From 6f12893309898468b1e0c75b828a1960bf8fae16 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Mon, 2 Jun 2025 20:12:09 +0200 Subject: [PATCH 01/41] toaster: back to niri --- flake.lock | 21 +++++++++++++++++++++ flake.nix | 16 ++++++++++++++-- hosts/toaster/default.nix | 2 +- modules/niri.nix | 17 +++++++---------- 4 files changed, 43 insertions(+), 13 deletions(-) diff --git a/flake.lock b/flake.lock index 91b10f0..3699136 100644 --- a/flake.lock +++ b/flake.lock @@ -224,6 +224,26 @@ "type": "github" } }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs-unstable" + ] + }, + "locked": { + "lastModified": 1748830238, + "narHash": "sha256-EB+LzYHK0D5aqxZiYoPeoZoOzSAs8eqBDxm3R+6wMKU=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "c7fdb7e90bff1a51b79c1eed458fb39e6649a82a", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "lanzaboote": { "inputs": { "crane": "crane", @@ -513,6 +533,7 @@ "inputs": { "authentik-nix": "authentik-nix", "flake-utils": "flake-utils_2", + "home-manager": "home-manager", "lanzaboote": "lanzaboote", "lix": "lix", "lix-module": "lix-module", diff --git a/flake.nix b/flake.nix index e34868b..fdb5a79 100644 --- a/flake.nix +++ b/flake.nix @@ -46,6 +46,11 @@ inputs.flake-utils.follows = "flake-utils"; }; + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; + }; + tmux-yank = { url = "github:tmux-plugins/tmux-yank"; flake = false; @@ -54,6 +59,7 @@ outputs = inputs@{ + home-manager, lanzaboote, lix-module, microvm, @@ -113,18 +119,24 @@ nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen3 lix-module.nixosModules.default + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users."0xa" = import ./hosts/toaster/0xa-home.nix; + } + ./hosts/toaster ./modules/basic-tools ./modules/binary-caches.nix ./modules/devtools.nix - ./modules/gnome.nix + ./modules/niri.nix ./modules/gnupg.nix ./modules/radio.nix ./modules/science.nix ./modules/tlp.nix ./modules/virtualization.nix - ./modules/emacs.nix ./modules/mail ./modules/wg ]; diff --git a/hosts/toaster/default.nix b/hosts/toaster/default.nix index 7e78114..087b7f3 100644 --- a/hosts/toaster/default.nix +++ b/hosts/toaster/default.nix @@ -4,7 +4,7 @@ ./amd.nix ./hardware-configuration.nix ./irc.nix - ./network + ./network/full-networkd.nix ./secure-boot.nix ./zfs.nix ]; diff --git a/modules/niri.nix b/modules/niri.nix index e769189..4cd541e 100644 --- a/modules/niri.nix +++ b/modules/niri.nix @@ -1,8 +1,5 @@ -# General Desktop-related config -{ pkgs, inputs, ... }: +{ pkgs, ... }: { - nixpkgs.overlays = [ inputs.niri.overlays.niri ]; - programs.niri.enable = true; imports = [ @@ -13,15 +10,15 @@ let xwayland-satellite-git = pkgs.xwayland-satellite.overrideAttrs ( final: _prev: { - version = "git"; - cargoHash = "sha256-MaF2FyR3HvQAKkZKa8OO/5jbO64/Ncv7+JqHda4jN50="; + version = "0.6"; + cargoHash = "sha256-R3xXyXpHQw/Vh5Y4vFUl7n7jwBEEqwUCIZGAf9+SY1M="; src = pkgs.fetchFromGitHub { owner = "Supreeeme"; repo = "xwayland-satellite"; - rev = "cca74a5f6b23742d77dc5db4312dfc40fd4a0fcc"; - sha256 = "sha256-YZ+axsuNsgIKWfnRkt6Qa9UoKfUOIWf42vNUonXxmxM="; + rev = "3ba30b149f9eb2bbf42cf4758d2158ca8cceef73"; + sha256 = "sha256-IiLr1alzKFIy5tGGpDlabQbe6LV1c9ABvkH6T5WmyRI="; }; - cargoDeps = pkgs.rustPlatform.fetchCargoTarball { + cargoDeps = pkgs.rustPlatform.fetchCargoVendor { inherit (final) pname src version; hash = final.cargoHash; }; @@ -127,7 +124,7 @@ enable = true; settings = { default_session = { - command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --greeting \"$(${pkgs.fortune}/bin/fortune -s)\" --cmd ${pkgs.niri-stable}/bin/niri-session"; + command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --greeting \"$(${pkgs.fortune}/bin/fortune -s)\" --cmd ${pkgs.niri}/bin/niri-session"; }; }; }; From 6253edd88aee09faceea671731e8aaf6fe61c6f4 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Wed, 4 Jun 2025 13:11:14 +0200 Subject: [PATCH 02/41] keep emacs installed, but not as default --- flake.nix | 4 ++-- modules/emacs.nix | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index e34868b..61b4411 100644 --- a/flake.nix +++ b/flake.nix @@ -118,14 +118,14 @@ ./modules/basic-tools ./modules/binary-caches.nix ./modules/devtools.nix + ./modules/emacs.nix ./modules/gnome.nix ./modules/gnupg.nix + ./modules/mail ./modules/radio.nix ./modules/science.nix ./modules/tlp.nix ./modules/virtualization.nix - ./modules/emacs.nix - ./modules/mail ./modules/wg ]; }; diff --git a/modules/emacs.nix b/modules/emacs.nix index 8841e44..b48a977 100644 --- a/modules/emacs.nix +++ b/modules/emacs.nix @@ -32,6 +32,6 @@ ] ) ); - defaultEditor = lib.mkDefault true; + defaultEditor = lib.mkForce false; }; } From bf454e2018f9a7835374d24ced99b81b5749dd14 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Wed, 4 Jun 2025 22:23:55 +0200 Subject: [PATCH 03/41] bump lock --- flake.lock | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/flake.lock b/flake.lock index 91b10f0..ba5c370 100644 --- a/flake.lock +++ b/flake.lock @@ -253,11 +253,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1748874826, - "narHash": "sha256-PPRYL4vp/09ZPqbgo1b0h+mt28tddxE/nhA04bGvAU0=", - "rev": "530b40ac8ebf49ab93887e5035d7f1fdc3111325", + "lastModified": 1748893954, + "narHash": "sha256-Vj1GHarIzlJI3We5KnYcAQlSjn++fx7/lKRaiIVz3tg=", + "rev": "019b17f4e93c098f99a9bc691be1f1c4df026c7d", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/530b40ac8ebf49ab93887e5035d7f1fdc3111325.tar.gz?rev=530b40ac8ebf49ab93887e5035d7f1fdc3111325" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/019b17f4e93c098f99a9bc691be1f1c4df026c7d.tar.gz?rev=019b17f4e93c098f99a9bc691be1f1c4df026c7d" }, "original": { "type": "tarball", @@ -339,11 +339,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1748634340, - "narHash": "sha256-pZH4bqbOd8S+si6UcfjHovWDiWKiIGRNRMpmRWaDIms=", + "lastModified": 1749056381, + "narHash": "sha256-QITcurR19KZlrCngBoCjsFF2BdYsiCG4UqmlrVcLb8Q=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "daa628a725ab4948e0e2b795e8fb6f4c3e289a7a", + "rev": "029bd66faa180e11262dd1bc2732254c33415f52", "type": "github" }, "original": { @@ -402,11 +402,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1748693115, - "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=", + "lastModified": 1748929857, + "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", "owner": "nixos", "repo": "nixpkgs", - "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc", + "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", "type": "github" }, "original": { @@ -418,11 +418,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1748708770, - "narHash": "sha256-q8jG2HJWgooWa9H0iatZqBPF3bp0504e05MevFmnFLY=", + "lastModified": 1749024892, + "narHash": "sha256-OGcDEz60TXQC+gVz5sdtgGJdKVYr6rwdzQKuZAJQpCA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a59eb7800787c926045d51b70982ae285faa2346", + "rev": "8f1b52b04f2cb6e5ead50bd28d76528a2f0380ef", "type": "github" }, "original": { From d928378ae74a61c58fffd4acd991132fec212ac5 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Thu, 5 Jun 2025 16:23:56 +0200 Subject: [PATCH 04/41] add lapce --- modules/desktop-software.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/desktop-software.nix b/modules/desktop-software.nix index 5178c70..1a651f7 100644 --- a/modules/desktop-software.nix +++ b/modules/desktop-software.nix @@ -20,6 +20,7 @@ mpv obs-studio firefox + lapce ]; programs.steam.enable = true; } From 21796723fbca12cb3ac99c0cceedfbe2b95cde79 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Fri, 6 Jun 2025 15:16:25 +0200 Subject: [PATCH 05/41] bump lock --- flake.lock | 64 +++++++++++++++++++++++++++--------------------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/flake.lock b/flake.lock index ba5c370..dbd1074 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ "uv2nix": "uv2nix" }, "locked": { - "lastModified": 1747386678, - "narHash": "sha256-+4pIDo56iXWUklX1U+biw/cfC8TiSXTMh2N6V/+JMUg=", + "lastModified": 1749129962, + "narHash": "sha256-gc1l5z5dWw9a9DWsrp0ZiD+SSMsNpEwMEiRi8K5sh5c=", "owner": "nix-community", "repo": "authentik-nix", - "rev": "f20474660332903be6b47f3c1fdfc531f6f75f1d", + "rev": "271a38f7c4e2551f0674b894e2adf7cd1ddb8168", "type": "github" }, "original": { @@ -30,16 +30,16 @@ "authentik-src": { "flake": false, "locked": { - "lastModified": 1747329052, - "narHash": "sha256-idShMSYIrf3ViG9VFNGNu6TSjBz3Q+GJMMeCzcJwfG4=", + "lastModified": 1749043670, + "narHash": "sha256-gwHngqb23U8By7jhxFWQZOXy+vPQApJSkvr4gHI5ifQ=", "owner": "goauthentik", "repo": "authentik", - "rev": "ae47624761f05040149d856d5e55a90cd7492740", + "rev": "bda30c5ad5838fea36dc0a06f8580cca437f0fc0", "type": "github" }, "original": { "owner": "goauthentik", - "ref": "version/2025.4.1", + "ref": "version/2025.4.2", "repo": "authentik", "type": "github" } @@ -96,11 +96,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "lastModified": 1748821116, + "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1", "type": "github" }, "original": { @@ -253,11 +253,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1748893954, - "narHash": "sha256-Vj1GHarIzlJI3We5KnYcAQlSjn++fx7/lKRaiIVz3tg=", - "rev": "019b17f4e93c098f99a9bc691be1f1c4df026c7d", + "lastModified": 1748904204, + "narHash": "sha256-kbY82p5J5HP/y132Pn6JVO1/PKV/TqF336FsDArWkLo=", + "rev": "fca0a30470b7040489feeb2a86bad05bf9b1aa95", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/019b17f4e93c098f99a9bc691be1f1c4df026c7d.tar.gz?rev=019b17f4e93c098f99a9bc691be1f1c4df026c7d" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/fca0a30470b7040489feeb2a86bad05bf9b1aa95.tar.gz?rev=fca0a30470b7040489feeb2a86bad05bf9b1aa95" }, "original": { "type": "tarball", @@ -339,11 +339,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1749056381, - "narHash": "sha256-QITcurR19KZlrCngBoCjsFF2BdYsiCG4UqmlrVcLb8Q=", + "lastModified": 1749195551, + "narHash": "sha256-W5GKQHgunda/OP9sbKENBZhMBDNu2QahoIPwnsF6CeM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "029bd66faa180e11262dd1bc2732254c33415f52", + "rev": "4602f7e1d3f197b3cb540d5accf5669121629628", "type": "github" }, "original": { @@ -355,11 +355,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1747179050, - "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=", + "lastModified": 1748929857, + "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e", + "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", "type": "github" }, "original": { @@ -371,11 +371,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1743296961, - "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", + "lastModified": 1748740939, + "narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", + "rev": "656a64127e9d791a334452c6b6606d17539476e2", "type": "github" }, "original": { @@ -418,11 +418,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1749024892, - "narHash": "sha256-OGcDEz60TXQC+gVz5sdtgGJdKVYr6rwdzQKuZAJQpCA=", + "lastModified": 1749086602, + "narHash": "sha256-DJcgJMekoxVesl9kKjfLPix2Nbr42i7cpEHJiTnBUwU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8f1b52b04f2cb6e5ead50bd28d76528a2f0380ef", + "rev": "4792576cb003c994bd7cc1edada3129def20b27d", "type": "github" }, "original": { @@ -475,11 +475,11 @@ ] }, "locked": { - "lastModified": 1744599653, - "narHash": "sha256-nysSwVVjG4hKoOjhjvE6U5lIKA8sEr1d1QzEfZsannU=", + "lastModified": 1748562898, + "narHash": "sha256-STk4QklrGpM3gliPKNJdBLSQvIrqRuwHI/rnYb/5rh8=", "owner": "pyproject-nix", "repo": "build-system-pkgs", - "rev": "7dba6dbc73120e15b558754c26024f6c93015dd7", + "rev": "33bd58351957bb52dd1700ea7eeefe34de06a892", "type": "github" }, "original": { @@ -655,11 +655,11 @@ ] }, "locked": { - "lastModified": 1746649034, - "narHash": "sha256-gmv+ZiY3pQnwgI0Gm3Z1tNSux1CnOJ0De+xeDOol1+0=", + "lastModified": 1748916602, + "narHash": "sha256-GiwjjmPIISDFD0uQ1DqQ+/38hZ+2z1lTKVj/TkKaWwQ=", "owner": "pyproject-nix", "repo": "uv2nix", - "rev": "fe540e91c26f378c62bf6da365a97e848434d0cd", + "rev": "a4dd471de62b27928191908f57bfcd702ec2bfc9", "type": "github" }, "original": { From 9f8721d40e4c2580e54685f72ff02f48605dc8fb Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Tue, 10 Jun 2025 18:34:27 +0200 Subject: [PATCH 06/41] small fixes --- modules/desktop-software.nix | 2 ++ modules/emacs.nix | 2 +- modules/gnome.nix | 2 -- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/desktop-software.nix b/modules/desktop-software.nix index 1a651f7..24359a9 100644 --- a/modules/desktop-software.nix +++ b/modules/desktop-software.nix @@ -21,6 +21,8 @@ obs-studio firefox lapce + spotify + ghostty ]; programs.steam.enable = true; } diff --git a/modules/emacs.nix b/modules/emacs.nix index b48a977..d4b0f26 100644 --- a/modules/emacs.nix +++ b/modules/emacs.nix @@ -32,6 +32,6 @@ ] ) ); - defaultEditor = lib.mkForce false; + defaultEditor = lib.mkForce true; }; } diff --git a/modules/gnome.nix b/modules/gnome.nix index b1dae16..08c3b84 100644 --- a/modules/gnome.nix +++ b/modules/gnome.nix @@ -16,8 +16,6 @@ qbittorrent gnomeExtensions.caffeine gnomeExtensions.brightness-control-using-ddcutil - spotify - ghostty fractal ]; From 9cbb86603e861b067b6620a401f178098a9a2255 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Tue, 10 Jun 2025 18:34:37 +0200 Subject: [PATCH 07/41] bump lock --- flake.lock | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index dbd1074..cc515b0 100644 --- a/flake.lock +++ b/flake.lock @@ -253,11 +253,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1748904204, - "narHash": "sha256-kbY82p5J5HP/y132Pn6JVO1/PKV/TqF336FsDArWkLo=", - "rev": "fca0a30470b7040489feeb2a86bad05bf9b1aa95", + "lastModified": 1749471044, + "narHash": "sha256-a1KdOuDF2NJj+tM/2fufIyW5dDX0cHdmXWjli+0GRh4=", + "rev": "d8b1bb58622ee7af6cfa260d32d84859b3dc2ea2", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/fca0a30470b7040489feeb2a86bad05bf9b1aa95.tar.gz?rev=fca0a30470b7040489feeb2a86bad05bf9b1aa95" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/d8b1bb58622ee7af6cfa260d32d84859b3dc2ea2.tar.gz?rev=d8b1bb58622ee7af6cfa260d32d84859b3dc2ea2" }, "original": { "type": "tarball", @@ -402,11 +402,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1748929857, - "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", + "lastModified": 1749285348, + "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", + "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f", "type": "github" }, "original": { @@ -418,11 +418,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1749086602, - "narHash": "sha256-DJcgJMekoxVesl9kKjfLPix2Nbr42i7cpEHJiTnBUwU=", + "lastModified": 1749494155, + "narHash": "sha256-FG4DEYBpROupu758beabUk9lhrblSf5hnv84v1TLqMc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4792576cb003c994bd7cc1edada3129def20b27d", + "rev": "88331c17ba434359491e8d5889cce872464052c2", "type": "github" }, "original": { From f68df0d787dff516da912bd53278ec453d2bf0f9 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Tue, 10 Jun 2025 19:40:17 +0200 Subject: [PATCH 08/41] try out kde --- flake.nix | 2 +- hosts/toaster/network/default.nix | 7 ++++-- modules/fonts.nix | 2 ++ modules/plasma.nix | 39 +++++++++++++++++++++++++++++++ 4 files changed, 47 insertions(+), 3 deletions(-) create mode 100644 modules/plasma.nix diff --git a/flake.nix b/flake.nix index 61b4411..ddde63b 100644 --- a/flake.nix +++ b/flake.nix @@ -119,9 +119,9 @@ ./modules/binary-caches.nix ./modules/devtools.nix ./modules/emacs.nix - ./modules/gnome.nix ./modules/gnupg.nix ./modules/mail + ./modules/plasma.nix ./modules/radio.nix ./modules/science.nix ./modules/tlp.nix diff --git a/hosts/toaster/network/default.nix b/hosts/toaster/network/default.nix index 6d96c3c..bd42a43 100644 --- a/hosts/toaster/network/default.nix +++ b/hosts/toaster/network/default.nix @@ -7,13 +7,16 @@ ]; # Networkmanager shouldn't interfere with systemd managed interfaces - networking.networkmanager.unmanaged = + networking.networkmanager = { + enable = true; + unmanaged = let systemd_netdevs = lib.attrsets.attrValues ( lib.attrsets.mapAttrs (_name: value: value.netdevConfig.Name) config.systemd.network.netdevs ); in - systemd_netdevs; + systemd_netdevs; + }; systemd.network = { enable = true; diff --git a/modules/fonts.nix b/modules/fonts.nix index 32ae853..e8c54bc 100644 --- a/modules/fonts.nix +++ b/modules/fonts.nix @@ -19,6 +19,8 @@ liberation_ttf noto-fonts noto-fonts-cjk-sans + noto-fonts-color-emoji + noto-fonts-monochrome-emoji noto-fonts-emoji noto-fonts-extra proggyfonts diff --git a/modules/plasma.nix b/modules/plasma.nix new file mode 100644 index 0000000..c3d2731 --- /dev/null +++ b/modules/plasma.nix @@ -0,0 +1,39 @@ +{ pkgs, ... }: +{ + imports = [ + ./desktop-software.nix + ./fonts.nix + ]; + + environment.systemPackages = with pkgs.kdePackages; [ + kmail + okular + ]; + + programs.kde-pim = { + enable = true; + kmail = true; + kontact = true; + merkuro = true; + }; + + # Enable sound. + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + pulse.enable = true; + }; + + programs.zsh.vteIntegration = true; + programs.bash.vteIntegration = true; + + hardware.bluetooth.enable = true; + + services.displayManager.sddm = { + enable = true; + wayland.enable = true; + }; + + services.desktopManager.plasma6.enable = true; +} From fa39e47fef4576cbf2e9a8a023e2e86f7f365e79 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Tue, 10 Jun 2025 20:53:59 +0200 Subject: [PATCH 09/41] format and small fixes --- hosts/toaster/network/default.nix | 10 +++++----- modules/desktop-software.nix | 17 +++++++++-------- modules/gnome.nix | 1 - modules/plasma.nix | 6 +++--- 4 files changed, 17 insertions(+), 17 deletions(-) diff --git a/hosts/toaster/network/default.nix b/hosts/toaster/network/default.nix index bd42a43..6504dbb 100644 --- a/hosts/toaster/network/default.nix +++ b/hosts/toaster/network/default.nix @@ -10,11 +10,11 @@ networking.networkmanager = { enable = true; unmanaged = - let - systemd_netdevs = lib.attrsets.attrValues ( - lib.attrsets.mapAttrs (_name: value: value.netdevConfig.Name) config.systemd.network.netdevs - ); - in + let + systemd_netdevs = lib.attrsets.attrValues ( + lib.attrsets.mapAttrs (_name: value: value.netdevConfig.Name) config.systemd.network.netdevs + ); + in systemd_netdevs; }; diff --git a/modules/desktop-software.nix b/modules/desktop-software.nix index 24359a9..a09d31f 100644 --- a/modules/desktop-software.nix +++ b/modules/desktop-software.nix @@ -7,22 +7,23 @@ audacity blender dino + discord + element-desktop ffmpeg-full + firefox + ghostty gimp inkscape + lapce + mpv + obs-studio + qbittorrent signal-desktop + spotify telegram-desktop tor-browser wl-clipboard yt-dlp - element-desktop - discord - mpv - obs-studio - firefox - lapce - spotify - ghostty ]; programs.steam.enable = true; } diff --git a/modules/gnome.nix b/modules/gnome.nix index 08c3b84..5743283 100644 --- a/modules/gnome.nix +++ b/modules/gnome.nix @@ -13,7 +13,6 @@ gnome-obfuscate gnome-boxes gnome-tweaks - qbittorrent gnomeExtensions.caffeine gnomeExtensions.brightness-control-using-ddcutil fractal diff --git a/modules/plasma.nix b/modules/plasma.nix index c3d2731..cfbdd96 100644 --- a/modules/plasma.nix +++ b/modules/plasma.nix @@ -5,9 +5,9 @@ ./fonts.nix ]; - environment.systemPackages = with pkgs.kdePackages; [ - kmail - okular + environment.systemPackages = with pkgs; [ + kdePackages.okular + vlc ]; programs.kde-pim = { From 64269a89828c0a39426cd964ba6609e13d0f9950 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Wed, 11 Jun 2025 11:05:04 +0200 Subject: [PATCH 10/41] plasma: integrate firefox --- modules/desktop-software.nix | 2 +- modules/plasma.nix | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/desktop-software.nix b/modules/desktop-software.nix index a09d31f..cbfba71 100644 --- a/modules/desktop-software.nix +++ b/modules/desktop-software.nix @@ -10,7 +10,6 @@ discord element-desktop ffmpeg-full - firefox ghostty gimp inkscape @@ -26,4 +25,5 @@ yt-dlp ]; programs.steam.enable = true; + programs.firefox.enable = true; } diff --git a/modules/plasma.nix b/modules/plasma.nix index cfbdd96..d71b475 100644 --- a/modules/plasma.nix +++ b/modules/plasma.nix @@ -36,4 +36,7 @@ }; services.desktopManager.plasma6.enable = true; + programs.firefox.nativeMessagingHosts.packages = with pkgs.kdePackages; [ + plasma-browser-integration + ]; } From d289649c49464fe3c0807aacc451a78505d94301 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Wed, 11 Jun 2025 11:05:22 +0200 Subject: [PATCH 11/41] enable ssh agent --- modules/plasma.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/modules/plasma.nix b/modules/plasma.nix index d71b475..f75afaf 100644 --- a/modules/plasma.nix +++ b/modules/plasma.nix @@ -36,6 +36,14 @@ }; services.desktopManager.plasma6.enable = true; + + programs.ssh = { + startAgent = true; + enableAskPassword = false; + extraConfig = '' + AddKeysToAgent yes + ''; + }; programs.firefox.nativeMessagingHosts.packages = with pkgs.kdePackages; [ plasma-browser-integration ]; From 44c31514e6090b4b24d89c49f1fa3912ce194205 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Wed, 11 Jun 2025 15:35:33 +0200 Subject: [PATCH 12/41] add new ssh key --- modules/server/ssh.