Price/dots
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor!: the big nix refactor
All checks were successful
Check Formatting of Files / Check-Formatting (push) Successful in 1m14s
Details

Browse Source
This commit is contained in:
Price Hiller 2024-05-03 14:35:00 -05:00
parent 9d9a0d1a6f
commit 02334f5601
Signed by: Price
GPG Key ID: C3FADDE7A8534BEB
356 changed files with 2977 additions and 963 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
.editorconfig Normal file
View File

@ -0,0 +1,26 @@
root = true
[*]
end_of_line = lf
insert_final_newline = false
trim_trailing_whitespace = true
charset = utf-8
max_line_length = 100
indent_style = space
# We don't want to mess with encrypted files if they exist in the repo
[*.age]
indent_style = unset
indent_size = unset
tab_width = unset
end_of_line = unset
charset = unset
trim_trailing_whitespace = unset
insert_final_newline = unset
max_line_length = unset
[{*.bash,.envrc}]
indent_style = tab
[*.nix]
indent_size = 2

4
.gitea/workflows/fmt.yaml
View File

@ -12,8 +12,4 @@ jobs:
- name: Check formatting - name: Check formatting
run: | run: |
for f in **/flake.nix; do
nix flake lock --update-input "$(basename "$(dirname "$f")")" || true
done
nix flake lock --update-input Fmt
nix --experimental-features "flakes nix-command" flake check nix --experimental-features "flakes nix-command" flake check

20
.gitmodules vendored
View File

@ -1,27 +1,27 @@
[submodule "dots/.config/zsh/config/plugins/zsh-syntax-highlighting"] [submodule "dots/.config/zsh/config/plugins/zsh-syntax-highlighting"]
path = dots/.config/zsh/config/plugins/zsh-syntax-highlighting path = users/price/dots/.config/zsh/config/plugins/zsh-syntax-highlighting
url = https://github.com/zsh-users/zsh-syntax-highlighting.git url = https://github.com/zsh-users/zsh-syntax-highlighting.git
[submodule "dots/.config/zsh/config/plugins/zsh-completions"] [submodule "dots/.config/zsh/config/plugins/zsh-completions"]
path = dots/.config/zsh/config/plugins/zsh-completions path = users/price/dots/.config/zsh/config/plugins/zsh-completions
url = https://github.com/zsh-users/zsh-completions.git url = https://github.com/zsh-users/zsh-completions.git
[submodule "dots/.config/zsh/config/plugins/zsh-autosuggestions"] [submodule "dots/.config/zsh/config/plugins/zsh-autosuggestions"]
path = dots/.config/zsh/config/plugins/zsh-autosuggestions path = users/price/dots/.config/zsh/config/plugins/zsh-autosuggestions
url = https://github.com/zsh-users/zsh-autosuggestions.git url = https://github.com/zsh-users/zsh-autosuggestions.git
[submodule "dots/.config/zsh/config/plugins/fzf-tab"] [submodule "dots/.config/zsh/config/plugins/fzf-tab"]
path = dots/.config/zsh/config/plugins/fzf-tab path = users/price/dots/.config/zsh/config/plugins/fzf-tab
url = https://github.com/Aloxaf/fzf-tab.git url = https://github.com/Aloxaf/fzf-tab.git
[submodule "dots/.config/zsh/config/plugins/z.lua"] [submodule "dots/.config/zsh/config/plugins/z.lua"]
path = dots/.config/zsh/config/plugins/z.lua path = users/price/dots/.config/zsh/config/plugins/z.lua
url = https://github.com/skywind3000/z.lua.git url = https://github.com/skywind3000/z.lua.git
[submodule "dots/.config/zsh/config/plugins/nix-zsh-completions"] [submodule "dots/.config/zsh/config/plugins/nix-zsh-completions"]
path = dots/.config/zsh/config/plugins/nix-zsh-completions path = users/price/dots/.config/zsh/config/plugins/nix-zsh-completions
url = https://github.com/spwhitt/nix-zsh-completions url = https://github.com/spwhitt/nix-zsh-completions
[submodule "dots/.config/zsh/config/themes/powerlevel10k"] [submodule "dots/.config/zsh/config/themes/powerlevel10k"]
path = dots/.config/zsh/config/themes/powerlevel10k path = users/price/dots/.config/zsh/config/themes/powerlevel10k
url = https://github.com/romkatv/powerlevel10k.git url = https://github.com/romkatv/powerlevel10k.git
[submodule "dots/.config/zsh/config/plugins/zsh-nix-shell"] [submodule "dots/.config/zsh/config/plugins/zsh-nix-shell"]
path = dots/.config/zsh/config/plugins/zsh-nix-shell path = users/price/dots/.config/zsh/config/plugins/zsh-nix-shell
url = https://github.com/chisui/zsh-nix-shell url = https://github.com/chisui/zsh-nix-shell
[submodule "dots/.config/zsh/config/plugins/powerlevel10k"] [submodule "dots/.config/zsh/config/plugins/powerlevel10k"]
path = dots/.config/zsh/config/plugins/powerlevel10k path = users/price/dots/.config/zsh/config/plugins/powerlevel10k
url = https://github.com/romkatv/powerlevel10k.git url = https://github.com/romkatv/powerlevel10k.git

2
dots/.config/Trolltech.conf
View File

@ -1,2 +0,0 @@
[Qt]
style=GTK+

2
dots/.config/hypr/conf/core/env.conf
View File

@ -1,2 +0,0 @@
env = QT_QPA_PLATFORMTHEME,gtk2
env = GTK_THEME,Kanagawa-Borderless

49
dots/.config/hypr/scripts/screen-cap.bash
View File

@ -1,49 +0,0 @@
#!/bin/bash
# Dependencies:
# - wf-recorder: https://github.com/ammen99/wf-recorder
# - notification daemon: https://archlinux.org/packages/?name=notification-daemon
# - wl-clipboard: https://github.com/bugaevc/wl-clipboard
# - gifski: https://github.com/sindresorhus/Gifski
#
# Some of this is hacky because I can't get wf-recorder to nicely output GIFs by itself :(
mk-video() {
local program_name="Screen Capture"
local pid_file="/tmp/mk-gif-pid"
local output_type="${1:-mp4}"
if [[ -f "${pid_file}" ]]; then
notify-send "Saving ${program_name}" "This May Take a Minute" -a "${program_name}"
if ! kill -SIGINT "$(cat "${pid_file}")" 2>/dev/null; then
notify-send "Failed ${program_name}" "Failed to Save Screen Capture" -u "critical" -a "${program_name}"
rm -rf "${pid_file}"
exit 1
fi
inotifywait -e delete_self "${pid_file}" &&
notify-send "Saved ${program_name}" "Successfully Saved Screen Capture to Clipboard" -a "${program_name}"
else
local input_tmpfile
notify-send "Starting ${program_name}" "Recording ${output_type^^} of Selected Region" -a "${program_name}"
(
local tmp_dir
tmp_dir="$(mktemp -d)"
cd "${tmp_dir}"
input_tmpfile="${tmp_dir}/$(mktemp wf-recorder.XXXXXXXXXXX).mp4"
wf-recorder -g "$(slurp)" -f "${input_tmpfile}" -- &
printf "%s" $! >"${pid_file}"
wait
if [[ "${output_type}" == "gif" ]]; then
local gifski_tmpoutput
gifski_tmpoutput="${tmp_dir}/$(mktemp gifski.XXXXXXXXXXX).gif"
gifski --output "${gifski_tmpoutput}" "${input_tmpfile}"
wl-copy --type image/gif <"${gifski_tmpoutput}"
else
wl-copy --type video/mp4 <"${input_tmpfile}"
fi
rm -f "${pid_file}"
)
fi
}
mk-video "${@}"

9
dots/.config/nvim/after/ftplugin/sh.lua
View File

@ -1,9 +0,0 @@
vim.opt_local.expandtab = false
vim.keymap.set("n", "<leader>fr", function()
vim.cmd.write()
require("toggleterm").exec("bash " .. vim.api.nvim_buf_get_name(0))
end, {
buffer = true,
desc = "Bash: Save and Run Current Buffer",
})

9
dots/.config/nvim/after/ftplugin/zsh.lua
View File

@ -1,9 +0,0 @@
vim.opt_local.expandtab = false
vim.keymap.set("n", "<leader>fr", function()
vim.cmd.write()
require("toggleterm").exec("zsh " .. vim.api.nvim_buf_get_name(0))
end, {
buffer = true,
desc = "ZSH: Save and Run Current Buffer",
})

8
dots/.config/nvim/lua/plugins/configs/bufdelete.lua
View File

@ -1,8 +0,0 @@
return {
{
"famiu/bufdelete.nvim",
keys = {
{ "<A-x>", "<cmd>Bdelete<cr>", desc = "Close Buffer" },
},
},
}

6
dots/.config/nvim/lua/plugins/configs/vindent.lua
View File

@ -1,6 +0,0 @@
return {
{
dir = "~/Git/Neovim/virt-indent.nvim",
ft = { "org", "markdown" },
},
}

BIN
dots/.config/nvim/spell/en.utf-8.add.spl
View File

Binary file not shown.

