pub-solar/os
5
0
Fork 2
Code Issues 4 Pull requests Packages Projects 1 Releases Wiki Activity

Merge branch 'teutat3s-init-fae' into teutat3s

Browse source
This commit is contained in:
teutat3s 2022-02-25 13:34:48 +01:00
parent 23af3da5f3 a188dc9c6e
commit 8958a2df72
Signed by: teutat3s
GPG key ID: 4FA1D3FA524F22C1
68 changed files with 880 additions and 471 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

79
.drone.yml
View file

@ -82,8 +82,85 @@ steps:
password:
from_secret: matrix_password
template: "Upstreaming {{ build.status }} [{{ build.branch }}#{{ truncate build.commit 8 }}]({{ build.link }}) by {{ build.author }}. [Pull requests](https://git.b12f.io/pub-solar/os/pulls)"
trigger:
event:
- cron
---
kind: pipeline
type: docker
name: Check
steps:
- name: "Check"
image: nixpkgs/nix-flakes:nixos-21.05
when:
event:
- pull_request
- tag
commands:
- echo "" >> /etc/nix/nix.conf
- echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf
- echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf
- echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf
# Currently broken
#- nix -Lv flake check
- nix -Lv build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel"
- nix -Lv develop -c echo OK
- nix -Lv develop --command bud --help
---
kind: pipeline
type: docker
name: Publish ISO
steps:
- name: "Build ISO"
image: nixpkgs/nix-flakes:nixos-21.05
volumes:
- name: nix-store
path: /var/nix/iso-cache
commands:
- echo "" >> /etc/nix/nix.conf
- echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf
- echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf
- echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf
- nix -Lv develop --command bud build bootstrap bootstrapIso
- cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/
- name: "Publish ISO"
image: appleboy/drone-scp
volumes:
- name: nix-store
path: /var/nix/iso-cache
settings:
host:
from_secret: ssh_host
user:
from_secret: ssh_user
port:
from_secret: ssh_port
key:
from_secret: ssh_key
target: /var/www/pub.solar
source:
- /var/nix/iso-cache/*.iso
strip_components: 3
trigger:
event:
- push
branch:
- feature/basic-iso
volumes:
- name: nix-store
host:
path: "/var/nix/iso-cache"
---
kind: signature
hmac: 07d9a95e8f577483d753e9eea76229ffe0c369ecd642bfc364ae183f662d2167
hmac: 539937d723b620778939dcac3819b0f6a4c396f1c477a2783ae3fb6feab0f4d7
...

12
.envrc
View file

@ -1,2 +1,10 @@
watch_file shell/* flake.nix
use flake || use nix
# reload when these files change
watch_file flake.nix
watch_file shell.nix
{
# shell gc root dir
mkdir -p "$(direnv_layout_dir)"
eval "$(nix print-dev-env --profile $(direnv_layout_dir)/flake-profile)"
} || use nix

13
README.md
View file

@ -58,14 +58,15 @@ following giants][giants]:
- [devshell](https://github.com/numtide/devshell)
## Divnix
The divnix org is an open space that spontaniously formed out of "the Nix".
It is really just a place where otherwise unrelated people a) get
together and b) stuff done.
The divnix org is an open space that spontaneously formed out of "the Nix".
It is really just a place where otherwise unrelated people work
together and get stuff done.
It's a place to stop "geeking out in isolation" (or within company boundaries),
experiment and learn together and iterate quickly on best practices. That's what it is.
It's a place to stop "geeking out in isolation" (or within company boundaries).
A place to experiment, learn together, and iterate quickly on best practices.
That's what it is.
It might eventually become a non-profit if that's not too complicated or if those
It might eventually become a non-profit if that's not too complicated or, if those
goals are sufficiently upstreamed into "the Nix", dissolved.
# License

2
doc/secrets.md
View file

@ -14,7 +14,7 @@ to easily setup those secret files declaratively.
[agenix][agenix] encrypts secrets and stores them as .age files in your repository.
Age files are encrypted with multiple ssh public keys, so any host or user with a
matching ssh private key can read the data. The [age module][age module] will add those
encrypted files to the nix store and decrypt them on activation to `/run/secrets`.
encrypted files to the nix store and decrypt them on activation to `/run/agenix`.
### Setup
All hosts must have openssh enabled, this is done by default in the core profile.

