From 6e7a859cab3a48e6dfb09c0d863d46624982450a Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Tue, 5 Sep 2023 13:56:21 -0500 Subject: [PATCH] Ref --- host/desktop/sway/config | 6 +- os/linux/nix/.sops.yaml | 13 - os/linux/nix/daniel.nix | 534 ----------------- os/linux/nix/flake.lock | 306 ---------- os/linux/nix/flake.nix | 145 ----- os/linux/nix/machines/beefcake-hardware.nix | 57 -- os/linux/nix/machines/beefcake.nix | 606 -------------------- os/linux/nix/machines/musicbox-disks.nix | 52 -- os/linux/nix/machines/musicbox.nix | 246 -------- os/linux/nix/machines/thinker-disks.nix | 60 -- os/linux/nix/machines/thinker-hardware.nix | 27 - os/linux/nix/machines/thinker.nix | 355 ------------ os/linux/nix/machines/third.nix | 45 -- os/linux/nix/machines/wallwart.nix | 37 -- os/linux/nix/modules/amd-gpu.nix | 3 - os/linux/nix/modules/amd.nix | 5 - os/linux/nix/modules/bash.nix | 3 - os/linux/nix/modules/bluetooth.nix | 3 - os/linux/nix/modules/de/gnome.nix | 27 - os/linux/nix/modules/de/graphics.nix | 21 - os/linux/nix/modules/de/sway.nix | 62 -- os/linux/nix/modules/docker.nix | 7 - os/linux/nix/modules/fish.nix | 11 - os/linux/nix/modules/gdm.nix | 12 - os/linux/nix/modules/intel.nix | 19 - os/linux/nix/modules/lightdm.nix | 25 - os/linux/nix/modules/neovim.nix | 22 - os/linux/nix/modules/network-manager.nix | 4 - os/linux/nix/modules/pulseaudio.nix | 9 - os/linux/nix/modules/ripcord.nix | 0 os/linux/nix/modules/systemd-boot-efi.nix | 8 - os/linux/nix/modules/tmux.nix | 7 - os/linux/nix/modules/users/daniel.nix | 61 -- os/linux/nix/modules/users/valerie.nix | 7 - os/linux/nix/pkgs/config.nix | 1 - os/linux/nix/pkgs/home.nix | 4 - os/linux/nix/profiles/base.nix | 65 --- os/linux/nix/profiles/desktop.nix | 3 - os/linux/nix/profiles/laptop.nix | 3 - os/linux/nix/readme.md | 27 - os/linux/nix/secrets/beefcake/example.yaml | 34 -- os/linux/nix/secrets/beefcake/secrets.yml | 43 -- os/linux/nix/secrets/example.yaml | 25 - os/linux/nix/sway/config | 2 - readme.md | 21 +- 45 files changed, 7 insertions(+), 3026 deletions(-) delete mode 100644 os/linux/nix/.sops.yaml delete mode 100644 os/linux/nix/daniel.nix delete mode 100644 os/linux/nix/flake.lock delete mode 100644 os/linux/nix/flake.nix delete mode 100644 os/linux/nix/machines/beefcake-hardware.nix delete mode 100644 os/linux/nix/machines/beefcake.nix delete mode 100644 os/linux/nix/machines/musicbox-disks.nix delete mode 100644 os/linux/nix/machines/musicbox.nix delete mode 100644 os/linux/nix/machines/thinker-disks.nix delete mode 100644 os/linux/nix/machines/thinker-hardware.nix delete mode 100644 os/linux/nix/machines/thinker.nix delete mode 100644 os/linux/nix/machines/third.nix delete mode 100644 os/linux/nix/machines/wallwart.nix delete mode 100644 os/linux/nix/modules/amd-gpu.nix delete mode 100644 os/linux/nix/modules/amd.nix delete mode 100644 os/linux/nix/modules/bash.nix delete mode 100644 os/linux/nix/modules/bluetooth.nix delete mode 100644 os/linux/nix/modules/de/gnome.nix delete mode 100644 os/linux/nix/modules/de/graphics.nix delete mode 100644 os/linux/nix/modules/de/sway.nix delete mode 100644 os/linux/nix/modules/docker.nix delete mode 100644 os/linux/nix/modules/fish.nix delete mode 100644 os/linux/nix/modules/gdm.nix delete mode 100644 os/linux/nix/modules/intel.nix delete mode 100644 os/linux/nix/modules/lightdm.nix delete mode 100644 os/linux/nix/modules/neovim.nix delete mode 100644 os/linux/nix/modules/network-manager.nix delete mode 100644 os/linux/nix/modules/pulseaudio.nix delete mode 100644 os/linux/nix/modules/ripcord.nix delete mode 100644 os/linux/nix/modules/systemd-boot-efi.nix delete mode 100644 os/linux/nix/modules/tmux.nix delete mode 100644 os/linux/nix/modules/users/daniel.nix delete mode 100644 os/linux/nix/modules/users/valerie.nix delete mode 100644 os/linux/nix/pkgs/config.nix delete mode 100644 os/linux/nix/pkgs/home.nix delete mode 100644 os/linux/nix/profiles/base.nix delete mode 100644 os/linux/nix/profiles/desktop.nix delete mode 100644 os/linux/nix/profiles/laptop.nix delete mode 100644 os/linux/nix/readme.md delete mode 100644 os/linux/nix/secrets/beefcake/example.yaml delete mode 100644 os/linux/nix/secrets/beefcake/secrets.yml delete mode 100644 os/linux/nix/secrets/example.yaml delete mode 100644 os/linux/nix/sway/config diff --git a/host/desktop/sway/config b/host/desktop/sway/config index fa87e8d..a686aa2 100644 --- a/host/desktop/sway/config +++ b/host/desktop/sway/config @@ -3,8 +3,8 @@ default_border pixel 1 gaps inner 0 output "Samsung Electric Company SyncMaster H1AK500000" position 0,0 -output "GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307" mode 3840x2160@120Hz position 0,0 -output "Dell Inc. DELL U2720Q CWTM623" transform 90 scale 1.5 position 3840,0 -output "Dell Inc. DELL U2720Q D3TM623" transform 90 scale 1.5 position -1440,0 +output "GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307" mode 3840x2160@120Hz position 1440,0 +output "Dell Inc. DELL U2720Q CWTM623" transform 90 scale 1.5 position 5280,0 +output "Dell Inc. DELL U2720Q D3TM623" transform 90 scale 1.5 position 0,0 exec firefox diff --git a/os/linux/nix/.sops.yaml b/os/linux/nix/.sops.yaml deleted file mode 100644 index a073525..0000000 --- a/os/linux/nix/.sops.yaml +++ /dev/null @@ -1,13 +0,0 @@ -keys: - - &daniel age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45 # pass age-key | rg '# pub' - - &sshd-at-beefcake age1k8s590x34ghz7yrjyrgzkd24j252srf0mhfy34halp4frwr065csrlt2ev # ssh beefcake "nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'" -creation_rules: - - path_regex: secrets/[^/]+\.(ya?ml|json|env|ini)$ - key_groups: - - age: - - *daniel - - path_regex: secrets/beefcake/[^/]+\.(ya?ml|json|env|ini)$ - key_groups: - - age: - - *daniel - - *sshd-at-beefcake diff --git a/os/linux/nix/daniel.nix b/os/linux/nix/daniel.nix deleted file mode 100644 index 9dc9973..0000000 --- a/os/linux/nix/daniel.nix +++ /dev/null @@ -1,534 +0,0 @@ -{ pkgs, lib, ... }: { - # TODO: email access? - # accounts.email.accounts = { - # google = { - # address = "wraithx2@gmail.com"; - # }; - # }; - - home.username = "daniel"; - home.homeDirectory = lib.mkDefault "/home/daniel/.home"; - home.stateVersion = "23.05"; - - home.packages = [ - - ]; - - programs.password-store = { - enable = true; - package = (pkgs.pass.withExtensions (exts: [ exts.pass-otp ])); - }; - - programs.zellij = { - # TODO: enable after port config - enable = false; - enableFishIntegration = true; - settings = { - # TODO: port config - }; - }; - - programs.broot = { - enable = true; - enableFishIntegration = true; - settings = { - modal = true; - skin = { - input = "rgb(205, 214, 244) none"; - selected_line = "none rgb(88, 91, 112)"; - default = "rgb(205, 214, 244) none"; - tree = "rgb(108, 112, 134) none"; - parent = "rgb(116, 199, 236) none"; - file = "none none"; - - perm__ = "rgb(186, 194, 222) none"; - perm_r = "rgb(250, 179, 135) none"; - perm_w = "rgb(235, 160, 172) none"; - perm_x = "rgb(166, 227, 161) none"; - owner = "rgb(148, 226, 213) none"; - group = "rgb(137, 220, 235) none"; - - dates = "rgb(186, 194, 222) none"; - - directory = "rgb(180, 190, 254) none Bold"; - exe = "rgb(166, 227, 161) none"; - link = "rgb(249, 226, 175) none"; - pruning = "rgb(166, 173, 200) none Italic"; - - preview_title = "rgb(205, 214, 244) rgb(24, 24, 37)"; - preview = "rgb(205, 214, 244) rgb(24, 24, 37)"; - preview_line_number = "rgb(108, 112, 134) none"; - - char_match = "rgb(249, 226, 175) rgb(69, 71, 90) Bold Italic"; - content_match = "rgb(249, 226, 175) rgb(69, 71, 90) Bold Italic"; - preview_match = "rgb(249, 226, 175) rgb(69, 71, 90) Bold Italic"; - - count = "rgb(249, 226, 175) none"; - sparse = "rgb(243, 139, 168) none"; - content_extract = "rgb(243, 139, 168) none Italic"; - - git_branch = "rgb(250, 179, 135) none"; - git_insertions = "rgb(250, 179, 135) none"; - git_deletions = "rgb(250, 179, 135) none"; - git_status_current = "rgb(250, 179, 135) none"; - git_status_modified = "rgb(250, 179, 135) none"; - git_status_new = "rgb(250, 179, 135) none Bold"; - git_status_ignored = "rgb(250, 179, 135) none"; - git_status_conflicted = "rgb(250, 179, 135) none"; - git_status_other = "rgb(250, 179, 135) none"; - staging_area_title = "rgb(250, 179, 135) none"; - - flag_label = "rgb(243, 139, 168) none"; - flag_value = "rgb(243, 139, 168) none Bold"; - - status_normal = "none rgb(24, 24, 37)"; - status_italic = "rgb(243, 139, 168) rgb(24, 24, 37) Italic"; - status_bold = "rgb(235, 160, 172) rgb(24, 24, 37) Bold"; - status_ellipsis = "rgb(235, 160, 172) rgb(24, 24, 37) Bold"; - status_error = "rgb(205, 214, 244) rgb(243, 139, 168)"; - status_job = "rgb(235, 160, 172) rgb(40, 38, 37)"; - status_code = "rgb(235, 160, 172) rgb(24, 24, 37) Italic"; - mode_command_mark = "rgb(235, 160, 172) rgb(24, 24, 37) Bold"; - - help_paragraph = "rgb(205, 214, 244) none"; - help_headers = "rgb(243, 139, 168) none Bold"; - help_bold = "rgb(250, 179, 135) none Bold"; - help_italic = "rgb(249, 226, 175) none Italic"; - help_code = "rgb(166, 227, 161) rgb(49, 50, 68)"; - help_table_border = "rgb(108, 112, 134) none"; - - hex_null = "rgb(205, 214, 244) none"; - hex_ascii_graphic = "rgb(250, 179, 135) none"; - hex_ascii_whitespace = "rgb(166, 227, 161) none"; - hex_ascii_other = "rgb(148, 226, 213) none"; - hex_non_ascii = "rgb(243, 139, 168) none"; - - file_error = "rgb(251, 73, 52) none"; - - purpose_normal = "none none"; - purpose_italic = "rgb(177, 98, 134) none Italic"; - purpose_bold = "rgb(177, 98, 134) none Bold"; - purpose_ellipsis = "none none"; - - scrollbar_track = "rgb(49, 50, 68) none"; - scrollbar_thumb = "rgb(88, 91, 112) none"; - - good_to_bad_0 = "rgb(166, 227, 161) none"; - good_to_bad_1 = "rgb(148, 226, 213) none"; - good_to_bad_2 = "rgb(137, 220, 235) none"; - good_to_bad_3 = "rgb(116, 199, 236) none"; - good_to_bad_4 = "rgb(137, 180, 250) none"; - good_to_bad_5 = "rgb(180, 190, 254) none"; - good_to_bad_6 = "rgb(203, 166, 247) none"; - good_to_bad_7 = "rgb(250, 179, 135) none"; - good_to_bad_8 = "rgb(235, 160, 172) none"; - good_to_bad_9 = "rgb(243, 139, 168) none"; - }; - - verbs = [ - { invocation = "edit"; shortcut = "e"; execution = "$EDITOR +{line} {file}"; } - ]; - }; - }; - - programs.home-manager.enable = true; - - programs.direnv.enable = true; - programs.direnv.nix-direnv.enable = true; - - programs.fish = { - enable = true; - shellInit = '' - # paths - if not set --query NICE_HOME - set --export --universal NICE_HOME $HOME - - # if HOME ends with a dir called .home, assume that NICE_HOME is HOME's parent dir - test (basename $HOME) = .home \ - && set --export --universal NICE_HOME (realpath $HOME/..) - end - - set --export --universal XDG_CONFIG_HOME $HOME/.config - set --export --universal XDG_CACHE_HOME $HOME/.cache - set --export --universal XDG_DATA_HOME $HOME/.local/share - set --export --universal XDG_STATE_HOME $HOME/.local/state - set --export --universal XDG_DESKTOP_DIR $HOME/desktop - set --export --universal XDG_PUBLICSHARE_DIR $HOME/public - set --export --universal XDG_TEMPLATES_DIR $HOME/templates - set --export --universal XDG_DOCUMENTS_DIR $NICE_HOME/doc - set --export --universal XDG_DOWNLOAD_DIR $NICE_HOME/dl - set --export --universal XDG_MUSIC_DIR $NICE_HOME/music - set --export --universal XDG_PICTURES_DIR $NICE_HOME/img - set --export --universal XDG_VIDEOS_DIR $NICE_HOME/video - set --export --universal XDG_GAMES_DIR $NICE_HOME/games - - set --export --universal DOTFILES_PATH $XDG_CONFIG_HOME/lytedev-dotfiles - set --export --universal ENV_PATH $XDG_CONFIG_HOME/lytedev-env - set --export --universal FISH_PATH $XDG_CONFIG_HOME/fish - - set --export --universal NOTES_PATH $NICE_HOME/doc/notes - set --export --universal SCROTS_PATH $NICE_HOME/img/scrots - set --export --universal USER_LOGS_PATH $NICE_HOME/doc/logs - - for s in $ENV_PATH/*/config.d.fish - source $s (dirname $s) - end - - # vars - set --export --universal LS_COLORS 'ow=01;36;40' - set --export --universal EXA_COLORS '*=0' - - set --export --universal ERL_AFLAGS "-kernel shell_history enabled -kernel shell_history_file_bytes 1024000" - - set --export --universal BROWSER firefox - - set --export --universal EDITOR hx - set --export --universal VISUAL hx - - # TODO: helix ($EDITOR) as man/pager - set --export --universal PAGER "less" - set --export --universal MANPAGER "less" - - set --export --universal SOPS_AGE_KEY_FILE "$XDG_CONFIG_HOME/sops/age/keys.txt" - - set --export --universal SKIM_ALT_C_COMMAND "fd --hidden --type directory" - set --export --universal SKIM_CTRL_T_COMMAND "fd --hidden" - - # colors - set -U fish_color_normal normal # default color - set -U fish_color_command white # base command being run (>ls< -la) - set -U fish_color_param white # command's parameters - set -U fish_color_end green # command delimiter/separators (; and &) - set -U fish_color_error red # color of errors - set -U fish_color_escape yellow # color of escape codes (\n, \x2d, etc.) - set -U fish_color_operator blue # expansion operators (~, *) - set -U fish_color_quote yellow - set -U fish_color_redirection blue # redirection operators (|, >, etc.) - set -U fish_color_cancel 333 brblack # sigint at prompt (^C) - set -U fish_color_autosuggestion 666 brblack # as-you-type suggestions - set -U fish_color_match blue # matching parens and the like - set -U fish_color_search_match white\x1e\x2d\x2dbackground\x3d333 # selected pager item - set -U fish_color_selection blue # vi mode visual selection (only fg) - set -U fish_color_valid_path yellow # if an argument is a valid path (only -u?) - set -U fish_color_comment 666 brblack # comments like this one! - - set -U fish_pager_color_completion white # main color for pager - set -U fish_pager_color_description magenta # color for meta description - set -U fish_pager_color_prefix blue # the string being completed - set -U fish_pager_color_progress white\x1e\x2d\x2dbackground\x3d333 # status indicator at the bottom - # set -U fish_pager_color_secondary \x2d\x2dbackground\x3d181818 # alternating rows - - function has_command --wraps=command --description "Exits non-zero if the given command cannot be found" - command --quiet --search $argv[1] - end - ''; - # TODO: rtx? - # TODO: homebrew? - # TODO: asdf? - functions = { - d = '' - # --wraps=cd --description "Quickly jump to NICE_HOME (or given relative or absolute path) and list files." - if count $argv > /dev/null - cd $argv - else - cd $NICE_HOME - end - la - ''; - - c = '' - if count $argv > /dev/null - cd $NICE_HOME && d $argv - else - d $NICE_HOME - end - ''; - - g = '' - if count $argv > /dev/null - git $argv - else - git status - end - ''; - - ltl = '' - set d $argv[1] . - set -l l "" - for f in $d[1]/* - if test -z $l; set l $f; continue; end - if command test $f -nt $l; and test ! -d $f - set l $f - end - end - echo $l - ''; - - has_command = "command --quiet --search $argv[1]"; - }; - interactiveShellInit = '' - # prompt - function get_hostname - if test (uname) = Linux || test (uname) = Darwin - has_command hostname && hostname | cut -d. -f1 || cat /etc/hostname - else - # assume bsd - hostname | head -n 1 | cut -d. -f1 - end - end - - function fish_greeting - _prompt_prefix - printf "%s\n" (date) - end - - function preprocess_pwd - test (pwd) = / && echo "/" && return 1 - test (pwd) = $NICE_HOME && echo "~" && return 0 - pwd \ - | cut -c2- \ - | gawk '{n=split($0,p,"/");for(i=1;i<=n;i++){if(i==n){printf "/%s",p[i]}else{printf "/%.3s",p[i]}}}' - end - - function _maybe_sudo_prefix - if set -q SUDO_USER - set_color -b yellow black - printf " SUDO " - set_color -b normal normal - printf " " - end - end - - function _maybe_aws_profile - if set -q AWS_PROFILE && test $AWS_PROFILE = prd - printf " " - set_color -b yellow black - printf " AWS_PROFILE=prd " - set_color -b normal normal - end - end - - function _user_and_host - if test $argv[1] -eq 0 - set_color -b normal blue - else - set_color -b normal red - end - printf "%s@%s" $USER (get_hostname) - end - - function _cur_work_dir - set_color -b normal magenta - printf " %s" (preprocess_pwd) - end - - function _last_cmd_duration - set_color -b normal green - set -q CMD_DURATION && printf " %dms" $CMD_DURATION - end - - function _maybe_jobs_summary - if jobs -q - set_color -b normal cyan - printf " &%d" (jobs -p | wc -l) - end - end - - function _user_prompt - printf "\n" - set_color brblack - if test (id -u) -eq 0 - printf '# ' - else - printf '$ ' - end - set_color -b normal normal - end - - function _maybe_git_summary - set_color -b normal yellow - set cur_sha (git rev-parse --short HEAD 2>/dev/null) - if test $status = 0 - set num_changes (git status --porcelain | wc -l | string trim) - if test $num_changes = 0 - set num_changes "✔" - else - set num_changes "+$num_changes" - end - printf " %s %s %s" (git branch --show-current) $cur_sha $num_changes - end - end - - function _prompt_marker - printf "%b133;A%b" "\x1b\x5d" "\x1b\x5c" - end - - function _prompt_continuation_marker - printf "%b133;A;k=s%b" "\x1b\x5d" "\x1b\x5c" - end - - function cmd_marker --on-variable _ - printf "%b133;C%b" "\x1b\x5d" "\x1b\x5c" - end - - function _prompt_prefix - set_color -b normal brblack - printf "# " - end - - function fish_prompt - set last_cmd_status $status - _prompt_marker - _prompt_prefix - _maybe_sudo_prefix - _user_and_host $last_cmd_status - _cur_work_dir - _maybe_git_summary - _maybe_aws_profile - _last_cmd_duration - _maybe_jobs_summary - _user_prompt - end - - function fish_mode_prompt; end - function fish_right_prompt; end - - # key bindings - fish_vi_key_bindings - - set --universal fish_cursor_default block - set --universal fish_cursor_insert line - set --universal fish_cursor_block block - fish_vi_cursor - set --universal fish_vi_force_cursor 1 - - bind --mode insert --sets-mode default jk repaint - bind --mode insert --sets-mode default jK repaint - bind --mode insert --sets-mode default Jk repaint - bind --mode insert --sets-mode default JK repaint - bind --mode insert --sets-mode default jj repaint - bind --mode insert --sets-mode default jJ repaint - bind --mode insert --sets-mode default Jj repaint - bind --mode insert --sets-mode default JJ repaint - - bind -M insert \cg skim-cd-widget - - bind -M insert \cp up-or-search - bind -M insert \cn down-or-search - bind -M insert \ce end-of-line - bind -M insert \ca beginning-of-line - - bind -M insert \cv edit_command_buffer - bind -M default \cv edit_command_buffer - ''; - loginShellInit = '' - ''; - shellAbbrs = { }; - shellAliases = { - l = "br"; - ls = "exa --group-directories-first --classify"; - la = "exa -la --group-directories-first --classify"; - lA = "exa -la --all --group-directories-first --classify"; - tree = "exa --tree --level=3"; - lt = "exa -l --sort=modified"; - lat = "exa -la --sort=modified"; - lc = "lt --sort=accessed"; - lT = "lt --reverse"; - lC = "lc --reverse"; - lD = "la --only-dirs"; - "cd.." = "d .."; - "cdd" = "d $DOTFILES_PATH"; - "cde" = "d $XDG_CONFIG_HOME/lytedev-env"; - "cdc" = "d $XDG_CONFIG_HOME"; - "cdn" = "d $NOTES_PATH"; - "cdl" = "d $XDG_DOWNLOAD_DIR"; - "cdg" = "d $XDG_GAMES_DIR"; - ".." = "d .."; - "..." = "d ../.."; - "...." = "d ../../.."; - "....." = "d ../../../.."; - "......" = "d ../../../../.."; - "......." = "d ../../../../../.."; - "........" = "d ../../../../../../.."; - "........." = "d ../../../../../../../.."; - cat = "bat"; - dc = "docker compose"; - k = "kubectl"; - kg = "kubectl get"; - v = "$EDITOR"; - sv = "sudo $EDITOR"; - kssh = "kitty +kitten ssh"; - }; - }; - - programs.exa.enable = true; - - programs.skim = { - enable = true; - enableFishIntegration = true; - }; - - programs.nix-index = { - enable = true; - enableFishIntegration = true; - }; - - home.pointerCursor = { - name = "Catppuccin-Mocha-Sapphire-Cursors"; - package = pkgs.catppuccin-cursors.mochaSapphire; - size = 64; # TODO: this doesn't seem to work -- at least in Sway - }; - - programs.firefox = { - enable = true; - - package = (pkgs.firefox.override { extraNativeMessagingHosts = [ pkgs.passff-host ]; }); - - # extensions = with pkgs.nur.repos.rycee.firefox-addons; [ - # ublock-origin - # ]; # TODO: would be nice to have _all_ my firefox stuff managed here instead of Firefox Sync maybe? - - profiles = { - daniel = { - id = 0; - settings = { - "general.smoothScroll" = true; - }; - - extraConfig = '' - user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); - // user_pref("full-screen-api.ignore-widgets", true); - user_pref("media.ffmpeg.vaapi.enabled", true); - user_pref("media.rdd-vpx.enabled", true); - ''; - - userChrome = '' - /* Remove close button */ - .titlebar-buttonbox-container{ display:none } - - #webrtcIndicator { - display: none; - } - - #main-window[tabsintitlebar="true"]:not([extradragspace="true"]) #TabsToolbar>.toolbar-items { - opacity: 0; - pointer-events: none; - } - - #main-window:not([tabsintitlebar="true"]) #TabsToolbar { - visibility: collapse !important; - } - ''; - - # userContent = '' - # ''; - }; - - }; - }; - - # wayland.windowManager.sway = { - # enable = true; - # }; # TODO: would be nice to have my sway config declared here instead of symlinked in by dotfiles scripts? - # maybe we can share somehow so things for nix-y systems and non-nix-y systems alike -} diff --git a/os/linux/nix/flake.lock b/os/linux/nix/flake.lock deleted file mode 100644 index 0109a7d..0000000 --- a/os/linux/nix/flake.lock +++ /dev/null @@ -1,306 +0,0 @@ -{ - "nodes": { - "api-lyte-dev": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1690574004, - "narHash": "sha256-1bF8WGiYe9AwhVaRN2VcyIPmQsnxRL5BPQC1hAe3K64=", - "ref": "refs/heads/master", - "rev": "02bf4481bc8d057a7ef4ae01467f8bd574ccb1c1", - "revCount": 71, - "type": "git", - "url": "ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git" - }, - "original": { - "type": "git", - "url": "ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git" - } - }, - "crane": { - "inputs": { - "flake-compat": "flake-compat", - "flake-utils": [ - "helix", - "flake-utils" - ], - "nixpkgs": [ - "helix", - "nixpkgs" - ], - "rust-overlay": [ - "helix", - "rust-overlay" - ] - }, - "locked": { - "lastModified": 1688772518, - "narHash": "sha256-ol7gZxwvgLnxNSZwFTDJJ49xVY5teaSvF7lzlo3YQfM=", - "owner": "ipetkov", - "repo": "crane", - "rev": "8b08e96c9af8c6e3a2b69af5a7fa168750fcf88e", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, - "disko": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1692199161, - "narHash": "sha256-GqKApvQ1JCf5DzH/Q+P4nwuHb6MaQGaWTu41lYzveF4=", - "owner": "nix-community", - "repo": "disko", - "rev": "4eed2457b053c4bbad7d90d2b3a1d539c2c9009c", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "master", - "repo": "disko", - "type": "github" - } - }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "helix": { - "inputs": { - "crane": "crane", - "flake-utils": "flake-utils_2", - "nixpkgs": [ - "nixpkgs" - ], - "rust-overlay": "rust-overlay" - }, - "locked": { - "lastModified": 1692817399, - "narHash": "sha256-gbLru0aup6iI0JnDGMQd1jsb8H6IJUNr/Xln3/ouAZc=", - "owner": "helix-editor", - "repo": "helix", - "rev": "c9694f680f97823ac9b893239a78bf45bfee0403", - "type": "github" - }, - "original": { - "owner": "helix-editor", - "repo": "helix", - "type": "github" - } - }, - "home-manager": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1692099905, - "narHash": "sha256-/pSusGhmIdSdAaywQRFA5dVbfdIzlWQTecM+E46+cJ0=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "2a6679aa9cc3872c29ba2a57fe1b71b3e3c5649f", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "release-23.05", - "repo": "home-manager", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1690026219, - "narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "f465da166263bc0d4b39dfd4ca28b777c92d4b73", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1692492726, - "narHash": "sha256-rld5qm2B4oRkDwcPD+yOSyTrZQdfCR6mzJGGkecjvTs=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5e63e8bbc46bc4fc22254da1edaf42fc7549c18a", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "release-23.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1692794066, - "narHash": "sha256-H0aG8r16dj0x/Wz6wQhQxc9V7AsObOiHPaKxQgH6Y08=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "fc944919f743bb22379dddf18dcb72db6cff84aa", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "root": { - "inputs": { - "api-lyte-dev": "api-lyte-dev", - "disko": "disko", - "helix": "helix", - "home-manager": "home-manager", - "nixpkgs": "nixpkgs_2", - "sops-nix": "sops-nix" - } - }, - "rust-overlay": { - "inputs": { - "flake-utils": [ - "helix", - "flake-utils" - ], - "nixpkgs": [ - "helix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1690424156, - "narHash": "sha256-Bpml+L280tHTQpwpC5/BJbU4HSvEzMvW8IZ4gAXimhE=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "f335a0213504c7e6481c359dc1009be9cf34432c", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "sops-nix": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable" - }, - "locked": { - "lastModified": 1692728678, - "narHash": "sha256-02MjG7Sb9k7eOi86CcC4GNWVOjT6gjmXFSqkRjZ8Xyk=", - "owner": "Mic92", - "repo": "sops-nix", - "rev": "1b7b3a32d65dbcd69c217d7735fdf0a6b2184f45", - "type": "github" - }, - "original": { - "owner": "Mic92", - "repo": "sops-nix", - "type": "github" - } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/os/linux/nix/flake.nix b/os/linux/nix/flake.nix deleted file mode 100644 index e67f748..0000000 --- a/os/linux/nix/flake.nix +++ /dev/null @@ -1,145 +0,0 @@ -# Welcome to my nix config! I'm just getting started with flakes, so please -# forgive the mess. - -# TODO: declarative disks with https://github.com/nix-community/disko -# TODO: home-manager? - -{ - inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05"; - - # TODO: this could be a release tarball? fully recompiling this on every change suuuucks - api-lyte-dev.url = "git+ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git"; - - home-manager = { - url = "github:nix-community/home-manager/release-23.05"; - - # use the version of nixpkgs we specified above rather than the one HM would ordinarily use - inputs.nixpkgs.follows = "nixpkgs"; - }; - - disko = { - url = "github:nix-community/disko/master"; # NOTE: lock update! - - # use the version of nixpkgs we specified above rather than the one HM would ordinarily use - inputs.nixpkgs.follows = "nixpkgs"; - }; - - sops-nix = { - url = "github:Mic92/sops-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - helix = { - url = "github:helix-editor/helix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - }; - - outputs = inputs: { - diskoConfigurations = { - encryptedUefiBtrfs = import ./machines/thinker-disks.nix; - normalUefiBtrfs = import ./machines/musicbox-disks.nix; - }; - homeConfigurations = - let - system = "x86_64-linux"; - pkgs = inputs.nixpkgs.legacyPackages.${system}; - in - { - daniel = inputs.home-manager.lib.homeManagerConfiguration { - inherit pkgs; - modules = [ - (import - ./daniel.nix - - pkgs) - ]; - }; - }; - nixosConfigurations = { - beefcake = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = - [ - ./machines/beefcake.nix - inputs.home-manager.nixosModules.home-manager - inputs.sops-nix.nixosModules.sops - inputs.api-lyte-dev.nixosModules.x86_64-linux.api-lyte-dev - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.daniel = import ./daniel.nix; - } - ]; - }; - - musicbox = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = - [ - inputs.disko.nixosModules.disko - ./machines/musicbox-disks.nix - { _module.args.disks = [ "/dev/sda" ]; } - ./machines/musicbox.nix - inputs.home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.daniel = import ./daniel.nix; - } - ]; - }; - - thinker = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.disko.nixosModules.disko - ./machines/thinker-disks.nix - { _module.args.disks = [ "/dev/nvme0n1" ]; } - ./machines/thinker.nix - inputs.home-manager.nixosModules.home-manager - inputs.sops-nix.nixosModules.sops - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.daniel = import ./daniel.nix; - } - ]; - }; - }; - - colmena = { - meta = { - nixpkgs = import inputs.nixpkgs { - system = "x86_64-linux"; - }; - }; - musicbot = inputs.nixpkgs.lib.nixosSystem { - deployment = { - targetHost = "musicbox"; - targetPort = 1234; - targetUser = "nixos"; - }; - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = - [ - inputs.disko.nixosModules.disko - ./machines/musicbox-disks.nix - { _module.args.disks = [ "/dev/sda" ]; } - ./machines/musicbox.nix - inputs.home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.daniel = import ./daniel.nix; - } - ]; - }; - }; - }; -} diff --git a/os/linux/nix/machines/beefcake-hardware.nix b/os/linux/nix/machines/beefcake-hardware.nix deleted file mode 100644 index e31d51c..0000000 --- a/os/linux/nix/machines/beefcake-hardware.nix +++ /dev/null @@ -1,57 +0,0 @@ -# Do not modify this file! It was generated by 'nixos-generate-config' -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "ehci_pci" "megaraid_sas" "usbhid" "uas" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { - device = "/dev/disk/by-uuid/0747dcba-f590-42e6-89c8-6cb2f9114d64"; - fsType = "ext4"; - options = [ - "usrquota" - ]; - }; - - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/7E3C-9018"; - fsType = "vfat"; - }; - - fileSystems."