Compare commits

...

29 commits

Author SHA1 Message Date
Benjamin Bädorf f6062d0019
Merge pull request 'Pull in upstream devos commits' (#150) from feature/pull-in-upstream-devos-commits into main
Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/150
Reviewed-by: Benjamin Bädorf <hello@benjaminbaedorf.eu>
2022-11-08 16:50:10 +00:00
teutat3s 06ed2a78a9
Bump flake.lock 2022-11-07 11:26:58 +01:00
teutat3s 02c145697b
Pull in upstream commits from https://github.com/divnix/digga/pull/490
Improved flake-compat

Get the rev from the flake.lock file. Shouldn't be an issue for
first time users as the guide instructs users to generate a lock
file. `builtins.file` was used in accordance with nix.dev
reccommendations.

https://nix.dev/anti-patterns/language#reproducibility-referencing-top-level-directory-with

Rm tempfix
2022-11-07 11:24:59 +01:00
teutat3s c860d5e3f6
Merge pull request 'Update drone-config' (#143) from feature/update-drone-config-for-kvm-tests into main
Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/143
Reviewed-by: teutat3s <teutates@mailbox.org>
2022-10-29 20:40:26 +00:00
Hendrik Sokolowski 630d0afc5e
Update drone-config 2022-10-29 03:57:08 +02:00
Benjamin Bädorf e26ffd2725
Merge pull request 'Embrace nvfetcher' (#145) from feature/embrace-nvfetcher into main
Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/145
Reviewed-by: Benjamin Bädorf <hello@benjaminbaedorf.eu>
2022-10-29 00:43:30 +00:00
Benjamin Bädorf 6824cf70f3
Merge pull request 'Improve hibernation logic' (#148) from feature/improve-hibernation-logic into main
Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/148
Reviewed-by: Benjamin Bädorf <hello@benjaminbaedorf.eu>
2022-10-24 19:35:28 +00:00
teutat3s 3aff6251b5
Merge branch 'main' into feature/embrace-nvfetcher 2022-10-24 15:25:45 +02:00
teutat3s ea6233f57e
zsh: fetch plugins using nvfetcher 2022-10-24 15:24:52 +02:00
Hendrik Sokolowski eece344083
Make resume_offset optional 2022-10-23 18:33:52 +02:00
teutat3s 51d03f0de7
Merge pull request 'drone: use our custom drone-scp image' (#146) from fix/drone-publish-iso-symlink into main
Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/146
2022-10-21 13:08:52 +00:00
teutat3s e4418bfe0c
drone: use our custom drone-scp image 2022-10-20 18:29:20 +02:00
teutat3s 520e9546ed
Merge pull request 'Bump flake.lock' (#144) from bump/flake-lock into main
Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/144
Reviewed-by: Benjamin Bädorf <hello@benjaminbaedorf.eu>
2022-10-20 10:37:08 +00:00
teutat3s e69c8fe9c7
Bump flake.lock 2022-10-18 17:02:23 +02:00
teutat3s 4520dece5f
neovim: use nvfetcher for custom plugins 2022-10-18 16:55:51 +02:00
Benjamin Bädorf bcf6ca5fe4
Merge pull request 'Fix base user ssh public keys' (#141) from fix/base-user-ssh-public-keys into main
Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/141
Reviewed-by: Benjamin Bädorf <hello@benjaminbaedorf.eu>
2022-10-05 11:19:41 +00:00
teutat3s d43bd80580
core: disable SSH passwordAuthentication by default 2022-10-05 11:58:26 +02:00
teutat3s f28d05e24e
Change user.publicKeys to a SSH keys string list 2022-10-05 11:57:51 +02:00
Benjamin Bädorf b7132c3744
Merge pull request 'Be more paranoid' (#139) from feature/more-paranoia into main
Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/139
Reviewed-by: teutat3s <teutates@mailbox.org>
2022-10-03 18:36:05 +00:00
Benjamin Bädorf f3a5b2233a
Merge branch 'main' into feature/more-paranoia 2022-10-03 02:55:25 +00:00
Benjamin Bädorf 5da560ef56
Open up SSH by default 2022-10-03 04:55:14 +02:00
Benjamin Bädorf 65bb399df8
Merge pull request 'alacritty: improve selection and cursor colors' (#140) from fix/alacritty-selection-cursor-colors into main
Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/140
Reviewed-by: Benjamin Bädorf <hello@benjaminbaedorf.eu>
2022-10-03 02:48:39 +00:00
teutat3s b23e1e16a4
alacritty: improve selection and cursor colors 2022-10-03 04:11:16 +02:00
Benjamin Bädorf 6f3885d0ca
Remove doubled openssh configs in paranoia module 2022-10-03 04:07:48 +02:00
Benjamin Bädorf 8529a15177
Be more paranoid
The paranoia mode now also enables the firewall and closes down a couple
of small openSSH holes. `noexec` on the whole FS is left out as it will
make every existing PubSolarOS installation panic.
2022-10-03 04:03:09 +02:00
Benjamin Bädorf 22445ea19e
Merge pull request 'ci: fix upload target path' (#138) from fix/iso-publish-upload-path into main
Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/138
Reviewed-by: Benjamin Bädorf <hello@benjaminbaedorf.eu>
2022-10-03 00:59:57 +00:00
teutat3s f2ecc2d8b9
ci: fix upload target path 2022-10-03 02:30:08 +02:00
teutat3s 741e4bfef1
Merge pull request 'iso: add PubSolarOS naming, drone pipeline' (#137) from feature/our-super-iso-label into main
Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/137
Reviewed-by: Benjamin Bädorf <hello@benjaminbaedorf.eu>
2022-10-02 23:33:44 +00:00
teutat3s 986680cc26
bootstrap iso: add PubSolarOS naming, drone pipeline
adjustments to include a symlink to the latest iso built
2022-10-03 01:30:34 +02:00
20 changed files with 376 additions and 186 deletions

