diff --git a/containers/amethyst/flake.nix b/containers/amethyst/flake.nix index 4865e29..739c3e5 100644 --- a/containers/amethyst/flake.nix +++ b/containers/amethyst/flake.nix @@ -9,6 +9,7 @@ nixosModule = { ... }: let name = "amethyst"; + fqdn = "amethyst.lava.moe"; subnet = "1"; in { networking.nat = { @@ -17,10 +18,11 @@ internalInterfaces = [ "ve-${name}" ]; }; - services.nginx.virtualHosts."${name}.local.lava.moe" = { + services.nginx.virtualHosts."${fqdn}" = { useACMEHost = "lava.moe"; forceSSL = true; - locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:9091"; + #locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:9091"; + locations."/".proxyPass = "http://10.30.${subnet}.2:9091"; listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; }; diff --git a/containers/beryllium/configuration.nix b/containers/beryllium/configuration.nix index 07740d2..6629a31 100644 --- a/containers/beryllium/configuration.nix +++ b/containers/beryllium/configuration.nix @@ -9,14 +9,15 @@ networking.firewall.allowedUDPPorts = [ 6167 ]; # TODO: this should be generically set networking.useHostResolvConf = false; - networking.nameservers = [ "fd0d:1::2:1" ]; + networking.nameservers = [ "8.8.8.8" ]; services.matrix-continuwuity = { enable = true; settings.global = { # TODO: link this with outer container's address - address = [ "fd0d:1::2:2" ]; + address = [ "10.30.2.2" ]; server_name = "lava.moe"; + rocksdb_recovery_mode = 2; }; }; } diff --git a/containers/beryllium/flake.nix b/containers/beryllium/flake.nix index adab4f0..5805401 100644 --- a/containers/beryllium/flake.nix +++ b/containers/beryllium/flake.nix @@ -9,6 +9,7 @@ nixosModule = { ... }: let name = "beryllium"; + fqdn = "beryllium.lava.moe"; subnet = "2"; in { networking.nat = { @@ -17,19 +18,19 @@ internalInterfaces = [ "ve-${name}" ]; }; - services.nginx.virtualHosts."${name}.lava.moe" = { + services.nginx.virtualHosts."${fqdn}" = { useACMEHost = "lava.moe"; forceSSL = true; locations."/".extraConfig = "return 302 'https://lava.moe';"; - locations."/_matrix".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; - locations."/_conduwuit".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; - locations."/_continuwuity".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; + locations."/_matrix".proxyPass = "http://10.30.${subnet}.2:6167"; + locations."/_conduwuit".proxyPass = "http://10.30.${subnet}.2:6167"; + locations."/_continuwuity".proxyPass = "http://10.30.${subnet}.2:6167"; }; services.nginx.virtualHosts."lava.moe" = { locations."= /.well-known/matrix/server".extraConfig = let - server = { "m.server" = "beryllium.lava.moe:443"; }; + server = { "m.server" = "${fqdn}:443"; }; in '' add_header Content-Type application/json; return 200 '${builtins.toJSON server}'; @@ -37,7 +38,7 @@ locations."= /.well-known/matrix/client".extraConfig = let client = { - "m.homeserver" = { "base_url" = "https://beryllium.lava.moe"; }; + "m.homeserver" = { "base_url" = "https://${fqdn}"; }; # "m.identity_server" = { "base_url" = "https://vector.im"; }; }; in '' @@ -53,9 +54,6 @@ privateNetwork = true; hostAddress = "10.30.${subnet}.1"; localAddress = "10.30.${subnet}.2"; - hostAddress6 = "fd0d:1::${subnet}:1"; - localAddress6 = "fd0d:1::${subnet}:2"; - # privateUsers = "pick"; nixpkgs = nixpkgs; ephemeral = true; config = { imports = [ ./configuration.nix ]; }; @@ -65,7 +63,6 @@ mountPoint = "/persist"; isReadOnly = false; }; - # flake = "path:" + ./.; }; }; }; diff --git a/containers/citrine/configuration.nix b/containers/citrine/configuration.nix index 05a099a..0f4242a 100644 --- a/containers/citrine/configuration.nix +++ b/containers/citrine/configuration.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: { +{ config, fqdn, lib, ... }: { system.stateVersion = "25.11"; networking.firewall.allowedTCPPorts = [ 22 3000 ]; networking.firewall.allowedUDPPorts = [ 22 3000 ]; @@ -11,10 +11,10 @@ enable = true; lfs.enable = true; settings = { - DEFAULT.APP_NAME = "Garden"; + DEFAULT.APP_NAME = "cilly's botanical laboratory"; server = { - DOMAIN = "garden.lava.moe"; - ROOT_URL = "https://garden.lava.moe/"; + DOMAIN = fqdn; + ROOT_URL = "https://${fqdn}/"; HTTP_PORT = 3000; START_SSH_SERVER = true; BUILTIN_SSH_SERVER_USER = "git"; @@ -34,6 +34,8 @@ }; api.ENABLE_SWAGGER = false; other.SHOW_FOOTER_TEMPLATE_LOAD_TIME = false; + repository.ENABLE_PUSH_CREATE_USER = true; + repository.ENABLE_PUSH_CREATE_ORG = true; service.DISABLE_REGISTRATION = true; }; stateDir = "/persist/forgejo"; diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix index 17eef3e..c2a81b7 100644 --- a/containers/citrine/flake.nix +++ b/containers/citrine/flake.nix @@ -6,6 +6,7 @@ outputs = { nixpkgs, catppuccin, ... }: let name = "citrine"; + fqdn = "lab.lava.moe"; subnetId = "3"; subnet = x: "fd0d:1::${subnetId}:${toString x}"; @@ -35,7 +36,7 @@ internalInterfaces = [ "ve-${name}" ]; }; - services.nginx.virtualHosts."garden.lava.moe" = { + services.nginx.virtualHosts."${fqdn}" = { useACMEHost = "lava.moe"; forceSSL = true; locations."/".proxyPass = "http://[${client}]:3000"; @@ -53,6 +54,7 @@ nixpkgs = nixpkgs; ephemeral = true; config = { imports = modules; }; + specialArgs = { inherit fqdn; }; bindMounts."persist" = { hostPath = "/persist/containers/${name}"; diff --git a/containers/diamond/configuration.nix b/containers/diamond/configuration.nix new file mode 100644 index 0000000..01b4311 --- /dev/null +++ b/containers/diamond/configuration.nix @@ -0,0 +1,22 @@ +{ fqdn, ... }: { + system.stateVersion = "25.11"; + systemd.tmpfiles.rules = [ + "d /persist/vaultwarden 755 vaultwarden vaultwarden" + ]; + fileSystems."/var/lib/vaultwarden" = { + device = "/persist/vaultwarden"; + fsType = "none"; + options = [ "bind" ]; + }; + networking.firewall.allowedTCPPorts = [ 8000 ]; + networking.firewall.allowedUDPPorts = [ 8000 ]; + + services.vaultwarden = { + enable = true; + domain = fqdn; + config = { + DOMAIN = "https://${fqdn}"; + ROCKET_ADDRESS = "::"; + }; + }; +} diff --git a/containers/diamond/flake.lock b/containers/diamond/flake.lock new file mode 100644 index 0000000..88ab73f --- /dev/null +++ b/containers/diamond/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/containers/diamond/flake.nix b/containers/diamond/flake.nix new file mode 100644 index 0000000..71ab4fd --- /dev/null +++ b/containers/diamond/flake.nix @@ -0,0 +1,51 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + outputs = { nixpkgs, ... }: + let + name = "diamond"; + fqdn = "astransia.lava.moe"; + subnetId = "4"; + + subnet = x: "fd0d:1::${subnetId}:${toString x}"; + host = subnet 1; + client = subnet 2; + + modules = [ + ./configuration.nix + ]; + in { + nixosConfigurations.container = nixpkgs.lib.nixosSystem { + inherit modules; + }; + nixosModule = { ... }: { + services.nginx.virtualHosts."${fqdn}" = { + useACMEHost = "lava.moe"; + forceSSL = true; + locations."/".proxyPass = "http://[${client}]:8000"; + listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ]; + }; + + systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; + containers.${name} = { + autoStart = true; + privateNetwork = true; + hostAddress6 = host; + localAddress6 = client; + # privateUsers = "pick"; + nixpkgs = nixpkgs; + ephemeral = true; + config = { imports = modules; }; + specialArgs = { inherit fqdn; }; + + bindMounts."persist" = { + hostPath = "/persist/containers/${name}"; + mountPoint = "/persist"; + isReadOnly = false; + }; + # flake = "path:" + ./.; + }; + }; + }; +} diff --git a/containers/emerald/configuration.nix b/containers/emerald/configuration.nix new file mode 100644 index 0000000..421ddb0 --- /dev/null +++ b/containers/emerald/configuration.nix @@ -0,0 +1,23 @@ +{ fqdn, shareFqdn, ... }: { + system.stateVersion = "25.11"; + systemd.tmpfiles.rules = [ + "d /persist/navidrome 755 navidrome navidrome" + ]; + networking.firewall.allowedTCPPorts = [ 4533 ]; + networking.firewall.allowedUDPPorts = [ 4533 ]; + + services.navidrome = { + enable = true; + environmentFile = "/binds/navidrome_env"; + settings = { + Port = 4533; + Address = "[::]"; + BaseUrl = "https://${fqdn}/"; + ShareURL = "https://${shareFqdn}"; + EnableSharing = true; + DataFolder = "/persist/navidrome"; + MusicFolder = "/binds/music/main"; + }; + }; + systemd.services.navidrome.serviceConfig.BindReadOnlyPaths = ["/binds/music"]; +} diff --git a/containers/emerald/flake.lock b/containers/emerald/flake.lock new file mode 100644 index 0000000..88ab73f --- /dev/null +++ b/containers/emerald/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix new file mode 100644 index 0000000..5ee69e4 --- /dev/null +++ b/containers/emerald/flake.nix @@ -0,0 +1,78 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + outputs = { nixpkgs, ... }: + let + name = "emerald"; + fqdn = "navia.lava.moe"; + shareFqdn = "muse.lava.moe"; + subnetId = "5"; + + subnet = x: "fd0d:2::${subnetId}:${toString x}"; + host = subnet 1; + client = subnet 2; + + subnet4 = x: "10.32.