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/server/ssh.nix b/modules/server/ssh.nix index 4c27a00..ea463d5 100644 --- a/modules/server/ssh.nix +++ b/modules/server/ssh.nix @@ -10,5 +10,6 @@ networking.firewall.allowedTCPPorts = [ 22 ]; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJl9iYG5oHBq/poBn7Jf1/FGWWbAnbx+NKjs7qtT3uAK 0xa@toaster 2024-12-31" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINjKbSzsAx8P9POD9pOXO+Fxub68V828sNatPA6+2zmGAAAABHNzaDo= 0xa@keychain-A" ]; } From f9ff89e13e86be30a2d65ad707ac3b7d0697c869 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Wed, 11 Jun 2025 15:47:20 +0200 Subject: [PATCH 13/41] add kaidan --- modules/plasma.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/plasma.nix b/modules/plasma.nix index f75afaf..aadd178 100644 --- a/modules/plasma.nix +++ b/modules/plasma.nix @@ -6,6 +6,7 @@ ]; environment.systemPackages = with pkgs; [ + kaidan kdePackages.okular vlc ]; From b2a00d0006bf4aac8bce9f404112e682c0015430 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Wed, 11 Jun 2025 19:25:44 +0200 Subject: [PATCH 14/41] nginx->caddy --- hosts/cloud/proxy/auth.nix | 36 ------------- hosts/cloud/proxy/conduwuit.nix | 47 ---------------- hosts/cloud/proxy/dav.nix | 64 ---------------------- hosts/cloud/proxy/default.nix | 95 ++++++++++++++------------------- hosts/cloud/proxy/git.nix | 32 +---------- hosts/cloud/proxy/immich.nix | 33 ------------ hosts/cloud/proxy/news.nix | 17 ------ 7 files changed, 42 insertions(+), 282 deletions(-) delete mode 100644 hosts/cloud/proxy/auth.nix delete mode 100644 hosts/cloud/proxy/conduwuit.nix delete mode 100644 hosts/cloud/proxy/dav.nix delete mode 100644 hosts/cloud/proxy/immich.nix delete mode 100644 hosts/cloud/proxy/news.nix diff --git a/hosts/cloud/proxy/auth.nix b/hosts/cloud/proxy/auth.nix deleted file mode 100644 index c8700f0..0000000 --- a/hosts/cloud/proxy/auth.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ ... }: -{ - services.nginx.upstreams.authentik = { - servers = { - "10.89.88.11:9000" = { }; - "[fd31:185d:722f::11]:9000" = { }; - }; - extraConfig = '' - keepalive 10; - ''; - }; - - services.nginx.virtualHosts."auth.oxapentane.com" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://authentik"; - extraConfig = '' - # general proxy settings - proxy_connect_timeout 60s; - proxy_send_timeout 60s; - proxy_read_timeout 60s; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - # authentik specifik - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade_keepalive; - ''; - }; - }; -} diff --git a/hosts/cloud/proxy/conduwuit.nix b/hosts/cloud/proxy/conduwuit.nix deleted file mode 100644 index 97ba4a3..0000000 --- a/hosts/cloud/proxy/conduwuit.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ ... }: -let - proxy-conf = '' - client_max_body_size 50M; - proxy_buffering off; - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Access-Control-Allow-Origin *; - proxy_set_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS'; - proxy_set_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type, Authorization'; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - proxy_read_timeout 600s; - proxy_send_timeout 600s; - send_timeout 600s; - ''; - -in -{ - services.nginx.upstreams.conduwuit = { - servers = { - "10.89.88.16:6167" = { }; - "[fd31:185d:722f::16]:6167" = { }; - }; - }; - - services.nginx.virtualHosts."oxapentane.com" = { - locations."/_matrix/" = { - proxyPass = "http://conduwuit$request_uri"; - extraConfig = proxy-conf; - }; - locations."/_conduwuit/" = { - proxyPass = "http://conduwuit$request_uri"; - extraConfig = proxy-conf; - }; - locations."/.well-known/matrix" = { - proxyPass = "http://conduwuit$request_uri"; - extraConfig = proxy-conf; - }; - }; -} diff --git a/hosts/cloud/proxy/dav.nix b/hosts/cloud/proxy/dav.nix deleted file mode 100644 index 6f00943..0000000 --- a/hosts/cloud/proxy/dav.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ ... }: -{ - services.nginx.upstreams.radicale = { - servers = { - "10.89.88.12:5232" = { }; - "[fd31:185d:722f::12]:5232" = { }; - }; - }; - - services.nginx.virtualHosts."dav.oxapentane.com" = { - forceSSL = true; - enableACME = true; - # Radicale - locations."/" = { - proxyPass = "http://radicale"; - extraConfig = '' - # Radicale stuff - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade_keepalive; - - # authentik stuff - auth_request /outpost.goauthentik.io/auth/nginx; - error_page 401 = @goauthentik_proxy_signin; - auth_request_set $auth_cookie $upstream_http_set_cookie; - proxy_set_header Set-Cookie $auth_cookie; - - # translate headers from the outposts back to the actual upstream - auth_request_set $authentik_username $upstream_http_x_authentik_username; - auth_request_set $authentik_groups $upstream_http_x_authentik_groups; - auth_request_set $authentik_entitlements $upstream_http_x_authentik_entitlements; - auth_request_set $authentik_email $upstream_http_x_authentik_email; - auth_request_set $authentik_name $upstream_http_x_authentik_name; - auth_request_set $authentik_uid $upstream_http_x_authentik_uid; - - proxy_set_header X-authentik-username $authentik_username; - proxy_set_header X-Remote-User $authentik_username; - proxy_set_header X-authentik-groups $authentik_groups; - proxy_set_header X-authentik-entitlements $authentik_entitlements; - proxy_set_header X-authentik-email $authentik_email; - proxy_set_header X-authentik-name $authentik_name; - proxy_set_header X-authentik-uid $authentik_uid; - ''; - }; - - locations."/outpost.goauthentik.io" = { - proxyPass = "http://authentik/outpost.goauthentik.io"; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Original-URL $scheme://$http_host$request_uri; - proxy_set_header Set-Cookie $auth_cookie; - auth_request_set $auth_cookie $upstream_http_set_cookie; - proxy_pass_request_body off; - proxy_set_header Content-Length ""; - ''; - }; - locations."@goauthentik_proxy_signin" = { - extraConfig = '' - internal; - proxy_set_header Set-Cookie $auth_cookie; - return 302 /outpost.goauthentik.io/start?rd=$request_uri; - ''; - }; - }; -} diff --git a/hosts/cloud/proxy/default.nix b/hosts/cloud/proxy/default.nix index e233e65..9994da4 100644 --- a/hosts/cloud/proxy/default.nix +++ b/hosts/cloud/proxy/default.nix @@ -4,12 +4,7 @@ let in { imports = [ - ./auth.nix - ./conduwuit.nix - ./dav.nix ./git.nix - ./immich.nix - ./news.nix ]; networking.firewall.allowedTCPPorts = [ @@ -17,63 +12,53 @@ in 443 ]; - services.nginx = { + services.caddy = { enable = true; + virtualHosts."oxapentane.com" = { + serverAliases = [ "www.oxapentane.com" ]; + extraConfig = '' + # conduit + @matrix { + path /.well-known/matrix/* + path /_matrix/* + } - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; + route { + header /.well-known/matrix/* Access-Control-Allow-Origin * - sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; + reverse_proxy @matrix 10.89.88.16:6167 - appendHttpConfig = '' - # upgrade websockets - map $http_upgrade $connection_upgrade_keepalive { - default upgrade; - ''' '''; - } + # file server + file_server { + root ${website} + index index.html + } + } + ''; + }; - ### TLS - # Add HSTS header with preloading to HTTPS requests. - # Adding this header to HTTP requests is discouraged - map $scheme $hsts_header { - https "max-age=31536000; includeSubdomains; preload"; - } - add_header Strict-Transport-Security $hsts_header; - - # Enable CSP for your services. - # add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; - - # Minimize information leaked to other domains - add_header 'Referrer-Policy' 'origin-when-cross-origin'; - - # Disable embedding as a frame - # add_header X-Frame-Options DENY; - - # Prevent injection of code in other mime types (XSS Attacks) - add_header X-Content-Type-Options nosniff; + virtualHosts."auth.oxapentane.com".extraConfig = '' + reverse_proxy 10.89.88.11:9000 [fd31:185d:722f::11]:9000 ''; - virtualHosts."oxapentane.com" = { - forceSSL = true; - enableACME = true; - default = true; - locations."/" = { - root = "${website}"; - index = "index.html"; - }; - }; - virtualHosts."www.oxapentane.com" = { - forceSSL = true; - enableACME = true; - locations."/" = { - return = "302 https://oxapentane.com"; - }; - }; - }; + virtualHosts."dav.oxapentane.com".extraConfig = '' + route { + reverse_proxy /outpost.goauthentik.io/* 10.89.88.11:9000 [fd31:185d:722f::11]:9000 - security.acme = { - acceptTerms = true; - defaults.email = "acme@oxapentane.com"; + forward_auth 10.89.88.11:9000 { + uri /outpost.goauthentik.io/auth/caddy + copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Entitlements X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version X-Authentik-Username>X-Remote-User + trusted_proxies 10.89.88.11 fd31:185d:722f::11 + } + } + reverse_proxy 10.89.88.12:5232 [fd31:185d:722f::12]:5232 + + ''; + + virtualHosts."immich.oxapentane.com".extraConfig = '' + reverse_proxy 10.89.88.13:2283 + ''; + + virtualHosts."news.oxapentane.com".extraConfig = "reverse_proxy http://10.89.88.14:8080"; }; } diff --git a/hosts/cloud/proxy/git.nix b/hosts/cloud/proxy/git.nix index ac53f4c..6986f80 100644 --- a/hosts/cloud/proxy/git.nix +++ b/hosts/cloud/proxy/git.nix @@ -35,34 +35,6 @@ "fd31:185d:722e::1" ]; - services.nginx.upstreams.forgejo = { - servers = { - "10.89.88.15:3000" = { }; - "[fd31:185d:722f::15]:3000" = { }; - }; - }; - - services.nginx.virtualHosts."git.oxapentane.com" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://forgejo"; - extraConfig = '' - client_max_body_size 50000M; - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - proxy_read_timeout 600s; - proxy_send_timeout 600s; - send_timeout 600s; - ''; - }; - }; + services.caddy.virtualHosts."git.oxapentane.com".extraConfig = + "reverse_proxy 10.89.88.15:3000 [fd31:185d:722f::15]:3000"; } diff --git a/hosts/cloud/proxy/immich.nix b/hosts/cloud/proxy/immich.nix deleted file mode 100644 index 93e62d2..0000000 --- a/hosts/cloud/proxy/immich.