Merge remote-tracking branch 'origin/main'

flake.lock

@@ -59,11 +59,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1696266752,
+        "lastModified": 1699781810,
-        "narHash": "sha256-wJnMDFM21+xXdsXSs6pXMElbv4YfqmQslcPApRuaYKs=",
+        "narHash": "sha256-LD+PIUbm1yQmQmGIbSsc/PB1dtJtGqXFgxRc1C7LlfQ=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "646ee25c25fffee122a66282861f5f56ad3e0fd9",
+        "rev": "2d7d77878c5d70f66f3d676ff66708d8d4f9d7df",
         "type": "github"
       },
       "original": {
@@ -145,11 +145,11 @@
     },
     "hardware": {
       "locked": {
-        "lastModified": 1699701045,
+        "lastModified": 1700559156,
-        "narHash": "sha256-mDzUXK7jNO/utInWpSWEX1NgEEunVIpJg+LyPsDTfy0=",
+        "narHash": "sha256-gL4epO/qf+wo30JjC3g+b5Bs8UrpxzkhNBBsUYxpw2g=",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "b689465d0c5d88e158e7d76094fca08cc0223aad",
+        "rev": "c3abafb01cd7045dba522af29b625bd1e170c2fb",
         "type": "github"
       },
       "original": {
@@ -189,11 +189,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1696145345,
+        "lastModified": 1700553346,
-        "narHash": "sha256-3dM7I/d4751SLPJah0to1WBlWiyzIiuCEUwJqwBdmr4=",
+        "narHash": "sha256-kW7uWsCv/lxuA824Ng6EYD9hlVYRyjuFn0xBbYltAeQ=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "6f9b5b83ad1f470b3d11b8a9fe1d5ef68c7d0e30",
+        "rev": "1aabb0a31b25ad83cfaa37c3fe29053417cd9a0f",
         "type": "github"
       },
       "original": {
@@ -214,11 +214,11 @@
         "xdph": "xdph"
       },
       "locked": {
-        "lastModified": 1699391198,
+        "lastModified": 1700592218,
-        "narHash": "sha256-HrnlCdZBqqE37gFORapfSGEGcqhCyhX2aSMRnDEmR0k=",
+        "narHash": "sha256-vHzDbBrZ5EsfVUMLgjuugf6OqB+iOLjKLO9O5n2occ4=",
         "owner": "hyprwm",
         "repo": "Hyprland",
-        "rev": "751d2851cc270c3322ffe2eb83c156e4298a0c0e",
+        "rev": "472926528428cd714c90f157e639fc0466611c8b",
         "type": "github"
       },
       "original": {
@@ -276,11 +276,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1697723726,
+        "lastModified": 1700390070,
-        "narHash": "sha256-SaTWPkI8a5xSHX/rrKzUe+/uVNy6zCGMXgoeMb7T9rg=",
+        "narHash": "sha256-de9KYi8rSJpqvBfNwscWdalIJXPo8NjdIZcEJum1mH0=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "7c9cc5a6e5d38010801741ac830a3f8fd667a7a0",
+        "rev": "e4ad989506ec7d71f7302cc3067abd82730a4beb",
         "type": "github"
       },
       "original": {
@@ -354,11 +354,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1695284550,
+        "lastModified": 1700362823,
-        "narHash": "sha256-z9fz/wz9qo9XePEvdduf+sBNeoI9QG8NJKl5ssA8Xl4=",
+        "narHash": "sha256-/H7XgvrYM0IbkpWkcdfkOH0XyBM5ewSWT1UtaLvOgKY=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "2f375ed8702b0d8ee2430885059d5e7975e38f78",
+        "rev": "49a87c6c827ccd21c225531e30745a9a6464775c",
         "type": "github"
       },
       "original": {
@@ -453,18 +453,18 @@
       "flake": false,
       "locked": {
         "host": "gitlab.freedesktop.org",
-        "lastModified": 1697909146,
+        "lastModified": 1699292815,
-        "narHash": "sha256-jU0I6FoCKnj4zIBL4daosFWh81U1fM719Z6cae8PxSY=",
+        "narHash": "sha256-HXu98PyBMKEWLqiTb8viuLDznud/SdkdJsx5A5CWx7I=",
         "owner": "wlroots",
         "repo": "wlroots",
-        "rev": "47bf87ade2bd32395615a385ebde1fefbcdf79a2",
+        "rev": "5de9e1a99d6642c2d09d589aa37ff0a8945dcee1",
         "type": "gitlab"
       },
       "original": {
         "host": "gitlab.freedesktop.org",
         "owner": "wlroots",
         "repo": "wlroots",
-        "rev": "47bf87ade2bd32395615a385ebde1fefbcdf79a2",
+        "rev": "5de9e1a99d6642c2d09d589aa37ff0a8945dcee1",
         "type": "gitlab"
       }
     },

