From 1ed9ce6864e5796a21af920445e0871ab9785fe5 Mon Sep 17 00:00:00 2001 From: xunuwu Date: Wed, 26 Jun 2024 20:49:16 +0200 Subject: [PATCH] lots of stuff --- .gitignore | 1 + flake.lock | 159 ++++++++++-------- flake.nix | 6 +- home/develop/default.nix | 1 + home/develop/docs.nix | 3 + home/profiles/default.nix | 8 +- home/profiles/nixdesk/default.nix | 3 +- home/programs/browsers/firefox.nix | 2 +- home/programs/desktop/awesome/default.nix | 5 - home/programs/desktop/sway/default.nix | 5 +- home/programs/media/jellyfin.nix | 1 - home/secrets/wakatime | 6 +- home/services/system/polkit-agent.nix | 1 - home/terminal/emulator/foot.nix | 7 +- home/terminal/programs/irssi.nix | 22 +++ hosts/default.nix | 52 +++--- hosts/hopper/default.nix | 4 - modules/default.nix | 2 +- pkgs/gamesand/default.nix | 4 +- system/core/default.nix | 9 +- system/core/docs.nix | 15 ++ system/core/harden.nix | 4 + system/default.nix | 4 + system/hardware/opengl.nix | 2 +- system/network/goldberg.nix | 6 + system/{core => programs}/tools.nix | 0 system/programs/zsh.nix | 5 +- .../containers/experimental/default.nix | 38 ++--- system/services/default.nix | 2 +- system/services/ollama.nix | 5 +- 30 files changed, 223 insertions(+), 159 deletions(-) create mode 100644 home/develop/docs.nix create mode 100644 home/terminal/programs/irssi.nix create mode 100644 system/core/docs.nix create mode 100644 system/core/harden.nix create mode 100644 system/network/goldberg.nix rename system/{core => programs}/tools.nix (100%) diff --git a/.gitignore b/.gitignore index 726d2d6..bfad2f8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ result .direnv +.swp diff --git a/flake.lock b/flake.lock index 252036e..b216680 100644 --- a/flake.lock +++ b/flake.lock @@ -55,6 +55,22 @@ "type": "github" } }, + "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" @@ -82,11 +98,11 @@ ] }, "locked": { - "lastModified": 1714641030, - "narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=", + "lastModified": 1717285511, + "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e", + "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", "type": "github" }, "original": { @@ -150,21 +166,55 @@ "type": "github" } }, - "flake-utils_3": { + "git-hooks": { "inputs": { - "systems": "systems_2" + "flake-compat": "flake-compat_3", + "gitignore": "gitignore", + "nixpkgs": [ + "small-nvim", + "neovim-nightly-overlay", + "nixpkgs" + ], + "nixpkgs-stable": [ + "small-nvim", + "neovim-nightly-overlay", + "nixpkgs" + ] }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "lastModified": 1717664902, + "narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1", "type": "github" }, "original": { - "owner": "numtide", - "repo": "flake-utils", + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "small-nvim", + "neovim-nightly-overlay", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", "type": "github" } }, @@ -193,11 +243,11 @@ ] }, "locked": { - "lastModified": 1713898448, - "narHash": "sha256-6q6ojsp/Z9P2goqnxyfCSzFOD92T3Uobmj8oVAicUOs=", + "lastModified": 