits = [ "home-assistant.service" ];
|
|
||||||
|
|
||||||
# symlink to certain directories
|
|
||||||
path = "/var/lib/my-example-key/secrets.yaml";
|
|
||||||
|
|
||||||
# for use as a user password
|
|
||||||
# neededForUsers = true;
|
|
||||||
};
|
|
||||||
"myservice/my_subdir/my_secret" = { };
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -312,23 +320,25 @@
|
||||||
services.clickhouse.enable = true;
|
services.clickhouse.enable = true;
|
||||||
|
|
||||||
services.plausible = {
|
services.plausible = {
|
||||||
enable = false; # TODO: enable this and fix access? probably need a proper secrets management system that integrates with nix (sops-nix?)
|
enable = true;
|
||||||
# otherwise we can probably chown these files to a group that plausible has access to for reading
|
releaseCookiePath = config.sops.secrets.plausible-erlang-cookie.path;
|
||||||
releaseCookiePath = "/root/plausible-erlang-cookie";
|
|
||||||
database = {
|
database = {
|
||||||
clickhouse.setup = true;
|
clickhouse.setup = true;
|
||||||
postgres.setup = true;
|
postgres = {
|
||||||
|
setup = false;
|
||||||
|
dbname = "plausible";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
server = {
|
server = {
|
||||||
baseUrl = "http://beefcake.hare-cod.ts.net:8899";
|
baseUrl = "http://beefcake.hare-cod.ts.net:8899";
|
||||||
disableRegistration = true;
|
disableRegistration = true;
|
||||||
port = 8899;
|
port = 8899;
|
||||||
secretKeybaseFile = "/root/plusible-secret-key-base";
|
secretKeybaseFile = config.sops.secrets.plausible-secret-key-base.path;
|
||||||
};
|
};
|
||||||
adminUser = {
|
adminUser = {
|
||||||
activate = true;
|
activate = false;
|
||||||
email = "daniel@lyte.dev";
|
email = "daniel@lyte.dev";
|
||||||
passwordFile = "/root/plausible-admin-password";
|
passwordFile = config.sops.secrets.plausible-admin-password.path;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -357,21 +367,22 @@
|
||||||
authentication = pkgs.lib.mkOverride 10 ''
|
authentication = pkgs.lib.mkOverride 10 ''
|
||||||
#type database DBuser auth-method
|
#type database DBuser auth-method
|
||||||
local all postgres peer map=superuser_map
|
local all postgres peer map=superuser_map
|
||||||
|
local all daniel peer map=superuser_map
|
||||||
local sameuser all peer map=superuser_map
|
local sameuser all peer map=superuser_map
|
||||||
local plausible plausible peer map=superuser_map
|
local plausible plausible peer map=superuser_map
|
||||||
|
|
||||||
# lan ipv4
|
# lan ipv4
|
||||||
host all all 10.0.0.0/24 trust
|
host all all 10.0.0.0/24 trust
|
||||||
|
|
||||||
# tailnet ipv4
|
# tailnet ipv4
|
||||||
host all all 100.64.0.0/10 trust
|
host all all 100.64.0.0/10 trust
|
||||||
'';
|
'';
|
||||||
|
|
||||||
identMap = ''
|
identMap = ''
|
||||||
# ArbitraryMapName systemUser DBUser
|
# ArbitraryMapName systemUser DBUser
|
||||||
superuser_map root postgres
|
superuser_map root postgres
|
||||||
superuser_map postgres postgres
|
superuser_map postgres postgres
|
||||||
superuser_map daniel postgres
|
superuser_map daniel postgres
|
||||||
# Let other names login as themselves
|
# Let other names login as themselves
|
||||||
superuser_map /^(.*)$ \1
|
superuser_map /^(.*)$ \1
|
||||||
'';
|
'';
|
||||||
|
|
60
os/linux/nix/machines/thinker-disks.nix
Normal file
60
os/linux/nix/machines/thinker-disks.nix
Normal file
|
@ -0,0 +1,60 @@
|
||||||
|
{ disks ? [ "/dev/vda" ], ... }: {
|
||||||
|
disko.devices = {
|
||||||
|
disk = {
|
||||||
|
vdb = {
|
||||||
|
type = "disk";
|
||||||
|
device = builtins.elemAt disks 0;
|
||||||
|
content = {
|
||||||
|
type = "gpt";
|
||||||
|
partitions = {
|
||||||
|
ESP = {
|
||||||
|
label = "EFI";
|
||||||
|
name = "ESP";
|
||||||
|
size = "512M";
|
||||||
|
type = "EF00";
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "vfat";
|
||||||
|
mountpoint = "/boot";
|
||||||
|
mountOptions = [
|
||||||
|
