Refactors, konawall-py for darwin, sumireko update to Sonoma

2026-02-09 04:19:19 -08:00 · 2023-11-15 11:10:44 -08:00 · 2023-11-15 11:10:44 -08:00 · bc61d82487
commit bc61d82487
parent 091ddb5b91
151 changed files with 691 additions and 792 deletions
--- a/common/home.nix
+++ b/common/home.nix
@ -18,9 +18,10 @@ in {
      ]
      ++ list.optional (tree.${systemType} ? home) tree.${systemType}.home;

-    users.kat.imports = with tree.kat; [
+    users.kat.imports = with tree.home.profiles; [
      common
    ];
+
    extraSpecialArgs = {
      inherit tree machine std inputs;
      parent = config;
--- a/darwin/distributed.nix
+++ b/darwin/distributed.nix
@ -4,14 +4,16 @@
  };

  launchd.daemons.start_nixos_native = {
-    serviceConfig.ProgramArguments = [
+    serviceConfig = {
+      ProgramArguments = [
        "/bin/sh"
        "-c"
        "/bin/wait4path /nix/store &amp;&amp; ${pkgs.writeScript "start_nixos_native" ''
          /usr/bin/open "utm://start?name=NixOS Native"
        ''}"
      ];
-    serviceConfig.Label = "org.kittywitch.start_nixos_native";
-    serviceConfig.RunAtLoad = true;
+      Label = "org.kittywitch.start_nixos_native";
+      RunAtLoad = true;
+    };
  };
 }
--- a/darwin/orbstack.nix
+++ b/darwin/orbstack.nix
@ -0,0 +1,71 @@
+{
+  tree,
+  std,
+  ...
+}: let
+  inherit (std) string;
+in {
+  home-manager.users.root.programs.ssh = {
+    enable = true;
+    extraConfig = ''
+      Host orb
+        HostName 127.0.0.1
+        Port 32222
+        User default
+        IdentityFile /Users/kat/.orbstack/ssh/id_ed25519
+        ProxyCommand env HOME=/Users/kat '/Applications/OrbStack.app/Contents/Frameworks/OrbStack Helper (VM).app/Contents/MacOS/OrbStack Helper (VM)' ssh-proxy-fdpass
+        ProxyUseFdpass yes
+    '';
+  };
+
+  home-manager.users.kat = {
+    home.file = {
+      ".orbstack/ssh/authorized_keys".text =
+        (string.concatSep "\n" tree.home.user.data.keys)
+        + ''
+
+          ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILW2V8yL2vC/KDmIQdxhEeevKo1vGG18bvMNj9mLL/On
+        '';
+      ".ssh/authorized_keys".text = ''
+        ${string.concatSep "\n" tree.home.user.data.keys}
+      '';
+    };
+    programs.ssh = {
+      enable = true;
+      extraConfig = ''
+        Host orb
+          HostName 127.0.0.1
+          Port 32222
+          User default
+          IdentityFile /Users/kat/.orbstack/ssh/id_ed25519
+          ProxyCommand env HOME=/Users/kat '/Applications/OrbStack.app/Contents/Frameworks/OrbStack Helper (VM).app/Contents/MacOS/OrbStack Helper (VM)' ssh-proxy-fdpass
+          ProxyUseFdpass yes
+      '';
+    };
+  };
+
+  nix = {
+    buildMachines = [
+      {
+        hostName = "nixos@orb";
+        system = "aarch64-linux";
+        supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
+      }
+      {
+        hostName = "nixos@orb";
+        system = "x86_64-linux";
+        supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
+      }
+    ];
+    distributedBuilds = true;
+    extraOptions = ''
+      builders-use-substitutes = true
+    '';
+  };
+
+  homebrew = {
+    casks = [
+      "orbstack"
+    ];
+  };
+}
--- a/home/environments/darwin/konawall.nix
+++ b/home/environments/darwin/konawall.nix
@ -0,0 +1,93 @@
+{
+  config,
+  inputs,
+  pkgs,
+  ...
