diff --git a/common/.sops.yaml b/common/.sops.yaml index b5e0b24..2f09992 100644 --- a/common/.sops.yaml +++ b/common/.sops.yaml @@ -1,5 +1,4 @@ keys: - - &blitzar age1mc72my8whm2fm3wjg2ucvckx27dyp09urdgs9lpzqswl5pa5py8sfwszt9 - ¯onova age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra - &nebula age1vyq4xceveer87xt506yl59lh82dmeuagzlmnk87augfvqry7vqaq5hwy33 - &protostar age1m5jnjmed343uwpgeta4nkxjhwescsa6dfswx30e4rwm0yxcf753qr0ljkw @@ -9,7 +8,6 @@ creation_rules: - path_regex: secrets.yaml$ key_groups: - age: - - *blitzar - *macronova - *nebula - *quasar diff --git a/common/secrets.yaml b/common/secrets.yaml index 2265f5e..8f5694f 100644 --- a/common/secrets.yaml +++ b/common/secrets.yaml @@ -4,41 +4,32 @@ users: password: ENC[AES256_GCM,data:b1ct21IrepupexfV5CZV31/HRLRbhPY8EZDAA5rkYisSkke5Z6K8IlFePkbRAEre08qastLPr8FARal+s/co6kfR+aFcqD55hMcLaXvthg4xI6K4NRX0Ifp28JaEy0c515qLbvDLiyMsHQ==,iv:uK96mBa7ewu6SjPWb5aJDPKKASSqWFNGfRt88jWhbP8=,tag:eeVXcr3JOOpqO35y0wcXIQ==,type:str] sops: age: - - recipient: age1mc72my8whm2fm3wjg2ucvckx27dyp09urdgs9lpzqswl5pa5py8sfwszt9 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMbE1SSUFoeW9KendRZ2VS - MnhEQkJ1SGpRQ29hU0JxU2VYNG9zcDFramd3CmFIdkVYSFM1cVRaeHQwQXA1a0Jw - MjQ3OGpqazZSa2NVN0lDT3pvMENWZWMKLS0tIENFbzZ4cWRZOVRLMGRibHdLbmNJ - elc3Z2FTajA5ajBpd1FYcW8wRnF0VFkKiSmUned7JKZgUx9XWzCCbThmtj8nKlnm - v8bxGW0phdVNcol67EpvxtJWOvHw4clP4PdB/7D+3X5sIF4vgF17kw== - -----END AGE ENCRYPTED FILE----- - recipient: age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsa3p3amVJeWtTWEtZbTR6 - Y1lTbGVtdGVkY1BXbUVBdktWZVFNTW41eVY0Cit0ejlaOWkyYzEvaXhrYytPamhQ - MXN3Sk5lU2IwU28vWGV1eUVEWC9WbUUKLS0tIEdPaHM1Z0c1c0F0NFNSYzRIdGUr - RWdVbU5MMWQvRWdnM25COHpFZ255OXcKpDW1Gt/RkG3JwLZgQFgTGgzbKatesZry - VFBhZxHHWihtmhc7LC+BqMqUFMShYnxvL9DyT/5LCke2sqwhiozWwg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBady8xYTJvS0kyN3dsVURi + SXg5VzNGQ1cyYnZ3VUV0dkRRV1dZL1kzaldrCmxvc084Z3hpL3k1YzcxeFNaWkFE + M1l6ZUg1K0ZSNm5NVmtXTzlVYUwxWnMKLS0tIDluN2VjamdjTVZrc3drOUtkZ1pR + T0tmMWtPR3pSczVsSHluQXpDNGh3ZlkKgBXGceWCSUQJEk08o3wue1MpSdTy1474 + 44iusWYmlCauK3DCH0MHD0sZEl5pC4jKdELIGM1ziiG7oEHppblxWw== -----END AGE ENCRYPTED FILE----- - recipient: age1vyq4xceveer87xt506yl59lh82dmeuagzlmnk87augfvqry7vqaq5hwy33 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNNXB3T3JNSE1PdXNncWZn - ZlhXeTl4aFczR2U5cGpQcFBBdnFZcEtxSjBZCmVzSWREczJpNzA4Q21SVFBncGZ6 - OXAzUmJTNFFHcXZRdmI0M0c2TVBSOUUKLS0tIDlmZHQ0eHVJbHArQjZzaXBKSFVr - RWJyK0djYytwTVFBcU1NY0lBSHhPYjAKClAJfMtUuQvbzTiysT4eX/sW+67MnL8m - 1hHzsm24rLUvSzfX4gX4vhYUdcn4pPKXCkdhJ1eeFwMAcJV0piudHQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByL0V5OHk1b0VncU43VDZQ + anROeCtEYTF1YWlBNk1IeVp5a01PYXoxTjM0CkJHNmRuTWwrNDNKcFo2Z3JjVnpF + bk5QbDhxNVVTQlhTU3JQSlZucVhJM2sKLS0tIDIrQjdYZk4yc0h2VDdPZVNMVUpE + THg5TUlWdjhYc2ErRnIvMHdtTFQwRXcKLjtHY0ZDhQV42afMvoF8STed8ltI9rMH + krtmaulaYIthU7nz2jxqQShzpBJmduuCVILK1kL3lGYFQiFhRuqQrw== -----END AGE ENCRYPTED FILE----- - recipient: age14ffp5y3urw7vuj07nkmh6su4qauy6dkwz5u4m408cv4895v5kqdsd34pkt enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSZHo5MEdYNWhmUGF2RmYx - Tmg2K0RENytQdUtDeTdKZUFtRlVzZFBrMzA4Cmc5SnVDY3RBVWlHelorczl0clAr - TGxpa1EzRzJuUm9DMFNGN1dxNlJqRVEKLS0tIFZDMHRlUlU3TUdvYVl5U1FhaXRk - SEJyR1Npa1NCVE8rNytzRWhNM1kzUmcKhR9a+dWRPlI1fL3hwC0x9/m8nhNvFhNS - Gcki3AUC5Z2eCXkpZHxFctywfYGJfz9IHincJdkdwWnVoqiwsJ9lzQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2WTY4ZGVBMkZmcUVLblc3 + MFdsS3p4c1V2aE9kejFwTVlhNXdMZ1RidkRZCjFtV2JoR0FKQ2Myd2ptem9Oamd0 + TVViTlRUdTRvN2tHZVhMSFpzQURkQU0KLS0tIFZ6bnRFZ3VRNGxlcnlKcXB0QkEz + YUx4L0JuZkRTaU5yQnl6dmk0M3h5djgK7x18TrFrkjBSwBWy+BYW5tvx4/4TpAd3 + j0A+HI1d9WlwUUxsz7oD+mm3fbEryOWCUqAq21w4ns6UHDJGZH3rGQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-09-01T04:30:14Z" mac: ENC[AES256_GCM,data:ct8vaGlaPj69vzRm9baA2rxbuBM+MYX3Gjtg8m1cdHtldifvrYcw+hb1b9qC/Jhn3ppqpPO/8PhqqMU9U+aUBaSRV0AdDZs63T1/591SU3NDC6rmRBtkbrGk4g4jw4/Guw9Gs8F2r6xWf91KobAoHg9HLI+PK+pOSlfl4o8PBww=,iv:iPGlDkj5mnUxdtoSMztH8BPwSID0FJQDZfc2JenQngw=,tag:1QUCclV0Cs6hsPBANupj1g==,type:str] diff --git a/common/users.nix b/common/users.nix index 89c2e92..0d14991 100644 --- a/common/users.nix +++ b/common/users.nix @@ -48,6 +48,7 @@ in { nil rclone sops + unar ] ++ ( if config.programs.plasma.enable @@ -182,10 +183,7 @@ in { iconTasks.launchers = []; } { - systemTray = { - icons.scaleToFit = false; - items.showAll = true; - }; + systemTray = {}; } { digitalClock.timeZone.selected = ["Local"]; @@ -271,6 +269,8 @@ in { sops.secrets.${usrPwdFile}.neededForUsers = true; + time.timeZone = "America/Los_Angeles"; + users = { mutableUsers = false; users.${userName} = { diff --git a/flake.lock b/flake.lock index 6bc88ee..22c3bf6 100644 --- a/flake.lock +++ b/flake.lock @@ -19,11 +19,11 @@ "candy-icons": { "flake": false, "locked": { - "lastModified": 1755120597, - "narHash": "sha256-Kl8wTfEo+FBU5SE4ho0yLt7j2LHTJsAIfWor0hLdIlw=", + "lastModified": 1757455208, + "narHash": "sha256-wJ86TUjiVYT64QunDk85Jji5vo0Os+D9t/fsyKRM+P0=", "ref": "refs/heads/master", - "rev": "278998cb51c68de9d590c84d8fd1625223772792", - "revCount": 1332, + "rev": "40cbbc8821db020e2668c309cd5a7bbfabd0be06", + "revCount": 1337, "type": "git", "url": "https://github.com/EliverLara/candy-icons" }, @@ -34,7 +34,9 @@ }, "disko": { "inputs": { - "nixpkgs": "nixpkgs" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1758287904, @@ -50,22 +52,6 @@ "type": "github" } }, - "feishin-latest": { - "flake": false, - "locked": { - "lastModified": 1759244337, - "narHash": "sha256-Amz5Cm9L+GCpts2HRDm34KkcBzg1sPBA/0WKMOpwSoI=", - "ref": "refs/heads/development", - "rev": "f1a75d8e8123ccd6c32ded5ae960e767dfbab2a3", - "revCount": 1908, - "type": "git", - "url": "https://github.com/jeffvli/feishin" - }, - "original": { - "type": "git", - "url": "https://github.com/jeffvli/feishin" - } - }, "flake-compat": { "flake": false, "locked": { @@ -205,11 +191,11 @@ }, "hardware": { "locked": { - "lastModified": 1759261527, - "narHash": "sha256-wPd5oGvBBpUEzMF0kWnXge0WITNsITx/aGI9qLHgJ4g=", + "lastModified": 1760106635, + "narHash": "sha256-2GoxVaKWTHBxRoeUYSjv0AfSOx4qw5CWSFz2b+VolKU=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "e087756cf4abbe1a34f3544c480fc1034d68742f", + "rev": "9ed85f8afebf2b7478f25db0a98d0e782c0ed903", "type": "github" }, "original": { @@ -220,14 +206,16 @@ }, "home-manager": { "inputs": { - "nixpkgs": "nixpkgs_2" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { - "lastModified": 1759536080, - "narHash": "sha256-0aXlKPxm2M+F5oywX2TTbY0e6h+tQ+6OYyx7UZn3A4A=", + "lastModified": 1760500983, + "narHash": "sha256-zfY4F4CpeUjTGgecIJZ+M7vFpwLc0Gm9epM/iMQd4w8=", "owner": "nix-community", "repo": "home-manager", - "rev": "edafd6da1936426708f1be0b1a4288007f16639a", + "rev": "c53e65ec92f38d30e3c14f8d628ab55d462947aa", "type": "github" }, "original": { @@ -260,14 +248,16 @@ "jovian": { "inputs": { "nix-github-actions": "nix-github-actions", - "nixpkgs": "nixpkgs_3" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { - "lastModified": 1759387127, - "narHash": "sha256-uuwJAP92SkHmnI1zo7rrK/gEuHtb97vFZcMa5w+0SZA=", + "lastModified": 1760534924, + "narHash": "sha256-OIOCC86DxTxp1VG7xAiM+YABtVqp6vTkYIoAiGQMqso=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "0cc290e05882745060fccfe6d7d073f913e0cce7", + "rev": "100b4e000032b865563a9754e5bca189bc544764", "type": "github" }, "original": { @@ -281,7 +271,9 @@ "blobs": "blobs", "flake-compat": "flake-compat", "git-hooks": "git-hooks", - "nixpkgs": "nixpkgs_4", + "nixpkgs": [ + "nixpkgs" + ], "nixpkgs-25_05": "nixpkgs-25_05" }, "locked": { @@ -301,9 +293,10 @@ "nix-custom": { "inputs": { "candy-icons": "candy-icons", - "feishin-latest": "feishin-latest", "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_5", + "nixpkgs": [ + "nixpkgs" + ], "sweet-ambar-blue": "sweet-ambar-blue", "sweet-ambar-blue-dark": "sweet-ambar-blue-dark", "sweet-folders": "sweet-folders", @@ -312,11 +305,11 @@ "yorha-sound-theme": "yorha-sound-theme" }, "locked": { - "lastModified": 1759540951, - "narHash": "sha256-99dPs9ww00pcKPpDsH8btsP0Eg6aFVmcxSfDCG9k0fA=", + "lastModified": 1760589026, + "narHash": "sha256-cBy77jhQvkBjHEpPC4HAjVl6jYdz1FUfPYGZxZmzR18=", "ref": "refs/heads/main", - "rev": "a0e3e71498d63a0905df9c83f4f56b80a42f2987", - "revCount": 44, + "rev": "97e696e37d7185f60aa35549be0a2c551c4c802a", + "revCount": 45, "type": "git", "url": "https://forgejo.invariantspace.com/macronova/nix-custom" }, @@ -349,16 +342,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1752596105, - "narHash": "sha256-lFNVsu/mHLq3q11MuGkMhUUoSXEdQjCHvpReaGP1S2k=", - "owner": "NixOS", + "lastModified": 1760524057, + "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "dab3a6e781554f965bde3def0aa2fda4eb8f1708", + "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", + "owner": "nixos", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -379,138 +372,12 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1759036355, - "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1756125398, - "narHash": "sha256-XexyKZpf46cMiO5Vbj+dWSAXOnr285GHsMch8FBoHbc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "3b9f00d7a7bf68acd4c4abb9d43695afb04e03a5", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1759036355, - "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { - "locked": { - "lastModified": 1759381078, - "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { - "locked": { - "lastModified": 1759381078, - "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_7": { - "locked": { - "lastModified": 1756542300, - "narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d7600c775f877cd87b4f5a831c28aa94137377aa", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_8": { - "locked": { - "lastModified": 