colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: colin:wip/less-disable-flakey-tests
Branches Tags
colin:master colin:2025-03-02-pure colin:2025-02-23-nixpkgs-update colin:2025-02-17-nixpkgs-update-2 colin:2025-02-17-nixpkgs-update colin:2025-01-30-wip-blanket colin:2025-01-30-wip-sane-vpn-up-bind-fix colin:2024-12-29-bind colin:2024-12-26-nixpkgs-update colin:2024-09-25-ppp-kernel colin:2024-09-20-megapixels colin:2024-08-14-wip-sandbox-share colin:2024-08-12-wip-flatpak colin:2024-08-11-wip-firefox-xdg-open colin:wip-2024-08-01-nixpkgs-bump colin:wip-secure-mounts colin:wip-login-gocryptfs-rework2 colin:dev colin:save-geoclue-polkit-override colin:wip-doofnet colin:tx-to-desko colin:wip-nm-systemd-sandbox colin:test-nm-nixpkgs-refactor colin:wip-polyunfill-pam colin:wip-trust-dns colin:wip-mpv-sysvol colin:wip-s6-2 colin:wip-nix-fast-build colin:wg-dev colin:wip-mootube colin:wip-swaync-update colin:wip-sxmo-suspend colin:sxmo-sway-merge colin:dev-export colin:wip-proot3 colin:wip-emulate-builder3 colin:wip-emulate-builder2 colin:wip-emulate-builder colin:staging/nixpkgs-2023-07-29 colin:staging/nixpkgs-2023-07-25 colin:wip/koreader colin:staging/gtk-theme colin:staging/nixpkgs-2023-06-27 colin:staging/nixpkgs-2023-06-23 colin:staging/nixpkgs-2023-06-22 colin:wip/sxmo-as-pkg2 colin:wip/sxmo-as-pkg colin:staging/nixpkgs-2023-06-10 colin:staging/nixpkgs-2023-06-07 colin:staging/jellyfin-cross colin:staging/dns-refactor colin:staging/nixpkgs-2023-05-24 colin:staging/nixpkgs-2023-05-22 colin:staging/librewolf-ext colin:staging/nixpkgs-2023-05-14 colin:staging/nur colin:staging/nixpkgs-2023-04-28 colin:staging/nixpkgs-2023-04-24-staging-next colin:staging/nixpkgs-2023-04-19-staging-next colin:staging/nixpkgs-2023-04-11 colin:staging/nixpkgs-2023-04-08 colin:wip/less-disable-flakey-tests colin:staging/nixpkgs-next-2023-03-28 colin:staging/nixpkgs-next-2023-03-11 colin:staging/nixpkgs-2023-03-09 colin:staging/nixpkgs-2023-03-08 colin:staging/nixpkgs-2023-03-04 colin:staging/ccache colin:wip/ccache colin:staging/mesa-downgrade-10 colin:staging/mesa-downgrade-12 colin:staging/nixpkgs-2023-02-25 colin:staging/mesa-downgrade-9 colin:staging/mesa-downgrade-8 colin:staging/nixpkgs-2023-02-09 colin:staging/mesa-downgrade-7 colin:staging/mesa-downgrade-6 colin:staging/mesa-downgrade-5 colin:staging/mesa-downgrade-4 colin:staging/mesa-downgrade-3 colin:staging/mesa-downgrade-2 colin:staging/nixpkgs-2023-02-01 colin:staging/mesa-downgrade colin:wip/packages2 colin:wip/packages colin:archive/dovecot-sieve colin:historic/fix-handbrake colin:wip/sway3-dbg colin:wip/sway2 colin:wip/sway colin:staging/nixpkgs-2023-01-25 colin:staging/linux-6.2 colin:staging/nixpkgs-2023-01-23 colin:wip/hosts colin:staging/nixpkgs-2023-01-15 colin:wip/signal colin:wip/mx-signal colin:wip/flake-std-uri colin:stable colin:staging/master colin:wip/moby-kernel colin:wip/feeds3 colin:wip/feeds2 colin:wip/overlays colin:wip/feeds colin:staging/merge colin:staging/nixpkgs-2023-01-04 colin:staging/impermanence-stores colin:wip/impermanence-fs colin:staging/impermanence-encrypt2 colin:staging/impermanence-encrypt colin:staging/nixpkgs-2022-12-22 colin:staging/nixpkgs-2022-12-18 colin:staging/nixpkgs-2022-12-02 colin:staging/moby-6.1.0-rc7 colin:staging/nixpkgs-2022-11-27 colin:ryzen-servo colin:staging/nixpkgs-2022-11-21 colin:staging/nixpkgs-2022-11-09 colin:staging/lightdm-mobile-upstream colin:staging/nixpkgs-2022-10-31 colin:stacking/nixpkgs-2022-10-30 colin:staging/nixpkgs-2022-10-29 colin:wip/tokodon colin:staging/pleroma-update colin:staging/nixpkgs-2022-10-22 colin:testing/munin colin:staging/nixpkgs-2022-10-20 colin:staging/phosh-lightdm colin:archive/2022-10-14-matrix-appservice-discord colin:staging/nixpkgs-2022-10-08 colin:wip/arm-flutter colin:staging/2022-10-08-flutter-update colin:staging/phosh-mobile-settings-2 colin:staging/phosh-mobile-settings colin:fork/alsa-pinephone-patch colin:wip.fluffychat.2022.09.20 colin:wip/fluffychat colin:wip-vulkan colin:wip-servoimg colin:wip-kaiteki
colin:test-tag
..
compare: colin:wip/sway3-dbg
Branches Tags
colin:master colin:2025-03-02-pure colin:2025-02-23-nixpkgs-update colin:2025-02-17-nixpkgs-update-2 colin:2025-02-17-nixpkgs-update colin:2025-01-30-wip-blanket colin:2025-01-30-wip-sane-vpn-up-bind-fix colin:2024-12-29-bind colin:2024-12-26-nixpkgs-update colin:2024-09-25-ppp-kernel colin:2024-09-20-megapixels colin:2024-08-14-wip-sandbox-share colin:2024-08-12-wip-flatpak colin:2024-08-11-wip-firefox-xdg-open colin:wip-2024-08-01-nixpkgs-bump colin:wip-secure-mounts colin:wip-login-gocryptfs-rework2 colin:dev colin:save-geoclue-polkit-override colin:wip-doofnet colin:tx-to-desko colin:wip-nm-systemd-sandbox colin:test-nm-nixpkgs-refactor colin:wip-polyunfill-pam colin:wip-trust-dns colin:wip-mpv-sysvol colin:wip-s6-2 colin:wip-nix-fast-build colin:wg-dev colin:wip-mootube colin:wip-swaync-update colin:wip-sxmo-suspend colin:sxmo-sway-merge colin:dev-export colin:wip-proot3 colin:wip-emulate-builder3 colin:wip-emulate-builder2 colin:wip-emulate-builder colin:staging/nixpkgs-2023-07-29 colin:staging/nixpkgs-2023-07-25 colin:wip/koreader colin:staging/gtk-theme colin:staging/nixpkgs-2023-06-27 colin:staging/nixpkgs-2023-06-23 colin:staging/nixpkgs-2023-06-22 colin:wip/sxmo-as-pkg2 colin:wip/sxmo-as-pkg colin:staging/nixpkgs-2023-06-10 colin:staging/nixpkgs-2023-06-07 colin:staging/jellyfin-cross colin:staging/dns-refactor colin:staging/nixpkgs-2023-05-24 colin:staging/nixpkgs-2023-05-22 colin:staging/librewolf-ext colin:staging/nixpkgs-2023-05-14 colin:staging/nur colin:staging/nixpkgs-2023-04-28 colin:staging/nixpkgs-2023-04-24-staging-next colin:staging/nixpkgs-2023-04-19-staging-next colin:staging/nixpkgs-2023-04-11 colin:staging/nixpkgs-2023-04-08 colin:wip/less-disable-flakey-tests colin:staging/nixpkgs-next-2023-03-28 colin:staging/nixpkgs-next-2023-03-11 colin:staging/nixpkgs-2023-03-09 colin:staging/nixpkgs-2023-03-08 colin:staging/nixpkgs-2023-03-04 colin:staging/ccache colin:wip/ccache colin:staging/mesa-downgrade-10 colin:staging/mesa-downgrade-12 colin:staging/nixpkgs-2023-02-25 colin:staging/mesa-downgrade-9 colin:staging/mesa-downgrade-8 colin:staging/nixpkgs-2023-02-09 colin:staging/mesa-downgrade-7 colin:staging/mesa-downgrade-6 colin:staging/mesa-downgrade-5 colin:staging/mesa-downgrade-4 colin:staging/mesa-downgrade-3 colin:staging/mesa-downgrade-2 colin:staging/nixpkgs-2023-02-01 colin:staging/mesa-downgrade colin:wip/packages2 colin:wip/packages colin:archive/dovecot-sieve colin:historic/fix-handbrake colin:wip/sway3-dbg colin:wip/sway2 colin:wip/sway colin:staging/nixpkgs-2023-01-25 colin:staging/linux-6.2 colin:staging/nixpkgs-2023-01-23 colin:wip/hosts colin:staging/nixpkgs-2023-01-15 colin:wip/signal colin:wip/mx-signal colin:wip/flake-std-uri colin:stable colin:staging/master colin:wip/moby-kernel colin:wip/feeds3 colin:wip/feeds2 colin:wip/overlays colin:wip/feeds colin:staging/merge colin:staging/nixpkgs-2023-01-04 colin:staging/impermanence-stores colin:wip/impermanence-fs colin:staging/impermanence-encrypt2 colin:staging/impermanence-encrypt colin:staging/nixpkgs-2022-12-22 colin:staging/nixpkgs-2022-12-18 colin:staging/nixpkgs-2022-12-02 colin:staging/moby-6.1.0-rc7 colin:staging/nixpkgs-2022-11-27 colin:ryzen-servo colin:staging/nixpkgs-2022-11-21 colin:staging/nixpkgs-2022-11-09 colin:staging/lightdm-mobile-upstream colin:staging/nixpkgs-2022-10-31 colin:stacking/nixpkgs-2022-10-30 colin:staging/nixpkgs-2022-10-29 colin:wip/tokodon colin:staging/pleroma-update colin:staging/nixpkgs-2022-10-22 colin:testing/munin colin:staging/nixpkgs-2022-10-20 colin:staging/phosh-lightdm colin:archive/2022-10-14-matrix-appservice-discord colin:staging/nixpkgs-2022-10-08 colin:wip/arm-flutter colin:staging/2022-10-08-flutter-update colin:staging/phosh-mobile-settings-2 colin:staging/phosh-mobile-settings colin:fork/alsa-pinephone-patch colin:wip.fluffychat.2022.09.20 colin:wip/fluffychat colin:wip-vulkan colin:wip-servoimg colin:wip-kaiteki
colin:test-tag

2 Commits
wip/less-d ... wip/sway3-

Author SHA1 Message Date
Colin
cd9e81c632 waybar: fix by specifying bars as list instead of attrs (wtf home-manager?) 2023-01-29 08:03:20 +00:00
Colin
64b517f8c0 refactor: port waybar config out of home-manager 2023-01-28 12:29:16 +00:00
130 changed files with 1909 additions and 5376 deletions
Expand all files Collapse all files

125
flake.lock generated
View File

@@ -2,11 +2,11 @@
"nodes": {
"flake-utils": {
"locked": {
"lastModified": 1678901627,
"narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
@@ -15,14 +15,35 @@
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1667907331,
"narHash": "sha256-bHkAwkYlBjkupPUFcQjimNS8gxWSWjOTevEuwdnp5m0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "6639e3a837fc5deb6f99554072789724997bc8e5",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-22.05",
"repo": "home-manager",
"type": "github"
}
},
"mobile-nixos": {
"flake": false,
"locked": {
"lastModified": 1679516998,
"narHash": "sha256-w4baQlS84X8Lf0E5RN0nGkx03luDuV1X0+jWMAXm6fs=",
"lastModified": 1674779092,
"narHash": "sha256-mFBD0Dvjf8tuxWtJhsCQ+8VYqI4fQeWjd/vfWsZiRRo=",
"owner": "nixos",
"repo": "mobile-nixos",
"rev": "7a6e97e3af73c4cca87e12c83abcb4913dac7dbc",
"rev": "80ece5a61738fbf3b96fdda402ab2dfc74ee5cee",
"type": "github"
},
"original": {
@@ -31,46 +52,46 @@
"type": "github"
}
},
"nix-serve": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1678202930,
"narHash": "sha256-SF82/tTnagdazlETJLzXD9kjZ6lyk38agdLbmMx1UZE=",
"owner": "edolstra",
"repo": "nix-serve",
"rev": "3b6d30016d910a43e0e16f94170440a3e0b8fa8d",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "nix-serve",
"type": "github"
}
},
"nixpkgs": {
"inputs": {
"nixpkgs": [
"nixpkgs-unpatched"
]
},
"locked": {
"lastModified": 1606086654,
"narHash": "sha256-VFl+3eGIMqNp7cyOMJ6TjM/+UcsLKtodKoYexrlTJMI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "19db3e5ea2777daa874563b5986288151f502e27",
"type": "github"
"lastModified": 1,
"narHash": "sha256-5pNu9Ph1LIBj5q9RWLV3r7daANjmd4u5y+MVq8vlfS4=",
"path": "/nix/store/bjzsgw8zn4av0dv4sqyj7vxhi43na16y-source/nixpatches",
"type": "path"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-20.09",
"type": "indirect"
"path": "/nix/store/bjzsgw8zn4av0dv4sqyj7vxhi43na16y-source/nixpatches",
"type": "path"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1680390120,
"narHash": "sha256-RyDJcG/7mfimadlo8vO0QjW22mvYH1+cCqMuigUntr8=",
"lastModified": 1674692158,
"narHash": "sha256-oqGpwVg4D+eMSgF7Th5Ve1ysCiH3H3g85vGJ3nvJsZQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "def9e420d27c951026d57dc96ce0218c3131f412",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1674352297,
"narHash": "sha256-OkAnJPrauEcUCrst4/3DKoQfUn2gXKuU6CFvhtMrLgg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c1e2efaca8d8a3db6a36f652765d6c6ba7bb8fae",
"rev": "918b760070bb8f48cb511300fcd7e02e13058a2e",
"type": "github"
},
"original": {
@@ -82,24 +103,26 @@
},
"nixpkgs-unpatched": {
"locked": {
"lastModified": 1680415272,
"narHash": "sha256-S2J9n+sSeAAdXWHrz/s9pyS5fhbQilfNqYrs6RCUyN8=",
"lastModified": 1674641431,
"narHash": "sha256-qfo19qVZBP4qn5M5gXc/h1MDgAtPA5VxJm9s8RUAkVk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "66f60deb8aa348ca81d60d0639ae420c667ff92a",
"rev": "9b97ad7b4330aacda9b2343396eb3df8a853b4fc",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "staging-next",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"home-manager": "home-manager",
"mobile-nixos": "mobile-nixos",
"nix-serve": "nix-serve",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable",
"nixpkgs-unpatched": "nixpkgs-unpatched",
"sops-nix": "sops-nix",
"uninsane-dot-org": "uninsane-dot-org"
@@ -108,16 +131,16 @@
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs-unpatched"
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1680404136,
"narHash": "sha256-06D8HJmRv4DdpEQGblMhx2Vm81SBWM61XBBIx7QQfo0=",
"lastModified": 1674546403,
"narHash": "sha256-vkyNv0xzXuEnu9v52TUtRugNmQWIti8c2RhYnbLG71w=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "b93eb910f768f9788737bfed596a598557e5625d",
"rev": "b6ab3c61e2ca5e07d1f4eb1b67304e2670ea230c",
"type": "github"
},
"original": {
@@ -130,15 +153,15 @@
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs-unpatched"
"nixpkgs"
]
},
"locked": {
"lastModified": 1680086409,
"narHash": "sha256-Q2QcVgKvTj/LLuZX9dP8ImySWD5sTn8DDI5+EggRn2c=",
"lastModified": 1666870107,
"narHash": "sha256-b9eXZxSwhzdJI5uQgfrMhu4SY2POrPkinUg7F5gQVYo=",
"ref": "refs/heads/master",
"rev": "068f176a64f0e26dc8c1f0eccf28cbd05be4909b",
"revCount": 182,
"rev": "80c6ec95bd430e29d231cf745f19279bb76fb382",
"revCount": 164,
"type": "git",
"url": "https://git.uninsane.org/colin/uninsane"
},

191
flake.nix
View File

@@ -12,11 +12,6 @@
# - Flake RFC: <https://github.com/tweag/rfcs/blob/flakes/rfcs/0049-flakes.md>
# - Discussion: <https://github.com/NixOS/rfcs/pull/49>
# - <https://serokell.io/blog/practical-nix-flakes>
#
#
# COMMON OPERATIONS:
# - update a specific flake input:
# - `nix flake lock --update-input nixpkgs`
{
# XXX: use the `github:` scheme instead of the more readable git+https: because it's *way* more efficient
@@ -24,62 +19,46 @@
# but `inputs` is required to be a strict attrset: not an expression.
inputs = {
# <https://github.com/nixos/nixpkgs/tree/nixos-22.11>
# nixpkgs-stable.url = "github:nixos/nixpkgs?ref=nixos-22.11";
nixpkgs-stable.url = "github:nixos/nixpkgs?ref=nixos-22.11";
# <https://github.com/nixos/nixpkgs/tree/nixos-unstable>
# nixpkgs-unpatched.url = "github:nixos/nixpkgs?ref=nixos-unstable";
nixpkgs-unpatched.url = "github:nixos/nixpkgs?ref=staging-next";
# nixpkgs = {
# url = "./nixpatches";
# inputs.nixpkgs.follows = "nixpkgs-unpatched";
# };
nixpkgs-unpatched.url = "github:nixos/nixpkgs?ref=nixos-unstable";
nixpkgs = {
url = "./nixpatches";
inputs.nixpkgs.follows = "nixpkgs-unpatched";
};
mobile-nixos = {
# <https://github.com/nixos/mobile-nixos>
url = "github:nixos/mobile-nixos";
flake = false;
};
home-manager = {
# <https://github.com/nix-community/home-manager/tree/release-22.05>
url = "github:nix-community/home-manager?ref=release-22.05";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
# <https://github.com/Mic92/sops-nix>
url = "github:Mic92/sops-nix";
# inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs.follows = "nixpkgs-unpatched";
inputs.nixpkgs.follows = "nixpkgs";
};
uninsane-dot-org = {
url = "git+https://git.uninsane.org/colin/uninsane";
# inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs.follows = "nixpkgs-unpatched";
};
nix-serve = {
# <https://github.com/edolstra/nix-serve>
url = "github:edolstra/nix-serve";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = {
self,
nixpkgs,
nixpkgs-stable,
nixpkgs-unpatched,
mobile-nixos,
home-manager,
sops-nix,
uninsane-dot-org,
nix-serve,
...
}@inputs:
uninsane-dot-org
}:
let
inherit (builtins) attrNames elem listToAttrs map mapAttrs;
mapAttrs' = f: set:
listToAttrs (map (attr: f attr set.${attr}) (attrNames set));
# mapAttrs but without the `name` argument
mapAttrValues = f: mapAttrs (_: f);
# rather than apply our nixpkgs patches as a flake input, do that here instead.
# this (temporarily?) resolves the bad UX wherein a subflake residing in the same git
# repo as the main flake causes the main flake to have an unstable hash.
nixpkgs = (import ./nixpatches/flake.nix).outputs {
self = nixpkgs;
nixpkgs = nixpkgs-unpatched;
};
nixpkgsCompiledBy = local: nixpkgs.legacyPackages."${local}";
evalHost = { name, local, target }:
@@ -92,57 +71,34 @@
nixosSystem = import ((nixpkgsCompiledBy target).path + "/nixos/lib/eval-config.nix");
in
(nixosSystem {
# we use pkgs built for and *by* the target, i.e. emulation, by default.
# cross compilation only happens on explicit access to `pkgs.cross`
system = target;
modules = [
(import ./hosts/instantiate.nix { localSystem = local; hostName = name; })
self.nixosModules.default
self.nixosModules.passthru
{
nixpkgs.overlays = [
self.overlays.disable-flakey-tests
self.overlays.default
self.overlays.passthru
self.overlays.pins
self.overlays.pkgs
# self.overlays.optimizations
];
nixpkgs.hostPlatform = target;
# nixpkgs.buildPlatform = local; # set by instantiate.nix instead
# nixpkgs.config.replaceStdenv = { pkgs }: pkgs.ccacheStdenv;
}
];
});
in {
nixosConfigurations =
let
hosts = {
servo = { name = "servo"; local = "x86_64-linux"; target = "x86_64-linux"; };
desko = { name = "desko"; local = "x86_64-linux"; target = "x86_64-linux"; };
lappy = { name = "lappy"; local = "x86_64-linux"; target = "x86_64-linux"; };
moby = { name = "moby"; local = "x86_64-linux"; target = "aarch64-linux"; };
rescue = { name = "rescue"; local = "x86_64-linux"; target = "x86_64-linux"; };
};
# cross-compiled builds: instead of emulating the host, build using a cross-compiler.
# - these are faster to *build* than the emulated variants (useful when tweaking packages),
# - but fewer of their packages can be found in upstream caches.
cross = mapAttrValues evalHost hosts;
emulated = mapAttrValues
({name, local, target}: evalHost {
inherit name target;
local = null;
})
hosts;
prefixAttrs = prefix: attrs: mapAttrs'
(name: value: {
name = prefix + name;
inherit value;
})
attrs;
in
(prefixAttrs "cross-" cross) //
(prefixAttrs "emulated-" emulated) // {
# prefer native builds for these machines:
inherit (emulated) servo desko lappy rescue;
# prefer cross-compiled builds for these machines:
inherit (cross) moby;
nixosConfigurations = {
servo = evalHost { name = "servo"; local = "x86_64-linux"; target = "x86_64-linux"; };
desko = evalHost { name = "desko"; local = "x86_64-linux"; target = "x86_64-linux"; };
lappy = evalHost { name = "lappy"; local = "x86_64-linux"; target = "x86_64-linux"; };
moby = evalHost { name = "moby"; local = "aarch64-linux"; target = "aarch64-linux"; };
# special cross-compiled variant, to speed up deploys from an x86 box to the arm target
# note that these *do* produce different store paths, because the closure for the tools used to cross compile
# v.s. emulate differ.
# so deploying foo-cross and then foo incurs some rebuilding.
moby-cross = evalHost { name = "moby"; local = "x86_64-linux"; target = "aarch64-linux"; };
rescue = evalHost { name = "rescue"; local = "x86_64-linux"; target = "x86_64-linux"; };
};
# unofficial output
@@ -159,42 +115,22 @@
# - if fs wasn't resized automatically, then `sudo btrfs filesystem resize max /`
# - checkout this flake into /etc/nixos AND UPDATE THE FS UUIDS.
# - `nixos-rebuild --flake './#<host>' switch`
imgs = mapAttrValues (host: host.config.system.build.img) self.nixosConfigurations;
imgs = builtins.mapAttrs (_: host-dfn: host-dfn.config.system.build.img) self.nixosConfigurations;
# unofficial output
host-pkgs = mapAttrValues (host: host.config.system.build.pkgs) self.nixosConfigurations;
overlays = {
# N.B.: `nix flake check` requires every overlay to take `final: prev:` at defn site,
# hence the weird redundancy.
default = final: prev: self.overlays.pkgs final prev;
disable-flakey-tests = final: prev: import ./overlays/disable-flakey-tests.nix final prev;
pkgs = final: prev: import ./overlays/pkgs.nix final prev;
pins = final: prev: import ./overlays/pins.nix final prev;
optimizations = final: prev: import ./overlays/optimizations.nix final prev;
passthru = final: prev:
overlays = rec {
default = pkgs;
pkgs = import ./overlays/pkgs.nix;
pins = import ./overlays/pins.nix; # TODO: move to `nixpatches/` input
passthru =
let
stable =
if inputs ? "nixpkgs-stable" then (
final': prev': {
stable = inputs.nixpkgs-stable.legacyPackages."${prev'.stdenv.hostPlatform.system}";
}
) else (final': prev': {});
stable = next: prev: {
stable = nixpkgs-stable.legacyPackages."${prev.stdenv.hostPlatform.system}";
};
mobile = (import "${mobile-nixos}/overlay/overlay.nix");
uninsane = uninsane-dot-org.overlay;
# nix-serve' = nix-serve.overlay;
nix-serve' = next: prev: {
# XXX(2023/03/02): upstream isn't compatible with modern `nix`. probably the perl bindings.
# - we use the package built against `nixpkgs` specified in its flake rather than use its overlay,
# to get around this.
inherit (nix-serve.packages."${next.system}") nix-serve;
};
in
(stable final prev)
// (mobile final prev)
// (uninsane final prev)
// (nix-serve' final prev)
;
next: prev:
(stable next prev) // (mobile next prev) // (uninsane next prev);
};
nixosModules = rec {
@@ -202,6 +138,7 @@
sane = import ./modules;
passthru = { ... }: {
imports = [
home-manager.nixosModule
sops-nix.nixosModules.sops
];
};
@@ -218,33 +155,14 @@
aarch64-linux = allPkgsFor "aarch64-linux";
};
# extract only our own packages from the full set.
# because of `nix flake check`, we flatten the package set and only surface x86_64-linux packages.
packages = mapAttrs
(system: allPkgs:
allPkgs.lib.filterAttrs (name: pkg:
# keep only packages which will pass `nix flake check`, i.e. keep only:
# - derivations (not package sets)
# - packages that build for the given platform
(! elem name [ "feeds" "pythonPackagesExtensions" ])
&& (allPkgs.lib.meta.availableOn allPkgs.stdenv.hostPlatform pkg)
)
(allPkgs.sane // {
inherit (allPkgs) uninsane-dot-org;
})
)
# self.legacyPackages;
{ inherit (self.legacyPackages) x86_64-linux; }
;
# extract only our own packages from the full set
packages = builtins.mapAttrs
(_: full: full.sane // { inherit (full) sane uninsane-dot-org; })
self.legacyPackages;
apps."x86_64-linux" =
let
pkgs = self.legacyPackages."x86_64-linux";
deployScript = action: pkgs.writeShellScript "deploy-moby" ''
nixos-rebuild --flake '.#cross-moby' build
sudo nix sign-paths -r -k /run/secrets/nix_serve_privkey $(readlink ./result)
nixos-rebuild --flake '.#cross-moby' ${action} --target-host colin@moby --use-remote-sudo
'';
in {
update-feeds = {
type = "app";
@@ -256,17 +174,6 @@
type = "app";
program = "${pkgs.feeds.passthru.initFeedScript}";
};
deploy-moby-test = {
# `nix run '.#deploy-moby-test'`
type = "app";
program = ''${deployScript "test"}'';
};
deploy-moby-switch = {
# `nix run '.#deploy-moby-switch'`
type = "app";
program = ''${deployScript "switch"}'';
};
};
templates = {

