july rice

home-manager/shared/programs/dev.nix

@@ -5,9 +5,8 @@
     gnumake
     jq
     tree
-    jujutsu
+    jjui
     emacs-nox
-    shellcheck
 
     #devops
     k9s
@@ -22,5 +21,8 @@
 
     #c
     gcc
+
+    #llm
+    aider-chat
   ];
 }

home-manager/shared/programs/shell/default.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   imports = [
     ./tmux.nix
     ./git.nix
@@ -17,7 +18,7 @@
   programs.bash = {
     enable = true;
     enableCompletion = true;
-    historyControl = ["ignorespace"];
+    historyControl = [ "ignorespace" ];
     historyIgnore = [
       ":q"
       "exit"
@@ -70,7 +71,7 @@
   };
   programs.fzf = {
     enable = true;
-    historyWidgetOptions = ["--height 60% --preview ''"];
+    historyWidgetOptions = [ "--height 60% --preview ''" ];
     fileWidgetCommand = "command find -L . -mindepth 1 -o -fstype 'sysfs' -o -fstype 'devfs' -o -fstype 'devtmpfs' -o -fstype 'proc' -prune";
   };
   programs.direnv = {
@@ -92,6 +93,7 @@
   services.gpg-agent = {
     enable = true;
     enableSshSupport = true;
+    pinentry.package = pkgs.pinentry-curses;
     extraConfig = ''
       allow-loopback-pinentry
     '';

home-manager/shared/programs/shell/fish/functions.nix

@@ -32,7 +32,7 @@
       if set -q FISH_JJ
           return 0
       end
-      if not jj root &>/dev/null
+      if not jj workspace root --ignore-working-copy &>/dev/null
           return 1
       end
 

home-manager/shared/programs/shell/git.nix

@@ -25,12 +25,12 @@
   programs.jujutsu = {
     enable = true;
     settings = {
-      core = {
+      # core = {
-        fsmonitor = "watchman";
+      #   fsmonitor = "watchman";
-        watchman = {
+      #   watchman = {
-          register-snapshot-trigger = false;
+      #     register-snapshot-trigger = true;
-        };
+      #   };
-      };
+      # };
       user = {
         email = "cjriddz@protonmail.com";
         name = "iofq";
@@ -43,9 +43,6 @@
         backend = "gpg";
         key = "cjriddz@protonmail.com";
       };
-      git = {
-        sign-on-push = true;
-      };
       ui = {
         default-command = [ "log" ];
         conflict-marker-style = "git";

home-manager/t14/home.nix

@@ -45,7 +45,7 @@
     matchBlocks = {
       "consensus" = {
         port = 2022;
-        hostname = "192.168.1.251";
+        hostname = "consensus.tailc353f.ts.net";
         identityFile = "/home/e/.ssh/id_ed25519";
       };
       "10110110.xyz" = {

nixos/configuration.nix

@@ -17,6 +17,7 @@
         "plugdev"
         "video"
         "adbusers"
+        "network"
       ];
     };
   };

nixos/consensus/configuration.nix

@@ -26,8 +26,8 @@
     tmux
   ];
   services = {
-    zfs.autoScrub.enable = true;
+    # zfs.autoScrub.enable = true;
-    zfs.autoSnapshot.enable = true;
+    # zfs.autoSnapshot.enable = true;
     tailscale.enable = true;
     k3s = {
       enable = true;
@@ -36,16 +36,53 @@
         "--disable=traefik"
       ];
     };
+    fail2ban = {
+      enable = true;
+      maxretry = 5;
+      bantime = "1h";
+      ignoreIP = [
+        "172.16.0.0/12"
+        "192.168.0.0/16"
+        "tailc353f.ts.net"
+      ];
+
+      bantime-increment = {
+        enable = true;
+        multipliers = "1 2 4 8 16 32 64 128 256";
+        maxtime = "24h";
+        overalljails = true;
+      };
+    };
     openssh = {
       enable = true;
       ports = [2022];
       settings = {
         PasswordAuthentication = false;
         PermitRootLogin = "prohibit-password";
+        PermitEmptyPasswords = false;
+        PermitTunnel = false;
+        UseDns = false;
+        KbdInteractiveAuthentication = false;
+        X11Forwarding = false;
+        MaxAuthTries = 3;
+        MaxSessions = 2;
+        ClientAliveInterval = 300;
+        ClientAliveCountMax = 0;
+        TCPKeepAlive = false;
+        AllowTcpForwarding = false;
+        AllowAgentForwarding = false;
+        LogLevel = "VERBOSE";
       };
+      hostKeys = [
+        {
+          path = "/etc/ssh/ssh_host_ed25519_key";
+          type = "ed25519";
+        }
+      ];
     };
     immich = {
-      enable = true;
+      # enable = true;
+      enable = false;
       port = 2283;
       host = "localhost";
       openFirewall = true;
@@ -73,9 +110,9 @@
   };
   boot = {
     tmp.cleanOnBoot = true;
-    supportedFilesystems = ["zfs"];
+    # supportedFilesystems = ["zfs"];
-    zfs.forceImportRoot = false;
+    # zfs.forceImportRoot = false;
-    zfs.extraPools = ["rice"];
+    # zfs.extraPools = ["rice"];
   };
   networking.hostId = "91238132";
   zramSwap.enable = false;

