diff --git a/containers/citrine/configuration.nix b/containers/citrine/configuration.nix index 0f4242a..996ffb2 100644 --- a/containers/citrine/configuration.nix +++ b/containers/citrine/configuration.nix @@ -11,7 +11,7 @@ enable = true; lfs.enable = true; settings = { - DEFAULT.APP_NAME = "cilly's botanical laboratory"; + DEFAULT.APP_NAME = "Garden"; server = { DOMAIN = fqdn; ROOT_URL = "https://${fqdn}/"; @@ -34,8 +34,6 @@ }; api.ENABLE_SWAGGER = false; other.SHOW_FOOTER_TEMPLATE_LOAD_TIME = false; - repository.ENABLE_PUSH_CREATE_USER = true; - repository.ENABLE_PUSH_CREATE_ORG = true; service.DISABLE_REGISTRATION = true; }; stateDir = "/persist/forgejo"; diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix index c2a81b7..5673c9e 100644 --- a/containers/citrine/flake.nix +++ b/containers/citrine/flake.nix @@ -6,7 +6,7 @@ outputs = { nixpkgs, catppuccin, ... }: let name = "citrine"; - fqdn = "lab.lava.moe"; + fqdn = "garden.lava.moe"; subnetId = "3"; subnet = x: "fd0d:1::${subnetId}:${toString x}"; diff --git a/containers/emerald/configuration.nix b/containers/emerald/configuration.nix index 421ddb0..f69a4c6 100644 --- a/containers/emerald/configuration.nix +++ b/containers/emerald/configuration.nix @@ -16,8 +16,7 @@ ShareURL = "https://${shareFqdn}"; EnableSharing = true; DataFolder = "/persist/navidrome"; - MusicFolder = "/binds/music/main"; + MusicFolder = "/binds/music"; }; }; - systemd.services.navidrome.serviceConfig.BindReadOnlyPaths = ["/binds/music"]; } diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix index 5ee69e4..9c9acdc 100644 --- a/containers/emerald/flake.nix +++ b/containers/emerald/flake.nix @@ -9,11 +9,11 @@ shareFqdn = "muse.lava.moe"; subnetId = "5"; - subnet = x: "fd0d:2::${subnetId}:${toString x}"; + subnet = x: "fd0d:1::${subnetId}:${toString x}"; host = subnet 1; client = subnet 2; - subnet4 = x: "10.32.${subnetId}.${toString x}"; + subnet4 = x: "10.30.${subnetId}.${toString x}"; host4 = subnet4 1; client4 = subnet4 2; @@ -39,7 +39,13 @@ useACMEHost = "lava.moe"; forceSSL = true; locations."/".proxyPass = "http://[${client}]:4533"; - listenAddresses = [ "100.67.2.1" ]; + listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ]; + }; + services.nginx.virtualHosts."${shareFqdn}" = { + useACMEHost = "lava.moe"; + forceSSL = true; + locations."/".return = "404"; + locations."/share/".proxyPass = "http://[${client}]:4533"; }; systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; @@ -62,7 +68,7 @@ isReadOnly = false; }; bindMounts."music" = { - hostPath = "/flower/media/music"; + hostPath = "/persist/media/music"; mountPoint = "/binds/music"; isReadOnly = true; }; diff --git a/containers/garnet/configuration.nix b/containers/garnet/configuration.nix index 21400c5..ff514e8 100644 --- a/containers/garnet/configuration.nix +++ b/containers/garnet/configuration.nix @@ -28,8 +28,6 @@ port = 9200; environment = { PROXY_TLS = "false"; - IDP_ACCESS_TOKEN_EXPIRATION = "2592000"; - IDP_ID_TOKEN_EXPIRATION = "2592000"; }; environmentFile = "/etc/opencloud-admin-pass"; }; diff --git a/containers/garnet/flake.nix b/containers/garnet/flake.nix index df835a4..93c3304 100644 --- a/containers/garnet/flake.nix +++ b/containers/garnet/flake.nix @@ -41,13 +41,6 @@ proxyPass = "http://${client4}:9200"; proxyWebsockets = true; }; - extraConfig = '' - proxy_read_timeout 3600s; - proxy_send_timeout 3600s; - keepalive_requests 100000; - keepalive_timeout 5m; - http2_max_concurrent_streams 512; - ''; # TODO: hardcoded address listenAddresses = [ "100.67.2.1" ]; }; diff --git a/flake.lock b/flake.lock index 2578a7e..42cf89a 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1779903856, - "narHash": "sha256-uRShMtD6xW3ZKZbCQ6sDzKWEnbBXUg3IGfOARYogKhg=", + "lastModified": 1777475243, + "narHash": "sha256-EiCeDGJewyWq2Mtdt5m8qyo/W5PXVUCacLuZJ/diBQ8=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "50671fc7f29d686f63ef34b603320d44ad7f2d29", + "rev": "12e7b06163456e4c3685ee83b8fdc277fe03bdc8", "type": "github" }, "original": { @@ -309,11 +309,11 @@ ] }, "locked": { - "lastModified": 