279
flake.lock
View file

@ -7,11 +7,11 @@
]
},
"locked": {
"lastModified": 1637793790,
"narHash": "sha256-oPXavjxETEWGXq8g7kQHyRLKUmLX2yPtGn+t3V0mrTY=",
"lastModified": 1641576265,
"narHash": "sha256-G4W39k5hdu2kS13pi/RhyTOySAo7rmrs7yMUZRH0OZI=",
"owner": "ryantm",
"repo": "agenix",
"rev": "f85eea0e29fa9a8924571d0e398215e175f80d55",
"rev": "08b9c96878b2f9974fc8bde048273265ad632357",
"type": "github"
},
"original": {
@ -27,11 +27,11 @@
"poetry2nix": "poetry2nix"
},
"locked": {
"lastModified": 1630693543,
"narHash": "sha256-7Sly3ReaJZw60Qo0rpfN4jF6zy94nwQz6ENgUUFzJfg=",
"lastModified": 1641830469,
"narHash": "sha256-uhDmgNP/biOWe4FtOa6c2xZnREH+NP9rdrMm0LccRUk=",
"owner": "lovesegfault",
"repo": "beautysh",
"rev": "5609593961b70428f58d5c1b4b25cdda43b0d0bd",
"rev": "e85d9736927c0fcf2abb05cb3a2d8d9b4502a2eb",
"type": "github"
},
"original": {
@ -67,11 +67,11 @@
]
},
"locked": {
"lastModified": 1640836100,
"narHash": "sha256-My9Lay6BCDwAZgrL4SuVXHkYPHIU7ypnuiS/pd7eg1M=",
"lastModified": 1642035816,
"narHash": "sha256-1Lq5c1AeUv/1SK08+O704JVfDdD/zodHzA0cv0TIga8=",
"owner": "divnix",
"repo": "bud",
"rev": "b1d8ab3970f4dfb5fb90d7d8a9ab493c75d031fc",
"rev": "a789d710851441ba7e7cd59be378623b1fe05688",
"type": "github"
},
"original": {
@ -87,11 +87,11 @@
]
},
"locked": {
"lastModified": 1634994402,
"narHash": "sha256-xmlCVVOYGpZoxgOqsDOVF0B0ASrnbNGVAEzID9qh2xo=",
"lastModified": 1642495030,
"narHash": "sha256-u1ZlFbLWzkM6zOfuZ1tr0tzTuDWucOYwALPWDWLorkE=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "44da835ac40dab5fd231298b59d83487382d2fab",
"rev": "bcdb6022b3a300abf59cb5d0106c158940f5120e",
"type": "github"
},
"original": {
@ -102,7 +102,6 @@
},
"deploy": {
"inputs": {
"fenix": "fenix",
"flake-compat": "flake-compat",
"nixpkgs": [
"nixos"
@ -110,15 +109,15 @@
"utils": "utils"
},
"locked": {
"lastModified": 1637357482,
"narHash": "sha256-mMRxOlcQs3V9cZYsKGKWEjl+oqclhaH1SKT3QGeTQ0Q=",
"owner": "input-output-hk",
"lastModified": 1643787431,
"narHash": "sha256-8IwuVgXulRE3ZWq6z8mytarawC32pKPKR20EyDtSH+w=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "5a6db26726ec8c7904aea5bcdf13589342386f9d",
"rev": "4154ba1aaaf7333a916384c348d867d03b6f1409",
"type": "github"
},
"original": {
"owner": "input-output-hk",
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
@ -172,25 +171,6 @@
"type": "github"
}
},
"fenix": {
"inputs": {
"nixpkgs": "nixpkgs_3",
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1637303083,
"narHash": "sha256-e2A5JBjxYNpjoGd53K0oVUUaS9ojwOT5rnThyPNS46M=",
"owner": "nix-community",
"repo": "fenix",
"rev": "8294ceadbbbe1a886640bfcc15f5a02a2b471955",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "fenix",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
@ -225,11 +205,11 @@
},
"flake-utils": {
"locked": {
"lastModified": 1623875721,
"narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=",
"lastModified": 1631561581,
"narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "f7e004a55b120c02ecb6219596820fcd32ca8772",
"rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19",
"type": "github"
},
"original": {
@ -288,11 +268,26 @@
},
"flake-utils_4": {
"locked": {
"lastModified": 1631561581,
"narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=",
"lastModified": 1638122382,
"narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19",
"rev": "74f7e4319258e287b0f9cb95426c9853b282730b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_5": {
"locked": {
"lastModified": 1638122382,
"narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "74f7e4319258e287b0f9cb95426c9853b282730b",
"type": "github"
},
"original": {
@ -323,22 +318,6 @@
}
},
"latest": {
"locked": {
"lastModified": 1638198142,
"narHash": "sha256-plU9b8r4St6q4U7VHtG9V7oF8k9fIpfXl/KDaZLuY9k=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "8a308775674e178495767df90c419425474582a1",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"latest_2": {
"locked": {
"lastModified": 1643347846,
"narHash": "sha256-O0tyXF//ppRpe9yT1Uu5n34yI2MWDyY6ZiJ4Qn5zIkE=",
@ -354,6 +333,38 @@
"type": "github"
}
},
"latest_2": {
"locked": {
"lastModified": 1645433236,
"narHash": "sha256-4va4MvJ076XyPp5h8sm5eMQvCrJ6yZAbBmyw95dGyw4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "7f9b6e2babf232412682c09e57ed666d8f84ac2d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"master": {
"locked": {
"lastModified": 1645740083,
"narHash": "sha256-re4GMWyI5zN6+daJv5ejFi22Bm77jf82iEZA6HHWRAc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "cb7aad71e54deaaea8cb02c7303f3e081c10a7f8",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"naersk": {
"inputs": {
"nixpkgs": [
@ -361,11 +372,11 @@
]
},
"locked": {
"lastModified": 1638203339,
"narHash": "sha256-Sz3iCvbWrVWOD/XfYQeRJgP/7MVYL3/VKsNXvDeWBFc=",
"lastModified": 1639947939,
"narHash": "sha256-pGsM8haJadVP80GFq4xhnSpNitYNQpaXk4cnA796Cso=",
"owner": "nmattia",
"repo": "naersk",
"rev": "c3e56b8a4ffb6d906cdfcfee034581f9a8ece571",
"rev": "2fc8ce9d3c025d59fee349c1f80be9785049d653",
"type": "github"
},
"original": {
@ -374,6 +385,27 @@
"type": "github"
}
},
"nix-dram": {
"inputs": {
"flake-utils": "flake-utils_4",
"nixpkgs": [
"latest"
]
},
"locked": {
"lastModified": 1644066500,
"narHash": "sha256-15PCSlsvYQOwJ+Jvp9evrBiun4pquPAh5VZAUO5whcw=",
"owner": "dramforever",
"repo": "nix-dram",
"rev": "579d5a3db2cb4726653a0916e0f210dbb84cb0a5",
"type": "github"
},
"original": {
"owner": "dramforever",
"repo": "nix-dram",
"type": "github"
}
},
"nixlib": {
"locked": {
"lastModified": 1641688481,
@ -389,32 +421,13 @@
"type": "github"
}
},
"nix-dram": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1628492639,
"narHash": "sha256-ffF/oEhLs/stAsXXobruKHyH9jnMC2rt/SM3ASrs2U8=",
"owner": "dramforever",
"repo": "nix-dram",
"rev": "fba426108ea6bdeb1e362bac9da06cbd33726f41",
"type": "github"
},
"original": {
"owner": "dramforever",
"repo": "nix-dram",
"type": "github"
}
},
"nixos": {
"locked": {
"lastModified": 1643463207,
"narHash": "sha256-W0azAxucUq84BvWqDPt3gX8kyc8wYvGUynZV9COfByQ=",
"lastModified": 1645488570,
"narHash": "sha256-29Fvczhd20K3ol0wbQrFlsUiYUDoGnpOR2XJTdrRnZA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "03098169624f487eef37186b3214c40e6b6e919d",
"rev": "491ad20776074706da6befe0cb8334f2df23fc00",
"type": "github"
},
"original": {
@ -427,10 +440,7 @@
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": [
"digga",
"blank"
]
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1637655461,
@ -448,11 +458,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1638182287,
"narHash": "sha256-vBzf+hbTJz2ZdXV/DWirl6wOO7tjdqzTIU+0FANt65U=",
"lastModified": 1641965797,
"narHash": "sha256-AfxfIzAZbt9aAzpVBn0Bwhd/M4Wix7G91kEjm9H6FPo=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "6b3f79de09c3de7c91ab51e55e87879f61b6faec",
"rev": "87a35a0d58f546dc23f37b4f6af575d0e4be6a7a",
"type": "github"
},
"original": {
@ -463,11 +473,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1643428210,
"narHash": "sha256-ympCeHuXeGitpnegE0raAtWLNg3vZbjj5QbbMvvBGCQ=",
"lastModified": 1633971123,
"narHash": "sha256-WmI4NbH1IPGFWVkuBkKoYgOnxgwSfWDgdZplJlQ93vA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e1b353e890801a759efe9a4c42f6984e47721f0d",
"rev": "e4ef597edfd8a0ba5f12362932fc9b1dd01a0aef",
"type": "github"
},
"original": {
@ -479,11 +489,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1643513770,
"narHash": "sha256-Q64SabfQLuhHQfhpIHS/fLCEO2NUFnI+EKsB5GnfWh8=",
"lastModified": 1643634174,
"narHash": "sha256-LpfTneNuLmXuTyR4hPXtr92g1YAZymJUQxdHjTCi79w=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "66ab3568d67b90275c0720aae8b911bad82c24fe",
"rev": "589235201f2e0717bee4915bffff5330fa00ff41",
"type": "github"
},
"original": {
@ -494,28 +504,43 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1636976544,
"narHash": "sha256-9ZmdyoRz4Qu8bP5BKR1T10YbzcB9nvCeQjOEw2cRKR0=",
"owner": "nixos",
"lastModified": 1644972330,
"narHash": "sha256-6V2JFpTUzB9G+KcqtUR1yl7f6rd9495YrFECslEmbGw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "931ab058daa7e4cd539533963f95e2bb0dbd41e6",
"rev": "19574af0af3ffaf7c9e359744ed32556f34536bd",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1643381941,
"narHash": "sha256-pHTwvnN4tTsEKkWlXQ8JMY423epos8wUOhthpwJjtpc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5efc8ca954272c4376ac929f4c5ffefcc20551d5",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"locked": {
"lastModified": 1638231901,
"narHash": "sha256-XzuvFTmsXULdWynQWzgaPHikepNhjEpK4o5WXfmRqek=",
"owner": "nix-community",
"repo": "NUR",
"rev": "4e68fb3d8f48e91196deb13f44bcfb421da25afb",
"type": "github"
"lastModified": 1626378135,
"narHash": "sha256-koC6DBYmLCrgXA+AMHVaODf1uHYPmvcFygHfy3eg6vI=",
"path": "/nix/store/6mfkswqi67m35qwv0vh7kpk8rypbl2rq-source",
"rev": "00c2ec8f0bbdf0cfb2135bde55fbae5d6b64aa6d",
"type": "path"
},
"original": {
"id": "nur",
@ -525,17 +550,17 @@
"nvfetcher": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_4",
"flake-utils": "flake-utils_5",
"nixpkgs": [
"nixos"
]
},
"locked": {
"lastModified": 1634524567,
"narHash": "sha256-v9ZTZj1WNQaaVfs1P1mUPuh518mmwpqszj1EjdeGUmc=",
"lastModified": 1643518077,
"narHash": "sha256-FHhKjrPxvCv1aywLeqJi3kARDql7cwaj2jcpWp42Xhw=",
"owner": "berberman",
"repo": "nvfetcher",
"rev": "807513f4bbd0e3b5863f4c3b91f8ac846ed6da9b",
"rev": "1b4adc9dac4c5f2c3ce14fdaf2702f9ce6bec491",
"type": "github"
},
"original": {
@ -550,11 +575,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1625240517,
"narHash": "sha256-2E1gaOP+bCplhf3kliVQWK5N1NV2h06mkJk2KTiRTJQ=",
"lastModified": 1633382856,
"narHash": "sha256-hYlet806M9xJj4yxf0g5fhDT2IEUVIMAl7sqIeZ8DUM=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "e40e8ed0e8c11e709e4c8c7c20174facd265a021",
"rev": "705cbfa10e3d9bfed2e59e0256844ae3704dbd7e",
"type": "github"
},
"original": {
@ -572,35 +597,15 @@
"digga": "digga",
"home": "home",
"latest": "latest_2",
"master": "master",
"naersk": "naersk",
"nix-dram": "nix-dram",
"nixlib": [
"digga",
"nixlib"
],
"nixos": "nixos",
"nixos-hardware": "nixos-hardware",
"nur": "nur",
"nvfetcher": "nvfetcher"
}
},
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1637268320,
"narHash": "sha256-lxB1r+7cmZisiGLx0tZ2LaC6X/EcQTbRIWZfnLIIgs4=",
"owner": "rust-analyzer",
"repo": "rust-analyzer",
"rev": "f0da9406bcbde1bc727242b481d8de825e84f59a",
"type": "github"
},
"original": {
"owner": "rust-analyzer",
"ref": "nightly",
"repo": "rust-analyzer",
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1637014545,

