diff --git a/.gitignore b/.gitignore index af1da56..24903d6 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ -result/ \ No newline at end of file +result/ +secrets/yubikey-identity.txt \ No newline at end of file diff --git a/flake.lock b/flake.lock index f0a4fab..bef379f 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,52 @@ { "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1736955230, + "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", + "owner": "ryantm", + "repo": "agenix", + "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "agenix-rekey": { + "inputs": { + "devshell": "devshell", + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ], + "pre-commit-hooks": "pre-commit-hooks", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1737808592, + "narHash": "sha256-zSr8rSnaDlsifQhKW6kLKr+zZj0h9jbx/DQ8V7PENhM=", + "owner": "oddlama", + "repo": "agenix-rekey", + "rev": "a1dcdd27ff12a24f0d3ac1fe016ed08e1a89291f", + "type": "github" + }, + "original": { + "owner": "oddlama", + "repo": "agenix-rekey", + "type": "github" + } + }, "ags": { "inputs": { "astal": "astal", @@ -62,7 +109,259 @@ "type": "github" } }, + "colmena": { + "inputs": { + "flake-compat": "flake-compat_2", + "flake-utils": "flake-utils", + "nix-github-actions": "nix-github-actions", + "nixpkgs": "nixpkgs", + "stable": "stable" + }, + "locked": { + "lastModified": 1734897875, + "narHash": "sha256-LLpiqfOGBippRax9F33kSJ/Imt8gJXb6o0JwSBiNHCk=", + "owner": "zhaofengli", + "repo": "colmena", + "rev": "a6b51f5feae9bfb145daa37fd0220595acb7871e", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "colmena", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat_3", + "nixpkgs": "nixpkgs_2", + "utils": "utils" + }, + "locked": { + "lastModified": 1727447169, + "narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, + "devshell": { + "inputs": { + "nixpkgs": [ + "agenix-rekey", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1728330715, + "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", + "owner": "numtide", + "repo": "devshell", + "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1738148035, + "narHash": "sha256-KYOATYEwaKysL3HdHdS5kbQMXvzS4iPJzJrML+3TKAo=", + "owner": "nix-community", + "repo": "disko", + "rev": "18d0a984cc2bc82cf61df19523a34ad463aa7f54", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "agenix-rekey", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "agenix-rekey", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -83,6 +382,27 @@ "type": "github" } }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "colmena", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729742964, + "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, "nixlib": { "locked": { "lastModified": 1736643958, @@ -98,6 +418,21 @@ "type": "github" } }, + "nixos-facter-modules": { + "locked": { + "lastModified": 1736931726, + "narHash": "sha256-aY55yiifyo1XPPpbpH0kWlV1g2dNGBlx6622b7OK8ks=", + "owner": "numtide", + "repo": "nixos-facter-modules", + "rev": "fa11d87b61b2163efbb9aed7b7a5ae0299e5ab9c", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "nixos-facter-modules", + "type": "github" + } + }, "nixos-generators": { "inputs": { "nixlib": "nixlib", @@ -121,16 +456,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1738023785, - "narHash": "sha256-BPHmb3fUwdHkonHyHi1+x89eXB3kA1jffIpwPVJIVys=", - "owner": "nixos", + "lastModified": 1734119587, + "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "2b4230bf03deb33103947e2528cac2ed516c5c89", + "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-24.11", + "owner": "NixOS", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -151,14 +486,182 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1702272962, + "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1738023785, + "narHash": "sha256-BPHmb3fUwdHkonHyHi1+x89eXB3kA1jffIpwPVJIVys=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "2b4230bf03deb33103947e2528cac2ed516c5c89", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "agenix-rekey", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1735882644, + "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { + "agenix": "agenix", + "agenix-rekey": "agenix-rekey", "ags": "ags", "astal": "astal_2", - "home-manager": "home-manager", + "colmena": "colmena", + "deploy-rs": "deploy-rs", + "disko": "disko", + "flake-parts": "flake-parts_2", + "home-manager": "home-manager_2", + "nixos-facter-modules": "nixos-facter-modules", "nixos-generators": "nixos-generators", - "nixpkgs": "nixpkgs", - "nixpkgs-unstable": "nixpkgs-unstable" + "nixpkgs": "nixpkgs_3", + "nixpkgs-unstable": "nixpkgs-unstable", + "treefmt-nix": "treefmt-nix_2" + } + }, + "stable": { + "locked": { + "lastModified": 1730883749, + "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "agenix-rekey", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1735135567, + "narHash": "sha256-8T3K5amndEavxnludPyfj3Z1IkcFdRpR23q+T0BVeZE=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "9e09d30a644c57257715902efbb3adc56c79cf28", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1738070913, + "narHash": "sha256-j6jC12vCFsTGDmY2u1H12lMr62fnclNjuCtAdF1a4Nk=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "bebf27d00f7d10ba75332a0541ac43676985dea3", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" } } }, diff --git a/flake.nix b/flake.nix index d24e6b9..d72682b 100644 --- a/flake.nix +++ b/flake.nix @@ -3,6 +3,7 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; + colmena.url = "github:zhaofengli/colmena"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixos-generators = { url = "github:nix-community/nixos-generators"; @@ -12,6 +13,9 @@ url = "github:nix-community/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; }; + disko.url = "github:nix-community/disko"; + disko.inputs.nixpkgs.follows = "nixpkgs"; + nixos-facter-modules.url = "github:numtide/nixos-facter-modules"; astal = { url = "github:aylur/astal"; inputs.nixpkgs.follows = "nixpkgs"; @@ -20,34 +24,44 @@ url = "github:aylur/ags"; inputs.nixpkgs.follows = "nixpkgs"; }; + treefmt-nix = { + url = "github:numtide/treefmt-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + flake-parts = { + url = "github:hercules-ci/flake-parts"; + inputs.nixpkgs-lib.follows = "nixpkgs"; + }; + deploy-rs.url = "github:serokell/deploy-rs"; + agenix.url = "github:ryantm/agenix"; + agenix.inputs.nixpkgs.follows = "nixpkgs"; + agenix-rekey.url = "github:oddlama/agenix-rekey"; + agenix-rekey.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = { - nixpkgs, - nixpkgs-unstable, - nixos-generators, - home-manager, - ... - } @ inputs: let - system = "x86_64-linux"; - stateVersion = "24.11"; - pkgs = nixpkgs.legacyPackages.${system}; - mkSystem = username: machine: - nixpkgs.lib.nixosSystem { - system = system; - specialArgs = {inherit inputs username machine stateVersion;}; - modules = [ - (import (./machines + "/${machine}")) - home-manager.nixosModules.home-manager - nixos-generators.nixosModules.all-formats + outputs = {flake-parts, ...} @ inputs: + flake-parts.lib.mkFlake {inherit inputs;} ( + { + withSystem, + lib, + inputs, + ... + }: { + systems = [ + "x86_64-linux" + "aarch64-linux" ]; - }; - in { - # Available through 'nixos-rebuild --flake .#wsl' - formatter.${system} = pkgs.alejandra; - nixosConfigurations = { - desktop = mkSystem "nickolaj" "desktop"; - qemu = mkSystem "nickolaj" "qemu"; - }; - }; + imports = [ + inputs.agenix-rekey.flakeModule + # ./parts/hosts/laptop + # ./parts/hosts/desktop + # ./parts/hosts/qemu + ./parts/hosts + # ./parts/vm.nix + ./parts/formatter.nix + ./parts/devshell.nix + ]; + _module.args.mylib = import ./lib {inherit lib withSystem inputs;}; + } + ); } diff --git a/justfile b/justfile index 4dc36e6..024dd3d 100644 --- a/justfile +++ b/justfile @@ -1,19 +1,24 @@ -build-vm: - @git add . +[group('vm')] +vm-build: + git add . echo "Building VM..." - nix build .#nixosConfigurations.qemu.config.formats.qcow + nix build .