diff --git a/.gitignore b/.gitignore index e69de29..452a5a4 100755 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1,3 @@ +ISSUES/ + +result diff --git a/deploy b/deploy index 4e5f38b..4dc0576 100755 --- a/deploy +++ b/deploy @@ -45,13 +45,13 @@ done # delete cached items in nixstore if [ "$flag_fresh" = true ]; then - collect-garbage + collect_garbage exit 0 fi # nixos-rebuild switch ... if [ "$flag_bootloader" = true ]; then - collect-garbage + collect_garbage rebuild_flake "reinstall-bootloader" else rebuild_flake diff --git a/deploy-remote b/deploy-remote index 94371d4..be09c7d 100755 --- a/deploy-remote +++ b/deploy-remote @@ -2,6 +2,11 @@ set -e # terminate if any command fails +echo "[+] Adding keys to ssh-agent" +ssh-add ~/.ssh/id_hyrule +printf "\n" + +git add . # Deploy to all Colmena hives colmena build --experimental-flake-eval colmena apply --experimental-flake-eval diff --git a/fix_bootloader b/fix_bootloader deleted file mode 100644 index 7e91683..0000000 --- a/fix_bootloader +++ /dev/null @@ -1,17 +0,0 @@ -Find efi mount point: -mount -l | grep "boot" - -This can be modified by editing `hardware-configuration.nix` -to have either `fileSystems."/boot"` or `fileSystems."/boot/efi"` - -Running `sudo nixos-rebuild switch --flake .` in `~/nixdots` -will change the mount point (no reboot required). - - -Once we're here we can reinstall (hopefully) - - - - -GET THIS MAN INTO HEAVEN -https://www.reddit.com/r/NixOS/comments/10107km/comment/j2lekuj/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button diff --git a/flake.lock b/flake.lock index 968d6bc..4e31fa3 100755 --- a/flake.lock +++ b/flake.lock @@ -80,16 +80,17 @@ "stable": "stable" }, "locked": { - "lastModified": 1734897875, - "narHash": "sha256-LLpiqfOGBippRax9F33kSJ/Imt8gJXb6o0JwSBiNHCk=", + "lastModified": 1734374287, + "narHash": "sha256-rINodqeUuezuCWOnpJgrH7u9vJ86fYT+Dj8Mu8T/IBc=", "owner": "zhaofengli", "repo": "colmena", - "rev": "a6b51f5feae9bfb145daa37fd0220595acb7871e", + "rev": "47b6414d800c8471e98ca072bc0835345741a56a", "type": "github" }, "original": { "owner": "zhaofengli", "repo": "colmena", + "rev": "47b6414d800c8471e98ca072bc0835345741a56a", "type": "github" } }, @@ -226,26 +227,6 @@ "type": "github" } }, - "home-manager": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1730633670, - "narHash": "sha256-ZFJqIXpvVKvzOVFKWNRDyIyAo+GYdmEPaYi1bZB6uf0=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "8f6ca7855d409aeebe2a582c6fd6b6a8d0bf5661", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, "hyprcursor": { "inputs": { "hyprlang": [ @@ -611,16 +592,16 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1730785428, - "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=", + "lastModified": 1739357830, + "narHash": "sha256-9xim3nJJUFbVbJCz48UP4fGRStVW5nv4VdbimbKxJ3I=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7", + "rev": "0ff09db9d034a04acd4e8908820ba0b410d7a33a", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-unstable", + "ref": "nixos-24.11", "repo": "nixpkgs", "type": "github" } @@ -670,7 +651,6 @@ "ags": "ags", "colmena": "colmena", "grub2-themes": "grub2-themes", - "home-manager": "home-manager", "hyprland": "hyprland", "hyprpanel": "hyprpanel", "nix-flatpak": "nix-flatpak", diff --git a/flake.nix b/flake.nix index e0a1358..861295a 100755 --- a/flake.nix +++ b/flake.nix @@ -2,13 +2,14 @@ description = "Emile's Nix Dotfiles"; inputs = { - #nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + # nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; + #nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - home-manager = { - url = "github:nix-community/home-manager"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + #home-manager = { + # url = "github:nix-community/home-manager"; + # inputs.nixpkgs.follows = "nixpkgs"; + #}; spicetify-nix = { url = "github:Gerg-L/spicetify-nix"; @@ -31,17 +32,23 @@ hyprpanel.url = "github:Jas-SinghFSU/HyprPanel"; - colmena.url = "github:zhaofengli/colmena"; + # colmena.url = "github:zhaofengli/colmena"; + colmena.url = "github:zhaofengli/colmena/?rev=47b6414d800c8471e98ca072bc0835345741a56a"; + # alternative to colmena (currently in testing) + #deploy-rs.url = "github:serokell/deploy-rs"; + + #wishlist.url = "path:/home/me/nixdots/flakes/wishlist"; }; outputs = { self, nixpkgs, - home-manager, + #home-manager, hyprland, grub2-themes, nixcord, colmena, + #deploy-rs, ... } @ inputs: let system = "x86_64-linux"; @@ -51,61 +58,9 @@ config = { allowUnfree = true; - # Colmena's latest stable version is - # unusable so get latest unstable version. - #packageOverrides = pkgsBuild: let - # src = pkgsBuild.fetchFromGitHub { - # owner = "zhaofengli"; - # repo = "colmena"; - # rev = "47b6414d800c8471e98ca072bc0835345741a56a"; - # sha256 = "rINodqeUuezuCWOnpJgrH7u9vJ86fYT+Dj8Mu8T/IBc="; - # };:cl - # #flake = import (src + "/flake.nix"); - #in { - # colmena = let - # flake = pkgsBuild.callPackage "${src}/flake.nix" {}; - # #flake = import "${src}/package.nix"; - # #flake = import "${src}/flake.nix"; - # #flake-outputs = flake.outputs { - # # inherit self; - # # inherit nixpkgs; - # # inherit stable; - # # inherit flake-utils; - # # - # #}; - # in - # flake; - # #flake.outputs.packages."${system}".colmena {}; - # - # #pkgsBuild.callPackage flake.packages.${system}.colmena {}; - # #colmena = flake.packages."${system}".colmena; - #}; }; }; - # colmena-new = pkgs.colmena.overrideAttrs (old: { - # src = pkgs.fetchFromGitHub { - # owner = "zhaofengli"; - # repo = "colmena"; - # rev = "47b6414d800c8471e98ca072bc0835345741a56a"; - # sha256 = "rINodqeUuezuCWOnpJgrH7u9vJ86fYT+Dj8Mu8T/IBc="; - # }; - # cargoHash = pkgs.lib.fakeHash; - # cargoSha256 = pkgs.lib.fakeSha256; - # }); - - #pkgsColmena = import (builtins.fetchGit { - # name = "nixpkgs-unstable-colmena"; - # url = "https://github.com/NixOS/nixpkgs/"; - # ref = "refs/heads/nixpkgs-unstable"; - # rev = "21808d22b1cda1898b71cf1a1beb524a97add2c4"; - #}) {}; - - #pkgsColmena = import (builtins.fetchTarball { - # url = "https://github.com/NixOS/nixpkgs/archive/21808d22b1cda1898b71cf1a1beb524a97add2c4.tar.gz"; - # sha256 = "0v2z6jphhbk1ik7fqhlfnihcyff5np9wb3pv19j9qb9mpildx0cg"; - #}) {inherit system;}; - # TODO: come back to this its really cool # this is just something I'm experimenting with PROJECT_ROOT = builtins.toString ./.; @@ -140,26 +95,49 @@ }; # meine vps - #imbored = nixpkgs.lib.nixosSystem { - # specialargs = {inherit inputs pkgs;}; + # hyrule = nixpkgs.lib.nixosSystem { + # # manually set system architecture since + # # this is for a remote deployment + # system = "x86_64-linux"; + # specialargs = {inherit inputs pkgs;}; # - # modules = [ - # ./hosts/imbored - # ]; - #}; + # modules = [ + # ./hosts/hyrule + # ]; + # }; }; + # remote deployment with deploy-rs + # deploy.nodes.hyrule = { + # hostname = "imbored.dev"; + # # create a primary profile called "system" + # profiles.system = { + # user = "root"; # user to deploy to + # path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.hyrule; + # + # # ssh configuration for reaching the server + # sshUser = "ae"; + # #interactiveSudo = true; # TODO: use this and revoke passwordless sudo for ae + # sshOpts = ["-i" "/home/me/.ssh/id_hyrule"]; + # remoteBuild = false; # build locally then deploy to remote host + # }; + # }; + # remote deployment to my servers!! - #colmenaHive = colmena.lib.makeHive self.outputs.colmena; - #colmena = { colmenaHive = colmena.lib.makeHive { meta = { # set nixpkgs global nixpkgs = pkgs; # set nixpkgs per server - # nodeNixpkgs = { - # hyrule = pkgs; - # }; + nodeNixpkgs = { + hyrule = import nixpkgs { + system = "x86_64-linux"; + config.allowUnfree = false; + }; + }; + + # we can use `specialArgs.inputs` to inject wishlist into hyrule's module + #specialArgs.inputs = with inputs; {inherit wishlist;}; }; # meine vps diff --git a/flakes/wishlist.nix b/flakes/wishlist.nix deleted file mode 100644 index 74813b3..0000000 --- a/flakes/wishlist.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ - inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - flake-utils.url = "github:numtide/flake-utils"; - }; - - outputs = { - self, - nixpkgs, - flake-utils, - }: { - # TODO: 1. add options (ie one to set whether the server should be enabled), - # 2. create a systemd service - # 3. create a main program - # 4. celibrate - - packages = flake-utils.lib.eachDefaultSystem ( - system: let - version = "0.15.1"; - pkgs = nixpkgs.legacyPackages.${system}; - lib = pkgs.lib; - in { - wishlist = pkgs.buildGoModule { - pname = "wishlist"; - inherit version; - meta = with lib; { - homepage = "https://github.com/charmbracelet/wishlist"; - description = "Your SSH directory."; - license = licenses.mit; - maintainers = with maintainers; [caarlos0]; - }; - - src = pkgs.fetchFromGithub { - owner = "charmbracelet"; - repo = "wishlist"; - rev = "v${version}"; # TODO: is this ok? should this be a hash instead? - hash = "0c9g1s8j9znzd1mw61d0klc6sqri0wx6hljibxdwzi3cabfy3ld6"; - }; - vendorSha256 = lib.fakeSha256; - }; - } - ); - }; -} diff --git a/flakes/wishlist/README b/flakes/wishlist/README new file mode 100644 index 0000000..5c662bb --- /dev/null +++ b/flakes/wishlist/README @@ -0,0 +1,31 @@ +#### wishlist.nix +This is a simple Nix flake defining a service from which +wishlist can run automatically. This flake runs wishlist-0.15.1 +and lacks configurability unfortunately. However this was an +intentional choice, allowing wishlist to read from the user's +`~/.ssh/config` file, which can be configured seperately using +the something akin to the follow home-manager snippet: +```nix +programs.ssh = { + enable = true; + addKeysToAgent = "yes"; # always add keys to ssh-agent + + matchBlocks = { + hyrule = { + hostname = "imbored.dev"; + user = "ae"; + port = 22; + identityFile = "/home/me/.ssh/id_hyrule"; + }; + }; +}; + +``` + +This decision was mostly selfish as it was easiest... +But it comes at the cost of not being able to set the +port wishlist listens on. So for now you're stuck with `2222`. + +###### The Future!! (woooowwww) +Create an option for wishlist that is used to construct +the `config.yaml` file diff --git a/flakes/wishlist/flake.nix b/flakes/wishlist/flake.nix new file mode 100644 index 0000000..a98561a --- /dev/null +++ b/flakes/wishlist/flake.nix @@ -0,0 +1,93 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + flake-utils.url = "github:numtide/flake-utils"; + }; + + outputs = { + self, + config, + nixpkgs, + lib, + flake-utils, + }: let + cfg = config.services.wishlist; + supportedSystems = ["x86_64-linux" "i686-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin"]; + in { + # TODO: 1. add options (ie one to set whether the server should be enabled), + # 2. create a systemd service + # 3. create a main program + # 4. celibrate + + # TODO: do I need to make this a home-manager option and set the yaml config? + + # define what settings a user can change + options = { + services.wishlist = with lib; { + enable = mkEnableOption "wishlist"; + + port = mkOption { + type = types.port; + default = 2222; + description = "Port to listen on"; + }; + + package = mkOption { + type = types.package; + default = self.packages.${nixpkgs.system}.default; + description = "Package to use"; + }; + }; + }; + + # define a systemd service for wishlist ^_^ + config = lib.mkIf cfg.enable { + systemd.services.wishlist = { + description = "Single entrypoint for multiple SSH endpoints"; + wantedBy = ["multi-user.target"]; + + serviceConfig = { + DynamicUser = "yes"; + ExecStart = "${cfg.package}/bin/wishlist serve"; + Restart = "always"; + RestartSec = "2s"; + }; + }; + }; + + packages = flake-utils.lib.eachSystem supportedSystems ( + system: let + version = "0.15.1"; + #pkgs = nixpkgs.legacyPackages.${system}; + pkgs = import nixpkgs { + inherit system; + config.allowUnfree = false; + }; + #lib = pkgs.lib; + in rec { + defaultPackage = self.packages.${system}.wishlist; + wishlist = pkgs.buildGoModule { + pname = "wishlist"; + inherit version; + meta = with lib; { + description = "Single entrypoint for multiple SSH endpoints"; + homepage = "https://github.com/charmbracelet/wishlist"; + changelog = "https://github.com/charmbracelet/wishlist/releases/tag/v${version}"; + license = licenses.mit; + maintainers = with maintainers; [caarlos0 penguwin]; + mainProgram = "wishlist"; + }; + + src = pkgs.fetchFromGitHub { + owner = "charmbracelet"; + repo = "wishlist"; + rev = "v${version}"; + # rev = "d7f058e115a8b4a4131406d01dde84fb4a8e93c4"; + hash = "53fojA+gdvpSVNjx6QncH16F8/x+lpY5SkNs7obW2XQ="; + }; + vendorSha256 = "0x6rss3fwv2398wrd5kyzkrqaphzvh4ykwfqai9glxm01y6fhxz7"; + }; + } + ); + }; +} diff --git a/flakes/wishlist/wishlist.nix b/flakes/wishlist/wishlist.nix new file mode 100644 index 0000000..1bdb24b --- /dev/null +++ b/flakes/wishlist/wishlist.nix @@ -0,0 +1,99 @@ +# NOTE: Wishlist service fails on nix because of readonly file system +# and it can't find a config file for itself, it needs to write that +# itself I suppose :( +# So: +# 1. Get it to write that file, and +# 2. Allow it to inherit profiles from configured ssh +{ + self, + config, + pkgs, + lib, +}: let + cfg = config.services.wishlist; +in { + options = { + services.wishlist = with lib; { + enable = mkEnableOption "wishlist"; + + name = mkOption { + type = types.str; + default = + }; + + port = mkOption { + type = types.port; + default = 2222; + description = "Port to listen on"; + }; + + #configPath = mkOption { + # type = types.path; + # default = ; + # description = "Path to config file"; + #}; + + package = mkOption { + type = types.package; + default = self.packages.