+}: let
+  konawallConfig = {
+    interval = 300;
+    rotate = true;
+    source = "konachan";
+    tags = [
+      "rating:s"
+      "score:>=50"
+      "width:>=1500"
+    ];
+    logging = {
+      file = "INFO";
+      console = "DEBUG";
+    };
+  };
+in {
+  home.file."Library/Application Support/konawall/config.toml".source = (pkgs.formats.toml {}).generate "konawall-config" konawallConfig;
+
+  launchd.agents.konawall = {
+    enable = true;
+    config = let
+      replacementPyProject = ''
+        [tool.poetry]
+        name = "konawall"
+        version = "0.1.0"
+        license = "MIT"
+        description = "A hopefully cross-platform service for fetching wallpapers and setting them"
+        authors = [
+            "Kat Inskip <kat@inskip.me>"
+        ]
+        readme = "README.MD"
+        packages = [
+            {include = "konawall"}
+        ]
+
+        [tool.poetry.scripts]
+        gui = "konawall.gui:main"
+
+        [tool.poetry.dependencies]
+        python = "^3.11"
+        pillow = "^10.0.1"
+        screeninfo = "^0.8.1"
+        requests = "^2.31.0"
+        termcolor = "^2.3.0"
+        wxpython = "^4.2.1"
+        humanfriendly = "^10.0"
+        xdg-base-dirs = "^6.0.1"
+
+        [build-system]
+        requires = [ "poetry-core" ]
+        build-backend = "poetry.core.masonry.api"
+      '';
+      konawallInitialize = pkgs.writeScriptBin "konawall-initialize" ''
+        #!/usr/bin/env bash
+        set -xeuo pipefail
+        # get a temporary directory
+        tmpDir=$(mktemp -d)
+        # copy the repository to the temporary directory recursively without keeping the permissions from the nix store
+        ${pkgs.coreutils}/bin/cp -r --no-preserve=mode,ownership "${inputs.konawall-py.outPath}" "$tmpDir/konawall"
+        # change directory to the copy
+        cd $tmpDir/konawall
+        # overwrite the pyproject.toml with the one that we want
+        # use a EOF heredoc to avoid escaping the quotes
+        cat <<EOF > pyproject.toml
+        ${replacementPyProject}
+        EOF
+        # install the dependencies
+        ${pkgs.poetry}/bin/poetry lock --no-update
+        ${pkgs.poetry}/bin/poetry install
+        # run the package
+        ${pkgs.poetry}/bin/poetry run gui
+      '';
+    in {
+      # yeah if https://github.com/NixOS/nixpkgs/issues/233265 and https://github.com/NixOS/nixpkgs/issues/101360
+      # and https://github.com/NixOS/nixpkgs/issues/105156 were ok we might be able to do this
+      #Program = "${inputs.konawall-py.packages.${pkgs.system}.konawall-py}/bin/konawall";
+      #ProgramArguments = ["${inputs.konawall-py.packages.${pkgs.system}.konawall-py}/bin/konawall"];
+      # it's unfortunate that this has to be done this way, for the most part.
+      ProgramArguments = [
+        "/usr/bin/env"
+        "bash"
+        "${konawallInitialize}/bin/konawall-initialize"
+      ];
+      RunAtLoad = true;
+      KeepAlive = true;
+    };
+  };
+}
--- a/home/environments/gnome/dconf.nix
+++ b/home/environments/gnome/dconf.nix
--- a/home/environments/gnome/extensions.nix
+++ b/home/environments/gnome/extensions.nix
--- a/home/environments/gnome/gtk.nix
+++ b/home/environments/gnome/gtk.nix
--- a/home/environments/gnome/ssh.nix
+++ b/home/environments/gnome/ssh.nix
--- a/home/environments/kde/gtk.nix
+++ b/home/environments/kde/gtk.nix
--- a/home/environments/kde/kde.nix
+++ b/home/environments/kde/kde.nix
--- a/home/environments/kde/konawall.nix
+++ b/home/environments/kde/konawall.nix
--- a/home/environments/kde/qt.nix
+++ b/home/environments/kde/qt.nix
--- a/home/environments/sway/barrier.nix
+++ b/home/environments/sway/barrier.nix
--- a/home/environments/sway/gtk.nix
+++ b/home/environments/sway/gtk.nix
--- a/home/environments/sway/layout.xkb
+++ b/home/environments/sway/layout.xkb
--- a/home/environments/sway/mako.nix
+++ b/home/environments/sway/mako.nix
--- a/home/environments/sway/sway.nix
+++ b/home/environments/sway/sway.nix
--- a/home/environments/sway/waybar.nix
+++ b/home/environments/sway/waybar.nix
--- a/home/environments/sway/waybar.sass
+++ b/home/environments/sway/waybar.sass
--- a/home/environments/sway/wofi.nix
+++ b/home/environments/sway/wofi.nix
--- a/home/environments/sway/wofi.sass
+++ b/home/environments/sway/wofi.sass
--- a/home/environments/sway/xdg.nix
+++ b/home/environments/sway/xdg.nix
--- a/home/environments/sway/xkb.nix
