wanderer/infra
1
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

nix: add t14 system configuration

Browse Source 
meaning reencrypt shared secrets to the new key...
also, make use of nixos-hardware's module for t14
This commit is contained in:
surtur 2023-12-04 20:19:11 +01:00
parent 54b6e38852
commit 10243fe4eb
Signed by: wanderer
SSH Key Fingerprint: SHA256:MdCZyJ2sHLltrLBp0xQO0O1qTW9BT/xl5nXkDvhlMCI
17 changed files with 1773 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
nix/.sops.yaml
View File

@ -3,6 +3,7 @@ keys:
- &it age1nt7a9nsgwsf7c9x8yx3qu8w24svz02hpfuwtmk8dazw6j6lh33hsgv8erk - &it age1nt7a9nsgwsf7c9x8yx3qu8w24svz02hpfuwtmk8dazw6j6lh33hsgv8erk
- &loki age136558pknq6glx2xftavt7mm3p4jcpu54kej2kxryeu78m5r59e0qvawl5l - &loki age136558pknq6glx2xftavt7mm3p4jcpu54kej2kxryeu78m5r59e0qvawl5l
- &nixpi age17qvnfr98kxn0yuw6zjsmrl5nqlganzakn77pchnf5cr3an4gdp5s8dn26v - &nixpi age17qvnfr98kxn0yuw6zjsmrl5nqlganzakn77pchnf5cr3an4gdp5s8dn26v
- &t14 age1qnyrhen4ynpa6t0ljgjnhz5zpf0ennzt4ezskeq78nsnpvlyh5ws6ergnx
- &monoceros age1yzlnedt49kd429jssj73v3yz5z7deyg82dq0gq86lp6dft4edg7qrcjs5v - &monoceros age1yzlnedt49kd429jssj73v3yz5z7deyg82dq0gq86lp6dft4edg7qrcjs5v
- &backup age15959gprm59azjflvpj97yt0lj6dj4d2yv0nd6u9jp32lzwp3de7qzhf85y - &backup age15959gprm59azjflvpj97yt0lj6dj4d2yv0nd6u9jp32lzwp3de7qzhf85y
- &surtur age1drh8uq93mhzhj3rz9s2gcnht04wc5hukzutlu4l5qc55hxaznd5s9xs2f6 - &surtur age1drh8uq93mhzhj3rz9s2gcnht04wc5hukzutlu4l5qc55hxaznd5s9xs2f6
@ -17,6 +18,11 @@ creation_rules:
- age: - age:
- *backup - *backup
- *nixpi - *nixpi
- path_regex: hosts/t14/*.*
key_groups:
- age:
- *backup
- *t14
- path_regex: hosts/monoceros/*.* - path_regex: hosts/monoceros/*.*
key_groups: key_groups:
- age: - age:

38
nix/flake.lock
View File

@ -261,6 +261,26 @@
"type": "github" "type": "github"
} }
}, },
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1701728041,
"narHash": "sha256-x0pyrI1vC8evVDxCxyO6olOyr4wlFg9+VS3C3p4xFYQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "ac7216918cd65f3824ba7817dea8f22e61221eaf",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"napalm": { "napalm": {
"inputs": { "inputs": {
"flake-utils": [ "flake-utils": [
@ -308,6 +328,22 @@
"type": "github" "type": "github"
} }
}, },
"nixos-hardware": {
"locked": {
"lastModified": 1701656485,
"narHash": "sha256-xDFormrGCKKGqngHa2Bz1GTeKlFMMjLnHhTDRdMJ1hs=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "fa194fc484fd7270ab324bb985593f71102e84d1",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1691853136, "lastModified": 1691853136,
@ -453,6 +489,8 @@
"attic": "attic", "attic": "attic",
"authentik-nix": "authentik-nix", "authentik-nix": "authentik-nix",
"disko": "disko", "disko": "disko",
"home-manager": "home-manager_2",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_3",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
} }

32
nix/flake.nix
View File

@ -2,8 +2,13 @@
description = "NixOS configuration for all the things (as many as we can get)"; description = "NixOS configuration for all the things (as many as we can get)";
inputs.nixpkgs.url = "github:NixOS/nixpkgs"; inputs.nixpkgs.url = "github:NixOS/nixpkgs";
inputs.home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
inputs.disko.url = "github:nix-community/disko"; inputs.disko.url = "github:nix-community/disko";
inputs.disko.inputs.nixpkgs.follows = "nixpkgs"; inputs.disko.inputs.nixpkgs.follows = "nixpkgs";
inputs.nixos-hardware.url = "github:NixOS/nixos-hardware/master";
inputs.agenix.url = "github:ryantm/agenix"; inputs.agenix.url = "github:ryantm/agenix";
inputs.agenix.inputs.nixpkgs.follows = "nixpkgs"; inputs.agenix.inputs.nixpkgs.follows = "nixpkgs";
inputs.sops-nix.url = "github:Mic92/sops-nix"; inputs.sops-nix.url = "github:Mic92/sops-nix";
@ -13,7 +18,9 @@
outputs = { outputs = {
self, self,
nixpkgs, nixpkgs,
home-manager,
disko, disko,
nixos-hardware,
agenix, agenix,
sops-nix, sops-nix,
attic, attic,
@ -58,6 +65,31 @@
]; ];
}; };
nixosConfigurations.t14 = nixpkgs.lib.nixosSystem {
# inherit pkgs system;
modules = let
usr = "mko";
in [
nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen2
disko.nixosModules.disko
sops-nix.nixosModules.sops
./hosts/t14/configuration.nix
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = {inherit usr;};
home-manager.users.${usr} = {
home.stateVersion = "23.11";
imports = [
./hosts/t14/home.nix
];
};
}
];
};
nixosConfigurations.monoceros = nixpkgs.lib.nixosSystem { nixosConfigurations.monoceros = nixpkgs.lib.nixosSystem {
# inherit pkgs system; # inherit pkgs system;
modules = [ modules = [

374
nix/hosts/t14/configuration.nix Normal file
View File

@ -0,0 +1,374 @@
{
config,
lib,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./disko-config.nix
# ./modules/podman.nix
../../modules/base.nix
../../modules/dnscrypt.nix
];
sops = {
defaultSopsFile = ./secrets.yaml;
age = {
sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
generateKey = false;
};
secrets.rootPassphrase.owner = "root";
secrets.mkoPassphrase.owner = "root";
# used as "cloaking_rules"
secrets.extraHosts.owner = "dnscrypt-proxy";
};
# nixpkgs.currentSystem = "x86_64-linux";
nix.settings.trusted-users = ["@wheel" "root" "mko"];
# forbid hibernation due to zfs-on-root.
boot.kernelParams = ["amd_pstate=active" "nohibernate"];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.systemd-boot.configurationLimit = 42;
boot.loader.systemd-boot.netbootxyz.enable = false;
boot.loader.efi.canTouchEfiVariables = true;
boot.supportedFilesystems = ["zfs"];
boot.zfs.forceImportRoot = true;
boot.initrd.kernelModules = ["zfs" "e1000e"];
boot.binfmt = {
emulatedSystems = [
"wasm32-wasi"
"aarch64-linux"
];
};
environment.etc = {
"greetd/environments".text = ''
sway
'';
"walls/2020-August-11-Churning-Clouds-on-Jupiter.jpg".source = ./walls/2020-August-11-Churning-Clouds-on-Jupiter.jpg;
};
sound = {
enable = true;
mediaKeys = {enable = true;};
};
hardware.pulseaudio.enable = false;
fonts = {
packages = with pkgs; [
# font-awesome
# google-fonts
noto-fonts
noto-fonts-cjk
noto-fonts-emoji
fira-code
cascadia-code
(nerdfonts.override {
fonts = ["FiraCode" "JetBrainsMono" "CascadiaCode"];
})
];
enableDefaultPackages = true;
fontDir.enable = true;
fontconfig = {
enable = true;
defaultFonts = {
monospace = ["FiraCode Nerd Font"];
sansSerif = ["Noto Sans"];
serif = ["Noto Serif"];
emoji = ["Noto Color Emoji"];
};
};
};
environment = {
variables = {
EDITOR = "vim";
VISUAL = "vim";
MOZ_ENABLE_WAYLAND = "1";
NIXOS_OZONE_WL = "1";
NIXPKGS_ALLOW_UNFREE = "0";
TERMINAL = "kitty";
WLR_NO_HARDWARE_CURSORS = "1";
XCURSOR_SIZE = "16";
XDG_CURRENT_DESKTOP = "sway";
XDG_SESSION_TYPE = "wayland";
_JAVA_AWT_WM_NONREPARENTING = "1";
};
systemPackages = with pkgs; [
home-manager
openssl
libinput
dmidecode
pamixer
git
wol
vim
wget
curl
kitty
brave
go_1_21
cargo
chainsaw
topgrade
];
};
networking = {
# hostId = pkgs.lib.mkForce "00000000";
hostId = "deadb33f";
hostName = "t14";
nftables.enable = true;
networkmanager.enable = true;
# interfaces.enp0s25.wakeOnLan.enable = true;
firewall = {
allowPing = true;
};
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
};
users.users = {
root = {
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBtG6NCgdLHX4ztpfvYNRaslKWZcl6KdTc1DehVH4kAL"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJaXmXbNegxiXLldy/sMYX8kCsghY1SGqn2FZ5Jk7QJw"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZbkw9vjCfbMPEH7ZAFq20XE9oIJ4w/HRIMu2ivNcej caelum's nixbldr key"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGKzPC0ZK4zrOEBUdu1KNThEleVb1T5Pl3+n3KB3o0b8 surtur's nixbldr key"
];
# hashedPasswordFile = config.sops.secrets.rootPassphrase.path;
hashedPassword = "$y$j9T$yNhN6CYvKBWz/HnLv2gp//$0fFgtV4xzBijxWxUg1oTH74GoekdMK6UZUQWby5fZi4";
subUidRanges = [
{
count = 65535;
startUid = 65536 * 28; # 1835008, docker
}
];
};
mko = {
isNormalUser = true;
createHome = true;
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBtG6NCgdLHX4ztpfvYNRaslKWZcl6KdTc1DehVH4kAL"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJaXmXbNegxiXLldy/sMYX8kCsghY1SGqn2FZ5Jk7QJw"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZbkw9vjCfbMPEH7ZAFq20XE9oIJ4w/HRIMu2ivNcej caelum's nixbldr key"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGKzPC0ZK4zrOEBUdu1KNThEleVb1T5Pl3+n3KB3o0b8 surtur's nixbldr key"
];
hashedPasswordFile = config.sops.secrets.mkoPassphrase.path;
extraGroups = [
"wheel"
"networkmanager"
"audio"
"camera"
"kvm"
"lp"
"scanner"
"video"
"console"
];
subUidRanges = [
{
count = 65535;
startUid = 65536 * 28; # 1835008, docker
}
];
};
};
users.users.mko.group = "mko";
users.groups.mko = {};
users.groups.wheel.members = ["mko"];
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
security = {
doas = {
enable = false;
extraRules = [
{
users = ["mko"];
keepEnv = true; # Optional, retains environment variables while running commands
persist = true; # Optional, only require password verification a single time
}
];
};
sudo = {
enable = true;
extraRules = [
{
commands = [
{
command = "${pkgs.systemd}/bin/systemctl suspend";
options = ["NOPASSWD"];
}
{
command = "${pkgs.systemd}/bin/reboot";
options = ["NOPASSWD"];
}
{
command = "${pkgs.systemd}/bin/poweroff";
options = ["NOPASSWD"];
}
];
groups = ["wheel"];
}
];
};
pam.services.swaylock = {};
polkit.enable = true;
};
services = {
atd.enable = true;
udev.extraRules = ''
# wol
ACTION=="add", SUBSYSTEM=="net", NAME=="en*", RUN+="${pkgs.ethtool}/bin/ethtool -s $name wol g"
'';
pipewire = {
enable = true;
alsa = {
enable = true;
support32Bit = true;
};
pulse.enable = true;
};
blueman.enable = true;
dbus.enable = true;
dnscrypt-proxy2.settings.cloaking_rules = config.sops.secrets.extraHosts.path;
greetd = {
enable = true;
settings = {
default_session.command = ''
${pkgs.greetd.tuigreet}/bin/tuigreet \
--time \
--asterisks \
--user-menu \
--cmd sway
'';
};
};
power-profiles-daemon.enable = true;
#tlp.enable =
# lib.mkDefault ((lib.versionOlder (lib.versions.majorMinor lib.version) "23.11")
# || !config.services.power-profiles-daemon.enable);
#auto-cpufreq.enable = true;
#auto-cpufreq.settings = {
# battery = {
# governor = "powersave";
# turbo = "never";
# };
# charger = {
# governor = "schedutil";
# turbo = "auto";
# };
#};
prometheus = {
# WIP.
enable = true;
# openFirewall = true;
port = 9090;
exporters = {
node = {
enable = true;
enabledCollectors = [
"logind"
"systemd"
];
port = 9100;
};
};
scrapeConfigs = [
{
job_name = "node";
static_configs = [
{
targets = [
"${config.networking.hostName}.local:${toString config.services.prometheus.exporters.node.port}"
];
}
];
}
];
};
# TS is enabled in the imported module, this is additional config.
tailscale = {
useRoutingFeatures = "both";
# accept-routes = true;
};
zfs = {
autoScrub = {
enable = true;
interval = "weekly";
};
trim.enable = true;
};
};
hardware = {
bluetooth = {
enable = true;
# HSP & HFP daemon (apparently needs to be false now because of wire plumber)
hsphfpd.enable = false;
settings = {General = {Enable = "Source,Sink,Media,Socket";};};
};
opengl = {
enable = true;
extraPackages = with pkgs; [
vaapiVdpau
libvdpau-va-gl
];
};
};
xdg = {
portal = {
enable = true;
wlr.enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
];
};
};
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# Does not work with flakes - yet™.
system.copySystemConfiguration = false;
}

