From a98b53de9991167471e840ae3c18798c8d9fc1b7 Mon Sep 17 00:00:00 2001 From: andromeda Date: Fri, 1 May 2026 13:37:31 +0200 Subject: new conf --- nix/configuration.nix | 245 ++++++++++++++++++++++++ nix/home.nix | 220 ++++++++++++++++++++++ nix/home/sway_config | 79 ++++++++ nix/npins/default.nix | 249 +++++++++++++++++++++++++ nix/npins/sources.json | 131 +++++++++++++ nix/patches/change-default-search-engine.patch | 22 +++ nix/pub-keys.nix | 10 + nix/secrets.nix | 10 + nix/secrets/andromeda-pw.age | 7 + nix/secrets/secrets.nix | 9 + 10 files changed, 982 insertions(+) create mode 100644 nix/configuration.nix create mode 100644 nix/home.nix create mode 100644 nix/home/sway_config create mode 100644 nix/npins/default.nix create mode 100644 nix/npins/sources.json create mode 100644 nix/patches/change-default-search-engine.patch create mode 100644 nix/pub-keys.nix create mode 100644 nix/secrets.nix create mode 100644 nix/secrets/andromeda-pw.age create mode 100644 nix/secrets/secrets.nix (limited to 'nix') diff --git a/nix/configuration.nix b/nix/configuration.nix new file mode 100644 index 0000000..ec160fc --- /dev/null +++ b/nix/configuration.nix @@ -0,0 +1,245 @@ +{config, ...}: let + sources = import ./npins; + pkgs = import sources.nixpkgs {}; +in { + boot = { + initrd = { + availableKernelModules = ["xhci_pci" "nvme" "sdhci_pci"]; + systemd = { + services.impermanent-btrfs = { + description = "saves old root and makes new one"; + unitConfig.DefaultDependencies = false; + serviceConfig = { + Type = "oneshot"; + StandardOutput = "journal+console"; + StandardError = "journal+console"; + }; + requiredBy = [ + "initrd.target" + ]; + before = [ + "sysroot.mount" + ]; + requires = [ + "initrd-root-device.target" + ]; + after = [ + "initrd-root-device.target" + "local-fs-pre.target" + ]; + script = '' + mkdir /btrfs_tmp + mount ${config.fileSystems."/".device} /btrfs_tmp + if [[ -e /btrfs_tmp/root ]]; then + mkdir -p /btrfs_tmp/old_roots + timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:$M:%S") + mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" + fi + + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } + + for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do + delete_subvolume_recursively "$i" + done + + btrfs subvolume create /btrfs_tmp/root + mkdir /btrfs_tmp/root/persist + mkdir /btrfs_tmp/root/etc + mount ${config.fileSystems."/persist".device} /btrfs_tmp/root/persist -o subvol=persist + cp /btrfs_tmp/root/persist/etc/ssh /btrfs_tmp/root/etc/ssh -r + umount /btrfs_tmp/root/persist + rm -r /btrfs_tmp/root/persist + umount /btrfs_tmp + ''; + }; + extraBin = { + "mkdir" = "${pkgs.coreutils}/bin/mkdir"; + "date" = "${pkgs.coreutils}/bin/date"; + "stat" = "${pkgs.coreutils}/bin/stat"; + "mv" = "${pkgs.coreutils}/bin/mv"; + "cp" = "${pkgs.coreutils}/bin/cp"; + "rm" = "${pkgs.coreutils}/bin/rm"; + "btrfs" = "${pkgs.btrfs-progs}/bin/btrfs"; + }; + }; + }; + kernelPackages = pkgs.linuxPackages_latest; + kernelModules = ["kvm-intel"]; + loader = { + efi.canTouchEfiVariables = true; + grub = { + device = "nodev"; + efiSupport = true; + enable = true; + extraEntries = '' + menuentry "Guix" { + search --set=drive1 --fs-uuid F425-55BA + chainloader ($drive1)//EFI/Guix/grubx64.efi + } + ''; + }; + }; + tmp.cleanOnBoot = true; + }; + documentation = { + dev.enable = true; + nixos.includeAllModules = true; + }; + environment.persistence."