From e16c00c29df244a639d30129c2a5e6ec0e2bf798 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Wed, 31 Dec 2025 21:38:44 -0300 Subject: [PATCH 01/11] flake: update 25.11 --- flake.lock | 16 ++++++++-------- flake.nix | 4 ++-- pkgs/caffeinated/default.nix | 2 ++ pkgs/gnome-pass-search-provider.nix | 4 ++-- pkgs/lipsum.nix | 4 ++-- scripts/default.nix | 6 +++--- system/android.nix | 1 - system/configuration.nix | 12 ++++++------ system/fonts.nix | 2 +- system/media-packages.nix | 2 +- system/monolith-forgejo-runner.nix | 2 +- user/chat.nix | 2 +- user/gaming.nix | 2 +- user/home.nix | 2 +- user/kakoune/default.nix | 2 +- user/ranger/default.nix | 2 +- user/rofi.nix | 2 +- user/sway/swayidle.nix | 2 +- user/waybar/default.nix | 2 +- 19 files changed, 36 insertions(+), 35 deletions(-) diff --git a/flake.lock b/flake.lock index 88a754b..89fa4bb 100644 --- a/flake.lock +++ b/flake.lock @@ -504,16 +504,16 @@ ] }, "locked": { - "lastModified": 1763992789, - "narHash": "sha256-WHkdBlw6oyxXIra/vQPYLtqY+3G8dUVZM8bEXk0t8x4=", + "lastModified": 1767280655, + "narHash": "sha256-YmaYMduV5ko8zURUT1VLGDbVC1L/bxHS0NsiPoZ6bBM=", "owner": "nix-community", "repo": "home-manager", - "rev": "44831a7eaba4360fb81f2acc5ea6de5fde90aaa3", + "rev": "d49d2543f02dbd789ed032188c84570d929223cb", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-25.05", + "ref": "release-25.11", "repo": "home-manager", "type": "github" } @@ -698,16 +698,16 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1764316264, - "narHash": "sha256-82L+EJU+40+FIdeG4gmUlOF1jeSwlf2AwMarrpdHF6o=", + "lastModified": 1767047869, + "narHash": "sha256-tzYsEzXEVa7op1LTnrLSiPGrcCY6948iD0EcNLWcmzo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9a7b80b6f82a71ea04270d7ba11b48855681c4b0", + "rev": "89dbf01df72eb5ebe3b24a86334b12c27d68016a", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-25.05", + "ref": "nixos-25.11", "type": "indirect" } }, diff --git a/flake.nix b/flake.nix index eccc0de..c771af9 100644 --- a/flake.nix +++ b/flake.nix @@ -1,10 +1,10 @@ { description = "My system config"; inputs = { - nixpkgs.url = "nixpkgs/nixos-25.05"; + nixpkgs.url = "nixpkgs/nixos-25.11"; nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; - home-manager.url = "github:nix-community/home-manager/release-25.05"; + home-manager.url = "github:nix-community/home-manager/release-25.11"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; vpsadminos.url = "github:vpsfreecz/vpsadminos"; diff --git a/pkgs/caffeinated/default.nix b/pkgs/caffeinated/default.nix index 2545a5c..baba589 100644 --- a/pkgs/caffeinated/default.nix +++ b/pkgs/caffeinated/default.nix @@ -11,6 +11,7 @@ libbsd, wayland, wayland-protocols, + libcap, }: stdenv.mkDerivation { @@ -35,6 +36,7 @@ stdenv.mkDerivation { libbsd wayland wayland-protocols + libcap ]; makeFlags = [ "WAYLAND=1" ]; diff --git a/pkgs/gnome-pass-search-provider.nix b/pkgs/gnome-pass-search-provider.nix index ab2e94a..9acd6f4 100644 --- a/pkgs/gnome-pass-search-provider.nix +++ b/pkgs/gnome-pass-search-provider.nix @@ -2,7 +2,7 @@ stdenv, fetchFromGitHub, python3Packages, - wrapGAppsHook, + wrapGAppsHook3, gtk3, gobject-introspection, }: @@ -29,7 +29,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ python3Packages.wrapPython - wrapGAppsHook + wrapGAppsHook3 ]; propagatedBuildInputs = [ diff --git a/pkgs/lipsum.nix b/pkgs/lipsum.nix index de1b75a..ba4961f 100644 --- a/pkgs/lipsum.nix +++ b/pkgs/lipsum.nix @@ -3,7 +3,7 @@ fetchFromGitHub, pkg-config, vala, - wrapGAppsHook, + wrapGAppsHook3, }: stdenv.mkDerivation rec { pname = "lipsum"; @@ -19,7 +19,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkg-config vala - wrapGAppsHook + wrapGAppsHook3 ]; makeFlags = [ "PRG=${pname}" ]; diff --git a/scripts/default.nix b/scripts/default.nix index a94f939..dca8862 100644 --- a/scripts/default.nix +++ b/scripts/default.nix @@ -55,7 +55,7 @@ helix-man-pager = [ helix-pager ]; bcrypt = [ apacheHttpd ]; musmenu = [ - mpc-cli + mpc wdmenu trash-cli xdg-user-dirs @@ -113,11 +113,11 @@ mpv pqiv python3Packages.deemix - mpc-cli + mpc mpdDup ]; mpdDup = [ - mpc-cli + mpc perl ]; readQrCode = [ diff --git a/system/android.nix b/system/android.nix index 3cce4af..8f0b494 100644 --- a/system/android.nix +++ b/system/android.nix @@ -12,6 +12,5 @@ programs.kdeconnect.enable = true; programs.adb.enable = true; - services.udev.packages = [ pkgs.android-udev-rules ]; }; } diff --git a/system/configuration.nix b/system/configuration.nix index ec44aed..3ab8143 100644 --- a/system/configuration.nix +++ b/system/configuration.nix @@ -43,12 +43,12 @@ services.geoclue2.enable = true; - systemd.extraConfig = '' - DefaultTimeoutStopSec=10s - ''; - services.logind.extraConfig = '' - HandlePowerKey=suspend - ''; + systemd.settings.Manager = { + DefaultTimeoutStopSec = "10s"; + }; + services.logind.settings.Login = { + HandlePowerKey = "suspend"; + }; services.upower.enable = true; # This value determines the NixOS release from which the default diff --git a/system/fonts.nix b/system/fonts.nix index 73aa8f7..d9ef3d8 100644 --- a/system/fonts.nix +++ b/system/fonts.nix @@ -4,7 +4,7 @@ fonts.packages = with pkgs; [ noto-fonts noto-fonts-cjk-sans - noto-fonts-emoji + noto-fonts-color-emoji nerd-fonts.fira-code nerd-fonts.hack ]; diff --git a/system/media-packages.nix b/system/media-packages.nix index e452a0b..e35503e 100644 --- a/system/media-packages.nix +++ b/system/media-packages.nix @@ -18,7 +18,7 @@ in ffmpeg obs-studio imagemagick - mpc-cli + mpc helvum gimp inkscape diff --git a/system/monolith-forgejo-runner.nix b/system/monolith-forgejo-runner.nix index fa2b3c6..3297514 100644 --- a/system/monolith-forgejo-runner.nix +++ b/system/monolith-forgejo-runner.nix @@ -1,7 +1,7 @@ { pkgs, config, ... }: { services.gitea-actions-runner = { - package = pkgs.forgejo-actions-runner; + package = pkgs.forgejo-runner; instances.default = { enable = true; name = "monolith"; diff --git a/user/chat.nix b/user/chat.nix index b42f6fd..a001b2b 100644 --- a/user/chat.nix +++ b/user/chat.nix @@ -15,7 +15,7 @@ }; home.packages = with pkgs; [ - tdesktop + telegram-desktop discord-canary thunderbird element-desktop diff --git a/user/gaming.nix b/user/gaming.nix index 3e89361..7acda23 100644 --- a/user/gaming.nix +++ b/user/gaming.nix @@ -17,7 +17,7 @@ in # steam # It's enabled in the system config tlauncher gamescope - glxinfo + mesa-demos vulkan-tools ]; }; diff --git a/user/home.nix b/user/home.nix index 5683510..783b0d4 100644 --- a/user/home.nix +++ b/user/home.nix @@ -73,7 +73,7 @@ gavin-bc file jq - du-dust + dust p7zip tealdeer micro diff --git a/user/kakoune/default.nix b/user/kakoune/default.nix index 090246d..c5274c1 100644 --- a/user/kakoune/default.nix +++ b/user/kakoune/default.nix @@ -130,7 +130,7 @@ in terminal ranger bmenu - kak-lsp + kakoune-lsp kak-tree-sitter kak-pager kak-man-pager diff --git a/user/ranger/default.nix b/user/ranger/default.nix index 4b97170..2877888 100644 --- a/user/ranger/default.nix +++ b/user/ranger/default.nix @@ -19,7 +19,7 @@ wl-clipboard highlight # syntax highlight - poppler_utils # pdf preview + poppler-utils # pdf preview ffmpeg # audio preview ffmpegthumbnailer # video preview fontforge # font preview diff --git a/user/rofi.nix b/user/rofi.nix index c24a0ce..9a60f81 100644 --- a/user/rofi.nix +++ b/user/rofi.nix @@ -18,7 +18,7 @@ in config = { programs.rofi = { enable = true; - package = pkgs.rofi-wayland.override { + package = pkgs.rofi.override { plugins = with pkgs; [ rofi-emoji rofi-file-browser diff --git a/user/sway/swayidle.nix b/user/sway/swayidle.nix index b6541f3..365b63f 100644 --- a/user/sway/swayidle.nix +++ b/user/sway/swayidle.nix @@ -22,7 +22,7 @@ in { timeout = 1800; command = asScript "swayidle-suspend-monitors" '' - ${pkgs.mpc_cli}/bin/mpc status | grep "^[playing]" > /dev/null || ${pkgs.sway}/bin/swaymsg "output * dpms off" + ${pkgs.mpc}/bin/mpc status | grep "^[playing]" > /dev/null || ${pkgs.sway}/bin/swaymsg "output * dpms off" ''; resumeCommand = asScript "swayidle-wakeup-monitors" '' ${pkgs.sway}/bin/swaymsg "output * dpms on" diff --git a/user/waybar/default.nix b/user/waybar/default.nix index c9ec809..df9048f 100644 --- a/user/waybar/default.nix +++ b/user/waybar/default.nix @@ -136,7 +136,7 @@ in }; mpd = let - mpc = "${pkgs.mpc-cli}/bin/mpc"; + mpc = "${pkgs.mpc}/bin/mpc"; in { format = "{stateIcon} {title} - {artist}"; From 173febf6adb42f3e96db6e77e22093668270799b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Thu, 1 Jan 2026 17:47:53 -0300 Subject: [PATCH 02/11] phantom: 25.11 --- flake.lock | 39 +++++++++++---------------------------- flake.nix | 2 +- hosts/phantom/email.nix | 8 +++++--- 3 files changed, 17 insertions(+), 32 deletions(-) diff --git a/flake.lock b/flake.lock index 89fa4bb..bad48e1 100644 --- a/flake.lock +++ b/flake.lock @@ -297,11 +297,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { @@ -446,11 +446,11 @@ ] }, "locked": { - "lastModified": 1742649964, - "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", + "lastModified": 1763319842, + "narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761", "type": "github" }, "original": { @@ -585,20 +585,19 @@ "git-hooks": "git-hooks", "nixpkgs": [ "nixpkgs" - ], - "nixpkgs-25_05": "nixpkgs-25_05" + ] }, "locked": { - "lastModified": 1763302796, - "narHash": "sha256-mEc3SBjRYfMcbNFLxmCc5tRtlu3j+1q7zRz+nRraSFE=", + "lastModified": 1766537863, + "narHash": "sha256-HEt+wbazRgJYeY+lgj65bxhPyVc4x7NEB2bs5NU6DF8=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "5b38fb599f50e9d78325d1d2706e36303c166047", + "rev": "23f0a53ca6e58e61e1ea2b86791c69b79c91656d", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-25.05", + "ref": "nixos-25.11", "repo": "nixos-mailserver", "type": "gitlab" } @@ -619,22 +618,6 @@ "type": "github" } }, - "nixpkgs-25_05": { - "locked": { - "lastModified": 1747610100, - "narHash": "sha256-rpR5ZPMkWzcnCcYYo3lScqfuzEw5Uyfh+R0EKZfroAc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ca49c4304acf0973078db0a9d200fd2bae75676d", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.05", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-unstable": { "locked": { "lastModified": 1764242076, diff --git a/flake.nix b/flake.nix index c771af9..8fc0636 100644 --- a/flake.nix +++ b/flake.nix @@ -32,7 +32,7 @@ }; nixos-mailserver = { - url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.05"; + url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.11"; inputs.nixpkgs.follows = "nixpkgs"; }; diff --git a/hosts/phantom/email.nix b/hosts/phantom/email.nix index 105113b..60207e5 100644 --- a/hosts/phantom/email.nix +++ b/hosts/phantom/email.nix @@ -38,12 +38,14 @@ }; enableManageSieve = true; + + stateVersion = 3; }; # Prefer ipv4 and use main ipv6 to avoid reverse DNS issues - services.postfix.extraConfig = '' - smtp_address_preference = ipv4 - ''; + services.postfix.settings.main = { + smtp_address_preference = "ipv4"; + }; # Webmail services.roundcube = { From d7229a094859b2feab166e21f3481fef2b9289ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Wed, 31 Dec 2025 21:38:44 -0300 Subject: [PATCH 03/11] flake: update 25.11 --- flake.lock | 55 ++++++++++------------------- flake.nix | 6 ++-- hosts/phantom/email.nix | 8 +++-- pkgs/caffeinated/default.nix | 2 ++ pkgs/gnome-pass-search-provider.nix | 4 +-- pkgs/lipsum.nix | 4 +-- scripts/default.nix | 6 ++-- system/android.nix | 1 - system/configuration.nix | 12 +++---- system/fonts.nix | 2 +- system/media-packages.nix | 2 +- system/monolith-forgejo-runner.nix | 2 +- user/chat.nix | 2 +- user/gaming.nix | 2 +- user/home.nix | 2 +- user/kakoune/default.nix | 2 +- user/ranger/default.nix | 2 +- user/rofi.nix | 2 +- user/sway/swayidle.nix | 2 +- user/waybar/default.nix | 2 +- 20 files changed, 53 insertions(+), 67 deletions(-) diff --git a/flake.lock b/flake.lock index 88a754b..bad48e1 100644 --- a/flake.lock +++ b/flake.lock @@ -297,11 +297,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { @@ -446,11 +446,11 @@ ] }, "locked": { - "lastModified": 1742649964, - "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", + "lastModified": 1763319842, + "narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761", "type": "github" }, "original": { @@ -504,16 +504,16 @@ ] }, "locked": { - "lastModified": 1763992789, - "narHash": "sha256-WHkdBlw6oyxXIra/vQPYLtqY+3G8dUVZM8bEXk0t8x4=", + "lastModified": 1767280655, + "narHash": "sha256-YmaYMduV5ko8zURUT1VLGDbVC1L/bxHS0NsiPoZ6bBM=", "owner": "nix-community", "repo": "home-manager", - "rev": "44831a7eaba4360fb81f2acc5ea6de5fde90aaa3", + "rev": "d49d2543f02dbd789ed032188c84570d929223cb", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-25.05", + "ref": "release-25.11", "repo": "home-manager", "type": "github" } @@ -585,20 +585,19 @@ "git-hooks": "git-hooks", "nixpkgs": [ "nixpkgs" - ], - "nixpkgs-25_05": "nixpkgs-25_05" + ] }, "locked": { - "lastModified": 1763302796, - "narHash": "sha256-mEc3SBjRYfMcbNFLxmCc5tRtlu3j+1q7zRz+nRraSFE=", + "lastModified": 1766537863, + "narHash": "sha256-HEt+wbazRgJYeY+lgj65bxhPyVc4x7NEB2bs5NU6DF8=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "5b38fb599f50e9d78325d1d2706e36303c166047", + "rev": "23f0a53ca6e58e61e1ea2b86791c69b79c91656d", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-25.05", + "ref": "nixos-25.11", "repo": "nixos-mailserver", "type": "gitlab" } @@ -619,22 +618,6 @@ "type": "github" } }, - "nixpkgs-25_05": { - "locked": { - "lastModified": 1747610100, - "narHash": "sha256-rpR5ZPMkWzcnCcYYo3lScqfuzEw5Uyfh+R0EKZfroAc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ca49c4304acf0973078db0a9d200fd2bae75676d", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.05", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-unstable": { "locked": { "lastModified": 1764242076, @@ -698,16 +681,16 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1764316264, - "narHash": "sha256-82L+EJU+40+FIdeG4gmUlOF1jeSwlf2AwMarrpdHF6o=", + "lastModified": 1767047869, + "narHash": "sha256-tzYsEzXEVa7op1LTnrLSiPGrcCY6948iD0EcNLWcmzo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9a7b80b6f82a71ea04270d7ba11b48855681c4b0", + "rev": "89dbf01df72eb5ebe3b24a86334b12c27d68016a", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-25.05", + "ref": "nixos-25.11", "type": "indirect" } }, diff --git a/flake.nix b/flake.nix index eccc0de..8fc0636 100644 --- a/flake.nix +++ b/flake.nix @@ -1,10 +1,10 @@ { description = "My system config"; inputs = { - nixpkgs.url = "nixpkgs/nixos-25.05"; + nixpkgs.url = "nixpkgs/nixos-25.11"; nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; - home-manager.url = "github:nix-community/home-manager/release-25.05"; + home-manager.url = "github:nix-community/home-manager/release-25.11"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; vpsadminos.url = "github:vpsfreecz/vpsadminos"; @@ -32,7 +32,7 @@ }; nixos-mailserver = { - url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.05"; + url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.11"; inputs.nixpkgs.follows = "nixpkgs"; }; diff --git a/hosts/phantom/email.nix b/hosts/phantom/email.nix index 105113b..60207e5 100644 --- a/hosts/phantom/email.nix +++ b/hosts/phantom/email.nix @@ -38,12 +38,14 @@ }; enableManageSieve = true; + + stateVersion = 3; }; # Prefer ipv4 and use main ipv6 to avoid reverse DNS issues - services.postfix.extraConfig = '' - smtp_address_preference = ipv4 - ''; + services.postfix.settings.main = { + smtp_address_preference = "ipv4"; + }; # Webmail services.roundcube = { diff --git a/pkgs/caffeinated/default.nix b/pkgs/caffeinated/default.nix index 2545a5c..baba589 100644 --- a/pkgs/caffeinated/default.nix +++ b/pkgs/caffeinated/default.nix @@ -11,6 +11,7 @@ libbsd, wayland, wayland-protocols, + libcap, }: stdenv.mkDerivation { @@ -35,6 +36,7 @@ stdenv.mkDerivation { libbsd wayland wayland-protocols + libcap ]; makeFlags = [ "WAYLAND=1" ]; diff --git a/pkgs/gnome-pass-search-provider.nix b/pkgs/gnome-pass-search-provider.nix index ab2e94a..9acd6f4 100644 --- a/pkgs/gnome-pass-search-provider.nix +++ b/pkgs/gnome-pass-search-provider.nix @@ -2,7 +2,7 @@ stdenv, fetchFromGitHub, python3Packages, - wrapGAppsHook, + wrapGAppsHook3, gtk3, gobject-introspection, }: @@ -29,7 +29,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ python3Packages.wrapPython - wrapGAppsHook + wrapGAppsHook3 ]; propagatedBuildInputs = [ diff --git a/pkgs/lipsum.nix b/pkgs/lipsum.nix index de1b75a..ba4961f 100644 --- a/pkgs/lipsum.nix +++ b/pkgs/lipsum.nix @@ -3,7 +3,7 @@ fetchFromGitHub, pkg-config, vala, - wrapGAppsHook, + wrapGAppsHook3, }: stdenv.mkDerivation rec { pname = "lipsum"; @@ -19,7 +19,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkg-config vala - wrapGAppsHook + wrapGAppsHook3 ]; makeFlags = [ "PRG=${pname}" ]; diff --git a/scripts/default.nix b/scripts/default.nix index a94f939..dca8862 100644 --- a/scripts/default.nix +++ b/scripts/default.nix @@ -55,7 +55,7 @@ helix-man-pager = [ helix-pager ]; bcrypt = [ apacheHttpd ]; musmenu = [ - mpc-cli + mpc wdmenu trash-cli xdg-user-dirs @@ -113,11 +113,11 @@ mpv pqiv python3Packages.deemix - mpc-cli + mpc mpdDup ]; mpdDup = [ - mpc-cli + mpc perl ]; readQrCode = [ diff --git a/system/android.nix b/system/android.nix