1718018037, + "narHash": "sha256-03rLBd/lKecgaKz0j5ESUf9lDn5R0SJatZTKLL5unWE=", "owner": "hercules-ci", "repo": "hercules-ci-effects", - "rev": "c0302ec12d569532a6b6bd218f698bc402e93adc", + "rev": "0ab08b23ce3c3f75fe9a5598756b6fb8bcf0b414", "type": "github" }, "original": { @@ -226,45 +276,21 @@ "type": "github" } }, - "neovim-flake": { - "inputs": { - "flake-utils": "flake-utils_3", - "nixpkgs": [ - "small-nvim", - "neovim-nightly-overlay", - "nixpkgs" - ] - }, - "locked": { - "dir": "contrib", - "lastModified": 1715815279, - "narHash": "sha256-Pf7ZlqPnr195NZb5ADzMVsXurPMjRZ+JMXf6JxvXArE=", - "owner": "neovim", - "repo": "neovim", - "rev": "9ca81b025990911c2a0dbda92af39ba84983bac3", - "type": "github" - }, - "original": { - "dir": "contrib", - "owner": "neovim", - "repo": "neovim", - "type": "github" - } - }, "neovim-nightly-overlay": { "inputs": { "flake-compat": "flake-compat_2", "flake-parts": "flake-parts_2", + "git-hooks": "git-hooks", "hercules-ci-effects": "hercules-ci-effects", - "neovim-flake": "neovim-flake", + "neovim-src": "neovim-src", "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1715817852, - "narHash": "sha256-UH5o7hT72oAavJTG2NxlpMyQe3BQMniQAsgTugWtlc4=", + "lastModified": 1718512978, + "narHash": "sha256-roENt8tYPxBXcaluvburPG9PeKhr4BgoYup2LR66wvA=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "7b5ca2486bba58cac80b9229209239740b67cf90", + "rev": "c1e57fe1d1172672adae8633286d5d7713309ccf", "type": "github" }, "original": { @@ -273,6 +299,22 @@ "type": "github" } }, + "neovim-src": { + "flake": false, + "locked": { + "lastModified": 1718492826, + "narHash": "sha256-YaZyuhBSZFnwoMwe790NjzUyff/Ml93jJ6wxj4dCFdc=", + "owner": "neovim", + "repo": "neovim", + "rev": "aa319da4024a77b0f7c40e08c6f5d5b512a7f899", + "type": "github" + }, + "original": { + "owner": "neovim", + "repo": "neovim", + "type": "github" + } + }, "nix-index-database": { "inputs": { "nixpkgs": [ @@ -375,11 +417,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1715774670, - "narHash": "sha256-iJYnKMtLi5u6hZhJm94cRNSDG5Rz6ZzIkGbhPFtDRm0=", + "lastModified": 1718276985, + "narHash": "sha256-u1fA0DYQYdeG+5kDm1bOoGcHtX0rtC7qs2YA2N1X++I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b3fcfcfabd01b947a1e4f36622bbffa3985bdac6", + "rev": "3f84a279f1a6290ce154c5531378acc827836fbb", "type": "github" }, "original": { @@ -427,11 +469,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1718250206, - "narHash": "sha256-FcTPBqDk3Fut84G9gPRzKbDfYsBKp6k68x7l0gpoaG4=", + "lastModified": 1719105734, + "narHash": "sha256-Sa2qKc985UTUA7gJ15eb6CjOYwAqfMmL3f0uVnKNzeQ=", "owner": "xunuwu", "repo": "small-nvim", - "rev": "80e1ddb44caecdc62a9239fb0a7ce5b315ac3c72", + "rev": "d71d15304a37db9b9ef712f03a4ec7928dfb9783", "type": "github" }, "original": { @@ -489,24 +531,9 @@ "type": "github" } }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "utils": { "inputs": { - "systems": "systems_3" + "systems": "systems_2" }, "locked": { "lastModified": 1710146030, diff --git a/flake.nix b/flake.nix index fae922c..e728988 100644 --- a/flake.nix +++ b/flake.nix @@ -11,11 +11,7 @@ ]; flake = { }; - perSystem = { - pkgs, - system, - ... - }: { + perSystem = {pkgs, ...