/persist" = { + directories = [ + "/etc/ly/custom-sessions" + "/etc/NetworkManager/system-connections" + "/etc/ssh" + "/gnu" + "/var/guix" + "/var/log" + "/var/lib/bluetooth" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + ]; + enable = true; + files = [ + "/etc/ly/save.txt" + "/etc/machine-id" + ]; + hideMounts = true; + users.andromeda = { + directories = [ + ".backups" + ".cache/guix" + ".config/guix" + ".gnupg" + ".local/share/AAAAXY" + ".local/share/Anki2" + ".local/share/chat.fluffy.fluffychat" + ".local/share/Mindustry" + ".local/share/zoxide" + ".ssh" + "conf" + "conf_v1" + "Downloads" + "pp" + ]; + files = [".bash_history"]; + }; + }; + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/5455cfb4-0efd-4f55-b496-d2cab3f419b7"; + fsType = "btrfs"; + options = ["subvol=root"]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/F425-55BA"; + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; + "/nix" = { + device = "/dev/disk/by-uuid/0e586651-36f4-42b0-99b3-3f0704a894d6"; + fsType = "btrfs"; + }; + "/persist" = { + device = "/dev/disk/by-uuid/5455cfb4-0efd-4f55-b496-d2cab3f419b7"; + fsType = "btrfs"; + neededForBoot = true; + options = ["subvol=persist"]; + }; + }; + hardware = { + bluetooth = { + enable = true; + powerOnBoot = false; + }; + cpu.intel.updateMicrocode = true; + enableRedistributableFirmware = true; + }; + home-manager = { + backupFileExtension = "bak"; + useGlobalPkgs = true; + users.andromeda = import ./home.nix; + }; + i18n.defaultLocale = "de_DE.UTF-8"; + imports = [ + "${sources.Phoenix {inherit pkgs;}}/nix/module.nix" + "${sources.agenix {inherit pkgs;}}/modules/age.nix" + "${sources.impermanence {inherit pkgs;}}/nixos.nix" + "${sources.home-manager {inherit pkgs;}}/nixos" + ./secrets.nix + ]; + networking = { + domain = "nixos"; + hostName = "nixos"; + firewall.enable = true; + networkmanager.enable = true; + }; + nixpkgs = { + config.allowUnfree = false; + flake.source = sources.nixpkgs; + hostPlatform = "x86_64-linux"; + overlays = [ + ( + final: prev: { + phoenix = (final.callPackage "${sources.Phoenix {inherit pkgs;}}/nix/package.nix" {}).overrideAttrs { + patches = [./patches/change-default-search-engine.patch]; # default search to ddg html + }; + + withPhoenix = firefoxPackage: + firefoxPackage.override { + extraPoliciesFiles = ["${final.phoenix}/policies.json"]; + extraPrefsFiles = ["${final.phoenix}/phoenix.cfg"]; + }; + } + ) + ]; + }; + nix = { + settings = { + experimental-features = ["nix-command" "flakes"]; + substituters = ["https://cache.dataaturservice.se/spectrum/"]; + trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "spectrum-os.org-2:foQk3r7t2VpRx92CaXb5ROyy/NBdRJQG2uX2XJMYZfU=" + ]; + trusted-users = ["@wheel"]; + }; + channel.enable = false; + }; + programs.sway.enable = true; + services = { + blueman.enable = true; + displayManager = { + enable = true; + ly.enable = true; + }; + guix.enable = true; + libinput.enable = true; + openssh.enable = true; + printing.enable = true; + }; + system.stateVersion = "26.05"; + time.timeZone = "Europe/Berlin"; + users = { + mutableUsers = false; + users.andromeda = { + isNormalUser = true; + hashedPasswordFile = builtins.toString config.age.secrets.andromeda-pw.path; + extraGroups = [ + "networkmanager" + "wheel" + "dialout" + ]; + }; + }; + zramSwap = { + enable = true; + priority = 100; + algorithm = "zstd"; + memoryPercent = 35; + }; +} diff --git a/nix/home.nix b/nix/home.nix new file mode 100644 index 0000000..e842e34 --- /dev/null +++ b/nix/home.nix @@ -0,0 +1,220 @@ +{ + config, + lib, + pkgs, + ... +}: let + sources = import ./npins; + background-path = ".config/sway/background.png"; + sway_config = + pkgs.substitute + { + src = ./home/sway_config; + substitutions = [ + "--replace" + "@backgroundImagePath@" + "${config.home.homeDirectory}/${background-path}" + ]; + }; +in { + home = { + file = { + ${background-path}.source = config.stylix.image; + ".profile".enable = false; + }; + homeDirectory = "/home/${config.home.username}"; + packages = [ + pkgs.aaaaxy + #pkgs.acpi + (pkgs.callPackage "${sources.agenix}/pkgs/agenix.nix" {}) + #pkgs.alacritty + pkgs.anki + #(import "${sources.anki-cli}/package.nix") + #pkgs.c3term + #pkgs.brightnessctl + #pkgs.dust + pkgs.fluffychat + #pkgs.fzf + #pkgs.gdb + pkgs.glow + #pkgs.grim + #pkgs.hexdump + pkgs.http-server + #pkgs.jmtpfs + pkgs.mindustry-wayland + #pkgs.nasm + pkgs.nix-output-monitor + pkgs.npins + #pkgs.pciutils + #pkgs.ranger + pkgs.rip2 + #pkgs.ripgrep + #pkgs.slurp + #pkgs.tokei + #pkgs.tree + #pkgs.usbutils + #pkgs.wget + #pkgs.xxd + ]; + stateVersion = "26.05"; + username = "andromeda"; + }; + imports = [ + (import sources.nvf).homeManagerModules.nvf + (import sources.stylix).homeModules.stylix + ]; + programs = { + firefox = { + enable = true; + package = pkgs.firefox.override { + cfg.enableTridactylNative = true; + }; + profiles.default = { + extensions = { + force = true; + packages = [(import sources.NUR {inherit pkgs;}).repos.rycee.firefox-addons.tridactyl]; + }; + settings = { + "extensions.autoDisableScopes" = 0; + "intl.accepted_languages" = "de_DE"; + }; + }; + }; + gh.enable = true; + gpg.enable = true; + home-manager.enable = true; + nvf = { + enable = true; + settings.vim = { + startPlugins = [pkgs.vimPlugins.parinfer-rust]; + autocomplete.nvim-cmp.enable = false; + formatter.conform-nvim = { + enable = true; + setupOpts.format_on_save = { + lsp_format = "fallback"; + timeout_ms = 5000; + }; + }; + lsp.otter-nvim.enable = true; + git.enable = true; + keymaps = [ + { + key = ""; + mode = ["i" "n" "v" "c"]; + action = ""; + } + { + key = ""; + mode = ["i" "n" "v" "c"]; + action = ""; + } + { + key = ""; + mode = ["i" "n" "v" "c"]; + action = ""; + } + { + key = ""; + mode = ["i" "n" "v" "c"]; + action = ""; + } + { + key = "jj"; + mode = ["i"]; + action = ""; + } + { + key = "kk"; + mode = ["i"]; + action = ""; + } + { + key = "jk"; + mode = ["i"]; + action = ""; + } + { + key = "kj"; + mode = ["i"]; + action = ""; + } + { + key = ""; + mode = ["i"]; + action = ""; + } + ]; + languages = { + nix = { + enable = true; + format.enable = true; + lsp.enable = true; + }; + haskell = { + enable = true; + lsp.enable = true; + }; + rust = { + enable = true; + format.enable = true; + lsp.enable = true; + treesitter.enable = true; + }; + }; + lineNumberMode = "relative"; + options = { + tabstop = 2; + shiftwidth = 2; + expandtab = true; + smarttab = true; + foldmethod = "indent"; + number = true; + colorcolumn = "80"; + }; + statusline.lualine.enable = true; + syntaxHighlighting = true; + }; + }; + ssh.enable = true; + }; + services.gpg-agent = { + enable = true; + pinentry.package = pkgs.pinentry-curses; + }; + stylix = { + base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-material-dark-hard.yaml"; + enable = true; + fonts = { + emoji = { + name = "Noto Color Emoji"; + package = pkgs.noto-fonts-color-emoji; + }; + monospace = { + name = "Miracode"; + package = pkgs.miracode; + }; + serif = config.stylix.fonts.sansSerif; + sizes = { + applications = 10; + terminal = 10; + }; + }; + image = "${pkgs.nixos-artwork.wallpapers.gear}/share/backgrounds/nixos/nix-wallpaper-gear.png"; + polarity = "dark"; + cursor = { + name = "Hackneyed"; + package = pkgs.hackneyed; + size = 16; + }; + }; + wayland.windowManager.sway.enable = true; + xdg = { + configFile = { + "sway/config".source = lib.mkForce sway_config; + }; + portal = { + enable = true; + extraPortals = [pkgs.xdg-desktop-portal-shana]; + }; + }; +} diff --git a/nix/home/sway_config b/nix/home/sway_config new file mode 100644 index 0000000..af46e4e --- /dev/null +++ b/nix/home/sway_config @@ -0,0 +1,79 @@ +set $mod Mod4 +set $left h +set $down j +set $up k +set $right l +set $term alacritty +set $menu wmenu-run +set $screenshot grim -g "$(slurp)" +floating_modifier $mod normal + +workspace_layout stacking +output * bg @backgroundImagePath@ fill + +bindsym $mod+Shift+Return exec $term +bindsym $mod+Shift+d exec $menu +bindsym $mod+Shift+a exec anki +bindsym $mod+Shift+q exec firefox +bindsym $mod+Shift+s exec $screenshot + +bindsym $mod+Shift+c kill + +bindsym $mod+Shift+r reload + +bindsym $mod+Shift+Alt+q exit + +bindsym $mod+$left focus left +bindsym $mod+$down focus down +bindsym $mod+$up focus up +bindsym $mod+$right focus right + +bindsym $mod+Shift+$left move left +bindsym $mod+Shift+$down move down +bindsym $mod+Shift+$up move up +bindsym $mod+Shift+$right move right + +bindsym $mod+1 workspace number 1 +bindsym $mod+2 workspace number 2 +bindsym $mod+3 workspace number 3 +bindsym $mod+4 workspace number 4 +bindsym $mod+5 workspace number 5 +bindsym $mod+6 workspace number 6 +bindsym $mod+7 workspace number 7 +bindsym $mod+8 workspace number 8 +bindsym $mod+9 workspace number 9 +bindsym $mod+0 workspace number 0 + +bindsym $mod+Shift+1 move container to workspace number 1 +bindsym $mod+Shift+2 move container to workspace number 2 +bindsym $mod+Shift+3 move container to workspace number 3 +bindsym $mod+Shift+4 move container to workspace number 4 +bindsym $mod+Shift+5 move container to workspace number 5 +bindsym $mod+Shift+6 move container to workspace number 6 +bindsym $mod+Shift+7 move container to workspace number 7 +bindsym $mod+Shift+8 move container to workspace number 8 +bindsym $mod+Shift+9 move container to workspace number 9 +bindsym $mod+Shift+0 move container to workspace number 0 + +seat * hide_cursor 100 +input type:touchpad events disabled + +bindsym $mod+r exec 'swaymsg "seat * hide_cursor 100"; swaymsg "input type:touchpad events disabled"' +bindsym $mod+t exec 'swaymsg "seat * hide_cursor 0"; swaymsg "input type:touchpad events enabled"' + +bindsym $mod+f fullscreen +bindsym $mod+Shift+space floating toggle +bindsym $mod+Shift+minus move scratchpad +bindsym $mod+minus scratchpad show + +bindsym --locked XF86AudioMute exec pactl set-sink-mute \@DEFAULT_SINK@ toggle +bindsym --locked XF86AudioLowerVolume exec pactl set-sink-volume \@DEFAULT_SINK@ -5% +bindsym --locked XF86AudioRaiseVolume exec pactl set-sink-volume \@DEFAULT_SINK@ +5% +bindsym --locked XF86AudioMicMute exec pact set-source-mute \@DEFAULT_SOURCE@ toggle +bindsym --locked XF86MonBrightnessDown exec brightnessctl set 2%- +bindsym --locked XF86MonbrightnessUp exec brightnessctl set 2%+ + +default_border none +font pango:monospace 0.001 +titlebar_border_thickness 0 +titlebar_padding 0 diff --git a/nix/npins/default.nix b/nix/npins/default.nix new file mode 100644 index 0000000..884fc8c --- /dev/null +++ b/nix/npins/default.nix @@ -0,0 +1,249 @@ +/* + This file is provided under the MIT licence: + + Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +*/ +# Generated by npins. Do not modify; will be overwritten regularly +let + # Backwards-compatibly make something that previously didn't take any arguments take some + # The function must return an attrset, and will unfortunately be eagerly evaluated + # Same thing, but it catches eval errors on the default argument so that one may still call it with other arguments + mkFunctor = + fn: + let + e = builtins.tryEval (fn { }); + in + (if e.success then e.value else { error = fn { }; }) // { __functor = _self: fn; }; + + # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295 + range = + first: last: if first > last then [ ] else builtins.genList (n: first + n) (last - first + 1); + + # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257 + stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1)); + + # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269 + stringAsChars = f: s: concatStrings (map f (stringToCharacters s)); + concatStrings = builtins.concatStringsSep ""; + + # If the environment variable NPINS_OVERRIDE_${name} is set, then use + # the path directly as opposed to the fetched source. + # (Taken from Niv for compatibility) + mayOverride = + name: path: + let + envVarName = "NPINS_OVERRIDE_${saneName}"; + saneName = stringAsChars (c: if (builtins.match "[a-zA-Z0-9]" c) == null then "_" else c) name; + ersatz = builtins.getEnv envVarName; + in + if ersatz == "" then + path + else + # this turns the string into an actual Nix path (for both absolute and + # relative paths) + builtins.trace "Overriding path of \"${name}\" with \"${ersatz}\" due to set \"${envVarName}\"" ( + if builtins.substring 0 1 ersatz == "/" then + /. + ersatz + else + /. + builtins.getEnv "PWD" + "/${ersatz}" + ); + + mkSource = + name: spec: + { + pkgs ? null, + }: + assert spec ? type; + let + # Unify across builtin and pkgs fetchers. + # `fetchGit` requires a wrapper because of slight API differences. + fetchers = + if pkgs == null then + { + inherit (builtins) fetchTarball fetchurl; + # For some fucking reason, fetchGit has a different signature than the other builtin fetchers … + fetchGit = args: (builtins.fetchGit args).outPath; + } + else + { + fetchTarball = + { + url, + sha256, + }: + pkgs.fetchzip { + inherit url sha256; + extension = "tar"; + }; + inherit (pkgs) fetchurl; + fetchGit = + { + url, + submodules, + rev, + name, + narHash, + }: + pkgs.fetchgit { + inherit url rev name; + fetchSubmodules = submodules; + hash = narHash; + }; + }; + + # Dispatch to the correct code path based on the type + path = + if spec.type == "Git" then + mkGitSource fetchers spec + else if spec.type == "GitRelease" then + mkGitSource fetchers spec + else if spec.type == "PyPi" then + mkPyPiSource fetchers spec + else if spec.type == "Channel" then + mkChannelSource fetchers spec + else if spec.type == "Tarball" then + mkTarballSource fetchers spec + else if spec.type == "Container" then + mkContainerSource pkgs spec + else + builtins.throw "Unknown source type ${spec.type}"; + in + spec // { outPath = mayOverride name path; }; + + mkGitSource = + { + fetchTarball, + fetchGit, + ... + }: + { + repository, + revision, + url ? null, + submodules, + hash, + ... + }: + assert repository ? type; + # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository + # In the latter case, there we will always be an url to the tarball + if url != null && !submodules then + fetchTarball { + inherit url; + sha256 = hash; + } + else + let + url = + if repository.type == "Git" then + repository.url + else if repository.type == "GitHub" then + "https://github.com/${repository.owner}/${repository.repo}.git" + else if repository.type == "GitLab" then + "${repository.server}/${repository.repo_path}.git" + else if repository.type == "Forgejo" then + "${repository.server}/${repository.owner}/${repository.repo}.git" + else + throw "Unrecognized repository type ${repository.type}"; + urlToName = + url: rev: + let + matched = builtins.match "^.*/([^/]*)(\\.git)?$" url; + + short = builtins.substring 0 7 rev; + + appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else ""; + in + "${if matched == null then "source" else builtins.head matched}${appendShort}"; + name = urlToName url revision; + in + fetchGit { + rev = revision; + narHash = hash; + + inherit name submodules url; + }; + + mkPyPiSource = + { fetchurl, ... }: + { + url, + hash, + ... + }: + fetchurl { + inherit url; + sha256 = hash; + }; + + mkChannelSource = + { fetchTarball, ... }: + { + url, + hash, + ... + }: + fetchTarball { + inherit url; + sha256 = hash; + }; + + mkTarballSource = + { fetchTarball, ... }: + { + url, + locked_url ? url, + hash, + ... + }: + fetchTarball { + url = locked_url; + sha256 = hash; + }; + + mkContainerSource = + pkgs: + { + image_name, + image_tag, + image_digest, + ... + }: + if pkgs == null then + builtins.throw "container sources require passing in a Nixpkgs value: https://github.com/andir/npins/blob/master/README.md#using-the-nixpkgs-fetchers" + else + pkgs.dockerTools.pullImage { + imageName = image_name; + imageDigest = image_digest; + finalImageTag = image_tag; + }; +in +mkFunctor ( + { + input ? ./sources.json, + }: + let + data = + if builtins.isPath input then + # while `readFile` will throw an error anyways if the path doesn't exist, + # we still need to check beforehand because *our* error can be caught but not the one from the builtin + # *piegames sighs* + if builtins.pathExists input then + builtins.fromJSON (builtins.readFile input) + else + throw "Input path ${toString input} does not exist" + else if builtins.isAttrs input then + input + else + throw "Unsupported input type ${builtins.typeOf input}, must be a path or an attrset"; + version = data.version; + in + if version == 7 then + builtins.mapAttrs (name: spec: mkFunctor (mkSource name spec)) data.pins + else + throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`" +) diff --git a/nix/npins/sources.json b/nix/npins/sources.json new file mode 100644 index 0000000..93e4442 --- /dev/null +++ b/nix/npins/sources.json @@ -0,0 +1,131 @@ +{ + "pins": { + "NUR": { + "type": "Git", + "repository": { + "type": "GitHub", + "owner": "nix-community", + "repo": "NUR" + }, + "branch": "main", + "submodules": false, + "revision": "68c90674bf7614be9d0d4772a36416e8277717f6", + "url": "https://github.com/nix-community/NUR/archive/68c90674bf7614be9d0d4772a36416e8277717f6.tar.gz", + "hash": "sha256-fnqFNUir8uUsi8Qvh3216X6XaNS4NDtiZ3zxaMIkH1c=" + }, + "Phoenix": { + "type": "Git", + "repository": { + "type": "Forgejo", + "server": "https://codeberg.org/", + "owner": "celenity", + "repo": "Phoenix" + }, + "branch": "dev", + "submodules": false, + "revision": "54aeb09d23fce79346ef1f4c9f11304cfc812934", + "url": "https://codeberg.org/celenity/Phoenix/archive/54aeb09d23fce79346ef1f4c9f11304cfc812934.tar.gz", + "hash": "sha256-izTRnoyGXelLk9lEvgeD6Lsq3DTkWBAF0kqiYQ1+998=" + }, + "agenix": { + "type": "Git", + "repository": { + "type": "GitHub", + "owner": "ryantm", + "repo": "agenix" + }, + "branch": "main", + "submodules": false, + "revision": "b027ee29d959fda4b60b57566d64c98a202e0feb", + "url": "https://github.com/ryantm/agenix/archive/b027ee29d959fda4b60b57566d64c98a202e0feb.tar.gz", + "hash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=" + }, + "anki-cli": { + "type": "Git", + "repository": { + "type": "Forgejo", + "server": "https://git.mtgmonkey.net/", + "owner": "andromeda", + "repo": "anki-cli" + }, + "branch": "master", + "submodules": false, + "revision": "d69a1d3852b0ab96e85f7efc4ea72462e1ea187b", + "url": "https://git.mtgmonkey.net/andromeda/anki-cli/archive/d69a1d3852b0ab96e85f7efc4ea72462e1ea187b.tar.gz", + "hash": "sha256-4HVpUe+7tC41A0V+s1hCWtHMagZDm0YRGnJFxA8YDEg=" + }, + "c3term": { + "type": "Git", + "repository": { + "type": "Forgejo", + "server": "https://git.mtgmonkey.net/", + "owner": "andromeda", + "repo": "c3term" + }, + "branch": "master", + "submodules": false, + "revision": "9a23671a55b4d8841154c18346ec3b8a9d5d3736", + "url": "https://git.mtgmonkey.net/andromeda/c3term/archive/9a23671a55b4d8841154c18346ec3b8a9d5d3736.tar.gz", + "hash": "sha256-YxWN5Rl2x+Itvd4vhDGbFA8F3x/Ze9fqoIBUdiLzKpg=" + }, + "home-manager": { + "type": "Git", + "repository": { + "type": "GitHub", + "owner": "nix-community", + "repo": "home-manager" + }, + "branch": "master", + "submodules": false, + "revision": "8ec5a714dbbeb3fda00bd9758175555ebbad4d07", + "url": "https://github.com/nix-community/home-manager/archive/8ec5a714dbbeb3fda00bd9758175555ebbad4d07.tar.gz", + "hash": "sha256-HWbn7WASXsXGADiBDt6/k9U/HpGBEmoeqIOzrf+z2HE=" + }, + "impermanence": { + "type": "Git", + "repository": { + "type": "GitHub", + "owner": "nix-community", + "repo": "impermanence" + }, + "branch": "master", + "submodules": false, + "revision": "7b1d382faf603b6d264f58627330f9faa5cba149", + "url": "https://github.com/nix-community/impermanence/archive/7b1d382faf603b6d264f58627330f9faa5cba149.tar.gz", + "hash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=" + }, + "nixpkgs": { + "type": "Channel", + "name": "nixos-unstable", + "url": "https://releases.nixos.org/nixos/unstable/nixos-26.05pre987561.1c3fe55ad329/nixexprs.tar.xz", + "hash": "sha256-e1tDUQMbFCxCnke314UpghgRqg3FJLtcXFfq/WTRLYI=" + }, + "nvf": { + "type": "Git", + "repository": { + "type": "GitHub", + "owner": "NotAShelf", + "repo": "nvf" + }, + "branch": "main", + "submodules": false, + "revision": "5b4f9c63205e5b0ef180a2b0e4cc844111f96fa6", + "url": "https://github