diff --git a/SCREENSHARING b/SCREENSHARING new file mode 100644 index 0000000..d3046f6 --- /dev/null +++ b/SCREENSHARING @@ -0,0 +1,11 @@ +Excellent Resource +https://gist.github.com/brunoanc/2dea6ddf6974ba4e5d26c3139ffb7580#install-xdg-desktop-portal-and-friends + +Hyprland official page on screensharing +https://wiki.hyprland.org/Useful-Utilities/Screen-Sharing/ + + +Multiple sources seem to think that use xdg-desktop-portal-wlr works (but I can't stream individual applications) +but I suppose that's better than nothing? + +Also check out xwaylandvideobridge diff --git a/TODO b/TODO.md similarity index 98% rename from TODO rename to TODO.md index bb8e65c..6b9f235 100644 --- a/TODO +++ b/TODO.md @@ -1,5 +1,4 @@ ## Next Up -0. Rename TODO -> TODO.md 1. Rename user "ae" to "cry" or "vps" 2. Add 404 page to nginx on hyrule 3. Add a user called "mirror" that stores important mirrors (inspiration: https://git.gay/mirror) diff --git a/banner b/banner new file mode 100644 index 0000000..67e1bd9 --- /dev/null +++ b/banner @@ -0,0 +1,6 @@ + .------------. + | oh my | + '------------' + ^ (\_(\ + '----- ( -.-) + o_(")(") diff --git a/config.temp/hyprland.conf b/config.temp/hyprland.conf index 864b184..4876e8a 100755 --- a/config.temp/hyprland.conf +++ b/config.temp/hyprland.conf @@ -25,8 +25,9 @@ monitor=eDP-1, highres@highrr, auto, 1.0 # Set programs that you use $terminal = ghostty #rio $fileManager = thunar -#$menu = wofi --show drun -$menu = ags -t "applauncher" +# $menu = wofi --show drun +# $menu = ags -t "applauncher" +$menu = fuzzel $colorpicker = hyprpicker | head -c 7 | wl-copy ################# @@ -40,6 +41,7 @@ $colorpicker = hyprpicker | head -c 7 | wl-copy # exec-once = nm-applet & # exec-once = waybar & hyprpaper & firefox exec-once = swww-daemon & +exec-once = mako & # TODO: or do I do `swww init` or `swww restore`? # █▀▀ █▄░█ █░█   █░█ ▄▀█ █▀█ diff --git a/deploy b/deploy index 911d054..fcd6f85 100755 --- a/deploy +++ b/deploy @@ -9,6 +9,7 @@ Options: -f, --fresh Remove old content in the nixstore (good for debugging) -b, --bootloader Reinstall the bootloader -r, --remote Locally build and remotely deploy Colmena hive + --show-trace Show nix stack trace on error -h, --help Show this message (^_^)" # delete all cached entries @@ -19,7 +20,8 @@ collect_garbage () { rebuild_flake () { # make sure all changes are visible to nixos - git add . --verbose + # (--intent-to-add tracks files but DOES NOT stage them) + git add . --intent-to-add --verbose local FLAGS= if [ "$1" = "reinstall-bootloader" ]; then FLAGS="--install-bootloader" @@ -30,7 +32,7 @@ rebuild_flake () { # LOG="$(mktemp /tmp/rebuild-XXXXXXXX)" LOG="./rebuild.log" echo "[*] Logging to $LOG" - sudo nixos-rebuild switch --flake . $FLAGS 2>&1 | tee "$LOG" + sudo nixos-rebuild switch --flake . $FLAGS $EXTRA_FLAGS 2>&1 | tee "$LOG" #nixos-rebuild build --flake .# --cores 8 -j 1 } @@ -41,19 +43,22 @@ deploy_hive () { git add . --verbose # Deploy to all Colmena hives - colmena build --experimental-flake-eval - colmena apply --experimental-flake-eval + colmena build --experimental-flake-eval $EXTRA_FLAGS + colmena apply --experimental-flake-eval $EXTRA_FLAGS # colmena apply --on hyrule --experimental-flake-eval } # check which flags were given flag_fresh=false flag_bootloader=false +flag_remote=false +flag_trace=false for flag in "$@"; do case "$flag" in -r|--remote) - deploy_hive - exit 0 ;; + flag_remote=true ;; + --show-trace) + flag_trace=true ;; -f|--fresh) flag_fresh=true ;; -b|--bootloader) @@ -67,6 +72,16 @@ for flag in "$@"; do esac done +EXTRA_FLAGS="" +if [ "$flag_trace" = true ]; then + EXTRA_FLAGS="$EXTRA_FLAGS --show-trace" +fi + +if [ "$flag_remote" = true ]; then + deploy_hive + exit 0 +fi + # delete cached items in nixstore if [ "$flag_fresh" = true ]; then collect_garbage diff --git a/flake.lock b/flake.lock index 4785725..3cf7a06 100644 --- a/flake.lock +++ b/flake.lock @@ -1,31 +1,16 @@ { "nodes": { - "ags": { - "inputs": { - "nixpkgs": "nixpkgs", - "systems": "systems" - }, - "locked": { - "lastModified": 1728326430, - "narHash": "sha256-tV1ABHuA1HItMdCTuNdA8fMB+qw7LpjvI945VwMSABI=", - "owner": "Aylur", - "repo": "ags", - "rev": "60180a184cfb32b61a1d871c058b31a3b9b0743d", - "type": "github" - }, - "original": { - "owner": "Aylur", - "repo": "ags", - "type": "github" - } - }, "colmena": { "inputs": { "flake-compat": "flake-compat", "flake-utils": "flake-utils", "nix-github-actions": "nix-github-actions", - "nixpkgs": "nixpkgs_2", - "stable": "stable" + "nixpkgs": [ + "nixpkgs-unstable" + ], + "stable": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1734374287, @@ -42,6 +27,32 @@ "type": "github" } }, + "dobutterfliescry-net": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-unstable": [ + "nixpkgs-unstable" + ], + "systems": [ + "systems" + ] + }, + "locked": { + "lastModified": 1770121583, + "narHash": "sha256-BI9UgaWtIHqyV8L4Vfh5Vrakax65QOG6m0a28L05YzM=", + "ref": "refs/heads/main", + "rev": "d511138e76f03990da593d1d0129f58c1ec3f570", + "revCount": 100, + "type": "git", + "url": "https://forge.dobutterfliescry.net/cry/site" + }, + "original": { + "type": "git", + "url": "https://forge.dobutterfliescry.net/cry/site" + } + }, "flake-compat": { "flake": false, "locked": { @@ -59,30 +70,32 @@ } }, "flake-utils": { + "inputs": { + "systems": "systems" + }, "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" + "id": "flake-utils", + "type": "indirect" } }, "grub2-themes": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1730004881, - "narHash": "sha256-8xVIqIW25o2uCL0fxAmP4Sj9sdebarQXmd1+64yMe8o=", + "lastModified": 1757136219, + "narHash": "sha256-tKU+vq34KHu/A2wD7WdgP5A4/RCmSD8hB0TyQAUlixA=", "owner": "vinceliuice", "repo": "grub2-themes", - "rev": "42c232dfb46bf93c17506cbc1a574e5e89b5e09f", + "rev": "80dd04ddf3ba7b284a7b1a5df2b1e95ee2aad606", "type": "github" }, "original": { @@ -114,27 +127,27 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725634671, - "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", + "lastModified": 1761269590, + "narHash": "sha256-yTr+PCi4wGbOEidrm8XyXBobLxLMqIBsbUyhwsN6wrc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", + "rev": "d792a6e0cd4ba35c90ea787b717d72410f56dc40", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "master", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1753939845, - "narHash": "sha256-K2ViRJfdVGE8tpJejs8Qpvvejks1+A4GQej/lBk5y7I=", + "lastModified": 1761114652, + "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "94def634a20494ee057c76998843c015909d6311", + "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c", "type": "github" }, "original": { @@ -146,43 +159,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1734119587, - "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1730808093, - "narHash": "sha256-oOenwoxpzQsBNi7KltgnXqq6e0+CxlfNXKn3k27w6cQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "c1a390f74b2c93f69a6805142f11a215a689cec1", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "master", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1752620740, - "narHash": "sha256-f3pO+9lg66mV7IMmmIqG4PL3223TYMlnlw+pnpelbss=", + "lastModified": 1761016216, + "narHash": "sha256-G/iC4t/9j/52i/nm+0/4ybBmAF4hzR8CNHC75qEhjHo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "32a4e87942101f1c9f9865e04dc3ddb175f5f32e", + "rev": "481cf557888e05d3128a76f14c76397b7d7cc869", "type": "github" }, "original": { @@ -194,41 +175,41 @@ }, "root": { "inputs": { - "ags": "ags", "colmena": "colmena", + "dobutterfliescry-net": "dobutterfliescry-net", "grub2-themes": "grub2-themes", - "nixpkgs": "nixpkgs_4", - "nixpkgs-unstable": "nixpkgs-unstable" - } - }, - "stable": { - "locked": { - "lastModified": 1730883749, - "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" + "nixpkgs": "nixpkgs_2", + "nixpkgs-unstable": "nixpkgs-unstable", + "systems": "systems_2" } }, "systems": { "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "type": "github" }, "original": { "owner": "nix-systems", - "repo": "default-linux", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", "type": "github" } } diff --git a/flake.nix b/flake.nix index 382bca6..b6d5a67 100644 --- a/flake.nix +++ b/flake.nix @@ -2,19 +2,30 @@ description = "Emile's Nix Dotfiles"; inputs = { + systems.url = "github:nix-systems/default"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; - #home-manager = { - # url = "github:nix-community/home-manager"; - # inputs.nixpkgs.follows = "nixpkgs"; - #}; + colmena = { + url = "github:zhaofengli/colmena/?rev=47b6414d800c8471e98ca072bc0835345741a56a"; + inputs = { + nixpkgs.follows = "nixpkgs-unstable"; + stable.follows = "nixpkgs"; + flake-utils.inputs.systems.follows = "systems"; + }; + }; grub2-themes.url = "github:vinceliuice/grub2-themes"; - ags.url = "github:Aylur/ags"; - - colmena.url = "github:zhaofengli/colmena/?rev=47b6414d800c8471e98ca072bc0835345741a56a"; + dobutterfliescry-net = { + url = "git+https://forge.dobutterfliescry.net/cry/site"; + inputs = { + nixpkgs.follows = "nixpkgs"; + nixpkgs-unstable.follows = "nixpkgs-unstable"; + systems.follows = "systems"; + }; + }; }; outputs = { @@ -37,12 +48,15 @@ pkgs-unstable = import nixpkgs-unstable { inherit system; config = { - allowUnfree = true; # TODO: bandaid solution... (for minecraft-server) + # allowUnfree = true; # TODO: bandaid solution... (for minecraft-server) + allowUnfree = false; }; }; # TODO: come back to this its really cool # this is just something I'm experimenting with - # PROJECT_ROOT = builtins.toString ./.; + # ROOT = ./.; + + specialArgs = {inherit inputs pkgs-unstable;}; in { devShells."x86_64-linux".default = pkgs.mkShell { shell = "${pkgs.bash}/bin/bash"; @@ -57,7 +71,7 @@ # i be on my puter fr myputer = nixpkgs.lib.nixosSystem { # nix passes these to every single module - specialArgs = {inherit inputs pkgs-unstable;}; + inherit specialArgs; modules = [ ./hosts/myputer @@ -67,7 +81,7 @@ # my laptop 0w0 lolcathost = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs-unstable;}; + inherit specialArgs; modules = [ ./hosts/lolcathost @@ -80,7 +94,7 @@ colmenaHive = colmena.lib.makeHive { meta = { nixpkgs = pkgs; - specialArgs = {inherit pkgs-unstable;}; + inherit specialArgs; # set nixpkgs per server nodeNixpkgs = { diff --git a/homes/me/default.nix b/homes/me/default.nix index fac7454..2c4e918 100755 --- a/homes/me/default.nix +++ b/homes/me/default.nix @@ -6,26 +6,32 @@ pkgs, pkgs-unstable, ... -}: { +} @ args: { imports = [ + ../modules/fish.nix + ../modules/btop.nix + ../modules/tmux.nix + ../modules/term/foot.nix ../modules/git.nix ../modules/bat.nix - ../modules/fish.nix - ../modules/editor/helix.nix - # ../modules/editor/vscodium.nix - ../modules/btop.nix - ../modules/term/ghostty.nix - ../modules/term/foot.nix - # ../modules/term/rio.nix + ../modules/editor/helix.nix + (import ../modules/editor/vscode.nix args) + ../modules/firefox.nix + ../modules/apps/thunderbird.nix #../modules/wm/hypr/hypridle.nix ../modules/wm/hypr/hyprlock.nix ../modules/kanshi.nix - ../modules/ags + ../modules/mako.nix ]; + nixpkgs.config.allowUnfreePredicate = pkg: + builtins.elem (lib.GetName pkg) [ + "vscode-extension-ms-dotnettools-csharp" + ]; + home = { username = "me"; homeDirectory = "/home/me"; @@ -35,6 +41,10 @@ man = "batman"; # bat + man }; + sessionVariables = { + NIX_SHELL_PRESERVE_PROMPT = 1; + }; + pointerCursor = { gtk.enable = true; # x11.enable = true # dont enable since im on hyprland @@ -42,6 +52,18 @@ name = "Bibata-Modern-Ice"; size = 16; }; + + packages = with pkgs; [ + # for services.gnome-keyring + pkgs.gcr # provides org.gnome.keyring.SystemPrompter + seahorse # gui + + tor-browser + + fuzzel + + speedtest-cli + ]; }; gtk = { @@ -108,6 +130,12 @@ TERM = "linux"; }; }; + clocktown = { + hostname = "clocktown.dobutterfliescry.net"; + user = "root"; + port = 22; + identityFile = "~/.ssh/id_clocktown"; + }; subspace = { hostname = "imbored.dev"; user = "subspace"; @@ -136,8 +164,12 @@ }; }; - # enable OpenSSH private key agent - services.ssh-agent.enable = true; + services = { + # enable OpenSSH private key agent + ssh-agent.enable = true; + + gnome-keyring.enable = true; + }; # the ssh-agent won't set this for itself... systemd.user.sessionVariables.SSH_AUTH_SOCK = "$XDG_RUNTIME_DIR/ssh-agent"; # Nicely reload system units when changing configs diff --git a/homes/modules/apps/thunderbird.nix b/homes/modules/apps/thunderbird.nix new file mode 100644 index 0000000..dd4f861 --- /dev/null +++ b/homes/modules/apps/thunderbird.nix @@ -0,0 +1,10 @@ +{...}: { + programs.thunderbird = { + enable = true; + profiles = { + "me" = { + isDefault = true; + }; + }; + }; +} diff --git a/homes/modules/editor/helix.nix b/homes/modules/editor/helix.nix index e7d6003..1014cca 100755 --- a/homes/modules/editor/helix.nix +++ b/homes/modules/editor/helix.nix @@ -1,5 +1,64 @@ -{pkgs, ...}: { - # read https://docs.helix-editor.com/editor.html +{ + pkgs, + pkgs-unstable, + ... +}: let + lsps = { + bash-language-server = { + pkg = pkgs.bash-language-server; + cmd = "bash-language-server"; + }; + + clangd = { + pkg = pkgs.clang-tools; + cmd = "clangd"; + }; + + glsl_analyzer = { + pkg = pkgs.glsl_analyzer; + cmd = "glsl_analyzer"; + }; + + haskell-language-server = { + pkg = pkgs.haskell-language-server; + cmd = "haskell-language-server-wrapper"; + }; + + # TODO: once upgraded past Nix-24.07 this line won't be necessary (I think) + # helix will support nixd by default + # SOURCE: https://github.com/nix-community/nixd/blob/main/nixd/docs/editor-setup.md#Helix + nixd = { + pkg = pkgs.nixd; + cmd = "nixd"; + }; + + OmniSharp = { + pkg = pkgs.omnisharp-roslyn; + cmd = "OmniSharp"; + }; + + rust-analyzer = { + pkg = pkgs.rust-analyzer; + cmd = "rust-analyzer"; + }; + + ty = { + pkg = pkgs-unstable.ty; + cmd = "ty"; + }; + + typescript-language-server = { + pkg = pkgs.typescript-language-server; + cmd = "typescript-language-server"; + }; + }; +in { + home.packages = + lsps + |> builtins.attrValues + |> map (lsp: lsp.pkg); + + # REF: https://docs.helix-editor.com/editor.html programs.helix = { enable = true; settings = { @@ -128,28 +187,79 @@ }; auto-format = false; # my python is beautiful ^_^ rulers = [80]; + language-servers = ["ty"]; } { name = "c"; file-types = ["c" "h"]; # use .hpp for C++ - auto-format = false; + auto-format = true; formatter.command = "${pkgs.clang-tools}/bin/clang-format"; language-servers = ["clangd"]; } + { + name = "haskell"; + auto-format = true; + formatter.command = "${pkgs.ormolu}/bin/ormolu"; + language-servers = ["haskell-language-server"]; + } + { + name = "rust"; + indent = { + tab-width = 2; + unit = " "; + }; + auto-format = true; + formatter.command = "${pkgs.rustfmt}/bin/rustfmt"; + language-servers = ["rust-analyzer"]; + } + { + name = "c-sharp"; + file-types = ["cs"]; + indent = { + tab-width = 4; + unit = " "; + }; + block-comment-tokens = { + start = "/*"; + end = "*/"; + }; + # auto-format = true; + # formatter.command = "${pkgs.omnisharp-roslyn}/bin/OmniSharp"; + # language-servers = ["OmniSharp"]; + } + { + name = "javascript"; + file-types = ["js"]; + indent = { + tab-width = 2; + unit = " "; + }; + block-comment-tokens = { + start = "/*"; + end = "*/"; + }; + auto-format = true; + language-servers = ["typescript-language-server"]; + } + { + name = "glsl"; + file-types = ["glsl"]; + indent = { + tab-width = 2; + unit = " "; + }; + block-comment-tokens = { + start = "/*"; + end = "*/"; + }; + auto-format = false; + language-servers = ["glsl_analyzer"]; + } ]; - language-server = { - # use nixd as default nix lsp (I haven't tried nil yet) - # NOTE: nixd will be supported by default after nix 24.07 - # SOURCE: https://github.com/nix-community/nixd/blob/main/nixd/docs/editor-setup.md#Helix - nixd = { - command = "${pkgs.nixd}/bin/nixd"; - }; - # clangd for C - clangd = { - command = "${pkgs.clang-tools}/bin/clangd"; - }; - }; + language-server = + lsps + |> builtins.mapAttrs (_: lsp: {command = "${lsp.pkg}/bin/${lsp.cmd}";}); }; }; } diff --git a/homes/modules/editor/vscode.nix b/homes/modules/editor/vscode.nix new file mode 100644 index 0000000..f824b1c --- /dev/null +++ b/homes/modules/editor/vscode.nix @@ -0,0 +1,134 @@ +{ + config, + lib, + pkgs, + vscodium ? false, + secret-service ? "gnome-libsecret", + vscode-argv ? ".vscode/argv.json", + ... +}: { + nixpkgs.overlays = [ + ( + self: super: { + vscode-extensions = super.vscode-extensions.overrideAttrs (prev: let + mkVscMarketplaceExtension = { + publisher, + name, + version, + hash, + description ? "", + homepage ? null, + changelog ? null, + license ? null, + maintainers ? [lib.maintainers.emileclarkb], + }: + with pkgs.vscode-utils.buildVscodeMarketplaceExtension; { + ${publisher}.