Compare commits

...

78 Commits

Author SHA1 Message Date
790adeee5f cross compilation: build webp-pixbuf-loader without emulation 2023-02-21 00:05:37 +00:00
72c6f34043 cross: compile appstream, colord without emulation 2023-02-20 20:24:37 +00:00
6108c12631 pins: disable failing python310Packages.ipython tests 2023-02-20 20:23:32 +00:00
ba93870b51 pins: disable failing python310Packages.pytest-xdist tests 2023-02-19 21:42:27 +00:00
a871d4eb3d WIP: reduce emulated cross pkgset; aborted x86-x86 cross compilation 2023-02-18 11:58:04 +00:00
567b20ddde moby: ship the full recommended guiApps again 2023-02-18 11:57:16 +00:00
556cb1a2d0 phosh: disable konsole. it drags in a large closure, especially qt stuff which doesn't cross compile well 2023-02-18 11:57:16 +00:00
f40427245f cross packages: full moby build can cross compile (except konsole is untested) 2023-02-18 11:57:16 +00:00
ce1ba59413 programs: split the guiApps category into slightly smaller bits 2023-02-18 11:57:16 +00:00
691a6ef045 moby: ship some of the base apps 2023-02-18 11:57:16 +00:00
2fc99d8b5a cross packages: cross compile more stuff 2023-02-18 11:57:16 +00:00
80de7248ed gpodder: fix makeWrapper to be a nativeBuildInput 2023-02-18 11:57:16 +00:00
2fd16348e1 phosh-mobile-settings: cross compile 2023-02-18 11:57:16 +00:00
fcc1cb20d5 cross packages: cross compile more gnome packages 2023-02-18 11:57:16 +00:00
10be547077 working moby cross compilation 2023-02-18 11:57:16 +00:00
db1c5d16b5 cross packages: get more things to build and further reduce the emulated closure 2023-02-18 11:57:16 +00:00
a52f3d723a cross packages: get more things to build and further reduce the emulated closure 2023-02-18 11:57:16 +00:00
5a09f7a89d cross packages: reduce the emulated package set 2023-02-18 11:57:16 +00:00
f979dff5aa phosh: disable gvfs service 2023-02-18 11:57:16 +00:00
fd015f61b7 phosh: enable fewer gnome services/packages 2023-02-18 11:57:16 +00:00
7e5d86f931 programs: re-enable cdrtools, fwupd; disable duplicity/backblaze 2023-02-18 11:57:16 +00:00
b920b4713c tune emulated package set (e.g. only emulate one of gvfs' deps; not the WHOLE thing 2023-02-18 11:57:16 +00:00
7e58e39a5f WIP: moby: partially working cross compilation for phosh w/o apps (webkitgtk build OOMs) 2023-02-18 11:57:16 +00:00
98de5043cf moby: get working cross compilation for the base image (i.e. no GUI) 2023-02-18 11:57:16 +00:00
cda319b07a WIP: moby-cross: is cross-by-default instead of opt-in 2023-02-18 11:57:16 +00:00
0a0640cc43 gjs, libadwaita, libsecret: skip flakey check phase 2023-02-18 11:57:16 +00:00
035c4d65f8 mesa: downgrade from 22.3.4 -> 22.3.2 to address a memory leak 2023-02-18 11:57:14 +00:00
87ec775ddb flake update: nixpkgs 2023-02-15 -> 2023-02-16
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/28319deb5ab05458d9cd5c7d99e1a24ec2e8fc4b' (2023-02-15)
  → 'github:nixos/nixpkgs/ac1f5b72a9e95873d1de0233fddcb56f99884b37' (2023-02-16)
```
2023-02-18 11:39:09 +00:00
71028911e3 zsh: renew me to renew my license (c/o Ben) 2023-02-18 10:12:40 +00:00
5de54acd90 flake update: nixpkgs 2023-02-09 -> 2023-02-15
```
• Updated input 'mobile-nixos':
    'github:nixos/mobile-nixos/7478a9ffad737486951186b66f6c5535dc5802e2' (2023-01-28)
  → 'github:nixos/mobile-nixos/8701fcb1448f1eb67c0d47631ec2bdb613bd6a38' (2023-02-12)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/724bfc0892363087709bd3a5a1666296759154b1' (2023-02-09)
  → 'github:nixos/nixpkgs/28319deb5ab05458d9cd5c7d99e1a24ec2e8fc4b' (2023-02-15)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/8fec29b009c19538e68d5d814ec74e04f662fbd1' (2023-02-08)
  → 'github:Mic92/sops-nix/c5dab21d8706afc7ceb05c23d4244dcb48d6aade' (2023-02-12)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/e32c33811815ca4a535a16faf1c83eeb4493145b' (2023-02-05)
  → 'github:NixOS/nixpkgs/d863ca850a06d91365c01620dcac342574ecf46f' (2023-02-12)
```
2023-02-17 04:15:55 +00:00
d54d1b9295 net: rename archived secrets 2023-02-15 02:04:06 +00:00
b740af17cd net: document how to add new networks 2023-02-15 01:59:22 +00:00
40e7d8a689 net: add new WiFi connection details 2023-02-15 01:59:12 +00:00
2f16e802d8 rename old networks 2023-02-15 01:52:39 +00:00
b048b47d54 flake update: nixpkgs 2023-02-01 -> 2023-02-09; nixpkgs-stable; sops-nix
```
• Updated input 'nixpkgs':
    'path:/nix/store/8azr0ivnzf0y1sh2r7alxaxab3w49ggx-source/nixpatches?lastModified=1&narHash=sha256-rkVbviFmYYmbbVfvFRtOM95IjETbNu3I517Hrxp8EF4=' (1970-01-01)
  → 'path:/nix/store/3w6b87rfvnyg622z2dzhn7596wyyr4sr-source/nixpatches?lastModified=1&narHash=sha256-9oyw0fWhtUs%2fCV9QS8RgSwc2QgmvYecMlYVcdChbMxo=' (1970-01-01)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/4d7c2644dbac9cf8282c0afe68fca8f0f3e7b2db' (2023-02-01)
  → 'github:nixos/nixpkgs/724bfc0892363087709bd3a5a1666296759154b1' (2023-02-09)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/a81ce6c961480b3b93498507074000c589bd9d60' (2023-02-01)
  → 'github:Mic92/sops-nix/8fec29b009c19538e68d5d814ec74e04f662fbd1' (2023-02-08)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/a3a1400571e3b9ccc270c2e8d36194cf05aab6ce' (2023-02-01)
  → 'github:NixOS/nixpkgs/e32c33811815ca4a535a16faf1c83eeb4493145b' (2023-02-05)
```
2023-02-12 08:54:02 +00:00
bcfd8e1725 nit: remove trailing space 2023-02-05 19:35:34 +00:00
e0a6f8ea4a flake: add host-pkgs.<host>.<pkg> output
this builds packages precisely as they are defined by the given host.
significant for testing whether a cross-compiled host builds things
correctly, for example.
2023-02-05 19:34:32 +00:00
80f3d0472b handbrake patch: fix hash (updated upstream) 2023-02-05 07:18:20 +00:00
b6685c9e6c refactor: move konsole from moby/default.nix -> gui/phosh.nix 2023-02-04 10:00:10 +00:00
0c2d8af448 remove sane.gui.enable option 2023-02-04 00:50:47 +00:00
7ce0c34f43 sway: specify dependent packages more idiomatically, and fix bug where phosh wasn't actually shipping its dependents 2023-02-04 00:43:00 +00:00
f2e8be3bd1 phosh: specify dependent packages more idiomatically 2023-02-03 22:55:39 +00:00
9b2e7b02cc Merge branch 'staging/nixpkgs-2023-02-01' 2023-02-03 22:14:47 +00:00
1b3e0b95be persist: remove rust/cargo 2023-02-03 18:18:10 +00:00
f78968c73a persist /var/lib/systemd/coredump 2023-02-03 18:17:22 +00:00
d5d755a4b2 flake update: nixpkgs 2023-01-25 -> 2023-02-01; sops-nix
```
• Updated input 'nixpkgs':
    'path:/nix/store/760ff23zl95q4jza8mkg47vs9ff20hq3-source/nixpatches?lastModified=1&narHash=sha256-arp7Uy7ct5ryTcmSY032eN7hr33i7D2XvjTRLliCFDc=' (1970-01-01)
  → 'path:/nix/store/pr622dac2xv2fzxvkfdfzl3sba1m7xkm-source/nixpatches?lastModified=1&narHash=sha256-arp7Uy7ct5ryTcmSY032eN7hr33i7D2XvjTRLliCFDc=' (1970-01-01)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/9b97ad7b4330aacda9b2343396eb3df8a853b4fc' (2023-01-25)
  → 'github:nixos/nixpkgs/4d7c2644dbac9cf8282c0afe68fca8f0f3e7b2db' (2023-02-01)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/b6ab3c61e2ca5e07d1f4eb1b67304e2670ea230c' (2023-01-24)
  → 'github:Mic92/sops-nix/a81ce6c961480b3b93498507074000c589bd9d60' (2023-02-01)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/918b760070bb8f48cb511300fcd7e02e13058a2e' (2023-01-22)
  → 'github:NixOS/nixpkgs/a3a1400571e3b9ccc270c2e8d36194cf05aab6ce' (2023-02-01)
```
2023-02-03 09:46:26 +00:00
e08281c380 fix: typo in config option name 2023-02-03 09:09:37 +00:00
afb006f6ec programs: port last users & remove the old packages.nix 2023-02-03 05:26:57 +00:00
a76cf03232 remove unused "enableDevPkgs" option 2023-02-03 05:18:38 +00:00
9c24f24306 programs: port GUI apps to new config system 2023-02-03 05:08:52 +00:00
736999eea6 programs: port console packages to new config system 2023-02-03 04:24:17 +00:00
979ed38506 programs: make system be some type of meta-program/package 2023-02-03 04:03:22 +00:00
46285852d0 modules: add a sane.programs interface which i can use going forward in place of sane.packages 2023-02-03 03:38:23 +00:00
0e756d5064 packages: add sox sound converter 2023-02-02 10:23:01 +00:00
a52ead5aec nit: document what "foliate" application is 2023-02-02 00:21:07 +00:00
c0377ff1a0 dovecot: define Drafts and Trash folders 2023-01-31 08:22:20 +00:00
062ef20d05 dovecot: auto-create the "Sent" message box 2023-01-31 06:57:35 +00:00
a0861edc5f packages: enable kitty on servo to fix login error 2023-01-31 06:43:02 +00:00
eae075acb5 flake: remove unused nixpkgs-stable argument. we can re-add it when needed 2023-01-31 04:09:49 +00:00
ef2ba01141 pins: remove dead nheko code 2023-01-31 04:05:18 +00:00
2756e15bab flake update: nixpkgs-stable 2023-01-29 -> 2023-01-30
```
• Updated input 'nixpkgs-stable':
    'github:nixos/nixpkgs/22c4a7a4796a91c297a7e59078a84ec29515f86e' (2023-01-29)
  → 'github:nixos/nixpkgs/f413457e0dd7a42adefdbcea4391dd9751509025' (2023-01-30)
• Updated input 'uninsane-dot-org':
    'git+https://git.uninsane.org/colin/uninsane?ref=refs%2fheads%2fmaster&rev=80c6ec95bd430e29d231cf745f19279bb76fb382' (2022-10-27)
  → 'git+https://git.uninsane.org/colin/uninsane?ref=refs%2fheads%2fmaster&rev=b099c24091cc192abf3997b94342d4b31cc5757b' (2023-01-31)
```
2023-01-31 03:56:39 +00:00
940aac3a22 refactor: move persist settings into persist.nix 2023-01-31 03:44:48 +00:00
5f24e029af persist stores: make private/crypt support backing stores that aren't /nix/persist 2023-01-31 03:38:41 +00:00
98b542332b persist: crypt store: make paths overridable 2023-01-31 03:36:15 +00:00
70b62e9f76 persist stores: define the path for private at the host level 2023-01-31 03:29:53 +00:00
7c81df00df move nixcache.nix from modules -> hosts/modules 2023-01-30 11:25:46 +00:00
f288f34d1e nixpkgs-stable: 2023-01-28 -> 2023-01-29
```
• Updated input 'nixpkgs-stable':
    'github:nixos/nixpkgs/ce20e9ebe1903ea2ba1ab006ec63093020c761cb' (2023-01-28)
  → 'github:nixos/nixpkgs/22c4a7a4796a91c297a7e59078a84ec29515f86e' (2023-01-29)
```
2023-01-30 11:13:37 +00:00
854977c3aa move duplicity out of modules -> hosts 2023-01-30 11:11:42 +00:00
3653776399 cleanup: modules/users.nix: allow explicitly setting home, if needed 2023-01-30 11:06:47 +00:00
e4bff9b5ef refactor: persist: remove dead code 2023-01-30 10:51:41 +00:00
ec22c128e0 remove reference to /home/colin from modules/persist 2023-01-30 10:48:32 +00:00
77cc560052 use sane.user.persist instead of sane.persist.home 2023-01-30 10:35:03 +00:00
c1f3fc502d sane.users.<user>.persist: forward to sane.persist.home 2023-01-30 10:34:36 +00:00
4d3248d315 lib: mkTypedMerge: fix to work with recursive attrsets 2023-01-30 10:33:59 +00:00
45a1c07210 refactor: make use of sane.user.fs 2023-01-30 09:27:19 +00:00
a1a711190f refactor: make use of sane.user 2023-01-30 09:13:43 +00:00
ee9a2b320d add a sane.user option which is shorthand for the default user 2023-01-30 08:53:40 +00:00
870afec07e add which is shorthand to define a fs entry inside that user's home 2023-01-30 08:32:55 +00:00
66 changed files with 2533 additions and 1185 deletions

57
flake.lock generated
View File

@@ -18,11 +18,11 @@
"mobile-nixos": {
"flake": false,
"locked": {
"lastModified": 1674880620,
"narHash": "sha256-JMALuC7xcoH/T66sKTVLuItHfOJBCWsNKpE49Qrvs80=",
"lastModified": 1676240485,
"narHash": "sha256-bef1Zrfpo9cxaf19QhqfTwaagpeoNc08sc8OjYDjSnQ=",
"owner": "nixos",
"repo": "mobile-nixos",
"rev": "7478a9ffad737486951186b66f6c5535dc5802e2",
"rev": "8701fcb1448f1eb67c0d47631ec2bdb613bd6a38",
"type": "github"
},
"original": {
@@ -39,38 +39,22 @@
},
"locked": {
"lastModified": 1,
"narHash": "sha256-arp7Uy7ct5ryTcmSY032eN7hr33i7D2XvjTRLliCFDc=",
"path": "/nix/store/rk489311m97gs49qid05c1xra05h64sm-source/nixpatches",
"narHash": "sha256-AJlQHunLsnhZ8LdYirwIcqD1iojYJEQAdxGfJn9siPs=",
"path": "/nix/store/7s2pgwqd5ch6n53mh2v8hw7d1zp1r654-source/nixpatches",
"type": "path"
},
"original": {
"path": "/nix/store/rk489311m97gs49qid05c1xra05h64sm-source/nixpatches",
"path": "/nix/store/7s2pgwqd5ch6n53mh2v8hw7d1zp1r654-source/nixpatches",
"type": "path"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1674868155,
"narHash": "sha256-eFNm2h6fNbgD7ZpO4MHikCB5pSnCJ7DTmwPisjetmwc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ce20e9ebe1903ea2ba1ab006ec63093020c761cb",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1674352297,
"narHash": "sha256-OkAnJPrauEcUCrst4/3DKoQfUn2gXKuU6CFvhtMrLgg=",
"lastModified": 1676162277,
"narHash": "sha256-GK3cnvKNo1l0skGYXXiLJ/TLqdKyIYXd7jOlo0gN+Qw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "918b760070bb8f48cb511300fcd7e02e13058a2e",
"rev": "d863ca850a06d91365c01620dcac342574ecf46f",
"type": "github"
},
"original": {
@@ -82,11 +66,11 @@
},
"nixpkgs-unpatched": {
"locked": {
"lastModified": 1674641431,
"narHash": "sha256-qfo19qVZBP4qn5M5gXc/h1MDgAtPA5VxJm9s8RUAkVk=",
"lastModified": 1676569297,
"narHash": "sha256-2n4C4H3/U+3YbDrQB6xIw7AaLdFISCCFwOkcETAigqU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9b97ad7b4330aacda9b2343396eb3df8a853b4fc",
"rev": "ac1f5b72a9e95873d1de0233fddcb56f99884b37",
"type": "github"
},
"original": {
@@ -100,7 +84,6 @@
"inputs": {
"mobile-nixos": "mobile-nixos",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable",
"nixpkgs-unpatched": "nixpkgs-unpatched",
"sops-nix": "sops-nix",
"uninsane-dot-org": "uninsane-dot-org"
@@ -111,14 +94,14 @@
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_2"
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1674546403,
"narHash": "sha256-vkyNv0xzXuEnu9v52TUtRugNmQWIti8c2RhYnbLG71w=",
"lastModified": 1676171095,
"narHash": "sha256-2laeSjBAAJ9e/C3uTIPb287iX8qeVLtWiilw1uxqG+A=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "b6ab3c61e2ca5e07d1f4eb1b67304e2670ea230c",
"rev": "c5dab21d8706afc7ceb05c23d4244dcb48d6aade",
"type": "github"
},
"original": {
@@ -135,11 +118,11 @@
]
},
"locked": {
"lastModified": 1666870107,
"narHash": "sha256-b9eXZxSwhzdJI5uQgfrMhu4SY2POrPkinUg7F5gQVYo=",
"lastModified": 1675131883,
"narHash": "sha256-yBgJDG72YqIr1bltasqHD1E/kHc9uRFgDjxDmy6kI8M=",
"ref": "refs/heads/master",
"rev": "80c6ec95bd430e29d231cf745f19279bb76fb382",
"revCount": 164,
"rev": "b099c24091cc192abf3997b94342d4b31cc5757b",
"revCount": 170,
"type": "git",
"url": "https://git.uninsane.org/colin/uninsane"
},

View File

@@ -19,7 +19,7 @@
# but `inputs` is required to be a strict attrset: not an expression.
inputs = {
# <https://github.com/nixos/nixpkgs/tree/nixos-22.11>
nixpkgs-stable.url = "github:nixos/nixpkgs?ref=nixos-22.11";
# nixpkgs-stable.url = "github:nixos/nixpkgs?ref=nixos-22.11";
# <https://github.com/nixos/nixpkgs/tree/nixos-unstable>
nixpkgs-unpatched.url = "github:nixos/nixpkgs?ref=nixos-unstable";
@@ -46,12 +46,12 @@
outputs = {
self,
nixpkgs,
nixpkgs-stable,
nixpkgs-unpatched,
mobile-nixos,
sops-nix,
uninsane-dot-org
}:
uninsane-dot-org,
...
