diff --git a/.drone.yml b/.drone.yml index 3b63dc6f..efeeac92 100644 --- a/.drone.yml +++ b/.drone.yml @@ -82,8 +82,85 @@ steps: password: from_secret: matrix_password template: "Upstreaming {{ build.status }} [{{ build.branch }}#{{ truncate build.commit 8 }}]({{ build.link }}) by {{ build.author }}. [Pull requests](https://git.b12f.io/pub-solar/os/pulls)" + +trigger: + event: + - cron + +--- +kind: pipeline +type: docker +name: Check + +steps: + - name: "Check" + image: nixpkgs/nix-flakes:nixos-21.05 + when: + event: + - pull_request + - tag + commands: + - echo "" >> /etc/nix/nix.conf + - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf + - echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf + - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf + # Currently broken + #- nix -Lv flake check + - nix -Lv build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" + - nix -Lv develop -c echo OK + - nix -Lv develop --command bud --help + +--- +kind: pipeline +type: docker +name: Publish ISO + +steps: + - name: "Build ISO" + image: nixpkgs/nix-flakes:nixos-21.05 + volumes: + - name: nix-store + path: /var/nix/iso-cache + commands: + - echo "" >> /etc/nix/nix.conf + - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf + - echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf + - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf + - nix -Lv develop --command bud build bootstrap bootstrapIso + - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ + + - name: "Publish ISO" + image: appleboy/drone-scp + volumes: + - name: nix-store + path: /var/nix/iso-cache + settings: + host: + from_secret: ssh_host + user: + from_secret: ssh_user + port: + from_secret: ssh_port + key: + from_secret: ssh_key + target: /var/www/pub.solar + source: + - /var/nix/iso-cache/*.iso + strip_components: 3 + +trigger: + event: + - push + branch: + - feature/basic-iso + +volumes: + - name: nix-store + host: + path: "/var/nix/iso-cache" + --- kind: signature -hmac: 07d9a95e8f577483d753e9eea76229ffe0c369ecd642bfc364ae183f662d2167 +hmac: 539937d723b620778939dcac3819b0f6a4c396f1c477a2783ae3fb6feab0f4d7 ... diff --git a/.envrc b/.envrc index a6d5743c..c878da9a 100644 --- a/.envrc +++ b/.envrc @@ -1,2 +1,10 @@ -watch_file shell/* flake.nix -use flake || use nix +# reload when these files change +watch_file flake.nix +watch_file shell.nix + +{ + # shell gc root dir + mkdir -p "$(direnv_layout_dir)" + + eval "$(nix print-dev-env --profile $(direnv_layout_dir)/flake-profile)" +} || use nix diff --git a/README.md b/README.md index 29d450dc..e2a83eb9 100644 --- a/README.md +++ b/README.md @@ -58,14 +58,15 @@ following giants][giants]: - [devshell](https://github.com/numtide/devshell) ## Divnix -The divnix org is an open space that spontaniously formed out of "the Nix". -It is really just a place where otherwise unrelated people a) get -together and b) stuff done. +The divnix org is an open space that spontaneously formed out of "the Nix". +It is really just a place where otherwise unrelated people work +together and get stuff done. -It's a place to stop "geeking out in isolation" (or within company boundaries), -experiment and learn together and iterate quickly on best practices. That's what it is. +It's a place to stop "geeking out in isolation" (or within company boundaries). +A place to experiment, learn together, and iterate quickly on best practices. +That's what it is. -It might eventually become a non-profit if that's not too complicated or if those +It might eventually become a non-profit if that's not too complicated or, if those goals are sufficiently upstreamed into "the Nix", dissolved. # License diff --git a/doc/secrets.md b/doc/secrets.md index 47ca43d4..8794925a 100644 --- a/doc/secrets.md +++ b/doc/secrets.md @@ -14,7 +14,7 @@ to easily setup those secret files declaratively. [agenix][agenix] encrypts secrets and stores them as .age files in your repository. Age files are encrypted with multiple ssh public keys, so any host or user with a matching ssh private key can read the data. The [age module][age module] will add those -encrypted files to the nix store and decrypt them on activation to `/run/secrets`. +encrypted files to the nix store and decrypt them on activation to `/run/agenix`. ### Setup All hosts must have openssh enabled, this is done by default in the core profile. diff --git a/flake.lock b/flake.lock index 4d8ae3f3..2ade96dd 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1637793790, - "narHash": "sha256-oPXavjxETEWGXq8g7kQHyRLKUmLX2yPtGn+t3V0mrTY=", + "lastModified": 1641576265, + "narHash": "sha256-G4W39k5hdu2kS13pi/RhyTOySAo7rmrs7yMUZRH0OZI=", "owner": "ryantm", "repo": "agenix", - "rev": "f85eea0e29fa9a8924571d0e398215e175f80d55", + "rev": "08b9c96878b2f9974fc8bde048273265ad632357", "type": "github" }, "original": { @@ -27,11 +27,11 @@ "poetry2nix": "poetry2nix" }, "locked": { - "lastModified": 1630693543, - "narHash": "sha256-7Sly3ReaJZw60Qo0rpfN4jF6zy94nwQz6ENgUUFzJfg=", + "lastModified": 1641830469, + "narHash": "sha256-uhDmgNP/biOWe4FtOa6c2xZnREH+NP9rdrMm0LccRUk=", "owner": "lovesegfault", "repo": "beautysh", - "rev": "5609593961b70428f58d5c1b4b25cdda43b0d0bd", + "rev": "e85d9736927c0fcf2abb05cb3a2d8d9b4502a2eb", "type": "github" }, "original": { @@ -67,11 +67,11 @@ ] }, "locked": { - "lastModified": 1640836100, - "narHash": "sha256-My9Lay6BCDwAZgrL4SuVXHkYPHIU7ypnuiS/pd7eg1M=", + "lastModified": 1642035816, + "narHash": "sha256-1Lq5c1AeUv/1SK08+O704JVfDdD/zodHzA0cv0TIga8=", "owner": "divnix", "repo": "bud", - "rev": "b1d8ab3970f4dfb5fb90d7d8a9ab493c75d031fc", + "rev": "a789d710851441ba7e7cd59be378623b1fe05688", "type": "github" }, "original": { @@ -87,11 +87,11 @@ ] }, "locked": { - "lastModified": 1634994402, - "narHash": "sha256-xmlCVVOYGpZoxgOqsDOVF0B0ASrnbNGVAEzID9qh2xo=", + "lastModified": 1642495030, + "narHash": "sha256-u1ZlFbLWzkM6zOfuZ1tr0tzTuDWucOYwALPWDWLorkE=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "44da835ac40dab5fd231298b59d83487382d2fab", + "rev": "bcdb6022b3a300abf59cb5d0106c158940f5120e", "type": "github" }, "original": { @@ -102,7 +102,6 @@ }, "deploy": { "inputs": { - "fenix": "fenix", "flake-compat": "flake-compat", "nixpkgs": [ "nixos" @@ -110,15 +109,15 @@ "utils": "utils" }, "locked": { - "lastModified": 1637357482, - "narHash": "sha256-mMRxOlcQs3V9cZYsKGKWEjl+oqclhaH1SKT3QGeTQ0Q=", - "owner": "input-output-hk", + "lastModified": 1643787431, + "narHash": "sha256-8IwuVgXulRE3ZWq6z8mytarawC32pKPKR20EyDtSH+w=", + "owner": "serokell", "repo": "deploy-rs", - "rev": "5a6db26726ec8c7904aea5bcdf13589342386f9d", + "rev": "4154ba1aaaf7333a916384c348d867d03b6f1409", "type": "github" }, "original": { - "owner": "input-output-hk", + "owner": "serokell", "repo": "deploy-rs", "type": "github" } @@ -172,25 +171,6 @@ "type": "github" } }, - "fenix": { - "inputs": { - "nixpkgs": "nixpkgs_3", - "rust-analyzer-src": "rust-analyzer-src" - }, - "locked": { - "lastModified": 1637303083, - "narHash": "sha256-e2A5JBjxYNpjoGd53K0oVUUaS9ojwOT5rnThyPNS46M=", - "owner": "nix-community", - "repo": "fenix", - "rev": "8294ceadbbbe1a886640bfcc15f5a02a2b471955", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "fenix", - "type": "github" - } - }, "flake-compat": { "flake": false, "locked": { @@ -225,11 +205,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1623875721, - "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", + "lastModified": 1631561581, + "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=", "owner": "numtide", "repo": "flake-utils", - "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", + "rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19", "type": "github" }, "original": { @@ -288,11 +268,26 @@ }, "flake-utils_4": { "locked": { - "lastModified": 1631561581, - "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=", + "lastModified": 1638122382, + "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", "owner": "numtide", "repo": "flake-utils", - "rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19", + "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_5": { + "locked": { + "lastModified": 