diff --git a/flake.lock b/flake.lock index 0e4adeb..f5d555d 100644 --- a/flake.lock +++ b/flake.lock @@ -59,11 +59,11 @@ ] }, "locked": { - "lastModified": 1696266752, - "narHash": "sha256-wJnMDFM21+xXdsXSs6pXMElbv4YfqmQslcPApRuaYKs=", + "lastModified": 1699781810, + "narHash": "sha256-LD+PIUbm1yQmQmGIbSsc/PB1dtJtGqXFgxRc1C7LlfQ=", "owner": "nix-community", "repo": "disko", - "rev": "646ee25c25fffee122a66282861f5f56ad3e0fd9", + "rev": "2d7d77878c5d70f66f3d676ff66708d8d4f9d7df", "type": "github" }, "original": { @@ -145,11 +145,11 @@ }, "hardware": { "locked": { - "lastModified": 1699701045, - "narHash": "sha256-mDzUXK7jNO/utInWpSWEX1NgEEunVIpJg+LyPsDTfy0=", + "lastModified": 1700559156, + "narHash": "sha256-gL4epO/qf+wo30JjC3g+b5Bs8UrpxzkhNBBsUYxpw2g=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "b689465d0c5d88e158e7d76094fca08cc0223aad", + "rev": "c3abafb01cd7045dba522af29b625bd1e170c2fb", "type": "github" }, "original": { @@ -189,11 +189,11 @@ ] }, "locked": { - "lastModified": 1696145345, - "narHash": "sha256-3dM7I/d4751SLPJah0to1WBlWiyzIiuCEUwJqwBdmr4=", + "lastModified": 1700553346, + "narHash": "sha256-kW7uWsCv/lxuA824Ng6EYD9hlVYRyjuFn0xBbYltAeQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "6f9b5b83ad1f470b3d11b8a9fe1d5ef68c7d0e30", + "rev": "1aabb0a31b25ad83cfaa37c3fe29053417cd9a0f", "type": "github" }, "original": { @@ -214,11 +214,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1699391198, - "narHash": "sha256-HrnlCdZBqqE37gFORapfSGEGcqhCyhX2aSMRnDEmR0k=", + "lastModified": 1700592218, + "narHash": "sha256-vHzDbBrZ5EsfVUMLgjuugf6OqB+iOLjKLO9O5n2occ4=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "751d2851cc270c3322ffe2eb83c156e4298a0c0e", + "rev": "472926528428cd714c90f157e639fc0466611c8b", "type": "github" }, "original": { @@ -276,11 +276,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1697723726, - "narHash": "sha256-SaTWPkI8a5xSHX/rrKzUe+/uVNy6zCGMXgoeMb7T9rg=", + "lastModified": 1700390070, + "narHash": "sha256-de9KYi8rSJpqvBfNwscWdalIJXPo8NjdIZcEJum1mH0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7c9cc5a6e5d38010801741ac830a3f8fd667a7a0", + "rev": "e4ad989506ec7d71f7302cc3067abd82730a4beb", "type": "github" }, "original": { @@ -354,11 +354,11 @@ ] }, "locked": { - "lastModified": 1695284550, - "narHash": "sha256-z9fz/wz9qo9XePEvdduf+sBNeoI9QG8NJKl5ssA8Xl4=", + "lastModified": 1700362823, + "narHash": "sha256-/H7XgvrYM0IbkpWkcdfkOH0XyBM5ewSWT1UtaLvOgKY=", "owner": "Mic92", "repo": "sops-nix", - "rev": "2f375ed8702b0d8ee2430885059d5e7975e38f78", + "rev": "49a87c6c827ccd21c225531e30745a9a6464775c", "type": "github" }, "original": { @@ -453,18 +453,18 @@ "flake": false, "locked": { "host": "gitlab.freedesktop.org", - "lastModified": 1697909146, - "narHash": "sha256-jU0I6FoCKnj4zIBL4daosFWh81U1fM719Z6cae8PxSY=", + "lastModified": 1699292815, + "narHash": "sha256-HXu98PyBMKEWLqiTb8viuLDznud/SdkdJsx5A5CWx7I=", "owner": "wlroots", "repo": "wlroots", - "rev": "47bf87ade2bd32395615a385ebde1fefbcdf79a2", + "rev": "5de9e1a99d6642c2d09d589aa37ff0a8945dcee1", "type": "gitlab" }, "original": { "host": "gitlab.freedesktop.org", "owner": "wlroots", "repo": "wlroots", - "rev": "47bf87ade2bd32395615a385ebde1fefbcdf79a2", + "rev": "5de9e1a99d6642c2d09d589aa37ff0a8945dcee1", "type": "gitlab" } }, diff --git a/lib/internal.md b/lib/internal.md index cd16505..6551d28 100644 --- a/lib/internal.md +++ b/lib/internal.md @@ -2,8 +2,85 @@ ## Update Server -```shell +**NOTE**: I want to establish a solid way to do this without `root@`. + +```fish g a; set host beefcake; nix run nixpkgs#nixos-rebuild -- --flake ".