index 3cce4af..8f0b494 100644 --- a/system/android.nix +++ b/system/android.nix @@ -12,6 +12,5 @@ programs.kdeconnect.enable = true; programs.adb.enable = true; - services.udev.packages = [ pkgs.android-udev-rules ]; }; } diff --git a/system/configuration.nix b/system/configuration.nix index ec44aed..3ab8143 100644 --- a/system/configuration.nix +++ b/system/configuration.nix @@ -43,12 +43,12 @@ services.geoclue2.enable = true; - systemd.extraConfig = '' - DefaultTimeoutStopSec=10s - ''; - services.logind.extraConfig = '' - HandlePowerKey=suspend - ''; + systemd.settings.Manager = { + DefaultTimeoutStopSec = "10s"; + }; + services.logind.settings.Login = { + HandlePowerKey = "suspend"; + }; services.upower.enable = true; # This value determines the NixOS release from which the default diff --git a/system/fonts.nix b/system/fonts.nix index 73aa8f7..d9ef3d8 100644 --- a/system/fonts.nix +++ b/system/fonts.nix @@ -4,7 +4,7 @@ fonts.packages = with pkgs; [ noto-fonts noto-fonts-cjk-sans - noto-fonts-emoji + noto-fonts-color-emoji nerd-fonts.fira-code nerd-fonts.hack ]; diff --git a/system/media-packages.nix b/system/media-packages.nix index e452a0b..e35503e 100644 --- a/system/media-packages.nix +++ b/system/media-packages.nix @@ -18,7 +18,7 @@ in ffmpeg obs-studio imagemagick - mpc-cli + mpc helvum gimp inkscape diff --git a/system/monolith-forgejo-runner.nix b/system/monolith-forgejo-runner.nix index fa2b3c6..3297514 100644 --- a/system/monolith-forgejo-runner.nix +++ b/system/monolith-forgejo-runner.nix @@ -1,7 +1,7 @@ { pkgs, config, ... }: { services.gitea-actions-runner = { - package = pkgs.forgejo-actions-runner; + package = pkgs.forgejo-runner; instances.default = { enable = true; name = "monolith"; diff --git a/user/chat.nix b/user/chat.nix index b42f6fd..a001b2b 100644 --- a/user/chat.nix +++ b/user/chat.nix @@ -15,7 +15,7 @@ }; home.packages = with pkgs; [ - tdesktop + telegram-desktop discord-canary thunderbird element-desktop diff --git a/user/gaming.nix b/user/gaming.nix index 3e89361..7acda23 100644 --- a/user/gaming.nix +++ b/user/gaming.nix @@ -17,7 +17,7 @@ in # steam # It's enabled in the system config tlauncher gamescope - glxinfo + mesa-demos vulkan-tools ]; }; diff --git a/user/home.nix b/user/home.nix index 5683510..783b0d4 100644 --- a/user/home.nix +++ b/user/home.nix @@ -73,7 +73,7 @@ gavin-bc file jq - du-dust + dust p7zip tealdeer micro diff --git a/user/kakoune/default.nix b/user/kakoune/default.nix index 090246d..c5274c1 100644 --- a/user/kakoune/default.nix +++ b/user/kakoune/default.nix @@ -130,7 +130,7 @@ in terminal ranger bmenu - kak-lsp + kakoune-lsp kak-tree-sitter kak-pager kak-man-pager diff --git a/user/ranger/default.nix b/user/ranger/default.nix index 4b97170..2877888 100644 --- a/user/ranger/default.nix +++ b/user/ranger/default.nix @@ -19,7 +19,7 @@ wl-clipboard highlight # syntax highlight - poppler_utils # pdf preview + poppler-utils # pdf preview ffmpeg # audio preview ffmpegthumbnailer # video preview fontforge # font preview diff --git a/user/rofi.nix b/user/rofi.nix index c24a0ce..9a60f81 100644 --- a/user/rofi.nix +++ b/user/rofi.nix @@ -18,7 +18,7 @@ in config = { programs.rofi = { enable = true; - package = pkgs.rofi-wayland.override { + package = pkgs.rofi.override { plugins = with pkgs; [ rofi-emoji rofi-file-browser diff --git a/user/sway/swayidle.nix b/user/sway/swayidle.nix index b6541f3..365b63f 100644 --- a/user/sway/swayidle.nix +++ b/user/sway/swayidle.nix @@ -22,7 +22,7 @@ in { timeout = 1800; command = asScript "swayidle-suspend-monitors" '' - ${pkgs.mpc_cli}/bin/mpc status | grep "^[playing]" > /dev/null || ${pkgs.sway}/bin/swaymsg "output * dpms off" + ${pkgs.mpc}/bin/mpc status | grep "^[playing]" > /dev/null || ${pkgs.sway}/bin/swaymsg "output * dpms off" ''; resumeCommand = asScript "swayidle-wakeup-monitors" '' ${pkgs.sway}/bin/swaymsg "output * dpms on" diff --git a/user/waybar/default.nix b/user/waybar/default.nix index c9ec809..df9048f 100644 --- a/user/waybar/default.nix +++ b/user/waybar/default.nix @@ -136,7 +136,7 @@ in }; mpd = let - mpc = "${pkgs.mpc-cli}/bin/mpc"; + mpc = "${pkgs.mpc}/bin/mpc"; in { format = "{stateIcon} {title} - {artist}"; From bed85ce30969e65a31762d003109a81f65fbb1d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Thu, 1 Jan 2026 18:34:13 -0300 Subject: [PATCH 04/11] add stonehenge host --- flake.nix | 8 ++ hosts/stonehenge/default.nix | 135 ++++++++++++++++++++ hosts/stonehenge/hardware-configuration.nix | 48 +++++++ 3 files changed, 191 insertions(+) create mode 100644 hosts/stonehenge/default.nix create mode 100644 hosts/stonehenge/hardware-configuration.nix diff --git a/flake.nix b/flake.nix index 8fc0636..250b02b 100644 --- a/flake.nix +++ b/flake.nix @@ -187,6 +187,14 @@ ./hosts/phantom ]; }; + stonehenge = lib.nixosSystem { + inherit system specialArgs; + modules = [ + { nixpkgs.pkgs = pkgs; } + ./hosts/stonehenge + inputs.sops-nix.nixosModules.default + ]; + }; }; homeConfigurations.lelgenio = inputs.home-manager.lib.homeManagerConfiguration { diff --git a/hosts/stonehenge/default.nix b/hosts/stonehenge/default.nix new file mode 100644 index 0000000..2717816 --- /dev/null +++ b/hosts/stonehenge/default.nix @@ -0,0 +1,135 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "stonehenge"; # Define your hostname. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Enable networking + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "America/Sao_Paulo"; + + # Select internationalisation properties. + i18n.defaultLocale = "pt_BR.