max/os
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: update flake

Browse Source
This commit is contained in:
Max Koon
2026-01-07 06:03:08 -05:00
parent 14a58df894
commit 01f32d795c
15 changed files with 265 additions and 173 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
host/ark/default.nix
View File

@@ -15,7 +15,7 @@
./service/radicale.nix
./service/wakapi.nix
./service/elytra.nix
# ./service/elytra.nix
./service/money.nix
];
@@ -51,8 +51,8 @@
"audio.koon.us" = "http://localhost:8021";
"radicale.koon.us" = "http://localhost:5232";
"waka.koon.us" = "http://localhost:3006";
"ride.koon.us" = "http://localhost:3007";
"ride-api.koon.us" = "http://localhost:8080";
# "ride.koon.us" = "http://localhost:3007";
# "ride-api.koon.us" = "http://localhost:8080";
"money.koon.us" = "http://localhost:3160";
"zero.koon.us" = "http://localhost:4848";

19
host/ark/service/git.nix
View File

@@ -1,4 +1,23 @@
{ lib, config, pkgs, ... }: {
services.openssh = {
enable = true;
# hostKeys = [
# { path = "/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; }
# { path = "/etc/ssh/ssh_host_rsa_key"; type = "rsa"; bits = 4096; }
# ];
settings = {
# explicitly allow post-quantum KEX
KexAlgorithms = [
"mlkem768x25519-sha256"
"sntrup761x25519-sha512"
"curve25519-sha256"
];
};
};
services.gitea = {
enable = true;
user = "git";

7
host/ark/sops.nix
View File

@@ -24,13 +24,6 @@
owner = config.users.users.wakapi.name;
};
"elytra-backend-env" = {
owner = config.users.users.backend.name;
};
"elytra-frontend-env" = {
owner = config.users.users.elytra-web.name;
};
"money-env" = {
owner = config.users.users.money.name;
};

43
host/max/default.nix
View File

@@ -1,13 +1,4 @@
{ pkgs, config, pkgs-unstable, lib, ... }:
let
openconnect-sso-src = builtins.fetchTree {
type = "github";
owner = "k2on";
repo = "openconnect-sso";
rev = "9d4f61e5c8ccca420ffa87d46c96c17d64fbfb0b";
narHash = "sha256-ENt4/+9Bll70+BkH0Scej02edLi9SNkvBfyvjxUv83w=";
};
in
{ pkgs, pkgs-unstable, ... }:
{
imports = [
./hardware-configuration.nix
@@ -26,9 +17,8 @@ in
../common/optional/locale.nix
../common/optional/email.nix
./zero-cache.nix
./proton.nix
];
services.zero-cache.enable = false;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
@@ -39,14 +29,11 @@ in
hardware = {
asahi = {
peripheralFirmwareDirectory = ./firmware;
# useExperimentalGPUDriver = true;
# experimentalGPUInstallMode = "replace";
setupAsahiSound = true;
};
};
networking.networkmanager.enable = true;
# networking.wireless.iwd.enable = true;
hardware.bluetooth = {
enable = true;
@@ -62,9 +49,8 @@ in
};
environment.sessionVariables.NIXOS_OZONE_WL = "1";
# programs.adb.enable = true;
programs.kdeconnect.enable = true;
environment.systemPackages = with pkgs; [
networkmanager
@@ -84,7 +70,6 @@ in
(pass.withExtensions (exts: [ exts.pass-otp ]))
# pinentry
pinentry-curses
pinentry-qt
@@ -102,7 +87,6 @@ in
tea
kubectl
cloudflared
# gcc
@@ -111,8 +95,6 @@ in
gimp
inkscape
ungoogled-chromium
# arm support
pkgs-unstable.sparrow
@@ -130,8 +112,6 @@ in
${mpg123}/bin/mpg123 "$url"
fi
'')
# (pkgs.callPackage "${openconnect-sso-src}/nix" {}).openconnect-sso
];
programs.zsh.enable = true;
@@ -142,22 +122,5 @@ in
enableSSHSupport = true;
};
# services.keyd = {
# enable = true;
#
# keyboards.default = {
# ids = [ "*" ];
#
# settings = {
# main = {
# pageup = "leftmouse";
# pagedown = "rightmouse";
# };
# };
# };
# };
system.stateVersion = "25.05";
}

5
host/max/home.nix
View File

@@ -15,6 +15,11 @@
./home/zathura.nix
];
gtk = {
enable = true;
colorScheme = "dark";
};
home.username = "max";
home.homeDirectory = "/home/max";
home.stateVersion = "25.05";