nixos/consensus/hardware-configuration.nix

@@ -1,10 +1,19 @@
-{ lib, modulesPath, ... }:
 {
-  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  lib,
+  modulesPath,
+  ...
+}: {
+  imports = [(modulesPath + "/profiles/qemu-guest.nix")];
   boot.loader.grub.device = "/dev/nvme0n1";
-  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
+  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
-  boot.initrd.kernelModules = [ "nvme" ];
+  boot.initrd.kernelModules = ["nvme"];
-  fileSystems."/" = { device = "/dev/mapper/vg-root"; fsType = "btrfs"; };
+  fileSystems."/" = {
-  fileSystems."/var" = { device = "/dev/mapper/vg-var"; fsType = "btrfs"; };
+    device = "/dev/mapper/vg-root";
+    fsType = "btrfs";
+  };
+  fileSystems."/var" = {
+    device = "/dev/mapper/vg-var";
+    fsType = "btrfs";
+  };
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }

nixos/t14/configuration.nix

@@ -1,7 +1,7 @@
 {
-pkgs,
+  pkgs,
-attrs,
+  attrs,
-...
+  ...
 }: let
   # Horrid workaround for https://github.com/nix-community/home-manager/issues/1011
   homeManagerSessionVars = "/etc/profiles/per-user/${attrs.username}/etc/profile.d/hm-session-vars.sh";
@@ -24,6 +24,7 @@ in {
     loader.systemd-boot.enable = true;
     loader.efi.canTouchEfiVariables = true;
     kernelPackages = pkgs.linuxPackages_latest;
+    blacklistedKernelModules = ["bluetooth"];
   };
   # Networking
   networking = {
@@ -84,6 +85,7 @@ in {
       ];
     };
     ledger.enable = true;
+    enableAllFirmware = true;
   };
   services = {
     resolved = {
@@ -103,8 +105,8 @@ in {
     tlp = {
       enable = true;
       settings = {
-        START_CHARGE_THRESH_BAT0 = 40;
+        START_CHARGE_THRESH_BAT0 = 60;
-        STOP_CHARGE_THRESH_BAT0 = 80;
+        STOP_CHARGE_THRESH_BAT0 = 90;
         CPU_BOOST_ON_AC = 1;
         CPU_BOOST_ON_BAT = 0;
         CPU_SCALING_GOVERNOR_ON_AC = "performance";
@@ -113,11 +115,12 @@ in {
         CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
         PLATFORM_PROFILE_ON_BAT = "low-power";
         PLATFORM_PROFILE_ON_AC = "performance";
+        DEVICES_TO_DISABLE_ON_STARTUP = "bluetooth";
 
         CPU_MIN_PERF_ON_AC = 0;
         CPU_MAX_PERF_ON_AC = 100;
         CPU_MIN_PERF_ON_BAT = 0;
-        CPU_MAX_PERF_ON_BAT = 20;
+        CPU_MAX_PERF_ON_BAT = 40;
       };
     };
     ratbagd.enable = true; # Logitech

nixos/t14/hardware-configuration.nix

@@ -10,15 +10,20 @@
   imports = [
     (modulesPath + "/installer/scan/not-detected.nix")
   ];
-
+  boot = {
-  boot.initrd.availableKernelModules = ["nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
+    initrd.availableKernelModules = ["nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
-  boot.initrd.kernelModules = ["amdgpu"];
+    initrd.kernelModules = ["amdgpu"];
-  boot.kernelModules = ["kvm-amd"];
+    kernelModules = ["kvm-amd"];
-  boot.extraModulePackages = [];
+    extraModulePackages = [];
+    tmp = {
+      useTmpfs = true;
+    };
+  };
 
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/f56e8356-3915-4ff8-957c-de7f9a72b326";
     fsType = "btrfs";
+    options = ["compress=lzo"];
   };
 
   fileSystems."/boot" = {