489
flake.lock
View File

@ -1,28 +1,10 @@
{ {
"nodes": { "nodes": {
"Fmt": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1,
"narHash": "sha256-CosKaGnikx3sv4FurslvRT3G0a2VxruhsFNmgZ9duYg=",
"path": "pkgs/Fmt",
"type": "path"
},
"original": {
"path": "pkgs/Fmt",
"type": "path"
}
},
"agenix": { "agenix": {
"inputs": { "inputs": {
"agenix": "agenix_2", "agenix": "agenix_2",
"crane": "crane", "crane": "crane",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
@ -50,7 +32,7 @@
"agenix", "agenix",
"nixpkgs" "nixpkgs"
], ],
"systems": "systems_2" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1707830867, "lastModified": 1707830867,
@ -66,33 +48,35 @@
"type": "github" "type": "github"
} }
}, },
"bob": { "blog": {
"inputs": { "inputs": {
"bob": "bob_2", "flake-utils": "flake-utils_2",
"flake-utils": "flake-utils_3",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1, "lastModified": 1714589296,
"narHash": "sha256-nZhwbnG+F9bPZXXk2+loWmkbpDZT3r6Vum+egDmigxg=", "narHash": "sha256-D/+cMCmS9BdMNNtn7E0J1UDl/5Y2+lHIUjAcCczVYek=",
"path": "./pkgs/bob-nvim", "ref": "refs/heads/Development",
"type": "path" "rev": "dd4ae987ef50a7ef2450cb951b23763817950209",
"revCount": 87,
"type": "git",
"url": "https://git.orion-technologies.io/blog/blog"
}, },
"original": { "original": {
"path": "./pkgs/bob-nvim", "type": "git",
"type": "path" "url": "https://git.orion-technologies.io/blog/blog"
} }
}, },
"bob_2": { "bob": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1706612487, "lastModified": 1713374776,
"narHash": "sha256-OTmsb1tnautQTdO/oeqbwd5MmyHbG946/kPCGSluIrM=", "narHash": "sha256-jVRxvhUENyucRHN4TGV9xsWOs7mfPJCV90Lk/hD1xFE=",
"owner": "MordechaiHadad", "owner": "MordechaiHadad",
"repo": "bob", "repo": "bob",
"rev": "e521723d2c084f4b610c27d79f870f83e964fe95", "rev": "e65ef1bfbcb846b12cc639a25f193c2ea9c72b12",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -145,6 +129,46 @@
"type": "github" "type": "github"
} }
}, },
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs",
"utils": "utils"
},
"locked": {
"lastModified": 1711973905,
"narHash": "sha256-UFKME/N1pbUtn+2Aqnk+agUt8CekbpuqwzljivfIme8=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "88b3059b020da69cbe16526b8d639bd5e0b51c8b",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1714612856,
"narHash": "sha256-W7+rtMzRmdovzndN2NYUv5xzkbMudtQ3jbyFuGk0O1E=",
"owner": "nix-community",
"repo": "disko",
"rev": "d57058eb09dd5ec00c746df34fe0a603ea744370",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -177,6 +201,38 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
@ -185,11 +241,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1712014858, "lastModified": 1714641030,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", "narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", "rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -207,11 +263,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1709336216, "lastModified": 1712014858,
"narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=", "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2", "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -219,9 +275,48 @@
"type": "indirect" "type": "indirect"
} }
}, },
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": [
"nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1712014858,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems_2"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1710146030,
@ -237,43 +332,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": { "flake-utils_3": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"inputs": { "inputs": {
"systems": "systems_5" "systems": "systems_5"
}, },
@ -291,28 +350,10 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_5": { "flake-utils_4": {
"inputs": { "inputs": {
"systems": "systems_6" "systems": "systems_6"
}, },
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_6": {
"inputs": {
"systems": "systems_7"
},
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
@ -327,7 +368,22 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_7": { "flake-utils_5": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_6": {
"locked": { "locked": {
"lastModified": 1659877975, "lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
@ -342,9 +398,9 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_8": { "flake-utils_7": {
"inputs": { "inputs": {
"systems": "systems_8" "systems": "systems_7"
}, },
"locked": { "locked": {
"lastModified": 1705309234, "lastModified": 1705309234,
@ -403,11 +459,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1713722610, "lastModified": 1713898448,
"narHash": "sha256-kcZsbH1PQTG+sS22u/igLq2SaBEHJgmU5hoKzrT2ukI=", "narHash": "sha256-6q6ojsp/Z9P2goqnxyfCSzFOD92T3Uobmj8oVAicUOs=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "hercules-ci-effects", "repo": "hercules-ci-effects",
"rev": "4615d28841e93f6f549fde9188caf493b3822668", "rev": "c0302ec12d569532a6b6bd218f698bc402e93adc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -445,11 +501,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1713818326, "lastModified": 1714679908,
"narHash": "sha256-aw3xbVPJauLk/bbrlakIYxKpeuMWzA2feGrkIpIuXd8=", "narHash": "sha256-KzcXzDvDJjX34en8f3Zimm396x6idbt+cu4tWDVS2FI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "67de98ae6eed5ad6f91b1142356d71a87ba97f21", "rev": "9036fe9ef8e15a819fa76f47a8b1f287903fb848",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -458,38 +514,34 @@
"type": "github" "type": "github"
} }
}, },
"kanagawa-gtk": { "impermanence": {
"inputs": {
"flake-utils": "flake-utils_5",
"kanagawa-gtk": "kanagawa-gtk_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1, "lastModified": 1708968331,
"narHash": "sha256-ixRgLAGzQ7RcYRcyuOmY0mFgRw5ey+U39ccPg1izDXQ=", "narHash": "sha256-VUXLaPusCBvwM3zhGbRIJVeYluh2uWuqtj4WirQ1L9Y=",
"path": "./pkgs/kanagawa-gtk", "owner": "nix-community",
"type": "path" "repo": "impermanence",
"rev": "a33ef102a02ce77d3e39c25197664b7a636f9c30",
"type": "github"
}, },
"original": { "original": {
"path": "./pkgs/kanagawa-gtk", "owner": "nix-community",
"type": "path" "repo": "impermanence",
"type": "github"
} }
}, },
"kanagawa-gtk_2": { "libgit2": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1688426096, "lastModified": 1697646580,
"narHash": "sha256-BZRmjVas8q6zsYbXFk4bCk5Ec/3liy9PQ8fqFGHAXe0=", "narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=",
"owner": "Fausto-Korpsvart", "owner": "libgit2",
"repo": "Kanagawa-GKT-Theme", "repo": "libgit2",
"rev": "35936a1e3bbd329339991b29725fc1f67f192c1e", "rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "Fausto-Korpsvart", "owner": "libgit2",
"repo": "Kanagawa-GKT-Theme", "repo": "libgit2",
"type": "github" "type": "github"
} }
}, },
@ -512,7 +564,7 @@
}, },
"neovim-flake": { "neovim-flake": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_6", "flake-utils": "flake-utils_4",
"nixpkgs": [ "nixpkgs": [
"neovim-nightly-overlay", "neovim-nightly-overlay",
"nixpkgs" "nixpkgs"
@ -520,11 +572,11 @@
}, },
"locked": { "locked": {
"dir": "contrib", "dir": "contrib",
"lastModified": 1713809929, "lastModified": 1714683427,
"narHash": "sha256-0GB//RpezlOsI9+1/oT8PkEIO8I4DGfAfw3KotTSnzQ=", "narHash": "sha256-SMfFU+VsRTZLVIkGpf67oOTZ29gWmFvxF0nGO6CRx/4=",
"owner": "neovim", "owner": "neovim",
"repo": "neovim", "repo": "neovim",
"rev": "39fc340276a4fdbe1f1bb4bfbe7328267ad7f9d6", "rev": "01e4a70d668d54a7cefa3ff53ec97e39df516265",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -536,18 +588,18 @@
}, },
"neovim-nightly-overlay": { "neovim-nightly-overlay": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat_2",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"hercules-ci-effects": "hercules-ci-effects", "hercules-ci-effects": "hercules-ci-effects",
"neovim-flake": "neovim-flake", "neovim-flake": "neovim-flake",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1713830781, "lastModified": 1714694802,
"narHash": "sha256-Xizkp8EgHpLlUZOhN4PpwRlMaL0xcVxdQORS4eGaKmg=", "narHash": "sha256-b0+Zrd2PDgRIEeeXbivzw3kcSaXCZItOvgOgdfRsyOo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "neovim-nightly-overlay", "repo": "neovim-nightly-overlay",
"rev": "7b0a51e51c4c116e540ed01e668d17023900b518", "rev": "9b2c33c7fa0287db93868d955e7b3d0da3837a57",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -556,10 +608,33 @@
"type": "github" "type": "github"
} }
}, },
"nix": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-parts": "flake-parts_3",
"libgit2": "libgit2",
"nixpkgs": "nixpkgs_3",
"nixpkgs-regression": "nixpkgs-regression",
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1714701944,
"narHash": "sha256-trTxWfGElp0rkjquqG5I5RYVoxo8foCflxJFUtHwnOQ=",
"owner": "nixos",
"repo": "nix",
"rev": "00ca2b05b8fbbef09be5d1e4820857605d4c31b6",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nix",
"type": "github"
}
},
"nixgl": { "nixgl": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_7", "flake-utils": "flake-utils_6",
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_4"
}, },
"locked": { "locked": {
"lastModified": 1713543440, "lastModified": 1713543440,
@ -577,11 +652,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1713714268, "lastModified": 1702272962,
"narHash": "sha256-ZJGnom7YthvNxUZLdUzy5VePTwYgDYcnnPpyHT4n9lY=", "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "69ee1d82f1fa4c70a3dc9a64111e7eef3b8e4527", "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -591,7 +666,55 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-regression": {
"locked": {
"lastModified": 1643052045,
"narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
}
},
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1714594348,
"narHash": "sha256-fL6twwN/npU94mvumU5ho/uhM/fwePCRQ9lwamm2lds=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1c74cc292b61614e74c1cf0d372f79d57fb4936b",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1709083642,
"narHash": "sha256-7kkJQd4rZ+vFrzWu8sTRtta5D1kBG0LSRYAfhtmMlSo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b550fe4b4776908ac2a861124307045f8e717c8e",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1660551188, "lastModified": 1660551188,
"narHash": "sha256-a1LARMMYQ8DPx1BgoI/UN4bXe12hhZkCNqdxNi6uS0g=", "narHash": "sha256-a1LARMMYQ8DPx1BgoI/UN4bXe12hhZkCNqdxNi6uS0g=",
@ -606,13 +729,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1713714899, "lastModified": 1714635257,
"narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=", "narHash": "sha256-4cPymbty65RvF1DWQfc+Bc8B233A1BWxJnNULJKQ1EY=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6143fc5eeb9c4f00163267708e26191d1e918932", "rev": "63c3a29ca82437c87573e4c6919b09a24ea61b0f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -622,17 +745,52 @@
"type": "github" "type": "github"
} }
}, },
"pre-commit-hooks": {
"inputs": {
"flake-compat": [
"nix"
],
"flake-utils": "flake-utils_5",
"gitignore": [
"nix"
],
"nixpkgs": [
"nix",
"nixpkgs"
],
"nixpkgs-stable": [
"nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1712897695,
"narHash": "sha256-nMirxrGteNAl9sWiOhoN5tIHyjBbVi5e2tgZUgZlK3Y=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "40e6053ecb65fcbf12863338a6dcefb3f55f1bf8",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"Fmt": "Fmt",
"agenix": "agenix", "agenix": "agenix",
"blog": "blog",
"bob": "bob", "bob": "bob",
"flake-utils": "flake-utils_4", "deploy-rs": "deploy-rs",
"disko": "disko",
"flake-utils": "flake-utils_3",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"kanagawa-gtk": "kanagawa-gtk", "impermanence": "impermanence",
"neovim-nightly-overlay": "neovim-nightly-overlay", "neovim-nightly-overlay": "neovim-nightly-overlay",
"nix": "nix",
"nixgl": "nixgl", "nixgl": "nixgl",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_5",
"waybar": "waybar", "waybar": "waybar",
"wezterm": "wezterm" "wezterm": "wezterm"
} }
@ -792,34 +950,37 @@
"type": "github" "type": "github"
} }
}, },
"systems_8": { "utils": {
"inputs": {
"systems": "systems_4"
},
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1701680307,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "nix-systems", "owner": "numtide",
"repo": "default", "repo": "flake-utils",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-systems", "owner": "numtide",
"repo": "default", "repo": "flake-utils",
"type": "github" "type": "github"
} }
}, },
"waybar": { "waybar": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_4",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1713882185, "lastModified": 1714718861,
"narHash": "sha256-fmmYoOnBVJKvnrF3S95pftmBECaufhe40g5Qcdz9A08=", "narHash": "sha256-mCQdrn0Y3oOVZP/CileWAhuBX6aARBNrfxyqJBB4NxA=",
"owner": "Alexays", "owner": "Alexays",
"repo": "Waybar", "repo": "Waybar",
"rev": "08b0ed1b79462735cc040ba886136494e70867b2", "rev": "231d6972d7a023e9358ab7deda509baac49006cb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -830,7 +991,7 @@
}, },
"wezterm": { "wezterm": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_8", "flake-utils": "flake-utils_7",
"freetype2": "freetype2", "freetype2": "freetype2",
"harfbuzz": "harfbuzz", "harfbuzz": "harfbuzz",
"libpng": "libpng", "libpng": "libpng",
@ -842,11 +1003,11 @@
}, },
"locked": { "locked": {
"dir": "nix", "dir": "nix",
"lastModified": 1712365750, "lastModified": 1714411698,
"narHash": "sha256-yaGmflPbC9V4gsLt2lvL4qaSojF29IpPmVKAxm/nCRg=", "narHash": "sha256-dut0b9FueToW3WGh3mPh+wfV88ZjTx+r8be3w9HZhAU=",
"owner": "wez", "owner": "wez",
"repo": "wezterm", "repo": "wezterm",
"rev": "cce0706b1f2a9e2d1f02c57f2d1cd367c91df1ae", "rev": "0184e88e97b6521df613df4ccdb2e896ce8b0ad0",
"type": "github" "type": "github"
}, },
"original": { "original": {

315
flake.nix
View File

@ -2,19 +2,13 @@
description = "Price Hiller's home manager configuration"; description = "Price Hiller's home manager configuration";
inputs = { inputs = {
nix.url = "github:nixos/nix";
deploy-rs.url = "github:serokell/deploy-rs";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
kanagawa-gtk = {
url = "path:./pkgs/kanagawa-gtk";
inputs.nixpkgs.follows = "nixpkgs";
};
bob = { bob = {
url = "path:./pkgs/bob-nvim"; flake = false;
inputs.nixpkgs.follows = "nixpkgs"; url = "github:MordechaiHadad/bob";
};
Fmt = {
url = "path:pkgs/Fmt";
inputs.nixpkgs.follows = "nixpkgs";
}; };
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
@ -34,96 +28,249 @@
url = "github:yaxitech/ragenix"; url = "github:yaxitech/ragenix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
impermanence = {
url = "github:nix-community/impermanence";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
blog = {
url = "git+https://git.orion-technologies.io/blog/blog";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = outputs =
inputs@{ inputs@{ self, nixpkgs, ... }:
self,
home-manager,
nixpkgs,
...
}:
let let
system = "x86_64-linux"; inherit (self) outputs;
username = "sam"; forAllSystems =
pkgs = nixpkgs.legacyPackages.${system}; function:
nixpkgs.lib.genAttrs
[
"aarch64-linux"
"i686-linux"
"x86_64-linux"
"aarch64-darwin"
"x86_64-darwin"
]
(
system:
function (
import nixpkgs {
inherit system;
overlays = [
inputs.agenix.overlays.default
inputs.neovim-nightly-overlay.overlay
];
}
)
);
mkHomeCfg =
user: home-config:
let
username = "${builtins.head (builtins.match "(.+)(@.+)?" user)}";
in
inputs.home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = {
inherit inputs;
};
modules = [
({
imports = [ inputs.agenix.homeManagerModules.default ];
nixpkgs.overlays = [
inputs.neovim-nightly-overlay.overlay
inputs.nixgl.overlay
self.overlays.modifications
self.overlays.additions
];
home = {
stateVersion = "24.05";
username = "${username}";
homeDirectory = "/home/${username}";
};
})
home-config
];
};
in in
{ {
packages.x86_64-linux.default = home-manager.defaultPackage.x86_64-linux; formatter = forAllSystems (pkgs: pkgs.nixfmt-rfc-style);
checks.${system} = { packages = forAllSystems (pkgs: import ./pkgs pkgs);
formatting = homeConfigurations = builtins.mapAttrs (mkHomeCfg) {
pkgs.runCommand "check-dot-file-formatting" "price@orion" = ./users/price/home.nix;
{ "sam" = ./users/sam/home.nix;
buildInputs = with pkgs; [
findutils
inputs.Fmt.packages.x86_64-linux.default
];
}
''
set -euo pipefail
cd ${self}
Fmt -- $(find . -type f)
printf "TEST COMPLETED!\n" > $out
'';
}; };
homeConfigurations.${username} = home-manager.lib.homeManagerConfiguration { overlays = import ./overlays { inherit inputs; };
inherit pkgs; devShells = forAllSystems (pkgs: {
extraSpecialArgs = { default = pkgs.mkShell {
inherit inputs;
inherit self;
};
modules = [
({
imports = [ inputs.agenix.homeManagerModules.default ];
nixpkgs.overlays = [
inputs.neovim-nightly-overlay.overlay
inputs.bob.overlays.default
inputs.Fmt.overlays.default
inputs.kanagawa-gtk.overlays.default
inputs.nixgl.overlay
(final: prev: {
waybar = inputs.waybar.packages.${system}.default;
lxappearance = prev.lxappearance.overrideAttrs (oldAttrs: {
postInstall = ''
wrapProgram $out/bin/lxappearance --prefix GDK_BACKEND : x11
'';
});
opensnitch-ui = prev.opensnitch-ui.overrideAttrs (oldAttrs: {
propagatedBuildInputs = oldAttrs.propagatedBuildInputs ++ [ prev.python311Packages.qt-material ];
});
})
];
home = {
username = "${username}";
homeDirectory = "/home/${username}";
stateVersion = "24.05";
};
})
./config
];
};
}
// inputs.flake-utils.lib.eachDefaultSystem (
system:
let
pkgs = import nixpkgs {
inherit system;
overlays = [ inputs.agenix.overlays.default ];
};
in
{
devShells.default = pkgs.mkShell {
packages = with pkgs; [ packages = with pkgs; [
age age
age-plugin-yubikey age-plugin-yubikey
pkgs.agenix pkgs.agenix
nixos-rebuild nixos-rebuild
nixos-install-tools
pkgs.deploy-rs pkgs.deploy-rs
]; ];
shellHook = '' shellHook = ''
export RULES="$PWD/secrets/secrets.nix" export RULES="$PWD/secrets/secrets.nix"
''; '';
}; };
} });
); apps = forAllSystems (pkgs: {
home-manager-init = {
type = "app";
program = "${
pkgs.writeShellApplication {
name = "home-manager-init";
runtimeInputs = with pkgs; [
git
nix
];
text = ''
#!${pkgs.bash}/bin/bash
cd "$(git rev-parse --show-toplevel)"
nix run --extra-experimental-features 'nix-command flakes' github:nix-community/home-manager -- switch --extra-experimental-features 'nix-command flakes' --flake "git+file://$(pwd)?submodules=1" "$@"
'';
}
}/bin/home-manager-init";
};
install-host = {
type = "app";
program = "${
pkgs.writeShellApplication {
name = "install-host";
runtimeInputs = with pkgs; [
openssh
coreutils-full
git
agenix
nix
];
text = (
''
#!${pkgs.bash}/bin/bash
# The below `cd` invocation ensures the installer is running from the toplevel of
# the flake and thus has correct paths available.
cd "$(git rev-parse --show-toplevel)"
''
+ builtins.readFile ./scripts/install-host.bash
);
}
}/bin/install-host";
};
});
nixosConfigurations =
let
lib = (import ./lib { lib = nixpkgs.lib; }) // nixpkgs.lib;
persist-dir = "/persist";
defaults = {
config = {
nixpkgs.overlays = [ inputs.neovim-nightly-overlay.overlay ];
environment.etc.machine-id.source = "${persist-dir}/ephemeral/etc/machine-id";
environment.persistence.save = {
hideMounts = true;
persistentStoragePath = "${persist-dir}/save";
};
environment.persistence.ephemeral = {
persistentStoragePath = "${persist-dir}/ephemeral";
hideMounts = true;
directories = [
"/var/lib"
"/etc/nixos"
];
};
};
};
in
{
orion =
let
hostname = "orion";
in
nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit self;
inherit inputs;
inherit outputs;
inherit hostname;
inherit lib;
inherit persist-dir;
root-disk = "/dev/vda";
};
modules = [
defaults
inputs.impermanence.nixosModules.impermanence
inputs.agenix.nixosModules.default
inputs.disko.nixosModules.disko
{
config =
(import "${self}/secrets" {
agenix = false;
inherit lib;
}).${hostname};
}
./hosts/${hostname}
];
};
luna =
let
hostname = "luna";
in
nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit self;
inherit inputs;
inherit hostname;
inherit nixpkgs;
inherit lib;
inherit persist-dir;
root-disk = "/dev/nvme0n1";
fqdn = "orion-technologies.io";
};
modules = [
defaults
inputs.impermanence.nixosModules.impermanence
inputs.agenix.nixosModules.default
inputs.disko.nixosModules.disko
{
config =
(import "${self}/secrets" {
agenix = false;
inherit lib;
}).${hostname};
}
./hosts/${hostname}
];
};
};
deploy.nodes =
let
deploy-rs = inputs.deploy-rs;
in
{
orion = {
hostname = "orion";
fastConnection = true;
profiles.system = {
sshUser = "price";
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos outputs.nixosConfigurations.orion;
};
};
luna = {
hostname = "luna.hosts.orion-technologies.io";
fastConnection = true;
profiles.system = {
sshUser = "price";
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos outputs.nixosConfigurations.luna;
};
};
};
};
} }

