From 160a5c3ffe0a228d9154ea6c79ee1da9f67f3014 Mon Sep 17 00:00:00 2001 From: Gerg-L Date: Sun, 2 Jul 2023 00:33:46 -0400 Subject: [PATCH] localModules -> local moved keys to their own module updated nix switching pinning method --- .sops.yaml | 6 +- flake.lock | 79 ++++++++++--------- flake.nix | 2 +- hosts/game-laptop/default.nix | 8 +- .../containers/{website.nix_ => website.nix} | 10 +-- hosts/gerg-desktop/default.nix | 13 ++- hosts/gerg-desktop/secrets.yaml | 5 +- hosts/gerg-desktop/zfs.nix | 1 + hosts/moms-laptop/default.nix | 8 +- modules/DE/dwm.nix | 4 +- modules/DE/gnome.nix | 4 +- modules/DE/xfce.nix | 4 +- modules/DM/autoLogin.nix | 6 +- modules/DM/lightDM.nix | 6 +- modules/X11.nix | 4 +- modules/builders.nix | 30 ++++--- modules/direnv.nix | 20 ++--- modules/git.nix | 4 +- modules/hardware.nix | 4 +- modules/keys.nix | 18 +++++ modules/misc.nix | 1 - modules/pinning.nix | 3 +- modules/shell.nix | 52 +++++++++++- modules/theming.nix | 4 +- 24 files changed, 187 insertions(+), 109 deletions(-) rename hosts/gerg-desktop/containers/{website.nix_ => website.nix} (95%) create mode 100644 modules/keys.nix diff --git a/.sops.yaml b/.sops.yaml index dbc470d..a7ebec7 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -3,16 +3,16 @@ keys: - &moms-laptop age1vxx3qdsucv2v2slag67c4f0kwd8jtta4tue6m8d9xfl4ryrqvyusxgwl68 - &game-laptop age1egxes320renph0uevtmnsz4d5aw0z794c5nwrk2z6249wv2yevgqx9cf90 creation_rules: - - path_regex: systems/gerg-desktop/secrets.yaml$ + - path_regex: hosts/gerg-desktop/secrets.yaml$ key_groups: - age: - *gerg-desktop - - path_regex: systems/moms-laptop/secrets.yaml$ + - path_regex: hosts/moms-laptop/secrets.yaml$ key_groups: - age: - *moms-laptop - *gerg-desktop - - path_regex: systems/game-laptop/secrets.yaml$ + - path_regex: hosts/game-laptop/secrets.yaml$ key_groups: - age: - *game-laptop diff --git a/flake.lock b/flake.lock index afc3293..4c7f0bf 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1687747614, - "narHash": "sha256-KXspKgtdO2YRL12Jv0sUgkwOwHrAFwdIG/90pDx8Ydg=", + "lastModified": 1687968164, + "narHash": "sha256-L9jr2zCB6NIaBE3towusjGBigsnE2pMID8wBGkYbTS4=", "owner": "nix-community", "repo": "disko", - "rev": "fef67a1ddc293b595d62a660f57deabbcb70ff95", + "rev": "8002e7cb899bc2a02a2ebfb7f999fcd7c18b92a1", "type": "github" }, "original": { @@ -27,11 +27,11 @@ ] }, "locked": { - "lastModified": 1687390847, - "narHash": "sha256-T75KT5XFPMvmHOdxuoWotI+vCIM2cM5192QxLxenudU=", + "lastModified": 1688267694, + "narHash": "sha256-dU20pHcJkr08p9kJij4vLWGLahmXC09Fl22ywO24quQ=", "owner": "gerg-L", "repo": "fetch-rs", - "rev": "a571c0c6768db9c643cc81735a1a12799d09ed4e", + "rev": "45b0a9038ac0b73b2f37e16d83143f5d869595a0", "type": "github" }, "original": { @@ -74,11 +74,11 @@ }, "master": { "locked": { - "lastModified": 1687829807, - "narHash": "sha256-3frHlJgnHai4BCR67iAn8rpOpVMYGGsxXP/RD9CJeug=", + "lastModified": 1688270854, + "narHash": "sha256-GLH4R4BseIDNrs6TukaXgzjKgFT0mSrYwS2bc+WZ0lM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "71a84fc822c1d8f41d6b70ce31c600dd45dc7ac3", + "rev": "3454e7a9c8c78ee815bd2d5d3ff8a977f4d419f3", "type": "github" }, "original": { @@ -90,16 +90,17 