iofq/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add SOPS, etc.

Browse source
This commit is contained in:
iofq 2024-04-07 17:54:27 -05:00
parent e1f0194350
commit 10c6af76f2
No known key found for this signature in database
GPG key ID: ECF3B2DA38BF7183
25 changed files with 435 additions and 413 deletions
Download patch file Download diff file Expand all files Collapse all files

11
.sops.yaml Normal file
View file

@ -0,0 +1,11 @@
keys:
- &t14 age14e2d2y8e2avzfrsyxg9dudxd36svm24t7skw6e969n0c42znlp3shffdtg
- &racknerd age19qx3e78c9f2l7ceccgjf7ksvc873ungjely3nyxyjts2xsz0ldjq6shksm
- &ocx age1xwcz9qtaezjy4kl6xttea0u00j7j2n8xkd297vjz9xrnqx9fksjsg3nhu3
creation_rules:
- path_regex: secrets/[^/]+\.yaml$
key_groups:
- age:
- *t14
- *racknerd
- *ocx

91
bin/bar.sh
View file

@ -1,91 +0,0 @@
#!/bin/bash
trap \
"{ pkill -P $$ ; exit 255; }" \
SIGINT SIGTERM ERR EXIT
bat() {
battery=$(cat /sys/class/power_supply/BAT0/capacity)
time=$(cat /tmp/.battime)
drain=$(cat /sys/class/power_supply/BAT0/power_now)
if [[ $(cat /sys/class/power_supply/BAT0/status) == "Charging" ]]; then
echo "$battery%+"
else
echo "$time, $battery%$charge, $(echo "scale=1; $drain / 1000000" | bc)mW"
fi
}
time_date() {
FORMAT="%a %m.%d.%y %T"
DATE=`date "+${FORMAT}"`
echo "${DATE}"
}
mem() {
echo "scale=2; $(free -m | sed -n 2p | awk '{print $3 + $5}') / 1000" | bc
}
vol() {
MUTED=$(amixer get Master | grep off)
amixer get Master | grep -m1 -Po "\d{1,3}%"
[[ $MUTED != '' ]] && echo " M";
}
temp_update() {
TEMP=$(cat /sys/class/thermal/thermal_zone0/temp)
echo $((TEMP / 1000))
}
cpu_update() {
read prevtotal previdle < /tmp/.cpulast
read cpu a b c idle rest < /proc/stat
total=$((a+b+c+idle))
[[ $prevtotal == 0 ]] && prevtotal=1
cpu=$((100*( (total-prevtotal) - (idle-previdle) ) / (total-prevtotal) ))
echo $total $idle > /tmp/.cpulast
echo "$cpu%"
}
calc(){ awk "BEGIN { print "$*" }"; }
mhz_update() {
mhz=$(cat /proc/cpuinfo | grep 'cpu MHz' | awk '{print $4}' | head -n1 | cut -d "." -f 1)
echo "$(calc $mhz/1000 | awk '{ printf "%1.2f\n", $0 }') GHz"
}
update_3() {
while true; do
cpu_update > /tmp/.cpu
temp_update > /tmp/.temp
mhz_update > /tmp/.mhz
sleep 3
done
}
update_30() {
while :; do
awk 'NR==3 {printf("%.0ddB",$4) > "/tmp/.wifi"}' /proc/net/wireless
acpi | awk '{print $5}' > /tmp/.battime
if ping -W 1 -c 1 8.8.8.8 > /dev/null; then
echo "@" > /tmp/.online
else
echo "?" > /tmp/.online
fi
sleep 30
done
}
update_300() {
while :; do
curl -s wttr.in/madison?format=%t | head -c 7 > /tmp/.wttr
sleep 300
done
}
SLEEP_SEC=1
PAD=" | "
update_300 &
update_30 &
update_3 &
while true; do
xsetroot -name "$(mem)G$PAD$(cat /tmp/.cpu)$PAD$(cat /tmp/.mhz)$PAD$(cat /tmp/.temp)°C$PAD$(cat /tmp/.wifi), $(cat /tmp/.online)$PAD$(vol)$PAD$(bat)$PAD$(cat /tmp/.wttr), $(time_date)"
sleep $SLEEP_SEC
done

26
bin/colors.sh
View file

@ -1,26 +0,0 @@
#!/usr/bin/env bash
# This file echoes a bunch of color codes to the
#terminal to demonstrate what's available. Each
# line is the color code of one forground color,
# out of 17 (default + 16 escapes), followed by a
# test use of that color on all nine background
# colors (default + 8 escapes).
#
T='gYw' # The test text
echo -e "\n 40m 41m 42m 43m\
44m 45m 46m 47m";
for FGs in ' m' ' 1m' ' 30m' '1;30m' ' 31m' '1;31m' ' 32m' \
'1;32m' ' 33m' '1;33m' ' 34m' '1;34m' ' 35m' '1;35m' \
' 36m' '1;36m' ' 37m' '1;37m';
do FG=${FGs// /}
echo -en " $FGs \033[$FG $T "
for BG in 40m 41m 42m 43m 44m 45m 46m 47m;
do echo -en "$EINS \033[$FG\033[$BG $T \033[0m";
done
echo;
done
echo

