diff --git a/common/_containers/forgejo.nix b/common/_containers/forgejo.nix index 0cb91a5..92793a9 100644 --- a/common/_containers/forgejo.nix +++ b/common/_containers/forgejo.nix @@ -7,6 +7,7 @@ let name = "forgejo"; hostDataDir = "/var/lib/${name}"; + hostAddress = "10.0.0.1"; containerAddress = "10.0.0.2"; hostAddress6 = "fc00::1"; diff --git a/common/_containers/librechat.nix b/common/_containers/librechat.nix index ca3d470..e20314f 100644 --- a/common/_containers/librechat.nix +++ b/common/_containers/librechat.nix @@ -65,8 +65,6 @@ in MEILI_MASTER_KEY = "ringofstormsLibreChat"; RAG_PORT = toString cfg.ragPort; RAG_API_URL = "http://librechat_rag_api:${toString cfg.ragPort}"; - # DEBUG_CONSOLE = "true"; - # DEBUG_LOGGING = "true"; }; environmentFiles = [ "${cfg.dataDir}/.env" ]; volumes = [ @@ -129,7 +127,6 @@ in environment = { DB_HOST = "librechat_vectordb"; RAG_PORT = toString cfg.ragPort; - OPENAI_API_KEY = "not_using_openai"; }; dependsOn = [ "librechat_vectordb" ]; environmentFiles = [ "${cfg.dataDir}/.env" ]; diff --git a/common/_home_manager/mods/ssh.nix b/common/_home_manager/mods/ssh.nix index d324115..4100945 100644 --- a/common/_home_manager/mods/ssh.nix +++ b/common/_home_manager/mods/ssh.nix @@ -1,6 +1,16 @@ -{ osConfig, ... }: +{ + osConfig, + lib, + ... +}: let inherit (osConfig) age; + hasSecret = + secret: + let + secrets = age.secrets or { }; + in + secrets ? ${secret} && secrets.${secret} != null; in { # TODO can I put all IP's in the flake.nix top level settings and pull them in here instead? @@ -12,43 +22,43 @@ in ''; matchBlocks = { # EXTERNAL - "github.com" = { + "github.com" = lib.mkIf (hasSecret "nix2github") { identityFile = age.secrets.nix2github.path; }; - "bitbucket.org" = { + "bitbucket.org" = lib.mkIf (hasSecret "nix2bitbucket") { identityFile = age.secrets.nix2bitbucket.path; }; - # "git.joshuabell.xyz" = { + # "git.joshuabell.xyz" = lib.mkIf (hasSecret "nix2gitjosh") { # TODO remove old # identityFile = age.secrets.nix2gitjosh.path; # user = "git"; # }; - "git.joshuabell.xyz" = { + "git.joshuabell.xyz" = lib.mkIf (hasSecret "nix2gitforgejo") { identityFile = age.secrets.nix2gitforgejo.path; user = "git"; }; # PERSONAL DEVICES - "lio" = { + "lio" = lib.mkIf (hasSecret "nix2lio") { identityFile = age.secrets.nix2lio.path; user = "josh"; }; - "lio_" = { + "lio_" = lib.mkIf (hasSecret "nix2lio") { identityFile = age.secrets.nix2lio.path; hostname = "10.12.14.116"; user = "josh"; }; - "oren" = { + "oren" = lib.mkIf (hasSecret "nix2oren") { identityFile = age.secrets.nix2oren.path; user = "josh"; }; - "joe" = { + "joe" = lib.mkIf (hasSecret "nix2joe") { identityFile = age.secrets.nix2joe.path; user = "ringo"; }; - "gp3" = { + "gp3" = lib.mkIf (hasSecret "nix2gpdPocket3") { identityFile = age.secrets.nix2gpdPocket3.path; user = "josh"; }; - "t" = { + "t" = lib.mkIf (hasSecret "nix2t") { identityFile = age.secrets.nix2t.path; user = "joshua.bell"; localForwards = [ @@ -67,7 +77,7 @@ in TERM = "vt100"; }; }; - "t_" = { + "t_" = lib.mkIf (hasSecret "nix2t") { identityFile = age.secrets.nix2t.path; hostname = "10.12.14.103"; user = "joshua.bell"; @@ -75,72 +85,72 @@ in TERM = "vt100"; }; }; - "mbptv" = { + "mbptv" = lib.mkIf (hasSecret "nix2gpdPocket3") { identityFile = age.secrets.nix2gpdPocket3.path; user = "waka"; setEnv = { TERM = "vt100"; }; }; - "mbptv_" = { + "mbptv_" = lib.mkIf (hasSecret "nix2gpdPocket3") { identityFile = age.secrets.nix2gpdPocket3.path; - hostname = "10.12.14.101"; + hostname = "10.12.14.30"; user = "waka"; setEnv = { TERM = "vt100"; }; }; - "nothing1" = { + "nothing1" = lib.mkIf (hasSecret "nix2gpdPocket3") { identityFile = age.secrets.nix2gpdPocket3.path; user = "TODO"; }; - "tab1" = { + "tab1" = lib.mkIf (hasSecret "nix2gpdPocket3") { identityFile = age.secrets.nix2gpdPocket3.path; user = "TODO"; }; - "pixel6" = { + "pixel6" = lib.mkIf (hasSecret "nix2gpdPocket3") { identityFile = age.secrets.nix2gpdPocket3.path; user = "TODO"; }; # HOME SERVERS - "h001" = { + "h001" = lib.mkIf (hasSecret "nix2h001") { identityFile = age.secrets.nix2h001.path; user = "luser"; }; - "h001_" = { + "h001_" = lib.mkIf (hasSecret "nix2h001") { identityFile = age.secrets.nix2h001.path; - hostname = "10.12.14.2"; + hostname = "10.12.14.10"; user = "luser"; }; - "h002" = { + "h002" = lib.mkIf (hasSecret "nix2h002") { identityFile = age.secrets.nix2h002.path; user = "luser"; }; - "h003" = { + "h003" = lib.mkIf (hasSecret "nix2h003") { identityFile = age.secrets.nix2h003.path; user = "luser"; }; # LINODE SERVERS - "l001" = { + "l001" = lib.mkIf (hasSecret "nix2linode") { identityFile = age.secrets.nix2linode.path; hostname = "172.236.111.33"; # Not on the tailscale network it is the primary host user = "root"; }; - "l002_" = { + "l002_" = lib.mkIf (hasSecret "nix2linode") { identityFile = age.secrets.nix2linode.path; hostname = "172.234.26.141"; user = "root"; }; - "l002" = { + "l002" = lib.mkIf (hasSecret "nix2linode") { identityFile = age.secrets.nix2linode.path; user = "root"; }; # ORACLE SERVERS - "o001" = { + "o001" = lib.mkIf (hasSecret "nix2oracle") { identityFile = age.secrets.nix2oracle.path; user = "root"; }; - "o001_" = { + "o001_" = lib.mkIf (hasSecret "nix2oracle") { identityFile = age.secrets.nix2oracle.path; hostname = "64.181.210.7"; user = "root"; diff --git a/common/_services/forejo.nix b/common/_services/forejo.nix new file mode 100644 index 0000000..e69de29 diff --git a/common/_services/librechat.nix b/common/_services/librechat.nix new file mode 100644 index 0000000..e69de29 diff --git a/common/desktop_environment/default.nix b/common/desktop_environment/default.nix index beba99b..48d1212 100644 --- a/common/desktop_environment/default.nix +++ b/common/desktop_environment/default.nix @@ -6,6 +6,7 @@ in { imports = [ ./gnome + ./hyprland ]; config = { assertions = [ @@ -16,6 +17,10 @@ in name = "gnome"; enabled = cfg.gnome.enable; } + { + name = "hyprland"; + enabled = cfg.hyprland.enable; + } ]; in { diff --git a/common/desktop_environment/hyprland/default.nix b/common/desktop_environment/hyprland/default.nix new file mode 100644 index 0000000..e130991 --- /dev/null +++ b/common/desktop_environment/hyprland/default.nix @@ -0,0 +1,87 @@ +{ + config, + lib, + pkgs, + ... +}: +let + ccfg = import ../../config.nix; + cfg_path = [ + ccfg.custom_config_key + "desktopEnvironment" + "hyprland" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path config; +in +with lib; +{ + options = + { } + // lib.attrsets.setAttrByPath cfg_path { + enable = lib.mkEnableOption "hyprland desktop environment"; + terminalCommand = mkOption { + type = lib.types.str; + default = "kitty"; + description = "The terminal command to use."; + }; + extraOptions = mkOption { + type = lib.types.attrs; + default = { }; + description = "Extra options for Hyprland configuration."; + }; + }; + + config = lib.mkIf cfg.enable { + # Enable for all users + home-manager = { + sharedModules = [ + ./home_manager + ]; + }; + + # Display Manager + services = { + displayManager = { + sddm = { + enable = true; + wayland.enable = true; + }; + }; + }; + + # Caps Lock as Escape for console/tty + console.useXkbConfig = true; + services.xserver.xkb = { + layout = "us"; + options = "caps:escape"; + }; + hardware.graphics.enable = true; + + environment.systemPackages = with pkgs; [ + wl-clipboard + wl-clip-persist + wofi + nemo + feh + ]; + + programs.hyprland = { + enable = true; + xwayland.enable = true; + withUWSM = true; + }; + + # Environment variables + environment.sessionVariables = { + NIXOS_OZONE_WL = "1"; + GTK_THEME = "Adwaita:dark"; + }; + + # Qt theming + qt = { + enable = true; + platformTheme = "gtk2"; + style = "adwaita-dark"; + }; + }; +} diff --git a/common/desktop_environment/hyprland/home_manager/default.nix b/common/desktop_environment/hyprland/home_manager/default.nix new file mode 100644 index 0000000..f22b944 --- /dev/null +++ b/common/desktop_environment/hyprland/home_manager/default.nix @@ -0,0 +1,13 @@ +{ ... }: +{ + imports = [ + ./theme.nix + ./hyprland.nix + ./hyprpanel.nix + ./hyprpolkitagent.nix + # ./quickshell.nix # TODO replace hyprpanel with custom quickshell... + ./wofi.nix + # ./swaync.nix # notifications, hyprpanel has notifications but I want to replace hyprpanel sometime so keeping this here as reference + ./swaylock.nix + ]; +} diff --git a/common/desktop_environment/hyprland/home_manager/hyprland.nix b/common/desktop_environment/hyprland/home_manager/hyprland.nix new file mode 100644 index 0000000..30f33d4 --- /dev/null +++ b/common/desktop_environment/hyprland/home_manager/hyprland.nix @@ -0,0 +1,154 @@ +{ + osConfig, + lib, + pkgs, + ... +}: +let + ccfg = import ../../../config.nix; + cfg_path = [ + ccfg.custom_config_key + "desktopEnvironment" + "hyprland" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path osConfig; +in +{ + wayland.windowManager.hyprland = { + enable = true; + # set the Hyprland and XDPH packages to null to use the ones from the NixOS module + package = null; + portalPackage = null; + + plugins = with pkgs.hyprlandPlugins; [ + hyprspace + ]; + + settings = lib.attrsets.recursiveUpdate { + # exec-once = [ + # "waybar" + # ]; + + # Default monitor configuration + monitor = "monitor = , preferred, auto, 1"; + + # Add window rules for hyprpanel stability + windowrulev2 = [ + "stayfocused, class:^(hyprpanel)$" + "pin, class:^(hyprpanel)$" + ]; + + # Input configuration + input = { + kb_layout = "us"; + kb_options = "caps:escape"; + + follow_mouse = 2; + touchpad = { + natural_scroll = true; + disable_while_typing = true; + }; + }; + + # General settings + general = { + gaps_in = 2; + gaps_out = 4; + border_size = 1; + "col.active_border" = "rgba(797979aa)"; + "col.inactive_border" = "rgba(393939aa)"; + layout = "dwindle"; + }; + + # Decoration + decoration = { + rounding = 4; + blur.enabled = false; + }; + + # Animations + animations = { + enabled = false; + }; + + # Layout + dwindle = { + pseudotile = true; + preserve_split = true; + }; + + # Misc + misc = { + force_default_wallpaper = 0; + disable_hyprland_logo = true; + disable_splash_rendering = true; + }; + + # Key bindings + "$mainMod" = "SUPER"; + + bind = [ + # Applications + "$mainMod, Return, exec, ${cfg.terminalCommand}" + "$mainMod, Space, exec, pkill wofi || wofi --show drun" + "$mainMod, q, killactive" + "$mainMod SHIFT, q, exec, swaylock" + "$mainMod, f, togglefloating" + "$mainMod, g, pseudo" + "$mainMod, t, togglesplit" + + # Move focus with mainMod + hjkl + "$mainMod, h, movefocus, l" + "$mainMod, l, movefocus, r" + "$mainMod, k, movefocus, u" + "$mainMod, j, movefocus, d" + + # Switch workspaces with mainMod + [0-9] + "$mainMod, 1, workspace, 1" + "$mainMod, 2, workspace, 2" + "$mainMod, 3, workspace, 3" + "$mainMod, 4, workspace, 4" + "$mainMod, 5, workspace, 5" + "$mainMod, 6, workspace, 6" + "$mainMod, 7, workspace, 7" + "$mainMod, 8, workspace, 8" + "$mainMod, 9, workspace, 9" + "$mainMod, 0, workspace, 10" + + # Window management (similar to your GNOME setup) + "$mainMod SHIFT, h, movewindow, l" + "$mainMod SHIFT, l, movewindow, r" + "$mainMod SHIFT, k, movewindow, u" + "$mainMod SHIFT, j, movewindow, d" + "$mainMod SHIFT, n, movetoworkspace, m+1" + "$mainMod SHIFT, p, movetoworkspace, m-1" + + # Screenshots + ", Print, exec, grimblast copy area" + ]; + + bindr = [ + # overview + "$mainMod, SUPER_L, overview:toggle" + ]; + + binde = [ + # Move between workspaces + "$mainMod, n, workspace, r+1" + "$mainMod, p, workspace, r-1" + + # Resize windows + "$mainMod CTRL, h, resizeactive, -40 0" + "$mainMod CTRL, l, resizeactive, 40 0" + "$mainMod CTRL, k, resizeactive, 0 -20" + "$mainMod CTRL, j, resizeactive, 0 20" + ]; + + # Mouse bindings + bindm = [ + "$mainMod, mouse:272, movewindow" + "$mainMod, mouse:273, resizewindow" + ]; + } cfg.extraOptions; + }; +} diff --git a/common/desktop_environment/hyprland/home_manager/hyprpanel.nix b/common/desktop_environment/hyprland/home_manager/hyprpanel.nix new file mode 100644 index 0000000..7f4b66d --- /dev/null +++ b/common/desktop_environment/hyprland/home_manager/hyprpanel.nix @@ -0,0 +1,159 @@ +{ + pkgs, + lib, + ... +}: +{ + home.packages = with pkgs; [ + # aylurs-gtk-shell-git + wireplumber + libgtop + bluez + bluez-tools + networkmanager + dart-sass + wl-clipboard + upower + gvfs + gtksourceview3 + libchamplain_libsoup3 # libsoup3 + ## Used for Tracking GPU Usage in your Dashboard (NVidia only) + # python + # python-gpustat + ## To control screen/keyboard brightness + brightnessctl + ## Only if a pywal hook from wallpaper changes applied through settings is desired + # pywal + ## To check for pacman updates in the default script used in the updates module + # pacman-contrib + ## To switch between power profiles in the battery module + power-profiles-daemon + ## To take snapshots with the default snapshot shortcut in the dashboard + grimblast + ## To record screen through the dashboard record shortcut + wf-recorder + ## To enable the eyedropper color picker with the default snapshot shortcut in the dashboard + hyprpicker + ## To enable hyprland's very own blue light filter + hyprsunset + ## To click resource/stat bars in the dashboard and open btop + btop + ## To enable matugen based color theming + # matugen + ## To enable matugen based color theming and setting wallpapers + # swww + ]; + + # uncomment this to make it possible to use the normal config agent using + # > hyprpanel toggleWindow settings-dialog + # xdg.configFile.hyprpanel.target = lib.mkForce "hyprpanel/config.generated.json"; + + programs.hyprpanel = { + enable = true; + settings = { + bar.layouts = { + "DP-1" = { + left = [ + # "dashboard" + "workspaces" + "media" + "volume" + ]; + + middle = [ + "notifications" + "clock" + "cputemp" + "cpu" + "ram" + "storage" + ]; + + right = [ + "netstat" + "network" + "bluetooth" + # "battery" + # "updates" + "kbinput" + "power" + ]; + }; + "*" = { + left = [ + "workspaces" + ]; + middle = [ + "clock" + ]; + right = [ + "systray" + "cava" + ]; + }; + }; + bar.workspaces = { + # workspaces = 10; + show_icons = false; + show_numbered = false; + showWsIcons = true; + showApplicationIcons = false; + workspaceMask = true; + numbered_active_indicator = "highlight"; + workspaceIconMap = { + "1" = "一"; # "1" いち | ひとつ + "2" = "二"; # "2" に | ふたつ + "3" = "三"; # "3" さん | みっつ + "4" = "四"; # "4" し | よん + "5" = "五"; # "5" ご | いつつ + "6" = "六"; # "6" ろく | むっつ + "7" = "七"; # "7" しち | ななつ + "8" = "八"; # "8" はち | やっつ + "9" = "九"; # "9" きゅう | ここのつ + "10" = "十"; # "10" じゅう | とお + "11" = "十一"; # "11" じゅういち | じゅうひとつ + "12" = "十二"; # "12" じゅうに | じゅうふたつ + "13" = "十三"; # "13" じゅうさん | じゅうみっつ + "14" = "十四"; # "14" じゅうし | じゅうよん + "15" = "十五"; # "15" じゅうご | じゅういつつ + "16" = "十六"; # "16" じゅうろく | じゅうむっつ + "17" = "十七"; # "17" じゅうしち | じゅうななつ + "18" = "十八"; # "18" じゅうはち | じゅうやっつ + "19" = "十九"; # "19" じゅうきゅう | じゅうここのつ + "20" = "二十"; # "20" にじゅう | にじっつ + }; + }; + notifications.ignore = [ "spotify" ]; + customModules = { + cava = { + showActiveOnly = true; + showIcon = false; + icon = ""; + }; + }; + theme = { + matugen = false; + name = "tokyo-night-vivid"; + + font = { + name = "JetBrainsMonoNL Nerd Font Regular"; + size = "12px"; + }; + bar = { + transparent = true; + floating = true; + outer_spacing = "0px"; + margin_bottom = "0px"; + margin_top = "0px"; + margin_sides = "0px"; + }; + + }; + wallpaper = { + enable = false; + image = ""; + }; + + }; + }; +} diff --git a/common/desktop_environment/hyprland/home_manager/hyprpolkitagent.nix b/common/desktop_environment/hyprland/home_manager/hyprpolkitagent.nix new file mode 100644 index 0000000..dc68933 --- /dev/null +++ b/common/desktop_environment/hyprland/home_manager/hyprpolkitagent.nix @@ -0,0 +1,8 @@ +{ + ... +}: +{ + services.hyprpolkitagent = { + enable = true; + }; +} diff --git a/common/desktop_environment/hyprland/home_manager/quickshell.nix b/common/desktop_environment/hyprland/home_manager/quickshell.nix new file mode 100644 index 0000000..8d6f389 --- /dev/null +++ b/common/desktop_environment/hyprland/home_manager/quickshell.nix @@ -0,0 +1,30 @@ +{ + osConfig, + lib, + pkgs, + ... +}: +let + ccfg = import ../../../config.nix; + cfg_path = [ + ccfg.custom_config_key + "desktopEnvironment" + "hyprland" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path osConfig; +in +{ + home.packages = with pkgs; [ + quickshell + + pulseaudio + brightnessctl + networkmanager + bluez + bluez-tools + power-profiles-daemon + upower + systemd + hyprlock + ]; +} diff --git a/common/desktop_environment/hyprland/home_manager/swaylock.nix b/common/desktop_environment/hyprland/home_manager/swaylock.nix new file mode 100644 index 0000000..06ebf13 --- /dev/null +++ b/common/desktop_environment/hyprland/home_manager/swaylock.nix @@ -0,0 +1,17 @@ +{ + ... +}: +{ + programs.swaylock = { + enable = true; + settings = { + color = "#000000"; + indicator-caps-lock = true; + indicator-idle-visible = true; + indicator-radius = 100; + indicator-thickness = 10; + font = "JetBrainsMono Nerd Font Regular"; + font-size = 20; + }; + }; +} diff --git a/common/desktop_environment/hyprland/home_manager/swaync.nix b/common/desktop_environment/hyprland/home_manager/swaync.nix new file mode 100644 index 0000000..9848b4c --- /dev/null +++ b/common/desktop_environment/hyprland/home_manager/swaync.nix @@ -0,0 +1,8 @@ +{ + ... +}: +{ + services.swaync = { + enable = true; + }; +} diff --git a/common/desktop_environment/hyprland/home_manager/template.nix b/common/desktop_environment/hyprland/home_manager/template.nix new file mode 100644 index 0000000..905d5e4 --- /dev/null +++ b/common/desktop_environment/hyprland/home_manager/template.nix @@ -0,0 +1,18 @@ +{ + osConfig, + lib, + pkgs, + ... +}: +let + ccfg = import ../../../config.nix; + cfg_path = [ + ccfg.custom_config_key + "desktopEnvironment" + "hyprland" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path osConfig; +in +{ + +} diff --git a/common/desktop_environment/hyprland/home_manager/theme.nix b/common/desktop_environment/hyprland/home_manager/theme.nix new file mode 100644 index 0000000..c6045d0 --- /dev/null +++ b/common/desktop_environment/hyprland/home_manager/theme.nix @@ -0,0 +1,32 @@ +{ + pkgs, + ... +}: +{ + home.pointerCursor = { + gtk.enable = true; + # x11.enable = true; + package = pkgs.bibata-cursors; + name = "Bibata-Modern-Classic"; + size = 16; + }; + # GTK theming + gtk = { + enable = true; + + theme = { + package = pkgs.flat-remix-gtk; + name = "Flat-Remix-GTK-Grey-Darkest"; + }; + + iconTheme = { + package = pkgs.adwaita-icon-theme; + name = "Adwaita"; + }; + + font = { + name = "Sans"; + size = 11; + }; + }; +} diff --git a/common/desktop_environment/hyprland/home_manager/wofi.nix b/common/desktop_environment/hyprland/home_manager/wofi.nix new file mode 100644 index 0000000..f2df05b --- /dev/null +++ b/common/desktop_environment/hyprland/home_manager/wofi.nix @@ -0,0 +1,26 @@ +{ + ... +}: +{ + programs.wofi = { + enable = true; + settings = { + width = 500; + height = 600; + location = "bottom"; + show = "drun"; + prompt = "..."; + filter_rate = 100; + allow_markup = true; + no_actions = true; + halign = "fill"; + orientation = "vertical"; + content_halign = "fill"; + insensitive = true; + allow_images = true; + image_size = 40; + gtk_dark = true; + }; + }; + +} diff --git a/common/flake.lock b/common/flake.lock index 90a5a9b..c2fa076 100644 --- a/common/flake.lock +++ b/common/flake.lock @@ -153,22 +153,6 @@ "type": "github" } }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1753694789, - "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1741379970, @@ -185,23 +169,6 @@ "type": "github" } }, - "opencode": { - "flake": false, - "locked": { - "lastModified": 1754526276, - "narHash": "sha256-OkkjbytvvUBOcSCjf3zd8NWLaM+I1tUR9IxcRZrdVeM=", - "owner": "sst", - "repo": "opencode", - "rev": "1a561bb5120b1b87a4c477f7cb6c3a0a4ce79114", - "type": "github" - }, - "original": { - "owner": "sst", - "ref": "v0.3.133", - "repo": "opencode", - "type": "github" - } - }, "ragenix": { "inputs": { "agenix": "agenix", @@ -228,8 +195,6 @@ "inputs": { "home-manager": "home-manager", "nix-flatpak": "nix-flatpak", - "nixpkgs-unstable": "nixpkgs-unstable", - "opencode": "opencode", "ragenix": "ragenix" } }, diff --git a/common/flake.nix b/common/flake.nix index 29f6c77..f95574c 100644 --- a/common/flake.nix +++ b/common/flake.nix @@ -4,11 +4,6 @@ home-manager.url = "github:rycee/home-manager/release-25.05"; ragenix.url = "github:yaxitech/ragenix"; nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=latest"; - - # tmp - nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; - opencode.url = "github:sst/opencode/v0.3.133"; - opencode.flake = false; }; outputs = @@ -16,8 +11,6 @@ home-manager, ragenix, nix-flatpak, - opencode, - nixpkgs-unstable, ... }: { @@ -30,27 +23,6 @@ }: { imports = [ - ( - { ... }: - { - nixpkgs.overlays = [ - (final: prev: { - opencode = nixpkgs-unstable.legacyPackages.${prev.system}.opencode.overrideAttrs (old: rec { - version = "0.3.133"; - src = opencode; - node_modules = old.node_modules.overrideAttrs (nmOld: { - outputHash = "sha256-oZa8O0iK5uSJjl6fOdnjqjIuG//ihrj4six3FUdfob8="; - }); - tui = old.tui.overrideAttrs (tuiOld: { - src = src; - modRoot = "packages/tui"; - vendorHash = "sha256-uHb7fAiZ8XNGq9YZ6drNYU1SoKrWMgXpTfudOMvmcHU="; - }); - }); - }) - ]; - } - ) home-manager.nixosModules.home-manager ragenix.nixosModules.age nix-flatpak.nixosModules.nix-flatpak @@ -64,7 +36,6 @@ ./secrets ]; config = { - _module.args = { inherit ragenix; }; diff --git a/common/general/shell/common.nix b/common/general/shell/common.nix index 914ad54..99d414a 100644 --- a/common/general/shell/common.nix +++ b/common/general/shell/common.nix @@ -12,6 +12,7 @@ with lib; nano wget curl + jq fastfetch bat htop @@ -23,6 +24,7 @@ with lib; killall hdparm speedtest-cli + lf ]; environment.shellAliases = { diff --git a/common/programs/default.nix b/common/programs/default.nix index 009e6e8..c56a1ab 100644 --- a/common/programs/default.nix +++ b/common/programs/default.nix @@ -14,7 +14,7 @@ in ./podman.nix ./incus.nix ./flatpaks.nix - ./opencode.nix + ./virt-manager.nix ]; config = { assertions = [ diff --git a/common/programs/opencode.nix b/common/programs/opencode.nix deleted file mode 100644 index 4036410..0000000 --- a/common/programs/opencode.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - ccfg = import ../config.nix; - cfg_path = [ - ccfg.custom_config_key - "programs" - "opencode" - ]; - cfg = lib.attrsets.getAttrFromPath cfg_path config; -in -{ - options = - { } - // lib.attrsets.setAttrByPath cfg_path { - enable = lib.mkEnableOption "opencode"; - }; - - config = lib.mkIf cfg.enable ({ - - - environment.systemPackages = with pkgs; [ - opencode - ]; - - environment.shellAliases = { - "oc" = "all_proxy='' http_proxy='' https_proxy='' opencode"; - }; - }); -} diff --git a/common/programs/virt-manager.nix b/common/programs/virt-manager.nix new file mode 100644 index 0000000..fb837b1 --- /dev/null +++ b/common/programs/virt-manager.nix @@ -0,0 +1,42 @@ +{ + config, + lib, + ... +}: +let + ccfg = import ../config.nix; + cfg_path = [ + ccfg.custom_config_key + "programs" + "virt-manager" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path config; + users_cfg = config.${ccfg.custom_config_key}.users; +in +{ + options = + { } + // lib.attrsets.setAttrByPath cfg_path { + enable = lib.mkEnableOption "Enable virt manager/quemu"; + users = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = builtins.attrNames users_cfg; + description = "Users to configure for virt-manager."; + }; + }; + + config = lib.mkIf cfg.enable { + services.qemuGuest.enable = true; + services.spice-vdagentd.enable = true; + programs.virt-manager = { + enable = true; + }; + + virtualisation = { + libvirtd.enable = true; + spiceUSBRedirection.enable = true; + }; + + users.groups.libvirtd.members = cfg.users; + }; +} diff --git a/common/secrets/default.nix b/common/secrets/default.nix index 07f26bc..bf2bfd0 100644 --- a/common/secrets/default.nix +++ b/common/secrets/default.nix @@ -54,6 +54,10 @@ in file = ./secrets/nix2gitforgejo.age; owner = users_cfg.primary; }; + nix2nix = { + file = ./secrets/nix2nix.age; + owner = users_cfg.primary; + }; nix2h001 = { file = ./secrets/nix2h001.age; owner = users_cfg.primary; @@ -114,6 +118,16 @@ in file = ./secrets/us_chi_wg.age; owner = users_cfg.primary; }; + # zitadel_master_key = { + # file = ./secrets/zitadel_master_key.age; + # owner = users_cfg.primary; + # mode = "444"; # World readable! + # }; + # vaultwarden_env = { + # file = ./secrets/vaultwarden_env.age; + # owner = users_cfg.primary; + # mode = "444"; # World readable! + # }; }; }; }; diff --git a/common/secrets/secrets/nix2nix.age b/common/secrets/secrets/nix2nix.age new file mode 100644 index 0000000..4877bbb --- /dev/null +++ b/common/secrets/secrets/nix2nix.age @@ -0,0 +1,51 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBiSHRC +QUVCMnBYdDJXUjgweVNiQ1loTlkxMWxjV3haODdWeFFOOXVrb0NrCkVZRzZYZVNR +RkRBTlRtOFhLZUkxRnM0UmR6S3hzdTcvUGwvV083RU5Hc1UKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIG1HWmhGSG9ZQmNoWEZvWDBta3V0L1I0cTE3c1orMlp3ZTI0OW5F +TDBaeUkKSWFjSlQrdGtnVlVzNWp3VHBhcm05QTNKZUZrK0g5RWRJY1ROWHYrUWpY +TQotPiBzc2gtZWQyNTUxOSBTcENqQlEgR09DZnpLcW04TkpDa1crTHg4RG1FdmJh +T2V2VGJhWC94cm9IbWY3bmtrWQpmSGMrRHdreDNXOUlZRXdUQ3IzU3dMOVU4c2hH +YlpTMHdBZkxKcWJrMjBRCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBaZ0RPdUhTV29y +QXN5N04vU2gwc0VEdzUyNDdBMU55VHZmK2Fjc0N1bTFvClRDY0hoRDRsd3ZSSlVr +RlJHR2VHbGxZYlRKK0hkV2lYWXFMUEM2UzZYUW8KLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIFBqUlZoWW9oMWtoM00yU2oybzNuTXFvYXJjS3I0MHpFN3owUWZtQWdrRWcK +S0RGOU9jUFJxY0ZmWFJmaU9GaFNjNjhSZk84MFRmcE12SjliSmpEMWpFcwotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgZ3A0NUtnS0JMN1dINStSOUlNSitxWWZRaEk1Qld0 +aXp1V3Z3dVM1TUcxcwo1cENLMTNiSlJkeHNNamQyMGFvQ3FWNHBJYVVNSzhVdE9P +MkZVWnJmeWI4Ci0+IHNzaC1lZDI1NTE5IFJvWDVQUSBObzFBR1pKbTdpVlIvMWpa +bWlxd2Uwb01KYkZtMmhXRmZCRlgySW82bERNCk9kaDlRV0JxRDRvdTlxWU1xM1hF +YUtnL2lKQTQ5T0dFdEEvT2hTaXdmbVEKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIC8w +d1hwSEw0Rkg1RE10Nm9oUlk5a1hKS1dJdGNyTHV3anhtcU9Ob0EwWG8KNXNHeWxp +Q296SjRsR1lSQmpDU1JCbngrVWQ1M2NNOGhLdkQ5REQ5dkFiUQotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgM1FWOGVtdzVERTl1dXpzYndmbGd2c0w0a1phczlaZy9wSzZw +Z20wZFpXTQp2azFzbkVDeWR3eFFhZTloRFlhK3c1Z01vaXdGYkVBNit0QWErRVNL +MWdRCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBmMG0wRHJDVzJBU1ZoRFRzdlRvOWZi +TDM0VWpKcUY4V3EyTzlBbWZlOWlZCmI3VHlqYitMODE1LzUvWkhoODl1WVVCM3hl +YWg2WWFlUUhkQ0lvbXovVTQKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIHJON3RGNDYy +Sk82TnNwUHhOYVE0WGoxTFdIUXAwSlROMkl6YWVEYk5tMkUKd3M3VzA4dWVoVVZH +VW9zcHd5cEtadUJMWTJacFhkcUkwNDcyT2xHNUxBOAotPiBzc2gtZWQyNTUxOSBw +ZUZCUWcgbGdIakg4b1JzMkgybmpScFE4bmFreTF6ck9aM0hXbm1nYXl1V09CUVBq +OApLaGJHdEpjUEdjNVJEQXZvOUVxcllEckxmWVdCVkJPeXFDVnQ1cFI3cEE0Ci0+ +IHNzaC1lZDI1NTE5IDl2LzJIQSB0NXNaZEtyQk1SMm93b2t6OGp1OHRUWXZwdWpa +Z21sVlJ0QmM3bW55MUdnCnZCRlVCdWRqN0hIVHRIWVBIYUdvTGYzWUxpRHY4WVZ6 +MFlXcUk5anlrMGcKLT4gc3NoLWVkMjU1MTkga0hrMmdBIG5TTllCeWJtUkpTbVpQ +NzF4S1lIWk41aHR1Skw3ZDJxSnBhZ2NHNTdra1kKRW8yeit2SDA2S2xCU1pueHlY +NXo5WVIxaDBiS3dFMURkbnBQM3M5V09hQQotPiBzc2gtZWQyNTUxOSBJb3NBQlEg +K1pUM1pkWDIrd3djSThuNVFrTlBQQ2pOa0ZIRHRLZERnV2xkRitWNXBHNAozZjZs +MXhvUWM0elJkdEw3MlcvU2xBUXU5VThMVFB5NUZmTnhsVDBncVBBCi0+IHFjeUMt +Z3JlYXNlIGU3KmRuajM7IDZWCjJ0TWVnSmZRYy9aK3RSNWludGI4emdrSU9KV1dw +OUtYK3NUZldNcFZid2ZZMzRPZlFKRCtZbitPZ3hMV3FZaDAKdjJjeEVWUjc4Q1pk +L2tuSUZ0cVFDQ1YzOWxHdWVoT1hZQ2IyNW5XMEJ1UmJDckdTTzY2TnZmNGIwRy9H +S3JWbQoKLS0tIHVNQTFWNkhLMlVMMCtPU1plSVVBQ0FtZGlKNktSbXJKMjlsaVJx +L2RkNmMKL4QzBzzSOYmRx+8QC3YrvNX3hbfvPPP5gp2kfFK0clqTId3/UZu4qkOt +jUlhRTRWqv+ggJAHjyBCIPQP3BgHb6EDH0B2+ZaE/fXepvIaPnvInIoc+W7Dr8wA +JqgeDOtBWwuKKonGvPcATT3URZ8i5oGGHbyYGyQmeDjw7XdOQU78n8/sgm9bvOPK +woEE1G5tBvOXPWZXxgIlb01J/1LxLhmk7mmB5hyGgzG1kXyDHxcNmSytWNLe/6ly +v9mZSXAT97PPLJJcdwzd57tDav7yXXiNq8Wg5jxZR+YtyhmDX5BHcw/0nJr6CU0R +8bAsraBf1+zUoGYG0XKnqSCCb0Ky8rZYtG+KlN/aFRJ4T2RgLVIzncRvzL3evOa1 +52POfhB26YyMdV2kQ82V5UJXEFHkjdjwixp7n5jxg3MKxZlCumyPCuUe11W9tRtV +UQPNxdhgOH8GZAm8m6JxECtJ3Xx3XpGG5nZSLPCDoIQnetqShb1vyc06AQKMdUnP +FBXj0edHQE1DRQoVtcSq1+1v7CmLb4iR7yFGgbiuuRzyn2I2YNX6jxsn+u8z/roD +jvGrIE8= +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/secrets.nix b/common/secrets/secrets/secrets.nix index 2233940..b68e6f3 100644 --- a/common/secrets/secrets/secrets.nix +++ b/common/secrets/secrets/secrets.nix @@ -7,23 +7,50 @@ # `nix run github:yaxitech/ragenix -- -i ~/.ssh/ragenix_authority --rules ~/.config/nixos-config/common/secrets/secrets.nix` <-r(eykey)|-e(edit) > let - publicKeys = [ + authorityKey = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBdG4tG18VeuEr/g4GM7HWUzHuUVcR9k6oS3TPBs4JRF ragenix authority key" + ]; + + gpdPocket3 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzAQ2Dzl8EvQtYLjEZS5K0bQeNop8QRkwrfxMkBagW2 root@gpdPocket3" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIr/aS0qyn5hCLR6wH1P2GhH3hGOqniewMkIseGZ23HB josh@gpdPocket3" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG4PwrrOuZJWRjlc2dKBUKKE4ybqifJeVOn7x9J5IxIS josh@joe" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP+GYfPPKxR/18RdD736G7IQhImX/CYU3A+Gifud3CHg root@joe" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB9GW9W3DT9AqTonG5rDta3ziZdYOEEdukh2ErJfHxoP root@h002" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC60tzOVF0mcyfnYK2V/omzikuyE8Ol0K+yAjGxBV7q4 luser@h002" + ]; + + lio = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFGp6oInUcGVnDl5axV1EHflMfZUiHxtqNa4eAuye/av root@lio" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKxNhtJNx/y4W54kAGmm2pF80l437z1RLWl/GTVKy0Pd josh@lio" + ]; + + joe = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG4PwrrOuZJWRjlc2dKBUKKE4ybqifJeVOn7x9J5IxIS josh@joe" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP+GYfPPKxR/18RdD736G7IQhImX/CYU3A+Gifud3CHg root@joe" + ]; + + oren = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7bNX7R9ApoX/cHdXIhQdpA2sHrC9ii6VAulboAIJM2 root@oren" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICauUtSa71+oQAiLxp3GMMbmNXcbr9Mc7eK8b/lqZbbS josh@oren" + ]; + + h001 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGTAz6n35c3r8kSuWJM1JzMVx6jK+0EBwpJA5eTIvy3N root@h001" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICRHer3NrJiklp4oDNRCzDxc9fXpXn5rPAXGFce8ugy2 luser@h001" + ]; + + h002 = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB9GW9W3DT9AqTonG5rDta3ziZdYOEEdukh2ErJfHxoP root@h002" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC60tzOVF0mcyfnYK2V/omzikuyE8Ol0K+yAjGxBV7q4 luser@h002" + ]; + + h003 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHsV5r9sWYgrr9t9p12Epzm6WtxN/XsKSCb46+ODQvVT root@h003" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILQLt2Hc+CN6+e7/sf3Fv0FQlp6+yrIbIJ/J9AdnJCjI luser@h003" ]; + + trustedKeys = authorityKey ++ gpdPocket3 ++ lio ++ joe ++ oren ++ h001 ++ h002 ++ h003; + + o001 = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFrwvahx1x4rue28QHCzyADQndOeTESIv80f7d00NXWT" # root + ]; in { ## To make a new secret: @@ -35,64 +62,73 @@ in # Git keys "nix2github.age" = { - inherit publicKeys; + publicKeys = trustedKeys; }; "nix2bitbucket.age" = { - inherit publicKeys; + publicKeys = trustedKeys; }; "nix2gitforgejo.age" = { - inherit publicKeys; + publicKeys = trustedKeys; }; "nix2gitjosh.age" = { - inherit publicKeys; + publicKeys = trustedKeys; + }; + "nix2nix.age" = { + publicKeys = trustedKeys; }; # Server keys "nix2h001.age" = { - inherit publicKeys; + publicKeys = trustedKeys; }; "nix2h002.age" = { - inherit publicKeys; + publicKeys = trustedKeys; }; "nix2h003.age" = { - inherit publicKeys; + publicKeys = trustedKeys; }; "nix2joe.age" = { - inherit publicKeys; + publicKeys = trustedKeys; }; "nix2gpdPocket3.age" = { - inherit publicKeys; + publicKeys = trustedKeys; }; "nix2t.age" = { - inherit publicKeys; + publicKeys = trustedKeys; }; "nix2l002.age" = { - inherit publicKeys; + publicKeys = trustedKeys; }; - # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode "nix2linode.age" = { - inherit publicKeys; + publicKeys = trustedKeys; }; - # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG90Gg6dV3yhZ5+X40vICbeBwV9rfD39/8l9QSqluTw8 nix2oracle "nix2oracle.age" = { - inherit publicKeys; + publicKeys = trustedKeys; }; "nix2lio.age" = { - inherit publicKeys; + publicKeys = trustedKeys; }; "nix2oren.age" = { - inherit publicKeys; + publicKeys = trustedKeys; }; # Others "github_read_token.age" = { - inherit publicKeys; + publicKeys = trustedKeys; }; "headscale_auth.age" = { - inherit publicKeys; + publicKeys = trustedKeys; }; "obsidian_sync_env.age" = { - inherit publicKeys; + publicKeys = trustedKeys; }; "us_chi_wg.age" = { - inherit publicKeys; + publicKeys = trustedKeys; }; + # "zitadel_master_key.age" = { + # # h001 only + # publicKeys = authorityKey ++ h001; + # }; + # "vaultwarden_env.age" = { + # # h001 only + # publicKeys = authorityKey ++ o001; + # }; } diff --git a/common/secrets/secrets/vaultwarden_env.age b/common/secrets/secrets/vaultwarden_env.age new file mode 100644 index 0000000..083ba6c --- /dev/null +++ b/common/secrets/secrets/vaultwarden_env.age @@ -0,0 +1,20 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBMZ0VT +QWNCOUNSZ3ZPcmFFcXMvZkFqMVkxV1dRSDNLOTFzUExoc0F3dENFCldFZHdNSDdm +ZUR2eC94Y0cyRWJnTTRnSTlTRUlUSHlLS09IS2ZwZmVhOU0KLT4gc3NoLWVkMjU1 +MTkgc2EwSmpnIGlNaHFLQ0tZeFFLR1ZPZnpCbHEzdlZXWUxjWFNmMUdMVjdQUHlJ +cTJUVkEKcERQMVNNcmxQekUra2tUNUhyVTAxVThSb3RPRFBOOWMwRlFqUnRQQm13 +RQotPiAiXzVSX3wtZ3JlYXNlICpQMQpHUk5aSHJPRnNjQVR4Y2Q2TkhzU01SWWhh +TjBpb1JXbVFwSUxlT1BObEg0N2syNUJjUlc2TVJueVlyTXJRckQwCnhNOUZIVlVh +UG96d0pibVJsdmdNekJFUHg0NXFpa1JSd2lBdzN2S2JxenVMNVpWQ2hxRXlWUjFy +TWcKLS0tIG1QMHV3VW5VM25QVW80aUZOeEpTNG1qYksvQnE5emhBdzBuM2VMZE5n +VTQK6avsHayBgGGdjkwRORdaAz8mwLcxvI3YCMYwXjXCvJmIvlQerUEkDOU9D8sL +I+aSD5YCoHoJ5FsIOox5WWYEVcPxR/y1G2m3pAhZh1ner0Ckw29gsjdmckNwtSSr +tTrSve34ZEij1O7gfO30hW+Kd4579QWH/diFTrP88DjopqsaTWyh+A5A3WP6NxhJ +U0uL5RIPPGCMs0peqZG1Y44KRlt79hKELop4CwyF/06a3Oxuze5vifGl7+mogq0A +Xp3NgWR5AM2Fu+NfEQDUHU1R/CpyY6+VcTZWi8iu0/XfEiIQ4n5JSYNtd3ZL0ldL +WRoNdpA04IiCWM7fnRdDRVRGw9bDJ840oeBiSvbRqIt+uykEndEzKCxXh/jWvP+X +tBj05Rt2Qj3xAsq7yzsvK7vzacjV8fU2kNpxDvhVLQO8TBI5z7Sofu4Cy2fFY1F7 +J7JABO+kciZ23gdEofrHusv3oZvu2eQ5PO1FXCSsZzalum2cWWou11QDi3Vt65kN +wjleyKCDx4a68n7IoS2GOCpDw/G0ACmHrTSnztaO +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/zitadel_master_key.age b/common/secrets/secrets/zitadel_master_key.age new file mode 100644 index 0000000..3b07b55 --- /dev/null +++ b/common/secrets/secrets/zitadel_master_key.age @@ -0,0 +1,15 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USAyWGFw +bUJNQkwvcjRKUWU5WWozTWZHb21IdDNlT0VwK21LQ2FZNEJWWWxJCjBBUDV4MkRt +Y3F5TWVMN0xLMjBibkJMcmUwdEwxM2pONUlLSU1EOXV5dXMKLT4gc3NoLWVkMjU1 +MTkgcGVGQlFnIGJPcEx2TnFZZjVicDlYaVdwRmJHSnIvZlpRNkx5RG8zVmZTaTFq +bmkwM1kKK0o3ZVViNnBjS2NZbFV4TERBczJNQWxtWU1IYTNoL1EzQlNxWHhFNDZL +TQotPiBzc2gtZWQyNTUxOSA5di8ySEEgZm5nYXdJMElxVTE4TnVnY0xSVFVtMXFs +NTNobnI1MjdMNDhWRmpkL1BnSQpXRHcwSVVCajFhQlp4N2J5VGhKc3E2eHpYZmd6 +TlU2MXdtdmNrSUJpZjFFCi0+IG5wImA0LWdyZWFzZQpuSHRTckxXVTd4eTFETWE4 +MEQ0QXNaTzhSTmFOdjI5Vyt1bDVRU1k5dExiUVk3bEdCeGN2UFV4Y3RTR1MvalNn +CkhHWFF4TGtPcktieDZnQTRkdk9ndnllU05zSVlMOWh0R1ZncUlWNy9WZURiCi0t +LSAxdW84VUg5d21jT2hrNEJ0NlBES1NRRjU4b05JQW80dk9IL29LZGlST0FjCnt8 +t+yvFWU0LlFGAWmLc9i4XFUpexZf8rC2bfw3FkNPuCzAyvbowhBJnGkqK+2C+mtL +za43EsGaLvA5s8ObhLw= +-----END AGE ENCRYPTED FILE----- diff --git a/flake.lock b/flake.lock index b45e238..28bbb05 100644 --- a/flake.lock +++ b/flake.lock @@ -153,22 +153,6 @@ "type": "github" } }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1753694789, - "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1753694789, @@ -201,23 +185,6 @@ "type": "github" } }, - "opencode": { - "flake": false, - "locked": { - "lastModified": 1754526276, - "narHash": "sha256-OkkjbytvvUBOcSCjf3zd8NWLaM+I1tUR9IxcRZrdVeM=", - "owner": "sst", - "repo": "opencode", - "rev": "1a561bb5120b1b87a4c477f7cb6c3a0a4ce79114", - "type": "github" - }, - "original": { - "owner": "sst", - "ref": "v0.3.133", - "repo": "opencode", - "type": "github" - } - }, "ragenix": { "inputs": { "agenix": "agenix", @@ -245,8 +212,6 @@ "home-manager": "home-manager", "nix-flatpak": "nix-flatpak", "nixpkgs": "nixpkgs_2", - "nixpkgs-unstable": "nixpkgs-unstable", - "opencode": "opencode", "ragenix": "ragenix" } }, diff --git a/flake.nix b/flake.nix index ee8173d..8dab2ba 100644 --- a/flake.nix +++ b/flake.nix @@ -7,10 +7,6 @@ home-manager.url = "github:rycee/home-manager/release-25.05"; ragenix.url = "github:yaxitech/ragenix"; nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=latest"; - - nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; - opencode.url = "github:sst/opencode/v0.3.133"; - opencode.flake = false; # ====== }; diff --git a/hosts/gpdPocket3/flake.nix b/hosts/gpdPocket3/flake.nix index b99d59c..0f053b2 100644 --- a/hosts/gpdPocket3/flake.nix +++ b/hosts/gpdPocket3/flake.nix @@ -3,8 +3,8 @@ nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; # for local testing. - common.url = "path:../../common"; - # common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles"; + # common.url = "path:../../common"; + common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles"; ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim"; }; diff --git a/hosts/h001/containers/default.nix b/hosts/h001/containers/default.nix index fcef362..eeb0518 100644 --- a/hosts/h001/containers/default.nix +++ b/hosts/h001/containers/default.nix @@ -11,6 +11,7 @@ in common.nixosModules.containers.forgejo ./opengist.nix ./homarr.nix + ./zitadel.nix ]; config = { diff --git a/hosts/h001/containers/zitadel.nix b/hosts/h001/containers/zitadel.nix new file mode 100644 index 0000000..5c24427 --- /dev/null +++ b/hosts/h001/containers/zitadel.nix @@ -0,0 +1,211 @@ +{ + config, + lib, + ... +}: +let + name = "zitadel"; + + hostDataDir = "/var/lib/${name}"; + + hostAddress = "10.0.0.1"; + containerAddress = "10.0.0.3"; + hostAddress6 = "fc00::1"; + containerAddress6 = "fc00::3"; + + binds = [ + # Postgres data, must use postgres user in container and host + { + host = "${hostDataDir}/postgres"; + # Adjust based on container postgres data dir + container = "/var/lib/postgresql/17"; + user = "postgres"; + uid = config.ids.uids.postgres; + gid = config.ids.gids.postgres; + } + # Postgres backups + { + host = "${hostDataDir}/backups/postgres"; + container = "/var/backup/postgresql"; + user = "postgres"; + uid = config.ids.uids.postgres; + gid = config.ids.gids.postgres; + } + # secret + { + host = config.age.secrets.zitadel_master_key.path; + container = "/var/secrets/zitadel_master_key.age"; + readOnly = true; + } + ]; + bindsWithUsers = lib.filter (b: b ? user) binds; + uniqueUsers = lib.foldl' ( + acc: bind: if lib.lists.any (item: item.user == bind.user) acc then acc else acc ++ [ bind ] + ) [ ] bindsWithUsers; + users = { + users = lib.listToAttrs ( + lib.map (u: { + name = u.user; + value = { + isSystemUser = true; + name = u.user; + uid = u.uid; + group = u.user; + }; + }) uniqueUsers + ); + + groups = lib.listToAttrs ( + lib.map (g: { + name = g.user; + value.gid = g.gid; + }) uniqueUsers + ); + }; + +in +{ + options = { }; + config = { + services.nginx.virtualHosts."sso.joshuabell.xyz" = { + locations = { + "/" = { + proxyWebsockets = true; + recommendedProxySettings = true; + proxyPass = "http://${containerAddress}:8080"; + extraConfig = '' + proxy_set_header X-Forwarded-Proto https; + ''; + }; + }; + }; + + # Ensure users exist on host machine + inherit users; + + # Ensure directories exist on host machine + system.activationScripts."createDirsFor${name}" = '' + ${lib.concatStringsSep "\n" ( + lib.map (bind: '' + mkdir -p ${bind.host} + chown -R ${toString bind.user}:${toString bind.gid} ${bind.host} + chmod -R 750 ${bind.host} + '') bindsWithUsers + )} + ''; + + containers.