${name} = buildVscodeMarketplaceExtension { + mktplcRef = { + inherit + publisher + name + version + hash + ; + }; + + meta = { + inherit + ( + if license != null + then {license = license;} + else {} + ) + description + homepage + maintainers + ; + downloadPage = "https://marketplace.visualstudio.com/items?itemName=${publisher}.${name}"; + changelog = + if changelog != null + then changelog + else "https://marketplace.visualstudio.com/items/${publisher}.${name}/changelog"; + }; + }; + }; + in + lib.mergeAttrsList [ + (mkVscMarketplaceExtension { + publisher = "ms-dotnettools"; + name = "dotnet-maui"; + version = "1.11.14"; + hash = lib.fakeHash; + + description = "Extend C# Dev Kit with tools for building .NET Multi-platform App UI (MAUI) apps"; + homepage = "https://github.com/microsoft/vscode-dotnettools"; + license = lib.licenses.unfree; + }) + ]); + } + ) + ]; + + # REF: https://home-manager-options.extranix.com/?query=vscode&release=release-25.05 + programs.vscode = { + enable = true; + # TODO: clean up + package = + ( + if vscodium + then pkgs.vscodium + else pkgs.vscode + ).overrideAttrs (oldAttrs: { + # runtimeDependencies = oldAttrs.runtimeDependencies ++ [] + }); + + mutableExtensionsDir = true; + + profiles.default = { + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; + # extension format: USER.PACKAGENAME + extensions = with pkgs.vscode-extensions; [ + # .NET + ms-dotnettools.csharp + ms-dotnettools.csdevkit + ms-dotnettools.vscode-dotnet-runtime + # TODO: these extensions aren't packaged :( + # deitry.solution-syntax + # ms-dotnettools.vscode-dotnet-pack + # ms-dotnettools.dotnet-maui + + # Python + ms-python.python + + # GitLens by GitKraken + eamodio.gitlens + ms-azuretools.vscode-docker + + github.copilot + github.copilot-chat + + # Colors & Themes + dracula-theme.theme-dracula + catppuccin.catppuccin-vsc + catppuccin.catppuccin-vsc-icons + mvllow.rose-pine + ]; + + userSettings = { + "workbench.colorTheme" = "Dracula Theme"; + "github.copilot.nextEditSuggestions.enabled" = true; + }; + }; + }; + + # TODO: this is super ugly, make sure the JSON is formatted!! + home.file.${vscode-argv}.text = builtins.toJSON { + password-store = secret-service; + + disable-hardware-acceleration = false; + disable-color-correct-rendering = false; + enable-crash-reporter = false; + # crash-report-id = ...; + }; +} diff --git a/homes/modules/editor/vscodium.nix b/homes/modules/editor/vscodium.nix index c5daf64..ecde271 100644 --- a/homes/modules/editor/vscodium.nix +++ b/homes/modules/editor/vscodium.nix @@ -1,9 +1,37 @@ -{pkgs, ...}: { +{ + lib, + pkgs, + ... +}: { + # REF: https://home-manager-options.extranix.com/?query=vscode&release=release-25.05 programs.vscode = { enable = true; package = pkgs.vscodium; - extensions = with pkgs.vscode-extensions; [ - ]; + mutableExtensionsDir = true; + + profiles.default = { + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; + # extension format: USER.PACKAGENAME + extensions = with pkgs.vscode-extensions; [ + # .NET + ms-dotnettools.csharp + ms-dotnettools.csdevkit + ms-dotnettools.vscode-dotnet-runtime + # ms-dotnettools.vscode-dotnet-pack + # ms-dotnettools.dotnet-maui + + # Colors & Themes + dracula-theme.theme-dracula + catppuccin.catppuccin-vsc + catppuccin.catppuccin-vsc-icons + mvllow.rose-pine + ]; + + userSettings = { + "workbench.colorTheme" = "Dracula Theme"; + }; + }; }; } diff --git a/homes/modules/fish.nix b/homes/modules/fish.nix index 51a40f4..801fa0f 100755 --- a/homes/modules/fish.nix +++ b/homes/modules/fish.nix @@ -12,6 +12,14 @@ config = { programs.fish = { enable = true; + generateCompletions = true; + + # vendor = { + # config.enable = true; + # functions.enable = true; + # completions.enable = true; + # }; + interactiveShellInit = '' # add dotnet completions if it exists (ie we're in a virtual environment) if type -q dotnet @@ -27,6 +35,15 @@ echo -n $greetings[(random 1 (count $greetings))] end + function gitignore -a type + curl -sL "https://www.gitignore.io/api/$type" + end + + # ripgrep on files + function rgf + rg --files | rg $args + end + set -g fish_greeting (rand_greet) diff --git a/homes/modules/git.nix b/homes/modules/git.nix index 3e0cfb0..6751849 100755 --- a/homes/modules/git.nix +++ b/homes/modules/git.nix @@ -5,6 +5,19 @@ }: { programs.git = { enable = true; + lfs.enable = true; + + userName = "Emile Clark-Boman"; + userEmail = "eclarkboman@gmail.com"; + + aliases = { + s = "status"; + d = "diff"; + l = "log"; + c = "commit"; + p = "push"; + }; + extraConfig = { color.ui = true; core.editor = "hx"; @@ -14,16 +27,44 @@ defaultBranch = "main"; }; url = { - "https://github.com/" = { + "git@github.com:" = { insteadOf = [ "gh:" "github:" ]; }; + "https://gitlab.com/" = { + insteadOf = [ + "gl:" + "gitlab:" + ]; + }; + "git@github.com:/Agribit/" = { + insteadOf = [ + "agri:" + "Agri:" + "agribit:" + "Agribit:" + ]; + }; + "ssh://forgejo@forge.imbored.dev:2222/" = { + insteadOf = [ + "forge" + ]; + }; + "ssh://forgejo@forge.imbored.dev:2222/emileclarkb/" = { + insteadOf = [ + "cry" + ]; + }; }; }; - userName = "Emile Clark-Boman"; - userEmail = "eclarkboman@gmail.com"; + includes = [ + { + path = "/home/me/agribit/.gitconfig"; + condition = "gitdir:/home/me/agribit/**"; + } + ]; }; } diff --git a/homes/modules/mako.nix b/homes/modules/mako.nix new file mode 100644 index 0000000..762cd96 --- /dev/null +++ b/homes/modules/mako.nix @@ -0,0 +1,54 @@ +{...}: let + dracula = rec { + background = "#282A36"; + border = cyan; + + cyan = "#8BE9FD"; + yellow = "#F1FA8C"; + red = "#FF5555"; + }; + + theme = dracula; +in { + # notification daemon for Wayland + services.mako = { + enable = true; + settings = { + actions = true; + anchor = "top-right"; + layer = "overlay"; + sort = "-time"; + + height = 100; + width = 300; + margin = 50; + background-color = theme.background; + border-color = theme.border; + border-radius = 20; + border-size = 4; + font = "monospace 10"; + + markup = true; + icons = true; + max-icon-size = 64; + + default-timeout = 5000; + ignore-timeout = false; + + "actionable=true" = { + anchor = "top-left"; + }; + + "urgency=low" = { + border-color = theme.border; + }; + "urgency=normal" = { + border-color = theme.yellow; + }; + "urgency=high" = { + default-timeout = 0; + border-color = theme.red; + }; + }; + }; +} diff --git a/homes/modules/tmux.nix b/homes/modules/tmux.nix new file mode 100644 index 0000000..e5946c0 --- /dev/null +++ b/homes/modules/tmux.nix @@ -0,0 +1,5 @@ +{...}: { + programs.tmux = { + enable = true; + }; +} diff --git a/homes/modules/wm/hypr/hyprland.nix b/homes/modules/wm/hypr/hyprland.nix index 40a1d99..b9ca1f7 100755 --- a/homes/modules/wm/hypr/hyprland.nix +++ b/homes/modules/wm/hypr/hyprland.nix @@ -1,2 +1,43 @@ # NOTE: hyprland must be enabled in BOTH your host config (for running hyprland) # and your home-manager config (for managing hyprland's config files) +{ + pkgs, + pkgs-unstable, + inputs, + config, + lib, + ... +}: { + options.hyprland = { + enable = lib.mkEnableOption "Hyprland"; + }; + + config = lib.mkIf config.hyprland.enable { + wayland.windowManager.hyprland = { + enable = true; + package = pkgs.hyprland; # pkgs-unstable.hyprland; + + xwayland.enable = true; + + systemd = { + enable = true; + # enable autostart of applications + # REF: `man 8 systemd-xdg-autostart-generator` + enableXdgAutostart = true; + }; + + plugins = with inputs; [ + split-monitor-workspaces.packages.