}@inputs:
let
nixpkgsCompiledBy = local: nixpkgs.legacyPackages."${local}";
@@ -67,7 +67,9 @@
(nixosSystem {
# we use pkgs built for and *by* the target, i.e. emulation, by default.
# cross compilation only happens on explicit access to `pkgs.cross`
system = target;
# system = target;
# localSystem = local;
# crossSystem = target;
modules = [
(import ./hosts/instantiate.nix { localSystem = local; hostName = name; })
self.nixosModules.default
@@ -78,6 +80,9 @@
self.overlays.passthru
self.overlays.pins
];
# nixpkgs.crossSystem = target;
nixpkgs.hostPlatform = target;
nixpkgs.buildPlatform = local;
}
];
});
@@ -111,15 +116,20 @@
# - `nixos-rebuild --flake './#<host>' switch`
imgs = builtins.mapAttrs (_: host-dfn: host-dfn.config.system.build.img) self.nixosConfigurations;
host-pkgs = builtins.mapAttrs (_: host-dfn: host-dfn.config.system.build.pkgs) self.nixosConfigurations;
overlays = rec {
default = pkgs;
pkgs = import ./overlays/pkgs.nix;
pins = import ./overlays/pins.nix; # TODO: move to `nixpatches/` input
passthru =
let
stable = next: prev: {
stable = nixpkgs-stable.legacyPackages."${prev.stdenv.hostPlatform.system}";
};
stable =
if inputs ? "nixpkgs-stable" then (
next: prev: {
stable = inputs.nixpkgs-stable.legacyPackages."${prev.stdenv.hostPlatform.system}";
}
) else (next: prev: {});
mobile = (import "${mobile-nixos}/overlay/overlay.nix");
uninsane = uninsane-dot-org.overlay;
in

View File

@@ -4,8 +4,6 @@
./fs.nix
];
# sane.packages.enableDevPkgs = true;
sane.roles.client = true;
sane.services.wg-home.enable = true;
sane.services.wg-home.ip = config.sane.hosts.by-name."desko".wg-home.ip;
@@ -16,6 +14,8 @@
sane.gui.sway.enable = true;
sane.programs.guiApps.suggestedPrograms = [ "desktopGuiApps" ];
boot.loader.efi.canTouchEfiVariables = false;
sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];
@@ -49,12 +49,12 @@
};
programs.steam = {
enable = true;
# enable = true;
# not sure if needed: stole this whole snippet from the wiki
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
};
sane.persist.home.plaintext = [
sane.user.persist.plaintext = [
".steam"
".local/share/Steam"
];

View File

@@ -8,15 +8,15 @@
sane.services.wg-home.enable = true;
sane.services.wg-home.ip = config.sane.hosts.by-name."lappy".wg-home.ip;
# sane.packages.enableDevPkgs = true;
# sane.users.guest.enable = true;
# sane.guest.enable = true;
sane.gui.sway.enable = true;
sane.persist.enable = true;
sane.nixcache.enable = true;
boot.loader.efi.canTouchEfiVariables = false;
sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];
sane.programs.guiApps.suggestedPrograms = [ "desktopGuiApps" ];
sops.secrets.colin-passwd = {
sopsFile = ../../../secrets/lappy.yaml;
neededForUsers = true;

View File

@@ -37,15 +37,10 @@
# addons.sideberry.enable = false;
};
sane.persist.home.plaintext = [
sane.user.persist.plaintext = [
".config/pulse" # persist pulseaudio volume
];
# sane.packages.enableGuiPkgs = false; # XXX faster builds/imaging for debugging
sane.packages.extraUserPkgs = [
pkgs.plasma5Packages.konsole # terminal
];
sane.nixcache.enable = true;
sane.persist.enable = true;
sane.gui.phosh.enable = true;

View File

@@ -114,7 +114,7 @@ in
# - phone rotation sensor is off by 90 degrees
# - ambient light sensor causes screen brightness to be shakey
# - phosh greeter may not appear after wake from sleep
boot.kernelPackages = pkgs.cross.linuxPackagesFor pkgs.cross.linux-megous;
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux-megous;
boot.kernelPatches = [
(patchDefconfig (kernelConfig //

View File

@@ -8,12 +8,13 @@
./services
];
sane.packages.extraUserPkgs = with pkgs; [
sane.programs = {
# for administering services
freshrss
matrix-synapse
signaldctl
];
freshrss.enableFor.user.colin = true;
matrix-synapse.enableFor.user.colin = true;
signaldctl.enableFor.user.colin = true;
};
sane.persist.enable = true;
sane.services.dyn-dns.enable = true;
sane.services.wg-home.enable = true;

View File

@@ -1,3 +1,6 @@
# DOCS:
# - dovecot config: <https://doc.dovecot.org/configuration_manual/>
{ config, lib, ... }:
let
@@ -143,6 +146,25 @@ in
# inspired by https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/
services.dovecot2.enable = true;
services.dovecot2.mailboxes = {
# special-purpose mailboxes: "All" "Archive" "Drafts" "Flagged" "Junk" "Sent" "Trash"
# RFC6154 describes these special mailboxes: https://www.ietf.org/rfc/rfc6154.html
# how these boxes are treated is 100% up to the client and server to decide.
# client behavior:
# iOS
# - Drafts: ?
# - Sent: works
# - Trash: works
# aerc
# - Drafts: works
# - Sent: works
# - Trash: no; deleted messages are actually deleted
# use `:move trash` instead
# Sent mailbox: all sent messages are copied to it. unclear if this happens server-side or client-side.
Drafts = { specialUse = "Drafts"; auto = "create"; };
Sent = { specialUse = "Sent"; auto = "create"; };
Trash = { specialUse = "Trash"; auto = "create"; };
};
services.dovecot2.sslServerCert = "/var/lib/acme/imap.uninsane.org/fullchain.pem";
services.dovecot2.sslServerKey = "/var/lib/acme/imap.uninsane.org/key.pem";
services.dovecot2.enablePAM = false;

File diff suppressed because it is too large Load Diff

View File

@@ -10,6 +10,8 @@
./ids.nix
./machine-id.nix
./net.nix
./persist.nix
./programs.nix
./secrets.nix
./ssh.nix
./users.nix
@@ -17,17 +19,8 @@
];
sane.nixcache.enable-trusted-keys = true;
sane.packages.enableConsolePkgs = true;
sane.packages.enableSystemPkgs = true;
sane.persist.sys.plaintext = [
"/var/log"
"/var/backup" # for e.g. postgres dumps
# TODO: move elsewhere
"/var/lib/alsa" # preserve output levels, default devices
"/var/lib/colord" # preserve color calibrations (?)
"/var/lib/machines" # maybe not needed, but would be painful to add a VM and forget.
];
sane.programs.sysadminUtils.enableFor.system = true;
sane.programs.consoleUtils.enableFor.user.colin = true;
# some services which use private directories error if the parent (/var/lib/private) isn't 700.
sane.fs."/var/lib/private".dir.acl.mode = "0700";

View File

@@ -7,5 +7,5 @@
sopsFile = ../../../secrets/universal/aerc_accounts.conf;
format = "binary";
};
sane.fs."/home/colin/.config/aerc/accounts.conf" = sane-lib.fs.wantedSymlinkTo config.sops.secrets.aerc_accounts.path;
sane.user.fs.".config/aerc/accounts.conf" = sane-lib.fs.wantedSymlinkTo config.sops.secrets.aerc_accounts.path;
}

View File

@@ -125,16 +125,17 @@ in
# `wget ...xpi`; `unar ...xpi`; `cat */manifest.json | jq '.browser_specific_settings.gecko.id'`
# browserpass-ce.package = addon "browserpass-ce" "browserpass@maximbaz.com" "sha256-sXgUBbRvMnRpeIW1MTkmTcoqtW/8RDXAkxAq1evFkpc=";
browserpass-extension.package = localAddon pkgs.browserpass-extension;
bypass-paywalls-clean.package = addon "bypass-paywalls-clean" "{d133e097-46d9-4ecc-9903-fa6a722a6e0e}" "sha256-JOj5P7c2JTTReHCRZXm4BscaGr3i+9Y4Ey/y621x8PI=";
# TODO: build bypass-paywalls from source? it's mysteriously disappeared from the Mozilla store.
# bypass-paywalls-clean.package = addon "bypass-paywalls-clean" "{d133e097-46d9-4ecc-9903-fa6a722a6e0e}" "sha256-oUwdqdAwV3DezaTtOMx7A/s4lzIws+t2f08mwk+324k=";
ether-metamask.package = addon "ether-metamask" "webextension@metamask.io" "sha256-G+MwJDOcsaxYSUXjahHJmkWnjLeQ0Wven8DU/lGeMzA=";
i2p-in-private-browsing.package = addon "i2p-in-private-browsing" "i2ppb@eyedeekay.github.io" "sha256-dJcJ3jxeAeAkRvhODeIVrCflvX+S4E0wT/PyYzQBQWs=";
sidebery.package = addon "sidebery" "{3c078156-979c-498b-8990-85f7987dd929}" "sha256-YONfK/rIjlsrTgRHIt3km07Q7KnpIW89Z9r92ZSCc6w=";
sponsorblock.package = addon "sponsorblock" "sponsorBlocker@ajay.app" "sha256-d2K3ufvurWnYVzqLbyR//MgejybkY9exitAf9RdLNRo=";
sponsorblock.package = addon "sponsorblock" "sponsorBlocker@ajay.app" "sha256-hRsvLaAsVm3dALsTrJqHTNgRFAQcU7XSaGhr5G6+mFs=";
ublacklist.package = addon "ublacklist" "@ublacklist" "sha256-RqY5iHzbL2qizth7aguyOKWPyINXmrwOlf/OsfqAS48=";
ublock-origin.package = addon "ublock-origin" "uBlock0@raymondhill.net" "sha256-a/ivUmY1P6teq9x0dt4CbgHt+3kBsEMMXlOfZ5Hx7cg=";
ublock-origin.package = addon "ublock-origin" "uBlock0@raymondhill.net" "sha256-52lYqMjrS3GVTaybDrH1p6VF90YVkifguCGxobI/fNQ=";
browserpass-extension.enable = lib.mkDefault true;
bypass-paywalls-clean.enable = lib.mkDefault true;
# bypass-paywalls-clean.enable = lib.mkDefault true;
ether-metamask.enable = lib.mkDefault true;
i2p-in-private-browsing.enable = lib.mkDefault config.services.i2p.enable;
sidebery.enable = lib.mkDefault true;
@@ -146,6 +147,11 @@ in
};
config = {
sane.programs.web-browser = {
inherit package;
# TODO: define the persistence & fs config here
};
sane.programs.guiApps.suggestedPrograms = [ "web-browser" ];
# uBlock filter list configuration.
# specifically, enable the GDPR cookie prompt blocker.
@@ -155,7 +161,7 @@ in
# the specific attribute path is found via scraping ublock code here:
# - <https://github.com/gorhill/uBlock/blob/master/src/js/storage.js>
# - <https://github.com/gorhill/uBlock/blob/master/assets/assets.json>
sane.fs."/home/colin/${cfg.browser.dotDir}/managed-storage/uBlock0@raymondhill.net.json" = sane-lib.fs.wantedText ''
sane.user.fs."${cfg.browser.dotDir}/managed-storage/uBlock0@raymondhill.net.json" = sane-lib.fs.wantedText ''
{
"name": "uBlock0@raymondhill.net",
"description": "ignored",
@@ -165,26 +171,24 @@ in
}
}
'';
sane.fs."/home/colin/${cfg.browser.dotDir}/${cfg.browser.libName}.overrides.cfg" = sane-lib.fs.wantedText ''
sane.user.fs."${cfg.browser.dotDir}/${cfg.browser.libName}.overrides.cfg" = sane-lib.fs.wantedText ''
// if we can't query the revocation status of a SSL cert because the issuer is offline,
// treat it as unrevoked.
// see: <https://librewolf.net/docs/faq/#im-getting-sec_error_ocsp_server_error-what-can-i-do>
defaultPref("security.OCSP.require", false);
'';
sane.packages.extraGuiPkgs = [ package ];
# flush the cache to disk to avoid it taking up too much tmp
sane.persist.home.byPath."${cfg.browser.cacheDir}" = lib.mkIf (cfg.persistCache != null) {
sane.user.persist.byPath."${cfg.browser.cacheDir}" = lib.mkIf (cfg.persistCache != null) {
store = cfg.persistCache;
};
sane.persist.home.byPath."${cfg.browser.dotDir}/default" = lib.mkIf (cfg.persistData != null) {
sane.user.persist.byPath."${cfg.browser.dotDir}/default" = lib.mkIf (cfg.persistData != null) {
store = cfg.persistData;
};
sane.fs."/home/colin/${cfg.browser.dotDir}/default" = sane-lib.fs.wantedDir;
sane.user.fs."${cfg.browser.dotDir}/default" = sane-lib.fs.wantedDir;
# instruct Firefox to put the profile in a predictable directory (so we can do things like persist just it).
# XXX: the directory *must* exist, even if empty; Firefox will not create the directory itself.
sane.fs."/home/colin/${cfg.browser.dotDir}/profiles.ini" = sane-lib.fs.wantedText ''
sane.user.fs."${cfg.browser.dotDir}/profiles.ini" = sane-lib.fs.wantedText ''
[Profile0]
Name=default
IsRelative=1

View File

@@ -6,7 +6,7 @@ let
all-feeds = config.sane.feeds;
wanted-feeds = feeds.filterByFormat ["text" "image"] all-feeds;
in {
sane.fs."/home/colin/.config/org.gabmus.gfeeds.json" = sane-lib.fs.wantedText (
sane.user.fs.".config/org.gabmus.gfeeds.json" = sane-lib.fs.wantedText (
builtins.toJSON {
# feed format is a map from URL to a dict,
# with dict["tags"] a list of string tags.

View File

@@ -4,7 +4,7 @@ let
mkCfg = lib.generators.toINI { };
in
{
sane.fs."/home/colin/.config/git/config" = sane-lib.fs.wantedText (mkCfg {
sane.user.fs.".config/git/config" = sane-lib.fs.wantedText (mkCfg {
user.name = "Colin";
user.email = "colin@uninsane.org";
alias.co = "checkout";

View File

@@ -6,7 +6,7 @@ let
all-feeds = config.sane.feeds;
wanted-feeds = feeds.filterByFormat ["podcast"] all-feeds;
in {
sane.fs."/home/colin/.config/gpodderFeeds.opml" = sane-lib.fs.wantedText (
sane.user.fs.".config/gpodderFeeds.opml" = sane-lib.fs.wantedText (
feeds.feedsToOpml wanted-feeds
);
}

View File

@@ -1,10 +1,11 @@
{ config, sane-lib, ... }:
{
sane.persist.home.private = [ ".local/share/keyrings" ];
sane.user.persist.private = [ ".local/share/keyrings" ];
sane.fs."/home/colin/private/.local/share/keyrings/default" = {
sane.user.fs."private/.local/share/keyrings/default" = {
generated.script.script = builtins.readFile ../../../scripts/init-keyring;
# TODO: is this `wantedBy` needed? can we inherit it?
wantedBy = [ config.sane.fs."/home/colin/private".unit ];
};
}

View File

@@ -1,7 +1,7 @@
{ pkgs, sane-lib, ... }:
{
sane.fs."/home/colin/.config/kitty/kitty.conf" = sane-lib.fs.wantedText ''
sane.user.fs.".config/kitty/kitty.conf" = sane-lib.fs.wantedText ''
# docs: https://sw.kovidgoyal.net/kitty/conf/
# disable terminal bell (when e.g. you backspace too many times)
enable_audio_bell no

View File

@@ -2,7 +2,7 @@
{
# libreoffice: disable first-run stuff
sane.fs."/home/colin/.config/libreoffice/4/user/registrymodifications.xcu" = sane-lib.fs.wantedText ''
sane.user.fs.".config/libreoffice/4/user/registrymodifications.xcu" = sane-lib.fs.wantedText ''
<?xml version="1.0" encoding="UTF-8"?>
<oor:items xmlns:oor="http://openoffice.org/2001/registry" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<item oor:path="/org.openoffice.Office.Common/Misc"><prop oor:name="FirstRun" oor:op="fuse"><value>false</value></prop></item>

View File

@@ -2,7 +2,7 @@
{
# format is <key>=%<length>%<value>
sane.fs."/home/colin/.config/mpv/mpv.conf" = sane-lib.fs.wantedText ''
sane.user.fs.".config/mpv/mpv.conf" = sane-lib.fs.wantedText ''
save-position-on-quit=%3%yes
keep-open=%3%yes
'';

View File

@@ -72,7 +72,7 @@ let
in
{
# private because there could be sensitive things in the swap
sane.persist.home.private = [ ".cache/vim-swap" ];
sane.user.persist.private = [ ".cache/vim-swap" ];
programs.neovim = {
# neovim: https://github.com/neovim/neovim

View File

@@ -6,7 +6,7 @@ let
all-feeds = config.sane.feeds;
wanted-feeds = feeds.filterByFormat ["text" "image"] all-feeds;
in {
sane.fs."/home/colin/.config/newsflashFeeds.opml" = sane-lib.fs.wantedText (
sane.user.fs.".config/newsflashFeeds.opml" = sane-lib.fs.wantedText (
feeds.feedsToOpml wanted-feeds
);
}

View File

@@ -4,9 +4,9 @@
{ pkgs, sane-lib, ... }:
{
sane.persist.home.plaintext = [ ".local/state/splatmoji" ];
sane.fs."/home/colin/.config/splatmoji/splatmoji.config" = sane-lib.fs.wantedText ''
history_file=/home/colin/.local/state/splatmoji/history
sane.user.persist.plaintext = [ ".local/state/splatmoji" ];
sane.user.fs.".config/splatmoji/splatmoji.config" = sane-lib.fs.wantedText ''
history_file=~/.local/state/splatmoji/history
history_length=5
# TODO: wayland equiv
paste_command=xdotool key ctrl+v

View File

@@ -12,9 +12,9 @@ let
in
{
# ssh key is stored in private storage
sane.persist.home.private = [ ".ssh/id_ed25519" ];
sane.fs."/home/colin/.ssh/id_ed25519.pub" = sane-lib.fs.wantedText user-pubkey;
sane.fs."/home/colin/.ssh/known_hosts" = sane-lib.fs.wantedText known-hosts-text;
sane.user.persist.private = [ ".ssh/id_ed25519" ];
sane.user.fs.".ssh/id_ed25519.pub" = sane-lib.fs.wantedText user-pubkey;
sane.user.fs.".ssh/known_hosts" = sane-lib.fs.wantedText known-hosts-text;
users.users.colin.openssh.authorizedKeys.keys =
let

View File

@@ -7,5 +7,5 @@
sopsFile = ../../../secrets/universal/sublime_music_config.json.bin;
format = "binary";
};
sane.fs."/home/colin/.config/sublime-music/config.json" = sane-lib.fs.wantedSymlinkTo config.sops.secrets.sublime_music_config.path;
sane.user.fs.".config/sublime-music/config.json" = sane-lib.fs.wantedSymlinkTo config.sops.secrets.sublime_music_config.path;
}

View File

@@ -9,7 +9,7 @@ let
);
in
{
sane.fs."/home/colin/.config/vlc/vlcrc" = sane-lib.fs.wantedText ''
sane.user.fs.".config/vlc/vlcrc" = sane-lib.fs.wantedText ''
[podcast]
podcast-urls=${podcast-urls}
[core]

View File

