diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6b4926b..a21854c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,4 +1,5 @@ on: + workflow_dispatch: pull_request: push: branches: @@ -22,4 +23,4 @@ jobs: authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' pushFilter: '(nerdfonts)' extraPullNames: nix-community, om - - run: nix run github:juspay/omnix -- ci run "." + - run: nix run github:juspay/omnix --accept-flake-config -- ci run "." diff --git a/.github/workflows/clear-cache.yml b/.github/workflows/clear-cache.yml new file mode 100644 index 0000000..4972601 --- /dev/null +++ b/.github/workflows/clear-cache.yml @@ -0,0 +1,30 @@ +name: Clear cache + +on: + workflow_dispatch: + +permissions: + actions: write + +jobs: + clear-cache: + runs-on: ubuntu-latest + steps: + - name: Clear cache + uses: actions/github-script@v6 + with: + script: | + console.log("About to clear") + const caches = await github.rest.actions.getActionsCacheList({ + owner: context.repo.owner, + repo: context.repo.repo, + }) + for (const cache of caches.data.actions_caches) { + console.log(cache) + github.rest.actions.deleteActionsCacheById({ + owner: context.repo.owner, + repo: context.repo.repo, + cache_id: cache.id, + }) + } + console.log("Clear completed") diff --git a/.github/workflows/update-flake.yml b/.github/workflows/update-flake.yml index 22af47e..101de73 100644 --- a/.github/workflows/update-flake.yml +++ b/.github/workflows/update-flake.yml @@ -2,7 +2,7 @@ name: Update flake inputs on: schedule: # Every day, 5am - - cron: "0 5 * * *" + - cron: "0 5 * * 6" workflow_dispatch: jobs: diff --git a/flake.lock b/flake.lock index 5fa6014..a391da9 100644 --- a/flake.lock +++ b/flake.lock @@ -184,6 +184,27 @@ } }, "crane": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717535930, + "narHash": "sha256-1hZ/txnbd/RmiBPNUs7i8UQw2N89uAK3UzrGAWdnFfU=", + "owner": "ipetkov", + "repo": "crane", + "rev": "55e7754ec31dac78980c8be45f8a28e80e370946", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_2": { "locked": { "lastModified": 1725409566, "narHash": "sha256-PrtLmqhM6UtJP7v7IGyzjBFhbG4eOAHT6LPYOFmYfbk=", @@ -198,7 +219,7 @@ "type": "github" } }, - "crane_2": { + "crane_3": { "inputs": { "nixpkgs": [ "omnix", @@ -223,11 +244,11 @@ "devour-flake": { "flake": false, "locked": { - "lastModified": 1709858306, - "narHash": "sha256-Vey9n9hIlWiSAZ6CCTpkrL6jt4r2JvT2ik9wa2bjeC0=", + "lastModified": 1726283167, + "narHash": "sha256-Cvc84VzvvdmehafnaIPfdPylNWJcDmv79QQh/MH/4Qk=", "owner": "srid", "repo": "devour-flake", - "rev": "17b711b9deadbbc5629cb7d2b64cf86ae72af3fa", + "rev": "9b96d31a55be119df8496ec5b7369823deec8a1c", "type": "github" }, "original": { @@ -265,11 +286,11 @@ ] }, "locked": { - "lastModified": 1725377834, - "narHash": "sha256-tqoAO8oT6zEUDXte98cvA1saU9+1dLJQe3pMKLXv8ps=", + "lastModified": 1726219040, + "narHash": "sha256-u/2xSCp/7sE7XViv6QR2jMw7Rrx/PXJtmeVLYv+Qbpo=", "owner": "nix-community", "repo": "disko", - "rev": "e55f9a8678adc02024a4877c2a403e3f6daf24fe", + "rev": "4ef99d8ec41369b6fbe83479b5566c2b8856972c", "type": "github" }, "original": { @@ -278,6 +299,28 @@ "type": "github" } }, + "fenix": { + "inputs": { + "nixpkgs": [ + "nish", + "nixpkgs" + ], + "rust-analyzer-src": "rust-analyzer-src" + }, + "locked": { + "lastModified": 1726116637, + "narHash": "sha256-tU2GhwU887mPg6C4c2k+CEBAnKY6R0tSeQYtoqjZmLM=", + "owner": "nix-community", + "repo": "fenix", + "rev": "96a04a213838c5001619ad57400c5a176fa040b1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, "firefox-addons": { "inputs": { "flake-utils": "flake-utils", @@ -287,11 +330,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1726027388, - "narHash": "sha256-HkTiAImrog2T7roRrc2msWjTqPjr6Wth05u9e4P5ti8=", + "lastModified": 1726286600, + "narHash": "sha256-m6O7L5e+1Zv9XpI6zKbi7k4EzJgYoygzhU0ER6ZlXwU=", "owner": "rycee", "repo": "nur-expressions", - "rev": "675f12f64b3b5fc8809ad0ae2abd99dbeaa0f6c7", + "rev": "70acbc15b24d567ce024a455ad2e93aa3302c9b0", "type": "gitlab" }, "original": { @@ -349,6 +392,22 @@ } }, "flake-compat_4": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_5": { "locked": { "lastModified": 1696426674, "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", @@ -362,7 +421,7 @@ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" } }, - "flake-compat_5": { + "flake-compat_6": { "flake": false, "locked": { "lastModified": 1688025799, @@ -378,7 +437,7 @@ "type": "github" } }, - "flake-compat_6": { + "flake-compat_7": { "flake": false, "locked": { "lastModified": 1673956053, @@ -394,7 +453,7 @@ "type": "github" } }, - "flake-compat_7": { + "flake-compat_8": { "flake": false, "locked": { "lastModified": 1673956053, @@ -417,11 +476,11 @@ ] }, "locked": { - "lastModified": 1725234343, - "narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=", + "lastModified": 1726153070, + "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "567b938d64d4b4112ee253b9274472dc3a346eb6", + "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a", "type": "github" }, "original": { @@ -431,6 +490,27 @@ } }, "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717285511, + "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_3": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, @@ -448,7 +528,7 @@ "type": "github" } }, - "flake-parts_3": { + "flake-parts_4": { "inputs": { "nixpkgs-lib": [ "nixvim", @@ -470,7 +550,7 @@ "type": "github" } }, - "flake-parts_4": { + "flake-parts_5": { "inputs": { "nixpkgs-lib": [ "nixvim", @@ -492,7 +572,7 @@ "type": "indirect" } }, - "flake-parts_5": { + "flake-parts_6": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_2" }, @@ -645,8 +725,8 @@ }, "git-hooks": { "inputs": { - "flake-compat": "flake-compat_3", - "gitignore": "gitignore", + "flake-compat": "flake-compat_4", + "gitignore": "gitignore_2", "nixpkgs": [ "nixvim", "neovim-nightly-overlay", @@ -679,7 +759,7 @@ "nixvim", "flake-compat" ], - "gitignore": "gitignore_2", + "gitignore": "gitignore_3", "nixpkgs": [ "nixvim", "nixvim", @@ -706,6 +786,28 @@ } }, "gitignore": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_2": { "inputs": { "nixpkgs": [ "nixvim", @@ -728,7 +830,7 @@ "type": "github" } }, - "gitignore_2": { + "gitignore_3": { "inputs": { "nixpkgs": [ "nixvim", @@ -751,7 +853,7 @@ "type": "github" } }, - "gitignore_3": { + "gitignore_4": { "inputs": { "nixpkgs": [ "pre-commit-hooks", @@ -791,7 +893,7 @@ }, "hercules-ci-effects": { "inputs": { - "flake-parts": "flake-parts_4", + "flake-parts": "flake-parts_5", "nixpkgs": [ "nixvim", "neovim-nightly-overlay", @@ -876,6 +978,33 @@ "type": "github" } }, + "lanzaboote": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts_2", + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixpkgs" + ], + "pre-commit-hooks-nix": "pre-commit-hooks-nix", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1718178907, + "narHash": "sha256-eSZyrQ9uoPB9iPQ8Y5H7gAmAgAvCw3InStmU3oEjqsE=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "b627ccd97d0159214cee5c7db1412b75e4be6086", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "v0.4.1", + "repo": "lanzaboote", + "type": "github" + } + }, "libgit2": { "flake": false, "locked": { @@ -894,8 +1023,8 @@ }, "neovim-nightly-overlay": { "inputs": { - "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts_3", + "flake-compat": "flake-compat_3", + "flake-parts": "flake-parts_4", "git-hooks": "git-hooks", "hercules-ci-effects": "hercules-ci-effects", "neovim-src": "neovim-src", @@ -934,19 +1063,30 @@ "nish": { "inputs": { "advisory-db": "advisory-db", - "crane": "crane", - "flake-utils": "flake-utils_2", + "crane": "crane_2", + "fenix": "fenix", + "flake-parts": [ + "flake-parts" + ], "nixpkgs": [ "unstable" ], - "rust-overlay": "rust-overlay" + "pre-commit-hooks": [ + "pre-commit-hooks" + ], + "systems": [ + "systems" + ], + "treefmt-nix": [ + "treefmt-nix" + ] }, "locked": { - "lastModified": 1725999292, - "narHash": "sha256-nrzEuty76ZWGno9w74j7cDekvaRn9gtHN0gsuSyqRpw=", + "lastModified": 1726125131, + "narHash": "sha256-b6wzPTyJTpxj75m+rklNY6FhTsXG+HAA9664qC+U+ew=", "owner": "callumio", "repo": "nish", - "rev": "fb22da828f4aad704123dd8dd31404eb545e9df3", + "rev": "75e7c33a87873f2b4bbcf3d8cfd221bab91eba9f", "type": "github" }, "original": { @@ -957,7 +1097,7 @@ }, "nix": { "inputs": { - "flake-compat": "flake-compat_6", + "flake-compat": "flake-compat_7", "flake-parts": [ "omnix", "flake-parts" @@ -1006,6 +1146,66 @@ "type": "github" } }, + "nix-systems-aarch64-darwin": { + "locked": { + "lastModified": 1680978170, + "narHash": "sha256-PHVNQ7y0EQYzujQRYoRdb96K0m1KSeAjSrbz2b75S6Q=", + "owner": "nix-systems", + "repo": "aarch64-darwin", + "rev": "75e6c6912484d28ebba5769b794ffa4aff653ba2", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "aarch64-darwin", + "type": "github" + } + }, + "nix-systems-aarch64-linux": { + "locked": { + "lastModified": 1680978097, + "narHash": "sha256-1Zp7TRYLXj4P5FLhQ8jBChrgAmQxR3iTypmWf9EFTnc=", + "owner": "nix-systems", + "repo": "aarch64-linux", + "rev": "aa1ce1b64c822dff925d63d3e771113f71ada1bb", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "aarch64-linux", + "type": "github" + } + }, + "nix-systems-x86_64-darwin": { + "locked": { + "lastModified": 1680978224, + "narHash": "sha256-+xT9B1ZbhMg/zpJqd00S06UCZb/A2URW9bqqrZ/JTOg=", + "owner": "nix-systems", + "repo": "x86_64-darwin", + "rev": "db0463cce4cd60fb791f33a83d29a1ed53edab9b", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "x86_64-darwin", + "type": "github" + } + }, + "nix-systems-x86_64-linux": { + "locked": { + "lastModified": 1680978846, + "narHash": "sha256-Gtqg8b/v49BFDpDetjclCYXm8mAnTrUzR0JnE2nv5aw=", + "owner": "nix-systems", + "repo": "x86_64-linux", + "rev": "2ecfcac5e15790ba6ce360ceccddb15ad16d08a8", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "x86_64-linux", + "type": "github" + } + }, "nix-visualize": { "flake": false, "locked": { @@ -1044,11 +1244,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725826545, - "narHash": "sha256-L64N1rpLlXdc94H+F6scnrbuEu+utC03cDDVvvJGOME=", + "lastModified": 1725930920, + "narHash": "sha256-RVhD9hnlTT2nJzPHlAqrWqCkA7T6CYrP41IoVRkciZM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9", + "rev": "44a71ff39c182edaf25a7ace5c9454e7cba2c658", "type": "github" }, "original": { @@ -1121,6 +1321,22 @@ } }, "nixpkgs-stable": { + "locked": { + "lastModified": 1710695816, + "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "614b4613980a522ba49f0d194531beddbb7220d3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { "locked": { "lastModified": 1720386169, "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=", @@ -1186,7 +1402,7 @@ }, "nixvim": { "inputs": { - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts_3", "neovim-nightly-overlay": "neovim-nightly-overlay", "nixpkgs": [ "unstable" @@ -1210,7 +1426,7 @@ "nixvim_2": { "inputs": { "devshell": "devshell", - "flake-compat": "flake-compat_4", + "flake-compat": "flake-compat_5", "flake-parts": [ "nixvim", "flake-parts" @@ -1303,6 +1519,10 @@ "flake-parts" ], "nix": "nix", + "nix-systems-aarch64-darwin": "nix-systems-aarch64-darwin", + "nix-systems-aarch64-linux": "nix-systems-aarch64-linux", + "nix-systems-x86_64-darwin": "nix-systems-x86_64-darwin", + "nix-systems-x86_64-linux": "nix-systems-x86_64-linux", "nixpkgs": [ "nixpkgs" ], @@ -1316,11 +1536,11 @@ ] }, "locked": { - "lastModified": 1726003074, - "narHash": "sha256-GSJEbFgPCS5hW3+3Ti/h6OwnjuKbpKTFxKeahI/TLMY=", + "lastModified": 1726274548, + "narHash": "sha256-kYL8a5T+lPH9eh91JzKKwDKFEpuh1StE4r3aTvNKWeE=", "owner": "juspay", "repo": "omnix", - "rev": "8992c14a8b2425e385c4c7287bfde52de39ad408", + "rev": "eaa9f3e3dee251846d102813144328c08c62fb3a", "type": "github" }, "original": { @@ -1365,16 +1585,43 @@ "type": "github" } }, + "pre-commit-hooks-nix": { + "inputs": { + "flake-compat": [ + "lanzaboote", + "flake-compat" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1717664902, + "narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "pre-commit-hooks_2": { "inputs": { "flake-compat": [ "flake-compat" ], - "gitignore": "gitignore_3", + "gitignore": "gitignore_4", "nixpkgs": [ "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { "lastModified": 1725513492, @@ -1414,6 +1661,7 @@ "flake-compat": "flake-compat", "flake-parts": "flake-parts", "home-manager": "home-manager_2", + "lanzaboote": "lanzaboote", "nish": "nish", "nixinate": "nixinate", "nixpkgs": "nixpkgs", @@ -1427,9 +1675,26 @@ "unstable": "unstable" } }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1725890120, + "narHash": "sha256-7bsWAKG/otbHj7wmCBrJ9P6ve2MFcoOlIh6wcx6ffKg=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "e35227d186acd47d8e5f78cbd792d57ddf47d74b", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, "rust-flake": { "inputs": { - "crane": "crane_2", + "crane": "crane_3", "nixpkgs": [ "omnix", "nixpkgs" @@ -1453,17 +1718,21 @@ }, "rust-overlay": { "inputs": { + "flake-utils": [ + "lanzaboote", + "flake-utils" + ], "nixpkgs": [ - "nish", + "lanzaboote", "nixpkgs" ] }, "locked": { - "lastModified": 1725935143, - "narHash": "sha256-mVtTVQMlXkydSXVwFClE0ckxHrOQ9nb2DrCjNwW5pUE=", + "lastModified": 1717813066, + "narHash": "sha256-wqbRwq3i7g5EHIui0bIi84mdqZ/It1AXBSLJ5tafD28=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "c3c175c74cd0e8c2c40a0e22bc6e3005c4d28d64", + "rev": "6dc3e45fe4aee36efeed24d64fc68b1f989d5465", "type": "github" }, "original": { @@ -1490,8 +1759,8 @@ }, "sbomnix": { "inputs": { - "flake-compat": "flake-compat_5", - "flake-parts": "flake-parts_5", + "flake-compat": "flake-compat_6", + "flake-parts": "flake-parts_6", "flake-root": "flake-root", "nix-visualize": "nix-visualize", "nixpkgs": "nixpkgs_3", @@ -1521,7 +1790,7 @@ "base16-kitty": "base16-kitty", "base16-tmux": "base16-tmux", "base16-vim": "base16-vim", - "flake-compat": "flake-compat_7", + "flake-compat": "flake-compat_8", "flake-utils": "flake-utils_5", "gnome-shell": "gnome-shell", "home-manager": [ @@ -1533,11 +1802,11 @@ "systems": "systems_4" }, "locked": { - "lastModified": 1725290973, - "narHash": "sha256-+jwXF9KI0HfvDgpsoJGvOdfOGGSKOrID1wQB79zjUbo=", + "lastModified": 1726170940, + "narHash": "sha256-sobkRkGBaMX9pD0bwU1iVPWi0WtQvZqlHyl1YtvNDio=", "owner": "danth", "repo": "stylix", - "rev": "ef81ad9e85e60420cc83d4642619c14b57139d33", + "rev": "35233f929629c8eb64e939e35260fc8347f94df9", "type": "github" }, "original": { @@ -1687,11 +1956,11 @@ }, "unstable": { "locked": { - "lastModified": 1725634671, - "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", + "lastModified": 1726062873, + "narHash": "sha256-IiA3jfbR7K/B5+9byVi9BZGWTD4VSbWe8VLpp9B/iYk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", + "rev": "4f807e8940284ad7925ebd0a0993d2a1791acb2f", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index af4b7cf..a5c05d9 100644 --- a/flake.nix +++ b/flake.nix @@ -8,9 +8,10 @@ ... } @ inputs: let mods = import ./modules; + cLib = import ./lib {inherit (nixpkgs) lib;}; mkLinuxSystem = mod: nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; + specialArgs = {inherit inputs cLib;}; modules = [ inputs.home-manager.nixosModules.home-manager @@ -20,8 +21,8 @@ nixpkgs.config.allowUnfree = true; nixpkgs.overlays = [self.overlays.default]; } - mod ] + ++ mod ++ mods.sharedModules; }; in @@ -38,8 +39,8 @@ inherit (mods) homeManagerModules nixosModules; # TODO: use ./hosts/ nixosConfigurations = { - artemis = mkLinuxSystem ./hosts/artemis; - hermes = mkLinuxSystem ./hosts/hermes; + artemis = mkLinuxSystem [./hosts/artemis inputs.lanzaboote.nixosModules.lanzaboote]; + hermes = mkLinuxSystem [./hosts/hermes]; }; diskoConfigurations = {}; # maybe? om.health.default = {nix-version.min-required = "2.18.5";}; @@ -160,10 +161,21 @@ treefmt-nix.url = "github:numtide/treefmt-nix"; treefmt-nix.inputs.nixpkgs.follows = "nixpkgs"; + lanzaboote = { + url = "github:nix-community/lanzaboote/v0.4.1"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # my custom programs nish = { url = "github:callumio/nish"; - inputs.nixpkgs.follows = "unstable"; + inputs = { + nixpkgs.follows = "unstable"; + flake-parts.follows = "flake-parts"; + systems.follows = "systems"; + treefmt-nix.follows = "treefmt-nix"; + pre-commit-hooks.follows = "pre-commit-hooks"; + }; }; nsbm = { diff --git a/home/c/default.nix b/home/c/default.nix index d7e7aa2..3f8bd92 100644 --- a/home/c/default.nix +++ b/home/c/default.nix @@ -19,6 +19,7 @@ }; home.packages = with pkgs; [ + # TODO: sort this out gnome.adwaita-icon-theme networkmanagerapplet libsecret diff --git a/home/c/programs/fish/default.nix b/home/c/programs/fish/default.nix index e6244c1..4268b18 100644 --- a/home/c/programs/fish/default.nix +++ b/home/c/programs/fish/default.nix @@ -1,4 +1,14 @@ -{pkgs, ...