diff --git a/.forgejo/workflows/build.yaml b/.forgejo/workflows/build.yaml index a2224c0..ee456fc 100644 --- a/.forgejo/workflows/build.yaml +++ b/.forgejo/workflows/build.yaml @@ -9,13 +9,7 @@ jobs: name: Checkout repository - name: Attic login run: attic login nixfleet http://sisko.wg.aciceri.dev:8081 ${{secrets.ATTIC_NIXFLEET_TOKEN}} - - name: Setup SSH - run: | - mkdir -p ~/.ssh - echo "${{secrets.FORGEJO_SSH_KEY}}" > ~/.ssh/id_ed25519 - chmod 600 ~/.ssh/id_ed25519 - ssh-keyscan github.com >> ~/.ssh/known_hosts - - name: Build with nix (x86_64-linux) + - name: Build with nix run: nix-fast-build --no-nom --systems "x86_64-linux aarch64-linux" --attic-cache "nixfleet" --skip-cached --result-file result.json || true - name: Report checks run: report-checks diff --git a/.forgejo/workflows/update-flake-lock.yaml b/.forgejo/workflows/update-flake-lock.yaml index abe16bd..7a45fc4 100644 --- a/.forgejo/workflows/update-flake-lock.yaml +++ b/.forgejo/workflows/update-flake-lock.yaml @@ -1,7 +1,7 @@ name: update-flake-lock on: schedule: - - cron: "0 15 * * 1" # weekly on Monday at 15:00 + - cron: "0 15 * * *" # daily at 15:00 jobs: lockfile: diff --git a/checks/default.nix b/checks/default.nix index ae2c491..5bca772 100644 --- a/checks/default.nix +++ b/checks/default.nix @@ -49,7 +49,7 @@ build = _: nc: nc.config.system.build.toplevel; in { - x86_64-linux = lib.mapAttrs build { inherit (self.nixosConfigurations) picard pike kirk; }; + x86_64-linux = lib.mapAttrs build { inherit (self.nixosConfigurations) picard; }; aarch64-linux = lib.mapAttrs build { inherit (self.nixosConfigurations) sisko; # pbp; }; diff --git a/flake.lock b/flake.lock index 5071c58..31b4dc8 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1747575206, - "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", + "lastModified": 1745630506, + "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=", "owner": "ryantm", "repo": "agenix", - "rev": "4835b1dc898959d8547a871ef484930675cb47f1", + "rev": "96e078c646b711aee04b82ba01aefbff87004ded", "type": "github" }, "original": { @@ -26,11 +26,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1747519437, - "narHash": "sha256-uv9Wv59d+mckS2CkorOF484wp2G5TNGijdoBZ5RkAk0=", + "lastModified": 1747268376, + "narHash": "sha256-JDcdINnB1bfbUAy1eEgwIXLrfZeuntxuxTu7UWcQrQY=", "owner": "catppuccin", "repo": "nix", - "rev": "3ba714046ee32373e88166e6e9474d6ae6a5b734", + "rev": "7a6ccdeba6e761bec9601e2192983e6b9dff630c", "type": "github" }, "original": { @@ -83,11 +83,11 @@ ] }, "locked": { - "lastModified": 1747621015, - "narHash": "sha256-j0fo1rNxZvmFLMaE945UrbLJZAHTlQmq0/QMgOP4GTs=", + "lastModified": 1747274630, + "narHash": "sha256-87RJwXbfOHyzTB9LYagAQ6vOZhszCvd8Gvudu+gf3qo=", "owner": "nix-community", "repo": "disko", - "rev": "cec44d77d9dacf0c91d3d51aff128fefabce06ee", + "rev": "ec7c109a4f794fce09aad87239eab7f66540b888", "type": "github" }, "original": { @@ -103,11 +103,11 @@ "pyproject-nix": "pyproject-nix" }, "locked": { - "lastModified": 1747658429, - "narHash": "sha256-qZWuEdxmPx818qR61t3mMozJOvZSmTRUDPU4L3JeGgE=", + "lastModified": 1735160684, + "narHash": "sha256-n5CwhmqKxifuD4Sq4WuRP/h5LO6f23cGnSAuJemnd/4=", "owner": "nix-community", "repo": "dream2nix", - "rev": "6fd6d9188f32efd1e1656b3c3e63a67f9df7b636", + "rev": "8ce6284ff58208ed8961681276f82c2f8f978ef4", "type": "github" }, "original": { @@ -122,11 +122,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1747618089, - "narHash": "sha256-mbzwxQlxNamIMErEfwWRZ+ECmlQzxJ4eJvOM6/fxV5s=", + "lastModified": 1747300110, + "narHash": "sha256-mHePt7oDQepKT5jm4ZCjvohAIO0QPVVYZIIIn7VARKo=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "1b2bc802bbac29f4695e39fbf982944c0999b45d", + "rev": "d8949f8c77eadcc7b268f994361fd2055cfbf2cb", "type": "github" }, "original": { @@ -282,11 +282,11 @@ ] }, "locked": { - "lastModified": 1747372754, - "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", + "lastModified": 1746537231, + "narHash": "sha256-Wb2xeSyOsCoTCTj7LOoD6cdKLEROyFAArnYoS+noCWo=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", + "rev": "fa466640195d38ec97cf0493d6d6882bc4d14969", "type": "github" }, "original": { @@ -387,11 +387,11 @@ ] }, "locked": { - "lastModified": 1747565775, - "narHash": "sha256-B6jmKHUEX1jxxcdoYHl7RVaeohtAVup8o3nuVkzkloA=", + "lastModified": 1747279714, + "narHash": "sha256-UdxlE8yyrKiGq3bgGyJ78AdFwh+fuRAruKtyFY5Zq5I=", "owner": "nix-community", "repo": "home-manager", - "rev": "97118a310eb8e13bc1b9b12d67267e55b7bee6c8", + "rev": "954615c510c9faa3ee7fb6607ff72e55905e69f2", "type": "github" }, "original": { @@ -464,11 +464,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1747664434, - "narHash": "sha256-ph9fCCvzgZ1PNOu82SSoceX/tYZ5MfmX3PkBxBiNxwA=", + "lastModified": 1747273354, + "narHash": "sha256-LUzJQ0T6XtlZLuFZ9ovLLCdzaCc4YhotPlMLoMcGD5w=", "ref": "refs/heads/main", - "rev": "eb18a90afbe0ade000d957cda344a5bcb3d565d4", - "revCount": 17900, + "rev": "b7ce00fc55dea4fa1e282921beebff25e6b2d1f0", + "revCount": 17889, "type": "git", "url": "https://git@git.lix.systems/lix-project/lix" }, @@ -554,11 +554,11 @@ "nmd": "nmd" }, "locked": { - "lastModified": 1747382160, - "narHash": "sha256-nlHPjA5GH4wdwnAoOzCt7BVLUKtIAAW2ClNGz2OxTrs=", + "lastModified": 1747158007, + "narHash": "sha256-uwRCd2RAAdMOvReceeaWHGp8RoGjFyIouQN053MsMSk=", "owner": "nix-community", "repo": "nix-on-droid", - "rev": "40b8c7465f78887279a0a3c743094fa6ea671ab1", + "rev": "7f68d674b30997434868c9e93784724fdbf37367", "type": "github" }, "original": { @@ -647,11 +647,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1747485343, - "narHash": "sha256-YbsZyuRE1tobO9sv0PUwg81QryYo3L1F3R3rF9bcG38=", + "lastModified": 1746957726, + "narHash": "sha256-k9ut1LSfHCr0AW82ttEQzXVCqmyWVA5+SHJkS5ID/Jo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9b5ac7ad45298d58640540d0323ca217f32a6762", + "rev": "a39ed32a651fdee6842ec930761e31d1f242cb94", "type": "github" }, "original": { @@ -663,17 +663,17 @@ }, "nixpkgsSisko": { "locked": { - "lastModified": 1747542820, - "narHash": "sha256-GaOZntlJ6gPPbbkTLjbd8BMWaDYafhuuYRNrxCGnPJw=", + "lastModified": 1742288794, + "narHash": "sha256-Txwa5uO+qpQXrNG4eumPSD+hHzzYi/CdaM80M9XRLCo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043", + "rev": "b6eaf97c6960d97350c584de1b6dcff03c9daf42", "type": "github" }, "original": { "owner": "NixOS", "repo": "nixpkgs", - "rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043", + "rev": "b6eaf97c6960d97350c584de1b6dcff03c9daf42", "type": "github" } }, @@ -711,11 +711,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1747542820, - "narHash": "sha256-GaOZntlJ6gPPbbkTLjbd8BMWaDYafhuuYRNrxCGnPJw=", + "lastModified": 1747179050, + "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043", + "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e", "type": "github" }, "original": { @@ -742,11 +742,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1747542820, - "narHash": "sha256-GaOZntlJ6gPPbbkTLjbd8BMWaDYafhuuYRNrxCGnPJw=", + "lastModified": 1747179050, + "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043", + "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e", "type": "github" }, "original": { @@ -1009,11 +1009,11 @@ ] }, "locked": { - "lastModified": 1747469671, - "narHash": "sha256-bo1ptiFoNqm6m1B2iAhJmWCBmqveLVvxom6xKmtuzjg=", + "lastModified": 1747299117, + "narHash": "sha256-JGjCVbxS+9t3tZ2IlPQ7sdqSM4c+KmIJOXVJPfWmVOU=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "ab0378b61b0d85e73a8ab05d5c6029b5bd58c9fb", + "rev": "e758f27436367c23bcd63cd973fa5e39254b530e", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 145218e..440867f 100644 --- a/flake.nix +++ b/flake.nix @@ -3,7 +3,7 @@ inputs = { flakeParts.url = "github:hercules-ci/flake-parts"; - nixpkgsSisko.url = "github:NixOS/nixpkgs/292fa7d4f6519c074f0a50394dbbe69859bb6043"; + nixpkgsSisko.url = "github:NixOS/nixpkgs/b6eaf97c6960d97350c584de1b6dcff03c9daf42"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixosHardware.url = "github:NixOS/nixos-hardware"; homeManager = { diff --git a/hmModules/emacs/init.el b/hmModules/emacs/init.el index 7959261..b142b0f 100644 --- a/hmModules/emacs/init.el +++ b/hmModules/emacs/init.el @@ -566,16 +566,13 @@ :mode "\\.hs\\'" :config (add-to-list 'eglot-server-programs - '(haskell-ts-mode . ("haskell-language-server" "--lsp")))) - -(use-package tidal - :custom ((tidal-interpreter "tidal"))) + '(haskell-ts-mode . ("haskell-language-server-wrapper" "--lsp")))) (use-package purescript-mode :custom ((project-vc-extra-root-markers '("spago.dhall"))) :hook ((purescript-mode . eglot-ensure) - (purescript-mode . turn-on-purescript-indentation) - (purescript-mode . (lambda () (setq project-vc-extra-root-markers '("spago.dhall")))))) + (purescript-mode . turn-on-purescript-indentation) + (purescript-mode . (lambda () (setq project-vc-extra-root-markers '("spago.dhall")))))) (use-package terraform-mode :after eglot @@ -599,15 +596,6 @@ (use-package gptscript-mode :mode "\\.gpt\\'") -(use-package gptscript-mode - :mode "\\.gpt\\'") - -(use-package typst-ts-mode - :config - (add-to-list 'eglot-server-programs - '(typst-ts-mode . ("tinymist" "lsp"))) - :mode "\\.typ\\'") - ;; FIXME ;; (use-package mmm-mode ;; :config @@ -625,7 +613,7 @@ (use-package paredit :delight :hook ((lisp-mode . enable-paredit-mode) - (emacs-lisp-mode . enable-paredit-mode))) + (emacs-lisp-mode . enable-paredit-mode))) (use-package aggressive-indent :hook ((lisp-mode . aggressive-indent-mode) @@ -1031,15 +1019,15 @@ This is meant to be an helper to be called from the window manager." :custom (gptel-model 'google/gemini-2.5-flash-preview) (gptel-backend (gptel-make-openai "OpenRouter" - :host "openrouter.ai" - :endpoint "/api/v1/chat/completions" - :key (lambda () (require 'f) (f-read-text (getenv "OPENAI_API_KEY_PATH"))) - :stream t - :models '(google/gemini-2.5-flash-preview)) - ) + :host "openrouter.ai" + :endpoint "/api/v1/chat/completions" + :key (lambda () (require 'f) (f-read-text (getenv "OPENAI_API_KEY_PATH"))) + :stream t + :models '(google/gemini-2.5-flash-preview)) + ) (gptel-default-mode 'org-mode) (gptel-org-branching-context nil) ;; this is cool but I don't feel comfortable with it - (gptel-use-tools 't) + (gptel-use-tools nil) :bind ("C-c a a" . gptel-add) @@ -1054,163 +1042,80 @@ This is meant to be an helper to be called from the window manager." ;; (add-hook 'gptel-post-response-functions 'gptel-end-of-response) ;; (add-hook 'gptel-post-stream-hook 'gptel-auto-scroll) - (defun ccr/edit-buffer (buffer-name old-string new-string) - "In BUFFER-NAME, replace OLD-STRING with NEW-STRING." - (with-current-buffer buffer-name - (let ((case-fold-search nil)) ;; Case-sensitive search - (save-excursion - (goto-char (point-min)) - (let ((count 0)) - (while (search-forward old-string nil t) - (setq count (1+ count))) - (if (= count 0) - (format "Error: Could not find text to replace in buffer %s" buffer-name) - (if (> count 1) - (format "Error: Found %d matches for the text to replace in buffer %s" count buffer-name) - (goto-char (point-min)) - (search-forward old-string) - (replace-match new-string t t) - (format "Successfully edited buffer %s" buffer-name)))))))) - - (defun ccr/replace-buffer (buffer-name content) - "Completely replace contents of BUFFER-NAME with CONTENT." - (with-current-buffer buffer-name - (erase-buffer) - (insert content) - (format "Buffer replaced: %s" buffer-name))) - - (setq gptel-tools `( - ,(gptel-make-tool - :function (lambda (url) - (with-current-buffer (url-retrieve-synchronously url) - (goto-char (point-min)) - (forward-paragraph) - (let ((dom (libxml-parse-html-region (point) (point-max)))) - (run-at-time 0 nil #'kill-buffer (current-buffer)) - (with-temp-buffer - (shr-insert-document dom) - (buffer-substring-no-properties (point-min) (point-max)))))) - :name "read_url" - :description "Fetch and read the contents of a URL" - :args (list '(:name "url" - :type string - :description "The URL to read")) - :category "web") - ,(gptel-make-tool - :function (lambda (filepath) - (with-temp-buffer - (insert-file-contents (expand-file-name filepath)) - (buffer-string))) - :name "read_file" - :description "Read and display the contents of a file" - :args (list '(:name "filepath" - :type string - :description "Path to the file to read. Supports relative paths and ~.")) - :category "filesystem") - ,(gptel-make-tool - :function (lambda (directory) - (mapconcat #'identity - (directory-files directory) - "\n")) - :name "list_directory" - :description "List the contents of a given directory" - :args (list '(:name "directory" - :type string - :description "The path to the directory to list")) - :category "filesystem") - ,(gptel-make-tool - :function (lambda () (mapcar 'buffer-name (buffer-list))) - :name "list_buffers" - :description "Return a list containing all the Emacs buffers" - :category "emacs") - ,(gptel-make-tool - :function (lambda (buffer) - (unless (buffer-live-p (get-buffer buffer)) - (error "Error: buffer %s is not live." buffer)) - (with-current-buffer buffer - (buffer-substring-no-properties (point-min) (point-max)))) - :name "read_buffer" - :description "Return the contents of an Emacs buffer" - :args (list '(:name "buffer" - :type string - :description "The name of the buffer whose contents are to be retrieved")) - :category "emacs") - ,(gptel-make-tool - :function (lambda (buffer text) - (with-current-buffer (get-buffer-create buffer) - (save-excursion - (goto-char (point-max)) - (insert text))) - (format "Appended text to buffer %s" buffer)) - :name "append_to_buffer" - :description "Append text to an Emacs buffer. If the buffer does not exist, it will be created." - :confirm t - :args (list '(:name "buffer" - :type string - :description "The name of the buffer to append text to.") - '(:name "text" - :type string - :description "The text to append to the buffer.")) - :category "emacs") - ,(gptel-make-tool - :name "EditBuffer" - :function #'ccr/edit-buffer - :description "Edits Emacs buffers" - :confirm t - :args '((:name "buffer_name" - :type string - :description "Name of the buffer to modify" - :required t) - (:name "old_string" - :type string - :description "Text to replace (must match exactly)" - :required t) - (:name "new_string" - :type string - :description "Text to replace old_string with" - :required t)) - :category "edit") - , - (gptel-make-tool - :name "ReplaceBuffer" - :function #'ccr/replace-buffer - :description "Completely overwrites buffer contents" - :confirm t - :args '((:name "buffer_name" - :type string - :description "Name of the buffer to overwrite" - :required t) - (:name "content" - :type string - :description "Content to write to the buffer" - :required t)) - :category "edit") - )) - + (setq gptel-tools (mapcar (lambda (tool) (apply #'gptel-make-tool tool)) + '(( + :name "create_file" + :function (lambda (path filename content) + (let ((full-path (expand-file-name filename path))) + (with-temp-buffer + (insert content) + (write-file full-path)) + (format-read "Created file %s in %s" filename path))) + :description "Create a new file with the specified content" + :args (list '(:name "path" + :type string + :description "The directory where to create the file") + '(:name "filename" + :type string + :description "The name of the file to create") + '(:name "content" + :type string + :description "The content to write to the file")) + :category "filesystem" + ) + ;; ( + ;; :name "run_command" + ;; :confirm 't + ;; :function (lambda (command) + ;; (shell-command-to-string command)) + ;; :description "Run arbitrary commands" + ;; :args (list '(:name "command" + ;; :type string + ;; :description "The content to run e.g. 'ls *' or 'fd '")) + ;; ) + ( + :name "get_weather" + :function (lambda (location) + (url-retrieve-synchronously "api.weather.com/..." + location unit)) + :description "Get the current weather in a given location" + :args (list '(:name "location" + :type string + :description "The city and state, e.g. San Francisco, CA") + '(:name "unit" + :type string + :enum ["celsius" "farenheit"] + :description + "The unit of temperature, either 'celsius' or 'fahrenheit" + :optional t + )) + ) + )) + ) (defun ccr/suggest-eshell-command () (interactive) (save-excursion (eshell-bol) (let ((start-pos (point)) - (end-pos (line-end-position))) - (gptel-request - (buffer-substring-no-properties start-pos end-pos) ;the prompt - :system "You are proficient with emacs shell (eshell), translate the following to something I could directly prompt to the shell. Your responses should