10
hosts/by-name/desko/default.nix
View File

@@ -4,17 +4,17 @@
./fs.nix
];
sane.roles.build-machine.enable = true;
# sane.packages.enableDevPkgs = true;
sane.roles.client = true;
sane.services.wg-home.enable = true;
sane.services.wg-home.ip = config.sane.hosts.by-name."desko".wg-home.ip;
sane.services.duplicity.enable = true;
sane.services.nixserve.enable = true;
sane.services.nixserve.sopsFile = ../../../secrets/desko.yaml;
sane.persist.enable = true;
sane.gui.sway.enable = true;
sane.programs.iphoneUtils.enableFor.user.colin = true;
sane.programs.guiApps.suggestedPrograms = [ "desktopGuiApps" ];
boot.loader.efi.canTouchEfiVariables = false;
sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];
@@ -54,7 +54,7 @@
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
};
sane.user.persist.plaintext = [
sane.persist.home.plaintext = [
".steam"
".local/share/Steam"
];

13
hosts/by-name/lappy/default.nix
View File

@@ -4,22 +4,19 @@
./fs.nix
];
sane.yggdrasil.enable = true;
sane.roles.client = true;
sane.services.wg-home.enable = true;
sane.services.wg-home.ip = config.sane.hosts.by-name."lappy".wg-home.ip;
# sane.guest.enable = true;
# sane.packages.enableDevPkgs = true;
# sane.users.guest.enable = true;
sane.gui.sway.enable = true;
sane.persist.enable = true;
sane.nixcache.enable = true;
boot.loader.efi.canTouchEfiVariables = false;
sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];
sane.programs.guiApps.suggestedPrograms = [
"desktopGuiApps"
"stepmania"
];
sops.secrets.colin-passwd = {
sopsFile = ../../../secrets/lappy.yaml;
neededForUsers = true;

20
hosts/by-name/moby/default.nix
View File

@@ -10,6 +10,13 @@
sane.services.wg-home.enable = true;
sane.services.wg-home.ip = config.sane.hosts.by-name."moby".wg-home.ip;
# cross-compiled documentation is *slow*.
# no obvious way to natively compile docs (2022/09/29).
# entrypoint is nixos/modules/misc/documentation.nix
# doc building happens in nixos/doc/manual/default.nix
# TODO: we could *maybe* inject pkgs.buildPackages.xyz = cross.buildPackages.xyz?
documentation.nixos.enable = false;
# XXX colin: phosh doesn't work well with passwordless login,
# so set this more reliable default password should anything go wrong
users.users.colin.initialPassword = "147147";
@@ -30,15 +37,18 @@
# addons.sideberry.enable = false;
};
sane.user.persist.plaintext = [
sane.persist.home.plaintext = [
".config/pulse" # persist pulseaudio volume
];
# sane.packages.enableGuiPkgs = false; # XXX faster builds/imaging for debugging
sane.packages.extraUserPkgs = [
pkgs.plasma5Packages.konsole # terminal
];
sane.nixcache.enable = true;
sane.persist.enable = true;
sane.gui.phosh.enable = true;
# sane.programs.consoleUtils.enableFor.user.colin = false;
# sane.programs.guiApps.enableFor.user.colin = false;
sane.programs.sequoia.enableFor.user.colin = false;
sane.programs.tuiApps.enableFor.user.colin = false; # visidata, others, don't compile well
boot.loader.efi.canTouchEfiVariables = false;
# /boot space is at a premium. default was 20.

2
hosts/by-name/moby/kernel.nix
View File

@@ -114,7 +114,7 @@ in
# - phone rotation sensor is off by 90 degrees
# - ambient light sensor causes screen brightness to be shakey
# - phosh greeter may not appear after wake from sleep
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux-megous;
boot.kernelPackages = pkgs.cross.linuxPackagesFor pkgs.cross.linux-megous;
boot.kernelPatches = [
(patchDefconfig (kernelConfig //

4
hosts/by-name/rescue/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ... }:
{ config, pkgs, ... }:
{
imports = [
./fs.nix
@@ -7,8 +7,6 @@
boot.loader.generic-extlinux-compatible.enable = true;
boot.loader.efi.canTouchEfiVariables = false;
sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];
# sane.persist.enable = false; # TODO: disable (but run `nix flake check` to ensure it works!)
sane.nixcache.enable = false; # don't want to be calling out to dead machines that we're *trying* to rescue
# docs: https://nixos.org/manual/nixos/stable/options.html#opt-system.stateVersion
system.stateVersion = "21.05";

15
hosts/by-name/servo/default.nix
View File

@@ -8,16 +8,13 @@
./services
];
sane.programs = {
sane.packages.extraUserPkgs = with pkgs; [
# for administering services
freshrss.enableFor.user.colin = true;
matrix-synapse.enableFor.user.colin = true;
signaldctl.enableFor.user.colin = true;
};
sane.roles.build-machine.enable = true;
sane.roles.build-machine.emulation = false;
sane.zsh.showDeadlines = false; # ~/knowledge doesn't always exist
freshrss
matrix-synapse
signaldctl
];
sane.persist.enable = true;
sane.services.dyn-dns.enable = true;
sane.services.wg-home.enable = true;
sane.services.wg-home.ip = config.sane.hosts.by-name."servo".wg-home.ip;

1
hosts/by-name/servo/secrets.nix
View File

@@ -25,7 +25,6 @@
};
sops.secrets."mautrix_signal_env" = {
sopsFile = ../../../secrets/servo/mautrix_signal_env.bin;
format = "binary";
};
sops.secrets."mediawiki_pw" = {

4
hosts/by-name/servo/services/ejabberd.nix
View File

@@ -38,11 +38,11 @@
];
networking.firewall.allowedTCPPortRanges = [{
from = 49152; # TURN
to = 49408;
to = 65535;
}];
networking.firewall.allowedUDPPortRanges = [{
from = 49152; # TURN
to = 49408;
to = 65535;
}];
# provide access to certs

59
hosts/by-name/servo/services/jellyfin.nix
View File

@@ -1,63 +1,16 @@
# configuration options (today i don't store my config in nix):
#
# - jellyfin-web can be statically configured (result/share/jellyfin-web/config.json)
# - <https://jellyfin.org/docs/general/clients/web-config>
# - configure server list, plugins, "menuLinks", colors
#
# - jellfyin server is configured in /var/lib/jellfin/
# - root/default/<LibraryType>/
# - <LibraryName>.mblink: contains the directory name where this library lives
# - options.xml: contains preferences which were defined in the web UI during import
# - e.g. `EnablePhotos`, `EnableChapterImageExtraction`, etc.
# - config/encoding.xml: transcoder settings
# - config/system.xml: misc preferences like log file duration, audiobook resume settings, etc.
# - data/jellyfin.db: maybe account definitions? internal state?
{ config, lib, ... }:
# TODO: re-enable after migrating media dir to /var/lib/uninsane/media
# else it's too spammy
lib.mkIf false
{
# identical to:
# services.jellyfin.openFirewall = true;
networking.firewall.allowedUDPPorts = [
# https://jellyfin.org/docs/general/networking/index.html
1900 # UPnP service discovery
7359 # Jellyfin-specific (?) client discovery
];
networking.firewall.allowedTCPPorts = [
8096 # HTTP (for the LAN)
8920 # HTTPS (for the LAN)
1900 7359 # DLNA: https://jellyfin.org/docs/general/networking/index.html
];
sane.persist.sys.plaintext = [
{ user = "jellyfin"; group = "jellyfin"; mode = "0700"; directory = "/var/lib/jellyfin"; }
# TODO: mode? could be more granular
{ user = "jellyfin"; group = "jellyfin"; directory = "/var/lib/jellyfin"; }
];
sane.fs."/var/lib/jellyfin/config/logging.json" = {
# "Emby.Dlna" logging: <https://jellyfin.org/docs/general/networking/dlna>
symlink.text = ''
{
"Serilog": {
"MinimumLevel": {
"Default": "Information",
"Override": {
"Microsoft": "Warning",
"System": "Warning",
"Emby.Dlna": "Debug",
"Emby.Dlna.Eventing": "Debug"
}
},
"WriteTo": [
{
"Name": "Console",
"Args": {
"outputTemplate": "[{Timestamp:HH:mm:ss}] [{Level:u3}] [{ThreadId}] {SourceContext}: {Message:lj}{NewLine}{Exception}"
}
}
],
"Enrich": [ "FromLogContext", "WithThreadId" ]
}
}
'';
wantedBeforeBy = [ "jellyfin.service" ];
};
# Jellyfin multimedia server
# this is mostly taken from the official jellfin.org docs

6
hosts/by-name/servo/services/matrix/default.nix
View File

@@ -6,10 +6,12 @@
imports = [
./discord-puppet.nix
# ./irc.nix
# TODO(2023/03/10): disabled because it's not bridging and mautrix_signal is hogging CPU
# ./signal.nix
./signal.nix
];
# allow synapse to read the registration files of its appservices
users.users.matrix-synapse.extraGroups = [ "mautrix-signal" ];
sane.persist.sys.plaintext = [
{ user = "matrix-synapse"; group = "matrix-synapse"; directory = "/var/lib/matrix-synapse"; }
];

4
hosts/by-name/servo/services/matrix/signal.nix
View File

@@ -7,9 +7,6 @@
{ user = "signald"; group = "signald"; directory = "/var/lib/signald"; }
];
# allow synapse to read the registration file
users.users.matrix-synapse.extraGroups = [ "mautrix-signal" ];
services.signald.enable = true;
services.mautrix-signal.enable = true;
services.mautrix-signal.environmentFile =
@@ -30,6 +27,7 @@
};
sops.secrets."mautrix_signal_env" = {
format = "binary";
mode = "0440";
owner = config.users.users.mautrix-signal.name;
group = config.users.users.matrix-synapse.name;

31
hosts/by-name/servo/services/postfix.nix
View File

@@ -1,6 +1,3 @@
# DOCS:
# - dovecot config: <https://doc.dovecot.org/configuration_manual/>
{ config, lib, ... }:
let
@@ -30,14 +27,11 @@ in
];
networking.firewall.allowedTCPPorts = [
# exposed over non-vpn imap.uninsane.org
143 # IMAP
993 # IMAPS
# exposed over vpn mx.uninsane.org
25 # SMTP
143 # IMAP
465 # SMTPS
587 # SMTPS/submission
993 # IMAPS
];
# exists only to manage certs for dovecot
@@ -65,7 +59,7 @@ in
# DKIM public key:
TXT."mx._domainkey" =
"v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkSyMufc2KrRx3j17e/LyB+3eYSBRuEFT8PUka8EDX04QzCwDPdkwgnj3GNDvnB5Ktb05Cf2SJ/S1OLqNsINxJRWtkVfZd/C339KNh9wrukMKRKNELL9HLUw0bczOI4gKKFqyrRE9qm+4csCMAR79Te9FCjGV/jVnrkLdPT0GtFwIDAQAB"
"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkSyMufc2KrRx3j17e/LyB+3eYSBRuEFT8PUka8EDX04QzCwDPdkwgnj3GNDvnB5Ktb05Cf2SJ/S1OLqNsINxJRWtkVfZd/C339KNh9wrukMKRKNELL9HLUw0bczOI4gKKFqyrRE9qm+4csCMAR79Te9FCjGV/jVnrkLdPT0GtFwIDAQAB"
;
# DMARC fields <https://datatracker.ietf.org/doc/html/rfc7489>:
@@ -149,25 +143,6 @@ in
# inspired by https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/
services.dovecot2.enable = true;
services.dovecot2.mailboxes = {
# special-purpose mailboxes: "All" "Archive" "Drafts" "Flagged" "Junk" "Sent" "Trash"
# RFC6154 describes these special mailboxes: https://www.ietf.org/rfc/rfc6154.html
# how these boxes are treated is 100% up to the client and server to decide.
# client behavior:
# iOS
# - Drafts: ?
# - Sent: works
# - Trash: works
# aerc
# - Drafts: works
# - Sent: works
# - Trash: no; deleted messages are actually deleted
# use `:move trash` instead
# Sent mailbox: all sent messages are copied to it. unclear if this happens server-side or client-side.
Drafts = { specialUse = "Drafts"; auto = "create"; };
Sent = { specialUse = "Sent"; auto = "create"; };
Trash = { specialUse = "Trash"; auto = "create"; };
};
services.dovecot2.sslServerCert = "/var/lib/acme/imap.uninsane.org/fullchain.pem";
services.dovecot2.sslServerKey = "/var/lib/acme/imap.uninsane.org/key.pem";
services.dovecot2.enablePAM = false;

2
hosts/by-name/servo/services/trust-dns.nix
View File

@@ -6,7 +6,7 @@
sane.services.trust-dns.listenAddrsIPv4 = [
# specify each address explicitly, instead of using "*".
# this ensures responses are sent from the address at which the request was received.
config.sane.hosts.by-name."servo".lan-ip
"192.168.0.5"
"10.0.1.5"
];
sane.services.trust-dns.quiet = true;

22
hosts/common/cross.nix Normal file
View File

@@ -0,0 +1,22 @@
{ config, ... }:
let
mkCrossFrom = localSystem: pkgs: import pkgs.path {
inherit localSystem;
crossSystem = pkgs.stdenv.hostPlatform.system;
inherit (config.nixpkgs) config overlays;
};
in
{
# the configuration of which specific package set `pkgs.cross` refers to happens elsewhere;
# here we just define them all.
nixpkgs.overlays = [
(next: prev: {
# non-emulated packages build *from* local *for* target.
# for large packages like the linux kernel which are expensive to build under emulation,
# the config can explicitly pull such packages from `pkgs.cross` to do more efficient cross-compilation.
crossFrom."x86_64-linux" = mkCrossFrom "x86_64-linux" next;
crossFrom."aarch64-linux" = mkCrossFrom "aarch64-linux" next;
})
];
}

1611
hosts/common/cross/default.nix
View File

File diff suppressed because it is too large Load Diff

22
hosts/common/cross/kitty-no-docs.patch
View File

@@ -1,22 +0,0 @@
diff --git a/setup.py b/setup.py
index 2b9d240e..770bc5e7 100755
--- a/setup.py
+++ b/setup.py
@@ -1092,11 +1092,12 @@ def c(base_path: str, **kw: object) -> None:
def create_linux_bundle_gunk(ddir: str, libdir_name: str) -> None:
- if not os.path.exists('docs/_build/html'):
- make = 'gmake' if is_freebsd else 'make'
- run_tool([make, 'docs'])
- copy_man_pages(ddir)
- copy_html_docs(ddir)
+ if not os.getenv('KITTY_NO_DOCS'):
+ if not os.path.exists('docs/_build/html'):
+ make = 'gmake' if is_freebsd else 'make'
+ run_tool([make, 'docs'])
+ copy_man_pages(ddir)
+ copy_html_docs(ddir)
for (icdir, ext) in {'256x256': 'png', 'scalable': 'svg'}.items():
icdir = os.path.join(ddir, 'share', 'icons', 'hicolor', icdir, 'apps')
safe_makedirs(icdir)

61
hosts/common/default.nix
View File

@@ -1,7 +1,7 @@
{ lib, pkgs, ... }:
{ pkgs, ... }:
{
imports = [
./cross
./cross.nix
./feeds.nix
./fs.nix
./hardware.nix
@@ -10,19 +10,25 @@
./ids.nix
./machine-id.nix
./net.nix
./persist.nix
./programs.nix
./secrets.nix
./ssh.nix
./users.nix
./vpn.nix
];
sane.home-manager.enable = true;
sane.nixcache.enable-trusted-keys = true;
sane.nixcache.enable = lib.mkDefault true;
sane.persist.enable = lib.mkDefault true;
sane.programs.sysadminUtils.enableFor.system = lib.mkDefault true;
sane.programs.consoleUtils.enableFor.user.colin = lib.mkDefault true;
sane.packages.enableConsolePkgs = true;
sane.packages.enableSystemPkgs = true;
sane.persist.sys.plaintext = [
"/var/log"
"/var/backup" # for e.g. postgres dumps
# TODO: move elsewhere
"/var/lib/alsa" # preserve output levels, default devices
"/var/lib/colord" # preserve color calibrations (?)
"/var/lib/machines" # maybe not needed, but would be painful to add a VM and forget.
];
# some services which use private directories error if the parent (/var/lib/private) isn't 700.
sane.fs."/var/lib/private".dir.acl.mode = "0700";
@@ -33,7 +39,6 @@
time.timeZone = "Etc/UTC"; # DST is too confusing for me => use a stable timezone
# allow `nix flake ...` command
# TODO: is this still required?
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
@@ -42,37 +47,19 @@
"nixpkgs=${pkgs.path}"
"nixpkgs-overlays=${../..}/overlays"
];
# hardlinks identical files in the nix store to save 25-35% disk space.
# unclear _when_ this occurs. it's not a service.
# does the daemon continually scan the nix store?
# does the builder use some content-addressed db to efficiently dedupe?
nix.settings.auto-optimise-store = true;
fonts = {
enableDefaultFonts = true;
fonts = with pkgs; [ font-awesome noto-fonts-emoji hack-font ];
fonts = with pkgs; [ font-awesome twitter-color-emoji hack-font ];
fontconfig.enable = true;
fontconfig.defaultFonts = {
emoji = [ "Font Awesome 6 Free" "Noto Color Emoji" ];
emoji = [ "Font Awesome 6 Free" "Twitter Color Emoji" ];
monospace = [ "Hack" ];
serif = [ "DejaVu Serif" ];
sansSerif = [ "DejaVu Sans" ];
};
};
# XXX: twitter-color-emoji doesn't cross-compile; but not-fonts-emoji does
# fonts = {
# enableDefaultFonts = true;
# fonts = with pkgs; [ font-awesome twitter-color-emoji hack-font ];
# fontconfig.enable = true;
# fontconfig.defaultFonts = {
# emoji = [ "Font Awesome 6 Free" "Twitter Color Emoji" ];
# monospace = [ "Hack" ];
# serif = [ "DejaVu Serif" ];
# sansSerif = [ "DejaVu Sans" ];
# };
# };
# disable non-required packages like nano, perl, rsync, strace
environment.defaultPackages = [];
@@ -88,20 +75,8 @@
# NIXOS_OZONE_WL = "1";
# LIBGL_ALWAYS_SOFTWARE = "1";
};
# dconf docs: <https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/desktop_migration_and_administration_guide/profiles>
# find keys/values with `dconf dump /`
programs.dconf.enable = true;
programs.dconf.packages = [
(pkgs.writeTextFile {
name = "dconf-user-profile";
destination = "/etc/dconf/profile/user";
text = ''
user-db:user
system-db:site
'';
})
];
# enable zsh completions
environment.pathsToLink = [ "/share/zsh" ];
# link debug symbols into /run/current-system/sw/lib/debug
# hopefully picked up by gdb automatically?

33
hosts/common/feeds.nix
View File

@@ -1,9 +1,3 @@
# candidates:
# - The Nonlinear Library (podcast): <https://forum.effectivealtruism.org/posts/JTZTBienqWEAjGDRv/listen-to-more-ea-content-with-the-nonlinear-library>
# - has ~10 posts per day, text-to-speech; i would need better tagging before adding this
# - <https://www.metaculus.com/questions/11102/introducing-the-metaculus-journal-podcast/>
# - dead since 2022/10 - 2023/03
{ lib, sane-data, ... }:
let
hourly = { freq = "hourly"; };
@@ -56,29 +50,18 @@ let
(fromDb "lexfridman.com/podcast" // rat)
## Astral Codex Ten
(fromDb "sscpodcast.libsyn.com" // rat)
## Less Wrong Curated
(fromDb "feeds.libsyn.com/421877" // rat)
## Econ Talk
(fromDb "feeds.simplecast.com/wgl4xEgL" // rat)
## Cory Doctorow -- both podcast & text entries
(fromDb "craphound.com" // pol)
## Maggie Killjoy -- referenced by Cory Doctorow
(fromDb "omny.fm/shows/cool-people-who-did-cool-stuff" // pol)
(fromDb "congressionaldish.libsyn.com" // pol)
(mkPod "https://podcasts.la.utexas.edu/this-is-democracy/feed/podcast/" // pol // weekly)
## Civboot -- https://anchor.fm/civboot
(fromDb "anchor.fm/s/34c7232c/podcast/rss" // tech)
## Emerge: making sense of what's next -- <https://www.whatisemerging.com/emergepodcast>
(mkPod "https://anchor.fm/s/21bc734/podcast/rss" // pol // infrequent)
(fromDb "feeds.feedburner.com/80000HoursPodcast" // rat)
## Daniel Huberman on sleep
(fromDb "feeds.megaphone.fm/hubermanlab" // uncat)
## Multidisciplinary Association for Psychedelic Studies
(fromDb "mapspodcast.libsyn.com" // uncat)
(fromDb "allinchamathjason.libsyn.com" // pol)
(fromDb "acquired.libsyn.com" // tech)
## ACQ2 - more "Acquired" episodes
(fromDb "acquiredlpbonussecretsecret.libsyn.com" // tech)
# The Intercept - Deconstructed; also available: <rss.acast.com/deconstructed>
(fromDb "rss.prod.firstlook.media/deconstructed/podcast.rss" // pol)
## The Daily
@@ -107,8 +90,6 @@ let
(fromDb "seattlenice.buzzsprout.com" // pol)
## Sci-Fi? has Peter Watts; author of No Moods, Ads or Cutesy Fucking Icons (rifters.com)
(fromDb "talesfromthebridge.buzzsprout.com" // tech)
## UnNamed Reverse Engineering Podcast
(fromDb "reverseengineering.libsyn.com/rss" // tech)
];
texts = [
@@ -123,10 +104,6 @@ let
(fromDb "semiaccurate.com" // tech)
(mkText "https://linuxphoneapps.org/blog/atom.xml" // tech // infrequent)
(fromDb "spectrum.ieee.org" // tech)
(fromDb "thisweek.gnome.org" // tech)
# more nixos stuff here, but unclear how to subscribe: <https://nixos.org/blog/categories.html>
(mkText "https://nixos.org/blog/announcements-rss.xml" // tech // infrequent)
(mkText "https://nixos.org/blog/stories-rss.xml" // tech // weekly)
## n.b.: quality RSS list here: <https://forum.merveilles.town/thread/57/share-your-rss-feeds%21-6/>
(mkText "https://forum.merveilles.town/rss.xml" // pol // infrequent)
@@ -135,8 +112,6 @@ let
# DEVELOPERS
(fromDb "uninsane.org" // tech)
(fromDb "ascii.textfiles.com" // tech) # Jason Scott
(fromDb "xn--gckvb8fzb.com" // tech)
(fromDb "mg.lol" // tech)
(fromDb "drewdevault.com" // tech)
## Ken Shirriff
@@ -156,10 +131,6 @@ let
(mkText "https://anish.lakhwara.com/home.html" // tech // weekly)
(fromDb "jefftk.com" // tech)
(fromDb "pomeroyb.com" // tech)
(mkText "https://til.simonwillison.net/tils/feed.atom" // tech // weekly)
# TECH PROJECTS
(fromDb "blog.rust-lang.org" // tech)
# (TECH; POL) COMMENTATORS
## Matt Webb -- engineering-ish, but dreamy
@@ -176,8 +147,7 @@ let
(fromDb "lynalden.com" // pol)
(fromDb "austinvernon.site" // tech)
(mkSubstack "oversharing" // pol // daily)
(mkSubstack "byrnehobart" // pol // infrequent)
# (mkSubstack "doomberg" // tech // weekly) # articles are all pay-walled
(mkSubstack "doomberg" // tech // weekly)
## David Rosenthal
(fromDb "blog.dshr.org" // pol)
## Matt Levine
@@ -216,7 +186,6 @@ let
(fromDb "xkcd.com" // img // humor)
(fromDb "pbfcomics.com" // img // humor)
# (mkImg "http://dilbert.com/feed" // humor // daily)
(fromDb "poorlydrawnlines.com/feed" // img // humor)
# ART
(fromDb "miniature-calendar.com" // img // art // daily)

5
hosts/common/home/aerc.nix
View File

@@ -1,11 +1,12 @@
# Terminal UI mail client
{ config, sane-lib, ... }:
{ config, lib, sane-lib, ... }:
lib.mkIf config.sane.home-manager.enable
{
sops.secrets."aerc_accounts" = {
owner = config.users.users.colin.name;
sopsFile = ../../../secrets/universal/aerc_accounts.conf;
format = "binary";
};
sane.user.fs.".config/aerc/accounts.conf" = sane-lib.fs.wantedSymlinkTo config.sops.secrets.aerc_accounts.path;
sane.fs."/home/colin/.config/aerc/accounts.conf" = sane-lib.fs.wantedSymlinkTo config.sops.secrets.aerc_accounts.path;
}