${name} = { + ephemeral = true; + autoStart = true; + privateNetwork = true; + hostAddress = hostAddress; + localAddress = containerAddress; + hostAddress6 = hostAddress6; + localAddress6 = containerAddress6; + bindMounts = lib.foldl ( + acc: bind: + { + "${bind.container}" = { + hostPath = bind.host; + isReadOnly = bind.readOnly or false; + }; + } + // acc + ) { } binds; + config = + { config, pkgs, ... }: + { + system.stateVersion = "25.05"; + + networking = { + firewall = { + enable = true; + allowedTCPPorts = [ + 8080 + ]; + }; + # Use systemd-resolved inside the container + # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 + useHostResolvConf = lib.mkForce false; + }; + services.resolved.enable = true; + + # Ensure users exist on container + inherit users; + + services.postgresql = { + enable = true; + package = pkgs.postgresql_17.withJIT; + enableJIT = true; + authentication = '' + local all all trust + host all all 127.0.0.1/8 trust + host all all ::1/128 trust + host all all fc00::1/128 trust + ''; + ensureDatabases = [ "zitadel" ]; + ensureUsers = [ + { + name = "zitadel"; + ensureDBOwnership = true; + ensureClauses.login = true; + ensureClauses.superuser = true; + } + ]; + }; + + # Backup database + services.postgresqlBackup = { + enable = true; + }; + + services.zitadel = { + enable = true; + masterKeyFile = "/var/secrets/zitadel_master_key.age"; + settings = { + Port = 8080; + Database.postgres = { + Host = "/var/run/postgresql/"; + Port = 5432; + Database = "zitadel"; + User = { + Username = "zitadel"; + SSL.Mode = "disable"; + }; + Admin = { + Username = "zitadel"; + SSL.Mode = "disable"; + ExistingDatabase = "zitadel"; + }; + }; + ExternalDomain = "sso.joshuabell.xyz"; + ExternalPort = 443; + ExternalSecure = true; + }; + steps.FirstInstance = { + InstanceName = "sso"; + Org = { + Name = "SSO"; + Human = { + UserName = "admin@joshuabell.xyz"; + FirstName = "admin"; + LastName = "admin"; + Email.Address = "admin@joshuabell.xuz"; + Email.Verified = true; + Password = "Password1!"; + PasswordChangeRequired = true; + }; + }; + LoginPolicy.AllowRegister = false; + }; + openFirewall = true; + }; + + systemd.services.zitadel = { + requires = [ "postgresql.service" ]; + after = [ "postgresql.service" ]; + }; + }; + }; + }; +} diff --git a/hosts/h001/flake.lock b/hosts/h001/flake.lock index 7203609..18baa04 100644 --- a/hosts/h001/flake.lock +++ b/hosts/h001/flake.lock @@ -29,24 +29,17 @@ "inputs": { "home-manager": "home-manager", "nix-flatpak": "nix-flatpak", - "nixpkgs": "nixpkgs_2", - "nixpkgs-unstable": "nixpkgs-unstable", - "opencode": "opencode", "ragenix": "ragenix" }, "locked": { - "lastModified": 1753294571, - "narHash": "sha256-o5pjY2Mh/gbbD2GT2zStATKN3AOvYfMmGOkN4L3qrgo=", - "ref": "refs/heads/master", - "rev": "bb90226e5e1731652b7ed64d0ab038e68a999dee", - "revCount": 551, - "type": "git", - "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" + "path": "../../common", + "type": "path" }, "original": { - "type": "git", - "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" - } + "path": "../../common", + "type": "path" + }, + "parent": [] }, "crane": { "locked": { @@ -110,11 +103,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1753055804, - "narHash": "sha256-KerePGJYX47ex6OY3CWsid4AltO2gDtQROunYJ0eCEE=", + "lastModified": 1753592768, + "narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=", "owner": "rycee", "repo": "home-manager", - "rev": "adf195f021a8cbb0c317f75b52e96c82616526f9", + "rev": "fc3add429f21450359369af74c2375cb34a2d204", "type": "github" }, "original": { @@ -165,7 +158,7 @@ }, "nixarr": { "inputs": { - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_3", "vpnconfinement": "vpnconfinement", "website-builder": "website-builder" }, @@ -185,11 +178,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1752620740, - "narHash": "sha256-f3pO+9lg66mV7IMmmIqG4PL3223TYMlnlw+pnpelbss=", + "lastModified": 1753345091, + "narHash": "sha256-CdX2Rtvp5I8HGu9swBmYuq+ILwRxpXdJwlpg8jvN4tU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "32a4e87942101f1c9f9865e04dc3ddb175f5f32e", + "rev": "3ff0e34b1383648053bba8ed03f201d3466f90c9", "type": "github" }, "original": { @@ -199,39 +192,7 @@ "type": "github" } }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1752950548, - "narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "c87b95e25065c028d31a94f06a62927d18763fdf", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { - "locked": { - "lastModified": 1752950548, - "narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "c87b95e25065c028d31a94f06a62927d18763fdf", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1741379970, "narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=", @@ -247,7 +208,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "lastModified": 1748662220, "narHash": "sha256-7gGa49iB9nCnFk4h/g9zwjlQAyjtpgcFkODjcOQS0Es=", @@ -263,7 +224,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { "lastModified": 1750400657, "narHash": "sha256-3vkjFnxCOP6vm5Pm13wC/Zy6/VYgei/I/2DWgW4RFeA=", @@ -279,7 +240,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { "lastModified": 1750188666, "narHash": "sha256-yAfLvtbCzSigTfbsJeOrvljS7VYLAwi2RZ6F+qd+A5E=", @@ -1190,29 +1151,12 @@ "type": "github" } }, - "opencode": { - "flake": false, - "locked": { - "lastModified": 1753194493, - "narHash": "sha256-eOsazBjkdTvGNsobb5WUBDB2udEJh9zkOeMfVH/tkQo=", - "owner": "sst", - "repo": "opencode", - "rev": "99d6a28249f10ba1fcb7d61599c008154663a51f", - "type": "github" - }, - "original": { - "owner": "sst", - "ref": "v0.3.55", - "repo": "opencode", - "type": "github" - } - }, "ragenix": { "inputs": { "agenix": "agenix", "crane": "crane", "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "rust-overlay": "rust-overlay" }, "locked": { @@ -1233,13 +1177,13 @@ "inputs": { "common": "common", "nixarr": "nixarr", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "ros_neovim": "ros_neovim" } }, "ros_neovim": { "inputs": { - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_5", "nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim", "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim", "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring", diff --git a/hosts/h001/flake.nix b/hosts/h001/flake.nix index 71f3c20..148f2a7 100644 --- a/hosts/h001/flake.nix +++ b/hosts/h001/flake.nix @@ -4,8 +4,8 @@ # nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; # Use relative to get current version for testing - # common.url = "path:../../common"; - common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles"; + common.url = "path:../../common"; + # common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles"; ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim"; diff --git a/hosts/h001/mods/pinchflat.nix b/hosts/h001/mods/pinchflat.nix index 21d1f6d..8690b69 100644 --- a/hosts/h001/mods/pinchflat.nix +++ b/hosts/h001/mods/pinchflat.nix @@ -9,10 +9,11 @@ port = 8945; selfhosted = true; mediaDir = "/drives/wd10/pinchflat/media"; + extraConfig = { + YT_DLP_WORKER_CONCURRENCY = 1; + }; }; - - users.users.pinchflat.isSystemUser = true; users.users.pinchflat.group = "pinchflat"; users.groups.pinchflat = { }; @@ -22,19 +23,38 @@ Group = "pinchflat"; }; + # Use Nixarr vpn + systemd.services.pinchflat.vpnconfinement = { + enable = true; + vpnnamespace = "wg"; + }; + vpnNamespaces.wg.portMappings = [ + { + from = 8945; + to = 8945; + } + ]; + systemd.tmpfiles.rules = [ "d '/drives/wd10/pinchflat/media' 0775 pinchflat pinchflat - -" ]; - # services.nginx = { - # virtualHosts = { - # "yt.joshuabell.xyz" = { - # locations."/" = { - # proxyWebsockets = true; - # proxyPass = "http://localhost:8945"; - # }; - # }; - # }; - # }; + services.nginx = { + virtualHosts = { + "pinchflat" = { + serverName = "h001.net.joshuabell.xyz"; + listen = [ + { + port = 8945; + addr = "0.0.0.0"; + } + ]; + locations."/" = { + proxyWebsockets = true; + proxyPass = "http://192.168.15.1:8945"; + }; + }; + }; + }; }; } diff --git a/hosts/h001/nginx.nix b/hosts/h001/nginx.nix index fa0373b..1095170 100644 --- a/hosts/h001/nginx.nix +++ b/hosts/h001/nginx.nix @@ -9,7 +9,7 @@ let in { services.nginx.virtualHosts = { - "10.12.14.2" = { + "10.12.14.10" = { locations = { "/" = { return = "301 http://h001.local.joshuabell.xyz"; diff --git a/hosts/lio/flake.lock b/hosts/lio/flake.lock index aba6691..b5a5b8e 100644 --- a/hosts/lio/flake.lock +++ b/hosts/lio/flake.lock @@ -29,24 +29,17 @@ "inputs": { "home-manager": "home-manager", "nix-flatpak": "nix-flatpak", - "nixpkgs": "nixpkgs_2", - "nixpkgs-unstable": "nixpkgs-unstable", - "opencode": "opencode", "ragenix": "ragenix" }, "locked": { - "lastModified": 1754593666, - "narHash": "sha256-FToZxXq2Ga/wsJRcwrVfsRIVXoCCy7KfuvBZ/dymQCM=", - "ref": "refs/heads/master", - "rev": "f04bac6e4f061fc0daae99612a1cb895611a3829", - "revCount": 578, - "type": "git", - "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" + "path": "../../common", + "type": "path" }, "original": { - "type": "git", - "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" - } + "path": "../../common", + "type": "path" + }, + "parent": [] }, "crane": { "locked": { @@ -181,11 +174,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1753694789, - "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=", + "lastModified": 1755186698, + "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727", + "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", "type": "github" }, "original": { @@ -196,22 +189,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1753694789, - "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1741379970, "narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=", @@ -227,13 +204,13 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { - "lastModified": 1752866191, - "narHash": "sha256-NV4S2Lf2hYmZQ3Qf4t/YyyBaJNuxLPyjzvDma0zPp/M=", + "lastModified": 1755471983, + "narHash": "sha256-axUoWcm4cNQ36jOlnkD9D40LTfSQgk8ExfHSRm3rTtg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f01fe91b0108a7aff99c99f2e9abbc45db0adc2a", + "rev": "48f4c982de68d966421d2b6f1ddbeb6227cc5ceb", "type": "github" }, "original": { @@ -243,13 +220,13 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { - "lastModified": 1753848940, - "narHash": "sha256-jH7fqN4HzsIlj2c/SAuVWmgUIjBwDdEKVnL97xlECHY=", + "lastModified": 1755648324, + "narHash": "sha256-+2TxwJEXWXGC7JBsRGUHtmQ66lRGPcDI2kFKTTU5e2s=", "owner": "nixos", "repo": "nixpkgs", - "rev": "25b37a9225cece2da4b68aca8bd0998439074362", + "rev": "226bb7c9df5f953fd7533e199b8d9e5475458a8a", "type": "github" }, "original": { @@ -258,6 +235,22 @@ "type": "github" } }, + "nixpkgs_5": { + "locked": { + "lastModified": 1755186698, + "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nvim_plugin-Almo7aya/openingh.nvim": { "flake": false, "locked": { @@ -277,11 +270,11 @@ "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": { "flake": false, "locked": { - "lastModified": 1753815885, - "narHash": "sha256-A9qlpDXdIfoZ/5yZ5w39pgfoxVwhklhcESYWsqQgiDY=", + "lastModified": 1755636100, + "narHash": "sha256-EeU6AfMISnXUmKdNHXN35srj+fuQiHoWx5uYRKCjsTE=", "owner": "CopilotC-Nvim", "repo": "CopilotChat.nvim", - "rev": "450fcecf2f71d0469e9c98f5967252092714ed03", + "rev": "f7bb32dbbe2ff5e26f5033e2142b5920cf427236", "type": "github" }, "original": { @@ -309,11 +302,11 @@ "nvim_plugin-L3MON4D3/LuaSnip": { "flake": false, "locked": { - "lastModified": 1753286973, - "narHash": "sha256-w70rSwYdjMRGCLYcwIoA4cvl6JcGQYHngCBJvRq+SXg=", + "lastModified": 1754037237, + "narHash": "sha256-JhTqTGQfIryJ7MElcOGOfb48uaNDnd9RM9Fl1Fs4QV0=", "owner": "L3MON4D3", "repo": "LuaSnip", - "rev": "3d5bced1b9ae69fa3f9b1942e28af5dbc537f946", + "rev": "de10d8414235b0a8cabfeba60d07c24304e71f5c", "type": "github" }, "original": { @@ -325,11 +318,11 @@ "nvim_plugin-MeanderingProgrammer/render-markdown.nvim": { "flake": false, "locked": { - "lastModified": 1753730059, - "narHash": "sha256-OjvoAFWaJT4+gyO/jtA2uvFdeOz7lhdkkhKQUl/kIT4=", + "lastModified": 1755631821, + "narHash": "sha256-+/GVSb3uQ5HktPv6HFwdywX85hScsAI1IHqXmwDH9PU=", "owner": "MeanderingProgrammer", "repo": "render-markdown.nvim", - "rev": "9e51b7711c6159511e966dc42fafd58a9db9ad1d", + "rev": "0087ee1d505d4fc4886d8d3121ae7848b7c0e49b", "type": "github" }, "original": { @@ -373,11 +366,11 @@ "nvim_plugin-Saecki/crates.nvim": { "flake": false, "locked": { - "lastModified": 1753218471, - "narHash": "sha256-5Vu3VG6Ab1Rpqzeqoa0S9sfzco7wykrSt2eSXOajm14=", + "lastModified": 1754466592, + "narHash": "sha256-b40E121rJrEmlor3fHmh4Y1TXKdfiqsBGBcpbY//eTw=", "owner": "Saecki", "repo": "crates.nvim", - "rev": "c915ab5334a46178f64ce17ab606a79454bcd14f", + "rev": "a49df0f70171adc77704eac70dd2c0d179065933", "type": "github" }, "original": { @@ -405,11 +398,11 @@ "nvim_plugin-b0o/schemastore.nvim": { "flake": false, "locked": { - "lastModified": 1753826458, - "narHash": "sha256-7VZmb4JPlLF4tmEuuM69etdyCIxdH1PNZlT1mijzo7o=", + "lastModified": 1755594039, + "narHash": "sha256-XU+PtvXlgoHFouyyceUIZ4L5AvZThUR2AegmCQAYt1A=", "owner": "b0o", "repo": "schemastore.nvim", - "rev": "3cd1c7267282b4d89618674de36a6d866981347e", + "rev": "e906ac3ed0bd273781759e7635b5b824393c925c", "type": "github" }, "original": { @@ -421,11 +414,11 @@ "nvim_plugin-catppuccin/nvim": { "flake": false, "locked": { - "lastModified": 1753779499, - "narHash": "sha256-lnIlYUhUQXuoVWv000n5Ev4YNSZY+U70b3npZbMUDg4=", + "lastModified": 1755621274, + "narHash": "sha256-o8VLMPriOh4+Ay5Ff0cWQYXjmihdr3x9131bKHHTsQE=", "owner": "catppuccin", "repo": "nvim", - "rev": "94f6e8a06b6bb7b8e5529cf9f93adb4654534241", + "rev": "30fa4d122d9b22ad8b2e0ab1b533c8c26c4dde86", "type": "github" }, "original": { @@ -437,11 +430,11 @@ "nvim_plugin-chrisgrieser/nvim-early-retirement": { "flake": false, "locked": { - "lastModified": 1750108178, - "narHash": "sha256-3I7Xup+v9Yq9/nJQ1F5CDW99oFQcxbinv7VQcKeA16Y=", + "lastModified": 1755590055, + "narHash": "sha256-989Zf6SCy+vakFac4KmElUn8+ErJMtYJ8zlOi999UJI=", "owner": "chrisgrieser", "repo": "nvim-early-retirement", - "rev": "d9ffd8f70ed6d466cecd3e7e2dd1425b0010932f", + "rev": "ef9fc0267da4204432ab7bf3ab9df359874cfeb6", "type": "github" }, "original": { @@ -533,11 +526,11 @@ "nvim_plugin-hrsh7th/cmp-nvim-lsp": { "flake": false, "locked": { - "lastModified": 1743496195, - "narHash": "sha256-iaihXNCF5bB5MdeoosD/kc3QtpA/QaIDZVLiLIurBSM=", + "lastModified": 1755085771, + "narHash": "sha256-X1rppwf2xBPrmB93ptXukOnEBDZmfjJd4F5ObNa1DHs=", "owner": "hrsh7th", "repo": "cmp-nvim-lsp", - "rev": "a8912b88ce488f411177fc8aed358b04dc246d7b", + "rev": "bd5a7d6db125d4654b50eeae9f5217f24bb22fd3", "type": "github" }, "original": { @@ -581,11 +574,11 @@ "nvim_plugin-j-hui/fidget.nvim": { "flake": false, "locked": { - "lastModified": 1753813056, - "narHash": "sha256-rQIEO9C9YokdwaPfKsu7Rb6pi51Tm0Qqo/igBKeCW/8=", + "lastModified": 1755048367, + "narHash": "sha256-Hcnbk6go2vYCYqSfXLWQ+KimpU+NPbIkjBTKGMFoNQM=", "owner": "j-hui", "repo": "fidget.nvim", - "rev": "c1725fbadd99c810273b202d67dbfedf66e61eaf", + "rev": "2cb5edb2dd6700a958a446b20bb2be04d318da9d", "type": "github" }, "original": { @@ -613,11 +606,11 @@ "nvim_plugin-lewis6991/gitsigns.nvim": { "flake": false, "locked": { - "lastModified": 1753442199, - "narHash": "sha256-7BKwxHoFWGepqm8/J+RB6zu+7IpGUUmgLP4a2O2lIuA=", + "lastModified": 1755014582, + "narHash": "sha256-zBUrqL+00Y8j4eVNAgI0nYn2i35zhQo2BVl4mL1cgfs=", "owner": "lewis6991", "repo": "gitsigns.nvim", - "rev": "b01433169be710d6c69f7b4ee264d9670698b831", + "rev": "6e3c66548035e50db7bd8e360a29aec6620c3641", "type": "github" }, "original": { @@ -693,11 +686,11 @@ "nvim_plugin-mfussenegger/nvim-lint": { "flake": false, "locked": { - "lastModified": 1753039571, - "narHash": "sha256-ly5S0KAZN8Jeag22SCX+5XKqn3d+zCRN/8Jf5HlEn9I=", + "lastModified": 1753951521, + "narHash": "sha256-GmXScmbXJx74RMgPhkdKtdODZqkOarFHE1XOiSnt5Bo=", "owner": "mfussenegger", "repo": "nvim-lint", - "rev": "9c6207559297b24f0b7c32829f8e45f7d65b991f", + "rev": "7ef127aaede2a4d5ad8df8321e2eb4e567f29594", "type": "github" }, "original": { @@ -709,11 +702,11 @@ "nvim_plugin-mrcjkb/rustaceanvim": { "flake": false, "locked": { - "lastModified": 1753575790, - "narHash": "sha256-Iw3W0Inn0CpZTXyxk54WRtsXP5DYm+7bKH/HSO/diBo=", + "lastModified": 1755599388, + "narHash": "sha256-4o20Hf+rFD2zejPZr5oe3ZkaynW3xAw/wtbF3sMjNnQ=", "owner": "mrcjkb", "repo": "rustaceanvim", - "rev": "f845bb055397019c4bc70f9c76376ca490f4c783", + "rev": "eb9beab7d80eb052f78165b28d18f55844b26aef", "type": "github" }, "original": { @@ -725,11 +718,11 @@ "nvim_plugin-neovim/nvim-lspconfig": { "flake": false, "locked": { - "lastModified": 1753837371, - "narHash": "sha256-IsdjkpE+T5irvmH5fam5EmsCpzwxSEiXV3r2iXsOVT0=", + "lastModified": 1755617152, + "narHash": "sha256-PSu5zQi/rzBAnALX8WrYckhqM5lI6hGAhsWWgS7ln7A=", "owner": "neovim", "repo": "nvim-lspconfig", - "rev": "3db16ceeea947517f0dc1404c24dcb5ab0c91d26", + "rev": "5f1c9a90c8db9c647da40ce6cf5be9e49ccbf0c7", "type": "github" }, "original": { @@ -741,11 +734,11 @@ "nvim_plugin-nosduco/remote-sshfs.nvim": { "flake": false, "locked": { - "lastModified": 1748880705, - "narHash": "sha256-eTnVFOR7FHlkU9kwrk3q3pNo/U8OR2gJrnrMUQKGi2A=", + "lastModified": 1755623332, + "narHash": "sha256-hnTDzd3eRsDUYYf9WPknYZ126d0XKXO1hjlY7WH4bDI=", "owner": "nosduco", "repo": "remote-sshfs.nvim", - "rev": "6e893c32ff7c5b8d0d501b748c525fa53963fb35", + "rev": "8ab43934caea0eacc986d112e5680c316b8a7944", "type": "github" }, "original": { @@ -789,11 +782,11 @@ "nvim_plugin-nvim-lualine/lualine.nvim": { "flake": false, "locked": { - "lastModified": 1749383457, - "narHash": "sha256-2aPgA7riA/FubQpTkqsxLKl7OZ8L6FkucNHc2QEx2HQ=", + "lastModified": 1754970649, + "narHash": "sha256-lWt2kpW+hsTMWt8tar/+AISTDrIt4Jn27NmI9j+Xt4s=", "owner": "nvim-lualine", "repo": "lualine.nvim", - "rev": "a94fc68960665e54408fe37dcf573193c4ce82c9", + "rev": "b8c23159c0161f4b89196f74ee3a6d02cdc3a955", "type": "github" }, "original": { @@ -805,11 +798,11 @@ "nvim_plugin-nvim-telescope/telescope-file-browser.nvim": { "flake": false, "locked": { - "lastModified": 1750040034, - "narHash": "sha256-NHcU3c+1pLeypHr9xXKmqvdwB1QM/vj5axzjpFEQCLQ=", + "lastModified": 1754424906, + "narHash": "sha256-FlJ7w5Ywwq03E0oYdnFJFb+MMUMQMa+5QhDMy2O9tGQ=", "owner": "nvim-telescope", "repo": "telescope-file-browser.nvim", - "rev": "7bf55ed0ff5be182ad3301cff266581fc1c56cce", + "rev": "3610dc7dc91f06aa98b11dca5cc30dfa98626b7e", "type": "github" }, "original": { @@ -869,11 +862,11 @@ "nvim_plugin-nvim-tree/nvim-tree.lua": { "flake": false, "locked": { - "lastModified": 1753762764, - "narHash": "sha256-uoiPwURO0ATaYeLozG8X44cC4eWf1wANspljkjh/qeY=", + "lastModified": 1755174669, + "narHash": "sha256-Cdd7m2ondica5yDgm8THEm8LttJwDWQTNPnKO4vKr2c=", "owner": "nvim-tree", "repo": "nvim-tree.lua", - "rev": "65bae449224b8a3bc149471b96587b23b13a9946", + "rev": "f0e9951778802526b14c934f7bf746e1e0ae5ed0", "type": "github" }, "original": { @@ -885,11 +878,11 @@ "nvim_plugin-nvim-tree/nvim-web-devicons": { "flake": false, "locked": { - "lastModified": 1753653538, - "narHash": "sha256-1IwOcdIUJuh7YC2YTw0VnGI2UIg7F/ipxLLfQdPzjFQ=", + "lastModified": 1754884337, + "narHash": "sha256-Zftd4xFYdCtof6IusN+E079yY2oMTNhJ/yznvLiiur0=", "owner": "nvim-tree", "repo": "nvim-web-devicons", - "rev": "4a8369f4c78ef6f6f895f0cec349e48f74330574", + "rev": "c2599a81ecabaae07c49ff9b45dcd032a8d90f1a", "type": "github" }, "original": { @@ -901,11 +894,11 @@ "nvim_plugin-nvim-treesitter/nvim-treesitter-context": { "flake": false, "locked": { - "lastModified": 1753794238, - "narHash": "sha256-9KKJJhKCjlKakVFyF3EUj2sobrKaJBMIGqkwbVjD9Mk=", + "lastModified": 1754488703, + "narHash": "sha256-f4a9Abwb265Rm+hpUXz+rKWXvaFVrmXf1h7d7eh9jJc=", "owner": "nvim-treesitter", "repo": "nvim-treesitter-context", - "rev": "02fd97c803962108d129cf42e05adc5eff7f89c1", + "rev": "dca8726fea2c14e1ce6adbaa76a04816fbfaff61", "type": "github" }, "original": { @@ -949,11 +942,11 @@ "nvim_plugin-rmagatti/auto-session": { "flake": false, "locked": { - "lastModified": 1753745747, - "narHash": "sha256-Uowy7CMw6+4y1ME5vNTUSxDCOBfjnfJRpteAKfUo6A8=", + "lastModified": 1755285297, + "narHash": "sha256-x8oPN7JqcY0scFO0vGREerT3dRiQA+k/qeWsug1sGiU=", "owner": "rmagatti", "repo": "auto-session", - "rev": "c93a9bfd8a5cbf931a6ead5c824998da874b9f79", + "rev": "d27a29f5754e3a8b8d89a4069814e53ac583e951", "type": "github" }, "original": { @@ -1013,11 +1006,11 @@ "nvim_plugin-stevearc/conform.nvim": { "flake": false, "locked": { - "lastModified": 1751472067, - "narHash": "sha256-bm6266h0rKYcOeMPVqjh3DEKe5M0EIPuo4rvmRtkpvs=", + "lastModified": 1755640282, + "narHash": "sha256-WYGvppnMsBaVYnMmv9WJRuKuyk4F/rzJ3DRBh+72tRY=", "owner": "stevearc", "repo": "conform.nvim", - "rev": "973f3cb73887d510321653044791d7937c7ec0fa", + "rev": "04bfa5f35706410376bf7618a01fcf44e3f35b59", "type": "github" }, "original": { @@ -1125,11 +1118,11 @@ "nvim_plugin-zbirenbaum/copilot.lua": { "flake": false, "locked": { - "lastModified": 1753817982, - "narHash": "sha256-AHDh24MQ3OMNKUCuKaA9KrR4l0I+dT7tF+Bpl6PBSx8=", + "lastModified": 1755448417, + "narHash": "sha256-KV+Wno4aB5uTSBxIZzQKC/0KfjQLM7x8wCDkVSnaPeA=", "owner": "zbirenbaum", "repo": "copilot.lua", - "rev": "55e43020dcd59c6da41cc773971380a003100844", + "rev": "3fd7b50810ae4cccf8b38e4c509b1608f141a9e9", "type": "github" }, "original": { @@ -1138,20 +1131,24 @@ "type": "github" } }, - "opencode": { - "flake": false, + "quickshell": { + "inputs": { + "nixpkgs": [ + "zaphkiel", + "nixpkgs" + ] + }, "locked": { - "lastModified": 1754526276, - "narHash": "sha256-OkkjbytvvUBOcSCjf3zd8NWLaM+I1tUR9IxcRZrdVeM=", - "owner": "sst", - "repo": "opencode", - "rev": "1a561bb5120b1b87a4c477f7cb6c3a0a4ce79114", + "lastModified": 1753595452, + "narHash": "sha256-vqkSDvh7hWhPvNjMjEDV4KbSCv2jyl2Arh73ZXe274k=", + "owner": "quickshell-mirror", + "repo": "quickshell", + "rev": "a5431dd02dc23d9ef1680e67777fed00fe5f7cda", "type": "github" }, "original": { - "owner": "sst", - "ref": "v0.3.133", - "repo": "opencode", + "owner": "quickshell-mirror", + "repo": "quickshell", "type": "github" } }, @@ -1160,7 +1157,7 @@ "agenix": "agenix", "crane": "crane", "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "rust-overlay": "rust-overlay" }, "locked": { @@ -1180,13 +1177,15 @@ "root": { "inputs": { "common": "common", - "nixpkgs": "nixpkgs_4", - "ros_neovim": "ros_neovim" + "nixpkgs": "nixpkgs_3", + "nixpkgs-unstable": "nixpkgs-unstable", + "ros_neovim": "ros_neovim", + "zaphkiel": "zaphkiel" } }, "ros_neovim": { "inputs": { - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim", "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim", "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring", @@ -1245,11 +1244,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1753849449, - "narHash": "sha256-zBShks1kHnfIq+tkBNkA41NCrhwJNbkhW3a/jLUIr50=", + "lastModified": 1755648539, + "narHash": "sha256-zElmY3ieHOxJtn5Q3KKXZw3i6/e63jRtHowzOM4jERw=", "ref": "refs/heads/master", - "rev": "86093285e53caae7d2bf9a8d0046be3d4245a35b", - "revCount": 299, + "rev": "1f8444ad78e85c902818ab48479f3f3a1e909031", + "revCount": 300, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/nvim" }, @@ -1288,11 +1287,11 @@ ] }, "locked": { - "lastModified": 1753843724, - "narHash": "sha256-a0Aab7Zst68GqvNAMh9Ejwnp8gawGnruOMtEWZ0HHjM=", + "lastModified": 1755571033, + "narHash": "sha256-V8gmZBfMiFGCyGJQx/yO81LFJ4d/I5Jxs2id96rLxrM=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "01ac47d86311fb030023f1dfc5f6bc368b9c6cee", + "rev": "95487740bb7ac11553445e9249041a6fa4b5eccf", "type": "github" }, "original": { @@ -1330,6 +1329,41 @@ "repo": "default", "type": "github" } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "zaphkiel": { + "inputs": { + "nixpkgs": "nixpkgs_5", + "quickshell": "quickshell", + "systems": "systems_3" + }, + "locked": { + "lastModified": 1755452579, + "narHash": "sha256-yKowI51cKh1qUKlDq1zLDUC9wcBXlCRt/6rS5OiSOzo=", + "owner": "Rexcrazy804", + "repo": "Zaphkiel", + "rev": "692e3318338b90229bf67e1d9c3d73b7d4a8606c", + "type": "github" + }, + "original": { + "owner": "Rexcrazy804", + "repo": "Zaphkiel", + "type": "github" + } } }, "root": "root", diff --git a/hosts/lio/flake.nix b/hosts/lio/flake.nix index f2dd116..18b1797 100644 --- a/hosts/lio/flake.nix +++ b/hosts/lio/flake.nix @@ -1,12 +1,17 @@ { inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Use relative to get current version for testing - # common.url = "path:../../common"; - common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles"; + common.url = "path:../../common"; + # common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles"; ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim"; + + zaphkiel = { + url = "github:Rexcrazy804/Zaphkiel"; + }; }; outputs = @@ -42,6 +47,16 @@ { programs = { steam.enable = true; + nix-ld = { + enable = true; + libraries = with pkgs; [ + icu + gmp + glibc + openssl + stdenv.cc.cc + ]; + }; }; environment.systemPackages = with pkgs; [ @@ -50,8 +65,14 @@ steam ffmpeg-full appimage-run + nodejs_24 ]; + environment.shellAliases = { + "oc" = + "all_proxy='' http_proxy='' https_proxy='' /home/josh/other/opencode/node_modules/opencode-linux-x64/bin/opencode"; + }; + # Also allow this key to work for root user, this will let us use this as a remote builder easier users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJN2nsLmAlF6zj5dEBkNSJaqcCya+aB6I0imY8Q5Ew0S nix2lio" @@ -67,7 +88,16 @@ reporting.enable = true; disableRemoteBuildsOnLio = true; }; - desktopEnvironment.gnome.enable = true; + desktopEnvironment.hyprland = { + enable = true; + extraOptions = { + # hyprctl monitors all + monitor = [ + "desc:ASUSTek COMPUTER INC ASUS PG43U 0x01010101,3840x2160@97.98,0x0,1,transform,0" + "desc:Samsung Electric Company C34J79x HTRM900776,3440x1440@99.98,-1440x-640,1,transform,1" + ]; + }; + }; programs = { qFlipper.enable = true; rustDev.enable = true; @@ -76,7 +106,7 @@ tailnet.enableExitNode = true; ssh.enable = true; docker.enable = true; - opencode.enable = true; + virt-manager.enable = true; flatpaks = { enable = true; packages = [ @@ -136,7 +166,6 @@ }; }; }; - } ) ]; diff --git a/hosts/oracle/o001/containers/vaultwarden.nix b/hosts/oracle/o001/containers/vaultwarden.nix index 2e9e8a7..d209402 100644 --- a/hosts/oracle/o001/containers/vaultwarden.nix +++ b/hosts/oracle/o001/containers/vaultwarden.nix @@ -1,4 +1,5 @@ { + config, ... }: let @@ -38,6 +39,10 @@ in hostPath = "${hostDataDir}/backups"; isReadOnly = false; }; + "/var/secrets/vaultwarden.env" = { + hostPath = config.age.secrets.vaultwarden_env.path; + isReadOnly = true; + }; }; config = { ... }: @@ -56,12 +61,12 @@ in enable = true; dbBackend = "sqlite"; backupDir = "/var/lib/backups/vaultwarden"; + environmentFile = "/var/secrets/vaultwarden.env"; config = { DOMAIN = "https://vault.joshuabell.xyz"; SIGNUPS_ALLOWED = false; ROCKET_PORT = builtins.toString v_port; ROCKET_ADDRESS = "127.0.0.1"; - # ADMIN_TOKEN = "$argon2id$v=19$m=65540,t=3,p=4$YMFEq4GZiCeM+MBSW75G+gq6Dnywszaqhhdrt5pIyLw$zdlU/ws8kfBVa/FWp1LVfhnu+CVuItG2nPGXgKyjWug"; }; }; }; diff --git a/hosts/oracle/o001/flake.lock b/hosts/oracle/o001/flake.lock index c1e5ce0..a4afc77 100644 --- a/hosts/oracle/o001/flake.lock +++ b/hosts/oracle/o001/flake.lock @@ -29,22 +29,17 @@ "inputs": { "home-manager": "home-manager", "nix-flatpak": "nix-flatpak", - "nixpkgs": "nixpkgs_2", "ragenix": "ragenix" }, "locked": { - "lastModified": 1750784870, - "narHash": "sha256-jRpkTFQk0sOmhE2ABm1aA/diDOU4C23xYkLlPIK/01o=", - "ref": "refs/heads/master", - "rev": "9a78d02b5d91d713a63cb83514b7c2365b7c3a36", - "revCount": 511, - "type": "git", - "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" + "path": "../../../common", + "type": "path" }, "original": { - "type": "git", - "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" - } + "path": "../../../common", + "type": "path" + }, + "parent": [] }, "crane": { "locked": { @@ -88,7 +83,7 @@ "deploy-rs": { "inputs": { "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_3", "utils": "utils" }, "locked": { @@ -144,11 +139,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1749154018, - "narHash": "sha256-gjN3j7joRvT3a8Zgcylnd4NFsnXeDBumqiu4HmY1RIg=", + "lastModified": 