1638122382, + "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", "type": "github" }, "original": { @@ -323,22 +318,6 @@ } }, "latest": { - "locked": { - "lastModified": 1638198142, - "narHash": "sha256-plU9b8r4St6q4U7VHtG9V7oF8k9fIpfXl/KDaZLuY9k=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "8a308775674e178495767df90c419425474582a1", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "latest_2": { "locked": { "lastModified": 1643347846, "narHash": "sha256-O0tyXF//ppRpe9yT1Uu5n34yI2MWDyY6ZiJ4Qn5zIkE=", @@ -354,6 +333,38 @@ "type": "github" } }, + "latest_2": { + "locked": { + "lastModified": 1645433236, + "narHash": "sha256-4va4MvJ076XyPp5h8sm5eMQvCrJ6yZAbBmyw95dGyw4=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "7f9b6e2babf232412682c09e57ed666d8f84ac2d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "master": { + "locked": { + "lastModified": 1645740083, + "narHash": "sha256-re4GMWyI5zN6+daJv5ejFi22Bm77jf82iEZA6HHWRAc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "cb7aad71e54deaaea8cb02c7303f3e081c10a7f8", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "master", + "repo": "nixpkgs", + "type": "github" + } + }, "naersk": { "inputs": { "nixpkgs": [ @@ -361,11 +372,11 @@ ] }, "locked": { - "lastModified": 1638203339, - "narHash": "sha256-Sz3iCvbWrVWOD/XfYQeRJgP/7MVYL3/VKsNXvDeWBFc=", + "lastModified": 1639947939, + "narHash": "sha256-pGsM8haJadVP80GFq4xhnSpNitYNQpaXk4cnA796Cso=", "owner": "nmattia", "repo": "naersk", - "rev": "c3e56b8a4ffb6d906cdfcfee034581f9a8ece571", + "rev": "2fc8ce9d3c025d59fee349c1f80be9785049d653", "type": "github" }, "original": { @@ -374,6 +385,27 @@ "type": "github" } }, + "nix-dram": { + "inputs": { + "flake-utils": "flake-utils_4", + "nixpkgs": [ + "latest" + ] + }, + "locked": { + "lastModified": 1644066500, + "narHash": "sha256-15PCSlsvYQOwJ+Jvp9evrBiun4pquPAh5VZAUO5whcw=", + "owner": "dramforever", + "repo": "nix-dram", + "rev": "579d5a3db2cb4726653a0916e0f210dbb84cb0a5", + "type": "github" + }, + "original": { + "owner": "dramforever", + "repo": "nix-dram", + "type": "github" + } + }, "nixlib": { "locked": { "lastModified": 1641688481, @@ -389,32 +421,13 @@ "type": "github" } }, - "nix-dram": { - "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1628492639, - "narHash": "sha256-ffF/oEhLs/stAsXXobruKHyH9jnMC2rt/SM3ASrs2U8=", - "owner": "dramforever", - "repo": "nix-dram", - "rev": "fba426108ea6bdeb1e362bac9da06cbd33726f41", - "type": "github" - }, - "original": { - "owner": "dramforever", - "repo": "nix-dram", - "type": "github" - } - }, "nixos": { "locked": { - "lastModified": 1643463207, - "narHash": "sha256-W0azAxucUq84BvWqDPt3gX8kyc8wYvGUynZV9COfByQ=", + "lastModified": 1645488570, + "narHash": "sha256-29Fvczhd20K3ol0wbQrFlsUiYUDoGnpOR2XJTdrRnZA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "03098169624f487eef37186b3214c40e6b6e919d", + "rev": "491ad20776074706da6befe0cb8334f2df23fc00", "type": "github" }, "original": { @@ -427,10 +440,7 @@ "nixos-generators": { "inputs": { "nixlib": "nixlib", - "nixpkgs": [ - "digga", - "blank" - ] + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1637655461, @@ -448,11 +458,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1638182287, - "narHash": "sha256-vBzf+hbTJz2ZdXV/DWirl6wOO7tjdqzTIU+0FANt65U=", + "lastModified": 1641965797, + "narHash": "sha256-AfxfIzAZbt9aAzpVBn0Bwhd/M4Wix7G91kEjm9H6FPo=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "6b3f79de09c3de7c91ab51e55e87879f61b6faec", + "rev": "87a35a0d58f546dc23f37b4f6af575d0e4be6a7a", "type": "github" }, "original": { @@ -463,11 +473,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1643428210, - "narHash": "sha256-ympCeHuXeGitpnegE0raAtWLNg3vZbjj5QbbMvvBGCQ=", + "lastModified": 1633971123, + "narHash": "sha256-WmI4NbH1IPGFWVkuBkKoYgOnxgwSfWDgdZplJlQ93vA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e1b353e890801a759efe9a4c42f6984e47721f0d", + "rev": "e4ef597edfd8a0ba5f12362932fc9b1dd01a0aef", "type": "github" }, "original": { @@ -479,11 +489,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1643513770, - "narHash": "sha256-Q64SabfQLuhHQfhpIHS/fLCEO2NUFnI+EKsB5GnfWh8=", + "lastModified": 1643634174, + "narHash": "sha256-LpfTneNuLmXuTyR4hPXtr92g1YAZymJUQxdHjTCi79w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "66ab3568d67b90275c0720aae8b911bad82c24fe", + "rev": "589235201f2e0717bee4915bffff5330fa00ff41", "type": "github" }, "original": { @@ -494,28 +504,43 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1636976544, - "narHash": "sha256-9ZmdyoRz4Qu8bP5BKR1T10YbzcB9nvCeQjOEw2cRKR0=", - "owner": "nixos", + "lastModified": 1644972330, + "narHash": "sha256-6V2JFpTUzB9G+KcqtUR1yl7f6rd9495YrFECslEmbGw=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "931ab058daa7e4cd539533963f95e2bb0dbd41e6", + "rev": "19574af0af3ffaf7c9e359744ed32556f34536bd", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable", + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1643381941, + "narHash": "sha256-pHTwvnN4tTsEKkWlXQ8JMY423epos8wUOhthpwJjtpc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5efc8ca954272c4376ac929f4c5ffefcc20551d5", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, "nur": { "locked": { - "lastModified": 1638231901, - "narHash": "sha256-XzuvFTmsXULdWynQWzgaPHikepNhjEpK4o5WXfmRqek=", - "owner": "nix-community", - "repo": "NUR", - "rev": "4e68fb3d8f48e91196deb13f44bcfb421da25afb", - "type": "github" + "lastModified": 1626378135, + "narHash": "sha256-koC6DBYmLCrgXA+AMHVaODf1uHYPmvcFygHfy3eg6vI=", + "path": "/nix/store/6mfkswqi67m35qwv0vh7kpk8rypbl2rq-source", + "rev": "00c2ec8f0bbdf0cfb2135bde55fbae5d6b64aa6d", + "type": "path" }, "original": { "id": "nur", @@ -525,17 +550,17 @@ "nvfetcher": { "inputs": { "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_5", "nixpkgs": [ "nixos" ] }, "locked": { - "lastModified": 1634524567, - "narHash": "sha256-v9ZTZj1WNQaaVfs1P1mUPuh518mmwpqszj1EjdeGUmc=", + "lastModified": 1643518077, + "narHash": "sha256-FHhKjrPxvCv1aywLeqJi3kARDql7cwaj2jcpWp42Xhw=", "owner": "berberman", "repo": "nvfetcher", - "rev": "807513f4bbd0e3b5863f4c3b91f8ac846ed6da9b", + "rev": "1b4adc9dac4c5f2c3ce14fdaf2702f9ce6bec491", "type": "github" }, "original": { @@ -550,11 +575,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1625240517, - "narHash": "sha256-2E1gaOP+bCplhf3kliVQWK5N1NV2h06mkJk2KTiRTJQ=", + "lastModified": 1633382856, + "narHash": "sha256-hYlet806M9xJj4yxf0g5fhDT2IEUVIMAl7sqIeZ8DUM=", "owner": "nix-community", "repo": "poetry2nix", - "rev": "e40e8ed0e8c11e709e4c8c7c20174facd265a021", + "rev": "705cbfa10e3d9bfed2e59e0256844ae3704dbd7e", "type": "github" }, "original": { @@ -572,35 +597,15 @@ "digga": "digga", "home": "home", "latest": "latest_2", + "master": "master", "naersk": "naersk", "nix-dram": "nix-dram", - "nixlib": [ - "digga", - "nixlib" - ], "nixos": "nixos", "nixos-hardware": "nixos-hardware", "nur": "nur", "nvfetcher": "nvfetcher" } }, - "rust-analyzer-src": { - "flake": false, - "locked": { - "lastModified": 1637268320, - "narHash": "sha256-lxB1r+7cmZisiGLx0tZ2LaC6X/EcQTbRIWZfnLIIgs4=", - "owner": "rust-analyzer", - "repo": "rust-analyzer", - "rev": "f0da9406bcbde1bc727242b481d8de825e84f59a", - "type": "github" - }, - "original": { - "owner": "rust-analyzer", - "ref": "nightly", - "repo": "rust-analyzer", - "type": "github" - } - }, "utils": { "locked": { "lastModified": 1637014545, diff --git a/flake.nix b/flake.nix index d9b42967..7ff23d3d 100644 --- a/flake.nix +++ b/flake.nix @@ -9,6 +9,7 @@ { nixos.url = "github:nixos/nixpkgs/release-21.11"; latest.url = "github:nixos/nixpkgs/nixos-unstable"; + master.url = "github:nixos/nixpkgs/master"; digga.url = "github:divnix/digga"; digga.inputs.nixpkgs.follows = "nixos"; @@ -26,7 +27,7 @@ darwin.url = "github:LnL7/nix-darwin"; darwin.inputs.nixpkgs.follows = "nixos"; - deploy.url = "github:input-output-hk/deploy-rs"; + deploy.url = "github:serokell/deploy-rs"; deploy.inputs.nixpkgs.follows = "nixos"; agenix.url = "github:ryantm/agenix"; @@ -42,6 +43,7 @@ # PubSolarOS additions nix-dram.url = "github:dramforever/nix-dram"; + nix-dram.inputs.nixpkgs.follows = "latest"; }; outputs = @@ -64,6 +66,8 @@ channelsConfig = { allowUnfree = true; }; + supportedSystems = [ "x86_64-linux" "aarch64-linux" ]; + channels = { nixos = { imports = [ (digga.lib.importOverlays ./overlays) ]; @@ -71,11 +75,11 @@ nur.overlay agenix.overlay nvfetcher.overlay - nix-dram.overlay ./pkgs/default.nix ]; }; latest = { }; + master = { }; }; lib = import ./lib { lib = digga.lib // nixos.lib; }; @@ -107,18 +111,21 @@ imports = [ (digga.lib.importHosts ./hosts) ]; hosts = { /* set host specific properties here */ - NixOS = { }; + PubSolarOS = { }; + fae = { + system = "aarch64-linux"; + }; }; importables = rec { profiles = digga.lib.rakeLeaves ./profiles // { users = digga.lib.rakeLeaves ./users; }; suites = with profiles; rec { - base = [ core users.nixos users.root ]; - pubsolaros = [ core base-user users.root ]; - anonymous = [ pubsolaros users.nixos ]; + base = [ core users.pub-solar users.root ]; + iso = base ++ [ base-user graphical pub-solar-iso ]; + pubsolaros = [ core full-install base-user users.root ]; + anonymous = [ pubsolaros users.pub-solar ]; teutat3s = pubsolaros ++ [ users.teutat3s ]; - con = teutat3s ++ [ graphical ]; dumpyourvms = teutat3s ++ [ graphical ]; ryzensun = teutat3s ++ [ graphical ]; }; @@ -135,7 +142,7 @@ }; }; users = { - nixos = { suites, ... }: { imports = suites.base; }; + pub-solar = { suites, ... }: { imports = suites.base; }; teutat3s = { suites, ... }: { imports = suites.base; }; }; # digga.lib.importers.rakeLeaves ./users/hm; }; @@ -144,7 +151,18 @@ homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations; - deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations { }; + deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations { + fae = { + hostname = "fae.fritz.box:22"; + sshUser = "pub-solar"; + fastConnect = true; + profilesOrder = [ "system" "direnv" ]; + profiles.direnv = { + user = "pub-solar"; + path = deploy.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.pub-solar; + }; + }; + }; defaultTemplate = self.templates.bud; templates.bud.path = ./.; diff --git a/hosts/PubSolarOS.nix b/hosts/PubSolarOS.nix index 3b084119..70cf7a08 100644 --- a/hosts/PubSolarOS.nix +++ b/hosts/PubSolarOS.nix @@ -1,7 +1,10 @@ { suites, ... }: { ### root password is empty by default ### - imports = suites.base; + ### default password: pub-solar, optional: add your SSH keys + imports = + suites.iso + ; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; diff --git a/hosts/bootstrap.nix b/hosts/bootstrap.nix index d491855d..c6d8f105 100644 --- a/hosts/bootstrap.nix +++ b/hosts/bootstrap.nix @@ -8,7 +8,10 @@ # profiles.networking profiles.core profiles.users.root # make sure to configure ssh keys - profiles.users.nixos + profiles.users.pub-solar + profiles.base-user + profiles.graphical + profiles.pub-solar-iso ]; boot.loader.systemd-boot.enable = true; diff --git a/hosts/con/.config/sway/config.d/applications.conf b/hosts/con/.config/sway/config.d/applications.conf deleted file mode 100644 index c528a114..00000000 --- a/hosts/con/.config/sway/config.d/applications.conf +++ /dev/null @@ -1,14 +0,0 @@ -assign [app_id="firefox"] $ws2 - -# seahorse -for_window [title="seahorse"] floating enabled - -# NetworkManager -for_window [title="Network Connections"] floating enabled - -# thunderbird -for_window [title="New Task:*"] floating enabled -for_window [title="Edit Task:*"] floating enabled -for_window [title="New Event:*"] floating enabled -for_window [title="Edit Event:*"] floating enabled - diff --git a/hosts/con/.config/sway/config.d/autostart.conf b/hosts/con/.config/sway/config.d/autostart.conf deleted file mode 100644 index 8ed35abb..00000000 --- a/hosts/con/.config/sway/config.d/autostart.conf +++ /dev/null @@ -1,6 +0,0 @@ -# Autostart applications -# -# Example: -# exec swayidle - -#exec qMasterPassword diff --git a/hosts/con/.config/sway/config.d/custom-keybindings.conf b/hosts/con/.config/sway/config.d/custom-keybindings.conf deleted file mode 100644 index e678cb75..00000000 --- a/hosts/con/.config/sway/config.d/custom-keybindings.conf +++ /dev/null @@ -1,5 +0,0 @@ -# switch keyboard input language -bindsym $mod+tab exec swaymsg input "1:1:AT_Translated_Set_2_keyboard" xkb_switch_layout next - -bindsym $mod+Shift+F2 exec chromium --enable-features=UseOzonePlatform --ozone-platform=wayland - diff --git a/hosts/con/.config/sway/config.d/input-defaults.conf b/hosts/con/.config/sway/config.d/input-defaults.conf deleted file mode 100644 index 11773d48..00000000 --- a/hosts/con/.config/sway/config.d/input-defaults.conf +++ /dev/null @@ -1,35 +0,0 @@ -### Input configuration -# -# You can get the names of your inputs by running: swaymsg -t get_inputs -# Read `man 5 sway-input` for more information about this section. - -input "type:keyboard" { - xkb_layout us,de - xkb_model pc105 - xkb_options altwin:swap_alt_win -} - -input "type:touchpad" { - tap enabled - natural_scroll enabled -} - -# Touchpad controls -#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad - -# Screen brightness controls -bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')" -bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ { print $4}')" - -# Keyboard backlight brightness controls -bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')" -bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')" - -# Pulse Audio controls -bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume -bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume -bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound -# Media player controls -bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'" -bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'" -bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'" diff --git a/hosts/con/.config/sway/config.d/screens.conf b/hosts/con/.config/sway/config.d/screens.conf deleted file mode 100644 index c5784e14..00000000 --- a/hosts/con/.config/sway/config.d/screens.conf +++ /dev/null @@ -1,41 +0,0 @@ -### Output configuration -# -# Example configuration: -# -# output HDMI-A-1 resolution 1920x1080 position 1920,0 -# -# You can get the names of your outputs by running: swaymsg -t get_outputs - -set $main_screen eDP-1 -set $displayport DP-1 -set $hmdi HDMI-A-1 - -output $main_screen -output $displayport scale 2 -output $hdmi scale 1 - -output $main_screen pos 0 1080 -output $displayport pos 0 0 -output $hdmi pos 1920 0 - -#bindswitch lid:on output $main_screen disable -#bindswitch lid:off output $main_screen enable -bindsym $mod+Shift+x output $main_screen toggle - -# TODO when using more monitors -## Manual management of external displays -# Set the shortcuts and what they do -#set $mode_display HDMI (i) top, (j) left, (k) bottom, (l) right, (o) off -#mode "$mode_display" { -# bindsym i output HDMI-A-1 enable; output HDMI-A-1 pos 0 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 1080, mode "default" -# bindsym j output HDMI-A-1 enable; output HDMI-A-1 pos 0 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 1920 0, mode "default" -# bindsym k output HDMI-A-1 enable; output HDMI-A-1 pos 0 900 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 0, mode "default" -# bindsym l output HDMI-A-1 enable; output HDMI-A-1 pos 1440 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 0, mode "default" -# bindsym o output HDMI-A-1 disable, mode "default" -# -# # back to normal: Enter or Escape -# bindsym Return mode "default" -# bindsym Escape mode "default" -#} -## Declare here the shortcut to bring the display selection menu -#bindsym $mod+x mode "$mode_display" diff --git a/hosts/con/con.nix b/hosts/con/con.nix deleted file mode 100644 index ede5188c..00000000 --- a/hosts/con/con.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config, pkgs, lib, ... }: -with lib; -let - psCfg = config.pub-solar; - xdg = config.home-manager.users."