26
hosts/.editorconfig Normal file
View File

@ -0,0 +1,26 @@
root = true
[*]
end_of_line = lf
insert_final_newline = false
trim_trailing_whitespace = true
charset = utf-8
max_line_length = 100
indent_style = space
# We don't want to mess with encrypted files if they exist in the repo
[*.age]
indent_style = unset
indent_size = unset
tab_width = unset
end_of_line = unset
charset = unset
trim_trailing_whitespace = unset
insert_final_newline = unset
max_line_length = unset
[{*.bash,.envrc}]
indent_style = tab
[*.nix]
indent_size = 2

3
hosts/luna/README.md Normal file
View File

@ -0,0 +1,3 @@
# Luna
This is my primary server.

10
hosts/luna/default.nix Normal file
View File

@ -0,0 +1,10 @@
{ lib, ... }:
{
imports = (
lib.recurseFilesInDirs [
./os
./modules
] ".nix"
);
system.stateVersion = "24.05";
}

8
hosts/luna/modules/default.nix Normal file
View File

@ -0,0 +1,8 @@
{ ... }:
{
time.timeZone = "America/Chicago";
systemd.extraConfig = ''
DefaultTimeoutStopSec=10s
'';
}

21
hosts/luna/modules/docker/default.nix Normal file
View File

@ -0,0 +1,21 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
docker
docker-compose
];
virtualisation = {
oci-containers.backend = "docker";
containers.enable = true;
docker = {
enable = true;
rootless = {
enable = true;
setSocketVariable = true;
};
autoPrune.enable = true;
package = pkgs.docker;
};
};
}

156
hosts/luna/modules/monitoring/auditd.nix Normal file
View File

@ -0,0 +1,156 @@
{
persist-dir,
pkgs,
config,
...
}:
let
laurel-user = "_laurel";
in
{
security = {
audit.enable = true;
wrappers.laurel = {
source = "${pkgs.laurel}/bin/laurel";
owner = "root";
group = "${laurel-user}";
permissions = "u=rwx,g=rx,o=";
};
auditd.enable = true;
};
# Ensure the wrapped laurel service is available in time for auditd
systemd.services.suid-sgid-wrappers.before = [ "auditd.service" ];
users.groups."${laurel-user}" = { };
users.users."${laurel-user}" = {
isSystemUser = true;
createHome = true;
group = "${laurel-user}";
home = "/var/log/laurel";
};
environment.etc = {
"laurel/config.toml" = {
user = "${laurel-user}";
text = ''
# Write log files relative to this directory
directory = "${config.users.users."${laurel-user}".home}"
# Drop privileges from root to this user
user = "${laurel-user}"
# The periodical time window in seconds for status information to be printed to Syslog.
# Status report includes the running version, config and parsing stats.
# Default is 0 --> no status reports.
statusreport-period = 0
# By default, audit events are read from stdin ("stdin"). Alternatively, they
# can be consumed from an existing UNIX domain socket ("unix:/path/to/socket")
input = "stdin"
# A string that is written to the log on startup and
# whenever Laurel writes a status report.
# marker = "correct-horse-battery-staple"
[auditlog]
# Base file name for the JSONL-based log file. Set to "-" to log to stdout. In this case
# other log file related settings will be ignored.
file = "audit.log"
# Rotate when log file reaches this size (in bytes)
size = 5000000
# When rotating, keep this number of generations around
generations = 10
# Grant read permissions on the log files to these users, using
[transform]
# "array" (the default) causes EXECVE a0, a1, a2 … arguments to be
# output as a list of strings, "ARGV". This is the default, it allows
# analysts to reliably reproduce what was executed.
#
# "string" causes arguments to be concatenated into a single string,
# separated by space characters, "ARGV_STR". This form allows for
# easier grepping, but it is impossible to tell if space characters in
# the resulting string are a separator or were part of an individual
# argument in the original command line.
execve-argv = [ "array" ]
# execve-argv = [ "array", "string" ]
# Trim excessively long EXECVE.ARGV and EXECVE.ARGV_STR entries.
# Excess is cut from the middle of the argument list and a marker
# indicating how many arguments / bytes have been cut is inserted.
# execve-argv-limit-bytes = 10000
[translate]
# Perform translations of numeric values that can also be done by
# auditd if configured with log_format=ENRICHED.
# arch, syscall, sockaddr structures
universal = false
# UID, GID values
user-db = false
# Drop raw (numeric) syscall, arch, UID, GID values if they are translated
drop-raw = false
[enrich]
# Add context (event-id, comm, exe, ppid) for *pid entries
pid = true
# List of environment variables to log for every EXECVE event
execve-env = [ "LD_PRELOAD", "LD_LIBRARY_PATH" ]
# Add container context to SYSCALL-based events
container = true
# Add script context to SYSCALL execve events
script = true
# Add groups that the user (uid) is a member of. Default: true
user-groups = true
[label-process]
[filter]
filter-null-keys = false
filter-action = "drop"
'';
};
"audit/plugins.d/laurel.conf".text = ''
active = yes
direction = out
type = always
path = ${config.security.wrapperDir}/laurel
format = string
args = --config /etc/laurel/config.toml
'';
};
security.audit.rules = [
# Program Executions
"-a exit,always -F arch=b64 -S execve -F key=progexec"
# Home path access/modification
"-a always,exit -F arch=b64 -F dir=/home -F perm=war -F key=homeaccess"
# Kexec usage
"-a always,exit -F arch=b64 -S kexec_load -F key=KEXEC"
# Root directory access/modification
"-a always,exit -F arch=b64 -F dir=/root -F key=roothomeaccess -F perm=war"
# Failed Modifications of critcal paths
"-a always,exit -F arch=b64 -S open -F dir=/etc -F success=0 -F key=unauthedfileaccess"
"-a always,exit -F arch=b64 -S open -F dir=/bin -F success=0 -F key=unauthedfileaccess"
"-a always,exit -F arch=b64 -S open -F dir=/var -F success=0 -F key=unauthedfileaccess"
"-a always,exit -F arch=b64 -S open -F dir=/home -F success=0 -F key=unauthedfileaccess"
"-a always,exit -F arch=b64 -S open -F dir=/srv -F success=0 -F key=unauthedfileaccess"
"-a always,exit -F arch=b64 -S open -F dir=/opt -F success=0 -F key=unauthedfileaccess"
"-a always,exit -F arch=b64 -S open -F dir=/boot -F success=0 -F key=unauthedfileaccess"
"-a always,exit -F arch=b64 -S open -F dir=/nix -F success=0 -F key=unauthedfileaccess"
"-a always,exit -F arch=b64 -S open -F dir=${persist-dir} -F success=0 -F key=unauthedfileaccess"
# File deletion events by users
"-a always,exit -F arch=b64 -S rmdir -S unlink -S unlinkat -S rename -S renameat -F auid>=1000 -F auid!=-1 -F key=delete"
# Root command executions
"-a always,exit -F arch=b64 -F euid=0 -F auid>=1000 -F auid!=-1 -S execve -F key=rootcmd"
];
}

31
hosts/luna/modules/monitoring/grafana.nix Normal file
View File

@ -0,0 +1,31 @@
{
config,
pkgs,
fqdn,
...
}:
let
grafana_host = "grafana.${fqdn}";
in
{
services = {
grafana = {
enable = true;
settings.server = {
domain = "${grafana_host}";
http_addr = "127.0.0.1";
http_port = 2342;
};
};
nginx.virtualHosts."${grafana_host}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://${config.services.grafana.settings.server.http_addr}:${builtins.toString config.services.grafana.settings.server.http_port}";
proxyWebsockets = true;
recommendedProxySettings = true;
};
};
};
}

97
hosts/luna/modules/monitoring/prometheus.nix Normal file
View File

@ -0,0 +1,97 @@
{
config,
fqdn,
pkgs,
...
}:
let
prometheus_host = "prometheus.${fqdn}";
in
{
services = {
prometheus = {
enable = true;
port = 9000;
scrapeConfigs = [
{
job_name = "node-exporter";
static_configs = [
{ targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ]; }
];
}
];
exporters = {
node = {
enable = true;
port = 9001;
enabledCollectors = [
"arp"
"bcache"
"btrfs"
"bonding"
"cpu"
"cpufreq"
"diskstats"
"edac"
"entropy"
"fibrechannel"
"filefd"
"filesystem"
"hwmon"
"ipvs"
"loadavg"
"meminfo"
"mdadm"
"netclass"
"netdev"
"netstat"
"nfs"
"nfsd"
"nvme"
"os"
"powersupplyclass"
"pressure"
"rapl"
"schedstat"
"sockstat"
"softnet"
"stat"
"thermal_zone"
"time"
"udp_queues"
"uname"
"vmstat"
"systemd"
];
};
};
};
nginx = {
additionalModules = [ pkgs.nginxModules.pam ];
virtualHosts."${prometheus_host}" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
auth_pam "Password Required";
auth_pam_service_name "nginx";
'';
locations."/" = {
proxyPass = "http://${config.services.prometheus.listenAddress}:${builtins.toString config.services.prometheus.port}";
};
};
};
};
security.pam.services.nginx.setEnvironment = false;
systemd.services.nginx.serviceConfig = {
SupplementaryGroups = [ "shadow" ];
};
environment.persistence.save.directories = [
{
directory = "/var/lib/${config.services.prometheus.stateDir}";
user = "prometheus";
group = "prometheus";
}
];
}

105
hosts/luna/modules/networking.nix Executable file
View File

@ -0,0 +1,105 @@
{ hostname, ... }:
let
networks_dhcp_use_dns = "no";
networks_dhcp = "ipv4";
networks_multicast_dns = "no";
networks_ipv6_privacy = "yes";
networks_ipv6_accept_ra = "yes";
networks_network_config = {
DHCP = networks_dhcp;
MulticastDNS = networks_multicast_dns;
IPv6PrivacyExtensions = networks_ipv6_privacy;
IPv6AcceptRA = networks_ipv6_accept_ra;
};
resolved_nameservers = [
"1.1.1.1#cloudflare-dns.com"
"9.9.9.9#dns.quad9.net"
"8.8.8.8#dns.google"
"2606:4700:4700::1111#cloudflare-dns.com"
"2620:fe::9#dns.quad9.net"
"2001:4860:4860::8888#dns.google"
];
resolved_fallback_nameservers = [
"1.1.1.1#one.one.one.one"
"1.0.0.1#one.one.one.one"
];
in
{
systemd.network = {
enable = true;
# HACK: Disable wait-online, check in on https://github.com/NixOS/nixpkgs/pull/258680 &
# https://github.com/NixOS/nixpkgs/issues/247608
wait-online.enable = false;
networks = {
"10-wlan" = {
matchConfig.Name = [ "wl*" ];
networkConfig = networks_network_config;
dhcpV4Config = {
RouteMetric = 600;
UseDNS = networks_dhcp_use_dns;
};
ipv6AcceptRAConfig = {
RouteMetric = 600;
UseDNS = networks_dhcp_use_dns;
};
};
"10-ethernet" = {
matchConfig.Name = [
"en*"
"eth*"
];
networkConfig = networks_network_config;
dhcpV4Config = {
RouteMetric = 100;
UseDNS = networks_dhcp_use_dns;
};
ipv6AcceptRAConfig = {
RouteMetric = 100;
UseDNS = networks_dhcp_use_dns;
};
};
"10-wwan" = {
matchConfig.Name = [ "ww*" ];
networkConfig = networks_network_config;
dhcpV4Config = {
RouteMetric = 700;
UseDNS = networks_dhcp_use_dns;
};
ipv6AcceptRAConfig = {
RouteMetric = 700;
UseDNS = networks_dhcp_use_dns;
};
};
};
};
services.resolved = {
enable = true;
dnssec = "allow-downgrade";
domains = [ "~." ];
fallbackDns = resolved_fallback_nameservers;
llmnr = "resolve";
extraConfig = ''
MulticastDNS=yes
DNSOverTLS=yes
CacheFromLocalhost=no
Cache=yes
'';
};
networking = {
useNetworkd = true;
enableIPv6 = true;
nameservers = resolved_nameservers;
nftables.enable = true;
firewall = {
enable = true;
allowedTCPPorts = [
80
443
2200
];
};
hostName = "${hostname}";
};
}