84
host/max/home/browser.nix
View File

@@ -1,4 +1,4 @@
{ config, ... }:
{ config, pkgs, firefox-addons, ... }:
{
xdg.mimeApps = {
enable = true;
@@ -32,8 +32,27 @@
programs.zen-browser = {
enable = true;
profiles."default" = {
containersForce = true;
policies = {
AutofillAddressEnabled = false;
AutofillCreditCardEnabled = false;
DisableAppUpdate = true;
DisableFeedbackCommands = true;
DisableFirefoxStudies = true;
DisablePocket = true;
DisableTelemetry = true;
DontCheckDefaultBrowser = true;
NoDefaultBookmarks = true;
OfferToSaveLogins = false;
EnableTrackingProtection = {
Value = true;
Locked = true;
Cryptomining = true;
Fingerprinting = true;
};
};
profiles.default = let
containers = {
Personal = {
color = "yellow";
@@ -51,31 +70,74 @@
id = 3;
};
};
spacesForce = true;
spaces = let
containers = config.programs.zen-browser.profiles."default".containers;
in {
"Personal" = {
spaces = {
Personal = {
id = "c6de089c-410d-4206-961d-ab11f988d40a";
icon = "";
container = containers."Personal".id;
position = 1000;
};
"School" = {
School = {
id = "78aabdad-8aae-4fe0-8ff0-2a0c6c4ccc24";
icon = "🍎";
container = containers."School".id;
position = 2000;
};
"Work" = {
Work = {
id = "cdd10fab-4fc5-494b-9041-325e5759195b";
icon = "💼";
container = containers."Work".id;
position = 3000;
};
};
};
pins = {
# Personal Pins
"Proton Mail" = {
id = "d9942e0a-0997-418d-b357-91727300d184";
container = containers.Personal.id;
url = "https://mail.proton.me";
isEssential = true;
position = 1;
};
"Proton Calendar" = {
id = "6557e03f-c0ab-4656-ac94-acfb1fe19f3c";
container = containers.Personal.id;
url = "https://calendar.proton.me";
isEssential = true;
position = 2;
};
"YNAB" = {
id = "10cb5609-fcd5-4ed6-a48d-24eb22f2d624";
container = containers.Personal.id;
url = "https://app.ynab.com";
isEssential = true;
position = 3;
};
# # School Pins
# "Canvas" = {
# id = "cfbdc143-6a16-46d7-b33e-e9c964725e59";
# workspace = spaces.School.id;
# container = containers.School.id;
# url = "https://clemson.instructure.com/calendar";
# isEssential = true;
# position = 104;
# };
};
in {
containersForce = true;
spacesForce = true;
pinsForce = true;
inherit containers spaces pins;
# This is awesome :)
# https://nur.nix-community.org/repos/rycee/
extensions.packages = with firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; [
ublock-origin
proton-pass
istilldontcareaboutcookies
];
};
};
programs.firefox = {

36
host/max/home/nvim.nix
View File

@@ -29,26 +29,9 @@
};
highlight = {
Normal = {
bg = "NONE";
ctermbg = "NONE";
};
NormalFloat = {
bg = "NONE";
ctermbg = "NONE";
};
SignColumn = {
bg = "NONE";
ctermbg = "NONE";
};
EndOfBuffer = {
bg = "NONE";
ctermbg = "NONE";
};
};
extraConfigLua = ''
vim.g.transparent_enabled = true
require('transparent').setup({ exclude_groups = { "CursorLine" } })
require('stay-centered').setup({ enable = true })
require('mini.ai').setup()
'';
@@ -284,9 +267,22 @@
};
};
transparent.enable = true;
};
extraPlugins = with pkgs.vimPlugins; [ stay-centered-nvim mini-ai ];
extraPlugins = with pkgs.vimPlugins; [
stay-centered-nvim
mini-ai
(pkgs.vimUtils.buildVimPlugin {
name = "neominimap";
src = pkgs.fetchFromGitHub {
owner = "Isrothy";
repo = "neominimap.nvim";
rev = "c827a43e5cad146e007c8b1f2a9744798d029e6f";
hash = "sha256-MQxeYIm0QLS2HROvGLD6Rc21Hqx3USF9OXcw1shNTWg=";
};
})
];
};
}

17
host/max/home/terminal.nix
View File

@@ -42,7 +42,6 @@
enableCompletion = true;
autosuggestion = {
enable = true;
highlight = "fg=#bbbbbb";
};
syntaxHighlighting.enable = true;
dotDir = "${config.home.homeDirectory}/.config/zsh";
@@ -60,6 +59,18 @@
zle -N fzf-project
bindkey '^G' fzf-project
fzf-files() {
selected=$(rg --files | fzf)
if [[ -n $selected ]]; then
xargs $EDITOR $selected
zle reset-prompt
fi
zle redisplay
}
zle -N fzf-files
bindkey -M viins '^F' fzf-files
'';
shellAliases = {
@@ -71,7 +82,9 @@
p = "pnpm";
g = "pnpm run build && ~/dev/personal/genesis/packages/genesis/dist/bin.js";
tt = "tt --theme one-light -n 10";
ns = "nix-shell --run zsh -p";
tt = "tt -notheme -n 10";
bible = "nvim ~/bible.txt -R";
notes = "nvim ~/notes";

