feat: vicinae, update servers

TODO.md

@@ -6,6 +6,7 @@
     - [ ] matrix.org or nix.dev
     - [ ] Desktop
 - [ ] Test performance for virtual machines on laptop and desktop
+- [ ] Clean up password manager
 
 ## New service deployments
 

flake.lock

@@ -2004,6 +2004,9 @@
         "tree": "tree",
         "treefmt-nix": "treefmt-nix_3",
         "ucodenix": "ucodenix",
+        "vicinae": "vicinae",
+        "vicinae-extensions": "vicinae-extensions",
+        "vicinae-rbw": "vicinae-rbw",
         "wezterm": "wezterm"
       }
     },
@@ -2577,6 +2580,71 @@
         "type": "github"
       }
     },
+    "vicinae": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "systems": [
+          "systems"
+        ]
+      },
+      "locked": {
+        "lastModified": 1765272078,
+        "narHash": "sha256-etv2HJA9OWvTkjnrjaNSqvebu9gWLIGPYb9PWr4qkfM=",
+        "owner": "vicinaehq",
+        "repo": "vicinae",
+        "rev": "32cf6b1f82e007cddba9c9ae037eff670219cd55",
+        "type": "github"
+      },
+      "original": {
+        "owner": "vicinaehq",
+        "repo": "vicinae",
+        "type": "github"
+      }
+    },
+    "vicinae-extensions": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "systems": [
+          "systems"
+        ],
+        "vicinae": [
+          "vicinae"
+        ]
+      },
+      "locked": {
+        "lastModified": 1765122409,
+        "narHash": "sha256-CR4yU44yKqQHOuS5i/ca+05K90sKfcZ+7uoARjrOOJo=",
+        "owner": "vicinaehq",
+        "repo": "extensions",
+        "rev": "6e0c6e9eec288a577183998fb24bc8134b236e5d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "vicinaehq",
+        "repo": "extensions",
+        "type": "github"
+      }
+    },
+    "vicinae-rbw": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1765285656,
+        "narHash": "sha256-ncZmIQw89KRof41ZrgAvt2L+UjIHGy11EMq767Nw5yg=",
+        "owner": "kittywitch",
+        "repo": "vicinae-rbw",
+        "rev": "ae004193b80bf38a0bd66dae37a82c8308191163",
+        "type": "github"
+      },
+      "original": {
+        "owner": "kittywitch",
+        "repo": "vicinae-rbw",
+        "type": "github"
+      }
+    },
     "wezterm": {
       "inputs": {
         "flake-utils": [

flake.nix

@@ -62,6 +62,25 @@
         rust.follows = "rust";
       };
     };
+    vicinae = {
+      url = "github:vicinaehq/vicinae";
+      inputs = {
+        systems.follows = "systems";
+        nixpkgs.follows = "nixpkgs";
+      };
+    };
+    vicinae-rbw = {
+      url = "github:kittywitch/vicinae-rbw";
+      flake = false;
+    };
+    vicinae-extensions = {
+      url = "github:vicinaehq/extensions";
+      inputs = {
+        systems.follows = "systems";
+        nixpkgs.follows = "nixpkgs";
+        vicinae.follows = "vicinae";
+      };
+    };
     # better than nixpkgs.lib
     nix-std = {
       url = "github:chessai/nix-std";

home/environments/niri/anyrun.nix

@@ -1,19 +1,8 @@
-{
+{config, ...}: let
-  config,
-  lib,
-  ...
-}: let
   cfg = config.programs.anyrun;
-  inherit (lib.meta) getExe;
 in {
-  programs.niri.settings.binds = {
-    "Mod+D".action = let
-      sh = config.lib.niri.actions.spawn "sh" "-c";
-    in
-      sh (getExe cfg.package);
-  };
   programs.anyrun = {
-    enable = true;
+    enable = false;
     config = {
       x = {fraction = 0.5;};
       y = {fraction = 0.3;};

home/environments/niri/binds.nix

@@ -36,6 +36,7 @@ in {
     personalBindings = {
       "Mod+Return".action = sh ''${getExe config.programs.alacritty.package}'';
       "Mod+T".action.toggle-window-floating = {};
+      "Mod+D".action = sh ''${getExe config.programs.vicinae.package} toggle'';
       #"Mod+D".action = sh ''${getExe config.programs.fuzzel.package} -D no -T "${getExe config.programs.alacritty.package} --command"'';
       #"Mod+D".action = sh ''${noctalia} launcher toggle'';
       #"Mod+Shift+D".action = sh ''${noctalia} launcher clipboard'';