#vm echo "VM built." - @sudo chmod 777 result/nixos.qcow2 + sudo chmod 777 result/nixos.qcow2 echo "VM permissions set." -reload-vm: build-vm - @sleep 5 +[group('vm')] +vm-reload: echo "Reloading VM..." - -virsh destroy nixos + virsh destroy nixos virsh start nixos echo "VM reloaded." -setup-vm: +[group('vm')] +vm-switch: vm-build vm-reload + +[group('vm')] +vm-init: virsh pool-define-as nixos dir - - - - $HOME/.local/libvirt/images/nixos virsh pool-build nixos virsh pool-start nixos @@ -28,3 +33,104 @@ setup-vm: --virt-type kvm \ --import \ --graphics spice + +[group('vm')] +vm-destroy: + virsh destroy nixos + virsh pool-destroy nixos + virsh pool-undefine nixos + +[group('nix')] +repl: + nix repl --show-trace ".#" nixpkgs + +[group('deploy')] +deploy-gen-hw hostname target: + nix run github:nix-community/nixos-anywhere -- \ + --flake .#{{ hostname }} \ + --target-host {{ target }} \ + --generate-hardware-config nixos-generate-config \ + ./parts/hosts/{{ hostname }}/hardware-configuration.nix + +tmp_dir := "/tmp/secrets/" + uuid() + +[group('deploy')] +deploy hostname target: + #!/usr/bin/env -S bash -e + git add . + # username=$(nix eval --raw .#nixosConfigurations.{{hostname}}.config.user.username) + + + # Unencrypt boot secrets + install -d -m755 {{ tmp_dir }}/etc/ssh/ + install -d -m755 {{ tmp_dir }}/run/agenix/ + just secret-echo ./secrets/hashed-user-password > {{ tmp_dir }}/run/agenix/hashed-user-password + just secret-echo ./secrets/luks-password > {{ tmp_dir }}/luks-password + just secret-echo ./secrets/hosts/{{ hostname }}/id_ed25519 > {{ tmp_dir }}/etc/ssh/ssh_host_ed25519_key + cp ./secrets/hosts/{{ hostname }}/id_ed25519.pub {{ tmp_dir }}/etc/ssh/ssh_host_ed25519_key.pub + echo "Unencrypted files:" + find {{ tmp_dir }} -type f + read -n 1 -p "Did age decrypt the secrets correctly? [y/n]" yn + if [ "$yn" != "y" ]; then + rm -rf {{ tmp_dir }} + exit 0 + fi + find {{ tmp_dir }} -type f -exec chmod 600 {} \; + + + # Deploy + nix run github:nix-community/nixos-anywhere -- \ + --flake .#{{ hostname }} \ + --disk-encryption-keys /luks-password {{ tmp_dir }}/luks-password \ + --extra-files {{ tmp_dir }} \ + --target-host {{ target }} + + # Clean up + echo "Cleaning secrets..." + rm -rf {{ tmp_dir }} + +[group('deploy')] +deploy-switch hostname target: + nix run nixpkgs#nixos-rebuild -- \ + --flake .#{{ hostname }} \ + --target-host {{ target }} \ + --use-remote-sudo \ + --verbose \ + switch + +identifier := "./secrets/yubikey-identity.age" +_get_user host: + user := nix eval --raw .#nixosConfigurations.{{host}}.config.user.username + +[group("secret")] +secret-import path: + #!/usr/bin/env bash + # load the file from the root system + cat {{ path }} | nix develop --quiet --command bash -c \ + "rage -e -r -o secrets/{{ path }}.age -i {{ identifier }}" + +[group('secret')] +secret-echo file: + nix develop --quiet --command bash -c \ + "rage -d {{ file }}.age -i {{ identifier }}" + +default := "" + +[group('secret')] +secret-edit name=default: + nix run .#agenix-rekey.x86_64-linux.edit {{ name }} + +[group('secret')] +secret-rekey: + nix develop --quiet --command bash -c \ + "agenix rekey" + +[group('secret')] +secret-new-ssh-key hostname $USER: + #!/usr/bin/env -S nix develop --quiet --command bash + + mkdir -p secrets/hosts/{{ hostname }} + ssh-keygen -t ed25519 -f secrets/hosts/{{ hostname }}/id_ed25519 -C "${USER}@{{ hostname }}" + age-plugin-yubikey -e secrets/hosts/{{ hostname }}/id_ed25519 \ + -o secrets/hosts/{{ hostname }}/id_ed25519.age + rm secrets/hosts/{{ hostname }}/id_ed25519 diff --git a/lib/builder.nix b/lib/builder.nix new file mode 100644 index 0000000..cfe7b3b --- /dev/null +++ b/lib/builder.nix @@ -0,0 +1,53 @@ +args @ { + lib, + withSystem, + inputs, + ... +}: +with lib; let + inherit (import ./. args) recursiveMerge; + mkBase = {system ? "x86_64-linux", ...}: + withSystem system ( + { + pkgs, + system, + ... + }: { + inherit system; + specialArgs = {inherit inputs pkgs;}; + modules = [ + inputs.disko.nixosModules.disko + inputs.home-manager.nixosModules.home-manager + ]; + } + ); + mkNixos = args: + inputs.nixpkgs.lib.nixosSystem (recursiveMerge [ + (mkBase args) + args + ]); +in { + mkHosts = root: let + hosts = attrNames (filterAttrs (_: type: type == "directory") (builtins.readDir root)); + + hostDirs = builtins.listToAttrs ( + lib.map (hostName: lib.nameValuePair hostName (lib.path.append root hostName)) hosts + ); + + hostResolved = + lib.mapAttrs ( + _: hostDir: (lib.map (fileName: lib.path.append hostDir fileName) (attrNames (builtins.readDir hostDir))) + ) + hostDirs; + + hostsConfig = mapAttrs (_: configs: mkNixos {modules = configs;}) hostResolved; + in + hostsConfig; + + mkVm = configs: + inputs.nixos-generators.nixosGenerate { + modules = configs; + format = "qcow"; + system = "x86_64-linux"; + }; +} diff --git a/lib/default.nix b/lib/default.nix new file mode 100644 index 0000000..0d0cf64 --- /dev/null +++ b/lib/default.nix @@ -0,0 +1,4 @@ +args: { + inherit (import ./util.nix args) recursiveMerge; + inherit (import ./builder.nix args) mkNixos mkHosts mkVm; +} diff --git a/lib/util.nix b/lib/util.nix new file mode 100644 index 0000000..0c0a122 --- /dev/null +++ b/lib/util.nix @@ -0,0 +1,17 @@ +{lib, ...}: +with lib; { + recursiveMerge = attrList: let + f = attrPath: + zipAttrsWith ( + n: values: + if tail values == [] + then head values + else if all isList values + then unique (concatLists values) + else if all isAttrs values + then f (attrPath ++ [n]) values + else last values + ); + in + f [] attrList; +} diff --git a/machines/desktop/default.nix b/machines/desktop/default.nix deleted file mode 100644 index 8f0a076..0000000 --- a/machines/desktop/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - username, - stateVersion, - ... -}: { - imports = [ - ../../targets/graphical.nix - ../../targets/shell.nix - ]; - - config = { - user.username = username; - system.stateVersion = stateVersion; - }; -} diff --git a/machines/qemu/default.nix b/machines/qemu/default.nix deleted file mode 100644 index 115b40d..0000000 --- a/machines/qemu/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - username, - stateVersion, - ... -}: { - imports = [ - ../../targets/graphical.nix - ../../targets/shell.nix - ]; - - config = { - user.username = username; - system.stateVersion = stateVersion; - monitor.primary.resolution = "1920x1080"; - services.qemuGuest.enable = true; - services.spice-vdagentd.enable = true; - }; -} diff --git a/modules/astal/src/package-lock.json b/modules/astal/src/package-lock.json deleted file mode 100644 index 7d214d7..0000000 --- a/modules/astal/src/package-lock.json +++ /dev/null @@ -1,188 +0,0 @@ -{ - "name": "astal-shell", - "lockfileVersion": 3, - "requires": true, - "packages": { - "": { - "name": "astal-shell", - "dependencies": { - "astal": "/usr/share/astal/gjs" - }, - "devDependencies": { - "@biomejs/biome": "1.9.4" - } - }, - "../../../../usr/share/astal/gjs": { - "name": "astal", - "license": "LGPL-2.1" - }, - "node_modules/@biomejs/biome": { - "version": "1.9.4", - "resolved": "https://registry.npmjs.org/@biomejs/biome/-/biome-1.9.4.tgz", - "integrity": "sha512-1rkd7G70+o9KkTn5KLmDYXihGoTaIGO9PIIN2ZB7UJxFrWw04CZHPYiMRjYsaDvVV7hP1dYNRLxSANLaBFGpog==", - "dev": true, - "hasInstallScript": true, - "license": "MIT OR Apache-2.0", - "bin": { - "biome": "bin/biome" - }, - "engines": { - "node": ">=14.21.3" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/biome" - }, - "optionalDependencies": { - "@biomejs/cli-darwin-arm64": "1.9.4", - "@biomejs/cli-darwin-x64": "1.9.4", - "@biomejs/cli-linux-arm64": "1.9.4", - "@biomejs/cli-linux-arm64-musl": "1.9.4", - "@biomejs/cli-linux-x64": "1.9.4", - "@biomejs/cli-linux-x64-musl": "1.9.4", - "@biomejs/cli-win32-arm64": "1.9.4", - "@biomejs/cli-win32-x64": "1.9.4" - } - }, - "node_modules/@biomejs/cli-darwin-arm64": { - "version": "1.9.4", - "resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-arm64/-/cli-darwin-arm64-1.9.4.tgz", - "integrity": "sha512-bFBsPWrNvkdKrNCYeAp+xo2HecOGPAy9WyNyB/jKnnedgzl4W4Hb9ZMzYNbf8dMCGmUdSavlYHiR01QaYR58cw==", - "cpu": [ - "arm64" - ], - "dev": true, - "license": "MIT OR Apache-2.0", - "optional": true, - "os": [ - "darwin" - ], - "engines": { - "node": ">=14.21.3" - } - }, - "node_modules/@biomejs/cli-darwin-x64": { - "version": "1.9.4", - "resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-x64/-/cli-darwin-x64-1.9.4.tgz", - "integrity": "sha512-ngYBh/+bEedqkSevPVhLP4QfVPCpb+4BBe2p7Xs32dBgs7rh9nY2AIYUL6BgLw1JVXV8GlpKmb/hNiuIxfPfZg==", - "cpu": [ - "x64" - ], - "dev": true, - "license": "MIT OR Apache-2.0", - "optional": true, - "os": [ - "darwin" - ], - "engines": { - "node": ">=14.21.3" - } - }, - "node_modules/@biomejs/cli-linux-arm64": { - "version": "1.9.4", - "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64/-/cli-linux-arm64-1.9.4.tgz", - "integrity": "sha512-fJIW0+LYujdjUgJJuwesP4EjIBl/N/TcOX3IvIHJQNsAqvV2CHIogsmA94BPG6jZATS4Hi+xv4SkBBQSt1N4/g==", - "cpu": [ - "arm64" - ], - "dev": true, - "license": "MIT OR Apache-2.0", - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=14.21.3" - } - }, - "node_modules/@biomejs/cli-linux-arm64-musl": { - "version": "1.9.4", - "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64-musl/-/cli-linux-arm64-musl-1.9.4.tgz", - "integrity": "sha512-v665Ct9WCRjGa8+kTr0CzApU0+XXtRgwmzIf1SeKSGAv+2scAlW6JR5PMFo6FzqqZ64Po79cKODKf3/AAmECqA==", - "cpu": [ - "arm64" - ], - "dev": true, - "license": "MIT OR Apache-2.0", - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=14.21.3" - } - }, - "node_modules/@biomejs/cli-linux-x64": { - "version": "1.9.4", - "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64/-/cli-linux-x64-1.9.4.tgz", - "integrity": "sha512-lRCJv/Vi3Vlwmbd6K+oQ0KhLHMAysN8lXoCI7XeHlxaajk06u7G+UsFSO01NAs5iYuWKmVZjmiOzJ0OJmGsMwg==", - "cpu": [ - "x64" - ], - "dev": true, - "license": "MIT OR Apache-2.0", - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=14.21.3" - } - }, - "node_modules/@biomejs/cli-linux-x64-musl": { - "version": "1.9.4", - "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64-musl/-/cli-linux-x64-musl-1.9.4.tgz", - "integrity": "sha512-gEhi/jSBhZ2m6wjV530Yy8+fNqG8PAinM3oV7CyO+6c3CEh16Eizm21uHVsyVBEB6RIM8JHIl6AGYCv6Q6Q9Tg==", - "cpu": [ - "x64" - ], - "dev": true, - "license": "MIT OR Apache-2.0", - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=14.21.3" - } - }, - "node_modules/@biomejs/cli-win32-arm64": { - "version": "1.9.4", - "resolved": "https://registry.npmjs.org/@biomejs/cli-win32-arm64/-/cli-win32-arm64-1.9.4.tgz", - "integrity": "sha512-tlbhLk+WXZmgwoIKwHIHEBZUwxml7bRJgk0X2sPyNR3S93cdRq6XulAZRQJ17FYGGzWne0fgrXBKpl7l4M87Hg==", - "cpu": [ - "arm64" - ], - "dev": true, - "license": "MIT OR Apache-2.0", - "optional": true, - "os": [ - "win32" - ], - "engines": { - "node": ">=14.21.3" - } - }, - "node_modules/@biomejs/cli-win32-x64": { - "version": "1.9.4", - "resolved": "https://registry.npmjs.org/@biomejs/cli-win32-x64/-/cli-win32-x64-1.9.4.tgz", - "integrity": "sha512-8Y5wMhVIPaWe6jw2H+KlEm4wP/f7EW3810ZLmDlrEEy5KvBsb9ECEfu/kMWD484ijfQ8+nIi0giMgu9g1UAuuA==", - "cpu": [ - "x64" - ], - "dev": true, - "license": "MIT OR Apache-2.0", - "optional": true, - "os": [ - "win32" - ], - "engines": { - "node": ">=14.21.3" - } - }, - "node_modules/astal": { - "resolved": "../../../../usr/share/astal/gjs", - "link": true - } - } -} diff --git a/modules/astal/src/src/bar/sections/Playback.scss b/modules/astal/src/src/bar/sections/Playback.scss deleted file mode 100644 index c4dfeca..0000000 --- a/modules/astal/src/src/bar/sections/Playback.scss +++ /dev/null @@ -1,28 +0,0 @@ -@use "../../variables.scss" as *; - -@keyframes pulse { - 0% { - background-color: $accent; - } - 50% { - background-color: $bg-alt; - } - 100% { - background-color: $accent; - } - } - -.PlaybackDropdown { - .no-streams { - color: $muted; - font-size: 14px; - } -} - -.Playback { - .recording { - background-color: $accent; - border-radius: $radius; - animation: pulse 1s 10; - } -} \ No newline at end of file diff --git a/modules/btop.nix b/modules/btop.nix deleted file mode 100644 index c081398..0000000 --- a/modules/btop.nix +++ /dev/null @@ -1,12 +0,0 @@ -{...}: { - user.home-manager.programs.btop = { - enable = true; - - settings = { - color_theme = "TTY"; - theme_background = false; - update_ms = 500; - rounded_corners = false; - }; - }; -} diff --git a/parts/devshell.nix b/parts/devshell.nix new file mode 100644 index 0000000..a72bfa1 --- /dev/null +++ b/parts/devshell.nix @@ -0,0 +1,30 @@ +{ + inputs, + config, + lib, + hostname, + ... +}: { + perSystem = { + pkgs, + config, + config', + ... + }: { + agenix-rekey.nixosConfigurations = inputs.self.nixosConfigurations; + devShells.default = pkgs.mkShellNoCC { + + + packages = [ + pkgs.nix + pkgs.nixos-rebuild + pkgs.nixos-rebuild + pkgs.nh + pkgs.just + config.agenix-rekey.package + config.agenix-rekey.agePackage + ]; + AGENIX_REKEY_ADD_TO_GIT = "true"; + }; + }; +} diff --git a/parts/formatter.nix b/parts/formatter.nix new file mode 100644 index 0000000..c3de1b5 --- /dev/null +++ b/parts/formatter.nix @@ -0,0 +1,18 @@ +{inputs, ...}: { + imports = [inputs.treefmt-nix.flakeModule]; + + perSystem = {config, ...}: { + treefmt = { + projectRootFile = "flake.nix"; + programs = { + deadnix.enable = true; + alejandra.enable = true; + statix.enable = true; + just.enable = true; + prettier.enable = true; + }; + settings.global.excludes = ["*.{gitignore,svg}"]; + }; + formatter = config.treefmt.build.wrapper; + }; +} diff --git a/parts/hosts/default.nix b/parts/hosts/default.nix new file mode 100644 index 0000000..2ba3e40 --- /dev/null +++ b/parts/hosts/default.nix @@ -0,0 +1,93 @@ +{ + inputs, + withSystem, + lib, + ... +}: +with lib; let + mkSystem = { + hostname, + username, + modules ? [], + }: + withSystem "x86_64-linux" ( + { + pkgs, + system, + ... + }: + inputs.nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = {inherit inputs pkgs hostname username;}; + modules = + [ + inputs.disko.nixosModules.disko + inputs.home-manager.nixosModules.home-manager + ] + ++ [ + inputs.agenix.nixosModules.default + inputs.agenix-rekey.nixosModules.default + { + environment.variables = { + AGENIX_REKEY_PRIMARY_IDENTITY = builtins.readFile ../../secrets/hosts/${hostname}/id_ed25519.pub; + AGENIX_REKEY_PRIMARY_IDENTITY_ONLY = "true"; + }; + environment.etc."ssh/ssh_host_ed25519_key.pub".source = ../../secrets/hosts/${hostname}/id_ed25519.pub; + age = rec { + rekey = { + storageMode = "local"; + hostPubkey = builtins.readFile ../../secrets/hosts/${hostname}/id_ed25519.pub; + masterIdentities = [ + { identity=secrets.id_ed25519.path; pubkey="builtins.readFile ../../secrets/hosts/${hostname}/id_ed25519.pub"; } + { identity=../../secrets/yubikey-identity.age; pubkey="age1yubikey1q25a8ax2t0ujv7q5wvpmlpa52h599n6682jprxuftlw4zpxy2xu9s6lhrel"; } + ]; + localStorageDir = lib.path.append ../../secrets/rekeyed hostname; + generatedSecretsDir = lib.path.append ../../secrets hostname; + }; + secrets.hashed-user-password.rekeyFile = ../../secrets/hashed-user-password.age; + secrets.id_ed25519={ + rekeyFile = ../../secrets/hosts/${hostname}/id_ed25519.age; + path = "/etc/ssh/ssh_host_ed25519_key"; + }; + secrets.luks-password.rekeyFile = ../../secrets/luks-password.age; + secrets.luks-password.path = "/luks-password"; + }; + } + ] + ++ modules; + } + ); + # TODO: + # mkHosts = root: let + # hosts = attrNames (filterAttrs (_: type: type == "directory") (builtins.readDir root)); + # hostDirs = builtins.listToAttrs ( + # lib.map (hostName: lib.nameValuePair hostName (lib.path.append root hostName)) hosts + # ); + # hostResolved = + # lib.mapAttrs ( + # _: hostDir: (lib.map (fileName: lib.path.append hostDir fileName) (attrNames (builtins.readDir hostDir))) + # ) + # hostDirs; + # hostsConfig = mapAttrs (host: modules: mkSystem host modules ) hostResolved; + # in + # hostsConfig; +in { + flake.nixosConfigurations = { + laptop = mkSystem { + hostname = "laptop"; + modules = [ + ./laptop/configuration.nix + ./laptop/disk-configuration.nix + ./laptop/hardware-configuration.nix + ]; + username = "nickolaj"; + }; + desktop = mkSystem { + hostname = "desktop"; + modules = [ + ./desktop/configuration.nix + ]; + username = "nickolaj"; + }; + }; +} diff --git a/parts/hosts/desktop/configuration.nix b/parts/hosts/desktop/configuration.nix new file mode 100644 index 0000000..ee13bdb --- /dev/null +++ b/parts/hosts/desktop/configuration.nix @@ -0,0 +1,12 @@ +{hostname, ...