/storage" = - { - device = "/dev/disk/by-uuid/ea8258d7-54d1-430e-93b3-e15d33231063"; - fsType = "btrfs"; - options = [ - "compress=zstd:5" - "space_cache=v2" - ]; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - # networking.interfaces.eno2.useDHCP = lib.mkDefault true; - # networking.interfaces.eno3.useDHCP = lib.mkDefault true; - # networking.interfaces.eno4.useDHCP = lib.mkDefault true; - # networking.interfaces.enp68s0f0.useDHCP = lib.mkDefault true; - # networking.interfaces.enp68s0f1.useDHCP = lib.mkDefault true; - - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/os/linux/nix/machines/beefcake.nix b/os/linux/nix/machines/beefcake.nix deleted file mode 100644 index c9b74b7..0000000 --- a/os/linux/nix/machines/beefcake.nix +++ /dev/null @@ -1,606 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running 'nixos-help'). - -{ config, pkgs, inputs, ... }: rec { - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - imports = [ - ./beefcake-hardware.nix - ]; - - services.api-lyte-dev = rec { - enable = true; - port = 5757; - stateDir = "/var/lib/api-lyte-dev"; - configFile = sops.secrets."api.lyte.dev".path; - user = "api-lyte-dev"; - group = user; - }; - - systemd.services.api-lyte-dev.environment.LOG_LEVEL = "debug"; - - sops = { - defaultSopsFile = ../secrets/beefcake/secrets.yml; - age = { - sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - keyFile = "/var/lib/sops-nix/key.txt"; - generateKey = true; - }; - secrets = { - # example-key = { - # # see these and other options' documentation here: - # # https://github.com/Mic92/sops-nix#set-secret-permissionowner-and-allow-services-to-access-it - - # # set permissions: - # # mode = "0440"; - # # owner = config.users.users.nobody.name; - # # group = config.users.users.nobody.group; - - # # restart service when a secret changes or is newly initialized - # # restartUnits = [ "home-assistant.service" ]; - - # # symlink to certain directories - # path = "/var/lib/my-example-key/secrets.yaml"; - - # # for use as a user password - # # neededForUsers = true; - # }; - - # subdirectory - # "myservice/my_subdir/my_secret" = { }; - - "api.lyte.dev" = { - path = "${services.api-lyte-dev.stateDir}/secrets.json"; - # TODO: would be cool to assert that it's correctly-formatted JSON? - mode = "0440"; - owner = services.api-lyte-dev.user; - group = services.api-lyte-dev.group; - }; - - plausible-admin-password = { }; - plausible-erlang-cookie = { }; - plausible-secret-key-base = { }; - }; - }; - - # TODO: non-root processes and services that access secrets need to be part of - # the 'keys' group - - # systemd.services.some-service = { - # serviceConfig.SupplementaryGroups = [ config.users.groups.keys.name ]; - # }; - # or - # users.users.example-user.extraGroups = [ config.users.groups.keys.name ]; - - # TODO: directory attributes for /storage subdirectories? - # example: user daniel should be able to write to /storage/files.lyte.dev and - # caddy should be able to serve it - - # TODO: declarative directory quotas? for storage/$USER and /home/$USER - - # TODO: would be nice to get ALL the storage stuff declared in here - # should I be using btrfs subvolumes? can I capture file ownership, perimssions, and ACLs? - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - systemd.tmpfiles.rules = [ - "d /var/spool/samba 1777 root root -" - ]; - - networking.hostName = "beefcake"; - - time.timeZone = "America/Chicago"; - - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - - users.groups.daniel.members = [ "daniel" ]; - users.groups.nixadmin.members = [ "daniel" ]; - - users.users.daniel = { - isNormalUser = true; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev" - ]; - group = "daniel"; - extraGroups = [ - "nixadmin" # write access to /etc/nixos/ files - "wheel" # sudo access - "caddy" # write access to /storage/files.lyte.dev - "users" # general users group - "jellyfin" # write access to /storage/jellyfin - ]; - # packages = with pkgs; []; - }; - - users.users.lytedev = { - # for running my services and applications and stuff - isNormalUser = true; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev" - ]; - group = "lytedev"; - extraGroups = [ - ]; - }; - - users.users.ben = { - isNormalUser = true; - packages = with pkgs; [ - vim - ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUfLZ+IX85p9355Po2zP1H2tAxiE0rE6IYb8Sf+eF9T ben@benhany.com" - ]; - }; - - users.users.alan = { - isNormalUser = true; - packages = with pkgs; [ - vim - ]; - openssh.authorizedKeys.keys = [ - "" - ]; - }; - - users.users.restic = { - # used for other machines to backup to - isNormalUser = true; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJbPqzKB09U+i4Kqu136yOjflLZ/J7pYsNulTAd4x903 root@chromebox.h.lyte.dev" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev" - ]; - }; - - users.users.guest = { - isSystemUser = true; - group = "user"; - createHome = true; - }; - - programs.fish.enable = true; - users.defaultUserShell = pkgs.fish; - - environment.variables = { - EDITOR = "hx"; - }; - - # TODO: right now, I use a flake for helix that gets the latest since my config uses newer features - # would be nice to get that declared here - # I think this was done with `nix profile install github:helix-editor/helix --priority 0`? - - # search for packages: `nix search $PACKAGE_NAME` - environment.systemPackages = with pkgs; [ - inputs.helix.packages."x86_64-linux".helix - zellij - mosh - btrfs-progs - iperf3 - pv - linuxquota - traceroute - hexyl - restic - speedtest-cli - fish - restic - nil - nixpkgs-fmt - fd - ripgrep - exa - skim - git - wget - tmux - sqlite - ]; - - services.xserver.layout = "us"; - - # TODO: make the client declarative? right now I think it's manually git - # clone'd to /root - systemd.services.deno-netlify-ddns-client = { - serviceConfig.Type = "oneshot"; - path = with pkgs; [ curl bash ]; - environment = { - NETLIFY_DDNS_RC_FILE = "/root/deno-netlify-ddns-client/.env"; - }; - script = '' - bash /root/deno-netlify-ddns-client/netlify-ddns-client.sh - ''; - }; - systemd.timers.deno-netlify-ddns-client = { - wantedBy = [ "timers.target" ]; - partOf = [ "deno-netlify-ddns-client.service" ]; - timerConfig = { - OnBootSec = "10sec"; - OnUnitActiveSec = "5min"; - Unit = "deno-netlify-ddns-client.service"; - }; - }; - - services.smartd.enable = true; - services.caddy = { - enable = true; - adapter = "caddyfile"; - # acmeCA = "https://acme-staging-v02.api.letsencrypt.org/directory"; - configFile = pkgs.writeText "Caddyfile" '' - video.lyte.dev { - reverse_proxy :8096 - } - - bw.lyte.dev { - reverse_proxy :8222 - } - - api.lyte.dev { - reverse_proxy :5757 - } - - a.lyte.dev { - reverse_proxy :8899 - } - - git.lyte.dev { - reverse_proxy :3088 - } - - files.lyte.dev { - file_server browse { - root /storage/files.lyte.dev - } - } - - # proxy everything else to chromebox - :80 { - reverse_proxy 10.0.0.5:80 - } - - :443 { - reverse_proxy 10.0.0.5:443 - } - ''; - }; - - services.vaultwarden = { - enable = true; - config = { - DOMAIN = "https://bw.lyte.dev"; - SIGNUPS_ALLOWED = "false"; - ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = 8222; - }; - }; - - services.gitea = { - enable = true; - appName = "git.lyte.dev"; - stateDir = "/storage/gitea"; - settings = { - server = { - ROOT_URL = "https://git.lyte.dev"; - HTTP_ADDR = "127.0.0.1"; - HTTP_PORT = 3088; - DOMAIN = "git.lyte.dev"; - }; - service = { - DISABLE_REGISTRATION = true; - }; - session = { - COOKIE_SECURE = true; - }; - log = { - # TODO: raise the log level - LEVEL = "Debug"; - }; - ui = { - THEMES = "catppuccin-mocha-sapphire,gitea,arc-green,auto,pitchblack"; - DEFAULT_THEME = "catppuccin-mocha-sapphire"; - }; - }; - lfs = { - enable = true; - }; - dump = { - enable = true; - }; - database = { - # TODO: move to postgres? - type = "sqlite3"; - }; - }; - - # TODO: ensure we're not doing the same dumb thing we were doing on the old host and eating storage - services.clickhouse.enable = true; - - services.plausible = { - enable = true; - releaseCookiePath = config.sops.secrets.plausible-erlang-cookie.path; - database = { - clickhouse.setup = true; - postgres = { - setup = false; - dbname = "plausible"; - }; - }; - server = { - baseUrl = "http://beefcake.hare-cod.ts.net:8899"; - disableRegistration = true; - port = 8899; - secretKeybaseFile = config.sops.secrets.plausible-secret-key-base.path; - }; - adminUser = { - activate = false; - email = "daniel@lyte.dev"; - passwordFile = config.sops.secrets.plausible-admin-password.path; - }; - }; - - services.postgresql = { - enable = true; - ensureDatabases = [ "daniel" "plausible" ]; - ensureUsers = [ - { - name = "daniel"; - ensurePermissions = { - "DATABASE daniel" = "ALL PRIVILEGES"; - }; - } - { - name = "plausible"; - ensurePermissions = { - "DATABASE plausible" = "ALL PRIVILEGES"; - }; - } - ]; - dataDir = "/storage/postgres"; - enableTCPIP = true; - - package = pkgs.postgresql_15; - - authentication = pkgs.lib.mkOverride 10 '' - #type database DBuser auth-method - local all postgres peer map=superuser_map - local all daniel peer map=superuser_map - local sameuser all peer map=superuser_map - local plausible plausible peer map=superuser_map - - # lan ipv4 - host all all 10.0.0.0/24 trust - - # tailnet ipv4 - host all all 100.64.0.0/10 trust - ''; - - identMap = '' - # ArbitraryMapName systemUser DBUser - superuser_map root postgres - superuser_map postgres postgres - superuser_map daniel postgres - # Let other names login as themselves - superuser_map /^(.*)$ \1 - ''; - }; - - services.postgresqlBackup = { - enable = true; - backupAll = true; - compression = "none"; # hoping for deduplication here? - location = "/storage/postgres-backups"; - startAt = "*-*-* 03:00:00"; - }; - - services.tailscale = { - enable = true; - useRoutingFeatures = "server"; - }; - - services.jellyfin = { - enable = true; - openFirewall = true; - # uses port 8096 by default, configurable from admin UI - }; - - # NOTE: this server's xeon chips DO NOT seem to support quicksync or graphics in general - # but I can probably throw in a crappy GPU (or a big, cheap ebay GPU for ML - # stuff, too?) and get good transcoding performance - - # jellyfin hardware encoding - # hardware.opengl = { - # enable = true; - # extraPackages = with pkgs; [ - # intel-media-driver - # vaapiIntel - # vaapiVdpau - # libvdpau-va-gl - # intel-compute-runtime - # ]; - # }; - # nixpkgs.config.packageOverrides = pkgs: { - # vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; - # }; - - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - }; - listenAddresses = [ - { addr = "0.0.0.0"; port = 64022; } - { addr = "0.0.0.0"; port = 22; } - ]; - }; - - services.samba-wsdd.enable = true; - - services.samba = { - enable = true; - openFirewall = true; - securityType = "user"; - package = pkgs.sambaFull; - - extraConfig = '' - workgroup = WORKGROUP - server string = beefcake - netbios name = beefcake - security = user - #use sendfile = yes - #max protocol = smb2 - # note: localhost is the ipv6 localhost ::1 - hosts allow = 10. 192.168.0. 