diff options
| -rw-r--r-- | .sops.yaml | 6 | ||||
| -rw-r--r-- | flake.lock | 42 | ||||
| -rw-r--r-- | home/don/common/core/bash.nix | 8 | ||||
| -rw-r--r-- | home/don/common/core/default.nix | 4 | ||||
| -rw-r--r-- | home/don/common/core/zsh/default.nix | 55 | ||||
| -rw-r--r-- | home/don/common/core/zsh/zshrc | 125 | ||||
| -rw-r--r-- | home/nipsy/fangorn.nix | 3 | ||||
| -rw-r--r-- | home/nipsy/secrets/arrakis.yaml | 13 | ||||
| -rw-r--r-- | home/root/fangorn.nix | 4 | ||||
| -rw-r--r-- | hosts/arrakis/default.nix | 8 | ||||
| -rw-r--r-- | hosts/common/optional/games.nix | 11 | ||||
| -rw-r--r-- | hosts/common/optional/pipewire.nix | 2 | ||||
| -rw-r--r-- | hosts/common/optional/services/nsd/bitgnome.net.zone | 8 | ||||
| -rw-r--r-- | hosts/common/optional/services/xorg.nix | 21 | ||||
| -rw-r--r-- | hosts/common/optional/sound.nix | 8 | ||||
| -rw-r--r-- | hosts/common/users/don/default.nix | 2 | ||||
| -rw-r--r-- | hosts/darkstar/default.nix | 7 | ||||
| -rw-r--r-- | hosts/fangorn/default.nix | 67 | ||||
| -rw-r--r-- | hosts/richese/default.nix | 2 | ||||
| -rw-r--r-- | hosts/secrets/arrakis.yaml | 12 | ||||
| -rw-r--r-- | hosts/secrets/fangorn.yaml | 25 |
21 files changed, 134 insertions, 299 deletions
@@ -16,6 +16,7 @@ keys: - &arrakis age1mkqxkwse7hrnxtcgqe0wdzhhrxk55syx2wpcngemecz0d7hugsnqupw3de - &darkstar age1z6g6etwcer433v97lwjrruetdh9fswkgjh9w702wzdc2ydvy5q8ssrfy9r + - &fangorn age15yqlem4d5h4mz808j72ccd8mrdu4p8hyal2k988jdcmtqrns23xq80896d - &ginaz age1900zc5caephklavvjxp0g4qqvyqlzg3sux69y9p092g3d3qck3kqz62reh - &kaitain age1fptscuj4qa39238xfvc7envgxr4cf29z3zaejp2v3q703tq45dasf8vadl - &nipsy age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va @@ -40,6 +41,11 @@ creation_rules: - age: - *darkstar - *nipsy + - path_regex: ^hosts/secrets/fangorn.yaml$ + key_groups: + - age: + - *fangorn + - *nipsy - path_regex: ^hosts/secrets/ginaz.yaml$ key_groups: - age: @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1741786315, - "narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=", + "lastModified": 1744145203, + "narHash": "sha256-I2oILRiJ6G+BOSjY+0dGrTPe080L3pbKpc+gCV3Nmyk=", "owner": "nix-community", "repo": "disko", - "rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de", + "rev": "76c0a6dba345490508f36c1aa3c7ba5b6b460989", "type": "github" }, "original": { @@ -27,11 +27,11 @@ ] }, "locked": { - "lastModified": 1742996658, - "narHash": "sha256-snxgTLVq6ooaD3W3mPHu7LVWpoZKczhxHAUZy2ea4oA=", + "lastModified": 1744902080, + "narHash": "sha256-px7OEMQYhS9StY3sTYYeM/jJspk6SXgoPU7OmOSx+1c=", "owner": "nix-community", "repo": "home-manager", - "rev": "693840c01b9bef9e54100239cef937e53d4661bf", + "rev": "2c71aae678c03a39c2542e136b87bd040ae1b3cb", "type": "github" }, "original": { @@ -63,11 +63,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1742806253, - "narHash": "sha256-zvQ4GsCJT6MTOzPKLmlFyM+lxo0JGQ0cSFaZSACmWfY=", + "lastModified": 1744633460, + "narHash": "sha256-fbWE4Xpw6eH0Q6in+ymNuDwTkqmFmtxcQEmtRuKDTTk=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "ecaa2d911e77c265c2a5bac8b583c40b0f151726", + "rev": "9a049b4a421076d27fee3eec664a18b2066824cb", "type": "github" }, "original": { @@ -78,11 +78,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1742889210, - "narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=", + "lastModified": 1744463964, + "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "698214a32beb4f4c8e3942372c694f40848b360d", + "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", "type": "github" }, "original": { @@ -94,11 +94,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1743060463, - "narHash": "sha256-lZXKW0PwETedRErsQtGpM+OrpvD/ZobrpS92IzTXrhQ=", + "lastModified": 