}: { + imports = [ + ../../modules/base.nix + ../../modules/shell.nix + ../../modules/graphical.nix + ]; + + config = { + user.username = "nickolaj"; + system.stateVersion = "24.11"; + }; +} diff --git a/parts/hosts/laptop/configuration.nix b/parts/hosts/laptop/configuration.nix new file mode 100644 index 0000000..67eb842 --- /dev/null +++ b/parts/hosts/laptop/configuration.nix @@ -0,0 +1,13 @@ +{...}: { + imports = [ + ../../modules/base.nix + ../../modules/shell.nix + ../../modules/graphical.nix + ]; + + config = { + user.username = "nickolaj"; + networking.hostName = "laptop"; + system.stateVersion = "24.11"; + }; +} diff --git a/parts/hosts/laptop/disk-configuration.nix b/parts/hosts/laptop/disk-configuration.nix new file mode 100644 index 0000000..60def7a --- /dev/null +++ b/parts/hosts/laptop/disk-configuration.nix @@ -0,0 +1,62 @@ +{config, ...}: { + disko.devices = { + disk = { + vdb = { + device = "/dev/nvme0n1"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["defaults"]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + # passwordFile = "/luks-password"; + passwordFile = config.age.secrets.luks-password.path; + settings = { + allowDiscards = true; + bypassWorkqueues = true; + }; + content = { + type = "btrfs"; + extraArgs = ["-f"]; + subvolumes = { + "@" = { + mountpoint = "/"; + mountOptions = ["compress=zstd" "noatime"]; + }; + "@nix" = { + mountpoint = "/nix"; + mountOptions = ["compress=zstd" "noatime"]; + }; + "@home" = { + mountpoint = "/home"; + mountOptions = ["compress=zstd" "noatime"]; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/parts/hosts/laptop/hardware-configuration.nix b/parts/hosts/laptop/hardware-configuration.nix new file mode 100644 index 0000000..4d0a47b --- /dev/null +++ b/parts/hosts/laptop/hardware-configuration.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usbhid" + ]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp7s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/parts/modules/apps/firefox.nix b/parts/modules/apps/firefox.nix new file mode 100644 index 0000000..7a8a340 --- /dev/null +++ b/parts/modules/apps/firefox.nix @@ -0,0 +1,4 @@ +{pkgs, ...}: { + programs.firefox.enable = true; + defaults.browser = pkgs.firefox; +} diff --git a/modules/ghostty.nix b/parts/modules/apps/ghostty.nix similarity index 59% rename from modules/ghostty.nix rename to parts/modules/apps/ghostty.nix index 7edf607..e47e291 100644 --- a/modules/ghostty.nix +++ b/parts/modules/apps/ghostty.nix @@ -1,15 +1,17 @@ { pkgs, + config, lib, ... }: { - service.terminal.default = lib.getExe pkgs.ghostty; + defaults.terminal = lib.getExe pkgs.ghostty; environment.systemPackages = with pkgs; [ ghostty ]; user.home-manager = { programs.ghostty = { enable = true; + enableFishIntegration = config.programs.fish.enable; }; }; } diff --git a/parts/modules/base.nix b/parts/modules/base.nix new file mode 100644 index 0000000..5a7623c --- /dev/null +++ b/parts/modules/base.nix @@ -0,0 +1,11 @@ +{ + imports = [ + ./base/nix.nix + ./base/user.nix + ./base/security.nix + ./base/boot.nix + ./base/ssh.nix + ./base/defaults.nix + ./hardware/usb.nix + ]; +} diff --git a/parts/modules/base/boot.nix b/parts/modules/base/boot.nix new file mode 100644 index 0000000..ba7f9bb --- /dev/null +++ b/parts/modules/base/boot.nix @@ -0,0 +1,4 @@ +_: { + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; +} diff --git a/parts/modules/base/defaults.nix b/parts/modules/base/defaults.nix new file mode 100644 index 0000000..eeb85ec --- /dev/null +++ b/parts/modules/base/defaults.nix @@ -0,0 +1,21 @@ +{lib, ...}: let + inherit (lib) mkOption types; +in { + options.defaults = { + terminal = mkOption { + type = types.nullOr types.str; + }; + + fileManager = mkOption { + type = types.nullOr types.str; + }; + + browser = mkOption { + type = types.nullOr types.str; + }; + + editor = mkOption { + type = types.nullOr types.str; + }; + }; +} diff --git a/parts/modules/base/envvar.nix b/parts/modules/base/envvar.nix new file mode 100644 index 0000000..6c380c6 --- /dev/null +++ b/parts/modules/base/envvar.nix @@ -0,0 +1,5 @@ +{config, ...}: { + environment.variables = { + EDITOR = config.defaults.editor; + }; +} diff --git a/modules/base.nix b/parts/modules/base/nix.nix similarity index 59% rename from modules/base.nix rename to parts/modules/base/nix.nix index 6dc6276..5a38225 100644 --- a/modules/base.nix +++ b/parts/modules/base/nix.nix @@ -1,4 +1,3 @@ -{...}: { - services.udisks2.enable = true; +_: { nix.settings.experimental-features = "nix-command flakes"; } diff --git a/parts/modules/base/security.nix b/parts/modules/base/security.nix new file mode 100644 index 0000000..23e7e19 --- /dev/null +++ b/parts/modules/base/security.nix @@ -0,0 +1,7 @@ +{config, ...}: { + security.sudo.wheelNeedsPassword = false; + nix.settings.trusted-users = [ + "root" + config.user.username + ]; +} diff --git a/parts/modules/base/ssh.nix b/parts/modules/base/ssh.nix new file mode 100644 index 0000000..a796f71 --- /dev/null +++ b/parts/modules/base/ssh.nix @@ -0,0 +1,25 @@ +{config, ...}: { + programs.ssh.startAgent = true; + services.openssh.hostKeys = [ + { + type = "ed25519"; + inherit (config.age.secrets.id_ed25519) path; + } + ]; + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + settings.KbdInteractiveAuthentication = false; + }; + + users.users.${config.user.username}.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/oT15GWYcRvWCTchReh5rnkXTC9Ukm6Zfufei9bq1fWB0EjpvosCMupADw+jvqiP/ttyBKewHwZQxiw9oeRPSphUtKB0UlQXFPASNf1VxrFlsbkDOSEa+FB+PBS3eeP0TTyNJh18oYszt/OFDzCvr1n53iGXTX9xm76bkBxVfAvhm/5vadjmXKGOpdM/OWNF8rCqSgwkME6PXdT1UAFVj+FBdLrNCqYh1pe1ZdRxYlYL5b4uHwQmuz57AkvWwRNKipzdtxMCkT3LNiCQzuOhv3QaqxQ6fgJ+ktkbcTLZtY7HdT+CRUuC+APr266jeLAz1yUxFH693QifbBdn8v7wWD++UnbP23QqNwdXEMnCjEPRFgnK4ERnhIq6jVR328f5DTRJHZZ9spEx7pWsiT2iQC8MxK0gk9xul4fduJsPETWXe84YaHe6wLK92SQKQMdLh6p+TBvhMhPW2PrH5C6iH2w1oXVGlhc4wvoB1leiKNVHf4m9CWRFgznSmVbxFHFk= nickolaj@arch-desktop" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFtjpdHPRXg75YBonNshQdeuNZ3W3k/RzdYY+8QuQ3Pc nickolaj1177@gmail.com" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMdBiNbNPcMdI/hp4zgBS3ShqYuVVRvUAA1ffrdiBQ0k nickolaj@fireproof.website" + ]; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/oT15GWYcRvWCTchReh5rnkXTC9Ukm6Zfufei9bq1fWB0EjpvosCMupADw+jvqiP/ttyBKewHwZQxiw9oeRPSphUtKB0UlQXFPASNf1VxrFlsbkDOSEa+FB+PBS3eeP0TTyNJh18oYszt/OFDzCvr1n53iGXTX9xm76bkBxVfAvhm/5vadjmXKGOpdM/OWNF8rCqSgwkME6PXdT1UAFVj+FBdLrNCqYh1pe1ZdRxYlYL5b4uHwQmuz57AkvWwRNKipzdtxMCkT3LNiCQzuOhv3QaqxQ6fgJ+ktkbcTLZtY7HdT+CRUuC+APr266jeLAz1yUxFH693QifbBdn8v7wWD++UnbP23QqNwdXEMnCjEPRFgnK4ERnhIq6jVR328f5DTRJHZZ9spEx7pWsiT2iQC8MxK0gk9xul4fduJsPETWXe84YaHe6wLK92SQKQMdLh6p+TBvhMhPW2PrH5C6iH2w1oXVGlhc4wvoB1leiKNVHf4m9CWRFgznSmVbxFHFk= nickolaj@arch-desktop" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFtjpdHPRXg75YBonNshQdeuNZ3W3k/RzdYY+8QuQ3Pc nickolaj1177@gmail.com" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMdBiNbNPcMdI/hp4zgBS3ShqYuVVRvUAA1ffrdiBQ0k nickolaj@fireproof.website" + ]; +} diff --git a/modules/user.nix b/parts/modules/base/user.nix similarity index 90% rename from modules/user.nix rename to parts/modules/base/user.nix index e5ea42f..9b811c8 100644 --- a/modules/user.nix +++ b/parts/modules/base/user.nix @@ -21,7 +21,7 @@ in { users.users.