From 114beec6ec1612078bb3c6619fb97baa8cc7811c Mon Sep 17 00:00:00 2001 From: emily Date: Wed, 12 Jun 2024 15:00:55 +0200 Subject: [PATCH 01/11] Remove unused bindings config files --- config/common/networking.nix | 4 ++-- config/hosts/_minimal/configuration.nix | 2 +- config/hosts/crime/configuration.nix | 2 +- config/hosts/crime/nginx.nix | 2 +- config/hosts/girldick/configuration.nix | 2 +- config/hosts/integra/configuration.nix | 2 +- config/hosts/integra/disko.nix | 2 +- config/hosts/integra/hardware-configuration.nix | 8 ++++---- config/hosts/lain/configuration.nix | 2 +- config/hosts/lain/iso.nix | 2 +- config/hosts/ns-nbg/configuration.nix | 2 +- config/hosts/ryuuko/disko.nix | 2 +- config/hosts/ryuuko/hardware-configuration-qemu.nix | 2 +- config/hosts/ryuuko/hardware-configuration.nix | 2 +- config/hosts/web-dus/configuration.nix | 2 +- config/profiles/builder.nix | 2 +- config/profiles/graphical/nixvim.nix | 2 +- config/profiles/kartoffel.nix | 2 +- config/profiles/lxc.nix | 2 +- config/profiles/rpi.nix | 2 +- config/services/nginx.nix | 2 +- config/services/nyastodon.nix | 2 +- config/services/vaultwarden.nix | 2 +- 23 files changed, 27 insertions(+), 27 deletions(-) diff --git a/config/common/networking.nix b/config/common/networking.nix index 6e7197e..575776c 100644 --- a/config/common/networking.nix +++ b/config/common/networking.nix @@ -1,12 +1,12 @@ -{ config, lib, ... }: with lib; { +{ lib, ... }: with lib; { networking = { domain = mkDefault "kyouma.net"; + dhcpcd.enable = false; nftables.enable = mkDefault true; firewall.logRefusedConnections = mkDefault false; }; systemd.network.enable = true; - networking.dhcpcd.enable = false; services.resolved = { enable = true; diff --git a/config/hosts/_minimal/configuration.nix b/config/hosts/_minimal/configuration.nix index d0d5afd..51a64de 100644 --- a/config/hosts/_minimal/configuration.nix +++ b/config/hosts/_minimal/configuration.nix @@ -1,4 +1,4 @@ -{ modulesPath, config, lib, inputs, pkgs, ... }: { +{ modulesPath, inputs, pkgs, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/profiles/qemu-guest.nix") diff --git a/config/hosts/crime/configuration.nix b/config/hosts/crime/configuration.nix index edaedb8..fcceeca 100644 --- a/config/hosts/crime/configuration.nix +++ b/config/hosts/crime/configuration.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: { +{ ... }: { imports = [ ../../common ../../profiles/headless.nix diff --git a/config/hosts/crime/nginx.nix b/config/hosts/crime/nginx.nix index 51bd544..693d4e7 100644 --- a/config/hosts/crime/nginx.nix +++ b/config/hosts/crime/nginx.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ pkgs, ... }: let landingPage = pkgs.writeTextDir "index.html" '' diff --git a/config/hosts/girldick/configuration.nix b/config/hosts/girldick/configuration.nix index e718540..bc69ddc 100644 --- a/config/hosts/girldick/configuration.nix +++ b/config/hosts/girldick/configuration.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, inputs, ... }: { +{ lib, ... }: { imports = [ ../../common ../../profiles/kartoffel.nix diff --git a/config/hosts/integra/configuration.nix b/config/hosts/integra/configuration.nix index fa437d0..5d42029 100644 --- a/config/hosts/integra/configuration.nix +++ b/config/hosts/integra/configuration.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: { +{ ... }: { imports = [ ../../common ../../profiles/builder.nix diff --git a/config/hosts/integra/disko.nix b/config/hosts/integra/disko.nix index f8d67cb..a1d2d3b 100644 --- a/config/hosts/integra/disko.nix +++ b/config/hosts/integra/disko.nix @@ -1,4 +1,4 @@ -{ config, inputs, ... }: { +{ inputs, ... }: { imports = [ inputs.disko.nixosModules.disko ]; diff --git a/config/hosts/integra/hardware-configuration.nix b/config/hosts/integra/hardware-configuration.nix index 8f25c7e..980a8d6 100644 --- a/config/hosts/integra/hardware-configuration.nix +++ b/config/hosts/integra/hardware-configuration.nix @@ -1,7 +1,7 @@ -{ config, lib, pkgs, modulesPath, ... }: { - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; +{ modulesPath, ... }: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_scsi" ]; boot.initrd.kernelModules = [ ]; diff --git a/config/hosts/lain/configuration.nix b/config/hosts/lain/configuration.nix index f5ab462..6270131 100644 --- a/config/hosts/lain/configuration.nix +++ b/config/hosts/lain/configuration.nix @@ -1,4 +1,4 @@ -{ config, inputs, lib, pkgs, ... }: { +{ lib, pkgs, ... }: { imports = [ ../../common ../../profiles/rpi.nix diff --git a/config/hosts/lain/iso.nix b/config/hosts/lain/iso.nix index 07d6fa7..69bfdbf 100644 --- a/config/hosts/lain/iso.nix +++ b/config/hosts/lain/iso.nix @@ -1,4 +1,4 @@ -{ config, lib, inputs, ... }: { +{ lib, inputs, ... }: { imports = [ "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" ./configuration.nix diff --git a/config/hosts/ns-nbg/configuration.nix b/config/hosts/ns-nbg/configuration.nix index 80da880..094f0a0 100644 --- a/config/hosts/ns-nbg/configuration.nix +++ b/config/hosts/ns-nbg/configuration.