36
flake.nix
View file

@ -9,6 +9,7 @@
{
nixos.url = "github:nixos/nixpkgs/release-21.11";
latest.url = "github:nixos/nixpkgs/nixos-unstable";
master.url = "github:nixos/nixpkgs/master";
digga.url = "github:divnix/digga";
digga.inputs.nixpkgs.follows = "nixos";
@ -26,7 +27,7 @@
darwin.url = "github:LnL7/nix-darwin";
darwin.inputs.nixpkgs.follows = "nixos";
deploy.url = "github:input-output-hk/deploy-rs";
deploy.url = "github:serokell/deploy-rs";
deploy.inputs.nixpkgs.follows = "nixos";
agenix.url = "github:ryantm/agenix";
@ -42,6 +43,7 @@
# PubSolarOS additions
nix-dram.url = "github:dramforever/nix-dram";
nix-dram.inputs.nixpkgs.follows = "latest";
};
outputs =
@ -64,6 +66,8 @@
channelsConfig = { allowUnfree = true; };
supportedSystems = [ "x86_64-linux" "aarch64-linux" ];
channels = {
nixos = {
imports = [ (digga.lib.importOverlays ./overlays) ];
@ -71,11 +75,11 @@
nur.overlay
agenix.overlay
nvfetcher.overlay
nix-dram.overlay
./pkgs/default.nix
];
};
latest = { };
master = { };
};
lib = import ./lib { lib = digga.lib // nixos.lib; };
@ -107,18 +111,21 @@
imports = [ (digga.lib.importHosts ./hosts) ];
hosts = {
/* set host specific properties here */
NixOS = { };
PubSolarOS = { };
fae = {
system = "aarch64-linux";
};
};
importables = rec {
profiles = digga.lib.rakeLeaves ./profiles // {
users = digga.lib.rakeLeaves ./users;
};
suites = with profiles; rec {
base = [ core users.nixos users.root ];
pubsolaros = [ core base-user users.root ];
anonymous = [ pubsolaros users.nixos ];
base = [ core users.pub-solar users.root ];
iso = base ++ [ base-user graphical pub-solar-iso ];
pubsolaros = [ core full-install base-user users.root ];
anonymous = [ pubsolaros users.pub-solar ];
teutat3s = pubsolaros ++ [ users.teutat3s ];
con = teutat3s ++ [ graphical ];
dumpyourvms = teutat3s ++ [ graphical ];
ryzensun = teutat3s ++ [ graphical ];
};
@ -135,7 +142,7 @@
};
};
users = {
nixos = { suites, ... }: { imports = suites.base; };
pub-solar = { suites, ... }: { imports = suites.base; };
teutat3s = { suites, ... }: { imports = suites.base; };
}; # digga.lib.importers.rakeLeaves ./users/hm;
};
@ -144,7 +151,18 @@
homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations;
deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations { };
deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations {
fae = {
hostname = "fae.fritz.box:22";
sshUser = "pub-solar";
fastConnect = true;
profilesOrder = [ "system" "direnv" ];
profiles.direnv = {
user = "pub-solar";
path = deploy.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.pub-solar;
};
};
};
defaultTemplate = self.templates.bud;
templates.bud.path = ./.;

5
hosts/PubSolarOS.nix
View file

@ -1,7 +1,10 @@
{ suites, ... }:
{
### root password is empty by default ###
imports = suites.base;
### default password: pub-solar, optional: add your SSH keys
imports =
suites.iso
;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;

5
hosts/bootstrap.nix
View file

@ -8,7 +8,10 @@
# profiles.networking
profiles.core
profiles.users.root # make sure to configure ssh keys
profiles.users.nixos
profiles.users.pub-solar
profiles.base-user
profiles.graphical
profiles.pub-solar-iso
];
boot.loader.systemd-boot.enable = true;

14
hosts/con/.config/sway/config.d/applications.conf
View file

@ -1,14 +0,0 @@
assign [app_id="firefox"] $ws2
# seahorse
for_window [title="seahorse"] floating enabled
# NetworkManager
for_window [title="Network Connections"] floating enabled
# thunderbird
for_window [title="New Task:*"] floating enabled
for_window [title="Edit Task:*"] floating enabled
for_window [title="New Event:*"] floating enabled
for_window [title="Edit Event:*"] floating enabled

6
hosts/con/.config/sway/config.d/autostart.conf
View file

@ -1,6 +0,0 @@
# Autostart applications
#
# Example:
# exec swayidle
#exec qMasterPassword

5
hosts/con/.config/sway/config.d/custom-keybindings.conf
View file

@ -1,5 +0,0 @@
# switch keyboard input language
bindsym $mod+tab exec swaymsg input "1:1:AT_Translated_Set_2_keyboard" xkb_switch_layout next
bindsym $mod+Shift+F2 exec chromium --enable-features=UseOzonePlatform --ozone-platform=wayland

35
hosts/con/.config/sway/config.d/input-defaults.conf
View file

@ -1,35 +0,0 @@
### Input configuration
#
# You can get the names of your inputs by running: swaymsg -t get_inputs
# Read `man 5 sway-input` for more information about this section.
input "type:keyboard" {
xkb_layout us,de
xkb_model pc105
xkb_options altwin:swap_alt_win
}
input "type:touchpad" {
tap enabled
natural_scroll enabled
}
# Touchpad controls
#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
# Screen brightness controls
bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')"
bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ { print $4}')"
# Keyboard backlight brightness controls
bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
# Pulse Audio controls
bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
# Media player controls
bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"

41
hosts/con/.config/sway/config.d/screens.conf
View file

@ -1,41 +0,0 @@
### Output configuration
#
# Example configuration:
#
# output HDMI-A-1 resolution 1920x1080 position 1920,0
#
# You can get the names of your outputs by running: swaymsg -t get_outputs
set $main_screen eDP-1
set $displayport DP-1
set $hmdi HDMI-A-1
output $main_screen
output $displayport scale 2
output $hdmi scale 1
output $main_screen pos 0 1080
output $displayport pos 0 0
output $hdmi pos 1920 0
#bindswitch lid:on output $main_screen disable
#bindswitch lid:off output $main_screen enable
bindsym $mod+Shift+x output $main_screen toggle
# TODO when using more monitors
## Manual management of external displays
# Set the shortcuts and what they do
#set $mode_display HDMI (i) top, (j) left, (k) bottom, (l) right, (o) off
#mode "$mode_display" {
# bindsym i output HDMI-A-1 enable; output HDMI-A-1 pos 0 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 1080, mode "default"
# bindsym j output HDMI-A-1 enable; output HDMI-A-1 pos 0 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 1920 0, mode "default"
# bindsym k output HDMI-A-1 enable; output HDMI-A-1 pos 0 900 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 0, mode "default"
# bindsym l output HDMI-A-1 enable; output HDMI-A-1 pos 1440 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 0, mode "default"
# bindsym o output HDMI-A-1 disable, mode "default"
#
# # back to normal: Enter or Escape
# bindsym Return mode "default"
# bindsym Escape mode "default"
#}
## Declare here the shortcut to bring the display selection menu
#bindsym $mod+x mode "$mode_display"

40
hosts/con/con.nix
View file

@ -1,40 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in
{
imports = [
./hardware-configuration.nix
];
config = {
pub-solar.x-os.keyfile = "/etc/nixos/hosts/con/secrets/keyfile.bin";
pub-solar.nextcloud.enable = mkForce false;
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
home.sessionVariables = {
DOCKER_BUILDKIT = "1";
};
# Custom device sway configs
xdg.configFile = mkIf psCfg.sway.enable {
"sway/config.d/10-applications.conf".source = ./.config/sway/config.d/applications.conf;
"sway/config.d/autostart.conf".source = ./.config/sway/config.d/autostart.conf;
"sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
"sway/config.d/input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
"sway/config.d/screens.conf".source = ./.config/sway/config.d/screens.conf;
};
};
networking.hosts = {
"127.0.0.1" = [
"virtrex.test"
"api.virtrex.test"
"expo.test"
"proxy.test"
"dachfensterkonfigurator.test"
"handwerker.velux.test"
];
};
};
}

6
hosts/con/default.nix
View file

@ -1,6 +0,0 @@
{ suites, ... }:
{
imports = [
./con.nix
] ++ suites.con;
}

34
hosts/con/hardware-configuration.nix
View file

@ -1,34 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/382ae29a-ed0d-4e18-99db-6efb6afaae64";
fsType = "ext4";
};
boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/fb2f9ace-ce72-4b0d-b8b5-a8792d374f3c";
fileSystems."/boot/efi" =
{
device = "/dev/disk/by-uuid/6BD6-50D2";
fsType = "vfat";
};
swapDevices = [ ];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}

2
hosts/dumpyourvms/.config/sway/config.d/applications.conf
View file

@ -4,7 +4,7 @@ assign [app_id="firefox"] $ws2
for_window [title="seahorse"] floating enabled
# NetworkManager
for_window [title="Network Connections"] floating enabled
for_window [app_id="nm-connection-editor"] floating enabled
# thunderbird
for_window [title="New Task:*"] floating enabled