${cfg.username} = { isNormalUser = true; extraGroups = ["wheel"]; - initialPassword = "a"; + hashedPasswordFile = config.age.secrets.hashed-user-password.path; }; home-manager = { diff --git a/modules/astal/default.nix b/parts/modules/desktop/astal/default.nix similarity index 100% rename from modules/astal/default.nix rename to parts/modules/desktop/astal/default.nix diff --git a/modules/astal/src/.gitignore b/parts/modules/desktop/astal/src/.gitignore similarity index 100% rename from modules/astal/src/.gitignore rename to parts/modules/desktop/astal/src/.gitignore diff --git a/modules/astal/src/app.ts b/parts/modules/desktop/astal/src/app.ts similarity index 100% rename from modules/astal/src/app.ts rename to parts/modules/desktop/astal/src/app.ts diff --git a/modules/astal/src/biome.json b/parts/modules/desktop/astal/src/biome.json similarity index 100% rename from modules/astal/src/biome.json rename to parts/modules/desktop/astal/src/biome.json diff --git a/modules/astal/src/env.d.ts b/parts/modules/desktop/astal/src/env.d.ts similarity index 100% rename from modules/astal/src/env.d.ts rename to parts/modules/desktop/astal/src/env.d.ts diff --git a/modules/astal/src/icons/README.md b/parts/modules/desktop/astal/src/icons/README.md similarity index 93% rename from modules/astal/src/icons/README.md rename to parts/modules/desktop/astal/src/icons/README.md index fed6c18..4114cbe 100644 --- a/modules/astal/src/icons/README.md +++ b/parts/modules/desktop/astal/src/icons/README.md @@ -1,2 +1,5 @@ Icons from https://glyphs.fyi with manually set stroke-width @ ~10 and color @ #000000, common iconnames might need to be renamed to avoid conflicts. -``` \ No newline at end of file + +``` + +``` diff --git a/modules/astal/src/icons/chrome-custom-symbolic.svg b/parts/modules/desktop/astal/src/icons/chrome-custom-symbolic.svg similarity index 100% rename from modules/astal/src/icons/chrome-custom-symbolic.svg rename to parts/modules/desktop/astal/src/icons/chrome-custom-symbolic.svg diff --git a/modules/astal/src/icons/circle-filled-symbolic.svg b/parts/modules/desktop/astal/src/icons/circle-filled-symbolic.svg similarity index 100% rename from modules/astal/src/icons/circle-filled-symbolic.svg rename to parts/modules/desktop/astal/src/icons/circle-filled-symbolic.svg diff --git a/modules/astal/src/icons/circle-symbolic.svg b/parts/modules/desktop/astal/src/icons/circle-symbolic.svg similarity index 100% rename from modules/astal/src/icons/circle-symbolic.svg rename to parts/modules/desktop/astal/src/icons/circle-symbolic.svg diff --git a/modules/astal/src/icons/firefox-custom-symbolic.svg b/parts/modules/desktop/astal/src/icons/firefox-custom-symbolic.svg similarity index 100% rename from modules/astal/src/icons/firefox-custom-symbolic.svg rename to parts/modules/desktop/astal/src/icons/firefox-custom-symbolic.svg diff --git a/modules/astal/src/icons/git-symbolic.svg b/parts/modules/desktop/astal/src/icons/git-symbolic.svg similarity index 100% rename from modules/astal/src/icons/git-symbolic.svg rename to parts/modules/desktop/astal/src/icons/git-symbolic.svg diff --git a/modules/astal/src/icons/microphone-custom-symbolic.svg b/parts/modules/desktop/astal/src/icons/microphone-custom-symbolic.svg similarity index 100% rename from modules/astal/src/icons/microphone-custom-symbolic.svg rename to parts/modules/desktop/astal/src/icons/microphone-custom-symbolic.svg diff --git a/modules/astal/src/icons/plus-symbolic.svg b/parts/modules/desktop/astal/src/icons/plus-symbolic.svg similarity index 100% rename from modules/astal/src/icons/plus-symbolic.svg rename to parts/modules/desktop/astal/src/icons/plus-symbolic.svg diff --git a/modules/astal/src/icons/python-symbolic.svg b/parts/modules/desktop/astal/src/icons/python-symbolic.svg similarity index 100% rename from modules/astal/src/icons/python-symbolic.svg rename to parts/modules/desktop/astal/src/icons/python-symbolic.svg diff --git a/modules/astal/src/icons/star-filled-symbolic.svg b/parts/modules/desktop/astal/src/icons/star-filled-symbolic.svg similarity index 100% rename from modules/astal/src/icons/star-filled-symbolic.svg rename to parts/modules/desktop/astal/src/icons/star-filled-symbolic.svg diff --git a/modules/astal/src/icons/terminal-symbolic.svg b/parts/modules/desktop/astal/src/icons/terminal-symbolic.svg similarity index 100% rename from modules/astal/src/icons/terminal-symbolic.svg rename to parts/modules/desktop/astal/src/icons/terminal-symbolic.svg diff --git a/modules/astal/src/icons/vscode-custom-symbolic.svg b/parts/modules/desktop/astal/src/icons/vscode-custom-symbolic.svg similarity index 100% rename from modules/astal/src/icons/vscode-custom-symbolic.svg rename to parts/modules/desktop/astal/src/icons/vscode-custom-symbolic.svg diff --git a/parts/modules/desktop/astal/src/package-lock.json b/parts/modules/desktop/astal/src/package-lock.json new file mode 100644 index 0000000..985e7c9 --- /dev/null +++ b/parts/modules/desktop/astal/src/package-lock.json @@ -0,0 +1,188 @@ +{ + "name": "astal-shell", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "astal-shell", + "dependencies": { + "astal": "/usr/share/astal/gjs" + }, + "devDependencies": { + "@biomejs/biome": "1.9.4" + } + }, + "../../../../usr/share/astal/gjs": { + "name": "astal", + "license": "LGPL-2.1" + }, + "node_modules/@biomejs/biome": { + "version": "1.9.4", + "resolved": "https://registry.npmjs.org/@biomejs/biome/-/biome-1.9.4.tgz", + "integrity": "sha512-1rkd7G70+o9KkTn5KLmDYXihGoTaIGO9PIIN2ZB7UJxFrWw04CZHPYiMRjYsaDvVV7hP1dYNRLxSANLaBFGpog==", + "dev": true, + "hasInstallScript": true, + "license": "MIT OR Apache-2.0", + "bin": { + "biome": "bin/biome" + }, + "engines": { + "node": ">=14.21.3" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/biome" + }, + "optionalDependencies": { + "@biomejs/cli-darwin-arm64": "1.9.4", + "@biomejs/cli-darwin-x64": "1.9.4", + "@biomejs/cli-linux-arm64": "1.9.4", + "@biomejs/cli-linux-arm64-musl": "1.9.4", + "@biomejs/cli-linux-x64": "1.9.4", + "@biomejs/cli-linux-x64-musl": "1.9.4", + "@biomejs/cli-win32-arm64": "1.9.4", + "@biomejs/cli-win32-x64": "1.9.4" + } + }, + "node_modules/@biomejs/cli-darwin-arm64": { + "version": "1.9.4", + "resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-arm64/-/cli-darwin-arm64-1.9.4.tgz", + "integrity": "sha512-bFBsPWrNvkdKrNCYeAp+xo2HecOGPAy9WyNyB/jKnnedgzl4W4Hb9ZMzYNbf8dMCGmUdSavlYHiR01QaYR58cw==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT OR Apache-2.0", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">=14.21.3" + } + }, + "node_modules/@biomejs/cli-darwin-x64": { + "version": "1.9.4", + "resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-x64/-/cli-darwin-x64-1.9.4.tgz", + "integrity": "sha512-ngYBh/+bEedqkSevPVhLP4QfVPCpb+4BBe2p7Xs32dBgs7rh9nY2AIYUL6BgLw1JVXV8GlpKmb/hNiuIxfPfZg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT OR Apache-2.0", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">=14.21.3" + } + }, + "node_modules/@biomejs/cli-linux-arm64": { + "version": "1.9.4", + "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64/-/cli-linux-arm64-1.9.4.tgz", + "integrity": "sha512-fJIW0+LYujdjUgJJuwesP4EjIBl/N/TcOX3IvIHJQNsAqvV2CHIogsmA94BPG6jZATS4Hi+xv4SkBBQSt1N4/g==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT OR Apache-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=14.21.3" + } + }, + "node_modules/@biomejs/cli-linux-arm64-musl": { + "version": "1.9.4", + "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64-musl/-/cli-linux-arm64-musl-1.9.4.tgz", + "integrity": "sha512-v665Ct9WCRjGa8+kTr0CzApU0+XXtRgwmzIf1SeKSGAv+2scAlW6JR5PMFo6FzqqZ64Po79cKODKf3/AAmECqA==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT OR Apache-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=14.21.3" + } + }, + "node_modules/@biomejs/cli-linux-x64": { + "version": "1.9.4", + "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64/-/cli-linux-x64-1.9.4.tgz", + "integrity": "sha512-lRCJv/Vi3Vlwmbd6K+oQ0KhLHMAysN8lXoCI7XeHlxaajk06u7G+UsFSO01NAs5iYuWKmVZjmiOzJ0OJmGsMwg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT OR Apache-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=14.21.3" + } + }, + "node_modules/@biomejs/cli-linux-x64-musl": { + "version": "1.9.4", + "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64-musl/-/cli-linux-x64-musl-1.9.4.tgz", + "integrity": "sha512-gEhi/jSBhZ2m6wjV530Yy8+fNqG8PAinM3oV7CyO+6c3CEh16Eizm21uHVsyVBEB6RIM8JHIl6AGYCv6Q6Q9Tg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT OR