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: { +{ ... }: { imports = [ ../../common ../../profiles/headless.nix diff --git a/config/hosts/ryuuko/disko.nix b/config/hosts/ryuuko/disko.nix index 9ef8dc0..3f9005a 100644 --- a/config/hosts/ryuuko/disko.nix +++ b/config/hosts/ryuuko/disko.nix @@ -1,4 +1,4 @@ -{ config, inputs, ... }: { +{ inputs, ... }: { imports = [ inputs.disko.nixosModules.disko ]; diff --git a/config/hosts/ryuuko/hardware-configuration-qemu.nix b/config/hosts/ryuuko/hardware-configuration-qemu.nix index ec41814..0e90a17 100644 --- a/config/hosts/ryuuko/hardware-configuration-qemu.nix +++ b/config/hosts/ryuuko/hardware-configuration-qemu.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, modulesPath, ... }: +{ modulesPath, ... }: { imports = diff --git a/config/hosts/ryuuko/hardware-configuration.nix b/config/hosts/ryuuko/hardware-configuration.nix index 53e743c..f502bef 100644 --- a/config/hosts/ryuuko/hardware-configuration.nix +++ b/config/hosts/ryuuko/hardware-configuration.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, modulesPath, ... }: +{ modulesPath, ... }: { imports = diff --git a/config/hosts/web-dus/configuration.nix b/config/hosts/web-dus/configuration.nix index 0dcce37..5f2d701 100644 --- a/config/hosts/web-dus/configuration.nix +++ b/config/hosts/web-dus/configuration.nix @@ -1,4 +1,4 @@ -{ config, inputs, lib, pkgs, ... }: { +{ config, inputs, lib, ... }: { imports = [ inputs.fernglas.nixosModules.default inputs.kyouma-www.nixosModules.default diff --git a/config/profiles/builder.nix b/config/profiles/builder.nix index c1d259b..896f3da 100644 --- a/config/profiles/builder.nix +++ b/config/profiles/builder.nix @@ -6,7 +6,7 @@ min-free = ${builtins.toString (4096 * 1024 * 1024)} max-free = ${builtins.toString (8192 * 1024 * 1024)} max-substitution-jobs = 20 - max-silent-time = 3600 + max-silent-time = 7200 ''; users.users.build = { isNormalUser = true; diff --git a/config/profiles/graphical/nixvim.nix b/config/profiles/graphical/nixvim.nix index 2cc292a..9f348f8 100644 --- a/config/profiles/graphical/nixvim.nix +++ b/config/profiles/graphical/nixvim.nix @@ -1,4 +1,4 @@ -{config, pkgs, inputs, ... }: { +{ pkgs, inputs, ... }: { home-manager.users.emily.imports = [ inputs.nixvim.homeManagerModules.nixvim ]; diff --git a/config/profiles/kartoffel.nix b/config/profiles/kartoffel.nix index 63af825..7efd229 100644 --- a/config/profiles/kartoffel.nix +++ b/config/profiles/kartoffel.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: { +{ ... }: { services.resolved = { extraConfig = '' DNS = [2a0f:be01::1] diff --git a/config/profiles/lxc.nix b/config/profiles/lxc.nix index aadeafa..006d34a 100644 --- a/config/profiles/lxc.nix +++ b/config/profiles/lxc.nix @@ -1,4 +1,4 @@ -{ lib, modulesPath, ... }: { +{ modulesPath, ... }: { imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ]; diff --git a/config/profiles/rpi.nix b/config/profiles/rpi.nix index a44ba17..03d86b9 100644 --- a/config/profiles/rpi.nix +++ b/config/profiles/rpi.nix @@ -1,4 +1,4 @@ -{ config, inputs, lib, pkgs, ... }: { +{ inputs, pkgs, ... }: { imports = [ inputs.nixos-hardware.nixosModules.raspberry-pi-4 ]; diff --git a/config/services/nginx.nix b/config/services/nginx.nix index 1f3a3e4..6f8e773 100644 --- a/config/services/nginx.nix +++ b/config/services/nginx.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: with lib; { +{ config, lib, ... }: with lib; { kyouma.deployment.tags = [ "web" ]; security.dhparams.enable = true; security.dhparams.params.nginx = {}; diff --git a/config/services/nyastodon.nix b/config/services/nyastodon.nix index d998e44..457043e 100644 --- a/config/services/nyastodon.nix +++ b/config/services/nyastodon.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: { +{ config, pkgs, ... }: { services.mastodon = { enable = true; package = pkgs.nyastodon; diff --git a/config/services/vaultwarden.nix b/config/services/vaultwarden.nix index 03d36a3..953bf83 100644 --- a/config/services/vaultwarden.nix +++ b/config/services/vaultwarden.