diff --git a/common/flake.nix b/common/flake.nix index 05bf7ab..a91557d 100644 --- a/common/flake.nix +++ b/common/flake.nix @@ -4,6 +4,7 @@ home-manager.url = "github:rycee/home-manager/release-25.05"; ragenix.url = "github:yaxitech/ragenix"; hyprland.url = "github:hyprwm/Hyprland"; + nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=latest"; }; outputs = @@ -27,6 +28,8 @@ imports = [ home-manager.nixosModules.default ragenix.nixosModules.age + + nix-flatpak.nixosModules.nix-flatpak hyprland.nixosModules.default ./_home_manager ./options.nix diff --git a/common/programs/default.nix b/common/programs/default.nix index 82c2679..e856d4f 100644 --- a/common/programs/default.nix +++ b/common/programs/default.nix @@ -14,6 +14,7 @@ in ./podman.nix ./incus.nix ./virt-manager.nix + ./flatpaks.nix ]; config = { assertions = [ diff --git a/common/programs/flatpaks.nix b/common/programs/flatpaks.nix new file mode 100644 index 0000000..307fff2 --- /dev/null +++ b/common/programs/flatpaks.nix @@ -0,0 +1,66 @@ +{ + config, + lib, + ... +}: +let + ccfg = import ../config.nix; + cfg_path = [ + ccfg.custom_config_key + "programs" + "flatpaks" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path config; +in +{ + options = + { } + // lib.attrsets.setAttrByPath cfg_path { + enable = lib.mkEnableOption "flatpaks"; + packages = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + description = "List of Flatpak package names to install."; + }; + }; + + config = lib.mkIf cfg.enable { + services.flatpak = { + enable = true; + packages = cfg.packages; + overrides = { + global = { + Context.sockets = [ + "wayland" + "x11" + ]; + Context.devices = [ "dri" ]; # allow GPU access if desired + Environment = { + XCURSOR_PATH = "/run/host/user-share/icons:/run/host/share/icons"; + GTK_THEME = "Adwaita:dark"; + # Force wayland as much as possible. + ELECTRON_OZONE_PLATFORM_HINT = "auto"; # or 'auto' + GTK_USE_PORTAL = "1"; + OZONE_PLATFORM = "wayland"; + QT_QPA_PLATFORM = "xcb"; # force XCB for Flatpaks (XWayland) + }; + }; + "org.signal.Signal" = { + Environment = { + SIGNAL_PASSWORD_STORE = "gnome-libsecret"; + }; + Context = { + sockets = [ + "xfg-settings" + ]; + }; + }; + "com.google.Chrome" = { + Environment = { + CHROME_EXTRA_ARGS = "--enable-features=WaylandWindowDecorations --ozone-platform-hint=auto"; + }; + }; + }; + }; + }; +} diff --git a/flakes/common/flake.nix b/flakes/common/flake.nix index bed3399..39470ef 100644 --- a/flakes/common/flake.nix +++ b/flakes/common/flake.nix @@ -1,7 +1,3 @@ -let - utils = import ./utils.nix; -in -with utils; { description = "Common NixOS configuration modules and Home Manager modules that require not other inputs beyond nixpkgs or home-manager itself. This is made by me for me and not designed to be general purpose for anyone else, but could be useful nontheless."; inputs = { }; @@ -9,6 +5,10 @@ with utils; { ... }: + let + utils = import ./utils.nix; + in + with utils; { nixosModules = importAll ./nix_modules; homeManagerModules = importAll ./hm_modules; diff --git a/flakes/common/hm_modules/de_sway/sway.nix b/flakes/common/hm_modules/de_sway/sway.nix index 9854d05..09b7b09 100644 --- a/flakes/common/hm_modules/de_sway/sway.nix +++ b/flakes/common/hm_modules/de_sway/sway.nix @@ -103,7 +103,7 @@ # Keybindings mirroring Hyprland keybindings = { # Apps - "${modifier}+return" = "exec ${config.wayland.winfowManager.sway.config.terminal}"; + "${modifier}+return" = "exec ${config.wayland.windowManager.sway.config.terminal}"; "${modifier}+space" = "exec pkill wofi || wofi --show drun"; "${modifier}+q" = "kill"; "${modifier}+shift+Escape" = "exit"; diff --git a/flakes/common/nix_modules/de_sway.nix b/flakes/common/nix_modules/de_sway.nix index 21d3cbe..02eea3f 100644 --- a/flakes/common/nix_modules/de_sway.nix +++ b/flakes/common/nix_modules/de_sway.nix @@ -6,11 +6,6 @@ }: { - # Enable for all users via Home Manager fragments in this module - home-manager = { - sharedModules = [ ./home_manager ]; - }; - services.greetd = { enable = true; vt = 2; diff --git a/flakes/common/nix_modules/docker.nix b/flakes/common/nix_modules/docker.nix index 416d2fc..1d9b1ff 100644 --- a/flakes/common/nix_modules/docker.nix +++ b/flakes/common/nix_modules/docker.nix @@ -8,7 +8,7 @@ enable = true; autoPrune.enable = true; }; - users.extraGroups.docker.members = builtins.AttrNames config.users.users; + users.extraGroups.docker.members = builtins.attrNames config.users.users; environment.shellAliases = { dockerv = "docker volume"; dockeri = "docker image"; diff --git a/flakes/test b/flakes/common/nix_modules/flatpaks.nix similarity index 100% rename from flakes/test rename to flakes/common/nix_modules/flatpaks.nix diff --git a/flakes/common/nix_modules/hardening.nix b/flakes/common/nix_modules/hardening.nix index 9e3ac3f..be2e326 100644 --- a/flakes/common/nix_modules/hardening.nix +++ b/flakes/common/nix_modules/hardening.nix @@ -52,6 +52,7 @@ enable = true; settings = { LogLevel = "VERBOSE"; + # TODO revisit allowing root login PermitRootLogin = "yes"; PasswordAuthentication = false; }; diff --git a/flakes/common/nix_modules/podman.nix b/flakes/common/nix_modules/podman.nix index 0408e28..27a456b 100644 --- a/flakes/common/nix_modules/podman.nix +++ b/flakes/common/nix_modules/podman.nix @@ -7,5 +7,5 @@ enable = true; autoPrune.enable = true; }; - users.extraGroups.docker.members = builtins.AttrNames config.users.users; + users.extraGroups.docker.members = builtins.attrNames config.users.users; } diff --git a/flakes/common/readme.md b/flakes/common/readme.md index 1897981..38def10 100644 --- a/flakes/common/readme.md +++ b/flakes/common/readme.md @@ -1,7 +1,10 @@ required settings? +- nixpkgs and home manager flake inputs + ```nix # Required system information +system.stateVersion = "ORIGINAL VALUE" networking.hostName = "system_name"; # Where this config lives for this machine @@ -14,14 +17,32 @@ users.users = { josh = { isNormalUser = true; initialPassword = "password1"; - extraGroups = [ "wheel" ]; + extraGroups = [ "wheel" "networkmanager" "video" "input" ]; + openssh.authorizedKeys.keys = [ "replace" ]; }; }; + +# Home manager only below this line (optional) +security.polkit.enable = true; +home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + backupFileExtension = "bak"; + sharedModules = [ + ({}: { + home.stateVersion = "MATCH_HM_VERSION_AS_INPUT"; + programs.home-manager.enable = true; + }) + ]; +}; ``` # TODO add somewhere ```nix + + + # allow mounting ntfs filesystems boot.supportedFilesystems = [ "ntfs" ]; @@ -53,4 +74,9 @@ services.tailscale.extraUpFlags = ++ (lib.optionals cfg.enableExitNode [ "--adve - rust dev (now using direnv local flakes for that) - incus - virt-manager - - +- hm not ported + - obs +- opensnitch + - homemanager `services.opensnitch-ui.enable = true;` +- hyprland config +- i3 isntead of sway? diff --git a/flakes/flatpaks/flake.lock b/flakes/flatpaks/flake.lock new file mode 100644 index 0000000..cc6c6bf --- /dev/null +++ b/flakes/flatpaks/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nix-flatpak": { + "locked": { + "lastModified": 1739444422, + "narHash": "sha256-iAVVHi7X3kWORftY+LVbRiStRnQEob2TULWyjMS6dWg=", + "owner": "gmodena", + "repo": "nix-flatpak", + "rev": "5e54c3ca05a7c7d968ae1ddeabe01d2a9bc1e177", + "type": "github" + }, + "original": { + "owner": "gmodena", + "ref": "latest", + "repo": "nix-flatpak", + "type": "github" + } + }, + "root": { + "inputs": { + "nix-flatpak": "nix-flatpak" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flakes/flatpaks/flake.nix b/flakes/flatpaks/flake.nix new file mode 100644 index 0000000..3cebad2 --- /dev/null +++ b/flakes/flatpaks/flake.nix @@ -0,0 +1,65 @@ +{ + inputs = { + nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=latest"; + }; + + outputs = + { + nix-flatpak, + ... + }: + { + nixosModules = { + default = + { + config, + lib, + pkgs, + ... + }: + { + imports = [ + nix-flatpak.nixosModules.nix-flatpak + ]; + config = { + services.flatpak = { + enable = true; + overrides = { + global = { + Context.sockets = [ + "wayland" + "x11" + ]; + Context.devices = [ "dri" ]; # allow GPU access if desired + Environment = { + XCURSOR_PATH = "/run/host/user-share/icons:/run/host/share/icons"; + GTK_THEME = "Adwaita:dark"; + # Force wayland as much as possible. + ELECTRON_OZONE_PLATFORM_HINT = "auto"; # or 'auto' + GTK_USE_PORTAL = "1"; + OZONE_PLATFORM = "wayland"; + QT_QPA_PLATFORM = "xcb"; # force XCB for Flatpaks (XWayland) + }; + }; + "org.signal.Signal" = { + Environment = { + SIGNAL_PASSWORD_STORE = "gnome-libsecret"; + }; + Context = { + sockets = [ + "xfg-settings" + ]; + }; + }; + "com.google.Chrome" = { + Environment = { + CHROME_EXTRA_ARGS = "--enable-features=WaylandWindowDecorations --ozone-platform-hint=auto"; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/flakes/secrets/flake.lock b/flakes/secrets/flake.lock new file mode 100644 index 0000000..190b4a5 --- /dev/null +++ b/flakes/secrets/flake.lock @@ -0,0 +1,202 @@ +{ + "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": [ + "ragenix", + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1736955230, + "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", + "owner": "ryantm", + "repo": "agenix", + "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "crane": { + "locked": { + "lastModified": 1741481578, + "narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=", + "owner": "ipetkov", + "repo": "crane", + "rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "ragenix", + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "ragenix", + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1741379970, + "narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "36fd87baa9083f34f7f5027900b62ee6d09b1f2f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "ragenix": { + "inputs": { + "agenix": "agenix", + "crane": "crane", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1744897914, + "narHash": "sha256-GIVU92o2TZBnKQXTb76zpQbWR4zjU2rFqWKNIIpXnqA=", + "owner": "yaxitech", + "repo": "ragenix", + "rev": "40f2e17ecaeab4d78ec323e96a04548c0aaa5223", + "type": "github" + }, + "original": { + "owner": "yaxitech", + "repo": "ragenix", + "type": "github" + } + }, + "root": { + "inputs": { + "ragenix": "ragenix" + } + }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "ragenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741400194, + "narHash": "sha256-tEpgT+q5KlGjHSm8MnINgTPErEl8YDzX3Eps8PVc09g=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "16b6045a232fea0e9e4c69e55a6e269607dd8e3f", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flakes/secrets/flake.nix b/flakes/secrets/flake.nix index 80731ba..70fc8d8 100644 --- a/flakes/secrets/flake.nix +++ b/flakes/secrets/flake.nix @@ -20,7 +20,6 @@ { imports = [ ragenix.nixosModules.age - ./secrets ]; config = let @@ -64,7 +63,7 @@ in lib.nameValuePair base ( { - file = ./. + "/secrets/${name}"; + file = ./. + "/${name}"; owner = user; } // lib.optionalAttrs (lib.elem base worldReadable) { diff --git a/hosts/lio/configuration.nix b/hosts/lio/configuration.nix index 07eba39..7f454ba 100644 --- a/hosts/lio/configuration.nix +++ b/hosts/lio/configuration.nix @@ -1,4 +1,6 @@ { + upkgs, + pkgs, ... }: { @@ -11,8 +13,6 @@ # System76 hardware.system76.enableAll = true; - system.stateVersion = "23.11"; - services = { # https://discourse.nixos.org/t/very-high-fan-noises-on-nixos-using-a-system76-thelio/23875/10 # Fixes insane jet speed fan noise @@ -28,4 +28,27 @@ # }; }; }; + + # Also allow this key to work for root user, this will let us use this as a remote builder easier + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJN2nsLmAlF6zj5dEBkNSJaqcCya+aB6I0imY8Q5Ew0S nix2lio" + ]; + # Allow emulation of aarch64-linux binaries for cross compiling + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + + environment.systemPackages = with pkgs; [ + lua + qdirstat + ffmpeg-full + appimage-run + nodejs_24 + foot + vlc + upkgs.ladybird + google-chrome + trilium-desktop + dig + traceroute + # opensnitch-ui + ]; } diff --git a/hosts/lio/flake.lock b/hosts/lio/flake.lock index 5892055..0bc2223 100644 --- a/hosts/lio/flake.lock +++ b/hosts/lio/flake.lock @@ -5,11 +5,11 @@ "darwin": "darwin", "home-manager": "home-manager_2", "nixpkgs": [ - "common", + "secrets", "ragenix", "nixpkgs" ], - "systems": "systems_2" + "systems": "systems" }, "locked": { "lastModified": 1736955230, @@ -25,64 +25,16 @@ "type": "github" } }, - "aquamarine": { - "inputs": { - "hyprutils": [ - "common", - "hyprland", - "hyprutils" - ], - "hyprwayland-scanner": [ - "common", - "hyprland", - "hyprwayland-scanner" - ], - "nixpkgs": [ - "common", - "hyprland", - "nixpkgs" - ], - "systems": [ - "common", - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1759499898, - "narHash": "sha256-UNzYHLWfkSzLHDep5Ckb5tXc0fdxwPIrT+MY4kpQttM=", - "owner": "hyprwm", - "repo": "aquamarine", - "rev": "655e067f96fd44b3f5685e17f566b0e4d535d798", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "aquamarine", - "type": "github" - } - }, "common": { - "inputs": { - "home-manager": "home-manager", - "hyprland": "hyprland", - "nix-flatpak": "nix-flatpak", - "nixpkgs": "nixpkgs_3", - "ragenix": "ragenix" - }, "locked": { - "lastModified": 1760816431, - "narHash": "sha256-X3s7h60hnps26+KkRXn52E3Tq+j/vDcmNvWnDiHtWxI=", - "ref": "refs/heads/master", - "rev": "35cff92c209806bb76ad51e0c515dde6ad2b6a22", - "revCount": 725, - "type": "git", - "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" + "path": "../../flakes/common", + "type": "path" }, "original": { - "type": "git", - "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" - } + "path": "../../flakes/common", + "type": "path" + }, + "parent": [] }, "crane": { "locked": { @@ -102,7 +54,7 @@ "darwin": { "inputs": { "nixpkgs": [ - "common", + "secrets", "ragenix", "agenix", "nixpkgs" @@ -123,25 +75,9 @@ "type": "github" } }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-utils": { "inputs": { - "systems": "systems_3" + "systems": "systems_2" }, "locked": { "lastModified": 1731533236, @@ -157,28 +93,19 @@ "type": "github" } }, - "gitignore": { + "flatpaks": { "inputs": { - "nixpkgs": [ - "common", - "hyprland", - "pre-commit-hooks", - "nixpkgs" - ] + "nix-flatpak": "nix-flatpak" }, "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" + "path": "../../flakes/flatpaks", + "type": "path" }, "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } + "path": "../../flakes/flatpaks", + "type": "path" + }, + "parent": [] }, "home-manager": { "inputs": { @@ -202,7 +129,7 @@ "home-manager_2": { "inputs": { "nixpkgs": [ - "common", + "secrets", "ragenix", "agenix", "nixpkgs" @@ -222,287 +149,6 @@ "type": "github" } }, - "hyprcursor": { - "inputs": { - "hyprlang": [ - "common", - "hyprland", - "hyprlang" - ], - "nixpkgs": [ - "common", - "hyprland", - "nixpkgs" - ], - "systems": [ - "common", - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1753964049, - "narHash": "sha256-lIqabfBY7z/OANxHoPeIrDJrFyYy9jAM4GQLzZ2feCM=", - "owner": "hyprwm", - "repo": "hyprcursor", - "rev": "44e91d467bdad8dcf8bbd2ac7cf49972540980a5", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprcursor", - "type": "github" - } - }, - "hyprgraphics": { - "inputs": { - "hyprutils": [ - "common", - "hyprland", - "hyprutils" - ], - "nixpkgs": [ - "common", - "hyprland", - "nixpkgs" - ], - "systems": [ - "common", - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1759490292, - "narHash": "sha256-T6iWzDOXp8Wv0KQOCTHpBcmAOdHJ6zc/l9xaztW6Ivc=", - "owner": "hyprwm", - "repo": "hyprgraphics", - "rev": "9431db625cd9bb66ac55525479dce694101d6d7a", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprgraphics", - "type": "github" - } - }, - "hyprland": { - "inputs": { - "aquamarine": "aquamarine", - "hyprcursor": "hyprcursor", - "hyprgraphics": "hyprgraphics", - "hyprland-protocols": "hyprland-protocols", - "hyprland-qtutils": "hyprland-qtutils", - "hyprlang": "hyprlang", - "hyprutils": "hyprutils", - "hyprwayland-scanner": "hyprwayland-scanner", - "nixpkgs": "nixpkgs_2", - "pre-commit-hooks": "pre-commit-hooks", - "systems": "systems", - "xdph": "xdph" - }, - "locked": { - "lastModified": 