+++ b/home/environments/sway/xkb.nix
--- a/home/profiles/common/base16.nix
+++ b/home/profiles/common/base16.nix
--- a/home/profiles/common/docs.nix
+++ b/home/profiles/common/docs.nix
@ -3,6 +3,5 @@ _: {
    html.enable = false;
    json.enable = false;
    manpages.enable = false;
-    manual.manpages.enable = false;
  };
 }
--- a/home/profiles/common/profile-inheritance.nix
+++ b/home/profiles/common/profile-inheritance.nix
@ -0,0 +1,6 @@
+{tree, ...}: {
+  imports = with tree.home.profiles; [
+    shell
+    neovim
+  ];
+}
--- a/home/profiles/devops/packages.nix
+++ b/home/profiles/devops/packages.nix
@ -0,0 +1,25 @@
+{pkgs, ...}: {
+  home.packages = with pkgs; [
+    # IAC
+
+    terraform # iac tool
+
+    # Kubernetes
+
+    kubectl # kubectl
+    k9s # cute k8s client, canines~
+    kubernetes-helm # k8s package manager
+
+    # AWS
+
+    awscli2 # awscli v2
+
+    # Nix
+
+    deadnix # nix dead-code scanner
+    alejandra # nix code formatter
+    statix # nix anti-pattern finder
+    rnix-lsp # vscode nix extensions
+    deploy-rs.deploy-rs # deployment system
+  ];
+}
--- a/home/profiles/graphical/gpg.nix
+++ b/home/profiles/graphical/gpg.nix
--- a/home/profiles/graphical/packages.nix
+++ b/home/profiles/graphical/packages.nix
@ -0,0 +1,43 @@
+{pkgs, ...}: {
+  config = {
+    home.packages = with pkgs; [
+      # Password manager
+      bitwarden
+
+      # Task managers
+      btop
+      htop
+
+      # Mail
+      thunderbird
+
+      # Music
+      spotify
+
+      # Chat
+      discord
+      nheko # Matrix
+      tdesktop # Telegram
+      dino # XMPP
+      signal-desktop
+
+      # Exocortex
+      obsidian
+
+      # Archivery
+      unzip
+      zip
+      p7zip
+
+      # Misc
+      gimp-with-plugins # GIMP
+      exiftool # EXIF Stripping
+      lm_sensors # Sensor Data
+      cryptsetup # Encrypted block devices
+      yubikey-manager # Yubikey
+      imv # Image viewer
+      yt-dlp # Downloading media
+      v4l-utils # Webcam
+    ];
+  };
+}
--- a/home/profiles/graphical/vscode.nix
+++ b/home/profiles/graphical/vscode.nix
--- a/home/profiles/graphical/wezterm.nix
+++ b/home/profiles/graphical/wezterm.nix
--- a/home/profiles/neovim/default.nix
+++ b/home/profiles/neovim/default.nix
@ -7,7 +7,6 @@
 }: let
  inherit (lib.modules) mkIf;
  inherit (std) string set;
-  packDir = builtins.toString (pkgs.vimUtils.packDir config.programs.neovim.plugins);
  initLua = pkgs.substituteAll ({
      name = "init.lua";
      src = ./init.lua;
--- a/home/profiles/neovim/init.lua
+++ b/home/profiles/neovim/init.lua
--- a/home/profiles/shell/bitw.nix
+++ b/home/profiles/shell/bitw.nix
@ -7,7 +7,7 @@
    enable = false;
    package = pkgs.rbw-bitw;
    settings = {
-      inherit (tree.kat.user.data) email;
+      inherit (tree.home.user.data) email;
      base_url = "https://vault.kittywit.ch";
      identity_url = null;
      lock_timeout = 3600;
--- a/home/profiles/shell/direnv.nix
+++ b/home/profiles/shell/direnv.nix
--- a/home/profiles/shell/eza.nix
+++ b/home/profiles/shell/eza.nix
@ -1,4 +1,4 @@
-{pkgs, ...}: {
+_: {
  programs.eza = {
    enable = true;
    enableAliases = true;
--- a/home/profiles/shell/fzf.nix
+++ b/home/profiles/shell/fzf.nix
--- a/home/profiles/shell/git.nix
+++ b/home/profiles/shell/git.nix
@ -10,7 +10,7 @@
  ];

  programs.git = {
-    inherit (tree.kat.user.data) userName userEmail;
+    inherit (tree.home.user.data) userName userEmail;
    package = pkgs.gitAndTools.gitFull;
    enable = true;
    extraConfig = {
@ -24,7 +24,7 @@
      };
    };
    signing = {
-      inherit (tree.kat.user.data) key;
+      inherit (tree.home.user.data) key;
      signByDefault = true;
    };
  };
--- a/home/profiles/shell/inputrc.nix
+++ b/home/profiles/shell/inputrc.nix
--- a/home/profiles/shell/lc.nix
+++ b/home/profiles/shell/lc.nix
--- a/home/profiles/shell/packages.nix
+++ b/home/profiles/shell/packages.nix
--- a/home/profiles/shell/rink.nix
+++ b/home/profiles/shell/rink.nix
--- a/home/profiles/shell/ssh.nix
+++ b/home/profiles/shell/ssh.nix
--- a/home/profiles/shell/starship.nix
+++ b/home/profiles/shell/starship.nix
--- a/home/profiles/shell/tmux.nix
+++ b/home/profiles/shell/tmux.nix
--- a/home/profiles/shell/z.nix
+++ b/home/profiles/shell/z.nix
--- a/home/profiles/shell/zsh.nix
+++ b/home/profiles/shell/zsh.nix
--- a/home/user/common.nix
+++ b/home/user/common.nix
@ -4,7 +4,7 @@
  ...