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1686422003, - "narHash": "sha256-Ekqqm2/FigfyhuCfx1BkePPsABdTwm7PJdiTaHPXems=", + "lastModified": 1688085369, + "narHash": "sha256-g/2k/heQXYN38xutKf3JoeAe3bpmLswR/F8oupPzxdM=", "owner": "neovim", "repo": "neovim", - "rev": "302d3cfb96d7f0c856262e1a4252d058e3300c8b", + "rev": "d7bb19e0138c7363ed40c142972c07e4e1912785", "type": "github" }, "original": { "owner": "neovim", "repo": "neovim", + "rev": "d7bb19e0138c7363ed40c142972c07e4e1912785", "type": "github" } }, @@ -111,17 +112,17 @@ "nixpkgs-regression": "nixpkgs-regression" }, "locked": { - "lastModified": 1686310844, - "narHash": "sha256-QS9/9v+bPTKb7HtB9a5zb4a6+IErwpfhHaqwi0PN0K8=", + "lastModified": 1688234932, + "narHash": "sha256-X0Tus1uP+tSBySLCUKlmV/Nv7Vfj4ljBL/ptsS0DQ6s=", "owner": "nixos", "repo": "nix", - "rev": "03f9ff6ea59d21c6d7b29c64a03d5041bd621261", + "rev": "7b39a388b382e7912de3c5951faad42fe2d72f48", "type": "github" }, "original": { "owner": "nixos", "repo": "nix", - "rev": "03f9ff6ea59d21c6d7b29c64a03d5041bd621261", + "rev": "7b39a388b382e7912de3c5951faad42fe2d72f48", "type": "github" } }, @@ -148,11 +149,11 @@ ] }, "locked": { - "lastModified": 1687743756, - "narHash": "sha256-WhDERdaMGX73CBxpDfoauKU2Z4NC10+/4khdBbpXjWs=", + "lastModified": 1688003049, + "narHash": "sha256-5oSxbv8OVSg2dOvycJ9eisacxF8e52N0PVUFryWWJmE=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "844ce2ab9a0ba819b30df1fff2c48c9b2b2344be", + "rev": "bde0bc291c95b710dd63d5e5c422e47f760a1406", "type": "github" }, "original": { @@ -195,11 +196,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1687031877, - "narHash": "sha256-yMFcVeI+kZ6KD2QBrFPNsvBrLq2Gt//D0baHByMrjFY=", + "lastModified": 1688256355, + "narHash": "sha256-/E+OSabu4ii5+ccWff2k4vxDsXYhpc4hwnm0s6JOz7Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e2e2059d19668dab1744301b8b0e821e3aae9c99", + "rev": "f553c016a31277246f8d3724d3b1eee5e8c0842c", "type": "github" }, "original": { @@ -217,11 +218,11 @@ ] }, "locked": { - "lastModified": 1686447176, - "narHash": "sha256-d+chVhxA6k7uYyj9Ig+HL5TTiy62AUhp80n7r4b0CAI=", + "lastModified": 1688269212, + "narHash": "sha256-psck0cUFcbmAadVbSqEkYqUDk6mFVBBnGEaNmLm1cFQ=", "owner": "gerg-L", "repo": "nvim-flake", - "rev": "8327aa444b285b7e4d042c609c118e4eb38d8376", + "rev": "32f337f1dda040aa2d1b2126ba5a16ff5cfe5502", "type": "github" }, "original": { @@ -270,11 +271,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1687398569, - "narHash": "sha256-e/umuIKFcFtZtWeX369Hbdt9r+GQ48moDmlTcyHWL28=", + "lastModified": 1688268466, + "narHash": "sha256-fArazqgYyEFiNcqa136zVYXihuqzRHNOOeVICayU2Yg=", "owner": "mic92", "repo": "sops-nix", - "rev": "2ff6973350682f8d16371f8c071a304b8067f192", + "rev": "5ed3c22c1fa0515e037e36956a67fe7e32c92957", "type": "github" }, "original": { @@ -290,8 +291,8 @@ ] }, "locked": { - "lastModified": 1687749665, - "narHash": "sha256-wvpL4zqF5DoqkKuEkNVuvwXPBz7pnxc2c0z/a5FgndU=", + "lastModified": 1688271042, + "narHash": "sha256-jO2i5SAX87yh7MJtZ2kmlWwFBC90TyeBWjCzcs6Z2Jk=", "path": "/home/gerg/Projects/spicetify-nix", "type": "path" }, @@ -302,11 +303,11 @@ }, "stable": { "locked": { - "lastModified": 