${subnetId}.${toString x}"; + host4 = subnet4 1; + client4 = subnet4 2; + + modules = [ + ./configuration.nix + { + networking.useHostResolvConf = false; + networking.nameservers = [ host ]; + } + ]; + in { + nixosConfigurations.container = nixpkgs.lib.nixosSystem { + inherit modules; + }; + nixosModule = { config, ... }: { + networking.nat = { + enable = true; + enableIPv6 = true; + internalInterfaces = [ "ve-${name}" ]; + }; + + services.nginx.virtualHosts."${fqdn}" = { + useACMEHost = "lava.moe"; + forceSSL = true; + locations."/".proxyPass = "http://[${client}]:4533"; + listenAddresses = [ "100.67.2.1" ]; + }; + + systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; + containers.${name} = { + autoStart = true; + privateNetwork = true; + hostAddress = host4; + localAddress = client4; + hostAddress6 = host; + localAddress6 = client; + # privateUsers = "pick"; + nixpkgs = nixpkgs; + ephemeral = true; + config = { imports = modules; }; + specialArgs = { inherit fqdn shareFqdn; }; + + bindMounts."persist" = { + hostPath = "/persist/containers/${name}"; + mountPoint = "/persist"; + isReadOnly = false; + }; + bindMounts."music" = { + hostPath = "/flower/media/music"; + mountPoint = "/binds/music"; + isReadOnly = true; + }; + bindMounts."navidrome_env" = { + hostPath = config.age.secrets.navidrome_env.path; + mountPoint = "/binds/navidrome_env"; + isReadOnly = true; + }; + # flake = "path:" + ./.; + }; + }; + }; +} diff --git a/containers/fluorite/configuration.nix b/containers/fluorite/configuration.nix new file mode 100644 index 0000000..9fcb5f5 --- /dev/null +++ b/containers/fluorite/configuration.nix @@ -0,0 +1,22 @@ +{ ... }: { + system.stateVersion = "25.11"; + systemd.tmpfiles.rules = [ + "d /persist/slskd/Downloads 755 slskd slskd" + ]; + fileSystems."/var/lib/slskd" = { + device = "/persist/slskd"; + fsType = "none"; + options = [ "bind" ]; + }; + networking.firewall.allowedTCPPorts = [ 5030 50300 ]; + networking.firewall.allowedUDPPorts = [ 5030 50300 ]; + + services.slskd = { + enable = true; + domain = null; + environmentFile = "/binds/slskd_env"; + settings = { + shares.directories = [ "/binds/music/" ]; + }; + }; +} diff --git a/containers/fluorite/flake.lock b/containers/fluorite/flake.lock new file mode 100644 index 0000000..88ab73f --- /dev/null +++ b/containers/fluorite/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/containers/fluorite/flake.nix b/containers/fluorite/flake.nix new file mode 100644 index 0000000..33fcdb1 --- /dev/null +++ b/containers/fluorite/flake.nix @@ -0,0 +1,89 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + outputs = { nixpkgs, ... }: + let + name = "fluorite"; + fqdn = "fluorite.lava.moe"; + subnetId = "6"; + + subnet = x: "fd0d:1::${subnetId}:${toString x}"; + host = subnet 1; + client = subnet 2; + + subnet4 = x: "10.30.${subnetId}.${toString x}"; + host4 = subnet4 1; + client4 = subnet4 2; + + modules = [ + ./configuration.nix + { + networking.useHostResolvConf = false; + networking.nameservers = [ host ]; + } + ]; + in { + nixosConfigurations.container = nixpkgs.lib.nixosSystem { + inherit modules; + }; + nixosModule = { config, ... }: { + networking.nat = { + enable = true; + enableIPv6 = true; + internalInterfaces = [ "ve-${name}" ]; + }; + networking.firewall.allowedTCPPorts = [ 50300 ]; + + services.nginx.virtualHosts."${fqdn}" = { + useACMEHost = "lava.moe"; + forceSSL = true; + locations."/".proxyPass = "http://[${client}]:5030"; + listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ]; + }; + + systemd.tmpfiles.rules = [ + "d /persist/containers/${name} 755 root users" + "d /persist/media/music 075 nobody users" + ]; + containers.${name} = { + autoStart = true; + privateNetwork = true; + hostAddress = host4; + localAddress = client4; + hostAddress6 = host; + localAddress6 = client; + # privateUsers = "pick"; + nixpkgs = nixpkgs; + ephemeral = true; + config = { imports = modules; }; + specialArgs = { inherit fqdn; }; + + forwardPorts = [ + { + containerPort = 50300; + hostPort = 50300; + protocol = "tcp"; + } + ]; + + bindMounts."persist" = { + hostPath = "/persist/containers/${name}"; + mountPoint = "/persist"; + isReadOnly = false; + }; + bindMounts."music" = { + hostPath = "/persist/media/music"; + mountPoint = "/binds/music"; + isReadOnly = true; + }; + bindMounts."slskd_env" = { + hostPath = config.age.secrets.slskd_env.path; + mountPoint = "/binds/slskd_env"; + isReadOnly = true; + }; + # flake = "path:" + ./.; + }; + }; + }; +} diff --git a/containers/garnet/configuration.nix b/containers/garnet/configuration.nix new file mode 100644 index 0000000..21400c5 --- /dev/null +++ b/containers/garnet/configuration.nix @@ -0,0 +1,36 @@ +{ ... }: { + system.stateVersion = "25.11"; + fileSystems."/var/lib/opencloud" = { + device = "/flower/data"; + fsType = "none"; + options = [ "bind" ]; + }; + fileSystems."/etc/opencloud" = { + device = "/persist/cfg"; + fsType = "none"; + options = [ "bind" ]; + }; + # TODO: hardcoded address + networking.extraHosts = '' + 100.67.2.1 cloud.lava.moe + ''; + + networking.firewall.allowedTCPPorts = [ 9200 ]; + networking.firewall.allowedUDPPorts = [ 9200 ]; + + environment.etc."opencloud-admin-pass".text = '' + IDM_ADMIN_PASSWORD=supersillysecure + ''; + services.opencloud = { + enable = true; + url = "https://cloud.lava.moe"; + address = "10.30.7.2"; + port = 9200; + environment = { + PROXY_TLS = "false"; + IDP_ACCESS_TOKEN_EXPIRATION = "2592000"; + IDP_ID_TOKEN_EXPIRATION = "2592000"; + }; + environmentFile = "/etc/opencloud-admin-pass"; + }; +} diff --git a/containers/garnet/flake.lock b/containers/garnet/flake.lock new file mode 100644 index 0000000..4070242 --- /dev/null +++ b/containers/garnet/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1779560665, + "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/containers/garnet/flake.nix b/containers/garnet/flake.nix new file mode 100644 index 0000000..df835a4 --- /dev/null +++ b/containers/garnet/flake.nix @@ -0,0 +1,84 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + outputs = { nixpkgs, ... }: + let + name = "garnet"; + fqdn = "cloud.lava.moe"; + subnetId = "7"; + + subnet = x: "fd0d:1::${subnetId}:${toString x}"; + host = subnet 1; + client = subnet 2; + + subnet4 = x: "10.30.${subnetId}.${toString x}"; + host4 = subnet4 1; + client4 = subnet4 2; + + modules = [ + ./configuration.nix + { + networking.useHostResolvConf = false; + networking.nameservers = [ host ]; + } + ]; + in { + nixosConfigurations.container = nixpkgs.lib.nixosSystem { + inherit modules; + }; + nixosModule = { config, ... }: { + networking.nat = { + enable = true; + enableIPv6 = true; + internalInterfaces = [ "ve-${name}" ]; + }; + + services.nginx.virtualHosts."${fqdn}" = { + useACMEHost = "lava.moe"; + forceSSL = true; + locations."/" = { + proxyPass = "http://${client4}:9200"; + proxyWebsockets = true; + }; + extraConfig = '' + proxy_read_timeout 3600s; + proxy_send_timeout 3600s; + keepalive_requests 100000; + keepalive_timeout 5m; + http2_max_concurrent_streams 512; + ''; + # TODO: hardcoded address + listenAddresses = [ "100.67.2.1" ]; + }; + + systemd.tmpfiles.rules = [ + "d /persist/containers/${name} 755 root users" + ]; + containers.