${pkgs.system}.split + ]; + }; + + xdg.portal = { + enable = true; + extraPortals = with pkgs; [ + xdg-desktop-portal-gtk + ]; + }; + + # TODO: finish this + }; +} diff --git a/hosts/hyrule/default.nix b/hosts/hyrule/default.nix index 6ac57a5..837fc4d 100755 --- a/hosts/hyrule/default.nix +++ b/hosts/hyrule/default.nix @@ -1,24 +1,24 @@ { pkgs, pkgs-unstable, - inputs, - lib, ... }: let home-manager = builtins.fetchTarball { url = "https://github.com/nix-community/home-manager/archive/release-25.05.tar.gz"; - sha256 = "026rvynmzmpigax9f8gy9z67lsl6dhzv2p6s8wz4w06v3gjvspm1"; + sha256 = "07pk5m6mxi666dclaxdwf7xrinifv01vvgxn49bjr8rsbh31syaq"; }; in { imports = [ ./hardware-configuration.nix (import "${home-manager}/nixos") - ./mailserver.nix # TEMP: location - ./minecraft-server.nix # TEMP: location - #../modules/server/nginx.nix - #../modules/server/ssh.nix - #../modules/server/fail2ban.nix + ./services/forgejo.nix + ./services/vaultwarden.nix + ./services/nginx.nix + # ./mailserver.nix # TEMP: location + # ./minecraft-server.nix # TEMP: location + + ../modules/bashistrans.nix ]; nix.settings = { @@ -32,15 +32,6 @@ in { ]; }; - # nixpkgs.config.allowUnfreePredicate = let - # whitelist = map lib.getName [ - # "minecraft-server" - # pkgs.minecraft-server - # pkgs-unstable.minecraft-server - # ]; - # in - # pkg: builtins.elem (lib.getName pkg) whitelist; - time.timeZone = "Australia/Brisbane"; i18n.defaultLocale = "en_US.UTF-8"; @@ -86,6 +77,32 @@ in { # 8222 (INTERNAL) vaultwarden 45000 # minecaft server ]; + allowedUDPPorts = [ + 54231 # Wireguard + ]; + }; + + wg-quick.interfaces = { + wg0 = { + address = [ + "10.10.10.4/24" + ]; + dns = ["10.10.10.1"]; + privateKeyFile = "/root/wg_agrivpn_hyrule"; + peers = [ + { + # peer's public key + publicKey = "iZ4aqYjbT8O8tfUHEuV+yWLtdoQbdBb6Nt0M4usMSiY="; + + # choose which traffic to forward + allowedIPs = [ + "10.0.51.0/24" + "10.10.10.0/24" + ]; + endpoint = "150.242.34.33:54231"; + } + ]; + }; }; }; @@ -99,7 +116,7 @@ in { extraGroups = ["wheel"]; shell = pkgs.bash; openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsUZY45rgezi+8iROdcR5vPeacJ2fbMjlDijfUrH9hRX2FzCsg/4e3aFKhi2seZMmyTfbstxmDrrH8paUS5TibFgLFBGNngaF3CTjg85i5pm25Hr4IVo31oziBnTWaG6j3buYKtz5e1qSPzXywinJR+5+FCUJU7Fxa+EWTZcOX4wYgArSj4q73rZmvk5N0X44Mudt4nvpD2chvxygsdTzD6ph92qCuaJ/AbfmOoC7b/xvOaOVydUfgDLpHi9VZbd3akvvKxRfW6ZklldgXEzPXKMuastN0mwcBxvIb5G1Vkj8jtSVtKPc5psZ9/NWA5l38xH4qZ6z7eib6thtEMdtcKmTZEEWDADjqTea5Gj61c1n18cr6f3Tff+0bn/cxsl4Y0esi+aDeuCXYiIYNmeKBx0ttDNIxpk4J5Fdh6Xs+AZif5lnJErtu8TPy2aC0bc9wehTjMyvilTHfyerOD1ZJXhN2XwRVDGN7t7leAJZISJlPjqTDcw3Vfvzte/5JqS+FR+hbpG4uz2ix8kUa20u5YF2oSdGl8+zsdozVsdQm10Iv9WSXBV7t4m+oyodgtfzydBpmXq7aBXudCiEKw+7TC7F+1a4YFrVrCNXKFgKUpd1MiVLl7DIbzm5U9MD2BB3Fy7BPCzr3tW6/ExOhhpBWY+HnzVGQfkNr7dRcqfipKw== ae@imbored.dev" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsUZY45rgezi+8iROdcR5vPeacJ2fbMjlDijfUrH9hRX2FzCsg/4e3aFKhi2seZMmyTfbstxmDrrH8paUS5TibFgLFBGNngaF3CTjg85i5pm25Hr4IVo31oziBnTWaG6j3buYKtz5e1qSPzXywinJR+5+FCUJU7Fxa+EWTZcOX4wYgArSj4q73rZmvk5N0X44Mudt4nvpD2chvxygsdTzD6ph92qCuaJ/AbfmOoC7b/xvOaOVydUfgDLpHi9VZbd3akvvKxRfW6ZklldgXEzPXKMuastN0mwcBxvIb5G1Vkj8jtSVtKPc5psZ9/NWA5l38xH4qZ6z7eib6thtEMdtcKmTZEEWDADjqTea5Gj61c1n18cr6f3Tff+0bn/cxsl4Y0esi+aDeuCXYiIYNmeKBx0ttDNIxpk4J5Fdh6Xs+AZif5lnJErtu8TPy2aC0bc9wehTjMyvilTHfyerOD1ZJXhN2XwRVDGN7t7leAJZISJlPjqTDcw3Vfvzte/5JqS+FR+hbpG4uz2ix8kUa20u5YF2oSdGl8+zsdozVsdQm10Iv9WSXBV7t4m+oyodgtfzydBpmXq7aBXudCiEKw+7TC7F+1a4YFrVrCNXKFgKUpd1MiVLl7DIbzm5U9MD2BB3Fy7BPCzr3tW6/ExOhhpBWY+HnzVGQfkNr7dRcqfipKw== ae@dobutterfliescry.net" ]; }; @@ -125,70 +142,6 @@ in { }; services = { - # simple nginx instance to host static construction page - # TODO: I want sshd and forgejo's ssh server to both be bound to port 22 - # So change sshd to listen on a different address/port (ie 2222 or 127.0.0.3:22, etc) - # and change forgejo to use 127.0.0.2:22 (use port 22, ONLY change loopback address) - nginx = { - enable = true; - # in wake of CVE-2022-3602/CVE-2022-3786 - package = pkgs.nginxStable.override {openssl = pkgs.libressl;}; - - recommendedGzipSettings = true; - recommendedZstdSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - # streamConfig = '' - # server { - # listen 127.0.0.1:53 udp reuseport; - # proxy_timeout 20s; - # proxy_pass 192.168.0.1:53535; - # } - # ''; - - virtualHosts = let - localhost = "http://127.0.0.1"; - std = { - # TODO: should I run over QUIC+HTTP3? (experimental) - # quic = true; - # http3 = true; - enableACME = true; - # kTLS = true; # offload TLS to the linux kernel - }; - in { - "imbored.dev" = - { - default = true; - addSSL = true; # not strictly enforced <3 - root = "/var/www/imbored"; - # extraConfig = '' - # error_page 404 /custom_404.html; - # ''; - } - // std; - # Route "vault" subdomain to vaultwarden - "vault.imbored.dev" = - { - forceSSL = true; - locations."/".proxyPass = "${localhost}:8222"; - } - // std; - # Route "forge" subdomain to forgejo - # TODO: use `forgejo.settings.server.ENABLE_ACME` instead? - "forge.imbored.dev" = - { - forceSSL = true; - extraConfig = '' - client_max_body_size 512M; - ''; - locations."/".proxyPass = "${localhost}:3000"; - } - // std; - }; - }; - openssh = { enable = true; ports = [22]; @@ -200,235 +153,8 @@ in { X11Forwarding = false; }; }; - - vaultwarden = { - enable = true; - dbBackend = "sqlite"; - - # backupDir = "/var/backup/vaultwarden"; # disable with null - - # https://mynixos.com/nixpkgs/option/services.vaultwarden.config - config = { - # internal address and port to listen on - ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = 8222; - - # hostname to listen for - DOMAIN = "https://vault.imbored.dev"; - - # signup policy - SIGNUPS_ALLOWED = false; - SIGNUPS_VERIFY = true; - INVITATIONS_ALLOWED = true; - }; - # https://mynixos.com/nixpkgs/option/services.vaultwarden.environmentFile - environmentFile = "/var/lib/vaultwarden/vaultwarden.env"; - }; - - # stalwart-mail = let - # domain = "imbored.dev"; - # in { - # enable = false; # true; - # # openFirewall = true; # im doing this manually rn - # settings = { - # certificate."${domain}" = { - # cert = "file://${certs.${domain}.cert}"; - # private-key = "file://${certs.${domain}.key}"; - # }; - # server = { - # hostname = domain; - # tls = { - # certificate = "${domain}"; - # enable = true; - # implicit = false; - # }; - # listener = { - # "smtp-submission" = { - # bind = ["127.0.0.1:587"]; - # protocol = "smtp"; - # }; - # "imap" = { - # bind = ["127.0.0.1:143"]; - # protocol = "imap"; - # }; - # }; - # }; - # session = { - # rcpt.directory = "in-memory"; - # auth = { - # mechanisms = ["PLAIN"]; - # directory = "in-memory"; - # }; - # }; - # jmap.directory = "in-memory"; - # queue.outbound.next-hop = ["local"]; - # directory."in-memory" = { - # type = "memory"; - # users = [ - # { - # name = "me"; - # secret = "foobar"; - # email = ["me@${domain}"]; - # } - # { - # name = "Emile"; - # secret = "foobar"; - # email = ["emile@${domain}"]; - # } - # ]; - # }; - # }; - # }; - - # more options here: https://mynixos.com/nixpkgs/options/services.forgejo - # TODO: set a favicon https://forgejo.org/docs/next/contributor/customization/#changing-the-logo - # (might need me to override settings in the nixpkg) - # TODO: create a custom theme for forgejo (modify the source files most likely) - forgejo = { - enable = true; - # enable support for Git Large File Storage - lfs.enable = true; - database = { - type = "sqlite3"; # postgres - host = "127.0.0.1"; - port = "3306"; # 5432 if postgres - }; - # settings are written directly to the `app.ini` config file - # refer to: https://forgejo.org/docs/latest/admin/config-cheat-sheet/ - settings = { - server = { - # ENABLE_ACME = true; - # ACME_EMAIL = "eclarkboman@gmail.com"; # change this to "me@imbored.dev" - DOMAIN = "forge.imbored.dev"; # should this be "imbored.dev"? - ROOT_URL = "https://forge.imbored.dev"; # full public URL of the Forgejo server - # address and port to listen on - HTTP_ADDR = "127.0.0.1"; - HTTP_PORT = 3000; - PROTOCOL = "http"; # http internally, reverse proxy uses https externally - - START_SSH_SERVER = true; - DISABLE_SSH = false; - SSH_PORT = 2222; - }; - - DEFAULT = { - APP_NAME = "tearforge"; - APP_SLOGIN = "but cozy"; - APP_DISPLAY_NAME_FORMAT = "{APP_NAME} ::{APP_SLOGAN}::"; - }; - - repository = { - DEFAULT_PRIVATE = "private"; # last, private, public - # repo/org created on push to non-existent - ENABLE_PUSH_CREATE_USER = true; - ENABLE_PUSH_CREATE_ORG = false; - DEFAULT_PUSH_CREATE_PRIVATE = true; - MAX_CREATION_LIMIT = -1; - }; - - "repository.upload" = { - # max per-file size in MB - FILE_MAX_SIZE = 50; - # max number of files per upload - MAX_FILES = 5; - }; - - badges = let - # flat, flat-square, plastic, for-the-badge, social - style = "for-the-badge"; - in { - ENABLED = true; - GENERATOR_URL_TEMPLATE = "https://img.shields.io/badge/{{.label}}-{{.text}}-{{.color}}?style=${style}"; - }; - - ui = { - DEFAULT_THEME = "forgejo-dark"; - THEMES = "forgejo-auto,forgejo-light,forgejo-dark"; - }; - "ui.meta" = { - AUTHOR = "Emile Clark-Boman - emileclarkb"; - DESCRIPTION = "This is my personal self-hosted git forge, where I keep and maintain personal projects! PS do butterflies cry when they're sad?"; - KEYWORDS = "emile,clark,boman,clarkboman,emileclarkb,git,forge,forgejo,self-hosted,dobutterfliescry,butterfly,butterflies"; - }; - - markdown = { - ENABLE_HARD_LINE_BREAK_IN_COMMENTS = true; - ENABLE_MATH = true; - }; - - admin = { - DEFAULT_EMAIL_NOTIFICATIONS = "enabled"; - SEND_NOTIFICATION_EMAIL_ON_NEW_USER = true; - }; - - security = { - # Controls access to the installation page. - # When set to “true”, the installation page is not accessible. - #INSTALL_LOCK = false; - - PASSWORD_HASH_ALGO = "argon2"; # ARGON2 BEST ALGO FR!! (default: argon2$2$65536$8$50) - MIN_PASSWORD_LENGTH = 12; - PASSWORD_COMPLEXITY = "lower,upper,digit,spec"; - PASSWORD_CHECK_PWN = true; - }; - - service = { - DISABLE_REGISTRATION = true; # toggle for new users - #DEFAULT_USER_IS_RESTRICTED = true; - # Forbid login with third-party services (ie github) - ALLOW_ONLY_INTERNAL_REGISTRATION = true; - ENABLE_CAPTCHA = true; - REQUIRE_CAPTCHA_FOR_LOGIN = true; - REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA = true; - LOGIN_REMEMBER_DAYS = 365; - ENABLE_NOTIFY_MAIL = true; - }; - "service.explore" = { - REQUIRE_SIGNIN_VIEW = false; - DISABLE_USERS_PAGE = false; - DISABLE_ORGANIZATIONS_PAGE = false; - DISABLE_CODE_PAGE = false; - }; - - cache = { - ADAPTER = "twoqueue"; - HOST = "{\"size\":100, \"recent_ratio\":0.25, \"ghost_ratio\":0.5}"; - ITEM_TTL = "16h"; - }; - - # TODO: fill this in once my mail server is configured - # email.incoming = { ... }; - - # optional - # TODO: fill this in once my mail server is configured - mailer = { - ENABLED = false; - SMTP_ADDR = "mail.imbored.dev"; - FROM = "noreply@imbored.dev"; - USER = "noreply@imbored.dev"; - }; - - log = { - MODE = "file"; - LEVEL = "Info"; # "Trace", "Debug", "Info", "Warn", "Error", "Critical" - ENABLE_SSH_LOG = true; - }; - - cron = { - ENABLED = true; - RUN_AT_START = false; - }; - - other = { - SHOW_FOOTER_VERSION = true; - SHOW_FOOTER_TEMPLATE_LOAD_TIME = true; - SHOW_FOOTER_POWERED_BY = true; - ENABLE_SITEMAP = true; - ENABLE_FEED = true; - }; - }; - }; }; + security = { # accept Lets Encrypt's security policy (for nginx) acme = { @@ -450,26 +176,11 @@ in { }; environment.systemPackages = with pkgs; [ + eza git vim helix ]; - programs = { - fish.enable = true; - - bash = { - completion.enable = true; - - interactiveShellInit = '' - if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]] - then - shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION="" - exec ${pkgs.fish}/bin/fish $LOGIN_OPTION - fi - ''; - }; - }; - system.stateVersion = "24.11"; # DO NOT MODIFY } diff --git a/hosts/hyrule/services/forgejo.nix b/hosts/hyrule/services/forgejo.nix new file mode 100644 index 0000000..f228116 --- /dev/null +++ b/hosts/hyrule/services/forgejo.nix @@ -0,0 +1,150 @@ +{...}: { + # more options here: https://mynixos.com/nixpkgs/options/services.forgejo + # TODO: set a favicon https://forgejo.org/docs/next/contributor/customization/#changing-the-logo + # (might need me to override settings in the nixpkg) + # TODO: create a custom theme for forgejo (modify the source files most likely) + services.forgejo = { + enable = true; + # enable support for Git Large File Storage + lfs.enable = true; + database = { + type = "sqlite3"; # postgres + host = "127.0.0.1"; + port = "3306"; # 5432 if postgres + }; + # settings are written directly to the `app.ini` config file + # refer to: https://forgejo.org/docs/latest/admin/config-cheat-sheet/ + settings = { + server = { + # ENABLE_ACME = true; + # ACME_EMAIL = "eclarkboman@gmail.com"; # change this to "me@imbored.dev" + DOMAIN = "forge.imbored.dev"; # should this be "imbored.dev"? + ROOT_URL = "https://forge.imbored.dev"; # full public URL of the Forgejo server + # address and port to listen on + HTTP_ADDR = "127.0.0.1"; + HTTP_PORT = 3000; + PROTOCOL = "http"; # http internally, reverse proxy uses https externally + + START_SSH_SERVER = true; + DISABLE_SSH = false; + SSH_PORT = 2222; + }; + + DEFAULT = { + APP_NAME = "tearforge"; + APP_SLOGIN = "but cozy"; + APP_DISPLAY_NAME_FORMAT = "{APP_NAME} ::{APP_SLOGAN}::"; + }; + + repository = { + DEFAULT_PRIVATE = "private"; # last, private, public + # repo/org created on push to non-existent + ENABLE_PUSH_CREATE_USER = true; + ENABLE_PUSH_CREATE_ORG = false; + DEFAULT_PUSH_CREATE_PRIVATE = true; + MAX_CREATION_LIMIT = -1; + }; + + "repository.upload" = { + # max per-file size in MB + FILE_MAX_SIZE = 50; + # max number of files per upload + MAX_FILES = 5; + }; + + badges = let + # flat, flat-square, plastic, for-the-badge, social + style = "for-the-badge"; + in { + ENABLED = true; + GENERATOR_URL_TEMPLATE = "https://img.shields.io/badge/{{.label}}-{{.text}}-{{.color}}?style=${style}"; + }; + + ui = { + DEFAULT_THEME = "forgejo-dark"; + THEMES = "forgejo-auto,forgejo-light,forgejo-dark"; + }; + "ui.meta" = { + AUTHOR = "Emile Clark-Boman - emileclarkb"; + DESCRIPTION = "This is my personal self-hosted git forge, where I keep and maintain personal projects! PS do butterflies cry when they're sad?"; + KEYWORDS = "emile,clark,boman,clarkboman,emileclarkb,git,forge,forgejo,self-hosted,dobutterfliescry,butterfly,butterflies"; + }; + + markdown = { + ENABLE_HARD_LINE_BREAK_IN_COMMENTS = true; + ENABLE_MATH = true; + }; + + admin = { + DEFAULT_EMAIL_NOTIFICATIONS = "enabled"; + SEND_NOTIFICATION_EMAIL_ON_NEW_USER = true; + }; + + security = { + # Controls access to the installation page. + # When set to “true”, the installation page is not accessible. + #INSTALL_LOCK = false; + + PASSWORD_HASH_ALGO = "argon2"; # ARGON2 BEST ALGO FR!! (default: argon2$2$65536$8$50) + MIN_PASSWORD_LENGTH = 12; + PASSWORD_COMPLEXITY = "lower,upper,digit,spec"; + PASSWORD_CHECK_PWN = true; + }; + + service = { + DISABLE_REGISTRATION = true; # toggle for new users + #DEFAULT_USER_IS_RESTRICTED = true; + # Forbid login with third-party services (ie github) + ALLOW_ONLY_INTERNAL_REGISTRATION = true; + ENABLE_CAPTCHA = true; + REQUIRE_CAPTCHA_FOR_LOGIN = true; + REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA = true; + LOGIN_REMEMBER_DAYS = 365; + ENABLE_NOTIFY_MAIL = true; + }; + "service.explore" = { + REQUIRE_SIGNIN_VIEW = false; + DISABLE_USERS_PAGE = false; + DISABLE_ORGANIZATIONS_PAGE = false; + DISABLE_CODE_PAGE = false; + }; + + cache = { + ADAPTER = "twoqueue"; + HOST = "{\"size\":100, \"recent_ratio\":0.25, \"ghost_ratio\":0.5}"; + ITEM_TTL = "16h"; + }; + + # TODO: fill this in once my mail server is configured + # email.incoming = { ... }; + + # optional + # TODO: fill this in once my mail server is configured + mailer = { + ENABLED = false; + SMTP_ADDR = "mail.dobutterfliescry.net"; + FROM = "iforgor@dobutterfliescry.net"; + USER = "iforgor@dobutterfliescry.net"; + }; + + log = { + MODE = "file"; + LEVEL = "Info"; # "Trace", "Debug", "Info", "Warn", "Error", "Critical" + ENABLE_SSH_LOG = true; + }; + + cron = { + ENABLED = true; + RUN_AT_START = false; + }; + + other = { + SHOW_FOOTER_VERSION = true; + SHOW_FOOTER_TEMPLATE_LOAD_TIME = true; + SHOW_FOOTER_POWERED_BY = true; + ENABLE_SITEMAP = true; + ENABLE_FEED = true; + }; + }; + }; +} diff --git a/hosts/hyrule/mailserver.nix b/hosts/hyrule/services/mailserver.nix similarity index 95% rename from hosts/hyrule/mailserver.nix rename to hosts/hyrule/services/mailserver.nix index 49274f2..cd2adfc 100644 --- a/hosts/hyrule/mailserver.nix +++ b/hosts/hyrule/services/mailserver.nix @@ -28,6 +28,7 @@ aliases = ["emile@imbored.dev"]; hashedPasswordFile = let CWD = builtins.getEnv "PWD"; + # XXX: TODO: use a secrets manager! in "${CWD}/secrets/passwd/me"; }; }; diff --git a/hosts/hyrule/minecraft-server.nix b/hosts/hyrule/services/minecraft-server.nix similarity index 100% rename from hosts/hyrule/minecraft-server.nix rename to hosts/hyrule/services/minecraft-server.nix diff --git a/hosts/hyrule/services/nginx.nix b/hosts/hyrule/services/nginx.nix new file mode 100644 index 0000000..945724e --- /dev/null +++ b/hosts/hyrule/services/nginx.nix @@ -0,0 +1,82 @@ +{ + inputs, + pkgs, + ... +}: { + nixpkgs.overlays = [ + (self: super: { + # in wake of CVE-2022-3602/CVE-2022-3786 + nginxStable = super.nginxStable.override {openssl = pkgs.libressl;}; + }) + inputs.dobutterfliescry-net.overlays.default + ]; + + # simple nginx instance to host static construction page + # TODO: I want sshd and forgejo's ssh server to both be bound to port 22 + # So change sshd to listen on a different address/port (ie 2222 or 127.0.0.3:22, etc) + # and change forgejo to use 127.0.0.2:22 (use port 22, ONLY change loopback address) + services.nginx = { + enable = true; + # XXX: TODO: this should auto use the nginxStable overlay no? + # in wake of CVE-2022-3602/CVE-2022-3786 + # package = pkgs.nginxStable.override {openssl = pkgs.libressl;}; + + recommendedGzipSettings = true; + recommendedZstdSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + # streamConfig = '' + # server { + # listen 127.0.0.1:53 udp reuseport; + # proxy_timeout 20s; + # proxy_pass 192.168.0.1:53535; + # } + # ''; + + virtualHosts = let + localhost = "http://127.0.0.1"; + std = { + # TODO: should I run over QUIC+HTTP3? (experimental) + # quic = true; + # http3 = true; + enableACME = true; + # kTLS = true; # offload TLS to the linux kernel + }; + + vault = + { + forceSSL = true; + locations."