home/environments/niri/vicinae.nix

@@ -0,0 +1,31 @@
+{
+  pkgs,
+  inputs,
+  ...
+}: {
+  home.packages = with pkgs; [
+    brotab
+    oath-toolkit
+  ];
+  programs.vicinae = {
+    enable = true;
+    systemd.enable = true;
+    extensions =
+      (with inputs.vicinae-extensions.packages.${pkgs.stdenv.hostPlatform.system}; [
+        bluetooth
+        nix
+        mullvad
+        player-pilot
+        wifi-commander
+        ssh
+        niri
+        brotab
+      ])
+      ++ [
+        (inputs.vicinae.packages.${pkgs.stdenv.hostPlatform.system}.mkVicinaeExtension rec {
+          pname = "vicinae-rbw";
+          src = inputs.${pname}.outPath;
+        })
+      ];
+  };
+}

home/environments/niri/xdg.nix

@@ -13,7 +13,6 @@
       enable = true;
       defaultApplications = {
         "inode/directory" = "pcmanfm.desktop";
-        "text/plain" = "nvim.desktop";
       };
     };
   };

home/profiles/graphical/librewolf/main.nix

@@ -28,6 +28,7 @@
             sponsorblock
             link-cleaner
             canvasblocker
+            brotab
             a11ycss
             view-image
             wappalyzer

home/profiles/graphical/librewolf/ublock.nix

@@ -1,7 +1,8 @@
 {nur, ...}: {
   programs.librewolf.profiles.main.extensions = {
     packages = with nur.repos.rycee.firefox-addons; [
-      adnauseam
+      #adnauseam
+      ublock-origin
     ];
     settings = {
     };

home/profiles/graphical/packages.nix

@@ -1,20 +1,58 @@
-{pkgs, ...}: {
+{
+  pkgs,
+  lib,
+  ...
+}: let
+  inherit (lib.attrsets) genAttrs;
+in {
+  xdg.mimeApps.defaultApplications = let
+    genDefault = application: types: genAttrs types (_: application);
+    imageTypes = map (x: "image/${x}") [
+      "apng"
+      "avif"
+      "bmp"
+      "gif"
+      "heic"
+      "heif"
+      "jpeg"
+      "png"
+      "svg+xml"
+      "webp"
+    ];
+    videoTypes = map (x: "video/${x}") [
+      "AV1"
+      "H264"
+      "H265"
+      "matroska"
+      "mp4"
+      "MPV"
+      "mpeg"
+      "ogg"
+      "VP8"
+      "VP9"
+    ];
+    imageDefaults = genDefault "imv.desktop" imageTypes;
+    videoDefaults = genDefault "mpv.desktop" videoTypes;
+    combinedDefaults = imageDefaults // videoDefaults;
+  in
+    combinedDefaults;
   home.packages = with pkgs; [
     anki
 
-    # Task managers
+    # Imagery
-    btop
-    htop
-
     aseprite
+    imv
+    gimp
+
     # Chat
     telegram-desktop # Telegram
     signal-desktop
     fluffychat
     dino
     mumble
-    keymapp
+
     # Archivery
+    xarchiver
     unzip
     zip
     p7zip
@@ -30,7 +68,5 @@
     pwvucontrol
     veracrypt
     deluge
-    gimp
-    xarchiver
   ];
 }

home/profiles/nixvim/nixvim.nix

@@ -9,6 +9,9 @@
     };
   };
 in {
+  xdg.mimeApps.defaultApplications = {
+    "text/plain" = "nvim.desktop";
+  };
   programs.nixvim = {
     enable = true;
     defaultEditor = true;

home/profiles/shell/git.nix

@@ -14,13 +14,13 @@
     jujutsu = {
       enable = true;
     };
+    delta = {
+      enable = true;
+    };
     git = {
       inherit (tree.home.user.data) userName userEmail;
       package = pkgs.gitFull;
       enable = true;
-      delta = {
-        enable = true;
-      };
       extraConfig = {
         init = {defaultBranch = "main";};
         protocol.gcrypt.allow = "always";

nixos/common/ssh.nix

@@ -16,7 +16,11 @@ in {
   services.openssh = {
     enable = true;
     settings = {
-      KexAlgorithms = ["curve25519-sha256@libssh.org"];
+      KexAlgorithms = [
+        "mlkem768x25519-sha256"
+        "sntrup761x25519-sha512"
+        "curve25519-sha256@libssh.org"
+      ];
       PasswordAuthentication = false;
       KbdInteractiveAuthentication = false;
       PermitRootLogin = mkDefault "prohibit-password";