${name} = { + autoStart = true; + privateNetwork = true; + hostAddress = host4; + localAddress = client4; + hostAddress6 = host; + localAddress6 = client; + # privateUsers = "pick"; + nixpkgs = nixpkgs; + ephemeral = true; + config = { imports = modules; }; + specialArgs = { inherit fqdn; }; + + bindMounts."persist" = { + hostPath = "/persist/containers/${name}"; + mountPoint = "/persist"; + isReadOnly = false; + }; + bindMounts."content" = { + hostPath = "/flower/opencloud"; + mountPoint = "/flower"; + isReadOnly = false; + }; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index 1484f08..2578a7e 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1770327417, - "narHash": "sha256-WNS+wDUeqfegOXf5emDRnNs2bPiJ7rhdARo4jyd3+Yw=", + "lastModified": 1779903856, + "narHash": "sha256-uRShMtD6xW3ZKZbCQ6sDzKWEnbBXUg3IGfOARYogKhg=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "26670347cca9feddb31e075d23b474149d8902e1", + "rev": "50671fc7f29d686f63ef34b603320d44ad7f2d29", "type": "github" }, "original": { @@ -45,7 +45,7 @@ }, "c-amethyst": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_2" }, "locked": { "path": "./containers/amethyst", @@ -59,7 +59,7 @@ }, "c-beryllium": { "inputs": { - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_3" }, "locked": { "path": "./containers/beryllium", @@ -74,7 +74,7 @@ "c-citrine": { "inputs": { "catppuccin": "catppuccin", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_5" }, "locked": { "path": "./containers/citrine", @@ -86,9 +86,65 @@ }, "parent": [] }, + "c-diamond": { + "inputs": { + "nixpkgs": "nixpkgs_6" + }, + "locked": { + "path": "./containers/diamond", + "type": "path" + }, + "original": { + "path": "./containers/diamond", + "type": "path" + }, + "parent": [] + }, + "c-emerald": { + "inputs": { + "nixpkgs": "nixpkgs_7" + }, + "locked": { + "path": "./containers/emerald", + "type": "path" + }, + "original": { + "path": "./containers/emerald", + "type": "path" + }, + "parent": [] + }, + "c-fluorite": { + "inputs": { + "nixpkgs": "nixpkgs_8" + }, + "locked": { + "path": "./containers/fluorite", + "type": "path" + }, + "original": { + "path": "./containers/fluorite", + "type": "path" + }, + "parent": [] + }, + "c-garnet": { + "inputs": { + "nixpkgs": "nixpkgs_9" + }, + "locked": { + "path": "./containers/garnet", + "type": "path" + }, + "original": { + "path": "./containers/garnet", + "type": "path" + }, + "parent": [] + }, "catppuccin": { "inputs": { - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1773403535, @@ -107,11 +163,11 @@ "catppuccin-palette": { "flake": false, "locked": { - "lastModified": 1742245182, - "narHash": "sha256-R52Q1FVAclvBk7xNgj/Jl+GPCIbORNf6YbJ1nxH3Gzs=", + "lastModified": 1774131488, + "narHash": "sha256-hsy+GhuM4MSjnwGq1YJSLBFIbVm67SSdPRgObP00mxw=", "owner": "catppuccin", "repo": "palette", - "rev": "0df7db6fe201b437d91e7288fa22807bb0e44701", + "rev": "07d02aa110ef9eb7e7427afca5c73ba9cf7f8ebd", "type": "github" }, "original": { @@ -216,11 +272,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1761588595, - "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", "owner": "edolstra", "repo": "flake-compat", - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", "type": "github" }, "original": { @@ -229,6 +285,22 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "NixOS", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -237,11 +309,11 @@ ] }, "locked": { - "lastModified": 1769996383, - "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "lastModified": 1778716662, + "narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb", "type": "github" }, "original": { @@ -255,11 +327,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1769996383, - "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "lastModified": 1778716662, + "narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb", "type": "github" }, "original": { @@ -322,6 +394,51 @@ "type": "github" } }, + "git-hooks": { + "inputs": { + "flake-compat": "flake-compat_2", + "gitignore": "gitignore", + "nixpkgs": [ + "nix-gaming", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1778507602, + "narHash": "sha256-kTwur1wV+01SdqskVMSo6JMEpg71ps3HpbFY2GsflKs=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "61ab0e80d9c7ab14c256b5b453d8b3fb0189ba0a", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "nix-gaming", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -393,11 +510,11 @@ ] }, "locked": { - "lastModified": 1770818644, - "narHash": "sha256-DYS4jIRpRoKOzJjnR/QqEd/MlT4OZZpt8CrBLv+cjsE=", + "lastModified": 1779969295, + "narHash": "sha256-HwIJ3tOcwSMiV75L7KqJXciXR9UfT+d7rwOZMX7cTnA=", "owner": "nix-community", "repo": "home-manager", - "rev": "0acbd1180697de56724821184ad2c3e6e7202cd7", + "rev": "61e2c9659324181e0f0ed911958c536333b1d4f6", "type": "github" }, "original": { @@ -437,11 +554,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1770607339, - "narHash": "sha256-/j7IEdwbaaN4SGKAl5gE3vRdKIdIw8f7RNMrM9Lc28M=", + "lastModified": 1779857514, + "narHash": "sha256-dCrVB3cFvv1d/9wuEejYN131b1phyf6SDy1bcEvtWGo=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "9498fb9bc0c3323d1c291667d8cb16cb2a37bcee", + "rev": "c9196dea7ee464f7792f94cd39c32431ad9e25ab", "type": "github" }, "original": { @@ -459,11 +576,11 @@ ] }, "locked": { - "lastModified": 1770857573, - "narHash": "sha256-pSeFA1qRAdivDrrKoybJ1DOcbkXx2v/ExIc6n0DbT4U=", + "lastModified": 1780013080, + "narHash": "sha256-m984DKbcIeNNuLYFjN3780rPEd55Xe9/cB4BNKkIDvg=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "31e79c73c444b2e51eb34f2305792809839c58e8", + "rev": "c6cc238427db8f61b786a66d7e02cf7724b30226", "type": "github" }, "original": { @@ -475,11 +592,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1770810897, - "narHash": "sha256-6F/Z/UQxalaSoqewSQ4fL8zSws3Vy4wgA5DgyTaeqTo=", + "lastModified": 1779979065, + "narHash": "sha256-3uF/oP2D4Jka3DU2G8qqml75UOzPRrK+FIp+jghOq0s=", "owner": "neovim", "repo": "neovim", - "rev": "6b4ec2264e1d8ba027b85f3883d532c5068be92a", + "rev": "5d85669a33e10f1f156b086562458cbbc8054438", "type": "github" }, "original": { @@ -491,14 +608,15 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_7" + "git-hooks": "git-hooks", + "nixpkgs": "nixpkgs_10" }, "locked": { - "lastModified": 1770778188, - "narHash": "sha256-KZHPn3L6veRgRwOyfhaeM5ZTJfpkoY9EICIzUcQn4w8=", + "lastModified": 1779768228, + "narHash": "sha256-/dRavNAx/Mp67xcQQ3JBIMyf0cLoXqKedafB1+wksAE=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "59e3b8189047bc591635645d2c682020c13eeac5", + "rev": "6e7a8414c0f547a86646eb0b56ebf89e7cc217a2", "type": "github" }, "original": { @@ -514,11 +632,11 @@ ] }, "locked": { - "lastModified": 1773552174, - "narHash": "sha256-mHSRNrT1rjeYBgkAlj07dW3+1nFEgAd8Gu6lgyfT9DU=", + "lastModified": 1779604987, + "narHash": "sha256-ZQ5z+fVhxYKtIFwtqGp5O0PD84BM1riASvqDaN5Xs+s=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "8faeb68130df077450451b6734a221ba0d6cde42", + "rev": "8fba98c80b48fa013820e0163c5096922fea4ddd", "type": "github" }, "original": { @@ -529,11 +647,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1764242076, - "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", + "lastModified": 1777268161, + "narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", + "rev": "1c3fe55ad329cbcb28471bb30f05c9827f724c76", "type": "github" }, "original": { @@ -545,11 +663,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1769909678, - "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", + "lastModified": 1777168982, + "narHash": "sha256-GOkGPcboWE9BmGCRMLX3worL4EMnsnG8MyKmXNeYuhQ=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "72716169fe93074c333e8d0173151350670b824c", + "rev": "f5901329dade4a6ea039af1433fb087bd9c1fe14", "type": "github" }, "original": { @@ -574,13 +692,13 @@ "type": "github" } }, - "nixpkgs_2": { + "nixpkgs_10": { "locked": { - "lastModified": 1744536153, - "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=", + "lastModified": 1779536132, + "narHash": "sha256-q+fF42iv/geEbHfgSzy3tS0FF/EyD6XTZ98E6yxiBO8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "18dd725c29603f582cf1900e0d25f9f1063dbf11", + "rev": "3d8f0f3f72a6cd4d93d0ad13203f2ea1cb7e1456", "type": "github" }, "original": { @@ -590,6 +708,54 @@ "type": "github" } }, + "nixpkgs_11": { + "locked": { + "lastModified": 1779560665, + "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_12": { + "locked": { + "lastModified": 1770019141, + "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "cb369ef2efd432b3cdf8622b0ffc0a97a02f3137", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_3": { "locked": { "lastModified": 1773282481, @@ -608,11 +774,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1773282481, - "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "lastModified": 1773122722, + "narHash": "sha256-FIqHByVqxCprNjor1NqF80F2QQoiiyqanNNefdlvOg4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "rev": "62dc67aa6a52b4364dd75994ec00b51fbf474e50", "type": "github" }, "original": { @@ -624,11 +790,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1773122722, - "narHash": "sha256-FIqHByVqxCprNjor1NqF80F2QQoiiyqanNNefdlvOg4=", + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "62dc67aa6a52b4364dd75994ec00b51fbf474e50", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", "type": "github" }, "original": { @@ -656,27 +822,27 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1770537093, - "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fef9403a3e4d31b0a23f0bacebbec52c248fbb51", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_8": { "locked": { - "lastModified": 1770562336, - "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", "type": "github" }, "original": { @@ -688,11 +854,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1770019141, - "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", + "lastModified": 1779560665, + "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cb369ef2efd432b3cdf8622b0ffc0a97a02f3137", + "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786", "type": "github" }, "original": { @@ -728,11 +894,11 @@ "nvim-treesitter": { "flake": false, "locked": { - "lastModified": 1770808440, - "narHash": "sha256-paM9v2DKiHEwN0fTXuX9eY0KwVsB+9Bv6mOX9u/eyAI=", + "lastModified": 1775221900, + "narHash": "sha256-PQR6tFt4lCrAZNQG7BLMD1IiCKja9wDS1S4laGJf/HE=", "owner": "nvim-treesitter", "repo": "nvim-treesitter", - "rev": "9f2dad22ef8bb14fd1e0a3aa8859cdc88170668b", + "rev": "4916d6592ede8c07973490d9322f187e07dfefac", "type": "github" }, "original": { @@ -744,15 +910,15 @@ "pastel": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_12", "pnpm2nix": "pnpm2nix" }, "locked": { - "lastModified": 1772103435, - "narHash": "sha256-dtsWJl+DBigaZlszH4UVI8JZltJl9O6MESDyH4RepNI=", + "lastModified": 1775622883, + "narHash": "sha256-2+7uCRXn+tn4LVaO7hLKPaezdKPW6HGvTr00aO4Tcxs=", "owner": "cillynder", "repo": "pastel", - "rev": "8e2b1b80d711eaf41c010949bef0a512db9e4452", + "rev": "46f6569d5ad41ec1256dbf999d21701f73d6077b", "type": "github" }, "original": { @@ -787,11 +953,11 @@ "pure": { "flake": false, "locked": { - "lastModified": 1770811375, - "narHash": "sha256-Fhk4nlVPS09oh0coLsBnjrKncQGE6cUEynzDO2Skiq8=", + "lastModified": 1779255807, + "narHash": "sha256-UQ0hP3qJd4Qxiw1LXPdb9d0Dc4OSD3HJpgYzaCfujno=", "owner": "sindresorhus", "repo": "pure", - "rev": "dbefd0dcafaa3ac7d7222ca50890d9d0c97f7ca2", + "rev": "cc0759a0de620f191510e2e2f9748194a605b54d", "type": "github" }, "original": { @@ -807,6 +973,10 @@ "c-amethyst": "c-amethyst", "c-beryllium": "c-beryllium", "c-citrine": "c-citrine", + "c-diamond": "c-diamond", + "c-emerald": "c-emerald", + "c-fluorite": "c-fluorite", + "c-garnet": "c-garnet", "catppuccin": "catppuccin_2", "catppuccin-palette": "catppuccin-palette", "fast-syntax-highlighting": "fast-syntax-highlighting", @@ -815,7 +985,7 @@ "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", "nix-index-database": "nix-index-database", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_11", "nvim-treesitter": "nvim-treesitter", "pastel": "pastel", "pure": "pure", @@ -831,14 +1001,17 @@ }, "rust-overlay": { "inputs": { - "nixpkgs": "nixpkgs_2" + "nixpkgs": [ + "aagl", + "nixpkgs" + ] }, "locked": { - "lastModified": 1764470739, - "narHash": "sha256-sa9f81B1dWO16QtgDTWHX8DQbiHKzHndpaunY5EQtwE=", + "lastModified": 1777605393, + "narHash": "sha256-Hjp0VOOHgHcTrX23iVvnfAudPcuCmfkfpQNFwv2v/ks=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "3bfa664055e1a09c6aedab5533c5fc8d6ca5741a", + "rev": "ff88db34cfa486fc4964a6991cab1678d82eee8c", "type": "github" }, "original": { @@ -855,11 +1028,11 @@ "systems": "systems_5" }, "locked": { - "lastModified": 1770846656, - "narHash": "sha256-wdYpo8++TqKp3GdRgLFykjuIVW1m9GlUnxID2FG74cE=", + "lastModified": 1779824049, + "narHash": "sha256-dWHVUjP03KSVG1PaLKA6j9EdxWSxSQvipMUIcSyuA/U=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "40e65cfc4608402674e1efaac3fccce20d2a72d3", + "rev": "1362178e5f5f7a848c49fe9dee004ef8824f100a", "type": "github" }, "original": { @@ -871,11 +1044,11 @@ "spotify-adblock": { "flake": false, "locked": { - "lastModified": 1739206126, + "lastModified": 1773417310, "narHash": "sha256-nwiX2wCZBKRTNPhmrurWQWISQdxgomdNwcIKG2kSQsE=", "owner": "abba23", "repo": "spotify-adblock", - "rev": "8e0312d6085a6e4f9afeb7c2457517a75e8b8f9d", + "rev": "813d3451c53126bf1941baaf8dd37f1152c3f412", "type": "github" }, "original": { @@ -887,11 +1060,11 @@ "stevenblack-hosts": { "flake": false, "locked": { - "lastModified": 1770244988, - "narHash": "sha256-DT9HK9iYTmXUfjKcTxLRMZOeCLb9CAoFEpBiDpEku3g=", + "lastModified": 1779976382, + "narHash": "sha256-wt5NGa4K8/vda669UYUmTUt+BR9X5fPnuTZFfQdpLYo=", "owner": "StevenBlack", "repo": "hosts", - "rev": "7ea67ed353b27e1dbe36363074d1b6c3ca6be46b", + "rev": "d3e838712512490260f051150e3573eeebecfadb", "type": "github" }, "original": { @@ -1027,11 +1200,11 @@ "zsh-abbr": { "flake": false, "locked": { - "lastModified": 1770748719, - "narHash": "sha256-RvdMEk1bQ/mCbcTneg8mMJJh6j60km0/wchBBQQ+Ugo=", + "lastModified": 1773890443, + "narHash": "sha256-SVuwDeHIBg8yArKGzDEfsG3fz0UwABQoJkyKTQAPUiw=", "ref": "refs/heads/main", - "rev": "2de4a08c5e0d9dbe8447e11e0a177b59b5b6d6ea", - "revCount": 1137, + "rev": "889f4772c12b9dbe4965bbd56f2572af0a28fa3b", + "revCount": 1139, "submodules": true, "type": "git", "url": "https://github.com/olets/zsh-abbr" diff --git a/flake.nix b/flake.nix index f8866db..5cf3457 100644 --- a/flake.nix +++ b/flake.nix @@ -41,6 +41,10 @@ c-amethyst.url = "path:./containers/amethyst"; c-beryllium.url = "path:./containers/beryllium"; c-citrine.url = "path:./containers/citrine"; + c-diamond.url = "path:./containers/diamond"; + c-emerald.url = "path:./containers/emerald"; + c-fluorite.url = "path:./containers/fluorite"; + c-garnet.url = "path:./containers/garnet"; }; outputs = { self, agenix, catppuccin, nixpkgs, ... } @ inputs: @@ -77,6 +81,7 @@ }; in { + nixosConfigurations."alyssum" = mkSystem nixpkgs "alyssum" "x86_64-linux" []; nixosConfigurations."anemone" = mkSystem nixpkgs "anemone" "x86_64-linux" []; nixosConfigurations."dandelion" = mkSystem nixpkgs "dandelion" "aarch64-linux" []; nixosConfigurations."hyacinth" = mkSystem nixpkgs "hyacinth" "x86_64-linux" []; diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix new file mode 100644 index 0000000..06c415f --- /dev/null +++ b/hosts/alyssum/default.nix @@ -0,0 +1,45 @@ +{ inputs, lib, modules, modulesPath, ... }: { + networking.hostName = "alyssum"; + system.stateVersion = "25.11"; + time.timeZone = "Australia/Melbourne"; + + age.secrets = { + acme_dns.file = ../../secrets/acme_dns.age; + passwd.file = ../../secrets/passwd.age; + navidrome_env.file = ../../secrets/navidrome_env.age; + wpa_conf = { + file = ../../secrets/wpa_conf.age; + path = "/etc/wpa_supplicant/imperative.conf"; + symlink = false; + }; + }; + + imports = with modules.system; [ + (modulesPath + "/profiles/qemu-guest.nix") + home-manager + + base + kernel + nix-stable + packages + security + tailscale + + modules.services.nginx + modules.services.syncthing + + inputs.c-emerald.nixosModule + inputs.c-garnet.nixosModule + + ./filesystem.nix + ./kernel.nix + ./networking.nix + ./home.syncthing.nix + ./samba.nix + + ../../users/hana + ]; + + me.environment = "headless"; + services.syncthing.user = lib.mkForce "hana"; +} diff --git a/hosts/alyssum/filesystem.nix b/hosts/alyssum/filesystem.nix new file mode 100644 index 0000000..bdea423 --- /dev/null +++ b/hosts/alyssum/filesystem.nix @@ -0,0 +1,35 @@ +{ ... }: +let + bind = src: { + depends = [ "/nix" ]; + device = src; + fsType = "none"; + neededForBoot = true; + options = [ "bind" ]; + }; + + mkLabelMount = label: type: { + device = "/dev/disk/by-label/${label}"; + fsType = type; + options = [ "defaults" "relatime" ]; + }; + mkBtrfsMount = name: subvol: atime: mkLabelMount name "btrfs" // { + options = [ "autodefrag" "compress=zstd:3" "defaults" "discard=async" "space_cache=v2" "ssd" "subvol=${subvol}" (if atime then "relatime" else "noatime") ]; + }; + submount = mkBtrfsMount "alyssum"; +in { + fileSystems = { + "/" = { + device = "rootfs"; + fsType = "tmpfs"; + options = [ "defaults" "size=8G" "mode=755" ]; + }; + "/boot" = mkLabelMount "stem" "vfat"; + + "/flower" = mkBtrfsMount "myosotis" "/@" true; + "/nix" = submount "/@/nix" false; + "/persist" = (submount "/@/persist" true) // { neededForBoot = true; }; + "/persist/.snapshots" = submount "/snap/persist" false; + "/var/log/journal" = bind "/persist/journal"; + }; +} diff --git a/hosts/alyssum/home.syncthing.nix b/hosts/alyssum/home.syncthing.nix new file mode 100644 index 0000000..8d5a1cc --- /dev/null +++ b/hosts/alyssum/home.syncthing.nix @@ -0,0 +1,39 @@ +{ config, lib, ... }: +let + configOn = user: port: { + me.binds."/home/${user}/.config/syncthing" = "${user}/syncthing/config"; + me.binds."/home/${user}/.local/state/syncthing" = "${user}/syncthing/state"; + + systemd.tmpfiles.rules = [ "d /flower/syncthing/${user} 700 ${user} users" ]; + + users.users.${user} = { + hashedPasswordFile = config.age.secrets.passwd.path; + isNormalUser = true; + linger = true; + }; + home-manager.users.