/".proxyPass = "${localhost}:8222"; + } + // std; + forge = + { + forceSSL = true; + extraConfig = '' + client_max_body_size 512M; + ''; + locations."/".proxyPass = "${localhost}:3000"; + } + // std; + in { + "dobutterfliescry.net" = + { + default = true; + addSSL = true; # not strictly enforced <3 + # root = "/var/www/cry"; + root = "${pkgs.dobutterfliescry-net}/www"; + # extraConfig = '' + # error_page 404 /custom_404.html; + # ''; + } + // std; + # Route "vault" subdomain to vaultwarden + "vault.imbored.dev" = vault; + # Route "forge" subdomain to forgejo + # TODO: use `forgejo.settings.server.ENABLE_ACME` instead? + "forge.dobutterfliescry.net" = forge; + }; + }; +} diff --git a/hosts/hyrule/services/vaultwarden.nix b/hosts/hyrule/services/vaultwarden.nix new file mode 100644 index 0000000..6cde9ab --- /dev/null +++ b/hosts/hyrule/services/vaultwarden.nix @@ -0,0 +1,25 @@ +{...}: { + services.vaultwarden = { + enable = true; + dbBackend = "sqlite"; + + # backupDir = "/var/backup/vaultwarden"; # disable with null + + # https://mynixos.com/nixpkgs/option/services.vaultwarden.config + config = { + # internal address and port to listen on + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = 8222; + + # hostname to listen for + DOMAIN = "https://vault.imbored.dev"; + + # signup policy + SIGNUPS_ALLOWED = false; + SIGNUPS_VERIFY = true; + INVITATIONS_ALLOWED = true; + }; + # https://mynixos.com/nixpkgs/option/services.vaultwarden.environmentFile + environmentFile = "/var/lib/vaultwarden/vaultwarden.env"; + }; +} diff --git a/hosts/lolcathost/default.nix b/hosts/lolcathost/default.nix index 5ba7704..997eb05 100755 --- a/hosts/lolcathost/default.nix +++ b/hosts/lolcathost/default.nix @@ -8,13 +8,15 @@ }: let home-manager = builtins.fetchTarball { url = "https://github.com/nix-community/home-manager/archive/release-25.05.tar.gz"; - sha256 = "1y919cqrlmq0k44rgnacaq4zq37jj4rdh6f2swp6y2jiz28xb0iq"; + sha256 = "07pk5m6mxi666dclaxdwf7xrinifv01vvgxn49bjr8rsbh31syaq"; }; in { imports = [ ./hardware-configuration.nix (import "${home-manager}/nixos") + ../modules/bashistrans.nix + ../modules/wm/hyprland.nix # ../modules/wm/river.nix ../modules/wm/crywl.nix @@ -23,24 +25,42 @@ in { ../modules/obsidian.nix ../modules/angryoxide.nix - ../modules/flipperzero.nix - ../modules/chameleonultragui.nix + # ../modules/flipperzero.nix + # ../modules/chameleonultragui.nix ]; nix.settings.experimental-features = [ "nix-command" "flakes" + "pipe-operators" ]; nixpkgs.config.allowUnfreePredicate = let - whitelist = map lib.getName [ - pkgs.obsidian - pkgs.gitkraken - pkgs.steam - pkgs.steamcmd - pkgs.steam-unwrapped - pkgs.dwarf-fortress - ]; + vscext = pkgs.vscode-extensions; + whitelist = with pkgs; + map lib.getName [ + discord + steam + steamcmd + steam-unwrapped + + winbox + + obsidian + gitkraken + + vscode + vscext.ms-dotnettools.csharp + vscext.ms-dotnettools.csdevkit + vscext.github.copilot + vscext.github.copilot-chat + + # XXX: DEBUG + # rider-override + # XXX: DEBUG + + # jetbrains.rider + ]; in pkg: builtins.elem (lib.getName pkg) whitelist; @@ -100,10 +120,30 @@ in { networkmanager.enable = true; firewall.enable = false; + + # Use CloudFlare's WARP+ 1.1.1.1 DNS service + nameservers = [ + "1.1.1.1#one.one.one.one" + "1.0.0.1#one.one.one.one" + ]; }; # ----- SERVICES ----- services = { + # systemd-resolved provides network name resolution + # to local processes via a D-Bus interface. + resolved = { + enable = true; + dnssec = "true"; + domains = ["~."]; + # Use CloudFlare's WARP+ 1.1.1.1 DNS service + fallbackDns = [ + "1.1.1.1#one.one.one.one" + "1.0.0.1#one.one.one.one" + ]; + dnsovertls = "true"; + }; + # Set display manager (login screen) displayManager = { # sddm relies on pkgs.libsForQt5.qt5.qtgraphicaleffects @@ -121,16 +161,17 @@ in { ); }; - dbus = { - # NOTE: programs.uwsm.enable sets implementation to dbus-broker, - # NOTE: however this seems to break dbus - implementation = lib.mkForce "dbus"; - }; + # dbus = { + # # NOTE: programs.uwsm.enable sets implementation to dbus-broker, + # # NOTE: however this seems to break dbus + # implementation = lib.mkForce "dbus"; + # }; # Multimedia Framework # With backwards compatability for alsa/pulseaudio/jack pipewire = { enable = true; + audio.enable = true; wireplumber.enable = true; alsa.enable = true; @@ -192,18 +233,21 @@ in { home-manager = { users.me = import ../../homes/me; extraSpecialArgs = {inherit inputs pkgs pkgs-unstable;}; - sharedModules = [ - inputs.ags.homeManagerModules.default - ]; + sharedModules = []; }; # ---- ENVIRONMENT VARIABLES ---- - environment.sessionVariables = { - # folder names with capitalisation look awful! - XDG_DOWNLOAD_DIR = "$HOME/downloads"; + environment = { + # always install "dev" derivation outputs + extraOutputsToInstall = ["dev" "man"]; - # Hint Electrons apps to use Wayland - NIXOS_OZONE_WL = "1"; + sessionVariables = { + # folder names with capitalisation look awful! + XDG_DOWNLOAD_DIR = "$HOME/downloads"; + + # Hint Electrons apps to use Wayland + NIXOS_OZONE_WL = "1"; + }; }; # ---- SYSTEM PACKAGES ----- @@ -217,8 +261,12 @@ in { ani-cli bluetui wl-clipboard # clipboard for wayland + hyprpicker # color picker + hyprshot # screenshot utility + wl-screenrec # screen recording utility qbittorrent # torrenting signal-desktop + video-trimmer (callPackage ../sddm-theme-corners.nix {}).sddm-theme-corners # dependencies for my sddm theme: @@ -227,25 +275,50 @@ in { # Shell bash fish + elvish # reference for crysh development shellcheck grc # colorise command outputs + moreutils # Systems Emulation qemu # Fellice Bellard's Quick Emulator - # GNU Utils - gnumake + # Binaries binutils + strace + ltrace + perf-tools # ftrace + perf + radare2 + gdb + hexyl + # ASM + nasm + (callPackage ../packages/x86-manpages {}) # C Family gcc clang clang-tools + gnumake + cmake + # Rust cargo rustc - # Nim - nim + rustfmt # Go go + # Nim + nim + nimble + # Haskell + ghc + ghcid + ormolu + + # Nix + nix-prefetch-git + nix-index + nix-unit + deploy-rs # Python python312 # I use 3.12 since it's in a pretty stable state now @@ -254,6 +327,11 @@ in { # Sage sageWithDoc # SageMath + HTML Documentation + # .NET + dotnetCorePackages.dotnet_9.sdk + dotnetCorePackages.dotnet_9.aspnetcore + dotnetCorePackages.dotnet_9.runtime + openvpn inetutils @@ -270,23 +348,18 @@ in { zoxide doggo tldr - # btop + btop eza yazi lazygit ripgrep viddy # modern `watch` command thefuck - - # TODO: once upgraded past Nix-24.07 this line won't be necessary (I think) - # helix will support nixd by default - # SOURCE: https://github.com/nix-community/nixd/blob/main/nixd/docs/editor-setup.md#Helix - nixd # lsp for nix + timg # terminal image (sixel) viewer # Pretty necessary git git-filter-repo - nix-prefetch-git brightnessctl acpi # upower @@ -298,8 +371,10 @@ in { file wget tree + pstree unzip unrar-free + lz4 man-pages man-pages-posix @@ -309,9 +384,9 @@ in { libargon2 # Games - mindustry - dwarf-fortress prismlauncher # minecraft + pkgs-unstable.olympus # celeste + discord ]; programs = { @@ -326,22 +401,6 @@ in { nix-ld.enable = true; - # I want to use fish as my login shell but it always goes terrible - # cause it isn't POSIX compliant, so instead Bash is my login and - # will just exec fish (^-^) - bash = { - blesh.enable = false; # ble.sh replacement for GNU readline - completion.enable = true; - - interactiveShellInit = '' - if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]] - then - shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION="" - exec ${pkgs.fish}/bin/fish $LOGIN_OPTION - fi - ''; - }; - # Thunar also uses: `services.tumbler` & `services.gvfs` thunar = { enable = true; diff --git a/hosts/modules/apps/rider.nix b/hosts/modules/apps/rider.nix new file mode 100644 index 0000000..5a4edce --- /dev/null +++ b/hosts/modules/apps/rider.nix @@ -0,0 +1,25 @@ +{ + pkgs, + pkgs-unstable, + dotnetVersions ? [8 9 10], + ... +}: { + imports = [ + ../langs/dotnet.nix + ]; + + environment.systemPackages = with pkgs; [ + # Ensure latest stable Rider version (not necessarily stable on NixOS) + pkgs-unstable.jetbrains.rider + + # NOTE: Blazor requires a Chromium-based browser + chromium + ]; + + programs.nix-ld = { + enable = true; + libraries = with pkgs; [ + icu + ]; + }; +} diff --git a/hosts/modules/apps/winbox.nix b/hosts/modules/apps/winbox.nix new file mode 100644 index 0000000..eaf8b7c --- /dev/null +++ b/hosts/modules/apps/winbox.nix @@ -0,0 +1,6 @@ +{...