colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

merge into: colin:staging/2022-10-08-flutter-update
Branches Tags
colin:master colin:2025-03-02-pure colin:2025-02-23-nixpkgs-update colin:2025-02-17-nixpkgs-update-2 colin:2025-02-17-nixpkgs-update colin:2025-01-30-wip-blanket colin:2025-01-30-wip-sane-vpn-up-bind-fix colin:2024-12-29-bind colin:2024-12-26-nixpkgs-update colin:2024-09-25-ppp-kernel colin:2024-09-20-megapixels colin:2024-08-14-wip-sandbox-share colin:2024-08-12-wip-flatpak colin:2024-08-11-wip-firefox-xdg-open colin:wip-2024-08-01-nixpkgs-bump colin:wip-secure-mounts colin:wip-login-gocryptfs-rework2 colin:dev colin:save-geoclue-polkit-override colin:wip-doofnet colin:tx-to-desko colin:wip-nm-systemd-sandbox colin:test-nm-nixpkgs-refactor colin:wip-polyunfill-pam colin:wip-trust-dns colin:wip-mpv-sysvol colin:wip-s6-2 colin:wip-nix-fast-build colin:wg-dev colin:wip-mootube colin:wip-swaync-update colin:wip-sxmo-suspend colin:sxmo-sway-merge colin:dev-export colin:wip-proot3 colin:wip-emulate-builder3 colin:wip-emulate-builder2 colin:wip-emulate-builder colin:staging/nixpkgs-2023-07-29 colin:staging/nixpkgs-2023-07-25 colin:wip/koreader colin:staging/gtk-theme colin:staging/nixpkgs-2023-06-27 colin:staging/nixpkgs-2023-06-23 colin:staging/nixpkgs-2023-06-22 colin:wip/sxmo-as-pkg2 colin:wip/sxmo-as-pkg colin:staging/nixpkgs-2023-06-10 colin:staging/nixpkgs-2023-06-07 colin:staging/jellyfin-cross colin:staging/dns-refactor colin:staging/nixpkgs-2023-05-24 colin:staging/nixpkgs-2023-05-22 colin:staging/librewolf-ext colin:staging/nixpkgs-2023-05-14 colin:staging/nur colin:staging/nixpkgs-2023-04-28 colin:staging/nixpkgs-2023-04-24-staging-next colin:staging/nixpkgs-2023-04-19-staging-next colin:staging/nixpkgs-2023-04-11 colin:staging/nixpkgs-2023-04-08 colin:wip/less-disable-flakey-tests colin:staging/nixpkgs-next-2023-03-28 colin:staging/nixpkgs-next-2023-03-11 colin:staging/nixpkgs-2023-03-09 colin:staging/nixpkgs-2023-03-08 colin:staging/nixpkgs-2023-03-04 colin:staging/ccache colin:wip/ccache colin:staging/mesa-downgrade-10 colin:staging/mesa-downgrade-12 colin:staging/nixpkgs-2023-02-25 colin:staging/mesa-downgrade-9 colin:staging/mesa-downgrade-8 colin:staging/nixpkgs-2023-02-09 colin:staging/mesa-downgrade-7 colin:staging/mesa-downgrade-6 colin:staging/mesa-downgrade-5 colin:staging/mesa-downgrade-4 colin:staging/mesa-downgrade-3 colin:staging/mesa-downgrade-2 colin:staging/nixpkgs-2023-02-01 colin:staging/mesa-downgrade colin:wip/packages2 colin:wip/packages colin:archive/dovecot-sieve colin:historic/fix-handbrake colin:wip/sway3-dbg colin:wip/sway2 colin:wip/sway colin:staging/nixpkgs-2023-01-25 colin:staging/linux-6.2 colin:staging/nixpkgs-2023-01-23 colin:wip/hosts colin:staging/nixpkgs-2023-01-15 colin:wip/signal colin:wip/mx-signal colin:wip/flake-std-uri colin:stable colin:staging/master colin:wip/moby-kernel colin:wip/feeds3 colin:wip/feeds2 colin:wip/overlays colin:wip/feeds colin:staging/merge colin:staging/nixpkgs-2023-01-04 colin:staging/impermanence-stores colin:wip/impermanence-fs colin:staging/impermanence-encrypt2 colin:staging/impermanence-encrypt colin:staging/nixpkgs-2022-12-22 colin:staging/nixpkgs-2022-12-18 colin:staging/nixpkgs-2022-12-02 colin:staging/moby-6.1.0-rc7 colin:staging/nixpkgs-2022-11-27 colin:ryzen-servo colin:staging/nixpkgs-2022-11-21 colin:staging/nixpkgs-2022-11-09 colin:staging/lightdm-mobile-upstream colin:staging/nixpkgs-2022-10-31 colin:stacking/nixpkgs-2022-10-30 colin:staging/nixpkgs-2022-10-29 colin:wip/tokodon colin:staging/pleroma-update colin:staging/nixpkgs-2022-10-22 colin:testing/munin colin:staging/nixpkgs-2022-10-20 colin:staging/phosh-lightdm colin:archive/2022-10-14-matrix-appservice-discord colin:staging/nixpkgs-2022-10-08 colin:wip/arm-flutter colin:staging/2022-10-08-flutter-update colin:staging/phosh-mobile-settings-2 colin:staging/phosh-mobile-settings colin:fork/alsa-pinephone-patch colin:wip.fluffychat.2022.09.20 colin:wip/fluffychat colin:wip-vulkan colin:wip-servoimg colin:wip-kaiteki
colin:test-tag
...
pull from: colin:staging/nixpkgs-2022-10-29
Branches Tags
colin:master colin:2025-03-02-pure colin:2025-02-23-nixpkgs-update colin:2025-02-17-nixpkgs-update-2 colin:2025-02-17-nixpkgs-update colin:2025-01-30-wip-blanket colin:2025-01-30-wip-sane-vpn-up-bind-fix colin:2024-12-29-bind colin:2024-12-26-nixpkgs-update colin:2024-09-25-ppp-kernel colin:2024-09-20-megapixels colin:2024-08-14-wip-sandbox-share colin:2024-08-12-wip-flatpak colin:2024-08-11-wip-firefox-xdg-open colin:wip-2024-08-01-nixpkgs-bump colin:wip-secure-mounts colin:wip-login-gocryptfs-rework2 colin:dev colin:save-geoclue-polkit-override colin:wip-doofnet colin:tx-to-desko colin:wip-nm-systemd-sandbox colin:test-nm-nixpkgs-refactor colin:wip-polyunfill-pam colin:wip-trust-dns colin:wip-mpv-sysvol colin:wip-s6-2 colin:wip-nix-fast-build colin:wg-dev colin:wip-mootube colin:wip-swaync-update colin:wip-sxmo-suspend colin:sxmo-sway-merge colin:dev-export colin:wip-proot3 colin:wip-emulate-builder3 colin:wip-emulate-builder2 colin:wip-emulate-builder colin:staging/nixpkgs-2023-07-29 colin:staging/nixpkgs-2023-07-25 colin:wip/koreader colin:staging/gtk-theme colin:staging/nixpkgs-2023-06-27 colin:staging/nixpkgs-2023-06-23 colin:staging/nixpkgs-2023-06-22 colin:wip/sxmo-as-pkg2 colin:wip/sxmo-as-pkg colin:staging/nixpkgs-2023-06-10 colin:staging/nixpkgs-2023-06-07 colin:staging/jellyfin-cross colin:staging/dns-refactor colin:staging/nixpkgs-2023-05-24 colin:staging/nixpkgs-2023-05-22 colin:staging/librewolf-ext colin:staging/nixpkgs-2023-05-14 colin:staging/nur colin:staging/nixpkgs-2023-04-28 colin:staging/nixpkgs-2023-04-24-staging-next colin:staging/nixpkgs-2023-04-19-staging-next colin:staging/nixpkgs-2023-04-11 colin:staging/nixpkgs-2023-04-08 colin:wip/less-disable-flakey-tests colin:staging/nixpkgs-next-2023-03-28 colin:staging/nixpkgs-next-2023-03-11 colin:staging/nixpkgs-2023-03-09 colin:staging/nixpkgs-2023-03-08 colin:staging/nixpkgs-2023-03-04 colin:staging/ccache colin:wip/ccache colin:staging/mesa-downgrade-10 colin:staging/mesa-downgrade-12 colin:staging/nixpkgs-2023-02-25 colin:staging/mesa-downgrade-9 colin:staging/mesa-downgrade-8 colin:staging/nixpkgs-2023-02-09 colin:staging/mesa-downgrade-7 colin:staging/mesa-downgrade-6 colin:staging/mesa-downgrade-5 colin:staging/mesa-downgrade-4 colin:staging/mesa-downgrade-3 colin:staging/mesa-downgrade-2 colin:staging/nixpkgs-2023-02-01 colin:staging/mesa-downgrade colin:wip/packages2 colin:wip/packages colin:archive/dovecot-sieve colin:historic/fix-handbrake colin:wip/sway3-dbg colin:wip/sway2 colin:wip/sway colin:staging/nixpkgs-2023-01-25 colin:staging/linux-6.2 colin:staging/nixpkgs-2023-01-23 colin:wip/hosts colin:staging/nixpkgs-2023-01-15 colin:wip/signal colin:wip/mx-signal colin:wip/flake-std-uri colin:stable colin:staging/master colin:wip/moby-kernel colin:wip/feeds3 colin:wip/feeds2 colin:wip/overlays colin:wip/feeds colin:staging/merge colin:staging/nixpkgs-2023-01-04 colin:staging/impermanence-stores colin:wip/impermanence-fs colin:staging/impermanence-encrypt2 colin:staging/impermanence-encrypt colin:staging/nixpkgs-2022-12-22 colin:staging/nixpkgs-2022-12-18 colin:staging/nixpkgs-2022-12-02 colin:staging/moby-6.1.0-rc7 colin:staging/nixpkgs-2022-11-27 colin:ryzen-servo colin:staging/nixpkgs-2022-11-21 colin:staging/nixpkgs-2022-11-09 colin:staging/lightdm-mobile-upstream colin:staging/nixpkgs-2022-10-31 colin:stacking/nixpkgs-2022-10-30 colin:staging/nixpkgs-2022-10-29 colin:wip/tokodon colin:staging/pleroma-update colin:staging/nixpkgs-2022-10-22 colin:testing/munin colin:staging/nixpkgs-2022-10-20 colin:staging/phosh-lightdm colin:archive/2022-10-14-matrix-appservice-discord colin:staging/nixpkgs-2022-10-08 colin:wip/arm-flutter colin:staging/2022-10-08-flutter-update colin:staging/phosh-mobile-settings-2 colin:staging/phosh-mobile-settings colin:fork/alsa-pinephone-patch colin:wip.fluffychat.2022.09.20 colin:wip/fluffychat colin:wip-vulkan colin:wip-servoimg colin:wip-kaiteki
colin:test-tag

157 Commits
staging/20 ... staging/ni

Author SHA1 Message Date
colin
9acf2dfde1 gocryptfs: cross-compile for aarch64 2022-10-31 03:05:24 -07:00
colin
4b5accac88 flake update: nixpkgs: 2022-10-22 -> 2022-10-29 and others 
```
• Updated input 'mobile-nixos':
    'github:nixos/mobile-nixos/1351091d2537040454fa232d8b94e745ab0eb5a3' (2022-10-24)
  → 'github:nixos/mobile-nixos/da56c338a2b00c868697b75bdbd388f60d50c820' (2022-10-30)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/95aeaf83c247b8f5aa561684317ecd860476fcd6' (2022-10-22)
  → 'github:NixOS/nixpkgs/fdebb81f45a1ba2c4afca5fd9f526e1653ad0949' (2022-10-29)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/3933d8bb9120573c0d8d49dc5e890cb211681490' (2022-10-22)
  → 'github:NixOS/nixpkgs/26eb67abc9a7370a51fcb86ece18eaf19ae9207f' (2022-10-30)
• Updated input 'rycee':
    'gitlab:rycee/nur-expressions/43d3a363c126968db46585b88b8eb97dd32634ad' (2022-10-27)
  → 'gitlab:rycee/nur-expressions/5fb3c4733c00a7e7be69877d057f6760d85cecb8' (2022-10-29)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/1b5f9512a265f0c9687dbff47893180f777f4809' (2022-10-23)
  → 'github:Mic92/sops-nix/448ec3e7eb7c7e4563cc2471db748a71baaf9698' (2022-10-30)
• Updated input 'sops-nix/nixpkgs-22_05':
    'github:NixOS/nixpkgs/f9115594149ebcb409a42e303bec4956814a8419' (2022-10-23)
  → 'github:NixOS/nixpkgs/6440d13df2327d2db13d3b17e419784020b71d22' (2022-10-30)
• Updated input 'uninsane':
    'git+https://git.uninsane.org/colin/uninsane?ref=refs%2fheads%2fmaster&rev=4ad1801f6cecd678bbeae5dfe5933448dd7b3360' (2022-10-14)
  → 'git+https://git.uninsane.org/colin/uninsane?ref=refs%2fheads%2fmaster&rev=80c6ec95bd430e29d231cf745f19279bb76fb382' (2022-10-27)
```
 2022-10-30 23:47:29 -07:00
colin
cb00ae4f92 update nautilus gtk4 patch SHA 
it's been merged into nixpkgs; manual patch will likely go away after
next nixpkgs update
 2022-10-30 21:33:58 -07:00
colin
7c38c1dbe9 de-persist /etc/machine-id, and generate it from the ssh key instead 
note that /etc/machine-id now contains a different value than before,
meaning `journalctl` will not show logs from before the time of this
change.
 2022-10-30 21:02:41 -07:00
colin
b3b45ec0f2 fix host ssh key persistence 2022-10-30 20:03:00 -07:00
colin
34d77542e7 impermanence: ensure /etc/ssh is populated before we decode machine secrets during activation 
the impermanence activation scripts don't appear to mount folders --
only files. rather, the impermanence module creates fstab entries for
each bind mount folder, and *something* (systemd?) mounts these *after*
/run/current-system/activate is run.

therefore, if we want access to a bind-mounted directory during
activateion, we have to manually mount it.
i.e. `mount /etc/ssh/host_keys`.
 2022-10-30 05:59:55 -07:00
colin
6236c14def vendor librewolf addons instead of fetching them on first run 
this obviously speeds up startup, it's hopefully also less likely to
break surprisingly, and i hope it's the path to me shipping forks of
official extensions.
 2022-10-27 03:20:29 -07:00
colin
0c0f8c44bd Merge branch 'master' of git.uninsane.org:colin/nix-files 2022-10-26 07:18:41 -07:00
colin
7f97786a88 librewolf: use browserpass password store 
this is working -- forked to support sops as a backend --
without totp support yet. it's possible in theory: i might just need to
write some adapter logic.

upstream discussion about genericizing backend support:
- <https://github.com/browserpass/browserpass-native/issues/127>
 2022-10-26 07:13:55 -07:00
colin
db2e156f15 home: enable celluloid mpv frontend 
i want to test this on mobile
 2022-10-26 05:31:11 -07:00
colin
43efec495e librewolf: integrate with gopass 
it's able to list passwords, but not decrypt them:
i think i can solve this on the store side?
 2022-10-26 00:10:54 -07:00
colin
279f9ce614 lightdm-mobile-greeter: point directly to upstream, with a patch for their Cargo.lock 2022-10-25 22:05:49 -07:00
colin
7d02652e08 servo: freshrss: fix ExecStart path 2022-10-25 06:31:18 -07:00
colin
10e224be0d ssh: set known hosts via ~/.ssh/config 
this prevents the ssh agent from updating the known_hosts file
and confusing home-manager.
 2022-10-25 05:17:28 -07:00
colin
e25c92794f refactor: split ssh settings out of home-manager/default.nix 2022-10-25 05:06:33 -07:00
colin
a8d2b7196d statically populate ssh known_hosts 2022-10-25 05:01:32 -07:00
colin
a6cbecbc74 Merge branch 'staging/pleroma-update' 2022-10-25 04:18:25 -07:00
colin
518d2f60c0 pleroma: port ExifTool config 
the old path is deprecated, if my syslog is to be believed.
 2022-10-25 04:11:47 -07:00
colin
70e5ccc968 upgrade pleroma, thereby fixing servo build 2022-10-25 03:44:45 -07:00
colin
c44cad9c16 fractal: persist data in ~/private 2022-10-25 02:12:55 -07:00
colin
e3bf585382 persist ssh host keys in a subdirectory 2022-10-25 02:09:27 -07:00
colin
1fea9618ba zsh: remove rm and mv confirmations 2022-10-25 01:42:46 -07:00
colin
8d89f828b6 new sane script: sane-rcp 
i guess this could just be an alias? 🤷
 2022-10-25 01:19:05 -07:00
colin
e2985ef018 sane-scripts: new helper to redirect stdout to some permissioned file 2022-10-24 23:43:32 -07:00
colin
d54b595e45 RSS: subscribe to Edward Snowden 2022-10-24 20:23:14 -07:00
colin
ad75ed352c RSS: clean up the substack subs 2022-10-24 20:14:36 -07:00
colin
306836042c RSS: add my own feed :-) 2022-10-24 19:52:39 -07:00
colin
965181c8b0 moby: change password 2022-10-24 08:33:51 -07:00
colin
b344c38bfb provide a script for changing the ~/private dir secrets 
gocryptfs doesn't (i think?) ship a tool for changing the password: you
just create a new fs and rsync/mv the data
 2022-10-24 08:21:53 -07:00
colin
174bc539bc moby: enable a statically-assigned but encrypted password 2022-10-24 07:39:50 -07:00
colin
9ef457c0dd secrets/servo: grant access to lappy 2022-10-24 06:56:16 -07:00
colin
939278b970 home: migrate Element directory to private storage 2022-10-24 06:42:51 -07:00
colin
3d0bd0fbf4 remove TODO file 
some of these had been done. the ones not done are documented elsewhere
(either in this repo or in my own PKM).
 2022-10-24 06:20:22 -07:00
colin
36d8a711ac modules/services: abstract behind default.nix 2022-10-24 06:13:04 -07:00
colin
4c4b73f693 refactor: helpers/set-hostname.nix becomes machines/instantiate.nix 2022-10-24 06:06:11 -07:00
colin
9151f58b37 desko: set a password 2022-10-24 01:59:36 -07:00
colin
b2c55ed98a sane-private-unlock: make ~/private if it doesn't exist 2022-10-24 01:53:41 -07:00
colin
1721546410 store ssh keys in ~/private, where they're encrypted 2022-10-24 01:33:14 -07:00
colin
c833c68d83 move ssh pubkeys into their own file for future reuse 2022-10-24 01:33:01 -07:00
colin
9a4c2613c1 lappy: update passwd 2022-10-24 00:47:09 -07:00
colin
8de5b0a79d iwd: switch APs more aggressively 
unclear how much of a difference this makes yet: will hopefully
test/tune it over time.
 2022-10-24 00:25:19 -07:00
colin
ced64e63ef Merge remote-tracking branch 'remotes/origin/staging/nixpkgs-2022-10-22' 2022-10-24 00:22:41 -07:00
colin
8dd267db30 servo: goaccess: anonymize IPs and hide the 'HOSTS' panel 2022-10-24 00:16:42 -07:00
colin
10541698a7 flake update: nixpkgs 2022-10-19 -> 2022-10-22 & others 
```
• Updated input 'mobile-nixos':
    'github:nixos/mobile-nixos/2a4d4a71e1dfa6d9001249fd57229e949dac0908' (2022-10-21)
  → 'github:nixos/mobile-nixos/1351091d2537040454fa232d8b94e745ab0eb5a3' (2022-10-24)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/db25c4da285c5989b39e4ce13dea651a88b7a9d4' (2022-10-19)
  → 'github:NixOS/nixpkgs/95aeaf83c247b8f5aa561684317ecd860476fcd6' (2022-10-22)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/44fc3cb097324c9f9f93313dd3f103e78d722968' (2022-10-20)
  → 'github:NixOS/nixpkgs/3933d8bb9120573c0d8d49dc5e890cb211681490' (2022-10-22)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/8e470d4eac115aa793437e52e84e7f9abdce236b' (2022-10-18)
  → 'github:Mic92/sops-nix/1b5f9512a265f0c9687dbff47893180f777f4809' (2022-10-23)
• Updated input 'sops-nix/nixpkgs-22_05':
    'github:NixOS/nixpkgs/945a85cb7ee31f5f8c49432d77b610b777662d4f' (2022-10-15)
  → 'github:NixOS/nixpkgs/f9115594149ebcb409a42e303bec4956814a8419' (2022-10-23)
```
 2022-10-23 21:47:03 -07:00
colin
b658b93c64 lappy: store the hashed user passwd in git and decrypt it into /etc/passwd on boot 
this approach lets me persist the password. persisting /etc/shadow
directly wasn't so feasible. populating /etc/shadow at activation time
is something nix already does and is easy to plug into.
so we store the passwd hash in this repo, but encrypt it to the
destination machine's ssh pubkey to add enough entropy that it's not
brute-forceable through the public git repo.
 2022-10-23 06:53:06 -07:00
colin
f68bc342e8 fix activationScript ordering to remove sops double-decrypt hack 2022-10-23 06:53:05 -07:00
colin
e3221bf8b9 home: add handbrake program 2022-10-23 03:02:31 -07:00
colin
3cfe236e90 sane-sync-from-iphone: handle the case where /mnt/iphone is hung 2022-10-22 23:35:00 -07:00
colin
2b14648587 servo: persist the maildir 
this way i don't lose my mail on every reboot...

wow i can't believe it took me this long to make the connection.
 2022-10-22 07:00:56 -07:00
colin
0753aa59e9 refactor: move default home impermanence dirs to modules/universal/users.nix 2022-10-22 06:09:53 -07:00
colin
55cbce17c2 refactor: impermanence: remove duplicate function map-service-dirs 2022-10-22 06:03:04 -07:00
colin
ebf3152ced refactor: purge impermanence.home-files option 
persisting individual files doesn't work super well. we can do without
it and things are simpler.
 2022-10-22 05:56:04 -07:00
colin
8345375bc4 zsh: fix history path to be fully-qualified 
it's implicitly a relative path to where the shell is initialized.
 2022-10-22 05:52:05 -07:00
colin
cc63cacf28 new script to unlock ~/private 2022-10-22 05:47:17 -07:00
colin
8f61ba6085 zsh: move .zsh_history to ~/.local/share/zsh 
this works better with impermanence (see code comment)
 2022-10-22 04:08:37 -07:00
colin
b43103a024 refactor: move .zsh_history impermanence definition into zsh.nix 2022-10-22 04:02:40 -07:00
colin
187a52527b refactor: squash env directory 2022-10-22 03:56:50 -07:00
colin
b26e826b3b sway: add a config option to disable the greeter (and auto-login instead) 
i need this now as a way to keep gtk3 packages (in greetd) out of the
environment, so i can test the Nautilus gtk3-not-present bug.
 2022-10-22 01:31:51 -07:00
colin
3851136398 nginx/goaccess: opt-in *specific* hosts for public logs 
the other hosts are by default private. mostly because they're just
internal services where i'm the primary user.
 2022-10-21 22:38:38 -07:00
colin
635fee1bda nginx: include hostname in log so goaccess can group on it 2022-10-21 22:00:49 -07:00
colin
5048ee1ce5 servo: fix RSS feeds.nix invalid reference (fix build) 2022-10-21 21:59:17 -07:00
colin
e787dc29c6 servo: enable goaccess for metrics/monitoring 
TODO: change the nginx log format to include virtualhost and enable
goaccess to group by host
 2022-10-21 09:55:49 -07:00
colin
7cc44f9455 feeds: follow Anish Lakhwara 
supposedly. we'll see if my RSS client actually understands that feed...
 2022-10-21 09:30:54 -07:00
colin
419ababe6f home-manager: split discord.nix out of default.nix 2022-10-21 09:27:04 -07:00
colin
e4c0a0d468 home-manager: split aerc.nix out of default.nix 2022-10-21 09:15:08 -07:00
colin
0e63cd4e11 home-manager: split sublime-music.nix out of default.nix 2022-10-21 09:10:55 -07:00
colin
9328e5ff32 home: disable nb 2022-10-21 09:01:06 -07:00
colin
87dda0ad11 home: nb: move package inclusion to nb.nix 2022-10-21 08:59:04 -07:00
colin
46783cd0e2 home-manager: split nb out of default.nix 2022-10-21 08:53:08 -07:00
colin
f7d3b8128e home-manager: split vlc config out of default.nix 2022-10-21 08:47:21 -07:00
colin
9119f0b092 home-manager: split mpv config out of default.nix 2022-10-21 08:44:25 -07:00
colin
17189b22e9 home-manager: split git config out of default.nix 2022-10-21 08:41:28 -07:00
colin
7db3816511 home-manager: move librewolf out of default.nix 2022-10-21 08:38:20 -07:00
colin
8c20017544 home-manager: split neovim out of default.nix 2022-10-21 08:30:35 -07:00
colin
4c1f68f82f home-manager: split kitty out of default.nix 2022-10-21 08:24:07 -07:00
colin
289745f41a split zsh config out of home-manager.nix monolith 2022-10-21 08:20:30 -07:00
colin
d9caf70c6c home-manager: remove 'enable' option 2022-10-21 07:43:20 -07:00
colin
cf95a6e321 env: alias to mkdir + pushd 2022-10-21 07:06:55 -07:00
colin
155c095be8 moby: bump kernel 6.0.0 -> 6.0.2 2022-10-21 05:57:36 -07:00
colin
bafe7aa3c7 Merge branch 'staging/nixpkgs-2022-10-20' 2022-10-21 02:08:33 -07:00
colin
c9d57f2995 commit ensure-perms script for image post-processing 
this was created weeks ago and not committed
 2022-10-21 02:04:30 -07:00
colin
a8227bbcbc nix flake update (nixpkgs 2022-10-14 -> 2022-10-19 and others) 
```
• Updated input 'home-manager':
    'github:nix-community/home-manager/17208be516fc36e2ab0ceb064d931e90eb88b2a3' (2022-10-11)
  → 'github:nix-community/home-manager/b81e128fc053ab3159d7b464d9b7dedc9d6a6891' (2022-10-17)
• Updated input 'mobile-nixos':
    'github:nixos/mobile-nixos/e4b6f680b2a4f29f087a7c1299c11499d1a367b6' (2022-10-14)
  → 'github:nixos/mobile-nixos/2a4d4a71e1dfa6d9001249fd57229e949dac0908' (2022-10-21)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/4428e23312933a196724da2df7ab78eb5e67a88e' (2022-10-14)
  → 'github:NixOS/nixpkgs/db25c4da285c5989b39e4ce13dea651a88b7a9d4' (2022-10-19)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/e06bd4b64bbfda91d74f13cb5eca89485d47528f' (2022-10-12)
  → 'github:NixOS/nixpkgs/44fc3cb097324c9f9f93313dd3f103e78d722968' (2022-10-20)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/0ce0449e6404c4ff9d1b7bd657794ae5ca54deb3' (2022-10-09)
  → 'github:Mic92/sops-nix/8e470d4eac115aa793437e52e84e7f9abdce236b' (2022-10-18)
• Updated input 'sops-nix/nixpkgs-22_05':
    'github:NixOS/nixpkgs/b3783bcfb8ec54e0de26feccfc6cc36b8e202ed5' (2022-10-09)
  → 'github:NixOS/nixpkgs/945a85cb7ee31f5f8c49432d77b610b777662d4f' (2022-10-15)
```
 2022-10-21 00:42:30 -07:00
colin
1623367b13 commit ensure-perms script for image post-processing 
this was created weeks ago and not committed
 2022-10-21 00:03:57 -07:00
colin
90b0535c56 env: add gdb to enableDevPkgs 
this is especially useful for `coredumpctl`.
maybe useful enough that it should be in `environment.systemPackages`...
 2022-10-20 23:55:50 -07:00
colin
760d69efc0 Merge branch 'staging/phosh-lightdm' 2022-10-20 23:55:24 -07:00
colin
f8157961c8 phosh: ensure the user we want to login as is available in AccountsService 2022-10-20 23:41:52 -07:00
colin
25df2ebc28 phosh: lightdm: configure user-session so that the greeter properly launches phosh 2022-10-20 23:20:19 -07:00
colin
33110dc1d9 phosh/lightdm: configure default xorg session 2022-10-20 21:16:38 -07:00
colin
0fa602f1dd lightdm-mobile-greeter: update to 0.1.2 
better logging/error handling
 2022-10-20 19:59:03 -07:00
colin
48ff8e9ca7 more feedbackd user definition to phosh 2022-10-20 19:59:03 -07:00
colin
366e28e199 home-packages: create a new option to enable devPkgs 2022-10-20 19:59:03 -07:00
colin
06dcd8883a home-packages: create a new option to enable devPkgs 2022-10-20 18:03:01 -07:00
colin
ed03f7f929 lightdm-mobile-greeter: create passthru.xgreeters like other lightdm greeters do 2022-10-20 18:00:23 -07:00
colin
f3bec7bf0a lightdm-mobile-greeter: include .desktop file in output 2022-10-20 07:19:49 -07:00
colin
e6adfe95fa phosh: use lightdm-mobile-greeter 
untested, so probably need to change the .desktop path
 2022-10-20 05:03:30 -07:00
colin
70d1e14cf8 package lightdm-mobile-greeter 2022-10-20 02:30:58 -07:00
colin
4752371b43 phosh: disable the greeter 
none of them work without a keyboard
 2022-10-19 08:12:56 -07:00
colin
3e7c112548 phosh: try using the lightdm greeter 2022-10-19 05:18:13 -07:00
colin
a2856a3601 gnome: use deterministic uids/gids (fixes gnome gui build) 2022-10-19 03:56:52 -07:00
colin
53d8bdc0ea sway: enable Alt+L to lock the screen 2022-10-18 23:34:41 -07:00
colin
94a6ca82f3 sway: enable login prompt/greeter 2022-10-18 22:53:13 -07:00
colin
10e9daa085 git: enable git difftool to use difftastic 2022-10-18 19:46:24 -07:00
colin
e11f903aec create/deply ~/private: an encrypted filesystem 
it uses gocryptfs -- a newer alternative to EncFS -- to encrypt
paths and data (but not metadata) onto an underlying backing filesystem
 2022-10-18 05:29:36 -07:00
colin
98c2ac21fe zsh: do not remember rm commands 2022-10-17 18:22:28 -07:00
colin
52fe0c7523 enable programs to propagate zsh completions, as suggested by home-manager 2022-10-17 18:21:56 -07:00
colin
825b3e4067 flake update: nixpkgs 2022-10-13 -> 2022-10-14 
```
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/ba187fbdc5e35322c7dff556ef2c47bddfd6e8d7' (2022-10-13)
  → 'github:NixOS/nixpkgs/4428e23312933a196724da2df7ab78eb5e67a88e' (2022-10-14)
```
 2022-10-15 07:07:23 -07:00
colin
674f852393 freshrss shebang fix: point to upstream PR 2022-10-15 07:04:13 -07:00
colin
fdb77ac588 matrix-appservice-discord: remove 
i use mx-puppet now. it works better and requires no patching (at least
yet. maybe it will in the future to support threads).
 2022-10-15 02:25:57 -07:00
colin
05cb85fd9b freshrss: import my feeds on start 
it's a little clunky in that it seems to need some refreshes
before it gets them, but it works.
 2022-10-15 01:41:53 -07:00
colin
8f0a270154 readme: document how to build nixpkgs and cross packages 2022-10-15 01:28:30 -07:00
colin
fae87d3fbc servo: pleroma: switch logging from debug -> warn 2022-10-15 00:39:55 -07:00
colin
75ae16aaab feeds: refactor 2022-10-14 22:37:02 -07:00
colin
8a1ea79f1f feeds: simplify/abstract the OPML generation 2022-10-14 09:37:40 -07:00
colin
b25f270f48 feeds: convert to ordinary nix expression instead of config/options 
there's no real reason for it to be externally configurable at this
level.
 2022-10-14 09:02:50 -07:00
colin
e023f48c52 publish latest uninsane blog (nixos upstreaming) 2022-10-14 08:04:41 -07:00
colin
3d7a63e4f9 nautilus: patch gtk4 settings schema bug via upstream PR 2022-10-14 07:10:35 -07:00
colin
d296475e64 home: add cdrtools to rip CDs 2022-10-14 04:21:00 -07:00
colin
f031e489a3 nautilus: look for the gtk4 FileChooser settings instead of the gtk4 one 2022-10-14 01:15:33 -07:00
colin
699204c5f5 git: disable difftastic until i find how to make it more usable 2022-10-14 01:10:23 -07:00
colin
b25528ecd7 Merge branch 'staging/nixpkgs-2022-10-14' 2022-10-13 22:16:06 -07:00
colin
130dd3f895 freshrss: patch in correct shebangs 2022-10-13 22:15:30 -07:00
colin
fcf60bae35 servo: persist the freshrss data 2022-10-13 21:49:54 -07:00
colin
5b5187bd03 flake update: nixpkgs 2022-10-09 -> 2022-10-13, others 
```
• Updated input 'mobile-nixos':
    'github:nixos/mobile-nixos/0bf9b6da8c4d0ee31c3e988c99893de4da7df74a' (2022-10-10)
  → 'github:nixos/mobile-nixos/e4b6f680b2a4f29f087a7c1299c11499d1a367b6' (2022-10-14)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/34c5293a71ffdb2fe054eb5288adc1882c1eb0b1' (2022-10-09)
  → 'github:NixOS/nixpkgs/ba187fbdc5e35322c7dff556ef2c47bddfd6e8d7' (2022-10-13)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/e179d1e57ad07f1294dcc29ad5283b214a6ae21e' (2022-10-10)
  → 'github:NixOS/nixpkgs/e06bd4b64bbfda91d74f13cb5eca89485d47528f' (2022-10-12)
• Updated input 'uninsane':
    'git+https://git.uninsane.org/colin/uninsane?ref=refs%2fheads%2fmaster&rev=25df079540cb669fb5e735631fe03a4d113d1c73' (2022-10-11)
  → 'git+https://git.uninsane.org/colin/uninsane?ref=refs%2fheads%2fmaster&rev=70e7d8e94a6240a5ce976bbc514e0979b7178190' (2022-10-14)
```
 2022-10-13 21:41:02 -07:00
colin
43123e78cb servo: use user/group names instead of ids for service dir ownership 2022-10-13 18:00:59 -07:00
colin
9305d44fde servo: add freshrss service 2022-10-13 17:52:43 -07:00
colin
ac0d7cc1e5 flake update: nixpkgs: 2022-10-08; uninsane updated 
```
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/c5924154f000e6306030300592f4282949b2db6c' (2022-10-08)
  → 'github:NixOS/nixpkgs/34c5293a71ffdb2fe054eb5288adc1882c1eb0b1' (2022-10-09)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/9282141c8bc05568ec0e342eac39df72603aa9fa' (2022-10-09)
  → 'github:NixOS/nixpkgs/e179d1e57ad07f1294dcc29ad5283b214a6ae21e' (2022-10-10)
• Updated input 'uninsane':
    'git+https://git.uninsane.org/colin/uninsane?ref=refs%2fheads%2fmaster&rev=ea196acf408451150a86d4d41114be04529eaf41' (2022-10-11)
  → 'git+https://git.uninsane.org/colin/uninsane?ref=refs%2fheads%2fmaster&rev=25df079540cb669fb5e735631fe03a4d113d1c73' (2022-10-11)
```
 2022-10-11 21:24:41 -07:00
colin
711778a975 servo: nginx stateless deployment of the main blog 
i.e. no need to run `make publish` when rebuilding the blog anymore.
instead, push blog changes, then `nix flake update; nixos-rebuild switch`
 2022-10-11 05:27:51 -07:00
colin
590c81c5db update uninsane-dot-org dependency 2022-10-11 05:16:20 -07:00
colin
e858afea72 add uninsane.org sources as a flake input 
one can build the site from here with:

```
nix build '.#uninsane.uninsane-dot-org'
```
 2022-10-11 03:22:40 -07:00
colin
4abac0162f remove impermanence nixpkgs override 2022-10-11 02:20:36 -07:00
colin
8fa591229f env: RSS: simplify implementation 2022-10-11 02:05:27 -07:00
colin
a118e17b32 home: RSS: specify feeds in a friendlier schema 2022-10-11 01:50:46 -07:00
colin
8afe0c0be5 env: RSS populate a .opml file which can be manually imported into NewsFlash 2022-10-11 01:30:17 -07:00
colin
aa6153aa56 newsflash: persist data dir 2022-10-11 01:30:10 -07:00
colin
69a7e2fae1 home: add newsflash (RSS viewer) 
it's configurable via OPML in the UI, maybe possible to hack in a CLI
if i code against the underlying library/API
 2022-10-10 18:57:37 -07:00
colin
eec4e288f3 gpodder: fix \n instead of actual newline in generated OPML 2022-10-10 18:35:27 -07:00
colin
f84e451a9e home: switch back to vlc for audio 2022-10-10 17:30:29 -07:00
colin
dacbfa0493 users: allow moby to ssh into any device 2022-10-10 17:27:01 -07:00
colin
fbd8a70102 flake: plumb my nixpkgs through to dependencies 2022-10-10 17:19:57 -07:00
colin
17b6dc56bd flake update: mobile-nixos: 2022-10-04 -> 2022-10-10 
```
• Updated input 'mobile-nixos':
    'github:nixos/mobile-nixos/ca872f1a617674c4045e880aab8a45037e73700b' (2022-10-04)
  → 'github:nixos/mobile-nixos/0bf9b6da8c4d0ee31c3e988c99893de4da7df74a' (2022-10-10)
```
 2022-10-10 17:17:33 -07:00
colin
f464a80541 net: rename iphone SSID 2022-10-10 04:54:02 -07:00
colin
f663243ad4 net: nit: normalize the SSID_PLAINTEXT field 2022-10-09 23:28:52 -07:00
colin
94d9348b73 net: fix missing [Security] section for iphone.psk 2022-10-09 23:28:31 -07:00
colin
6a44432d3f home: configure mpv as default audio player 2022-10-09 18:37:19 -07:00
colin
9047aec7e9 home: clean up xdg/mime-types definitions 2022-10-09 17:42:48 -07:00
colin
b702031ddf home: remove unused packages rmlint and gnome-podcasts 2022-10-09 17:36:32 -07:00
colin
d5686426bf remove old dart update patch 2022-10-09 17:02:23 -07:00
colin
85e249913a update: nixpkgs 2022-10-06 -> 2022-10-08 2022-10-09 17:01:48 -07:00
colin
d50b8c1315 env: split RSS feeds out of home-manager 2022-10-09 05:43:53 -07:00
colin
336301258f enable difftastic git rendering 2022-10-09 04:43:39 -07:00
colin
645ca3764b vim: disable mouse mode by default >.> 2022-10-08 23:17:26 -07:00
colin
22602283c9 browser: gracefully handle OCSP outages 2022-10-08 21:54:00 -07:00
colin
39b963e87b flake update: sops and its deps 
```
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/912f9ff41fd9353dec1f783170793699789fe9aa' (2022-09-26)
  → 'github:Mic92/sops-nix/0ce0449e6404c4ff9d1b7bd657794ae5ca54deb3' (2022-10-09)
• Updated input 'sops-nix/nixpkgs':
    'github:NixOS/nixpkgs/ff9793cfd1a25145a7e591af604675b3d6f68987' (2022-09-26)
  → 'github:NixOS/nixpkgs/7b06206fa24198912cea58de690aa4943f238fbf' (2022-10-08)
• Updated input 'sops-nix/nixpkgs-22_05':
    'github:NixOS/nixpkgs/00f877f4927b6f7d7b75731b5a1e2ae7324eaf14' (2022-09-26)
  → 'github:NixOS/nixpkgs/b3783bcfb8ec54e0de26feccfc6cc36b8e202ed5' (2022-10-09)
```

the only change appears to be that sops updated its own reference to
nixpkgs.
 2022-10-08 21:43:41 -07:00
colin
1a5f1260e2 Merge branch 'staging/2022-10-08-flutter-update' 2022-10-08 21:39:37 -07:00
colin
f64c44716e home: persist fractal IM data 2022-10-08 05:42:02 -07:00
colin
b2b61d2889 net: hex-encode the home network names. 
otherwise iwd doesn't seem to understand them?
 2022-10-07 20:39:26 -07:00
colin
4f05a00e4a RSS: add Doomberg 2022-10-07 20:13:26 -07:00
97 changed files with 2088 additions and 2225 deletions
Expand all files Collapse all files