}: { devShells.default = pkgs.mkShell { packages = with pkgs; [ alejandra diff --git a/home/develop/default.nix b/home/develop/default.nix index 3925d83..f400f47 100644 --- a/home/develop/default.nix +++ b/home/develop/default.nix @@ -1,5 +1,6 @@ { imports = [ ./nix.nix + ./docs.nix ]; } diff --git a/home/develop/docs.nix b/home/develop/docs.nix new file mode 100644 index 0000000..22c37ab --- /dev/null +++ b/home/develop/docs.nix @@ -0,0 +1,3 @@ +{ + programs.man.generateCaches = true; +} diff --git a/home/profiles/default.nix b/home/profiles/default.nix index 92e7e1d..c94bd9a 100644 --- a/home/profiles/default.nix +++ b/home/profiles/default.nix @@ -13,9 +13,11 @@ inputs.nix-index-database.hmModules.nix-index inputs.sops-nix.homeManagerModules.sops { - programs.nix-index.enableZshIntegration = false; - programs.nix-index.enableBashIntegration = false; - programs.nix-index.enableFishIntegration = false; + programs.nix-index = { + enableBashIntegration = false; + enableFishIntegration = false; + enableZshIntegration = false; + }; } ]; "xun@hopper" = [ diff --git a/home/profiles/nixdesk/default.nix b/home/profiles/nixdesk/default.nix index 004ee13..5cd83fe 100644 --- a/home/profiles/nixdesk/default.nix +++ b/home/profiles/nixdesk/default.nix @@ -1,4 +1,4 @@ -{...}: { +{ imports = [ ./kanshi.nix ./defaults.nix @@ -7,6 +7,7 @@ ../../terminal ../../terminal/programs/zellij.nix + ../../terminal/programs/irssi.nix ../../terminal/programs/lazygit.nix ../../terminal/programs/beets.nix ../../editors/nvim.nix diff --git a/home/programs/browsers/firefox.nix b/home/programs/browsers/firefox.nix index 5f17d7d..ab73444 100644 --- a/home/programs/browsers/firefox.nix +++ b/home/programs/browsers/firefox.nix @@ -21,7 +21,7 @@ ]; bookmarks = {}; settings = { - "browser.tabs.inTitleBar" = "0"; # use system title bar (if you have one :)) + "browser.tabs.inTitleBar" = "0"; # use system title bar "browser.newtabpage.enabled" = false; "browser.newtab.url" = "about:blank"; "general.autoScroll" = "true"; # mmb scroll mode diff --git a/home/programs/desktop/awesome/default.nix b/home/programs/desktop/awesome/default.nix index 01f8198..e66913c 100644 --- a/home/programs/desktop/awesome/default.nix +++ b/home/programs/desktop/awesome/default.nix @@ -1,9 +1,4 @@ {pkgs, ...}: { - services.picom = { - enable = true; - vSync = true; - }; - xsession.windowManager.awesome = { enable = true; noArgb = true; diff --git a/home/programs/desktop/sway/default.nix b/home/programs/desktop/sway/default.nix index 03cfd6a..39bdd0a 100644 --- a/home/programs/desktop/sway/default.nix +++ b/home/programs/desktop/sway/default.nix @@ -34,6 +34,10 @@ statusCommand = "${lib.getExe pkgs.i3status}"; } ]; + window = { + titlebar = false; + }; + menu = "${lib.getExe pkgs.fuzzel}"; keybindings = let mod = config.wayland.windowManager.sway.config.modifier; wobVolume = "${pkgs.wireplumber}/bin/wpctl get-volume @DEFAULT_SINK@ | awk '{print $2*100}' > $XDG_RUNTIME_DIR/wob.sock"; @@ -56,7 +60,6 @@ "${mod}+Ctrl+Shift+${dir.up}" = "move output up"; "${mod}+Ctrl+Shift+${dir.down}" = "move output down"; - "${mod}+d" = "exec ${lib.getExe pkgs.fuzzel}"; "${mod}+Shift+Backspace" = "exec systemctl suspend"; "${mod}+Shift+s" = "exec ${lib.getExe pkgs.grimblast} copy area"; diff --git a/home/programs/media/jellyfin.nix b/home/programs/media/jellyfin.nix index 49f0cb7..8e4cdf0 100644 --- a/home/programs/media/jellyfin.nix +++ b/home/programs/media/jellyfin.nix @@ -1,7 +1,6 @@ {pkgs, ...}: { home.packages = with pkgs; [ jellyfin-media-player - sonixd feishin ]; } diff --git a/home/secrets/wakatime b/home/secrets/wakatime index fcc7701..717774f 100644 --- a/home/secrets/wakatime +++ b/home/secrets/wakatime @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:C2L6jTyiwlFwW8Ss0oHcs+Uq/Lt+y7eo9+7OqU5+GRgqzsMNUzTZXk6J20A0Ent6uEp/R2RdfUThBPWEgrIEHuTxGPhE/xMkWxSPWp72U2vPDw2PX6xaj4NZ2uTJVIzzGUKARA==,iv:V0NKo09OMLIhVFaK43JLTTy+etvJn/Ez4UHTb8prQDY=,tag:Ti/Vnu2UC7MbTwIWqP2U7A==,type:str]", + "data": "ENC[AES256_GCM,data:7AM1HQJtfUtF9IzP1snk8ULWYQNj2FNECp4Ioro2Btm49kV/sKYNn28CvBU5Pxz7X3vt/D8As2aAiFCh6rKGqYcBFUnm4/+JIZjiz7JIoNq9WoBY67Dj1xmwFeq648beLAVIKaKrMg==,iv:WQRPJsHOrmTMflN4hbdG6q7mevJjm1vgGz7Vgh3HtzU=,tag:iuhVjV8V49qqxCGK3phRQA==,type:str]", "sops": { "kms": null, "gcp_kms": null, @@ -11,8 +11,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnOEEwKzRKc1FPSGlHbXk0\ncnQvN2oyRERxY0d5eEdmczBpYlZrb2M0eVcwCjNrTUc2dEcyYkFwMERTSEVnTldy\nWHhjeXVkOGFGRUdoM3dIdlJiZmRFTUUKLS0tIGM0S2MxZUYvUCtIZ3pKbDl1Vi9S\nNVQ4Yk5BWFlRK1RZNWtCNDltemxtaTQKFggxv58s2w9VTvQUZPv9ryzxRinGBz8s\n62TOAVxlWL3EdUqWd7o8kK83Ryw+Vor7Rjoe6ee9RSRNJSDmEPjJCA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2024-05-21T18:41:29Z", - "mac": "ENC[AES256_GCM,data:SMelsZxZPQHkbNckfodg7tm99SGCoFflI6I1T+z3jafcMVUNbKj5H5BqSIqerDivsgXS4q7p83si6cvVcx3ePqvmSkeCjCxq2f+txmuDVYfqBJq3SvQ6C9zTnSYcefDYMaWFSGR8Yvw3zCH45s94DeGl3F5eo2HEV1S8M+7eos4=,iv:og+kLgKE4U3F84psUiobkd1cJSqLIu+Pu4W54x3twyM=,tag:uJDTfWtMhiQDAsLB9zpYFQ==,type:str]", + "lastmodified": "2024-06-26T03:19:42Z", + "mac": "ENC[AES256_GCM,data:fHi0HLAtklALyIbtQzmmi++uWpgVAqApLbHVZ4fQEafkdcJ8IsargeiYh9GULiVdFUp5lVLQ42HqIOte0jRC+fTKspv1TURS4rgFxLZMTwZJcbbRkwBxYMYtEd1L/AutKZfDCWxYJgS1ovhwSWZTXdB5XUd4CjIeqqLngjIDzTY=,iv:43AA3sFEABB5aNdBuHzJ9PAIBWEb/xv3LgG/YJdL8Ek=,tag:PHq16PyAET8l/dxKHUJXEA==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", "version": "3.8.1" diff --git a/home/services/system/polkit-agent.nix b/home/services/system/polkit-agent.nix index 065ba21..dd55fd1 100644 --- a/home/services/system/polkit-agent.nix +++ b/home/services/system/polkit-agent.nix @@ -1,4 +1,3 @@ -# TODO fix polkit, this dosent work {pkgs, ...}: { systemd.user.services.polkit-gnome-authentication-agent-1 = { Unit.Description = "polkit-gnome-authentication-agent-1"; diff --git a/home/terminal/emulator/foot.nix b/home/terminal/emulator/foot.nix index 9d3252a..bed8f96 100644 --- a/home/terminal/emulator/foot.nix +++ b/home/terminal/emulator/foot.nix @@ -1,8 +1,4 @@ -{ - pkgs, - lib, - ... -}: { +{pkgs, ...