#$host" \ --target-host "root@$host" --build-host "root@$host" \ switch --show-trace ``` + +## Safer Method + +```bash +# make sure all files are at least staged so nix flakes will see them +git add -A + +# initialize a delayed reboot by a process you can kill later if things look good +# note that the amount of time you give it probably needs to be enough time to both complete the upgrade +# _and_ perform whatever testing you need +host=your_host +ssh -t "root@$host" "bash -c ' + set -m + (sleep 300; reboot;) & + jobs -p + bg + disown +'" + +# build the system and start running it, but do NOT set the machine up to boot to that system yet +# we will test things and make sure it works first +# if it fails, the reboot we started previously will automatically kick in once the timeout is reached +# and the machine will boot to the now-previous iteration +nix run nixpkgs#nixos-rebuild -- --flake ".#$host" \ + --target-host "root@$host" --build-host "root@$host" \ + test --show-trace + +# however you like, verify the system is running as expected +# if it is, run the same command with "switch" instead of "test" +# otherwise, we will wait until the machine reboots back into the +# this is crude, but should be pretty foolproof +# the main gotcha is that the system is already unbootable or non-workable, but +# if you always use this method, that should be an impossible state to get into + +# if we still have ssh access and the machine fails testing, just rollback +# instead of waiting for the reboot +ssh "root@$host" nixos-rebuild --rollback switch +``` + +## Provisioning New NixOS Hosts + +Note that for best results the target flake attribute should first be built and +cached to the binary cache at `nix.h.lyte.dev`. + +```bash +# establish network access +# plug in ethernet or do the wpa_cli song and dance for wifi +wpa_cli scan +wpa_cli scan_results +wpa_cli add_network 0 +wpa_cli set_network 0 ssid "MY_SSID" +wpa_cli set_network 0 psk "MY_WIFI_PASSWORD" +wpa_cli enable_network 0 +wpa_cli save_config + +# disk encryption key (if needed) +echo -n "password" > /tmp/secret.key + +# partition disks +nix-shell --packages git --run "sudo nix run \ + --extra-experimental-features nix-command \ + --extra-experimental-features flakes \ + github:nix-community/disko -- \ + --flake 'git+https://git.lyte.dev/lytedev/nix#${PARTITION_SCHEME}' \ + --mode disko \ + --arg disks '[ \"/dev/${DISK}\" ]'" + +# install +nix-shell --packages git \ + --run "sudo nixos-install \ + --flake 'git+https://git.lyte.dev/lytedev/nix#${FLAKE_ATTR}' \ + --option trusted-substituters 'https://cache.nixos.org https://nix.h.lyte.dev' \ + --option trusted-public-keys 'cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= h.lyte.dev:HeVWtne31ZG8iMf+c15VY3/Mky/4ufXlfTpT8+4Xbs0='" +``` + diff --git a/modules/home-manager/bat.nix b/modules/home-manager/bat.nix index 81f2da5..836e58e 100644 --- a/modules/home-manager/bat.nix +++ b/modules/home-manager/bat.nix @@ -6,18 +6,18 @@ programs.bat = { enable = true; config = { - theme = "Catppuccin-mocha"; - }; - themes = { - "Catppuccin-mocha" = builtins.readFile (pkgs.fetchFromGitHub - { - owner = "catppuccin"; - repo = "bat"; - rev = "477622171ec0529505b0ca3cada68fc9433648c6"; - sha256 = "6WVKQErGdaqb++oaXnY3i6/GuH2FhTgK0v4TN4Y0Wbw="; - } - + "/Catppuccin-mocha.tmTheme"); + theme = "ansi"; }; + # themes = { + # "Catppuccin-mocha" = builtins.readFile (pkgs.fetchFromGitHub + # { + # owner = "catppuccin"; + # repo = "bat"; + # rev = "477622171ec0529505b0ca3cada68fc9433648c6"; + # sha256 = "6WVKQErGdaqb++oaXnY3i6/GuH2FhTgK0v4TN4Y0Wbw="; + # } + # + "/Catppuccin-mocha.tmTheme"); + # }; }; home.shellAliases = { diff --git a/modules/home-manager/broot.nix b/modules/home-manager/broot.nix index d8a0bc5..ad7c8ac 100644 --- a/modules/home-manager/broot.nix +++ b/modules/home-manager/broot.nix @@ -1,9 +1,9 @@ -{...}: { +{colors, ...