1759070547, - "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "647e5c14cbd5067f44ac86b74f014962df460840", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_9": { - "locked": { - "lastModified": 1758976413, - "narHash": "sha256-hEIDTaIqvW1NMfaNgz6pjhZPZKTmACJmXxGr/H6isIg=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "e3a3b32cc234f1683258d36c6232f150d57df015", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "plasma-manager": { "inputs": { "home-manager": "home-manager_2", - "nixpkgs": "nixpkgs_7" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1759321049, @@ -530,14 +397,16 @@ "inputs": { "flake-compat": "flake-compat_2", "gitignore": "gitignore_2", - "nixpkgs": "nixpkgs_8" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { - "lastModified": 1759523803, - "narHash": "sha256-PTod9NG+i3XbbnBKMl/e5uHDBYpwIWivQ3gOWSEuIEM=", + "lastModified": 1760392170, + "narHash": "sha256-WftxJgr2MeDDFK47fQKywzC72L2jRc/PWcyGdjaDzkw=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "cfc9f7bb163ad8542029d303e599c0f7eee09835", + "rev": "46d55f0aeb1d567a78223e69729734f3dca25a85", "type": "github" }, "original": { @@ -555,7 +424,7 @@ "jovian": "jovian", "mailserver": "mailserver", "nix-custom": "nix-custom", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs", "plasma-manager": "plasma-manager", "pre-commit-hooks": "pre-commit-hooks", "sops-nix": "sops-nix" @@ -563,14 +432,16 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_9" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { - "lastModified": 1759188042, - "narHash": "sha256-f9QC2KKiNReZDG2yyKAtDZh0rSK2Xp1wkPzKbHeQVRU=", + "lastModified": 1760393368, + "narHash": "sha256-8mN3kqyqa2PKY0wwZ2UmMEYMcxvNTwLaOrrDsw6Qi4E=", "owner": "Mic92", "repo": "sops-nix", - "rev": "9fcfabe085281dd793589bdc770a2e577a3caa5d", + "rev": "ab8d56e85b8be14cff9d93735951e30c3e86a437", "type": "github" }, "original": { @@ -582,11 +453,11 @@ "sweet-ambar-blue": { "flake": false, "locked": { - "lastModified": 1758309482, - "narHash": "sha256-0wlq+qJAL1xu70n/X/xXdhFUlPgwDIvyC6S0zx/IiVE=", + "lastModified": 1759874534, + "narHash": "sha256-aA/wuj7Oc+4fkOrL8Qj/kTF2NzZrZ3/rNAmYs9nFxpw=", "ref": "Ambar-Blue", - "rev": "24b6235aefe3ac44ebac7c0a5562d7930dff318a", - "revCount": 343, + "rev": "f2d784908d2737b40379c55c79e9b09f1c6e6b99", + "revCount": 344, "type": "git", "url": "https://github.com/EliverLara/Sweet" }, @@ -599,11 +470,11 @@ "sweet-ambar-blue-dark": { "flake": false, "locked": { - "lastModified": 1758309597, - "narHash": "sha256-zFpUDXUZ3zv8/5CIW/acl+SuMEGNZWHWKCuqlUtnCf8=", + "lastModified": 1759874277, + "narHash": "sha256-rULe52jTuZ+SFUkPEq0r91LML1z6fcMuXI+SDxWh7xI=", "ref": "Ambar-Blue-Dark", - "rev": "270ec6c58e073a6315ea4423d5e655c55e418020", - "revCount": 426, + "rev": "9f4378087326b6b594af7f61ea8a0ddea7f50056", + "revCount": 427, "type": "git", "url": "https://github.com/EliverLara/Sweet" }, diff --git a/flake.nix b/flake.nix index 1bf4d53..d483782 100644 --- a/flake.nix +++ b/flake.nix @@ -2,17 +2,41 @@ description = "Entrypoint of all nix configurations"; inputs = { - disko.url = "github:nix-community/disko"; + disko = { + inputs.nixpkgs.follows = "nixpkgs"; + url = "github:nix-community/disko"; + }; flake-utils.url = "github:numtide/flake-utils"; hardware.url = "github:nixos/nixos-hardware"; - home-manager.url = "github:nix-community/home-manager"; - jovian.url = "github:Jovian-Experiments/Jovian-NixOS"; - mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; + home-manager = { + inputs.nixpkgs.follows = "nixpkgs"; + url = "github:nix-community/home-manager"; + }; + jovian = { + inputs.nixpkgs.follows = "nixpkgs"; + url = "github:Jovian-Experiments/Jovian-NixOS"; + }; + mailserver = { + inputs.nixpkgs.follows = "nixpkgs"; + url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; + }; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - nix-custom.url = "git+https://forgejo.invariantspace.com/macronova/nix-custom"; - plasma-manager.url = "github:pjones/plasma-manager"; - pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix"; - sops-nix.url = "github:Mic92/sops-nix"; + nix-custom = { + inputs.nixpkgs.follows = "nixpkgs"; + url = "git+https://forgejo.invariantspace.com/macronova/nix-custom"; + }; + plasma-manager = { + inputs.nixpkgs.follows = "nixpkgs"; + url = "github:pjones/plasma-manager"; + }; + pre-commit-hooks = { + inputs.nixpkgs.follows = "nixpkgs"; + url = "github:cachix/pre-commit-hooks.nix"; + }; + sops-nix = { + inputs.nixpkgs.follows = "nixpkgs"; + url = "github:Mic92/sops-nix"; + }; }; outputs = inputs @ { diff --git a/linux/nebula/conduit.nix b/linux/nebula/conduit.nix index bfbb8fd..4cf782b 100644 --- a/linux/nebula/conduit.nix +++ b/linux/nebula/conduit.nix @@ -4,15 +4,6 @@ settings.global = { address = wildcard; port = port.conduit; - # TODO: Use secret file when possible - turn_secret = "84EoJSEVnlH@eiqqV7K!2vmAr^G"; - turn_uris = let - coturn-realm = "turn.${domain}"; - in [ - "turn:${coturn-realm}:${toString port.coturn-tls}?transport=udp" - "turn:${coturn-realm}:${toString port.coturn-tls}?transport=tcp" - ]; - turn_user_lifetime = "1h"; server_name = domain; }; }; diff --git a/linux/nebula/configuration.nix b/linux/nebula/configuration.nix index 055e27d..c4584fc 100644 --- a/linux/nebula/configuration.nix +++ b/linux/nebula/configuration.nix @@ -1,16 +1,17 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running `nixos-help`). -{...}: { +{pkgs, ...}: { # Configure boot loader - boot.loader = { - efi.canTouchEfiVariables = true; - systemd-boot.enable = true; + boot = { + kernelPackages = pkgs.linuxPackages_latest; + loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + }; + tmp.cleanOnBoot = true; }; - # Set your time zone. - time.timeZone = "America/Los_Angeles"; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It's perfectly fine and recommended to leave diff --git a/linux/nebula/hardware-configuration.nix b/linux/nebula/hardware-configuration.nix index 5929049..2c66f20 100644 --- a/linux/nebula/hardware-configuration.nix +++ b/linux/nebula/hardware-configuration.nix @@ -4,7 +4,6 @@ { config, lib, - pkgs, modulesPath, ... }: { diff --git a/linux/nebula/zfs.nix b/linux/nebula/zfs.nix index 279eeb2..2556177 100644 --- a/linux/nebula/zfs.nix +++ b/linux/nebula/zfs.nix @@ -1,5 +1,8 @@ -{...}: { - boot.loader.grub.zfsSupport = true; +{pkgs, ...