1744904800, + "narHash": "sha256-T20dnJkld180UWY5aSmI7xdMN63q3fakgIDmzOAYpxg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b6d12f5938461576dcd8d0e4dfaceb89df41f86f", + "rev": "7b0b65927056ae54014b50822b9fe885960044df", "type": "github" }, "original": { @@ -131,11 +131,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1741330828, - "narHash": "sha256-Vj5UBTlVRWGX3T0EAI6pVWTMmi8SpAeMuRMMVz/Hgz0=", + "lastModified": 1743670877, + "narHash": "sha256-OHuOhVCfx10VpWwl9T5Q+QB3To0N95flBR1rSwOiUHA=", "owner": "icewind1991", "repo": "nvidia-patch-nixos", - "rev": "0cc22a482f2aa4c13daeac0935a787d868122ff0", + "rev": "e80a4919e88a8cb496f649234fb3fc7e992ece10", "type": "github" }, "original": { @@ -164,11 +164,11 @@ ] }, "locked": { - "lastModified": 1742700801, - "narHash": "sha256-ZGlpUDsuBdeZeTNgoMv+aw0ByXT2J3wkYw9kJwkAS4M=", + "lastModified": 1744669848, + "narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "67566fe68a8bed2a7b1175fdfb0697ed22ae8852", + "rev": "61154300d945f0b147b30d24ddcafa159148026a", "type": "github" }, "original": { diff --git a/home/don/common/core/bash.nix b/home/don/common/core/bash.nix index 77f0cf4..7bfb808 100644 --- a/home/don/common/core/bash.nix +++ b/home/don/common/core/bash.nix @@ -3,8 +3,14 @@ enable = true; enableCompletion = true; shellAliases = { - ll = "ls -alF --color=auto"; + grep = "grep --color=auto"; + ip = "ip -c=auto"; la = "ls -aF --color=auto"; + ll = "ls -alF --color=auto"; + lock = "xscreensaver-command -lock"; + nix-list-derivations = "nix-store --query --requisites /run/current-system | cut -d- -f2- | sort | uniq"; + nix-list-generations = "nixos-rebuild list-generations"; + zgrep = "zgrep --color=auto"; }; }; } diff --git a/home/don/common/core/default.nix b/home/don/common/core/default.nix index 5983f42..8250d0c 100644 --- a/home/don/common/core/default.nix +++ b/home/don/common/core/default.nix @@ -2,11 +2,7 @@ { imports = [ ./bash.nix - #./git.nix - #./ssh.nix - #./tmux ./vim - ./zsh ]; home = { diff --git a/home/don/common/core/zsh/default.nix b/home/don/common/core/zsh/default.nix deleted file mode 100644 index c78884f..0000000 --- a/home/don/common/core/zsh/default.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ lib, ... }: -{ - programs.zsh = { - enable = true; - - history = { - save = 100000; - size = 100000; - }; - - initExtra = (builtins.readFile ./zshrc); - - sessionVariables = let makePluginPath = format: - (lib.strings.makeSearchPath format [ - "$HOME/.nix-profile/lib" - "/run/current-system/sw/lib" - "/etc/profiles/per-user/$USER/lib" - ]) + ":$HOME/.${format}"; - in { - _JAVA_AWT_WM_NONREPARENTING = 1; # fix stupid broken Java shit - BROWSER = "firefox"; - CLAP_PATH = makePluginPath "clap"; - COLORFGBG = ";0"; - #COLORFGBG = "green;blue"; - #COLORTERM = "truecolor"; - DSSI_PATH = makePluginPath "dssi"; - EDITOR = "vim"; - LADSPA_PATH = makePluginPath "ladspa"; - LC_COLLATE = "C"; - LV2_PATH = makePluginPath "lv2"; - LXVST_PATH = makePluginPath "lxvst"; - #NNTPSERVER = "news.giganews.com"; - PAGER = "less"; - #PASSWORD_STORE_ENABLE_EXTENSIONS = "true"; - PATH = "$HOME/bin:$PATH"; - #PS1 = "%B%n%b@%U%m%u/%l:%~> "; - QUOTING_STYLE = "literal"; - VST_PATH = makePluginPath "vst"; - VST3_PATH = makePluginPath "vst3"; - }; - - shellAliases = { - #fixkeyboard = "setxkbmap -layout us -option caps:super -option compose:ralt"; - grep = "grep --color=auto"; - ip = "ip -c=auto"; - la = "ls -aF --color=auto"; - ll = "ls -alFhs --color=auto"; - lock = "xscreensaver-command -lock"; - nix-list-derivations = "nix-store --query --requisites /run/current-system | cut -d- -f2- | sort | uniq"; - nix-list-generations = "nixos-rebuild list-generations"; - steam-no-beta = "steam -clearbeta"; - zgrep = "zgrep --color=auto"; - }; - }; -} diff --git a/home/don/common/core/zsh/zshrc b/home/don/common/core/zsh/zshrc deleted file mode 100644 index f724569..0000000 --- a/home/don/common/core/zsh/zshrc +++ /dev/null @@ -1,125 +0,0 @@ -umask 022 - -eval $(dircolors) - -# set SWAYSOCK correctly -#if pgrep -U don -x sway >/dev/null; then -# export SWAYSOCK=/run/user/$(id -u)/sway-ipc.