}: { +{ + pkgs, + cLib, + ... +}: let + mkFishPlug = pkg: { + name = pkg.pname; + inherit (pkg) src; + }; + tmux = cLib.getProgFor pkgs "tmux"; +in { programs.fish = { enable = true; @@ -7,47 +17,27 @@ trap __trap_exit_tmux EXIT ''; + # TODO: dont use this directly shellAliases = {v = "nvim";}; functions = { __trap_exit_tmux = { body = '' - test (tmux list-windows | wc -l) = 1 || exit - test (tmux list-panes | wc -l) = 1 || exit - tmux switch-client -t main + test (${tmux} list-windows | wc -l) = 1 || exit + test (${tmux} list-panes | wc -l) = 1 || exit + ${tmux} switch-client -t main ''; }; }; plugins = with pkgs.fishPlugins; [ - { - name = "z"; - inherit (z) src; - } - { - name = "hydro"; - inherit (hydro) src; - } - { - name = "sponge"; - inherit (sponge) src; - } - { - name = "grc"; - inherit (grc) src; - } - { - name = "done"; - inherit (done) src; - } - { - name = "fzf-fish"; - inherit (fzf-fish) src; - } - { - name = "forgit"; - inherit (forgit) src; - } + (mkFishPlug z) + (mkFishPlug hydro) + (mkFishPlug sponge) + (mkFishPlug grc) + (mkFishPlug done) + (mkFishPlug fzf-fish) + (mkFishPlug git-abbr) ]; }; } diff --git a/home/c/programs/git/default.nix b/home/c/programs/git/default.nix index c10a2b2..8e5f9f5 100644 --- a/home/c/programs/git/default.nix +++ b/home/c/programs/git/default.nix @@ -4,7 +4,7 @@ userName = "Callum Leslie"; userEmail = "git@cleslie.uk"; - signing.key = "D382C4AFEECEAA90"; + signing.key = "03B01F427831BCFD!"; signing.signByDefault = true; ignores = [".direnv/"]; @@ -15,7 +15,7 @@ contents = { user = { email = "psycl6@nottingham.ac.uk"; - signingKey = "5A944DF89B6F65AC"; + signingKey = "14861F1282EFB5C8!"; }; credential = {helper = "store";}; }; @@ -34,6 +34,6 @@ ghq = {root = "~/repos";}; }; - diff-so-fancy.enable = true; + delta.enable = true; }; } diff --git a/home/c/programs/hypr/default.nix b/home/c/programs/hypr/default.nix index bcdacdb..5b31a78 100644 --- a/home/c/programs/hypr/default.nix +++ b/home/c/programs/hypr/default.nix @@ -1,8 +1,32 @@ -{...}: { +{ + pkgs, + cLib, + ... +}: let + getProgFor' = cLib.getProgFor' pkgs; + getProgFor = cLib.getProgFor pkgs; + web = getProgFor "firefox"; + mail = getProgFor "betterbird"; + chat = getProgFor "discord"; + media = getProgFor "spotify"; + terminal = getProgFor "alacritty"; + runner = getProgFor' "rofi-wayland" "rofi"; + rofi-rbw = getProgFor' "rofi-rbw-wayland" "rofi-rbw"; + tmux = getProgFor "tmux"; + slurp = getProgFor "slurp"; + grim = getProgFor "grim"; + wl-copy = getProgFor' "wl-clipboard" "wl-copy"; + mullvad = getProgFor' "mullvad-vpn" "mullvad-gui"; + playerctl = getProgFor "playerctl"; + brightnessctl = getProgFor "brightnessctl"; + wpctl = getProgFor' "wireplumber" "wpctl"; + hyprlock = getProgFor "hyprlock"; + hyprctl = getProgFor' "hyprland" "hyprctl"; +in { services = { blueman-applet.enable = true; network-manager-applet.enable = true; - kanshi.systemdTarget = "hyprland-session.target"; + kanshi.systemdTarget = "graphical-session.target"; udiskie = { enable = true; tray = "auto"; @@ -65,7 +89,7 @@ enable = true; systemd.enable = true; xwayland.enable = true; - # TODO: move to nix config over text + settings = { "monitor" = ",prefered,auto,1"; @@ -137,13 +161,13 @@ "$mainMod SHIFT, q, exit" "$mainMod, F, fullscreen" "$mainMod SHIFT, f, togglefloating" - "$mainMod, d, exec, rofi -show drun" - "$mainMod, w, exec, rofi -show window" - "$mainMod, p, exec, rofi-rbw --no-folder" + "$mainMod, d, exec, ${runner} -show drun" + "$mainMod, w, exec, ${runner} -show window" + "$mainMod, p, exec, ${rofi-rbw} --no-folder" "$mainMod, s, togglesplit" - "$mainMod SHIFT, r, exec, hyprctl reload" - "$mainMod, return, exec, alacritty -e tmux new -A -s main" - "$mainMod SHIFT, return, exec, [float; pin] alacritty -e tmux new -A -s main" + "$mainMod SHIFT, r, exec, ${hyprctl} reload" + "$mainMod, return, exec, ${terminal} -e ${tmux} new -A -s main" + "$mainMod SHIFT, return, exec, [float; pin] ${terminal} -e ${tmux} new -A -s main" "$mainMod, b, workspace, name:web" "$mainMod, n, workspace, name:chat" @@ -172,9 +196,9 @@ "$mainMod SHIFT, l, movewindow, r" "$mainMod SHIFT, k, movewindow, u" "$mainMod SHIFT, j, movewindow, d" - ''SHIFT, Print, exec, grim -g "$(slurp)" - | wl-copy'' - ", Print, exec, grim - | wl-copy" - "$mainMod, 0, exec, hyprlock" + ''SHIFT, Print, exec, ${grim} -g "$(${slurp})" - | ${wl-copy}'' + ", Print, exec, ${grim} - | ${wl-copy}" + "$mainMod, 0, exec, ${hyprlock}" ] ++ (builtins.concatLists (builtins.genList (x: let ws = x + 1; @@ -187,10 +211,10 @@ 9)); workspace = [ - "name:web, on-created-empty: firefox" - "name:chat, on-created-empty: discord" - "name:media, on-created-empty: spotify" - "name:mail, on-created-empty: betterbird" + "name:web, on-created-empty: ${web}" + "name:chat, on-created-empty: ${chat}" + "name:media, on-created-empty: ${media}" + "name:mail, on-created-empty: ${mail}" ]; bindm = [ @@ -199,25 +223,19 @@ ]; bindle = [ - ", XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+" - ", XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-" - ", XF86AudioMute , exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle" - ", XF86AudioMicMute , exec, wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle" - ", XF86AudioPlay , exec, playerctl play-pause" - ", XF86AudioPause , exec, playerctl play-pause" - ", XF86AudioNext , exec, playerctl next" - ", XF86AudioPrev , exec, playerctl previous" - ", XF86MonBrightnessUp, exec, brightnessctl -c backlight set +5%" - ", XF86MonBrightnessDown, exec, brightnessctl -c backlight set 5%-" + ", XF86AudioRaiseVolume, exec, ${wpctl} set-volume @DEFAULT_AUDIO_SINK@ 5%+" + ", XF86AudioLowerVolume, exec, ${wpctl} set-volume @DEFAULT_AUDIO_SINK@ 5%-" + ", XF86AudioMute , exec, ${wpctl} set-mute @DEFAULT_AUDIO_SINK@ toggle" + ", XF86AudioMicMute , exec, ${wpctl} set-mute @DEFAULT_AUDIO_SOURCE@ toggle" + ", XF86AudioPlay , exec, ${playerctl} play-pause" + ", XF86AudioPause , exec, ${playerctl} play-pause" + ", XF86AudioNext , exec, ${playerctl} next" + ", XF86AudioPrev , exec, ${playerctl} previous" + ", XF86MonBrightnessUp, exec, ${brightnessctl} -c backlight set +5%" + ", XF86MonBrightnessDown, exec, ${brightnessctl} -c backlight set 5%-" ]; - exec = [ - #"pkill wpaperd & sleep 0.5 && wpaperd" - #"pkill waybar & sleep 0.5 && waybar" - #"pkill mako & sleep 0.5 && mako" - ]; - - exec-once = ["mullvad-gui"]; + exec-once = [(toString mullvad)]; }; }; } diff --git a/home/c/programs/nvim/.luarc.json b/home/c/programs/nvim/.luarc.json deleted file mode 100644 index 904146d..0000000 --- a/home/c/programs/nvim/.luarc.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "diagnostics.globals": [ - "vim", - "lsp_on_attach" - ] -} diff --git a/home/c/programs/nvim/default.nix b/home/c/programs/nvim/default.nix deleted file mode 100644 index 000a085..0000000 --- a/home/c/programs/nvim/default.nix +++ /dev/null @@ -1,313 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: { - programs.neovim = let - leaders = '' - vim.g.mapleader = ' ' - vim.g.maplocalleader = ' ' - ''; - toLua = str: '' - lua << EOF - ${leaders} - ${str} - EOF - ''; - toLuaFile = file: '' - lua << EOF - ${leaders} - ${builtins.readFile file} - EOF - ''; - toLuaFileLSP = file: '' - lua << EOF - ${leaders} - ${builtins.readFile ./plugin/lsp/lsp-keys.lua} - ${builtins.readFile file} - EOF - ''; - - fromGit = ref: rev: repo: - pkgs.vimUtils.buildVimPlugin { - pname = "${lib.strings.sanitizeDerivationName repo}"; - version = ref; - src = builtins.fetchGit { - url = "https://github.com/${repo}.git"; - inherit ref; - inherit rev; - }; - }; - - # always installs latest version - pluginGit = fromGit "HEAD"; - in { - enable = true; - - # package = pkgs.neovim-nightly; - - extraPackages = with pkgs; [ - # Rust - rust-analyzer - cargo - rustc - rustfmt - - # YAML - yaml-language-server - - # JSON - nodePackages.vscode-json-languageserver - - # Go - gopls - - # Typescript - nodePackages.typescript - nodePackages.typescript-language-server - - # Javascript - eslint_d - - # Python - nodePackages.pyright - black - - # Util - ripgrep - fzf - - # C-Family - clang-tools - - # Shell - shellcheck - shfmt - - # Lua - lua-language-server - selene - stylua - - # Nix - rnix-lsp - nixfmt - statix - - # LLM - ollama - - # Haskell - haskellPackages.haskell-debug-adapter - haskellPackages.haskell-language-server - haskellPackages.fourmolu - ghc - - # Docker - dockerfile-language-server-nodejs - docker-compose-language-service - ]; - - defaultEditor = true; - - viAlias = true; - vimAlias = true; - vimdiffAlias = true; - - extraLuaConfig = '' - ${builtins.readFile ./options.lua} - ''; - - plugins = with pkgs.vimPlugins; [ - { - plugin = nvim-lspconfig; - config = toLuaFileLSP ./plugin/lsp/lsp.lua; - } - - { - plugin = crates-nvim; - config = toLua "require('crates').setup()"; - } - - { - plugin = rustaceanvim; - config = toLuaFileLSP ./plugin/lsp/rust.lua; - } - - { - plugin = haskell-tools-nvim; - config = toLuaFileLSP ./plugin/lsp/haskell.lua; - } - - { - plugin = SchemaStore-nvim; - config = toLuaFileLSP ./plugin/lsp/schemastore.lua; - } - - { - plugin = todo-comments-nvim; - config = - toLua - "require('todo-comments').setup(); vim.api.nvim_set_keymap('n', 'vtd', ':TodoTelescope', { noremap = true });"; - } - - { - plugin = comment-nvim; - config = toLua "require('Comment').setup()"; - } - - { - plugin = onedark-nvim; - config = "colorscheme onedark"; - } - - neodev-nvim - - { - plugin = nvim-cmp; - config = toLuaFile ./plugin/cmp.lua; - } - - { - plugin = telescope-nvim; - config = toLuaFile ./plugin/telescope.lua; - } - - { - plugin = - pluginGit "951b163e55ce7639eb320c450bde9283c4fe968b" - "laytan/cloak.nvim"; - config = toLuaFile ./plugin/cloak.lua; - } - - { - plugin = - pluginGit "41ad952c8269fa7aa3a4b8a5abb44541cb628313" - "David-Kunz/gen.nvim"; - config = toLuaFile ./plugin/gen.lua; - } - - { - plugin = nvim-dap; - config = toLuaFile ./plugin/debugger.lua; - } - - { - plugin = - pluginGit "fd35a46f4b7c1b244249266bdcb2da3814f01724" - "xiyaowong/transparent.nvim"; - config = toLua "require('transparent').setup{}"; - } - - nvim-dap-ui - telescope-dap-nvim - nvim-dap-virtual-text - - telescope-fzf-native-nvim - - cmp_luasnip - cmp-nvim-lsp - - luasnip - friendly-snippets - - { - plugin = hardtime-nvim; - config = toLua "require('hardtime').setup()"; - } - - { - plugin = nvim-surround; - config = toLua "require('nvim-surround').setup{}"; - } - - { - plugin = harpoon; - config = toLuaFile ./plugin/harpoon.lua; - } - - { - plugin = lualine-nvim; - config = - toLua - "require('lualine').setup{options = {icons_enabled = true, theme = 'onedark', component_separators = '|', section_separators = ''}, sections = { lualine_a = { { 'buffers', } } }}"; - } - - { - plugin = nvim-autopairs; - config = toLua "require('nvim-autopairs').setup {}"; - } - - { - plugin = leap-nvim; - config = toLua "require('leap.user').add_default_mappings()"; - } - - { - plugin = none-ls-nvim; - config = toLuaFile ./plugin/lsp/none-ls.lua; - } - - { - plugin = oil-nvim; - config = toLuaFile ./plugin/oil.lua; - } - - { - plugin = zen-mode-nvim; - config = toLuaFile ./plugin/zen.lua; - } - twilight-nvim - - nvim-web-devicons - - { - plugin = undotree; - config = - toLua "vim.keymap.set('n', 'u', vim.cmd.UndotreeToggle)"; - } - - { - plugin = gitsigns-nvim; - config = toLuaFile ./plugin/gitsigns.lua; - } - - { - plugin = nvim-treesitter.withPlugins (p: [ - p.tree-sitter-nix - p.tree-sitter-vim - p.tree-sitter-bash - p.tree-sitter-lua - p.tree-sitter-python - p.tree-sitter-rust - p.tree-sitter-json - p.tree-sitter-c - p.tree-sitter-comment - p.tree-sitter-javascript - p.tree-sitter-fish - p.tree-sitter-dockerfile - p.tree-sitter-cpp - p.tree-sitter-git_config - p.tree-sitter-git_rebase - p.tree-sitter-gitattributes - p.tree-sitter-gitcommit - p.tree-sitter-gitignore - p.tree-sitter-markdown - p.tree-sitter-markdown_inline - p.tree-sitter-make - p.tree-sitter-norg - p.tree-sitter-ssh_config - p.tree-sitter-typescript - p.tree-sitter-tsx - p.tree-sitter-haskell - p.tree-sitter-yaml - p.tree-sitter-zig - ]); - config = toLuaFile ./plugin/treesitter.lua; - } - - vim-nix - ]; - }; -} diff --git a/home/c/programs/tmux/bar.patch b/home/c/programs/tmux/bar.patch new file mode 100644 index 0000000..02f604b --- /dev/null +++ b/home/c/programs/tmux/bar.patch @@ -0,0 +1,24 @@ +diff --git a/tmux-onedark-theme.tmux b/tmux-onedark-theme.tmux +index e440cc7..33ba373 100755 +--- a/tmux-onedark-theme.tmux ++++ b/tmux-onedark-theme.tmux +@@ -75,14 +75,14 @@ set "status-fg" "$onedark_white" + set "@prefix_highlight_fg" "$onedark_black" + set "@prefix_highlight_bg" "$onedark_green" + set "@prefix_highlight_copy_mode_attr" "fg=$onedark_black,bg=$onedark_green" +-set "@prefix_highlight_output_prefix" "  " ++set "@prefix_highlight_output_prefix" " " + + status_widgets=$(get "@onedark_widgets") + time_format=$(get "@onedark_time_format" "%R") + date_format=$(get "@onedark_date_format" "%d/%m/%Y") + +-set "status-right" "#[fg=$onedark_white,bg=$onedark_black,nounderscore,noitalics]${time_format}  ${date_format} #[fg=$onedark_visual_grey,bg=$onedark_black]#[fg=$onedark_visual_grey,bg=$onedark_visual_grey]#[fg=$onedark_white, bg=$onedark_visual_grey]${status_widgets} #[fg=$onedark_green,bg=$onedark_visual_grey,nobold,nounderscore,noitalics]#[fg=$onedark_black,bg=$onedark_green,bold] #h #[fg=$onedark_yellow, bg=$onedark_green]#[fg=$onedark_red,bg=$onedark_yellow]" +-set "status-left" "#[fg=$onedark_black,bg=$onedark_green,bold] #S #{prefix_highlight}#[fg=$onedark_green,bg=$onedark_black,nobold,nounderscore,noitalics]" ++set "status-right" "#[fg=$onedark_white,bg=$onedark_black,nounderscore,noitalics]${time_format} ${date_format} #[fg=$onedark_visual_grey,bg=$onedark_black]#[fg=$onedark_visual_grey,bg=$onedark_visual_grey]#[fg=$onedark_white, bg=$onedark_visual_grey]${status_widgets} #[fg=$onedark_green,bg=$onedark_visual_grey,nobold,nounderscore,noitalics]#[fg=$onedark_black,bg=$onedark_green,bold] #h #[fg=$onedark_yellow, bg=$onedark_green]#[fg=$onedark_red,bg=$onedark_yellow]" ++set "status-left" "#[fg=$onedark_black,bg=$onedark_green,bold] #S #{prefix_highlight}#[fg=$onedark_green,bg=$onedark_black,nobold,nounderscore,noitalics]" + +-set "window-status-format" "#[fg=$onedark_black,bg=$onedark_black,nobold,nounderscore,noitalics]#[fg=$onedark_white,bg=$onedark_black] #I  #W #[fg=$onedark_black,bg=$onedark_black,nobold,nounderscore,noitalics]" +-set "window-status-current-format" "#[fg=$onedark_black,bg=$onedark_visual_grey,nobold,nounderscore,noitalics]#[fg=$onedark_white,bg=$onedark_visual_grey,nobold] #I  #W #[fg=$onedark_visual_grey,bg=$onedark_black,nobold,nounderscore,noitalics]" ++set "window-status-format" "#[fg=$onedark_black,bg=$onedark_black,nobold,nounderscore,noitalics]#[fg=$onedark_white,bg=$onedark_black] #I #W #[fg=$onedark_black,bg=$onedark_black,nobold,nounderscore,noitalics]" ++set "window-status-current-format" "#[fg=$onedark_black,bg=$onedark_visual_grey,nobold,nounderscore,noitalics]#[fg=$onedark_white,bg=$onedark_visual_grey,nobold] #I #W #[fg=$onedark_visual_grey,bg=$onedark_black,nobold,nounderscore,noitalics]" diff --git a/home/c/programs/tmux/default.nix b/home/c/programs/tmux/default.nix index ffabf71..e71d8f5 100644 --- a/home/c/programs/tmux/default.nix +++ b/home/c/programs/tmux/default.nix @@ -1,4 +1,13 @@ -{pkgs, ...