127.0.0.1 localhost - hosts deny = 0.0.0.0/0 - guest account = nobody - map to guest = bad user - load printers = yes - printing = cups - printcap name = cups - ''; - shares = { - libre = { - path = "/storage/libre"; - browseable = "yes"; - "read only" = "no"; - "guest ok" = "yes"; - "create mask" = "0666"; - "directory mask" = "0777"; - "force user" = "nobody"; - "force group" = "users"; - }; - public = { - path = "/storage/public"; - browseable = "yes"; - "read only" = "no"; - "guest ok" = "yes"; - "create mask" = "0664"; - "directory mask" = "0775"; - "force user" = "nobody"; - "force group" = "users"; - }; - family = { - path = "/storage/family"; - browseable = "yes"; - "read only" = "no"; - "guest ok" = "no"; - "create mask" = "0664"; - "directory mask" = "0775"; - "force user" = "nobody"; - "force group" = "family"; - }; - daniel = { - path = "/storage/daniel"; - browseable = "yes"; - "read only" = "no"; - "guest ok" = "no"; - "create mask" = "0640"; - "directory mask" = "0750"; - "force user" = "daniel"; - "force group" = "users"; - }; - printers = { - comment = "All Printers"; - path = "/var/spool/samba"; - public = "yes"; - browseable = "yes"; - # to allow user 'guest account' to print. - "guest ok" = "yes"; - writable = "no"; - printable = "yes"; - "create mode" = 0700; - }; - }; - }; - - # paths: - # TODO: move previous backups over and put here - # clickhouse and plausible analytics once they're up and running? - - services.restic.backups = rec { - local = { - initialize = true; - passwordFile = "/root/restic-localbackup-password"; - paths = [ - "/storage/files.lyte.dev" - "/storage/daniel" - "/storage/gitea" # TODO: should maybe use configuration.nix's services.gitea.dump ? - "/var/lib/bitwarden_rs" # does this need any sqlite preprocessing? - # https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault - # specifically, https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault#sqlite-database-files - - "/storage/postgres-backups" - ]; - exclude = [ ]; - repository = "/storage/backups/local"; - }; - rascal = { - initialize = true; - extraOptions = [ - "sftp.command='ssh beefcake@rascal -i /root/.ssh/id_ed25519 -s sftp'" - ]; - passwordFile = local.passwordFile; - paths = local.paths; - repository = "sftp://beefcake@rascal://storage/backups/beefcake"; - timerConfig = { - OnCalendar = "04:45"; - }; - }; - # TODO: add ruby? - benland = { - initialize = true; - extraOptions = [ - "sftp.command='ssh daniel@n.benhaney.com -p 10022 -i /root/.ssh/id_ed25519 -s sftp'" - ]; - passwordFile = local.passwordFile; - paths = local.paths; - repository = "sftp://daniel@n.benhaney.com://storage/backups/beefcake"; - timerConfig = { - OnCalendar = "04:45"; - }; - }; - }; - - # TODO: https://nixos.wiki/wiki/Binary_Cache - - networking.firewall.allowedTCPPorts = [ - 80 # http (caddy) - 443 # https (caddy) - # 5357 # ??? - 22 # ssh - 64022 # ssh (for ben?) - ]; - networking.firewall.allowedUDPPorts = [ - # 53 # DNS - # 3702 # ??? - 64020 # mosh (for ben?) - ]; - networking.firewall.allowedUDPPortRanges = [ - { - # mosh - from = 60000; - to = 60010; - } - ]; - - networking.firewall = { - enable = true; - allowPing = true; - }; - - boot.kernel.sysctl."net.ipv4.ip_forward" = 1; - boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1; - - # TODO: should I upgrade this? - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It's perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "22.05"; # Did you read the comment? -} diff --git a/os/linux/nix/machines/musicbox-disks.nix b/os/linux/nix/machines/musicbox-disks.nix deleted file mode 100644 index 885040d..0000000 --- a/os/linux/nix/machines/musicbox-disks.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ disks ? [ "/dev/vda" ], ... }: { - disko.devices = { - disk = { - # TODO: would be nice to give this a good name? - primary = { - type = "disk"; - device = builtins.elemAt disks 0; - content = { - type = "gpt"; - partitions = { - ESP = { - label = "EFI"; - name = "ESP"; - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ - "defaults" - ]; - }; - }; - root = { - size = "100%"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ ]; - }; - "/home" = { - mountpoint = "/home"; - mountOptions = [ "compress=zstd" ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - }; - }; - }; - }; - }; - }; - }; - }; -} - diff --git a/os/linux/nix/machines/musicbox.nix b/os/linux/nix/machines/musicbox.nix deleted file mode 100644 index 41aa151..0000000 --- a/os/linux/nix/machines/musicbox.nix +++ /dev/null @@ -1,246 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running `nixos-help`). - -{ pkgs, inputs, ... }: - -let - # this is unused because it's referenced by my sway config - dbus-sway-environment = pkgs.writeTextFile { - name = "dbus-sway-environment"; - destination = "/bin/dbus-sway-environment"; - executable = true; - - text = '' - dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway - systemctl --user stop wireplumber xdg-desktop-portal xdg-desktop-portal-wlr - systemctl --user start wireplumber xdg-desktop-portal xdg-desktop-portal-wlr - ''; - }; - - # this is unused because it's referenced by my sway config - configure-gtk = pkgs.writeTextFile { - name = "configure-gtk"; - destination = "/bin/configure-gtk"; - executable = true; - text = - let - schema = pkgs.gsettings-desktop-schemas; - datadir = "${schema}/share/gsettings-schemas/${schema.name}"; - in - '' - export XDG_DATA_DIRS="${datadir}:$XDG_DATA_DIRS - gnome_schema = org.gnome.desktop.interface - gsettings set $gnome_schema gtk-theme 'Catppuccin-Mocha' - ''; - }; -in -{ - # TODO: fonts? right now, I'm just installing to ~/.local/share/fonts - - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - - boot.loader.grub.devices = [ "/dev/sda" ]; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - nixpkgs.config = { - allowUnfree = true; - packageOverrides = pkgs: { - vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; - }; - }; - - hardware.bluetooth.enable = true; - hardware.opengl = { - enable = true; - driSupport32Bit = true; - driSupport = true; - - extraPackages = with pkgs; [ - intel-media-driver # LIBVA_DRIVER_NAME=iHD - vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) - vaapiVdpau - libvdpau-va-gl - ]; - }; - - xdg.portal = { - enable = true; - wlr.enable = true; - - extraPortals = with pkgs; [ - xdg-desktop-portal-wlr - xdg-desktop-portal-gtk - ]; - }; - - programs.sway = { - enable = true; - wrapperFeatures.gtk = true; - }; - - networking.hostName = "musicbox"; - networking.networkmanager.enable = true; - - security.polkit.enable = true; - security.rtkit.enable = true; - - programs.fish.enable = true; - users.defaultUserShell = pkgs.fish; - - services.pipewire = { - enable = true; - wireplumber.enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - }; - - time.timeZone = "America/Chicago"; - - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - useXkbConfig = true; - }; - - services.xserver.layout = "us"; - services.xserver.xkbOptions = "ctrl:nocaps"; - - hardware.pulseaudio.support32Bit = true; - - users.users.daniel = { - isNormalUser = true; - home = "/home/daniel/.home"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev" - ]; - extraGroups = [ "wheel" "video" ]; - packages = [ ]; - }; - - services.dbus.enable = true; - - environment.systemPackages = with pkgs; [ - age - bat - bind - bottom - brightnessctl - clang - curl - delta - dog - dtach - dua - exa - fd - feh - file - fwupd - gcc - gimp - git - git-lfs - grim - inputs.helix.packages."x86_64-linux".helix - hexyl - htop - inkscape - inotify-tools - iputils - killall - kitty - krita - libinput - libinput-gestures - libnotify - lutris - gnumake - mako - mosh - nmap - nnn - nil - nixpkgs-fmt - noto-fonts - openssl - pamixer - pavucontrol - pciutils - pgcli - playerctl - podman-compose - pulseaudio - pulsemixer - rclone - restic - ripgrep - rsync - sd - slurp - sops - steam - swaybg - swayidle - swaylock - tmux - traceroute - unzip - vlc - vulkan-tools - watchexec - waybar - wget - wireplumber - wine - wl-clipboard - wofi - xh - zathura - zellij - zstd - ]; - - services.pcscd.enable = true; - services.flatpak.enable = true; - services.gnome.gnome-keyring.enable = true; - programs.gnupg.agent = { - enable = true; - pinentryFlavor = "gnome3"; - enableSSHSupport = true; - }; - - programs.thunar.enable = true; - - services.tailscale = { - enable = true; - useRoutingFeatures = "client"; - }; - - environment.variables = { - EDITOR = "hx"; - }; - - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - }; - listenAddresses = [ - { addr = "0.0.0.0"; port = 22; } - ]; - }; - - networking.firewall = { - enable = true; - allowPing = true; - allowedTCPPorts = [ ]; - allowedUDPPorts = [ ]; - }; - - system.stateVersion = "23.05"; -} - diff --git a/os/linux/nix/machines/thinker-disks.nix b/os/linux/nix/machines/thinker-disks.nix deleted file mode 100644 index b0e7ef8..0000000 --- a/os/linux/nix/machines/thinker-disks.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ disks ? [ "/dev/vda" ], ... }: { - disko.devices = { - disk = { - vdb = { - type = "disk"; - device = builtins.elemAt disks 0; - content = { - type = "gpt"; - partitions = { - ESP = { - label = "EFI"; - name = "ESP"; - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ - "defaults" - ]; - }; - }; - luks = { - size = "100%"; - content = { - type = "luks"; - name = "crypted"; - extraOpenArgs = [ "--allow-discards" ]; - # if you want to use the key for interactive login be sure there is no trailing newline - # for example use `echo -n "password" > /tmp/secret.key` - keyFile = "/tmp/secret.key"; # Interactive - # settings.keyFile = "/tmp/password.key"; - # additionalKeyFiles = ["/tmp/additionalSecret.key"]; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/home" = { - mountpoint = "/home"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - }; - }; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/os/linux/nix/machines/thinker-hardware.nix b/os/linux/nix/machines/thinker-hardware.nix deleted file mode 100644 index 29217e6..0000000 --- a/os/linux/nix/machines/thinker-hardware.nix +++ /dev/null @@ -1,27 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/os/linux/nix/machines/thinker.nix b/os/linux/nix/machines/thinker.nix deleted file mode 100644 index 08d762b..0000000 --- a/os/linux/nix/machines/thinker.nix +++ /dev/null @@ -1,355 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running `nixos-help`). - -{ pkgs, inputs, ... }: - -let - # this is unused because it's referenced by my sway config - dbus-sway-environment = pkgs.writeTextFile { - name = "dbus-sway-environment"; - destination = "/bin/dbus-sway-environment"; - executable = true; - - text = '' - dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway - systemctl --user stop wireplumber xdg-desktop-portal xdg-desktop-portal-wlr - systemctl --user start wireplumber xdg-desktop-portal xdg-desktop-portal-wlr - ''; - }; - - # this is unused because it's referenced by my sway config - configure-gtk = pkgs.writeTextFile { - name = "configure-gtk"; - destination = "/bin/configure-gtk"; - executable = true; - text = - let - schema = pkgs.gsettings-desktop-schemas; - datadir = "${schema}/share/gsettings-schemas/${schema.name}"; - in - '' - export XDG_DATA_DIRS="${datadir}:$XDG_DATA_DIRS - gnome_schema = org.gnome.desktop.interface - gsettings set $gnome_schema gtk-theme 'Catppuccin-Mocha' - ''; - }; -in -{ - imports = - [ - # Include the results of the hardware scan. - ./thinker-hardware.nix - ]; - - # TODO: hibernation? I've been using [deep] in /sys/power/mem_sleep alright - # with this machine so it may not be necessary? - # need to measure percentage lost per day, but I think it's around 10%/day - - # TODO: fonts? right now, I'm just installing to ~/.local/share/fonts - - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - nixpkgs.config = { - allowUnfree = true; - packageOverrides = pkgs: { - vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; - }; - }; - - hardware.bluetooth.enable = true; - hardware.opengl = { - enable = true; - driSupport32Bit = true; - driSupport = true; - - extraPackages = with pkgs; [ - intel-media-driver # LIBVA_DRIVER_NAME=iHD - vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) - vaapiVdpau - libvdpau-va-gl - ]; - }; - - xdg.portal = { - enable = true; - wlr.enable = true; - - extraPortals = with pkgs; [ - xdg-desktop-portal-wlr - xdg-desktop-portal-gtk - ]; - }; - - programs.sway = { - enable = true; - wrapperFeatures.gtk = true; - }; - - networking.hostName = "thinker"; # Define your hostname. - # Pick only one of the below networking options. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - networking.networkmanager.enable = true; - - security.polkit.enable = true; - security.rtkit.enable = true; - - programs.fish.enable = true; - users.defaultUserShell = pkgs.fish; - - services.pipewire = { - enable = true; - wireplumber.enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # pulse.support32Bit = true; - jack.enable = true; - }; - - # Set your time zone. - time.timeZone = "America/Chicago"; - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - useXkbConfig = true; - }; - - # Enable the X11 windowing system. - # services.xserver.enable = true; - - # Configure keymap in X11 - services.xserver.layout = "us"; - services.xserver.xkbOptions = "ctrl:nocaps"; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # Enable sound. - # sound.enable = true; - # hardware.pulseaudio.support32Bit = true; - hardware.pulseaudio.support32Bit = true; - - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.daniel = { - isNormalUser = true; - home = "/home/daniel/.home"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev" - ]; - extraGroups = [ "wheel" "video" ]; - packages = [ ]; - }; - - services.dbus.enable = true; - - # List packages installed in system profile. To search, run: - # $ nix search wget - - environment.systemPackages = with pkgs; [ - age - bat - bind - bottom - brightnessctl - clang - curl - delta - dog - dtach - dua - exa - fd - feh - file - fwupd - gcc - gimp - git - git-lfs - grim - inputs.helix.packages."x86_64-linux".helix - hexyl - htop - inkscape - inotify-tools - iputils - killall - kitty - krita - libinput - libinput-gestures - libnotify - lutris - gnumake - mako - mosh - nmap - nnn - nil - nixpkgs-fmt - noto-fonts - openssl - pamixer - pavucontrol - pciutils - pgcli - playerctl - podman-compose - pulseaudio - pulsemixer - rclone - restic - ripgrep - rsync - sd - slurp - sops - steam - swaybg - swayidle - swaylock - tmux - traceroute - unzip - vlc - vulkan-tools - watchexec - waybar - wget - wireplumber - wine - wl-clipboard - wofi - xh - zathura - zellij - zstd - ]; - - services.pcscd.enable = true; - services.flatpak.enable = true; - services.gnome.gnome-keyring.enable = true; - programs.gnupg.agent = { - enable = true; - pinentryFlavor = "gnome3"; - enableSSHSupport = true; - }; - - programs.thunar.enable = true; - - services.tailscale = { - enable = true; - useRoutingFeatures = "client"; - }; - - environment.variables = { - EDITOR = "hx"; - }; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - }; - listenAddresses = [ - { addr = "0.0.0.0"; port = 22; } - ]; - }; - - services.postgresql = { - enable = true; - ensureDatabases = [ "daniel" ]; - ensureUsers = [ - { - name = "daniel"; - ensurePermissions = { - "DATABASE daniel" = "ALL PRIVILEGES"; - }; - } - ]; - enableTCPIP = true; - - package = pkgs.postgresql_15; - - authentication = pkgs.lib.mkOverride 10 '' - #type database DBuser auth-method - local all postgres peer map=superuser_map - local all daniel peer map=superuser_map - local sameuser all peer map=superuser_map - - # lan ipv4 - host all all 10.0.0.0/24 trust - host all all 127.0.0.1/32 trust - - # tailnet ipv4 - host all all 100.64.0.0/10 trust - ''; - - identMap = '' - # ArbitraryMapName systemUser DBUser - superuser_map root postgres - superuser_map postgres postgres - superuser_map daniel postgres - # Let other names login as themselves - superuser_map /^(.*)$ \1 - ''; - }; - - - virtualisation = { - podman = { - enable = true; - - # Create a `docker` alias for podman, to use it as a drop-in replacement - dockerCompat = true; - - # Required for containers under podman-compose to be able to talk to each other. - defaultNetwork.settings.dns_enabled = true; - }; - - oci-containers = { - backend = "podman"; - }; - }; - - networking.firewall = { - enable = true; - allowPing = true; - allowedTCPPorts = [ ]; - allowedUDPPorts = [ ]; - }; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It's perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.05"; # Did you read the comment? - -} - diff --git a/os/linux/nix/machines/third.nix b/os/linux/nix/machines/third.nix deleted file mode 100644 index 694f575..0000000 --- a/os/linux/nix/machines/third.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ config, pkgs, ... }: { - imports = [ - ../profiles/laptop.nix - ../modules/systemd-boot-efi.nix - ../modules/intel.nix - ../modules/docker.nix - ../modules/network-manager.nix - ../modules/bluetooth.nix - ../modules/pulseaudio.nix - ../modules/de/sway.nix - ../modules/de/gnome.nix - ../modules/users/daniel.nix - ../modules/users/valerie.nix - ]; - - networking = { - hostName = "third.lyte.dev"; - firewall.enable = false; - networkmanager.wifi.powersave = true; - }; - - services.fwupd = { - enable = true; - }; - - console.useXkbConfig = true; - services.xserver.xkbOptions = "ctrl:nocaps"; - # TODO: setup caps-lock as Control/Escape? - # console.font = "TER16x32"; - - swapDevices = [ { device = "/swapfile"; size = (1024*16); } ]; - - boot = { - # fallocate -l 16G /swapfile - resumeDevice = "/dev/disk/by-uuid/d1d92974-c0c0-4566-8131-c3dda9b21122"; - # sudo filefrag -v /swapfile | head -n 4 | tail -n 1 | \ - # tr -s "[:blank:]" | field 5 | tr -d ":" - kernelParams = [ "resume_offset=874496" ]; - }; - - # services.upower = { - # enable = true; - # criticalPowerAction = "Hibernate"; - # }; -} diff --git a/os/linux/nix/machines/wallwart.nix b/os/linux/nix/machines/wallwart.nix deleted file mode 100644 index 1cbad06..0000000 --- a/os/linux/nix/machines/wallwart.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, pkgs, ... }: { - imports = [ - ../profiles/desktop.nix - ../modules/systemd-boot-efi.nix - ../modules/amd.nix - ../modules/amd-gpu.nix - ../modules/docker.nix - ../modules/network-manager.nix - ../modules/bluetooth.nix - ../modules/pulseaudio.nix - ../modules/de/sway.nix - ../modules/users/daniel.nix - ../modules/users/valerie.nix - ]; - - networking = { - hostName = "wallwart.lyte.dev"; - firewall.enable = false; - }; - - environment = { - systemPackages = with pkgs; [ ntfs3g ]; - }; - - fileSystems."/storage/ext".options = [ "defaults" "user" "nofail" ]; - fileSystems."/storage/butter".options = [ "defaults" "auto" "nofail" ]; - fileSystems."/storage/windows" = { - device = "/dev/disk/by-uuid/AE624593624560E7"; - fsType = "ntfs"; - options = [ "defaults" "auto" "nofail" ]; - }; - fileSystems."/storage/shared" = { - device = "/dev/disk/by-uuid/26F6144A6B518523"; - fsType = "ntfs"; - options = [ "defaults" "auto" "nofail" ]; - }; -} diff --git a/os/linux/nix/modules/amd-gpu.nix b/os/linux/nix/modules/amd-gpu.nix deleted file mode 100644 index 3da049e..0000000 --- a/os/linux/nix/modules/amd-gpu.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ config, pkgs, ... }: { - services.xserver.videoDrivers = [ "amdgpu" ]; -} diff --git a/os/linux/nix/modules/amd.nix b/os/linux/nix/modules/amd.nix deleted file mode 100644 index 8e8842b..0000000 --- a/os/linux/nix/modules/amd.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ config, pkgs, ... }: { - hardware = { - cpu.amd.updateMicrocode = true; - }; -} diff --git a/os/linux/nix/modules/bash.nix b/os/linux/nix/modules/bash.nix deleted file mode 100644 index 1ad937e..0000000 --- a/os/linux/nix/modules/bash.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ config, pkgs, ... }: { - environment.systemPackages = [ pkgs.bash ]; -} diff --git a/os/linux/nix/modules/bluetooth.nix b/os/linux/nix/modules/bluetooth.nix deleted file mode 100644 index ef5a122..0000000 --- a/os/linux/nix/modules/bluetooth.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ config, pkgs, ... }: { - hardware.bluetooth.enable = true; -} diff --git a/os/linux/nix/modules/de/gnome.nix b/os/linux/nix/modules/de/gnome.nix deleted file mode 100644 index 02893fd..0000000 --- a/os/linux/nix/modules/de/gnome.