.com/NotAShelf/nvf/archive/5b4f9c63205e5b0ef180a2b0e4cc844111f96fa6.tar.gz", + "hash": "sha256-YLVqyn6LpFa+h697TmZIk0qVIbe7MxMpL8UTF4K+efA=" + }, + "stylix": { + "type": "Git", + "repository": { + "type": "GitHub", + "owner": "nix-community", + "repo": "stylix" + }, + "branch": "master", + "submodules": false, + "revision": "84971726c7ef0bb3669a5443e151cc226e65c518", + "url": "https://github.com/nix-community/stylix/archive/84971726c7ef0bb3669a5443e151cc226e65c518.tar.gz", + "hash": "sha256-AFD5cf9eNqXq1brHS63xeZy2xKZMgG9J86XJ9I2eLn8=" + } + }, + "version": 7 +} diff --git a/nix/patches/change-default-search-engine.patch b/nix/patches/change-default-search-engine.patch new file mode 100644 index 0000000..eea0845 --- /dev/null +++ b/nix/patches/change-default-search-engine.patch @@ -0,0 +1,22 @@ +diff --git a/build-resources/policies/phoenix-desktop.json b/build-resources/policies/phoenix-desktop.json +index 48efbe39..b5d2fe95 100644 +--- a/build-resources/policies/phoenix-desktop.json ++++ b/build-resources/policies/phoenix-desktop.json +@@ -102,8 +102,8 @@ + "URLTemplate": "https://eu.startpage.com/sp/search" + } + ], +- "Default": "DuckDuckGo‎", +- "DefaultPrivate": "DuckDuckGo‎", ++ "Default": "DuckDuckGo (HTML)", ++ "DefaultPrivate": "DuckDuckGo (HTML)", + "PreventInstalls": false, + "Remove": [ + "1&1 Suche", +@@ -170,4 +170,4 @@ + ] + } + } +-} +\ No newline at end of file ++} diff --git a/nix/pub-keys.nix b/nix/pub-keys.nix new file mode 100644 index 0000000..8de2f7a --- /dev/null +++ b/nix/pub-keys.nix @@ -0,0 +1,10 @@ +{ + age.secrets.andromeda-pw.file = ./secrets/andromeda-pw.age; + pub-keys = { + ssh = { + andromeda = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJy2VD362wUcu0lKj2d6OIU8dbAna0Lu/NaAYIj8gdIA andromeda@lenovo"; + lenovo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHG4eqsLTq2os2mxfwhys3BpVnowcJrqt2CbRFzN2pJb root@lenovo"; + _109-199-104-83 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPkg4vbyGDxrAtKFK7Pecr/qDK9cUjv+kfhQMjO6M/Ft root@vmi2998419"; + }; + }; +} diff --git a/nix/secrets.nix b/nix/secrets.nix new file mode 100644 index 0000000..fd1c166 --- /dev/null +++ b/nix/secrets.nix @@ -0,0 +1,10 @@ +{lib, ...}: { + imports = [./pub-keys.nix]; + options = { + pub-keys.ssh = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = {}; + description = "set of public keys as `name = key`"; + }; + }; +} diff --git a/nix/secrets/andromeda-pw.age b/nix/secrets/andromeda-pw.age new file mode 100644 index 0000000..0c65df4 --- /dev/null +++ b/nix/secrets/andromeda-pw.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 mT2fyg yzvchL+ecw88Wd2dNEUQU3mKAXeqto9YEww2awKZ/yg +2uOU8NpVFgTrQvma4UfMcilZvMszgF9g+WUfj5448mg +-> ssh-ed25519 UHxfvA nOOKWcp+Ldjlo1qhymb7IuSPB509Sz9bfGBR9VGpDzM +0W5MTMkkG1Xuj2ZdE74HK3O/+zXziMQWyF/NL/bAKPQ +--- oxkTA1FKsss5n01prQMlDe5u1/L+bTqaPpsCuGDlpp0 +tcc#\\@ ^O@jKs&ꨲS13g4>Z CRpZ| H^M vL' Yڨsjug' \ No newline at end of file diff --git a/nix/secrets/secrets.nix b/nix/secrets/secrets.nix new file mode 100644 index 0000000..6dc4059 --- /dev/null +++ b/nix/secrets/secrets.nix @@ -0,0 +1,9 @@ +let + pub-keys = (import ../pub-keys.nix).pub-keys; + andromeda = pub-keys.ssh.andromeda; + lenovo = pub-keys.ssh.lenovo; + _109-199-104-83 = pub-keys.ssh._109-199-104-83; +in { + # user passwords + "andromeda-pw.age".publicKeys = [andromeda lenovo]; +} -- cgit v1.3