diff --git a/.gitignore b/.gitignore index cd3c43b..8565e0c 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,8 @@ nixos-switch.log + +# make it possible to just put stuff in the repo to test things +# or to have a reference, but they don't end up upstream +**/*/scratch/ +scratch +**/*/*.scratch +*.scratch diff --git a/certificates/id_ed25519_srv-videoconf.pub b/certificates/id_ed25519_srv-videoconf.pub new file mode 100644 index 0000000..058cd61 --- /dev/null +++ b/certificates/id_ed25519_srv-videoconf.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPel38K6eMnz1kS/od+4znlq0/wqUk1HifXVerv/DZUZ srv-videoconf diff --git a/flake.lock b/flake.lock index 7a8ac69..05a831a 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,55 @@ { "nodes": { + "agenix": { + "inputs": { + "agenix": "agenix_2", + "crane": "crane", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nix-secrets", + "nixpkgs" + ], + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1744897914, + "narHash": "sha256-GIVU92o2TZBnKQXTb76zpQbWR4zjU2rFqWKNIIpXnqA=", + "owner": "yaxitech", + "repo": "ragenix", + "rev": "40f2e17ecaeab4d78ec323e96a04548c0aaa5223", + "type": "github" + }, + "original": { + "owner": "yaxitech", + "repo": "ragenix", + "type": "github" + } + }, + "agenix_2": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager_2", + "nixpkgs": [ + "nix-secrets", + "agenix", + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1736955230, + "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", + "owner": "ryantm", + "repo": "agenix", + "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, "base16": { "inputs": { "fromYaml": "fromYaml" @@ -37,11 +87,11 @@ "base16-helix": { "flake": false, "locked": { - "lastModified": 1736852337, - "narHash": "sha256-esD42YdgLlEh7koBrSqcT7p2fsMctPAcGl/+2sYJa2o=", + "lastModified": 1748408240, + "narHash": "sha256-9M2b1rMyMzJK0eusea0x3lyh3mu5nMeEDSc4RZkGm+g=", "owner": "tinted-theming", "repo": "base16-helix", - "rev": "03860521c40b0b9c04818f2218d9cc9efc21e7a5", + "rev": "6c711ab1a9db6f51e2f6887cc3345530b33e152e", "type": "github" }, "original": { @@ -67,34 +117,58 @@ "type": "github" } }, - "firefox-gnome-theme": { - "flake": false, + "crane": { "locked": { - "lastModified": 1744642301, - "narHash": "sha256-5A6LL7T0lttn1vrKsNOKUk9V0ittdW0VEqh6AtefxJ4=", - "owner": "rafaelmardojai", - "repo": "firefox-gnome-theme", - "rev": "59e3de00f01e5adb851d824cf7911bd90c31083a", + "lastModified": 1741481578, + "narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=", + "owner": "ipetkov", + "repo": "crane", + "rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5", "type": "github" }, "original": { - "owner": "rafaelmardojai", - "repo": "firefox-gnome-theme", + "owner": "ipetkov", + "repo": "crane", "type": "github" } }, - "flake-compat": { + "darwin": { + "inputs": { + "nixpkgs": [ + "nix-secrets", + "agenix", + "agenix", + "nixpkgs" + ] + }, "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", "type": "github" }, "original": { - "owner": "edolstra", - "repo": "flake-compat", + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "firefox-gnome-theme": { + "flake": false, + "locked": { + "lastModified": 1748383148, + "narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=", + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf", + "type": "github" + }, + "original": { + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", "type": "github" } }, @@ -106,11 +180,11 @@ ] }, "locked": { - "lastModified": 1733312601, - "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "lastModified": 1749398372, + "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", "type": "github" }, "original": { @@ -119,6 +193,24 @@ "type": "github" } }, + "flake-utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "fromYaml": { "flake": false, "locked": { @@ -135,54 +227,6 @@ "type": "github" } }, - "git-hooks": { - "inputs": { - "flake-compat": [ - "stylix", - "flake-compat" - ], - "gitignore": "gitignore", - "nixpkgs": [ - "stylix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1742649964, - "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, - "gitignore": { - "inputs": { - "nixpkgs": [ - "stylix", - "git-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, "gnome-shell": { "flake": false, "locked": { @@ -207,11 +251,11 @@ ] }, "locked": { - "lastModified": 1749154018, - "narHash": "sha256-gjN3j7joRvT3a8Zgcylnd4NFsnXeDBumqiu4HmY1RIg=", + "lastModified": 1756679287, + "narHash": "sha256-Xd1vOeY9ccDf5VtVK12yM0FS6qqvfUop8UQlxEB+gTQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "7aae0ee71a17b19708b93b3ed448a1a0952bf111", + "rev": "07fc025fe10487dd80f2ec694f1cd790e752d0e8", "type": "github" }, "original": { @@ -224,32 +268,33 @@ "home-manager_2": { "inputs": { "nixpkgs": [ - "stylix", + "nix-secrets", + "agenix", + "agenix", "nixpkgs" ] }, "locked": { - "lastModified": 1747556831, - "narHash": "sha256-Qb84nbYFFk0DzFeqVoHltS2RodAYY5/HZQKE8WnBDsc=", + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", "owner": "nix-community", "repo": "home-manager", - "rev": "d0bbd221482c2713cccb80220f3c9d16a6e20a33", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-25.05", "repo": "home-manager", "type": "github" } }, "nix-flatpak": { "locked": { - "lastModified": 1749394952, - "narHash": "sha256-WbWkzIvB0gqAdBLghdmUpGveY7MlAS2iMj3VEJnJ9yE=", + "lastModified": 1754777568, + "narHash": "sha256-0bBqT+3XncgF8F03RFAamw9vdf0VmaDoIJLTGkjfQZs=", "owner": "gmodena", "repo": "nix-flatpak", - "rev": "64c6e53a3999957c19ab95cda78bde466d8374cc", + "rev": "62f636b87ef6050760a8cb325cadb90674d1e23e", "type": "github" }, "original": { @@ -258,6 +303,24 @@ "type": "github" } }, + "nix-secrets": { + "inputs": { + "agenix": "agenix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1756408834, + "narHash": "sha256-q7CzXgleZlV2f6T6gO4Qgj6s/QjODz2oMVZrB2LzTog=", + "path": "/home/ranomier/Projects/nix-secrets", + "type": "path" + }, + "original": { + "path": "/home/ranomier/Projects/nix-secrets", + "type": "path" + } + }, "nixlib": { "locked": { "lastModified": 1736643958, @@ -281,11 +344,11 @@ ] }, "locked": { - "lastModified": 1747663185, - "narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=", + "lastModified": 1751903740, + "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc", + "rev": "032decf9db65efed428afd2fa39d80f7089085eb", "type": "github" }, "original": { @@ -296,11 +359,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1749832440, - "narHash": "sha256-lfxhuxAaHlYFGr8yOrAXZqdMt8PrFLzjVqH9v3lQaoY=", + "lastModified": 1757103352, + "narHash": "sha256-PtT7ix43ss8PONJ1VJw3f6t2yAoGH+q462Sn8lrmWmk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "db030f62a449568345372bd62ed8c5be4824fa49", + "rev": "11b2a10c7be726321bb854403fdeec391e798bf0", "type": "github" }, "original": { @@ -312,11 +375,11 @@ }, "nixos-unstable": { "locked": { - "lastModified": 1749794982, - "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=", + "lastModified": 1756787288, + "narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81", + "rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1", "type": "github" }, "original": { @@ -328,11 +391,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1749727998, - "narHash": "sha256-mHv/yeUbmL91/TvV95p+mBVahm9mdQMJoqaTVTALaFw=", + "lastModified": 1757020766, + "narHash": "sha256-PLoSjHRa2bUbi1x9HoXgTx2AiuzNXs54c8omhadyvp0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fd487183437963a59ba763c0cc4f27e3447dd6dd", + "rev": "fe83bbdde2ccdc2cb9573aa846abe8363f79a97a", "type": "github" }, "original": { @@ -355,11 +418,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1746056780, - "narHash": "sha256-/emueQGaoT4vu0QjU9LDOG5roxRSfdY0K2KkxuzazcM=", + "lastModified": 1751320053, + "narHash": "sha256-3m6RMw0FbbaUUa01PNaMLoO7D99aBClmY5ed9V3vz+0=", "owner": "nix-community", "repo": "NUR", - "rev": "d476cd0972dd6242d76374fcc277e6735715c167", + "rev": "cbde1735782f9c2bb2c63d5e05fba171a14a4670", "type": "github" }, "original": { @@ -372,6 +435,7 @@ "inputs": { "home-manager": "home-manager", "nix-flatpak": "nix-flatpak", + "nix-secrets": "nix-secrets", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixos-unstable": "nixos-unstable", @@ -379,6 +443,28 @@ "stylix": "stylix" } }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "nix-secrets", + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741400194, + "narHash": "sha256-tEpgT+q5KlGjHSm8MnINgTPErEl8YDzX3Eps8PVc09g=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "16b6045a232fea0e9e4c69e55a6e269607dd8e3f", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "stylix": { "inputs": { "base16": "base16", @@ -386,16 +472,13 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-compat": "flake-compat", "flake-parts": "flake-parts", - "git-hooks": "git-hooks", "gnome-shell": "gnome-shell", - "home-manager": "home-manager_2", "nixpkgs": [ "nixpkgs" ], "nur": "nur", - "systems": "systems", + "systems": "systems_3", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -403,11 +486,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1749908208, - "narHash": "sha256-0nf9P4kRAzsBvf5jbY7M3NlnGSwBzU50kJAYGZH5Ez4=", + "lastModified": 1757101897, + "narHash": "sha256-gRfs83f1bF52O5GLNpGF4o15NOtgE5EW1oYJiW8JdOw=", "owner": "danth", "repo": "stylix", - "rev": "67c8eca32f1baf158ffb9a56f28a2fc8e9852fb0", + "rev": "fbe628a289404d527c1eb3cd39cebd417c705a13", "type": "github" }, "original": { @@ -432,6 +515,36 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tinted-foot": { "flake": false, "locked": { @@ -468,11 +581,11 @@ "tinted-schemes": { "flake": false, "locked": { - "lastModified": 1744974599, - "narHash": "sha256-Fg+rdGs5FAgfkYNCs74lnl8vkQmiZVdBsziyPhVqrlY=", + "lastModified": 1750770351, + "narHash": "sha256-LI+BnRoFNRa2ffbe3dcuIRYAUcGklBx0+EcFxlHj0SY=", "owner": "tinted-theming", "repo": "schemes", - "rev": "28c26a621123ad4ebd5bbfb34ab39421c0144bdd", + "rev": "5a775c6ffd6e6125947b393872cde95867d85a2a", "type": "github" }, "original": { @@ -484,11 +597,11 @@ "tinted-tmux": { "flake": false, "locked": { - "lastModified": 1745111349, - "narHash": "sha256-udV+nHdpqgkJI9D0mtvvAzbqubt9jdifS/KhTTbJ45w=", + "lastModified": 1751159871, + "narHash": "sha256-UOHBN1fgHIEzvPmdNMHaDvdRMgLmEJh2hNmDrp3d3LE=", "owner": "tinted-theming", "repo": "tinted-tmux", - "rev": "e009f18a01182b63559fb28f1c786eb027c3dee9", + "rev": "bded5e24407cec9d01bd47a317d15b9223a1546c", "type": "github" }, "original": { @@ -500,11 +613,11 @@ "tinted-zed": { "flake": false, "locked": { - "lastModified": 1725758778, - "narHash": "sha256-8P1b6mJWyYcu36WRlSVbuj575QWIFZALZMTg5ID/sM4=", + "lastModified": 1751158968, + "narHash": "sha256-ksOyv7D3SRRtebpXxgpG4TK8gZSKFc4TIZpR+C98jX8=", "owner": "tinted-theming", "repo": "base16-zed", - "rev": "122c9e5c0e6f27211361a04fae92df97940eccf9", + "rev": "86a470d94204f7652b906ab0d378e4231a5b3384", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index ef446c9..5367730 100644 --- a/flake.nix +++ b/flake.nix @@ -27,6 +27,11 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + nix-secrets = { + url = "path:/home/ranomier/Projects/nix-secrets"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # for managing flatpaks, like which ones are installed and which not nix-flatpak.url = "github:gmodena/nix-flatpak"; }; diff --git a/hosts/game-luanti/default.nix b/hosts/game-luanti/default.nix index cbac390..0a179be 100644 --- a/hosts/game-luanti/default.nix +++ b/hosts/game-luanti/default.nix @@ -1,4 +1,4 @@ -{rootPath, ...