diff --git a/.sops.yaml b/.sops.yaml index 55237919..a7d43435 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -10,6 +10,7 @@ keys: - &daiyousei age120530yclr75k6nrzp6k5jjftj8j4q9v3533guupzk4ct86mjxszqg9e5t5 - &goliath age1c4atxfp05u7zm875s6q8p82ve96rqqpq9smktxlur8pk2yc3qvgql46dp9 - &goliath_kat age1rjldv3fn3q686647exmcukthr32gmp6s3axs0lhyenvru9ajp9rs24ukvz +- &syncthing age1p9v6xaujkdat2tsc2mc4gxpg9hjr4suvwryuat95z2c53xhsyfxq0gf594 creation_rules: - path_regex: tf/terraform.tfvars.sops$ shamir_threshold: 1 @@ -31,6 +32,7 @@ creation_rules: - *daiyousei - *goliath - *goliath_kat + - *syncthing - path_regex: ci/.*\.yaml shamir_threshold: 1 key_groups: @@ -43,6 +45,12 @@ creation_rules: - pgp: - *kat age: *age_common +- path_regex: microvms/[^/]+/.*\.yaml + shamir_threshold: 1 + key_groups: + - pgp: + - *kat + age: *age_common - path_regex: nixos/[^/]+/.*\.yaml shamir_threshold: 1 key_groups: diff --git a/flake.lock b/flake.lock index a9723ad5..7fb08cce 100644 --- a/flake.lock +++ b/flake.lock @@ -810,15 +810,15 @@ "lix": { "flake": false, "locked": { - "lastModified": 1753223229, - "narHash": "sha256-tkT4aCZZE6IEmjYotOzKKa2rV3pGpH3ZREeQn7ACgdU=", - "rev": "7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a", + "lastModified": 1753306948, + "narHash": "sha256-Y733rfa66tmE+kzYEgeOThOPWRRMy/0QN+Mmj7uHBNE=", + "rev": "88302eaaf423897d5cc84272fc00846749261d1b", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a.tar.gz?rev=7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/88302eaaf423897d5cc84272fc00846749261d1b.tar.gz?rev=88302eaaf423897d5cc84272fc00846749261d1b" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/release-2.93.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz" } }, "lix-module": { @@ -831,16 +831,16 @@ ] }, "locked": { - "lastModified": 1755512154, - "narHash": "sha256-/ySltwXacRewWwY/ze3TandOYMTH8GB11JQGazvw23c=", - "ref": "release-2.93", - "rev": "6a343d03d6497aefe98013b215d21d06a59e4442", - "revCount": 152, + "lastModified": 1751239988, + "narHash": "sha256-/yAP5zHAs5hT3NUYWaKnVuaLuxVLDMmn3jPdWAMOVNo=", + "ref": "release-2.92", + "rev": "91b03e3ace9005f50b2fbe81d2533d988e19df6e", + "revCount": 136, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, "original": { - "ref": "release-2.93", + "ref": "release-2.92", "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" } @@ -865,6 +865,7 @@ }, "original": { "owner": "microvm-nix", + "ref": "main", "repo": "microvm.nix", "type": "github" } diff --git a/flake.nix b/flake.nix index 58352bdd..8045d718 100644 --- a/flake.nix +++ b/flake.nix @@ -31,7 +31,7 @@ }; }; lix-module = { - url = "git+https://git.lix.systems/lix-project/nixos-module?ref=release-2.93"; + url = "git+https://git.lix.systems/lix-project/nixos-module?ref=release-2.92"; inputs.nixpkgs.follows = "nixpkgs"; #inputs.lix = { # url = "git+https://git.lix.systems/lix-project/lix"; @@ -39,7 +39,7 @@ #}; }; microvm = { - url = "github:microvm-nix/microvm.nix"; + url = "github:microvm-nix/microvm.nix/main"; inputs = { nixpkgs.follows = "nixpkgs"; flake-utils.follows = "flake-utils"; diff --git a/home/environments/niri/autostart.nix b/home/environments/niri/autostart.nix index 00312ded..f0d46316 100644 --- a/home/environments/niri/autostart.nix +++ b/home/environments/niri/autostart.nix @@ -23,89 +23,97 @@ in { ${pkgs.glib}/bin/gsettings set "$gnome_schema" font-name "$font_name" ''; systemctl = getExe' pkgs.systemd "systemctl"; - in [ - { + packageExe' = pkgAttr: getExe' pkgs.${pkgAttr} pkgAttr; + packageExe = pkgAttr: getExe pkgs.${pkgAttr}; + packageCommand = attr: { command = [ - "${getExe import-gsettings}" + (packageExe attr) ]; - } - { + }; + packageCommand' = attr: { command = [ - "${systemctl}" - "--user" - "start" - "waybar.service" + (packageExe' attr) ]; - } - { - command = [ - "${systemctl}" - "--user" - "restart" - "konawall-py.service" - ]; - } - { - command = [ - "${systemctl}" - "--user" - "start" - "swaync.service" - ]; - } - #{ - # command = [ - # "${pkgs.xwayland-satellite}/bin/xwayland-satellite" - # ]; - #} - # program autostart - { - command = [ - "${getExe' config.programs.niriswitcher.package "niriswitcher"}" - ]; - } - { - command = [ - "${getExe' pkgs.dbus "dbus-update-activation-environment"}" - "--all" - ]; - } - { - command = [ - "${getExe' config.programs.vesktop.package "vesktop"}" - "--enable-features=WaylandLinuxDrmSyncobj,UseOzonePlatform" - "--ozone-platform=wayland" - ]; - } - { - command = [ - "${getExe' config.programs.thunderbird.package "thunderbird"}" - ]; - } - { - command = [ - "${getExe' pkgs.udiskie "udiskie"}" - ]; - } - { - command = [ - "${getExe' pkgs.easyeffects "easyeffects"}" - ]; - } - { - command = [ - "${getExe pkgs.pasystray}" - ]; - } - { - command = [ - "${getExe pkgs.networkmanagerapplet}" - ]; - } - { - command = [ - "firefox" - ]; - } - ]; + }; + packages' = [ + "udiskie" + "easyeffects" + "pasystray" + ]; + packages = [ + "pasystray" + "pavucontrol" + "networkmanagerapplet" + ]; + packageCommands = let + packageCommands' = map packageCommand' packages'; + packageCommands'' = map packageCommand packages; + in + packageCommands' ++ packageCommands''; + in + packageCommands + ++ [ + { + command = [ + "${getExe import-gsettings}" + ]; + } + { + command = [ + "${systemctl}" + "--user" + "restart" + "waybar.service" + ]; + } + { + command = [ + "${systemctl}" + "--user" + "restart" + "konawall-py.service" + ]; + } + { + command = [ + "${systemctl}" + "--user" + "restart" + "swaync.service" + ]; + } + { + command = [ + "${getExe' config.programs.niriswitcher.package "niriswitcher"}" + ]; + } + { + command = [ + "${getExe' pkgs.dbus "dbus-update-activation-environment"}" + "--all" + ]; + } + { + command = [ + "discord" + "--enable-features=WaylandLinuxDrmSyncobj,UseOzonePlatform" + "--ozone-platform=wayland" + ]; + } + { + command = [ + "thunderbird" + ]; + } + { + command = [ + "obsidian" + ]; + } + { + command = [ + "zen-beta" + ]; + } + ]; } diff --git a/home/environments/niri/binds.nix b/home/environments/niri/binds.nix index 1128ca7d..66a8df7d 100644 --- a/home/environments/niri/binds.nix +++ b/home/environments/niri/binds.nix @@ -38,16 +38,18 @@ in { "Mod+D".action = sh ''${getExe config.programs.fuzzel.package} -D no -T "${getExe config.programs.alacritty.package} --command"''; "Mod+Escape".action = sh ''${getExe config.programs.wlogout.package} -p layer-shell''; "Mod+Shift+Escape".action = sh ''${getExe config.programs.swaylock.package} -f''; - "Mod+Alt+Tab" = { + "Mod+Tab" = { #repeat = false; cooldown-ms = 150; action.spawn = ["${getExe' pkgs.glib "gdbus"}" "call" "--session" "--dest" "io.github.isaksamsten.Niriswitcher" "--object-path" "/io/github/isaksamsten/Niriswitcher" "--method" "io.github.isaksamsten.Niriswitcher.application"]; }; - "Mod+Alt+Shift+Tab" = { + "Mod+Shift+Tab" = { cooldown-ms = 150; #repeat = false; action.spawn = ["${getExe' pkgs.glib "gdbus"}" "call" "--session" "--dest" "io.github.isaksamsten.Niriswitcher" "--object-path" "/io/github/isaksamsten/Niriswitcher" "--method" "io.github.isaksamsten.Niriswitcher.application"]; }; + "Mod+Shift+Ctrl+Page_Down".action.move-workspace-to-monitor-previous = {}; + "Mod+Shift+Ctrl+Page_Up".action.move-workspace-to-monitor-next = {}; }; # ▄ █ # ▄▄▄ ▄▄█▄▄ ▄▄▄ ▄▄▄ █ ▄ diff --git a/home/environments/niri/niri.nix b/home/environments/niri/niri.nix index dd2ddaff..fa1c05eb 100644 --- a/home/environments/niri/niri.nix +++ b/home/environments/niri/niri.nix @@ -70,16 +70,36 @@ in { }; }; debug = { - wait-for-frame-completion-in-pipewire = {}; deactivate-unfocused-windows = {}; }; workspaces = { - browser = {}; - mail = {}; - chat = {}; - vidya = {}; - media = {}; - audio = {}; + "01-notes" = { + name = "notes"; + }; + "02-chat" = { + name = "chat"; + }; + "03-browser" = { + name = "browser"; + }; + "04-code" = { + name = "code"; + }; + "05-term" = { + name = "term"; + }; + "06-mail" = { + name = "mail"; + }; + "07-game" = { + name = "game"; + }; + "08-video" = { + name = "video"; + }; + "09-audio" = { + name = "audio"; + }; }; environment = { MOZ_ENABLE_WAYLAND = "1"; diff --git a/home/environments/niri/swaync.nix b/home/environments/niri/swaync.nix index 5953f539..9ae53b64 100644 --- a/home/environments/niri/swaync.nix +++ b/home/environments/niri/swaync.nix @@ -1,5 +1,13 @@ _: { stylix.targets.swaync.enable = true; + systemd.user.services.swaync = { + Service = { + Environment = [ + "GSK_RENDERER=gl" + "GTK_DISABLE_VULKAN=1" + ]; + }; + }; services.swaync = { enable = true; settings = { diff --git a/home/profiles/common/stylix.nix b/home/profiles/common/stylix.nix index edf6b100..a6485f0a 100644 --- a/home/profiles/common/stylix.nix +++ b/home/profiles/common/stylix.nix @@ -19,7 +19,7 @@ opacity = { desktop = 1.0; applications = 1.0; - terminal = 0.9; + terminal = 1.0; popups = 0.8; }; fonts = { diff --git a/home/profiles/graphical/discord.nix b/home/profiles/graphical/discord.nix index d27e2b72..c7cfcb26 100644 --- a/home/profiles/graphical/discord.nix +++ b/home/profiles/graphical/discord.nix @@ -1,7 +1,12 @@ -_: { +{pkgs, ...}: { stylix.targets.vesktop.enable = false; + home.packages = [ + (pkgs.discord.override { + withVencord = true; + }) + ]; programs.vesktop = { - enable = true; + enable = false; settings = { autoUpdate = false; autoUpdateNotification = false; diff --git a/home/profiles/graphical/packages.nix b/home/profiles/graphical/packages.nix index 3243e3ed..a119153c 100644 --- a/home/profiles/graphical/packages.nix +++ b/home/profiles/graphical/packages.nix @@ -25,7 +25,6 @@ cryptsetup # Encrypted block devices yubikey-manager # Yubikey v4l-utils # Webcam - obsidian remmina alsa-utils pwvucontrol diff --git a/home/profiles/shell/packages.nix b/home/profiles/shell/packages.nix index c03544a9..fe391231 100644 --- a/home/profiles/shell/packages.nix +++ b/home/profiles/shell/packages.nix @@ -1,34 +1,25 @@ {pkgs, ...}: { home.packages = with pkgs; [ - # task managers + watchexec htop btop - # disk usage - duc - # nix formatting + gdu nixpkgs-fmt - # show type of files file - # command monitoring pv - # sed replacement sd - # sops sops - # find replacement fd - # ripgrep / grep replacement ripgrep - # rename with sed rename - # remote tmux tmate - # remote utilities socat rsync wget whois - # nix-search + jc + hyperfine + poop nix-search-cli ]; } diff --git a/microvms/syncthing.nix b/microvms/syncthing/default.nix similarity index 77% rename from microvms/syncthing.nix rename to microvms/syncthing/default.nix index 93f673b0..6f7d5273 100644 --- a/microvms/syncthing.nix +++ b/microvms/syncthing/default.nix @@ -4,14 +4,14 @@ ... }: { imports = with tree.nixos; [ - microvm.default + microvm servers.syncthing ]; sops.secrets."${config.networking.hostName}-sops-age-key" = { sopsFile = ./. + "${config.networking.hostName}.yaml"; }; microvm.credentialFiles = { - SOPS_AGE_KEY = sops.secrets."${config.networking.hostName}-sops-age-key".path; + SOPS_AGE_KEY = config.sops.secrets."${config.networking.hostName}-sops-age-key".path; }; networking.hostName = "syncthing"; services.syncthing.device_name = "daiyousei-syncthing"; diff --git a/microvms/syncthing/syncthing.yaml b/microvms/syncthing/syncthing.yaml new file mode 100644 index 00000000..a5f3b737 --- /dev/null +++ b/microvms/syncthing/syncthing.yaml @@ -0,0 +1,119 @@ +syncthing-sops-age-key: ENC[AES256_GCM,data:XPd9TvJjULpI34LWwVoMh9uENxvoapt9QfetMkfbfdM5N9NxwFpVm7dH5S5qJ7d4XQ02Q8PNN1UtOmZPHdGeONTMZLt2f+CBvhQ=,iv:8cdlFWnY8J8YiBqzm6G9fza5swBZLili5AkAzmO/Kp8=,tag:+xS0SnkSeQZR+qnL3BB49w==,type:str] +sops: + shamir_threshold: 1 + age: + - recipient: age1n4kdchmkk3rfkaknxhveqr2ftprdpgwckutt23y6u8639lazzuks77tgav + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3dEpXdWxWYjZzeWFLM01v + cmM4cGh1RmZQNUNrb0ExS1hlQnBIWWZmOGpvCjBFV0hHVWFBcitEQUlhV3NNZWh2 + Tk5vd2VQRWVrSE9XaHExK05IVHJ6WmsKLS0tIFJWZytzTko4OTBWK0RGdmd6b05a + WEFXR2t1T1Awenp4REFZNGlWbWRTVHMKh0ZPinvFOGkaU66eTkAiV8WZcCQoEIEa + IN5w/Xpnsf6Z/bvtjIGKagJte/peyLmzbiBYiatVtZk/s6GUo+IGKg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1cnu37d5fqyahh9vvc4hj6z6k8ur9ksuefln7sr6g3emmn927eutqxdawuh + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1bXZyZVRLNk5qSTR4TUo0 + Z0drNEYwQ3FFRG1uZjVqU011OHZCZmcxaEZRCmhZYzR5T29tSlhhQ3VWbkZ3Y2xW + YzFqcm9qMm9sMzM2bklFVVhRaHFUT0UKLS0tIC9LOFRYVW5xKzY5MFhwWFlwUWJZ + bE1qeitDMVhrZWtNUE1CRDdid1hUWm8KZusEpks37c1akMtbv9cOS7fih/EMYD3t + dy266p8Y+TYMFmyEysFTGqpnWAL4buZYUSbiZSs7YJXpUlCukIcW2A== + -----END AGE ENCRYPTED FILE----- + - recipient: age1a0m73qr8hhuz8xemv4vymf4wmpghm2hst8wgrn3pn65ext5mf4ksk0vsdm + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSR3RRdFY0RnFXNnZ5MVVt + YWhFMHRTMlRwVXV5N3o5MlFtMHE5dFpNZFQwCkU4aWUzNTVQOVBvUkEraG5iZndV + QlZUelFSZWc3RHB5dkxuaFMrb2U2VHMKLS0tIFBaS1lHeGo1UjREMDZOM1IycmVp + dkRsVVhEcnEycGlyVnZCZEVuTG9PYU0KIIjA5v1Hm9Xc18KAoJqPL1fRtr+kAn// + ugYTX361iC4D6U4J9ioYgYh8dJcNY2TeaBnYfI0BNcUoj+uZ7T7avA== + -----END AGE ENCRYPTED FILE----- + - recipient: age18hpxz0ghvswv9k30cle73prvnzrsuczqh87jjdk9fl50j3ddndmq9xae0n + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2eFhIVU1uNWZSM1o3WTE4 + YTMzc0tsMGFUc3RtYktCNEhnMWtIUzZjd3o4CmUwWHRYUXVObERLN2hBcC83SlFV + ZGhBbHFYZkJpaUJRNStFMy95VlRsK2sKLS0tIGR1b1NQTDM2ZVpiQzladmUzNVUw + Nis2Wm1MQi9Ha2xIVFNpNmV5ZHE4U1UKiC+t8gHVaMGX2q4r4jrz2A4TayihXj1a + NKoFZztUDgvfUd5X3l1B8rSU4DlxGZWX/WbHgBYQTHuU/Jzu74iN5g== + -----END AGE ENCRYPTED FILE----- + - recipient: age1xgy03g3vjydsxcl0qpdgm8rahjcjq95ucxfwlgr22zwjx3p7jf2s9jk6u5 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEWGkvMkV5aDM4dGp0VVNK + eEhKdG9KTXhaSGNGUFZzeXJjK3NwY0Jwd2lRCm5iTzIyQnQ5Zmtnazk2YzBJMkZm + NDhnMnduZDlhNEVvbXkyYURSYzlYM2sKLS0tIGdGeTMwK2lDRzZEYXZRcDlHZ2po + MlNmbjFQZzlxN0hkTlFFNE1sd2tLYWsKK2IO3UuJrdqZerqcMOzFzrDT81DHBy87 + 2v6FFpgqSmA3BzHMxwU+T5BMs87ltPOwdhxt0jIYX9RzEQFm5cv0BA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1fv5dafs4n3r5n83qm2hfz7xmnflsz0xf9r3saralrptpgf8mvuxq4t8k3u + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaT2lTV09yako4V3RGNGJ5 + THJRcC92YStKMk9KZThBa1JrUkFWUzZZaXpJClFENGpMdjJuci9CS3NjbE5TbkZT + Y09SSGtQR0dsWnExbURoQnJqc1B5aGsKLS0tIDdJSHY2RW41cUNKWVZaaU83SnF1 + dmFyL21VanM2UzJ0UDh0RWY1cTV4UTAKJjgo+epeWpGhNnT7KXLIUCE2llrIeRMz + u8K7heqBt+Okuf7dQ25pPMwG+2pmVsEt5SyD7NPATs37BtOr92E3dw== + -----END AGE ENCRYPTED FILE----- + - recipient: age120530yclr75k6nrzp6k5jjftj8j4q9v3533guupzk4ct86mjxszqg9e5t5 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSNllyUThHZG5GeHpxZVJX + WFUrY25hbXRUazVzOEk3Rk9kd0VRMXFrUkFNCmF5NzI3OEhkTTdDd21pTHVvcmJo + cjBGTENNWmxPc0xqdjBqaXg2dmN1YUUKLS0tIGU3ZjB4Zm1pWkY0MzJWNjNMMk13 + ajdOb2NIT0VNS0syOWtmbGsyR2dyL3cKh6pAJgRNDKUeDKfiABuuYQXSihRfuANX + LKhkys8nRYYLIMNx/qHiCmItv//iXee1+rLKi2gI21tefb0UsqVeSA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1c4atxfp05u7zm875s6q8p82ve96rqqpq9smktxlur8pk2yc3qvgql46dp9 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnWDYxa0VDL295c1BUVnFG + ak1yaUFFb1NoMko0aElrSlZmNnJtdWhYOFFVCmpiTHJzOEdKUUx3dDlPSjhYb1NR + bVc3N1cxYXZsc1g2aUluclllUHFyQTgKLS0tIEM2WnNsZDRTVXliODdOZ1EwU1Nu + WlhtZHM3Z2dteE0vZUF1aTFsVm9ycHcKY2iwYH1ObfRfeSBgvjp5t4lUC9tGc8Ky + RdVoc+8ZIh2cCOn07WcVnepA5zVVDgYRtKaV+6y1SjhQJDcG9MG6oQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1rjldv3fn3q686647exmcukthr32gmp6s3axs0lhyenvru9ajp9rs24ukvz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5S09qRkVrdUNJUlVhc2Ux + QnBJQ2FvaHZ5dEd0eGdOOUpWR2gvdU1oTm1zCk1mUU56TG43QVpPL1NLTTdpUDNL + T25EcVprR2s3cG1Sellza1JmQ25neG8KLS0tIEZkN3FIMXpJcjEvZ3NLSHNHc29R + aW9jYUFYQkZZL3BwMjZmL25vZGVsbjAK+Rs6/S5LnuW1w1xzo9zZqcrIsgNT6e4k + QNlG9rphFC8mzJ5/xyDypXH23Q46rG+1VfMAlYIarv9OZR5OZj3hIw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1p9v6xaujkdat2tsc2mc4gxpg9hjr4suvwryuat95z2c53xhsyfxq0gf594 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEbGN1VnR3Q3BDNUhqSkM3 + c3RpYUorSDNuTFQwSXlleVV4M3lDKzBDaDFRCmNaV25NRE9qQ08yR1lEd2NSVzJT + dzVid1d2RWFSaHdPdk9pZ2VZOUJjUFUKLS0tIDh0cGNteUZRTXkvNlQ3NGRRRjVX + SWc2VzdSN0dScE55WGpJcVV2bDByVzgK3MzbiLNK2PYj5peq7lFd6uwg0Buf7uYl + 8g2UYiWp5hpOM+gNxxubi6oMcP1+KuAIP4sZL+0rVKMkRNZc3v9T6A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-08-21T10:19:32Z" + mac: ENC[AES256_GCM,data:SX7oXbhhsuh9k64Txz+MbHmvcZ3LOgkzNnPaYADB89ynYcyRCdMU9zshXKmikoTdGvj1uUtxLZYZ0MtsK8E+YRdbSdtuHBcH8nGcqbvHJqCwrZ9Z7a4imY8lpuX4xqqEI2BtPaavyG7sAHZD9t1x+m1k1wdjLfGNRStRHbic5UQ=,iv:IjwhOlezLBRhqQwSUYrSFiz2J8lYjHKjA9ZcQJgrSRk=,tag:p2uWlZCaXKGXGLg7/jYTbA==,type:str] + pgp: + - created_at: "2025-08-21T10:19:15Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA82M54yws73UAQ/+IHaxp1vwytlW/ha2LD4ZIc7DR1+GH06uRwqqeQAHNEK1 + 0EDzczMXlnQ6xqZdZUtHZX4o5cm8ulsMJZLzIOyzhYsyl7GQ+Lfxa5k2/K5ZMrxO + /FUiHHcf98dJRWBsK8hrgiAOAJPnEB/IG2eqM6jI0oRy3M1FirIBj7TfZM5M9Ncl + rrtop64zL8YcU1E0t+ti5vkJI8htfdG31dsVDNbpWcEtE7LzVgQGu9Y6cd3bK/B4 + cSCDaomRie7J78n5FwcOIuloWhMBQT8qVxDECL0NEUNOy9s2tkry4dJxk6JllTNf + lMbiZIxd2eER6xeP2MEnVxGwxjdrTw6ITOQYgSlnKGkSKp+cX7lgkQRApY2gSrze + FqaqT+T2uVeREyouHQtHo/HlGqNpUoJalpIn2MEj1sGMYnEjg4ydG9IY1G72NBdM + 9Zh4bjQ6hRX33issImiQSaLcWEH9z5ZVX1Vqc3FHgFSbv99bHlURl0Q2JsMsZ6BC + D2frhIlVJEH1HjVctWwr3Xo7HucLeMRc4NL40SNBm52uxdEPC4G7UMlPB/WH0Uk0 + 6g6Tl6XXDn33X7+GPA5wnZh/dk6nbVhC9Pe/Wh4xrIDnzq/eDnw3O0zTEk68SyHE + /3HK44WS4K3D98yHPLzV5FGpt9ZFCJKv7rXkucbPjbooNCzYSqXo+eIHWZL3UybS + XgGp8QAHWGLsjxIztNhkSDTuVfJ1kvDOSqVO5kGXvn/EDiHSwJzHngR5cSx38RyZ + PK5ZkBkbTzfEUpLRXQ9vdu+NSdB0QX874t/i2u/FqU2hxcyswRmVTU4HcPNAwlg= + =i/Sg + -----END PGP MESSAGE----- + fp: CD8CE78CB0B3BDD4 + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/nixos/microvm/default.nix b/nixos/microvm/default.nix index 3dab94c5..652971e6 100644 --- a/nixos/microvm/default.nix +++ b/nixos/microvm/default.nix @@ -1,6 +1,7 @@ { config, lib, + pkgs, ... }: let inherit (lib.modules) mkDefault; @@ -13,7 +14,6 @@ in { vcpu = 2; mem = 2048; initialBalloonMem = 256; - balloon = true; volumes = [ { autoCreate = true; @@ -34,6 +34,28 @@ in { boot = { loader.grub.enable = false; loader.systemd-boot.enable = false; + initrd.kernelModules = [ + # required for net.netfilter.nf_conntrack_max appearing in sysfs early at boot + "nf_conntrack" + ]; + kernel.sysctl = let + limit = 2 * 1024; + mem = + if (config?microvm) + then config.microvm.mem + else limit; + in + lib.optionalAttrs (mem <= limit) { + # table overflow causing packets from nginx to the service to drop + # nf_conntrack: nf_conntrack: table full, dropping packet + "net.netfilter.nf_conntrack_max" = lib.mkDefault "65536"; + }; + kernelParams = [ + # mitigations which cost the most performance and are the least real world relevant + # NOTE: keep in sync with baremetal.nix + "retbleed=off" + "gather_data_sampling=off" # Downfall + ]; }; fileSystems = { @@ -48,29 +70,6 @@ in { }; hardware.enableRedistributableFirmware = false; - initrd.kernelModules = [ - # required for net.netfilter.nf_conntrack_max appearing in sysfs early at boot - "nf_conntrack" - ]; - kernel.sysctl = let - limit = 2 * 1024; - mem = - if (config?microvm) - then config.microvm.mem - else limit; - in - lib.optionalAttrs (mem <= limit) { - # table overflow causing packets from nginx to the service to drop - # nf_conntrack: nf_conntrack: table full, dropping packet - "net.netfilter.nf_conntrack_max" = lib.mkDefault "65536"; - }; - kernelParams = [ - # mitigations which cost the most performance and are the least real world relevant - # NOTE: keep in sync with baremetal.nix - "retbleed=off" - "gather_data_sampling=off" # Downfall - ]; - system.build.installBootLoader = getExe' pkgs.coreutils "true"; systemd.tmpfiles.rules = [ diff --git a/nixos/profiles/gaming/vr.nix b/nixos/profiles/gaming/vr.nix index 0b57f82e..859fe8fc 100644 --- a/nixos/profiles/gaming/vr.nix +++ b/nixos/profiles/gaming/vr.nix @@ -1,20 +1,14 @@ {pkgs, ...