12
hosts/dumpyourvms/dumpyourvms.nix
View file

@ -17,12 +17,17 @@ in
};
pub-solar.virtualisation.enable = true;
pub-solar.audio.mopidy.enable = lib.mkForce false;
# fix backlight for keyboard and brightness, adjust function key binding
# fix backlight for keyboard and brightness, adjust function key binding,
# intel_pstate for cpu schedutil, resume offset for swapfile, disable amdgpu driver
boot.kernelParams = [ "acpi_backlight=video" "hid_apple.fnmode=2" "intel_pstate=passive" "resume_offset=47366144" ];
boot.loader.efi.canTouchEfiVariables = true;
boot.resumeDevice = "/dev/mapper/cryptroot";
boot.kernelPackages = pkgs.linuxPackages_5_15;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
systemd.sleep.extraConfig = ''
HibernateMode=shutdown
'';
@ -43,8 +48,8 @@ in
# https://ubuntuforums.org/showthread.php?t=2409856
services.cron.systemCronJobs = [
"@reboot root ${pkgs.util-linux}/bin/rfkill block bluetooth"
"@reboot root ${pkgs.coreutils}/bin/echo OFF > /sys/kernel/debug/vgaswitcheroo/switch"
"@reboot root ${pkgs.coreutils}/bin/echo 510 > /sys/class/backlight/gmux_backlight/brightness"
"@reboot root ${pkgs.coreutils}/bin/sleep 10; ${pkgs.coreutils}/bin/echo OFF > /sys/kernel/debug/vgaswitcheroo/switch"
"@reboot root ${pkgs.coreutils}/bin/sleep 11; ${pkgs.coreutils}/bin/echo 510 > /sys/class/backlight/gmux_backlight/brightness"
];
# Increase console font size for HiDPI display
@ -116,7 +121,6 @@ in
hardware.firmware = with pkgs; [ wireless-regdb ];
boot.extraModprobeConfig = ''
options cfg80211 ieee80211_regdom="DE"
blacklist amdgpu
'';
# This value determines the NixOS release from which the default

4
hosts/dumpyourvms/networking.nix
View file

@ -1,8 +1,8 @@
{
hosts = {
"10.0.0.42" = [ "nomad.service.consul" ];
"10.0.0.48" = [ "consul.service.consul" ];
"10.0.0.49" = [ "vault.service.consul" ];
"10.0.0.66" = [ "consul.service.consul" ];
"10.0.0.67" = [ "vault.service.consul" ];
"10.0.0.200" = [ "headnode.cgn-1" ];
"10.0.0.201" = [ "cn01.cgn-1" ];
"10.0.0.202" = [ "cn02.cgn-1" ];

2
hosts/dumpyourvms/unbound.nix
View file

@ -30,13 +30,11 @@
forward-addr = [
"5.1.66.255@853#dot.ffmuc.net"
"185.150.99.255@853#dot.ffmuc.net"
"145.100.185.18@853#dnsovertls3.sinodun.com"
"89.233.43.71@853#unicast.censurfridns.dk"
"94.130.110.185@853#ns1.dnsprivacy.at"
"2001:678:e68:f000::@853#dot.ffmuc.net"
"2001:678:ed0:f000::@853#dot.ffmuc.net"
"2001:610:1:40ba:145:100:185:18@853#dnsovertls3.sinodun.com"
"2a01:3a0:53:53::0@853#unicast.censurfridns.dk"
"2a01:4f8:c0c:3c03::2@853#ns1.dnsprivacy.at"
"2a01:4f8:c0c:3bfc::2@853#ns2.dnsprivacy.at"

85
hosts/fae.nix Normal file
View file

@ -0,0 +1,85 @@
{ config, lib, pkgs, profiles, ... }:
{
imports = [
# profiles.networking
#profiles.core
"${fetchTarball {
url = "https://github.com/NixOS/nixos-hardware/archive/8f1bf828d8606fe38a02df312cf14546ae200a72.tar.gz";
sha256 = "11milap153g3f63fcrcv4777vd64f7wlfkk9p3kpxi6dqd2sxvh4";
}
}/raspberry-pi/4"
profiles.users.root # make sure to configure ssh keys
profiles.users.pub-solar
profiles.base-user
profiles.pub-solar-iso
];
config = {
pub-solar.x-os.iso-options.enable = true;
fileSystems = {
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
options = [ "noatime" ];
};
};
environment.systemPackages = with pkgs; [
(kodi-gbm.withPackages (p: with p; [ jellyfin netflix youtube ]))
];
services.openssh.enable = true;
networking.firewall = {
allowedTCPPorts = [ 8080 ];
allowedUDPPorts = [ 8080 ];
};
security.sudo.extraConfig = lib.mkAfter ''
%wheel ALL=(ALL) NOPASSWD:ALL
'';
nix = {
autoOptimiseStore = true;
gc.automatic = true;
optimise.automatic = true;
useSandbox = true;
allowedUsers = [ "@wheel" ];
trustedUsers = [ "root" "@wheel" ];
extraOptions = ''
min-free = 536870912
keep-outputs = true
keep-derivations = true
fallback = true
'';
};
# Enable GPU acceleration
hardware.raspberry-pi."4".fkms-3d.enable = true;
# Define a user account for kodi
users.extraUsers.kodi.isNormalUser = true;
services.xserver = {
enable = true;
desktopManager.kodi.enable = true;
desktopManager.kodi.package = pkgs.kodi-gbm;
displayManager = {
autoLogin.enable = true;
autoLogin.user = "kodi";
};
};
hardware.pulseaudio.enable = true;
# custom raspi boot loader is already present
boot.loader.systemd-boot.enable = lib.mkForce false;
};
}

2
lib/compat/nixos/default.nix
View file

@ -2,7 +2,7 @@
let
inherit (default.inputs.nixos) lib;
host = configs.${hostname} or configs.NixOS;
host = configs.${hostname} or configs.PubSolarOS;
configs = default.nixosConfigurations;
default = (import ../.).defaultNix;
hostname = lib.fileContents /etc/hostname;

10
modules/audio/default.nix
View file

@ -8,6 +8,8 @@ in
{
options.pub-solar.audio = {
enable = mkEnableOption "Life in highs and lows";
mopidy.enable = mkEnableOption "Life with mopidy";
bluetooth.enable = mkEnableOption "Life with bluetooth";
};
config = mkIf cfg.enable {
@ -43,7 +45,7 @@ in
config.pipewire-pulse = builtins.fromJSON (builtins.readFile ./pipewire-pulse.conf.json);
# Bluetooth configuration for pipewire
media-session.config.bluez-monitor.rules = [
media-session.config.bluez-monitor.rules = mkIf cfg.bluetooth.enable [
{
# Matches all cards
matches = [{ "device.name" = "~bluez_card.*"; }];
@ -70,10 +72,10 @@ in
};
# Enable bluetooth
hardware.bluetooth.enable = true;
services.blueman.enable = true;
hardware.bluetooth.enable = mkIf cfg.bluetooth.enable true;
services.blueman.enable = mkIf cfg.bluetooth.enable true;
# Enable audio server & client
services.mopidy = import ./mopidy.nix pkgs;
services.mopidy = mkIf cfg.mopidy.enable ((import ./mopidy.nix) pkgs);
};
}

3
modules/devops/default.nix
View file

@ -15,7 +15,8 @@ in
drone-cli
nmap
pgcli
python38Packages.ansible
ansible
ansible-lint
restic
shellcheck
terraform_0_15

17
modules/graphical/alacritty.nix
View file

@ -106,6 +106,23 @@
cursor = "0xe3e1e4";
};
# Colors used for the search bar and match highlighting.
search = {
# Allowed values are CellForeground/CellBackground, which reference the
# affected cell, or hexadecimal colors like #ff00ff.
matches = {
foreground = "0xe5c463";
background = "0x1a181a";
};
focused_match = {
foreground = "0xe5c463";
background = "0xe3e1e4";
};
#bar =
# background = "#c5c8c6";
# foreground = "#1d1f21";
};
# Normal colors
normal = {
black = "0x1a181a";

1
modules/graphical/default.nix
View file

@ -92,6 +92,7 @@ in
gnome3.adwaita-icon-theme
gnome.eog
gnome3.nautilus
gnome.yelp
wine

19
modules/server/default.nix
View file

@ -1,19 +0,0 @@
{ lib, config, pkgs, ... }:
with lib;
let
psCfg = config.pub-solar;
cfg = config.pub-solar.server;
in
{
options.pub-solar.server = {
enable = mkEnableOption "Enable server options like sshd";
};
config = mkIf cfg.enable {
services.openssh = {
enable = true;
permitRootLogin = "no";
passwordAuthentication = false;
};
};
}

3
modules/social/default.nix
View file

@ -12,10 +12,9 @@ in
config = mkIf cfg.enable {
home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
home.packages = [
#mySignalDesktop
signal-desktop
tdesktop
element-desktop-wayland
element-desktop
irssi
];
};

2
modules/sway/config/config.d/custom-keybindings.conf
View file

@ -18,7 +18,7 @@ bindsym $mod+F2 exec firefox
bindsym $mod+F3 exec $term -e vifm
bindsym $mod+Shift+F3 exec gksu $term -e vifm
bindsym $mod+F4 exec nautilus -w
bindsym $mod+Shift+F4 exec signal-desktop --enable-features=UseOzonePlatform --ozone-platform=wayland
bindsym $mod+Shift+F4 exec signal-desktop
bindsym $mod+F5 exec $term -e 'mocp -C $XDG_CONFIG_DIR/mocp/config'
bindsym $mod+Shift+m exec mu
bindsym $mod+Shift+h exec xdg-open /usr/share/doc/manjaro/i3_help.pdf

12
modules/sway/default.nix
View file

@ -32,7 +32,17 @@ in
xdg.portal = {
enable = true;
extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-wlr ];
wlr = {
enable = true;
settings = {
screencast = {
max_fps = 30;
chooser_type = "simple";
chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or";
};
};
};
extraPortals = with pkgs; [ xdg-desktop-portal-gtk ];
gtkUsePortal = true;
};