4
hosts/common/home/default.nix
View File

@@ -7,14 +7,12 @@
./git.nix
./gpodder.nix
./keyring.nix
./kitty
./kitty.nix
./libreoffice.nix
./mime.nix
./mpv.nix
./neovim.nix
./newsflash.nix
./offlineimap.nix
./ripgrep.nix
./splatmoji.nix
./ssh.nix
./sublime-music.nix

30
hosts/common/home/firefox.nix
View File

@@ -125,17 +125,16 @@ in
# `wget ...xpi`; `unar ...xpi`; `cat */manifest.json | jq '.browser_specific_settings.gecko.id'`
# browserpass-ce.package = addon "browserpass-ce" "browserpass@maximbaz.com" "sha256-sXgUBbRvMnRpeIW1MTkmTcoqtW/8RDXAkxAq1evFkpc=";
browserpass-extension.package = localAddon pkgs.browserpass-extension;
# TODO: build bypass-paywalls from source? it's mysteriously disappeared from the Mozilla store.
# bypass-paywalls-clean.package = addon "bypass-paywalls-clean" "{d133e097-46d9-4ecc-9903-fa6a722a6e0e}" "sha256-oUwdqdAwV3DezaTtOMx7A/s4lzIws+t2f08mwk+324k=";
bypass-paywalls-clean.package = addon "bypass-paywalls-clean" "{d133e097-46d9-4ecc-9903-fa6a722a6e0e}" "sha256-JOj5P7c2JTTReHCRZXm4BscaGr3i+9Y4Ey/y621x8PI=";
ether-metamask.package = addon "ether-metamask" "webextension@metamask.io" "sha256-G+MwJDOcsaxYSUXjahHJmkWnjLeQ0Wven8DU/lGeMzA=";
i2p-in-private-browsing.package = addon "i2p-in-private-browsing" "i2ppb@eyedeekay.github.io" "sha256-dJcJ3jxeAeAkRvhODeIVrCflvX+S4E0wT/PyYzQBQWs=";
sidebery.package = addon "sidebery" "{3c078156-979c-498b-8990-85f7987dd929}" "sha256-YONfK/rIjlsrTgRHIt3km07Q7KnpIW89Z9r92ZSCc6w=";
sponsorblock.package = addon "sponsorblock" "sponsorBlocker@ajay.app" "sha256-hRsvLaAsVm3dALsTrJqHTNgRFAQcU7XSaGhr5G6+mFs=";
sponsorblock.package = addon "sponsorblock" "sponsorBlocker@ajay.app" "sha256-d2K3ufvurWnYVzqLbyR//MgejybkY9exitAf9RdLNRo=";
ublacklist.package = addon "ublacklist" "@ublacklist" "sha256-RqY5iHzbL2qizth7aguyOKWPyINXmrwOlf/OsfqAS48=";
ublock-origin.package = addon "ublock-origin" "uBlock0@raymondhill.net" "sha256-eHlQrU/b9X/6sTbHBpGAd+0VsLT7IrVCnd0AQ948lyA=";
ublock-origin.package = addon "ublock-origin" "uBlock0@raymondhill.net" "sha256-a/ivUmY1P6teq9x0dt4CbgHt+3kBsEMMXlOfZ5Hx7cg=";
browserpass-extension.enable = lib.mkDefault true;
# bypass-paywalls-clean.enable = lib.mkDefault true;
bypass-paywalls-clean.enable = lib.mkDefault true;
ether-metamask.enable = lib.mkDefault true;
i2p-in-private-browsing.enable = lib.mkDefault config.services.i2p.enable;
sidebery.enable = lib.mkDefault true;
@@ -146,12 +145,7 @@ in
};
};
config = {
sane.programs.web-browser = {
inherit package;
# TODO: define the persistence & fs config here
};
sane.programs.guiApps.suggestedPrograms = [ "web-browser" ];
config = lib.mkIf config.sane.home-manager.enable {
# uBlock filter list configuration.
# specifically, enable the GDPR cookie prompt blocker.
@@ -161,7 +155,7 @@ in
# the specific attribute path is found via scraping ublock code here:
# - <https://github.com/gorhill/uBlock/blob/master/src/js/storage.js>
# - <https://github.com/gorhill/uBlock/blob/master/assets/assets.json>
sane.user.fs."${cfg.browser.dotDir}/managed-storage/uBlock0@raymondhill.net.json" = sane-lib.fs.wantedText ''
sane.fs."/home/colin/${cfg.browser.dotDir}/managed-storage/uBlock0@raymondhill.net.json" = sane-lib.fs.wantedText ''
{
"name": "uBlock0@raymondhill.net",
"description": "ignored",
@@ -171,24 +165,26 @@ in
}
}
'';
sane.user.fs."${cfg.browser.dotDir}/${cfg.browser.libName}.overrides.cfg" = sane-lib.fs.wantedText ''
sane.fs."/home/colin/${cfg.browser.dotDir}/${cfg.browser.libName}.overrides.cfg" = sane-lib.fs.wantedText ''
// if we can't query the revocation status of a SSL cert because the issuer is offline,
// treat it as unrevoked.
// see: <https://librewolf.net/docs/faq/#im-getting-sec_error_ocsp_server_error-what-can-i-do>
defaultPref("security.OCSP.require", false);
'';
sane.packages.extraGuiPkgs = [ package ];
# flush the cache to disk to avoid it taking up too much tmp
sane.user.persist.byPath."${cfg.browser.cacheDir}" = lib.mkIf (cfg.persistCache != null) {
sane.persist.home.byPath."${cfg.browser.cacheDir}" = lib.mkIf (cfg.persistCache != null) {
store = cfg.persistCache;
};
sane.user.persist.byPath."${cfg.browser.dotDir}/default" = lib.mkIf (cfg.persistData != null) {
sane.persist.home.byPath."${cfg.browser.dotDir}/default" = lib.mkIf (cfg.persistData != null) {
store = cfg.persistData;
};
sane.user.fs."${cfg.browser.dotDir}/default" = sane-lib.fs.wantedDir;
sane.fs."/home/colin/${cfg.browser.dotDir}/default" = sane-lib.fs.wantedDir;
# instruct Firefox to put the profile in a predictable directory (so we can do things like persist just it).
# XXX: the directory *must* exist, even if empty; Firefox will not create the directory itself.
sane.user.fs."${cfg.browser.dotDir}/profiles.ini" = sane-lib.fs.wantedText ''
sane.fs."/home/colin/${cfg.browser.dotDir}/profiles.ini" = sane-lib.fs.wantedText ''
[Profile0]
Name=default
IsRelative=1

2
hosts/common/home/gfeeds.nix
View File

@@ -6,7 +6,7 @@ let
all-feeds = config.sane.feeds;
wanted-feeds = feeds.filterByFormat ["text" "image"] all-feeds;
in {
sane.user.fs.".config/org.gabmus.gfeeds.json" = sane-lib.fs.wantedText (
sane.fs."/home/colin/.config/org.gabmus.gfeeds.json" = sane-lib.fs.wantedText (
builtins.toJSON {
# feed format is a map from URL to a dict,
# with dict["tags"] a list of string tags.

5
hosts/common/home/git.nix
View File

@@ -1,10 +1,11 @@
{ lib, pkgs, sane-lib, ... }:
{ config, lib, pkgs, sane-lib, ... }:
let
mkCfg = lib.generators.toINI { };
in
lib.mkIf config.sane.home-manager.enable
{
sane.user.fs.".config/git/config" = sane-lib.fs.wantedText (mkCfg {
sane.fs."/home/colin/.config/git/config" = sane-lib.fs.wantedText (mkCfg {
user.name = "Colin";
user.email = "colin@uninsane.org";
alias.co = "checkout";

2
hosts/common/home/gpodder.nix
View File

@@ -6,7 +6,7 @@ let
all-feeds = config.sane.feeds;
wanted-feeds = feeds.filterByFormat ["podcast"] all-feeds;
in {
sane.user.fs.".config/gpodderFeeds.opml" = sane-lib.fs.wantedText (
sane.fs."/home/colin/.config/gpodderFeeds.opml" = sane-lib.fs.wantedText (
feeds.feedsToOpml wanted-feeds
);
}

8
hosts/common/home/keyring.nix
View File

@@ -1,11 +1,11 @@
{ config, sane-lib, ... }:
{ config, lib, sane-lib, ... }:
lib.mkIf config.sane.home-manager.enable
{
sane.user.persist.private = [ ".local/share/keyrings" ];
sane.persist.home.private = [ ".local/share/keyrings" ];
sane.user.fs."private/.local/share/keyrings/default" = {
sane.fs."/home/colin/private/.local/share/keyrings/default" = {
generated.script.script = builtins.readFile ../../../scripts/init-keyring;
# TODO: is this `wantedBy` needed? can we inherit it?
wantedBy = [ config.sane.fs."/home/colin/private".unit ];
};
}

11
hosts/common/home/kitty/default.nix → hosts/common/home/kitty.nix
View File

@@ -1,17 +1,16 @@
{ pkgs, sane-lib, ... }:
{ config, lib, pkgs, sane-lib, ... }:
lib.mkIf config.sane.home-manager.enable
{
sane.user.fs.".config/kitty/kitty.conf" = sane-lib.fs.wantedText ''
sane.fs."/home/colin/.config/kitty/kitty.conf" = sane-lib.fs.wantedText ''
# docs: https://sw.kovidgoyal.net/kitty/conf/
# disable terminal bell (when e.g. you backspace too many times)
enable_audio_bell no
map ctrl+n new_os_window_with_cwd
include ${./PaperColor_dark.conf}
include ${pkgs.kitty-themes}/themes/PaperColor_dark.conf
'';
# include ${pkgs.kitty-themes}/themes/PaperColor_dark.conf
# THEME CHOICES:
# docs: https://github.com/kovidgoyal/kitty-themes
# theme = "1984 Light"; # dislike: awful, harsh blues/teals

47
hosts/common/home/kitty/PaperColor_dark.conf
View File

@@ -1,47 +0,0 @@
# vim:ft=kitty
## name: PaperColor Dark
## author: Nikyle Nguyen
## license: MIT
## blurb: Dark color scheme inspired by Google's Material Design
# special
foreground #d0d0d0
background #1c1c1c
cursor #d0d0d0
cursor_text_color background
# black
color0 #1c1c1c
color8 #585858
# red
color1 #af005f
color9 #5faf5f
# green
# "color2" is the green color used by ls to indicate executability
# both as text color
# or as bg color when the text is blue (color4)
color2 #246a28
color10 #2df200
# yellow
color3 #d7af5f
color11 #af87d7
# blue
color4 #78c6ef
color12 #ffaf00
# magenta
color5 #808080
color13 #ff5faf
# cyan
color6 #d7875f
color14 #00afaf
# white
color7 #d0d0d0
color15 #5f8787

5
hosts/common/home/libreoffice.nix
View File

@@ -1,8 +1,9 @@
{ sane-lib, ... }:
{ config, lib, sane-lib, ... }:
lib.mkIf config.sane.home-manager.enable
{
# libreoffice: disable first-run stuff
sane.user.fs.".config/libreoffice/4/user/registrymodifications.xcu" = sane-lib.fs.wantedText ''
sane.fs."/home/colin/.config/libreoffice/4/user/registrymodifications.xcu" = sane-lib.fs.wantedText ''
<?xml version="1.0" encoding="UTF-8"?>
<oor:items xmlns:oor="http://openoffice.org/2001/registry" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<item oor:path="/org.openoffice.Office.Common/Misc"><prop oor:name="FirstRun" oor:op="fuse"><value>false</value></prop></item>

3
hosts/common/home/mime.nix
View File

@@ -1,4 +1,4 @@
{ config, sane-lib, ...}:
{ config, lib, sane-lib, ...}:
let
www = config.sane.web-browser.browser.desktop;
@@ -9,6 +9,7 @@ let
# audio = "mpv.desktop";
audio = "vlc.desktop";
in
lib.mkIf config.sane.home-manager.enable
{
# the xdg mime type for a file can be found with:

5
hosts/common/home/mpv.nix
View File

@@ -1,8 +1,9 @@
{ sane-lib, ... }:
{ config, lib, sane-lib, ... }:
lib.mkIf config.sane.home-manager.enable
{
# format is <key>=%<length>%<value>
sane.user.fs.".config/mpv/mpv.conf" = sane-lib.fs.wantedText ''
sane.fs."/home/colin/.config/mpv/mpv.conf" = sane-lib.fs.wantedText ''
save-position-on-quit=%3%yes
keep-open=%3%yes
'';

5
hosts/common/home/neovim.nix
View File

@@ -1,4 +1,4 @@
{ lib, pkgs, ... }:
{ config, lib, pkgs, ... }:
let
inherit (builtins) map;
@@ -70,9 +70,10 @@ let
plugin-config-tex = concatMapStrings (p: optionalString (p.type or "" == "viml") p.config) plugins;
plugin-config-lua = concatMapStrings (p: optionalString (p.type or "" == "lua") p.config) plugins;
in
lib.mkIf config.sane.home-manager.enable
{
# private because there could be sensitive things in the swap
sane.user.persist.private = [ ".cache/vim-swap" ];
sane.persist.home.private = [ ".cache/vim-swap" ];
programs.neovim = {
# neovim: https://github.com/neovim/neovim

2
hosts/common/home/newsflash.nix
View File

@@ -6,7 +6,7 @@ let
all-feeds = config.sane.feeds;
wanted-feeds = feeds.filterByFormat ["text" "image"] all-feeds;
in {
sane.user.fs.".config/newsflashFeeds.opml" = sane-lib.fs.wantedText (
sane.fs."/home/colin/.config/newsflashFeeds.opml" = sane-lib.fs.wantedText (
feeds.feedsToOpml wanted-feeds
);
}

17
hosts/common/home/offlineimap.nix
View File

@@ -1,17 +0,0 @@
# mail archiving/synchronization tool.
#
# manually download all emails for an account with
# - `offlineimap -a <accountname>`
#
# view account names inside the secrets file, listed below.
{ config, sane-lib, ... }:
{
sops.secrets."offlineimaprc" = {
owner = config.users.users.colin.name;
sopsFile = ../../../secrets/universal/offlineimaprc.bin;
format = "binary";
};
sane.user.fs.".config/offlineimap/config" = sane-lib.fs.wantedSymlinkTo config.sops.secrets.offlineimaprc.path;
}

9
hosts/common/home/ripgrep.nix
View File

@@ -1,9 +0,0 @@
{ sane-lib, ... }:
{
# .ignore file is read by ripgrep (rg), silver searcher (ag), maybe others.
# ignore translation files by default when searching, as they tend to have
# a LOT of duplicate text.
sane.user.fs.".ignore" = sane-lib.fs.wantedText ''
po/
'';
}

5
hosts/common/home/splatmoji.nix
View File

@@ -4,9 +4,8 @@
{ pkgs, sane-lib, ... }:
{
sane.user.persist.plaintext = [ ".local/state/splatmoji" ];
sane.user.fs.".config/splatmoji/splatmoji.config" = sane-lib.fs.wantedText ''
# XXX doesn't seem to understand ~ as shorthand for `$HOME`
sane.persist.home.plaintext = [ ".local/state/splatmoji" ];
sane.fs."/home/colin/.config/splatmoji/splatmoji.config" = sane-lib.fs.wantedText ''
history_file=/home/colin/.local/state/splatmoji/history
history_length=5
# TODO: wayland equiv

15
hosts/common/home/ssh.nix
View File

@@ -1,22 +1,19 @@
{ config, lib, sane-lib, ... }:
{ config, lib, pkgs, sane-lib, ... }:
with lib;
let
host = config.networking.hostName;
user-pubkey-full = config.sane.ssh.pubkeys."colin@${host}" or {};
user-pubkey = user-pubkey-full.asUserKey or null;
user-pubkey = config.sane.ssh.pubkeys."colin@${host}".asUserKey;
host-keys = filter (k: k.user == "root") (attrValues config.sane.ssh.pubkeys);
known-hosts-text = concatStringsSep
"\n"
(map (k: k.asHostKey) host-keys)
;
in
{
in lib.mkIf config.sane.home-manager.enable {
# ssh key is stored in private storage
sane.user.persist.private = [ ".ssh/id_ed25519" ];
sane.user.fs.".ssh/id_ed25519.pub" =
mkIf (user-pubkey != null) (sane-lib.fs.wantedText user-pubkey);
sane.user.fs.".ssh/known_hosts" = sane-lib.fs.wantedText known-hosts-text;
sane.persist.home.private = [ ".ssh/id_ed25519" ];
sane.fs."/home/colin/.ssh/id_ed25519.pub" = sane-lib.fs.wantedText user-pubkey;
sane.fs."/home/colin/.ssh/known_hosts" = sane-lib.fs.wantedText known-hosts-text;
users.users.colin.openssh.authorizedKeys.keys =
let

5
hosts/common/home/sublime-music.nix
View File

@@ -1,5 +1,6 @@
{ config, sane-lib, ... }:
{ config, lib, sane-lib, ... }:
lib.mkIf config.sane.home-manager.enable
{
# TODO: this should only be shipped on gui platforms
sops.secrets."sublime_music_config" = {
@@ -7,5 +8,5 @@
sopsFile = ../../../secrets/universal/sublime_music_config.json.bin;
format = "binary";
};
sane.user.fs.".config/sublime-music/config.json" = sane-lib.fs.wantedSymlinkTo config.sops.secrets.sublime_music_config.path;
sane.fs."/home/colin/.config/sublime-music/config.json" = sane-lib.fs.wantedSymlinkTo config.sops.secrets.sublime_music_config.path;
}

3
hosts/common/home/vlc.nix
View File

@@ -8,8 +8,9 @@ let
builtins.map (feed: feed.url) wanted-feeds
);
in
lib.mkIf config.sane.home-manager.enable
{
sane.user.fs.".config/vlc/vlcrc" = sane-lib.fs.wantedText ''
sane.fs."/home/colin/.config/vlc/vlcrc" = sane-lib.fs.wantedText ''
[podcast]
podcast-urls=${podcast-urls}
[core]

7
hosts/common/home/xdg-dirs.nix
View File

@@ -1,9 +1,10 @@
{ lib, sane-lib, ...}:
{ config, lib, sane-lib, ...}:
lib.mkIf config.sane.home-manager.enable
{
# XDG defines things like ~/Desktop, ~/Downloads, etc.
# these clutter the home, so i mostly don't use them.
sane.user.fs.".config/user-dirs.dirs" = sane-lib.fs.wantedText ''
sane.fs."/home/colin/.config/user-dirs.dirs" = sane-lib.fs.wantedText ''
XDG_DESKTOP_DIR="$HOME/.xdg/Desktop"
XDG_DOCUMENTS_DIR="$HOME/dev"
XDG_DOWNLOAD_DIR="$HOME/tmp"
@@ -16,5 +17,5 @@
# prevent `xdg-user-dirs-update` from overriding/updating our config
# see <https://manpages.ubuntu.com/manpages/bionic/man5/user-dirs.conf.5.html>
sane.user.fs.".config/user-dirs.conf" = sane-lib.fs.wantedText "enabled=False";
sane.fs."/home/colin/.config/user-dirs.conf" = sane-lib.fs.wantedText "enabled=False";
}

32
hosts/common/home/zsh/default.nix
View File

@@ -1,8 +1,6 @@
{ config, lib, pkgs, sane-lib, ... }:
let
inherit (lib) mkOption types;
cfg = config.sane.zsh;
# powerlevel10k prompt config
# p10k.zsh is the auto-generated config, and i overwrite those defaults here, below.
p10k-overrides = ''
@@ -27,19 +25,9 @@ let
source ${pkgs.zsh-prezto}/share/zsh-prezto/init.zsh
'';
in
lib.mkIf config.sane.home-manager.enable
{
options = {
sane.zsh = {
showDeadlines = mkOption {
type = types.bool;
default = true;
description = "show upcoming deadlines (frommy PKM) upon shell init";
};
};
};
config = {
sane.user.persist.plaintext = [
sane.persist.home.plaintext = [
# we don't need to full zsh dir -- just the history file --
# but zsh will sometimes backup the history file and we get fewer errors if we do proper mounts instead of symlinks.
# TODO: should be private?
@@ -49,10 +37,7 @@ in
];
# zsh/prezto complains if zshrc doesn't exist; but it does allow an "empty" file.
sane.user.fs.".config/zsh/.zshrc" = sane-lib.fs.wantedText "# ";
# enable zsh completions
environment.pathsToLink = [ "/share/zsh" ];
sane.fs."/home/colin/.config/zsh/.zshrc" = sane-lib.fs.wantedText "# ";
programs.zsh = {
enable = true;
@@ -87,7 +72,7 @@ in
# see for an example: <https://filipe.kiss.ink/zmv-zsh-rename/>
autoload -Uz zmv
HISTORY_IGNORE='(sane-shutdown *|sane-reboot *|rm *|nixos-rebuild.* switch)'
HISTORY_IGNORE='(sane-shutdown *|sane-reboot *|rm *)'
# extra aliases
# TODO: move to `shellAliases` config?
@@ -95,11 +80,7 @@ in
mkdir -p "$1";
pushd "$1";
}
''
+ lib.optionalString cfg.showDeadlines ''
${pkgs.sane-scripts}/bin/sane-deadlines
''
+ ''
# auto-cd into any of these dirs by typing them and pressing 'enter':
hash -d 3rd="/home/colin/dev/3rd"
hash -d dev="/home/colin/dev"
@@ -124,7 +105,7 @@ in
# prezto = oh-my-zsh fork; controls prompt, auto-completion, etc.
# see: https://github.com/sorin-ionescu/prezto
# i believe this file is auto-sourced by the prezto init.zsh script.
sane.user.fs.".config/zsh/.zpreztorc" = sane-lib.fs.wantedText ''
sane.fs."/home/colin/.config/zsh/.zpreztorc" = sane-lib.fs.wantedText ''
zstyle ':prezto:*:*' color 'yes'
# modules (they ship with prezto):
@@ -157,5 +138,4 @@ in
# disable `mv` confirmation (and `rm`, too, unfortunately)
zstyle ':prezto:module:utility' safe-ops 'no'
'';
};
}

2
hosts/common/i2p.nix
View File

@@ -1,4 +1,4 @@
{ ... }:
{
services.i2p.enable = true;
# services.i2p.enable = true;
}

5
hosts/common/ids.nix
View File

@@ -1,6 +1,3 @@
# TODO: migrate to nixpkgs `config.ids.uids`
# - note that nixpkgs' `config.ids.uids` is strictly a database: it doesn't set anything by default
# whereas our impl sets the gid/uid of the user/group specified if they exist.
{ ... }:
{
@@ -38,7 +35,7 @@
sane.ids.sshd.uid = 2001; # 997
sane.ids.sshd.gid = 2001; # 997
sane.ids.polkituser.gid = 2002; # 998
sane.ids.systemd-coredump.gid = 2003; # 996 # 2023/02/12-2023/02/28: upstream temporarily specified this as 151
sane.ids.systemd-coredump.gid = 2003; # 996
sane.ids.nscd.uid = 2004;
sane.ids.nscd.gid = 2004;
sane.ids.systemd-oom.uid = 2005;

18
hosts/common/persist.nix
View File

@@ -1,18 +0,0 @@
{ ... }:
{
sane.persist.stores.private.origin = "/home/colin/private";
# store /home/colin/a/b in /home/private/a/b instead of /home/private/home/colin/a/b
sane.persist.stores.private.prefix = "/home/colin";
sane.persist.sys.plaintext = [
"/var/log"
"/var/backup" # for e.g. postgres dumps
# TODO: move elsewhere
"/var/lib/alsa" # preserve output levels, default devices
"/var/lib/colord" # preserve color calibrations (?)
"/var/lib/machines" # maybe not needed, but would be painful to add a VM and forget.
"/var/lib/systemd/backlight" # backlight brightness
"/var/lib/systemd/coredump"
];
}