@@ -3,7 +3,7 @@
{
# XDG defines things like ~/Desktop, ~/Downloads, etc.
# these clutter the home, so i mostly don't use them.
sane.fs."/home/colin/.config/user-dirs.dirs" = sane-lib.fs.wantedText ''
sane.user.fs.".config/user-dirs.dirs" = sane-lib.fs.wantedText ''
XDG_DESKTOP_DIR="$HOME/.xdg/Desktop"
XDG_DOCUMENTS_DIR="$HOME/dev"
XDG_DOWNLOAD_DIR="$HOME/tmp"
@@ -16,5 +16,5 @@
# prevent `xdg-user-dirs-update` from overriding/updating our config
# see <https://manpages.ubuntu.com/manpages/bionic/man5/user-dirs.conf.5.html>
sane.fs."/home/colin/.config/user-dirs.conf" = sane-lib.fs.wantedText "enabled=False";
sane.user.fs.".config/user-dirs.conf" = sane-lib.fs.wantedText "enabled=False";
}

View File

@@ -26,7 +26,7 @@ let
'';
in
{
sane.persist.home.plaintext = [
sane.user.persist.plaintext = [
# we don't need to full zsh dir -- just the history file --
# but zsh will sometimes backup the history file and we get fewer errors if we do proper mounts instead of symlinks.
# TODO: should be private?
@@ -36,7 +36,7 @@ in
];
# zsh/prezto complains if zshrc doesn't exist; but it does allow an "empty" file.
sane.fs."/home/colin/.config/zsh/.zshrc" = sane-lib.fs.wantedText "# ";
sane.user.fs.".config/zsh/.zshrc" = sane-lib.fs.wantedText "# ";
# enable zsh completions
environment.pathsToLink = [ "/share/zsh" ];
@@ -83,6 +83,11 @@ in
pushd "$1";
}
expiration=$(date -d "6 Mar" +%s)
today=$(date +%s)
days_until=$(( ($expiration - $today) / (24*60*60) ))
echo "You have $days_until days to renew your driver's license"
# auto-cd into any of these dirs by typing them and pressing 'enter':
hash -d 3rd="/home/colin/dev/3rd"
hash -d dev="/home/colin/dev"
@@ -107,7 +112,7 @@ in
# prezto = oh-my-zsh fork; controls prompt, auto-completion, etc.
# see: https://github.com/sorin-ionescu/prezto
# i believe this file is auto-sourced by the prezto init.zsh script.
sane.fs."/home/colin/.config/zsh/.zpreztorc" = sane-lib.fs.wantedText ''
sane.user.fs.".config/zsh/.zpreztorc" = sane-lib.fs.wantedText ''
zstyle ':prezto:*:*' color 'yes'
# modules (they ship with prezto):

View File

@@ -1,3 +1,4 @@
# TODO: migrate to nixpkgs `config.ids.uids`
{ ... }:
{
@@ -35,7 +36,7 @@
sane.ids.sshd.uid = 2001; # 997
sane.ids.sshd.gid = 2001; # 997
sane.ids.polkituser.gid = 2002; # 998
sane.ids.systemd-coredump.gid = 2003; # 996
# sane.ids.systemd-coredump.gid = 2003; # 996 # 2023/02/12: upstream now specifies this as 151
sane.ids.nscd.uid = 2004;
sane.ids.nscd.gid = 2004;
sane.ids.systemd-oom.uid = 2005;

18
hosts/common/persist.nix Normal file
View File

@@ -0,0 +1,18 @@
{ ... }:
{
sane.persist.stores.private.origin = "/home/colin/private";
# store /home/colin/a/b in /home/private/a/b instead of /home/private/home/colin/a/b
sane.persist.stores.private.prefix = "/home/colin";
sane.persist.sys.plaintext = [
"/var/log"
"/var/backup" # for e.g. postgres dumps
# TODO: move elsewhere
"/var/lib/alsa" # preserve output levels, default devices
"/var/lib/colord" # preserve color calibrations (?)
"/var/lib/machines" # maybe not needed, but would be painful to add a VM and forget.
"/var/lib/systemd/backlight" # backlight brightness
"/var/lib/systemd/coredump"
];
}

340
hosts/common/programs.nix Normal file
View File

@@ -0,0 +1,340 @@
{ lib, pkgs, ... }:
let
inherit (builtins) attrNames concatLists;
inherit (lib) mapAttrs mapAttrsToList mkDefault mkMerge optional;
flattenedPkgs = pkgs // (with pkgs; {
# XXX can't `inherit` a nested attr, so we move them to the toplevel
"cacert.unbundled" = pkgs.cacert.unbundled;
"gnome.cheese" = gnome.cheese;
"gnome.dconf-editor" = gnome.dconf-editor;
"gnome.file-roller" = gnome.file-roller;
"gnome.gnome-disk-utility" = gnome.gnome-disk-utility;
"gnome.gnome-maps" = gnome.gnome-maps;
"gnome.nautilus" = gnome.nautilus;
"gnome.gnome-system-monitor" = gnome.gnome-system-monitor;
"gnome.gnome-terminal" = gnome.gnome-terminal;
"gnome.gnome-weather" = gnome.gnome-weather;
"libsForQt5.plasmatube" = libsForQt5.plasmatube;
});
sysadminPkgs = {
inherit (flattenedPkgs)
btrfs-progs
"cacert.unbundled" # some services require unbundled /etc/ssl/certs
cryptsetup
dig
efibootmgr
fatresize
fd
file
gawk
git
gptfdisk
hdparm
htop
iftop
inetutils # for telnet
iotop
iptables
jq
killall
lsof
nano
netcat
nethogs
nmap
openssl
parted
pciutils
powertop
pstree
ripgrep
screen
smartmontools
socat
strace
tcpdump
tree
usbutils
wget
;
};
# TODO: split these into smaller groups.
# - iphone utils (libimobiledevice, ifuse) only wanted on desko, maybe lappy
# - transcoders (ffmpeg, imagemagick) only wanted on desko/lappy
consolePkgs = {
inherit (pkgs)
aerc # email client
# backblaze-b2 # TODO: put into the same package set as duplicity
cdrtools
dmidecode
# duplicity # TODO: enable as part of some smaller package set
efivar
flashrom
fwupd
ghostscript # TODO: imagemagick wrapper should add gs to PATH
gnupg
gocryptfs
gopass
gopass-jsonapi
ifuse
imagemagick
ipfs
kitty # TODO: move to GUI, but `ssh servo` from kitty sets `TERM=xterm-kitty` in the remove and breaks things
libimobiledevice
libsecret # for managing user keyrings
lm_sensors # for sensors-detect
lshw
ffmpeg
memtester
networkmanager
nixpkgs-review
# nixos-generators
# nettools
nmon
oathToolkit # for oathtool
# ponymix
pulsemixer
python3
rsync
# python3Packages.eyeD3 # music tagging
sane-scripts
sequoia
snapper
sops
sox
speedtest-cli
sqlite # to debug sqlite3 databases
ssh-to-age
sudo
# tageditor # music tagging
unar
visidata
w3m
wireguard-tools
xdg-utils # for xdg-open
# youtube-dl
yt-dlp
;
};
guiPkgs = {
inherit (flattenedPkgs)
celluloid # mpv frontend
clinfo
emote
evince # works on phosh
# { pkg = fluffychat-moby; dir = [ ".local/share/chat.fluffy.fluffychat" ]; } # TODO: ship normal fluffychat on non-moby?
# foliate # e-book reader
# XXX by default fractal stores its state in ~/.local/share/<UUID>.
# after logging in, manually change ~/.local/share/keyrings/... to point it to some predictable subdir.
# then reboot (so that libsecret daemon re-loads the keyring...?)
# { pkg = fractal-latest; private = [ ".local/share/fractal" ]; }
# { pkg = fractal-next; private = [ ".local/share/fractal" ]; }
# "gnome.cheese"
"gnome.dconf-editor"
gnome-feeds # RSS reader (with claimed mobile support)
"gnome.file-roller"
# "gnome.gnome-maps" # works on phosh
"gnome.nautilus"
# gnome-podcasts
"gnome.gnome-system-monitor"
"gnome.gnome-terminal" # works on phosh
"gnome.gnome-weather"
gpodder-configured
gthumb
# lollypop
mpv
networkmanagerapplet
# newsflash
nheko
pavucontrol
# picard # music tagging
playerctl
# "libsForQt5.plasmatube" # Youtube player
soundconverter
# sublime music persists any downloaded albums here.
# it doesn't obey a conventional ~/Music/{Artist}/{Album}/{Track} notation, so no symlinking
# config (e.g. server connection details) is persisted in ~/.config/sublime-music/config.json
# possible to pass config as a CLI arg (sublime-music -c config.json)
# { pkg = sublime-music; dir = [ ".local/share/sublime-music" ]; }
sublime-music-mobile
# tdesktop # broken on phosh
# tokodon
vlc
# pleroma client (Electron). input is broken on phosh. TODO(2023/02/02): fix electron19 input (insecure)
# whalebird
xterm # broken on phosh
;
};
desktopGuiPkgs = {
inherit (flattenedPkgs)
audacity
chromium
dino
electrum
element-desktop
font-manager
gajim # XMPP client
gimp # broken on phosh
"gnome.gnome-disk-utility"
inkscape
kdenlive
kid3 # audio tagging
krita
libreoffice-fresh # XXX colin: maybe don't want this on mobile
obsidian
;
};
x86GuiPkgs = {
inherit (pkgs)
discord
# kaiteki # Pleroma client
# gnome.zenity # for kaiteki (it will use qarma, kdialog, or zenity)
# gpt2tc # XXX: unreliable mirror
# TODO(unpin): handbrake is broken on aarch64-linux 2023/01/29
handbrake
logseq
losslesscut-bin
makemkv
monero-gui
signal-desktop
spotify
tor-browser-bundle-bin
zecwallet-lite
;
};
# define -- but don't enable -- the packages in some attrset.
# use `mkDefault` for the package here so we can customize some of them further down this file
declarePkgs = pkgsAsAttrs: mapAttrs (_n: p: {
package = mkDefault p;
}) pkgsAsAttrs;
in
{
config = {
sane.programs = mkMerge [
(declarePkgs sysadminPkgs)
(declarePkgs consolePkgs)
(declarePkgs guiPkgs)
(declarePkgs desktopGuiPkgs)
(declarePkgs x86GuiPkgs)
{
# link the various package sets into their own meta packages
sysadminUtils = {
package = null;
suggestedPrograms = attrNames sysadminPkgs;
};
consoleUtils = {
package = null;
suggestedPrograms = attrNames consolePkgs;
};
guiApps = {
package = null;
suggestedPrograms = (attrNames guiPkgs)
++ optional (pkgs.system == "x86_64-linux") "x86GuiApps";
};
desktopGuiApps = {
package = null;
suggestedPrograms = attrNames desktopGuiPkgs;
};
x86GuiApps = {
package = null;
suggestedPrograms = attrNames x86GuiPkgs;
};
}
{
# nontrivial package definitions
imagemagick.package = pkgs.imagemagick.override {
ghostscriptSupport = true;
};
dino.private = [ ".local/share/dino" ];
# creds, but also 200 MB of node modules, etc
discord = {
package = pkgs.discord.override {
# XXX 2022-07-31: fix to allow links to open in default web-browser:
# https://github.com/NixOS/nixpkgs/issues/78961
nss = pkgs.nss_latest;
};
private = [ ".config/discord" ];
};
# creds/session keys, etc
element-desktop.private = [ ".config/Element" ];
# `emote` will show a first-run dialog based on what's in this directory.
# mostly, it just keeps a LRU of previously-used emotes to optimize display order.
# TODO: package [smile](https://github.com/mijorus/smile) for probably a better mobile experience.
emote.dir = [ ".local/share/Emote" ];
# XXX: we preserve the whole thing because if we only preserve gPodder/Downloads
# then startup is SLOW during feed import, and we might end up with zombie eps in the dl dir.
gpodder-configured.dir = [ "gPodder" ];
# actual monero blockchain (not wallet/etc; safe to delete, just slow to regenerate)
# XXX: is it really safe to persist this? it doesn't have info that could de-anonymize if captured?
monero-gui.dir = [ ".bitmonero" ];
mpv.dir = [ ".config/mpv/watch_later" ];
# not strictly necessary, but allows caching articles; offline use, etc.
newsflash.dir = [ ".local/share/news-flash" ];
nheko.private = [
".config/nheko" # config file (including client token)
".cache/nheko" # media cache
".local/share/nheko" # per-account state database
];
# settings (electron app)
obsidian.dir = [ ".config/obsidian" ];
# creds, media
signal-desktop.private = [ ".config/Signal" ];
# creds, widevine .so download. TODO: could easily manage these statically.
spotify.dir = [ ".config/spotify" ];
# sublime music persists any downloaded albums here.
# it doesn't obey a conventional ~/Music/{Artist}/{Album}/{Track} notation, so no symlinking
# config (e.g. server connection details) is persisted in ~/.config/sublime-music/config.json
# possible to pass config as a CLI arg (sublime-music -c config.json)
# { pkg = sublime-music; dir = [ ".local/share/sublime-music" ]; }
sublime-music-mobile.dir = [ ".local/share/sublime-music" ];
tdesktop.private = [ ".local/share/TelegramDesktop" ];
tokodon.private = [ ".cache/KDE/tokodon" ];
# hardenedMalloc solves a crash at startup
# TODO 2023/02/02: is this safe to remove yet?
tor-browser-bundle-bin.package = pkgs.tor-browser-bundle-bin.override {
useHardenedMalloc = false;
};
# vlc remembers play position in ~/.config/vlc/vlc-qt-interface.conf
vlc.dir = [ ".config/vlc" ];
whalebird.private = [ ".config/Whalebird" ];
# zcash coins. safe to delete, just slow to regenerate (10-60 minutes)
zecwallet-lite.private = [ ".zcash" ];
}
];
# XXX: this might not be necessary. try removing this and cacert.unbundled (servo)?
environment.etc."ssl/certs".source = "${pkgs.cacert.unbundled}/etc/ssl/certs/*";
};
}

View File

@@ -99,18 +99,22 @@
sopsFile = ../../secrets/universal/net/friend-rationalist-empathist.psk.bin;
format = "binary";
};
sops.secrets."iwd/home-bedroom.psk" = {
sopsFile = ../../secrets/universal/net/home-bedroom.psk.bin;
format = "binary";
};
sops.secrets."iwd/home-shared-24G.psk" = {
sopsFile = ../../secrets/universal/net/home-shared-24G.psk.bin;
format = "binary";
};
sops.secrets."iwd/home-shared.psk" = {
sopsFile = ../../secrets/universal/net/home-shared.psk.bin;
format = "binary";
};
sops.secrets."iwd/archive-2023-02-home-bedroom.psk" = {
sopsFile = ../../secrets/universal/net/archive/2023-02-home-bedroom.psk.bin;
format = "binary";
};
sops.secrets."iwd/archive-2023-02-home-shared-24G.psk" = {
sopsFile = ../../secrets/universal/net/archive/2023-02-home-shared-24G.psk.bin;
format = "binary";
};
sops.secrets."iwd/archive-2023-02-home-shared.psk" = {
sopsFile = ../../secrets/universal/net/archive/2023-02-home-shared.psk.bin;
format = "binary";
};
sops.secrets."iwd/iphone" = {
sopsFile = ../../secrets/universal/net/iphone.psk.bin;
format = "binary";

View File

@@ -3,12 +3,12 @@
# installer docs: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/installation-device.nix
with lib;
let
cfg = config.sane.users;
cfg = config.sane.guest;
fs = sane-lib.fs;
in
{
options = {
sane.users.guest.enable = mkOption {
sane.guest.enable = mkOption {
default = false;
type = types.bool;
};
@@ -49,8 +49,6 @@ in
shell = pkgs.zsh;
packages = builtins.map (p: p.pkg) config.sane.packages.enabledUserPkgs;
# mount encrypted stuff at login
# some other nix pam users:
# - <https://github.com/g00pix/nixconf/blob/32c04f6fa843fed97639dd3f09e157668d3eea1f/profiles/sshfs.nix>
@@ -68,6 +66,7 @@ in
security.pam.mount.enable = true;
sane.users.colin.default = true;
# ensure ~ perms are known to sane.fs module.
# TODO: this is generic enough to be lifted up into sane.fs itself.
sane.fs."/home/colin".dir.acl = {
@@ -76,7 +75,7 @@ in
mode = config.users.users.colin.homeMode;
};
sane.persist.home.plaintext = [
sane.user.persist.plaintext = [
"archive"
"dev"
# TODO: records should be private
@@ -90,25 +89,26 @@ in
".cache/nix"
".cache/nix-index"
".cargo"
".rustup"
# ".cargo"
# ".rustup"
];
# convenience
sane.fs."/home/colin/knowledge" = fs.wantedSymlinkTo "/home/colin/private/knowledge";
sane.fs."/home/colin/nixos" = fs.wantedSymlinkTo "/home/colin/dev/nixos";
sane.fs."/home/colin/Videos/servo" = fs.wantedSymlinkTo "/mnt/servo-media/Videos";
sane.fs."/home/colin/Videos/servo-incomplete" = fs.wantedSymlinkTo "/mnt/servo-media/incomplete";
sane.fs."/home/colin/Music/servo" = fs.wantedSymlinkTo "/mnt/servo-media/Music";
sane.user.fs."knowledge" = fs.wantedSymlinkTo "private/knowledge";
sane.user.fs."nixos" = fs.wantedSymlinkTo "dev/nixos";
sane.user.fs."Videos/servo" = fs.wantedSymlinkTo "/mnt/servo-media/Videos";
sane.user.fs."Videos/servo-incomplete" = fs.wantedSymlinkTo "/mnt/servo-media/incomplete";
sane.user.fs."Music/servo" = fs.wantedSymlinkTo "/mnt/servo-media/Music";
# used by password managers, e.g. unix `pass`
sane.fs."/home/colin/.password-store" = fs.wantedSymlinkTo "/home/colin/knowledge/secrets/accounts";
sane.user.fs.".password-store" = fs.wantedSymlinkTo "knowledge/secrets/accounts";
sane.persist.sys.plaintext = mkIf cfg.guest.enable [
sane.persist.sys.plaintext = mkIf cfg.enable [
# intentionally allow other users to write to the guest folder
{ directory = "/home/guest"; user = "guest"; group = "users"; mode = "0775"; }
];
users.users.guest = mkIf cfg.guest.enable {
users.users.guest = mkIf cfg.enable {
isNormalUser = true;
home = "/home/guest";
subUidRanges = [

View File

@@ -15,13 +15,13 @@
networking.hostName = hostName;
nixpkgs.overlays = [
(next: prev: {
# for local != target we by default just emulate the target while building.
# provide a `pkgs.cross.<pkg>` alias that consumers can use instead of `pkgs.<foo>`
# to explicitly opt into non-emulated cross compilation for any specific package.
# this is most beneficial for large packages with few pre-requisites -- like Linux.
cross = next.crossFrom."${localSystem}";
})
];
# nixpkgs.overlays = [
# (next: prev: {
# # for local != target we by default just emulate the target while building.
# # provide a `pkgs.cross.<pkg>` alias that consumers can use instead of `pkgs.<foo>`
# # to explicitly opt into non-emulated cross compilation for any specific package.
# # this is most beneficial for large packages with few pre-requisites -- like Linux.
# cross = prev.crossFrom."${localSystem}";
# })
# ];
}

View File

@@ -7,7 +7,9 @@
./hardware
./hostnames.nix
./hosts.nix
./nixcache.nix
./roles
./services
./wg-home.nix
];
}

View File

@@ -12,24 +12,4 @@ in
./plasma-mobile.nix
./sway.nix
];
options = {
sane.gui.enable = mkOption {
default = false;
type = types.bool;
description = ''
enables config used by any GUI, like display management or select packages.
the user should prefer to interact with specific GUIs like `sane.gui.sway`
and let those modules auto-set this flag when necessary.