${psCfg.user.name}".xdg; -in -{ - imports = [ - ./hardware-configuration.nix - ]; - - config = { - pub-solar.x-os.keyfile = "/etc/nixos/hosts/con/secrets/keyfile.bin"; - pub-solar.nextcloud.enable = mkForce false; - - home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { - home.sessionVariables = { - DOCKER_BUILDKIT = "1"; - }; - # Custom device sway configs - xdg.configFile = mkIf psCfg.sway.enable { - "sway/config.d/10-applications.conf".source = ./.config/sway/config.d/applications.conf; - "sway/config.d/autostart.conf".source = ./.config/sway/config.d/autostart.conf; - "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf; - "sway/config.d/input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; - "sway/config.d/screens.conf".source = ./.config/sway/config.d/screens.conf; - }; - }; - networking.hosts = { - "127.0.0.1" = [ - "virtrex.test" - "api.virtrex.test" - "expo.test" - "proxy.test" - "dachfensterkonfigurator.test" - "handwerker.velux.test" - ]; - }; - }; -} diff --git a/hosts/con/default.nix b/hosts/con/default.nix deleted file mode 100644 index 2196635d..00000000 --- a/hosts/con/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ suites, ... }: -{ - imports = [ - ./con.nix - ] ++ suites.con; -} diff --git a/hosts/con/hardware-configuration.nix b/hosts/con/hardware-configuration.nix deleted file mode 100644 index 8adf9afd..00000000 --- a/hosts/con/hardware-configuration.nix +++ /dev/null @@ -1,34 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "rtsx_pci_sdmmc" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { - device = "/dev/disk/by-uuid/382ae29a-ed0d-4e18-99db-6efb6afaae64"; - fsType = "ext4"; - }; - - boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/fb2f9ace-ce72-4b0d-b8b5-a8792d374f3c"; - - fileSystems."/boot/efi" = - { - device = "/dev/disk/by-uuid/6BD6-50D2"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; -} diff --git a/hosts/dumpyourvms/.config/sway/config.d/applications.conf b/hosts/dumpyourvms/.config/sway/config.d/applications.conf index c528a114..1b8f3726 100644 --- a/hosts/dumpyourvms/.config/sway/config.d/applications.conf +++ b/hosts/dumpyourvms/.config/sway/config.d/applications.conf @@ -4,7 +4,7 @@ assign [app_id="firefox"] $ws2 for_window [title="seahorse"] floating enabled # NetworkManager -for_window [title="Network Connections"] floating enabled +for_window [app_id="nm-connection-editor"] floating enabled # thunderbird for_window [title="New Task:*"] floating enabled diff --git a/hosts/dumpyourvms/dumpyourvms.nix b/hosts/dumpyourvms/dumpyourvms.nix index a30c80aa..17710745 100644 --- a/hosts/dumpyourvms/dumpyourvms.nix +++ b/hosts/dumpyourvms/dumpyourvms.nix @@ -17,12 +17,17 @@ in }; pub-solar.virtualisation.enable = true; + pub-solar.audio.mopidy.enable = lib.mkForce false; - # fix backlight for keyboard and brightness, adjust function key binding + # fix backlight for keyboard and brightness, adjust function key binding, + # intel_pstate for cpu schedutil, resume offset for swapfile, disable amdgpu driver boot.kernelParams = [ "acpi_backlight=video" "hid_apple.fnmode=2" "intel_pstate=passive" "resume_offset=47366144" ]; boot.loader.efi.canTouchEfiVariables = true; boot.resumeDevice = "/dev/mapper/cryptroot"; + boot.kernelPackages = pkgs.linuxPackages_5_15; + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + systemd.sleep.extraConfig = '' HibernateMode=shutdown ''; @@ -43,8 +48,8 @@ in # https://ubuntuforums.org/showthread.php?t=2409856 services.cron.systemCronJobs = [ "@reboot root ${pkgs.util-linux}/bin/rfkill block bluetooth" - "@reboot root ${pkgs.coreutils}/bin/echo OFF > /sys/kernel/debug/vgaswitcheroo/switch" - "@reboot root ${pkgs.coreutils}/bin/echo 510 > /sys/class/backlight/gmux_backlight/brightness" + "@reboot root ${pkgs.coreutils}/bin/sleep 10; ${pkgs.coreutils}/bin/echo OFF > /sys/kernel/debug/vgaswitcheroo/switch" + "@reboot root ${pkgs.coreutils}/bin/sleep 11; ${pkgs.coreutils}/bin/echo 510 > /sys/class/backlight/gmux_backlight/brightness" ]; # Increase console font size for HiDPI display @@ -116,7 +121,6 @@ in hardware.firmware = with pkgs; [ wireless-regdb ]; boot.extraModprobeConfig = '' options cfg80211 ieee80211_regdom="DE" - blacklist amdgpu ''; # This value determines the NixOS release from which the default diff --git a/hosts/dumpyourvms/networking.nix b/hosts/dumpyourvms/networking.nix index 28a6601f..479ae7c8 100644 --- a/hosts/dumpyourvms/networking.nix +++ b/hosts/dumpyourvms/networking.nix @@ -1,8 +1,8 @@ { hosts = { "10.0.0.42" = [ "nomad.service.consul" ]; - "10.0.0.48" = [ "consul.service.consul" ]; - "10.0.0.49" = [ "vault.service.consul" ]; + "10.0.0.66" = [ "consul.service.consul" ]; + "10.0.0.67" = [ "vault.service.consul" ]; "10.0.0.200" = [ "headnode.cgn-1" ]; "10.0.0.201" = [ "cn01.cgn-1" ]; "10.0.0.202" = [ "cn02.cgn-1" ]; diff --git a/hosts/dumpyourvms/unbound.nix b/hosts/dumpyourvms/unbound.nix index 43e16aba..c7c0b519 100644 --- a/hosts/dumpyourvms/unbound.nix +++ b/hosts/dumpyourvms/unbound.nix @@ -30,13 +30,11 @@ forward-addr = [ "5.1.66.255@853#dot.ffmuc.net" "185.150.99.255@853#dot.ffmuc.net" - "145.100.185.18@853#dnsovertls3.sinodun.com" "89.233.43.71@853#unicast.censurfridns.dk" "94.130.110.185@853#ns1.dnsprivacy.at" "2001:678:e68:f000::@853#dot.ffmuc.net" "2001:678:ed0:f000::@853#dot.ffmuc.net" - "2001:610:1:40ba:145:100:185:18@853#dnsovertls3.sinodun.com" "2a01:3a0:53:53::0@853#unicast.censurfridns.dk" "2a01:4f8:c0c:3c03::2@853#ns1.dnsprivacy.at" "2a01:4f8:c0c:3bfc::2@853#ns2.dnsprivacy.at" diff --git a/hosts/fae.nix b/hosts/fae.nix new file mode 100644 index 00000000..fac810d0 --- /dev/null +++ b/hosts/fae.nix @@ -0,0 +1,85 @@ +{ config, lib, pkgs, profiles, ... }: +{ + imports = [ + # profiles.networking + #profiles.core + "${fetchTarball { + url = "https://github.com/NixOS/nixos-hardware/archive/8f1bf828d8606fe38a02df312cf14546ae200a72.tar.gz"; + sha256 = "11milap153g3f63fcrcv4777vd64f7wlfkk9p3kpxi6dqd2sxvh4"; + } + }/raspberry-pi/4" + profiles.users.root # make sure to configure ssh keys + profiles.users.pub-solar + profiles.base-user + profiles.pub-solar-iso + ]; + + config = { + pub-solar.x-os.iso-options.enable = true; + + fileSystems = { + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + }; + + environment.systemPackages = with pkgs; [ + (kodi-gbm.withPackages (p: with p; [ jellyfin netflix youtube ])) + ]; + + services.openssh.enable = true; + + networking.firewall = { + allowedTCPPorts = [ 8080 ]; + allowedUDPPorts = [ 8080 ]; + }; + + security.sudo.extraConfig = lib.mkAfter '' + %wheel ALL=(ALL) NOPASSWD:ALL + ''; + + nix = { + autoOptimiseStore = true; + + gc.automatic = true; + + optimise.automatic = true; + + useSandbox = true; + + allowedUsers = [ "@wheel" ]; + + trustedUsers = [ "root" "@wheel" ]; + + extraOptions = '' + min-free = 536870912 + keep-outputs = true + keep-derivations = true + fallback = true + ''; + }; + + # Enable GPU acceleration + hardware.raspberry-pi."4".fkms-3d.enable = true; + + # Define a user account for kodi + users.extraUsers.kodi.isNormalUser = true; + + services.xserver = { + enable = true; + desktopManager.kodi.enable = true; + desktopManager.kodi.package = pkgs.kodi-gbm; + displayManager = { + autoLogin.enable = true; + autoLogin.user = "kodi"; + }; + }; + + hardware.pulseaudio.enable = true; + + # custom raspi boot loader is already present + boot.loader.systemd-boot.enable = lib.mkForce false; + }; +} diff --git a/lib/compat/nixos/default.nix b/lib/compat/nixos/default.nix index e4e0e68a..83f05f9f 100644 --- a/lib/compat/nixos/default.nix +++ b/lib/compat/nixos/default.nix @@ -2,7 +2,7 @@ let inherit (default.inputs.nixos) lib; - host = configs.${hostname} or configs.NixOS; + host = configs.${hostname} or configs.PubSolarOS; configs = default.nixosConfigurations; default = (import ../.).defaultNix; hostname = lib.fileContents /etc/hostname; diff --git a/modules/audio/default.nix b/modules/audio/default.nix index 51ec0b7e..fcceefd3 100644 --- a/modules/audio/default.nix +++ b/modules/audio/default.nix @@ -8,6 +8,8 @@ in { options.pub-solar.audio = { enable = mkEnableOption "Life in highs and lows"; + mopidy.enable = mkEnableOption "Life with mopidy"; + bluetooth.enable = mkEnableOption "Life with bluetooth"; }; config = mkIf cfg.enable { @@ -43,7 +45,7 @@ in config.pipewire-pulse = builtins.fromJSON (builtins.readFile ./pipewire-pulse.conf.json); # Bluetooth configuration for pipewire - media-session.config.bluez-monitor.rules = [ + media-session.config.bluez-monitor.rules = mkIf cfg.bluetooth.enable [ { # Matches all cards matches = [{ "device.name" = "~bluez_card.