View file

@ -1,11 +1,12 @@
--- ---
kind: pipeline kind: pipeline
type: docker type: exec
name: Check name: Check
node:
hosttype: baremetal
steps: steps:
- name: "Check" - name: "Check"
image: docker.nix-community.org/nixpkgs/nix-flakes:latest
when: when:
event: event:
- pull_request - pull_request
@ -20,6 +21,8 @@ steps:
kind: pipeline kind: pipeline
type: exec type: exec
name: Tests name: Tests
node:
hosttype: baremetal
steps: steps:
- name: "Tests" - name: "Tests"
@ -98,10 +101,19 @@ steps:
- | - |
nix $$NIX_FLAGS build \ nix $$NIX_FLAGS build \
'.#nixosConfigurations.bootstrap.config.system.build.isoImage' '.#nixosConfigurations.bootstrap.config.system.build.isoImage'
- cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ - cp $(readlink -f result)/iso/PubSolarOS*.iso /var/nix/iso-cache/
- nix shell nixpkgs#findutils
- cd /var/nix/iso-cache/
- export ISO_NAME=$(find . -name '*.iso' -printf "%f\n")
- sha256sum $ISO_NAME > $ISO_NAME.sha256
- ln -s $ISO_NAME PubSolarOS-latest.iso
- cp $ISO_NAME.sha256 PubSolarOS-latest.iso.sha256
- nix run nixpkgs#gnused -- --in-place "s/$ISO_NAME/PubSolarOS-latest.iso/" PubSolarOS-latest.iso.sha256
- name: "Publish ISO" - name: "Publish ISO"
image: appleboy/drone-scp # custom drone-scp image, source: https://git.b12f.io/pub-solar/drone-scp/
# docker build --tag registry.greenbaum.cloud/library/drone-scp:v1.6.5 --file ./docker/Dockerfile.linux.amd64 .
image: registry.greenbaum.cloud/library/drone-scp:v1.6.5
volumes: volumes:
- name: file-exchange - name: file-exchange
path: /var/nix/iso-cache path: /var/nix/iso-cache
@ -114,9 +126,11 @@ steps:
from_secret: iso_web_ssh_port from_secret: iso_web_ssh_port
key: key:
from_secret: iso_web_ssh_key from_secret: iso_web_ssh_key
target: /srv/os target: /srv/os/download
source: source:
- /var/nix/iso-cache/*.iso - /var/nix/iso-cache/*.iso
- /var/nix/iso-cache/*.iso.sha256
unlink_first: true
strip_components: 3 strip_components: 3
depends_on: depends_on:
@ -134,6 +148,6 @@ volumes:
--- ---
kind: signature kind: signature
hmac: 2b930bb5fe02006203b7c2fae8af75814749e8cec5f976ec0d6e64eae1b0c5db hmac: 291be33bbf2954d1f5e4bf569679e24a773e7d6f90db4765fb9dacb3686a825e
... ...