1687729501, - "narHash": "sha256-mTLkMePoHUWvTCf3NuKbeYEea/tsikSIKBWwb9OfRr4=", + "lastModified": 1688109178, + "narHash": "sha256-BSdeYp331G4b1yc7GIRgAnfUyaktW2nl7k0C577Tttk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "35130d4b4f0b8c50ed2aceb909a538c66c91d4a0", + "rev": "b72aa95f7f096382bff3aea5f8fde645bca07422", "type": "github" }, "original": { @@ -323,11 +324,11 @@ ] }, "locked": { - "lastModified": 1686447653, - "narHash": "sha256-SjCdEjI6h3y5279VM6MV6Xhmtx9Rmms9MNZw9D/l4jY=", + "lastModified": 1688270082, + "narHash": "sha256-lx053lNJZy16NqeFe3Gqn/ePIiEVrU+TjBwLhMxxhmw=", "owner": "gerg-L", "repo": "suckless", - "rev": "3e7fb0d693fce7a1592abe692c315b213630222e", + "rev": "99103d012b56965005aabb9619c73e5a802b4284", "type": "github" }, "original": { @@ -338,11 +339,11 @@ }, "unstable": { "locked": { - "lastModified": 1687681650, - "narHash": "sha256-M2If+gRcfpmaJy/XbfSsRzLlPpoU4nr0NHnKKl50fd8=", + "lastModified": 1688049487, + "narHash": "sha256-100g4iaKC9MalDjUW9iN6Jl/OocTDtXdeAj7pEGIRh4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1c9db9710cb23d60570ad4d7ab829c2d34403de3", + "rev": "4bc72cae107788bf3f24f30db2e2f685c9298dc9", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 8a75d4f..4f626fc 100644 --- a/flake.nix +++ b/flake.nix @@ -6,7 +6,7 @@ stable.url = "github:nixos/nixpkgs/nixos-23.05"; pipewire_fix.url = "github:nixos/nixpkgs/45a55711fe12d0aada3aa04746082cf1b83dfbf3"; #nix 2.17 - nix.url = "github:nixos/nix/03f9ff6ea59d21c6d7b29c64a03d5041bd621261"; + nix.url = "github:nixos/nix/7b39a388b382e7912de3c5951faad42fe2d72f48"; nixos-generators = { url = "github:nix-community/nixos-generators"; diff --git a/hosts/game-laptop/default.nix b/hosts/game-laptop/default.nix index 899a07d..96f9460 100644 --- a/hosts/game-laptop/default.nix +++ b/hosts/game-laptop/default.nix @@ -3,7 +3,7 @@ _: { config, ... }: { - localModules = { + local = { remoteBuild.enable = true; DE.gnome.enable = true; DM = { @@ -62,9 +62,9 @@ _: { uid = 0; home = "/root"; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAuO/3IF+AjH8QjW4DAUV7mjlp2Mryd+1UnpAUofS2yA gerg@gerg-phone" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc gerg@gerg-windows" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJWbwkFJmRBgyWyWU+w3ksZ+KuFw9uXJN3PwqqE7Z/i8 gerg@gerg-desktop" + config.local.keys.gerg_gerg-phone + config.local.keys.gerg_gerg-windows + config.local.keys.gerg_gerg-desktop ]; passwordFile = config.sops.secrets.root.path; }; diff --git a/hosts/gerg-desktop/containers/website.nix_ b/hosts/gerg-desktop/containers/website.nix similarity index 95% rename from hosts/gerg-desktop/containers/website.nix_ rename to hosts/gerg-desktop/containers/website.nix index 88540ad..4d2eac0 100644 --- a/hosts/gerg-desktop/containers/website.nix_ +++ b/hosts/gerg-desktop/containers/website.nix @@ -1,4 +1,4 @@ -_:{ +_: { sops.secrets = { "website/sql_gitea" = { mode = "0444"; @@ -63,11 +63,11 @@ _:{ gitea = { enable = true; appName = "Powered by NixOS"; - domain = "git.gerg-l.com"; - rootUrl = "https://git.gerg-l.com/"; - httpPort = giteaPort; settings = { server = { + DOMAIN = "git.gerg-l.com"; + ROOT_URL = "https://git.gerg-l.com/"; + HTTP_PORT = giteaPort; LANDING_PAGE = "/explore/repos"; }; ui = { @@ -84,7 +84,7 @@ _:{ }; nextcloud = { enable = true; - package = pkgs.nextcloud26; + package = pkgs.nextcloud27; hostName = "next.gerg-l.com"; autoUpdateApps.enable = true; enableBrokenCiphersForSSE = false; diff --git a/hosts/gerg-desktop/default.nix b/hosts/gerg-desktop/default.nix index e7af949..4595e97 100644 --- a/hosts/gerg-desktop/default.nix +++ b/hosts/gerg-desktop/default.nix @@ -3,7 +3,7 @@ config, ... }: { - localModules = { + local = { remoteBuild.isBuilder = true; X11Programs = { sxhkd.enable = true; @@ -62,6 +62,11 @@ }; }; + services.udev.packages = [ + pkgs.android-udev-rules + ]; + programs.adb.enable = true; + networking = { useDHCP = false; hostName = "gerg-desktop"; @@ -100,10 +105,10 @@ useDefaultShell = true; uid = 1000; isNormalUser = true; - extraGroups = ["wheel" "audio"]; + extraGroups = ["wheel" "audio" "adbusers"]; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAuO/3IF+AjH8QjW4DAUV7mjlp2Mryd+1UnpAUofS2yA gerg@gerg-phone" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc gerg@gerg-windows" + config.local.keys.gerg_gerg-phone + config.local.keys.gerg_gerg-windows ]; passwordFile = config.sops.secrets.gerg.path; }; diff --git a/hosts/gerg-desktop/secrets.yaml b/hosts/gerg-desktop/secrets.yaml index 7e82dce..06008c0 100644 --- a/hosts/gerg-desktop/secrets.yaml +++ b/hosts/gerg-desktop/secrets.yaml @@ -1,5 +1,6 @@ discordenv: ENC[AES256_GCM,data:/A46urPOiqH2ejKmmzCIpR/g2hU6n/AUTNQPikAxvp1PikWgX8JX+NPrGSGgxpn82B70JlwGK9T+9Fe9gaFgswhMrUj19TQ1kERW8HWLJ1LptvJTOsX57rKihJZUwD0v7g/Xof75U68dKPzdSlH7z16r0iOVA6ET4/w=,iv:0HK+0eBMf3awgQrbwXAEsBniTsxqj+izmftoB/UEp64=,tag:EajyB09aJPnHpss3Jv5SaQ==,type:str] gerg: ENC[AES256_GCM,data:iSwWGIIxQenCPMd/Tith/eagjVINn0mgrO99IG85cP4UXtut6GF2R57XDMeD7SU18vW1ULod/lYuTo0SmmrkmX+wlDWgm4cODw==,iv:fHTcn4ZmjSqLC8jQkuualRbp+RwvgblS1ic6WPb2WEY=,tag:rkDuXhvleKekv3bVpdNNuw==,type:str] +store_key: ENC[AES256_GCM,data:/1wAHcMZl3loV2IR7mj1z51lwfKmaP24DgEjl2w8qwbrKHBIS09meLXrVTvsvQmFM4AvKig9ADs1aeYoVTTEa4QE9nKJ/LyRI5z8dHe7j7H5Y+UI+Syr0CUKN2I9UuqkOAyWrPM=,iv:5cLxhzNawFMTKn+MT5cHILTvggHmxteycL+2bxUPsoc=,tag:q8voriNRZUL4pYYfOvJT0A==,type:str] website: nextcloud: ENC[AES256_GCM,data:JoxSXYzBhXV+h4Ar,iv:jKlAwWfX58DpgGbGOqWBIwcnx8EdIxhFKOUzsDccr7w=,tag:L6UBHh1HU8Je+OczQCypXg==,type:str] sql_gitea: ENC[AES256_GCM,data:Usfd0QDm/4ntj7kzXXYa3O7H7/E=,iv:3xUD2KuQvJUQtai6C+qAnQ2RbkpN5VLK8BUJFiMpQkY=,tag:E6KNzFIZekgecJCBPlw4YA==,type:str] @@ -21,8 +22,8 @@ sops: dGhDRXRTWE9xSGtxQU80RVpuL1A5MkEKxAxC/wDkq+6hM8eXkWd/RBDNIUtGYnPy MvVxB6dkj+S11oRcMpdFqiM9jSzz/gYecB2tfuDgj+UX/VAzSkvPxA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-05-19T00:33:35Z" - mac: ENC[AES256_GCM,data:YWGS3fxhEh6Xz/OohJkQdvGzfe9Do7IRN7MiuHo8URbidq6DLsuvN086QNlMQEnopR5BDJ2V+4inKS1xOM+G66e4Ta/uYH7VweamGSk/dGGqAnG5uylljIupSS9WDvI0tpv2PMWrbGV6oEps0SPC2HN7CvhI8EaSQdz3CvEYKgo=,iv:YDKgb90IvwEkfRFMwoy/Y1LREHe2Dzf3Dt97BT/wJuo=,tag:HSmmPdyhF5dr+5IvM+Xo6Q==,type:str] + lastmodified: "2023-07-02T03:02:17Z" + mac: ENC[AES256_GCM,data:iz4xGDiaMNvmNum2R7Bm5NmRBzUo8clhV60hLcHrIpjGwpbrRuWEnsQL6hvUu2O8zZDx7xH0MApig7dYvdNyPaloWiWob/DPT5AgWx++etr40z0Bbl3GHY+WQQdqU+E6l+x0LMQYGv3GQv4o166VsnFsCm5ParPeMmZa3+kaxBw=,iv:Q4JL2EtXRD3LKWx95q0Jo27UWHCHn2i6cM87Z/GhO28=,tag:rxwjRdK85znMzX6H/rx+9A==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/hosts/gerg-desktop/zfs.nix