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, pkgs, ... }: - -let - unstable = import { config = { allowUnfree = true; }; }; -in { - imports = [ ./graphics.nix ]; - programs = { - }; - services = { - pipewire.enable = true; - xserver = { - desktopManager.gnome3.enable = true; - libinput = { - enable = true; - tapping = true; - naturalScrolling = true; - disableWhileTyping = false; - }; - }; - gnome3 = { - gnome-keyring.enable = true; - sushi.enable = true; - }; - }; - systemd.packages = with pkgs.gnome3; [ gnome-session gnome-shell]; - environment.systemPackages = with pkgs.gnome3; [ adwaita-icon-theme ]; -} diff --git a/os/linux/nix/modules/de/graphics.nix b/os/linux/nix/modules/de/graphics.nix deleted file mode 100644 index 2067b5b..0000000 --- a/os/linux/nix/modules/de/graphics.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, pkgs, ... }: { - imports = [ ../gdm.nix ]; - fonts.fonts = with pkgs; [ iosevka ]; - hardware.opengl = { - enable = true; - driSupport = true; - driSupport32Bit = true; - }; - environment = { - systemPackages = with pkgs; [ - glxinfo - firefox-devedition-bin - pavucontrol - brightnessctl - ]; - }; - qt5 = { - platformTheme = "gtk2"; - style = "gtk2"; - }; -} diff --git a/os/linux/nix/modules/de/sway.nix b/os/linux/nix/modules/de/sway.nix deleted file mode 100644 index d0f7e83..0000000 --- a/os/linux/nix/modules/de/sway.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ config, pkgs, ... }: - -let - unstable = import { config = { allowUnfree = true; }; }; -in { - imports = [ ./graphics.nix ]; - fonts.fonts = with pkgs; [ - noto-fonts-emoji font-awesome - ]; - programs = { - sway = { - enable = true; - extraPackages = with pkgs; [ - unstable.pipewire - swaylock - swayidle - unstable.mako unstable.libnotify - waybar - wl-clipboard - slurp - grim - unstable.font-awesome - unstable.xwayland - unstable.kanshi - unstable.gammastep - ]; - # TODO: this should come from the user's homedir maybe through dotfiles - # somehow? home-manager? - extraSessionCommands = '' - systemctl --user import-environment - export TERMINAL=kitty - export BROWSER=firefox-devedition - export WLC_REPEAT_DELAY=200 - export WLC_REPEAT_RATE=60 - export CLUTTER_BACKEND=wayland - # export SDL_VIDEODRIVER=wayland - export MOZ_ENABLE_WAYLAND=1 - export XDG_SESSION_TYPE=wayland - export XDG_CURRENT_DESKTOP=sway - ''; - }; - }; - services = { - pipewire.enable = true; - xserver = { - libinput = { - enable = true; - tapping = true; - naturalScrolling = true; - disableWhileTyping = false; - }; - }; - }; - xdg.portal = { - enable = true; - gtkUsePortal = true; - extraPortals = with pkgs; [ - xdg-desktop-portal-gtk - unstable.xdg-desktop-portal-wlr - ]; - }; -} diff --git a/os/linux/nix/modules/docker.nix b/os/linux/nix/modules/docker.nix deleted file mode 100644 index cc3ce8c..0000000 --- a/os/linux/nix/modules/docker.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ config, pkgs, ... }: { - virtualisation.docker = { - enable = true; - enableOnBoot = false; - }; - environment.systemPackages = [ pkgs.docker-compose ]; -} diff --git a/os/linux/nix/modules/fish.nix b/os/linux/nix/modules/fish.nix deleted file mode 100644 index 5dc9b4e..0000000 --- a/os/linux/nix/modules/fish.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, pkgs, ... }: - -let - unstable = import { config = { allowUnfree = true; }; }; -in { - programs.fish = { - enable = true; - }; - environment.systemPackages = [ unstable.fish ]; -} - diff --git a/os/linux/nix/modules/gdm.nix b/os/linux/nix/modules/gdm.nix deleted file mode 100644 index f58becf..0000000 --- a/os/linux/nix/modules/gdm.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, pkgs, ... }: { - # services.xserver.displayManager.defaultSession - services.xserver = { - enable = true; - displayManager = { - gdm = { - enable = true; - wayland = true; - }; - }; - }; -} diff --git a/os/linux/nix/modules/intel.nix b/os/linux/nix/modules/intel.nix deleted file mode 100644 index 6cd9e21..0000000 --- a/os/linux/nix/modules/intel.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, pkgs, ... }: { - services.xserver.videoDrivers = [ "intel" ]; - nixpkgs.config = { - allowUnfree = true; - packageOverrides = pkgs: { - vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; - }; - }; - hardware = { - cpu.intel.updateMicrocode = true; - opengl = { - extraPackages = with pkgs; [ - vaapiIntel - vaapiVdpau - libvdpau-va-gl - ]; - }; - }; -} diff --git a/os/linux/nix/modules/lightdm.nix b/os/linux/nix/modules/lightdm.nix deleted file mode 100644 index 1606bf0..0000000 --- a/os/linux/nix/modules/lightdm.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, pkgs, ... }: { - # services.xserver.displayManager.defaultSession - services.xserver = { - enable = true; - displayManager.lightdm = { - enable = true; - greeter = { - enable = true; - }; - greeters.gtk = { - enable = true; - theme = { - package = pkgs.arc-theme; - name = "Arc-Dark"; - }; - clock-format = "%H:%M:%S"; - extraConfig = '' - font-name=IosevkaLyteTerm Nerd Font Complete - ''; - }; - # background = ""; - }; - }; - environment.systemPackages = with pkgs; [ lightdm lightdm_gtk_greeter ]; -} diff --git a/os/linux/nix/modules/neovim.nix b/os/linux/nix/modules/neovim.nix deleted file mode 100644 index d81e4b3..0000000 --- a/os/linux/nix/modules/neovim.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, pkgs, ... }: -let - unstable = import { config = { allowUnfree = true; }; }; - aliases = { vim = "nvim"; vi = "nvim"; }; -in -{ - environment = { - systemPackages = [ unstable.neovim ]; - variables = { - EDITOR = "nvim"; - PAGER = "nvim"; - VISUAL = "nvim"; - # we have to escape these doublequotes so that they work when NixOS - # injects them into the shell - MANPAGER = ''env MANWIDTH=\"\" nvim --cmd \"let g:prosession_on_startup=0\" +Man!''; - MANWIDTH = "80"; - }; - shellAliases = aliases; - }; - programs.bash.shellAliases = aliases; - programs.fish.shellAliases = aliases; -} diff --git a/os/linux/nix/modules/network-manager.nix b/os/linux/nix/modules/network-manager.nix deleted file mode 100644 index 3bf4d09..0000000 --- a/os/linux/nix/modules/network-manager.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ config, pkgs, ... }: { - networking.networkmanager.enable = true; - environment.systemPackages = [ pkgs.networkmanager ]; -} diff --git a/os/linux/nix/modules/pulseaudio.nix b/os/linux/nix/modules/pulseaudio.nix deleted file mode 100644 index f8ad146..0000000 --- a/os/linux/nix/modules/pulseaudio.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, pkgs, ... }: { - hardware.pulseaudio = { - enable = true; - support32Bit = true; - package = pkgs.pulseaudioFull; - }; - nixpkgs.config.pulseaudio = true; - sound.enable = true; -} diff --git a/os/linux/nix/modules/ripcord.nix b/os/linux/nix/modules/ripcord.nix deleted file mode 100644 index e69de29..0000000 diff --git a/os/linux/nix/modules/systemd-boot-efi.nix b/os/linux/nix/modules/systemd-boot-efi.nix deleted file mode 100644 index 813a8af..0000000 --- a/os/linux/nix/modules/systemd-boot-efi.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, pkgs, ... }: { - boot = { - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - }; -} diff --git a/os/linux/nix/modules/tmux.nix b/os/linux/nix/modules/tmux.nix deleted file mode 100644 index 5949874..0000000 --- a/os/linux/nix/modules/tmux.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ config, pkgs, ... }: { - environment.systemPackages = [ pkgs.tmux ]; - programs.tmux = { - enable = true; - }; -} - diff --git a/os/linux/nix/modules/users/daniel.nix b/os/linux/nix/modules/users/daniel.nix deleted file mode 100644 index 5084c30..0000000 --- a/os/linux/nix/modules/users/daniel.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ config, pkgs, ... }: -let - unstable = import { config = { allowUnfree = true; }; }; -in { - fonts.fonts = with pkgs; [ - # helvetica # needed by zoom - ]; - users.users.daniel = { - isNormalUser = true; - extraGroups = [ "wheel" "docker" ]; - shell = pkgs.fish; - home = "/home/daniel/.home"; - packages = with pkgs; [ - fortune # fun sayings - steam # games - pulsemixer # audio - file # identify file types - kitty # terminal emulator - unstable.fzf # fuzzy finder - dmenu # TODO: currently only using this for dmenu_path in `bin/launch` - ranger # tui for file management - pass # the standard unix password manager - vulkan-tools # vkcube for making sure vulkan still works - rustup - clang - pavucontrol # gui pulseaudio manager - pamixer # tui pulseaudio manager - strongswan # work vpn - gnumake - elixir - postgresql # database - htop # almost as good as bottom (btm) - unzip # needed by a handful of other utilities - autoconf automake # autotools - weechat # irc - python39Full # python 3.9 - jq # awk for json - xfce.thunar xfce.thunar-archive-plugin xfce.thunar-volman # gui file manager - mpd # music player daemon - ncmpcpp # ncurses music player client - vlc # video player - google-chrome # sometimes ya gotta screenshare - - # TODO: work module? - google-cloud-sdk # gcloud - kubectl # kubernetes cli - awscli # aws cli - zoom-us # video conferencing - lastpass-cli - - # TODO: move this one to just laptop? - brightnessctl # laptop screen brightness - - # nix utils - nox # package querying and installation? - # yay is to pacman, nox is to nix-env - niv # dependency pinning? - lorri # project envrc - like asdf-vm? - ]; - }; -} diff --git a/os/linux/nix/modules/users/valerie.nix b/os/linux/nix/modules/users/valerie.nix deleted file mode 100644 index c3eff59..0000000 --- a/os/linux/nix/modules/users/valerie.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ config, pkgs, ... }: { - users.users.valerie = { - isNormalUser = true; - shell = pkgs.fish; - home = "/home/valerie"; - }; -} diff --git a/os/linux/nix/pkgs/config.nix b/os/linux/nix/pkgs/config.nix deleted file mode 100644 index 69baf10..0000000 --- a/os/linux/nix/pkgs/config.nix +++ /dev/null @@ -1 +0,0 @@ -{ allowUnfree = true; } diff --git a/os/linux/nix/pkgs/home.nix b/os/linux/nix/pkgs/home.nix deleted file mode 100644 index abad047..0000000 --- a/os/linux/nix/pkgs/home.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ config, pkgs, ... }: { - programs.home-manager.enable = true; - home.stateVersion = "20.03"; -} diff --git a/os/linux/nix/profiles/base.nix b/os/linux/nix/profiles/base.nix deleted file mode 100644 index 6d3dfd8..0000000 --- a/os/linux/nix/profiles/base.