diff --git a/.sops.yaml b/.sops.yaml index a04c9bd..5e42c0a 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -18,10 +18,23 @@ creation_rules: - path_regex: system/dev/dn-lap/sops/secret.yaml key_groups: - age: - - *dn_server + - *dn_pre7780 - *dn_lap - path_regex: system/dev/skydrive-lap/sops/secret.yaml key_groups: - age: - *skydrive_lap - *dn_pre7780 + - path_regex: system/dev/public/sops/dn-secret.yaml + key_groups: + - age: + - *dn_pre7780 + - *dn_server + - *dn_lap + - path_regex: system/dev/public/sops/secret.yaml + key_groups: + - age: + - *dn_pre7780 + - *dn_server + - *skydrive_lap + - *dn_lap diff --git a/README.md b/README.md index a88906c..cac692a 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ - [x] Hypridle - [x] Zen Browser - [x] Swaync (Notification Center) -- [x] Swww (Wallpaper) +- [x] Awww (Wallpaper) - [x] Ghostty (Terminal) - [x] SDDM (Display Manager) - [x] Fish (shell) diff --git a/flake.lock b/flake.lock index 1c9feb4..039896b 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ ] }, "locked": { - "lastModified": 1757826057, - "narHash": "sha256-KE6kxoDme82jgmPUE67mvs/kjQBTfSxIuMufuEUSUSo=", + "lastModified": 1762920604, + "narHash": "sha256-60YEo8f+P50eu4iCL7DWD8NPEvwZl6nimSTsNPqi1cU=", "owner": "DACHXY", "repo": "actual-budget-api", - "rev": "1c7a816cbfe17c5821b446b5582e88404cb23596", + "rev": "eb107c928feb31e1162e25f59c08fabb1839ad90", "type": "github" }, "original": { @@ -100,6 +100,28 @@ "type": "github" } }, + "awww": { + "inputs": { + "flake-compat": "flake-compat_2", + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1763732354, + "narHash": "sha256-o1O5GCgdkehrvqqvwfX53TCiES8k+z9Ac1JKuIUZfwo=", + "ref": "refs/heads/main", + "rev": "880d590d0e6e337cb96428edbedae81283ebec19", + "revCount": 1310, + "type": "git", + "url": "https://codeberg.org/LGFae/awww" + }, + "original": { + "type": "git", + "url": "https://codeberg.org/LGFae/awww" + } + }, "base16": { "inputs": { "fromYaml": "fromYaml" @@ -121,16 +143,17 @@ "base16-fish": { "flake": false, "locked": { - "lastModified": 1622559957, - "narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", + "lastModified": 1754405784, + "narHash": "sha256-l9xHIy+85FN+bEo6yquq2IjD1rSg9fjfjpyGP1W8YXo=", "owner": "tomyun", "repo": "base16-fish", - "rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", + "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", "type": "github" }, "original": { "owner": "tomyun", "repo": "base16-fish", + "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", "type": "github" } }, @@ -178,11 +201,11 @@ ] }, "locked": { - "lastModified": 1759542305, - "narHash": "sha256-ODiAXnQWTSSc0j2fkJ0JQBdjQktfcBTX//legwStGns=", + "lastModified": 1763172111, + "narHash": "sha256-QseFQKZgMq/kbHlrhfaNlwEyQ1H3J+UhnbgpAIEGpvA=", "owner": "caelestia-dots", "repo": "cli", - "rev": "ebbd636b7962fa7fe41d406dcd1088958715161e", + "rev": "d89c438284311e99148ece61054cd6f9bc8e8cb7", "type": "github" }, "original": { @@ -200,11 +223,11 @@ "quickshell": "quickshell" }, "locked": { - "lastModified": 1759890778, - "narHash": "sha256-DzxhtmepaYmtDNI5LZUI6SroMn5XPV4wv8w83aVyeBo=", + "lastModified": 1763256383, + "narHash": "sha256-Vwct8SbZkfoTY0BbB0XVmXo5KsRIH4asV7QzXpjZ4b8=", "owner": "caelestia-dots", "repo": "shell", - "rev": "7e878fd3731993ef693a163d17f03bf5415639a5", + "rev": "58fe2962b6f515e879962953fcb4fcd9c8f39c32", "type": "github" }, "original": { @@ -219,14 +242,14 @@ "home-manager": "home-manager", "jovian": "jovian", "nixpkgs": "nixpkgs", - "rust-overlay": "rust-overlay" + "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1760152188, - "narHash": "sha256-k9sqEYgJ2QH257T4p6MeKCHLYi2k9XH7Cjv8LPrtuvY=", + "lastModified": 1763732117, + "narHash": "sha256-/zBu6slgHtkuFZFJ4ReKS3NO6rdwEv4KcaYADkz6KyA=", "owner": "chaotic-cx", "repo": "nyx", - "rev": "3f06ccee77dcae294d48cf7741dd3647fc3613a7", + "rev": "a34640558e83eb3ba0d52c52cb5ffd0465786e4b", "type": "github" }, "original": { @@ -273,11 +296,11 @@ ] }, "locked": { - "lastModified": 1758287904, - "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=", + "lastModified": 1763651264, + "narHash": "sha256-8vvwZbw0s7YvBMJeyPVpWke6lg6ROgtts5N2/SMCcv4=", "owner": "nix-community", "repo": "disko", - "rev": "67ff9807dd148e704baadbd4fd783b54282ca627", + "rev": "e86a89079587497174ccab6d0d142a65811a4fd9", "type": "github" }, "original": { @@ -321,11 +344,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { @@ -353,11 +376,11 @@ "flake-compat_4": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -369,11 +392,11 @@ "flake-compat_5": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -399,22 +422,6 @@ } }, "flake-compat_7": { - "flake": false, - "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_8": { "flake": false, "locked": { "lastModified": 1751685974, @@ -430,22 +437,6 @@ "url": "https://git.lix.systems/lix-project/flake-compat.git" } }, - "flake-compat_9": { - "flake": false, - "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -496,11 +487,11 @@ ] }, "locked": { - "lastModified": 1759362264, - "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", + "lastModified": 1762980239, + "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", + "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da", "type": "github" }, "original": { @@ -535,11 +526,11 @@ ] }, "locked": { - "lastModified": 1759362264, - "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", + "lastModified": 1760948891, + "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", + "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", "type": "github" }, "original": { @@ -742,7 +733,7 @@ }, "ghostty": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat_3", "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" @@ -751,11 +742,11 @@ "zon2nix": "zon2nix" }, "locked": { - "lastModified": 1760128918, - "narHash": "sha256-2BAJkbGXebSCxbe4KHdtpH4optMmptw7Ibw1Bs23TPc=", + "lastModified": 1763704826, + "narHash": "sha256-Q2ArFuRzdNqR8gK0g2eBfnwwPWmiIIU4TPWa+xNHtqc=", "owner": "ghostty-org", "repo": "ghostty", - "rev": "c5ad7563f92656ec02bd08856b46431f2e222e69", + "rev": "5f3645433c0ba5910c7da1f25aaa07efc2c84b64", "type": "github" }, "original": { @@ -764,29 +755,6 @@ "type": "github" } }, - "git-hooks": { - "inputs": { - "flake-compat": "flake-compat_6", - "gitignore": "gitignore_3", - "nixpkgs": [ - "neovim-nightly-overlay", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1759523803, - "narHash": "sha256-PTod9NG+i3XbbnBKMl/e5uHDBYpwIWivQ3gOWSEuIEM=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "cfc9f7bb163ad8542029d303e599c0f7eee09835", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, "gitignore": { "inputs": { "nixpkgs": [ @@ -831,68 +799,23 @@ "type": "github" } }, - "gitignore_3": { - "inputs": { - "nixpkgs": [ - "neovim-nightly-overlay", - "git-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, "gnome-shell": { "flake": false, "locked": { - "lastModified": 1748186689, - "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=", + "host": "gitlab.gnome.org", + "lastModified": 1762869044, + "narHash": "sha256-nwm/GJ2Syigf7VccLAZ66mFC8mZJFqpJmIxSGKl7+Ds=", "owner": "GNOME", "repo": "gnome-shell", - "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0", - "type": "github" + "rev": "680e3d195a92203f28d4bf8c6e8bb537cc3ed4ad", + "type": "gitlab" }, "original": { + "host": "gitlab.gnome.org", "owner": "GNOME", - "ref": "48.2", + "ref": "gnome-49", "repo": "gnome-shell", - "type": "github" - } - }, - "hercules-ci-effects": { - "inputs": { - "flake-parts": [ - "neovim-nightly-overlay", - "flake-parts" - ], - "nixpkgs": [ - "neovim-nightly-overlay", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1758022363, - "narHash": "sha256-ENUhCRWgSX4ni751HieNuQoq06dJvApV/Nm89kh+/A0=", - "owner": "hercules-ci", - "repo": "hercules-ci-effects", - "rev": "1a3667d33e247ad35ca250698d63f49a5453d824", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "hercules-ci-effects", - "type": "github" + "type": "gitlab" } }, "home-manager": { @@ -903,11 +826,11 @@ ] }, "locked": { - "lastModified": 1760061988, - "narHash": "sha256-CeuMo7fjWm3XaoK+b1PGyaVIlE1GHudoxk9jrJFvfbY=", + "lastModified": 1763416652, + "narHash": "sha256-8EBEEvtzQ11LCxpQHMNEBQAGtQiCu/pqP9zSovDSbNM=", "owner": "nix-community", "repo": "home-manager", - "rev": "c7f4214faca2f196c551b767c12a70bfa0614510", + "rev": "ea164b7c9ccdc2321379c2ff78fd4317b4c41312", "type": "github" }, "original": { @@ -923,11 +846,11 @@ ] }, "locked": { - "lastModified": 1760130406, - "narHash": "sha256-GKMwBaFRw/C1p1VtjDz4DyhyzjKUWyi1K50bh8lgA2E=", + "lastModified": 1763416652, + "narHash": "sha256-8EBEEvtzQ11LCxpQHMNEBQAGtQiCu/pqP9zSovDSbNM=", "owner": "nix-community", "repo": "home-manager", - "rev": "d305eece827a3fe317a2d70138f53feccaf890a1", + "rev": "ea164b7c9ccdc2321379c2ff78fd4317b4c41312", "type": "github" }, "original": { @@ -1072,11 +995,11 @@ ] }, "locked": { - "lastModified": 1760143196, - "narHash": "sha256-UPKU7QXmJ8vJO59bGzT0UFhvncWb14odLJXzcvSu73U=", + "lastModified": 1763732618, + "narHash": "sha256-hvElpSNHbYSBsn/GoJV0RgAecpn3vcC5kJso34XqwJw=", "owner": "hyprwm", "repo": "hyprland-plugins", - "rev": "f6dd103dfb12f8939bf8049ee35a2b3eb7564dc3", + "rev": "57961d69ad9725986290c8c0f2b0d118b645daee", "type": "github" }, "original": { @@ -1248,11 +1171,11 @@ "systems": "systems_5" }, "locked": { - "lastModified": 1760023949, - "narHash": "sha256-fu0B4duamVdbkPio/czu1XhsPLRXUJpZLDrSk3nih4U=", + "lastModified": 1761675634, + "narHash": "sha256-Et1jNDB2d3e0b4okIKuyAMktECS+5hk+vMAA7X598ao=", "owner": "hyprwm", "repo": "hyprlock", - "rev": "36ec73f166d9434a3f27c96c575198906f77644a", + "rev": "98b86752fe4867bd14ef96a92ea788229af93130", "type": "github" }, "original": { @@ -1370,11 +1293,11 @@ ] }, "locked": { - "lastModified": 1759815224, - "narHash": "sha256-HbdOyjqHm38j6o5mV24i0bn+r5ykS+VJBnWJuZ0fE+A=", + "lastModified": 1763453666, + "narHash": "sha256-Hu8lDUlbMFvcYX30LBXX7Gq5FbU35bERH0pSX5qHf/Q=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "ee974f496a080c61b3164992c850f43741edcc52", + "rev": "b843b551415c7aecc97c8b3ab3fff26fd0cd8bbf", "type": "github" }, "original": { @@ -1386,13 +1309,13 @@ "lanzaboote": { "inputs": { "crane": "crane_2", - "flake-compat": "flake-compat_4", + "flake-compat": "flake-compat_5", "flake-parts": "flake-parts_2", "nixpkgs": [ "nixpkgs" ], "pre-commit-hooks-nix": "pre-commit-hooks-nix", - "rust-overlay": "rust-overlay_2" + "rust-overlay": "rust-overlay_3" }, "locked": { "lastModified": 1737639419, @@ -1416,11 +1339,11 @@ ] }, "locked": { - "lastModified": 1761893234, - "narHash": "sha256-ePHBF/6fyfTSAMvAaES+LxaBIeW6weooAOXxqN1em0s=", + "lastModified": 1763876586, + "narHash": "sha256-bQ5KRepEVyvF81AlaLxn4IdFfzZJzBq221ix2Zmjtz4=", "owner": "dachxy", "repo": "nix-mail-server", - "rev": "b8c26c666a14fcdf4d514c17a2362fc5d33c7358", + "rev": "238e340ef58db602892e8cde114576612055520c", "type": "github" }, "original": { @@ -1454,11 +1377,11 @@ "spectrum": "spectrum" }, "locked": { - "lastModified": 1760115376, - "narHash": "sha256-DCKRMxudVOddhA0AlDmRLeoUmPONkUBYv1MiK7mWbY8=", + "lastModified": 1763429621, + "narHash": "sha256-xJD3vjEdDP+/XKLgPAkaX44s2xuiAeOhCdjs2jrALY4=", "owner": "microvm-nix", "repo": "microvm.nix", - "rev": "5103fad040940b6b01891ed44b1d8bebd71249c6", + "rev": "c4e4a264da114c618251b17eb4c959f86376e530", "type": "github" }, "original": { @@ -1484,20 +1407,16 @@ }, "neovim-nightly-overlay": { "inputs": { - "flake-compat": "flake-compat_5", "flake-parts": "flake-parts_3", - "git-hooks": "git-hooks", - "hercules-ci-effects": "hercules-ci-effects", "neovim-src": "neovim-src", - "nixpkgs": "nixpkgs_4", - "treefmt-nix": "treefmt-nix" + "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1760168241, - "narHash": "sha256-87aML9i/zVm5WSCEx59PUpCrpkLbXEqcLEFPNn5+2iE=", + "lastModified": 1763683496, + "narHash": "sha256-k20voxbsi+899PeXlvWpKU5tcgNYfNqC52rgrh+MOto=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "d5ef90cf4577df3e3daef7e070d200cca64c889f", + "rev": "1ddc8e956c8165df29735202b76bb0cfa827916d", "type": "github" }, "original": { @@ -1509,11 +1428,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1760105690, - "narHash": "sha256-ZII7EvSnJueiV/a595uOsIdbWcXVWhO5pCvvJp2/mco=", + "lastModified": 1763682595, + "narHash": "sha256-/dUf5I0DyLvPgFzjJj0/lUHKZ2M1sVlbYCgudDabxIo=", "owner": "neovim", "repo": "neovim", - "rev": "fafc329bbd1e15f9ab595568e8cd8b10295113dd", + "rev": "a8b9660ca3452a27b68bf914f618df2d78b64180", "type": "github" }, "original": { @@ -1573,11 +1492,11 @@ ] }, "locked": { - "lastModified": 1759637156, - "narHash": "sha256-8NI1SqntLfKl6Q0Luemc3aIboezSJElofUrqipF5g78=", + "lastModified": 1763265660, + "narHash": "sha256-Ad9Rd3ZAidrH01xP73S3CjPiyXo7ywZs3uCESjPwUdc=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "0ca69684091aa3a6b1fe994c4afeff305b15e915", + "rev": "469ef53571ea80890c9497952787920c79c1ee6e", "type": "github" }, "original": { @@ -1588,18 +1507,18 @@ }, "nix-minecraft": { "inputs": { - "flake-compat": "flake-compat_7", + "flake-compat": "flake-compat_6", "flake-utils": "flake-utils_5", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1760147325, - "narHash": "sha256-mBHP1GhvuRE/n8ZXh1lfh+Tn+5oOwB2zCuoPs2mM7IQ=", + "lastModified": 1763690461, + "narHash": "sha256-q3tHxrMu5BjSG8pE53dOevl4JmyhR73sICy/kJ0fYNk=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "701fd12530b71a059e7a130fb58b28cb15c38bfb", + "rev": "106ec777ce9fb7e98c9d68d717c91d5d59ce497b", "type": "github" }, "original": { @@ -1614,11 +1533,11 @@ "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1758135610, - "narHash": "sha256-z7Mt//II4pvOJ4hzbgNRErk/MpXzgkGQm7VimXDG/H8=", + "lastModified": 1760307084, + "narHash": "sha256-fhXbkH1iqLugr5zkuSgxUYziq5Q4f+QnV5eSag9La8g=", "owner": "3timeslazy", "repo": "nix-search-tv", - "rev": "5bcc012b9f6ae069c984e994f85eb7976b4d58a3", + "rev": "7499132c98e044e36bc73254d4179cff0d9d7768", "type": "github" }, "original": { @@ -1654,14 +1573,14 @@ "nixpkgs": [ "nixpkgs" ], - "treefmt-nix": "treefmt-nix_2" + "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1759830669, - "narHash": "sha256-MvFhaBavW6beDnhDBiEBfWFDE1pat5kOgGeOPYE9zyk=", + "lastModified": 1761572354, + "narHash": "sha256-3aXsnYf/wXad8DRLTSTOlulS+65qp93eMo5R7pmaHi4=", "owner": "nix-community", "repo": "nixd", - "rev": "62c94242843cbed00ee4c5b2cd6e781b4a9b7854", + "rev": "b9229d79b1cd722257c16027ea79d8f033c3aa4e", "type": "github" }, "original": { @@ -1672,11 +1591,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1760038930, - "narHash": "sha256-Oncbh0UmHjSlxO7ErQDM3KM0A5/Znfofj2BSzlHLeVw=", + "lastModified": 1763421233, + "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0b4defa2584313f3b781240b29d61f6f9f7e0df3", + "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648", "type": "github" }, "original": { @@ -1732,11 +1651,11 @@ }, "nixpkgs-stable_3": { "locked": { - "lastModified": 1760139962, - "narHash": "sha256-4xggC56Rub3WInz5eD7EZWXuLXpNvJiUPahGtMkwtuc=", + "lastModified": 1763622513, + "narHash": "sha256-1jQnuyu82FpiSxowrF/iFK6Toh9BYprfDqfs4BB+19M=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7e297ddff44a3cc93673bb38d0374df8d0ad73e4", + "rev": "c58bc7f5459328e4afac201c5c4feb7c818d604b", "type": "github" }, "original": { @@ -1777,11 +1696,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1759977445, - "narHash": "sha256-LYr4IDfuihCkFAkSYz5//gT2r1ewcWBYgd5AxPzPLIo=", + "lastModified": 1763618868, + "narHash": "sha256-v5afmLjn/uyD9EQuPBn7nZuaZVV9r+JerayK/4wvdWA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2dad7af78a183b6c486702c18af8a9544f298377", + "rev": "a8d610af3f1a5fb71e23e08434d8d61a466fc942", "type": "github" }, "original": { @@ -1809,27 +1728,27 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1760103332, - "narHash": "sha256-BMsGVfKl4Q80Pr9T1AkCRljO1bpwCmY8rTBVj8XGuhA=", + "lastModified": 1763421233, + "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "870493f9a8cb0b074ae5b411b2f232015db19a65", + "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixpkgs-unstable", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_7": { "locked": { - "lastModified": 1759570798, - "narHash": "sha256-kbkzsUKYzKhuvMOuxt/aTwWU2mnrwoY964yN3Y4dE98=", + "lastModified": 1763191728, + "narHash": "sha256-esRhOS0APE6k40Hs/jjReXg+rx+J5LkWw7cuWFKlwYA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0d4f673a88f8405ae14484e6a1ea870e0ba4ca26", + "rev": "1d4c88323ac36805d09657d13a5273aea1b34f0c", "type": "github" }, "original": { @@ -1841,11 +1760,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1756288264, - "narHash": "sha256-Om8adB1lfkU7D33VpR+/haZ2gI5r3Q+ZbIPzE5sYnwE=", + "lastModified": 1762286042, + "narHash": "sha256-OD5HsZ+sN7VvNucbrjiCz7CHF5zf9gP51YVJvPwYIH8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ddd1826f294a0ee5fdc198ab72c8306a0ea73aa9", + "rev": "12c1f0253aa9a54fdf8ec8aecaafada64a111e24", "type": "github" }, "original": { @@ -1898,7 +1817,7 @@ }, "nvf": { "inputs": { - "flake-compat": "flake-compat_8", + "flake-compat": "flake-compat_7", "flake-parts": "flake-parts_5", "mnw": "mnw", "nixpkgs": [ @@ -1907,11 +1826,11 @@ "systems": "systems_9" }, "locked": { - "lastModified": 1761112426, - "narHash": "sha256-fa3fIyXP3xQhsPaZX4WsFwPM9g64EMOucfDEC4o8Nwc=", + "lastModified": 1762622004, + "narHash": "sha256-NpzzgaoMK8aRHnndHWbYNKLcZN0r1y6icCoJvGoBsoE=", "owner": "NotAShelf", "repo": "nvf", - "rev": "9b3e7bcf68ace2f07eb7478c40e45ce79332482b", + "rev": "09470524a214ed26633ddc2b6ec0c9bf31a8b909", "type": "github" }, "original": { @@ -1922,7 +1841,7 @@ }, "pre-commit-hooks": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_4", "gitignore": "gitignore", "nixpkgs": [ "hyprland", @@ -1978,11 +1897,11 @@ ] }, "locked": { - "lastModified": 1759610621, - "narHash": "sha256-P3UPFd95mS/3aNgy40nCXAmyfR2bEEBd+tX6xfkYFb0=", + "lastModified": 1763210607, + "narHash": "sha256-gyEL9lw8oSbFbZ323vYUpIhcZLzudACEAQyCTkYh1WM=", "ref": "refs/heads/master", - "rev": "c5c438f1cd1a76660a8658ef929a3d19e968e2ce", - "revCount": 689, + "rev": "0a7dcf30eaf438aa1ec72a9017cdb952df03f005", + "revCount": 704, "type": "git", "url": "https://git.outfoxxed.me/outfoxxed/quickshell" }, @@ -1996,6 +1915,7 @@ "actual-budget-api": "actual-budget-api", "actual-budget-server": "actual-budget-server", "attic": "attic", + "awww": "awww", "caelestia-shell": "caelestia-shell", "chaotic": "chaotic", "disko": "disko", @@ -2017,9 +1937,9 @@ "nixpkgs": "nixpkgs_6", "nixpkgs-stable": "nixpkgs-stable_3", "nvf": "nvf", + "rust-overlay": "rust-overlay_4", "sops-nix": "sops-nix", "stylix": "stylix", - "swww": "swww", "yazi": "yazi", "zen-browser": "zen-browser" } @@ -2027,16 +1947,16 @@ "rust-overlay": { "inputs": { "nixpkgs": [ - "chaotic", + "awww", "nixpkgs" ] }, "locked": { - "lastModified": 1760063676, - "narHash": "sha256-s5Fjh43skH2L+avOGioLmEHoYZffDbg3abV5h0gjeew=", + "lastModified": 1761964689, + "narHash": "sha256-Zo3LQQDz+64EQ9zor/WmeNTFLoZkjmhp0UY3G0D3seE=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "897deed0923cc5a1d560c5176abe0d172ec9716d", + "rev": "63d22578600f70d293aede6bc737efef60ebd97f", "type": "github" }, "original": { @@ -2046,6 +1966,27 @@ } }, "rust-overlay_2": { + "inputs": { + "nixpkgs": [ + "chaotic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1763433504, + "narHash": "sha256-cVid5UNpk88sPYHkLAA5aZEHOFQXSB/2L1vl18Aq7IM=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "42ce16c6d8318a654d53f047c9400b7d902d6e61", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_3": { "inputs": { "nixpkgs": [ "lanzaboote", @@ -2066,19 +2007,18 @@ "type": "github" } }, - "rust-overlay_3": { + "rust-overlay_4": { "inputs": { "nixpkgs": [ - "swww", "nixpkgs" ] }, "locked": { - "lastModified": 1759199574, - "narHash": "sha256-w24RYly3VSVKp98rVfCI1nFYfQ0VoWmShtKPCbXgK6A=", + "lastModified": 1763692705, + "narHash": "sha256-tCKCyMYU0Vy+ph/xswlNsYXXjnFVweWBV+ew/5FS9tA=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "381776b12d0d125edd7c1930c2041a1471e586c0", + "rev": "6fbf5d328dce1828d887b8ee7d44a785196a34e7", "type": "github" }, "original": { @@ -2087,7 +2027,7 @@ "type": "github" } }, - "rust-overlay_4": { + "rust-overlay_5": { "inputs": { "nixpkgs": [ "yazi", @@ -2095,11 +2035,11 @@ ] }, "locked": { - "lastModified": 1756348497, - "narHash": "sha256-xJp3VnoYh4kpsaKFO/7SsGbwOz7pI1ZmjbqpXEuR2cw=", + "lastModified": 1762396738, + "narHash": "sha256-BarSecuxtzp1boERdABLkkoxQTi6s/V33lJwUbWLrLY=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "0adf92c70d23fb4f703aea5d3ebb51ac65994f7f", + "rev": "c63598992afd54d215d54f2b764adc0484c2b159", "type": "github" }, "original": { @@ -2113,11 +2053,11 @@ "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1759635238, - "narHash": "sha256-UvzKi02LMFP74csFfwLPAZ0mrE7k6EiYaKecplyX9Qk=", + "lastModified": 1763607916, + "narHash": "sha256-VefBA1JWRXM929mBAFohFUtQJLUnEwZ2vmYUNkFnSjE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "6e5a38e08a2c31ae687504196a230ae00ea95133", + "rev": "877bb495a6f8faf0d89fc10bd142c4b7ed2bcc0b", "type": "github" }, "original": { @@ -2163,11 +2103,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1759690047, - "narHash": "sha256-Vlpa0d1xOgPO9waHwxJNi6LcD2PYqB3EjwLRtSxXlHc=", + "lastModified": 1763695782, + "narHash": "sha256-XNc65mYmCzadkYlsahfvrhqRfIvQlX94PzTEjmO1yYo=", "owner": "nix-community", "repo": "stylix", - "rev": "09022804b2bcd217f3a41a644d26b23d30375d12", + "rev": "57e963fd7901ddce320bbb8fdd910113e4a1fd31", "type": "github" }, "original": { @@ -2176,28 +2116,6 @@ "type": "github" } }, - "swww": { - "inputs": { - "flake-compat": "flake-compat_9", - "nixpkgs": [ - "nixpkgs" - ], - "rust-overlay": "rust-overlay_3" - }, - "locked": { - "lastModified": 1759428786, - "narHash": "sha256-vn3/hpRTI330+yJOoow7wBWMUk2LbnYgyR0v4/LX08o=", - "owner": "LGFae", - "repo": "swww", - "rev": "b9aaba38c79e9915c62328861def7353f53dcdbd", - "type": "github" - }, - "original": { - "owner": "LGFae", - "repo": "swww", - "type": "github" - } - }, "systems": { "locked": { "lastModified": 1681028828, @@ -2445,27 +2363,6 @@ } }, "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "neovim-nightly-overlay", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1760120816, - "narHash": "sha256-gq9rdocpmRZCwLS5vsHozwB6b5nrOBDNc2kkEaTXHfg=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "761ae7aff00907b607125b2f57338b74177697ed", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, - "treefmt-nix_2": { "inputs": { "nixpkgs": [ "nixd", @@ -2531,14 +2428,14 @@ "inputs": { "flake-utils": "flake-utils_7", "nixpkgs": "nixpkgs_8", - "rust-overlay": "rust-overlay_4" + "rust-overlay": "rust-overlay_5" }, "locked": { - "lastModified": 1759765472, - "narHash": "sha256-YYfXBsw57fH6s/hXR24rv8/nr35oQl1CBH7p4WcK8RA=", + "lastModified": 1763600401, + "narHash": "sha256-druDd9HC3UxZSzCY+qaFp9QDCGfzrhv+Zrytia6lJUE=", "owner": "sxyazi", "repo": "yazi", - "rev": "554cb52cc581df9a41e0778ebd448925cd3aca55", + "rev": "a08b345a02c6b4c65239a0522f67e77a0132e88b", "type": "github" }, "original": { @@ -2552,11 +2449,11 @@ "nixpkgs": "nixpkgs_9" }, "locked": { - "lastModified": 1759642033, - "narHash": "sha256-irUhy22si6jwWSj2AYkOOuf949P4PFMihVUvU1qt1Jo=", + "lastModified": 1763775611, + "narHash": "sha256-AmgDr9n3JAUwwG3b28oArHaDv5pDMos53D1uZFDl8os=", "owner": "dachxy", "repo": "zen-browser-flake", - "rev": "7978da3c80968b1b61c97a3f3858640a8583bfb9", + "rev": "bff2ec6219c2574fa9818b709a0b1e68eef42a6d", "type": "github" }, "original": { @@ -2581,11 +2478,11 @@ ] }, "locked": { - "lastModified": 1759192380, - "narHash": "sha256-0BWJgt4OSzxCESij5oo8WLWrPZ+1qLp8KUQe32QeV4Q=", + "lastModified": 1760401936, + "narHash": "sha256-/zj5GYO5PKhBWGzbHbqT+ehY8EghuABdQ2WGfCwZpCQ=", "owner": "mitchellh", "repo": "zig-overlay", - "rev": "0bcd1401ed43d10f10cbded49624206553e92f57", + "rev": "365085b6652259753b598d43b723858184980bbe", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 29cbc3a..ff3076e 100644 --- a/flake.nix +++ b/flake.nix @@ -7,7 +7,7 @@ }; nixpkgs = { - url = "github:nixos/nixpkgs/nixpkgs-unstable"; + url = "github:nixos/nixpkgs/nixos-unstable"; }; home-manager = { @@ -15,6 +15,11 