nixos/servers/web/acme.nix

@@ -1,8 +1,13 @@
-{config, ...}: {
+{
+  config,
+  lib,
+  ...
+}: {
   security.acme = {
     defaults = {
       dnsProvider = "cloudflare";
       credentialsFile = config.sops.secrets.acme_credentials.path;
+      email = lib.mkDefault "acme@inskip.me";
     };
     acceptTerms = true;
   };

scripts/brotab.sh

@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+brotab "$@"

systems/daiyousei.nix

@@ -69,7 +69,6 @@ _: let
       };
       "localhost" = vHost;
     };
-    security.acme.defaults.email = "acme@inskip.me";
     system.stateVersion = "23.11";
   };
 in {

systems/katvm.nix

@@ -1,157 +0,0 @@
-_: let
-  hostConfig = {
-    tree,
-    pkgs,
-    lib,
-    config,
-    ...
-  }: let
-    inherit (lib.attrsets) nameValuePair listToAttrs;
-    datasets = [
-      "root"
-      "nix"
-      "games"
-      "home"
-      "var"
-    ];
-    datasetEntry = dataset:
-      nameValuePair (
-        if dataset == "root"
-        then "/"
-        else "/${dataset}"
-      ) {
-        device = "zpool/${dataset}";
-        fsType = "zfs";
-        options = ["zfsutil"];
-      };
-    datasetEntries = listToAttrs (map datasetEntry datasets);
-
-    drives = {
-      boot = rec {
-        raw = "/dev/disk/by-uuid/BEDB-489E";
-        result = {
-          device = raw;
-          fsType = "vfat";
-        };
-      };
-      swap = rec {
-        raw = "/dev/disk/by-partuuid/cba02f4a-a90d-44e3-81a8-46bb4500112e";
-        result = {
-          device = raw;
-          randomEncryption = true;
-        };
-      };
-    };
-  in {
-    imports =
-      (with tree.nixos.hardware; [
-        ])
-      ++ (with tree.nixos.profiles; [
-        graphical
-      ])
-      ++ (with tree.nixos.environments; [
-        niri
-      ]);
-    config = {
-      home-manager.users.kat = {
-        programs = {
-          konawall-py.settings = {
-            source = "konachan";
-            tags = [
-              "rating:s"
-            ];
-          };
-        };
-        imports =
-          (with tree.home.profiles; [
-            graphical
-          ])
-          ++ (with tree.home.environments; [
-            niri
-          ]);
-      };
-
-      fileSystems =
-        datasetEntries
-        // {
-          "/boot" = drives.boot.result;
-        };
-
-      swapDevices = [
-        drives.swap.result
-      ];
-
-      boot = {
-        loader = {
-          grub.useOSProber = true;
-          systemd-boot.enable = lib.mkForce false;
-        };
-        extraModprobeConfig = "options snd_hda_intel power_save=0";
-        extraModulePackages = [config.boot.kernelPackages.v4l2loopback.out];
-      };
-
-      services.scx = {
-        enable = true;
-        package = pkgs.scx_git.full;
-        scheduler = "scx_lavd";
-      };
-
-      zramSwap.enable = true;
-
-      programs.ssh.extraConfig = ''
-        Host daiyousei-build
-            HostName 140.238.156.121
-            User root
-            IdentityAgent /run/user/1000/gnupg/S.gpg-agent.ssh
-      '';
-
-      nix = {
-        buildMachines = [
-          {
-            hostName = "daiyousei-build";
-            system = "aarch64-linux";
-            protocol = "ssh-ng";
-            maxJobs = 100;
-            speedFactor = 1;
-            supportedFeatures = ["benchmark" "big-parallel" "kvm"];
-            mandatoryFeatures = [];
-          }
-        ];
-        distributedBuilds = true;
-        extraOptions = ''
-          builders-use-substitutes = true
-        '';
-      };
-
-      # optional, useful when the builder has a faster internet connection than yours
-      services = {
-        printing.enable = true;
-        syncthing = {
-          enable = true;
-          openDefaultPorts = true;
-          user = "kat";
-          dataDir = "/home/kat";
-        };
-        hardware.bolt.enable = true;
-      };
-
-      boot = {
-        supportedFilesystems = ["ntfs" "xfs"];
-      };
-
-      networking = {
-        hostId = "9ef75c48";
-        useDHCP = false;
-      };
-
-      system.stateVersion = "24.05";
-    };
-  };
-in {
-  arch = "x86_64";
-  ci.enable = false; # Closure too large
-  type = "NixOS";
-  modules = [
-    hostConfig
-  ];
-}

vr/arguments

@@ -1 +0,0 @@
-PRESSURE_VESSEL_FILESYSTEMS_RW=$XDG_RUNTIME_DIR/wivrn/comp_ipc