'';
};
};
config = mkIf cfg.enable {
sane.packages.enableGuiPkgs = mkDefault true;
# preserve backlight brightness across power cycles
# see `man systemd-backlight`
sane.persist.sys.plaintext = [ "/var/lib/systemd/backlight" ];
};
}

View File

@@ -13,7 +13,7 @@ in
};
config = mkIf cfg.enable {
sane.gui.enable = true;
sane.programs.guiApps.enableFor.user.colin = true;
# start gnome/gdm on boot
services.xserver.enable = true;

View File

@@ -20,9 +20,34 @@ in
};
};
config = mkIf cfg.enable (mkMerge [
config = mkMerge [
{
sane.gui.enable = true;
sane.programs.phoshApps = {
package = null;
suggestedPrograms = [
"guiApps"
# TODO: see about removing gnome-bluetooth if the in-built gnome-settings bluetooth manager can work
"gnome.gnome-bluetooth"
"phosh-mobile-settings"
# "plasma5Packages.konsole" # more reliable terminal
];
};
}
{
sane.programs = {
inherit (pkgs // {
"gnome.gnome-bluetooth" = pkgs.gnome.gnome-bluetooth;
"plasma5Packages.konsole" = pkgs.plasma5Packages.konsole;
})
phosh-mobile-settings
"plasma5Packages.konsole"
# "gnome.gnome-bluetooth"
;
};
}
(mkIf cfg.enable {
sane.programs.phoshApps.enableFor.user.colin = true;
# docs: https://github.com/NixOS/nixpkgs/blob/nixos-22.05/nixos/modules/services/x11/desktop-managers/phosh.nix
services.xserver.desktopManager.phosh = {
@@ -38,6 +63,28 @@ in
};
};
# phosh enables `services.gnome.{core-os-services, core-shell}`
# and this in turn enables some default apps we don't really care about.
# see <nixos/modules/services/x11/desktop-managers/gnome.nix>
environment.gnome.excludePackages = with pkgs; [
# gnome.gnome-menus # unused outside gnome classic, but probably harmless
gnome-tour
];
services.dleyna-renderer.enable = false;
services.dleyna-server.enable = false;
services.gnome.gnome-browser-connector.enable = false;
services.gnome.gnome-initial-setup.enable = false;
services.gnome.gnome-online-accounts.enable = false;
services.gnome.gnome-remote-desktop.enable = false;
services.gnome.gnome-user-share.enable = false;
services.gnome.rygel.enable = false;
# gnome doesn't use mkDefault for these -- unclear why not
services.gnome.evolution-data-server.enable = mkForce false;
services.gnome.gnome-online-miners.enable = mkForce false;
# TODO: re-enable this once we can cross-compile gvfs
services.gvfs.enable = mkForce false;
# XXX: phosh enables networkmanager by default; can probably disable these lines
networking.useDHCP = false;
networking.networkmanager.enable = true;
@@ -60,6 +107,7 @@ in
};
programs.dconf.packages = [
# org.kde.konsole.desktop
(pkgs.writeTextFile {
name = "dconf-phosh-settings";
destination = "/etc/dconf/db/site.d/00_phosh_settings";
@@ -72,19 +120,13 @@ in
sleep-inactive-battery-timeout=5400
[sm/puri/phosh]
favorites=['gpodder.desktop', 'nheko.desktop', 'sublime-music.desktop', 'firefox.desktop', 'org.kde.konsole.desktop']
favorites=['gpodder.desktop', 'nheko.desktop', 'sublime-music.desktop', 'firefox.desktop', 'org.gnome.Terminal.desktop']
'';
})
];
})
sane.packages.extraUserPkgs = with pkgs; [
phosh-mobile-settings
# TODO: see about removing this if the in-built gnome-settings bluetooth manager can work
gnome.gnome-bluetooth
];
}
(mkIf cfg.useGreeter {
(mkIf (cfg.enable && cfg.useGreeter) {
services.xserver.enable = true;
# NB: setting defaultSession has the critical side-effect that it lets org.freedesktop.AccountsService
# know that our user exists. this ensures lightdm succeeds when calling /org/freedesktop/AccountsServices ListCachedUsers
@@ -110,5 +152,5 @@ in
systemd.services.phosh.wantedBy = lib.mkForce []; # disable auto-start
})
]);
];
}

View File

@@ -13,7 +13,8 @@ in
};
config = mkIf cfg.enable {
sane.gui.enable = true;
sane.programs.guiApps.enableFor.user.colin = true;
# start plasma-mobile on boot
services.xserver.enable = true;
services.xserver.desktopManager.plasma5.mobile.enable = true;

View File

@@ -13,7 +13,7 @@ in
};
config = mkIf cfg.enable {
sane.gui.enable = true;
sane.programs.guiApps.enableFor.user.colin = true;
# start plasma on boot
services.xserver.enable = true;

View File

@@ -120,523 +120,543 @@ in
type = types.bool;
};
};
config = mkIf cfg.enable {
sane.gui.enable = true;
# swap in these lines to use SDDM instead of `services.greetd`.
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.enable = true;
services.greetd = {
# greetd source/docs:
# - <https://git.sr.ht/~kennylevinsen/greetd>
enable = true;
settings = {
default_session = if cfg.useGreeter then greeter-session else greeterless-session;
config = mkMerge [
{
sane.programs.swayApps = {
package = null;
suggestedPrograms = [
"guiApps"
"swaylock"
"swayidle"
"wl-clipboard"
"mako" # notification daemon
# # "pavucontrol"
"gnome.gnome-bluetooth"
"gnome.gnome-control-center"
];
};
};
# we need the greeter's command to be on our PATH
users.users.colin.packages = [ sway-launcher ];
}
{
sane.programs = {
inherit (pkgs // {
"gnome.gnome-bluetooth" = pkgs.gnome.gnome-bluetooth;
"gnome.gnome-control-center" = pkgs.gnome.gnome-control-center;
})
swaylock
swayidle
wl-clipboard
mako
"gnome.gnome-bluetooth"
"gnome.gnome-control-center"
;
};
}
# some programs (e.g. fractal) **require** a "Secret Service Provider"
services.gnome.gnome-keyring.enable = true;
(mkIf cfg.enable {
sane.programs.swayApps.enableFor.user.colin = true;
# unlike other DEs, sway configures no audio stack
# administer with pw-cli, pw-mon, pw-top commands
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true; # ??
pulse.enable = true;
};
# swap in these lines to use SDDM instead of `services.greetd`.
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.enable = true;
services.greetd = {
# greetd source/docs:
# - <https://git.sr.ht/~kennylevinsen/greetd>
enable = true;
settings = {
default_session = if cfg.useGreeter then greeter-session else greeterless-session;
};
};
# we need the greeter's command to be on our PATH
users.users.colin.packages = [ sway-launcher ];
networking.useDHCP = false;
networking.networkmanager.enable = true;
networking.wireless.enable = lib.mkForce false;
# some programs (e.g. fractal) **require** a "Secret Service Provider"
services.gnome.gnome-keyring.enable = true;
hardware.bluetooth.enable = true;
services.blueman.enable = true;
# gsd provides Rfkill, which is required for the bluetooth pane in gnome-control-center to work
services.gnome.gnome-settings-daemon.enable = true;
# start the components of gsd we need at login
systemd.user.targets."org.gnome.SettingsDaemon.Rfkill".wantedBy = [ "graphical-session.target" ];
# go ahead and `systemctl --user cat gnome-session-initialized.target`. i dare you.
# the only way i can figure out how to get Rfkill to actually load is to just disable all the shit it depends on.
# it doesn't actually seem to need ANY of them in the first place T_T
systemd.user.targets."gnome-session-initialized".enable = false;
# bluez can't connect to audio devices unless pipewire is running.
# a system service can't depend on a user service, so just launch it at graphical-session
systemd.user.services."pipewire".wantedBy = [ "graphical-session.target" ];
# unlike other DEs, sway configures no audio stack
# administer with pw-cli, pw-mon, pw-top commands
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true; # ??
pulse.enable = true;
};
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
sane.fs."/home/colin/.config/sway/config" =
let
fuzzel = "${pkgs.fuzzel}/bin/fuzzel";
sed = "${pkgs.gnused}/bin/sed";
wtype = "${pkgs.wtype}/bin/wtype";
kitty = "${pkgs.kitty}/bin/kitty";
launcher-cmd = fuzzel;
terminal-cmd = kitty;
lock-cmd = "${pkgs.swaylock}/bin/swaylock --indicator-idle-visible --indicator-radius 100 --indicator-thickness 30";
vol-up-cmd = "${pkgs.pulsemixer}/bin/pulsemixer --change-volume +5";
vol-down-cmd = "${pkgs.pulsemixer}/bin/pulsemixer --change-volume -5";
mute-cmd = "${pkgs.pulsemixer}/bin/pulsemixer --toggle-mute";
brightness-up-cmd = "${pkgs.brightnessctl}/bin/brightnessctl set +2%";
brightness-down-cmd = "${pkgs.brightnessctl}/bin/brightnessctl set 2%-";
screenshot-cmd = "${pkgs.sway-contrib.grimshot}/bin/grimshot copy area";
# "bookmarking"/snippets inspired by Luke Smith:
# - <https://www.youtube.com/watch?v=d_11QaTlf1I>
snip-file = ./snippets.txt;
# TODO: querying sops here breaks encapsulation
list-snips = "cat ${snip-file} ${config.sops.secrets.snippets.path}";
strip-comments = "${sed} 's/ #.*$//'";
snip-cmd = "${wtype} $(${list-snips} | ${fuzzel} -d -i -w 60 | ${strip-comments})";
# TODO: next splatmoji release should allow `-s none` to disable skin tones
emoji-cmd = "${pkgs.splatmoji}/bin/splatmoji -s medium-light type";
in sane-lib.fs.wantedText ''
### default font
font pango:monospace 8
networking.useDHCP = false;
networking.networkmanager.enable = true;
networking.wireless.enable = lib.mkForce false;
### pixel boundary between windows
default_border pixel 3
default_floating_border pixel 2
hide_edge_borders smart
hardware.bluetooth.enable = true;
services.blueman.enable = true;
# gsd provides Rfkill, which is required for the bluetooth pane in gnome-control-center to work
services.gnome.gnome-settings-daemon.enable = true;
# start the components of gsd we need at login
systemd.user.targets."org.gnome.SettingsDaemon.Rfkill".wantedBy = [ "graphical-session.target" ];
# go ahead and `systemctl --user cat gnome-session-initialized.target`. i dare you.
# the only way i can figure out how to get Rfkill to actually load is to just disable all the shit it depends on.
# it doesn't actually seem to need ANY of them in the first place T_T
systemd.user.targets."gnome-session-initialized".enable = false;
# bluez can't connect to audio devices unless pipewire is running.
# a system service can't depend on a user service, so just launch it at graphical-session
systemd.user.services."pipewire".wantedBy = [ "graphical-session.target" ];
### defaults
focus_wrapping no
focus_follows_mouse yes
focus_on_window_activation smart
mouse_warping output
workspace_layout default
workspace_auto_back_and_forth no
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
sane.user.fs.".config/sway/config" =
let
fuzzel = "${pkgs.fuzzel}/bin/fuzzel";
sed = "${pkgs.gnused}/bin/sed";
wtype = "${pkgs.wtype}/bin/wtype";
kitty = "${pkgs.kitty}/bin/kitty";
launcher-cmd = fuzzel;
terminal-cmd = kitty;
lock-cmd = "${pkgs.swaylock}/bin/swaylock --indicator-idle-visible --indicator-radius 100 --indicator-thickness 30";
vol-up-cmd = "${pkgs.pulsemixer}/bin/pulsemixer --change-volume +5";
vol-down-cmd = "${pkgs.pulsemixer}/bin/pulsemixer --change-volume -5";
mute-cmd = "${pkgs.pulsemixer}/bin/pulsemixer --toggle-mute";
brightness-up-cmd = "${pkgs.brightnessctl}/bin/brightnessctl set +2%";
brightness-down-cmd = "${pkgs.brightnessctl}/bin/brightnessctl set 2%-";
screenshot-cmd = "${pkgs.sway-contrib.grimshot}/bin/grimshot copy area";
# "bookmarking"/snippets inspired by Luke Smith:
# - <https://www.youtube.com/watch?v=d_11QaTlf1I>
snip-file = ./snippets.txt;
# TODO: querying sops here breaks encapsulation
list-snips = "cat ${snip-file} ${config.sops.secrets.snippets.path}";
strip-comments = "${sed} 's/ #.*$//'";
snip-cmd = "${wtype} $(${list-snips} | ${fuzzel} -d -i -w 60 | ${strip-comments})";
# TODO: next splatmoji release should allow `-s none` to disable skin tones
emoji-cmd = "${pkgs.splatmoji}/bin/splatmoji -s medium-light type";
in sane-lib.fs.wantedText ''
### default font
font pango:monospace 8
### default colors (#border #background #text #indicator #childBorder)
client.focused #4c7899 #285577 #ffffff #2e9ef4 #285577
client.focused_inactive #333333 #5f676a #ffffff #484e50 #5f676a
client.unfocused #333333 #222222 #888888 #292d2e #222222
client.urgent #2f343a #900000 #ffffff #900000 #900000
client.placeholder #000000 #0c0c0c #ffffff #000000 #0c0c0c
client.background #ffffff
### pixel boundary between windows
default_border pixel 3
default_floating_border pixel 2
hide_edge_borders smart
### key bindings
floating_modifier Mod1
## media keys
bindsym XF86AudioRaiseVolume exec ${vol-up-cmd}
bindsym XF86AudioLowerVolume exec ${vol-down-cmd}
bindsym Mod1+Page_Up exec ${vol-up-cmd}
bindsym Mod1+Page_Down exec ${vol-down-cmd}
bindsym XF86AudioMute exec ${mute-cmd}
bindsym XF86MonBrightnessUp exec ${brightness-up-cmd}
bindsym XF86MonBrightnessDown exec ${brightness-down-cmd}
## special functions
bindsym Mod1+Print exec ${screenshot-cmd}
bindsym Mod1+l exec ${lock-cmd}
bindsym Mod1+s exec ${snip-cmd}
bindsym Mod1+slash exec ${emoji-cmd}
bindsym Mod1+d exec ${launcher-cmd}
bindsym Mod1+Return exec ${terminal-cmd}
bindsym Mod1+Shift+q kill
bindsym Mod1+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'
bindsym Mod1+Shift+c reload
## layout
bindsym Mod1+b splith
bindsym Mod1+v splitv
bindsym Mod1+f fullscreen toggle
bindsym Mod1+a focus parent
bindsym Mod1+w layout tabbed
bindsym Mod1+e layout toggle split
bindsym Mod1+Shift+space floating toggle
bindsym Mod1+space focus mode_toggle
bindsym Mod1+r mode resize
## movement
bindsym Mod1+Up focus up
bindsym Mod1+Down focus down
bindsym Mod1+Left focus left
bindsym Mod1+Right focus right
bindsym Mod1+Shift+Up move up
bindsym Mod1+Shift+Down move down
bindsym Mod1+Shift+Left move left
bindsym Mod1+Shift+Right move right
## workspaces
bindsym Mod1+1 workspace number 1
bindsym Mod1+2 workspace number 2
bindsym Mod1+3 workspace number 3
bindsym Mod1+4 workspace number 4
bindsym Mod1+5 workspace number 5
bindsym Mod1+6 workspace number 6
bindsym Mod1+7 workspace number 7
bindsym Mod1+8 workspace number 8
bindsym Mod1+9 workspace number 9
bindsym Mod1+Shift+1 move container to workspace number 1
bindsym Mod1+Shift+2 move container to workspace number 2
bindsym Mod1+Shift+3 move container to workspace number 3
bindsym Mod1+Shift+4 move container to workspace number 4
bindsym Mod1+Shift+5 move container to workspace number 5
bindsym Mod1+Shift+6 move container to workspace number 6
bindsym Mod1+Shift+7 move container to workspace number 7
bindsym Mod1+Shift+8 move container to workspace number 8
bindsym Mod1+Shift+9 move container to workspace number 9
## "scratchpad" = ??
bindsym Mod1+Shift+minus move scratchpad
bindsym Mod1+minus scratchpad show
### defaults
focus_wrapping no
focus_follows_mouse yes
focus_on_window_activation smart
mouse_warping output
workspace_layout default
workspace_auto_back_and_forth no
### defaults
mode "resize" {
bindsym Down resize grow height 10 px
bindsym Escape mode default
bindsym Left resize shrink width 10 px
bindsym Return mode default
bindsym Right resize grow width 10 px
bindsym Up resize shrink height 10 px
bindsym h resize shrink width 10 px
bindsym j resize grow height 10 px
bindsym k resize shrink height 10 px
bindsym l resize grow width 10 px
### default colors (#border #background #text #indicator #childBorder)
client.focused #4c7899 #285577 #ffffff #2e9ef4 #285577
client.focused_inactive #333333 #5f676a #ffffff #484e50 #5f676a
client.unfocused #333333 #222222 #888888 #292d2e #222222
client.urgent #2f343a #900000 #ffffff #900000 #900000
client.placeholder #000000 #0c0c0c #ffffff #000000 #0c0c0c
client.background #ffffff
### key bindings
floating_modifier Mod1
## media keys
bindsym XF86AudioRaiseVolume exec ${vol-up-cmd}
bindsym XF86AudioLowerVolume exec ${vol-down-cmd}
bindsym Mod1+Page_Up exec ${vol-up-cmd}
bindsym Mod1+Page_Down exec ${vol-down-cmd}
bindsym XF86AudioMute exec ${mute-cmd}
bindsym XF86MonBrightnessUp exec ${brightness-up-cmd}
bindsym XF86MonBrightnessDown exec ${brightness-down-cmd}
## special functions
bindsym Mod1+Print exec ${screenshot-cmd}
bindsym Mod1+l exec ${lock-cmd}
bindsym Mod1+s exec ${snip-cmd}
bindsym Mod1+slash exec ${emoji-cmd}
bindsym Mod1+d exec ${launcher-cmd}
bindsym Mod1+Return exec ${terminal-cmd}
bindsym Mod1+Shift+q kill
bindsym Mod1+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'