1778716662, - "narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=", + "lastModified": 1777988971, + "narHash": "sha256-qIoWPDs+0/8JecyYgE3gpKQxW/4bLW/gp45vow9ioCQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb", + "rev": "0678d8986be1661af6bb555f3489f2fdfc31f6ff", "type": "github" }, "original": { @@ -327,11 +327,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1778716662, - "narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=", + "lastModified": 1777988971, + "narHash": "sha256-qIoWPDs+0/8JecyYgE3gpKQxW/4bLW/gp45vow9ioCQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb", + "rev": "0678d8986be1661af6bb555f3489f2fdfc31f6ff", "type": "github" }, "original": { @@ -404,11 +404,11 @@ ] }, "locked": { - "lastModified": 1778507602, - "narHash": "sha256-kTwur1wV+01SdqskVMSo6JMEpg71ps3HpbFY2GsflKs=", + "lastModified": 1776796298, + "narHash": "sha256-PcRvlWayisPSjd0UcRQbhG8Oqw78AcPE6x872cPRHN8=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "61ab0e80d9c7ab14c256b5b453d8b3fb0189ba0a", + "rev": "3cfd774b0a530725a077e17354fbdb87ea1c4aad", "type": "github" }, "original": { @@ -510,11 +510,11 @@ ] }, "locked": { - "lastModified": 1779969295, - "narHash": "sha256-HwIJ3tOcwSMiV75L7KqJXciXR9UfT+d7rwOZMX7cTnA=", + "lastModified": 1778365864, + "narHash": "sha256-ImoT/wqmgMImf2dAC+E0MverAdA4QXsedOeES9B7Ezw=", "owner": "nix-community", "repo": "home-manager", - "rev": "61e2c9659324181e0f0ed911958c536333b1d4f6", + "rev": "2f419037039a152448c5f4ae9494154753d1b399", "type": "github" }, "original": { @@ -554,11 +554,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1779857514, - "narHash": "sha256-dCrVB3cFvv1d/9wuEejYN131b1phyf6SDy1bcEvtWGo=", + "lastModified": 1778301982, + "narHash": "sha256-M8a1VqhhI3Ii0KFY4n1UdzUIFwZbET+G464cCb5ye5U=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "c9196dea7ee464f7792f94cd39c32431ad9e25ab", + "rev": "d20b99557a90663a016f741398098d4d7b3ad119", "type": "github" }, "original": { @@ -576,11 +576,11 @@ ] }, "locked": { - "lastModified": 1780013080, - "narHash": "sha256-m984DKbcIeNNuLYFjN3780rPEd55Xe9/cB4BNKkIDvg=", + "lastModified": 1778371477, + "narHash": "sha256-sVlZeFIds47ABfBbAmBLexCFnkE1GIBTNGjAMRh+BfA=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "c6cc238427db8f61b786a66d7e02cf7724b30226", + "rev": "b9ee678fadf59b3c998e180d62f4cee0641d21d9", "type": "github" }, "original": { @@ -592,11 +592,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1779979065, - "narHash": "sha256-3uF/oP2D4Jka3DU2G8qqml75UOzPRrK+FIp+jghOq0s=", + "lastModified": 1778321961, + "narHash": "sha256-lrPZ0C+uixk+6jx+maWM998GZaj4lAuicAz/dZHFNBk=", "owner": "neovim", "repo": "neovim", - "rev": "5d85669a33e10f1f156b086562458cbbc8054438", + "rev": "b44c2bdd16226f6caa5324d91f1ae9781ffdc12b", "type": "github" }, "original": { @@ -612,11 +612,11 @@ "nixpkgs": "nixpkgs_10" }, "locked": { - "lastModified": 1779768228, - "narHash": "sha256-/dRavNAx/Mp67xcQQ3JBIMyf0cLoXqKedafB1+wksAE=", + "lastModified": 1778384395, + "narHash": "sha256-ymn6ivl8RbUK8oevC+aRQ3IY3cB3Jg0dCv7LR5XSBVo=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "6e7a8414c0f547a86646eb0b56ebf89e7cc217a2", + "rev": "8368f981774ee25774d016e810d426891174a993", "type": "github" }, "original": { @@ -632,11 +632,11 @@ ] }, "locked": { - "lastModified": 1779604987, - "narHash": "sha256-ZQ5z+fVhxYKtIFwtqGp5O0PD84BM1riASvqDaN5Xs+s=", + "lastModified": 1778240325, + "narHash": "sha256-d2HIS7LpfI0lgxiXCXLjxrHl3eIdNvAVexOu0xiM488=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "8fba98c80b48fa013820e0163c5096922fea4ddd", + "rev": "dd2d0e3f6ba00af01b9498f5697173bdc2524bee", "type": "github" }, "original": { @@ -647,11 +647,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1777268161, - "narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=", + "lastModified": 1770841267, + "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1c3fe55ad329cbcb28471bb30f05c9827f724c76", + "rev": "ec7c70d12ce2fc37cb92aff673dcdca89d187bae", "type": "github" }, "original": { @@ -694,11 +694,11 @@ }, "nixpkgs_10": { "locked": { - "lastModified": 