4
modules/terminal-life/default.nix
View file

@ -18,7 +18,6 @@ in
environment.shells = with pkgs; [
zsh
];
environment.systemPackages = with pkgs; [
screen
];
@ -27,13 +26,16 @@ in
home.packages = [
ack
ag
asciinema
bat
exa
fd
gh
glow
mdbook-multilang
nnn
powerline
python-wiki-fetch
vifm
watson
];

5
modules/terminal-life/nvim/default.nix
View file

@ -74,9 +74,7 @@ in
nodePackages.typescript-language-server
nodePackages.vim-language-server
nodePackages.vue-language-server
nodePackages.vscode-css-languageserver-bin
nodePackages.vscode-html-languageserver-bin
nodePackages.vscode-json-languageserver-bin
nodePackages.vscode-langservers-extracted
nodePackages.yaml-language-server
python39Packages.python-lsp-server
python3Full
@ -131,6 +129,7 @@ in
vim-go
vim-javascript
vim-json
SchemaStore-nvim
vim-markdown
vim-nix
vim-ruby

36
modules/terminal-life/nvim/lsp.vim
View file

@ -33,24 +33,26 @@ lua <<EOF
buf_set_keymap('n', 'K', '<cmd>lua vim.lsp.buf.hover()<CR>', opts)
buf_set_keymap('n', 'gi', '<cmd>lua vim.lsp.buf.implementation()<CR>', opts)
buf_set_keymap('n', '<C-k>', '<cmd>lua vim.lsp.buf.signature_help()<CR>', opts)
buf_set_keymap('n', '<space>wa', '<cmd>lua vim.lsp.buf.add_workspace_folder()<CR>', opts)
buf_set_keymap('n', '<space>wr', '<cmd>lua vim.lsp.buf.remove_workspace_folder()<CR>', opts)
buf_set_keymap('n', '<space>wl', '<cmd>lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))<CR>', opts)
buf_set_keymap('n', '<space>D', '<cmd>lua vim.lsp.buf.type_definition()<CR>', opts)
buf_set_keymap('n', '<space>rn', '<cmd>lua vim.lsp.buf.rename()<CR>', opts)
buf_set_keymap('n', '<space>ca', '<cmd>lua vim.lsp.buf.code_action()<CR>', opts)
buf_set_keymap('n', '<leader>wa', '<cmd>lua vim.lsp.buf.add_workspace_folder()<CR>', opts)
buf_set_keymap('n', '<leader>wr', '<cmd>lua vim.lsp.buf.remove_workspace_folder()<CR>', opts)
buf_set_keymap('n', '<leader>wl', '<cmd>lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))<CR>', opts)
buf_set_keymap('n', '<leader>D', '<cmd>lua vim.lsp.buf.type_definition()<CR>', opts)
buf_set_keymap('n', '<leader>rn', '<cmd>lua vim.lsp.buf.rename()<CR>', opts)
buf_set_keymap('n', '<leader>ca', '<cmd>lua vim.lsp.buf.code_action()<CR>', opts)
buf_set_keymap('n', 'gr', '<cmd>lua vim.lsp.buf.references()<CR>', opts)
buf_set_keymap('n', '<space>e', '<cmd>lua vim.lsp.diagnostic.show_line_diagnostics()<CR>', opts)
buf_set_keymap('n', '[d', '<cmd>lua vim.lsp.diagnostic.goto_prev()<CR>', opts)
buf_set_keymap('n', ']d', '<cmd>lua vim.lsp.diagnostic.goto_next()<CR>', opts)
buf_set_keymap('n', '<space>q', '<cmd>lua vim.lsp.diagnostic.set_loclist()<CR>', opts)
buf_set_keymap('n', '<space>f', '<cmd>lua vim.lsp.buf.formatting()<CR>', opts)
buf_set_keymap('n', '<leader>e', '<cmd>lua vim.lsp.diagnostic.show_line_diagnostics()<CR>', opts)
buf_set_keymap('n', '<leader>dp', '<cmd>lua vim.lsp.diagnostic.goto_prev()<CR>', opts)
buf_set_keymap('n', '<leader>dn', '<cmd>lua vim.lsp.diagnostic.goto_next()<CR>', opts)
buf_set_keymap('n', '<leader>q', '<cmd>lua vim.lsp.diagnostic.set_loclist()<CR>', opts)
buf_set_keymap('n', '<leader>f', '<cmd>lua vim.lsp.buf.formatting()<CR>', opts)
end
-- Add additional capabilities supported by nvim-cmp
local capabilities = vim.lsp.protocol.make_client_capabilities()
capabilities = require('cmp_nvim_lsp').update_capabilities(capabilities)
-- vscode HTML lsp needs this https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html
capabilities.textDocument.completion.completionItem.snippetSupport = true
for lsp_key, lsp_settings in pairs({
'bashls', ------------------------------- Bash
@ -76,10 +78,14 @@ lua <<EOF
}
},
['jsonls'] = { -------------------------- JSON
['cmd'] = {"json-languageserver", "--stdio"}
['settings'] = {
['json'] = {
['schemas' ] = require('schemastore').json.schemas()
}
}
},
'phpactor', ----------------------------- PHP
'pylsp', --------------------------------- Python
'pylsp', -------------------------------- Python
'rnix', --------------------------------- Nix
'solargraph', --------------------------- Ruby
'rust_analyzer', ------------------------ Rust
@ -90,7 +96,6 @@ lua <<EOF
['filetypes'] = { "terraform", "hcl", "tf" }
},
'tsserver', ----------------------------- Typescript / JavaScript
'angularls', ---------------------------- Angular
'vuels', -------------------------------- Vue
'svelte', ------------------------------- Svelte
['yamlls'] = { -------------------------- YAML
@ -101,6 +106,7 @@ lua <<EOF
['https://json.schemastore.org/github-action'] = '.github/action.{yml,yaml}',
['https://json.schemastore.org/ansible-stable-2.9'] = 'roles/tasks/*.{yml,yaml}',
['https://json.schemastore.org/drone'] = '*.drone.{yml,yaml}',
['https://json.schemastore.org/swagger-2.0'] = 'swagger.{yml,yaml}',
}
}
}
@ -116,7 +122,7 @@ lua <<EOF
capabilities = capabilities,
}
else -- Use the LSP's configuration.
local on_attach_setting = lsp_settings.on_attach
local on_attach_setting = on_attach
lsp_settings.on_attach = function()
if on_attach_setting then on_attach_setting() end

99
modules/terminal-life/nvim/neovim-0.6.1.patch Normal file
View file

@ -0,0 +1,99 @@
diff --git a/modules/terminal-life/nvim/default.nix b/modules/terminal-life/nvim/default.nix
index e46c82e..02102c4 100644
--- a/modules/terminal-life/nvim/default.nix
+++ b/modules/terminal-life/nvim/default.nix
@@ -74,9 +74,7 @@ in
nodePackages.typescript-language-server
nodePackages.vim-language-server
nodePackages.vue-language-server
- nodePackages.vscode-css-languageserver-bin
- nodePackages.vscode-html-languageserver-bin
- nodePackages.vscode-json-languageserver-bin
+ nodePackages.vscode-langservers-extracted
nodePackages.yaml-language-server
python39Packages.python-lsp-server
python3Full
@@ -131,6 +129,7 @@ in
vim-go
vim-javascript
vim-json
+ SchemaStore-nvim
vim-markdown
vim-nix
vim-ruby
diff --git a/modules/terminal-life/nvim/lsp.vim b/modules/terminal-life/nvim/lsp.vim
index 1d5bf4d..83e5d8c 100644
--- a/modules/terminal-life/nvim/lsp.vim
+++ b/modules/terminal-life/nvim/lsp.vim
@@ -40,10 +40,10 @@ lua <<EOF
buf_set_keymap('n', '<space>rn', '<cmd>lua vim.lsp.buf.rename()<CR>', opts)
buf_set_keymap('n', '<space>ca', '<cmd>lua vim.lsp.buf.code_action()<CR>', opts)
buf_set_keymap('n', 'gr', '<cmd>lua vim.lsp.buf.references()<CR>', opts)
- buf_set_keymap('n', '<space>e', '<cmd>lua vim.lsp.diagnostic.show_line_diagnostics()<CR>', opts)
- buf_set_keymap('n', '[d', '<cmd>lua vim.lsp.diagnostic.goto_prev()<CR>', opts)
- buf_set_keymap('n', ']d', '<cmd>lua vim.lsp.diagnostic.goto_next()<CR>', opts)
- buf_set_keymap('n', '<space>q', '<cmd>lua vim.lsp.diagnostic.set_loclist()<CR>', opts)
+ buf_set_keymap('n', '<space>e', '<cmd>lua vim.diagnostic.open_float()<CR>', opts)
+ buf_set_keymap('n', 'g[', '<cmd>lua vim.diagnostic.goto_prev()<CR>', opts)
+ buf_set_keymap('n', 'g]', '<cmd>lua vim.diagnostic.goto_next()<CR>', opts)
+ buf_set_keymap('n', '<space>q', '<cmd>lua vim.diagnostic.setloclist()<CR>', opts)
buf_set_keymap('n', '<space>f', '<cmd>lua vim.lsp.buf.formatting()<CR>', opts)
end
@@ -51,6 +51,8 @@ lua <<EOF
-- Add additional capabilities supported by nvim-cmp
local capabilities = vim.lsp.protocol.make_client_capabilities()
capabilities = require('cmp_nvim_lsp').update_capabilities(capabilities)
+ -- vscode HTML lsp needs this https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html
+ capabilities.textDocument.completion.completionItem.snippetSupport = true
for lsp_key, lsp_settings in pairs({
'bashls', ------------------------------- Bash
@@ -76,10 +78,14 @@ lua <<EOF
}
},
['jsonls'] = { -------------------------- JSON
- ['cmd'] = {"json-languageserver", "--stdio"}
+ ['settings'] = {
+ ['json'] = {
+ ['schemas' ] = require('schemastore').json.schemas()
+ }
+ }
},
'phpactor', ----------------------------- PHP
- 'pylsp', --------------------------------- Python
+ 'pylsp', -------------------------------- Python
'rnix', --------------------------------- Nix
'solargraph', --------------------------- Ruby
'rust_analyzer', ------------------------ Rust
@@ -90,7 +96,6 @@ lua <<EOF
['filetypes'] = { "terraform", "hcl", "tf" }
},
'tsserver', ----------------------------- Typescript / JavaScript
- 'angularls', ---------------------------- Angular
'vuels', -------------------------------- Vue
'svelte', ------------------------------- Svelte
['yamlls'] = { -------------------------- YAML
@@ -126,6 +131,13 @@ lua <<EOF
end
end -- ‡
+ -- configure floating diagnostics appearance, symbols
+ local signs = { Error = " ", Warn = " ", Hint = " ", Info = " " }
+ for type, icon in pairs(signs) do
+ local hl = "DiagnosticSign" .. type
+ vim.fn.sign_define(hl, { text = icon, texthl = hl, numhl = hl })
+ end
+
-- Set completeopt to have a better completion experience
vim.o.completeopt = 'menuone,noselect'
@@ -184,7 +196,7 @@ let g:diagnostic_trimmed_virtual_text = '40'
let g:diagnostic_insert_delay = 1
" Show diagnostic popup on cursor hold
-autocmd CursorHold * lua vim.lsp.diagnostic.show_line_diagnostics({ focusable = false })
+autocmd CursorHold,CursorHoldI * lua vim.diagnostic.open_float(nil, { focus = false, scope = "cursor" })
" Goto previous/next diagnostic warning/error
" nnoremap <silent> g[ <cmd>PrevDiagnosticCycle<cr>