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ ... }: -{ - services.nginx.upstreams.immich = { - servers = { - "10.89.88.13:2283" = { }; - "[fd31:185d:722f::13]:2283" = { }; - }; - }; - - services.nginx.virtualHosts."immich.oxapentane.com" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://immich"; - extraConfig = '' - client_max_body_size 50000M; - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - proxy_read_timeout 600s; - proxy_send_timeout 600s; - send_timeout 600s; - ''; - }; - }; -} diff --git a/hosts/cloud/proxy/news.nix b/hosts/cloud/proxy/news.nix deleted file mode 100644 index 3bbfda2..0000000 --- a/hosts/cloud/proxy/news.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ ... }: -{ - services.nginx.virtualHosts."news.oxapentane.com" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://10.89.88.14:8080"; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_redirect off; - ''; - }; - }; -} From d7fe38c9a4a40855faf5973690f00e72c98d2d9e Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Wed, 11 Jun 2025 22:13:26 +0200 Subject: [PATCH 15/41] disable default search --- modules/chromium.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/chromium.nix b/modules/chromium.nix index 5c971c6..4cdf16a 100644 --- a/modules/chromium.nix +++ b/modules/chromium.nix @@ -26,9 +26,9 @@ "AutoplayAllowed" = false; "DefaultNotificationSetting" = 2; "BackgroundModeEnabled" = false; - "DefaultSearchProviderEnabled" = true; + # "DefaultSearchProviderEnabled" = true; # "DefaultSearchProviderSearchURL" = "https://google.com/search?q={searchTerms}"; - "DefaultSearchProviderSearchURL" = "https://duckduckgo.com/?q={searchTerms}"; + # "DefaultSearchProviderSearchURL" = "https://duckduckgo.com/?q={searchTerms}"; "SearchSuggestEnable" = false; "BlockThirdPartyCookies" = true; "PrivacySandboxAdMeasurementEnabled" = false; From 92082762a5020326233156a0c9805e3a25d1c44d Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Thu, 12 Jun 2025 10:36:03 +0200 Subject: [PATCH 16/41] add filelight --- modules/plasma.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/plasma.nix b/modules/plasma.nix index aadd178..1a7a170 100644 --- a/modules/plasma.nix +++ b/modules/plasma.nix @@ -7,6 +7,7 @@ environment.systemPackages = with pkgs; [ kaidan + kdePackages.filelight kdePackages.okular vlc ]; From 5dcd5d911f08fcaf5327d136bc8cb1c69e23ecf6 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Thu, 12 Jun 2025 22:58:51 +0200 Subject: [PATCH 17/41] bump lock --- flake.lock | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index cc515b0..e15b51f 100644 --- a/flake.lock +++ b/flake.lock @@ -253,11 +253,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1749471044, - "narHash": "sha256-a1KdOuDF2NJj+tM/2fufIyW5dDX0cHdmXWjli+0GRh4=", - "rev": "d8b1bb58622ee7af6cfa260d32d84859b3dc2ea2", + "lastModified": 1749682763, + "narHash": "sha256-DDhns3NS6L5OlYR0mSX03I5D7uGLyyd3MZegd1wTCyc=", + "rev": "ee0655240270480d7f6063dcf12ec47f04d2ded6", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/d8b1bb58622ee7af6cfa260d32d84859b3dc2ea2.tar.gz?rev=d8b1bb58622ee7af6cfa260d32d84859b3dc2ea2" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ee0655240270480d7f6063dcf12ec47f04d2ded6.tar.gz?rev=ee0655240270480d7f6063dcf12ec47f04d2ded6" }, "original": { "type": "tarball", @@ -418,11 +418,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1749494155, - "narHash": "sha256-FG4DEYBpROupu758beabUk9lhrblSf5hnv84v1TLqMc=", + "lastModified": 1749727998, + "narHash": "sha256-mHv/yeUbmL91/TvV95p+mBVahm9mdQMJoqaTVTALaFw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "88331c17ba434359491e8d5889cce872464052c2", + "rev": "fd487183437963a59ba763c0cc4f27e3447dd6dd", "type": "github" }, "original": { @@ -553,11 +553,11 @@ ] }, "locked": { - "lastModified": 1747603214, - "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", + "lastModified": 1749592509, + "narHash": "sha256-VunQzfZFA+Y6x3wYi2UE4DEQ8qKoAZZCnZPUlSoqC+A=", "owner": "Mic92", "repo": "sops-nix", - "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", + "rev": "50754dfaa0e24e313c626900d44ef431f3210138", "type": "github" }, "original": { From 3e6faa5d092ef00255adbf7edd4efe2d15accb3f Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Thu, 12 Jun 2025 23:25:57 +0200 Subject: [PATCH 18/41] change user shell --- hosts/toaster/default.nix | 2 +- modules/basic-tools/zsh.nix | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/toaster/default.nix b/hosts/toaster/default.nix index 7e78114..2b8577b 100644 --- a/hosts/toaster/default.nix +++ b/hosts/toaster/default.nix @@ -66,7 +66,7 @@ home = "/home/0xa"; isNormalUser = true; uid = 1000; - shell = pkgs.fish; + shell = pkgs.zsh; }; # This value determines the NixOS release from which the default diff --git a/modules/basic-tools/zsh.nix b/modules/basic-tools/zsh.nix index c474267..91c6292 100644 --- a/modules/basic-tools/zsh.nix +++ b/modules/basic-tools/zsh.nix @@ -39,6 +39,7 @@ LP_ENABLE_SVN=0 LP_BATTERY_THRESHOLD=15 LP_SSH_COLORS=1 + LP_DISABLED_VCS_PATHS=("/home/0xa/proj/NixOS/nixpkgs") ''; }; } From 2a44e5c81e2d46766ed095d5e94c5fafbd5d85fa Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Wed, 11 Jun 2025 22:53:22 +0200 Subject: [PATCH 19/41] deploy stream (navidrome) microvm --- .sops.yaml | 7 ++++ flake.nix | 1 + hosts/cloud/proxy/default.nix | 32 +++++++++++++++ hosts/stream/default.nix | 76 +++++++++++++++++++++++++++++++++++ hosts/stream/navidrome.nix | 16 ++++++++ hosts/stream/secrets.yaml | 38 ++++++++++++++++++ modules/wg/proxy.nix | 8 ++++ 7 files changed, 178 insertions(+) create mode 100644 hosts/stream/default.nix create mode 100644 hosts/stream/navidrome.nix create mode 100644 hosts/stream/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml index dd882ca..649c351 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -11,6 +11,7 @@ keys: - &immich age1afyntwvj672lcq2e4dpxmw3syplzurnnd8q8j3265843jeedpveqkp465z - &miniflux age15ja22wd9tt60vn32sk59pp6c7vtjsn8y3rypn8qfnvxthug8sp0q6f72uh - &radicale age1j6z39kmnxkqa7jdcjsydy5cryjce7fttf225fh3pldyvq06ax3fq58mk8c + - &stream age148r2q3cy9sjem37rvgtcc4qjx8usxkdg77pqexa56gmcexn58aaslh3cnj creation_rules: - path_regex: hosts/toaster/[^/]+\.yaml$ key_groups: @@ -66,3 +67,9 @@ creation_rules: - *admin_oxa age: - *conduwuit + - path_regex: hosts/stream/[^/]+\.yaml$ + key_groups: + - pgp: + - *admin_oxa + age: + - *stream diff --git a/flake.nix b/flake.nix index ddde63b..2b085bc 100644 --- a/flake.nix +++ b/flake.nix @@ -71,6 +71,7 @@ "forgejo" "miniflux" "radicale" + "stream" ]; microvm-unstable-list = [ "auth" diff --git a/hosts/cloud/proxy/default.nix b/hosts/cloud/proxy/default.nix index 9994da4..6cf0151 100644 --- a/hosts/cloud/proxy/default.nix +++ b/hosts/cloud/proxy/default.nix @@ -60,5 +60,37 @@ in ''; virtualHosts."news.oxapentane.com".extraConfig = "reverse_proxy http://10.89.88.14:8080"; + + virtualHosts."music.oxapentane.com".extraConfig = '' + route { + reverse_proxy /outpost.goauthentik.io/* 10.89.88.11:9000 [fd31:185d:722f::11]:9000 + + @protected not path /share/* /rest/* + forward_auth @protected 10.89.88.11:9000 { + uri /outpost.goauthentik.io/auth/caddy + copy_headers X-Authentik-Username>Remote-User + trusted_proxies 10.89.88.11 fd31:185d:722f::11 + } + + + @subsonic path /rest/* + forward_auth @subsonic 10.89.88.11:9000 { + uri /outpost.goauthentik.io/auth/caddy + copy_headers X-Authentik-Username>Remote-User + @error status 1xx 3xx 4xx 5xx + handle_response @error { + respond < + + + SUBSONICERR 200 + } + trusted_proxies 10.89.88.11 fd31:185d:722f::11 + } + } + reverse_proxy 10.89.88.17:4533 + + ''; + }; } diff --git a/hosts/stream/default.nix b/hosts/stream/default.nix new file mode 100644 index 0000000..4543466 --- /dev/null +++ b/hosts/stream/default.nix @@ -0,0 +1,76 @@ +{ config, lib, ... }: +let + mac = "02:00:00:00:00:07"; +in +{ + imports = [ + ./navidrome.nix + ]; + + sops.defaultSopsFile = ./secrets.yaml; + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + + sops.secrets = { + "wg/0xa-proxy" = { + owner = config.users.users.systemd-network.name; + }; + }; + + microvm = { + hypervisor = "qemu"; + mem = 4 * 1024; + vcpu = 3; + interfaces = [ + { + type = "tap"; + id = "uvm-stream"; + mac = mac; + } + ]; + shares = + [ + { + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + tag = "store"; + proto = "virtiofs"; + } + ] + ++ map + (dir: { + source = dir; + mountPoint = "/${dir}"; + tag = dir; + proto = "virtiofs"; + }) + [ + "etc" + "var" + "home" + ]; + }; + + networking.useNetworkd = true; + networking.firewall.enable = lib.mkForce false; # firewalling done by the host + + systemd.network = { + enable = true; + networks."11-host" = { + matchConfig.MACAddress = mac; + networkConfig = { + Address = "10.99.99.17/24"; + DHCP = "no"; + }; + routes = [ + { + Gateway = "10.99.99.1"; + Destination = "0.0.0.0/0"; + Metric = 1024; + } + ]; + }; + }; + + networking.hostName = "stream"; + system.stateVersion = "25.05"; +} diff --git a/hosts/stream/navidrome.nix b/hosts/stream/navidrome.nix new file mode 100644 index 0000000..0b1cd07 --- /dev/null +++ b/hosts/stream/navidrome.nix @@ -0,0 +1,16 @@ +{ ... }: +{ + services.navidrome = { + enable = true; + settings = { + Address = "10.89.88.17"; + BaseUrl = "/"; + EnableExternalServices = false; + MusicFolder = "/var/lib/navidrome/music"; + Port = 4533; + ScanSchedule = "@every 11m"; + TranscodingCacheSize = "11GiB"; + ReverseProxyWhitelist = "10.89.88.1/24"; + }; + }; +} diff --git a/hosts/stream/secrets.yaml b/hosts/stream/secrets.yaml new file mode 100644 index 0000000..a75b120 --- /dev/null +++ b/hosts/stream/secrets.yaml @@ -0,0 +1,38 @@ +wg: + 0xa-proxy: ENC[AES256_GCM,data:uZfFc4elxCAVZvdIHJ7lgoPs9qKkD9ZvLhcYbexDcqn0alaMzIr++CY52FI=,iv:CREMt6GrLHs4Jwj/55awDFHh9hQlJPEi4ZQ7ZLMPvRA=,tag:iJAGdqzQbyezmDj+tzjdNQ==,type:str] +sops: + age: + - recipient: age148r2q3cy9sjem37rvgtcc4qjx8usxkdg77pqexa56gmcexn58aaslh3cnj + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSko5L1BCOTR1QmZabGw3 + QS9kbDZyWEJvV09MNkNqbTNncjZrOXl6WFZrCmxQelVzbjdvUUl4aVl3UVFVL0Q5 + S0VDNkdvcDZnZytCdjBrZUZYTFlEZncKLS0tIG1NWnlnRGovcWxDL2JYMTc2bEY5 + K29Dd0t6b3FMZjU2cXFBbEw3RktkQlkKCh+jXv65KfAsSR4/0+UWwU5tCphrEEgE + WDbIdUZ8j5xHHQwJ58cU7uQ+BSy0yZlwwr8vPoaKdXQzMgyrQfq3gg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-06-12T22:54:11Z" + mac: ENC[AES256_GCM,data:15EU9VupWfvR8CrfKrX3nhpD60hYB2LY3vuAPvdqzKLliqSqolNj956fOFicfSHvmW/s+7x+M+5FROnOzSbToTZotFtvALQihHH999veGZMx8Q8oIyljT1PBw/SU9djXPI1KjG/zzYOAwu7y/Ffm0QKhMRziH7CQLn30KR0o2w0=,iv:ghdyTvcpgnBi2L9s4UrzwWwt9TeU0WkGquZ64+w9IN8=,tag:4m4hYFgejlEaQROB/OEi6g==,type:str] + pgp: + - created_at: "2025-06-12T22:51:49Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA7zUOKwzpAE7AQ/8ClHQoCuiC0AH28bDit4qjNh/TnYq3IbAdyITOqUYPRc6 + th8MCDY0CfxvzDTLYxTlHH4MNDOiWWTMg/shC8xV3MrAIpEQV79ivYMay04aWpCH + HqlhjBynCwAnJRanc9Ch5zW1wCjpgMp+kMDX8JhhUL0Rmt2fd2nSp4R2bb+/HRvn + vAaDq3TTLkLr1OHcTNKFFbXafGLKMahxkQGRMgD1DIPCLW+nUxerUnlxHo4yjj3B + WKXBVKeWowgBHvelHqUVf6yeSmWZyFDP/jFxFEi75A+BYmwxlQcRDn0L0NKUlMa/ + uF3jtW3XBMS/sLX7aRscBFeEq9XPce9urJK4KPFNVFI3X1WbD6O/Z87Y+MHa2n0s + DuxIwrffpw8p4qSVBAJLbSW1vR/suGh/0Cr31mzo4FJT92A93wc8JdLdpHUfTXL/ + bEbt6M7OSqvIt5/mor7Ad6/HRkEl+sZJnHqeU/qKfAIKKfz5UVG/ZCZDZlVGTmpp + lV9Dn8QjA1ut4lMvACJBocnrlH4T6150ULL0r3gHuVy5YhnGR+LWFdgaCJ4v3f1J + A59eAyQENNMoSGZU/YZx95kFPc1O/GIkmiMpXZxBISN3F70QP30ieqbP1qnZRfMg + GldVAFhfaHct4lujlgRfOkmwcNG3gTIru4wAqg+wzriI9jm9vEoF0MDJs2cwNYTS + XgE32jq6Li59TMUQH9iB4l0cM42QbQ8BcSn6o/NhmF6HHq9W5yuD6EIs4KNfdHv6 + ikgqQuGGO9v7qDMd0piyqeLRGMANepxrR5uMsbFmMnah9RUq9CjRbMADLa+8DeU= + =fEVm + -----END PGP MESSAGE----- + fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/modules/wg/proxy.nix b/modules/wg/proxy.nix index 3b92b8d..7427829 100644 --- a/modules/wg/proxy.nix +++ b/modules/wg/proxy.nix @@ -71,6 +71,14 @@ publicKey = "dj5/CnTAFe5ELnZ5oWonYc+5VdzDyooTYGb/bqcxf3Y="; privateKeyFile = config.sops.secrets."wg/0xa-proxy".path; }; + "stream" = { + address = [ + "10.89.88.17/24" + "fd31:185d:722f::17/48" + ]; + publicKey = "RDxbOvd/1FSWqIp5v1++wPBcG1hScAT4mhIlMZdvxU4="; + privateKeyFile = config.sops.secrets."wg/0xa-proxy".path; + }; }; } ]; From 22d7c181e3d15bc66712ed0850f34476df274545 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Sat, 14 Jun 2025 21:01:52 +0200 Subject: [PATCH 20/41] software changes --- hosts/toaster/default.nix | 2 +- modules/desktop-software.nix | 1 + modules/devtools.nix | 2 +- modules/gnupg.nix | 2 -- 4 files changed, 3 insertions(+), 4 deletions(-) diff --git a/hosts/toaster/default.nix b/hosts/toaster/default.nix index 2b8577b..7e78114 100644 --- a/hosts/toaster/default.nix +++ b/hosts/toaster/default.nix @@ -66,7 +66,7 @@ home = "/home/0xa"; isNormalUser = true; uid = 1000; - shell = pkgs.zsh; + shell = pkgs.fish; }; # This value determines the NixOS release from which the default diff --git a/modules/desktop-software.nix b/modules/desktop-software.nix index cbfba71..998c953 100644 --- a/modules/desktop-software.nix +++ b/modules/desktop-software.nix @@ -17,6 +17,7 @@ mpv obs-studio qbittorrent + transmission_4-gtk signal-desktop spotify telegram-desktop diff --git a/modules/devtools.nix b/modules/devtools.nix index a003e6e..04dfd87 100644 --- a/modules/devtools.nix +++ b/modules/devtools.nix @@ -31,7 +31,7 @@ nix-index kicad kikit - freecad-wayland + freecad-qt6 imhex python3Full nixfmt-rfc-style diff --git a/modules/gnupg.nix b/modules/gnupg.nix index 07b1eef..4cb173c 100644 --- a/modules/gnupg.nix +++ b/modules/gnupg.nix @@ -4,8 +4,6 @@ environment.systemPackages = with pkgs; [ gnupg opensc - - yubikey-personalization-gui ]; # smartcard support From efd0790d4fcab0d7ffad7e4cca390fc0f110ed5b Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Sat, 14 Jun 2025 21:02:03 +0200 Subject: [PATCH 21/41] bump lock --- flake.lock | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index e15b51f..357df38 100644 --- a/flake.lock +++ b/flake.lock @@ -253,11 +253,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1749682763, - "narHash": "sha256-DDhns3NS6L5OlYR0mSX03I5D7uGLyyd3MZegd1wTCyc=", - "rev": "ee0655240270480d7f6063dcf12ec47f04d2ded6", + "lastModified": 1749838547, + "narHash": "sha256-4qJy0n+6P13/XAHPlcjcWK6MDNYd38PkFdI8iCiJYYo=", + "rev": "1e34c3747779a82d59ef27b351d4ed02fb372a2a", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ee0655240270480d7f6063dcf12ec47f04d2ded6.tar.gz?rev=ee0655240270480d7f6063dcf12ec47f04d2ded6" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/1e34c3747779a82d59ef27b351d4ed02fb372a2a.tar.gz?rev=1e34c3747779a82d59ef27b351d4ed02fb372a2a" }, "original": { "type": "tarball", @@ -339,11 +339,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1749195551, - "narHash": "sha256-W5GKQHgunda/OP9sbKENBZhMBDNu2QahoIPwnsF6CeM=", + "lastModified": 1749832440, + "narHash": "sha256-lfxhuxAaHlYFGr8yOrAXZqdMt8PrFLzjVqH9v3lQaoY=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "4602f7e1d3f197b3cb540d5accf5669121629628", + "rev": "db030f62a449568345372bd62ed8c5be4824fa49", "type": "github" }, "original": { @@ -402,11 +402,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1749285348, - "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=", + "lastModified": 1749794982, + "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f", + "rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81", "type": "github" }, "original": { From fee7a194db6b6de6c9f2172973bf33dca60bd8d4 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Sat, 14 Jun 2025 21:02:20 +0200 Subject: [PATCH 22/41] plasma still krashes --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 2b085bc..df8420d 100644 --- a/flake.nix +++ b/flake.nix @@ -122,7 +122,7 @@ ./modules/emacs.nix ./modules/gnupg.nix ./modules/mail - ./modules/plasma.nix + ./modules/gnome.nix ./modules/radio.nix ./modules/science.nix ./modules/tlp.nix From e23db8a0b43fccdcb30abdc610a41a2d4b63afdd Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Sat, 14 Jun 2025 21:02:32 +0200 Subject: [PATCH 23/41] make branch spec uniform in inputs --- flake.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index df8420d..0c04048 100644 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,7 @@ { inputs = { - nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; - nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; + nixpkgs-unstable.url = "github:nixos/nixpkgs?ref=nixos-unstable"; + nixpkgs.url = "github:NixOS/nixpkgs?ref=nixos-25.05"; flake-utils.url = "github:numtide/flake-utils"; @@ -10,7 +10,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + nixos-hardware.url = "github:NixOS/nixos-hardware?ref=master"; microvm = { url = "github:astro/microvm.nix"; @@ -21,7 +21,7 @@ }; lanzaboote = { - url = "github:nix-community/lanzaboote/v0.4.2"; + url = "github:nix-community/lanzaboote?ref=v0.4.2"; inputs.nixpkgs.follows = "nixpkgs-unstable"; }; From 7a417638735547276d49258577e1dbd00a50a91a Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Sun, 15 Jun 2025 00:27:04 +0200 Subject: [PATCH 24/41] format --- hosts/cloud/proxy/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/cloud/proxy/default.nix b/hosts/cloud/proxy/default.nix index 6cf0151..dbeab9a 100644 --- a/hosts/cloud/proxy/default.nix +++ b/hosts/cloud/proxy/default.nix @@ -61,7 +61,7 @@ in virtualHosts."news.oxapentane.com".extraConfig = "reverse_proxy http://10.89.88.14:8080"; - virtualHosts."music.oxapentane.com".extraConfig = '' + virtualHosts."music.oxapentane.com".extraConfig = '' route { reverse_proxy /outpost.goauthentik.io/* 10.89.88.11:9000 [fd31:185d:722f::11]:9000 From f191d9e4a9c84870e742317fadc2b7cc409b786f Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Mon, 2 Jun 2025 20:12:09 +0200 Subject: [PATCH 25/41] toaster: back to niri --- flake.lock | 35 ++++++++--- flake.nix | 16 ++++- hosts/toaster/default.nix | 4 +- modules/basic-tools/default.nix | 2 - modules/emacs.nix | 3 +- modules/niri.nix | 108 +++++++++++++------------------- 6 files changed, 89 insertions(+), 79 deletions(-) diff --git a/flake.lock b/flake.lock index 357df38..94cff23 100644 --- a/flake.lock +++ b/flake.lock @@ -224,6 +224,26 @@ "type": "github" } }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs-unstable" + ] + }, + "locked": { + "lastModified": 1749999552, + "narHash": "sha256-iCUuEq9qXUh8L1c2bRyCayAqfuUEs9nGAUlXv2RcoF8=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "04672588c61aebd18c0d0ada66dd7bb4d8edab0d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "lanzaboote": { "inputs": { "crane": "crane", @@ -253,11 +273,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1749838547, - "narHash": "sha256-4qJy0n+6P13/XAHPlcjcWK6MDNYd38PkFdI8iCiJYYo=", - "rev": "1e34c3747779a82d59ef27b351d4ed02fb372a2a", + "lastModified": 1749996528, + "narHash": "sha256-60avE6oxLzasJr+/tFdhInEUUEF3FZ9uHofTUq4MZ1o=", + "rev": "7453e2979f1d4684bea4cb340f23c089ea0d5a90", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/1e34c3747779a82d59ef27b351d4ed02fb372a2a.tar.gz?rev=1e34c3747779a82d59ef27b351d4ed02fb372a2a" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/7453e2979f1d4684bea4cb340f23c089ea0d5a90.tar.gz?rev=7453e2979f1d4684bea4cb340f23c089ea0d5a90" }, "original": { "type": "tarball", @@ -418,11 +438,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1749727998, - "narHash": "sha256-mHv/yeUbmL91/TvV95p+mBVahm9mdQMJoqaTVTALaFw=", + "lastModified": 1749857119, + "narHash": "sha256-tG5xUn3hFaPpAHYIvr2F88b+ovcIO5k1HqajFy7ZFPM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fd487183437963a59ba763c0cc4f27e3447dd6dd", + "rev": "5f4f306bea96741f1588ea4f450b2a2e29f42b98", "type": "github" }, "original": { @@ -513,6 +533,7 @@ "inputs": { "authentik-nix": "authentik-nix", "flake-utils": "flake-utils_2", + "home-manager": "home-manager", "lanzaboote": "lanzaboote", "lix": "lix", "lix-module": "lix-module", diff --git a/flake.nix b/flake.nix index 0c04048..047fdd5 100644 --- a/flake.nix +++ b/flake.nix @@ -46,6 +46,11 @@ inputs.flake-utils.follows = "flake-utils"; }; + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; + }; + tmux-yank = { url = "github:tmux-plugins/tmux-yank"; flake = false; @@ -54,6 +59,7 @@ outputs = inputs@{ + home-manager, lanzaboote, lix-module, microvm, @@ -114,6 +120,13 @@ nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen3 lix-module.nixosModules.default + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users."0xa" = import ./hosts/toaster/0xa-home.nix; + } + ./hosts/toaster ./modules/basic-tools @@ -122,7 +135,8 @@ ./modules/emacs.nix ./modules/gnupg.nix ./modules/mail - ./modules/gnome.nix + ./modules/mail + ./modules/niri.nix ./modules/radio.nix ./modules/science.nix ./modules/tlp.nix diff --git a/hosts/toaster/default.nix b/hosts/toaster/default.nix index 7e78114..17cedf6 100644 --- a/hosts/toaster/default.nix +++ b/hosts/toaster/default.nix @@ -4,7 +4,7 @@ ./amd.nix ./hardware-configuration.nix ./irc.nix - ./network + ./network/full-networkd.nix ./secure-boot.nix ./zfs.nix ]; @@ -66,7 +66,7 @@ home = "/home/0xa"; isNormalUser = true; uid = 1000; - shell = pkgs.fish; + shell = pkgs.zsh; }; # This value determines the NixOS release from which the default diff --git a/modules/basic-tools/default.nix b/modules/basic-tools/default.nix index a917168..024547c 100644 --- a/modules/basic-tools/default.nix +++ b/modules/basic-tools/default.nix @@ -7,7 +7,6 @@ ./nix.nix ./nix-ld.nix ./zsh.nix - ./fish.nix ]; environment.systemPackages = @@ -81,7 +80,6 @@ vim = "nvim"; grep = "grep --color=auto"; }; - users.defaultUserShell = pkgs.zsh; # keep root shell posix compatible programs.iftop.enable = true; programs.mosh.enable = true; diff --git a/modules/emacs.nix b/modules/emacs.nix index d4b0f26..d5d1346 100644 --- a/modules/emacs.nix +++ b/modules/emacs.nix @@ -6,13 +6,12 @@ { environment.systemPackages = with pkgs; [ - direnv mu ]; services.emacs = { install = true; - enable = false; + enable = true; package = with pkgs; ( diff --git a/modules/niri.nix b/modules/niri.nix index e769189..4af69ca 100644 --- a/modules/niri.nix +++ b/modules/niri.nix @@ -1,74 +1,52 @@ -# General Desktop-related config -{ pkgs, inputs, ... }: +{ pkgs, ... }: { - nixpkgs.overlays = [ inputs.niri.overlays.niri ]; - programs.niri.enable = true; imports = [ ./desktop-software.nix ./fonts.nix ]; - environment.systemPackages = - let - xwayland-satellite-git = pkgs.xwayland-satellite.overrideAttrs ( - final: _prev: { - version = "git"; - cargoHash = "sha256-MaF2FyR3HvQAKkZKa8OO/5jbO64/Ncv7+JqHda4jN50="; - src = pkgs.fetchFromGitHub { - owner = "Supreeeme"; - repo = "xwayland-satellite"; - rev = "cca74a5f6b23742d77dc5db4312dfc40fd4a0fcc"; - sha256 = "sha256-YZ+axsuNsgIKWfnRkt6Qa9UoKfUOIWf42vNUonXxmxM="; - }; - cargoDeps = pkgs.rustPlatform.fetchCargoTarball { - inherit (final) pname src version; - hash = final.cargoHash; - }; - } - ); - in - with pkgs; - [ - screen-message - qbittorrent - gajim - imv - mpv - evince - brightnessctl - pulsemixer - cmus - termusic - gsettings-desktop-schemas - xdg-utils - qt5.qtwayland - bashmount - audacity - spotify-player - zathura - ncdu - adwaita-icon-theme - bluetui - gammastep - graphicsmagick - i3status-rust - impala - kanshi - pamixer - swayidle - swaylock - wl-clipboard - xfce.thunar - banana-cursor - fuzzel - alacritty - i3bar-river - mako - swww - oculante - xwayland-satellite-git - ]; + environment.systemPackages = with pkgs; [ + screen-message + qbittorrent + gajim + imv + mpv + evince + brightnessctl + pulsemixer + cmus + termusic + gsettings-desktop-schemas + xdg-utils + qt5.qtwayland + bashmount + audacity + spotify-player + zathura + ncdu + adwaita-icon-theme + bluetui + gammastep + graphicsmagick + i3status-rust + impala + kanshi + pamixer + swayidle + swaylock + wl-clipboard + xfce.thunar + banana-cursor + fuzzel + alacritty + i3bar-river + mako + swww + oculante + xwayland-satellite + foot + ]; # Enable sound. security.rtkit.enable = true; @@ -127,7 +105,7 @@ enable = true; settings = { default_session = { - command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --greeting \"$(${pkgs.fortune}/bin/fortune -s)\" --cmd ${pkgs.niri-stable}/bin/niri-session"; + command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --greeting \"$(${pkgs.fortune}/bin/fortune -s)\" --cmd ${pkgs.niri}/bin/niri-session"; }; }; }; From 987e7de62a3b9faaf169b2023f9a6740d0259283 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Sun, 15 Jun 2025 23:57:26 +0200 Subject: [PATCH 26/41] add latex for org mode previews --- modules/emacs.nix | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/modules/emacs.nix b/modules/emacs.nix index d5d1346..39c2db8 100644 --- a/modules/emacs.nix +++ b/modules/emacs.nix @@ -5,9 +5,33 @@ }: { - environment.systemPackages = with pkgs; [ - mu - ]; + environment.systemPackages = + let + # https://wiki.nixos.org/wiki/TexLive + # minimal set of latex packages for orgmode + # emacs config: + # (setq org-latex-complier "lualatex") + # (setq org-preview-latex-default-process 'dvisvgm) + orgmode-tex = ( + pkgs.texlive.combine { + inherit (pkgs.texlive) + scheme-basic + dvisvgm + dvipng + wrapfig + amsmath + ulem + hyperref + capt-of + ; + } + ); + in + with pkgs; + [ + mu + orgmode-tex + ]; services.emacs = { install = true; From 15a9e8fd477ee873e4ab2e13db3429404f4c624d Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Wed, 18 Jun 2025 12:33:48 +0200 Subject: [PATCH 27/41] softare cleanup --- modules/devtools.nix | 7 ------- modules/niri.nix | 3 ++- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/modules/devtools.nix b/modules/devtools.nix index 04dfd87..4852fc7 100644 --- a/modules/devtools.nix +++ b/modules/devtools.nix @@ -16,18 +16,12 @@ in [ # general - cmake - gcc gef gdb - binutils binwalk - clang - clang-tools direnv sops nil - nixpkgs-fmt nix-index kicad kikit @@ -37,7 +31,6 @@ nixfmt-rfc-style treefmt android-tools - bacon ]; # android stuff diff --git a/modules/niri.nix b/modules/niri.nix index 4af69ca..f47d345 100644 --- a/modules/niri.nix +++ b/modules/niri.nix @@ -38,11 +38,12 @@ wl-clipboard xfce.thunar banana-cursor - fuzzel + yofi alacritty i3bar-river mako swww + wbg oculante xwayland-satellite foot From e20e6a8fe7c19089fda5a15d7e3baf0229039780 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Wed, 18 Jun 2025 12:36:51 +0200 Subject: [PATCH 28/41] bump lock --- flake.lock | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/flake.lock b/flake.lock index 94cff23..fb1c116 100644 --- a/flake.lock +++ b/flake.lock @@ -231,11 +231,11 @@ ] }, "locked": { - "lastModified": 1749999552, - "narHash": "sha256-iCUuEq9qXUh8L1c2bRyCayAqfuUEs9nGAUlXv2RcoF8=", + "lastModified": 1750127463, + "narHash": "sha256-K2xFtlD3PcKAZriOE3LaBLYmVfGQu+rIF4Jr1RFYR0Q=", "owner": "nix-community", "repo": "home-manager", - "rev": "04672588c61aebd18c0d0ada66dd7bb4d8edab0d", + "rev": "28eef8722d1af18ca13e687dbf485e1c653a0402", "type": "github" }, "original": { @@ -273,11 +273,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1749996528, - "narHash": "sha256-60avE6oxLzasJr+/tFdhInEUUEF3FZ9uHofTUq4MZ1o=", - "rev": "7453e2979f1d4684bea4cb340f23c089ea0d5a90", + "lastModified": 1750191637, + "narHash": "sha256-p+VryHLOoU2q1VnAnY4wOXk0PomYJ+1Zb3O0J5twRhU=", + "rev": "87d99da6ca50d63caec28513e23eeeb915781472", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/7453e2979f1d4684bea4cb340f23c089ea0d5a90.tar.gz?rev=7453e2979f1d4684bea4cb340f23c089ea0d5a90" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/87d99da6ca50d63caec28513e23eeeb915781472.tar.gz?rev=87d99da6ca50d63caec28513e23eeeb915781472" }, "original": { "type": "tarball", @@ -318,11 +318,11 @@ "spectrum": "spectrum" }, "locked": { - "lastModified": 1748464257, - "narHash": "sha256-PdnQSE2vPfql9WEjunj2qQnDpuuvk7HH+4djgXJSwFs=", + "lastModified": 1750196518, + "narHash": "sha256-HJYnJg3TvzFZjVgYHZgH3NtwqkqKiGVCJXpZlO4Y4EE=", "owner": "astro", "repo": "microvm.nix", - "rev": "e238645b6f0447a2eb1d538d300d5049d4006f9f", + "rev": "094da86a3e68f2f0d93b654e97b5d42398ead67d", "type": "github" }, "original": { @@ -359,11 +359,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1749832440, - "narHash": "sha256-lfxhuxAaHlYFGr8yOrAXZqdMt8PrFLzjVqH9v3lQaoY=", + "lastModified": 1750083401, + "narHash": "sha256-ynqbgIYrg7P1fAKYqe8I/PMiLABBcNDYG9YaAP/d/C4=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "db030f62a449568345372bd62ed8c5be4824fa49", + "rev": "61837d2a33ccc1582c5fabb7bf9130d39fee59ad", "type": "github" }, "original": { @@ -422,11 +422,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1749794982, - "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=", + "lastModified": 1750134718, + "narHash": "sha256-v263g4GbxXv87hMXMCpjkIxd/viIF7p3JpJrwgKdNiI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81", + "rev": "9e83b64f727c88a7711a2c463a7b16eedb69a84c", "type": "github" }, "original": { @@ -438,11 +438,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1749857119, - "narHash": "sha256-tG5xUn3hFaPpAHYIvr2F88b+ovcIO5k1HqajFy7ZFPM=", + "lastModified": 1750133334, + "narHash": "sha256-urV51uWH7fVnhIvsZIELIYalMYsyr2FCalvlRTzqWRw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5f4f306bea96741f1588ea4f450b2a2e29f42b98", + "rev": "36ab78dab7da2e4e27911007033713bab534187b", "type": "github" }, "original": { @@ -574,11 +574,11 @@ ] }, "locked": { - "lastModified": 1749592509, - "narHash": "sha256-VunQzfZFA+Y6x3wYi2UE4DEQ8qKoAZZCnZPUlSoqC+A=", + "lastModified": 1750119275, + "narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=", "owner": "Mic92", "repo": "sops-nix", - "rev": "50754dfaa0e24e313c626900d44ef431f3210138", + "rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2", "type": "github" }, "original": { From 66887f5c74856e04203b3621760ce1f63e139360 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Wed, 18 Jun 2025 12:38:45 +0200 Subject: [PATCH 29/41] let gnome-keyring manage ssh --- modules/niri.nix | 7 ------- 1 file changed, 7 deletions(-) diff --git a/modules/niri.nix b/modules/niri.nix index f47d345..b9de536 100644 --- a/modules/niri.nix +++ b/modules/niri.nix @@ -112,11 +112,4 @@ }; programs.gnupg.agent.pinentryPackage = pkgs.pinentry-curses; - programs.ssh = { - startAgent = true; - enableAskPassword = false; - extraConfig = '' - AddKeysToAgent yes - ''; - }; } From 186c4eb878b65002a9aae774eee3dc0abee774c4 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Wed, 18 Jun 2025 16:32:28 +0200 Subject: [PATCH 30/41] use nixpkgs direnv module --- modules/devtools.nix | 21 +-------------------- 1 file changed, 1 insertion(+), 20 deletions(-) diff --git a/modules/devtools.nix b/modules/devtools.nix index 4852fc7..e41c8c6 100644 --- a/modules/devtools.nix +++ b/modules/devtools.nix @@ -19,7 +19,6 @@ gef gdb binwalk - direnv sops nil nix-index @@ -44,23 +43,5 @@ }; users.users."0xa".extraGroups = [ "wireshark" ]; - ## direnv - programs.bash.interactiveShellInit = '' - eval "$(direnv hook bash)" - ''; - programs.zsh.interactiveShellInit = '' - eval "$(direnv hook zsh)" - ''; - programs.fish.interactiveShellInit = '' - direnv hook fish | source - ''; - - # nix options for derivations to persist garbage collection - nix.extraOptions = '' - keep-outputs = true - keep-derivations = true - ''; - environment.pathsToLink = [ - "/share/nix-direnv" - ]; + programs.direnv.enable = true; } From 0ea357f1f624c26845e4445fdf5a9f4b8aeae2f3 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Sun, 22 Jun 2025 15:14:32 +0200 Subject: [PATCH 31/41] lix->nixcpp --- flake.lock | 87 ------------------------------------------------------ flake.nix | 15 ---------- 2 files changed, 102 deletions(-) diff --git a/flake.lock b/flake.lock index fb1c116..d912d4b 100644 --- a/flake.lock +++ b/flake.lock @@ -169,39 +169,6 @@ "type": "github" } }, - "flake-utils_3": { - "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flakey-profile": { - "locked": { - "lastModified": 1712898590, - "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", - "owner": "lf-", - "repo": "flakey-profile", - "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", - "type": "github" - }, - "original": { - "owner": "lf-", - "repo": "flakey-profile", - "type": "github" - } - }, "gitignore": { "inputs": { "nixpkgs": [ @@ -270,43 +237,6 @@ "type": "github" } }, - "lix": { - "flake": false, - "locked": { - "lastModified": 1750191637, - "narHash": "sha256-p+VryHLOoU2q1VnAnY4wOXk0PomYJ+1Zb3O0J5twRhU=", - "rev": "87d99da6ca50d63caec28513e23eeeb915781472", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/87d99da6ca50d63caec28513e23eeeb915781472.tar.gz?rev=87d99da6ca50d63caec28513e23eeeb915781472" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz" - } - }, - "lix-module": { - "inputs": { - "flake-utils": "flake-utils_3", - "flakey-profile": "flakey-profile", - "lix": [ - "lix" - ], - "nixpkgs": [ - "nixpkgs-unstable" - ] - }, - "locked": { - "lastModified": 1747667424, - "narHash": "sha256-7EICjbmG6lApWKhFtwvZovdcdORY1CEe6/K7JwtpYfs=", - "rev": "3c23c6ae2aecc1f76ae7993efe1a78b5316f0700", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/3c23c6ae2aecc1f76ae7993efe1a78b5316f0700.tar.gz?rev=3c23c6ae2aecc1f76ae7993efe1a78b5316f0700" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz" - } - }, "microvm": { "inputs": { "flake-utils": [ @@ -535,8 +465,6 @@ "flake-utils": "flake-utils_2", "home-manager": "home-manager", "lanzaboote": "lanzaboote", - "lix": "lix", - "lix-module": "lix-module", "microvm": "microvm", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", @@ -633,21 +561,6 @@ "type": "github" } }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "tmux-yank": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index 047fdd5..a9821cf 100644 --- a/flake.nix +++ b/flake.nix @@ -29,17 +29,6 @@ url = "github:nix-community/authentik-nix"; }; - lix = { - url = "https://git.lix.systems/lix-project/lix/archive/main.tar.gz"; - flake = false; - }; - - lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz"; - inputs.nixpkgs.follows = "nixpkgs-unstable"; - inputs.lix.follows = "lix"; - }; - website = { url = "git+https://git.oxapentane.com/0xa/website.git?ref=main"; inputs.nixpkgs.follows = "nixpkgs"; @@ -61,7 +50,6 @@ inputs@{ home-manager, lanzaboote, - lix-module, microvm, nixos-hardware, nixpkgs, @@ -118,7 +106,6 @@ sops-nix.nixosModules.sops lanzaboote.nixosModules.lanzaboote nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen3 - lix-module.nixosModules.default home-manager.nixosModules.home-manager { @@ -149,7 +136,6 @@ specialArgs = { inherit inputs; }; modules = [ sops-nix.nixosModules.sops - lix-module.nixosModules.default ./hosts/cloud @@ -165,7 +151,6 @@ modules = [ sops-nix.nixosModules.sops microvm.nixosModules.host - lix-module.nixosModules.default ./hosts/minime ./modules/basic-tools From 1732dcc34f958375e35b458d7582d9ded58fc0b1 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Sun, 22 Jun 2025 15:31:59 +0200 Subject: [PATCH 32/41] bump lock --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index d912d4b..46b0f50 100644 --- a/flake.lock +++ b/flake.lock @@ -198,11 +198,11 @@ ] }, "locked": { - "lastModified": 1750127463, - "narHash": "sha256-K2xFtlD3PcKAZriOE3LaBLYmVfGQu+rIF4Jr1RFYR0Q=", + "lastModified": 1750304462, + "narHash": "sha256-Mj5t4yX05/rXnRqJkpoLZTWqgStB88Mr/fegTRqyiWc=", "owner": "nix-community", "repo": "home-manager", - "rev": "28eef8722d1af18ca13e687dbf485e1c653a0402", + "rev": "863842639722dd12ae9e37ca83bcb61a63b36f6c", "type": "github" }, "original": { @@ -248,11 +248,11 @@ "spectrum": "spectrum" }, "locked": { - "lastModified": 1750196518, - "narHash": "sha256-HJYnJg3TvzFZjVgYHZgH3NtwqkqKiGVCJXpZlO4Y4EE=", + "lastModified": 1750358184, + "narHash": "sha256-17EYMeY5v8KRk9HW6Z4dExY8Wg4y/zM2eM2wbbx+vMs=", "owner": "astro", "repo": "microvm.nix", - "rev": "094da86a3e68f2f0d93b654e97b5d42398ead67d", + "rev": "fd9f5dba1ffee5ad6f29394b2a9e4c66c1ce77dc", "type": "github" }, "original": { @@ -289,11 +289,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1750083401, - "narHash": "sha256-ynqbgIYrg7P1fAKYqe8I/PMiLABBcNDYG9YaAP/d/C4=", + "lastModified": 1750431636, + "narHash": "sha256-vnzzBDbCGvInmfn2ijC4HsIY/3W1CWbwS/YQoFgdgPg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "61837d2a33ccc1582c5fabb7bf9130d39fee59ad", + "rev": "1552a9f4513f3f0ceedcf90320e48d3d47165712", "type": "github" }, "original": { @@ -352,11 +352,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1750134718, - "narHash": "sha256-v263g4GbxXv87hMXMCpjkIxd/viIF7p3JpJrwgKdNiI=", + "lastModified": 1750365781, + "narHash": "sha256-XE/lFNhz5lsriMm/yjXkvSZz5DfvKJLUjsS6pP8EC50=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9e83b64f727c88a7711a2c463a7b16eedb69a84c", + "rev": "08f22084e6085d19bcfb4be30d1ca76ecb96fe54", "type": "github" }, "original": { @@ -368,11 +368,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1750133334, - "narHash": "sha256-urV51uWH7fVnhIvsZIELIYalMYsyr2FCalvlRTzqWRw=", + "lastModified": 1750400657, + "narHash": "sha256-3vkjFnxCOP6vm5Pm13wC/Zy6/VYgei/I/2DWgW4RFeA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "36ab78dab7da2e4e27911007033713bab534187b", + "rev": "b2485d56967598da068b5a6946dadda8bfcbcd37", "type": "github" }, "original": { From dad19d85e701cbc8b05c07e6567ed065c739fb52 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Sun, 22 Jun 2025 15:35:06 +0200 Subject: [PATCH 33/41] fuzzel --- modules/niri.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/niri.nix b/modules/niri.nix index b9de536..2355b06 100644 --- a/modules/niri.nix +++ b/modules/niri.nix @@ -47,6 +47,7 @@ oculante xwayland-satellite foot + fuzzel ]; # Enable sound. From 3e13c291d37c1fe440092267ea1e016dcdf23f9f Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Sun, 22 Jun 2025 15:57:23 +0200 Subject: [PATCH 34/41] try fixing gnome keyring --- modules/niri.nix | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/modules/niri.nix b/modules/niri.nix index 2355b06..441c55b 100644 --- a/modules/niri.nix +++ b/modules/niri.nix @@ -101,7 +101,18 @@ }; services.gnome.gnome-keyring.enable = true; - security.pam.services.greetd.enableGnomeKeyring = true; + programs.seahorse.enable = true; + + # https://github.com/JohnRTitor/nix-conf/commit/53bc83aef18849976d5a42cc727d38dd0e38c5b0 + security.pam.services = { + greetd.enableGnomeKeyring = true; + greetd-password.enableGnomeKeyring = true; + login.enableGnomeKeyring = true; + }; + services.dbus.packages = with pkgs; [ + gnome-keyring + gcr + ]; services.greetd = { enable = true; From 80b473a09fba1ec5dafb39cf5ac2180998d7ccdf Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Tue, 24 Jun 2025 20:09:06 +0200 Subject: [PATCH 35/41] cleanup --- flake.lock | 33 ++++++--------------------------- flake.nix | 16 +--------------- hosts/toaster/default.nix | 2 +- 3 files changed, 8 insertions(+), 43 deletions(-) diff --git a/flake.lock b/flake.lock index 46b0f50..68ddac0 100644 --- a/flake.lock +++ b/flake.lock @@ -191,26 +191,6 @@ "type": "github" } }, - "home-manager": { - "inputs": { - "nixpkgs": [ - "nixpkgs-unstable" - ] - }, - "locked": { - "lastModified": 1750304462, - "narHash": "sha256-Mj5t4yX05/rXnRqJkpoLZTWqgStB88Mr/fegTRqyiWc=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "863842639722dd12ae9e37ca83bcb61a63b36f6c", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, "lanzaboote": { "inputs": { "crane": "crane", @@ -352,11 +332,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1750365781, - "narHash": "sha256-XE/lFNhz5lsriMm/yjXkvSZz5DfvKJLUjsS6pP8EC50=", + "lastModified": 1750506804, + "narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "08f22084e6085d19bcfb4be30d1ca76ecb96fe54", + "rev": "4206c4cb56751df534751b058295ea61357bbbaa", "type": "github" }, "original": { @@ -368,11 +348,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1750400657, - "narHash": "sha256-3vkjFnxCOP6vm5Pm13wC/Zy6/VYgei/I/2DWgW4RFeA=", + "lastModified": 1750622754, + "narHash": "sha256-kMhs+YzV4vPGfuTpD3mwzibWUE6jotw5Al2wczI0Pv8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b2485d56967598da068b5a6946dadda8bfcbcd37", + "rev": "c7ab75210cb8cb16ddd8f290755d9558edde7ee1", "type": "github" }, "original": { @@ -463,7 +443,6 @@ "inputs": { "authentik-nix": "authentik-nix", "flake-utils": "flake-utils_2", - "home-manager": "home-manager", "lanzaboote": "lanzaboote", "microvm": "microvm", "nixos-hardware": "nixos-hardware", diff --git a/flake.nix b/flake.nix index a9821cf..b279bea 100644 --- a/flake.nix +++ b/flake.nix @@ -35,11 +35,6 @@ inputs.flake-utils.follows = "flake-utils"; }; - home-manager = { - url = "github:nix-community/home-manager"; - inputs.nixpkgs.follows = "nixpkgs-unstable"; - }; - tmux-yank = { url = "github:tmux-plugins/tmux-yank"; flake = false; @@ -48,7 +43,6 @@ outputs = inputs@{ - home-manager, lanzaboote, microvm, nixos-hardware, @@ -107,23 +101,15 @@ lanzaboote.nixosModules.lanzaboote nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen3 - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users."0xa" = import ./hosts/toaster/0xa-home.nix; - } - ./hosts/toaster ./modules/basic-tools ./modules/binary-caches.nix ./modules/devtools.nix ./modules/emacs.nix + ./modules/gnome.nix ./modules/gnupg.nix ./modules/mail - ./modules/mail - ./modules/niri.nix ./modules/radio.nix ./modules/science.nix ./modules/tlp.nix diff --git a/hosts/toaster/default.nix b/hosts/toaster/default.nix index 17cedf6..2b8577b 100644 --- a/hosts/toaster/default.nix +++ b/hosts/toaster/default.nix @@ -4,7 +4,7 @@ ./amd.nix ./hardware-configuration.nix ./irc.nix - ./network/full-networkd.nix + ./network ./secure-boot.nix ./zfs.nix ]; From 4e14d3958fe8e1577fb22643abcfb68701ec75b1 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Tue, 24 Jun 2025 20:11:27 +0200 Subject: [PATCH 36/41] remove paraview, build failures --- modules/science.