bindsym Mod1+Shift+c reload
## layout
bindsym Mod1+b splith
bindsym Mod1+v splitv
bindsym Mod1+f fullscreen toggle
bindsym Mod1+a focus parent
bindsym Mod1+w layout tabbed
bindsym Mod1+e layout toggle split
bindsym Mod1+Shift+space floating toggle
bindsym Mod1+space focus mode_toggle
bindsym Mod1+r mode resize
## movement
bindsym Mod1+Up focus up
bindsym Mod1+Down focus down
bindsym Mod1+Left focus left
bindsym Mod1+Right focus right
bindsym Mod1+Shift+Up move up
bindsym Mod1+Shift+Down move down
bindsym Mod1+Shift+Left move left
bindsym Mod1+Shift+Right move right
## workspaces
bindsym Mod1+1 workspace number 1
bindsym Mod1+2 workspace number 2
bindsym Mod1+3 workspace number 3
bindsym Mod1+4 workspace number 4
bindsym Mod1+5 workspace number 5
bindsym Mod1+6 workspace number 6
bindsym Mod1+7 workspace number 7
bindsym Mod1+8 workspace number 8
bindsym Mod1+9 workspace number 9
bindsym Mod1+Shift+1 move container to workspace number 1
bindsym Mod1+Shift+2 move container to workspace number 2
bindsym Mod1+Shift+3 move container to workspace number 3
bindsym Mod1+Shift+4 move container to workspace number 4
bindsym Mod1+Shift+5 move container to workspace number 5
bindsym Mod1+Shift+6 move container to workspace number 6
bindsym Mod1+Shift+7 move container to workspace number 7
bindsym Mod1+Shift+8 move container to workspace number 8
bindsym Mod1+Shift+9 move container to workspace number 9
## "scratchpad" = ??
bindsym Mod1+Shift+minus move scratchpad
bindsym Mod1+minus scratchpad show
### defaults
mode "resize" {
bindsym Down resize grow height 10 px
bindsym Escape mode default
bindsym Left resize shrink width 10 px
bindsym Return mode default
bindsym Right resize grow width 10 px
bindsym Up resize shrink height 10 px
bindsym h resize shrink width 10 px
bindsym j resize grow height 10 px
bindsym k resize shrink height 10 px
bindsym l resize grow width 10 px
}
### lightly modified bars
bar {
# TODO: fonts was:
# config.fonts.fontconfig.defaultFonts; (monospace ++ emoji)
font pango:Hack, Font Awesome 6 Free, Twitter Color Emoji 24.000000
mode dock
hidden_state hide
position top
status_command ${pkgs.i3status}/bin/i3status
swaybar_command ${pkgs.waybar}/bin/waybar
workspace_buttons yes
strip_workspace_numbers no
tray_output primary
colors {
background #000000
statusline #ffffff
separator #666666
# #border #background #text
focused_workspace #4c7899 #285577 #ffffff
active_workspace #333333 #5f676a #ffffff
inactive_workspace #333333 #222222 #888888
urgent_workspace #2f343a #900000 #ffffff
binding_mode #2f343a #900000 #ffffff
}
}
### displays
## DESKTOP
output "Samsung Electric Company S22C300 0x00007F35" {
pos 0,0
res 1920x1080
}
output "Goldstar Company Ltd LG ULTRAWIDE 0x00004E94" {
pos 1920,0
res 3440x1440
}
## LAPTOP
# sh/en TV
output "Pioneer Electronic Corporation VSX-524 0x00000101" {
pos 0,0
res 1920x1080
}
# internal display
output "Unknown 0x0637 0x00000000" {
pos 1920,0
res 1920x1080
}
'';
sane.user.fs.".config/waybar/config" = sane-lib.fs.wantedSymlinkTo waybar-config-text;
# style docs: https://github.com/Alexays/Waybar/wiki/Styling
sane.user.fs.".config/waybar/style.css" = sane-lib.fs.wantedText ''
* {
font-family: monospace;
}
### lightly modified bars
bar {
# TODO: fonts was:
# config.fonts.fontconfig.defaultFonts; (monospace ++ emoji)
font pango:Hack, Font Awesome 6 Free, Twitter Color Emoji 24.000000
mode dock
hidden_state hide
position top
status_command ${pkgs.i3status}/bin/i3status
swaybar_command ${pkgs.waybar}/bin/waybar
workspace_buttons yes
strip_workspace_numbers no
tray_output primary
colors {
background #000000
statusline #ffffff
separator #666666
# #border #background #text
focused_workspace #4c7899 #285577 #ffffff
active_workspace #333333 #5f676a #ffffff
inactive_workspace #333333 #222222 #888888
urgent_workspace #2f343a #900000 #ffffff
binding_mode #2f343a #900000 #ffffff
}
/* defaults below: https://github.com/Alexays/Waybar/blob/master/resources/style.css */
window#waybar {
background-color: rgba(43, 48, 59, 0.5);
border-bottom: 3px solid rgba(100, 114, 125, 0.5);
color: #ffffff;
transition-property: background-color;
transition-duration: .5s;
}
### displays
## DESKTOP
output "Samsung Electric Company S22C300 0x00007F35" {
pos 0,0
res 1920x1080
}
output "Goldstar Company Ltd LG ULTRAWIDE 0x00004E94" {
pos 1920,0
res 3440x1440
window#waybar.hidden {
opacity: 0.2;
}
## LAPTOP
# sh/en TV
output "Pioneer Electronic Corporation VSX-524 0x00000101" {
pos 0,0
res 1920x1080
/*
window#waybar.empty {
background-color: transparent;
}
# internal display
output "Unknown 0x0637 0x00000000" {
pos 1920,0
res 1920x1080
window#waybar.solo {
background-color: #FFFFFF;
}
'';
*/
sane.fs."/home/colin/.config/waybar/config" = sane-lib.fs.wantedSymlinkTo waybar-config-text;
window#waybar.termite {
background-color: #3F3F3F;
}
# style docs: https://github.com/Alexays/Waybar/wiki/Styling
sane.fs."/home/colin/.config/waybar/style.css" = sane-lib.fs.wantedText ''
* {
font-family: monospace;
}
window#waybar.chromium {
background-color: #000000;
border: none;
}
/* defaults below: https://github.com/Alexays/Waybar/blob/master/resources/style.css */
window#waybar {
background-color: rgba(43, 48, 59, 0.5);
border-bottom: 3px solid rgba(100, 114, 125, 0.5);
color: #ffffff;
transition-property: background-color;
transition-duration: .5s;
}
#workspaces button {
padding: 0 5px;
background-color: transparent;
color: #ffffff;
/* Use box-shadow instead of border so the text isn't offset */
box-shadow: inset 0 -3px transparent;
/* Avoid rounded borders under each workspace name */
border: none;
border-radius: 0;
}
window#waybar.hidden {
opacity: 0.2;
}
/* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
#workspaces button:hover {
background: rgba(0, 0, 0, 0.2);
box-shadow: inset 0 -3px #ffffff;
}
/*
window#waybar.empty {
background-color: transparent;
}
window#waybar.solo {
background-color: #FFFFFF;
}
*/
#workspaces button.focused {
background-color: #64727D;
box-shadow: inset 0 -3px #ffffff;
}
window#waybar.termite {
background-color: #3F3F3F;
}
#workspaces button.urgent {
background-color: #eb4d4b;
}
window#waybar.chromium {
background-color: #000000;
border: none;
}
#mode {
background-color: #64727D;
border-bottom: 3px solid #ffffff;
}
#workspaces button {
padding: 0 5px;
background-color: transparent;
color: #ffffff;
/* Use box-shadow instead of border so the text isn't offset */
box-shadow: inset 0 -3px transparent;
/* Avoid rounded borders under each workspace name */
border: none;
border-radius: 0;
}
#clock,
#battery,
#cpu,
#memory,
#disk,
#temperature,
#backlight,
#network,
#pulseaudio,
#custom-media,
#tray,
#mode,
#idle_inhibitor,
#mpd {
padding: 0 10px;
color: #ffffff;
}
/* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
#workspaces button:hover {
background: rgba(0, 0, 0, 0.2);
box-shadow: inset 0 -3px #ffffff;
}
#window,
#workspaces {
margin: 0 4px;
}
#workspaces button.focused {
background-color: #64727D;
box-shadow: inset 0 -3px #ffffff;
}
/* If workspaces is the leftmost module, omit left margin */
.modules-left > widget:first-child > #workspaces {
margin-left: 0;
}
#workspaces button.urgent {
background-color: #eb4d4b;
}
/* If workspaces is the rightmost module, omit right margin */
.modules-right > widget:last-child > #workspaces {
margin-right: 0;
}
#mode {
background-color: #64727D;
border-bottom: 3px solid #ffffff;
}
#clock {
background-color: #64727D;
}
#clock,
#battery,
#cpu,
#memory,
#disk,
#temperature,
#backlight,
#network,
#pulseaudio,
#custom-media,
#tray,
#mode,
#idle_inhibitor,
#mpd {
padding: 0 10px;
color: #ffffff;
}
#window,
#workspaces {
margin: 0 4px;
}
/* If workspaces is the leftmost module, omit left margin */
.modules-left > widget:first-child > #workspaces {
margin-left: 0;
}
/* If workspaces is the rightmost module, omit right margin */
.modules-right > widget:last-child > #workspaces {
margin-right: 0;
}
#clock {
background-color: #64727D;
}
#battery {
background-color: #ffffff;
color: #000000;
}
#battery.charging, #battery.plugged {
color: #ffffff;
background-color: #26A65B;
}
@keyframes blink {
to {
#battery {
background-color: #ffffff;
color: #000000;
}
}
#battery.critical:not(.charging) {
background-color: #f53c3c;
color: #ffffff;
animation-name: blink;
animation-duration: 0.5s;
animation-timing-function: linear;
animation-iteration-count: infinite;
animation-direction: alternate;
}
#battery.charging, #battery.plugged {
color: #ffffff;
background-color: #26A65B;
}
label:focus {
background-color: #000000;
}
@keyframes blink {
to {
background-color: #ffffff;
color: #000000;
}
}
#cpu {
background-color: #2ecc71;
color: #000000;
}
#battery.critical:not(.charging) {
background-color: #f53c3c;
color: #ffffff;
animation-name: blink;
animation-duration: 0.5s;
animation-timing-function: linear;
animation-iteration-count: infinite;
animation-direction: alternate;
}
#memory {
background-color: #9b59b6;
}
label:focus {
background-color: #000000;
}
#disk {
background-color: #964B00;
}
#cpu {
background-color: #2ecc71;
color: #000000;
}
#backlight {
background-color: #90b1b1;
}
#memory {
background-color: #9b59b6;
}
#network {
background-color: #2980b9;
}
#disk {
background-color: #964B00;
}
#network.disconnected {
background-color: #f53c3c;
}
#backlight {
background-color: #90b1b1;
}
#pulseaudio {
background-color: #f1c40f;
color: #000000;
}
#network {
background-color: #2980b9;
}
#pulseaudio.muted {
background-color: #90b1b1;
color: #2a5c45;
}
#network.disconnected {
background-color: #f53c3c;
}
#custom-media {
background-color: #66cc99;
color: #2a5c45;
min-width: 100px;
}
#pulseaudio {
background-color: #f1c40f;
color: #000000;
}
#custom-media.custom-spotify {
background-color: #66cc99;
}
#pulseaudio.muted {
background-color: #90b1b1;
color: #2a5c45;
}
#custom-media.custom-vlc {
background-color: #ffa000;
}
#custom-media {
background-color: #66cc99;
color: #2a5c45;
min-width: 100px;
}
#temperature {
background-color: #f0932b;
}
#custom-media.custom-spotify {
background-color: #66cc99;
}
#temperature.critical {
background-color: #eb4d4b;
}
#custom-media.custom-vlc {
background-color: #ffa000;
}
#tray {
background-color: #2980b9;
}
#temperature {
background-color: #f0932b;
}
#tray > .passive {
-gtk-icon-effect: dim;
}
#temperature.critical {
background-color: #eb4d4b;
}
#tray > .needs-attention {
-gtk-icon-effect: highlight;
background-color: #eb4d4b;
}
#tray {
background-color: #2980b9;
}
#idle_inhibitor {
background-color: #2d3436;
}
#tray > .passive {
-gtk-icon-effect: dim;
}
#idle_inhibitor.activated {
background-color: #ecf0f1;
color: #2d3436;
}
#tray > .needs-attention {
-gtk-icon-effect: highlight;
background-color: #eb4d4b;
}
#mpd {
background-color: #66cc99;
color: #2a5c45;
}
#idle_inhibitor {
background-color: #2d3436;
}
#mpd.disconnected {
background-color: #f53c3c;
}
#idle_inhibitor.activated {
background-color: #ecf0f1;
color: #2d3436;
}
#mpd.stopped {
background-color: #90b1b1;
}
#mpd {
background-color: #66cc99;
color: #2a5c45;
}
#mpd.paused {
background-color: #51a37a;
}
#mpd.disconnected {
background-color: #f53c3c;
}
#language {
background: #00b093;
color: #740864;
padding: 0 5px;
margin: 0 5px;
min-width: 16px;
}
#mpd.stopped {
background-color: #90b1b1;
}
#keyboard-state {
background: #97e1ad;
color: #000000;
padding: 0 0px;
margin: 0 5px;
min-width: 16px;
}
#mpd.paused {
background-color: #51a37a;
}
#keyboard-state > label {
padding: 0 5px;
}
#language {
background: #00b093;
color: #740864;
padding: 0 5px;
margin: 0 5px;
min-width: 16px;
}
#keyboard-state > label.locked {
background: rgba(0, 0, 0, 0.2);
}
'';
# style = ''
# * {
# border: none;
# border-radius: 0;
# font-family: Source Code Pro;
# }
# window#waybar {
# background: #16191C;
# color: #AAB2BF;
# }
# #workspaces button {
# padding: 0 5px;
# }
# .custom-spotify {
# padding: 0 10px;
# margin: 0 4px;
# background-color: #1DB954;
# color: black;
# }
# '';
#keyboard-state {
background: #97e1ad;
color: #000000;
padding: 0 0px;
margin: 0 5px;
min-width: 16px;
}
sane.packages.extraUserPkgs = with pkgs; [
swaylock
swayidle # (unused)
wl-clipboard
mako # notification daemon
xdg-utils # for xdg-open
# user stuff
# pavucontrol
sway-contrib.grimshot
gnome.gnome-bluetooth
gnome.gnome-control-center
];
};
#keyboard-state > label {
padding: 0 5px;
}
#keyboard-state > label.locked {
background: rgba(0, 0, 0, 0.2);
}
'';
# style = ''
# * {
# border: none;
# border-radius: 0;
# font-family: Source Code Pro;
# }
# window#waybar {
# background: #16191C;
# color: #AAB2BF;
# }
# #workspaces button {
# padding: 0 5px;
# }
# .custom-spotify {
# padding: 0 10px;
# margin: 0 4px;
# background-color: #1DB954;
# color: black;
# }
# '';
})
];
}

View File

@@ -0,0 +1,6 @@
{ ... }:
{
imports = [
./duplicity.nix
];
}

View File

@@ -5,13 +5,13 @@
./feeds.nix
./fs
./ids.nix
./packages.nix
./programs.nix
./image.nix
./nixcache.nix
./persist
./services
./sops.nix
./ssh.nix
./users.nix
];
_module.args = {

View File

@@ -20,9 +20,13 @@ sane-lib = rec {
isPrefixOfList = p: l: (lib.sublist 0 (lib.length p) l) == p;
# merges N attrsets
# Type: flattenAttrsList :: [AttrSet] -> AttrSet
# Type: joinAttrsets :: [AttrSet] -> AttrSet
joinAttrsets = l: lib.foldl' lib.attrsets.unionOfDisjoint {} l;
# merges N attrsets, recursively
# Type: joinAttrsetsRecursive :: [AttrSet] -> AttrSet
joinAttrsetsRecursive = l: lib.foldl' (lib.attrsets.recursiveUpdateUntil (path: lhs: rhs: false)) {} l;
# evaluate a `{ name, value }` pair in the same way that `listToAttrs` does.
# Type: nameValueToAttrs :: { name :: String, value :: Any } -> Any
nameValueToAttrs = { name, value }: {

View File

@@ -17,7 +17,7 @@ rec {
merged = builtins.map (p: lib.setAttrByPath p (mergeAtPath p discharged)) pathsToMerge;
in
assert builtins.all (assertNoExtraPaths pathsToMerge) discharged;
sane-lib.joinAttrsets merged;
sane-lib.joinAttrsetsRecursive merged;
# `take` is as in mkTypedMerge. this function queries which items `take` is interested in.
# for example:

View File

@@ -1,330 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
with pkgs;
let
cfg = config.sane.packages;
imagemagick = pkgs.imagemagick.override {
ghostscriptSupport = true;
};
consolePkgs = [
backblaze-b2
cdrtools
dmidecode
duplicity
efivar
flashrom
fwupd
ghostscript # TODO: imagemagick wrapper should add gs to PATH
gnupg
gocryptfs
gopass
gopass-jsonapi
ifuse
imagemagick
ipfs
libimobiledevice
libsecret # for managing user keyrings
lm_sensors # for sensors-detect
lshw
ffmpeg
memtester
networkmanager
nixpkgs-review
# nixos-generators
# nettools
nmon
oathToolkit # for oathtool
# ponymix
pulsemixer
python3
rsync
# python3Packages.eyeD3 # music tagging
sane-scripts
sequoia
snapper
sops
speedtest-cli
sqlite # to debug sqlite3 databases
ssh-to-age
sudo
# tageditor # music tagging
unar
visidata
w3m
wireguard-tools
# youtube-dl
yt-dlp
];
guiPkgs = [
# GUI only
aerc # email client
audacity
celluloid # mpv frontend
chromium
clinfo
{ pkg = dino; private = [ ".local/share/dino" ]; }
electrum
# creds/session keys, etc
{ pkg = element-desktop; private = [ ".config/Element" ]; }
# `emote` will show a first-run dialog based on what's in this directory.
# mostly, it just keeps a LRU of previously-used emotes to optimize display order.
# TODO: package [smile](https://github.com/mijorus/smile) for probably a better mobile experience.
{ pkg = emote; dir = [ ".local/share/Emote" ]; }
evince # works on phosh
# { pkg = fluffychat-moby; dir = [ ".local/share/chat.fluffy.fluffychat" ]; } # TODO: ship normal fluffychat on non-moby?
