diff --git a/.sops.yaml b/.sops.yaml index 40a112e..8c61a47 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,11 +1,32 @@ keys: - - &baradur age1fe2alznmwldqrnlx09n4e7hfc3kflm2h9lmgem54kcadze5kp53qjuyrqy - &arrayofone age19r87m08mt03zg8ustzlx733s4m4wph6vvkd0qxlequfje5k0mawsy68vp2 - - &db age1smv5elusy6hpywadnyfvcf0gph8yqpjyeqcf7spvfgrghd3u55qq6lc9aw + - &baradur age1fe2alznmwldqrnlx09n4e7hfc3kflm2h9lmgem54kcadze5kp53qjuyrqy + - &db age19r87m08mt03zg8ustzlx733s4m4wph6vvkd0qxlequfje5k0mawsy68vp2 + - &dbook age126t4jjumls89dfl83cx3lvukhwad5nte38zeq5uue4m39ex9kfeqtw4r2v + - &mingabook age14ejy4tppggtacyzxfhtnagqhtr60zyf6l6euh5vxlf8uh9vcef3s2clada + - &darrenbangsund age1fyndjw4ucc39hh2kyuxth2pyevl2h5zh9lmfq7v9h8neq9csnc9qrcm4zq creation_rules: - - path_regex: secrets/fellowship.yaml$ + - path_regex: secrets/arrayofone.yaml$ key_groups: - age: - - *baradur - *arrayofone + - path_regex: secrets/baradur.yaml$ + key_groups: + - age: + - *baradur + - path_regex: secrets/db.yaml$ + key_groups: + - age: - *db + - path_regex: secrets/dbook.yaml$ + key_groups: + - age: + - *dbook + - path_regex: secrets/mingabook.yaml$ + key_groups: + - age: + - *mingabook + - path_regex: secrets/darrenbangsund.yaml$ + key_groups: + - age: + - *darrenbangsund diff --git a/Taskfile.yml b/Taskfile.yml index 09acc1e..2918e6f 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -47,11 +47,11 @@ tasks: cmds: - sudo nixos-rebuild dry-run --flake {{.FLAKE_DIR}}#{{.NIXOS_HOST}} - vm:nixos: - desc: "Build and run NixOS configuration in VM" - cmds: - - sudo nixos-rebuild build-vm --flake {{.FLAKE_DIR}}#{{.NIXOS_HOST}} - - echo "VM built! Run: ./result/bin/run-{{.NIXOS_HOST}}-vm" + # vm:nixos: + # desc: "Build and run NixOS configuration in VM" + # cmds: + # - sudo nixos-rebuild build-vm --flake {{.FLAKE_DIR}}#{{.NIXOS_HOST}} + # - echo "VM built! Run: ./result/bin/run-{{.NIXOS_HOST}}-vm" # ============================================================================= # HOME MANAGER OPERATIONS @@ -154,28 +154,40 @@ tasks: # SECRETS MANAGEMENT # ============================================================================= - secrets:edit: - desc: "Edit secrets file with SOPS" + secrets:init: + desc: "Initialize secrets keys and files for the current host and user" + cmds: + - scripts/init-secrets.sh + + secrets:edit:system: + desc: "Edit system secrets (secrets/$(hostname).yaml)" + cmds: + - scripts/manage-secrets.sh edit system + + secrets:edit:user: + desc: "Edit user secrets (secrets/$(whoami).yaml)" + cmds: + - scripts/manage-secrets.sh edit user + + secrets:encrypt:system: + desc: "Re-encrypt system secrets" cmds: - - sops {{.FLAKE_DIR}}/secrets/fellowship.yaml + - scripts/manage-secrets.sh encrypt system - secrets:decrypt: - desc: "Decrypt and show secrets" + secrets:encrypt:user: + desc: "Re-encrypt user secrets" cmds: - - sops -d {{.FLAKE_DIR}}/secrets/fellowship.yaml + - scripts/manage-secrets.sh encrypt user - secrets:encrypt: - desc: "Re-encrypt secrets with current keys" + secrets:decrypt:system: + desc: "Decrypt and show system secrets" cmds: - - sops updatekeys {{.FLAKE_DIR}}/secrets/fellowship.yaml + - scripts/manage-secrets.sh decrypt system - age:keygen: - desc: "Generate new age key" + secrets:decrypt:user: + desc: "Decrypt and show user secrets" cmds: - - mkdir -p ~/.config/age - - age-keygen -o ~/.config/age/keys.txt - - echo "Public key:" - - age-keygen -y ~/.config/age/keys.txt + - scripts/manage-secrets.sh decrypt user # ============================================================================= # MAINTENANCE & CLEANUP diff --git a/flake.lock b/flake.lock index d480ef1..d39ae95 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ ] }, "locked": { - "lastModified": 1755946532, - "narHash": "sha256-POePremlUY5GyA1zfbtic6XLxDaQcqHN6l+bIxdT5gc=", + "lastModified": 1769428758, + "narHash": "sha256-0G/GzF7lkWs/yl82bXuisSqPn6sf8YGTnbEdFOXvOfU=", "owner": "hyprwm", "repo": "aquamarine", - "rev": "81584dae2df6ac79f6b6dae0ecb7705e95129ada", + "rev": "def5e74c97370f15949a67c62e61f1459fcb0e15", "type": "github" }, "original": { @@ -38,11 +38,11 @@ "fromYaml": "fromYaml" }, "locked": { - "lastModified": 1746562888, - "narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=", + "lastModified": 1755819240, + "narHash": "sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo=", "owner": "SenchoPens", "repo": "base16.nix", - "rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89", + "rev": "75ed5e5e3fce37df22e49125181fa37899c3ccd6", "type": "github" }, "original": { @@ -54,27 +54,28 @@ "base16-fish": { "flake": false, "locked": { - "lastModified": 1622559957, - "narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", + "lastModified": 1765809053, + "narHash": "sha256-XCUQLoLfBJ8saWms2HCIj4NEN+xNsWBlU1NrEPcQG4s=", "owner": "tomyun", "repo": "base16-fish", - "rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", + "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", "type": "github" }, "original": { "owner": "tomyun", "repo": "base16-fish", + "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", "type": "github" } }, "base16-helix": { "flake": false, "locked": { - "lastModified": 1752979451, - "narHash": "sha256-0CQM+FkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM=", + "lastModified": 1760703920, + "narHash": "sha256-m82fGUYns4uHd+ZTdoLX2vlHikzwzdu2s2rYM2bNwzw=", "owner": "tinted-theming", "repo": "base16-helix", - "rev": "27cf1e66e50abc622fb76a3019012dc07c678fac", + "rev": "d646af9b7d14bff08824538164af99d0c521b185", "type": "github" }, "original": { @@ -100,19 +101,41 @@ "type": "github" } }, + "blueprint": { + "inputs": { + "nixpkgs": [ + "ethereum-nix", + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1769353768, + "narHash": "sha256-zI+7cbMI4wMIR57jMjDSEsVb3grapTnURDxxJPYFIW0=", + "owner": "numtide", + "repo": "blueprint", + "rev": "c7da5c70ad1c9b60b6f5d4f674fbe205d48d8f6c", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "blueprint", + "type": "github" + } + }, "brew-src": { "flake": false, "locked": { - "lastModified": 1753461463, - "narHash": "sha256-kGc7pRH0diLzKmOHsEFA8sZ9NJpgT+tqxAMsuqNd5Po=", + "lastModified": 1769363988, + "narHash": "sha256-BiGPeulrDVetXP+tjxhMcGLUROZAtZIhU5m4MqawCfM=", "owner": "Homebrew", "repo": "brew", - "rev": "4d14be89e99a45181c18e96a5f19a5b43343cc0f", + "rev": "d01011cac6d72032c75fd2cd9489909e95d9faf2", "type": "github" }, "original": { "owner": "Homebrew", - "ref": "4.5.13", + "ref": "5.0.12", "repo": "brew", "type": "github" } @@ -122,11 +145,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1756293646, - "narHash": "sha256-VgJtXf3j4/4nJJAk7Ol2un7U6+7tN54sj4nWP+wpYSo=", + "lastModified": 1769432988, + "narHash": "sha256-q4arZjXnLiuMnLzO972lrXIGdzyGb4DGaIt69CcCYdE=", "owner": "catppuccin", "repo": "nix", - "rev": "f2e3c4c73d4fbd5e2c24ae44075ded300fe7b52b", + "rev": "d7a8632c0d8d144478aac1a8c8d5083b770cbb03", "type": "github" }, "original": { @@ -142,11 +165,11 @@ ] }, "locked": { - "lastModified": 1755825449, - "narHash": "sha256-XkiN4NM9Xdy59h69Pc+Vg4PxkSm9EWl6u7k6D5FZ5cM=", + "lastModified": 1768764703, + "narHash": "sha256-5ulSDyOG1U+1sJhkJHYsUOWEsmtLl97O0NTVMvgIVyc=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "8df64f819698c1fee0c2969696f54a843b2231e8", + "rev": "0fc4e7ac670a0ed874abacf73c4b072a6a58064b", "type": "github" }, "original": { @@ -155,49 +178,20 @@ "type": "github" } }, - "devshell": { - "inputs": { - "nixpkgs": [ - "ethereum-nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1741473158, - "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", - "owner": "numtide", - "repo": "devshell", - "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "devshell", - "type": "github" - } - }, "ethereum-nix": { "inputs": { - "devshell": "devshell", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", - "flake-utils": "flake-utils", - "foundry-nix": "foundry-nix", - "hercules-ci-effects": "hercules-ci-effects", + "blueprint": "blueprint", "nixpkgs": [ "nixpkgs" ], - "nixpkgs-2311": "nixpkgs-2311", - "nixpkgs-unstable": "nixpkgs-unstable", - "systems": "systems", "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1756233487, - "narHash": "sha256-TO0W5dF2Da/dWI1jKBUJsOV9HB0di3233ZF/fspCRGs=", + "lastModified": 1769678452, + "narHash": "sha256-/Z8Oba+qhRskszfR4A4UONGRABrtIznCP59BT9gehHg=", "owner": "nix-community", "repo": "ethereum.nix", - "rev": "7a8739707e003a2b3cb509e100ccdd2cc1753031", + "rev": "2709011bc5618606015e7e46477fc2b957c58196", "type": "github" }, "original": { @@ -209,11 +203,11 @@ "firefox-gnome-theme": { "flake": false, "locked": { - "lastModified": 1748383148, - "narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=", + "lastModified": 1764873433, + "narHash": "sha256-1XPewtGMi+9wN9Ispoluxunw/RwozuTRVuuQOmxzt+A=", "owner": "rafaelmardojai", "repo": "firefox-gnome-theme", - "rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf", + "rev": "f7ffd917ac0d253dbd6a3bf3da06888f57c69f92", "type": "github" }, "original": { @@ -223,16 +217,17 @@ } }, "flake-compat": { + "flake": false, "locked": { - "lastModified": 1746162366, - "narHash": "sha256-5SSSZ/oQkwfcAz/o/6TlejlVGqeK08wyREBQ5qFFPhM=", - "owner": "nix-community", + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "NixOS", "repo": "flake-compat", - "rev": "0f158086a2ecdbb138cd0429410e44994f1b7e4b", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", "type": "github" }, "original": { - "owner": "nix-community", + "owner": "NixOS", "repo": "flake-compat", "type": "github" } @@ -240,11 +235,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", "type": "github" }, "original": { @@ -254,22 +249,6 @@ } }, "flake-compat_3": { - "flake": false, - "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_4": { "flake": false, "locked": { "lastModified": 1650374568, @@ -286,24 +265,6 @@ } }, "flake-parts": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1754487366, - "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "stylix", @@ -311,11 +272,11 @@ ] }, "locked": { - "lastModified": 1751413152, - "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", + "lastModified": 1767609335, + "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", + "rev": "250481aafeb741edfe23d29195671c19b36b6dca", "type": "github" }, "original": { @@ -326,17 +287,14 @@ }, "flake-utils": { "inputs": { - "systems": [ - "ethereum-nix", - "systems" - ] + "systems": "systems_5" }, "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", "owner": "numtide", "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", "type": "github" }, "original": { @@ -347,7 +305,7 @@ }, "flake-utils-plus": { "inputs": { - "flake-utils": "flake-utils_2" + "flake-utils": "flake-utils" }, "locked": { "lastModified": 1715533576, @@ -364,50 +322,6 @@ "type": "github" } }, - "flake-utils_2": { - "inputs": { - "systems": "systems_5" - }, - "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "foundry-nix": { - "inputs": { - "flake-utils": [ - "ethereum-nix", - "flake-utils" - ], - "nixpkgs": [ - "ethereum-nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1754212248, - "narHash": "sha256-sbmTD2L72nbZPFMT/GTHFt9N8/9AFi23FBY25wrt7zM=", - "owner": "shazow", - "repo": "foundry.nix", - "rev": "b070c157f5dfcb4d67de1d1969668d6a633da652", - "type": "github" - }, - "original": { - "owner": "shazow", - "ref": "monthly", - "repo": "foundry.nix", - "type": "github" - } - }, "fromYaml": { "flake": false, "locked": { @@ -449,43 +363,20 @@ "gnome-shell": { "flake": false, "locked": { - "lastModified": 1748186689, - "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=", + "host": "gitlab.gnome.org", + "lastModified": 1767737596, + "narHash": "sha256-eFujfIUQDgWnSJBablOuG+32hCai192yRdrNHTv0a+s=", "owner": "GNOME", "repo": "gnome-shell", - "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0", - "type": "github" + "rev": "ef02db02bf0ff342734d525b5767814770d85b49", + "type": "gitlab" }, "original": { + "host": "gitlab.gnome.org", "owner": "GNOME", - "ref": "48.2", + "ref": "gnome-49", "repo": "gnome-shell", - "type": "github" - } - }, - "hercules-ci-effects": { - "inputs": { - "flake-parts": [ - "ethereum-nix", - "flake-parts" - ], - "nixpkgs": [ - "ethereum-nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1755233722, - "narHash": "sha256-AavrbMltJKcC2Fx0lfJoZfmy7g87ebXU0ddVenhajLA=", - "owner": "hercules-ci", - "repo": "hercules-ci-effects", - "rev": "99e03e72e3f7e13506f80ef9ebaedccb929d84d0", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "hercules-ci-effects", - "type": "github" + "type": "gitlab" } }, "home-manager": { @@ -495,11 +386,11 @@ ] }, "locked": { - "lastModified": 1756261190, - "narHash": "sha256-eiy0klFK5EVJLNilutR7grsZN/7Itj9DyD75eyOf83k=", + "lastModified": 1769699427, + "narHash": "sha256-dAQt3qXugGhg92A+jqaUcmH0elbgEN/mV4vy1+ohLZk=", "owner": "nix-community", "repo": "home-manager", - "rev": "77f348da3176dc68b20a73dab94852a417daf361", + "rev": "2a08ab21abc8b482f41c521b5f9b0df5b18a67eb", "type": "github" }, "original": { @@ -511,11 +402,11 @@ "homebrew-bun": { "flake": false, "locked": { - "lastModified": 1756122803, - "narHash": "sha256-ws8JQtm7BoA7Zx2zbCsMapfyqzCxuBnjdF23Gef5/eY=", + "lastModified": 1769683249, + "narHash": "sha256-gpeB7ityV7Nr0mYT+uXjmgT45bTG/nOH0KyZQaXxd9g=", "owner": "oven-sh", "repo": "homebrew-bun", - "rev": "fac54c7bc48bf285b1fd08487582526e059be64d", + "rev": "467bd9fc44e6714aa1d5e75c01e4cfb067b9f7c1", "type": "github" }, "original": { @@ -527,11 +418,11 @@ "homebrew-cask": { "flake": false, "locked": { - "lastModified": 1756326097, - "narHash": "sha256-KjjOy+bm6qnU3cpcf5vJKCBkJlVDOYXa0Vd5MF+L3JA=", + "lastModified": 1769714357, + "narHash": "sha256-LUQMkuRmtp/LtGtePWvkN9WYHdLBh6LHd/ibNHrXQDY=", "owner": "homebrew", "repo": "homebrew-cask", - "rev": "226ed4625d5ff8d29e9fc2ed6faf260c34848dbe", + "rev": "3765e4627b18a843f35201881728fd5ed6ca3baa", "type": "github" }, "original": { @@ -543,11 +434,11 @@ "homebrew-core": { "flake": false, "locked": { - "lastModified": 1756329258, - "narHash": "sha256-ifOeyHNZ02ZeTOLwRaQAHoRox9PCcs9+x9VZnWnvwD0=", + "lastModified": 1769711880, + "narHash": "sha256-EXjliTg+1G8mc70dD2BOq4zaCIGHlS3pDMlyEedY6Ew=", "owner": "homebrew", "repo": "homebrew-core", - "rev": "0bd7ebe0166eb3aeaa8d9b3323110432fd21f29b", + "rev": "f752456aa895e1db16e52d729f6736689c244a7e", "type": "github" }, "original": { @@ -601,11 +492,11 @@ ] }, "locked": { - "lastModified": 1755678602, - "narHash": "sha256-uEC5O/NIUNs1zmc1aH1+G3GRACbODjk2iS0ET5hXtuk=", + "lastModified": 1769284023, + "narHash": "sha256-xG34vwYJ79rA2wVC8KFuM8r36urJTG6/csXx7LiiSYU=", "owner": "hyprwm", "repo": "hyprgraphics", - "rev": "157cc52065a104fc3b8fa542ae648b992421d1c7", + "rev": "13c536659d46893596412d180449353a900a1d31", "type": "github" }, "original": { @@ -630,11 +521,11 @@ ] }, "locked": { - "lastModified": 1750621377, - "narHash": "sha256-8u6b5oAdX0rCuoR8wFenajBRmI+mzbpNig6hSCuWUzE=", + "lastModified": 1763733840, + "narHash": "sha256-JnET78yl5RvpGuDQy3rCycOCkiKoLr5DN1fPhRNNMco=", "owner": "hyprwm", "repo": "hyprgraphics", - "rev": "b3d628d01693fb9bb0a6690cd4e7b80abda04310", + "rev": "8f1bec691b2d198c60cccabca7a94add2df4ed1a", "type": "github" }, "original": { @@ -653,11 +544,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1756291201, - "narHash": "sha256-YzRWE3rCnsY0WDRJcn4KvyWUoe+5zdkUYNIaHGP9BZ4=", + "lastModified": 1766230298, + "narHash": "sha256-9Qg2/L69yghAH9KLjxOv/n7Sn5JSJDLGnQjJok4r3ZM=", "owner": "hyprwm", "repo": "hypridle", - "rev": "5430b73ddf148651bcf35fa39ed4d757c7534028", + "rev": "833eb85d05deb73ead48e57826e7385384fd55a6", "type": "github" }, "original": { @@ -671,22 +562,23 @@ "aquamarine": "aquamarine", "hyprcursor": "hyprcursor", "hyprgraphics": "hyprgraphics", + "hyprland-guiutils": "hyprland-guiutils", "hyprland-protocols": "hyprland-protocols_2", - "hyprland-qtutils": "hyprland-qtutils", "hyprlang": "hyprlang_2", "hyprutils": "hyprutils_2", "hyprwayland-scanner": "hyprwayland-scanner_2", + "hyprwire": "hyprwire", "nixpkgs": "nixpkgs_3", "pre-commit-hooks": "pre-commit-hooks", "systems": "systems_3", "xdph": "xdph" }, "locked": { - "lastModified": 1756325904, - "narHash": "sha256-sfE2ta6RgWpXuqh7UI+T9wFofp2X+AV4yD140P9s494=", + "lastModified": 1769694617, + "narHash": "sha256-h8+Wqc4x68mN2qOLX45HsO6Z4eQOfrdtSKiSzcBrCVg=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "378e130f1426648d8d734049800128f9882805bf", + "rev": "c92fb5e85f4a5fd3a0f5ffb5892f6a61cfe1be2b", "type": "github" }, "original": { @@ -695,131 +587,109 @@ "type": "github" } }, - "hyprland-plugins": { + "hyprland-guiutils": { "inputs": { - "hyprland": [ - "hyprland" + "aquamarine": [ + "hyprland", + "aquamarine" ], - "nixpkgs": [ - "hyprland-plugins", + "hyprgraphics": [ "hyprland", - "nixpkgs" + "hyprgraphics" ], - "systems": [ - "hyprland-plugins", + "hyprlang": [ "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1756325158, - "narHash": "sha256-aJ9jAYtZ64MWBpWPfH1q+t6U9b6kJWc2yK9Vrlj6fZY=", - "owner": "hyprwm", - "repo": "hyprland-plugins", - "rev": "bf843fc6adf90d43a5dd7742e9df61d395ba780d", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprland-plugins", - "type": "github" - } - }, - "hyprland-protocols": { - "inputs": { + "hyprlang" + ], + "hyprtoolkit": "hyprtoolkit", + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "hyprwayland-scanner": [ + "hyprland", + "hyprwayland-scanner" + ], "nixpkgs": [ - "hypridle", + "hyprland", "nixpkgs" ], "systems": [ - "hypridle", + "hyprland", "systems" ] }, "locked": { - "lastModified": 1749046714, - "narHash": "sha256-kymV5FMnddYGI+UjwIw8ceDjdeg7ToDVjbHCvUlhn14=", + "lastModified": 1767023960, + "narHash": "sha256-R2HgtVS1G3KSIKAQ77aOZ+Q0HituOmPgXW9nBNkpp3Q=", "owner": "hyprwm", - "repo": "hyprland-protocols", - "rev": "613878cb6f459c5e323aaafe1e6f388ac8a36330", + "repo": "hyprland-guiutils", + "rev": "c2e906261142f5dd1ee0bfc44abba23e2754c660", "type": "github" }, "original": { "owner": "hyprwm", - "repo": "hyprland-protocols", + "repo": "hyprland-guiutils", "type": "github" } }, - "hyprland-protocols_2": { + "hyprland-plugins": { "inputs": { + "hyprland": [ + "hyprland" + ], "nixpkgs": [ + "hyprland-plugins", "hyprland", "nixpkgs" ], "systems": [ + "hyprland-plugins", "hyprland", "systems" ] }, "locked": { - "lastModified": 1749046714, - "narHash": "sha256-kymV5FMnddYGI+UjwIw8ceDjdeg7ToDVjbHCvUlhn14=", + "lastModified": 1769285097, + "narHash": "sha256-eVD4U3Oqzz0VU9ylJ5wo76xDcYKv2CpiiRXq4Is4QdA=", "owner": "hyprwm", - "repo": "hyprland-protocols", - "rev": "613878cb6f459c5e323aaafe1e6f388ac8a36330", + "repo": "hyprland-plugins", + "rev": "06c0749a0dac978d89b1a76ae6adc76a3c15dbfa", "type": "github" }, "original": { "owner": "hyprwm", - "repo": "hyprland-protocols", + "repo": "hyprland-plugins", "type": "github" } }, - "hyprland-qt-support": { + "hyprland-protocols": { "inputs": { - "hyprlang": [ - "hyprland", - "hyprland-qtutils", - "hyprlang" - ], "nixpkgs": [ - "hyprland", - "hyprland-qtutils", + "hypridle", "nixpkgs" ], "systems": [ - "hyprland", - "hyprland-qtutils", + "hypridle", "systems" ] }, "locked": { - "lastModified": 1749154592, - "narHash": "sha256-DO7z5CeT/ddSGDEnK9mAXm1qlGL47L3VAHLlLXoCjhE=", + "lastModified": 1765214753, + "narHash": "sha256-P9zdGXOzToJJgu5sVjv7oeOGPIIwrd9hAUAP3PsmBBs=", "owner": "hyprwm", - "repo": "hyprland-qt-support", - "rev": "4c8053c3c888138a30c3a6c45c2e45f5484f2074", + "repo": "hyprland-protocols", + "rev": "3f3860b869014c00e8b9e0528c7b4ddc335c21ab", "type": "github" }, "original": { "owner": "hyprwm", - "repo": "hyprland-qt-support", + "repo": "hyprland-protocols", "type": "github" } }, - "hyprland-qtutils": { + "hyprland-protocols_2": { "inputs": { - "hyprland-qt-support": "hyprland-qt-support", - "hyprlang": [ - "hyprland", - "hyprlang" - ], - "hyprutils": [ - "hyprland", - "hyprland-qtutils", - "hyprlang", - "hyprutils" - ], "nixpkgs": [ "hyprland", "nixpkgs" @@ -830,16 +700,16 @@ ] }, "locked": { - "lastModified": 1753819801, - "narHash": "sha256-tHe6XeNeVeKapkNM3tcjW4RuD+tB2iwwoogWJOtsqTI=", + "lastModified": 1765214753, + "narHash": "sha256-P9zdGXOzToJJgu5sVjv7oeOGPIIwrd9hAUAP3PsmBBs=", "owner": "hyprwm", - "repo": "hyprland-qtutils", - "rev": "b308a818b9dcaa7ab8ccab891c1b84ebde2152bc", + "repo": "hyprland-protocols", + "rev": "3f3860b869014c00e8b9e0528c7b4ddc335c21ab", "type": "github" }, "original": { "owner": "hyprwm", - "repo": "hyprland-qtutils", + "repo": "hyprland-protocols", "type": "github" } }, @@ -859,11 +729,11 @@ ] }, "locked": { - "lastModified": 1749145882, - "narHash": "sha256-qr0KXeczF8Sma3Ae7+dR2NHhvG7YeLBJv19W4oMu6ZE=", + "lastModified": 1764612430, + "narHash": "sha256-54ltTSbI6W+qYGMchAgCR6QnC1kOdKXN6X6pJhOWxFg=", "owner": "hyprwm", "repo": "hyprlang", - "rev": "1bfb84f54d50c7ae6558c794d3cfd5f6a7e6e676", + "rev": "0d00dc118981531aa731150b6ea551ef037acddd", "type": "github" }, "original": { @@ -888,11 +758,11 @@ ] }, "locked": { - "lastModified": 1753622892, - "narHash": "sha256-0K+A+gmOI8IklSg5It1nyRNv0kCNL51duwnhUO/B8JA=", + "lastModified": 1767983607, + "narHash": "sha256-8C2co8NYfR4oMOUEsPROOJ9JHrv9/ktbJJ6X1WsTbXc=", "owner": "hyprwm", "repo": "hyprlang", - "rev": "23f0debd2003f17bd65f851cd3f930cff8a8c809", + "rev": "d4037379e6057246b408bbcf796cf3e9838af5b2", "type": "github" }, "original": { @@ -917,11 +787,11 @@ ] }, "locked": { - "lastModified": 1750371198, - "narHash": "sha256-/iuJ1paQOBoSLqHflRNNGyroqfF/yvPNurxzcCT0cAE=", + "lastModified": 1764612430, + "narHash": "sha256-54ltTSbI6W+qYGMchAgCR6QnC1kOdKXN6X6pJhOWxFg=", "owner": "hyprwm", "repo": "hyprlang", - "rev": "cee01452bca58d6cadb3224e21e370de8bc20f0b", + "rev": "0d00dc118981531aa731150b6ea551ef037acddd", "type": "github" }, "original": { @@ -940,11 +810,11 @@ "systems": "systems_4" }, "locked": { - "lastModified": 1756305651, - "narHash": "sha256-KttBtdPHDCuD+BT0da8DmBarv6k+9GA9INpeDLLgpc8=", + "lastModified": 1766230281, + "narHash": "sha256-Vk23viKuhcP5O5uIXXZopDZgd/TT5FgsfZ3ZoRp8k58=", "owner": "hyprwm", "repo": "hyprlock", - "rev": "8d0e56998e299ae42f3fd8ede5bb5c396193cdbc", + "rev": "ef3017f5efba0db0960474a74d519a19816057fb", "type": "github" }, "original": { @@ -953,6 +823,58 @@ "type": "github" } }, + "hyprtoolkit": { + "inputs": { + "aquamarine": [ + "hyprland", + "hyprland-guiutils", + "aquamarine" + ], + "hyprgraphics": [ + "hyprland", + "hyprland-guiutils", + "hyprgraphics" + ], + "hyprlang": [ + "hyprland", + "hyprland-guiutils", + "hyprlang" + ], + "hyprutils": [ + "hyprland", + "hyprland-guiutils", + "hyprutils" + ], + "hyprwayland-scanner": [ + "hyprland", + "hyprland-guiutils", + "hyprwayland-scanner" + ], + "nixpkgs": [ + "hyprland", + "hyprland-guiutils", + "nixpkgs" + ], + "systems": [ + "hyprland", + "hyprland-guiutils", + "systems" + ] + }, + "locked": { + "lastModified": 1764592794, + "narHash": "sha256-7CcO+wbTJ1L1NBQHierHzheQGPWwkIQug/w+fhTAVuU=", + "owner": "hyprwm", + "repo": "hyprtoolkit", + "rev": "5cfe0743f0e608e1462972303778d8a0859ee63e", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprtoolkit", + "type": "github" + } + }, "hyprutils": { "inputs": { "nixpkgs": [ @@ -965,11 +887,11 @@ ] }, "locked": { - "lastModified": 1749135356, - "narHash": "sha256-Q8mAKMDsFbCEuq7zoSlcTuxgbIBVhfIYpX0RjE32PS0=", + "lastModified": 1766160771, + "narHash": "sha256-roINUGikWRqqgKrD4iotKbGj3ZKJl3hjMz5l/SyKrHw=", "owner": "hyprwm", "repo": "hyprutils", - "rev": "e36db00dfb3a3d3fdcc4069cb292ff60d2699ccb", + "rev": "5ac060bfcf2f12b3a6381156ebbc13826a05b09f", "type": "github" }, "original": { @@ -990,11 +912,11 @@ ] }, "locked": { - "lastModified": 1756117388, - "narHash": "sha256-oRDel6pNl/T2tI+nc/USU9ZP9w08dxtl7hiZxa0C/Wc=", + "lastModified": 1766253372, + "narHash": "sha256-1+p4Kw8HdtMoFSmJtfdwjxM4bPxDK9yg27SlvUMpzWA=", "owner": "hyprwm", "repo": "hyprutils", - "rev": "b2ae3204845f5f2f79b4703b441252d8ad2ecfd0", + "rev": "51a4f93ce8572e7b12b7284eb9e6e8ebf16b4be9", "type": "github" }, "original": { @@ -1015,11 +937,11 @@ ] }, "locked": { - "lastModified": 1751061882, - "narHash": "sha256-g9n8Vrbx+2JYM170P9BbvGHN39Wlkr4U+V2WLHQsXL8=", + "lastModified": 1766160771, + "narHash": "sha256-roINUGikWRqqgKrD4iotKbGj3ZKJl3hjMz5l/SyKrHw=", "owner": "hyprwm", "repo": "hyprutils", - "rev": "4737241eaf8a1e51671a2a088518071f9a265cf4", + "rev": "5ac060bfcf2f12b3a6381156ebbc13826a05b09f", "type": "github" }, "original": { @@ -1040,11 +962,11 @@ ] }, "locked": { - "lastModified": 1749145760, - "narHash": "sha256-IHaGWpGrv7seFWdw/1A+wHtTsPlOGIKMrk1TUIYJEFI=", + "lastModified": 1763640274, + "narHash": "sha256-Uan1Nl9i4TF/kyFoHnTq1bd/rsWh4GAK/9/jDqLbY5A=", "owner": "hyprwm", "repo": "hyprwayland-scanner", - "rev": "817918315ea016cc2d94004bfb3223b5fd9dfcc6", + "rev": "f6cf414ca0e16a4d30198fd670ec86df3c89f671", "type": "github" }, "original": { @@ -1065,11 +987,11 @@ ] }, "locked": { - "lastModified": 1755184602, - "narHash": "sha256-RCBQN8xuADB0LEgaKbfRqwm6CdyopE1xIEhNc67FAbw=", + "lastModified": 1763640274, + "narHash": "sha256-Uan1Nl9i4TF/kyFoHnTq1bd/rsWh4GAK/9/jDqLbY5A=", "owner": "hyprwm", "repo": "hyprwayland-scanner", - "rev": "b3b0f1f40ae09d4447c20608e5a4faf8bf3c492d", + "rev": "f6cf414ca0e16a4d30198fd670ec86df3c89f671", "type": "github" }, "original": { @@ -1090,11 +1012,11 @@ ] }, "locked": { - "lastModified": 1750371869, - "narHash": "sha256-lGk4gLjgZQ/rndUkzmPYcgbHr8gKU5u71vyrjnwfpB4=", + "lastModified": 1763640274, + "narHash": "sha256-Uan1Nl9i4TF/kyFoHnTq1bd/rsWh4GAK/9/jDqLbY5A=", "owner": "hyprwm", "repo": "hyprwayland-scanner", - "rev": "aa38edd6e3e277ae6a97ea83a69261a5c3aab9fd", + "rev": "f6cf414ca0e16a4d30198fd670ec86df3c89f671", "type": "github" }, "original": { @@ -1103,16 +1025,45 @@ "type": "github" } }, + "hyprwire": { + "inputs": { + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1769202094, + "narHash": "sha256-gdJr/vWWLRW85ucatSjoBULPB2dqBJd/53CZmQ9t91Q=", + "owner": "hyprwm", + "repo": "hyprwire", + "rev": "a45ca05050d22629b3c7969a926d37870d7dd75c", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprwire", + "type": "github" + } + }, "nix-homebrew": { "inputs": { "brew-src": "brew-src" }, "locked": { - "lastModified": 1754250993, - "narHash": "sha256-MEin+qoQKtFC1b0f4tnQ+Z82BQWSCgh6Ef7rpmH9gig=", + "lastModified": 1769437432, + "narHash": "sha256-8d7KnCpT2LweRvSzZYEGd9IM3eFX+A78opcnDM0+ndk=", "owner": "zhaofengli", "repo": "nix-homebrew", - "rev": "314d057294e79bc2596972126b84c6f9f144499a", + "rev": "a5409abd0d5013d79775d3419bcac10eacb9d8c5", "type": "github" }, "original": { @@ -1181,15 +1132,15 @@ }, "nixos-wsl": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_2", "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1755261305, - "narHash": "sha256-EOqCupB5X5WoGVHVcfOZcqy0SbKWNuY3kq+lj1wHdu8=", + "lastModified": 1769217863, + "narHash": "sha256-RY9kJDXD6+2Td/59LkZ0PFSereCXHdBX9wIkbYjRKCY=", "owner": "nix-community", "repo": "NixOS-WSL", - "rev": "203a7b463f307c60026136dd1191d9001c43457f", + "rev": "38a5250e57f583662eac3b944830e4b9e169e965", "type": "github" }, "original": { @@ -1200,11 +1151,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1755615617, - "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", + "lastModified": 1769018530, + "narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "20075955deac2583bb12f07151c2df830ef346b4", + "rev": "88d3861acdd3d2f0e361767018218e51810df8a1", "type": "github" }, "original": { @@ -1214,60 +1165,13 @@ "type": "github" } }, - "nixpkgs-2311": { - "locked": { - "lastModified": 1701282334, - "narHash": "sha256-MxCVrXY6v4QmfTwIysjjaX0XUhqBbxTWWB4HXtDYsdk=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "057f9aecfb71c4437d2b27d3323df7f93c010b7e", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "23.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1754788789, - "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1755829505, - "narHash": "sha256-4/Jd+LkQ2ssw8luQVkqVs9spDBVE6h/u/hC/tzngsPo=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "f937f8ecd1c70efd7e9f90ba13dfb400cf559de4", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { - "lastModified": 1748929857, - "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", + "lastModified": 1766070988, + "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", + "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8", "type": "github" }, "original": { @@ -1279,11 +1183,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1756266583, - "narHash": "sha256-cr748nSmpfvnhqSXPiCfUPxRz2FJnvf/RjJGvFfaCsM=", + "lastModified": 1769461804, + "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8a6d5427d99ec71c64f0b93d45778c889005d9c2", + "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", "type": "github" }, "original": { @@ -1295,11 +1199,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1751011381, - "narHash": "sha256-krGXKxvkBhnrSC/kGBmg5MyupUUT5R6IBCLEzx9jhMM=", + "lastModified": 1766070988, + "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "30e2e2857ba47844aa71991daa6ed1fc678bcbb7", + "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8", "type": "github" }, "original": { @@ -1311,11 +1215,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1754725699, - "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=", + "lastModified": 1768564909, + "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054", + "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", "type": "github" }, "original": { @@ -1327,11 +1231,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1756266583, - "narHash": "sha256-cr748nSmpfvnhqSXPiCfUPxRz2FJnvf/RjJGvFfaCsM=", + "lastModified": 1769461804, + "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8a6d5427d99ec71c64f0b93d45778c889005d9c2", + "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", "type": "github" }, "original": { @@ -1343,11 +1247,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1744868846, - "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=", + "lastModified": 1769268028, + "narHash": "sha256-mAdJpV0e5IGZjnE4f/8uf0E4hQR7ptRP00gnZKUOdMo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c", + "rev": "ab9fbbcf4858bd6d40ba2bbec37ceb4ab6e1f562", "type": "github" }, "original": { @@ -1369,11 +1273,11 @@ ] }, "locked": { - "lastModified": 1751906969, - "narHash": "sha256-BSQAOdPnzdpOuCdAGSJmefSDlqmStFNScEnrWzSqKPw=", + "lastModified": 1767810917, + "narHash": "sha256-ZKqhk772+v/bujjhla9VABwcvz+hB2IaRyeLT6CFnT0=", "owner": "nix-community", "repo": "NUR", - "rev": "ddb679f4131e819efe3bbc6457ba19d7ad116f25", + "rev": "dead29c804adc928d3a69dfe7f9f12d0eec1f1a4", "type": "github" }, "original": { @@ -1384,7 +1288,7 @@ }, "pre-commit-hooks": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat", "gitignore": "gitignore", "nixpkgs": [ "hyprland", @@ -1392,11 +1296,11 @@ ] }, "locked": { - "lastModified": 1755960406, - "narHash": "sha256-RF7j6C1TmSTK9tYWO6CdEMtg6XZaUKcvZwOCD2SICZs=", + "lastModified": 1769069492, + "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "e891a93b193fcaf2fc8012d890dc7f0befe86ec2", + "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23", "type": "github" }, "original": { @@ -1429,18 +1333,18 @@ }, "snowfall-lib": { "inputs": { - "flake-compat": "flake-compat_4", + "flake-compat": "flake-compat_3", "flake-utils-plus": "flake-utils-plus", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1736130495, - "narHash": "sha256-4i9nAJEZFv7vZMmrE0YG55I3Ggrtfo5/T07JEpEZ/RM=", + "lastModified": 1765361626, + "narHash": "sha256-kX0Dp/kYSRbQ+yd9e3lmmUWdNbipufvKfL2IzbrSpnY=", "owner": "snowfallorg", "repo": "lib", - "rev": "02d941739f98a09e81f3d2d9b3ab08918958beac", + "rev": "c566ad8b7352c30ec3763435de7c8f1c46ebb357", "type": "github" }, "original": { @@ -1454,11 +1358,11 @@ "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1754988908, - "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", + "lastModified": 1769469829, + "narHash": "sha256-wFcr32ZqspCxk4+FvIxIL0AZktRs6DuF8oOsLt59YBU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", + "rev": "c5eebd4eb2e3372fe12a8d70a248a6ee9dd02eff", "type": "github" }, "original": { @@ -1474,7 +1378,7 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts", "gnome-shell": "gnome-shell", "nixpkgs": [ "nixpkgs" @@ -1488,11 +1392,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1755997543, - "narHash": "sha256-/fejmCQ7AWa655YxyPxRDbhdU7c5+wYsFSjmEMXoBCM=", + "lastModified": 1769696109, + "narHash": "sha256-6G7lwaKwbYSWW+80qsKfkEVEYeoWgEkhEvboCG2w3ak=", "owner": "danth", "repo": "stylix", - "rev": "f47c0edcf71e802378b1b7725fa57bb44fe85ee8", + "rev": "cb2e9c4fc23b4e73e4d77b9122d685896c042802", "type": "github" }, "original": { @@ -1627,11 +1531,11 @@ "tinted-schemes": { "flake": false, "locked": { - "lastModified": 1750770351, - "narHash": "sha256-LI+BnRoFNRa2ffbe3dcuIRYAUcGklBx0+EcFxlHj0SY=", + "lastModified": 1767710407, + "narHash": "sha256-+W1EB79Jl0/gm4JqmO0Nuc5C7hRdp4vfsV/VdzI+des=", "owner": "tinted-theming", "repo": "schemes", - "rev": "5a775c6ffd6e6125947b393872cde95867d85a2a", + "rev": "2800e2b8ac90f678d7e4acebe4fa253f602e05b2", "type": "github" }, "original": { @@ -1643,11 +1547,11 @@ "tinted-tmux": { "flake": false, "locked": { - "lastModified": 1751159871, - "narHash": "sha256-UOHBN1fgHIEzvPmdNMHaDvdRMgLmEJh2hNmDrp3d3LE=", + "lastModified": 1767489635, + "narHash": "sha256-e6nnFnWXKBCJjCv4QG4bbcouJ6y3yeT70V9MofL32lU=", "owner": "tinted-theming", "repo": "tinted-tmux", - "rev": "bded5e24407cec9d01bd47a317d15b9223a1546c", + "rev": "3c32729ccae99be44fe8a125d20be06f8d7d8184", "type": "github" }, "original": { @@ -1659,11 +1563,11 @@ "tinted-zed": { "flake": false, "locked": { - "lastModified": 1751158968, - "narHash": "sha256-ksOyv7D3SRRtebpXxgpG4TK8gZSKFc4TIZpR+C98jX8=", + "lastModified": 1767488740, + "narHash": "sha256-wVOj0qyil8m+ouSsVZcNjl5ZR+1GdOOAooAatQXHbuU=", "owner": "tinted-theming", "repo": "base16-zed", - "rev": "86a470d94204f7652b906ab0d378e4231a5b3384", + "rev": "11abb0b282ad3786a2aae088d3a01c60916f2e40", "type": "github" }, "original": { @@ -1680,11 +1584,11 @@ ] }, "locked": { - "lastModified": 1755934250, - "narHash": "sha256-CsDojnMgYsfshQw3t4zjRUkmMmUdZGthl16bXVWgRYU=", + "lastModified": 1768158989, + "narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "74e1a52d5bd9430312f8d1b8b0354c92c17453e5", + "rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca", "type": "github" }, "original": { @@ -1721,11 +1625,11 @@ ] }, "locked": { - "lastModified": 1755354946, - "narHash": "sha256-zdov5f/GcoLQc9qYIS1dUTqtJMeDqmBmo59PAxze6e4=", + "lastModified": 1761431178, + "narHash": "sha256-xzjC1CV3+wpUQKNF+GnadnkeGUCJX+vgaWIZsnz9tzI=", "owner": "hyprwm", "repo": "xdg-desktop-portal-hyprland", - "rev": "a10726d6a8d0ef1a0c645378f983b6278c42eaa0", + "rev": "4b8801228ff958d028f588f0c2b911dbf32297f9", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 8014eda..ce110a7 100644 --- a/flake.nix +++ b/flake.nix @@ -16,8 +16,6 @@ sops-nix.url = "github:Mic92/sops-nix"; - # headscale.url = "github:juanfont/headscale"; - stylix = { url = "github:danth/stylix"; inputs.nixpkgs.follows = "nixpkgs"; @@ -94,10 +92,6 @@ lib.mkFlake { src = ./.; - shells = { - default = "digits"; - }; - channels-config = { allowUnfree = true; permittedInsecurePackages = [ ]; @@ -119,7 +113,7 @@ ) ]; - systems.hosts.digibook.modules = with inputs; [ + systems.hosts.dbook.modules = with inputs; [ # # An existing Linux builder is needed to initially bootstrap `nix-rosetta-builder`. # # If one isn't already available: comment out the `nix-rosetta-builder` module below, # # uncomment this `linux-builder` module, and run `darwin-rebuild switch`: @@ -146,7 +140,46 @@ # Optional: Declarative tap management taps = { - # "oven-sh/bun" = homebrew-bun; + "oven-sh/homebrew-bun" = homebrew-bun; + "homebrew/homebrew-core" = homebrew-core; + "homebrew/homebrew-cask" = homebrew-cask; + }; + + # Optional: Enable fully-declarative tap management + # + # With mutableTaps disabled, taps can no longer be added imperatively with `brew tap`. + mutableTaps = false; + }; + } + ]; + + systems.hosts.mingabook.modules = with inputs; [ + # # An existing Linux builder is needed to initially bootstrap `nix-rosetta-builder`. + # # If one isn't already available: comment out the `nix-rosetta-builder` module below, + # # uncomment this `linux-builder` module, and run `darwin-rebuild switch`: + # { nix.linux-builder.enable = true; } + # # Then: uncomment `nix-rosetta-builder`, remove `linux-builder`, and `darwin-rebuild switch` + # # a second time. Subsequently, `nix-rosetta-builder` can rebuild itself. + nix-rosetta-builder.darwinModules.default + { + nix-rosetta-builder.enable = true; + # see available options in module.nix's `options.nix-rosetta-builder` + nix-rosetta-builder.onDemand = true; + } + nix-homebrew.darwinModules.nix-homebrew + { + nix-homebrew = { + # Install Homebrew under the default prefix + enable = true; + + # Apple Silicon Only: Also install Homebrew under the default Intel prefix for Rosetta 2 + enableRosetta = true; + + # User owning the Homebrew prefix + user = "darrenbangsund"; + + # Optional: Declarative tap management + taps = { "oven-sh/homebrew-bun" = homebrew-bun; "homebrew/homebrew-core" = homebrew-core; "homebrew/homebrew-cask" = homebrew-cask; diff --git a/homes/aarch64-darwin/arrayofone/default.nix b/homes/aarch64-darwin/arrayofone/default.nix new file mode 100644 index 0000000..64e823c --- /dev/null +++ b/homes/aarch64-darwin/arrayofone/default.nix @@ -0,0 +1,11 @@ +{ pkgs, ... }: +{ + fellowship.home.dev.enable = false; + + programs.zsh.envExtra = ""; + + home = { + packages = with pkgs; [ ]; + stateVersion = "24.05"; + }; +} diff --git a/homes/aarch64-darwin/darrenbangsund/default.nix b/homes/aarch64-darwin/darrenbangsund/default.nix new file mode 100644 index 0000000..8c41267 --- /dev/null +++ b/homes/aarch64-darwin/darrenbangsund/default.nix @@ -0,0 +1,23 @@ +{ ... }: +{ + # fellowship.home = { + # dev.enable = false; + # programs.zeditor = { + # nodePath = lib.getExe pkgs.nodejs_20; + # npmPath = lib.getExe' pkgs.nodejs_20 "npm"; + # }; + # }; + + programs.zsh.envExtra = '' + export NX_TUI=false + export NVM_DIR="$HOME/.nvm" + [ -s "$(brew --prefix nvm)/nvm.sh" ] && \. "$(brew --prefix nvm)/nvm.sh" + [ -s "$(brew --prefix nvm)/etc/bash_completion.d/nvm" ] && \. "$(brew --prefix nvm)/etc/bash_completion.d/nvm" + fastfetch + ''; + + home = { + # packages = with pkgs; [ ]; + stateVersion = "24.05"; + }; +} diff --git a/homes/aarch64-darwin/db/default.nix b/homes/aarch64-darwin/db/default.nix index 9ce7277..5468570 100644 --- a/homes/aarch64-darwin/db/default.nix +++ b/homes/aarch64-darwin/db/default.nix @@ -1,18 +1,20 @@ -{ pkgs, ... }: { - fellowship.home.dev.enable = true; + config, + lib, + pkgs, + ... +}: +{ + fellowship.home = { + dev.enable = true; + dev_modules.go.enable = lib.mkForce false; + dev_modules.flutter.enable = lib.mkForce false; + }; - programs.zsh.envExtra = '' - export JAVA_HOME="$(/usr/libexec/java_home -v 21)" - export GCP_ACCOUNT_EMAIL=darren@digits.com - export DIGITS_REPO_PATH=$HOME/digits - ''; + programs.zsh.envExtra = ''''; home = { - packages = with pkgs; [ - google-cloud-sdk - claude-code - ]; + packages = with pkgs; [ ]; stateVersion = "24.05"; }; } diff --git a/homes/x86_64-linux/arrayofone/default.nix b/homes/x86_64-linux/arrayofone/default.nix index 5c79743..e31c489 100644 --- a/homes/x86_64-linux/arrayofone/default.nix +++ b/homes/x86_64-linux/arrayofone/default.nix @@ -1,17 +1,17 @@ { pkgs, ... }: let - nixosVSCodeServer = { - url = "https://github.com/msteen/nixos-vscode-server/tarball/master"; - sha256 = "1rdn70jrg5mxmkkrpy2xk8lydmlc707sk0zb35426v1yxxka10by"; - }; + # nixosVSCodeServer = { + # url = "https://github.com/msteen/nixos-vscode-server/tarball/master"; + # sha256 = "1rdn70jrg5mxmkkrpy2xk8lydmlc707sk0zb35426v1yxxka10by"; + # }; in { imports = [ - "${fetchTarball nixosVSCodeServer}/modules/vscode-server/home.nix" + # "${fetchTarball nixosVSCodeServer}/modules/vscode-server/home.nix" ]; services = { - vscode-server.enable = true; + # vscode-server.enable = false; gpg-agent = { enable = true; pinentry.package = pkgs.pinentry-curses; @@ -31,7 +31,7 @@ in programs = { brave.enable = true; firefox.enable = true; - librewolf.enable = true; + librewolf.enable = false; dbeaver.enable = true; element.enable = true; gparted.enable = true; @@ -39,21 +39,55 @@ in postman.enable = true; slack.enable = true; tidal.enable = true; - webcord.enable = true; + webcord.enable = false; }; }; home.dev.enable = true; }; + stylix = { + cursor = { + package = pkgs.bibata-cursors; + name = "Bibata-Modern-Ice"; + size = 32; + }; + + icons = { + enable = true; + package = pkgs.papirus-icon-theme; + light = "Papirus-Light"; + dark = "Papirus-Dark"; + }; + }; + + programs.foot.enable = true; + home = { packages = with pkgs; [ + bibata-cursors clipse fontconfig - # nixd + neofetch + papirus-icon-theme pinentry-curses ]; + stylix = { + cursor = { + package = pkgs.bibata-cursors; + name = "Bibata-Modern-Ice"; + size = 32; + }; + + icons = { + enable = true; + package = pkgs.papirus-icon-theme; + light = "Papirus-Light"; + dark = "Papirus-Dark"; + }; + }; + stateVersion = "24.05"; }; } diff --git a/lib/module/default.nix b/lib/module/default.nix index b94c7f2..14333a9 100644 --- a/lib/module/default.nix +++ b/lib/module/default.nix @@ -60,4 +60,4 @@ rec { #@ false enable = false; }; -} \ No newline at end of file +} diff --git a/modules/darwin/core/default.nix b/modules/darwin/core/default.nix new file mode 100644 index 0000000..4bcd77a --- /dev/null +++ b/modules/darwin/core/default.nix @@ -0,0 +1,52 @@ +{ + config, + lib, + namespace, + pkgs, + ... +}: +{ + imports = [ + # ./dock.nix + # ./fonts.nix + # ./homebrew.nix + # ./secrets.nix + ]; + + options.${namespace}.system.name = lib.mkOption { + description = "The system name"; + type = lib.types.str; + default = ""; + }; + + # local.dock = { + # enable = true; + # dock.entries = [ + # { path = "/Applications/Slack.app/"; } + # { path = "/System/Applications/Messages.app/"; } + # { path = "/System/Applications/Facetime.app/"; } + # { path = "/Applications/Telegram.app/"; } + # { path = "${pkgs.alacritty}/Applications/Alacritty.app/"; } + # { path = "/System/Applications/Music.app/"; } + # { path = "/System/Applications/News.app/"; } + # { path = "/System/Applications/Photos.app/"; } + # { path = "/System/Applications/Photo Booth.app/"; } + # { path = "/System/Applications/TV.app/"; } + # { path = "${pkgs.jetbrains.phpstorm}/Applications/PhpStorm.app/"; } + # { path = "/Applications/TablePlus.app/"; } + # { path = "/Applications/Asana.app/"; } + # { path = "/Applications/Drafts.app/"; } + # { path = "/System/Applications/Home.app/"; } + # # { + # # path = "${config.users.users.${user}.home}/.local/share/"; + # # section = "others"; + # # options = "--sort name --view grid --display folder"; + # # } + # # { + # # path = "${config.users.users.