 }: {
  users.users.kat = {
-    inherit (tree.kat.user.data) description;
+    inherit (tree.home.user.data) description;
    shell = pkgs.zsh;
  };
 }
--- a/home/user/darwin.nix
+++ b/home/user/darwin.nix
--- a/home/user/data.nix
+++ b/home/user/data.nix
--- a/home/user/default.nix
+++ b/home/user/default.nix
--- a/home/user/nixos.nix
+++ b/home/user/nixos.nix
@ -3,7 +3,7 @@
    uid = 1000;
    isNormalUser = true;
    openssh.authorizedKeys = {
-      inherit (tree.kat.user.data) keys;
+      inherit (tree.home.user.data) keys;
    };
    extraGroups = [
      "wheel"
--- a/kat/default.nix
+++ b/kat/default.nix
@ -1,42 +0,0 @@
-{
-  tree,
-  std,
-  ...
-}: let
-  inherit (std) set list;
-  wrapImports = imports:
-    set.map
-    (_: paths: {config, ...}: {
-      config.home-manager.users.kat = {
-        imports = list.singleton paths;
-      };
-    })
-    imports;
-  dirImports = wrapImports tree.prev;
-in
-  dirImports
-  // {
-    inherit (tree.prev) user;
-    common = {
-      imports = with tree.prev; [
-        base16
-        shell
-        neovim
-      ];
-    };
-    gui = {
-      imports = with dirImports; [
-        gui
-        wezterm
-        vscode
-        gpg
-      ];
-    };
-    work = {
-      imports = with dirImports; [
-        wezterm
-        vscode
-        gpg
-      ];
-    };
-  }
--- a/kat/gui/media.nix
+++ b/kat/gui/media.nix
@ -1,7 +0,0 @@
-{pkgs, ...}: {
-  home.packages = with pkgs; [
-    imv # Image viewer
-    yt-dlp # Downloading media
-    v4l-utils # Webcam
-  ];
-}
--- a/kat/gui/mpv.nix
+++ b/kat/gui/mpv.nix
@ -1,125 +0,0 @@
-{
-  config,
-  lib,
-  std,
-  pkgs,
-  ...
-}: let
-  inherit (std) string set;
-  inherit (lib.modules) mkMerge mkIf;
-in {
-  programs.mpv = {
-    enable = true;
-    scripts = with pkgs.mpvScripts; [sponsorblock paused];
-    bindings = let
-      vim = {
-        "l" = "seek 5";
-        "h" = "seek -5";
-        "k" = "seek 60";
-        "j" = "seek -60";
-        "Ctrl+l" = "seek 1 exact";
-        "Ctrl+h" = "seek -1 exact";
-        "Ctrl+L" = "sub-seek 1";
-        "Ctrl+H" = "sub-seek -1";
-        "Ctrl+k" = "add chapter 1";
-        "Ctrl+j" = "add chapter -1";
-        "Ctrl+K" = "playlist-next";
-        "Ctrl+J" = "playlist-prev";
-        "Alt+h" = "frame-back-step";
-        "Alt+l" = "frame-step";
-        "`" = "cycle mute";
-        "MBTN_RIGHT" = "cycle pause";
-        "w" = "screenshot";
-        "W" = "screenshot video";
-        "Ctrl+w" = "screenshot window";
-        "Ctrl+W" = "screenshot each-frame";
-        "o" = "show-progress";
-        "O" = "script-message show_osc_dur 5";
-        "F1" = "cycle sub";
-        "F2" = "cycle audio";
-        "Ctrl+p" = "cycle video";
-        "L" = "add volume 2";
-        "H" = "add volume -2";
-        "Alt+H" = "add audio-delay -0.100";
-        "Alt+L" = "add audio-delay 0.100";
-        "1" = "set volume 10";
-        "2" = "set volume 20";
-        "3" = "set volume 30";
-        "4" = "set volume 40";
-        "5" = "set volume 50";
-        "6" = "set volume 60";
-        "7" = "set volume 70";
-        "8" = "set volume 80";
-        "9" = "set volume 90";
-        ")" = "set volume 150";
-        "0" = "set volume 100";