"defaults"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
luks = {
|
||||||
|
size = "100%";
|
||||||
|
content = {
|
||||||
|
type = "luks";
|
||||||
|
name = "crypted";
|
||||||
|
extraOpenArgs = [ "--allow-discards" ];
|
||||||
|
# if you want to use the key for interactive login be sure there is no trailing newline
|
||||||
|
# for example use `echo -n "password" > /tmp/secret.key`
|
||||||
|
keyFile = "/tmp/secret.key"; # Interactive
|
||||||
|
# settings.keyFile = "/tmp/password.key";
|
||||||
|
# additionalKeyFiles = ["/tmp/additionalSecret.key"];
|
||||||
|
content = {
|
||||||
|
type = "btrfs";
|
||||||
|
extraArgs = [ "-f" ];
|
||||||
|
subvolumes = {
|
||||||
|
"/root" = {
|
||||||
|
mountpoint = "/";
|
||||||
|
mountOptions = [ "compress=zstd" "noatime" ];
|
||||||
|
};
|
||||||
|
"/home" = {
|
||||||
|
mountpoint = "/home";
|
||||||
|
mountOptions = [ "compress=zstd" "noatime" ];
|
||||||
|
};
|
||||||
|
"/nix" = {
|
||||||
|
mountpoint = "/nix";
|
||||||
|
mountOptions = [ "compress=zstd" "noatime" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
27
os/linux/nix/machines/thinker-hardware.nix
Normal file
27
os/linux/nix/machines/thinker-hardware.nix
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||||
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
}
|
328
os/linux/nix/machines/thinker.nix
Normal file
328
os/linux/nix/machines/thinker.nix
Normal file
|
@ -0,0 +1,328 @@
|
||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
|
# and in the NixOS manual (accessible by running `nixos-help`).
|
||||||
|
|
||||||
|
{ pkgs, nixpkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
dbus-sway-environment = pkgs.writeTextFile {
|
||||||
|
name = "dbus-sway-environment";
|
||||||
|
destination = "/bin/dbus-sway-environment";
|
||||||
|
executable = true;
|
||||||
|
|
||||||
|
text = ''
|
||||||
|
dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway
|
||||||
|
systemctl --user stop wireplumber xdg-desktop-portal xdg-desktop-portal-wlr
|
||||||
|
systemctl --user start wireplumber xdg-desktop-portal xdg-desktop-portal-wlr
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
# TODO: hibernation?
|
||||||
|
|
||||||
|
# TODO: fonts? right now, I'm just installing to ~/.local/share/fonts
|
||||||
|
|
||||||
|
configure-gtk = pkgs.writeTextFile {
|
||||||
|
name = "configure-gtk";
|
||||||
|
destination = "/bin/configure-gtk";
|
||||||
|
executable = true;
|
||||||
|
text =
|
||||||
|
let
|
||||||
|
schema = pkgs.gsettings-desktop-schemas;
|
||||||
|
datadir = "${schema}/share/gsettings-schemas/${schema.name}";
|
||||||
|
in
|
||||||
|
''
|
||||||
|
export XDG_DATA_DIRS="${datadir}:$XDG_DATA_DIRS
|
||||||
|
gnome_schema = org.gnome.desktop.interface
|
||||||
|
gsettings set $gnome_schema gtk-theme 'Catppuccin-Mocha'
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
# Include the results of the hardware scan.
|
||||||
|
./thinker-hardware.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||||
|
|
||||||
|
# Use the systemd-boot EFI boot loader.
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
nixpkgs.config = {
|
||||||
|
allowUnfree = true;
|
||||||
|
packageOverrides = pkgs: {
|
||||||
|
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
hardware.opengl = {
|
||||||
|
enable = true;
|
||||||
|
driSupport32Bit = true;
|
||||||
|
driSupport = true;
|
||||||
|
|
||||||
|
extraPackages = with pkgs; [
|
||||||
|
intel-media-driver # LIBVA_DRIVER_NAME=iHD
|
||||||
|
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
|
||||||
|
vaapiVdpau
|
||||||
|
libvdpau-va-gl
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
xdg.portal = {
|
||||||
|
enable = true;
|
||||||
|
wlr.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
programs.sway = {
|
||||||
|
enable = true;
|
||||||
|
wrapperFeatures.gtk = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.hostName = "thinker"; # Define your hostname.