14
.sops.yaml
View File

@@ -23,6 +23,7 @@ creation_rules:
key_groups:
- age:
- *user_desko_colin
- *user_lappy_colin
- *user_servo_colin
- *host_servo
- path_regex: secrets/desko.yaml$
@@ -31,3 +32,16 @@ creation_rules:
- *user_desko_colin
- *user_lappy_colin
- *host_desko
- path_regex: secrets/lappy.yaml$
key_groups:
- age:
- *user_lappy_colin
- *user_desko_colin
- *host_lappy
- path_regex: secrets/moby.yaml$
key_groups:
- age:
- *user_desko_colin
- *user_lappy_colin
- *user_moby_colin
- *host_moby

16
TODO.md
View File

@@ -1,16 +0,0 @@
# features/tweaks
- emoji picker application
- find a Masto/Pleroma app which works on mobile
- remove hardcoded uid/gids outside of allocations.nix (used in impermanence code -- replace with username/groupname)
# speed up cross compiling
- <https://nixos.wiki/wiki/Cross_Compiling>
- <https://nixos.wiki/wiki/NixOS_on_ARM>
```nix
overlays = [{ ... }: {
nixpkgs.crossSystem.system = "aarch64-linux";
}];
```
- <https://github.com/nix-community/aarch64-build-box>
- apply for access to the community arm build box

112
flake.lock generated
View File

@@ -1,5 +1,20 @@
{
"nodes": {
"flake-utils": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@@ -7,11 +22,11 @@
]
},
"locked": {
"lastModified": 1656169755,
"narHash": "sha256-Nlnm4jeQWEGjYrE6hxi/7HYHjBSZ/E0RtjCYifnNsWk=",
"lastModified": 1665996265,
"narHash": "sha256-/k9og6LDBQwT+f/tJ5ClcWiUl8kCX5m6ognhsAxOiCY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "4a3d01fb53f52ac83194081272795aa4612c2381",
"rev": "b81e128fc053ab3159d7b464d9b7dedc9d6a6891",
"type": "github"
},
"original": {
@@ -39,11 +54,11 @@
"mobile-nixos": {
"flake": false,
"locked": {
"lastModified": 1664852186,
"narHash": "sha256-t0FhmTf3qRs8ScR8H9Rq7FAxptNELLSpxZG2ALL1HnE=",
"lastModified": 1667160126,
"narHash": "sha256-YRgxMHdvMuLsuXCaKs5YNMD6NKgvcATSjfi9YkUOOLk=",
"owner": "nixos",
"repo": "mobile-nixos",
"rev": "ca872f1a617674c4045e880aab8a45037e73700b",
"rev": "da56c338a2b00c868697b75bdbd388f60d50c820",
"type": "github"
},
"original": {
@@ -54,11 +69,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1665081174,
"narHash": "sha256-6hsmzdhdy8Kbvl5e0xZNE83pW3fKQvNiobJkM6KQrgA=",
"lastModified": 1667050928,
"narHash": "sha256-xOn0ZgjImIyeecEsrjxuvlW7IW5genTwvvnDQRFncB8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "598f83ebeb2235435189cf84d844b8b73e858e0f",
"rev": "fdebb81f45a1ba2c4afca5fd9f526e1653ad0949",
"type": "github"
},
"original": {
@@ -69,11 +84,11 @@
},
"nixpkgs-22_05": {
"locked": {
"lastModified": 1664201777,
"narHash": "sha256-cUW9DqELUNi1jNMwVSbfq4yl5YGyOfeu+UHUUImbby0=",
"lastModified": 1667091951,
"narHash": "sha256-62sz0fn06Nq8OaeBYrYSR3Y6hUcp8/PC4dJ7HeGaOhU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "00f877f4927b6f7d7b75731b5a1e2ae7324eaf14",
"rev": "6440d13df2327d2db13d3b17e419784020b71d22",
"type": "github"
},
"original": {
@@ -85,11 +100,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1665132027,
"narHash": "sha256-zoHPqSQSENt96zTk6Mt1AP+dMNqQDshXKQ4I6MfjP80=",
"lastModified": 1667125965,
"narHash": "sha256-z/OLvPwIhwdN9J+ED/0rPz/Wh/0sPuvczURwsiEENSQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9ecc270f02b09b2f6a76b98488554dd842797357",
"rev": "26eb67abc9a7370a51fcb86ece18eaf19ae9207f",
"type": "github"
},
"original": {
@@ -98,22 +113,6 @@
"type": "indirect"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1664177230,
"narHash": "sha256-eyo88ffm16I0K9cdcePbOsQg4MDjf1EgIdkGTLB/7iA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ff9793cfd1a25145a7e591af604675b3d6f68987",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"home-manager": "home-manager",
@@ -121,20 +120,40 @@
"mobile-nixos": "mobile-nixos",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable",
"sops-nix": "sops-nix"
"rycee": "rycee",
"sops-nix": "sops-nix",
"uninsane": "uninsane"
}
},
"rycee": {
"flake": false,
"locked": {
"lastModified": 1667016180,
"narHash": "sha256-aOyT8yG49cGqHVzQFbl+XgJ7p83yHpAAfaHDtQCVdJ4=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "5fb3c4733c00a7e7be69877d057f6760d85cecb8",
"type": "gitlab"
},
"original": {
"owner": "rycee",
"repo": "nur-expressions",
"type": "gitlab"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_2",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-22_05": "nixpkgs-22_05"
},
"locked": {
"lastModified": 1664204020,
"narHash": "sha256-LAey3hr8b9EAt3n304Wt9Vm4uQFd8pSRtLX8leuYFDs=",
"lastModified": 1667102919,
"narHash": "sha256-DP5j4TwXe96eZf0PLgYSj1Hdyt7SPUoQ003iNBQSKpQ=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "912f9ff41fd9353dec1f783170793699789fe9aa",
"rev": "448ec3e7eb7c7e4563cc2471db748a71baaf9698",
"type": "github"
},
"original": {
@@ -142,6 +161,27 @@
"repo": "sops-nix",
"type": "github"
}
},
"uninsane": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1666870107,
"narHash": "sha256-b9eXZxSwhzdJI5uQgfrMhu4SY2POrPkinUg7F5gQVYo=",
"ref": "refs/heads/master",
"rev": "80c6ec95bd430e29d231cf745f19279bb76fb382",
"revCount": 164,
"type": "git",
"url": "https://git.uninsane.org/colin/uninsane"
},
"original": {
"type": "git",
"url": "https://git.uninsane.org/colin/uninsane"
}
}
},
"root": "root",

50
flake.nix
View File

@@ -14,13 +14,32 @@
url = "github:nix-community/home-manager/release-22.05";
inputs.nixpkgs.follows = "nixpkgs";
};
# TODO: set these up to follow our nixpkgs?
sops-nix.url = "github:Mic92/sops-nix";
rycee = {
url = "gitlab:rycee/nur-expressions";
flake = false;
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
impermanence.url = "github:nix-community/impermanence";
uninsane = {
url = "git+https://git.uninsane.org/colin/uninsane";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, nixpkgs-stable, mobile-nixos, home-manager, sops-nix, impermanence }:
let
outputs = {
self,
nixpkgs,
nixpkgs-stable,
mobile-nixos,
home-manager,
rycee,
sops-nix,
impermanence,
uninsane
}: let
patchedPkgs = system: nixpkgs.legacyPackages.${system}.applyPatches {
name = "nixpkgs-patched-uninsane";
src = nixpkgs;
@@ -40,15 +59,15 @@
specialArgs = { inherit mobile-nixos home-manager impermanence; };
modules = [
./modules
./machines/${name}
(import ./helpers/set-hostname.nix name)
(import ./machines/instantiate.nix name)
home-manager.nixosModule
impermanence.nixosModule
sops-nix.nixosModules.sops
{
nixpkgs.config.allowUnfree = true;
nixpkgs.overlays = [
(import "${mobile-nixos}/overlay/overlay.nix")
(import "${rycee}/overlay.nix")
uninsane.overlay
(import ./pkgs/overlay.nix)
(next: prev: rec {
# non-emulated packages build *from* local *for* target.
@@ -57,7 +76,10 @@
cross = (nixpkgsFor local target) // (customPackagesFor local target);
stable = import nixpkgs-stable { system = target; };
# pinned packages:
electrum = stable.electrum;
electrum = stable.electrum; # 2022-10-10: build break
sequoia = stable.sequoia; # 2022-10-13: build break
# cross-compatible packages
gocryptfs = cross.gocryptfs;
})
];
}
@@ -94,8 +116,16 @@
in {
nixosConfigurations = builtins.mapAttrs (name: value: value.nixosConfiguration) machines;
imgs = builtins.mapAttrs (name: value: value.img) machines;
packages.x86_64-linux = customPackagesFor "x86_64-linux" "x86_64-linux";
packages.aarch64-linux = customPackagesFor "aarch64-linux" "aarch64-linux";
packages = let
allPkgsFor = sys: (customPackagesFor sys sys) // {
nixpkgs = nixpkgsFor sys sys;
uninsane = uninsane.packages."${sys}";
rycee = (import "${rycee}/default.nix" { pkgs = nixpkgsFor sys sys; });
};
in {
x86_64-linux = allPkgsFor "x86_64-linux";
aarch64-linux = allPkgsFor "aarch64-linux";
};
};
}

4
helpers/set-hostname.nix
View File

@@ -1,4 +0,0 @@
hostName: { ... }:
{
networking.hostName = hostName;
}

5
machines/desko/default.nix
View File

@@ -18,6 +18,11 @@
users.users.usbmux.uid = config.sane.allocations.usbmux-uid;
users.groups.usbmux.gid = config.sane.allocations.usbmux-gid;
sops.secrets.colin-passwd = {
sopsFile = ../../secrets/desko.yaml;
neededForUsers = true;
};
# default config: https://man.archlinux.org/man/snapper-configs.5
# defaults to something like:
# - hourly snapshots

11
machines/instantiate.nix Normal file
View File

@@ -0,0 +1,11 @@
# trampoline from flake.nix into the specific machine definition, while doing a tiny bit of common setup
hostName: { ... }: {
imports = [
./${hostName}
];
networking.hostName = hostName;
nixpkgs.config.allowUnfree = true;
}

5
machines/lappy/default.nix
View File

@@ -11,6 +11,11 @@
boot.loader.efi.canTouchEfiVariables = false;
sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];
sops.secrets.colin-passwd = {
sopsFile = ../../secrets/lappy.yaml;
neededForUsers = true;
};
# default config: https://man.archlinux.org/man/snapper-configs.5
# defaults to something like:
# - hourly snapshots

10
machines/moby/default.nix
View File

@@ -13,10 +13,16 @@
# TODO: we could *maybe* inject pkgs.buildPackages.xyz = cross.buildPackages.xyz?
documentation.nixos.enable = false;
# XXX colin: phosh doesn't work well with passwordless login
# XXX colin: phosh doesn't work well with passwordless login,
# so set this more reliable default password should anything go wrong
users.users.colin.initialPassword = "147147";
services.getty.autologinUser = "root"; # allows for emergency maintenance?
sops.secrets.colin-passwd = {
sopsFile = ../../secrets/moby.yaml;
neededForUsers = true;
};
# usability compromises
sane.impermanence.home-dirs = [
".librewolf"
@@ -75,7 +81,5 @@
environment.variables.ALSA_CONFIG_UCM2 = "${./ucm2}";
systemd.services.pulseaudio.environment.ALSA_CONFIG_UCM2 = "${./ucm2}";
users.groups.feedbackd.gid = config.sane.allocations.feedbackd-gid;
hardware.opengl.driSupport = true;
}

5
machines/servo/default.nix
View File

@@ -9,10 +9,11 @@
./services
];
sane.home-manager.enable = true;
sane.home-manager.extraPackages = [
# for administering matrix
# for administering services
pkgs.matrix-synapse
pkgs.freshrss
pkgs.goaccess
];
sane.impermanence.enable = true;
sane.services.duplicity.enable = true;

2
machines/servo/services/default.nix
View File

@@ -2,7 +2,9 @@
{
imports = [
./ddns-he.nix
./freshrss.nix
./gitea.nix
./goaccess.nix
./ipfs.nix
./jackett.nix
./jellyfin.nix

48
machines/servo/services/freshrss.nix Normal file
View File

@@ -0,0 +1,48 @@
# import feeds with e.g.
# ```console
# $ nix build '.#nixpkgs.freshrss'
# $ sudo -u freshrss -g freshrss FRESHRSS_DATA_PATH=/var/lib/freshrss ./result/cli/import-for-user.php --user admin --filename /home/colin/.config/newsflashFeeds.opml
# ```
#
# export feeds with
# ```console
# $ sudo -u freshrss -g freshrss FRESHRSS_DATA_PATH=/var/lib/freshrss ./result/cli/export-opml-for-user.php --user admin
# ```
{ config, lib, pkgs, ... }:
{
sops.secrets.freshrss_passwd = {
sopsFile = ../../../secrets/servo.yaml;
owner = config.users.users.freshrss.name;
mode = "400";
};
sane.impermanence.service-dirs = [
{ user = "freshrss"; group = "freshrss"; directory = "/var/lib/freshrss"; }
];
users.users.freshrss.uid = config.sane.allocations.freshrss-uid;
users.groups.freshrss.gid = config.sane.allocations.freshrss-gid;
services.freshrss.enable = true;
services.freshrss.baseUrl = "https://rss.uninsane.org";
services.freshrss.virtualHost = "rss.uninsane.org";
services.freshrss.passwordFile = config.sops.secrets.freshrss_passwd.path;
systemd.services.freshrss-import-feeds =
let
fresh = config.systemd.services.freshrss-config;
feeds = import ../../../modules/universal/home-manager/feeds.nix { inherit lib; };
opml = pkgs.writeText "sane-freshrss.opml" (feeds.feedsToOpml feeds.all);
in {
inherit (fresh) wantedBy environment;
serviceConfig = {
inherit (fresh.serviceConfig) Type User Group StateDirectory WorkingDirectory
# hardening options
CapabilityBoundingSet DeviceAllow LockPersonality NoNewPrivileges PrivateDevices PrivateTmp PrivateUsers ProcSubset ProtectClock ProtectControlGroups ProtectHome ProtectHostname ProtectKernelLogs ProtectKernelModules ProtectKernelTunables ProtectProc ProtectSystem RemoveIPC RestrictNamespaces RestrictRealtime RestrictSUIDSGID SystemCallArchitectures SystemCallFilter UMask;
};
description = "import sane RSS feed list";
after = [ "freshrss-config.service" ];
script = ''
${pkgs.freshrss}/cli/import-for-user.php --user admin --filename ${opml}
'';
};
}

44
machines/servo/services/goaccess.nix Normal file
View File

@@ -0,0 +1,44 @@
{ pkgs, ... }:
{
# based on <https://bytes.fyi/real-time-goaccess-reports-with-nginx/>
# log-format setting can be derived with this tool if custom:
# - <https://github.com/stockrt/nginx2goaccess>
# config options:
# - <https://github.com/allinurl/goaccess/blob/master/config/goaccess.conf>
systemd.services.goaccess = {
description = "GoAccess server monitoring";
serviceConfig = {
ExecStart = ''
${pkgs.goaccess}/bin/goaccess \
-f /var/log/nginx/public.log \
--log-format=VCOMBINED \
--real-time-html \
--no-query-string \
--anonymize-ip \
--ignore-panel=HOSTS \
--ws-url=wss://sink.uninsane.org:443/ws \
--port=7890 \
-o /var/lib/uninsane/sink/index.html
'';
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
Type = "simple";
Restart = "on-failure";
# hardening
WorkingDirectory = "/tmp";
NoNewPrivileges = true;
PrivateTmp = true;
ProtectHome = "read-only";
ProtectSystem = "strict";
SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @privileged @reboot @resources @setuid @swap @raw-io";
ReadOnlyPaths = "/";
ReadWritePaths = [ "/proc/self" "/var/lib/uninsane/sink" ];
PrivateDevices = "yes";
ProtectKernelModules = "yes";
ProtectKernelTunables = "yes";
};
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
};
}

1
machines/servo/services/matrix/default.nix
View File

@@ -4,7 +4,6 @@
{
imports = [
# ./discord-appservice.nix
./discord-puppet.nix
# ./irc.nix
];

69
machines/servo/services/matrix/discord-appservice.nix
View File

@@ -1,69 +0,0 @@
{ config, lib, ... }:
{
sane.impermanence.service-dirs = [
{ user = "matrix-appservice-discord"; group = "matrix-appservice-discord"; directory = "/var/lib/matrix-appservice-discord"; }
];
sops.secrets.matrix_appservice_discord_env = {
sopsFile = ../../../../secrets/servo/matrix_appservice_discord_env.bin;
owner = config.users.users.matrix-appservice-discord.name;
format = "binary";
};
services.matrix-synapse.settings.app_service_config_files = [
# auto-created by discord appservice
"/var/lib/matrix-appservice-discord/discord-registration.yaml"
];
# Discord bridging
# docs: https://github.com/matrix-org/matrix-appservice-discord
services.matrix-appservice-discord.enable = true;
services.matrix-appservice-discord.settings = {
bridge = {
homeserverUrl = "http://127.0.0.1:8008";
domain = "uninsane.org";
adminMxid = "admin.matrix@uninsane.org";
# self-service bridging is when a Matrix user bridges by DMing @_discord_bot:<HS>
# i don't know what the alternative is :?
enableSelfServiceBridging = true;
presenceInterval = 30000; # milliseconds
# allows matrix users to search for Discord channels (somehow?)
disablePortalBridging = false;
# disableReadReceipts = true;
# these are Matrix -> Discord
disableJoinLeaveNotifications = true;
disableInviteNotifications = true;
disableRoomTopicNotifications = true;
};
# these are marked as required in the yaml schema
auth = {
# apparently not needed if you provide them as env vars (below).
# clientId = "FILLME";
# botToken = "FILLME";
usePrivilegedIntents = false;
};
logging = {
# silly, verbose, info, http, warn, error, silent
console = "verbose";
};
};
# contains what's ordinarily put into auth.clientId, auth.botToken
# i.e. `APPSERVICE_DISCORD_AUTH_CLIENT_I_D=...` and `APPSERVICE_DISCORD_AUTH_BOT_TOKEN=...`
services.matrix-appservice-discord.environmentFile = config.sops.secrets.matrix_appservice_discord_env.path;
systemd.services.matrix-appservice-discord.serviceConfig = {
# fix up to not use /var/lib/private, but just /var/lib
DynamicUser = lib.mkForce false;
User = "matrix-appservice-discord";
Group = "matrix-appservice-discord";
};
users.groups.matrix-appservice-discord = {};
users.users.matrix-appservice-discord = {
description = "User for the Matrix-Discord bridge";
group = "matrix-appservice-discord";
isSystemUser = true;
};
users.users.matrix-appservice-discord.uid = 2134; # TODO: move to allocations
users.groups.matrix-appservice-discord.gid = 2134; # TODO
}

59
machines/servo/services/nginx.nix
View File

@@ -1,18 +1,40 @@
# docs: https://nixos.wiki/wiki/Nginx
{ config, pkgs, ... }:
let
# make the logs for this host "public" so that they show up in e.g. metrics
publog = vhost: vhost // {
extraConfig = (vhost.extraConfig or "") + ''
access_log /var/log/nginx/public.log vcombined;
'';
};
in
{
services.nginx.enable = true;
# this is the standard `combined` log format, with the addition of $host
# so that we have the virtualHost in the log.
# KEEP IN SYNC WITH GOACCESS
# goaccess calls this VCOMBINED:
# - <https://gist.github.com/jyap808/10570005>
services.nginx.commonHttpConfig = ''
log_format vcombined '$host:$server_port $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referrer" "$http_user_agent"';
access_log /var/log/nginx/private.log vcombined;
'';
# web blog/personal site
services.nginx.virtualHosts."uninsane.org" = {
root = "/var/lib/uninsane/root";
services.nginx.virtualHosts."uninsane.org" = publog {
root = "${pkgs.uninsane-dot-org}/share/uninsane-dot-org";
# a lot of places hardcode https://uninsane.org,
# and then when we mix http + non-https, we get CORS violations
# and things don't look right. so force SSL.
forceSSL = true;
enableACME = true;
# uninsane.org/share/foo => /var/lib/uninsane/root/share/foo.
# yes, nginx does not strip the prefix when evaluating against the root.
locations."/share".root = "/var/lib/uninsane/root";
# allow matrix users to discover that @user:uninsane.org is reachable via matrix.uninsane.org
locations."= /.well-known/matrix/server".extraConfig =
let
@@ -53,8 +75,28 @@
# };
};
# server statistics
services.nginx.virtualHosts."sink.uninsane.org" = {
addSSL = true;
enableACME = true;
root = "/var/lib/uninsane/sink";
locations."/ws" = {
proxyPass = "http://127.0.0.1:7890";
# XXX not sure how much of this is necessary
extraConfig = ''
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_buffering off;
proxy_read_timeout 7d;
'';
};
};
# Pleroma server and web interface
services.nginx.virtualHosts."fed.uninsane.org" = {
services.nginx.virtualHosts."fed.uninsane.org" = publog {
addSSL = true;
enableACME = true;
locations."/" = {
@@ -115,7 +157,7 @@
};
# matrix chat server
services.nginx.virtualHosts."matrix.uninsane.org" = {
services.nginx.virtualHosts."matrix.uninsane.org" = publog {
addSSL = true;
enableACME = true;
@@ -156,7 +198,7 @@
};
# hosted git (web view and for `git <cmd>` use
services.nginx.virtualHosts."git.uninsane.org" = {
services.nginx.virtualHosts."git.uninsane.org" = publog {
addSSL = true;
enableACME = true;
@@ -219,6 +261,12 @@
locations."/".proxyPass = "http://127.0.0.1:4533";
};
services.nginx.virtualHosts."rss.uninsane.org" = {
addSSL = true;
enableACME = true;
# the routing is handled by freshrss.nix
};
services.nginx.virtualHosts."ipfs.uninsane.org" = {
# don't default to ssl upgrades, since this may be dnslink'd from a different domain.
# ideally we'd disable ssl entirely, but some places assume it?
@@ -266,6 +314,7 @@
sane.impermanence.service-dirs = [
# TODO: mode?
{ user = "acme"; group = "acme"; directory = "/var/lib/acme"; }
# TODO: this is overly broad; only need media and share directories to be persisted
{ user = "colin"; group = "users"; directory = "/var/lib/uninsane"; }
];
}

7
machines/servo/services/pleroma.nix
View File

@@ -74,9 +74,10 @@
config :pleroma, configurable_from_database: false
# strip metadata from uploaded images
config :pleroma, Pleroma.Upload, filters: [Pleroma.Upload.Filter.Exiftool]
config :pleroma, Pleroma.Upload, filters: [Pleroma.Upload.Filter.Exiftool.StripLocation]
# TODO: GET /api/pleroma/captcha is broken
# there was a nixpkgs PR to fix this around 2022/10 though.
config :pleroma, Pleroma.Captcha,
enabled: false,
method: Pleroma.Captcha.Native
@@ -92,8 +93,8 @@
backends: [{ExSyslogger, :ex_syslogger}]
config :logger, :ex_syslogger,
level: :debug
# level: :warn
level: :warn
# level: :debug
# XXX colin: not sure if this actually _does_ anything
config :pleroma, :emoji,

6
machines/servo/services/postfix.nix
View File

@@ -18,8 +18,12 @@ in
{
sane.impermanence.service-dirs = [
# TODO: mode? could be more granular
{ user = "221"; group = "221"; directory = "/var/lib/opendkim"; }
{ user = "opendkim"; group = "opendkim"; directory = "/var/lib/opendkim"; }
{ user = "root"; group = "root"; directory = "/var/lib/postfix"; }
{ user = "root"; group = "root"; directory = "/var/spool/mail"; }
# *probably* don't need these dirs:
# "/var/lib/dhparams" # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/security/dhparams.nix
# "/var/lib/dovecot"
];
services.postfix.enable = true;
services.postfix.hostname = "mx.uninsane.org";

2
machines/servo/services/postgres.nix
View File

@@ -3,7 +3,7 @@
{
sane.impermanence.service-dirs = [
# TODO: mode?
{ user = "71"; group = "71"; directory = "/var/lib/postgresql"; }
{ user = "postgres"; group = "postgres"; directory = "/var/lib/postgresql"; }
];
services.postgresql.enable = true;
# services.postgresql.dataDir = "/opt/postgresql/13";

2
machines/servo/services/transmission.nix
View File

@@ -3,7 +3,7 @@
{
sane.impermanence.service-dirs = [
# TODO: mode? we need this specifically for the stats tracking in .config/
{ user = "70"; group = "70"; directory = "/var/lib/transmission"; }
{ user = "transmission"; group = "transmission"; directory = "/var/lib/transmission"; }
];
services.transmission.enable = true;
services.transmission.settings = {

3
modules/default.nix
View File

@@ -7,8 +7,7 @@
./image.nix
./impermanence.nix
./nixcache.nix
./services/duplicity.nix
./services/nixserve.nix
./services
./universal
];
}

1
modules/gui/default.nix
View File

@@ -22,7 +22,6 @@ in
config = lib.mkIf cfg.enable {
sane.home-packages.enableGuiPkgs = lib.mkDefault true;
sane.home-manager.enable = lib.mkDefault true;
# all GUIs use network manager?
users.users.nm-iodine.uid = config.sane.allocations.nm-iodine-uid;
};

10
modules/gui/gnome.nix
View File

@@ -14,6 +14,16 @@ in
config = mkIf cfg.enable {
sane.gui.enable = true;
users.users.avahi.uid = config.sane.allocations.avahi-uid;
users.groups.avahi.gid = config.sane.allocations.avahi-gid;
users.users.colord.uid = config.sane.allocations.colord-uid;
users.groups.colord.gid = config.sane.allocations.colord-gid;
users.users.geoclue.uid = config.sane.allocations.geoclue-uid;
users.groups.geoclue.gid = config.sane.allocations.geoclue-gid;
users.users.rtkit.uid = config.sane.allocations.rtkit-uid;
users.groups.rtkit.gid = config.sane.allocations.rtkit-gid;
# start gnome/gdm on boot
services.xserver.enable = true;
services.xserver.desktopManager.gnome.enable = true;

128
modules/gui/phosh.nix
View File

@@ -10,60 +10,100 @@ in
default = false;
type = types.bool;
};
sane.gui.phosh.useGreeter = mkOption {
description = ''
launch phosh via a greeter (like lightdm-mobile-greeter).
phosh is usable without a greeter, but skipping the greeter means no PAM session.
'';
default = true;
type = types.bool;
};
};
config = mkIf cfg.enable {
sane.gui.enable = true;
config = mkIf cfg.enable (mkMerge [
{
sane.gui.enable = true;
users.users.avahi.uid = config.sane.allocations.avahi-uid;
users.users.colord.uid = config.sane.allocations.colord-uid;
users.users.geoclue.uid = config.sane.allocations.geoclue-uid;
users.users.rtkit.uid = config.sane.allocations.rtkit-uid;
users.groups.avahi.gid = config.sane.allocations.avahi-gid;
users.groups.colord.gid = config.sane.allocations.colord-gid;
users.groups.geoclue.gid = config.sane.allocations.geoclue-gid;
users.groups.rtkit.gid = config.sane.allocations.rtkit-gid;
users.users.avahi.uid = config.sane.allocations.avahi-uid;
users.users.colord.uid = config.sane.allocations.colord-uid;
users.users.geoclue.uid = config.sane.allocations.geoclue-uid;
users.users.rtkit.uid = config.sane.allocations.rtkit-uid;
users.groups.avahi.gid = config.sane.allocations.avahi-gid;
users.groups.colord.gid = config.sane.allocations.colord-gid;
users.groups.feedbackd.gid = config.sane.allocations.feedbackd-gid;
users.groups.geoclue.gid = config.sane.allocations.geoclue-gid;
users.groups.rtkit.gid = config.sane.allocations.rtkit-gid;
# docs: https://github.com/NixOS/nixpkgs/blob/nixos-22.05/nixos/modules/services/x11/desktop-managers/phosh.nix
services.xserver.desktopManager.phosh = {
enable = true;
user = "colin";
group = "users";
phocConfig = {
# xwayland = "true";
# find default outputs by catting /etc/phosh/phoc.ini
outputs.DSI-1 = {
scale = 1.5;
# docs: https://github.com/NixOS/nixpkgs/blob/nixos-22.05/nixos/modules/services/x11/desktop-managers/phosh.nix
services.xserver.desktopManager.phosh = {
enable = true;
user = "colin";
group = "users";
phocConfig = {
# xwayland = "true";
# find default outputs by catting /etc/phosh/phoc.ini
outputs.DSI-1 = {
scale = 1.5;
};
};
};
};
# XXX: phosh enables networkmanager by default; can probably disable these lines
networking.useDHCP = false;
networking.networkmanager.enable = true;
networking.wireless.enable = lib.mkForce false;
# XXX: phosh enables networkmanager by default; can probably disable these lines
networking.useDHCP = false;
networking.networkmanager.enable = true;
networking.wireless.enable = lib.mkForce false;
# XXX: not clear if these are actually needed?
hardware.bluetooth.enable = true;
services.blueman.enable = true;
# XXX: not clear if these are actually needed?
hardware.bluetooth.enable = true;
services.blueman.enable = true;
hardware.opengl.enable = true;
hardware.opengl.driSupport = true;
hardware.opengl.enable = true;
hardware.opengl.driSupport = true;
environment.variables = {
# Qt apps won't always start unless this env var is set
QT_QPA_PLATFORM = "wayland";
# electron apps (e.g. Element) should use the wayland backend
# toggle this to have electron apps (e.g. Element) use the wayland backend.
# phocConfig.xwayland should be disabled if you do this
NIXOS_OZONE_WL = "1";
};
environment.variables = {
# Qt apps won't always start unless this env var is set
QT_QPA_PLATFORM = "wayland";
# electron apps (e.g. Element) should use the wayland backend
# toggle this to have electron apps (e.g. Element) use the wayland backend.
# phocConfig.xwayland should be disabled if you do this
NIXOS_OZONE_WL = "1";
};
sane.home-manager.extraPackages = with pkgs; [
phosh-mobile-settings
sane.home-manager.extraPackages = with pkgs; [
phosh-mobile-settings
# TODO: see about removing this if the in-built gnome-settings bluetooth manager can work
gnome.gnome-bluetooth
];
};
# TODO: see about removing this if the in-built gnome-settings bluetooth manager can work
gnome.gnome-bluetooth
];
}
(mkIf cfg.useGreeter {
services.xserver.enable = true;
# NB: setting defaultSession has the critical side-effect that it lets org.freedesktop.AccountsService
# know that our user exists. this ensures lightdm succeeds when calling /org/freedesktop/AccountsServices ListCachedUsers
# lightdm greeters get the login users from lightdm which gets it from org.freedesktop.Accounts.ListCachedUsers.
# this requires the user we want to login as to be cached.
services.xserver.displayManager.job.preStart = ''
${pkgs.systemd}/bin/busctl call org.freedesktop.Accounts /org/freedesktop/Accounts org.freedesktop.Accounts CacheUser s colin
'';
# services.xserver.displayManager.defaultSession = "sm.puri.Phosh"; # XXX: not sure why this doesn't propagate correctly.
services.xserver.displayManager.lightdm.extraSeatDefaults = ''
user-session = phosh
'';
services.xserver.displayManager.lightdm.greeters.gtk.enable = false; # gtk greeter overrides our own?
services.xserver.displayManager.lightdm.greeter = {
enable = true;
package = pkgs.lightdm-mobile-greeter.xgreeters;
name = "lightdm-mobile-greeter";
};
# services.xserver.displayManager.lightdm.enable = true;
# # services.xserver.displayManager.lightdm.greeters.enso.enable = true; # tried (with reboot); got a mouse then died. next time was black
# # services.xserver.displayManager.lightdm.greeters.gtk.enable = true; # tried (with reboot); unusable without OSK
# # services.xserver.displayManager.lightdm.greeters.mini.enable = true; # tried (with reboot); unusable without OSK
# # services.xserver.displayManager.lightdm.greeters.pantheon.enable = true; # tried (no reboot); unusable without OSK
# services.xserver.displayManager.lightdm.greeters.slick.enable = true; # tried; unusable without OSK (a11y -> OSK doesn't work)
# # services.xserver.displayManager.lightdm.greeters.tiny.enable = true; # tried; block screen
systemd.services.phosh.wantedBy = lib.mkForce []; # disable auto-start
})
]);
}