lib/internal.md

@@ -2,8 +2,85 @@
 
 ## Update Server
 
-```shell
+**NOTE**: I want to establish a solid way to do this without `root@`.
+
+```fish
 g a; set host beefcake; nix run nixpkgs#nixos-rebuild -- --flake ".#$host" \
   --target-host "root@$host" --build-host "root@$host" \
   switch --show-trace
 ```
+
+## Safer Method
+
+```bash
+# make sure all files are at least staged so nix flakes will see them
+git add -A
+
+# initialize a delayed reboot by a process you can kill later if things look good
+# note that the amount of time you give it probably needs to be enough time to both complete the upgrade
+# _and_ perform whatever testing you need
+host=your_host
+ssh -t "root@$host" "bash -c '
+  set -m
+  (sleep 300; reboot;) &
+  jobs -p
+  bg
+  disown
+'"
+
+# build the system and start running it, but do NOT set the machine up to boot to that system yet
+# we will test things and make sure it works first
+# if it fails, the reboot we started previously will automatically kick in once the timeout is reached
+# and the machine will boot to the now-previous iteration
+nix run nixpkgs#nixos-rebuild -- --flake ".#$host" \
+  --target-host "root@$host" --build-host "root@$host" \
+  test --show-trace
+
+# however you like, verify the system is running as expected
+# if it is, run the same command with "switch" instead of "test"
+# otherwise, we will wait until the machine reboots back into the 
+# this is crude, but should be pretty foolproof
+# the main gotcha is that the system is already unbootable or non-workable, but
+# if you always use this method, that should be an impossible state to get into
+
+# if we still have ssh access and the machine fails testing, just rollback
+# instead of waiting for the reboot
+ssh "root@$host" nixos-rebuild --rollback switch
+```
+
+## Provisioning New NixOS Hosts
+
+Note that for best results the target flake attribute should first be built and
+cached to the binary cache at `nix.h.lyte.dev`.
+
+```bash
+# establish network access
+# plug in ethernet or do the wpa_cli song and dance for wifi
+wpa_cli scan
+wpa_cli scan_results
+wpa_cli add_network 0
+wpa_cli set_network 0 ssid "MY_SSID"
+wpa_cli set_network 0 psk "MY_WIFI_PASSWORD"
+wpa_cli enable_network 0
+wpa_cli save_config
+
+# disk encryption key (if needed)
+echo -n "password" > /tmp/secret.key
+
+# partition disks
+nix-shell --packages git --run "sudo nix run \
+  --extra-experimental-features nix-command \
+  --extra-experimental-features flakes \
+  github:nix-community/disko -- \
+    --flake 'git+https://git.lyte.dev/lytedev/nix#${PARTITION_SCHEME}' \
+    --mode disko \
+    --arg disks '[ \"/dev/${DISK}\" ]'"
+
+# install
+nix-shell --packages git \
+  --run "sudo nixos-install \
+    --flake 'git+https://git.lyte.dev/lytedev/nix#${FLAKE_ATTR}' \
+    --option trusted-substituters 'https://cache.nixos.org https://nix.h.lyte.dev' \
+    --option trusted-public-keys 'cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= h.lyte.dev:HeVWtne31ZG8iMf+c15VY3/Mky/4ufXlfTpT8+4Xbs0='"
+```
+

modules/home-manager/bat.nix

@@ -6,18 +6,18 @@
   programs.bat = {
     enable = true;
     config = {
-      theme = "Catppuccin-mocha";
+      theme = "ansi";
-    };
-    themes = {
-      "Catppuccin-mocha" = builtins.readFile (pkgs.fetchFromGitHub
-        {
-          owner = "catppuccin";
-          repo = "bat";
-          rev = "477622171ec0529505b0ca3cada68fc9433648c6";
-          sha256 = "6WVKQErGdaqb++oaXnY3i6/GuH2FhTgK0v4TN4Y0Wbw=";
-        }
-        + "/Catppuccin-mocha.tmTheme");
     };
+    # themes = {
+    #   "Catppuccin-mocha" = builtins.readFile (pkgs.fetchFromGitHub
+    #     {
+    #       owner = "catppuccin";