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: { +{ config, ... }: { sops.secrets."services/vaultwarden/environmentFile" = { sopsFile = ../../secrets/services/vaultwarden.yaml; owner = "vaultwarden"; From c4f3ccc4b5434983ce1a7f5f987936583d31bd39 Mon Sep 17 00:00:00 2001 From: emily Date: Wed, 12 Jun 2024 15:10:04 +0200 Subject: [PATCH 02/11] Add new Display and fix hyprlock in graphical profile --- config/profiles/graphical/default.nix | 40 ++++++++++--------- .../graphical/files/scripts/rofi_powermenu.sh | 4 +- 2 files changed, 23 insertions(+), 21 deletions(-) diff --git a/config/profiles/graphical/default.nix b/config/profiles/graphical/default.nix index dfd6d5e..73f5b23 100644 --- a/config/profiles/graphical/default.nix +++ b/config/profiles/graphical/default.nix @@ -25,13 +25,15 @@ services.udisks2.enable = true; environment.variables = { - SDL_VIDEODRIVER = "wayland"; - QT_QPA_PLATFORM = "wayland"; - QT_WAYLAND_DISABLE_WINDOWDECORATION = "1"; + CLUTTER_BACKEND = "wayland"; GDK_BACKEND = "wayland,x11"; MOZ_ENABLE_WAYLAND = "1"; - CLUTTER_BACKEND = "wayland"; - LIBVA_DRIVER_NAME = "iHD"; + QT_QPA_PLATFORM = "wayland;xcb"; + QT_WAYLAND_DISABLE_WINDOWDECORATION = "1"; + SDL_VIDEODRIVER = "wayland"; + LIBVA_DRIVER_NAME = "radeonsi"; + MESA_VK_DEVICE_SELECT = "1002:73df"; + WLR_DRM_DEVICES = "$HOME/.config/hypr/external-gpu:$HOME/.config/hypr/internal-gpu"; }; xdg.icons.enable = true; xdg.portal = { @@ -121,7 +123,7 @@ source = pkgs.writeShellApplication { name = "rofi-powermenu"; text = builtins.readFile ./files/scripts/rofi_powermenu.sh; - runtimeInputs = with pkgs; [ rofi coreutils-full toybox xdg-user-dirs ]; + runtimeInputs = with pkgs; [ rofi hyprlock coreutils-full toybox xdg-user-dirs ]; }; }; home.file."./local/bin/hypr/rofi_screenshot.sh" = { @@ -268,21 +270,21 @@ "eDP-1, 3840x2400@60, 0x0, 1, bitdepth, 10" #"eDP-1, 2560x1600@60, 0x0, 1, bitdepth, 10" #"eDP-1, 1920x1200@60, 0x0, 1, bitdepth, 10" - "desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455, 2560x1440@143.972,3840x0, 1,bitdepth,10" - "desc:Samsung Electric Company S27E500 0x3043394D, 1920x1080@70,6400x180, 1" + "desc:Dell Inc. AW3225QF FXK2YZ3, 3840x2160@120,5280x0,1, bitdepth,10, vrr,2" + "desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455, 2560x1440@144,3840x-350,1, bitdepth,10, transform,1" ",preferred,auto,1" ]; workspace = [ - "1, monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455, default:true" - "2, monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455" - "3, monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455" - "4, monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455" - "5, monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455" - "6, monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455" + "1, monitor:desc:Dell Inc. AW3225QF FXK2YZ3, default:true" + "2, monitor:desc:Dell Inc. AW3225QF FXK2YZ3" + "3, monitor:desc:Dell Inc. AW3225QF FXK2YZ3" + "4, monitor:desc:Dell Inc. AW3225QF FXK2YZ3" + "5, monitor:desc:Dell Inc. AW3225QF FXK2YZ3" + "6, monitor:desc:Dell Inc. AW3225QF FXK2YZ3" "7, monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455" - "8, monitor:desc:Samsung Electric Company S27E500 0x3043394D" - "9, monitor:desc:Samsung Electric Company S27E500 0x3043394D" - "10,monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455" + "8, monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455" + "9, monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455" + "10,monitor:desc:Dell Inc. AW3225QF FXK2YZ3" ]; windowrule = [ "float, foot-float" @@ -313,7 +315,7 @@ # Misc "$mod, C, exec, ~/.local/bin/hypr/colorpicker.sh" - "CTRL_ALT, L, exec, ${pkgs.hyprlock}/bin/hyprlock" + "CTRL_ALT, L, exec, ${pkgs.systemd}/bin/loginctl lock-session" # Function keys ", XF86AudioMute, exec, ${pactl} set-sink-mute @DEFAULT_SINK@ toggle" @@ -726,7 +728,7 @@ services.swayidle = let - hyprlock = "${pkgs.hyprlock}/bin/hyprlock"; + hyprlock = "pidof hyprlock || ${pkgs.hyprlock}/bin/hyprlock"; in { enable = true; systemdTarget = "hyprland-session.target"; diff --git a/config/profiles/graphical/files/scripts/rofi_powermenu.sh b/config/profiles/graphical/files/scripts/rofi_powermenu.sh index 3a2c032..4a209b9 100755 --- a/config/profiles/graphical/files/scripts/rofi_powermenu.sh +++ b/config/profiles/graphical/files/scripts/rofi_powermenu.sh @@ -59,11 +59,11 @@ confirm_run () { # Execute Command run_cmd() { if [[ "$1" == '--opt1' ]]; then - hyprlock + pidof hyprlock || hyprlock elif [[ "$1" == '--opt2' ]]; then confirm_run 'hyprctl dispatch exit 0' elif [[ "$1" == '--opt3' ]]; then - confirm_run 'pulsemixer --mute' 'hyprlock' 'systemctl suspend' #"$DIR/scripts/lockscreen" + confirm_run 'pulsemixer --mute' 'systemctl suspend' elif [[ "$1" == '--opt4' ]]; then confirm_run 'systemctl hibernate' elif [[ "$1" == '--opt5' ]]; then From 88b7a63bb05bf21e508f9382af2a78c3d84b543e Mon Sep 17 00:00:00 2001 From: emily Date: Wed, 12 Jun 2024 15:12:45 +0200 Subject: [PATCH 03/11] Add uptime-kuma to services --- config/services/uptime-kuma.