diff --git a/flake.lock b/flake.lock index 013a69d..c459dfe 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1736445563, - "narHash": "sha256-+f1MWPtja+LRlTHJP/i/3yxmnzo2LGtZmxtJJTdAp8o=", + "lastModified": 1737810234, + "narHash": "sha256-zTS99/ZE8khNnIWFEsF21E6seR9IizGYkY19t6iK7z4=", "owner": "nix-community", "repo": "authentik-nix", - "rev": "bf5a5bf42189ff5f468f0ff26c9296233a97eb6c", + "rev": "1fa3cbed36fb03d2f6ceab981d083af98b5c7d0f", "type": "github" }, "original": { @@ -45,18 +45,12 @@ } }, "crane": { - "inputs": { - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ] - }, "locked": { - "lastModified": 1717535930, - "narHash": "sha256-1hZ/txnbd/RmiBPNUs7i8UQw2N89uAK3UzrGAWdnFfU=", + "lastModified": 1731098351, + "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=", "owner": "ipetkov", "repo": "crane", - "rev": "55e7754ec31dac78980c8be45f8a28e80e370946", + "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28", "type": "github" }, "original": { @@ -68,11 +62,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -117,11 +111,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1727826117, - "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", "type": "github" }, "original": { @@ -138,11 +132,11 @@ ] }, "locked": { - "lastModified": 1717285511, - "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", "type": "github" }, "original": { @@ -159,11 +153,11 @@ ] }, "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -176,24 +170,6 @@ "inputs": { "systems": "systems_2" }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { - "inputs": { - "systems": "systems_3" - }, "locked": { "lastModified": 1731533236, "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", @@ -273,11 +249,11 @@ }, "impermanence": { "locked": { - "lastModified": 1736688610, - "narHash": "sha256-1Zl9xahw399UiZSJ9Vxs1W4WRFjO1SsNdVZQD4nghz0=", + "lastModified": 1737831083, + "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", "owner": "nix-community", "repo": "impermanence", - "rev": "c64bed13b562fc3bb454b48773d4155023ac31b7", + "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", "type": "github" }, "original": { @@ -291,7 +267,6 @@ "crane": "crane", "flake-compat": "flake-compat_2", "flake-parts": "flake-parts_2", - "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs-unstable" ], @@ -299,23 +274,23 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1718178907, - "narHash": "sha256-eSZyrQ9uoPB9iPQ8Y5H7gAmAgAvCw3InStmU3oEjqsE=", + "lastModified": 1737639419, + "narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "b627ccd97d0159214cee5c7db1412b75e4be6086", + "rev": "a65905a09e2c43ff63be8c0e86a93712361f871e", "type": "github" }, "original": { "owner": "nix-community", - "ref": "v0.4.1", + "ref": "v0.4.2", "repo": "lanzaboote", "type": "github" } }, "manyfold": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "nixpkgs": "nixpkgs" }, "locked": { @@ -452,28 +427,28 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1727825735, - "narHash": "sha256-0xHYkMkeLVQAMa7gvkddbPqpxph+hDzdu1XdGPJR+Os=", + "lastModified": 1735774519, + "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" } }, "nixpkgs-stable": { "locked": { - "lastModified": 1710695816, - "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", + "lastModified": 1730741070, + "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "614b4613980a522ba49f0d194531beddbb7220d3", + "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.11", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } @@ -496,11 +471,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1737632463, - "narHash": "sha256-38J9QfeGSej341ouwzqf77WIHAScihAKCt8PQJ+NH28=", + "lastModified": 1737746512, + "narHash": "sha256-nU6AezEX4EuahTO1YopzueAXfjFfmCHylYEFCagduHU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0aa475546ed21629c4f5bbf90e38c846a99ec9e9", + "rev": "825479c345a7f806485b7f00dbe3abb50641b083", "type": "github" }, "original": { @@ -560,11 +535,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1735164664, - "narHash": "sha256-DaWy+vo3c4TQ93tfLjUgcpPaSoDw4qV4t76Y3Mhu84I=", + "lastModified": 1736884309, + "narHash": "sha256-eiCqmKl0BIRiYk5/ZhZozwn4/7Km9CWTbc15Cv+VX5k=", "owner": "nix-community", "repo": "poetry2nix", - "rev": "1fb01e90771f762655be7e0e805516cd7fa4d58e", + "rev": "75d0515332b7ca269f6d7abfd2c44c47a7cbca7b", "type": "github" }, "original": { @@ -587,11 +562,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1717664902, - "narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=", + "lastModified": 1731363552, + "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1", + "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0", "type": "github" }, "original": { @@ -618,21 +593,17 @@ }, "rust-overlay": { "inputs": { - "flake-utils": [ - "lanzaboote", - "flake-utils" - ], "nixpkgs": [ "lanzaboote", "nixpkgs" ] }, "locked": { - "lastModified": 1717813066, - "narHash": "sha256-wqbRwq3i7g5EHIui0bIi84mdqZ/It1AXBSLJ5tafD28=", + "lastModified": 1731897198, + "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "6dc3e45fe4aee36efeed24d64fc68b1f989d5465", + "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5", "type": "github" }, "original": { @@ -707,21 +678,6 @@ "type": "github" } }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index 497579d..4d0e9f4 