+    #       repo = "bat";
+    #       rev = "477622171ec0529505b0ca3cada68fc9433648c6";
+    #       sha256 = "6WVKQErGdaqb++oaXnY3i6/GuH2FhTgK0v4TN4Y0Wbw=";
+    #     }
+    #     + "/Catppuccin-mocha.tmTheme");
+    # };
   };
 
   home.shellAliases = {

modules/home-manager/broot.nix

@@ -1,9 +1,9 @@
-{...}: {
+{colors, ...}: {
   programs.broot = {
     enable = true;
     enableFishIntegration = true;
     settings = {
-      modal = false; # vim mode?
+      modal = true; # vim mode?
 
       verbs = [
         {
@@ -12,6 +12,23 @@
           execution = "$EDITOR {file}";
         }
       ];
+
+      skin = with colors.withHashPrefix; {
+        status_normal_fg = fg;
+        status_normal_bg = bg;
+        status_error_fg = red;
+        status_error_bg = yellow;
+        tree_fg = red;
+        selected_line_bg = bg2;
+        permissions_fg = purple;
+        size_bar_full_bg = red;
+        size_bar_void_bg = bg;
+        directory_fg = yellow;
+        input_fg = blue;
+        flag_value_fg = yellow;
+        table_border_fg = red;
+        code_fg = yellow;
+      };
     };
   };
 }

modules/home-manager/common.nix

@@ -18,6 +18,7 @@
     iex
     zellij
     broot
+    nnn
     cargo
     senpai
     tmux

modules/home-manager/default.nix

@@ -19,6 +19,7 @@
   zellij = import ./zellij.nix;
   firefox = import ./firefox.nix;
   broot = import ./broot.nix;
+  nnn = import ./nnn.nix;
   waybar = import ./waybar.nix;
   swaylock = import ./swaylock.nix;
   desktop = import ./desktop.nix;

modules/home-manager/firefox.nix

@@ -5,7 +5,7 @@
     enable = true;
 
     # TODO: uses nixpkgs.pass so pass otp doesn't work
-    package = pkgs.firefox.override {extraNativeMessagingHosts = [pkgs.passff-host];};
+    package = pkgs.firefox.override {nativeMessagingHosts = [pkgs.passff-host];};
 
     # extensions = with pkgs.nur.repos.rycee.firefox-addons; [
     #   ublock-origin

modules/home-manager/foxtrot.nix

@@ -1,5 +1,5 @@
 {outputs, ...}: let
-  scale = 1.5;
+  scale = 1.25;
 in {
   imports = with outputs.homeManagerModules; [
     sway

modules/home-manager/hyprland.nix

@@ -27,6 +27,10 @@
         "desc:Dell Inc. DELL U2720Q D3TM623,3840x2160@60,3840x0,1.5,transform,3"
       ];
 
+      xwayland = {
+        force_zero_scaling = true;
+      };
+
       exec-once = [
         "hyprpaper"
         "mako"

modules/home-manager/nnn.nix

@@ -0,0 +1,5 @@
+{...}: {
+  programs.nnn = {
+    enable = true;
+  };
+}

modules/nixos/postgres.nix

@@ -6,9 +6,7 @@
     ensureUsers = [
       {
         name = "daniel";
-        ensurePermissions = {
+        ensureDBOwnership = true;
-          "DATABASE daniel" = "ALL PRIVILEGES";
-        };
       }
     ];
     enableTCPIP = true;

nixos/beefcake/default.nix

@@ -119,12 +119,6 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
         owner = config.systemd.services.plausible.serviceConfig.User;
         group = config.systemd.services.plausible.serviceConfig.Group;
       };
-      plausible-erlang-cookie = {
-        path = "/var/lib/plausible/plausible-erlang-cookie";
-        mode = "0440";
-        owner = config.systemd.services.plausible.serviceConfig.User;
-        group = config.systemd.services.plausible.serviceConfig.Group;
-      };
       plausible-secret-key-base = {
         path = "/var/lib/plausible/plausible-secret-key-base";
         mode = "0440";
@@ -359,6 +353,12 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
     };
   };
 
+  # services.gitea-actions-runner.instances.main = {
+  #   # TODO: simple git-based automation would be dope? maybe especially for
+  #   # mirroring to github super easy?
+  #   enable = false;
+  # };