only be code, without explanation or formatting or quoting." - :buffer (current-buffer) - :context (cons (set-marker (make-marker) start-pos) - (set-marker (make-marker) end-pos)) - :callback - (lambda (response info) - (if (not response) - (message "ChatGPT response failed with: %s" (plist-get info :status)) - (kill-region start-pos end-pos) - (insert response))))))) + (end-pos (line-end-position))) + (gptel-request + (buffer-substring-no-properties start-pos end-pos) ;the prompt + :system "You are proficient with emacs shell (eshell), translate the following to something I could directly prompt to the shell. Your responses should only be code, without explanation or formatting or quoting." + :buffer (current-buffer) + :context (cons (set-marker (make-marker) start-pos) + (set-marker (make-marker) end-pos)) + :callback + (lambda (response info) + (if (not response) + (message "ChatGPT response failed with: %s" (plist-get info :status)) + (kill-region start-pos end-pos) + (insert response))))))) (add-to-list 'display-buffer-alist '("^\\*ChatGPT\\*" - (display-buffer-full-frame) - (name . "floating"))) + (display-buffer-full-frame) + (name . "floating"))) (defun ccr/start-chatgpt () ;; Used from outside Emacs by emacsclient --eval (display-buffer (gptel "*ChatGPT*")) @@ -1226,9 +1131,9 @@ This is meant to be an helper to be called from the window manager." (require 'password-store-otp) ;; FIXME use `use-pacakge' idiomatic way :bind (("C-c p p" . password-store-copy) - ("C-c p o" . password-store-otp-token-copy) - ("C-c p e" . password-store-edit) - ("C-c p i" . password-store-insert))) + ("C-c p o" . password-store-otp-token-copy) + ("C-c p e" . password-store-edit) + ("C-c p i" . password-store-insert))) (use-package with-editor :init (shell-command-with-editor-mode +1)) diff --git a/hmModules/gpg/default.nix b/hmModules/gpg/default.nix index abef97c..f245f26 100644 --- a/hmModules/gpg/default.nix +++ b/hmModules/gpg/default.nix @@ -2,7 +2,7 @@ { services.gpg-agent = { enable = true; - pinentry.package = pkgs.pinentry-rofi.override { + pinentryPackage = pkgs.pinentry-rofi.override { rofi = pkgs.rofi-wayland; }; extraConfig = '' diff --git a/hmModules/jellyfin/default.nix b/hmModules/jellyfin/default.nix deleted file mode 100644 index 77d23c3..0000000 --- a/hmModules/jellyfin/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ pkgs, ... }: -{ - home.packages = [ pkgs.jellyfin-media-player ]; -} diff --git a/hmModules/niri/config.kdl b/hmModules/niri/config.kdl index 06f54e1..eecbd3b 100644 --- a/hmModules/niri/config.kdl +++ b/hmModules/niri/config.kdl @@ -19,7 +19,7 @@ input { touchpad { // off tap - dwt + // dwt // dwtp natural-scroll // accel-speed 0.2 diff --git a/hmModules/shell/catppuccin_mocha.omp.json b/hmModules/shell/catppuccin_mocha.omp.json deleted file mode 100644 index c5c74c8..0000000 --- a/hmModules/shell/catppuccin_mocha.omp.json +++ /dev/null @@ -1,61 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/JanDeDobbeleer/oh-my-posh/main/themes/schema.json", - "palette": { - "os": "#ACB0BE", - "closer": "p:os", - "pink": "#F5C2E7", - "lavender": "#B4BEFE", - "blue": "#89B4FA" - }, - "blocks": [ - { - "alignment": "left", - "segments": [ - { - "foreground": "p:blue", - "style": "plain", - "template": "{{ .UserName }}@{{ .HostName }} ", - "type": "session" - }, - { - "foreground": "p:pink", - "properties": { - "folder_icon": "..\ue5fe..", - "home_icon": "~", - "style": "agnoster_short" - }, - "style": "plain", - "template": "{{ .Path }} ", - "type": "path" - }, - { - "foreground": "p:lavender", - "properties": { - "branch_icon": "\ue725 ", - "cherry_pick_icon": "\ue29b ", - "commit_icon": "\uf417 ", - "fetch_status": false, - "fetch_upstream_icon": false, - "merge_icon": "\ue727 ", - "no_commits_icon": "\uf0c3 ", - "rebase_icon": "\ue728 ", - "revert_icon": "\uf0e2 ", - "tag_icon": "\uf412 " - }, - "template": "{{ .HEAD }} ", - "style": "plain", - "type": "git" - }, - { - "style": "plain", - "foreground": "p:closer", - "template": "\uf105", - "type": "text" - } - ], - "type": "prompt" - } - ], - "final_space": true, - "version": 3 -} diff --git