162
nix/hosts/t14/disko-config.nix Normal file
View File

@ -0,0 +1,162 @@
{
config,
disks ? ["/dev/nvme0n1"],
lib,
...
}: {
disko.devices = {
disk = {
nvme0n1 = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
type = "EF00";
size = "1G";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
mode = ""; # == single disk
options = {
ashift = "12";
autotrim = "on";
};
rootFsOptions = {
encryption = "aes-256-gcm";
keyformat = "passphrase";
keylocation = "file:///root/.zfs-zroot-pool.key";
#postCreateHook = ''
# "zfs change-key -o keylocation=prompt zroot/$name"
#'';
checksum = "sha512";
atime = "off";
compression = "zstd";
"com.sun:auto-snapshot" = "false";
};
mountpoint = null;
postCreateHook = "zfs snapshot zroot@blank";
datasets = {
# can be rebuilt.
local = {
type = "zfs_fs";
mountpoint = null;
options."com.sun:auto-snapshot" = "false";
};
"local/nix" = {
type = "zfs_fs";
mountpoint = "/nix";
};
"system" = {
type = "zfs_fs";
mountpoint = null;
options = {
"com.sun:auto-snapshot" = "false";
};
};
# system root.
"system/nixos" = {
type = "zfs_fs";
mountpoint = "/";
options = {
"com.sun:auto-snapshot" = "true";
};
};
"system/nixos/var" = {
type = "zfs_fs";
mountpoint = "/var";
options = {
"com.sun:auto-snapshot" = "true";
};
};
"system/nixos/var/log" = {
type = "zfs_fs";
mountpoint = "/var/log";
options = {
"com.sun:auto-snapshot" = "true";
};
};
"system/nixos/var/cache" = {
type = "zfs_fs";
mountpoint = "/var/cache";
options = {
"com.sun:auto-snapshot" = "true";
};
};
"system/nixos/var/containers-storage" = {
type = "zfs_fs";
mountpoint = "/var/lib/containers/storage";
options = {
"com.sun:auto-snapshot" = "false";
acltype = "posixacl";
};
};
# frequently snapshot and backed up data.
userdata = {
type = "zfs_fs";
mountpoint = "/DATA";
options = {
# encryption = "aes-256-gcm";
# keyformat = "passphrase";
# keylocation = "file:///root/.zfs-DATA.key";
"com.sun:auto-snapshot" = "false";
};
};
"userdata/home" = {
type = "zfs_fs";
mountpoint = "/DATA/home";
options = {
# encryption = "aes-256-gcm";
# keyformat = "passphrase";
# keylocation = "file:///root/.zfs-DATA-home.key";
"com.sun:auto-snapshot" = "true";
};
};
"userdata/home/root" = {
type = "zfs_fs";
mountpoint = "/root";
options = {
"com.sun:auto-snapshot" = "true";
};
};
"userdata/home/root-cache" = {
type = "zfs_fs";
mountpoint = "/root/.cache";
options."com.sun:auto-snapshot" = "false";
};
"userdata/home/root-config" = {
type = "zfs_fs";
mountpoint = "/root/.config";
options = {
"com.sun:auto-snapshot" = "true";
};
};
"userdata/services" = {
type = "zfs_fs";
mountpoint = "/DATA/services";
options."com.sun:auto-snapshot" = "false";
};
};
};
};
};
}

33
nix/hosts/t14/hardware-configuration.nix Normal file
View File

@ -0,0 +1,33 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp2s0f0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

125
nix/hosts/t14/home.nix Normal file
View File

@ -0,0 +1,125 @@
{
config,
lib,
pkgs,
usr,
...
}: {
imports = [
# ./modules/desktop/waybar.nix
# ./modules/desktop/wayland.nix
./modules/desktop/sway.nix
];
# home.enableNixpkgsReleaseCheck = false;
home = {
username = lib.mkForce "${usr}";
homeDirectory = lib.mkForce "/home/${usr}";
packages = with pkgs; [
actionlint
asciinema
asciiquarium
bat
bc
black
sqlite
bun
caddy
cliphist
cowsay
curlie
dig
dive
dogdns
doggo
entr
eza
exif
exiftool
fd
feh
ffmpeg
figlet
file
firefox-wayland
chromium
fx
gcc
glow
gnumake
go_1_21
gofumpt
golangci-lint
golangci-lint-langserver
gopls
goreleaser
gotools
graph-easy
graphviz
hadolint
hugo
ipcalc
jq
killall
libtelnet
lolcat
lsof
mpv-unwrapped
neofetch
netcat
networkmanagerapplet
nixfmt
nmap
nodePackages.prettier
nodePackages.typescript
nodePackages.typescript-language-server
nodePackages.yaml-language-server
nodejs
pciutils
pgcli
pulsemixer
pylint
python3
python39Packages.pipx
ripgrep
rnix-lsp
rsync
shellcheck
shfmt
signal-desktop
# slack
statix
p7zip
unzip
usbutils
v4l-utils
wev
whois
xdg-utils
youtube-dl
yq-go
zip
];
stateVersion = lib.mkForce "23.11";
};
services = {
blueman-applet.enable = true;
network-manager-applet.enable = true;
};
programs = {
#fzf = {
# enable = true;
# enableZshIntegration = true;
#};
gh = {enable = true;};
home-manager = {enable = true;};
obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [wlrobs];
};
};
}

8
nix/hosts/t14/modules/desktop/dracula.sway Normal file
View File

@ -0,0 +1,8 @@
# class border bground text indicator child_border
client.focused #6272A4 #6272A4 #F8F8F2 #6272A4 #6272A4
client.focused_inactive #44475A #44475A #F8F8F2 #44475A #44475A
client.unfocused #282A36 #282A36 #BFBFBF #282A36 #282A36
client.urgent #44475A #FF5555 #F8F8F2 #FF5555 #FF5555
client.placeholder #282A36 #282A36 #F8F8F2 #282A36 #282A36
client.background #F8F8F2