View file

@ -7,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1664140963, "lastModified": 1665870395,
"narHash": "sha256-pFxDtOLduRFlol0Y4ShE+soRQX4kbhaCNBtDOvx7ykw=", "narHash": "sha256-Tsbqb27LDNxOoPLh0gw2hIb6L/6Ow/6lIBvqcHzEKBI=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "6acb1fe5f8597d5ce63fc82bc7fcac7774b1cdf0", "rev": "a630400067c6d03c9b3e0455347dc8559db14288",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -42,11 +42,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1664210064, "lastModified": 1667419884,
"narHash": "sha256-df6nKVZe/yAhmJ9csirTPahc0dldwm3HBhCVNA6qWr0=", "narHash": "sha256-oLNw87ZI5NxTMlNQBv1wG2N27CUzo9admaFlnmavpiY=",
"owner": "LnL7", "owner": "LnL7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "02d2551c927b7d65ded1b3c7cd13da5cc7ae3fcf", "rev": "cfc0125eafadc9569d3d6a16ee928375b77e3100",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -205,6 +205,22 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"locked": { "locked": {
"lastModified": 1642700792, "lastModified": 1642700792,
@ -256,11 +272,11 @@
}, },
"flake-utils_3": { "flake-utils_3": {
"locked": { "locked": {
"lastModified": 1659877975, "lastModified": 1667077288,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "narHash": "sha256-bdC8sFNDpT0HK74u9fUkpbf1MEzVYJ+ka7NXCdgBoaA=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "rev": "6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -276,11 +292,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1656169755, "lastModified": 1667677389,
"narHash": "sha256-Nlnm4jeQWEGjYrE6hxi/7HYHjBSZ/E0RtjCYifnNsWk=", "narHash": "sha256-y9Zdq8vtsn0T5TO1iTvWA7JndYIAGjzCjbYVi/hOSmA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "4a3d01fb53f52ac83194081272795aa4612c2381", "rev": "87d55517f6f36aa1afbd7a4a064869d5a1d405b8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -308,11 +324,11 @@
}, },
"latest_2": { "latest_2": {
"locked": { "locked": {
"lastModified": 1664538465, "lastModified": 1667629849,
"narHash": "sha256-EnlC7dDKX7X1wlnXkB1gmn9rBZQ0J9+biVTZHw//8us=", "narHash": "sha256-P+v+nDOFWicM4wziFK9S/ajF2lc0N2Rg9p6Y35uMoZI=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "10ecda252ce1b3b1d6403caeadbcc8f30d5ab796", "rev": "3bacde6273b09a21a8ccfba15586fb165078fb62",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -359,11 +375,11 @@
}, },
"nixos": { "nixos": {
"locked": { "locked": {
"lastModified": 1664594436, "lastModified": 1667653703,
"narHash": "sha256-YHowMADGzdi7fKnGlg47qe0PIljq+11VqLarmXDuKxQ=", "narHash": "sha256-Xow4vx52/g5zkhlgZnMEm/TEXsj+13jTPCc2jIhW1xU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9cac45850280978a21a3eb67b15a18f34cbffa2d", "rev": "f09ad462c5a121d0239fde645aacb2221553a217",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -379,11 +395,11 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1660727616, "lastModified": 1666812839,
"narHash": "sha256-zYTIvdPMYMx/EYqXODAwIIU30RiEHqNHdgarIHuEYZc=", "narHash": "sha256-0nBDgjPU+iDsvz89W+cDEyhnFGSwCJmwDl/gMGqYiU0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-generators", "repo": "nixos-generators",
"rev": "adccd191a0e83039d537e021f19495b7bad546a1", "rev": "41f3518bc194389df22a3d198215eae75e6b5ab9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -394,11 +410,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1664628729, "lastModified": 1667768008,
"narHash": "sha256-A1J0ZPhBfZZiWI6ipjKJ8+RpMllzOMu/An/8Tk3t4oo=", "narHash": "sha256-PGbX0s2hhXGnZDFVE6UIhPSOf5YegpWs5dUXpT/14F0=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "3024c67a2e9a35450558426c42e7419ab37efd95", "rev": "f6483e0def85efb9c1e884efbaff45a5e7aabb34",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -453,18 +469,18 @@
}, },
"nvfetcher": { "nvfetcher": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_4",
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_3",
"nixpkgs": [ "nixpkgs": [
"nixos" "nixos"
] ]
}, },
"locked": { "locked": {
"lastModified": 1664550666, "lastModified": 1667620329,
"narHash": "sha256-eXfMRd9uItEp3PsYI31FSVGPG9dVC6yF++65ZrGwW8A=", "narHash": "sha256-v1Zk7rtEbAGpevBGPZvZBKpwbmw4I+uVwxvd+pBlp3o=",
"owner": "berberman", "owner": "berberman",
"repo": "nvfetcher", "repo": "nvfetcher",
"rev": "9763ad40d59a044e90726653d9253efaeeb053b2", "rev": "294826951113dcd3aa9abbcacfb1aa5b95a19116",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -479,6 +495,7 @@
"darwin": "darwin", "darwin": "darwin",
"deploy": "deploy", "deploy": "deploy",
"digga": "digga", "digga": "digga",
"flake-compat": "flake-compat_3",
"home": "home", "home": "home",
"latest": "latest_2", "latest": "latest_2",
"naersk": "naersk", "naersk": "naersk",

View file

@ -11,6 +11,9 @@
nixos.url = "github:nixos/nixpkgs/nixos-22.05"; nixos.url = "github:nixos/nixpkgs/nixos-22.05";
latest.url = "github:nixos/nixpkgs/nixos-unstable"; latest.url = "github:nixos/nixpkgs/nixos-unstable";
flake-compat.url = "github:edolstra/flake-compat";
flake-compat.flake = false;
digga.url = "github:pub-solar/digga/fix/bootstrap-iso"; digga.url = "github:pub-solar/digga/fix/bootstrap-iso";
digga.inputs.nixpkgs.follows = "nixos"; digga.inputs.nixpkgs.follows = "nixos";
digga.inputs.nixlib.follows = "nixos"; digga.inputs.nixlib.follows = "nixos";