|
||||||
|
# Pick only one of the below networking options.
|
||||||
|
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||||
|
networking.networkmanager.enable = true;
|
||||||
|
|
||||||
|
security.polkit.enable = true;
|
||||||
|
security.rtkit.enable = true;
|
||||||
|
|
||||||
|
programs.fish.enable = true;
|
||||||
|
users.defaultUserShell = pkgs.fish;
|
||||||
|
|
||||||
|
services.pipewire = {
|
||||||
|
enable = true;
|
||||||
|
wireplumber.enable = true;
|
||||||
|
alsa.enable = true;
|
||||||
|
alsa.support32Bit = true;
|
||||||
|
pulse.enable = true;
|
||||||
|
# pulse.support32Bit = true;
|
||||||
|
jack.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Set your time zone.
|
||||||
|
time.timeZone = "America/Chicago";
|
||||||
|
|
||||||
|
# Configure network proxy if necessary
|
||||||
|
# networking.proxy.default = "http://user:password@proxy:port/";
|
||||||
|
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
||||||
|
|
||||||
|
# Select internationalisation properties.
|
||||||
|
i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
console = {
|
||||||
|
font = "Lat2-Terminus16";
|
||||||
|
useXkbConfig = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Enable the X11 windowing system.
|
||||||
|
# services.xserver.enable = true;
|
||||||
|
|
||||||
|
# Configure keymap in X11
|
||||||
|
services.xserver.layout = "us";
|
||||||
|
services.xserver.xkbOptions = "ctrl:nocaps";
|
||||||
|
|
||||||
|
# Enable CUPS to print documents.
|
||||||
|
# services.printing.enable = true;
|
||||||
|
|
||||||
|
# Enable sound.
|
||||||
|
# sound.enable = true;
|
||||||
|
# hardware.pulseaudio.support32Bit = true;
|
||||||
|
hardware.pulseaudio.support32Bit = true;
|
||||||
|
|
||||||
|
# Enable touchpad support (enabled default in most desktopManager).
|
||||||
|
# services.xserver.libinput.enable = true;
|
||||||
|
|
||||||
|
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||||
|
users.users.daniel = {
|
||||||
|
isNormalUser = true;
|
||||||
|
home = "/home/daniel/.home";
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev"
|
||||||
|
];
|
||||||
|
extraGroups = [ "wheel" "video" ];
|
||||||
|
packages = [ ];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.dbus.enable = true;