${user} = { ... }: { + home = { + username = "${user}"; + homeDirectory = "/home/${user}"; + stateVersion = "26.05"; + }; + services.syncthing = { + enable = true; + guiAddress = "[::]:${toString port}"; + overrideDevices = false; + overrideFolders = false; + settings = { + options.listenAddresses = [ + "tcp://0.0.0.0:2${toString port}" + "quic://0.0.0.0:2${toString port}" + "dynamic+https://relays.syncthing.net/endpoint" + ]; + defaults.folder.path = "/flower/syncthing/${user}"; + }; + }; + }; + }; +in lib.mkMerge [ + (configOn "kujira" 8385) + (configOn "cilly" 8386) +] diff --git a/hosts/alyssum/kernel.nix b/hosts/alyssum/kernel.nix new file mode 100644 index 0000000..5e9b300 --- /dev/null +++ b/hosts/alyssum/kernel.nix @@ -0,0 +1,12 @@ +{ config, lib, ... }: { + boot = { + loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + }; + initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ]; + initrd.kernelModules = [ ]; + kernelModules = [ "kvm-amd" ]; + }; + hardware.cpu.amd.updateMicrocode = true; +} diff --git a/hosts/alyssum/networking.nix b/hosts/alyssum/networking.nix new file mode 100644 index 0000000..281cbb6 --- /dev/null +++ b/hosts/alyssum/networking.nix @@ -0,0 +1,15 @@ +{ config, ... }: { + networking = { + useDHCP = true; + wireless.enable = true; + + interfaces.wlp1s0.useDHCP = false; + interfaces.wlp1s0.ipv4.addresses = [{ + address = "192.168.1.167"; + prefixLength = 24; + }]; + + defaultGateway = "192.168.1.1"; + nameservers = [ "8.8.8.8" "8.8.4.4" ]; + }; +} diff --git a/hosts/alyssum/packages.nix b/hosts/alyssum/packages.nix new file mode 100644 index 0000000..2d4bd30 --- /dev/null +++ b/hosts/alyssum/packages.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: { + environment.systemPackages = with pkgs; [ + git + htop + jq + neovim + rsync + sshfs + wget + + kitty.terminfo + ]; + environment.variables.EDITOR = "nvim"; +} diff --git a/hosts/alyssum/samba.nix b/hosts/alyssum/samba.nix new file mode 100644 index 0000000..d876981 --- /dev/null +++ b/hosts/alyssum/samba.nix @@ -0,0 +1,84 @@ +{ config, lib, pkgs, ... }: +let + configOn = user: let + passwd_fname = "passwd_smb${user}"; + in { + age.secrets.${passwd_fname}.file = ../../secrets/${passwd_fname}.age; + me.binds."/flower/smb/${user}/music" = "/flower/media/music/${user}"; + me.binds."/flower/smb/${user}/syncthing" = "/flower/syncthing/${user}"; + + users.users.${user} = { + hashedPasswordFile = config.age.secrets.passwd.path; + isNormalUser = true; + }; + + system.activationScripts = { + init_smbpasswd.text = let + smbpasswd = "${config.services.samba.package}/bin/smbpasswd"; + in '' + printf "$(cat ${config.age.secrets.${passwd_fname}.path})\n$(cat ${config.age.secrets.${passwd_fname}.path})\n" | ${smbpasswd} -sa ${user} + ''; + }; + services.samba.settings."${user}" = { + "path" = "/flower/smb/${user}"; + "browseable" = "yes"; + "read only" = "no"; + "guest ok" = "no"; + "create mask" = "0644"; + "directory mask" = "0755"; + "force user" = user; + "force group" = "users"; + "valid users" = user; + }; + }; +in lib.mkMerge [ + (configOn "cilly") + (configOn "kujira") + { + me.binds."/flower/smb/kujira/opencloud" = "/flower/opencloud/data/storage/users/users/a8e29fc0-673c-4c67-be00-2442904acb43"; + + networking.firewall.allowPing = true; + + services.samba = { + enable = true; + package = pkgs.samba4Full; + openFirewall = true; + settings = { + global = { + "server smb encrypt" = "required"; + "workgroup" = "WORKGROUP"; + "server string" = "smbnix"; + "netbios name" = "smbnix"; + "security" = "user"; + "hosts allow" = "100.64.0.0/10 127.0.0.1 alyssum localhost"; + "hosts deny" = "0.0.0.0/0"; + "guest account" = "nobody"; + "map to guest" = "bad user"; + }; + "public" = { + "path" = "/flower/smb/public"; + "browseable" = "yes"; + "read only" = "no"; + "guest ok" = "yes"; + "create mask" = "0644"; + "directory mask" = "0755"; + "force user" = "hana"; + "force group" = "users"; + }; + }; + }; + + services.samba-wsdd = { + enable = true; + openFirewall = true; + }; + + services.avahi = { + enable = true; + openFirewall = true; + nssmdns4 = true; + publish.enable = true; + publish.userServices = true; + }; + } +] diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index aa4c81b..841e909 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -28,6 +28,7 @@ printing security snapper + tailscale wireguard ./filesystem.nix diff --git a/hosts/anemone/networking.nix b/hosts/anemone/networking.nix index 18c0d87..f5a4dc5 100644 --- a/hosts/anemone/networking.nix +++ b/hosts/anemone/networking.nix @@ -1,19 +1,4 @@ { config, ... }: { - networking = { - #nameservers = [ "8.8.8.8" "8.8.4.4" ]; - - #wg-quick.interfaces.wg0.configFile = "/persist/vpn.conf"; - wireless.enableHardening = false; - - networkmanager = { - enable = true; - #dns = "none"; - }; - - extraHosts = '' - 192.168.100.16 hyacinth - ''; - }; - + networking.wireless.iwd.enable = true; environment.etc."NetworkManager/system-connections".source = "/persist/nm_system-connections"; } diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 3f87d87..f65dfd1 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -5,6 +5,7 @@ age.secrets = { acme_dns.file = ../../secrets/acme_dns.age; + slskd_env.file = ../../secrets/slskd_env.age; wg_dandelion.file = ../../secrets/wg_dandelion.age; }; @@ -17,6 +18,7 @@ nix-stable packages security + tailscale wireguard modules.services.banksia @@ -27,10 +29,13 @@ inputs.c-amethyst.nixosModule inputs.c-beryllium.nixosModule inputs.c-citrine.nixosModule + inputs.c-diamond.nixosModule + inputs.c-fluorite.nixosModule ./filesystem.nix ./kernel.nix ./networking.nix + ./nginx.nix ../../users/hana ]; diff --git a/hosts/dandelion/filesystem.nix b/hosts/dandelion/filesystem.nix index 4dd6a55..861bc15 100644 --- a/hosts/dandelion/filesystem.nix +++ b/hosts/dandelion/filesystem.nix @@ -22,7 +22,7 @@ in { "/" = { device = "rootfs"; fsType = "tmpfs"; - options = [ "defaults" "size=12G" "mode=755" ]; + options = [ "defaults" "size=6G" "mode=755" ]; }; "/boot" = mkLabelMount "UEFI" "vfat"; diff --git a/hosts/dandelion/nginx.nix b/hosts/dandelion/nginx.nix new file mode 100644 index 0000000..c29de38 --- /dev/null +++ b/hosts/dandelion/nginx.nix @@ -0,0 +1,8 @@ +{ ... }: { + services.nginx.virtualHosts."muse.lava.moe" = { + useACMEHost = "lava.moe"; + forceSSL = true; + locations."/".return = "404"; + locations."/share/".proxyPass = "http://[fd0d:2::5:2]:4533"; + }; +} diff --git a/hosts/hyacinth/default.nix b/hosts/hyacinth/default.nix index 620798b..a32d4bd 100644 --- a/hosts/hyacinth/default.nix +++ b/hosts/hyacinth/default.nix @@ -18,6 +18,7 @@ bluetooth ccache corectrl + docker flatpak greetd gui @@ -28,6 +29,7 @@ printing security snapper + tailscale wireguard modules.services.syncthing diff --git a/hosts/hyacinth/packages.nix b/hosts/hyacinth/packages.nix index f4e4fe4..69f9ba1 100644 --- a/hosts/hyacinth/packages.nix +++ b/hosts/hyacinth/packages.nix @@ -1,5 +1,6 @@ { pkgs, ... }: { environment.systemPackages = with pkgs; [ + discord jetbrains.idea texliveFull ]; diff --git a/modules/binds.nix b/modules/binds.nix new file mode 100644 index 0000000..c9ffe18 --- /dev/null +++ b/modules/binds.nix @@ -0,0 +1,13 @@ +{ config, lib, ...}: { + imports = [ ./options.nix ]; + fileSystems = lib.mapAttrs (dest: key: let + target = if (lib.strings.hasPrefix "/" key) + then key + else "/persist/binds/${key}"; + in { + depends = [ "/persist" ]; + device = target; + fsType = "none"; + options = [ "bind" ]; + }) config.me.binds; +} diff --git a/modules/default.nix b/modules/default.nix index f47d4ee..6775c55 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -14,6 +14,7 @@ let }) paths ); in { + binds = ./binds.nix; options = ./options.nix; services = mkAttrsFromPaths [ ./services/banksia.nix @@ -49,6 +50,7 @@ in { ./system/printing.nix ./system/security.nix ./system/snapper.nix + ./system/tailscale.nix ./system/virtualisation.nix ./system/wireguard.nix ]; diff --git a/modules/options.nix b/modules/options.nix index b522127..e861c12 100644 --- a/modules/options.nix +++ b/modules/options.nix @@ -44,5 +44,10 @@ in { type = types.bool; default = false; }; + + binds = lib.mkOption { + type = with lib.types; attrsOf str; + default = {}; + }; }; } diff --git a/modules/services/banksia.nix b/modules/services/banksia.nix index d6532f6..2ace618 100644 --- a/modules/services/banksia.nix +++ b/modules/services/banksia.nix @@ -4,7 +4,7 @@ "banksia.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; - locations."/".return = "302 https://github.com/cillynder/Banksia"; + locations."/".return = "302 https://lab.lava.moe/cilly/Banksia"; locations."