}: { + boot = { + loader.grub.zfsSupport = true; + zfs.package = pkgs.zfs_unstable; + }; services.zfs = { autoScrub.enable = true; diff --git a/linux/protostar/configuration.nix b/linux/protostar/configuration.nix index 79240d7..5a7ae3b 100644 --- a/linux/protostar/configuration.nix +++ b/linux/protostar/configuration.nix @@ -3,9 +3,13 @@ # and in the NixOS manual (accessible by running `nixos-help`). {...}: { # Configuration boot - boot.loader = { - efi.canTouchEfiVariables = true; - systemd-boot.enable = true; + boot = { + loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + }; + + tmp.cleanOnBoot = true; }; # Change secrets file @@ -14,9 +18,6 @@ # Disable sudo password security.sudo.wheelNeedsPassword = false; - # Set timezone automatically - services.automatic-timezoned.enable = true; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It's perfectly fine and recommended to leave diff --git a/linux/protostar/hardware-configuration.nix b/linux/protostar/hardware-configuration.nix index fe6f3dc..8b38f30 100644 --- a/linux/protostar/hardware-configuration.nix +++ b/linux/protostar/hardware-configuration.nix @@ -4,7 +4,6 @@ { config, lib, - pkgs, modulesPath, ... }: { @@ -13,9 +12,7 @@ ]; boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usbhid" "sdhci_pci"]; - boot.initrd.kernelModules = []; boot.kernelModules = ["kvm-amd"]; - boot.extraModulePackages = []; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/linux/quasar/configuration.nix b/linux/quasar/configuration.nix index f741eb9..09fce01 100644 --- a/linux/quasar/configuration.nix +++ b/linux/quasar/configuration.nix @@ -4,6 +4,7 @@ {pkgs, ...}: { # Configure boot boot = { + kernelPackages = pkgs.linuxPackages_latest; initrd.systemd.enable = true; loader = { efi.canTouchEfiVariables = true; @@ -23,6 +24,7 @@ theme = "target_2"; themePackages = [pkgs.adi1090x-plymouth-themes]; }; + tmp.cleanOnBoot = true; }; # This option defines the first version of NixOS you have installed on this particular machine, diff --git a/linux/quasar/device.nix b/linux/quasar/device.nix index b26b73e..fd818d5 100644 --- a/linux/quasar/device.nix +++ b/linux/quasar/device.nix @@ -5,9 +5,6 @@ }: let userName = config.constants.userName; in { - # TODO: Remove this when apex 5 works out of the box: https://github.com/paroj/xpad/pull/328 - boot.kernelModules = ["xpad"]; - hardware = { bluetooth.enable = true; graphics = { @@ -28,7 +25,6 @@ in { security.rtkit.enable = true; services = { - automatic-timezoned.enable = true; avahi = { enable = true; nssmdns4 = true; @@ -45,13 +41,7 @@ in { pulse.enable = true; }; printing.enable = true; - udev = { - packages = [pkgs.via]; - # TODO: Remove this when apex 5 works out of the box: https://github.com/paroj/xpad/pull/328 - extraRules = '' - ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="37d7", ATTRS{idProduct}=="2501", RUN+="${pkgs.bash}/bin/bash -c 'echo 37d7 2501 > /sys/bus/usb/drivers/xpad/new_id'" - ''; - }; + udev.packages = [pkgs.via]; }; users.users.