Clean some sessionVariables from global scope

Especially some XDG_* env vars polluted other users environment when set

globally

flake.lock

@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1664140963,
-        "narHash": "sha256-pFxDtOLduRFlol0Y4ShE+soRQX4kbhaCNBtDOvx7ykw=",
+        "lastModified": 1665870395,
+        "narHash": "sha256-Tsbqb27LDNxOoPLh0gw2hIb6L/6Ow/6lIBvqcHzEKBI=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "6acb1fe5f8597d5ce63fc82bc7fcac7774b1cdf0",
+        "rev": "a630400067c6d03c9b3e0455347dc8559db14288",
         "type": "github"
       },
       "original": {
@@ -42,11 +42,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1664210064,
-        "narHash": "sha256-df6nKVZe/yAhmJ9csirTPahc0dldwm3HBhCVNA6qWr0=",
+        "lastModified": 1668784520,
+        "narHash": "sha256-gGgVAMwYPPmrfnvnoRi6OkEB5KRsNTb9uYzEceLdO/g=",
         "owner": "LnL7",
         "repo": "nix-darwin",
-        "rev": "02d2551c927b7d65ded1b3c7cd13da5cc7ae3fcf",
+        "rev": "6349b99bc2b96ded34d068a88c7c5ced406b7f7f",
         "type": "github"
       },
       "original": {
@@ -85,11 +85,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1659725433,
-        "narHash": "sha256-1ZxuK67TL29YLw88vQ18Y2Y6iYg8Jb7I6/HVzmNB6nM=",
+        "lastModified": 1668797197,
+        "narHash": "sha256-0w6iD3GSSQbIeSFVDzAAQZB+hDq670ZTms3d9XI+BtM=",
         "owner": "serokell",
         "repo": "deploy-rs",
-        "rev": "41f15759dd8b638e7b4f299730d94d5aa46ab7eb",
+        "rev": "2a3c5f70eee04a465aa534d8bd4fcc9bb3c4a8ce",
         "type": "github"
       },
       "original": {
@@ -120,6 +120,31 @@
         "type": "github"
       }
     },
+    "devshell_2": {
+      "inputs": {
+        "flake-utils": [
+          "keycloak-theme-pub-solar",
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "keycloak-theme-pub-solar",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1667210711,
+        "narHash": "sha256-IoErjXZAkzYWHEpQqwu/DeRNJGFdR7X2OGbkhMqMrpw=",
+        "owner": "numtide",
+        "repo": "devshell",
+        "rev": "96a9dd12b8a447840cc246e17a47b81a4268bba7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "devshell",
+        "type": "github"
+      }
+    },
     "digga": {
       "inputs": {
         "blank": "blank",
@@ -256,11 +281,11 @@
     },
     "flake-utils_3": {
       "locked": {
-        "lastModified": 1659877975,
-        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
+        "lastModified": 1667395993,
+        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
+        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
         "type": "github"
       },
       "original": {
@@ -270,6 +295,21 @@
       }
     },
     "flake-utils_4": {
+      "locked": {
+        "lastModified": 1667077288,
+        "narHash": "sha256-bdC8sFNDpT0HK74u9fUkpbf1MEzVYJ+ka7NXCdgBoaA=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_5": {
       "locked": {
         "lastModified": 1653893745,
         "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=",
@@ -284,6 +324,22 @@
         "type": "github"
       }
     },
+    "fork": {
+      "locked": {
+        "lastModified": 1669519260,
+        "narHash": "sha256-eXuHtd+D2/gOQ1QcMbb7InKdwYPPp/+CwQxSo0fW3s4=",
+        "owner": "teutat3s",
+        "repo": "nixpkgs",
+        "rev": "9836531dcac8630bbe54b6a4897de7b1ce8a2858",
+        "type": "github"
+      },
+      "original": {
+        "owner": "teutat3s",
+        "ref": "fix/gitea-needs-gpg-in-path",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "home": {
       "inputs": {
         "nixpkgs": [
@@ -291,11 +347,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1656169755,
-        "narHash": "sha256-Nlnm4jeQWEGjYrE6hxi/7HYHjBSZ/E0RtjCYifnNsWk=",
+        "lastModified": 1667907331,
+        "narHash": "sha256-bHkAwkYlBjkupPUFcQjimNS8gxWSWjOTevEuwdnp5m0=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "4a3d01fb53f52ac83194081272795aa4612c2381",
+        "rev": "6639e3a837fc5deb6f99554072789724997bc8e5",
         "type": "github"
       },
       "original": {
@@ -305,6 +361,29 @@
         "type": "github"
       }
     },
+    "keycloak-theme-pub-solar": {
+      "inputs": {
+        "devshell": "devshell_2",
+        "flake-utils": "flake-utils_3",
+        "nixpkgs": [
+          "nixos"
+        ]
+      },
+      "locked": {