1753592768, + "narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=", "owner": "rycee", "repo": "home-manager", - "rev": "7aae0ee71a17b19708b93b3ed448a1a0952bf111", + "rev": "fc3add429f21450359369af74c2375cb34a2d204", "type": "github" }, "original": { @@ -199,11 +194,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1749024892, - "narHash": "sha256-OGcDEz60TXQC+gVz5sdtgGJdKVYr6rwdzQKuZAJQpCA=", + "lastModified": 1753345091, + "narHash": "sha256-CdX2Rtvp5I8HGu9swBmYuq+ILwRxpXdJwlpg8jvN4tU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8f1b52b04f2cb6e5ead50bd28d76528a2f0380ef", + "rev": "3ff0e34b1383648053bba8ed03f201d3466f90c9", "type": "github" }, "original": { @@ -214,22 +209,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1749794982, - "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1741379970, "narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=", @@ -245,7 +224,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "lastModified": 1743014863, "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=", @@ -261,7 +240,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { "lastModified": 1750622754, "narHash": "sha256-kMhs+YzV4vPGfuTpD3mwzibWUE6jotw5Al2wczI0Pv8=", @@ -277,7 +256,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { "lastModified": 1750188666, "narHash": "sha256-yAfLvtbCzSigTfbsJeOrvljS7VYLAwi2RZ6F+qd+A5E=", @@ -1193,7 +1172,7 @@ "agenix": "agenix", "crane": "crane", "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "rust-overlay": "rust-overlay" }, "locked": { @@ -1214,13 +1193,13 @@ "inputs": { "common": "common", "deploy-rs": "deploy-rs", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "ros_neovim": "ros_neovim" } }, "ros_neovim": { "inputs": { - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_5", "nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim", "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim", "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring", diff --git a/hosts/oracle/o001/flake.nix b/hosts/oracle/o001/flake.nix index 833bbf9..80c48ff 100644 --- a/hosts/oracle/o001/flake.nix +++ b/hosts/oracle/o001/flake.nix @@ -2,7 +2,9 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; deploy-rs.url = "github:serokell/deploy-rs"; - common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles"; + + common.url = "path:../../../common"; + # common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles"; ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim"; }; @@ -60,6 +62,7 @@ ringofstorms_common = { systemName = configuration_name; + secrets.enable = true; general = { disableRemoteBuildsOnLio = true; readWindowsDrives = false; diff --git a/hosts/oracle/o001/nginx.nix b/hosts/oracle/o001/nginx.nix index dbde258..ed89398 100644 --- a/hosts/oracle/o001/nginx.nix +++ b/hosts/oracle/o001/nginx.nix @@ -133,6 +133,16 @@ proxyPass = "http://100.64.0.13"; }; }; + "sso.joshuabell.xyz" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://100.64.0.13"; + extraConfig = '' + proxy_set_header X-Forwarded-Proto https; + ''; + }; + }; "obsidiansync.joshuabell.xyz" = { enableACME = true; forceSSL = true; @@ -162,7 +172,6 @@ }; }; - "_" = { default = true; locations."/" = { diff --git a/hosts/oren/flake.lock b/hosts/oren/flake.lock index d08cf8f..b384ad0 100644 --- a/hosts/oren/flake.lock +++ b/hosts/oren/flake.lock @@ -35,11 +35,11 @@ "ragenix": "ragenix" }, "locked": { - "lastModified": 1753903666, - "narHash": "sha256-e6vzgJMrgxKJSiOY/8oD2lw+Kf0/MlmOs/gs8z8WQgw=", + "lastModified": 1755036081, + "narHash": "sha256-RcJpH9+C6os1jb9l3ukOAU0CtrP5YPlGyRGh6gZPF1Q=", "ref": "refs/heads/master", - "rev": "79849411735ed37a15db58450876d6d59baab880", - "revCount": 556, + "rev": "db6d5161ff0d4962236befa6ca1fd7ef2cb37fe3", + "revCount": 588, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" }, @@ -1157,16 +1157,16 @@ "opencode": { "flake": false, "locked": { - "lastModified": 1753893530, - "narHash": "sha256-7L50P3+u4SHQtjSdFJviPaeLFnOIGP/l4BFLHKm4pNs=", + "lastModified": 1754526276, + "narHash": "sha256-OkkjbytvvUBOcSCjf3zd8NWLaM+I1tUR9IxcRZrdVeM=", "owner": "sst", "repo": "opencode", - "rev": "304e86a8d4ebbaf55de27ac012aecc58028c898d", + "rev": "1a561bb5120b1b87a4c477f7cb6c3a0a4ce79114", "type": "github" }, "original": { "owner": "sst", - "ref": "v0.3.85", + "ref": "v0.3.133", "repo": "opencode", "type": "github" } diff --git a/hosts/oren/flake.nix b/hosts/oren/flake.nix index e38f029..f4e2a29 100644 --- a/hosts/oren/flake.nix +++ b/hosts/oren/flake.nix @@ -66,6 +66,7 @@ ssh.enable = true; docker.enable = true; opencode.enable = true; + virt-manager.enable = true; flatpaks = { enable = true; packages = [ diff --git a/hosts/testbed/configuration.nix b/hosts/testbed/configuration.nix new file mode 100644 index 0000000..eb65bdf --- /dev/null +++ b/hosts/testbed/configuration.nix @@ -0,0 +1,6 @@ +{ + ... +}: +{ + system.stateVersion = "25.05"; # Did you read the comment? +} diff --git a/hosts/testbed/disko-config.nix b/hosts/testbed/disko-config.nix new file mode 100644 index 0000000..7c66d37 --- /dev/null +++ b/hosts/testbed/disko-config.nix @@ -0,0 +1,95 @@ +{ lib, config, ... }: +let + cfg = config.custom_disko; +in +{ + options.custom_disko = { + withSwap = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Whether to create a swap file."; + }; + }; + config = { + disko.devices = { + disk = { + main = { + device = "/dev/vda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + start = "1M"; + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + extraArgs = [ + "-n" + "NIXBOOT" + ]; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ + "-f" + "--label NIXROOT" + ]; + subvolumes = + let + mountOptions = [ + "compress=zstd" + "noatime" + ]; + in + { + "@root" = { + inherit mountOptions; + mountpoint = "/"; + }; + "@nix" = { + inherit mountOptions; + mountpoint = "/nix"; + }; + "@persist" = { + inherit mountOptions; + mountpoint = "/persist"; + }; + "@snapshots" = { + inherit mountOptions; + mountpoint = "/.snapshots"; + }; + "@swap" = lib.mkIf cfg.withSwap { + inherit mountOptions; + mountpoint = "/.swapfile"; + swap.swapfile.size = "8G"; + }; + }; + }; + }; + }; + postCreateHook = '' + MNTPOINT=$(mktemp -d) + mount -t btrfs "${config.disko.devices.disk.main.content.partitions.root.device}" "$MNTPOINT" + trap 'umount $MNTPOINT; rmdir $MNTPOINT' EXIT + # Ensure the snapshots directory exists + mkdir -p $MNTPOINT/@snapshots + # Place readonly empty root snapshot inside snapshots subvol + btrfs subvolume snapshot -r $MNTPOINT/@root $MNTPOINT/@snapshots/_root-empty + ''; + }; + }; + }; + }; + fileSystems."/persist".neededForBoot = true; + }; +} diff --git a/hosts/testbed/flake.lock b/hosts/testbed/flake.lock new file mode 100644 index 0000000..53234ff --- /dev/null +++ b/hosts/testbed/flake.lock @@ -0,0 +1,1338 @@ +{ + "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager_2", + "nixpkgs": [ + "common", + "ragenix", + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1736955230, + "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", + "owner": "ryantm", + "repo": "agenix", + "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "common": { + "inputs": { + "home-manager": "home-manager", + "nix-flatpak": "nix-flatpak", + "nixpkgs-unstable": "nixpkgs-unstable", + "opencode": "opencode", + "ragenix": "ragenix" + }, + "locked": { + "path": "../../common", + "type": "path" + }, + "original": { + "path": "../../common", + "type": "path" + }, + "parent": [] + }, + "crane": { + "locked": { + "lastModified": 1741481578, + "narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=", + "owner": "ipetkov", + "repo": "crane", + "rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "common", + "ragenix", + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1746728054, + "narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=", + "owner": "nix-community", + "repo": "disko", + "rev": "ff442f5d1425feb86344c028298548024f21256d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "latest", + "repo": "disko", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1753592768, + "narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=", + "owner": "rycee", + "repo": "home-manager", + "rev": "fc3add429f21450359369af74c2375cb34a2d204", + "type": "github" + }, + "original": { + "owner": "rycee", + "ref": "release-25.05", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "common", + "ragenix", + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nix-flatpak": { + "locked": { + "lastModified": 1739444422, + "narHash": "sha256-iAVVHi7X3kWORftY+LVbRiStRnQEob2TULWyjMS6dWg=", + "owner": "gmodena", + "repo": "nix-flatpak", + "rev": "5e54c3ca05a7c7d968ae1ddeabe01d2a9bc1e177", + "type": "github" + }, + "original": { + "owner": "gmodena", + "ref": "latest", + "repo": "nix-flatpak", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1753345091, + "narHash": "sha256-CdX2Rtvp5I8HGu9swBmYuq+ILwRxpXdJwlpg8jvN4tU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3ff0e34b1383648053bba8ed03f201d3466f90c9", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1753694789, + "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1741379970, + "narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "36fd87baa9083f34f7f5027900b62ee6d09b1f2f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1754767907, + "narHash": "sha256-8OnUzRQZkqtUol9vuUuQC30hzpMreKptNyET2T9lB6g=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "c5f08b62ed75415439d48152c2a784e36909b1bc", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1753848940, + "narHash": "sha256-jH7fqN4HzsIlj2c/SAuVWmgUIjBwDdEKVnL97xlECHY=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "25b37a9225cece2da4b68aca8bd0998439074362", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "type": "github" + } + }, + "nvim_plugin-Almo7aya/openingh.nvim": { + "flake": false, + "locked": { + "lastModified": 1746139196, + "narHash": "sha256-/FlNLWOSIrOYiWzAcgOdu9//QTorCDV1KWb+h6eqLwk=", + "owner": "Almo7aya", + "repo": "openingh.nvim", + "rev": "7cc8c897cb6b34d8ed28e99d95baccef609ed251", + "type": "github" + }, + "original": { + "owner": "Almo7aya", + "repo": "openingh.nvim", + "type": "github" + } + }, + "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": { + "flake": false, + "locked": { + "lastModified": 1753815885, + "narHash": "sha256-A9qlpDXdIfoZ/5yZ5w39pgfoxVwhklhcESYWsqQgiDY=", + "owner": "CopilotC-Nvim", + "repo": "CopilotChat.nvim", + "rev": "450fcecf2f71d0469e9c98f5967252092714ed03", + "type": "github" + }, + "original": { + "owner": "CopilotC-Nvim", + "repo": "CopilotChat.nvim", + "type": "github" + } + }, + "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": { + "flake": false, + "locked": { + "lastModified": 1733574156, + "narHash": "sha256-AjDM3+n4+lNBQi8P2Yrh0Ab06uYCndBQT9TX36rDbOM=", + "owner": "JoosepAlviste", + "repo": "nvim-ts-context-commentstring", + "rev": "1b212c2eee76d787bbea6aa5e92a2b534e7b4f8f", + "type": "github" + }, + "original": { + "owner": "JoosepAlviste", + "repo": "nvim-ts-context-commentstring", + "type": "github" + } + }, + "nvim_plugin-L3MON4D3/LuaSnip": { + "flake": false, + "locked": { + "lastModified": 1753286973, + "narHash": "sha256-w70rSwYdjMRGCLYcwIoA4cvl6JcGQYHngCBJvRq+SXg=", + "owner": "L3MON4D3", + "repo": "LuaSnip", + "rev": "3d5bced1b9ae69fa3f9b1942e28af5dbc537f946", + "type": "github" + }, + "original": { + "owner": "L3MON4D3", + "repo": "LuaSnip", + "type": "github" + } + }, + "nvim_plugin-MeanderingProgrammer/render-markdown.nvim": { + "flake": false, + "locked": { + "lastModified": 1753730059, + "narHash": "sha256-OjvoAFWaJT4+gyO/jtA2uvFdeOz7lhdkkhKQUl/kIT4=", + "owner": "MeanderingProgrammer", + "repo": "render-markdown.nvim", + "rev": "9e51b7711c6159511e966dc42fafd58a9db9ad1d", + "type": "github" + }, + "original": { + "owner": "MeanderingProgrammer", + "repo": "render-markdown.nvim", + "type": "github" + } + }, + "nvim_plugin-MunifTanjim/nui.nvim": { + "flake": false, + "locked": { + "lastModified": 1749392788, + "narHash": "sha256-41slmnvt1z7sCxvpiVuFmQ9g7eCaxQi1dDCL3AxSL1A=", + "owner": "MunifTanjim", + "repo": "nui.nvim", + "rev": "de740991c12411b663994b2860f1a4fd0937c130", + "type": "github" + }, + "original": { + "owner": "MunifTanjim", + "repo": "nui.nvim", + "type": "github" + } + }, + "nvim_plugin-RRethy/vim-illuminate": { + "flake": false, + "locked": { + "lastModified": 1748105647, + "narHash": "sha256-KqAJRCtDBG5xsvNsqkxoBdDckg02u4NBBreYQw7BphA=", + "owner": "RRethy", + "repo": "vim-illuminate", + "rev": "0d1e93684da00ab7c057410fecfc24f434698898", + "type": "github" + }, + "original": { + "owner": "RRethy", + "repo": "vim-illuminate", + "type": "github" + } + }, + "nvim_plugin-Saecki/crates.nvim": { + "flake": false, + "locked": { + "lastModified": 1753218471, + "narHash": "sha256-5Vu3VG6Ab1Rpqzeqoa0S9sfzco7wykrSt2eSXOajm14=", + "owner": "Saecki", + "repo": "crates.nvim", + "rev": "c915ab5334a46178f64ce17ab606a79454bcd14f", + "type": "github" + }, + "original": { + "owner": "Saecki", + "repo": "crates.nvim", + "type": "github" + } + }, + "nvim_plugin-aznhe21/actions-preview.nvim": { + "flake": false, + "locked": { + "lastModified": 1745779150, + "narHash": "sha256-rQjwlu5gQcOvxF72lr9ugPRl0W78wCWGWPhpN1oOMbs=", + "owner": "aznhe21", + "repo": "actions-preview.nvim", + "rev": "36513ad213855d497b7dd3391a24d1d75d58e36f", + "type": "github" + }, + "original": { + "owner": "aznhe21", + "repo": "actions-preview.nvim", + "type": "github" + } + }, + "nvim_plugin-b0o/schemastore.nvim": { + "flake": false, + "locked": { + "lastModified": 