a/hmModules/shell/default.nix b/hmModules/shell/default.nix index 6c7e5c1..c654977 100644 --- a/hmModules/shell/default.nix +++ b/hmModules/shell/default.nix @@ -84,12 +84,7 @@ programs.thefuck.enable = true; programs.oh-my-posh = { enable = true; - # same as "captuccin_mocha" but without the OS logo - settings = lib.mkForce ( - builtins.fromJSON ( - builtins.unsafeDiscardStringContext (builtins.readFile ./catppuccin_mocha.omp.json) - ) - ); + useTheme = "catppuccin_mocha"; }; programs.zellij.enableBashIntegration = false; diff --git a/hmModules/spotify/default.nix b/hmModules/spotify/default.nix index 5bc0a6d..59b2edd 100644 --- a/hmModules/spotify/default.nix +++ b/hmModules/spotify/default.nix @@ -9,18 +9,18 @@ in { home.packages = [ spotify-adblocked ]; - # systemd.user.services.spotify-adblocked = { - # Install.WantedBy = [ "graphical-session.target" ]; + systemd.user.services.spotify-adblocked = { + Install.WantedBy = [ "graphical-session.target" ]; - # Unit = { - # Description = "Spotify"; - # PartOf = [ "graphical-session.target" ]; - # }; + Unit = { + Description = "Spotify"; + PartOf = [ "graphical-session.target" ]; + }; - # Service = { - # ExecStart = lib.getExe spotify-adblocked; - # Restart = "on-failure"; - # RestartSec = 3; - # }; - # }; + Service = { + ExecStart = lib.getExe spotify-adblocked; + Restart = "on-failure"; + RestartSec = 3; + }; + }; } diff --git a/hosts/default.nix b/hosts/default.nix index cf4fc6f..7ed6ca8 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -109,7 +109,6 @@ "home-assistant-token".owner = "prometheus"; "grafana-password".owner = "grafana"; "cloudflare-dyndns-api-token" = { }; - "cloudflare-api-tokens" = { }; "restic-hetzner-password" = { }; "hass-ssh-key".owner = "hass"; "sisko-attic-environment-file".owner = "atticd"; diff --git a/hosts/pike/default.nix b/hosts/pike/default.nix index 2248933..e5e6ca6 100644 --- a/hosts/pike/default.nix +++ b/hosts/pike/default.nix @@ -89,7 +89,6 @@ "zoom" "pantalaimon" "gimp" - "jellyfin" ]; extraGroups = [ "plugdev" ]; backupPaths = [ ]; diff --git a/hosts/sisko/default.nix b/hosts/sisko/default.nix index 13a9b0d..9daa84c 100644 --- a/hosts/sisko/default.nix +++ b/hosts/sisko/default.nix @@ -36,8 +36,6 @@ "amule" "adguard-home" "garmin-grafana" - # "dump1090" - "arbi" ] ++ [ ./disko.nix diff --git a/lib/default.nix b/lib/default.nix index 3d15451..4330d49 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -4,7 +4,6 @@ ccr-ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIm9Sl/I+5G4g4f6iE4oCUJteP58v+wMIew9ZuLB+Gea"; oneplus8t = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO8da1Mf11vXFF0kVDgxocVoGwpHHMEs9emS9T+v8hLb oneplus8t"; hercules-ci-agent = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGPupm00BiveTIYF6CNwuMijF5VvEaPDMjvt+vMlAy+N hercules-ci-agent"; - forgejo-ci = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH5mbqLoZ/0J45J7J+17XMGv/dXs3DGABJsnvDv4rgC9 forgjeo-ci"; }; hosts = { kirk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAH49KzayIro3L1bteR7nwupMM/vKlDh05t5/DFD9/uz"; diff --git a/modules/amule/default.nix b/modules/amule/default.nix index 6416e9f..9752f8f 100644 --- a/modules/amule/default.nix +++ b/modules/amule/default.nix @@ -1,46 +1,34 @@ -{ config, pkgs, ... }: -let - rev = "966199fe1dccc9c6c7016bdb1d9582f27797bc02"; - amule-flake = builtins.getFlake "github:NixOS/nixpkgs/${rev}"; - inherit (amule-flake.legacyPackages.${pkgs.system}) amule-daemon amule-web; -in +{ config, lib, ... }: { - disabledModules = [ "services/networking/amuled.nix" ]; - documentation.nixos.enable = false; - - imports = [ "${amule-flake}/nixos/modules/services/networking/amuled.nix" ]; - - services.amule = { - enable = true; - package = amule-daemon; - amuleWebPackage = amule-web; - openPeerPorts = true; - openWebServerPort = true; - # TODO the service is accessible only from the VPN - # however better using agenix - ExternalConnectPasswordFile = pkgs.writeText "password" "pippo"; - WebServerPasswordFile = pkgs.writeText "password" "pippo"; - settings = { - eMule = { - IncomingDir = "/mnt/hd/amule"; - TempDir = "/mnt/hd/amule/Temp"; - }; - WebServer = { - Enabled = 1; - }; - }; + users.users.amule = { + isSystemUser = true; + group = "amule"; + extraGroups = [ "amule" ]; + home = config.services.amule.dataDir; }; + users.groups.amule = { }; + services.amule = { + dataDir = "/mnt/hd/amule"; + enable = true; + user = "amule"; + }; + + # sometimes the service crashes with a segfeault without any reason... + systemd.services.amuled.serviceConfig.Restart = lib.mkForce "always"; + environment.persistence."