/api".proxyPass = "http://localhost:8080/"; }; }; diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix index 51641b4..a02b7e9 100644 --- a/modules/services/nginx.nix +++ b/modules/services/nginx.nix @@ -6,7 +6,7 @@ email = "me@lava.moe"; group = "nginx"; dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets."acme_dns".path; + environmentFile = config.age.secrets."acme_dns".path; }; certs."lava.moe" = { extraDomainNames = [ diff --git a/modules/services/syncthing.nix b/modules/services/syncthing.nix index 2316f9f..db32371 100644 --- a/modules/services/syncthing.nix +++ b/modules/services/syncthing.nix @@ -1,7 +1,8 @@ { config, ... }: let dir = "/persist/shared/.syncthing"; - uid = toString config.users.users.rin.uid; + user = if config.me.gui then "rin" else "hana"; + uid = toString config.users.users."${user}".uid; gid = toString config.users.groups.users.gid; in { @@ -13,9 +14,10 @@ in services.syncthing = { enable = true; openDefaultPorts = true; - user = "rin"; + user = user; group = "users"; dataDir = "/persist/shared/.syncthing/data"; configDir = "/persist/shared/.syncthing/config"; + guiAddress = if config.me.gui then "127.0.0.1:8384" else ":8384"; }; } diff --git a/modules/services/unbound.nix b/modules/services/unbound.nix index 349f9e8..8aae0fd 100644 --- a/modules/services/unbound.nix +++ b/modules/services/unbound.nix @@ -27,8 +27,12 @@ in { forward-addr = [ "2606:4700:4700::1111@853#cloudflare-dns.com" "2606:4700:4700::1001@853#cloudflare-dns.com" + "2001:4860:4860::8888@853#dns.google" + "2001:4860:4860::8844@853#dns.google" "1.1.1.1@853#cloudflare-dns.com" "1.0.0.1@853#cloudflare-dns.com" + "8.8.8.8@853#dns.google" + "8.8.4.4@853#dns.google" ]; }]; @@ -37,8 +41,10 @@ in { access-control = [ "127.0.0.1/8 allow" "10.0.0.0/8 allow" + "100.64.0.0/10 allow" "192.168.100.0/24 allow" - "fd0d::/16 allow" + "fd0d::/16 allow" + "fd7a:115c:a1e0::/48 allow" "${gcSecrets.wireguard.ipv6Subnet}:/80 allow" ]; domain-insecure = [ "\"local.lava.moe\"" ]; diff --git a/modules/services/website.nix b/modules/services/website.nix index 2ef679b..3fba609 100644 --- a/modules/services/website.nix +++ b/modules/services/website.nix @@ -18,6 +18,13 @@ in { root = inputs.website.outPath; }; "cdn.lava.moe" = { + useACMEHost = "lava.moe"; + forceSSL = true; + extraConfig = '' + return 301 https://sh.lava.moe$request_uri; + ''; + }; + "sh.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; root = "/persist/cdn"; diff --git a/modules/system/base.nix b/modules/system/base.nix index 36c9993..c45eb99 100644 --- a/modules/system/base.nix +++ b/modules/system/base.nix @@ -1,5 +1,5 @@ { config, inputs, modules, ... }: { - imports = [ modules.options ]; + imports = [ modules.binds modules.options ]; environment.etc = { "machine-id".source = "/persist/machine-id"; diff --git a/modules/system/input.nix b/modules/system/input.nix index 2ef1eab..a0bf2ff 100644 --- a/modules/system/input.nix +++ b/modules/system/input.nix @@ -6,7 +6,19 @@ "-arinterval 15" ]; }; - xkb.options = "caps:escape"; }; - console.useXkbConfig = true; + services.keyd = { + enable = true; + keyboards = { + default = { + ids = [ "*" ]; + settings = { + main = { + capslock = "esc"; + esc = "capslock"; + }; + }; + }; + }; + }; } diff --git a/modules/system/nix.nix b/modules/system/nix.nix index 6a6fd04..eb14f73 100644 --- a/modules/system/nix.nix +++ b/modules/system/nix.nix @@ -1,5 +1,6 @@ -{ config, lib, pkgs, ... }: { +{ config, inputs, pkgs, ... }: { nix = { + nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; package = pkgs.nixVersions.latest; settings = rec { diff --git a/modules/system/packages-gui.nix b/modules/system/packages-gui.nix index 77eb510..d853c40 100644 --- a/modules/system/packages-gui.nix +++ b/modules/system/packages-gui.nix @@ -10,7 +10,6 @@ libva-vdpau-driver libvdpau-va-gl ]; - programs.light.enable = true; hardware.opentabletdriver.enable = true; hardware.keyboard.qmk.enable = true; programs.steam = { diff --git a/modules/system/packages.nix b/modules/system/packages.nix index afeef4e..d4e2e3c 100644 --- a/modules/system/packages.nix +++ b/modules/system/packages.nix @@ -16,7 +16,6 @@ neovim nfs-utils ntfs3g - oci-cli ripgrep rsync sshfs diff --git a/modules/system/security.nix b/modules/system/security.nix index 602f108..f1f087b 100644 --- a/modules/system/security.nix +++ b/modules/system/security.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: { +{ config, lib, pkgs, ... }: { networking.firewall = let iptables = "${pkgs.iptables}/bin/iptables"; @@ -53,5 +53,33 @@ } ]; }; + pam = lib.mkIf (config.me.environment != "headless") { + u2f = { + enable = true; + settings = { + cue = true; + pinverification = 1; + }; + }; + services.doas.rules.auth = { + u2f.settings.pinverification = lib.mkForce 0; + u2f_int = lib.mkMerge [ + { + enable = true; + order = config.security.pam.services.doas.rules.auth.u2f.order + 1; + control = "sufficient"; + modulePath = "${pkgs.pam_u2f}/lib/security/pam_u2f.so"; + inherit (config.security.pam.u2f) settings; + } + { + settings = lib.mkForce { + interactive = true; + pinverification = 0; + userpresence = 0; + }; + } + ]; + }; + }; }; } diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix new file mode 100644 index 0000000..5e3e044 --- /dev/null +++ b/modules/system/tailscale.nix @@ -0,0 +1,13 @@ +{ config, lib, ... }: { + age.secrets.tailscale_auth.file = ../../secrets/tailscale_auth.age; + me.binds."/var/lib/tailscale" = "tailscale"; + networking.firewall.trustedInterfaces = [ "tailscale0" ]; + networking.firewall.allowedUDPPorts = lib.mkIf (config.me.environment == "headless") [ 123 ]; + + services.tailscale = { + enable = true; + authKeyFile = config.age.secrets.tailscale_auth.path; + openFirewall = true; + useRoutingFeatures = if config.me.environment == "headless" then "both" else "client"; + }; +} diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index dbc8938..71f85ad 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -1,12 +1,12 @@ { config, lib, pkgs, gcSecrets, ... }: let - port = 123; + port = 51801; serverName = "dandelion"; serverInterface = "enp0s6"; serverIp = gcSecrets.wireguard.gateway; forwarding = { -# "22727" = [ "10.100.0.3" "7777" ]; + "22727" = [ "10.100.0.3" "7777" ]; }; mapForwards = type: @@ -18,6 +18,8 @@ let in '' ${pkgs.iptables}/bin/iptables -${type} PREROUTING -t nat -i ${serverInterface} -p tcp --dport ${sport} -j DNAT --to ${dest}:${dport} ${pkgs.iptables}/bin/iptables -${type} FORWARD -p tcp -d ${dest} --dport ${dport} -j ACCEPT + ${pkgs.iptables}/bin/iptables -${type} PREROUTING -t nat -i ${serverInterface} -p udp --dport ${sport} -j DNAT --to ${dest}:${dport} + ${pkgs.iptables}/bin/iptables -${type} FORWARD -p udp -d ${dest} --dport ${dport} -j ACCEPT '') forwarding ); diff --git a/modules/user/eww.nix b/modules/user/eww.nix index 9d839e0..13db70e 100644 --- a/modules/user/eww.nix +++ b/modules/user/eww.nix @@ -21,9 +21,9 @@ let ''; }; in { - home.packages = with pkgs; [ socat ]; + home.packages = with pkgs; [ iw socat ]; programs.eww = { enable = true; - configDir = res; }; + xdg.configFile."eww".source = res; } diff --git a/modules/user/git.nix b/modules/user/git.nix index 6c21f20..ca2762e 100644 --- a/modules/user/git.nix +++ b/modules/user/git.nix @@ -10,6 +10,7 @@ user.email = "mini@cilly.moe"; core.abbrev = 11; safe.directory = "/home/rin/Projects/flakes"; + init.defaultBranch = "master"; }; }; } diff --git a/modules/user/hypridle.nix b/modules/user/hypridle.nix index 68203b1..af7af86 100644 --- a/modules/user/hypridle.nix +++ b/modules/user/hypridle.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: let - kblight = "light -s sysfs/leds/${config.me.kbBacklightDevice}"; + kblight = "brightnessctl -d ${config.me.kbBacklightDevice}"; in { home.packages = [ config.services.hypridle.package ]; @@ -16,18 +16,18 @@ in listener = lib.optionals (config.me.kbBacklightDevice != null) [ { timeout = 120; - on-timeout = "${kblight} -O && ${kblight} -S 0"; - on-resume = "${kblight} -I"; + on-timeout = "${kblight} -s && ${kblight} 0"; + on-resume = "${kblight} -r"; } ] ++ [ { timeout = 150; - on-timeout = "light -O && light -T 0.5"; - on-resume = "light -I"; + on-timeout = "brightnessctl -s && brightnessctl 50%-"; + on-resume = "brightnessctl -r"; } { timeout = 180; - on-timeout = "light -I && loginctl lock-session"; + on-timeout = "brightnessctl -r && loginctl lock-session"; } { timeout = 195; diff --git a/modules/user/neovim-minimal.nix b/modules/user/neovim-minimal.nix index a7d3f8c..392097d 100644 --- a/modules/user/neovim-minimal.nix +++ b/modules/user/neovim-minimal.nix @@ -9,6 +9,8 @@ vimAlias = true; vimdiffAlias = true; withNodeJs = false; + withPython3 = false; + withRuby = false; plugins = with pkgs.vimPlugins; [ fzf-vim diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix index 4dc4830..2b8d4c1 100644 --- a/modules/user/neovim.nix +++ b/modules/user/neovim.nix @@ -1,9 +1,9 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, sysConfig, ... }: let luaconf = pkgs.writeText "config.lua" (lib.replaceStrings - ["{{OMNISHARP_PATH}}" "{{DART_PATH}}" "{{CATPPUCCIN_FLAVOUR}}"] - ["${pkgs.omnisharp-roslyn}/bin/OmniSharp" "${pkgs.dart}/bin/dart" config.catppuccin.nvim.flavor] + ["{{OMNISHARP_PATH}}" "{{DART_PATH}}" "{{CATPPUCCIN_FLAVOUR}}" "{{USERNAME}}" "{{HOSTNAME}}"] + ["${pkgs.omnisharp-roslyn}/bin/OmniSharp" "${pkgs.dart}/bin/dart" config.catppuccin.nvim.flavor config.home.username sysConfig.networking.hostName] (builtins.readFile ../../res/config.lua)); in { systemd.user.tmpfiles.rules = [ @@ -17,17 +17,20 @@ in { vimdiffAlias = true; #package = pkgs.neovim-nightly; withNodeJs = true; + withPython3 = true; + withRuby = false; extraPackages = with pkgs; [ + nixd rust-analyzer texlab - nodePackages."