17
hosts/luna/modules/nix.nix Executable file
View File

@ -0,0 +1,17 @@
{ pkgs, ... }:
{
nix = {
settings = {
experimental-features = [
"nix-command"
"flakes"
];
auto-optimise-store = true;
trusted-users = [ "@wheel" ];
};
gc = {
automatic = true;
dates = "daily";
};
};
}

22
hosts/luna/modules/programs.nix Executable file
View File

@ -0,0 +1,22 @@
{ pkgs, ... }:
{
nixpkgs.config.allowUnfree = true;
programs = {
neovim = {
enable = true;
defaultEditor = true;
};
};
environment.systemPackages = with pkgs; [
vim
coreutils-full
nano
curl
wget
git
jq
rsync
];
}

7
hosts/luna/modules/services/fail2ban.nix Normal file
View File

@ -0,0 +1,7 @@
{ ... }:
{
services.fail2ban = {
enable = true;
maxretry = 10;
};
}

149
hosts/luna/modules/services/gitea.nix Normal file
View File

@ -0,0 +1,149 @@
{
config,
fqdn,
inputs,
pkgs,
...
}:
let
gitea_host = "git.${fqdn}";
# TODO: Move this docker image out to a separate package and NixOS Module
# Huge thank you to https://icewind.nl/entry/gitea-actions-nix/ -- wouldn't have figured this out
# without that post 🙂
base = import (inputs.nix + "/docker.nix") {
inherit pkgs;
name = "nix-ci-base";
maxLayers = 10;
extraPkgs = with pkgs; [
nodejs_20
bash
];
nixConf = {
substituters = [
"https://cache.nixos.org/"
"https://nix-community.cachix.org"
# insert any other binary caches here
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
# insert the public keys for those binary caches here
];
# allow using the new flake commands in our workflows
experimental-features = [
"nix-command"
"flakes"
];
};
};
runner = pkgs.dockerTools.buildImage {
name = "nix-runner";
tag = "latest";
fromImage = base;
fromImageName = null;
fromImageTag = "latest";
copyToRoot = pkgs.buildEnv {
name = "image-root";
paths = [ pkgs.coreutils-full ];
pathsToLink = [ "/bin" ]; # add coreutuls (which includes sleep) to /bin
};
};
in
{
virtualisation.oci-containers.containers = {
"nix-runner" = {
image = "nix-runner:latest";
imageFile = runner;
autoStart = false;
};
};
age.secrets.gitea-db-pass = {
owner = config.services.gitea.user;
group = config.services.gitea.group;
};
services = {
postgresql = {
enable = true;
ensureDatabases = [ config.services.gitea.user ];
ensureUsers = [
{
name = config.services.gitea.database.user;
ensureClauses = {
login = true;
createdb = true;
};
ensureDBOwnership = true;
}
];
};
gitea = {
appName = "Gitea";
enable = true;
dump.enable = true;
database = {
type = "postgres";
passwordFile = config.age.secrets.gitea-db-pass.path;
};
settings = {
service.DISABLE_REGISTRATION = true;
# Extend timeouts to 1 hour
"git.timeout" = {
DEFAULT = 3600;
MIGRATE = 3600;
MIRROR = 3600;
CLONE = 3600;
PULL = 3600;
GC = 3600;
};
markup.ENABLED = true;
mirror.DEFAULT_INTERVAL = "1h";
server = {
DOMAIN = "${gitea_host}";
HTTP_ADDR = "127.0.0.1";
ROOT_URL = "https://${gitea_host}/";
SSH_PORT = 2220;
START_SSH_SERVER = true;
DISABLE_QUERY_AUTH_TOKEN = true;
};
session.COOKIE_SECURE = true;
"repository.upload".FILE_MAX_SIZE = 1024;
};
};
gitea-actions-runner.instances = {
default = {
enable = true;
url = config.services.gitea.settings.server.ROOT_URL;
tokenFile = config.age.secrets.gitea-runner-token.path;
name = "Default";
settings = {
runner.capacity = 8;
};
labels = [
"default:docker://nix-runner:latest"
"alpine:docker://alpine:latest"
"debian:docker://debian:latest"
];
};
};
nginx.virtualHosts."${gitea_host}" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${config.services.gitea.settings.server.HTTP_ADDR}:${builtins.toString config.services.gitea.settings.server.HTTP_PORT}";
};
};
networking.firewall.allowedTCPPorts = [ config.services.gitea.settings.server.SSH_PORT ];
environment.persistence.save.directories = [
{
directory = config.services.gitea.stateDir;
user = config.services.gitea.user;
group = config.services.gitea.group;
}
];
}

8
hosts/luna/modules/services/journald.nix Normal file
View File

@ -0,0 +1,8 @@
{ ... }:
{
services.journald = {
extraConfig = ''
SystemMaxUse=100G
'';
};
}

27
hosts/luna/modules/services/nginx.nix Normal file
View File

@ -0,0 +1,27 @@
{
inputs,
pkgs,
fqdn,
...
}:
{
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedTlsSettings = true;
};
security.acme = {
acceptTerms = true;
defaults.email = "price@orion-technologies.io";
};
services.nginx.virtualHosts."blog.${fqdn}" = {
forceSSL = true;
enableACME = true;
root = inputs.blog.packages.${pkgs.system}.default;
locations."/".index = "home.html";
};
}

46
hosts/luna/modules/services/openssh.nix Normal file
View File

@ -0,0 +1,46 @@
{ config, ... }:
{
services.openssh = {
enable = true;
startWhenNeeded = true;
# We set the hostkeys manually so they persist through reboots
hostKeys = [
{
path = (
config.environment.persistence.ephemeral.persistentStoragePath + "/etc/ssh/ssh_host_ed25519_key"
);
type = "ed25519";
}
];
sftpFlags = [
"-f AUTHPRIV"
"-l INFO"
];
settings = {
PasswordAuthentication = false;
AuthenticationMethods = "publickey";
KbdInteractiveAuthentication = false;
PermitRootLogin = "no";
X11Forwarding = false;
AllowAgentForwarding = false;
AllowStreamLocalForwarding = false;
LogLevel = "VERBOSE";
AllowUsers = [ "price" ];
};
ports = [ 2200 ];
banner = ''
Orion Technologies - Security Notice
UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
You must have written, explicit, authorized
permission to access or configure this device.
Unauthorized attempts and actions to access or use
this system may result in civil and/or criminal
penalties. All activities performed on this device
are logged and monitored.
'';
};
}

46
hosts/luna/modules/services/postgresql.nix Normal file
View File

@ -0,0 +1,46 @@
{
config,
lib,
pkgs,
...
}:
{
services.postgresqlBackup = {
location = "/var/backup/postgresql";
backupAll = true;
};
services.postgresql = {
enable = true;
# Explicitly setting the data dir so upgrades (changing version from 15 -> 16) don't end up
# getting lost on system reboots
dataDir = "/var/lib/postgresql";
settings = {
log_connections = true;
log_disconnections = true;
logging_collector = true;
log_statement = "all";
log_destination = lib.mkForce "syslog,jsonlog";
};
ensureUsers = [
{
name = "root";
ensureClauses.superuser = true;
}
];
};
environment.systemPackages = [ pkgs.pgloader ];
environment.persistence.save.directories = [
{
directory = config.services.postgresql.dataDir;
user = "postgres";
group = "postgres";
}
{
directory = config.services.postgresqlBackup.location;
user = "postgres";
group = "postgres";
}
];
}

17
hosts/luna/modules/system.nix Normal file
View File

@ -0,0 +1,17 @@
{ self, ... }:
{
system = {
autoUpgrade = {
enable = true;
dates = "05:00";
allowReboot = true;
flake = self.outPath;
flags = [
"--update-input"
"nixpkgs"
"-L"
];
};
};
}

26
hosts/luna/modules/users.nix Executable file
View File

@ -0,0 +1,26 @@
{ pkgs, config, ... }:
{
security.sudo.wheelNeedsPassword = false;
users.mutableUsers = false;
users.users = {
root.hashedPasswordFile = config.age.secrets.users-root-pw.path;
price = {
isNormalUser = true;
extraGroups = [ "wheel" ];
shell = pkgs.bash;
hashedPasswordFile = config.age.secrets.users-price-pw.path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkWsSntg1ufF40cALcIBA7WZhiU/f0cncqq0pcp+DZY openpgp:0x15993C90"
];
};
};
environment.persistence.ephemeral.users = {
price = {
files = [ ".bash_history" ];
};
root = {
home = "/root";
files = [ ".bash_history" ];
};
};
}

81
hosts/luna/os/boot.nix Normal file
View File

@ -0,0 +1,81 @@
{ modulesPath, pkgs, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
tmp = {
useTmpfs = true;
cleanOnBoot = true;
};
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
kernelModules = [ "kvm-intel" ];
kernelParams = [ "audit=1" ];
extraModulePackages = [ ];
initrd = {
availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"uas"
"sd_mod"
];
kernelModules = [ ];
systemd = {
enable = true;
initrdBin = [
pkgs.libuuid
pkgs.gawk
];
services.rollback = {
description = "Rollback btrfs root subvolume";
wantedBy = [ "initrd.target" ];
before = [ "sysroot.mount" ];
after = [ "initrd-root-device.target" ];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
mkdir -p /mnt
DISK_LABEL="NixOS-Primary"
FOUND_DISK=0
ATTEMPTS=50
printf "Attempting to find disk with label '%s'\n" "$DISK_LABEL"
while ((ATTEMPTS > 0)); do
if findfs LABEL="$DISK_LABEL"; then
FOUND_DISK=1
printf "Found disk!\n"
break;
fi
((ATTEMPTS--))
sleep .1
printf "Remaining disk discovery attempts: %s\n" "$ATTEMPTS"
done
if (( FOUND_DISK == 0 )); then
printf "Discovery of disk with label '%s' failed! Cannot rollback!\n" "$DISK_LABEL"
exit 1
fi
mount -t btrfs -o subvol=/ $(findfs LABEL="$DISK_LABEL") /mnt
btrfs subvolume list -to /mnt/root \
| awk 'NR>2 { printf $4"\n" }' \
| while read subvol; do
printf "Removing Subvolume: %s\n" "$subvol";
btrfs subvolume delete "/mnt/$subvol"
done
printf "Removing /root subvolume\n"
btrfs subvolume delete /mnt/root
printf "Restoring base /root subvolume\n"
btrfs subvolume snapshot /mnt/root-base /mnt/root
umount /mnt
'';
};
};
};
};
}

5
hosts/luna/os/default.nix Normal file
View File

@ -0,0 +1,5 @@
{ ... }:
{
zramSwap.enable = true;
}

117
hosts/luna/os/fs.nix Normal file
View File

@ -0,0 +1,117 @@
{
lib,
root-disk,
persist-dir,
...
}:
{
services = {
fstrim.enable = true;
btrfs.autoScrub = {
enable = true;
fileSystems = [
"/"
"/nix"
"/persist"
];
};
snapper = {
# NOTE: According to `snapper-config(5)` the default timeline count for all timelines is 10
# (see TIMELINE_LIMIT_HOURLY, ...DAILY, etc.)
configs.persist = {
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
SUBVOLUME = "${persist-dir}";
};
};
};
fileSystems."${persist-dir}".neededForBoot = true;
disko.devices = {
disk.${lib.removePrefix "/dev/" root-disk} = {
type = "disk";
device = "${root-disk}";
content = {
type = "gpt";
partitions = {
esp =
let
label = "NixOS-Boot";
in
{
priority = 1;
size = "512M";
type = "EF00";
content = {
extraArgs = [
"-n ${label}"
"-F 32"
];
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
"defaults"
];
};
};
root =
let
label = "NixOS-Primary";
in
{
size = "100%";
content = {
type = "btrfs";
extraArgs = [
"-f"
"--label ${label}"
];
postCreateHook = ''
MOUNT="$(mktemp -d)"
mount "/dev/disk/by-label/${label}" "$MOUNT" -o subvol=/
trap 'umount $MOUNT; rm -rf $MOUNT' EXIT
btrfs subvolume snapshot -r "$MOUNT/root" "$MOUNT/root-base"
'';
subvolumes = {
"/root" = {
mountpoint = "/";
};
"/var-log" = {
mountpoint = "/var/log";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"${persist-dir}" = {
mountpoint = "${persist-dir}";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"${persist-dir}/.snapshots" = {
mountpoint = "${persist-dir}/.snapshots";
mountOptions = [
"compress=zstd"
"noatime"
];
};
};
};
};
};
};
};
};
}

6
hosts/luna/os/hardware.nix Normal file
View File

@ -0,0 +1,6 @@
{ lib, config, ... }:
{
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
services.fstrim.enable = true;
}

1
hosts/luna/pubkey.nix Normal file
View File

@ -0,0 +1 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZzZ6q/V7f8zbb9Xm0uZPn4zfdXAj3QgwGkGKzEV9Q5 luna"

2
hosts/orion/README.md Normal file
View File

@ -0,0 +1,2 @@
# Orion
This is my laptop and primary (and only) developer machine.

