From e4dc04a7ff73dc97d8d5accc384c92a2facc38e8 Mon Sep 17 00:00:00 2001 From: iofq Date: Sun, 1 Jun 2025 20:39:11 -0500 Subject: [PATCH] immich --- flake.lock | 327 +++++++++++++++--- flake.nix | 6 +- home-manager/shared/programs/dev.nix | 4 +- home-manager/shared/programs/shell/fish.nix | 6 + home-manager/shared/programs/shell/tmux.nix | 9 + home-manager/shared/wayland/default.nix | 21 +- .../shared/wayland/hyprland/default.nix | 25 +- .../shared/wayland/librewolf/default.nix | 3 - home-manager/t14/home.nix | 6 +- nixos/configuration.nix | 72 ++-- nixos/consensus/configuration.nix | 118 +++++-- nixos/t14/configuration.nix | 75 ++-- secrets/cf-acme.yaml | 25 ++ 13 files changed, 516 insertions(+), 181 deletions(-) delete mode 100644 home-manager/shared/wayland/librewolf/default.nix create mode 100644 secrets/cf-acme.yaml diff --git a/flake.lock b/flake.lock index 0cc96e8..65e9ea0 100755 --- a/flake.lock +++ b/flake.lock @@ -41,11 +41,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -57,11 +57,11 @@ "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -87,6 +87,38 @@ } }, "flake-compat_5": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_6": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_7": { "flake": false, "locked": { "lastModified": 1696426674, @@ -103,6 +135,48 @@ } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "neovim-nightly-overlay", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "neovim-nightly-overlay", + "hercules-ci-effects", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "type": "github" + }, + "original": { + "id": "flake-parts", + "type": "indirect" + } + }, + "flake-parts_3": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, @@ -120,7 +194,7 @@ "type": "github" } }, - "flake-parts_2": { + "flake-parts_4": { "inputs": { "nixpkgs-lib": [ "nvim", @@ -142,7 +216,7 @@ "type": "github" } }, - "flake-parts_3": { + "flake-parts_5": { "inputs": { "nixpkgs-lib": [ "nvim", @@ -184,8 +258,8 @@ }, "gen-luarc": { "inputs": { - "flake-parts": "flake-parts", - "git-hooks": "git-hooks", + "flake-parts": "flake-parts_3", + "git-hooks": "git-hooks_2", "luvit-meta": "luvit-meta", "nixpkgs": [ "nvim", @@ -208,8 +282,31 @@ }, "git-hooks": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat_3", "gitignore": "gitignore", + "nixpkgs": [ + "neovim-nightly-overlay", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747372754, + "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "git-hooks_2": { + "inputs": { + "flake-compat": "flake-compat_4", + "gitignore": "gitignore_2", "nixpkgs": [ "nvim", "gen-luarc", @@ -231,10 +328,10 @@ "type": "github" } }, - "git-hooks_2": { + "git-hooks_3": { "inputs": { - "flake-compat": "flake-compat_4", - "gitignore": "gitignore_2", + "flake-compat": "flake-compat_6", + "gitignore": "gitignore_3", "nixpkgs": [ "nvim", "neovim-nightly-overlay", @@ -258,8 +355,7 @@ "gitignore": { "inputs": { "nixpkgs": [ - "nvim", - "gen-luarc", + "neovim-nightly-overlay", "git-hooks", "nixpkgs" ] @@ -282,7 +378,7 @@ "inputs": { "nixpkgs": [ "nvim", - "neovim-nightly-overlay", + "gen-luarc", "git-hooks", "nixpkgs" ] @@ -302,6 +398,29 @@ } }, "gitignore_3": { + "inputs": { + "nixpkgs": [ + "nvim", + "neovim-nightly-overlay", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_4": { "inputs": { "nixpkgs": [ "pre-commit-hooks", @@ -324,7 +443,29 @@ }, "hercules-ci-effects": { "inputs": { - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_2", + "nixpkgs": [ + "neovim-nightly-overlay", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747284884, + "narHash": "sha256-lTSKhRrassMcJ1ZsuUVunyl/F04vvCKY80HB/4rvvm4=", + "owner": "hercules-ci", + "repo": "hercules-ci-effects", + "rev": "7168f6002a6b48a9b6151e1e97e974a0722ecfdc", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "hercules-ci-effects", + "type": "github" + } + }, + "hercules-ci-effects_2": { + "inputs": { + "flake-parts": "flake-parts_5", "nixpkgs": [ "nvim", "neovim-nightly-overlay", @@ -352,11 +493,11 @@ ] }, "locked": { - "lastModified": 1746287478, - "narHash": "sha256-z3HiHR2CNAdwyZTWPM2kkzhE1gD1G6ExPxkaiQfNh7s=", + "lastModified": 1747439237, + "narHash": "sha256-5rCGrnkglKKj4cav1U3HC+SIUNJh08pqOK4spQv9RjA=", "owner": "nix-community", "repo": "home-manager", - "rev": "75268f62525920c4936404a056f37b91e299c97e", + "rev": "ae755329092c87369b9e9a1510a8cf1ce2b1c708", "type": "github" }, "original": { @@ -400,14 +541,38 @@ }, "neovim-nightly-overlay": { "inputs": { - "flake-compat": "flake-compat_3", - "flake-parts": "flake-parts_2", - "git-hooks": "git-hooks_2", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts", + "git-hooks": "git-hooks", "hercules-ci-effects": "hercules-ci-effects", "neovim-src": "neovim-src", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs", "treefmt-nix": "treefmt-nix" }, + "locked": { + "lastModified": 1747475604, + "narHash": "sha256-QQI3EaXwqTiWAz6JCV1rD9g7uJzkhOK8gQpawVznYEs=", + "owner": "nix-community", + "repo": "neovim-nightly-overlay", + "rev": "a389c17ddc7b05050c35f9c1cd6b58a5d2ef720c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "neovim-nightly-overlay", + "type": "github" + } + }, + "neovim-nightly-overlay_2": { + "inputs": { + "flake-compat": "flake-compat_5", + "flake-parts": "flake-parts_4", + "git-hooks": "git-hooks_3", + "hercules-ci-effects": "hercules-ci-effects_2", + "neovim-src": "neovim-src_2", + "nixpkgs": "nixpkgs_3", + "treefmt-nix": "treefmt-nix_2" + }, "locked": { "lastModified": 1746256223, "narHash": "sha256-a97mwMJcE0cYGfwB5N5v+Ey+by1poGTc/fsrd47Fom8=", @@ -423,6 +588,22 @@ } }, "neovim-src": { + "flake": false, + "locked": { + "lastModified": 1747473845, + "narHash": "sha256-jmjtmuIjIKuGWyNenamx6gaWPSVkD84TxngP6hX8Auc=", + "owner": "neovim", + "repo": "neovim", + "rev": "8e8f4523c687cac4e966cb78856f73706dcec37d", + "type": "github" + }, + "original": { + "owner": "neovim", + "repo": "neovim", + "type": "github" + } + }, + "neovim-src_2": { "flake": false, "locked": { "lastModified": 1746214751, @@ -445,11 +626,11 @@ ] }, "locked": { - "lastModified": 1746054057, - "narHash": "sha256-iR+idGZJ191cY6NBXyVjh9QH8GVWTkvZw/w+1Igy45A=", + "lastModified": 1747470409, + "narHash": "sha256-R9TP2//BDKyjNzuZybplIZm7HQEnwL8khs7EmmTPYP4=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "13ba07d54c6ccc5af30a501df669bf3fe3dd4db8", + "rev": "c1f63a0c3bf1b2fe05124ccb099333163e2184a7", "type": "github" }, "original": { @@ -460,11 +641,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1745955289, - "narHash": "sha256-mmV2oPhQN+YF2wmnJzXX8tqgYmUYXUj3uUUBSTmYN5o=", + "lastModified": 1747129300, + "narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "72081c9fbbef63765ae82bff9727ea79cc86bd5b", + "rev": "e81fd167b33121269149c57806599045fd33eeed", "type": "github" }, "original": { @@ -475,16 +656,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1746141548, - "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", - "owner": "nixos", + "lastModified": 1747426788, + "narHash": "sha256-N4cp0asTsJCnRMFZ/k19V9akkxb7J/opG+K+jU57JGc=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78", + "rev": "12a55407652e04dcf2309436eb06fef0d3713ef3", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable", + "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -534,6 +715,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1747327360, + "narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "e06158e58f3adee28b139e9c2bcfcc41f8625b46", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1746152631, "narHash": "sha256-zBuvmL6+CUsk2J8GINpyy8Hs1Zp4PP6iBWSmZ4SCQ/s=", @@ -549,7 +746,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1746314326, "narHash": "sha256-2xqKEdmbFttKUwIxZgQAOG24rNqVvJ7c3LmA+ZnvWlc=", @@ -570,8 +767,8 @@ "flake-utils": "flake-utils", "gen-luarc": "gen-luarc", "mini-nvim": "mini-nvim", - "neovim-nightly-overlay": "neovim-nightly-overlay", - "nixpkgs": "nixpkgs_3", + "neovim-nightly-overlay": "neovim-nightly-overlay_2", + "nixpkgs": "nixpkgs_4", "nixpkgs-uns": "nixpkgs-uns", "nvim-orgmode": "nvim-orgmode" }, @@ -607,18 +804,18 @@ }, "pre-commit-hooks": { "inputs": { - "flake-compat": "flake-compat_5", - "gitignore": "gitignore_3", + "flake-compat": "flake-compat_7", + "gitignore": "gitignore_4", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1742649964, - "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", + "lastModified": 1747372754, + "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", "type": "github" }, "original": { @@ -631,14 +828,15 @@ "inputs": { "deploy-rs": "deploy-rs", "home-manager": "home-manager", + "neovim-nightly-overlay": "neovim-nightly-overlay", "nix-index-database": "nix-index-database", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "nvim": "nvim", "pre-commit-hooks": "pre-commit-hooks", "sops-nix": "sops-nix", "systems": "systems_3", - "treefmt-nix": "treefmt-nix_2" + "treefmt-nix": "treefmt-nix_3" } }, "sops-nix": { @@ -648,11 +846,11 @@ ] }, "locked": { - "lastModified": 1745310711, - "narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=", + "lastModified": 1746485181, + "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c", + "rev": "e93ee1d900ad264d65e9701a5c6f895683433386", "type": "github" }, "original": { @@ -706,6 +904,27 @@ } }, "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "neovim-nightly-overlay", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747469671, + "narHash": "sha256-bo1ptiFoNqm6m1B2iAhJmWCBmqveLVvxom6xKmtuzjg=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "ab0378b61b0d85e73a8ab05d5c6029b5bd58c9fb", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_2": { "inputs": { "nixpkgs": [ "nvim", @@ -727,18 +946,18 @@ "type": "github" } }, - "treefmt-nix_2": { + "treefmt-nix_3": { "inputs": { "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1746216483, - "narHash": "sha256-4h3s1L/kKqt3gMDcVfN8/4v2jqHrgLIe4qok4ApH5x4=", + "lastModified": 1747469671, + "narHash": "sha256-bo1ptiFoNqm6m1B2iAhJmWCBmqveLVvxom6xKmtuzjg=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "29ec5026372e0dec56f890e50dbe4f45930320fd", + "rev": "ab0378b61b0d85e73a8ab05d5c6029b5bd58c9fb", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 18e8ffc..8e5234c 100755 --- a/flake.nix +++ b/flake.nix @@ -30,6 +30,7 @@ url = "github:serokell/deploy-rs"; inputs.nixpkgs.follows = "nixpkgs"; }; + neovim-nightly-overlay.url = "github:nix-community/neovim-nightly-overlay"; }; outputs = { self, @@ -44,7 +45,10 @@ pkgs = import nixpkgs { inherit system; config.allowUnfree = true; - overlays = [ inputs.nvim.overlays.default ]; + overlays = [ + inputs.nvim.overlays.default + inputs.neovim-nightly-overlay.overlays.default + ]; }; eachSystem = f: nixpkgs.lib.genAttrs (import systems) (system: f nixpkgs.legacyPackages.${system}); treefmtEval = eachSystem (pkgs: inputs.treefmt-nix.lib.evalModule pkgs ./treefmt.nix); diff --git a/home-manager/shared/programs/dev.nix b/home-manager/shared/programs/dev.nix index 582d00f..606dd94 100644 --- a/home-manager/shared/programs/dev.nix +++ b/home-manager/shared/programs/dev.nix @@ -6,6 +6,7 @@ jq tree jujutsu + emacs-nox #devops k9s @@ -21,7 +22,4 @@ #c gcc ]; - services.ollama = { - enable = true; - }; } diff --git a/home-manager/shared/programs/shell/fish.nix b/home-manager/shared/programs/shell/fish.nix index bcd8901..2b26238 100644 --- a/home-manager/shared/programs/shell/fish.nix +++ b/home-manager/shared/programs/shell/fish.nix @@ -26,6 +26,12 @@ } ]; functions = { + nix-shell = { + wraps = "nix-shell"; + body = '' + command nix-shell $argv --command "fish" + ''; + }; nix = { wraps = "nix"; body = '' diff --git a/home-manager/shared/programs/shell/tmux.nix b/home-manager/shared/programs/shell/tmux.nix index 74841e9..e892d8c 100755 --- a/home-manager/shared/programs/shell/tmux.nix +++ b/home-manager/shared/programs/shell/tmux.nix @@ -50,6 +50,15 @@ bind "/" { LaunchOrFocusPlugin "zellij-forgot" { floating true; } } + bind "1" { GoToTab 1; SwitchToMode "Locked"; } + bind "2" { GoToTab 2; SwitchToMode "Locked"; } + bind "3" { GoToTab 3; SwitchToMode "Locked"; } + bind "4" { GoToTab 4; SwitchToMode "Locked"; } + bind "5" { GoToTab 5; SwitchToMode "Locked"; } + bind "6" { GoToTab 6; SwitchToMode "Locked"; } + bind "7" { GoToTab 7; SwitchToMode "Locked"; } + bind "8" { GoToTab 8; SwitchToMode "Locked"; } + bind "9" { GoToTab 9; SwitchToMode "Locked"; } } shared_except "tmux" { bind "Ctrl a" { diff --git a/home-manager/shared/wayland/default.nix b/home-manager/shared/wayland/default.nix index e2ce70b..60e350a 100644 --- a/home-manager/shared/wayland/default.nix +++ b/home-manager/shared/wayland/default.nix @@ -4,7 +4,6 @@ ... }: { imports = [ - ./librewolf ./alacritty ./hyprland ./xdg @@ -12,6 +11,8 @@ ]; home.packages = with pkgs; [ + wlogout + wf-recorder wdisplays wl-clipboard