/persist".directories = [ config.services.amule.dataDir ]; - services.nginx.virtualHosts."amule.sisko.wg.aciceri.dev" = { - forceSSL = true; - useACMEHost = "aciceri.dev"; - locations."/" = { - proxyPass = "http://localhost:${builtins.toString config.services.amule.settings.WebServer.Port}"; - }; - serverAliases = [ "amule.sisko.zt.aciceri.dev" ]; + networking.firewall = { + allowedTCPPorts = [ 4662 ]; + allowedUDPPortRanges = [ + { + from = 4665; + to = 4672; + } + ]; }; + } diff --git a/modules/arbi/default.nix b/modules/arbi/default.nix deleted file mode 100644 index 02ab9e5..0000000 --- a/modules/arbi/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, pkgs, ... }: -let - rev = "d531730d9640160f0519ef4b3640f8da49dd96f8"; - arbi-flake = builtins.getFlake "git+ssh://git@github.com/aciceri/arbi.git?rev=${rev}"; -in -{ - imports = [ arbi-flake.nixosModules.arbi ]; - - services.arbi = { - enable = true; - log_level = "debug"; - configFile = pkgs.writeText "arbi-config.kdl" '' - endpoint "wss://eth-mainnet.g.alchemy.com/v2/" - pairs_file "pairs.json" - concurrency 4 - ''; - }; - - environment.persistence."/persist".directories = [ - config.services.arbi.dataDir - ]; -} diff --git a/modules/common/default.nix b/modules/common/default.nix index f83e6e4..5aa4549 100644 --- a/modules/common/default.nix +++ b/modules/common/default.nix @@ -18,10 +18,9 @@ nixpkgs.config.allowUnfree = true; # Forgive me Mr. Stallman :( system.switch.enableNg = true; - environment.systemPackages = with pkgs; [ - btop - ncdu - git + environment.systemPackages = [ + pkgs.btop + pkgs.ncdu ]; # FIXME not the best place diff --git a/modules/dump1090/default.nix b/modules/dump1090/default.nix deleted file mode 100644 index cf74a4e..0000000 --- a/modules/dump1090/default.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - pkgs, - ... -}: -let - dump1090-flake = builtins.getFlake "github:NixOS/nixpkgs/541f05042033467730fb8cedb08355dc91b94c74"; - inherit (dump1090-flake.legacyPackages.${pkgs.system}) dump1090-fa; -in -{ - imports = [ "${dump1090-flake}/nixos/modules/services/misc/dump1090-fa.nix" ]; - - hardware.rtl-sdr.enable = true; - - disabledModules = [ "services/misc/dump10190-fa.nix" ]; - documentation.nixos.enable = false; - - services.dump1090-fa = { - enable = true; - package = dump1090-fa; - }; - - services.nginx.virtualHosts."dump1090.sisko.wg.aciceri.dev" = { - forceSSL = true; - useACMEHost = "aciceri.dev"; - locations = { - "/".alias = "${dump1090-fa}/share/dump1090/"; - "/data/".alias = "/run/dump1090-fa/"; - }; - serverAliases = [ "dump1090.sisko.zt.aciceri.dev" ]; - }; -} diff --git a/modules/forgejo-runners/default.nix b/modules/forgejo-runners/default.nix index f6d7682..3234a46 100644 --- a/modules/forgejo-runners/default.nix +++ b/modules/forgejo-runners/default.nix @@ -17,7 +17,6 @@ let gnugrep gawk git - openssh nix bash jq @@ -39,6 +38,15 @@ let cp -a "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" $out/etc/ssl/certs/ca-bundle.crt ''; numInstances = 1; + pushToCache = pkgs.writeScript "push-to-cache.sh" '' + #!/bin/sh + set -eu + set -f # disable globbing + export IFS=' ' + + echo "Uploading paths" $OUT_PATHS + exec nix copy --to "s3://cache?profile=default®ion=eu-south-1&scheme=https&endpoint=cache.aciceri.dev" $OUT_PATHS + ''; in lib.mkMerge [ { @@ -72,6 +80,7 @@ lib.mkMerge [ cat < etc/nix/nix.conf accept-flake-config = true experimental-features = nix-command flakes + post-build-hook = ${pushToCache} include access-tokens NIX_CONFIG @@ -112,9 +121,22 @@ lib.mkMerge [ nix.settings.trusted-users = [ "nixuser" ]; } { + # Format of the token file: virtualisation = { podman.enable = true; }; + + # virtualisation.containers.storage.settings = { + # storage.driver = "zfs"; + # storage.graphroot = "/var/lib/containers/storage"; + # storage.runroot = "/run/containers/storage"; + # storage.options.zfs.fsname = "zroot/root/podman"; + # }; + + # virtualisation.containers.containersConf.settings = { + # # podman seems to not work with systemd-resolved + # containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ]; + # }; } { systemd.services = diff --git a/modules/garmin-grafana/default.nix b/modules/garmin-grafana/default.nix index e75b15b..90795e6 100644 --- a/modules/garmin-grafana/default.nix +++ b/modules/garmin-grafana/default.nix @@ -5,8 +5,7 @@ ... }: let - rev = "f24579d13ee035af96d4a68b765af2aa4b1018b6"; - garmin-grafana-flake = builtins.getFlake "github:NixOS/nixpkgs/${rev}"; + garmin-grafana-flake = builtins.getFlake "github:NixOS/nixpkgs/1f03fefb44665cd2377912033de22ffaba2be48d"; inherit (garmin-grafana-flake.legacyPackages.${pkgs.system}) garmin-grafana; in { diff --git a/modules/nginx-base/default.nix b/modules/nginx-base/default.nix index a79716e..5068162 100644 --- a/modules/nginx-base/default.nix +++ b/modules/nginx-base/default.nix @@ -14,7 +14,7 @@ dnsProvider = "cloudflare"; dnsPropagationCheck = true; group = config.services.nginx.group; - environmentFile = config.age.secrets.cloudflare-api-tokens.path; + environmentFile = config.age.secrets.cloudflare-dyndns-api-token.path; }; }; }; diff --git a/modules/nix/default.nix b/modules/nix/default.nix index 000ede4..1b2258d 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -92,7 +92,7 @@ ]; protocol = "ssh-ng"; sshUser = "root"; - sshKey = "/home/${config.ccr.username}/.ssh/id_ed25519"; + sshKey = "/home/${config.ccr.username}/.ssh/id_rsa"; } ++ (lib.lists.optional (config.networking.hostName == "picard") { hostName = "mac.staging.mlabs.city?remote-program=/run/current-system/sw/bin/nix-store"; diff --git a/packages/emacs/packages.nix b/packages/emacs/packages.nix index 9ab2c44..73c6e96 100644 --- a/packages/emacs/packages.nix +++ b/packages/emacs/packages.nix @@ -206,7 +206,6 @@ let mixed-pitch visual-replace org-super-agenda - tidal # org-re-reveal # FIXME very not nice hash mismatch when building ] ) @@ -223,9 +222,6 @@ let eat corfu-terminal haskell-ts-mode - ]) - ++ (with epkgs; [ - typst-ts-mode # why this doesn't seem to be in elpaPackages? ]); in mainPackages ++ (builtins.attrValues extraPackages) diff --git a/secrets/cloudflare-api-tokens.age b/secrets/cloudflare-api-tokens.age deleted file mode 100644 index 57e68b8..0000000 --- a/secrets/cloudflare-api-tokens.age +++ /dev/null @@ -1,17 +0,0 @@ -age-encryption.org/v1 --> ssh-rsa /AagBw -hD7PDjueXimBVI/rjcYxN77LHV2eGytKcUbmh17aSL1CNM+eriURFao3tj52Hiaz -3VMB6FxWUk9kzgjMPvf5WZukuZ2WbpPH8xlDV+6ZH7e/IzmjIfx8Ny14Mr1IF/Rx -TBiCIAM19/1/mR9MiIBW85bb+Bb/waWIZAgxW3N1RpqH5+vAVqx0iY3XRF5+0gOq -blP3yEw3QaL6FuY0+a+d/TnCsrz2Gi1Rba9oCUmkzOP96TsJYdN58Ut6nrHFkURK -mShL2xBMLmfA8Z5ep+D8ueyQbcYpeU3KHcIcRM6dRTwQKvWXAVkRt1nUGasKrO9Y -oJT9BrcxjtqgF/xhHRjWpamjFSI3mlJnJNEbruddDwQUccrJOvEzvqZ7GK0WoFX2 -HmhdDOiocMGWFeBPAKlNtU3+QmtZvhvOIgbjKhNxmCt1A/qxfvRk7Y2IDIBo+CFo -sKMrT1tCo4UYaJdZYl64XYNCQb3C2EfO7Exrq3d2urNidzUbr9OBx7CCI1nu375c -Qol9Kr28fLtxRuSZlrqIe9vKVYyLDPznrRlh6TmgqmMLIW70Y8cZwMtT8L8sOkcm -A8MoxpWFzK4BKo0Iqmw6eZ3nx/0LAzkz005ZEwrmi2W/XxOWJgBiaLmu7YwnoGq0 -gzwwvA5V5MT6Iy7FzkQpMi0h/H4MZ0mcbihKdPun85Q --> ssh-ed25519 +vdRnA 23Gviu8hfWCEBPHP7xYIaOx34kFsxJJgJ/BNUDlb9Cg -ROiMY2gw/rpNBmJnlRVb7Qhi5+8TY3Velj8gEZcaedI ---- dhmvfQoCjuRUJtvXNI/eCjH0W+IeJm8bFRvYk1JihD0 -qMC,݈ԝ9-\KJ]J(Sn.Qp~Z$e"픒\'rSlu +UD<Սv]|/g[ W_>-fl8|wيlB[\.k(W{=w 3N}qG-wMb^Q{ \ No newline at end of file diff --git a/secrets/cloudflare-dyndns-api-token.age b/secrets/cloudflare-dyndns-api-token.age index 6f09f52..57e68b8 100644 Binary files a/secrets/cloudflare-dyndns-api-token.age and b/secrets/cloudflare-dyndns-api-token.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 7b341b1..8724ce7 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -92,10 +92,6 @@ with keys.users; deltaflyer pike ]; - "cloudflare-api-tokens.age".publicKeys = [ - ccr-ssh - sisko - ]; "cloudflare-dyndns-api-token.age".publicKeys = [ ccr-ssh sisko