${user}.home}/.local/share/downloads"; + # # section = "others"; + # # options = "--sort name --view grid --display stack"; + # # } + # ]; + # }; +} diff --git a/modules/darwin/core/dock.nix b/modules/darwin/core/dock.nix new file mode 100644 index 0000000..619c97d --- /dev/null +++ b/modules/darwin/core/dock.nix @@ -0,0 +1,95 @@ +{ + config, + pkgs, + lib, + ... +}: +with lib; +let + cfg = config.local.dock; + inherit (pkgs) stdenv dockutil; +in +{ + options = { + local.dock.enable = mkOption { + description = "Enable dock"; + default = stdenv.isDarwin; + example = false; + }; + + local.dock.entries = mkOption { + description = "Entries on the Dock"; + type = + with types; + listOf (submodule { + options = { + path = lib.mkOption { type = str; }; + section = lib.mkOption { + type = str; + default = "apps"; + }; + options = lib.mkOption { + type = str; + default = ""; + }; + }; + }); + readOnly = true; + }; + }; + + config = mkIf cfg.enable ( + let + normalize = path: if hasSuffix ".app" path then path + "/" else path; + entryURI = + path: + "file://" + + (builtins.replaceStrings + [ + " " + "!" + "\"" + "#" + "$" + "%" + "&" + "'" + "(" + ")" + ] + [ + "%20" + "%21" + "%22" + "%23" + "%24" + "%25" + "%26" + "%27" + "%28" + "%29" + ] + (normalize path) + ); + wantURIs = concatMapStrings (entry: "${entryURI entry.path}\n") cfg.entries; + createEntries = concatMapStrings ( + entry: + "${dockutil}/bin/dockutil --no-restart --add '${entry.path}' --section ${entry.section} ${entry.options}\n" + ) cfg.entries; + in + { + system.activationScripts.postUserActivation.text = '' + echo >&2 "Setting up the Dock..." + haveURIs="$(${dockutil}/bin/dockutil --list | ${pkgs.coreutils}/bin/cut -f2)" + if ! diff -wu <(echo -n "$haveURIs") <(echo -n '${wantURIs}') >&2 ; then + echo >&2 "Resetting Dock." + ${dockutil}/bin/dockutil --no-restart --remove all + ${createEntries} + killall Dock + else + echo >&2 "Dock setup complete." + fi + ''; + } + ); +} diff --git a/modules/darwin/core/fonts.nix b/modules/darwin/core/fonts.nix new file mode 100644 index 0000000..befe13a --- /dev/null +++ b/modules/darwin/core/fonts.nix @@ -0,0 +1,37 @@ +{ + lib, + pkgs, + ... +}: +{ + fonts = { + fontconfig = { + enable = true; + + defaultFonts = { + emoji = [ pkgs.noto-fonts-color-emoji.name ]; + serif = [ pkgs.nerd-fonts.ubuntu.name ]; + sansSerif = [ pkgs.nerd-fonts.ubuntu-sans.name ]; + monospace = [ pkgs.nerd-fonts.intone-mono.name ]; + }; + + hinting = { + autohint = true; + enable = true; + }; + }; + + packages = + with pkgs; + [ + dina-font + fontconfig + + noto-fonts + noto-fonts-color-emoji + + proggyfonts + ] + ++ builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts); + }; +} diff --git a/modules/darwin/core/secrets.nix b/modules/darwin/core/secrets.nix new file mode 100644 index 0000000..e5b21f4 --- /dev/null +++ b/modules/darwin/core/secrets.nix @@ -0,0 +1,28 @@ +{ + config, + inputs, + lib, + namespace, + ... +}: +{ + imports = [ inputs.sops-nix.darwinModules.sops ]; + + sops = { + defaultSopsFile = "${lib.snowfall.fs.get-file "secrets"}/${config.${namespace}.system.name}.yaml"; + validateSopsFiles = false; + age = { + sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + keyFile = "/var/lib/sops-nix/key.txt"; + generateKey = true; + }; + + secrets = { + "vpn/wg/endpoint" = { }; + "vpn/wg/endpoint-ip" = { }; + "vpn/wg/endpoint-ip-port" = { }; + "vpn/wg/port" = { }; + "vpn/wg/privateKey" = { }; + }; + }; +} diff --git a/modules/darwin/networking/wg/default.nix b/modules/darwin/networking/wg/default.nix new file mode 100644 index 0000000..3b9aa07 --- /dev/null +++ b/modules/darwin/networking/wg/default.nix @@ -0,0 +1,88 @@ +{ + lib, + config, + namespace, + ... +}: +{ + options.${namespace}.networking.wireguard.server = { + enable = lib.mkEnableOption "enable wireguard server"; + interface = lib.mkOption { + description = "WireGuard interface name"; + type = lib.types.str; + default = "wg0"; + }; + ips = lib.mkOption { + description = "IP addresses and subnets for the WireGuard interface"; + type = lib.types.listOf lib.types.str; + default = [ "10.20.0.2/24" ]; + }; + privateKeyFile = lib.mkOption { + description = "Path to the private key file"; + type = lib.types.nullOr lib.types.path; + }; + peers = lib.mkOption { + description = "WireGuard peers configuration"; + type = lib.types.listOf ( + lib.types.submodule { + options = { + publicKey = lib.mkOption { + description = "Public key of the peer"; + type = lib.types.nullOr lib.types.str; + default = null; + }; + allowedIPs = lib.mkOption { + description = "Allowed IP addresses for this peer"; + type = lib.types.listOf lib.types.str; + default = [ "0.0.0.0/0" ]; + }; + endpoint = lib.mkOption { + description = "Endpoint address and port"; + type = lib.types.nullOr lib.types.str; + }; + persistentKeepalive = lib.mkOption { + description = "Keepalive interval in seconds"; + type = lib.types.nullOr lib.types.int; + default = 25; + }; + }; + } + ); + default = [ { } ]; + }; + }; + + config = lib.mkIf config.${namespace}.networking.wireguard.server.enable { + # enable NAT + # networking.nat.enable = true; + # networking.nat.externalInterface = + # config.${namespace}.networking.wireguard.server.externalInterface; # "enp42s0" + # networking.nat.internalInterfaces = [ "wg0" ]; + + # networking.firewall = { + # enable = lib.mkForce false; + # allowedUDPPorts = [ config.${namespace}.networking.wireguard.server.port ]; + # }; + + networking.wg-quick.interfaces = { + ${config.${namespace}.networking.wireguard.server.interface} = { + address = config.${namespace}.networking.wireguard.server.ips; + dns = [ "9.9.9.9" ]; + privateKeyFile = config.${namespace}.networking.wireguard.server.privateKeyFile; + + peers = map ( + peer: + { + publicKey = peer.publicKey; + allowedIPs = peer.allowedIPs; + endpoint = peer.endpoint; + persistentKeepalive = peer.persistentKeepalive; + } + // lib.optionalAttrs (peer.publicKey != null) { inherit (peer) publicKey; } + // lib.optionalAttrs (peer.endpoint != null) { inherit (peer) endpoint; } + // lib.optionalAttrs (peer.persistentKeepalive != null) { inherit (peer) persistentKeepalive; } + ) config.${namespace}.networking.wireguard.server.peers; + }; + }; + }; +} diff --git a/modules/home/core/default.nix b/modules/home/core/default.nix index ec80159..a6a44ac 100644 --- a/modules/home/core/default.nix +++ b/modules/home/core/default.nix @@ -1,63 +1,86 @@ { + namespace, pkgs, ... }: { imports = [ - ./editor.nix + # ./editor.nix ./env.nix ./fonts.nix + ./git.nix ./secrets.nix ./shell.nix + ./ssh.nix ./theme.nix + ./zeditor.nix ]; - home.packages = with pkgs; [ - age - bash - bat - btop - gcc - gh - git - gnupg - gnumake - htop - jq - lf - lsof - neofetch - neovim - netcat - openssl - protols - ripgrep - sops - tmux - vim-full - wget - wireguard-tools - zellij + home.file.".zed_server" = { + source = "${pkgs.zed-editor.remote_server}/bin"; + recursive = true; + }; - # TODO: are these needed for all systems? - probably not - awscli2 - docker - docker-compose - emacs - k9s - kotlin-language-server - kubectl - kubectx - kubernetes-helm - lazydocker - lazysql - minikube - nil - nixfmt-rfc-style - oxker - podman - podman-compose - podman-tui - protobuf - ]; + home.packages = + with pkgs; + [ + age + alacritty + bash + bat + btop + claude-code + claude-monitor + docker + docker-compose + gcc + gemini-cli + gh + git + gnupg + gnumake + go-task + google-cloud-sdk + htop + jq + k9s + kitty + kubectl + kubectx + kubernetes-helm + lf + lsof + fastfetch + lazycli + lazydocker + lazygit + lazyjournal + lazynpm + lazysql + lazyssh + lazyworktree + minikube + neovim + netcat + nixd + nixfmt + openssl + podman + podman-compose + podman-tui + protobuf + protols + ripgrep + sops + tmux + unzip + vim-full + wget + wireguard-tools + zellij + zip + ] + ++ [ + pkgs.${namespace}.sys + ]; } diff --git a/modules/home/core/editor.nix b/modules/home/core/editor.nix index d56b7c4..ab26b54 100644 --- a/modules/home/core/editor.nix +++ b/modules/home/core/editor.nix @@ -4,9 +4,13 @@ ... }: { + sessionVariables = { + EDITOR = "zeditor"; + }; + programs = { vscode = { - enable = true; + enable = false; package = pkgs.vscode; profiles.default = { @@ -156,7 +160,6 @@ }; "editor.suggestSelection" = "first"; - "editor.fontFamily" = "Intel One Mono"; "editor.fontLigatures" = true; "editor.wordWrap" = "on"; "editor.tabSize" = 2; @@ -365,8 +368,8 @@ }; node = { - path = lib.getExe pkgs.nodejs; - npm_path = lib.getExe' pkgs.nodejs "npm"; + path = "/run/current-system/sw/bin/node"; + npm_path = "/run/current-system/sw/bin/npm"; }; hour_format = "hour24"; diff --git a/modules/home/core/env.nix b/modules/home/core/env.nix index 92ac9c3..09de286 100644 --- a/modules/home/core/env.nix +++ b/modules/home/core/env.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, lib, ... }: { home = { sessionVariables = { @@ -9,8 +9,10 @@ # read secrets into env at runtime to prevent embedding # secrets into the build as sessionVariables does programs.zsh = { - initContent = '' - export ANTHROPIC_API_KEY=$(cat ${config.sops.secrets."ai/anthropic/api-key".path}) + initContent = lib.optionalString (builtins.hasAttr "ai/anthropic/api-key" config.sops.secrets) '' + if [ -f "${config.sops.secrets."ai/anthropic/api-key".path}" ]; then + export ANTHROPIC_API_KEY=$(cat "${config.sops.secrets."ai/anthropic/api-key".path}") + fi ''; }; } diff --git a/modules/home/core/fonts.nix b/modules/home/core/fonts.nix index b2a0db0..ea4b081 100644 --- a/modules/home/core/fonts.nix +++ b/modules/home/core/fonts.nix @@ -3,22 +3,20 @@ ... }: { - home.packages = with pkgs; [ - fontconfig - nerd-fonts.intone-mono - nerd-fonts.ubuntu - nerd-fonts.ubuntu-mono - nerd-fonts.ubuntu-sans - nerd-fonts.liberation - ]; + fonts = { + fontconfig = { + enable = true; - # fonts = { - # fontconfig = { - # enable = true; - # defaultFonts = { - # sansSerif = [ pkgs.nerd-fonts.ubuntu.name ]; - # monospace = [ pkgs.nerd-fonts.ubuntu-mono.name ]; - # }; - # }; - # }; + defaultFonts = { + emoji = [ pkgs.noto-fonts-color-emoji.name ]; + serif = [ pkgs.nerd-fonts.ubuntu.name ]; + sansSerif = [ pkgs.nerd-fonts.ubuntu-sans.name ]; + monospace = [ pkgs.nerd-fonts.intone-mono.name ]; + }; + + hinting = "full"; + + # subpixelRendering = "rgb"; + }; + }; } diff --git a/modules/home/core/git.nix b/modules/home/core/git.nix new file mode 100644 index 0000000..a37453f --- /dev/null +++ b/modules/home/core/git.nix @@ -0,0 +1,34 @@ +{ ... }: +{ + programs.git = { + enable = true; + includes = [ + { + condition = "gitdir:~/projects/personal/"; + contents = { + "user" = { + email = "11287980+arrayofone@users.noreply.github.com"; + name = "arrayofone"; + }; + }; + } + { + condition = "gitdir:~/projects/work/"; + contents = { + "user" = { + email = "254569348+darrenminga@users.noreply.github.com"; + name = "darrenminga"; + }; + }; + } + ]; + settings = { + "commit" = { + gpgsign = true; + }; + "tag" = { + gpgsign = true; + }; + }; + }; +} diff --git a/modules/home/core/secrets.nix b/modules/home/core/secrets.nix index ee0eaff..83a1286 100644 --- a/modules/home/core/secrets.nix +++ b/modules/home/core/secrets.nix @@ -2,8 +2,6 @@ config, inputs, lib, - namespace, - pkgs, ... }: let @@ -16,7 +14,7 @@ in # age.keyFile = "/home/${config.snowfallorg.user.name}/.age-key.txt"; # must have no password! # It's also possible to use a ssh key, but only when it has no password: age.sshKeyPaths = [ "/home/${config.snowfallorg.user.name}/.ssh/sops-nix" ]; - defaultSopsFile = "${secrets}/${namespace}.yaml"; + defaultSopsFile = "${secrets}/${config.snowfallorg.user.name}.yaml"; # secrets.test = { # # sopsFile = ./secrets.yml.enc; # optionally define per-secret files @@ -32,8 +30,12 @@ in "git/gh/ssh-private" = { }; "git/gh/ssh-public" = { }; "ai/anthropic/api-key" = { }; + "ai/gemini/api-key" = { }; }; }; + # export GEMINI_API_KEY="$(cat ${config.sops.secrets."ai/gemini/api-key".path})" + programs.zsh.initContent = ""; + systemd.user.services.mbsync.unitConfig.After = [ "sops-nix.service" ]; } diff --git a/modules/home/core/shell.nix b/modules/home/core/shell.nix index d2f444e..0b8ab18 100644 --- a/modules/home/core/shell.nix +++ b/modules/home/core/shell.nix @@ -26,7 +26,7 @@ golang = { symbol = ""; style = "bg:#212736"; - format = ''[[ $symbol ($version) ](fg:#769ff0 bg:#212736)]($style)''; + format = "[[ $symbol ($version) ](fg:#769ff0 bg:#212736)]($style)"; }; }; }; @@ -49,11 +49,11 @@ # strategy }; # cdpath - completionInit = "autoload -U compinit && compinit -i"; + # completionInit = "autoload -U compinit && compinit -i"; # defaultKeymap # dirHashes dotDir = config.home.homeDirectory + "/.config/zsh"; - envExtra = ''''; + envExtra = ""; history = { append = true; expireDuplicatesFirst = true; @@ -71,14 +71,14 @@ }; historySubstringSearch = { enable = true; - # searchDownKey - # searchUpKey + # searchDownKey = "$key[Down]"; + # searchUpKey = "$key[Up]"; }; + # initcontent + # export LANG=C.UTF-8 initContent = '' export PATH=$PATH:~/go/bin - export LANG=C.UTF-8 ZLE_PROMPT_INDENT=0 - autopair-init ''; # localVariables @@ -89,10 +89,7 @@ # package # custom # extraConfig - plugins = [ - "history" - "sudo" - ]; + plugins = [ ]; # theme = "half-life"; }; plugins = [ @@ -107,17 +104,6 @@ file = "formarks.plugin.zsh"; } - { - name = "zsh-syntax-highlighting"; - src = pkgs.fetchFromGitHub { - owner = "zsh-users"; - repo = "zsh-syntax-highlighting"; - rev = "0.8.0"; - hash = "sha256-iJdWopZwHpSyYl5/FQXEW7gl/SrKaYDEtTH9cGP7iPo="; - }; - file = "zsh-syntax-highlighting.zsh"; - } - { name = "zsh-completions"; src = pkgs.fetchFromGitHub { @@ -128,16 +114,6 @@ }; } - { - name = "zsh-history-substring-search"; - src = pkgs.fetchFromGitHub { - owner = "zsh-users"; - repo = "zsh-history-substring-search"; - rev = "400e58a"; - hash = "sha256-GSEvgvgWi1rrsgikTzDXokHTROoyPRlU0FVpAoEmXG4="; - }; - } - { name = "zsh-nix-shell"; file = "nix-shell.plugin.zsh"; @@ -171,81 +147,81 @@ file = "autopair.zsh"; } ]; - prezto = { - enable = false; - # package - autosuggestions = { - # color - }; - # caseSensitive - # color - completions = { - # ignoredHosts - }; - editor = { - # dotExpansion - # keymap - # promptContext - }; - # extraConfig - # extraFunctions - # extraModules - git = { - # submoduleIgnore - }; - gnuUtility = { - # prefix - }; - historySubstring = { - # foundColor - # globbingFlags - # notFoundColor - }; - macOS = { - # dashKeyword - }; - # pmoduleDirs - # pmodules - prompt = { - # pwdLength - # showReturnVal - # theme - }; - python = { - # virtualenvAutoSwitch - # virtualenvInitialize - }; - ruby = { - # chrubyAutoSwitch - }; - screen = { - # autoStartLocal - # autoStartRemote - }; - ssh = { - # identities - }; - syntaxHighlighting = { - # highlighters - # pattern - # styles - }; - terminal = { - # autoTitle - # multiplexerTitleFormat - # tabTitleFormat - # windowTitleFormat - }; - tmux = { - # autoStartLocal - # autoStartRemote - # defaultSessionName - # itermIntegration - }; - utility = { - # safeOps - }; - }; + # prezto = { + # enable = false; + # # package + # autosuggestions = { + # # color + # }; + # # caseSensitive + # # color + # completions = { + # # ignoredHosts + # }; + # editor = { + # # dotExpansion + # # keymap + # # promptContext + # }; + # # extraConfig + # # extraFunctions + # # extraModules + # git = { + # # submoduleIgnore + # }; + # gnuUtility = { + # # prefix + # }; + # historySubstring = { + # # foundColor + # # globbingFlags + # # notFoundColor + # }; + # macOS = { + # # dashKeyword + # }; + # # pmoduleDirs + # # pmodules + # prompt = { + # # pwdLength + # # showReturnVal + # # theme + # }; + # python = { + # # virtualenvAutoSwitch + # # virtualenvInitialize + # }; + # ruby = { + # # chrubyAutoSwitch + # }; + # screen = { + # # autoStartLocal + # # autoStartRemote + # }; + # ssh = { + # # identities + # }; + # syntaxHighlighting = { + # # highlighters + # # pattern + # # styles + # }; + # terminal = { + # # autoTitle + # # multiplexerTitleFormat + # # tabTitleFormat + # # windowTitleFormat + # }; + # tmux = { + # # autoStartLocal + # # autoStartRemote + # # defaultSessionName + # # itermIntegration + # }; + # utility = { + # # safeOps + # }; + # }; # profileExtra # sessionVariables shellAliases = { @@ -310,13 +286,13 @@ csys = "c ~/.sys"; }; # shellGlobalAliases - # syntaxHighlighting = { - # enable - # package - # highlighters - # patterns - # styles - # }; + syntaxHighlighting = { + enable = true; + # package + # highlighters + # patterns + # styles + }; # zplug = { # enable # plugins = { diff --git a/modules/home/core/ssh.nix b/modules/home/core/ssh.nix new file mode 100644 index 0000000..67a0992 --- /dev/null +++ b/modules/home/core/ssh.nix @@ -0,0 +1,35 @@ +{ ... }: +{ + programs.ssh = { + enable = true; + enableDefaultConfig = false; + matchBlocks = { + personal = { + host = "github.com"; + hostname = "github.com"; + user = "git"; + identitiesOnly = true; + identityFile = "~/.ssh/gh-personal"; + }; + work = { + host = "gitwork"; + hostname = "github.com"; + user = "git"; + identitiesOnly = true; + identityFile = "~/.ssh/gh-work"; + }; + "*" = { + forwardAgent = false; + addKeysToAgent = "no"; + compression = false; + serverAliveInterval = 0; + serverAliveCountMax = 3; + hashKnownHosts = false; + userKnownHostsFile = "~/.ssh/known_hosts"; + controlMaster = "no"; + controlPath = "~/.ssh/master-%r@%n:%p"; + controlPersist = "no"; + }; + }; + }; +} diff --git a/modules/home/core/theme.nix b/modules/home/core/theme.nix index 248e030..99024d7 100644 --- a/modules/home/core/theme.nix +++ b/modules/home/core/theme.nix @@ -1,72 +1,87 @@ { - host, + inputs, lib, pkgs, - inputs, ... }: { imports = [ inputs.stylix.homeModules.stylix ]; + home.packages = [ + pkgs.font-awesome + ]; + stylix = { enable = true; autoEnable = true; - base16Scheme = ./theme/base16/catppuccin/mocha.yaml; - cursor = { - package = pkgs.bibata-cursors; - name = "Bibata-Original-Ice"; - size = 24; + + opacity = { + applications = 0.95; + desktop = 1.0; + popups = 0.95; + terminal = 0.95; }; + base16Scheme = ./theme/base16/catppuccin/macciato.yaml; + fonts = { monospace = { - package = pkgs.intel-one-mono; - name = "Intel One Mono"; + name = "IntoneMono Nerd Font Mono"; + package = lib.mkDefault pkgs.nerd-fonts.intone-mono; }; + sansSerif = { - package = pkgs.ubuntu_font_family; name = "Ubuntu"; + package = pkgs.ubuntu-classic; }; + serif = { - package = pkgs.ubuntu_font_family; name = "Ubuntu"; + package = pkgs.ubuntu-classic; }; + emoji = { - package = pkgs.noto-fonts-emoji; name = "Noto Color Emoji"; + package = pkgs.noto-fonts-color-emoji; }; + sizes = { applications = 12; - desktop = 10; - popups = 10; + desktop = 12; + popups = 12; terminal = 12; }; }; - iconTheme = lib.mkIf (builtins.elem host pkgs.papirus-icon-theme.meta.platforms) { - enable = true; - package = pkgs.papirus-icon-theme; - light = "Papirus-Light"; - dark = "Papirus-Dark"; - }; + # override = { + # base00 = "1e1e2e"; # base - Catppuccin Mocha + # base01 = "181825"; # mantle + # base02 = "313244"; # surface0 + # base03 = "45475a"; # surface1 + # base04 = "585b70"; # surface2 + # base05 = "cdd6f4"; # text + # base06 = "f5e0dc"; # rosewater + # base07 = "b4befe"; # lavender + # base08 = "f38ba8"; # red + # base09 = "fab387"; # peach + # base0A = "f9e2af"; # yellow + # base0B = "a6e3a1"; # green + # base0C = "94e2d5"; # teal + # base0D = "89b4fa"; # blue + # base0E = "cba6f7"; # mauve + # base0F = "f2cdcd"; # flamingo + # }; image = ./theme/wallpapers/rx7.png; polarity = "dark"; - targets = { - kitty.enable = false; - waybar.enable = true; - hyprlock.enable = false; - neovim.enable = false; - - zed.enable = false; - vscode.profileNames = [ "default" ]; + targets = { + # vscode.profileNames = [ "default" ]; firefox.profileNames = [ "default" ]; librewolf.profileNames = [ "default" ]; - - # cavalier.enable = false; + zed.enable = false; }; }; } diff --git a/modules/home/core/zeditor.nix b/modules/home/core/zeditor.nix new file mode 100644 index 0000000..8f81a51 --- /dev/null +++ b/modules/home/core/zeditor.nix @@ -0,0 +1,1201 @@ +{ + lib, + namespace, + pkgs, + ... +}: +{ + programs.zed-editor = { + enable = true; + package = pkgs.zed-editor; + installRemoteServer = true; + extraPackages = [ + pkgs.biome + pkgs.nixd + pkgs.package-version-server + pkgs.rust-analyzer + ]; + + themes = { }; + userKeymaps = [ ]; + userTasks = [ ]; + + # Extensions organized by category + extensions = [ + # Icons + "bearded-icon-theme" + "catppuccin-icons" + "charmed-icons" + "chawyehsu-vscode-icons" + "clean-vscode-icons" + "colored-zed-icons-theme" + "icons-modern-material" + "jetbrains-icons" + "jetbrains-new-ui-icons" + "material-icon-theme" + "modern-icons" + "monospace-icon-theme" + "openmoji-icons" + "phosphor-icons-theme" + "seti-icons" + "symbols" + "vscode-icons" + "vscode-great-icons" + + # Language Support + "assembly" + "biome" + "csv" + "dart" + "deno" + "flatbuffers" + "graphql" + "html" + "ini" + "java" + "kotlin" + "nix" + "plantuml" + "proto" + "sql" + "toml" + "xml" + "zig" + + # Development Tools + "docker-compose" + "dockerfile" + "git-firefly" + "golangci-lint" + "helm" + "http" + "make" + "nginx" + "terraform" + "tmux" + + # Utilities + "brainfuck" + "log" + "mermaid" + "perplexity" + + # Themes + "0x96f" + "0xtz" + "1984-theme" + "adaltas-theme" + "adech" + "adwaita" + "adwaita-pastel" + "aesthetic-theme" + "alabaster" + "alabaster-dark" + "amber-monochrome-monitor-crt-phosphor" + "andromeda" + "anthracite-theme" + "anya" + "anysphere-theme" + "apisartisan" + "aquarium-theme" + "arctic-depth" + "ariake" + "asteroid" + "atomize" + "axolosin" + "aylin-theme" + "aystra" + "ayu-darker" + "azutiku-theme" + "bamboo-theme" + "barbenheimer" + "base16" + "batman" + "beanseeds-pro" + "bearded" + "becker-theme" + "blackfox" + "blackrain-theme" + "blackula" + "blade-runner-2049" + "blanche" + "blankeos-zen" + "blinds-theme" + "bluloco-theme" + "brook-code-theme" + "bubblegum" + "call-trans-opt-received" + "catbox" + "catppuccin" + "catppuccin-blur" + "catppuccin-blur-plus" + "chai-theme" + "chanterelle" + "chaos-theory-theme" + "chatgpt" + "chocolate" + "cisco-theme" + "city-lights" + "claude-code-inspired-dark" + "cobalt2" + "codely-theme" + "codesandbox-theme" + "codestackr" + "colorizer" + "cosmos" + "crimson-theme" + "crystal-theme" + "cursor" + "cyan-light-theme" + "darcula-dark" + "darcula-dark-okkano" + "dark-discord" + "dark-material-dracula" + "dark-pop-ui" + "darker-horizon" + "darkmatter-theme" + "day-shift" + "decorative-stitch" + "denix" + "dogi" + "dracula" + "dram" + "dream" + "dune-theme" + "eiffel-theme" + "elderberry" + "ember-theme" + "emerald-night" + "everforest" + "everforest-theme" + "evil-rabbit-theme" + "exquisite" + "eyecandy" + "ezio-theme" + "flat-theme" + "fleet-themes" + "fleeting-theme" + "fleury" + "flexoki-themes" + "focus-theme" + "forest-night" + "frosted-theme" + "gafelson" + "gentle-dark" + "github-classic" + "github-copilot-theme" + "github-dark-default" + "github-monochrome-theme" + "github-plus-theme" + "github-theme" + "glazier" + "gleam-theme" + "graphene" + "green-monochrome-monitor-crt-phosphor" + "grey-theme" + "gruber-darker" + "gruber-flavors" + "gruvbox-baby" + "gruvbox-crisp-themes" + "gruvbox-ish" + "gruvbox-material" + "gruvchad" + "hacker-night-vision" + "hacker-theme" + "haku-dark-theme" + "halcyon" + "hami-melon-theme" + "hex-light-theme" + "hivacruz-theme" + "horizon" + "horizon-extended" + "hot-dog-stand" + "ibm-5151" + "iceberg" + "iceicebergy" + "indigo" + "intellij-newui-theme" + "ir-black" + "jellybeans-vim" + "jetbrains-darcula-theme-by-bronya0" + "jetbrains-rider" + "jetbrains-themes" + "kanagawa-themes" + "kanso" + "kiro" + "kiselevka" + "ktrz-monokai" + "kubesong" + "leblackque" + "lights-out" + "lonely-planet" + "lotus-theme" + "lusch-theme" + "lydia" + "macos-classic" + "malibu" + "maple-theme" + "marble" + "mariana-theme" + "marine-dark" + "martianized" + "material-dark" + "material-theme" + "matte-black" + "mau" + "maya" + "melange" + "mellow" + "min-theme" + "min-theme-plus" + "mint-theme" + "mnemonic" + "modest-dark" + "modus-themes" + "molten-theme" + "monokai-nebula" + "monokai-night" + "monokai-og" + "monokai-reversed" + "monokai-vibrant-amped" + "monolith" + "monosami" + "monospace-theme" + "moonlight" + "mosel" + "msun-dark" + "muted" + "nanowise" + "napalm" + "nebula-pulse" + "neo-brutalism" + "neon-cyberpunk" + "neon-pulse-theme" + "neosolarized" + "neovim-default" + "neutral-theme" + "new-darcula" + "night-owlz" + "night-shift" + "nightfox" + "nightfox-m" + "nixdorf-8870" + "nobin-theme" + "noctis-port" + "noir-and-blanc-theme" + "nord" + "nordic-nvim-theme" + "nordic-theme" + "norrsken" + "not-material-theme" + "nstlgy-dark" + "nuisance" + "nvim-nightfox" + "nyxvamp-theme" + "oasis" + "obsidian-sunset" + "ocean-dark-motifs" + "oceanic-next" + "oh-lucy" + "oldbook-theme" + "one-black-theme" + "one-dark-darkened" + "one-dark-extended" + "one-dark-flat" + "one-dark-pro" + "one-dark-pro-max" + "one-dark-pro-monokai-darker" + "one-hunter" + "one-thing-theme" + "onurb" + "oolong" + "oscura" + "outrun" + "oxocarbon" + "palenight" + "panda-theme" + "papercolor" + "paraiso" + "penumbra" + "penumbra-plus" + "perfect-dusk" + "phine-theme" + "pinata-theme" + "plato-themes" + "poimandres" + "polar-theme" + "popping-and-locking" + "purr" + "quiet-light-theme" + "quill" + "railscast" + "rainbow" + "replicant" + "retrofit-theme" + "rich-vesper" + "rose-pine-theme" + "rosevin" + "rust-rover-dark-theme" + "s-dark-theme" + "sequoia" + "serendipity" + "severance-theme" + "shades-of-purple-theme" + "short-giraffe-theme" + "simple-darker" + "siri" + "sitruuna" + "sl4y-theme" + "slate" + "smooth" + "snazzy" + "snow-fox-theme" + "snowfall" + "snowflake" + "solarized" + "solarized-fp" + "sonokai" + "spai-zero-theme" + "spiceflow-theme" + "srcery" + "struct-theme" + "sublime-mariana-theme" + "subliminal-nightfall" + "sumi-light" + "sunset-drive" + "supaglass" + "supergreatmonokai" + "syntax" + "synthwave" + "synthwave-alpha-theme" + "t3-theme" + "tailwind-theme" + "tanuki" + "terrible-theme" + "the-best-theme" + "the-dark-side" + "theme-lince" + "tm-twilight" + "tokyo-night" + "tomorrow-min-theme" + "tomorrow-night-burns-theme" + "tomorrow-theme" + "tron-legacy" + "tsar" + "tsarcasm" + "twilight" + "ultimate-dark-neo" + "umbralkai" + "underground-theme" + "unoflat" + "v0-theme" + "vague" + "vapor-theme" + "vercel-theme" + "vesper" + "vim-theme" + "vintergata" + "visual-assist-dark" + "vitesse" + "vitesse-theme-refined" + "vscode-classic-theme" + "vscode-dark-high-contrast" + "vscode-dark-modern" + "vscode-dark-plus" + "vscode-dark-polished" + "vscode-light-plus" + "vscode-monokai-charcoal" + "vue-theme" + "vynora" + "wakfu-theme" + "warp-one-dark" + "xcode-themes" + "xy-zed" + "yaka" + "yamura" + "yellowed" + "yue-theme" + "yugen" + "zed-legacy-themes" + "zedburn" + "zedokai" + "zedokai-darkest-machine" + "zedrack-theme" + "zedspace" + "zedwaita" + "zen" + "zen-abyssal" + "zero-trust-theme" + "zoegi-theme" + ]; + + userSettings = { + active_pane_modifiers = { + border_size = 0; + inactive_opacity = 1; + }; + bottom_dock_layout = "contained"; + # agent_font_size = null; + allow_rewrap = "in_comments"; + auto_indent = true; + auto_indent_on_paste = true; + # auto_install_extensions = { }; + # auto_update_extensions = { }; + autosave = "off"; + autoscroll_on_clicks = false; + auto_signature_help = false; + show_signature_help_after_edits = false; + auto_update = false; + base_keymap = "VSCode"; + buffer_font_family = "IntoneMono Nerd Font Mono"; + buffer_font_features = null; + buffer_font_fallbacks = null; + buffer_font_size = 12; + buffer_font_weight = 400; + buffer_line_height = "comfortable"; + centered_layout = { + left_padding = 0.2; + right_padding = 0.2; + }; + close_on_file_delete = false; + confirm_quit = false; + diagnostics_max_severity = null; + disable_ai = false; + load_direnv = "shell_hook"; + double_click_in_multibuffer = "select"; + drop_target_size = 0.2; + edit_predictions = { + disabled_globs = [ + "**/.env*" + "**/*.pem" + "**/*.key" + "**/*.cert" + "**/*.crt" + "**/.dev.vars" + "**/secrets.yml" + ]; + }; + edit_predictions_disabled_in = [ ]; + current_line_highlight = "all"; + selection_highlight = true; + rounded_selection = true; + cursor_blink = true; + cursor_shape = "bar"; + gutter = { + line_numbers = true; + runnables = true; + breakpoints = true; + folds = true; + min_line_number_digits = 4; + }; + hide_mouse = "on_typing_and_movement"; + snippet_sort_order = "inline"; + scrollbar = { + show = "auto"; + cursors = true; + git_diff = true; + search_results = true; + selected_text = true; + selected_symbol = true; + diagnostics = "all"; + axes = { + horizontal = true; + vertical = true; + }; + }; + minimap = { + show = "always"; + thumb = "always"; + thumb_border = "left_open"; + current_line_highlight = "line"; + }; + tab_bar = { + show = true; + show_nav_history_buttons = true; + show_tab_bar_buttons = true; + }; + tabs = { + close_position = "right"; + file_icons = false; + git_status = false; + activate_on_close = "history"; + show_close_button = "hover"; + show_diagnostics = "off"; + }; + inline_code_actions = true; + session = { + restore_unsaved_buffers = true; + trust_all_worktrees = false; + }; + drag_and_drop_selection = { + enabled = true; + delay = 300; + }; + toolbar = { + breadcrumbs = true; + quick_actions = true; + selections_menu = true; + agent_review = true; + code_actions = false; + }; + use_system_window_tabs = false; + enable_language_server = true; + ensure_final_newline_on_save = true; + expand_excerpt_lines = 5; + excerpt_context_lines = 2; + extend_comment_on_newline = true; + # extend_list_on_newline = true; + # indent_list_on_tab = true; + status_bar = { + active_language_button = true; + cursor_position_button = true; + line_endings_button = false; + # active_encoding_button = "non_utf8"; + }; + lsp = { + biome = { + binary = { + path = lib.getExe pkgs.biome; + ignore_system_version = true; + }; + settings = { + require_config_file = true; + }; + }; + jdtls = { + binary = { + path = lib.getExe pkgs.jdt-language-server; + ignore_system_version = true; + }; + }; + kotlin-lsp = { + binary = { + path = lib.getExe pkgs.${namespace}.kotlin-lsp; + arguments = [ "--stdio" ]; + }; + }; + nixd = { + binary = { + path = lib.getExe pkgs.nixd; + }; + }; + package-version-server = { + binary = { + path = lib.getExe pkgs.package-version-server; + }; + }; + protobuf-language-server = { + binary = { + path = lib.getExe pkgs.protols; + }; + }; + rust-analyzer = { + binary = { + path = lib.getExe pkgs.rust-analyzer; + }; + }; + }; + global_lsp_settings = { + button = true; + }; + lsp_highlight_debounce = 75; + features = { + edit_prediction_provider = "none"; + }; + format_on_save = "on"; + formatter = "auto"; + use_autoclose = true; + always_treat_brackets_as_autoclosed = false; + file_scan_exclusions = [ + "**/.git" + "**/.svn" + "**/.hg" + "**/.jj" + "**/.sl" + "**/.repo" + "**/CVS" + "**/.DS_Store" + "**/Thumbs.db" + "**/.classpath" + "**/.settings" + ]; + file_scan_inclusions = [ ".env*" ]; + file_types = { + "JSONC" = [ + "**/.zed/**/*.json" + "**/zed/**/*.json" + "**/Zed/**/*.json" + "**/.vscode/**/*.json" + "tsconfig.json" + "jsconfig.json" + ]; + "Dockerfile" = [ + "Dockerfile*" + "*.dockerfile" + ]; + "YAML" = [ + "*.yml" + "*.yaml" + ]; + "Shell Script" = [ + ".env.*" + "*.zsh" + "*.bash" + "*.sh" + "APKBUILD" + "PKGBUILD" + "*.ebuild" + "*.eclass" + ".bashrc" + ".bash_profile" + ".zshrc" + ".zprofile" + ]; + "Python" = [ + "*.py" + "*.pyi" + "SConstruct" + "SConscript" + ]; + "JavaScript" = [ + "*.js" + "*.cjs" + "*.mjs" + "*.jsx" + ]; + "TypeScript" = [ + "*.ts" + "*.cts" + "*.mts" + "*.tsx" + ]; + "HTML" = [ + "*.html" + "*.htm" + "*.shtml" + "*.xhtml" + ]; + "CSS" = [ "*.css" ]; + "SCSS" = [ "*.scss" ]; + "Java" = [ + "*.java" + "*.jav" + ]; + "Kotlin" = [ + "*.kt" + "*.kts" + ]; + "Go" = [ "*.go" ]; + "Rust" = [ "*.rs" ]; + "C" = [ + "*.c" + "*.h" + ]; + "C++" = [ + "*.cpp" + "*.cc" + "*.cxx" + "*.hpp" + "*.hh" + "*.hxx" + ]; + "Markdown" = [ + "*.md" + "*.markdown" + ]; + "TOML" = [ "*.toml" ]; + "XML" = [ + "*.xml" + "*.xsd" + "*.xsl" + "*.xslt" + ]; + "SQL" = [ + "*.sql" + "*.ddl" + "*.dml" + ]; + "Terraform" = [ + "*.tf" + "*.tfvars" + ]; + "HCL" = [ "*.hcl" ]; + "Nix" = [ "*.nix" ]; + "Lua" = [ "*.lua" ]; + "Ruby" = [ + "*.rb" + "Rakefile" + "Gemfile" + ]; + "PHP" = [ "*.php" ]; + "C#" = [ "*.cs" ]; + "Swift" = [ "*.swift" ]; + "Zig" = [ "*.zig" ]; + "Dart" = [ "*.dart" ]; + "Proto" = [ "*.proto" ]; + "GraphQL" = [ + "*.graphql" + "*.gql" + ]; + }; + diagnostics = { + include_warnings = true; + inline = { + enabled = false; + update_debounce_ms = 150; + padding = 4; + min_column = 0; + max_severity = null; + }; + # update_with_cursor = false; + # primary_only = false; + # use_rendered = false; + }; + git = { + git_gutter = "tracked_files"; + gutter_debounce = null; + inline_blame = { + enabled = true; + delay_ms = 600; + }; + branch_picker = { + show_author_name = true; + }; + hunk_style = "staged_hollow"; + }; + go_to_definition_fallback = "find_all_references"; + hard_tabs = false; + helix_mode = false; + indent_guides = { + enabled = true; + line_width = 1; + active_line_width = 1; + coloring = "fixed"; + background_coloring = "disabled"; + }; + hover_popover_enabled = true; + hover_popover_delay = 300; + icon_theme = { + mode = "system"; + dark = "Zed (Default)"; + light = "Zed (Default)"; + }; + image_viewer = { + unit = "binary"; + }; + inlay_hints = { + enabled = false; + show_type_hints = true; + show_parameter_hints = true; + show_other_hints = true; + show_background = false; + edit_debounce_ms = 700; + scroll_debounce_ms = 50; + toggle_on_modifiers_press = null; + }; + journal = { + path = "~"; + hour_format = "hour12"; + }; + jsx_tag_auto_close = { + enabled = true; + }; + languages = { + JavaScript = { + tab_size = 2; + enable_language_server = true; + hard_tabs = false; + formatter = { + language_server = { + name = "biome"; + }; + }; + language_servers = [ + "!eslint" + "biome" + ]; + code_actions_on_format = { + "source.fixAll.biome" = true; + "source.organizeImports.biome" = true; + }; + }; + TypeScript = { + tab_size = 2; + hard_tabs = false; + enable_language_server = true; + formatter = { + language_server = { + name = "biome"; + }; + }; + language_servers = [ + "!eslint" + "!graphql" + "!deno" + "!typescript-language-server" + "biome" + "..." + ]; + code_actions_on_format = { + "source.fixAll.biome" = true; + "source.organizeImports.biome" = true; + }; + }; + TSX = { + formatter = { + language_server = { + name = "biome"; + }; + }; + code_actions_on_format = { + "source.fixAll.biome" = true; + "source.organizeImports.biome" = true; + }; + }; + JSON = { + tab_size = 2; + hard_tabs = false; + formatter = { + language_server = { + name = "biome"; + }; + }; + code_actions_on_format = { + "source.fixAll.biome" = true; + }; + }; + JSONC = { + formatter = { + language_server = { + name = "biome"; + }; + }; + }; + CSS = { + formatter = { + language_server = { + name = "biome"; + }; + }; + }; + GraphQL = { + formatter = { + language_server = { + name = "biome"; + }; + }; + }; + Nix = { + tab_size = 4; + hard_tabs = true; + language_servers = [ + "nixd" + "!nil" + ]; + }; + Go = { + tab_size = 4; + hard_tabs = true; + }; + Kotlin = { + language_servers = [ + "kotlin-lsp" + "!kotlin-language-server" + ]; + }; + Java = { + language_servers = [ "jdtls" ]; + }; + }; + language_models = { + anthropic = { + api_url = "https://api.anthropic.com"; + }; + google = { + api_url = "https://generativelanguage.googleapis.com"; + }; + ollama = { + api_url = "http://localhost:11434"; + }; + openai = { + api_url = "https://api.openai.com/v1"; + }; + }; + line_indicator_format = "short"; + linked_edits = true; + lsp_document_colors = "border"; + max_tabs = null; + middle_click_paste = true; + multi_cursor_modifier = "alt"; + node = { + ignore_system_version = true; + path = lib.getExe pkgs.nodejs_22; + npm_path = lib.getExe' pkgs.nodejs_22 "npm"; + }; + proxy = null; + on_last_window_closed = "platform_default"; + profiles = { }; + preview_tabs = { + enabled = true; + enable_preview_from_project_panel = true; + enable_preview_from_file_finder = true; + enable_preview_from_multibuffer = true; + enable_preview_multibuffer_from_code_navigation = false; + enable_preview_file_from_code_navigation = true; + enable_keep_preview_on_code_navigation = false; + }; + file_finder = { + file_icons = true; + modal_max_width = "small"; + skip_focus_for_active_in_search = true; + }; + pane_split_direction_horizontal = "up"; + pane_split_direction_vertical = "left"; + preferred_line_length = 80; + private_files = [ + "**/.env*" + "**/*.pem" + "**/*.key" + "**/*.cert" + "**/*.crt" + "**/secrets.yml" + ]; + # projects_online_by_default = true; + read_ssh_config = true; + redact_private_values = false; + relative_line_numbers = "disabled"; + remove_trailing_whitespace_on_save = true; + resize_all_panels_in_dock = [ "left" ]; + restore_on_file_reopen = true; + restore_on_startup = "last_session"; + scroll_beyond_last_line = "one_page"; + scroll_sensitivity = 1; + fast_scroll_sensitivity = 4; + horizontal_scroll_margin = 5; + vertical_scroll_margin = 3; + search = { + button = true; + whole_word = false; + case_sensitive = false; + include_ignored = false; + regex = false; + center_on_match = false; + }; + search_wrap = true; + seed_search_query_from_cursor = "always"; + use_smartcase_search = false; + show_call_status_icon = true; + completions = { + words = "fallback"; + words_min_length = 3; + lsp = true; + lsp_fetch_timeout_ms = 0; + lsp_insert_mode = "replace_suffix"; + }; + show_completions_on_input = true; + show_completion_documentation = true; + show_edit_predictions = true; + show_whitespaces = "boundary"; + whitespace_map = { + space = "•"; + tab = "→"; + }; + soft_wrap = "none"; + show_wrap_guides = true; + use_on_type_format = true; + use_auto_surround = true; + use_system_path_prompts = true; + use_system_prompts = true; + wrap_guides = [ ]; + tab_size = 2; + tasks = { + variables = { }; + enabled = true; + prefer_lsp = false; + }; + telemetry = { + diagnostics = true; + metrics = true; + }; + terminal = { + alternate_scroll = "off"; + blinking = "off"; + copy_on_select = false; + keep_selection_on_copy = true; + dock = "bottom"; + default_width = 640; + default_height = 320; + detect_venv = { + on = { + directories = [ + ".env" + "env" + ".venv" + "venv" + ]; + activate_script = "default"; + }; + }; + env = { + TERM = "ghostty"; + }; + font_family = "IntoneMono Nerd Font Mono"; + font_features = null; + font_size = null; + line_height = "comfortable"; + minimum_contrast = 45; + option_as_meta = false; + button = false; + shell = "system"; + scroll_multiplier = 3; + toolbar = { + breadcrumbs = false; + }; + working_directory = "current_project_directory"; + scrollbar = { + show = null; + }; + path_hyperlink_regexes = [ + "File \"(?[^\"]+)\", line (?[0-9]+)" + "(?x)" + "# optionally starts with 0-2 opening prefix symbols" + "[({\\[<]{0,2}" + "# which may be followed by an opening quote" + "(?[\"'`])?" + "# `path` is the shortest sequence of any non-space character" + "(?(?[^ ]+?" + " # which may end with a line and optionally a column," + " (?:+[0-9]+(:[0-9]+)?|:?\\([0-9]+([,:][0-9]+)?\\))?" + "))" + "# which must be followed by a matching quote" + "(?()\\k)" + "# and optionally a single closing symbol" + "[)}\\]>]?" + "# if line/column matched, may be followed by a description" + "(?():[^ 0-9][^ ]*)?" + "# which may be followed by trailing punctuation" + "[.,:)}\\]>]*" + "# and always includes trailing whitespace or end of line" + "([ ]+|$)" + ]; + path_hyperlink_timeout_ms = 1; + }; + repl = { + max_columns = 128; + max_lines = 32; + }; + # text_rendering_mode = "platform_default"; + theme = { + mode = "system"; + dark = "Palenight Theme"; + light = "Tokyo Night Storm"; + }; + title_bar = { + show_branch_icon = false; + show_branch_name = true; + show_project_items = true; + show_onboarding_banner = true; + show_user_picture = true; + show_user_menu = true; + show_sign_in = true; + show_menus = false; + }; + vim_mode = false; + when_closing_with_no_tabs = "platform_default"; + project_panel = { + button = true; + default_width = 240; + dock = "left"; + entry_spacing = "comfortable"; + file_icons = true; + folder_icons = true; + git_status = true; + indent_size = 20; + auto_reveal_entries = true; + auto_fold_dirs = true; + drag_and_drop = true; + scrollbar = { + show = null; + }; + sticky_scroll = true; + show_diagnostics = "all"; + indent_guides = { + show = "always"; + }; + sort_mode = "directories_first"; + hide_root = false; + hide_hidden = false; + starts_open = true; + auto_open = { + on_create = true; + on_paste = true; + on_drop = true; + }; + }; + collaboration_panel = { + button = false; + dock = "left"; + default_width = 240; + }; + debugger = { + stepping_granularity = "line"; + save_breakpoints = true; + dock = "bottom"; + button = true; + }; + git_panel = { + button = true; + dock = "left"; + default_width = 360; + status_style = "icon"; + fallback_branch_name = "main"; + sort_by_path = false; + collapse_untracked_diff = false; + scrollbar = { + show = null; + }; + }; + git_hosting_providers = [ ]; + outline_panel = { + button = true; + default_width = 300; + dock = "right"; + file_icons = true; + folder_icons = true; + git_status = true; + indent_size = 20; + auto_reveal_entries = true; + auto_fold_dirs = true; + indent_guides = { + show = "always"; + }; + scrollbar = { + show = null; + }; + }; + calls = { + mute_on_join = false; + share_on_join = false; + }; + colorize_brackets = false; + unnecessary_code_fade = 0.3; + ui_font_family = "IntoneMono Nerd Font Mono"; + ui_font_features = { + calt = false; + }; + ui_font_fallbacks = null; + ui_font_size = 12; + ui_font_weight = 400; + agent = { + default_model = { + provider = "anthropic"; + model = "claude-4-sonnet"; + }; + }; + notification_panel = { + button = true; + dock = "bottom"; + }; + }; + }; +} diff --git a/modules/home/dev/default.nix b/modules/home/dev/default.nix index 31a1ac9..157f2ca 100644 --- a/modules/home/dev/default.nix +++ b/modules/home/dev/default.nix @@ -15,19 +15,16 @@ in config = lib.mkIf cfg.enable { ${namespace}.home.dev_modules = { - db.enable = true; + db.enable = false; go.enable = true; gql.enable = true; - java = { - temurin.enable = true; - jdk21.enable = false; - }; js.enable = true; + flutter.enable = false; }; home = { packages = with pkgs; [ - # nixd + nixd parallel ]; }; diff --git a/modules/home/dev/modules/db/default.nix b/modules/home/dev/modules/db/default.nix index 8ed9b31..4fc9083 100644 --- a/modules/home/dev/modules/db/default.nix +++ b/modules/home/dev/modules/db/default.nix @@ -18,8 +18,8 @@ in packages = with pkgs; [ sqlc sqlite - pgcli - postgresql + # pgcli + # postgresql # mongodb ]; }; diff --git a/modules/home/dev/modules/flutter/default.nix b/modules/home/dev/modules/flutter/default.nix new file mode 100644 index 0000000..3e47305 --- /dev/null +++ b/modules/home/dev/modules/flutter/default.nix @@ -0,0 +1,37 @@ +{ + lib, + config, + pkgs, + namespace, + ... +}: +let + cfg = config.${namespace}.home.dev_modules.flutter; +in +{ + options.${namespace}.home.dev_modules.flutter = { + enable = lib.mkEnableOption "enable flutter tooling"; + }; + + config = lib.mkIf cfg.enable { + programs.java = { + enable = true; + package = pkgs.temurin-bin-21; + }; + + home = { + sessionVariables = { + CHROME_EXECUTABLE = "${pkgs.google-chrome}/bin/google-chrome-stable"; + GOOGLE_APPLICATION_CREDENTIALS = "~/myGoogleCreds.json"; + }; + + packages = with pkgs; [ + flutter + firebase-tools + android-studio + android-tools + temurin-bin-21 + ]; + }; + }; +} diff --git a/modules/home/dev/modules/go/default.nix b/modules/home/dev/modules/go/default.nix index 3e5df67..7521baf 100644 --- a/modules/home/dev/modules/go/default.nix +++ b/modules/home/dev/modules/go/default.nix @@ -23,7 +23,7 @@ in home = { packages = with pkgs; [ delve - go_1_24 + go_1_25 go-ethereum gopls gotools diff --git a/modules/home/dev/modules/java/default.nix b/modules/home/dev/modules/java/default.nix deleted file mode 100644 index 5944f52..0000000 --- a/modules/home/dev/modules/java/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - lib, - config, - pkgs, - namespace, - ... -}: -let - cfg = config.${namespace}.home.dev_modules.java; -in -{ - options.