Apache-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=14.21.3" + } + }, + "node_modules/@biomejs/cli-win32-arm64": { + "version": "1.9.4", + "resolved": "https://registry.npmjs.org/@biomejs/cli-win32-arm64/-/cli-win32-arm64-1.9.4.tgz", + "integrity": "sha512-tlbhLk+WXZmgwoIKwHIHEBZUwxml7bRJgk0X2sPyNR3S93cdRq6XulAZRQJ17FYGGzWne0fgrXBKpl7l4M87Hg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT OR Apache-2.0", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=14.21.3" + } + }, + "node_modules/@biomejs/cli-win32-x64": { + "version": "1.9.4", + "resolved": "https://registry.npmjs.org/@biomejs/cli-win32-x64/-/cli-win32-x64-1.9.4.tgz", + "integrity": "sha512-8Y5wMhVIPaWe6jw2H+KlEm4wP/f7EW3810ZLmDlrEEy5KvBsb9ECEfu/kMWD484ijfQ8+nIi0giMgu9g1UAuuA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT OR Apache-2.0", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=14.21.3" + } + }, + "node_modules/astal": { + "resolved": "../../../../usr/share/astal/gjs", + "link": true + } + } +} diff --git a/modules/astal/src/package.json b/parts/modules/desktop/astal/src/package.json similarity index 100% rename from modules/astal/src/package.json rename to parts/modules/desktop/astal/src/package.json diff --git a/modules/astal/src/src/bar/Bar.scss b/parts/modules/desktop/astal/src/src/bar/Bar.scss similarity index 93% rename from modules/astal/src/src/bar/Bar.scss rename to parts/modules/desktop/astal/src/src/bar/Bar.scss index 9ca08e0..b8cc209 100644 --- a/modules/astal/src/src/bar/Bar.scss +++ b/parts/modules/desktop/astal/src/src/bar/Bar.scss @@ -11,7 +11,9 @@ color: $fg; background-color: $bg; font-size: $font-large; - transition: opacity $transition, border-color $transition; + transition: + opacity $transition, + border-color $transition; &.left { border-left: 2px solid $accent; border-bottom: 2px solid $accent; @@ -49,8 +51,9 @@ all: unset; } } - - .menu, modelbutton { + + .menu, + modelbutton { background-color: $bg; transition: background-color $transition; } diff --git a/modules/astal/src/src/bar/Bar.tsx b/parts/modules/desktop/astal/src/src/bar/Bar.tsx similarity index 100% rename from modules/astal/src/src/bar/Bar.tsx rename to parts/modules/desktop/astal/src/src/bar/Bar.tsx diff --git a/modules/astal/src/src/bar/SecondaryBar.tsx b/parts/modules/desktop/astal/src/src/bar/SecondaryBar.tsx similarity index 100% rename from modules/astal/src/src/bar/SecondaryBar.tsx rename to parts/modules/desktop/astal/src/src/bar/SecondaryBar.tsx diff --git a/modules/astal/src/src/bar/sections/Dropdown.scss b/parts/modules/desktop/astal/src/src/bar/sections/Dropdown.scss similarity index 100% rename from modules/astal/src/src/bar/sections/Dropdown.scss rename to parts/modules/desktop/astal/src/src/bar/sections/Dropdown.scss diff --git a/modules/astal/src/src/bar/sections/Dropdown.tsx b/parts/modules/desktop/astal/src/src/bar/sections/Dropdown.tsx similarity index 95% rename from modules/astal/src/src/bar/sections/Dropdown.tsx rename to parts/modules/desktop/astal/src/src/bar/sections/Dropdown.tsx index 43fda2b..7593a62 100644 --- a/modules/astal/src/src/bar/sections/Dropdown.tsx +++ b/parts/modules/desktop/astal/src/src/bar/sections/Dropdown.tsx @@ -70,12 +70,12 @@ export function connectDropdown( transitionType={Gtk.RevealerTransitionType.SLIDE_DOWN} valign={Gtk.Align.START} setup={(self) => { - bind(self, "child_revealed").subscribe(is_revealed => { - if (!is_revealed) { - dropdown.hide(); - } - }); - }} + bind(self, "child_revealed").subscribe((is_revealed) => { + if (!is_revealed) { + dropdown.hide(); + } + }); + }} > {box} diff --git a/modules/astal/src/src/bar/sections/Media.scss b/parts/modules/desktop/astal/src/src/bar/sections/Media.scss similarity index 100% rename from modules/astal/src/src/bar/sections/Media.scss rename to parts/modules/desktop/astal/src/src/bar/sections/Media.scss diff --git a/modules/astal/src/src/bar/sections/Media.tsx b/parts/modules/desktop/astal/src/src/bar/sections/Media.tsx similarity index 100% rename from modules/astal/src/src/bar/sections/Media.tsx rename to parts/modules/desktop/astal/src/src/bar/sections/Media.tsx diff --git a/parts/modules/desktop/astal/src/src/bar/sections/Playback.scss b/parts/modules/desktop/astal/src/src/bar/sections/Playback.scss new file mode 100644 index 0000000..b51b0dd --- /dev/null +++ b/parts/modules/desktop/astal/src/src/bar/sections/Playback.scss @@ -0,0 +1,28 @@ +@use "../../variables.scss" as *; + +@keyframes pulse { + 0% { + background-color: $accent; + } + 50% { + background-color: $bg-alt; + } + 100% { + background-color: $accent; + } +} + +.PlaybackDropdown { + .no-streams { + color: $muted; + font-size: 14px; + } +} + +.Playback { + .recording { + background-color: $accent; + border-radius: $radius; + animation: pulse 1s 10; + } +} diff --git a/modules/astal/src/src/bar/sections/Playback.tsx b/parts/modules/desktop/astal/src/src/bar/sections/Playback.tsx similarity index 100% rename from modules/astal/src/src/bar/sections/Playback.tsx rename to parts/modules/desktop/astal/src/src/bar/sections/Playback.tsx diff --git a/modules/astal/src/src/bar/sections/Workspace.scss b/parts/modules/desktop/astal/src/src/bar/sections/Workspace.scss similarity index 99% rename from modules/astal/src/src/bar/sections/Workspace.scss rename to parts/modules/desktop/astal/src/src/bar/sections/Workspace.scss index 34913d1..48fe59e 100644 --- a/modules/astal/src/src/bar/sections/Workspace.scss +++ b/parts/modules/desktop/astal/src/src/bar/sections/Workspace.scss @@ -5,7 +5,7 @@ &:hover { all: unset; } - + transition: opacity $transition; opacity: 0.2; diff --git a/modules/astal/src/src/bar/sections/Workspace.tsx b/parts/modules/desktop/astal/src/src/bar/sections/Workspace.tsx similarity index 93% rename from modules/astal/src/src/bar/sections/Workspace.tsx rename to parts/modules/desktop/astal/src/src/bar/sections/Workspace.tsx index ed3caf0..aa59c5b 100644 --- a/modules/astal/src/src/bar/sections/Workspace.tsx +++ b/parts/modules/desktop/astal/src/src/bar/sections/Workspace.tsx @@ -53,7 +53,7 @@ function Workspace(workspace: Hyprland.Workspace) { return "circle-filled"; } - return Object.keys(count)[0] ?? 'circle-filled'; + return Object.keys(count)[0] ?? "circle-filled"; }); return ( @@ -65,10 +65,10 @@ function Workspace(workspace: Hyprland.Workspace) { onClicked={() => workspace.focus()} valign={Gtk.Align.CENTER} > - `${icon}-symbolic`)} - pixelSize={18} - /> + `${icon}-symbolic`)} + pixelSize={18} + /> ); } diff --git a/modules/astal/src/src/config.ts b/parts/modules/desktop/astal/src/src/config.ts similarity index 100% rename from modules/astal/src/src/config.ts rename to parts/modules/desktop/astal/src/src/config.ts diff --git a/modules/astal/src/src/main.scss b/parts/modules/desktop/astal/src/src/main.scss similarity index 79% rename from modules/astal/src/src/main.scss rename to parts/modules/desktop/astal/src/src/main.scss index b344642..aa83937 100644 --- a/modules/astal/src/src/main.scss +++ b/parts/modules/desktop/astal/src/src/main.scss @@ -14,8 +14,8 @@ } separator { - background-color: $bg-alt; - min-height: 1px; + background-color: $bg-alt; + min-height: 1px; } button { @@ -43,7 +43,9 @@ expander-widget { color: $fg; } expander { - -gtk-icon-source: -gtk-icontheme('pan-end-symbolic'); - &:checked { -gtk-icon-source: -gtk-icontheme('pan-down-symbolic'); } + -gtk-icon-source: -gtk-icontheme("pan-end-symbolic"); + &:checked { + -gtk-icon-source: -gtk-icontheme("pan-down-symbolic"); + } } } diff --git a/modules/astal/src/src/main.ts b/parts/modules/desktop/astal/src/src/main.ts similarity index 100% rename from modules/astal/src/src/main.ts rename to parts/modules/desktop/astal/src/src/main.ts diff --git a/modules/astal/src/src/notification/Notification.scss b/parts/modules/desktop/astal/src/src/notification/Notification.scss similarity index 100% rename from modules/astal/src/src/notification/Notification.scss rename to parts/modules/desktop/astal/src/src/notification/Notification.scss diff --git a/modules/astal/src/src/notification/Notification.tsx b/parts/modules/desktop/astal/src/src/notification/Notification.tsx similarity index 100% rename from modules/astal/src/src/notification/Notification.tsx rename to parts/modules/desktop/astal/src/src/notification/Notification.tsx