b/hosts/gerg-desktop/zfs.nix index 4182326..ef2a3e4 100644 --- a/hosts/gerg-desktop/zfs.nix +++ b/hosts/gerg-desktop/zfs.nix @@ -7,6 +7,7 @@ _: { systemd.tmpfiles.rules = [ "L+ /etc/ssh/ssh_host_ed25519_key - - - - /persist/ssh/ssh_host_ed25519_key" "L+ /etc/ssh/ssh_host_ed25519_key.pub - - - - /persist/ssh/ssh_host_ed25519_key.pub" + "L /etc/nixos/flake.nix - - - - /home/gerg/Projects/nixos/flake.nix" ]; #create machine-id for spotify environment.etc = { diff --git a/hosts/moms-laptop/default.nix b/hosts/moms-laptop/default.nix index b45aabd..2769ab4 100644 --- a/hosts/moms-laptop/default.nix +++ b/hosts/moms-laptop/default.nix @@ -3,7 +3,7 @@ _: { config, ... }: { - localModules = { + local = { remoteBuild.enable = true; DM = { lightdm.enable = true; @@ -49,9 +49,9 @@ _: { uid = 0; home = "/root"; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAuO/3IF+AjH8QjW4DAUV7mjlp2Mryd+1UnpAUofS2yA gerg@gerg-phone" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc gerg@gerg-windows" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJWbwkFJmRBgyWyWU+w3ksZ+KuFw9uXJN3PwqqE7Z/i8 gerg@gerg-desktop" + config.local.keys.gerg_gerg-phone + config.local.keys.gerg_gerg-windows + config.local.keys.gerg_gerg-desktop ]; passwordFile = config.sops.secrets.root.path; }; diff --git a/modules/DE/dwm.nix b/modules/DE/dwm.nix index b44bd2c..8151271 100644 --- a/modules/DE/dwm.nix +++ b/modules/DE/dwm.nix @@ -8,9 +8,9 @@ lib, ... }: { - options.localModules.DE.dwm.enable = lib.mkEnableOption ""; + options.local.DE.dwm.enable = lib.mkEnableOption ""; - config = lib.mkIf config.localModules.DE.dwm.enable { + config = lib.mkIf config.local.DE.dwm.enable { services.gvfs.enable = true; services.xserver = { enable = true; diff --git a/modules/DE/gnome.nix b/modules/DE/gnome.nix index dfacb4b..991b27a 100644 --- a/modules/DE/gnome.nix +++ b/modules/DE/gnome.nix @@ -4,9 +4,9 @@ _: { pkgs, ... }: { - options.localModules.DE.gnome.enable = lib.mkEnableOption ""; + options.local.DE.gnome.enable = lib.mkEnableOption ""; - config = lib.mkIf config.localModules.DE.gnome.enable { + config = lib.mkIf config.local.DE.gnome.enable { environment = { systemPackages = [pkgs.gnome.gnome-calculator]; gnome.excludePackages = builtins.attrValues { diff --git a/modules/DE/xfce.nix b/modules/DE/xfce.nix index 12fbdbd..eb30152 100644 --- a/modules/DE/xfce.nix +++ b/modules/DE/xfce.nix @@ -4,9 +4,9 @@ _: { pkgs, ... }: { - options.localModules.DE.xfce.enable = lib.mkEnableOption ""; + options.local.DE.xfce.enable = lib.mkEnableOption ""; - config = lib.mkIf config.localModules.DE.xfce.enable { + config = lib.mkIf config.local.DE.xfce.enable { environment.systemPackages = [pkgs.xfce.xfce4-whiskermenu-plugin]; services.xserver = { enable = true; diff --git a/modules/DM/autoLogin.nix b/modules/DM/autoLogin.nix index 2d24917..a1d949a 100644 --- a/modules/DM/autoLogin.nix +++ b/modules/DM/autoLogin.nix @@ -3,7 +3,7 @@ _: { lib, ... }: { - options.localModules.DM = { + options.local.DM = { autoLogin = lib.mkEnableOption ""; loginUser = lib.mkOption { type = lib.types.nullOr lib.types.str; @@ -11,11 +11,11 @@ _: { }; }; - config = lib.mkIf config.localModules.DM.autoLogin { + config = lib.mkIf config.local.DM.autoLogin { services.xserver.displayManager = { autoLogin = { enable = true; - user = config.localModules.DM.loginUser; + user = config.local.DM.loginUser; }; }; }; diff --git a/modules/DM/lightDM.nix b/modules/DM/lightDM.nix index cb2121a..8c88fec 100644 --- a/modules/DM/lightDM.nix +++ b/modules/DM/lightDM.nix @@ -4,9 +4,9 @@ pkgs, ... }: { - options.localModules.DM.lightdm.enable = lib.mkEnableOption ""; + options.local.DM.lightdm.enable = lib.mkEnableOption ""; - config = lib.mkIf config.localModules.DM.lightdm.enable { + config = lib.mkIf config.local.DM.lightdm.enable { services.xserver = { displayManager = { lightdm = { @@ -15,7 +15,7 @@ extraConfig = "minimum-vt=1"; greeters.mini = { enable = true; - user = config.localModules.DM.loginUser; + user = config.local.DM.loginUser; extraConfig = '' [greeter] show-password-label = false diff --git a/modules/X11.nix b/modules/X11.nix index e5588e8..57abd2b 100644 --- a/modules/X11.nix +++ b/modules/X11.nix @@ -4,9 +4,9 @@ _: { lib, ... }: let - cfg = config.localModules.X11Programs; + cfg = config.local.X11Programs; in { - options.localModules.X11Programs = { + options.local.X11Programs = { sxhkd.enable = lib.mkEnableOption ""; }; config = lib.mkMerge [ diff --git a/modules/builders.nix b/modules/builders.nix index 8edaaa9..b78c27f 100644 --- a/modules/builders.nix +++ b/modules/builders.nix @@ -3,13 +3,13 @@ _: { lib, ... }: { - options.localModules.remoteBuild = { + options.local.remoteBuild = { enable = lib.mkEnableOption ""; isBuilder = lib.mkEnableOption ""; }; config = lib.mkMerge [ ( - lib.mkIf config.localModules.remoteBuild.enable { + lib.mkIf config.local.remoteBuild.enable { nix = { settings = { keep-outputs = false; @@ -18,7 +18,6 @@ _: { max-jobs = 0; substituters = ["ssh-ng://nix-ssh@gerg-desktop" "https://cache.nixos.org/"]; trusted-public-keys = ["gerg-desktop:6p1+h6jQnb1MOt3ra3PlQpfgEEF4zRrQWiEuAqcjBj8=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="]; - secret-key-files = "/persist/cache-keys/cache-priv-key.pem"; }; distributedBuilds = true; buildMachines = [ @@ -30,29 +29,24 @@ _: { supportedFeatures = ["big-parallel" "nixos-test" "kvm" "benchmark"]; sshUser = "builder"; sshKey = "/etc/ssh/ssh_host_ed25519_key"; - publicHostKey = "BQxvBOWsTw1gdNDR0KzrSRmbVhDrJdG05vYXkVmw8yA"; + publicHostKey = config.local.keys.gerg-desktop_fingerprint; } ]; }; - programs.ssh.knownHosts = { - gerg-desktop = { - extraHostNames = ["gerg-desktop.lan"]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIeHsGcmOdIMzV+SNe4WFcA3CPHCNb1aqxThkXtm7G/1"; - }; - }; } ) ( let keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIq9YTf4jlVCKBKn44m4yJvj94C7pTOyaa4VjZFohNqD root@mom-laptop" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUKHZasYQUAmRBiqtx1drDxfq18/N4rKydCtPHx461I root@game-laptop" + config.local.keys.root_moms-laptop + config.local.keys.root_game-laptop ]; in lib.mkIf - config.localModules.remoteBuild.isBuilder + config.local.remoteBuild.isBuilder { + sops.secrets.store_key = {}; users = { groups.builder = {}; users.builder = { @@ -63,12 +57,22 @@ _: { group = "builder"; }; }; + services.openssh.extraConfig = '' + Match User builder + AllowAgentForwarding no + AllowTcpForwarding no + PermitTTY no + PermitTunnel no + X11Forwarding no + Match All + ''; nix = { settings = { trusted-users = ["builder" "nix-ssh"]; keep-outputs = true; keep-derivations = true; + secret-key-files = config.sops.secrets.store_key.path; }; sshServe = { enable = true; diff --git a/modules/direnv.nix b/modules/direnv.nix index 69198e0..a6b86a2 100644 --- a/modules/direnv.nix +++ b/modules/direnv.nix @@ -5,11 +5,9 @@ _: {pkgs, ...}: { DIRENV_LOG_FORMAT = ""; DIRENV_CONFIG = "/etc/direnv"; }; + #other direnv configuration goes here etc."direnv/direnvrc".text = '' source ${pkgs.nix-direnv}/share/nix-direnv/direnvrc - if [ -e $HOME/.config/direnv/direnvrc ] ; then - source $HOME/.config/direnv/direnvrc - fi ''; }; programs = { @@ -23,12 +21,14 @@ _: {pkgs, ...}: { eval "$(direnv hook bash)" fi ''; - # fish.enable = true; - # fish.interactiveShellInit = '' - # if status --is-interactive; and not printenv PATH | grep -qc '/nix/store'; and [ -z "$IN_NIX_SHELL" ]; - # direnv hook fish | source; - # echo "loaded direnv"; - # end - # ''; + # doesn't work for some reason + # fish.enable = true; + # fish.interactiveShellInit = '' + # set -g direnv_fish_mode disable_arrow + # if status --is-interactive; and not printenv PATH | grep -qc '/nix/store'; and [ -z "$IN_NIX_SHELL" ]; + # direnv hook fish | source; + # echo "loaded direnv"; + # end + # ''; }; } diff --git a/modules/git.nix b/modules/git.nix index eb826d5..85b4a9c 100644 --- a/modules/git.nix +++ b/modules/git.nix @@ -4,12 +4,12 @@ _: { lib, ... }: { - options.localModules.git.disable = lib.mkOption { + options.local.git.disable = lib.mkOption { type = lib.types.bool; default = false; }; - config = lib.mkIf (! config.localModules.git.disable) { + config = lib.mkIf (! config.local.git.disable) { programs.git = { enable = true; package = pkgs.gitMinimal; diff --git a/modules/hardware.nix b/modules/hardware.nix index cc6709e..742494f 100644 --- a/modules/hardware.nix +++ b/modules/hardware.nix @@ -3,9 +3,9 @@ _: { lib, ... }: let - cfg = config.localModules.hardware; + cfg = config.local.hardware; in { - options.localModules.hardware = { + options.local.hardware = { gpuAcceleration = { disable = lib.mkOption { type = lib.types.bool; diff --git a/modules/keys.nix b/modules/keys.nix new file mode 100644 index 0000000..f758b8a --- /dev/null +++ b/modules/keys.nix @@ -0,0 +1,18 @@ +_: {lib, ...}: { + options = { + local.keys = lib.mkOption { + default = {}; + }; + }; + config = { + local.keys = { + gerg_gerg-phone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDU6BnoHIgMLgZVGuvi03J9l5Z1yP1P5Q8QPyjRHyi77 gerg@gerg-phone"; + gerg_gerg-windows = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc gerg@gerg-windows"; + root_moms-laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIq9YTf4jlVCKBKn44m4yJvj94C7pTOyaa4VjZFohNqD root@moms-laptop"; + root_game-laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUKHZasYQUAmRBiqtx1drDxfq18/N4rKydCtPHx461I