14
hosts/orion/default.nix Normal file
View File

@ -0,0 +1,14 @@
{ pkgs, lib, ... }:
{
imports = (
lib.recurseFilesInDirs [
./os
./modules
] ".nix"
);
system.stateVersion = "24.05";
environment.systemPackages = with pkgs; [
git
neovim
];
}

21
hosts/orion/modules/audio.nix Normal file
View File

@ -0,0 +1,21 @@
{
inputs,
lib,
pkgs,
...
}:
{
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa = {
enable = true;
support32Bit = true;
};
pulse.enable = true;
wireplumber.enable = true;
jack.enable = true;
};
}

36
hosts/orion/modules/bluetooth.nix Normal file
View File

@ -0,0 +1,36 @@
{
inputs,
lib,
pkgs,
...
}:
{
hardware.bluetooth.enable = true;
services.blueman.enable = true;
environment.systemPackages = with pkgs; [ bluez ];
systemd.user.services.mpris-proxy = {
description = "Mpris proxy";
after = [
"network.target"
"sound.target"
];
wantedBy = [ "default.target" ];
serviceConfig.ExecStart = "${pkgs.bluez}/bin/mpris-proxy";
};
security.polkit.extraConfig = ''
/* Allow users in wheel group to use blueman feature requiring root without authentication */
polkit.addRule(function(action, subject) {
if ((action.id == "org.blueman.network.setup" ||
action.id == "org.blueman.dhcp.client" ||
action.id == "org.blueman.rfkill.setstate" ||
action.id == "org.blueman.pppd.pppconnect") &&
subject.isInGroup("wheel")) {
return polkit.Result.YES;
}
});
'';
}

23
hosts/orion/modules/graphical.nix Normal file
View File

@ -0,0 +1,23 @@
{ pkgs, ... }:
{
services.displayManager.sddm = {
wayland.enable = true;
enable = true;
};
programs.hyprland = {
enable = true;
xwayland.enable = true;
};
xdg = {
autostart.enable = true;
portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal
xdg-desktop-portal-gtk
];
};
};
hardware.opengl.enable = true;
services.spice-vdagentd.enable = true;
}

30
hosts/orion/modules/hardware.nix Normal file
View File

@ -0,0 +1,30 @@
{
inputs,
lib,
pkgs,
...
}:
{
# NOTE: Disable Nvidia GPU
boot.extraModprobeConfig = ''
blacklist nouveau
options nouveau iwlwifi power_save=1 modeset=0
'';
services.udev.extraRules = ''
# Remove NVIDIA USB xHCI Host Controller devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c0330", ATTR{power/control}="auto", ATTR{remove}="1"
# Remove NVIDIA USB Type-C UCSI devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c8000", ATTR{power/control}="auto", ATTR{remove}="1"
# Remove NVIDIA Audio devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x040300", ATTR{power/control}="auto", ATTR{remove}="1"
# Remove NVIDIA VGA/3D controller devices
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x03[0-9]*", ATTR{power/control}="auto", ATTR{remove}="1"
'';
boot.blacklistedKernelModules = [
"nouveau"
"nvidia"
"nvidia_drm"
"nvidia_modeset"
];
}

56
hosts/orion/modules/networking.nix Normal file
View File

@ -0,0 +1,56 @@
{ hostname, lib, ... }:
let
default-network-cfg =
let
use-dhcp-dns = "no";
in
{
networkConfig = {
DHCP = "yes";
MulticastDNS = "yes";
IPv6PrivacyExtensions = "yes";
IPv6AcceptRA = "yes";
};
dhcpV4Config = {
RouteMetric = 600;
UseDNS = use-dhcp-dns;
};
ipv6AcceptRAConfig = {
RouteMetric = 600;
UseDNS = use-dhcp-dns;
};
};
in
{
systemd.network = {
enable = true;
networks = lib.attrsets.mapAttrs (name: value: value // default-network-cfg) {
"10-wlan".matchConfig.Name = [ "wl*" ];
"10-ethernet".matchConfig.name = [
"en*"
"eth*"
];
"10-wwan".matchConfig.name = [ "ww*" ];
};
};
services.resolved = {
enable = true;
domains = [ "~." ];
extraConfig = ''
DNS=2a07:e340::2:853#dns.mullvad.net 194.242.2.2#dns.mullvad.net
FallbackDNS=1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com
Cache=yes
CacheFromLocalhost=no
DNSSEC=allow-downgrade
DNSOverTLS=yes
MulticastDNS=yes
'';
};
networking = {
hostName = hostname;
wireless.iwd.enable = true;
useNetworkd = true;
};
}

19
hosts/orion/modules/nix.nix Normal file
View File

@ -0,0 +1,19 @@
{ ... }:
{
nix = {
settings = {
experimental-features = [
"nix-command"
"flakes"
];
auto-optimise-store = true;
trusted-users = [ "@wheel" ];
};
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
};
}

7
hosts/orion/modules/power.nix Normal file
View File

@ -0,0 +1,7 @@
{ ... }:
{
powerManagement.enable = true;
powerManagement.powertop.enable = true;
services.thermald.enable = true;
}

8
hosts/orion/modules/programs.nix Normal file
View File

@ -0,0 +1,8 @@
{ ... }:
{
programs = {
dconf.enable = true;
zsh.enable = true;
nix-ld.enable = true;
};
}

62
hosts/orion/modules/services/openssh.nix Normal file
View File

@ -0,0 +1,62 @@
{ config, ... }:
{
services.openssh = {
enable = true;
startWhenNeeded = true;
# We set the hostkeys manually so they persist through reboots
hostKeys = [
{
path = (
config.environment.persistence.ephemeral.persistentStoragePath + "/etc/ssh/ssh_host_ed25519_key"
);
type = "ed25519";
}
];
sftpFlags = [
"-f AUTHPRIV"
"-l INFO"
];
extraConfig = ''
AllowUsers price
'';
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
GatewayPorts = "yes";
LogLevel = "VERBOSE";
KexAlgorithms = [
"curve25519-sha256"
"curve25519-sha256@libssh.org"
"diffie-hellman-group-exchange-sha256"
];
Ciphers = [
"chacha20-poly1305@openssh.com"
"aes256-gcm@openssh.com"
"aes128-gcm@openssh.com"
"aes256-ctr"
"aes192-ctr"
"aes128-ctr"
];
Macs = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
];
};
ports = [ 2200 ];
banner = ''
Orion Technologies - Security Notice
UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
You must have written, explicit, authorized
permission to access or configure this device.
Unauthorized attempts and actions to access or use
this system may result in civil and/or criminal
penalties. All activities performed on this device
are logged and monitored.
'';
};
}

33
hosts/orion/modules/users.nix Normal file
View File

@ -0,0 +1,33 @@
{ pkgs, config, ... }:
{
security.sudo.wheelNeedsPassword = false;
users.groups.price = { };
users.users = {
root.hashedPasswordFile = config.age.secrets.users-root-pw.path;
price = {
isNormalUser = true;
extraGroups = [ "wheel" ];
group = "price";
shell = pkgs.zsh;
createHome = true;
hashedPasswordFile = config.age.secrets.users-price-pw.path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkWsSntg1ufF40cALcIBA7WZhiU/f0cncqq0pcp+DZY openpgp:0x15993C90"
];
};
};
environment.persistence.ephemeral.directories = [
{
directory = "/home/price";
user = "price";
group = "${config.users.users.price.group}";
mode = "${config.users.users.price.homeMode}";
}
];
environment.persistence.ephemeral.users = {
root = {
home = (config.users.users.root.home);
files = [ ".bash_history" ];
};
};
}

87
hosts/orion/os/boot.nix Normal file
View File

@ -0,0 +1,87 @@
{ modulesPath, pkgs, ... }:
{
# imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
kernelModules = [ "kvm-intel" ];
kernelParams = [ "audit=1" ];
extraModulePackages = [ ];
initrd = {
# VM modules
availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"sr_mod"
"virtio_blk"
];
# Actual Host modules
# availableKernelModules = [
# "xhci_pci"
# "thunderbolt"
# "vmd"
# "nvme"
# "usbhid"
# "rtsx_pci_sdmmc"
# ];
systemd = {
enable = true;
initrdBin = [
pkgs.libuuid
pkgs.gawk
];
services.rollback = {
description = "Rollback btrfs root subvolume";
wantedBy = [ "initrd.target" ];
before = [ "sysroot.mount" ];
after = [ "initrd-root-device.target" ];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
mkdir -p /mnt
DISK_LABEL="NixOS-Primary"
FOUND_DISK=0
ATTEMPTS=50
printf "Attempting to find disk with label '%s'\n" "$DISK_LABEL"
while ((ATTEMPTS > 0)); do
if findfs LABEL="$DISK_LABEL"; then
FOUND_DISK=1
printf "Found disk!\n"
break;
fi
((ATTEMPTS--))
sleep .1
printf "Remaining disk discovery attempts: %s\n" "$ATTEMPTS"
done
if (( FOUND_DISK == 0 )); then
printf "Discovery of disk with label '%s' failed! Cannot rollback!\n" "$DISK_LABEL"
exit 1
fi
mount -t btrfs -o subvol=/ $(findfs LABEL="$DISK_LABEL") /mnt
btrfs subvolume list -to /mnt/root \
| awk 'NR>2 { printf $4"\n" }' \
| while read subvol; do
printf "Removing Subvolume: %s\n" "$subvol";
btrfs subvolume delete "/mnt/$subvol"
done
printf "Removing /root subvolume\n"
btrfs subvolume delete /mnt/root
printf "Restoring base /root subvolume\n"
btrfs subvolume snapshot /mnt/root-base /mnt/root
umount /mnt
'';
};
};
};
};
}

5
hosts/orion/os/default.nix Normal file
View File

@ -0,0 +1,5 @@
{ modulesPath, ... }:
{
zramSwap.enable = true;
}

112
hosts/orion/os/fs.nix Normal file
View File

@ -0,0 +1,112 @@
{
modulesPath,
config,
lib,
root-disk,
persist-dir,
...
}:
{
services = {
fstrim.enable = true;
btrfs.autoScrub = {
enable = true;
fileSystems = [
"/"
"/nix"
"/persist"
];
};
snapper = {
# NOTE: According to `snapper-config(5)` the default timeline count for all timelines is 10
# (see TIMELINE_LIMIT_HOURLY, ...DAILY, etc.)
configs.persist = {
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
SUBVOLUME = "${persist-dir}";
};
};
};
fileSystems."${persist-dir}".neededForBoot = true;
disko.devices = {
disk.${lib.removePrefix "/dev/" root-disk} = {
type = "disk";
device = "${root-disk}";
content = {
type = "gpt";
partitions = {
esp =
let
label = "NixOS-Boot";
in
{
priority = 1;
size = "512M";
type = "EF00";
content = {
extraArgs = [
"-n ${label}"
"-F 32"
];
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
"defaults"
];
};
};
root =
let
label = "NixOS-Primary";
in
{
size = "100%";
content = {
type = "luks";
name = "crypted";
settings = {
allowDiscards = true;
};
content = {
type = "btrfs";
extraArgs = [
"-f"
"--label ${label}"
];
postCreateHook = ''
MOUNT="$(mktemp -d)"
mount "/dev/disk/by-label/${label}" "$MOUNT" -o subvol=/
trap 'umount $MOUNT; rm -rf $MOUNT' EXIT
btrfs subvolume snapshot -r "$MOUNT/root" "$MOUNT/root-base"
'';
subvolumes = {
"/root" = {
mountpoint = "/";
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"/persist" = {
mountpoint = "/persist";
mountOptions = [
"compress=zstd"
"noatime"
];
};
};
};
};
};
};
};
};
};
}

6
hosts/orion/os/hardware.nix Normal file
View File

@ -0,0 +1,6 @@
{ lib, config, ... }:
{
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
services.fstrim.enable = true;
}

1
hosts/orion/pubkey.nix Normal file
View File

@ -0,0 +1 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB/mvAHcaWQv6m+F5o2wYg5DX+cOYCiqha/LustPcStf orion"

2
install.bash
View File

@ -1,2 +0,0 @@
#!/usr/bin/env /bin/bash
nix run --extra-experimental-features 'nix-command flakes' . -- switch --extra-experimental-features 'nix-command flakes' --flake "git+file://$(pwd)?submodules=1" "${@}"

16
overlays/default.nix Normal file
View File

@ -0,0 +1,16 @@
{ inputs, ... }:
{
additions = final: _prev: import ../pkgs { pkgs = final; };
modifications = final: prev: {
waybar = inputs.waybar.packages.${final.system}.default;
lxappearance = prev.lxappearance.overrideAttrs (oldAttrs: {
postInstall = ''
wrapProgram $out/bin/lxappearance --prefix GDK_BACKEND : x11
'';
});
opensnitch-ui = prev.opensnitch-ui.overrideAttrs (oldAttrs: {
propagatedBuildInputs = oldAttrs.propagatedBuildInputs ++ [ prev.python311Packages.qt-material ];
});
};
}

61
pkgs/Fmt/flake.lock
View File

@ -1,61 +0,0 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1710534455,
"narHash": "sha256-huQT4Xs0y4EeFKn2BTBVYgEwJSv8SDlm82uWgMnCMmI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9af9c1c87ed3e3ed271934cb896e0cdd33dae212",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

42
pkgs/Fmt/flake.nix
View File

@ -1,42 +0,0 @@
{
description = "Flake for custom formatting script";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
flake-utils.url = "github:numtide/flake-utils";
};
outputs =
{
self,
nixpkgs,
flake-utils,
}:
flake-utils.lib.eachDefaultSystem (
system:
let
pkgs = nixpkgs.legacyPackages.${system};
in
{
packages.default = pkgs.writeShellApplication {
name = "Fmt";
runtimeInputs = with pkgs; [
stylua
gnugrep
nixfmt-rfc-style
nodePackages.prettier
shfmt
];
text = (
''
#!${pkgs.bash}/bin/bash
''
+ builtins.readFile ./fmt.bash
);
};
}
)
// {
overlays.default = final: prev: { Fmt = self.packages.${final.system}.default; };
};
}

14
pkgs/bob-nvim.nix Normal file
View File

@ -0,0 +1,14 @@
{ rustPlatform, fetchFromGitHub }:
rustPlatform.buildRustPackage rec {
pname = "bob";
version = "2.9.1";
src = fetchFromGitHub {
owner = "MordechaiHadad";
repo = "bob";
rev = "v${version}";
hash = "sha256-jVRxvhUENyucRHN4TGV9xsWOs7mfPJCV90Lk/hD1xFE=";
};
cargoLock.lockFile = "${src}/Cargo.lock";
}