@astrojs/language-server" - nodePackages."@tailwindcss/language-server" - nodePackages.diagnostic-languageserver - nodePackages.eslint_d - nodePackages.typescript-language-server - nodePackages.vscode-langservers-extracted - nodePackages.yaml-language-server + astro-language-server + tailwindcss-language-server + diagnostic-languageserver + eslint_d + typescript-language-server + vscode-langservers-extracted + yaml-language-server ]; plugins = with pkgs.vimPlugins; [ diff --git a/overlays/default.nix b/overlays/default.nix index a84cba5..cbe3e7e 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -5,6 +5,7 @@ builtins.map (path: import path) [ ./eww.nix ./jetbrains.nix ./material-icons.nix + ./openldap.nix ./steam.nix ./utillinux.nix ./wpa-supplicant.nix diff --git a/overlays/openldap.nix b/overlays/openldap.nix new file mode 100644 index 0000000..f9b2b46 --- /dev/null +++ b/overlays/openldap.nix @@ -0,0 +1,9 @@ +self: super: { + # openldap i686 fails checks + # issue: https://github.com/NixOS/nixpkgs/issues/514113 + # workaround: https://github.com/NixOS/nixpkgs/issues/513245#issuecomment-4320293674 + # fix: https://github.com/NixOS/nixpkgs/pull/515956 + openldap = super.openldap.overrideAttrs { + doCheck = !self.stdenv.hostPlatform.isi686; + }; +} diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index dc198a6..1ea7dcb 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "6.19"; - kernelHash = "0mqka8ii7bvmx9hvfjdiyva9ib0j7m390gxhh8gki3qb4nl7jc1h"; - kernelPatchHash = "0w36sxwwhfqpc1if9d52rg0g1k20xjl2cairlyiyk10ns17mjxlb"; + version = "7.0.10"; + kernelHash = "1w4i705i0nl1xqv7fdhdbhy7j3xrzhl31fabs6vmgiw7nf06szxv"; + kernelPatchHash = "0h7gxqcnww7sj5cdyblzj04775zhavwdylkm2pm91v6xkjbnz1zj"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; diff --git a/res/config-minimal.lua b/res/config-minimal.lua index f941c9e..c2d3f06 100644 --- a/res/config-minimal.lua +++ b/res/config-minimal.lua @@ -1,5 +1,5 @@ -- Keybindings -local map = vim.api.nvim_set_keymap +local map = vim.keymap.set map('n', '', 'h', { noremap = true }) map('n', '', 'j', { noremap = true }) map('n', '', 'k', { noremap = true }) @@ -18,6 +18,7 @@ vim.opt.number = true vim.opt.cursorline = true vim.opt.signcolumn = "yes:3" vim.opt.title = true +vim.opt.termguicolors = true vim.opt.updatetime = 0 vim.opt.clipboard:prepend('unnamedplus') @@ -47,7 +48,7 @@ vim.g.signify_sign_change = vim.g.signify_sign_add vim.g.signify_sign_change_delete = vim.g.signify_sign_delete -- Plugins -require('nvim-treesitter.configs').setup { +require('nvim-treesitter').setup { highlight = { enable = true }, indent = { enable = false } } diff --git a/res/config.lua b/res/config.lua index ef10504..c0b5dad 100644 --- a/res/config.lua +++ b/res/config.lua @@ -51,6 +51,7 @@ vim.g.signify_sign_change_delete = vim.g.signify_sign_delete -- VimTeX vim.g.vimtex_view_method = "zathura" +vim.g.vimtex_quickfix_open_on_warning = 0 -- Theming vim.api.nvim_command("syntax enable") @@ -107,18 +108,18 @@ require('lualine').setup { -- many thanks to @kristijanhusak -- https://github.com/nvim-treesitter/nvim-treesitter/issues/1167#issuecomment-920824125 function _G.javascript_indent() - local line = vim.fn.getline(vim.v.lnum) - local prev_line = vim.fn.getline(vim.v.lnum - 1) - if line:match('^%s*[%*/]%s*') then - if prev_line:match('^%s*%*%s*') then - return vim.fn.indent(vim.v.lnum - 1) + local line = vim.fn.getline(vim.v.lnum) + local prev_line = vim.fn.getline(vim.v.lnum - 1) + if line:match('^%s*[%*/]%s*') then + if prev_line:match('^%s*%*%s*') then + return vim.fn.indent(vim.v.lnum - 1) + end + if prev_line:match('^%s*/%*%*%s*$') then + return vim.fn.indent(vim.v.lnum - 1) + 1 + end end - if prev_line:match('^%s*/%*%*%s*$') then - return vim.fn.indent(vim.v.lnum - 1) + 1 - end - end - return vim.fn['GetJavascriptIndent']() + return vim.fn['GetJavascriptIndent']() end vim.cmd('au FileType javascript setlocal indentexpr=v:lua.javascript_indent()') @@ -156,22 +157,17 @@ vim.api.nvim_create_autocmd("LspAttach", { end }) -vim.lsp.handlers["textDocument/publishDiagnostics"] = vim.lsp.with( - vim.lsp.diagnostic.on_publish_diagnostics, { - focusable = false, - virtual_text = false, - underline = true, - signs = true, - update_in_insert = true - } -) -vim.lsp.handlers["textDocument/signatureHelp"] = vim.lsp.with( - vim.lsp.handlers.signature_help, { focusable = false } -) +vim.diagnostic.config({ + focusable = false, + virtual_text = false, + underline = true, + signs = true, + update_in_insert = true +}) capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities) -local servers = { 'astro', 'clangd', 'cssls', 'html', 'nil_ls', 'tailwindcss', 'texlab', 'ts_ls', 'yamlls' } +local servers = { 'astro', 'clangd', 'cssls', 'html', 'tailwindcss', 'texlab', 'ts_ls', 'yamlls' } for _, lsp in ipairs(servers) do vim.lsp.config(lsp, { capabilities = capabilities, @@ -296,6 +292,32 @@ vim.lsp.config("diagnosticls", { }) vim.lsp.enable("diagnosticls") +-- LSP/nixd +vim.lsp.config("nixd", { + cmd = { "nixd" }, + filetypes = { "nix" }, + root_markers = { "flake.nix", ".git" }, + settings = { + nixd = { + nixpkgs = { + expr = "import { }", + }, + formatting = { + command = { "nixfmt" }, + }, + options = { + nixos = { + expr = '(builtins.getFlake (toString ./.)).nixosConfigurations.{{HOSTNAME}}.options', + }, + home_manager = { + expr = '(builtins.getFlake (builtins.toString ./.)).nixosConfigurations."{{USERNAME}}@{{HOSTNAME}}".options.home-manager.users.type.getSubOptions []', + }, + }, + }, + }, +}) +vim.lsp.enable("nixd") + -- LSP/Signatures require("lsp_signature").setup { hint_enable = false, diff --git a/res/eww/eww.yuck b/res/eww/eww.yuck index 2598788..d72a2cc 100644 --- a/res/eww/eww.yuck +++ b/res/eww/eww.yuck @@ -1,4 +1,5 @@ (defwindow mainbar :monitor 0 + :geometry (geometry :x "0%" :y "0%" :width "100%" @@ -39,14 +40,15 @@ `cat /sys/class/power_supply/_BAT_PATH_/capacity`) (defpoll pbat_status :interval "1s" :run-while bat-enabled `cat /sys/class/power_supply/_BAT_PATH_/status`) -(defpoll network_strength :interval "1s" :run-while wifi-enabled - `nmcli -f IN-USE,SIGNAL device wifi | grep '*' | tr -d -c 0-9`) +(defpoll wifi_ssid :interval "1s" :run-while wifi-enabled + `iwctl station wlan0 show | grep "Connected network" | awk '{print $3}'`) +(defpoll wifi_strength :interval "1s" :run-while wifi-enabled + `iw dev wlan0 link | awk '/signal/ {gsub("-",""); print $2}'`) (defpoll bluetooth_device :interval "1s" :run-while bt-enabled `bluetoothctl devices Connected | grep Device | cut -d" " -f3-`) (defpoll bluetooth_device_count :interval "1s" :run-while bt-enabled `bluetoothctl devices Connected | wc -l`) -(deflisten lnetwork :initial "" :run-while wifi-enabled "./scripts/network.sh") (deflisten ltitle :initial "" "./scripts/title.sh") (deflisten lworkspaces :initial "[]" "./scripts/workspaces.sh") (deflisten lcurrent_workspace :initial "1" "./scripts/active-workspace.sh") @@ -107,22 +109,22 @@ (defwidget network [] (button :onclick `eww update network-extended=${network-extended ? "false" : "true"}` (box :orientation "horizontal" - :class {"widget pill" + ((network-extended && lnetwork != "Disconnected") ? " extended" : "")} - :spacing {(network-extended && lnetwork != "Disconnected") ? 5 : 0} + :class {"widget pill" + ((network-extended && wifi_ssid != "") ? " extended" : "")} + :spacing {(network-extended && wifi_ssid != "") ? 