}: { - programs.envision = { - enable = false; - openFirewall = true; # This is set true by default - }; - - /* - services.wivrn = { + services.wivrn = { enable = true; openFirewall = true; - package = pkgs.wivrn.override { cudaSupport = true; }; + package = pkgs.wivrn.override {cudaSupport = true;}; defaultRuntime = true; config = { enable = true; json = { - scale = [ 0.5 0.5 ]; - bitrate = 300*1000; + scale = [0.5 0.5]; + bitrate = 300 * 1000; encoders = [ { encoder = "nvenc"; @@ -32,12 +26,11 @@ }; }; }; - */ environment.systemPackages = with pkgs; [ - #wlx-overlay-s - #monado-vulkan-layers - #bs-manager + wlx-overlay-s + monado-vulkan-layers + bs-manager ]; networking.firewall = { diff --git a/nixos/profiles/graphical/packages.nix b/nixos/profiles/graphical/packages.nix index 9a99c77c..4a2be8ca 100644 --- a/nixos/profiles/graphical/packages.nix +++ b/nixos/profiles/graphical/packages.nix @@ -1,13 +1,8 @@ -{ - pkgs, - inputs, - ... -}: { +{pkgs, ...}: { environment.systemPackages = with pkgs; [ jmtpfs dnsutils usbutils - inputs.push2talk.defaultPackage.${pkgs.system} ]; services.udev.packages = [ pkgs.android-udev-rules diff --git a/nixos/servers/syncthing/default.nix b/nixos/servers/syncthing/default.nix index bce5af77..c2d444be 100644 --- a/nixos/servers/syncthing/default.nix +++ b/nixos/servers/syncthing/default.nix @@ -4,9 +4,9 @@ lib, ... }: let - inherit (lib.modules) mkOption; + inherit (lib.options) mkOption; inherit (lib.types) str nullOr; - inherit (lib.attrsets) filterAttrs mapAttrs; + inherit (lib.attrsets) filterAttrs mapAttrs mapAttrs' nameValuePair; enabledHosts = filterAttrs (_n: v: v.config.services.syncthing.enable) self.nixosConfigurations; enabledSyncthings = mapAttrs (_n: _v: config.services.syncthing) enabledHosts; enabledDevices = mapAttrs' (_n: v: (nameValuePair v.device_name {id = v.device_id;})) enabledSyncthings; @@ -44,8 +44,8 @@ in { # `syncthing generate --no-default-folder --config meep/` # I hope this helps! That's what the content of those secrets are from. - key = sops.secrets.syncthing-key.path; - cert = sops.secrets.syncthing-cert.path; + key = config.sops.secrets.syncthing-key.path; + cert = config.sops.secrets.syncthing-cert.path; }; }; } diff --git a/tree.nix b/tree.nix index 69a99cce..f46f03e5 100644 --- a/tree.nix +++ b/tree.nix @@ -28,6 +28,8 @@ common.functor.enable = true; + "microvms/*".functor.enable = true; + "home/*".functor.enable = true; "home/profiles/*".functor.enable = true; "home/environments/*".functor.enable = true;