View file

@ -1,4 +1,18 @@
{ profiles, ... }: { config, lib, pkgs, profiles, ... }:
with lib;
let
# Gets hostname of host to be bundled inside iso
# Copied from https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L3-L11
getFqdn = config:
let
net = config.networking;
fqdn =
if (net ? domain) && (net.domain != null)
then "${net.hostName}.${net.domain}"
else net.hostName;
in
fqdn;
in
{ {
# build with: `nix build ".#nixosConfigurations.bootstrap.config.system.build.isoImage"` # build with: `nix build ".#nixosConfigurations.bootstrap.config.system.build.isoImage"`
imports = [ imports = [
@ -10,11 +24,22 @@
profiles.pub-solar-iso profiles.pub-solar-iso
]; ];
config = {
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
# will be overridden by the bootstrapIso instrumentation # will be overridden by the bootstrapIso instrumentation
fileSystems."/" = { device = "/dev/disk/by-label/nixos"; }; fileSystems."/" = { device = "/dev/disk/by-label/nixos"; };
system.nixos.label = "PubSolarOS-" + config.system.nixos.version;
# mkForce because a similar transformation gets double applied otherwise
# https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L17
# https://github.com/NixOS/nixpkgs/blob/aecd4d8349b94f9bd5718c74a5b789f233f67326/nixos/modules/installer/cd-dvd/installation-cd-base.nix#L21-L22
isoImage = {
isoBaseName = mkForce (getFqdn config);
isoName = mkForce "${config.system.nixos.label}-${config.isoImage.isoBaseName}-${pkgs.stdenv.hostPlatform.system}.iso";
};
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave
@ -22,4 +47,5 @@
# Before changing this value read the documentation for this option # Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment? system.stateVersion = "21.05"; # Did you read the comment?
};
} }

View file

@ -1,14 +1,14 @@
let let
rev = "e7e5d481a0e15dcd459396e55327749989e04ce0"; lock = builtins.fromJSON (builtins.readFile builtins.path { path = ../../flake.lock; name = "lockPath"; });
flake = (import flake = (import
( (
fetchTarball { fetchTarball {
url = "https://github.com/edolstra/flake-compat/archive/${rev}.tar.gz"; url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
sha256 = "0zd3x46fswh5n6faq4x2kkpy6p3c6j593xbdlbsl40ppkclwc80x"; sha256 = lock.nodes.flake-compat.locked.narHash;
} }
) )
{ {
src = ../../.; src = builtins.path { path = ../../.; name = "projectRoot"; };
}); });
in in
flake flake

View file

@ -2,7 +2,6 @@
with lib; with lib;
let let
psCfg = config.pub-solar;
cfg = config.pub-solar.core; cfg = config.pub-solar.core;
in in
{ {
@ -29,12 +28,12 @@ in
config = { config = {
pub-solar = { pub-solar = {
audio.enable = lib.mkIf (!cfg.lite) (lib.mkDefault true); audio.enable = mkIf (!cfg.lite) (mkDefault true);
crypto.enable = lib.mkIf (!cfg.lite) (lib.mkDefault true); crypto.enable = mkIf (!cfg.lite) (mkDefault true);
devops.enable = lib.mkIf (!cfg.lite) (lib.mkDefault true); devops.enable = mkIf (!cfg.lite) (mkDefault true);
terminal-life = { terminal-life = {
enable = lib.mkDefault true; enable = mkDefault true;
lite = cfg.lite; lite = cfg.lite;
}; };
}; };

View file

@ -27,9 +27,7 @@ in
config = { config = {
boot = mkIf cfg.enable { boot = mkIf cfg.enable {
resumeDevice = cfg.resumeDevice; resumeDevice = cfg.resumeDevice;
kernelParams = kernelParams = mkIf (cfg.resumeOffset != null) [ "resume_offset=${builtins.toString cfg.resumeOffset}" ];
if (cfg.resumeOffset == null && cfg.enable) then builtins.abort "config.pub-solar.resumeOffset has to be set if config.pub-solar.enable is true."
else [ "resume_offset=${builtins.toString cfg.resumeOffset}" ];
}; };
}; };
} }

View file

@ -36,6 +36,8 @@ in
wifi.backend = "iwd"; wifi.backend = "iwd";
}; };
networking.firewall.enable = true;
# Customized binary caches list (with fallback to official binary cache) # Customized binary caches list (with fallback to official binary cache)
nix.binaryCaches = cfg.binaryCaches; nix.binaryCaches = cfg.binaryCaches;
nix.binaryCachePublicKeys = cfg.publicKeys; nix.binaryCachePublicKeys = cfg.publicKeys;

View file

@ -4,7 +4,10 @@
# For rage encryption, all hosts need a ssh key pair # For rage encryption, all hosts need a ssh key pair
services.openssh = { services.openssh = {
enable = true; enable = true;
openFirewall = lib.mkDefault false; # If you don't want the host to have SSH actually opened up to the net,
# set `services.openssh.openFirewall` to false in your config.
openFirewall = lib.mkDefault true;
passwordAuthentication = false;
}; };
# Service that makes Out of Memory Killer more effective # Service that makes Out of Memory Killer more effective

View file

@ -100,10 +100,15 @@
foreground = "0xe3e1e4"; foreground = "0xe3e1e4";
}; };
# Colors the cursor will use if `custom_cursor_colors` is true # Cursor colors
#
# Colors which should be used to draw the terminal cursor.
#
# Allowed values are CellForeground/CellBackground, which reference the
# affected cell, or hexadecimal colors like #ff00ff.
cursor = { cursor = {
text = "0x1a181a"; text = "CellBackground";
cursor = "0xe3e1e4"; cursor = "CellForeground";
}; };
# Colors used for the search bar and match highlighting. # Colors used for the search bar and match highlighting.
@ -115,14 +120,25 @@
background = "0x1a181a"; background = "0x1a181a";
}; };
focused_match = { focused_match = {
foreground = "0xe5c463"; foreground = "CellBackground";
background = "0xe3e1e4"; background = "CellForeground";
}; };
#bar = #bar =
# background = "#c5c8c6"; # background = "#c5c8c6";
# foreground = "#1d1f21"; # foreground = "#1d1f21";
}; };
# Selection colors
#
# Colors which should be used to draw the selection area.
#
# Allowed values are CellForeground/CellBackground, which reference the
# affected cell, or hexadecimal colors like #ff00ff.
selection = {
text = "0x1a181a";
background = "0xf85e84";
};
# Normal colors # Normal colors
normal = { normal = {
black = "0x1a181a"; black = "0x1a181a";