}: { programs.broot = { enable = true; enableFishIntegration = true; settings = { - modal = false; # vim mode? + modal = true; # vim mode? verbs = [ { @@ -12,6 +12,23 @@ execution = "$EDITOR {file}"; } ]; + + skin = with colors.withHashPrefix; { + status_normal_fg = fg; + status_normal_bg = bg; + status_error_fg = red; + status_error_bg = yellow; + tree_fg = red; + selected_line_bg = bg2; + permissions_fg = purple; + size_bar_full_bg = red; + size_bar_void_bg = bg; + directory_fg = yellow; + input_fg = blue; + flag_value_fg = yellow; + table_border_fg = red; + code_fg = yellow; + }; }; }; } diff --git a/modules/home-manager/common.nix b/modules/home-manager/common.nix index 46debea..5200d12 100644 --- a/modules/home-manager/common.nix +++ b/modules/home-manager/common.nix @@ -18,6 +18,7 @@ iex zellij broot + nnn cargo senpai tmux diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix index 779f98c..7ba3229 100644 --- a/modules/home-manager/default.nix +++ b/modules/home-manager/default.nix @@ -19,6 +19,7 @@ zellij = import ./zellij.nix; firefox = import ./firefox.nix; broot = import ./broot.nix; + nnn = import ./nnn.nix; waybar = import ./waybar.nix; swaylock = import ./swaylock.nix; desktop = import ./desktop.nix; diff --git a/modules/home-manager/firefox.nix b/modules/home-manager/firefox.nix index 33e8273..c03f0a8 100644 --- a/modules/home-manager/firefox.nix +++ b/modules/home-manager/firefox.nix @@ -5,7 +5,7 @@ enable = true; # TODO: uses nixpkgs.pass so pass otp doesn't work - package = pkgs.firefox.override {extraNativeMessagingHosts = [pkgs.passff-host];}; + package = pkgs.firefox.override {nativeMessagingHosts = [pkgs.passff-host];}; # extensions = with pkgs.nur.repos.rycee.firefox-addons; [ # ublock-origin diff --git a/modules/home-manager/foxtrot.nix b/modules/home-manager/foxtrot.nix index f25264a..8d84116 100644 --- a/modules/home-manager/foxtrot.nix +++ b/modules/home-manager/foxtrot.nix @@ -1,5 +1,5 @@ {outputs, ...}: let - scale = 1.5; + scale = 1.25; in { imports = with outputs.homeManagerModules; [ sway diff --git a/modules/home-manager/hyprland.nix b/modules/home-manager/hyprland.nix index 97eb28c..6dc4c2e 100644 --- a/modules/home-manager/hyprland.nix +++ b/modules/home-manager/hyprland.nix @@ -27,6 +27,10 @@ "desc:Dell Inc. DELL U2720Q D3TM623,3840x2160@60,3840x0,1.5,transform,3" ]; + xwayland = { + force_zero_scaling = true; + }; + exec-once = [ "hyprpaper" "mako" diff --git a/modules/home-manager/nnn.nix b/modules/home-manager/nnn.nix new file mode 100644 index 0000000..d7fc465 --- /dev/null +++ b/modules/home-manager/nnn.nix @@ -0,0 +1,5 @@ +{...}: { + programs.nnn = { + enable = true; + }; +} diff --git a/modules/nixos/postgres.nix b/modules/nixos/postgres.nix index 507160a..5a471de 100644 --- a/modules/nixos/postgres.nix +++ b/modules/nixos/postgres.nix @@ -6,9 +6,7 @@ ensureUsers = [ { name = "daniel"; - ensurePermissions = { - "DATABASE daniel" = "ALL PRIVILEGES"; - }; + ensureDBOwnership = true; } ]; enableTCPIP = true; diff --git a/nixos/beefcake/default.nix b/nixos/beefcake/default.nix index c3a4ecb..dab8a57 100644 --- a/nixos/beefcake/default.nix +++ b/nixos/beefcake/default.nix @@ -119,12 +119,6 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 owner = config.systemd.services.plausible.serviceConfig.User; group = config.systemd.services.plausible.serviceConfig.Group; }; - plausible-erlang-cookie = { - path = "/var/lib/plausible/plausible-erlang-cookie"; - mode = "0440"; - owner = config.systemd.services.plausible.serviceConfig.User; - group = config.systemd.services.plausible.serviceConfig.Group; - }; plausible-secret-key-base = { path = "/var/lib/plausible/plausible-secret-key-base"; mode = "0440"; @@ -359,6 +353,12 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 }; }; + # services.gitea-actions-runner.instances.main = { + # # TODO: simple git-based automation would be dope? maybe especially for + # # mirroring to github super easy? + # enable = false; + # }; + services.gitea = { enable = true; appName = "git.lyte.dev"; @@ -370,6 +370,9 