}: { + programs.winbox = { + enable = true; + openFirewall = false; # port: 5678 + }; +} diff --git a/hosts/modules/bashistrans.nix b/hosts/modules/bashistrans.nix new file mode 100644 index 0000000..e9d74ae --- /dev/null +++ b/hosts/modules/bashistrans.nix @@ -0,0 +1,27 @@ +{pkgs, ...}: { + # I want to use fish as my login shell but it always goes terrible + # cause it isn't POSIX compliant, so instead Bash is my login and + # will just exec fish (^-^) + programs = { + fish.enable = true; + + bash = { + blesh.enable = false; # ble.sh replacement for GNU readline + completion.enable = true; + + interactiveShellInit = '' + # help bash transition into a beautiful fish! + if [[ -z $CRY_BASH_IS_TRANS ]] + then + if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]] + then + shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION="" + exec ${pkgs.fish}/bin/fish $LOGIN_OPTION + fi + fi + # bash is trans now! (no more transitioning required) + export CRY_BASH_IS_TRANS=true + ''; + }; + }; +} diff --git a/hosts/modules/langs/dotnet.nix b/hosts/modules/langs/dotnet.nix new file mode 100644 index 0000000..d9c3177 --- /dev/null +++ b/hosts/modules/langs/dotnet.nix @@ -0,0 +1,61 @@ +{ + lib, + pkgs, + pkgs-unstable, + ... +}: let + dotnetVersions = [8 9 10]; + + dotnetCombined = + pkgs.dotnetCorePackages.combinePackages + (builtins.concatMap + (v: let + # dotnet = pkgs.dotnetCorePackages."dotnet_${builtins.toString x}"; + in [ + # dotnet.sdk + + # the runtime+aspnetcore packaged with the sdk + pkgs.dotnetCorePackages."sdk_${builtins.toString v}_0" + ]) + dotnetVersions); + + # Custom packaged tools + dotnetTools = with lib; { + uno-check = with pkgs.dotnetCorePackages; + buildDotnetGlobalTool { + pname = "Uno.Check"; + version = "1.32.17"; + + nugetHash = "sha256-BfTVF5uHu9/nyLXqdDEOHCxq6BVQWhsnDBbARzdLDAE="; + + executables = "uno-check"; + + dotnet-sdk = dotnet_9.sdk; + dotnet-runtime = dotnet_9.runtime; + + meta = { + homepage = "https://github.com/unoplatform/uno.check"; + license = licenses.mit; + maintainers = [maintainers.emileclarkb]; + }; + }; + }; +in { + environment.systemPackages = with pkgs; [ + # .NET + dotnetCombined + + # .NET Tools + dotnetTools.uno-check + + # Mono + mono + # NOTE: nixpkgs-unstable uses .NET8 SDK + # WARNING: nixpkgs-25.05 uses .NET6 SDK (now marked insecure) + pkgs-unstable.msbuild + + # .NET Framework Tools/Services + omnisharp-roslyn + netcoredbg + ]; +} diff --git a/hosts/modules/steam.nix b/hosts/modules/steam.nix index 07f3ae1..e554441 100644 --- a/hosts/modules/steam.nix +++ b/hosts/modules/steam.nix @@ -3,22 +3,38 @@ lib, ... }: { - nixpkgs.config.allowUnfreePredicate = pkg: - builtins.elem (lib.getName pkg) [ - "steam" - "steam-original" - "steam-unwrapped" - "steam-run" - ]; + # nixpkgs.config.allowUnfreePredicate = pkg: + # builtins.elem (lib.getName pkg) [ + # "steam" + # "steam-original" + # "steam-unwrapped" + # "steam-run" + # ]; + nixpkgs.overlays = [ + (self: super: { + lutris = super.lutris.overrideAttrs (final: prev: { + # WARNING: pkgs.mbedtls_2 is marked insecure! + # Replace pkgs.mbedtls_2 (v2.28.10) with pkgs.mbedtls (v3.6.4) + targetPkgs = pkgs: ( + (builtins.filter (p: p != pkgs.mbedtls_2) (prev.targetPkgs pkgs)) + ++ [pkgs.mbedtls] + ); + }); + }) + ]; programs = { steam = { enable = true; - gamescopeSession.enable = true; + gamescopeSession.enable = false; # .desktop entry for gamescope remotePlay.openFirewall = true; dedicatedServer.openFirewall = true; localNetworkGameTransfers.openFirewall = true; + + extraCompatPackages = with pkgs; [ + proton-ge-bin + ]; }; gamemode.enable = true; @@ -29,7 +45,12 @@ mangohud protonup-qt - lutris + + # XXX: DEBUG: disable lutris + # XXX: NOTE: pkgs.lutris depends on pkgs.mbedtls_2 which is marked insecure! + # XXX: NOTE: Use the provided overlay to patch pkgs.mbedtls_2 -> pkgs.mbedtls + # lutris + bottles heroic ]; diff --git a/hosts/modules/wm/crywl.nix b/hosts/modules/wm/crywl.nix index 1454af2..ed719a6 100644 --- a/hosts/modules/wm/crywl.nix +++ b/hosts/modules/wm/crywl.nix @@ -37,8 +37,8 @@ in { ]; nixpkgs.overlays = [ - (self: super: { - crywl = super.dwl.overrideAttrs (oldAttrs: rec { + (final: prev: { + crywl = prev.dwl.overrideAttrs (oldAttrs: rec { pname = "crywl"; version = "0.1-unstable"; @@ -101,6 +101,7 @@ in { command = "crywl -v 2>&1; return 0"; }; }; + meta = { homepage = "https://forge.imbored.dev/emileclarkb/crywl"; description = "Personal fork of DWL"; diff --git a/hosts/modules/wm/hyprland.nix b/hosts/modules/wm/hyprland.nix index f2960ed..c83caa1 100644 --- a/hosts/modules/wm/hyprland.nix +++ b/hosts/modules/wm/hyprland.nix @@ -1,4 +1,8 @@ -{...}: { +{pkgs, ...}: { + environment.defaultPackages = with pkgs; [ + hyprsunset + ]; + programs = { hyprland = { enable = true; diff --git a/hosts/myputer/default.nix b/hosts/myputer/default.nix index 404a1c8..60098b1 100755 --- a/hosts/myputer/default.nix +++ b/hosts/myputer/default.nix @@ -1,42 +1,76 @@ { lib, pkgs, + pkgs-unstable, inputs, config, ... }: let home-manager = builtins.fetchTarball { url = "https://github.com/nix-community/home-manager/archive/release-25.05.tar.gz"; - sha256 = "026rvynmzmpigax9f8gy9z67lsl6dhzv2p6s8wz4w06v3gjvspm1"; + sha256 = "0q3lv288xlzxczh6lc5lcw0zj9qskvjw3pzsrgvdh8rl8ibyq75s"; }; in { imports = [ ./hardware-configuration.nix (import "${home-manager}/nixos") + ../modules/bashistrans.nix + ../modules/wm/hyprland.nix ../modules/steam.nix + ../modules/obsidian.nix + ../modules/apps/rider.nix + ../modules/apps/winbox.nix - ../modules/flipperzero.nix - ../modules/chameleonultragui.nix + #../modules/flipperzero.nix + #../modules/chameleonultragui.nix ]; - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; + nix.settings = { + experimental-features = [ + "flakes" + "nix-command" + "pipe-operators" + ]; + download-buffer-size = 524288000; # 500 MiB + }; + # nixpkgs.overlays = [ + # (self: super: { + # jdk17 = super.jdk17.override (prev: { + # enableJavaFX = true; + # }); + # }) + # ]; nixpkgs.config.allowUnfreePredicate = let - whitelist = map lib.getName [ - pkgs.obsidian - pkgs.gitkraken - pkgs.steam - pkgs.steamcmd - pkgs.steam-unwrapped - pkgs.dwarf-fortress - ]; + vscext = pkgs.vscode-extensions; + whitelist = with pkgs; + map lib.getName [ + discord + steam + steamcmd + steam-unwrapped + + winbox + + obsidian + gitkraken + + vscode + vscext.ms-dotnettools.csharp + vscext.ms-dotnettools.csdevkit + vscext.github.copilot + vscext.github.copilot-chat + + # XXX: DEBUG + # rider-override + # XXX: DEBUG + + # jetbrains.rider + ]; in pkg: builtins.elem (lib.getName pkg) whitelist; @@ -96,7 +130,16 @@ in { hostName = "myputer"; networkmanager.enable = true; - firewall.enable = true; + firewall = { + enable = true; + allowedTCPPorts = [ + 22 # SSH + 80 # HTTP + 443 # HTTPS + 5678 # MikroTik WinBox + 25565 # Minecraft LAN + ]; + }; }; # ----- SERVICES ----- @@ -183,18 +226,22 @@ in { home-manager = { users.me = import ../../homes/me; - sharedModules = [ - inputs.ags.homeManagerModules.default - ]; + extraSpecialArgs = {inherit inputs pkgs pkgs-unstable;}; + sharedModules = []; }; # ---- ENVIRONMENT VARIABLES ---- - environment.sessionVariables = { - # folder names with capitalisation look awful! - XDG_DOWNLOAD_DIR = "$HOME/downloads"; + environment = { + # always install "dev" derivation outputs + extraOutputsToInstall = ["dev" "man"]; - # Hint Electrons apps to use Wayland - NIXOS_OZONE_WL = "1"; + sessionVariables = { + # folder names with capitalisation look awful! + XDG_DOWNLOAD_DIR = "$HOME/downloads"; + + # Hint Electrons apps to use Wayland + NIXOS_OZONE_WL = "1"; + }; }; # ---- SYSTEM PACKAGES ----- @@ -207,9 +254,17 @@ in { ani-cli bluetui wl-clipboard # clipboard for