*"; }]; @@ -70,10 +72,10 @@ in }; # Enable bluetooth - hardware.bluetooth.enable = true; - services.blueman.enable = true; + hardware.bluetooth.enable = mkIf cfg.bluetooth.enable true; + services.blueman.enable = mkIf cfg.bluetooth.enable true; # Enable audio server & client - services.mopidy = import ./mopidy.nix pkgs; + services.mopidy = mkIf cfg.mopidy.enable ((import ./mopidy.nix) pkgs); }; } diff --git a/modules/devops/default.nix b/modules/devops/default.nix index 04f886a0..9c0d9a9e 100644 --- a/modules/devops/default.nix +++ b/modules/devops/default.nix @@ -15,7 +15,8 @@ in drone-cli nmap pgcli - python38Packages.ansible + ansible + ansible-lint restic shellcheck terraform_0_15 diff --git a/modules/graphical/alacritty.nix b/modules/graphical/alacritty.nix index f08be710..e4e2f6ad 100644 --- a/modules/graphical/alacritty.nix +++ b/modules/graphical/alacritty.nix @@ -106,6 +106,23 @@ cursor = "0xe3e1e4"; }; + # Colors used for the search bar and match highlighting. + search = { + # Allowed values are CellForeground/CellBackground, which reference the + # affected cell, or hexadecimal colors like #ff00ff. + matches = { + foreground = "0xe5c463"; + background = "0x1a181a"; + }; + focused_match = { + foreground = "0xe5c463"; + background = "0xe3e1e4"; + }; + #bar = + # background = "#c5c8c6"; + # foreground = "#1d1f21"; + }; + # Normal colors normal = { black = "0x1a181a"; diff --git a/modules/graphical/default.nix b/modules/graphical/default.nix index bbf8f59d..f2e2ffcf 100644 --- a/modules/graphical/default.nix +++ b/modules/graphical/default.nix @@ -92,6 +92,7 @@ in gnome3.adwaita-icon-theme gnome.eog gnome3.nautilus + gnome.yelp wine diff --git a/modules/server/default.nix b/modules/server/default.nix deleted file mode 100644 index 3821421c..00000000 --- a/modules/server/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ lib, config, pkgs, ... }: -with lib; -let - psCfg = config.pub-solar; - cfg = config.pub-solar.server; -in -{ - options.pub-solar.server = { - enable = mkEnableOption "Enable server options like sshd"; - }; - - config = mkIf cfg.enable { - services.openssh = { - enable = true; - permitRootLogin = "no"; - passwordAuthentication = false; - }; - }; -} diff --git a/modules/social/default.nix b/modules/social/default.nix index 90a23c3e..e0d12449 100644 --- a/modules/social/default.nix +++ b/modules/social/default.nix @@ -12,10 +12,9 @@ in config = mkIf cfg.enable { home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { home.packages = [ - #mySignalDesktop signal-desktop tdesktop - element-desktop-wayland + element-desktop irssi ]; }; diff --git a/modules/sway/config/config.d/custom-keybindings.conf b/modules/sway/config/config.d/custom-keybindings.conf index 3dc6a5d3..5d087826 100644 --- a/modules/sway/config/config.d/custom-keybindings.conf +++ b/modules/sway/config/config.d/custom-keybindings.conf @@ -18,7 +18,7 @@ bindsym $mod+F2 exec firefox bindsym $mod+F3 exec $term -e vifm bindsym $mod+Shift+F3 exec gksu $term -e vifm bindsym $mod+F4 exec nautilus -w -bindsym $mod+Shift+F4 exec signal-desktop --enable-features=UseOzonePlatform --ozone-platform=wayland +bindsym $mod+Shift+F4 exec signal-desktop bindsym $mod+F5 exec $term -e 'mocp -C $XDG_CONFIG_DIR/mocp/config' bindsym $mod+Shift+m exec mu bindsym $mod+Shift+h exec xdg-open /usr/share/doc/manjaro/i3_help.pdf diff --git a/modules/sway/default.nix b/modules/sway/default.nix index cfc5733c..b690d9c0 100644 --- a/modules/sway/default.nix +++ b/modules/sway/default.nix @@ -32,7 +32,17 @@ in xdg.portal = { enable = true; - extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-wlr ]; + wlr = { + enable = true; + settings = { + screencast = { + max_fps = 30; + chooser_type = "simple"; + chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or"; + }; + }; + }; + extraPortals = with pkgs; [ xdg-desktop-portal-gtk ]; gtkUsePortal = true; }; diff --git a/modules/terminal-life/default.nix b/modules/terminal-life/default.nix index 17262f77..d32546f0 100644 --- a/modules/terminal-life/default.nix +++ b/modules/terminal-life/default.nix @@ -18,7 +18,6 @@ in environment.shells = with pkgs; [ zsh ]; - environment.systemPackages = with pkgs; [ screen ]; @@ -27,13 +26,16 @@ in home.packages = [ ack ag + asciinema bat exa fd gh glow + mdbook-multilang nnn powerline + python-wiki-fetch vifm watson ]; diff --git a/modules/terminal-life/nvim/default.nix b/modules/terminal-life/nvim/default.nix index e46c82e2..02102c49 100644 --- a/modules/terminal-life/nvim/default.nix +++ b/modules/terminal-life/nvim/default.nix @@ -74,9 +74,7 @@ in nodePackages.typescript-language-server nodePackages.vim-language-server nodePackages.vue-language-server - nodePackages.vscode-css-languageserver-bin - nodePackages.vscode-html-languageserver-bin - nodePackages.vscode-json-languageserver-bin + nodePackages.vscode-langservers-extracted nodePackages.yaml-language-server python39Packages.python-lsp-server python3Full @@ -131,6 +129,7 @@ in vim-go vim-javascript vim-json + SchemaStore-nvim vim-markdown vim-nix vim-ruby diff --git a/modules/terminal-life/nvim/lsp.vim b/modules/terminal-life/nvim/lsp.vim index 1d5bf4d4..9b1e1b00 100644 --- a/modules/terminal-life/nvim/lsp.vim +++ b/modules/terminal-life/nvim/lsp.vim @@ -33,24 +33,26 @@ lua <lua vim.lsp.buf.hover()', opts) buf_set_keymap('n', 'gi', 'lua vim.lsp.buf.implementation()', opts) buf_set_keymap('n', '', 'lua vim.lsp.buf.signature_help()', opts) - buf_set_keymap('n', 'wa', 'lua vim.lsp.buf.add_workspace_folder()', opts) - buf_set_keymap('n', 'wr', 'lua vim.lsp.buf.remove_workspace_folder()', opts) - buf_set_keymap('n', 'wl', 'lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))', opts) - buf_set_keymap('n', 'D', 'lua vim.lsp.buf.type_definition()', opts) - buf_set_keymap('n', 'rn', 'lua vim.lsp.buf.rename()', opts) - buf_set_keymap('n', 'ca', 'lua vim.lsp.buf.code_action()', opts) + buf_set_keymap('n', 'wa', 'lua vim.lsp.buf.add_workspace_folder()', opts) + buf_set_keymap('n', 'wr', 'lua vim.lsp.buf.remove_workspace_folder()', opts) + buf_set_keymap('n', 'wl', 'lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))', opts) + buf_set_keymap('n', 'D', 'lua vim.lsp.buf.type_definition()', opts) + buf_set_keymap('n', 'rn', 'lua vim.lsp.buf.rename()', opts) + buf_set_keymap('n', 'ca', 'lua vim.lsp.buf.code_action()', opts) buf_set_keymap('n', 'gr', 'lua vim.lsp.buf.references()', opts) - buf_set_keymap('n', 'e', 'lua vim.lsp.diagnostic.show_line_diagnostics()', opts) - buf_set_keymap('n', '[d', 'lua vim.lsp.diagnostic.goto_prev()', opts) - buf_set_keymap('n', ']d', 'lua vim.lsp.diagnostic.goto_next()', opts) - buf_set_keymap('n', 'q', 'lua vim.lsp.diagnostic.set_loclist()', opts) - buf_set_keymap('n', 'f', 'lua vim.lsp.buf.formatting()', opts) + buf_set_keymap('n', 'e', 'lua vim.lsp.diagnostic.show_line_diagnostics()', opts) + buf_set_keymap('n', 'dp', 'lua vim.lsp.diagnostic.goto_prev()', opts) + buf_set_keymap('n', 'dn', 'lua vim.lsp.diagnostic.goto_next()', opts) + buf_set_keymap('n', 'q', 'lua vim.lsp.diagnostic.set_loclist()', opts) + buf_set_keymap('n', 'f', 'lua vim.lsp.buf.formatting()', opts) end -- Add additional capabilities supported by nvim-cmp local capabilities = vim.lsp.protocol.make_client_capabilities() capabilities = require('cmp_nvim_lsp').update_capabilities(capabilities) + -- vscode HTML lsp needs this https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html + capabilities.textDocument.completion.completionItem.snippetSupport = true for lsp_key, lsp_settings in pairs({ 'bashls', ------------------------------- Bash @@ -76,10 +78,14 @@ lua <rn', 'lua vim.lsp.buf.rename()', opts) + buf_set_keymap('n', 'ca', 'lua vim.lsp.buf.code_action()', opts) + buf_set_keymap('n', 'gr', 'lua vim.lsp.buf.references()', opts) +- buf_set_keymap('n', 