root@game-laptop"; + root_gerg-desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIeHsGcmOdIMzV+SNe4WFcA3CPHCNb1aqxThkXtm7G/1 root@gerg-desktop"; + gerg-desktop_fingerprint = "BQxvBOWsTw1gdNDR0KzrSRmbVhDrJdG05vYXkVmw8yA"; + gerg_gerg-desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJWbwkFJmRBgyWyWU+w3ksZ+KuFw9uXJN3PwqqE7Z/i8 gerg@gerg-desktop"; + }; + }; +} diff --git a/modules/misc.nix b/modules/misc.nix index 90a2184..4f3b525 100644 --- a/modules/misc.nix +++ b/modules/misc.nix @@ -7,7 +7,6 @@ _: { options = { dummyvalue = lib.mkOption { default = {}; - type = lib.configType; }; nixpkgs.allowedUnfree = lib.mkOption { type = lib.types.listOf lib.types.string; diff --git a/modules/pinning.nix b/modules/pinning.nix index 12769c2..a8f6f2d 100644 --- a/modules/pinning.nix +++ b/modules/pinning.nix @@ -4,8 +4,7 @@ in lib.pipe alias [ (lib.filterAttrs (_: v: v._type == "flake")) (lib.mapAttrsToList (n: input: { - environment.etc."nixpath/${n}".source = input.outPath; - nix.nixPath = ["${n}=/etc/nixpath/${n}"]; + nix.nixPath = ["${n}=flake:${n}"]; nix.registry.${n}.flake = input; })) lib.mkMerge diff --git a/modules/shell.nix b/modules/shell.nix index c62e438..c858cae 100644 --- a/modules/shell.nix +++ b/modules/shell.nix @@ -66,17 +66,54 @@ syntaxHighlighting.enable = true; histSize = 10000; histFile = "$HOME/.cache/zsh_history"; + interactiveShellInit = '' + zle-line-init() { + emulate -L zsh + + [[ $CONTEXT == start ]] || return 0 + + while true; do + zle .recursive-edit + local -i ret=$? + [[ $ret == 0 && $KEYS == $'\4' ]] || break + [[ -o ignore_eof ]] || exit 0 + done + + local saved_prompt=$PROMPT + local saved_rprompt=$RPROMPT + PROMPT='\$ ' + RPROMPT=''' + zle .reset-prompt + PROMPT=$saved_prompt + RPROMPT=$saved_rprompt + + if (( ret )); then + zle .send-break + else + zle .accept-line + fi + return ret + } + + zle -N zle-line-init + ''; }; #starship starship = { enable = true; settings = { add_newline = false; - format = "$sudo$nix_shell\${custom.direnv}$cmd_duration\n$git_metrics$git_state$git_branch\n$directory$character"; + format = "$cmd_duration$git_metrics$git_state$git_branch\n$status$directory$character"; + right_format = "$sudo$nix_shell\${custom.direnv} $time"; + continuation_prompt = "▶▶ "; character = { success_symbol = "[\\$](#9ece6a bold)"; error_symbol = "[\\$](#db4b4b bold)"; }; + status = { + disabled = false; + format = "[$status]($style) "; + }; nix_shell = { format = "[󱄅 ](#74b2ff)"; heuristic = true; @@ -104,6 +141,19 @@ style = "#36c692"; when = "printenv DIRENV_FILE"; }; + time = { + format = "[$time]($style)\n"; + time_format = "%I:%M %p"; + disabled = false; + }; + # username = { + # format = "[$user]($style)"; + # show_always = true; + # }; + # hostname = { + # ssh_only = false; + # format = "[$hostname]($style)"; + # }; }; }; }; diff --git a/modules/theming.nix b/modules/theming.nix index dc2e551..8ecf7c5 100644 --- a/modules/theming.nix +++ b/modules/theming.nix @@ -4,9 +4,9 @@ _: { lib, ... }: let - cfg = config.localModules.theming; + cfg = config.local.theming; in { - options.localModules.theming = { + options.local.theming = { enable = lib.mkEnableOption ""; kmscon.enable = lib.mkEnableOption ""; };