+
   services.gitea = {
     enable = true;
     appName = "git.lyte.dev";
@@ -370,6 +370,9 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
         HTTP_PORT = 3088;
         DOMAIN = "git.lyte.dev";
       };
+      actions = {
+        ENABLED = true;
+      };
       service = {
         DISABLE_REGISTRATION = true;
       };
@@ -406,7 +409,6 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
   services.plausible = {
     # TODO: enable
     enable = false;
-    releaseCookiePath = config.sops.secrets.plausible-erlang-cookie.path;
     database = {
       clickhouse.setup = true;
       postgres = {
@@ -433,21 +435,15 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
     ensureUsers = [
       {
         name = "daniel";
-        ensurePermissions = {
+        ensureDBOwnership = true;
-          "DATABASE daniel" = "ALL PRIVILEGES";
-        };
       }
       {
         name = "plausible";
-        ensurePermissions = {
+        ensureDBOwnership = true;
-          "DATABASE plausible" = "ALL PRIVILEGES";
-        };
       }
       {
         name = "nextcloud";
-        ensurePermissions = {
+        ensureDBOwnership = true;
-          "DATABASE nextcloud" = "ALL PRIVILEGES";
-        };
       }
     ];
     dataDir = "/storage/postgres";

nixos/foxtrot/default.nix

@@ -24,13 +24,32 @@
       inputs.hardware.nixosModules.framework-13-7040-amd
     ];
 
-  # TODO: hibernation? does sleep suffice?
+  swapDevices = [
+    # TODO: move this to disko?
+    # sudo btrfs subvolume create /swap
+    # sudo btrfs filesystem mkswapfile --size 32g --uuid clear /swap/swapfile
+    # sudo swapon /swap/swapfile
+    {device = "/swap/swapfile";}
+  ];
+
+  # findmnt -no UUID -T /swap/swapfile
+  boot.resumeDevice = "/dev/disk/by-uuid/3076912c-ac61-4067-b6b2-361f68b2d038";
+
+  services.logind = {
+    lidSwitch = "suspend-then-hibernate";
+    extraConfig = ''
+      HandlePowerKey=suspend-then-hibernate
+      IdleAction=suspend-then-hibernate
+      IdleActionSec=10m
+    '';
+  };
+  systemd.sleep.extraConfig = "HibernateDelaySec=30m";
 
   services.fwupd.enable = true;
   services.fwupd.extraRemotes = ["lvfs-testing"];
 
   hardware.opengl.extraPackages = [
-    pkgs.rocmPackages.clr.icd
+    # pkgs.rocmPackages.clr.icd
     pkgs.amdvlk
     # encoding/decoding acceleration
     pkgs.libvdpau-va-gl
@@ -44,11 +63,16 @@
       efi.canTouchEfiVariables = true;
       systemd-boot.enable = true;
     };
-    kernelPackages = pkgs.linuxPackages_6_5;
+    kernelPackages = pkgs.linuxPackages_latest;
+    # sudo filefrag -v /swap/swapfile | awk '$1=="0:" {print substr($4, 1, length($4)-2)}'
+    # the above won't work for btrfs, instead you need
+    # btrfs inspect-internal map-swapfile -r /swap/swapfile
+    # https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file
     # many of these come from https://wiki.archlinux.org/title/Framework_Laptop_13#Suspend
     kernelParams = [
-      "amdgpu.sg_display=0"
+      # "amdgpu.sg_display=0"
       "acpi_osi=\"!Windows 2020\""
+      "resume_offset=39331072"
       # "nvme.noacpi=1" # maybe causing crashes upon waking?
       # "rtc_cmos.use_acpi_alarm=1" # maybe causing excessive battery drain while sleeping -- perhaps due to waking?
     ];

nixos/thinker/default.nix

@@ -25,7 +25,7 @@
     extraConfig = ''
       HandlePowerKey=suspend-then-hibernate
       IdleAction=suspend-then-hibernate
-      IdleActionSec=1m
+      IdleActionSec=10m
     '';
   };
   systemd.sleep.extraConfig = "HibernateDelaySec=30m";

readme.md

@@ -13,14 +13,22 @@ here is useful inspiration.
 $ nixos-rebuild switch --flake git+https://git.lyte.dev/lytedev/nix#${FLAKE_ATTR}
 ```
 