$(id -u).$(pgrep -x sway).sock -#fi - -# start sway by default if logging into tty1 -#if [[ -z "${DISPLAY}" ]] && [[ $(tty) == "/dev/tty1" ]]; then -# -# export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) -# -# # set some Wayland specific variables -# export MOZ_ENABLE_WAYLAND=1 -# export GDK_BACKEND=wayland -# export QT_QPA_PLATFORM=wayland -# export SDL_VIDEODRIVER=wayland -# export XDG_SESSION_TYPE=wayland -# -# exec sway > ~/.sway.log -# -#fi - -# if already in Wayland, update the GPG TTY so ssh-askpass will work correctly -#if [[ -n "${WAYLAND_DISPLAY}" ]]; then -# gpg-connect-agent updatestartuptty /bye >/dev/null -#fi - -# completion options -setopt LIST_PACKED MENU_COMPLETE -# expansion and globbing options -setopt NO_NOMATCH -# history options -setopt SHARE_HISTORY EXTENDED_HISTORY HIST_FCNTL_LOCK HIST_IGNORE_ALL_DUPS HIST_REDUCE_BLANKS HIST_SAVE_NO_DUPS -# input/output options -setopt PRINT_EXIT_VALUE RM_STAR_SILENT -# job control options -setopt LONG_LIST_JOBS NO_HUP -# zle options -setopt NO_BEEP - -# menu completion -zstyle ':completion:*' menu select=5 - -# vi keybindings and settings -bindkey -v -export KEYTIMEOUT=1 -autoload -U edit-command-line -zle -N edit-command-line -bindkey -M vicmd v edit-command-line - -# always open tmux if interactive -[[ $- != *i* ]] && return -#[[ -z "$TMUX" ]] && (tmux -2 new-session -t default \; new-window || tmux -2 new-session -s default) -[[ -z "$TMUX" ]] && (tmux -2 attach -t default || tmux -2 new-session -s default) - -# useful helper functions -function nix-file-list { find $(nix build ${1} --print-out-paths --no-link) } - -function ntrace { - - if [[ -z ${argv} ]]; then - echo 'you must specify a command to strace!' >&2 - return 1 - fi - - eval strace -f -e trace=network -s 10000 ${=argv[@]} - -} - -# prompt/theme shit -function precmd { - - local RC=${?} - #local RC=${(%)RC-%?} - - print -nP '\n' - - # current user - if [[ ${EUID} -eq 0 ]]; then - print -nP '%{%S%F{red}%}%n%{%f%s%}' - else - print -nP '%{%F{magenta}%}%n%{%f%}' - fi - - print -nP '@' - - # current host - if [[ -n "$SSH_CLIENT" || -n "$SSH2_CLIENT" ]]; then - print -nP '%{%F{yellow}%}%m%{%f%}' - else - print -nP '%{%F{green}%}%m%{%f%}' - fi - - # connected terminal - print -nP '/%{%U%}%l%{%u%} ' - - # cwd - print -nP '%{%F{cyan}%}%~%{%f%} ' - - # job count - JOBCOUNT='%j' - if [[ ${(%)JOBCOUNT} -gt 0 ]]; then - print -nP 'j=%{%F{yellow}%}%j%{%f%} ' - fi - - # previous return code - if [[ ${RC} -ne 0 ]]; then - print -nP 'rc=%{%F{red}%}' - echo -n "${RC}" - print -nP '%{%f%} ' - else - print -nP 'rc=%{%F{green}%}' - echo -n "${RC}" - print -nP '%{%f%} ' - fi - - # time stamp - print -P '%{%F{cyan}%}%D{%FT%T%z}%{%f%}' - -} - -PS1='%# ' diff --git a/home/nipsy/fangorn.nix b/home/nipsy/fangorn.nix index 83c92cd..cee431b 100644 --- a/home/nipsy/fangorn.nix +++ b/home/nipsy/fangorn.nix @@ -2,5 +2,8 @@ { imports = [ common/core + common/optional/desktops + common/optional/desktops/services/blueman-applet.nix + common/optional/desktops/services/xscreensaver.nix ]; } diff --git a/home/nipsy/secrets/arrakis.yaml b/home/nipsy/secrets/arrakis.yaml index 6b8813f..49dc27c 100644 --- a/home/nipsy/secrets/arrakis.yaml +++ b/home/nipsy/secrets/arrakis.yaml @@ -1,10 +1,6 @@ reaper_license: ENC[AES256_GCM,data:v+3MRFYfshEg+v/wrf5kYY3zIJsQhl0RUXaOw/VmbIqjswH0aTy28UsU8rt4+btvywpb4TT9ta9NkBrnsHBgE5jTnIrnUyt6NJHOSnA/I9TUzvumg6ijKzuu86w3uahCwlPE/ZBrR+BKRM0pK5d7En9HHuNTNUwVrmAkMOk0YeuaArWu+e50CWl+Yx84HiNCP7BgsUbc8Wa9PZMinvXpzwd69WKDmsVdVLGnHPxTJHFTH8/8XAV0DrHbW4nV/xUiFALTURWqbyZlQpcfMjSHDT7YNq/c6JZzU4YYFZOrYrkiUPAn5Zjz/r/XcdteIpai2wZrgRir7/1Vxhul2wK2Ku0Z/66JeNxj2Tk4/CPcWQIbwZF4k13Z5x4wm8duOWrDgnjSRRwM10TSeERP4KiFsIL9xFR5MATYsUD1gTKtCDRN8SsO+/NGXlUn4nkN4tNxedxeRfGNmxwijmkJ6RTFwdcKwUh8KHMh/TEpGG05/hGZ6Z+Q7/5QsT+wrCb1kMwFZuEjLMCNyT+wBy6G2Ns5pSyiNwFRXzqYjYMqlPGliZOaaVZ6HWkthd9G7CiqYbP5YZfI6VspbVoqc2FDvTvf65YBrh8VFHWelwbrbnWX8/glB8UWNp0pwoTxM/sjfQLwXNMmb/EGU4X1SYbQcPe4gNLuspDjaqwA/g==,iv:tq8oSvqZTmy2pZK3LhxqBM1OZG3x+LS4ov0+lE5I0B0=,tag:J/WTEMSjl+EYZn7HbifGMQ==,type:str] -ssh_config: ENC[AES256_GCM,data:lHK4qHMOToG4LzWwAeJ7nSwHXtYSlaCvUqsch7+Vvzn7kpuE8hFphw1OVbbUOFl7vpRxaJ06ghjE3qSNN45J028KytI5nVVGd+k8qjvhrsp2Y+j0XwtpGA0C+dXUpIdRQcdFx8jZRBqej6ipnUl1e25Tt5XZs+aZfdblql3rw2tyYASNyYszjvJR/5LmLSIaJo79tao+gg8yOR5T1uLeS4fcC5d8V9hXSE+RxaBZXyAjBshowADMCbUl2R1FFzRVg+6kp/GpwsQSNZrDasH2aWziwZmA7h9rc2Kc2zMcZeiQ/KUEhq8xj5fwsSqp1URsZXvv3kEdTKceGI6eszHNsqbLipkTXmK1LnyfZrymJ1oToL3REDPd8La7wRyrSyX7Eq32w2GgB2eGbQIdEAE37XkK7wwINO6BzB5mdyo0PDghvakTvPhxnp5d6raogb99H+aZwDD4Rb6kmTpuZZdedtuAOqXWREq7+BQsC501inIkcDcJ5wrOj+6HNttsA5BGc16vrSRw+NX++E63OP5Mjbh6LZeWPRutIubIf38nis8pcBtvzhOrt/fWn4QqWMOJ0LdEXpEU7GzETq4klwg+ohdDCLGZqa1WNTmvNQUslxZFZb7J+2Od/MxVhQg7VUxlJZrvsht6oKzBkDQXHJdBtMDsxpkqUhO65GX8bSdiJp62j2aiinQ7P250S3dGwTYHzDC8Q6KpfzHGY+YUa81soggjDLAuViCFYqnvXK9egKl8G/6WiDDo6O3gv/csywcMUSVR+AFGFH/SwRMf6n70nFHkUO+pNQphONKZQoNMV9TA53K9ChUX/7lG3AQvfe2jb2MGYc77AY6+L+vzzNw7o2Iffjy8fEV+Ytq4rQaqxOqDQwhOUWZcQo6k1pmtbXVzPgn1b6VYq/RHTG2uw8zx1pzuesofh6GP5TmaNoWNxKN42J8jm5AeDmuuFoOBjmpUpAzMsmf4g5jZiZRGjguZDo3laVATNXVU8iYNcMRsH7wzPIsMHn7+LoKcoIX67/uD/cURUX5HFBQJUKkxOAk18P1u2pLr59Lw4zUA6I+tPZgN2iyxe5Nn/blXI8KPWXo3l85pdJEYgZzEVxozCUDrEo0ESgw8KdY6JzLctkreskHg1AwMKCe2udO/yInTipQH2pOAv9+LOzZylBZJaYgMo1+G/lik8bodK6/CuCXo/rPEky0CejN/k5E6QqG2uRTqOD/j5k/E+dV3zVtXcWHW9NvX5hOkmgbTN/cAtGiEcAmfDyOflJ0nUBLGtTAB0zlEGJH+M9B1AS1BUWW2J9UJ8GIsAn+5/iu3RsB1/mNCtV2BWsCzIlF9BkRybW+rpWXS0ubUaLK/ckQ2/uTfqLle4asQofdY5jhvi9DtoXv8rpREDRPFfgNz6CtjeVogftDaywKLRFC7JU8DRQqzYN3nz4RiJLrG3WO6L3rxEADY+vgTe5Jy4bAz2yUrLwkM8iP7SgwbHAFWxXOWsdYkZt/xbZ/mydr7X9ZAAM9TaqIzYRrR2yIFPRhYjxhn3V2uuonPykKqx+cUwUjUIN8B3tcfuXVpGv5A1zNoHv7iao1LrRE7J9n83ZeSbSYh1cnHm0Jkr9xzxVuV49KVYySIyi2Afo4+oGMFZHlZ/8d1bqCktrInFNBOSN3s2Q==,iv:oe6PtLmY9V4QuhuLrdtMMQJFsuaCC6XoPAWlGlvmSFw=,tag:BrGrA+jVCaTN7yFtl02bVA==,type:str] +ssh_config: ENC[AES256_GCM,data:SAgBseS02Ja6ziGetbuXQWzF/h2aScCVxBte6yzTqWsOb0nachm2YndfuZydmjSFtkmE++Ro0p42rbxEyK+lvWgGSFKv7PXew88QeY/cwzokV/BcxJDcwMbmgwZgigsk8ku3BDJos/2YNfAACsu/c7McHpzSZU5txY35h06EEwPPr5oOaAR+7KnVz8crLdwadLKWdFQj+UK2h6ZcxpoeKXTXjmee7jJGCnKk8mDnwfT+zpDWodlTZB98wgz6LbwRNgtL2jj1vChxvsy4dQ1EDc1apguBylAGhx8Is38uy5Gdoe09emc+y24rsurYVqHC8P1AMW5KC/N0IVwDKHeWZYC+kSIlDqT4SCQAH1TsTi3eAr56fEQTLAZtsDWCcp2AvtVzYAhHkl17HNMfRvRZGb/u4INZuLnB/zANxeB6QhYM/61HWSBbcDXf/mXeC7ieJV9kTA/loHO4JJQzMLuE/3ey1BgWGuAcCe38YoXQF5V+0FldbK2v3sMmTWk1EHsGw1Q6RoCSzhLuj+FQfAQCJS0d/rTbqVZyT/1Q0kL9eviREqCTyMkWK+p8Sui2haUojZdeSoJfuXJddnmP1iHmwWpwj6vAAcCJbR+oVHaCqjJxvQx1DQYxG3I+gCnYbPAtJ7mQIY8fhlxt6JUjaX0ssqheKpGGjHheirJ3t0ZOOAiuyLLzpk9WFuLgQ2y3hd94W1Idrqaxo/LolBKFAgbAF/nKbmjYgvRupljTBdvtpchpIDMsJ/HTDwousCFts+tqv3V1IZ+dfTmRAX69JicS+Xhno8x4Ap/f+yIFOTUYZMqIWUYrQQ1mmQiWhs9JpgT7AYp/aLA/u5dcVjRKz6bUmdi9r9Ez/VbfCpIobRUpjtVuXq5wy4R9LGGxCmzeqOEnwK/VZn8uBdFFLQzT+VUHzpqfHiRKpeAyJXpCOd85ytTIstZlM+nQ5l6FHt6YujY4tyzjM+iIaLAn349JJvYy1SAvjkOKxxZNztRSCPEq6XBhq0FW5ARHjDokQzi1RAwBjDR+ErgXadh9VrSIjvKPn+d6wZUQcgtJ8xpOl8D8f3vVybpLTVu94XhzxNH1IhvOYL4efFMA+io1dGmnvWcB3FQdwy4K9JF/QE22q701n3BUJu5rhcwScwoj2vyAnW1lBoEpZ2eq73j/bOJSMV5bzYgi9NUvhg7NjXD6XWqtyUx7mEsdcPE8m0cfwqQRgYOECjHiD/Txb78bt57PQ9S3evxCP4BUBURSADUxwq3PeLKb0dpYa7fumlA2Vl7xX4iDkFrG398uIvl5FF03ujQYeVRh0iGIlSvCJkpbwsET229wJRAM8FNMEAgg3GRf+Hh9YOHgCrF2D+gZeLJy+qYvuX2OqivEknh2NehOM8IVruRMn8Zltsk8zu/uPjFtDbgb3Ffyp8Xo5eV8i10drRo1C8aCv54bDnhhPojCGXNRgNGIAnQKVpSdCGbh/18/OOYqhQ5cncez5DYVOaD+qsw5efqGBCVMyBdpeyxAlZ4wUgULKAXDq/YO1PTiM8q0rUxDQmlnDt+4nLXWa9Tmkk+atxkk/xn79tas3V5AN80sDlhYDz42AEvWvfNsmK0kJKgytn0DVLMVqpbMpDQq20LUCbduVY3oYKg3ILpsZnKa8gx/JWbvSa08DmuS4b+tgD2Byxkf3a6poP8ccmp0G1j8potAqWGnkTo0SkAX,iv:hZriR4K4omzqDH5TGSp0WfTCsNQoOcN9HZ3nMKA+gmI=,tag:TPKW1HjavYCPMetoZxEVqQ==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va enc: | @@ -15,8 +11,7 @@ sops: cWx6Z2psUUlobDdFd20wcXBvS2tUaW8Knod4aI4/qOIJqMr2rdQzUta/G3HDFif8 LoREomHElDv31FYrR1EVEr8Fk11hhkuZs7a0iEzxTxPe6CjCiSfqbQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-16T07:02:53Z" - mac: ENC[AES256_GCM,data:wAbaSouSNEIt+gpRhtJ8Dcay662f8p/flpVz+YCYmSXXgm8AXVJfWOCnKCLM5WC6Uge9tZVlAli8oYdJ3PcKMqE+0dSXH0haEi3uenhvOxj63eLLIiccDRjOI45OJk+9J0ilKsqiaP7S1nnY185DCDtgDdLr9mOZlpBrHZohKxw=,iv:ue4DD08RllFhDZHf2BlsuFRouM+596skjXw9KQxMs2U=,tag:7gU9N7pwl/VdRMr0ndpRug==,type:str] - pgp: [] + lastmodified: "2025-04-14T20:50:20Z" + mac: ENC[AES256_GCM,data:nnR4QBAJZu91gBstCqkSvzymiEnPhjwdHifmld6KQKXSFaa+zp3XSzwtdWJ5EitmCS74JedWckS9rcADIq8u020LG+0MITiqoK3ev9eRehGUrWOVBD77A6lGu0nj2lqcmczwXFt9wjEvEEVKvz2AgELDdltE4fHKeCLwoJkonS4=,iv:oz8U/jgMQG8gELUQhXMq7dNHBk/AhbwsI0gYkb3TeQk=,tag:sjTPTBP2FWzxVhVIE9NTBw==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.1 diff --git a/home/root/fangorn.nix b/home/root/fangorn.nix index 83c92cd..72dbda0 100644 --- a/home/root/fangorn.nix +++ b/home/root/fangorn.nix @@ -3,4 +3,8 @@ imports = [ common/core ]; + + nix.extraOptions = '' + !include /run/secrets/nix-access-token-github + ''; } diff --git a/hosts/arrakis/default.nix b/hosts/arrakis/default.nix index 7385eaf..976cfe9 100644 --- a/hosts/arrakis/default.nix +++ b/hosts/arrakis/default.nix @@ -78,7 +78,7 @@ environment.systemPackages = with pkgs; [ angband - assaultcube + #assaultcube bsdgames bzflag extremetuxracer @@ -195,6 +195,11 @@ presharedKeyFile = "${config.sops.secrets."wireguard/timetrad_psk".path}"; publicKey = "/lWCEMGRIr3Gl/3GQYuweAKylhH5H2KqamiXeocYFVM="; } + { # fangorn + allowedIPs = [ "10.4.20.9/32" ]; + presharedKeyFile = "${config.sops.secrets."wireguard/fangorn_psk".path}"; + publicKey = "G4oahOfaCR+ecXLGM2ilPYzqX6x8v/6z8VIo2vP2RC4="; + } { # ginaz allowedIPs = [ "10.4.20.254/32" ]; presharedKeyFile = "${config.sops.secrets."wireguard/ginaz_psk".path}"; @@ -243,6 +248,7 @@ "ssh_config".path = "/root/.ssh/config"; "wireguard/arrakis_key" = {}; "wireguard/black-sheep_psk" = {}; + "wireguard/fangorn_psk" = {}; "wireguard/ginaz_psk" = {}; "wireguard/homer_psk" = {}; "wireguard/lilnasx_psk" = {}; diff --git a/hosts/common/optional/games.nix b/hosts/common/optional/games.nix index 39a07cd..fa144f8 100644 --- a/hosts/common/optional/games.nix +++ b/hosts/common/optional/games.nix @@ -1,16 +1,7 @@ { pkgs, ... }: { - #environment.systemPackages = builtins.attrValues { - # inherit (pkgs) - # godot_4 - # mame - # mednafen - # mednaffe - # winetricks; - #}; - environment.systemPackages = with pkgs; [ - godot_4 + #godot mame mame.tools mednafen diff --git a/hosts/common/optional/pipewire.nix b/hosts/common/optional/pipewire.nix index da69705..a2c9b1a 100644 --- a/hosts/common/optional/pipewire.nix +++ b/hosts/common/optional/pipewire.nix @@ -4,7 +4,7 @@ easyeffects pamixer pavucontrol - master.pwvucontrol + pwvucontrol qpwgraph ]; diff --git a/hosts/common/optional/services/nsd/bitgnome.net.zone