}: { +{ + pkgs, + cLib, + ... +}: let + getProgFor = cLib.getProgFor pkgs; + getProgFor' = cLib.getProgFor' pkgs; + tmux = getProgFor "tmux"; + tmux-sessionizer = getProgFor' "tmux-sessionizer-cl" "tmux-sessionizer"; +in { programs.tmux = { enable = true; shortcut = "x"; @@ -11,15 +20,15 @@ sensible yank { - plugin = onedark-theme; + plugin = onedark-theme.overrideAttrs (_: { + patches = [./bar.patch]; + }); extraConfig = "\n"; } { plugin = resurrect; extraConfig = '' - set -g @resurrect-strategy-vim 'session' - set -g @resurrect-strategy-nvim 'session' - set -g @resurrect-capture-pane-contents 'on' + set -g @resurrect-capture-pane-contents 'off' ''; } { @@ -42,9 +51,9 @@ bind \\ split-window -v -c "#{pane_current_path}" bind c new-window -c "#{pane_current_path}" - bind-key -r s run-shell "tmux display-popup -E 'tmux-sessionizer -s'" - bind-key -r f run-shell "tmux display-popup -E 'tmux-sessionizer -p'" - bind-key -r m run-shell "tmux switch-client -t main" + bind-key -r s run-shell "${tmux} display-popup -E '${tmux-sessionizer} -s'" + bind-key -r f run-shell "${tmux} display-popup -E '${tmux-sessionizer} -p'" + bind-key -r m run-shell "${tmux} switch-client -t main" bind S choose-tree bind -r k select-pane -U @@ -53,8 +62,4 @@ bind -r l select-pane -R ''; }; - - home.packages = [ - pkgs.tmux-sessionizer-cl - ]; } diff --git a/home/c/programs/waybar/default.nix b/home/c/programs/waybar/default.nix index e5c5bfe..1d941fc 100644 --- a/home/c/programs/waybar/default.nix +++ b/home/c/programs/waybar/default.nix @@ -1,4 +1,10 @@ -{pkgs, ...}: { +{ + pkgs, + cLib, + ... +}: let + soundControl = cLib.getProgFor pkgs "pwvucontrol"; +in { programs.waybar = { enable = true; package = pkgs.waybar.override { @@ -35,7 +41,7 @@ tooltip = false; }; wireplumber = { - on-click = "${pkgs.pwvucontrol}/bin/pwvucontrol"; + on-click = toString soundControl; format = "{icon} {volume}%"; format-muted = ""; format-icons = ["" "" ""]; diff --git a/home/c/services/default.nix b/home/c/services/default.nix index 5b065dc..803374c 100644 --- a/home/c/services/default.nix +++ b/home/c/services/default.nix @@ -1,4 +1,4 @@ -{...}: { +{pkgs, ...}: { imports = [./mako ./kanshi]; services = { network-manager-applet.enable = true; @@ -6,6 +6,7 @@ gpg-agent = { enable = true; enableSshSupport = true; + pinentryPackage = pkgs.pinentry-gnome3; }; }; } diff --git a/hosts/artemis/configuration.nix b/hosts/artemis/configuration.nix index 7915feb..ae4f4d1 100644 --- a/hosts/artemis/configuration.nix +++ b/hosts/artemis/configuration.nix @@ -31,11 +31,13 @@ vim gnome.adwaita-icon-theme wget + pinentry fzf nil killall gcc pkg-config + sbctl nish nsbm ]; @@ -45,10 +47,7 @@ sessionVariables = {NIXOS_OZONE_WL = "1";}; shells = with pkgs; [fish]; - - # etc."greetd/environments".text = '' - # hyprland - # ''; }; + fonts.packages = with pkgs; [nerdfonts meslo-lgs-nf]; } diff --git a/hosts/artemis/hardware-configuration.nix b/hosts/artemis/hardware-configuration.nix index ea07f90..3263411 100644 --- a/hosts/artemis/hardware-configuration.nix +++ b/hosts/artemis/hardware-configuration.nix @@ -13,6 +13,12 @@ kernelModules = ["kvm-intel"]; extraModulePackages = []; #kernelPackages = pkgs.linuxPackages_latest; + + loader.systemd-boot.enable = lib.mkForce false; + lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; + }; }; hardware = { bluetooth = { diff --git a/hosts/artemis/home.nix b/hosts/artemis/home.nix index fb18af5..3bfde5c 100644 --- a/hosts/artemis/home.nix +++ b/hosts/artemis/home.nix @@ -1,4 +1,8 @@ -{inputs, ...}: { +{ + inputs, + cLib, + ... +}: { programs.hyprlock.enable = true; security.pam.services.hyprlock = {}; home-manager = { @@ -11,6 +15,6 @@ inputs.self.homeManagerModules.trayscale ]; users.c = import ../../home/c; - extraSpecialArgs = {inherit inputs;}; + extraSpecialArgs = {inherit inputs cLib;}; }; } diff --git a/hosts/hermes/containers.nix b/hosts/hermes/containers.nix index 75b5365..6272ae4 100644 --- a/hosts/hermes/containers.nix +++ b/hosts/hermes/containers.nix @@ -7,7 +7,7 @@ flaresolverr = { #image = "ghcr.io/flaresolverr/flaresolverr:latest"; #image = "ghcr.io/flaresolverr/flaresolverr:pr-1282"; - image = "docker.io/alexfozor/flaresolverr:pr-1300"; + image = "docker.io/alexfozor/flaresolverr:pr-1300-experimental"; autoStart = true; ports = ["127.0.0.1:8191:8191"]; environment = { diff --git a/hosts/hermes/ddns.nix b/hosts/hermes/ddns.nix new file mode 100644 index 0000000..e8ea1c0 --- /dev/null +++ b/hosts/hermes/ddns.nix @@ -0,0 +1,13 @@ +{config, ...}: { + services.cloudflare-dyndns = { + enable = true; + ipv4 = true; + ipv6 = false; + proxied = false; + deleteMissing = false; + domains = []; + apiTokenFile = config.age.secrets.cloudflare-api.path; + }; + # services.cloudflare-dyndns.domains = []; + age.secrets."cloudflare-api".file = ../../secrets/cloudflare-api.age; +} diff --git a/hosts/hermes/default.nix b/hosts/hermes/default.nix index 1c45a90..da82c9e 100644 --- a/hosts/hermes/default.nix +++ b/hosts/hermes/default.nix @@ -2,11 +2,14 @@ imports = [ ./hardware-configuration.nix ./configuration.nix + ./ddns.nix + ./quassel.nix ./fail2ban.nix ./containers.nix ./networking.nix ./ssh.nix ./media.nix ./headscale.nix + ./forgejo.nix ]; } diff --git a/hosts/hermes/forgejo.nix b/hosts/hermes/forgejo.nix new file mode 100644 index 0000000..21ba439 --- /dev/null +++ b/hosts/hermes/forgejo.nix @@ -0,0 +1,40 @@ +{ + lib, + config, + ... +}: let + domain = "git.cleslie.uk"; +in { + services = { + cloudflare-dyndns.domains = [domain]; + forgejo = { + enable = true; + database.type = "postgres"; + settings = { + server = { + #DOMAIN = domain; + ROOT_URL = "https://${domain}"; + HTTP_PORT = 3000; + SSH_PORT = builtins.head config.services.openssh.ports; + }; + service.DISABLE_REGISTRATION = true; + }; + }; + + caddy.virtualHosts.