1760813095, - "narHash": "sha256-D0AU+KKB9aGqiwDaS7er2pITjn9AS+XStzigPSoLeOQ=", - "owner": "hyprwm", - "repo": "Hyprland", - "rev": "39d62e1487052da2751ec1e36d243e3e92e24f6a", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "Hyprland", - "type": "github" - } - }, - "hyprland-protocols": { - "inputs": { - "nixpkgs": [ - "common", - "hyprland", - "nixpkgs" - ], - "systems": [ - "common", - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1749046714, - "narHash": "sha256-kymV5FMnddYGI+UjwIw8ceDjdeg7ToDVjbHCvUlhn14=", - "owner": "hyprwm", - "repo": "hyprland-protocols", - "rev": "613878cb6f459c5e323aaafe1e6f388ac8a36330", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprland-protocols", - "type": "github" - } - }, - "hyprland-qt-support": { - "inputs": { - "hyprlang": [ - "common", - "hyprland", - "hyprland-qtutils", - "hyprlang" - ], - "nixpkgs": [ - "common", - "hyprland", - "hyprland-qtutils", - "nixpkgs" - ], - "systems": [ - "common", - "hyprland", - "hyprland-qtutils", - "systems" - ] - }, - "locked": { - "lastModified": 1749154592, - "narHash": "sha256-DO7z5CeT/ddSGDEnK9mAXm1qlGL47L3VAHLlLXoCjhE=", - "owner": "hyprwm", - "repo": "hyprland-qt-support", - "rev": "4c8053c3c888138a30c3a6c45c2e45f5484f2074", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprland-qt-support", - "type": "github" - } - }, - "hyprland-qtutils": { - "inputs": { - "hyprland-qt-support": "hyprland-qt-support", - "hyprlang": [ - "common", - "hyprland", - "hyprlang" - ], - "hyprutils": [ - "common", - "hyprland", - "hyprland-qtutils", - "hyprlang", - "hyprutils" - ], - "nixpkgs": [ - "common", - "hyprland", - "nixpkgs" - ], - "systems": [ - "common", - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1759080228, - "narHash": "sha256-RgDoAja0T1hnF0pTc56xPfLfFOO8Utol2iITwYbUhTk=", - "owner": "hyprwm", - "repo": "hyprland-qtutils", - "rev": "629b15c19fa4082e4ce6be09fdb89e8c3312aed7", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprland-qtutils", - "type": "github" - } - }, - "hyprlang": { - "inputs": { - "hyprutils": [ - "common", - "hyprland", - "hyprutils" - ], - "nixpkgs": [ - "common", - "hyprland", - "nixpkgs" - ], - "systems": [ - "common", - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1758927902, - "narHash": "sha256-LZgMds7M94+vuMql2bERQ6LiFFdhgsEFezE4Vn+Ys3A=", - "owner": "hyprwm", - "repo": "hyprlang", - "rev": "4dafa28d4f79877d67a7d1a654cddccf8ebf15da", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprlang", - "type": "github" - } - }, - "hyprutils": { - "inputs": { - "nixpkgs": [ - "common", - "hyprland", - "nixpkgs" - ], - "systems": [ - "common", - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1759619523, - "narHash": "sha256-r1ed7AR2ZEb2U8gy321/Xcp1ho2tzn+gG1te/Wxsj1A=", - "owner": "hyprwm", - "repo": "hyprutils", - "rev": "3df7bde01efb3a3e8e678d1155f2aa3f19e177ef", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprutils", - "type": "github" - } - }, - "hyprwayland-scanner": { - "inputs": { - "nixpkgs": [ - "common", - "hyprland", - "nixpkgs" - ], - "systems": [ - "common", - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1755184602, - "narHash": "sha256-RCBQN8xuADB0LEgaKbfRqwm6CdyopE1xIEhNc67FAbw=", - "owner": "hyprwm", - "repo": "hyprwayland-scanner", - "rev": "b3b0f1f40ae09d4447c20608e5a4faf8bf3c492d", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprwayland-scanner", - "type": "github" - } - }, "nix-flatpak": { "locked": { "lastModified": 1739444422, @@ -553,32 +199,31 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1759381078, - "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", - "owner": "NixOS", + "lastModified": 