71
bin/ufetch
View file

@ -1,71 +0,0 @@
#!/bin/sh
## INFO
host="$(cat /etc/hostname)"
os='Debian 11'
kernel="$(uname -sr)"
uptime="69 days, 4 hours, 20 minutes"
packages="$(apt list --installed 2>/dev/null | wc -l)"
shell="$(basename "$SHELL")"
## UI DETECTION
if [ -n "${DE}" ]; then
ui="${DE}"
uitype='DE'
elif [ -n "${WM}" ]; then
ui="${WM}"
uitype='WM'
elif [ -n "${XDG_CURRENT_DESKTOP}" ]; then
ui="${XDG_CURRENT_DESKTOP}"
uitype='DE'
elif [ -n "${DESKTOP_SESSION}" ]; then
ui="${DESKTOP_SESSION}"
uitype='DE'
elif [ -f "${HOME}/.xinitrc" ]; then
ui="$(tail -n 1 "${HOME}/.xinitrc" | cut -d ' ' -f 2)"
uitype='WM'
elif [ -f "${HOME}/.xsession" ]; then
ui="$(tail -n 1 "${HOME}/.xsession" | cut -d ' ' -f 2)"
uitype='WM'
else
ui='unknown'
uitype='UI'
fi
##hardcode because our .xinitrc doesn't end like exec wm
ui="dwm"
## DEFINE COLORS
# probably don't change these
if [ -x "$(command -v tput)" ]; then
bold="$(tput bold)"
black="$(tput setaf 0)"
red="$(tput setaf 1)"
green="$(tput setaf 2)"
yellow="$(tput setaf 3)"
blue="$(tput setaf 4)"
magenta="$(tput setaf 5)"
cyan="$(tput setaf 6)"
white="$(tput setaf 7)"
reset="$(tput sgr0)"
fi
# you can change these
lc="${reset}${bold}${white}" # labels
nc="${reset}${bold}${white}" # user and hostname
ic="${reset}" # info
c0="${reset}${white}" # first color
## OUTPUT
clear
cat <<EOF
${c0}${nc}${USER}${ic}@${nc}${host}${reset}
------
${c0}${lc}OS: ${ic}${os}${reset}
${c0}${lc}KERNEL: ${ic}${kernel}${reset}
${c0}${lc}UPTIME: ${ic}${uptime}${reset}
${c0}${lc}PACKAGES: ${ic}${packages}${reset}
${c0}${lc}SHELL: ${ic}${shell}${reset}
${c0}${lc}${uitype}: ${ic}${ui}${reset}
EOF