-        "m" = "cycle mute";
-        "Ctrl+r" = "loadfile \${path}";
-        "Ctrl+R" = "video-reload";
-        "d" = "drop-buffers";
-        "Ctrl+d" = "quit";
-      };
-      other = {
-        "RIGHT" = vim."l";
-        "LEFT" = vim."h";
-        "UP" = vim."k";
-        "DOWN" = vim."j";
-        "Ctrl+0" = "set speed 1.0";
-        "Ctrl+=" = "multiply speed 1.1";
-        "Ctrl+-" = "multiply speed 1/1.1";
-        "Shift+LEFT" = vim."H";
-        "Shift+RIGHT" = vim."L";
-        "Ctrl+RIGHT" = vim."Ctrl+l";
-        "Ctrl+LEFT" = vim."Ctrl+h";
-        "Ctrl+Shift+LEFT" = vim."Ctrl+H";
-        "Ctrl+Shift+RIGHT" = vim."Ctrl+L";
-        "Ctrl+UP" = vim."Ctrl+k";
-        "Ctrl+DOWN" = vim."Ctrl+j";
-        "Ctrl+Shift+UP" = vim."Ctrl+K";
-        "Ctrl+Shift+DOWN" = vim."Ctrl+J";
-        "Alt+LEFT" = vim."Alt+h";
-        "Alt+RIGHT" = vim."Alt+l";
-        "SPACE" = vim."MBTN_RIGHT";
-        "m" = vim."`";
-        "WHEEL_UP" = vim."L";
-        "WHEEL_DOWN" = vim."H";
-      };
-    in
-      vim // other;
-    config = mkMerge [
-      (mkIf config.wayland.windowManager.sway.enable {
-        gpu-context = "wayland";
-      })
-      {
-        no-input-default-bindings = "";
-        profile = "gpu-hq";
-        hwdec = "auto";
-        vo = "gpu";
-        volume-max = 200;
-        keep-open = true;
-        opengl-waitvsync = true;
-        demuxer-max-bytes = "2000MiB";
-        demuxer-max-back-bytes = "250MiB";
-        osd-scale-by-window = false;
-        osd-bar-h = 2.5; # 3.125 default
-        osd-border-size = 2; # font border pixels, default 3
-        term-osd-bar = true;
-        script-opts =
-          string.concatSep ","
-          (set.mapToValues (k: v: "${k}=${toString v}") {
-            ytdl_hook-ytdl_path = "${pkgs.yt-dlp}/bin/yt-dlp";
-            osc-layout = "slimbox";
-            osc-vidscale = "no";
-            osc-deadzonesize = 0.75;
-            osc-minmousemove = 4;
-            osc-hidetimeout = 2000;
-            osc-valign = 0.9;
-            osc-timems = "yes";
-            osc-seekbarstyle = "knob";
-            osc-seekbarkeyframes = "no";
-            osc-seekrangestyle = "slider";
-          });
-      }
-    ];
-  };
-}
--- a/kat/gui/packages.nix
+++ b/kat/gui/packages.nix
@ -1,32 +0,0 @@
-{pkgs, ...}: {
-  home.packages = with pkgs; [
-    # Password manager
-    bitwarden
-    # Task managers
-    btop
-    htop
-    # Mail
-    thunderbird
-    # Music
-    spotify
-    playerctl
-    # Chat
-    discord
-    nheko # Matrix
-    tdesktop # Telegram
-    dino # XMPP
-    signal-desktop
-    # Exocortex
-    obsidian
-    # Archivery
-    unzip
-    zip
-    p7zip
-    # Misc
-    gimp-with-plugins # GIMP
-    exiftool # EXIF Stripping
-    lm_sensors # Sensor Data
-    cryptsetup # Encrypted block devices
-    yubikey-manager # Yubikey
-  ];
-}
--- a/modules/nixos/machine.nix
+++ b/modules/nixos/machine.nix
@ -0,0 +1,15 @@
+{lib, ...}: let
+  inherit (lib.modules) mkOption;
+  inherit (lib.types) enum;
+in {
+  options.machine = {
+    cpuVendor = mkOption {
+      type = enum [
+        "intel"
+        "amd"
+        "apple"
+      ];
+      description = "CPU vendor";
+    };
+  };
+}
--- a/nixos/common/access.nix