-You don't have even have to clone this crap yourself. How cool is that!
+You don't have even have to clone this crap yourself. How cool is that! But if you do, it looks like this:
 
-But if you're gonna change stuff you had better setup the pre-commit hook:
+```shell_session
+$ nixos-rebuild switch --flake ./repo/dir/for/nix#${FLAKE_ATTR}
+```
+
+## Setup
+
+If you're gonna change stuff you had better setup the pre-commit hook:
 
 ```shell_session
 $ ln -s $PWD/pre-commit.bash .git/hooks/pre-commit
 ```
 
+## Secrets
+
 If you're deploying anything secrets-related, you will need the proper keys:
 
 ```shell_session
@@ -31,99 +39,23 @@ $ pass age-key >> ${XDG_CONFIG_HOME:-~/.config}/sops/age/keys.txt
 ## NixOS
 
 ```shell_session
-$ nixos-rebuild switch --flake .
+$ nixos-rebuild switch --flake 
 ```
 
 ## Not NixOS
 
+**NOTE**: I pretty much solely use Home Manager as a NixOS module presently, so this is not fully supported.
+
 ```shell_session
 $ curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
 $ nix profile install github:nix-community/home-manager
-$ home-manager switch --flake git+https://git.lyte.dev/lytedev/nix
+$ FLAKE_ATTR=base-x86_64-linux
+$ home-manager switch --flake git+https://git.lyte.dev/lytedev/nix#$FLAKE_ATTR
 ```
 
-# Advanced Usage
+# Internal/Advanced Usage
 
-## Push NixOS Config
+See [lib/internal.md](./lib/internal.md).
-
-```bash
-host=your_host
-nix run nixpkgs#nixos-rebuild -- --flake ".#$host" \
-  --target-host "root@$host" --build-host "root@$host" \
-  switch --show-trace
-```
-
-### Safer Method
-
-```bash
-# initialize a delayed reboot by a process you can kill later if things look good
-# note that the amount of time you give it probably needs to be enough time to both complete the upgrade
-# _and_ perform whatever testing you need
-host=your_host
-ssh -t "root@$host" "bash -c '
-  set -m
-  (sleep 300; reboot;) &
-  jobs -p
-  bg
-  disown
-'"
-
-# build the system and start running it, but do NOT set the machine up to boot to that system yet
-# we will test things and make sure it works first
-# if it fails, the reboot we started previously will automatically kick in once the timeout is reached
-# and the machine will boot to the now-previous iteration
-nix run nixpkgs#nixos-rebuild -- --flake ".#$host" \
-  --target-host "root@$host" --build-host "root@$host" \
-  test --show-trace
-
-# however you like, verify the system is running as expected
-# if it is, run the same command with "switch" instead of "test"
-# otherwise, we will wait until the machine reboots back into the 
-# this is crude, but should be pretty foolproof
-# the main gotcha is that the system is already unbootable or non-workable, but
-# if you always use this method, that should be an impossible state to get into
-
-# if we still have ssh access and the machine fails testing, just rollback
-# instead of waiting for the reboot
-ssh "root@$host" nixos-rebuild --rollback switch
-```
-
-## Provisioning New NixOS Hosts
-
-```bash
-# establish network access
-# plug in ethernet or do the wpa_cli song and dance for wifi
-wpa_cli scan
-wpa_cli scan_results
-wpa_cli add_network 0
-wpa_cli set_network 0 ssid "MY_SSID"
-wpa_cli set_network 0 psk "MY_WIFI_PASSWORD"
-wpa_cli enable_network 0
-wpa_cli save_config
-
-# disk encryption key (if needed)
-echo -n "password" > /tmp/secret.key
-
-# partition disks
-nix-shell --packages git --run "sudo nix run \
-  --extra-experimental-features nix-command \
-  --extra-experimental-features flakes \
-  github:nix-community/disko -- \
-    --flake 'git+https://git.lyte.dev/lytedev/nix#${PARTITION_SCHEME}' \
-    --mode disko \
-    --arg disks '[ \"/dev/${DISK}\" ]'"
-
-# install
-nix-shell --packages git \
-  --run "sudo nixos-install \
-    --flake 'git+https://git.lyte.dev/lytedev/nix#${FLAKE_ATTR}' \
-    --option trusted-substituters 'https://cache.nixos.org https://nix.h.lyte.dev' \
-    --option trusted-public-keys 'cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= h.lyte.dev:HeVWtne31ZG8iMf+c15VY3/Mky/4ufXlfTpT8+4Xbs0='"
-```
-
-# Internal Usage
-
-Just for me, see [[lib/internal.md]]
 
 # To Do
 
@@ -135,7 +67,6 @@ Just for me, see [[lib/internal.md]]
 - grafana and stuff for monitoring
 - alerts?
 - Fonts installed by home manager instead of nixos module
-- Zellij config?
 - Broot config?
 
 ## Long Term