206
flake.lock generated
View file

@ -9,11 +9,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1708091384,
"narHash": "sha256-dTGGw2y8wvfjr+J9CjQbfdulOq72hUG17HXVNxpH1yE=",
"lastModified": 1711973905,
"narHash": "sha256-UFKME/N1pbUtn+2Aqnk+agUt8CekbpuqwzljivfIme8=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "0a0187794ac7f7a1e62cda3dabf8dc041f868790",
"rev": "88b3059b020da69cbe16526b8d639bd5e0b51c8b",
"type": "github"
},
"original": {
@ -25,11 +25,11 @@
"devour-flake": {
"flake": false,
"locked": {
"lastModified": 1708783000,
"narHash": "sha256-UYva75UjgL2izR5tVzgTBBvtYyCPiKTtn1UjCZyR3Zw=",
"lastModified": 1709858306,
"narHash": "sha256-Vey9n9hIlWiSAZ6CCTpkrL6jt4r2JvT2ik9wa2bjeC0=",
"owner": "srid",
"repo": "devour-flake",
"rev": "bb0e0443291899a3f3fd85f87d2849f917692b1e",
"rev": "17b711b9deadbbc5629cb7d2b64cf86ae72af3fa",
"type": "github"
},
"original": {
@ -50,11 +50,11 @@
]
},
"locked": {
"lastModified": 1708939976,
"narHash": "sha256-O5+nFozxz2Vubpdl1YZtPrilcIXPcRAjqNdNE8oCRoA=",
"lastModified": 1710156081,
"narHash": "sha256-4PMY6aumJi5dLFjBzF5O4flKXmadMNq3AGUHKYfchh0=",
"owner": "numtide",
"repo": "devshell",
"rev": "5ddecd67edbd568ebe0a55905273e56cc82aabe3",
"rev": "bc68b058dc7e6d4d6befc4ec6c60082b6e844b7d",
"type": "github"
},
"original": {
@ -79,17 +79,17 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1709710541,
"narHash": "sha256-eu9m/5Le2VPWlySoLAFmPPuHV6xPCNu+N8VfWX412N8=",
"owner": "nix-community",
"repo": "ethereum.nix",
"rev": "c5dcc237b1aa46aa2ebdbb65c912bdc464cf89b5",
"type": "github"
"lastModified": 1713401263,
"narHash": "sha256-m5TlpqjvLgiTCfHbtUhTggQVkPIJR9N3SgkWa71QzD8=",
"ref": "refs/heads/main",
"rev": "446f86d861cb68b89ebd6a773a7056ead4b27c4f",
"revCount": 379,
"type": "git",
"url": "file:///home/e/dev/ethereum.nix/"
},
"original": {
"owner": "nix-community",
"repo": "ethereum.nix",
"type": "github"
"type": "git",
"url": "file:///home/e/dev/ethereum.nix/"
}
},
"flake-compat": {
@ -183,11 +183,11 @@
]
},
"locked": {
"lastModified": 1709126324,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
@ -219,11 +219,11 @@
"systems": "systems_4"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
@ -237,11 +237,11 @@
"systems": "systems_5"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
@ -284,11 +284,11 @@
]
},
"locked": {
"lastModified": 1703887061,
"narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=",
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
@ -304,15 +304,15 @@
]
},
"locked": {
"lastModified": 1706999133,
"narHash": "sha256-SYAhYDqIWBDi1w66o8bY0FUWMPXAL0a1eFNXz+c+KQc=",
"owner": "iofq",
"lastModified": 1715380449,
"narHash": "sha256-716+f9Rj3wjSyD1xitCv2FcYbgPz1WIVDj+ZBclH99Y=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "a0c9213aefd6bd117c5f51dcd772d96ac558e8d7",
"rev": "d7682620185f213df384c363288093b486b2883f",
"type": "github"
},
"original": {
"owner": "iofq",
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
@ -361,11 +361,11 @@
"spectrum": "spectrum"
},
"locked": {
"lastModified": 1709297667,
"narHash": "sha256-5JUaHyRFKDPqyeTlbMFS6VixAWRkO5uCRTS8asEjiyo=",
"lastModified": 1714764302,
"narHash": "sha256-MmIZR67wOP3Nr9b3XpsvHSZSTDcTmd9cQn2Z8pW1/Hw=",
"owner": "astro",
"repo": "microvm.nix",
"rev": "7f93206b22131aac8fa46d787696ea58460aecab",
"rev": "e9977efbe34b554c3e393dc9a18509905a4080e5",
"type": "github"
},
"original": {
@ -396,13 +396,33 @@
"type": "github"
}
},
"nix-index-database": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1714878592,
"narHash": "sha256-E68C03sYRsYFsK7wiGHUIJm8IsyPRALOrFoTL0glXnI=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "a362555e9dbd4ecff3bb98969bbdb8f79fe87f10",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-index-database",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1709410583,
"narHash": "sha256-esOSUoQ7mblwcsSea0K17McZuwAIjoS6dq/4b83+lvw=",
"lastModified": 1715148395,
"narHash": "sha256-lRxjTxY3103LGMjWdVqntKZHhlmMX12QUjeFrQMmGaE=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "59e37017b9ed31dee303dbbd4531c594df95cfbc",
"rev": "a4e2b7909fc1bdf30c30ef21d388fde0b5cdde4a",
"type": "github"
},
"original": {
@ -430,11 +450,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1704874635,
"narHash": "sha256-YWuCrtsty5vVZvu+7BchAxmcYzTMfolSPP5io8+WYCg=",
"lastModified": 1710695816,
"narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3dc440faeee9e889fe2d1b4d25ad0f430d449356",
"rev": "614b4613980a522ba49f0d194531beddbb7220d3",
"type": "github"
},
"original": {
@ -444,13 +464,29 @@
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1714858427,
"narHash": "sha256-tCxeDP4C1pWe2rYY3IIhdA40Ujz32Ufd4tcrHPSKx2M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b980b91038fc4b09067ef97bbe5ad07eecca1e76",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1709386671,
"narHash": "sha256-VPqfBnIJ+cfa78pd4Y5Cr6sOWVW8GYHRVucxJGmRf8Q=",
"lastModified": 1710608262,
"narHash": "sha256-Tf2zqUWgU1iofcECQ+xj7HJVtoCz6yWG/oEIDmXxwXg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "fa9a51752f1b5de583ad5213eb621be071806663",
"rev": "d211b80d2944a41899a6ab24009d9729cca05e49",
"type": "github"
},
"original": {
@ -462,11 +498,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1709237383,
"narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=",
"lastModified": 1715266358,
"narHash": "sha256-doPgfj+7FFe9rfzWo1siAV2mVCasW+Bh8I1cToAXEE4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8",
"rev": "f1010e0469db743d14519a1efd37e23f8513d714",
"type": "github"
},
"original": {
@ -484,11 +520,11 @@
]
},
"locked": {
"lastModified": 1708237054,
"narHash": "sha256-9PVT/adNsZ9I2mrDkpt8KIAehMGgLBsq+x/6qYHKO9w=",
"lastModified": 1713121823,
"narHash": "sha256-C/Fc+MLdXP7AYRjsLaCty9XQ8ozIbdH9SB+cRQZwokQ=",
"owner": "iofq",
"repo": "nvim.nix",
"rev": "e6cde16c4a1f458404901b3a7814ec88b800fb6c",
"rev": "50ac04fdb917dc701c8c23096560b217c75d49fa",
"type": "github"
},
"original": {
@ -542,11 +578,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1708018599,
"narHash": "sha256-M+Ng6+SePmA8g06CmUZWi1AjG2tFBX9WCXElBHEKnyM=",
"lastModified": 1714478972,
"narHash": "sha256-q//cgb52vv81uOuwz1LaXElp3XAe1TqrABXODAEF6Sk=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "5df5a70ad7575f6601d91f0efec95dd9bc619431",
"rev": "2849da033884f54822af194400f8dff435ada242",
"type": "github"
},
"original": {
@ -561,14 +597,36 @@
"ethereum-nix": "ethereum-nix",
"home-manager": "home-manager",
"microvm": "microvm",
"nix-index-database": "nix-index-database",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2",
"nvim": "nvim",
"pre-commit-hooks": "pre-commit-hooks",
"sops-nix": "sops-nix",
"systems": "systems_6",
"tfa": "tfa",
"treefmt-nix": "treefmt-nix_2",
"virt": "virt"
"treefmt-nix": "treefmt-nix_2"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1715244550,
"narHash": "sha256-ffOZL3eaZz5Y1nQ9muC36wBCWwS1hSRLhUzlA9hV2oI=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "0dc50257c00ee3c65fef3a255f6564cfbfe6eb7f",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"spectrum": {
@ -704,11 +762,11 @@
]
},
"locked": {
"lastModified": 1709373438,
"narHash": "sha256-F/Vieen5x2nf05KJ5AitoE/GSB0FU2jMffSM8bHSuBs=",
"lastModified": 1710278050,
"narHash": "sha256-Oc6BP7soXqb8itlHI8UKkdf3V9GeJpa1S39SR5+HJys=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "093f82e5707bb6f14ee38a742748f9fb4ab1488e",
"rev": "35791f76524086ab4b785a33e4abbedfda64bd22",
"type": "github"
},
"original": {
@ -724,11 +782,11 @@
]
},
"locked": {
"lastModified": 1709373438,
"narHash": "sha256-F/Vieen5x2nf05KJ5AitoE/GSB0FU2jMffSM8bHSuBs=",
"lastModified": 1714058656,
"narHash": "sha256-Qv4RBm4LKuO4fNOfx9wl40W2rBbv5u5m+whxRYUMiaA=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "093f82e5707bb6f14ee38a742748f9fb4ab1488e",
"rev": "c6aaf729f34a36c445618580a9f95a48f5e4e03f",
"type": "github"
},
"original": {
@ -754,26 +812,6 @@
"repo": "flake-utils",
"type": "github"
}
},
"virt": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1707694046,
"narHash": "sha256-WTXt7ko/Bnzb5rX3i9ccSiE5JaKfWUJsF0wJii68kmI=",
"owner": "iofq",
"repo": "virt",
"rev": "5e158ba025f58f342ce013d6e5fe92de9dd4b3eb",
"type": "github"
},
"original": {
"owner": "iofq",
"repo": "virt",
"type": "github"
}
}
},
"root": "root",