78
pkgs/bob-nvim/flake.lock
View File

@ -1,78 +0,0 @@
{
"nodes": {
"bob": {
"flake": false,
"locked": {
"lastModified": 1706612487,
"narHash": "sha256-OTmsb1tnautQTdO/oeqbwd5MmyHbG946/kPCGSluIrM=",
"owner": "MordechaiHadad",
"repo": "bob",
"rev": "e521723d2c084f4b610c27d79f870f83e964fe95",
"type": "github"
},
"original": {
"owner": "MordechaiHadad",
"repo": "bob",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1708151420,
"narHash": "sha256-MGT/4aGCWQPQiu6COqJdCj9kSpLPiShgbwpbC38YXC8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "6e2f00c83911461438301db0dba5281197fe4b3a",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"bob": "bob",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

58
pkgs/bob-nvim/flake.nix
View File

@ -1,58 +0,0 @@
{
description = "Flake for bob-nvim, a Neovim version manager.";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
bob = {
flake = false;
url = "github:MordechaiHadad/bob";
};
flake-utils.url = "github:numtide/flake-utils";
};
outputs =
{
self,
nixpkgs,
flake-utils,
bob,
}:
flake-utils.lib.eachDefaultSystem (
system:
let
pkgs = nixpkgs.legacyPackages.${system};
rust-toolchain = pkgs.symlinkJoin {
name = "rust-toolchain";
paths = with pkgs; [
rustc
cargo
cargo-watch
rust-analyzer
rustfmt
];
};
in
rec {
# This builds the blog binary then runs it and collects the output. Once done it throws away the binary and
# shoves the newly created static site into the result.
packages.default = pkgs.rustPlatform.buildRustPackage {
name = "bob-nvim";
pname = "bob";
src = "${bob}";
cargoLock.lockFile = "${bob}/Cargo.lock";
};
# Rust dev environment
devShells.default = pkgs.mkShell {
shellHook = ''
# For rust-analyzer 'hover' tooltips to work.
export RUST_SRC_PATH=${pkgs.rustPlatform.rustLibSrc}
'';
nativeBuildInputs = [ rust-toolchain ];
};
}
)
// {
overlays.default = final: prev: { bob-nvim = self.packages.${final.system}.default; };
};
}

23
pkgs/default.nix Normal file
View File

@ -0,0 +1,23 @@
{ pkgs, ... }:
{
bob-nvim = pkgs.callPackage ./bob-nvim.nix {
rustPlatform = pkgs.rustPlatform;
fetchFromGitHub = pkgs.fetchFromGitHub;
};
Fmt = pkgs.writeShellApplication {
name = "Fmt";
runtimeInputs = with pkgs; [
stylua
gnugrep
nixfmt-rfc-style
nodePackages.prettier
shfmt
];
text = (
''
#!${pkgs.bash}/bin/bash
''
+ builtins.readFile ./fmt.bash
);
};
}

1
pkgs/Fmt/fmt.bash → pkgs/fmt.bash
View File

@ -1,3 +1,4 @@
#!/usr/bin/env bash
# vim: ft=sh # vim: ft=sh
set -euo pipefail set -euo pipefail

78
pkgs/kanagawa-gtk/flake.lock
View File

@ -1,78 +0,0 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"kanagawa-gtk": {
"flake": false,
"locked": {
"lastModified": 1688426096,
"narHash": "sha256-BZRmjVas8q6zsYbXFk4bCk5Ec/3liy9PQ8fqFGHAXe0=",
"owner": "Fausto-Korpsvart",
"repo": "Kanagawa-GKT-Theme",
"rev": "35936a1e3bbd329339991b29725fc1f67f192c1e",
"type": "github"
},
"original": {
"owner": "Fausto-Korpsvart",
"repo": "Kanagawa-GKT-Theme",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1708151420,
"narHash": "sha256-MGT/4aGCWQPQiu6COqJdCj9kSpLPiShgbwpbC38YXC8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "6e2f00c83911461438301db0dba5281197fe4b3a",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"kanagawa-gtk": "kanagawa-gtk",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

95
pkgs/kanagawa-gtk/flake.nix
View File

@ -1,95 +0,0 @@
{
description = "Flake for the Kanagwa GTK Theme";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
kanagawa-gtk = {
flake = false;
url = "github:Fausto-Korpsvart/Kanagawa-GKT-Theme";
};
flake-utils.url = "github:numtide/flake-utils";
};
outputs =
{
self,
nixpkgs,
flake-utils,
kanagawa-gtk,
}:
flake-utils.lib.eachDefaultSystem (
system:
let
pkgs = nixpkgs.legacyPackages.${system};
lib = nixpkgs.lib;
in
rec {
# This builds the blog binary then runs it and collects the output. Once done it throws away the binary and
# shoves the newly created static site into the result.
packages.kanagawa-gtk-theme = pkgs.stdenvNoCC.mkDerivation rec {
pname = "kanagawa-gtk-theme";
version = "unknown";
src = "${kanagawa-gtk}";
propagatedUserEnvPkgs = with pkgs; [ gtk-engine-murrine ];
nativeBuildInputs = with pkgs; [ gtk3 ];
installPhase = ''
runHook preInstall
mkdir -p $out/share/themes
cp -a themes/* $out/share/themes
runHook postInstall
'';
meta = with lib; {
description = "A GTK theme with the Kanagawa colour palette. Borrowed with from https://github.com/NixOS/nixpkgs/pull/277073.";
homepage = "https://github.com/Fausto-Korpsvart/Kanagawa-GKT-Theme";
license = licenses.gpl3Only;
platforms = platforms.all;
};
};
packages.default = packages.kanagawa-gtk-theme;
packages.kanagwa-icon-theme = pkgs.stdenvNoCC.mkDerivation rec {
pname = "kanagawa-icon-theme";
version = "unknown";
src = "${kanagawa-gtk}";
nativeBuildInputs = with pkgs; [ gtk3 ];
propagatedBuildInputs = with pkgs; [ hicolor-icon-theme ];
dontDropIconThemeCache = true;
installPhase = ''
runHook preInstall
mkdir -p $out/share/icons
cp -a icons/* $out/share/icons
for theme in $out/share/icons/*; do
gtk-update-icon-cache -f $theme
done
runHook postInstall
'';
meta = with lib; {
description = "An icon theme for the Kanagawa colour palette. Borrowed with from https://github.com/NixOS/nixpkgs/pull/277073.";
homepage = "https://github.com/Fausto-Korpsvart/Kanagawa-GKT-Theme";
license = licenses.gpl3Only;
platforms = platforms.all;
};
};
# Rust dev environment
}
)
// {
overlays.default = final: prev: {
kanagawa-gtk-theme = self.packages.${final.system}.kanagawa-gtk-theme;
kanagawa-gtk-icon-theme = self.packages.${final.system}.kanagwa-icon-theme;
};
};
}

112
scripts/install-host.bash Executable file
View File

@ -0,0 +1,112 @@
#!/usr/bin/env bash
set -Eeuo pipefail
BASE_DIR="$PWD"
gen-system-key() {
local system="${1:?"No system provided to generate a key for!"}"
local priv_key_path="${2:?"No private key path provided!"}"
local key_file="out-key"
local priv_key
local pub_key
# Gen Key in a temp directory
pushd "$(mktemp -d)" >/dev/null
ssh-keygen -t ed25519 -f ./"${key_file}" -N '' -C "${system}" -q
priv_key="$(cat "${key_file}")"
pub_key="$(cat "${key_file}.pub")"
rm -f "${key_file}" "${key_file}.pub" >/dev/null
popd >/dev/null
# Update public key for system and rekey secrets
printf "Rekeying for '%s' secrets with new system key!\n" "${system}" 1>&2
local host_pubkey_path="${BASE_DIR}/hosts/${system}/pubkey.nix"
if [[ -r "${host_pubkey_path}" ]]; then
local backup_pub_key_path
backup_pub_key_path="${host_pubkey_path}.$(date +'%Y-%d-%m_%H:%M:%S')"
printf "Backing up old public key file to '%s'!\n" "${backup_pub_key_path}" 1>&2
mv "${host_pubkey_path}" "${backup_pub_key_path}"
fi
printf '"%s"' "${pub_key}" >"${host_pubkey_path}"
git add "${host_pubkey_path}" 1>&2
pushd secrets >/dev/null
agenix -r -i "${priv_key_path}" 1>&2
git add . 1>&2
popd >/dev/null
printf "%s" "${priv_key}"
}
main() {
local persist_dir="/mnt/persist"
local flake_install_path="${persist_dir}/ephemeral/etc/nixos"
local system="${1:?"Provide system to build!"}"
local flake=".#${system}"
local conn="${2:?"Provide ssh connection string! (E.g. root@myhost)"}"
local priv_key_path="${3:?Provide path to private key}"
local ssh_port="${4:-22}"
if [[ ! -r "${priv_key_path}" ]]; then
printf "Unable a private key file at '%s'\n!" "${priv_key_path}" 1>&2
exit 1
elif [[ ! -r "${BASE_DIR}/hosts/${system}" ]]; then
printf "Could not find a system named '%s' in '%s'!\n" "${system}" "${BASE_DIR}/hosts" 1>&2
exit 1
fi
cat <<-__EOS__
─────────────────────────────────
Installing NixOS on Remote Host
=================================
Host: "${conn}"
Flake: "${flake}"
─────────────────────────────────
__EOS__
printf "Generating system keys\n"
local new_sys_key
new_sys_key="$(gen-system-key "${system}" "${priv_key_path}")"
printf "Finished generating system keys\n"
local nixos_anywhere_log
nixos_anywhere_log="$(nix run github:nix-community/nixos-anywhere -- --flake "${flake}" "${conn}" --stop-after-disko -p "${ssh_port}" 2>&1 | tee >(cat >&2))"
local ssh_login_key="${nixos_anywhere_log##*$'\n'}"
ssh_login_key="${ssh_login_key#*\'}"
ssh_login_key="${ssh_login_key%\'*}"
local ssh_opts="-i ${ssh_login_key} -o GlobalKnownHostsFile=/dev/null -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p ${ssh_port} -l root"
local ssh_cmd="ssh ${conn} ${ssh_opts}"
local system_key_dest="${persist_dir}/ephemeral/etc/ssh/ssh_host_ed25519_key"
printf "SSH Command: %s\n" "${ssh_cmd}"
eval "${ssh_cmd}" <<-__EOS__
mkdir -p "${persist_dir}/ephemeral/etc/ssh"
mkdir -p "${persist_dir}/save"
mkdir -p "${flake_install_path}"
printf "Putting new system key into place\n"
printf "%s\n" "${new_sys_key}" > "${system_key_dest}"
chmod 0600 "${system_key_dest}"
printf "Installing rsync for later stage\n"
nix-env -f '<nixpkgs>' -iA rsync
__EOS__
printf "Copying flake to system\n"
local rsync_cmd="rsync -r '${BASE_DIR}'/ '${conn}:${flake_install_path}' -e 'ssh ${ssh_opts}' --info=PROGRESS2"
printf "Issuing rsync command: '%s\n'" "${rsync_cmd}"
eval "${rsync_cmd}"
printf "Doing final install\n"
eval "${ssh_cmd}" <<-__EOS__
set -euo pipefail
cd "${flake_install_path}"
nix-env -f '<nixpkgs>' -iA git
sudo nixos-install --flake "git+file:${flake}" --no-root-password --no-channel-copy && reboot
__EOS__
cat <<-__EOS__
──────────────────────────────────────────
Finished Installing NixOS on Remote Host
==========================================
Host: "${conn}"
Flake: "${flake}"
──────────────────────────────────────────
__EOS__
}
main "${@}"

66
secrets/default.nix
View File

@ -1,30 +1,60 @@
{ {
agenix ? true, agenix ? false,
lib ? import ../lib { }, lib ? import ../lib { },
}: }:
let let
keys = [ masterKeys = [
"age1yubikey1qfnj0k4mkzrn8ef5llwh2sv6hd7ckr0qml3n9hzdpz9c59ypvryhyst87k0" "age1yubikey1qfnj0k4mkzrn8ef5llwh2sv6hd7ckr0qml3n9hzdpz9c59ypvryhyst87k0"
"age1ur2lr3z6d2eftgxcalc6s5x9840ew9x43upl9k23wg0ugacrn5as4zl6sj" "age1ur2lr3z6d2eftgxcalc6s5x9840ew9x43upl9k23wg0ugacrn5as4zl6sj"
]; ];
secrets = hosts = {
let luna =
dir = "files"; let
in secrets = "hosts/luna";
{ }; in
{
users-root-pw = "${secrets}/users-root-pw.age";
users-price-pw = "${secrets}/users-price-pw.age";
gitea-db-pass = "${secrets}/gitea-db-pass.age";
gitea-runner-token = "${secrets}/gitea-runner-token.age";
};
orion =
let
secrets = "hosts/orion";
in
{
users-root-pw = "${secrets}/users-root-pw.age";
users-price-pw = "${secrets}/users-price-pw.age";
};
};
in in
if agenix then if agenix then
(builtins.listToAttrs ( (builtins.listToAttrs (
builtins.concatMap (secretName: [ builtins.concatMap (
{ host:
name = builtins.toString secretName; let
value.publicKeys = keys; hostSecrets = (builtins.getAttr host hosts);
} in
]) (builtins.attrNames secrets) (builtins.map (
hostSecretName:
let
secret = (builtins.getAttr hostSecretName hostSecrets);
in
{
name = builtins.toString secret;
value = {
publicKeys = [ (import ./../hosts/${host}/pubkey.nix) ] ++ masterKeys;
};
}
) (builtins.attrNames hostSecrets))
) (builtins.attrNames hosts)
)) ))
else else
(lib.recursiveMerge ( (builtins.mapAttrs (
builtins.map (secretName: { age.secrets.${secretName}.file = ./${secrets.${secretName}}; }) ( host: secrets:
builtins.attrNames secrets (lib.recursiveMerge (
) builtins.map (secretName: { age.secrets.${secretName}.file = ./${secrets.${secretName}}; }) (
)) builtins.attrNames hosts.${host}
)
))
) hosts)