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 HTTP_PORT = 3088; DOMAIN = "git.lyte.dev"; }; + actions = { + ENABLED = true; + }; service = { DISABLE_REGISTRATION = true; }; @@ -406,7 +409,6 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 services.plausible = { # TODO: enable enable = false; - releaseCookiePath = config.sops.secrets.plausible-erlang-cookie.path; database = { clickhouse.setup = true; postgres = { @@ -433,21 +435,15 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 ensureUsers = [ { name = "daniel"; - ensurePermissions = { - "DATABASE daniel" = "ALL PRIVILEGES"; - }; + ensureDBOwnership = true; } { name = "plausible"; - ensurePermissions = { - "DATABASE plausible" = "ALL PRIVILEGES"; - }; + ensureDBOwnership = true; } { name = "nextcloud"; - ensurePermissions = { - "DATABASE nextcloud" = "ALL PRIVILEGES"; - }; + ensureDBOwnership = true; } ]; dataDir = "/storage/postgres"; diff --git a/nixos/foxtrot/default.nix b/nixos/foxtrot/default.nix index 9d6dc9d..f6403d5 100644 --- a/nixos/foxtrot/default.nix +++ b/nixos/foxtrot/default.nix @@ -24,13 +24,32 @@ inputs.hardware.nixosModules.framework-13-7040-amd ]; - # TODO: hibernation? does sleep suffice? + swapDevices = [ + # TODO: move this to disko? + # sudo btrfs subvolume create /swap + # sudo btrfs filesystem mkswapfile --size 32g --uuid clear /swap/swapfile + # sudo swapon /swap/swapfile + {device = "/swap/swapfile";} + ]; + + # findmnt -no UUID -T /swap/swapfile + boot.resumeDevice = "/dev/disk/by-uuid/3076912c-ac61-4067-b6b2-361f68b2d038"; + + services.logind = { + lidSwitch = "suspend-then-hibernate"; + extraConfig = '' + HandlePowerKey=suspend-then-hibernate + IdleAction=suspend-then-hibernate + IdleActionSec=10m + ''; + }; + systemd.sleep.extraConfig = "HibernateDelaySec=30m"; services.fwupd.enable = true; services.fwupd.extraRemotes = ["lvfs-testing"]; hardware.opengl.extraPackages = [ - pkgs.rocmPackages.clr.icd + # pkgs.rocmPackages.clr.icd pkgs.amdvlk # encoding/decoding acceleration pkgs.libvdpau-va-gl @@ -44,11 +63,16 @@ efi.canTouchEfiVariables = true; systemd-boot.enable = true; }; - kernelPackages = pkgs.linuxPackages_6_5; + kernelPackages = pkgs.linuxPackages_latest; + # sudo filefrag -v /swap/swapfile | awk '$1=="0:" {print substr($4, 1, length($4)-2)}' + # the above won't work for btrfs, instead you need + # btrfs inspect-internal map-swapfile -r /swap/swapfile + # https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file # many of these come from https://wiki.archlinux.org/title/Framework_Laptop_13#Suspend kernelParams = [ - "amdgpu.sg_display=0" + # "amdgpu.sg_display=0" "acpi_osi=\"!Windows 2020\"" + "resume_offset=39331072" # "nvme.noacpi=1" # maybe causing crashes upon waking? # "rtc_cmos.use_acpi_alarm=1" # maybe causing excessive battery drain while sleeping -- perhaps due to waking? ]; diff --git a/nixos/thinker/default.nix b/nixos/thinker/default.nix index 8acf751..42d8229 100644 --- a/nixos/thinker/default.nix +++ b/nixos/thinker/default.nix @@ -25,7 +25,7 @@ extraConfig = '' HandlePowerKey=suspend-then-hibernate IdleAction=suspend-then-hibernate - IdleActionSec=1m + IdleActionSec=10m ''; }; systemd.sleep.extraConfig = "HibernateDelaySec=30m"; diff --git a/readme.md b/readme.md index c1fe667..31afc33 100644 --- a/readme.md +++ b/readme.md @@ -13,14 +13,22 @@ here is useful inspiration. $ nixos-rebuild switch --flake git+https://git.lyte.dev/lytedev/nix#${FLAKE_ATTR} ``` -You don't have even have to clone this crap yourself. How cool is that! +You don't have even have to clone this crap yourself. How cool is that! But if you do, it looks like this: -But if you're gonna change stuff you had better setup the pre-commit hook: +```shell_session +$ nixos-rebuild switch --flake ./repo/dir/for/nix#${FLAKE_ATTR} +``` + +## Setup + +If you're gonna change stuff you had better setup the pre-commit