1779536132, - "narHash": "sha256-q+fF42iv/geEbHfgSzy3tS0FF/EyD6XTZ98E6yxiBO8=", + "lastModified": 1778274207, + "narHash": "sha256-I4puXmX1iovcCHZlRmztO3vW0mAbbRvq4F8wgIMQ1MM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3d8f0f3f72a6cd4d93d0ad13203f2ea1cb7e1456", + "rev": "b3da656039dc7a6240f27b2ef8cc6a3ef3bccae7", "type": "github" }, "original": { @@ -710,11 +710,11 @@ }, "nixpkgs_11": { "locked": { - "lastModified": 1779560665, - "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=", + "lastModified": 1777954456, + "narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786", + "rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1", "type": "github" }, "original": { @@ -953,11 +953,11 @@ "pure": { "flake": false, "locked": { - "lastModified": 1779255807, - "narHash": "sha256-UQ0hP3qJd4Qxiw1LXPdb9d0Dc4OSD3HJpgYzaCfujno=", + "lastModified": 1770811375, + "narHash": "sha256-Fhk4nlVPS09oh0coLsBnjrKncQGE6cUEynzDO2Skiq8=", "owner": "sindresorhus", "repo": "pure", - "rev": "cc0759a0de620f191510e2e2f9748194a605b54d", + "rev": "dbefd0dcafaa3ac7d7222ca50890d9d0c97f7ca2", "type": "github" }, "original": { @@ -1007,11 +1007,11 @@ ] }, "locked": { - "lastModified": 1777605393, - "narHash": "sha256-Hjp0VOOHgHcTrX23iVvnfAudPcuCmfkfpQNFwv2v/ks=", + "lastModified": 1770952264, + "narHash": "sha256-CjymNrJZWBtpavyuTkfPVPaZkwzIzGaf0E/3WgcwM14=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "ff88db34cfa486fc4964a6991cab1678d82eee8c", + "rev": "ec6a3d5cdf14bb5a1dd03652bd3f6351004d2188", "type": "github" }, "original": { @@ -1028,11 +1028,11 @@ "systems": "systems_5" }, "locked": { - "lastModified": 1779824049, - "narHash": "sha256-dWHVUjP03KSVG1PaLKA6j9EdxWSxSQvipMUIcSyuA/U=", + "lastModified": 1777789800, + "narHash": "sha256-XHCvLGu/bEEZRzXVKFu1i+2YB102Nr00n8e7xrzsfVs=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "1362178e5f5f7a848c49fe9dee004ef8824f100a", + "rev": "d0e921cc48aab6137d203a3eab19601dc2bdc0c3", "type": "github" }, "original": { @@ -1060,11 +1060,11 @@ "stevenblack-hosts": { "flake": false, "locked": { - "lastModified": 1779976382, - "narHash": "sha256-wt5NGa4K8/vda669UYUmTUt+BR9X5fPnuTZFfQdpLYo=", + "lastModified": 1778258800, + "narHash": "sha256-wTiDXFiBKV4M4jv1JrVLL/kkIyE1FK4qino07BYU5fc=", "owner": "StevenBlack", "repo": "hosts", - "rev": "d3e838712512490260f051150e3573eeebecfadb", + "rev": "8ce06e1ed6f063d3d58cf9c980793415085f5d89", "type": "github" }, "original": { diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix index 06c415f..9a53926 100644 --- a/hosts/alyssum/default.nix +++ b/hosts/alyssum/default.nix @@ -1,12 +1,10 @@ -{ inputs, lib, modules, modulesPath, ... }: { +{ inputs, modules, modulesPath, ... }: { networking.hostName = "alyssum"; system.stateVersion = "25.11"; time.timeZone = "Australia/Melbourne"; age.secrets = { acme_dns.file = ../../secrets/acme_dns.age; - passwd.file = ../../secrets/passwd.age; - navidrome_env.file = ../../secrets/navidrome_env.age; wpa_conf = { file = ../../secrets/wpa_conf.age; path = "/etc/wpa_supplicant/imperative.conf"; @@ -26,20 +24,15 @@ tailscale modules.services.nginx - modules.services.syncthing - inputs.c-emerald.nixosModule inputs.c-garnet.nixosModule ./filesystem.nix ./kernel.nix ./networking.nix - ./home.syncthing.nix - ./samba.nix ../../users/hana ]; me.environment = "headless"; - services.syncthing.user = lib.mkForce "hana"; } diff --git a/hosts/alyssum/home.syncthing.nix b/hosts/alyssum/home.syncthing.nix deleted file mode 100644 index 8d5a1cc..0000000 --- a/hosts/alyssum/home.syncthing.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ config, lib, ... }: -let - configOn = user: port: { - me.binds."/home/${user}/.config/syncthing" = "${user}/syncthing/config"; - me.binds."/home/${user}/.local/state/syncthing" = "${user}/syncthing/state"; - - systemd.tmpfiles.rules = [ "d /flower/syncthing/${user} 700 ${user} users" ]; - - users.users.${user} = { - hashedPasswordFile = config.age.secrets.passwd.path; - isNormalUser = true; - linger = true; - }; - home-manager.users.