1753826458, + "narHash": "sha256-7VZmb4JPlLF4tmEuuM69etdyCIxdH1PNZlT1mijzo7o=", + "owner": "b0o", + "repo": "schemastore.nvim", + "rev": "3cd1c7267282b4d89618674de36a6d866981347e", + "type": "github" + }, + "original": { + "owner": "b0o", + "repo": "schemastore.nvim", + "type": "github" + } + }, + "nvim_plugin-catppuccin/nvim": { + "flake": false, + "locked": { + "lastModified": 1753779499, + "narHash": "sha256-lnIlYUhUQXuoVWv000n5Ev4YNSZY+U70b3npZbMUDg4=", + "owner": "catppuccin", + "repo": "nvim", + "rev": "94f6e8a06b6bb7b8e5529cf9f93adb4654534241", + "type": "github" + }, + "original": { + "owner": "catppuccin", + "repo": "nvim", + "type": "github" + } + }, + "nvim_plugin-chrisgrieser/nvim-early-retirement": { + "flake": false, + "locked": { + "lastModified": 1750108178, + "narHash": "sha256-3I7Xup+v9Yq9/nJQ1F5CDW99oFQcxbinv7VQcKeA16Y=", + "owner": "chrisgrieser", + "repo": "nvim-early-retirement", + "rev": "d9ffd8f70ed6d466cecd3e7e2dd1425b0010932f", + "type": "github" + }, + "original": { + "owner": "chrisgrieser", + "repo": "nvim-early-retirement", + "type": "github" + } + }, + "nvim_plugin-declancm/cinnamon.nvim": { + "flake": false, + "locked": { + "lastModified": 1722992123, + "narHash": "sha256-kccQ4iFMSQ8kvE7hYz90hBrsDLo7VohFj/6lEZZiAO8=", + "owner": "declancm", + "repo": "cinnamon.nvim", + "rev": "450cb3247765fed7871b41ef4ce5fa492d834215", + "type": "github" + }, + "original": { + "owner": "declancm", + "repo": "cinnamon.nvim", + "type": "github" + } + }, + "nvim_plugin-folke/lazy.nvim": { + "flake": false, + "locked": { + "lastModified": 1740511197, + "narHash": "sha256-nQ8PR9DTdzg6Z2rViuVD6Pswc2VvDQwS3uMNgyDh5ls=", + "owner": "folke", + "repo": "lazy.nvim", + "rev": "6c3bda4aca61a13a9c63f1c1d1b16b9d3be90d7a", + "type": "github" + }, + "original": { + "owner": "folke", + "repo": "lazy.nvim", + "type": "github" + } + }, + "nvim_plugin-folke/neodev.nvim": { + "flake": false, + "locked": { + "lastModified": 1720260306, + "narHash": "sha256-hOjzlo/IqmV8tYjGwfmcCPEmHYsWnEIwtHZdhpwA1kM=", + "owner": "folke", + "repo": "neodev.nvim", + "rev": "46aa467dca16cf3dfe27098042402066d2ae242d", + "type": "github" + }, + "original": { + "owner": "folke", + "repo": "neodev.nvim", + "type": "github" + } + }, + "nvim_plugin-folke/which-key.nvim": { + "flake": false, + "locked": { + "lastModified": 1740233407, + "narHash": "sha256-uvMcSduMr7Kd2oUmIOYzvWF4FIl6bZxIYm9FSw/3pCo=", + "owner": "folke", + "repo": "which-key.nvim", + "rev": "370ec46f710e058c9c1646273e6b225acf47cbed", + "type": "github" + }, + "original": { + "owner": "folke", + "repo": "which-key.nvim", + "type": "github" + } + }, + "nvim_plugin-hrsh7th/cmp-buffer": { + "flake": false, + "locked": { + "lastModified": 1743497185, + "narHash": "sha256-dG4U7MtnXThoa/PD+qFtCt76MQ14V1wX8GMYcvxEnbM=", + "owner": "hrsh7th", + "repo": "cmp-buffer", + "rev": "b74fab3656eea9de20a9b8116afa3cfc4ec09657", + "type": "github" + }, + "original": { + "owner": "hrsh7th", + "repo": "cmp-buffer", + "type": "github" + } + }, + "nvim_plugin-hrsh7th/cmp-nvim-lsp": { + "flake": false, + "locked": { + "lastModified": 1743496195, + "narHash": "sha256-iaihXNCF5bB5MdeoosD/kc3QtpA/QaIDZVLiLIurBSM=", + "owner": "hrsh7th", + "repo": "cmp-nvim-lsp", + "rev": "a8912b88ce488f411177fc8aed358b04dc246d7b", + "type": "github" + }, + "original": { + "owner": "hrsh7th", + "repo": "cmp-nvim-lsp", + "type": "github" + } + }, + "nvim_plugin-hrsh7th/cmp-path": { + "flake": false, + "locked": { + "lastModified": 1753844861, + "narHash": "sha256-e4Rd2y1Wekp7aobpTGaUeoSBnlfIASDaBR8js5dh2Vw=", + "owner": "hrsh7th", + "repo": "cmp-path", + "rev": "c642487086dbd9a93160e1679a1327be111cbc25", + "type": "github" + }, + "original": { + "owner": "hrsh7th", + "repo": "cmp-path", + "type": "github" + } + }, + "nvim_plugin-hrsh7th/nvim-cmp": { + "flake": false, + "locked": { + "lastModified": 1744514599, + "narHash": "sha256-l5z+PT4S9b09d2M+J/tHVd9W9Ss3eQQk5Ykpz2Qjxxw=", + "owner": "hrsh7th", + "repo": "nvim-cmp", + "rev": "b5311ab3ed9c846b585c0c15b7559be131ec4be9", + "type": "github" + }, + "original": { + "owner": "hrsh7th", + "repo": "nvim-cmp", + "type": "github" + } + }, + "nvim_plugin-j-hui/fidget.nvim": { + "flake": false, + "locked": { + "lastModified": 1753813056, + "narHash": "sha256-rQIEO9C9YokdwaPfKsu7Rb6pi51Tm0Qqo/igBKeCW/8=", + "owner": "j-hui", + "repo": "fidget.nvim", + "rev": "c1725fbadd99c810273b202d67dbfedf66e61eaf", + "type": "github" + }, + "original": { + "owner": "j-hui", + "repo": "fidget.nvim", + "type": "github" + } + }, + "nvim_plugin-johmsalas/text-case.nvim": { + "flake": false, + "locked": { + "lastModified": 1722628320, + "narHash": "sha256-2IMufSMy9JW50VzZ3SgOtp8kYs81ANwV0eP0ZH3rTFo=", + "owner": "johmsalas", + "repo": "text-case.nvim", + "rev": "e898cfd46fa6cde0e83abb624a16e67d2ffc6457", + "type": "github" + }, + "original": { + "owner": "johmsalas", + "repo": "text-case.nvim", + "type": "github" + } + }, + "nvim_plugin-lewis6991/gitsigns.nvim": { + "flake": false, + "locked": { + "lastModified": 1753442199, + "narHash": "sha256-7BKwxHoFWGepqm8/J+RB6zu+7IpGUUmgLP4a2O2lIuA=", + "owner": "lewis6991", + "repo": "gitsigns.nvim", + "rev": "b01433169be710d6c69f7b4ee264d9670698b831", + "type": "github" + }, + "original": { + "owner": "lewis6991", + "repo": "gitsigns.nvim", + "type": "github" + } + }, + "nvim_plugin-lnc3l0t/glow.nvim": { + "flake": false, + "locked": { + "lastModified": 1693233815, + "narHash": "sha256-vdlwkIK2EkFviJmSiOqPWvc15xqJ9F2gHCC4ObJ5Qjk=", + "owner": "lnc3l0t", + "repo": "glow.nvim", + "rev": "5b38fb7b6e806cac62707a4aba8c10c5f14d5bb5", + "type": "github" + }, + "original": { + "owner": "lnc3l0t", + "repo": "glow.nvim", + "type": "github" + } + }, + "nvim_plugin-lukas-reineke/indent-blankline.nvim": { + "flake": false, + "locked": { + "lastModified": 1742224677, + "narHash": "sha256-0q/V+b4UrDRnaC/eRWOi9HU9a61vQSAM9/C8ZQyKt+Y=", + "owner": "lukas-reineke", + "repo": "indent-blankline.nvim", + "rev": "005b56001b2cb30bfa61b7986bc50657816ba4ba", + "type": "github" + }, + "original": { + "owner": "lukas-reineke", + "repo": "indent-blankline.nvim", + "type": "github" + } + }, + "nvim_plugin-m4xshen/hardtime.nvim": { + "flake": false, + "locked": { + "lastModified": 1753760289, + "narHash": "sha256-BgJ0gKy/zxU82L7WocXLkXwD97pnCvpGyJVzSHeUtG0=", + "owner": "m4xshen", + "repo": "hardtime.nvim", + "rev": "6d7664d5bdfaea44c5f50b29f5239fab7b00c273", + "type": "github" + }, + "original": { + "owner": "m4xshen", + "repo": "hardtime.nvim", + "type": "github" + } + }, + "nvim_plugin-mbbill/undotree": { + "flake": false, + "locked": { + "lastModified": 1752437854, + "narHash": "sha256-5WofUOTYE+Nmx3A5OoZBneJBHZ8bdGEYDZ6vTMx1OE0=", + "owner": "mbbill", + "repo": "undotree", + "rev": "28f2f54a34baff90ea6f4a735ef1813ad875c743", + "type": "github" + }, + "original": { + "owner": "mbbill", + "repo": "undotree", + "type": "github" + } + }, + "nvim_plugin-mfussenegger/nvim-lint": { + "flake": false, + "locked": { + "lastModified": 1753039571, + "narHash": "sha256-ly5S0KAZN8Jeag22SCX+5XKqn3d+zCRN/8Jf5HlEn9I=", + "owner": "mfussenegger", + "repo": "nvim-lint", + "rev": "9c6207559297b24f0b7c32829f8e45f7d65b991f", + "type": "github" + }, + "original": { + "owner": "mfussenegger", + "repo": "nvim-lint", + "type": "github" + } + }, + "nvim_plugin-mrcjkb/rustaceanvim": { + "flake": false, + "locked": { + "lastModified": 1753575790, + "narHash": "sha256-Iw3W0Inn0CpZTXyxk54WRtsXP5DYm+7bKH/HSO/diBo=", + "owner": "mrcjkb", + "repo": "rustaceanvim", + "rev": "f845bb055397019c4bc70f9c76376ca490f4c783", + "type": "github" + }, + "original": { + "owner": "mrcjkb", + "repo": "rustaceanvim", + "type": "github" + } + }, + "nvim_plugin-neovim/nvim-lspconfig": { + "flake": false, + "locked": { + "lastModified": 1753837371, + "narHash": "sha256-IsdjkpE+T5irvmH5fam5EmsCpzwxSEiXV3r2iXsOVT0=", + "owner": "neovim", + "repo": "nvim-lspconfig", + "rev": "3db16ceeea947517f0dc1404c24dcb5ab0c91d26", + "type": "github" + }, + "original": { + "owner": "neovim", + "repo": "nvim-lspconfig", + "type": "github" + } + }, + "nvim_plugin-nosduco/remote-sshfs.nvim": { + "flake": false, + "locked": { + "lastModified": 1748880705, + "narHash": "sha256-eTnVFOR7FHlkU9kwrk3q3pNo/U8OR2gJrnrMUQKGi2A=", + "owner": "nosduco", + "repo": "remote-sshfs.nvim", + "rev": "6e893c32ff7c5b8d0d501b748c525fa53963fb35", + "type": "github" + }, + "original": { + "owner": "nosduco", + "repo": "remote-sshfs.nvim", + "type": "github" + } + }, + "nvim_plugin-numToStr/Comment.nvim": { + "flake": false, + "locked": { + "lastModified": 1717957420, + "narHash": "sha256-h0kPue5Eqd5aeu4VoLH45pF0DmWWo1d8SnLICSQ63zc=", + "owner": "numToStr", + "repo": "Comment.nvim", + "rev": "e30b7f2008e52442154b66f7c519bfd2f1e32acb", + "type": "github" + }, + "original": { + "owner": "numToStr", + "repo": "Comment.nvim", + "type": "github" + } + }, + "nvim_plugin-nvim-lua/plenary.nvim": { + "flake": false, + "locked": { + "lastModified": 1753570668, + "narHash": "sha256-9Un7ekhBxcnmFE1xjCCFTZ7eqIbmXvQexpnhduAg4M0=", + "owner": "nvim-lua", + "repo": "plenary.nvim", + "rev": "b9fd5226c2f76c951fc8ed5923d85e4de065e509", + "type": "github" + }, + "original": { + "owner": "nvim-lua", + "repo": "plenary.nvim", + "type": "github" + } + }, + "nvim_plugin-nvim-lualine/lualine.nvim": { + "flake": false, + "locked": { + "lastModified": 1749383457, + "narHash": "sha256-2aPgA7riA/FubQpTkqsxLKl7OZ8L6FkucNHc2QEx2HQ=", + "owner": "nvim-lualine", + "repo": "lualine.nvim", + "rev": "a94fc68960665e54408fe37dcf573193c4ce82c9", + "type": "github" + }, + "original": { + "owner": "nvim-lualine", + "repo": "lualine.nvim", + "type": "github" + } + }, + "nvim_plugin-nvim-telescope/telescope-file-browser.nvim": { + "flake": false, + "locked": { + "lastModified": 1750040034, + "narHash": "sha256-NHcU3c+1pLeypHr9xXKmqvdwB1QM/vj5axzjpFEQCLQ=", + "owner": "nvim-telescope", + "repo": "telescope-file-browser.nvim", + "rev": "7bf55ed0ff5be182ad3301cff266581fc1c56cce", + "type": "github" + }, + "original": { + "owner": "nvim-telescope", + "repo": "telescope-file-browser.nvim", + "type": "github" + } + }, + "nvim_plugin-nvim-telescope/telescope-fzf-native.nvim": { + "flake": false, + "locked": { + "lastModified": 1741765009, + "narHash": "sha256-Zyv8ikxdwoUiDD0zsqLzfhBVOm/nKyJdZpndxXEB6ow=", + "owner": "nvim-telescope", + "repo": "telescope-fzf-native.nvim", + "rev": "1f08ed60cafc8f6168b72b80be2b2ea149813e55", + "type": "github" + }, + "original": { + "owner": "nvim-telescope", + "repo": "telescope-fzf-native.nvim", + "type": "github" + } + }, + "nvim_plugin-nvim-telescope/telescope-ui-select.nvim": { + "flake": false, + "locked": { + "lastModified": 1701723223, + "narHash": "sha256-YRhNmmG4gx9Ht8JwjQfbTjJyTHEuZmtP6lqnhOsk8bE=", + "owner": "nvim-telescope", + "repo": "telescope-ui-select.nvim", + "rev": "6e51d7da30bd139a6950adf2a47fda6df9fa06d2", + "type": "github" + }, + "original": { + "owner": "nvim-telescope", + "repo": "telescope-ui-select.nvim", + "type": "github" + } + }, + "nvim_plugin-nvim-telescope/telescope.nvim": { + "flake": false, + "locked": { + "lastModified": 1747012888, + "narHash": "sha256-JpW0ehsX81yVbKNzrYOe1hdgVMs6oaaxMLH6lECnOJg=", + "owner": "nvim-telescope", + "repo": "telescope.nvim", + "rev": "b4da76be54691e854d3e0e02c36b0245f945c2c7", + "type": "github" + }, + "original": { + "owner": "nvim-telescope", + "repo": "telescope.nvim", + "type": "github" + } + }, + "nvim_plugin-nvim-tree/nvim-tree.lua": { + "flake": false, + "locked": { + "lastModified": 1753762764, + "narHash": "sha256-uoiPwURO0ATaYeLozG8X44cC4eWf1wANspljkjh/qeY=", + "owner": "nvim-tree", + "repo": "nvim-tree.lua", + "rev": "65bae449224b8a3bc149471b96587b23b13a9946", + "type": "github" + }, + "original": { + "owner": "nvim-tree", + "repo": "nvim-tree.lua", + "type": "github" + } + }, + "nvim_plugin-nvim-tree/nvim-web-devicons": { + "flake": false, + "locked": { + "lastModified": 1753653538, + "narHash": "sha256-1IwOcdIUJuh7YC2YTw0VnGI2UIg7F/ipxLLfQdPzjFQ=", + "owner": "nvim-tree", + "repo": "nvim-web-devicons", + "rev": "4a8369f4c78ef6f6f895f0cec349e48f74330574", + "type": "github" + }, + "original": { + "owner": "nvim-tree", + "repo": "nvim-web-devicons", + "type": "github" + } + }, + "nvim_plugin-nvim-treesitter/nvim-treesitter-context": { + "flake": false, + "locked": { + "lastModified": 1753794238, + "narHash": "sha256-9KKJJhKCjlKakVFyF3EUj2sobrKaJBMIGqkwbVjD9Mk=", + "owner": "nvim-treesitter", + "repo": "nvim-treesitter-context", + "rev": "02fd97c803962108d129cf42e05adc5eff7f89c1", + "type": "github" + }, + "original": { + "owner": "nvim-treesitter", + "repo": "nvim-treesitter-context", + "type": "github" + } + }, + "nvim_plugin-rafamadriz/friendly-snippets": { + "flake": false, + "locked": { + "lastModified": 1745949052, + "narHash": "sha256-FzApcTbWfFkBD9WsYMhaCyn6ky8UmpUC2io/co/eByM=", + "owner": "rafamadriz", + "repo": "friendly-snippets", + "rev": "572f5660cf05f8cd8834e096d7b4c921ba18e175", + "type": "github" + }, + "original": { + "owner": "rafamadriz", + "repo": "friendly-snippets", + "type": "github" + } + }, + "nvim_plugin-rcarriga/nvim-notify": { + "flake": false, + "locked": { + "lastModified": 1753086914, + "narHash": "sha256-uQBB3fajHowivArxbtmEJvVU3+QO0VApYpVNMA58UkI=", + "owner": "rcarriga", + "repo": "nvim-notify", + "rev": "397c7c1184745fca649e5104de659e6392ef5a4d", + "type": "github" + }, + "original": { + "owner": "rcarriga", + "repo": "nvim-notify", + "type": "github" + } + }, + "nvim_plugin-rmagatti/auto-session": { + "flake": false, + "locked": { + "lastModified": 1753745747, + "narHash": "sha256-Uowy7CMw6+4y1ME5vNTUSxDCOBfjnfJRpteAKfUo6A8=", + "owner": "rmagatti", + "repo": "auto-session", + "rev": "c93a9bfd8a5cbf931a6ead5c824998da874b9f79", + "type": "github" + }, + "original": { + "owner": "rmagatti", + "repo": "auto-session", + "type": "github" + } + }, + "nvim_plugin-ron/ron.vim": { + "flake": false, + "locked": { + "lastModified": 