View file

@ -21,5 +21,32 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
pub-solar.core.hibernation.enable = true; pub-solar.core.hibernation.enable = true;
services.logind.lidSwitch = "hibernate"; services.logind.lidSwitch = "hibernate";
# The options below are directly taken from or inspired by
# https://xeiaso.net/blog/paranoid-nixos-2021-07-18
# Don't set this if you need sftp
services.openssh.allowSFTP = false;
services.openssh.openFirewall = false; # Lock yourself out
# Limit the use of sudo to the group wheel
security.sudo.execWheelOnly = true;
# Remove the complete default environment of packages like
# nano, perl and rsync
environment.defaultPackages = lib.mkForce [ ];
# fileSystems."/".options = [ "noexec" ];
services.openssh = {
kbdInteractiveAuthentication = false;
extraConfig = ''
AllowTcpForwarding yes
X11Forwarding no
AllowAgentForwarding no
AllowStreamLocalForwarding no
AuthenticationMethods publickey
'';
};
}; };
} }

View file

@ -5,66 +5,6 @@ let
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
preview-file = pkgs.writeShellScriptBin "preview-file" (import ./preview-file.nix pkgs); preview-file = pkgs.writeShellScriptBin "preview-file" (import ./preview-file.nix pkgs);
vimagit-master = pkgs.vimUtils.buildVimPlugin {
name = "vimagit-master";
src = pkgs.fetchFromGitHub {
owner = "jreybert";
repo = "vimagit";
rev = "308650ddc1e9a94e49fae0ea04bbc1c45f23d4c4";
sha256 = "sha256-fhazQQqyFaO0fdoeNI9nBshwTDhKNHH262H/QThtuO0=";
};
};
instant-nvim = pkgs.vimUtils.buildVimPlugin {
name = "instant";
src = pkgs.fetchFromGitHub {
owner = "jbyuki";
repo = "instant.nvim";
rev = "c02d72267b12130609b7ad39b76cf7f4a3bc9554";
sha256 = "sha256-7Pr2Au/oGKp5kMXuLsQY4BK5Wny9L1EBdXtyS5EaZPI=";
};
};
vim-caddyfile = pkgs.vimUtils.buildVimPlugin {
name = "vim-caddyfile";
src = pkgs.fetchFromGitHub {
owner = "isobit";
repo = "vim-caddyfile";
rev = "24fe0720551883e407cb70ae1d7c03f162d1d5a0";
sha256 = "sha256-rRYv3vnt31g7hNTxttTD6BWdv5JJ+ko3rPNyDUEOZ9o=";
};
};
workspace = pkgs.vimUtils.buildVimPlugin {
name = "vim-workspace";
src = pkgs.fetchFromGitHub {
owner = "thaerkh";
repo = "vim-workspace";
rev = "c26b473f9b073f24bacecd38477f44c5cd1f5a62";
sha256 = "sha256-XV7opLyfkHIDO0+JJaO/x0za0gsHuklrzapTGdLHJmI=";
};
};
beautify = pkgs.vimUtils.buildVimPlugin {
name = "vim-beautify";
src = pkgs.fetchFromGitHub {
owner = "zeekay";
repo = "vim-beautify";
rev = "e0691483927dc5a0c051433602397419f9628623";
sha256 = "QPTCl6KaGcAjTS5yVDov9yxmv0fDaFoPLMsrtVIG6GQ=";
};
};
apprentice = pkgs.vimUtils.buildVimPlugin {
name = "vim-apprentice";
src = pkgs.fetchFromGitHub {
owner = "romainl";
repo = "Apprentice";
rev = "ecd41698037f15a58125b349be76dbd2595bfb6d";
sha256 = "sha256-9s7Yzn3IEJBjcyUq9NBIQ9wb45Xr7jOkEIoWf0lAYYg=";
};
};
in in
{ {
enable = true; enable = true;
@ -108,7 +48,7 @@ in
lsp_extensions-nvim lsp_extensions-nvim
nvim-lspconfig nvim-lspconfig
instant-nvim instant-nvim-nvfetcher
ack-vim ack-vim
vim-airline vim-airline
@ -119,23 +59,23 @@ in
syntastic syntastic
vim-gutentags vim-gutentags
vim-vinegar vim-vinegar
workspace vim-workspace-nvfetcher
sonokai sonokai
vim-hybrid-material vim-hybrid-material
vim-airline-themes vim-airline-themes
apprentice vim-apprentice-nvfetcher
fugitive fugitive
vim-gitgutter vim-gitgutter
vim-rhubarb vim-rhubarb
vimagit-master vimagit-nvfetcher
fzf-vim fzf-vim
fzfWrapper fzfWrapper
vim-highlightedyank vim-highlightedyank
beautify vim-beautify-nvfetcher
vim-surround vim-surround
vim-bufkill vim-bufkill
@ -144,7 +84,7 @@ in
ansible-vim ansible-vim
emmet-vim emmet-vim
rust-vim rust-vim
vim-caddyfile vim-caddyfile-nvfetcher
vim-go vim-go
vim-javascript vim-javascript
vim-json vim-json