16
secrets/hosts/luna/gitea-db-pass.age Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFdvUU04QSBNYlI4
SUFhY21vTTdES005Z2pRSHVPUlNaNU94bm5LMEcvL1pwbWQvYlRnCit5MEVsRTMz
K0RYc20wbGlzaXV4aDZGODRDdWFxNklwM3NjUFdHUU1zWVEKLT4gWDI1NTE5IDVC
aUJrWCtpdzZObE5ETlNobFVoNVUrdmo2dDBodVdpdVhLcjVCaXBkbk0KKy9HblBo
alh5ak5YNVEwb0ZsQk9kWGRhb1JkRkhjRkhJWUtnOFVEQ0piVQotPiBwaXYtcDI1
NiBySnMxSEEgQXVHc3prNk42UmhwMW9PSTBtMk1jR2hVSXpxVkVyWFFQb29YYWZT
bUw4czkKOWhTRmFOUTBtVW5qbXB2Tk93QkJ6UnFacExkMkU0NzVONUlzbzRZOGxE
TQotPiBibXQtZ3JlYXNlIG0gVzBBZSBJQjsiUnAxfSAvQV84CjR3U2VaT1B1Tkxw
dFdSRzlPeURpZXY2QlUyNHJJMjE3Y3F2VUNWcVB4UQotLS0gc1h6WitwUkpsM0dL
T3B4Z3FNV09OVUZ1SGZQQUN2OHE3cmZuZEJleitTawov2e+ve9ZQV89nggvRV/yu
Kw0pNzog065lk3mVwNONqlfa3gGd1w78J06lndiZ6oF1/0VZHyRwXf+Rs8cMezzb
ITXuBHZ6GXZ0Nii/dhK0nN8sfHtCR3zpUcxBn8nkl5tNhW6MzLSK1yfIOQZMHatO
GM1f7BKFdLCLb+6VW6tDnqP+8uOFGLNbTcGepxiEAW6wnixnXHjRC+M9otGIUmfe
XdlANT4syDJhuqv5k/PmB10hgWBGByBlOtG3TiMmBgyZQbOVLAdZx0pNI7jg
-----END AGE ENCRYPTED FILE-----

14
secrets/hosts/luna/gitea-runner-token.age Normal file
View File

@ -0,0 +1,14 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFdvUU04QSA0bys5
cmx2R3Iva1ZxekhtcEtIdUdvRGpoRlN2V0ZWNnR1VmlXelAvZlRvCmUvMnZGNWlO
a0t4cnBBTUYxQ0EzVGRCYnh1K0YxV1IrdmU2d2hid29LN0EKLT4gWDI1NTE5IGYy
ZG4ranlyRExMeGJTZHFEVFh6N1g1a2ZncUZudzBIVDZ0a3BsMHk0a1kKdFNFa0Fl
ZTBJSE81UDJIbHRDeWFHQTRSVnRIczRKdjRxQkF2dGFwNi9EbwotPiBwaXYtcDI1
NiBySnMxSEEgQStqWFJHZ0RULzRCWFN6aXF2bHAwODNlV29MTm5kTzlRbG5jdlVW
d08vdEUKbUQ4SXdtUGNLU0VtT1hSZXlEUnc0QW81Vm56VXBuYklOTWJBSmR3UDJG
OAotPiBNLWdyZWFzZSB9RSolSG9DCkt4Z0VzSk5GK3hHelZZQkx6M2g1NnJWcnVG
Z3hyZTJNb0lNK0UvZnY0TWFiCi0tLSBGdVIyZ0MybUtZQTFKcVJoUjR2ZG1HYmRi
NnZrdWFsdU1Gb3pLYVovODFFCjNwKkWh0MitzqcFXkocWHeE8tf9ZowVVk9sQ+TJ
RrbvTpTKP5KATDmG4+C2cn01WN0JorD9gGZk3ygV9sVm42hucvLa3AUMYelvcZHH
fxk=
-----END AGE ENCRYPTED FILE-----

15
secrets/hosts/luna/users-price-pw.age Normal file
View File

@ -0,0 +1,15 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFdvUU04QSBwTzBk
ZWQrYklGYmVSK2diM1d0ZWkwNGZ0a2VTTC84SEFjajlreHRnOWdFCm80ckxBQlIr
M1UyNTBoUFBINzdEdzVBandQcEdDY3ZvbVpsejFRSTdyY0kKLT4gWDI1NTE5IGNH
RU44b3BpaGUzd2V5RFlOZlIyY0o5Z2NFYnAyWTU0NVg0K3lUYUxrR0UKcEVoMTVu
QVk1Z25LZlNqTW1EUTUySXdhdGU2Zm5yckhCa2Y4VkJEcHFCRQotPiBwaXYtcDI1
NiBySnMxSEEgQWpnRVdYVTZOOElHYTYxOTJ3YnA5eWc3WHowS05NWUo3K0RUNVN3
ZHdTTDEKU21UZE5rK3lqbTZ1TGpFWUc0STZxRExtSDVERC9kYjBnbkFmb0o4RzRY
QQotPiBGLWdyZWFzZSA/QSRvM1cgPlolCnhuQy81UnF5azEwUW9aTXhqUG8ydzYr
eDlPU293YkVKbkhVYnRMWXZQQ3VncWpYWUVtNlpxNjJCQVNVcgotLS0gbklXWlJK
MW9XUnY0MU1WMXhjcStjSUphMGlDTVVUbEJ5dHNCbkRDbjlycwoPTmZO09gCTAlk
QqFphkBQsaPus03eGrU7MFIjE8zpjKjkLfSQYilrgS5vv164RpWS/y8dMVqoFTsA
HKqHcjUkuDUnSgHTk4ZLtISi4y6zq3iDvVABM8K+zVJr9KvJuwCOzOoAxKfn/dSL
lvJ7k8CivrnviKc9FYn/Kf4gCtNLBhsQ0X2DOHfusFNG
-----END AGE ENCRYPTED FILE-----

14
secrets/hosts/luna/users-root-pw.age Normal file
View File

@ -0,0 +1,14 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFdvUU04QSBRUDUw
eWRxZ0xQVWc3UXB1dFFiTWhsM29lSkVSUW5QazNPRXhXeEI0SHc4ClFCREpHYTdz
RmRZdklUNnVmNHBNalVUdzkxTTc5L1pXK3QzdlQxZVhvMkEKLT4gWDI1NTE5IFBY
Z1FvNDdMOHZvYmJUZmlEbUwwbUFxVEc4c2pUa3F4VlZkQW8yQ3ZveVkKY0h0bThW
cEs1ZXFjaGZSbTFQZHVySEJ2b3A4bXRKWkI4b01GZ0g4aHdJcwotPiBwaXYtcDI1
NiBySnMxSEEgQXp5dnpxWGp0SzVhVWpSYzZXWVU5NmZkcy9FN0R6ajJiWEdzK21p
V3A3WEIKYlBaVkw0WTQvWldrWlFUVkVlQVU2UFNKSW9VWlhTMFNuNnFicTA4L2U5
bwotPiAhcS1ncmVhc2UgOypuJlwoc18gWl46ZSx0CnoyQ0x2dnVYcXpzRC9DZzNj
QQotLS0gT2RBL3ZlN1RYK3d4ZzUrZHI1TzJubllxbUFPbFUzbkI3ZlFldXFoVHly
ZwruN+Wtj/2dKzzE3qmapuWPJXpYw/fCdhoRu+Yv1uoqqwGTBAH7usQnO3DffOHo
2alpmoDkqlGjrLuJ+frvyWAh6xyggmN7zsD0cadR1a8BoxrBTktY0OFj/+u6MJDD
kpkYDB/umaol7aJM6x6f9x+twgdzVxYlsSgdrA+UR19GrX6BniR/fWC0SXZ0
-----END AGE ENCRYPTED FILE-----

15
secrets/hosts/orion/users-price-pw.age Normal file
View File

@ -0,0 +1,15 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGxkdEhLZyBIWE1n
T0ZJaS8xb3JxUGE5VUdxaU9CT2paV1U5U0tCZWFUV0Z3WkdVbTNzCjZuN0lKeEh3
UE5WVjVnSk9JYlJra1NDQU1ocWdnMVFoRmUzc0xkQlZ1R0UKLT4gWDI1NTE5IENt
NnpHN29KeklSWGpwaDRWNGg3MDh5SyszRXlUU0pnM1dQRGZBejdNMkUKdXdnSndV
VzBJbFQvV1JLVGt4TU0wR1ZuL0twcmFDV0NSL29JRGU5bWhoWQotPiBwaXYtcDI1
NiBySnMxSEEgQXc2RWNaOHFXcDJ6UlpyZWk3Y3g2RDJvQkNKQ3FmQyt0dXoyWHZa
WTZvSTcKTmpmOEliRkV0NU92K2NTV3dBV0NwTEVTVi9vTTRYVVJVTUxUL0xBWkNB
MAotPiAiLGp4LWdyZWFzZSAhKTdzbi9XClY4aTVYUGYyOE9acGJyVGliL2krUEg0
OFdUMHUKLS0tIEUwOU1YclcwNnBSUTFaalo4Wm9YaEFaOXZDa29YZjRZdTF2cmRi
VVQzZ0UKGip/2vrDDEHl0kh81TMmQXSCYi+gcyPk+CimiUgPuMvUsVWBfhEhVQSm
8k5SohQRurOcyTyKt66qO9sNLQf8i4n5uTe7j3mdP9xBMQSmQkFujtIDzO2ZA8kc
5J7DYDHyG4LwnC9Epyd8eBmE1Hhpqug+RqMG3C7NApxYJ626gB2t4WyZUEQuIYAT
Ew==
-----END AGE ENCRYPTED FILE-----

17
secrets/hosts/orion/users-root-pw.age Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGxkdEhLZyB5cUQ5
MGdqVmpnKzFjak9iVk1BVWN6U0oyT3c5MUJ5cFdabnNEalovMmpvCkFVYVpwbXJi
dlhHdUtzZ1Y5U2pqVVlDbGhxcmtoUmN5dGNxNStwMkllTFUKLT4gWDI1NTE5IEty
OVVhTE1KRFgzWXl1T3NCR2FBK0w0YTJIcC91TUhJaXgyaTRBQ1hneTgKZWNNdDJp
STNEWkJxdUhsSk1SMXFSc0ZyNXJEenJ0b0VqZExsbUs2VUdkbwotPiBwaXYtcDI1
NiBySnMxSEEgQW5LZCtmRFEvYUkrZHp0MVJJc0tjbW1GalNYYkttUXVPR0xDTWRn
dEtFSkcKaGYyZElrUzNyYWpqYUhTSERiZGVadlp1UU1RSnkrODFJTzFKVFRIeUdI
VQotPiAhM1Y+Xy1ncmVhc2UgbGY3UEt+RiAqcDxfYTBdIGJ7CnVyOVRDcytTb0h4
d2pDYlpBSEpIZDA2NDdsOExGMGdDeXYzWXJCYUdUaGFBZHNmN1BpdmZJMEVIZWNV
c3lkWjQKTDhDSWo0NFVuQzVhZk1EUHhocHdhN1JZTkVpZUdSTUwxUzBjSFIrVnpr
SDAwTnpBSHNibUZhajVqVzQKLS0tIDVDY0FnRnJUc3hwbDgyYzJZazRmQ0pyVmV6
dU45S2lDdStQc05kUXdoSDQKdNPcHQuexwFFJwGBkand8jVXS/8gbhycSEysX+Sj
s5BKORCExjyRkO8AkI//LZ/96ReoIYuHmUaIRIC6qtJCAvK89SsDm8iPbzyTigfL
OjHzW3UCX69spnohxKFgfYNmypFSwl/L9fQ9RVVj2HFXRwctMFdfYAke/CVIUzz+
EAI9BuTRh+Wy9fwlcQ==
-----END AGE ENCRYPTED FILE-----

0
dots/.config/bat/config → users/price/dots/.config/bat/config
View File

0
dots/.config/bat/themes/Kanagawa.tmTheme → users/price/dots/.config/bat/themes/Kanagawa.tmTheme
View File

0
dots/.config/chrome-flags.conf → users/price/dots/.config/chrome-flags.conf
View File

0
dots/.config/chromium-flags.conf → users/price/dots/.config/chromium-flags.conf
View File

0
dots/.config/direnv/direnvrc → users/price/dots/.config/direnv/direnvrc
View File

0
dots/.config/emacs/.gitignore → users/price/dots/.config/emacs/.gitignore vendored
View File

0
dots/.config/emacs/early-init.el → users/price/dots/.config/emacs/early-init.el
View File

0
dots/.config/emacs/init.el → users/price/dots/.config/emacs/init.el
View File

0
dots/.config/hypr/conf/application/gromit-mpx.conf → users/price/dots/.config/hypr/conf/application/gromit-mpx.conf
View File

0
dots/.config/hypr/conf/core/appearance.conf → users/price/dots/.config/hypr/conf/core/appearance.conf
View File

10
dots/.config/hypr/conf/core/bindings.conf → users/price/dots/.config/hypr/conf/core/bindings.conf
View File

