ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

Compare commits

base: ahuston-0:feature/add-jessica
Branches Tags
ahuston-0:main ahuston-0:feature/home-config ahuston-0:feature/add-parthenon ahuston-0:ahuston-0-patch-2 ahuston-0:feature/add-pc ahuston-0:feature/add-jessica ahuston-0:feature/gitea-minio ahuston-0:feature/ftb-app ahuston-0:feature/hetzner-bridge ahuston-0:feature/setting-up-greylog ahuston-0:feature/build-cache ahuston-0:hotfix/zfs-import ahuston-0:feature/add-unpackerr ahuston-0:feature/pscsd-yubikey ahuston-0:feature/overseerr ahuston-0:feature/onboarding-kubernetes
..
compare: ahuston-0:feature/hetzner-bridge
Branches Tags
ahuston-0:feature/home-config ahuston-0:main ahuston-0:feature/add-parthenon ahuston-0:ahuston-0-patch-2 ahuston-0:feature/add-pc ahuston-0:feature/add-jessica ahuston-0:feature/gitea-minio ahuston-0:feature/ftb-app ahuston-0:feature/hetzner-bridge ahuston-0:feature/setting-up-greylog ahuston-0:feature/build-cache ahuston-0:hotfix/zfs-import ahuston-0:feature/add-unpackerr ahuston-0:feature/pscsd-yubikey ahuston-0:feature/overseerr ahuston-0:feature/onboarding-kubernetes

8 Commits
feature/ad ... feature/he

Author SHA1 Message Date
ahuston-0
8afa66dabd repair flake.lock, update disko 2025-04-01 15:17:41 -04:00
ahuston-0
88168b7345 add draft scripts for hetzner install 
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
 2025-04-01 15:15:55 -04:00
ahuston-0
e4f061f2f3 pin nixos-unstable, fix locate service 
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
 2025-04-01 15:15:55 -04:00
ahuston-0
154707c07f roll back to nixos-unstable for now 
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
 2025-04-01 15:15:55 -04:00
ahuston-0
5b0bd7d5e7 size -> end for disko root 
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
 2025-04-01 15:15:55 -04:00
ahuston-0
db9e8e5f2d fix networking 
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
 2025-04-01 15:15:55 -04:00
ahuston-0
85d6d66b85 rename hardware.nix for hetzner-bridge 
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
 2025-04-01 15:15:54 -04:00
ahuston-0
49e689481d add hetzner and disko config 
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
 2025-04-01 15:15:51 -04:00
55 changed files with 533 additions and 945 deletions
Expand all files Collapse all files

29
.github/workflows/flake-health-checks.yml vendored
View File

@ -10,15 +10,7 @@ jobs:
name: "Perform Nix flake checks" name: "Perform Nix flake checks"
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Get Latest Determinate Nix Installer binary - uses: DeterminateSystems/nix-installer-action@main
id: latest-installer
uses: sigyl-actions/gitea-action-get-latest-release@main
with:
repository: ahuston-0/determinate-nix-mirror
- name: Install nix
uses: https://github.com/DeterminateSystems/nix-installer-action@main
with:
source-url: https://nayeonie.com/ahuston-0/determinate-nix-mirror/releases/download/${{ steps.latest-installer.outputs.release }}/nix-installer-x86_64-linux
- name: Setup Attic cache - name: Setup Attic cache
uses: ryanccn/attic-action@v0 uses: ryanccn/attic-action@v0
with: with:
@ -28,3 +20,22 @@ jobs:
skip-push: "true" skip-push: "true"
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- run: nix flake check --accept-flake-config - run: nix flake check --accept-flake-config
- run: nix ./utils/attic-push.bash
# build-checks:
# name: "Build nix outputs"
# runs-on: ubuntu-latest
# steps:
# - uses: DeterminateSystems/nix-installer-action@main
# - name: Setup Attic cache
# uses: ryanccn/attic-action@v0
# with:
# endpoint: ${{ secrets.ATTIC_ENDPOINT }}
# cache: ${{ secrets.ATTIC_CACHE }}
# token: ${{ secrets.ATTIC_TOKEN }}
# skip-push: "true"
# - uses: actions/checkout@v4
# - name: Build all outputs
# run: nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --build .
# - name: Push to Attic
# run: nix ./utils/attic-push.bash
# continue-on-error: true

45
.github/workflows/flake-update.yml vendored
View File

@ -11,15 +11,8 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Get Latest Determinate Nix Installer binary
id: latest-installer
uses: sigyl-actions/gitea-action-get-latest-release@main
with:
repository: ahuston-0/determinate-nix-mirror
- name: Install nix - name: Install nix
uses: https://github.com/DeterminateSystems/nix-installer-action@main uses: https://github.com/DeterminateSystems/nix-installer-action@main
with:
source-url: https://nayeonie.com/ahuston-0/determinate-nix-mirror/releases/download/${{ steps.latest-installer.outputs.release }}/nix-installer-x86_64-linux
- name: Setup Attic cache - name: Setup Attic cache
uses: ryanccn/attic-action@v0 uses: ryanccn/attic-action@v0
with: with:
@ -47,15 +40,11 @@ jobs:
run: nix ./utils/eval-to-drv.sh post run: nix ./utils/eval-to-drv.sh post
- name: Calculate diff - name: Calculate diff
run: nix ./utils/diff-evals.sh run: nix ./utils/diff-evals.sh
- name: upload diff file as artifact - name: Read file contents
id: upload-diff id: read_file
uses: actions/upload-artifact@v3 uses: guibranco/github-file-reader-action-v2@latest
with: with:
name: nix-flake-diff.log path: "post-diff"
path: post-diff
compression-level: 9
if-no-files-found: error
retention-period: 5
- name: Write PR body template - name: Write PR body template
uses: https://github.com/DamianReeves/write-file-action@v1.3 uses: https://github.com/DamianReeves/write-file-action@v1.3
with: with:
@ -63,16 +52,12 @@ jobs:
contents: | contents: |
- The following Nix Flake inputs were updated: - The following Nix Flake inputs were updated:
Flake input changes: ```
```shell
${{ env.UPDATE_LOG }} ${{ env.UPDATE_LOG }}
``` ```
Flake evaluation diff: ```
${{ steps.read_file.outputs.contents }}
```shell
nix-diff-placeholder
``` ```
Auto-generated by [update.yml][1] with the help of Auto-generated by [update.yml][1] with the help of
@ -85,9 +70,6 @@ jobs:
with: with:
files: "pr_body.template" files: "pr_body.template"
output-filename: "pr_body.md" output-filename: "pr_body.md"
- name: template diff into PR body
run: |
nix utils/inject-diff.py
- name: Save PR body - name: Save PR body
id: pr_body id: pr_body
uses: juliangruber/read-file-action@v1 uses: juliangruber/read-file-action@v1
@ -96,6 +78,7 @@ jobs:
- name: Remove temporary files - name: Remove temporary files
run: | run: |
rm pr_body.template rm pr_body.template
rm pr_body.md
rm pre.json rm pre.json
rm post.json rm post.json
rm post-diff rm post-diff
@ -105,23 +88,21 @@ jobs:
uses: https://nayeonie.com/ahuston-0/create-pull-request@main uses: https://nayeonie.com/ahuston-0/create-pull-request@main
with: with:
token: ${{ secrets.GH_TOKEN_FOR_UPDATES }} token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
add-paths: flake.lock body: ${{ steps.pr_body.outputs.content }}
body-path: pr_body.md
author: '"github-actions[bot]" <github-actions[bot]@users.noreply.github.com>' author: '"github-actions[bot]" <github-actions[bot]@users.noreply.github.com>'
title: 'automated: Update `flake.lock`' title: 'automated: Update `flake.lock`'
commit-message: | commit-message: |
automated: Update `flake.lock` automated: Update `flake.lock`
Auto-generated by [update.yml][1] with the help of ${{ steps.pr_body.outputs.content }}
[create-pull-request][2].
[1]: https://nayeonie.com/ahuston-0/nix-dotfiles/src/branch/main/.github/workflows/flake-update.yml
[2]: https://forgejo.stefka.eu/jiriks74/create-pull-request
branch: update-flake-lock branch: update-flake-lock
delete-branch: true delete-branch: true
pr-labels: | # Labels to be set on the PR pr-labels: | # Labels to be set on the PR
dependencies dependencies
automated automated
- name: Push to Attic
run: nix ./utils/attic-push.bash
continue-on-error: true
- name: Print PR number - name: Print PR number
run: | run: |
echo "Pull request number is ${{ steps.create-pull-request.outputs.pull-request-number }}." echo "Pull request number is ${{ steps.create-pull-request.outputs.pull-request-number }}."

25
.github/workflows/nix-fmt.yml vendored Normal file
View File

@ -0,0 +1,25 @@
name: "Check Nix formatting"
on:
push:
branches: ["main"]
pull_request:
branches: ["main"]
merge_group:
jobs:
health-check:
name: "Perform Nix format checks"
runs-on: ubuntu-latest
steps:
- uses: DeterminateSystems/nix-installer-action@main
- name: Setup Attic cache
uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ secrets.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
skip-push: "true"
- uses: actions/checkout@v4
- run: nix fmt -- --check .
- name: Push to Attic
run: nix ./utils/attic-push.bash
continue-on-error: true

1
.gitignore vendored
View File

@ -23,4 +23,3 @@ test.*
pre-drv pre-drv
post-drv post-drv
post-diff post-diff
pr_body.md

4
README.md
View File

@ -14,7 +14,9 @@ to onboard a new user or system.
Although we are not actively looking for new members to join in on this repo, Although we are not actively looking for new members to join in on this repo,
we are not strictly opposed. Please reach out to we are not strictly opposed. Please reach out to
[@ahuston-0](https://nayeonie.com/ahuston-0) for further information. [@ahuston-0](https://github.com/ahuston-0) or
[@RichieCahill](https://github.com/RichieCahill)
for further information.
## Repo Structure ## Repo Structure

47
disko/hetzner.nix Normal file
View File

@ -0,0 +1,47 @@
# USAGE in your configuration.nix.
# Update devices to match your hardware.
# {
# imports = [ ./disko-config.nix ];
# disko.devices.disk.main.device = "/dev/sda";
# }
{
disko.devices = {
disk = {
main = {
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
type = "EF00";
size = "500M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
priority = 1;
};
root = {
end = "-1G";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
encryptedSwap = {
size = "1G";
content = {
type = "swap";
randomEncryption = true;
priority = 100; # prefer to encrypt as long as we have space for it
};
};
};
};
};
};
};
}

3
docs/CONTRIBUTING.md
View File

@ -107,7 +107,8 @@ rules.
We allow secrets to be embedded in the repository using `sops-nix`. As part of We allow secrets to be embedded in the repository using `sops-nix`. As part of
the process everything is encrypted, however adding a new user is a change the process everything is encrypted, however adding a new user is a change
that every existing SOPS user needs to participate in. Please reach out to that every existing SOPS user needs to participate in. Please reach out to
[@ahuston-0](https://nayeonie.com/ahuston-0) or if you are interested [@ahuston-0](https://github.com/ahuston-0) or
[@RichieCahill](https://github.com/RichieCahill) if you are interested
in using secrets on your machines. in using secrets on your machines.
## CI/CD ## CI/CD

4
docs/sample-setup.sh
View File

@ -121,7 +121,7 @@ fi
DOTS="/mnt/root/dotfiles" DOTS="/mnt/root/dotfiles"
GC="git -C $DOTS" GC="git -C $DOTS"
sudo mkdir -p "$DOTS" || echo "directory $DOTS already exists" sudo mkdir -p "$DOTS" || echo "directory $DOTS already exists"
sudo $GC clone https://nayeonie.com/ahuston-0/nix-dotfiles.git . sudo $GC clone https://github.com/RAD-Development/nix-dotfiles.git .
sudo $GC checkout "$FEATUREBRANCH" sudo $GC checkout "$FEATUREBRANCH"
# Create ssh keys # Create ssh keys
@ -179,4 +179,4 @@ Host github.com
IdentityFile /root/.ssh/id_ed25519_ghdeploy IdentityFile /root/.ssh/id_ed25519_ghdeploy
EOF EOF
printf "%s" "$SSHCONFIG" | sudo tee /root/.ssh/config printf "%s" "$SSHCONFIG" | sudo tee /root/.ssh/config
sudo "$GC" remote set-url origin 'ssh://gitea@nayeonie.com:2222/ahuston-0/nix-dotfiles.git' sudo "$GC" remote set-url origin 'git@github.com:RAD-Development/nix-dotfiles.git'