57
modules/gui/sway.nix
View File

@@ -11,6 +11,14 @@ in
default = false;
type = types.bool;
};
sane.gui.sway.useGreeter = mkOption {
description = ''
launch sway via a greeter (like greetd's gtkgreet).
sway is usable without a greeter, but skipping the greeter means no PAM session.
'';
default = true;
type = types.bool;
};
};
config = mkIf cfg.enable {
sane.gui.enable = true;
@@ -21,15 +29,33 @@ in
enable = true;
};
# TODO: should be able to use SDDM to get interactive login
services.greetd = {
enable = true;
settings = rec {
initial_session = {
# alternatively, could use SDDM
services.greetd = let
swayConfig-greeter = pkgs.writeText "greetd-sway-config" ''
# `-l` activates layer-shell mode.
exec "${pkgs.greetd.gtkgreet}/bin/gtkgreet -l -c sway"
'';
default_session = {
"01" = {
# greeter session config
command = "${pkgs.sway}/bin/sway --config ${swayConfig-greeter}";
# alternatives:
# - TTY: `command = "${pkgs.greetd.greetd}/bin/agreety --cmd ${pkgs.sway}/bin/sway";`
# - autologin: `command = "${pkgs.sway}/bin/sway"; user = "colin";`
# - Dumb Login (doesn't work)": `command = "${pkgs.greetd.dlm}/bin/dlm";`
};
"0" = {
# no greeter
command = "${pkgs.sway}/bin/sway";
user = "colin";
};
default_session = initial_session;
};
in {
# greetd source/docs:
# - <https://git.sr.ht/~kennylevinsen/greetd>
enable = true;
settings = {
default_session = default_session."0${builtins.toString cfg.useGreeter}";
};
};
@@ -88,21 +114,22 @@ in
"${modifier}+Return" = "exec ${terminal}";
"${modifier}+Shift+q" = "kill";
"${modifier}+d" = "exec ${menu}";
"${modifier}+l" = "exec ${pkgs.swaylock}/bin/swaylock --indicator-idle-visible --indicator-radius 100 --indicator-thickness 30";
"${modifier}+${left}" = "focus left";
"${modifier}+${down}" = "focus down";
"${modifier}+${up}" = "focus up";
"${modifier}+${right}" = "focus right";
# "${modifier}+${left}" = "focus left";
# "${modifier}+${down}" = "focus down";
# "${modifier}+${up}" = "focus up";
# "${modifier}+${right}" = "focus right";
"${modifier}+Left" = "focus left";
"${modifier}+Down" = "focus down";
"${modifier}+Up" = "focus up";
"${modifier}+Right" = "focus right";
"${modifier}+Shift+${left}" = "move left";
"${modifier}+Shift+${down}" = "move down";
"${modifier}+Shift+${up}" = "move up";
"${modifier}+Shift+${right}" = "move right";
# "${modifier}+Shift+${left}" = "move left";
# "${modifier}+Shift+${down}" = "move down";
# "${modifier}+Shift+${up}" = "move up";
# "${modifier}+Shift+${right}" = "move right";
"${modifier}+Shift+Left" = "move left";
"${modifier}+Shift+Down" = "move down";
@@ -572,7 +599,7 @@ in
};
sane.home-manager.extraPackages = with pkgs; [
swaylock
swayidle
swayidle # (unused)
wl-clipboard
mako # notification daemon
xdg-utils # for xdg-open

75
modules/impermanence.nix
View File

@@ -7,6 +7,8 @@
with lib;
let
cfg = config.sane.impermanence;
# taken from sops-nix code: checks if any secrets are needed to create /etc/shadow
secretsForUsers = (lib.filterAttrs (_: v: v.neededForUsers) config.sops.secrets) != {};
in
{
options = {
@@ -14,10 +16,6 @@ in
default = false;
type = types.bool;
};
sane.impermanence.home-files = mkOption {
default = [];
type = types.listOf types.str;
};
sane.impermanence.home-dirs = mkOption {
default = [];
type = types.listOf (types.either types.str (types.attrsOf types.str));
@@ -38,38 +36,17 @@ in
map-home-dirs = map-dirs { user = "colin"; group = "users"; mode = "0755"; directory = "/home/colin/"; };
map-sys-dirs = map-dirs { user = "root"; group = "root"; mode = "0755"; directory = ""; };
map-service-dirs = map-dirs { user = "root"; group = "root"; mode = "0755"; directory = ""; };
map-home-files = files: builtins.map (f: {
parentDirectory = {
user = "colin";
group = "users";
mode = "0755";
};
file = "/home/colin/${f}";
}) files;
in mkIf cfg.enable {
sane.image.extraDirectories = [ "/nix/persist/var/log" ];
environment.persistence."/nix/persist" = {
directories = (map-home-dirs ([
# cache is probably too big to fit on the tmpfs
# TODO: we could bind-mount it to something which gets cleared per boot, though.
".cache"
".cargo"
".rustup"
".ssh"
".local/share/keyrings"
# intentionally omitted:
# ".config" # managed by home-manager
# ".local" # nothing useful in here
] ++ cfg.home-dirs)) ++ (map-sys-dirs [
# TODO: this `0700` here clobbers the perms for /persist/etc, breaking boot on freshly-deployed devices
directories = (map-home-dirs cfg.home-dirs) ++ (map-sys-dirs [
# NB: this `0700` here clobbers the perms for /persist/etc, breaking boot on freshly-deployed devices
# { mode = "0700"; directory = "/etc/NetworkManager/system-connections"; }
# "/etc/nixos"
# "/etc/ssh" # persist only the specific files we want, instead
"/var/log"
"/var/backup" # for e.g. postgres dumps
]) ++ (map-service-dirs ([
# "/var/lib/AccountsService" # not sure what this is, but it's empty
"/var/lib/alsa" # preserve output levels, default devices
# "/var/lib/blueman" # files aren't human readable
@@ -93,37 +70,25 @@ in
# "/var/lib/upower" # historic charge data. unnecessary, but maybe used somewhere?
#
# servo additions:
# "/var/lib/dhparams" # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/security/dhparams.nix
# "/var/lib/dovecot"
# "/var/lib/duplicity"
] ++ cfg.service-dirs));
files = [
"/etc/machine-id"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/home/colin/.zsh_history"
# # XXX these only need persistence because i have mutableUsers = true, i think
# "/etc/group"
# "/etc/passwd"
# "/etc/shadow"
] ++ map-home-files cfg.home-files;
] ++ cfg.service-dirs);
# /etc/machine-id is a globally unique identifier used for:
# - systemd-networkd: DHCP lease renewal (instead of keying by the MAC address)
# - systemd-journald: to filter logs by host
# - chromium (potentially to track re-installations)
# - gdbus; system services that might upgrade to AF_LOCAL if both services can confirm they're on the same machine
# of these, systemd-networkd is the only legitimate case to persist the machine-id.
# depersisting it should be "safe"; edge-cases like systemd-networkd can be directed to use some other ID if necessary.
# nixos-impermanence shows binding the host ssh priv key to this; i could probably hash the host key into /etc/machine-id if necessary.
# files = [ "/etc/machine-id" ];
};
systemd.services.sane-sops = {
# TODO: it would be better if we could inject the right dependency into setupSecrets instead of patching like this.
# /run/current-system/activate contains the precise ordering logic.
# it's largely unaware of systemd.
# maybe we could insert some activation script which simply waits for /etc/ssh to appear?
description = "sops relies on /etc/ssh being available, so re-run its activation AFTER fs-local";
script = ''
${config.system.activationScripts.setupSecrets.text}
${config.system.activationScripts.linkIwdKeys.text}
'';
after = [ "fs-local.target" ];
wantedBy = [ "multi-user.target" ];
# secret decoding depends on /etc/ssh keys, which may be persisted
system.activationScripts.setupSecrets.deps = [ "persist-ssh-host-keys" ];
system.activationScripts.setupSecretsForUsers = lib.mkIf secretsForUsers {
deps = [ "persist-ssh-host-keys" ];
};
# populated by ssh.nix, which persists /etc/ssh/host_keys
system.activationScripts.persist-ssh-host-keys.text = lib.mkDefault "";
};
}

10
modules/nixcache.nix
View File

@@ -1,3 +1,13 @@
# speed up builds from e.g. moby or lappy by having them query desko and servo first.
# if one of these hosts is offline, instead manually specify just cachix:
# - `nixos-rebuild --option substituters https://cache.nixos.org/`
#
# future improvements:
# - apply for community arm build box:
# - <https://github.com/nix-community/aarch64-build-box>
# - don't require all substituters to be online:
# - <https://github.com/NixOS/nix/pull/7188>
{ lib, config, ... }:
with lib;

7
modules/services/default.nix Normal file
View File

@@ -0,0 +1,7 @@
{ ... }:
{
imports = [
./duplicity.nix
./nixserve.nix
];
}

3
modules/universal/allocations.nix
View File

@@ -23,6 +23,9 @@ in
sane.allocations.greeter-uid = mkId 999;
sane.allocations.greeter-gid = mkId 999;
sane.allocations.freshrss-uid = mkId 2401;
sane.allocations.freshrss-gid = mkId 2401;
sane.allocations.colin-uid = mkId 1000;
sane.allocations.guest-uid = mkId 1100;

41
modules/universal/default.nix
View File

@@ -3,16 +3,26 @@
{
imports = [
./allocations.nix
./env
./fs.nix
./home-manager
./home-packages.nix
./net.nix
./machine-id.nix
./secrets.nix
./ssh.nix
./system-packages.nix
./users.nix
./vpn.nix
];
time.timeZone = "America/Los_Angeles";
# allow `nix flake ...` command
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
# TODO: move this into home-manager?
fonts = {
enableDefaultFonts = true;
fonts = with pkgs; [ font-awesome twitter-color-emoji hack-font ];
@@ -25,9 +35,30 @@
};
};
# allow `nix flake ...` command
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
# programs.vim.defaultEditor = true;
environment.variables = {
EDITOR = "vim";
# git claims it should use EDITOR, but it doesn't!
GIT_EDITOR = "vim";
# TODO: these should be moved to `home.sessionVariables` (home-manager)
# Electron apps should use native wayland backend:
# https://nixos.wiki/wiki/Slack#Wayland
# Discord under sway crashes with this.
# NIXOS_OZONE_WL = "1";
# LIBGL_ALWAYS_SOFTWARE = "1";
};
# enable zsh completions
environment.pathsToLink = [ "/share/zsh" ];
environment.systemPackages = with pkgs; [
# required for pam_mount
gocryptfs
];
security.pam.mount.enable = true;
# security.pam.mount.debugLevel = 1;
# security.pam.enableSSHAgentAuth = true; # ??
# needed for `allow_other` in e.g. gocryptfs mounts
# or i guess going through mount.fuse sets suid so that's not necessary?
# programs.fuse.userAllowOther = true;
}

24
modules/universal/env/default.nix vendored
View File

@@ -1,24 +0,0 @@
{ ... }:
{
imports = [
./feeds.nix
./home-manager.nix
./home-packages.nix
./system-packages.nix
];
# programs.vim.defaultEditor = true;
environment.variables = {
EDITOR = "vim";
# git claims it should use EDITOR, but it doesn't!
GIT_EDITOR = "vim";
# TODO: these should be moved to `home.sessionVariables` (home-manager)
# Electron apps should use native wayland backend:
# https://nixos.wiki/wiki/Slack#Wayland
# Discord under sway crashes with this.
# NIXOS_OZONE_WL = "1";
# LIBGL_ALWAYS_SOFTWARE = "1";
};
}

41
modules/universal/env/feeds.nix vendored
View File

@@ -1,41 +0,0 @@
{ lib, ... }:
with lib;
{
options = {
sane.feeds.podcastUrls = mkOption {
type = types.listOf types.str;
default = [
"https://lexfridman.com/feed/podcast/"
## Astral Codex Ten
"http://feeds.libsyn.com/108018/rss"
## Econ Talk
"https://feeds.simplecast.com/wgl4xEgL"
## Cory Doctorow
"https://feeds.feedburner.com/doctorow_podcast"
"https://congressionaldish.libsyn.com/rss"
## Civboot
"https://anchor.fm/s/34c7232c/podcast/rss"
"https://feeds.feedburner.com/80000HoursPodcast"
"https://allinchamathjason.libsyn.com/rss"
"https://acquired.libsyn.com/rss"
"https://rss.acast.com/deconstructed"
## The Daily
"https://feeds.simplecast.com/54nAGcIl"
"https://rss.acast.com/intercepted-with-jeremy-scahill"
"https://podcast.posttv.com/itunes/post-reports.xml"
## Eric Weinstein
"https://rss.art19.com/the-portal"
"https://feeds.megaphone.fm/darknetdiaries"
"http://feeds.wnyc.org/radiolab"
"https://wakingup.libsyn.com/rss"
## 99% Invisible
"https://feeds.simplecast.com/BqbsxVfO"
"https://rss.acast.com/ft-tech-tonic"
"https://feeds.feedburner.com/dancarlin/history?format=xml"
## 60 minutes (NB: this features more than *just* audio?)
"https://www.cbsnews.com/latest/rss/60-minutes"
];
};
};
}

567
modules/universal/env/home-manager.nix vendored
View File

@@ -1,567 +0,0 @@
# docs:
# https://rycee.gitlab.io/home-manager/
# https://rycee.gitlab.io/home-manager/options.html
# man home-configuration.nix
#
{ lib, config, pkgs, ... }:
with lib;
let
cfg = config.sane.home-manager;
vim-swap-dir = ".cache/vim-swap";
# extract package from `extraPackages`
pkglist = pkgspec: builtins.map (e: e.pkg or e) pkgspec;
# extract `dir` from `extraPackages`
dirlist = pkgspec: builtins.concatLists (builtins.map (e: if e ? "dir" then [ e.dir ] else []) pkgspec);
# extract `persist-files` from `extraPackages`
persistfileslist = pkgspec: builtins.concatLists (builtins.map (e: if e ? "persist-files" then e.persist-files else []) pkgspec);
# TODO: dirlist and persistfileslist should be folded
in
{
options = {
sane.home-manager.enable = mkOption {
default = false;
type = types.bool;
};
# packages to deploy to the user's home
sane.home-manager.extraPackages = mkOption {
default = [ ];
# each entry can be either a package, or attrs:
# { pkg = package; dir = optional string;
type = types.listOf (types.either types.package types.attrs);
};
# attributes to copy directly to home-manager's `wayland.windowManager` option
sane.home-manager.windowManager = mkOption {
default = {};
type = types.attrs;
};
# extra attributes to include in home-manager's `programs` option
sane.home-manager.programs = mkOption {
default = {};
type = types.attrs;
};
};
config = lib.mkIf cfg.enable {
sops.secrets."aerc_accounts" = {
owner = config.users.users.colin.name;
sopsFile = ../../../secrets/universal/aerc_accounts.conf;
format = "binary";
};
sops.secrets."sublime_music_config" = {
owner = config.users.users.colin.name;
sopsFile = ../../../secrets/universal/sublime_music_config.json.bin;
format = "binary";
};
sane.impermanence.home-dirs = [
"archive"
"dev"
"records"
"ref"
"tmp"
"use"
"Music"
"Pictures"
"Videos"
vim-swap-dir
] ++ (dirlist cfg.extraPackages);
sane.impermanence.home-files = persistfileslist cfg.extraPackages;
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
# XXX this weird rename + closure is to get home-manager's `config.lib.file` to exist.
# see: https://github.com/nix-community/home-manager/issues/589#issuecomment-950474105
home-manager.users.colin = let sysconfig = config; in { config, ... }: {
# run `home-manager-help` to access manpages
# or `man home-configuration.nix`
manual.html.enable = true;
home.packages = pkglist cfg.extraPackages;
wayland.windowManager = cfg.windowManager;
home.stateVersion = "21.11";
home.username = "colin";
home.homeDirectory = "/home/colin";
home.activation = {
initKeyring = {
after = ["writeBoundary"];
before = [];
data = "${../../../scripts/init-keyring}";
};
};
# XDG defines things like ~/Desktop, ~/Downloads, etc.
# these clutter the home, so i mostly don't use them.
xdg.userDirs = {
enable = true;
createDirectories = false; # on headless systems, most xdg dirs are noise
desktop = "$HOME/.xdg/Desktop";
documents = "$HOME/dev";
download = "$HOME/tmp";
music = "$HOME/Music";
pictures = "$HOME/Pictures";
publicShare = "$HOME/.xdg/Public";
templates = "$HOME/.xdg/Templates";
videos = "$HOME/Videos";
};
# the xdg mime type for a file can be found with:
# - `xdg-mime query filetype path/to/thing.ext`
xdg.mimeApps.enable = true;
xdg.mimeApps.defaultApplications = {
# HTML
"text/html" = [ "librewolf.desktop" ];
"x-scheme-handler/http" = [ "librewolf.desktop" ];
"x-scheme-handler/https" = [ "librewolf.desktop" ];
"x-scheme-handler/about" = [ "librewolf.desktop" ];
"x-scheme-handler/unknown" = [ "librewolf.desktop" ];
# RICH-TEXT DOCUMENTS
"application/pdf" = [ "org.gnome.Evince.desktop" ];
"text/markdown" = [ "obsidian.desktop" ];
# IMAGES
"image/heif" = [ "org.gnome.gThumb.desktop" ]; # apple codec
"image/png" = [ "org.gnome.gThumb.desktop" ];
"image/jpeg" = [ "org.gnome.gThumb.desktop" ];
# VIDEO
"video/mp4" = [ "vlc.desktop" ];
"video/quicktime" = [ "vlc.desktop" ];
"video/x-matroska" = [ "vlc.desktop" ];
# AUDIO
"audio/flag" = [ "vlc.desktop" ];
"audio/mpeg" = [ "vlc.desktop" ];
"audio/x-vorbis+ogg" = [ "vlc.desktop" ];
};
# convenience
home.file."knowledge".source = config.lib.file.mkOutOfStoreSymlink "/home/colin/dev/knowledge";
home.file."nixos".source = config.lib.file.mkOutOfStoreSymlink "/home/colin/dev/nixos";
home.file."Videos/servo".source = config.lib.file.mkOutOfStoreSymlink "/mnt/servo-media/Videos";
home.file."Videos/servo-incomplete".source = config.lib.file.mkOutOfStoreSymlink "/mnt/servo-media/incomplete";
home.file."Music/servo".source = config.lib.file.mkOutOfStoreSymlink "/mnt/servo-media/Music";
# nb markdown/personal knowledge manager
home.file.".nb/knowledge".source = config.lib.file.mkOutOfStoreSymlink "/home/colin/dev/knowledge";
home.file.".nb/.current".text = "knowledge";
home.file.".nbrc".text = ''
# manage with `nb settings`
export NB_AUTO_SYNC=0
'';
# uBlock filter list configuration.
# specifically, enable the GDPR cookie prompt blocker.
# data.toOverwrite.filterLists is additive (i.e. it supplements the default filters)
# this configuration method is documented here:
# - <https://github.com/gorhill/uBlock/issues/2986#issuecomment-364035002>
# the specific attribute path is found via scraping ublock code here:
# - <https://github.com/gorhill/uBlock/blob/master/src/js/storage.js>
# - <https://github.com/gorhill/uBlock/blob/master/assets/assets.json>
home.file.".librewolf/managed-storage/uBlock0@raymondhill.net.json".text = ''
{
"name": "uBlock0@raymondhill.net",
"description": "ignored",
"type": "storage",
"data": {
"toOverwrite": "{\"filterLists\": [\"fanboy-cookiemonster\"]}"
}
}
'';
# aerc TUI mail client
xdg.configFile."aerc/accounts.conf".source =
config.lib.file.mkOutOfStoreSymlink sysconfig.sops.secrets.aerc_accounts.path;
# make Discord usable even when client is "outdated"
xdg.configFile."discord/settings.json".text = ''
{
"SKIP_HOST_UPDATE": true
}
'';
# sublime music player
xdg.configFile."sublime-music/config.json".source =
config.lib.file.mkOutOfStoreSymlink sysconfig.sops.secrets.sublime_music_config.path;
xdg.configFile."vlc/vlcrc".text =
let
podcastUrls = lib.strings.concatStringsSep "|" sysconfig.sane.feeds.podcastUrls;
in ''
[podcast]
podcast-urls=${podcastUrls}
[core]
metadata-network-access=0
[qt]
qt-privacy-ask=0
'';
xdg.configFile."gpodderFeeds.opml".text =
let
entries = builtins.toString (builtins.map
(url: ''\n <outline xmlUrl="${url}" type="rss"/>'')
sysconfig.sane.feeds.podcastUrls
);
in ''
<?xml version="1.0" encoding="utf-8"?>
<opml version="2.0">
<body>${entries}
</body>
</opml>
'';
# gnome feeds RSS viewer
xdg.configFile."org.gabmus.gfeeds.json".text = builtins.toJSON {
feeds = {
# AGGREGATORS (> 1 post/day)
"https://www.lesswrong.com/feed.xml" = { tags = [ "hourly" "rat" ]; };
"http://www.econlib.org/index.xml" = { tags = [ "hourly" "pol" ]; };
# AGGREGATORS (< 1 post/day)
"https://palladiummag.com/feed" = { tags = [ "weekly" "uncat" ]; };
"https://profectusmag.com/feed" = { tags = [ "weekly" "uncat" ]; };
"https://semiaccurate.com/feed" = { tags = [ "weekly" "tech" ]; };
"https://linuxphoneapps.org/blog/atom.xml" = { tags = [ "infrequent" "tech" ]; };
"https://spectrum.ieee.org/rss" = { tags = [ "weekly" "tech" ]; };
## No Moods, Ads or Cutesy Fucking Icons
"https://www.rifters.com/crawl/?feed=rss2" = { tags = [ "weekly" "uncat" ]; };
# DEVELOPERS
"https://mg.lol/blog/rss/" = { tags = [ "infrequent" "tech" ]; };
## Ken Shirriff
"https://www.righto.com/feeds/posts/default" = { tags = [ "infrequent" "tech" ]; };
## Vitalik Buterin
"https://vitalik.ca/feed.xml" = { tags = [ "infrequent" "tech" ]; };
## ian (Sanctuary)
"https://sagacioussuricata.com/feed.xml" = { tags = [ "infrequent" "tech" ]; };
## Bunnie Juang
"https://www.bunniestudios.com/blog/?feed=rss2" = { tags = [ "infrequent" "tech" ]; };
"https://blog.danieljanus.pl/atom.xml" = { tags = [ "infrequent" "tech" ]; };
"https://ianthehenry.com/feed.xml" = { tags = [ "infrequent" "tech" ]; };
"https://bitbashing.io/feed.xml" = { tags = [ "infrequent" "tech" ]; };
"https://idiomdrottning.org/feed.xml" = { tags = [ "daily" "uncat" ]; };
# (TECH; POL) COMMENTATORS
"http://benjaminrosshoffman.com/feed" = { tags = [ "weekly" "pol" ]; };
## Ben Thompson
"https://www.stratechery.com/rss" = { tags = [ "weekly" "pol" ]; };
## Balaji
"https://balajis.com/rss" = { tags = [ "weekly" "pol" ]; };
"https://www.ben-evans.com/benedictevans/rss.xml" = { tags = [ "weekly" "pol" ]; };
"https://www.lynalden.com/feed" = { tags = [ "infrequent" "pol" ]; };
"https://austinvernon.site/rss.xml" = { tags = [ "infrequent" "tech" ]; };
"https://oversharing.substack.com/feed" = { tags = [ "daily" "pol" ]; };
## David Rosenthal
"https://blog.dshr.org/rss.xml" = { tags = [ "weekly" "pol" ]; };
## Matt Levine
"https://www.bloomberg.com/opinion/authors/ARbTQlRLRjE/matthew-s-levine.rss" = { tags = [ "weekly" "pol" ]; };
# RATIONALITY/PHILOSOPHY/ETC
"https://samkriss.substack.com/feed" = { tags = [ "infrequent" "uncat" ]; }; # ... satire? phil?
"https://unintendedconsequenc.es/feed" = { tags = [ "infrequent" "rat" ]; };
"https://applieddivinitystudies.com/atom.xml" = { tags = [ "weekly" "rat" ]; };
"https://slimemoldtimemold.com/feed.xml" = { tags = [ "weekly" "rat" ]; };
"https://www.richardcarrier.info/feed" = { tags = [ "weekly" "rat" ]; };
"https://www.gwern.net/feed.xml" = { tags = [ "infrequent" "uncat" ]; };
## Jason Crawford
"https://rootsofprogress.org/feed.xml" = { tags = [ "weekly" "rat" ]; };
## Robin Hanson
"https://www.overcomingbias.com/feed" = { tags = [ "daily" "rat" ]; };
## Scott Alexander
"https://astralcodexten.substack.com/feed.xml" = { tags = [ "daily" "rat" ]; };
## Paul Christiano
"https://sideways-view.com/feed" = { tags = [ "infrequent" "rat" ]; };
## Sean Carroll
"https://www.preposterousuniverse.com/rss" = { tags = [ "infrequent" "rat" ]; };
# COMICS
"https://www.smbc-comics.com/comic/rss" = { tags = [ "daily" "visual" ]; };
"https://xkcd.com/atom.xml" = { tags = [ "daily" "visual" ]; };
"http://dilbert.com/feed" = { tags = ["daily" "visual" ]; };
# ART
"https://miniature-calendar.com/feed" = { tags = [ "daily" "visual" ]; };
# CODE
"https://github.com/Kaiteki-Fedi/Kaiteki/commits/master.atom" = { tags = [ "infrequent" "tech" ]; };
};
dark_reader = false;
new_first = true;
# windowsize = {
# width = 350;
# height = 650;
# };
max_article_age_days = 90;
enable_js = false;
max_refresh_threads = 3;
# saved_items = {};
# read_items = [];
show_read_items = true;
full_article_title = true;
# views: "webview", "reader", "rsscont"
default_view = "rsscont";
open_links_externally = true;
full_feed_name = false;
refresh_on_startup = true;
tags = [
# hourly => aggregator
# daily => prolifiq writer
# weekly => i can keep up with most -- but maybe not all -- of their content
# infrequent => i can read everything in this category
"hourly" "daily" "weekly" "infrequent"
# rat[ionality] gets used interchangably with philosophy, here.
# pol[itical] gets used for social commentary and economics as well.
# visual gets used for comics/art
"uncat" "rat" "tech" "pol" "visual"
];
open_youtube_externally = false;
media_player = "vlc"; # default: mpv
};
programs = {
home-manager.enable = true; # this lets home-manager manage dot-files in user dirs, i think
zsh = {
enable = true;
enableSyntaxHighlighting = true;
enableVteIntegration = true;
dotDir = ".config/zsh";
initExtraBeforeCompInit = ''
# p10k instant prompt
# run p10k configure to configure, but it can't write out its file :-(
POWERLEVEL9K_DISABLE_CONFIGURATION_WIZARD=true
'';
initExtra = ''
# zmv is a way to do rich moves/renames, with pattern matching/substitution.
# see for an example: <https://filipe.kiss.ink/zmv-zsh-rename/>
autoload -Uz zmv
'';
# prezto = oh-my-zsh fork; controls prompt, auto-completion, etc.
# see: https://github.com/sorin-ionescu/prezto
prezto = {
enable = true;
pmodules = [
"environment"
"terminal"
"editor"
"history"
"directory"
"spectrum"
"utility"
"completion"
"prompt"
"git"
];
prompt = {
theme = "powerlevel10k";
};
};
};
kitty = {
enable = true;
# docs: https://sw.kovidgoyal.net/kitty/conf/
settings = {
# disable terminal bell (when e.g. you backspace too many times)
enable_audio_bell = false;
};
keybindings = {
"ctrl+n" = "new_os_window_with_cwd";
};
# docs: https://github.com/kovidgoyal/kitty-themes
# theme = "1984 Light"; # dislike: awful, harsh blues/teals
# theme = "Adventure Time"; # dislike: harsh (dark)
# theme = "Atom One Light"; # GOOD: light theme. all color combos readable. not a huge fan of the blue.
# theme = "Belafonte Day"; # dislike: too low contrast for text colors
# theme = "Belafonte Night"; # better: dark theme that's easy on the eyes. all combos readable. low contrast.
# theme = "Catppuccin"; # dislike: a bit pale/low-contrast (dark)
# theme = "Desert"; # mediocre: colors are harsh
# theme = "Earthsong"; # BEST: dark theme. readable, good contrast. unique, but decent colors.
# theme = "Espresso Libre"; # better: dark theme. readable, but meh colors
# theme = "Forest Night"; # decent: very pastel. it's workable, but unconventional and muted/flat.
# theme = "Gruvbox Material Light Hard"; # mediocre light theme.
# theme = "kanagawabones"; # better: dark theme. colors are too background-y
# theme = "Kaolin Dark"; # dislike: too dark
# theme = "Kaolin Breeze"; # mediocre: not-too-harsh light theme, but some parts are poor contrast
# theme = "Later This Evening"; # mediocre: not-too-harsh dark theme, but cursor is poor contrast
# theme = "Material"; # decent: light theme, few colors.
# theme = "Mayukai"; # decent: not-too-harsh dark theme. the teal is a bit straining
# theme = "Nord"; # mediocre: pale background, low contrast
# theme = "One Half Light"; # better: not-too-harsh light theme. contrast could be better
theme = "PaperColor Dark"; # BEST: dark theme, very readable still the colors are background-y
# theme = "Parasio Dark"; # dislike: too low contrast
# theme = "Pencil Light"; # better: not-too-harsh light theme. decent contrast.
# theme = "Pnevma"; # dislike: too low contrast
# theme = "Piatto Light"; # better: readable light theme. pleasing colors. powerline prompt is hard to read.
# theme = "Rosé Pine Dawn"; # GOOD: light theme. all color combinations are readable. it is very mild -- may need to manually tweak contrast. tasteful colors
# theme = "Rosé Pine Moon"; # GOOD: dark theme. tasteful colors. but background is a bit intense
# theme = "Sea Shells"; # mediocre. not all color combos are readable
# theme = "Solarized Light"; # mediocre: not-too-harsh light theme; GREAT background; but some colors are low contrast
# theme = "Solarized Dark Higher Contrast"; # better: dark theme, decent colors
# theme = "Sourcerer"; # mediocre: ugly colors
# theme = "Space Gray"; # mediocre: too muted
# theme = "Space Gray Eighties"; # better: all readable, decent colors
# theme = "Spacemacs"; # mediocre: too muted
# theme = "Spring"; # mediocre: readable light theme, but the teal is ugly.
# theme = "Srcery"; # better: highly readable. colors are ehhh
# theme = "Substrata"; # decent: nice colors, but a bit flat.
# theme = "Sundried"; # mediocre: the solar text makes me squint
# theme = "Symfonic"; # mediocre: the dark purple has low contrast to the black bg.
# theme = "Tango Light"; # dislike: teal is too grating
# theme = "Tokyo Night Day"; # medicore: too muted
# theme = "Tokyo Night"; # better: tasteful. a bit flat
# theme = "Tomorrow"; # GOOD: all color combinations are readable. contrast is slightly better than Rose. on the blander side
# theme = "Treehouse"; # dislike: the orange is harsh on my eyes.
# theme = "Urple"; # dislike: weird palette
# theme = "Warm Neon"; # decent: not-too-harsh dark theme. the green is a bit unattractive
# theme = "Wild Cherry"; # GOOD: dark theme: nice colors. a bit flat
# theme = "Xcodedark"; # dislike: bad palette
# theme = "citylights"; # decent: dark theme. some parts have just a bit low contrast
# theme = "neobones_light"; # better light theme. the background is maybe too muted
# theme = "vimbones";
# theme = "zenbones_dark"; # mediocre: readable, but meh colors
# theme = "zenbones_light"; # decent: light theme. all colors are readable. contrast is passable but not excellent. highlight color is BAD
# theme = "zenwritten_dark"; # mediocre: looks same as zenbones_dark
# extraConfig = "";
};
git = {
enable = true;
userName = "colin";
userEmail = "colin@uninsane.org";
};
neovim = {
# neovim: https://github.com/neovim/neovim
enable = true;
viAlias = true;
vimAlias = true;
plugins = with pkgs.vimPlugins; [
# docs: surround-nvim: https://github.com/ur4ltz/surround.nvim/
# docs: vim-surround: https://github.com/tpope/vim-surround
vim-surround
# docs: fzf-vim (fuzzy finder): https://github.com/junegunn/fzf.vim
fzf-vim
# docs: https://github.com/KeitaNakamura/tex-conceal.vim/
({
plugin = tex-conceal-vim;
type = "viml";
config = ''
" present prettier fractions
let g:tex_conceal_frac=1
'';
})
({
plugin = vim-SyntaxRange;
type = "viml";
config = ''
" enable markdown-style codeblock highlighting for tex code
autocmd BufEnter * call SyntaxRange#Include('```tex', '```', 'tex', 'NonText')
" autocmd Syntax tex set conceallevel=2
'';
})
# nabla renders inline math in any document, but it's buggy.
# https://github.com/jbyuki/nabla.nvim
# ({
# plugin = pkgs.nabla;
# type = "lua";
# config = ''
# require'nabla'.enable_virt()
# '';
# })
# treesitter syntax highlighting: https://nixos.wiki/wiki/Tree_sitters
# docs: https://github.com/nvim-treesitter/nvim-treesitter
# config taken from: https://github.com/i077/system/blob/master/modules/home/neovim/default.nix
# this is required for tree-sitter to even highlight
({
plugin = (nvim-treesitter.withPlugins (_: pkgs.tree-sitter.allGrammars));
type = "lua";
config = ''
require'nvim-treesitter.configs'.setup {
highlight = {
enable = true,
-- disable treesitter on Rust so that we can use SyntaxRange
-- and leverage TeX rendering in rust projects
disable = { "rust", "tex", "latex" },
-- disable = { "tex", "latex" },
-- true to also use builtin vim syntax highlighting when treesitter fails
additional_vim_regex_highlighting = false
},
incremental_selection = {
enable = true,
keymaps = {
init_selection = "gnn",
node_incremental = "grn",
mcope_incremental = "grc",
node_decremental = "grm"
}
},
indent = {
enable = true,
disable = {}
}
}
vim.o.foldmethod = 'expr'
vim.o.foldexpr = 'nvim_treesitter#foldexpr()'
'';
})
];
extraConfig = ''
" copy/paste to system clipboard
set clipboard=unnamedplus
" screw tabs; always expand them into spaces
set expandtab
" at least don't open files with sections folded by default
set nofoldenable
" allow text substitutions for certain glyphs.
" higher number = more aggressive substitution (0, 1, 2, 3)
" i only make use of this for tex, but it's unclear how to
" apply that *just* to tex and retain the SyntaxRange stuff.
set conceallevel=2
" horizontal rule under the active line
" set cursorline
" highlight trailing space & related syntax errors (doesn't seem to work??)
" let c_space_errors=1
" let python_space_errors=1
" enable highlighting of leading/trailing spaces,
" and especially tabs
" source: https://www.reddit.com/r/neovim/comments/chlmfk/highlight_trailing_whitespaces_in_neovim/
set list
set listchars=tab:\·,trail:·,extends:,precedes:,nbsp:
'';
};
# XXX: although home-manager calls this option `firefox`, we can use other browsers and it still mostly works.
firefox = lib.mkIf (sysconfig.sane.gui.enable) {
enable = true;
package = import ./web-browser.nix pkgs;
};
# "command not found" will cause the command to be searched in nixpkgs
nix-index.enable = true;
} // cfg.programs;
home.shellAliases = {
":q" = "exit";
# common typos
"cd.." = "cd ..";
"cd../" = "cd ../";
};
};
};
}

