diff --git a/flake.lock b/flake.lock index c8419c7..4de7295 100644 --- a/flake.lock +++ b/flake.lock @@ -48,6 +48,28 @@ "type": "github" } }, + "firefox-addons": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "dir": "pkgs/firefox-addons", + "lastModified": 1767089190, + "narHash": "sha256-TaPGpx3KSx9pjmM4C9kdClz/2JlyHQQaprzBYPWowvg=", + "owner": "rycee", + "repo": "nur-expressions", + "rev": "bf40463eb8b5becdc657a2262be71d785bbb35ef", + "type": "gitlab" + }, + "original": { + "dir": "pkgs/firefox-addons", + "owner": "rycee", + "repo": "nur-expressions", + "type": "gitlab" + } + }, "flake-compat": { "locked": { "lastModified": 1688025799, @@ -247,6 +269,22 @@ "type": "github" } }, + "nixpkgs-old": { + "locked": { + "lastModified": 1766399428, + "narHash": "sha256-vS6LSOMDOB3s+L6tqw9IGujxnmUAZQnEG+Vi640LayI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "a6c3a6141ec1b367c58ead3f7f846c772a25f4e5", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1744536153, @@ -295,6 +333,22 @@ "type": "github" } }, + "nixpkgs_5": { + "locked": { + "lastModified": 1764517877, + "narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2d293cbfa5a793b4c50d17c05ef9e385b90edf6c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixvim": { "inputs": { "flake-parts": "flake-parts", @@ -377,15 +431,36 @@ "type": "github" } }, + "proton-pass-cli": { + "inputs": { + "nixpkgs": "nixpkgs_5" + }, + "locked": { + "lastModified": 1766050030, + "narHash": "sha256-+jAjk7HyJ4aBo+JQODETpFFtpaXnUakcNx7ckBKhUkY=", + "owner": "yuxqiu", + "repo": "proton-pass-cli-nix", + "rev": "db5bd21dfe19b31d62fb62a7441a4d4c35bdf747", + "type": "github" + }, + "original": { + "owner": "yuxqiu", + "repo": "proton-pass-cli-nix", + "type": "github" + } + }, "root": { "inputs": { "apple-fonts": "apple-fonts", "elytrarides": "elytrarides", + "firefox-addons": "firefox-addons", "home-manager": "home-manager", "nixos-apple-silicon": "nixos-apple-silicon", "nixpkgs": "nixpkgs_4", + "nixpkgs-old": "nixpkgs-old", "nixvim": "nixvim", "plasma-manager": "plasma-manager", + "proton-pass-cli": "proton-pass-cli", "sops-nix": "sops-nix", "terranix": "terranix", "unstable": "unstable", @@ -598,11 +673,11 @@ }, "unstable": { "locked": { - "lastModified": 1765779637, - "narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=", + "lastModified": 1766651565, + "narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1306659b587dc277866c7b69eb97e5f07864d8c4", + "rev": "3e2499d5539c16d0d173ba53552a4ff8547f4539", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index d7ee9cc..2034f17 100644 --- a/flake.nix +++ b/flake.nix @@ -4,6 +4,8 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.11"; + nixpkgs-old.url = "github:nixos/nixpkgs?ref=nixos-25.05"; + unstable.url = "github:nixos/nixpkgs?ref=nixos-unstable"; nixos-apple-silicon.url = @@ -41,8 +43,15 @@ inputs.nixpkgs.follows = "unstable"; }; + firefox-addons = { + url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + apple-fonts.url= "github:Lyndeno/apple-fonts.nix"; + proton-pass-cli.url = "github:yuxqiu/proton-pass-cli-nix"; + plasma-manager = { url = "github:nix-community/plasma-manager"; inputs.nixpkgs.follows = "nixpkgs"; @@ -51,7 +60,7 @@ }; outputs = { self, nixpkgs, unstable, nixos-apple-silicon, home-manager - , plasma-manager, nixvim, sops-nix, terranix, elytrarides, zen-browser, apple-fonts, ... }: + , plasma-manager, nixvim, sops-nix, terranix, elytrarides, zen-browser, apple-fonts, nixpkgs-old, proton-pass-cli, firefox-addons, ... }: let forAllSystems = function: nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed @@ -108,10 +117,11 @@ max = let system = "aarch64-linux"; pkgs-unstable = import unstable { inherit system; }; + pkgs-old = import nixpkgs-old { inherit system; }; secrets = import ./secrets; in nixpkgs.lib.nixosSystem { inherit system; - specialArgs = { inherit pkgs-unstable secrets zen-browser apple-fonts; }; + specialArgs = { inherit pkgs-unstable secrets zen-browser apple-fonts pkgs-old proton-pass-cli; }; modules = [ ./host/max/default.nix nixos-apple-silicon.nixosModules.apple-silicon-support @@ -120,7 +130,7 @@ { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; - home-manager.extraSpecialArgs = { inherit secrets zen-browser; }; + home-manager.extraSpecialArgs = { inherit secrets zen-browser firefox-addons; }; home-manager.users.max = { config, pkgs, lib, ... }: { imports = [ sops-nix.homeManagerModules.sops diff --git a/home/common/optional/desktop/hyprland/hyprland.nix b/home/common/optional/desktop/hyprland/hyprland.nix index 52d95b4..7c5b498 100644 --- a/home/common/optional/desktop/hyprland/hyprland.nix +++ b/home/common/optional/desktop/hyprland/hyprland.nix @@ -29,6 +29,7 @@ settings = { "$terminal" = "${pkgs.uwsm}/bin/uwsm-app -- ${pkgs.alacritty}/bin/alacritty"; "$fileManager" = "${pkgs.uwsm}/bin/uwsm-app -- ${pkgs.pcmanfm}/bin/pcmanfm"; + "$browser" = "${pkgs.uwsm}/bin/uwsm-app -- zen-beta"; "$menu" = "${pkgs.walker}/bin/walker"; monitor = [ @@ -184,6 +185,7 @@ "$mainMod, W, killactive," # bind = $mainMod, M, exit, "$mainMod, E, exec, $fileManager" + "$mainMod, B, exec, $browser" # "$mainMod, V, togglefloating," "$mainMod, space, exec, $menu" "$mainMod, P, pseudo, # dwindle" diff --git a/host/ark/default.nix b/host/ark/default.nix index de11fb2..89d6fe0 100644 --- a/host/ark/default.nix +++ b/host/ark/default.nix @@ -15,7 +15,7 @@ ./service/radicale.nix ./service/wakapi.nix - ./service/elytra.nix + # ./service/elytra.nix ./service/money.nix ]; @@ -51,8 +51,8 @@ "audio.koon.us" = "http://localhost:8021"; "radicale.koon.us" = "http://localhost:5232"; "waka.koon.us" = "http://localhost:3006"; - "ride.koon.us" = "http://localhost:3007"; - "ride-api.koon.us" = "http://localhost:8080"; + # "ride.koon.us" = "http://localhost:3007"; + # "ride-api.koon.us" = "http://localhost:8080"; "money.koon.us" = "http://localhost:3160"; "zero.koon.us" = "http://localhost:4848"; diff --git a/host/ark/service/git.nix b/host/ark/service/git.nix index d031366..64a4e59 100644 --- a/host/ark/service/git.nix +++ b/host/ark/service/git.nix @@ -1,4 +1,23 @@ { lib, config, pkgs, ... }: { + + services.openssh = { + enable = true; + + # hostKeys = [ + # { path = "/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; } + # { path = "/etc/ssh/ssh_host_rsa_key"; type = "rsa"; bits = 4096; } + # ]; + + settings = { + # explicitly allow post-quantum KEX + KexAlgorithms = [ + "mlkem768x25519-sha256" + "sntrup761x25519-sha512" + "curve25519-sha256" + ]; + }; + }; + services.gitea = { enable = true; user = "git"; diff --git a/host/ark/sops.nix b/host/ark/sops.nix index 10c3c29..c06699d 100644 --- a/host/ark/sops.nix +++ b/host/ark/sops.nix @@ -24,13 +24,6 @@ owner = config.users.users.wakapi.name; }; - "elytra-backend-env" = { - owner = config.users.users.backend.name; - }; - "elytra-frontend-env" = { - owner = config.users.users.elytra-web.name; - }; - "money-env" = { owner = config.users.users.money.name; }; diff --git a/host/max/default.nix b/host/max/default.nix index f529091..730fb59 100644 --- a/host/max/default.nix +++ b/host/max/default.nix @@ -1,13 +1,4 @@ -{ pkgs, config, pkgs-unstable, lib, ... }: -let - openconnect-sso-src = builtins.fetchTree { - type = "github"; - owner = "k2on"; - repo = "openconnect-sso"; - rev = "9d4f61e5c8ccca420ffa87d46c96c17d64fbfb0b"; - narHash = "sha256-ENt4/+9Bll70+BkH0Scej02edLi9SNkvBfyvjxUv83w="; - }; -in +{ pkgs, pkgs-unstable, ... }: { imports = [ ./hardware-configuration.nix @@ -26,9 +17,8 @@ in ../common/optional/locale.nix ../common/optional/email.nix - ./zero-cache.nix + ./proton.nix ]; - services.zero-cache.enable = false; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; @@ -39,14 +29,11 @@ in hardware = { asahi = { peripheralFirmwareDirectory = ./firmware; - # useExperimentalGPUDriver = true; - # experimentalGPUInstallMode = "replace"; setupAsahiSound = true; }; }; networking.networkmanager.enable = true; - # networking.wireless.iwd.enable = true; hardware.bluetooth = { enable = true; @@ -62,9 +49,8 @@ in }; environment.sessionVariables.NIXOS_OZONE_WL = "1"; - # programs.adb.enable = true; - programs.kdeconnect.enable = true; + environment.systemPackages = with pkgs; [ networkmanager @@ -84,7 +70,6 @@ in (pass.withExtensions (exts: [ exts.pass-otp ])) - # pinentry pinentry-curses pinentry-qt @@ -102,7 +87,6 @@ in tea - kubectl cloudflared # gcc @@ -111,8 +95,6 @@ in gimp inkscape - ungoogled-chromium - # arm support pkgs-unstable.sparrow @@ -130,8 +112,6 @@ in ${mpg123}/bin/mpg123 "$url" fi '') - - # (pkgs.callPackage "${openconnect-sso-src}/nix" {}).openconnect-sso ]; programs.zsh.enable = true; @@ -142,22 +122,5 @@ in enableSSHSupport = true; }; - - # services.keyd = { - # enable = true; - # - # keyboards.default = { - # ids = [ "*" ]; - # - # settings = { - # main = { - # pageup = "leftmouse"; - # pagedown = "rightmouse"; - # }; - # }; - # }; - # }; - system.stateVersion = "25.05"; - } diff --git a/host/max/home.nix b/host/max/home.nix index a0542f3..c011424 100644 --- a/host/max/home.nix +++ b/host/max/home.nix @@ -15,6 +15,11 @@ ./home/zathura.nix ]; + gtk = { + enable = true; + colorScheme = "dark"; + }; + home.username = "max"; home.homeDirectory = "/home/max"; home.stateVersion = "25.05"; diff --git a/host/max/home/browser.nix b/host/max/home/browser.nix index 451371e..004acf2 100644 --- a/host/max/home/browser.nix +++ b/host/max/home/browser.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, pkgs, firefox-addons, ... }: { xdg.mimeApps = { enable = true; @@ -32,8 +32,27 @@ programs.zen-browser = { enable = true; - profiles."default" = { - containersForce = true; + + policies = { + AutofillAddressEnabled = false; + AutofillCreditCardEnabled = false; + DisableAppUpdate = true; + DisableFeedbackCommands = true; + DisableFirefoxStudies = true; + DisablePocket = true; + DisableTelemetry = true; + DontCheckDefaultBrowser = true; + NoDefaultBookmarks = true; + OfferToSaveLogins = false; + EnableTrackingProtection = { + Value = true; + Locked = true; + Cryptomining = true; + Fingerprinting = true; + }; + }; + + profiles.default = let containers = { Personal = { color = "yellow"; @@ -51,31 +70,74 @@ id = 3; }; }; - spacesForce = true; - spaces = let - containers = config.programs.zen-browser.profiles."default".containers; - in { - "Personal" = { + spaces = { + Personal = { id = "c6de089c-410d-4206-961d-ab11f988d40a"; icon = "⭐"; container = containers."Personal".id; position = 1000; }; - "School" = { + School = { id = "78aabdad-8aae-4fe0-8ff0-2a0c6c4ccc24"; icon = "🍎"; container = containers."School".id; position = 2000; }; - "Work" = { + Work = { id = "cdd10fab-4fc5-494b-9041-325e5759195b"; icon = "💼"; container = containers."Work".id; position = 3000; }; }; - }; + pins = { + # Personal Pins + "Proton Mail" = { + id = "d9942e0a-0997-418d-b357-91727300d184"; + container = containers.Personal.id; + url = "https://mail.proton.me"; + isEssential = true; + position = 1; + }; + "Proton Calendar" = { + id = "6557e03f-c0ab-4656-ac94-acfb1fe19f3c"; + container = containers.Personal.id; + url = "https://calendar.proton.me"; + isEssential = true; + position = 2; + }; + "YNAB" = { + id = "10cb5609-fcd5-4ed6-a48d-24eb22f2d624"; + container = containers.Personal.id; + url = "https://app.ynab.com"; + isEssential = true; + position = 3; + }; + # # School Pins + # "Canvas" = { + # id = "cfbdc143-6a16-46d7-b33e-e9c964725e59"; + # workspace = spaces.School.id; + # container = containers.School.id; + # url = "https://clemson.instructure.com/calendar"; + # isEssential = true; + # position = 104; + # }; + }; + in { + containersForce = true; + spacesForce = true; + pinsForce = true; + inherit containers spaces pins; + + # This is awesome :) + # https://nur.nix-community.org/repos/rycee/ + extensions.packages = with firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; [ + ublock-origin + proton-pass + istilldontcareaboutcookies + ]; + }; }; programs.firefox = { diff --git a/host/max/home/nvim.nix b/host/max/home/nvim.nix index b95637c..0691826 100644 --- a/host/max/home/nvim.nix +++ b/host/max/home/nvim.nix @@ -29,26 +29,9 @@ }; - highlight = { - Normal = { - bg = "NONE"; - ctermbg = "NONE"; - }; - NormalFloat = { - bg = "NONE"; - ctermbg = "NONE"; - }; - SignColumn = { - bg = "NONE"; - ctermbg = "NONE"; - }; - EndOfBuffer = { - bg = "NONE"; - ctermbg = "NONE"; - }; - }; - extraConfigLua = '' + vim.g.transparent_enabled = true + require('transparent').setup({ exclude_groups = { "CursorLine" } }) require('stay-centered').setup({ enable = true }) require('mini.ai').setup() ''; @@ -284,9 +267,22 @@ }; }; + transparent.enable = true; }; - extraPlugins = with pkgs.vimPlugins; [ stay-centered-nvim mini-ai ]; + extraPlugins = with pkgs.vimPlugins; [ + stay-centered-nvim + mini-ai + (pkgs.vimUtils.buildVimPlugin { + name = "neominimap"; + src = pkgs.fetchFromGitHub { + owner = "Isrothy"; + repo = "neominimap.nvim"; + rev = "c827a43e5cad146e007c8b1f2a9744798d029e6f"; + hash = "sha256-MQxeYIm0QLS2HROvGLD6Rc21Hqx3USF9OXcw1shNTWg="; + }; + }) + ]; }; } diff --git a/host/max/home/terminal.nix b/host/max/home/terminal.nix index 1c6cb7d..21a740e 100644 --- a/host/max/home/terminal.nix +++ b/host/max/home/terminal.nix @@ -42,7 +42,6 @@ enableCompletion = true; autosuggestion = { enable = true; - highlight = "fg=#bbbbbb"; }; syntaxHighlighting.enable = true; dotDir = "${config.home.homeDirectory}/.config/zsh"; @@ -60,6 +59,18 @@ zle -N fzf-project bindkey '^G' fzf-project + + fzf-files() { + selected=$(rg --files | fzf) + if [[ -n $selected ]]; then + xargs $EDITOR $selected + zle reset-prompt + fi + zle redisplay + } + + zle -N fzf-files + bindkey -M viins '^F' fzf-files ''; shellAliases = { @@ -71,7 +82,9 @@ p = "pnpm"; g = "pnpm run build && ~/dev/personal/genesis/packages/genesis/dist/bin.js"; - tt = "tt --theme one-light -n 10"; + ns = "nix-shell --run zsh -p"; + + tt = "tt -notheme -n 10"; bible = "nvim ~/bible.txt -R"; notes = "nvim ~/notes"; diff --git a/host/max/proton.nix b/host/max/proton.nix new file mode 100644 index 0000000..24636c2 --- /dev/null +++ b/host/max/proton.nix @@ -0,0 +1,32 @@ +{ pkgs, proton-pass-cli, config, ... }: +let + cache-path = "$HOME/.cache/pass"; + + proton-pass = pkgs.writeShellScriptBin "pass-cli" '' + export PROTON_PASS_KEY_PROVIDER="env" + export PROTON_PASS_ENCRYPTION_KEY="${config.sops.secrets.proton_key.path}" + exec ${proton-pass-cli.packages.${pkgs.system}.default}/bin/pass-cli "$@" + ''; + + pass-sync = pkgs.writeShellScriptBin "pass-sync" '' + mkdir -p "${cache-path}" + vaults=$(${proton-pass}/bin/pass-cli vault list --output json | ${pkgs.jq}/bin/jq '.vaults[].name' -r) + for vault in $vaults; do + ${proton-pass}/bin/pass-cli item list $vault --filter-state active --output json | ${pkgs.jq}/bin/jq '.items[].content.title' -r > "${cache-path}/$vault" + done + ''; + + pass-fzf = pkgs.writeShellScriptBin "pass-fzf" '' + selected=$(for f in ~/.cache/pass/*; do while IFS= read -r line; do echo "$(basename "$f"): $line"; done < "$f"; done | fzf) + vault=$(echo "$selected" | cut -d':' -f1) + item=$(echo "$selected" | cut -d':' -f2- | sed 's/^ //') + ${proton-pass}/bin/pass-cli item view --vault-name "$vault" --item-title "$item" --output json | ${pkgs.jq}/bin/jq '.item.content.content.Login.password' | ${pkgs.wl-clipboard}/bin/wl-copy + ''; + +in { + environment.systemPackages = [ + proton-pass + pass-sync + pass-fzf + ]; +} diff --git a/host/max/sops.nix b/host/max/sops.nix index 5018a99..24df10f 100644 --- a/host/max/sops.nix +++ b/host/max/sops.nix @@ -20,6 +20,10 @@ inherit (config.users.users.max) group; path = "/home/max/.config/Yubico/u2f_keys"; }; + "proton_key" = {}; }; + }; + + environment.sessionVariables.PROTON_PASS_ENCRYPTION_KEY = config.sops.secrets.proton_key.path; } diff --git a/host/max/user.nix b/host/max/user.nix index db10d6b..87c628e 100644 --- a/host/max/user.nix +++ b/host/max/user.nix @@ -11,6 +11,8 @@ shell = pkgs.zsh; }; + programs.adb.enable = true; + virtualisation.docker = { enable = true; diff --git a/host/max/zero-cache.nix b/host/max/zero-cache.nix deleted file mode 100644 index 90ee2fc..0000000 --- a/host/max/zero-cache.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: - -let - cfg = config.services.zero-cache; - inherit (lib) - mkEnableOption - mkIf - ; - - litestream = pkgs.buildGoModule rec { - pname = "litestream-zero"; - version = "0.3.13+z0.0.6"; - - src = pkgs.fetchFromGitHub { - owner = "rocicorp"; - repo = "litestream"; - rev = "zero@v0.0.6"; - sha256 = "sha256-sBKmz2fBoYzYi1kUVeiugLBLPdqHc+fXCBkI8Cttakg="; - }; - - vendorHash = "sha256-PlfDJbhzbH/ZgtQ35KcB6HtPEDTDgss7Lv8BcKT/Dgg="; - - ldflags = [ - "-s" - "-w" - "-X main.Version=${version}" - - # nix does not like to build with this - # "-extldflags '-static'" - - ]; - - doCheck = false; - - tags = [ - "osusergo" - "netgo" - "sqlite_omit_load_extension" - ]; - - subPackages = [ "cmd/litestream" ]; - }; - - zero-cache = pkgs.buildNpmPackage rec { - name = "zero-cache"; - src = pkgs.fetchFromGitHub { - owner = "rocicorp"; - repo = "mono"; - rev = "zero/v0.23.2025081401"; - hash = "sha256-NQcG/vnfUmle/6eNXXmnMqzNvniK8R/mO5RYdMX9pnE="; - }; - - npmDepsHash = "sha256-9vX9eODN8AfcLcMSjm6KzAAUmPIHfe2BILt0juya5us="; - makeCacheWritable = true; - npmFlags = [ "--legacy-peer-deps" ]; - }; - -in -{ - options = { - services.zero-cache = { - enable = mkEnableOption "Zero-cache, the server component of the Zero sync engine."; - }; - }; - - config = mkIf cfg.enable { - systemd.services.zero-cache = { - description = "Zero Cache"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "oneshot"; - ExecStart = "${zero-cache}/bin/zero-cache"; - RemainAfterExit = true; - }; - }; - }; -} -