diff --git a/modules/astal/src/src/notification/NotificationPopups.tsx b/parts/modules/desktop/astal/src/src/notification/NotificationPopups.tsx similarity index 100% rename from modules/astal/src/src/notification/NotificationPopups.tsx rename to parts/modules/desktop/astal/src/src/notification/NotificationPopups.tsx diff --git a/modules/astal/src/src/utils/gtk.ts b/parts/modules/desktop/astal/src/src/utils/gtk.ts similarity index 100% rename from modules/astal/src/src/utils/gtk.ts rename to parts/modules/desktop/astal/src/src/utils/gtk.ts diff --git a/modules/astal/src/src/utils/io.ts b/parts/modules/desktop/astal/src/src/utils/io.ts similarity index 100% rename from modules/astal/src/src/utils/io.ts rename to parts/modules/desktop/astal/src/src/utils/io.ts diff --git a/modules/astal/src/src/utils/monitors.ts b/parts/modules/desktop/astal/src/src/utils/monitors.ts similarity index 100% rename from modules/astal/src/src/utils/monitors.ts rename to parts/modules/desktop/astal/src/src/utils/monitors.ts diff --git a/modules/astal/src/src/utils/timeout.ts b/parts/modules/desktop/astal/src/src/utils/timeout.ts similarity index 100% rename from modules/astal/src/src/utils/timeout.ts rename to parts/modules/desktop/astal/src/src/utils/timeout.ts diff --git a/modules/astal/src/src/utils/var-map.ts b/parts/modules/desktop/astal/src/src/utils/var-map.ts similarity index 100% rename from modules/astal/src/src/utils/var-map.ts rename to parts/modules/desktop/astal/src/src/utils/var-map.ts diff --git a/modules/astal/src/src/variables.scss b/parts/modules/desktop/astal/src/src/variables.scss similarity index 62% rename from modules/astal/src/src/variables.scss rename to parts/modules/desktop/astal/src/src/variables.scss index 7af2dee..53e1bca 100644 --- a/modules/astal/src/src/variables.scss +++ b/parts/modules/desktop/astal/src/src/variables.scss @@ -1,10 +1,10 @@ -$bg: #1C1B1A; +$bg: #1c1b1a; $bg-alt: #282726; -$fg: #DAD8CE; -$fg-alt: #B7B5AC; +$fg: #dad8ce; +$fg-alt: #b7b5ac; $muted: #878580; -$accent: #CF6A4C; -$error: #D14D41; +$accent: #cf6a4c; +$error: #d14d41; $radius: 8px; $transition: 0.2s cubic-bezier(0.4, 0, 0.2, 1); diff --git a/modules/astal/src/src/widgets.ts b/parts/modules/desktop/astal/src/src/widgets.ts similarity index 100% rename from modules/astal/src/src/widgets.ts rename to parts/modules/desktop/astal/src/src/widgets.ts diff --git a/modules/astal/src/tsconfig.json b/parts/modules/desktop/astal/src/tsconfig.json similarity index 100% rename from modules/astal/src/tsconfig.json rename to parts/modules/desktop/astal/src/tsconfig.json diff --git a/modules/fonts.nix b/parts/modules/desktop/fonts.nix similarity index 100% rename from modules/fonts.nix rename to parts/modules/desktop/fonts.nix diff --git a/modules/greetd.nix b/parts/modules/desktop/greetd.nix similarity index 89% rename from modules/greetd.nix rename to parts/modules/desktop/greetd.nix index 13cf970..aa4e191 100644 --- a/modules/greetd.nix +++ b/parts/modules/desktop/greetd.nix @@ -1,7 +1,4 @@ -{ - pkgs, - ... -}: { +{pkgs, ...}: { services.greetd = { enable = true; settings = { diff --git a/parts/modules/desktop/gtk.nix b/parts/modules/desktop/gtk.nix new file mode 100644 index 0000000..e47e291 --- /dev/null +++ b/parts/modules/desktop/gtk.nix @@ -0,0 +1,17 @@ +{ + pkgs, + config, + lib, + ... +}: { + defaults.terminal = lib.getExe pkgs.ghostty; + environment.systemPackages = with pkgs; [ + ghostty + ]; + user.home-manager = { + programs.ghostty = { + enable = true; + enableFishIntegration = config.programs.fish.enable; + }; + }; +} diff --git a/modules/hyprland/default.nix b/parts/modules/desktop/hyprland/default.nix similarity index 77% rename from modules/hyprland/default.nix rename to parts/modules/desktop/hyprland/default.nix index 88a5212..1955867 100644 --- a/modules/hyprland/default.nix +++ b/parts/modules/desktop/hyprland/default.nix @@ -1,23 +1,21 @@ { - pkgs, lib, config, ... }: with lib; { imports = [ - ../monitors.nix ./hyprpolkitagent.nix ]; - options = { - service.terminal.default = mkOption { - type = types.str; - description = "The default terminal emulator"; - }; - }; - config = { + assertions = [ + { + message = "The terminal must be set to enable Hyprland"; + assertion = config.defaults.terminal != null; + } + ]; + programs.uwsm.enable = true; programs.hyprland = { enable = true; @@ -35,12 +33,6 @@ with lib; { }; }; - # TODO: Remove - environment.systemPackages = [ - pkgs.uwsm - pkgs.foot - ]; - environment.sessionVariables.NIXOS_OZONE_WL = "1"; user.home-manager = { @@ -48,32 +40,28 @@ with lib; { enable = true; xwayland.enable = true; systemd.enable = false; # Conficts with UWSM - systemd.variables = ["--all"]; settings = { - monitor = - map - ( - m: let - name = - if m.name != null - then m.name - else ""; - resolution = - if m.resolution != null - then m.resolution - else "preferred"; - refreshRate = - if m.refreshRate != null - then "@${m.refreshRate}" - else ""; - position = - if m.position != null - then m.position - else "auto"; - in "${name}, ${resolution}${refreshRate}, ${position}, 1" - ) - [config.monitor.primary]; + monitor = map ( + m: let + name = + if m.name != null + then m.name + else ""; + resolution = + if m.resolution != null + then m.resolution + else "preferred"; + refreshRate = + if m.refreshRate != null + then "@${m.refreshRate}" + else ""; + position = + if m.position != null + then m.position + else "auto"; + in "${name}, ${resolution}${refreshRate}, ${position}, 1" + ) [config.monitor.primary]; general = { gaps_in = 5; @@ -121,7 +109,7 @@ with lib; { use_active_for_splits = true; }; bind = [ - "SUPER, RETURN, exec, ${getExe config.programs.uwsm.package} app -- ${config.service.terminal.default}" + "SUPER, RETURN, exec, ${getExe config.programs.uwsm.package} app -- ${config.defaults.terminal}" "SUPER, BACKSPACE, killactive" # "SUPER, SPACE, exec, uwsm app -- walker" # "SUPER SHIFT, SPACE, exec, uwsm app -- walker --modules applications" diff --git a/modules/hyprland/hyprpolkitagent.nix b/parts/modules/desktop/hyprland/hyprpolkitagent.nix similarity index 95% rename from modules/hyprland/hyprpolkitagent.nix rename to parts/modules/desktop/hyprland/hyprpolkitagent.nix index eb85d5a..10763e1 100644 --- a/modules/hyprland/hyprpolkitagent.nix +++ b/parts/modules/desktop/hyprland/hyprpolkitagent.nix @@ -1,7 +1,4 @@ -{ - pkgs, - ... -}: { +{pkgs, ...}: { config = { user.home-manager.systemd.user.services.hyprpolkitagent = { Unit = { diff --git a/parts/modules/desktop/walker.nix b/parts/modules/desktop/walker.nix new file mode 100644 index 0000000..e69de29 diff --git a/parts/modules/graphical.nix b/parts/modules/graphical.nix new file mode 100644 index 0000000..83cab4a --- /dev/null +++ b/parts/modules/graphical.nix @@ -0,0 +1,12 @@ +{ + imports = [ + ./hardware/monitors.nix + ./hardware/audio.nix + ./desktop/fonts.nix + ./desktop/greetd.nix + ./desktop/hyprland/default.nix + ./desktop/astal/default.nix + ./apps/firefox.nix + ./apps/ghostty.nix + ]; +} diff --git a/modules/audio.nix b/parts/modules/hardware/audio.nix similarity index 95% rename from modules/audio.nix rename to parts/modules/hardware/audio.nix index bd1b40a..bb5ae33 100644 --- a/modules/audio.nix +++ b/parts/modules/hardware/audio.nix @@ -1,4 +1,4 @@ -{...}: { +_: { config = { security.rtkit.enable = true; services.pipewire = { diff --git a/modules/monitors.nix b/parts/modules/hardware/monitors.nix similarity index 100% rename from modules/monitors.nix rename to parts/modules/hardware/monitors.nix diff --git a/parts/modules/hardware/usb.nix b/parts/modules/hardware/usb.nix new file mode 100644 index 0000000..6034d3e --- /dev/null +++ b/parts/modules/hardware/usb.nix @@ -0,0 +1,3 @@ +_: { + services.udisks2.enable = true; +} diff --git a/parts/modules/shell.nix b/parts/modules/shell.nix new file mode 100644 index 0000000..9f41d72 --- /dev/null +++ b/parts/modules/shell.nix @@ -0,0 +1,8 @@ +{ + imports = [ + ./shell/core.nix + ./shell/fish.nix + ./shell/git.nix + ./shell/neovim.nix + ]; +} diff --git a/parts/modules/shell/core.nix b/parts/modules/shell/core.nix new file mode 100644 index 0000000..8ed25b2 --- /dev/null +++ b/parts/modules/shell/core.nix @@ -0,0 +1,17 @@ +{pkgs, ...