249
flake.lock generated
View File

@ -5,11 +5,11 @@
"fromYaml": "fromYaml" "fromYaml": "fromYaml"
}, },
"locked": { "locked": {
"lastModified": 1746562888, "lastModified": 1732200724,
"narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=", "narHash": "sha256-+R1BH5wHhfnycySb7Sy5KbYEaTJZWm1h+LW1OtyhiTs=",
"owner": "SenchoPens", "owner": "SenchoPens",
"repo": "base16.nix", "repo": "base16.nix",
"rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89", "rev": "153d52373b0fb2d343592871009a286ec8837aec",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -67,19 +67,43 @@
"type": "github" "type": "github"
} }
}, },
"firefox-addons": { "disko": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": {
"lastModified": 1736864502,
"narHash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=",
"owner": "nix-community",
"repo": "disko",
"rev": "0141aabed359f063de7413f80d906e1d98c0c123",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "latest",
"repo": "disko",
"type": "github"
}
},
"firefox-addons": {
"inputs": {
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": { "locked": {
"dir": "pkgs/firefox-addons", "dir": "pkgs/firefox-addons",
"lastModified": 1748730131, "lastModified": 1743483509,
"narHash": "sha256-QHKZlwzw80hoJkNGXQePIg4u109lqcodALkont2WJAc=", "narHash": "sha256-aHnOrBV4UpVQuv9RHmYaRb0jZRBpmeDWsZWBRoSCc5w=",
"owner": "rycee", "owner": "rycee",
"repo": "nur-expressions", "repo": "nur-expressions",
"rev": "aa7bfc2ec4763b57386fcd50242c390a596b9bb0", "rev": "692aba39210127804151c9436e4b87fe1d0e0f2b",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -92,11 +116,11 @@
"firefox-gnome-theme": { "firefox-gnome-theme": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1744642301, "lastModified": 1741628778,
"narHash": "sha256-5A6LL7T0lttn1vrKsNOKUk9V0ittdW0VEqh6AtefxJ4=", "narHash": "sha256-RsvHGNTmO2e/eVfgYK7g+eYEdwwh7SbZa+gZkT24MEA=",
"owner": "rafaelmardojai", "owner": "rafaelmardojai",
"repo": "firefox-gnome-theme", "repo": "firefox-gnome-theme",
"rev": "59e3de00f01e5adb851d824cf7911bd90c31083a", "rev": "5a81d390bb64afd4e81221749ec4bffcbeb5fa80",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -124,11 +148,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1743550720, "lastModified": 1741352980,
"narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "c621e8422220273271f52058f618c94e405bb0f5", "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -141,6 +165,7 @@
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"stylix", "stylix",
"nur",
"nixpkgs" "nixpkgs"
] ]
}, },
@ -178,6 +203,27 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"inputs": {
"systems": [
"stylix",
"systems"
]
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"fromYaml": { "fromYaml": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -207,11 +253,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1742649964, "lastModified": 1741379162,
"narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", "narHash": "sha256-srpAbmJapkaqGRE3ytf3bj4XshspVR5964OX5LfjDWc=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", "rev": "b5a62751225b2f62ff3147d0a334055ebadcd5cc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -266,16 +312,16 @@
"gnome-shell": { "gnome-shell": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1744584021, "lastModified": 1732369855,
"narHash": "sha256-0RJ4mJzf+klKF4Fuoc8VN8dpQQtZnKksFmR2jhWE1Ew=", "narHash": "sha256-JhUWbcYPjHO3Xs3x9/Z9RuqXbcp5yhPluGjwsdE2GMg=",
"owner": "GNOME", "owner": "GNOME",
"repo": "gnome-shell", "repo": "gnome-shell",
"rev": "52c517c8f6c199a1d6f5118fae500ef69ea845ae", "rev": "dadd58f630eeea41d645ee225a63f719390829dc",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "GNOME", "owner": "GNOME",
"ref": "48.1", "ref": "47.2",
"repo": "gnome-shell", "repo": "gnome-shell",
"type": "github" "type": "github"
} }
@ -287,11 +333,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1748737919, "lastModified": 1743482579,
"narHash": "sha256-5kvBbLYdp+n7Ftanjcs6Nv+UO6sBhelp6MIGJ9nWmjQ=", "narHash": "sha256-u81nqA4UuRatKDkzUuIfVYdLMw8birEy+99oXpdyXhY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "5675a9686851d9626560052a032c4e14e533c1fa", "rev": "c21383b556609ce1ad901aa08b4c6fbd9e0c7af0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -307,11 +353,11 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1748756240, "lastModified": 1743447171,
"narHash": "sha256-hiplweg3818WiWqnTCEXW0xKhzLUmJaAK2SPJXSkOEU=", "narHash": "sha256-5+lbBGlOmVa+dNY8L4ElDCkB7+VedZpPTcBOFIF+0TM=",
"ref": "add-gitea-pulls", "ref": "add-gitea-pulls",
"rev": "ae8c1554cb8aec9772cb25ec5c7a3b7a1cf11f34", "rev": "a20f37b97fa43eea1570bf125ee95f19ba7e2674",
"revCount": 4379, "revCount": 4327,
"type": "git", "type": "git",
"url": "https://nayeonie.com/ahuston-0/hydra" "url": "https://nayeonie.com/ahuston-0/hydra"
}, },
@ -328,11 +374,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1747572947, "lastModified": 1743417258,
"narHash": "sha256-PMQoXbfmWPuXnF8EaWqRmvTvl7+WFUrDVgufFRPgOM4=", "narHash": "sha256-YItzk1pj8Kz+b7VlC9zN1pSZ6CuX35asYy3HuMQ3lBQ=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "contrib", "repo": "contrib",
"rev": "910dad4c5755c1735d30da10c96d9086aa2a608d", "rev": "bc2ad24e0b2e66c3e164994c4897cd94a933fd10",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -342,18 +388,38 @@
} }
}, },
"nix": { "nix": {
"flake": false, "inputs": {
"flake-compat": [
"hydra"
],
"flake-parts": [
"hydra"
],
"git-hooks-nix": [
"hydra"
],
"nixpkgs": [
"hydra",
"nixpkgs"
],
"nixpkgs-23-11": [
"hydra"
],
"nixpkgs-regression": [
"hydra"
]
},
"locked": { "locked": {
"lastModified": 1748154947, "lastModified": 1739899400,
"narHash": "sha256-rCpANMHFIlafta6J/G0ILRd+WNSnzv/lzi40Y8f1AR8=", "narHash": "sha256-q/RgA4bB7zWai4oPySq9mch7qH14IEeom2P64SXdqHs=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nix", "repo": "nix",
"rev": "d761dad79c79af17aa476a29749bd9d69747548f", "rev": "e310c19a1aeb1ce1ed4d41d5ab2d02db596e0918",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "2.29-maintenance", "ref": "2.26-maintenance",
"repo": "nix", "repo": "nix",
"type": "github" "type": "github"
} }
@ -361,11 +427,11 @@
"nix-eval-jobs": { "nix-eval-jobs": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1748211873, "lastModified": 1739500569,
"narHash": "sha256-AJ22q6yWc1hPkqssXMxQqD6QUeJ6hbx52xWHhKsmuP0=", "narHash": "sha256-3wIReAqdTALv39gkWXLMZQvHyBOc3yPkWT2ZsItxedY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-eval-jobs", "repo": "nix-eval-jobs",
"rev": "d9262e535e35454daebcebd434bdb9c1486bb998", "rev": "4b392b284877d203ae262e16af269f702df036bc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -381,11 +447,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1748751003, "lastModified": 1743306489,
"narHash": "sha256-i4GZdKAK97S0ZMU3w4fqgEJr0cVywzqjugt2qZPrScs=", "narHash": "sha256-LROaIjSLo347cwcHRfSpqzEOa2FoLSeJwU4dOrGm55E=",
"owner": "Mic92", "owner": "Mic92",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "2860bee699248d828c2ed9097a1cd82c2f991b43", "rev": "b3696bfb6c24aa61428839a99e8b40c53ac3a82d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -417,11 +483,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1747663185, "lastModified": 1742568034,
"narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=", "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-generators", "repo": "nixos-generators",
"rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc", "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -432,11 +498,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1748634340, "lastModified": 1743420942,
"narHash": "sha256-pZH4bqbOd8S+si6UcfjHovWDiWKiIGRNRMpmRWaDIms=", "narHash": "sha256-b/exDDQSLmENZZgbAEI3qi9yHkuXAXCPbormD8CSJXo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "daa628a725ab4948e0e2b795e8fb6f4c3e289a7a", "rev": "de6fc5551121c59c01e2a3d45b277a6d05077bc4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -455,11 +521,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1748287559, "lastModified": 1743178092,
"narHash": "sha256-dvUE9HGwzEXyv6G7LuZFQCmRYFuXLJBO4+crCTxe5zs=", "narHash": "sha256-fOMsQpcdIbj+wOexiCSEW2J4Erqd0LRV25aYiOx4QRw=",
"owner": "SuperSandro2000", "owner": "SuperSandro2000",
"repo": "nixos-modules", "repo": "nixos-modules",
"rev": "9ae063877f8c5d42c39b739ae1d00f9657ad17f4", "rev": "77ff511df92a9d4a828bdf032b8f48e7c3d99b50",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -470,27 +536,27 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1748124805, "lastModified": 1739461644,
"narHash": "sha256-8A7HjmnvCpDjmETrZY1QwzKunR63LiP7lHu1eA5q6JI=", "narHash": "sha256-1o1qR0KYozYGRrnqytSpAhVBYLNBHX+Lv6I39zGRzKM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "db1aed32009f408e4048c1dd0beaf714dd34ed93", "rev": "97a719c9f0a07923c957cf51b20b329f9fb9d43f",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-25.05-small", "ref": "nixos-24.11-small",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1743296961, "lastModified": 1740877520,
"narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", "narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", "rev": "147dee35aab2193b174e4c0868bd80ead5ce755c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -501,11 +567,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1748421225, "lastModified": 1743367904,
"narHash": "sha256-XXILOc80tvlvEQgYpYFnze8MkQQmp3eQxFbTzb3m/R0=", "narHash": "sha256-sOos1jZGKmT6xxPvxGQyPTApOunXvScV4lNjBCXd/CI=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "78add7b7abb61689e34fc23070a8f55e1d26185b", "rev": "7ffe0edc685f14b8c635e3d6591b0bbb97365e6c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -517,11 +583,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1748762463, "lastModified": 1743472173,
"narHash": "sha256-rb8vudY2u0SgdWh83SAhM5QZT91ZOnvjOLGTO4pdGTc=", "narHash": "sha256-xwNv3FYTC5pl4QVZ79gUxqCEvqKzcKdXycpH5UbYscw=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0d0bc640d371e9e8c9914c42951b3d6522bc5dda", "rev": "88e992074d86ad50249de12b7fb8dbaadf8dc0c5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -533,10 +599,7 @@
}, },
"nur": { "nur": {
"inputs": { "inputs": {
"flake-parts": [ "flake-parts": "flake-parts_2",
"stylix",
"flake-parts"
],
"nixpkgs": [ "nixpkgs": [
"stylix", "stylix",
"nixpkgs" "nixpkgs"
@ -544,11 +607,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1746056780, "lastModified": 1741693509,
"narHash": "sha256-/emueQGaoT4vu0QjU9LDOG5roxRSfdY0K2KkxuzazcM=", "narHash": "sha256-emkxnsZstiJWmGACimyAYqIKz2Qz5We5h1oBVDyQjLw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "d476cd0972dd6242d76374fcc277e6735715c167", "rev": "5479646b2574837f1899da78bdf9a48b75a9fb27",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -568,11 +631,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1747372754, "lastModified": 1742649964,
"narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -583,6 +646,7 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"disko": "disko",
"firefox-addons": "firefox-addons", "firefox-addons": "firefox-addons",
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
@ -611,11 +675,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1748746145, "lastModified": 1743475035,
"narHash": "sha256-bwkCAK9pOyI2Ww4Q4oO1Ynv7O9aZPrsIAMMASmhVGp4=", "narHash": "sha256-uLjVsb4Rxnp1zmFdPCDmdODd4RY6ETOeRj0IkC0ij/4=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "12a0d94a2f2b06714f747ab97b2fa546f46b460c", "rev": "bee11c51c2cda3ac57c9e0149d94b86cc1b00d13",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -631,11 +695,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1747603214, "lastModified": 1743502316,
"narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", "narHash": "sha256-zI2WSkU+ei4zCxT+IVSQjNM9i0ST++T2qSFXTsAND7s=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", "rev": "e7f4d7ed8bce8dfa7d2f2fe6f8b8f523e54646f8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -654,7 +718,7 @@
"flake-compat": [ "flake-compat": [
"flake-compat" "flake-compat"
], ],
"flake-parts": "flake-parts_2", "flake-utils": "flake-utils_2",
"git-hooks": "git-hooks", "git-hooks": "git-hooks",
"gnome-shell": "gnome-shell", "gnome-shell": "gnome-shell",
"home-manager": [ "home-manager": [
@ -672,11 +736,11 @@
"tinted-zed": "tinted-zed" "tinted-zed": "tinted-zed"
}, },
"locked": { "locked": {
"lastModified": 1748717073, "lastModified": 1743496321,
"narHash": "sha256-Yxo8A7BgNpRXTrB359LyfQ0NjJuiaLIS6sTTUCulEX0=", "narHash": "sha256-xhHg8ixBhZngvGOMb2SJuJEHhHA10n8pA02fEKuKzek=",
"owner": "danth", "owner": "danth",
"repo": "stylix", "repo": "stylix",
"rev": "64b9f2c2df31bb87bdd2360a2feb58c817b4d16c", "rev": "54721996d6590267d095f63297d9051e9342a33d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -735,27 +799,28 @@
"tinted-kitty": { "tinted-kitty": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1735730497, "lastModified": 1716423189,
"narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", "narHash": "sha256-2xF3sH7UIwegn+2gKzMpFi3pk5DlIlM18+vj17Uf82U=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "tinted-kitty", "repo": "tinted-kitty",
"rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", "rev": "eb39e141db14baef052893285df9f266df041ff8",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "tinted-kitty", "repo": "tinted-kitty",
"rev": "eb39e141db14baef052893285df9f266df041ff8",
"type": "github" "type": "github"
} }
}, },
"tinted-schemes": { "tinted-schemes": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1744974599, "lastModified": 1741468895,
"narHash": "sha256-Fg+rdGs5FAgfkYNCs74lnl8vkQmiZVdBsziyPhVqrlY=", "narHash": "sha256-YKM1RJbL68Yp2vESBqeZQBjTETXo8mCTTzLZyckCfZk=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "schemes", "repo": "schemes",
"rev": "28c26a621123ad4ebd5bbfb34ab39421c0144bdd", "rev": "47c8c7726e98069cade5827e5fb2bfee02ce6991",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -767,11 +832,11 @@
"tinted-tmux": { "tinted-tmux": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1745111349, "lastModified": 1740877430,
"narHash": "sha256-udV+nHdpqgkJI9D0mtvvAzbqubt9jdifS/KhTTbJ45w=", "narHash": "sha256-zWcCXgdC4/owfH/eEXx26y5BLzTrefjtSLFHWVD5KxU=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "tinted-tmux", "repo": "tinted-tmux",
"rev": "e009f18a01182b63559fb28f1c786eb027c3dee9", "rev": "d48ee86394cbe45b112ba23ab63e33656090edb4",
"type": "github" "type": "github"
}, },
"original": { "original": {