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 config/services/uptime-kuma.nix diff --git a/config/services/uptime-kuma.nix b/config/services/uptime-kuma.nix new file mode 100644 index 0000000..9498778 --- /dev/null +++ b/config/services/uptime-kuma.nix @@ -0,0 +1,18 @@ +{ ... }:{ + services.uptime-kuma = { + enable = true; + appriseSupport = true; + settings = { + HOST = "::1"; + PORT = "3001"; + NODE_EXTRA_CA_CERTS = "/etc/ssl/certs/ca-certificates.crt"; + }; + }; + kyouma.nginx.virtualHosts."uptime.kyouma.net" = { + locations."/" = { + proxyPass = "http://[::1]:3001"; + proxyWebsockets = true; + }; + }; + security.acme.certs."uptime.kyouma.net" = {}; +} From 4ffe117269ff3aa1871127a7437db1e6759e87a2 Mon Sep 17 00:00:00 2001 From: emily Date: Wed, 12 Jun 2024 16:20:58 +0200 Subject: [PATCH 04/11] Add `physical` system profile --- config/hosts/ryuuko/configuration.nix | 5 ++--- config/profiles/physical.nix | 12 ++++++++++++ 2 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 config/profiles/physical.nix diff --git a/config/hosts/ryuuko/configuration.nix b/config/hosts/ryuuko/configuration.nix index 2ee1d17..7354d71 100644 --- a/config/hosts/ryuuko/configuration.nix +++ b/config/hosts/ryuuko/configuration.nix @@ -3,8 +3,9 @@ inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-extreme-gen4 ../../common ../../profiles/graphical - ./hardware-configuration.nix + ../../profiles/physical.nix ./disko.nix + ./hardware-configuration.nix ]; boot.extraModprobeConfig = '' @@ -27,7 +28,6 @@ }; hardware.bluetooth.enable = true; - hardware.cpu.intel.updateMicrocode = true; hardware.gpgSmartcards.enable = true; hardware.nitrokey.enable = true; @@ -44,7 +44,6 @@ extraBackends = [ pkgs.utsushi ]; }; - kyouma.machine-type.physical = true; kyouma.machine-type.portable = true; networking.hostName = "ryuuko"; diff --git a/config/profiles/physical.nix b/config/profiles/physical.nix new file mode 100644 index 0000000..792b192 --- /dev/null +++ b/config/profiles/physical.nix @@ -0,0 +1,12 @@ +{ pkgs, ... }:{ + environment.systemPackages = with pkgs; [ + pciutils + usbutils + ]; + hardware.cpu.intel.updateMicrocode = true; + hardware.enableAllFirmware = true; + + kyouma.machine-type.physical = true; + + services.fwupd.enable = true; +} From ab50d3e1c0ca05e36943d76b690b8090d9a84f31 Mon Sep 17 00:00:00 2001 From: emily Date: Wed, 12 Jun 2024 16:22:17 +0200 Subject: [PATCH 05/11] Add emilia to hosts --- config/hosts/emilia/configuration.nix | 36 +++++++++ config/hosts/emilia/disko.nix | 80 +++++++++++++++++++ .../hosts/emilia/hardware-configuration.nix | 9 +++ 3 files changed, 125 insertions(+) create mode 100644 config/hosts/emilia/configuration.nix create mode 100644 config/hosts/emilia/disko.nix create mode 100644 config/hosts/emilia/hardware-configuration.nix diff --git a/config/hosts/emilia/configuration.nix b/config/hosts/emilia/configuration.nix new file mode 100644 index 0000000..0f49a4f --- /dev/null +++ b/config/hosts/emilia/configuration.nix @@ -0,0 +1,36 @@ +{ ... }:{ + imports = [ + ../../common + ../../profiles/headless.nix + ../../profiles/physical.nix + ../../services/forgejo.nix + ../../services/nginx.nix + ../../services/uptime-kuma.nix + ../../services/vaultwarden.nix + ./disko.nix + ./hardware-configuration.nix + ]; + boot.initrd.kernelModules = [ "i915" ]; + boot.initrd.supportedFilesystems = [ "btrfs" ]; + + kyouma.machine-type.physical = true; + kyouma.nginx.defaultForbidden = "uptime.kyouma.net"; + + networking.hostName = "emilia"; + systemd.network.networks."98-eth-default" = { + matchConfig.Type = "ether"; + matchConfig.Name = "enp0s31f6"; + networkConfig = { + IPv6AcceptRA = false; + }; + addresses = [ + { addressConfig.Address = "95.217.83.107/26"; } + { addressConfig.Address = "2a01:4f9:4a:1f5f::1/64"; } + ]; + routes = [ + { routeConfig.Gateway = "95.217.83.65"; } + { routeConfig.Gateway = "fe80::1"; } + ]; + }; + +} diff --git a/config/hosts/emilia/disko.nix b/config/hosts/emilia/disko.nix new file mode 100644 index 0000000..1f0b4ad --- /dev/null +++ b/config/hosts/emilia/disko.nix @@ -0,0 +1,80 @@ +{ inputs, ... }: { + imports = [ + inputs.disko.nixosModules.disko + ]; + disko.devices = { + disk.bb-nvme0n1 = { + device = "/dev/disk/by-id/nvme-eui.343337304e4032870025384100000001"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + BOOT = { + type = "EF00"; + size = "512M"; + content = { + type = "mdraid"; + name = "boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "/dev/disk/by-partlabel/disk-aa-nvme1n1-root" "-f" "-d raid1" "-m raid1" ]; + subvolumes = { + "nixos" = { + mountpoint = "/"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "var" = { + mountpoint = "/var"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "home" = { + mountpoint = "/home"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "nix" = { + mountpoint = "/nix"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + }; + }; + }; + }; + }; + }; + disk.aa-nvme1n1 = { + device = "/dev/disk/by-id/nvme-eui.343337304d8021880025384500000001"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + BOOT = { + type = "EF00"; + size = "512M"; + content = { + type = "mdraid"; + name = "boot"; + }; + }; + root = { + size = "100%"; + }; + }; + }; + }; + mdadm.boot = { + type = "mdadm"; + level = 1; + metadata = "1.0"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" "defaults" ]; + }; + }; + }; +} diff --git a/config/hosts/emilia/hardware-configuration.nix b/config/hosts/emilia/hardware-configuration.nix new file mode 100644 index 0000000..887595f --- /dev/null +++ b/config/hosts/emilia/hardware-configuration.nix @@ -0,0 +1,9 @@ +{ modulesPath, ... }: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" ]; + boot.kernelModules = [ "kvm-intel" ]; +} + From 2cf362376c8d49ec7bc7d0afb0c1c14483d58e75 Mon Sep 17 00:00:00 2001 From: emily Date: Wed, 12 Jun 2024 16:36:08 +0200 Subject: [PATCH 06/11] Add systemd-boot to physical profile --- config/hosts/ryuuko/configuration.nix | 4 ---- config/profiles/physical.nix | 4 ++++ 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/hosts/ryuuko/configuration.nix b/config/hosts/ryuuko/configuration.nix index 7354d71..0aa61d5 100644 --- a/config/hosts/ryuuko/configuration.nix +++ b/config/hosts/ryuuko/configuration.nix @@ -22,10 +22,6 @@ "rcu_nocbs=0-8" ]; - boot.loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; hardware.bluetooth.enable = true; hardware.gpgSmartcards.enable = true; diff --git a/config/profiles/physical.nix b/config/profiles/physical.nix index 792b192..0dde86f 100644 --- a/config/profiles/physical.nix +++ b/config/profiles/physical.nix @@ -1,4 +1,8 @@ { pkgs, ... }:{ + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; environment.systemPackages = with pkgs; [ pciutils usbutils From 28817ddac9d4caf2aba09c933317812aee908222 Mon Sep 17 00:00:00 2001 From: emily Date: Wed, 12 Jun 2024 17:06:23 +0200 Subject: [PATCH 07/11] Fix deprecated networkd and forgejo settings --- config/common/networking.nix | 1 + config/hosts/emilia/configuration.nix | 8 ++++---- config/hosts/integra/configuration.nix | 5 +---- config/hosts/ns-nbg/configuration.nix | 6 +++--- config/profiles/kartoffel.nix | 2 +- config/profiles/lxc.nix | 1 - config/services/forgejo.nix | 2 +- 7 files changed, 11 insertions(+), 14 deletions(-) diff --git a/config/common/networking.nix b/config/common/networking.nix index 575776c..c63063e 100644 --- a/config/common/networking.nix +++ b/config/common/networking.nix @@ -2,6 +2,7 @@ networking = { domain = mkDefault "kyouma.net"; dhcpcd.enable = false; + useDHCP = false; nftables.enable = mkDefault true; firewall.logRefusedConnections = mkDefault false; }; diff --git a/config/hosts/emilia/configuration.nix b/config/hosts/emilia/configuration.nix index 0f49a4f..d6f52fd 100644 --- a/config/hosts/emilia/configuration.nix +++ b/config/hosts/emilia/configuration.nix @@ -24,12 +24,12 @@ IPv6AcceptRA = false; }; addresses = [ - { addressConfig.Address = "95.217.83.107/26"; } - { addressConfig.Address = "2a01:4f9:4a:1f5f::1/64"; } + { Address = "95.217.83.107/26"; } + { Address = "2a01:4f9:4a:1f5f::1/64"; } ]; routes = [ - { routeConfig.Gateway = "95.217.83.65"; } - { routeConfig.Gateway = "fe80::1"; } + { Gateway = "95.217.83.65"; } + { Gateway = "fe80::1"; } ]; }; diff --git a/config/hosts/integra/configuration.nix b/config/hosts/integra/configuration.nix index 5d42029..63a8f1a 100644 --- a/config/hosts/integra/configuration.nix +++ b/config/hosts/integra/configuration.nix @@ -14,10 +14,7 @@ kyouma.machine-type.physical = true; - networking = { - hostName = "integra"; - useDHCP = false; - }; + networking.hostName = "integra"; systemd.network.networks."98-eth-default" = { matchConfig.Type = "ether"; diff --git a/config/hosts/ns-nbg/configuration.nix b/config/hosts/ns-nbg/configuration.nix index 094f0a0..af51a9d 100644 --- a/config/hosts/ns-nbg/configuration.nix +++ b/config/hosts/ns-nbg/configuration.nix @@ -6,7 +6,7 @@ ]; kyouma.machine-type.physical = false; - systemd.network.networks."98-eth-static" = { + systemd.network.networks."98-eth-default" = { matchConfig.Type = "ether"; matchConfig.Name = "e*"; linkConfig.RequiredForOnline = "routable"; @@ -20,8 +20,8 @@ "185.244.193.190/22" ]; routes = [ - { routeConfig.Gateway = "fe80::1"; } - { routeConfig.Gateway = "185.244.192.1"; } + { Gateway = "fe80::1"; } + { Gateway = "185.244.192.1"; } ]; }; services.powerdns = { diff --git a/config/profiles/kartoffel.nix b/config/profiles/kartoffel.nix index 7efd229..b587a86 100644 --- a/config/profiles/kartoffel.nix +++ b/config/profiles/kartoffel.nix @@ -14,7 +14,7 @@ IPv6AcceptRA = false; }; routes = [ - { routeConfig.Gateway = "fe80::1"; } + { Gateway = "fe80::1"; } ]; }; } diff --git a/config/profiles/lxc.nix b/config/profiles/lxc.nix index 006d34a..2393b9f 100644 --- a/config/profiles/lxc.nix +++ b/config/profiles/lxc.nix @@ -14,6 +14,5 @@ }; }; - networking.useDHCP = false; networking.useHostResolvConf = false; } diff --git a/config/services/forgejo.nix b/config/services/forgejo.nix index e2c5d12..d431bec 100644 --- a/config/services/forgejo.nix +++ b/config/services/forgejo.nix @@ -5,7 +5,7 @@ }; services.forgejo = { enable = true; - mailerPasswordFile = config.sops.secrets."services/forgejo/mailerPassword".path; + secrets.mailer.PASSWD = config.sops.secrets."services/forgejo/mailerPassword".path; database = { createDatabase = true; type = "postgres"; From f2a212f1b6af773b37266a37dc67205ab2e48013 Mon Sep 17 00:00:00 2001 From: emily Date: Wed, 12 Jun 2024 20:25:41 +0200 Subject: [PATCH 08/11] Fix network and storage on emilia --- config/hosts/emilia/configuration.nix | 11 +++++------ config/hosts/emilia/disko.nix | 21 ++++++--------------- 2 files changed, 11 insertions(+), 21 deletions(-) diff --git a/config/hosts/emilia/configuration.nix b/config/hosts/emilia/configuration.nix index d6f52fd..2aeb3b7 100644 --- a/config/hosts/emilia/configuration.nix +++ b/config/hosts/emilia/configuration.nix @@ -18,13 +18,12 @@ networking.hostName = "emilia"; systemd.network.networks."98-eth-default" = { - matchConfig.Type = "ether"; - matchConfig.Name = "enp0s31f6"; - networkConfig = { - IPv6AcceptRA = false; - }; + matchConfig.MACAddress = "04:d4:c4:39:73:f6"; addresses = [ - { Address = "95.217.83.107/26"; } + { + Address = "95.217.83.107/32"; + Peer = "95.217.83.65/32"; + } { Address = "2a01:4f9:4a:1f5f::1/64"; } ]; routes = [ diff --git a/config/hosts/emilia/disko.nix b/config/hosts/emilia/disko.nix index 1f0b4ad..7eb15c2 100644 --- a/config/hosts/emilia/disko.nix +++ b/config/hosts/emilia/disko.nix @@ -13,8 +13,9 @@ type = "EF00"; size = "512M"; content = { - type = "mdraid"; - name = "boot"; + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; }; }; root = { @@ -55,8 +56,9 @@ type = "EF00"; size = "512M"; content = { - type = "mdraid"; - name = "boot"; + type = "filesystem"; + format = "vfat"; + mountpoint = null; }; }; root = { @@ -65,16 +67,5 @@ }; }; }; - mdadm.boot = { - type = "mdadm"; - level = 1; - metadata = "1.0"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" "defaults" ]; - }; - }; }; } From 7a1292eda94b742b12b8cbccb9a9b2747b531e7b Mon Sep 17 00:00:00 2001 From: emily Date: Wed, 12 Jun 2024 22:46:54 +0200 Subject: [PATCH 09/11] Add emilias key to sops config --- .sops.yaml | 6 +++--- secrets/services/forgejo.yaml | 24 ++++++++++++------------ secrets/services/vaultwarden.yaml | 24 ++++++++++++------------ 3 files changed, 27 insertions(+), 27 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 6a70ab5..2d3cd07 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,7 +1,7 @@ keys: - &emily B04F01A7A98A13020C39B4A68AB7B773A214ACE5 - &seras age1ht2wetcyl9rzu45e02pqqwgmyfsfe6y6ygxyuxpfhnkdm62d3pqsg3uqvd - - &alucard age1ht2wetcyl9rzu45e02pqqwgmyfsfe6y6ygxyuxpfhnkdm62d3pqsg3uqvd + - &emilia age1pjn7q6qs49jenr40dhsxa8x5g4z6elsh0pk0tc5pxg6pl0nzgc6scakynn creation_rules: - path_regex: secrets/services/dns-knot.yaml key_groups: @@ -20,13 +20,13 @@ creation_rules: - pgp: - *emily age: - - *alucard + - *emilia - path_regex: secrets/services/vaultwarden.yaml key_groups: - pgp: - *emily age: - - *alucard + - *emilia - path_regex: secrets/services/hydra.yaml key_groups: - pgp: diff --git a/secrets/services/forgejo.yaml b/secrets/services/forgejo.yaml index 90478bd..be09999 100644 --- a/secrets/services/forgejo.yaml +++ b/secrets/services/forgejo.yaml @@ -7,27 +7,27 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age1ht2wetcyl9rzu45e02pqqwgmyfsfe6y6ygxyuxpfhnkdm62d3pqsg3uqvd + - recipient: age1pjn7q6qs49jenr40dhsxa8x5g4z6elsh0pk0tc5pxg6pl0nzgc6scakynn enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkd3djMk56SytWVmo5RDNw - NHMvUEtRMGZyUzFiakVGZE1aWTFjZnJkbFM4Cjk0a2FqdXVhdnNzUUxBWmlJc0tX - VWRyalNLMVRzcWQ4MnM4UlhYSEkwUWMKLS0tIG9VUVdsQ3VBc1BnZTgvb3B4c3l3 - azZWZ1ZzV01LTVJ5YW9DREd3NmRYMm8KDJ/tAgBGmATYSY39IR2SXKxOqTVkcijC - MI7kq5wqQBZP/yHdCrjQymnqH8Nvxf0s3iXpGBlPxURfowe+iH5F3A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpWm1qS1NTM1l5QnFDRkha + a0phMGRxV05sL012RXFaYUpCZ2N5L0x3eVM0CnE2NUxMWm8rdnRYRlUyeFFDUHYr + cElyU2RVMmJacnVsWWw1VG5Na2Vidm8KLS0tIGR0aFRCVkZYRU5FMU5rT0ZBU0tU + ODRObVRsRnFVOThDMGlxc1gxdHJqSDAK1SExfC7p67F2tY03QGW3TVUIXr5beFDU + McLdfLI7pIwBuazIAvs3Ln5Gd5XEfgJpmnzyrhfjW1S71f3vW2RpBQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-05-02T14:54:13Z" mac: ENC[AES256_GCM,data:N5mdPONsyiUy5TGUI2rurxyd5Lczt7pMwdhI7eKqk5ZThZAf6dni/xhv+gO5LXDHTIdtopFegsk3t5FWtkCK+U6B+1ouU8E6mBDLTwVHa0+cZcf42eTipAATLxGjQRhgHxfUSfU4ndke96Nx6MN/F57n+fUAmMyrenhJunlCLnc=,iv:rMpOparLNS4yxFra6x1LT7kuYQQETD/UVFIZ2buVTLM=,tag:QLC+t6yCHlVgA6N0vlCHJg==,type:str] pgp: - - created_at: "2024-05-02T14:52:36Z" + - created_at: "2024-06-12T20:46:38Z" enc: |- -----BEGIN PGP MESSAGE----- - hF4D1GtNSlou/HkSAQdARZLi4xZr9dGTiHolSWZreUv6PzkAT2q+/orYXzeiO20w - fRrP5wiXgxA+15zzloqz6JPFhdwunGLum7zcQ2oqOvj/X+9TCd0KP+iu/PpIaUPJ - 0l4BPEMOXUwlK0Ll1z0vwjlabQkuGvvKEWVquaWP+uqwX8VkBnv4rZimiI9J8P3p - sIuqm66WGEDHI5MuX4GuBKcd78wRm4d3c5KY6cuk8AzfO5+0wKPcKgB/KyGCzi/n - =SNC/ + hF4D1GtNSlou/HkSAQdAJRWAlEuaIfiHnBMvRqPOunNkBwC0s/8jODy0UJZ/T2Uw + tc3GMsi9SiFoa5LJMUKJX+thC4Ci10F7t6PNiH7zWB/VIqjaGhWtTNf0Lab87IHp + 0l4BaVO4WvWaTqV4zXGAdQUAdVIKMZv7X8UgCQCNvaJA56m3+kgD9a2axJyo/Wh8 + fNTHH96n5X3Vqd7b9/cEqQ+oyk5UPbKsJUHHUcKwTAq1W5v/L/aszQ5g8kMmWlat + =cNKg -----END PGP MESSAGE----- fp: B04F01A7A98A13020C39B4A68AB7B773A214ACE5 unencrypted_suffix: _unencrypted diff --git a/secrets/services/vaultwarden.yaml b/secrets/services/vaultwarden.yaml index f0b796b..2e4a24b 100644 --- a/secrets/services/vaultwarden.yaml +++ b/secrets/services/vaultwarden.yaml @@ -7,27 +7,27 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age1ht2wetcyl9rzu45e02pqqwgmyfsfe6y6ygxyuxpfhnkdm62d3pqsg3uqvd + - recipient: age1pjn7q6qs49jenr40dhsxa8x5g4z6elsh0pk0tc5pxg6pl0nzgc6scakynn enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUYlRnYWU0V3dOdXNYVDNP - akh2T1dUa3VxVDFMQW8rWURWRUxLNXkwWDJRCloyUGlRbGZFY2owWldxblAvK1l2 - S0UrODBFK1l0Rlp4VktlNGtONHFQWmcKLS0tICtYQkxQdlBMTGgwSGJIWHBpTWN2 - Zzc0U3JJOGJDNTViNmpsM1RGYkRSYlEK5TwOYuhhtkD3S1gJGQWTDzr7z0MX9Lwx - lSMz7CYrJtVM+Ec+IBIMXopBOnrQWvOeBgEhN9KYfngLGNbUaJelFw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvZEwzNThxcytPVUVwQUE1 + eUUyTFp3NjRpcStZaEFLb2pCS2JGUlFtYmk4ClQxQm1EdVdmeks5VVVaTCtjT3Z0 + TWtMdy9xeGwwTUlpZHFoNVptbVQ5WnMKLS0tIGlwVTVxSTRmMGNTTkhRaWh1enp1 + MktVZ0VUbEFOY2xkcUhvQlBFdXhtaGMKkZrL4ePjGaV6Xa1zo+6osC6uT3YfYP/A + Sju9hALA36ACnE3QoIE5Rnhme4KwiIA6+VZlIU4OHAB8YPIewmvCCA== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-05-03T13:05:08Z" mac: ENC[AES256_GCM,data:xQtCP1lRVQvr3rY/Cb3eW7tAwUSge8yFMuYSzMRUzbaNz03dHU3lhp/FGFDa1aWvbxT9YdKr4rIY2sUlMAK5ltw5uiiOXo5RA0wiC80A9bRVudnxCpF0cvwzBUZyY4I5ydAKE+peKLf76GRVE9awkZLmCu/B+P/R9AuS0GEZxKA=,iv:G3HF5py8bTnbJZBSWDHPVY6yI/ZlDaTEG0XCq0t+ykY=,tag:bs95sOcYsLn1Pls8TpqzHw==,type:str] pgp: - - created_at: "2024-05-03T12:00:19Z" + - created_at: "2024-06-12T20:46:24Z" enc: |- -----BEGIN PGP MESSAGE----- - hF4D1GtNSlou/HkSAQdA/lTtX2vY6hjiqZUniapNKZBVC7paxWONm33g8GyZgj4w - mAlvN+ydpKWy2MzMpJ30ZQVv9at9OzBJyUWYWC8BU3vhv9JTxua382lDhO1IvQdw - 0l4BZayJ3woOdhIfX6BUE2jZTTBSEpdHT0hs2EVIBZSFi9fHsFpmdTGS0xAqmhra - l8nuCAPCImuRYkOHm1LIKL/QT7rPy7pcj4dXWVq/u9zexEEA24kdPvF32GQaPIbf - =bUVv + hF4D1GtNSlou/HkSAQdA4mSNSVTN1OTVnF8Rtmf7N/zBy4O/Mo44h5fOiZ6mrnIw + ij5NVUS4ndUhJy3eWalmDVFcUonHctRnGDRgfSMXGCS7RUikHn1wir0ZwVEWtTcQ + 0lwBE2Cc3tr1txXwl94bQtzFJIalVGFO6M/X/D/8sxFR0anNLfsRYrBMQUaPBM0o + vSe70n3gbQEFGXdOjc978/OFNtUNHmTasSIE3lR6My/U+D/v7cpRQ/8MPSaopA== + =GMv6 -----END PGP MESSAGE----- fp: B04F01A7A98A13020C39B4A68AB7B773A214ACE5 unencrypted_suffix: _unencrypted From b6331e6569caf51f0abac2faa03f5813a423c0be Mon Sep 17 00:00:00 2001 From: emily Date: Thu, 13 Jun 2024 00:23:22 +0200 Subject: [PATCH 10/11] Fix firewall on emilia --- config/hosts/emilia/configuration.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/config/hosts/emilia/configuration.nix b/config/hosts/emilia/configuration.nix index 2aeb3b7..61e2ea8 100644 --- a/config/hosts/emilia/configuration.nix +++ b/config/hosts/emilia/configuration.nix @@ -16,7 +16,10 @@ kyouma.machine-type.physical = true; kyouma.nginx.defaultForbidden = "uptime.kyouma.net"; - networking.hostName = "emilia"; + networking = { + firewall.allowedTCPPorts = [ 80 443 ]; + hostName = "emilia"; + }; systemd.network.networks."98-eth-default" = { matchConfig.MACAddress = "04:d4:c4:39:73:f6"; addresses = [ From d57bac44610f2fc4744ebd37cb3b0ea8b9aacc57 Mon Sep 17 00:00:00 2001 From: Update Bot Date: Thu, 13 Jun 2024 04:20:58 +0200 Subject: [PATCH 11/11] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'disko': 'github:nix-community/disko/c1cfbfad7cb45f0c177b35b59ba67d1b5fc7ca82' (2024-06-10) → 'github:nix-community/disko/832a9f2c81ff3485404bd63952eadc17bf7ccef2' (2024-06-13) • Updated input 'home-manager': 'github:nix-community/home-manager/3d65009effd77cb0d6e7520b68b039836a7606cf' (2024-06-09) → 'github:nix-community/home-manager/8d5e27b4807d25308dfe369d5a923d87e7dbfda3' (2024-06-13) • Updated input 'nixos-hardware': 'github:nixos/nixos-hardware/58b52b0dd191af70f538c707c66c682331cfdffc' (2024-06-10) → 'github:nixos/nixos-hardware/9e848e173ca83adf884815c66edc08652ef9ade8' (2024-06-12) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/051f920625ab5aabe37c920346e3e69d7d34400e' (2024-06-07) → 'github:nixos/nixpkgs/57d6973abba7ea108bac64ae7629e7431e0199b6' (2024-06-12) • Updated input 'nixvim': 'github:nix-community/nixvim/33a32c94176feebd3ff5259ce418b989b428d5ae' (2024-06-10) → 