60
nix/hosts/t14/modules/desktop/sway-inputs.sway Normal file
View File

@ -0,0 +1,60 @@
input 1:1:AT_Translated_Set_2_keyboard
{
# laptop kbd
xkb_layout gb,sk
xkb_options grp:win_space_toggle,compose:ralt
xkb_variant ",qwerty"
repeat_delay 280
repeat_rate 55
}
input 1133:16522:Logitech_MX_Keys
{
xkb_layout gb,sk
xkb_options grp:win_space_toggle,compose:ralt
xkb_variant ",qwerty"
repeat_delay 280
repeat_rate 55
}
# wired
input 1452:592:Keychron_Keychron_K2
{
xkb_layout gb,sk
xkb_options grp:win_space_toggle,compose:ralt
xkb_variant ",qwerty"
repeat_delay 280
repeat_rate 55
}
# wireless
input 1452:592:Keychron_K2 {
xkb_layout gb,sk
xkb_options grp:win_space_toggle,compose:ralt
xkb_variant ",qwerty"
repeat_delay 280
repeat_rate 55
}
input 1102:4619:DLL07A7:01_044E:120B
{
# touchpad
accel_profile adaptive
tap enabled
# disable-while-typing
dwt enabled
natural_scroll enabled
scroll_method two_finger
# lrm treats 1 finger as left click, 2 fingers as right click, and 3
# fingers as middle click.
tap_button_map lrm
}
input 1149:8264:Primax_Kensington_Eagle_Trackball
{
# scroll_factor 1.5
scroll_factor 0.5
natural_scroll enabled
accel_profile adaptive
dwt enabled
}