384
hosts/common/programs.nix
View File

@@ -1,384 +0,0 @@
{ lib, pkgs, ... }:
let
inherit (builtins) attrNames concatLists;
inherit (lib) mapAttrs mapAttrsToList mkDefault mkMerge optional;
flattenedPkgs = pkgs // (with pkgs; {
# XXX can't `inherit` a nested attr, so we move them to the toplevel
"cacert.unbundled" = pkgs.cacert.unbundled;
"gnome.cheese" = gnome.cheese;
"gnome.dconf-editor" = gnome.dconf-editor;
"gnome.file-roller" = gnome.file-roller;
"gnome.gnome-disk-utility" = gnome.gnome-disk-utility;
"gnome.gnome-maps" = gnome.gnome-maps;
"gnome.nautilus" = gnome.nautilus;
"gnome.gnome-system-monitor" = gnome.gnome-system-monitor;
"gnome.gnome-terminal" = gnome.gnome-terminal;
"gnome.gnome-weather" = gnome.gnome-weather;
"gnome.totem" = gnome.totem;
"libsForQt5.plasmatube" = libsForQt5.plasmatube;
});
sysadminPkgs = {
inherit (flattenedPkgs)
btrfs-progs
"cacert.unbundled" # some services require unbundled /etc/ssl/certs
cryptsetup
dig
efibootmgr
fatresize
fd
file
gawk
git
gptfdisk
hdparm
htop
iftop
inetutils # for telnet
iotop
iptables
jq
killall
lsof
nano
netcat
nethogs
nmap
openssl
parted
pciutils
powertop
pstree
ripgrep
screen
smartmontools
socat
strace
subversion
tcpdump
tree
usbutils
wget
;
};
sysadminExtraPkgs = {
# application-specific packages
inherit (pkgs)
backblaze-b2
duplicity
sqlite # to debug sqlite3 databases
;
};
iphonePkgs = {
inherit (pkgs)
ifuse
ipfs
libimobiledevice
;
};
tuiPkgs = {
inherit (pkgs)
aerc # email client
offlineimap # email mailox sync
visidata # TUI spreadsheet viewer/editor
w3m
;
};
# TODO: split these into smaller groups.
# - transcoders (ffmpeg, imagemagick) only wanted on desko/lappy ("powerutils"?)
consolePkgs = {
inherit (pkgs)
cdrtools
dmidecode
efivar
flashrom
fwupd
ghostscript # TODO: imagemagick wrapper should add gs to PATH
gnupg
gocryptfs
gopass
gopass-jsonapi
imagemagick
kitty # TODO: move to GUI, but `ssh servo` from kitty sets `TERM=xterm-kitty` in the remove and breaks things
libsecret # for managing user keyrings
lm_sensors # for sensors-detect
lshw
ffmpeg
memtester
# networkmanager
nixpkgs-review
# nixos-generators
# nettools
nmon
oathToolkit # for oathtool
# ponymix
pulsemixer
python3
rsync
# python3Packages.eyeD3 # music tagging
sane-scripts
sequoia
snapper
sops
sox
speedtest-cli
ssh-to-age
sudo
# tageditor # music tagging
unar
wireguard-tools
xdg-utils # for xdg-open
# youtube-dl
yt-dlp
;
};
guiPkgs = {
inherit (flattenedPkgs)
celluloid # mpv frontend
clinfo
emote
evince # works on phosh
# { pkg = fluffychat-moby; dir = [ ".local/share/chat.fluffy.fluffychat" ]; } # TODO: ship normal fluffychat on non-moby?
# foliate # e-book reader
# XXX by default fractal stores its state in ~/.local/share/<UUID>.
# after logging in, manually change ~/.local/share/keyrings/... to point it to some predictable subdir.
# then reboot (so that libsecret daemon re-loads the keyring...?)
# { pkg = fractal-latest; private = [ ".local/share/fractal" ]; }
# { pkg = fractal-next; private = [ ".local/share/fractal" ]; }
# "gnome.cheese"
"gnome.dconf-editor"
gnome-feeds # RSS reader (with claimed mobile support)
"gnome.file-roller"
# "gnome.gnome-maps" # works on phosh
"gnome.nautilus"
# gnome-podcasts
"gnome.gnome-system-monitor"
# "gnome.gnome-terminal" # works on phosh
"gnome.gnome-weather"
gpodder-configured
gthumb
# lollypop
mpv
networkmanagerapplet
# newsflash
nheko
pavucontrol
# picard # music tagging
playerctl
# "libsForQt5.plasmatube" # Youtube player
soundconverter
# sublime music persists any downloaded albums here.
# it doesn't obey a conventional ~/Music/{Artist}/{Album}/{Track} notation, so no symlinking
# config (e.g. server connection details) is persisted in ~/.config/sublime-music/config.json
# possible to pass config as a CLI arg (sublime-music -c config.json)
# { pkg = sublime-music; dir = [ ".local/share/sublime-music" ]; }
sublime-music-mobile
# tdesktop # broken on phosh
# tokodon
vlc
# pleroma client (Electron). input is broken on phosh. TODO(2023/02/02): fix electron19 input (insecure)
# whalebird
xterm # broken on phosh
;
};
desktopGuiPkgs = {
inherit (flattenedPkgs)
audacity
brave # for the integrated wallet -- as a backup
chromium
dino
electrum
element-desktop
font-manager
gajim # XMPP client
gimp # broken on phosh
"gnome.gnome-disk-utility"
# "gnome.totem" # video player, supposedly supports UPnP
handbrake
hase
inkscape
jellyfin-media-player # TODO: try on moby!
kdenlive
kid3 # audio tagging
krita
libreoffice-fresh # XXX colin: maybe don't want this on mobile
mumble
obsidian
;
};
x86GuiPkgs = {
inherit (pkgs)
discord
# kaiteki # Pleroma client
# gnome.zenity # for kaiteki (it will use qarma, kdialog, or zenity)
# gpt2tc # XXX: unreliable mirror
logseq
losslesscut-bin
makemkv
monero-gui
signal-desktop
spotify
tor-browser-bundle-bin
zecwallet-lite
;
};
# packages not part of any package set
otherPkgs = {
inherit (pkgs)
stepmania
;
};
# define -- but don't enable -- the packages in some attrset.
# use `mkDefault` for the package here so we can customize some of them further down this file
declarePkgs = pkgsAsAttrs: mapAttrs (_n: p: {
package = mkDefault p;
}) pkgsAsAttrs;
in
{
config = {
sane.programs = mkMerge [
(declarePkgs consolePkgs)
(declarePkgs desktopGuiPkgs)
(declarePkgs guiPkgs)
(declarePkgs iphonePkgs)
(declarePkgs sysadminPkgs)
(declarePkgs sysadminExtraPkgs)
(declarePkgs tuiPkgs)
(declarePkgs x86GuiPkgs)
(declarePkgs otherPkgs)
{
# link the various package sets into their own meta packages
consoleUtils = {
package = null;
suggestedPrograms = attrNames consolePkgs;
};
desktopGuiApps = {
package = null;
suggestedPrograms = attrNames desktopGuiPkgs;
};
guiApps = {
package = null;
suggestedPrograms = (attrNames guiPkgs)
++ [ "tuiApps" ]
++ optional (pkgs.system == "x86_64-linux") "x86GuiApps";
};
iphoneUtils = {
package = null;
suggestedPrograms = attrNames iphonePkgs;
};
sysadminUtils = {
package = null;
suggestedPrograms = attrNames sysadminPkgs;
};
sysadminExtraUtils = {
package = null;
suggestedPrograms = attrNames sysadminExtraPkgs;
};
tuiApps = {
package = null;
suggestedPrograms = attrNames tuiPkgs;
};
x86GuiApps = {
package = null;
suggestedPrograms = attrNames x86GuiPkgs;
};
}
{
# nontrivial package definitions
imagemagick.package = pkgs.imagemagick.override {
ghostscriptSupport = true;
};
dino.private = [ ".local/share/dino" ];
# creds, but also 200 MB of node modules, etc
discord.private = [ ".config/discord" ];
# creds/session keys, etc
element-desktop.private = [ ".config/Element" ];
# `emote` will show a first-run dialog based on what's in this directory.
# mostly, it just keeps a LRU of previously-used emotes to optimize display order.
# TODO: package [smile](https://github.com/mijorus/smile) for probably a better mobile experience.
emote.dir = [ ".local/share/Emote" ];
# XXX: we preserve the whole thing because if we only preserve gPodder/Downloads
# then startup is SLOW during feed import, and we might end up with zombie eps in the dl dir.
gpodder-configured.dir = [ "gPodder" ];
# jellyfin stores things in a bunch of directories: this one persists auth info.
# it *might* be possible to populate this externally (it's Qt stuff), but likely to
# be fragile and take an hour+ to figure out.
jellyfin-media-player.dir = [ ".local/share/Jellyfin Media Player" ];
# actual monero blockchain (not wallet/etc; safe to delete, just slow to regenerate)
# XXX: is it really safe to persist this? it doesn't have info that could de-anonymize if captured?
monero-gui.dir = [ ".bitmonero" ];
mpv.dir = [ ".config/mpv/watch_later" ];
mumble.private = [ ".local/share/Mumble" ];
# not strictly necessary, but allows caching articles; offline use, etc.
newsflash.dir = [ ".local/share/news-flash" ];
nheko.private = [
".config/nheko" # config file (including client token)
".cache/nheko" # media cache
".local/share/nheko" # per-account state database
];
# settings (electron app)
obsidian.dir = [ ".config/obsidian" ];
# creds, media
signal-desktop.private = [ ".config/Signal" ];
# creds, widevine .so download. TODO: could easily manage these statically.
spotify.dir = [ ".config/spotify" ];
# sublime music persists any downloaded albums here.
# it doesn't obey a conventional ~/Music/{Artist}/{Album}/{Track} notation, so no symlinking
# config (e.g. server connection details) is persisted in ~/.config/sublime-music/config.json
# possible to pass config as a CLI arg (sublime-music -c config.json)
# { pkg = sublime-music; dir = [ ".local/share/sublime-music" ]; }
sublime-music-mobile.dir = [ ".local/share/sublime-music" ];
tdesktop.private = [ ".local/share/TelegramDesktop" ];
tokodon.private = [ ".cache/KDE/tokodon" ];
# hardenedMalloc solves a crash at startup
# TODO 2023/02/02: is this safe to remove yet?
tor-browser-bundle-bin.package = pkgs.tor-browser-bundle-bin.override {
useHardenedMalloc = false;
};
# vlc remembers play position in ~/.config/vlc/vlc-qt-interface.conf
vlc.dir = [ ".config/vlc" ];
whalebird.private = [ ".config/Whalebird" ];
# zcash coins. safe to delete, just slow to regenerate (10-60 minutes)
zecwallet-lite.private = [ ".zcash" ];
}
];
# XXX: this might not be necessary. try removing this and cacert.unbundled (servo)?
environment.etc."ssl/certs".source = "${pkgs.cacert.unbundled}/etc/ssl/certs/*";
};
}

27
hosts/common/secrets.nix
View File

@@ -55,9 +55,6 @@
sops.secrets."router_passwd" = {
sopsFile = ../../secrets/universal.yaml;
};
sops.secrets."transmission_passwd" = {
sopsFile = ../../secrets/universal.yaml;
};
sops.secrets."wg_ovpnd_us_privkey" = {
sopsFile = ../../secrets/universal.yaml;
};
@@ -102,26 +99,18 @@
sopsFile = ../../secrets/universal/net/friend-rationalist-empathist.psk.bin;
format = "binary";
};
sops.secrets."iwd/home-bedroom.psk" = {
sopsFile = ../../secrets/universal/net/home-bedroom.psk.bin;
format = "binary";
};
sops.secrets."iwd/home-shared-24G.psk" = {
sopsFile = ../../secrets/universal/net/home-shared-24G.psk.bin;
format = "binary";
};
sops.secrets."iwd/home-shared.psk" = {
sopsFile = ../../secrets/universal/net/home-shared.psk.bin;
format = "binary";
};
sops.secrets."iwd/makespace-south.psk" = {
sopsFile = ../../secrets/universal/net/makespace-south.psk.bin;
format = "binary";
};
sops.secrets."iwd/archive-2023-02-home-bedroom.psk" = {
sopsFile = ../../secrets/universal/net/archive/2023-02-home-bedroom.psk.bin;
format = "binary";
};
sops.secrets."iwd/archive-2023-02-home-shared-24G.psk" = {
sopsFile = ../../secrets/universal/net/archive/2023-02-home-shared-24G.psk.bin;
format = "binary";
};
sops.secrets."iwd/archive-2023-02-home-shared.psk" = {
sopsFile = ../../secrets/universal/net/archive/2023-02-home-shared.psk.bin;
format = "binary";
};
sops.secrets."iwd/iphone" = {
sopsFile = ../../secrets/universal/net/iphone.psk.bin;
format = "binary";

29
hosts/common/users.nix
View File

@@ -3,12 +3,12 @@
# installer docs: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/installation-device.nix
with lib;
let
cfg = config.sane.guest;
cfg = config.sane.users;
fs = sane-lib.fs;
in
{
options = {
sane.guest.enable = mkOption {
sane.users.guest.enable = mkOption {
default = false;
type = types.bool;
};
@@ -66,7 +66,6 @@ in
security.pam.mount.enable = true;
sane.users.colin.default = true;
# ensure ~ perms are known to sane.fs module.
# TODO: this is generic enough to be lifted up into sane.fs itself.
sane.fs."/home/colin".dir.acl = {
@@ -75,7 +74,7 @@ in
mode = config.users.users.colin.homeMode;
};
sane.user.persist.plaintext = [
sane.persist.home.plaintext = [
"archive"
"dev"
# TODO: records should be private
@@ -89,27 +88,25 @@ in
".cache/nix"
".cache/nix-index"
# ".cargo"
# ".rustup"
".cargo"
".rustup"
];
# convenience
sane.user.fs."knowledge" = fs.wantedSymlinkTo "private/knowledge";
sane.user.fs."nixos" = fs.wantedSymlinkTo "dev/nixos";
sane.user.fs."Books/servo" = fs.wantedSymlinkTo "/mnt/servo-media/Books";
sane.user.fs."Videos/servo" = fs.wantedSymlinkTo "/mnt/servo-media/Videos";
sane.user.fs."Videos/servo-incomplete" = fs.wantedSymlinkTo "/mnt/servo-media/incomplete";
sane.user.fs."Music/servo" = fs.wantedSymlinkTo "/mnt/servo-media/Music";
sane.fs."/home/colin/knowledge" = fs.wantedSymlinkTo "/home/colin/private/knowledge";
sane.fs."/home/colin/nixos" = fs.wantedSymlinkTo "/home/colin/dev/nixos";
sane.fs."/home/colin/Videos/servo" = fs.wantedSymlinkTo "/mnt/servo-media/Videos";
sane.fs."/home/colin/Videos/servo-incomplete" = fs.wantedSymlinkTo "/mnt/servo-media/incomplete";
sane.fs."/home/colin/Music/servo" = fs.wantedSymlinkTo "/mnt/servo-media/Music";
# used by password managers, e.g. unix `pass`
sane.user.fs.".password-store" = fs.wantedSymlinkTo "knowledge/secrets/accounts";
sane.fs."/home/colin/.password-store" = fs.wantedSymlinkTo "/home/colin/knowledge/secrets/accounts";
sane.persist.sys.plaintext = mkIf cfg.enable [
sane.persist.sys.plaintext = mkIf cfg.guest.enable [
# intentionally allow other users to write to the guest folder
{ directory = "/home/guest"; user = "guest"; group = "users"; mode = "0775"; }
];
users.users.guest = mkIf cfg.enable {
users.users.guest = mkIf cfg.guest.enable {
isNormalUser = true;
home = "/home/guest";
subUidRanges = [

22
hosts/instantiate.nix
View File

@@ -4,7 +4,7 @@
{ hostName, localSystem }:
# module args
{ config, lib, ... }:
{ config, ... }:
{
imports = [
@@ -14,16 +14,14 @@
];
networking.hostName = hostName;
nixpkgs.buildPlatform = lib.mkIf (localSystem != null) localSystem;
sane.cross.enablePatches = localSystem != null;
# nixpkgs.overlays = [
# (next: prev: {
# # for local != target we by default just emulate the target while building.
# # provide a `pkgs.cross.<pkg>` alias that consumers can use instead of `pkgs.<foo>`
# # to explicitly opt into non-emulated cross compilation for any specific package.
# # this is most beneficial for large packages with few pre-requisites -- like Linux.
# cross = prev.crossFrom."${localSystem}";
# })
# ];
nixpkgs.overlays = [
(next: prev: {
# for local != target we by default just emulate the target while building.
# provide a `pkgs.cross.<pkg>` alias that consumers can use instead of `pkgs.<foo>`
# to explicitly opt into non-emulated cross compilation for any specific package.
# this is most beneficial for large packages with few pre-requisites -- like Linux.
cross = next.crossFrom."${localSystem}";
})
];
}

4
hosts/modules/default.nix
View File

@@ -3,14 +3,10 @@
{
imports = [
./derived-secrets.nix
./gui
./hardware
./hostnames.nix
./hosts.nix
./nixcache.nix
./roles
./services
./wg-home.nix
./yggdrasil.nix
];
}

15
hosts/modules/gui/default.nix
View File

@@ -1,15 +0,0 @@
{ lib, config, ... }:
let
inherit (lib) mkDefault mkIf mkOption types;
cfg = config.sane.gui;
in
{
imports = [
./gnome.nix
./phosh.nix
./plasma.nix
./plasma-mobile.nix
./sway.nix
];
}

665
hosts/modules/gui/sway.nix
View File

@@ -1,665 +0,0 @@
{ config, lib, pkgs, sane-lib, ... }:
# docs: https://nixos.wiki/wiki/Sway
with lib;
let
cfg = config.sane.gui.sway;
# docs: https://github.com/Alexays/Waybar/wiki/Configuration
# format specifiers: https://fmt.dev/latest/syntax.html#syntax
waybar-config = [
{ # TOP BAR
layer = "top";
height = 40;
modules-left = ["sway/workspaces" "sway/mode"];
modules-center = ["sway/window"];
modules-right = ["custom/mediaplayer" "clock" "battery" "cpu" "network"];
"sway/window" = {
max-length = 50;
};
# include song artist/title. source: https://www.reddit.com/r/swaywm/comments/ni0vso/waybar_spotify_tracktitle/
"custom/mediaplayer" = {
exec = pkgs.writeShellScript "waybar-mediaplayer" ''
player_status=$(${pkgs.playerctl}/bin/playerctl status 2> /dev/null)
if [ "$player_status" = "Playing" ]; then
echo "$(${pkgs.playerctl}/bin/playerctl metadata artist) - $(${pkgs.playerctl}/bin/playerctl metadata title)"
elif [ "$player_status" = "Paused" ]; then
echo " $(${pkgs.playerctl}/bin/playerctl metadata artist) - $(${pkgs.playerctl}/bin/playerctl metadata title)"
fi
'';
interval = 2;
format = "{} ";
# return-type = "json";
on-click = "${pkgs.playerctl}/bin/playerctl play-pause";
on-scroll-up = "${pkgs.playerctl}/bin/playerctl next";
on-scroll-down = "${pkgs.playerctl}/bin/playerctl previous";
};
network = {
# docs: https://github.com/Alexays/Waybar/blob/master/man/waybar-network.5.scd
interval = 2;
max-length = 40;
# custom :> format specifier explained here: https://github.com/Alexays/Waybar/pull/472
format-ethernet = " {bandwidthUpBits:>} {bandwidthDownBits:>}";
tooltip-format-ethernet = "{ifname} {bandwidthUpBits:>} {bandwidthDownBits:>}";
format-wifi = "{ifname} ({signalStrength}%) {bandwidthUpBits:>} {bandwidthDownBits:>}";
tooltip-format-wifi = "{essid} ({signalStrength}%) {bandwidthUpBits:>} {bandwidthDownBits:>}";
format-disconnected = "";
};
cpu = {
format = " {usage:2}%";
tooltip = false;
};
battery = {
states = {
good = 95;
warning = 30;
critical = 10;
};
format = "{icon} {capacity}%";
format-icons = [
""
""
""
""
""
];
};
clock = {
format-alt = "{:%a, %d. %b %H:%M}";
};
}
];
# waybar-config-text = lib.generators.toJSON {} waybar-config;
waybar-config-text = (pkgs.formats.json {}).generate "waybar-config.json" waybar-config;
# bare sway launcher
sway-launcher = pkgs.writeShellScriptBin "sway-launcher" ''
${pkgs.sway}/bin/sway --debug > /tmp/sway.log 2>&1
'';
# start sway and have it construct the gtkgreeter
sway-as-greeter = pkgs.writeShellScriptBin "sway-as-greeter" ''
${pkgs.sway}/bin/sway --debug --config ${sway-config-into-gtkgreet} > /tmp/sway-as-greeter.log 2>&1
'';
# (config file for the above)
sway-config-into-gtkgreet = pkgs.writeText "greetd-sway-config" ''
exec "${gtkgreet-launcher}"
'';
# gtkgreet which launches a layered sway instance
gtkgreet-launcher = pkgs.writeShellScript "gtkgreet-launcher" ''
# NB: the "command" field here is run in the user's shell.
# so that command must exist on the specific user's path who is logging in. it doesn't need to exist system-wide.
${pkgs.greetd.gtkgreet}/bin/gtkgreet --layer-shell --command sway-launcher
'';
greeter-session = {
# greeter session config
command = "${sway-as-greeter}/bin/sway-as-greeter";
# alternatives:
# - TTY: `command = "${pkgs.greetd.greetd}/bin/agreety --cmd ${pkgs.sway}/bin/sway";`
# - autologin: `command = "${pkgs.sway}/bin/sway"; user = "colin";`
# - Dumb Login (doesn't work)": `command = "${pkgs.greetd.dlm}/bin/dlm";`
};
greeterless-session = {
# no greeter
command = "${sway-launcher}/bin/sway-launcher";
user = "colin";
};
in
{
options = {
sane.gui.sway.enable = mkOption {
default = false;
type = types.bool;
};
sane.gui.sway.useGreeter = mkOption {
description = ''
launch sway via a greeter (like greetd's gtkgreet).
sway is usable without a greeter, but skipping the greeter means no PAM session.
'';
default = true;
type = types.bool;
};
};
config = mkMerge [
{
sane.programs.swayApps = {
package = null;
suggestedPrograms = [
"guiApps"
"swaylock"
"swayidle"
"wl-clipboard"
"mako" # notification daemon
# # "pavucontrol"
"gnome.gnome-bluetooth"
"gnome.gnome-control-center"
"sway-contrib.grimshot"
];
};
}
{
sane.programs = {
inherit (pkgs // {
"gnome.gnome-bluetooth" = pkgs.gnome.gnome-bluetooth;
"gnome.gnome-control-center" = pkgs.gnome.gnome-control-center;
"sway-contrib.grimshot" = pkgs.sway-contrib.grimshot;
})
swaylock
swayidle
wl-clipboard
mako
"gnome.gnome-bluetooth"
"gnome.gnome-control-center"
"sway-contrib.grimshot"
;
};
}
(mkIf cfg.enable {
sane.programs.swayApps.enableFor.user.colin = true;
# swap in these lines to use SDDM instead of `services.greetd`.
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.enable = true;
services.greetd = {
# greetd source/docs:
# - <https://git.sr.ht/~kennylevinsen/greetd>
enable = true;
settings = {
default_session = if cfg.useGreeter then greeter-session else greeterless-session;
};
};
# we need the greeter's command to be on our PATH
users.users.colin.packages = [ sway-launcher ];
# some programs (e.g. fractal) **require** a "Secret Service Provider"
services.gnome.gnome-keyring.enable = true;
# unlike other DEs, sway configures no audio stack
# administer with pw-cli, pw-mon, pw-top commands
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true; # ??
pulse.enable = true;
};
networking.useDHCP = false;
networking.networkmanager.enable = true;
networking.wireless.enable = lib.mkForce false;
hardware.bluetooth.enable = true;
services.blueman.enable = true;
# gsd provides Rfkill, which is required for the bluetooth pane in gnome-control-center to work
services.gnome.gnome-settings-daemon.enable = true;
# start the components of gsd we need at login
systemd.user.targets."org.gnome.SettingsDaemon.Rfkill".wantedBy = [ "graphical-session.target" ];
# go ahead and `systemctl --user cat gnome-session-initialized.target`. i dare you.
# the only way i can figure out how to get Rfkill to actually load is to just disable all the shit it depends on.
# it doesn't actually seem to need ANY of them in the first place T_T
systemd.user.targets."gnome-session-initialized".enable = false;
# bluez can't connect to audio devices unless pipewire is running.
# a system service can't depend on a user service, so just launch it at graphical-session
systemd.user.services."pipewire".wantedBy = [ "graphical-session.target" ];
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
sane.user.fs.".config/sway/config" =
let
fuzzel = "${pkgs.fuzzel}/bin/fuzzel";
sed = "${pkgs.gnused}/bin/sed";
wtype = "${pkgs.wtype}/bin/wtype";
kitty = "${pkgs.kitty}/bin/kitty";
launcher-cmd = fuzzel;
terminal-cmd = kitty;
lock-cmd = "${pkgs.swaylock}/bin/swaylock --indicator-idle-visible --indicator-radius 100 --indicator-thickness 30";
vol-up-cmd = "${pkgs.pulsemixer}/bin/pulsemixer --change-volume +5";
vol-down-cmd = "${pkgs.pulsemixer}/bin/pulsemixer --change-volume -5";
mute-cmd = "${pkgs.pulsemixer}/bin/pulsemixer --toggle-mute";
brightness-up-cmd = "${pkgs.brightnessctl}/bin/brightnessctl set +2%";
brightness-down-cmd = "${pkgs.brightnessctl}/bin/brightnessctl set 2%-";
screenshot-cmd = "${pkgs.sway-contrib.grimshot}/bin/grimshot copy area";
# "bookmarking"/snippets inspired by Luke Smith:
# - <https://www.youtube.com/watch?v=d_11QaTlf1I>
snip-file = ./snippets.txt;
# TODO: querying sops here breaks encapsulation
list-snips = "cat ${snip-file} ${config.sops.secrets.snippets.path}";
strip-comments = "${sed} 's/ #.*$//'";
snip-cmd = "${wtype} $(${list-snips} | ${fuzzel} -d -i -w 60 | ${strip-comments})";
# TODO: next splatmoji release should allow `-s none` to disable skin tones
emoji-cmd = "${pkgs.splatmoji}/bin/splatmoji -s medium-light type";
in sane-lib.fs.wantedText ''
### default font
font pango:monospace 8
### pixel boundary between windows
default_border pixel 3
default_floating_border pixel 2
hide_edge_borders smart
### defaults
focus_wrapping no
focus_follows_mouse yes
focus_on_window_activation smart
mouse_warping output
workspace_layout default
workspace_auto_back_and_forth no
### default colors (#border #background #text #indicator #childBorder)
client.focused #4c7899 #285577 #ffffff #2e9ef4 #285577
client.focused_inactive #333333 #5f676a #ffffff #484e50 #5f676a
client.unfocused #333333 #222222 #888888 #292d2e #222222
client.urgent #2f343a #900000 #ffffff #900000 #900000
client.placeholder #000000 #0c0c0c #ffffff #000000 #0c0c0c
client.background #ffffff
### key bindings
floating_modifier Mod1
## media keys
bindsym XF86AudioRaiseVolume exec ${vol-up-cmd}
bindsym XF86AudioLowerVolume exec ${vol-down-cmd}
bindsym Mod1+Page_Up exec ${vol-up-cmd}
bindsym Mod1+Page_Down exec ${vol-down-cmd}
bindsym XF86AudioMute exec ${mute-cmd}
bindsym XF86MonBrightnessUp exec ${brightness-up-cmd}
bindsym XF86MonBrightnessDown exec ${brightness-down-cmd}
## special functions
bindsym Mod1+Print exec ${screenshot-cmd}
bindsym Mod1+l exec ${lock-cmd}
bindsym Mod1+s exec ${snip-cmd}
bindsym Mod1+slash exec ${emoji-cmd}
bindsym Mod1+d exec ${launcher-cmd}
bindsym Mod1+Return exec ${terminal-cmd}
bindsym Mod1+Shift+q kill
bindsym Mod1+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'
bindsym Mod1+Shift+c reload
## layout
bindsym Mod1+b splith
bindsym Mod1+v splitv
bindsym Mod1+f fullscreen toggle
bindsym Mod1+a focus parent
bindsym Mod1+w layout tabbed
bindsym Mod1+e layout toggle split
bindsym Mod1+Shift+space floating toggle
bindsym Mod1+space focus mode_toggle
bindsym Mod1+r mode resize
## movement
bindsym Mod1+Up focus up
bindsym Mod1+Down focus down
bindsym Mod1+Left focus left
bindsym Mod1+Right focus right
bindsym Mod1+Shift+Up move up
bindsym Mod1+Shift+Down move down
bindsym Mod1+Shift+Left move left
bindsym Mod1+Shift+Right move right
## workspaces
bindsym Mod1+1 workspace number 1
bindsym Mod1+2 workspace number 2
bindsym Mod1+3 workspace number 3
bindsym Mod1+4 workspace number 4
bindsym Mod1+5 workspace number 5
bindsym Mod1+6 workspace number 6
bindsym Mod1+7 workspace number 7
bindsym Mod1+8 workspace number 8
bindsym Mod1+9 workspace number 9
bindsym Mod1+Shift+1 move container to workspace number 1
bindsym Mod1+Shift+2 move container to workspace number 2
bindsym Mod1+Shift+3 move container to workspace number 3
bindsym Mod1+Shift+4 move container to workspace number 4
bindsym Mod1+Shift+5 move container to workspace number 5
bindsym Mod1+Shift+6 move container to workspace number 6
bindsym Mod1+Shift+7 move container to workspace number 7
bindsym Mod1+Shift+8 move container to workspace number 8
bindsym Mod1+Shift+9 move container to workspace number 9
## "scratchpad" = ??
bindsym Mod1+Shift+minus move scratchpad
bindsym Mod1+minus scratchpad show
### defaults
mode "resize" {
bindsym Down resize grow height 10 px
bindsym Escape mode default
bindsym Left resize shrink width 10 px
bindsym Return mode default
bindsym Right resize grow width 10 px
bindsym Up resize shrink height 10 px
bindsym h resize shrink width 10 px
bindsym j resize grow height 10 px
bindsym k resize shrink height 10 px
bindsym l resize grow width 10 px
}
### lightly modified bars
bar {
# TODO: fonts was:
# config.fonts.fontconfig.defaultFonts; (monospace ++ emoji)
font pango:Hack, Font Awesome 6 Free, Twitter Color Emoji 24.000000
mode dock
hidden_state hide
position top
status_command ${pkgs.i3status}/bin/i3status
swaybar_command ${pkgs.waybar}/bin/waybar
workspace_buttons yes
strip_workspace_numbers no
tray_output primary
colors {
background #000000
statusline #ffffff
separator #666666
# #border #background #text
focused_workspace #4c7899 #285577 #ffffff
active_workspace #333333 #5f676a #ffffff
inactive_workspace #333333 #222222 #888888
urgent_workspace #2f343a #900000 #ffffff
binding_mode #2f343a #900000 #ffffff
}
}
### displays
## DESKTOP
output "Samsung Electric Company S22C300 0x00007F35" {
pos 0,0
res 1920x1080
}
output "Goldstar Company Ltd LG ULTRAWIDE 0x00004E94" {
pos 1920,0
res 3440x1440
}
## LAPTOP
# sh/en TV
output "Pioneer Electronic Corporation VSX-524 0x00000101" {
pos 0,0
res 1920x1080
}
# internal display
output "Unknown 0x0637 0x00000000" {
pos 1920,0
res 1920x1080
}
'';
sane.user.fs.".config/waybar/config" = sane-lib.fs.wantedSymlinkTo waybar-config-text;
# style docs: https://github.com/Alexays/Waybar/wiki/Styling
sane.user.fs.".config/waybar/style.css" = sane-lib.fs.wantedText ''
* {
font-family: monospace;
}
/* defaults below: https://github.com/Alexays/Waybar/blob/master/resources/style.css */
window#waybar {
background-color: rgba(43, 48, 59, 0.5);
border-bottom: 3px solid rgba(100, 114, 125, 0.5);
color: #ffffff;
transition-property: background-color;
transition-duration: .5s;
}
window#waybar.hidden {
opacity: 0.2;
}
/*
window#waybar.empty {
background-color: transparent;
}
window#waybar.solo {
background-color: #FFFFFF;
}
*/
window#waybar.termite {
background-color: #3F3F3F;
}
window#waybar.chromium {
background-color: #000000;
border: none;
}
#workspaces button {
padding: 0 5px;
background-color: transparent;
color: #ffffff;
/* Use box-shadow instead of border so the text isn't offset */
box-shadow: inset 0 -3px transparent;
/* Avoid rounded borders under each workspace name */
border: none;
border-radius: 0;
}
/* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
#workspaces button:hover {
background: rgba(0, 0, 0, 0.2);
box-shadow: inset 0 -3px #ffffff;
}
#workspaces button.focused {
background-color: #64727D;
box-shadow: inset 0 -3px #ffffff;
}
#workspaces button.urgent {
background-color: #eb4d4b;
}
#mode {
background-color: #64727D;
border-bottom: 3px solid #ffffff;
}
#clock,
#battery,
#cpu,
#memory,
#disk,
#temperature,
#backlight,
#network,
#pulseaudio,
#custom-media,
#tray,
#mode,
#idle_inhibitor,
#mpd {
padding: 0 10px;
color: #ffffff;
}
#window,
#workspaces {
margin: 0 4px;
}
/* If workspaces is the leftmost module, omit left margin */
.modules-left > widget:first-child > #workspaces {
margin-left: 0;
}
/* If workspaces is the rightmost module, omit right margin */
.modules-right > widget:last-child > #workspaces {
margin-right: 0;
}
#clock {
background-color: #64727D;
}
#battery {
background-color: #ffffff;
color: #000000;
}
#battery.charging, #battery.plugged {
color: #ffffff;
background-color: #26A65B;
}
@keyframes blink {
to {
background-color: #ffffff;
color: #000000;
}
}
#battery.critical:not(.charging) {
background-color: #f53c3c;
color: #ffffff;
animation-name: blink;
animation-duration: 0.5s;
animation-timing-function: linear;
animation-iteration-count: infinite;
animation-direction: alternate;
}
label:focus {
background-color: #000000;
}
#cpu {
background-color: #2ecc71;
color: #000000;
}
#memory {
background-color: #9b59b6;
}
#disk {
background-color: #964B00;
}
#backlight {
background-color: #90b1b1;
}
#network {
background-color: #2980b9;
}
#network.disconnected {
background-color: #f53c3c;
}
#pulseaudio {
background-color: #f1c40f;
color: #000000;
}
#pulseaudio.muted {
background-color: #90b1b1;
color: #2a5c45;
}
#custom-media {
background-color: #66cc99;
color: #2a5c45;
min-width: 100px;
}
#custom-media.custom-spotify {
background-color: #66cc99;
}
#custom-media.custom-vlc {
background-color: #ffa000;
}
#temperature {
background-color: #f0932b;
}
#temperature.critical {
background-color: #eb4d4b;
}
#tray {
background-color: #2980b9;
}
#tray > .passive {
-gtk-icon-effect: dim;
}
#tray > .needs-attention {
-gtk-icon-effect: highlight;
background-color: #eb4d4b;
}
#idle_inhibitor {
background-color: #2d3436;
}
#idle_inhibitor.activated {
background-color: #ecf0f1;
color: #2d3436;
}
#mpd {
background-color: #66cc99;
color: #2a5c45;
}
#mpd.disconnected {
background-color: #f53c3c;
}
#mpd.stopped {
background-color: #90b1b1;
}
#mpd.paused {
background-color: #51a37a;
}
#language {
background: #00b093;
color: #740864;
padding: 0 5px;
margin: 0 5px;
min-width: 16px;
}
#keyboard-state {
background: #97e1ad;
color: #000000;
padding: 0 0px;
margin: 0 5px;
min-width: 16px;
}
#keyboard-state > label {
padding: 0 5px;
}
#keyboard-state > label.locked {
background: rgba(0, 0, 0, 0.2);
}
'';
# style = ''
# * {
# border: none;
# border-radius: 0;
# font-family: Source Code Pro;
# }
# window#waybar {
# background: #16191C;
# color: #AAB2BF;
# }
# #workspaces button {
# padding: 0 5px;
# }
# .custom-spotify {
# padding: 0 10px;
# margin: 0 4px;
# background-color: #1DB954;
# color: black;
# }
# '';
})
];
}