}: { +{inArgs, rootPath, config, ...}: { imports = [ ./boot.nix ./hardware-configuration.nix @@ -6,8 +6,11 @@ (rootPath + /modules/game/server/luanti) (rootPath + /modules/pkg_mgrmnt/unattended-updates.nix) + inArgs.nix-secrets.nixos-modules.game-luanti ]; + environment.etc."bla".source = config.age.secrets.hello.path; + users = let username = "root"; in { diff --git a/hosts/srv-videoconf/boot.nix b/hosts/srv-videoconf/boot.nix new file mode 100644 index 0000000..24a7a29 --- /dev/null +++ b/hosts/srv-videoconf/boot.nix @@ -0,0 +1,12 @@ +{ + # Use the GRUB 2 boot loader. + boot.loader.grub = { + enable = true; + # efiSupport = true; + # efiInstallAsRemovable = true; + # Define on which hard drive you want to install Grub. + device = "/dev/vda"; # or "nodev" for efi only + }; + # boot.loader.efi.efiSysMountPoint = "/boot/efi"; +} + diff --git a/hosts/srv-videoconf/default.nix b/hosts/srv-videoconf/default.nix index a1a0222..c816902 100644 --- a/hosts/srv-videoconf/default.nix +++ b/hosts/srv-videoconf/default.nix @@ -1,7 +1,22 @@ {rootPath, ...}: { imports = [ + ./boot.nix ./hardware-configuration.nix (rootPath + /system_profiles/server.nix) ]; + services.galene = { + enable = true; + + insecure = true; + }; + + users = let + username = "root"; + in { + users."${username}".openssh.authorizedKeys.keyFiles = [ + (rootPath + /certificates/id_ed25519_srv-videoconf.pub) + ]; + }; + } diff --git a/hosts/srv-videoconf/hardware-configuration.nix b/hosts/srv-videoconf/hardware-configuration.nix index e26ed92..368ee81 100644 --- a/hosts/srv-videoconf/hardware-configuration.nix +++ b/hosts/srv-videoconf/hardware-configuration.nix @@ -3,7 +3,6 @@ # to /etc/nixos/configuration.nix instead. { lib, - modulesPath, ... }: { boot = { @@ -13,15 +12,6 @@ extraModulePackages = []; }; - fileSystems."/" = { - device = "/dev/disk/by-uuid/d290e12c-d93c-45f6-b737-135b551c1951"; - fsType = "ext4"; - }; - - swapDevices = [ - {device = "/dev/disk/by-uuid/8c56f52e-568a-4e03-b22c-6d1c7de7c118";} - ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction diff --git a/modules/default.nix b/modules/default.nix index a2abd41..22f5da1 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -2,6 +2,7 @@ imports = [ ./accessibility.nix ./customisation.nix + ./direnv.nix # should only be imported directly or via system_profiles #./dhcp-all-interfaces.nix diff --git a/modules/direnv.nix b/modules/direnv.nix new file mode 100644 index 0000000..244e198 --- /dev/null +++ b/modules/direnv.nix @@ -0,0 +1,13 @@ +{ pkgs, ... }: { + #set to default values + programs.direnv = { + package = pkgs.direnv; + silent = false; + loadInNixShell = true; + direnvrcExtra = ""; + nix-direnv = { + enable = true; + package = pkgs.nix-direnv; + }; + }; +} diff --git a/modules/hardware/default.nix b/modules/hardware/default.nix index c6ebe66..2c2b12f 100644 --- a/modules/hardware/default.nix +++ b/modules/hardware/default.nix @@ -2,7 +2,8 @@ imports = [ ./bluetooth.nix ./fwupd.nix - ./gpu.nix + ./gpu-backend.nix + ./gpu-frontend.nix ./print.nix ./scan.nix #./trackpoint.nix diff --git a/modules/hardware/gpu.nix b/modules/hardware/gpu-backend.nix similarity index 100% rename from modules/hardware/gpu.nix rename to modules/hardware/gpu-backend.nix diff --git a/modules/hardware/gpu-frontend.nix b/modules/hardware/gpu-frontend.nix new file mode 100644 index 0000000..fd59eaa --- /dev/null +++ b/modules/hardware/gpu-frontend.nix @@ -0,0 +1,8 @@ +{pkgs, ...