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + rust-overlay = { + url = "github:oxalica/rust-overlay"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nix-index-database = { url = "github:nix-community/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; @@ -69,8 +74,8 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - swww = { - url = "github:LGFae/swww"; + awww = { + url = "git+https://codeberg.org/LGFae/awww"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -186,7 +191,6 @@ in nixpkgs.lib.nixosSystem { specialArgs = { - inherit (conf) system; inherit helper inputs @@ -203,6 +207,7 @@ inputs.mail-server.overlay inputs.nix-minecraft.overlay inputs.nix-tmodloader.overlay + inputs.rust-overlay.overlays.default ] ++ (import ./pkgs/overlays); } diff --git a/home/config/.face b/home/config/.face index 449141c..f94da2e 100644 Binary files a/home/config/.face and b/home/config/.face differ diff --git a/home/options/default.nix b/home/options/default.nix new file mode 100644 index 0000000..f60cc53 --- /dev/null +++ b/home/options/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./ntfy-client.nix + ]; +} diff --git a/home/options/ntfy-client.nix b/home/options/ntfy-client.nix new file mode 100644 index 0000000..e6899f0 --- /dev/null +++ b/home/options/ntfy-client.nix @@ -0,0 +1,81 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) + literalExpression + mkEnableOption + mkPackageOption + mkOption + types + mkIf + getExe' + ; + + cfg = config.services.ntfy-client; +in +{ + options.services.ntfy-client = { + enable = mkEnableOption "enable ntfy client subscription"; + package = mkPackageOption pkgs "ntfy-sh" { }; + extraArgs = mkOption { + type = with types; listOf str; + default = [ ]; + }; + settings = mkOption { + type = with types; attrs; + description = "The settings for `client.yml`"; + default = { }; + example = literalExpression '' + { + default-host = "https://ntfy.sh"; + subscribe = [ + { + topic = "common"; + command = ''\''notify-send "$m"''\''; + token = "$TOKEN"; + } + ]; + } + ''; + }; + + environmentFile = mkOption { + type = with types; path; + default = null; + description = "environmentFile contains secrets"; + example = '' + /var/run/secrets + + content: + + NTFY_USER="username:password" + ''; + }; + }; + + config = mkIf cfg.enable ( + let + configFile = (pkgs.formats.yaml { }).generate "ntfy-client.yml" cfg.settings; + in + { + systemd.user.services.ntfy-client = { + Unit.X-Restart-Triggers = [ config.xdg.configFile."ntfy/client.yml".source ]; + Install = { + WantedBy = [ "graphical-session.target" ]; + }; + Service = { + ExecStart = "${getExe' cfg.package "ntfy"} subscribe --from-config ${toString cfg.extraArgs}"; + EnvironmentFile = [ + cfg.environmentFile + ]; + }; + }; + + xdg.configFile."ntfy/client.yml".source = configFile; + } + ); +} diff --git a/home/presets/basic.nix b/home/presets/basic.nix index f65820b..44b91cb 100644 --- a/home/presets/basic.nix +++ b/home/presets/basic.nix @@ -1,6 +1,7 @@ { ... }: { imports = [ + ../options ../user/internationalisation.nix ../user/config.nix ../user/direnv.nix diff --git a/home/scripts/mkWall.nix b/home/scripts/mkWall.nix index 5155fba..ac5b557 100644 --- a/home/scripts/mkWall.nix +++ b/home/scripts/mkWall.nix @@ -10,7 +10,7 @@ let curl -sL "$url" -o "$filepath" fi - ${config.services.swww.package}/bin/swww img "$filepath" \ + ${config.services.swww.package}/bin/awww img "$filepath" \ --transition-fps 45 \ --transition-duration 1 \ --transition-type random diff --git a/home/scripts/ntfy.nix b/home/scripts/ntfy.nix new file mode 100644 index 0000000..5dbc88d --- /dev/null +++ b/home/scripts/ntfy.nix @@ -0,0 +1,15 @@ +{ + config, + pkgs, + lib, +}: +let + inherit (lib) getExe'; +in +pkgs.writeShellScriptBin "ntfy" '' + set -o allexport + source "${config.sops.secrets."ntfy".path}" + set +o allexport + + ${getExe' pkgs.ntfy-sh "ntfy"} "$@" +'' diff --git a/home/scripts/remoteRebuild.nix b/home/scripts/remoteRebuild.nix index 157df9f..453c073 100644 --- a/home/scripts/remoteRebuild.nix +++ b/home/scripts/remoteRebuild.nix @@ -1,4 +1,17 @@ -{ pkgs, ... }: +{ + osConfig, + config, + pkgs, +}: +let + inherit (osConfig.networking) hostName; + shouldNotify = + (builtins.hasAttr "ntfy-client" config.services) && config.services.ntfy-client.enable; + rebuildCommand = '' + nixos-rebuild switch --target-host "$TARGET" \ + --build-host "$BUILD" \ + --sudo --ask-sudo-password $@''; +in pkgs.writeShellScriptBin "rRebuild" '' TARGET=$1 BUILD=$2 @@ -6,5 +19,20 @@ pkgs.writeShellScriptBin "rRebuild" '' shift shift - nixos-rebuild switch --target-host "$TARGET" --build-host "$BUILD" --sudo --ask-sudo-password $@ + ${ + if shouldNotify then + '' + export NTFY_TITLE="🎯 $TARGET built by 🏗️ ''\${BUILD:-${hostName}}" + export NTFY_TAGS="gear" + + if ${rebuildCommand} + then + ntfy pub system-build "✅ Build success" > /dev/null 2>&1 + else + ntfy pub system-build "⛔ Build failed" > /dev/null 2>&1 + fi + '' + else + rebuildCommand + } '' diff --git a/home/user/config.nix b/home/user/config.nix index be6c247..a450bbb 100644 --- a/home/user/config.nix +++ b/home/user/config.nix @@ -15,7 +15,6 @@ in recursive = true; source = "${configDir}/gh"; }; - ".face".source = "${configDir}/.face"; }; xdg.mimeApps = { diff --git a/home/user/environment.nix b/home/user/environment.nix index d64255c..624e5fc 100644 --- a/home/user/environment.nix +++ b/home/user/environment.nix @@ -8,7 +8,7 @@ XDG_CACHE_HOME = "\${HOME}/.cache"; XDG_CONFIG_HOME = "\${HOME}/.config"; XDG_DATA_HOME = "\${HOME}/.local/share"; - XDG_DATA_DIRS = "\${XDG_DATA_DIRS}:/usr/share:/var/lib/flatpak/exports/share:\${HOME}/.local/share/flatpak/exports/share"; + XDG_DATA_DIRS = "\${XDG_DATA_DIRS}:/usr/share"; WLR_RENDERER = "vulkan"; diff --git a/home/user/git.nix b/home/user/git.nix index 5dfd948..7185e06 100644 --- a/home/user/git.nix +++ b/home/user/git.nix @@ -6,9 +6,9 @@ { programs.git = { enable = true; - userName = username; - userEmail = email; - extraConfig = { + settings = { + user.name = username; + user.email = email; safe.directory = [ "/etc/nixos" ]; init.defaultBranch = "main"; pull.rebase = true; diff --git a/home/user/hypr/bind.nix b/home/user/hypr/bind.nix index c22eed4..63d82b2 100644 --- a/home/user/hypr/bind.nix +++ b/home/user/hypr/bind.nix @@ -2,7 +2,6 @@ { osConfig, config, - lib, pkgs, ... }: @@ -18,6 +17,7 @@ let browser = "${prefix}${browser-bin}"; terminal = "${prefix}ghostty"; filemanager = "${terminal} -e yazi"; + mailClient = "${prefix}thunderbird"; screenshotFolder = "--output-folder ~/Pictures/Screenshots"; clipboardOnly = "${screenshotFolder}"; @@ -49,7 +49,8 @@ in ''CTRL ALT, T, exec, ${terminal}'' ''${mainMod}, Q, killactive, '' - ''${mainMod}, M, exec, ${toggleWlogout}'' + ''${mainMod} SHIFT, M, exec, ${toggleWlogout}'' + ''${mainMod}, M, exec, ${mailClient}'' ''${mainMod}, E, exec, ${filemanager}'' ''${mainMod}, V, togglefloating, '' ''ALT, SPACE, exec, rofi -config ~/.config/rofi/apps.rasi -show drun'' diff --git a/home/user/hyprland.nix b/home/user/hyprland.nix index 28fd58d..a090bbb 100644 --- a/home/user/hyprland.nix +++ b/home/user/hyprland.nix @@ -3,11 +3,12 @@ lib, inputs, config, - system, osConfig, ... }: let + inherit (lib) mkForce escapeShellArgs getExe'; + inherit (pkgs.stdenv.hostPlatform) system; inherit (osConfig.systemConf) username; inherit (osConfig.systemConf.hyprland) monitors; terminal = "ghostty"; @@ -64,7 +65,6 @@ in plugins = ( with inputs.hyprland-plugins.packages.${system}; [ - xtra-dispatchers hyprwinwrap ] ); @@ -138,12 +138,15 @@ in }; }; - # === Swww === # + # === Awww === # services.swww = { enable = true; - package = inputs.swww.packages.${system}.swww; + package = inputs.awww.packages.${system}.awww; }; + systemd.user.services.swww.Service.ExecStart = + mkForce "${getExe' config.services.swww.package "awww-daemon"} ${escapeShellArgs config.services.swww.extraArgs}"; + # === hyprlock === # programs.hyprlock = { enable = true; diff --git a/home/user/internationalisation.nix b/home/user/internationalisation.nix index 6cf1332..0ce6192 100644 --- a/home/user/internationalisation.nix +++ b/home/user/internationalisation.nix @@ -8,7 +8,7 @@ let addons = with pkgs; [ fcitx5-gtk fcitx5-mozc # Japanese - fcitx5-chinese-addons + qt6Packages.fcitx5-chinese-addons fcitx5-rime # Bopomofo rime-data ]; diff --git a/home/user/nvf/default.nix b/home/user/nvf/default.nix index 51d8c8d..ae1bc2b 100644 --- a/home/user/nvf/default.nix +++ b/home/user/nvf/default.nix @@ -28,16 +28,25 @@ in imports = [ ./plugins/snacks-nvim ./plugins/lualine + ./plugins/leetcode ./extra-lsp.nix ]; + home.packages = with pkgs; [ + (rust-bin.stable.latest.default.override { + extensions = [ "rust-src" ]; + }) + ]; + programs.nvf = { enable = true; settings = { vim = { enableLuaLoader = true; vimAlias = true; - extraPackages = with pkgs; [ nixfmt ]; + extraPackages = with pkgs; [ + nixfmt + ]; clipboard = { enable = true; @@ -380,12 +389,9 @@ in enable = true; lsp = { enable = true; - package = [ - "rust-analyzer" - ]; opts = '' ['rust-analyzer'] = { - cargo = {allFeature = true}, + cargo = { allFeature = true }, checkOnSave = true, procMacro = { enable = true, @@ -528,7 +534,8 @@ in yazi-nvim = { enable = true; - mappings.openYaziDir = "e"; + mappings.openYaziDir = "-"; + mappings.openYazi = "e"; }; images = { diff --git a/home/user/nvf/plugins/leetcode/default.nix b/home/user/nvf/plugins/leetcode/default.nix new file mode 100644 index 0000000..935ad75 --- /dev/null +++ b/home/user/nvf/plugins/leetcode/default.nix @@ -0,0 +1,72 @@ +{ + lib, + config, + osConfig, + ... +}: +let + inherit (lib.generators) mkLuaInline; + inherit (osConfig.systemConf) username; + relativeDir = "projects/leetcode"; + dataDir = "${config.home.homeDirectory}/${relativeDir}"; +in +{ + programs.nvf.settings.vim.utility.leetcode-nvim = { + enable = true; + setupOpts = { + image_support = true; + lang = "rust"; + plugins.non_standalone = true; + storage.home = mkLuaInline ''"${dataDir}"''; + injector = mkLuaInline '' + { + ['rust'] = { + before = { '#[allow(dead_code)]', 'fn main() {}', '#[allow(dead_code)]', 'struct Solution;' }, + } + } + ''; + hooks."question_enter" = [ + (mkLuaInline + # lua + '' + function (question) + if question.lang ~= 'rust' then + return + end + + local config = require("leetcode.config") + local problem_dir = config.user.storage.home .. "/Cargo.toml" + local content = [[ + [package] + name = "leetcode" + edition = "2024" + + [lib] + name = "%s" + path = "%s" + + [dependencies] + rand = "0.8" + regex = "1" + itertools = "0.14.0" + ]] + + local file = io.open(problem_dir, "w") + if file then + local formatted = (content:gsub(" +", "")):format(question.q.frontend_id, question:path()) + file:write(formatted) + file:close() + else + print("Failed to open file " .. problem_dir) + end + end + '' + ) + ]; + }; + }; + + systemd.user.tmpfiles.rules = [ + "d ${dataDir} 0744 ${username} users -" + ]; +} diff --git a/home/user/packages.nix b/home/user/packages.nix index 3b184dc..5ea0b60 100644 --- a/home/user/packages.nix +++ b/home/user/packages.nix @@ -1,12 +1,10 @@ { pkgs, - lib, inputs, - system, - osConfig, ... }: let + inherit (pkgs.stdenv.hostPlatform) system; md2html = pkgs.callPackage ../scripts/md2html.nix { }; ghosttyShaders = pkgs.fetchFromGitHub { owner = "sahaj-b"; @@ -60,61 +58,46 @@ in }; }; - home.packages = - with pkgs; - [ - obsidian + home.packages = with pkgs; [ + obsidian - # Discord - # vesktop - discord + # Discord + # vesktop + discord - # Dev stuff - (python3.withPackages (python-pkgs: [ - python-pkgs.pip - python-pkgs.requests - ])) + # Dev stuff + (python3.withPackages (python-pkgs: [ + python-pkgs.pip + python-pkgs.requests + ])) - # Work stuff - libreoffice-qt - pandoc + # Work stuff + libreoffice-qt + pandoc - # Bluetooth - blueberry + # Bluetooth + blueberry - # Downloads - qbittorrent + # Downloads + qbittorrent - # Utils - cava - papirus-folders - inkscape + # Utils + cava + papirus-folders + inkscape - # PDF Preview - poppler - trash-cli + # PDF Preview + poppler + trash-cli - # File Manager - nemo + # File Manager + nemo - # Thumbnail - ffmpegthumbnailer + thunderbird - thunderbird + # Thumbnail + ffmpegthumbnailer - md2html - ] - ++ ( - if osConfig.programs.steam.enable then - [ - steam-run - protonup - ] - else - [ ] - ); - - home.sessionVariables = lib.mkIf osConfig.programs.steam.enable { - STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d"; - }; + md2html + ]; } diff --git a/home/user/shell.nix b/home/user/shell.nix index a8bac32..6781d44 100644 --- a/home/user/shell.nix +++ b/home/user/shell.nix @@ -1,9 +1,17 @@ -{ osConfig, pkgs, ... }: +{ + osConfig, + config, + pkgs, + ... +}: let - shellAlias = import ./shellAlias.nix { hostname = osConfig.networking.hostName; }; - remoteRebuld = pkgs.callPackage ../scripts/remoteRebuild.nix { }; + remoteRebuld = import ../scripts/remoteRebuild.nix { inherit osConfig config pkgs; }; in { + imports = [ + ./shellAlias.nix + ]; + home.packages = with pkgs; [ # Shell grc @@ -34,7 +42,6 @@ in src = pkgs.fishPlugins.hydro.src; } ]; - shellAliases = shellAlias; }; bash = { diff --git a/home/user/shellAlias.nix b/home/user/shellAlias.nix index 1a7816c..3e57b9b 100644 --- a/home/user/shellAlias.nix +++ b/home/user/shellAlias.nix @@ -1,27 +1,68 @@ -{ hostname }: { - ls = "exa --icons"; - lp = "exa"; # Pure output - cat = "bat"; - g = "git"; - t = "tmux"; + osConfig, + config, + pkgs, + ... +}: +let + hostname = osConfig.networking.hostName; - # Nixos - rebuild = "sudo nixos-rebuild switch --flake /etc/nixos#${hostname}"; - fullClean = "sudo nix store gc && sudo nix-collect-garbage -d && sudo /run/current-system/bin/switch-to-configuration boot"; + shouldNotify = + (builtins.hasAttr "ntfy-client" config.services) && config.services.ntfy-client.enable; - # Hyprland - hyprlog = "grep -v \"arranged\" $XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/hyprland.log | cat"; + rebuildCommand = '' + sudo nixos-rebuild switch --target-host "$TARGET" \ + --build-host "$BUILD" \ + --sudo --ask-sudo-password $@''; - # Systemd Boot - setWin = "sudo bootctl set-oneshot auto-windows"; - goWin = "sudo bootctl set-oneshot auto-windows && reboot"; - goBios = "sudo bootctl set-oneshot auto-reboot-to-firmware-setup && reboot"; + rebuild = pkgs.writeShellScriptBin "rebuild" '' + ${ + if shouldNotify then + '' + export NTFY_TITLE="🎯 ${hostname}" + export NTFY_TAGS="gear" - # TTY - hideTTY = ''sudo sh -c "echo 0 > /sys/class/graphics/fb0/blank"''; - showTTY = ''sudo sh -c "echo 1 > /sys/class/graphics/fb0/blank"''; + if ${rebuildCommand} + then + ntfy pub system-build "✅ Build success" > /dev/null 2>&1 + else + ntfy pub system-build "⛔ Build failed" > /dev/null 2>&1 + fi + '' + else + rebuildCommand + } + ''; +in +{ + home.packages = [ + rebuild + ]; - # Recover from hyprlock corruption - letMeIn = ''hyprctl --instance 0 "keyword misc:allow_session_lock_restore 1" && hyprctl --instance 0 dispatch "exec hyprlock"''; + programs.fish.shellAliases = { + ls = "exa --icons"; + lp = "exa"; # Pure output + cat = "bat"; + g = "git"; + t = "tmux"; + podt = "podman-tui"; + + # Nixos + fullClean = "sudo nix store gc && sudo nix-collect-garbage -d && sudo /run/current-system/bin/switch-to-configuration boot"; + + # Hyprland + hyprlog = "grep -v \"arranged\" $XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/hyprland.log | cat"; + + # Systemd Boot + setWin = "sudo bootctl set-oneshot auto-windows"; + goWin = "sudo bootctl set-oneshot auto-windows && reboot"; + goBios = "sudo bootctl set-oneshot auto-reboot-to-firmware-setup && reboot"; + + # TTY + hideTTY = ''sudo sh -c "echo 0 > /sys/class/graphics/fb0/blank"''; + showTTY = ''sudo sh -c "echo 1 > /sys/class/graphics/fb0/blank"''; + + # Recover from hyprlock corruption + letMeIn = ''hyprctl --instance 0 "keyword misc:allow_session_lock_restore 1" && hyprctl --instance 0 dispatch "exec hyprlock"''; + }; } diff --git a/home/user/waybar.nix b/home/user/waybar.nix index a6f80b4..63441f3 100644 --- a/home/user/waybar.nix +++ b/home/user/waybar.nix @@ -4,7 +4,6 @@ { osConfig, config, - username, lib, pkgs, helper, @@ -72,7 +71,7 @@ let exit 1 fi - ${config.services.swww.package}/bin/swww img "$selected" --transition-fps 45 --transition-duration 1 --transition-type random + ${config.services.swww.package}/bin/awww img "$selected" --transition-fps 45 --transition-duration 1 --transition-type random ''; rbwSelector = import ../scripts/rbwSelector.nix { inherit pkgs; }; @@ -84,11 +83,6 @@ in mkWall ]; - # For wallpapers - systemd.user.tmpfiles.rules = [ - "d /tmp/wall_cache 700 ${username} -" - ]; - # === gamemoded -r === # systemd.user.services.gamemodedr = lib.mkIf osConfig.programs.gamemode.enable { Service = { diff --git a/home/user/yazi.nix b/home/user/yazi.nix index 4f965cc..af8bed1 100644 --- a/home/user/yazi.nix +++ b/home/user/yazi.nix @@ -1,11 +1,12 @@ { inputs, - system, + config, pkgs, lib, ... }: let + inherit (pkgs.stdenv.hostPlatform) system; yaziPlugins = pkgs.fetchFromGitHub { owner = "yazi-rs"; repo = "plugins"; @@ -63,7 +64,7 @@ in opener = { set-wallpaper = [ { - run = ''${pkgs.swww}/bin/swww img "$1" --transition-fps 45 --transition-duration 1 --transition-type random''; + run = ''${config.services.swww.package}/bin/awww img "$1" --transition-fps 45 --transition-duration 1 --transition-type random''; for = "linux"; desc = "Set as wallpaper"; } @@ -111,7 +112,7 @@ in "g" "w" ]; - run = ''shell -- ${pkgs.swww}/bin/swww img "$1" --transition-fps 45 --transition-duration 1 --transition-type random''; + run = ''shell -- ${config.services.swww.package}/bin/awww img "$1" --transition-fps 45 --transition-duration 1 --transition-type random''; desc = "Set as wallpaper"; } # Git Changes @@ -178,9 +179,7 @@ in "c" "D" ]; - run = '' - shell '${pkgs.ripdrag.out}/bin/ripdrag "$@" -x 2>/dev/null &' --confirm - ''; + run = ''shell 'ripdrag "$0" "$@" -x 2>/dev/null &' --confirm''; desc = "Drag the file"; } # Start terminal @@ -214,7 +213,7 @@ in { on = [ "F" # file - "m" # markdown + "M" # markdown "H" # html ]; for = "unix"; @@ -251,5 +250,6 @@ in home.packages = with pkgs; [ ueberzugpp pdfNormalize + ripdrag ]; } diff --git a/options/systemconf.nix b/options/systemconf.nix index 952cbf1..9459ac2 100644 --- a/options/systemconf.nix +++ b/options/systemconf.nix @@ -1,6 +1,5 @@ { inputs, - system, config, pkgs, helper, @@ -8,6 +7,7 @@ ... }: let + inherit (pkgs.stdenv.hostPlatform) system; inherit (lib) mkOption mkEnableOption @@ -63,6 +63,12 @@ in description = "Hostname for system"; }; + face = mkOption { + type = with types; nullOr path; + description = "User avatar"; + default = null; + }; + domain = mkOption { type = types.str; default = "local"; @@ -140,6 +146,7 @@ in imports = [ inputs.hyprland.homeManagerModules.default inputs.caelestia-shell.homeManagerModules.default + inputs.sops-nix.homeManagerModules.default inputs.zen-browser.homeManagerModules.${system}.default inputs.nvf.homeManagerModules.default { @@ -148,6 +155,10 @@ in stateVersion = stateVersion; }; programs.home-manager.enable = true; + + home.file.".face" = mkIf (cfg.face != null) { + source = cfg.face; + }; } ] ++ (optionals cfg.hyprland.enable [ diff --git a/pkgs/overlays/default.nix b/pkgs/overlays/default.nix index 39b78e0..21e4f28 100644 --- a/pkgs/overlays/default.nix +++ b/pkgs/overlays/default.nix @@ -1,5 +1,5 @@ [ (import ./vesktop.nix) - (import ./powerdns-admin.nix) - (import ./stalwart-mail) + # (import ./powerdns-admin.nix) + # (import ./stalwart-mail) ] diff --git a/pkgs/patches/nextcloud_recognize_models_path.patch b/pkgs/patches/nextcloud_recognize_models_path.patch deleted file mode 100644 index 628ee45..0000000 --- a/pkgs/patches/nextcloud_recognize_models_path.patch +++ /dev/null @@ -1,35 +0,0 @@ -diff --git a/lib/Service/DownloadModelsService.php b/lib/Service/DownloadModelsService.php -index 64e4223..ac939a3 100755 ---- a/lib/Service/DownloadModelsService.php -+++ b/lib/Service/DownloadModelsService.php -@@ -27,7 +27,7 @@ final class DownloadModelsService { - * @throws \Exception - */ - public function download() : void { -- $targetPath = __DIR__ . '/../../models'; -+ $targetPath = "/var/lib/nextcloud/models"; - if (file_exists($targetPath)) { - // remove models directory - $it = new RecursiveDirectoryIterator($targetPath, FilesystemIterator::SKIP_DOTS); -@@ -44,7 +44,7 @@ final class DownloadModelsService { - } - - $archiveUrl = $this->getArchiveUrl($this->getNeededArchiveRef()); -- $archivePath = __DIR__ . '/../../models.tar.gz'; -+ $archivePath = "/var/lib/nextcloud/models.tar.gz"; - $timeout = $this->isCLI ? 0 : 480; - $this->clientService->newClient()->get($archiveUrl, ['sink' => $archivePath, 'timeout' => $timeout]); - $tarManager = new TAR($archivePath); -diff --git a/lib/Settings/AdminSettings.php b/lib/Settings/AdminSettings.php -index 83f8a76..ac73d29 100755 ---- a/lib/Settings/AdminSettings.php -+++ b/lib/Settings/AdminSettings.php -@@ -28,7 +28,7 @@ final class AdminSettings implements ISettings { - $settings = $this->settingsService->getAll(); - $this->initialState->provideInitialState('settings', $settings); - -- $modelsPath = __DIR__ . '/../../models'; -+ $modelsPath = "/var/lib/nextcloud/models"; - $modelsDownloaded = file_exists($modelsPath); - $this->initialState->provideInitialState('modelsDownloaded', $modelsDownloaded); - diff --git a/system/dev/dn-lap/default.nix b/system/dev/dn-lap/default.nix index f2d5add..bd3b530 100644 --- a/system/dev/dn-lap/default.nix +++ b/system/dev/dn-lap/default.nix @@ -8,6 +8,7 @@ in { systemConf = { inherit hostname username; + face = ../../../home/config/.face; domain = "net.dn"; hyprland = { enable = true; @@ -23,6 +24,8 @@ in imports = [ ../../modules/presets/basic.nix + ../public/dn + ../public/dn/ntfy.nix ./common ./games ./home diff --git a/system/dev/dn-lap/sops/secret.yaml b/system/dev/dn-lap/sops/secret.yaml index 2e4425f..b227460 100644 --- a/system/dev/dn-lap/sops/secret.yaml +++ b/system/dev/dn-lap/sops/secret.yaml @@ -2,25 +2,25 @@ wireguard: wg0.conf: ENC[AES256_GCM,data:drqs+CkZVZH4K87jWZLy33NuqPeqLkyTp6mDoxcOsEYGaIR38pommv4TSynAOvrUC3dCw9O+qLHEiSwlJGoZOQKFzHxUefKrCtkRMCE3ytDKFmJbLoKT/GPxnOOenIm8JxKX6nsLaqCk36ODXzTA8iU8ICN2zqoCiodjx72Ge2KckQzSak04v28B6viuzfl8zipD1Fetm72sOBTX0I0WwoziDBBL77x1hX/8POob3ISrTejhik18dxAPLB9H3iVl1aOHhszsrAYB26IfujY/FxRqIrn8v+H2aFen3oowRjd/wTPtc/rLZj/7n6/Sl3NDzOE+jIYYG7yym7lkUM9Z,iv:oS01iUSG0ufUzIsfPD/jF3/TPEDDBp+CnnLQnyze8dM=,tag:mtmY3OVz3k7eu5Lxe14KLg==,type:str] sops: age: - - recipient: age1z6f643a6vqm7cqh6fna5dhmxfkgwxgqy8kg9s0vf9uxhaswtngtspmqsjw + - recipient: age1uvsvf5ljaezh5wze32p685kfentyle0l2mvysc67yvgct2h4850qqph9lv enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkczZGckdvWVdlaFFxQmox - eWM5eGtoOHIvbTlEc0RnSVN1REVMSTBXZURrCktDeUxMZUY1cHRtKzRLTDNDUU9E - aldkcFZ2a0ZzUXdOSjZWeHVPZ1FJY1UKLS0tIGZZTlk4OWtZcERXME5YNk96cmc5 - M3RPbkRxSFRXeEU5MFZxLzl4clpabDAKiCaiEKZwaCUGi6DRtzb786c8qB+EiiCn - YHrCvm5F72vAmDAozqtTjZM1Dt4yQDxPNMWKFyUzxY0TDpboGrgBHA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqeGx5aDZOeVBDSWpjUlV4 + WEZuK3JBQnVySmQySFd4dnNKRkdVR01pVVRNClE2WXQveG9aaTZJUHVHaUdoOFht + VENZMHF0eHkzb0VTUEN2TW5OYjBxS0UKLS0tIGlOb1VYdHhMMVd5L0RCSEVabzMx + Q2wvRjV5SGQwZ3ZRNmYzSW5pdlJNTE0Kyg2/VqHJngn/n+OJbIDSn4fy+KjanN2o + AufQbRG46T4kXeOwmtMp+5oRIrxKMibu8bvQpR6DjsHs0xmXhhlFAw== -----END AGE ENCRYPTED FILE----- - recipient: age17rjcght2y5p4ryr76ysnxpy2wff62sml7pyc5udcts48985j05vqpwdfq2 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1SzNGcVFkSS93VnQyUlZw - YkM0U1BUTTF4ajY5VU5LOHpYbTBaYnBsUFZnCmx2a0R1VCtkcTUrT2VNMGRRc29H - R1hVSHNDSjlwdk1RUXZYdkpFeUFkY1EKLS0tIDdVdU92STZIN0JmK0ZPeldsYlRG - eWFnVWcrUVpRVDQveTloWk9LVm4yd28KppalVePvXwPks+2TKHqG8a+uZjpgQo3I - edhrdNan56Ly5mLFyXmGlww88nqQMTZq4DODtyfF4+rRlyv0i4AEEg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0N3pUMHNWVGxwOWFKVS9a + dEYzREFSdkR0bldMSEV0b3dZMnlsQUE1RTNVCllPblJUMG90RlViZ2N1RU1TS2tO + UnlHS0IzT3E3bER4eEg4SlQ5QjNZQ1UKLS0tIGhtTTlUZHVrbUZiRHZCbEt1K2w0 + V09NYXpBYXBtYWdBajJubmVFL2loY0EKJdYKQHPriOT0eouvRUiCyqLSTzugUZxl + BFTwfCez1/K2ERKQkKsMfIARbHaI2SRyDxM2O1IJ+DOIJ2383K6Gvw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-10-15T08:06:35Z" - mac: ENC[AES256_GCM,data:sinK5N+aY4PwsqtHhyAI5a6YU7uhKkh5APrtQorgCYHJ1Q3p3Fit//UOnY86kK/CiXS/OQ6oZZi5XjJOKULThp8X2JSu1iAdBK2Sl11AD1kGyDb69vuYr3PlAFWDdp5mbjMAPACukUpeiIL9jfZWL06WqzGSz73hDHP3T90BZAE=,iv:bcT/JWtuy74/5B/S4vzEgv8Vcnw8aMGNr8f2ON7uJI0=,tag:iA/iW+TFxyW1PWZKtr+Kqw==,type:str] + lastmodified: "2025-11-21T12:34:30Z" + mac: ENC[AES256_GCM,data:LUqoXWMhmQQgqq1AX7I2v7z58ywstjWzsVTav9iu0RrkCxeB1u5V90E4tcnfjtquLwjiabpLSRpkUXE33DhqcgxLIklX0Cpld5TK1Bsdn8DXyKk1Lhfdf3OL7cn14kb4CqXTNlDyqwM+BBsYmdFQzPjb8IPiD9y+mTO5yHuAta0=,iv:mbHhZdv+0lDI9cNUsI3oatwbItQ6Xfvgm0UMQdu9FKA=,tag:aPFWPwahvMjBojzthZZ6vQ==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/system/dev/dn-pre7780/default.nix b/system/dev/dn-pre7780/default.nix index 9caf2a3..4cee111 100644 --- a/system/dev/dn-pre7780/default.nix +++ b/system/dev/dn-pre7780/default.nix @@ -55,6 +55,9 @@ in imports = [ ../../modules/presets/basic.nix + ../public/dn + ../public/dn/ntfy.nix + ./expr ./common ./games ./home diff --git a/system/dev/dn-pre7780/expr/default.nix b/system/dev/dn-pre7780/expr/default.nix index 7a7d90a..17146c8 100644 --- a/system/dev/dn-pre7780/expr/default.nix +++ b/system/dev/dn-pre7780/expr/default.nix @@ -1,5 +1,6 @@ { imports = [ - ./netbird.nix + # ./netbird.nix + ./osx-kvm.nix ]; } diff --git a/system/dev/dn-pre7780/expr/osx-kvm.nix b/system/dev/dn-pre7780/expr/osx-kvm.nix new file mode 100644 index 0000000..526a870 --- /dev/null +++ b/system/dev/dn-pre7780/expr/osx-kvm.nix @@ -0,0 +1,14 @@ +{ config, ... }: +let + inherit (config.systemConf) username; +in +{ + virtualisation.libvirtd.enable = true; + users.extraUsers."