|
||||||
|
|
||||||
|
# List packages installed in system profile. To search, run:
|
||||||
|
# $ nix search wget
|
||||||
|
|
||||||
|
# TODO: my font?
|
||||||
|
# TODO: wayland screensharing
|
||||||
|
# TODO: wireplumber?
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
age
|
||||||
|
bat
|
||||||
|
bind
|
||||||
|
bottom
|
||||||
|
brightnessctl
|
||||||
|
broot
|
||||||
|
clang
|
||||||
|
curl
|
||||||
|
delta
|
||||||
|
dog
|
||||||
|
dtach
|
||||||
|
dua
|
||||||
|
exa
|
||||||
|
fd
|
||||||
|
feh
|
||||||
|
file
|
||||||
|
fwupd
|
||||||
|
gcc
|
||||||
|
gimp
|
||||||
|
git
|
||||||
|
git-lfs
|
||||||
|
grim
|
||||||
|
helix
|
||||||
|
hexyl
|
||||||
|
htop
|
||||||
|
inkscape
|
||||||
|
inotify-tools
|
||||||
|
iputils
|
||||||
|
killall
|
||||||
|
kitty
|
||||||
|
krita
|
||||||
|
libinput
|
||||||
|
libinput-gestures
|
||||||
|
libnotify
|
||||||
|
lutris
|
||||||
|
gnumake
|
||||||
|
mako
|
||||||
|
mosh
|
||||||
|
nmap
|
||||||
|
nnn
|
||||||
|
nil
|
||||||
|
nixpkgs-fmt
|
||||||
|
noto-fonts
|
||||||
|
pamixer
|
||||||
|
(pass.withExtensions (exts: [ exts.pass-otp ]))
|
||||||
|
pavucontrol
|
||||||
|
pciutils
|
||||||
|
pgcli
|
||||||
|
playerctl
|
||||||
|
pulseaudio
|
||||||
|
pulsemixer
|
||||||
|
rclone
|
||||||
|
restic
|
||||||
|
ripgrep
|
||||||
|
rsync
|
||||||
|
rtx
|
||||||
|
sd
|
||||||
|
skim
|
||||||
|
slurp
|
||||||
|
sops
|
||||||
|
steam
|
||||||
|
swaybg
|
||||||
|
swayidle
|
||||||
|
swaylock
|
||||||
|
traceroute
|
||||||
|
unzip
|
||||||
|
vlc
|
||||||
|
vulkan-tools
|
||||||
|
watchexec
|
||||||
|
waybar
|
||||||
|
wget
|
||||||
|
wireplumber
|
||||||
|
wine
|
||||||
|
wl-clipboard
|
||||||
|
wofi
|
||||||
|
xh
|
||||||
|
zathura
|
||||||
|
zstd
|
||||||
|
];
|
||||||
|
|
||||||
|
services.pcscd.enable = true;
|
||||||
|
services.gnome.gnome-keyring.enable = true;
|
||||||
|
programs.gnupg.agent = {
|
||||||
|
enable = true;
|
||||||
|
pinentryFlavor = "gnome3";
|
||||||
|
enableSSHSupport = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
programs.thunar.enable = true;
|
||||||
|
|
||||||
|
services.tailscale = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.variables = {
|
||||||
|
EDITOR = "hx";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Some programs need SUID wrappers, can be configured further or are
|
||||||
|
# started in user sessions.
|
||||||
|
# programs.mtr.enable = true;
|
||||||
|
# programs.gnupg.agent = {
|
||||||
|
# enable = true;
|
||||||
|
# enableSSHSupport = true;
|
||||||
|
# };
|
||||||
|
|
||||||
|
# List services that you want to enable:
|
||||||
|
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
PasswordAuthentication = false;
|
||||||
|
};
|
||||||
|
listenAddresses = [
|
||||||
|
{ addr = "0.0.0.0"; port = 22; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.postgresql = {
|
||||||
|
enable = true;
|
||||||
|
ensureDatabases = [ "daniel" ];
|
||||||
|
ensureUsers = [
|
||||||
|
{
|
||||||
|
name = "daniel";
|
||||||
|
ensurePermissions = {
|
||||||
|
"DATABASE daniel" = "ALL PRIVILEGES";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
enableTCPIP = true;
|
||||||
|
|
||||||
|
package = pkgs.postgresql_15;
|
||||||
|
|
||||||
|
authentication = pkgs.lib.mkOverride 10 ''
|
||||||
|
#type database DBuser auth-method
|
||||||
|
local all postgres peer map=superuser_map
|
||||||
|
local all daniel peer map=superuser_map
|
||||||
|
local sameuser all peer map=superuser_map
|
||||||
|
|
||||||
|
# lan ipv4
|
||||||
|
host all all 10.0.0.0/24 trust
|
||||||
|
host all all 127.0.0.1/32 trust
|
||||||
|
|
||||||
|
# tailnet ipv4
|
||||||
|
host all all 100.64.0.0/10 trust
|
||||||
|
'';
|
||||||
|
|
||||||
|
identMap = ''
|
||||||
|
# ArbitraryMapName systemUser DBUser
|
||||||
|
superuser_map root postgres
|
||||||
|
superuser_map postgres postgres
|
||||||
|
superuser_map daniel postgres
|
||||||
|
# Let other names login as themselves
|
||||||
|
superuser_map /^(.*)$ \1
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
# Open ports in the firewall.
|
||||||
|
networking.firewall.allowedTCPPorts = [ 22 ];
|
||||||
|
networking.firewall.allowedUDPPorts = [ ];
|
||||||
|
# Or disable the firewall altogether.
|
||||||
|
# networking.firewall.enable = false;
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It's perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "23.05"; # Did you read the comment?