693
nix/hosts/t14/modules/desktop/sway.nix Normal file
View File

@ -0,0 +1,693 @@
{
config,
pkgs,
lib,
...
}: let
# bash script to let dbus know about important env variables and
# propagate them to relevent services run at the end of sway config
# see
# https://github.com/emersion/xdg-desktop-portal-wlr/wiki/"It-doesn't-work"-Troubleshooting-Checklist
# note: this is pretty much the same as /etc/sway/config.d/nixos.conf but also restarts
# some user services to make sure they have the correct environment variables
dbus-sway-environment = pkgs.writeTextFile {
name = "dbus-sway-environment";
destination = "/bin/dbus-sway-environment";
executable = true;
text = ''
dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway
systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr
systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr
'';
};
# currently, there is some friction between sway and gtk:
# https://github.com/swaywm/sway/wiki/GTK-3-settings-on-Wayland
# the suggested way to set gtk settings is with gsettings
# for gsettings to work, we need to tell it where the schemas are
# using the XDG_DATA_DIR environment variable
# run at the end of sway config
configure-gtk = pkgs.writeTextFile {
name = "configure-gtk";
destination = "/bin/configure-gtk";
executable = true;
text = let
schema = pkgs.gsettings-desktop-schemas;
datadir = "${schema}/share/gsettings-schemas/${schema.name}";
in ''
export XDG_DATA_DIRS=${datadir}:$XDG_DATA_DIRS
gnome_schema=org.gnome.desktop.interface
gsettings set $gnome_schema gtk-theme 'Dracula'
'';
};
in {
home.packages = with pkgs; [
dbus-sway-environment
configure-gtk
kitty
alacritty # gpu accelerated terminal
wayland
xdg-utils # for opening default programs when clicking links
glib # gsettings
dracula-theme # gtk theme
gnome3.adwaita-icon-theme # default gnome cursors
swaylock
swayidle
grim # screenshot functionality
slurp # screenshot functionality
wl-clipboard # wl-copy and wl-paste for copy/paste from stdin / stdout
bemenu # wayland clone of dmenu
mako # notification system developed by swaywm maintainer
wdisplays # tool to configure displays manually
kanshi
wofi
avizo
light
];
## enable sway window manager
#programs.sway = {
# enable = true;
# wrapperFeatures.gtk = true;
#};
wayland.windowManager.sway = {
enable = true;
config = rec {
modifier = "Mod4"; # super key
# Use kitty as default terminal
terminal = "kitty";
startup = [
# Launch Firefox on start
# {command = "firefox";}
{command = "kitty";}
];
};
extraConfig = ''
set {
$mod Mod4
# $mod4 Mod4
$left h
$down j
$up k
$right l
$lock exec swaylock -efFc "#000000"
$bg "/etc/walls/2020-August-11-Churning-Clouds-on-Jupiter.jpg"
### # $gtk_theme "Dracula"
### $gtk_theme "Yaru-purple-dark"
### $gtk_font_name "CascadiaCodePL ExtraLight"
### $gtk_font_size "10.4"
### $icon_theme "Flat-Remix-Blue-Dark"
### # $icon_theme "Yaru-blue-dark"
### # $gtk_cursor_theme "Yaru"
### $gtk_cursor_theme "Adwaita"
### $cursor_size 16
### $theme "Yaru-purple-dark"
$laptop_screen "eDP-1"
$ext_screen "Dell Inc. DELL U2412M Y1H5T27N1EVL"
$pri $laptop_screen
$sec $ext_screen
$term KITTY_ENABLE_WAYLAND=1 kitty -1 # qterminal alacritty
$menu wofi --show drun --allow-markup swaymsg exec --
$othermenu XDG_DATA_DIRS=/usr/share/:/usr/local/share/:/var/lib/flatpak/exports/share/:$HOME/.local/share/flatpak/exports/share/ j4-dmenu-desktop --dmenu="bemenu -n -p \"applications\" -l 30 --fn 'FiraCode Retina 17'" --term="kitty" --no-generic --display-binary
$nutermmenu kitty --class 'launcher' bash -c 'compgen -c | sort -u | fzf | xargs -r kitty'
$bemenu XDG_DATA_DIRS=/usr/share/:/usr/local/share/:/var/lib/flatpak/exports/share/:$HOME/.local/share/flatpak/exports/share/ bemenu-run --fork -l 5 -n -p "" --fn 'FiraCode Retina 17' | xargs swaymsg exec
$gtk_font_name "CascadiaCodePL ExtraLight"
$gtk_font_size "10.4"
}
output "*" bg $bg fill
default_border pixel 0
default_floating_border normal
# hide_edge_borders --i3 both
# smart_borders on
# works also for non-floating windows
# normal - drag floating windows by holding down $mod and left mouse button.
# resize them with right mouse button + $mod.
# inverse for $mod+left click to resize, $mod+right click to drag
# floating_modifier $mod normal
# clipboard sync
# exec wl-paste -pw wl-copy
# Only enable outer gaps when there is exactly one container
#smart_gaps inverse_outer
# Only enable gaps on a workspace when there is at least one container
#smart_gaps on
smart_gaps inverse_outer
# Activate smart borders (always)
#smart_borders on
# Activate smart borders (only when there are effectively no gaps)
#smart_borders no_gaps
# Hide edge borders only if there is one window with no gaps
#hide_edge_borders smart_no_gaps
gaps outer 8
# gaps outer -3
gaps inner 5
font pango:FiraCode Retina weight=700 14px
# seat seat0 xcursor_theme $gtk_cursor_theme $cursor_size
exec_always --no-startup-id
{
#swaymsg output $pri bg $bg fill #000000
#swaymsg output $sec bg $bg fill #000000
gsettings set org.gnome.desktop.interface font-name '$gtk_font_name $gtk_font_size'
gsettings set org.gnome.desktop.wm.preferences button-layout 'icon:close'
gsettings set org.gnome.desktop.peripherals.touchpad tap-to-click true
gsettings set org.gtk.Settings.FileChooser window-size '(1100,700)'
pgrep mako && pkill mako
# pgrep kanshi && pkill kanshi
pgrep swayrd && pkill swayrd
pgrep swayidle && pkill swayidle
pgrep avizo && pkill avizo
pgrep nm-applet && pkill nm-applet
mako
# kanshi
env RUST_BACKTRACE=1 swayrd > /tmp/swayrd.log 2>&1
# timeout 545 'pgrep -u $(id -u) swaylock || notify-send -t 20000 -r 344334 -u critical "Idle timeout" "Screen is locking soon"' \
swayidle -w \
timeout 545 'pgrep swaylock || notify-send -t 18000 -u normal "Idle timeout" "Screen is locking soon"' \
timeout 600 "$lock" \
timeout 15 'pgrep swaylock && swaymsg "output * power off"' \
resume 'swaymsg "output * power on"' \
before-sleep "pgrep swaylock || $lock"
avizo-service
# TODO(me):
# https://github.com/slgobinath/SafeEyes
nm-applet --indicator
# lxpolkit
}
exec nm-applet --indicator
# hide mouse after 5 seconds inactivity
seat * hide_cursor 5000
bindgesture swipe:right workspace prev
bindgesture swipe:left workspace next
# Allow container movements by pinching them
bindgesture pinch:inward+up move up
bindgesture pinch:inward+down move down
bindgesture pinch:inward+left move left
bindgesture pinch:inward+right move right
bindswitch --reload --locked lid:on exec --no-startup-id $(swaymsg output $laptop_screen disable && kanshictl reload)
bindswitch --reload --locked lid:off exec --no-startup-id $(swaymsg output $laptop_screen enable && kanshictl reload)
exec --no-startup-id swaymsg focus output $pri
#--- Window Decorations
set
{
$nofocus #202020
$focus #202020
$titletxt #FFFFE8
$titlepad 10 center #000000
$gaps_change 20
}
#--- Notifications
set
{
$n_anchor top-center
$n_layer overlay
$n_dim 600
$n_margin 20
$n_padding 10
$n_border 3
$n_bg #202020
$n_fg #FFFFE8
}
bindsym
{
ctrl+alt+l exec --no-startup-id $lock
$mod+grave exec $lock
--no-warn $mod+Return exec $term
--no-warn $mod+t exec $term
$mod+ctrl+Shift+t exec qterminal
--no-warn $mod+Shift+q kill
alt+Shift+F1 exec $menu
alt+F1 exec $albert
alt+F2 exec $bemenu
alt+F3 exec $othermenu
alt+Shift+F2 exec $nutermmenu
$mod+ctrl+k exec QT_AUTO_SCREEN_SCALE_FACTOR=0 QT_QPA_PLATFORMTHEME=wayland keepassxc
}
include ${./sway-inputs.sway}
focus_follows_mouse yes
focus_wrapping false
popup_during_fullscreen smart
for_window [app_id="^launcher$"] floating enable, border none, resize set width 25 ppt height 100 ppt, move position 0 px 0 px
#--- Floating Windows ------------------------------------------------------
for_window [window_role="pop-up"] floating enable
for_window [window_role="pop-up"] floating enable; border normal $border
for_window [class="pop-up"] floating enable; border normal $border
for_window [window_role="bubble"] floating enable
for_window [window_role="task_dialog"] floating enable
for_window [window_role="task_dialog"] floating enable; border normal $border
for_window [window_role="Preferences"] floating enable
for_window [window_role = "dialog"] floating enable
for_window [window_type="dialog"] floating enable
for_window [window_role = "task_dialog"] floating enable
for_window [window_type="menu"] floating enable
for_window [app_id = "floating"] floating enable
for_window [app_id = "floating_update"] floating enable, resize set width 1000px height 600px
for_window [class = "(?i)pinentry"] floating enable
for_window [window_role="About"] floating enable
for_window [title = "About Mozilla Firefox"] floating enable
for_window [instance="Farge"] floating enable
for_window [title = ".*kdbx - KeePass"] floating enable, resize set 1276px 814pxofor_window [app_id = "virt-manager"] floating enable
for_window [app_id = "xfce-polkit"] floating enable
for_window [app_id = "keepassxc"] floating enable, resize set 1276px 814px
for_window [title = "^Open File$"] floating enable
for_window [app_id = "avizo-service"] border pixel 0, sticky toggle
no_focus [app_id="avizo-service"]
for_window [window_role = "GtkFileChooserDialog"] resize set 590 340
for_window [window_role = "GtkFiileChooserDialog"] move position center
for_window [title="Save File"] floating enable
for_window [app_id="wdisplays"] floating enable
for_window [app_id="floating_shell_portrait"] floating enable, border pixel 1, sticky enable, resize set width 30 ppt height 40 ppt
for_window [app_id="floating_shell"] floating enable, border pixel 1, sticky enable
for_window [app_id = "qt5ct"] floating enable
for_window [app_id = "gnome-tweaks"] floating enable
for_window [class = "Bluetooth-sendto" instance = "bluetooth-sendto"] floating enable
for_window [window_role = "Preferences"] floating enable
for_window [app_id="(?i)(?:blueman-manager|azote|gnome-disks|nwg-shell-config)"] floating enable
for_window [app_id="(?i)(?:pavucontrol|nm-connection-editor|gsimplecal|galculator)"] floating enable
for_window [class="MEGAsync"] floating enable; border pixel 0
for_window [title=".*JetBrains.*"] floating enable; border pixel 1
for_window [class="matplotlib"] floating enable; border normal $border
for_window [class="dosbox"] floating enable; border normal $border
for_window [app_id = "nm-openconnect-auth-dialog"] floating enable
for_window [app_id="nm-connection-editor"]
{
floating enable
resize set width 882px
resize set height 600px
}
#for_window [app_id="pavucontrol"]
#{
# floating enable
# resize set width 882px
# resize set height 600px
#}
# for_window [app_id="ulauncher"] border none
# Scratchpad terminal
for_window [title="(?i)$criteria"] floating enable, move absolute position 1500px 300px, resize set 1200px 700px, move to scratchpad, mark $criteria
# Waybar Tooltips don't steel focus
no_focus [app_id="waybar"]
for_window [app_id="waybar" floating] {
move position cursor
move down 60px # adjust if some menus still don't fit
}
#--- Applications with CSD -------------------------------------------------
for_window [app_id="glade"] border pixel 2
for_window [app_id="baobab"] border pixel 2
for_window [title=".*eston.*"] border pixel 0
for_window [app_id="wdisplays"] border pixel 0
for_window [app_id="gnome-.*"] border pixel 1
for_window [app_id="qterminal"] border pixel 2
for_window [app_id="xterm"] border pixel 2
for_window [title=".*Brave.*"] border pixel 1 inhibit_idle fullscreen
for_window [title=".*Firefox.*"] border pixel 2 inhibit_idle fullscreen
for_window [title="Firefox.*"] border pixel 2 inhibit_idle fullscreen
for_window [app_id="firefox"] border pixel 2 inhibit_idle fullscreen
# for_window [title=".*Firefox.*"] border none inhibit_idle fullscreen
# for_window [app_id="firefox"] border none inhibit_idle fullscreen
for_window [class="Firefox"] border pixel 2 inhibit_idle fullscreen
for_window [class="swayfox"] border pixel 2 inhibit_idle fullscreen
for_window [class="vlc"] border pixel 2 inhibit_idle visible fullscreen
for_window [app_id="vlc"] border pixel 2 inhibit_idle visible fullscreen
for_window [title=".*VLC*."] border pixel 2 inhibit_idle visible fullscreen
for_window [title="VLC*."] border pixel 2 inhibit_idle visible fullscreen
# prevent screen locking if any app is fullscreen.
# matching per-class is tedious.
for_window [class=".*"] inhibit_idle fullscreen
for_window [app_id=".*"] inhibit_idle fullscreen
for_window [app_id="org.gnome.Nautilus"] border pixel 1
for_window [app_id="dolphin"] border pixel 1
# for_window [app_id="kitty"] border pixel 1
for_window [app_id="kitty"] border pixel 2
# for_window [title="^video0 - mpv$"] floating enable, sticky enable, resize set height 260 px, move absolute position 0 px 820 px, border none
for_window [title="^video0 - mpv$"] floating enable, sticky enable, resize set height 130 px, border none
for_window [title="Firefox Developer Edition Sharing Indicator$"] floating enable, resize set height 16 px, border none
for_window [title="Picture-in-Picture"] floating enable
#--- Xtk Applications ------------------------------------------------------
for_window [title="xclock"] floating enable
for_window [title="Calculator"] floating enable
assign [app_id="telegram"] C
assign [class="Signal"] C
assign [title="Ferdi"] C
assign [title="Discord"] C
assign [class="Discord"] C
assign [class="vlc"] M
bindsym
{
Alt+Shift+e exec BEMOJI_PICKER_CMD="bemenu -n -l 10 -p 🔎 --fn 'Fira Code Retina 20" bemoji -c -n --private
# as per https://github.com/japhir/ArchConfigs/blob/master/swayconfig
# add the webcam screen for video recording
$mod+ctrl+Shift+a exec mpv --no-osc --demuxer-lavf-format=video4linux2 --demuxer-lavf-o-set=input_format=mjpeg av://v4l2:/dev/video0 || notify-send "failed to start webcam"
# screenshot of all outputs
print exec grim $(xdg-user-dir PICTURES)/screenshots/grim-$(date +'%Y-%m-%dT%H-%M-%S').png
# screenshot of an area
Shift+print exec grim -g "$(slurp)" - | wl-copy
# screenshot of a window
Control+print exec winprint.sh
# colour picker / eyedropper
Control+Shift+print exec grim -g "$(slurp -p)" -t ppm - | convert - -format '%[pixel:p{0,0}]' txt: | wl-copy
$mod+c exec gnome-calculator
# -w: Always open a new window for browsing specified URIs.
$mod+n exec nautilus -w
$mod+Shift+n exec nemo
$mod+m exec QT_AUTO_SCREEN_SCALE_FACTOR=0 QT_QPA_PLATFORMTHEME=wayland vlc
$mod+Shift+b exec brave-browser-beta --incognito $chromium_flags
$mod+Shift+w exec MOZ_USE_XINPUT2=1 MOZ_ENABLE_WAYLAND=1 ~/Downloads/firefox-dev/firefox --class=swayfox --private-window
$mod+Ctrl+Shift+w exec MOZ_USE_XINPUT2=1 MOZ_ENABLE_WAYLAND=1 systemctl --user start ff_nn
$mod+Shift+g exec MOZ_USE_XINPUT2=1 MOZ_ENABLE_WAYLAND=1 firefox --class=swayfox --private-window
}
#
# Borders
#
bindsym --to-code
{
$mod+ctrl+semicolon border toggle
}
#
# Gaps
#
bindsym --to-code
{
# $mod+ctrl+minus gaps inner 2px
# $mod+ctrl+equal gaps inner 2px
$mod+z gaps outer current plus 5
$mod+Shift+z gaps outer current minus 5
$mod+x gaps inner current plus 5
$mod+Shift+x gaps inner current minus 5
}
# Notifications
bindsym Control+Space exec makoctl dismiss
bindsym Control+Shift+Space exec makoctl dismiss --all
bindsym Control+Alt+Space exec makoctl set-mode do-not-disturb
bindsym Control+Alt+Shift+Space exec makoctl set-mode default
#
# Moving around:
#
bindsym --no-warn
{
# Move your focus around
$mod+$left focus left
$mod+$down focus down
$mod+$up focus up
$mod+$right focus right
# Or use $mod+[up|down|left|right]
$mod+Left focus left
$mod+Down focus down
$mod+Up focus up
$mod+Right focus right
# Move the focused window with the same, but add Shift
$mod+Shift+$left move left
$mod+Shift+$down move down
$mod+Shift+$up move up
$mod+Shift+$right move right
# Ditto, with arrow keys
$mod+Shift+Left move left
$mod+Shift+Down move down
$mod+Shift+Up move up
$mod+Shift+Right move right
$mod+Shift+c move position center
}
bindsym --to-code
{
$mod+Shift+comma workspace prev_on_output
$mod+Shift+period workspace next_on_output
$mod+Shift+tab workspace back_and_forth
$mod+comma focus output left
$mod+period focus output right
$mod+F2 workspace C
$mod+F3 workspace M
}
# Move focused container to workspace
bindsym --to-code
{
$mod+Shift+F2 move container to workspace C
$mod+Shift+F3 move container to workspace M
}
#
# Workspaces:
#
# Switch to workspace
bindsym --no-warn
{
$mod+1 workspace number 1
$mod+2 workspace number 2
$mod+3 workspace number 3
$mod+4 workspace number 4
$mod+5 workspace number 5
$mod+6 workspace number 6
$mod+7 workspace number 7
$mod+8 workspace number 8
$mod+9 workspace number 9
$mod+0 workspace number 10
}
# Move focused container to workspace
bindsym --no-warn
{
$mod+Shift+1 move container to workspace number 1
$mod+Shift+2 move container to workspace number 2
$mod+Shift+3 move container to workspace number 3
$mod+Shift+4 move container to workspace number 4
$mod+Shift+5 move container to workspace number 5
$mod+Shift+6 move container to workspace number 6
$mod+Shift+7 move container to workspace number 7
$mod+Shift+8 move container to workspace number 8
$mod+Shift+9 move container to workspace number 9
$mod+Shift+0 move container to workspace number 10
}
#
# Workspace-monitor assignments
#
workspace 0 output $pri
workspace 1 output $pri
workspace 2 output $pri
workspace 3 output $pri
workspace 4 output $pri
workspace 5 output $pri
workspace 6 output $pri
workspace 7 output $pri
workspace 8 output $pri
workspace 9 output $pri
workspace C output $pri
workspace M output $pri
workspace 10 output $sec
workspace 11 output $sec
workspace 12 output $sec
workspace 13 output $sec
workspace 14 output $sec
workspace 15 output $sec
workspace 16 output $sec
workspace 17 output $sec
workspace 18 output $sec
workspace 19 output $sec
workspace 20 output $ter
workspace 21 output $ter
workspace 22 output $ter
workspace 23 output $ter
workspace 24 output $ter
workspace 25 output $ter
workspace 26 output $ter
workspace 27 output $ter
workspace 28 output $ter
workspace 29 output $ter
#
# Layout stuff:
#
bindsym --no-warn
{
# You can "split" the current object of your focus with
# $mod+b or $mod+v, for horizontal and vertical splits
# respectively.
$mod+b splith
$mod+v splitv
# Switch the current container between different layout styles
$mod+s layout stacking
$mod+w layout tabbed
$mod+e layout toggle split
# Make the current focus fullscreen
$mod+f fullscreen
# for in-container fullscreen chromium
# ref: https://www.reddit.com/r/i3wm/comments/egvj3k/chrome_tabs_not_visible_in_full_screen_mode/fdeps34/
$mod+Shift+f split v; focus parent; fullscreen toggle; focus child
# Toggle the current focus between tiling and floating mode
#bindsym $mod+Shift+space floating toggle
$mod+Shift+d floating toggle
# Swap focus between the tiling area and the floating area
#bindsym $mod+space focus mode_toggle
$mod+d focus mode_toggle
# Move focus to the parent container
$mod+a focus parent
# focus the child container
$mod+alt+a focus child
}
#
# Scratchpad:
#
# Sway has a "scratchpad", which is a bag of holding for windows.
# You can send windows there and get them back later.
bindsym --to-code
{
# Move the currently focused window to the scratchpad
$mod+Shift+minus move scratchpad
# Show the next scratchpad window or hide the focused scratchpad window.
# If there are multiple scratchpad windows, this command cycles through them.
$mod+minus scratchpad show
}
#
# Resizing containers:
#
mode "resize"
{
# left will shrink the containers width
# right will grow the containers width
# up will shrink the containers height
# down will grow the containers height
bindsym --no-warn
{
$left resize shrink width 10px
$down resize grow height 10px
$up resize shrink height 10px
$right resize grow width 10px
# Ditto, with arrow keys
Left resize shrink width 10px
Down resize grow height 10px
Up resize shrink height 10px
Right resize grow width 10px
# Return to default mode
Return mode "default"
Escape mode "default"
$mod+r mode "default"
}
}
bindsym --no-warn $mod+r mode "resize"
bindsym $mod+Shift+r --no-warn reload; exec kanshictl reload
# kudos to github.com/rbnis for the following menu-like section inspiration
# https://github.com/rbnis/dotfiles/blob/dfd6f956f6d00a1012a3a167d947773095dac7fd/.config/sway/config#L228-L235
set $mode_sys System: (l) lock, (e) logout, (s) suspend, (r) reboot, (S) shutdown, (,) return
mode "$mode_sys" {
bindsym {
l exec --no-startup-id $lock, mode "default"
e exit
s exec --no-startup-id systemctl suspend -i, mode "default"
r exec --no-startup-id systemctl reboot, mode "default"
Shift+s exec --no-startup-id systemctl poweroff -i, mode "default"
# return to default mode
Return mode "default"
Escape mode "default"
$mod+Shift+e mode "default"
}
}
bindsym --no-warn $mod+Shift+e mode "$mode_sys"
bindsym XF86Sleep exec "systemctl suspend -i"
#
# media keys
#
bindsym
{
# depends on avizo-service
--locked XF86AudioRaiseVolume exec volumectl -u up
--locked XF86AudioLowerVolume exec volumectl -u down
--locked XF86AudioMute exec volumectl toggle-mute
--locked XF86AudioMicMute exec volumectl -m toggle-mute
--locked XF86MonBrightnessUp exec lightctl up
--locked XF86MonBrightnessDown exec lightctl down
### --locked XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%
### --locked XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%
### --locked XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle;exec notify-send -t3600 'audio muted'
### --locked XF86AudioMicMute exec pactl set-source-mute @DEFAULT_SOURCE@ toggle;exec notify-send -t 3600 'mic mute toggle'
### --locked XF86MonBrightnessUp exec light -A 5
### --locked XF86MonBrightnessDown exec light -U 5
--locked $mod+Ctrl+p exec playerctl play-pause
--locked $mod+Ctrl+n exec playerctl next
--locked $mod+Ctrl+Shift+n exec playerctl previous
--locked XF86AudioPlay exec playerctl play-pause
--locked XF86AudioNext exec playerctl next
--locked XF86AudioPrev exec playerctl previous
# --locked XF86AudioMute exec amixer set Master toggle
# --locked XF86AudioMicMute exec amixer set Capture toggle;exec notify-send -t 3600 'mic mute toggle'
# --locked XF86AudioMicMute exec ydotool key 248:1 248:0;exec notify-send -t 3600 'mic mute toggle'
}
include ${./dracula.sway}
'';
};
}

27
nix/hosts/t14/modules/podman.nix Normal file
View File

@ -0,0 +1,27 @@
{
config,
pkgs,
...
}: {
virtualisation = {
containers.storage.settings = {
# configure for zfs.
storage = {
driver = "zfs";
graphroot = "/var/lib/containers/storage";
runroot = "/run/containers/storage";
};
};
## setup podman.
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enable = true;
};
oci-containers = {
## use podman as the default container engine.
backend = "podman";
};
};
}

41
nix/hosts/t14/secrets.yaml Normal file
View File

@ -0,0 +1,41 @@
rootPassphrase: ENC[AES256_GCM,data:tWktdXDtI6dbF1cZprTdajj1IW4U7tQG/fNBdqnFzTDkbVLHMuZbu4eeKpDUWD+ERg2hAKjWoMdmKJKoz63pCvka3/DozTc2WQ==,iv:LMFFdy/YPqfBPp36mGyQhoK17GblQzgn706/fhZtX8I=,tag:qqQuRs25eOtTw8yXJed5xw==,type:str]
mkoPassphrase: ENC[AES256_GCM,data:HdpXH/xYlCcVTEKbd2InUBTfJTBaZK24sjlyZzLYZsdLW+dEN+cnP282iTSuaXKjqj/3TVs+nEdCRe41ymzcMyKPT56Pjb/J9g==,iv:PreIb/HsrRuCFuD4t14Y2JpjJ/kzyIOSgkdcHhzVldg=,tag:aJf1EBhll7LsIJZsOGmIyw==,type:str]
extraHosts: ENC[AES256_GCM,data:u7MKvqraIIFldVIO02fh1p7Ok3nYsATwscxG3F2lLOmmuiXa5H7pn8K4d7ZhGnHEdy8XpHC/VbFIWBperXeYuWoWtL2ggV0pLFJ3SOjJwW21jnIQMY4633fZ6WdFjeXG6rW2qNAEm1Rrnb7g/SQnFMYN/VY1STIuM+/btEwxvuxOvYSP95O5g0xkgjZE/w2HZPAQYbZH0OVL9m0AJvY3PGm0jibeBS/O6K1WWByl/0A0McCUgqpbkM7338yBYSo691FsndLcAvicc3aCVZWMc/vAtmiwmE2dezE0gDz6rXLKC4lF1EdbMaHw9y9bMXMedwt0Ujj2ytAkC8mkVORdwoYpYDz4PR/n4IV1KZCAPdZHPoE40XK+whC2ZAx9LFE5b0NVUo64cU+nX6yqDA4B2nqNoprCLaHrJajEyIqdGYOlXqHV7tsxnWqzhSYptl78qHLf0e26H3Sh2csWTCi1xpQg1p4bP5gcZqC10xoe5jWmhFbHhdaXxNowX15Oqw4PBez3wFtBxXCkIkXktjfNJ3vG5yoIiPzqoQbECQW7B4zAEpGxTw==,iv:0uVhgydgeDaJNgd/e4Uq1pku39QF/NugZ87NdfP9DWs=,tag:EGEMuOElqMNjVk/S9qwy6A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1nt7a9nsgwsf7c9x8yx3qu8w24svz02hpfuwtmk8dazw6j6lh33hsgv8erk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVWUpMT3BLMzBGdUNPYWZL
N2JZbU1YVmZNVEFQRVNsSXdyRGU4YnMwbkh3CncvSmZaQnh4VFkzS2ZOYUpOd3hD
VVkwbmNTSVdHd3VaT2toZXJsS2lSV28KLS0tIDJYT25keE80di81UENFQXdRc20w
Rm9NaEViOTNyU3dXQXRJL09yUDNKRWsKXNhKsu7BpMrugmp9efOcmE3J4kW5hAw1
MRwrflbmB0566Y2A3RGqoL7sdbn0KMJ9uxswrbsdXWKKMrZCg+kuVQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age15959gprm59azjflvpj97yt0lj6dj4d2yv0nd6u9jp32lzwp3de7qzhf85y
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1RjNMRk85SXVncWdPdU9L
RytmTVphUGJIcnl1QUVnM3N5QlVqc3V4Q2xFCjRlVVg1Zk5RRlU3K0g0cHZtdUYr
Q1cvUTJRZWlvSzlxSmNTOGdMb3VzOTQKLS0tIFVrcDhDZ1NXWEFxbGl3TDloYW10
RmR5UXp2ZnlaQmg0d21JMEJDcU5YdW8K75Jkr3h+FhUeCYFlIi07UHJ751iphGJo
EfzCe6O6Hw5mtNYRdTELRVT/nzlgtKD3S6KQLX/cgJqyoUo1mqeWeA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1qnyrhen4ynpa6t0ljgjnhz5zpf0ennzt4ezskeq78nsnpvlyh5ws6ergnx
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBZGZtVklXS09NekRiNERV
WjBzKzJIZWl5SS8yK3VpRnhsL2Vnc1F4RHpJClQvUFkrSy96WHBWaXMyUWZWSUxv
U1NGTlU3SkhzV0phYkpjM3ZkV3I1YXcKLS0tIHJKcTFKKzc4SFBZZFJMZ0FZMjZz
SCtsL3UwYVBXaFVrZXNKK1Rnd3ZvVm8K//8USwJzMcO5GALB0ZtMporm3FP6FKS5
Y8a+Io9NYL5LovhX0O/0PUJaxI0Banw5SCOlyfa2Vg2czGsMQ9bqLQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-08T22:41:05Z"
mac: ENC[AES256_GCM,data:0RbS0a4EKhqrcy4qgGEqLNxlpPjD2RW1Mnrwz2dTHgPX5vBZ26dNShJQVIikrNwK246kOc7G0dKWAMQKTs6WI/kGiIGzsECDhFYLxH/CXe7d7PS5o7TsQ/gJUjTz6i3O1LtY9ew1PCCausZ+ej+Whalu6eYCx/XNk6q3TSsS1Lw=,iv:TrOi4MFvPXOHpEZXjYd/hTfutf4+qvReJrrKqNGawcs=,tag:Cu+DrwUgtM4cbV1teOJ+xw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