foliate
font-manager
# XXX by default fractal stores its state in ~/.local/share/<UUID>.
# after logging in, manually change ~/.local/share/keyrings/... to point it to some predictable subdir.
# then reboot (so that libsecret daemon re-loads the keyring...?)
# { pkg = fractal-latest; private = [ ".local/share/fractal" ]; }
# { pkg = fractal-next; private = [ ".local/share/fractal" ]; }
gajim # XMPP client
gimp # broken on phosh
gnome.cheese
gnome.dconf-editor
gnome-feeds # RSS reader (with claimed mobile support)
gnome.file-roller
gnome.gnome-disk-utility
gnome.gnome-maps # works on phosh
gnome.nautilus
# gnome-podcasts
gnome.gnome-system-monitor
gnome.gnome-terminal # works on phosh
gnome.gnome-weather
# XXX: we preserve the whole thing because if we only preserve gPodder/Downloads
# then startup is SLOW during feed import, and we might end up with zombie eps in the dl dir.
{ pkg = gpodder-configured; dir = [ "gPodder" ]; }
gthumb
inkscape
kdenlive
kid3 # audio tagging
kitty
krita
libreoffice-fresh # XXX colin: maybe don't want this on mobile
lollypop
{ pkg = mpv; dir = [ ".config/mpv/watch_later" ]; }
networkmanagerapplet
# not strictly necessary, but allows caching articles; offline use, etc.
{ pkg = newsflash; dir = [ ".local/share/news-flash" ]; }
{ pkg = nheko; private = [
".config/nheko" # config file (including client token)
".cache/nheko" # media cache
".local/share/nheko" # per-account state database
]; }
# settings (electron app)
{ pkg = obsidian; dir = [ ".config/obsidian" ]; }
pavucontrol
# picard # music tagging
playerctl
libsForQt5.plasmatube # Youtube player
soundconverter
# sublime music persists any downloaded albums here.
# it doesn't obey a conventional ~/Music/{Artist}/{Album}/{Track} notation, so no symlinking
# config (e.g. server connection details) is persisted in ~/.config/sublime-music/config.json
# possible to pass config as a CLI arg (sublime-music -c config.json)
# { pkg = sublime-music; dir = [ ".local/share/sublime-music" ]; }
{ pkg = sublime-music-mobile; dir = [ ".local/share/sublime-music" ]; }
{ pkg = tdesktop; private = [ ".local/share/TelegramDesktop" ]; } # broken on phosh
{ pkg = tokodon; private = [ ".cache/KDE/tokodon" ]; }
# vlc remembers play position in ~/.config/vlc/vlc-qt-interface.conf
{ pkg = vlc; dir = [ ".config/vlc" ]; }
# pleroma client (Electron). input is broken on phosh.
{ pkg = whalebird; private = [ ".config/Whalebird" ]; }
xdg-utils # for xdg-open
xterm # broken on phosh
]
++ (if pkgs.system == "x86_64-linux" then
[
# x86_64 only
# creds, but also 200 MB of node modules, etc
(let discord = (pkgs.discord.override {
# XXX 2022-07-31: fix to allow links to open in default web-browser:
# https://github.com/NixOS/nixpkgs/issues/78961
nss = pkgs.nss_latest;
}); in { pkg = discord; private = [ ".config/discord" ]; })
# kaiteki # Pleroma client
# gnome.zenity # for kaiteki (it will use qarma, kdialog, or zenity)
# gpt2tc # XXX: unreliable mirror
# TODO(unpin): handbrake is broken on aarch64-linux 2023/01/29
handbrake
logseq
losslesscut-bin
makemkv
# actual monero blockchain (not wallet/etc; safe to delete, just slow to regenerate)
{ pkg = monero-gui; dir = [ ".bitmonero" ]; }
# creds, media
{ pkg = signal-desktop; private = [ ".config/Signal" ]; }
# creds, widevine .so download. TODO: could easily manage these statically.
{ pkg = spotify; dir = [ ".config/spotify" ]; }
# hardenedMalloc solves a crash at startup
(tor-browser-bundle-bin.override { useHardenedMalloc = false; })
# zcash coins. safe to delete, just slow to regenerate (10-60 minutes)
{ pkg = zecwallet-lite; private = [ ".zcash" ]; }
] else []);
# general-purpose utilities that we want any user to be able to access
# (specifically: root, in case of rescue)
systemPkgs = [
btrfs-progs
cacert.unbundled # some services require unbundled /etc/ssl/certs
cryptsetup
dig
efibootmgr
fatresize
fd
file
gawk
git
gptfdisk
hdparm
htop
iftop
inetutils # for telnet
iotop
iptables
jq
killall
lsof
nano
netcat
nethogs
nmap
openssl
parted
pciutils
powertop
pstree
ripgrep
screen
smartmontools
socat
strace
tcpdump
tree
usbutils
wget
];
# useful devtools:
devPkgs = [
bison
dtc
flex
gcc
gdb
# gcc-arm-embedded
# gcc_multi
gnumake
mercurial
mix2nix
rustup
swig
];
pkgSpec = types.submodule {
options = {
pkg = mkOption {
type = types.package;
};
dir = mkOption {
type = types.listOf types.str;
default = [];
description = "list of home-relative paths to persist for this package";
};
private = mkOption {
type = types.listOf types.str;
default = [];
description = "list of home-relative paths to persist (in encrypted format) for this package";
};
};
};
toPkgSpec = types.coercedTo types.package (p: { pkg = p; }) pkgSpec;
in
{
options = {
# packages to deploy to the user's home
sane.packages.extraUserPkgs = mkOption {
default = [ ];
type = types.listOf toPkgSpec;
};
sane.packages.extraGuiPkgs = mkOption {
default = [ ];
type = types.listOf toPkgSpec;
description = "packages to only ship if gui's enabled";
};
sane.packages.enableConsolePkgs = mkOption {
default = false;
type = types.bool;
};
sane.packages.enableGuiPkgs = mkOption {
default = false;
type = types.bool;
};
sane.packages.enableDevPkgs = mkOption {
description = ''
enable packages that are useful for building other software by hand.
you should prefer to keep this disabled except when prototyping, e.g. packaging new software.
'';
default = false;
type = types.bool;
};
sane.packages.enableSystemPkgs = mkOption {
default = false;
type = types.bool;
description = "enable system-wide packages";
};
sane.packages.enabledUserPkgs = mkOption {
default = cfg.extraUserPkgs
++ (if cfg.enableConsolePkgs then consolePkgs else [])
++ (if cfg.enableGuiPkgs then guiPkgs ++ cfg.extraGuiPkgs else [])
++ (if cfg.enableDevPkgs then devPkgs else [])
;
type = types.listOf toPkgSpec;
description = "generated from other config options";
};
};
config = {
environment.systemPackages = mkIf cfg.enableSystemPkgs systemPkgs;
sane.persist.home.plaintext = concatLists (map (p: p.dir) cfg.enabledUserPkgs);
sane.persist.home.private = concatLists (map (p: p.private) cfg.enabledUserPkgs);
# XXX: this might not be necessary. try removing this and cacert.unbundled?
environment.etc."ssl/certs".source = mkIf cfg.enableSystemPkgs "${pkgs.cacert.unbundled}/etc/ssl/certs/*";
};
}

View File

@@ -1,18 +0,0 @@
{ config, lib, sane-lib, ... }:
let
path = sane-lib.path;
cfg = config.sane.persist;
withPrefix = relativeTo: entries: lib.mapAttrs' (fspath: value: {
name = path.concat [ relativeTo fspath ];
inherit value;
}) entries;
in
{
# merge the `byPath` mappings from both `home` and `sys` into one namespace
sane.persist.byPath = lib.mkMerge [
(withPrefix "/home/colin" cfg.home.byPath)
(withPrefix "/" cfg.sys.byPath)
];
}

View File

@@ -179,23 +179,11 @@ in
type = types.bool;
description = "define / fs root to be a tmpfs. make sure to mount some other device to /nix";
};
sane.persist.home = mkOption {
description = "directories to persist to disk, relative to a user's home ~";
default = {};
type = dirsSubModule;
};
sane.persist.sys = mkOption {
description = "directories to persist to disk, relative to the fs root /";
default = {};
type = dirsSubModule;
};
sane.persist.byPath = mkOption {
type = types.attrsOf (convertInlineAcl entryAtPath);
description = ''
map of <path> => <path config> for all paths to be persisted.
this is computed from the other options, but users can also set it explicitly (useful for overriding)
'';
};
sane.persist.stores = mkOption {
type = types.attrsOf storeType;
default = {};
@@ -206,7 +194,6 @@ in
};
imports = [
./computed.nix
./root-on-tmpfs.nix
./stores
];
@@ -247,7 +234,7 @@ in
);
}
];
configs = lib.mapAttrsToList cfgFor cfg.byPath;
configs = lib.mapAttrsToList cfgFor cfg.sys.byPath;
take = f: { sane.fs = f.sane.fs; };
in mkIf cfg.enable (
take (sane-lib.mkTypedMerge take configs)

View File

@@ -1,14 +1,10 @@
{ config, lib, pkgs, utils, ... }:
{ config, lib, pkgs, sane-lib, utils, ... }:
let
store = rec {
device = "/mnt/persist/crypt/clearedonboot";
underlying = {
path = "/nix/persist/crypt/clearedonboot";
# TODO: consider moving this to /tmp, but that requires tmp be mounted first?
key = "/mnt/persist/crypt/clearedonboot.key";
};
};
persist-base = config.sane.persist.stores."plaintext".origin;
device = config.sane.persist.stores."cryptClearOnBoot".origin;
key = "${device}.key";
underlying = sane-lib.path.concat [ persist-base "crypt/clearedonboot" ];
in
lib.mkIf config.sane.persist.enable
{
@@ -17,35 +13,35 @@ lib.mkIf config.sane.persist.enable
stored to disk, but encrypted to an in-memory key and cleared on every boot
so that it's unreadable after power-off
'';
origin = store.device;
origin = lib.mkDefault "/mnt/persist/crypt/clearedonboot";
};
fileSystems."${store.device}" = {
device = store.underlying.path;
fileSystems."${device}" = {
device = underlying;
fsType = "fuse.gocryptfs";
options = [
"nodev"
"nosuid"
"allow_other"
"passfile=${store.underlying.key}"
"passfile=${key}"
"defaults"
];
noCheck = true;
};
# let sane.fs know about our fileSystem and automatically add the appropriate dependencies
sane.fs."${store.device}".mount = {
sane.fs."${device}".mount = {
# technically the dependency on the keyfile is extraneous because that *happens* to
# be needed to init the store.
depends = let
cryptfile = config.sane.fs."${store.underlying.path}/gocryptfs.conf";
keyfile = config.sane.fs."${store.underlying.key}";
cryptfile = config.sane.fs."${underlying}/gocryptfs.conf";
keyfile = config.sane.fs."${key}";
in [ keyfile.unit cryptfile.unit ];
};
# let sane.fs know how to initialize the gocryptfs store,
# and that it MUST do so
sane.fs."${store.underlying.path}/gocryptfs.conf".generated = {
sane.fs."${underlying}/gocryptfs.conf".generated = {
script.script = ''
backing="$1"
passfile="$2"
@@ -54,17 +50,17 @@ lib.mkIf config.sane.persist.enable
rm -rf "''${backing:?}"/*
${pkgs.gocryptfs}/bin/gocryptfs -quiet -passfile "$passfile" -init "$backing"
'';
script.scriptArgs = [ store.underlying.path store.underlying.key ];
script.scriptArgs = [ underlying key ];
# we need the key in order to initialize the store
depends = [ config.sane.fs."${store.underlying.key}".unit ];
depends = [ config.sane.fs."${key}".unit ];
};
# let sane.fs know how to generate the key for gocryptfs
sane.fs."${store.underlying.key}".generated = {
sane.fs."${key}".generated = {
script.script = ''
dd if=/dev/random bs=128 count=1 | base64 --wrap=0 > "$1"
'';
script.scriptArgs = [ store.underlying.key ];
script.scriptArgs = [ key ];
# no need for anyone else to be able to read the key
acl.mode = "0400";
};

View File

@@ -3,7 +3,7 @@
let
cfg = config.sane.persist;
in lib.mkIf cfg.enable {
sane.persist.stores."plaintext" = {
sane.persist.stores."plaintext" = lib.mkDefault {
origin = "/nix/persist";
};
# TODO: needed?

View File

@@ -1,21 +1,23 @@
{ config, lib, pkgs, utils, ... }:
{ config, lib, pkgs, sane-lib, utils, ... }:
let
persist-base = config.sane.persist.stores."plaintext".origin;
private-dir = config.sane.persist.stores."private".origin;
private-backing-dir = sane-lib.path.concat [ persist-base private-dir ];
in
lib.mkIf config.sane.persist.enable
{
sane.persist.stores."private" = {
storeDescription = ''
encrypted to the user's password and auto-unlocked at login
encrypted store which persists across boots.
typical use case is for the user to encrypt this store using their login password so that it
can be auto-unlocked at login.
'';
origin = "/home/colin/private";
# files stored under here *must* have the /home/colin prefix.
# internally, this prefix is removed so that e.g.
# /home/colin/foo/bar when stored in `private` is visible at
# /home/colin/private/foo/bar
prefix = "/home/colin";
origin = lib.mkDefault "/mnt/private";
defaultOrdering = let
private-unit = config.sane.fs."/home/colin/private".unit;
private-unit = config.sane.fs."${private-dir}".unit;
in {
# auto create only after ~/private is mounted
# auto create only after the store is mounted
wantedBy = [ private-unit ];
# we can't create things in private before local-fs.target
wantedBeforeBy = [ ];
@@ -23,13 +25,13 @@ lib.mkIf config.sane.persist.enable
defaultMethod = "symlink";
};
fileSystems."/home/colin/private" = {
device = "/nix/persist/home/colin/private";
fileSystems."${private-dir}" = {
device = private-backing-dir;
fsType = "fuse.gocryptfs";
options = [
"noauto" # don't try to mount, until the user logs in!
"nofail"
"allow_other" # root ends up being the user that mounts this, so need to make it visible to `colin`.
"allow_other" # root ends up being the user that mounts this, so need to make it visible to other users.
"nodev"
"nosuid"
"quiet"
@@ -39,9 +41,9 @@ lib.mkIf config.sane.persist.enable
};
# let sane.fs know about the mount
sane.fs."/home/colin/private".mount = {};
sane.fs."${private-dir}".mount = {};
# it also needs to know that the underlying device is an ordinary folder
sane.fs."/nix/persist/home/colin/private".dir = {};
sane.fs."${private-backing-dir}".dir = {};
# TODO: could add this *specifically* to the .mount file for the encrypted fs?
system.fsPackages = [ pkgs.gocryptfs ]; # fuse needs to find gocryptfs

133
modules/programs.nix Normal file
View File

@@ -0,0 +1,133 @@
{ config, lib, pkgs, sane-lib, ... }:
let
inherit (builtins) any elem map;
inherit (lib)
filterAttrs
hasAttrByPath
getAttrFromPath
mapAttrs
mapAttrsToList
mkDefault
mkIf
mkMerge
mkOption
optional
optionalAttrs
splitString
types
;
inherit (sane-lib) joinAttrsets;
cfg = config.sane.programs;
pkgSpec = types.submodule ({ name, ... }: {
options = {
package = mkOption {
type = types.nullOr types.package;
description = ''
package, or `null` if the program is some sort of meta set (in which case it much EXPLICITLY be set null).
'';
default =
let
pkgPath = splitString "." name;
in
# package can be inferred by the attr name, allowing shorthand like
# `sane.programs.nano.enable = true;`
# this indexing will throw if the package doesn't exist and the user forgets to specify
# a valid source explicitly.
getAttrFromPath pkgPath pkgs;
};
enableFor.system = mkOption {
type = types.bool;
default = any (en: en) (
mapAttrsToList
(otherName: otherPkg:
otherName != name && elem name otherPkg.suggestedPrograms && otherPkg.enableSuggested && otherPkg.enableFor.system
)
cfg
);
description = ''
place this program on the system PATH
'';
};
enableFor.user = mkOption {
type = types.attrsOf types.bool;
default = joinAttrsets (mapAttrsToList (otherName: otherPkg:
optionalAttrs
(otherName != name && elem name otherPkg.suggestedPrograms && otherPkg.enableSuggested)
(filterAttrs (user: en: en) otherPkg.enableFor.user)
) cfg);
description = ''
place this program on the PATH for some specified user(s).
'';
};
suggestedPrograms = mkOption {
type = types.listOf types.str;
default = [];
description = ''
list of other programs a user may want to enable alongside this one.
for example, the gnome desktop environment would suggest things like its settings app.
'';
};
enableSuggested = mkOption {
type = types.bool;
default = true;
};
dir = mkOption {
type = types.listOf types.str;
default = [];
description = "list of home-relative paths to persist for this package";
};
private = mkOption {
type = types.listOf types.str;
default = [];
description = "list of home-relative paths to persist (in encrypted format) for this package";
};
};
});
toPkgSpec = types.coercedTo types.package (p: { package = p; }) pkgSpec;
configs = mapAttrsToList (name: p: {
assertions = map (sug: {
assertion = cfg ? "${sug}";
message = ''program "${sug}" referenced by "${name}", but not defined'';
}) p.suggestedPrograms;
# conditionally add to system PATH
environment.systemPackages = optional
(p.package != null && p.enableFor.system)
p.package;
# conditionally add to user(s) PATH
users.users = mapAttrs (user: en: {
packages = optional (p.package != null && en) p.package;
}) p.enableFor.user;
# conditionally persist relevant user dirs
sane.users = mapAttrs (user: en: optionalAttrs en {
persist.plaintext = p.dir;
persist.private = p.private;
}) p.enableFor.user;
}) cfg;
in
{
options = {
sane.programs = mkOption {
type = types.attrsOf toPkgSpec;
default = {};
};
};
config =
let
take = f: {
assertions = f.assertions;
environment.systemPackages = f.environment.systemPackages;
users.users = f.users.users;
sane.users = f.sane.users;
};
in mkMerge [
(take (sane-lib.mkTypedMerge take configs))
{
# expose the pkgs -- as available to the system -- as a build target.
system.build.pkgs = pkgs;
}
];
}

View File

@@ -1,7 +1,6 @@
{ ... }:
{
imports = [
./duplicity.nix
./dyn-dns.nix
./kiwix-serve.nix
./mautrix-signal.nix

110
modules/users.nix Normal file
View File

@@ -0,0 +1,110 @@
{ config, lib, options, sane-lib, ... }:
let
inherit (builtins) attrValues;
inherit (lib) count mapAttrs' mapAttrsToList mkIf mkMerge mkOption types;
sane-user-cfg = config.sane.user;
cfg = config.sane.users;
path-lib = sane-lib.path;
userOptions = {
options = {
fs = mkOption {
type = types.attrs;
default = {};
description = ''
entries to pass onto `sane.fs` after prepending the user's home-dir to the path.
e.g. `sane.users.colin.fs."/.config/aerc" = X`
=> `sane.fs."/home/colin/.config/aerc" = X;
'';
};
persist = mkOption {
type = options.sane.persist.sys.type;
default = {};
description = ''
entries to pass onto `sane.persist.sys` after prepending the user's home-dir to the path.
'';
};
};
};
userModule = types.submodule ({ name, config, ... }: {
options = userOptions.options // {
default = mkOption {
type = types.bool;
default = false;
description = ''
only one default user may exist.
this option determines what the `sane.user` shorthand evaluates to.
'';
};
home = mkOption {
type = types.str;
# XXX: we'd prefer to set this to `config.users.users.home`, but that causes infinite recursion...
# TODO: maybe assert that this matches the actual home?
default = "/home/${name}";
};
};
# if we're the default user, inherit whatever settings were routed to the default user
config = mkIf config.default sane-user-cfg;
});
processUser = user: defn:
let
prefixWithHome = mapAttrs' (path: value: {
name = path-lib.concat [ defn.home path ];
inherit value;
});
in
{
sane.fs = prefixWithHome defn.fs;
# `byPath` is the actual output here, computed from the other keys.
sane.persist.sys.byPath = prefixWithHome defn.persist.byPath;
};
in
{
options = {
sane.users = mkOption {
type = types.attrsOf userModule;
default = {};
description = ''
options to apply to the given user.
the user is expected to be created externally.
configs applied at this level are simply transformed and then merged
into the toplevel `sane` options. it's merely a shorthand.