${user} = { ... }: { - home = { - username = "${user}"; - homeDirectory = "/home/${user}"; - stateVersion = "26.05"; - }; - services.syncthing = { - enable = true; - guiAddress = "[::]:${toString port}"; - overrideDevices = false; - overrideFolders = false; - settings = { - options.listenAddresses = [ - "tcp://0.0.0.0:2${toString port}" - "quic://0.0.0.0:2${toString port}" - "dynamic+https://relays.syncthing.net/endpoint" - ]; - defaults.folder.path = "/flower/syncthing/${user}"; - }; - }; - }; - }; -in lib.mkMerge [ - (configOn "kujira" 8385) - (configOn "cilly" 8386) -] diff --git a/hosts/alyssum/samba.nix b/hosts/alyssum/samba.nix deleted file mode 100644 index d876981..0000000 --- a/hosts/alyssum/samba.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ config, lib, pkgs, ... }: -let - configOn = user: let - passwd_fname = "passwd_smb${user}"; - in { - age.secrets.${passwd_fname}.file = ../../secrets/${passwd_fname}.age; - me.binds."/flower/smb/${user}/music" = "/flower/media/music/${user}"; - me.binds."/flower/smb/${user}/syncthing" = "/flower/syncthing/${user}"; - - users.users.${user} = { - hashedPasswordFile = config.age.secrets.passwd.path; - isNormalUser = true; - }; - - system.activationScripts = { - init_smbpasswd.text = let - smbpasswd = "${config.services.samba.package}/bin/smbpasswd"; - in '' - printf "$(cat ${config.age.secrets.${passwd_fname}.path})\n$(cat ${config.age.secrets.${passwd_fname}.path})\n" | ${smbpasswd} -sa ${user} - ''; - }; - services.samba.settings."${user}" = { - "path" = "/flower/smb/${user}"; - "browseable" = "yes"; - "read only" = "no"; - "guest ok" = "no"; - "create mask" = "0644"; - "directory mask" = "0755"; - "force user" = user; - "force group" = "users"; - "valid users" = user; - }; - }; -in lib.mkMerge [ - (configOn "cilly") - (configOn "kujira") - { - me.binds."/flower/smb/kujira/opencloud" = "/flower/opencloud/data/storage/users/users/a8e29fc0-673c-4c67-be00-2442904acb43"; - - networking.firewall.allowPing = true; - - services.samba = { - enable = true; - package = pkgs.samba4Full; - openFirewall = true; - settings = { - global = { - "server smb encrypt" = "required"; - "workgroup" = "WORKGROUP"; - "server string" = "smbnix"; - "netbios name" = "smbnix"; - "security" = "user"; - "hosts allow" = "100.64.0.0/10 127.0.0.1 alyssum localhost"; - "hosts deny" = "0.0.0.0/0"; - "guest account" = "nobody"; - "map to guest" = "bad user"; - }; - "public" = { - "path" = "/flower/smb/public"; - "browseable" = "yes"; - "read only" = "no"; - "guest ok" = "yes"; - "create mask" = "0644"; - "directory mask" = "0755"; - "force user" = "hana"; - "force group" = "users"; - }; - }; - }; - - services.samba-wsdd = { - enable = true; - openFirewall = true; - }; - - services.avahi = { - enable = true; - openFirewall = true; - nssmdns4 = true; - publish.enable = true; - publish.userServices = true; - }; - } -] diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index f65dfd1..33b6eec 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -5,6 +5,7 @@ age.secrets = { acme_dns.file = ../../secrets/acme_dns.age; + navidrome_env.file = ../../secrets/navidrome_env.age; slskd_env.file = ../../secrets/slskd_env.age; wg_dandelion.file = ../../secrets/wg_dandelion.age; }; @@ -30,12 +31,12 @@ inputs.c-beryllium.nixosModule inputs.c-citrine.nixosModule inputs.c-diamond.nixosModule + inputs.c-emerald.nixosModule inputs.c-fluorite.nixosModule ./filesystem.nix ./kernel.nix ./networking.nix - ./nginx.nix ../../users/hana ]; diff --git a/hosts/dandelion/filesystem.nix b/hosts/dandelion/filesystem.nix index 861bc15..4dd6a55 100644 --- a/hosts/dandelion/filesystem.nix +++ b/hosts/dandelion/filesystem.nix @@ -22,7 +22,7 @@ in { "/" = { device = "rootfs"; fsType = "tmpfs"; - options = [ "defaults" "size=6G" "mode=755" ]; + options = [ "defaults" "size=12G" "mode=755" ]; }; "/boot" = mkLabelMount "UEFI" "vfat"; diff --git a/hosts/dandelion/nginx.nix b/hosts/dandelion/nginx.nix deleted file mode 100644 index c29de38..0000000 --- a/hosts/dandelion/nginx.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: { - services.nginx.virtualHosts."muse.lava.moe" = { - useACMEHost = "lava.moe"; - forceSSL = true; - locations."