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/science.nix b/modules/science.nix index 421f12e..ff7eaa3 100644 --- a/modules/science.nix +++ b/modules/science.nix @@ -3,7 +3,6 @@ environment.systemPackages = with pkgs; [ gnuplot zotero - paraview numbat ]; } From 1739cd90003dade8b99f407f3196fef1291ffe72 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Thu, 26 Jun 2025 12:32:42 +0200 Subject: [PATCH 37/41] bump lock --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 68ddac0..f3a38b5 100644 --- a/flake.lock +++ b/flake.lock @@ -269,11 +269,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1750431636, - "narHash": "sha256-vnzzBDbCGvInmfn2ijC4HsIY/3W1CWbwS/YQoFgdgPg=", + "lastModified": 1750837715, + "narHash": "sha256-2m1ceZjbmgrJCZ2PuQZaK4in3gcg3o6rZ7WK6dr5vAA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "1552a9f4513f3f0ceedcf90320e48d3d47165712", + "rev": "98236410ea0fe204d0447149537a924fb71a6d4f", "type": "github" }, "original": { @@ -332,11 +332,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1750506804, - "narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=", + "lastModified": 1750776420, + "narHash": "sha256-/CG+w0o0oJ5itVklOoLbdn2dGB0wbZVOoDm4np6w09A=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4206c4cb56751df534751b058295ea61357bbbaa", + "rev": "30a61f056ac492e3b7cdcb69c1e6abdcf00e39cf", "type": "github" }, "original": { @@ -348,11 +348,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1750622754, - "narHash": "sha256-kMhs+YzV4vPGfuTpD3mwzibWUE6jotw5Al2wczI0Pv8=", + "lastModified": 1750838302, + "narHash": "sha256-aVkL3/yu50oQzi2YuKo0ceiCypVZpZXYd2P2p1FMJM4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c7ab75210cb8cb16ddd8f290755d9558edde7ee1", + "rev": "7284e2decc982b81a296ab35aa46e804baaa1cfe", "type": "github" }, "original": { From 75a3b75135cd04d22734a145b28253f66861c518 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Fri, 27 Jun 2025 13:52:56 +0200 Subject: [PATCH 38/41] remove shell color highlighting --- modules/basic-tools/zsh.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/basic-tools/zsh.nix b/modules/basic-tools/zsh.nix index 91c6292..8e47207 100644 --- a/modules/basic-tools/zsh.nix +++ b/modules/basic-tools/zsh.nix @@ -15,7 +15,6 @@ programs.zsh = { enable = true; enableCompletion = true; - syntaxHighlighting.enable = true; interactiveShellInit = '' bindkey -e export HISTFILE="$HOME/.zsh_history" From 77f30aa5c040e6916adfd10ba123f8237a33db94 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Fri, 27 Jun 2025 13:59:08 +0200 Subject: [PATCH 39/41] switch mullvad server --- hosts/toaster/network/mullvad.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/hosts/toaster/network/mullvad.nix b/hosts/toaster/network/mullvad.nix index 112026d..54fec8d 100644 --- a/hosts/toaster/network/mullvad.nix +++ b/hosts/toaster/network/mullvad.nix @@ -1,9 +1,12 @@ -{ config, ... }: +{ + config, + ... +}: { systemd.network = let - pubkey = "uUYbYGKoA6UBh1hfkAz5tAWFv4SmteYC9kWh7/K6Ah0="; - endpoint = "92.60.40.209"; + pubkey = "xpZ3ZDEukbqKQvdHwaqKMUhsYhcYD3uLPUh1ACsVr1s="; + endpoint = "185.65.134.86"; port = "51820"; addr = [ "10.74.16.48/32" From 31f5f2cd39df8ec77c45a0ebe895eeb545db6f36 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Fri, 27 Jun 2025 14:55:29 +0200 Subject: [PATCH 40/41] nixcpp is still shit --- flake.lock | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ flake.nix | 8 ++++++ 2 files changed, 92 insertions(+) diff --git a/flake.lock b/flake.lock index f3a38b5..76c8bad 100644 --- a/flake.lock +++ b/flake.lock @@ -169,6 +169,39 @@ "type": "github" } }, + "flake-utils_3": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, "gitignore": { "inputs": { "nixpkgs": [ @@ -217,6 +250,41 @@ "type": "github" } }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1750762203, + "narHash": "sha256-LmQhjQ7c+AOkwhvR9GFgJOy8oHW35MoQRELtrwyVnPw=", + "rev": "38b358ce27203f972faa2973cf44ba80c758f46e", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/38b358ce27203f972faa2973cf44ba80c758f46e.tar.gz?rev=38b358ce27203f972faa2973cf44ba80c758f46e" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/release-2.93.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": "flake-utils_3", + "flakey-profile": "flakey-profile", + "lix": "lix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1750776670, + "narHash": "sha256-EfA5K5EZAnspmraJrXQlziffVpaT+QDBiE6yKmuaNNQ=", + "rev": "c3c78a32273e89d28367d8605a4c880f0b6607e3", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/c3c78a32273e89d28367d8605a4c880f0b6607e3.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.1.tar.gz" + } + }, "microvm": { "inputs": { "flake-utils": [ @@ -444,6 +512,7 @@ "authentik-nix": "authentik-nix", "flake-utils": "flake-utils_2", "lanzaboote": "lanzaboote", + "lix-module": "lix-module", "microvm": "microvm", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", @@ -540,6 +609,21 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tmux-yank": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index b279bea..b13b7b8 100644 --- a/flake.nix +++ b/flake.nix @@ -3,6 +3,11 @@ nixpkgs-unstable.url = "github:nixos/nixpkgs?ref=nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs?ref=nixos-25.05"; + lix-module = { + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.1.tar.gz"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + flake-utils.url = "github:numtide/flake-utils"; sops-nix = { @@ -44,6 +49,7 @@ outputs = inputs@{ lanzaboote, + lix-module, microvm, nixos-hardware, nixpkgs, @@ -100,6 +106,7 @@ sops-nix.nixosModules.sops lanzaboote.nixosModules.lanzaboote nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen3 + lix-module.nixosModules.default ./hosts/toaster @@ -137,6 +144,7 @@ modules = [ sops-nix.nixosModules.sops microvm.nixosModules.host + lix-module.nixosModules.default ./hosts/minime ./modules/basic-tools From 7adf5ee257c0873582062d8540ad63e2bc2336ed Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Sat, 28 Jun 2025 15:18:24 +0200 Subject: [PATCH 41/41] bump lock --- flake.lock | 58 +++++++++++++++++++++++++++--------------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/flake.lock b/flake.lock index 76c8bad..0cb36fe 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ "uv2nix": "uv2nix" }, "locked": { - "lastModified": 1749129962, - "narHash": "sha256-gc1l5z5dWw9a9DWsrp0ZiD+SSMsNpEwMEiRi8K5sh5c=", + "lastModified": 1751033152, + "narHash": "sha256-0ANu9OLQJszcEyvnfDB7G957uqskZwCrTzRXz/yfAmE=", "owner": "nix-community", "repo": "authentik-nix", - "rev": "271a38f7c4e2551f0674b894e2adf7cd1ddb8168", + "rev": "1a4d6a5dd6fef39b99eb7ea4db79c5d5c7d7f1bf", "type": "github" }, "original": { @@ -30,16 +30,16 @@ "authentik-src": { "flake": false, "locked": { - "lastModified": 1749043670, - "narHash": "sha256-gwHngqb23U8By7jhxFWQZOXy+vPQApJSkvr4gHI5ifQ=", + "lastModified": 1751031262, + "narHash": "sha256-SNgRMQUjL3DTlWkMyRMan+pY1FfIV+DMeq5BiTM0N0k=", "owner": "goauthentik", "repo": "authentik", - "rev": "bda30c5ad5838fea36dc0a06f8580cca437f0fc0", + "rev": "b34665fabd8d938d81ce871a4e86ca528c5f253b", "type": "github" }, "original": { "owner": "goauthentik", - "ref": "version/2025.4.2", + "ref": "version/2025.4.3", "repo": "authentik", "type": "github" } @@ -96,11 +96,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1748821116, - "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=", + "lastModified": 1749398372, + "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1", + "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", "type": "github" }, "original": { @@ -278,7 +278,7 @@ "narHash": "sha256-EfA5K5EZAnspmraJrXQlziffVpaT+QDBiE6yKmuaNNQ=", "rev": "c3c78a32273e89d28367d8605a4c880f0b6607e3", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/c3c78a32273e89d28367d8605a4c880f0b6607e3.tar.gz" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/c3c78a32273e89d28367d8605a4c880f0b6607e3.tar.gz?rev=c3c78a32273e89d28367d8605a4c880f0b6607e3" }, "original": { "type": "tarball", @@ -353,11 +353,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748929857, - "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", + "lastModified": 1750776420, + "narHash": "sha256-/CG+w0o0oJ5itVklOoLbdn2dGB0wbZVOoDm4np6w09A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", + "rev": "30a61f056ac492e3b7cdcb69c1e6abdcf00e39cf", "type": "github" }, "original": { @@ -400,11 +400,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1750776420, - "narHash": "sha256-/CG+w0o0oJ5itVklOoLbdn2dGB0wbZVOoDm4np6w09A=", + "lastModified": 1751011381, + "narHash": "sha256-krGXKxvkBhnrSC/kGBmg5MyupUUT5R6IBCLEzx9jhMM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "30a61f056ac492e3b7cdcb69c1e6abdcf00e39cf", + "rev": "30e2e2857ba47844aa71991daa6ed1fc678bcbb7", "type": "github" }, "original": { @@ -416,11 +416,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1750838302, - "narHash": "sha256-aVkL3/yu50oQzi2YuKo0ceiCypVZpZXYd2P2p1FMJM4=", + "lastModified": 1750969886, + "narHash": "sha256-zW/OFnotiz/ndPFdebpo3X0CrbVNf22n4DjN2vxlb58=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7284e2decc982b81a296ab35aa46e804baaa1cfe", + "rev": "a676066377a2fe7457369dd37c31fd2263b662f4", "type": "github" }, "original": { @@ -473,11 +473,11 @@ ] }, "locked": { - "lastModified": 1748562898, - "narHash": "sha256-STk4QklrGpM3gliPKNJdBLSQvIrqRuwHI/rnYb/5rh8=", + "lastModified": 1749519371, + "narHash": "sha256-UJONN7mA2stweZCoRcry2aa1XTTBL0AfUOY84Lmqhos=", "owner": "pyproject-nix", "repo": "build-system-pkgs", - "rev": "33bd58351957bb52dd1700ea7eeefe34de06a892", + "rev": "7c06967eca687f3482624250428cc12f43c92523", "type": "github" }, "original": { @@ -494,11 +494,11 @@ ] }, "locked": { - "lastModified": 1746540146, - "narHash": "sha256-QxdHGNpbicIrw5t6U3x+ZxeY/7IEJ6lYbvsjXmcxFIM=", + "lastModified": 1750499893, + "narHash": "sha256-ThKBd8XSvITAh2JqU7enOp8AfKeQgf9u7zYC41cnBE4=", "owner": "pyproject-nix", "repo": "pyproject.nix", - "rev": "e09c10c24ebb955125fda449939bfba664c467fd", + "rev": "e824458bd917b44bf4c38795dea2650336b2f55d", "type": "github" }, "original": { @@ -652,11 +652,11 @@ ] }, "locked": { - "lastModified": 1748916602, - "narHash": "sha256-GiwjjmPIISDFD0uQ1DqQ+/38hZ+2z1lTKVj/TkKaWwQ=", + "lastModified": 1750987094, + "narHash": "sha256-GujDElxLgYatnNvuL1U6qd18lcuG6anJMjpfYRScV08=", "owner": "pyproject-nix", "repo": "uv2nix", - "rev": "a4dd471de62b27928191908f57bfcd702ec2bfc9", + "rev": "4b703d851b61e664a70238711a8ff0efa1aa2f52", "type": "github" }, "original": {