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ config, pkgs, ... }: { - imports = [ - ../modules/fish.nix - ../modules/bash.nix - ../modules/tmux.nix - ../modules/neovim.nix - ]; - - nixpkgs.config.allowUnfree = true; - - i18n.defaultLocale = "en_US.UTF-8"; - time.timeZone = "America/Chicago"; - - environment = { - systemPackages = with pkgs; [ - less - wget curl - rsync - w3m - git - pciutils usbutils binutils - ripgrep sd fd - unzip - killall - ]; - }; - - programs = { - gnupg.agent = { - enable = true; - enableSSHSupport = true; - pinentryFlavor = "curses"; - }; - }; - - services = { - openssh = { - enable = true; - passwordAuthentication = false; - permitRootLogin = "no"; - }; - }; - - console = { - earlySetup = true; - colors = [ - "111111" - "f92672" - "a6e22e" - "f4bf75" - "66d9ef" - "ae81ff" - "a1efe4" - "f8f8f2" - "75715e" - "f92672" - "a6e22e" - "f4bf75" - "66d9ef" - "ae81ff" - "a1efe4" - "f9f8f5" - ]; - }; -} diff --git a/os/linux/nix/profiles/desktop.nix b/os/linux/nix/profiles/desktop.nix deleted file mode 100644 index 64d8d9d..0000000 --- a/os/linux/nix/profiles/desktop.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ config, pkgs, ... }: { - imports = [ ./base.nix ]; -} diff --git a/os/linux/nix/profiles/laptop.nix b/os/linux/nix/profiles/laptop.nix deleted file mode 100644 index 64d8d9d..0000000 --- a/os/linux/nix/profiles/laptop.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ config, pkgs, ... }: { - imports = [ ./base.nix ]; -} diff --git a/os/linux/nix/readme.md b/os/linux/nix/readme.md deleted file mode 100644 index 16b3280..0000000 --- a/os/linux/nix/readme.md +++ /dev/null @@ -1,27 +0,0 @@ -# zomg nixos - -```bash -$ ssh -t beefcake 'cdd && pwd && g pl && cd os/linux/nix && sudo nixos-rebuild switch --flake .# && echo DONE' -``` - -Or for pushing: - -```bash -# do once to setup -$ ssh -t beefcake 'cdd && git config receive.denyCurrentBranch updateInstead' - -# probably regenerate and commit flake.lock from this directory -nix flake lock - -# push and rebuild+switch -$ git push beefcake:~/.config/lytedev-dotfiles -$ ssh -t beefcake 'cd ~/.config/lytedev-dotfiles/os/linux/nix && sudo nixos-rebuild switch --flake .# && echo DONE' -``` - -# Ops stuff - -- **TODO**: Look into https://github.com/zhaofengli/colmena - -# Other To Dos - -- **TODO**: check stuff during receive with a hook? diff --git a/os/linux/nix/secrets/beefcake/example.yaml b/os/linux/nix/secrets/beefcake/example.yaml deleted file mode 100644 index 0f88b45..0000000 --- a/os/linux/nix/secrets/beefcake/example.yaml +++ /dev/null @@ -1,34 +0,0 @@ -example-key: ENC[AES256_GCM,data:LSGltrcgYatbjSQ2Zg==,iv:Yelgg+MOwAM6/TehmWicEy+lOZZWy+jxlC64MgzPs7s=,tag:zP67Db+Sah+nxi/DGpF9Ww==,type:str] -#ENC[AES256_GCM,data:TsYwHzmr1nE3uSS5Z2x+uQ==,iv:uo+VnHC4Zu87XUDUrxy9oaMZp1sbneSFD8ZpaMZ2cI8=,tag:ef8pAgMh2OxhjUYiAfLbwg==,type:comment] -myservice: - my_subdir: - my_secret: ENC[AES256_GCM,data:50qa/rMmv3lRZ4iiZG0Qs8jW1xfCIZvQq6C8O2dSMA==,iv:WUG//kJVKDJxvm6A4TcCNw46/UmXXvSrqXLJUiyuN7M=,tag:4sxiV9/T0r/IrGT0n/2u/w==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxdHRHclo3amJpU2ptbSts - ZGU4cit6TmZsWWNaUjdyZ1I1eXE4U3FtOEd3CmNGbnpiSlNON0tNTm83K2tuK0xS - eTFONThab1hIdG1jbkJVYTY1b2VsU0kKLS0tIEw3c2JvZ3RJR2RSZWRqa0lqc0VX - VlZHbFVMMjlucVNzeGNNQmNnbmNmTWcK524R2Ca+hX/80dr9ZDyoY10FnykHHpCv - GJyqsdDxCIqat52KPYUgLFggj8yubjBBeB9pAfgwHL2nG0wIVj/Dqg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1k8s590x34ghz7yrjyrgzkd24j252srf0mhfy34halp4frwr065csrlt2ev - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMSHRQd3g2WUtmRGlPQTlj - NkwxeXdRVHN0eC9XbTlGY0x6M2kyMXg1UkZ3Cm5EdXFiMHQyLzNtUjNPRk04UGQx - WkllcktrSUl4N3EwUmpzUDA0c2hSM00KLS0tIFZPS2l5UE9WN25Dczh0dlZneGcz - eWdYc2ZmZWdybHprQTZEc1BLY3ZodTgKPc9oMfrj3hLL0TwMGlhKS5t2nkZAmn8J - 2FwSNj8iX9c7Pg7fDnc3QnagVKzZDSW7DlrNliaFf+ZVp78Ibk//xw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-27T18:44:05Z" - mac: ENC[AES256_GCM,data:ZbXvJdb+phJyZD/9HG/yT2bct4/zVPEK6RbFDlf2FnxesIIyFJmSDVUi1AXD91s1q7APIh+nekPJ2+26v9GtA3AO9NXeLKbE7ctrdVq0s3G3/vXsi0SUqt8RnZlLo1lXVNDLSMICfRKRSXVDDC/HTqLOvYe8zXUP4Irt5bTvJI0=,iv:dlZWeasCRMHKKoJ5nsAtYVtTi3Z4iP4LFf6LKDgYyW0=,tag:MIhjux10iPYB9ltJYWp36w==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/os/linux/nix/secrets/beefcake/secrets.yml b/os/linux/nix/secrets/beefcake/secrets.yml deleted file mode 100644 index 618caee..0000000 --- a/os/linux/nix/secrets/beefcake/secrets.yml +++ /dev/null @@ -1,43 +0,0 @@ -hello: ENC[AES256_GCM,data:zFcid19gJKCNO6uThYyDzQ+KCxsBC/Fjma9AhyddOraK9siZtcpBWyPhnIkq9Q==,iv:1j1sEZcZS5+NUbIRHNE5L41lDMuLGAqWw9QJNOmtxuE=,tag:dDPq3rGesiA7khX/GPMVhQ==,type:str] -example_key: ENC[AES256_GCM,data:EyQzVVXEgm20i62hFA==,iv:Z/gQF3lUcg7Ox66yWgBhi9aJqkN9nwIhcprSbC+fbdI=,tag:enULK/yFVQjNpRk0u4RFAg==,type:str] -#ENC[AES256_GCM,data:S7g4kg1/4oztGaattpyo1Q==,iv:/JYp8w/ONJLIRXfiyhc7us4BZ+eg6UZeMWYHWSYXiGE=,tag:Ec02qXNPU+TsKf55cV/nlA==,type:comment] -example_array: - - ENC[AES256_GCM,data:ava5NqrxDX3u3Tr8vZQ=,iv:Q+c2aZx3buUKNUf8NeMxWsSsXtqk4PLbYM0PzVrgyKs=,tag:kVCv9FMQTkQwvGfH4t3HCg==,type:str] - - ENC[AES256_GCM,data:ZHOtZT1VPqGUmOG2t3g=,iv:NI/xo4/ws3VSR+Bc3D0ClPqqfKyTHTfyvb48xAPEBvs=,tag:2DddoLwa8i5CdVIxbA+HUA==,type:str] -example_number: ENC[AES256_GCM,data:AifVPuuPnEw2lQ==,iv:/L/vG2znNlM35u4ZGM31bweTeuXc0qH136tCVK/xOEs=,tag:h60Zz1zQaDZqEO8+I/vZYg==,type:float] -example_booleans: - - ENC[AES256_GCM,data:GD3U7Q==,iv:ahTK9d6m8lQkjd2sS9Yo6V3EyFWoyEbeQG6Uke4hF40=,tag:rykfnfaLz39V+SJbomu5Zw==,type:bool] - - ENC[AES256_GCM,data:hK/CtTQ=,iv:EFXdBumvMKdaXdd97vUBIMKIaw1rMfUt+/irkRZGc4Y=,tag:JofhZ5SS+jzRe6WJmP34Xg==,type:bool] -plausible-admin-password: ENC[AES256_GCM,data:dC9olypZgMLdPOsmjthOaa/fMLtbGBlF9A==,iv:GU2ccj10TKQ0KW9b9X9AgYnvhS/wMVqYTyxr6Xt50Gk=,tag:ypQ0VtutVD8wgdfm40QZkw==,type:str] -plausible-erlang-cookie: ENC[AES256_GCM,data:zhmC+D6EjIE8Rw91lIrMqY0QIazTX1e1jBzcZJP/76B9VvHWZ5bCkP1+KdfCY0lk3wIEq5vRfb8=,iv:RNNjlV3OFtXn1N0a5fEb/3FWzcHX19wtCLMdaVlKNJ0=,tag:8iU5oFVbzd0eMe5Mo1PiAw==,type:str] -plausible-secret-key-base: ENC[AES256_GCM,data:ylakPGzY4S9640krl0fxYgm0Getf0+I7zthyTqTD/IpVhz5xgYBYx3Y2lSNa9Oi9yQ7+f9OdOBC6nc7n6MuUBg==,iv:YLPax/cRjMdIFti26gJd8COKr+3jXNZ7HCA5VvQVyAo=,tag:LHqYi590oEIp1IihLcFTtw==,type:str] -api.lyte.dev: ENC[AES256_GCM,data:14C5GQ41m/g7qHPzxlYoWjKWDOcm7MEDkuSofiuLfRNc/nji61t1eDbKX3d+SQL1UBchJFoBrWrUxnf0mUERhED1196z8vUq2jKEkcqKCAUS3soECInlb8zcxTcxaTFjYSjp1vUBdAn05AqLsF+hh9Bsm4fMQYjnHEZke9EmPZhuTlUdZa4eLv3+L3xAPHk2QIHQhdsjcTjGAZRMZOgTEcCvtGlb5pQuo11XmR2JzwzOXMC51WFDeOIWMAdO80yQBAdILso7rp1Nts/lwF0Bc9t7bNdHyoVTOA==,iv:jWGqUpXOTb/O972qXOqeX0EMFQLDKwaNHBqlpuGrZOk=,tag:uwB/jlAgESkLZ+vJ/OeV0A==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDOHpnQlJkTWlUNXlxNzVY - WkF4ci9hTzg3S0tJM2RZMGlIcC9nNlgrdjEwCjRvaDBpb1ZoOWNtNkE1NDVXQVJY - UGZyZ2FpalQyUlpSU056TFRpUXlBNTgKLS0tIFNCSWdiQ25yNDdsdUtlUGZLS0h1 - N3Z4NWRvcXN2a2xKMjlRM2lPZEhhekEKtolJt3EAZXlqq6UKV43Z2EJW4hkfZMJ8 - 06Se+Eim/PS3H1gjRdZ9SV45ghRmLy2OSMKTJxN78HFcJeDpp5CQnA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1k8s590x34ghz7yrjyrgzkd24j252srf0mhfy34halp4frwr065csrlt2ev - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJTittdVRqRTRWSlBpRnpY - NmlIKzdoOFNxSnNoTFpwRVN3UGdJaHhRMldjCmRrRlo5V1luN0dabFBCWDhZaU9V - c05VeUxMQi9oM3czaDFFUEw3aHp4T1EKLS0tIHFqTVlXTnE5ZkoxRk9ESGo3MzAr - b0lTRjVCMU9ELzdvbFBJZ0tHbGtsYkEKLEcXCEikC3T3hfVOYKtWcNSGmfg28y+f - nGC4dQh9EciEbk1ZBbN3i6YSNULDoMSH172KBmRyt1ogr1ZPyCNqtg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-28T21:11:56Z" - mac: ENC[AES256_GCM,data:V/Gdc3LEwlNlfSqUzQFHFmtJQVaQ5wGXZmzoBpwHzhyHQpEkezHBwhq4XTCuXH5XPpjmWvih/dAbOn9EBA6gvPSX1DB0j/JvHvK9b8+BpjlL4xtnYaBql2eQgCWLKqzZMGCnbwONWi+1sjowK1ac4zPnXhEr52EIES31hV8KHKU=,iv:4NzQxve+iKhRcQVxfXbDsQz1sBU+pnm9x/HQnv2TLgc=,tag:zLYKf+tEUsXApNdc1hLjhw==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/os/linux/nix/secrets/example.yaml b/os/linux/nix/secrets/example.yaml deleted file mode 100644 index e647a98..0000000 --- a/os/linux/nix/secrets/example.yaml +++ /dev/null @@ -1,25 +0,0 @@ -example-key: ENC[AES256_GCM,data:8/LalMfi+YsJaF1P+A==,iv:/Kkul1a1gBiAd447/A/yVzfUJi7rb8nAoBWXiokQZEs=,tag:gN5VnfNFyiKplMpip54YEw==,type:str] -#ENC[AES256_GCM,data:zF3Eji+GV/e/lxQ8IFpu2Q==,iv:wTfGJmuJ08HXstXGofLbUcl3vSKOsSv1Ai0kQM57sF4=,tag:U94wjTY7mTpafjkA4hOh0g==,type:comment] -myservice: - my_subdir: - my_secret: ENC[AES256_GCM,data:0oxmwRaS6wYg,iv:7fn84cOkL9F1yhbGOOJZLgkIphI4ZjA0pdzFFNFDh50=,tag:mwbFqGbLa+H47jOyfiNQBQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3UUdpZU8zMloweWhZbmxI - aFZNL1M3eWNpMjBKMGxRMDYwUnZpd2k0NG1RCnVvcjJsU1dJQTVIcFlmMmFKeEI2 - bEJVdldxektybGtLYmprRG9OenFnRjgKLS0tIGtBOWFrWXgvc2l0QThQczlWMkxW - bjM4enBEbUlkYlZFOHIvQW80VktsTDgKZMYE95nKgmU+whtU2xrJnuNlwZqrjpfN - e5LKNQ6lLqIzsmCdAlyPcKVW5hCbtaT/Ac1TvZWq7+cF6SbPa/51Ew== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-27T17:08:21Z" - mac: ENC[AES256_GCM,data:HO9P7Z3edo5FyaTenyKjphxnKcke4dqXiUyBveAPd2KP489Hh+fXrugx7+w47UiYsfgBCgFM/ED9xzRKLV7IMIYFtdtL5LwTizPF9H/VUnvRM420VUy/OMPiuludSSoL3WNpTM0UBQi4l7FSjKGpz5AdzLJE65Px05lPJQ/KGFY=,iv:TNtp3/A5lDanNQ0Ghi1Q1yyQc6glcYyYYeDkeEXNkVw=,tag:L5lmerkR3SarF/NLXYMURQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/os/linux/nix/sway/config b/os/linux/nix/sway/config deleted file mode 100644 index abf20ad..0000000 --- a/os/linux/nix/sway/config +++ /dev/null @@ -1,2 +0,0 @@ -exec dbus-sway-environment -exec configure-gtk diff --git a/readme.md b/readme.md index 949666c..eb3dd42 100644 --- a/readme.md +++ b/readme.md @@ -5,28 +5,15 @@ take what you like. **NOTE**: I'm in the process of migrating/copying some/all things from a wacky combination of Arch Linux, other Linux distributions, and macOS, to a single -Nix flake for everything. Tread lightly! +Nix flake for everything, including Arch Linux configs via Home Manager. Tread +lightly! + +Please refer to https://git.lyte.dev/lytedev/nix ## Links [🖥️ Upstream][upstream] • [🐙 GitHub Mirror][github] -# Basic Setup - -For generic dotfiles setup: - -```bash -curl -LO lyte.dev/df.sh && sh -i df.sh -``` - -Or if using the Nix flake (note that this is hostname-dependent): - - - -```bash -sudo nixos-rebuild --flake 'git+https://git.lyte.dev/lytedev/dotfiles?dir=/os/linux/nix#' switch -``` - # Screenshots Any relevant screenshots may be found here: