diff --git a/.github/workflows/nodes.yml b/.github/workflows/nodes.yml index 97def271..ce5d5aba 100644 --- a/.github/workflows/nodes.yml +++ b/.github/workflows/nodes.yml @@ -152,68 +152,6 @@ jobs: command: ci-build-cache quiet: false stdin: ${{ runner.temp }}/ci.build.cache - goliath: - name: nodes-goliath - runs-on: ubuntu-latest - steps: - - id: checkout - name: git clone - uses: actions/checkout@v1 - with: - submodules: false - - id: nix-install - name: nix install - uses: arcnmx/ci/actions/nix/install@nix2.4 - - id: ci-setup - name: nix setup - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.goliath.run.bootstrap - quiet: false - - id: architectures - name: prepare for emulated builds - run: 'sudo $(which archbinfmt) - - ' - - id: ci-dirty - name: nix test dirty - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.goliath.run.test - command: ci-build-dirty - quiet: false - stdout: ${{ runner.temp }}/ci.build.dirty - - id: ci-test - name: nix test build - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.goliath.run.test - command: ci-build-realise - ignore-exit-code: true - quiet: false - stdin: ${{ runner.temp }}/ci.build.dirty - - env: - CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }} - id: ci-summary - name: nix test results - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.goliath.run.test - command: ci-build-summarise - quiet: false - stdin: ${{ runner.temp }}/ci.build.dirty - stdout: ${{ runner.temp }}/ci.build.cache - - env: - CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }} - id: ci-cache - if: always() - name: nix test cache - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.goliath.run.test - command: ci-build-cache - quiet: false - stdin: ${{ runner.temp }}/ci.build.cache koishi: name: nodes-koishi runs-on: ubuntu-latest @@ -462,68 +400,6 @@ jobs: command: ci-build-cache quiet: false stdin: ${{ runner.temp }}/ci.build.cache - shinmyoumaru: - name: nodes-shinmyoumaru - runs-on: ubuntu-latest - steps: - - id: checkout - name: git clone - uses: actions/checkout@v1 - with: - submodules: false - - id: nix-install - name: nix install - uses: arcnmx/ci/actions/nix/install@nix2.4 - - id: ci-setup - name: nix setup - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.shinmyoumaru.run.bootstrap - quiet: false - - id: architectures - name: prepare for emulated builds - run: 'sudo $(which archbinfmt) - - ' - - id: ci-dirty - name: nix test dirty - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.shinmyoumaru.run.test - command: ci-build-dirty - quiet: false - stdout: ${{ runner.temp }}/ci.build.dirty - - id: ci-test - name: nix test build - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.shinmyoumaru.run.test - command: ci-build-realise - ignore-exit-code: true - quiet: false - stdin: ${{ runner.temp }}/ci.build.dirty - - env: - CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }} - id: ci-summary - name: nix test results - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.shinmyoumaru.run.test - command: ci-build-summarise - quiet: false - stdin: ${{ runner.temp }}/ci.build.dirty - stdout: ${{ runner.temp }}/ci.build.cache - - env: - CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }} - id: ci-cache - if: always() - name: nix test cache - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.shinmyoumaru.run.test - command: ci-build-cache - quiet: false - stdin: ${{ runner.temp }}/ci.build.cache yukari: name: nodes-yukari runs-on: ubuntu-latest diff --git a/config/hosts/daiyousei.nix b/config/hosts/daiyousei.nix index ac7580ff..0f837cd3 100644 --- a/config/hosts/daiyousei.nix +++ b/config/hosts/daiyousei.nix @@ -5,7 +5,6 @@ profiles.network users.kat.services.weechat services.nginx - services.gitea services.murmur services.murmur-ldap services.prosody diff --git a/config/hosts/issun-boushi.nix b/config/hosts/issun-boushi.nix deleted file mode 100644 index c6499361..00000000 --- a/config/hosts/issun-boushi.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ config, meta, pkgs, lib, modulesPath, ... }: with lib; { - imports = with meta; [ - profiles.hardware.raspi - (modulesPath + "/installer/sd-card/sd-image-raspberrypi.nix") - ]; - - home-manager.users.kat.programs.neovim.enable = mkForce false; - programs.mosh.enable = mkForce false; - - boot.supportedFilesystems = mkForce (singleton "ext4"); - - deploy.tf = { - resources.shinmyoumaru = { - provider = "null"; - type = "resource"; - connection = { - port = head config.services.openssh.ports; - host = config.network.addresses.private.nixos.ipv4.address; - }; - }; - }; - - networking = { - useDHCP = true; - interfaces.eth0.useDHCP = true; - }; - - network = { - addresses = { - private = { - enable = true; - nixos = { - ipv4.address = "192.168.1.34"; - }; - }; - }; - yggdrasil = { - enable = false; - pubkey = "70c18030247e98fdffe4fd81f5fa8c7c4ed43fd6a4fb2b5ef7af0a010d08f63c"; - address = "200:691b:b4fb:6987:711f:bde:9b5c:8af3"; - listen.enable = false; - listen.endpoints = [ "tcp://0.0.0.0:0" ]; - }; - firewall = { - private.interfaces = singleton "yggdrasil"; - public.interfaces = singleton "eth0"; - }; - }; - - system.stateVersion = "21.11"; -} diff --git a/config/hosts/rinnosuke.nix b/config/hosts/rinnosuke.nix index 1c09dec2..f5f947fd 100644 --- a/config/hosts/rinnosuke.nix +++ b/config/hosts/rinnosuke.nix @@ -3,7 +3,8 @@ profiles.hardware.oracle.ubuntu profiles.network services.nginx - ] ++ optional (builtins.getEnv "CI_PLATFORM" == "impure" && builtins.pathExists ../trusted/knot) ../trusted/knot; + services.knot + ]; kw.oci = { specs = { diff --git a/config/hosts/shinmyoumaru.nix b/config/hosts/shinmyoumaru.nix deleted file mode 100644 index 6715e8bf..00000000 --- a/config/hosts/shinmyoumaru.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ config, meta, pkgs, lib, modulesPath, ... }: with lib; { - imports = with meta; [ - profiles.hardware.raspi - services.dnscrypt-proxy - services.dht22-exporter - (modulesPath + "/installer/sd-card/sd-image-raspberrypi.nix") - ]; - - home-manager.users.kat.programs.neovim.enable = mkForce false; - programs.mosh.enable = mkForce false; - - boot.supportedFilesystems = mkForce (singleton "ext4"); - - deploy.tf = { - resources.shinmyoumaru = { - provider = "null"; - type = "resource"; - connection = { - port = head config.services.openssh.ports; - host = config.network.addresses.private.nixos.ipv4.address; - }; - }; - }; - - networking = { - useDHCP = true; - interfaces.eth0.useDHCP = true; - }; - - network = { - addresses = { - private = { - enable = true; - nixos = { - ipv4.address = "192.168.1.33"; - }; - }; - }; - yggdrasil = { - enable = false; - pubkey = "70c18030247e98fdffe4fd81f5fa8c7c4ed43fd6a4fb2b5ef7af0a010d08f63c"; - address = "200:691b:b4fb:6987:711f:bde:9b5c:8af3"; - listen.enable = false; - listen.endpoints = [ "tcp://0.0.0.0:0" ]; - }; - firewall = { - private.interfaces = singleton "yggdrasil"; - public.interfaces = singleton "eth0"; - }; - }; - - system.stateVersion = "21.11"; -} diff --git a/config/profiles/network.nix b/config/profiles/network.nix index abe96aac..452e7700 100644 --- a/config/profiles/network.nix +++ b/config/profiles/network.nix @@ -48,7 +48,7 @@ services.tailscale.enable = true; - systemd.services.tailscale-autoconnect = { + systemd.services.tailscale-autoconnect = mkIf (builtins.getEnv "TF_IN_AUTOMATION" != "" || tf.state.enable) { description = "Automatic connection to Tailscale"; # make sure tailscale is running before trying to connect to tailscale diff --git a/config/services/dnscrypt-proxy.nix b/config/services/dnscrypt-proxy.nix index 2af2cce5..72d25579 100644 --- a/config/services/dnscrypt-proxy.nix +++ b/config/services/dnscrypt-proxy.nix @@ -1,36 +1,2 @@ { config, lib, pkgs, ... }: { - networking = { - resolvconf.useLocalResolver = true; - networkmanager.dns = "none"; - }; - - services.dnscrypt-proxy2 = { - enable = true; - settings = { - ipv6_servers = true; - require_dnssec = true; - - sources.public-resolvers = { - urls = [ - "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md" - "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md" - ]; - cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md"; - minisign_key = - "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3"; - }; - - # You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v2/public-resolvers.md - server_names = [ - "acsacsar-ams-ipv4" - "acsacsar-ams-ipv6" - "dnscrypt.eu-dk" - "dnscrypt.eu-dk-ipv6" - "dnscrypt.eu-nl" - "dnscrypt.eu-nl-ipv6" - "meganerd" - "meganerd-ipv6" - ]; - }; - }; } diff --git a/config/services/irlmail.nix b/config/services/irlmail.nix new file mode 100644 index 00000000..d0b4f55c --- /dev/null +++ b/config/services/irlmail.nix @@ -0,0 +1,49 @@ +{ config, tf, meta, lib, ... }: with lib; { + dns.zones."inskip.me." = { + provider = "dns.katdns"; + }; + + resources.gmail-mx = let + zone = config.dns.zones."inskip.me."; + in with zone; { + provider = provider.set; + type = "mx_record_set"; + inputs = { + zone = domain; + ttl = 3600; + mx = [ + { preference = 1; exchange = "aspmx.l.google.com."; } + { preference = 5; exchange = "alt1.aspmx.l.google.com."; } + { preference = 5; exchange = "alt2.aspmx.l.google.com."; } + { preference = 10; exchange = "alt3.aspmx.l.google.com."; } + { preference = 10; exchange = "alt4.aspmx.l.google.com."; } + { preference = 15; exchange = "6uyykkzhqi4zgogxiicbuamoqrxajwo5werga4byh77b2iyx3wma.mx-verification.google.com."; } + ]; + }; + }; + + dns.records = { + services_inskip_a = { + zone = "inskip.me."; + a.address = meta.network.nodes.marisa.network.addresses.public.nixos.ipv4.address; + }; + services_inskip_aaaa = { + zone = "inskip.me."; + aaaa.address = meta.network.nodes.marisa.network.addresses.public.nixos.ipv6.address; + }; + services_gmail_spf = { + zone = "inskip.me."; + txt.value = "v=spf1 include:_spf.google.com ~all"; + }; + services_gmail_dkim = { + zone = "inskip.me."; + domain = "google._domainkey"; + txt.value = "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxag/EmXQ89XQmLrBDPpPtZ7EtEJT0hgvWf/+AFiOfBOm902tq9NbTTvRJ2dLeBLPaV+hNvq2Alc7UfkKUDlLTWQjeuiC6aOnRKQQg3LZ2W25U3AlIj0jd2IPiUhg9JGV4c66XiqQ5ylTBniShfUUyeAXxbPhYFBCkBg62LZcO/tFpFsdKWtZzLjgac5vTJID+M4F8duHpkA/ZCNNUEmtt7RNQB/LLI1Gr5yR4GdQl9z7NmwtOTo9pghbZuvljr8phYjdDrwZeFTMKQnvR1l2Eh/dZ8I0C4nP5Bk4QEfmLq666P1HzOxwT6iCU6Tc+P/pkWbrx0HJh39E1aKGyLJMQIDAQAB"; + }; + services_gmail_dmarc = { + zone = "inskip.me."; + domain = "_dmarc"; + txt.value = "v=DMARC1; p=none; rua=mailto:dmarc-reports@inskip.me"; + }; + }; +} diff --git a/config/services/irlsite.nix b/config/services/irlsite.nix new file mode 100644 index 00000000..209db3a3 --- /dev/null +++ b/config/services/irlsite.nix @@ -0,0 +1,7 @@ +{ config, lib, pkgs, ... }: { + services.nginx.virtualHosts."inskip.me" = { + root = pkgs.irlsite; + enableACME = true; + forceSSL = true; + }; +} diff --git a/config/services/keycloak.nix b/config/services/keycloak.nix index d14985a1..c58e00dc 100644 --- a/config/services/keycloak.nix +++ b/config/services/keycloak.nix @@ -13,6 +13,7 @@ in { http-host = "127.0.0.1"; http-port = 8089; https-port = 8445; + proxy = "edge"; hostname = "auth.kittywit.ch"; http-relative-path = "/auth"; hostname-strict-backchannel = true; diff --git a/config/services/knot/default.nix b/config/services/knot/default.nix new file mode 100644 index 00000000..196253e9 --- /dev/null +++ b/config/services/knot/default.nix @@ -0,0 +1,35 @@ +{ config, lib, tf, pkgs, ... }: + +{ + network.dns.enable = false; + + kw.secrets.variables = { + katdns-key-config = { + path = "secrets/katdns"; + field = "notes"; + }; + }; + + network.firewall.public = { + tcp.ports = [ 53 ]; + udp.ports = [ 53 ]; + }; + + /* environment.etc."katdns/zones/gensokyo.zone.zone".text = let + dns = pkgs.dns; + in dns.lib.toString "gensokyo.zone" (import ./gensokyo.zone.nix { inherit dns lib; }); */ + + secrets.files.katdns-keyfile = { + text = "${tf.variables.katdns-key-config.ref}"; + owner = "knot"; + group = "knot"; + }; + + services.knot = { + enable = true; + extraConfig = builtins.readFile ./knot.yaml; + keyFiles = [ + config.secrets.files.katdns-keyfile.path + ]; + }; +} diff --git a/config/services/knot/dork.dev.nix b/config/services/knot/dork.dev.nix new file mode 100644 index 00000000..062f23bb --- /dev/null +++ b/config/services/knot/dork.dev.nix @@ -0,0 +1,20 @@ +{ dns, lib }: + +with dns.lib.combinators; + +{ + SOA = { + nameServer = "ns1"; + adminEmail = "kat@kittywit.ch"; + serial = 2021090100; + ttl = 3600; + }; + + CAA = map (x: x // { ttl = 3600; }) (letsEncrypt "acme@kittywit.ch"); + + NS = [ + "ns1.kittywit.ch." + "rdns1.benjojo.co.uk." + "rdns2.benjojo.co.uk." + ]; +} diff --git a/config/services/knot/gensokyo.zone.nix b/config/services/knot/gensokyo.zone.nix new file mode 100644 index 00000000..062f23bb --- /dev/null +++ b/config/services/knot/gensokyo.zone.nix @@ -0,0 +1,20 @@ +{ dns, lib }: + +with dns.lib.combinators; + +{ + SOA = { + nameServer = "ns1"; + adminEmail = "kat@kittywit.ch"; + serial = 2021090100; + ttl = 3600; + }; + + CAA = map (x: x // { ttl = 3600; }) (letsEncrypt "acme@kittywit.ch"); + + NS = [ + "ns1.kittywit.ch." + "rdns1.benjojo.co.uk." + "rdns2.benjojo.co.uk." + ]; +} diff --git a/config/services/knot/kittywit.ch.nix b/config/services/knot/kittywit.ch.nix new file mode 100644 index 00000000..65d1c870 --- /dev/null +++ b/config/services/knot/kittywit.ch.nix @@ -0,0 +1,20 @@ +{ dns, lib }: + +with dns.lib.combinators; + +{ + SOA = { + nameServer = "ns1"; + adminEmail = "kat@kittywit.ch"; + serial = 2021083001; + ttl = 3600; + }; + + CAA = map (x: x // { ttl = 3600; }) (letsEncrypt "acme@kittywit.ch"); + + NS = [ + "ns1.kittywit.ch." + "rdns1.benjojo.co.uk." + "rdns2.benjojo.co.uk." + ]; +} diff --git a/config/services/knot/knot.yaml b/config/services/knot/knot.yaml new file mode 100644 index 00000000..6a1090a6 --- /dev/null +++ b/config/services/knot/knot.yaml @@ -0,0 +1,60 @@ +server: + listen: [ 0.0.0.0@53, ::@53 ] + +remote: + - id: benjojo-1 + address: [ 185.230.223.84, 2a0c:2f07:4896:666:216:3eff:fedb:c742 ] + - id: benjojo-2 + address: 185.236.240.26 + - id: benjojo-3 + address: 185.230.223.7 + +acl: + - id: dnsupdate + key: dnsupdate.kittywit.ch. + action: update + - id: benjojo + remote: [ benjojo-1, benjojo-2, benjojo-3 ] + action: transfer + +zone: + - domain: kittywit.ch + semantic-checks: on + storage: /var/lib/knot/zones/ + file: kittywit.ch.zone + dnssec-signing: on + module: mod-stats + notify: [ benjojo-1, benjojo-2, benjojo-3 ] + zonefile-load: difference + acl: [ benjojo, dnsupdate ] + - domain: dork.dev + semantic-checks: on + storage: /var/lib/knot/zones/ + file: dork.dev.zone + dnssec-signing: on + module: mod-stats + notify: [ benjojo-1, benjojo-2, benjojo-3 ] + zonefile-load: difference + acl: [ benjojo, dnsupdate ] + - domain: inskip.me + semantic-checks: on + storage: /var/lib/knot/zones/ + file: inskip.me.zone + dnssec-signing: on + module: mod-stats + notify: [ benjojo-1, benjojo-2, benjojo-3 ] + zonefile-load: difference + acl: [ benjojo, dnsupdate ] + - domain: gensokyo.zone + semantic-checks: on + storage: /var/lib/knot/zones/ + file: gensokyo.zone.zone + dnssec-signing: on + module: mod-stats + notify: [ benjojo-1, benjojo-2, benjojo-3 ] + zonefile-load: difference + acl: [ benjojo, dnsupdate ] + +log: + - target: syslog + any: info diff --git a/config/services/openldap/default.nix b/config/services/openldap/default.nix index 0af3ab94..a9304f69 100644 --- a/config/services/openldap/default.nix +++ b/config/services/openldap/default.nix @@ -3,7 +3,7 @@ services.openldap = { enable = true; - urlList = [ "ldap:///" "ldapi:///" "ldaps:///" ]; + urlList = [ "ldap:///" "ldaps:///" ]; settings = { attrs = { objectClass = "olcGlobal"; diff --git a/config/services/website.nix b/config/services/website.nix index 11769ebb..a29f5aa5 100644 --- a/config/services/website.nix +++ b/config/services/website.nix @@ -5,10 +5,9 @@ services.nginx.virtualHosts = { "${config.network.dns.domain}" = { - root = pkgs.kat-hugosite; + root = pkgs.gensokyoZone; enableACME = true; forceSSL = true; }; - }; } diff --git a/config/tf b/config/tf index 046c6861..9422092e 160000 --- a/config/tf +++ b/config/tf @@ -1 +1 @@ -Subproject commit 046c6861f58f5113764ca2470748b7c87f29505e +Subproject commit 9422092e341bccb456c0d88c7cc5ee236f856e85 diff --git a/config/users/kat/base/shell.nix b/config/users/kat/base/shell.nix index 8d361eb1..54461f71 100644 --- a/config/users/kat/base/shell.nix +++ b/config/users/kat/base/shell.nix @@ -57,10 +57,6 @@ in "listrowsfirst" ]; in '' - ${if config.anicca.enabled then '' - HISTFILE=/persist/home/.zsh_history - '' else '' - ''} ${if pkgs.stdenv.system != "aarch64-darwin" then '' eval $(dircolors) '' else '' diff --git a/config/users/kat/dev/emacs.nix b/config/users/kat/dev/emacs.nix index 4f9319ff..73619649 100644 --- a/config/users/kat/dev/emacs.nix +++ b/config/users/kat/dev/emacs.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, inputs, ... }: with lib; +{ tf, config, lib, pkgs, inputs, ... }: with lib; let doom-emacs = pkgs.callPackage inputs.nix-doom-emacs { @@ -15,7 +15,7 @@ let }; }; in -optionalAttrs (builtins.getEnv "CI_PLATFORM" == "impure" && "mew" != "mew") { +optionalAttrs (builtins.getEnv "CI_PLATFORM" == "impure" && builtins.getEnv "TF_IN_AUTOMATION" != "") { home.packages = [ doom-emacs pkgs.sqlite ]; home.file.".emacs.d/init.el".text = '' diff --git a/config/users/kat/personal/packages.nix b/config/users/kat/personal/packages.nix index 6049860f..ffd08ff4 100644 --- a/config/users/kat/personal/packages.nix +++ b/config/users/kat/personal/packages.nix @@ -3,5 +3,6 @@ { home.packages = with pkgs; [ borgbackup + homebank ]; } diff --git a/flake.lock b/flake.lock index 06a57409..0cafe089 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ "arcexprs": { "flake": false, "locked": { - "lastModified": 1652207446, - "narHash": "sha256-KWMMkKny/5Ukh36rus2nr6X7rDmRBpjOdJeEwlnsJL8=", + "lastModified": 1654126673, + "narHash": "sha256-SxNpS14YUuwsSkd6PBfSTdzC191U6W36F3NQ0fJVr6U=", "owner": "arcnmx", "repo": "nixexprs", - "rev": "1d80363ae941952431cf377816c4790e451823f4", + "rev": "979321a3a55274c7eef9b85d74169b79e5a17824", "type": "github" }, "original": { @@ -37,11 +37,11 @@ "ci": { "flake": false, "locked": { - "lastModified": 1643398418, - "narHash": "sha256-j7Z+k1dUg65vvBhME+c3ve1Oxlu5GeI4oNwdo1NGL10=", + "lastModified": 1654122671, + "narHash": "sha256-75xNbnJ29pWK2GbOEA9yUA6mvx5hcDWBFaSOSpv5Ob0=", "owner": "arcnmx", "repo": "ci", - "rev": "1d38e73657284793de5251738adbe2c04a151c08", + "rev": "b78a5e52a21dad03dd4ca6d46354be6da1cf727a", "type": "github" }, "original": { @@ -113,11 +113,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1652959192, - "narHash": "sha256-bFEK+kNH7tMWVsdgUosIk9/xZFvapcaQDvF1ZroyLcw=", + "lastModified": 1654170097, + "narHash": "sha256-byrZN3k78pwg15puULonJUzTSEDjf8/YCkdUm/abla8=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "4681a0c9dcbcc70fb2befe2d3d56a5277fbac7f7", + "rev": "489651e2927fdf356b68123ed6f8c7910bfa7f7d", "type": "github" }, "original": { @@ -241,11 +241,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1652776076, - "narHash": "sha256-gzTw/v1vj4dOVbpBSJX4J0DwUR6LIyXo7/SuuTJp1kM=", + "lastModified": 1653893745, + "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "04c1b180862888302ddfb2e3ad9eaa63afc60cf8", + "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", "type": "github" }, "original": { @@ -282,11 +282,11 @@ ] }, "locked": { - "lastModified": 1652913097, - "narHash": "sha256-hOs8Z5WYzCor+qP+JgSgrCJRC+UuN9pfTUnXqyRUBvY=", + "lastModified": 1654113406, + "narHash": "sha256-70esZvhal+FsyU89mJRcAb+cDGHKt0sgZ6MlRr9Cplg=", "owner": "nix-community", "repo": "home-manager", - "rev": "cb9f03d519cf96fcd7dfb990cc0e586a62ca6e69", + "rev": "684e85d01d333be91c4875baebb05b93c7d2ffaa", "type": "github" }, "original": { @@ -407,11 +407,11 @@ }, "nixpkgs-darwin": { "locked": { - "lastModified": 1652881001, - "narHash": "sha256-k9JmPCojaJnqGz4aRXXT1HZqJKHCXijoMfBAb24abXk=", + "lastModified": 1654115789, + "narHash": "sha256-k9Qr8dLrmgEn+xIVbneJdQgCYG8FbbqOrTVaExUrLFI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2d474d6a4a43a0348b78db68dc00c491032cf5cf", + "rev": "bce6d15455f8c15c9ef511368947e7ef789c5316", "type": "github" }, "original": { @@ -423,11 +423,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1652794215, - "narHash": "sha256-erVj41IcCPDWdt8CwT60ygD+SY/uhqip3RXwiESOCVk=", + "lastModified": 1653931853, + "narHash": "sha256-O3wncIouj9x7gBPntzHeK/Hkmm9M1SGlYq7JI7saTAE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "242efdc5a5aff8222c1152c0e4b9262bd02915b6", + "rev": "f1c167688a6f81f4a51ab542e5f476c8c595e457", "type": "github" }, "original": { @@ -455,11 +455,11 @@ }, "nur": { "locked": { - "lastModified": 1652969435, - "narHash": "sha256-cbNoHYnKpAkhpx5wMnvXsZ9fvAsvVIPyk940nmOGog0=", + "lastModified": 1654172430, + "narHash": "sha256-6Y3ahiBZtqAYG0Mror5BdegviwWmhd5hcMhF/B/Nfng=", "owner": "nix-community", "repo": "nur", - "rev": "c5a7e11a501bed777dcbd0c6c7ab2093199f50e3", + "rev": "edb5c94d7640890a39325351825cc39fb1c014b1", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index d717afa6..5ceda98c 100644 --- a/flake.nix +++ b/flake.nix @@ -14,11 +14,6 @@ url = "github:kittywitch/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs"; }; - impermanence.url = "github:nix-community/impermanence/master"; - anicca = { - url = "github:kittywitch/anicca/main"; - flake = false; - }; nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-21.11-darwin"; darwin.url = "github:lnl7/nix-darwin/master"; darwin.inputs.nixpkgs.follows = "nixpkgs-darwin"; @@ -29,16 +24,15 @@ inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; }; - emacs-overlay = { - url = "github:nix-community/emacs-overlay/master"; - inputs.flake-utils.follows = "flake-utils"; - }; - nur.url = "github:nix-community/nur/master"; nix-doom-emacs = { url = "github:vlaci/nix-doom-emacs/develop"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; }; + emacs-overlay = { + url = "github:nix-community/emacs-overlay/master"; + inputs.flake-utils.follows = "flake-utils"; + }; tf-nix = { url = "github:arcnmx/tf-nix/master"; flake = false; @@ -55,18 +49,18 @@ }; outputs = { self, nixpkgs, flake-utils, darwin, home-manager-darwin, ... }@inputs: flake-utils.lib.eachDefaultSystem - (system: - let pkgs = nixpkgs.legacyPackages.${system}; in - rec { - devShell = import ./devShell.nix { inherit inputs system; }; - legacyPackages = import ./outputs.nix { inherit inputs system; }; - nixosConfigurations = legacyPackages.network.nodes; - } - ) // { + (system: + let pkgs = nixpkgs.legacyPackages.${system}; in + rec { + devShell = import ./devShell.nix { inherit inputs system; }; + legacyPackages = import ./outputs.nix { inherit inputs system; }; + nixosConfigurations = legacyPackages.network.nodes; + } + ) // { darwinConfigurations."sumireko" = let - system = "aarch64-darwin"; - meta = self.legacyPackages.${system}; - in darwin.lib.darwinSystem { + system = "aarch64-darwin"; + meta = self.legacyPackages.${system}; + in darwin.lib.darwinSystem { inherit inputs; inherit system; specialArgs = { diff --git a/overlays/darwin.nix b/overlays/darwin.nix index 13aba5fa..ed2e5d6a 100644 --- a/overlays/darwin.nix +++ b/overlays/darwin.nix @@ -5,13 +5,11 @@ let inherit system; overlays = [ (import ./nur { inherit inputs; }) - (import inputs.emacs-overlay) (import ./dns { inherit inputs; }) (import ./local) (import ./lib) ] ++ (map (path: import "${path}/overlay.nix") [ inputs.arcexprs - inputs.anicca ]); config = { allowUnfree = true; diff --git a/overlays/default.nix b/overlays/default.nix index 662c4ac4..92da9146 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -5,13 +5,11 @@ let inherit system; overlays = [ (import ./nur { inherit inputs; }) - (import inputs.emacs-overlay) (import ./dns { inherit inputs; }) (import ./local) (import ./lib) ] ++ (map (path: import "${path}/overlay.nix") [ inputs.arcexprs - inputs.anicca ]); config = { allowUnfree = true; diff --git a/overlays/local/default.nix b/overlays/local/default.nix index e417e8ea..67ba2c4a 100644 --- a/overlays/local/default.nix +++ b/overlays/local/default.nix @@ -1,6 +1,5 @@ final: prev: { vips = prev.vips.override { libjxl = null; }; - kat-hugosite = final.callPackage ./kat-hugosite.nix { }; sway-scrot = final.callPackage ./sway-scrot { }; vfio-vm = final.callPackage ./vm.nix { }; vfio-vm-pinning = final.callPackage ./vm-pinning.nix { }; diff --git a/overlays/local/irlsite.nix b/overlays/local/irlsite.nix new file mode 100644 index 00000000..437e5d3c --- /dev/null +++ b/overlays/local/irlsite.nix @@ -0,0 +1,15 @@ +{ stdenv, fetchFromGitHub, lib }: stdenv.mkDerivation rec { + name = "irlsite"; + src = fetchFromGitHub { + owner = "kittywitch"; + repo = "inskip.me"; + rev = "696e282339dd5b958b45bc1597d31f53c2e6616b"; + sha256 = lib.fakeSha256; + }; + buildPhase = '' + ''; + installPhase = '' + mkdir $out + cp -r ./* $out + ''; +} diff --git a/overlays/local/kat-hugosite.nix b/overlays/local/kat-hugosite.nix deleted file mode 100644 index 59175f5e..00000000 --- a/overlays/local/kat-hugosite.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ stdenv, fetchFromGitHub, hugo, lib }: stdenv.mkDerivation rec { - name = "kat-hugosite"; - src = fetchFromGitHub { - owner = "kittywitch"; - repo = "hugosite"; - rev = "2dc44e1668d38bb706b2290387a936c26d0dd50b"; - sha256 = "sha256-HuC8NebVfp7aXciFhaFbUin5g/ChH3g+zpRNJ/6qq7g="; - }; - buildPhase = '' - ${hugo}/bin/hugo - ''; - installPhase = '' - mkdir $out - cp -r public/* $out - ''; -} diff --git a/readme.md b/readme.md index 4e794f16..ceb746ff 100644 --- a/readme.md +++ b/readme.md @@ -1,137 +1,5 @@ # nixfiles -[![nodes][]][1] - -[This repository on my self hosted git.][] - -[This repository on GitHub.][] - -These are the NixOS configurations for my systems. I run nothing other than NixOS on my hardware, aside from virtual machines. - -## Nodes - -| Node | Network | Purpose | -|------------------|---------|---------------------------------------------------------------| -| [kyouko][] | Public | Currently the main server. Ad-hoc hetzner cloud box. | -| [marisa][] | Public | Reverse proxier and wireguard interconnect. Ad-hoc BuyVM box. | -| [daiyousei][] | Public | Intended kyouko replacement. Provisioned OCI Ampere box. | -| [rinnosuke][] | Public | My primary nameserver. Provisioned OCI EPYC box. | -| [shinmyoumaru][] | Public | My Raspberry Pi 1 Model B+. DHT22 sensors box. | -| [yukari][] | Private | Home server. NAS + HTPC, does DVB stuff. | -| [goliath][] | Private | Beloved workstation. Does VFIO. | -| [koishi][] | Private | Main laptop. | -| [ran][] | Private | CCTV netbook. | -| [chen][] | Private | CCTV netbook. | -| [medicine][] | None | Work-in-progress Live USB. | - -## Profiles - -See [here][] for additional information on profiles. - -| Profile | Purpose | -|--------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| [base][] | Base profile, always used. Root access, base16, home-manager, locale, network module, nix, packages, {,neo}vim profiles, secrets, shell and sysctl configuration. | -| [gui][] | GUI profile. Provides window managers, includes [DNSCrypt/dnscrypt-proxy][] service, filesystem packages, font, NixOS-side GPG, mingetty, NFS, QT, sound (pipewire) and XDG portal configuration. | -| [network][] | Manages Wireguard Mesh. | -| [shared][] | Shared systems. Provides hexchen and arc users. | -| [vfio][] | Provides host-unspecific VFIO. Fancy patched QEMU from [arcnmx/nixexprs][], [arcnmx/screenstub][] (however, patched in-repo for Q35), AMDGPU vendor-reset and ACS override. | -| [hardware][] | Sub-profiles for my hardware are provided here. Some are reusable. Of note is the Oracle sub-profiles. | -| [cross][] | Sub-profiles are provided for emulated compiling and build caching. | - -## User Profiles - -| Profile | Purpose | -|--------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| -| [base][2] | base16, git, inputrc, packages, secrets, kitty terminfo, SSH, tmux, weechat, vim, xdg and zsh configuration. | -| [dev][] | cookiecutters, rink, doom-emacs (although unused, forced to use PgtkGcc all fancily :3c), packages, rustfmt and (heavier on the node) vim configuration. | -| [gui][3] | firefox+userChrome+tst, font, kitty terminal, [dnkl/foot][] terminal, GTK, packages, QT, ranger and xdg configuration. | -| [media][] | mpv, obs, packages and syncplay configuration. | -| [personal][] | [arcnmx/rbw][] (fancier rbw), email via [arcnmx/notmuch-vim][], home-manager-side GPG, pass, weechat and zsh configuration. | -| [services][] | User services. weechat and mpd are provided. | -| [sway][] | sway, i3gopher, swayidle, swaylock-effects, screenshot tool, [kittywitch/konawall-rs][], mako, wofi, waybar and xkb (custom layout o:) configuration. | - -## Services - -| Service | Description | -|--------------------|--------------------------------------------------------------------------| -| [dnscrypt-proxy][] | DNSCrypt Proxy v2, fancy DNS stuffs. | -| [filehost][] | I sling things in here via SSH/SCP. | -| [fusionpbx][] | FusionPBX. Fancy PBX. | -| [gitea][] | Self-hosted git with mail support. | -| [glauth][] | LDAP server. | -| [jellyfin][] | HTPC/NAS stuff. | -| [katsplash][] | A splash screen for some hosts. | -| [kattv-ingest][] | Takes data from kattv, slings to RTMP. | -| [kattv][] | Takes data from a webcam, slings to kattv-ingest. | -| [keycloak][] | Fancy identity stuffs. | -| [knot][] | Knot DNS, authoritative DNS server. | -| [logrotate][] | Rotates logs! | -| [mail][] | [nixos-mailserver][]. | -| [matrix][] | Synapse and some appservices. Need to migrate the appservice configs in. | -| [murmur][] | Mumble! | -| [nfs][] | Network filesy stuff. | -| [nginx][] | Our NGINX preset configs. | -| [postgres][] | Database of choice. | -| [radicale][] | CalDAV, integrated with the mail service. | -| [restic][] | Backups! | -| [syncplay][] | Watching videos with friends and lovers. Usually, lovers. | -| [taskserver][] | Taskwarrior server. | -| [transmission][] | Linux distros, I swear. | -| [tvheadend][] | DVB-T ingest for Jellyfin and so on! | -| [vaultwarden][] | Passwords! | -| [website][] | Our personal website. | -| [xmpp][] | Prosody. | -| [zfs][] | ZFS snapshot settings. | -| [znc][] | IRC bouncer! | - -## Modules - -This list will include the modules provided by [kittywitch/nixexprs][] as “katexprs”. -They are available within this repo as [exprs][]. - -| Module | Domain | Description | -|--------------------------------|-----------------------------|----------------------------------------------------------------------------------------------------------| -| [arcnmx/nixexprs][] | NixOS + home-manager | I use… a lot of these. Syncplay, modprobe, base16, i3gopher, weechat, konawall, shell and probably more. | -| [arcnmx/tf-nix][] | Meta + NixOS + home-manager | Deployment, secrets and terraform. | -| [nix-community/impermanence][] | NixOS + home-manager | Erase your darlings. | -| [kittywitch/anicca][] | NixOS + home-manager | WIP Helpful modules for impermanence. | -| katexprs/nftables | NixOS | Uses nftables for the NixOS firewall module. | -| katexprs/firewall | NixOS + home-manager | Per-“domain” (private, public) -> interface abstractions for the firewall. Easier to remember. | -| katexprs/network (WIP) | NixOS + home-manager | Network abstractions. Handles DNS + certs, among virtualHosts. | -| katexprs/fusionpbx (WIP) | NixOS | FusionPBX. | -| arcexprs/swaylock | home-manager | Easier abstractions for using swaylock-effects. | -| nixfiles/secrets | Meta + NixOS + home-manager | Helper for tf-nix’s secrets. | -| nixfiles/deploy | Meta + NixOS + home-manager | tf-nix deployment integration | -| nixfiles/network | Meta | Enables node to host config assignment & NixOS module. | -| nixfiles/monitoring | NixOS | Grafana, Prometheus, Loki, node-exporter, netdata, promtail, … | -| nixfiles/theme | home-manager | Abstractions for themes. SASS templating. | - -## CI - -CI for this repository uses [arcnmx/ci][], is aarch64 emulated build enabled and aims to achieve two goals: - -| Action | Purpose | -|----------------|-----------------------------------------------------------------------------------------------------------| -| [nodes][4] | Build and cache host closures, show state of host evaluability/buildability. | -| [flake-cron][] | Automatically update the dependencies used by the repository, cache host closure build results with them. | - -## Dependencies - -| Dependency | Reasoning | -|---------------------------------|--------------------------------------------------------------------------------------------------------| -| [nix-community/home-manager][] | home-manager. Self-explanatory. | -| [nix-community/NUR][] | Firefox extensions and such. | -| [arcnmx/tf-nix][] | The deploy system used, also provides DNS, secrets and node provisioning. (Anything terraform can do.) | -| [arcnmx/ci][] | The CI integration system used. | -| [arcnmx/nixexprs][] | Packages and modules I heavily make use of. | -| [nix-community/impermanence][] | Impermanence! Erase your darlings. | -| [kirelagin/nix-dns][] | A Nix DSL for zone files. For the WIP nameserver. | -| [kittywitch/anicca][] | A helper for moving to impermanence. | -| [kittywitch/nixexprs][] | Packages and modules I have made. | -| [nixos-mailserver][] | The mail server module I use. | -| [nix-community/emacs-overlay][] | An overlay for emacs versions. Currently unused. | -| [vlaci/nix-doom-emacs][] | Nixified DOOM emacs. Currently unused. | - ## Commands The commands here aside from the `nix build` command are provided through the shell. The `` and `` commands are runners provided through [arcnmx/tf-nix][]. @@ -148,85 +16,6 @@ Please use `nix-shell` or [direnv/direnv][]. The shell is not compatible with [n | `-ssh` | SSH into the provided host. | | `nix build -f . network.nodes..deploy.system` | Build a system closure for the provided host. | - [nodes]: https://github.com/kittywitch/nixfiles/actions/workflows/nodes.yml/badge.svg - [1]: https://github.com/kittywitch/nixfiles/actions/workflows/nodes.yml - [This repository on my self hosted git.]: https://git.kittywit.ch/kat/nixfiles - [This repository on GitHub.]: https://github.com/kittywitch/nixfiles - [kyouko]: config/hosts/kyouko.nix - [marisa]: config/hosts/marisa.nix - [daiyousei]: config/hosts/daiyousei.nix - [rinnosuke]: config/hosts/rinnosuke.nix - [shinmyoumaru]: config/hosts/shinmyoumaru.nix - [yukari]: config/hosts/yukari.nix - [goliath]: config/hosts/goliath.nix - [koishi]: config/hosts/ishi.nix - [ran]: config/hosts/ran.nix - [chen]: config/hosts/chen.nix - [medicine]: config/hosts/medicine.nix - [here]: config/profiles/base/profiles.nix - [base]: config/profiles/base - [gui]: config/profiles/gui - [DNSCrypt/dnscrypt-proxy]: https://github.com/DNSCrypt/dnscrypt-proxy - [network]: config/profiles/network.nix - [shared]: config/profiles/shared.nix - [vfio]: config/profiles/vfio - [arcnmx/nixexprs]: https://github.com/arcnmx/nixexprs - [arcnmx/screenstub]: https://github.com/arcnmx/screenstub - [hardware]: config/profiles/hardware - [cross]: config/profiles/cross - [2]: config/users/kat/base - [dev]: config/users/kat/dev - [3]: config/users/kat/gui - [dnkl/foot]: https://codeberg.org/dnkl/foot - [media]: config/users/kat/media - [personal]: config/users/kat/personal - [arcnmx/rbw]: https://github.com/arcnmx/rbw - [arcnmx/notmuch-vim]: https://github.com/arcnmx/notmuch-vim - [services]: config/users/kat/services - [sway]: config/users/kat/sway - [kittywitch/konawall-rs]: https://github.com/kittywitch/konawall-rs - [dnscrypt-proxy]: config/services/dnscrypt-proxy/default.nix - [filehost]: config/services/filehost/default.nix - [fusionpbx]: config/services/fusionpbx/default.nix - [gitea]: config/services/gitea/default.nix - [glauth]: config/services/glauth - [jellyfin]: config/services/jellyfin/default.nix - [katsplash]: config/services/katsplash/default.nix - [kattv-ingest]: config/services/kattv-ingest/default.nix - [kattv]: config/services/kattv/default.nix - [keycloak]: config/services/keycloak - [knot]: config/services/knot/default.nix - [logrotate]: config/services/logrotate/default.nix - [mail]: config/services/mail/default.nix - [nixos-mailserver]: https://gitlab.com/simple-nixos-mailserver/nixos-mailserver - [matrix]: config/services/matrix/default.nix - [murmur]: config/services/murmur/default.nix - [nfs]: config/services/nfs/default.nix - [nginx]: config/services/nginx/default.nix - [postgres]: config/services/postgres/default.nix - [radicale]: config/services/radicale/default.nix - [restic]: config/services/restic/default.nix - [syncplay]: config/services/syncplay/default.nix - [taskserver]: config/services/taskserver/default.nix - [transmission]: config/services/transmission/default.nix - [tvheadend]: config/services/tvheadend/default.nix - [vaultwarden]: config/services/vaultwarden/default.nix - [website]: config/services/website/default.nix - [xmpp]: config/services/xmpp/default.nix - [zfs]: config/services/zfs/default.nix - [znc]: config/services/znc/default.nix - [kittywitch/nixexprs]: https://github.com/kittywitch/nixexprs - [exprs]: overlays/exprs [arcnmx/tf-nix]: https://github.com/arcnmx/tf-nix - [nix-community/impermanence]: https://github.com/nix-community/impermanence - [kittywitch/anicca]: https://github.com/kittywitch/anicca - [arcnmx/ci]: https://github.com/arcnmx/ci - [4]: ci/nodes.nix - [flake-cron]: ci/flake-cron.nix - [nix-community/home-manager]: https://github.com/nix-community/home-manager - [nix-community/NUR]: https://github.com/nix-community/NUR - [kirelagin/nix-dns]: https://github.com/kirelagin/nix-dns - [nix-community/emacs-overlay]: https://github.com/nix-community/emacs-overlay - [vlaci/nix-doom-emacs]: https://github.com/vlaci/nix-doom-emacs [direnv/direnv]: https://github.com/direnv/direnv [nix-community/nix-direnv]: https://github.com/nix-community/nix-direnv diff --git a/trusted/flake.lock b/trusted/flake.lock index 9729dda1..c0cb293b 100644 --- a/trusted/flake.lock +++ b/trusted/flake.lock @@ -20,11 +20,11 @@ "arcexprs": { "flake": false, "locked": { - "lastModified": 1652207446, - "narHash": "sha256-KWMMkKny/5Ukh36rus2nr6X7rDmRBpjOdJeEwlnsJL8=", + "lastModified": 1654126673, + "narHash": "sha256-SxNpS14YUuwsSkd6PBfSTdzC191U6W36F3NQ0fJVr6U=", "owner": "arcnmx", "repo": "nixexprs", - "rev": "1d80363ae941952431cf377816c4790e451823f4", + "rev": "979321a3a55274c7eef9b85d74169b79e5a17824", "type": "github" }, "original": { @@ -37,11 +37,11 @@ "ci": { "flake": false, "locked": { - "lastModified": 1643398418, - "narHash": "sha256-j7Z+k1dUg65vvBhME+c3ve1Oxlu5GeI4oNwdo1NGL10=", + "lastModified": 1654122671, + "narHash": "sha256-75xNbnJ29pWK2GbOEA9yUA6mvx5hcDWBFaSOSpv5Ob0=", "owner": "arcnmx", "repo": "ci", - "rev": "1d38e73657284793de5251738adbe2c04a151c08", + "rev": "b78a5e52a21dad03dd4ca6d46354be6da1cf727a", "type": "github" }, "original": { @@ -115,11 +115,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1652934326, - "narHash": "sha256-YgSgR0V/rsqJX6DWyXlPOwsaXXiOkN+9z5rfE9kn2IU=", + "lastModified": 1654170097, + "narHash": "sha256-byrZN3k78pwg15puULonJUzTSEDjf8/YCkdUm/abla8=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "de5c826149bcfbaa5f0ce985bb184c9bc7f11e46", + "rev": "489651e2927fdf356b68123ed6f8c7910bfa7f7d", "type": "github" }, "original": { @@ -243,11 +243,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1652776076, - "narHash": "sha256-gzTw/v1vj4dOVbpBSJX4J0DwUR6LIyXo7/SuuTJp1kM=", + "lastModified": 1653893745, + "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "04c1b180862888302ddfb2e3ad9eaa63afc60cf8", + "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", "type": "github" }, "original": { @@ -286,11 +286,11 @@ ] }, "locked": { - "lastModified": 1652913097, - "narHash": "sha256-hOs8Z5WYzCor+qP+JgSgrCJRC+UuN9pfTUnXqyRUBvY=", + "lastModified": 1654113406, + "narHash": "sha256-70esZvhal+FsyU89mJRcAb+cDGHKt0sgZ6MlRr9Cplg=", "owner": "nix-community", "repo": "home-manager", - "rev": "cb9f03d519cf96fcd7dfb990cc0e586a62ca6e69", + "rev": "684e85d01d333be91c4875baebb05b93c7d2ffaa", "type": "github" }, "original": { @@ -425,20 +425,20 @@ }, "locked": { "lastModified": 0, - "narHash": "sha256-6xe8414ZG567zfDVV7ITkmw0TtIlQeD2tP5UuV9BkSU=", - "path": "/nix/store/gkmhcdc2vwj7x3rh70g3zax0lcyppxn7-source", + "narHash": "sha256-+q+B/uo3InU/vpaOfhceGg+J6TeW4hsgGxwSEsdBZe8=", + "path": "/nix/store/q2cgdly4k8zfxmi5mikwjh8wn1lwxfjl-source", "type": "path" }, "original": { - "path": "/nix/store/gkmhcdc2vwj7x3rh70g3zax0lcyppxn7-source", + "path": "/nix/store/q2cgdly4k8zfxmi5mikwjh8wn1lwxfjl-source", "type": "path" } }, "nixpkgs": { "locked": { "lastModified": 0, - "narHash": "sha256-FqNrXC1EE6U2RACwXBlsAvg1lqQGLYpuYb6+W3DL9vA=", - "path": "/nix/store/57zwl7b883kkya60akvg6wssl1qkxwl5-source", + "narHash": "sha256-erVj41IcCPDWdt8CwT60ygD+SY/uhqip3RXwiESOCVk=", + "path": "/nix/store/3q18gxqzw5qzyd9n64nyi1kgb66qi8ac-source", "type": "path" }, "original": { @@ -448,11 +448,11 @@ }, "nixpkgs-darwin": { "locked": { - "lastModified": 1652881001, - "narHash": "sha256-k9JmPCojaJnqGz4aRXXT1HZqJKHCXijoMfBAb24abXk=", + "lastModified": 1654115789, + "narHash": "sha256-k9Qr8dLrmgEn+xIVbneJdQgCYG8FbbqOrTVaExUrLFI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2d474d6a4a43a0348b78db68dc00c491032cf5cf", + "rev": "bce6d15455f8c15c9ef511368947e7ef789c5316", "type": "github" }, "original": { @@ -464,11 +464,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1652659998, - "narHash": "sha256-FqNrXC1EE6U2RACwXBlsAvg1lqQGLYpuYb6+W3DL9vA=", + "lastModified": 1653931853, + "narHash": "sha256-O3wncIouj9x7gBPntzHeK/Hkmm9M1SGlYq7JI7saTAE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1d7db1b9e4cf1ee075a9f52e5c36f7b9f4207502", + "rev": "f1c167688a6f81f4a51ab542e5f476c8c595e457", "type": "github" }, "original": { @@ -496,11 +496,11 @@ }, "nur": { "locked": { - "lastModified": 1652938196, - "narHash": "sha256-kv6EEwTPtvtqVlaSH/sRhWx9ecONrr5bccMdxu1nhwc=", + "lastModified": 1654172430, + "narHash": "sha256-6Y3ahiBZtqAYG0Mror5BdegviwWmhd5hcMhF/B/Nfng=", "owner": "nix-community", "repo": "nur", - "rev": "2d8f65d73133859961b8714918ac8f60d98a76e5", + "rev": "edb5c94d7640890a39325351825cc39fb1c014b1", "type": "github" }, "original": {