'';
};
sane.user = mkOption {
type = types.nullOr (types.submodule userOptions);
default = null;
description = ''
options to pass down to the default user
'';
};
};
config =
let
configs = mapAttrsToList processUser cfg;
num-default-users = count (u: u.default) (attrValues cfg);
take = f: {
sane.fs = f.sane.fs;
sane.persist.sys.byPath = f.sane.persist.sys.byPath;
};
in mkMerge [
(take (sane-lib.mkTypedMerge take configs))
{
assertions = [
{
assertion = sane-user-cfg == null || num-default-users != 0;
message = "cannot set `sane.user` without first setting `sane.users.<user>.default = true` for some user";
}
{
assertion = num-default-users <= 1;
message = "cannot set more than one default user";
}
];
}
];
}

View File

@@ -1,78 +0,0 @@
diff --git a/pkgs/applications/networking/instant-messengers/signald/0001-Fetch-buildconfig-during-gradle-build-inside-Nix-FOD.patch b/pkgs/applications/networking/instant-messengers/signald/0001-Fetch-buildconfig-during-gradle-build-inside-Nix-FOD.patch
index 1d9ca8d838d..d2cf9dd4315 100644
--- a/pkgs/applications/networking/instant-messengers/signald/0001-Fetch-buildconfig-during-gradle-build-inside-Nix-FOD.patch
+++ b/pkgs/applications/networking/instant-messengers/signald/0001-Fetch-buildconfig-during-gradle-build-inside-Nix-FOD.patch
@@ -11,25 +11,15 @@ diff --git a/build.gradle b/build.gradle
index 799e782..caceaac 100644
--- a/build.gradle
+++ b/build.gradle
-@@ -83,6 +83,9 @@ static String getVersion() {
-
- repositories {
- maven {url "https://gitlab.com/api/v4/groups/6853927/-/packages/maven"} // https://gitlab.com/groups/signald/-/packages
-+ maven {
-+ url "https://plugins.gradle.org/m2/"
-+ }
- mavenCentral()
- }
-
-@@ -104,6 +107,8 @@ dependencies {
- implementation 'io.prometheus:simpleclient_httpserver:0.16.0'
- implementation 'com.squareup.okhttp3:logging-interceptor:4.9.3'
- implementation 'io.sentry:sentry:6.4.0'
-+ implementation 'com.github.gmazzo.buildconfig:com.github.gmazzo.buildconfig.gradle.plugin:3.1.0'
-+ implementation 'org.jetbrains.kotlin:kotlin-scripting-jvm:1.7.10'
- testImplementation 'org.junit.jupiter:junit-jupiter:5.8.2'
+@@ -87,7 +86,7 @@ repositories {
}
+ dependencies {
+- implementation 'org.signald:signal-service-java-' + getTarget() + ':2.15.3_unofficial_50_signald_1'
++ implementation 'org.signald:signal-service-java-' + getTarget() + ':2.15.3_unofficial_50_signald_2'
+ implementation 'org.bouncycastle:bcprov-jdk15on:1.70'
+ implementation 'com.kohlschutter.junixsocket:junixsocket-common:2.6.1'
+ implementation 'com.kohlschutter.junixsocket:junixsocket-native-common:2.6.1'
@@ -171,4 +176,4 @@ allprojects {
runtime {
options = ['--strip-java-debug-attributes', '--compress', '2', '--no-header-files', '--no-man-pages']
diff --git a/pkgs/applications/networking/instant-messengers/signald/0002-buildconfig-local-deps-fixes.patch b/pkgs/applications/networking/instant-messengers/signald/0002-buildconfig-local-deps-fixes.patch
index 96a7d6d2ef3..2f0f6e73159 100644
--- a/pkgs/applications/networking/instant-messengers/signald/0002-buildconfig-local-deps-fixes.patch
+++ b/pkgs/applications/networking/instant-messengers/signald/0002-buildconfig-local-deps-fixes.patch
@@ -47,15 +47,15 @@ index 799e782..6ecef3e 100644
}
dependencies {
-@@ -104,6 +117,8 @@ dependencies {
- implementation 'io.prometheus:simpleclient_httpserver:0.16.0'
- implementation 'com.squareup.okhttp3:logging-interceptor:4.9.3'
- implementation 'io.sentry:sentry:6.4.0'
-+ implementation 'com.github.gmazzo.buildconfig:com.github.gmazzo.buildconfig.gradle.plugin:3.1.0'
-+ implementation 'org.jetbrains.kotlin:kotlin-scripting-jvm:1.7.10'
- testImplementation 'org.junit.jupiter:junit-jupiter:5.8.2'
+@@ -87,7 +86,7 @@ repositories {
}
+ dependencies {
+- implementation 'org.signald:signal-service-java-' + getTarget() + ':2.15.3_unofficial_50_signald_1'
++ implementation 'org.signald:signal-service-java-' + getTarget() + ':2.15.3_unofficial_50_signald_2'
+ implementation 'org.bouncycastle:bcprov-jdk15on:1.70'
+ implementation 'com.kohlschutter.junixsocket:junixsocket-common:2.6.1'
+ implementation 'com.kohlschutter.junixsocket:junixsocket-native-common:2.6.1'
@@ -167,8 +182,3 @@ allprojects {
}
}
diff --git a/pkgs/applications/networking/instant-messengers/signald/default.nix b/pkgs/applications/networking/instant-messengers/signald/default.nix
index a9e023cdf63..8847707e137 100644
--- a/pkgs/applications/networking/instant-messengers/signald/default.nix
+++ b/pkgs/applications/networking/instant-messengers/signald/default.nix
@@ -54,8 +54,8 @@ let
outputHashMode = "recursive";
# Downloaded jars differ by platform
outputHash = {
- x86_64-linux = "sha256-ANiNDdTuCuDEH5zUPsrVF6Uegdq3zVsMv+uMtYRX0jE=";
- aarch64-linux = "sha256-V9zn4v/ZeLELAwFJ5y7OVAeJwZp4DmHm4KWxE6KpwGs=";
+ x86_64-linux = "sha256-B2T8bM8xdob5507oS1CVO+sszEg9VWL8QKUEanIlXvk=";
+ aarch64-linux = "sha256-I314eLUQP8HPbwc+10ZDKzcn9WsqLGuBtfoiCEYZRck=";
}.${stdenv.system} or (throw "Unsupported platform");
};

View File

@@ -0,0 +1,22 @@
diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix
index 56fa74e5c0c..3573bb0af49 100644
--- a/pkgs/development/libraries/mesa/default.nix
+++ b/pkgs/development/libraries/mesa/default.nix
@@ -88,7 +88,7 @@
let
# Release calendar: https://www.mesa3d.org/release-calendar.html
# Release frequency: https://www.mesa3d.org/releasing.html#schedule
- version = "22.3.4";
+ version = "22.3.2";
branch = lib.versions.major version;
withLibdrm = lib.meta.availableOn stdenv.hostPlatform libdrm;
@@ -120,7 +120,7 @@ self = stdenv.mkDerivation {
"ftp://ftp.freedesktop.org/pub/mesa/${version}/mesa-${version}.tar.xz"
"ftp://ftp.freedesktop.org/pub/mesa/older-versions/${branch}.x/${version}/mesa-${version}.tar.xz"
];
- sha256 = "37a1ddaf03f41919ee3c89c97cff41e87de96e00e9d3247959cc8279d8294593";
+ sha256 = "c15df758a8795f53e57f2a228eb4593c22b16dffd9b38f83901f76cd9533140b";
};
# TODO:

7
nixpatches/flake.lock generated
View File

@@ -2,16 +2,15 @@
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1673163619,
"narHash": "sha256-B33PFBL64ZgTWgMnhFL3jgheAN/DjHPsZ1Ih3z0VE5I=",
"lastModified": 1675123384,
"narHash": "sha256-RpU+kboEWlIYwbRMGIPBIcztH63CvmqWN1B8GpJogd4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8c54d842d9544361aac5f5b212ba04e4089e8efe",
"rev": "e0fa1ece2f3929726c9b98c539ad14b63ae8e4fd",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-22.11",
"type": "indirect"
}
},

View File

@@ -13,26 +13,27 @@
hash = "sha256-IvsIcd2wPdz4b/7FMrDrcVlIZjFecCQ9uiL0Umprbx0=";
})
# fix libreoffice build by: Revert "mdds: 2.0.3 -> 2.1.0"
# merged 2023/01/25
(fetchpatch {
url = "https://github.com/NixOS/nixpkgs/pull/212583.diff";
hash = "sha256-nkXgwQUtxYkJT2OzG6Jc72snizW5wHvR1nmh2KDnaPc=";
})
# fix handbrake build by: handbrake: 1.5.1 -> 1.6.1
# PR opened 2023/01/23
(fetchpatch {
# see alternate fix: <https://github.com/NixOS/nixpkgs/pull/211834>
url = "https://github.com/NixOS/nixpkgs/pull/212306.diff";
hash = "sha256-iQX2NaZaCzZVRlCM0pgXt0gecNwhXGeh3kXEiY38ZIM=";
})
# (fetchpatch {
# # see alternate fix: <https://github.com/NixOS/nixpkgs/pull/211834>
# url = "https://github.com/NixOS/nixpkgs/pull/212306.diff";
# hash = "sha256-PnPzvJymafa+zjkauQW0LzFsJC7S+7D9JRszTE3in+w=";
# })
# (fetchpatch {
# # stdenv: fix cc for pseudo-crosscompilation
# # closed because it breaks pkgsStatic (as of 2023/02/12)
# url = "https://github.com/NixOS/nixpkgs/pull/196497.diff";
# hash = "sha256-eTwEbVULYjmOW7zUFcTUqvBZqUFjHTKFhvmU2m3XQeo=";
# })
./2022-12-19-i2p-aarch64.patch
# fix for <https://gitlab.com/signald/signald/-/issues/345>
# allows to actually run signald
./2023-01-25-signald-update.patch
# fix for CMA memory leak in mesa: <https://gitlab.freedesktop.org/mesa/mesa/-/issues/8198>
# only necessary on aarch64.
# it's a revert of nixpkgs commit dcf630c172df2a9ecaa47c77f868211e61ae8e52
./2023-01-30-mesa-cma-leak.patch
# # kaiteki: init at 2022-09-03
# vendorHash changes too frequently (might not be reproducible).

View File

@@ -4,31 +4,97 @@
# - if it's broken by that upstream builder, then pin it: somebody will come along and fix the package.
# - otherwise, search github issues/PRs for knowledge of it before pinning.
# - if nobody's said anything about it yet, probably want to root cause it or hold off on updating.
#
# note that these pins apply to *all* platforms:
# - natively compiled packages
# - cross compiled packages
# - qemu-emulated packages
(next: prev: {
# XXX: when invoked outside our flake (e.g. via NIX_PATH) there is no `next.stable`,
# so just forward the unstable packages.
inherit (next.stable or prev)
# broken on 2023/01/14 via mtxclient dep, aarch64-only:
# fixed on 2023/01/24?
# error: builder for '/nix/store/gwidl0c9ksxjgx0dgwnjssix4ikq73v5-mtxclient-0.9.0.drv' failed with exit code 2;
# last 10 log lines:
# > make[2]: *** [CMakeFiles/matrix_client.dir/build.make:370: CMakeFiles/matrix_client.dir/lib/structs/events/encrypted.cpp.o] Error 1
# > In file included from /build/source/include/mtxclient/crypto/client.hpp:17,
# > from /build/source/lib/crypto/utils.cpp:17:
# > /build/source/include/mtx/identifiers.hpp:12:10: fatal error: compare: No such file or directory
# > 12 | #include <compare>
# > | ^~~~~~~~~
# > compilation terminated.
# > make[2]: *** [CMakeFiles/matrix_client.dir/build.make:132: CMakeFiles/matrix_client.dir/lib/crypto/utils.cpp.o] Error 1
# > make[1]: *** [CMakeFiles/Makefile2:83: CMakeFiles/matrix_client.dir/all] Error 2
# > make: *** [Makefile:136: all] Error 2
# For full logs, run 'nix log /nix/store/gwidl0c9ksxjgx0dgwnjssix4ikq73v5-mtxclient-0.9.0.drv'.
# error: 1 dependencies of derivation '/nix/store/4i2d1qdh4x6n23h1jbcbhm8q9q2hch9a-nheko-0.11.0.drv' failed to build
# error: 1 dependencies of derivation '/nix/store/k4f7k7cvjp8rb7clhlfq3yxgs6lbfmk7-home-manager-path.drv' failed to build
# error: 1 dependencies of derivation '/nix/store/67d9k554188lh4ddl4ar6j74mpc3r4sv-home-manager-generation.drv' failed to build
# error: 1 dependencies of derivation '/nix/store/5qjxzhsw1jvh2d7jypbcam9409ivb472-user-environment.drv' failed to build
# error: 1 dependencies of derivation '/nix/store/hrb3qpdbisqh0lzlyz1g9g4164khmqwn-etc.drv' failed to build
# error: 1 dependencies of derivation '/nix/store/ny21xyicbgim5wy7ksg2hibd9gn7i01b-nixos-system-moby-23.05pre-git.drv' failed to build
# nheko
;
ell = prev.ell.overrideAttrs (_upstream: {
# 2023/02/11
# fixes "TEST FAILED in get_random_return_callback at unit/test-dbus-message-fds.c:278: !l_dbus_message_get_error(message, ((void *)0), ((void *)0))"
# unclear *why* this test fails.
doCheck = false;
});
gjs = prev.gjs.overrideAttrs (_upstream: {
# 2023/01/30: one test times out. probably flakey test that only got built because i patched mesa.
doCheck = false;
});
gssdp = prev.gssdp.overrideAttrs (_upstream: {
# 2023/02/11
# fixes "ERROR:../tests/test-regression.c:429:test_ggo_7: assertion failed (error == NULL): Failed to set multicast interfaceProtocol not available (gssdp-error, 1)"
doCheck = false;
});
json-glib = prev.json-glib.overrideAttrs (_upstream: {
# 2023/02/11
# fixes: "15/15 json-glib:docs / doc-check TIMEOUT 30.52s killed by signal 15 SIGTERM"
doCheck = false;
});
lapack-reference = prev.lapack-reference.overrideAttrs (_upstream: {
# 2023/02/11: test timeouts
# > The following tests FAILED:
# > 93 - LAPACK-xlintstz_ztest_in (Timeout)
# > 98 - LAPACK-xeigtstz_svd_in (Timeout)
# > 99 - LAPACK-xeigtstz_zec_in (Timeout)
doCheck = false;
});
libadwaita = prev.libadwaita.overrideAttrs (_upstream: {
# 2023/01/30: one test times out. probably flakey test that only got built because i patched mesa.
doCheck = false;
});
libsecret = prev.libsecret.overrideAttrs (_upstream: {
# 2023/01/30: one test times out. probably flakey test that only got built because i patched mesa.
doCheck = false;
});
libuv = prev.libuv.overrideAttrs (_upstream: {
# 2023/02/11
# 2 tests fail:
# - not ok 261 - tcp_bind6_error_addrinuse
# - not ok 267 - tcp_bind_error_addrinuse_listen
doCheck = false;
});
pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
(py-next: py-prev: {
ipython = py-prev.ipython.overridePythonAttrs (upstream: {
# > FAILED IPython/core/tests/test_debugger.py::test_xmode_skip - pexpect.exceptions.TIMEOUT: Timeout exceeded.
# > FAILED IPython/core/tests/test_debugger.py::test_decorator_skip - pexpect.exceptions.TIMEOUT: Timeout exceeded.
# > FAILED IPython/core/tests/test_debugger.py::test_decorator_skip_disabled - pexpect.exceptions.TIMEOUT: Timeout exceeded.
# > FAILED IPython/core/tests/test_debugger.py::test_decorator_skip_with_breakpoint - pexpect.exceptions.TIMEOUT: Timeout exceeded.
# > FAILED IPython/core/tests/test_debugger.py::test_where_erase_value - pexpect.exceptions.TIMEOUT: Timeout exceeded.
# > FAILED IPython/terminal/tests/test_debug_magic.py::test_debug_magic_passes_through_generators - pexpect.exceptions.TIMEOUT: Timeout exceeded.
# > FAILED IPython/terminal/tests/test_embed.py::test_nest_embed - pexpect.exceptions.TIMEOUT: Timeout exceeded.
disabledTestPaths = upstream.disabledTestPaths or [] ++ [
"IPython/core/tests/test_debugger.py"
"IPython/terminal/tests/test_debug_magic.py"
"IPython/terminal/tests/test_embed.py"
];
});
pytest-xdist = py-prev.pytest-xdist.overridePythonAttrs (upstream: {
# 2023/02/19
# 4 tests fail:
# - FAILED: testing/test_remote.py::TestWorkInteractor::* - execnet.gateway_base.TimeoutError: no item after 10.0 seconds
# doCheck = false;
disabledTestPaths = upstream.disabledTestPaths or [] ++ [
"testing/test_remote.py"
];
# disabledTests = upstream.disabledTests or [] ++ [
# "test_basic_collect_and_runtests"
# "test_remote_collect_fail"
# "test_remote_collect_skip"
# "test_runtests_all"
# ];
});
})
];
strp = prev.srtp.overrideAttrs (_upstream: {
# 2023/02/11
# roc_driver test times out after 30s
doCheck = false;
});
})

View File

@@ -13,7 +13,7 @@ in
(symlinkJoin {
name = "gpodder-configured";
paths = [ gpodder remove-extra ];
buildInputs = [ makeWrapper ];
nativeBuildInputs = [ makeWrapper ];