5
hosts/modules/hardware/x86_64.nix
View File

@@ -9,6 +9,11 @@
# efi_pstore evivars
];
# enable cross compilation
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
# nixpkgs.config.allowUnsupportedSystem = true;
# nixpkgs.crossSystem.system = "aarch64-linux";
powerManagement.cpuFreqGovernor = "powersave";
hardware.cpu.amd.updateMicrocode = true; # desktop
hardware.cpu.intel.updateMicrocode = true; # laptop

8
hosts/modules/hosts.nix
View File

@@ -69,7 +69,7 @@ in
ssh.host_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFw9NoRaYrM6LbDd3aFBc4yyBlxGQn8HjeHd/dZ3CfHk";
wg-home.pubkey = "17PMZssYi0D4t2d0vbmhjBKe1sGsE8kT8/dod0Q2CXc=";
wg-home.ip = "10.0.10.22";
lan-ip = "192.168.15.25";
lan-ip = "192.168.0.22";
};
sane.hosts.by-name."lappy" = {
@@ -77,7 +77,7 @@ in
ssh.host_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSJnqmVl9/SYQ0btvGb0REwwWY8wkdkGXQZfn/1geEc";
wg-home.pubkey = "FTUWGw2p4/cEcrrIE86PWVnqctbv8OYpw8Gt3+dC/lk=";
wg-home.ip = "10.0.10.20";
lan-ip = "192.168.15.13";
lan-ip = "192.168.0.20";
};
sane.hosts.by-name."moby" = {
@@ -85,7 +85,7 @@ in
ssh.host_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1N/IT3nQYUD+dBlU1sTEEVMxfOyMkrrDeyHcYgnJvw";
wg-home.pubkey = "I7XIR1hm8bIzAtcAvbhWOwIAabGkuEvbWH/3kyIB1yA=";
wg-home.ip = "10.0.10.48";
lan-ip = "192.168.15.28";
lan-ip = "192.168.0.48";
};
sane.hosts.by-name."servo" = {
@@ -94,7 +94,7 @@ in
wg-home.pubkey = "roAw+IUFVtdpCcqa4khB385Qcv9l5JAB//730tyK4Wk=";
wg-home.ip = "10.0.10.5";
wg-home.endpoint = "uninsane.org:51820";
lan-ip = "192.168.15.24";
lan-ip = "192.168.0.5";
};
};
}

82
hosts/modules/roles/build-machine.nix
View File

@@ -1,82 +0,0 @@
{ config, lib, pkgs, sane-lib, ... }:
let
inherit (lib) mkIf mkMerge mkOption types;
inherit (config.programs.ccache) cacheDir;
cfg = config.sane.roles.build-machine;
in
{
options.sane.roles.build-machine = {
enable = mkOption {
type = types.bool;
default = false;
};
emulation = mkOption {
type = types.bool;
default = true;
};
ccache = mkOption {
type = types.bool;
default = true;
};
};
config = mkMerge [
({
sane.programs.qemu = pkgs.qemu;
})
(mkIf cfg.enable {
# enable opt-in emulation of any package at runtime.
# i.e. `nix build '.#host-pkgs.moby.bash' ; qemu-aarch64 ./result/bin/bash`.
sane.programs.qemu.enableFor.user.colin = true;
# serve packages to other machines that ask for them
sane.services.nixserve.enable = true;
# enable cross compilation
# TODO: do this via stdenv injection, linking into /run/binfmt the stuff in <nixpkgs:nixos/modules/system/boot/binfmt.nix>
boot.binfmt.emulatedSystems = lib.optionals cfg.emulation [
"aarch64-linux"
# "aarch64-darwin" # not supported
# "x86_64-darwin" # not supported
];
# corresponds to env var: NIXPKGS_ALLOW_UNSUPPORTED_SYSTEM=1
# nixpkgs.config.allowUnsupportedSystem = true;
})
(mkIf (cfg.enable && cfg.ccache) {
# programs.ccache.cacheDir = "/var/cache/ccache"; # nixos default
# programs.ccache.cacheDir = "/homeless-shelter/.ccache"; # ccache default (~/.ccache)
# if the cache doesn't reside at ~/.ccache, then CCACHE_DIR has to be set.
# we can do that manually as commented out below, or let nixos do it for us by telling it to use ccache on a dummy package:
programs.ccache.packageNames = [ "dummy-pkg-to-force-ccache-config" ];
# nixpkgs.overlays = [
# (self: super: {
# # XXX: if the cache resides not at ~/.ccache (i.e. /homeless-shelter/.ccache)
# # then we need to explicitly tell ccache where that is.
# ccacheWrapper = super.ccacheWrapper.override {
# extraConfig = ''
# export CCACHE_DIR="${cacheDir}"
# '';
# };
# })
# ];
# granular compilation cache
# docs: <https://nixos.wiki/wiki/CCache>
# investigate the cache with:
# - `nix-ccache --show-stats`
# - `build '.#ccache'
# - `sudo CCACHE_DIR=/var/cache/ccache ./result/bin/ccache --show-stats -v`
# TODO: whitelist `--verbose` in <nixpkgs:nixos/modules/programs/ccache.nix>
# TODO: configure without compression (leverage fs-level compression), and enable file-clone (i.e. hardlinks)
programs.ccache.enable = true;
nix.settings.extra-sandbox-paths = [ cacheDir ];
sane.persist.sys.plaintext = [
{ group = "nixbld"; mode = "0775"; directory = config.programs.ccache.cacheDir; }
];
sane.fs."${cacheDir}/ccache.conf" = sane-lib.fs.wantedText ''
max_size = 50G
'';
})
];
}

1
hosts/modules/roles/default.nix
View File

@@ -1,7 +1,6 @@
{ ... }:
{
imports = [
./build-machine.nix
./client
];
}

6
hosts/modules/services/default.nix
View File

@@ -1,6 +0,0 @@
{ ... }:
{
imports = [
./duplicity.nix
];
}

30
hosts/modules/yggdrasil.nix
View File

@@ -1,30 +0,0 @@
# docs: <nixpkgs:nixos/modules/services/networking/yggdrasil.md>
# - or message CW/0x00
{ config, lib, ... }:
let
inherit (lib) mkIf mkOption types;
cfg = config.sane.yggdrasil;
in
{
options.sane.yggdrasil = {
enable = mkOption {
type = types.bool;
default = false;
};
};
config = mkIf cfg.enable {
services.yggdrasil = {
enable = true;
persistentKeys = true;
config = {
IFName = "ygg0";
Peers = [
"tls://longseason.1200bps.xyz:13122"
];
};
};
};
}

21
modules/data/feeds/sources/acquiredlpbonussecretsecret.libsyn.com/default.json
View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 443732,
"content_type": "application/rss+xml; charset=utf-8",
"description": "Ben and David are joined by expert founders and investors \u2014 writing the next generation of great company stories in real-time.\n\nWe go behind the scenes on their journeys and bring back emerging insights and lessons that are useful for anyone in the tech and investing ecosystems.\n\nAcquired covers yesterday. ACQ2 covers tomorrow.",
"favicon": "",
"favicon_data_uri": "",
"hubs": [],
"is_podcast": true,
"is_push": false,
"item_count": 92,
"last_updated": "2023-03-02T17:03:15+00:00",
"score": 10,
"self_url": "https://acquiredlpbonussecretsecret.libsyn.com/",
"site_name": "ACQ2 by Acquired",
"site_url": "https://acquiredlpbonussecretsecret.libsyn.com",
"title": "ACQ2 by Acquired",
"url": "https://acquiredlpbonussecretsecret.libsyn.com",
"velocity": 0.057,
"version": "rss20"
}

21
modules/data/feeds/sources/ascii.textfiles.com/default.json
View File

File diff suppressed because one or more lines are too long

21
modules/data/feeds/sources/blog.rust-lang.org/default.json
View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 76362,
"content_type": "application/xml; charset=utf-8",
"description": "Empowering everyone to build reliable and efficient software.",
"favicon": "https://blog.rust-lang.org/images/favicon-16x16.png",
"favicon_data_uri": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAA3XAAAN1wFCKJt4AAAAB3RJTUUH4gseBBkAzEcAUAAAAWlJREFUOMul079L1WEUBvCPdhPUzbhC3JYQwn6MLTU4CA5C/QMJimQS2NDiZpM0NDoZ0iK4+SdIV5ykpgKtIYyiqCBSuKBBibflufBiVxt64eV73uc855z3fb7ndPh7daMPU/gR7ByeYRc/nbJGMI8GjvAKb2M34hspA84U9jgeYAIv8Bi9+IxFnMcYLqCJ12WiYTzHL0wee05Xcb6H3+EOt8CeXK0Z526b/R1ruIL74c4nVi3v+4BvOAxhHzv4lHMTb3A1WAO1zqjdhRU8SjWpOIBBvAx2hFEsRZ8pmEn28ZC+FhXLvY9L4UwHm+ksBNo79kvf4QlWC61uxR5qkSqoJttkROqN7wDvk+Q6LuIh+nEnMdVSxOYJ+zKetsEbqFVy9QXMpYE28TE3gC+YxXaKDeFGYvYqIa7jZppjI/2w1GZGzia4npiDSpz1tCjcjg5VbAW7hrtpqjqW8/3nMLXee+IwdfzvOP8BuzB3onylpecAAAAASUVORK5CYII=",
"hubs": [],
"is_podcast": false,
"is_push": false,
"item_count": 10,
"last_updated": "2023-03-09T00:00:00+00:00",
"score": 20,
"self_url": "https://blog.rust-lang.org/feed.xml",
"site_name": "The Rust Programming Language Blog",
"site_url": "https://blog.rust-lang.org",
"title": "Rust Blog",
"url": "https://blog.rust-lang.org/feed.xml",
"velocity": 0.096,
"version": "atom10"
}

23
modules/data/feeds/sources/feeds.libsyn.com/421877/default.json
View File

@@ -1,23 +0,0 @@
{
"bozo": 0,
"content_length": 272569,
"content_type": "text/xml; charset=utf-8",
"description": "Audio version of the posts shared in the LessWrong Curated newsletter.",
"favicon": "",
"favicon_data_uri": "",
"hubs": [
"https://pubsubhubbub.appspot.com/"
],
"is_podcast": true,
"is_push": true,
"item_count": 56,
"last_updated": "2023-03-08T08:00:00+00:00",
"score": 32,
"self_url": "https://feeds.buzzsprout.com/2037297.rss",
"site_name": "",
"site_url": "",
"title": "LessWrong Curated Podcast",
"url": "https://feeds.buzzsprout.com/2037297.rss",
"velocity": 0.192,
"version": "rss20"
}

21
modules/data/feeds/sources/feeds.megaphone.fm/hubermanlab/default.json
View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 1377252,
"content_type": "application/xml; charset=utf-8",
"description": "Andrew Huberman, Ph.D.",
"favicon": "",
"favicon_data_uri": "",
"hubs": [],
"is_podcast": true,
"is_push": false,
"item_count": 129,
"last_updated": "2023-03-06T09:00:00+00:00",
"score": 14,
"self_url": "https://feeds.megaphone.fm/hubermanlab",
"site_name": "",
"site_url": "",
"title": "Huberman Lab",
"url": "https://feeds.megaphone.fm/hubermanlab",
"velocity": 0.159,
"version": "rss20"
}

21
modules/data/feeds/sources/mapspodcast.libsyn.com/default.json
View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 256360,
"content_type": "application/rss+xml; charset=utf-8",
"description": "Hosted by Zach Leary, the intent of the podcast is to bring you the listener an easily accessible resource for a variety of topics all related to psychedelic research. There is a lot to learn about new research into the therapeutic potential of psychedelics and marijuana. Over the years, the Multidisciplinary Association for Psychedelic Studies (MAPS) has amassed an incredible treasure trove of audio archives sourced from the amazing talks, presentations and panels that have taken place at past Psychedelic Science conferences and other unique events. By selecting some of that content and then bringing it to you in a podcast we hope to create a centralized location for the greater MAPS community. If you're a researcher, scientist, medical professional or just a curiosity seeker we hope that you'll find this content a valuable resource tool.\n\nPlease visit the MAPS website at https://maps.org",
"favicon": "",
"favicon_data_uri": "",
"hubs": [],
"is_podcast": true,
"is_push": false,
"item_count": 62,
"last_updated": "2023-03-06T20:20:00+00:00",
"score": 0,
"self_url": "https://feeds.libsyn.com/95610/rss",
"site_name": "",
"site_url": "",
"title": "MAPS Podcast",
"url": "https://feeds.libsyn.com/95610/rss",
"velocity": 0.028,
"version": "rss20"
}

21
modules/data/feeds/sources/omny.fm/shows/cool-people-who-did-cool-stuff/default.json
View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 242702,
"content_type": "application/xml; charset=utf-8",
"description": "<p>As long as there&rsquo;s been oppression, there&rsquo;ve been people fighting it. This weekly podcast dives into history to drag up the wildest rebels, the most beautiful revolts, and all the people who long to be&mdash;and fight to be&mdash;free. It explores complex stories of resistance that offer lessons and inspiration for us today, focusing on the ensemble casts that make up each act of history. That is to say, this podcast focuses on Cool People Who Did Cool Stuff.</p>",
"favicon": "",
"favicon_data_uri": "",
"hubs": [],
"is_podcast": true,
"is_push": false,
"item_count": 86,
"last_updated": "2023-03-20T04:01:00+00:00",
"score": -12,
"self_url": "https://www.omnycontent.com/d/playlist/e73c998e-6e60-432f-8610-ae210140c5b1/45bcda9a-4724-45c0-82ca-ae7f00e1dd18/f21245f2-a297-42f7-a016-ae7f00e390c4/podcast.rss",
"site_name": "",
"site_url": "",
"title": "Cool People Who Did Cool Stuff",
"url": "https://www.omnycontent.com/d/playlist/e73c998e-6e60-432f-8610-ae210140c5b1/45bcda9a-4724-45c0-82ca-ae7f00e1dd18/f21245f2-a297-42f7-a016-ae7f00e390c4/podcast.rss",
"velocity": 0.256,
"version": "rss20"
}

21
modules/data/feeds/sources/poorlydrawnlines.com/feed/default.json
View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 13524,
"content_type": "application/rss+xml; charset=utf-8",
"description": "A Comic",
"favicon": "http://www.poorlydrawnlines.com/wp-content/themes/PoorlyDrawnLines/images/favicon.ico",
"favicon_data_uri": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAK6wAACusBgosNWgAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNXG14zYAAAE+SURBVDiNnZO9rgFRFIW/Yy4KCldDN4VCQ63STTyAR0BU3kEy8SQeYiIRKq+gkFytZAo/0VBZtxC5Y85McFdymr2Sb6+z9zlG0g/wTUyHwwGAcrkct6I6IumsiHa7nTqdjkqlknK5nBqNhsbjsU6nkxJ0RtI+WgmCQICMMWq323JdV4BarZbCMIwD9hZgNpsJ0Gg0kiRdr1f1+30B6vV6FiATv5TjOABUKhUA8vk8w+EQgPV6bQ3BAki6G5k/KwxDADzPswBfaYDNZsNyuWS73TKZTCgWiwwGA3sP8RnM53MBT6dQKGg6nSZtYW8leER3XZd6vY7neXS7XWq1mt09KcFisRAg3/eTOr7ewkO32y3Nek6cZjyG+W/Au0p9B58kyEYLxpi7kXkrXNYo9p0vlwur1Ypms0m1Wn0FOP4CBWA38rLJ0EUAAAAASUVORK5CYII=",
"hubs": [],
"is_podcast": false,
"is_push": false,
"item_count": 10,
"last_updated": "2023-03-22T17:51:01+00:00",
"score": 12,
"self_url": "https://poorlydrawnlines.com/feed/",
"site_name": "Poorly Drawn Lines",
"site_url": "https://poorlydrawnlines.com",
"title": "Poorly Drawn Lines",
"url": "https://poorlydrawnlines.com/feed/",
"velocity": 0.272,
"version": "rss20"
}

21
modules/data/feeds/sources/reverseengineering.libsyn.com/rss/default.json
View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 560867,
"content_type": "application/rss+xml; charset=utf-8",
"description": "Listen and learn about different reverse engineering hardware projects and methods as Alvaro (@alvaroprieto) and Jen(@rebelbotjen) talk with guests about their work.",
"favicon": "",
"favicon_data_uri": "",
"hubs": [],
"is_podcast": true,
"is_push": false,
"item_count": 63,
"last_updated": "2022-12-30T15:42:48+00:00",
"score": 18,
"self_url": "https://reverseengineering.libsyn.com/rss",
"site_name": "",
"site_url": "",
"title": "Unnamed Reverse Engineering Podcast",
"url": "https://reverseengineering.libsyn.com/rss",
"velocity": 0.032,
"version": "rss20"
}