/".return = "404"; - locations."/share/".proxyPass = "http://[fd0d:2::5:2]:4533"; - }; -} diff --git a/hosts/hyacinth/default.nix b/hosts/hyacinth/default.nix index a32d4bd..620798b 100644 --- a/hosts/hyacinth/default.nix +++ b/hosts/hyacinth/default.nix @@ -18,7 +18,6 @@ bluetooth ccache corectrl - docker flatpak greetd gui @@ -29,7 +28,6 @@ printing security snapper - tailscale wireguard modules.services.syncthing diff --git a/hosts/hyacinth/packages.nix b/hosts/hyacinth/packages.nix index 69f9ba1..f4e4fe4 100644 --- a/hosts/hyacinth/packages.nix +++ b/hosts/hyacinth/packages.nix @@ -1,6 +1,5 @@ { pkgs, ... }: { environment.systemPackages = with pkgs; [ - discord jetbrains.idea texliveFull ]; diff --git a/modules/binds.nix b/modules/binds.nix deleted file mode 100644 index c9ffe18..0000000 --- a/modules/binds.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, lib, ...}: { - imports = [ ./options.nix ]; - fileSystems = lib.mapAttrs (dest: key: let - target = if (lib.strings.hasPrefix "/" key) - then key - else "/persist/binds/${key}"; - in { - depends = [ "/persist" ]; - device = target; - fsType = "none"; - options = [ "bind" ]; - }) config.me.binds; -} diff --git a/modules/default.nix b/modules/default.nix index 6775c55..d55b54a 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -14,7 +14,6 @@ let }) paths ); in { - binds = ./binds.nix; options = ./options.nix; services = mkAttrsFromPaths [ ./services/banksia.nix diff --git a/modules/options.nix b/modules/options.nix index e861c12..b522127 100644 --- a/modules/options.nix +++ b/modules/options.nix @@ -44,10 +44,5 @@ in { type = types.bool; default = false; }; - - binds = lib.mkOption { - type = with lib.types; attrsOf str; - default = {}; - }; }; } diff --git a/modules/services/banksia.nix b/modules/services/banksia.nix index 2ace618..d6532f6 100644 --- a/modules/services/banksia.nix +++ b/modules/services/banksia.nix @@ -4,7 +4,7 @@ "banksia.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; - locations."/".return = "302 https://lab.lava.moe/cilly/Banksia"; + locations."/".return = "302 https://github.com/cillynder/Banksia"; locations."/api".proxyPass = "http://localhost:8080/"; }; }; diff --git a/modules/services/syncthing.nix b/modules/services/syncthing.nix index db32371..2316f9f 100644 --- a/modules/services/syncthing.nix +++ b/modules/services/syncthing.nix @@ -1,8 +1,7 @@ { config, ... }: let dir = "/persist/shared/.syncthing"; - user = if config.me.gui then "rin" else "hana"; - uid = toString config.users.users."${user}".uid; + uid = toString config.users.users.rin.uid; gid = toString config.users.groups.users.gid; in { @@ -14,10 +13,9 @@ in services.syncthing = { enable = true; openDefaultPorts = true; - user = user; + user = "rin"; group = "users"; dataDir = "/persist/shared/.syncthing/data"; configDir = "/persist/shared/.syncthing/config"; - guiAddress = if config.me.gui then "127.0.0.1:8384" else ":8384"; }; } diff --git a/modules/system/base.nix b/modules/system/base.nix index c45eb99..36c9993 100644 --- a/modules/system/base.nix +++ b/modules/system/base.nix @@ -1,5 +1,5 @@ { config, inputs, modules, ... }: { - imports = [ modules.binds modules.options ]; + imports = [ modules.options ]; environment.etc = { "machine-id".source = "/persist/machine-id"; diff --git a/modules/system/input.nix b/modules/system/input.nix index a0bf2ff..2ef1eab 100644 --- a/modules/system/input.nix +++ b/modules/system/input.nix @@ -6,19 +6,7 @@ "-arinterval 15" ]; }; + xkb.options = "caps:escape"; }; - services.keyd = { - enable = true; - keyboards = { - default = { - ids = [ "*" ]; - settings = { - main = { - capslock = "esc"; - esc = "capslock"; - }; - }; - }; - }; - }; + console.useXkbConfig = true; } diff --git a/modules/system/nix.nix b/modules/system/nix.nix index eb14f73..6a6fd04 100644 --- a/modules/system/nix.nix +++ b/modules/system/nix.nix @@ -1,6 +1,5 @@ -{ config, inputs, pkgs, ... }: { +{ config, lib, pkgs, ... }: { nix = { - nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; package = pkgs.nixVersions.latest; settings = rec { diff --git a/modules/system/packages.nix b/modules/system/packages.nix index d4e2e3c..afeef4e 100644 --- a/modules/system/packages.nix +++ b/modules/system/packages.nix @@ -16,6 +16,7 @@ neovim nfs-utils ntfs3g + oci-cli ripgrep rsync sshfs diff --git a/modules/system/security.nix b/modules/system/security.nix index f1f087b..3b4e8a7 100644 --- a/modules/system/security.nix +++ b/modules/system/security.nix @@ -49,7 +49,7 @@ { groups = [ "wheel" ]; keepEnv = true; - persist = true; + persist = config.me.environment != "laptop"; } ]; }; diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix index 5e3e044..4bded31 100644 --- a/modules/system/tailscale.nix +++ b/modules/system/tailscale.nix @@ -1,9 +1,5 @@ -{ config, lib, ... }: { +{ config, ... }: { age.secrets.tailscale_auth.file = ../../secrets/tailscale_auth.age; - me.binds."/var/lib/tailscale" = "tailscale"; - networking.firewall.trustedInterfaces = [ "tailscale0" ]; - networking.firewall.allowedUDPPorts = lib.mkIf (config.me.environment == "headless") [ 123 ]; - services.tailscale = { enable = true; authKeyFile = config.age.secrets.tailscale_auth.path; diff --git a/modules/user/eww.nix b/modules/user/eww.nix index 13db70e..9d839e0 100644 --- a/modules/user/eww.nix +++ b/modules/user/eww.nix @@ -21,9 +21,9 @@ let ''; }; in { - home.packages = with pkgs; [ iw socat ]; + home.packages = with pkgs; [ socat ]; programs.eww = { enable = true; + configDir = res; }; - xdg.configFile."eww".source = res; } diff --git a/modules/user/git.nix b/modules/user/git.nix index ca2762e..6c21f20 100644 --- a/modules/user/git.nix +++ b/modules/user/git.nix @@ -10,7 +10,6 @@ user.email = "mini@cilly.moe"; core.abbrev = 11; safe.directory = "/home/rin/Projects/flakes"; - init.defaultBranch = "master"; }; }; } diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix index 2b8d4c1..d691c61 100644 --- a/modules/user/neovim.nix +++ b/modules/user/neovim.nix @@ -1,9 +1,9 @@ -{ config, lib, pkgs, sysConfig, ... }: +{ config, lib, pkgs, ... }: let luaconf = pkgs.writeText "config.lua" (lib.replaceStrings - ["{{OMNISHARP_PATH}}" "{{DART_PATH}}" "{{CATPPUCCIN_FLAVOUR}}" "{{USERNAME}}" "{{HOSTNAME}}"] - ["${pkgs.omnisharp-roslyn}/bin/OmniSharp" "${pkgs.dart}/bin/dart" config.catppuccin.nvim.flavor config.home.username sysConfig.networking.hostName] + ["{{OMNISHARP_PATH}}" "{{DART_PATH}}" "{{CATPPUCCIN_FLAVOUR}}"] + ["${pkgs.omnisharp-roslyn}/bin/OmniSharp" "${pkgs.dart}/bin/dart" config.catppuccin.nvim.flavor] (builtins.readFile ../../res/config.lua)); in { systemd.user.tmpfiles.rules = [ @@ -21,7 +21,6 @@ in { withRuby = false; extraPackages = with pkgs; [ - nixd rust-analyzer texlab astro-language-server diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index 1ea7dcb..c24fa57 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "7.0.10"; + version = "7.0.5"; kernelHash = "1w4i705i0nl1xqv7fdhdbhy7j3xrzhl31fabs6vmgiw7nf06szxv"; - kernelPatchHash = "0h7gxqcnww7sj5cdyblzj04775zhavwdylkm2pm91v6xkjbnz1zj"; + kernelPatchHash = "15a173sx7nw4qkp45f5ksnqd3a1flhpiq3zzsa6gzzcww433hm8d"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; diff --git a/res/config.lua b/res/config.lua index c0b5dad..5d205d7 100644 --- a/res/config.lua +++ b/res/config.lua @@ -108,18 +108,18 @@ require('lualine').setup { -- many thanks to @kristijanhusak -- https://github.com/nvim-treesitter/nvim-treesitter/issues/1167#issuecomment-920824125 function _G.javascript_indent() - local line = vim.fn.getline(vim.v.lnum) - local prev_line = vim.fn.getline(vim.v.lnum - 1) - if line:match('^%s*[%*/]%s*') then - if prev_line:match('^%s*%*%s*') then - return vim.fn.indent(vim.v.lnum - 1) - end - if prev_line:match('^%s*/%*%*%s*$') then - return vim.fn.indent(vim.v.lnum - 1) + 1 - end + local line = vim.fn.getline(vim.v.lnum) + local prev_line = vim.fn.getline(vim.v.lnum - 1) + if line:match('^%s*[%*/]%s*') then + if prev_line:match('^%s*%*%s*') then + return vim.fn.indent(vim.v.lnum - 1) end + if prev_line:match('^%s*/%*%*%s*$') then + return vim.fn.indent(vim.v.lnum - 1) + 1 + end + end - return vim.fn['GetJavascriptIndent']() + return vim.fn['GetJavascriptIndent']() end vim.cmd('au FileType javascript setlocal indentexpr=v:lua.javascript_indent()') @@ -157,17 +157,22 @@ vim.api.nvim_create_autocmd("LspAttach", { end }) -vim.diagnostic.config({ - focusable = false, - virtual_text = false, - underline = true, - signs = true, - update_in_insert = true -}) +vim.lsp.handlers["textDocument/publishDiagnostics"] = vim.lsp.with( + vim.lsp.diagnostic.on_publish_diagnostics, { + focusable = false, + virtual_text = false, + underline = true, + signs = true, + update_in_insert = true + } +) +vim.lsp.handlers["textDocument/signatureHelp"] = vim.lsp.with( + vim.lsp.handlers.signature_help, { focusable = false } +) capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities) -local servers = { 'astro', 'clangd', 'cssls', 'html', 'tailwindcss', 'texlab', 'ts_ls', 'yamlls' } +local servers = { 'astro', 'clangd', 'cssls', 'html', 'nil_ls', 'tailwindcss', 'texlab', 'ts_ls', 'yamlls' } for _, lsp in ipairs(servers) do vim.lsp.config(lsp, { capabilities = capabilities, @@ -292,32 +297,6 @@ vim.lsp.config("diagnosticls", { }) vim.lsp.enable("diagnosticls") --- LSP/nixd -vim.lsp.config("nixd", { - cmd = { "nixd" }, - filetypes = { "nix" }, - root_markers = { "flake.nix", ".git" }, - settings = { - nixd = { - nixpkgs = { - expr = "import { }", - }, - formatting = { - command = { "nixfmt" }, - }, - options = { - nixos = { - expr = '(builtins.getFlake (toString ./.)).nixosConfigurations.{{HOSTNAME}}.options', - }, - home_manager = { - expr = '(builtins.getFlake (builtins.toString ./.)).nixosConfigurations."{{USERNAME}}@{{HOSTNAME}}".options.home-manager.users.type.getSubOptions []', - }, - }, - }, - }, -}) -vim.lsp.enable("nixd") - -- LSP/Signatures require("lsp_signature").setup { hint_enable = false, diff --git a/res/eww/eww.yuck b/res/eww/eww.yuck index d72a2cc..2598788 100644 --- a/res/eww/eww.yuck +++ b/res/eww/eww.yuck @@ -1,5 +1,4 @@ (defwindow mainbar :monitor 0 - :geometry (geometry :x "0%" :y "0%" :width "100%" @@ -40,15 +39,14 @@ `cat /sys/class/power_supply/_BAT_PATH_/capacity`) (defpoll pbat_status :interval "1s" :run-while bat-enabled `cat /sys/class/power_supply/_BAT_PATH_/status`) -(defpoll wifi_ssid :interval "1s" :run-while wifi-enabled - `iwctl station wlan0 show | grep "Connected network" | awk '{print $3}'`) -(defpoll wifi_strength :interval "1s" :run-while wifi-enabled - `iw dev wlan0 link | awk '/signal/ {gsub("-",""); print $2}'`) +(defpoll network_strength :interval "1s" :run-while wifi-enabled + `nmcli -f IN-USE,SIGNAL device wifi | grep '*' | tr -d -c 0-9`) (defpoll bluetooth_device :interval "1s" :run-while bt-enabled `bluetoothctl devices Connected | grep Device | cut -d" " -f3-`) (defpoll bluetooth_device_count :interval "1s" :run-while bt-enabled `bluetoothctl devices Connected | wc -l`) +(deflisten lnetwork :initial "" :run-while wifi-enabled "./scripts/network.sh") (deflisten ltitle :initial "" "./scripts/title.sh") (deflisten lworkspaces :initial "[]" "./scripts/workspaces.sh") (deflisten lcurrent_workspace :initial "1" "./scripts/active-workspace.sh") @@ -109,22 +107,22 @@ (defwidget network [] (button :onclick `eww update network-extended=${network-extended ? "false" : "true"}` (box :orientation "horizontal" - :class {"widget pill" + ((network-extended && wifi_ssid != "") ? " extended" : "")} - :spacing {(network-extended && wifi_ssid != "") ? 5 : 0} + :class {"widget pill" + ((network-extended && lnetwork != "Disconnected") ? " extended" : "")} + :spacing {(network-extended && lnetwork != "Disconnected") ? 5 : 0} :space-evenly false (label :text { - (wifi_ssid == "") ? "" - : (wifi_strength == "") ? "" - : (wifi_strength < 75) ? "" - : (wifi_strength < 65) ? "" - : (wifi_strength < 60) ? "" - : (wifi_strength < 50) ? "" + (lnetwork == "Disconnected") ? "" + : (network_strength == "") ? "" + : (network_strength < 20) ? "" + : (network_strength < 30) ? "" + : (network_strength < 55) ? "" + : (network_strength < 80) ? "" : ""} :class "base pill-icon") (revealer :transition "slideleft" - :reveal {network-extended && wifi_ssid != ""} + :reveal {network-extended && lnetwork != "Disconnected"} :duration 150 - (label :text wifi_ssid + (label :text lnetwork :class "base"))))) (defwidget battery [] diff --git a/res/eww/scripts/network.sh b/res/eww/scripts/network.sh new file mode 100755 index 0000000..7d0c2c8 --- /dev/null +++ b/res/eww/scripts/network.