55
modules/universal/env/web-browser.nix vendored
View File

@@ -1,55 +0,0 @@
pkgs:
# common settings to toggle (at runtime, in about:config):
# > security.ssl.require_safe_negotiation
# librewolf is a forked firefox which patches firefox to allow more things
# (like default search engines) to be configurable at runtime.
# many of the settings below won't have effect without those patches.
# see: https://gitlab.com/librewolf-community/settings/-/blob/master/distribution/policies.json
pkgs.wrapFirefox pkgs.librewolf-unwrapped {
# inherit the default librewolf.cfg
# it can be further customized via ~/.librewolf/librewolf.overrides.cfg
inherit (pkgs.librewolf-unwrapped) extraPrefsFiles;
libName = "librewolf";
extraPolicies = {
NoDefaultBookmarks = true;
SearchEngines = {
Default = "DuckDuckGo";
};
AppUpdateURL = "https://localhost";
DisableAppUpdate = true;
OverrideFirstRunPage = "";
OverridePostUpdatePage = "";
DisableSystemAddonUpdate = true;
DisableFirefoxStudies = true;
DisableTelemetry = true;
DisableFeedbackCommands = true;
DisablePocket = true;
DisableSetDesktopBackground = false;
Extensions = {
Install = [
"https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
"https://addons.mozilla.org/firefox/downloads/latest/sponsorblock/latest.xpi"
"https://addons.mozilla.org/firefox/downloads/latest/bypass-paywalls-clean/latest.xpi"
"https://addons.mozilla.org/firefox/downloads/latest/sidebery/latest.xpi"
"https://addons.mozilla.org/firefox/downloads/latest/ether-metamask/latest.xpi"
];
# remove many default search providers
Uninstall = [
"google@search.mozilla.org"
"bing@search.mozilla.org"
"amazondotcom@search.mozilla.org"
"ebay@search.mozilla.org"
"twitter@search.mozilla.org"
];
};
# XXX doesn't seem to have any effect...
# docs: https://github.com/mozilla/policy-templates#homepage
# Homepage = {
# HomepageURL = "https://uninsane.org/";
# StartPage = "homepage";
# };
# NewTabPage = true;
};
}

14
modules/universal/home-manager/aerc.nix Normal file
View File

@@ -0,0 +1,14 @@
# Terminal UI mail client
{ config, ... }:
{
sops.secrets."aerc_accounts" = {
owner = config.users.users.colin.name;
sopsFile = ../../../secrets/universal/aerc_accounts.conf;
format = "binary";
};
home-manager.users.colin = let sysconfig = config; in { config, ... }: {
# aerc TUI mail client
xdg.configFile."aerc/accounts.conf".source =
config.lib.file.mkOutOfStoreSymlink sysconfig.sops.secrets.aerc_accounts.path;
};
}

218
modules/universal/home-manager/default.nix Normal file
View File

@@ -0,0 +1,218 @@
# docs:
# https://rycee.gitlab.io/home-manager/
# https://rycee.gitlab.io/home-manager/options.html
# man home-configuration.nix
#
{ lib, config, pkgs, ... }:
with lib;
let
cfg = config.sane.home-manager;
# extract package from `extraPackages`
pkg-list = pkgspec: builtins.map (e: e.pkg or e) pkgspec;
# extract `dir` from `extraPackages`
dir-list = pkgspec: builtins.concatLists (builtins.map (e: if e ? "dir" then [ e.dir ] else []) pkgspec);
private-list = pkgspec: builtins.concatLists (builtins.map (e: if e ? "private" then [ e.private ] else []) pkgspec);
feeds = import ./feeds.nix { inherit lib; };
in
{
imports = [
./aerc.nix
./discord.nix
./git.nix
./kitty.nix
./librewolf.nix
./mpv.nix
./nb.nix
./neovim.nix
./ssh.nix
./sublime-music.nix
./vlc.nix
./zsh.nix
];
options = {
# packages to deploy to the user's home
sane.home-manager.extraPackages = mkOption {
default = [ ];
# each entry can be either a package, or attrs:
# { pkg = package; dir = optional string;
type = types.listOf (types.either types.package types.attrs);
};
# attributes to copy directly to home-manager's `wayland.windowManager` option
sane.home-manager.windowManager = mkOption {
default = {};
type = types.attrs;
};
# extra attributes to include in home-manager's `programs` option
sane.home-manager.programs = mkOption {
default = {};
type = types.attrs;
};
};
config = {
sane.impermanence.home-dirs = [
"archive"
"dev"
"records"
"ref"
"tmp"
"use"
"Music"
"Pictures"
"Videos"
] ++ (dir-list cfg.extraPackages);
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
# XXX this weird rename + closure is to get home-manager's `config.lib.file` to exist.
# see: https://github.com/nix-community/home-manager/issues/589#issuecomment-950474105
home-manager.users.colin = let sysconfig = config; in { config, ... }: {
# run `home-manager-help` to access manpages
# or `man home-configuration.nix`
manual.html.enable = false; # TODO: set to true later (build failure)
manual.manpages.enable = false; # TODO: enable after https://github.com/nix-community/home-manager/issues/3344
home.packages = pkg-list cfg.extraPackages;
wayland.windowManager = cfg.windowManager;
home.stateVersion = "21.11";
home.username = "colin";
home.homeDirectory = "/home/colin";
home.activation = {
initKeyring = {
after = ["writeBoundary"];
before = [];
data = "${../../../scripts/init-keyring}";
};
};
home.file = let
privates = builtins.listToAttrs (
builtins.map (path: {
name = path;
value = { source = config.lib.file.mkOutOfStoreSymlink "/home/colin/private/${path}"; };
})
(private-list cfg.extraPackages)
);
in {
# convenience
"knowledge".source = config.lib.file.mkOutOfStoreSymlink "/home/colin/dev/knowledge";
"nixos".source = config.lib.file.mkOutOfStoreSymlink "/home/colin/dev/nixos";
"Videos/servo".source = config.lib.file.mkOutOfStoreSymlink "/mnt/servo-media/Videos";
"Videos/servo-incomplete".source = config.lib.file.mkOutOfStoreSymlink "/mnt/servo-media/incomplete";
"Music/servo".source = config.lib.file.mkOutOfStoreSymlink "/mnt/servo-media/Music";
# used by password managers, e.g. unix `pass`
".password-store".source = config.lib.file.mkOutOfStoreSymlink "/home/colin/dev/knowledge/secrets/accounts";
} // privates;
# XDG defines things like ~/Desktop, ~/Downloads, etc.
# these clutter the home, so i mostly don't use them.
xdg.userDirs = {
enable = true;
createDirectories = false; # on headless systems, most xdg dirs are noise
desktop = "$HOME/.xdg/Desktop";
documents = "$HOME/dev";
download = "$HOME/tmp";
music = "$HOME/Music";
pictures = "$HOME/Pictures";
publicShare = "$HOME/.xdg/Public";
templates = "$HOME/.xdg/Templates";
videos = "$HOME/Videos";
};
# the xdg mime type for a file can be found with:
# - `xdg-mime query filetype path/to/thing.ext`
xdg.mimeApps.enable = true;
xdg.mimeApps.defaultApplications = let
www = "librewolf.desktop";
pdf = "org.gnome.Evince.desktop";
md = "obsidian.desktop";
thumb = "org.gnome.gThumb.desktop";
video = "vlc.desktop";
# audio = "mpv.desktop";
audio = "vlc.desktop";
in {
# HTML
"text/html" = [ www ];
"x-scheme-handler/http" = [ www ];
"x-scheme-handler/https" = [ www ];
"x-scheme-handler/about" = [ www ];
"x-scheme-handler/unknown" = [ www ];
# RICH-TEXT DOCUMENTS
"application/pdf" = [ pdf ];
"text/markdown" = [ md ];
# IMAGES
"image/heif" = [ thumb ]; # apple codec
"image/png" = [ thumb ];
"image/jpeg" = [ thumb ];
# VIDEO
"video/mp4" = [ video ];
"video/quicktime" = [ video ];
"video/x-matroska" = [ video ];
# AUDIO
"audio/flac" = [ audio ];
"audio/mpeg" = [ audio ];
"audio/x-vorbis+ogg" = [ audio ];
};
xdg.configFile."gpodderFeeds.opml".text = with feeds;
feedsToOpml feeds.podcasts;
# news-flash RSS viewer
xdg.configFile."newsflashFeeds.opml".text = with feeds;
feedsToOpml (feeds.texts ++ feeds.images);
# gnome feeds RSS viewer
xdg.configFile."org.gabmus.gfeeds.json".text =
let
myFeeds = feeds.texts ++ feeds.images;
in builtins.toJSON {
# feed format is a map from URL to a dict,
# with dict["tags"] a list of string tags.
feeds = builtins.foldl' (acc: feed: acc // {
"${feed.url}".tags = [ feed.cat feed.freq ];
}) {} myFeeds;
dark_reader = false;
new_first = true;
# windowsize = {
# width = 350;
# height = 650;
# };
max_article_age_days = 90;
enable_js = false;
max_refresh_threads = 3;
# saved_items = {};
# read_items = [];
show_read_items = true;
full_article_title = true;
# views: "webview", "reader", "rsscont"
default_view = "rsscont";
open_links_externally = true;
full_feed_name = false;
refresh_on_startup = true;
tags = lib.lists.unique (
(builtins.catAttrs "cat" myFeeds) ++ (builtins.catAttrs "freq" myFeeds)
);
open_youtube_externally = false;
media_player = "vlc"; # default: mpv
};
programs = {
home-manager.enable = true; # this lets home-manager manage dot-files in user dirs, i think
# "command not found" will cause the command to be searched in nixpkgs
nix-index.enable = true;
} // cfg.programs;
};
};
}

10
modules/universal/home-manager/discord.nix Normal file
View File

@@ -0,0 +1,10 @@
{ ... }:
{
# TODO: this should only be enabled on gui devices
# make Discord usable even when client is "outdated"
home-manager.users.colin.xdg.configFile."discord/settings.json".text = ''
{
"SKIP_HOST_UPDATE": true
}
'';
}

182
modules/universal/home-manager/feeds.nix Normal file
View File

@@ -0,0 +1,182 @@
{ lib }:
let
hourly = { freq = "hourly"; };
daily = { freq = "daily"; };
weekly = { freq = "weekly"; };
infrequent = { freq = "infrequent"; };
art = { cat = "art"; };
humor = { cat = "humor"; };
pol = { cat = "pol"; }; # or maybe just "social"
rat = { cat = "rat"; };
tech = { cat = "tech"; };
uncat = { cat = "uncat"; };
text = { format = "text"; };
image = { format = "image"; };
podcast = { format = "podcast"; };
mkRss = format: url: { inherit url format; } // uncat // infrequent;
# format-specific helpers
mkText = mkRss text;
mkImg = mkRss image;
mkPod = mkRss podcast;
# host-specific helpers
mkSubstack = subdomain: mkText "https://${subdomain}.substack.com/feed";
# merge the attrs `new` into each value of the attrs `addTo`
addAttrs = new: addTo: builtins.mapAttrs (k: v: v // new) addTo;
# for each value in `attrs`, add a value to the child attrs which holds its key within the parent attrs.
withInverseMapping = key: attrs: builtins.mapAttrs (k: v: v // { "${key}" = k; }) attrs;
in rec {
podcasts = [
(mkPod "https://lexfridman.com/feed/podcast/" // rat // weekly)
## Astral Codex Ten
(mkPod "http://feeds.libsyn.com/108018/rss" // rat // daily)
## Econ Talk
(mkPod "https://feeds.simplecast.com/wgl4xEgL" // rat // daily)
## Cory Doctorow
(mkPod "https://feeds.feedburner.com/doctorow_podcast" // pol // infrequent)
(mkPod "https://congressionaldish.libsyn.com/rss" // pol // infrequent)
## Civboot
(mkPod "https://anchor.fm/s/34c7232c/podcast/rss" // tech // infrequent)
(mkPod "https://feeds.feedburner.com/80000HoursPodcast" // rat // weekly)
(mkPod "https://allinchamathjason.libsyn.com/rss" // pol // weekly)
(mkPod "https://acquired.libsyn.com/rss" // tech // infrequent)
(mkPod "https://rss.acast.com/deconstructed" // pol // infrequent)
## The Daily
(mkPod "https://feeds.simplecast.com/54nAGcIl" // pol // daily)
(mkPod "https://rss.acast.com/intercepted-with-jeremy-scahill" // pol // weekly)
(mkPod "https://podcast.posttv.com/itunes/post-reports.xml" // pol // weekly)
## Eric Weinstein
(mkPod "https://rss.art19.com/the-portal" // rat // infrequent)
(mkPod "https://feeds.megaphone.fm/darknetdiaries" // tech // infrequent)
(mkPod "http://feeds.wnyc.org/radiolab" // pol // infrequent)
(mkPod "https://wakingup.libsyn.com/rss" // pol // infrequent)
## 99% Invisible
(mkPod "https://feeds.simplecast.com/BqbsxVfO" // pol // infrequent)
(mkPod "https://rss.acast.com/ft-tech-tonic" // tech // infrequent)
(mkPod "https://feeds.feedburner.com/dancarlin/history?format=xml" // rat // infrequent)
## 60 minutes (NB: this features more than *just* audio?)
(mkPod "https://www.cbsnews.com/latest/rss/60-minutes" // pol // infrequent)
];
texts = [
# AGGREGATORS (> 1 post/day)
(mkText "https://www.lesswrong.com/feed.xml" // rat // hourly)
(mkText "http://www.econlib.org/index.xml" // pol // hourly)
# AGGREGATORS (< 1 post/day)
(mkText "https://palladiummag.com/feed" // uncat // weekly)
(mkText "https://profectusmag.com/feed" // uncat // weekly)
(mkText "https://semiaccurate.com/feed" // tech // weekly)
(mkText "https://linuxphoneapps.org/blog/atom.xml" // tech // infrequent)
(mkText "https://spectrum.ieee.org/rss" // tech // weekly)
## No Moods, Ads or Cutesy Fucking Icons
(mkText "https://www.rifters.com/crawl/?feed=rss2" // uncat // weekly)
# DEVELOPERS
(mkText "https://uninsane.org/atom.xml" // infrequent // tech)
(mkText "https://mg.lol/blog/rss/" // infrequent // tech)
## Ken Shirriff
(mkText "https://www.righto.com/feeds/posts/default" // tech // infrequent)
## Vitalik Buterin
(mkText "https://vitalik.ca/feed.xml" // tech // infrequent)
## ian (Sanctuary)
(mkText "https://sagacioussuricata.com/feed.xml" // tech // infrequent)
## Bunnie Juang
(mkText "https://www.bunniestudios.com/blog/?feed=rss2" // tech // infrequent)
(mkText "https://blog.danieljanus.pl/atom.xml" // tech // infrequent)
(mkText "https://ianthehenry.com/feed.xml" // tech // infrequent)
(mkText "https://bitbashing.io/feed.xml" // tech // infrequent)
(mkText "https://idiomdrottning.org/feed.xml" // uncat // daily)
(mkText "https://anish.lakhwara.com/home.html" // tech // weekly)
# (TECH; POL) COMMENTATORS
(mkSubstack "edwardsnowden" // pol // infrequent)
(mkText "http://benjaminrosshoffman.com/feed" // pol // weekly)
## Ben Thompson
(mkText "https://www.stratechery.com/rss" // pol // weekly)
## Balaji
(mkText "https://balajis.com/rss" // pol // weekly)
(mkText "https://www.ben-evans.com/benedictevans/rss.xml" // pol // weekly)
(mkText "https://www.lynalden.com/feed" // pol // infrequent)
(mkText "https://austinvernon.site/rss.xml" // tech // infrequent)
(mkSubstack "oversharing" // pol // daily)
(mkSubstack "doomberg" // tech // weekly)
## David Rosenthal
(mkText "https://blog.dshr.org/rss.xml" // pol // weekly)
## Matt Levine
(mkText "https://www.bloomberg.com/opinion/authors/ARbTQlRLRjE/matthew-s-levine.rss" // pol // weekly)
# RATIONALITY/PHILOSOPHY/ETC
(mkSubstack "samkriss" // humor // infrequent)
(mkText "https://unintendedconsequenc.es/feed" // rat // infrequent)
(mkText "https://applieddivinitystudies.com/atom.xml" // rat // weekly)
(mkText "https://slimemoldtimemold.com/feed.xml" // rat // weekly)
(mkText "https://www.richardcarrier.info/feed" // rat // weekly)
(mkText "https://www.gwern.net/feed.xml" // uncat // infrequent)
## Jason Crawford
(mkText "https://rootsofprogress.org/feed.xml" // rat // weekly)
## Robin Hanson
(mkText "https://www.overcomingbias.com/feed" // rat // daily)
## Scott Alexander
(mkSubstack "astralcodexten" // rat // daily)
## Paul Christiano
(mkText "https://sideways-view.com/feed" // rat // infrequent)
## Sean Carroll
(mkText "https://www.preposterousuniverse.com/rss" // rat // infrequent)
# CODE
(mkText "https://github.com/Kaiteki-Fedi/Kaiteki/commits/master.atom" // tech // infrequent)
];
images = [
(mkImg "https://www.smbc-comics.com/comic/rss" // humor // daily)
(mkImg "https://xkcd.com/atom.xml" // humor // daily)
(mkImg "http://dilbert.com/feed" // humor // daily)
# ART
(mkImg "https://miniature-calendar.com/feed" // art // daily)
];
all = texts ++ images ++ podcasts;
# return only the feed items which match this category (e.g. "tech")
filterCat = cat: feeds: builtins.filter (item: item.cat == cat) feeds;
# return only the feed items which match this format (e.g. "podcast")
filterFormat = format: feeds: builtins.filter (item: item.format == format) feeds;
# transform a list of feeds into an attrs mapping cat => [ feed0 feed1 ... ]
partitionByCat = feeds: builtins.groupBy (f: f.cat) feeds;
# represents a single RSS feed.
opmlTerminal = feed: ''<outline xmlUrl="${feed.url}" type="rss"/>'';
# a list of RSS feeds.
opmlTerminals = feeds: lib.strings.concatStringsSep "\n" (builtins.map opmlTerminal feeds);
# one node which packages some flat grouping of terminals.
opmlGroup = title: feeds: ''
<outline text="${title}" title="${title}">
${opmlTerminals feeds}
</outline>
'';
# a list of groups (`groupMap` is an attrs mapping groupName => [ feed0 feed1 ... ]).
opmlGroups = groupMap: lib.strings.concatStringsSep "\n" (
builtins.attrValues (builtins.mapAttrs opmlGroup groupMap)
);
# top-level OPML file which could be consumed by something else.
opmlTopLevel = body: ''
<?xml version="1.0" encoding="utf-8"?>
<opml version="2.0">
<body>
${body}
</body>
</opml>
'';
# **primary API**: generate a OPML file from the provided feeds
feedsToOpml = feeds: opmlTopLevel (opmlGroups (partitionByCat feeds));
}

18
modules/universal/home-manager/git.nix Normal file
View File

@@ -0,0 +1,18 @@
{ pkgs, ... }:
{
home-manager.users.colin.programs.git = {
enable = true;
userName = "colin";
userEmail = "colin@uninsane.org";
aliases = { co = "checkout"; };
extraConfig = {
# difftastic docs:
# - <https://difftastic.wilfred.me.uk/git.html>
diff.tool = "difftastic";
difftool.prompt = false;
"difftool \"difftastic\"".cmd = ''${pkgs.difftastic}/bin/difft "$LOCAL" "$REMOTE"'';
# now run `git difftool` to use difftastic git
};
};
}

69
modules/universal/home-manager/kitty.nix Normal file
View File

@@ -0,0 +1,69 @@
{ ... }:
{
home-manager.users.colin.programs.kitty = {
enable = true;
# docs: https://sw.kovidgoyal.net/kitty/conf/
settings = {
# disable terminal bell (when e.g. you backspace too many times)
enable_audio_bell = false;
};
keybindings = {
"ctrl+n" = "new_os_window_with_cwd";
};
# docs: https://github.com/kovidgoyal/kitty-themes
# theme = "1984 Light"; # dislike: awful, harsh blues/teals
# theme = "Adventure Time"; # dislike: harsh (dark)
# theme = "Atom One Light"; # GOOD: light theme. all color combos readable. not a huge fan of the blue.
# theme = "Belafonte Day"; # dislike: too low contrast for text colors
# theme = "Belafonte Night"; # better: dark theme that's easy on the eyes. all combos readable. low contrast.
# theme = "Catppuccin"; # dislike: a bit pale/low-contrast (dark)
# theme = "Desert"; # mediocre: colors are harsh
# theme = "Earthsong"; # BEST: dark theme. readable, good contrast. unique, but decent colors.
# theme = "Espresso Libre"; # better: dark theme. readable, but meh colors
# theme = "Forest Night"; # decent: very pastel. it's workable, but unconventional and muted/flat.
# theme = "Gruvbox Material Light Hard"; # mediocre light theme.
# theme = "kanagawabones"; # better: dark theme. colors are too background-y
# theme = "Kaolin Dark"; # dislike: too dark
# theme = "Kaolin Breeze"; # mediocre: not-too-harsh light theme, but some parts are poor contrast
# theme = "Later This Evening"; # mediocre: not-too-harsh dark theme, but cursor is poor contrast
# theme = "Material"; # decent: light theme, few colors.
# theme = "Mayukai"; # decent: not-too-harsh dark theme. the teal is a bit straining
# theme = "Nord"; # mediocre: pale background, low contrast
# theme = "One Half Light"; # better: not-too-harsh light theme. contrast could be better
theme = "PaperColor Dark"; # BEST: dark theme, very readable still the colors are background-y
# theme = "Parasio Dark"; # dislike: too low contrast
# theme = "Pencil Light"; # better: not-too-harsh light theme. decent contrast.
# theme = "Pnevma"; # dislike: too low contrast
# theme = "Piatto Light"; # better: readable light theme. pleasing colors. powerline prompt is hard to read.
# theme = "Rosé Pine Dawn"; # GOOD: light theme. all color combinations are readable. it is very mild -- may need to manually tweak contrast. tasteful colors
# theme = "Rosé Pine Moon"; # GOOD: dark theme. tasteful colors. but background is a bit intense
# theme = "Sea Shells"; # mediocre. not all color combos are readable
# theme = "Solarized Light"; # mediocre: not-too-harsh light theme; GREAT background; but some colors are low contrast
# theme = "Solarized Dark Higher Contrast"; # better: dark theme, decent colors
# theme = "Sourcerer"; # mediocre: ugly colors
# theme = "Space Gray"; # mediocre: too muted
# theme = "Space Gray Eighties"; # better: all readable, decent colors
# theme = "Spacemacs"; # mediocre: too muted
# theme = "Spring"; # mediocre: readable light theme, but the teal is ugly.
# theme = "Srcery"; # better: highly readable. colors are ehhh
# theme = "Substrata"; # decent: nice colors, but a bit flat.
# theme = "Sundried"; # mediocre: the solar text makes me squint
# theme = "Symfonic"; # mediocre: the dark purple has low contrast to the black bg.
# theme = "Tango Light"; # dislike: teal is too grating
# theme = "Tokyo Night Day"; # medicore: too muted
# theme = "Tokyo Night"; # better: tasteful. a bit flat
# theme = "Tomorrow"; # GOOD: all color combinations are readable. contrast is slightly better than Rose. on the blander side
# theme = "Treehouse"; # dislike: the orange is harsh on my eyes.
# theme = "Urple"; # dislike: weird palette
# theme = "Warm Neon"; # decent: not-too-harsh dark theme. the green is a bit unattractive
# theme = "Wild Cherry"; # GOOD: dark theme: nice colors. a bit flat
# theme = "Xcodedark"; # dislike: bad palette
# theme = "citylights"; # decent: dark theme. some parts have just a bit low contrast
# theme = "neobones_light"; # better light theme. the background is maybe too muted
# theme = "vimbones";
# theme = "zenbones_dark"; # mediocre: readable, but meh colors
# theme = "zenbones_light"; # decent: light theme. all colors are readable. contrast is passable but not excellent. highlight color is BAD
# theme = "zenwritten_dark"; # mediocre: looks same as zenbones_dark
# extraConfig = "";
};
}

102
modules/universal/home-manager/librewolf.nix Normal file
View File

@@ -0,0 +1,102 @@
# common settings to toggle (at runtime, in about:config):
# > security.ssl.require_safe_negotiation
# librewolf is a forked firefox which patches firefox to allow more things
# (like default search engines) to be configurable at runtime.
# many of the settings below won't have effect without those patches.
# see: https://gitlab.com/librewolf-community/settings/-/blob/master/distribution/policies.json
{ config, lib, pkgs, ...}:
let
package = pkgs.wrapFirefox pkgs.librewolf-unwrapped {
# inherit the default librewolf.cfg
# it can be further customized via ~/.librewolf/librewolf.overrides.cfg
inherit (pkgs.librewolf-unwrapped) extraPrefsFiles;
libName = "librewolf";
extraNativeMessagingHosts = [ pkgs.browserpass ];
# extraNativeMessagingHosts = [ pkgs.gopass-native-messaging-host ];
extraPolicies = {
NoDefaultBookmarks = true;
SearchEngines = {
Default = "DuckDuckGo";
};
AppUpdateURL = "https://localhost";
DisableAppUpdate = true;
OverrideFirstRunPage = "";
OverridePostUpdatePage = "";
DisableSystemAddonUpdate = true;
DisableFirefoxStudies = true;
DisableTelemetry = true;
DisableFeedbackCommands = true;
DisablePocket = true;
DisableSetDesktopBackground = false;
Extensions = {
Install = let
addon = pkg: addonId: "${pkg}/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/${addonId}.xpi";
in with pkgs.firefox-addons; [
# the extension key is found by building and checking the output: `nix build '.#rycee.firefox-addons.<foo>'`
# or by taking the `addonId` input to `buildFirefoxXpiAddon` in rycee's firefox-addons repo
(addon ublock-origin "uBlock0@raymondhill.net")
(addon sponsorblock "sponsorBlocker@ajay.app")
(addon bypass-paywalls-clean "{d133e097-46d9-4ecc-9903-fa6a722a6e0e}")
(addon sidebery "{3c078156-979c-498b-8990-85f7987dd929}")
(addon browserpass "browserpass@maximbaz.com")
(addon metamask "webextension@metamask.io")
# extensions can alternatively be installed by URL, in which case they are fetched (and cached) on first run.
# "https://addons.mozilla.org/firefox/downloads/latest/gopass-bridge/latest.xpi"
];
# remove many default search providers
Uninstall = [
"google@search.mozilla.org"
"bing@search.mozilla.org"
"amazondotcom@search.mozilla.org"
"ebay@search.mozilla.org"
"twitter@search.mozilla.org"
];
};
# XXX doesn't seem to have any effect...
# docs: https://github.com/mozilla/policy-templates#homepage
# Homepage = {
# HomepageURL = "https://uninsane.org/";
# StartPage = "homepage";
# };
# NewTabPage = true;
};
};
in
{
# XXX: although home-manager calls this option `firefox`, we can use other browsers and it still mostly works.
home-manager.users.colin = lib.mkIf (config.sane.gui.enable) {
programs.firefox = {
enable = true;
inherit package;
};
# uBlock filter list configuration.
# specifically, enable the GDPR cookie prompt blocker.
# data.toOverwrite.filterLists is additive (i.e. it supplements the default filters)
# this configuration method is documented here:
# - <https://github.com/gorhill/uBlock/issues/2986#issuecomment-364035002>
# the specific attribute path is found via scraping ublock code here:
# - <https://github.com/gorhill/uBlock/blob/master/src/js/storage.js>
# - <https://github.com/gorhill/uBlock/blob/master/assets/assets.json>
home.file.".librewolf/managed-storage/uBlock0@raymondhill.net.json".text = ''
{
"name": "uBlock0@raymondhill.net",
"description": "ignored",
"type": "storage",
"data": {
"toOverwrite": "{\"filterLists\": [\"fanboy-cookiemonster\"]}"
}
}
'';
home.file.".librewolf/librewolf.overrides.cfg".text = ''
// if we can't query the revocation status of a SSL cert because the issuer is offline,
// treat it as unrevoked.
// see: <https://librewolf.net/docs/faq/#im-getting-sec_error_ocsp_server_error-what-can-i-do>
defaultPref("security.OCSP.require", false);
'';
};
}

11
modules/universal/home-manager/mpv.nix Normal file
View File

@@ -0,0 +1,11 @@
{ ... }:
{
home-manager.users.colin.programs.mpv = {
enable = true;
config = {
save-position-on-quit = true;
keep-open = "yes";
};
};
}

24
modules/universal/home-manager/nb.nix Normal file
View File

@@ -0,0 +1,24 @@
# nb is a CLI-drive Personal Knowledge Manager
# - <https://xwmx.github.io/nb/>
#
# it's pretty opinionated:
# - autocommits (to git) excessively (disable-able)
# - inserts its own index files to give deterministic names to files
#
# it offers a primitive web-server
# and it offers some CLI query tools
{ lib, pkgs, ... }: lib.mkIf false # XXX disabled!
{
sane.home-manager.extraPackages = [ pkgs.nb ];
home-manager.users.colin = { config, ... }: {
# nb markdown/personal knowledge manager
home.file.".nb/knowledge".source = config.lib.file.mkOutOfStoreSymlink "/home/colin/dev/knowledge";
home.file.".nb/.current".text = "knowledge";
home.file.".nbrc".text = ''
# manage with `nb settings`
export NB_AUTO_SYNC=0
'';
};
}

115
modules/universal/home-manager/neovim.nix Normal file
View File

@@ -0,0 +1,115 @@
{ pkgs, ... }:
{
sane.impermanence.home-dirs = [ ".cache/vim-swap" ];
home-manager.users.colin.programs.neovim = {
# neovim: https://github.com/neovim/neovim
enable = true;
viAlias = true;
vimAlias = true;
plugins = with pkgs.vimPlugins; [
# docs: surround-nvim: https://github.com/ur4ltz/surround.nvim/
# docs: vim-surround: https://github.com/tpope/vim-surround
vim-surround
# docs: fzf-vim (fuzzy finder): https://github.com/junegunn/fzf.vim
fzf-vim
# docs: https://github.com/KeitaNakamura/tex-conceal.vim/
({
plugin = tex-conceal-vim;
type = "viml";
config = ''
" present prettier fractions
let g:tex_conceal_frac=1
'';
})
({
plugin = vim-SyntaxRange;
type = "viml";
config = ''
" enable markdown-style codeblock highlighting for tex code
autocmd BufEnter * call SyntaxRange#Include('```tex', '```', 'tex', 'NonText')
" autocmd Syntax tex set conceallevel=2
'';
})
# nabla renders inline math in any document, but it's buggy.
# https://github.com/jbyuki/nabla.nvim
# ({
# plugin = pkgs.nabla;
# type = "lua";
# config = ''
# require'nabla'.enable_virt()
# '';
# })
# treesitter syntax highlighting: https://nixos.wiki/wiki/Tree_sitters
# docs: https://github.com/nvim-treesitter/nvim-treesitter
# config taken from: https://github.com/i077/system/blob/master/modules/home/neovim/default.nix
# this is required for tree-sitter to even highlight
({
plugin = (nvim-treesitter.withPlugins (_: pkgs.tree-sitter.allGrammars));
type = "lua";
config = ''
require'nvim-treesitter.configs'.setup {
highlight = {
enable = true,
-- disable treesitter on Rust so that we can use SyntaxRange
-- and leverage TeX rendering in rust projects
disable = { "rust", "tex", "latex" },
-- disable = { "tex", "latex" },
-- true to also use builtin vim syntax highlighting when treesitter fails
additional_vim_regex_highlighting = false
},
incremental_selection = {
enable = true,
keymaps = {
init_selection = "gnn",
node_incremental = "grn",
mcope_incremental = "grc",
node_decremental = "grm"
}
},
indent = {
enable = true,
disable = {}
}
}
vim.o.foldmethod = 'expr'
vim.o.foldexpr = 'nvim_treesitter#foldexpr()'
'';
})
];
extraConfig = ''
" let the terminal handle mouse events, that way i get OS-level ctrl+shift+c/etc
" this used to be default, until <https://github.com/neovim/neovim/pull/19290>
set mouse=
" copy/paste to system clipboard
set clipboard=unnamedplus
" screw tabs; always expand them into spaces
set expandtab
" at least don't open files with sections folded by default
set nofoldenable
" allow text substitutions for certain glyphs.
" higher number = more aggressive substitution (0, 1, 2, 3)
" i only make use of this for tex, but it's unclear how to
" apply that *just* to tex and retain the SyntaxRange stuff.
set conceallevel=2
" horizontal rule under the active line
" set cursorline
" highlight trailing space & related syntax errors (doesn't seem to work??)
" let c_space_errors=1
" let python_space_errors=1
" enable highlighting of leading/trailing spaces,
" and especially tabs
" source: https://www.reddit.com/r/neovim/comments/chlmfk/highlight_trailing_whitespaces_in_neovim/
set list
set listchars=tab:\·,trail:·,extends:,precedes:,nbsp:
'';
};
}