'github:nix-community/nixvim/cc9023fb1d74fad3b7b704a1c161a2ce9f378431' (2024-06-12) • Updated input 'nixvim/nix-darwin': 'github:lnl7/nix-darwin/c0d5b8c54d6828516c97f6be9f2d00c63a363df4' (2024-05-29) → 'github:lnl7/nix-darwin/315aa649ba307704db0b16c92f097a08a65ec955' (2024-06-09) • Updated input 'nixvim/treefmt-nix': 'github:numtide/treefmt-nix/4fc1c45a5f50169f9f29f6a98a438fb910b834ed' (2024-06-08) → 'github:numtide/treefmt-nix/1cb529bffa880746a1d0ec4e0f5076876af931f1' (2024-06-11) • Updated input 'sops-nix': 'github:Mic92/sops-nix/d071c74a7de1e26d211b69b6fbae37ae2e31a87f' (2024-06-10) → 'github:Mic92/sops-nix/c279dec105dd53df13a5e57525da97905cc0f0d6' (2024-06-11) • Updated input 'stylix': 'github:danth/stylix/f060e4059b408b2cc1891ce655d0f6bef4e21a5b' (2024-06-11) → 'github:danth/stylix/e59d2c1725b237c362e4a62f5722f5b268d566c7' (2024-06-11) --- flake.lock | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index 19e5c83..4a69875 100644 --- a/flake.lock +++ b/flake.lock @@ -206,11 +206,11 @@ ] }, "locked": { - "lastModified": 1718008439, - "narHash": "sha256-nlh/2uD5p2SAdkn6Zuey20yaR5FFWvhL3poapDGNE4Y=", + "lastModified": 1718242063, + "narHash": "sha256-n3AWItJ4a94GT0cray/eUV7tt3mulQ52L+lWJN9d1E8=", "owner": "nix-community", "repo": "disko", - "rev": "c1cfbfad7cb45f0c177b35b59ba67d1b5fc7ca82", + "rev": "832a9f2c81ff3485404bd63952eadc17bf7ccef2", "type": "github" }, "original": { @@ -472,11 +472,11 @@ ] }, "locked": { - "lastModified": 1717931644, - "narHash": "sha256-Sz8Wh9cAiD5FhL8UWvZxBfnvxETSCVZlqWSYWaCPyu0=", + "lastModified": 1718243258, + "narHash": "sha256-abBpj2VU8p6qlRzTU8o22q68MmOaZ4v8zZ4UlYl5YRU=", "owner": "nix-community", "repo": "home-manager", - "rev": "3d65009effd77cb0d6e7520b68b039836a7606cf", + "rev": "8d5e27b4807d25308dfe369d5a923d87e7dbfda3", "type": "github" }, "original": { @@ -516,11 +516,11 @@ ] }, "locked": { - "lastModified": 1716993688, - "narHash": "sha256-vo5k2wQekfeoq/2aleQkBN41dQiQHNTniZeVONWiWLs=", + "lastModified": 1717976995, + "narHash": "sha256-u3HBinyIyUvL1+N816bODpJmSQdgn0Mbb8BprFw7kqo=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "c0d5b8c54d6828516c97f6be9f2d00c63a363df4", + "rev": "315aa649ba307704db0b16c92f097a08a65ec955", "type": "github" }, "original": { @@ -531,11 +531,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1717995329, - "narHash": "sha256-lQJXEFHHVsFdFLx0bvoRbZH3IXUBsle6EWj9JroTJ/s=", + "lastModified": 1718207430, + "narHash": "sha256-/eO2NTRvrrdYWMI06plS8ANDGOhTZBA+C3H3KwbBI1w=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "58b52b0dd191af70f538c707c66c682331cfdffc", + "rev": "9e848e173ca83adf884815c66edc08652ef9ade8", "type": "github" }, "original": { @@ -614,11 +614,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1717786204, - "narHash": "sha256-4q0s6m0GUcN7q+Y2DqD27iLvbcd1G50T2lv08kKxkSI=", + "lastModified": 1718160348, + "narHash": "sha256-9YrUjdztqi4Gz8n3mBuqvCkMo4ojrA6nASwyIKWMpus=", "owner": "nixos", "repo": "nixpkgs", - "rev": "051f920625ab5aabe37c920346e3e69d7d34400e", + "rev": "57d6973abba7ea108bac64ae7629e7431e0199b6", "type": "github" }, "original": { @@ -644,11 +644,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1718028681, - "narHash": "sha256-C27X1vnsxKaKd1dCUU/u3LU+3DiA3Jo/ApvDiDNPIrI=", + "lastModified": 1718202302, + "narHash": "sha256-urU2mKEhKCaThtRDM54oUj40A+m3wYSnWjfkoxbuhLU=", "owner": "nix-community", "repo": "nixvim", - "rev": "33a32c94176feebd3ff5259ce418b989b428d5ae", + "rev": "cc9023fb1d74fad3b7b704a1c161a2ce9f378431", "type": "github" }, "original": { @@ -682,11 +682,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1718058322, - "narHash": "sha256-d5jLlAwVi4NzT9yc5UrPiOpDxTRhu8GGh0IIfeFcdrM=", + "lastModified": 1718137936, + "narHash": "sha256-psA+1Q5fPaK6yI3vzlLINNtb6EeXj111zQWnZYyJS9c=", "owner": "Mic92", "repo": "sops-nix", - "rev": "d071c74a7de1e26d211b69b6fbae37ae2e31a87f", + "rev": "c279dec105dd53df13a5e57525da97905cc0f0d6", "type": "github" }, "original": { @@ -714,11 +714,11 @@ ] }, "locked": { - "lastModified": 1718068864, - "narHash": "sha256-Qjfu3bHVexzJVq0++UiuOa56a7ZvOmJ9wu1UpNvCuOE=", + "lastModified": 1718122552, + "narHash": "sha256-A+dBkSwp8ssHKV/WyXb9uqIYrHBqHvtSedU24Lq9lqw=", "owner": "danth", "repo": "stylix", - "rev": "f060e4059b408b2cc1891ce655d0f6bef4e21a5b", + "rev": "e59d2c1725b237c362e4a62f5722f5b268d566c7", "type": "github" }, "original": { @@ -765,11 +765,11 @@ ] }, "locked": { - "lastModified": 1717850719, - "narHash": "sha256-npYqVg+Wk4oxnWrnVG7416fpfrlRhp/lQ6wQ4DHI8YE=", + "lastModified": 1718139168, + "narHash": "sha256-1TZQcdETNdJMcfwwoshVeCjwWfrPtkSQ8y8wFX3it7k=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "4fc1c45a5f50169f9f29f6a98a438fb910b834ed", + "rev": "1cb529bffa880746a1d0ec4e0f5076876af931f1", "type": "github" }, "original": {