'e', 'lua vim.lsp.diagnostic.show_line_diagnostics()', opts) +- buf_set_keymap('n', '[d', 'lua vim.lsp.diagnostic.goto_prev()', opts) +- buf_set_keymap('n', ']d', 'lua vim.lsp.diagnostic.goto_next()', opts) +- buf_set_keymap('n', 'q', 'lua vim.lsp.diagnostic.set_loclist()', opts) ++ buf_set_keymap('n', 'e', 'lua vim.diagnostic.open_float()', opts) ++ buf_set_keymap('n', 'g[', 'lua vim.diagnostic.goto_prev()', opts) ++ buf_set_keymap('n', 'g]', 'lua vim.diagnostic.goto_next()', opts) ++ buf_set_keymap('n', 'q', 'lua vim.diagnostic.setloclist()', opts) + buf_set_keymap('n', 'f', 'lua vim.lsp.buf.formatting()', opts) + + end +@@ -51,6 +51,8 @@ lua < g[ PrevDiagnosticCycle diff --git a/modules/terminal-life/nvim/plugins.vim b/modules/terminal-life/nvim/plugins.vim index 2086bfd7..abbc4c73 100644 --- a/modules/terminal-life/nvim/plugins.vim +++ b/modules/terminal-life/nvim/plugins.vim @@ -5,8 +5,10 @@ autocmd FileType yaml setlocal ts=2 sts=2 sw=2 expandtab let g:gutentags_file_list_command = 'git ls-files' " Golang -" Go test shortcut +" Go test, Def, Decls shortcut nmap got :GoTest:botright copen +autocmd FileType go nmap gd :GoDef +autocmd FileType go nmap gD :GoDecls " Go formatting autocmd FileType go setlocal noexpandtab shiftwidth=4 tabstop=4 softtabstop=4 nolist diff --git a/modules/terminal-life/zsh/default.nix b/modules/terminal-life/zsh/default.nix index 9bb5b28d..c53377ea 100644 --- a/modules/terminal-life/zsh/default.nix +++ b/modules/terminal-life/zsh/default.nix @@ -22,7 +22,6 @@ in [ "$(tty)" = "/dev/tty1" ] && exec sway ''; - shellAliases = { nano = "nvim"; vi = "nvim"; @@ -72,13 +71,14 @@ in bindkey '^R' fzf-history-widget # ArrowUp/Down start searching history with current input - autoload -U history-search-end - zle -N history-beginning-search-backward-end history-search-end - zle -N history-beginning-search-forward-end history-search-end - bindkey "^[[A" history-beginning-search-backward-end - bindkey "^[[B" history-beginning-search-forward-end - bindkey "^P" history-beginning-search-backward-end - bindkey "^N" history-beginning-search-forward-end + autoload -U up-line-or-beginning-search + autoload -U down-line-or-beginning-search + zle -N up-line-or-beginning-search + zle -N down-line-or-beginning-search + bindkey "^[[A" up-line-or-beginning-search + bindkey "^[[B" down-line-or-beginning-search + bindkey "^P" up-line-or-beginning-search + bindkey "^N" down-line-or-beginning-search # MAKE CTRL+S WORK IN VIM stty -ixon diff --git a/modules/user/default.nix b/modules/user/default.nix index 79e32eca..2fd5958e 100644 --- a/modules/user/default.nix +++ b/modules/user/default.nix @@ -21,6 +21,11 @@ in type = types.nullOr types.str; default = null; }; + publicKeys = mkOption { + description = "User SSH public keys"; + type = types.listOf types.path; + default = [ ]; + }; fullName = mkOption { description = "User full name"; type = types.nullOr types.str; diff --git a/modules/virtualisation/default.nix b/modules/virtualisation/default.nix index 4d588622..ad3db4e7 100644 --- a/modules/virtualisation/default.nix +++ b/modules/virtualisation/default.nix @@ -19,7 +19,7 @@ in virtualisation.libvirtd = { enable = true; - qemuOvmf = true; + qemu.ovmf.enable = true; }; users.users = pkgs.lib.setAttrByPath [ psCfg.user.name ] { extraGroups = [ "libvirtd" ]; diff --git a/modules/x-os/boot.nix b/modules/x-os/boot.nix index 51cd5b4b..0633bec4 100644 --- a/modules/x-os/boot.nix +++ b/modules/x-os/boot.nix @@ -1,16 +1,22 @@ { config, pkgs, lib, ... }: - +with lib; let cfg = config.pub-solar.x-os; in { + options.pub-solar.x-os.iso-options.enable = mkOption { + type = types.bool; + default = false; + description = "Feature flag for iso builds"; + }; config = { # Enable plymouth for better experience of booting boot.plymouth.enable = true; # Mount / luks device in initrd # Allow fstrim to work on it. - boot.initrd = { + # The ! makes this enabled by default + boot.initrd = mkIf (!cfg.iso-options.enable) { luks.devices."cryptroot" = { allowDiscards = true; }; diff --git a/overlays/mdbook-multilang.nix b/overlays/mdbook-multilang.nix new file mode 100644 index 00000000..f1295a36 --- /dev/null +++ b/overlays/mdbook-multilang.nix @@ -0,0 +1,20 @@ +final: prev: { + mdbook-multilang = prev.mdbook.overrideAttrs (oldAttrs: rec { + pname = "mdbook"; + + version = "pr1306"; + + src = prev.fetchFromGitHub { + owner = "Ruin0x11"; + repo = "mdBook"; + rev = "9d8147c52dd9d50047ba5b29e4af99f92577806e"; + sha256 = "sha256-gJnQKHssO2ChiT4d037Lncd7hiOa5uh756p8TzPzbgQ="; + }; + + cargoDeps = oldAttrs.cargoDeps.overrideAttrs (prev.lib.const { + name = "${pname}-vendor.tar.gz"; + inherit src; + outputHash = "sha256-QCEyl5FZqECYYb5eRm8mn+R6owt+CLQwCq/AMMPygE0="; + }); + }); +} diff --git a/overlays/overrides.nix b/overlays/overrides.nix index ec90a9df..0376132a 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -4,31 +4,28 @@ channels: final: prev: { inherit (channels.latest) cachix - deploy-rs - docker - docker-compose_2 dhall discord element-desktop rage nixpkgs-fmt - nomad - rage + qutebrowser signal-desktop starship deploy-rs - element-desktop-wayland - neovim-unwrapped + docker + docker-compose_2 + nomad tdesktop - xdg-desktop-portal - xdg-desktop-portal-gtk - xdg-desktop-portal-wlr obs-studio obs-studio-plugins looking-glass-client ; + inherit (channels.master) + qMasterPassword + ; haskellPackages = prev.haskellPackages.override (old: { @@ -41,4 +38,7 @@ channels: final: prev: { haskell-language-server; }); }); + + # Example to override node package + # nodePackages = prev.nodePackages // { inherit (channels.latest.nodePackages) manta; }; } diff --git a/overlays/python-wiki-fetch.nix b/overlays/python-wiki-fetch.nix new file mode 100644 index 00000000..2b20e95c --- /dev/null +++ b/overlays/python-wiki-fetch.nix @@ -0,0 +1,26 @@ +final: prev: with prev.python39Packages; { + python-wiki-fetch = buildPythonPackage rec { + pname = "fetch"; + version = "unstable-2022-02-25"; + + src = prev.fetchFromGitHub { + owner = "yashsinghcodes"; + repo = "fetch"; + rev = "3a490a2c2f0b6d2491397fe77939e850056963fd"; + sha256 = "sha256-VsZ8YEXZOIf3UbPmJSn84DYaINavLXCzC0nUOqkvOh4="; + }; + + checkPhase = '' + cd test + ${python.interpreter} test.py + ''; + + propagatedBuildInputs = [ + beautifulsoup4 + requests + wheel + ]; + + patches = ./python-wiki-fetch.patch; + }; +} diff --git a/overlays/python-wiki-fetch.patch b/overlays/python-wiki-fetch.patch new file mode 100644 index 00000000..09bb13a4 --- /dev/null +++ b/overlays/python-wiki-fetch.patch @@ -0,0 +1,32 @@ +--- a/setup.py ++++ b/setup.py +@@ -3,13 +3,6 @@ from os import name, path + from sys import version + import setuptools + +-req_pkgs = [ +- 'bs4', +- 'requests', +- 'wheel' +-] +- +- + with open("README.md","r") as f: + long_description = f.read() + +@@ -25,7 +18,7 @@ setuptools.setup( + packages = setuptools.find_packages(), + entry_points={ + 'console_scripts': [ +- 'fetch=fetch.fetch:arguments', ++ 'wiki=fetch.fetch:arguments', + ] + }, + python_requires='>=3.*', +@@ -36,6 +29,4 @@ setuptools.setup( + "Development Status :: 5 - Production/Stable", + "Environment :: Console", + ], +- install_requires=req_pkgs, +- setup_requires=req_pkgs, + ) diff --git a/pkgs/default.nix b/pkgs/default.nix index 312e685f..3f32f8b1 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -3,6 +3,7 @@ with final; { # keep sources this first sources = prev.callPackage (import ./_sources/generated.nix) { }; # then, call packages with `final.callPackage` + gpu-switch = writeShellScriptBin "gpu-switch" (import ./gpu-switch.nix final); import-gtk-settings = writeShellScriptBin "import-gtk-settings" (import ./import-gtk-settings.nix final); lgcl = writeShellScriptBin "lgcl" (import ./lgcl.nix final); mailto-mutt = writeShellScriptBin "mailto-mutt" (import ./mailto-mutt.nix final); diff --git a/pkgs/gpu-switch.nix b/pkgs/gpu-switch.nix new file mode 100644 index 00000000..a6045ff9 --- /dev/null +++ b/pkgs/gpu-switch.nix @@ -0,0 +1,69 @@ +self: with self; '' + # Copyright (c) 2014-2015 Bruno Bierbaumer, Andreas Heider + + readonly sysfs_efi_vars='/sys/firmware/efi/efivars' + readonly efi_gpu='gpu-power-prefs-fa4ce28d-b62f-4c99-9cc3-6815686e30f9' + + usage(){ + cat <&2 + exit 1 + fi + + if ! mount | grep -q $sysfs_efi_vars; then + if ! mount -t efivarfs none $sysfs_efi_vars; then + printf "Fatal: Couldn't mount ''${sysfs_efi_vars}.