4
modules/terminal-life/nvim/plugins.vim
View file

@ -5,8 +5,10 @@ autocmd FileType yaml setlocal ts=2 sts=2 sw=2 expandtab
let g:gutentags_file_list_command = 'git ls-files'
" Golang
" Go test shortcut
" Go test, Def, Decls shortcut
nmap <Leader>got :GoTest<CR>:botright copen<CR>
autocmd FileType go nmap gd :GoDef<CR>
autocmd FileType go nmap gD :GoDecls<CR>
" Go formatting
autocmd FileType go setlocal noexpandtab shiftwidth=4 tabstop=4 softtabstop=4 nolist

16
modules/terminal-life/zsh/default.nix
View file

@ -22,7 +22,6 @@ in
[ "$(tty)" = "/dev/tty1" ] && exec sway
'';
shellAliases = {
nano = "nvim";
vi = "nvim";
@ -72,13 +71,14 @@ in
bindkey '^R' fzf-history-widget
# ArrowUp/Down start searching history with current input
autoload -U history-search-end
zle -N history-beginning-search-backward-end history-search-end
zle -N history-beginning-search-forward-end history-search-end
bindkey "^[[A" history-beginning-search-backward-end
bindkey "^[[B" history-beginning-search-forward-end
bindkey "^P" history-beginning-search-backward-end
bindkey "^N" history-beginning-search-forward-end
autoload -U up-line-or-beginning-search
autoload -U down-line-or-beginning-search
zle -N up-line-or-beginning-search
zle -N down-line-or-beginning-search
bindkey "^[[A" up-line-or-beginning-search
bindkey "^[[B" down-line-or-beginning-search
bindkey "^P" up-line-or-beginning-search
bindkey "^N" down-line-or-beginning-search
# MAKE CTRL+S WORK IN VIM
stty -ixon

5
modules/user/default.nix
View file

@ -21,6 +21,11 @@ in
type = types.nullOr types.str;
default = null;
};
publicKeys = mkOption {
description = "User SSH public keys";
type = types.listOf types.path;
default = [ ];
};
fullName = mkOption {
description = "User full name";
type = types.nullOr types.str;

2
modules/virtualisation/default.nix
View file

@ -19,7 +19,7 @@ in
virtualisation.libvirtd = {
enable = true;
qemuOvmf = true;
qemu.ovmf.enable = true;
};
users.users = pkgs.lib.setAttrByPath [ psCfg.user.name ] {
extraGroups = [ "libvirtd" ];

10
modules/x-os/boot.nix
View file

@ -1,16 +1,22 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.pub-solar.x-os;
in
{
options.pub-solar.x-os.iso-options.enable = mkOption {
type = types.bool;
default = false;
description = "Feature flag for iso builds";
};
config = {
# Enable plymouth for better experience of booting
boot.plymouth.enable = true;
# Mount / luks device in initrd
# Allow fstrim to work on it.
boot.initrd = {
# The ! makes this enabled by default
boot.initrd = mkIf (!cfg.iso-options.enable) {
luks.devices."cryptroot" = {
allowDiscards = true;
};

20
overlays/mdbook-multilang.nix Normal file
View file

@ -0,0 +1,20 @@
final: prev: {
mdbook-multilang = prev.mdbook.overrideAttrs (oldAttrs: rec {
pname = "mdbook";
version = "pr1306";
src = prev.fetchFromGitHub {
owner = "Ruin0x11";
repo = "mdBook";
rev = "9d8147c52dd9d50047ba5b29e4af99f92577806e";
sha256 = "sha256-gJnQKHssO2ChiT4d037Lncd7hiOa5uh756p8TzPzbgQ=";
};
cargoDeps = oldAttrs.cargoDeps.overrideAttrs (prev.lib.const {
name = "${pname}-vendor.tar.gz";
inherit src;
outputHash = "sha256-QCEyl5FZqECYYb5eRm8mn+R6owt+CLQwCq/AMMPygE0=";
});
});
}

20
overlays/overrides.nix
View file

@ -4,31 +4,28 @@ channels: final: prev: {
inherit (channels.latest)
cachix
deploy-rs
docker
docker-compose_2
dhall
discord
element-desktop
rage
nixpkgs-fmt
nomad
rage
qutebrowser
signal-desktop
starship
deploy-rs
element-desktop-wayland
neovim-unwrapped
docker
docker-compose_2
nomad
tdesktop
xdg-desktop-portal
xdg-desktop-portal-gtk
xdg-desktop-portal-wlr
obs-studio
obs-studio-plugins
looking-glass-client
;
inherit (channels.master)
qMasterPassword
;
haskellPackages = prev.haskellPackages.override
(old: {
@ -41,4 +38,7 @@ channels: final: prev: {
haskell-language-server;
});
});
# Example to override node package
# nodePackages = prev.nodePackages // { inherit (channels.latest.nodePackages) manta; };
}

26
overlays/python-wiki-fetch.nix Normal file
View file

@ -0,0 +1,26 @@
final: prev: with prev.python39Packages; {
python-wiki-fetch = buildPythonPackage rec {
pname = "fetch";
version = "unstable-2022-02-25";
src = prev.fetchFromGitHub {
owner = "yashsinghcodes";
repo = "fetch";
rev = "3a490a2c2f0b6d2491397fe77939e850056963fd";
sha256 = "sha256-VsZ8YEXZOIf3UbPmJSn84DYaINavLXCzC0nUOqkvOh4=";
};
checkPhase = ''
cd test
${python.interpreter} test.py
'';
propagatedBuildInputs = [
beautifulsoup4
requests
wheel
];
patches = ./python-wiki-fetch.patch;
};
}

32
overlays/python-wiki-fetch.patch Normal file
View file

@ -0,0 +1,32 @@
--- a/setup.py
+++ b/setup.py
@@ -3,13 +3,6 @@ from os import name, path
from sys import version
import setuptools
-req_pkgs = [
- 'bs4',
- 'requests',
- 'wheel'
-]
-
-
with open("README.md","r") as f:
long_description = f.read()
@@ -25,7 +18,7 @@ setuptools.setup(
packages = setuptools.find_packages(),
entry_points={
'console_scripts': [
- 'fetch=fetch.fetch:arguments',
+ 'wiki=fetch.fetch:arguments',
]
},
python_requires='>=3.*',
@@ -36,6 +29,4 @@ setuptools.setup(
"Development Status :: 5 - Production/Stable",
"Environment :: Console",
],
- install_requires=req_pkgs,
- setup_requires=req_pkgs,
)

1
pkgs/default.nix
View file

@ -3,6 +3,7 @@ with final; {
# keep sources this first
sources = prev.callPackage (import ./_sources/generated.nix) { };
# then, call packages with `final.callPackage`
gpu-switch = writeShellScriptBin "gpu-switch" (import ./gpu-switch.nix final);
import-gtk-settings = writeShellScriptBin "import-gtk-settings" (import ./import-gtk-settings.nix final);
lgcl = writeShellScriptBin "lgcl" (import ./lgcl.nix final);
mailto-mutt = writeShellScriptBin "mailto-mutt" (import ./mailto-mutt.nix final);