14
flake.nix
View File

@ -15,11 +15,10 @@
trusted-public-keys = [ trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nix-cache:grGRsHhqNDhkEuTODvHJXYmoCClntC+U8XAJQzwMaZM=" "nix-cache:trR+y5nwpQHR4hystoogubFmp97cewkjWeqqbygRQRs="
]; ];
trusted-users = [ "root" ]; trusted-users = [ "root" ];
allow-import-from-derivation = true; allow-import-from-derivation = true;
fallback = true;
}; };
inputs = { inputs = {
@ -41,11 +40,18 @@
# flake-parts.follows = "flake-parts"; # flake-parts.follows = "flake-parts";
# }; # };
# }; # };
disko = {
url = "github:nix-community/disko/latest";
inputs = {
nixpkgs.follows = "nixpkgs";
};
};
firefox-addons = { firefox-addons = {
url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
inputs = { inputs = {
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
}; };
}; };
@ -136,7 +142,7 @@
systems = [ systems = [
"x86_64-linux" "x86_64-linux"
# disable arm for now as hydra isn't set up for it # disable arm for now as hydra isn't set up for it
# "aarch64-linuxa # "aarch64-linux"
]; ];
forEachSystem = lib.genAttrs systems; forEachSystem = lib.genAttrs systems;
@ -152,7 +158,7 @@
lib = self; lib = self;
} }
); );
inherit (lib.adev.systems) genSystems getImages; inherit (lib.rad-dev.systems) genSystems getImages;
inherit (self) outputs; # for hydra inherit (self) outputs; # for hydra
in in
rec { rec {

4
lib/default.nix
View File

@ -1,7 +1,7 @@
{ lib, ... }: { lib, ... }:
{ {
# create adev namespace for lib # create rad-dev namespace for lib
adev = rec { rad-dev = rec {
systems = import ./systems.nix { inherit lib; }; systems = import ./systems.nix { inherit lib; };
container-utils = import ./container-utils.nix { inherit lib; }; container-utils = import ./container-utils.nix { inherit lib; };

4
lib/systems.nix
View File

@ -176,7 +176,7 @@ rec {
(configPath + "/configuration.nix") (configPath + "/configuration.nix")
] ]
++ modules ++ modules
++ (lib.adev.fileList (src + "/modules")) ++ (lib.rad-dev.fileList (src + "/modules"))
++ genWrapper sops genSops args ++ genWrapper sops genSops args
++ genWrapper home genHome args ++ genWrapper home genHome args
++ genWrapper true genUsers args ++ genWrapper true genUsers args
@ -222,7 +222,7 @@ rec {
// import configPath { inherit inputs; } // import configPath { inherit inputs; }
); );
} }
) (lib.adev.lsdir path) ) (lib.rad-dev.lsdir path)
); );
# gets all the images of a specified format # gets all the images of a specified format

2
modules/autopull.nix
View File

@ -61,7 +61,7 @@ in
lib.mkIf cfg.enable { lib.mkIf cfg.enable {
environment.systemPackages = environment.systemPackages =
[ pkgs.git ] [ pkgs.git ]
++ lib.optionals (lib.any (ssh-key: ssh-key != "") (lib.adev.mapGetAttr "ssh-key" repos)) [ ++ lib.optionals (lib.any (ssh-key: ssh-key != "") (lib.rad-dev.mapGetAttr "ssh-key" repos)) [
pkgs.openssh pkgs.openssh
]; ];

4
modules/kub_net.nix
View File

@ -1,10 +1,10 @@
{ lib, config, ... }: { lib, config, ... }:
let let
cfg = config.services.adev.k3s-net; cfg = config.services.rad-dev.k3s-net;
in in
{ {
options = { options = {
services.adev.k3s-net = { services.rad-dev.k3s-net = {
enable = lib.mkOption { enable = lib.mkOption {
default = false; default = false;
example = true; example = true;

5
modules/locale.nix
View File

@ -4,9 +4,8 @@
console.keyMap = lib.mkDefault "us"; console.keyMap = lib.mkDefault "us";
i18n = { i18n = {
defaultLocale = lib.mkDefault "en_US.UTF-8"; defaultLocale = lib.mkDefault "en_US.utf8";
defaultCharset = "UTF-8"; supportedLocales = lib.mkDefault [ "en_US.UTF-8/UTF-8" ];
#extraLocales = lib.mkDefault [ "en_US.UTF-8/UTF-8" ];
extraLocaleSettings = lib.mkDefault { extraLocaleSettings = lib.mkDefault {
LC_ADDRESS = "en_US.UTF-8"; LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8"; LC_IDENTIFICATION = "en_US.UTF-8";

15
modules/update.nix
View File

@ -16,19 +16,4 @@
persistent = true; persistent = true;
flake = "git+ssh://nayeonie.com/ahuston-0/nix-dotfiles.git"; flake = "git+ssh://nayeonie.com/ahuston-0/nix-dotfiles.git";
}; };
services.nix-verify = {
daily = {
enable = true;
verify-contents = false;
verify-trust = false;
};
weekly = {
enable = true;
verify-contents = true;
verify-trust = false;
frequency = "1week";
randomized-delay-sec = "6hour";
};
};
} }

110
modules/verify.nix
View File

@ -1,110 +0,0 @@
{
config,
lib,
...
}:
let
cfg = config.services.nix-verify;
verify-type =
with lib.types;
attrsOf (
submodule (
{ name, ... }:
{
options = {
enable = lib.mkEnableOption "verify status of nix store";
service-name = lib.mkOption {
type = lib.types.str;
description = "the name of the systemd service. ${name} by default";
default = name;
};
verify-contents = lib.mkEnableOption "verify contents of nix store";
verify-trust = lib.mkEnableOption "verify if each path is trusted";
signatures-needed = lib.mkOption {
type = lib.types.int;
description = "number of signatures needed when verifying trust. Not needed if verify-trust is disabled or not set.";
default = -1;
};
frequency = lib.mkOption {
type = lib.types.str;
description = "systemd-timer compatible time between pulls";
default = "1day";
};
randomized-delay-sec = lib.mkOption {
type = lib.types.str;
description = "systemd-timer compatible time randomized delay";
default = "0";
};
};
}
)
);
in
{
options = {
services.nix-verify = lib.mkOption {
type = verify-type;
default = { };
};
};
config =
let
verifiers = lib.filterAttrs (_: { enable, ... }: enable) cfg;
in
{
systemd.services = lib.mapAttrs' (
_:
{
service-name,
verify-contents,
verify-trust,
signatures-needed,
...
}:
lib.nameValuePair "nix-verifiers@${service-name}" {
requires = [ "multi-user.target" ];
after = [ "multi-user.target" ];
description =
"Verify nix store (verify-contents: ${lib.boolToString verify-contents}, verify-trust: "
+ "${lib.boolToString verify-trust}, signatures-needed: ${builtins.toString signatures-needed})";
serviceConfig = {
Type = "oneshot";
User = "root";
ExecStart =
"${config.nix.package}/bin/nix store verify --all "
+ lib.optionalString (!verify-contents) "--no-contents "
+ lib.optionalString (!verify-trust) "--no-trust "
+ lib.optionalString (signatures-needed >= 0) "--sigs-needed ${signatures-needed}";
};
}
) verifiers;
systemd.timers = lib.mapAttrs' (
_:
{
service-name,
frequency,
randomized-delay-sec,
...
}:
lib.nameValuePair "nix-verifiers@${service-name}" {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = frequency;
OnUnitActiveSec = frequency;
RandomizedDelaySec = randomized-delay-sec;
Unit = "nix-verifiers@${service-name}.service";
};
}
) verifiers;
};
}

4
modules/yubikey.nix
View File

@ -5,11 +5,11 @@
... ...
}: }:
let let
cfg = config.services.adev.yubikey; cfg = config.services.rad-dev.yubikey;
in in
{ {
options = { options = {
services.adev.yubikey = { services.rad-dev.yubikey = {
enable = lib.mkEnableOption "enable yubikey defaults"; enable = lib.mkEnableOption "enable yubikey defaults";
enable-desktop-app = lib.mkEnableOption "installs desktop application"; enable-desktop-app = lib.mkEnableOption "installs desktop application";
}; };

4
shell.nix
View File

@ -38,7 +38,7 @@ forEachSystem (
}; };
# constructs a custom shell with commonly used utilities # constructs a custom shell with commonly used utilities
adev = pkgs.mkShell { rad-dev = pkgs.mkShell {
packages = with pkgs; [ packages = with pkgs; [
deadnix deadnix
pre-commit pre-commit
@ -56,7 +56,7 @@ forEachSystem (
default = pkgs.mkShell { default = pkgs.mkShell {
inputsFrom = [ inputsFrom = [
pre-commit pre-commit
adev rad-dev
sops sops
]; ];
}; };