# gpodder keeps all its feeds in a sqlite3 database.
# we can configure the feeds externally by wrapping gpodder and just instructing it to import

View File

@@ -0,0 +1,5 @@
## to add a new network
- connect to it (via GUI or `iwctl` TUI)
- find it under `/var/lib/iwd`
- `sops ./<NETWORK_NICKNAME>.psk.bin` and paste the contents from `/var/lib/iwd/SSID.psk`
- in same file: add `# SSID=UNQUOTED_NETWORK_NAME` to the top

View File

@@ -0,0 +1,48 @@
{
"data": "ENC[AES256_GCM,data:OaFr+OOaBxi0PaApOYLUjJ0NgD5ABBQOaf6KpR9rheE2d1pQNa0jqnD4/ttqJrq8JjZT2Y6GDSwM5gPM,iv:TuyQPPDXM8cJU/GhJpdvxwB8+v6JavHcA+vmLHA3/74=,tag:V6RTKw6Cot4B4sK1JcRGmA==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvNzNHZWcvTmVVaGFabUU3\ndnZwVFdVcFBXZkoxTFA5WEZMMnRvUDBsS1NrCnRKUTNDZExFL1drSjBTakw1VmZW\nYWJzTUtVN0lrWXdiRk9QaVNmZmRqSjAKLS0tIGtHTzNUUnlnU2duNDF6UUlzUUJa\nSXhxQmRXZEZKK2htenF6N1kzV1VvancKP8jZotJe9188kId6cwVzITNwtELegpzi\nOKrWPWuIveSdMGmMsRDAcQbL0xVN0qd+Y4qsZ9l6e+cVAT3cHb1vDg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLemhLZUwzSVJLNUhYQXQ3\nY3ExU1BJUzY4a24vUjRmazhtc1RIcVpyem1jCmFEVzlIZkxjSUc0RTdqQWRLTGNS\nL3FaRFhjdnZqNFk0WDFSY0xOTENxMkEKLS0tIDVzK1lPM1FlWmZLZFA0ZDlPKzla\naXRqTk90aVNTRHlNZ2FmcVY3b1JKbEkKTu8tiEKyab1bOsgdsRlEWeG9wzdg/d/s\nPfh7rnvf7Ex8Jl6qSq6xMPkv+19EbSpfSq0FRtCue/Wcce3cUmGToA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1z8fauff34cdecr6sjkre260luzxcca05kpcwvhx988d306tpcejsp63znu",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyZUY4OW5UNXFjOXQrUklu\nK3poU3RNVnBtc251TmRtMGJ6Z0ordDFhUGhjCms2a1o1Z1plNlpwSlYrUEEzRDZm\naHdEVVIzRnExNVhzci8vN0ZIODh3QzgKLS0tIGUxZ2gvbGM3YnMwVXU1RnNOSlBO\nVE94UFdKaDkwbmV5YjlBWm9ZZkk4Q0UK6CaPAtRrXKUzR29ZfXV8MvqszTu8LkT2\nQPlNJ4ckgTyivyseukR8X5fPKrrXIVtE+C6Xk5mJ6nGKD+oLprhpag==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1zsrsvd7j6l62fjxpfd2qnhqlk8wk4p8r0dtxpe4sdgnh2474095qdu7xj9",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUUk1yL3dLUnBpNWNxMzQw\ncDdVa0szNjBVNnNXdmZwNVNEK1RwUzJTMlhZCm9oV3NaZ3k0SERKMEZCQTRtRUI2\nVmdzWndQT1c4UUh2MzQyMEErdm96NG8KLS0tIG1aUElzK2VjUTNYOGRpbkpZTDVz\ncG9jR0VzNi9jYmdCTU1qMmJtNFNUaU0KkrIx2BKjj7l+52Kk/L8rNZYAsa87z9UH\nDtxhLTnQu8DPtm5o2sbGdEZgt9qKPJiylLNKVne3EyscMaehdB17RA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1vnw7lnfpdpjn62l3u5nyv5xt2c965k96p98kc43mcnyzpetrts9q54mc9v",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUSUtONWlzZ0JQbDB0L1FU\nWlhCL0p4d3lpamg3YWdIUVhDc1hVRWR1MVhFCkdZbEhnUG0vYTJVZnphdTZNSXBW\nVGdpemc5Q3hSenN4V09ZbTFOK3kzK0UKLS0tIG9ZWkdSMHhzTGJleFF5L2RsdUxK\nSEdtSlB0L2d4TTVWcDJWaE13NjFiTkkKWgfem58/ZKqVaXiL0UGVTjA7AhSkD8Fq\ne/i5HKN1Pvgv8TVPnZ9mtGP2gwwkoFYgxM8/0jBjJUm4QDbTkocVJw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1w7mectcjku6x3sd8plm8wkn2qfrhv9n6zhzlf329e2r2uycgke8qkf9dyn",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNR05jQnJZZDNndmZnOVNO\nRFhVU3pLUzBxeC9rQlRoVWFCN1Y0bjhBM25VCmJKSzhkMjF1L3pGRjZmOURNeUZE\nTU8vN2pYVmZzdWdpaVdqcXloNGhTSlUKLS0tIGovSG84amhyTFZHZ2FNdTl3SzJj\nN1dObkd6K2J0Y2Q5bG5DR0VaUk1uSlUKxShDW7BD6sENlFjqp7/wFbV4g4gD7u5d\npidF9F+vXhpoBIwLlhruzvwyNXG4hQcKfWCnliXhVvNYbgaooDDhRw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1tzlyex2z6t88tg9h82943e39shxhmqeyr7ywhlwpdjmyqsndv3qq27x0rf",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1MkJ1RkVBeHJnR1FGeDVi\nN0htdHZ3cVNCcTJabnlkSUQ4aHUxRndvbVhZClk2d2ZRTlJIVTg1T3dkKzdMRXJt\nNXh5OWtud3gvNWNkRWI1UE1kSytYOUUKLS0tIHhhQVpmRWtTYVFjSUN5aEVYWDJx\nS3hDMlFkVGQyM2U5QjlJMko4OGRWdkEKG98s0QVSs1o4MQ9937okXDS4WH41S1Aq\nUSL8idmlPUJzgdHshuLv2Ic2RXVjJu8V508trO8bTymrqkNAQ0miMA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age18vq5ktwgeaysucvw9t67drqmg5zd5c5k3le34yqxckkfj7wqdqgsd4ejmt",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAraXJQOHR6ZzE5TjNQYmpB\nSStEQS9mcUpMSXlFQ05DcllFSjNOT1pWdVJZCmtSL3FkZ2Q1cU1Fc1dZbG13eXJC\nTXJkN0NzWTlDOEFMRGNQUG5HQUNUVDgKLS0tIGRwcmVxS0lNQ09GdmxKY2pkQ2Yz\nSkpZam1ZQUN1L1FZZ010ZlhUV1N4VlkKqsFAE+xZ24IMzIFjbsgANdjiGwVZk5rq\n66y00bjw+uj6WOwQuE1I9WcYDhCXEUQB9u4Q+hzejaFzCJ90N/WF4w==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2023-01-07T03:06:02Z",
"mac": "ENC[AES256_GCM,data:L3wY2ZdR1ASbLbKXiipWfBiQ5cumItuiL1+TwTJhU5ZtxLe6SMUyhckvuX8hczlFPUlJQJDCwpgVBs9C6GRAU45jzHYmpcfF30auiRT2dF/2doH9yiYZoF7JtbTas0Kvt1yxlPfuTi5mFuJGAKDOw6+a5ayQHYlK3/RxAUn0yPc=,iv:U/vlmvI1l4u92eUDXRphS0tscLOlWorOdmT7wDwGbAM=,tag:bQayboRgsMKT6akDq+rzQw==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"
}
}

View File

@@ -1,5 +1,5 @@
{
"data": "ENC[AES256_GCM,data:OaFr+OOaBxi0PaApOYLUjJ0NgD5ABBQOaf6KpR9rheE2d1pQNa0jqnD4/ttqJrq8JjZT2Y6GDSwM5gPM,iv:TuyQPPDXM8cJU/GhJpdvxwB8+v6JavHcA+vmLHA3/74=,tag:V6RTKw6Cot4B4sK1JcRGmA==,type:str]",
"data": "ENC[AES256_GCM,data:HB8H4esi1JeRDvcvcAm9WAqr5L3Tre0aWQ/erwKro6q960NYJMNO0xbUSbp/QBd/u5zjuR56a+Jjhw+SWtxdjtMW2Iu2yFScQBoVTggeL4i1p7q4/HO2F4EMW8Q3pSu9AAa5RbXzCkHHvpB+eceQQIAYjVUC+9lFuUvCpBTfcqomNsonqfPmyGCu2iiK4VYV5uH56kwJMhRQCY+KpWXpdCE2pr3u1ikWHmBY/5Gr8r5srPVbpsb0JJG8+puPPiQ98Fplev9+kfw4KJHbgZ7CoQbL8Lg5eFqEJag7cTO2AlBWcA/oMfn1mOAffMhLXSDHxoOei2Ty5NXKe5oooeRCBd2PNxWMCRz+uprdkIlW9CBxppaP4S4c5g0bcotLjm7P9ms9DNEgHi89Qgjlu7yIQVEP7mp15g/srgvodURrjEQSnNvLZhlLNuncO4TzWM/9HgC2M+wzSt2ypJRp8nAkWfw1IuZ9Oz9BO6zOvPhNUJy361EGdOXwC435zUAydZakBTrlNd/Rw5+WFiFfJdTFeOzeQvqyQy+WrNS0jg91tMw8oNDf1p1iJ0j6D0Br3DYSNK0TxfdUXGyDLUpVpQpbVvMBbvwozTinuLkQzmXuqqb74nd0aBon8g4BJJSeVHFl13/eFdNKfbLLvD/ubIdKtg==,iv:OtYRb1AfJLVyZ9rmnUoCkzXHtO6yk7RZFcmnZYvHLek=,tag:I2wMiheAxY/j1jG0Rhying==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
@@ -8,39 +8,39 @@
"age": [
{
"recipient": "age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvNzNHZWcvTmVVaGFabUU3\ndnZwVFdVcFBXZkoxTFA5WEZMMnRvUDBsS1NrCnRKUTNDZExFL1drSjBTakw1VmZW\nYWJzTUtVN0lrWXdiRk9QaVNmZmRqSjAKLS0tIGtHTzNUUnlnU2duNDF6UUlzUUJa\nSXhxQmRXZEZKK2htenF6N1kzV1VvancKP8jZotJe9188kId6cwVzITNwtELegpzi\nOKrWPWuIveSdMGmMsRDAcQbL0xVN0qd+Y4qsZ9l6e+cVAT3cHb1vDg==\n-----END AGE ENCRYPTED FILE-----\n"
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSRGdDWXc2eW5VYVkxbXJp\nSWE1VE8wdEZVK2x3MHdmeEk1dWZyU1Q1QUVvCjJCV05ZV3FZdjl5VkNvMGkreWt0\nZTVWY1FwV21mQlIrVFFIWVFjOWw0TkUKLS0tIGRNRWlEaTdMM1l5M3MramVtZ0dh\nelh6RVM5TTh0MENOamsxRng5SnVpU3MKRwrQBe1PSYidsYakba+53yy1DoJb3Ppq\nDBhsYOBrkdQrS/0yG1ojm+VonVdZfBo53lUb+eGhroibhbOLZytdaQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLemhLZUwzSVJLNUhYQXQ3\nY3ExU1BJUzY4a24vUjRmazhtc1RIcVpyem1jCmFEVzlIZkxjSUc0RTdqQWRLTGNS\nL3FaRFhjdnZqNFk0WDFSY0xOTENxMkEKLS0tIDVzK1lPM1FlWmZLZFA0ZDlPKzla\naXRqTk90aVNTRHlNZ2FmcVY3b1JKbEkKTu8tiEKyab1bOsgdsRlEWeG9wzdg/d/s\nPfh7rnvf7Ex8Jl6qSq6xMPkv+19EbSpfSq0FRtCue/Wcce3cUmGToA==\n-----END AGE ENCRYPTED FILE-----\n"
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZSXU2TnQyT2JtUDRKMVhZ\nclNtNHNEWTlXY2JNN2ZVcXY5OVlNcWhHNFNrCjJnTUlpaDVmcHo1NUJpUk5GMldz\nSzQ2QWhHN2VSeGlPSmtMSSt2TG1CN00KLS0tIGY0U3UzN0NwWE96b3kwUU9tbW5U\ncjhETWV0R3lJSHcydXQ1bTVOYnVHN2cKs35cc525DpaAnsNzDa/ooq53QSaquMxW\nvjI/+9I+q4MP+XrRTPNSl0YRyy7ZZyDQaGgj6ljOFEb66irMEotKGw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1z8fauff34cdecr6sjkre260luzxcca05kpcwvhx988d306tpcejsp63znu",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyZUY4OW5UNXFjOXQrUklu\nK3poU3RNVnBtc251TmRtMGJ6Z0ordDFhUGhjCms2a1o1Z1plNlpwSlYrUEEzRDZm\naHdEVVIzRnExNVhzci8vN0ZIODh3QzgKLS0tIGUxZ2gvbGM3YnMwVXU1RnNOSlBO\nVE94UFdKaDkwbmV5YjlBWm9ZZkk4Q0UK6CaPAtRrXKUzR29ZfXV8MvqszTu8LkT2\nQPlNJ4ckgTyivyseukR8X5fPKrrXIVtE+C6Xk5mJ6nGKD+oLprhpag==\n-----END AGE ENCRYPTED FILE-----\n"
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvVWZMU3RoTDNqc0ZtcDBQ\nUllueVdFRjJhRGQ0MG5oMjNVUmt3SDgxMHhRCk10cCtGMUdEMW8zVFMvckJ5aXF5\nRjB5eHE3K1lIeGNOWFVRQVA1SkRRbVkKLS0tIDZJRDNCOW9iZFBISDg1OWtWcWto\nV3VUSmtzUXdtQ2Zsa2F5eWVXUXFZUG8KsqIQV7vKqbC1LKbDHJzQCbKmBqKLWZrI\nyt/mK0jfpQGS4vucmitMoEMsACrV1vG8hLC1yrt+gHudZX9zvtVLSw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1zsrsvd7j6l62fjxpfd2qnhqlk8wk4p8r0dtxpe4sdgnh2474095qdu7xj9",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUUk1yL3dLUnBpNWNxMzQw\ncDdVa0szNjBVNnNXdmZwNVNEK1RwUzJTMlhZCm9oV3NaZ3k0SERKMEZCQTRtRUI2\nVmdzWndQT1c4UUh2MzQyMEErdm96NG8KLS0tIG1aUElzK2VjUTNYOGRpbkpZTDVz\ncG9jR0VzNi9jYmdCTU1qMmJtNFNUaU0KkrIx2BKjj7l+52Kk/L8rNZYAsa87z9UH\nDtxhLTnQu8DPtm5o2sbGdEZgt9qKPJiylLNKVne3EyscMaehdB17RA==\n-----END AGE ENCRYPTED FILE-----\n"
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpbi9kSnUvdDdlWVBBQXY5\ncy9DYjNBNlMxd2tXMHRDUjl2WFZTd3NySVRZClZJendtditxZVluQUNXM1VlS0tz\nSFBMQ1FHbks1VFgvM0ExQmw5SkYwZE0KLS0tIHUvVGkrV3VmZ2RodDhFMktYcTYv\nRGhxL1hQMDlPZHhXRTdRcnVnZjdxQ1EKFcSljMApXgz3sKoiBTstm9BErhlLL5HR\n7LTocTL1s2s0yLFHedNmbad4kRA3mTAywwNtfAEZ3vWx+WB4NOhS7A==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1vnw7lnfpdpjn62l3u5nyv5xt2c965k96p98kc43mcnyzpetrts9q54mc9v",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUSUtONWlzZ0JQbDB0L1FU\nWlhCL0p4d3lpamg3YWdIUVhDc1hVRWR1MVhFCkdZbEhnUG0vYTJVZnphdTZNSXBW\nVGdpemc5Q3hSenN4V09ZbTFOK3kzK0UKLS0tIG9ZWkdSMHhzTGJleFF5L2RsdUxK\nSEdtSlB0L2d4TTVWcDJWaE13NjFiTkkKWgfem58/ZKqVaXiL0UGVTjA7AhSkD8Fq\ne/i5HKN1Pvgv8TVPnZ9mtGP2gwwkoFYgxM8/0jBjJUm4QDbTkocVJw==\n-----END AGE ENCRYPTED FILE-----\n"
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYUU5VenRYVTBQT0o0dFdz\nRHFjNGpRQ3VkaWF4a3p5ZitrY1JWTnVuckUwClFjZG96VVVDaWZPNnJaK0Q5VG83\nUkpGME5KQk1IL0tQendPSEwwZGptMVEKLS0tIHJDZTg2UFBJNytPL285cy8wcVFL\ncjRYZXVoamUwRVZwK3JnQUxhM3lEOVkK6obmbqk+5PNp1dflUb1l12hfat33JOFD\nFfr7iCU16nGeNYKqQ6VWXkPeRmr7xLi4FKHSgG0q/KFjlpEikBwD/g==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1w7mectcjku6x3sd8plm8wkn2qfrhv9n6zhzlf329e2r2uycgke8qkf9dyn",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNR05jQnJZZDNndmZnOVNO\nRFhVU3pLUzBxeC9rQlRoVWFCN1Y0bjhBM25VCmJKSzhkMjF1L3pGRjZmOURNeUZE\nTU8vN2pYVmZzdWdpaVdqcXloNGhTSlUKLS0tIGovSG84amhyTFZHZ2FNdTl3SzJj\nN1dObkd6K2J0Y2Q5bG5DR0VaUk1uSlUKxShDW7BD6sENlFjqp7/wFbV4g4gD7u5d\npidF9F+vXhpoBIwLlhruzvwyNXG4hQcKfWCnliXhVvNYbgaooDDhRw==\n-----END AGE ENCRYPTED FILE-----\n"
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEaTZOdWtsWFRoVktXSjJF\nRHBQTVd3OXFBbkRJZzZiQXFIRlRrdFh0M2lFCnpmS1pxYzFvSmlZSTIrMTgvangy\nWDhySUdpUXExRnphazNBcjg0cktSN1EKLS0tIG03dTlqQ25EV0dRWHJvUy96TzRU\nRVFOL2ZZMmVLc1g5SGgrc2VHTlNMeGcKqy+ulNsanMLch1oMq/gSlPO0gy/NO6Gn\ndX1hAe4UPo05nxf58rEDd3ejXliU4ZEvk9p999nFcg85vTvyw9/K/A==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1tzlyex2z6t88tg9h82943e39shxhmqeyr7ywhlwpdjmyqsndv3qq27x0rf",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1MkJ1RkVBeHJnR1FGeDVi\nN0htdHZ3cVNCcTJabnlkSUQ4aHUxRndvbVhZClk2d2ZRTlJIVTg1T3dkKzdMRXJt\nNXh5OWtud3gvNWNkRWI1UE1kSytYOUUKLS0tIHhhQVpmRWtTYVFjSUN5aEVYWDJx\nS3hDMlFkVGQyM2U5QjlJMko4OGRWdkEKG98s0QVSs1o4MQ9937okXDS4WH41S1Aq\nUSL8idmlPUJzgdHshuLv2Ic2RXVjJu8V508trO8bTymrqkNAQ0miMA==\n-----END AGE ENCRYPTED FILE-----\n"
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpYXYzVEJyYUs2a0s2aW84\neHZwbWhUSmpTbFg5c3RiV2N0OE05R21IeGhvClRzTDk1M1VPMFZpWlNPcEp3Q0tJ\nUjlWMHVBbUtiRmlwZUpKZWlPdHYxaWMKLS0tIDBVOUNxbW8yM1JJRk81QmdBOWp5\nL0xsL2U2VDdMR1YrWHpEQVNWU3YySG8KceuhQOvfHl3EDlxXbUT9PR0CAxP5+iDs\ngEBnRKpCfhq+Fr84fmlZmIBF9R5fmAn1Aq290U0ak3eHz+GWLlTgjA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age18vq5ktwgeaysucvw9t67drqmg5zd5c5k3le34yqxckkfj7wqdqgsd4ejmt",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAraXJQOHR6ZzE5TjNQYmpB\nSStEQS9mcUpMSXlFQ05DcllFSjNOT1pWdVJZCmtSL3FkZ2Q1cU1Fc1dZbG13eXJC\nTXJkN0NzWTlDOEFMRGNQUG5HQUNUVDgKLS0tIGRwcmVxS0lNQ09GdmxKY2pkQ2Yz\nSkpZam1ZQUN1L1FZZ010ZlhUV1N4VlkKqsFAE+xZ24IMzIFjbsgANdjiGwVZk5rq\n66y00bjw+uj6WOwQuE1I9WcYDhCXEUQB9u4Q+hzejaFzCJ90N/WF4w==\n-----END AGE ENCRYPTED FILE-----\n"
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmTU1tT2cvUEpQWnpOWE1x\nNXlENUgvckd1dzZHU21PbVprOUpnVVA1OHpnCjZjOFJBR3hRbHBlbkMrbUFNa0Fl\nNDVKZ0IxWkgyWUhvckQxaW5wbEIxWmsKLS0tIGxTdUVWcEh2K3g2NFFIb2FmZG5a\nOWkwRUtlMVpRMWFOb25QVWF1bU9QZzgKcjkcHLqSSncBsmaricXdAzSWeaKlgbmb\nMbU1lXSZymzmNiu7J1O4MsgWgZv8N/E1HTFqcRv2+wPz8FVDLPL0Fg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2023-01-07T03:06:02Z",
"mac": "ENC[AES256_GCM,data:L3wY2ZdR1ASbLbKXiipWfBiQ5cumItuiL1+TwTJhU5ZtxLe6SMUyhckvuX8hczlFPUlJQJDCwpgVBs9C6GRAU45jzHYmpcfF30auiRT2dF/2doH9yiYZoF7JtbTas0Kvt1yxlPfuTi5mFuJGAKDOw6+a5ayQHYlK3/RxAUn0yPc=,iv:U/vlmvI1l4u92eUDXRphS0tscLOlWorOdmT7wDwGbAM=,tag:bQayboRgsMKT6akDq+rzQw==,type:str]",
"lastmodified": "2023-02-15T01:53:52Z",
"mac": "ENC[AES256_GCM,data:C0zS4XzJ4HHaOZiZrZnd3fbdoEoMcWTQmJnyu0irYo9UGbXzs58EoHC1PJjoxdauD7zIby5DqW88Y9tzG0j5Wc8AveAHZ97XQs/9vHMBI2PeBrduUDVPZL7UwBxKSimaXcJLBylUvpO5/j1Ceg+/nf4lzD0OJksJP5B2MFWIH0A=,iv:DEiGZyvc0ugiJ9DHDNqkA6+D2r7PvTi5qsCzpvzxXdM=,tag:wFzeFvrrK8FqQ3LapHCB9Q==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"