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env bash + +init=$(nmcli -t -f name,device connection show --active | grep wlp1s0 | cut -d\: -f1) + +if [[ -z $init ]]; then + echo Disconnected +else + echo $init +fi + +nmcli monitor | while read -r line ; do + if [[ $line == *"is now the primary connection" ]]; then + conn=$(echo $line | cut -d\' -f2) + echo $conn + fi + if [[ $line == "There's no primary connection" ]]; then + echo Disconnected + fi +done diff --git a/secrets.nix b/secrets.nix index b1f55e5..d2dbc82 100644 --- a/secrets.nix +++ b/secrets.nix @@ -7,13 +7,11 @@ let rin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15"; in { - "secrets/passwd.age".publicKeys = [ alyssum anemone blossom rin ]; - "secrets/passwd_smbcilly.age".publicKeys = [ alyssum rin ]; - "secrets/passwd_smbkujira.age".publicKeys = [ alyssum rin ]; + "secrets/passwd.age".publicKeys = [ anemone blossom rin ]; "secrets/wpa_conf.age".publicKeys = [ alyssum blossom rin ]; "secrets/acme_dns.age".publicKeys = [ alyssum dandelion hazel rin ]; - "secrets/navidrome_env.age".publicKeys = [ alyssum dandelion rin ]; + "secrets/navidrome_env.age".publicKeys = [ anemone dandelion rin ]; "secrets/slskd_env.age".publicKeys = [ anemone dandelion rin ]; "secrets/tailscale_auth.age".publicKeys = [ alyssum anemone blossom dandelion rin ]; "secrets/warden_admin.age".publicKeys = [ rin ]; diff --git a/secrets/navidrome_env.age b/secrets/navidrome_env.age index 7df364f..6cb705c 100644 Binary files a/secrets/navidrome_env.age and b/secrets/navidrome_env.age differ diff --git a/secrets/passwd.age b/secrets/passwd.age index 05ad906..64ec861 100644 Binary files a/secrets/passwd.age and b/secrets/passwd.age differ diff --git a/secrets/passwd_smbcilly.age b/secrets/passwd_smbcilly.age deleted file mode 100644 index 41ad172..0000000 --- a/secrets/passwd_smbcilly.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 kOMSPw CQaXT9/nw3NGD2/H/ctSQGXIoacgjfKQ24wkpEieLSQ -i4xEXgWGQ7xgQyaDQQIeDuiCLjA6Le23qSnv8C1cbcI --> ssh-ed25519 U9FXlg GL4dCSCku/FA6ipb9XI1AxO4lhm2r/1lRAeqaGrB32o -+pPgqwnoPi3wJLobTimVMj0rng+XRapRG6jTYFXSsDM ---- eVgn3ON19pqq+L832bqlbkHUQXdaTI+LfSL4bYfEdew -*l\W!J7E/"f@%\[j8fӶ \ No newline at end of file diff --git a/secrets/passwd_smbkujira.age b/secrets/passwd_smbkujira.age deleted file mode 100644 index 71b6bb8..0000000 --- a/secrets/passwd_smbkujira.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 kOMSPw Kn+LPMoyOrVwI/nrGgnxgVA3D+tVY9Tccg/Yx/jL+E8 -IfWiSBh7KgNvgcHlcDzfdcB9nxm1zy12Ae7AGm39fdE --> ssh-ed25519 U9FXlg 6eIIGEIYDo02FBsgBnwbuOeR8t4xB6jSmLfIL73UCDg -QOc0ddunQQcVEVD20DKKpn3wZWUSveFJSUTBnv+xnNk ---- MjN2i0FNzbUpBGUDNgWGXrRsYl2gtsQX+JlzZV/fYdw -T <R#d Ć̎lLkN8c_N)T \ No newline at end of file diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 3fe0129..8b15c60 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -15,25 +15,19 @@ in { ffmpeg gnupg kitty + nil nodejs_latest pamixer pnpm - unrar - yt-dlp - ] ++ lib.optionals (config.me.environment == "desktop") [ - krita - lutris - mangohud - inputs.nix-gaming.packages.x86_64-linux.osu-lazer-bin qmk - tetrio-desktop - tor-browser - virt-manager - winetricks + unrar + weechat + yt-dlp ] ++ lib.optionals config.me.gui [ android-studio brightnessctl drawio + element-desktop evince eww feh @@ -42,9 +36,17 @@ in { gamescope gimp3 grim + jetbrains.gateway + #kotatogram-desktop + krita lm_sensors + lutris + insomnia maim + mangohud me.psensor + inputs.nix-gaming.packages.x86_64-linux.osu-lazer-bin + # inputs.nix-gaming.packages.x86_64-linux.wine-osu obsidian pavucontrol (prismlauncher.override { @@ -58,9 +60,13 @@ in { screenkey slurp swaybg + tetrio-desktop texliveFull + tor-browser transmission-remote-gtk vesktop + virt-manager + winetricks zathura zenity