}: { + config = { + environment.systemPackages = with pkgs; [ + curl + wget + file + git + htop + jq + ripgrep + tmux + whois + man-pages + man-pages-posix + ]; + }; +} diff --git a/parts/modules/shell/fish.nix b/parts/modules/shell/fish.nix new file mode 100644 index 0000000..bfc886a --- /dev/null +++ b/parts/modules/shell/fish.nix @@ -0,0 +1,33 @@ +{ + config, + pkgs, + lib, + ... +}: { + config = { + programs.fish.enable = true; + users.users.${config.user.username}.shell = pkgs.fish; + user.home-manager.programs.fish = { + plugins = [ + { + name = "to-fish"; + src = pkgs.fetchFromGitHub { + owner = "joehillen"; + repo = "to-fish"; + rev = "52b151cfe67c00cb64d80ccc6dae398f20364938"; + sha256 = lib.fakeSha256; + }; + } + { + name = "theme-bobthefish"; + src = pkgs.fetchFromGitHub { + owner = "oh-my-fish"; + repo = "theme-bobthefish"; + rev = "e3b4d4eafc23516e35f162686f08a42edf844e40"; + sha256 = lib.fakeSha256; + }; + } + ]; + }; + }; +} diff --git a/parts/modules/shell/git.nix b/parts/modules/shell/git.nix new file mode 100644 index 0000000..c822f7d --- /dev/null +++ b/parts/modules/shell/git.nix @@ -0,0 +1,7 @@ +{pkgs, ...}: { + config = { + environment.systemPackages = with pkgs; [ + git + ]; + }; +} diff --git a/parts/modules/shell/neovim.nix b/parts/modules/shell/neovim.nix new file mode 100644 index 0000000..d1cf833 --- /dev/null +++ b/parts/modules/shell/neovim.nix @@ -0,0 +1,10 @@ +_: { + config = { + programs.neovim = { + enable = true; + defaultEditor = true; + viAlias = true; + vimAlias = true; + }; + }; +} diff --git a/parts/vm.nix b/parts/vm.nix new file mode 100644 index 0000000..12c135f --- /dev/null +++ b/parts/vm.nix @@ -0,0 +1,15 @@ +{mylib, ...}: { + perSystem = {system, ...}: { + packages.vm = mylib.mkVm [ + ./modules/base.nix + ./modules/graphical.nix + { + user.username = "vm"; + system.stateVersion = "24.11"; + monitor.primary.resolution = "1920x1080"; + services.qemuGuest.enable = true; + services.spice-vdagentd.enable = true; + } + ]; + }; +} diff --git a/result b/result index a3fb0bd..f86612e 120000 --- a/result +++ b/result @@ -1 +1 @@ -/nix/store/n7qvf6g755ls61ifrmqdpkf9sp5jjpbx-nixos-disk-image \ No newline at end of file +/nix/store/5nim4d9ylax1vqj8yy92mn7yji5ygr2d-nixos-system-laptop-24.11.20250128.2b4230b \ No newline at end of file diff --git a/secrets/hashed-user-password.age b/secrets/hashed-user-password.age new file mode 100644 index 0000000..52328b6 Binary files /dev/null and b/secrets/hashed-user-password.age differ diff --git a/secrets/hosts/desktop/id_ed25519.age b/secrets/hosts/desktop/id_ed25519.age new file mode 100644 index 0000000..fe150a1 Binary files /dev/null and b/secrets/hosts/desktop/id_ed25519.age differ diff --git a/secrets/hosts/desktop/id_ed25519.pub b/secrets/hosts/desktop/id_ed25519.pub new file mode 100644 index 0000000..3976143 --- /dev/null +++ b/secrets/hosts/desktop/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFtjpdHPRXg75YBonNshQdeuNZ3W3k/RzdYY+8QuQ3Pc nickolaj1177@gmail.com diff --git a/secrets/hosts/laptop/id_ed25519.age b/secrets/hosts/laptop/id_ed25519.age new file mode 100644 index 0000000..572cd95 Binary files /dev/null and b/secrets/hosts/laptop/id_ed25519.age differ diff --git a/secrets/hosts/laptop/id_ed25519.pub b/secrets/hosts/laptop/id_ed25519.pub new file mode 100644 index 0000000..8defab3 --- /dev/null +++ b/secrets/hosts/laptop/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMdBiNbNPcMdI/hp4zgBS3ShqYuVVRvUAA1ffrdiBQ0k nickolaj@fireproof.website \ No newline at end of file diff --git a/secrets/linux-password.age b/secrets/linux-password.age new file mode 100644 index 0000000..4725d2b Binary files /dev/null and b/secrets/linux-password.age differ diff --git a/secrets/luks-password.age b/secrets/luks-password.age new file mode 100644 index 0000000..0cf30ff Binary files /dev/null and b/secrets/luks-password.age differ diff --git a/secrets/rekeyed/desktop/17eacaf7b15fa57e9d3b07c3b2ac3c67-hashed-user-password.age b/secrets/rekeyed/desktop/17eacaf7b15fa57e9d3b07c3b2ac3c67-hashed-user-password.age new file mode 100644 index 0000000..1b09b6f --- /dev/null +++ b/secrets/rekeyed/desktop/17eacaf7b15fa57e9d3b07c3b2ac3c67-hashed-user-password.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 A8c9xw 4Bp5cZCuPmIeV4fOtNrJfx+LqDPjLoD9jeY7i+rwW3w +S27YS/fWOq7OH7vXs5Ha4c+eo311Q6GTOHYlxCduiR8 +-> u\9-Hs#b-grease U? Ay~af'~ +mJ3eKR1X0Wrlufmo2OwDi8/ItNgL/PFd4WqwE4ZRASUjv6dSafYEKV420YWjSGah +23j5zyErTWuaHn5ClRdoEsBgYUYlLJeOLVq4 +--- OMzY7nfhXRhmwRoq/NBu6wwSG1vBui1RP2EtDwGx/QQ +6r;کՖʑ BAlƘJMy~<ҽXqʙ޸z$3hڛE&ȇwKȝ)g?)ۯQ& \ No newline at end of file diff --git a/secrets/rekeyed/desktop/3f37986923dbce4308536636f55a8b2f-luks-password.age b/secrets/rekeyed/desktop/3f37986923dbce4308536636f55a8b2f-luks-password.age new file mode 100644 index 0000000..b4a195d Binary files /dev/null and b/secrets/rekeyed/desktop/3f37986923dbce4308536636f55a8b2f-luks-password.age differ diff --git a/secrets/rekeyed/desktop/d2eab34dbcc75fb0c877f5ebc803e4a8-id_ed25519.age b/secrets/rekeyed/desktop/d2eab34dbcc75fb0c877f5ebc803e4a8-id_ed25519.age new file mode 100644 index 0000000..a1a8650 Binary files /dev/null and b/secrets/rekeyed/desktop/d2eab34dbcc75fb0c877f5ebc803e4a8-id_ed25519.age differ diff --git a/secrets/rekeyed/laptop/11875170bcfa12ea2cfcc26368d6b257-luks-password.age b/secrets/rekeyed/laptop/11875170bcfa12ea2cfcc26368d6b257-luks-password.age new file mode 100644 index 0000000..f9ee450 --- /dev/null +++ b/secrets/rekeyed/laptop/11875170bcfa12ea2cfcc26368d6b257-luks-password.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 UqEUow lnPl4QzAxD6C/WUC31bp7fnZIMpWgWrb9iL9y2EmOR0 +kBgNl5FifnhXbWsFZw67JGAL7R17wdKhDVhv+bcW0s4 +-> .cbE8_-grease +1EUbG98TyauJsP4/LL9DSg +--- zu+a7Vj1+inzUoDr0FvSkry8ofHu9nE7NjWsP9v8R88 +al U3U$gi$|%Y~ \ No newline at end of file diff --git a/secrets/rekeyed/laptop/99ae60d51dcb7cb9dd0026dbac221cc2-id_ed25519.age b/secrets/rekeyed/laptop/99ae60d51dcb7cb9dd0026dbac221cc2-id_ed25519.age new file mode 100644 index 0000000..a2d866e --- /dev/null +++ b/secrets/rekeyed/laptop/99ae60d51dcb7cb9dd0026dbac221cc2-id_ed25519.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 UqEUow XJ9oEv/f4GTFMc+AXiZR8A3wxTb6L/OgZGYNXnFBtgQ +ClDLl5vOSBlHNxcXcNUYYUvDQZ+xcjZtgYw3VKLk2Dg +-> OX>#P\NF-grease ~ CuYb |m dp? +/DzEpowOioh1xExf +--- rRE1mO+SneLLD7WnSqbtzHB2buPLz7Dyh/xxbbHfNpo +:|uS- +Ř4 ݽS.]GtdOX?rdQGB[(,cQ[=?R-ʥ_׋HC[3.V'hCNW \ No newline at end of file diff --git a/secrets/rekeyed/laptop/ee5a41ab13f76c0a94f806599c7e59ee-hashed-user-password.age b/secrets/rekeyed/laptop/ee5a41ab13f76c0a94f806599c7e59ee-hashed-user-password.age new file mode 100644 index 0000000..556a6b6 --- /dev/null +++ b/secrets/rekeyed/laptop/ee5a41ab13f76c0a94f806599c7e59ee-hashed-user-password.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 UqEUow YqPcwzoGYgePjKvhgCHPvZMR1jWLdfU+4DaVCapHzw4 +cSAQYbzfL72I8kXzslli8uBIASb82TIUH8+SmTkvqmc +-> s%[Q-grease == +E09/Oa5TlzhUC/eNDeArkSNOZMfiNk9mFcIEERqlbqTG2ZfvWqVx8pYKvZdDTYhP +8EGVOj0742AetqDAR100tQWxVelJcZvw/qlobu/+ +--- ispXnvDd05hTpOcaClVqcebj3Ho1AsXnvkr7fsXK9ZU +C*d: xa n@6Vdgu5Y*uQ]ik,kr:Z< ?UW'CE -( fu1f \ No newline at end of file diff --git a/secrets/yubikey-identity.age b/secrets/yubikey-identity.age new file mode 100644 index 0000000..08eddd3 Binary files /dev/null and b/secrets/yubikey-identity.age differ diff --git a/targets/graphical.nix b/targets/graphical.nix deleted file mode 100644 index 4ed2592..0000000 --- a/targets/graphical.nix +++ /dev/null @@ -1,12 +0,0 @@ -{...}: { - imports = [ - ../modules/monitors.nix - ../modules/audio.nix - ../modules/fonts.nix - ../modules/user.nix - ../modules/ghostty.nix - ../modules/greetd.nix - ../modules/hyprland/default.nix - ../modules/astal/default.nix - ]; -} diff --git a/targets/shell.nix b/targets/shell.nix deleted file mode 100644 index 6cf7690..0000000 --- a/targets/shell.nix +++ /dev/null @@ -1,6 +0,0 @@ -{...}: { - imports = [ - ../modules/user.nix - ../modules/btop.nix - ]; -}