7
systems/artemision/configuration.nix
View File

@ -37,6 +37,11 @@
default = true; default = true;
}; };
i18n = {
defaultLocale = "en_US.utf8";
supportedLocales = [ "en_US.UTF-8/UTF-8" ];
};
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
services = { services = {
@ -70,7 +75,7 @@
fprintd.enable = lib.mkForce false; fprintd.enable = lib.mkForce false;
openssh.enable = lib.mkForce false; openssh.enable = lib.mkForce false;
adev.yubikey = { rad-dev.yubikey = {
enable = true; enable = true;
enable-desktop-app = true; enable-desktop-app = true;
}; };

17
systems/artemision/desktop.nix
View File

@ -32,9 +32,22 @@
environment.sessionVariables.NIXOS_OZONE_WL = "1"; environment.sessionVariables.NIXOS_OZONE_WL = "1";
services = { services = {
displayManager.gdm = { xserver = {
enable = true; enable = true;
wayland = true; displayManager.session = [
{
manage = "desktop";
name = "hyprland";
start = ''
bash ${./hypr/wrappedhl} &
waitPID=$!
'';
}
];
displayManager.gdm = {
enable = true;
wayland = true;
};
}; };
dbus = { dbus = {

19
systems/artemision/private-wifi.nix
View File

@ -1,19 +0,0 @@
{ ... }:
{
networking.nameservers = [
"9.9.9.9"
"1.1.1.1"
"192.168.76.1"
];
services.resolved = {
enable = true;
dnssec = "false";
domains = [ "~." ];
fallbackDns = [
"1.1.1.1#one.one.one.one"
"1.0.0.1#one.one.one.one"
];
dnsovertls = "true";
};
}

1
systems/artemision/programs.nix
View File

@ -100,6 +100,7 @@
unipicker unipicker
unzip unzip
uutils-coreutils-noprefix uutils-coreutils-noprefix
ventoy
vesktop vesktop
vscode vscode
watchman watchman

12
systems/artemision/secrets.yaml
View File

@ -10,9 +10,13 @@ example_booleans:
- ENC[AES256_GCM,data:6SJ0JKI=,iv:J0qSvWoOcDwSXCKyau+a0YcCGuH5WABHVh6Kdigac20=,tag:WQdNfjcubbzoHnQW4gua8g==,type:bool] - ENC[AES256_GCM,data:6SJ0JKI=,iv:J0qSvWoOcDwSXCKyau+a0YcCGuH5WABHVh6Kdigac20=,tag:WQdNfjcubbzoHnQW4gua8g==,type:bool]
apps: apps:
spotify: ENC[AES256_GCM,data:tIABPphA7Vr6VNvJpWTS9kDmidU=,iv:ciQzr8jyIcHYi797NKypPs7FhDgK5ToVZ0eZHHF8UtE=,tag:wUTL/x1p24cXyPUAL1dPfg==,type:str] spotify: ENC[AES256_GCM,data:tIABPphA7Vr6VNvJpWTS9kDmidU=,iv:ciQzr8jyIcHYi797NKypPs7FhDgK5ToVZ0eZHHF8UtE=,tag:wUTL/x1p24cXyPUAL1dPfg==,type:str]
wifi-env: ENC[AES256_GCM,data:2BM4wQq+RfASkg9lcH+fW7eD0VaPJMXABp3z0sYXqZbVzv9R9eAxSokxzcifT/1JK8PBwvZkWtEFrKAT3phXIZzoEySnGKGYazz8fqWWWhMJotLNNo5VkX70hLppgE9vYxf9vQSq0PLWYCN0jUO0H9mHjOT6mDzKUHegcC53jzkNY3WTfLkyzDWJVMP9IbVQ22N5QlJbzZNqrNTaOtcRm06PBz7pNuEKOy4jj5ipZOh6ceR81Xy6BXM7MzFN27lYbzfVvcDmlwqPORAmr7/00QBy2cp38rTswJEzYf1x2Q==,iv:DSTVPw9qtmo02/usZZDpHsYlX3sSW+2XrnawtBkRNmQ=,tag:3p3eW+3BEQrOmHlBNUEOaA==,type:str] wifi-env: ENC[AES256_GCM,data:G+z+fURk4rT61I5BiFzEJJt35jywPNrGpn1QGNhjvxrqPQ/Sq/hIHmQo+bqe9yJeDgMX3RY4EaiZxFTJyxPfW1czjuMSj3vbTp0WcDmGvUJ7li2pX2pzolgly4qmgoOluGBeRZWVLLOZYFB2+kLRMJNNz/bP5k2Eq6O4+l4sljPM+abn9iz9Eh46rVOVRkmDzCltJrYiuBSiSPhTDRTP2+gUbgbaUJTkVrVLUBHg3QU6az6VPN8DPZxbx4LtdaIb93pI,iv:uUfJK/iPdyLP7LqZJolTGGTxaEzlJI59bUVNcB1etkU=,tag:tvXSXSW1MIhLJceEK1afuw==,type:str]
#ENC[AES256_GCM,data:G9ggYJ3YA+E=,iv:nZ5NgeyNKFXFIpquoY68Z2Jz9QROqvf5tv7/s1wSgKk=,tag:QAX555IsAMaWAlz9ywSzjQ==,type:comment] #ENC[AES256_GCM,data:G9ggYJ3YA+E=,iv:nZ5NgeyNKFXFIpquoY68Z2Jz9QROqvf5tv7/s1wSgKk=,tag:QAX555IsAMaWAlz9ywSzjQ==,type:comment]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2 - recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
enc: | enc: |
@ -23,8 +27,8 @@ sops:
d09aSXN0ZUh3VC9XeTZ4UWoxVDNVN0UKF1eU/IQJgJ8Fg+MrfqQuEZZ775hvtUJR d09aSXN0ZUh3VC9XeTZ4UWoxVDNVN0UKF1eU/IQJgJ8Fg+MrfqQuEZZ775hvtUJR
D/ZS4vj+sDLWq6gy2lIBhRSIAHWrz5gHxvOOGmRnpvkqh9TS6XjLIA== D/ZS4vj+sDLWq6gy2lIBhRSIAHWrz5gHxvOOGmRnpvkqh9TS6XjLIA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-15T15:37:51Z" lastmodified: "2024-11-28T18:57:09Z"
mac: ENC[AES256_GCM,data:qJ8NdnzVrgQb0rGwjZFHrS+eJrUjQEk4M4uo5bnk4eY7aKaHejARcYOIhp0H/DMdlix+Dm3DAAeeRWn8AKCatXaSzYD/VHHbjfp0lKBCsC8CZFeCELQ5GGEHnVot3WGb4J+QdfupwdduExSSMd6XeZGFVbSGhLzRbiiWA+i8I3o=,iv:oxWiDCH60apKT0/fJbWp1cIZ9cvd6mJKlP3xAjMBXIo=,tag:0We6eCJnsncujCt+CwK9UQ==,type:str] mac: ENC[AES256_GCM,data:hKhAo7rDplLm19PlrKHQwxnDVXCMU/xpAxPALLDBa0M3yypy2QVD6c6Atn897tYRKf7oeLaUKqnUYdCcZ9gVgm37LS+GtRhf66zfvcKqhZF8wh3M0zTDPYpQDhex0N4BAJ/dcaYIbxqE9pEUxJOI5jip/hptaCJItTEe7oARcF4=,iv:EUayxLaOPcnWX+S9+RlHrxzJRLlSSLIwqbAq3fFI4yg=,tag:LiBsqIodTWamO+c8FqGBag==,type:str]
pgp: pgp:
- created_at: "2024-11-28T18:57:09Z" - created_at: "2024-11-28T18:57:09Z"
enc: |- enc: |-
@ -39,4 +43,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.9.1

34
systems/artemision/wifi.nix
View File

@ -1,13 +1,9 @@
{ config, lib, ... }: { config, ... }:
let let
always = 100; always = 100;
home = 99; home = 99;
public_wifi = false;
in in
{ {
imports = lib.optionals (!public_wifi) [
./private-wifi.nix
];
networking.wireless = { networking.wireless = {
enable = true; enable = true;
secretsFile = config.sops.secrets."wifi-env".path; secretsFile = config.sops.secrets."wifi-env".path;
@ -28,19 +24,29 @@ in
"24HuFios".pskRaw = "ext:PASS_longboat_home"; "24HuFios".pskRaw = "ext:PASS_longboat_home";
"Verizon_ZLHQ3H".pskRaw = "ext:PASS_angie"; "Verizon_ZLHQ3H".pskRaw = "ext:PASS_angie";
"Fios-Qn3RB".pskRaw = "ext:PASS_parkridge"; "Fios-Qn3RB".pskRaw = "ext:PASS_parkridge";
"Mojo Dojo Casa House".pskRaw = "ext:PASS_Carly"; "optimumwifi" = { };
"CableWiFi" = { };
# Public wifi connections
# set public_wifi on line 5 to true if connecting to one of these
#"optimumwifi" = { };
#"CableWiFi" = { };
#"Hilton Honors" = { };
# Work wifi
"JPMCVisitor" = { }; "JPMCVisitor" = { };
}; };
}; };
networking.nameservers = [
"9.9.9.9"
"1.1.1.1"
"192.168.76.1"
];
services.resolved = {
enable = true;
dnssec = "true";
domains = [ "~." ];
fallbackDns = [
"1.1.1.1#one.one.one.one"
"1.0.0.1#one.one.one.one"
];
dnsovertls = "true";
};
sops = { sops = {
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
secrets = { secrets = {

28
systems/hetzner-bridge/configuration.nix Normal file
View File

@ -0,0 +1,28 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
../../disko/hetzner.nix
./networking.nix
];
disko.devices.disk.main.device = "scsi-0QEMU_QEMU_HARDDISK_55513992";
boot = {
useSystemdBoot = true;
};
virtualisation.docker.enable = false;
services = {
locate.enable = false;
endlessh-go.enable = false;
};
#hardware.enableAllFirmware = true;
system.stateVersion = "24.05";
}

8
systems/hetzner-bridge/default.nix Normal file
View File

@ -0,0 +1,8 @@
{ inputs, ... }:
{
users = [ "alice" ];
modules = [
# inputs.attic.nixosModules.atticd
inputs.disko.nixosModules.disko
];
}

39
systems/hetzner-bridge/hardware.nix Normal file
View File

@ -0,0 +1,39 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot = {
initrd.availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
initrd.kernelModules = [ ];
kernelModules = [ ];
extraModulePackages = [ ];
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

19
systems/hetzner-bridge/networking.nix Normal file
View File

@ -0,0 +1,19 @@
{
config,
lib,
pkgs,
...
}:
{
networking.useDHCP = false;
systemd.network = {
enable = true;
networks."10-wan" = {
#matchConfig.Name = "enp1s0"; # either ens3 or enp1s0 depending on system, check 'ip addr'
matchConfig.Name = "ether";
networkConfig.DHCP = "ipv4";
};
};
}

12
systems/jessica/default.nix
View File

@ -1,12 +0,0 @@
{ inputs, ... }:
{
system = "x86_64-linux";
home = true;
sops = true;
server = false;
users = [ "sam" ];
modules = [
inputs.nixos-hardware.nixosModules.framework-13-7040-amd
inputs.stylix.nixosModules.stylix
];
}

7
systems/palatine-hill/attic/default.nix
View File

@ -10,10 +10,6 @@
attic-client attic-client
]; ];
systemd.services.atticd.environment = {
RUST_LOG = "INFO";
};
services = { services = {
atticd = { atticd = {
enable = true; enable = true;
@ -38,9 +34,6 @@
bucket = "cache-nix-dot"; bucket = "cache-nix-dot";
endpoint = "https://minio.nayeonie.com"; endpoint = "https://minio.nayeonie.com";
}; };
garbage-collection = {
interval = "5 minutes";
};
# Warning: If you change any of the values here, it will be # Warning: If you change any of the values here, it will be
# difficult to reuse existing chunks for newly-uploaded NARs # difficult to reuse existing chunks for newly-uploaded NARs

2
systems/palatine-hill/docker/archiveteam.nix
View File

@ -122,7 +122,7 @@ let
cmd = lib.splitString " " "--concurrent 6 AmAnd0"; cmd = lib.splitString " " "--concurrent 6 AmAnd0";
}; };
inherit (lib.adev.container-utils) createTemplatedContainers; inherit (lib.rad-dev.container-utils) createTemplatedContainers;
vars = import ../vars.nix; vars = import ../vars.nix;
at_path = vars.primary_archiveteam; at_path = vars.primary_archiveteam;