31
flake.nix
View file

@ -13,7 +13,7 @@
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:iofq/home-manager";
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
nvim = {
@ -24,13 +24,9 @@
url = "github:iofq/2fa";
inputs.nixpkgs.follows = "nixpkgs";
};
virt = {
url = "github:iofq/virt";
inputs.nixpkgs.follows = "nixpkgs";
};
ethereum-nix = {
url = "github:nix-community/ethereum.nix";
# url = "git+file:///home/e/dev/ethereum.nix/";
#url = "github:nix-community/ethereum.nix";
url = "git+file:///home/e/dev/ethereum.nix/";
};
treefmt-nix = {
url = "github:numtide/treefmt-nix";
@ -40,13 +36,18 @@
url = "github:astro/microvm.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = {
self,
nixpkgs,
home-manager,
nvim,
deploy-rs,
systems,
...
} @ inputs: let
@ -58,7 +59,6 @@
inherit system;
config.allowUnfree = true;
overlays = [
inputs.virt.overlay
(final: _prev:
{
inherit (inputs.nvim.packages.${final.system}) full;
@ -79,7 +79,7 @@
remoteBuild = true;
profiles.system = {
user = "root";
path = deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.htz;
path = inputs.deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.htz;
};
};
racknerd = {
@ -88,7 +88,7 @@
remoteBuild = true;
profiles.system = {
user = "root";
path = deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.rknrd;
path = inputs.deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.rknrd;
};
};
};
@ -108,7 +108,10 @@
pkgs.nix
pkgs.home-manager
pkgs.git
deploy-rs.packages.${system}.deploy-rs
pkgs.ssh-to-age
pkgs.sops
pkgs.age
inputs.deploy-rs.packages.${system}.deploy-rs
treefmtEval.${system}.config.build.wrapper
];
};

1
home-manager/shared/programs/2fa/default.nix
View file

@ -9,7 +9,6 @@
services.gpg-agent = {
enable = true;
enableSshSupport = true;
pinentryFlavor = "tty";
extraConfig = ''
allow-loopback-pinentry
'';

2
home-manager/shared/programs/dev/default.nix
View file

@ -10,7 +10,7 @@
python3
p7zip
gnumake
gcc
go
jq
];
}

17
home-manager/shared/programs/shell/default.nix
View file

@ -1,9 +1,17 @@
{host, ...}: {
{
host,
pkgs,
...
}: {
imports = [
./tmux.nix
./git.nix
./direnv.nix
];
home = {
packages = with pkgs; [
tree
];
};
programs.bash = {
enable = true;
enableCompletion = true;
@ -72,4 +80,9 @@
historyWidgetOptions = ["--height 60% --preview ''"];
fileWidgetCommand = "command find -L . -mindepth 1 -o -fstype 'sysfs' -o -fstype 'devfs' -o -fstype 'devtmpfs' -o -fstype 'proc' -prune";
};
programs.direnv = {
enable = true;
enableBashIntegration = true;
nix-direnv.enable = true;
};
}