18
modules/universal/home-manager/ssh.nix Normal file
View File

@@ -0,0 +1,18 @@
{ config, pkgs, ... }:
{
home-manager.users.colin = let
host = config.networking.hostName;
user_pubkey = (import ../pubkeys.nix).users."${host}";
known_hosts_text = builtins.concatStringsSep
"\n"
(builtins.attrValues (import ../pubkeys.nix).hosts);
in { config, ...}: {
# ssh key is stored in private storage
home.file.".ssh/id_ed25519".source = config.lib.file.mkOutOfStoreSymlink "/home/colin/private/.ssh/id_ed25519";
home.file.".ssh/id_ed25519.pub".text = user_pubkey;
programs.ssh.enable = true;
# this optionally accepts multiple known_hosts paths, separated by space.
programs.ssh.userKnownHostsFile = builtins.toString (pkgs.writeText "known_hosts" known_hosts_text);
};
}

14
modules/universal/home-manager/sublime-music.nix Normal file
View File

@@ -0,0 +1,14 @@
{ config, ... }:
{
# TODO: this should only be shipped on gui platforms
sops.secrets."sublime_music_config" = {
owner = config.users.users.colin.name;
sopsFile = ../../../secrets/universal/sublime_music_config.json.bin;
format = "binary";
};
home-manager.users.colin = let sysconfig = config; in { config, ... }: {
# sublime music player
xdg.configFile."sublime-music/config.json".source =
config.lib.file.mkOutOfStoreSymlink sysconfig.sops.secrets.sublime_music_config.path;
};
}

17
modules/universal/home-manager/vlc.nix Normal file
View File

@@ -0,0 +1,17 @@
{ lib, ... }:
{
home-manager.users.colin.xdg.configFile."vlc/vlcrc".text =
let
feeds = import ./feeds.nix { inherit lib; };
podcastUrls = lib.strings.concatStringsSep "|" (
builtins.map (feed: feed.url) feeds.podcasts
);
in ''
[podcast]
podcast-urls=${podcastUrls}
[core]
metadata-network-access=0
[qt]
qt-privacy-ask=0
'';
}

61
modules/universal/home-manager/zsh.nix Normal file
View File

@@ -0,0 +1,61 @@
{ ... }:
{
# we don't need to full zsh dir -- just the history file --
# but zsh will sometimes backup the history file and we get fewer errors if we do proper mounts instead of symlinks.
sane.impermanence.home-dirs = [ ".local/share/zsh" ];
home-manager.users.colin.programs.zsh = {
enable = true;
enableSyntaxHighlighting = true;
enableVteIntegration = true;
history.ignorePatterns = [ "rm *" ];
dotDir = ".config/zsh";
history.path = "/home/colin/.local/share/zsh/history";
initExtraBeforeCompInit = ''
# p10k instant prompt
# run p10k configure to configure, but it can't write out its file :-(
POWERLEVEL9K_DISABLE_CONFIGURATION_WIZARD=true
'';
initExtra = ''
# zmv is a way to do rich moves/renames, with pattern matching/substitution.
# see for an example: <https://filipe.kiss.ink/zmv-zsh-rename/>
autoload -Uz zmv
# disable `rm *` confirmations
setopt rmstarsilent
function nd() {
mkdir -p "$1";
pushd "$1";
}
'';
# prezto = oh-my-zsh fork; controls prompt, auto-completion, etc.
# see: https://github.com/sorin-ionescu/prezto
prezto = {
enable = true;
pmodules = [
"environment"
"terminal"
"editor"
"history"
"directory"
"spectrum"
"utility"
"completion"
"prompt"
"git"
];
prompt.theme = "powerlevel10k";
utility.safeOps = false; # disable `mv` confirmation (and supposedly `rm`, too)
};
};
home-manager.users.colin.home.shellAliases = {
":q" = "exit";
# common typos
"cd.." = "cd ..";
"cd../" = "cd ../";
};
}

65
modules/universal/env/home-packages.nix → modules/universal/home-packages.nix
View File

@@ -6,8 +6,12 @@ let
cfg = config.sane.home-packages;
universalPkgs = [
backblaze-b2
cdrtools
duplicity
gnupg
gocryptfs
gopass
gopass-jsonapi
ifuse
ipfs
libimobiledevice
@@ -15,7 +19,6 @@ let
lm_sensors # for sensors-detect
lshw
ffmpeg
nb
networkmanager
nixpkgs-review
# nixos-generators
@@ -26,7 +29,6 @@ let
pulsemixer
python3
# python3Packages.eyeD3 # music tagging
rmlint
sane-scripts
sequoia
snapper
@@ -48,12 +50,13 @@ let
# GUI only
aerc # email client
audacity
celluloid # mpv frontend
chromium
clinfo
electrum
# creds/session keys, etc
{ pkg = element-desktop; dir = ".config/Element"; }
{ pkg = element-desktop; private = ".config/Element"; }
emote # TODO: package [smile](https://github.com/mijorus/smile) for probably a better mobile experience.
evince # works on phosh
@@ -62,7 +65,12 @@ let
foliate
font-manager
fractal-next
# XXX by default fractal stores its state in ~/.local/share/<UUID>.
# after logging in, manually change ~/.local/share/keyrings/... to point it to some predictable subdir.
# then reboot (so that libsecret daemon re-loads the keyring...?)
{ pkg = fractal-next; private = ".local/share/fractal"; }
gimp # broken on phosh
gnome.cheese
gnome.dconf-editor
@@ -71,7 +79,7 @@ let
gnome.gnome-disk-utility
gnome.gnome-maps # works on phosh
gnome.nautilus
gnome-podcasts
# gnome-podcasts
gnome.gnome-system-monitor
gnome.gnome-terminal # works on phosh
gnome.gnome-weather
@@ -79,6 +87,7 @@ let
{ pkg = gpodder-configured; dir = "gPodder/Downloads"; }
gthumb
handbrake
inkscape
kid3 # audio tagging
@@ -86,8 +95,14 @@ let
libreoffice-fresh # XXX colin: maybe don't want this on mobile
lollypop
mesa-demos
{ pkg = mpv; dir = ".config/mpv/watch_later"; }
networkmanagerapplet
# not strictly necessary, but allows caching articles; offline use, etc.
{ pkg = newsflash; dir = ".local/share/news-flash"; }
# settings (electron app). TODO: can i manage these settings with home-manager?
{ pkg = obsidian; dir = ".config/obsidian"; }
@@ -103,7 +118,7 @@ let
tdesktop # broken on phosh
# vlc remembers play position in ~/.config/vlc/vlc-qt-interface.conf
{ pkg = vlc; persist-files = [ ".config/vlc/vlc-qt-interface.conf" ]; }
{ pkg = vlc; dir = ".config/vlc"; }
whalebird # pleroma client. input is broken on phosh
xdg-utils # for xdg-open
@@ -120,8 +135,8 @@ let
nss = pkgs.nss_latest;
}); in { pkg = discord; dir = ".config/discord"; })
kaiteki # Pleroma client
gnome.zenity # for kaiteki (it will use qarma, kdialog, or zenity)
# kaiteki # Pleroma client
# gnome.zenity # for kaiteki (it will use qarma, kdialog, or zenity)
logseq
losslesscut-bin
@@ -144,16 +159,19 @@ let
] else []);
# useful devtools:
# bison
# dtc
# flex
# gcc
# gcc-arm-embedded
# gcc_multi
# gnumake
# mix2nix
# rustup
# swig
devPkgs = [
bison
dtc
flex
gcc
gdb
# gcc-arm-embedded
# gcc_multi
gnumake
mix2nix
rustup
swig
];
in
{
options = {
@@ -161,9 +179,18 @@ in
default = false;
type = types.bool;
};
sane.home-packages.enableDevPkgs = mkOption {
description = ''
enable packages that are useful for building other software by hand.
you should prefer to keep this disabled except when prototyping, e.g. packaging new software.
'';
default = false;
type = types.bool;
};
};
config = {
sane.home-manager.extraPackages = universalPkgs
++ (if cfg.enableGuiPkgs then guiPkgs else []);
++ (if cfg.enableGuiPkgs then guiPkgs else [])
++ (if cfg.enableDevPkgs then devPkgs else []);
};
}

11
modules/universal/machine-id.nix Normal file
View File

@@ -0,0 +1,11 @@
{ ... }:
{
# we wan't an /etc/machine-id which is consistent across boot so that `journalctl` will actually show us
# logs from previous boots.
# maybe there's a config option for this (since persistent machine-id is bad for reasons listed in impermanence.nix),
# but for now generate it from ssh keys.
system.activationScripts.machine-id = {
deps = [ "persist-ssh-host-keys" ];
text = "sha256sum /etc/ssh/host_keys/ssh_host_ed25519_key | cut -c 1-32 > /etc/machine-id";
};
}

14
modules/universal/net.nix
View File

@@ -18,10 +18,20 @@
# docs:
# - <https://nixos.wiki/wiki/Iwd>
# - <https://iwd.wiki.kernel.org/networkmanager>
# - `man iwd.config` for global config
# - `man iwd.network` for per-SSID config
# use `iwctl` to control
networking.wireless.iwd.enable = true;
networking.networkmanager.wifi.backend = "iwd";
networking.wireless.iwd.enable = true;
networking.wireless.iwd.settings = {
# auto-connect to a stronger network if signal drops below this value
# bedroom -> bedroom connection is -35 to -40 dBm
# bedroom -> living room connection is -60 dBm
General.RoamThreshold = "-52"; # default -70
General.RoamThreshold5G = "-52"; # default -76
};
# TODO: don't need to depend on binsh if we were to use a nix-style shebang
system.activationScripts.linkIwdKeys = let
unwrapped = ../../scripts/install-iwd;
install-iwd = pkgs.writeShellApplication {
@@ -30,7 +40,7 @@
text = ''${unwrapped} "$@"'';
};
in (lib.stringAfter
[ "setupSecrets" ]
[ "setupSecrets" "binsh" ]
''
mkdir -p /var/lib/iwd
${install-iwd}/bin/install-iwd /run/secrets/iwd /var/lib/iwd

34
modules/universal/pubkeys.nix Normal file
View File

@@ -0,0 +1,34 @@
# create ssh key by running:
# - `ssh-keygen -t ed25519`
let
withHost = host: key: "${host} ${key}";
withUser = user: key: "${key} ${user}";
keys = rec {
lappy = {
host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSJnqmVl9/SYQ0btvGb0REwwWY8wkdkGXQZfn/1geEc";
users.colin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDpmFdNSVPRol5hkbbCivRhyeENzb9HVyf9KutGLP2Zu";
};
desko = {
host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFw9NoRaYrM6LbDd3aFBc4yyBlxGQn8HjeHd/dZ3CfHk";
users.colin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPU5GlsSfbaarMvDA20bxpSZGWviEzXGD8gtrIowc1pX";
};
servo = {
host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfdSmFkrVT6DhpgvFeQKm3Fh9VKZ9DbLYOPOJWYQ0E8";
users.colin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPS1qFzKurAdB9blkWomq8gI1g0T3sTs9LsmFOj5VtqX";
};
moby = {
host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1N/IT3nQYUD+dBlU1sTEEVMxfOyMkrrDeyHcYgnJvw";
users.colin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICrR+gePnl0nV/vy7I5BzrGeyVL+9eOuXHU1yNE3uCwU";
};
"uninsane.org" = servo;
"git.uninsane.org" = servo;
};
in {
# map hostname -> something suitable for known_keys
hosts = builtins.mapAttrs (machine: keys: withHost machine keys.host) keys;
# map hostname -> something suitable for authorized_keys to allow access to colin@<hostname>
users = builtins.mapAttrs (machine: keys: withUser "colin@${machine}" keys.users.colin) keys;
}

4
modules/universal/secrets.nix
View File

@@ -35,9 +35,9 @@
sops.defaultSopsFile = ./../../secrets/universal.yaml;
# This will automatically import SSH keys as age keys
sops.age.sshKeyPaths = [
"/etc/ssh/ssh_host_ed25519_key"
# "/home/colin/.ssh/id_ed25519_dec"
"/etc/ssh/host_keys/ssh_host_ed25519_key"
];
sops.gnupg.sshKeyPaths = []; # disable RSA key import
# This is using an age key that is expected to already be in the filesystem
# sops.age.keyFile = "/home/colin/.ssh/age.pub";
# sops.age.keyFile = "/var/lib/sops-nix/key.txt";

21
modules/universal/ssh.nix Normal file
View File

@@ -0,0 +1,21 @@
{ ... }:
{
# we place the host keys (which we want to be persisted) into their own directory so that we can
# bind mount that whole directory instead of doing it per-file.
# otherwise, this is identical to nixos defaults
sane.impermanence.service-dirs = [ "/etc/ssh/host_keys" ];
# we can't naively `mount /etc/ssh/host_keys` directly,
# as /etc/fstab may not be populated yet (since that file depends on e.g. activationScripts.users)
# we can't even depend on impermanence's `createPersistentStorageDirs` to create the source/target directories
# since that also depends on `users`.
system.activationScripts.persist-ssh-host-keys.text = ''
mkdir -p /etc/ssh/host_keys
mount --bind /nix/persist/etc/ssh/host_keys /etc/ssh/host_keys
'';
services.openssh.hostKeys = [
{ type = "rsa"; bits = 4096; path = "/etc/ssh/host_keys/ssh_host_rsa_key"; }
{ type = "ed25519"; path = "/etc/ssh/host_keys/ssh_host_ed25519_key"; }
];
}

0
modules/universal/env/system-packages.nix → modules/universal/system-packages.nix
View File

36
modules/universal/users.nix
View File

@@ -43,20 +43,36 @@ in
"feedbackd"
"dialout" # required for modem access
];
# initial password is empty, in case anything goes wrong.
# if `colin-passwd` (a password hash) is successfully found/decrypted, that becomes the password at boot.
initialPassword = lib.mkDefault "";
passwordFile = lib.mkIf (config.sops.secrets ? "colin-passwd") config.sops.secrets.colin-passwd.path;
shell = pkgs.zsh;
# shell = pkgs.bashInteractive;
# XXX colin: create ssh key for THIS user by logging in and running:
# ssh-keygen -t ed25519
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDpmFdNSVPRol5hkbbCivRhyeENzb9HVyf9KutGLP2Zu colin@lappy"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPU5GlsSfbaarMvDA20bxpSZGWviEzXGD8gtrIowc1pX colin@desko"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPS1qFzKurAdB9blkWomq8gI1g0T3sTs9LsmFOj5VtqX colin@servo"
# moby doesn't need to login to any other devices yet
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICrR+gePnl0nV/vy7I5BzrGeyVL+9eOuXHU1yNE3uCwU colin@moby"
];
openssh.authorizedKeys.keys = builtins.attrValues (import ./pubkeys.nix).users;
pamMount = {
# mount encrypted stuff at login
# requires that login password == fs encryption password
# fstype = "fuse";
# path = "${pkgs.gocryptfs}/bin/gocryptfs#/nix/persist/home/colin/private";
fstype = "fuse.gocryptfs";
path = "/nix/persist/home/colin/private";
mountpoint = "/home/colin/private";
options="nodev,nosuid,quiet,allow_other";
};
};
sane.impermanence.home-dirs = [
# cache is probably too big to fit on the tmpfs
# TODO: we could bind-mount it to something which gets cleared per boot, though.
".cache"
".cargo"
".rustup"
".local/share/keyrings"
];
sane.impermanence.service-dirs = mkIf cfg.guest.enable [
{ user = "guest"; group = "users"; directory = "/home/guest"; }
];

302
nixpatches/04-dart-2.7.0.patch
View File

@@ -1,302 +0,0 @@
diff --git a/pkgs/development/compilers/flutter/default.nix b/pkgs/development/compilers/flutter/default.nix
index 9eba6773448..f51aeb8b624 100644
--- a/pkgs/development/compilers/flutter/default.nix
+++ b/pkgs/development/compilers/flutter/default.nix
@@ -4,20 +4,20 @@ let
getPatches = dir:
let files = builtins.attrNames (builtins.readDir dir);
in map (f: dir + ("/" + f)) files;
- version = "2.10.1";
+ version = "3.0.0";
channel = "stable";
filename = "flutter_linux_${version}-${channel}.tar.xz";
# Decouples flutter derivation from dart derivation,
# use specific dart version to not need to bump dart derivation when bumping flutter.
- dartVersion = "2.16.1";
+ dartVersion = "2.17.0";
dartSourceBase = "https://storage.googleapis.com/dart-archive/channels";
dartForFlutter = dart.override {
version = dartVersion;
sources = {
"${dartVersion}-x86_64-linux" = fetchurl {
url = "${dartSourceBase}/stable/release/${dartVersion}/sdk/dartsdk-linux-x64-release.zip";
- sha256 = "sha256-PMY6DCFQC8XrlnFzOEPcwgBAs5/cAvNd78969Z+I1Fk=";
+ sha256 = "57b8fd964e47c81d467aeb95b099a670ab7e8f54a1cd74d45bcd1fdc77913d86";
};
};
};
@@ -29,7 +29,7 @@ in {
pname = "flutter";
src = fetchurl {
url = "https://storage.googleapis.com/flutter_infra_release/releases/${channel}/linux/${filename}";
- sha256 = "sha256-rSfwcglDV2rvJl10j7FByAWmghd2FYxrlkgYnvRO54Y=";
+ sha256 = "e96d75ec8e7dc2a46bc8dad5a9e01c391ab9310ad01c4e3940c963dd263788a0";
};
patches = getPatches ./patches;
};
diff --git a/pkgs/development/compilers/flutter/flutter.nix b/pkgs/development/compilers/flutter/flutter.nix
index 43538ede339..ece25c14b55 100644
--- a/pkgs/development/compilers/flutter/flutter.nix
+++ b/pkgs/development/compilers/flutter/flutter.nix
@@ -56,12 +56,15 @@ let
export STAMP_PATH="$FLUTTER_ROOT/bin/cache/flutter_tools.stamp"
export DART_SDK_PATH="${dart}"
+ export DART="${dart}/bin/dart"
HOME=../.. # required for pub upgrade --offline, ~/.pub-cache
# path is relative otherwise it's replaced by /build/flutter
+ # mkdir -p "$HOME/.cache"
+ # ln -sf "$FLUTTER_ROOT" "$HOME/.cache/flutter"
pushd "$FLUTTER_TOOLS_DIR"
- ${dart}/bin/pub get --offline
+ ${dart}/bin/dart pub get --offline
popd
local revision="$(cd "$FLUTTER_ROOT"; git rev-parse HEAD)"
diff --git a/pkgs/development/compilers/flutter/patches/git-dir.patch b/pkgs/development/compilers/flutter/patches/git-dir.patch
new file mode 100644
index 00000000000..0c736f945ea
--- /dev/null
+++ b/pkgs/development/compilers/flutter/patches/git-dir.patch
@@ -0,0 +1,102 @@
+diff --git a/dev/bots/prepare_package.dart b/dev/bots/prepare_package.dart
+index 468a91a954..5def6897ce 100644
+--- a/dev/bots/prepare_package.dart
++++ b/dev/bots/prepare_package.dart
+@@ -525,7 +525,7 @@ class ArchiveCreator {
+
+ Future<String> _runGit(List<String> args, {Directory? workingDirectory}) {
+ return _processRunner.runProcess(
+- <String>['git', ...args],
++ <String>['git', '--git-dir', '.git', ...args],
+ workingDirectory: workingDirectory ?? flutterRoot,
+ );
+ }
+diff --git a/packages/flutter_tools/lib/src/commands/downgrade.dart b/packages/flutter_tools/lib/src/commands/downgrade.dart
+index bb0eb428a9..4a2a48bb5e 100644
+--- a/packages/flutter_tools/lib/src/commands/downgrade.dart
++++ b/packages/flutter_tools/lib/src/commands/downgrade.dart
+@@ -118,7 +118,7 @@ class DowngradeCommand extends FlutterCommand {
+ // Detect unknown versions.
+ final ProcessUtils processUtils = _processUtils!;
+ final RunResult parseResult = await processUtils.run(<String>[
+- 'git', 'describe', '--tags', lastFlutterVersion,
++ 'git', '--git-dir', '.git', 'describe', '--tags', lastFlutterVersion,
+ ], workingDirectory: workingDirectory);
+ if (parseResult.exitCode != 0) {
+ throwToolExit('Failed to parse version for downgrade:\n${parseResult.stderr}');
+@@ -191,7 +191,7 @@ class DowngradeCommand extends FlutterCommand {
+ continue;
+ }
+ final RunResult parseResult = await _processUtils!.run(<String>[
+- 'git', 'describe', '--tags', sha,
++ 'git', '--git-dir', '.git', 'describe', '--tags', sha,
+ ], workingDirectory: workingDirectory);
+ if (parseResult.exitCode == 0) {
+ buffer.writeln('Channel "${getNameForChannel(channel)}" was previously on: ${parseResult.stdout}.');
+diff --git a/packages/flutter_tools/lib/src/version.dart b/packages/flutter_tools/lib/src/version.dart
+index f2068a6ca2..99b161689e 100644
+--- a/packages/flutter_tools/lib/src/version.dart
++++ b/packages/flutter_tools/lib/src/version.dart
+@@ -106,7 +106,7 @@ class FlutterVersion {
+ String? channel = _channel;
+ if (channel == null) {
+ final String gitChannel = _runGit(
+- 'git rev-parse --abbrev-ref --symbolic @{u}',
++ 'git --git-dir .git rev-parse --abbrev-ref --symbolic @{u}',
+ globals.processUtils,
+ _workingDirectory,
+ );
+@@ -114,7 +114,7 @@ class FlutterVersion {
+ if (slash != -1) {
+ final String remote = gitChannel.substring(0, slash);
+ _repositoryUrl = _runGit(
+- 'git ls-remote --get-url $remote',
++ 'git --git-dir .git ls-remote --get-url $remote',
+ globals.processUtils,
+ _workingDirectory,
+ );
+@@ -326,7 +326,7 @@ class FlutterVersion {
+ /// the branch name will be returned as `'[user-branch]'`.
+ String getBranchName({ bool redactUnknownBranches = false }) {
+ _branch ??= () {
+- final String branch = _runGit('git rev-parse --abbrev-ref HEAD', globals.processUtils);
++ final String branch = _runGit('git --git-dir .git rev-parse --abbrev-ref HEAD', globals.processUtils);
+ return branch == 'HEAD' ? channel : branch;
+ }();
+ if (redactUnknownBranches || _branch!.isEmpty) {
+@@ -359,7 +359,7 @@ class FlutterVersion {
+ /// wrapper that does that.
+ @visibleForTesting
+ static List<String> gitLog(List<String> args) {
+- return <String>['git', '-c', 'log.showSignature=false', 'log'] + args;
++ return <String>['git', '-c', 'log.showSignature=false', '--git-dir', '.git', 'log'] + args;
+ }
+
+ /// Gets the release date of the latest available Flutter version.
+@@ -730,7 +730,7 @@ class GitTagVersion {
+
+ static GitTagVersion determine(ProcessUtils processUtils, {String? workingDirectory, bool fetchTags = false, String gitRef = 'HEAD'}) {
+ if (fetchTags) {
+- final String channel = _runGit('git rev-parse --abbrev-ref HEAD', processUtils, workingDirectory);
++ final String channel = _runGit('git --git-dir .git rev-parse --abbrev-ref HEAD', processUtils, workingDirectory);
+ if (channel == 'dev' || channel == 'beta' || channel == 'stable') {
+ globals.printTrace('Skipping request to fetchTags - on well known channel $channel.');
+ } else {
+@@ -739,7 +739,7 @@ class GitTagVersion {
+ }
+ // find all tags attached to the given [gitRef]
+ final List<String> tags = _runGit(
+- 'git tag --points-at $gitRef', processUtils, workingDirectory).trim().split('\n');
++ 'git --git-dir .git tag --points-at $gitRef', processUtils, workingDirectory).trim().split('\n');
+
+ // Check first for a stable tag
+ final RegExp stableTagPattern = RegExp(r'^\d+\.\d+\.\d+$');
+@@ -760,7 +760,7 @@ class GitTagVersion {
+ // recent tag and number of commits past.
+ return parse(
+ _runGit(
+- 'git describe --match *.*.* --long --tags $gitRef',
++ 'git --git-dir .git describe --match *.*.* --long --tags $gitRef',
+ processUtils,
+ workingDirectory,
+ )
diff --git a/pkgs/development/compilers/flutter/patches/revert-frontend_server_cache.patch b/pkgs/development/compilers/flutter/patches/revert-frontend_server_cache.patch
new file mode 100644
index 00000000000..f68029eb7a1
--- /dev/null
+++ b/pkgs/development/compilers/flutter/patches/revert-frontend_server_cache.patch
@@ -0,0 +1,130 @@
+diff --git a/packages/flutter_tools/lib/src/artifacts.dart b/packages/flutter_tools/lib/src/artifacts.dart
+index 2aac9686e8..32c4b98b88 100644
+--- a/packages/flutter_tools/lib/src/artifacts.dart
++++ b/packages/flutter_tools/lib/src/artifacts.dart
+@@ -346,10 +346,10 @@ class CachedArtifacts implements Artifacts {
+ ) {
+ switch (artifact) {
+ case HostArtifact.engineDartSdkPath:
+- final String path = _dartSdkPath(_cache);
++ final String path = _dartSdkPath(_fileSystem);
+ return _fileSystem.directory(path);
+ case HostArtifact.engineDartBinary:
+- final String path = _fileSystem.path.join(_dartSdkPath(_cache), 'bin', _hostArtifactToFileName(artifact, _platform.isWindows));
++ final String path = _fileSystem.path.join(_dartSdkPath(_fileSystem), 'bin', _hostArtifactToFileName(artifact, _platform.isWindows));
+ return _fileSystem.file(path);
+ case HostArtifact.flutterWebSdk:
+ final String path = _getFlutterWebSdkPath();
+@@ -398,7 +398,7 @@ class CachedArtifacts implements Artifacts {
+ case HostArtifact.dart2jsSnapshot:
+ case HostArtifact.dartdevcSnapshot:
+ case HostArtifact.kernelWorkerSnapshot:
+- final String path = _fileSystem.path.join(_dartSdkPath(_cache), 'bin', 'snapshots', _hostArtifactToFileName(artifact, _platform.isWindows));
++ final String path = _fileSystem.path.join(_dartSdkPath(_fileSystem), 'bin', 'snapshots', _hostArtifactToFileName(artifact, _platform.isWindows));
+ return _fileSystem.file(path);
+ case HostArtifact.iosDeploy:
+ final String artifactFileName = _hostArtifactToFileName(artifact, _platform.isWindows);
+@@ -461,11 +461,13 @@ class CachedArtifacts implements Artifacts {
+ String _getAndroidArtifactPath(Artifact artifact, TargetPlatform platform, BuildMode mode) {
+ final String engineDir = _getEngineArtifactsPath(platform, mode)!;
+ switch (artifact) {
++ case Artifact.frontendServerSnapshotForEngineDartSdk:
++ assert(mode != BuildMode.debug, 'Artifact $artifact only available in non-debug mode.');
++ return _fileSystem.path.join(engineDir, _artifactToFileName(artifact));
+ case Artifact.genSnapshot:
+ assert(mode != BuildMode.debug, 'Artifact $artifact only available in non-debug mode.');
+ final String hostPlatform = getNameForHostPlatform(getCurrentHostPlatform());
+ return _fileSystem.path.join(engineDir, hostPlatform, _artifactToFileName(artifact));
+- case Artifact.frontendServerSnapshotForEngineDartSdk:
+ case Artifact.constFinder:
+ case Artifact.flutterFramework:
+ case Artifact.flutterMacOSFramework:
+@@ -497,13 +499,13 @@ class CachedArtifacts implements Artifacts {
+ switch (artifact) {
+ case Artifact.genSnapshot:
+ case Artifact.flutterXcframework:
++ case Artifact.frontendServerSnapshotForEngineDartSdk:
+ final String artifactFileName = _artifactToFileName(artifact)!;
+ final String engineDir = _getEngineArtifactsPath(platform, mode)!;
+ return _fileSystem.path.join(engineDir, artifactFileName);
+ case Artifact.flutterFramework:
+ final String engineDir = _getEngineArtifactsPath(platform, mode)!;
+ return _getIosEngineArtifactPath(engineDir, environmentType, _fileSystem);
+- case Artifact.frontendServerSnapshotForEngineDartSdk:
+ case Artifact.constFinder:
+ case Artifact.flutterMacOSFramework:
+ case Artifact.flutterMacOSPodspec:
+@@ -594,14 +596,10 @@ class CachedArtifacts implements Artifacts {
+ // For script snapshots any gen_snapshot binary will do. Returning gen_snapshot for
+ // android_arm in profile mode because it is available on all supported host platforms.
+ return _getAndroidArtifactPath(artifact, TargetPlatform.android_arm, BuildMode.profile);
+- case Artifact.frontendServerSnapshotForEngineDartSdk:
+- return _fileSystem.path.join(
+- _dartSdkPath(_cache), 'bin', 'snapshots',
+- _artifactToFileName(artifact),
+- );
+ case Artifact.flutterTester:
+ case Artifact.vmSnapshotData:
+ case Artifact.isolateSnapshotData:
++ case Artifact.frontendServerSnapshotForEngineDartSdk:
+ case Artifact.icuData:
+ final String engineArtifactsPath = _cache.getArtifactDirectory('engine').path;
+ final String platformDirName = _enginePlatformDirectoryName(platform);
+@@ -797,7 +795,7 @@ class CachedLocalEngineArtifacts implements LocalEngineArtifacts {
+ final String path = _fileSystem.path.join(_hostEngineOutPath, 'dart-sdk', 'bin', 'snapshots', _hostArtifactToFileName(artifact, _platform.isWindows));
+ return _fileSystem.file(path);
+ case HostArtifact.dartdevcSnapshot:
+- final String path = _fileSystem.path.join(_dartSdkPath(_cache), 'bin', 'snapshots', _hostArtifactToFileName(artifact, _platform.isWindows));
++ final String path = _fileSystem.path.join(_dartSdkPath(_fileSystem), 'bin', 'snapshots', _hostArtifactToFileName(artifact, _platform.isWindows));
+ return _fileSystem.file(path);
+ case HostArtifact.kernelWorkerSnapshot:
+ final String path = _fileSystem.path.join(_hostEngineOutPath, 'dart-sdk', 'bin', 'snapshots', _hostArtifactToFileName(artifact, _platform.isWindows));
+@@ -922,9 +920,7 @@ class CachedLocalEngineArtifacts implements LocalEngineArtifacts {
+ case Artifact.windowsUwpCppClientWrapper:
+ return _fileSystem.path.join(_hostEngineOutPath, artifactFileName);
+ case Artifact.frontendServerSnapshotForEngineDartSdk:
+- return _fileSystem.path.join(
+- _hostEngineOutPath, 'dart-sdk', 'bin', 'snapshots', artifactFileName,
+- );
++ return _fileSystem.path.join(_hostEngineOutPath, 'gen', artifactFileName);
+ case Artifact.uwptool:
+ return _fileSystem.path.join(_hostEngineOutPath, artifactFileName);
+ }
+@@ -1034,8 +1030,8 @@ class OverrideArtifacts implements Artifacts {
+ }
+
+ /// Locate the Dart SDK.
+-String _dartSdkPath(Cache cache) {
+- return cache.getRoot().childDirectory('dart-sdk').path;
++String _dartSdkPath(FileSystem fileSystem) {
++ return fileSystem.path.join(Cache.flutterRoot!, 'bin', 'cache', 'dart-sdk');
+ }
+
+ class _TestArtifacts implements Artifacts {
+diff --git a/packages/flutter_tools/test/general.shard/artifacts_test.dart b/packages/flutter_tools/test/general.shard/artifacts_test.dart
+index d906511a15..adfdd4bb42 100644
+--- a/packages/flutter_tools/test/general.shard/artifacts_test.dart
++++ b/packages/flutter_tools/test/general.shard/artifacts_test.dart
+@@ -153,10 +153,6 @@ void main() {
+ artifacts.getArtifactPath(Artifact.windowsUwpDesktopPath, platform: TargetPlatform.windows_uwp_x64, mode: BuildMode.release),
+ fileSystem.path.join('root', 'bin', 'cache', 'artifacts', 'engine', 'windows-uwp-x64-release'),
+ );
+- expect(
+- artifacts.getArtifactPath(Artifact.frontendServerSnapshotForEngineDartSdk),
+- fileSystem.path.join('root', 'bin', 'cache', 'dart-sdk', 'bin', 'snapshots', 'frontend_server.dart.snapshot')
+- );
+ });
+
+ testWithoutContext('precompiled web artifact paths are correct', () {
+@@ -322,11 +318,6 @@ void main() {
+ artifacts.getHostArtifact(HostArtifact.engineDartSdkPath).path,
+ fileSystem.path.join('/out', 'host_debug_unopt', 'dart-sdk'),
+ );
+- expect(
+- artifacts.getArtifactPath(Artifact.frontendServerSnapshotForEngineDartSdk),
+- fileSystem.path.join('/out', 'host_debug_unopt', 'dart-sdk', 'bin',
+- 'snapshots', 'frontend_server.dart.snapshot')
+- );
+ });
+
+ testWithoutContext('getEngineType', () {