|
||||||
|
|
||||||
|
}
|
||||||
|
|
|
@ -1,26 +0,0 @@
|
||||||
{
|
|
||||||
"DISCORD_BOT_TOKEN": "ENC[AES256_GCM,data:oRMz8tyyFO/ztTUQTjz+X4VLPJDkpDM8Jn6gCbvZk4FzDHpHI784msX3UPGJFE9ZbvVc5etpXYTMeCQ=,iv:Q0LqiD3+2U48LLb91yrC/hXdXf1jS+Dq7xEtq9qwhAo=,tag:rsNykECJ15SskVOnQxrONg==,type:str]",
|
|
||||||
"DISCORD_OWNER_USER_ID": "ENC[AES256_GCM,data:ImAA85aKgOwdoLSdXTJ6Fodd,iv:1DjAgq5OU56kee6PMRjsHOVCEcQ7XZ3HAWMv51A+OnY=,tag:KfjwuZuWKGOjD2Zi/V1zMw==,type:str]",
|
|
||||||
"OPENAI_TOKEN": "ENC[AES256_GCM,data:mM0D+UXD0cu45gfEeLKaJioHcJ8lM5TA1ao+IzYHdGc8L1IBNiKN+/D8rkr6wFwrpBQQ,iv:99UAkefC+PlAU5bJILQExZAoHR48RhMvvMVJbXRyIwE=,tag:NLYoaJcjFRsjGwmwu37qwA==,type:str]",
|
|
||||||
"sops": {
|
|
||||||
"kms": null,
|
|
||||||
"gcp_kms": null,
|
|
||||||
"azure_kv": null,
|
|
||||||
"hc_vault": null,
|
|
||||||
"age": [
|
|
||||||
{
|
|
||||||
"recipient": "age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45",
|
|
||||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWdXdGQ1Y4UHMzdnpNQ2tJ\nQzNTNHpCN3JyRVdPTmYwQ0ZSQ1E1czZMVnkwCnc0M2ZXbHVscWJIYXA3ejArMTB3\neXZnYWV3b1Q5VzlrRWFMbUVmb3pLNVEKLS0tIGtXVGYrTnh4dCtvVWdVd21VZWQr\nOEdSZk5CYXJDUHBwbFhIZW1Ob0dQU00K7Vc9lRZAljJ4HjHyQqcj82wIRT4MMkuV\n9105iqIbCLW+3Jc9BQkDgq6lIdZ62xhuHMa0vycvD/DOKJuyUwerAQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"recipient": "age1k8s590x34ghz7yrjyrgzkd24j252srf0mhfy34halp4frwr065csrlt2ev",
|
|
||||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5WWpXeFR6YVZDcXkxcTUz\nbm9KTkF6bVhybDJYR3RuNVlScit2eHAxNmdBCnlPZzB3azA1Nzlhbm84N1czNDZJ\ndjdpdkcvRVgzcTg0UnBOdmo0bnB5eFUKLS0tIFVNZzk3WlEwQTNrVUtFZU5YM2Q3\nRmZDUUw4eHBOZXpwN3B2SDlXZmtPT2sKCgvPtxgRehJmfz4b1qIQLauwh8SddVK3\ndAtU8W5UcNYiDd8de2is2mxzcuNzvD3R0BorrO1SSpulQSdPj6gabw==\n-----END AGE ENCRYPTED FILE-----\n"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"lastmodified": "2023-07-28T07:39:26Z",
|
|
||||||
"mac": "ENC[AES256_GCM,data:IfjCRLyAPQpMMGqDLFxkw/McYdWeNwVayvcMhzU6XDnC79LFYhUcAw2927pnHawezS6qI1Aaj5rY8eT93MZ5K3Gk1JW0S/wuitmUGvOT0VaRbVskqd9VFgg/5bcFntfpKUDgwmvs7vfDfdFY0v0S2cAQ5nP9GAkcet4+stCYzOM=,iv:CqMhU52vSdhL9jOnaD3mZ2tmo8c3u4dOvr9qsZY/v0U=,tag:wnmTTnW2iq5dowoTROICcA==,type:str]",
|
|
||||||
"pgp": null,
|
|
||||||
"unencrypted_suffix": "_unencrypted",