}: { programs.foot = { enable = true; settings = { @@ -10,6 +6,7 @@ include = "${pkgs.foot.themes}/share/foot/themes/moonfly"; font = "monospace:size=9"; }; + mouse.hide-when-typing = true; }; }; } diff --git a/home/terminal/programs/irssi.nix b/home/terminal/programs/irssi.nix new file mode 100644 index 0000000..7644b0c --- /dev/null +++ b/home/terminal/programs/irssi.nix @@ -0,0 +1,22 @@ +{pkgs, ...}: { + programs.irssi = { + enable = true; + networks = { + liberachat = { + nick = "wheat"; + server = { + address = "irc.libera.chat"; + port = 6697; + autoConnect = true; + }; + channels = { + nixos.autoJoin = false; + }; + }; + }; + }; + home.file.".irssi/default.theme".source = pkgs.fetchurl { + url = "https://irssi-import.github.io/themes/h3rbz.theme"; + hash = "sha256-2nB+jvDXPgkMXTd6f305R2aBt/D4kbsIGbqcIllHADo="; + }; +} diff --git a/hosts/default.nix b/hosts/default.nix index 4e6e55c..e588560 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -2,7 +2,6 @@ self, inputs, homeImports, - lib, ... }: let specialArgs = { @@ -34,7 +33,8 @@ in { nixdesk = { deployment = { allowLocalDeployment = true; - targetHost = null; + targetUser = "xun"; + targetHost = "nixdesk.local"; }; imports = desktop @@ -44,12 +44,11 @@ in { "${self}/secrets" "${self}/secrets/nixdesk" - "${mod}/network/wifi.nix" + #"${mod}/network/wifi.nix" "${mod}/services/syncthing.nix" - "${mod}/services/virt/podman.nix" + #"${mod}/services/virt/podman.nix" "${mod}/services/virt/waydroid.nix" - "${mod}/services/virt/distrobox.nix" "${mod}/services/virt/virt-manager.nix" #"${mod}/services/ollama.nix" "${mod}/desktop/x11/nosleep.nix" @@ -79,33 +78,33 @@ in { "${mod}/core" - "${mod}/programs" - "${mod}/programs/steam.nix" + #"${mod}/programs" + #"${mod}/programs/steam.nix" - "${mod}/desktop" - "${mod}/desktop/awesome.nix" + #"${mod}/desktop" + #"${mod}/desktop/awesome.nix" - "${mod}/hardware/opengl.nix" - "${mod}/hardware/steam-hardware.nix" - "${mod}/hardware/bluetooth.nix" - "${mod}/hardware/qmk.nix" + #"${mod}/hardware/opengl.nix" + #"${mod}/hardware/steam-hardware.nix" + #"${mod}/hardware/bluetooth.nix" + #"${mod}/hardware/qmk.nix" "${mod}/network/avahi.nix" "${mod}/network/networkd.nix" "${mod}/network/tailscale.nix" - "${mod}/services" - "${mod}/services/pipewire.nix" + #"${mod}/services" + #"${mod}/services/pipewire.nix" "${mod}/services/syncthing.nix" #"${mod}/services/containers/server" "${mod}/services/containers/experimental" - { - home-manager = { - users.xun.imports = homeImports."xun@hopper"; - extraSpecialArgs = specialArgs; - }; - } + #{ + # home-manager = { + # users.xun.imports = homeImports."xun@hopper"; + # extraSpecialArgs = specialArgs; + # }; + #} ]; }; liveiso = { @@ -124,9 +123,10 @@ in { }; flake.nixosConfigurations = let l = inputs.nixpkgs.lib; - in (builtins.mapAttrs (_n: v: - l.nixosSystem { - inherit specialArgs; - modules = v.imports; - }) (l.filterAttrs (n: _: n != "meta") self.colmena)); + in + builtins.mapAttrs (_: v: + l.nixosSystem { + inherit specialArgs; + modules = v.imports; + }) (l.filterAttrs (n: _: n != "meta") self.colmena); } diff --git a/hosts/hopper/default.nix b/hosts/hopper/default.nix index ce4dd7b..6e7cbd8 100644 --- a/hosts/hopper/default.nix +++ b/hosts/hopper/default.nix @@ -7,10 +7,6 @@ ./brawlstats.nix ]; - services.tailscale.extraUpFlags = [ - "--ssh" - ]; - networking.hostName = "hopper"; swapDevices = []; diff --git a/modules/default.nix b/modules/default.nix index 83ded7d..d402610 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,5 +1,5 @@ { flake.nixosModules = { - # name = import ./name + #name = import ./name; }; } diff --git a/pkgs/gamesand/default.nix b/pkgs/gamesand/default.nix index 896b543..3268a66 100644 --- a/pkgs/gamesand/default.nix +++ b/pkgs/gamesand/default.nix @@ -5,7 +5,7 @@ symlinkJoin { name = "gamesand"; paths = [ - ((steamPackages.steam-fhsenv-without-steam.override + (steamPackages.steam-fhsenv-without-steam.override { extraBwrapArgs = [ "--ro-bind ./files /game/files" @@ -15,7 +15,7 @@ symlinkJoin { "--cap-add ALL" ]; }) - .run) + .run ]; postBuild = '' mv $out/bin/steam-run $out/bin/gamesand diff --git a/system/core/default.nix b/system/core/default.nix index 4f628cf..f9dcb4a 100644 --- a/system/core/default.nix +++ b/system/core/default.nix @@ -2,15 +2,11 @@ imports = [ ./security.nix ./users.nix - ./tools.nix ./ssh.nix - ./compat.nix ../nix ../programs/zsh.nix ]; - documentation.dev.enable = true; - i18n = { defaultLocale = "en_US.UTF-8"; supportedLocales = [ @@ -19,8 +15,5 @@ }; services.xserver.xkb.layout = "eu"; - # don't touch this - system.stateVersion = lib.mkDefault "23.11"; - - time.timeZone = lib.mkDefault "Europe/Stockholm"; + time.timeZone = lib.mkDefault "Europe/Berlin"; } diff --git a/system/core/docs.nix b/system/core/docs.nix new file mode 100644 index 0000000..a650027 --- /dev/null +++ b/system/core/docs.nix @@ -0,0 +1,15 @@ +{pkgs, ...}: { + documentation = { + dev.enable = true; + man.generateCaches = true; + man = { + man-db.enable = false; + mandoc.enable = true; + }; + }; + environment.systemPackages = with pkgs; [ + linux-manual + man-pages + man-pages-posix + ]; +} diff --git a/system/core/harden.nix b/system/core/harden.nix new file mode 100644 index 0000000..0a5eccd --- /dev/null +++ b/system/core/harden.nix @@ -0,0 +1,4 @@ +{ + #TODO: add stuff here + # use lynis mayb +} diff --git a/system/default.nix b/system/default.nix index e3355a1..ad9a3bf 100644 --- a/system/default.nix +++ b/system/default.nix @@ -1,7 +1,9 @@ let desktop = [ ./core + ./core/compat.nix ./core/boot.nix + ./core/docs.nix ./core/gvfs.nix ./hardware/opengl.nix @@ -13,6 +15,7 @@ let ./network/avahi.nix ./network/localsend.nix ./network/tailscale.nix + ./network/goldberg.nix ./desktop ./desktop/awesome.nix @@ -20,6 +23,7 @@ let #./desktop/hyprland.nix ./programs + ./programs/tools.nix ./services ./services/pipewire.nix diff --git a/system/hardware/opengl.nix b/system/hardware/opengl.nix index f899b37..a382b18 100644 --- a/system/hardware/opengl.nix +++ b/system/hardware/opengl.nix @@ -1,4 +1,4 @@ -{...