${namespace}.home.dev_modules.java = { - jdk21.enable = lib.mkEnableOption "enable java"; - temurin.enable = lib.mkEnableOption "enable temurin java"; - }; - - config = { - home = { - packages = - with pkgs; - lib.optionals cfg.jdk21.enable [ jdk21_headless ] - ++ lib.optionals cfg.temurin.enable [ temurin-bin ]; - }; - }; -} diff --git a/modules/home/dev/modules/js/default.nix b/modules/home/dev/modules/js/default.nix index 5014c9d..11c6e7d 100644 --- a/modules/home/dev/modules/js/default.nix +++ b/modules/home/dev/modules/js/default.nix @@ -18,7 +18,7 @@ in packages = with pkgs; [ deno nodejs - pnpm + # pnpm typescript yarn ]; diff --git a/modules/home/gui/desktop/dunst/default.nix b/modules/home/gui/desktop/dunst/default.nix index 3880c49..1628635 100644 --- a/modules/home/gui/desktop/dunst/default.nix +++ b/modules/home/gui/desktop/dunst/default.nix @@ -34,16 +34,16 @@ in # dynamic width from 0 to 300 # width = (0, 300) # constant width of 300 - width = 300; + width = 380; # The maximum height of a single notification, excluding the frame. - height = 300; + height = 120; # Position the notification in the top right corner origin = "top-right"; # Offset from the origin - offset = "20x20"; + offset = "15x15"; # Scale factor. It is auto-detected if value is 0. scale = 0; @@ -59,22 +59,22 @@ in # Set the progress bar height. This includes the frame, so make sure # it's at least twice as big as the frame width. - progress_bar_height = 10; + progress_bar_height = 8; # Set the frame width of the progress bar progress_bar_frame_width = 0; # Set the minimum width for the progress bar - progress_bar_min_width = 125; + progress_bar_min_width = 150; # Set the maximum width for the progress bar - progress_bar_max_width = 250; + progress_bar_max_width = 300; # Corner radius for the progress bar. 0 disables rounded corners. - progress_bar_corner_radius = 4; + progress_bar_corner_radius = 6; # Corner radius for the icon image. - icon_corner_radius = 5; + icon_corner_radius = 8; # Show how many messages are currently hidden (because of # notification_limit). @@ -83,35 +83,35 @@ in # The transparency of the window. Range: [0; 100]. # This option will only work if a compositing window manager is # present (e.g. xcompmgr, compiz, etc.). (X11 only) - transparency = 10; + transparency = 5; # Draw a line of "separator_height" pixel height between two # notifications. # Set to 0 to disable. # If gap_size is greater than 0, this setting will be ignored. - separator_height = 2; + separator_height = 0; # Padding between text and separator. - padding = 8; + padding = 12; # Horizontal padding. - horizontal_padding = 8; + horizontal_padding = 16; # Padding between text and icon. - text_icon_padding = 10; + text_icon_padding = 12; # Defines width in pixels of frame around the notification window. # Set to 0 to disable. - frame_width = 3; + frame_width = 2; # Defines color of the frame around the notification window. - frame_color = "#eba0ac"; + frame_color = "#ca9ee6"; # Size of gap to display between notifications - requires a compositor. # If value is greater than 0, separator_height will be ignored and a border # of size frame_width will be drawn around each notification instead. # Click events on gaps do not currently propagate to applications below. - gap_size = 5; + gap_size = 8; # Define a color for the separator. # possible values are: @@ -173,7 +173,7 @@ in # %n progress value if set without any extra characters # %% Literal % # Markup is allowed - format = "☁️ %a\n♥︎ %s\n%b"; + format = "%a\n%s\n%b"; # Alignment of message text. # Possible values are "left", "center" and "right". @@ -211,9 +211,9 @@ in #enable_recursive_icon_lookup = true # Set icon theme (only used for recursive icon lookup) - #icon_theme = Adwaita + # icon_theme = Adwaita # You can also set multiple icon themes, with the leftmost one being used first. - icon_theme = "Tela-circle-dracula"; + icon_theme = "Papirus-Dark"; # Align icons left/right/top/off icon_position = "left"; @@ -227,7 +227,7 @@ in max_icon_size = 64; # Paths to default icons (only neccesary when not using recursive icon lookup) - icon_path = "/usr/share/icons/Tela-circle-dracula/16/actions:/usr/share/icons/Tela-circle-dracula/16/apps:/usr/share/icons/Tela-circle-dracula/16/devices:/usr/share/icons/Tela-circle-dracula/16/mimetypes:/usr/share/icons/Tela-circle-dracula/16/panel:/usr/share/icons/Tela-circle-dracula/16/places:/usr/share/icons/Tela-circle-dracula/16/status"; + icon_path = "/usr/share/icons/Papirus-Dark/16x16/actions:/usr/share/icons/Papirus-Dark/16x16/apps:/usr/share/icons/Papirus-Dark/16x16/devices:/usr/share/icons/Papirus-Dark/16x16/mimetypes:/usr/share/icons/Papirus-Dark/16x16/panel:/usr/share/icons/Papirus-Dark/16x16/places:/usr/share/icons/Papirus-Dark/16x16/status"; ### History ### @@ -260,7 +260,7 @@ in # corners. # The radius will be automatically lowered if it exceeds half of the # notification height to avoid clipping text and/or icons. - corner_radius = 10; + corner_radius = 12; # Ignore the dbus closeNotification message. # Useful to enforce the timeout set by dunst configuration. Without this @@ -312,40 +312,58 @@ in experimental = { per_monitor_dpi = false; }; - urgency_low = { - # background = "#32302f"; - # foreground = "#ebdbb2"; - # frame_color = "#689d6a"; - icon = config.home.homeDirectory + "/.config/dunst/icons/low.svg"; - timeout = 5; - }; - urgency_normal = { - # background = "#32302f"; - # foreground = "#ebdbb2"; - # frame_color = "#458588"; - icon = config.home.homeDirectory + "/.config/dunst/icons/normal.svg"; - timeout = 5; - }; - urgency_critical = { - # background = "#32302f"; - # foreground = "#ebdbb2"; - # frame_color = "#cc241d"; - icon = config.home.homeDirectory + "/.config/dunst/icons/critical.svg"; - timeout = 0; - }; + # urgency_low = { + # background = "#313244"; + # foreground = "#c6d0f5"; + # frame_color = "#a6e3a1"; + # icon = config.home.homeDirectory + "/.config/dunst/icons/low.svg"; + # timeout = 8; + # }; + # urgency_normal = { + # background = "#1e1e2e"; + # foreground = "#c6d0f5"; + # frame_color = "#89b4fa"; + # icon = config.home.homeDirectory + "/.config/dunst/icons/normal.svg"; + # timeout = 10; + # }; + # urgency_critical = { + # background = "#1e1e2e"; + # foreground = "#f38ba8"; + # frame_color = "#e78284"; + # icon = config.home.homeDirectory + "/.config/dunst/icons/critical.svg"; + # timeout = 0; + # }; volume-control = { summary = "volctl"; - format = "\"%a\n%b\""; + format = "\"󰕾 %s\n%b\""; + frame_color = "#fab387"; + timeout = 3; }; brightness-control = { summary = "brightctl"; - format = "\"%a\n%b\""; + format = "\"󰃟 %s\n%b\""; + frame_color = "#f9e2af"; + timeout = 3; }; theme-switch = { summary = "theme"; - format = "%a"; + format = "\"󰐱 %s\n%b\""; + frame_color = "#cba6f7"; + timeout = 5; + }; + + network = { + summary = "*Network*"; + format = "\"󰖩 %s\n%b\""; + frame_color = "#89b4fa"; + }; + + battery = { + summary = "*Battery*"; + format = "\"󰁹 %s\n%b\""; + frame_color = "#a6e3a1"; }; }; }; diff --git a/modules/home/gui/desktop/hyprland/default.nix b/modules/home/gui/desktop/hyprland/default.nix index c1c98e4..0f8172d 100644 --- a/modules/home/gui/desktop/hyprland/default.nix +++ b/modules/home/gui/desktop/hyprland/default.nix @@ -1,7 +1,6 @@ { config, lib, - inputs, pkgs, namespace, ... @@ -15,11 +14,6 @@ in }; config = lib.mkIf cfg.enable { - # nix.settings = { - # substituters = ["https://hyprland.cachix.org"]; - # trusted-public-keys = ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="]; - # }; - wayland.windowManager.hyprland = { enable = true; plugins = [ ]; @@ -55,12 +49,13 @@ in "$ws_10" = "10"; monitor = [ - ",preferred,auto,1" + ",highres,auto,1" ]; env = [ "XCURSOR_SIZE,24" "HYPRCURSOR_SIZE,24" + "HYPRCURSOR_THEME,Bibata-Modern-Ice" "ELECTRON_OZONE_PLATFORM_HINT,x11" "XDG_CURRENT_DESKTOP,Hyprland" "XDG_SESSION_DESKTOP,Hyprland" @@ -68,17 +63,16 @@ in ]; general = { - border_size = 1; - no_border_on_floating = false; - gaps_in = 2; - gaps_out = 10; + border_size = 2; + gaps_in = 5; + gaps_out = 15; float_gaps = 0; gaps_workspaces = 0; - "col.inactive_border" = lib.mkDefault "0xff444444"; - "col.active_border" = lib.mkDefault "0xffffffff"; - "col.nogroup_border" = lib.mkDefault "0xffffaaff"; - "col.nogroup_border_active" = lib.mkDefault "0xffff00ff"; + "col.inactive_border" = lib.mkDefault "0x66333333"; + "col.active_border" = lib.mkDefault "rgba(ca9ee6ff) rgba(f2d5cfff) 45deg"; + "col.nogroup_border" = lib.mkDefault "0x66ae8b2d"; + "col.nogroup_border_active" = lib.mkDefault "0xffe78284"; layout = "dwindle"; no_focus_fallback = false; @@ -89,22 +83,22 @@ in resize_corner = 0; snap = { - enabled = false; - window_gap = 10; - monitor_gap = 10; - border_overlap = false; - respect_gaps = false; + enabled = true; + window_gap = 15; + monitor_gap = 20; + border_overlap = true; + respect_gaps = true; }; }; decoration = { - rounding = 6; + rounding = 10; rounding_power = 2.0; active_opacity = 1.0; - inactive_opacity = 1.0; + inactive_opacity = 0.95; fullscreen_opacity = 1.0; - dim_inactive = false; - dim_strength = 0.5; + dim_inactive = true; + dim_strength = 0.15; dim_special = 0.2; dim_around = 0.4; screen_shader = ""; @@ -112,33 +106,33 @@ in blur = { enabled = true; - size = 3; - passes = 1; - ignore_opacity = true; + size = 8; + passes = 3; + ignore_opacity = false; new_optimizations = true; xray = false; noise = 0.0117; - contrast = 0.8916; - brightness = 0.8172; - vibrancy = 0.1696; - vibrancy_darkness = 0.0; - special = false; - popups = false; - popups_ignorealpha = 0.2; - input_methods = false; - input_methods_ignorealpha = 0.2; + contrast = 1.1; + brightness = 1.0; + vibrancy = 0.2; + vibrancy_darkness = 0.2; + special = true; + popups = true; + popups_ignorealpha = 0.6; + input_methods = true; + input_methods_ignorealpha = 0.6; }; shadow = { enabled = true; - range = 4; + range = 12; render_power = 3; sharp = false; ignore_window = true; - color = lib.mkDefault "1a1a1aee"; + color = lib.mkDefault "0xcc000000"; # color_inactive = ""; # unset - offset = "0 0"; - scale = 1.0; + offset = "0 8"; + scale = 0.97; }; }; @@ -147,30 +141,33 @@ in workspace_wraparound = false; bezier = [ - "easeOutQuint,0.23,1,0.32,1" - "easeInOutCubic,0.65,0.05,0.36,1" + "fluent_decel,0.1, 1, 0, 1" + "easeOutCirc,0, 0.55, 0.45, 1" + "easeOutCubic,0.33, 1, 0.68, 1" + "easeInOutQuart,0.76, 0, 0.24, 1" "linear,0,0,1,1" "almostLinear,0.5,0.5,0.75,1.0" "quick,0.15,0,0.1,1" ]; animation = [ - "global, 1, 10, default" - "border, 1, 5.39, easeOutQuint" - "windows, 1, 4.79, easeOutQuint" - "windowsIn, 1, 4.1, easeOutQuint, popin 87%" - "windowsOut, 1, 1.49, linear, popin 87%" - "fadeIn, 1, 1.73, almostLinear" - "fadeOut, 1, 1.46, almostLinear" - "fade, 1, 3.03, quick" - "layers, 1, 3.81, easeOutQuint" - "layersIn, 1, 4, easeOutQuint, fade" - "layersOut, 1, 1.5, linear, fade" - "fadeLayersIn, 1, 1.79, almostLinear" - "fadeLayersOut, 1, 1.39, almostLinear" - "workspaces, 1, 1.94, almostLinear, fade" - "workspacesIn, 1, 1.21, almostLinear, fade" - "workspacesOut, 1, 1.94, almostLinear, fade" + "global, 1, 8, default" + "border, 1, 6, fluent_decel" + "borderangle, 1, 30, fluent_decel, once" + "windows, 1, 5, fluent_decel, popin 60%" + "windowsIn, 1, 5, fluent_decel, slide" + "windowsOut, 1, 4, easeInOutQuart, slide" + "windowsMove, 1, 4, fluent_decel, slide" + "fadeIn, 1, 3, easeOutCirc" + "fadeOut, 1, 3, easeOutCirc" + "fade, 1, 8, easeOutCirc" + "layers, 1, 4, easeOutCirc, fade" + "layersIn, 1, 4, easeOutCirc, slide" + "layersOut, 1, 4, easeOutCirc, slide" + "workspaces, 1, 4, easeOutCubic, slide" + "workspacesIn, 1, 4, easeOutCubic, slidefade 15%" + "workspacesOut, 1, 4, easeInOutQuart, slidefade 15%" + "specialWorkspace, 1, 3, easeOutCirc, slidevert" ]; }; @@ -239,9 +236,9 @@ in }; gestures = { - workspace_swipe = false; - workspace_swipe_fingers = 3; - workspace_swipe_min_fingers = false; + # workspace_swipe = false; + # workspace_swipe_fingers = 3; + # workspace_swipe_min_fingers = false; workspace_swipe_distance = 300; workspace_swipe_touch = false; workspace_swipe_invert = true; @@ -265,19 +262,19 @@ in merge_floated_into_tiled_on_groupbar = false; group_on_movetoworkspace = false; - "col.border_active" = lib.mkDefault "0x66ffff00"; - "col.border_inactive" = lib.mkDefault "0x66777700"; - "col.border_locked_active" = lib.mkDefault "0x66ff5500"; - "col.border_locked_inactive" = lib.mkDefault "0x66775500"; + "col.border_active" = lib.mkDefault "rgba(ca9ee6ff)"; + "col.border_inactive" = lib.mkDefault "0x66414559"; + "col.border_locked_active" = lib.mkDefault "rgba(e78284ff)"; + "col.border_locked_inactive" = lib.mkDefault "0x66626880"; groupbar = { enabled = true; font_family = ""; - font_size = 8; + font_size = 10; font_weight_active = "normal"; font_weight_inactive = "normal"; gradients = false; - height = 14; + height = 16; indicator_gap = 0; indicator_height = 3; stacked = false; @@ -285,18 +282,18 @@ in render_titles = true; text_offset = 0; scrolling = true; - rounding = 1; + rounding = 6; gradient_rounding = 2; round_only_edges = true; gradient_round_only_edges = true; - text_color = lib.mkDefault "0xffffffff"; + text_color = lib.mkDefault "0xffc6d0f5"; # text_color_inactive = null; # unset # text_color_locked_active = null; # unset # text_color_locked_inactive = null; # unset - "col.active" = lib.mkDefault "0x66ffff00"; - "col.inactive" = lib.mkDefault "0x66777700"; - "col.locked_active" = lib.mkDefault "0x66ff5500"; - "col.locked_inactive" = lib.mkDefault "0x66775500"; + "col.active" = lib.mkDefault "0x80ca9ee6"; + "col.inactive" = lib.mkDefault "0x80414559"; + "col.locked_active" = lib.mkDefault "0x80e78284"; + "col.locked_inactive" = lib.mkDefault "0x80626880"; gaps_in = 2; gaps_out = 2; keep_upper_gap = true; @@ -316,8 +313,8 @@ in key_press_enables_dpms = false; always_follow_on_dnd = true; layers_hog_keyboard_focus = true; - animate_manual_resizes = false; - animate_mouse_windowdragging = false; + animate_manual_resizes = true; + animate_mouse_windowdragging = true; disable_autoreload = false; enable_swallow = false; swallow_regex = ""; @@ -326,15 +323,13 @@ in mouse_move_focuses_monitor = true; allow_session_lock_restore = false; # session_lock_xray = false; # does not exist. Bug in documentation? - background_color = lib.mkDefault "0x111111"; + background_color = lib.mkDefault "0x1e1e2e"; close_special_on_empty = true; - new_window_takes_over_fullscreen = 0; exit_window_retains_fullscreen = false; initial_workspace_tracking = 1; middle_click_paste = true; render_unfocused_fps = 15; disable_xdg_env_checks = false; - disable_hyprland_qtutils_check = false; lockdead_screen_delay = 1000; enable_anr_dialog = true; anr_missed_pings = 1; @@ -381,8 +376,8 @@ in }; cursor = { - sync_gsettings_theme = true; - no_hardware_cursors = 1; + sync_gsettings_theme = false; + no_hardware_cursors = 2; no_break_fs_vrr = 2; min_refresh_rate = 24; hotspot_padding = 1; @@ -408,7 +403,7 @@ in }; experimental = { - xx_color_management_v4 = false; + # xx_color_management_v4 = false; }; debug = { @@ -431,23 +426,31 @@ in dwindle = { pseudotile = true; - force_split = 0; + force_split = 2; preserve_split = true; - smart_split = false; + smart_split = true; smart_resizing = true; permanent_direction_override = false; - special_scale_factor = 1; + special_scale_factor = 0.8; split_width_multiplier = 1.0; use_active_for_splits = true; - default_split_ratio = 1.0; + default_split_ratio = 1.618; # Golden ratio for elegant proportions split_bias = 0; - precise_mouse_move = false; - single_window_aspect_ratio = "0 0"; - single_window_aspect_ratio_tolerance = 0.1; + precise_mouse_move = true; + single_window_aspect_ratio = "16 10"; + single_window_aspect_ratio_tolerance = 0.15; }; master = { + allow_small_split = true; new_status = "master"; + new_on_active = "after"; + new_on_top = false; + orientation = "left"; + smart_resizing = true; + drop_at_cursor = true; + mfact = 0.618; # Golden ratio for master area + special_scale_factor = 0.8; }; device = { @@ -541,51 +544,121 @@ in "$ws_3, monitor:DP-2, default:true" "$ws_4, monitor:DP-2, default:true" + # Smart workspace layouts + "$ws_1, layoutopt:orientation:left" + "$ws_2, layoutopt:orientation:top" + "$ws_3, layoutopt:orientation:right" + "$ws_4, layoutopt:orientation:center" + "special:calculator s[true]" "special:passman s[true]" - "special:resourceman s[true]" "special:obsidian s[true]" ]; - windowrulev2 = [ - "suppressevent maximize, class:.*" - "nofocus,class:^$,title:^$,xwayland:1,floating:1,fullscreen:0,pinned:0" - - ######## TAGS ######## - "tag:+browser class:^(brave-browser)$" - "tag:+browser class:^(firefox)$" - - "tag:+ide class:^(code)$" - - "tag:+term class:^(kitty)$" - "tag:+term class:^(foot)$" - "tag:+term class:^(com.mitchellh.ghostty)$" - - "float, class:(clipse)" - "size 622 652, class:(clipse)" - "stayfocused, class:(clipse)" - - "float,class:($calculator)" - "workspace special:special:calculator,class:($calculator)" - "size 622 652, class:($calculator)" - "stayfocused, class:($calculator)" - - "float,class:($passman)" - "workspace special:special:passman,class:($passman)" - "size 622 652, class:($passman)" - "stayfocused, class:($passman)" - - "float,title:($resourceman)" - "workspace special:special:resourceman,title:($resourceman)" - "size 622 652, title:($resourceman)" - "stayfocused, title:($resourceman)" - - "float,class:($obsidian)" - "workspace special:special:obsidian,class:($obsidian)" - "size 622 652, class:($obsidian)" - - "workspace name:ide tag:^ide$" - ]; + # windowrule = [ + # "suppressevent maximize, class:.*" + # "nofocus,class:^$,title:^$,xwayland:1,floating:1,fullscreen:0,pinned:0" + + # ######## SMART TILING RULES ######## + # # Browsers - optimized for reading and productivity + # "size 70% 100%, class:^(brave-browser)$" + # "tile, class:^(brave-browser)$" + # "group set always, class:^(brave-browser)$" + # "size 70% 100%, class:^(firefox)$" + # "tile, class:^(firefox)$" + # "group set always, class:^(firefox)$" + + # # Chrome-based browsers + # "size 70% 100%, class:^(google-chrome)$" + # "tile, class:^(google-chrome)$" + # "group set always, class:^(google-chrome)$" + + # # IDEs and editors - generous space for productivity + # "size 80% 90%, class:^(code)$" + # "tile, class:^(code)$" + # "center, class:^(code)$" + # "group set always, class:^(code)$" + + # "size 80% 90%, class:^(neovim)$" + # "tile, class:^(neovim)$" + # "group set always, class:^(neovim)$" + + # "size 85% 95%, class:^(jetbrains-.*)$" + # "tile, class:^(jetbrains-.*)$" + # "center, class:^(jetbrains-.*)$" + + # # Terminals - golden ratio proportions for elegance + # "size 61.8% 70%, class:^(kitty)$" + # "tile, class:^(kitty)$" + # "size 61.8% 70%, class:^(foot)$" + # "tile, class:^(foot)$" + # "size 61.8% 70%, class:^(com.mitchellh.ghostty)$" + # "tile, class:^(com.mitchellh.ghostty)$" + # "size 61.8% 70%, class:^(alacritty)$" + # "tile, class:^(alacritty)$" + + # # Media applications - center stage + # "size 80% 80%, class:^(mpv)$" + # "center, class:^(mpv)$" + # "size 85% 85%, class:^(vlc)$" + # "center, class:^(vlc)$" + + # # Communication apps - sidebar friendly + # "size 30% 80%, class:^(discord)$" + # "tile, class:^(discord)$" + # "size 30% 80%, class:^(slack)$" + # "tile, class:^(slack)$" + # "size 35% 85%, class:^(teams)$" + # "tile, class:^(teams)$" + + # # File managers - explorer layout + # "size 65% 75%, class:^(thunar)$" + # "tile, class:^(thunar)$" + # "size 65% 75%, class:^(nautilus)$" + # "tile, class:^(nautilus)$" + # "size 65% 75%, class:^(dolphin)$" + # "tile, class:^(dolphin)$" + + # # System utilities - compact and efficient + # "size 50% 60%, class:^(htop)$" + # "center, class:^(htop)$" + # "size 55% 65%, class:^(btop)$" + # "center, class:^(btop)$" + + # ######## TAGS ######## + # # "tag:+browser class:^(brave-browser)$" + # # "tag:+browser class:^(firefox)$" + + # # "tag:+ide class:^(code)$" + + # # "tag:+term class:^(kitty)$" + # # "tag:+term class:^(foot)$" + # # "tag:+term class:^(com.mitchellh.ghostty)$" + + # "float, class:(clipse)" + # "size 622 652, class:(clipse)" + # "stayfocused, class:(clipse)" + + # "float,class:($calculator)" + # "workspace special:special:calculator,class:($calculator)" + # "size 622 652, class:($calculator)" + # "stayfocused, class:($calculator)" + + # "float,class:($passman)" + # "workspace special:special:passman,class:($passman)" + # "size 622 652, class:($passman)" + # "stayfocused, class:($passman)" + + # "float,title:($resourceman)" + # "workspace special:special:resourceman,title:($resourceman)" + # "size 622 652, title:($resourceman)" + # "stayfocused, title:($resourceman)" + + # "float,class:($obsidian)" + # "workspace special:special:obsidian,class:($obsidian)" + # "size 622 652, class:($obsidian)" + # # "workspace name:ide tag:^ide$" + # ]; exec-once = [ "nm-applet --indicator" @@ -606,7 +679,7 @@ in home = { packages = with pkgs; [ - rofi-wayland + rofi networkmanagerapplet brightnessctl playerctl diff --git a/modules/home/gui/desktop/waybar/README.md b/modules/home/gui/desktop/waybar/README.md new file mode 100644 index 0000000..16b5250 --- /dev/null +++ b/modules/home/gui/desktop/waybar/README.md @@ -0,0 +1,155 @@ +# Waybar Theme Configuration + +This module provides a comprehensive waybar configuration that maintains visual consistency with Hyprland and Stylix theming using the Catppuccin Mocha color palette. + +## Overview + +The waybar configuration is designed to: +- Match the Catppuccin Mocha theme used throughout the system +- Complement the Hyprland window manager styling +- Integrate seamlessly with Stylix automatic theming +- Provide a modern, animated, and responsive status bar experience + +## Color Palette + +The configuration uses the Catppuccin Mocha color scheme with the following key colors: + +| Color | Hex Code | Usage | +|-------|----------|-------| +| Base | `#1e1e2e` | Background, dark text | +| Mantle | `#181825` | Secondary backgrounds | +| Surface0 | `#313244` | Module backgrounds | +| Surface1 | `#45475a` | Hover states | +| Surface2 | `#585b70` | Muted text, borders | +| Text | `#cdd6f4` | Primary text color | +| Mauve | `#cba6f7` | Active workspace, accents | +| Blue | `#89b4fa` | CPU indicator | +| Green | `#a6e3a1` | Memory, battery good | +| Teal | `#94e2d5` | Network indicator | +| Yellow | `#f9e2af` | Temperature, warnings | +| Peach | `#fab387` | Audio indicator | +| Red | `#f38ba8` | Critical states, urgent | + +## Features + +### Workspaces +- **Hyprland Integration**: Direct workspace switching and status +- **Visual States**: Active, urgent, and default workspace styling +- **Icons**: Custom Nerd Font icons for workspace numbers +- **Animations**: Smooth hover and state transitions + +### System Monitoring +- **CPU Usage**: Real-time CPU percentage with warning states +- **Memory Usage**: RAM usage with detailed tooltip information +- **Temperature**: System temperature monitoring with critical alerts +- **Battery**: Battery level, charging status, and time estimates +- **Network**: WiFi/Ethernet status with connection details + +### Audio & Media +- **PulseAudio**: Volume control with mute detection +- **Icons**: Context-aware audio device icons +- **Integration**: Direct pavucontrol access on click + +### Window Management +- **Active Window**: Shows current window title with