|
|
||||||
"version": "3.7.3"
|
|
||||||
}
|
|
||||||
}
|
|
43
os/linux/nix/secrets/beefcake/secrets.yml
Normal file
43
os/linux/nix/secrets/beefcake/secrets.yml
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
hello: ENC[AES256_GCM,data:zFcid19gJKCNO6uThYyDzQ+KCxsBC/Fjma9AhyddOraK9siZtcpBWyPhnIkq9Q==,iv:1j1sEZcZS5+NUbIRHNE5L41lDMuLGAqWw9QJNOmtxuE=,tag:dDPq3rGesiA7khX/GPMVhQ==,type:str]
|
||||||
|
example_key: ENC[AES256_GCM,data:EyQzVVXEgm20i62hFA==,iv:Z/gQF3lUcg7Ox66yWgBhi9aJqkN9nwIhcprSbC+fbdI=,tag:enULK/yFVQjNpRk0u4RFAg==,type:str]
|
||||||
|
#ENC[AES256_GCM,data:S7g4kg1/4oztGaattpyo1Q==,iv:/JYp8w/ONJLIRXfiyhc7us4BZ+eg6UZeMWYHWSYXiGE=,tag:Ec02qXNPU+TsKf55cV/nlA==,type:comment]
|
||||||
|
example_array:
|
||||||
|
- ENC[AES256_GCM,data:ava5NqrxDX3u3Tr8vZQ=,iv:Q+c2aZx3buUKNUf8NeMxWsSsXtqk4PLbYM0PzVrgyKs=,tag:kVCv9FMQTkQwvGfH4t3HCg==,type:str]
|
||||||
|
- ENC[AES256_GCM,data:ZHOtZT1VPqGUmOG2t3g=,iv:NI/xo4/ws3VSR+Bc3D0ClPqqfKyTHTfyvb48xAPEBvs=,tag:2DddoLwa8i5CdVIxbA+HUA==,type:str]
|
||||||
|
example_number: ENC[AES256_GCM,data:AifVPuuPnEw2lQ==,iv:/L/vG2znNlM35u4ZGM31bweTeuXc0qH136tCVK/xOEs=,tag:h60Zz1zQaDZqEO8+I/vZYg==,type:float]
|
||||||
|
example_booleans:
|
||||||
|
- ENC[AES256_GCM,data:GD3U7Q==,iv:ahTK9d6m8lQkjd2sS9Yo6V3EyFWoyEbeQG6Uke4hF40=,tag:rykfnfaLz39V+SJbomu5Zw==,type:bool]
|
||||||
|
- ENC[AES256_GCM,data:hK/CtTQ=,iv:EFXdBumvMKdaXdd97vUBIMKIaw1rMfUt+/irkRZGc4Y=,tag:JofhZ5SS+jzRe6WJmP34Xg==,type:bool]
|
||||||
|
plausible-admin-password: ENC[AES256_GCM,data:dC9olypZgMLdPOsmjthOaa/fMLtbGBlF9A==,iv:GU2ccj10TKQ0KW9b9X9AgYnvhS/wMVqYTyxr6Xt50Gk=,tag:ypQ0VtutVD8wgdfm40QZkw==,type:str]
|
||||||
|
plausible-erlang-cookie: ENC[AES256_GCM,data:zhmC+D6EjIE8Rw91lIrMqY0QIazTX1e1jBzcZJP/76B9VvHWZ5bCkP1+KdfCY0lk3wIEq5vRfb8=,iv:RNNjlV3OFtXn1N0a5fEb/3FWzcHX19wtCLMdaVlKNJ0=,tag:8iU5oFVbzd0eMe5Mo1PiAw==,type:str]
|
||||||
|
plausible-secret-key-base: ENC[AES256_GCM,data:ylakPGzY4S9640krl0fxYgm0Getf0+I7zthyTqTD/IpVhz5xgYBYx3Y2lSNa9Oi9yQ7+f9OdOBC6nc7n6MuUBg==,iv:YLPax/cRjMdIFti26gJd8COKr+3jXNZ7HCA5VvQVyAo=,tag:LHqYi590oEIp1IihLcFTtw==,type:str]
|
||||||
|