${userName}.extraGroups = ["adbusers" "cdrom" "docker"]; diff --git a/linux/quasar/hardware-configuration.nix b/linux/quasar/hardware-configuration.nix index fe247cc..2b11014 100644 --- a/linux/quasar/hardware-configuration.nix +++ b/linux/quasar/hardware-configuration.nix @@ -4,7 +4,6 @@ { config, lib, - pkgs, modulesPath, ... }: { diff --git a/linux/quasar/zfs.nix b/linux/quasar/zfs.nix index e276718..31f664f 100644 --- a/linux/quasar/zfs.nix +++ b/linux/quasar/zfs.nix @@ -1,6 +1,7 @@ { config, lib, + pkgs, ... }: { boot = { @@ -8,6 +9,7 @@ zfs = { extraPools = ["zarchive"]; requestEncryptionCredentials = ["zactive/main"]; + package = pkgs.zfs_unstable; }; }; diff --git a/linux/singularity/caddy.nix b/linux/singularity/caddy.nix index 61f19ed..5b30c24 100644 --- a/linux/singularity/caddy.nix +++ b/linux/singularity/caddy.nix @@ -69,10 +69,7 @@ with config.constants; { } ''; } - // (acme [ - config.mailserver.fqdn - config.services.coturn.realm - ]); + // (acme [config.mailserver.fqdn]); }; security.acme = { diff --git a/linux/singularity/configuration.nix b/linux/singularity/configuration.nix index d1445f6..002b42b 100644 --- a/linux/singularity/configuration.nix +++ b/linux/singularity/configuration.nix @@ -1,7 +1,8 @@ -{...}: { +{pkgs, ...}: { boot = { - tmp.cleanOnBoot = true; + kernelPackages = pkgs.linuxPackages_latest; loader.grub.device = "/dev/sda"; + tmp.cleanOnBoot = true; }; constants.sopsFile = ../../common/auths.yaml; diff --git a/linux/singularity/coturn.nix b/linux/singularity/coturn.nix deleted file mode 100644 index fedc836..0000000 --- a/linux/singularity/coturn.nix +++ /dev/null @@ -1,20 +0,0 @@ -{config, ...}: -with config.constants; let - acmeDir = config.security.acme.certs.${coturn-realm}.directory; - coturn-realm = "turn.${domain}"; -in { - services.coturn = { - enable = true; - cert = "${acmeDir}/fullchain.pem"; - listening-port = port.coturn; - min-port = port.coturn-relay-udp-min; - max-port = port.coturn-relay-udp-max; - pkey = "${acmeDir}/key.pem"; - realm = coturn-realm; - static-auth-secret-file = config.sops.secrets.coturn.path; - tls-listening-port = port.coturn-tls; - use-auth-secret = true; - }; - - sops.secrets.coturn.owner = "turnserver"; -} diff --git a/linux/singularity/default.nix b/linux/singularity/default.nix index 553dfcb..405b2eb 100644 --- a/linux/singularity/default.nix +++ b/linux/singularity/default.nix @@ -4,7 +4,6 @@ ../../common ./caddy.nix ./configuration.nix - ./coturn.nix ./hardware-configuration.nix ./headscale.nix ./mailserver.nix diff --git a/linux/singularity/hardware-configuration.nix b/linux/singularity/hardware-configuration.nix index ed40af4..d46627c 100644 --- a/linux/singularity/hardware-configuration.nix +++ b/linux/singularity/hardware-configuration.nix @@ -4,23 +4,11 @@ { config, lib, - pkgs, modulesPath, ... }: { imports = [(modulesPath + "/profiles/qemu-guest.nix")]; - # boot.initrd.availableKernelModules = - # [ "ata_piix" "virtio_pci" "virtio_scsi" "sd_mod" ]; - # boot.initrd.kernelModules = [ ]; - boot.kernelModules = []; - boot.extraModulePackages = []; - - # fileSystems."/" = { - # device = "/dev/disk/by-uuid/6d3bf8cd-1996-45fb-"; - # fsType = "ext4"; - # }; - boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"]; boot.initrd.kernelModules = ["nvme"]; fileSystems."/" = { @@ -28,8 +16,6 @@ fsType = "ext4"; }; - swapDevices = []; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction