From fce5f49e57efd5ff666b48b7a981b5dfb441cd99 Mon Sep 17 00:00:00 2001 From: "Lennart J. Kurzweg (Nx2)" Date: Mon, 3 Jun 2024 16:59:11 +0200 Subject: [PATCH] Sops-Nix --- .sops.yaml | 12 +- configuration.nix | 11 +- flake.lock | 74 ++++++--- flake.nix | 47 ++---- home-modules/bash.nix | 29 ++++ home-modules/fish.nix | 4 +- home-modules/gpg.nix | 6 +- home-modules/hyprland.nix | 19 +-- home-modules/nelix.nix | 0 home-modules/nixvim.nix | 128 ---------------- home-modules/nvim-lua/options.lua | 0 home-modules/nvim-lua/plugin/cmp.lua | 46 ------ home-modules/nvim-lua/plugin/lsp.lua | 49 ------ home-modules/nvim-lua/plugin/other.lua | 0 home-modules/nvim-lua/plugin/telescope.lua | 16 -- home-modules/nvim-lua/plugin/treesitter.lua | 9 -- home-modules/nvim.nix | 120 --------------- home-modules/programming/node.nix | 7 + home-modules/{ => programming}/python.nix | 0 home-modules/qt.nix | 4 +- home-modules/sops.nix | 23 +++ home-modules/starship.nix | 162 +++++++++----------- home.nix | 6 +- secrets/passwords-and-certificates.nix | Bin 2641 -> 0 bytes sops-secrets.yaml | 44 ++++++ system-modules/hsmw.nix | 2 +- system-modules/sops.nix | 19 ++- system-modules/sshd.nix | 14 +- system-modules/syncthing.nix | 76 ++++++--- 29 files changed, 373 insertions(+), 554 deletions(-) create mode 100755 home-modules/bash.nix delete mode 100644 home-modules/nelix.nix delete mode 100755 home-modules/nixvim.nix delete mode 100755 home-modules/nvim-lua/options.lua delete mode 100755 home-modules/nvim-lua/plugin/cmp.lua delete mode 100755 home-modules/nvim-lua/plugin/lsp.lua delete mode 100755 home-modules/nvim-lua/plugin/other.lua delete mode 100755 home-modules/nvim-lua/plugin/telescope.lua delete mode 100755 home-modules/nvim-lua/plugin/treesitter.lua delete mode 100755 home-modules/nvim.nix create mode 100644 home-modules/programming/node.nix rename home-modules/{ => programming}/python.nix (100%) create mode 100644 home-modules/sops.nix delete mode 100755 secrets/passwords-and-certificates.nix create mode 100644 sops-secrets.yaml diff --git a/.sops.yaml b/.sops.yaml index b7a8695..9a4312c 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,7 +1,13 @@ keys: - - &primary ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID1RPCcS8DtIf75a2FEW4d8X6WTVeLlmretoLqppvZlJ openpgp:0xC317996E + - &users: + # - &nx2 age1sgzc2jh8af30a3cp6g7l4hyzusqrn3x3xw7frghc4akvjaplwa3stfemxc + - &nx2 22FB2CC03DC5292AB81CF67D0AF27B383170E634 + - &hosts: + - &north age1vkqn2nars5qmpr35tac0x9vshphrq6nnzjfyxwusgn27kt3zualssv0u8e creation_rules: - - path_regex: secrets/secrets.yaml$ + - path_regex: sops-secrets.yaml$ key_groups: - age: - - *primary + - *north + pgp: + - *nx2 diff --git a/configuration.nix b/configuration.nix index f637c4e..07f1950 100755 --- a/configuration.nix +++ b/configuration.nix @@ -1,8 +1,9 @@ -{ config, lib, pkgs, pkgs-unstable, user, host, allowed, secrets, rice, nvidia, ... }: +{ pkgs, pkgs-unstable, rice, inputs, ... }: let in { imports = [ + inputs.sops-nix.nixosModules.sops ./system-modules/hardware-configuration.nix ./system-modules/fuse.nix ./system-modules/nvidia.nix @@ -15,8 +16,8 @@ in ./system-modules/sshd.nix ./system-modules/gpg.nix ./system-modules/sops.nix - # ./system-modules/syncthing.nix - ./system-modules/hsmw.nix + ./system-modules/syncthing.nix + # ./system-modules/hsmw.nix # old ./system-modules/docker.nix ./system-modules/health_reminder.nix ./system-modules/ollama.nix @@ -85,6 +86,10 @@ in sendme ]); + environment.variables = { + EDITOR = "hx"; + VISUAL = "hx"; + }; fonts.packages = with pkgs; [ noto-fonts diff --git a/flake.lock b/flake.lock index f486732..dba001a 100755 --- a/flake.lock +++ b/flake.lock @@ -42,11 +42,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1716782615, - "narHash": "sha256-/Awpe+K8Npq35mhPw3gj+X/phWrvjXCEgbraxmtBlIU=", + "lastModified": 1717128197, + "narHash": "sha256-jUObiEzZXl07D1JYsZr86TJOFFeJw3rJD3OUOCHicP0=", "owner": "rycee", "repo": "nur-expressions", - "rev": "33111902039a1a779aef5574c7262dd8e9d688ae", + "rev": "179e0cecb2c8a663fcf9acfaff067cd2dd0da66b", "type": "gitlab" }, "original": { @@ -208,11 +208,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1716801877, - "narHash": "sha256-vfMb7opO2xva0jt/UwMGlyjK4DB73SWxus4Oryww+C8=", + "lastModified": 1717151932, + "narHash": "sha256-MwAAjC9AXaxxmvTMkgZZvdWaE/d7AfVd0L1NZtciRbY=", "ref": "refs/heads/main", - "rev": "db5d39a66f1285f78321d953eac398feaedfc63d", - "revCount": 4744, + "rev": "df6ebe358b30ee7b49f296e05763e5e4b0edce98", + "revCount": 4751, "submodules": true, "type": "git", "url": "https://github.com/hyprwm/Hyprland" @@ -235,11 +235,11 @@ ] }, "locked": { - "lastModified": 1715722806, - "narHash": "sha256-KrSLG2H3KGELxTFdiBhv8U6D53Q3UsJsQO+KgEabsNA=", + "lastModified": 1717171694, + "narHash": "sha256-LN2lrcGdAMpkooleWSOV+/q1+wx1f3pSBs1TWeoMCkA=", "owner": "hyprwm", "repo": "hyprland-plugins", - "rev": "c28d1011f4868c1a1ee80b10d9ee79900686df82", + "rev": "e0cad229c3d799c7f72b1217ab2eb300ceecf3ac", "type": "github" }, "original": { @@ -382,13 +382,29 @@ "type": "github" } }, - "nixpkgs-unstable": { + "nixpkgs-stable_2": { "locked": { - "lastModified": 1716509168, - "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=", + "lastModified": 1716655032, + "narHash": "sha256-kQ25DAiCGigsNR/Quxm3v+JGXAEXZ8I7RAF4U94bGzE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bfb7a882678e518398ce9a31a881538679f6f092", + "rev": "59a450646ec8ee0397f5fa54a08573e8240eb91f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1716948383, + "narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ad57eef4ef0659193044870c731987a6df5cf56b", "type": "github" }, "original": { @@ -415,11 +431,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1716633019, - "narHash": "sha256-xim1b5/HZYbWaZKyI7cn9TJCM6ewNVZnesRr00mXeS4=", + "lastModified": 1716991068, + "narHash": "sha256-Av0UWCCiIGJxsZ6TFc+OiKCJNqwoxMNVYDBChmhjNpo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9d29cd266cebf80234c98dd0b87256b6be0af44e", + "rev": "25cf937a30bf0801447f6bf544fc7486c6309234", "type": "github" }, "original": { @@ -467,7 +483,8 @@ "hyprland-plugins": "hyprland-plugins", "lanzaboote": "lanzaboote", "nixpkgs": "nixpkgs_3", - "nixpkgs-unstable": "nixpkgs-unstable" + "nixpkgs-unstable": "nixpkgs-unstable", + "sops-nix": "sops-nix" } }, "rust-overlay": { @@ -495,6 +512,27 @@ "type": "github" } }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_2" + }, + "locked": { + "lastModified": 1716692524, + "narHash": "sha256-sALodaA7Zkp/JD6ehgwc0UCBrSBfB4cX66uFGTsqeFU=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "962797a8d7f15ed7033031731d0bb77244839960", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1689347949, diff --git a/flake.nix b/flake.nix index 6d6e4c1..5d8b116 100755 --- a/flake.nix +++ b/flake.nix @@ -1,5 +1,5 @@ { - description = "A Flake lol"; + description = "Multisystem NixOS Flake of Lennart J. Kurzweg"; inputs = { nixpkgs.url = "nixpkgs/nixos-23.11"; @@ -8,6 +8,10 @@ url = "github:nix-community/home-manager/release-23.11"; inputs.nixpkgs.follows = "nixpkgs"; }; + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; hyprland = { url = "git+https://github.com/hyprwm/Hyprland?submodules=1"; @@ -50,7 +54,7 @@ user = "nx2"; - nvidia = rec { + nvidia = { enable = true; prime = true; # unfree = if enable then [ @@ -79,7 +83,7 @@ ]; }; - secrets = import ./secrets/passwords-and-certificates.nix; + secrets = import ./git-crypt/secrets.nix; rice = rec { lib = import ./nxlib/ricelib.nix { lib = nixpkgs.lib; }; @@ -134,11 +138,7 @@ in { nixosConfigurations = { - NxXPS = - let - host = "NxXPS"; - in - nixpkgs.lib.nixosSystem { + NxXPS = let host = "NxXPS"; in nixpkgs.lib.nixosSystem { inherit system; modules = [ ./configuration.nix ]; specialArgs = { inherit inputs user host pkgs-unstable allowed secrets rice nvidia; }; @@ -148,12 +148,7 @@ modules = [ ./configuration.nix ]; specialArgs = { inherit inputs user host pkgs-unstable allowed secrets rice nvidia; }; }; - NxACE = - let - host = "NxACE"; - nvidia.enable = false; - in - nixpkgs.lib.nixosSystem { + NxACE = let host = "NxACE"; nvidia.enable = false; in nixpkgs.lib.nixosSystem { inherit system; modules = [ ./configuration.nix ]; specialArgs = { inherit inputs user host pkgs-unstable allowed secrets rice nvidia; }; @@ -163,29 +158,17 @@ homeConfigurations = { "${user}@NxXPS" = let host = "NxXPS"; in home-manager.lib.homeManagerConfiguration { inherit pkgs; - modules = [ - ./home.nix - ]; + modules = [ ./home.nix ]; extraSpecialArgs = { inherit inputs system user host allowed secrets pkgs-unstable rice nvidia; }; }; "${user}@NxNORTH" = let host = "NxNORTH"; in home-manager.lib.homeManagerConfiguration { inherit pkgs; - modules = [ - ./home.nix - ]; + modules = [ ./home.nix ]; extraSpecialArgs = { inherit inputs system user host allowed secrets pkgs-unstable rice nvidia; }; }; - - "${user}@NxACE" = - let - host = "NxACE"; - nvidia.enable = false; - in - home-manager.lib.homeManagerConfiguration { + "${user}@NxACE" = let host = "NxACE"; nvidia.enable = false; in home-manager.lib.homeManagerConfiguration { inherit pkgs; - modules = [ - ./home.nix - ]; + modules = [ ./home.nix ]; extraSpecialArgs = { inherit inputs system user host allowed secrets pkgs-unstable rice nvidia; }; }; "tv@NxACE" = @@ -196,9 +179,7 @@ in home-manager.lib.homeManagerConfiguration { inherit pkgs; - modules = [ - ./home.nix - ]; + modules = [ ./home.nix ]; extraSpecialArgs = { inherit inputs system user host allowed secrets pkgs-unstable rice nvidia; }; }; }; diff --git a/home-modules/bash.nix b/home-modules/bash.nix new file mode 100755 index 0000000..c5d0985 --- /dev/null +++ b/home-modules/bash.nix @@ -0,0 +1,29 @@ +{ pkgs, lib, user, ... }: +lib.mkIf (user != "tv") +{ + home.packages = with pkgs; [ + bash + ]; + programs.bash = { + enable = true; + shellAliases = { + ll = "ls -l"; + la = "ls -a"; + lla = "ls -la"; + }; + shellOptions = [ + "histappend" + "checkwinsize" + "extglob" + "globstar" + "checkjobs" + ]; + enableCompletion = false; + # initExtra = '' + # if [[ $- == *i* ]] # if interactive + # then + # eval "$(${pkgs.starship}/bin/starship init bash)" + # fi + # ''; + }; +} diff --git a/home-modules/fish.nix b/home-modules/fish.nix index 0a02e87..cd1b824 100755 --- a/home-modules/fish.nix +++ b/home-modules/fish.nix @@ -27,7 +27,7 @@ lib.mkIf (user != "tv") $(echo -e "$logo" | sed -n 6p): $(bash --version | head --lines 1 | cut -f -4 -d' ') $(echo -e "$logo" | sed -n 7p): fish $(fish --version | rev | cut -f 1 -d' ' | rev) $(echo -e "$logo" | sed -n 8p): ''$(uname -r) - $(echo -e "$logo" | sed -n 9p): ''${EDITOR} + $(echo -e "$logo" | sed -n 9p): $($EDITOR --version | head -n 1) $(echo -e "$logo" | sed -n 10p): $(yazi --version) $(echo -e "$logo" | sed -n 11p): $(starship --version | head -n 1) " @@ -88,7 +88,7 @@ lib.mkIf (user != "tv") if not set -q IN_NIX_SHELL nxfetch end - ${pkgs.starship}/bin/starship init fish | source + # ${pkgs.starship}/bin/starship init fish | source # ${pkgs.any-nix-shell}/bin/any-nix-shell fish --info-right | source ''; functions = { diff --git a/home-modules/gpg.nix b/home-modules/gpg.nix index 46647d1..5e21c48 100644 --- a/home-modules/gpg.nix +++ b/home-modules/gpg.nix @@ -1,10 +1,12 @@ -{ pkgs, ... }: +{ pkgs, pkgs-unstable, ... }: { # there also is a system module home.packages = with pkgs; [ gnupg gpg-tui - ]; + ] ++ ( with pkgs-unstable; [ + pinentry-all + ]); services.gpg-agent = { enable = true; diff --git a/home-modules/hyprland.nix b/home-modules/hyprland.nix index d113945..d35ded3 100755 --- a/home-modules/hyprland.nix +++ b/home-modules/hyprland.nix @@ -25,17 +25,17 @@ let scale = "1.0"; }; left = { - name = "HDMI-A-3"; + name = "HDMI-A-2"; resolution = "1920x1080"; position = "0x360"; scale = "1.0"; }; - right = { - name = "HDMI-A-2"; - resolution = "1920x1080"; - position = "4480x360"; - scale = "1.0"; - }; + # right = { + # name = "HDMI-A-2"; + # resolution = "1920x1080"; + # position = "4480x360"; + # scale = "1.0"; + # }; }; ace = { main = { @@ -82,7 +82,7 @@ lib.mkIf (user != "tv") ]) else (if host == "NxNORTH" then (with monitors.north; [ "${main.name}, ${main.resolution}, ${main.position}, ${main.scale}" "${left.name}, ${left.resolution}, ${left.position}, ${left.scale}" - "${right.name}, ${right.resolution}, ${right.position}, ${right.scale}" + # "${right.name}, ${right.resolution}, ${right.position}, ${right.scale}" ]) else ( with monitors.ace; [ "${main.name}, ${main.resolution}, ${main.position}, ${main.scale}" ])); @@ -91,7 +91,8 @@ lib.mkIf (user != "tv") let d1 = if host == "NxXPS" then monitors.xps.main.name else (if host == "NxNORTH" then monitors.north.main.name else monitors.ace.main.name); d2 = if host == "NxXPS" then monitors.xps.second.name else (if host == "NxNORTH" then monitors.north.left.name else monitors.ace.main.name); - d3 = if host == "NxXPS" then monitors.xps.main.name else (if host == "NxNORTH" then monitors.north.right.name else monitors.ace.main.name); + d3 = if host == "NxXPS" then monitors.xps.main.name else (if host == "NxNORTH" then monitors.north.main.name else monitors.ace.main.name); + # d3 = if host == "NxXPS" then monitors.xps.main.name else (if host == "NxNORTH" then monitors.north.right.name else monitors.ace.main.name); compact = "gapsin:0, gapsout:0, bordersize:1, rounding:false"; in [ diff --git a/home-modules/nelix.nix b/home-modules/nelix.nix deleted file mode 100644 index e69de29..0000000 diff --git a/home-modules/nixvim.nix b/home-modules/nixvim.nix deleted file mode 100755 index 308abda..0000000 --- a/home-modules/nixvim.nix +++ /dev/null @@ -1,128 +0,0 @@ -{ config, pkgs, inputs, system, rice, ... }: -{ - imports = [ - inputs.nixvim.homeManagerModules.nixvim - ]; - - home.packages = [ - pkgs.neovide - ]; - programs.nixvim = { - enable = true; - viAlias = true; - vimAlias = true; - clipboard.providers.wl-copy.enable = true; - - options = { - number = true; - relativenumber = true; - shiftwidth = 2; - }; - colorschemes.catppuccin = { - enable = true; - settings = { - mocha = { - base = "#ff0000"; - }; - disable_underline = true; - flavour = "mocha"; - integrations = { - cmp = true; - gitsigns = true; - mini = { - enabled = true; - indentscope_color = ""; - }; - notify = false; - nvimtree = true; - treesitter = true; - }; - styles = { - booleans = [ - "bold" - "italic" - ]; - conditionals = [ - "bold" - ]; - }; - term_colors = true; - }; - }; - # colorschemes.base16 = { - # enable = true; - # setUpBar = true; - # colorscheme = "onedark"; - - # customColorScheme = { - # base00 = rice.color.background; - # base01 = rice.color.black.bright; - # base02 = rice.color.blue.base; - # base03 = rice.color.blue.bright; - # base04 = rice.color.cyan.base; - # base05 = rice.color.cyan.bright; - # base06 = rice.color.green.base; - # base07 = rice.color.green.bright; - # base08 = rice.color.magenta.base; - # base09 = rice.color.magenta.bright; - # base0A = rice.color.red.base; - # base0B = rice.color.red.bright; - # base0C = rice.color.white.base; - # base0D = rice.color.white.bright; - # base0E = rice.color.yellow.base; - # base0F = rice.color.yellow.bright; - # }; - # }; - opts = { - termguicolors = true; - }; - globals = { - mapleader = " "; - }; - plugins = { - telescope = { - enable = true; - extensions = { - fzf-native.enable = true; - }; - keymaps = { - "" = { action = "find_files"; }; - "fg" = { action = "live_grep"; }; - }; - }; - - lightline = { - enable = true; - # colorscheme = "base16"; - # active = { - # left = [ - # ["mode" "paste"] - # ["readonly" "filename" "modified"] - # ]; - - # right = [ - # [ "lineinfo" ] - # [ "percent" ] - # [ "fileformat" "fileencoding" "filetype" "charvaluehex" ] - # [ "git" ] - # ]; - # }; - }; - nix.enable = true; - - lsp-lines.enable = true; - lspkind.enable = true; - }; - extraPlugins = [ ]; - keymaps = - let - mkKeymap = mode: key: action: { inherit mode key action; }; - mkKeymapWithOpts = mode: key: action: opts: (mkKeymap mode key action) // { options = opts; }; - in - [ - (mkKeymap "" "" "") - (mkKeymap "n" "ff" "builtin.find_files") - ]; - }; -} -## vl clipboard? diff --git a/home-modules/nvim-lua/options.lua b/home-modules/nvim-lua/options.lua deleted file mode 100755 index e69de29..0000000 diff --git a/home-modules/nvim-lua/plugin/cmp.lua b/home-modules/nvim-lua/plugin/cmp.lua deleted file mode 100755 index cf2b7a7..0000000 --- a/home-modules/nvim-lua/plugin/cmp.lua +++ /dev/null @@ -1,46 +0,0 @@ -local cmp = require('cmp') -local luasnip = require('luasnip') - -require('luasnip.loaders.from_vscode').lazy_load() -luasnip.config.setup {} - -cmp.setup { - snippet = { - expand = function(args) - luasnip.lsp_expand(args.body) - end, - }, - mapping = cmp.mapping.preset.insert { - [''] = cmp.mapping.select_next_item(), - [''] = cmp.mapping.select_prev_item(), - [''] = cmp.mapping.scroll_docs(-4), - [''] = cmp.mapping.scroll_docs(4), - [''] = cmp.mapping.complete {}, - [''] = cmp.mapping.confirm { - behavior = cmp.ConfirmBehavior.Replace, - select = true, - }, - [''] = cmp.mapping(function(fallback) - if cmp.visible() then - cmp.select_next_item() - elseif luasnip.expand_or_locally_jumpable() then - luasnip.expand_or_jump() - else - fallback() - end - end, { 'i', 's' }), - [''] = cmp.mapping(function(fallback) - if cmp.visible() then - cmp.select_prev_item() - elseif luasnip.locally_jumpable(-1) then - luasnip.jump(-1) - else - fallback() - end - end, { 'i', 's' }), - }, - sources = { - { name = 'nvim_lsp' }, - { name = 'luasnip' }, - }, -} diff --git a/home-modules/nvim-lua/plugin/lsp.lua b/home-modules/nvim-lua/plugin/lsp.lua deleted file mode 100755 index 6dd7f01..0000000 --- a/home-modules/nvim-lua/plugin/lsp.lua +++ /dev/null @@ -1,49 +0,0 @@ -local on_attach = function(_, bufnr) - - local bufmap = function(keys, func) - vim.keymap.set('n', keys, func, { buffer = bufnr }) - end - - bufmap('r', vim.lsp.buf.rename) - bufmap('a', vim.lsp.buf.code_action) - - bufmap('gd', vim.lsp.buf.definition) - bufmap('gD', vim.lsp.buf.declaration) - bufmap('gI', vim.lsp.buf.implementation) - bufmap('D', vim.lsp.buf.type_definition) - - bufmap('gr', require('telescope.builtin').lsp_references) - bufmap('s', require('telescope.builtin').lsp_document_symbols) - bufmap('S', require('telescope.builtin').lsp_dynamic_workspace_symbols) - - bufmap('K', vim.lsp.buf.hover) - - vim.api.nvim_buf_create_user_command(bufnr, 'Format', function(_) - vim.lsp.buf.format() - end, {}) -end - -local capabilities = vim.lsp.protocol.make_client_capabilities() -capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities) - -require('neodev').setup() -require'lspconfig'.lua_ls.setup{} --- require('lspconfig').lua_ls.setup { --- on_attach = on_attach, --- capabilities = capabilities, --- root_dir = function() --- return vim.loop.cwd() --- end, --- cmd = { "lua-lsp" }, --- settings = { --- Lua = { --- workspace = { checkThirdParty = false }, --- telemetry = { enable = false }, --- }, --- } --- } - -require('lspconfig').nixd.setup { - on_attach = on_attach, - capabilities = capabilities, -} diff --git a/home-modules/nvim-lua/plugin/other.lua b/home-modules/nvim-lua/plugin/other.lua deleted file mode 100755 index e69de29..0000000 diff --git a/home-modules/nvim-lua/plugin/telescope.lua b/home-modules/nvim-lua/plugin/telescope.lua deleted file mode 100755 index f2dae3d..0000000 --- a/home-modules/nvim-lua/plugin/telescope.lua +++ /dev/null @@ -1,16 +0,0 @@ -require('telescope').setup({ - extensions = { - fzf = { - fuzzy = true, -- false will only do exact matching - override_generic_sorter = true, -- override the generic sorter - override_file_sorter = true, -- override the file sorter - case_mode = "smart_case", -- or "ignore_case" or "respect_case" (the default case_mode is "smart_case") - } - } -}) - -require('telescope').load_extension('fzf') - - -local builtin = require('telescope.builtin') -vim.keymap.set('n', 'ff', builtin.find_files, {}) \ No newline at end of file diff --git a/home-modules/nvim-lua/plugin/treesitter.lua b/home-modules/nvim-lua/plugin/treesitter.lua deleted file mode 100755 index 2edb953..0000000 --- a/home-modules/nvim-lua/plugin/treesitter.lua +++ /dev/null @@ -1,9 +0,0 @@ -require('nvim-treesitter.configs').setup { - ensure_installed = {}, - - auto_install = false, - - highlight = { enable = true }, - - indent = { enable = true }, -} diff --git a/home-modules/nvim.nix b/home-modules/nvim.nix deleted file mode 100755 index 8f3fd0b..0000000 --- a/home-modules/nvim.nix +++ /dev/null @@ -1,120 +0,0 @@ -{ config, pkgs, pkgs-unstable, lib, user, rice, ... }: -let - toLua = str: "lua << EOF\n${str}\nEOF\n"; - toLuaFile = file: "lua << EOF\n${builtins.readFile file}\nEOF\n"; - - theme = { - name = "base16-colorscheme"; - package = pkgs-unstable.vimPlugins.base16-nvim; - }; -in -lib.mkIf (user != "tv") -{ - home.packages = with pkgs; [ - neovide - ]; - - programs.neovim = { - enable = true; - - viAlias = true; - vimAlias = true; - vimdiffAlias = true; - - extraPackages = with pkgs; [ - # extra - wl-clipboard - - # LSPs - nixd - lua-language-server - ]; - - plugins = with pkgs.vimPlugins; [ - nvim-lspconfig - nvim-cmp # A completion engine. Completion sources are installed from external repositories and "sourced". - cmp-nvim-lsp # cmp source: LSPs - luasnip # cmp source: LSPs - nvim-web-devicons # icons or some shit - friendly-snippets # a collention of snippets for many languages - neodev-nvim # configures lua-language-server for Neovim - vim-nix # Syntax highlighting, Filetype detection, Automatic indentation, NixEdit command: navigate nixpkgs by attribute name - telescope-nvim - telescope-fzf-native-nvim - lualine-nvim - comment-nvim - (nvim-treesitter.withPlugins (p: with p; [ - tree-sitter-nix - tree-sitter-vim - tree-sitter-bash - tree-sitter-lua - tree-sitter-python - tree-sitter-json - tree-sitter-html - tree-sitter-css - tree-sitter-dockerfile - tree-sitter-ssh_config - tree-sitter-javascript - tree-sitter-gitignore - ]) - ) - ] ++ [ theme.package ]; - - extraLuaConfig = '' - -- Options - vim.keymap.set("n", "", "") - vim.g.mapleader = " " - vim.g.maplocalleader = ' ' - vim.o.clipboard = 'unnamedplus' - vim.o.number = true - vim.o.relativenumber = true - vim.o.signcolumn = 'yes' - vim.o.tabstop = 2 - vim.o.shiftwidth = 2 - vim.o.updatetime = 300 - vim.o.termguicolors = true - vim.o.mouse = 'a' - - -- Colorscheme - require('base16-colorscheme').setup({ - base00 = '${rice.color.background}', - base01 = '${rice.color.black.bright}', - base02 = '${rice.color.blue.base}', - base03 = '${rice.color.blue.bright}', - base04 = '${rice.color.cyan.base}', - base05 = '${rice.color.cyan.bright}', - base06 = '${rice.color.green.base}', - base07 = '${rice.color.green.bright}', - base08 = '${rice.color.magenta.base}', - base09 = '${rice.color.magenta.bright}', - base0A = '${rice.color.red.base}', - base0B = '${rice.color.red.bright}', - base0C = '${rice.color.foreground}', - base0D = '${rice.color.white.bright}', - base0E = '${rice.color.yellow.base}', - base0F = '${rice.color.yellow.bright}', - }) - require('base16-colorscheme').with_config({ - telescope = true, - -- indentblankline = true, - -- notify = true, - -- ts_rainbow = true, - cmp = true, - -- illuminate = true, - -- dapui = true, - }) - - -- PLUGINS - require("Comment").setup() - require("lualine").setup({ - icons_enabled = true, - theme = '${theme.name}', - }) - require("Comment").setup() - ${builtins.readFile ./nvim-lua/plugin/lsp.lua} - ${builtins.readFile ./nvim-lua/plugin/cmp.lua} - ${builtins.readFile ./nvim-lua/plugin/telescope.lua} - ${builtins.readFile ./nvim-lua/plugin/treesitter.lua} - ''; - }; -} diff --git a/home-modules/programming/node.nix b/home-modules/programming/node.nix new file mode 100644 index 0000000..e2decfd --- /dev/null +++ b/home-modules/programming/node.nix @@ -0,0 +1,7 @@ +{ pkgs, lib, host, ... }: +lib.mkIf (host != "NxACE") +{ + home.packages = with pkgs; [ + nodejs + ]; +} diff --git a/home-modules/python.nix b/home-modules/programming/python.nix similarity index 100% rename from home-modules/python.nix rename to home-modules/programming/python.nix diff --git a/home-modules/qt.nix b/home-modules/qt.nix index 22a11b8..b78e18d 100755 --- a/home-modules/qt.nix +++ b/home-modules/qt.nix @@ -1,7 +1,7 @@ -{ config, pkgs, lib, system, user, allowed, secrets, ... }: +{ pkgs, lib, user, ... }: lib.mkIf (user != "tv") { qt = { platformTheme = "gtk"; }; -} \ No newline at end of file +} diff --git a/home-modules/sops.nix b/home-modules/sops.nix new file mode 100644 index 0000000..23468d8 --- /dev/null +++ b/home-modules/sops.nix @@ -0,0 +1,23 @@ +{ user, inputs, ... }: +{ + imports = [ + inputs.sops-nix.homeManagerModules.sops + ]; + + sops = { + # age.keyFile = "/home/${user}/.config/sops/age/keys.txt"; + gnupg.home = "/home/${user}/.gnupg"; + defaultSopsFile = ../sops-secrets.yaml; + + # %r is $XDG_RUNTIME_DIR + secrets = { + "example" = { + path = "%r/secrets/example"; + }; + # "sops-age-private-key" = { # Bootstrapping doens't work + # mode = "0400"; + # path = "/home/${user}/.config/sops/age/keys.txt"; + # }; + }; + }; +} diff --git a/home-modules/starship.nix b/home-modules/starship.nix index 69dbec1..e74fd6c 100755 --- a/home-modules/starship.nix +++ b/home-modules/starship.nix @@ -1,16 +1,15 @@ -{ config, pkgs, lib, system, user, allowed, secrets, ... }: +{ pkgs, lib, user, rice, ... }: lib.mkIf (user != "tv") { home.packages = [ pkgs.starship ]; - ## gets sourced in fish.nix - - programs.starship = { enable = true; - settings = { + # enableBashIntegration = true; + enableFishIntegration = true; + settings = with rice.color; { add_newline = false; format = lib.strings.concatMapStrings (x: "$" + x) [ "jobs" @@ -82,96 +81,83 @@ lib.mkIf (user != "tv") "custom" "sudo" "cmd_duration" - "time" + # "time" "status" "container" "shell" "character" ]; - aws.format = "[\\[$symbol($profile)(\\($region\\))(\\[$duration\\])\\]]($style)"; - bun.format = "[\\[$symbol($version)\\]]($style)"; - c.format = "[\\[$symbol($version(-$name))\\]]($style)"; - cmake.format = "[\\[$symbol($version)\\]]($style)"; - cmd_duration.format = "[\\[$symbol$duration\\]]($style)"; - cobol.format = "[\\[$symbol($version)\\]]($style)"; - conda.format = "[\\[$symbol$environment\\]]($style)"; - crystal.format = "[\\[$symbol($version)\\]]($style)"; - daml.format = "[\\[$symbol($version)\\]]($style)"; - dart.format = "[\\[$symbol($version)\\]]($style)"; - deno.format = "[\\[$symbol($version)\\]]($style)"; - docker_context.format = "[\\[$symbol($context)\\]]($style)"; - dotnet.format = "[\\[$symbol($version)(🎯 $tfm)\\]]($style)"; - elixir.format = "[\\[$symbol($version \\(OTP $otp_version\\))\\]]($style)"; - elm.format = "[\\[$symbol($version)\\]]($style)"; - erlang.format = "[\\[$symbol($version)\\]]($style)"; - gcloud.format = "[\\[$symbol$account(@$domain)(\\($region\\))\\]]($style)"; - git_branch.format = "[\\[$symbol$branch:]($style)"; - git_status.format = "([$all_status$ahead_behind]($style))(bold green)[\\]]($style)"; - golang.format = "[\\[$symbol($version)\\]]($style)"; - haskell.format = "[\\[$symbol($version)\\]]($style)"; - helm.format = "[\\[$symbol($version)\\]]($style)"; - hg_branch.format = "[\\[$symbol$branch\\]]($style)"; - java.format = "[\\[$symbol($version)\\]]($style)"; - julia.format = "[\\[$symbol($version)\\]]($style)"; - kotlin.format = "[\\[$symbol($version)\\]]($style)"; - kubernetes.format = "[\\[$symbol$context( \\($namespace\\))\\]]($style)"; - lua.format = "[\\[$symbol($version)\\]]($style)"; - memory_usage.format = "[\\[$symbol[$ram( | $swap)\\]]($style)"; - meson.format = "[\\[$symbol$project\\]]($style)"; - nim.format = "[\\[$symbol($version)\\]]($style)"; - nix_shell.format = "[\\[󱄅 $state \\($name\\)\\]]($style)"; - nodejs.format = "[\\[$symbol($version)\\]]($style)"; - ocaml.format = "[\\[$symbol($version)(\\($switch_indicator$switch_name\\))\\]]($style)"; - openstack.format = "[\\[$symbol$cloud(\\($project\\))\\]]($style)"; - package.format = "[\\[$symbol$version\\]]($style)"; - perl.format = "[\\[$symbol($version)\\]]($style)"; - php.format = "[\\[$symbol($version)\\]]($style)"; - pulumi.format = "[\\[$symbol$stack\\]]($style)"; - purescript.format = "[\\[$symbol($version)\\]]($style)"; - python = { - format = ''[\[''${symbol}''${pyenv_prefix}''${version}$virtualenv\]]($style)''; - symbol = " "; - }; - raku.format = "[\\[$symbol($version-$vm_version)\\]]($style)"; - red.format = "[\\[$symbol($version)\\]]($style)"; - ruby.format = "[\\[$symbol($version)\\]]($style)"; - rust.format = "[\\[$symbol($version)\\]]($style)"; - scala.format = "[\\[$symbol($version)\\]]($style)"; - spack.format = "[\\[$symbol$environment\\]]($style)"; - sudo.format = "[\\[$symbol]\\]"; - swift.format = "[\\[$symbol($version)\\]]($style)"; - terraform.format = "[\\[$symbol$workspace\\]]($style)"; - time.format = "[\\[$time\\]]($style)"; - username.format = "[\\[$user\\]]($style)"; - vagrant.format = "[\\[$symbol($version)\\]]($style)"; - vlang.format = "[\\[$symbol($version)\\]]($style)"; - zig.format = "[\\[$symbol($version)\\]]($style)"; - directory = { - format = "[\\[]($style)[$lock_symbol]($lock_style)[$path\\]]($style)"; - style = "cyan bold"; - }; + aws.format = "[\\[$symbol($profile)(\\($region\\))(\\[$duration\\])\\]](fg:${foreground})"; + battery.format = "[\\[$symbol$percentage\\]](fg:${foreground})"; + bun.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + c.format = "[\\[$symbol($version(-$name))\\]](fg:${foreground})"; character = { - format = "$symbol"; - success_symbol = "[\\[󰽧\\]](bold white) "; - error_symbol = "[\\[\\]](bold red) "; - vimcmd_symbol = "[\\[\\]](bold green) "; - vimcmd_replace_one_symbol = "[\\[1\\]](bold green) "; - vimcmd_replace_symbol = "[\\[R\\]](bold green) "; - vimcmd_visual_symbol = "[\\[V\\]](bold green) "; - }; - battery.format = "[\\[$symbol$percentage\\]]($style)"; - shlvl.format = "[\\[$symbol$shlvl\\]]($style)"; - singularity.format = "[\\[$symbol\\[$env\\]\\]]($style)"; - jobs = { - format = "[\\[$symbol $number\\]]($style)"; - number_threshold = 1; - }; - vcsh.format = "[\\[vcsh [$symbol$repo\\]]($style)"; - hostname = { - format = "[\\[$ssh_symbol$hostname\\]]($style)"; - ssh_symbol = "󰖟 "; - ssh_only = true; + format = "$symbol "; + success_symbol = "[\\[󰽧\\]](${foreground})"; + error_symbol = "[\\[\\]](${negative.base})"; + vimcmd_replace_one_symbol = "[\\[1\\]](${special.base})"; + vimcmd_replace_symbol = "[\\[R\\]](${special.base})"; + vimcmd_symbol = "[\\[\\]](${special.base})"; + vimcmd_visual_symbol = "[\\[V\\]](${special.base})"; }; + cmake.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + cmd_duration.format = "[\\[$symbol$duration\\]](fg:${accent.bright})"; + cobol.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + conda.format = "[\\[$symbol$environment\\]](fg:${foreground})"; + crystal.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + daml.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + dart.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + deno.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + directory.format = "[\\[](fg:${accent.base})[$lock_symbol](${negative.base})[$path\\]](fg:${accent.base})"; + docker_context.format = "[\\[$symbol($context)\\]](fg:${foreground})"; + dotnet.format = "[\\[$symbol($version)(🎯 $tfm)\\]](fg:${foreground})"; + elixir.format = "[\\[$symbol($version \\(OTP $otp_version\\))\\]](fg:${foreground})"; + elm.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + erlang.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + gcloud.format = "[\\[$symbol$account(@$domain)(\\($region\\))\\]](fg:${foreground})"; + git_branch.format = "[\\[$symbol$branch](fg:${secondary.base})"; + git_status.format = "[:](fg:${secondary.base})[$all_status$ahead_behind](fg:${tertiary.base})[\\]](fg:${secondary.base})"; + golang.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + haskell.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + helm.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + hg_branch.format = "[\\[$symbol$branch\\]](fg:${foreground})"; + hostname.format = "[\\[󰖟 $hostname\\]](fg:${foreground})"; # ssh only by default + java.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + jobs.format = "[\\[$symbol $number\\]](fg:${foreground})"; + julia.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + kotlin.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + kubernetes.format = "[\\[$symbol$context( \\($namespace\\))\\]](fg:${foreground})"; + lua.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + memory_usage.format = "[\\[$symbol[$ram( | $swap)\\]](fg:${foreground})"; + meson.format = "[\\[$symbol$project\\]](fg:${foreground})"; + nim.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + nix_shell.format = "[\\[󱄅 $state\\($name\\)\\]](fg:${foreground})"; + nodejs.format = "[\\[$symbol$version\\]](fg:${yellow.bright})"; + ocaml.format = "[\\[$symbol($version)(\\($switch_indicator$switch_name\\))\\]](fg:${foreground})"; + openstack.format = "[\\[$symbol$cloud(\\($project\\))\\]](fg:${foreground})"; + package.format = "[\\[$symbol$version\\]](fg:${foreground})"; + perl.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + php.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + pulumi.format = "[\\[$symbol$stack\\]](fg:${foreground})"; + purescript.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + python.format = "[\\[ ](${blue.base})[$pyenv_prefix$version$virtualenv](${yellow.base})[\\]](fg:${blue.base})"; + raku.format = "[\\[$symbol($version-$vm_version)\\]](fg:${foreground})"; + red.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + ruby.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + rust.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + scala.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + shlvl.format = "[\\[$symbol$shlvl\\]](fg:${foreground})"; + singularity.format = "[\\[$symbol\\[$env\\]\\]](fg:${foreground})"; + spack.format = "[\\[$symbol$environment\\]](fg:${foreground})"; + sudo.format = "[\\[$symbol]\\]"; + swift.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + terraform.format = "[\\[$symbol$workspace\\]](fg:${foreground})"; + time.format = "[\\[$time\\]](fg:${foreground})"; + username.format = "[\\[$user\\]](fg:${foreground})"; + vagrant.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + vcsh.format = "[\\[vcsh [$symbol$repo\\]](fg:${foreground})"; + vlang.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + zig.format = "[\\[$symbol($version)\\]](fg:${foreground})"; }; }; } diff --git a/home.nix b/home.nix index da4ebb7..6488743 100755 --- a/home.nix +++ b/home.nix @@ -25,6 +25,7 @@ ./home-modules/kitty.nix ./home-modules/fish.nix + ./home-modules/bash.nix ./home-modules/starship.nix # ./home-modules/nvim.nix ./home-modules/helix.nix @@ -35,6 +36,7 @@ ./home-modules/ssh.nix ./home-modules/gpg.nix + ./home-modules/sops.nix ./home-modules/git.nix ./home-modules/mako.nix @@ -43,7 +45,9 @@ ./home-modules/latex.nix ./home-modules/pandoc.nix - ./home-modules/python.nix + + ./home-modules/programming/python.nix + ./home-modules/programming/node.nix ./home-modules/color-pallete.nix ]; diff --git a/secrets/passwords-and-certificates.nix b/secrets/passwords-and-certificates.nix deleted file mode 100755 index f225aac2029f6fb52bb6bcd65d33ad6a6e186443..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2641 zcmZQ@_Y83kiVO&0ki1`@wPdrBna)));rGXX2j`VGh;1qedExi|#f=&NHc8svi220k zYF2dQzw_^;uZGKiOZxqGy7_Ff>jb%!Sjh~N&a0`<&fa*I`uV_-{hlp`M}-T1Nd;-z zZu)S=Pcn7R&S%qoE;BY|&z)4kad^i6Pu{Kf_ZuZQc01><;huVR^~JK}na%=&qF=-w zNbk?PcS-TW)8@YFTP`nUDu);z}G`uW|VCNnQv*xSYWIG>7W z-e`Cs{-3W)wPOD+kr|l>j7sFr92C_TYv*`Z)VbzG#O}py*TjreY9Fr@-D|9#sh+n& z#PGvcTQBjd_vpvV@4qZtXI){aUu9nDsp4gRE8=RT?e@-J50)9m@y=PY zY);lUmgf$Ik`K?v_CLINlYhmsAis}#`%E|F=U`M|FkWjt$n)^7>oN^zL~2(f2h|WIn#5U z;^!aBbGP}(`{+qnYf5osiERmeP~k7OcU#dpHH)+7S2*l`r^w{45I9$0qvDhkZrfE) zU%RzZ0nD=h{>+hP&3`4igSeE~?f6ISk+2oxhYVong1UounP%sIea)$sX0sB{lQJ&n$Qb6J`yi~r{DX0OS3)NHes^5<06h( zbMl@>?|qS(;94*zaPt|z<`WNIeOtc1P}z!o$wcjfNd8c9Gl?ABQ~37ytTQY8&aV4Y z^h^CkuI#nK`Fg@^-!`u_;hMi;MGK2*Etl)5Vn3y>Euh4E4cc0( z;PS0Fvf+a6C3T0{dFlqnTP~hgQ$d#0x8ieE*2I6g_3)&+lC;3L#>Zi{^S{6EX{)BorNsJuBpX`)&_o6T{1@xSxE zh5nW8ongMw(T1yYxx4b4mI62Cu!Tj!NA?GLEY5pA`;g1&SQit$iN6jIKROP-N zce#aINnd(`^E)QSFqy1M`IJ7srAM|E-oJJ8(eaax68<6E7GJt5CA(;~azNV)fsLi!!YqR7j!sA&E<+uYutEE$1k zKG$xlac_SlDrvoEXX(aMXYRAzDq5_owj#pLxZ}>F1?A=i8b-zs&n0p^YDj)j7VXR1 z&aG~jJ@L~7j~;m`MHb^DUW?aEb@Jad{p3Sc`O>2cJ8b7=tte>S!N-4rxpnHzd9y$3*7`@XoVr-g@NTKs<5giZ zjgmKQjC76kb^9GPJ&i{(yltjsNdvFqkLgpwoW5>axcZoJ^Dd*QK8$?XH`H|uEW7e|;)SB%<13CN1-}04dB-Xv7|E4yaoRR2%QqN+k=lJcRz;b5t?N2z_~m4_Ma*B3tJ%lx|B zsPf9q=HHWRuQ*K9+mJOs#ffF#9A(w;pgW9tB|Y8w<;_mt>?CZmI99+H_dm4qKX?e)meV zrhcJ>ZY{#p=!)*lXB~GL-aYiu zJ6gwOX?3V7id+2a`?EfNLffwWe=j+)p>lF_($PPj1+V@#YaC7r;(lAzqJH(erXN@G z3VTt5uv*y}X&w7*FNC<9+qL+@sbr_$QDw)Tg>tlMzV2OP${n%ChVfVH&B@Q3N;aPm zUm)8xXMxe146e-MLRx$d`@G^A7p^(*{@&>il`CGZOp*Lo@JFTIJkv|_vucqs!>whe zAGS_NUOKnw$EiEf*W^z3^Tm3s_5F;+s&6Eq$+|s z)}1$e?(_9JtNr@)*I{$@?k9%tvvS@1HN&kV*7>v0k;paH^PiV%cAQw6Y{hxqc=?w7 zyI(1Y#-%*xJe$!WD&3@+7@5?t;C_U`+Vs6w75yiNIy{=Mbd=@OV$tqGXTFIC)`*>( zD1Cmxw@&Ye7UwKIi;9I7nz8FlQq?~!^;P+u&XT6`JCk&ld2MDDu-&uvy^6*6ew%x{ j6(&9OD%RebxGhSf