5 : 0} :space-evenly false (label :text { - (lnetwork == "Disconnected") ? "" - : (network_strength == "") ? "" - : (network_strength < 20) ? "" - : (network_strength < 30) ? "" - : (network_strength < 55) ? "" - : (network_strength < 80) ? "" + (wifi_ssid == "") ? "" + : (wifi_strength == "") ? "" + : (wifi_strength < 75) ? "" + : (wifi_strength < 65) ? "" + : (wifi_strength < 60) ? "" + : (wifi_strength < 50) ? "" : ""} :class "base pill-icon") (revealer :transition "slideleft" - :reveal {network-extended && lnetwork != "Disconnected"} + :reveal {network-extended && wifi_ssid != ""} :duration 150 - (label :text lnetwork + (label :text wifi_ssid :class "base"))))) (defwidget battery [] diff --git a/res/eww/scripts/network.sh b/res/eww/scripts/network.sh deleted file mode 100755 index 7d0c2c8..0000000 --- a/res/eww/scripts/network.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/env bash - -init=$(nmcli -t -f name,device connection show --active | grep wlp1s0 | cut -d\: -f1) - -if [[ -z $init ]]; then - echo Disconnected -else - echo $init -fi - -nmcli monitor | while read -r line ; do - if [[ $line == *"is now the primary connection" ]]; then - conn=$(echo $line | cut -d\' -f2) - echo $conn - fi - if [[ $line == "There's no primary connection" ]]; then - echo Disconnected - fi -done diff --git a/secrets.nix b/secrets.nix index 4fc6c4a..b1f55e5 100644 --- a/secrets.nix +++ b/secrets.nix @@ -1,4 +1,5 @@ let + alyssum = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAp00i2DTwMk9i2WBEwpNTDA51TQJEqzpyCka6znmRzR"; anemone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEPFifSAybe97xDP/cq6AAjy7Fm0go0dtQ9ICK6JRUgc"; blossom = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5wfPCcpkNR3ubr7cBV0UwVCDo/sMmV0aI/JOJTIxQj"; dandelion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFUk99ku7+eiIO7Q9sIPlPx3GiUljLv7W404W/zwrtzI"; @@ -6,10 +7,15 @@ let rin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15"; in { - "secrets/passwd.age".publicKeys = [ anemone blossom rin ]; - "secrets/wpa_conf.age".publicKeys = [ blossom rin ]; + "secrets/passwd.age".publicKeys = [ alyssum anemone blossom rin ]; + "secrets/passwd_smbcilly.age".publicKeys = [ alyssum rin ]; + "secrets/passwd_smbkujira.age".publicKeys = [ alyssum rin ]; + "secrets/wpa_conf.age".publicKeys = [ alyssum blossom rin ]; - "secrets/acme_dns.age".publicKeys = [ dandelion hazel rin ]; + "secrets/acme_dns.age".publicKeys = [ alyssum dandelion hazel rin ]; + "secrets/navidrome_env.age".publicKeys = [ alyssum dandelion rin ]; + "secrets/slskd_env.age".publicKeys = [ anemone dandelion rin ]; + "secrets/tailscale_auth.age".publicKeys = [ alyssum anemone blossom dandelion rin ]; "secrets/warden_admin.age".publicKeys = [ rin ]; "secrets/wg_anemone.age".publicKeys = [ anemone rin ]; "secrets/wg_dandelion.age".publicKeys = [ dandelion rin ]; diff --git a/secrets/acme_dns.age b/secrets/acme_dns.age index a573417..c440de6 100644 --- a/secrets/acme_dns.age +++ b/secrets/acme_dns.age @@ -1,10 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 bRFqeQ trK7wfJ1fObF70yD3a6axuXaZv/EzzFI7he1dvUajH8 -1C5IrwITtma/um0zUo6by0llVTnla7TBdyRD07azTT8 --> ssh-ed25519 ZAcXHw f+n0WJKTViwizwTIgRpbLGqk458SnuAFVVj5FQS0nwA -MRinOTxWGwfeg16VWJYD+1Uta+7xF6G9oyqtYSfEq80 --> ssh-ed25519 U9FXlg 24QGfemIAHZYMwroayNJp91fUkbwUF7ACuXIk+7qdBg -RNGpjxUgfzV/e1Ab/NcA8A0zzxsXU06xmVbLpG3x+iI ---- mekieJNQOl4vcg+hsSOQsFC7mVUZf/oRl/dT7AeTRKg -H즏)k#%3cQں1?ad| 쳄ٗo2 -B)=Zi9pR Klg ՞h \ No newline at end of file +-> ssh-ed25519 kOMSPw vqjZO82kILUQaoD9EwOgnmXKD9IyscgtzP65BVKkGhs +07f0vL5fSq+EVdJ4n3L/q0tGsh0SVLCueTzbrMQC2ok +-> ssh-ed25519 bRFqeQ qZAsyhdIY/fg7weEBYfB/WwFBrr/fDRrjt0J/m+57W4 +FOWjbk7efoVdL9WxjWvaZ/0mJrQ4yj0fN/Fa3zztz84 +-> ssh-ed25519 ZAcXHw UHpAQ4nKoGGaZWXVj4UM6uBanOgDpBvG6XdoBvhz6y8 +xF1orqajQxp2QzU/e1sq8lMxz4AQ2Vr5a3wEU55QqyE +-> ssh-ed25519 U9FXlg n/LPuRDZ7N0VbZYLNr86hH/yRuqd2zFC7Nnpooz8d0o +aZig/wjd5vitGaJwQ89w2M7fj8fAiqTpdDOmLae74sM +--- mXuALIh6k4n0cErsTFnwKemo/r2jFG7mGSTz2M8zXF8 +Zr2. ~MPXŹ1)p9R9S cLzhQO0H7Lj5 \l97ܫn> diff --git a/secrets/navidrome_env.age b/secrets/navidrome_env.age new file mode 100644 index 0000000..7df364f --- /dev/null +++ b/secrets/navidrome_env.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 kOMSPw s/uDjoILzZ4meH5Thqdly/pPe2bTO7sKHPIsn7B/Ays +Pg3ePdLimArZbzBJJkole/d6UjUafNayktjKqt9gqv4 +-> ssh-ed25519 bRFqeQ /yrku11wKk2gf24aPjSBZ1KBZXLOlSTOgvW13gjzC3M +xTCWHdq5Vr02v9xDoEZqCcGLIdjZT9s29Gldoz27ow0 +-> ssh-ed25519 U9FXlg HhSqF8DRz/vW42Sf34fqGMIgj9Zpc5MeYNhqqsz7fBk +4IzAURq50rY160/qAzo49cmhV7/skh7PGM8h9qI9WGE +--- aSO1slFKfkECL6Gro84fMiDZ0QLLNbOrfiNegNK7ksc +i'rЌl"j^S"_UPCxs1Mwʍ;#{a}+=eԑ$#szKiJD?>F8kZ(;)[b+o@#2L,חL<\U #>13p\IQ)޽@p,C5v8M%NA r7ɀnt'Ѕֲ5+bj)RaC \ No newline at end of file diff --git a/secrets/passwd.age b/secrets/passwd.age index 64ec861..05ad906 100644 Binary files a/secrets/passwd.age and b/secrets/passwd.age differ diff --git a/secrets/passwd_smbcilly.age b/secrets/passwd_smbcilly.age new file mode 100644 index 0000000..41ad172 --- /dev/null +++ b/secrets/passwd_smbcilly.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 kOMSPw CQaXT9/nw3NGD2/H/ctSQGXIoacgjfKQ24wkpEieLSQ +i4xEXgWGQ7xgQyaDQQIeDuiCLjA6Le23qSnv8C1cbcI +-> ssh-ed25519 U9FXlg GL4dCSCku/FA6ipb9XI1AxO4lhm2r/1lRAeqaGrB32o ++pPgqwnoPi3wJLobTimVMj0rng+XRapRG6jTYFXSsDM +--- eVgn3ON19pqq+L832bqlbkHUQXdaTI+LfSL4bYfEdew +*l\W!J7E/"f@%\[j8fӶ \ No newline at end of file diff --git a/secrets/passwd_smbkujira.age b/secrets/passwd_smbkujira.age new file mode 100644 index 0000000..71b6bb8 --- /dev/null +++ b/secrets/passwd_smbkujira.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 kOMSPw Kn+LPMoyOrVwI/nrGgnxgVA3D+tVY9Tccg/Yx/jL+E8 +IfWiSBh7KgNvgcHlcDzfdcB9nxm1zy12Ae7AGm39fdE +-> ssh-ed25519 U9FXlg 6eIIGEIYDo02FBsgBnwbuOeR8t4xB6jSmLfIL73UCDg +QOc0ddunQQcVEVD20DKKpn3wZWUSveFJSUTBnv+xnNk +--- MjN2i0FNzbUpBGUDNgWGXrRsYl2gtsQX+JlzZV/fYdw +T <R#d Ć̎lLkN8c_N)T \ No newline at end of file diff --git a/secrets/slskd_env.age b/secrets/slskd_env.age new file mode 100644 index 0000000..eded5d0 --- /dev/null +++ b/secrets/slskd_env.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 ohyStA 3Do7MsCBX9ZgP6pIekvkRisFgF74jq2cKxrjUi2NlhM +EdfLIUk40isfNBY4CKA0JjHc2RaCM/LJmvQJuue+aYs +-> ssh-ed25519 bRFqeQ XcjdLy6CEELgdN133BkgTG0cUffU6N9nsapB3c9Swyc ++ILEkir7XMK/xLNrTs2R+pBoucIN7fVEBRZSZwBo7Fs +-> ssh-ed25519 U9FXlg bqpdUcMN/bk7WlIruWmhj0hpFL/CliDHto/P/KaMdxk +z6wKPbT1OAW7sDjeziwdqs6mf9Rk37xsU9pw4wYMOF4 +--- wNvTtQPOTxetOpazjBXo4fR3wPL7CVQq4R30gOj/qQw +&P+Sy=}~1C^.?zLHR`akER(4R!*l!A~@VG<2-K8HPu2jS#WДl>@a . MƞHg[$Wˌ["%N, rGNmf9Fk&~OWZ70t?eOfAz,hq/Z&Fy5ɾBQw/"JS섘5f}%BPĮ,rF`NmnCÎrJaf i?0pzaV[yjX4B>R,tyOIW!(n#ܒj>589d0 mi% t CR˄^IrM")֙S&.)lzӨq:rbrE@JǺsMd?Sk \ No newline at end of file diff --git a/secrets/tailscale_auth.age b/secrets/tailscale_auth.age new file mode 100644 index 0000000..be7af43 --- /dev/null +++ b/secrets/tailscale_auth.age @@ -0,0 +1,13 @@ +age-encryption.org/v1 +-> ssh-ed25519 kOMSPw judP6VmZDGErkHfUpCp3xTgJtWVmGv3/tZw3WGyhfhM +10jxPIR6Qaf/iWLzbWOrFq9XBsm8OC3mcMrxEt+BYQ8 +-> ssh-ed25519 ohyStA Xc6TjSJYtJkK1VEauNJKn+RcTdwdkyJ0Sr+tbAJ8rGc +vzQt4zMdktY5tNvfu9HsKBgJb52uM7x8bhF+WXwpWZ8 +-> ssh-ed25519 CUCjXQ r8WxaXpWtaBdMJ2ubaAwJ4ipSz/UtnMs0x3+eI8p0VU +CdicUH7AE4E4XVHDAeYzQdsYMYA0sCLlt2P4eR24vvs +-> ssh-ed25519 bRFqeQ E9sknPioO9leKqs8bFJDLrAMuRAJf0ZRyGMvy7O5wVA +KX93oSqGHimM/PaeaoHq1aYVXGG1YsVMO2ihZaM8xVE +-> ssh-ed25519 U9FXlg u7yG7cLylPUgu/Is4xx0BXVhX31vUtgStV5CYa8Cowg +xAuGYZpMPVQpZYASXrMuqNE9wqqEG3kMLUNjLzPmL4g +--- EoeqIMnX5tR3J51Cz2QEyjsgD/7h468bqjRmt3mOEjY +xHQ)k)ĉB~ە֖Zv?%lQx OwZIsۄf4D ǔ*Otݳ 0.m[q_[v \ No newline at end of file diff --git a/secrets/wpa_conf.age b/secrets/wpa_conf.age index 2b6862e..555b594 100644 Binary files a/secrets/wpa_conf.age and b/secrets/wpa_conf.age differ diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 77e8a2e..3fe0129 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -15,52 +15,52 @@ in { ffmpeg gnupg kitty - nil nodejs_latest pamixer - qmk + pnpm unrar - weechat yt-dlp - - nodePackages_latest.pnpm + ] ++ lib.optionals (config.me.environment == "desktop") [ + krita + lutris + mangohud + inputs.nix-gaming.packages.x86_64-linux.osu-lazer-bin + qmk + tetrio-desktop + tor-browser + virt-manager + winetricks ] ++ lib.optionals config.me.gui [ android-studio + brightnessctl drawio - element-desktop evince eww feh + feishin file-roller gamescope gimp3 grim - jetbrains.gateway - #kotatogram-desktop - krita lm_sensors - lutris - insomnia maim - mangohud me.psensor - inputs.nix-gaming.packages.x86_64-linux.osu-lazer-bin - # inputs.nix-gaming.packages.x86_64-linux.wine-osu obsidian pavucontrol - prismlauncher + (prismlauncher.override { + jdks = [ + jdk21 + temurin-bin-25 + ]; + }) qbittorrent rivalcfg screenkey slurp swaybg - tetrio-desktop texliveFull - tor-browser transmission-remote-gtk vesktop - virt-manager - winetricks zathura zenity