\n" 1>&2 + exit 1 + fi + fi + chattr -i "''${sysfs_efi_vars}/''${efi_gpu}" 2> /dev/null + printf "\x07\x00\x00\x00\x''${1}\x00\x00\x00" > "''${sysfs_efi_vars}/''${efi_gpu}" + } + + if [ $# -ne 1 ]; then + usage 1>&2 + exit 1 + fi + + case "$1" in + -i|--integrated) + switch_gpu 1 + ;; + -d|--dedicated) + switch_gpu 0 + ;; + -h|--help) + usage + ;; + *) + usage 1>&2 + exit 1 + ;; + esac +'' diff --git a/pkgs/lgcl.nix b/pkgs/lgcl.nix index 4ef2dac9..1d973e81 100644 --- a/pkgs/lgcl.nix +++ b/pkgs/lgcl.nix @@ -1,3 +1,9 @@ -self: with self; '' - ${self.looking-glass-client}/bin/looking-glass-client -f /dev/shm/looking-glass input:ignoreWindowsKeys=yes input:grabKeyboardOnFocus=no +self: with self; +let + looking-glass-client = self.looking-glass-client.overrideAttrs (old: { + meta.platforms = [ "x86_64-linux" "aarch64-linux" ]; + }); +in +'' + ${looking-glass-client}/bin/looking-glass-client -f /dev/shm/looking-glass input:ignoreWindowsKeys=yes input:grabKeyboardOnFocus=no '' diff --git a/profiles/audio/default.nix b/profiles/audio/default.nix new file mode 100644 index 00000000..22b64af5 --- /dev/null +++ b/profiles/audio/default.nix @@ -0,0 +1,6 @@ +{ self, config, lib, pkgs, ... }: +let inherit (lib) fileContents; +in +{ + pub-solar.audio.enable = true; +} diff --git a/profiles/base-user/.config/waybar/config b/profiles/base-user/.config/waybar/config index f38c6946..53de2bda 100644 --- a/profiles/base-user/.config/waybar/config +++ b/profiles/base-user/.config/waybar/config @@ -4,7 +4,7 @@ "height": 26, // Waybar height "modules-left": ["sway/workspaces", "sway/mode"], - "modules-center": ["mpd"], + //"modules-center": ["mpd"], "modules-right": ["sway/language", "pulseaudio", "network", "idle_inhibitor", "battery", "clock", "tray"], "sway/workspaces": { "disable-scroll": true @@ -62,7 +62,7 @@ "network": { "interval": 3, "tooltip": true, - //"interface": "wlp4s0", // (Optional) To force the use of this interface   \uF2E7, + "interface": "wlp4s0", // (Optional) To force the use of this interface   \uF2E7, "format-wifi": " \uf062 {bandwidthUpBits} | \uf063 {bandwidthDownBits}", "format-ethernet": " \uf062 {bandwidthUpBits} | \uf063 {bandwidthDownBits}", "format-disconnected": "", diff --git a/profiles/base-user/default.nix b/profiles/base-user/default.nix index ec8145a9..44089bec 100644 --- a/profiles/base-user/default.nix +++ b/profiles/base-user/default.nix @@ -19,6 +19,7 @@ in extraGroups = [ "wheel" "docker" "input" "audio" "video" "networkmanager" "lp" "scanner" ]; initialHashedPassword = if psCfg.user.password != null then psCfg.user.password else ""; shell = pkgs.zsh; + openssh.authorizedKeys.keyFiles = if psCfg.user.publicKeys != null then psCfg.user.publicKeys else []; }; }; } diff --git a/profiles/base-user/home.nix b/profiles/base-user/home.nix index 4becfab3..d8a331a9 100644 --- a/profiles/base-user/home.nix +++ b/profiles/base-user/home.nix @@ -20,7 +20,7 @@ in home.packages = with pkgs; [ ]; - fonts.fontconfig.enable = true; + fonts.fontconfig.enable = mkForce true; programs.dircolors.enable = true; programs.dircolors.enableZshIntegration = true; diff --git a/profiles/base-user/session-variables.nix b/profiles/base-user/session-variables.nix index 264d787f..cc3aa69f 100644 --- a/profiles/base-user/session-variables.nix +++ b/profiles/base-user/session-variables.nix @@ -58,6 +58,9 @@ let # experimental wayland in firefox/thunderbird MOZ_ENABLE_WAYLAND = "1"; + # chromium / electron on wayland: enable ozone (native wayland mode) + NIXOS_OZONE_WL = "1"; + # Vagrant VAGRANT_HOME = "${xdg.dataHome}/vagrant"; VAGRANT_DEFAULT_PROVIDER = "libvirt"; diff --git a/profiles/core/default.nix b/profiles/core/default.nix index 85414700..a8101706 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -1,4 +1,4 @@ -{ self, config, lib, pkgs, ... }: +{ self, config, lib, pkgs, inputs, ... }: let inherit (lib) fileContents; in { @@ -10,12 +10,6 @@ in pub-solar.audio.enable = true; pub-solar.crypto.enable = true; pub-solar.devops.enable = true; - pub-solar.docker.enable = true; - pub-solar.nextcloud.enable = true; - pub-solar.office.enable = true; - # pub-solar.printing.enable = true; # this is enabled automatically if office is enabled - pub-solar.server.enable = true; - pub-solar.printing.enable = true; # This is just a representation of the nix default nix.systemFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; @@ -65,6 +59,7 @@ in p7zip croc jq + jless # Nix specific utilities niv @@ -74,6 +69,7 @@ in # Build broken, python2.7-PyJWT-2.0.1.drv' failed #nixops psos + nvd # Fun neofetch @@ -94,7 +90,7 @@ in nix = { # use nix-dram, a patched nix command, see: https://github.com/dramforever/nix-dram - package = pkgs.nix-dram; + package = inputs.nix-dram.packages.${pkgs.system}.nix-dram; # Improve nix store disk usage autoOptimiseStore = true; @@ -118,7 +114,11 @@ in ''; }; - system.autoUpgrade.enable = true; + # For rage encryption, all hosts need a ssh key pair + services.openssh = { + enable = true; + openFirewall = lib.mkDefault false; + }; # Service that makes Out of Memory Killer more effective services.earlyoom.enable = true; diff --git a/profiles/full-install/default.nix b/profiles/full-install/default.nix new file mode 100644 index 00000000..ba136554 --- /dev/null +++ b/profiles/full-install/default.nix @@ -0,0 +1,15 @@ +{ self, config, lib, pkgs, ... }: +let inherit (lib) fileContents; +in +{ + imports = [ ../cachix ]; + + config = { + pub-solar.audio.mopidy.enable = true; + pub-solar.audio.bluetooth.enable = true; + pub-solar.docker.enable = true; + pub-solar.nextcloud.enable = true; + pub-solar.office.enable = true; + # pub-solar.printing.enable = true; # this is enabled automatically if office is enabled + }; +} diff --git a/profiles/graphical/default.nix b/profiles/graphical/default.nix index 62acad2f..237a74e5 100644 --- a/profiles/graphical/default.nix +++ b/profiles/graphical/default.nix @@ -4,5 +4,4 @@ in { pub-solar.graphical.enable = true; pub-solar.sway.enable = true; - pub-solar.social.enable = true; } diff --git a/profiles/pub-solar-iso/default.nix b/profiles/pub-solar-iso/default.nix new file mode 100644 index 00000000..24312b53 --- /dev/null +++ b/profiles/pub-solar-iso/default.nix @@ -0,0 +1,9 @@ +{ self, config, lib, pkgs, ... }: +let inherit (lib) fileContents; +in +{ + imports = [ ../cachix ]; + config = { + pub-solar.x-os.iso-options.enable = true; + }; +} diff --git a/profiles/social/default.nix b/profiles/social/default.nix new file mode 100644 index 00000000..cad05d33 --- /dev/null +++ b/profiles/social/default.nix @@ -0,0 +1,6 @@ +{ self, config, lib, pkgs, ... }: +let inherit (lib) fileContents; +in +{ + pub-solar.social.enable = true; +} diff --git a/secrets/environment-secrets.age b/secrets/environment-secrets.age index da5644d6..dc867a11 100644 --- a/secrets/environment-secrets.age +++ b/secrets/environment-secrets.age @@ -1,11 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 Wp/X/Q C++E2jLATPQMAxb63nkqjPrgHoVDm1ZsUGr7niplsRY -K6dtOxlstQTNdKUNJA7UU1SwLzZ59loADXyQ1Li4Jos --> ssh-ed25519 8U1+ng yNH7UiUtOvW9H0Ff9XTVRi7nxQXqNRlUxRrWkvbYjwA -mJc/c+tLP7kRrR6OCV+b9Z7WkvDwuagbP3e8Nm67738 --> ssh-ed25519 BVsyTA o7UF3e1fMZKyN6wg3u5j4uHjc4tYZCABSCq0TxbwYnU -X6OG6ySS92rDBXMy5yC7rRqAfxzYe4Ahrpc/fqTd2Gk --> H-grease z7xB6LqI RK 4QF L, -nLqd2fYqYz7wfoQ5IWc41v5AMQeKeNZkabRMkYo ---- 7JewEr1iERrpdhFYTlscmFemDbUvKxxc2QWq482abjo -1+/4'GQbkqf |B}۟*|=侸wbY9\Q mڕ&- $C0 \ No newline at end of file +-> ssh-ed25519 Wp/X/Q IKfNl3gr5ua8kmzHnvIxSSF9BRFVyoLVBaQ5jzuFARI +uzHWNCEVtzi5dTqro2ybcKZk9eIH55EW3XQ3PN694Z4 +-> ssh-ed25519 8U1+ng utu6wEkelk2/T/y/NAOgjZuz30CT/epmQqU15pgsmSI +eH+xU7pl7Ok/tYVQBjumMMUo58UQWaOnbfE7bYxIyM8 +-> ssh-ed25519 BVsyTA 34Fk/GSuH8FJWNLZxE9798zfLawgJucGk7M8bEazHng +Z5B0o32wZLAK0u7iTrWUn8he4G5AW+z1DDhkYZeSDXA +-> :|0NxJA-grease Ko8o7 vL#k|]M +GmDtTyzO8xSd51y5FYQ9uGUe/dTbQYI/7UqK4CtH078GDYn4PIGNlIdqTca5MQ +--- mHoGm+wNh2RKcaqRVO3AFX2ravHNTHlIfq2ADiZPVmg +SCF"W`6}ib+ LVdχFr~?HPC~χJs5WMyXxރDGH \ No newline at end of file diff --git a/secrets/teutat3s-yubikey.pub b/secrets/teutat3s-yubikey.pub new file mode 100644 index 00000000..0462fc12 --- /dev/null +++ b/secrets/teutat3s-yubikey.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a diff --git a/shell/bud/default.nix b/shell/bud/default.nix index c486636b..f65e71ed 100644 --- a/shell/bud/default.nix +++ b/shell/bud/default.nix @@ -1,7 +1,7 @@ { pkgs, lib, budUtils, ... }: { bud.cmds = with pkgs; { get = { - writer = budUtils.writeBashWithPaths [ nixUnstable git coreutils ]; + writer = budUtils.writeBashWithPaths [ nixFlakes git coreutils ]; synopsis = "get [DEST]"; help = "Copy the desired template to DEST"; script = ./get.bash; diff --git a/shell/bud/get.bash b/shell/bud/get.bash index 89e2af3d..d7cdedb8 100644 --- a/shell/bud/get.bash +++ b/shell/bud/get.bash @@ -1 +1 @@ - nix flake new -t "github:divnix/devos/main" "${2:-devos}" + nix flake new -t "github:divnix/devos/main" "${2:-devos}" diff --git a/shell/devos.nix b/shell/devos.nix index dd6f75ef..8702740a 100644 --- a/shell/devos.nix +++ b/shell/devos.nix @@ -15,6 +15,9 @@ in imports = [ "${extraModulesPath}/git/hooks.nix" ]; git = { inherit hooks; }; + # override for our own welcome + devshell.name = pkgs.lib.mkForce "PubSolarOS"; + # tempfix: remove when merged https://github.com/numtide/devshell/pull/123 devshell.startup.load_profiles = pkgs.lib.mkForce (pkgs.lib.noDepEntry '' # PATH is devshell's exorbitant privilige: @@ -31,7 +34,7 @@ in ''); commands = with pkgs; [ - (devos nixUnstable) + (devos nixFlakes) (devos agenix) { category = "devos"; diff --git a/users/nixos/default.nix b/users/nixos/default.nix deleted file mode 100644 index 077a52e4..00000000 --- a/users/nixos/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ hmUsers, ... }: -{ - home-manager.users = { inherit (hmUsers) nixos; }; - - users.users.nixos = { - password = "nixos"; - description = "default"; - isNormalUser = true; - extraGroups = [ "wheel" ]; - }; -} diff --git a/users/pub-solar/default.nix b/users/pub-solar/default.nix new file mode 100644 index 00000000..7289f717 --- /dev/null +++ b/users/pub-solar/default.nix @@ -0,0 +1,18 @@ +{ hmUsers, ... }: +{ + home-manager.users = { inherit (hmUsers) pub-solar; }; + + pub-solar = { + # These are your personal settings + # The only required settings are `name` and `password`, + # for convenience, use publicKeys to add your SSH keys + # The rest is used for programs like git + user = { + name = "pub-solar"; + password = "$6$Kv0BCLU2Jg7GN8Oa$hc2vERKCbZdczFqyHPfgCaleGP.JuOWyd.bfcIsLDNmExGXI6Rnkze.SWzVzVS311KBznN/P4uUYAUADXkVtr."; + fullName = "Pub Solar"; + email = "iso@pub.solar"; + publicKeys = [ ../../secrets/teutat3s-yubikey.pub ]; + }; + }; +} diff --git a/users/teutat3s/.config/git/config.nix b/users/teutat3s/.config/git/config.nix index 10cbd6f0..3993ce02 100644 --- a/users/teutat3s/.config/git/config.nix +++ b/users/teutat3s/.config/git/config.nix @@ -1,7 +1,13 @@ { config, pkgs, ... }: let in -pkgs.lib.mkAfter ''[includeIf "gitdir:~/CodeRoom/greenbaum.cloud/"] +pkgs.lib.mkAfter ''[sendemail] + smtpserver = smtp.mailbox.org + smtpuser = jhonas@mailbox.org + smtpencryption = tls + smtpserverport = 587 + +[includeIf "gitdir:~/CodeRoom/greenbaum.cloud/"] path = ~/.config/git/config_greenbaum.cloud [includeIf "gitdir:~/CodeRoom/git.b12f.io/"] diff --git a/users/teutat3s/.config/watson/config.nix b/users/teutat3s/.config/watson/config.nix new file mode 100644 index 00000000..e9319aeb --- /dev/null +++ b/users/teutat3s/.config/watson/config.nix @@ -0,0 +1,29 @@ +{ config, pkgs, ... }: +let +in +''# Watson configuration +# showing defaults commented out + +# not implemented yet as of 2.0.1 +#[backend] +#url = https://api.crick.fr +#token = yourapitoken + +[options] +#options.confirm_new_project = false +#options.confirm_new_tag = false +date_format = %d.%m.%Y +#log_current = false +pager = false +#report_current = false +#reverse_log = true +stop_on_start = true +#stop_on_restart = false +time_format = %H:%M%z +#week_start = monday + +#[default_tags] +#project-name = tag1 tag2 +#python101 = teaching python +#voyager2 = nasa 'space mission' +'' diff --git a/users/teutat3s/home.nix b/users/teutat3s/home.nix index 6329042a..e04f38c9 100644 --- a/users/teutat3s/home.nix +++ b/users/teutat3s/home.nix @@ -10,22 +10,26 @@ in ]; config = { + pub-solar.social.enable = true; + pub-solar.graphical.alacritty.settings.font.size = 12; pub-solar.graphical.alacritty.settings.key_bindings = [ { key = "V"; mods = "Control|Super"; action = "Paste"; } { key = "C"; mods = "Control|Super"; action = "Copy"; } ]; - services.kbfs.enable = false; - services.keybase.enable = false; + services.kbfs.enable = true; + services.keybase.enable = true; services.yubikey-agent.enable = true; home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { xdg.configFile."git/config".text = import ./.config/git/config.nix { inherit config; inherit pkgs; }; xdg.configFile."git/config_greenbaum.cloud".text = import ./.config/git/config_greenbaum.cloud.nix { inherit config; inherit pkgs; }; xdg.configFile."git/config_git.b12f.io".text = import ./.config/git/config_git.b12f.io.nix { inherit config; inherit pkgs; }; + xdg.configFile."watson/config".text = import ./.config/watson/config.nix { inherit config; inherit pkgs; }; home.packages = with pkgs; [ AusweisApp2 consul + gpu-switch ifmetric ipmitool keybase-gui @@ -67,7 +71,7 @@ in }; programs.zsh = { - initExtra = import ./zshrc.nix pkgs; + initExtra = import ./zshrc.nix { inherit config; inherit pkgs; }; }; # xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg; diff --git a/users/teutat3s/session-variables.nix b/users/teutat3s/session-variables.nix index e9db7172..040e0b8f 100644 --- a/users/teutat3s/session-variables.nix +++ b/users/teutat3s/session-variables.nix @@ -7,6 +7,7 @@ in home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { home.sessionVariables = { DRONE_SERVER = "https://ci.b12f.io"; + GOPATH = "/home/${psCfg.user.name}/CodeRoom/go"; }; }; } diff --git a/users/teutat3s/zshrc.nix b/users/teutat3s/zshrc.nix index 97bc4861..f6723c14 100644 --- a/users/teutat3s/zshrc.nix +++ b/users/teutat3s/zshrc.nix @@ -1,4 +1,4 @@ -pkgs: +{ config, pkgs, ... }: '' bindkey "^[[1;3D" backward-word bindkey "^[[1;3C" forward-word @@ -54,18 +54,32 @@ pkgs: alias wg-down="sudo systemctl stop wg-quick@wg0.service" # Helper function for docker on triton - ttdo () { + ttp() { if [[ "$1" == "set" ]]; then if [[ -n "$2" ]]; then + source unset-env.sh triton profile set "$2" fi - source ~/CodeRoom/greenbaum.cloud/triton-docker.env.sh + source ~/CodeRoom/greenbaum.cloud/tritonshell/template/pkgs/utils/triton-docker.env.sh elif [[ "$1" == "unset" ]]; then - eval "$(triton env --unset)" && unset TRITON_CNS_SEARCH_DOMAIN_PRIVATE TRITON_CNS_SEARCH_DOMAIN_PUBLIC + source ~/CodeRoom/greenbaum.cloud/tritonshell/template/pkgs/utils/unset-env.sh elif [[ "$1" == "env" ]]; then - env | grep "DOCKER\|TRITON\|SDC" + env | grep "DOCKER\|MANTA\|SDC\|TRITON" | sort else - /usr/bin/docker $@ + echo "this is a helper function to quickly switch triton profiles" + echo "and setup the required environment variables" + echo "for triton, manta and the remote docker host (API)" + echo + echo 'use "ttp set your-profile" to switch to a profile' + echo + echo 'use "ttp unset" to clear all environment variables used by these CLIs' + echo "useful if you'd like to run a docker command against the" + echo "local docker host" + echo + echo 'use "ttp env" to view the currently set environment variables' + echo "used by the triton & manta CLIs" + echo + echo 'use "ttp help" to view this help' fi } @@ -83,5 +97,5 @@ pkgs: complete -o nospace -C ${pkgs.waypoint}/bin/waypoint waypoint complete -C '${pkgs.awscli2}/bin/aws_completer' ${pkgs.awscli2}/bin/aws - source /run/secrets/environment-secrets + source ${config.age.secrets.environment-secrets.path} ''