BIN
nix/hosts/t14/walls/2020-August-11-Churning-Clouds-on-Jupiter.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 673 KiB

37
nix/modules/zsh-aliases.zsh Normal file
View File

@ -0,0 +1,37 @@
alias ls='eza -al --group --group-directories-first'
alias am='sudo -i'
alias mv='mv -i'
alias cp='cp -i'
alias ln='ln -i'
alias free='free -m -l -t'
alias c='clear'
alias hs='history | grep -i'
alias neofetch='neofetch --disable "theme" "icons" packages de hostname cpu gpu resolution title'
alias wget='wget -c' # allows to restore progress after interruption
alias zshist="vim ~/.zsh_history"
alias agentssh="ssh-add ~/.ssh/$kee"
alias rsync-copy='rsync -avz --progress -h'
alias rsync-move='rsync -avz --progress -h --remove-source-files'
alias rsync-synchronize='rsync -avzu --delete --progress -h'
alias rsync-update='rsync -avzu --progress -h'
alias tmpdir='nutmp=$(mktemp -d);cd "$nutmp";unset nutmp'
alias ta='tmux a -t0'
alias tmux='TERM=xterm-256color tmux'
alias urlencode='python2 -c "import urllib, sys; print urllib.quote_plus( sys.argv[1] if len(sys.argv) > 1 else sys.stdin.read()[0:-1], \"\")"'
alias urldecode='python2 -c "import urllib, sys; print urllib.unquote_plus(sys.argv[1] if len(sys.argv) > 1 else sys.stdin.read()[0:-1])"'
alias diff="diff -Naru --color"
alias ip='ip -color'
alias nmcs='nmcli conn show'
alias keyz='ssh-add -l'
alias gitagain='GIT_COMMITTER_DATE="$(git show -s --format=%ci HEAD)" git commit -v --amend'
[ -z "$IN_NIX_SHELL" ] && {
if command -v nixGLIntel &> /dev/null; then
alias gor='nixGLIntel go run'
fi
}
alias signal-desktop='signal-desktop --use-tray-icon --enable-features=UseOzonePlatform --ozone-platform=wayland'
alias dotfiles="cd $dfHome"
alias -g VV=' |& vim -'
alias -g LL=' |& less'
alias normalise-unicode="python -c \"import unicodedata; import sys; arg=sys.argv[1]; print(unicodedata.normalize('NFKD', arg))\""
alias attic='nix run github:zhaofengli/attic'

57
nix/modules/zsh.nix
View File

@ -1,13 +1,16 @@
{pkgs, ...}: { {pkgs, ...}: let
users.defaultUserShell = pkgs.zsh; shellInit = ''
ZSH="$HOME/.oh-my-zsh"
ZSH_CACHE_DIR="$ZSH/cache"
ZSH_COMPDUMP="~/.zcompdump"
ZSH_DISABLE_COMPFIX=true
programs.zsh.interactiveShellInit = '' if [[ ! -f $HOME/.local/share/zinit/zinit.git/zinit.zsh ]]; then
if [[ ! -f $HOME/.local/share/zinit/zinit.git/zinit.zsh ]]; then print -P "%F{33} %F{220}Installing %F{33}ZDHARMA-CONTINUUM%F{220} Initiative Plugin Manager (%F{33}zdharma-continuum/zinit%F{220})%f"
print -P "%F{33} %F{220}Installing %F{33}ZDHARMA-CONTINUUM%F{220} Initiative Plugin Manager (%F{33}zdharma-continuum/zinit%F{220})%f" command mkdir -p "$HOME/.local/share/zinit" && command chmod g-rwX "$HOME/.local/share/zinit"
command mkdir -p "$HOME/.local/share/zinit" && command chmod g-rwX "$HOME/.local/share/zinit" command git clone https://github.com/zdharma-continuum/zinit "$HOME/.local/share/zinit/zinit.git" && \
command git clone https://github.com/zdharma-continuum/zinit "$HOME/.local/share/zinit/zinit.git" && \ print -P "%F{33} %F{34}Installation successful.%f%b" || \
print -P "%F{33} %F{34}Installation successful.%f%b" || \ print -P "%F{160} The clone has failed.%f%b"
print -P "%F{160} The clone has failed.%f%b"
fi fi
source "$HOME/.local/share/zinit/zinit.git/zinit.zsh" source "$HOME/.local/share/zinit/zinit.git/zinit.zsh"
@ -73,5 +76,41 @@
# eval "$(starship init zsh)" # eval "$(starship init zsh)"
# zinit load sindresorhus/pure # zinit load sindresorhus/pure
setopt emacs
# setopt autocd
setopt \
alwaystoend \
autocd
source ${./zsh-aliases.zsh}
export TERM='xterm-256color'
# make home-manager not manage the shell configuration
HMVARSFILE="$HOME/.nix-profile/etc/profile.d/hm-session-vars.sh"
if [ -f "$HMVARSFILE" ]; then . "$HMVARSFILE"; fi
PATH="$HOME/.cargo/bin:$HOME/go/bin:$PATH"
zstyle ':completion:*:*:*:*:descriptions' format '%F{green}-- %d --%f'
zstyle ':completion:*:*:*:*:corrections' format '%F{yellow}!- %d (errors: %e) -!%f'
zstyle ':completion:*:messages' format ' %F{purple} -- %d --%f'
zstyle ':completion:*:warnings' format ' %F{red}-- no matches found --%f'
# zstyle ':completion:*' group-name ""
zstyle ':completion:*:*:-command-:*:*' group-order alias builtins functions commands
# zstyle ':completion:*' file-list all
zstyle ':completion:*' squeeze-slashes true
zstyle ':completion:*:*:cp:*' file-sort modification
# This way the completion script does not have to parse Bazel's options
# repeatedly. The 'cache-path' directory in must be created manually.
zstyle ':completion:*' use-cache on
zstyle ':completion:*' cache-path $ZSH_CACHE_DIR
''; '';
in {
users.defaultUserShell = pkgs.zsh;
programs.zsh.interactiveShellInit = shellInit;
programs.zsh.loginShellInit = shellInit;
programs.zsh.shellInit = shellInit;
} }