100644 --- a/flake.nix +++ b/flake.nix @@ -37,7 +37,7 @@ # Lanzaboote lanzaboote = { - url = "github:nix-community/lanzaboote/v0.4.1"; + url = "github:nix-community/lanzaboote/v0.4.2"; inputs.nixpkgs.follows = "nixpkgs-unstable"; }; diff --git a/hosts/desktop/home.nix b/hosts/desktop/home.nix index 1e023ba..1e50f8a 100644 --- a/hosts/desktop/home.nix +++ b/hosts/desktop/home.nix @@ -79,6 +79,7 @@ in gnomeExtensions.dash-to-dock gnomeExtensions.dash-to-panel gnomeExtensions.tiling-assistant + google-chrome goverlay heroic home-manager @@ -106,6 +107,7 @@ in python312Packages.pytest-cov python312Packages.pyaml qmk + remmina smile sops spotify diff --git a/hosts/pi4/configuration.nix b/hosts/pi4/configuration.nix index 4b0f375..ef280c0 100644 --- a/hosts/pi4/configuration.nix +++ b/hosts/pi4/configuration.nix @@ -2,13 +2,13 @@ # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). -{ lib, pkgs, ... }: +{ config, lib, pkgs, ... }: let user = "matt"; password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06"; SSID = "Joey's Jungle 5G"; - SSIDpassword = "kR8v&3Qd"; + SSIDpassword = config.sops.templates."wifi-password".content; interface = "wlan0"; timezone = "America/Chicago"; hostname = "pi4"; @@ -17,6 +17,8 @@ in imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix + ./impermanence.nix + ./sops.nix ../default.nix ]; @@ -44,6 +46,17 @@ in # ]; }; + services.xerver = { + enable = true; + desktopManager = { + budgie.enable = true; + }; + displayManager = { + lightdm.enable = true; + lightdm.defaultSession = "budgie-desktop"; + }; + }; + # hardware = { # raspberry-pi."4".fkms-3d.enable = true; # raspberry-pi."4".apply-overlays-dtmerge.enable = true; @@ -58,8 +71,6 @@ in # Set your time zone. time.timeZone = timezone; - sound.enable = true; - networking = { hostName = hostname; wireless = { @@ -82,6 +93,9 @@ in vim libraspberrypi raspberrypi-eeprom + raspberrypifw + raspberrypiWirelessFirmware + raspberrypi-armstubs htop git ]; diff --git a/hosts/pi4/home.nix b/hosts/pi4/home.nix index c8cf279..5727d3d 100644 --- a/hosts/pi4/home.nix +++ b/hosts/pi4/home.nix @@ -1,4 +1,25 @@ { ... }: +let + shellAliases = { + ll = "ls -alh"; + update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.18"; + update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.18"; + update-flake = "sudo nix flake update ~/nix-config"; + update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.18 --build-host admin@10.0.1.18 --flake ~/nix-config#jallen-nas"; + nas-ssh = "kitten ssh admin@10.0.1.18"; + }; + + gitAliases = { + co = "checkout"; + ci = "commit"; + cia = "commit --amend"; + s = "status"; + st = "status"; + b = "branch"; + p = "pull --rebase"; + pu = "push"; + }; +in { home.username = "matt"; @@ -8,6 +29,7 @@ programs = { fish.enable = false; + mangohud.enable = true; java.enable = true; zsh = { @@ -16,12 +38,7 @@ autosuggestion.enable = true; syntaxHighlighting.enable = true; - shellAliases = { - ll = "ls -alh"; - update = "sudo nixos-rebuild switch"; - nas-update = "nixos-rebuild switch --use-remote-sudo --target-host admin@jallen-nas.local --build-host localhost --flake ~/nix-config/flake.nix#jallen-nas"; - nas-ssh = "ssh admin@jallen-nas.local"; - }; + shellAliases = shellAliases; oh-my-zsh = { enable = true; @@ -35,16 +52,7 @@ enable = true; userName = "mjallen18"; userEmail = "matt.l.jallen@gmail.com"; - aliases = { - co = "checkout"; - ci = "commit"; - cia = "commit --amend"; - s = "status"; - st = "status"; - b = "branch"; - # p = "pull --rebase"; - pu = "push"; - }; + aliases = gitAliases; }; programs.command-not-found.enable = true; diff --git a/hosts/pi4/impermenance.nix b/hosts/pi4/impermenance.nix new file mode 100644 index 0000000..e2cedc5 --- /dev/null +++ b/hosts/pi4/impermenance.nix @@ -0,0 +1,31 @@ +{ ... }: +{ + # Set up impernance configuration for things like bluetooth + # In this configuration with /etc and /var/log being persistent, only directories outside of that need to be done here. See hardware configuration for all mountpoints. + + environment.persistence."/nix/persist/system" = { + hideMounts = true; + directories = [ + "/var/lib/bluetooth" + "/var/lib/nixos" + "/var/lib/libvirt" + "/var/lib/systemd/coredump" + "/etc/NetworkManager/system-connections" + { + directory = "/etc/nix"; + user = "root"; + group = "root"; + mode = "u=rwx,g=rx,o=rx"; + } + ]; + files = [ + "/etc/machine-id" + ]; + }; + + security.sudo.extraConfig = '' + # rollback results in sudo lectures after each reboot + Defaults lecture = never + ''; + +} diff --git a/hosts/pi4/sops.nix b/hosts/pi4/sops.nix new file mode 100644 index 0000000..d091512 --- /dev/null +++ b/hosts/pi4/sops.nix @@ -0,0 +1,10 @@ +{ config, ... }: +{ + sops.defaultSopsFile = ../../secrets/secrets.yaml; + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + + sops.secrets."wifi" = { }; + sops.templates."wifi-password".content = '' + ${config.sops.secrets."wifi".path} + ''; +} diff --git a/share/impermanence/default.nix b/share/impermanence/default.nix index 943b1e7..2c0c81e 100644 --- a/share/impermanence/default.nix +++ b/share/impermanence/default.nix @@ -9,6 +9,7 @@ "/var/lib/bluetooth" "/var/lib/nixos" "/var/lib/libvirt" + "/var/lib/waydroid" "/var/lib/systemd/coredump" "/etc/NetworkManager/system-connections" "/etc/secureboot"