+        "lastModified": 1669558652,
+        "narHash": "sha256-97WIgaqh8LHlerRn83JCOUwejy/p8h44y8Suth22/t4=",
+        "ref": "main",
+        "rev": "3c8ef7c3d2c025a4dced88190dec2307641e8b26",
+        "revCount": 11,
+        "type": "git",
+        "url": "https://git.pub.solar/pub-solar/keycloak-theme"
+      },
+      "original": {
+        "ref": "main",
+        "type": "git",
+        "url": "https://git.pub.solar/pub-solar/keycloak-theme"
+      }
+    },
     "latest": {
       "locked": {
         "lastModified": 1657265485,
@@ -323,11 +402,11 @@
     },
     "latest_2": {
       "locked": {
-        "lastModified": 1664538465,
-        "narHash": "sha256-EnlC7dDKX7X1wlnXkB1gmn9rBZQ0J9+biVTZHw//8us=",
+        "lastModified": 1669411043,
+        "narHash": "sha256-LfPd3+EY+jaIHTRIEOUtHXuanxm59YKgUacmSzaqMLc=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "10ecda252ce1b3b1d6403caeadbcc8f30d5ab796",
+        "rev": "5dc7114b7b256d217fe7752f1614be2514e61bb8",
         "type": "github"
       },
       "original": {
@@ -374,11 +453,11 @@
     },
     "nixos": {
       "locked": {
-        "lastModified": 1664594436,
-        "narHash": "sha256-YHowMADGzdi7fKnGlg47qe0PIljq+11VqLarmXDuKxQ=",
+        "lastModified": 1669418739,
+        "narHash": "sha256-T86oFvcUIRwHWBWUt7WjaP4BP/3lDGbv5AppQSI1FkI=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "9cac45850280978a21a3eb67b15a18f34cbffa2d",
+        "rev": "695b3515251873e0a7e2021add4bba643c56cde3",
         "type": "github"
       },
       "original": {
@@ -394,11 +473,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1660727616,
-        "narHash": "sha256-zYTIvdPMYMx/EYqXODAwIIU30RiEHqNHdgarIHuEYZc=",
+        "lastModified": 1669065280,
+        "narHash": "sha256-3+pq1oJWjGDLfd8G/vR3IIFZ+EQ/aglukA0bTiMlf3o=",
         "owner": "nix-community",
         "repo": "nixos-generators",
-        "rev": "adccd191a0e83039d537e021f19495b7bad546a1",
+        "rev": "50aeec40f2072d2ab267c8ec8a345573704ec110",
         "type": "github"
       },
       "original": {
@@ -409,11 +488,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1664628729,
-        "narHash": "sha256-A1J0ZPhBfZZiWI6ipjKJ8+RpMllzOMu/An/8Tk3t4oo=",
+        "lastModified": 1669146234,
+        "narHash": "sha256-HEby7EG1yaq1oT2Ze6Cvok9CFju1XHkSvVHmkptLW9U=",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "3024c67a2e9a35450558426c42e7419ab37efd95",
+        "rev": "0099253ad0b5283f06ffe31cf010af3f9ad7837d",
         "type": "github"
       },
       "original": {
@@ -469,17 +548,17 @@
     "nvfetcher": {
       "inputs": {
         "flake-compat": "flake-compat_3",
-        "flake-utils": "flake-utils_3",
+        "flake-utils": "flake-utils_4",
         "nixpkgs": [
           "nixos"
         ]
       },
       "locked": {
-        "lastModified": 1664550666,
-        "narHash": "sha256-eXfMRd9uItEp3PsYI31FSVGPG9dVC6yF++65ZrGwW8A=",
+        "lastModified": 1667620329,
+        "narHash": "sha256-v1Zk7rtEbAGpevBGPZvZBKpwbmw4I+uVwxvd+pBlp3o=",
         "owner": "berberman",
         "repo": "nvfetcher",
-        "rev": "9763ad40d59a044e90726653d9253efaeeb053b2",
+        "rev": "294826951113dcd3aa9abbcacfb1aa5b95a19116",
         "type": "github"
       },
       "original": {
@@ -494,7 +573,9 @@
         "darwin": "darwin",
         "deploy": "deploy",
         "digga": "digga",
+        "fork": "fork",
         "home": "home",
+        "keycloak-theme-pub-solar": "keycloak-theme-pub-solar",
         "latest": "latest_2",
         "naersk": "naersk",
         "nixos": "nixos",
@@ -507,18 +588,18 @@
     },
     "triton-vmtools": {
       "inputs": {
-        "flake-utils": "flake-utils_4",
+        "flake-utils": "flake-utils_5",
         "nixpkgs": [
           "nixos"
         ]
       },
       "locked": {
         "dir": "vmtools",
-        "lastModified": 1664803886,
-        "narHash": "sha256-M2mk5H0PTSSQqdMqQWg/IGOARWwiPlaM8lSn3ObRPWU=",
+        "lastModified": 1668514320,
+        "narHash": "sha256-P+wzdarT2l+91VPf9hsYtKJad7WHttN5oFFlGQHJ5mQ=",
         "ref": "main",
-        "rev": "d79cc27c907062540594ea8998f17674ece1ca64",
-        "revCount": 23,
+        "rev": "8648709ed952423e82d62eb634918de1b1cfdc82",
+        "revCount": 27,
         "type": "git",
         "url": "https://git.b12f.io/pub-solar/infra?dir=vmtools"
       },