View file

@ -40,46 +40,27 @@ in
myip = "dig +short myip.opendns.com @208.67.222.222 2>&1"; myip = "dig +short myip.opendns.com @208.67.222.222 2>&1";
}; };
plugins = [ plugins = [
# src gets fetched by nvfetcher, see: ./pkgs/sources.toml
{ {
# will source ohmyzsh/plugins/z/ # will source ohmyzsh/plugins/z/
name = "zsh-plugins-z"; name = "zsh-plugins-z";
file = "plugins/z/z.sh"; file = "plugins/z/z.plugin.zsh";
src = pkgs.fetchFromGitHub { src = pkgs.sources.ohmyzsh.src;
owner = "ohmyzsh";
repo = "ohmyzsh";
rev = "249c708ed3a4a7a63d16a6e911a46b6fb9623cbd";
sha256 = "sha256-NAVotL5RxpS/zKnO+ngMIjv787lqc1dj/c4blQrQcvU=";
};
} }
{ {
name = "zsh-powerlevel10k"; name = "zsh-powerlevel10k";
file = "powerlevel10k.zsh-theme"; file = "powerlevel10k.zsh-theme";
src = pkgs.fetchFromGitHub { src = pkgs.sources.powerlevel10k.src;
owner = "romkatv";
repo = "powerlevel10k";
rev = "2dd6a29e4d7a33bfef10973d6550e087be37ddee";
sha256 = "sha256-9vc4cMBCNOmPOyzGwnPeMrXXyQUq4pC9Du3AWl9+Rys=";
};
} }
{ {
name = "zsh-fast-syntax-highlighting"; name = "zsh-fast-syntax-highlighting";
file = "F-Sy-H.plugin.zsh"; file = "F-Sy-H.plugin.zsh";
src = pkgs.fetchFromGitHub { src = pkgs.sources.F-Sy-H.src;
owner = "z-shell";
repo = "F-Sy-H";
rev = "c4bdc485b67b58351a24f21fcac92c9e0232b939";
sha256 = "sha256-uXBGIdJwubuueNhQRdGxPUi0eJN17cflYAuHTjeQ8FQ=";
};
} }
{ {
name = "zsh-nix-shell"; name = "zsh-nix-shell";
file = "nix-shell.plugin.zsh"; file = "nix-shell.plugin.zsh";
src = pkgs.fetchFromGitHub { src = pkgs.sources.zsh-nix-shell.src;
owner = "chisui";
repo = "zsh-nix-shell";
rev = "af6f8a266ea1875b9a3e86e14796cadbe1cfbf08";
sha256 = "sha256-BjgMhILEL/qdgfno4LR64LSB8n9pC9R+gG7IQWwgyfQ=";
};
} }
]; ];

View file

@ -23,7 +23,7 @@ in
}; };
publicKeys = mkOption { publicKeys = mkOption {
description = "User SSH public keys"; description = "User SSH public keys";
type = types.listOf types.path; type = types.listOf types.str;
default = [ ]; default = [ ];
}; };
fullName = mkOption { fullName = mkOption {

View file

@ -0,0 +1,22 @@
final: prev: {
vimPlugins = prev.vimPlugins // {
instant-nvim-nvfetcher = prev.vimUtils.buildVimPluginFrom2Nix {
inherit (prev.sources.instant-nvim-nvfetcher) pname version src;
};
vimagit-nvfetcher = prev.vimUtils.buildVimPluginFrom2Nix {
inherit (prev.sources.vimagit-nvfetcher) pname version src;
};
vim-caddyfile-nvfetcher = prev.vimUtils.buildVimPluginFrom2Nix {
inherit (prev.sources.vim-caddyfile-nvfetcher) pname version src;
};
vim-workspace-nvfetcher = prev.vimUtils.buildVimPluginFrom2Nix {
inherit (prev.sources.vim-workspace-nvfetcher) pname version src;
};
vim-beautify-nvfetcher = prev.vimUtils.buildVimPluginFrom2Nix {
inherit (prev.sources.vim-beautify-nvfetcher) pname version src;
};
vim-apprentice-nvfetcher = prev.vimUtils.buildVimPluginFrom2Nix {
inherit (prev.sources.vim-apprentice-nvfetcher) pname version src;
};
};
}

View file

@ -1,13 +1,6 @@
final: prev: { final: prev: {
rnix-lsp = prev.rnix-lsp.overrideAttrs (oldAttrs: rec { rnix-lsp = prev.rnix-lsp.overrideAttrs (oldAttrs: rec {
version = "unstable-2022-07-28"; inherit (prev.sources.rnix-lsp-nvfetcher) pname version src;
src = prev.fetchFromGitHub {
owner = "nix-community";
repo = "rnix-lsp";
rev = "ff18e04551a39ccdab0ff9c83926db3807b23478";
sha256 = "sha256-4OIpATLdPQvryyhRQPELeqNYC0n6PCyjD6LCPdwOztc=";
};
cargoDeps = oldAttrs.cargoDeps.overrideAttrs (prev.lib.const { cargoDeps = oldAttrs.cargoDeps.overrideAttrs (prev.lib.const {
name = "rnix-lsp-vendor.tar.gz"; name = "rnix-lsp-vendor.tar.gz";