2
systems/palatine-hill/docker/minecraft.nix
View File

@ -46,7 +46,7 @@ in
cmd = [ cmd = [
( (
"--mapping=mc.alicehuston.xyz=${defaultServer}:25565" "--mapping=mc.alicehuston.xyz=${defaultServer}:25565"
+ (lib.adev.mapAttrsToString (hostname: url: "," + url + "=" + hostname + ":25565") servers) + (lib.rad-dev.mapAttrsToString (hostname: url: "," + url + "=" + hostname + ":25565") servers)
) )
]; ];
}; };

18
systems/palatine-hill/gitea.nix
View File

@ -10,7 +10,7 @@ in
{ {
services.gitea = { services.gitea = {
enable = true; enable = true;
appName = "Nayeonie's Trove"; appName = "The Hearth";
database = { database = {
type = "postgres"; type = "postgres";
passwordFile = config.sops.secrets."gitea/dbpass".path; passwordFile = config.sops.secrets."gitea/dbpass".path;
@ -27,12 +27,6 @@ in
SSH_PORT = 2222; SSH_PORT = 2222;
SSH_LISTEN_PORT = 2223; SSH_LISTEN_PORT = 2223;
START_SSH_SERVER = true; START_SSH_SERVER = true;
PUBLIC_URL_DETECTION = "auto";
};
repository = {
ENABLE_PUSH_CREATE_USER = true;
DEFAULT_MERGE_STYLE = "rebase-merge";
}; };
service = { service = {
DISABLE_REGISTRATION = true; DISABLE_REGISTRATION = true;
@ -51,15 +45,6 @@ in
host = "192.168.76.2"; host = "192.168.76.2";
port = "8088"; port = "8088";
}; };
"storage.minio" = {
STORAGE_TYPE = "minio";
MINIO_ENDPOINT = "minio.nayeonie.com";
MINIO_BUCKET = "gitea";
MINIO_LOCATION = "us-east-1";
MINIO_USE_SSL = true;
MINIO_INSECURE_SKIP_VERIFY = false;
MINIO_BUCKET_LOOKUP_TYPE = "auto";
};
}; };
stateDir = base_path; stateDir = base_path;
lfs.enable = true; lfs.enable = true;
@ -75,6 +60,5 @@ in
sops.secrets = { sops.secrets = {
"gitea/dbpass".owner = "gitea"; "gitea/dbpass".owner = "gitea";
"gitea/minio".owner = "gitea";
}; };
} }

119
systems/palatine-hill/postgresql.nix
View File

@ -19,9 +19,6 @@ in
enable = true; enable = true;
enableJIT = true; enableJIT = true;
package = pkgs.postgresql_16; package = pkgs.postgresql_16;
configurePgStatStatements = true;
enableAllPreloadedLibraries = true;
#preloadAllExtensions = true;
identMap = '' identMap = ''
# ArbitraryMapName systemUser DBUser # ArbitraryMapName systemUser DBUser
superuser_map root postgres superuser_map root postgres
@ -31,126 +28,13 @@ in
''; '';
# initialScript = config.sops.secrets."postgres/init".path; # initialScript = config.sops.secrets."postgres/init".path;
ensureDatabases = [ ensureDatabases = [ "atticd" ];
"atticd"
"alice"
];
ensureUsers = [ ensureUsers = [
{ {
name = "atticd"; name = "atticd";
ensureDBOwnership = true; ensureDBOwnership = true;
} }
{
name = "alice";
ensureDBOwnership = true;
ensureClauses = {
superuser = true;
login = true;
createrole = true;
createdb = true;
replication = true;
};
}
]; ];
# Thank you NotAShelf
# https://github.com/NotAShelf/nyx/blob/d407b4d6e5ab7f60350af61a3d73a62a5e9ac660/modules/core/roles/server/system/services/databases/postgresql.nix#L74
# commented out statements are likely overriden by pgtune settings
# https://pgtune.leopard.in.ua/?dbVersion=17&osType=linux&dbType=web&cpuNum=64&totalMemory=8&totalMemoryUnit=GB&connectionNum=1024&hdType=hdd
settings = {
# Connectivity;
# max_connections = 100;
superuser_reserved_connections = 3;
# Memory Settings;
#shared_buffers = "1024 MB";
#work_mem = "32 MB";
#maintenance_work_mem = "320 MB";
#huge_pages = "off";
#effective_cache_size = "2 GB";
#effective_io_concurrency = 100; # concurrent IO only really activated if OS supports posix_fadvise function;
#random_page_cost = 1.25; # speed of random disk access relative to sequential access (1.0);
# Monitoring;
#shared_preload_libraries = "pg_stat_statements,auto_explain"; # per statement resource usage stats & log explain statements for slow queries
track_io_timing = "on"; # measure exact block IO times;
track_functions = "pl"; # track execution times of pl-language procedures if any;
# Replication;
wal_level = "replica"; # consider using at least "replica";
max_wal_senders = 0;
synchronous_commit = "on";
# Checkpointing: ;
checkpoint_timeout = "15 min";
#checkpoint_completion_target = 0.9;
#max_wal_size = "1024 MB";
#min_wal_size = "512 MB";
# WAL writing;
wal_compression = "on";
wal_buffers = -1; # auto-tuned by Postgres till maximum of segment size (16MB by default);
wal_writer_delay = "200ms";
wal_writer_flush_after = "1MB";
# Background writer;
bgwriter_delay = "200ms";
bgwriter_lru_maxpages = 100;
bgwriter_lru_multiplier = 2.0;
bgwriter_flush_after = 0;
# Parallel queries: ;
#max_worker_processes = 6;
#max_parallel_workers_per_gather = 3;
#max_parallel_maintenance_workers = 3;
#max_parallel_workers = 6;
parallel_leader_participation = "on";
# Advanced features ;
enable_partitionwise_join = "on";
enable_partitionwise_aggregate = "on";
jit = "on";
jit_above_cost = 100000;
jit_inline_above_cost = 150000;
jit_optimize_above_cost = 500000;
# log slow queries
log_min_duration_statement = 100;
"auto_explain.log_min_duration" = 100;
# logging configuration
log_connections = true;
log_statement = "all";
logging_collector = true;
log_disconnections = true;
# from pgtune
# DB Version: 17
# OS Type: linux
# DB Type: web
# Total Memory (RAM): 8 GB
# CPUs num: 64
# Connections num: 1024
# Data Storage: hdd
max_connections = 1024;
shared_buffers = "2GB";
effective_cache_size = "6GB";
maintenance_work_mem = "512MB";
checkpoint_completion_target = 0.9;
#wal_buffers = "16MB"; allow auto-tuning as per above
default_statistics_target = 100;
random_page_cost = 4;
effective_io_concurrency = 2;
work_mem = "512kB";
huge_pages = "off";
min_wal_size = "1GB";
max_wal_size = "4GB";
max_worker_processes = 64;
max_parallel_workers_per_gather = 4;
max_parallel_workers = 64;
max_parallel_maintenance_workers = 4;
};
refreshCollation = true; refreshCollation = true;
vacuumAnalyzeTimer.enable = true; vacuumAnalyzeTimer.enable = true;
@ -164,7 +48,6 @@ in
"hydra-send-stats" "hydra-send-stats"
"hydra-server" "hydra-server"
"atticd" "atticd"
"gitea"
]; ];
}; };
}; };

3
systems/palatine-hill/samba.nix
View File

@ -2,13 +2,14 @@
{ {
services.samba = { services.samba = {
enable = true; enable = true;
securityType = "user";
openFirewall = true; openFirewall = true;
settings = { settings = {
global = { global = {
security = "user";
"workgroup" = "WORKGROUP"; "workgroup" = "WORKGROUP";
"server string" = "palatine-hill"; "server string" = "palatine-hill";
"netbios name" = "palatine-hill"; "netbios name" = "palatine-hill";
"security" = "user";
#"use sendfile" = "yes"; #"use sendfile" = "yes";
#"max protocol" = "smb2"; #"max protocol" = "smb2";
# note: localhost is the ipv6 localhost ::1 # note: localhost is the ipv6 localhost ::1

11
systems/palatine-hill/secrets.yaml
View File

@ -10,7 +10,6 @@ postgres:
init: ENC[AES256_GCM,data:trwA30EswHEPa6V2GuHsGgU4NK/j/UQveldwHng0Ilwyqh9aZCgF3axP48MmcciBssux8DZ4O5U=,iv:VC+tpG5yuiBE7pjZ85lYCwHG/bTePxeXQDz2zyLyLYA=,tag:5+jwWTv5T5YWwQpR58QfOA==,type:str] init: ENC[AES256_GCM,data:trwA30EswHEPa6V2GuHsGgU4NK/j/UQveldwHng0Ilwyqh9aZCgF3axP48MmcciBssux8DZ4O5U=,iv:VC+tpG5yuiBE7pjZ85lYCwHG/bTePxeXQDz2zyLyLYA=,tag:5+jwWTv5T5YWwQpR58QfOA==,type:str]
gitea: gitea:
dbpass: ENC[AES256_GCM,data:8jECcEJ8JnK7fztTckzLrQ==,iv:yQMp5VrierOKXwiop0NUA7Qbn2eH5iUCVlKppZwKLIQ=,tag:rI9WT7zLIaFxVcTu3ufW4g==,type:str] dbpass: ENC[AES256_GCM,data:8jECcEJ8JnK7fztTckzLrQ==,iv:yQMp5VrierOKXwiop0NUA7Qbn2eH5iUCVlKppZwKLIQ=,tag:rI9WT7zLIaFxVcTu3ufW4g==,type:str]
minio: ENC[AES256_GCM,data:LxY6AD+CZ9VQEl5FrG6o0XiOiizLcwiLiyH1WJD8mMCPWhDjGzt+k+YPOm1BpWzTZF8+2EoxR9oKFJu9mzTibl2Ieits0/RNwh1VdQALXw3FwfRym7CFS+Z5S8H9kGMoXWRrr+I5,iv:g/wq0r2HKfX2AwirT4hm/H1Ms/mtbf4ZuFLISikRyoI=,tag:he99s/WpKoN+lHR8r4K30w==,type:str]
upsmon: upsmon:
password: ENC[AES256_GCM,data:52Rxsh7KUq+aYjQORBC+Yq5B,iv:F05g/a5bv7DQ+eLlMqsNeRHLxzl7AyXU1zAlmFevQ6o=,tag:xkGDD3hDF+u5fUbP33OrlA==,type:str] password: ENC[AES256_GCM,data:52Rxsh7KUq+aYjQORBC+Yq5B,iv:F05g/a5bv7DQ+eLlMqsNeRHLxzl7AyXU1zAlmFevQ6o=,tag:xkGDD3hDF+u5fUbP33OrlA==,type:str]
minio: minio:
@ -31,6 +30,10 @@ server-validation:
typhon: typhon:
hashedPassword: ENC[AES256_GCM,data:gMyY8gxUn3HzycQRu2cminqRFWghqWcjzZzTxAQZ5PJqn604iSwDiVdr7icHB7drJfCAfsE7L4oKRJgxaIAE32043oOkb2T7DDH8y2jxMzqmZCfbvrfMI4wdfRTHGqzxb6X/aZ5ai2rr1Q==,iv:4EsTo/lQld0o9iktDX9gobMlPUCitx1i9wn8EL16sIs=,tag:FgVDRHk2glDwpC/mprrPqQ==,type:str] hashedPassword: ENC[AES256_GCM,data:gMyY8gxUn3HzycQRu2cminqRFWghqWcjzZzTxAQZ5PJqn604iSwDiVdr7icHB7drJfCAfsE7L4oKRJgxaIAE32043oOkb2T7DDH8y2jxMzqmZCfbvrfMI4wdfRTHGqzxb6X/aZ5ai2rr1Q==,iv:4EsTo/lQld0o9iktDX9gobMlPUCitx1i9wn8EL16sIs=,tag:FgVDRHk2glDwpC/mprrPqQ==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh - recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
enc: | enc: |
@ -41,8 +44,8 @@ sops:
cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At
LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw== LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-30T04:36:41Z" lastmodified: "2025-03-26T05:47:58Z"
mac: ENC[AES256_GCM,data:fEsUt5g0/7j8IVgtXQ0thV93dxe6SGCglqeHdnaXFOjKcCUEFWUmi98M8X92hR9AJzscRK6wqzijd/AQBzl+GL2QtDYsn8qx9Nr0DBd6Gh1vi25eh5LtADm09COSae1THWuFLP7L1Qamyt+XzlBa7Xnrzfuzzp0s2/cZoxZiueU=,iv:VYzh833cMQwGmkB6QunRys0Eluz+0KGj8Y43B9icE9w=,tag:EWJSizBMTFZ0TZhncYe2Sw==,type:str] mac: ENC[AES256_GCM,data:ZP9HglMmn9FDv6/vtQAxz/qP76QniPqM6bzMQVvVU/OhDmjuneGKZY7d1Es7LC9o5qmJ+T3Dh3/bkmuRdgdnd2TO6iuvM++DEPxwnoHis+0lbMxv5a6ibzvoXXm2CrL4HPETqLKbLahGJRmDNgnkCEWxAs16zrqe5kgDpD53R5c=,iv:DcCXNGyb41ToV9uSnrnrl0dWiw2pvykM8z86Yk814P4=,tag:T9PFl48qABwBSy7vIhSmLA==,type:str]
pgp: pgp:
- created_at: "2024-11-28T18:56:39Z" - created_at: "2024-11-28T18:56:39Z"
enc: |- enc: |-
@ -57,4 +60,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.9.4