21
modules/data/feeds/sources/thisweek.gnome.org/default.json
View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 1250267,
"content_type": "text/xml; charset=utf-8",
"description": "Recent content on This Week in GNOME",
"favicon": "https://thisweek.gnome.org/images/favicon-32x32.png",
"favicon_data_uri": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAABYAAAAWABINkT2gAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAAAI5SURBVFiFvdZPiE1RHAfwz/xBxhSTISxYaJSiJAklioWNjYWVhYWUtYRMslEWSv7WkPybsbHSGMmGDUmhyEKihMgsjMQsnjEW597emdt7z7vvvplvnTr3d3/n9/3ec8/vd35MHVqnkAu0YR+eoYQxPMWyZhEswH0M43DmXTuGMF5hXGyWgMEo6A8Tt/h0FfJxnGmEbA160ZU8twvbGgeenrxbgj81BKzNS746IhtIbB2ZoJ8j/6M1yIfyksORKMB3tCT2T5H9cuR/qwr5NyzMBq8nNYaj+Zxonu5GSfjnKdoqxBjBdnypg08XruFA8jwfv5W/IkUH+rAzs77XxC9/g1X1EKc4Fy3enNj2Cnl8qY71nejHk0TMzDzkcCUScCGy92BG3mD/Q3sF2w3sTuZLI/vbaN6NbVgnpN28xFYSDudjYRfiNblwTNiBqxn7VtxRO8/TUcL+RgXACsxN5otxtw7S7PiLlUVEwAbh9OclT8euIuTLheLTKPm4cE4aQgseFSR/qFw5c2NjQfJ3WNQoOZwoQH5PSMtCGGiAeBSHNKn96stJ/kAT2y3YUyfxLxw0CU1nj1BIapG/EErxpCHu+7Ljo3KlTNGNs/iQ+PzE8SIC1qu+C6cq+Fcq1yNFBMDJKgKeY1rG93UFv9tFBUwXrtdKIgaV832T0LRkfbYUFQCzVS/Lo3il8hXd3wzyFJ24WUVEtXtgVjMFpNiB9zWIx4RWLncvmAetQkt2XTh4X/ES5zWhAZlS/AMHdE5EpHwlOQAAAABJRU5ErkJggg==",
"hubs": [],
"is_podcast": false,
"is_push": false,
"item_count": 86,
"last_updated": "2023-03-10T00:00:00+00:00",
"score": 46,
"self_url": "https://thisweek.gnome.org/index.xml",
"site_name": "This Week in GNOME",
"site_url": "https://thisweek.gnome.org",
"title": "This Week in GNOME",
"url": "https://thisweek.gnome.org/index.xml",
"velocity": 0.141,
"version": "rss20"
}

21
modules/data/feeds/sources/xn--gckvb8fzb.com/default.json
View File

File diff suppressed because one or more lines are too long

6
modules/default.nix
View File

@@ -4,14 +4,16 @@
imports = [
./feeds.nix
./fs
./gui
./home-manager
./ids.nix
./programs.nix
./packages.nix
./image.nix
./nixcache.nix
./persist
./services
./sops.nix
./ssh.nix
./users.nix
];
_module.args = {

2
modules/fs/default.nix
View File

@@ -189,7 +189,7 @@ let
serviceConfig.Type = "oneshot";
script = wrapper.script;
scriptArgs = escapeShellArgs wrapper.scriptArgs;
scriptArgs = builtins.concatStringsSep " " wrapper.scriptArgs;
after = gen-opt.depends;
wants = gen-opt.depends;

31
modules/gui/default.nix Normal file
View File

@@ -0,0 +1,31 @@
{ lib, config, ... }:
with lib;
let
cfg = config.sane.gui;
in
{
imports = [
./gnome.nix
./phosh.nix
./plasma.nix
./plasma-mobile.nix
./sway.nix
];
options = {
# doesn't directly create outputs. consumed by e.g. home-manager.nix module
sane.gui.enable = mkOption {
default = false;
type = types.bool;
};
};
config = lib.mkIf cfg.enable {
sane.packages.enableGuiPkgs = lib.mkDefault true;
# preserve backlight brightness across power cycles
# see `man systemd-backlight`
sane.persist.sys.plaintext = [ "/var/lib/systemd/backlight" ];
};
}

4
hosts/modules/gui/gnome.nix → modules/gui/gnome.nix
View File

@@ -13,7 +13,7 @@ in
};
config = mkIf cfg.enable {
sane.programs.guiApps.enableFor.user.colin = true;
sane.gui.enable = true;
# start gnome/gdm on boot
services.xserver.enable = true;
@@ -25,7 +25,7 @@ in
networking.networkmanager.enable = true;
networking.wireless.enable = lib.mkForce false;
};
# user extras:
# home-mananger.users.colin extras
# obtain these by running `dconf dump /` after manually customizing gnome
# TODO: fix "is not of type `GVariant value'"
# dconf.settings = lib.mkIf (gui == "gnome") {

85
hosts/modules/gui/phosh.nix → modules/gui/phosh.nix
View File

@@ -20,43 +20,9 @@ in
};
};
config = mkMerge [
config = mkIf cfg.enable (mkMerge [
{
sane.programs.phoshApps = {
package = null;
suggestedPrograms = [
"guiApps"
# TODO: see about removing gnome-bluetooth if the in-built gnome-settings bluetooth manager can work
"gnome.gnome-bluetooth"
"gnome.gnome-terminal"
"phosh-mobile-settings"
# "plasma5Packages.konsole" # more reliable terminal
];
};
}
{
sane.programs = {
inherit (pkgs // {
"gnome.gnome-bluetooth" = pkgs.gnome.gnome-bluetooth;
"gnome.gnome-terminal" = pkgs.gnome.gnome-terminal;
"plasma5Packages.konsole" = pkgs.plasma5Packages.konsole;
})
phosh-mobile-settings
"plasma5Packages.konsole"
# "gnome.gnome-bluetooth"
"gnome.gnome-terminal"
;
};
}
(mkIf cfg.enable {
sane.programs.phoshApps.enableFor.user.colin = true;
# TODO(2023/02/28): remove this qt.style = "gtk2" override.
# gnome by default tells qt to stylize its apps similar to gnome.
# but the package needed for that doesn't cross-compile, hence i disable that here.
# qt.platformTheme = "gtk2";
# qt.style = "gtk2";
sane.gui.enable = true;
# docs: https://github.com/NixOS/nixpkgs/blob/nixos-22.05/nixos/modules/services/x11/desktop-managers/phosh.nix
services.xserver.desktopManager.phosh = {
@@ -72,26 +38,6 @@ in
};
};
# phosh enables `services.gnome.{core-os-services, core-shell}`
# and this in turn enables some default apps we don't really care about.
# see <nixos/modules/services/x11/desktop-managers/gnome.nix>
environment.gnome.excludePackages = with pkgs; [
# gnome.gnome-menus # unused outside gnome classic, but probably harmless
gnome-tour
];
services.dleyna-renderer.enable = false;
services.dleyna-server.enable = false;
services.gnome.gnome-browser-connector.enable = false;
services.gnome.gnome-initial-setup.enable = false;
services.gnome.gnome-online-accounts.enable = false;
services.gnome.gnome-remote-desktop.enable = false;
services.gnome.gnome-user-share.enable = false;
services.gnome.rygel.enable = false;
# gnome doesn't use mkDefault for these -- unclear why not
services.gnome.evolution-data-server.enable = mkForce false;
services.gnome.gnome-online-miners.enable = mkForce false;
# XXX: phosh enables networkmanager by default; can probably disable these lines
networking.useDHCP = false;
networking.networkmanager.enable = true;
@@ -113,27 +59,14 @@ in
NIXOS_OZONE_WL = "1";
};
programs.dconf.packages = [
# org.kde.konsole.desktop
(pkgs.writeTextFile {
name = "dconf-phosh-settings";
destination = "/etc/dconf/db/site.d/00_phosh_settings";
text = ''
[org/gnome/desktop/interface]
show-battery-percentage=true
sane.packages.extraUserPkgs = with pkgs; [
phosh-mobile-settings
[org/gnome/settings-daemon/plugins/power]
sleep-inactive-ac-timeout=5400
sleep-inactive-battery-timeout=5400
[sm/puri/phosh]
favorites=['gpodder.desktop', 'nheko.desktop', 'sublime-music.desktop', 'firefox.desktop', 'org.gnome.Terminal.desktop']
'';
})
# TODO: see about removing this if the in-built gnome-settings bluetooth manager can work
gnome.gnome-bluetooth
];
})
(mkIf (cfg.enable && cfg.useGreeter) {
}
(mkIf cfg.useGreeter {
services.xserver.enable = true;
# NB: setting defaultSession has the critical side-effect that it lets org.freedesktop.AccountsService
# know that our user exists. this ensures lightdm succeeds when calling /org/freedesktop/AccountsServices ListCachedUsers
@@ -159,5 +92,5 @@ in
systemd.services.phosh.wantedBy = lib.mkForce []; # disable auto-start
})
];
]);
}

3
hosts/modules/gui/plasma-mobile.nix → modules/gui/plasma-mobile.nix
View File

@@ -13,8 +13,7 @@ in
};
config = mkIf cfg.enable {
sane.programs.guiApps.enableFor.user.colin = true;
sane.gui.enable = true;
# start plasma-mobile on boot
services.xserver.enable = true;
services.xserver.desktopManager.plasma5.mobile.enable = true;

2
hosts/modules/gui/plasma.nix → modules/gui/plasma.nix
View File

@@ -13,7 +13,7 @@ in
};
config = mkIf cfg.enable {
sane.programs.guiApps.enableFor.user.colin = true;
sane.gui.enable = true;
# start plasma on boot
services.xserver.enable = true;

0
hosts/modules/gui/snippets.txt → modules/gui/snippets.txt
View File

651
modules/gui/sway.nix Normal file
View File

@@ -0,0 +1,651 @@
{ config, lib, pkgs, sane-lib, ... }:
# docs: https://nixos.wiki/wiki/Sway
with lib;
let
cfg = config.sane.gui.sway;
# docs: https://github.com/Alexays/Waybar/wiki/Configuration
# format specifiers: https://fmt.dev/latest/syntax.html#syntax
waybar-config = [
{ # TOP BAR
layer = "top";
height = 40;
modules-left = ["sway/workspaces" "sway/mode"];
modules-center = ["sway/window"];
modules-right = ["custom/mediaplayer" "clock" "battery" "cpu" "network"];
"sway/window" = {
max-length = 50;
};
# include song artist/title. source: https://www.reddit.com/r/swaywm/comments/ni0vso/waybar_spotify_tracktitle/
"custom/mediaplayer" = {
exec = pkgs.writeShellScript "waybar-mediaplayer" ''
player_status=$(${pkgs.playerctl}/bin/playerctl status 2> /dev/null)
if [ "$player_status" = "Playing" ]; then
echo "$(${pkgs.playerctl}/bin/playerctl metadata artist) - $(${pkgs.playerctl}/bin/playerctl metadata title)"
elif [ "$player_status" = "Paused" ]; then
echo " $(${pkgs.playerctl}/bin/playerctl metadata artist) - $(${pkgs.playerctl}/bin/playerctl metadata title)"
fi
'';
interval = 2;
format = "{} ";
# return-type = "json";
on-click = "${pkgs.playerctl}/bin/playerctl play-pause";
on-scroll-up = "${pkgs.playerctl}/bin/playerctl next";
on-scroll-down = "${pkgs.playerctl}/bin/playerctl previous";
};
network = {
# docs: https://github.com/Alexays/Waybar/blob/master/man/waybar-network.5.scd
interval = 2;
max-length = 40;
# custom :> format specifier explained here: https://github.com/Alexays/Waybar/pull/472
format-ethernet = " {bandwidthUpBits:>} {bandwidthDownBits:>}";
tooltip-format-ethernet = "{ifname} {bandwidthUpBits:>} {bandwidthDownBits:>}";
format-wifi = "{ifname} ({signalStrength}%) {bandwidthUpBits:>} {bandwidthDownBits:>}";
tooltip-format-wifi = "{essid} ({signalStrength}%) {bandwidthUpBits:>} {bandwidthDownBits:>}";
format-disconnected = "";
};
cpu = {
format = " {usage:2}%";
tooltip = false;
};
battery = {
states = {
good = 95;
warning = 30;
critical = 10;
};
format = "{icon} {capacity}%";
format-icons = [
""
""
""
""
""
];
};
clock = {
format-alt = "{:%a, %d. %b %H:%M}";
};
}
];
waybar-config-text = lib.generators.toJSON {} waybar-config;
in
{
options = {
sane.gui.sway.enable = mkOption {
default = false;
type = types.bool;
};
sane.gui.sway.useGreeter = mkOption {
description = ''
launch sway via a greeter (like greetd's gtkgreet).
sway is usable without a greeter, but skipping the greeter means no PAM session.
'';
default = true;
type = types.bool;
};
};
config = mkIf cfg.enable {
sane.gui.enable = true;
programs.sway = {
# we configure sway with home-manager, but this enable gets us e.g. opengl and fonts
enable = true;
};
# instead of using `services.greetd`, can instead use SDDM by swapping in these lines.
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.enable = true;
services.greetd = let
swayConfig-greeter = pkgs.writeText "greetd-sway-config" ''
# `-l` activates layer-shell mode.
exec "${pkgs.greetd.gtkgreet}/bin/gtkgreet -l -c sway"
'';
default_session = {
"01" = {
# greeter session config
command = "${pkgs.sway}/bin/sway --config ${swayConfig-greeter}";
# alternatives:
# - TTY: `command = "${pkgs.greetd.greetd}/bin/agreety --cmd ${pkgs.sway}/bin/sway";`
# - autologin: `command = "${pkgs.sway}/bin/sway"; user = "colin";`
# - Dumb Login (doesn't work)": `command = "${pkgs.greetd.dlm}/bin/dlm";`
};
"0" = {
# no greeter
command = "${pkgs.sway}/bin/sway";
user = "colin";
};
};
in {
# greetd source/docs:
# - <https://git.sr.ht/~kennylevinsen/greetd>
enable = true;
settings = {
default_session = default_session."0${builtins.toString cfg.useGreeter}";
};
};
# some programs (e.g. fractal) **require** a "Secret Service Provider"
services.gnome.gnome-keyring.enable = true;
# unlike other DEs, sway configures no audio stack
# administer with pw-cli, pw-mon, pw-top commands
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true; # ??
pulse.enable = true;
};
networking.useDHCP = false;
networking.networkmanager.enable = true;
networking.wireless.enable = lib.mkForce false;
hardware.bluetooth.enable = true;
services.blueman.enable = true;
# gsd provides Rfkill, which is required for the bluetooth pane in gnome-control-center to work
services.gnome.gnome-settings-daemon.enable = true;
# start the components of gsd we need at login
systemd.user.targets."org.gnome.SettingsDaemon.Rfkill".wantedBy = [ "graphical-session.target" ];
# go ahead and `systemctl --user cat gnome-session-initialized.target`. i dare you.
# the only way i can figure out how to get Rfkill to actually load is to just disable all the shit it depends on.
# it doesn't actually seem to need ANY of them in the first place T_T
systemd.user.targets."gnome-session-initialized".enable = false;
# bluez can't connect to audio devices unless pipewire is running.
# a system service can't depend on a user service, so just launch it at graphical-session
systemd.user.services."pipewire".wantedBy = [ "graphical-session.target" ];
sane.home-manager.windowManager.sway = {
enable = true;
wrapperFeatures.gtk = true;
config = let
fuzzel = "${pkgs.fuzzel}/bin/fuzzel";
sed = "${pkgs.gnused}/bin/sed";
wtype = "${pkgs.wtype}/bin/wtype";
kitty = "${pkgs.kitty}/bin/kitty";
lock-cmd = "${pkgs.swaylock}/bin/swaylock --indicator-idle-visible --indicator-radius 100 --indicator-thickness 30";
vol-up-cmd = "${pkgs.pulsemixer}/bin/pulsemixer --change-volume +5";
vol-down-cmd = "${pkgs.pulsemixer}/bin/pulsemixer --change-volume -5";
mute-cmd = "${pkgs.pulsemixer}/bin/pulsemixer --toggle-mute";
brightness-up-cmd = "${pkgs.brightnessctl}/bin/brightnessctl set +2%";
brightness-down-cmd = "${pkgs.brightnessctl}/bin/brightnessctl set 2%-";
screenshot-cmd = "${pkgs.sway-contrib.grimshot}/bin/grimshot copy area";
# "bookmarking"/snippets inspired by Luke Smith:
# - <https://www.youtube.com/watch?v=d_11QaTlf1I>
snip-file = ./snippets.txt;
# TODO: querying sops here breaks encapsulation
list-snips = "cat ${snip-file} ${config.sops.secrets.snippets.path}";
strip-comments = "${sed} 's/ #.*$//'";
snip-cmd = "${wtype} $(${list-snips} | ${fuzzel} -d -i -w 60 | ${strip-comments})";
# TODO: next splatmoji release should allow `-s none` to disable skin tones
emoji-cmd = "${pkgs.splatmoji}/bin/splatmoji -s medium-light type";
in rec {
terminal = kitty;
window = {
border = 3; # pixel boundary between windows
hideEdgeBorders = "smart"; # don't show border if only window on workspace
};
output = {
### DESKTOP
"Samsung Electric Company S22C300 0x00007F35" = { pos = "0,0"; res = "1920x1080"; };
"Goldstar Company Ltd LG ULTRAWIDE 0x00004E94" = { pos = "1920,0"; res = "3440x1440"; };
### LAPTOP
# shen TV
"Pioneer Electronic Corporation VSX-524 0x00000101" = { pos = "0,0"; res = "1920x1080"; };
# internal display
"Unknown 0x0637 0x00000000" = { pos = "1920,0"; res = "1920x1080"; };
};
# defaults; required for keybindings decl.
modifier = "Mod1";
# list of launchers: https://www.reddit.com/r/swaywm/comments/v39hxa/your_favorite_launcher/
# menu = "${pkgs.dmenu}/bin/dmenu_path";
menu = fuzzel;
# menu = "${pkgs.albert}/bin/albert";
left = "h";
down = "j";
up = "k";
right = "l";
# XKB key names: https://wiki.linuxquestions.org/wiki/List_of_Keysyms_Recognised_by_Xmodmap
keybindings = {
"${modifier}+Return" = "exec ${terminal}";
"${modifier}+Shift+q" = "kill";
"${modifier}+d" = "exec ${menu}";
"${modifier}+s" = "exec ${snip-cmd}";
"${modifier}+l" = "exec ${lock-cmd}";
"${modifier}+slash" = "exec ${emoji-cmd}";
# "${modifier}+${left}" = "focus left";
# "${modifier}+${down}" = "focus down";
# "${modifier}+${up}" = "focus up";
# "${modifier}+${right}" = "focus right";
"${modifier}+Left" = "focus left";
"${modifier}+Down" = "focus down";
"${modifier}+Up" = "focus up";
"${modifier}+Right" = "focus right";
# "${modifier}+Shift+${left}" = "move left";
# "${modifier}+Shift+${down}" = "move down";
# "${modifier}+Shift+${up}" = "move up";
# "${modifier}+Shift+${right}" = "move right";
"${modifier}+Shift+Left" = "move left";
"${modifier}+Shift+Down" = "move down";
"${modifier}+Shift+Up" = "move up";
"${modifier}+Shift+Right" = "move right";
"${modifier}+b" = "splith";
"${modifier}+v" = "splitv";
"${modifier}+f" = "fullscreen toggle";
"${modifier}+a" = "focus parent";
# "${modifier}+s" = "layout stacking";
"${modifier}+w" = "layout tabbed";
"${modifier}+e" = "layout toggle split";
"${modifier}+Shift+space" = "floating toggle";
"${modifier}+space" = "focus mode_toggle";
"${modifier}+1" = "workspace number 1";
"${modifier}+2" = "workspace number 2";
"${modifier}+3" = "workspace number 3";
"${modifier}+4" = "workspace number 4";
"${modifier}+5" = "workspace number 5";
"${modifier}+6" = "workspace number 6";
"${modifier}+7" = "workspace number 7";
"${modifier}+8" = "workspace number 8";
"${modifier}+9" = "workspace number 9";
"${modifier}+Shift+1" =
"move container to workspace number 1";
"${modifier}+Shift+2" =
"move container to workspace number 2";
"${modifier}+Shift+3" =
"move container to workspace number 3";
"${modifier}+Shift+4" =
"move container to workspace number 4";
"${modifier}+Shift+5" =
"move container to workspace number 5";
"${modifier}+Shift+6" =
"move container to workspace number 6";
"${modifier}+Shift+7" =
"move container to workspace number 7";
"${modifier}+Shift+8" =
"move container to workspace number 8";
"${modifier}+Shift+9" =
"move container to workspace number 9";
"${modifier}+Shift+minus" = "move scratchpad";
"${modifier}+minus" = "scratchpad show";
"${modifier}+Shift+c" = "reload";
"${modifier}+Shift+e" =
"exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'";
"${modifier}+r" = "mode resize";
# media keys
XF86MonBrightnessDown = "exec ${brightness-down-cmd}";
XF86MonBrightnessUp = "exec ${brightness-up-cmd}";
# TODO: hook into a visual prompt to display volume?
XF86AudioRaiseVolume = "exec ${vol-up-cmd}";
XF86AudioLowerVolume = "exec ${vol-down-cmd}";
XF86AudioMute = "exec ${mute-cmd}";
"${modifier}+Page_Up" = "exec ${vol-up-cmd}";
"${modifier}+Page_Down" = "exec ${vol-down-cmd}";
"${modifier}+Print" = "exec ${screenshot-cmd}";
};
# mostly defaults:
bars = [{
mode = "dock";
hiddenState = "hide";
position = "top";
command = "${pkgs.waybar}/bin/waybar";
workspaceButtons = true;
workspaceNumbers = true;
statusCommand = "${pkgs.i3status}/bin/i3status";
fonts = {
# names = [ "monospace" "Noto Color Emoji" ];
# size = 8.0;
# names = [ "Font Awesome 6 Free" "DejaVu Sans" "Hack" ];
# names = with config.fonts.fontconfig.defaultFonts; (emoji ++ monospace ++ serif ++ sansSerif);
names = with config.fonts.fontconfig.defaultFonts; (monospace ++ emoji);
size = 24.0;
};
trayOutput = "primary";
colors = {
background = "#000000";
statusline = "#ffffff";
separator = "#666666";
focusedWorkspace = {
border = "#4c7899";
background = "#285577";
text = "#ffffff";
};
activeWorkspace = {
border = "#333333";
background = "#5f676a";
text = "#ffffff";
};
inactiveWorkspace = {
border = "#333333";
background = "#222222";
text = "#888888";
};
urgentWorkspace = {
border = "#2f343a";
background = "#900000";
text = "#ffffff";
};
bindingMode = {
border = "#2f343a";
background = "#900000";
text = "#ffffff";
};
};
}];
};
};
sane.fs."/home/colin/.config/waybar/config" = sane-lib.fs.wantedText waybar-config-text;
# style docs: https://github.com/Alexays/Waybar/wiki/Styling
sane.fs."/home/colin/.config/waybar/style.css" = sane-lib.fs.wantedText ''
* {
font-family: monospace;
}
/* defaults below: https://github.com/Alexays/Waybar/blob/master/resources/style.css */
window#waybar {
background-color: rgba(43, 48, 59, 0.5);
border-bottom: 3px solid rgba(100, 114, 125, 0.5);
color: #ffffff;
transition-property: background-color;
transition-duration: .5s;
}
window#waybar.hidden {
opacity: 0.2;
}
/*
window#waybar.empty {
background-color: transparent;
}
window#waybar.solo {
background-color: #FFFFFF;
}
*/
window#waybar.termite {
background-color: #3F3F3F;
}
window#waybar.chromium {
background-color: #000000;
border: none;
}
#workspaces button {
padding: 0 5px;
background-color: transparent;
color: #ffffff;
/* Use box-shadow instead of border so the text isn't offset */
box-shadow: inset 0 -3px transparent;
/* Avoid rounded borders under each workspace name */
border: none;
border-radius: 0;
}
/* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
#workspaces button:hover {
background: rgba(0, 0, 0, 0.2);
box-shadow: inset 0 -3px #ffffff;
}
#workspaces button.focused {
background-color: #64727D;
box-shadow: inset 0 -3px #ffffff;
}
#workspaces button.urgent {
background-color: #eb4d4b;
}
#mode {
background-color: #64727D;
border-bottom: 3px solid #ffffff;
}
#clock,
#battery,
#cpu,
#memory,
#disk,
#temperature,
#backlight,
#network,
#pulseaudio,
#custom-media,
#tray,
#mode,
#idle_inhibitor,
#mpd {
padding: 0 10px;
color: #ffffff;
}
#window,
#workspaces {
margin: 0 4px;
}
/* If workspaces is the leftmost module, omit left margin */
.modules-left > widget:first-child > #workspaces {
margin-left: 0;
}
/* If workspaces is the rightmost module, omit right margin */
.modules-right > widget:last-child > #workspaces {
margin-right: 0;
}
#clock {
background-color: #64727D;
}
#battery {
background-color: #ffffff;
color: #000000;
}
#battery.charging, #battery.plugged {
color: #ffffff;
background-color: #26A65B;
}
@keyframes blink {
to {
background-color: #ffffff;
color: #000000;
}
}
#battery.critical:not(.charging) {
background-color: #f53c3c;
color: #ffffff;
animation-name: blink;
animation-duration: 0.5s;
animation-timing-function: linear;
animation-iteration-count: infinite;
animation-direction: alternate;
}
label:focus {
background-color: #000000;
}
#cpu {
background-color: #2ecc71;
color: #000000;
}
#memory {
background-color: #9b59b6;
}
#disk {
background-color: #964B00;
}
#backlight {
background-color: #90b1b1;
}
#network {
background-color: #2980b9;
}
#network.disconnected {
background-color: #f53c3c;
}
#pulseaudio {
background-color: #f1c40f;
color: #000000;
}
#pulseaudio.muted {
background-color: #90b1b1;
color: #2a5c45;
}
#custom-media {
background-color: #66cc99;
color: #2a5c45;
min-width: 100px;
}
#custom-media.custom-spotify {
background-color: #66cc99;
}
#custom-media.custom-vlc {
background-color: #ffa000;
}
#temperature {
background-color: #f0932b;
}
#temperature.critical {
background-color: #eb4d4b;
}
#tray {
background-color: #2980b9;
}
#tray > .passive {
-gtk-icon-effect: dim;
}
#tray > .needs-attention {
-gtk-icon-effect: highlight;
background-color: #eb4d4b;
}
#idle_inhibitor {
background-color: #2d3436;
}
#idle_inhibitor.activated {
background-color: #ecf0f1;
color: #2d3436;
}
#mpd {
background-color: #66cc99;
color: #2a5c45;
}
#mpd.disconnected {
background-color: #f53c3c;
}
#mpd.stopped {
background-color: #90b1b1;
}
#mpd.paused {
background-color: #51a37a;
}
#language {
background: #00b093;
color: #740864;
padding: 0 5px;
margin: 0 5px;
min-width: 16px;
}
#keyboard-state {
background: #97e1ad;
color: #000000;
padding: 0 0px;
margin: 0 5px;
min-width: 16px;
}
#keyboard-state > label {
padding: 0 5px;
}
#keyboard-state > label.locked {
background: rgba(0, 0, 0, 0.2);
}
'';
# style = ''
# * {
# border: none;
# border-radius: 0;
# font-family: Source Code Pro;
# }
# window#waybar {
# background: #16191C;
# color: #AAB2BF;
# }
# #workspaces button {
# padding: 0 5px;
# }
# .custom-spotify {
# padding: 0 10px;
# margin: 0 4px;
# background-color: #1DB954;
# color: black;
# }
# '';
sane.packages.extraUserPkgs = with pkgs; [
swaylock
swayidle # (unused)
wl-clipboard
mako # notification daemon
xdg-utils # for xdg-open
# user stuff
# pavucontrol
sway-contrib.grimshot
gnome.gnome-bluetooth
gnome.gnome-control-center
];
};
}