646
nixpatches/11-flutter-3.3.3-189338.patch
View File

@@ -1,646 +0,0 @@
diff --git a/pkgs/applications/networking/instant-messengers/fluffychat/default.nix b/pkgs/applications/networking/instant-messengers/fluffychat/default.nix
index d50e7118cc1..22bbeb212f0 100644
--- a/pkgs/applications/networking/instant-messengers/fluffychat/default.nix
+++ b/pkgs/applications/networking/instant-messengers/fluffychat/default.nix
@@ -1,16 +1,16 @@
{ lib
, fetchFromGitLab
-, flutter
+, flutter2
, olm
, imagemagick
, makeDesktopItem
}:
-flutter.mkFlutterApp rec {
+flutter2.mkFlutterApp rec {
pname = "fluffychat";
version = "1.2.0";
- vendorHash = "sha256-co+bnsVIyg42JpM9FimfGEjrd6A99GlBeow1Dgv7NBI=";
+ vendorHash = "sha256-1PDX023WXRmRe/b1L+6Du91BvGwYNp3YATqYSQdPrRY=";
src = fetchFromGitLab {
owner = "famedly";
diff --git a/pkgs/development/compilers/flutter/default.nix b/pkgs/development/compilers/flutter/default.nix
index 4529d2adc1a..02188335129 100644
--- a/pkgs/development/compilers/flutter/default.nix
+++ b/pkgs/development/compilers/flutter/default.nix
@@ -4,34 +4,40 @@ let
getPatches = dir:
let files = builtins.attrNames (builtins.readDir dir);
in map (f: dir + ("/" + f)) files;
- version = "3.0.4";
- channel = "stable";
- filename = "flutter_linux_${version}-${channel}.tar.xz";
-
- # Decouples flutter derivation from dart derivation,
- # use specific dart version to not need to bump dart derivation when bumping flutter.
- dartVersion = "2.17.5";
- dartSourceBase = "https://storage.googleapis.com/dart-archive/channels";
- dartForFlutter = dart.override {
- version = dartVersion;
- sources = {
- "${dartVersion}-x86_64-linux" = fetchurl {
- url = "${dartSourceBase}/stable/release/${dartVersion}/sdk/dartsdk-linux-x64-release.zip";
- sha256 = "sha256-AFJGeiPsjUZSO+DykmOIFETg2jIohg62tp3ghZrKJFk=";
+ flutterDrv = { version, pname, dartVersion, hash, dartHash, patches }: mkFlutter {
+ inherit version pname patches;
+ dart = dart.override {
+ version = dartVersion;
+ sources = {
+ "${dartVersion}-x86_64-linux" = fetchurl {
+ url = "https://storage.googleapis.com/dart-archive/channels/stable/release/${dartVersion}/sdk/dartsdk-linux-x64-release.zip";
+ sha256 = dartHash;
+ };
};
};
+ src = fetchurl {
+ url = "https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_${version}-stable.tar.xz";
+ sha256 = hash;
+ };
};
in
{
inherit mkFlutter;
- stable = mkFlutter rec {
- inherit version;
- dart = dartForFlutter;
+ stable = flutterDrv {
pname = "flutter";
- src = fetchurl {
- url = "https://storage.googleapis.com/flutter_infra_release/releases/${channel}/linux/${filename}";
- sha256 = "sha256-vh3QjLGFBN321DUET9XhYqSkILjEj+ZqAALu/mxY+go=";
- };
- patches = getPatches ./patches;
+ version = "3.3.3";
+ dartVersion = "2.18.2";
+ hash = "sha256-MTZeWQUp4/TcPzYIT6eqIKSPUPvn2Mp/thOQzNgpTXg=";
+ dartHash = "sha256-C3+YjecXLvSmJrLwi9H7TgD9Np0AArRWx3EdBrfQpTU";
+ patches = getPatches ./patches/flutter3;
+ };
+
+ v2 = flutterDrv {
+ pname = "flutter";
+ version = "2.10.5";
+ dartVersion = "2.16.2";
+ hash = "sha256-DTZwxlMUYk8NS1SaWUJolXjD+JnRW73Ps5CdRHDGnt0=";
+ dartHash = "sha256-egrYd7B4XhkBiHPIFE2zopxKtQ58GqlogAKA/UeiXnI=";
+ patches = getPatches ./patches/flutter2;
};
}
diff --git a/pkgs/development/compilers/flutter/flutter.nix b/pkgs/development/compilers/flutter/flutter.nix
index 28a78c3e306..f2c861356ab 100644
--- a/pkgs/development/compilers/flutter/flutter.nix
+++ b/pkgs/development/compilers/flutter/flutter.nix
@@ -65,7 +65,7 @@ let
popd
local revision="$(cd "$FLUTTER_ROOT"; git rev-parse HEAD)"
- ${dart}/bin/dart --snapshot="$SNAPSHOT_PATH" --packages="$FLUTTER_TOOLS_DIR/.packages" "$SCRIPT_PATH"
+ ${dart}/bin/dart --snapshot="$SNAPSHOT_PATH" --packages="$FLUTTER_TOOLS_DIR/.dart_tool/package_config.json" "$SCRIPT_PATH"
echo "$revision" > "$STAMP_PATH"
echo -n "${version}" > version
diff --git a/pkgs/development/compilers/flutter/patches/disable-auto-update.patch b/pkgs/development/compilers/flutter/patches/flutter2/disable-auto-update.patch
similarity index 100%
rename from pkgs/development/compilers/flutter/patches/disable-auto-update.patch
rename to pkgs/development/compilers/flutter/patches/flutter2/disable-auto-update.patch
diff --git a/pkgs/development/compilers/flutter/patches/flutter2/git-dir.patch b/pkgs/development/compilers/flutter/patches/flutter2/git-dir.patch
new file mode 100644
index 00000000000..0136ef93106
--- /dev/null
+++ b/pkgs/development/compilers/flutter/patches/flutter2/git-dir.patch
@@ -0,0 +1,80 @@
+diff --git a/dev/bots/prepare_package.dart b/dev/bots/prepare_package.dart
+index 468a91a954..5def6897ce 100644
+--- a/dev/bots/prepare_package.dart
++++ b/dev/bots/prepare_package.dart
+@@ -525,7 +525,7 @@ class ArchiveCreator {
+
+ Future<String> _runGit(List<String> args, {Directory? workingDirectory}) {
+ return _processRunner.runProcess(
+- <String>['git', ...args],
++ <String>['git', '--git-dir', '.git', ...args],
+ workingDirectory: workingDirectory ?? flutterRoot,
+ );
+ }
+diff --git a/packages/flutter_tools/lib/src/version.dart b/packages/flutter_tools/lib/src/version.dart
+index f2068a6ca2..99b161689e 100644
+--- a/packages/flutter_tools/lib/src/version.dart
++++ b/packages/flutter_tools/lib/src/version.dart
+@@ -106,7 +106,7 @@ class FlutterVersion {
+ String? channel = _channel;
+ if (channel == null) {
+ final String gitChannel = _runGit(
+- 'git rev-parse --abbrev-ref --symbolic @{u}',
++ 'git --git-dir .git rev-parse --abbrev-ref --symbolic @{u}',
+ globals.processUtils,
+ _workingDirectory,
+ );
+@@ -114,7 +114,7 @@ class FlutterVersion {
+ if (slash != -1) {
+ final String remote = gitChannel.substring(0, slash);
+ _repositoryUrl = _runGit(
+- 'git ls-remote --get-url $remote',
++ 'git --git-dir .git ls-remote --get-url $remote',
+ globals.processUtils,
+ _workingDirectory,
+ );
+@@ -326,7 +326,7 @@ class FlutterVersion {
+ /// the branch name will be returned as `'[user-branch]'`.
+ String getBranchName({ bool redactUnknownBranches = false }) {
+ _branch ??= () {
+- final String branch = _runGit('git rev-parse --abbrev-ref HEAD', globals.processUtils);
++ final String branch = _runGit('git --git-dir .git rev-parse --abbrev-ref HEAD', globals.processUtils);
+ return branch == 'HEAD' ? channel : branch;
+ }();
+ if (redactUnknownBranches || _branch!.isEmpty) {
+@@ -359,7 +359,7 @@ class FlutterVersion {
+ /// wrapper that does that.
+ @visibleForTesting
+ static List<String> gitLog(List<String> args) {
+- return <String>['git', '-c', 'log.showSignature=false', 'log'] + args;
++ return <String>['git', '-c', 'log.showSignature=false', '--git-dir', '.git', 'log'] + args;
+ }
+
+ /// Gets the release date of the latest available Flutter version.
+@@ -730,7 +730,7 @@ class GitTagVersion {
+
+ static GitTagVersion determine(ProcessUtils processUtils, {String? workingDirectory, bool fetchTags = false, String gitRef = 'HEAD'}) {
+ if (fetchTags) {
+- final String channel = _runGit('git rev-parse --abbrev-ref HEAD', processUtils, workingDirectory);
++ final String channel = _runGit('git --git-dir .git rev-parse --abbrev-ref HEAD', processUtils, workingDirectory);
+ if (channel == 'dev' || channel == 'beta' || channel == 'stable') {
+ globals.printTrace('Skipping request to fetchTags - on well known channel $channel.');
+ } else {
+@@ -739,7 +739,7 @@ class GitTagVersion {
+ }
+ // find all tags attached to the given [gitRef]
+ final List<String> tags = _runGit(
+- 'git tag --points-at $gitRef', processUtils, workingDirectory).trim().split('\n');
++ 'git --git-dir .git tag --points-at $gitRef', processUtils, workingDirectory).trim().split('\n');
+
+ // Check first for a stable tag
+ final RegExp stableTagPattern = RegExp(r'^\d+\.\d+\.\d+$');
+@@ -760,7 +760,7 @@ class GitTagVersion {
+ // recent tag and number of commits past.
+ return parse(
+ _runGit(
+- 'git describe --match *.*.* --long --tags $gitRef',
++ 'git --git-dir .git describe --match *.*.* --long --tags $gitRef',
+ processUtils,
+ workingDirectory,
+ )
diff --git a/pkgs/development/compilers/flutter/patches/flutter2/move-cache.patch b/pkgs/development/compilers/flutter/patches/flutter2/move-cache.patch
new file mode 100644
index 00000000000..a81d2def242
--- /dev/null
+++ b/pkgs/development/compilers/flutter/patches/flutter2/move-cache.patch
@@ -0,0 +1,72 @@
+diff --git a/packages/flutter_tools/lib/src/asset.dart b/packages/flutter_tools/lib/src/asset.dart
+index ed42baea29..12941f733a 100644
+--- a/packages/flutter_tools/lib/src/asset.dart
++++ b/packages/flutter_tools/lib/src/asset.dart
+@@ -11,11 +11,11 @@ import 'base/file_system.dart';
+ import 'base/logger.dart';
+ import 'base/platform.dart';
+ import 'build_info.dart';
+-import 'cache.dart';
+ import 'convert.dart';
+ import 'dart/package_map.dart';
+ import 'devfs.dart';
+ import 'flutter_manifest.dart';
++import 'globals.dart' as globals;
+ import 'license_collector.dart';
+ import 'project.dart';
+
+@@ -504,7 +504,7 @@ class ManifestAssetBundle implements AssetBundle {
+ }
+ final Uri entryUri = _fileSystem.path.toUri(asset);
+ result.add(_Asset(
+- baseDir: _fileSystem.path.join(Cache.flutterRoot!, 'bin', 'cache', 'artifacts', 'material_fonts'),
++ baseDir: _fileSystem.path.join(globals.fsUtils.homeDirPath!, '.cache', 'flutter', 'artifacts', 'material_fonts'),
+ relativeUri: Uri(path: entryUri.pathSegments.last),
+ entryUri: entryUri,
+ package: null,
+diff --git a/packages/flutter_tools/lib/src/cache.dart b/packages/flutter_tools/lib/src/cache.dart
+index defc86cc20..7fdf14d112 100644
+--- a/packages/flutter_tools/lib/src/cache.dart
++++ b/packages/flutter_tools/lib/src/cache.dart
+@@ -22,6 +22,7 @@ import 'base/user_messages.dart';
+ import 'build_info.dart';
+ import 'convert.dart';
+ import 'features.dart';
++import 'globals.dart' as globals;
+
+ const String kFlutterRootEnvironmentVariableName = 'FLUTTER_ROOT'; // should point to //flutter/ (root of flutter/flutter repo)
+ const String kFlutterEngineEnvironmentVariableName = 'FLUTTER_ENGINE'; // should point to //engine/src/ (root of flutter/engine repo)
+@@ -322,8 +323,13 @@ class Cache {
+ return;
+ }
+ assert(_lock == null);
++ final Directory dir = _fileSystem.directory(_fileSystem.path.join(globals.fsUtils.homeDirPath!, '.cache', 'flutter'));
++ if (!dir.existsSync()) {
++ dir.createSync(recursive: true);
++ globals.os.chmod(dir, '755');
++ }
+ final File lockFile =
+- _fileSystem.file(_fileSystem.path.join(flutterRoot!, 'bin', 'cache', 'lockfile'));
++ _fileSystem.file(_fileSystem.path.join(globals.fsUtils.homeDirPath!, '.cache', 'flutter', 'lockfile'));
+ try {
+ _lock = lockFile.openSync(mode: FileMode.write);
+ } on FileSystemException catch (e) {
+@@ -382,8 +388,7 @@ class Cache {
+
+ String get devToolsVersion {
+ if (_devToolsVersion == null) {
+- const String devToolsDirPath = 'dart-sdk/bin/resources/devtools';
+- final Directory devToolsDir = getCacheDir(devToolsDirPath, shouldCreate: false);
++ final Directory devToolsDir = _fileSystem.directory(_fileSystem.path.join(flutterRoot!, 'bin/cache/dart-sdk/bin/resources/devtools'));
+ if (!devToolsDir.existsSync()) {
+ throw Exception('Could not find directory at ${devToolsDir.path}');
+ }
+@@ -536,7 +541,7 @@ class Cache {
+ if (_rootOverride != null) {
+ return _fileSystem.directory(_fileSystem.path.join(_rootOverride!.path, 'bin', 'cache'));
+ } else {
+- return _fileSystem.directory(_fileSystem.path.join(flutterRoot!, 'bin', 'cache'));
++ return _fileSystem.directory(_fileSystem.path.join(globals.fsUtils.homeDirPath!, '.cache', 'flutter'));
+ }
+ }
+
diff --git a/pkgs/development/compilers/flutter/patches/flutter3/disable-auto-update.patch b/pkgs/development/compilers/flutter/patches/flutter3/disable-auto-update.patch
new file mode 100644
index 00000000000..21b676a2af3
--- /dev/null
+++ b/pkgs/development/compilers/flutter/patches/flutter3/disable-auto-update.patch
@@ -0,0 +1,36 @@
+diff --git a/bin/internal/shared.sh b/bin/internal/shared.sh
+index ab746724e9..1087983c87 100644
+--- a/bin/internal/shared.sh
++++ b/bin/internal/shared.sh
+@@ -215,8 +215,6 @@ function shared::execute() {
+ exit 1
+ fi
+
+- upgrade_flutter 7< "$PROG_NAME"
+-
+ BIN_NAME="$(basename "$PROG_NAME")"
+ case "$BIN_NAME" in
+ flutter*)
+diff --git a/packages/flutter_tools/lib/src/runner/flutter_command_runner.dart b/packages/flutter_tools/lib/src/runner/flutter_command_runner.dart
+index 738fef987d..03a152e64f 100644
+--- a/packages/flutter_tools/lib/src/runner/flutter_command_runner.dart
++++ b/packages/flutter_tools/lib/src/runner/flutter_command_runner.dart
+@@ -241,7 +241,6 @@ class FlutterCommandRunner extends CommandRunner<void> {
+ globals.flutterUsage.suppressAnalytics = true;
+ }
+
+- globals.flutterVersion.ensureVersionFile();
+ final bool machineFlag = topLevelResults['machine'] as bool? ?? false;
+ final bool ci = await globals.botDetector.isRunningOnBot;
+ final bool redirectedCompletion = !globals.stdio.hasTerminal &&
+@@ -250,10 +249,6 @@ class FlutterCommandRunner extends CommandRunner<void> {
+ final bool versionCheckFlag = topLevelResults['version-check'] as bool? ?? false;
+ final bool explicitVersionCheckPassed = topLevelResults.wasParsed('version-check') && versionCheckFlag;
+
+- if (topLevelResults.command?.name != 'upgrade' &&
+- (explicitVersionCheckPassed || (versionCheckFlag && !isMachine))) {
+- await globals.flutterVersion.checkFlutterVersionFreshness();
+- }
+
+ // See if the user specified a specific device.
+ globals.deviceManager?.specifiedDeviceId = topLevelResults['device-id'] as String?;
diff --git a/pkgs/development/compilers/flutter/patches/git-dir.patch b/pkgs/development/compilers/flutter/patches/flutter3/git-dir.patch
similarity index 86%
rename from pkgs/development/compilers/flutter/patches/git-dir.patch
rename to pkgs/development/compilers/flutter/patches/flutter3/git-dir.patch
index 0c736f945ea..42ad756f8ea 100644
--- a/pkgs/development/compilers/flutter/patches/git-dir.patch
+++ b/pkgs/development/compilers/flutter/patches/flutter3/git-dir.patch
@@ -1,8 +1,8 @@
diff --git a/dev/bots/prepare_package.dart b/dev/bots/prepare_package.dart
-index 468a91a954..5def6897ce 100644
+index 8e4cb81340..2c20940423 100644
--- a/dev/bots/prepare_package.dart
+++ b/dev/bots/prepare_package.dart
-@@ -525,7 +525,7 @@ class ArchiveCreator {
+@@ -526,7 +526,7 @@ class ArchiveCreator {
Future<String> _runGit(List<String> args, {Directory? workingDirectory}) {
return _processRunner.runProcess(
@@ -12,7 +12,7 @@ index 468a91a954..5def6897ce 100644
);
}
diff --git a/packages/flutter_tools/lib/src/commands/downgrade.dart b/packages/flutter_tools/lib/src/commands/downgrade.dart
-index bb0eb428a9..4a2a48bb5e 100644
+index 666c190067..b6c3761f6f 100644
--- a/packages/flutter_tools/lib/src/commands/downgrade.dart
+++ b/packages/flutter_tools/lib/src/commands/downgrade.dart
@@ -118,7 +118,7 @@ class DowngradeCommand extends FlutterCommand {
@@ -34,19 +34,19 @@ index bb0eb428a9..4a2a48bb5e 100644
if (parseResult.exitCode == 0) {
buffer.writeln('Channel "${getNameForChannel(channel)}" was previously on: ${parseResult.stdout}.');
diff --git a/packages/flutter_tools/lib/src/version.dart b/packages/flutter_tools/lib/src/version.dart
-index f2068a6ca2..99b161689e 100644
+index dc47f17057..8068e2d1f5 100644
--- a/packages/flutter_tools/lib/src/version.dart
+++ b/packages/flutter_tools/lib/src/version.dart
-@@ -106,7 +106,7 @@ class FlutterVersion {
+@@ -111,7 +111,7 @@ class FlutterVersion {
String? channel = _channel;
if (channel == null) {
final String gitChannel = _runGit(
-- 'git rev-parse --abbrev-ref --symbolic @{u}',
-+ 'git --git-dir .git rev-parse --abbrev-ref --symbolic @{u}',
+- 'git rev-parse --abbrev-ref --symbolic $kGitTrackingUpstream',
++ 'git --git-dir .git rev-parse --abbrev-ref --symbolic $kGitTrackingUpstream',
globals.processUtils,
_workingDirectory,
);
-@@ -114,7 +114,7 @@ class FlutterVersion {
+@@ -119,7 +119,7 @@ class FlutterVersion {
if (slash != -1) {
final String remote = gitChannel.substring(0, slash);
_repositoryUrl = _runGit(
@@ -55,7 +55,7 @@ index f2068a6ca2..99b161689e 100644
globals.processUtils,
_workingDirectory,
);
-@@ -326,7 +326,7 @@ class FlutterVersion {
+@@ -298,7 +298,7 @@ class FlutterVersion {
/// the branch name will be returned as `'[user-branch]'`.
String getBranchName({ bool redactUnknownBranches = false }) {
_branch ??= () {
@@ -64,7 +64,7 @@ index f2068a6ca2..99b161689e 100644
return branch == 'HEAD' ? channel : branch;
}();
if (redactUnknownBranches || _branch!.isEmpty) {
-@@ -359,7 +359,7 @@ class FlutterVersion {
+@@ -331,7 +331,7 @@ class FlutterVersion {
/// wrapper that does that.
@visibleForTesting
static List<String> gitLog(List<String> args) {
@@ -73,16 +73,16 @@ index f2068a6ca2..99b161689e 100644
}
/// Gets the release date of the latest available Flutter version.
-@@ -730,7 +730,7 @@ class GitTagVersion {
-
- static GitTagVersion determine(ProcessUtils processUtils, {String? workingDirectory, bool fetchTags = false, String gitRef = 'HEAD'}) {
+@@ -708,7 +708,7 @@ class GitTagVersion {
+ String gitRef = 'HEAD'
+ }) {
if (fetchTags) {
- final String channel = _runGit('git rev-parse --abbrev-ref HEAD', processUtils, workingDirectory);
+ final String channel = _runGit('git --git-dir .git rev-parse --abbrev-ref HEAD', processUtils, workingDirectory);
if (channel == 'dev' || channel == 'beta' || channel == 'stable') {
globals.printTrace('Skipping request to fetchTags - on well known channel $channel.');
} else {
-@@ -739,7 +739,7 @@ class GitTagVersion {
+@@ -718,7 +718,7 @@ class GitTagVersion {
}
// find all tags attached to the given [gitRef]
final List<String> tags = _runGit(
@@ -91,7 +91,7 @@ index f2068a6ca2..99b161689e 100644
// Check first for a stable tag
final RegExp stableTagPattern = RegExp(r'^\d+\.\d+\.\d+$');
-@@ -760,7 +760,7 @@ class GitTagVersion {
+@@ -739,7 +739,7 @@ class GitTagVersion {
// recent tag and number of commits past.
return parse(
_runGit(
diff --git a/pkgs/development/compilers/flutter/patches/move-cache.patch b/pkgs/development/compilers/flutter/patches/flutter3/move-cache.patch
similarity index 83%
rename from pkgs/development/compilers/flutter/patches/move-cache.patch
rename to pkgs/development/compilers/flutter/patches/flutter3/move-cache.patch
index 5cb7c71e9bd..008c5959e5b 100644
--- a/pkgs/development/compilers/flutter/patches/move-cache.patch
+++ b/pkgs/development/compilers/flutter/patches/flutter3/move-cache.patch
@@ -1,13 +1,9 @@
+diff --git a/packages/flutter_tools/lib/src/artifacts.dart b/packages/flutter_tools/lib/src/artifacts.dart
diff --git a/packages/flutter_tools/lib/src/asset.dart b/packages/flutter_tools/lib/src/asset.dart
-index ed42baea29..12941f733a 100644
+index 9dd7272fbe..642c8e48e4 100644
--- a/packages/flutter_tools/lib/src/asset.dart
+++ b/packages/flutter_tools/lib/src/asset.dart
-@@ -11,11 +11,11 @@ import 'base/file_system.dart';
- import 'base/logger.dart';
- import 'base/platform.dart';
- import 'build_info.dart';
--import 'cache.dart';
- import 'convert.dart';
+@@ -16,6 +16,7 @@ import 'convert.dart';
import 'dart/package_map.dart';
import 'devfs.dart';
import 'flutter_manifest.dart';
@@ -15,17 +11,18 @@ index ed42baea29..12941f733a 100644
import 'license_collector.dart';
import 'project.dart';
-@@ -504,7 +504,7 @@ class ManifestAssetBundle implements AssetBundle {
- }
+@@ -530,8 +531,7 @@ class ManifestAssetBundle implements AssetBundle {
final Uri entryUri = _fileSystem.path.toUri(asset);
result.add(_Asset(
-- baseDir: _fileSystem.path.join(Cache.flutterRoot!, 'bin', 'cache', 'artifacts', 'material_fonts'),
-+ baseDir: _fileSystem.path.join(globals.fsUtils.homeDirPath!, '.cache', 'flutter', 'artifacts', 'material_fonts'),
+ baseDir: _fileSystem.path.join(
+- Cache.flutterRoot!,
+- 'bin', 'cache', 'artifacts', 'material_fonts',
++ globals.fsUtils.homeDirPath!, '.cache', 'flutter', 'artifacts', 'material_fonts',
+ ),
relativeUri: Uri(path: entryUri.pathSegments.last),
entryUri: entryUri,
- package: null,
diff --git a/packages/flutter_tools/lib/src/cache.dart b/packages/flutter_tools/lib/src/cache.dart
-index defc86cc20..7fdf14d112 100644
+index dd80b1e46e..8e54517765 100644
--- a/packages/flutter_tools/lib/src/cache.dart
+++ b/packages/flutter_tools/lib/src/cache.dart
@@ -22,6 +22,7 @@ import 'base/user_messages.dart';
@@ -36,7 +33,7 @@ index defc86cc20..7fdf14d112 100644
const String kFlutterRootEnvironmentVariableName = 'FLUTTER_ROOT'; // should point to //flutter/ (root of flutter/flutter repo)
const String kFlutterEngineEnvironmentVariableName = 'FLUTTER_ENGINE'; // should point to //engine/src/ (root of flutter/engine repo)
-@@ -322,8 +323,13 @@ class Cache {
+@@ -318,8 +319,13 @@ class Cache {
return;
}
assert(_lock == null);
@@ -51,7 +48,7 @@ index defc86cc20..7fdf14d112 100644
try {
_lock = lockFile.openSync(mode: FileMode.write);
} on FileSystemException catch (e) {
-@@ -382,8 +388,7 @@ class Cache {
+@@ -378,8 +384,7 @@ class Cache {
String get devToolsVersion {
if (_devToolsVersion == null) {
@@ -61,7 +58,7 @@ index defc86cc20..7fdf14d112 100644
if (!devToolsDir.existsSync()) {
throw Exception('Could not find directory at ${devToolsDir.path}');
}
-@@ -536,7 +541,7 @@ class Cache {
+@@ -532,7 +537,7 @@ class Cache {
if (_rootOverride != null) {
return _fileSystem.directory(_fileSystem.path.join(_rootOverride!.path, 'bin', 'cache'));
} else {
@@ -70,8 +67,7 @@ index defc86cc20..7fdf14d112 100644
}
}
-diff --git a/packages/flutter_tools/lib/src/artifacts.dart b/packages/flutter_tools/lib/src/artifacts.dart
-index 2aac9686e8..32c4b98b88 100644
+index c539d67156..4e0a64f7a9 100644
--- a/packages/flutter_tools/lib/src/artifacts.dart
+++ b/packages/flutter_tools/lib/src/artifacts.dart
@@ -346,10 +346,10 @@ class CachedArtifacts implements Artifacts {
@@ -82,8 +78,8 @@ index 2aac9686e8..32c4b98b88 100644
+ final String path = _dartSdkPath(_fileSystem);
return _fileSystem.directory(path);
case HostArtifact.engineDartBinary:
-- final String path = _fileSystem.path.join(_dartSdkPath(_cache), 'bin', _hostArtifactToFileName(artifact, _platform.isWindows));
-+ final String path = _fileSystem.path.join(_dartSdkPath(_fileSystem), 'bin', _hostArtifactToFileName(artifact, _platform.isWindows));
+- final String path = _fileSystem.path.join(_dartSdkPath(_cache), 'bin', _hostArtifactToFileName(artifact, _platform));
++ final String path = _fileSystem.path.join(_dartSdkPath(_fileSystem), 'bin', _hostArtifactToFileName(artifact, _platform));
return _fileSystem.file(path);
case HostArtifact.flutterWebSdk:
final String path = _getFlutterWebSdkPath();
@@ -91,12 +87,12 @@ index 2aac9686e8..32c4b98b88 100644
case HostArtifact.dart2jsSnapshot:
case HostArtifact.dartdevcSnapshot:
case HostArtifact.kernelWorkerSnapshot:
-- final String path = _fileSystem.path.join(_dartSdkPath(_cache), 'bin', 'snapshots', _hostArtifactToFileName(artifact, _platform.isWindows));
-+ final String path = _fileSystem.path.join(_dartSdkPath(_fileSystem), 'bin', 'snapshots', _hostArtifactToFileName(artifact, _platform.isWindows));
+- final String path = _fileSystem.path.join(_dartSdkPath(_cache), 'bin', 'snapshots', _hostArtifactToFileName(artifact, _platform));
++ final String path = _fileSystem.path.join(_dartSdkPath(_fileSystem), 'bin', 'snapshots', _hostArtifactToFileName(artifact, _platform));
return _fileSystem.file(path);
case HostArtifact.iosDeploy:
- final String artifactFileName = _hostArtifactToFileName(artifact, _platform.isWindows);
-@@ -461,11 +461,13 @@ class CachedArtifacts implements Artifacts {
+ final String artifactFileName = _hostArtifactToFileName(artifact, _platform);
+@@ -465,11 +465,13 @@ class CachedArtifacts implements Artifacts {
String _getAndroidArtifactPath(Artifact artifact, TargetPlatform platform, BuildMode mode) {
final String engineDir = _getEngineArtifactsPath(platform, mode)!;
switch (artifact) {
@@ -125,8 +121,8 @@ index 2aac9686e8..32c4b98b88 100644
- case Artifact.frontendServerSnapshotForEngineDartSdk:
case Artifact.constFinder:
case Artifact.flutterMacOSFramework:
- case Artifact.flutterMacOSPodspec:
-@@ -594,14 +596,10 @@ class CachedArtifacts implements Artifacts {
+ case Artifact.flutterPatchedSdkPath:
+@@ -586,14 +588,10 @@ class CachedArtifacts implements Artifacts {
// For script snapshots any gen_snapshot binary will do. Returning gen_snapshot for
// android_arm in profile mode because it is available on all supported host platforms.
return _getAndroidArtifactPath(artifact, TargetPlatform.android_arm, BuildMode.profile);
@@ -142,27 +138,27 @@ index 2aac9686e8..32c4b98b88 100644
case Artifact.icuData:
final String engineArtifactsPath = _cache.getArtifactDirectory('engine').path;
final String platformDirName = _enginePlatformDirectoryName(platform);
-@@ -797,7 +795,7 @@ class CachedLocalEngineArtifacts implements LocalEngineArtifacts {
- final String path = _fileSystem.path.join(_hostEngineOutPath, 'dart-sdk', 'bin', 'snapshots', _hostArtifactToFileName(artifact, _platform.isWindows));
+@@ -776,7 +774,7 @@ class CachedLocalEngineArtifacts implements LocalEngineArtifacts {
+ final String path = _fileSystem.path.join(_hostEngineOutPath, 'dart-sdk', 'bin', 'snapshots', _hostArtifactToFileName(artifact, _platform));
return _fileSystem.file(path);
case HostArtifact.dartdevcSnapshot:
-- final String path = _fileSystem.path.join(_dartSdkPath(_cache), 'bin', 'snapshots', _hostArtifactToFileName(artifact, _platform.isWindows));
-+ final String path = _fileSystem.path.join(_dartSdkPath(_fileSystem), 'bin', 'snapshots', _hostArtifactToFileName(artifact, _platform.isWindows));
+- final String path = _fileSystem.path.join(_dartSdkPath(_cache), 'bin', 'snapshots', _hostArtifactToFileName(artifact, _platform));
++ final String path = _fileSystem.path.join(_dartSdkPath(_fileSystem), 'bin', 'snapshots', _hostArtifactToFileName(artifact, _platform));
return _fileSystem.file(path);
case HostArtifact.kernelWorkerSnapshot:
- final String path = _fileSystem.path.join(_hostEngineOutPath, 'dart-sdk', 'bin', 'snapshots', _hostArtifactToFileName(artifact, _platform.isWindows));
-@@ -922,9 +920,7 @@ class CachedLocalEngineArtifacts implements LocalEngineArtifacts {
- case Artifact.windowsUwpCppClientWrapper:
+ final String path = _fileSystem.path.join(_hostEngineOutPath, 'dart-sdk', 'bin', 'snapshots', _hostArtifactToFileName(artifact, _platform));
+@@ -901,9 +899,7 @@ class CachedLocalEngineArtifacts implements LocalEngineArtifacts {
+ case Artifact.windowsCppClientWrapper:
return _fileSystem.path.join(_hostEngineOutPath, artifactFileName);
case Artifact.frontendServerSnapshotForEngineDartSdk:
- return _fileSystem.path.join(
- _hostEngineOutPath, 'dart-sdk', 'bin', 'snapshots', artifactFileName,
- );
+ return _fileSystem.path.join(_hostEngineOutPath, 'gen', artifactFileName);
- case Artifact.uwptool:
- return _fileSystem.path.join(_hostEngineOutPath, artifactFileName);
}
-@@ -1034,8 +1030,8 @@ class OverrideArtifacts implements Artifacts {
+ }
+
+@@ -1011,8 +1007,8 @@ class OverrideArtifacts implements Artifacts {
}
/// Locate the Dart SDK.
@@ -174,12 +170,12 @@ index 2aac9686e8..32c4b98b88 100644
class _TestArtifacts implements Artifacts {
diff --git a/packages/flutter_tools/test/general.shard/artifacts_test.dart b/packages/flutter_tools/test/general.shard/artifacts_test.dart
-index d906511a15..adfdd4bb42 100644
+index aed3eb9285..81b8362648 100644
--- a/packages/flutter_tools/test/general.shard/artifacts_test.dart
+++ b/packages/flutter_tools/test/general.shard/artifacts_test.dart
-@@ -153,10 +153,6 @@ void main() {
- artifacts.getArtifactPath(Artifact.windowsUwpDesktopPath, platform: TargetPlatform.windows_uwp_x64, mode: BuildMode.release),
- fileSystem.path.join('root', 'bin', 'cache', 'artifacts', 'engine', 'windows-uwp-x64-release'),
+@@ -141,10 +141,6 @@ void main() {
+ artifacts.getArtifactPath(Artifact.flutterTester, platform: TargetPlatform.linux_arm64),
+ fileSystem.path.join('root', 'bin', 'cache', 'artifacts', 'engine', 'linux-arm64', 'flutter_tester'),
);
- expect(
- artifacts.getArtifactPath(Artifact.frontendServerSnapshotForEngineDartSdk),
@@ -188,7 +184,7 @@ index d906511a15..adfdd4bb42 100644
});
testWithoutContext('precompiled web artifact paths are correct', () {
-@@ -322,11 +318,6 @@ void main() {
+@@ -310,11 +306,6 @@ void main() {
artifacts.getHostArtifact(HostArtifact.engineDartSdkPath).path,
fileSystem.path.join('/out', 'host_debug_unopt', 'dart-sdk'),
);
@@ -197,6 +193,6 @@ index d906511a15..adfdd4bb42 100644
- fileSystem.path.join('/out', 'host_debug_unopt', 'dart-sdk', 'bin',
- 'snapshots', 'frontend_server.dart.snapshot')
- );
- });
-
- testWithoutContext('getEngineType', () {
+ expect(
+ artifacts.getHostArtifact(HostArtifact.impellerc).path,
+ fileSystem.path.join('/out', 'host_debug_unopt', 'impellerc'),
diff --git a/pkgs/os-specific/linux/firmware/firmware-updater/default.nix b/pkgs/os-specific/linux/firmware/firmware-updater/default.nix
index fb9d3a9a36c..cc906b763e8 100644
--- a/pkgs/os-specific/linux/firmware/firmware-updater/default.nix
+++ b/pkgs/os-specific/linux/firmware/firmware-updater/default.nix
@@ -1,13 +1,13 @@
{ lib
-, flutter
+, flutter2
, fetchFromGitHub
}:
-flutter.mkFlutterApp {
+flutter2.mkFlutterApp {
pname = "firmware-updater";
version = "unstable";
- vendorHash = "sha256-3wVA9BLCnMijC0gOmskz+Hv7NQIGu/jhBDbWjmoq1Tc=";
+ vendorHash = "sha256-7uOiebGBcX61oUyNCi1h9KldTRTrCfYaHUQSH4J5OoQ=";
src = fetchFromGitHub {
owner = "canonical";
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 4f25d9b20d8..c282471c464 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -13448,6 +13448,7 @@ with pkgs;
flutterPackages =
recurseIntoAttrs (callPackage ../development/compilers/flutter { });
flutter = flutterPackages.stable;
+ flutter2 = flutterPackages.v2;
fnm = callPackage ../development/tools/fnm {
inherit (darwin.apple_sdk.frameworks) DiskArbitration Foundation Security;