api.lyte.dev: ENC[AES256_GCM,data:14C5GQ41m/g7qHPzxlYoWjKWDOcm7MEDkuSofiuLfRNc/nji61t1eDbKX3d+SQL1UBchJFoBrWrUxnf0mUERhED1196z8vUq2jKEkcqKCAUS3soECInlb8zcxTcxaTFjYSjp1vUBdAn05AqLsF+hh9Bsm4fMQYjnHEZke9EmPZhuTlUdZa4eLv3+L3xAPHk2QIHQhdsjcTjGAZRMZOgTEcCvtGlb5pQuo11XmR2JzwzOXMC51WFDeOIWMAdO80yQBAdILso7rp1Nts/lwF0Bc9t7bNdHyoVTOA==,iv:jWGqUpXOTb/O972qXOqeX0EMFQLDKwaNHBqlpuGrZOk=,tag:uwB/jlAgESkLZ+vJ/OeV0A==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDOHpnQlJkTWlUNXlxNzVY
|
||||||
|
WkF4ci9hTzg3S0tJM2RZMGlIcC9nNlgrdjEwCjRvaDBpb1ZoOWNtNkE1NDVXQVJY
|
||||||
|
UGZyZ2FpalQyUlpSU056TFRpUXlBNTgKLS0tIFNCSWdiQ25yNDdsdUtlUGZLS0h1
|
||||||
|
N3Z4NWRvcXN2a2xKMjlRM2lPZEhhekEKtolJt3EAZXlqq6UKV43Z2EJW4hkfZMJ8
|
||||||
|
06Se+Eim/PS3H1gjRdZ9SV45ghRmLy2OSMKTJxN78HFcJeDpp5CQnA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1k8s590x34ghz7yrjyrgzkd24j252srf0mhfy34halp4frwr065csrlt2ev
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJTittdVRqRTRWSlBpRnpY
|
||||||
|
NmlIKzdoOFNxSnNoTFpwRVN3UGdJaHhRMldjCmRrRlo5V1luN0dabFBCWDhZaU9V
|
||||||
|
c05VeUxMQi9oM3czaDFFUEw3aHp4T1EKLS0tIHFqTVlXTnE5ZkoxRk9ESGo3MzAr
|
||||||
|
b0lTRjVCMU9ELzdvbFBJZ0tHbGtsYkEKLEcXCEikC3T3hfVOYKtWcNSGmfg28y+f
|
||||||
|
nGC4dQh9EciEbk1ZBbN3i6YSNULDoMSH172KBmRyt1ogr1ZPyCNqtg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2023-07-28T21:11:56Z"
|
||||||
|
mac: ENC[AES256_GCM,data:V/Gdc3LEwlNlfSqUzQFHFmtJQVaQ5wGXZmzoBpwHzhyHQpEkezHBwhq4XTCuXH5XPpjmWvih/dAbOn9EBA6gvPSX1DB0j/JvHvK9b8+BpjlL4xtnYaBql2eQgCWLKqzZMGCnbwONWi+1sjowK1ac4zPnXhEr52EIES31hV8KHKU=,iv:4NzQxve+iKhRcQVxfXbDsQz1sBU+pnm9x/HQnv2TLgc=,tag:zLYKf+tEUsXApNdc1hLjhw==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.7.3
|
2
os/linux/nix/sway/config
Normal file
2
os/linux/nix/sway/config
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
exec dbus-sway-environment
|
||||||
|
exec configure-gtk
|
|
@ -19,6 +19,11 @@ line-color=111111cc
|
||||||
line-uses-ring
|
line-uses-ring
|
||||||
|
|
||||||
ring-color=111111cc
|
ring-color=111111cc
|
||||||
ring-clear-color=f4bf75
|
ring-clear-color=f9e2af
|
||||||
ring-ver-color=66d9ef
|
ring-ver-color=66d9ef
|
||||||
ring-wrong-color=f92672
|
ring-wrong-color=f38ba8
|
||||||
|
|
||||||
|
text-color=ffffff
|
||||||
|
text-clear-color=ffffff
|
||||||
|
text-ver-color=ffffff
|
||||||
|
text-wrong-color=f38ba8
|
||||||
|
|
Reference in a new issue