wayland - hyprpicker + hyprpicker # color picker + hyprshot # screenshot utility qbittorrent signal-desktop + kdePackages.gwenview # image viewer + libreoffice + + # TEST: WARNING + # ospd-openvas + # openvas-scanner + # openvas-smb (callPackage ../sddm-theme-corners.nix {}).sddm-theme-corners # dependencies for my sddm theme: @@ -220,23 +275,42 @@ in { fish shellcheck grc # colorise command outputs + moreutils - # Systems Emulation + # Systems Programming & Compilation qemu # Fellice Bellard's Quick Emulator # GNU Utils gnumake + # Binaries binutils + strace + ltrace + perf-tools # ftrace + perf + radare2 + gdb + # ASM + nasm + (callPackage ../packages/x86-manpages {}) # C Family gcc clang clang-tools + # Rust cargo rustc - # Nim - nim # Go go + # Nim + nim + nimble + # Haskell + ghc + ghcid + ormolu + + # Java + visualvm # Python python312 # I use 3.12 since it's in a pretty stable state now @@ -269,12 +343,9 @@ in { viddy # modern `watch` command thefuck - tesseract # for my work with Agribit + deploy-rs - # TODO: once upgraded past Nix-24.07 this line won't be necessary (I think) - # helix will support nixd by default - # SOURCE: https://github.com/nix-community/nixd/blob/main/nixd/docs/editor-setup.md#Helix - # nixd # lsp for nix # DEBUG + tesseract # for my work with Agribit # Pretty necessary git @@ -290,8 +361,10 @@ in { file wget tree + pstree unzip unrar-free + lz4 man-pages man-pages-posix @@ -302,6 +375,7 @@ in { # Games prismlauncher # minecraft + pkgs-unstable.olympus ]; # DEBUG: configuring xdg portal here instead? @@ -340,21 +414,6 @@ in { }; }; - # I want to use fish as my login shell but it always goes terrible - # cause it isn't POSIX compliant, so instead Bash is my login and - # will just exec fish (^-^) - bash = { - completion.enable = true; - - interactiveShellInit = '' - if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]] - then - shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION="" - exec ${pkgs.fish}/bin/fish $LOGIN_OPTION - fi - ''; - }; - # Thunar also (optionally) requires: `services.tumbler` & `services.gvfs` thunar = { enable = true; @@ -367,6 +426,18 @@ in { # mozilla's email client thunderbird.enable = true; + + java = let + # XXX: WARNING: TEST :WARNING: XXX + # Test for CrazyCraft VoidLauncher + myjdk = pkgs.jdk17.override { + enableJavaFX = true; + # openjfx_jdk = pkgs.openjfx17.override {withWebKit = true;}; + }; + in { + enable = true; + package = myjdk; + }; }; # ----- FONTS ----- diff --git a/hosts/packages/huggingface_hub/flake.nix b/hosts/packages/huggingface_hub/flake.nix new file mode 100644 index 0000000..37814d9 --- /dev/null +++ b/hosts/packages/huggingface_hub/flake.nix @@ -0,0 +1,35 @@ +# Template: https://nixos-and-flakes.thiscute.world/development/intro +{ + description = "Humanity's Last Exam - Devshell"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; + }; + + outputs = {nixpkgs, ...}: let + system = "x86_64-linux"; + pkgs = import nixpkgs { + inherit system; + }; + python = pkgs.python312.override { + self = python; + packageOverrides = pyfinal: pyprev: { + huggingface-hub = pyfinal.callPackage ./huggingface_hub.nix {}; + hf-xet = pyfinal.callPackage ./hf-xet.nix {}; + }; + }; + in { + devShells."${system}".default = pkgs.mkShell { + packages = [ + (python.withPackages (pypkgs: [ + pypkgs.huggingface-hub + ])) + ]; + + shell = "${pkgs.bash}/bin/bash"; + shellHook = '' + alias hf=huggingface-cli + ''; + }; + }; +} diff --git a/hosts/packages/huggingface_hub/hf-xet.nix b/hosts/packages/huggingface_hub/hf-xet.nix new file mode 100644 index 0000000..0f4c631 --- /dev/null +++ b/hosts/packages/huggingface_hub/hf-xet.nix @@ -0,0 +1,56 @@ +{ + lib, + buildPythonPackage, + fetchFromGitHub, + pkg-config, + rustPlatform, + openssl, +}: +buildPythonPackage rec { + pname = "hf-xet"; + version = "1.1.5"; + pyproject = true; + + src = fetchFromGitHub { + owner = "huggingface"; + repo = "xet-core"; + tag = "v${version}"; + hash = "sha256-udjZcXTH+Mc4Gvj6bSPv1xi4MyXrLeCYav+7CzKWyhY="; + }; + + sourceRoot = "${src.name}/hf_xet"; + + cargoDeps = rustPlatform.fetchCargoVendor { + inherit + pname + version + src + sourceRoot + ; + hash = "sha256-PTzYubJHFvhq6T3314R4aqBAJlwehOqF7SbpLu4Jo6E="; + }; + + nativeBuildInputs = [ + pkg-config + rustPlatform.cargoSetupHook + rustPlatform.maturinBuildHook + ]; + + buildInputs = [ + openssl + ]; + + env.OPENSSL_NO_VENDOR = 1; + + pythonImportsCheck = ["hf_xet"]; + + # No tests (yet?) + doCheck = false; + + meta = { + description = "Xet client tech, used in huggingface_hub"; + homepage = "https://github.com/huggingface/xet-core/tree/main/hf_xet"; + changelog = "https://github.com/huggingface/xet-core/releases/tag/v${version}"; + license = lib.licenses.asl20; + }; +} diff --git a/hosts/packages/huggingface_hub/huggingface_hub.nix b/hosts/packages/huggingface_hub/huggingface_hub.nix new file mode 100644 index 0000000..02b03b7 --- /dev/null +++ b/hosts/packages/huggingface_hub/huggingface_hub.nix @@ -0,0 +1,62 @@ +/* +* WARNING: Just use `pkgs.python312Packages.huggingface-hub` (or change python version) +* WARNING: I didn't realise it existed when I packaged this. +* +* Nix Resources: +* 1. https://wiki.nixos.org/wiki/Python +* 2. https://nixos.org/manual/nixpkgs/unstable/#developing-with-python +* +* Hugging Face Resources: +* 1. https://github.com/huggingface/huggingface_hub +* 2. https://huggingface.co/docs/huggingface_hub/main/en/guides/cli +*/ +{ + lib, + buildPythonPackage, + fetchPypi, + # build time dependencies + setuptools, + # runtime dependencies + filelock, + fsspec, + hf-xet, + pyyaml, + requests, + tqdm, + typing-extensions, +}: +buildPythonPackage rec { + pname = "huggingface_hub"; + version = "0.34.3"; + + src = fetchPypi { + inherit pname version; + hash = "sha256-1YEw/VqnQISAaBR1SRwKvX6DVEIIL7w+9NRbbDn4OFM="; + }; + + pyproject = true; + doCheck = false; # skip unit testing + pythonImportsCheck = ["huggingface_hub"]; + + # buildtime dependencies + build-system = [ + setuptools + ]; + # runtime dependencies + dependencies = [ + filelock + fsspec + hf-xet + pyyaml + requests + tqdm + typing-extensions + ]; + + meta = rec { + description = "The official Python client for the Huggingface Hub."; + homepage = "https://github.com/huggingface/huggingface_hub"; + changelog = "${homepage}/releases/tag/v${version}"; + license = lib.licenses.asl20; # Apache License 2.0 + }; +} diff --git a/hosts/packages/x86-manpages/default.nix b/hosts/packages/x86-manpages/default.nix new file mode 100644 index 0000000..b687422 --- /dev/null +++ b/hosts/packages/x86-manpages/default.nix @@ -0,0 +1,32 @@ +{pkgs, ...}: +pkgs.stdenv.mkDerivation { + pname = "x86-manpages"; + version = "0.0.1"; + + src = pkgs.fetchFromGitHub { + owner = "ttmo-O"; + repo = "x86-manpages"; + + ## Recommended + # rev = "0e199a8b4d90be7eb715291c21cf41de8527beac"; + # sha256 = "0im596j0pf90npg933gkq6wpw23c47fcwv0n64qfqn5mcy92qbcb"; + rev = "94902f9c45de0efe803c32b6c3e88d6623881866"; + sha256 = "0k6nsfabzqwnhjiyw2kyg0z49nzrsxn515f6dcjh1rn7bzih5562"; + }; + + installPhase = '' + mkdir -p $out/man/man7 + + shopt -u nullglob + for m in man7/*.7; do + install -m 644 "$m" "$out/man/man7" + done + ''; + + meta = with pkgs.lib; { + description = "Manpages for x86 instructions"; + homepage = "https://github.com/ttmo-O/x86-manpages"; + license = licenses.mit; + platforms = platforms.all; + }; +} diff --git a/scripts/box b/scripts/box new file mode 100755 index 0000000..7f69cb0 --- /dev/null +++ b/scripts/box @@ -0,0 +1,44 @@ +#!/usr/bin/env bash +USAGE="Usage: box [--enter]" + +# ===== Configuration ===== # +DATA_DIR="$HOME/.data/box" +# ========================= # + +function setup { + mkdir -p "$DATA_DIR" &>/dev/null +} + +function box { + mktemp -d + # TODO: use a custom name instead +} + +set -euo pipefail + +ENTER=false +for arg in $@; do + case "$arg" in + -e|--enter) + ENTER=true + shift + ;; + -h|--help) + echo "$USAGE" + ;; + -*) + echo "[!] Unknown opt \"$arg\"" >&2 + ;; + *) + echo "[!] Unknown arg \"$arg\"" >&2 + ;; + esac +done + +setup + +BOX=$(box) + +if [[ "$ENTER" == true ]]; then + cd "$BOX" +fi diff --git a/scripts/lsyscalls b/scripts/lsyscalls new file mode 100755 index 0000000..5cbd744 --- /dev/null +++ b/scripts/lsyscalls @@ -0,0 +1,7 @@ +#!/usr/bin/env bash +# USAGE: lsyscalls | sort [-nk2] + +echo -e '#include '\ + | cpp -dM \ + | grep "#define __NR_.*[0-9]$" \ + | cut -d_ -f 4-