flake.nix

@@ -10,6 +10,7 @@
       # Track channels with commits tested and built by hydra
       nixos.url = "github:nixos/nixpkgs/nixos-22.05";
       latest.url = "github:nixos/nixpkgs/nixos-unstable";
+      fork.url = "github:teutat3s/nixpkgs/fix/gitea-needs-gpg-in-path";
 
       digga.url = "github:pub-solar/digga/fix/bootstrap-iso";
       digga.inputs.nixpkgs.follows = "nixos";
@@ -41,6 +42,9 @@
 
       triton-vmtools.url = "git+https://git.b12f.io/pub-solar/infra?ref=main&dir=vmtools";
       triton-vmtools.inputs.nixpkgs.follows = "nixos";
+
+      keycloak-theme-pub-solar.url = "git+https://git.pub.solar/pub-solar/keycloak-theme?ref=main";
+      keycloak-theme-pub-solar.inputs.nixpkgs.follows = "nixos";
     };
 
   outputs =
@@ -54,6 +58,7 @@
     , nvfetcher
     , deploy
     , triton-vmtools
+    , keycloak-theme-pub-solar
     , ...
     } @ inputs:
     digga.lib.mkFlake
@@ -72,6 +77,7 @@
             overlays = [ ];
           };
           latest = { };
+          fork = { };
         };
 
         lib = import ./lib { lib = digga.lib // nixos.lib; };
@@ -153,9 +159,9 @@
         homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations;
 
         deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations {
-          flora6 = {
+          flora-6 = {
             sshUser = "barkeeper";
-            hostname = "infra-1.pub.solar";
+            hostname = "flora-6.pub.solar";
           };
         };
       };

hosts/flora-6/default.nix

@@ -1,6 +1,6 @@
 { ... }:
 {
   imports = [
-    ./flora6.nix
+    ./flora-6.nix
   ];
 }

hosts/flora-6/flora-6.nix

@@ -1,4 +1,13 @@
-{ config, inputs, lib, pkgs, profiles, latestModulesPath, self, ... }:
+{ config
+, forkModulesPath
+, latestModulesPath
+, lib
+, inputs
+, pkgs
+, profiles
+, self
+, ...
+}:
 let
   psCfg = config.pub-solar;
 in
@@ -13,8 +22,12 @@ in
     profiles.users.barkeeper
 
     "${latestModulesPath}/services/web-apps/keycloak.nix"
+    "${forkModulesPath}/services/misc/gitea.nix"
+  ];
+  disabledModules = [
+    "services/web-apps/keycloak.nix"
+    "services/misc/gitea.nix"
   ];
-  disabledModules = [ "services/web-apps/keycloak.nix" ];
 
   config = {
     # # #
@@ -82,6 +95,9 @@ in
         http-port = 8080;
         proxy = "edge";
       };
+      themes = {
+        "pub.solar" = inputs.keycloak-theme-pub-solar.legacyPackages.${pkgs.system}.keycloak-theme-pub-solar;
+      };
     };
 