${nixpkgs.system}.default; + description = "Package to use"; + }; + }; + }; + + # define a systemd service for wishlist ^_^ + config = lib.mkIf cfg.enable { + systemd.services.wishlist = { + description = "Single entrypoint for multiple SSH endpoints"; + wantedBy = ["multi-user.target"]; + + serviceConfig = let + wishlistServiceConfig = pkgs.writeText "config.yaml" '' + hello world! + ''; + in { + DynamicUser = "yes"; + ExecStart = "${pkgs.wishlist}/bin/wishlist serve --config ${wishlistServiceConfig}"; + Restart = "always"; + RestartSec = "2s"; + }; + }; + }; + + /* + packages = flake-utils.lib.eachSystem supportedSystems ( + system: let + version = "0.15.1"; + #pkgs = nixpkgs.legacyPackages.${system}; + pkgs = import nixpkgs { + inherit system; + config.allowUnfree = false; + }; + #lib = pkgs.lib; + in rec { + defaultPackage = self.packages.${system}.wishlist; + wishlist = pkgs.buildGoModule { + pname = "wishlist"; + inherit version; + meta = with lib; { + description = "Single entrypoint for multiple SSH endpoints"; + homepage = "https://github.com/charmbracelet/wishlist"; + changelog = "https://github.com/charmbracelet/wishlist/releases/tag/v${version}"; + license = licenses.mit; + maintainers = with maintainers; [caarlos0 penguwin]; + mainProgram = "wishlist"; + }; + + src = pkgs.fetchFromGitHub { + owner = "charmbracelet"; + repo = "wishlist"; + rev = "v${version}"; + # rev = "d7f058e115a8b4a4131406d01dde84fb4a8e93c4"; + hash = "53fojA+gdvpSVNjx6QncH16F8/x+lpY5SkNs7obW2XQ="; + }; + vendorSha256 = "0x6rss3fwv2398wrd5kyzkrqaphzvh4ykwfqai9glxm01y6fhxz7"; + }; + } + ); + */ +} diff --git a/god_help_me b/god_help_me deleted file mode 100755 index 6363158..0000000 --- a/god_help_me +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env bash -sudo nixos-rebuild switch --flake . --install-bootloader - -nix-collect-garbage --delete-old -sudo nix-collect-garbage -d - -sudo /run/current-system/bin/switch-to-configuration boot diff --git a/homes/ae/default.nix b/homes/ae/default.nix new file mode 100644 index 0000000..b92f739 --- /dev/null +++ b/homes/ae/default.nix @@ -0,0 +1,56 @@ +{ + inputs, + outputs, + lib, + config, + pkgs, + ... +}: { + nixpkgs = { + config.allowUnfree = false; + }; + + imports = [ + ]; + + home = { + username = "ae"; + homeDirectory = "/home/ae"; + }; + + programs = { + }; + + # Nicely reload system units when changing configs + systemd.user.startServices = "sd-switch"; + + # ssh = { + # enable = true; + # forwardAgent = true; + # addKeysToAgent = "yes"; + + # matchBlocks = { + # hyrule = { + # hostname = "imbored.dev"; + # user = "ae"; + # port = 22; + # identityFile = "/home/ae/.ssh/id_hyrule"; + # }; + # }; + # }; + + # SERVICE: webfishing (example for wishlist) + #systemd.user.services.webfishing = { + # Unit.Description = "I be out here webfishing frfr"; + + # Install.WantedBy = ["default.target"]; + + # Service = { + # Type = "exec"; + # ExecStart = "echo $HOME; cat $HOME/.ssh/config"; + # Restart = "always"; + # }; + #}; + + home.stateVersion = "24.11"; # DO NOT MODIFY +} diff --git a/homes/me/default.nix b/homes/me/default.nix index 35f92f2..b858211 100755 --- a/homes/me/default.nix +++ b/homes/me/default.nix @@ -21,8 +21,8 @@ ../modules/firefox.nix ../modules/nixcord.nix - ../modules/hypr/hypridle.nix - ../modules/hypr/hyprlock.nix + #../modules/hypr/hypridle.nix + #../modules/hypr/hyprlock.nix ../modules/kanshi.nix ../modules/ags ]; @@ -102,8 +102,11 @@ # set ssh profiles # (all we need is hyrule, everything else is through wishlist) + # NOTE: (IMPORTANT) this DOES NOT start the ssh-agent + # for that you need to use `services.ssh-agent.enable` ssh = { enable = true; + forwardAgent = true; addKeysToAgent = "yes"; # always add keys to ssh-agent matchBlocks = { @@ -111,7 +114,13 @@ hostname = "imbored.dev"; user = "ae"; port = 22; - identityFile = "/home/me/.ssh/id_hyrule"; + identityFile = "~/.ssh/id_hyrule"; + }; + subspace = { + hostname = "imbored.dev"; + user = "subspace"; + port = 22; + identityFile = "~/.ssh/id_subspace"; }; }; }; @@ -149,8 +158,10 @@ # enable OpenSSH private key agent services.ssh-agent.enable = true; + # the ssh-agent won't set this for itself... + systemd.user.sessionVariables.SSH_AUTH_SOCK = "$XDG_RUNTIME_DIR/ssh-agent"; + #home.sessionVariables.SSH_AUTH_SOCK = "$XDG_RUNTIME_DIR/ssh-agent"; - # ----- SERVICES ----- # Nicely reload system units when changing configs systemd.user.startServices = "sd-switch"; diff --git a/homes/subspace/default.nix b/homes/subspace/default.nix new file mode 100644 index 0000000..fc1ba5a --- /dev/null +++ b/homes/subspace/default.nix @@ -0,0 +1,72 @@ +{ + inputs, + outputs, + lib, + config, + pkgs, + ... +}: { + nixpkgs = { + config.allowUnfree = false; + }; + + imports = [ + ]; + + home = { + username = "subspace"; + homeDirectory = "/home/subspace"; + }; + + programs = { + fish = { + enable = true; + # Extra commands to run when entering a interactive shell + # (for the subspace user this will be exiting fish to + # run wishlist instead, a shell should not pop up!) + loginShellInit = '' + clear + exec wishlist + ''; + }; + + ssh = { + enable = true; + forwardAgent = true; + addKeysToAgent = "yes"; + + matchBlocks = { + hyrule = { + hostname = "imbored.dev"; + user = "ae"; + port = 22; + identityFile = "~/.ssh/id_hyrule"; + }; + YearnForTheMines = { + hostname = "deadlyserver.com"; + user = "emile"; + port = 24096; + identityFile = "~/.ssh/id_deadlyserver"; + }; + }; + }; + }; + + # Nicely reload system units when changing configs + systemd.user.startServices = "sd-switch"; + + # SERVICE: webfishing (example for wishlist) + #systemd.user.services.webfishing = { + # Unit.Description = "I be out here webfishing frfr"; + + # Install.WantedBy = ["default.target"]; + + # Service = { + # Type = "exec"; + # ExecStart = "echo $HOME; cat $HOME/.ssh/config"; + # Restart = "always"; + # }; + #}; + + home.stateVersion = "24.11"; # DO NOT MODIFY +} diff --git a/hosts/hyrule/default.nix b/hosts/hyrule/default.nix index 9fc6437..ed42af1 100755 --- a/hosts/hyrule/default.nix +++ b/hosts/hyrule/default.nix @@ -5,8 +5,8 @@ ... }: let home-manager = builtins.fetchTarball { - url = "https://github.com/nix-community/home-manager/archive/master.tar.gz"; - sha256 = "19w63qccz78v0spx03911z98w1bvlxvd07hb0ma14a4vdzi4ninj"; + url = "https://github.com/nix-community/home-manager/archive/release-24.11.tar.gz"; + sha256 = "0c07xj74vsj37d3a8f98i9rhhhr99ckwlp45n40f0qkmigm3pk8s"; }; in { # TODO: @@ -15,11 +15,18 @@ in { imports = [ ./hardware-configuration.nix + (import "${home-manager}/nixos") + #../../flakes/wishlist/wishlist.nix #../modules/server/nginx.nix #../modules/server/ssh.nix #../modules/server/fail2ban.nix ]; + # override wishlist with the new cool one! + #pkgs.config.packageOverrides = { + # wishlist = inputs.wishlist.packages.x86_64-linux.wishlist; + #}; + nix.settings = { # make wheel group trusted users allows my "ae" user # to import packages not signed by a trusted key @@ -44,7 +51,8 @@ in { targetHost = "imbored.dev"; targetUser = "ae"; targetPort = 22; - sshOptions = ["-i ~/.ssh/id_hyrule"]; + # the following line is unnecessary if using an ssh agent + #sshOptions = ["-i /home/me/.ssh/id_hyrule"]; #keys = { # "imbored.dev" = { # # text, keyCommand, or keyFile must be set @@ -72,6 +80,9 @@ in { 22 # sshd 80 # nginx 443 # nginx + 2222 # wishlist + 2035 # debug (for my job) + 5000 # debug (for my job) ]; }; }; @@ -86,13 +97,27 @@ in { # primary user ae = { isNormalUser = true; - extraGroups = ["wheel" "networkmanager"]; + extraGroups = ["wheel" "networkmanager" "docker"]; shell = pkgs.bash; home = "/home/ae"; # TEMP: remove and replace with home-manager packages = with pkgs; [ ]; }; + subspace = let + # override + wishlistBash = + pkgs.bash.override { + }; + in { + isNormalUser = true; + shell = pkgs.bash; + home = "/home/subspace"; + packages = with pkgs; [ + wishlist + ]; + }; + # user for friends to ssh into friends = { isNormalUser = true; @@ -104,6 +129,16 @@ in { }; }; + virtualisation.docker.enable = true; + + home-manager = { + users = { + ae = import ../../homes/ae; + subspace = import ../../homes/subspace; + }; + sharedModules = []; + }; + services = { # simple nginx instance to host static construction page nginx = { @@ -127,18 +162,21 @@ in { }; }; - # quick and dirty way temporary way accessing my server openssh = { enable = true; ports = [22]; settings = { PasswordAuthentication = true; PermitRootLogin = "no"; - AllowUsers = ["ae"]; # allow all users by default + AllowUsers = ["ae" "subspace"]; # allow all users by default UseDns = true; X11Forwarding = false; }; }; + + #wishlist = { + # enable = true; + #}; }; # accept Lets Encrypt's security policy (for nginx) security.acme = { @@ -146,16 +184,11 @@ in { defaults.email = "eclarkboman@gmail.com"; }; - #home-manager = { - # users = { - # dev = import ../../homes/dev; - # friends = import ../../homes/friends; - # }; - #}; - environment.systemPackages = with pkgs; [ vim helix + + #wishlist ]; programs = { @@ -172,5 +205,17 @@ in { }; }; + #systemd.services.wishlist = { + # description = "Single entrypoint for multiple SSH endpoints"; + # wantedBy = ["multi-user.target"]; + # + # serviceConfig = { + # DynamicUser = "yes"; + # ExecStart = "${pkgs.wishlist}/bin/wishlist serve --config /home/$USER/.ssh/config"; + # Restart = "always"; + # RestartSec = "2s"; + # }; + #}; + system.stateVersion = "24.11"; # DO NOT MODIFY } diff --git a/hosts/lolcathost/default.nix b/hosts/lolcathost/default.nix index 961d6c8..e8c0989 100755 --- a/hosts/lolcathost/default.nix +++ b/hosts/lolcathost/default.nix @@ -4,13 +4,9 @@ lib, ... }: let - #home-manager = builtins.fetchTarball { - # url = "https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz"; - # sha256 = "00wp0s9b5nm5rsbwpc1wzfrkyxxmqjwsc1kcibjdbfkh69arcpsn"; - #}; home-manager = builtins.fetchTarball { - url = "https://github.com/nix-community/home-manager/archive/master.tar.gz"; - sha256 = "19w63qccz78v0spx03911z98w1bvlxvd07hb0ma14a4vdzi4ninj"; + url = "https://github.com/nix-community/home-manager/archive/release-24.11.tar.gz"; + sha256 = "15k41il0mvmwyv6jns4z8k6khhmb22jk5gpcqs1paym3l01g6abn"; }; in { imports = [ diff --git a/hosts/myputer/default.nix b/hosts/myputer/default.nix index f5a3046..a667b75 100755 --- a/hosts/myputer/default.nix +++ b/hosts/myputer/default.nix @@ -2,11 +2,12 @@ pkgs, inputs, lib, + wishlist, ... }: let home-manager = builtins.fetchTarball { - url = "https://github.com/nix-community/home-manager/archive/master.tar.gz"; - sha256 = "1jxrzlgc0xzad5hrjixab4brhir1hyf6cvq0zhgb7z9x06kaydin"; #"0kg9iaixqygpncw7avgh1grwyjgnfc9i7k9pk8hc4xrvr8jv2l3c"; + url = "https://github.com/nix-community/home-manager/archive/release-24.11.tar.gz"; + sha256 = "1dga3vsd60v9mfyhwgbil13mrchw5crbpgh4zjw9fghv1vyk89vq"; }; in { imports = [ @@ -32,7 +33,7 @@ in { boot.loader = { efi = { canTouchEfiVariables = true; - efiSysMountPoint = "/boot"; #/boot/efi + efiSysMountPoint = "/boot/efi"; #/boot/efi }; grub = { efiSupport = true; @@ -109,9 +110,11 @@ in { # just me fr (personal account) me = { isNormalUser = true; - extraGroups = ["wheel"]; + extraGroups = ["wheel" "docker"]; shell = pkgs.bash; #pkgs.fish packages = let + # TODO: can I just do this: https://nix.dev/manual/nix/2.18/command-ref/new-cli/nix3-flake#url-like-syntax + # instead to use colmena's flake.nix by specifying a rev hash in the flake input? colmena-src = pkgs.fetchFromGitHub { owner = "zhaofengli"; repo = "colmena"; @@ -130,6 +133,9 @@ in { gnome-software colmena-new + + gitkraken + keyguard # bitwarden client app ]; }; @@ -167,13 +173,17 @@ in { wl-clipboard # clipboard for wayland hyprpicker - (callPackage ../sddm-theme-corners.nix {}).sddm-theme-corners + #(callPackage ../sddm-theme-corners.nix {}).sddm-theme-corners # dependencies for my sddm theme: pkgs.libsForQt5.qt5.qtgraphicaleffects python311 # I use 3.11 since it's in a pretty stable state now poetry # python dependency management and packaging + nixd # lsp for nix + + neofetch # TODO: remove (installed to debug something) + # fish plugins grc # colorise command outputs @@ -184,11 +194,17 @@ in { tldr #btop + tesseract # for my work with Agribit + + # TODO: remove this and host my nix flake on github instead + #wishlist + # Pretty necessary git brightnessctl acpi vim + nix-prefetch-git # Unix Commands wget @@ -216,8 +232,9 @@ in { programs = { hyprland = { enable = true; - package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland; - portalPackage = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland; + # TODO: uncomment, I did this when hyprland wasn't working + #package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland; + #portalPackage = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland; xwayland.enable = true; }; @@ -305,13 +322,15 @@ in { "flakes" ]; + virtualisation.docker.enable = true; + # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; + #programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + #}; # Enable the OpenSSH daemon. # services.openssh.enable = true; diff --git a/hosts/myputer/hardware-configuration.nix b/hosts/myputer/hardware-configuration.nix index af7972b..904a0c2 100755 --- a/hosts/myputer/hardware-configuration.nix +++ b/hosts/myputer/hardware-configuration.nix @@ -22,7 +22,7 @@ fsType = "ext4"; }; - fileSystems."/boot" = { + fileSystems."/boot/efi" = { device = "/dev/disk/by-uuid/7046-177A"; fsType = "vfat"; options = ["fmask=0077" "dmask=0077"]; diff --git a/result b/result new file mode 120000 index 0000000..fab173e --- /dev/null +++ b/result @@ -0,0 +1 @@ +/nix/store/clc95m2c889yns3n8c71vfgb1q2qd419-nixos-system-myputer-24.11.20250212.0ff09db \ No newline at end of file