7
home-manager/shared/programs/shell/direnv.nix
View file

@ -1,7 +0,0 @@
_: {
programs.direnv = {
enable = true;
enableBashIntegration = true;
nix-direnv.enable = true;
};
}

8
home-manager/shared/wayland/default.nix
View file

@ -1,4 +1,4 @@
{...}: {
{pkgs, ...}: {
imports = [
./librewolf
./alacritty
@ -8,6 +8,12 @@
./audio
];
home.packages = with pkgs; [
wdisplays
wl-clipboard
gammastep
sway-contrib.grimshot
];
programs.bemenu = {
enable = true;
settings = {

4
home-manager/shared/wayland/hyprland/default.nix
View file

@ -4,7 +4,7 @@
package = pkgs.hyprland;
systemd.enable = true;
extraConfig = ''
monitor=,preferred,auto,1"
monitor=,preferred,auto,1
'';
settings = {
"$mod" = "SUPER";
@ -86,6 +86,8 @@
## Movement
"$mod, p, layoutmsg, swapwithmaster"
"$mod, e, layoutmsg, orientationnext"
"$mod, i, layoutmsg, addmaster"
"$mod, d, layoutmsg, removemaster"
"$mod, h, movefocus, l"
"$mod, l, movefocus, r"
"$mod, k, movefocus, u"

4
home-manager/shared/wayland/sway/default.nix
View file

@ -5,11 +5,7 @@
...
}: {
home.packages = with pkgs; [
wl-clipboard
autotiling-rs
gammastep
sway-contrib.grimshot
jq
];
home.sessionVariables = {
# needed for Sway and Firefox to play nice

7
home-manager/t14/home.nix
View file

@ -20,10 +20,15 @@
# comms
signal-desktop
# discord # using Webcord via flatpak
discord
# apps
chromium
pcmanfm
feh
ffmpeg
mpv
wdisplays
# font
spleen

15
nixos/configuration.nix
View file

@ -1,4 +1,8 @@
{host, ...}: {
{
pkgs,
host,
...
}: {
users.groups.plugdev = {}; # Create plugdev group
networking.hostName = host.hostName;
users.users.${host.username} = {
@ -9,11 +13,20 @@
"video"
];
};
environment.systemPackages = with pkgs; [vim];
programs.nix-index.enableBashIntegration = false;
programs.nix-index.enableZshIntegration = false;
programs.nix-index-database.comma.enable = true;
time.timeZone = "America/Chicago";
# Enable flakes and unfree packages
nix.settings = {
auto-optimise-store = true;
substituters = ["https://nix-community.cachix.org"];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
trusted-users = [host.username];
experimental-features = ["nix-command" "flakes"];
};
nix.gc = {

25
nixos/default.nix
View file

@ -4,7 +4,12 @@
attrs,
system,
...
}: {
}: let
defaultModules = [
inputs.sops-nix.nixosModules.sops
inputs.nix-index-database.nixosModules.nix-index
];
in {
t14 = inputs.nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs system pkgs attrs;
@ -13,7 +18,9 @@
inherit (attrs) username;
};
};
modules = [
modules =
defaultModules
++ [
./configuration.nix
./t14/configuration.nix
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen1
@ -27,7 +34,9 @@
inherit (attrs) username;
};
};
modules = [
modules =
defaultModules
++ [
./configuration.nix
./racknerd/configuration.nix
];
@ -36,12 +45,6 @@
specialArgs = {
inherit inputs system pkgs;
addressList = {
vm-pool = {
name = "vm-pool";
ipv4 = "10.0.0.2";
subnet = "/24";
mac = "02:00:00:00:00:02";
};
vm-k3s = {
name = "vm-k3s";
ipv4 = "10.0.0.3";
@ -54,7 +57,9 @@
inherit (attrs) username;
};
};
modules = [
modules =
defaultModules
++ [
./configuration.nix
./htz/configuration.nix
inputs.ethereum-nix.nixosModules.default

40
nixos/htz/configuration.nix
View file

@ -10,23 +10,14 @@
./eth.nix
];
environment.systemPackages = with pkgs; [
vim
git
bridge-utils
comma
];
virtualisation = {
docker = {
enable = true;
};
};
networking = {
hostName = "htz";
domain = "";
firewall = {
enable = true;
allowedTCPPorts = [22 80 443];
allowedUDPPorts = [];
allowedTCPPorts = [22];
logRefusedConnections = true;
trustedInterfaces = ["microvm"];
};
@ -43,9 +34,8 @@
device = "/eth1";
options = ["bind"];
};
services = let
domain = "ts.10110110.xyz";
in {
services = {
tailscale.enable = true;
openssh = {
enable = true;
settings = {
@ -53,30 +43,6 @@
PermitRootLogin = "prohibit-password";
};
};
tailscale.enable = true;
headscale = {
enable = true;
address = "0.0.0.0";
port = 8080;
serverUrl = "https://${domain}";
dns = {baseDomain = domain;};
settings = {logtail.enabled = false;};
};
nginx = {
enable = true;
virtualHosts.${domain} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:8080";
proxyWebsockets = true;
};
};
};
};
security.acme = {
acceptTerms = true;
defaults.email = "mail@10110110.xyz";
};
users.users = {
root = {