hook: ```shell_session $ ln -s $PWD/pre-commit.bash .git/hooks/pre-commit ``` +## Secrets + If you're deploying anything secrets-related, you will need the proper keys: ```shell_session @@ -31,99 +39,23 @@ $ pass age-key >> ${XDG_CONFIG_HOME:-~/.config}/sops/age/keys.txt ## NixOS ```shell_session -$ nixos-rebuild switch --flake . +$ nixos-rebuild switch --flake ``` ## Not NixOS +**NOTE**: I pretty much solely use Home Manager as a NixOS module presently, so this is not fully supported. + ```shell_session $ curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install $ nix profile install github:nix-community/home-manager -$ home-manager switch --flake git+https://git.lyte.dev/lytedev/nix +$ FLAKE_ATTR=base-x86_64-linux +$ home-manager switch --flake git+https://git.lyte.dev/lytedev/nix#$FLAKE_ATTR ``` -# Advanced Usage +# Internal/Advanced Usage -## Push NixOS Config - -```bash -host=your_host -nix run nixpkgs#nixos-rebuild -- --flake ".#$host" \ - --target-host "root@$host" --build-host "root@$host" \ - switch --show-trace -``` - -### Safer Method - -```bash -# initialize a delayed reboot by a process you can kill later if things look good -# note that the amount of time you give it probably needs to be enough time to both complete the upgrade -# _and_ perform whatever testing you need -host=your_host -ssh -t "root@$host" "bash -c ' - set -m - (sleep 300; reboot;) & - jobs -p - bg - disown -'" - -# build the system and start running it, but do NOT set the machine up to boot to that system yet -# we will test things and make sure it works first -# if it fails, the reboot we started previously will automatically kick in once the timeout is reached -# and the machine will boot to the now-previous iteration -nix run nixpkgs#nixos-rebuild -- --flake ".#$host" \ - --target-host "root@$host" --build-host "root@$host" \ - test --show-trace - -# however you like, verify the system is running as expected -# if it is, run the same command with "switch" instead of "test" -# otherwise, we will wait until the machine reboots back into the -# this is crude, but should be pretty foolproof -# the main gotcha is that the system is already unbootable or non-workable, but -# if you always use this method, that should be an impossible state to get into - -# if we still have ssh access and the machine fails testing, just rollback -# instead of waiting for the reboot -ssh "root@$host" nixos-rebuild --rollback switch -``` - -## Provisioning New NixOS Hosts - -```bash -# establish network access -# plug in ethernet or do the wpa_cli song and dance for wifi -wpa_cli scan -wpa_cli scan_results -wpa_cli add_network 0 -wpa_cli set_network 0 ssid "MY_SSID" -wpa_cli set_network 0 psk "MY_WIFI_PASSWORD" -wpa_cli enable_network 0 -wpa_cli save_config - -# disk encryption key (if needed) -echo -n "password" > /tmp/secret.key - -# partition disks -nix-shell --packages git --run "sudo nix run \ - --extra-experimental-features nix-command \ - --extra-experimental-features flakes \ - github:nix-community/disko -- \ - --flake 'git+https://git.lyte.dev/lytedev/nix#${PARTITION_SCHEME}' \ - --mode disko \ - --arg disks '[ \"/dev/${DISK}\" ]'" - -# install -nix-shell --packages git \ - --run "sudo nixos-install \ - --flake 'git+https://git.lyte.dev/lytedev/nix#${FLAKE_ATTR}' \ - --option trusted-substituters 'https://cache.nixos.org https://nix.h.lyte.dev' \ - --option trusted-public-keys 'cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= h.lyte.dev:HeVWtne31ZG8iMf+c15VY3/Mky/4ufXlfTpT8+4Xbs0='" -``` - -# Internal Usage - -Just for me, see [[lib/internal.md]] +See [lib/internal.md](./lib/internal.md). # To Do @@ -135,7 +67,6 @@ Just for me, see [[lib/internal.md]] - grafana and stuff for monitoring - alerts? - Fonts installed by home manager instead of nixos module -- Zellij config? - Broot config? ## Long Term