69
pkgs/gpu-switch.nix Normal file
View file

@ -0,0 +1,69 @@
self: with self; ''
# Copyright (c) 2014-2015 Bruno Bierbaumer, Andreas Heider
readonly sysfs_efi_vars='/sys/firmware/efi/efivars'
readonly efi_gpu='gpu-power-prefs-fa4ce28d-b62f-4c99-9cc3-6815686e30f9'
usage(){
cat <<EOF
Usage:
$(basename $0) --integrated # Switch to the integrated GPU
$(basename $0) --dedicated # Switch to the dedicated GPU
$(basename $0) --help # Show this message
Switches between the integrated and dedicated graphics cards of a dual-GPU
MacBook Pro for the next reboot.
Arguments:
-i, --integrated
-d, --dedicated
-h, --help
Tested hardware:
MacBook Pro 5,2 (Early 2009, Non-Retina)
MacBook Pro 5,3 (Mid 2009, Non-Retina)
MacBook Pro 8,2 (Late 2011, Non-Retina)
MacBook Pro 9,1 (Mid 2012, Non-Retina)
MacBook Pro 10,1 (Mid 2012, Retina)
MacBook Pro 11,3 (Late 2013, Retina)
MacBook Pro 11,5 (Mid 2015, Retina)
EOF
}
switch_gpu(){
if ! [ -d /sys/firmware/efi ]; then
printf "Fatal: $(basename $0) has to be run in EFI mode.\n" 1>&2
exit 1
fi
if ! mount | grep -q $sysfs_efi_vars; then
if ! mount -t efivarfs none $sysfs_efi_vars; then
printf "Fatal: Couldn't mount ''${sysfs_efi_vars}.\n" 1>&2
exit 1
fi
fi
chattr -i "''${sysfs_efi_vars}/''${efi_gpu}" 2> /dev/null
printf "\x07\x00\x00\x00\x''${1}\x00\x00\x00" > "''${sysfs_efi_vars}/''${efi_gpu}"
}
if [ $# -ne 1 ]; then
usage 1>&2
exit 1
fi
case "$1" in
-i|--integrated)
switch_gpu 1
;;
-d|--dedicated)
switch_gpu 0
;;
-h|--help)
usage
;;
*)
usage 1>&2
exit 1
;;
esac
''

10
pkgs/lgcl.nix
View file

@ -1,3 +1,9 @@
self: with self; ''
${self.looking-glass-client}/bin/looking-glass-client -f /dev/shm/looking-glass input:ignoreWindowsKeys=yes input:grabKeyboardOnFocus=no
self: with self;
let
looking-glass-client = self.looking-glass-client.overrideAttrs (old: {
meta.platforms = [ "x86_64-linux" "aarch64-linux" ];
});
in
''
${looking-glass-client}/bin/looking-glass-client -f /dev/shm/looking-glass input:ignoreWindowsKeys=yes input:grabKeyboardOnFocus=no
''

6
profiles/audio/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ self, config, lib, pkgs, ... }:
let inherit (lib) fileContents;
in
{
pub-solar.audio.enable = true;
}

4
profiles/base-user/.config/waybar/config
View file

@ -4,7 +4,7 @@
"height": 26, // Waybar height
"modules-left": ["sway/workspaces", "sway/mode"],
"modules-center": ["mpd"],
//"modules-center": ["mpd"],
"modules-right": ["sway/language", "pulseaudio", "network", "idle_inhibitor", "battery", "clock", "tray"],
"sway/workspaces": {
"disable-scroll": true
@ -62,7 +62,7 @@
"network": {
"interval": 3,
"tooltip": true,
//"interface": "wlp4s0", // (Optional) To force the use of this interface   \uF2E7,
"interface": "wlp4s0", // (Optional) To force the use of this interface   \uF2E7,
"format-wifi": "<span font='10'></span> \uf062 {bandwidthUpBits} | \uf063 {bandwidthDownBits}",
"format-ethernet": "<span font='10'></span> \uf062 {bandwidthUpBits} | \uf063 {bandwidthDownBits}",
"format-disconnected": "",

1
profiles/base-user/default.nix
View file

@ -19,6 +19,7 @@ in
extraGroups = [ "wheel" "docker" "input" "audio" "video" "networkmanager" "lp" "scanner" ];
initialHashedPassword = if psCfg.user.password != null then psCfg.user.password else "";
shell = pkgs.zsh;
openssh.authorizedKeys.keyFiles = if psCfg.user.publicKeys != null then psCfg.user.publicKeys else [];
};
};
}

2
profiles/base-user/home.nix
View file

@ -20,7 +20,7 @@ in
home.packages = with pkgs; [ ];
fonts.fontconfig.enable = true;
fonts.fontconfig.enable = mkForce true;
programs.dircolors.enable = true;
programs.dircolors.enableZshIntegration = true;

3
profiles/base-user/session-variables.nix
View file

@ -58,6 +58,9 @@ let
# experimental wayland in firefox/thunderbird
MOZ_ENABLE_WAYLAND = "1";
# chromium / electron on wayland: enable ozone (native wayland mode)
NIXOS_OZONE_WL = "1";
# Vagrant
VAGRANT_HOME = "${xdg.dataHome}/vagrant";
VAGRANT_DEFAULT_PROVIDER = "libvirt";

18
profiles/core/default.nix
View file

@ -1,4 +1,4 @@
{ self, config, lib, pkgs, ... }:
{ self, config, lib, pkgs, inputs, ... }:
let inherit (lib) fileContents;
in
{
@ -10,12 +10,6 @@ in
pub-solar.audio.enable = true;
pub-solar.crypto.enable = true;
pub-solar.devops.enable = true;
pub-solar.docker.enable = true;
pub-solar.nextcloud.enable = true;
pub-solar.office.enable = true;
# pub-solar.printing.enable = true; # this is enabled automatically if office is enabled
pub-solar.server.enable = true;
pub-solar.printing.enable = true;
# This is just a representation of the nix default
nix.systemFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
@ -65,6 +59,7 @@ in
p7zip
croc
jq
jless
# Nix specific utilities
niv
@ -74,6 +69,7 @@ in
# Build broken, python2.7-PyJWT-2.0.1.drv' failed
#nixops
psos
nvd
# Fun
neofetch
@ -94,7 +90,7 @@ in
nix = {
# use nix-dram, a patched nix command, see: https://github.com/dramforever/nix-dram
package = pkgs.nix-dram;
package = inputs.nix-dram.packages.${pkgs.system}.nix-dram;
# Improve nix store disk usage
autoOptimiseStore = true;
@ -118,7 +114,11 @@ in
'';
};
system.autoUpgrade.enable = true;
# For rage encryption, all hosts need a ssh key pair
services.openssh = {
enable = true;
openFirewall = lib.mkDefault false;
};
# Service that makes Out of Memory Killer more effective
services.earlyoom.enable = true;

15
profiles/full-install/default.nix Normal file
View file

@ -0,0 +1,15 @@
{ self, config, lib, pkgs, ... }:
let inherit (lib) fileContents;
in
{
imports = [ ../cachix ];
config = {
pub-solar.audio.mopidy.enable = true;
pub-solar.audio.bluetooth.enable = true;
pub-solar.docker.enable = true;
pub-solar.nextcloud.enable = true;
pub-solar.office.enable = true;
# pub-solar.printing.enable = true; # this is enabled automatically if office is enabled
};
}

1
profiles/graphical/default.nix
View file

@ -4,5 +4,4 @@ in
{
pub-solar.graphical.enable = true;
pub-solar.sway.enable = true;
pub-solar.social.enable = true;
}

9
profiles/pub-solar-iso/default.nix Normal file
View file

@ -0,0 +1,9 @@
{ self, config, lib, pkgs, ... }:
let inherit (lib) fileContents;
in
{
imports = [ ../cachix ];
config = {
pub-solar.x-os.iso-options.enable = true;
};
}

6
profiles/social/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ self, config, lib, pkgs, ... }:
let inherit (lib) fileContents;
in
{
pub-solar.social.enable = true;
}