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "pt_BR.UTF-8"; + LC_IDENTIFICATION = "pt_BR.UTF-8"; + LC_MEASUREMENT = "pt_BR.UTF-8"; + LC_MONETARY = "pt_BR.UTF-8"; + LC_NAME = "pt_BR.UTF-8"; + LC_NUMERIC = "pt_BR.UTF-8"; + LC_PAPER = "pt_BR.UTF-8"; + LC_TELEPHONE = "pt_BR.UTF-8"; + LC_TIME = "pt_BR.UTF-8"; + }; + + # Enable the X11 windowing system. + # You can disable this if you're only using the Wayland session. + # services.xserver.enable = true; + + # Enable the KDE Plasma Desktop Environment. + services.displayManager.sddm.enable = true; + services.desktopManager.plasma6.enable = true; + + # Configure keymap in X11 + services.xserver.xkb = { + layout = "us"; + variant = "colemak"; + }; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable sound with pipewire. + services.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.user = { + isNormalUser = true; + description = "user"; + extraGroups = [ + "networkmanager" + "wheel" + ]; + packages = with pkgs; [ + # kdePackages.kate + # thunderbird + ]; + }; + + # Install firefox. + programs.firefox.enable = true; + + # # Allow unfree packages + # nixpkgs.config.allowUnfree = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "25.11"; # Did you read the comment? + +} diff --git a/hosts/stonehenge/hardware-configuration.nix b/hosts/stonehenge/hardware-configuration.nix new file mode 100644 index 0000000..192dd20 --- /dev/null +++ b/hosts/stonehenge/hardware-configuration.nix @@ -0,0 +1,48 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "usb_storage" + "usbhid" + "sd_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/d22f00a1-af56-4468-a041-96523befe151"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/FE31-5AA5"; + fsType = "vfat"; + options = [ + "fmask=0077" + "dmask=0077" + ]; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/533ceee7-721c-4bdc-9212-6043bf05b205"; } + ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} From c36c1f618bda8eb62279a6ddf37232f899235d30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Thu, 1 Jan 2026 18:45:58 -0300 Subject: [PATCH 05/11] stonehenge: add as gitlab runner --- .sops.yaml | 8 ++++++ hosts/stonehenge/default.nix | 3 ++ hosts/stonehenge/gitlab-runner.nix | 36 ++++++++++++++++++++++++ secrets/stonehenge/default.yaml | 44 ++++++++++++++++++++++++++++++ 4 files changed, 91 insertions(+) create mode 100644 hosts/stonehenge/gitlab-runner.nix create mode 100644 secrets/stonehenge/default.yaml diff --git a/.sops.yaml b/.sops.yaml index b93a6e2..d72a625 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -4,6 +4,7 @@ keys: - &monolith-ssh age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw - &double-rainbow-ssh age1026d4c8nqyapcsy4jz57szt6zw3ejcgv3ecyvz0s89t7w7z964fqdqv52h - &phantom-ssh age1m4mqcd2kmuhfr8a22rvh02c68jkakhdfmuqgtusuv0czk4jvna7sz79p3y + - &stonehenge-ssh age13y65zemwlfnf5pszspeh87utv5jrfm35varxjdsh78xhfhs7la3scm9l9g creation_rules: - path_regex: secrets/[^/]+\.(yaml|json|env|ini|gpg)$ @@ -35,3 +36,10 @@ creation_rules: age: - *lelgenio-ssh - *phantom-ssh + - path_regex: secrets/stonehenge/[^/]+\.(yaml|json|env|ini|gpg)$ + key_groups: + - pgp: + - *lelgenio-gpg + age: + - *lelgenio-ssh + - *stonehenge-ssh diff --git a/hosts/stonehenge/default.nix b/hosts/stonehenge/default.nix index 2717816..3c80bd4 100644 --- a/hosts/stonehenge/default.nix +++ b/hosts/stonehenge/default.nix @@ -8,6 +8,7 @@ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix + ./gitlab-runner.nix ]; # Bootloader. @@ -92,6 +93,8 @@ ]; }; + security.sudo.wheelNeedsPassword = false; + # Install firefox. programs.firefox.enable = true; diff --git a/hosts/stonehenge/gitlab-runner.nix b/hosts/stonehenge/gitlab-runner.nix new file mode 100644 index 0000000..65498fc --- /dev/null +++ b/hosts/stonehenge/gitlab-runner.nix @@ -0,0 +1,36 @@ +{ + config, + pkgs, + ... +}: +let + inherit (pkgs.callPackage ../../system/gitlab-runner.nix { }) mkNixRunnerFull; +in +{ + boot.kernel.sysctl."net.ipv4.ip_forward" = true; + virtualisation.docker.enable = true; + services.gitlab-runner = { + enable = true; + settings.concurrent = 4; + services = { + wopus-gitlab-nix = mkNixRunnerFull { + authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/wopus-gitlab-nix".path; + # nixCacheSshPrivateKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pk".path; + # nixCacheSshPublicKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pub".path; + }; + }; + }; + systemd.services.gitlab-runner.serviceConfig.Nice = 10; + + sops.secrets = { + "gitlab-runners/wopus-gitlab-nix" = { + sopsFile = ../../secrets/stonehenge/default.yaml; + }; + "gitlab-runners/wopus-ssh-nix-cache-pk" = { + sopsFile = ../../secrets/stonehenge/default.yaml; + }; + "gitlab-runners/wopus-ssh-nix-cache-pub" = { + sopsFile = ../../secrets/stonehenge/default.yaml; + }; + }; +} diff --git a/secrets/stonehenge/default.yaml b/secrets/stonehenge/default.yaml new file mode 100644 index 0000000..b8310ab --- /dev/null +++ b/secrets/stonehenge/default.yaml @@ -0,0 +1,44 @@ +gitlab-runners: + wopus-gitlab-nix: ENC[AES256_GCM,data:u+FYWx3yluA+zFk8VV7RB4TW1AP81K8Ntgd7QDHwb2w0bzQH7URmfF1PrQgZGu/r5Q4zOFgmyUkL6EML9KFFu+3QpilIOTXitiEoi/McOn0DnAOTLhW1Fbg42jKd3gTU9OyLDijlQs3ktyRRSg+1TIEsYNc=,iv:LjRyav0YVKtG79roC8KRS99cVVfu8IJRpAQ9w79PFa0=,tag:K2rjIn823sER+zHezFyAZw==,type:str] + wopus-ssh-nix-cache-pk: ENC[AES256_GCM,data:hAAMdGvTduLQe+e6g0BVrvDATsVuRX5LxLQA2LqFPrdeNVPNzlWt5dNY4PjDuGKKeOyIjfTP2a4R2tLhjzQzSmoUZZVCEijohIsoDLbTfXgDDSOwXiTTr2nj3Hw4+TiuMH/VRgpIzZVjJSweuDK2UmwhbJ3wtahE7iNYD0gZet9Ibnu3iHVW4NdZs0K9joVxJoAaY8ZQi95QC0NYV/8RZ3GQFm2sQK/I1XKEAZGZ9GK5TbRUxGh3HihX68xsxBv5avpXwURp4K/CXW6VCyhAiU21+kpTPxV1x6ZiUfmPqDUmqqV57HL6+z1g6bLb+XGBNU15L0xqItmGpc3ENV2MpTP79MXA8C2eXgkBr0ylnsoFjlrkff+oJbDtHUkWaRHEQvkQtD3JKPgi97PtuBt0qWlpXRsCXnKwH565pfgKu6SGZHZ+VHpAGI3fjtroLhnoCeV6tBpibHk/ADr826IicVJWAVzxTSRfiMA7o4wji7MJxLYf2p3PRixSpQ9oXCsUPykQ1a2jfDs+J0ov+p0u,iv:AXNYaZS6fGz/Jr2zNhvmKOYKj010wtwcatItB8hRs+c=,tag:DixvP6ZaqX9l8Z8KegkvUw==,type:str] + wopus-ssh-nix-cache-pub: ENC[AES256_GCM,data:5G+qIs/J8mwZxGyWkK0nts9E+iqbCe8Or4C4+HHuSr3dyJTmKxmA3a+DpxmbyQ0IKjKQgiz+uJbbRGR7ptzmJr7JvpNhaJO2/CR3MKvsoCpmgynenO2QIqsEidU1h1gqMV6OEDI3pDY3OE6K2M8D2jdYLqMXo5RRa7emEQhXhdQZ98OFgVrLFtrB72Fi/rTJE/tP,iv:JAopM5dwItYl68GDAQublg+C1S0Md3S3G/7GJ11azxQ=,tag:WAqEju2azXgerpIBrk+krw==,type:str] +sops: + age: + - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXWXZkSWUwZ0t0ekhBckxS + M0lIQ1FpWkY2dXhTVmZuYjJxeXhQSW85Ulg0Cm9GV1BqS29wU2FkaEVzazcwbCs1 + Zy9tV0ZxcFBwbFFaMzRwUWFHWUZadDAKLS0tIFdoMkVkZitjNmJhTUVMUjBQdjdi + TjFMZnZDelY2NWtwd1dETFUrUE44eGsKdRVF1QWlhO3obls8Fm+PSs/yzJOUbQ80 + GoWMqeD8qPVhO99Cy9DT0GWOk3DJQNQ55I7w6ctrhJ3XuZHzTyAqlg== + -----END AGE ENCRYPTED FILE----- + - recipient: age13y65zemwlfnf5pszspeh87utv5jrfm35varxjdsh78xhfhs7la3scm9l9g + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5TEIyU1dtK0ZWQmJLY0Z0 + cThwbTdmUkF5ZGgraFBSMjZRUmpiSkxZUFdJCnhBTDd2THlmczk1SE1qZ2VnRk5a + ejZGY2U1L1IxZ3BrdURNTURwRUJCaWsKLS0tIFdEUW5Kcmw5eGE5cFJYejRXTDYr + dC9MaDUvcG96djVFU1Fpb1NKZThNaUEKkxPikf5+veTmrXHU4sxtJO/LsQ3YB4j+ + vkIWWw4qV8zRrh+XxFXrFUURhDp11m/nlpzPERxjNzRs13VS2tXTrw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-01-01T21:41:02Z" + mac: ENC[AES256_GCM,data:VItjDJ1zVRc8qGty9651o1ZlHjPne98JrKeUT/2WAElK+A29IY+UVIlUtooOwwvSPC7kphoGfFSYK5+4emd4EyVbWovPyeYp04tV5/JGdj/3cVaSiXCD3HPM/v2BeiDy3aDAkaqeIg54PueddiSVU0snobCWB2/+DXU8Xly/+sM=,iv:x/3nXue1HkeZt9hKqk2Y9ciU2GK0Bbcp5zcJQdAiO58=,tag:OCKaxQQfTgfVvzYgqaqvsA==,type:str] + pgp: + - created_at: "2026-01-01T21:36:47Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQEMAzy6JxafzLr5AQf+I8mDQ00zcPxP4GJh5ldaVJSZ95OF7Pk0TmNmtQLaBHqE + Gj8MPa3CE8MyZBtFrWjt52yKcg0wIznd1Uo0HGteW2cMxGezCqioTIqNgXSQ+h/V + T751kH0MBOVscJUoEx3D7sdCsvk70WwnN2FdkFpA1NIDqsoHCT4MXGzcAMVTv/+K + Y630VFguV0Fcmy16Kry1EFVDSorio6BxwBnK2PG/uAQOEjTA8fLTVutc+h7glqjU + iiNPsv6MtB5gTp/Q+IPHgGmPpyCP2vN7i0ArVNFRQ2tf9tIeo/5FfgmWCH8CTcr5 + deK/UPwJ3u2o4OsVLQryx9TBVnBcFG31f+/kwIG4CNJcAZxl1w0DbS+zHtIu1Bo5 + oRAxj00EeM8Vp7FFA70Z38HSzFyvawomSrtzRNhRPoLOPemG59WH4621BL1HC9Rz + 8lhSEVRdw/BjmtNRRcLsw9NrAjGsHkkhkEluY1U= + =bhCO + -----END PGP MESSAGE----- + fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B + unencrypted_suffix: _unencrypted + version: 3.11.0 From 73315828f9ab9c1908b293ca18f8bc4b0c748463 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Thu, 1 Jan 2026 22:10:14 -0300 Subject: [PATCH 06/11] stonehenge: update config --- hosts/stonehenge/default.nix | 7 ++++ hosts/stonehenge/nebula-vpn.nix | 61 +++++++++++++++++++++++++++++++++ hosts/stonehenge/vagrant.nix | 57 ++++++++++++++++++++++++++++++ secrets/stonehenge/default.yaml | 8 +++-- switch-stonehenge | 1 + 5 files changed, 132 insertions(+), 2 deletions(-) create mode 100644 hosts/stonehenge/nebula-vpn.nix create mode 100644 hosts/stonehenge/vagrant.nix create mode 100755 switch-stonehenge diff --git a/hosts/stonehenge/default.nix b/hosts/stonehenge/default.nix index 3c80bd4..4f0ff32 100644 --- a/hosts/stonehenge/default.nix +++ b/hosts/stonehenge/default.nix @@ -9,6 +9,11 @@ # Include the results of the hardware scan. ./hardware-configuration.nix ./gitlab-runner.nix + ./nebula-vpn.nix + ./vagrant.nix + + ../../system/sops.nix + ../../system/nix.nix ]; # Bootloader. @@ -95,6 +100,8 @@ security.sudo.wheelNeedsPassword = false; + virtualisation.virtualbox.host.enable = true; + # Install firefox. programs.firefox.enable = true; diff --git a/hosts/stonehenge/nebula-vpn.nix b/hosts/stonehenge/nebula-vpn.nix new file mode 100644 index 0000000..6666fc4 --- /dev/null +++ b/hosts/stonehenge/nebula-vpn.nix @@ -0,0 +1,61 @@ +{ pkgs, config, ... }: +let + s = config.sops.secrets; + + secretConfig = { + owner = "nebula-wopus"; + group = "nebula-wopus"; + restartUnits = [ "nebula@wopus.service" ]; + sopsFile = ../../secrets/stonehenge/default.yaml; + }; +in +{ + environment.systemPackages = with pkgs; [ nebula ]; + + services.nebula.networks.wopus = { + enable = true; + isLighthouse = false; + lighthouses = [ + "192.168.88.1" + "192.168.88.2" + "192.168.88.3" + ]; + settings = { + cipher = "aes"; + }; + cert = s."nebula-wopus-vpn/stonehenge-crt".path; + key = s."nebula-wopus-vpn/stonehenge-key".path; + ca = s."nebula-wopus-vpn/ca-crt".path; + staticHostMap = { + "192.168.88.1" = [ + "neubla-vpn.wopus.dev:4242" + ]; + "192.168.88.2" = [ + "82.25.77.78:4242" + ]; + "192.168.88.3" = [ + "72.60.60.221:4242" + ]; + }; + firewall.outbound = [ + { + host = "any"; + port = "any"; + proto = "any"; + } + ]; + firewall.inbound = [ + { + host = "any"; + port = "any"; + proto = "any"; + } + ]; + }; + + sops.secrets = { + "nebula-wopus-vpn/ca-crt" = secretConfig; + "nebula-wopus-vpn/stonehenge-crt" = secretConfig; + "nebula-wopus-vpn/stonehenge-key" = secretConfig; + }; +} diff --git a/hosts/stonehenge/vagrant.nix b/hosts/stonehenge/vagrant.nix new file mode 100644 index 0000000..33ac64b --- /dev/null +++ b/hosts/stonehenge/vagrant.nix @@ -0,0 +1,57 @@ +{ pkgs, ... }: +let + vagrantScript = pkgs.writeScriptBin "vagrant-vnode-05" '' + #!