34
nixos/htz/eth.nix
View file

@ -9,8 +9,37 @@
allowedUDPPorts = [9000 30303];
logRefusedConnections = true;
trustedInterfaces = ["microvm"];
interfaces."tailscale0".allowedTCPPorts = [5052 8545];
};
};
# virtualisation.oci-containers.containers = {
# besu = {
# image = "hyperledger/besu:24.3-graalvm";
# ports = [
# "0.0.0.0:30303:30303"
# "0.0.0.0:30303:30303/udp"
# "100.79.221.28:8551:8551"
# ];
# volumes = [
# "/eth1/besu:/var/lib/besu"
# "/etc/nixos/eth_jwt:/var/lib/jwtsecret/jwt.hex"
# ];
# environment = {
# JAVA_OPTS = "\"-Xmx16192m\"";
# };
# cmd = [
# "--Xsnapsync-synchronizer-flat-db-healing-enabled=true"
# "--data-path=/var/lib/besu"
# "--data-storage-format=bonsai"
# "--engine-jwt-secret=/var/lib/jwtsecret/jwt.hex"
# "--engine-rpc-enabled"
# "--engine-rpc-port=8551"
# "--fast-sync-min-peers=3"
# "--nat-method=docker"
# "--network=mainnet"
# "--sync-mode=X_SNAP"
# ];
# };
services.ethereum.geth.mainnet = {
enable = true;
package = inputs.ethereum-nix.packages.${system}.geth;
@ -18,7 +47,8 @@
args = {
http = {
enable = true;
addr = "10.0.0.1";
addr = "0.0.0.0";
vhosts = ["htz.tailc353f.ts.net"];
};
authrpc.jwtsecret = "/etc/nixos/eth_jwt";
};
@ -34,7 +64,7 @@
enr-auto-update = true;
rest = {
enable = true;
address = "10.0.0.1";
address = "0.0.0.0";
};
light-client-data.max-periods = "3";
};

6
nixos/htz/vms/default.nix
View file

@ -1,8 +1,6 @@
{
inputs,
lib,
pkgs,
system,
addressList,
...
}: let
@ -93,10 +91,6 @@
};
in {
microvm.vms = {
vm-pool = genVMConfig {
name = "vm-pool";
config = import ./pool.nix {inherit pkgs system inputs;};
};
vm-k3s = genVMConfig {
name = "vm-k3s";
config = import ./k3s.nix {inherit pkgs;};

3
nixos/htz/vms/k3s.nix
View file

@ -7,6 +7,7 @@
role = "server";
extraFlags = toString [
"--disable traefik"
"--tls-san vm-k3s.tailc353f.ts.net"
];
};
networking.firewall = {
@ -21,7 +22,7 @@
image = "/var/lib/microvms/vm-k3s/vm-k3s-root.img";
label = "vm-pool-root";
mountPoint = "/";
size = 10000;
size = 100000;
}
];
};

62
nixos/racknerd/configuration.nix
View file

@ -1,41 +1,83 @@
{
inputs,
pkgs,
system,
config,
...
}: {
imports = [
./hardware-configuration.nix
./minecraft.nix
inputs.ethereum-nix.nixosModules.default
];
environment.systemPackages = with pkgs; [
nfs-utils
vim
inputs.ethereum-nix.packages.${system}.rocketpool
docker-compose
];
environment.interactiveShellInit = ''
alias rp='rocketpool --allow-root'
'';
virtualisation = {
docker = {
enable = true;
};
};
boot.tmp.cleanOnBoot = true;
zramSwap.enable = false;
networking.hostName = "rknrd";
networking.domain = "";
networking.firewall = {
networking = {
hostName = "rknrd";
nameservers = [
"1.1.1.1"
"8.8.8.8"
];
firewall = {
enable = true;
allowedTCPPorts = [22];
allowedUDPPorts = [];
logRefusedConnections = true;
};
};
services.openssh.enable = true;
services.tailscale.enable = true;
users.users = {
root = {
openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU2TUxKyGKoZ68IG4hw23RmxVf72u5K9W0StkgTr0b2 e@t14''];
};
e = {
isNormalUser = true;
extraGroups = ["wheel"];
packages = with pkgs; [
vim
htop
tree
];
extraGroups = ["wheel" "docker"];
openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU2TUxKyGKoZ68IG4hw23RmxVf72u5K9W0StkgTr0b2 e@t14''];
};
};
virtualisation.oci-containers.containers = {
signal-api = {
image = "bbernhard/signal-cli-rest-api:latest";
ports = ["100.73.10.99:8080:8080"];
volumes = [
"/root/signal-cli:/home/.local/share/signal-cli"
];
};
};
systemd.timers."signal-upload" = {
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "*:0/5";
Unit = "signal-upload.service";
};
};
systemd.services."signal-upload" = {
script = ''
${pkgs.curl}/bin/curl -X GET -H "Content-Type application/json" 'http://rknrd.tailc353f.ts.net:8080/v1/receive/+14145029897' && ${pkgs.docker}/bin/docker run --rm --env-file=${config.sops.secrets."b2-photos-s3/env".path} -v /root/signal-cli/attachments:/root/data public.ecr.aws/aws-cli/aws-cli s3 mv /root/data/ s3://iofq-photos/signal --endpoint-url=https://s3.us-west-004.backblazeb2.com --recursive
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
security.sudo.wheelNeedsPassword = false;
nix.settings.trusted-users = ["e"];
system.stateVersion = "22.11";