4
users/alice/home.nix
View File

@ -80,6 +80,7 @@
# doom emacs dependencies # doom emacs dependencies
fd fd
ripgrep ripgrep
ruff-lsp
pyright pyright
# audit # audit
@ -89,9 +90,6 @@
nodejs_20 nodejs_20
nodePackages.prettier nodePackages.prettier
treefmt treefmt
gocryptfs
awscli2
]; ];
}; };

6
users/alice/home/doom/custom.el
View File

@ -22,6 +22,6 @@
(setq! lsp-nix-nil-max-mem 20000) (setq! lsp-nix-nil-max-mem 20000)
(setq! lsp-nix-nil-formatter ["nixfmt"]) (setq! lsp-nix-nil-formatter ["nixfmt"])
;; (add-hook 'python-mode-hook (lambda () (add-hook 'python-mode-hook (lambda ()
;; (require 'sphinx-doc) (require 'sphinx-doc)
;; (sphinx-doc-mode t))) (sphinx-doc-mode t)))

6
users/alice/home/doom/packages.el
View File

@ -81,9 +81,9 @@
(package! pacdiff.el (package! pacdiff.el
:recipe (:host github :repo "fbrosda/pacdiff.el" :files ("pacdiff.el" "README.org" "LICENSE"))) :recipe (:host github :repo "fbrosda/pacdiff.el" :files ("pacdiff.el" "README.org" "LICENSE")))
;;(package! python-docstring-mode (package! python-docstring-mode
;; :recipe (:host github :repo "glyph/python-docstring-mode" :files ("python-docstring.el" "docstring_wrap.py"))) :recipe (:host github :repo "glyph/python-docstring-mode" :files ("python-docstring.el" "docstring_wrap.py")))
;;(package! sphinx-doc) (package! sphinx-doc)
;; https://github.com/glyph/python-docstring-mode.git ;; https://github.com/glyph/python-docstring-mode.git

3
users/alice/home/git.nix
View File

@ -3,7 +3,6 @@
{ {
programs.git = { programs.git = {
enable = true; enable = true;
lfs.enable = true;
signing = { signing = {
key = "5EFFB75F7C9B74EAA5C4637547940175096C1330"; key = "5EFFB75F7C9B74EAA5C4637547940175096C1330";
signByDefault = true; signByDefault = true;
@ -29,8 +28,6 @@
color.ui = true; color.ui = true;
init.defaultBranch = "main"; init.defaultBranch = "main";
format.signoff = true; format.signoff = true;
pack.windowMemory = "2g";
pack.packSizeLimit = "1g";
}; };
}; };
} }

24
users/alice/home/zsh.nix
View File

@ -1,4 +1,4 @@
{ lib, ... }: { ... }:
{ {
programs.zsh = { programs.zsh = {
@ -22,27 +22,7 @@
"z" "z"
]; ];
}; };
/* initExtra = ''
To specify the order, use lib.mkOrder.
Common order values:
500 (mkBefore): Early initialization (replaces initExtraFirst)
550: Before completion initialization (replaces initExtraBeforeCompInit)
1000 (default): General configuration (replaces initExtra)
1500 (mkAfter): Last to run configuration
To specify both content in Early initialization and General configuration, use lib.mkMerge.
e.g.
initContent = let zshConfigEarlyInit = lib.mkOrder 500 do something; zshConfig = lib.mkOrder 1000 do something; in lib.mkMerge [ zshConfigEarlyInit zshConfig ];
*/
initContent = lib.mkOrder 1000 ''
# functions # functions
function mount-data { function mount-data {
if [[ -f /home/alice/backup/.noconnection ]]; then if [[ -f /home/alice/backup/.noconnection ]]; then