52
modules/home-manager/default.nix Normal file
View File

@@ -0,0 +1,52 @@
# docs:
# https://rycee.gitlab.io/home-manager/
# https://rycee.gitlab.io/home-manager/options.html
# man home-configuration.nix
#
{ lib, config, pkgs, ... }:
with lib;
let
cfg = config.sane.home-manager;
# extract `pkg` from `sane.packages.enabledUserPkgs`
pkg-list = pkgspec: builtins.map (e: e.pkg) pkgspec;
in
{
options = {
sane.home-manager.enable = mkOption {
default = false;
type = types.bool;
};
# attributes to copy directly to home-manager's `wayland.windowManager` option
sane.home-manager.windowManager = mkOption {
default = {};
type = types.attrs;
};
};
config = lib.mkIf cfg.enable {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.colin = {
# run `home-manager-help` to access manpages
# or `man home-configuration.nix`
manual.html.enable = false; # TODO: set to true later (build failure)
manual.manpages.enable = false; # TODO: enable after https://github.com/nix-community/home-manager/issues/3344
home.packages = pkg-list config.sane.packages.enabledUserPkgs;
wayland.windowManager = cfg.windowManager;
home.stateVersion = "21.11";
home.username = "colin";
home.homeDirectory = "/home/colin";
programs = {
# XXX: unsure what this does?
home-manager.enable = true;
};
};
};
}

6
modules/lib/default.nix
View File

@@ -20,13 +20,9 @@ sane-lib = rec {
isPrefixOfList = p: l: (lib.sublist 0 (lib.length p) l) == p;
# merges N attrsets
# Type: joinAttrsets :: [AttrSet] -> AttrSet
# Type: flattenAttrsList :: [AttrSet] -> AttrSet
joinAttrsets = l: lib.foldl' lib.attrsets.unionOfDisjoint {} l;
# merges N attrsets, recursively
# Type: joinAttrsetsRecursive :: [AttrSet] -> AttrSet
joinAttrsetsRecursive = l: lib.foldl' (lib.attrsets.recursiveUpdateUntil (path: lhs: rhs: false)) {} l;
# evaluate a `{ name, value }` pair in the same way that `listToAttrs` does.
# Type: nameValueToAttrs :: { name :: String, value :: Any } -> Any
nameValueToAttrs = { name, value }: {

2
modules/lib/merge.nix
View File

@@ -17,7 +17,7 @@ rec {
merged = builtins.map (p: lib.setAttrByPath p (mergeAtPath p discharged)) pathsToMerge;
in
assert builtins.all (assertNoExtraPaths pathsToMerge) discharged;
sane-lib.joinAttrsetsRecursive merged;
sane-lib.joinAttrsets merged;
# `take` is as in mkTypedMerge. this function queries which items `take` is interested in.
# for example:

19
hosts/modules/nixcache.nix → modules/nixcache.nix
View File

@@ -13,7 +13,6 @@
with lib;
let
cfg = config.sane.nixcache;
hostName = config.networking.hostName;
in
{
options = {
@@ -25,17 +24,6 @@ in
default = config.sane.nixcache.enable;
type = types.bool;
};
sane.nixcache.substituters = mkOption {
type = types.listOf types.string;
default =
# TODO: make these blacklisted entries injectable
(lib.optional (hostName != "servo") "https://nixcache.uninsane.org")
++ (lib.optional (hostName != "servo" && hostName != "desko") "http://desko:5000")
++ [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
};
};
config = {
@@ -43,7 +31,12 @@ in
# to explicitly build from a specific cache (in case others are down):
# - `nixos-rebuild ... --option substituters https://cache.nixos.org`
# - `nix build ... --substituters http://desko:5000`
nix.settings.substituters = mkIf cfg.enable cfg.substituters;
nix.settings.substituters = mkIf cfg.enable [
"https://nixcache.uninsane.org"
"http://desko:5000"
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
# always trust our keys (so one can explicitly use a substituter even if it's not the default
nix.settings.trusted-public-keys = mkIf cfg.enable-trusted-keys [
"nixcache.uninsane.org:r3WILM6+QrkmsLgqVQcEdibFD7Q/4gyzD9dGT33GP70="

328
modules/packages.nix Normal file
View File

@@ -0,0 +1,328 @@
{ config, lib, pkgs, ... }:
with lib;
with pkgs;
let
cfg = config.sane.packages;
imagemagick = pkgs.imagemagick.override {
ghostscriptSupport = true;
};
consolePkgs = [
backblaze-b2
cdrtools
dmidecode
duplicity
efivar
flashrom
fwupd
ghostscript # TODO: imagemagick wrapper should add gs to PATH
gnupg
gocryptfs
gopass
gopass-jsonapi
ifuse
imagemagick
ipfs
libimobiledevice
libsecret # for managing user keyrings
lm_sensors # for sensors-detect
lshw
ffmpeg
memtester
networkmanager
nixpkgs-review
# nixos-generators
# nettools
nmon
oathToolkit # for oathtool
# ponymix
pulsemixer
python3
rsync
# python3Packages.eyeD3 # music tagging
sane-scripts
sequoia
snapper
sops
speedtest-cli
sqlite # to debug sqlite3 databases
ssh-to-age
sudo
# tageditor # music tagging
unar
visidata
w3m
wireguard-tools
# youtube-dl
yt-dlp
];
guiPkgs = [
# GUI only
aerc # email client
audacity
celluloid # mpv frontend
chromium
clinfo
{ pkg = dino; private = [ ".local/share/dino" ]; }
electrum
# creds/session keys, etc
{ pkg = element-desktop; private = [ ".config/Element" ]; }
# `emote` will show a first-run dialog based on what's in this directory.
# mostly, it just keeps a LRU of previously-used emotes to optimize display order.
# TODO: package [smile](https://github.com/mijorus/smile) for probably a better mobile experience.
{ pkg = emote; dir = [ ".local/share/Emote" ]; }
evince # works on phosh
# { pkg = fluffychat-moby; dir = [ ".local/share/chat.fluffy.fluffychat" ]; } # TODO: ship normal fluffychat on non-moby?
foliate
font-manager
# XXX by default fractal stores its state in ~/.local/share/<UUID>.
# after logging in, manually change ~/.local/share/keyrings/... to point it to some predictable subdir.
# then reboot (so that libsecret daemon re-loads the keyring...?)
# { pkg = fractal-latest; private = [ ".local/share/fractal" ]; }
# { pkg = fractal-next; private = [ ".local/share/fractal" ]; }
gajim # XMPP client
gimp # broken on phosh
gnome.cheese
gnome.dconf-editor
gnome-feeds # RSS reader (with claimed mobile support)
gnome.file-roller
gnome.gnome-disk-utility
gnome.gnome-maps # works on phosh
gnome.nautilus
# gnome-podcasts
gnome.gnome-system-monitor
gnome.gnome-terminal # works on phosh
gnome.gnome-weather
# XXX: we preserve the whole thing because if we only preserve gPodder/Downloads
# then startup is SLOW during feed import, and we might end up with zombie eps in the dl dir.
{ pkg = gpodder-configured; dir = [ "gPodder" ]; }
gthumb
handbrake
inkscape
kdenlive
kid3 # audio tagging
kitty
krita
libreoffice-fresh # XXX colin: maybe don't want this on mobile
lollypop
{ pkg = mpv; dir = [ ".config/mpv/watch_later" ]; }
networkmanagerapplet
# not strictly necessary, but allows caching articles; offline use, etc.
{ pkg = newsflash; dir = [ ".local/share/news-flash" ]; }
{ pkg = nheko; private = [
".config/nheko" # config file (including client token)
".cache/nheko" # media cache
".local/share/nheko" # per-account state database
]; }
# settings (electron app). TODO: can i manage these settings with home-manager?
{ pkg = obsidian; dir = [ ".config/obsidian" ]; }
pavucontrol
# picard # music tagging
playerctl
libsForQt5.plasmatube # Youtube player
soundconverter
# sublime music persists any downloaded albums here.
# it doesn't obey a conventional ~/Music/{Artist}/{Album}/{Track} notation, so no symlinking
# config (e.g. server connection details) is persisted in ~/.config/sublime-music/config.json
# possible to pass config as a CLI arg (sublime-music -c config.json)
# { pkg = sublime-music; dir = [ ".local/share/sublime-music" ]; }
{ pkg = sublime-music-mobile; dir = [ ".local/share/sublime-music" ]; }
{ pkg = tdesktop; private = [ ".local/share/TelegramDesktop" ]; } # broken on phosh
{ pkg = tokodon; private = [ ".cache/KDE/tokodon" ]; }
# vlc remembers play position in ~/.config/vlc/vlc-qt-interface.conf
{ pkg = vlc; dir = [ ".config/vlc" ]; }
# pleroma client (Electron). input is broken on phosh.
{ pkg = whalebird; private = [ ".config/Whalebird" ]; }
xdg-utils # for xdg-open
xterm # broken on phosh
]
++ (if pkgs.system == "x86_64-linux" then
[
# x86_64 only
# creds, but also 200 MB of node modules, etc
(let discord = (pkgs.discord.override {
# XXX 2022-07-31: fix to allow links to open in default web-browser:
# https://github.com/NixOS/nixpkgs/issues/78961
nss = pkgs.nss_latest;
}); in { pkg = discord; private = [ ".config/discord" ]; })
# kaiteki # Pleroma client
# gnome.zenity # for kaiteki (it will use qarma, kdialog, or zenity)
# gpt2tc # XXX: unreliable mirror
logseq
losslesscut-bin
makemkv
# actual monero blockchain (not wallet/etc; safe to delete, just slow to regenerate)
{ pkg = monero-gui; dir = [ ".bitmonero" ]; }
# creds, media
{ pkg = signal-desktop; private = [ ".config/Signal" ]; }
# creds. TODO: can i manage this with home-manager?
{ pkg = spotify; dir = [ ".config/spotify" ]; }
# hardenedMalloc solves a crash at startup
(tor-browser-bundle-bin.override { useHardenedMalloc = false; })
# zcash coins. safe to delete, just slow to regenerate (10-60 minutes)
{ pkg = zecwallet-lite; private = [ ".zcash" ]; }
] else []);
# general-purpose utilities that we want any user to be able to access
# (specifically: root, in case of rescue)
systemPkgs = [
btrfs-progs
cacert.unbundled # some services require unbundled /etc/ssl/certs
cryptsetup
dig
efibootmgr
fatresize
fd
file
gawk
git
gptfdisk
hdparm
htop
iftop
inetutils # for telnet
iotop
iptables
jq
killall
lsof
nano
netcat
nethogs
nmap
openssl
parted
pciutils
powertop
pstree
ripgrep
screen
smartmontools
socat
strace
tcpdump
tree
usbutils
wget
];
# useful devtools:
devPkgs = [
bison
dtc
flex
gcc
gdb
# gcc-arm-embedded
# gcc_multi
gnumake
mercurial
mix2nix
rustup
swig
];
pkgSpec = types.submodule {
options = {
pkg = mkOption {
type = types.package;
};
dir = mkOption {
type = types.listOf types.str;
default = [];
description = "list of home-relative paths to persist for this package";
};
private = mkOption {
type = types.listOf types.str;
default = [];
description = "list of home-relative paths to persist (in encrypted format) for this package";
};
};
};
toPkgSpec = types.coercedTo types.package (p: { pkg = p; }) pkgSpec;
in
{
options = {
# packages to deploy to the user's home
sane.packages.extraUserPkgs = mkOption {
default = [ ];
type = types.listOf toPkgSpec;
};
sane.packages.extraGuiPkgs = mkOption {
default = [ ];
type = types.listOf toPkgSpec;
description = "packages to only ship if gui's enabled";
};
sane.packages.enableConsolePkgs = mkOption {
default = false;
type = types.bool;
};
sane.packages.enableGuiPkgs = mkOption {
default = false;
type = types.bool;
};
sane.packages.enableDevPkgs = mkOption {
description = ''
enable packages that are useful for building other software by hand.
you should prefer to keep this disabled except when prototyping, e.g. packaging new software.
'';
default = false;
type = types.bool;
};
sane.packages.enableSystemPkgs = mkOption {
default = false;
type = types.bool;
description = "enable system-wide packages";
};
sane.packages.enabledUserPkgs = mkOption {
default = cfg.extraUserPkgs
++ (if cfg.enableConsolePkgs then consolePkgs else [])
++ (if cfg.enableGuiPkgs then guiPkgs ++ cfg.extraGuiPkgs else [])
++ (if cfg.enableDevPkgs then devPkgs else [])
;
type = types.listOf toPkgSpec;
description = "generated from other config options";
};
};
config = {
environment.systemPackages = mkIf cfg.enableSystemPkgs systemPkgs;
sane.persist.home.plaintext = concatLists (map (p: p.dir) cfg.enabledUserPkgs);
sane.persist.home.private = concatLists (map (p: p.private) cfg.enabledUserPkgs);
# XXX: this might not be necessary. try removing this and cacert.unbundled?
environment.etc."ssl/certs".source = mkIf cfg.enableSystemPkgs "${pkgs.cacert.unbundled}/etc/ssl/certs/*";
};
}

18
modules/persist/computed.nix Normal file
View File

@@ -0,0 +1,18 @@
{ config, lib, sane-lib, ... }:
let
path = sane-lib.path;
cfg = config.sane.persist;
withPrefix = relativeTo: entries: lib.mapAttrs' (fspath: value: {
name = path.concat [ relativeTo fspath ];
inherit value;
}) entries;
in
{
# merge the `byPath` mappings from both `home` and `sys` into one namespace
sane.persist.byPath = lib.mkMerge [
(withPrefix "/home/colin" cfg.home.byPath)
(withPrefix "/" cfg.sys.byPath)
];
}

18
modules/persist/default.nix
View File

@@ -124,9 +124,6 @@ let
# <option>.private.".cache/vim" = { mode = "0700"; };
# to place ".cache/vim" into the private store and create with the appropriate mode
dirsSubModule = types.submodule ({ config, ... }: {
# TODO: this should be a plain-old `attrsOf (convertInlineAcl entryInStoreOrShorthand)` with downstream checks,
# rather than being filled in based on *other* settings.
# otherwise, it behaves poorly when `sane.persist.enable = false`
options = lib.attrsets.unionOfDisjoint
(mapAttrs (store: store-cfg: mkOption {
default = [];
@@ -182,11 +179,23 @@ in
type = types.bool;
description = "define / fs root to be a tmpfs. make sure to mount some other device to /nix";
};
sane.persist.home = mkOption {
description = "directories to persist to disk, relative to a user's home ~";
default = {};
type = dirsSubModule;
};
sane.persist.sys = mkOption {
description = "directories to persist to disk, relative to the fs root /";
default = {};
type = dirsSubModule;
};
sane.persist.byPath = mkOption {
type = types.attrsOf (convertInlineAcl entryAtPath);
description = ''
map of <path> => <path config> for all paths to be persisted.
this is computed from the other options, but users can also set it explicitly (useful for overriding)
'';
};
sane.persist.stores = mkOption {
type = types.attrsOf storeType;
default = {};
@@ -197,6 +206,7 @@ in
};
imports = [
./computed.nix
./root-on-tmpfs.nix
./stores
];
@@ -237,7 +247,7 @@ in
);
}
];
configs = lib.mapAttrsToList cfgFor cfg.sys.byPath;
configs = lib.mapAttrsToList cfgFor cfg.byPath;
take = f: { sane.fs = f.sane.fs; };
in mkIf cfg.enable (
take (sane-lib.mkTypedMerge take configs)

38
modules/persist/stores/crypt.nix
View File

@@ -1,10 +1,14 @@
{ config, lib, pkgs, sane-lib, utils, ... }:
{ config, lib, pkgs, utils, ... }:
let
persist-base = config.sane.persist.stores."plaintext".origin;
device = config.sane.persist.stores."cryptClearOnBoot".origin;
key = "${device}.key";
underlying = sane-lib.path.concat [ persist-base "crypt/clearedonboot" ];
store = rec {
device = "/mnt/persist/crypt/clearedonboot";
underlying = {
path = "/nix/persist/crypt/clearedonboot";
# TODO: consider moving this to /tmp, but that requires tmp be mounted first?
key = "/mnt/persist/crypt/clearedonboot.key";
};
};
in
lib.mkIf config.sane.persist.enable
{
@@ -13,35 +17,35 @@ lib.mkIf config.sane.persist.enable
stored to disk, but encrypted to an in-memory key and cleared on every boot
so that it's unreadable after power-off
'';
origin = lib.mkDefault "/mnt/persist/crypt/clearedonboot";
origin = store.device;
};
fileSystems."${device}" = {
device = underlying;
fileSystems."${store.device}" = {
device = store.underlying.path;
fsType = "fuse.gocryptfs";
options = [
"nodev"
"nosuid"
"allow_other"
"passfile=${key}"
"passfile=${store.underlying.key}"
"defaults"
];
noCheck = true;
};
# let sane.fs know about our fileSystem and automatically add the appropriate dependencies
sane.fs."${device}".mount = {
sane.fs."${store.device}".mount = {
# technically the dependency on the keyfile is extraneous because that *happens* to
# be needed to init the store.
depends = let
cryptfile = config.sane.fs."${underlying}/gocryptfs.conf";
keyfile = config.sane.fs."${key}";
cryptfile = config.sane.fs."${store.underlying.path}/gocryptfs.conf";
keyfile = config.sane.fs."${store.underlying.key}";
in [ keyfile.unit cryptfile.unit ];
};
# let sane.fs know how to initialize the gocryptfs store,
# and that it MUST do so
sane.fs."${underlying}/gocryptfs.conf".generated = {
sane.fs."${store.underlying.path}/gocryptfs.conf".generated = {
script.script = ''
backing="$1"
passfile="$2"
@@ -50,17 +54,17 @@ lib.mkIf config.sane.persist.enable
rm -rf "''${backing:?}"/*
${pkgs.gocryptfs}/bin/gocryptfs -quiet -passfile "$passfile" -init "$backing"
'';
script.scriptArgs = [ underlying key ];
script.scriptArgs = [ store.underlying.path store.underlying.key ];
# we need the key in order to initialize the store
depends = [ config.sane.fs."${key}".unit ];
depends = [ config.sane.fs."${store.underlying.key}".unit ];
};
# let sane.fs know how to generate the key for gocryptfs
sane.fs."${key}".generated = {
sane.fs."${store.underlying.key}".generated = {
script.script = ''
dd if=/dev/random bs=128 count=1 | base64 --wrap=0 > "$1"
'';
script.scriptArgs = [ key ];
script.scriptArgs = [ store.underlying.key ];
# no need for anyone else to be able to read the key
acl.mode = "0400";
};

2
modules/persist/stores/plaintext.nix
View File

@@ -3,7 +3,7 @@
let
cfg = config.sane.persist;
in lib.mkIf cfg.enable {
sane.persist.stores."plaintext" = lib.mkDefault {
sane.persist.stores."plaintext" = {
origin = "/nix/persist";
};
# TODO: needed?

32
modules/persist/stores/private.nix
View File

@@ -1,23 +1,21 @@
{ config, lib, pkgs, sane-lib, utils, ... }:
{ config, lib, pkgs, utils, ... }:
let
persist-base = config.sane.persist.stores."plaintext".origin;
private-dir = config.sane.persist.stores."private".origin;
private-backing-dir = sane-lib.path.concat [ persist-base private-dir ];
in
lib.mkIf config.sane.persist.enable
{
sane.persist.stores."private" = {
storeDescription = ''
encrypted store which persists across boots.
typical use case is for the user to encrypt this store using their login password so that it
can be auto-unlocked at login.
encrypted to the user's password and auto-unlocked at login
'';
origin = lib.mkDefault "/mnt/private";
origin = "/home/colin/private";
# files stored under here *must* have the /home/colin prefix.
# internally, this prefix is removed so that e.g.
# /home/colin/foo/bar when stored in `private` is visible at
# /home/colin/private/foo/bar
prefix = "/home/colin";
defaultOrdering = let
private-unit = config.sane.fs."${private-dir}".unit;
private-unit = config.sane.fs."/home/colin/private".unit;
in {
# auto create only after the store is mounted
# auto create only after ~/private is mounted
wantedBy = [ private-unit ];
# we can't create things in private before local-fs.target
wantedBeforeBy = [ ];
@@ -25,13 +23,13 @@ lib.mkIf config.sane.persist.enable
defaultMethod = "symlink";
};
fileSystems."${private-dir}" = {
device = private-backing-dir;
fileSystems."/home/colin/private" = {
device = "/nix/persist/home/colin/private";
fsType = "fuse.gocryptfs";
options = [
"noauto" # don't try to mount, until the user logs in!
"nofail"
"allow_other" # root ends up being the user that mounts this, so need to make it visible to other users.
"allow_other" # root ends up being the user that mounts this, so need to make it visible to `colin`.
"nodev"
"nosuid"
"quiet"
@@ -41,9 +39,9 @@ lib.mkIf config.sane.persist.enable
};
# let sane.fs know about the mount
sane.fs."${private-dir}".mount = {};
sane.fs."/home/colin/private".mount = {};
# it also needs to know that the underlying device is an ordinary folder
sane.fs."${private-backing-dir}".dir = {};
sane.fs."/nix/persist/home/colin/private".dir = {};
# TODO: could add this *specifically* to the .mount file for the encrypted fs?
system.fsPackages = [ pkgs.gocryptfs ]; # fuse needs to find gocryptfs