+++ b/nixos/common/access.nix
@ -13,20 +13,6 @@
      config.users.users);
  };
 in {
-  security.sudo.extraRules = [
-    {
-      users = ["deploy"];
-      commands = [
-        {
-          command = "ALL";
-          options = [
-            "NOPASSWD"
-            "SETENV"
-          ];
-        }
-      ];
-    }
-  ];
  users.users = {
    root = commonUser;
    deploy =
--- a/nixos/common/autoupgrade.nix
+++ b/nixos/common/autoupgrade.nix
@ -1,6 +0,0 @@
-{config, ...}: {
-  system.autoUpgrade = {
-    enable = false;
-    flake = "github:kittywitch/infrastructure#${config.networking.hostName}";
-  };
-}
--- a/nixos/common/console.nix
+++ b/nixos/common/console.nix
--- a/nixos/common/disable-documentation.nix
+++ b/nixos/common/disable-documentation.nix
--- a/nixos/common/mutable-users.nix
+++ b/nixos/common/mutable-users.nix
--- a/nixos/common/nftables.nix
+++ b/nixos/common/nftables.nix
@ -1,4 +1,3 @@
 _: {
  networking.nftables.enable = true;
-  services.tailscale.enable = true;
 }
--- a/nixos/common/nix-deploy-trusted-user.nix
+++ b/nixos/common/nix-deploy-trusted-user.nix
@ -0,0 +1,9 @@
+_: {
+  nix = {
+    settings = {
+      trusted-users = [
+        "deploy"
+      ];
+    };
+  };
+}
--- a/nixos/common/nix.nix
+++ b/nixos/common/nix.nix
@ -1,21 +0,0 @@
-{lib, ...}: let
-  inherit (lib.modules) mkDefault;
-in {
-  boot.loader = {
-    grub.configurationLimit = 8;
-    systemd-boot.configurationLimit = 8;
-  };
-
-  nix = {
-    settings = {
-      trusted-users = [
-        "deploy"
-      ];
-    };
-    gc = {
-      automatic = mkDefault false;
-      dates = mkDefault "weekly";
-      options = mkDefault "--delete-older-than 7d";
-    };
-  };
-}
--- a/nixos/common/ssh.nix
+++ b/nixos/common/ssh.nix
@ -9,22 +9,10 @@
 in {
  networking.firewall = {
    allowedTCPPorts = [(list.unsafeHead config.services.openssh.ports)];
-    allowedUDPPortRanges = [
-      {
-        from = 60000;
-        to = 61000;
-      }
-    ];
  };

  services.openssh = {
    enable = true;
-    /*
-      knownHosts.katca = {
-      certAuthority = true;
-      publicKey = builtins.readFile ./ca-pubkey.pem;
-    };
-    */
    settings = {
      KexAlgorithms = ["curve25519-sha256@libssh.org"];
      PasswordAuthentication = false;
@ -37,6 +25,4 @@ in {
      LogLevel VERBOSE
    '';
  };
-
-  programs.mosh.enable = true;
 }
--- a/nixos/common/sudo-nopasswd.nix
+++ b/nixos/common/sudo-nopasswd.nix
@ -0,0 +1,16 @@
+_: {
+  security.sudo.extraRules = [
+    {
+      users = ["deploy"];
+      commands = [
+        {
+          command = "ALL";
+          options = [
+            "NOPASSWD"
+            "SETENV"
+          ];
+        }
+      ];
+    }
+  ];
+}
--- a/nixos/common/tailscale.nix
+++ b/nixos/common/tailscale.nix
@ -0,0 +1,3 @@
+_: {
+  services.tailscale.enable = true;
+}
--- a/nixos/common/tzupdate.nix
+++ b/nixos/common/tzupdate.nix
--- a/nixos/common/shell.nix
+++ b/nixos/common/shell.nix
--- a/nixos/environments/gnome/dconf.nix
+++ b/nixos/environments/gnome/dconf.nix
@ -0,0 +1,3 @@
+_: {
+  programs.dconf.enable = true;
+}
--- a/nixos/environments/gnome/packages.nix
+++ b/nixos/environments/gnome/packages.nix
@ -1,15 +1,4 @@
-{
-  pkgs,
-  tree,
-  ...
-}: {
-  imports = with tree.nixos.roles; [
-    graphical
-  ];
-
-  services.xserver.enable = true;
-  services.xserver.displayManager.gdm.enable = true;
-  services.xserver.desktopManager.gnome.enable = true;
+{pkgs, ...}: {
  environment.gnome.excludePackages =
    (with pkgs; [
      gnome-photos
@ -30,7 +19,6 @@
      gnome-contacts
      gnome-initial-setup
    ]);
-  programs.dconf.enable = true;
  environment.systemPackages = with pkgs; [
    gnome.gnome-tweaks
    gnome-extension-manager
--- a/nixos/environments/gnome/profile-inheritance.nix
+++ b/nixos/environments/gnome/profile-inheritance.nix
@ -0,0 +1,9 @@
+{tree, ...}: {
+  imports = with tree.nixos.profiles; [
+    graphical
+  ];
+
+  home-manager.users.kat.imports = with tree.home.environments; [
+    gnome
+  ];
+}
--- a/nixos/environments/gnome/xserver.nix
+++ b/nixos/environments/gnome/xserver.nix
@ -0,0 +1,7 @@
+_: {
+  services.xserver = {
+    enable = true;
+    displayManager.gdm.enable = true;
+    desktopManager.gnome.enable = true;
+  };
+}
--- a/nixos/environments/kde/dconf.nix
+++ b/nixos/environments/kde/dconf.nix
@ -0,0 +1,3 @@
+_: {
+  programs.dconf.enable = true;
+}
--- a/nixos/environments/kde/profile-inheritance.nix
+++ b/nixos/environments/kde/profile-inheritance.nix
@ -0,0 +1,9 @@
+{tree, ...}: {
+  imports = with tree.nixos.profiles; [
+    graphical
+  ];
+
+  home-manager.users.kat.imports = with tree.home.environments; [
+    kde
+  ];
+}
--- a/nixos/environments/kde/xserver.nix
+++ b/nixos/environments/kde/xserver.nix
@ -0,0 +1,7 @@
+_: {
+  services.xserver = {
+    enable = true;
+    displayManager.sddm.enable = true;
+    desktopManager.plasma5.enable = true;
+  };
+}
--- a/nixos/environments/sway/profile-inheritance.nix
+++ b/nixos/environments/sway/profile-inheritance.nix
@ -0,0 +1,9 @@
+{tree, ...}: {
+  imports = with tree.nixos.profiles; [
+    graphical
+  ];
+
+  home-manager.users.kat.imports = with tree.home.environments; [
+    sway
+  ];
+}
--- a/nixos/environments/sway/sway.nix
+++ b/nixos/environments/sway/sway.nix
--- a/nixos/environments/sway/xdg-portals.nix
+++ b/nixos/environments/sway/xdg-portals.nix
--- a/nixos/hardware/default.nix
+++ b/nixos/hardware/default.nix
@ -1,26 +0,0 @@
-{tree, ...}: let
-  profiles = tree.prev;
-  appendedProfiles = {
-    common-wifi-bt = {
-      imports = with profiles; [
-        wifi
-        bluetooth
-      ];
-    };
-    laptop = {
-      imports = with profiles; [
-        laptop
-        sound
-      ];
-    };
-    lenovo-thinkpad-x260 = {
-      imports = with profiles; [
-        lenovo-thinkpad-x260
-        lenovo-thinkpad-x260-local
-        appendedProfiles.laptop
-        appendedProfiles.common-wifi-bt
-      ];
-    };
-  };
-in
-  profiles // appendedProfiles
--- a/nixos/hardware/intel.nix
+++ b/nixos/hardware/intel.nix
@ -0,0 +1,11 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (lib.modules) mkIf;
+in {
+  config = mkIf (config.machine.cpuVendor == "intel") {
+    boot.kernelModules = ["kvm-intel"];
+  };
+}
--- a/nixos/hardware/laptop.nix
+++ b/nixos/hardware/laptop.nix
@ -1,37 +0,0 @@
-{
-  lib,
-  pkgs,
-  ...
-}: let
-  inherit (lib.modules) mkDefault;
-in {
-  powerManagement.cpuFreqGovernor = mkDefault "powersave";
-  programs.light.enable = true;
-  home-manager.sharedModules = [
-    {
-      programs.waybar.settings.main = {
-        modules-right = [
-          "backlight"
-          "battery"
-        ];
-        backlight = {
-          format = " {percent}%";
-          on-scroll-up = "${pkgs.light}/bin/light -A 1";
-          on-scroll-down = "${pkgs.light}/bin/light -U 1";
-        };
-        battery = {
-          states = {
-            good = 90;
-            warning = 30;
-            critical = 15;
-          };
-          format = "{icon} {capacity}%";
-          format-charging = " {capacity}%";
-          format-plugged = " {capacity}%";
-          format-alt = "{icon} {time}";
-          format-icons = ["" "" "" "" ""];
-        };
-      };
-    }
-  ];
-}
--- a/nixos/hardware/lenovo-thinkpad-x260-local.nix
+++ b/nixos/hardware/lenovo-thinkpad-x260-local.nix
@ -1,17 +0,0 @@
-_: {
-  boot = {
-    initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod" "sr_mod" "rtsx_usb_sdmmc"];