gammastep @@ -20,13 +21,18 @@ home.sessionVariables = { MOZ_DBUS_REMOTE = 1; }; - programs.bemenu = { + programs.wofi = { enable = true; - settings = { - ignorecase = true; - fn = "UbuntuMono"; - prompt = "open"; - }; + style = '' + window, #input, #entry, #scroll, #text, #inner-box { + background-color: #152528; + color: #e6eaea; + } + #entry:selected, #text:selected { + background-color: #a1cdd8; + color: #152528; + } + ''; }; services.gammastep = { enable = true; @@ -60,5 +66,6 @@ } ]; }; + services.mako.enable = true; home.file.".icons/default".source = "${pkgs.vanilla-dmz}/share/icons/DMZ-Black"; } diff --git a/home-manager/shared/wayland/hyprland/default.nix b/home-manager/shared/wayland/hyprland/default.nix index f709d7f..6a07fa0 100644 --- a/home-manager/shared/wayland/hyprland/default.nix +++ b/home-manager/shared/wayland/hyprland/default.nix @@ -5,6 +5,7 @@ extraConfig = '' monitor=,preferred,auto,1 ''; + plugins = [pkgs.hyprlandPlugins.hyprexpo]; settings = { "$mod" = "SUPER"; general = { @@ -16,6 +17,7 @@ disable_hyprland_logo = true; new_window_takes_over_fullscreen = 1; exit_window_retains_fullscreen = 1; + vfr = true; }; decoration = { blur = { @@ -27,13 +29,11 @@ }; animations = { enabled = "yes"; - bezier = "ease,0.22,1,0.35,1"; animation = [ - "windows, 1, 1.5, ease, popin" - "windowsOut, 1, 1.5, ease, popin" - "border, 0, 1, default" - "fade, 1, 1.5, ease" - "workspaces, 1, 3, ease, slidefade" + "windows, 1, 3, default, popin" + "windowsOut, 1, 3, default, popin" + "fade, 1, 3, default" + "workspaces, 1, 2, default, fade" ]; }; master = { @@ -42,11 +42,10 @@ }; input = { kb_options = "caps:super"; - repeat_delay = "300"; - repeat_rate = "60"; + repeat_delay = "250"; + repeat_rate = "75"; float_switch_override_focus = 0; - # follow_mouse = 0; accel_profile = "flat"; sensitivity = 0.4; touchpad = { @@ -71,17 +70,18 @@ ]; bind = [ + "$mod, a, hyprexpo:expo, toggle" "$mod, Return, exec, alacritty" "$mod, x, killactive" "$mod, f, fullscreen" "$mod SHIFT, Escape, exit" "$mod SHIFT, f, fullscreenstate, 0 3" - "$mod, Space, exec, ${pkgs.bemenu}/bin/bemenu-run" + "$mod, Space, exec, ${pkgs.wofi}/bin/wofi --show run" + "$mod, Escape, exec, ${pkgs.wlogout}/bin/wlogout" "$mod, t, togglefloating" "$mod, bracketleft, exec, grimshot --notify save area /tmp/scrot-$(date \"+%Y-%m-%d\"T\"%H:%M:%S\").png" "$mod, bracketright, exec, grimshot --notify copy area" "$mod SHIFT, q, exec, swaylock" - "$mod SHIFT, BACKSPACE, exit" ",XF86MonBrightnessDown, exec, light -U 10" ",XF86MonBrightnessUp, exec, light -A 10" ",XF86AudioRaiseVolume, exec, pactl set-sink-volume @DEFAULT_SINK@ +1%" @@ -105,6 +105,7 @@ "$mod, PERIOD, focusmonitor, r" "$mod SHIFT, COMMA, movewindow, mon:l" "$mod SHIFT, PERIOD, movewindow, mon:r" + "$mod, s, togglespecialworkspace" ] ++ ( # workspaces @@ -169,6 +170,7 @@ "hyprland/window" ]; modules-right = [ + "tray" "cpu" "memory" "network" @@ -176,7 +178,6 @@ "pulseaudio" "battery" "clock" - "tray" ]; "hyprland/workspaces" = { disable-scroll = true; diff --git a/home-manager/shared/wayland/librewolf/default.nix b/home-manager/shared/wayland/librewolf/default.nix deleted file mode 100644 index 86aefee..0000000 --- a/home-manager/shared/wayland/librewolf/default.nix +++ /dev/null @@ -1,3 +0,0 @@ -_: { - programs.librewolf.enable = true; -} diff --git a/home-manager/t14/home.nix b/home-manager/t14/home.nix index 9f341f2..8855054 100755 --- a/home-manager/t14/home.nix +++ b/home-manager/t14/home.nix @@ -13,20 +13,17 @@ prismlauncher runelite jdk21 - steam-run # comms signal-desktop discord # apps - (chromium.override {commandLineArgs = "--load-media-router-component-extension=1";}) #chromecast + chromium pcmanfm feh ffmpeg mpv - vlc - wdisplays piper calibre @@ -36,6 +33,7 @@ android-tools ]; }; + programs.librewolf.enable = true; programs.ssh = { enable = true; matchBlocks = { diff --git a/nixos/configuration.nix b/nixos/configuration.nix index 1cd1b2e..6ee0a10 100755 --- a/nixos/configuration.nix +++ b/nixos/configuration.nix @@ -1,40 +1,46 @@ { - pkgs, - host, - ... -}: { - users.groups.plugdev = {}; # Create plugdev group +host, +... +}: { # Create plugdev group networking.hostName = host.hostName; - users.groups.${host.username} = {}; - users.users.${host.username} = { - isNormalUser = true; - group = "${host.username}"; - extraGroups = [ - "wheel" - "plugdev" - "video" - "adbusers" - ]; - }; - environment.systemPackages = with pkgs; [vim]; - programs.nix-index.enableBashIntegration = false; - programs.nix-index.enableZshIntegration = false; - programs.nix-index-database.comma.enable = true; time.timeZone = "America/Chicago"; + users = { + groups.plugdev = {}; + groups.${host.username} = {}; + users.${host.username} = { + isNormalUser = true; + group = "${host.username}"; + extraGroups = [ + "wheel" + "plugdev" + "video" + "adbusers" + ]; + }; + }; + programs = { + nix-index = { + enableBashIntegration = false; + enableZshIntegration = false; + }; + nix-index-database.comma.enable = true; + }; # Enable flakes and unfree packages - nix.settings = { - auto-optimise-store = true; - substituters = ["https://nix-community.cachix.org"]; - trusted-public-keys = [ - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; - trusted-users = [host.username]; - experimental-features = ["nix-command" "flakes"]; - }; - nix.gc = { - automatic = true; - dates = "00:00"; - options = "--delete-older-than 14d"; + nix = { + settings = { + auto-optimise-store = true; + substituters = ["https://nix-community.cachix.org"]; + trusted-public-keys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + trusted-users = [host.username]; + experimental-features = ["nix-command" "flakes"]; + }; + gc = { + automatic = true; + dates = "00:00"; + options = "--delete-older-than 14d"; + }; }; } diff --git a/nixos/consensus/configuration.nix b/nixos/consensus/configuration.nix index 06d9357..3308158 100644 --- a/nixos/consensus/configuration.nix +++ b/nixos/consensus/configuration.nix @@ -1,41 +1,28 @@ -{pkgs, ...}: { +{lib, pkgs, config, ...