30
nixpatches/list.nix
View File

@@ -1,17 +1,4 @@
fetchpatch: [
# Flutter: 3.0.4 -> 3.3.3, flutter.dart: 2.17.5 -> 2.18.2
# merged 2022/10/07
# (fetchpatch {
# url = "https://github.com/NixOS/nixpkgs/pull/189338.diff";
# sha256 = "sha256-HRkOIBcOnSXyTKkYxnMgZou8MHU/5eNhxxARdUq9UWg=";
# # url = "https://git.uninsane.org/colin/nixpkgs/commit/889c3a8cbc91c0d10b34ab7825fa1f6d1d31668a.diff";
# # sha256 = "sha256-qVWLpNoW3HVSWRtXS1BcSusKOq0CAMfY0BVU9MxPm98=";
# })
#
# XXX this is a cherry-pick of all the commits in PR 189338 (as appears in tree).
# the diff yielded by Github is apparently not the same somehow (maybe because the branches being merged had diverged too much?)
./11-flutter-3.3.3-189338.patch
# phosh-mobile-settings: init at 0.21.1
(fetchpatch {
url = "http://git.uninsane.org/colin/nixpkgs/commit/0c1a7e8504291eb0076bbee3f8ebf693f4641112.diff";
@@ -19,12 +6,16 @@ fetchpatch: [
sha256 = "sha256-OczjlQcG7sTM/V9Y9VL/qdwaWPKfjAJsh3czqqhRQig=";
})
# kaiteki: init at 2022-09-03
(fetchpatch {
url = "https://git.uninsane.org/colin/nixpkgs/commit/e2c7f5f4870fcb0e5405e9001b39a64c516852d4.diff";
# url = "https://github.com/NixOS/nixpkgs/pull/193169.diff";
sha256 = "sha256-UWnfS+stVpUZ3Sfaym9XtVBlwvHWJVMaW7cYIcf3M5Q=";
})
# # kaiteki: init at 2022-09-03
# vendorHash changes too frequently (might not be reproducible).
# using local package defn until stabilized
# (fetchpatch {
# url = "https://git.uninsane.org/colin/nixpkgs/commit/e2c7f5f4870fcb0e5405e9001b39a64c516852d4.diff";
# # url = "https://github.com/NixOS/nixpkgs/pull/193169.diff";
# sha256 = "sha256-UWnfS+stVpUZ3Sfaym9XtVBlwvHWJVMaW7cYIcf3M5Q=";
# })
# Fix mk flutter app
# closed (not merged). updates fluffychat 1.2.0 -> 1.6.1, but unstable hashing
@@ -39,6 +30,7 @@ fetchpatch: [
./02-rpi4-uboot.patch
# TODO: upstream
# maybe convert this patch to add a `targetUrlExpr` instead of doing the `escapeShellArgs` hack
./07-duplicity-rich-url.patch
# enable aarch64 support for flutter's dart package

44
pkgs/browserpass/default.nix Normal file
View File

@@ -0,0 +1,44 @@
{ pkgs
, bash
, fetchFromGitea
, lib
, sops
, stdenv
, substituteAll
}:
let
sane-browserpass-gpg = stdenv.mkDerivation {
pname = "sane-browserpass-gpg";
version = "0.1.0";
src = ./.;
inherit bash sops;
installPhase = ''
mkdir -p $out/bin
substituteAll ${./sops-gpg-adapter} $out/bin/gpg
chmod +x $out/bin/gpg
ln -s $out/bin/gpg $out/bin/gpg2
'';
};
in
(pkgs.browserpass.overrideAttrs (upstream: {
src = fetchFromGitea {
domain = "git.uninsane.org";
owner = "colin";
repo = "browserpass-native";
rev = "8de7959fa5772aca406bf29bb17707119c64b81e";
hash = "sha256-ewB1YdWqfZpt8d4p9LGisiGUsHzRW8RiSO/+NZRiQpk=";
};
installPhase = ''
make install
wrapProgram $out/bin/browserpass \
--prefix PATH : ${lib.makeBinPath [ sane-browserpass-gpg ]}
# This path is used by our firefox wrapper for finding native messaging hosts
mkdir -p $out/lib/mozilla/native-messaging-hosts
ln -s $out/lib/browserpass/hosts/firefox/*.json $out/lib/mozilla/native-messaging-hosts
'';
}))

14
pkgs/browserpass/sops-gpg-adapter Normal file
View File

@@ -0,0 +1,14 @@
#! @bash@/bin/sh
# browserpass "validates" the gpg binary by invoking it with --version
if [ "$1" = "--version" ]
then
echo "sane-browserpass-gpg @version@";
exit 0
fi
# using exec here forwards our stdin
# browserpass parses the response in
# <browserpass-extension/src/background.js#parseFields>
# it cares about `key:value`, and ignores whatever doesn't fit that (or has an unknown key)
exec @sops@/bin/sops --input-type yaml -d --output-type yaml --config /dev/null /dev/stdin

15
pkgs/gocryptfs/default.nix Normal file
View File

@@ -0,0 +1,15 @@
{ pkgs, lib, ... }:
(pkgs.gocryptfs.overrideAttrs (upstream: {
# XXX `su colin` hangs when pam_mount tries to mount a gocryptfs system
# unless `logger` (util-linux) is accessible from gocryptfs.
# this is surprising: the code LOOKS like it's meant to handle logging failures.
# propagating util-linux through either `environment.systemPackages` or `security.pam.mount.additionalSearchPaths` DOES NOT WORK.
#
# TODO: see about upstreaming this
postInstall = ''
wrapProgram $out/bin/gocryptfs \
--suffix PATH : ${lib.makeBinPath [ pkgs.fuse pkgs.util-linux ]}
ln -s $out/bin/gocryptfs $out/bin/mount.fuse.gocryptfs
'';
}))

10
pkgs/gopass-native-messaging-host/com.justwatch.gopass.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "com.justwatch.gopass",
"description": "Gopass wrapper to search and return passwords",
"path": "@out@/bin/gopass-wrapper",
"type": "stdio",
"allowed_extensions": [
"{eec37db0-22ad-4bf1-9068-5ae08df8c7e9}"
]
}

22
pkgs/gopass-native-messaging-host/default.nix Normal file
View File

@@ -0,0 +1,22 @@
{ stdenv
, bash
, gopass-jsonapi
, substituteAll
}:
stdenv.mkDerivation {
pname = "gopass-native-messaging-host";
version = "1.0";
src = ./.;
inherit bash;
# substituteAll doesn't work with hyphenated vars ??
gopassJsonapi = gopass-jsonapi;
installPhase = ''
mkdir -p $out/bin $out/lib/mozilla/native-messaging-hosts
substituteAll ${./gopass-wrapper.sh} $out/bin/gopass-wrapper
chmod +x $out/bin/gopass-wrapper
substituteAll ${./com.justwatch.gopass.json} $out/lib/mozilla/native-messaging-hosts/com.justwatch.gopass.json
'';
}

2
pkgs/gopass-native-messaging-host/gopass-wrapper.sh Normal file
View File

@@ -0,0 +1,2 @@
#! @bash@/bin/sh
exec @gopassJsonapi@/bin/gopass-jsonapi listen

2
pkgs/kaiteki/default.nix
View File

@@ -10,7 +10,7 @@ flutter.mkFlutterApp rec {
pname = "kaiteki";
version = "unstable-2022-09-03";
vendorHash = "sha256-IlsMoJjgB/fWI5QxSnnFSChVWFMnMGUD4QJdDUuTE+Q=";
vendorHash = "sha256-CXEaQeXEY5PYpcoqmPcRfcyaFsEDZ8bq1pgApmjyp0c=";
src = fetchFromGitHub {
owner = "Kaiteki-Fedi";

28
pkgs/lightdm-mobile-greeter/cargo_lock-fix_lightdm_rs_url.patch Normal file
View File

@@ -0,0 +1,28 @@
commit c2a3a5eff2edc95108a21fc02c420a8aaa19accd
Author: colin <colin@uninsane.org>
Date: Tue Oct 25 20:59:20 2022 -0700
Cargo.lock: update lightdm-rs URLs
diff --git a/Cargo.lock b/Cargo.lock
index 1051644..72d09e6 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -362,7 +362,7 @@ dependencies = [
[[package]]
name = "light-dm-sys"
version = "0.0.1"
-source = "git+https://raatty.club:3000/raatty/lightdm-rs.git#a3c669583bb932e2b25372048b1e9dbda1f10e11"
+source = "git+https://git.raatty.club/raatty/lightdm-rs.git#a3c669583bb932e2b25372048b1e9dbda1f10e11"
dependencies = [
"gio-sys",
"glib-sys",
@@ -374,7 +374,7 @@ dependencies = [
[[package]]
name = "lightdm"
version = "0.1.0"
-source = "git+https://raatty.club:3000/raatty/lightdm-rs.git#a3c669583bb932e2b25372048b1e9dbda1f10e11"
+source = "git+https://git.raatty.club/raatty/lightdm-rs.git#a3c669583bb932e2b25372048b1e9dbda1f10e11"
dependencies = [
"gio",
"gio-sys",

57
pkgs/lightdm-mobile-greeter/default.nix Normal file
View File

@@ -0,0 +1,57 @@
{ lib
, fetchFromGitea
, gtk3
, libhandy_0
, lightdm
, pkgs
, linkFarm
, pkg-config
, rustPlatform
}:
rustPlatform.buildRustPackage rec {
pname = "lightdm-mobile-greeter";
version = "6";
src = fetchFromGitea {
domain = "git.raatty.club";
owner = "raatty";
repo = "lightdm-mobile-greeter";
rev = "${version}";
hash = "sha256-uqsYOHRCOmd3tpJdndZFQ/tznZ660NhB+gE2154kJuM=";
};
cargoHash = "sha256-JV8NQdZAG4EetRHwbi0dD0uIOUkn5hvzry+5WB7TCO4=";
cargoPatches = [
./cargo_lock-fix_lightdm_rs_url.patch
];
buildInputs = [
gtk3
libhandy_0
lightdm
];
nativeBuildInputs = [
pkg-config
];
postInstall = ''
mkdir -p $out/share/applications
substitute lightdm-mobile-greeter.desktop \
$out/share/applications/lightdm-mobile-greeter.desktop \
--replace lightdm-mobile-greeter $out/bin/lightdm-mobile-greeter
'';
passthru.xgreeters = linkFarm "lightdm-mobile-greeter-xgreeters" [{
path = "${pkgs.lightdm-mobile-greeter}/share/applications/lightdm-mobile-greeter.desktop";
name = "lightdm-mobile-greeter.desktop";
}];
meta = with lib; {
description = "A simple log in screen for use on touch screens.";
homepage = "https://git.uninsane.org/colin/lightdm-mobile-greeter";
maintainers = with maintainers; [ colinsane ];
platforms = platforms.linux;
license = licenses.mit;
};
}

6
pkgs/linux-megous/default.nix
View File

@@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "6.0.0";
version = "6.0.2";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -15,7 +15,7 @@ buildLinux (args // rec {
owner = "megous";
repo = "linux";
# branch: orange-pi-6.0
rev = "b16232c6156de17e1dfdb63fdaea8e317baa07a7";
sha256 = "sha256-Tb05IQKFdX/T7elGNnXTLVmgGLvXoeBFBq/8Q7jQhX0=";
rev = "2683672a2052ffda995bb987fa62a1abe8424ef4";
hash = "sha256-hL/SbLgaTk/CqFLFrAK/OV9/OS20O42zJvSScsvWBQk=";
};
} // (args.argsOverride or { }))

13
pkgs/matrix-appservice-discord/01-puppet.patch
View File

@@ -1,13 +0,0 @@
diff --git a/src/clientfactory.ts b/src/clientfactory.ts
index b7fea47..587acfd 100644
--- a/src/clientfactory.ts
+++ b/src/clientfactory.ts
@@ -53,7 +53,7 @@ export class DiscordClientFactory {
});
try {
- await this.botClient.login(this.config.botToken, true);
+ await this.botClient.login(this.config.botToken, false);
log.info("Waiting for shardReady signal");
await waitPromise;
log.info("Got shardReady signal");

16
pkgs/matrix-appservice-discord/02-auto-approve.patch
View File

@@ -1,16 +0,0 @@
diff --git a/src/provisioner.ts b/src/provisioner.ts
index c1568af..28a44c5 100644
--- a/src/provisioner.ts
+++ b/src/provisioner.ts
@@ -99,8 +99,9 @@
this.pendingRequests.set(channelId, approveFn);
setTimeout(() => approveFn(false, true), timeout);
- await channel.send(`${requestor} on matrix would like to bridge this channel. Someone with permission` +
- " to manage webhooks please reply with `!matrix approve` or `!matrix deny` in the next 5 minutes");
+ // await channel.send(`${requestor} on matrix would like to bridge this channel. Someone with permission` +
+ // " to manage webhooks please reply with `!matrix approve` or `!matrix deny` in the next 5 minutes");
+ approveFn(true);
return await deferP;
}

14
pkgs/matrix-appservice-discord/03-no-edits.patch
View File

@@ -1,14 +0,0 @@
diff --git a/src/bot.ts b/src/bot.ts
index 8bc73d4..1e6ea67 100644
--- a/src/bot.ts
+++ b/src/bot.ts
@@ -568,7 +568,8 @@ export class DiscordBot {
}
const link = `https://discord.com/channels/${chan.guild.id}/${chan.id}/${editEventId}`;
embedSet.messageEmbed.description = `[Edit](${link}): ${embedSet.messageEmbed.description}`;
- await this.send(embedSet, opts, roomLookup, event);
+ log.warn("not editing sent Matrix -> Discord message");
+ // await this.send(embedSet, opts, roomLookup, event);
} catch (err) {
// throw wrapError(err, Unstable.ForeignNetworkError, "Couldn't edit message");
log.warn(`Failed to edit message ${event.event_id}`);

88
pkgs/matrix-appservice-discord/04-no-kickbans.patch
View File

@@ -1,88 +0,0 @@
diff --git a/src/bot.ts b/src/bot.ts
index 8bc73d4..1e6ea67 100644
--- a/src/bot.ts
+++ b/src/bot.ts
@@ -795,82 +796,7 @@ export class DiscordBot {
roomId: string, kickeeUserId: string, kicker: string, kickban: "leave"|"ban",
previousState: string, reason?: string,
) {
- const restore = kickban === "leave" && previousState === "ban";
- const client = await this.clientFactory.getClient(kicker);
- let channel: Discord.Channel;
- try {
- channel = await this.GetChannelFromRoomId(roomId, client);
- } catch (ex) {
- log.error("Failed to get channel for ", roomId, ex);
- return;
- }
- if (channel.type !== "text") {
- log.warn("Channel was not a text channel");
- return;
- }
- const tchan = (channel as Discord.TextChannel);
- const kickeeUser = await this.GetDiscordUserOrMember(
- kickeeUserId.substring("@_discord_".length, kickeeUserId.indexOf(":") - 1),
- tchan.guild.id,
- );
- if (!kickeeUser) {
- log.error("Could not find discord user for", kickeeUserId);
- return;
- }
- const kickee = kickeeUser as Discord.GuildMember;
- let res: Discord.Message;
- const botChannel = await this.GetChannelFromRoomId(roomId) as Discord.TextChannel;
- if (restore) {
- await tchan.overwritePermissions([
- {
- allow: ["SEND_MESSAGES", "VIEW_CHANNEL"],
- id: kickee.id,
- }],
- `Unbanned.`,
- );
- this.channelLock.set(botChannel.id);
- res = await botChannel.send(
- `${kickee} was unbanned from this channel by ${kicker}.`,
- ) as Discord.Message;
- this.sentMessages.push(res.id);
- this.channelLock.release(botChannel.id);
- return;
- }
- const existingPerms = tchan.permissionsFor(kickee);
- if (existingPerms && existingPerms.has(Discord.Permissions.FLAGS.VIEW_CHANNEL as number) === false ) {
- log.warn("User isn't allowed to read anyway.");
- return;
- }
- const word = `${kickban === "ban" ? "banned" : "kicked"}`;
- this.channelLock.set(botChannel.id);
- res = await botChannel.send(
- `${kickee} was ${word} from this channel by ${kicker}.`
- + (reason ? ` Reason: ${reason}` : ""),
- ) as Discord.Message;
- this.sentMessages.push(res.id);
- this.channelLock.release(botChannel.id);
- log.info(`${word} ${kickee}`);
-
- await tchan.overwritePermissions([
- {
- deny: ["SEND_MESSAGES", "VIEW_CHANNEL"],
- id: kickee.id,
- }],
- `Matrix user was ${word} by ${kicker}.`,
- );
- if (kickban === "leave") {
- // Kicks will let the user back in after ~30 seconds.
- setTimeout(async () => {
- log.info(`Kick was lifted for ${kickee.displayName}`);
- await tchan.overwritePermissions([
- {
- allow: ["SEND_MESSAGES", "VIEW_CHANNEL"],
- id: kickee.id,
- }],
- `Lifting kick since duration expired.`,
- );
- }, this.config.room.kickFor);
- }
+ return; // this is about letting Discord users know when Matrix users are kicked/banned
}
public async GetEmojiByMxc(mxc: string): Promise<DbEmoji> {

13
pkgs/matrix-appservice-discord/05-no-meta.patch
View File

@@ -1,13 +0,0 @@
diff --git a/src/matrixeventprocessor.ts b/src/matrixeventprocessor.ts
index f1f4611..7b57ff3 100644
--- a/src/matrixeventprocessor.ts
+++ b/src/matrixeventprocessor.ts
@@ -278,6 +278,8 @@ export class MatrixEventProcessor {
return;
}
+ return; // disable all meta notifications
+
msg += " on Matrix.";
const channel = await this.discord.GetChannelFromRoomId(event.room_id) as Discord.TextChannel;
await this.discord.sendAsBot(msg, channel, event);

19
pkgs/matrix-appservice-discord/default.nix
View File

@@ -1,19 +0,0 @@
{ pkgs }:
(pkgs.matrix-appservice-discord.overrideAttrs (upstream: {
# 2022-10-05: the service can't login as an ordinary user unless i change the source
doCheck = false;
patches = (upstream.patches or []) ++ [
# don't register with better-discord as a bot
./01-puppet.patch
# don't ask Discord admin for approval before bridging
./02-auto-approve.patch
# disable Matrix -> Discord edits because they do not fit Discord semantics
./03-no-edits.patch
# we don't want to notify Discord users that a Matrix user was kicked/banned
./04-no-kickbans.patch
# don't notify Discord users when the Matrix room changes (name, topic, membership)
./05-no-meta.patch
];
}))

12
pkgs/overlay.nix
View File

@@ -27,8 +27,6 @@
pleroma = prev.callPackage ./pleroma { };
# jackett doesn't allow customization of the bind address: this will probably always be here.
jackett = prev.callPackage ./jackett { pkgs = prev; };
# TODO: delete matrix-appservice-discord
matrix-appservice-discord = prev.callPackage ./matrix-appservice-discord { pkgs = prev; };
# mozilla keeps nerfing itself and removing configuration options
firefox-unwrapped = prev.callPackage ./firefox-unwrapped { pkgs = prev; };
# fix abrupt HDD poweroffs as during reboot. patching systemd requires rebuilding nearly every package.
@@ -37,9 +35,15 @@
# patch rpi uboot with something that fixes USB HDD boot
ubootRaspberryPi4_64bit = prev.callPackage ./ubootRaspberryPi4_64bit { pkgs = prev; };
gocryptfs = prev.callPackage ./gocryptfs { pkgs = prev; };
browserpass = prev.callPackage ./browserpass { pkgs = prev; };
#### TEMPORARY: PACKAGES WAITING TO BE UPSTREAMED
# kaiteki = prev.callPackage ./kaiteki { };
kaiteki = prev.kaiteki;
kaiteki = prev.callPackage ./kaiteki { };
lightdm-mobile-greeter = prev.callPackage ./lightdm-mobile-greeter { pkgs = next; };
gopass-native-messaging-host = prev.callPackage ./gopass-native-messaging-host { };
# kaiteki = prev.kaiteki;
# TODO: upstream, or delete nabla
nabla = prev.callPackage ./nabla { };
})

50
pkgs/pleroma/default.nix
View File

@@ -1,6 +1,7 @@
{ lib, beamPackages
, fetchFromGitHub, fetchFromGitLab
, file, cmake, bash
, libxcrypt
, nixosTests, writeText
, cookieFile ? "/var/lib/pleroma/.cookie"
, ...
@@ -14,11 +15,10 @@ beamPackages.mixRelease rec {
domain = "git.pleroma.social";
owner = "pleroma";
repo = "pleroma";
rev = "4605efe272016a5ba8ba6e96a9bec9a6e40c1591";
rev = "7a519b6a6607bc1dd22e6a3450aebf0f1ff11fb8";
# to update: uncomment the null hash, run nixos-rebuild and
# compute the new hash with `nix to-sri sha256:<output from failed nix build>`
# sha256 = "sha256-0000000000000000000000000000000000000000000=";
sha256 = "sha256-Dp1kTUDfNC7EDoK9WToXkUvsj7v66eKuD15le5IZgiY=";
sha256 = "sha256-6NglBcEGEvRlYMnVNB8kr4i/fccrzO6mnyp3X+O0m74=";
};
preFixup = if (cookieFile != null) then ''
@@ -72,29 +72,49 @@ beamPackages.mixRelease rec {
name = "crypt";
version = "0.4.3";
src = fetchFromGitHub {
owner = "msantos";
# src = fetchFromGitHub {
# owner = "msantos";
# repo = "crypt";
# rev = "f75cd55325e33cbea198fb41fe41871392f8fb76";
# sha256 = "sha256-ZYhZTe7cTITkl8DZ4z2IOlxTX5gnbJImu/lVJ2ZjR1o=";
# };
# this is the old crypt, from before 2021/09/21.
# nixpkgs still uses this as of 2022-10-24 and it works.
src = fetchFromGitLab {
domain = "git.pleroma.social";
group = "pleroma";
owner = "elixir-libraries";
repo = "crypt";
rev = "f75cd55325e33cbea198fb41fe41871392f8fb76";
sha256 = "sha256-ZYhZTe7cTITkl8DZ4z2IOlxTX5gnbJImu/lVJ2ZjR1o=";
rev = "cf2aa3f11632e8b0634810a15b3e612c7526f6a3";
sha256 = "sha256-48QIsgyEaDzvnihdsFy7pYURLFcb9G8DXIrf5Luk3zo=";
};
postInstall = "mv $out/lib/erlang/lib/crypt-${version}/priv/{source,crypt}.so";
beamDeps = with final; [ elixir_make ];
buildInputs = [ libxcrypt ];
};
prometheus_ex = beamPackages.buildMix rec {
name = "prometheus_ex";
version = "3.0.5";
src = fetchFromGitLab {
domain = "git.pleroma.social";
group = "pleroma";
owner = "elixir-libraries";
src = fetchFromGitHub {
owner = "lanodan";
repo = "prometheus.ex";
rev = "a4e9beb3c1c479d14b352fd9d6dd7b1f6d7deee5";
sha256 = "1v0q4bi7sb253i8q016l7gwlv5562wk5zy3l2sa446csvsacnpjk";
# branch = "fix/elixir-1.14";
rev = "31f7fbe4b71b79ba27efc2a5085746c4011ceb8f";
sha256 = "sha256-2PZP+YnwnHt69HtIAQvjMBqBbfdbkRSoMzb1AL2Zsyc=";
};
# src = fetchFromGitLab {
# domain = "git.pleroma.social";
# group = "pleroma";
# owner = "elixir-libraries";
# repo = "prometheus.ex";
# rev = "a4e9beb3c1c479d14b352fd9d6dd7b1f6d7deee5";
# sha256 = "1v0q4bi7sb253i8q016l7gwlv5562wk5zy3l2sa446csvsacnpjk";
# };
beamDeps = with final; [ prometheus ];
};
prometheus_phx = beamPackages.buildMix rec {
@@ -109,8 +129,8 @@ beamPackages.mixRelease rec {
group = "pleroma";
owner = "elixir-libraries";
repo = "prometheus-phx";
rev = "9cd8f248c9381ffedc799905050abce194a97514";
sha256 = "0211z4bxb0bc0zcrhnph9kbbvvi1f2v95madpr96pqzr60y21cam";
rev = "0c950ac2d145b1ee3fc8ee5c3290ccb9ef2331e9";
sha256 = "sha256-HjN0ku1q5aNtrhHopch0wpp4Z+dMCGj5GxHroiz5u/w=";
};
beamDeps = with final; [ prometheus_ex ];
};

19
pkgs/pleroma/mix.nix
View File

@@ -34,7 +34,6 @@ let
beamDeps = [ custom_base ];
};
# base64url = buildMix rec {
base64url = buildRebar3 rec {
name = "base64url";
version = "0.0.1";
@@ -362,12 +361,12 @@ let
eblurhash = buildRebar3 rec {
name = "eblurhash";
version = "1.1.0";
version = "1.2.2";
src = fetchHex {
pkg = "${name}";
version = "${version}";
sha256 = "07dmkbyafpxffh8ar6af4riqfxiqc547rias7i73gpgx16fqhsrf";
sha256 = "0k040pj8hlm8mwy0ra459hk35v9gfsvvgp596nl27q2dj00cl84c";
};
beamDeps = [];
@@ -1646,5 +1645,19 @@ let
beamDeps = [ httpoison jose ];
};
websockex = buildMix rec {
name = "websockex";
version = "0.4.3";
src = fetchHex {
pkg = "${name}";
version = "${version}";
sha256 = "1r2kmi2pcmdzvgbd08ci9avy0g5p2lhx80jn736a98w55c3ygwlm";
};
beamDeps = [];
};
};
in self

20
pkgs/pleroma/updating.txt
View File

@@ -1,10 +1,16 @@
in pleroma checkout:
- grab version: `rg 'version: ' mix.exs`
in default.nix:
update `rev` and recompute sha256.
use nix to-sri sha256:<expected>
- update `rev` and recompute sha256.
run mix2nix inside the pleroma git root and pipe the output into mix.nix
inside default.nix, update all git mix deps
inside mix.nix, change base64url to use buildRebar3 instead of buildMix
in pleroma checkout:
- `mix2nix > mix.nix`
move majic from mix.nix -> default.nix and add:
buildInputs = [ file ];
in nix repo:
- cp the new mix.nix here.
- move majic from mix.nix -> default.nix and add:
- buildInputs = [ file ];
- update `mixNixDeps` in default.nix:
- grab the version from pleroma/mix.exs or mix.lock
- redundant?: inside mix.nix, change base64url to use buildRebar3 instead of buildMix

21
pkgs/sane-scripts/default.nix
View File

@@ -23,6 +23,7 @@ resholve.mkDerivation {
file
findutils
gnugrep
gocryptfs
ifuse
inotify-tools
ncurses
@@ -48,20 +49,22 @@ resholve.mkDerivation {
"umount"
"sudo"
# this is actually internal; probably a better fix
# these are used internally; probably a better fix
"sane-mount-servo"
"sane-private-unlock"
];
};
# list of programs which *can* or *cannot* exec their arguments
execer = [
"cannot:${pkgs.ifuse}/bin/ifuse"
"cannot:${pkgs.oath-toolkit}/bin/oathtool"
"cannot:${pkgs.openssh}/bin/ssh-keygen"
"cannot:${pkgs.rmlint}/bin/rmlint"
"cannot:${pkgs.rsync}/bin/rsync"
"cannot:${pkgs.ssh-to-age}/bin/ssh-to-age"
"cannot:${pkgs.sops}/bin/sops"
execer = with pkgs; [
"cannot:${gocryptfs}/bin/gocryptfs"
"cannot:${ifuse}/bin/ifuse"
"cannot:${oath-toolkit}/bin/oathtool"
"cannot:${openssh}/bin/ssh-keygen"
"cannot:${rmlint}/bin/rmlint"
"cannot:${rsync}/bin/rsync"
"cannot:${sops}/bin/sops"
"cannot:${ssh-to-age}/bin/ssh-to-age"
];
};
};

32
pkgs/sane-scripts/src/sane-private-change-passwd Executable file
View File

@@ -0,0 +1,32 @@
#!/usr/bin/env bash
set -ex
new_plain=/home/colin/private-new
new_cipher="/nix/persist${new_plain}"
dest_plain=/home/colin/private
dest_cipher="/nix/persist${dest_plain}"
# initialize the new store
sudo mkdir -p "${new_cipher}" && sudo chown colin:users "${new_cipher}"
mkdir -p "${new_plain}"
gocryptfs -init "${new_cipher}"
# mount the new and old store
gocryptfs "${new_cipher}" "${new_plain}"
sane-private-unlock
# transfer to the new store
rsync -arv /home/colin/private/ "${new_plain}"/
# unmount both stores
sudo umount "${new_plain}"
sudo umount /home/colin/private
# swap the stores
sudo mv "${dest_cipher}" "${dest_cipher}-old"
sudo mv "${new_cipher}" "${dest_cipher}"
sane-private-unlock
echo "if things look well, rm ${dest_cipher}-old"

10
pkgs/sane-scripts/src/sane-private-init Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
set -ex
# configure persistent, encrypted storage that is auto-mounted on login.
# this is a one-time setup and user should log out/back in after running it.
p=/nix/persist/home/colin/private
mkdir -p $p
gocryptfs -init $p

14
pkgs/sane-scripts/src/sane-private-unlock Executable file
View File

@@ -0,0 +1,14 @@
#!/usr/bin/env bash
set -ex
# configure persistent, encrypted storage that is auto-mounted on login.
# this is a one-time setup and user should log out/back in after running it.
mount=/home/colin/private
cipher="/nix/persist$mount"
mkdir -p "$mount"
if [ ! -f "$mount/init" ]
then
gocryptfs "$cipher" "$mount"
fi

3
pkgs/sane-scripts/src/sane-rcp Executable file
View File

@@ -0,0 +1,3 @@
#!/usr/bin/env sh
# copy some remote file(s) to the working directory, with sane defaults
rsync -arv --progress "$@" .

16
pkgs/sane-scripts/src/sane-sudo-redirect Executable file
View File

@@ -0,0 +1,16 @@
#!/usr/bin/env bash
# redirects to $1, when writing to $1 requires sudo permissions.
# i.e. convert a failing command:
#
# ```
# $ sudo do_thing > /into/file
# ```
#
# to
#
# ```
# $ sudo do_thing | sane-sudo-redirect /into/file
# ```
exec sudo tee $@ > /dev/null

9
pkgs/sane-scripts/src/sane-sync-from-iphone
View File

@@ -5,8 +5,13 @@ set -ex
# make sure the mountpoint exists
if ! (test -e /mnt/iphone)
then
sudo mkdir /mnt/iphone
sudo chown colin:users /mnt/iphone
sudo umount /mnt/iphone || true # maybe the mount hung
if ! (test -e /mnt/iphone)
then
sudo mkdir /mnt/iphone
sudo chown colin:users /mnt/iphone
fi
fi
# make sure the device is mounted