View file

@ -1,16 +1,136 @@
# This file was generated by nvfetcher, please do not modify it manually. # This file was generated by nvfetcher, please do not modify it manually.
{ fetchgit, fetchurl }: { fetchgit, fetchurl, fetchFromGitHub }:
{ {
F-Sy-H = {
pname = "F-Sy-H";
version = "b935a87a75560f8173dd78deee6717c59d464e06";
src = fetchFromGitHub ({
owner = "z-shell";
repo = "F-Sy-H";
rev = "b935a87a75560f8173dd78deee6717c59d464e06";
fetchSubmodules = false;
sha256 = "sha256-448OlDnrDkUjvaSLDhXsa9bkgYXzj1Ju8CTpJVjH8LM=";
});
};
instant-nvim-nvfetcher = {
pname = "instant-nvim-nvfetcher";
version = "294b6d08143b3db8f9db7f606829270149e1a786";
src = fetchFromGitHub ({
owner = "jbyuki";
repo = "instant.nvim";
rev = "294b6d08143b3db8f9db7f606829270149e1a786";
fetchSubmodules = false;
sha256 = "sha256-DXJWji/NR8ZCxe014rD51v3EHJHMhRQeOoI3SsY8mR4=";
});
};
manix = { manix = {
pname = "manix"; pname = "manix";
version = "d08e7ca185445b929f097f8bfb1243a8ef3e10e4"; version = "d08e7ca185445b929f097f8bfb1243a8ef3e10e4";
src = fetchgit { src = fetchFromGitHub ({
url = "https://github.com/mlvzk/manix"; owner = "mlvzk";
repo = "manix";
rev = "d08e7ca185445b929f097f8bfb1243a8ef3e10e4"; rev = "d08e7ca185445b929f097f8bfb1243a8ef3e10e4";
fetchSubmodules = false; fetchSubmodules = false;
deepClone = false; sha256 = "sha256-GqPuYscLhkR5E2HnSFV4R48hCWvtM3C++3zlJhiK/aw=";
leaveDotGit = false; });
sha256 = "1b7xi8c2drbwzfz70czddc4j33s7g1alirv12dwl91hbqxifx8qs";
}; };
ohmyzsh = {
pname = "ohmyzsh";
version = "65a1e4edbe678cdac37ad96ca4bc4f6d77e27adf";
src = fetchFromGitHub ({
owner = "ohmyzsh";
repo = "ohmyzsh";
rev = "65a1e4edbe678cdac37ad96ca4bc4f6d77e27adf";
fetchSubmodules = false;
sha256 = "sha256-qyI7CU0vKhhADZfQtD73GsyAbqdMPhDQ1uA03h4erpw=";
});
};
powerlevel10k = {
pname = "powerlevel10k";
version = "8091c8a3a8a845c70046684235a01cd500075def";
src = fetchFromGitHub ({
owner = "romkatv";
repo = "powerlevel10k";
rev = "8091c8a3a8a845c70046684235a01cd500075def";
fetchSubmodules = false;
sha256 = "sha256-I0/tktXCbZ3hMYTNvPoWfOEYWRgmHoXsar/jcUB6bpo=";
});
};
rnix-lsp-nvfetcher = {
pname = "rnix-lsp-nvfetcher";
version = "6925256babec4307479a4080b44f2be38056f210";
src = fetchFromGitHub ({
owner = "nix-community";
repo = "rnix-lsp";
rev = "6925256babec4307479a4080b44f2be38056f210";
fetchSubmodules = false;
sha256 = "sha256-OKLyIXIXhUnRB3Xw+7zI3u6XkwF7Mrbfz1XaasV6i7Q=";
});
};
vim-apprentice-nvfetcher = {
pname = "vim-apprentice-nvfetcher";
version = "9942d0bb0a5d82f7a24450b00051c1f2cc008659";
src = fetchFromGitHub ({
owner = "romainl";
repo = "Apprentice";
rev = "9942d0bb0a5d82f7a24450b00051c1f2cc008659";
fetchSubmodules = false;
sha256 = "sha256-Xs+vTdnihNbBFPOKsW+NB40pqN9eaadqzc0DIeNoOFo=";
});
};
vim-beautify-nvfetcher = {
pname = "vim-beautify-nvfetcher";
version = "e0691483927dc5a0c051433602397419f9628623";
src = fetchFromGitHub ({
owner = "zeekay";
repo = "vim-beautify";
rev = "e0691483927dc5a0c051433602397419f9628623";
fetchSubmodules = false;
sha256 = "sha256-QPTCl6KaGcAjTS5yVDov9yxmv0fDaFoPLMsrtVIG6GQ=";
});
};
vim-caddyfile-nvfetcher = {
pname = "vim-caddyfile-nvfetcher";
version = "24fe0720551883e407cb70ae1d7c03f162d1d5a0";
src = fetchFromGitHub ({
owner = "isobit";
repo = "vim-caddyfile";
rev = "24fe0720551883e407cb70ae1d7c03f162d1d5a0";
fetchSubmodules = false;
sha256 = "sha256-rRYv3vnt31g7hNTxttTD6BWdv5JJ+ko3rPNyDUEOZ9o=";
});
};
vim-workspace-nvfetcher = {
pname = "vim-workspace-nvfetcher";
version = "c26b473f9b073f24bacecd38477f44c5cd1f5a62";
src = fetchFromGitHub ({
owner = "thaerkh";
repo = "vim-workspace";
rev = "c26b473f9b073f24bacecd38477f44c5cd1f5a62";
fetchSubmodules = false;
sha256 = "sha256-XV7opLyfkHIDO0+JJaO/x0za0gsHuklrzapTGdLHJmI=";
});
};
vimagit-nvfetcher = {
pname = "vimagit-nvfetcher";
version = "308650ddc1e9a94e49fae0ea04bbc1c45f23d4c4";
src = fetchFromGitHub ({
owner = "jreybert";
repo = "vimagit";
rev = "308650ddc1e9a94e49fae0ea04bbc1c45f23d4c4";
fetchSubmodules = false;
sha256 = "sha256-fhazQQqyFaO0fdoeNI9nBshwTDhKNHH262H/QThtuO0=";
});
};
zsh-nix-shell = {
pname = "zsh-nix-shell";
version = "af6f8a266ea1875b9a3e86e14796cadbe1cfbf08";
src = fetchFromGitHub ({
owner = "chisui";
repo = "zsh-nix-shell";
rev = "af6f8a266ea1875b9a3e86e14796cadbe1cfbf08";
fetchSubmodules = false;
sha256 = "sha256-BjgMhILEL/qdgfno4LR64LSB8n9pC9R+gG7IQWwgyfQ=";
});
}; };
} }