${username}".extraGroups = [ "libvirtd" ]; + + boot.extraModprobeConfig = '' + options kvm_intel nested=1 + options kvm_intel emulate_invalid_guest_state=0 + options kvm ignore_msrs=1 report_ignored_msrs=0 + ''; +} diff --git a/system/dev/dn-pre7780/expr/vm-settings.nix b/system/dev/dn-pre7780/expr/vm-settings.nix index 1314123..eff1ad2 100644 --- a/system/dev/dn-pre7780/expr/vm-settings.nix +++ b/system/dev/dn-pre7780/expr/vm-settings.nix @@ -2,9 +2,10 @@ pkgs, lib, inputs, - system, }: let + inherit (pkgs.stdenv.hostPlatform) system; + vmList = let kubeMasterIP = "192.168.0.6"; diff --git a/system/dev/dn-pre7780/games/game.nix b/system/dev/dn-pre7780/games/game.nix index 372be48..6f5970e 100644 --- a/system/dev/dn-pre7780/games/game.nix +++ b/system/dev/dn-pre7780/games/game.nix @@ -2,11 +2,9 @@ pkgs, pkgs-stable, config, - inputs, ... }: let - protonGEVersion = "10-15"; # ==== Needed for special import ==== # shadps4-7 = pkgs.shadps4.overrideAttrs (_: rec { version = "0.7.0"; @@ -39,20 +37,6 @@ in echo "AUTOEXEC LOADED SUCCESSFULLY!" host_writeconfig ''; - - # Proton GE - ".steam/root/compatibilitytools.d/GE-Proton${protonGEVersion}" = { - source = fetchTarball { - url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton${protonGEVersion}/GE-Proton${protonGEVersion}.tar.gz"; - sha256 = "sha256:0iv7vak4a42b5m772gqr6wnarswib6dmybfcdjn3snvwxcb6hbsm"; - }; - }; - ".steam/root/compatibilitytools.d/CachyOS-Proton10-0_v3" = { - source = fetchTarball { - url = "https://github.com/CachyOS/proton-cachyos/releases/download/cachyos-10.0-20250714-slr/proton-cachyos-10.0-20250714-slr-x86_64_v3.tar.xz"; - sha256 = "sha256:0hp22hkfv3f1p75im3xpif0pmixkq2i3hq3dhllzr2r7l1qx16iz"; - }; - }; }; }; }; diff --git a/system/dev/dn-pre7780/home/default.nix b/system/dev/dn-pre7780/home/default.nix index e5ca569..dad53db 100644 --- a/system/dev/dn-pre7780/home/default.nix +++ b/system/dev/dn-pre7780/home/default.nix @@ -1,4 +1,8 @@ -{ config, lib, ... }: +{ + config, + lib, + ... +}: let inherit (lib) optionalString; inherit (config.systemConf) username; diff --git a/system/dev/dn-pre7780/services/default.nix b/system/dev/dn-pre7780/services/default.nix index bc1d694..1e9389e 100644 --- a/system/dev/dn-pre7780/services/default.nix +++ b/system/dev/dn-pre7780/services/default.nix @@ -4,6 +4,7 @@ ./mail.nix ./nginx.nix ./wireguard.nix + ./nextcloud.nix # ./netbird.nix ]; } diff --git a/system/dev/dn-pre7780/services/mail.nix b/system/dev/dn-pre7780/services/mail.nix index ff5eeba..864d160 100644 --- a/system/dev/dn-pre7780/services/mail.nix +++ b/system/dev/dn-pre7780/services/mail.nix @@ -1,35 +1,42 @@ { config, + lib, + pkgs, ... }: let - domain = "daccc.info"; - fqdn = "mx1.daccc.info"; + inherit (lib) mkIf; + mkCondition = ( + condition: ithen: ielse: [ + { + "if" = condition; + "then" = ithen; + } + { "else" = ielse; } + ] + ); + + rspamdWebPort = 11333; + rspamdPort = 31009; + domain = "dnywe.com"; + fqdn = "mx1.dnywe.com"; + + rspamdSecretFile = config.sops.secrets."rspamd".path; + rspamdSecretPath = "/run/rspamd/rspamd-controller-password.inc"; in { networking.firewall.allowedTCPPorts = [ 8080 ]; + imports = [ (import ../../../modules/stalwart.nix { inherit domain; enableNginx = false; - dkimKey = config.sops.secrets."stalwart/dkimKey".path; adminPassFile = config.sops.secrets."stalwart/adminPassword".path; - dbPassFile = config.sops.secrets."stalwart/db".path; - acmeConf = { - directory = "https://acme-v02.api.letsencrypt.org/directory"; - origin = "${domain}"; - contact = "admin@${domain}"; - domains = [ - domain - fqdn - ]; - challenge = "dns-01"; - cache = "${config.services.stalwart-mail.dataDir}/acme"; + certs."default" = { default = true; - provider = "cloudflare"; - renew-before = "30d"; - secret = "%{file:${config.sops.secrets."cloudflare/secret".path}}%"; + cert = "%{file:${config.security.acme.certs.${fqdn}.directory}/cert.pem}%"; + private-key = "%{file:${config.security.acme.certs.${fqdn}.directory}/key.pem}%"; }; ldapConf = { type = "ldap"; @@ -39,17 +46,19 @@ in base-dn = "ou=people,dc=net,dc=dn"; attributes = { name = "uid"; - email = "mailRoutingAddress"; + email = "mail"; + email-alias = "mailRoutingAddress"; secret = "userPassword"; description = [ "cn" "description" ]; class = "objectClass"; + groups = [ "memberOf" ]; }; filter = { name = "(&(objectClass=inetOrgPerson)(|(uid=?)(mail=?)(mailRoutingAddress=?)))"; - email = "(&(objectClass=inetOrgPerson)(mailRoutingAddress=?))"; + email = "(&(objectClass=inetOrgPerson)(|(mailRoutingAddress=?)(mail=?)))"; }; bind = { dn = "cn=admin,dc=net,dc=dn"; @@ -62,4 +71,135 @@ in }) ]; + services.stalwart-mail.settings.spam-filter.enable = !config.services.rspamd.enable; + + services.stalwart-mail.settings.session.milter."rspamd" = mkIf config.services.rspamd.enable { + enable = mkCondition "listener = 'smtp'" true false; + hostname = "127.0.0.1"; + port = rspamdPort; + stages = [ + "connect" + "ehlo" + "mail" + "rcpt" + "data" + ]; + tls = false; + allow-invalid-certs = false; + options = { + tempfail-on-error = true; + max-response-size = 52428800; # 50mb + version = 6; + }; + }; + + services.rspamd = { + enable = true; + locals = { + "redis.conf".text = '' + servers = "${config.services.redis.servers.rspamd.unixSocket}"; + ''; + "classifier-bayes.conf".text = '' + backend = "redis"; + autolearn = true; + ''; + "dkim_signing.conf".text = '' + enabled = false; + ''; + "milter_headers.conf".text = '' + enabled = true; + extended_spam_headers = true; + skip_local = false; + use = ["x-spamd-bar", "x-spam-level", "x-spam-status", "authentication-results", "x-spamd-result"]; + authenticated_headers = ["authentication-results"]; + ''; + }; + localLuaRules = + pkgs.writeText "rspamd-local.lua" + # lua + '' + -- Temporary fix for double dot issue rspamd#5273 + local lua_util = require("lua_util") + + rspamd_config.UNQUALIFY_SENDER_HOSTNAME = { + callback = function(task) + local hn = task:get_hostname() + if not hn then return end + local san_hn = string.gsub(hn, "%.$", "") + if hn ~= san_hn then + task:set_hostname(san_hn) + end + end, + type = "prefilter", + priority = lua_util.symbols_priorities.top + 1, + } + ''; + workers = { + rspamd_proxy = { + type = "rspamd_proxy"; + includes = [ "$CONFDIR/worker-proxy.inc" ]; + bindSockets = [ + "*:${toString rspamdPort}" + ]; + extraConfig = '' + self_scan = yes; + ''; + }; + controller = { + type = "controller"; + includes = [ + "$CONFDIR/worker-controller.inc" + ]; + extraConfig = '' + .include(try=true; priority=1,duplicate=merge) "${rspamdSecretPath}" + ''; + bindSockets = [ "127.0.0.1:${toString rspamdWebPort}" ]; + }; + }; + overrides."whitelist.conf".text = '' + whiltelist_from { + ${domain} = true; + } + ''; + }; + + systemd.services.rspamd = mkIf config.services.rspamd.enable { + path = [ + pkgs.rspamd + pkgs.coreutils + ]; + serviceConfig = { + ExecStartPre = [ + "${pkgs.writeShellScript "generate-rspamd-passwordfile" '' + RSPAMD_PASSWORD_HASH=$(rspamadm pw --password $(cat ${rspamdSecretFile})) + echo "enable_password = \"$RSPAMD_PASSWORD_HASH\";" > ${rspamdSecretPath} + chmod 770 "${rspamdSecretPath}" + ''}" + ]; + }; + }; + + services.redis.servers.rspamd = { + enable = true; + port = 0; + user = config.services.rspamd.user; + }; + + security.acme = { + acceptTerms = true; + certs."${fqdn}" = { + inheritDefaults = false; + group = config.systemd.services.stalwart-mail.serviceConfig.Group; + dnsProvider = "cloudflare"; + dnsResolver = "1.1.1.1:53"; + server = "https://acme-v02.api.letsencrypt.org/directory"; + validMinDays = 30; + email = "dachxy@${domain}"; + extraDomainNames = [ domain ]; + environmentFile = config.sops.secrets."cloudflare/secret".path; + postRun = '' + systemctl reload stalwart-mail + ''; + }; + }; } diff --git a/system/dev/dn-pre7780/services/nextcloud.nix b/system/dev/dn-pre7780/services/nextcloud.nix new file mode 100644 index 0000000..867ca5a --- /dev/null +++ b/system/dev/dn-pre7780/services/nextcloud.nix @@ -0,0 +1,87 @@ +{ + config, + lib, + pkgs, + ... +}: +let + hostname = "drive.dnywe.com"; + port = 31007; +in +{ + imports = [ + (import ../../../modules/nextcloud.nix { + configureACME = false; + hostname = hostname; + adminpassFile = config.sops.secrets."nextcloud/adminPassword".path; + trusted-domains = [ + hostname + ]; + trusted-proxies = [ "10.0.0.0/24" ]; + whiteboardSecrets = [ + config.sops.secrets."nextcloud/whiteboard".path + ]; + }) + ]; + + services.nextcloud = { + https = lib.mkForce false; + extraApps = { + inherit (config.services.nextcloud.package.packages.apps) spreed; + + twofactor_totp = pkgs.fetchNextcloudApp { + url = "https://github.com/nextcloud-releases/twofactor_totp/releases/download/v6.4.1/twofactor_totp-v6.4.1.tar.gz"; + sha256 = "sha256-Wa2P6tpp75IxCsTG4B5DQ8+iTzR7yjKBi4ZDBcv+AOI="; + license = "agpl3Plus"; + }; + + twofactor_nextcloud_notification = pkgs.fetchNextcloudApp { + url = "https://github.com/nextcloud-releases/twofactor_nextcloud_notification/releases/download/v3.9.0/twofactor_nextcloud_notification-v3.9.0.tar.gz"; + sha256 = "sha256-4fXWgDeiup5/Gm9hdZDj/u07rp/Nzwly53aLUT/d0IU="; + license = "agpl3Plus"; + }; + + twofactor_email = pkgs.fetchNextcloudApp { + url = "https://github.com/nursoda/twofactor_email/releases/download/2.8.2/twofactor_email.tar.gz"; + sha256 = "sha256-zk5DYNwoIRTIWrchWDiCHuvAST2kuIoow6VaHAAzYog="; + license = "agpl3Plus"; + }; + }; + }; + + users.groups.signaling = { + }; + + users.users.signaling = { + isSystemUser = true; + group = "signaling"; + }; + + systemd.services.nextcloud-spreed-signaling = { + requiredBy = [ + "multi-users.target" + "phpfpm-nextcloud.service" + ]; + serviceConfig = { + User = "signaling"; + Group = "signaling"; + ExecStart = "${lib.getExe' pkgs.nextcloud-spreed-signaling "server"} --config ${ + config.sops.secrets."nextcloud/signaling.conf".path + }"; + }; + }; + + services.nats = { + enable = true; + settings = { + host = "127.0.0.1"; + }; + }; + + services.nginx.virtualHosts."