-    kernelModules = ["kvm-intel"];
-  };
-  home-manager.sharedModules = [
-    {
-      wayland.windowManager.sway.config.input."2:7:SynPS/2_Synaptics_TouchPad" = {
-        dwt = "enabled";
-        tap = "enabled";
-        natural_scroll = "enabled";
-        middle_emulation = "enabled";
-        click_method = "clickfinger";
-      };
-    }
-  ];
-}
--- a/nixos/hardware/sound.nix
+++ b/nixos/hardware/sound.nix
@ -1,45 +0,0 @@
-{pkgs, ...}: {
-  environment.systemPackages = with pkgs; [pulsemixer];
-
-  sound = {
-    enable = true;
-    extraConfig = ''
-      defaults.pcm.rate_converter "speexrate_best"
-    '';
-  };
-  hardware.pulseaudio.enable = false;
-
-  security.rtkit.enable = true;
-
-  services.pipewire = {
-    enable = true;
-    pulse.enable = true;
-    alsa.support32Bit = true;
-    jack.enable = true;
-    alsa.enable = true;
-  };
-
-  home-manager.sharedModules = [
-    {
-      programs.waybar.settings.main = {
-        modules-right = [
-          "pulseaudio"
-        ];
-        pulseaudio = {
-          format = "{icon} {volume}%";
-          format-muted = "";
-          on-click = "${pkgs.wezterm}/bin/wezterm start ${pkgs.pulsemixer}/bin/pulsemixer";
-          format-icons = {
-            headphone = "";
-            headset = "";
-            default = [
-              ""
-              ""
-              ""
-            ];
-          };
-        };
-      };
-    }
-  ];
-}
--- a/nixos/profiles/bootable/loader-config-limit.nix
+++ b/nixos/profiles/bootable/loader-config-limit.nix
@ -0,0 +1,8 @@
+_: {
+  boot = {
+    loader = {
+      grub.configurationLimit = 8;
+      systemd-boot.configurationLimit = 8;
+    };
+  };
+}
--- a/nixos/profiles/bootable/sysctl.nix
+++ b/nixos/profiles/bootable/sysctl.nix
@ -0,0 +1,15 @@
+{lib, ...}: let
+  inherit (lib.modules) mkDefault;
+in {
+  boot = {
+    kernel.sysctl = {
+      "fs.inotify.max_user_watches" = 524288;
+      "net.core.rmem_max" = 16777216;
+      "net.core.wmem_max" = 16777216;
+      "net.ipv4.tcp_rmem" = "4096 87380 16777216";
+      "net.ipv4.tcp_wmem" = "4096 65536 16777216";
+      "net.ipv4.ip_forward" = mkDefault "1";
+      "net.ipv6.conf.all.forwarding" = "1";
+    };
+  };
+}
--- a/nixos/profiles/bootable/tmp.nix
+++ b/nixos/profiles/bootable/tmp.nix
@ -0,0 +1,8 @@
+_: {
+  boot = {
+    tmp = {
+      tmpfsSize = "80%";
+      useTmpfs = true;
+    };
+  };
+}
--- a/nixos/profiles/bootable/zfs.nix
+++ b/nixos/profiles/bootable/zfs.nix
@ -0,0 +1,14 @@
+{
+  std,
+  config,
+  lib,
+  ...
+}: let
+  inherit (std) list;
+  inherit (lib.modules) mkDefault mkIf;
+in {
+  boot = mkIf (list.elem "zfs" config.boot.supportedFilesystems) {
+    kernelPackages = mkDefault config.boot.zfs.package.latestCompatibleLinuxPackages;
+    zfs.enableUnstable = true;
+  };
+}
--- a/nixos/profiles/gaming/steam.nix
+++ b/nixos/profiles/gaming/steam.nix
--- a/nixos/profiles/graphical/dns.nix
+++ b/nixos/profiles/graphical/dns.nix
--- a/nixos/profiles/graphical/fonts.nix
+++ b/nixos/profiles/graphical/fonts.nix
--- a/nixos/profiles/graphical/gpg.nix
+++ b/nixos/profiles/graphical/gpg.nix
--- a/nixos/profiles/graphical/hardware.nix
+++ b/nixos/profiles/graphical/hardware.nix
--- a/nixos/profiles/graphical/nfs.nix
+++ b/nixos/profiles/graphical/nfs.nix
--- a/nixos/profiles/graphical/packages.nix
+++ b/nixos/profiles/graphical/packages.nix
--- a/nixos/profiles/graphical/pam.nix
+++ b/nixos/profiles/graphical/pam.nix
--- a/nixos/profiles/graphical/profile-inheritance.nix
+++ b/nixos/profiles/graphical/profile-inheritance.nix
@ -0,0 +1,5 @@
+{tree, ...}: {
+  imports = with tree.nixos.profiles; [
+    bootable
+  ];
+}
--- a/nixos/profiles/graphical/qt.nix
+++ b/nixos/profiles/graphical/qt.nix
--- a/nixos/profiles/graphical/sound.nix
+++ b/nixos/profiles/graphical/sound.nix
@ -0,0 +1,21 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [pulsemixer];
+
+  sound = {
+    enable = true;
+    extraConfig = ''
+      defaults.pcm.rate_converter "speexrate_best"
+    '';
+  };
+  hardware.pulseaudio.enable = false;
+
+  security.rtkit.enable = true;
+
+  services.pipewire = {
+    enable = true;
+    pulse.enable = true;
+    alsa.support32Bit = true;
+    jack.enable = true;
+    alsa.enable = true;
+  };
+}
--- a/Show more
+++ b/Show more