36
nixos/racknerd/minecraft.nix
View file

@ -1,4 +1,38 @@
{pkgs, ...}: {
{
config,
pkgs,
...
}: {
sops = {
defaultSopsFile = ../../secrets/restic.yaml;
age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
secrets = {
"b2-minecraft/env" = {};
"b2-minecraft/repo" = {};
"b2-minecraft/password" = {};
"b2-photos-s3/env" = {};
};
};
services.restic.backups = {
b2-minecraft = {
initialize = true;
environmentFile = config.sops.secrets."b2-minecraft/env".path;
repositoryFile = config.sops.secrets."b2-minecraft/repo".path;
passwordFile = config.sops.secrets."b2-minecraft/password".path;
paths = [
"/var/lib/minecraft"
];
timerConfig = {
OnCalendar = "00:05";
};
pruneOpts = [
"--keep-daily 3"
"--keep-weekly 1"
"--keep-monthly 1"
];
};
};
services.minecraft-server = {
enable = true;
eula = true;

32
nixos/t14/backups.nix Normal file
View file

@ -0,0 +1,32 @@
{config, ...}: {
sops = {
defaultSopsFile = ../../secrets/restic.yaml;
age.keyFile = "/home/e/.config/sops/age/keys.txt";
secrets = {
"b2-home/env" = {};
"b2-home/repo" = {};
"b2-home/password" = {};
};
};
services.restic.backups = {
b2-home = {
initialize = true;
environmentFile = config.sops.secrets."b2-home/env".path;
repositoryFile = config.sops.secrets."b2-home/repo".path;
passwordFile = config.sops.secrets."b2-home/password".path;
paths = [
"/home/e/backmeup"
"/home/e/.ssh"
"/home/e/.librewolf"
"/home/e/.runelite"
];
timerConfig = {
OnCalendar = "01:00";
};
pruneOpts = [
"--keep-last 14"
];
};
};
}

28
nixos/t14/configuration.nix
View file

@ -9,6 +9,7 @@ in {
imports = [
./hardware-configuration.nix
./nano.nix
./backups.nix
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
@ -16,7 +17,6 @@ in {
environment.systemPackages = with pkgs; [
cryptsetup
nfs-utils
comma
];
environment.extraInit = "[[ -f ${homeManagerSessionVars} ]] && source ${homeManagerSessionVars} && echo 'x' > /tmp/test";
@ -48,7 +48,6 @@ in {
# Services
virtualisation = {
libvirtd.enable = true;
podman = {
enable = true;
dockerCompat = true;
@ -77,29 +76,8 @@ in {
enable = true;
settings = {
WIFI_PWR_ON_BAT = "off";
CPU_BOOST_ON_BAT = "0";
CPU_BOOST_ON_AC = "1";
PLATFORM_PROFILE_ON_AC = "low-power";
PLATFORM_PROFILE_ON_BAT = "low-power";
CPU_SCALING_GOVERNOR_ON_AC = "powersave";
CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
CPU_ENERGY_PERF_POLICY_ON_AC = "power";
CPU_MIN_PERF_ON_AC = 0;
CPU_MAX_PERF_ON_AC = 100;
CPU_MIN_PERF_ON_BAT = 0;
CPU_MAX_PERF_ON_BAT = 25;
RADEON_DPM_STATE_ON_AC = "performance";
RADEON_DPM_STATE_ON_BAT = "battery";
RADEON_POWER_PROFILE_ON_AC = "high";
RADEON_POWER_PROFILE_ON_BAT = "low";
#Optional helps save long term battery health
START_CHARGE_THRESH_BAT0 = 80; # bellow it starts to charge
STOP_CHARGE_THRESH_BAT0 = 95; # above it stops charging
START_CHARGE_THRESH_BAT0 = 80;
STOP_CHARGE_THRESH_BAT0 = 85;
};
};