${pkgs.bash}/bin/bash + set -euo pipefail + + export PATH="${ + pkgs.lib.makeBinPath ( + with pkgs; + [ + vagrant + curl + openssh + virtualbox + ] + ) + }:$PATH" + export VNODE_NAME=vnode-05 + + cd /home/user/kubernetes-cluster/vnodes + exec ${pkgs.vagrant}/bin/vagrant up + ''; +in +{ + environment.systemPackages = with pkgs; [ + vagrant + curl + openssh + ]; + + users.users.user.extraGroups = [ "vboxusers" ]; + + systemd.services.vagrant-vnode-05 = { + description = "Vagrant vnode-05 service"; + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = "${vagrantScript}/bin/vagrant-vnode-05"; + User = "user"; + WorkingDirectory = "/home/user/kubernetes-cluster/vnodes"; + Environment = "PATH=${ + pkgs.lib.makeBinPath ( + with pkgs; + [ + vagrant + curl + openssh + virtualbox + ] + ) + }:$PATH"; + }; + wantedBy = [ "multi-user.target" ]; + }; +} diff --git a/secrets/stonehenge/default.yaml b/secrets/stonehenge/default.yaml index b8310ab..2db1ef6 100644 --- a/secrets/stonehenge/default.yaml +++ b/secrets/stonehenge/default.yaml @@ -2,6 +2,10 @@ gitlab-runners: wopus-gitlab-nix: ENC[AES256_GCM,data:u+FYWx3yluA+zFk8VV7RB4TW1AP81K8Ntgd7QDHwb2w0bzQH7URmfF1PrQgZGu/r5Q4zOFgmyUkL6EML9KFFu+3QpilIOTXitiEoi/McOn0DnAOTLhW1Fbg42jKd3gTU9OyLDijlQs3ktyRRSg+1TIEsYNc=,iv:LjRyav0YVKtG79roC8KRS99cVVfu8IJRpAQ9w79PFa0=,tag:K2rjIn823sER+zHezFyAZw==,type:str] wopus-ssh-nix-cache-pk: ENC[AES256_GCM,data:hAAMdGvTduLQe+e6g0BVrvDATsVuRX5LxLQA2LqFPrdeNVPNzlWt5dNY4PjDuGKKeOyIjfTP2a4R2tLhjzQzSmoUZZVCEijohIsoDLbTfXgDDSOwXiTTr2nj3Hw4+TiuMH/VRgpIzZVjJSweuDK2UmwhbJ3wtahE7iNYD0gZet9Ibnu3iHVW4NdZs0K9joVxJoAaY8ZQi95QC0NYV/8RZ3GQFm2sQK/I1XKEAZGZ9GK5TbRUxGh3HihX68xsxBv5avpXwURp4K/CXW6VCyhAiU21+kpTPxV1x6ZiUfmPqDUmqqV57HL6+z1g6bLb+XGBNU15L0xqItmGpc3ENV2MpTP79MXA8C2eXgkBr0ylnsoFjlrkff+oJbDtHUkWaRHEQvkQtD3JKPgi97PtuBt0qWlpXRsCXnKwH565pfgKu6SGZHZ+VHpAGI3fjtroLhnoCeV6tBpibHk/ADr826IicVJWAVzxTSRfiMA7o4wji7MJxLYf2p3PRixSpQ9oXCsUPykQ1a2jfDs+J0ov+p0u,iv:AXNYaZS6fGz/Jr2zNhvmKOYKj010wtwcatItB8hRs+c=,tag:DixvP6ZaqX9l8Z8KegkvUw==,type:str] wopus-ssh-nix-cache-pub: ENC[AES256_GCM,data:5G+qIs/J8mwZxGyWkK0nts9E+iqbCe8Or4C4+HHuSr3dyJTmKxmA3a+DpxmbyQ0IKjKQgiz+uJbbRGR7ptzmJr7JvpNhaJO2/CR3MKvsoCpmgynenO2QIqsEidU1h1gqMV6OEDI3pDY3OE6K2M8D2jdYLqMXo5RRa7emEQhXhdQZ98OFgVrLFtrB72Fi/rTJE/tP,iv:JAopM5dwItYl68GDAQublg+C1S0Md3S3G/7GJ11azxQ=,tag:WAqEju2azXgerpIBrk+krw==,type:str] +nebula-wopus-vpn: + ca-crt: ENC[AES256_GCM,data:hV4V9wqOVUhkx6EtNOz1Dd+JzOuWFwwVwFAqkZIOdF4zIAOUvJHN2iUq1bMVLJOWpMcaxTTuXKXTKPbujs8K8TDzpRQzM22SD5o8aZAyPfif/GDUFFaLBygZropM7lUD9WDbjOucCRBKoj9cbazLsabixF1gVR/lZxyPBaquoIlBWvUiFbF5P3CLQGZ5ENprHvHRuFPciiw0JqJJNme/gaz2CBXRbEYxjVFCjwFEYQrxcMxhRw+p/eHCVzUmnOBo+09HFYpBZvIY5Q8F+MPxstWIaeEzn3Spfiw9lRGw7/r6V+Vd8ppKcKWQfgVYynY=,iv:CQjMsZc4oFP4ZDifvynVrh0w1zvXX+g93HOOsdEV2WE=,tag:gRSKJbgkzyLJyHhRqVBL9A==,type:str] + stonehenge-crt: ENC[AES256_GCM,data:y1FQvKI3AOvp8K04qghseuhvaL/yYfjl1lTX2z0f1u61VfLMOPj7R0jR48D5bHXfrTD6exxny6wEy3wuWP105rkLD8oxehzNuT2jgUu85OB3w3yZHdPmW+8lftZcd21BwO0uPTab8EOB19wOCMYuGnO7JL/IRwPTFXVOmKx99+jD5mh5370yB05VVMflSlmA4iCbCvvhTmB1eHFc9a5g687Rwi5PlPEhaaEUDnjyZByO7Uu1nrBBtd5koQIDshIhuQKsVeB4AIOF6EER8dYlLSu9G6GS1cVKuaNoMiUfXLn0Y9kdDDRqetuCteGEd8euwUWGq5XVFIhlOfU6cZOR/wUskrUYWQ+3MApk6TJQQd9HBSU9SoARJZXPXX/RgCIFczeW/dIc1oPRfagnKECS4g==,iv:HSIcmYJib6SsuTbDV4zFePBryCIy0nzV8O5NSAjwuQs=,tag:bonhzMDsyvC/Gn5HLHrJkQ==,type:str] + stonehenge-key: ENC[AES256_GCM,data:HstlV1VXX6edP5XrPUanUfO8yK20imHXwYsV/q/W4IyA+yEH9inYt4oiw3cIvGawx7gfvOpsqU4IUxLsNr4EE83qg3YqkMrnGjYuHTe1LfGsktGhibbCqw4+kcqb12bywuXmPLb9EI4KBCzUi7EQTh4sLEGsqiujS0aUC4qutQ==,iv:RKT2ZM1NeA4MmfbyVvIQ96lNvErSydF8668oHyo4LHg=,tag:EhZlHF7PdAQ0whu/JxIbWw==,type:str] sops: age: - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h @@ -22,8 +26,8 @@ sops: dC9MaDUvcG96djVFU1Fpb1NKZThNaUEKkxPikf5+veTmrXHU4sxtJO/LsQ3YB4j+ vkIWWw4qV8zRrh+XxFXrFUURhDp11m/nlpzPERxjNzRs13VS2tXTrw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-01-01T21:41:02Z" - mac: ENC[AES256_GCM,data:VItjDJ1zVRc8qGty9651o1ZlHjPne98JrKeUT/2WAElK+A29IY+UVIlUtooOwwvSPC7kphoGfFSYK5+4emd4EyVbWovPyeYp04tV5/JGdj/3cVaSiXCD3HPM/v2BeiDy3aDAkaqeIg54PueddiSVU0snobCWB2/+DXU8Xly/+sM=,iv:x/3nXue1HkeZt9hKqk2Y9ciU2GK0Bbcp5zcJQdAiO58=,tag:OCKaxQQfTgfVvzYgqaqvsA==,type:str] + lastmodified: "2026-01-01T22:54:16Z" + mac: ENC[AES256_GCM,data:OF2RLQTbuiW3ba9VBhmJCq3UUlVACe/lxhY9RAjctaZBXTutjH84JuYG9idXiJkZkkG5l9OIez3WueLsU44RG1UgkbHAM5d6RrXsvsleVux0hViH0CIAB4K7NaeA+urgM3TQbXlBVgY2w18bA/BpcbxH3HiMC+9/iOWWJMBZ0RM=,iv:MtRBqhc71fzjLXE8S54woNnCL+0iqFhQ28N+Zz9RSyM=,tag:Aa+wJcyaTjamZ0fA2P9oQg==,type:str] pgp: - created_at: "2026-01-01T21:36:47Z" enc: |- diff --git a/switch-stonehenge b/switch-stonehenge new file mode 100755 index 0000000..066d2a7 --- /dev/null +++ b/switch-stonehenge @@ -0,0 +1 @@ +nixos-rebuild switch --flake .#stonehenge -L --target-host stonehenge-lan --build-host stonehenge-lan --sudo From a0cea5009912de7b605e76d344164e81ffdd8c2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Fri, 2 Jan 2026 13:39:17 -0300 Subject: [PATCH 07/11] mouse: remove quirks for Logitech G502 X PLUS --- system/mouse.nix | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/system/mouse.nix b/system/mouse.nix index b5d5b16..c09ccdd 100644 --- a/system/mouse.nix +++ b/system/mouse.nix @@ -1,15 +1,4 @@ { # Allow configuring Logitech Peripherals services.ratbagd.enable = true; - - # Sway does not undersand high resolution scroll wheels - # I don't need this, so I disable it - environment.etc."libinput/local-overrides.quirks".text = '' - [Logitech G502 X PLUS] - MatchUdevType=mouse - MatchBus=usb - MatchVendor=0x046D - MatchProduct=0x4099 - AttrEventCode=-REL_WHEEL_HI_RES - ''; } From a225e19f39cf17c7008774b32bb750ca51e2654e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Sat, 3 Jan 2026 19:12:06 -0300 Subject: [PATCH 08/11] sway: add logging --- system/greetd.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/system/greetd.nix b/system/greetd.nix index 73ea5c3..94d20e1 100644 --- a/system/greetd.nix +++ b/system/greetd.nix @@ -42,9 +42,13 @@ in }; services.greetd = let + start-sway = pkgs.writeShellScriptBin "start-sway" '' + mkdir -p ~/.local/share/sway + exec sway 2>&1 | tee -a ~/.local/share/sway/sway.log + ''; greetd_main_script = pkgs.writeShellScriptBin "main" '' export XDG_CURRENT_DESKTOP=sway GTK_THEME="${theme.gtk_theme}" XCURSOR_THEME="${theme.cursor_theme}" - ${pkgs.greetd.gtkgreet}/bin/gtkgreet -l -c ${desktop} + ${pkgs.greetd.gtkgreet}/bin/gtkgreet -l -c ${lib.getExe start-sway} swaymsg exit ''; swayConfig = pkgs.writeText "greetd-sway-config" '' @@ -68,7 +72,7 @@ in enable = true; settings = { initial_session = { - command = desktop; + command = lib.getExe start-sway; user = "lelgenio"; }; default_session = { From 7bf1b25831e88e607b3a1ed8012775228c0a0a5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Sat, 3 Jan 2026 19:12:38 -0300 Subject: [PATCH 09/11] Revert "mouse: remove quirks for Logitech G502 X PLUS" This reverts commit a0cea5009912de7b605e76d344164e81ffdd8c2b. --- system/mouse.