32
host/max/proton.nix Normal file
View File

@@ -0,0 +1,32 @@
{ pkgs, proton-pass-cli, config, ... }:
let
cache-path = "$HOME/.cache/pass";
proton-pass = pkgs.writeShellScriptBin "pass-cli" ''
export PROTON_PASS_KEY_PROVIDER="env"
export PROTON_PASS_ENCRYPTION_KEY="${config.sops.secrets.proton_key.path}"
exec ${proton-pass-cli.packages.${pkgs.system}.default}/bin/pass-cli "$@"
'';
pass-sync = pkgs.writeShellScriptBin "pass-sync" ''
mkdir -p "${cache-path}"
vaults=$(${proton-pass}/bin/pass-cli vault list --output json | ${pkgs.jq}/bin/jq '.vaults[].name' -r)
for vault in $vaults; do
${proton-pass}/bin/pass-cli item list $vault --filter-state active --output json | ${pkgs.jq}/bin/jq '.items[].content.title' -r > "${cache-path}/$vault"
done
'';
pass-fzf = pkgs.writeShellScriptBin "pass-fzf" ''
selected=$(for f in ~/.cache/pass/*; do while IFS= read -r line; do echo "$(basename "$f"): $line"; done < "$f"; done | fzf)
vault=$(echo "$selected" | cut -d':' -f1)
item=$(echo "$selected" | cut -d':' -f2- | sed 's/^ //')
${proton-pass}/bin/pass-cli item view --vault-name "$vault" --item-title "$item" --output json | ${pkgs.jq}/bin/jq '.item.content.content.Login.password' | ${pkgs.wl-clipboard}/bin/wl-copy
'';
in {
environment.systemPackages = [
proton-pass
pass-sync
pass-fzf
];
}

4
host/max/sops.nix
View File

@@ -20,6 +20,10 @@
inherit (config.users.users.max) group;
path = "/home/max/.config/Yubico/u2f_keys";
};
"proton_key" = {};
};
};
environment.sessionVariables.PROTON_PASS_ENCRYPTION_KEY = config.sops.secrets.proton_key.path;
}

2
host/max/user.nix
View File

@@ -11,6 +11,8 @@
shell = pkgs.zsh;
};
programs.adb.enable = true;
virtualisation.docker = {
enable = true;

84
host/max/zero-cache.nix
View File

@@ -1,84 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.zero-cache;
inherit (lib)
mkEnableOption
mkIf
;
litestream = pkgs.buildGoModule rec {
pname = "litestream-zero";
version = "0.3.13+z0.0.6";
src = pkgs.fetchFromGitHub {
owner = "rocicorp";
repo = "litestream";
rev = "zero@v0.0.6";
sha256 = "sha256-sBKmz2fBoYzYi1kUVeiugLBLPdqHc+fXCBkI8Cttakg=";
};
vendorHash = "sha256-PlfDJbhzbH/ZgtQ35KcB6HtPEDTDgss7Lv8BcKT/Dgg=";
ldflags = [
"-s"
"-w"
"-X main.Version=${version}"
# nix does not like to build with this
# "-extldflags '-static'"
];
doCheck = false;
tags = [
"osusergo"
"netgo"
"sqlite_omit_load_extension"
];
subPackages = [ "cmd/litestream" ];
};
zero-cache = pkgs.buildNpmPackage rec {
name = "zero-cache";
src = pkgs.fetchFromGitHub {
owner = "rocicorp";
repo = "mono";
rev = "zero/v0.23.2025081401";
hash = "sha256-NQcG/vnfUmle/6eNXXmnMqzNvniK8R/mO5RYdMX9pnE=";
};
npmDepsHash = "sha256-9vX9eODN8AfcLcMSjm6KzAAUmPIHfe2BILt0juya5us=";
makeCacheWritable = true;
npmFlags = [ "--legacy-peer-deps" ];
};
in
{
options = {
services.zero-cache = {
enable = mkEnableOption "Zero-cache, the server component of the Zero sync engine.";
};
};
config = mkIf cfg.enable {
systemd.services.zero-cache = {
description = "Zero Cache";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${zero-cache}/bin/zero-cache";
RemainAfterExit = true;
};
};
};
}