74
nix/secrets/dnscrypt-proxy.yaml
View File

@ -1,4 +1,4 @@
dnscrypt-proxy-forwardingRules: ENC[AES256_GCM,data:WpW6b333rUPBTjPbSp+RvSvPovgk9DUxD7EfpPuTBrBlzBULh2Z61mML7vbtqnJ0nL6jRH3AEhxQDhJ9IEMc0RvZcH/j3y/f5/dmioVEZG210us5/DWt1i+/U0BLfsUoN6w31F/7mvB13hTEeQ2wZICQjQB5AneiRnNxrCXtgk2axnVae/3jEDLrw+dI5ryC+8uUQQ4GVT7NQjWfQxhM6sSjjN/JxtBlrCsDtZd5YylfvzoCbHZ4F9vAIEUZh3Ac8W6l0B9WKeIgGn3phXkdcLlKQwzMUlF7j9e1tpTTtm2mXc92JW21yVUrr7KyuynriYi+wUPMxXZGUAsALFRZk1G+Lwj7syU4s479S2gLgXWt,iv:BnuBe4xA07hZ7GE/3Lt24I6dMhKnSYfFHvftFBtbI8k=,tag:1TKeJ4KEqaah3QrGDnCYEg==,type:str] dnscrypt-proxy-forwardingRules: ENC[AES256_GCM,data:E+nXxabEEYURb94zG1Zl1L5jYTfi+YCUVqeVzs8A0PEk4HLKD6KuRySQPAohLz20C4+L5BFHou3knS+ogiWtu8Rti6hOpdGKTbjmSTFbGIz/XylU7IjjKP6D/f9zftrWXkSi8p1hGm1h/zYyxO2H4LTL2IWTmLnFf3ETtn9ABOjZfG+aEezKfSD5c82U8wi0kNgaOY3UGAKjJzrHuj4IwTI8G95FDXasoNnduvQrtcV3EmjIXSNBcOSryihFcJCnN+n3Cras6eHe9t2GCs6bMjnV/9GH+tN6a1MdA+weuCS5VirwxNf3jzRV/ruMORluB0zyHYm3mKrZmPoxvHmMO4uLM22O4Aao+F06AjMZI5oW,iv:UGDcLqDeAix9ccUppzfWWq19A8ZOfOZRNo6P1X2e4Vc=,tag:agbeRgfOBKJv94D7IyfXmw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -8,50 +8,68 @@ sops:
- recipient: age1nt7a9nsgwsf7c9x8yx3qu8w24svz02hpfuwtmk8dazw6j6lh33hsgv8erk - recipient: age1nt7a9nsgwsf7c9x8yx3qu8w24svz02hpfuwtmk8dazw6j6lh33hsgv8erk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2VVNDcEs0RDNuSlJ2OFFy YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6Q25lWldWSUtjQXFEK25a
NkNvdzBoUytWd2pRVEFMYnJ2Z3NHTEJRRG1JCkZYTTdnTGUrdnBFUjFpUDh4UldN OUFTc2RzQjdBOEFKR1o2dlpZNGJVQ1ErUFJNCkZpYmNtazlMZjdvWGVqNHo4K2JU
Y0RvRVN0OVFVZGNxaEQ1TjFGWG0rNTgKLS0tIE5EUTRsMUQwR2xHOFF4K2lncW1r NjhCQ2dJQUhtMVErSjdBdmxvMW5Qd0kKLS0tIEZtUmJqMmNTdlBJNzFCMWlNVFJ3
cWU5NFZSUFNrM3dzNENSOW1tOHdzVTQKMfH1pB0gLvvwYlB8GRONPEr5kpoxV0rB UXkwdzZnUk5kVFFIbGp1VUtTWlgraWcKnpGuhhKNijN9q3qgDC8jWTIcpMWBdGkR
fA/5kTdb1tWBvH1wNpAUomig5bGM4ncHzQjB1Qcqt1Zop5tEvfjlHw== iB4xYnYfy4zYdl9Pd0AggsqvxdJ9v0z/jLX5NnoSvaxG4mjp7qUgkg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age15959gprm59azjflvpj97yt0lj6dj4d2yv0nd6u9jp32lzwp3de7qzhf85y - recipient: age15959gprm59azjflvpj97yt0lj6dj4d2yv0nd6u9jp32lzwp3de7qzhf85y
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0MlljRU1Td2tFSCs5VmFF YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDL3RsdEpZL1U3ZHlyZW55
dllGaDJKU2dFYUxJdWhEbmwxaUJRM3NadjNjCkxFZTBXb2M4ZjBtVlpTblNjRjhZ c2x1dU5LSVp1WGhWcnVrQjZFVmw2b2pnc1dFCktPOVpmaGJtalNDSDQzc1psdmJv
K3NkZWc4bnVwSVNldHZuL3ZDb2FXWVEKLS0tIGRvV1N5cVFrL1hzZ2pQQ3JLNmtM VGd5dFBiS0pwUUpuWXlOMzBhNkd5SEEKLS0tIGM4bjRSdmYwY3BrODMrYzJ5Y0JW
S01VMm14VUdPY3lqc0pha2pKTGkrTjQKCLW3LwUOFfP1VWK8MgwoHe8Py1HrvVGE UytVaVRydVhlS0lwMVViN2ZxQnVBS2MKNq/kU2dxo4EcSiYU9NDS3oN83e3p8glA
gWeLHFD1pR2NdSn0nDan7CcKL3+P2F1cFyqv8+Ff06ehXWB3gbm3Jw== Pyu4MM3hBos6i3x7ZQZMWufUT9KJZvktLJfQ4j+TkGD7BIqR1fCWQQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1drh8uq93mhzhj3rz9s2gcnht04wc5hukzutlu4l5qc55hxaznd5s9xs2f6 - recipient: age1drh8uq93mhzhj3rz9s2gcnht04wc5hukzutlu4l5qc55hxaznd5s9xs2f6
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkQ3pZNVhMZVBXeGcxeFUx YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0eDhGdzlTK1JyMHZqTnJN
dElJV2hwM2RuZXVGVUVWMmhDVjNsdlAvb0RvCnFmSk1zRGJ2Ulh3NnJlSFZETUNT Q2pKYW5ObjlweWgvK1BrdVdzY1VMZ3BVRjJzCmVZUDEydEVuS1BrcVpwc3lNL0lQ
TGJiS1dhOEFPSXZwVzNrNTV0UUpoamsKLS0tIHFLVk5Va2NTK2VlcjM5bnlYajhx TDRkeGQ0elpqckZ4OWtmRGFPdjdQYVkKLS0tIE1hMFZENGM5am5qd1pKVHRkaGRn
cEE4YjJOaVJ4bDFObXpXU093amhXM3MKHgm8DCwqqj+6yLFoNHFWGA1K45AWXzkp UWpNdi9qN0dtSnRMKzYzK0NCa1RYM1EK8tpKAjHgi8mrCthcXjDpPfi9jVRaUPn7
XonJ+vWAQGIM4sVYvzCYSx6QaZk5PVnWq8NcPlzeWSelYtOTPkRiQg== hjDbEnkzE7M7kSlRCSKAoe5do1MBqqgr1FK3pJcejG3g9orZ2wPEuQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age136558pknq6glx2xftavt7mm3p4jcpu54kej2kxryeu78m5r59e0qvawl5l - recipient: age136558pknq6glx2xftavt7mm3p4jcpu54kej2kxryeu78m5r59e0qvawl5l
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrMFQ3ZTZtZjFCMnpCUk9R YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRaFRkbWVTY3J3eU1HNzBy
bHdsZUwrcWZEczVBbFplWnJPVktOdjNJU0Y0CjJPZDlWcGFIQVVMUjJIcTMwSzl5 SklmanMzdHUzbDZsKzl3bk1IdFI3d1FrWDBNCi9XOTR2QmE4blQ1YzBrTVdxellh
V0hESWtZcmZ2S1FmVUNnVnhTKzZaYW8KLS0tIDBnU2VkSHdGZGJlSEhNNE82a3NJ aHUzZm80SmpUcllGYm43dmFYcGppTGsKLS0tIENpT2QyWVpXZFFmbWUvMXlxYzk2
WFZzSjZqRzFVcjU3SzBLOEQyWFJqcnMKEtXIPnCYJe2+d9MWLWLAxKWQF8uPMoM3 d080TFRha3JGVTI5dU13K042TWdhS1UKHyfnTeXNzunJJ4JXetKISA0I5XjJlq6h
pPJlfzKarVfYJ+PxmTcH4+xbberEZDdrjikvZL6CluZBQuTHoOrdOA== UdU31BfwlZOHTaeun9bXzRiL93hQOdixCbq94h7L9D6271N/LvcpIg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17qvnfr98kxn0yuw6zjsmrl5nqlganzakn77pchnf5cr3an4gdp5s8dn26v - recipient: age17qvnfr98kxn0yuw6zjsmrl5nqlganzakn77pchnf5cr3an4gdp5s8dn26v
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1eFRuOGZPS2tDTElITDRm YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLR09DZnZiT1Vpdmh6bFQ4
UzFDbFVuUXVxbnhjWC9BNXZsNEtPblVXNW5nClNUTGRVVDljNzRjTEUzVUFvRW9a TjYrSDJJR25WTXM0SEhoUWx3S2pxUVc1VDBnCjI4ZkdJb28rM2QwYitVZWdxeVV0
Q1VOeTNYV2VrY2tLR1NaVG9CbjVrSXcKLS0tIEQ3MjhEQnNwV2RUYUJGL1UzKzln VWc3elFpNFBjSlRWL0s0aERhR0VUVzgKLS0tIFhEOUVxNUhhQ2tYeFJuZThTa0pR
aXNhWE9iWmdPZlJaWmd5MHVqYUlITkkK+mudBNg2DwXjFNP3RP5Xqw2bksK10B4P RVhLRnpHemVYeUFOZnhjSlRQNTdUbGsKkhmBKb5x3YHM4TiuZRtxYHd/IYdDkAcb
MVDpC9Du2hOljpJlJ0R2AQL0oxixu/ts9eDG5ZtSdtGIJv7JJWJctg== w23lLGKXZ+fdJUn6nYOPdnV89KRC6mkJsoWDVlS06tAFWIw8zgzJQw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-11T20:43:18Z" - recipient: age1qnyrhen4ynpa6t0ljgjnhz5zpf0ennzt4ezskeq78nsnpvlyh5ws6ergnx
mac: ENC[AES256_GCM,data:lrcjh3u7yUl8tvmMQS8S0SM/OQ8DAv/ctGx9NYWj0UoIHyMpsWDu2qFEO6S7oeK0f8k9mxYEmopDcMUSWprYpeJ4fR8IFFjJXsHqD0QVktVCjivmURPiu24dkGge2yVGSySnL126OwdKd/8LAagd5wj1Tj7VhbgsDS4R6DMB9uo=,iv:bUCt4xLaas0zEYkQGh6MPhnZAx7Zp/0r+xhYyy0YGXs=,tag:CWmGA5smxj4QFqaQRJ+ivQ==,type:str] enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoT2xXTW1nc2g5KzB1VmtI
YzBidmhsamRnU0pKK3NTZFU3SEpGMUpSSVFjCnV4NEFmTjJTTzFPRmdlcUt0d0Fy
dXM5UXBTQjZ4cTRSWVZhQjk4c083ZmsKLS0tIHdRczJoRkhwaFJ4bjRpaWVsK2s0
TnUwa2dqSGRNN0ZXZ3I5ejhNRE1BcU0KVgIlp8QgIKeJVj0vQcHVTJSl4ye6mt5E
56Ff0hfdPO5j5P+NxnRuW9n6H8EXoNxmxjfQYhiI/H5BZEkwDqVQQQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yzlnedt49kd429jssj73v3yz5z7deyg82dq0gq86lp6dft4edg7qrcjs5v
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBubDJja1V2YW9LMmh2RHda
elR5ajJLY2VCU1pVMnRTNjRySit5MVJLVFFrCmZ1Mm5xazIzdjlYZ1U1U0tSQ0dp
a1oyQTlVSStqSi80aFR1MFRNSUI5YkkKLS0tIEowMVAydFlBRG51S0twVmNLcVdt
RGVKVlduNmV1eEIrbWVPQ0l3NndGK0kKrVEhQFkMSAsArRYCAe45rTtjuOkHgcFZ
Nzns/aAehpuXJhuY3w09sA1xDWcx1wKkvL3yGqIbJzF08oXC4+OTJQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-04T14:06:01Z"
mac: ENC[AES256_GCM,data:id3N5LbDVS7Aarz2PPCcSvx5ggmv+zn51Mvn0oNCjGhDzgg/GKlBpXi4Nz8a20p2XVb/ceOPbGQEWMtY1mF5KvrHEB+QLTMN5kq7reQ6RpWhnTZiNxFiD2/IROkUA+lvKXKdGFElydtjQ7lnK7oR2tuWRvVCjwktnPJoLHHIgKw=,iv:EGis0MNSeX1gOS9mu+oBfolNbR5AIx/Fwr2YaS8Ojzc=,tag:DezMtg0BCTb1jMTiY8FGCA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.7.3