}: { +{ hardware.opengl = { enable = true; driSupport = true; diff --git a/system/network/goldberg.nix b/system/network/goldberg.nix new file mode 100644 index 0000000..e43c818 --- /dev/null +++ b/system/network/goldberg.nix @@ -0,0 +1,6 @@ +{ + networking.firewall = { + allowedTCPPorts = [47584]; + allowedUDPPorts = [47584]; + }; +} diff --git a/system/core/tools.nix b/system/programs/tools.nix similarity index 100% rename from system/core/tools.nix rename to system/programs/tools.nix diff --git a/system/programs/zsh.nix b/system/programs/zsh.nix index 2709f06..0ca9f51 100644 --- a/system/programs/zsh.nix +++ b/system/programs/zsh.nix @@ -3,7 +3,10 @@ environment.pathsToLink = ["/share/zsh"]; programs = { - less.enable = true; + less = { + enable = true; + envVariables.LESS = "--mouse"; + }; zsh = { enable = true; diff --git a/system/services/containers/experimental/default.nix b/system/services/containers/experimental/default.nix index 7515e04..e122184 100644 --- a/system/services/containers/experimental/default.nix +++ b/system/services/containers/experimental/default.nix @@ -15,14 +15,14 @@ reloadServices = ["podman-caddy.service"]; }; certs = { - "xun.cam" = { + "xunuwu.xyz" = { dnsProvider = "cloudflare"; credentialFiles = { CF_DNS_API_TOKEN_FILE = config.sops.secrets.cloudflare.path; }; extraDomainNames = [ - "jellyfin.xun.cam" - "wakapi.xun.cam" + "jellyfin.xunuwu.xyz" + "wakapi.xunuwu.xyz" ]; }; }; @@ -137,25 +137,25 @@ caddy = { image = "caddy"; volumes = [ - #alt.xun.cam:8336 { + #alt.xunuwu.xyz:8336 { #tls internal #reverse_proxy #localhost:5030 #} "${builtins.toFile "Caddyfile" '' - https://jellyfin.xun.cam:8336 { - tls /etc/ssl/certs/xun.cam/cert.pem /etc/ssl/certs/xun.cam/key.pem + https://jellyfin.xunuwu.xyz:8336 { + tls /etc/ssl/certs/xunuwu.xyz/cert.pem /etc/ssl/certs/xunuwu.xyz/key.pem reverse_proxy localhost:8096 } - https://wakapi.xun.cam:8336 { - tls /etc/ssl/certs/xun.cam/cert.pem /etc/ssl/certs/xun.cam/key.pem + https://wakapi.xunuwu.xyz:8336 { + tls /etc/ssl/certs/xunuwu.xyz/cert.pem /etc/ssl/certs/xunuwu.xyz/key.pem reverse_proxy localhost:3000 } ''}:/etc/caddy/Caddyfile" #tls /etc/ssl/certs/cloudflare/cert.pem /etc/ssl/certs/cloudflare/key.pem - #"${config.sops.secrets.xun-cam-cert.path}:/etc/ssl/certs/cloudflare/cert.pem" - #"${config.sops.secrets.xun-cam-key.path}:/etc/ssl/certs/cloudflare/key.pem" - "/var/lib/acme/xun.cam:/etc/ssl/certs/xun.cam" + #"${config.sops.secrets.xunuwu.xyz-cert.path}:/etc/ssl/certs/cloudflare/cert.pem" + #"${config.sops.secrets.xunuwu.xyz-key.path}:/etc/ssl/certs/cloudflare/key.pem" + "/var/lib/acme/xunuwu.xyz:/etc/ssl/certs/xunuwu.xyz" "/media/config/caddy/data:/data" "/media/config/caddy/config:/config" ]; @@ -192,7 +192,7 @@ # "${config.sops.secrets.authelia_encryption_key.path}:/secrets/STORAGE_ENCRYPTION_KEY" # "${builtins.toFile "users_database.yml" '' # them: auto - # default_redirection_url: https://auth.xun.cam:8336 + # default_redirection_url: https://auth.xunuwu.xyz:8336 # authentication_backend: # ldap: @@ -215,14 +215,14 @@ # notifier: # smtp: - # host: smtp.xun.cam + # host: smtp.xunuwu.xyz # port: 8336 - # username: auth@xun.cam - # sender: "Authelia