19
users/alice/secrets.yaml
View File

@ -4,13 +4,16 @@ alice:
#ENC[AES256_GCM,data:vUMcowHjlQA0RWflfaQhZKkalO39epYi6N9PPW8=,iv:6DFqHlQR+mi+ZkfMUhlhwvpMwnxXNfQV6+sYgPzSj4I=,tag:Pz1zJayscGckPO8Q2ZVb4g==,type:comment] #ENC[AES256_GCM,data:vUMcowHjlQA0RWflfaQhZKkalO39epYi6N9PPW8=,iv:6DFqHlQR+mi+ZkfMUhlhwvpMwnxXNfQV6+sYgPzSj4I=,tag:Pz1zJayscGckPO8Q2ZVb4g==,type:comment]
gha-hydra-token: ENC[AES256_GCM,data:CXdOiW9oYaVj4oqfiXSz9O9xIsB5ZyUac2WFSFD1ankZpnmQpv9TwolJxb6h8r+UM7Q9QzCCWk7KHe80lolZhpHa79bpcj+wt9v51ydj0Zy+3sufHS+JnGwmqBbw6dVqJ2uBr4nW2NADzHEbG8N367uKYEq2vazB4y02JiopXL8DHsYcx+Z4u7GJC/gYbpm9vnt8OVdYmfYRQ9BGSiaJOghDzpmCisEZdLpCLXM3cULn8yVUXIFWx8yF/6JrWN+myeoZiUFCL2sZmeSIswFg9kwBKXIsjBrz+EDXZzDCEr88UrEJ0j2+egsrG9BNlstVwC8oscYdbXWmYUdsCBNVxK3xjJYm9gDdSyo0DfSvTzK1t+/s9L1zC8uqj2TXYdVd6QyH2TRXxiPeNLYClRHT2UljymSpIVXOn/Okuo7dte+ZZqZVndT1lwK//2y8V3Hng+5wixfFFsQAd5oJzfraRSnM+RLZtjI3TMoyc5no3pVwV6zsCqRd2nvr7gieXUMWtSLb6YrM6tvhRpeiieYUqQ8NwHV0Avqco0I838o5yywVGSnUflGxnwYoGQIX70qoTcxNPGuiiiqSynh64e3nrlC9xN6EWuFpUNVfkBibZNRi+EyDAhK7LKwiPbL2z919N54vyzzoWA1KUFqxow+JsX+Q8rpnfJtag44F5qFt3/Be5PIMYVU7acXTiVJvM3cKPMQIBPXpQFX5OshwGhttGFuB53aWPHCzlhT4NDQbcZ/rLQ3bcytVpnH55WWze0Oe0zUZYGFc/rV9Fc4QjhR7/8pAi9kGUlKy2MYBamjmnCWlOnHPIQQLpPs/oiW+,iv:KL2P3O8Fnbn56hLX8PWIrigoPTBfIvMUpizKy3C3RIA=,tag:G0M/9iT9IWUSJ5ktUc/g5A==,type:str] gha-hydra-token: ENC[AES256_GCM,data:CXdOiW9oYaVj4oqfiXSz9O9xIsB5ZyUac2WFSFD1ankZpnmQpv9TwolJxb6h8r+UM7Q9QzCCWk7KHe80lolZhpHa79bpcj+wt9v51ydj0Zy+3sufHS+JnGwmqBbw6dVqJ2uBr4nW2NADzHEbG8N367uKYEq2vazB4y02JiopXL8DHsYcx+Z4u7GJC/gYbpm9vnt8OVdYmfYRQ9BGSiaJOghDzpmCisEZdLpCLXM3cULn8yVUXIFWx8yF/6JrWN+myeoZiUFCL2sZmeSIswFg9kwBKXIsjBrz+EDXZzDCEr88UrEJ0j2+egsrG9BNlstVwC8oscYdbXWmYUdsCBNVxK3xjJYm9gDdSyo0DfSvTzK1t+/s9L1zC8uqj2TXYdVd6QyH2TRXxiPeNLYClRHT2UljymSpIVXOn/Okuo7dte+ZZqZVndT1lwK//2y8V3Hng+5wixfFFsQAd5oJzfraRSnM+RLZtjI3TMoyc5no3pVwV6zsCqRd2nvr7gieXUMWtSLb6YrM6tvhRpeiieYUqQ8NwHV0Avqco0I838o5yywVGSnUflGxnwYoGQIX70qoTcxNPGuiiiqSynh64e3nrlC9xN6EWuFpUNVfkBibZNRi+EyDAhK7LKwiPbL2z919N54vyzzoWA1KUFqxow+JsX+Q8rpnfJtag44F5qFt3/Be5PIMYVU7acXTiVJvM3cKPMQIBPXpQFX5OshwGhttGFuB53aWPHCzlhT4NDQbcZ/rLQ3bcytVpnH55WWze0Oe0zUZYGFc/rV9Fc4QjhR7/8pAi9kGUlKy2MYBamjmnCWlOnHPIQQLpPs/oiW+,iv:KL2P3O8Fnbn56hLX8PWIrigoPTBfIvMUpizKy3C3RIA=,tag:G0M/9iT9IWUSJ5ktUc/g5A==,type:str]
wakatime-api-key: ENC[AES256_GCM,data:ITu5pRySYGCJ6q9IQ35NfpGX2FyIJRYHGDeBiq0btzIrqitxcFox1Vc=,iv:HsXpyFHV7dG5qORk26BtD+kFo4Jdq2c4fozMpoqyDfU=,tag:uaQoXvvYqNfmRXVDVH8AoQ==,type:str] wakatime-api-key: ENC[AES256_GCM,data:ITu5pRySYGCJ6q9IQ35NfpGX2FyIJRYHGDeBiq0btzIrqitxcFox1Vc=,iv:HsXpyFHV7dG5qORk26BtD+kFo4Jdq2c4fozMpoqyDfU=,tag:uaQoXvvYqNfmRXVDVH8AoQ==,type:str]
attic-nix-cache-creator: ENC[AES256_GCM,data:ygWuPJfFZQVHtJ83DfB7VB84PNF0knLkOwD4A67NMNp8pU9pA9lI56RSyKDkFd+qYRBSeEXSepbSOA+BhvQaCZiVEiao3LBlh7/6Sp5ni+Rdt3hGKcd+JRQyedEmTkg9h8NbtR6LvI90EiMhyVg6WLCzlGAtFFBcSvIqssrC/KDHCjd4uMzXeW23wUB40dU1PpwkLPtcNVvIzgxqYRsRPFOXZxGxQYGpBWtzDveqgmeLwavhU481wHfCwqpyXJZflbR+UzWdr+zbmSFdJadlLdHeooNGvRC+av0MK4YMCCgu1Em34IeawpiesFhhj/IVGa2xQWjXE0MF3SDLvlh5yMqNPodTZ7FAEZgD7rTYIbaH8JHiYbgI6v7/ANPcFqw2eKT7wVP8cTL1yPedcZcU,iv:J7JYA98NHxM0tExfUdjkir6/+tkOkPLMBNdjXBP9fbA=,tag:WaCWmrzLgr9lDUL+jxeMNA==,type:str] attic-nix-cache-creator: ENC[AES256_GCM,data:P0iBdy4IYrxcq7v4wTgwwZvAfVdRFo08pi0zvpY9cP9BDCwbBnp+3qDKWL29rC7OxsaLtmRkvPmbkF3ZX3Yu5OaptwVg2Xi0vNqhk3gu5Fdj8ygPigB0ZtimkfWv1QkctoVoXKXuLv6Xd4XKPCWOOIekWlJsBRcyfyzkyFURkU9tBBkXyEAWItho/J8hJr6r00eA3EN4rTe8Ge+PGpfTfpZVpnoGrC35xPnGLq19+b44DectHDTkMZrZKxiCaVIgKUZDLaFgi6a6PsX+L1HQAIZukXJu3m4BPdvzzby+zgX24pVJOYjAUB2BwO9jUlMS6+7qo0p6k01uLicryfKx/ajdAHcy39tFHX7naA4JriC2/FgI2HlFGp0Lc+g0pfdCYwLs5QBfRaOHyrbFWUDG,iv:OBrgnewqBaug00ygAXs0eFs3LqcHqo1EW96N5I38A0o=,tag:V+Gn47O6AH1RwL9qJLpAkw==,type:str]
attic-nix-cache-reader: ENC[AES256_GCM,data:78jJJh332XvFx29HxNW7CULMNMsQ2xMTCIIk5oX5AimBoFXXVH7z9EGFbDimwfaYlsPK6xuU+9mnCnhCjCoGFRX9GQbW+Z2D9TGMsBfe3eztbWlcJ++EkWSCbHKEIGKTF13aRGrKRIOjIy9Gl3qZt4BnZtQPFMOzQO8u80M116u3w4ttqz9rzaIrXWB6GIMI5lWF5rQe5ML1vDgvL2KNMNkPAAm5O1Fv887woVcqxbPhiNhJGXBSiPZpe3PG8wP6z0GTe/GhMTPCOlVJIdsxKnEaRaTSAtVazFos5zSMvLYYrbj6ISoS9tEQ6bFMy6xl,iv:dGDSTtsQlwElerRXpT97uapzOh766bysZTQMjUEEJnM=,tag:OQOYmQqKywdSjUUXnELdpQ==,type:str] attic-nix-cache-reader: ENC[AES256_GCM,data:DWIkRri3lHJOVXIAbHWJL7cCV4FHjB91bbpPAib/5ZDKap3xjnxUjwswc7wjO1hCoV3+gmep1a64kma6MJts4bcAug5bPyrrPy//rVpCYvSbSmbPz5k4sW5GLU/Sf4NyBevsQo9KRrphpoSUQEFQB27vabYDjjkB051/qJo1B9B7nqmrSyd3np4YdyHAgUiMyJt0oqx8nXySz3XZU+DIM8/OhMZILpnEWIgyP2K7j8JNNpZZJ5sD/icUy6Vba/4LcKjtmYtfQ+HO1soyF6aMiQSjhp7fzJHktwa9kgB3oDzIg3KyCJYS2RNW7mW9Dd1T,iv:fvhGFU22KgknMpJbOkA3v29bKzRVX6hi7V7xJgSUjPg=,tag:TjGSUl0XXS7jlhP/NG4cvQ==,type:str]
attic-nix-cache-writer: ENC[AES256_GCM,data:IIrGw+MtZEZqJdNGPryN5xKg7UOP+0kjzpthhyRdQz0P3yS/vThSaV+VuduQq5WgnaNjXLA6LBU+cufmVmvrkeTkZ281976sLTbYzrPCW/hCy1+w7qdv6vauaFsLqtnmWlHNwCIkXbUvQWq56WvP6m1PuYaUIFYn3SUprQ1du+X0buK1FUOhSH4HXfiqpNJOomLhok9M0Tyzn8yK5Fn1dzmJ8tsgBczzhWeZzsj4TuksFLV2r6NXzeQp2jWQkxv39Eg6Lf+0eaHxWQFR4s2uKYzwdsDOnpSmUgXFTzVB6RGAEpasKkVZ2NfG4GeUKBFPDVJoR6ilLZA=,iv:e58OGCbgLIIzKfBALtrsYmWg9Gp0nySNYsJ3X5IWp4I=,tag:bnwBipVK3BSOizg8twQ4lQ==,type:str] attic-nix-cache-writer: ENC[AES256_GCM,data:vxSeys7EJDyatZFpeyxeDzaKGqDtm3atpVly6+BPHUFTrlLaVl86roGZjpBB9wwOMuP007qJNva0HQcTONbSyNw/snUU5JpaFWLT87Eu81V8gdulzHwm61caQ4A/e1ylKkdtwalNymBSyWi9b+SOWXTgralrg9L3OHw+nVuZaAi8QXF2ImLoZ2vXl7MGNXParflV2KK2uqfRatDZMbSSFipT0tQpkNTBTA6l8woILK3BKrHdYq+D8n4EmRowSuMWuN1uknyctb4+Ap3AeBITvyJjKejocQ9qK9plP6CChiC4Z1mmt/HOrfXYXiJO+Va64rOYRywMga8=,iv:bAx7iR24dpIOudkiFOc/xmIG73rcaMDdhWjiBO4BsBM=,tag:gtTyldhdRV97YJREG5lPjA==,type:str]
attic-nix-cache-admin: ENC[AES256_GCM,data:xHJGeU4EUn1HRy2nIValiJ6iLZnYmmT6Njv/cGMh15Q0hJXKNBSsi8f0mAfLI7EX+GaC299VKh2uTlU25jptrAvogLxNJIc+LZBLsSkyGE/ojqqevHMKmZ/6eciLZRQL5ey9TM3V9HHyDOhGaFgdfawtwg/vyvbV13lZBKpqneAX9T3gPRuKRjV4/Uc/5cUckiOF8bQ50xVFN8Cql9HgGDJEGWgg4XUTPu5eYspof2EN63pYvU7wg6HD2begeLDvqc2/i2DIcsc0wqc5DgkY/dH2YtcssBtU8AR9vKpl+HmH/wvt6dfaEyZ7hF7ITGwWnOO6H2ko3SjYRfHkFK3XDmm1YRRjfkptnw==,iv:BdVgNyZ1azl5tKfH+RTeXuNV/rYY6hPvrareKlIXSeQ=,tag:/ar87eAjMod4TmQXoerNBQ==,type:str] attic-nix-cache-admin: ENC[AES256_GCM,data:OP02nJTo0cx8M9cR+P7cpI1gEXCKqXWehlaL+dYGwGSUnQ6iSC25vpdZ5SSnjyhiBZe+VnYld+b5PO+OOt7NMGxVvQ0zcuvrG7qfhEpIfGrbx9S9cEV2eAMchG/Hua609MUTbFYKvpwWw6tFZD2dYYQv2gXI7mYSeN0Tw4i2x1f/+cKDtV+ak+UHRgEe/f5OdE8v5I6dRXUQGVOBSRAQkfYDFuI2JUz4oNJsz66YkdMtgudhqWi4mekODD3v2Gcg/zAv1PogaHaIH1BHNvLQ/DsNVcvLsnTb6inM3cTCyPpHcx+VwPO7g9kYNV8xcCRkAIvX6aFzRVT0tJcEXFWStMnKS8nr8HoKFQ==,iv:ftmN3jK5qa6SwrSyhhL3PZls2hTG6xGa0LW7ycdkYxQ=,tag:TQCELzJQjsMfAJseZ7tB4w==,type:str]
gitea-actions-token: ENC[AES256_GCM,data:QTEPMAh1RWWJ/O3yhkQkEBTdVL8XhIRGCDbiM0lLjfILKF4SpSJ2sA==,iv:mBaaB1JHb2KVc9n2pdeX4pSMvb7q5z3joMT7rR5Whgs=,tag:ef+58SI4AUeqUsk3RVDsRQ==,type:str] gitea-actions-token: ENC[AES256_GCM,data:QTEPMAh1RWWJ/O3yhkQkEBTdVL8XhIRGCDbiM0lLjfILKF4SpSJ2sA==,iv:mBaaB1JHb2KVc9n2pdeX4pSMvb7q5z3joMT7rR5Whgs=,tag:ef+58SI4AUeqUsk3RVDsRQ==,type:str]
gitea-pr-token: ENC[AES256_GCM,data:ybTya4X2wd65pNFSGbQkg73lu66GNtSba4yf8J6tT8XkuOtfvtBS4g==,iv:39mJiAlw4kud4l06jOpxOCRumChE/5q8IBNsPHG1rMc=,tag:MEvHD2b9E3fVHLlz7haNyw==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh - recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
enc: | enc: |
@ -39,8 +42,8 @@ sops:
ZERFTlFyNjhOb3VCaW43ZXFHT1Vxc0UK7YV+BU7dCEOZxpqkQA394eDsnthvorj6 ZERFTlFyNjhOb3VCaW43ZXFHT1Vxc0UK7YV+BU7dCEOZxpqkQA394eDsnthvorj6
7bqrCdeU+6DU7DmFs6++BrNO2tx8vvOa1im+ZGrM/gZAJdv/7R2d6Q== 7bqrCdeU+6DU7DmFs6++BrNO2tx8vvOa1im+ZGrM/gZAJdv/7R2d6Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-07T23:43:57Z" lastmodified: "2025-03-26T15:28:13Z"
mac: ENC[AES256_GCM,data:ygQzxSpGJqXwkOq7jGDeflA2FTSSxnre/PXm0LxmxzQQW5s7LeIVSI75fMqWir0WU3Pi/xroYGEWjpCG6JvxV5RiJycTONk8VE7c3jtw3AbrHSS0b1K5tJ+Sf+q3rHJFWWk/COrPk8IsRFNb+taqH4jnaH3AAVNo5u0C1CHKMes=,iv:FO2GVDXE8SjjA81/9cDwc+dX8kJ2oHt5kqkhNBuMb54=,tag:hgzRAmsh32SCvJEvKyV+vg==,type:str] mac: ENC[AES256_GCM,data:BfEahKHAcnLc/PSagENBIVwxufJrjpMSC6U4hkkxNwcEJYDNAlrF0w00aiexLeX+UfVGIw19+SrNL5zuecEf+GaYzYNy9RE3c66KUM2B/cpuBuzkiwLaBCTfcWr7k8dW11BGFCmugRSG4w6wXKG5B/LyEKB6Vcvp0JRbCYSqZSY=,iv:97UzvdvQCtTLaLDrg6VEwiofHtSPGtaxuPLHfTAyIFA=,tag:r4r45OaV9ZRDzd56RGLFZw==,type:str]
pgp: pgp:
- created_at: "2024-09-05T06:10:22Z" - created_at: "2024-09-05T06:10:22Z"
enc: |- enc: |-
@ -55,4 +58,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.1 version: 3.9.4

17
users/sam/default.nix
View File

@ -1,17 +0,0 @@
{
pkgs,
lib,
config,
name,
...
}:
import ../default.nix {
inherit
pkgs
lib
config
name
;
publicKeys = [
];
}

157
users/sam/home.nix
View File

@ -1,157 +0,0 @@
{
config,
pkgs,
lib,
machineConfig,
...
}:
{
imports =
[
./home/zsh.nix
./home/git.nix
]
++ lib.optionals (!machineConfig.server) [
./home/gammastep.nix
./non-server.nix
];
home = {
# # Adds the 'hello' command to your environment. It prints a friendly
# # "Hello, world!" when run.
# pkgs.hello
# # It is sometimes useful to fine-tune packages, for example, by applying
# # overrides. You can do that directly here, just don't forget the
# # parentheses. Maybe you want to install Nerd Fonts with a limited number of
# # fonts?
# (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; })
# # You can also create simple shell scripts directly inside your
# # configuration. For example, this adds a command 'my-hello' to your
# # environment:
# (pkgs.writeShellScriptBin "my-hello" ''
# echo "Hello, ${config.home.username}!"
# '')
username = "sam";
homeDirectory = "/home/sam";
packages = with pkgs; [
python3
# useful tools
file
ncdu
neofetch
onefetch
hyfetch
smartmontools
wget
glances
onefetch
# Rust packages
bat
cargo-update
tealdeer
# nix specific packages
nix-output-monitor
nix-prefetch
nix-tree
nh
# audit
lynis
gocryptfs
];
};
programs = {
starship.enable = true;
fzf = {
enable = true;
enableZshIntegration = true;
};
direnv = {
enable = true;
enableZshIntegration = true;
nix-direnv.enable = true;
};
eza = {
enable = true;
icons = "auto";
git = true;
};
neovim = {
enable = true;
defaultEditor = true;
vimAlias = true;
vimdiffAlias = true;
extraConfig = ''
set bg=dark
set tabstop=2
set shiftwidth=2
set expandtab
set smartindent
'';
};
nix-index = {
enable = true;
enableZshIntegration = true;
};
tmux.enable = true;
topgrade = {
enable = true;
settings = {
misc = {
disable = [
"system"
"nix"
"shell"
"poetry"
];
};
};
};
};
services.ssh-agent.enable = true;
# TODO: add environment bs
home.sessionVariables = {
EDITOR = "nvim";
};
xdg = {
enable = true;
userDirs = {
enable = true;
createDirectories = true;
extraConfig = {
XDG_SCREENSHOTS_DIR = "${config.xdg.userDirs.pictures}/Screenshots";
};
};
};
sops = lib.mkIf (!machineConfig.server) {
age.sshKeyPaths = [ "/home/sam/.ssh/id_ed25519_sops" ];
defaultSopsFile = ./secrets.yaml;
};
nix.gc = {
automatic = true;
frequency = "weekly";
options = "--delete-older-than 30d";
};
home.stateVersion = "25.11";
}