}: { imports = [ ./hardware-configuration.nix ]; + sops = { + defaultSopsFile = ../../secrets/cf-acme.yaml; + secrets = { + "env" = {}; + }; + }; + documentation = { + enable = lib.mkDefault false; + info.enable = lib.mkDefault false; + man.enable = lib.mkDefault false; + nixos.enable = lib.mkDefault false; + }; environment.systemPackages = with pkgs; [ git nvim-pkg docker-compose + tmux ]; - boot.tmp.cleanOnBoot = true; - zramSwap.enable = false; - swapDevices = [ - { - device = "/var/swapfile"; - size = 4 * 1024; - } - ]; - virtualisation.docker.enable = true; - networking = { - hostName = "consensus"; - firewall = { - enable = true; - allowedTCPPorts = [ - 22 - 2022 - 6443 - 25565 - 30001 - 30303 - ]; - allowedUDPPorts = [ - 30001 - 30303 - ]; - logRefusedConnections = true; - }; - }; services = { + zfs.autoScrub.enable = true; + zfs.autoSnapshot.enable = true; tailscale.enable = true; k3s = { enable = true; @@ -52,6 +39,67 @@ PermitRootLogin = "prohibit-password"; }; }; + immich = { + enable = true; + port = 2283; + host = "localhost"; + openFirewall = true; + machine-learning.enable = false; + mediaLocation = "/rice/immich"; + }; + nginx = { + enable = true; + virtualHosts."img.10110110.xyz" = { + useACMEHost = "10110110.xyz"; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:${toString config.services.immich.port}"; + proxyWebsockets = true; + recommendedProxySettings = true; + extraConfig = '' + client_max_body_size 50000M; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + send_timeout 600s; + ''; + }; + }; + }; + }; + boot = { + tmp.cleanOnBoot = true; + supportedFilesystems = ["zfs"]; + zfs.forceImportRoot = false; + zfs.extraPools = ["rice"]; + }; + networking.hostId = "91238132"; + zramSwap.enable = false; + swapDevices = [ + { + device = "/var/swapfile"; + size = 4 * 1024; + } + ]; + virtualisation.docker.enable = true; + networking = { + hostName = "consensus"; + firewall = { + enable = true; + allowedTCPPorts = [ + 22 + 443 + 2022 + 6443 + 25565 + 30001 + 30303 + ]; + allowedUDPPorts = [ + 30001 + 30303 + ]; + logRefusedConnections = true; + }; }; users.users = { root = { @@ -68,6 +116,18 @@ }; }; security.sudo.wheelNeedsPassword = false; + security.acme = { + acceptTerms = true; + defaults.email = "acme@10110110.xyz"; + certs = { + "10110110.xyz" = { + domain = "*.10110110.xyz"; + group = config.services.nginx.group; + dnsProvider = "cloudflare"; + environmentFile = config.sops.secrets."env".path; + }; + }; + }; nix.settings.trusted-users = ["e"]; system.stateVersion = "23.11"; } diff --git a/nixos/t14/configuration.nix b/nixos/t14/configuration.nix index d28bef1..20ddc73 100755 --- a/nixos/t14/configuration.nix +++ b/nixos/t14/configuration.nix @@ -1,7 +1,7 @@ { - pkgs, - attrs, - ... +pkgs, +attrs, +... }: let # Horrid workaround for https://github.com/nix-community/home-manager/issues/1011 homeManagerSessionVars = "/etc/profiles/per-user/${attrs.username}/etc/profile.d/hm-session-vars.sh"; @@ -10,12 +10,14 @@ in { ./hardware-configuration.nix ./backups.nix ]; - environment.systemPackages = with pkgs; [ - cryptsetup - nfs-utils - nerdctl - ]; - environment.extraInit = "[[ -f ${homeManagerSessionVars} ]] && source ${homeManagerSessionVars} && echo 'x' > /tmp/test"; + environment = { + systemPackages = with pkgs; [ + cryptsetup + nfs-utils + nerdctl + ]; + extraInit = "[[ -f ${homeManagerSessionVars} ]] && source ${homeManagerSessionVars} && echo 'x' > /tmp/test"; + }; boot = { loader.systemd-boot.enable = true; @@ -60,7 +62,27 @@ in { }; steam.enable = true; adb.enable = true; - fish.enable = true; + fish.enable = true; #enable vendor completions + }; + + # workaround for wait-online killing nixos build + systemd.services.NetworkManager-wait-online = { + serviceConfig = { + ExecStart = ["" "${pkgs.networkmanager}/bin/nm-online -q"]; + }; + }; + + hardware = { + graphics = { + enable = true; + enable32Bit = true; + extraPackages = [ + pkgs.mesa + pkgs.amdvlk + pkgs.libGL + ]; + }; + ledger.enable = true; }; services = { resolved = { @@ -70,7 +92,6 @@ in { ]; }; tailscale.enable = true; - avahi.enable = true; # chromecast pipewire = { enable = true; alsa.enable = true; @@ -117,33 +138,17 @@ in { pkgs.ledger-udev-rules pkgs.trezor-udev-rules ]; - }; - # workaround for wait-online killing nixos build - systemd.services.NetworkManager-wait-online = { - serviceConfig = { - ExecStart = ["" "${pkgs.networkmanager}/bin/nm-online -q"]; - }; + trezord.enable = true; + udisks2.enable = true; # kindle }; - - hardware.graphics = { - enable = true; - enable32Bit = true; - extraPackages = [ - pkgs.mesa - pkgs.amdvlk - pkgs.libGL + fonts = { + # Set a sane system-wide default font + packages = with pkgs; [ + nerd-fonts.ubuntu-mono + spleen ]; + fontconfig.defaultFonts.monospace = ["UbuntuMono"]; }; - hardware.ledger.enable = true; - services.trezord.enable = true; - services.udisks2.enable = true; # kindle - - # Set a sane system-wide default font - fonts.packages = with pkgs; [ - nerd-fonts.ubuntu-mono - spleen - ]; - fonts.fontconfig.defaultFonts.monospace = ["UbuntuMono"]; system.stateVersion = "22.11"; } diff --git a/secrets/cf-acme.yaml b/secrets/cf-acme.yaml new file mode 100644 index 0000000..d8e00f3 --- /dev/null +++ b/secrets/cf-acme.yaml @@ -0,0 +1,25 @@ +env: ENC[AES256_GCM,data:G2O7yhOE3UKukq+1zXVWAW/REdTVdBCY0WByZbC7jnxR773ST9lA8rwEL5leB8h0bTqqQh8bwI4AdFR6/r0UQyc=,iv:IaRUoGY2zfaFDofSedHjtSx0UIGoIqX6oQhbrKCE45c=,tag:MW74dIOol8PZNxyUJEbPyQ==,type:str] +sops: + age: + - recipient: age14e2d2y8e2avzfrsyxg9dudxd36svm24t7skw6e969n0c42znlp3shffdtg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3ei9idzZZTmtXSHB5bnhB + WjdOeDJBc3l0MjEvbHlHczRtTCt3cG05M0JzCnMvM05SWWJsU1h6VXFxOWVlN21x + MmJxcFpVbEpKaUliRmJBM2FhN1d6cm8KLS0tIElibU4xUTNScWM2cEI2YXdWRzdr + cjFKUzJENlVUVlpoQ3RNelFUV2h3WkkKIOHlJ72UWGnOxvO6mm6f1wnWZ5acWQCX + AmG5ATn3WYvUt9nthMUMFpX3ICFiLHp73eKz1vMsA6DloVpi58FAlg== + -----END AGE ENCRYPTED FILE----- + - recipient: age16pdhm238k63uye3rf4cwwe7ddyzds6xj9jv4wpsfggkghyarjqtsjzkxna + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4M2ZNcndhUFdkT2JmYWxw + Sk14Sk1OWUQ1MzZ3SDZLdnR6TW9xK3h1bGpvCmlVUkRxbnFWc1gzRGduZURTOWNI + WDdsakRRelhId1RKSEIvRWJpQUozYk0KLS0tIDlrY1E0NG5ydWRoT1QyMXZmVXpN + TzlHa0h2SFlUZnAvcjJ1NGdFL3ppWWsKm/aU+oAbTH7kC/k+VbGoxBGQzWxe8SRD + 8Glhaq/ctBcr09dbkWl43GTXkNoEx8/wKA30HTvEq0yWEBworrSQ8w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-06-02T00:02:47Z" + mac: ENC[AES256_GCM,data:l3I8KNMoZGrUUS/RzY0fAr7DkvyhynOqPW/09IfI8sKYBP+gavdf3/OpW3uwhYzuS6pRWwCaUTa0F+HELu7rBG8FwpvyBpdeAgZb1hVFtKeBuaCjXDieuxKjj27IKLx3UbHx2iRm91oB7bIMZaXYMrlYVmrs/BkgoT8vHj5j7Rc=,iv:KaB9qaUTYbnS6ix297MjIHxl+LSazZnRW0Lu2bP/kmk=,tag:bbncBMsk/qOfz0LRmrqiUQ==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2