133
modules/programs.nix
View File

@@ -1,133 +0,0 @@
{ config, lib, pkgs, sane-lib, ... }:
let
inherit (builtins) any elem map;
inherit (lib)
filterAttrs
hasAttrByPath
getAttrFromPath
mapAttrs
mapAttrsToList
mkDefault
mkIf
mkMerge
mkOption
optional
optionalAttrs
splitString
types
;
inherit (sane-lib) joinAttrsets;
cfg = config.sane.programs;
pkgSpec = types.submodule ({ name, ... }: {
options = {
package = mkOption {
type = types.nullOr types.package;
description = ''
package, or `null` if the program is some sort of meta set (in which case it much EXPLICITLY be set null).
'';
default =
let
pkgPath = splitString "." name;
in
# package can be inferred by the attr name, allowing shorthand like
# `sane.programs.nano.enable = true;`
# this indexing will throw if the package doesn't exist and the user forgets to specify
# a valid source explicitly.
getAttrFromPath pkgPath pkgs;
};
enableFor.system = mkOption {
type = types.bool;
default = any (en: en) (
mapAttrsToList
(otherName: otherPkg:
otherName != name && elem name otherPkg.suggestedPrograms && otherPkg.enableSuggested && otherPkg.enableFor.system
)
cfg
);
description = ''
place this program on the system PATH
'';
};
enableFor.user = mkOption {
type = types.attrsOf types.bool;
default = joinAttrsets (mapAttrsToList (otherName: otherPkg:
optionalAttrs
(otherName != name && elem name otherPkg.suggestedPrograms && otherPkg.enableSuggested)
(filterAttrs (user: en: en) otherPkg.enableFor.user)
) cfg);
description = ''
place this program on the PATH for some specified user(s).
'';
};
suggestedPrograms = mkOption {
type = types.listOf types.str;
default = [];
description = ''
list of other programs a user may want to enable alongside this one.
for example, the gnome desktop environment would suggest things like its settings app.
'';
};
enableSuggested = mkOption {
type = types.bool;
default = true;
};
dir = mkOption {
type = types.listOf types.str;
default = [];
description = "list of home-relative paths to persist for this package";
};
private = mkOption {
type = types.listOf types.str;
default = [];
description = "list of home-relative paths to persist (in encrypted format) for this package";
};
};
});
toPkgSpec = types.coercedTo types.package (p: { package = p; }) pkgSpec;
configs = mapAttrsToList (name: p: {
assertions = map (sug: {
assertion = cfg ? "${sug}";
message = ''program "${sug}" referenced by "${name}", but not defined'';
}) p.suggestedPrograms;
# conditionally add to system PATH
environment.systemPackages = optional
(p.package != null && p.enableFor.system)
p.package;
# conditionally add to user(s) PATH
users.users = mapAttrs (user: en: {
packages = optional (p.package != null && en) p.package;
}) p.enableFor.user;
# conditionally persist relevant user dirs
sane.users = mapAttrs (user: en: optionalAttrs en {
persist.plaintext = p.dir;
persist.private = p.private;
}) p.enableFor.user;
}) cfg;
in
{
options = {
sane.programs = mkOption {
type = types.attrsOf toPkgSpec;
default = {};
};
};
config =
let
take = f: {
assertions = f.assertions;
environment.systemPackages = f.environment.systemPackages;
users.users = f.users.users;
sane.users = f.sane.users;
};
in mkMerge [
(take (sane-lib.mkTypedMerge take configs))
{
# expose the pkgs -- as available to the system -- as a build target.
system.build.pkgs = pkgs;
}
];
}

1
modules/services/default.nix
View File

@@ -1,6 +1,7 @@
{ ... }:
{
imports = [
./duplicity.nix
./dyn-dns.nix
./kiwix-serve.nix
./mautrix-signal.nix

0
hosts/modules/services/duplicity.nix → modules/services/duplicity.nix
View File

7
modules/services/dyn-dns.nix
View File

@@ -3,11 +3,6 @@
with lib;
let
cfg = config.sane.services.dyn-dns;
getIp = pkgs.writeShellScript "dyn-dns-query-wan" ''
# preferred method and fallback
${pkgs.sane-scripts}/bin/sane-ip-check-router-wan || \
${pkgs.sane-scripts}/bin/sane-ip-check
'';
in
{
options = {
@@ -24,7 +19,7 @@ in
};
ipCmd = mkOption {
default = "${getIp}";
default = "${pkgs.sane-scripts}/bin/sane-ip-check-router-wan";
type = types.path;
description = "command to run to query the current WAN IP";
};

15
modules/services/trust-dns.nix
View File

@@ -7,20 +7,7 @@ with lib;
let
cfg = config.sane.services.trust-dns;
toml = pkgs.formats.toml { };
recordFormatters = {
# quote rules for zone files:
# - any character may be encoded by `\DDD`, where `DDD` represents its ascii value in base 8.
# - any non-digit `X` may be encoded by `\X`.
# - stated in: <https://www.ietf.org/rfc/rfc1035.txt>: 5.1 Format
# - visible in <trust-dns:crates/proto/src/serialize/txt/zone_lex.rs:escape_seq>
# for us, we can just replace `\` => `\\ and `"` -> `\"`
TXT = value: "\"" + (lib.escape [ "\\" "\"" ] value) + "\"";
};
fmtRecord = proto: rrtype: name: value:
let
formatter = recordFormatters."${rrtype}" or lib.id;
in
"${name}\t${proto}\t${rrtype}\t${formatter value}";
fmtRecord = proto: rrtype: name: value: "${name}\t${proto}\t${rrtype}\t${value}";
fmtRecordList = proto: rrtype: name: values: concatStringsSep
"\n"
(map (fmtRecord proto rrtype name) values)

110
modules/users.nix
View File

@@ -1,110 +0,0 @@
{ config, lib, options, sane-lib, ... }:
let
inherit (builtins) attrValues;
inherit (lib) count mapAttrs' mapAttrsToList mkIf mkMerge mkOption types;
sane-user-cfg = config.sane.user;
cfg = config.sane.users;
path-lib = sane-lib.path;
userOptions = {
options = {
fs = mkOption {
type = types.attrs;
default = {};
description = ''
entries to pass onto `sane.fs` after prepending the user's home-dir to the path.
e.g. `sane.users.colin.fs."/.config/aerc" = X`
=> `sane.fs."/home/colin/.config/aerc" = X;
'';
};
persist = mkOption {
type = options.sane.persist.sys.type;
default = {};
description = ''
entries to pass onto `sane.persist.sys` after prepending the user's home-dir to the path.
'';
};
};
};
userModule = types.submodule ({ name, config, ... }: {
options = userOptions.options // {
default = mkOption {
type = types.bool;
default = false;
description = ''
only one default user may exist.
this option determines what the `sane.user` shorthand evaluates to.
'';
};
home = mkOption {
type = types.str;
# XXX: we'd prefer to set this to `config.users.users.home`, but that causes infinite recursion...
# TODO: maybe assert that this matches the actual home?
default = "/home/${name}";
};
};
# if we're the default user, inherit whatever settings were routed to the default user
config = mkIf config.default sane-user-cfg;
});
processUser = user: defn:
let
prefixWithHome = mapAttrs' (path: value: {
name = path-lib.concat [ defn.home path ];
inherit value;
});
in
{
sane.fs = prefixWithHome defn.fs;
# `byPath` is the actual output here, computed from the other keys.
sane.persist.sys.byPath = prefixWithHome defn.persist.byPath;
};
in
{
options = {
sane.users = mkOption {
type = types.attrsOf userModule;
default = {};
description = ''
options to apply to the given user.
the user is expected to be created externally.
configs applied at this level are simply transformed and then merged
into the toplevel `sane` options. it's merely a shorthand.
'';
};
sane.user = mkOption {
type = types.nullOr (types.submodule userOptions);
default = null;
description = ''
options to pass down to the default user
'';
};
};
config =
let
configs = mapAttrsToList processUser cfg;
num-default-users = count (u: u.default) (attrValues cfg);
take = f: {
sane.fs = f.sane.fs;
sane.persist.sys.byPath = f.sane.persist.sys.byPath;
};
in mkMerge [
(take (sane-lib.mkTypedMerge take configs))
{
assertions = [
{
assertion = sane-user-cfg == null || num-default-users != 0;
message = "cannot set `sane.user` without first setting `sane.users.<user>.default = true` for some user";
}
{
assertion = num-default-users <= 1;
message = "cannot set more than one default user";
}
];
}
];
}

78
nixpatches/2023-01-25-signald-update.patch Normal file
View File

@@ -0,0 +1,78 @@
diff --git a/pkgs/applications/networking/instant-messengers/signald/0001-Fetch-buildconfig-during-gradle-build-inside-Nix-FOD.patch b/pkgs/applications/networking/instant-messengers/signald/0001-Fetch-buildconfig-during-gradle-build-inside-Nix-FOD.patch
index 1d9ca8d838d..d2cf9dd4315 100644
--- a/pkgs/applications/networking/instant-messengers/signald/0001-Fetch-buildconfig-during-gradle-build-inside-Nix-FOD.patch
+++ b/pkgs/applications/networking/instant-messengers/signald/0001-Fetch-buildconfig-during-gradle-build-inside-Nix-FOD.patch
@@ -11,25 +11,15 @@ diff --git a/build.gradle b/build.gradle
index 799e782..caceaac 100644
--- a/build.gradle
+++ b/build.gradle
-@@ -83,6 +83,9 @@ static String getVersion() {
-
- repositories {
- maven {url "https://gitlab.com/api/v4/groups/6853927/-/packages/maven"} // https://gitlab.com/groups/signald/-/packages
-+ maven {
-+ url "https://plugins.gradle.org/m2/"
-+ }
- mavenCentral()
- }
-
-@@ -104,6 +107,8 @@ dependencies {
- implementation 'io.prometheus:simpleclient_httpserver:0.16.0'
- implementation 'com.squareup.okhttp3:logging-interceptor:4.9.3'
- implementation 'io.sentry:sentry:6.4.0'
-+ implementation 'com.github.gmazzo.buildconfig:com.github.gmazzo.buildconfig.gradle.plugin:3.1.0'
-+ implementation 'org.jetbrains.kotlin:kotlin-scripting-jvm:1.7.10'
- testImplementation 'org.junit.jupiter:junit-jupiter:5.8.2'
+@@ -87,7 +86,7 @@ repositories {
}
+ dependencies {
+- implementation 'org.signald:signal-service-java-' + getTarget() + ':2.15.3_unofficial_50_signald_1'
++ implementation 'org.signald:signal-service-java-' + getTarget() + ':2.15.3_unofficial_50_signald_2'
+ implementation 'org.bouncycastle:bcprov-jdk15on:1.70'
+ implementation 'com.kohlschutter.junixsocket:junixsocket-common:2.6.1'
+ implementation 'com.kohlschutter.junixsocket:junixsocket-native-common:2.6.1'
@@ -171,4 +176,4 @@ allprojects {
runtime {
options = ['--strip-java-debug-attributes', '--compress', '2', '--no-header-files', '--no-man-pages']
diff --git a/pkgs/applications/networking/instant-messengers/signald/0002-buildconfig-local-deps-fixes.patch b/pkgs/applications/networking/instant-messengers/signald/0002-buildconfig-local-deps-fixes.patch
index 96a7d6d2ef3..2f0f6e73159 100644
--- a/pkgs/applications/networking/instant-messengers/signald/0002-buildconfig-local-deps-fixes.patch
+++ b/pkgs/applications/networking/instant-messengers/signald/0002-buildconfig-local-deps-fixes.patch
@@ -47,15 +47,15 @@ index 799e782..6ecef3e 100644
}
dependencies {
-@@ -104,6 +117,8 @@ dependencies {
- implementation 'io.prometheus:simpleclient_httpserver:0.16.0'
- implementation 'com.squareup.okhttp3:logging-interceptor:4.9.3'
- implementation 'io.sentry:sentry:6.4.0'
-+ implementation 'com.github.gmazzo.buildconfig:com.github.gmazzo.buildconfig.gradle.plugin:3.1.0'
-+ implementation 'org.jetbrains.kotlin:kotlin-scripting-jvm:1.7.10'
- testImplementation 'org.junit.jupiter:junit-jupiter:5.8.2'
+@@ -87,7 +86,7 @@ repositories {
}
+ dependencies {
+- implementation 'org.signald:signal-service-java-' + getTarget() + ':2.15.3_unofficial_50_signald_1'
++ implementation 'org.signald:signal-service-java-' + getTarget() + ':2.15.3_unofficial_50_signald_2'
+ implementation 'org.bouncycastle:bcprov-jdk15on:1.70'
+ implementation 'com.kohlschutter.junixsocket:junixsocket-common:2.6.1'
+ implementation 'com.kohlschutter.junixsocket:junixsocket-native-common:2.6.1'
@@ -167,8 +182,3 @@ allprojects {
}
}
diff --git a/pkgs/applications/networking/instant-messengers/signald/default.nix b/pkgs/applications/networking/instant-messengers/signald/default.nix
index a9e023cdf63..8847707e137 100644
--- a/pkgs/applications/networking/instant-messengers/signald/default.nix
+++ b/pkgs/applications/networking/instant-messengers/signald/default.nix
@@ -54,8 +54,8 @@ let
outputHashMode = "recursive";
# Downloaded jars differ by platform
outputHash = {
- x86_64-linux = "sha256-ANiNDdTuCuDEH5zUPsrVF6Uegdq3zVsMv+uMtYRX0jE=";
- aarch64-linux = "sha256-V9zn4v/ZeLELAwFJ5y7OVAeJwZp4DmHm4KWxE6KpwGs=";
+ x86_64-linux = "sha256-B2T8bM8xdob5507oS1CVO+sszEg9VWL8QKUEanIlXvk=";
+ aarch64-linux = "sha256-I314eLUQP8HPbwc+10ZDKzcn9WsqLGuBtfoiCEYZRck=";
}.${stdenv.system} or (throw "Unsupported platform");
};

22
nixpatches/2023-01-30-mesa-cma-leak.patch
View File

@@ -1,22 +0,0 @@
diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix
index 56fa74e5c0c..3573bb0af49 100644
--- a/pkgs/development/libraries/mesa/default.nix
+++ b/pkgs/development/libraries/mesa/default.nix
@@ -88,7 +88,7 @@
let
# Release calendar: https://www.mesa3d.org/release-calendar.html
# Release frequency: https://www.mesa3d.org/releasing.html#schedule
- version = "22.3.4";
+ version = "22.3.2";
branch = lib.versions.major version;
withLibdrm = lib.meta.availableOn stdenv.hostPlatform libdrm;
@@ -120,7 +120,7 @@ self = stdenv.mkDerivation {
"ftp://ftp.freedesktop.org/pub/mesa/${version}/mesa-${version}.tar.xz"
"ftp://ftp.freedesktop.org/pub/mesa/older-versions/${branch}.x/${version}/mesa-${version}.tar.xz"
];
- sha256 = "37a1ddaf03f41919ee3c89c97cff41e87de96e00e9d3247959cc8279d8294593";
+ sha256 = "c15df758a8795f53e57f2a228eb4593c22b16dffd9b38f83901f76cd9533140b";
};
# TODO:

23
nixpatches/2023-02-28-mesa-22.3.6.patch
View File

@@ -1,23 +0,0 @@
diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix
index 52633a6d21649..20d839b74c2ea 100644
--- a/pkgs/development/libraries/mesa/default.nix
+++ b/pkgs/development/libraries/mesa/default.nix
@@ -88,7 +88,7 @@
let
# Release calendar: https://www.mesa3d.org/release-calendar.html
# Release frequency: https://www.mesa3d.org/releasing.html#schedule
- version = "22.3.5";
+ version = "22.3.6";
branch = lib.versions.major version;
withLibdrm = lib.meta.availableOn stdenv.hostPlatform libdrm;
@@ -120,7 +120,7 @@ self = stdenv.mkDerivation {
"ftp://ftp.freedesktop.org/pub/mesa/${version}/mesa-${version}.tar.xz"
"ftp://ftp.freedesktop.org/pub/mesa/older-versions/${branch}.x/${version}/mesa-${version}.tar.xz"
];
- sha256 = "3eed2ecae2bc674494566faab9fcc9beb21cd804c7ba2b59a1694f3d7236e6a9";
+ hash = "sha256-TsjsZdvbHulETbpylwiQEooZVDpYzwWTG9b1TxJOEX8=";
};
# TODO:

34
nixpatches/2023-03-03-qtbase-cross-compile.patch
View File

@@ -1,34 +0,0 @@
diff --git a/pkgs/development/libraries/qt-6/modules/qtbase.nix b/pkgs/development/libraries/qt-6/modules/qtbase.nix
index e71b0a7613d..72779ac57a5 100644
--- a/pkgs/development/libraries/qt-6/modules/qtbase.nix
+++ b/pkgs/development/libraries/qt-6/modules/qtbase.nix
@@ -5,6 +5,7 @@
, version
, coreutils
, bison
+, buildPackages
, flex
, gdb
, gperf
@@ -224,6 +225,8 @@ stdenv.mkDerivation rec {
] ++ lib.optionals stdenv.isDarwin [
# error: 'path' is unavailable: introduced in macOS 10.15
"-DQT_FEATURE_cxx17_filesystem=OFF"
+ ] ++ lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [
+ "-DQT_HOST_PATH=${buildPackages.qt6.full}"
];
NIX_LDFLAGS = toString (lib.optionals stdenv.isDarwin [
diff --git a/pkgs/development/libraries/qt-6/qtModule.nix b/pkgs/development/libraries/qt-6/qtModule.nix
index 28180d3b0ca..f14c73b10ee 100644
--- a/pkgs/development/libraries/qt-6/qtModule.nix
+++ b/pkgs/development/libraries/qt-6/qtModule.nix
@@ -61,7 +61,7 @@ stdenv.mkDerivation (args // {
if [[ -z "$dontSyncQt" && -f sync.profile ]]; then
# FIXME: this probably breaks crosscompiling as it's not from nativeBuildInputs
# I don't know how to get /libexec from nativeBuildInputs to work, it's not under /bin
- ${lib.getDev self.qtbase}/libexec/syncqt.pl -version "''${version%%-*}"
+ perl ${lib.getDev self.qtbase}/libexec/syncqt.pl -version "''${version%%-*}"
fi
'';

65
nixpatches/2023-03-04-ccache-cross-fix.patch
View File

@@ -1,65 +0,0 @@
diff --git a/pkgs/development/tools/misc/ccache/default.nix b/pkgs/development/tools/misc/ccache/default.nix
index cad25a942d6..9130097ab07 100644
--- a/pkgs/development/tools/misc/ccache/default.nix
+++ b/pkgs/development/tools/misc/ccache/default.nix
@@ -2,7 +2,7 @@
, stdenv
, fetchFromGitHub
, substituteAll
-, binutils
+, buildPackages
, asciidoctor
, cmake
, perl
@@ -33,7 +33,7 @@ let ccache = stdenv.mkDerivation rec {
# Darwin.
(substituteAll {
src = ./force-objdump-on-darwin.patch;
- objdump = "${binutils.bintools}/bin/objdump";
+ objdump = "${buildPackages.binutils.bintools}/bin/objdump";
})
];
@@ -71,11 +71,12 @@ let ccache = stdenv.mkDerivation rec {
passthru = {
# A derivation that provides gcc and g++ commands, but that
# will end up calling ccache for the given cacheDir
- links = {unwrappedCC, extraConfig}: stdenv.mkDerivation {
+ links = {unwrappedCC, extraConfig, targetPrefix ? ""}: stdenv.mkDerivation {
name = "ccache-links";
passthru = {
isClang = unwrappedCC.isClang or false;
isGNU = unwrappedCC.isGNU or false;
+ cc = unwrappedCC;
};
inherit (unwrappedCC) lib;
nativeBuildInputs = [ makeWrapper ];
@@ -83,7 +84,7 @@ let ccache = stdenv.mkDerivation rec {
mkdir -p $out/bin
wrap() {
- local cname="$1"
+ local cname="${targetPrefix}$1"
if [ -x "${unwrappedCC}/bin/$cname" ]; then
makeWrapper ${ccache}/bin/ccache $out/bin/$cname \
--run ${lib.escapeShellArg extraConfig} \
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index cb6fd2f0c4d..da4aadff3cb 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -17383,10 +17383,12 @@ with pkgs;
# should be owned by user root, group nixbld with permissions 0770.
ccacheWrapper = makeOverridable ({ extraConfig, cc }:
cc.override {
- cc = ccache.links {
+ cc = ccache.links ({
inherit extraConfig;
unwrappedCC = cc.cc;
- };
+ } // lib.optionalAttrs (cc ? targetPrefix) {
+ inherit (cc) targetPrefix;
+ });
}) {
extraConfig = "";
inherit (stdenv) cc;

178
nixpatches/2023-03-10-hase.patch
View File

@@ -1,178 +0,0 @@
diff --git a/pkgs/development/libraries/sparrow3d/default.nix b/pkgs/development/libraries/sparrow3d/default.nix
new file mode 100644
index 00000000000..331a02efc5f
--- /dev/null
+++ b/pkgs/development/libraries/sparrow3d/default.nix
@@ -0,0 +1,53 @@
+{ lib
+, fetchFromGitHub
+, pkg-config
+, SDL
+, SDL_image
+, SDL_mixer
+, SDL_net
+, SDL_ttf
+, stdenv
+}:
+
+stdenv.mkDerivation (finalAttrs: {
+ pname = "sparrow3d";
+ version = "2020-10-06";
+
+ src = fetchFromGitHub {
+ owner = "theZiz";
+ repo = "sparrow3d";
+ rev = "2033349d7adeba34bda2c442e1fec22377471134";
+ hash = "sha256-28j5nbTYBrMN8BQ6XrTlO1D8Viw+RiT3MAl99BAbhR4=";
+ };
+
+ nativeBuildInputs = [
+ pkg-config
+ ];
+
+ propagatedBuildInputs = [
+ SDL.dev
+ SDL_image
+ SDL_ttf
+ SDL_mixer
+ SDL_net
+ ];
+
+ postConfigure = ''
+ NIX_CFLAGS_COMPILE=$(pkg-config --cflags SDL_image SDL_ttf SDL_mixer SDL_net)
+ '';
+
+ installPhase = ''
+ mkdir -p $out/{include,lib/pkgconfig}
+ cp sparrow*.h $out/include
+ cp libsparrow{3d,Net,Sound}.so $out/lib
+ substituteAll ${./sparrow3d.pc.in} $out/lib/pkgconfig/sparrow3d.pc
+ '';
+
+ meta = with lib; {
+ description = "a software renderer for different open handhelds like the gp2x, wiz, caanoo and pandora";
+ homepage = "https://github.com/theZiz/sparrow3d";
+ license = licenses.lgpl21;
+ maintainers = with maintainers; [ colinsane ];
+ platforms = [ "x86_64-linux" ];
+ };
+})
diff --git a/pkgs/development/libraries/sparrow3d/sparrow3d.pc.in b/pkgs/development/libraries/sparrow3d/sparrow3d.pc.in
new file mode 100644
index 00000000000..046e174ea97
--- /dev/null
+++ b/pkgs/development/libraries/sparrow3d/sparrow3d.pc.in
@@ -0,0 +1,17 @@
+prefix=@out@
+includedir=${prefix}/include
+libdir=${prefix}/lib
+
+Name: sparrow3d
+Description: a software renderer for different open handhelds like the gp2x, wiz, caanoo and pandora
+URL: https://github.com/theZiz/sparrow3d
+Version: @version@
+Requires: \
+ sdl \
+ SDL_image \
+ SDL_ttf \
+ SDL_mixer \
+ SDL_net
+Cflags: -isystem${includedir}
+Libs: -L${libdir} -lsparrow3d -lsparrowNet -lsparrowSound
+
diff --git a/pkgs/games/hase/default.nix b/pkgs/games/hase/default.nix
new file mode 100644
index 00000000000..794b6d017ae
--- /dev/null
+++ b/pkgs/games/hase/default.nix
@@ -0,0 +1,49 @@
+{ lib
+, fetchFromGitHub
+, pkg-config
+, stdenv
+, sparrow3d
+, zlib
+}:
+
+stdenv.mkDerivation {
+ pname = "hase";
+ version = "2020-10-06";
+
+ src = fetchFromGitHub {
+ owner = "theZiz";
+ repo = "hase";
+ rev = "31d6840cdf0c72fc459f10402dae7726096b2974";
+ hash = "sha256-d9So3E8nCQJ1/BdlwMkGbaFPT9mkX1VzlDGKp71ptEE=";
+ };
+ patches = [ ./prefer-dynamic.patch ];
+
+ nativeBuildInputs = [
+ pkg-config
+ ];
+
+ buildInputs = [
+ sparrow3d
+ zlib
+ ];
+
+ buildPhase = ''
+ NIX_CFLAGS_COMPILE=$(pkg-config --cflags sparrow3d zlib)
+ mkdir -p $out/{bin,share/applications,share/pixmaps}
+ # build and install are one step, and inseparable without patching
+ ./install.sh $out
+ '';
+
+ postFixup = ''
+ substituteInPlace "$out/share/applications/hase.desktop" \
+ --replace "Exec=hase" "Exec=$out/bin/hase"
+ '';
+
+ meta = with lib; {
+ description = "Hase is an open source gravity based artillery shooter. It is similar to Worms, Hedgewars or artillery, but the gravity force and direction depends on the mass nearby. It is optimized for mobile game consoles like the GP2X, Open Pandora or GCW Zero";
+ homepage = "http://ziz.gp2x.de/hase/";
+ license = licenses.gpl3;
+ maintainers = with maintainers; [ colinsane ];
+ platforms = [ "x86_64-linux" ];
+ };
+}
diff --git a/pkgs/games/hase/prefer-dynamic.patch b/pkgs/games/hase/prefer-dynamic.patch
new file mode 100644
index 00000000000..ab36e6b2b3d
--- /dev/null
+++ b/pkgs/games/hase/prefer-dynamic.patch
@@ -0,0 +1,13 @@
+diff --git a/Makefile b/Makefile
+index 95d894e..3c561c1 100644
+--- a/Makefile
++++ b/Makefile
+@@ -35,7 +35,7 @@ endif
+ LIB += -L$(SPARROW_LIB)
+ INCLUDE += -I$(SPARROW_FOLDER)
+
+-HASE_STATIC = $(SPARROW_LIB)/$(SPARROW3D_STATIC_LIB) $(SPARROW_LIB)/$(SPARROWSOUND_STATIC_LIB) $(SPARROW_LIB)/$(SPARROWNET_STATIC_LIB) $(STATIC)
++DYNAMIC += -lsparrow3d -lsparrowSound -lsparrowNet
+
+ ifneq ($(TARGET),win32)
+ DYNAMIC += -lz
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 521b00eb5f5..31052251314 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -23550,6 +23550,8 @@ with pkgs;
spaceship-prompt = callPackage ../shells/zsh/spaceship-prompt {};
+ sparrow3d = callPackage ../development/libraries/sparrow3d {};
+
spdk = callPackage ../development/libraries/spdk { };
speechd = callPackage ../development/libraries/speechd { };
@@ -35570,6 +35572,8 @@ with pkgs;
harmonist = callPackage ../games/harmonist { };
+ hase = callPackage ../games/hase { };
+
hedgewars = libsForQt5.callPackage ../games/hedgewars {
inherit (haskellPackages) ghcWithPackages;
};

Some files were not shown because too many files have changed in this diff Show More