@ -101,11 +101,11 @@ bind = SUPER,j,movefocus,d
bind = SUPERSHIFT,left,exec,~/.config/hypr/scripts/focus-workspace-mon.bash $(( $(hyprctl monitors -j | jq -c '.[] | select(.focused) | .activeWorkspace.id') - 1 )) bind = SUPERSHIFT,left,exec,~/.config/hypr/scripts/focus-workspace-mon.bash $(( $(hyprctl monitors -j | jq -c '.[] | select(.focused) | .activeWorkspace.id') - 1 ))
bind = SUPERSHIFT,right,exec,~/.config/hypr/scripts/focus-workspace-mon.bash $(( $(hyprctl monitors -j | jq -c '.[] | select(.focused) | .activeWorkspace.id') + 1 )) bind = SUPERSHIFT,right,exec,~/.config/hypr/scripts/focus-workspace-mon.bash $(( $(hyprctl monitors -j | jq -c '.[] | select(.focused) | .activeWorkspace.id') + 1 ))
bind = SUPERCTRL,left,exec,~/.config/hypr/scripts/move-workspace-mon.bash $(( $(hyprctl monitors -j | jq -c '.[] | select(.focused) | .activeWorkspace.id') - 1 )) bind = SUPERCTRL,left,exec,~/.config/hypr/scripts/move-workspace-mon.bash $(( $(hyprctl monitors -j | jq -c '.[] | select(.focused) | .activeWorkspace.id') - 1 )) 1
bind = SUPERCTRL,right,exec,~/.config/hypr/scripts/move-workspace-mon.bash $(( $(hyprctl monitors -j | jq -c '.[] | select(.focused) | .activeWorkspace.id') + 1 )) bind = SUPERCTRL,right,exec,~/.config/hypr/scripts/move-workspace-mon.bash $(( $(hyprctl monitors -j | jq -c '.[] | select(.focused) | .activeWorkspace.id') + 1 )) 1
bind = SUPERSHIFTCTRL,left,exec,~/.config/hypr/scripts/move-workspace-mon.bash $(( $(hyprctl monitors -j | jq -c '.[] | select(.focused) | .activeWorkspace.id') - 1 )) 1 bind = SUPERSHIFTCTRL,left,exec,~/.config/hypr/scripts/move-workspace-mon.bash $(( $(hyprctl monitors -j | jq -c '.[] | select(.focused) | .activeWorkspace.id') - 1 ))
bind = SUPERSHIFTCTRL,right,exec,~/.config/hypr/scripts/move-workspace-mon.bash $(( $(hyprctl monitors -j | jq -c '.[] | select(.focused) | .activeWorkspace.id') + 1 )) 1 bind = SUPERSHIFTCTRL,right,exec,~/.config/hypr/scripts/move-workspace-mon.bash $(( $(hyprctl monitors -j | jq -c '.[] | select(.focused) | .activeWorkspace.id') + 1 ))
bind = SUPER,1,exec,~/.config/hypr/scripts/focus-workspace-mon.bash 1 bind = SUPER,1,exec,~/.config/hypr/scripts/focus-workspace-mon.bash 1
bind = SUPER,2,exec,~/.config/hypr/scripts/focus-workspace-mon.bash 2 bind = SUPER,2,exec,~/.config/hypr/scripts/focus-workspace-mon.bash 2
@ -125,4 +125,4 @@ bind = SUPERCTRL,5,exec,~/.config/hypr/scripts/move-workspace-mon.bash 5
bind = SUPERCTRL,6,exec,~/.config/hypr/scripts/move-workspace-mon.bash 6 bind = SUPERCTRL,6,exec,~/.config/hypr/scripts/move-workspace-mon.bash 6
bind = SUPERCTRL,7,exec,~/.config/hypr/scripts/move-workspace-mon.bash 7 bind = SUPERCTRL,7,exec,~/.config/hypr/scripts/move-workspace-mon.bash 7
bind = SUPERCTRL,8,exec,~/.config/hypr/scripts/move-workspace-mon.bash 8 bind = SUPERCTRL,8,exec,~/.config/hypr/scripts/move-workspace-mon.bash 8
bind = SUPERCTRL,9,exec,~/.config/hypr/scripts/move-workspace-mon.bash 9 bind = SUPERCTRL,9,exec,~/.config/hypr/scripts/move-workspace-mon.bash 9

0
dots/.config/hypr/conf/core/colors.conf → users/price/dots/.config/hypr/conf/core/colors.conf
View File

0
dots/.config/hypr/conf/core/general.conf → users/price/dots/.config/hypr/conf/core/general.conf
View File

0
dots/.config/hypr/conf/core/monitors.conf → users/price/dots/.config/hypr/conf/core/monitors.conf
View File

0
dots/.config/hypr/conf/core/window-rules.conf → users/price/dots/.config/hypr/conf/core/window-rules.conf
View File

3
dots/.config/hypr/conf/init.conf → users/price/dots/.config/hypr/conf/init.conf
View File

@ -1,7 +1,6 @@
$configDir = ~/.config/hypr/conf $configDir = ~/.config/hypr/conf
# --- Core Config --- # --- Core Config ---
source = $configDir/core/env.conf
source = $configDir/core/general.conf source = $configDir/core/general.conf
source = $configDir/core/bindings.conf source = $configDir/core/bindings.conf
source = $configDir/core/appearance.conf source = $configDir/core/appearance.conf
@ -9,4 +8,4 @@ source = $configDir/core/monitors.conf
source = $configDir/core/window-rules.conf source = $configDir/core/window-rules.conf
# --- Application Specific --- # --- Application Specific ---
source = $configDir/application/gromit-mpx.conf source = $configDir/application/gromit-mpx.conf

4
dots/.config/hypr/hyprland.conf → users/price/dots/.config/hypr/hyprland.conf
View File

@ -6,7 +6,7 @@ exec = systemd-run --user --unit=slimbookbattery slimbookbattery --minimize || s
exec = systemd-run --user --unit=clight-gui clight-gui --tray || systemctl --user restart clight-gui exec = systemd-run --user --unit=clight-gui clight-gui --tray || systemctl --user restart clight-gui
exec = systemd-run --user --unit=events-monitor ~/.config/hypr/scripts/launchers/events-monitor.bash || systemctl --user restart events-monitor exec = systemd-run --user --unit=events-monitor ~/.config/hypr/scripts/launchers/events-monitor.bash || systemctl --user restart events-monitor
exec = systemd-run --user --unit=xwaylandvideobridge xwaylandvideobridge || systemctl --user restart xwaylandvideobridge exec = systemd-run --user --unit=xwaylandvideobridge xwaylandvideobridge || systemctl --user restart xwaylandvideobridge
exec = systemd-run --user --unit=polkit-agent /usr/lib/polkit-kde-authentication-agent-1 || systemctl --user restart polkit-agent exec = systemd-run --user --unit=polkit-agent /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1 || systemctl --user restart polkit-agent
exec-once = systemctl --user import-environment WAYLAND_DISPLAY XDG_CURRENT_DESKTOP PATH exec-once = systemctl --user import-environment WAYLAND_DISPLAY XDG_CURRENT_DESKTOP PATH
exec = sleep 1 && systemctl --user restart compositor.target exec = sleep 1 && systemctl --user restart compositor.target
exec-once = swaylock exec-once = swaylock

74
users/price/dots/.config/hypr/scripts/#screen-cap.bash# Executable file
View File

@ -0,0 +1,74 @@
#!/usr/bin/env -S nix shell github:nix-community/nixgl#nixGLIntel nixpkgs#bash nixpkgs#wl-screenrec nixpkgs#gifski nixpkgs#inotify-tools nixpkgs#libnotify nixpkgs#mktemp nixpkgs#slurp nixpkgs#slurp --command bash
# Dependencies:
# - wl-screenrec: https://github.com/russelltg/wl-screenrec
# - notification daemon: https://archlinux.org/packages/?name=notification-daemon
# - wl-clipboard: https://github.com/bugaevc/wl-clipboard
# - gifski: https://github.com/sindresorhus/Gifski
#
# Gifski is necessary because `wl-screenrec` doesn't support gifs
# set -euoE pipefail
mk-screen-cap() {
local program_name="Screen Capture"
local pid_file="/tmp/mk-gif-pid"
local output_type="${1:-webm}"
if [[ -f "$pid_file" ]]; then
printf "Ending screen capture\n"
notify-send "Saving ${program_name}" "This May Take a Minute" -a "$program_name"
if ! kill -SIGINT "$(cat "$pid_file")"; then
notify-send "Failed ${program_name}" "Failed to Save Screen Capture" -u "critical" -a "$program_name"
printf "Failed to save screen capture!\n"
rm -rf "$pid_file"
exit 1
fi
else
printf -- "Beginning recording\n"
local tmp_file
notify-send "Starting ${program_name}" "Recording ${output_type^^} of Selected Region" -a "$program_name"
local tmp_diruullllllllllllllllllllllllllllllllllllllllllhhhhhjkklh
tmp_dir="$(mktemp -d)"
local file_extension="$output_type"
if [[ "$output_type" == "gif" ]]; then
file_extension="webm"
fi
local tmp_file
tmp_file="$(mktemp --tmpdir="$tmp_dir" recording.XXXXXXXXXXX).${file_extension}"
printf "Working temp file: '%s'\n" "$tmp_file"
local geometry
geometry="$(slurp)"
nixGLIntel wl-screenrec --filename "$tmp_file" --geometry "$geometry" &
local pid="${!}"
printf "%s" "$pid" >"$pid_file"
printf "Putting pid: '%d' into pid file: '%s'\n" "$pid" "$pid_file"
wait -n "$pid"
if [[ "$output_type" == "gif" ]]; then
printf "Converting recording to gif...\n"
local gifski_tmpout
gifski_tmpout="${tmp_dir}/$(mktemp --"$tmp_dir" gifski.XXXXXXXXXXX).gif"
gifski --output "$gifski_tmpout" "$tmp_file"
mv "$gifski_tmpout" "$tmp_file"
fi
local save_path
save_path="${HOME}/Videos/Screen-Recordings"
mkdir -p "$save_path"
save_path="${save_path}/$(date --iso-8601="seconds").${output_type}"
printf "Recording ended, saving to: '%s'\n" "$save_path"
mv "$tmp_file" "$save_path"
printf "Copying recording to clipboard\n"
local mimetype
mimetype="$(file -b --mime-type "$save_path")"
wl-copy --type="$mimetype" <"$save_path"
rm -f "$pid_file"
notify-send "Saved ${program_name}" "Successfully Saved Screen Capture to Clipboard" -a "$program_name"
printf "Finished Recording, exiting...\n"
fi
}
mk-screen-cap "${@}"

0
dots/.config/hypr/scripts/disable-laptop-screen.bash → users/price/dots/.config/hypr/scripts/disable-laptop-screen.bash
View File

0
dots/.config/hypr/scripts/focus-workspace-mon.bash → users/price/dots/.config/hypr/scripts/focus-workspace-mon.bash
View File

0
dots/.config/hypr/scripts/launchers/events-monitor.bash → users/price/dots/.config/hypr/scripts/launchers/events-monitor.bash
View File

0
dots/.config/hypr/scripts/launchers/launch-desktop-portal.bash → users/price/dots/.config/hypr/scripts/launchers/launch-desktop-portal.bash
View File

0
dots/.config/hypr/scripts/launchers/launch-kbct.bash → users/price/dots/.config/hypr/scripts/launchers/launch-kbct.bash
View File

0
dots/.config/hypr/scripts/launchers/launch-swww.bash → users/price/dots/.config/hypr/scripts/launchers/launch-swww.bash
View File

0
dots/.config/hypr/scripts/launchers/launch-waybar.bash → users/price/dots/.config/hypr/scripts/launchers/launch-waybar.bash
View File

2
dots/.config/hypr/scripts/move-workspace-mon.bash → users/price/dots/.config/hypr/scripts/move-workspace-mon.bash
View File

@ -10,7 +10,7 @@ main() {
hyprctl dispatch movetoworkspacesilent "${workspace_id}" hyprctl dispatch movetoworkspacesilent "${workspace_id}"
hyprctl dispatch movecurrentworkspacetomonitor "${focused_monitor}" hyprctl dispatch movecurrentworkspacetomonitor "${focused_monitor}"
if (( should_change_focus == 1 )); then if ((should_change_focus == 1)); then
hyprctl dispatch workspace "${workspace_id}" hyprctl dispatch workspace "${workspace_id}"
fi fi
} }

74
users/price/dots/.config/hypr/scripts/screen-cap.bash Executable file
View File

@ -0,0 +1,74 @@
#!/usr/bin/env -S nix shell github:nix-community/nixgl#nixGLIntel nixpkgs#bash nixpkgs#wl-screenrec nixpkgs#gifski nixpkgs#inotify-tools nixpkgs#libnotify nixpkgs#mktemp nixpkgs#slurp nixpkgs#slurp --command bash
# Dependencies:
# - wl-screenrec: https://github.com/russelltg/wl-screenrec
# - notification daemon: https://archlinux.org/packages/?name=notification-daemon
# - wl-clipboard: https://github.com/bugaevc/wl-clipboard
# - gifski: https://github.com/sindresorhus/Gifski
#
# Gifski is necessary because `wl-screenrec` doesn't support gifs
# set -euoE pipefail
mk-screen-cap() {
local program_name="Screen Capture"
local pid_file="/tmp/mk-gif-pid"
local output_type="${1:-webm}"
if [[ -f "$pid_file" ]]; then
printf "Ending screen capture\n"
notify-send "Saving ${program_name}" "This May Take a Minute" -a "$program_name"
if ! kill -SIGINT "$(cat "$pid_file")"; then
notify-send "Failed ${program_name}" "Failed to Save Screen Capture" -u "critical" -a "$program_name"
printf "Failed to save screen capture!\n"
rm -rf "$pid_file"
exit 1
fi
else
printf -- "Beginning recording\n"
local tmp_file
notify-send "Starting ${program_name}" "Recording ${output_type^^} of Selected Region" -a "$program_name"
local tmp_dir
tmp_dir="$(mktemp -d)"
local file_extension="$output_type"
if [[ "$output_type" == "gif" ]]; then
file_extension="webm"
fi
local tmp_file
tmp_file="$(mktemp --tmpdir="$tmp_dir" recording.XXXXXXXXXXX).${file_extension}"
printf "Working temp file: '%s'\n" "$tmp_file"
local geometry
geometry="$(slurp)"
nixGLIntel wl-screenrec --filename "$tmp_file" --geometry "$geometry" &
local pid="${!}"
printf "%s" "$pid" >"$pid_file"
printf "Putting pid: '%d' into pid file: '%s'\n" "$pid" "$pid_file"
wait -n "$pid"
if [[ "$output_type" == "gif" ]]; then
printf "Converting recording to gif...\n"
local gifski_tmpout
gifski_tmpout="${tmp_dir}/$(mktemp --"$tmp_dir" gifski.XXXXXXXXXXX).gif"
gifski --output "$gifski_tmpout" "$tmp_file"
mv "$gifski_tmpout" "$tmp_file"
fi
local save_path
save_path="${HOME}/Videos/Screen-Recordings"
mkdir -p "$save_path"
save_path="${save_path}/$(date --iso-8601="seconds").${output_type}"
printf "Recording ended, saving to: '%s'\n" "$save_path"
mv "$tmp_file" "$save_path"
printf "Copying recording to clipboard\n"
local mimetype
mimetype="$(file -b --mime-type "$save_path")"
wl-copy --type="$mimetype" <"$save_path"
rm -f "$pid_file"
notify-send "Saved ${program_name}" "Successfully Saved Screen Capture to Clipboard" -a "$program_name"
printf "Finished Recording, exiting...\n"
fi
}
mk-screen-cap "${@}"

Some files were not shown because too many files have changed in this diff Show More