20
users/sam/home/gammastep.nix
View File

@ -1,20 +0,0 @@
{ ... }:
{
services.gammastep = {
enable = true;
provider = "manual";
latitude = 40.73;
longitude = -73.93;
temperature.day = 5700;
temperature.night = 3500;
settings = {
general = {
fade = 1;
elevation-high = 3;
elevation-low = -6;
brightness-day = 1.0;
brightness-low = 0.8;
};
};
};
}

36
users/sam/home/git.nix
View File

@ -1,36 +0,0 @@
{ ... }:
{
programs.git = {
enable = true;
lfs.enable = true;
signing = {
key = "5EFFB75F7C9B74EAA5C4637547940175096C1330";
signByDefault = true;
};
userEmail = "aliceghuston@gmail.com";
userName = "ahuston-0";
aliases = {
gone = ''
!git for-each-ref --format '%(refname:short) %(upstream)' | # dump all older branches
awk 'NF < 2 {print $1}' | # get nuked branches
grep -Pv "(^origin/|^origin$|stash)" | # filter out remotes & stash
sed 's/\\x27/\\x5C\\x27/' | # remove single quotes, for xargs reasons
xargs -r git branch -D # nuke the branches
# !git fetch -p && git for-each-ref --format '%(refname:short) %(upstream:track)' | # dump all branches
# awk '$2 == "[gone]" {print $1}' | # get nuked branches
# sed 's/\\x27/\\x5C\\x27/' | # remove single quotes, for xargs reasons
# xargs -r git branch -D; # nuke the branches #
'';
};
extraConfig = {
push.autosetupremote = true;
pull.rebase = true;
color.ui = true;
init.defaultBranch = "main";
format.signoff = true;
pack.windowMemory = "2g";
pack.packSizeLimit = "1g";
};
};
}

123
users/sam/home/zsh.nix
View File

@ -1,123 +0,0 @@
{ lib, ... }:
{
programs.zsh = {
enable = true;
oh-my-zsh = {
enable = true;
plugins = [
"git"
"docker"
"docker-compose"
"colored-man-pages"
"helm"
"kubectl"
"minikube"
"rust"
"skaffold"
"systemd"
"tmux"
"ufw"
"z"
];
};
/*
To specify the order, use lib.mkOrder.
Common order values:
500 (mkBefore): Early initialization (replaces initExtraFirst)
550: Before completion initialization (replaces initExtraBeforeCompInit)
1000 (default): General configuration (replaces initExtra)
1500 (mkAfter): Last to run configuration
To specify both content in Early initialization and General configuration, use lib.mkMerge.
e.g.
initContent = let zshConfigEarlyInit = lib.mkOrder 500 do something; zshConfig = lib.mkOrder 1000 do something; in lib.mkMerge [ zshConfigEarlyInit zshConfig ];
*/
initContent = lib.mkOrder 1000 ''
# functions
function mount-data {
if [[ -f /home/alice/backup/.noconnection ]]; then
sshfs -p 10934 lily@192.168.1.154:/mnt/backup/data/ ~/backup -C
else
echo "Connection to backup server already open."
fi
}
function mount-backup {
if [[ -f /home/alice/backup/.noconnection ]]; then
sudo borgmatic mount --options allow_other,nonempty --archive latest --mount-point ~/backup -c /etc/borgmatic/config_checkless.yaml
else
echo "Connection to backup server already open."
fi
}
function mount-ubuntu {
if [[ -f /home/alice/backup/.noconnection ]]; then
sshfs lily@192.168.76.101:/mnt/backup/ubuntu.old/ ~/backup -C
else
echo "Connection to backup server already open."
fi
}
'';
shellAliases = {
"sgc" = "sudo git -C /root/dotfiles";
## SSH
"ssh-init" =
"ssh-add -t 2h ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine ~/.ssh/id_ed25519_rota ~/.ssh/id_ed25519_gh";
## Backups
"borgmatic-backup-quick" =
"sudo borgmatic --log-file-verbosity 2 -v1 --progress --log-file=/var/log/borgmatic.log -c /etc/borgmatic/config_checkless.yaml";
"borgmatic-backup-full" =
"sudo borgmatic --log-file-verbosity 2 -v1 --log-file=/var/log/borgmatic.log -c /etc/borgmatic/config_full_arch.yaml";
"umount-backup" =
"sudo borgmatic umount --mount-point /home/alice/backup -c /etc/borgmatic/config_checkless.yaml";
"restic-backup" = "/home/alice/Scripts/restic/backup.sh";
## VPN
"pfSense-vpn" = "sudo openvpn --config /etc/openvpn/client/pfSense-TCP4-1194-alice-config.ovpn";
"pfSense-vpn-all" = "sudo openvpn --config /etc/openvpn/client/pfSense-TCP4-1195-alice-config.ovpn";
## Utilities
"lrt" = "eza --icons -lsnew";
"lynis-grep" = ''sudo lynis audit system 2&>1 | grep -v "egrep"'';
"egrep" = "grep -E";
"htgp" = "history | grep";
"gen_walpaper" = "wal -i '/home/alice/Pictures/Wallpapers/1440pdump'";
"vlgdf" = "valgrind --leak-check=full --show-leak-kinds=all --track-origins=yes";
"libreoffice-writer" = "libreoffice --writer";
"libreoffice-calc" = "libreoffice --calc";
"notes" = "code /home/alice/Scripts/Notes/dendron.code-workspace";
"ua-drop-caches" = "sudo paccache -rk3; yay -Sc --aur --noconfirm";
"ua-update-all" = ''
(export TMPFILE="$(mktemp)"; \
sudo true; \
rate-mirrors --save=$TMPFILE --protocol https\
--country-test-mirrors-per-country 10 arch --max-delay=21600 \
&& sudo mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist-backup \
&& sudo mv $TMPFILE /etc/pacman.d/mirrorlist \
&& ua-drop-caches \
&& yay -Syyu)
'';
# applications (rofi entries)
"ARMEclipse" = "nohup /opt/DS-5_CE/bin/eclipse &";
"Wizard101-old" = "prime-run playonlinux --run Wizard\\ 101";
"Wizard101" =
"prime-run ~/.wine/drive_c/ProgramData/KingsIsle Entertainment/Wizard101/Wizard101.exe";
"Pirate101" = "prime-run playonlinux --run Pirate\\ 101";
"octave" = "prime-run octave --gui";
"pc-firefox" = "proxychains firefox -P qbit -no-remote -P 127.0.0.1:9050";
"hx" = "helix";
};
};
}

33
users/sam/non-server.nix
View File

@ -1,33 +0,0 @@
{ pkgs, outputs, ... }:
{
home.packages = with pkgs; [
shellcheck
# nix tools
nil
nixfmt-rfc-style
nix-init
# markdown
nodePackages.markdownlint-cli
# language depedencies
enchant
nuspell
hunspellDicts.en-us
languagetool
# latex
texlive.combined.scheme-medium
nextcloud-client
bitwarden-cli
bitwarden-menu
wtype
zathura
obsidian
libreoffice-qt-fresh
wlr-randr
];
}

0
users/sam/secrets.yaml
View File

2
utils/diff-evals.sh
View File

@ -10,4 +10,4 @@ set -e
script_path=$(dirname "$(readlink -f $0)") script_path=$(dirname "$(readlink -f $0)")
parent_path=$(dirname "$script_path") parent_path=$(dirname "$script_path")
nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --compare-drvs --allow-import-from-derivation --compare-output-to-file "$parent_path" nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --compare-drvs --compare-output-to-file "$parent_path"

2
utils/eval-to-drv.sh
View File

@ -16,4 +16,4 @@ script_path=$(dirname "$(readlink -f $0)")
parent_path=$(dirname "$script_path") parent_path=$(dirname "$script_path")
out_path="$parent_path/$1.json" out_path="$parent_path/$1.json"
nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --evaluate --allow-import-from-derivation --json "$out_path" "$parent_path" nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --evaluate --json "$out_path" "$parent_path"

27
utils/hetzner-install.sh Normal file
View File

@ -0,0 +1,27 @@
#!/usr/bin/env nix
#! nix shell nixpkgs#bash nixpkgs#git --command bash
set -o errexit # abort on nonzero exitstatus
set -o nounset # abort on unbound variable
set -o pipefail # don't hide errors within pipes
MACHINENAME="hetzner-bridge"
sudo mkdir /root/.ssh
sudo chmod 700 /root/.ssh
sudo ssh-keygen -t ed25519 -o -a 100 -f "/root/.ssh/id_ed25519_giteadeploy" -q -N "" -C "$MACHINENAME" || echo "key already exists"
sudo cat /root/.ssh/id_ed25519_giteadeploy.pub
sudo ssh-keygen -A
nix --extra-experimental-features 'flakes nix-command' shell nixpkgs#git
nix --extra-experimental-features 'flakes nix-command' store gc
FLAKE="git+ssh://gitea@nayeonie.com:2222/ahuston-0/nix-dotfiles?ref=feature/hetzner-bridge#hetzner-bridge"
DISK_DEVICE=/dev/sda
sudo nix \
--extra-experimental-features 'flakes nix-command' \
run github:nix-community/disko#disko-install -- \
--flake "$FLAKE" \
--write-efi-boot-entries \
--disk main "$DISK_DEVICE"

35
utils/hetzner-nixos-anywhere.sh Normal file
View File

@ -0,0 +1,35 @@
#!/usr/bin/env nix
#! nix shell nixpkgs#bash nixpkgs#mktemp nixpkgs#openssh nixpkgs#nixos-anywhere nixpkgs#sops --command bash
echoerr() { printf "%s\n" "$*" >&2; }
if (( $# != 1 )); then
echoerr "usage: $0 <hostname>"
fi
HOSTNAME=$1
# Create a temporary directory
temp=$(mktemp -d)
# Function to cleanup temporary directory on exit
cleanup() {
rm -rf "$temp"
}
trap cleanup EXIT
# Create the directory where sshd expects to find the host keys
install -d -m755 "$temp/etc/ssh"
# Create host keys
ssh-keygen -A -f "$temp/etc/ssh/"
# Set the correct permissions so sshd will accept the key
chmod 600 "$temp/etc/ssh/ssh_host_ed25519_key"
AGEKEY=$(ssh-to-age < "$temp/etc/ssh/ssh_host_ed25519_key.pub")
echo "$AGEKEY" | tee "./$HOSTNAME.age"
# Install NixOS to the host system with our secrets
nixos-anywhere --extra-files "$temp" --flake '.#your-host' root@yourip

33
utils/inject-diff.py
View File

@ -1,33 +0,0 @@
#!/usr/bin/env nix
#! nix shell nixpkgs#python3 --command python
import logging
def inject_diff():
source_file = 'post-diff'
target_file = 'pr_body.md'
placeholder = "nix-diff-placeholder"
logging.info(f"injecting '{source_file}' into '{target_file}' using '{placeholder}' as a placeholder")
out = []
with open(source_file,'r') as src:
src_content = src.read()
if len(src_content) > 60000:
logging.warning(f"{source_file} is longer than 60k characters, truncating")
src_content = src_content[:60000]
with open(target_file,'r') as tgt:
for line in tgt.readlines():
if placeholder in line:
out.append(line.replace(placeholder,src_content))
else:
out.append(line)
with open(target_file,'w') as tgt:
tgt.writelines(out)
if __name__ == "__main__":
logging.basicConfig( level=logging.INFO)
inject_diff()