     # gitea

modules/terminal-life/default.nix

@@ -28,16 +28,17 @@ in
     ];
 
     environment.systemPackages = with pkgs; [
+      ack
+      bat
+      exa
+      fd
+      neovim
       screen
     ];
 
     home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
       home.packages = [
-        ack
         asciinema
-        bat
-        exa
-        fd
         gh
         glow
         nnn

profiles/base-user/session-variables.nix

@@ -3,7 +3,14 @@ let
   psCfg = config.pub-solar;
   wlroots = psCfg.graphical.wayland;
   xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-  variables = {
+  globalVariables = {
+    EDITOR = "/run/current-system/sw/bin/nvim";
+    VISUAL = "/run/current-system/sw/bin/nvim";
+
+    # Make sure virsh runs without root
+    LIBVIRT_DEFAULT_URI = "qemu:///system";
+  };
+  userVariables = {
     XDG_CONFIG_HOME = xdg.configHome;
     XDG_CACHE_HOME = xdg.cacheHome;
     XDG_DATA_HOME = xdg.dataHome;
@@ -18,11 +25,8 @@ let
     SDL_VIDEODRIVER = "wayland";
     WLR_RENDERER = if wlroots.software-renderer.enable then "pixman" else "gles2";
 
-    EDITOR = "/etc/profiles/per-user/${psCfg.user.name}/bin/nvim";
-    VISUAL = "/etc/profiles/per-user/${psCfg.user.name}/bin/nvim";
-
     # fix "xdg-open fork-bomb" your preferred browser from here
-    BROWSER = "${pkgs.firefox-wayland}/bin/firefox";
+    BROWSER = "firefox";
 
     # node
     NODE_REPL_HISTORY = "${xdg.dataHome}/node_repl_history";
@@ -34,9 +38,6 @@ let
     NPM_CONFIG_CACHE = "${xdg.configHome}/npm";
     # TODO: used to be XDG_RUNTIME_DIR NPM_CONFIG_TMP = "/tmp/npm";
 
-    # Make sure virsh runs without root
-    LIBVIRT_DEFAULT_URI = "qemu:///system";
-
     # wine
     WINEPREFIX = "${xdg.dataHome}/wineprefixes/default";
 
@@ -78,21 +79,21 @@ let
     VUEDX_TELEMETRY = "off";
   };
 
-  envListNames = lib.attrsets.mapAttrsToList (name: value: name) variables;
+  envListNames = lib.attrsets.mapAttrsToList (name: value: name) userVariables;
 
   # Here we merge an extra variable into the attrset called FULL_ENV_LIST.
   # It's a list of the variable names defined above.
   # We can use this to tell `systemctl import-environment` to import the full list above.
-  variablesWithMeta = lib.attrsets.zipAttrsWith (name: values: builtins.head values) [
-    variables
+  userVariablesWithMeta = lib.attrsets.zipAttrsWith (name: values: builtins.head values) [
+    userVariables
     { IMPORT_ENVIRONMENT_ENV_LIST = lib.lists.foldl (a: b: a + " " + b) "IMPORT_ENVIRONMENT_ENV_LIST" envListNames; }
   ];
 in
 {
   home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
-    home.sessionVariables = variablesWithMeta;
-    systemd.user.sessionVariables = variablesWithMeta;
+    home.sessionVariables = userVariablesWithMeta;
+    systemd.user.sessionVariables = userVariablesWithMeta;
   };
 
-  environment.variables = variablesWithMeta;
+  environment.variables = globalVariables;
 }

secrets/secrets.nix

@@ -1,9 +1,9 @@
 let
   # set ssh public keys here for your system and user
   teutat3s = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms";
-  flora6 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP1InpTBN4AlF/4V8HHumAMLJzeO8DpzjUv9Co/+J09 root@pub-solar-infra-vm-1";
-  allKeys = [ flora6 teutat3s ];
-  deployKeys = [ flora6 teutat3s ];
+  flora-6 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP1InpTBN4AlF/4V8HHumAMLJzeO8DpzjUv9Co/+J09 root@pub-solar-infra-vm-1";
+  allKeys = [ flora-6 teutat3s ];
+  deployKeys = [ flora-6 teutat3s ];
 in
 {
   "gitea-database-password.age".publicKeys = deployKeys;