View file

@ -2,3 +2,47 @@
[manix] [manix]
src.git = "https://github.com/mlvzk/manix" src.git = "https://github.com/mlvzk/manix"
fetch.github = "mlvzk/manix" fetch.github = "mlvzk/manix"
[ohmyzsh]
src.git = "https://github.com/ohmyzsh/ohmyzsh"
fetch.github = "ohmyzsh/ohmyzsh"
[powerlevel10k]
src.git = "https://github.com/romkatv/powerlevel10k"
fetch.github = "romkatv/powerlevel10k"
[F-Sy-H]
src.git = "https://github.com/z-shell/F-Sy-H"
fetch.github = "z-shell/F-Sy-H"
[zsh-nix-shell]
src.git = "https://github.com/chisui/zsh-nix-shell"
fetch.github = "chisui/zsh-nix-shell"
[rnix-lsp-nvfetcher]
src.git = "https://github.com/nix-community/rnix-lsp"
fetch.github = "nix-community/rnix-lsp"
[vimagit-nvfetcher]
src.git = "https://github.com/jreybert/vimagit"
fetch.github = "jreybert/vimagit"
[instant-nvim-nvfetcher]
src.git = "https://github.com/jbyuki/instant.nvim"
fetch.github = "jbyuki/instant.nvim"
[vim-caddyfile-nvfetcher]
src.git = "https://github.com/isobit/vim-caddyfile"
fetch.github = "isobit/vim-caddyfile"
[vim-workspace-nvfetcher]
src.git = "https://github.com/thaerkh/vim-workspace"
fetch.github = "thaerkh/vim-workspace"
[vim-beautify-nvfetcher]
src.git = "https://github.com/zeekay/vim-beautify"
fetch.github = "zeekay/vim-beautify"
[vim-apprentice-nvfetcher]
src.git = "https://github.com/romainl/Apprentice"
fetch.github = "romainl/Apprentice"

View file

@ -25,7 +25,7 @@ in
]; ];
initialHashedPassword = if psCfg.user.password != null then psCfg.user.password else ""; initialHashedPassword = if psCfg.user.password != null then psCfg.user.password else "";
shell = pkgs.zsh; shell = pkgs.zsh;
openssh.authorizedKeys.keyFiles = if psCfg.user.publicKeys != null then psCfg.user.publicKeys else [ ]; openssh.authorizedKeys.keys = if psCfg.user.publicKeys != null then psCfg.user.publicKeys else [ ];
}; };
}; };
} }

View file

@ -28,21 +28,6 @@ in
# override for our own welcome # override for our own welcome
devshell.name = pkgs.lib.mkForce "PubSolarOS"; devshell.name = pkgs.lib.mkForce "PubSolarOS";
# tempfix: remove when merged https://github.com/numtide/devshell/pull/123
devshell.startup.load_profiles = pkgs.lib.mkForce (pkgs.lib.noDepEntry ''
# PATH is devshell's exorbitant privilige:
# fence against its pollution
_PATH=''${PATH}
# Load installed profiles
for file in "$DEVSHELL_DIR/etc/profile.d/"*.sh; do
# If that folder doesn't exist, bash loves to return the whole glob
[[ -f "$file" ]] && source "$file"
done
# Exert exorbitant privilige and leave no trace
export PATH=''${_PATH}
unset _PATH
'');
commands = with pkgs; [ commands = with pkgs; [
(devos nix) (devos nix)
(devos agenix) (devos agenix)