68
nix/secrets/net.yaml
View File

@ -25,47 +25,65 @@ sops:
- recipient: age1nt7a9nsgwsf7c9x8yx3qu8w24svz02hpfuwtmk8dazw6j6lh33hsgv8erk - recipient: age1nt7a9nsgwsf7c9x8yx3qu8w24svz02hpfuwtmk8dazw6j6lh33hsgv8erk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjcWZsZkRKQTdwNzVBdmFK YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLdTBUTmpLbEdFVHVWeHBY
dW9VMjVHOWNDdG5NMDNPTDRQZVNMOW04YnhjCjdtRWs3cW9DeldSQmZ3WStzYmNu OTBzYnJtU1ppQ3ZtZmlxMG5uQi9HMm16TG4wCndkNUJyeFpHYlM0TW85N1NaaEdi
RVBxSFM3c3UyTFNRVUQ5bUl3OVlEaFEKLS0tIGdXakpGTmtTUFljTy9aRUlMSkZt dVlaeUJmSjJRM01rbDhja0dGcXZFOFUKLS0tICtzL3FFQzBCcWUzVU9RMG1YQjJG
UDZ2MmNqN0JuSWJCNnJqN0hsSllFVGMKh+mXWPVPI9vaG+CjRefRn9VUvomMtnQQ M2txNGFrN0dSVVNoOWZJSURabHJBUVUKJhgzLV+lKoC7O5OoY2W6amACnh/TDS/F
ZhTZ3g0Y3OXUPFNxQAvjCjsjqbLI1OA6OKO50w9m284YS95D4GPcYA== jLudwV70yq5/f9aQAlt3O8NhGoz8SRl4hvdfTLea5xw3RclkcnY3lg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age15959gprm59azjflvpj97yt0lj6dj4d2yv0nd6u9jp32lzwp3de7qzhf85y - recipient: age15959gprm59azjflvpj97yt0lj6dj4d2yv0nd6u9jp32lzwp3de7qzhf85y
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5NHg0TW42SjVqQ1k3QXhi YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuYW5xM0ZkcWplMHV3MG01
bVVPR045ZUxtNm1EMWxySGx3RVZHWUhnd1ZjCmRkdE4zcjdmOTlnMTE3WWppSTNx VXhWNGg1WlhUMkR0L1VOYndZL01SZmMyNVdjCklZUCt4WXpZZm5PUzVHOW04VDZU
eVdVejBIQWFBb245R3FwUVRrVWFFK0kKLS0tIHRVbTJ6NUg0YjVVNUg4c3gvUy9y dm9XNHRpZWhqemJtQVVEQTljQlk2TWcKLS0tIDlmQS9UWEpPUjc2cDl1bFVPMUZs
UFJGWjhIc0JZcUNtblRLNXA4S0hhUWMKYEkumg2XYVpG+lOEUIk8SKWw4yB52fkJ QllSSkd4M01zeUpwc0w3MEE4RGhxb0kKtZ21DBCVo2vt/gH18YGYR+eldaErmPXo
FKF1YrLszQHpbFytu7rv1HR/EGpQ8FlEVnrcviDti3D6MQOXeswhvw== PpmzyL2k5oNHTSvs0Von5M8iAQpfGT+gMygkhpguNxXSb1CzRNS/kw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1drh8uq93mhzhj3rz9s2gcnht04wc5hukzutlu4l5qc55hxaznd5s9xs2f6 - recipient: age1drh8uq93mhzhj3rz9s2gcnht04wc5hukzutlu4l5qc55hxaznd5s9xs2f6
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSVYyNW5nMUFIT0RvQVkw YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlN29yeHBzcGJKS1lRcW82
dTZPcGFvWXFDZktYTW1KMWZUcHhBcUsraHdzClpOeTF0Q3hqTXZIUUk1QjhDbnVp dGw0RWNDYnZsY3BtU0JyWWF2Z1ROenNGR0F3CklQZlg3NUZkb2VmNDdSbUFrbDhS
UkZtU0VaZWdWWU16cWJiVGJRTGZyQlkKLS0tIFoza1NhdkRBNjJTU0FVWVoveE9U VEU2eDd3QnptMlVYdUZjUVJCVDFIUGcKLS0tIDNDVklGK0hxcFJkRlZjOExYOFZr
VXNTenJPeHJrb0JiSHBRWW1IT1lsMEUK1Pb2MM9E7MT3heXnRmf2U4VnsK775qBN RjFBUXRicmdYU2FiRkF6Y255Uzl4UmcKQtu6if/eISs69h/ue4Emq6GmRXQhVsVu
9E9MDygvbWMZnFyEq0t6Mk8jHRwyUHI1EMxD+m+KYPYDiLpdbFHBuQ== txrUnFodMYc4Eh2nRsX/LAVoGB0zuyQF+rC9Mkd6TlmExlfDFWwVXQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age136558pknq6glx2xftavt7mm3p4jcpu54kej2kxryeu78m5r59e0qvawl5l - recipient: age136558pknq6glx2xftavt7mm3p4jcpu54kej2kxryeu78m5r59e0qvawl5l
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXM2Y5MGpKdHVsY1M1OHh1 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBucmRSWk5LSjBmK09IUVhC
cmVhOERlSzRVaS85RTVmYnVIK0ZvbkZqU3pBCmgyK2t5LzN3cGpjbXNwZmhBYkI4 aEpLTmpSbjVlUnZvdnI0WmlDYVNDQnMyOVVzCnIxWmJQWkEvQ2VnTGViamZyTTFF
Q29xZkxoWXpzdGwxZVVOWVRmWXhNNkUKLS0tIHFtOVFmTnFvMWtBWmh3U3ljRy9i MXZObnFQWVFVNUVPU3RwaXVHdFJqbjgKLS0tIDZ0cnpnQWRhcXFOSE1xYkxGQTdO
eVlqSDJSSTk1dEdhUFlheU80L1A1Zm8Kag8Xi/si2ezZtWXZDP0DHYYZ0zuSihD+ S0JMZGdNa0hDNkhEQ05pWE1tYzFxWmMK0buhFpZKQbAlwdItkQVxRKOLfW+RHtwE
SNAXuZ1US31G4I18I65XmhabBE+HFNpD/9dZWSlfzRiLznRyTKBJWg== pGzx0UsWTivz9SGLTMlOFuSbwAuzhWUWCYUeRdSA2PovaRjNR3t3Gw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17qvnfr98kxn0yuw6zjsmrl5nqlganzakn77pchnf5cr3an4gdp5s8dn26v - recipient: age17qvnfr98kxn0yuw6zjsmrl5nqlganzakn77pchnf5cr3an4gdp5s8dn26v
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvRFoyNmRwNVdwY0xIV0Nx YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1c0syai9lV0RUYUROVzR3
VXdVdVZTK2F3Vkk4MlA5ZXlnQXNIcXNEYVRrCkorSWZHeGxYK1M4VTF3cldmQnJl SkZ1aHNWMGV4WTVYOHVoTFlMYmVpakFQR1ZRCk9HVktjcllYdnJrQVBqUnZoSndz
aUpMUFJIV01jOEhucm81RkNEM3kySWMKLS0tIHNJQnJHbXE0N0JTYUZmSVpzaWhZ WnJCdWtEdjV2ZmxyQlE3RzdVa2xFSWMKLS0tIEZCMjlOS1huRjM5enFMUndsYjRU
RnV3QjNPQW8zUzZjRElYRy9OeXRvdHMKr3WmkO6RDi7cdRHS22E2uM0sgixS90jE REhIanFSS292M0RHUWorbDBjcHplQjgKsEI+Tdscu2hBcXrbf1xG8L34zp2HFYTd
D1IHbrOUAmL7W1i4461SFzUEzfqv9IACtxwBSsTz9Z50MT9rB+FBJQ== PDHLCWL7Fu/JOhpodGsPmPAEUJ9JjeAxYyuFxv/F9VB92V5oUGOiJw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1qnyrhen4ynpa6t0ljgjnhz5zpf0ennzt4ezskeq78nsnpvlyh5ws6ergnx
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxY0g1UGUyMTJld0l2M3Zn
M0t3aXB1QytzdDdNOXI2OWw3WityR1JOOEc0CkVhT2pmU0F1ZDJLRHFWYWFwZEwv
elNOcDNuM2VMbmN0QnhlWGdrRGg0bmcKLS0tIFFra3RRaXltaG51VDlHbVg1VHpX
dE1pTThPUTduZlUzTDJhUU9IVXBlU2sKltHQZc7+KUtzjxWSXB7s5gkfoQy2b4lj
zzqUuciUKDtMAxjRkiTuk0uC+DQ0VAeBt71TMvCiog03eEuVc0iLKg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yzlnedt49kd429jssj73v3yz5z7deyg82dq0gq86lp6dft4edg7qrcjs5v
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVWS9EWVFzOExQTkxteFpT
b2owL0FYa3pNTHJZRDd2d2pldUlmdTlybG0wCi9wazRFN3J3TzFMRnpCb0JkSHRa
aHdSN0lHUWN0QWNOZzNobzhIaGViMkUKLS0tIDZTdjBiVXNwdWlUcHZOUnlQSWly
OWNleUQzY0EwTzVWcUlPTkNjNHpCUmMK7RCL1R/O+Hnb4f4oqkfFNH2vnaSaaE6G
uvv1ze9iBgy6e42bR/FXuq6F4ImocdGTJMAlrgSFm/Pq7bNVj7HbFg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-14T22:34:49Z" lastmodified: "2023-11-14T22:34:49Z"
mac: ENC[AES256_GCM,data:Vh3Y0koRayFjHbvzqmjoGx+WGbuJZ9DqysY7juGvBNCtcsTlpuQz1+rZ3YglQ1oiP3l5pdHCOjUBNFk+TnOA2FJYggUvOzzUweQqmWNrg3jbjhnHpq0UyZO8UZ7sH8zYIqSRPc86H0uxyuhVDUe2Nrwa5+VxpJ2H5IYRcM61HWU=,iv:bxfppv2wqIaNcwi2pYNKIZk9G27itTpB5ovTpBXpHh8=,tag:X001tTdlTNE9gklbT7RjHg==,type:str] mac: ENC[AES256_GCM,data:Vh3Y0koRayFjHbvzqmjoGx+WGbuJZ9DqysY7juGvBNCtcsTlpuQz1+rZ3YglQ1oiP3l5pdHCOjUBNFk+TnOA2FJYggUvOzzUweQqmWNrg3jbjhnHpq0UyZO8UZ7sH8zYIqSRPc86H0uxyuhVDUe2Nrwa5+VxpJ2H5IYRcM61HWU=,iv:bxfppv2wqIaNcwi2pYNKIZk9G27itTpB5ovTpBXpHh8=,tag:X001tTdlTNE9gklbT7RjHg==,type:str]