49
secrets/restic.yaml Normal file
View file

@ -0,0 +1,49 @@
restic-password: ENC[AES256_GCM,data:N2KPew==,iv:nw63djCF/TZg+efx9leZWXfELL6xy0V0F6ul2O1ED1U=,tag:tXqbtf88+uAmpgFlgpHTiA==,type:str]
b2-minecraft:
password: ENC[AES256_GCM,data:wuGy2MU8c5A2ozD2O4srZLWCyEGhkmXcfrcZ+3Oj+w5mWYPG5Jlx6nee2mOwvswv1A==,iv:wo2eDeXCMUWF21RC6kLSDHrXpQdeYkbjIfG32nc2MT4=,tag:r79moSMqFV4+xpL9/RgcRQ==,type:str]
repo: ENC[AES256_GCM,data:ib+Div2lLjoBfkqH7RlYyhk=,iv:qtlXiDw7amSPM0bEkKh6wTmQF5l0QRVxVgjCp8Ax9Z4=,tag:tHELSQWtyE9GpHgSlEHWcQ==,type:str]
env: ENC[AES256_GCM,data:9FUJaGL1B7AZ4jjbuoUVqR34lqhG9Jf7P2YcGRdozehPfY47NMG4rG/9XNmmt6NU1EysgEBb215vwm9p4+r7kZ+uAQRpUUQvYTC6mz/zj04qZ8lIYwIRLMSI,iv:RXYtRUJc8G9LXry7WzIAdEFJFz8W2j80S5J1KUT10HQ=,tag:AGc/SAYnocfgRwkFj5b3rg==,type:str]
b2-home:
password: ENC[AES256_GCM,data:5KnILerCPQ4h6PYDoyt7e/5maCAgLyPGvGuxZPJM5ceEM4dQecpvtAAyuZh/J+kftQ==,iv:VKqGp7WyNwbB4YIIwcmcHrxT66s8wymT2dMA76bcLAo=,tag:EL6wxlcAsrUEhRgRtkTuIQ==,type:str]
repo: ENC[AES256_GCM,data:wH4UOgI2Qanfmwsz,iv:bxjkNwjbL0hZMH1CFxdrrnrvmadwQtF9rl9zh7zsxU4=,tag:jNbdE3Ble1Q3dhr1uhOMQQ==,type:str]
env: ENC[AES256_GCM,data:ApCwXSQ1/pJ5C0La995jT50ZAvA0vgNrJ5R90b95IDt2CFSeKxFQiQs3hyrlI+Eor0igT0ZmaSjJ3w1GynNyT47wqjDxh6ZlzS0yhecyCckfUrn0mTK7Z/4k,iv:Bw2CzibZ+LxzkFIPJZH6JWRsd4F1f//C/6/TIsrMJOA=,tag:89jVSsy9JkurPiC3EKZfmA==,type:str]
b2-photos-s3:
env: ENC[AES256_GCM,data:m25/0USqeg+rmeD9pPQaR2nQGami50CDeQzySyxQeL5Eb+//KbfPdCyzvgOJBXBR7P7wKU4K+kuPqKfk0wrH71rgSzScg7KX0p1yNFqSs26tV+O9ctX9JeFmA9dRXrt/RA==,iv:0SKtOa/bg7Q/GRHPcoxxjdGY/+SITQmKqDG0r5JR4zM=,tag:3O2yikVOyU9OE+sPv9osSg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age14e2d2y8e2avzfrsyxg9dudxd36svm24t7skw6e969n0c42znlp3shffdtg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5eWJxSjM2NTJ1YUNOdVhl
YjZobWdiNFRLOGdpMTFPc2RXVkdDNEh3L1d3CnhHYVpZNlVSVEFoVlQ3Rnphcm1l
MU9sQUY4Q296Wk1tanVjUXRYMjQyUGsKLS0tIEZrZTJzSVR4b0lncG53cEVpTXhC
WHVYMWF1SWlNZE13aVIrVHJKK1NxSUEKRo0F8h/X3/mm/Dhi44wATtMh9j5f//mB
YKmb4WnPl2suYBuQvMuFWtugHUqVBhcnVAmyFM2L2vddmtAuvtttYQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age19qx3e78c9f2l7ceccgjf7ksvc873ungjely3nyxyjts2xsz0ldjq6shksm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5VFNwYlQ3VmMyd3pJenB0
bVlGSEZva1pVa1hnQVZ6Q1hhV1VHZ002dG1zCnBaT01MSWU3elZpZEhVZ0FyMVNF
TllWOEZQakZ4MEZ1ZWlyS1hTTURFOWsKLS0tIDNpWkdMZ0I3LzViYjZsaWhNV1Vv
NTEvUUlabzdqME1aVytlSkJ3WFJpT0kKYVL0sXLaq9bZ6xXqRKuT3GN1nuuXRiHR
Psa1czMlGL40s6vNMndceLgHEKdWHXMu9WT+BRTeTiRKMrQ9CNS+CQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1xwcz9qtaezjy4kl6xttea0u00j7j2n8xkd297vjz9xrnqx9fksjsg3nhu3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBic0JuMmZpUGZpNEhRdWVN
a09hZG1mSEFxUUxWcXBWK0U0N3NueW4rdkgwCmRZaG5pWFNvZlBiS0ZOT1k3emFC
akZYQnRFdmQrWU0zTksza3lCaWdUeFkKLS0tICtIanM2c1VvQ21LR0FUQmFQcHhH
bTdSb0oxZVJvRGxTWTlpVlAyWEZGQkEKmLN2o4/NXmNUss9Z+j9Q9ywRBx6cx3ru
/VqSfRMczno/I3mD6t9fuSQT42X2Dgdexvi4fm5Qr3+avXE/zlMx+Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-14T05:26:47Z"
mac: ENC[AES256_GCM,data:gJ5kkzV0RWFEWJYXf5Rva6WLIRoJ3aWm4hNmJrJyanJeV4yMHDXwM3EyvJ60q1MtQVv790tPHC9NDGvVM+/WuwsBj2xiZUdHsYYv/Xio9iYD9tPXpS2bwjLOcn8K+wfOBKgnBi3rr9y00jlg+pmB/gQPPnTZXoFnxr44BROqjg8=,iv:iaQFyjrdK/zsZRYrghanNt8UQ4klu2i6wyLyOD3T3xY=,tag:MwxBUVDgl+L4WXASrC5bjg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1