1760580664, + "narHash": "sha256-/YdfibIrnqXAL8p5kqCU345mzpHoOtuVIkMiI2pF4Dc=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", + "rev": "98ff3f9af2684f6136c24beef08f5e2033fc5389", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixos-unstable", + "owner": "nixos", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_3": { "locked": { - "lastModified": 1760524057, - "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", + "lastModified": 1759772810, + "narHash": "sha256-8/sO67+Q6yNfFD39W5SXQHDbf/tQUHWFhCdxgRRGVCQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", + "rev": "2b78ecc45e163d655c08c9a4cffb4a91c66d0493", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -599,37 +244,6 @@ "type": "github" } }, - "nixpkgs_5": { - "locked": { - "lastModified": 1760580664, - "narHash": "sha256-/YdfibIrnqXAL8p5kqCU345mzpHoOtuVIkMiI2pF4Dc=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "98ff3f9af2684f6136c24beef08f5e2033fc5389", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-25.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { - "locked": { - "lastModified": 1759772810, - "narHash": "sha256-8/sO67+Q6yNfFD39W5SXQHDbf/tQUHWFhCdxgRRGVCQ=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "2b78ecc45e163d655c08c9a4cffb4a91c66d0493", - "type": "github" - }, - "original": { - "owner": "nixos", - "repo": "nixpkgs", - "type": "github" - } - }, "nvim_plugin-Almo7aya/openingh.nvim": { "flake": false, "locked": { @@ -1510,37 +1124,13 @@ "type": "github" } }, - "pre-commit-hooks": { - "inputs": { - "flake-compat": "flake-compat", - "gitignore": "gitignore", - "nixpkgs": [ - "common", - "hyprland", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1758108966, - "narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, "ragenix": { "inputs": { "agenix": "agenix", "crane": "crane", "flake-utils": "flake-utils", "nixpkgs": "nixpkgs_4", - "rust-overlay": "rust-overlay" + "rust-overlay": "rust-overlay_2" }, "locked": { "lastModified": 1744897914, @@ -1559,14 +1149,17 @@ "root": { "inputs": { "common": "common", - "nixpkgs": "nixpkgs_5", + "flatpaks": "flatpaks", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs_2", "nixpkgs-unstable": "nixpkgs-unstable", - "ros_neovim": "ros_neovim" + "ros_neovim": "ros_neovim", + "secrets": "secrets" } }, "ros_neovim": { "inputs": { - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_3", "nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim", "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim", "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring", @@ -1622,7 +1215,7 @@ "nvim_plugin-windwp/nvim-ts-autotag": "nvim_plugin-windwp/nvim-ts-autotag", "nvim_plugin-zbirenbaum/copilot-cmp": "nvim_plugin-zbirenbaum/copilot-cmp", "nvim_plugin-zbirenbaum/copilot.lua": "nvim_plugin-zbirenbaum/copilot.lua", - "rust-overlay": "rust-overlay_2" + "rust-overlay": "rust-overlay" }, "locked": { "lastModified": 1760630879, @@ -1639,28 +1232,6 @@ } }, "rust-overlay": { - "inputs": { - "nixpkgs": [ - "common", - "ragenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1741400194, - "narHash": "sha256-tEpgT+q5KlGjHSm8MnINgTPErEl8YDzX3Eps8PVc09g=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "16b6045a232fea0e9e4c69e55a6e269607dd8e3f", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "rust-overlay_2": { "inputs": { "nixpkgs": [ "ros_neovim", @@ -1681,18 +1252,54 @@ "type": "github" } }, + "rust-overlay_2": { + "inputs": { + "nixpkgs": [ + "secrets", + "ragenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741400194, + "narHash": "sha256-tEpgT+q5KlGjHSm8MnINgTPErEl8YDzX3Eps8PVc09g=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "16b6045a232fea0e9e4c69e55a6e269607dd8e3f", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "secrets": { + "inputs": { + "ragenix": "ragenix" + }, + "locked": { + "path": "../../flakes/secrets", + "type": "path" + }, + "original": { + "path": "../../flakes/secrets", + "type": "path" + }, + "parent": [] + }, "systems": { "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "type": "github" }, "original": { "owner": "nix-systems", - "repo": "default-linux", + "repo": "default", "type": "github" } }, @@ -1710,68 +1317,6 @@ "repo": "default", "type": "github" } - }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "xdph": { - "inputs": { - "hyprland-protocols": [ - "common", - "hyprland", - "hyprland-protocols" - ], - "hyprlang": [ - "common", - "hyprland", - "hyprlang" - ], - "hyprutils": [ - "common", - "hyprland", - "hyprutils" - ], - "hyprwayland-scanner": [ - "common", - "hyprland", - "hyprwayland-scanner" - ], - "nixpkgs": [ - "common", - "hyprland", - "nixpkgs" - ], - "systems": [ - "common", - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1755354946, - "narHash": "sha256-zdov5f/GcoLQc9qYIS1dUTqtJMeDqmBmo59PAxze6e4=", - "owner": "hyprwm", - "repo": "xdg-desktop-portal-hyprland", - "rev": "a10726d6a8d0ef1a0c645378f983b6278c42eaa0", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "xdg-desktop-portal-hyprland", - "type": "github" - } } }, "root": "root", diff --git a/hosts/lio/flake.nix b/hosts/lio/flake.nix index 4212ba1..dda521b 100644 --- a/hosts/lio/flake.nix +++ b/hosts/lio/flake.nix @@ -1,11 +1,15 @@ { inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + home-manager.url = "github:rycee/home-manager/release-25.05"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Use relative to get current version for testing - # common.url = "path:../../common"; - common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles"; + common.url = "path:../../flakes/common"; + # common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles"; + secrets.url = "path:../../flakes/secrets"; + flatpaks.url = "path:../../flakes/flatpaks"; ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim"; }; @@ -13,7 +17,10 @@ outputs = { nixpkgs, + home-manager, common, + secrets, + flatpaks, ros_neovim, ... }@inputs: @@ -33,14 +40,35 @@ }; }; modules = [ - common.nixosModules.default + home-manager.nixosModules.default + + secrets.nixosModules.default ros_neovim.nixosModules.default + flatpaks.nixosModules.default + + common.nixosModules.essentials + common.nixosModules.git + common.nixosModules.tmux + common.nixosModules.boot_systemd + common.nixosModules.de_sway + common.nixosModules.hardening + common.nixosModules.jetbrains_font + common.nixosModules.nix_options + common.nixosModules.no_sleep + common.nixosModules.podman + common.nixosModules.q_flipper + common.nixosModules.tailnet + common.nixosModules.timezone_auto + common.nixosModules.tty_caps_esc + common.nixosModules.zsh + ./configuration.nix ./hardware-configuration.nix (import ./containers.nix { inherit inputs; }) # ./jails_text.nix # ./hyprland_customizations.nix ./sway_customizations.nix + ./opencode-shim.nix ( { config, @@ -49,136 +77,76 @@ lib, ... }: - { - programs = { - nix-ld = { - enable = true; - libraries = with pkgs; [ - icu - gmp - glibc - openssl - stdenv.cc.cc + rec { + # Home Manager + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + backupFileExtension = "bak"; + # add all normal users to home manager so it applies to them + users = lib.mapAttrs (name: user: { + home.stateVersion = "25.05"; + programs.home-manager.enable = true; + }) (lib.filterAttrs (name: user: user.isNormalUser or false) users.users); + + sharedModules = [ + common.homeManagerModules.de_sway + common.homeManagerModules.tmux + common.homeManagerModules.atuin + common.homeManagerModules.direnv + common.homeManagerModules.foot + common.homeManagerModules.git + common.homeManagerModules.kitty + common.homeManagerModules.postgres_cli_options + common.homeManagerModules.slicer + common.homeManagerModules.ssh + common.homeManagerModules.starship + common.homeManagerModules.zoxide + common.homeManagerModules.zsh + ]; + + extraSpecialArgs = { + inherit inputs; + inherit upkgs; + }; + }; + + # System configuration + system.stateVersion = "23.11"; + networking.hostName = configuration_name; + programs.nh.flake = "/home/josh/.config/nixos-config/hosts/${config.networking.hostName}"; + nixpkgs.config.allowUnfree = true; + + # Users + users.users = { + josh = { + isNormalUser = true; + initialPassword = "password1"; + extraGroups = [ + "wheel" + "networkmanager" + "video" + "input" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJN2nsLmAlF6zj5dEBkNSJaqcCya+aB6I0imY8Q5Ew0S nix2lio" ]; }; }; - environment.shellAliases = { - "oc" = - "all_proxy='' http_proxy='' https_proxy='' /home/josh/other/opencode/node_modules/opencode-linux-x64/bin/opencode"; - "occ" = "oc -c"; - }; - environment.systemPackages = with pkgs; [ - lua - qdirstat - ffmpeg-full - appimage-run - nodejs_24 - foot - vlc - upkgs.ladybird - google-chrome - trilium-desktop - dig - traceroute - # opensnitch-ui + services.flatpak.packages = [ + "org.signal.Signal" + "dev.vencord.Vesktop" + "md.obsidian.Obsidian" + "com.spotify.Client" + "com.bitwarden.desktop" + "org.openscad.OpenSCAD" + "org.blender.Blender" + "com.rustdesk.RustDesk" ]; - # Also allow this key to work for root user, this will let us use this as a remote builder easier - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJN2nsLmAlF6zj5dEBkNSJaqcCya+aB6I0imY8Q5Ew0S nix2lio" - ]; - # Allow emulation of aarch64-linux binaries for cross compiling - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; - - home-manager.extraSpecialArgs = { - inherit inputs; - inherit upkgs; - }; - - ringofstorms_common = { - systemName = configuration_name; - boot.systemd.enable = true; - secrets.enable = true; - general = { - reporting.enable = true; - disableRemoteBuildsOnLio = true; - }; - desktopEnvironment.sway = { - enable = true; - waybar.enable = true; - swaync.enable = true; - }; - programs = { - rustDev.enable = true; - uhkAgent.enable = true; - tailnet.enable = true; - tailnet.enableExitNode = true; - ssh.enable = true; - podman.enable = true; - virt-manager.enable = true; - flatpaks = { - enable = true; - packages = [ - "org.signal.Signal" - "dev.vencord.Vesktop" - "md.obsidian.Obsidian" - "com.spotify.Client" - "com.bitwarden.desktop" - "org.openscad.OpenSCAD" - "org.blender.Blender" - "com.rustdesk.RustDesk" - ]; - }; - }; - users = { - # Users are all normal users and default password is password1 - admins = [ "josh" ]; # First admin is also the primary user owning nix config - users = { - josh = { - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJN2nsLmAlF6zj5dEBkNSJaqcCya+aB6I0imY8Q5Ew0S nix2lio" - ]; - extraGroups = [ - "networkmanager" - "video" - "input" - ]; - shell = pkgs.zsh; - packages = with pkgs; [ - sabnzbd - ]; - }; - }; - }; - homeManager = { - users = { - josh = { - imports = with common.homeManagerModules; [ - tmux - atuin - kitty - foot - direnv - git - nix_deprecations - obs - postgres - slicer - ssh - starship - zoxide - zsh - ]; - - # services.opensnitch-ui.enable = true; - }; - }; - }; - }; } ) ]; - } ); }; diff --git a/hosts/lio/opencode-shim.nix b/hosts/lio/opencode-shim.nix new file mode 100644 index 0000000..e4ecdd4 --- /dev/null +++ b/hosts/lio/opencode-shim.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: +{ + programs = { + nix-ld = { + enable = true; + libraries = with pkgs; [ + icu + gmp + glibc + openssl + stdenv.cc.cc + ]; + }; + }; + environment.shellAliases = { + "oc" = + "all_proxy='' http_proxy='' https_proxy='' /home/josh/other/opencode/node_modules/opencode-linux-x64/bin/opencode"; + "occ" = "oc -c"; + }; +} diff --git a/hosts/lio/sway_customizations.nix b/hosts/lio/sway_customizations.nix index 007bc3f..a58f2e2 100644 --- a/hosts/lio/sway_customizations.nix +++ b/hosts/lio/sway_customizations.nix @@ -74,8 +74,15 @@ in options = { }; config = { - environment.systemPackages = [ ]; + # ringofstorms_common.desktopEnvironment.sway.extraOptions = swayExtraOptions; - ringofstorms_common.desktopEnvironment.sway.extraOptions = swayExtraOptions; + home-manager.sharedModules = [ + ( + { ... }: + { + wayland.windowManager.sway.config = swayExtraOptions; + } + ) + ]; }; }