${hostname}".listen = lib.mkForce [ + { + port = port; + addr = "0.0.0.0"; + } + ]; +} diff --git a/system/dev/dn-pre7780/sops/secret.yaml b/system/dev/dn-pre7780/sops/secret.yaml index 4d93c3b..1c564dc 100644 --- a/system/dev/dn-pre7780/sops/secret.yaml +++ b/system/dev/dn-pre7780/sops/secret.yaml @@ -3,7 +3,9 @@ wireguard: dovecot: openldap: ENC[AES256_GCM,data:U3YYreEqoh+F0Mrli52jgQowrUqIUPmdQps=,iv:vTjHBFsue+89GOCDigVIktgGSZNZv8A2e3GM80o6TXc=,tag:GGh+hsT+yV/I12meXxflbQ==,type:str] nextcloud: - adminPassword: ENC[AES256_GCM,data:8LjI2/vQ9aHQfZSMumnjBw==,iv:1hfhKz58v10JfPgipueQVOtlCgBXwruA00BOkhjuN/E=,tag:y/vqcztye4Xlokpbm/jHiw==,type:str] + adminPassword: ENC[AES256_GCM,data:69NrA/iP0sfrkdv8ahv7I+ZY,iv:/TXTs0fZw64HELdGr5CzgToO2L2G2mCNdN4Zexz8p+o=,tag:p2hNTxv1xdYmEJ6ZAO3w3Q==,type:str] + whiteboard: ENC[AES256_GCM,data:qcZOLX1qJyciKm+4uuOVIopZXG70Jg9Grc07SCjG5ww9DK0myzdqlfWeZKdTsOyTBLMyCE9K7lC5rtBFeSv3ZeqkAUXTQt9QiAN05+tTpHk=,iv:v6fgSz/eh8MZANSbLbeSrKVOdX09pHYZ599BK8Ug2Lo=,tag:JTezfqrInm82K3gB0zpniw==,type:str] + signaling.conf: ENC[AES256_GCM,data:Ede61FM7k3VQHt4hO7O4UOE0p5nHk8lYsqaNWh8ZxfdGRJoMoLJYFcJs8nemAj1AGCh1Ep4ehtgQGcFfILUcek280m4paSIfaE2cwsI+1F+diXn98YmsmiR3swryw518gmfTZ7DrHlns7EWr/Udflz91F5+CKAuPNKtsYRSkB4KmJmEc4k2ioPus7hHEz/edLqA4mob/DuRXrWmFkDtlEj4I9aS5CJpyeDrsYoticnp5/QCWBnpxN2itqvbwjspid085Us7p4wbrM7Di/gPjj0D84Hw4biOLWSHm1oMRXqXIBP3ntPvvKJ2sKy7czcbeIGeJAIwEctStG7hqLAv3bfxiMn8DQ8eNp/xWw6tnwYklS4KCBJbDUucGvNcSx41JLCm+TShxaPIv/l6y+Z7Hkvri1WW2WSRvRsMFFEy3PrZLu0GstESYyARBrVdJ+OdaEtt3tthYLCUQcTT5xd484TTEyF9z3d5CBPC62BXZBdFRyEPD696nXV0ztVTBz2oWCmD6jHL0v+nTn3sojTDet0vmPo6o6cE0RqX6G/oVx+Y9l52QirFxOaNALk3R1l/lvXhDhlrAp8EldGhfnZf8y7X2HoC/XHQud9pA0N89Xrgp/Ak+9d+tRtmr4icLNVtwBg91md9P1tCyqPTUGR3JHc1KtmDHVI3NqgekUAmHrNRE5m633fchV2sTYSOfvdtL,iv:/xlMQoexPA9rXIlMd7bTQY1ojHuprBX/5quVSnNslvI=,tag:geAR+vPBmDB37/oSnnpqSA==,type:str] openldap: adminPassword: ENC[AES256_GCM,data:jEGuzgs5QTWfdyJenC3t3g==,iv:StfFOcvbDapnma6eAlpaGiBWnqiD3I/wfQsMBzufol0=,tag:892q7N4KrsSQoZYGy6CQrA==,type:str] lam: @@ -11,13 +13,11 @@ lam: stalwart: adminPassword: ENC[AES256_GCM,data:hHQlmztndbB8Ct5Zig8BChz1,iv:kDgSVglIKxEghV/lkcKKxKCzgwVJqcH4l8aXYt7k+W8=,tag:vD14vP2iJEOG4WR6djab1A==,type:str] tsig: ENC[AES256_GCM,data:wxsM/dbkW2fNf86b6TsLRNAce19h7mBEuSzFT84aIlaVZA/S29g1U4/CAwD4b+h/XfBgpZQCJf/9yT3yo6dbGAIAk5UgjV2cNY9pO1/uF1T6xoKDgfRZxA==,iv:9BvP8vQkTTEaNgYUPfQcfEMcWqDyD045EPBr7NyHmO4=,tag:coBBAe62kpe/L0S6V8NhXg==,type:str] - db: ENC[AES256_GCM,data:ZRZ2ZzUotYMe2GfkMS7o7dz0aGg=,iv:ys6ogueueESp0y6A+hUG9zTnqmCVobuIzyqA4WVtewo=,tag:p74G+8XhMcpgDnIfh1aXTg==,type:str] - dkimKey: ENC[AES256_GCM,data:oi+XvZ9hMMsgMtFnGPMbVBGagkwQzcPQDi1b0Zd54615V5yuOLHZxpLT5Z3LYlCOQmOcrCaIwn8lQKIZbAuAq6HDUVlNabjgnHeoq3XRIvcswO/B9pljL/22JCZleSrWSBh+WE+RwQIcqUIr0eNerXCUaAQLTE8lYn6mJMa/OoHJJ3R498OGyM/8rbuIMfKj5eqJnctsd9lRWeNmiq7hpQKJ8syLXMsRM9y79NJTPGJrIAJ/5F8SfUJ256/S2N25Cq61pkaXWxTcZzXFgAGU/sa3zsY86BRwEnFEVRMnygJWrVZW/ABYgRjL99r6OBQM8WTFpE8cK9GZTpylTm+QCS9lHsAA2rnUfLTs/09z41klbGSAu5jfokM5jhyFIjmDm9h3hEk4l0F4KTWgQ7avWqGVx4yVPktrVS6eh6W7+I0V6BOUhzH0Pp9xXWwhbFrMPYAYK5MQSLAS5nd3RCQWrxZwWh//ATiWdngUeWPyObxXSTmoV254k230sT39jQmqmTK5zIkOBvokPps9q3nPq1i3UIkSAXo0ZWI+GHiL1rnzJkMMGViugJdGEwUf8nWlYMcYkHmDRUZam6DIxzkf5svtd+kbDTxRa4GzeJrOYizgwDGpD5vRA9u8i7MYBS1Rhw3UVqZ9gkjtv8mqoOkDqVnHVnS2UPtsircecvjHmhu4Tq4hn8phX3F+2I8lhXUIalzPng5zjPGNUcDT+SoCbNeHuSWDDmMYQtzM3/xwae9quP9FXhr9IGGygmFUPGsl3cuxSJ3+Cq9/Hhd7bnTYnxYfv781qTmZsFclMUWNxUJQWLJ+5BQz6u1zW64wh+5SHUGrw7CHFsdgNAKv7YN+GJMNTHOjZr9RTL9R8opDm8Iho5IyQjMP401+DY30mOCq03WKJiC8qehgoaH16ssNV6ZuoHldu2N6JKmiwywgTRq8zQEo8jPnro772CQ9Tg0/5PnkhdlLdphDEIp60IbM+XWqMNwHY57fm6U+81PcgtsoRmI5OklrrhQjv+1aRgz0vRM80FOHMv7kxgEdNkb1x15B4g0ocBXEdLuxJEVaW4uWlP9EIivXOWwaPZf1QjT8ISuUQlFMXvtNj/V3SraW3K1bErJL5JnI16z803kdoAqYijf3IrRK49SKoCq6B2V8yo8iCRod2GFt1P3ADKb/uvJ6iCBSlFRFwiJYr8qu7TPXFCpsoySEmr1edBQdAkzXxFZLDMczHq2BzUo2RPfwtDubG1GMWxzrbZ1T6N3j1+GXiyTX7XuKdpSpFlXtPuJcCIrX4D4xnjv1SqqXEcKJO9oUcdMK6+Eem7wtVDBDDYpWellT+bLmtouvdEgjYE8VG5UGJJ5NpYoJAce9c7RE5/ozuvUH+uMfqfb8igZQlBMl6hbqO7j8m11i+ijS9T6Wu2DCSVIqqBHu8bouz1vyfq8l/whJCl1BkaZtiE5+NLkHoYSOuXGtVvEuXwMhvCWdnkxJtHZxxXQuCcBcVkD9Edg0YTslGv+XUvaYRlfZUqypqYZ9zJ21en9XPK3zafZ5gRLdY0xhXN4OKbGrXXL4cm5jfroTeez9iIL4fJGcA80PRHUGoLfK7ht2z0Lq3U91F4jz5KEhbaDtWDcMryr1Bwb6UXgLrezNM290g8J3GpXLBAdvqDXK79jSdPNqptGYt++VDeCdtA+P3z9K6aMWZzPURkLXxZ1bWy5YXP03MIkUpZWsc5lQmccUiyFe/Y+d9RSAZClmVxsQAY5y90d42EhkrOag06geziV9aaxgr57LdoPJQabD48bIbFFvimhV2DS3Gf/7gFtCXlm9oZiIqSHG+1TMKRp8XVwn6f70d76/Ba5Uiu0EX8V2x0Dsnin6GGynMBFCPKPXssHRe71SfRVxPJrzlLjtfTdPuzW5Q2k/U//z9SWd6Ao3+mzsbTC8MAYGeIzeE4GdsTs4ViEQWg5sSMSfjeKOFfgpTQi20LGomjF4gtTfnchEUBcUAarV6+hT/inYG2SlglyWwr2+LE3Ua5FWRXsZu4tBHcfE0axIb6Ju5KeogPVPo6cNoJCR2XLPNQakB9ONniCxPTW6zOx8h/A2UeIWMgbAn/jNYdd4kFu1IWBAQaZg5kSg1KmSAtnKgFmhb8A0Ope8h5fKfdX5tf0ulW0bjBz+rqNf2FQwcB/ScuEc65LSX+b0bzvIILuZfSRytFQpaQ4svjjA6mP4VIRoPRkkRl+gTEO+Ue4No4VZGE9+YdRFZ7OmtH6S1e5vu1rBiLuTVayHjuSWRu0OmxDiErP6uXPy8Q==,iv:Q5g9kxJKEKLHge2mcgk/UnTNMDFjzeLFLNjlY8KWe60=,tag:yL03NWRK2whOxNjcR3cPyA==,type:str] ldap: ENC[AES256_GCM,data:ygOPMCNIxvWxE9dPBeKGbA==,iv:t+p1/vjEZNDTw7LcaitzYv2xCPtlf/mmQhqXT1OFKXs=,tag:uPYp259FHZu5fut+Bc9eSA==,type:str] acme: pdns: ENC[AES256_GCM,data:eKnahc8HWboYCUpBuEUrdCMhN8A2N2VN0wrmzcyU2OfMeQaswIYSWV4sBzUbj/pono8PaVxK1FBKsn+Ycd4Y6tcxsAkbPfnPkOsbe0FJpz4t9RFLJBLw3U0YTE/TaURiDYipHnvPGYgyq3AziH/xa4WXZxLHGI0x+a/y3PpWy37rT87DWUT2kktPshdO7Mbwn7nSC78WByXmyaUMkT74Sc0FNmCgfijrHk/ATXGb,iv:y3eRZXFbqqf4VuuqHHYdIoiEa1zqRU1XIlEqooJ28lU=,tag:2bIALJFGZyIZT7fyo/y5Nw==,type:str] cloudflare: - secret: ENC[AES256_GCM,data:tritGdt3bWm/YtfdF2kO8qIBisa2rGF9/Dpl8R79e6REe//YKZFqFg==,iv:UG53JZ55+gDCPJzKjbVaWnpgOdvqcRoDUg8ef9xOV9A=,tag:JD3s28dsA9G2fqtz4soATA==,type:str] + secret: ENC[AES256_GCM,data:Ktk7BtyjaDeOc4Okflz/ZBYpJ7Uy1SeEBV6ofWcToZsvCDT6aTVxGrAKEHIE/eknvnyWOFeSQv/z/Q==,iv:x2ymbLwa1E2FzdomISeyhchya5bowgieO/XuOnoi81w=,tag:Nj+1DRnbvcwiLiEeu2WaRQ==,type:str] netbird: oidc: secret: ENC[AES256_GCM,data:hSVMUEBL0kCvRLD3zd57SLhNIAFOR4eaJPcIIIIUJng=,iv:VhfseftQNlXSDCWuaYQUIklMUCkUbChyWbJl3qgD75M=,tag:vbqov0VgA0XNZfzcr3FZgA==,type:str] @@ -26,6 +26,7 @@ crowdsec: lapi.yaml: ENC[AES256_GCM,data:BpDlz/liFYVZTA66TMWDifGfT4R9l0W9/LOU33rrPVC4YKeFbB1gIxqkUOEDl8fxsou5Jx/MQivyz90lE8yxbcGV/Zzx4ZJaHN+jz6mfM6mADEWp/nUcfO9tECijOhPPYt/8aE3py38NlFZuafZ2CwdL7RmDX7YCjpiIYxXaIjSv61WPD1SLkOkusnoA7bJZ2xmJ/dfEMXEA4LCCOfGQ,iv:922rrz94pD3/R1kGlQyIFkoq/fRSyxaIQ5qllldQMCY=,tag:AAPlwiQP4KMzHZmcMH76AQ==,type:str] capi.yaml: ENC[AES256_GCM,data:UuBESeHfKEPSIzP7RPNES0BVWwJsmPqLP3QJbAeAcm6eQ3sRzUSrVxY8A2yoiLD2lnuJPy2BbYHJpBR7VSfs7oUCc7LljgAp1uB2GH1y8YE46xJLo0TDp873bZJdcsO00ozsbtmWlGWJm7HLrzIUEe0mAjBzZeXe1WDJByGeVqupNLwpXSMaos2ktHjXA6hTGAdE5iIxBAXI6qjldWjRnlqE,iv:hZ2nUaOipU7Top0vsn23yU0XWP9SKcoj85xFo5hD/mU=,tag:32E2o+FOJXM9aMnLQA6KYA==,type:str] consoleToken: ENC[AES256_GCM,data:Q6QWWwcvLd8+ddwPMBzyB+X4gh8I53qSLA==,iv:JD48L59nQYttglAfuKL/lNBzWgBfj01rkIeP8pqmo70=,tag:6cxsQViDGuzjScKkBuO4Bw==,type:str] +rspamd: ENC[AES256_GCM,data:8DryYdMyhzBqwqcbYUQ=,iv:5w21u3xqshRSf8IJbG16/Gf6AC2Zw6VnI3MOchN+w8A=,tag:OiiYUDT69SZObgOh1qCL0g==,type:str] sops: age: - recipient: age1uvsvf5ljaezh5wze32p685kfentyle0l2mvysc67yvgct2h4850qqph9lv @@ -37,7 +38,7 @@ sops: MEdmWkFwNXZoR1ZVRnQ0aWlkYzZwSmsK0EFecUIdqlDKX08oRCoDQQ3QCX1wzb8w lghDJhWlfuKr+X24GoE4UK04aJVLqVMRRI4BJW+LQXeHS+dWKu3mQA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-10-13T06:51:06Z" - mac: ENC[AES256_GCM,data:1+X8f7lPwN+ELJ4DmkTN71Kzvvh4V3yiMilOOnz4NCqLRPdtpiQQz8W4VXkOkBONV5816IOCU2Br4kiQnPAkPEiwpJZzWQItqomZTp4gErSGmmMpVf2lbCRfsU2Eg1tgAaS1ZRQx8/o1vSIJtoPVKiqYdYSsNDx2zbafWqn9+Rk=,iv:uZ4BWoJB6LazGy+RAzdhB8uUCSa109R4TdE6PguryR8=,tag:5G0GRihPQKl9n/fJjZr/Jw==,type:str] + lastmodified: "2025-11-22T10:29:33Z" + mac: ENC[AES256_GCM,data:hcqqPP7EEDrFWwKU3Yl0XM6h17pLXBsmISMd94qYzaxmT/nKnF5bn8dq6M1C9t0Q0vvLjrPm94Gv2HPPJOX960whYMfwuXv/RkORJGb4qXdkXsGJaCrR9M51HArrd7Ba3pjoEyp3Jz9xTNrqg8kCDphBs0oZRV6dQDJUTdLbR50=,iv:eH5T27fthAad/dM5NxXyQawiVmTGgwJbeRXAiut9kL4=,tag:3lGkJMZKo8O1Zm1fB3DJ9Q==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/system/dev/dn-pre7780/sops/sops-conf.nix b/system/dev/dn-pre7780/sops/sops-conf.nix index 0d654eb..b0c1f95 100644 --- a/system/dev/dn-pre7780/sops/sops-conf.nix +++ b/system/dev/dn-pre7780/sops/sops-conf.nix @@ -10,6 +10,14 @@ in owner = "nextcloud"; group = "nextcloud"; }; + "nextcloud/signaling.conf" = mkIf config.services.nextcloud.enable { + owner = "signaling"; + group = "signaling"; + mode = "0640"; + }; + "nextcloud/whiteboard" = mkIf config.services.nextcloud.enable { + owner = "nextcloud"; + }; "lam/env" = { }; @@ -39,6 +47,15 @@ in owner = "crowdsec"; mode = "0600"; }; + "cloudflare/secret" = mkIf (hasAttr "acme" config.users.users) { + owner = "acme"; + mode = "0600"; + }; + "rspamd" = mkIf config.services.rspamd.enable { + owner = config.services.rspamd.user; + group = config.services.rspamd.group; + mode = "0660"; + }; } // (optionalAttrs config.services.stalwart-mail.enable ( let @@ -52,15 +69,6 @@ in "stalwart/tsig" = { inherit group owner; }; - "stalwart/db" = { - inherit group owner; - }; - "stalwart/dkimKey" = { - inherit group owner; - }; - "cloudflare/secret" = { - inherit group owner; - }; "stalwart/ldap" = { inherit group owner; }; diff --git a/system/dev/dn-pre7780/utility/default.nix b/system/dev/dn-pre7780/utility/default.nix index b3b91ba..c58d03c 100644 --- a/system/dev/dn-pre7780/utility/default.nix +++ b/system/dev/dn-pre7780/utility/default.nix @@ -3,6 +3,6 @@ ../../../modules/localsend.nix ./airplay.nix ./davinci-resolve.nix - ./blender.nix + # ./blender.nix ]; } diff --git a/system/dev/dn-server/default.nix b/system/dev/dn-server/default.nix index c27a4cc..62b1762 100644 --- a/system/dev/dn-server/default.nix +++ b/system/dev/dn-server/default.nix @@ -19,6 +19,8 @@ in "maps.rspamd.com" "cdn-hub.crowdsec.net" "api.crowdsec.net" + "mx1.daccc.info" + "mx1.dnywe.com" ]; allowedIPs = [ "10.0.0.0/24" @@ -43,6 +45,7 @@ in ''; imports = [ + ../public/dn/default.nix ./common ./home ./network diff --git a/system/dev/dn-server/network/services.nix b/system/dev/dn-server/network/services.nix index 249be82..a51d086 100644 --- a/system/dev/dn-server/network/services.nix +++ b/system/dev/dn-server/network/services.nix @@ -384,7 +384,15 @@ in "test.local." = "127.0.0.1:5359"; }; forwardZonesRecurse = { - "." = "168.95.1.1"; + # ==== Rspamd DNS ==== # + "multi.uribl.com." = "168.95.1.1"; + "score.senderscore.com." = "168.95.1.1"; + "list.dnswl.org." = "168.95.1.1"; + "dwl.dnswl.org." = "168.95.1.1"; + + # ==== Others ==== # + "tw." = "168.95.1.1"; + "." = "8.8.8.8"; }; dnssecValidation = "off"; dns.allowFrom = [ @@ -395,6 +403,7 @@ in dns.port = 5300; yaml-settings = { webservice.webserver = true; + recordcache.max_negative_ttl = 60; }; }; @@ -451,7 +460,6 @@ in virtualisation = { oci-containers = { - backend = "docker"; containers = { uptime-kuma = { extraOptions = [ "--network=host" ]; diff --git a/system/dev/dn-server/nix/atticd.nix b/system/dev/dn-server/nix/atticd.nix index 337496d..b784b18 100644 --- a/system/dev/dn-server/nix/atticd.nix +++ b/system/dev/dn-server/nix/atticd.nix @@ -1,10 +1,11 @@ { + pkgs, config, inputs, - system, ... }: let + inherit (pkgs.stdenv.hostPlatform) system; listenPort = 30098; in { diff --git a/system/dev/dn-server/options/network.nix b/system/dev/dn-server/options/network.nix index af5e1ca..0eecfdd 100644 --- a/system/dev/dn-server/options/network.nix +++ b/system/dev/dn-server/options/network.nix @@ -58,7 +58,7 @@ in wantedBy = [ "timers.target" ]; timerConfig = { OnBootSec = 10; - OnUnitActiveSec = 60; + OnUnitActiveSec = 360; }; }; diff --git a/system/dev/dn-server/services/default.nix b/system/dev/dn-server/services/default.nix index 6c74938..325cedd 100644 --- a/system/dev/dn-server/services/default.nix +++ b/system/dev/dn-server/services/default.nix @@ -3,7 +3,7 @@ imports = [ ./actual-budget.nix ./bitwarden.nix - ./docmost.nix + # ./docmost.nix ./mail-server.nix ./nextcloud.nix ./paperless-ngx.nix diff --git a/system/dev/dn-server/services/mail-server.nix b/system/dev/dn-server/services/mail-server.nix index 2ef0594..0e1ab7f 100644 --- a/system/dev/dn-server/services/mail-server.nix +++ b/system/dev/dn-server/services/mail-server.nix @@ -1,5 +1,6 @@ -{ config, ... }: +{ config, lib, ... }: let + inherit (lib) mkForce; inherit (config.systemConf) username; in { @@ -46,6 +47,30 @@ in ''; secretFile = config.sops.secrets."ldap/password".path; webSecretFile = config.sops.secrets."ldap/env".path; + olcAccess = + let + olcDN = "dc=net,dc=dn"; + in + [ + '' + {0}to attrs=userPassword + by peername="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage + by dn.exact="cn=admin,${olcDN}" manage + by dn.exact="uid=admin,ou=people,${olcDN}" manage + by self write + by anonymous auth + by * none + '' + '' + {1}to * + by peername="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage + by dn.exact="cn=admin,${olcDN}" manage + by dn.exact="uid=admin,ou=people,${olcDN}" manage + by self read + by anonymous auth + by * none + '' + ]; }; rspamd = { secretFile = config.sops.secrets."rspamd".path; @@ -55,4 +80,30 @@ in enable = true; }; }; + + services.openldap.settings.attrs.olcLogLevel = mkForce "config"; + + services.postfix.settings.main = { + # internal_mail_filter_classes = [ "bounce" ]; + }; + + services.rspamd = { + locals."logging.conf".text = '' + level = "debug"; + ''; + locals."settings.conf".text = '' + bounce { + id = "bounce"; + priority = high; + ip = "127.0.0.1"; + selector = 'smtp_from.regexp("/^$/").last'; + + apply { + BOUNCE = -25.0; + } + + symbols [ "BOUNCE" ] + } + ''; + }; } diff --git a/system/dev/dn-server/services/nextcloud.nix b/system/dev/dn-server/services/nextcloud.nix index 7a2d213..eee0e25 100644 --- a/system/dev/dn-server/services/nextcloud.nix +++ b/system/dev/dn-server/services/nextcloud.nix @@ -4,11 +4,16 @@ (import ../../../modules/nextcloud.nix { hostname = "nextcloud.net.dn"; adminpassFile = config.sops.secrets."nextcloud/adminPassword".path; - trusted-domains = [ "nextcloud.daccc.info" ]; trusted-proxies = [ "10.0.0.0/24" ]; whiteboardSecrets = [ config.sops.secrets."nextcloud/whiteboard".path ]; }) ]; + + services.nextcloud = { + extraApps = { + inherit (config.services.nextcloud.package.packages.apps) music; + }; + }; } diff --git a/system/dev/dn-server/services/ntfy.nix b/system/dev/dn-server/services/ntfy.nix index 3f26ca6..00a53d6 100644 --- a/system/dev/dn-server/services/ntfy.nix +++ b/system/dev/dn-server/services/ntfy.nix @@ -19,7 +19,11 @@ in upstream-base-url = "https://ntfy.sh"; behind-proxy = true; proxy-trusted-hosts = "127.0.0.1"; + auth-default-access = "deny-all"; + enable-login = true; + auth-file = "/var/lib/ntfy-sh/user.db"; }; + environmentFile = config.sops.secrets."ntfy".path; }; services.nginx.virtualHosts = { diff --git a/system/dev/dn-server/services/paperless-ngx.nix b/system/dev/dn-server/services/paperless-ngx.nix index 91335fb..f47aae3 100644 --- a/system/dev/dn-server/services/paperless-ngx.nix +++ b/system/dev/dn-server/services/paperless-ngx.nix @@ -6,14 +6,4 @@ passwordFile = config.sops.secrets."paperless/adminPassword".path; }) ]; - - # OIDC - services.paperless = { - settings = { - PAPERLESS_APPS = "allauth.socialaccount.providers.openid_connect"; - PAPERLESS_SOCIAL_AUTO_SIGNUP = true; - PAPERLESS_SOCIAL_ALLOW_SIGNUPS = true; - }; - environmentFile = config.sops.secrets."paperless/envFile".path; - }; } diff --git a/system/dev/dn-server/sops/secret.yaml b/system/dev/dn-server/sops/secret.yaml index d780c90..a138c20 100644 --- a/system/dev/dn-server/sops/secret.yaml +++ b/system/dev/dn-server/sops/secret.yaml @@ -40,6 +40,7 @@ crowdsec: capi.yaml: ENC[AES256_GCM,data:+13mu3XXst8J5okb+jQ/IPOd5TfdcDgLuTP8L46U53GTgTJChQoT4Ttw6xKQhp6L7vNoArQBQL66leRt3DEXATUjxl/Zoi2eymxqLn6/NUpPkv0g7hszJGVbMZEUGjo3IAk5ZRQWaNXHA9mRq/OkHzpMMM6ZpCd0KpY92QbLSHxJ6yUMazL1Wh4hwvyWyN6lLxujrgnZWOQDPZYQmIi+c/Af,iv:OO+Ujqq89SbWcRoqhwiJX2jtIJIUrtgG9xll7WuDhzw=,tag:R+Mx2UAkwA238quvMKCBLQ==,type:str] consoleToken: ENC[AES256_GCM,data:G/UfbMqHW0lecT7vKmZsusvXzgxz6apdRQ==,iv:JJTN1RPhFNMd2gqE3Vw2FvC+bA/vgOiYNfBhr96veIw=,tag:HKbhtwCWkLte8e8uGDt2Gw==,type:str] opencloud: ENC[AES256_GCM,data:NrhvojLoMUbGkWNkfDN12iAU70F9o1MXa3m8RzYtcBU1r9zk0e+4ZlPAqw2SIobMDC3vo3few7cA21ruYGP2p36lskG6UjafyJPJoHQcxlq04Kp/9GVeSsvI3KP08WLmoaBqk6b+f1K57P4OzSHPYKQ4/f51B4yhmt8n/DNg7RgF8wNKi4KUTOBuC/j+T+51vsJdjqHUuBi1y2ZqaolAwfEYbnswNVJUcOxHUezIAGke/22U0fS01+p1JQ/PAzSeDdxuX8dAMDVYHHZ13A07kXIRchpSb63Y5pTLUUAl25zAaSYoq+fZ0s61DZrYCaityZCishhCpJwmyoOsCWEesOpRFYNjIALIxWmM9b3aU/5G1WNiPRdlfvZpowhm3r+4X7QGCoXvuoI94l8DuXW7wN77XhLr7s4w,iv:TrUgpRHN7NYFZw+tihcxJ+dhNi4nIuNHMxNWgCE53AA=,tag:YZNL/Pv8S0hYtSt5IBE1GA==,type:str] +ntfy: ENC[AES256_GCM,data:BapVKt2WzKLMP6KsxZ32+SS0mpIy0waqUTI7Rj0yyWA1mF9bstp0VfRv/6Dna41ttecFjyLRMmlF0jLqHXcNtqmlB3lHiE5IvVcEadjGB5C1fcQKrj5CveVPecvxzc+CfMMt4tlzike9TYL2tP5siGQzU7HvpNfIlT/Qfi40j8l7eT+Tne+XAadu/GQ1CH5dWKr8gPrR8fpfw6CgDvvc05SBLlfM2LsfTxz/UNV3vAbfRLchCsqd9s9jcR4UJPoJv6HVe480HXgY5SLcZA/Gh58=,iv:MqYwns9JITCskQo+ADgWghfRCwiSV+IGdUvi568Fmrc=,tag:Re20TMCnk5EA+X9wQRYg3w==,type:str] sops: age: - recipient: age17rjcght2y5p4ryr76ysnxpy2wff62sml7pyc5udcts48985j05vqpwdfq2 @@ -69,7 +70,7 @@ sops: OFloWEFuTC9GTXJsMG5NNktmdmIrY1kK0yN0ae0xNaydujV5lt2FiwXdyursG0DK 9i/B3TTAm9csDMMSTSFbiAUJDzG7kIqn++JU/cxvsGScSnhMqjEK/g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-11-05T08:37:16Z" - mac: ENC[AES256_GCM,data:Qyb0Zu2MSu3TVdhh6/5iEMhPBpb+hfYFwkxZUSreXxnMtRKRaasKrcjfG/pBWmublUoJpfN6MMSyg5dqKmtPTCFEA1h2TywjjR1elZao3Fj61artd2gTR60heWMzJ1rRdczgYLkTO4dWp0JB3ShF75T5XQM2kGSB/d2pvfYv4bA=,iv:p3ZNr/ZMQhAbF+KbpxqY3/0mz5kkJ8BcwO7yW3NU6l8=,tag:WS9hH77KeeMYVO9eNu5wWA==,type:str] + lastmodified: "2025-11-22T18:17:35Z" + mac: ENC[AES256_GCM,data:88NsRj8t483hQ1jWu3u+772he7G2oyybf+pcgyFoBpfrb5GZqXzlae7TpTqstRLvXLcvaXXWI+QUA9WKvuozHEZ2OPzP84JbTjj72POBaIf5k9jHwzNrbXdWPlQF0PLHjnguniDeKLMC8KI7Aypww7CM3N3Gkuyr6bVGGDIsPLw=,iv:D0O8HmtjYyTRd+ZeDkGctA79i+LVOh2f8B1vUjWYqPI=,tag:OU77+XJh9nOOo54fmj35kQ==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/system/dev/dn-server/sops/sops-conf.nix b/system/dev/dn-server/sops/sops-conf.nix index 3a2fec1..0449f9c 100644 --- a/system/dev/dn-server/sops/sops-conf.nix +++ b/system/dev/dn-server/sops/sops-conf.nix @@ -92,5 +92,9 @@ in group = config.services.opencloud.group; mode = "0600"; }; + "ntfy" = mkIf config.services.ntfy-sh.enable { + owner = config.services.ntfy-sh.user; + mode = "0600"; + }; }; } diff --git a/system/dev/public/dn/default.nix b/system/dev/public/dn/default.nix new file mode 100644 index 0000000..4fdd9fd --- /dev/null +++ b/system/dev/public/dn/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./yubikey.nix + ]; +} diff --git a/system/dev/public/dn/ntfy.nix b/system/dev/public/dn/ntfy.nix new file mode 100644 index 0000000..223b508 --- /dev/null +++ b/system/dev/public/dn/ntfy.nix @@ -0,0 +1,46 @@ +{ + config, + pkgs, + lib, + ... +}: +let + inherit (config.systemConf) username; + ntfyWrapper = import ../../../../home/scripts/ntfy.nix { inherit config pkgs lib; }; +in +{ + sops.secrets."ntfy" = { + owner = username; + sopsFile = ../../public/sops/dn-secret.yaml; + mode = "0600"; + }; + + home-manager.users."${username}" = { + home.packages = [ + ntfyWrapper + ]; + + services.ntfy-client = + let + icon = builtins.fetchurl { + url = "https://docs.ntfy.sh/static/img/ntfy.png"; + sha256 = "sha256:0igypv27phrhgiccvnrcvi543yz8k8rvsxkn4nha2l3xx92yx6r5"; + }; + in + { + enable = true; + settings = { + default-host = "https://ntfy.net.dn"; + subscribe = [ + { + topic = "public-notifications"; + command = '' + notify-send -i ${icon} "[$topic] $title" "$message" + ''; + } + ]; + }; + environmentFile = config.sops.secrets."ntfy".path; + }; + }; +} diff --git a/system/dev/public/dn/yubikey.nix b/system/dev/public/dn/yubikey.nix new file mode 100644 index 0000000..01690bd --- /dev/null +++ b/system/dev/public/dn/yubikey.nix @@ -0,0 +1,18 @@ +{ + config, + ... +}: +let + inherit (config.systemConf) username; +in +{ + sops.secrets."u2f_keys" = { + sopsFile = ../../public/sops/dn-secret.yaml; + owner = username; + }; + + systemd.tmpfiles.rules = [ + "d /home/${username}/.config/Yubico - ${username} - - -" + "L /home/${username}/.config/Yubico/u2f_keys - - - - ${config.sops.secrets."u2f_keys".path}" + ]; +} diff --git a/system/dev/public/sops/dn-secret.yaml b/system/dev/public/sops/dn-secret.yaml new file mode 100644 index 0000000..419478a --- /dev/null +++ b/system/dev/public/sops/dn-secret.yaml @@ -0,0 +1,35 @@ +ntfy: ENC[AES256_GCM,data:7m7hwmDWu6qP/mX7QujXPiDAmRC542CKyWzFaOL5sHza,iv:nn1F44LSFmrV2USRDD0z8CNfUhi40LZnvoU3j0nklcU=,tag:WhqQpThDaG10kNTk1tZxOQ==,type:str] +u2f_keys: ENC[AES256_GCM,data:boiKENOBo4hBWx9d+KVweCQrmFasDVUejuWrw60oPybPEW0pqTWz5GhQjfG6J0PWNFr/ObABT5eofKiSoy/pZ9uBQQGFO1nAA41axhI1Y9nuyBkkrNPYRnZsojdOcahNGMz1hplXTMzSdKgwutzA4/dsGG1ki/EOiuYRUgzQ/IzjEfqWGeBDlHoq9ohhTFFpsdNgZqgu23m3+Z0hcpquJdY3bhBi0L1nU3B88wJ7MiLyp2mVM3GA7i8jeIUmwqJCEuA3OkG3r3oUHO/l61N+0qtss8bmghf6bsJYtvkhCjXOiEE9R8dpCzjwXEhgAGcYiqiPWzLCl3WyYaytNlVJF/MHC+R0S1ruBV0RLrzCnvxaav8iqa4l3y2ErRB0qUgvO386suGNh2cEYTEEKF4GcQM6mzXbLzUqK4H+nGBC3SdArdphTIgWXP7C+romXzwgGVBLWW/4atRkj0ZF,iv:Rxke3HDAvcLv9sks5jDhNsfxXwSD4TgfGoN7v9HDntk=,tag:IkCsaFVPdgobd9+EX3CwIw==,type:str] +sops: + age: + - recipient: age1uvsvf5ljaezh5wze32p685kfentyle0l2mvysc67yvgct2h4850qqph9lv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4L0FPWGRWeVp5SEp2eUpr + b1dvaWFBdHBmeEh5cE9Yd2FXV0lZYWNSZGowClJYRXRjdXNKTFNzTXdObXJZbXYr + Y1F3ajJNRXhwbzRwMEphTFl0aUhvODgKLS0tIDFrZTN0NWdYU1Bvc0k4NVdWVVUw + Q0xOT1JDNDdGWkR1a1FCc0U4YjBCVEUKR+EaZ39bDJWbJdbUey1EmQnJI+bTZ/PN + 7o1Dn+qqUtUATeNL8a2KuXAiJ8nVqjQGVvL5DLNrqmsgIxJMoRMH6g== + -----END AGE ENCRYPTED FILE----- + - recipient: age1z6f643a6vqm7cqh6fna5dhmxfkgwxgqy8kg9s0vf9uxhaswtngtspmqsjw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiUHlhYXZkdlBPNkV4UDh6 + aDk1aGFBbThZb3RZV0hJMDY0cW56dDN3L0Z3Ck15Smo2cXBFNUZNeWo1d2h2WHNk + Qk1FbmFwTEhGK1UzSWF4c1d0YnFFTVkKLS0tIC9HVEczcDQzclhRZVVQNU5tOEh6 + WEE0aDRZaE1BQWVKWnpjamQrV3lwUmcKnFWVVNdgfNPgHMiL96568YjckHn4+GYJ + Bt5/n9n9YkxZ22AgFyxjzDczDf9dXDmAPpP2PNlIlw+VaEhhUGWw+A== + -----END AGE ENCRYPTED FILE----- + - recipient: age17rjcght2y5p4ryr76ysnxpy2wff62sml7pyc5udcts48985j05vqpwdfq2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWY3kydFo1V05HbTBWaUtq + emZvdm1rVEx2RWxuTGdidjdrMGNmMjZldVFnCmcxS0E3V1RpcGdsZldKLzdhKzIy + eXJQbDJUeW1Va0FLcTBvcllkdGlTUWMKLS0tIEJPR2k2cHAvNXVQZHJNSmhYU3gz + QWV3VjRjNC9RaXNwbDdLWmVQNS94UzAKeLZSqcXRwkVoUUKd4PuRusbJwFlubdJy + kcxGMzvfT0BMYDp61vV+F5Vh4TkgddCzp6Lphbb/6orkWWpjmE9I4g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-11-21T12:34:46Z" + mac: ENC[AES256_GCM,data:jec/S+h3feoez+1OaWkZHAlSNhsLv8R4yXPIFjVUaYionJKMUAAizLtVsmpVHNRn8OCBhb7zi+Yk4GClZQqg/I8iTY3tzDTIJJsHoj+KsxuQohRASDikaYLTfdad44vin8ayxSKjSScK3JpwX5B12Rffx8DCPqUtXY0TGa0ULoQ=,iv:R1YiVCx3WDZO4b2d9TbdTnWmVmG4MQye4TUWWdIa4Yk=,tag:ACZoECWIqDRITghc8KwUsA==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/system/dev/public/sops/secret.yaml b/system/dev/public/sops/secret.yaml new file mode 100644 index 0000000..2e70b7f --- /dev/null +++ b/system/dev/public/sops/secret.yaml @@ -0,0 +1,43 @@ +ntfy: ENC[AES256_GCM,data:TIbbEDjzQOnFKtxVYCFJZNDoKD3IJT7a3fZusC0CNkE6,iv:c5+HExq2flbY6f9mlWK6PtYJigWFG7w1hzFxRiOnjw8=,tag:6fCCfA9n3oOKIoEzKmIkqg==,type:str] +sops: + age: + - recipient: age1uvsvf5ljaezh5wze32p685kfentyle0l2mvysc67yvgct2h4850qqph9lv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtbHlQZW9YL1pVdS9ldmUw + Y1pEMlBOS2JFbnlFTmFOYk9KVWxFMG1EdFY0CmdlY2pqWnVUM3dNWm5NWkg0Q01W + MlJRQWlFb3dtRG4zMDFGWVpWYzJ5Z2cKLS0tIG1rUnl4cU9rMDdLOVJMZ3ZVYldu + MWtQTFIxWDBYWDIrSmhMQXNpUUcrL2MK7ML57L+Wx9ET14VcSl36jBYj/ITQp5CS + txIVmUtD34emknZ84iJK5XakExJu6v/yFSlph+TFtm/dQG+6Dah9mg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1z6f643a6vqm7cqh6fna5dhmxfkgwxgqy8kg9s0vf9uxhaswtngtspmqsjw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhT3hIeUs1aFBvcEpKZjla + MWk1UndPS25FYS9UTy91alAxbzlMY253T0NJCmxZZHphM1VoQUVubUNZNW5jTnpp + T0pDN3NHRzZaaFFwb09HdzF4WnhhQ0kKLS0tIGNEZmtEY29tV0J3OWg5QTJUcWJ5 + Z2lUUFZiaUdMSGNueGdMTmgyYXFXZWMKCZKSXjNUYPMQb57njPyojUIy+pFb5wdx + kpZRL6E1ymHUdqKv+Y4LjKJl5MndzFc5WX1bgCXNX6Ql2EWfnDyy7w== + -----END AGE ENCRYPTED FILE----- + - recipient: age1ar5h06qv72pduau043r04kschwcq0x0lm33wqvxzdh9grmp3cq3sy0ngnz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxOC9Hem9BQmY0T1VyZjIw + cUlkVE1iUC9nM21pSG5WcFRJWjhreWQvMWxnCitET0pDZFlUM3FjV25yNmNVRXBl + azR6TFEvbmJ5aWJZQWxIdyt4SFFBT1EKLS0tIEdLVmZhSXZCREl6WWJvbmp5OUs3 + bHl2SjdmK2hHNXRvZ3lsdEkyRkk4YmsK3jkBYtIm42Rr3elD8I1AGnyv3A6lZ57M + 6Z7anUS5SlYr2HdHVtQobJeDG8F38kfbWBZQMCDKWayJXy6XAKJAjw== + -----END AGE ENCRYPTED FILE----- + - recipient: age17rjcght2y5p4ryr76ysnxpy2wff62sml7pyc5udcts48985j05vqpwdfq2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAybVBTV3RoYm1yOTgvZXpS + S0lYcHpuMVBrcDF0bm5ZUSt3NHV3T2p2V2lZCnQ5MVo0VW96TEx1NE91ZlJaUzVT + RlhoVWV2QmZsQzUzaThFQytGdzJxaFUKLS0tIEJ3cmV4eVlEZFNVcEFaVzVRQWpD + NnByZmhLdHdIYW1HSTFya0IxZWZseUEKXypAIQLljSCj8pF/29LrlFE3zU3cQ+4t + krG89BjB8zXwGdoEbT9OqDfV6R8+TpMo+BsDu/4svbUbXEJvSq8+Yg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-11-21T12:34:48Z" + mac: ENC[AES256_GCM,data:UmW1iNQEkZmHyt4X8HNtRreCvNiLu/f9wweomWZPSjDQgeIKq8OYy9cWW3gcRQ1/mCLBoZb7GYXF5KDmrzNNah6MdZ3nAl+GXDhoLjSEzqgnVBPaG26zMixNms+QH8u4YxF7tujk35vWYEqiDyUGCRfQSKxXM/nYrEGHJDUrZiI=,iv:5cJ/iGu7OPH0dKP5MkjseUv+l63mlGz856aSyJwNn/o=,tag:NiiYDb1fRKNTFOfTG//eMA==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/system/dev/skydrive-lap/home/default.nix b/system/dev/skydrive-lap/home/default.nix index 086ea3e..712252e 100644 --- a/system/dev/skydrive-lap/home/default.nix +++ b/system/dev/skydrive-lap/home/default.nix @@ -8,8 +8,6 @@ let inherit (config.systemConf) username; inherit (lib) mkForce optionalString; - geVersion = "10-15"; - memeSelector = pkgs.callPackage ../../../../home/scripts/memeSelector.nix { url = "https://nextcloud.net.dn/public.php/dav/files/pygHoPB5LxDZbeY/"; }; @@ -97,22 +95,6 @@ in ]; }) ]; - - home.file = { - # Proton GE - ".steam/root/compatibilitytools.d/GE-Proton${geVersion}" = { - source = fetchTarball { - url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton${geVersion}/GE-Proton${geVersion}.tar.gz"; - sha256 = "sha256:0iv7vak4a42b5m772gqr6wnarswib6dmybfcdjn3snvwxcb6hbsm"; - }; - }; - ".steam/root/compatibilitytools.d/CachyOS-Proton10-0_v3" = { - source = fetchTarball { - url = "https://github.com/CachyOS/proton-cachyos/releases/download/cachyos-10.0-20250714-slr/proton-cachyos-10.0-20250714-slr-x86_64_v3.tar.xz"; - sha256 = "sha256:0hp22hkfv3f1p75im3xpif0pmixkq2i3hq3dhllzr2r7l1qx16iz"; - }; - }; - }; }; }; } diff --git a/system/modules/actual/default.nix b/system/modules/actual/default.nix index 82cad66..d9098e2 100644 --- a/system/modules/actual/default.nix +++ b/system/modules/actual/default.nix @@ -3,13 +3,14 @@ proxy ? true, }: { + pkgs, config, lib, inputs, - system, ... }: let + inherit (pkgs.stdenv.hostPlatform) system; inherit (builtins) toString; inherit (lib) mkIf; diff --git a/system/modules/flatpak.nix b/system/modules/flatpak.nix deleted file mode 100644 index b6bf800..0000000 --- a/system/modules/flatpak.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ pkgs, ... }: -{ - systemd.services.flatpak-repo = { - wantedBy = [ "multi-user.target" ]; - path = [ pkgs.flatpak ]; - script = '' - flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo - ''; - }; - - services = { - flatpak.enable = true; - }; -} diff --git a/system/modules/gaming.nix b/system/modules/gaming.nix index a0fce82..77bcc63 100644 --- a/system/modules/gaming.nix +++ b/system/modules/gaming.nix @@ -4,7 +4,9 @@ lib, ... }: - +let + inherit (config.systemConf) username; +in { nix = { settings = { @@ -17,12 +19,17 @@ programs.gamescope.enable = lib.mkDefault true; + users.users.${username}.extraGroups = [ "gamemode" ]; + programs = { steam = { enable = true; protontricks.enable = true; gamescopeSession.enable = true; extest.enable = true; + extraCompatPackages = with pkgs; [ + proton-ge-bin + ]; remotePlay.openFirewall = true; dedicatedServer.openFirewall = true; localNetworkGameTransfers.openFirewall = true; diff --git a/system/modules/hardware.nix b/system/modules/hardware.nix index f9d7f5d..f192f09 100644 --- a/system/modules/hardware.nix +++ b/system/modules/hardware.nix @@ -1,11 +1,11 @@ { pkgs, inputs, - system, ... }: let + inherit (pkgs.stdenv.hostPlatform) system; pkgs-hyprland = inputs.hyprland.inputs.nixpkgs.legacyPackages.${system}; in { @@ -17,8 +17,8 @@ in package = pkgs-hyprland.mesa; extraPackages = with pkgs; [ intel-media-driver # LIBVA_DRIVER_NAME=iHD - vaapiVdpau - (vaapiIntel.override { + libva-vdpau-driver + (intel-vaapi-driver.override { enableHybridCodec = true; }) libvdpau-va-gl diff --git a/system/modules/nextcloud.nix b/system/modules/nextcloud.nix index abb36c8..6efc5a4 100644 --- a/system/modules/nextcloud.nix +++ b/system/modules/nextcloud.nix @@ -23,28 +23,6 @@ let cp ${caBundle} resources/config/ca-bundle.crt ''; }); - - # Patch for downloading models. Hardcoded to `/var/lib/nextcloud/models` - recognize = pkgs.stdenvNoCC.mkDerivation (finalAttrs: { - pname = "recognize-patched"; - version = "10.0.4"; - - src = pkgs.fetchNextcloudApp { - url = "https://github.com/nextcloud/recognize/releases/download/v10.0.4/recognize-10.0.4.tar.gz"; - sha256 = "sha256-/RHnnvGJMcxe4EuceYc20xh3qkYy1ZzGsyvp0h03eLk="; - license = "agpl3Plus"; - }; - - patches = [ - ../../pkgs/patches/nextcloud_recognize_models_path.patch - ]; - - installPhase = '' - mkdir -p $out - cp -r . $out/ - ''; - }); - in { imports = [ @@ -90,14 +68,13 @@ in inherit (config.services.nextcloud.package.packages.apps) contacts calendar + tasks whiteboard user_oidc memories - recognize # May break + recognize ; - # inherit recognize; - camerarawpreviews = pkgs.fetchNextcloudApp { url = "https://github.com/ariselseng/camerarawpreviews/releases/download/v0.8.8/camerarawpreviews_nextcloud.tar.gz"; sha256 = "sha256-Pnjm38hn90oV3l4cPAnQ+oeO6x57iyqkm80jZGqDo1I="; @@ -138,7 +115,7 @@ in services.nextcloud-whiteboard-server = { enable = true; settings = { - NEXTCLOUD_URL = "http${optionalString configureACME "s"}://${hostname}"; + NEXTCLOUD_URL = "http${optionalString https "s"}://${hostname}"; PORT = "3002"; }; secrets = whiteboardSecrets; diff --git a/system/modules/nixsettings.nix b/system/modules/nixsettings.nix index 410387c..ea2b672 100644 --- a/system/modules/nixsettings.nix +++ b/system/modules/nixsettings.nix @@ -4,9 +4,11 @@ nix = { settings = { substituters = [ + "https://yazi.cachix.org" "https://cache.net.dn/dn-main" ]; trusted-public-keys = [ + "yazi.cachix.org-1:Dcdz63NZKfvUCbDGngQDAZq6kOroIrFoyO064uvLh8k=" "dn-main:ZjQmZEOWpe0TjZgHGwkgtPdOUXpN82RL9wy30EW1V7k=" ]; warn-dirty = false; diff --git a/system/modules/nvidia.nix b/system/modules/nvidia.nix index fccb93f..35d9502 100644 --- a/system/modules/nvidia.nix +++ b/system/modules/nvidia.nix @@ -88,7 +88,7 @@ lib.checkListOfEnum "Nvidia Prime Mode" validModes [ nvidia-mode ] { enable32Bit = true; extraPackages = with pkgs; [ nvidia-vaapi-driver - vaapiVdpau + libva-vdpau-driver libvdpau-va-gl ]; }; diff --git a/system/modules/packages.nix b/system/modules/packages.nix index 77f3abf..af087df 100644 --- a/system/modules/packages.nix +++ b/system/modules/packages.nix @@ -1,9 +1,11 @@ { pkgs, inputs, - system, ... }: +let + inherit (pkgs.stdenv.hostPlatform) system; +in { environment.systemPackages = with pkgs; [ file @@ -31,7 +33,7 @@ p7zip killall zip - glxinfo # OpenGL info + mesa-demos # OpenGL info pciutils # PCI info xdotool # Keyboard input simulation ffmpeg # Video encoding diff --git a/system/modules/paperless-ngx.nix b/system/modules/paperless-ngx.nix index 3348490..e55cdd7 100644 --- a/system/modules/paperless-ngx.nix +++ b/system/modules/paperless-ngx.nix @@ -24,7 +24,7 @@ in }; PAPERLESS_URL = "http${optionalString configureNginx "s"}://${domain}"; }; - configureTika = true; + configureTika = false; database.createLocally = true; }; diff --git a/system/modules/presets/basic.nix b/system/modules/presets/basic.nix index 49e6c9d..1241b59 100644 --- a/system/modules/presets/basic.nix +++ b/system/modules/presets/basic.nix @@ -6,11 +6,9 @@ ../auto-mount.nix ../bluetooth.nix ../display-manager.nix - ../flatpak.nix ../obs-studio.nix ../plymouth.nix ../polkit.nix - ../security.nix ../hyprland.nix ]; diff --git a/system/modules/presets/minimal.nix b/system/modules/presets/minimal.nix index dac91e7..c2e5923 100644 --- a/system/modules/presets/minimal.nix +++ b/system/modules/presets/minimal.nix @@ -17,5 +17,6 @@ ../ca.nix ../sops-nix.nix ../gc.nix + ../security.nix ]; } diff --git a/system/modules/programs.nix b/system/modules/programs.nix index 6dc1eba..c211c9e 100644 --- a/system/modules/programs.nix +++ b/system/modules/programs.nix @@ -12,13 +12,6 @@ ]; programs = { - gnupg = { - agent = { - enable = true; - enableSSHSupport = true; - }; - }; - neovim = { enable = true; configure = { diff --git a/system/modules/security.nix b/system/modules/security.nix index e12d3d5..aff3832 100644 --- a/system/modules/security.nix +++ b/system/modules/security.nix @@ -1,12 +1,34 @@ -{ pkgs, ... }: +{ pkgs, config, ... }: { services.udev.packages = [ pkgs.yubikey-personalization ]; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + security.sudo-rs = { + enable = true; + execWheelOnly = true; + extraConfig = '' + Defaults timestamp_timeout=0 + ''; + }; + + security.sudo.enable = !config.security.sudo-rs.enable; + + # ==== PAM u2f ===== # + # $ nix shell nixpkgs#pam_u2f + # $ mkdir -p ~/.config/Yubico + # $ pamu2fcfg > ~/.config/Yubico/u2f_keys security.pam = { - services.hyprlock = { }; + services.hyprlock = { + u2fAuth = false; + }; services = { sudo.u2fAuth = true; + login.u2fAuth = true; }; u2f = { @@ -16,7 +38,5 @@ }; }; - environment.systemPackages = with pkgs; [ - yubikey-manager - ]; + programs.yubikey-manager.enable = true; } diff --git a/system/modules/stalwart.nix b/system/modules/stalwart.nix index a7f85c6..5e9b9a8 100644 --- a/system/modules/stalwart.nix +++ b/system/modules/stalwart.nix @@ -1,10 +1,9 @@ { adminPassFile, - dbPassFile, - dkimKey, ldapConf, domain ? null, - acmeConf ? null, + acmeConfs ? null, + certs ? null, enableNginx ? true, }: { @@ -16,15 +15,6 @@ let inherit (lib) mkIf; logFilePath = "${config.services.stalwart-mail.dataDir}/logs"; - mkCondition = ( - condition: ithen: ielse: [ - { - "if" = condition; - "then" = ithen; - } - { "else" = ielse; } - ] - ); in { services.postgresql = { @@ -104,7 +94,8 @@ in hostname = "mx1.${domain}"; domain = "${domain}"; }; - acme."letsencrypt" = mkIf (acmeConf != null) acmeConf; + acme = mkIf (acmeConfs != null) acmeConfs; + certificate = mkIf (certs != null) certs; directory = { "in-memory" = { @@ -120,9 +111,10 @@ in }; "ldap" = ldapConf; imap.lookup.domains = [ - domain + "mx1.${domain}" ]; }; + authentication.fallback-admin = { user = "admin"; secret = "%{file:${adminPassFile}}%"; diff --git a/system/modules/stylix.nix b/system/modules/stylix.nix index fd5d464..f66acfd 100644 --- a/system/modules/stylix.nix +++ b/system/modules/stylix.nix @@ -29,7 +29,7 @@ in monospace = caskaydia; emoji = { - package = pkgs.noto-fonts-emoji; + package = pkgs.noto-fonts-color-emoji; name = "Noto Color Emoji"; }; @@ -47,7 +47,7 @@ in jetbrains-mono noto-fonts-cjk-sans noto-fonts-cjk-serif - noto-fonts-emoji + noto-fonts-color-emoji liberation_ttf # dfkai-sb sf-pro-display-bold diff --git a/system/modules/vaultwarden.nix b/system/modules/vaultwarden.nix index ee19ef6..49f931c 100644 --- a/system/modules/vaultwarden.nix +++ b/system/modules/vaultwarden.nix @@ -33,7 +33,9 @@ services.nginx.virtualHosts.${domain} = { enableACME = true; forceSSL = true; - locations."/".proxyPass = - "http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; + locations."/" = { + proxyPass = "http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; + proxyWebsockets = true; + }; }; } diff --git a/system/modules/virtualization.nix b/system/modules/virtualization.nix index dccfbcf..5ad6fd1 100644 --- a/system/modules/virtualization.nix +++ b/system/modules/virtualization.nix @@ -1,11 +1,25 @@ { + pkgs, ... }: { virtualisation = { - docker.enable = true; - docker.daemon.settings = { + containers = { + enable = true; + containersConf.settings.compose_warning_logs = false; + }; + oci-containers.backend = "podman"; + podman = { + enable = true; + dockerCompat = true; + defaultNetwork.settings.dns_enabled = true; }; spiceUSBRedirection.enable = true; }; + + environment.systemPackages = with pkgs; [ + dive # look into docker image layers + podman-tui + podman-compose + ]; }