b/hosts/common/optional/services/nsd/bitgnome.net.zone index 038a860..f5ff137 100644 --- a/hosts/common/optional/services/nsd/bitgnome.net.zone +++ b/hosts/common/optional/services/nsd/bitgnome.net.zone @@ -3,7 +3,7 @@ $ORIGIN bitgnome.net. $TTL 1h @ in soa ns.bitgnome.net. nipsy.bitgnome.net. ( - 2025033101 ; serial + 2025040901 ; serial 1d ; refresh 2h ; retry 4w ; expire @@ -29,7 +29,7 @@ $TTL 1h ; name servers ns in a 5.161.149.85 ns in aaaa 2a01:4ff:f0:e164::1 -ns2 in a 67.5.119.0 +ns2 in a 67.5.118.253 ; srv records _xmpp-client._tcp 5m in srv 0 0 5222 bitgnome.net. @@ -67,10 +67,10 @@ mta-sts 5m in cname @ ;royder in cname @ ; external machines -arrakis 1m in a 67.5.119.0 +arrakis 1m in a 67.5.118.253 ;darkstar 1m in a 66.69.213.114 ;nb 1m in a 67.10.209.108 ;terraria 1m in a 128.83.27.4 ;caladan 1m in a 104.130.129.241 ;caladan 1m in aaaa 2001:4800:7818:101:be76:4eff:fe03:db44 -darkstar 1m in a 67.5.119.0 +darkstar 1m in a 67.5.118.253 diff --git a/hosts/common/optional/services/xorg.nix b/hosts/common/optional/services/xorg.nix index 712886f..a124998 100644 --- a/hosts/common/optional/services/xorg.nix +++ b/hosts/common/optional/services/xorg.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ config, lib, pkgs, ... }: { environment.systemPackages = with pkgs; [ chafa @@ -67,17 +67,24 @@ services = { blueman.enable = true; - displayManager.defaultSession = "xsession"; + displayManager = lib.mkIf (config.networking.hostName != "fangorn") { + defaultSession = "xsession"; + }; libinput.enable = true; picom.enable = true; printing.enable = true; xserver = { - displayManager.lightdm = { - enable = true; - extraSeatDefaults = ''greeter-hide-users=true''; - }; + displayManager.lightdm = lib.mkMerge [ + (lib.mkIf (config.networking.hostName == "fangorn") { + enable = true; + }) + (lib.mkIf (config.networking.hostName != "fangorn") { + enable = true; + extraSeatDefaults = ''greeter-hide-users=true''; + }) + ]; - displayManager.session = [ + displayManager.session = lib.mkIf (config.networking.hostName != "fangorn") [ { manage = "desktop"; name = "xsession"; diff --git a/hosts/common/optional/sound.nix b/hosts/common/optional/sound.nix index d409196..5cde16f 100644 --- a/hosts/common/optional/sound.nix +++ b/hosts/common/optional/sound.nix @@ -21,7 +21,7 @@ lsp-plugins metersLv2 odin2 - oxefmsynth + master.oxefmsynth polyphone qsynth reaper @@ -41,11 +41,11 @@ wavpack winetricks wineWowPackages.stagingFull - master.yabridge - master.yabridgectl + #master.yabridge + #master.yabridgectl yoshimi zam-plugins - master.zynaddsubfx + zynaddsubfx ]; }; } diff --git a/hosts/common/users/don/default.nix b/hosts/common/users/don/default.nix index 9b958c6..443c2db 100644 --- a/hosts/common/users/don/default.nix +++ b/hosts/common/users/don/default.nix @@ -26,7 +26,7 @@ in #]; packages = [ pkgs.home-manager ]; - shell = pkgs.zsh; + #shell = pkgs.zsh; uid = uid; }; } diff --git a/hosts/darkstar/default.nix b/hosts/darkstar/default.nix index 910e077..4bb6c91 100644 --- a/hosts/darkstar/default.nix +++ b/hosts/darkstar/default.nix @@ -22,10 +22,9 @@ zfs.package = pkgs.master.zfs; }; - #environment.systemPackages = with pkgs; [ - # wpa_supplicant - # somethingelse - #]; + environment.systemPackages = with pkgs; [ + speedtest-go + ]; imports = [ ./disks.nix diff --git a/hosts/fangorn/default.nix b/hosts/fangorn/default.nix index 9194dae..9a41013 100644 --- a/hosts/fangorn/default.nix +++ b/hosts/fangorn/default.nix @@ -1,4 +1,4 @@ -{ config, inputs, outputs, pkgs, ... }: { +{ config, inputs, lib, outputs, pkgs, ... }: { boot = { kernelPackages = pkgs.linuxPackages_6_12; loader = { @@ -15,7 +15,6 @@ environment.systemPackages = with pkgs; [ signal-desktop - #master.wsmancli wpa_supplicant ]; @@ -24,16 +23,17 @@ ./hardware-configuration.nix ../common/core #../common/optional/db.nix - #../common/optional/dev.nix - #../common/optional/ebooks.nix + ../common/optional/dev.nix + ../common/optional/ebooks.nix #../common/optional/games.nix - #../common/optional/misc.nix - #../common/optional/multimedia.nix + ../common/optional/misc.nix + ../common/optional/multimedia.nix ../common/optional/pipewire.nix + ../common/optional/services/nolid.nix ../common/optional/services/openssh.nix #../common/optional/services/tlp.nix - #../common/optional/services/xorg.nix - #../common/optional/sound.nix + ../common/optional/services/xorg.nix + ../common/optional/sound.nix ../common/optional/wdt.nix ../common/optional/zfs.nix ../common/users/don @@ -42,6 +42,9 @@ ]; networking = { + firewall.extraInputRules = '' + iifname "wg0" tcp dport ssh counter accept + ''; hostId = "6f1faddc"; hostName = "fangorn"; networkmanager.enable = true; @@ -59,45 +62,23 @@ ]; }; - services.openssh.settings.X11Forwarding = true; + services.openssh = { + openFirewall = false; + settings.X11Forwarding = true; + }; + services.xserver.desktopManager.xfce.enable = true; services.xserver.videoDrivers = [ "amdgpu" ]; - #sops = { - # age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - # defaultSopsFile = ../secrets/fangorn.yaml; + sops = { + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + defaultSopsFile = ../secrets/fangorn.yaml; - # secrets = { - # "nftables/ssh" = {}; - # "nix-access-token-github" = {}; - # "ssh_config".path = "/root/.ssh/config"; - # }; - #}; + secrets = { + "nix-access-token-github" = {}; + }; + }; system.stateVersion = "23.11"; - #systemd.services."nftables-extra" = let rules_script = '' - # ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path} - # ''; in { - # description = "nftables extra firewall rules"; - # reload = rules_script; - # script = rules_script; - # serviceConfig = { - # RemainAfterExit = true; - # Type = "oneshot"; - # }; - # unitConfig = { - # ConditionPathExists = config.sops.secrets."nftables/ssh".path; - # ReloadPropagatedFrom = "nftables.service"; - # }; - # wantedBy = [ "multi-user.target" ]; - # after = [ "nftables.service" ]; - # partOf = [ "nftables.service" ]; - #}; - - #systemd.paths."nftables-extra" = { - # pathConfig = { - # PathExists = config.sops.secrets."nftables/ssh".path; - # }; - # wantedBy = [ "multi-user.target" ]; - #}; + time.timeZone = lib.mkForce "America/Chicago"; } diff --git a/hosts/richese/default.nix b/hosts/richese/default.nix index 5d9e2fc..86737a9 100644 --- a/hosts/richese/default.nix +++ b/hosts/richese/default.nix @@ -12,7 +12,7 @@ environment.systemPackages = with pkgs; [ git-review - master.openstackclient-full + openstackclient-full ]; imports = [ diff --git a/hosts/secrets/arrakis.yaml b/hosts/secrets/arrakis.yaml index 5261c80..04c7bfd 100644 --- a/hosts/secrets/arrakis.yaml +++ b/hosts/secrets/arrakis.yaml @@ -5,6 +5,7 @@ ssh_config: ENC[AES256_GCM,data:OjZ79joE5H4vcPpgC8o7u65Z96kpc36k+wA76/+aedb1O0oA wireguard: arrakis_key: ENC[AES256_GCM,data:jJxltF+jMKMchavpXWKGFmFI3K/Qkgmroc68nUzYL71kKR+WFMPUzDjXW0Y=,iv:RESrP6zChCIMeDn65mu7ULvfeT5QRRX76TdyOAjE/fw=,tag:0QXp38YwTJZS8phv9ObrhQ==,type:str] black-sheep_psk: ENC[AES256_GCM,data:ZBR7CQJLBltt9lTeN16SUte0xt90oVoJfvWrdF8gVAPQgvGIp/t3i5L2+eA=,iv:ilqCFzHhjgxU7FRcj0Ymi/t53NPt8QMJD56azsNQMe4=,tag:i4TIQryxzJpGaM8KGCVXQA==,type:str] + fangorn_psk: ENC[AES256_GCM,data:Ob994Cp+CDDfg4IEVGPnf265sDXe2zS9snehBvfr87x6kGq1YnKJQzkGXx4=,iv:mNDGwyRI0T3FHbPw9Z3NX+3/PmiIXiA+C1QUYYTdENc=,tag:Hz4qSjF7EmXA5ovnGLH3sQ==,type:str] ginaz_psk: ENC[AES256_GCM,data:Iy/jyCcXl5VnSArA+Uazww/refw+Flopi2CnUgXyB/lnL6ykqawztK6KSBU=,iv:rB9eeMXqa+ZptLenJs/x9yffu4s10YwI11A1EPUHY54=,tag:1rw8SyfXyKA9IW3SUfYbTg==,type:str] homer_psk: ENC[AES256_GCM,data:JaUJEWlcEhWeT+g5J+ysQ7rHFW8bxyDiciqrwL4JH493fQNCBnIkfJXtjfg=,iv:l95W7lVeBZhS2YwWN8biyFHBlAUwP7+DrSOVAhowC+I=,tag:q+wDpSGlT3nb+88yYMNzhQ==,type:str] lilnasx_psk: ENC[AES256_GCM,data:wssUtPGQfs2Gt63Iq+QD7nQsAaua/OP0tcTmxlWFPTjPF3PzU2Y8m/76B3w=,iv:1jSwB0XkC+Gcn2JRNcaGd3hhJebmdfaF1N6PNDEdkSU=,tag:GVigw9hi66q2+q06g+WumA==,type:str] @@ -15,10 +16,6 @@ wireguard: wg1_conf: ENC[AES256_GCM,data:FeRx87Ynsku8RPJ34HX4WZbvrl0NMKQVUueYevXhZi/uxehsttjqdZyhKGG8ZZW2rYNT7PADp90NcOYRuS2bquFuU+XSK21xDC7myk9EMHtEh1t2nk8ILYV590eQVceyQCb9XNjlypI0QJEBItODg9DAGHf9WqV232zj2NcXmUEFwdQpWt3NnFo7Dku1KTmNWIQhfKL96casrHP5j7YHASlbLC5xmieZ8IPasfozPCDwQJMxdA5PH5rr7DEcjIrOgYSqa7G9VcPWlBfiuyEI0MZVYhF2pl4P57LVZNDRf8XamOcsphnRfgr6JYArxrHl3H5r4Nbcz3I09W8rrw==,iv:qAB6GAKDLg4P0g+5cRPcOWS2DvW7dcMJp7Fb4hDArfo=,tag:cacQeEAR7gjA/40Msuh/8g==,type:str] wpa_supplicant: ENC[AES256_GCM,data:HHs6g3qaaeinVGgteExQvhE0CEC94WjJ0tV7pyI=,iv:6F+DYHieaWWo+V1F9yjwWT7PcdiIpH48nv1SUrFHePk=,tag:cpimCP+YNmCI+t+wpuXwHg==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1mkqxkwse7hrnxtcgqe0wdzhhrxk55syx2wpcngemecz0d7hugsnqupw3de enc: | @@ -38,8 +35,7 @@ sops: ejRLb2Vkd1B3QmxLSE1wUzgrazZJT0UKz1IQxYm7hagYtBsWTpk+f6/79ArRUgNL MfhHMQAwuuXjBSmuFolyU3UoWnDYK6uGAv5nlTJxESqj5eQBafItSw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-18T20:40:33Z" - mac: ENC[AES256_GCM,data:QTqow9+HbTDkMAfsVsiTIyac9xEU7kb+2z1u2oagUauCvtnCphCF0O+NzPwmOcFxhGn28AZ+K9EeKC5XGKcRI/bYY7wLhaz4DZVhYqTu2JSJ+2XweJOEA7JjgGa2rSEi8KTEe2adCHvf1zwyq1nmyFroJCqT5azvp91o11XwVZA=,iv:/WBKPz2TMw1S7+OVRpA5dPHNr7x18oi0NWXh3RcWOvM=,tag:bdfp9WF8X8FXFXjjaYpdKg==,type:str] - pgp: [] + lastmodified: "2025-04-14T20:34:45Z" + mac: ENC[AES256_GCM,data:kcnVhndV8yJRTA19VcNazNKc1K+cYgTCdX2HC5i92mGZOFSd923EgSodCI0Ykz1rBjtO2FRnFAMfYyL4ae0dG9LOxYchh4vEhUZuSCuqUqmr9fUKGe9AqJSFpFW3qRXaAzKEBseGn+r0fnPq06LE0859f444Oz4vjgEHSudT9cg=,iv:Z5v0j94n9QVS+xrwfgOJD3krP9L6phzeD6ZKNxdiZMw=,tag:9VKs+3zZm+dR//MZrQIqVg==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.4 + version: 3.10.1 diff --git a/hosts/secrets/fangorn.yaml b/hosts/secrets/fangorn.yaml new file mode 100644 index 0000000..dd5ab96 --- /dev/null +++ b/hosts/secrets/fangorn.yaml @@ -0,0 +1,25 @@ +nix-access-token-github: ENC[AES256_GCM,data:5VERSDp1ROol58nG80J+84fBB7k8GyFd46U/D2+zW1iVV12Y+IbJf9SNuR0Wca1qOxR4v6qRZjkTOL/d72SwBCGfmkA=,iv:qn8u70EGF/2H7tQO86rLNQVPeoTuk9eyn0SFwrHpHRs=,tag:bPGqZUavVXzmZZGrMUkveQ==,type:str] +sops: + age: + - recipient: age15yqlem4d5h4mz808j72ccd8mrdu4p8hyal2k988jdcmtqrns23xq80896d + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUcWdVV0hNMlJSTnRPV1lu + WnRNalM4cjA2bUdYclRxcmFGSTVjMEYrV1FJClB6NGsrcnlpWDJWK1M1ZmtDbE54 + SmhwZk5VUTJGSWVEbkVXMkRydEJ2cWMKLS0tIGVBb3BBRnExd25FblNOR1FLWWF6 + NUU0cjAzOW1nblJ6SEZjN3NpZFJpRDQKwIG60pc821BmWTymHeyY1SSLy6jpFowN + 2AuzBldfk9Tm3g/bfcXV8Af/YQMX53xrYawUQiDALOHNAj7smZWvRw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzZjFkcUxxM0VsV2RFSjhv + d0FyKzBZTllGTnRLL1d5NmNBT0R3b2dhZ1M4CkVEOTJ5SUpDVUF3N0hJWEtOL2xP + eVFnNkJST2R0U1RDZ1pOdTlGUzF3UzAKLS0tIEUydVcyMmFlMEpXemNKcnJsYS9V + M3F3blQ1dGxoWml5WEc1R0ZjblN3bkUK0+9zLdJi4u9JE3ijbP/SVNPqe6tXBcqw + gS+N2V47O63fjGM/VSXMywrB5aatwU9xUW5+A68qwgHCXTcHYGiHvA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-04-14T19:53:57Z" + mac: ENC[AES256_GCM,data:JlVFa18N4w+y4RIK5GG8XspsW6BL9U7IpU6IEpG3u4R+h/3UpLFvVqOE+sK4zdUaDNajHk0Hc3oE2RRsTaf0MUif2utqSpT1y7fqaVBj6LBrqH7pu3KNRnktfLb/VOyovAj6yT1Rmko1YtcKw6ZPu4r9t/Vi5FAZP1+3qLmWyv4=,iv:e9z7vP2W4AWACCEDto1eY2i0PwD4l6W3c6+KWcduwZw=,tag:LQoyet3sJKh4bpn+FE40Yw==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.1 |