app icons +- **Submap**: Displays active Hyprland keybind submaps +- **Tray**: System tray with attention states + +### Clock & Calendar +- **Time Display**: 24-hour format with date alternative +- **Calendar**: Interactive calendar with Catppuccin styling +- **Timezone**: Configurable timezone support + +## File Structure + +``` +waybar/ +├── default.nix # Main module configuration +├── config/ +│ ├── config.jsonc # Waybar JSON configuration +│ └── style.css # Custom CSS styling +└── README.md # This documentation +``` + +## Consistency with Other Components + +### Hyprland Integration +- **Border Colors**: Matches Hyprland's active border gradient (`cba6f7` → `f2cdcd`) +- **Opacity**: Consistent opacity settings with window decorations +- **Gaps**: Respects Hyprland's gap settings in positioning + +### Stylix Integration +- **Font Family**: Uses Stylix-configured fonts (Ubuntu, Font Awesome) +- **Font Sizes**: Matches Stylix application font sizes +- **Base16 Colors**: Directly uses Stylix base16 color overrides +- **Automatic Updates**: Theme updates when Stylix configuration changes + +## Dependencies + +The module automatically installs required packages: +- `waybar` - The status bar application +- `font-awesome` - Icon fonts for modules +- `pavucontrol` - Audio control GUI +- `networkmanagerapplet` - Network management tools + +## Customization + +### Modifying Colors +Colors are defined in the CSS file and can be updated by changing the hex values: + +```css +/* Example: Change active workspace color */ +#workspaces button.active { + background: linear-gradient(135deg, #your-color, #your-secondary-color); +} +``` + +### Adding Modules +New modules can be added to the configuration by: +1. Adding the module name to the appropriate `modules-*` array +2. Defining module configuration in the settings +3. Adding corresponding CSS styling + +### Layout Adjustments +- **Position**: Change `position` from "top" to "bottom" +- **Height**: Adjust the `height` value +- **Margins**: Modify `margin-*` values for spacing +- **Module Order**: Reorder items in the `modules-*` arrays + +## Animations and Effects + +The configuration includes several animations: +- **Workspace Transitions**: Smooth scaling and color changes +- **Critical States**: Blinking animations for battery/temperature warnings +- **Hover Effects**: Subtle transform and shadow effects +- **Submap Pulse**: Breathing animation for active keybind modes + +## Troubleshooting + +### Common Issues +1. **Missing Icons**: Ensure Font Awesome is installed and available +2. **Temperature Module**: May need to adjust `hwmon-path` for your system +3. **Network Issues**: Verify NetworkManager is running +4. **Audio Problems**: Check PulseAudio/PipeWire status + +### Debug Mode +Enable debug output by adding to waybar execution: +```bash +waybar --log-level debug +``` + +### Reloading Configuration +Waybar automatically reloads on configuration changes, or manually: +```bash +pkill -SIGUSR2 waybar +``` + +## Integration Notes + +This waybar configuration is specifically designed for: +- **NixOS** systems using Home Manager +- **Hyprland** as the window manager +- **Stylix** for system-wide theming +- **Catppuccin Mocha** color scheme + +The module integrates with the systemd user session and will automatically start/restart with Hyprland sessions. \ No newline at end of file diff --git a/modules/home/gui/desktop/waybar/default.nix b/modules/home/gui/desktop/waybar/default.nix index 553bd42..e7728a8 100644 --- a/modules/home/gui/desktop/waybar/default.nix +++ b/modules/home/gui/desktop/waybar/default.nix @@ -1,6 +1,12 @@ -{ lib, config, pkgs, namespace, ... }: +{ + lib, + config, + pkgs, + namespace, + ... +}: let - cfg = config.${namespace}.gui.desktop.waybar; + cfg = config.${namespace}.gui.desktop.waybar; in { options.${namespace}.gui.desktop.waybar = { @@ -8,14 +14,273 @@ in }; config = lib.mkIf cfg.enable { - programs.waybar.enable = true; - programs.waybar.systemd.enable = true; - + programs.waybar = { + enable = true; + systemd.enable = true; + + # Use external configuration files for better maintainability + settings = { + mainBar = { + # Waybar configuration for Hyprland + Stylix + Catppuccin Mocha + layer = "top"; + position = "top"; + height = 35; + spacing = 4; + margin-top = 10; + margin-left = 15; + margin-right = 15; + margin-bottom = 0; + + # Module layout + modules-left = [ + "hyprland/workspaces" + "hyprland/submap" + ]; + modules-center = [ + "hyprland/window" + ]; + modules-right = [ + "tray" + "idle_inhibitor" + "pulseaudio" + "network" + "cpu" + "memory" + "temperature" + "battery" + "clock" + ]; + + # Hyprland workspaces + "hyprland/workspaces" = { + disable-scroll = true; + all-outputs = true; + warp-on-scroll = false; + format = "{icon}"; + format-icons = { + "1" = "󰲠"; + "2" = "󰲢"; + "3" = "󰲤"; + "4" = "󰲦"; + "5" = "󰲨"; + "6" = "󰲪"; + "7" = "󰲬"; + "8" = "󰲮"; + "9" = "󰲰"; + "10" = "󰿬"; + urgent = "󰀪"; + active = "󰮯"; + default = "󰧞"; + }; + persistent-workspaces = { + "*" = 5; + }; + }; + + # Hyprland window title + "hyprland/window" = { + format = "{}"; + max-length = 60; + separate-outputs = true; + rewrite = { + "(.*) — Mozilla Firefox" = "󰈹 $1"; + "(.*) - Visual Studio Code" = "󰨞 $1"; + "(.*) - vim" = " $1"; + "(.*) - nvim" = " $1"; + "(.*)Spotify" = "󰓇 $1"; + "(.*) - Discord" = "󰙯 $1"; + }; + }; + + # Hyprland submap (keybind modes) + "hyprland/submap" = { + format = "󰌌 {}"; + max-length = 20; + tooltip = false; + }; + + # System tray + tray = { + icon-size = 18; + spacing = 8; + }; + + # Clock + clock = { + timezone = "America/Vancouver"; + tooltip-format = "{:%Y %B}\n{calendar}"; + format = "{:%H:%M}"; + format-alt = "{:%a, %b %d, %Y}"; + calendar = { + mode = "year"; + mode-mon-col = 3; + weeks-pos = "right"; + on-scroll = 1; + format = { + months = "{}"; + days = "{}"; + weeks = "W{}"; + weekdays = "{}"; + today = "{}"; + }; + }; + }; + + # CPU usage + cpu = { + format = "󰻠 {usage}%"; + tooltip = false; + interval = 2; + states = { + warning = 70; + critical = 90; + }; + }; + + # Memory usage + memory = { + format = "󰍛 {}%"; + tooltip-format = "Memory: {used:0.1f}G/{total:0.1f}G\nSwap: {swapUsed:0.1f}G/{swapTotal:0.1f}G"; + interval = 2; + states = { + warning = 70; + critical = 90; + }; + }; + + # Temperature monitoring + temperature = { + thermal-zone = 2; + hwmon-path = [ + "/sys/class/hwmon/hwmon1/temp1_input" + "/sys/class/hwmon/hwmon2/temp1_input" + ]; + critical-threshold = 80; + format-critical = "󰸁 {temperatureC}°C"; + format = "󰔏 {temperatureC}°C"; + tooltip = true; + interval = 2; + }; + + # Battery status + battery = { + states = { + good = 95; + warning = 30; + critical = 20; + }; + format = "{icon} {capacity}%"; + format-charging = "󰂄 {capacity}%"; + format-plugged = "󰚥 {capacity}%"; + format-alt = "{icon} {time}"; + format-full = "󰁹 {capacity}%"; + format-icons = [ + "󰂎" + "󰁺" + "󰁻" + "󰁼" + "󰁽" + "󰁾" + "󰁿" + "󰂀" + "󰂁" + "󰂂" + ]; + tooltip-format = "{timeTo}, {capacity}% - {power}W"; + }; + + # Network status + network = { + format-wifi = "󰤨 {signalStrength}%"; + format-ethernet = "󰈀 Connected"; + tooltip-format = "󰤨 {essid}\n󰈀 {ifname}\n󰩠 {ipaddr}/{cidr}\n󰚇 {frequency}MHz\n󰤨 {signalStrength}% ({signaldBm}dBm)"; + tooltip-format-ethernet = "󰈀 {ifname}\n󰩠 {ipaddr}/{cidr}\n󰕒 Up: {bandwidthUpOctets} Down: {bandwidthDownOctets}"; + format-linked = "󰤭 {ifname} (No IP)"; + format-disconnected = "󰤮 Disconnected"; + format-alt = "{ifname}: {ipaddr}/{cidr}"; + on-click-right = "nm-connection-editor"; + }; + + # Audio control + pulseaudio = { + scroll-step = 5; + format = "{icon} {volume}%"; + format-bluetooth = "󰂯 {icon} {volume}%"; + format-bluetooth-muted = "󰂲 "; + format-muted = "󰖁 Muted"; + format-source = "󰍬 {volume}%"; + format-source-muted = "󰍭"; + format-icons = { + headphone = "󰋋"; + hands-free = "󰏳"; + headset = "󰋎"; + phone = "󰏲"; + portable = "󰦧"; + car = "󰄋"; + default = [ + "󰕿" + "󰖀" + "󰕾" + ]; + }; + on-click = "pavucontrol"; + on-click-right = "pactl set-sink-mute @DEFAULT_SINK@ toggle"; + tooltip-format = "{desc}\nVolume: {volume}%"; + }; + + # Idle inhibitor + idle_inhibitor = { + format = "{icon}"; + format-icons = { + activated = "󰅶"; + deactivated = "󰾪"; + }; + tooltip-format-activated = "Idle inhibitor is active"; + tooltip-format-deactivated = "Idle inhibitor is inactive"; + }; + }; + }; + + # style = builtins.readFile ./config/style.css; + }; + home = { packages = with pkgs; [ - waybar - font-awesome # default icons for waybar + waybar + pavucontrol # Audio control GUI + networkmanagerapplet # Network management + + # Additional utilities that waybar modules might use + playerctl # Media player control + brightnessctl # Brightness control + wireplumber # Audio session manager ]; }; + + # Ensure waybar restarts when Hyprland restarts + systemd.user.services.waybar = { + Unit = { + # Description = "Highly customizable Wayland bar for Sway and Wlroots based compositors"; + Documentation = "https://github.com/Alexays/Waybar/wiki"; + PartOf = [ "hyprland-session.target" ]; + After = [ + "hyprland-session.target" + "time-sync.target" + ]; + Requisite = [ "hyprland-session.target" ]; + }; + + Service = { + Type = "exec"; + ExecStart = "${pkgs.waybar}/bin/waybar"; + ExecReload = "${pkgs.coreutils}/bin/kill -SIGUSR2 $MAINPID"; + Restart = "on-failure"; + KillMode = "mixed"; + }; + + Install = { + WantedBy = [ "hyprland-session.target" ]; + }; + }; }; } diff --git a/modules/nixos/core/default.nix b/modules/nixos/core/default.nix index 361fa67..403fa17 100644 --- a/modules/nixos/core/default.nix +++ b/modules/nixos/core/default.nix @@ -3,6 +3,7 @@ }: { imports = [ + ./fonts.nix ./secrets.nix ]; } diff --git a/modules/nixos/core/fonts.nix b/modules/nixos/core/fonts.nix new file mode 100644 index 0000000..c124471 --- /dev/null +++ b/modules/nixos/core/fonts.nix @@ -0,0 +1,39 @@ +{ + lib, + pkgs, + ... +}: +{ + fonts = { + fontconfig = { + enable = true; + + defaultFonts = { + emoji = [ pkgs.noto-fonts-color-emoji.name ]; + serif = [ pkgs.nerd-fonts.ubuntu.name ]; + sansSerif = [ pkgs.nerd-fonts.ubuntu-sans.name ]; + monospace = [ pkgs.nerd-fonts.intone-mono.name ]; + }; + + hinting = { + autohint = true; + enable = true; + }; + + antialias = true; + }; + + packages = + with pkgs; + [ + dina-font + fontconfig + + noto-fonts + noto-fonts-color-emoji + + proggyfonts + ] + ++ builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts); + }; +} diff --git a/modules/nixos/core/secrets.nix b/modules/nixos/core/secrets.nix index da1dbf7..c759da8 100644 --- a/modules/nixos/core/secrets.nix +++ b/modules/nixos/core/secrets.nix @@ -1,14 +1,14 @@ { + config, inputs, lib, - namespace, ... }: { imports = [ inputs.sops-nix.nixosModules.sops ]; sops = { - defaultSopsFile = "${lib.snowfall.fs.get-file "secrets"}/${namespace}.yaml"; + defaultSopsFile = "${lib.snowfall.fs.get-file "secrets"}/${config.system.name}.yaml"; validateSopsFiles = false; age = { sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; @@ -17,11 +17,12 @@ }; secrets = { - "git/name" = { }; - "git/email" = { }; - "git/gh/ssh-private" = { }; - "git/gh/ssh-public" = { }; - "ai/anthropic/api-key" = { }; + "vpn/wg/endpoint" = { }; + "vpn/wg/port" = { }; + "vpn/wg/privateKey" = { }; + "system/users/arrayofone/password" = { + neededForUsers = true; + }; }; }; } diff --git a/modules/nixos/gui/desktop/hyprland/default.nix b/modules/nixos/gui/desktop/hyprland/default.nix index fcca1fd..536fe0a 100644 --- a/modules/nixos/gui/desktop/hyprland/default.nix +++ b/modules/nixos/gui/desktop/hyprland/default.nix @@ -15,10 +15,10 @@ in }; config = lib.mkIf cfg.enable { - # nix.settings = { - # substituters = ["https://hyprland.cachix.org"]; - # trusted-public-keys = ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="]; - # }; + nix.settings = { + substituters = [ "https://hyprland.cachix.org" ]; + trusted-public-keys = [ "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" ]; + }; programs = { uwsm.enable = true; diff --git a/modules/nixos/gui/desktop/sddm/default.nix b/modules/nixos/gui/desktop/sddm/default.nix index 30e4bac..c6e32a3 100644 --- a/modules/nixos/gui/desktop/sddm/default.nix +++ b/modules/nixos/gui/desktop/sddm/default.nix @@ -1,8 +1,16 @@ -{ inputs, lib, pkgs, config, namespace, ... }: +{ + inputs, + lib, + pkgs, + config, + namespace, + ... +}: let cfg = config.${namespace}.gui.desktop.sddm; theme = pkgs.${namespace}.sddm_theme; -in { +in +{ options.${namespace}.gui.desktop.sddm = { enable = lib.mkEnableOption "sddm"; }; diff --git a/modules/nixos/hardware/nvidia/default.nix b/modules/nixos/hardware/nvidia/default.nix index 1b8d783..f0be169 100644 --- a/modules/nixos/hardware/nvidia/default.nix +++ b/modules/nixos/hardware/nvidia/default.nix @@ -1,6 +1,12 @@ -{config, pkgs, lib, namespace, ...}: +{ + config, + pkgs, + lib, + namespace, + ... +}: let - cfg = config.${namespace}.hardware.nvidia; + cfg = config.${namespace}.hardware.nvidia; in { options.${namespace}.hardware.nvidia = { @@ -9,12 +15,16 @@ in config = lib.mkIf cfg.enable { services.xserver.enable = true; - services.xserver.videoDrivers = ["nvidia"]; + services.xserver.videoDrivers = [ "nvidia" ]; hardware = { graphics = { enable = true; enable32Bit = true; + extraPackages = with pkgs; [ + libva-vdpau-driver + libvdpau-va-gl + ]; }; nvidia = { @@ -22,7 +32,7 @@ in powerManagement.enable = false; powerManagement.finegrained = false; open = true; - nvidiaSettings = false; + nvidiaSettings = true; package = config.boot.kernelPackages.nvidiaPackages.beta; }; }; @@ -35,6 +45,8 @@ in __GLX_VENDOR_LIBRARY_NAME = "nvidia"; # __GL_GSYNC_ALLOWED = "1"; __GL_VRR_ALLOWED = "0"; # Controls if Adaptive Sync should be used. Recommended to set as “0” to avoid having problems on some games. + NVD_BACKEND = "direct"; + ELECTRON_OZONE_PLATFORM_HINT = "auto"; # QT_AUTO_SCREEN_SCALE_FACTOR = "1"; # QT_WAYLAND_DISABLE_WINDOWDECORATION = "1"; # CUDA_CACHE_PATH = "$XDG_CACHE_HOME/nv"; @@ -44,7 +56,7 @@ in NIXOS_OZONE_WL = "1"; # Hint electron apps to use wayland WLR_NO_HARDWARE_CURSORS = "1"; # Fix cursor rendering issue on wlr nvidia. }; - + shellAliases = { nvidia-settings = "nvidia-settings --config='$XDG_CONFIG_HOME'/nvidia/settings"; }; diff --git a/modules/nixos/networking/headscale/default.nix b/modules/nixos/networking/headscale/default.nix deleted file mode 100644 index ce8adf3..0000000 --- a/modules/nixos/networking/headscale/default.nix +++ /dev/null @@ -1,41 +0,0 @@ -{pkgs, lib, config, namespace, ...}: -let domain = "headscale.${namespace}.com"; -in { - # options.${namespace}.networking.headscale = { - # enable = lib.mkEnableOption "enable headscale"; - # # domain = lib.mkOption - # }; - - # config = lib.mkIf config.${namespace}.networking.headscale.enable { - # services = { - # headscale = { - # enable = true; - # address = "0.0.0.0"; - # port = 8080; - # settings = { - # server_url = "https://${domain}"; - # dns = { - # base_domain = "dnet"; - # }; - # logtail.enabled = false; - # }; - # }; - - # nginx.virtualHosts.${domain} = { - # forceSSL = true; - # enableACME = true; - # locations."/" = { - # proxyPass = - # "http://localhost:${toString config.services.headscale.port}"; - # proxyWebsockets = true; - # }; - # }; - # }; - - # # environment.systemPackages = [ config.services.headscale.package ]; - # }; -} - - - - diff --git a/modules/nixos/networking/tailscale/default.nix b/modules/nixos/networking/tailscale/default.nix deleted file mode 100644 index ba59b13..0000000 --- a/modules/nixos/networking/tailscale/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{pkgs, lib, config, namespace, ...}: { - # options.${namespace}.networking.tailscale = { - # enable = lib.mkEnableOption "enable tailscale"; - # }; - - # config = lib.mkIf config.${namespace}.networking.tailscale.enable { - # services.tailscale.enable = true; - # }; -} \ No newline at end of file diff --git a/modules/nixos/networking/vpn/proton.nix b/modules/nixos/networking/vpn/proton.nix deleted file mode 100644 index 082c44d..0000000 --- a/modules/nixos/networking/vpn/proton.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ pkgs, ... }:{ - networking.firewall = { - allowedUDPPorts = [ 51820 ]; - }; - networking.wg-quick.interfaces = { - wg-proton = { - listenPort = 51820; - address = [ "10.2.0.2/32" ]; - # dns = [ "10.2.0.1" ]; - privateKeyFile = "/home/arrayofone/vpn/proton-wireguard-CA-500.priv"; - - peers = [ - { - publicKey = "WajeJDezN7JFBe//v/VMsASFyBUk01Hlyvjb0T+dTjE="; - allowedIPs = [ "0.0.0.0/0" ]; - endpoint = "79.127.254.92:51820"; - persistentKeepalive = 25; - } - ]; - }; - }; -} \ No newline at end of file diff --git a/modules/nixos/networking/wg/default.nix b/modules/nixos/networking/wg/default.nix index efebf95..d88f955 100644 --- a/modules/nixos/networking/wg/default.nix +++ b/modules/nixos/networking/wg/default.nix @@ -1,24 +1,63 @@ { - pkgs, lib, config, namespace, + pkgs, ... }: -let - # serverPvtKey = (builtins.readFile ./keys/server/private); - # serverPubKey = (builtins.readFile ./keys/server/public); - # baradurPvtKey = (builtins.readFile ./keys/baradur/private); - # baradurPubKey = (builtins.readFile ./keys/baradur/public); - # rollbookPvtKey = (builtins.readFile ./keys/rollbook/private); - # rollbookPubKey = (builtins.readFile ./keys/rollbook/public); -in { options.${namespace}.networking.wireguard.server = { + dns = lib.mkOption { + description = "DNS addresses for the wireguard interface"; + type = lib.types.listOf lib.types.str; + default = [ "1.1.1.1" ]; + }; enable = lib.mkEnableOption "enable wireguard server"; - externalInterface = lib.mkOption { - description = "External facing interface"; - type = lib.types.string; + interface = lib.mkOption { + description = "WireGuard interface name"; + type = lib.types.str; + default = "wg0"; + }; + + ips = lib.mkOption { + description = "IP addresses and subnets for the WireGuard interface"; + type = lib.types.listOf lib.types.str; + default = [ "10.20.0.2/24" ]; + }; + + privateKeyFile = lib.mkOption { + description = "Path to the private key file"; + type = lib.types.nullOr lib.types.path; + }; + + peers = lib.mkOption { + description = "WireGuard peers configuration"; + type = lib.types.listOf ( + lib.types.submodule { + options = { + publicKey = lib.mkOption { + description = "Public key of the peer"; + type = lib.types.nullOr lib.types.str; + default = null; + }; + allowedIPs = lib.mkOption { + description = "Allowed IP addresses for this peer"; + type = lib.types.listOf lib.types.str; + default = [ "0.0.0.0/0" ]; + }; + endpoint = lib.mkOption { + description = "Endpoint address and port"; + type = lib.types.nullOr lib.types.str; + }; + persistentKeepalive = lib.mkOption { + description = "Keepalive interval in seconds"; + type = lib.types.nullOr lib.types.int; + default = 25; + }; + }; + } + ); + default = [ { } ]; }; }; @@ -28,77 +67,31 @@ in # networking.nat.externalInterface = # config.${namespace}.networking.wireguard.server.externalInterface; # "enp42s0" # networking.nat.internalInterfaces = [ "wg0" ]; - networking.firewall = { - enable = lib.mkForce false; - allowedUDPPorts = [ 51821 ]; - }; - - networking.wireguard.interfaces = { - # "wg0" is the network interface name. You can name the interface arbitrarily. - wg0 = { - # Determines the IP address and subnet of the client's end of the tunnel interface. - ips = [ "10.20.0.2/24" ]; - # Path to the private key file. - # - # Note: The private key can also be included inline via the privateKey option, - # but this makes the private key world-readable; thus, using privateKeyFile is - # recommended. - # privateKeyFile = "${lib.snowfall.fs.get-file "modules"}/nixos/networking/wg/keys/baradur/private"; - postSetup = '' - ip route add 3.98.30.232 via 10.10.0.1 dev enp42s0 - ''; + # networking.firewall = { + # enable = lib.mkForce false; + # allowedUDPPorts = [ config.${namespace}.networking.wireguard.server.port ]; + # }; - # # This undoes the above command - postShutdown = '' - ip route del 3.98.30.232 via 10.10.0.1 dev enp42s0 - ''; - - peers = [ - # For a client configuration, one peer entry for the server will suffice. + networking.wg-quick.interfaces = { + ${config.${namespace}.networking.wireguard.server.interface} = { + address = config.${namespace}.networking.wireguard.server.ips; + dns = config.${namespace}.networking.wireguard.server.dns; + privateKeyFile = config.${namespace}.networking.wireguard.server.privateKeyFile; + peers = map ( + peer: { - # Public key of the server (not a file path). - # publicKey = "2932qgfQczv8nX63HFB0wupQ15f8AG3lPeKCrTMHm2g="; - - allowedIPs = [ "0.0.0.0/0" ]; - - # Set this to the server IP and port. - # endpoint = "wg.arrayof.one:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577 - - # Send keepalives every 25 seconds. Important to keep NAT tables alive. - persistentKeepalive = 25; + publicKey = peer.publicKey; + allowedIPs = peer.allowedIPs; + endpoint = peer.endpoint; + persistentKeepalive = peer.persistentKeepalive; } - ]; + // lib.optionalAttrs (peer.publicKey != null) { inherit (peer) publicKey; } + // lib.optionalAttrs (peer.endpoint != null) { inherit (peer) endpoint; } + // lib.optionalAttrs (peer.persistentKeepalive != null) { inherit (peer) persistentKeepalive; } + ) config.${namespace}.networking.wireguard.server.peers; }; - # wg1 = { - # # Path to the private key file. - # # - # # Note: The private key can also be included inline via the privateKey option, - # # but this makes the private key world-readable; thus, using privateKeyFile is - # # recommended. - # privateKey = "${baradurPvtKey}"; - - # peers = [ - # { # baradur - # publicKey = "${baradurPubKey}"; - # allowedIPs = [ "10.100.0.2/32" ]; - # } - # ]; - # }; - # wg2 = { - # # Path to the private key file. - # # - # # Note: The private key can also be included inline via the privateKey option, - # # but this makes the private key world-readable; thus, using privateKeyFile is - # # recommended. - # privateKey = "${rollbookPvtKey}"; - - # peers = [{ # rollbook - # publicKey = "${rollbookPubKey}"; - # allowedIPs = [ "10.100.0.3/32" ]; - # }]; - # }; }; }; } diff --git a/packages/kotlin-lsp/default.nix b/packages/kotlin-lsp/default.nix new file mode 100644 index 0000000..165daef --- /dev/null +++ b/packages/kotlin-lsp/default.nix @@ -0,0 +1,35 @@ +{ + pkgs, + stdenv, + wrapGAppsHook3, +}: +let + version = "0.253.10629"; +in +stdenv.mkDerivation { + name = "kotlin-lsp"; + + src = pkgs.fetchzip { + url = "https://download-cdn.jetbrains.com/kotlin-lsp/${version}/kotlin-${version}.zip"; + sha256 = "sha256-LCLGo3Q8/4TYI7z50UdXAbtPNgzFYtmUY/kzo2JCln0="; + stripRoot = false; + }; + + nativeBuildInputs = [ + wrapGAppsHook3 + ]; + + installPhase = '' + mkdir -p $out/lib + cp -r $src/* $out/lib + chmod +x $out/lib/kotlin-lsp.sh + + mkdir -p $out/bin + ln -s $out/lib/kotlin-lsp.sh $out/bin/kotlin-lsp + wrapProgram $out/bin/kotlin-lsp + ''; + + meta = { + mainProgram = "kotlin-lsp"; + }; +} diff --git a/packages/sddm_theme/default.nix b/packages/sddm_theme/default.nix index a8b47af..69c0902 100644 --- a/packages/sddm_theme/default.nix +++ b/packages/sddm_theme/default.nix @@ -148,5 +148,5 @@ pkgs.stdenv.mkDerivation { TranslateVirtualKeyboardButton="" ## These don't necessarily need to translate anything. You can enter whatever you want here. " > $out/theme.conf - ''; -} \ No newline at end of file + ''; +} diff --git a/packages/sys/default.nix b/packages/sys/default.nix index c1431ed..adc64f8 100644 --- a/packages/sys/default.nix +++ b/packages/sys/default.nix @@ -1,9 +1,14 @@ -{writeShellScriptBin, ...}: +{ writeShellScriptBin, ... }: writeShellScriptBin "sys" '' cmd_rebuild() { + local flake_name=".#" + if [[ -n $1 ]]; then + flake_name=$1 + fi + echo "🔨 Building system configuration with $REBUILD_COMMAND" - $REBUILD_COMMAND switch --flake .# + $REBUILD_COMMAND switch --flake "$flake_name" } cmd_test() { @@ -26,7 +31,7 @@ writeShellScriptBin "sys" '' cmd_usage() { cat <<-_EOF Usage: - $PROGRAM rebuild + $PROGRAM rebuild [flake_name] Rebuild the system. (You must be in the system flake directory!) Must be run as root. $PROGRAM test @@ -53,7 +58,7 @@ writeShellScriptBin "sys" '' PROGRAM=sys COMMAND="$1" case "$1" in - rebuild|r) shift; cmd_rebuild ;; + rebuild|r) shift; cmd_rebuild "$@" ;; test|t) shift; cmd_test ;; update|u) shift; cmd_update ;; clean|c) shift; cmd_clean ;; diff --git a/scripts/init-secrets.sh b/scripts/init-secrets.sh new file mode 100755 index 0000000..a38cfc3 --- /dev/null +++ b/scripts/init-secrets.sh @@ -0,0 +1,135 @@ +#!/usr/bin/env bash +set -e + +# Colors +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +RED='\033[0;31m' +NC='\033[0m' # No Color + +# Variables +HOST_NAME="${HOST_NAME:-$(hostname)}" +USER_NAME="${USER_NAME:-$(whoami)}" +SECRETS_DIR="secrets" +mkdir -p "$SECRETS_DIR" + +echo -e "${YELLOW}Initializing Secrets Setup for Host: $HOST_NAME, User: $USER_NAME${NC}" + +# Ensure sops is available +if ! command -v sops &> /dev/null; then + echo -e "${RED}Error: sops is not installed or not in PATH.${NC}" + exit 1 +fi + +# --- System Keys --- +echo -e "\n${GREEN}== System Keys ==${NC}" +SYSTEM_PUBLIC_KEY="" + +if [[ "$(uname)" == "Darwin" ]]; then + KEY_PATH="/etc/ssh/ssh_host_ed25519_key" + AGE_DIR="/var/lib/sops-nix" + AGE_KEY="$AGE_DIR/key.txt" + + # Generate SSH key if missing + if [ ! -f "$KEY_PATH" ]; then + echo "Generating system SSH key..." + sudo ssh-keygen -t ed25519 -f "$KEY_PATH" -N "" + else + echo "System SSH key exists." + fi + + # Generate Age key if missing + if [ ! -f "$AGE_KEY" ]; then + echo "Generating system Age key..." + sudo mkdir -p "$AGE_DIR" + # Read the ssh key with sudo, convert with nix run (user), write with sudo + # Using nix run nixpkgs#ssh-to-age. This assumes nix is configured for user. + sudo cat "$KEY_PATH" | nix run nixpkgs#ssh-to-age -- -private-key | sudo tee "$AGE_KEY" > /dev/null + else + echo "System Age key exists." + fi + + # Get Public Key + # Use 'age-keygen -y' on the private key. + # We pipe the private key content to nix shell executing age-keygen + SYSTEM_PUBLIC_KEY=$(sudo cat "$AGE_KEY" | nix shell nixpkgs#age -c age-keygen -y /dev/stdin) + echo "System Public Key: $SYSTEM_PUBLIC_KEY" +else + echo "Skipping System Keys (not Darwin/Local execution). Setup manually if remote." + SYSTEM_PUBLIC_KEY="" +fi + +# --- User Keys --- +echo -e "\n${GREEN}== User Keys ==${NC}" +USER_SSH_KEY="$HOME/.ssh/sops-nix" +USER_AGE_DIR="$HOME/.config/sops/age" +USER_AGE_KEY="$USER_AGE_DIR/keys.txt" + +if [ ! -f "$USER_SSH_KEY" ]; then + echo "Generating user SSH key ($USER_SSH_KEY)..." + ssh-keygen -t ed25519 -f "$USER_SSH_KEY" -N "" +else + echo "User SSH key exists." +fi + +mkdir -p "$USER_AGE_DIR" +if [ ! -f "$USER_AGE_KEY" ]; then + echo "Generating user Age key..." + nix run nixpkgs#ssh-to-age -- -private-key -i "$USER_SSH_KEY" > "$USER_AGE_KEY" +else + echo "User Age key exists." +fi + +USER_PUBLIC_KEY=$(nix shell nixpkgs#age -c age-keygen -y "$USER_AGE_KEY") +echo "User Public Key: $USER_PUBLIC_KEY" + +# --- Secrets Files Initialization --- +echo -e "\n${GREEN}== Secrets Files ==${NC}" + +# Helper to init a file +init_secret_file() { + local file=$1 + local keys=$2 + + if [ ! -f "$file" ]; then + echo "Creating and encrypting $file..." + # Create a valid sops file with empty map + # We pass the keys explicitly via --age so we don't depend on .sops.yaml yet + echo "{}" | sops --encrypt --age "$keys" --filename "$file" /dev/stdin > "$file" + else + echo "$file already exists. Skipping creation." + fi +} + +KEYS_FOR_SYSTEM="" +if [ -n "$SYSTEM_PUBLIC_KEY" ]; then + KEYS_FOR_SYSTEM="$SYSTEM_PUBLIC_KEY,$USER_PUBLIC_KEY" +else + KEYS_FOR_SYSTEM="$USER_PUBLIC_KEY" +fi + +HOST_SECRET="$SECRETS_DIR/$HOST_NAME.yaml" +USER_SECRET="$SECRETS_DIR/$USER_NAME.yaml" + +# Init Host Secret (System + User keys) +if [ -n "$HOST_NAME" ]; then + init_secret_file "$HOST_SECRET" "$KEYS_FOR_SYSTEM" +fi + +# Init User Secret (User key only) +if [ -n "$USER_NAME" ]; then + init_secret_file "$USER_SECRET" "$USER_PUBLIC_KEY" +fi + +# --- Summary --- +echo -e "\n${GREEN}== Action Required ==${NC}" +echo "Add the following keys to your .sops.yaml:" +echo -e "${YELLOW}" +echo "keys:" +if [ -n "$SYSTEM_PUBLIC_KEY" ]; then + echo " - & $HOST_NAME $SYSTEM_PUBLIC_KEY" +fi +echo " - & $USER_NAME $USER_PUBLIC_KEY" +echo -e "${NC}" +echo "And update the creation_rules in .sops.yaml to match these keys." +echo "Your secret files have been initialized and are ready for 'task secrets:edit:system' etc." \ No newline at end of file diff --git a/scripts/manage-secrets.sh b/scripts/manage-secrets.sh new file mode 100755 index 0000000..60cb617 --- /dev/null +++ b/scripts/manage-secrets.sh @@ -0,0 +1,87 @@ +#!/usr/bin/env bash +set -e + +# Usage: ./manage-secrets.sh +# action: edit, encrypt, decrypt +# scope: system, user + +ACTION=$1 +SCOPE=$2 + +if [ -z "$ACTION" ] || [ -z "$SCOPE" ]; then + echo "Usage: $0 " + echo " action: edit, encrypt, decrypt" + echo " scope: system, user" + exit 1 +fi + +HOST_NAME=$(hostname) +USER_NAME=$(whoami) +SECRETS_DIR="secrets" +USER_AGE_KEY="/Users/$USER_NAME/.config/sops/age/keys.txt" +SYSTEM_AGE_KEY="/var/lib/sops-nix/key.txt" + +if [ "$SCOPE" == "system" ]; then + TARGET_FILE="$SECRETS_DIR/$HOST_NAME.yaml" +elif [ "$SCOPE" == "user" ]; then + TARGET_FILE="$SECRETS_DIR/$USER_NAME.yaml" +else + echo "Error: Scope must be 'system' or 'user'" + exit 1 +fi + +if [ ! -f "$TARGET_FILE" ]; then + echo "Error: Secrets file '$TARGET_FILE' does not exist." + echo "Run 'task secrets:init' to initialize it." + exit 1 +fi + +# Function to execute sops with fallback to sudo/system key +execute_sops() { + local sops_bin + sops_bin=$(command -v sops) + + # Try as user first + if SOPS_AGE_KEY_FILE="$USER_AGE_KEY" "$sops_bin" "$@"; then + return 0 + fi + + # If failed and scope is system, try with system key via sudo + if [ "$SCOPE" == "system" ]; then + echo "User access failed. Attempting with system key (requires sudo)..." >&2 + + if [ ! -f "$SYSTEM_AGE_KEY" ]; then + echo "System age key not found at $SYSTEM_AGE_KEY. Cannot fallback." >&2 + return 1 + fi + + # Use sudo with the absolute path to sops and the key environment variable + sudo SOPS_AGE_KEY_FILE="$SYSTEM_AGE_KEY" "$sops_bin" "$@" + return $? + fi + + return 1 +} + +case $ACTION in + edit) + echo "Editing $TARGET_FILE..." + execute_sops "$TARGET_FILE" + ;; + encrypt) + echo "Encrypting (in-place) $TARGET_FILE..." + if [ ! -f ".sops.yaml" ]; then + echo "Error: .sops.yaml not found. Cannot encrypt correctly." + exit 1 + fi + execute_sops -e -i "$TARGET_FILE" + ;; + decrypt) + echo "Decrypting (in-place) $TARGET_FILE..." + execute_sops -d -i "$TARGET_FILE" + ;; + *) + echo "Error: Action must be 'edit', 'encrypt', or 'decrypt'" + exit 1 + ;; +esac diff --git a/secrets/_db.yaml b/secrets/_db.yaml new file mode 100644 index 0000000..f30947b --- /dev/null +++ b/secrets/_db.yaml @@ -0,0 +1,28 @@ +git: + name: ENC[AES256_GCM,data:Bsj5r9d3dJZcCA==,iv:7Z2WpK5hroNFdl9wCy2vVoOxlA5rJ2H+qdh9kf1qaaA=,tag:aT3Br4TyKtvYHWLpdDopPg==,type:str] + email: ENC[AES256_GCM,data:BXUeS1xkloygkR35mHuUOZG2qPUql9xuSbgiE98Jih7uY0xEbb4oareayG8=,iv:Vio24kuOyXyVonhZ56Gnp9bj+aroBOpWehc3/Na+6o8=,tag:xIvz+jqxCt6wYW3I+SOqxw==,type:str] + gh: + ssh-private: ENC[AES256_GCM,data:FGf6BVAbmjcYXgnlSwUxR0RIVq/RMk9nXSebHNnMY+MvHSWXcdxB0TTaEp9nZfijtLimWdEn5MgZf0qauG7hvGmzj8wQ0KRy78aMtr8Qv12zUecTVQ0gBkGjvzw1y3yP4W4I3edSQirto59zIUZSN7rcElgNleHDDYJlSVCzfAUu11iQ7XVFVUIR58kSHdCVvgzUdWKx54xZVcUr68ZDYiUqNNzhYCVnxg/ViKtwNz6BU/MTUrgL4C50WW7XVvpcD08pIkLWQKv0zRBYX1exoq/Js80vfxEG7Nub6UFNZz1s4PmDIuCwsooaAnWjO9XCV/0PrGFJBFFihtLu+dDNzfYZFFw1vWq1I5Fd3lyLx2/26xa92eplnUuSQzt5MgmMKz34bpIHMvIj019LjOkyV14ELoKYXFhYAS7ceIahrhOKjTLR34DHWH9ZN4JV15wJrscgwaLMrCf5JvyqDW8yrHVBJABkff7q+UbyWmLfIdCTCrzA1Gyyu3642MgsUSUpxXjB7smBC2tCVI9BRgoKTS6/zPRR2141tWKs,iv:ZjsD+1Yhcl/EKix83QR7eSVJboMMWYINRecOTKxkqcA=,tag:+4OpxwMk6myug5Mn+145Tw==,type:str] + ssh-public: ENC[AES256_GCM,data:9YBEwKUHJ9qLa59xxxT5H+kNwNwcEV5DCSzkSwKLgeqH/fbbOiUyGxme7hBsE6Uao6vk53QpWvYcLyp3NHFWiXJ3K7qUD1aiEA2B62OZEfsBV/xEPzaw+PGP2jYx4mYpyQ==,iv:bTFmOAXTuiHTwXSel/m1ycyBmBzunYvsP4TsDQCTNzg=,tag:aKfzS5eF1tz+PXRNV25jHg==,type:str] +ai: + anthropic: + api-key: ENC[AES256_GCM,data:WhAL+1FiRGPI1qysl9Uf9q5qsYlO8Hoegrs+xeH5jAwCn6Q4FDTprJkuJ2NndkkmcaOYxrz7HtmBTL0V9pJN/zVyrSOwsrncsc+Pnx3lMWO/0hBRIIfDfn13io56u9phhSwKjcHGWBZ1QRuR,iv:63uqDkHGmtMRWozzOD/tNdAPegGzaGJ5SrQZ1HsWyxc=,tag:Z0GzzlSHF46mkPPixF/4Gw==,type:str] + gemini: + api-key: ENC[AES256_GCM,data:TVVCu2ukIOLFNdSFww04t4ie+8y5wCU+6ZuZKg9jLG+kIhY1p8x8,iv:8c024FyI+rPhNA3HUxfGA4NXOru7oWjNgMNlgzpQyUc=,tag:rlmGyUs56pSNkuGTgCc/vw==,type:str] +digits: + email: ENC[AES256_GCM,data:DiZdNStazKwhSQzxLnaWo0w=,iv:XXeVzVRf+uNKi7e79Ze7vii+lxbDy9ZCYrhzbn5gkfM=,tag:AbHSsIDd4Mb8C3hXdAKEeQ==,type:str] +sops: + age: + - recipient: age1sg27wjszvx68d2u9p2rk2k8he2xxuae475wyawcwp893sdzfnd5sqxz6ck + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArTkhIbnZKRy9NMWNyeUtB + ZndpcVJuR29QMGlhdEhQZ2tIL2RPOUlwVmd3CmVtSHlhTkZIZW44Yk1DRHU4VzRQ + V29QUVcwREkzTitONkNDTSt5VlRjMjQKLS0tIGpyWTQ2bTJEUHlsUHQwcXdtbUtO + V2NvYlkvcDdGa3ZTK29WVXprdUlVTW8KmyfTS6K/clDnuligndXA9SWxCb6KxCj+ + pX69eCfn4yv6iPBsJQreAYexGdMVhDmLgs82U+L8/yapm8UFxhgObw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-11-01T22:37:47Z" + mac: ENC[AES256_GCM,data:YH3Yd59dmI6LGvpgX0ixVEwib+hZqtdGBcqBuSordv0M1cOYEErB5lZPjaNfQmMvfYuvanfXOJ2PgjcokSDwLluMt0rFVQ1la02va27FR8iRSZy7wUaCrg1wAQ0XN4psr2s54rVVVvBBoq5p/27QqOn4Cp5D0JEOsFDFXVKeV64=,iv:Rt+yrnk1C0lJIYs8L+ZEdUOgtaYLmO0UsDv7/qgW3OM=,tag:BZFKOUPaqz7gH8eg7Z4MAg==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/secrets/arrayofone.yaml b/secrets/arrayofone.yaml new file mode 100644 index 0000000..05e96f9 --- /dev/null +++ b/secrets/arrayofone.yaml @@ -0,0 +1,28 @@ +git: + name: ENC[AES256_GCM,data:wA7md/GDvWt6AQ==,iv:b+uzgZgJ1ZZNoUZjpQSl27BboFdsp9St+WtPuIyoU3E=,tag:TxFclEAaGMkstPJ1VImzMg==,type:str] + email: ENC[AES256_GCM,data:gP8chWGWIpNjecjIN8S4iY3v+YARNQ6/6RJIjiUaFzHZ4+q9AjUjbmUFb3w=,iv:0a69q7dwpWcH03VzBN2bizlDwQsxQh2mGYF/QUP/LGs=,tag:IKQBxNANKxEki4W+g7XTbQ==,type:str] + gh: + ssh-private: ENC[AES256_GCM,data:JD3afmODAGotbbzIQn77sGM7YP5tIm7z4auRXM2hNWoHc5F8oZMFfYD6piN1+jGWXNbjY6tKJs1UMXeqnYNMuMYsnZmSrjB8sz+/sE24/wJpIWyKmE+Y2XFJUM5HWptBcB9hOaH5xJIVMiFIycez5DendVnkJBzwTErO+Kb4O5YjYHDCLMXBrh81MLFDltEhGg9QanlGxU2t50RZXn0GjOLM1bVOaDQVtOE1wOFdHgGB6Re1E/b1vnIzyj9NK0rVThf+BALZS7WNfl4AxZnQW8ptulXyDe/gSj5nNMnTWGtxWJW6POVnI1XikX+wG+yVCC3IQ5ef1nA7slyEsDt4dXab4cfyHRjvx59b9okJc1ptMbjTQLnWVfBQP1NmswTpr4lozgDZHJQOx3fBtt5kTzMe+PzC9FpDMcTKCbAwWjyNtQtqm+ZYe79JyFRi7cUzq55jzWXaZouMLk/g1msx+C02hk5bLe54z7Th/YLehgKt3gFlZJC7KYbaPQy/EAjiopZUq88ydsX2Za4QAzwgj2ElkK6pK9NW8cyJ,iv:WpvvGFbQPJV98OXDacRU6D4WpSQAB51AWaZMiFSX6VE=,tag:peoZC8bLHYOQz6jwqw3uOw==,type:str] + ssh-public: ENC[AES256_GCM,data:C6rhlzUdlfHir1Qw4Fr8AlPwV9E5J3xLyEqxSlZD7RBf4ceZ85VPk4DDcLVZ2TlO5kYBr1sx9bKsBNK5bamwQ9WckwvPcTTztZMo6V2vpFOE3MiyL/OfQze14ttPmYnrKw==,iv:lgJqn6A18NZl2whbeP6MVPrt+bRkdOpY0rKIO1k+PEI=,tag:JI7Z2Ju2npDzMvOUPn0T5Q==,type:str] +ai: + anthropic: + api-key: ENC[AES256_GCM,data:6d2U9FkuzHM3gCOiuMjxmmwS5FtzcyZXxod0IwIN/UqpMTfVAl11q/MxGOsKOV0G3tjl1rH5bYSqnPlezD/LTZi20rQufytHzTRPns98kWz6gdzwxDz//LEY8GHAo11nNOEjLu0eNnbaH0Ho,iv:P4iN6rvmjZam2trmtAQxjtDru/IrxEagk6QCbCFH6tQ=,tag:GPSZYsPvyJQV1H6bJy3snQ==,type:str] + gemini: + api-key: ENC[AES256_GCM,data:FHTdZqxkEVF0KkpmI4kZJOQMSpt4yqazlySYPL63wAyUBljgby73,iv:Xa5SmMRR2nYFuNrDSvTRh81hWi4JatlwdwvYKuaEUtc=,tag:dLmsr61jv8lOFiCv2FcthQ==,type:str] +digits: + email: ENC[AES256_GCM,data:c5JrJZxk62tnpyamSjWDrmY=,iv:yrDrM5VmKaoZ8lhTy+wIQaAr6aLKY8D6/zfDmQ/nAVU=,tag:pV4+OG0egY5NUU9sAOtDnQ==,type:str] +sops: + age: + - recipient: age19r87m08mt03zg8ustzlx733s4m4wph6vvkd0qxlequfje5k0mawsy68vp2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3QkVYaWRuMFhRSlcwV3Fq + U3hWaUdldkJBblV1U3hRdVBJTjJwcVpxd0JVCk1HVVBNSGZzblFwSXJzek5TUEFJ + MWF2ckQwc2NtUGRqeDk3R3Q4cHlpTlkKLS0tIGk5ZDRyb3hhWS9BRFQ0d3NMMEJx + dXNCRGsvM1pZd3pWeGNmVzJnVkJMelEKFrd6yacZO9Y9+Z3M5PPd1IKsedlEXsD7 + +kpZ/Sv7jWqg0CI9EUEtI3lwmTTrOzc4zYON7c2wW2WXwdo/fOFClQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-11-14T23:32:48Z" + mac: ENC[AES256_GCM,data:x7JYSY/E72IusCneXgouQk/SpLgeIX2tPdFq6Tm4uFNDYe+x09rbWFajPZUog9uRK06d8G2cXHbH7Fu/v9WoaxTICieMpv3PR8tVqzfYXCsLbWLEKL4heUF/nNmjWLxskaB45tWouDLyWP5vZF81GYAIqu9RG2lHUKG2uK9qLNI=,iv:+h4K6TyWcsThMVFowljSJxwKAVk9arR/v2hRJAwxO5M=,tag:ksBP0Qe/22I1tAaT3f5X5A==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/secrets/baradur.yaml b/secrets/baradur.yaml new file mode 100644 index 0000000..7c3726f --- /dev/null +++ b/secrets/baradur.yaml @@ -0,0 +1,26 @@ +vpn: + wg: + port: ENC[AES256_GCM,data:Xb6MYPs=,iv:f5MqJFtLcbxqA4UVIOqneQiyogn2DzkpSyRPTjnKTsE=,tag:WFtVNPQop43dfNwdJwWWyg==,type:str] + privateKey: ENC[AES256_GCM,data:j+foonVgiJsrGkZ3Lgc2lMShB6zV3jDRut81cWXxuxDm4543APaBvj6OWaY=,iv:ICIfgQyrb+HZRn/oykQCB8UsqDeusv3dUtXAxJ/PHYw=,tag:loG/DpzjuAfvuXFnBNOi1Q==,type:str] + endpoint: ENC[AES256_GCM,data:zTdNORqtCkc4VmdpJbIIFoww,iv:JC/KlfimqXdsE2NfRhuUw6iCHRqecut35khxq9v0S2M=,tag:NJ1vQnDaexyZi4gskw+xiw==,type:str] + endpoint-ip: ENC[AES256_GCM,data:NsGwiyxPpSX9gcaX8vM=,iv:m6ppILpIM5XBY6Ypelo+VRTq7rYHckbc7X3hejQ+O0Q=,tag:4MWBppOrESTlQV6jSwKAYQ==,type:str] + endpoint-ip-port: ENC[AES256_GCM,data:Y0nEswjllcfrV+E+KCDBM3Lz,iv:EioFT0lTcGLELB67Pbisk9GxbLwNMCVTG1qGdWsCkL4=,tag:ZBmG/4y+oMPTyKyumNFFOQ==,type:str] +system: + users: + arrayofone: + password: ENC[AES256_GCM,data:waOvH4Ptc6zWpGYJv4tf+Jo1gfduUQjrJGL8go2yB+j/kEpaUc5MYhhpzsemNkybbUR8qnLtkVy9+zDsqspNAQ+HNSSf4sVmVg==,iv:E6/1rrT8Ia9/aYa7ziTdB4/zOVCCHQwY1BVEshoMMT8=,tag:KMVshPqx+rOQ59RLlCJwwQ==,type:str] +sops: + age: + - recipient: age1fe2alznmwldqrnlx09n4e7hfc3kflm2h9lmgem54kcadze5kp53qjuyrqy + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuQ0NVcTJlaEJRejBwbUN3 + NXQwRzUySlJqUndHZ1d5RS9oQVF1bmV1SEcwCnM0SlFrbSt0QzVKVmNBb0VBN2xu + QkRIWHoydW1CQTk2Wmw5TDZ5M0pxdFkKLS0tIGlFMXlJcGpHQUhLSWc0MmNRbjJz + aFI1UWtCT3hWTEM0S2RaQTFsdEx3cDQKDrON47iynQQTk82oZsjYGSrBk654yYmR + BjGcIvY69gVJoizqx+0TaPoQ56Iw+UZ940HMSxinJEhNSJRED9eDEw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-11-01T22:27:02Z" + mac: ENC[AES256_GCM,data:OY6UYc/pXDkIWQ8ofiE5GiWapP4qLXp/WJeFd6R3tffZcKzVEloPukIceiDPXk1DsisMkwcoXA8M52ny7uQCo5N/HHIXhxaUrbIqaHnw9DlAn2PimWQTKKuXnAaBWG21Lume2pPK2LpXuBOifEUt16wr0LqwnAb3O1lhV9/zga4=,iv:V5ZehkeI2Ur0ZzSt7/z7lFOS3Dnkp/tlOq2SHyoW11g=,tag:xqIBTSPVfOyk9+svMvTmfQ==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/secrets/darrenbangsund.yaml b/secrets/darrenbangsund.yaml new file mode 100644 index 0000000..312d11a --- /dev/null +++ b/secrets/darrenbangsund.yaml @@ -0,0 +1,26 @@ +git: + name: ENC[AES256_GCM,data:ccVp8kFig6KGjYnDSxk=,iv:kG2bKYH7XVo1UT/5thGd+oiyv7/xzB56Y2EJADuQ9EU=,tag:w3MwDv+59z0S8NxaCE+gXg==,type:str] + email: ENC[AES256_GCM,data:HnuxXN3RpeY4wsSFl4e/PZpZ3h4IMtZsfx0CrIDSju9MjeLd3eYIhglEsOQEEaHCZA==,iv:hxWaefhVPXPb7RV8k811QwkRsojEnS4iWIOocLslvZQ=,tag:BQf8Y+CMOEDP1XKZCG6iJA==,type:str] + gh: + ssh-private: ENC[AES256_GCM,data:W57Obez4HVSJbOCCuYHJCuY0tUGoC1AqGKMpU65UkhhsQi2HIsWQfCHRdrERgZ1i6g3izx/LbsqswAxWWR8ZRShHpNKhw1NRGXvvcZLMFWYE5mbg0ADhEwWTiGoKt4vuJoZ+ZtZclB4IETCaBNnrpeIy0eTtuxcZAh1e6pNQbzdsafXUnoVvmJ2A7EYgHUNaIJGfQqBHzCZ/xZtGfqfZcVmc7zLhuP8IjTbObklvtpfSDcyhLJKw4U1pVkanVY3a5FntnnwyslfSrWl87zD3MCc1H3oyGxbLdKUv+bD2bRtfxp4D3A10UW1h9L9PmxgYLZsgGwb07sUqHLi1T0TNisWMQaprJNDG93Te6+/v4neRs9Lzc5yBgSPT1YnL7LMWzp/9OGZcX7AKf9cAZDZ83K4YCDUvOk0Gx9ANfEmMQ8Vt4CA3yyKBdTmRED4rJx3/qdj0lRlF2h2x7r8ostNa7zxDtFAD9zEOhEgtCVqAboRjLXQXn/5ZLN4ix3I4XPwuhAx6lVJe+/e2Wef0DlAFYte5PUFJ4NmFloSTznH5m5jdQ7qfm0oyltGbzMCQkrmYaeH/psntAxEWjMPn,iv:XpgMeBKX2RD4fNKh/doepYuDApKMV8Td904aMkr/7wU=,tag:H8fN5jTr4Ua/2O7Ao/uJ6w==,type:str] + ssh-public: ENC[AES256_GCM,data:kucom/pt2jCaNmLawr9ZSbXwqs7BDS+2/uUGjkLZrsiAB0mC48YTOZTdUEd3HVmlkolSGC/IrjYfRa2EWxbL07L3fJ/TURWxm5cfuJADBUkHKOoUrU6m5AdhT8g936MbcK54ynK62TW5j/6DB27wd01Zn26Xg/dXOQ==,iv:6vuq6rkpJoUZ+e4OE/il3vUOGXQhC2gQja4LkxrGXUI=,tag:ON5AOBpEDk3wXp1iCGTiKQ==,type:str] +ai: + anthropic: + api-key: "" + gemini: + api-key: "" +sops: + age: + - recipient: age1fyndjw4ucc39hh2kyuxth2pyevl2h5zh9lmfq7v9h8neq9csnc9qrcm4zq + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtZ1BlWGZ2UEtuemtVa01H + cWVEOGJEVjRJWXZMTEduNHA2eVpSMGZvMFRZClgzS3A2OU5hTmNscjBtMEh1MU5Y + RldWOGlTSG9aNzk4YUtqaFFlVmhoQkUKLS0tIEVOeDZ1Q01lU0pNNVFqdlZpUGt6 + V0VUTUM1blJmSzNKNExaMUFPYnI0QmsKEf8Ika5PLMkK/kkUWie+EgvonMT8+T1P + 7Ckn4CqQyYanwqI4hdoAEDduaH2zSA9UJAS3UXgUcaDI/UVWw+w36A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-01-13T17:18:35Z" + mac: ENC[AES256_GCM,data:K4qSU7gpQMH9PxUUmoRt9PAyalL1kTYvZtKTHZDQpuG9IDnNVt7mNqMTQlGNBCbLcMNcB9Na09vkLrzGoLubeD0Oy/If07pt+EcKed58of/jzyFGaiIuvRKcSE/drxg/m7PEsFVbtHUKh1bPR6CEeQJh4gdVjV/UymVtj84h79E=,iv:I/eS8bp8vRmORsFHUHDU99sSoF7xWPsWVi3KG6XFyzs=,tag:DJcx0R6Q26WdLOk8P6H2jA==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/secrets/db.yaml b/secrets/db.yaml new file mode 100644 index 0000000..6f7589b --- /dev/null +++ b/secrets/db.yaml @@ -0,0 +1,28 @@ +git: + name: ENC[AES256_GCM,data:Mrk00Bcmk6atJg==,iv:kFxRlo8BBcXnWogAg6waGo42/7EI0x1WDa+HpRkqYwo=,tag:ONbxjLU+S1DlusyJxKdwCg==,type:str] + email: ENC[AES256_GCM,data:fiJLNmEyIyyowYhuqSsVIQfLtqz53VhAIVJis9b/R3MEC8pVEo7eefUJiw8=,iv:F4FOTgEwwA3phANg1xiIk+qfxL7ZGj9X7MW1hgjGA0c=,tag:ZI313TKofd3p8MwPmg/Cdg==,type:str] + gh: + ssh-private: ENC[AES256_GCM,data:O9zLiwz+w7OwvwrPYQn2PMTQLm6vkrHknSROw7VWQBtIMVPrjDim0xVPlNaeJ8v+NwvHM+IxDBWLXKINOiET7BYJrKA5sGXJhGeOC+hEC+rusoTBVdcO+3AzWxUrtPyeE7eUY7cnUeGjItjTNz/ezn93HNGYc4gqX9axyrfqAsn4US6zoFwQO2t5b0g/5jbpWD7qncxK4jG1mSx0R+17aoZpCS0o3xPKz5EucWgFv1pFCXMIsnUbhPu78CTo6Saa5wbfeJ2NQrNc3/dZT0eQjYlLtGmh71iYq1Uulk4kFy3c40/7ID/t16rGxXjjtL150UUSgMY53ALBOIjl9Radsya6MxieRkk/5PiaEWkHf2hxVL56ykSCkDMuB9tvHhwgF9whCZlSmh9wxgx+eczB7R2OXujUQCmFCdcXeREd9wD1jVnB9NUJAPFJZzmg6YmGXs/YJqVy+yzUeqTciwRoS1wd5QqTxIWg4aJi4h9T98FO0JXnwTt7WLFs572k+EniHvdjuAT2NiYoTLSdPQWfHd9H6m7xczM2eebx,iv:4GTrMLFVltEpTg8jpq6VvF74AwWi+zHS2IWh9HLI21I=,tag:NglU1VDaCj1C1HrlhuDXVw==,type:str] + ssh-public: ENC[AES256_GCM,data:gzUwV/uQ8ioXwT/d+ZtF27jLR5AOpPZy1XqVaWYgG4jUMCucwvBAOTsS/3cgJjrw/wMLG+ptnaCwg/UBL0Iij1qjncWhAFfFs1UN4YeCPUiATeVyn2iDVc5G01YgoNH7Ig==,iv:mA82OfmCIivyuftggW0Eq6wPFV9vqKutmd1Et/WNeMs=,tag:nwfwUaTV926kYWQ6P15YSQ==,type:str] +ai: + anthropic: + api-key: ENC[AES256_GCM,data:UoVMdQyLtCSx9dW+Wq0LsiQpPe+YCtz5ZZ9Mv+KWzy6E3Xd5Db1gA2GEt+DTNVuHcrDXepTeWKRNknK4x+BvSyOs1hVG3YQPL64keCeys2WrWUzrY0DONMyLbDDPHG/z/gbxtMQ0fwIXKH5i,iv:KpZhDMNvcugpQSBK5joyc5PqI3NtFT2/1G2/8pxSM68=,tag:CgCK3qX42wfWXkDabd631Q==,type:str] + gemini: + api-key: ENC[AES256_GCM,data:TAPO6QNkUSGRgDE0+Y1jwGwbKslZYmGylQgXePqu08AgVf7Kzam/,iv:Ma3SJB0IngVizvnheQt/FP4LjmKZ3AL4ismic5K/Ri4=,tag:uWchRR8YQOIuAJ6c3g6upw==,type:str] +digits: + email: ENC[AES256_GCM,data:1cddiUhFdMZ3zE64IHh05BM=,iv:Mx+Z57Tc53HuD2QgrW4OiOftdeJQ85BmhJ5NnLGLlYs=,tag:dkZA5jTGzI/eXc6uYGueTw==,type:str] +sops: + age: + - recipient: age19r87m08mt03zg8ustzlx733s4m4wph6vvkd0qxlequfje5k0mawsy68vp2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGRCtrMG1hMGFWRTQ5bGox + Q2hBNkZDSDdSV1lOUi9pS0crZzBDVmxBc1gwCk1EZVZuZzRSOGZhbVF4eXJKQitY + dm4yTE1LR0RDWThHNEY0STFoVGkxMlEKLS0tIFkrbXcycnVCU01lemtDUDJPZjBQ + WUtGczFFK3IzUDZaVk1xdDNCa2tBTUEKFTaPmf1NYUazSAMHxjMNrIjHzHxNOP4O + O5BZhqr6X7hhVfVaLbuW3CbZ7utzHj3MqtIBopUZshdfYCH57pABdQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-11-15T22:41:59Z" + mac: ENC[AES256_GCM,data:qoi0/1diBEjrkUCRL4H8247eegbbgyb32+VozuVv8F0sLjVkzThJvL/zgGf0h6TauHPde+Mcz43bMwQDDD2CerqRnNoRSM9GDOGqdA0LRDmW+2IYSE06SK+vQqViGUqzVlpql7mjZ9rWDn9toYLmx6uolgbadT+5ejaxoWh6hss=,iv:Mw+kUMfhYXJOIbut1Ui7TRmS4L7zF9i9kiBlnrkZTsQ=,tag:8ZUccbSwVN6p0H0vW8NQ5g==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/secrets/dbook.yaml b/secrets/dbook.yaml new file mode 100644 index 0000000..95f2da2 --- /dev/null +++ b/secrets/dbook.yaml @@ -0,0 +1,26 @@ +vpn: + wg: + port: ENC[AES256_GCM,data:6EJnHJM=,iv:d95KclPSkeF+Iva2n6XUKmw7fBaubiZ+2KnXJDWuUDA=,tag:FZwD/WvmazMJppK6U2XLDw==,type:str] + privateKey: ENC[AES256_GCM,data:8znQcc4EiHXTM03ef1RaU+gGFg2V1Bamj6d2CDrYdWkD3hrGFs5L3HRQoR0=,iv:Ygm9fcpgso5FX9cg60p/HlLeZMCYN3FxIiA/95a2bMU=,tag:FQlivzgwx3Kr4L0SwYSohw==,type:str] + endpoint: ENC[AES256_GCM,data:ZbnEVO23JRxCNjZ34QVyd0/t,iv:W9G3JXE9aCZ4OI3v9W26egEdq1qoauNx3AeF5N51rm8=,tag:BCdQr2zSpx9GmvV1pr4mcw==,type:str] + endpoint-ip: ENC[AES256_GCM,data:JANhXcVVkg5JI+gIRMc=,iv:bm2fnKvKtk26vSBcneMZSwiOVK6PR1qrLCm2j7f7U6U=,tag:Wp5qDa47LsDsbg1C5e1PFQ==,type:str] + endpoint-ip-port: ENC[AES256_GCM,data:bzzuNuyLaHd9eBC8+ByeGXlw,iv:alWtCiUT6zYrYMGlWauTpOxNwJrktvJPX01+TE2O6OU=,tag:BmIO5uyTIkCa4eWyYg09vw==,type:str] +system: + users: + arrayofone: + password: ENC[AES256_GCM,data:WFzxTwg+Bb0Y7qIVz05p3nHnMvzv+N4Kmyz+UdOg8qcgX3qH0GDFaLo512G7LTphEirEinIkytipFDvGFUH2W3+DKBbCCMhWBQ==,iv:WtLeJgXBf/kEsgRd86KmRXCIhiL7wuQasjFwz6ryGck=,tag:7VEarYN1ZZ6PxT7XYJrD9Q==,type:str] +sops: + age: + - recipient: age126t4jjumls89dfl83cx3lvukhwad5nte38zeq5uue4m39ex9kfeqtw4r2v + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEM0NWVHFzamhxMHhLNEpy + WUZFNXJQUmZ6bHFadzNLM2RadW00NHBCVjBzClFoMHhLZGZYaThnM1QxWW9tamgz + blB5L2lTdTZzekIyMFZ3QzFNeGNLdnMKLS0tIGEzU0UzUlZ0VHA2a0cxeS8zVGxv + aTBqaTF5YjY1c2pURjh0dHNUK1ZHdm8K/1oi9JrS9o2jgIXAHjcnJyEyP4nN4uor + OrGS8F2gcnlsWvbUZbEpp+XjewzBZUc7CXs9SvqoPtJapQ8haCsstA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-11-01T22:37:21Z" + mac: ENC[AES256_GCM,data:QdqbU4VnmYdWw2dpVMpzFifXCY9oRXj1pBi448yTc2RvoeTjn7VCr36DNcdk1ddorVK4u4nhk1Y2d1uimkyW9Ex1md/upzTiQ9mlhUttSvlneqjStwTo43Z24uuEkgkgloVelTpbKij0WmbrnBssudy1DwmmtMQiXFTVSPFbpKU=,iv:55SLdhk6Oc1iVizVI1HNTdTYyMvF5f4kto6eJExJ0c4=,tag:31mpix1nO7tiWep71mCoYg==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/secrets/fellowship.yaml b/secrets/fellowship.yaml deleted file mode 100644 index 2b83bb2..0000000 --- a/secrets/fellowship.yaml +++ /dev/null @@ -1,50 +0,0 @@ -git: - name: ENC[AES256_GCM,data:APMghngrmBXM2w==,iv:curAnsT5w0s6e0SWzokik5IADpZpIsr5MbtT35ktvaw=,tag:HEjsN9QbObmEbX6vSq4v3w==,type:str] - email: ENC[AES256_GCM,data:N7xHGeRmHqLCHNu9K+Hg+y33wNWVIvVlzhXZG3Q7dmdDs6SbYWzHDhNYDrA=,iv:voMZtn3tJ9PaZUaSrm0eGMiI13rEhpY5BxLuyqBU5lo=,tag:xW/i37G9Gtr48o6ivVKNCA==,type:str] - gh: - ssh-private: ENC[AES256_GCM,data:rqb4jVFZhk2iSQLqmB3sE4rHd/yBrLLvtJfh3iEjg3LhueHNPw99zJVmZJfFJlSUQVdx+vcDXp5pxSs9VaAobADGMQ5FC40aC5b56NK+yq9i9656Y9QpgDFIZsqFLVBYZ4PllyG/xmmUkhJGwhha8MgGvX6IQVxFW9azyuO+Ehk+QPbIboTNl0QuoNrOWn0gfZoIDvdGRMCXK4LS7O1nlG8r2fwLTB9SdTYSKCdEbntSFiHX3Cah/neNgf9gPkCh34xZGzEKnOdXhgBgssPEbMpFIoVUIM8OiZW57plB2r6zAxPwPQQ8cfY8AYF9BDV5pzSFJrWfXgUxVYM1gtwONSZgMuaz5Bl2pJmedOnkfb6kFXYVSlCjh0tc8EbJp7LT8Xz/Qj275hmeNlZzBBUnj4GHn1x2Kx4lcvGdPVaCCIt+cRYUgrdCYZH72CfSUHCUKtX1S0d6lXJS6XQVvbAgF26EP2rLhE6rPC8lvh63WWH45L8jsApUhwzXiZjTg0F+XIhgqoYAKixYlp3XIfIf0rlruCz7pe8J083E,iv:N6gTUEEHaxKaOxJ525/lQCnNdcglUcfouwv7wOPQucw=,tag:ByM1I0o9ncdxpTgAorUO9Q==,type:str] - ssh-public: ENC[AES256_GCM,data:HbSsf82h96W+H3yOBSuPIDzkxmeYaiRwqr8bxgJInQ/R7i0CY9cjvU2fYAlTIm+ScqNJEQJwygZ5yglsG4MbnU61j+0i2wgKsX5sU1KUViZwEEmsVmG8Nb7dq12C1Z1tqw==,iv:mbb4vbkRzXnhGlUZTZ1rcGA0SDFXjgF11uylov9tl5k=,tag:tVFSZ2RmsmLZf/dVuC7boQ==,type:str] -vpn: - wg: - peers: - hub: - endpoint: ENC[AES256_GCM,data:O/LA8LJSZGBOfzx8maI=,iv:quNAnIwkBJHAUYhfmFUZ7+KJtpuKgXRUtC56GFGX7+g=,tag:YB7h2U7TXE+LDxMNE1cy1A==,type:str] - ip: ENC[AES256_GCM,data:+jEvH0prSTjTvkU=,iv:bxUR6v41q9YtNFFHeeKdN8H9RmiNin+ymj8VkbqgGwc=,tag:WVgfM0k/6BkKhxyB8b2c5g==,type:str] - client: - ip: ENC[AES256_GCM,data:y7iS9z2gKhzRXDdx,iv:tSfv0Iddqb2IEAwzDyDno9x9kwe5Hy4aO0tgMnB3PS8=,tag:UOcgSpDmyxpYHqoImi4uTA==,type:str] -ai: - anthropic: - api-key: ENC[AES256_GCM,data:gWLjy8/2m5rL95hSix4Xq9wbEV2JsZDdA5yC0qnaUbZW1k/L4bCyVFzHslX7WEQJ5+ytwGS30o03k2rrG9uGZQpL/b17LX0y63gBfTjZWzj5HjuR82PO7aG4Tc++xeLA0a2asiVDJ1zztrz6,iv:o1c4iwA5JRSrEoMr5f4YMZfc6+WDbWT1HevVSiPK+lc=,tag:XOvwNoTKYEmSFsK0h06i0w==,type:str] -sops: - age: - - recipient: age1fe2alznmwldqrnlx09n4e7hfc3kflm2h9lmgem54kcadze5kp53qjuyrqy - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5cktjR1ZoZDgrRXFuSUJY - SWpZcmRDOEEzT0hkbjRORy9RN0F3M2RVOFZvCktlMGd4aXZzYTZrckw2QzErZ2NS - MjhpSmk0NW1mUGhmc1JxeEZnSnd2dlkKLS0tIGtPTXhLc1lDREdLUlMyVHdrMnlE - NEVOWm4zY0dNbnVpc2lUdFNNU1BTODQKH+7OHcO8WGW/NQupA8wlCqeNEefBfaiJ - VWmJb9Rxzu/sRiUooAnLiF4fKe2aJQP50S9iOAcFnK+RpA/Hz9txBg== - -----END AGE ENCRYPTED FILE----- - - recipient: age19r87m08mt03zg8ustzlx733s4m4wph6vvkd0qxlequfje5k0mawsy68vp2 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqVlV6QytLK2d4c3hhWmFJ - RDAwV2ZEbTZUVVNTOEtjbVlzZDlUL2FuYkNVCmsvRnEwaWF4S2hDZk1TSjY1dU8v - MUxCRWplTTlxVVI0MzVhNjZsR1U2Nm8KLS0tIFBmUkh0eHpHRDRoeU1YTVFxb243 - Q25vOEVDbC9BZWVCdzZuV2wvNmJWc3MKzXIk/1BHQhH+DtzX4V6g3GIN0kPeXAkF - i/iRLEPr/MW/Lrd5tP3aXWsbE7MtGTSOAhEPYV+gI/ICFRQCIEfwcA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1smv5elusy6hpywadnyfvcf0gph8yqpjyeqcf7spvfgrghd3u55qq6lc9aw - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxYUtvVzFKdEQ5NzdMS2M2 - bStMcjBpdXJTQnZTSVZNSG54ZndYRy84WFhBCjM5VmZDTUo0WXlNZG9uOGcwa1Rn - UFN4aFR5SHhxbnEwUDNlSHNhTHplWXMKLS0tIHhtKzBpbmhZck13SDlzR05nUmpr - WHk2MTcwWE15aFZXWE02Y3hoMExGaXMKhvfd1JXx1II/0iJzwbSvqEuPOn7b/N4v - Dy9YQEU4oRbdztVyeg6pcXET37HH5P/XdhUNiBgheSuX8OeVLpCGKg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-27T20:09:16Z" - mac: ENC[AES256_GCM,data:J9T4ZzR9G+Ir4hNSMAmf4DV6JZOoGAIl+YlSIPA8DOf0EcjW1Sq+7ZexCHHQ92n8loBAq0S8N53X4FT3G4xhDasMT8xcgT7OmQMIPhD0SKQAJEjxXHqqurQlN4lqzN3rRuXBO3pdekXFv8oSY8st3oDzHQ69YcQw1T9PqzhBTQ8=,iv:PKhpIh0lPDNAa/LWD1Xe9dzUEXT0R6WcOaDh3AxfPBs=,tag:3xywd5IDDG33iXShrxhYAQ==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.2 diff --git a/secrets/mingabook.yaml b/secrets/mingabook.yaml new file mode 100644 index 0000000..5b10782 --- /dev/null +++ b/secrets/mingabook.yaml @@ -0,0 +1,26 @@ +vpn: + wg: + port: "" + privateKey: "" + endpoint: "" + endpoint-ip: "" + endpoint-ip-port: "" +system: + users: + arrayofone: + password: "" +sops: + age: + - recipient: age14ejy4tppggtacyzxfhtnagqhtr60zyf6l6euh5vxlf8uh9vcef3s2clada + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwRWxjLzRoV0tUZ21PZjZ1 + cHJMV0JIa3Zvemg5bDJDUW5EZE5kdlBRNGhRCi95WUErUGdlV0FXT0xsRHcwNWRC + ZEJVZ3NLaEUxOGoyMUM1WmdoRnlXSmcKLS0tIGVrVjI1OXdDSUt3dk1MZ1k3SGJL + eXhTSGNZOUI0KzI3dGN5V1FEV0ZKS0kKKp5Vjz8VK2epNldQyuWLzmNxk+PlZA2P + eIwaoXTb3oyxrFZqj0sTvHvNYFMhDu5I4fdXYuFpYrV0dZmBRZT0gg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-01-13T16:16:20Z" + mac: ENC[AES256_GCM,data:hxpk0a5ef1o86361DO4ANOAx6xIcMm0S8aj7XEFvjlYXRACgPBxjsd302VPuorcM0tbjgNXMJQHO7uv5OUfcHjfg8FUNnQdH+JwGq/CemERb9m4DlSonkf1wE+lPUrSiJBJLRy9eTQa+GoG/57FklAZjJRoqzz7AQXn4h4MrY0k=,iv:GpAE083f/POWue0tQL1mBXgzTRRDySucLyS7IyEiNTo=,tag:JL2gB6QOopXzX1CL3lWz3A==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/shells/digits/default.nix b/shells/digits/default.nix deleted file mode 100644 index afcb669..0000000 --- a/shells/digits/default.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ pkgs, ... }: - -pkgs.mkShell { - name = "nix-digits"; - - packages = with pkgs; [ - # go - delve - go_1_23 - go-ethereum - gopls - gotools - go-tools - golangci-lint - - # java - # jdk21_headless - - # js - deno - nodejs - typescript - yarn - - # tools - bash - docker - docker-compose - gcc - gh - git - gnupg - gnumake - htop - jq - k9s - kubectl - kubectx - kubernetes-helm - lazydocker - lazysql - lf - minikube - neofetch - neovim - openssl - podman - podman-compose - podman-tui - postgresql - protobuf - ripgrep - vim-full - ]; -} diff --git a/systems/aarch64-darwin/dbook/default.nix b/systems/aarch64-darwin/dbook/default.nix new file mode 100644 index 0000000..ea280b7 --- /dev/null +++ b/systems/aarch64-darwin/dbook/default.nix @@ -0,0 +1,38 @@ +{ namespace, ... }: +{ + imports = [ + ./networking.nix + ./users.nix + ]; + + ${namespace} = { + system.name = "dbook"; + }; + + system = { + activationScripts.extraActivation.text = '' + test -d /usr/libexec/rosetta || softwareupdate --install-rosetta --agree-to-license + ''; + + primaryUser = "db"; + stateVersion = 6; + }; + + nix = { + settings.experimental-features = "nix-command flakes"; + gc = { + automatic = true; + interval = { + Weekday = 0; + Hour = 0; + Minute = 0; + }; + options = "--delete-older-than 30d"; + }; + extraOptions = '' + extra-platforms = x86_64-darwin aarch64-darwin + ''; + }; + + security.pam.services.sudo_local.touchIdAuth = true; +} diff --git a/systems/aarch64-darwin/dbook/networking.nix b/systems/aarch64-darwin/dbook/networking.nix new file mode 100644 index 0000000..66a1ec3 --- /dev/null +++ b/systems/aarch64-darwin/dbook/networking.nix @@ -0,0 +1,20 @@ +{ ... }: +{ + networking = { + computerName = "dbook"; + dns = [ + "1.1.1.1" + ]; + hostName = "dbook"; + localHostName = "dbook"; + knownNetworkServices = [ + "Thunderbolt Bridge" + "Wi-Fi" + ]; + wg-quick = { + interfaces = { + + }; + }; + }; +} diff --git a/systems/aarch64-darwin/dbook/users.nix b/systems/aarch64-darwin/dbook/users.nix new file mode 100644 index 0000000..f193b69 --- /dev/null +++ b/systems/aarch64-darwin/dbook/users.nix @@ -0,0 +1,66 @@ +{ ... }: +{ + snowfallorg.users = { + db = { + create = true; + + home = { + enable = true; + config = { }; + }; + }; + }; + + users = { + knownGroups = [ + "db" + ]; + knownUsers = [ + "db" + ]; + + groups = { + # personal = { + # description = ""; + # gid = 2337; + # members = [ "personal" ]; + # name = "personal"; + # }; + # work = { + # description = ""; + # gid = 2338; + # members = [ "work" ]; + # name = "work"; + # }; + }; + + users = { + db = { + createHome = true; + description = "db"; + home = "/Users/db"; + isHidden = false; + name = "db"; + openssh.authorizedKeys.keyFiles = [ ]; + openssh.authorizedKeys.keys = [ ]; + # shell = pkgs.zsh; + uid = 501; + }; + + # work = { + # packages = [ ]; + # createHome = true; + # description = "work"; + # gid = 2338; + # home = "/Users/work"; + # ignoreShellProgramCheck = false; + # isHidden = false; + # name = "work"; + # openssh.authorizedKeys.keyFiles = [ ]; + # openssh.authorizedKeys.keys = [ ]; + # shell = pkgs.zsh; + # uid = 1338; + # }; + }; + }; +} diff --git a/systems/aarch64-darwin/digibook/default.nix b/systems/aarch64-darwin/digibook/default.nix index 640db7e..4f7642e 100644 --- a/systems/aarch64-darwin/digibook/default.nix +++ b/systems/aarch64-darwin/digibook/default.nix @@ -1,4 +1,4 @@ -{ ... }: +{ config, namespace, ... }: { imports = [ ./homebrew.nix @@ -16,10 +16,26 @@ stateVersion = 6; }; + ${namespace} = { + system.name = "digibook"; + networking.wireguard.server = { + enable = true; + interface = "wg0"; + ips = [ "10.20.255.252/32" ]; + privateKeyFile = config.sops.secrets."vpn/wg/privateKey".path; + peers = [ + { + publicKey = "4N2292pRHaViKm4TCSuDHa8x48ARn8tNZv1dSHWRuhA="; + endpoint = "wg.arrayof.one:443"; + } + ]; + }; + }; + homebrew = { taps = [ ]; brews = [ - "bun@1.2.7" + "bun@1.2.19" "gettext" "ghostscript" "git-lfs" diff --git a/systems/aarch64-darwin/mingabook/default.nix b/systems/aarch64-darwin/mingabook/default.nix new file mode 100644 index 0000000..80fa5b3 --- /dev/null +++ b/systems/aarch64-darwin/mingabook/default.nix @@ -0,0 +1,84 @@ +{ lib, pkgs, ... }: +{ + imports = [ + ./homebrew.nix + ./networking.nix + ./programs.nix + ./users.nix + ]; + + system = { + activationScripts.extraActivation.text = '' + test -d /usr/libexec/rosetta || softwareupdate --install-rosetta --agree-to-license + ''; + + primaryUser = "darrenbangsund"; + stateVersion = 6; + }; + + home-manager.backupFileExtension = "hm-backup"; + + environment.systemPackages = with pkgs; [ + mkcert + nodejs_20 + pnpm + python310 + raycast + ]; + + # TODO: THIS + services.aerospace = { + enable = false; + }; + + homebrew = { + taps = [ ]; + brews = [ + "git-lfs" + # "nvm" + "tmux" + ]; + casks = [ + "arc" + "chromium" + "dbeaver-community" + "discord" + "firefox" + "ghostty" + "google-chrome" + "istat-menus" + "linear-linear" + "messenger" + "obsidian" + "orbstack" + "postman" + "proton-mail" + "proton-pass" + "slack" + "spotify" + "whatsapp" + "zen" + ]; + masApps = { + "amphetamine" = 937984704; + }; + }; + + nix = { + settings.experimental-features = "nix-command flakes"; + gc = { + automatic = true; + interval = { + Weekday = 0; + Hour = 0; + Minute = 0; + }; + options = "--delete-older-than 30d"; + }; + extraOptions = '' + extra-platforms = x86_64-darwin aarch64-darwin + ''; + }; + + security.pam.services.sudo_local.touchIdAuth = true; +} diff --git a/systems/aarch64-darwin/mingabook/homebrew.nix b/systems/aarch64-darwin/mingabook/homebrew.nix new file mode 100644 index 0000000..a7edca6 --- /dev/null +++ b/systems/aarch64-darwin/mingabook/homebrew.nix @@ -0,0 +1,15 @@ +{ config, ... }: +{ + homebrew = { + enable = true; + global = { + autoUpdate = true; + }; + onActivation = { + cleanup = "zap"; + extraFlags = [ ]; + upgrade = true; + }; + taps = builtins.attrNames config.nix-homebrew.taps; + }; +} diff --git a/systems/aarch64-darwin/mingabook/networking.nix b/systems/aarch64-darwin/mingabook/networking.nix new file mode 100644 index 0000000..9beb43c --- /dev/null +++ b/systems/aarch64-darwin/mingabook/networking.nix @@ -0,0 +1,18 @@ +{ ... }: +{ + networking = { + computerName = "mingabook"; + dns = [ + "1.1.1.1" + ]; + hostName = "mingabook"; + localHostName = "mingabook"; + knownNetworkServices = [ + "Thunderbolt Bridge" + "Wi-Fi" + ]; + wg-quick = { + interfaces = { }; + }; + }; +} diff --git a/systems/aarch64-darwin/mingabook/programs.nix b/systems/aarch64-darwin/mingabook/programs.nix new file mode 100644 index 0000000..e277c5e --- /dev/null +++ b/systems/aarch64-darwin/mingabook/programs.nix @@ -0,0 +1,98 @@ +{ pkgs, ... }: +{ + programs = { + _1password = { + enable = false; + package = pkgs._1password-cli; + }; + + _1password-gui = { + enable = false; + package = pkgs._1password-gui; + }; + + arqbackup = { + enable = false; + # package + }; + + bash = { + enable = false; + completion = { + enable = true; + package = pkgs.bash-completion; + }; + interactiveShellInit = ""; + }; + + direnv = { + enable = true; + package = pkgs.direnv; + direnvrcExtra = ""; + # finalPackage + loadInNixShell = true; + nix-direnv = { + enable = true; + package = pkgs.nix-direnv; + }; + settings = { }; + silent = false; + }; + + fish = { + enable = false; + package = pkgs.fish; + # babelfishPackage + interactiveShellInit = ""; + loginShellInit = ""; + promptInit = ""; + shellAliases = { }; + shellInit = ""; + useBabelfish = false; + vendor = { + completions.enable = false; + config.enable = false; + functions.enable = false; + }; + }; + + gnupg.agent = { + enable = true; + enableSSHSupport = false; + }; + + info.enable = true; + + man.enable = true; + + nix-index = { + enable = true; + package = pkgs.nix-index; + }; + + ssh = { + extraConfig = ""; + knownHosts = { }; + }; + + tmux = { + enable = true; + enableFzf = true; + enableMouse = true; + enableSensible = true; + enableVim = false; + extraConfig = ""; + iTerm2 = false; + tmuxOptions = { }; + }; + + vim = { + enable = true; + enableSensible = true; + extraKnownPlugins = { }; + plugins = [ ]; + vimConfig = ""; + vimOptions = { }; + }; + }; +} diff --git a/systems/aarch64-darwin/mingabook/users.nix b/systems/aarch64-darwin/mingabook/users.nix new file mode 100644 index 0000000..c668ac5 --- /dev/null +++ b/systems/aarch64-darwin/mingabook/users.nix @@ -0,0 +1,55 @@ +{ ... }: +{ + snowfallorg.users = { + darrenbangsund = { + create = false; + + home = { + enable = true; + config = { }; + }; + }; + db = { + create = false; + + home = { + enable = false; + config = { }; + }; + }; + }; + + users = { + knownGroups = [ ]; + knownUsers = [ + "darrenbangsund" + ]; + + users = { + darrenbangsund = { + createHome = false; + description = "darrenbangsund"; + home = "/Users/darrenbangsund"; + isHidden = false; + name = "darrenbangsund"; + openssh.authorizedKeys.keyFiles = [ ]; + openssh.authorizedKeys.keys = [ ]; + # shell = pkgs.zsh; + uid = 502; + gid = 20; + }; + # db = { + # createHome = false; + # description = "db"; + # home = "/Users/db"; + # isHidden = false; + # name = "db"; + # openssh.authorizedKeys.keyFiles = [ ]; + # openssh.authorizedKeys.keys = [ ]; + # # shell = pkgs.zsh; + # uid = 502; + # gid = 20; + # }; + }; + }; +} diff --git a/systems/x86_64-linux/baradur/aws-client-vpn.nix b/systems/x86_64-linux/baradur/aws-client-vpn.nix index 444cb4f..af0c66d 100644 --- a/systems/x86_64-linux/baradur/aws-client-vpn.nix +++ b/systems/x86_64-linux/baradur/aws-client-vpn.nix @@ -6,7 +6,7 @@ , dpkg , curl , lttng-ust -, wrapGAppsHook +, wrapGAppsHook3 , libredirect }: @@ -21,7 +21,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ autoPatchelfHook - wrapGAppsHook + wrapGAppsHook3 ]; buildInputs = [ @@ -69,4 +69,4 @@ stdenv.mkDerivation rec { platforms = platforms.linux; maintainers = with maintainers; [ mcwitt ]; }; -} \ No newline at end of file +} diff --git a/systems/x86_64-linux/baradur/default.nix b/systems/x86_64-linux/baradur/default.nix index e2463d1..349eb37 100644 --- a/systems/x86_64-linux/baradur/default.nix +++ b/systems/x86_64-linux/baradur/default.nix @@ -1,16 +1,48 @@ -{ pkgs, ... }: +{ + config, + namespace, + pkgs, + ... +}: { imports = [ ./hardware-configuration.nix - # pkgs.fetchTarball awsVpnClient ]; + nix = { + settings = { + auto-optimise-store = true; + experimental-features = "nix-command flakes"; + trusted-users = [ "@wheel" ]; + }; + + gc = { + automatic = true; + dates = [ "05:00" ]; + }; + }; + + home-manager.backupFileExtension = "hm-backup"; + networking.hostName = "baradur"; boot = { + kernelPackages = pkgs.linuxPackages_latest; + loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; + systemd-boot.enable = false; + + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot"; + }; + + grub = { + enable = true; + device = "nodev"; + useOSProber = true; + efiSupport = true; + }; }; }; @@ -30,7 +62,7 @@ users.arrayofone = { isNormalUser = true; group = "arrayofone"; - initialPassword = "letmein"; + hashedPasswordFile = config.sops.secrets."system/users/arrayofone/password".path; description = "primordial devboi"; shell = pkgs.zsh; extraGroups = [ @@ -61,23 +93,32 @@ programs.ethereum.geth.sepolia = { enable = false; }; - networking = { - # headscale.enable = false; - # tailscale.enable = false; - wireguard.server = { - enable = false; - externalInterface = "enp42s0"; - }; + + networking.wireguard.server = { + dns = [ "1.1.1.1" ]; + enable = true; + interface = "wg0"; + ips = [ + "10.200.255.254/32" + "fd3c:fd4c:b4e7:74d1:ffff:ffff:ffff:fffe/128" + ]; + peers = [ + { + publicKey = "4N2292pRHaViKm4TCSuDHa8x48ARn8tNZv1dSHWRuhA="; + endpoint = "wg.arrayof.one:443"; + allowedIPs = [ + "0.0.0.0/0" + "::/0" + ]; + } + ]; + privateKeyFile = config.sops.secrets."vpn/wg/privateKey".path; }; }; environment = { systemPackages = with pkgs; [ - alacritty dconf - foot - ghostty - kitty libqalculate mdadm pciutils @@ -85,11 +126,10 @@ qalculate-gtk shotman usbutils - nixfmt libsecret gimp - zip - unzip + cherry-studio + nvitop ]; sessionVariables = { @@ -99,14 +139,6 @@ hardware = { }; - nix = { - settings.experimental-features = "nix-command flakes"; - gc = { - automatic = true; - dates = "03:15"; - }; - }; - services = { pulseaudio = { enable = false; @@ -141,14 +173,40 @@ }; ollama = { - enable = true; - acceleration = "cuda"; + enable = false; + loadModels = [ - "deepseek-r1" - "incept5/llama3.1-claude" + # general models + "deepseek-r1:14b" + "gemma3:12b" + "gpt-oss:20b" + "phi3:14b" ]; + # environmentVariables = ; + # group = ; + # home = ; + # host = ; + # models = ; + # openFirewall = ; + package = pkgs.ollama-cuda; + # port = ; + # rocmOverrideGfx = ; + # user = ; }; - open-webui.enable = false; + + open-webui = { + enable = false; + environment = { + "WEBUI_AUTH" = "False"; + }; + # environmentFile = ; + host = "0.0.0.0"; + # openFirewall = ; + # package = ; + port = 1111; + # stateDir = ; + }; + vsftpd = { # allowWriteableChroot # anonymousMkdirEnable @@ -230,11 +288,15 @@ networking.firewall = { enable = true; allowedTCPPorts = [ + 54323 + 11434 8082 5432 5433 5434 3000 + 1111 + 443 21 20 ]; @@ -245,6 +307,7 @@ # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. + # system.stateVersion = "24.05"; # Did you read the comment? diff --git a/systems/x86_64-linux/baradur/hardware-configuration.nix b/systems/x86_64-linux/baradur/hardware-configuration.nix index ad0e54a..66a174a 100644 --- a/systems/x86_64-linux/baradur/hardware-configuration.nix +++ b/systems/x86_64-linux/baradur/hardware-configuration.nix @@ -1,36 +1,50 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, modulesPath, ... }: - { - imports = - [(modulesPath + "/installer/scan/not-detected.nix")]; + config, + lib, + modulesPath, + ... +}: - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot.initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/5d0c20ce-5ad1-4517-89be-4e307b36aa72"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/3A72-06DC"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/5d0c20ce-5ad1-4517-89be-4e307b36aa72"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/3A72-06DC"; + fsType = "vfat"; + options = [ + "fmask=0077" + "dmask=0077" + ]; + }; - fileSystems."/mnt/node" = - { device = "/dev/md0"; - fsType = "ext4"; - }; + fileSystems."/mnt/node" = { + device = "/dev/md0"; + fsType = "ext4"; + }; - swapDevices = - [ { device = "/dev/disk/by-uuid/e3ab7a32-acc9-42c0-ae69-c65ae9775a76"; } - ]; + swapDevices = [ + { device = "/dev/disk/by-uuid/e3ab7a32-acc9-42c0-ae69-c65ae9775a76"; } + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/users/default.nix b/users/default.nix deleted file mode 100644 index a8adf05..0000000 --- a/users/default.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ lib, config, pkgs, ... }: -let - cfg = config.main-user; -in -{ - options.main-user = { - enable = lib.mkEnableOption "enable main user"; - - userName = lib.mkOption { - default = "arrayofone"; - description = '' - username - ''; - }; - - description = lib.mkOption { - default = "main-user"; - description = '' - description - ''; - }; - - auto-login = lib.mkOption { - default = false; - description = '' - enable auto-login - ''; - }; - }; - - config = lib.mkIf cfg.enable { - users = { - groups.${cfg.userName} = {}; - - users.${cfg.userName} = { - isNormalUser = true; - group = "${cfg.userName}"; - initialPassword = "letmein"; - description = "${cfg.description}"; - shell = pkgs.zsh; - extraGroups = [ - "networkmanager" - "docker" - "podman" - "wheel" - "libvirtd" - ]; - }; - }; - - services.displayManager.autoLogin = lib.mkIf cfg.auto-login { - enable = true; - user = "arrayofone"; - }; - }; -}