${domain}.extraConfig = '' + reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT} + ''; + }; + + systemd.services.forgejo.preStart = '' + admin="${lib.getExe config.services.forgejo.package} admin user" + $admin create --admin --email "git@cleslie.uk" --username cleslie --password "$(tr -d '\n' < ${config.age.secrets.forgejo-password.path})" || true + # $admin change-password --username cleslie --password "$(tr -d '\n' < ${config.age.secrets.forgejo-password.path})" || true + ''; + + age.secrets."forgejo-password" = { + file = ../../secrets/forgejo-password.age; + mode = "400"; + owner = "forgejo"; + }; +} diff --git a/hosts/hermes/headscale.nix b/hosts/hermes/headscale.nix index d907330..5555b0b 100644 --- a/hosts/hermes/headscale.nix +++ b/hosts/hermes/headscale.nix @@ -13,6 +13,7 @@ in { ip_prefixes = "100.64.0.0/10"; }; }; + cloudflare-dyndns.domains = [domain]; caddy.virtualHosts.${domain}.extraConfig = '' reverse_proxy localhost:${toString config.services.headscale.port} ''; diff --git a/hosts/hermes/media.nix b/hosts/hermes/media.nix index 694a787..e1e5252 100644 --- a/hosts/hermes/media.nix +++ b/hosts/hermes/media.nix @@ -85,6 +85,8 @@ in { }; }; + cloudflare-dyndns.domains = ["media.cleslie.uk" "watch.cleslie.uk" "request.cleslie.uk"]; + jellyfin = { enable = true; package = pkgs.jellyfin; diff --git a/hosts/hermes/quassel.nix b/hosts/hermes/quassel.nix new file mode 100644 index 0000000..6bd6c38 --- /dev/null +++ b/hosts/hermes/quassel.nix @@ -0,0 +1,6 @@ +{...}: { + services.quassel = { + enable = true; + interfaces = ["0.0.0.0"]; + }; +} diff --git a/justfile b/justfile index 2f24fab..82bf5a4 100644 --- a/justfile +++ b/justfile @@ -5,10 +5,14 @@ alias r := rebuild alias v := vim alias u := update alias c := cache +alias d := deploy rebuild: sudo nixos-rebuild switch --flake .# +deploy MACHINE: + nix run .#deploy-{{MACHINE}} + vim: nix flake lock --update-input nixvim diff --git a/lib/default.nix b/lib/default.nix new file mode 100644 index 0000000..c8b84db --- /dev/null +++ b/lib/default.nix @@ -0,0 +1,6 @@ +{lib, ...}: let + getProgFor' = pkgs: prog: progn: lib.getExe' pkgs.${prog} progn; + getProgFor = pkgs: prog: getProgFor' pkgs prog prog; +in { + inherit getProgFor getProgFor'; +} diff --git a/modules/trayscale.nix b/modules/trayscale.nix index f2707a8..9a67ec5 100644 --- a/modules/trayscale.nix +++ b/modules/trayscale.nix @@ -28,7 +28,7 @@ in { Unit = { Description = "An unofficial GUI wrapper around the Tailscale CLI client"; Requires = ["tray.target"]; - After = ["graphical-session-pre.target" "tray.target"]; + After = ["graphical-session-pre.target" "tray.target" "tailscaled.service"]; PartOf = ["graphical-session.target"]; }; Install = {WantedBy = ["graphical-session.target"];}; diff --git a/secrets/cloudflare-api.age b/secrets/cloudflare-api.age new file mode 100644 index 0000000..1ee3de6 --- /dev/null +++ b/secrets/cloudflare-api.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 /RyXeg p2ROUhWiDQDOjALQnhhf566js8ivYTsgwNfCaaoe6yQ +UnCc2/4lb+PxnrKdAPVqwAyXavFGr8M3NV3+fSSdAU0 +-> ssh-ed25519 aSaoJQ hHqpvUCaH5RLAQwTdH1llfF/0aTraXtl25qFDaFhUwk ++4VMHc3PGR9HBlVTw4anbYORQPgFl24WGF5pwmt7w20 +--- qa7ctM764SNg3u/ITk+6DRXbLqF1Lom1xgKysY9DrkE +Z;Q +7k4%#pqvy] ieǺ]ɩi!4=s䉁JfpHs29sF}˪#i8 \ No newline at end of file diff --git a/secrets/forgejo-password.age b/secrets/forgejo-password.age new file mode 100644 index 0000000..b34346e --- /dev/null +++ b/secrets/forgejo-password.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 /RyXeg IjBz5+4Rk9Rg+jBgKWo/B5IoZmq/wTCWcqZRB/5lhAU +E2bov9sYropmovrjqTItnLLzgEECt6+9iD2zjHLvXbU +-> ssh-ed25519 aSaoJQ Rjq+7b3BFCrUFuVQhvrpxm8i4D7jpkkLleu36r4cinM +HpdvPeOUqUOxdcsnBd5QWiU00Di7xcKHLstI8Z9p6EM +--- 3Ku+G1FBZdVdS31q7fKd68Ai+FkD1rJg0eSKpYLd+2c +_PEڠ#]ȼlX"ba4ՖAlG8sot ~i#/ib1e7ޛ \ No newline at end of file diff --git a/secrets/mesh-conf-cleslie.age b/secrets/mesh-conf-cleslie.age index ac1c8f7..e22c63d 100644 --- a/secrets/mesh-conf-cleslie.age +++ b/secrets/mesh-conf-cleslie.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 /RyXeg RCXNBh7g6+X5buZJdDCd52elfUAnzgOUfINsdGCAcUg -0MOZk6dC51NyFWBu/4+6XY9bMgQ9JoCv6ekH9eaghI0 --> ssh-ed25519 ejjLpg ILRsr6hHJZrX4ssD1hj8FEH8VhqIouHpdLX0phc8qiM -0G6VMYbLtq+HcYurP8AIT5qCrLbQJQEpyyqNmRrjJ7I --> ssh-ed25519 aSaoJQ OVpC763FiqHOaD+uThjZcXgi215AE07aXitPi6Ar3wE -UGQ4Nnnxi2Z57XPJ+9DCUV+/U7aC+Wuprv4JcEHkFqE ---- ulRUBJuSDAodVNUVviwGJAYe7l/FOzVNNiQaVzGUWnI -&(fsRvKp**/-~j&I-Գ/pdE$u*nPnA0_E6 \ No newline at end of file +-> ssh-ed25519 /RyXeg 9XOLVh3LUWmQD98tT0JVXV87VObvZLYdEpFZfbdF0xg +ekxCG1bf0dBtxYn4MRNj5BrwfOEJQpH7NOLRGFTFfuo +-> ssh-ed25519 ejjLpg GmmHEVNJCsf4ABHzKSSkHmjqg4hblBvB/ob/223u1yY +Dh+VB4Z4eYyZBq7+ygyFCh9UuUrczcgAfGs4ZwG87bo +-> ssh-ed25519 aSaoJQ OIxgxGcuSoXb7S6Ae8+zf3DIKQzsGq0/W7i9I9MRfy4 +jhujSlaLTbtlUwIMeT8sVXPlh6gizyQ7GvI7Smk51mA +--- GRaOmf1hUdTF6KiamM+U9yW/QerPtQSmLEnPVdlk5Zw +sO-r*S0'ęs*q`xOp8_ї6"l7^ث@"u^j9d2/ \ No newline at end of file diff --git a/secrets/mesh-conf-infra.age b/secrets/mesh-conf-infra.age index 5e366a6..0cf36d4 100644 Binary files a/secrets/mesh-conf-infra.age and b/secrets/mesh-conf-infra.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index b0f2843..6aed516 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -9,4 +9,6 @@ in { "wg-conf.age".publicKeys = keys.c ++ allSystems; "mesh-conf-infra.age".publicKeys = keys.c ++ allSystems; "mesh-conf-cleslie.age".publicKeys = keys.c ++ allSystems; + "forgejo-password.age".publicKeys = keys.c ++ [systems.hermes]; + "cloudflare-api.age".publicKeys = keys.c ++ [systems.hermes]; } diff --git a/secrets/wg-conf.age b/secrets/wg-conf.age index 8e4bf6e..3ec2d79 100644 Binary files a/secrets/wg-conf.age and b/secrets/wg-conf.age differ