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/system/mouse.nix b/system/mouse.nix index c09ccdd..b5d5b16 100644 --- a/system/mouse.nix +++ b/system/mouse.nix @@ -1,4 +1,15 @@ { # Allow configuring Logitech Peripherals services.ratbagd.enable = true; + + # Sway does not undersand high resolution scroll wheels + # I don't need this, so I disable it + environment.etc."libinput/local-overrides.quirks".text = '' + [Logitech G502 X PLUS] + MatchUdevType=mouse + MatchBus=usb + MatchVendor=0x046D + MatchProduct=0x4099 + AttrEventCode=-REL_WHEEL_HI_RES + ''; } From 22859c4dd015063416c8f56c055104d50d033d1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Tue, 6 Jan 2026 22:05:23 -0300 Subject: [PATCH 10/11] mouse: fix quirk for Logitech G502 X PLUS --- system/mouse.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/mouse.nix b/system/mouse.nix index b5d5b16..efec37f 100644 --- a/system/mouse.nix +++ b/system/mouse.nix @@ -10,6 +10,6 @@ MatchBus=usb MatchVendor=0x046D MatchProduct=0x4099 - AttrEventCode=-REL_WHEEL_HI_RES + AttrEventCode=-REL_WHEEL_HI_RES;-REL_HWHEEL_HI_RES; ''; } From 16196d7204d791b31a8e0385b16d0fc8a7ea23c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Wed, 7 Jan 2026 01:07:34 -0300 Subject: [PATCH 11/11] mangohud: update config, make it easy to tweak --- user/mangohud.nix | 148 +++++++++++++++++++++++++++------------------- 1 file changed, 87 insertions(+), 61 deletions(-) diff --git a/user/mangohud.nix b/user/mangohud.nix index 639314a..6994bcb 100644 --- a/user/mangohud.nix +++ b/user/mangohud.nix @@ -1,71 +1,97 @@ -{ config, lib, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.mangohud; + + settings = { + # Display + no_display = true; # Hidden by default + toggle_hud = "Shift_R+F12"; + font_size = "20"; + + # GPU + pci_dev = "0:03:00.0"; + gpu_text = "RX 7800 XT"; + gpu_stats = true; + gpu_load_change = true; + gpu_load_value = "50,90"; + gpu_load_color = "FFFFFF,FFAA7F,CC0000"; + gpu_voltage = true; + throttling_status = true; + gpu_core_clock = true; + gpu_mem_clock = true; + gpu_temp = true; + gpu_mem_temp = true; + gpu_junction_temp = true; + gpu_fan = true; + gpu_power = true; + + # CPU + cpu_text = "R7 8700G"; + cpu_stats = true; + core_load = true; + core_bars = true; + cpu_load_change = true; + cpu_load_value = "50,90"; + cpu_load_color = "FFFFFF,FFAA7F,CC0000"; + cpu_mhz = true; + cpu_temp = true; + cpu_power = true; + io_read = true; + io_write = true; + + # RAM + swap = true; + vram = true; + vram_color = "AD64C1"; + ram = true; + ram_color = "C26693"; + procmem = true; + + # FPS + fps = true; + fps_metrics = "avg,0.01"; + frame_timing = true; + frametime_color = "FFFFFF"; + throttling_status_graph = true; + show_fps_limit = true; + fps_limit = "240,144,120,90,60,30,0"; + + # Extra + resolution = true; + fsr = true; + winesync = true; + present_mode = true; + fps_color_change = true; + fps_color = "B22222,FDFD09,39F900"; + fps_value = "60,144"; + }; + in { options.my.mangohud.enable = lib.mkEnableOption { }; - config.programs.mangohud = lib.mkIf cfg.enable { - enable = true; - enableSessionWide = true; - settings = { - full = true; - # histogram = true; - no_display = true; - fps_limit = "0,30,60,72,90,120,144,240,288,320"; - toggle_fps_limit = "Shift_R+F10"; - toggle_preset = "Control_R+F9"; - fps_metrics = "Control_R+F8"; + config = lib.mkIf cfg.enable { + programs.mangohud = { + enable = true; + enableSessionWide = true; + inherit settings; + }; - media_player = false; - battery = false; - - # legacy_layout = "false"; - # gpu_stats = true; - # gpu_temp = true; - # gpu_core_clock = true; - # gpu_mem_clock = true; - # gpu_power = true; - # gpu_load_change = true; - # gpu_load_value = "50,90"; - gpu_load_color = "FFFFFF,FFAA7F,CC0000"; - # gpu_text = "GPU"; - # cpu_stats = true; - # cpu_temp = true; - # cpu_power = true; - # cpu_mhz = true; - # cpu_load_change = true; - # core_load_change = true; - # cpu_load_value = "50,90"; - cpu_load_color = "FFFFFF,FFAA7F,CC0000"; - cpu_color = "2e97cb"; - # cpu_text = "CPU"; - # io_stats = true; - # io_read = true; - # io_write = true; - io_color = "a491d3"; - # swap = true; - # vram = true; - vram_color = "ad64c1"; - # ram = true; - ram_color = "c26693"; - # fps = true; - engine_color = "eb5b5b"; - gpu_color = "2e9762"; - wine_color = "eb5b5b"; - # frame_timing = "1"; - frametime_color = "00ff00"; - media_player_color = "ffffff"; - background_alpha = "0.8"; - font_size = "24"; - - background_color = "020202"; - position = "top-left"; - # text_color = "ffffff"; - round_corners = "10"; - toggle_hud = "Shift_R+F12"; - # toggle_logging = "Shift_L+F12"; - # output_folder = "/home/lelgenio"; + # Have the config file be a regular file and not a symlink, so it's easy to tinker with it + xdg.configFile."MangoHud/MangoHud.conf" = { + target = "MangoHud/MangoHud.conf.tmp"; + onChange = '' + mkdir -p "${config.xdg.configHome}/MangoHud" + if [ -L "${config.xdg.configHome}/MangoHud/MangoHud.conf" ]; then + rm "${config.xdg.configHome}/MangoHud/MangoHud.conf" + fi + ${pkgs.coreutils}/bin/cp --dereference "${config.xdg.configHome}/MangoHud/MangoHud.conf.tmp" "${config.xdg.configHome}/MangoHud/MangoHud.conf" + ''; }; }; }