}: { + environment.systemPackages = [ pkgs.lact ]; + + systemd = { + packages = [ pkgs.lact ]; + services.lactd.wantedBy = ["multi-user.target"]; + }; +} diff --git a/modules/sec_auth/default.nix b/modules/sec_auth/default.nix index 27bdd07..0007eb8 100644 --- a/modules/sec_auth/default.nix +++ b/modules/sec_auth/default.nix @@ -1,10 +1,12 @@ { imports = [ + ./login + ./apparmor.nix ./firejail.nix - ./login-manager.nix ./ssh-client.nix #./ssh-server.nix ./sudo-rs.nix + ./uwsm.nix ]; } diff --git a/modules/sec_auth/login/default.nix b/modules/sec_auth/login/default.nix new file mode 100644 index 0000000..00031fe --- /dev/null +++ b/modules/sec_auth/login/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./login-manager.nix + ./uwsm.nix + ]; +} diff --git a/modules/sec_auth/login-manager.nix b/modules/sec_auth/login/login-manager.nix similarity index 100% rename from modules/sec_auth/login-manager.nix rename to modules/sec_auth/login/login-manager.nix diff --git a/modules/sec_auth/login/uwsm.nix b/modules/sec_auth/login/uwsm.nix new file mode 100644 index 0000000..fa4da9f --- /dev/null +++ b/modules/sec_auth/login/uwsm.nix @@ -0,0 +1,3 @@ +{ + programs.uwsm.enable = true; +} diff --git a/modules/sec_auth/uwsm.nix b/modules/sec_auth/uwsm.nix new file mode 100644 index 0000000..fa4da9f --- /dev/null +++ b/modules/sec_auth/uwsm.nix @@ -0,0 +1,3 @@ +{ + programs.uwsm.enable = true; +} diff --git a/modules/software/android.nix b/modules/software/android.nix index a31f709..479458a 100644 --- a/modules/software/android.nix +++ b/modules/software/android.nix @@ -1,5 +1,7 @@ -{ +{pkgs, ...}: { # for running android apps # also starts the systemd service waydroid-container virtualisation.waydroid.enable = true; + + environment.systemPackages = [ pkgs.unstable.waydroid-helper ]; } diff --git a/modules/software/audio_video/noise_cancel.nix b/modules/software/audio_video/noise_cancel.nix index 4dd4386..b8d1abf 100644 --- a/modules/software/audio_video/noise_cancel.nix +++ b/modules/software/audio_video/noise_cancel.nix @@ -12,9 +12,15 @@ "type" = "ladspa"; "name" = "rnnoise"; "plugin" = "${pkgs.rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so"; - "label" = "noise_suppressor_stereo"; + # mono can be replaced with stereo for double the performance as cost + "label" = "noise_suppressor_mono"; "control" = { + # if probability of sound being a voice is lower than this threshold - it will be silenced. In most cases the threshold between 85% - 95% would be fine. Without the VAD some loud noises may still be a bit audible when there is no voice. "VAD Threshold (%)" = 75.0; + # for how long after the last voice detection the output won't be silenced. This helps when ends of words/sentences are being cut off. + "VAD Grace Period (ms)" = 200; + # similar to VAD Grace Period (ms) but for starts of words/sentences. This introduces latency! + "Retroactive VAD Grace Period (ms)" = 0; }; } ]; @@ -26,10 +32,12 @@ "capture.props" = { "node.name" = "effect_input.rnnoise"; "node.passive" = true; + "audio.rate" = 48000; }; "playback.props" = { "node.name" = "effect_output.rnnoise"; "media.class" = "Audio/Source"; + "audio.rate" = 48000; }; }; } diff --git a/modules/software/nix-helper/default.nix b/modules/software/nix-helper/default.nix index 3de729c..8bc7716 100644 --- a/modules/software/nix-helper/default.nix +++ b/modules/software/nix-helper/default.nix @@ -2,6 +2,7 @@ imports = [ #./doc.nix ./index.nix + ./nh.nix ./nix-ld.nix ]; } diff --git a/modules/software/nix-helper/nh.nix b/modules/software/nix-helper/nh.nix new file mode 100644 index 0000000..a215203 --- /dev/null +++ b/modules/software/nix-helper/nh.nix @@ -0,0 +1,8 @@ +{ + programs.nh = { + enable = true; + #clean.enable = true; + #clean.extraArgs = "--keep-since 4d --keep 3"; + #flake = "/home/user/my-nixos-config"; + }; +} diff --git a/modules/software/packages/extended.nix b/modules/software/packages/extended.nix index 028ac4d..c425183 100644 --- a/modules/software/packages/extended.nix +++ b/modules/software/packages/extended.nix @@ -3,6 +3,7 @@ # low level stuff efibootmgr #exfat + sshfs exfatprogs greetd.greetd greetd.tuigreet @@ -15,16 +16,15 @@ lm_sensors unstable.neovim - gitui lazygit + meld gnumake gcc nodePackages.npm nodejs-slim python3 - fd nodejs-slim cargo rustc @@ -34,8 +34,8 @@ unstable.yt-dlp miniserve fzf + fd qemu - home-manager dfc sops diff --git a/modules/users/ranomier/home-manager.nix b/modules/users/ranomier/home-manager.nix index f097950..2bd6b49 100644 --- a/modules/users/ranomier/home-manager.nix +++ b/modules/users/ranomier/home-manager.nix @@ -1,9 +1,4 @@ {inArgs, pkgs, ...}: { - imports = [ - inArgs.home-manager.nixosModules.home-manager - ]; - home-manager.useUserPackages = true; - home-manager.useGlobalPkgs = true; home-manager.users."ranomier" = { stylix.iconTheme = { diff --git a/modules/wm_and_de/hyprland.nix b/modules/wm_and_de/hyprland.nix index 8482832..9e99b65 100644 --- a/modules/wm_and_de/hyprland.nix +++ b/modules/wm_and_de/hyprland.nix @@ -2,12 +2,6 @@ #imports = [ # ./components/rofi.nix #]; - # Enable the X11 windowing system. - # You can disable this if you're only using the Wayland session. - services.xserver.enable = false; - - # force chromium and electron apps to use wayland - environment.sessionVariables.NIXOS_OZONE_WL = "1"; xdg = { portal = { @@ -20,76 +14,76 @@ ]; }; }; + # Enable the hyprland window manager with additions programs = { hyprland = { enable = true; - xwayland.enable = true; - systemd.setPath.enable = true; #package = pkgs.unstable.hyprland; + + systemd.setPath.enable = true; + withUWSM = true; + xwayland.enable = true; }; hyprlock = { enable = true; #package = pkgs.unstable.hyprlock; }; }; - services.hypridle = { - enable = true; - #package = pkgs.unstable.hypridle; + + services = { + hypridle = { + enable = true; + #package = pkgs.unstable.hypridle; + }; + + # for mounting stuff, also needs a auth agent like lxqt.lxqt-policykit + gvfs.enable = true; }; - # for mounting stuff, also needs a auth agent like lxqt.lxqt-policykit - services.gvfs.enable = true; + environment = { + pathsToLink = ["/share/foot"]; - #qt = { - # enable = true; - # platformTheme = "qt5ct"; - # style = "kvantum"; - #}; + systemPackages = with pkgs; [ + hyprsunset + hyprpolkitagent + hyprutils + # for tiling window manager + foot + foot.themes + wofi + wl-clipboard # for waydroid and maybe more + wlogout + pamixer + waybar + hyprpaper + #unstable.kanshi + shikane + dunst - environment.pathsToLink = ["/share/foot"]; + # audio + mixxc + ncpamixer - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - hyprsunset - hyprpolkitagent - hyprutils - # for tiling window manager - foot - foot.themes - wofi - wl-clipboard # for waydroid and maybe more - wlogout - pamixer - waybar - hyprpaper - #unstable.kanshi - shikane - dunst + # for screenshot + annotation + grim + slurp + satty + flameshot - # audio - mixxc - ncpamixer + # theming + gruvbox-plus-icons + gruvbox-gtk-theme + kde-gruvbox + capitaine-cursors-themed + libsForQt5.qtstyleplugin-kvantum + kdePackages.qtstyleplugin-kvantum - # for screenshot + annotation - grim - slurp - satty - flameshot + # polkit auth agent + lxqt.lxqt-policykit - # theming - gruvbox-plus-icons - gruvbox-gtk-theme - kde-gruvbox - capitaine-cursors-themed - libsForQt5.qtstyleplugin-kvantum - kdePackages.qtstyleplugin-kvantum - - # polkit auth agent - lxqt.lxqt-policykit - - # file manager - nautilus - ]; + # file manager + nautilus + ]; + }; } diff --git a/modules/wm_and_de/niri.nix b/modules/wm_and_de/niri.nix new file mode 100644 index 0000000..9d3656d --- /dev/null +++ b/modules/wm_and_de/niri.nix @@ -0,0 +1,3 @@ +{ + programs.niri = true; +} diff --git a/modules/wm_and_de/qtile.nix b/modules/wm_and_de/qtile.nix index dab6d1c..51c6006 100644 --- a/modules/wm_and_de/qtile.nix +++ b/modules/wm_and_de/qtile.nix @@ -1,7 +1,5 @@ { - config, pkgs, - lib, ... }: { nixpkgs.overlays = [ diff --git a/outputs.nix b/outputs.nix index 5c64096..234698b 100644 --- a/outputs.nix +++ b/outputs.nix @@ -15,7 +15,7 @@ in { nixosConfigurations = builtins.mapAttrs (hostName: hostOptions: (hostHelper hostName hostOptions)) { crocoite = {stateVersion = "24.05";}; - #srv-videoconf = {stateVersion = "24.11";}; + #srv-videoconf = {stateVersion = "25.05";}; game-luanti = {stateVersion = "25.05";}; diff --git a/system_profiles/components/home-manager.nix b/system_profiles/components/home-manager.nix new file mode 100644 index 0000000..5b6500e --- /dev/null +++ b/system_profiles/components/home-manager.nix @@ -0,0 +1,10 @@ +{inArgs, pkgs, lib, ...}: { + imports = [ inArgs.home-manager.nixosModules.home-manager ]; + + environment.systemPackages = [ pkgs.home-manager ]; + + home-manager = { + useUserPackages = lib.mkDefault true; + useGlobalPkgs = lib.mkDefault true; + }; +} diff --git a/system_profiles/components/nix-defaults.nix b/system_profiles/components/nix-defaults.nix index 13be0a2..c0eb3f3 100644 --- a/system_profiles/components/nix-defaults.nix +++ b/system_profiles/components/nix-defaults.nix @@ -1,6 +1,6 @@ # This loads some nix and nixpkgs specific settints # i often need -{lib, pkgs, ...}: { +{lib, ...}: { # Disable if you don't want unfree packages nixpkgs.config.allowUnfree = lib.mkDefault true; @@ -9,7 +9,7 @@ # Lix is a modern, delicious implementation of the Nix package manager, # focused on correctness, usability, and growth – # and committed to doing right by its community. - package = lib.mkDefault pkgs.lix; + #package = lib.mkDefault pkgs.lix; channel.enable = lib.mkDefault false; diff --git a/system_profiles/components/nixpkgs-ng.nix b/system_profiles/components/nixpkgs-ng.nix index 4321bdd..9950e12 100644 --- a/system_profiles/components/nixpkgs-ng.nix +++ b/system_profiles/components/nixpkgs-ng.nix @@ -1,5 +1,5 @@ -{ +{lib, ...}: { system = { - rebuild.enableNg = false; + rebuild.enableNg = lib.mkDefault false; }; } diff --git a/system_profiles/components/no-x.nix b/system_profiles/components/no-x.nix new file mode 100644 index 0000000..f0c491b --- /dev/null +++ b/system_profiles/components/no-x.nix @@ -0,0 +1,9 @@ +{lib, ...}: { + # Enable the X11 windowing system. + # You can disable this if you're only using the Wayland session. + services.xserver.enable = lib.mkDefault false; + + # force chromium and electron apps to use wayland + environment.sessionVariables.NIXOS_OZONE_WL = lib.mkDefault "1"; +} + diff --git a/system_profiles/components/qemu.nix b/system_profiles/components/qemu.nix index 39b817d..2ed31c6 100644 --- a/system_profiles/components/qemu.nix +++ b/system_profiles/components/qemu.nix @@ -1,6 +1,6 @@ -{modulesPath, ...}; { +{modulesPath, lib, ...}: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - services.qemuGuest.enable = true; + services.qemuGuest.enable = lib.mkDefault true; } diff --git a/system_profiles/components/serial-console.nix b/system_profiles/components/serial-console.nix index 521887f..9bc085c 100644 --- a/system_profiles/components/serial-console.nix +++ b/system_profiles/components/serial-console.nix @@ -1,6 +1,6 @@ -{ +{lib, ...}: { boot.kernelParams = [ "console=ttyS0,115200n8" ]; - boot.loader.grub.extraConfig = " + boot.loader.grub.extraConfig = lib.mkDefault " serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1 terminal_input serial terminal_output serial diff --git a/system_profiles/desktop.nix b/system_profiles/desktop.nix index dc96afc..afbcd25 100644 --- a/system_profiles/desktop.nix +++ b/system_profiles/desktop.nix @@ -1,6 +1,8 @@ { imports = [ + ./components/home-manager.nix ./components/nix-defaults.nix + ./components/no-x.nix #./components/nixpkgs-ng.nix ./importers/desktop.nix