16
readme.md
View File

@@ -1,9 +1,11 @@
to deploy:
```sh
nixos-rebuild --flake "./#servo" {build,switch}
```
more options (like building packages defined in this repo):
```sh
nix flake show
```
@@ -28,6 +30,18 @@ refer to flake.nix for more details.
to build one of the custom sane packages, just name it:
```
```sh
nix build ./#fluffychat-moby
```
to build a nixpkg:
```sh
nix build ./#nixpkgs.curl
```
to build a package for another platform:
```sh
nix build ./#packages.aarch64-linux.nixpkgs.ubootRaspberryPi4_64bit
```

8
scripts/ensure-perms Executable file
View File

@@ -0,0 +1,8 @@
#!/usr/bin/env bash
# ensures perms on a newly-built distribution are good.
# usage: sudo ensure-perms /path/to/nix
nix_path=$1
chown root:root -R $nix_path
chown root:nixbld $nix_path/store

2
scripts/install-iwd
View File

@@ -15,4 +15,6 @@ do
# not sure that iwd can deal with un-writeable symlinks
# ln -sf "$src_dir/$f" "$dest_dir/$ssid.psk"
cp "$src_dir/$f" "$dest_dir/$ssid.psk"
# not strictly necessary, but iwd does default to rw
chmod 600 "$dest_dir/$ssid.psk"
done

5
secrets/desko.yaml
View File

@@ -1,6 +1,7 @@
duplicity_passphrase: ENC[AES256_GCM,data:rzUfcxe5YPloOrqgVwdCjsccexWc5RvmFf1i3Xs459iVTfWHlVJeT/IqReY6ZqdAkPJteTtrUZzak2GXyRUkE13+W0kE8isnDjPX/YDQwoK2sa+dwc4xGTekboc0gf6HH3vQpF1aiJDBfb3GtGyDVLH9MVIRPJGXSztZBduUDezA2wAx2wI=,iv:EHJg8kE/07v+ySSFDtW4FA4y1y/+fcGxfNCWoainwBI=,tag:S3ecM4DbDl8jqXLRKipZmQ==,type:str]
#ENC[AES256_GCM,data:yU9cr6MXjS4m69BeIUjUw477wt4c1djYof3Qlfr4Dytv8hWqCuqThDwQTMY5jfHdv5ipS0aEjf7GWu2M2t9W88fYdxnTN2m8IfYZp76YcjxO4fup5BXiLGIjnm+qI0g=,iv:nPo8FyGiyLRQozE4kZ6Rei6CObvbVynOs3jdMvdkpZw=,tag:+4esxPiewSsjwao6ZhAMxA==,type:comment]
nix_serve_privkey: ENC[AES256_GCM,data:/Ph9J00cV7PcfpJw/NWcBpkQR+a0SQyHv1jmF4CkH+Uj8l+cRcXWynAc2APenMSfHdighXMqjsXuwRbGo0S57YuMXQjFbI8jhbXEhhAWlmET1q7uRaaZRSgq34qABw==,iv:LLYgLauPsD+3mx1GTjEUkiXgdWsnqixCJl4UfSdS5Ac=,tag:S7V6GKezS/JsbZVfq9DjjA==,type:str]
colin-passwd: ENC[AES256_GCM,data:/b+l5zTlOhdoiFaMVG5HB98AOGfGZtwkH+IS/mhDgHNZ4J+t3OiEBAFPl/KPctg6ZM55QiAjNnnJ8zAsKL85om6amvrWF/Qz17qC9+pZF+6Ef8xvTQr3VPlFEYq4rGb74jQ7uyvtCjn0Ow==,iv:Z0qUimlPQMu6rsjn5b/Xfw99NzbXGS8B/hNWE+f+GoM=,tag:uGB1DZzHiLCkOtlAA58mmg==,type:str]
sops:
kms: []
gcp_kms: []
@@ -34,8 +35,8 @@ sops:
Si9kT0ZMUnJJWlhUZ3FFakZFaDlPdEEKXtWfh6wdGPin1h/UUs21cdspddpW1YDq
rCKS2DI2KWdgciih9FnmWGAwGUhB3uhimUr6hgho4z+dZfLrpoP1PA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-09-14T21:34:55Z"
mac: ENC[AES256_GCM,data:Zex69KG2a2Rxyodyci40azr9qGbA5XwH4Qhip0BDbrJymHjZzqCeRDKjdHjAWXPdPyglvUY0kADfm7xxlE1zU84oOahI9FldADtQrGUWS0elU+a3F93LVNGlhlKc+g8JGzUyBvPr6Toi52L2hI18K5bmWFPesczWedL07r85s9M=,iv:W+SMAX0HY5GbAqqgXWbSxm4wbzXZt5PEsLhwWcxkRWY=,tag:VPnw2X+6i0EyiFB3rkon8Q==,type:str]
lastmodified: "2022-10-24T08:49:49Z"
mac: ENC[AES256_GCM,data:dvxYlU/btzzH9Qor8z02kdv3S4gFUGHnEjV/XBM99+IFuAD6vuE8zFL4peGW1GiXqM2QQY0Qc9wZ+nC5/ak9ROMC8uZPXF417gs6U9yyT92FRlMSdC0AMsUhNGWjJlM733hI4YATnR+1XuwHewzzW1R3TvrouBZqSv+2rBsiZCw=,iv:A+D7IG4U+EQ6nP4xKOK1ExeZLeERpiSPzj/g87R1SdM=,tag:jSVGDO9kNxXdDSSixDrkDQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

42
secrets/lappy.yaml Normal file
View File

@@ -0,0 +1,42 @@
#ENC[AES256_GCM,data:s512crIo2ylwy1pWPDs6324+NpP3dHvW0QmuZzvOOyrepTQvmB4NW07NFXYzY/UUPn7E4HrB7mzhvQYxVYDBlZKAMr9llT80Nnpt0AqrxnLiqnnY79EvP+aXvNmi0yWsTGqh6k36BWNTUyPSzgjGtvjQgTLSvr9uRzfy9e4C6NVWBm5sTEbYg9y3ZslToVSsEyGHYMVT6fSKM7ewH8wV,iv:sbBWcHYP5Ak4h7gWbdu8JyL2SEeUgrvkjji11Sp2GoA=,tag:yQTWlrrcBxotdKBbB54x5g==,type:comment]
#ENC[AES256_GCM,data:XcQaEDhsAG2kY0Rdw2AKOwaHQIm3/zrWMjpQlU8pWlifNY9eoPqndzIbCNDKhbEJqrzeAuxGYFRBgohRcHQz2O/cbgr8GwTZ3Uo+NHsX6qcoUhzUKd1xlUnIKLjNcV7vlxofrmXikQ==,iv:OKSw1bw2TiPweUJeqCqwr8V+A+ovIT+meygH9l9m4cI=,tag:aTROLuGpTgoxF1JV/w2Cpw==,type:comment]
#ENC[AES256_GCM,data:GFdHTjsr2DJtg/BIyOSeM6EQw92Q/8JFdqXLwpg/FWn9olTws2KDchSWRDlkrEbgoXSMP3Atd33YgckUebDYMIK8ctJai2SUxLJK5fW8LX1JbKUAC5PHUygAIkWYsHlNse7Qbgrw1rtBuR43L6NbMw==,iv:5beGhtM2wja2GgrLCzizsqamfakDIBlZ74ZJhNr33lg=,tag:Ej1za572vRpPcvcHXliQDA==,type:comment]
colin-passwd: ENC[AES256_GCM,data:+vPsqF9XiY9USDQuTt6n7K9f4/+/Sdgp6J8LnWvhYdlTTltz8a4/RYdg0JHC4o/pNae3k7KwYGMJI+vY25mgvLGj+kL23Fc9j1EYJgJk5uTz8MlmKOlKxKcSfmI3v+zOUOlQm/warktksQ==,iv:cZEFjTvHCXogXEh+xQG++aJCUFp/NtT6t7qjPIjUtAU=,tag:fnzz6uYwU9j4RZXj9MV6jg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4bzFLUFloMU1uUWRmdkZu
TllhSGxvNzBJQTZRaE9EbTA3R3JLNGpVT25nCmd0SG1BWEJWL1JlKzhmSFdFS3Fk
SnRGbUFqdzVFTy95eVhiZGN6a3VMOGcKLS0tIHFJQUtEYVhGWWlTRlQrbEpoQ2h1
VXJ5SXNlS1ZNNjhuVDFrMnlrVHp2NlUKwD3ZznQVcz1ZLb/weULpXET9uZb4aj/U
FnY9ktEEtKeSl10jzU3/sUla6Ap6K6b9KLmmqd5Rnp0ZhbxVOR8rkg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOa1dpZHVoY2tTWVJ2bG1J
Z0xjVGplMGZqajFlcWtPL0YwUXcxWThNOWcwCmQvZllaZ1JSK3N1WmIvV2F6YjZv
U1ZtMVVSSU1LZ3M4SWExSm9yRzRTR3MKLS0tIFU1dERKdko1SVZLcmVXQXMydExm
OWVEdDJsbENOYkJNSzc5MzlEanVSL0EKbKVgN0/LUiC92N9/MvoXJouiIRHE5aWO
R7xPtxYG91vC+HVj8ThHbu0fcUIqD7LTX82XCrWoYMwkplbTC/F2cw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1w7mectcjku6x3sd8plm8wkn2qfrhv9n6zhzlf329e2r2uycgke8qkf9dyn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3SGk4YzhEaldpcTBRSG1T
Nkpla0s3d2ZRU2RsK2ZDRlhEdVY0NkRYUVU0CjYrTjhxZDVyYUlmbnRQQXBQZVhD
OTcrbmV0YjdyeEhEaHVRUm03Z2hTNTQKLS0tIGVrTjhCL3RlZ2dIOFduVVdSbnJ3
L2JhVWhmQk9qZzdnYkYrQTBCZnI3eE0KHju7x28mP5jLt4u6T6CnQ3ThiEYFhG5P
D7c0h2YhqeqdewuwQWjqJMbUc308N5f0Hz/BsUgYZNanl9qqQRXkrA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-10-24T07:43:11Z"
mac: ENC[AES256_GCM,data:1n1iOEJPnVbvvlVp9Cw9wY+HB6KYLwZDcr5UkbXbQUZMm+LQS8Pib/0R8AeQLnNrfyJMnsvoNpmYWLQ6i4BZFJp4rsdjpHb4/FqIAEOwTb5SP5FC8rFpn9UeduUs9tq+fyvezywqaoLPBsXXqb092XZvHv6w1osgyfbLepiyJ2s=,iv:qM2d9smvsRwhuJ/MyD8bqVfD4IJM7T6Hu4wy/2/COiM=,tag:TlcJX1USn3TgPSMWy5hZPg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

51
secrets/moby.yaml Normal file
View File

@@ -0,0 +1,51 @@
#ENC[AES256_GCM,data:akcgE1j3wiKoyB9Uara51P/DPVcKyzt5lZ0kTuxqotjBvVtsGdPVHaeMPMi5blNyPIuiWxo9Jn0MJGyknCs9AL+g96G/yDvvD7or44sK1v8ED+2glfdMi0cjDm80anh7SMchyA6tmtgJhMW1EtkhZ/b/xpysNBzsn5e+zb9jXS4a7LF23jJr7d6tbJo9jks7vVJ7/p33cONglhO573TD,iv:M+S7WCO3V6pQg0UuzWF2y9IgH7p/P4at+qm2Y38To1o=,tag:DPlXsDSYySaHNgSzywiJRQ==,type:comment]
#ENC[AES256_GCM,data:De/BSe24Uf4Ch+JBzJMOEc7W+E72vYrqQWG4LeEk8vVHa/3eGHyKylHIgkMTr5CvwhX7/uCkjm8fgz1QHuRb8jLru8n2u/AxoY9kLUTZ/7VyYes3t9tawZ7tTFzbcqMxjV0Xy5eTzw==,iv:q3bDj1iYv3JBPzSoRU2ANCpfwWtLyCzyn81r5kl2tcw=,tag:f+d6+cWQEb83qK8I/oOCkw==,type:comment]
#ENC[AES256_GCM,data:tYLNlC3Ov2RRnaEH0QAALmMYRc4fyDDM5A7J2sfJbMvoDmkgKoP0HYWy3diJMEcLsw3ZoDGibcU03QduisxjP0eWfEHkzE4R2+tWY+yWYy7TFx7Qg3BfSTtnMt5V9vSWcVLMAgoYaRUMqykIRMRaCQ==,iv:81HzxZyAJvXa5fQDOIIqRTL3dhKA4S2TftE3yfw6VIk=,tag:9+3stfyHrrmkfZpLGpmMOA==,type:comment]
colin-passwd: ENC[AES256_GCM,data:+2uEyJX6FUbOSoJpJpjF+TmwWu3eJlrN5S9J1kRtTbS84c23E4AKTHojk5zEcPZZ9RG3vYjH6C37dRj4/SK/Z1/G31B31RgzwkLnmf11JXK+HSQZHZATgSvH07ANEYIg5VR78IQUz6qbGg==,iv:jyF/QzLyrQU+ebRfBrWRcu5/dmwY9LB4D1FxHVo8+TQ=,tag:3u7HO1VYzenIqvq0iZwuRw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpck5EWDVkWjdIU2YzQ2Mx
VUpJbW96dXIvM0pPK2Vnd3ZZU3lmSlVheEdRCmVXNFZWV0FjT2p6b3FZOW1vaFNO
MCtubi9QL1Jtd2FQL05vZmd5SjQxelEKLS0tICtaa3VRQ2JJZXpnd3pRd1lndUQ3
d1JCZ3JtZENsSGR4SkVrNHIvTEhndTQK6pQqmcq7xmhZ9E099rBy9MtCdZghBTmU
UCVWxq8zWanK11GLyh6cvs8hHSLIyvpbODnBYA1WM0AeIJoxtRRWEw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0OWl2dlcyU0VoRW90Q3ZR
eURXS1hPSG0reFFhUmxyTGRFNVdIZVJHYVJ3Cm0rcFpjQjQzVGVEcjhNR2RldkVL
WnA4U3N1ZUFUTTBkSEdCbHZCeGxNNFkKLS0tIHY3RFdxUC9SaFhVTFBLemVEQytZ
R01wWFBYR1dYNWlNUkw5M2VNK04yWE0KBPcJduySzwhAnx4BshPX/7QVdeN+L3fH
4sZqC4gYFj3KXZhIOkUcCtwS/dObBoy02EhPsUtSKRheacFVs46w8A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zsrsvd7j6l62fjxpfd2qnhqlk8wk4p8r0dtxpe4sdgnh2474095qdu7xj9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSZVBzNG5pOGlXZzI0c3J4
YnFsTDdsQjFwZ3czenlUVkJYcWxJbDAxNkFjCjYyK3VDOS8xRkhBSVRFYTRFSTZ5
Y0htSE13Q1NFNDg3czVuZ3dPOUFlekUKLS0tIDJpRHBWdU9hMnpUSWV0cSsvNjF5
cHVGRXdla0NGZ2lOMVQ3Ym43dDMvaVUKmx7p/TMj5uu/RJjRe4yCKt87brs7E7s0
F88swQCwY41lCdFwISM0jRbY/MymTtbtP+2gcSYlq/S619ytQqf7SQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age18vq5ktwgeaysucvw9t67drqmg5zd5c5k3le34yqxckkfj7wqdqgsd4ejmt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmbWlCZW1VR2FXNHZ3VjZP
R3UrbGgvZEdYdWhBcFJnV0FZZkJWZ3pxcVJNCjR5bzE3M3dHQWZSbWhqS0MrTURp
NnBPQS9xeE1nZFV1VFd5MW9NaFFlM1kKLS0tICsrUkpOaEFFMVExUHhJNSs4eHdB
SlMyTGQ5SWVCU3NLeVcvWmhUc3VSVGsKHJSSl1QFrHq6iefNEL7kpM+XYQ5abz8H
aL6KiK6wvPOWB2RAT5DDicPYSEPXWGpHYTzNT+/hVFk5fXk/zqzOhQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-10-24T15:24:12Z"
mac: ENC[AES256_GCM,data:cYWayG+pAQv1wTsx4ozbx33cl5QwuR+a480zQVl2RVJF028NlVR3yuYdndvwIT9QY79UVcix0pYtK3pm/zTpPLMz59oLIv1TNUdE4/10o3RGw+6fllKdxNftNBcos/1n6ENZRw6K7lviuG4ZKEZMDO3tvPC+XPoPofROyu9WMQE=,iv:Kddn/71vylvLkK7gT4p5juW2nI/qWB3Q+oCQ5hN4Zqk=,tag:AOrjSII1zWXPB0VPpol6Zw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

44
secrets/servo.yaml
View File

@@ -7,6 +7,7 @@ wg_ovpns_privkey: ENC[AES256_GCM,data:+SdnhsPyg6Vbl0itNLq4fBPONLBknkjFCr/4shTr2H
#ENC[AES256_GCM,data:857w7AqbAbVTOKFLxKcMkcQjJ7EkHZFwBRwtCJFspOk8do2f,iv:bIrXzdrhRYk79ZV+JCdIw4UVxq11/tTZUDL6Bwf+NoE=,tag:igMRz5UPX//JrF9NGCOwHQ==,type:comment]
#ENC[AES256_GCM,data:KzCOrdCiXHrVx+oGj2mz/+zkZ8eRRnFhHadx6FlXj8OXQDMvDkSPi6G2f6j5FE//G2F321mZCiMJ1Mf32tItGb0SxoEhyO9wxTesNn45hmA7M0z5HqTxACU=,iv:ksdz8j2fq1W/xnzu0y1JaIgbKzjiqj2KHCEYhkEKsrM=,tag:dbH/vy4JgL1eUeNpv7afSQ==,type:comment]
dovecot_passwd: ENC[AES256_GCM,data:GsXT6PQjCibzyr5G4W3IOIRL4xBuYqFYHpRJOjS2TvXIlTSwVrHbx5Vw5wLHI0zN14rvYy5sycJvEMiCC1YPVphAYNm7VHdo97sUGLpjZ1BpUaJ2KBx77jErxbPrJUSpAroojQFtXFYA2t2bTpOSjZGH7UeyZoLckZtdDqXmnBDvirwVDPNaPv04RrhnqehGyh8EN+b2b5KAm99U9H1oyxIL6mAMJo6FtduVejiVqJB2sl/myI5fJ+bvwkW1CLRmVi0JdVHs4BlTQpi5Q8Kx2SMOH02TP+QDSHv/O8ROpbZ8m0oTk2YbgAG7U8K0t55j8jjWX/7OD4nMv485PgzAMINdzI46g9l9afzo,iv:8MqpUkRPpGJiuWtrdTJAIDXrKZMI73LcwzOiqVMWR88=,tag:+zXmEPV90loAMJtL/+v3vA==,type:str]
freshrss_passwd: ENC[AES256_GCM,data:MilteAOk+MZjta+E7Zhxq80y,iv:VigZk0nNHvQNlm36jVN5YXY7bhxmx2CFBizbVFCA8O0=,tag:DKsxGsv53SsJsp3J7UIsgg==,type:str]
#ENC[AES256_GCM,data:1zQ8X9W4ZGquYEjEsN8YNLhwBt6kaRCKYMjM8GiZbKzsaqwt/cFk+4cC85+QKWF0FNlX38Uba7bI2FvC8fTIO8eoZ5VymJ9Du3NcExE1976FSIze44FhtkSKQkm/vQw5cb2sPNKBGFLSNV/IpdPu,iv:xwv2+Fns0k2STkS760v9p1XZ5s2HAz3wLb8xyIOGTGA=,tag:OGtHxQgyWxGKtg5I9nJAag==,type:comment]
nix_serve_privkey: ENC[AES256_GCM,data:JlLuslwyjKARo3Mo36SeRz6ctVuV+jzDMXACekaGs/UjP+Jm8PoxZsWjMcN+qq0tJB9xGMfi7TKHDi+XnK2k60h+7+yDyeqJQfjID6axMYmgxYUivq4CugutFVB27FmDPljUs2M7CRqe1IHrdjc=,iv:1iQVr9rP80hHCRSVD95KW7bpOWj3oZReJAvqa9TllJ8=,tag:6DDGtHF4suOyy2kcnqSDsQ==,type:str]
#ENC[AES256_GCM,data:cyptbs4VfXY4P4+W5e2LRZOHkpqvWzn2JEpV80w8cIaQ0lTZa/Hg7IwDNQcsYobmBFO2yLrKawHDKlDos2fMy0KgIhUrw4f8WksxdC06oMqS0mDtgA==,iv:StB34bvA8GWR+7nwOOpsiJ3yqGgeSg5frAgRMhff8nw=,tag:b1LYFzII2Ik1nmGXxgMZuw==,type:comment]
@@ -22,32 +23,41 @@ sops:
- recipient: age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyTWJwNXplSnJQTzUxVjBt
TzZ2aUZ4RUkyejVUQnpOdnpKajcxa0l3WWlrCmkwZVJuenhpN0R2OUxFV1pXUkVa
dk8ydnlnU1JvOElvNVovVlBjKzZVYlkKLS0tIHlVbkRRYllJR2J5UWhKeGg5SWJj
VExDaHc3amdTcWdUU3ZRUDNGREtxelEKXHuDfNM3uc3UBiPCAveG/u5b7C8zPzTi
GGCx0R+6swS9yVSAJ//nUvu1zFuFfGgm3mKaSqfqWKfDSMFvAp0Pyg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1TUlOMTlaemdpa2RxWDVL
MFVPM254czF1VWh2MTljZTcwekpiVzZCTlNFCkJGeTVCRE1zMERJclRwU3JzbW5m
WEdOSGxtUzJSS3JhS3NPK2Q4MXc3bG8KLS0tIGdBWEdYVXJNYitzTFVlUzkzekpJ
enFjWnhIVGR3WWVMMFRGSldhRWZPKzgKHp6QWSNQBy8a6odEiELsr+FV05kGiby7
4Wc+AyGTvuvIpoN4SQlYlUslHCHGd+Yk0hVutNVozLCY1//IpH8Dmw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHZmU5OUVQNkRSL0ZRKzNU
R3RIMERDV1NRdi81TkV0OVdGQlFIRG0vekFvCjg3dHI3WWJic3h5cTQrdjFINDdr
bndHSEc4dWk5WGM4K29FRXh2WCs5ZDgKLS0tIFY5UlNrQ0dtNW5IYXlUNnltelJX
Y0xFNFFtek5hZFZMWXhWQy9GWlBneEEKZqsFgGGCIMH58kaZJoO8yn8KlrJooDvp
iGO4qMjjgM5WvJjZbfk7trO1dNAhpKzjiJyirw9+lToqWPNnRw2Zwg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1z8fauff34cdecr6sjkre260luzxcca05kpcwvhx988d306tpcejsp63znu
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDY3NCbCtjY2ZHNkE2dWxN
Vk5nQ0Z2M1pQOXUzMVYyS3MxT252T1lhKzFJCm5NZ25DSlpZbnhTV0JMbVBvbm9j
SEtzdDJWS3gxby8rVlpzZ20yY3hRK2MKLS0tIGVqNUFZeGYxRnVSd3E1eitNUGFW
dEszSTFicTZRUzZxbFF5YWF1RmtwSkkKPle5Xw5gyd5YCPIAABaABNdgbpialJTV
hUOVdYCsmqd+spCA0Q9f0D3S5ud59iFq8moBh97BZQuLcc2qUeyJ2g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCNEl5K3dGQWVFRFI4SVlt
NFpvSFZaMGs0ZzYrWW4vbldaOWVpa3ZWV0c0CmxqOFR3RkdKNWUvQWtnSWZSUVlL
SUlHbWIvWGpsN1Vsclk4VWo1dUR2OGsKLS0tIFhRVU9NUzlnQkhDelEzalVFOHFM
UW9YZG9DUSt2OU03Sll5d1RZYlcySzAK9LneAD2s+me3ZkRGC098nhUlcVgRwMt9
yVgTCleC9groGaUq0J4rwhVQ4CuUHV2GL188QtmqVTBGLEftfHIDmQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tzlyex2z6t88tg9h82943e39shxhmqeyr7ywhlwpdjmyqsndv3qq27x0rf
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4UGdCMjRpRUFMdXJRQVgx
aklIY1dkOXRXNmliVjIyNHlUN1B1ZmZZbTB3CnFxQjZLbWkwWHRTN2lycEx4K3RL
UGdFVktETXJCSXhKSWFsbnNyU25tRzgKLS0tIDVsdmdxRDFnQU9XeHpibm00bm1C
U0ZlOUljcE9BL1lhcmIrVVl6eFdTUmMKBHmv96FmkL/oQw9//ATfem6HtORRjcce
xJNwnsdrEqrBS3sG6xDkmJYOjaFrg1pwxYZRG87zeLShgkXkMNvz2A==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpMlNZZGpVU1h3NkUyNkND
RnVpSWxrRmNxMjJ6dUJ5RkdaTWx0SHZMQlRNCjQzUFI5ejhuZ0RDcHNYQnZ5eFN4
Z3djZ2g3ajRxQXNEcUMzQWl0QzYyV0UKLS0tIFlDYXlhNFB5ekVKblJudmM3TEU0
cWplOHBNWjlJdGI3ZWtJc0t4Mk9URG8KE+9IPGYZsIs2PaDJ2AUE4gB4QEj5zo6P
aZVbubu6Tbg+tD/98RkfWAkNvoVeDYuLNPDNgqOL0UgCQiTrPPaTjw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-06-10T08:38:03Z"
mac: ENC[AES256_GCM,data:DroE9KGyV6hba0aPVYmwxpL8yXDa+AFsjyF5ttImW5bKzE9EM2I76APoGOyvOnnnbBRrOditWXA2HQzhf4M/7hq0CmLLph1J3I8xgEsaiJiExaKZQpQTBS/ZAHeygR/fvRcMmAY9VZRubv1iQ94rDkZ3C3UJ+8SMuwpdmdlaPYc=,iv:KkY0Kmd02QYx0Ds0LUY9tXz+AayKj6Y5p/rUO8sLYCc=,tag:gZDe+GOw2ULJ1yHONlt7bw==,type:str]
lastmodified: "2022-10-14T00:37:52Z"
mac: ENC[AES256_GCM,data:qKr1aKWxuJWwjUYX+JWAdwHFAwApHm9hOYBgZxAIXbXHhOo04K1MFBDTsAvtvN1a11QtCJYDNuVNpuRu3bf/5Ji5ROTaKfQCgPk+ZScJuWpLsxchYV+TnlREwQI+qgvogyMKMlPInozgd7RNnsePdg7DtYFfGMAvUtX9OidxAXI=,iv:EAkNQkIqoXtRy+uSb7ccl9T5b6hiyRll/m76nhir9AI=,tag:kCDEBJDW34VgLQPd4V+uYA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

28
secrets/servo/matrix_appservice_discord_env.bin
View File

@@ -1,28 +0,0 @@
{
"data": "ENC[AES256_GCM,data:7j1l4XJ8cp8MVuSmOedOZwGDWV11hmwFyLW43ixUBaZLWbUZ6Z4P4Gt+o7bj8gc/X8aiPV8sxAR/jY28Sc5DIaAnkKnXjesPVlG0c3oRAsXemKGX8fANkoNX5iEPbWAkFiJdLS6Fgdv2g4z6DQ4odvZQKrMchx8MPYq8icBvvbhKiGs5xo+MGrMBVRCZOERM2FJSy/q9zLv6hU5SfnnYDTMt,iv:poHHiCs0YOCv74dQ2kyXogdgTUqmKRgGq2r7lcxe4bQ=,tag:rz1/FLC5Q8S13TTWNKcYyQ==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2TjVWenJkYVdjeExzYjVj\nUVdFeUdMRUtwOWJNYUx6dFRWRXdEUWJhdkVFClM1UnhtWndYbE91RCtVRnl4TGp4\nZHNJNUliOWhqcUorZVBEQWR0eXZaMVEKLS0tIDdsVFJ2bmdNeVk5b3FJVDQ3T1BG\nU0taQlA1QVEvYVJweDQ5L2YwTmo2ek0K+nbzpIpjAhRgJ5Lw+mx/doGMjw0aMNkZ\n5sAnPJo88Sa/TW3qBN48xFBMLWMp/SKs2JTaMu0xW0u2SkQX38TLlw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1z8fauff34cdecr6sjkre260luzxcca05kpcwvhx988d306tpcejsp63znu",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyUFBSYVJZUmRBcGJXclNP\nRDRUZnRKMmYwdFhQcE1oWUhrZGxNTk5YOFIwCldUMW92NGl0VVBsS0JtYjJOTW9E\nK2ZZdm9GK3FOMitUdEU3QStsR2svQWMKLS0tIE9SWXAzVndsdGY3Uzh2eHpBRjdO\nTVc4cWNDUWRuSWRmZC8rK1ZFS2l4WEkKQR9mApDjb0k14W3jK+CEz3Dez6wSBpg+\nZ7uUfSbPXFxRxvNEascRn/+EHPcd/A7MZjViDUyWVcP6fSMPsQvxhw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1tzlyex2z6t88tg9h82943e39shxhmqeyr7ywhlwpdjmyqsndv3qq27x0rf",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkWHlteTRDcHRneW9hbzlh\nMHBjZ2RHeDBIbDM2QXVxK09mcERVSUliVWw0Ckg1dGFkUUxPQW1HcDFXcEEyejFD\nWW5qUkNwRkdIdjRiTFJNd0Q5NWpLUUEKLS0tIG1wTnk1aEhudm9VZjZRVGRWWnR0\nVHlFbUJHaitadDVOSG1FMTBqeHJGV0kKAjuuw3j4dx3QfNcjyl8XCP9Q6oOkLZBN\nsW7uCqbVgBCG+uIggwefLWAy8g6PYlLj0aumgLPYVsXShbQYi32m/g==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2022-10-06T05:07:20Z",
"mac": "ENC[AES256_GCM,data:9WR8xfs5XIkWxDlJVX1EiSJBLBgWMR99PJJXCK9RcbuChK7QvjWjEflwq419qeNbMWdHLkUwSQrBsoHomaiGWFOPZ0C8bqcqDl0zzXMk7nBxM4UgTjRLmML2tdI2bCS0DC0AtytThYPvkW+JHgKB6bOAEw/bVWVP4YJQKWEf6FY=,iv:nG+J7jCdqZHp6x6Vlvye7BbK7YSl0Y9cjTWbW/BZLxo=,tag:OWqXktZE52Q3j7D2KG+vHw==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"
}
}

6
secrets/universal/net/home-shared-24G.psk.bin
View File

@@ -1,5 +1,5 @@
{
"data": "ENC[AES256_GCM,data:U0EwYI7Y0s6SO0lCqF0J8Zw9dyAiaiUBUOMh6tC8cLP2dSbCCptKeL6r64zhjZM1JHJ7MK/DbGVyq6c9osh8OtU=,iv:6wElrgQM6r+Cm/FNGrQeWOVUG2m5TXWiEyMkiCLtnXM=,tag:xjDgGK6QCWw6UlKxvyv52A==,type:str]",
"data": "ENC[AES256_GCM,data:eB7lM7gzQVRrs31/vb4D19N0xvmau5mp77scLaj6h9HHI/6sJ9LTu+gfSGQIOID7xJA4m1T77aYLC6wC9tXBOAVwcdFcXrFsoYuVU2COtRPWTjeMWiK3t5eQ6TLrgru6OUcC0bpeCtZhQbXYkBTBViMNOfXdah0t9NxGPrSn0pNwMs22Ndcc1zRJFPqvjcaVWCxRsfWWBZfDx+AK0PWwxCbHaDMx9Vw5vJltmF1NVc37dTqIVRY/n4xNbqA1pEs4Ese8rjojU9VZFObpJb0k,iv:JAJIuOzPM3/jw/3APWPCCwuhXaFlKABFqch8GUDFX9E=,tag:S7Tk3T+/8H7pIWMKkrfGSg==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
@@ -39,8 +39,8 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHVTQyV0o3eWtQTEsxTXNZ\ndGJjcjQwWjA2QXFubmJSdGwyRHliRmtQSW1VCmh1K2l0NnVmNUlMUjdmd09IeG5a\nTVgvOWh1RWZZZnB1RkNHMjVSMG1pVG8KLS0tIElNbk53dnJxRE90WHZSbFVYRVAr\nNjcraVhhWVdpTDZJOG9uaUVmWFF2T00KGyNISTg/g7v1+VFlCg0MjDTjbcahdSQk\nQpxdjvqQ3qtcfOS/+OO5CZYEJIVp6YybXyHJ4SSbaED22YtTJGmRNw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2022-09-29T11:29:49Z",
"mac": "ENC[AES256_GCM,data:LaNUZ90jysY/2qR7UpZ14wS40AMtFYb9U/siHNRxQgWAz/6jIEWAbKm9AgkT0rA4swQoDlmcDof01UtFTrh9whfKjiOovjuqVUzeflZbKECjvbTh5UPbMedTaAJ3LU9HrO6JVB4eGlsXhO8s75larG6tRNiwvXzrVS1icRS6ebM=,iv:/uypXokTQu4IkqNyY10MBQj0XXLLtWYNmloY3rttqfw=,tag:WXX1aUnOZYUVEy8QgQNZHw==,type:str]",
"lastmodified": "2022-10-10T06:28:09Z",
"mac": "ENC[AES256_GCM,data:GnYn/2ZxpiaNiS/nXITkyETliL8HLnhP7iIlagna7xEnng5ttWTRvrzvF2P2ehUcCb7t7c0M7DPhA4rqLZlqvNNP+qi9UKkZ+Skn9e7d67hPmIrp6bOPpY+UGFmIA71xWjGUehtT7AfbHqYo26VjaYzP/OPrVT3uuAMkw8xsRo8=,iv:ISQUmG3speflSfQoU9eefYmfPw3Sq0cJPzIirk7W9rA=,tag:LkSnOJfBca/8KQggXmvYdA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"

6
secrets/universal/net/home-shared.psk.bin
View File

@@ -1,5 +1,5 @@
{
"data": "ENC[AES256_GCM,data:SFlFGQxJUdMADvYgSMRB3zNsC8f3FmUbFtVylyCRt20T0ZBzxmkfApdPcpok3lXAKJ+EC042Aac9zEJU,iv:fxEsrF543nRrkfriVgdhUSJMi3FhXNTMwK4+4qzSM+w=,tag:fygQgjcedtPCZfdMOHnuEg==,type:str]",
"data": "ENC[AES256_GCM,data:ou55VGY+beKMouNj4qQaBOAZK/5UKu6A521lNW2i0KlSmgJ8qQ501lesy0bEmDkZqqhluP8XE5FZLwEXvqqMh/TBuN1OkCsQis53/M1s0g==,iv:Ir5uD1P8OlHlcjGCHVkUHr0AjoXzd7kOcAeajo66hUE=,tag:m+rReK9o/8TG4LBkNN1ZZQ==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
@@ -39,8 +39,8 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAraXJQOHR6ZzE5TjNQYmpB\nSStEQS9mcUpMSXlFQ05DcllFSjNOT1pWdVJZCmtSL3FkZ2Q1cU1Fc1dZbG13eXJC\nTXJkN0NzWTlDOEFMRGNQUG5HQUNUVDgKLS0tIGRwcmVxS0lNQ09GdmxKY2pkQ2Yz\nSkpZam1ZQUN1L1FZZ010ZlhUV1N4VlkKqsFAE+xZ24IMzIFjbsgANdjiGwVZk5rq\n66y00bjw+uj6WOwQuE1I9WcYDhCXEUQB9u4Q+hzejaFzCJ90N/WF4w==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2022-09-29T11:30:17Z",
"mac": "ENC[AES256_GCM,data:x0pSMtOrID2h1E0PgEHLBcESOYZvkJE07UpCK+TN3zqMfyUFoDRK/Ro335QZXekQ7VSdSKFj/al7bpgscYO+ZXHrCHoFIW/HF6YSOKRzobVT3SXP0e9u/1BpGQW8qtaOVwWb0M8jpgoJ7W+OwzgMHIU9DW3NopfxZy10al+48Tw=,iv:JiA8z9MWEM68Eqip0Bp7xQR65Lu12dhWZFvH43vbABA=,tag:LyIgygW8Cr9VCxs/aKoXGw==,type:str]",
"lastmodified": "2022-10-08T03:39:12Z",
"mac": "ENC[AES256_GCM,data:4Rr2iqmzLtE9i45Hn10wuf8unKt+YNAYTF3RWwEW1AjN+pF7ZvwMbrUutRCb6uMxCQUyNl+adfFRu8Xae0/SqFBfdAPxzeQZGrBjb384seLrNS0XyUacfdoSCczrRUF8+F3mIHetaJCd2jOpoh5HotoSN3fx+nZNhD+56XmJBr0=,iv:YlDMimhG+a9Wzq0ZN0tnZ1gH69e7olyHGWhIV2/4K64=,tag:GjVzbNa/NdzVmdPyE5etXw==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"

6
secrets/universal/net/iphone.psk.bin
View File

@@ -1,5 +1,5 @@
{
"data": "ENC[AES256_GCM,data:XGhxqtkmLOKQqcdmJvQ9rKdUW0qassF2glLvUpAs6uyO6WHVKvXKhAIJIsZZbd1RRlJ5PuwBvu7lKIrcVIswKvwF/MhXTCqfoB0fpmysaCpKdkLYojiSvsHQAXB9gIAnL0dVIEvZ+s7MRG5wp8s2+y18JsgS8jBM0vMFoLxVF41isocMcxO0a1wnCjAWy2s0845OOjhVSNCuVSjI5Oc1dTO9vycDHV4Y6MulFoBSlwfJdUf2nVR/FNuCxyxFX//wgRuN3cg1zkmoBblnvkccMGIzkmuByUAlqdaaug/Q,iv:9HIUqe5dTjVrHM5a9IrpYLtsDpg3Ts3mX9H8M8M572o=,tag:2EK0Zj6DTM/QmbVL+lG8wg==,type:str]",
"data": "ENC[AES256_GCM,data:fFb8QudY/dQNjrEtPMs7fnJxywLrSN1A4mgpZRw0Bicz5kFlr70qSSAd3jOg1YJm/x7nRLWLcEAv9Nn99bLywkLiiWaVhWmVGp6jTI3Mj0SX5lET7Xt0slcrJm6qUt6rTkH2dGueOm37m0rU7iR44bs/rWStNBbmuQRurRGo3zaxRSC0djyQ1wwbALJ1zhHQhf4=,iv:58ZLkQra5PJ6u4Xc1aztZ1ywlAmbudRSrk23MEbNv64=,tag:Nr4SNsqUytUMlM3i/nf0LA==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
@@ -39,8 +39,8 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtYlJWZ2t6WDlRdUJqU2pG\nYkE3T005bUhCcUJ0TEw0MEdDY1JFUzJjcVMwCkhCckRzcldLWTJPSEVjbHk3VE1p\nY21rRWR3cUVscmNiL29NL3M1QjZsYlUKLS0tIDJ4M3JtdGFRbUhFR2FtSGVuZk9n\nL1VjS1hnbzZwT1lQalJBbFU0SjFOWkUKUkGyPmpilSZdupNlR+cD4+HUOwyNm8WF\nu3vS7Ec4FJcjnx2t185yXEStZSVGptw/wKTxJiJ5P9by75XkAJZFmg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2022-10-09T02:24:20Z",
"mac": "ENC[AES256_GCM,data:AIRI5vLpVvWuxjvPerwzsBnwsSPrtazgCMPjP2be5aUcglT9e+98Dlg+jX60XjiO/1DvEepoCLd5Xnr6GHOkgRRR90YPsZT9eRttwhBavXaOF2Da7zwP5ZOg3cO0JGQsegTxJYFMmROCZppybL6EOsT2n18pc2M2HdEBt5oKP2k=,iv:ive5dqvbBQ3Ef5ycZP+l1Vuc38ylFTJhGh5+ksMCyAc=,tag:OP9EgZN2q2OKPRpOv2x7Tg==,type:str]",
"lastmodified": "2022-10-10T11:53:54Z",
"mac": "ENC[AES256_GCM,data:CnF1ePN5hPJU37H0Qx7R1K9qvLDJuTv0hppv+sIjYyetVUjxVduS6e8szGPmZz4uBgglmtSIEOSc+j2MCrQ2AIkJmS9LoGH2FX1lzId4h8KdBs+aJZmngNPiO6apcVsNDKBmcQnw1gweJefpTKgJnhVbo9cw/bwRqs9hJMrQDDU=,iv:G5Hwonp9AB12xOxPFFVK1+xo5JSYOGacSbAZ2RFy5wo=,tag:p5zHaSzjZcVaIgTsBb0Ohw==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"