20
secrets/environment-secrets.age
View file

@ -1,11 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 Wp/X/Q C++E2jLATPQMAxb63nkqjPrgHoVDm1ZsUGr7niplsRY
K6dtOxlstQTNdKUNJA7UU1SwLzZ59loADXyQ1Li4Jos
-> ssh-ed25519 8U1+ng yNH7UiUtOvW9H0Ff9XTVRi7nxQXqNRlUxRrWkvbYjwA
mJc/c+tLP7kRrR6OCV+b9Z7WkvDwuagbP3e8Nm67738
-> ssh-ed25519 BVsyTA o7UF3e1fMZKyN6wg3u5j4uHjc4tYZCABSCq0TxbwYnU
X6OG6ySS92rDBXMy5yC7rRqAfxzYe4Ahrpc/fqTd2Gk
-> H-grease z7xB6LqI RK 4QF L,
nLqd2fYqYz7wfoQ5IWc41v5AMQeKeNZkabRMkYo
--- 7JewEr1iERrpdhFYTlscmFemDbUvKxxc2QWq482abjo
â‡1+/ 4'»ã¤GQbkÚqf˜ ¥|B}ÛŸ*Ñå|Ñ=¾§‰ð侸wbö™£Y9©ÓÃ\Q â<>mèú<16>Ú•ž&£Œ-‰ è$C0
-> ssh-ed25519 Wp/X/Q IKfNl3gr5ua8kmzHnvIxSSF9BRFVyoLVBaQ5jzuFARI
uzHWNCEVtzi5dTqro2ybcKZk9eIH55EW3XQ3PN694Z4
-> ssh-ed25519 8U1+ng utu6wEkelk2/T/y/NAOgjZuz30CT/epmQqU15pgsmSI
eH+xU7pl7Ok/tYVQBjumMMUo58UQWaOnbfE7bYxIyM8
-> ssh-ed25519 BVsyTA 34Fk/GSuH8FJWNLZxE9798zfLawgJucGk7M8bEazHng
Z5B0o32wZLAK0u7iTrWUn8he4G5AW+z1DDhkYZeSDXA
-> :|0NxJA-grease Ko8o7 vL#k|]M
GmDtTyzO8xSd51y5FYQ9uGUe/dTbQYI/7UqK4CtH078GDYn4PIGNlIdqTca5MQ
--- mHoGm+wNh2RKcaqRVO3AFX2ravHNTHlIfq2ADiZPVmg
S¾C¹ÖF"ÅW`6}­¹ib§ö+ ·<E28093>LVd<64>ðýχöFðêrüæ¿~?HP±Cè~Ïχ<C38F>Js5WM¶y³ÁÈXççëxÚøžÞƒDÃáGH

1
secrets/teutat3s-yubikey.pub Normal file
View file

@ -0,0 +1 @@
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a

2
shell/bud/default.nix
View file

@ -1,7 +1,7 @@
{ pkgs, lib, budUtils, ... }: {
bud.cmds = with pkgs; {
get = {
writer = budUtils.writeBashWithPaths [ nixUnstable git coreutils ];
writer = budUtils.writeBashWithPaths [ nixFlakes git coreutils ];
synopsis = "get [DEST]";
help = "Copy the desired template to DEST";
script = ./get.bash;

5
shell/devos.nix
View file

@ -15,6 +15,9 @@ in
imports = [ "${extraModulesPath}/git/hooks.nix" ];
git = { inherit hooks; };
# override for our own welcome
devshell.name = pkgs.lib.mkForce "PubSolarOS";
# tempfix: remove when merged https://github.com/numtide/devshell/pull/123
devshell.startup.load_profiles = pkgs.lib.mkForce (pkgs.lib.noDepEntry ''
# PATH is devshell's exorbitant privilige:
@ -31,7 +34,7 @@ in
'');
commands = with pkgs; [
(devos nixUnstable)
(devos nixFlakes)
(devos agenix)
{
category = "devos";

11
users/nixos/default.nix
View file

@ -1,11 +0,0 @@
{ hmUsers, ... }:
{
home-manager.users = { inherit (hmUsers) nixos; };
users.users.nixos = {
password = "nixos";
description = "default";
isNormalUser = true;
extraGroups = [ "wheel" ];
};
}

18
users/pub-solar/default.nix Normal file
View file

@ -0,0 +1,18 @@
{ hmUsers, ... }:
{
home-manager.users = { inherit (hmUsers) pub-solar; };
pub-solar = {
# These are your personal settings
# The only required settings are `name` and `password`,
# for convenience, use publicKeys to add your SSH keys
# The rest is used for programs like git
user = {
name = "pub-solar";
password = "$6$Kv0BCLU2Jg7GN8Oa$hc2vERKCbZdczFqyHPfgCaleGP.JuOWyd.bfcIsLDNmExGXI6Rnkze.SWzVzVS311KBznN/P4uUYAUADXkVtr.";
fullName = "Pub Solar";
email = "iso@pub.solar";
publicKeys = [ ../../secrets/teutat3s-yubikey.pub ];
};
};
}

8
users/teutat3s/.config/git/config.nix
View file

@ -1,7 +1,13 @@
{ config, pkgs, ... }:
let
in
pkgs.lib.mkAfter ''[includeIf "gitdir:~/CodeRoom/greenbaum.cloud/"]
pkgs.lib.mkAfter ''[sendemail]
smtpserver = smtp.mailbox.org
smtpuser = jhonas@mailbox.org
smtpencryption = tls
smtpserverport = 587
[includeIf "gitdir:~/CodeRoom/greenbaum.cloud/"]
path = ~/.config/git/config_greenbaum.cloud
[includeIf "gitdir:~/CodeRoom/git.b12f.io/"]

29
users/teutat3s/.config/watson/config.nix Normal file
View file

@ -0,0 +1,29 @@
{ config, pkgs, ... }:
let
in
''# Watson configuration
# showing defaults commented out
# not implemented yet as of 2.0.1
#[backend]
#url = https://api.crick.fr
#token = yourapitoken
[options]
#options.confirm_new_project = false
#options.confirm_new_tag = false
date_format = %d.%m.%Y
#log_current = false
pager = false
#report_current = false
#reverse_log = true
stop_on_start = true
#stop_on_restart = false
time_format = %H:%M%z
#week_start = monday
#[default_tags]
#project-name = tag1 tag2
#python101 = teaching python
#voyager2 = nasa 'space mission'
''

10
users/teutat3s/home.nix
View file

@ -10,22 +10,26 @@ in
];
config = {
pub-solar.social.enable = true;
pub-solar.graphical.alacritty.settings.font.size = 12;
pub-solar.graphical.alacritty.settings.key_bindings = [
{ key = "V"; mods = "Control|Super"; action = "Paste"; }
{ key = "C"; mods = "Control|Super"; action = "Copy"; }
];
services.kbfs.enable = false;
services.keybase.enable = false;
services.kbfs.enable = true;
services.keybase.enable = true;
services.yubikey-agent.enable = true;
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
xdg.configFile."git/config".text = import ./.config/git/config.nix { inherit config; inherit pkgs; };
xdg.configFile."git/config_greenbaum.cloud".text = import ./.config/git/config_greenbaum.cloud.nix { inherit config; inherit pkgs; };
xdg.configFile."git/config_git.b12f.io".text = import ./.config/git/config_git.b12f.io.nix { inherit config; inherit pkgs; };
xdg.configFile."watson/config".text = import ./.config/watson/config.nix { inherit config; inherit pkgs; };
home.packages = with pkgs; [
AusweisApp2
consul
gpu-switch
ifmetric
ipmitool
keybase-gui
@ -67,7 +71,7 @@ in
};
programs.zsh = {
initExtra = import ./zshrc.nix pkgs;
initExtra = import ./zshrc.nix { inherit config; inherit pkgs; };
};
# xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg;

1
users/teutat3s/session-variables.nix
View file

@ -7,6 +7,7 @@ in
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
home.sessionVariables = {
DRONE_SERVER = "https://ci.b12f.io";
GOPATH = "/home/${psCfg.user.name}/CodeRoom/go";
};
};
}

28
users/teutat3s/zshrc.nix
View file

@ -1,4 +1,4 @@
pkgs:
{ config, pkgs, ... }:
''
bindkey "^[[1;3D" backward-word
bindkey "^[[1;3C" forward-word
@ -54,18 +54,32 @@ pkgs:
alias wg-down="sudo systemctl stop wg-quick@wg0.service"
# Helper function for docker on triton
ttdo () {
ttp() {
if [[ "$1" == "set" ]]; then
if [[ -n "$2" ]]; then
source unset-env.sh
triton profile set "$2"
fi
source ~/CodeRoom/greenbaum.cloud/triton-docker.env.sh
source ~/CodeRoom/greenbaum.cloud/tritonshell/template/pkgs/utils/triton-docker.env.sh
elif [[ "$1" == "unset" ]]; then
eval "$(triton env --unset)" && unset TRITON_CNS_SEARCH_DOMAIN_PRIVATE TRITON_CNS_SEARCH_DOMAIN_PUBLIC
source ~/CodeRoom/greenbaum.cloud/tritonshell/template/pkgs/utils/unset-env.sh
elif [[ "$1" == "env" ]]; then
env | grep "DOCKER\|TRITON\|SDC"
env | grep "DOCKER\|MANTA\|SDC\|TRITON" | sort
else
/usr/bin/docker $@
echo "this is a helper function to quickly switch triton profiles"
echo "and setup the required environment variables"
echo "for triton, manta and the remote docker host (API)"
echo
echo 'use "ttp set your-profile" to switch to a profile'
echo
echo 'use "ttp unset" to clear all environment variables used by these CLIs'
echo "useful if you'd like to run a docker command against the"
echo "local docker host"
echo
echo 'use "ttp env" to view the currently set environment variables'
echo "used by the triton & manta CLIs"
echo
echo 'use "ttp help" to view this help'
fi
}
@ -83,5 +97,5 @@ pkgs:
complete -o nospace -C ${pkgs.waypoint}/bin/waypoint waypoint
complete -C '${pkgs.awscli2}/bin/aws_completer' ${pkgs.awscli2}/bin/aws
source /run/secrets/environment-secrets
source ${config.age.secrets.environment-secrets.path}
''