1660904719, + "narHash": "sha256-8/xJmymtVGVz2avzlamgK1cNflZ3NRL+B3c7xxbI964=", + "owner": "ron-rs", + "repo": "ron.vim", + "rev": "f749e543975a82e8dd9a6e7df9600a1c098ae800", + "type": "github" + }, + "original": { + "owner": "ron-rs", + "repo": "ron.vim", + "type": "github" + } + }, + "nvim_plugin-saadparwaiz1/cmp_luasnip": { + "flake": false, + "locked": { + "lastModified": 1730707109, + "narHash": "sha256-86lKQPPyqFz8jzuLajjHMKHrYnwW6+QOcPyQEx6B+gw=", + "owner": "saadparwaiz1", + "repo": "cmp_luasnip", + "rev": "98d9cb5c2c38532bd9bdb481067b20fea8f32e90", + "type": "github" + }, + "original": { + "owner": "saadparwaiz1", + "repo": "cmp_luasnip", + "type": "github" + } + }, + "nvim_plugin-sindrets/diffview.nvim": { + "flake": false, + "locked": { + "lastModified": 1718279802, + "narHash": "sha256-SX+ybIzL/w6uyCy4iZKnWnzTFwqB1oXSgyYVAdpdKi8=", + "owner": "sindrets", + "repo": "diffview.nvim", + "rev": "4516612fe98ff56ae0415a259ff6361a89419b0a", + "type": "github" + }, + "original": { + "owner": "sindrets", + "repo": "diffview.nvim", + "type": "github" + } + }, + "nvim_plugin-stevearc/conform.nvim": { + "flake": false, + "locked": { + "lastModified": 1751472067, + "narHash": "sha256-bm6266h0rKYcOeMPVqjh3DEKe5M0EIPuo4rvmRtkpvs=", + "owner": "stevearc", + "repo": "conform.nvim", + "rev": "973f3cb73887d510321653044791d7937c7ec0fa", + "type": "github" + }, + "original": { + "owner": "stevearc", + "repo": "conform.nvim", + "type": "github" + } + }, + "nvim_plugin-stevearc/dressing.nvim": { + "flake": false, + "locked": { + "lastModified": 1739381641, + "narHash": "sha256-dBz+/gZA6O6fJy/GSgM6ZHGAR3MTGt/W1olzzTYRlgM=", + "owner": "stevearc", + "repo": "dressing.nvim", + "rev": "2d7c2db2507fa3c4956142ee607431ddb2828639", + "type": "github" + }, + "original": { + "owner": "stevearc", + "repo": "dressing.nvim", + "type": "github" + } + }, + "nvim_plugin-tpope/vim-sleuth": { + "flake": false, + "locked": { + "lastModified": 1726718493, + "narHash": "sha256-2Cr3h3uJvUL3CSoJs3aBFrkBeOBURSQItgQ4ep9sHXM=", + "owner": "tpope", + "repo": "vim-sleuth", + "rev": "be69bff86754b1aa5adcbb527d7fcd1635a84080", + "type": "github" + }, + "original": { + "owner": "tpope", + "repo": "vim-sleuth", + "type": "github" + } + }, + "nvim_plugin-tpope/vim-surround": { + "flake": false, + "locked": { + "lastModified": 1666730476, + "narHash": "sha256-DZE5tkmnT+lAvx/RQHaDEgEJXRKsy56KJY919xiH1lE=", + "owner": "tpope", + "repo": "vim-surround", + "rev": "3d188ed2113431cf8dac77be61b842acb64433d9", + "type": "github" + }, + "original": { + "owner": "tpope", + "repo": "vim-surround", + "type": "github" + } + }, + "nvim_plugin-uga-rosa/ccc.nvim": { + "flake": false, + "locked": { + "lastModified": 1746537659, + "narHash": "sha256-3TZ8VmvdgQ9n63m78C3r4OIUkVQHTHBvC24ixBdhTig=", + "owner": "uga-rosa", + "repo": "ccc.nvim", + "rev": "9d1a256e006decc574789dfc7d628ca11644d4c2", + "type": "github" + }, + "original": { + "owner": "uga-rosa", + "repo": "ccc.nvim", + "type": "github" + } + }, + "nvim_plugin-windwp/nvim-ts-autotag": { + "flake": false, + "locked": { + "lastModified": 1739910276, + "narHash": "sha256-a3Bcql68mp3y5bH9XMiDTQB0e75T+qFB593objIGg/I=", + "owner": "windwp", + "repo": "nvim-ts-autotag", + "rev": "a1d526af391f6aebb25a8795cbc05351ed3620b5", + "type": "github" + }, + "original": { + "owner": "windwp", + "repo": "nvim-ts-autotag", + "type": "github" + } + }, + "nvim_plugin-zbirenbaum/copilot-cmp": { + "flake": false, + "locked": { + "lastModified": 1733947099, + "narHash": "sha256-erRL8bY/zuwuCZfttw+avTrFV7pjv2H6v73NzY2bymM=", + "owner": "zbirenbaum", + "repo": "copilot-cmp", + "rev": "15fc12af3d0109fa76b60b5cffa1373697e261d1", + "type": "github" + }, + "original": { + "owner": "zbirenbaum", + "repo": "copilot-cmp", + "type": "github" + } + }, + "nvim_plugin-zbirenbaum/copilot.lua": { + "flake": false, + "locked": { + "lastModified": 1753817982, + "narHash": "sha256-AHDh24MQ3OMNKUCuKaA9KrR4l0I+dT7tF+Bpl6PBSx8=", + "owner": "zbirenbaum", + "repo": "copilot.lua", + "rev": "55e43020dcd59c6da41cc773971380a003100844", + "type": "github" + }, + "original": { + "owner": "zbirenbaum", + "repo": "copilot.lua", + "type": "github" + } + }, + "opencode": { + "flake": false, + "locked": { + "lastModified": 1754526276, + "narHash": "sha256-OkkjbytvvUBOcSCjf3zd8NWLaM+I1tUR9IxcRZrdVeM=", + "owner": "sst", + "repo": "opencode", + "rev": "1a561bb5120b1b87a4c477f7cb6c3a0a4ce79114", + "type": "github" + }, + "original": { + "owner": "sst", + "ref": "v0.3.133", + "repo": "opencode", + "type": "github" + } + }, + "ragenix": { + "inputs": { + "agenix": "agenix", + "crane": "crane", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs_2", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1744897914, + "narHash": "sha256-GIVU92o2TZBnKQXTb76zpQbWR4zjU2rFqWKNIIpXnqA=", + "owner": "yaxitech", + "repo": "ragenix", + "rev": "40f2e17ecaeab4d78ec323e96a04548c0aaa5223", + "type": "github" + }, + "original": { + "owner": "yaxitech", + "repo": "ragenix", + "type": "github" + } + }, + "root": { + "inputs": { + "common": "common", + "disko": "disko", + "nixpkgs": "nixpkgs_3", + "ros_neovim": "ros_neovim" + } + }, + "ros_neovim": { + "inputs": { + "nixpkgs": "nixpkgs_4", + "nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim", + "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim", + "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring", + "nvim_plugin-L3MON4D3/LuaSnip": "nvim_plugin-L3MON4D3/LuaSnip", + "nvim_plugin-MeanderingProgrammer/render-markdown.nvim": "nvim_plugin-MeanderingProgrammer/render-markdown.nvim", + "nvim_plugin-MunifTanjim/nui.nvim": "nvim_plugin-MunifTanjim/nui.nvim", + "nvim_plugin-RRethy/vim-illuminate": "nvim_plugin-RRethy/vim-illuminate", + "nvim_plugin-Saecki/crates.nvim": "nvim_plugin-Saecki/crates.nvim", + "nvim_plugin-aznhe21/actions-preview.nvim": "nvim_plugin-aznhe21/actions-preview.nvim", + "nvim_plugin-b0o/schemastore.nvim": "nvim_plugin-b0o/schemastore.nvim", + "nvim_plugin-catppuccin/nvim": "nvim_plugin-catppuccin/nvim", + "nvim_plugin-chrisgrieser/nvim-early-retirement": "nvim_plugin-chrisgrieser/nvim-early-retirement", + "nvim_plugin-declancm/cinnamon.nvim": "nvim_plugin-declancm/cinnamon.nvim", + "nvim_plugin-folke/lazy.nvim": "nvim_plugin-folke/lazy.nvim", + "nvim_plugin-folke/neodev.nvim": "nvim_plugin-folke/neodev.nvim", + "nvim_plugin-folke/which-key.nvim": "nvim_plugin-folke/which-key.nvim", + "nvim_plugin-hrsh7th/cmp-buffer": "nvim_plugin-hrsh7th/cmp-buffer", + "nvim_plugin-hrsh7th/cmp-nvim-lsp": "nvim_plugin-hrsh7th/cmp-nvim-lsp", + "nvim_plugin-hrsh7th/cmp-path": "nvim_plugin-hrsh7th/cmp-path", + "nvim_plugin-hrsh7th/nvim-cmp": "nvim_plugin-hrsh7th/nvim-cmp", + "nvim_plugin-j-hui/fidget.nvim": "nvim_plugin-j-hui/fidget.nvim", + "nvim_plugin-johmsalas/text-case.nvim": "nvim_plugin-johmsalas/text-case.nvim", + "nvim_plugin-lewis6991/gitsigns.nvim": "nvim_plugin-lewis6991/gitsigns.nvim", + "nvim_plugin-lnc3l0t/glow.nvim": "nvim_plugin-lnc3l0t/glow.nvim", + "nvim_plugin-lukas-reineke/indent-blankline.nvim": "nvim_plugin-lukas-reineke/indent-blankline.nvim", + "nvim_plugin-m4xshen/hardtime.nvim": "nvim_plugin-m4xshen/hardtime.nvim", + "nvim_plugin-mbbill/undotree": "nvim_plugin-mbbill/undotree", + "nvim_plugin-mfussenegger/nvim-lint": "nvim_plugin-mfussenegger/nvim-lint", + "nvim_plugin-mrcjkb/rustaceanvim": "nvim_plugin-mrcjkb/rustaceanvim", + "nvim_plugin-neovim/nvim-lspconfig": "nvim_plugin-neovim/nvim-lspconfig", + "nvim_plugin-nosduco/remote-sshfs.nvim": "nvim_plugin-nosduco/remote-sshfs.nvim", + "nvim_plugin-numToStr/Comment.nvim": "nvim_plugin-numToStr/Comment.nvim", + "nvim_plugin-nvim-lua/plenary.nvim": "nvim_plugin-nvim-lua/plenary.nvim", + "nvim_plugin-nvim-lualine/lualine.nvim": "nvim_plugin-nvim-lualine/lualine.nvim", + "nvim_plugin-nvim-telescope/telescope-file-browser.nvim": "nvim_plugin-nvim-telescope/telescope-file-browser.nvim", + "nvim_plugin-nvim-telescope/telescope-fzf-native.nvim": "nvim_plugin-nvim-telescope/telescope-fzf-native.nvim", + "nvim_plugin-nvim-telescope/telescope-ui-select.nvim": "nvim_plugin-nvim-telescope/telescope-ui-select.nvim", + "nvim_plugin-nvim-telescope/telescope.nvim": "nvim_plugin-nvim-telescope/telescope.nvim", + "nvim_plugin-nvim-tree/nvim-tree.lua": "nvim_plugin-nvim-tree/nvim-tree.lua", + "nvim_plugin-nvim-tree/nvim-web-devicons": "nvim_plugin-nvim-tree/nvim-web-devicons", + "nvim_plugin-nvim-treesitter/nvim-treesitter-context": "nvim_plugin-nvim-treesitter/nvim-treesitter-context", + "nvim_plugin-rafamadriz/friendly-snippets": "nvim_plugin-rafamadriz/friendly-snippets", + "nvim_plugin-rcarriga/nvim-notify": "nvim_plugin-rcarriga/nvim-notify", + "nvim_plugin-rmagatti/auto-session": "nvim_plugin-rmagatti/auto-session", + "nvim_plugin-ron/ron.vim": "nvim_plugin-ron/ron.vim", + "nvim_plugin-saadparwaiz1/cmp_luasnip": "nvim_plugin-saadparwaiz1/cmp_luasnip", + "nvim_plugin-sindrets/diffview.nvim": "nvim_plugin-sindrets/diffview.nvim", + "nvim_plugin-stevearc/conform.nvim": "nvim_plugin-stevearc/conform.nvim", + "nvim_plugin-stevearc/dressing.nvim": "nvim_plugin-stevearc/dressing.nvim", + "nvim_plugin-tpope/vim-sleuth": "nvim_plugin-tpope/vim-sleuth", + "nvim_plugin-tpope/vim-surround": "nvim_plugin-tpope/vim-surround", + "nvim_plugin-uga-rosa/ccc.nvim": "nvim_plugin-uga-rosa/ccc.nvim", + "nvim_plugin-windwp/nvim-ts-autotag": "nvim_plugin-windwp/nvim-ts-autotag", + "nvim_plugin-zbirenbaum/copilot-cmp": "nvim_plugin-zbirenbaum/copilot-cmp", + "nvim_plugin-zbirenbaum/copilot.lua": "nvim_plugin-zbirenbaum/copilot.lua", + "rust-overlay": "rust-overlay_2" + }, + "locked": { + "lastModified": 1753849449, + "narHash": "sha256-zBShks1kHnfIq+tkBNkA41NCrhwJNbkhW3a/jLUIr50=", + "ref": "refs/heads/master", + "rev": "86093285e53caae7d2bf9a8d0046be3d4245a35b", + "revCount": 299, + "type": "git", + "url": "https://git.joshuabell.xyz/ringofstorms/nvim" + }, + "original": { + "type": "git", + "url": "https://git.joshuabell.xyz/ringofstorms/nvim" + } + }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "common", + "ragenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741400194, + "narHash": "sha256-tEpgT+q5KlGjHSm8MnINgTPErEl8YDzX3Eps8PVc09g=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "16b6045a232fea0e9e4c69e55a6e269607dd8e3f", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_2": { + "inputs": { + "nixpkgs": [ + "ros_neovim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1753843724, + "narHash": "sha256-a0Aab7Zst68GqvNAMh9Ejwnp8gawGnruOMtEWZ0HHjM=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "01ac47d86311fb030023f1dfc5f6bc368b9c6cee", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/hosts/testbed/flake.nix b/hosts/testbed/flake.nix new file mode 100644 index 0000000..3f4a148 --- /dev/null +++ b/hosts/testbed/flake.nix @@ -0,0 +1,110 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + # nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + + # Use relative to get current version for testing + common.url = "path:../../common"; + # common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles"; + + disko.url = "github:nix-community/disko/latest"; + disko.inputs.nixpkgs.follows = "nixpkgs"; + # impermanence.url = "github:nix-community/impermanence"; + + ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim"; + }; + + outputs = + { + self, + nixpkgs, + common, + ros_neovim, + disko, + # impermanence, + ... + }: + let + configuration_name = "testbed"; + lib = nixpkgs.lib; + in + { + packages = { + x86_64-linux.vm = self.nixosConfigurations.${configuration_name}.config.system.build.vmWithDisko; + }; + nixosConfigurations = { + "${configuration_name}" = ( + lib.nixosSystem { + modules = [ + disko.nixosModules.disko + # impermanence.nixosModules.impermanence + common.nixosModules.default + ros_neovim.nixosModules.default + ./configuration.nix + ./hardware-configuration.nix + ./disko-config.nix + ( + { config, pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + cowsay + lolcat + ]; + + ringofstorms_common = { + systemName = configuration_name; + boot.systemd.enable = true; + programs = { + ssh.enable = true; + podman.enable = true; + }; + users = { + admins = [ "luser" ]; # First admin is also the primary user owning nix config + users = { + root = { + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH2KFSRkViT+asBTjCgA7LNP3SHnfNCW+jHbV08VUuIi nix2nix" + ]; + shell = pkgs.zsh; + }; + luser = { + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH2KFSRkViT+asBTjCgA7LNP3SHnfNCW+jHbV08VUuIi nix2nix" + ]; + extraGroups = [ + "networkmanager" + "video" + "input" + ]; + shell = pkgs.zsh; + }; + }; + }; + homeManager = { + users = { + luser = { + imports = with common.homeManagerModules; [ + kitty + tmux + atuin + direnv + git + nix_deprecations + postgres + ssh + starship + zoxide + zsh + ]; + }; + }; + }; + }; + } + ) + ]; + } + ); + }; + }; +} diff --git a/hosts/testbed/hardware-configuration.nix b/hosts/testbed/hardware-configuration.nix new file mode 100644 index 0000000..197b7d3 --- /dev/null +++ b/hosts/testbed/hardware-configuration.nix @@ -0,0 +1,19 @@ +{ + lib, + ... +}: +{ + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + + boot.initrd.postMountCommands = lib.mkAfter '' + # Mount Btrfs volume (the device containing your root subvolumes) + mkdir -p /btrfs_tmp + mount -o subvol=/ /dev/disk/by-label/NIXROOT /btrfs_tmp + + # Delete current @root, then restore from snapshot + btrfs subvolume delete /btrfs_tmp/@root || true + btrfs subvolume snapshot /btrfs_tmp/@snapshots/root-empty /btrfs_tmp/@root + + umount /btrfs_tmp + ''; +}