diff --git a/TODO.md b/TODO.md index 9a1d997..023c781 100644 --- a/TODO.md +++ b/TODO.md @@ -1,5 +1,6 @@ - [ ] Update the README.md - [ ] switch ssh keys to ECC (fuck RSA) +- [ ] forgejo not post-quantum (fix that) - [X] migrate forge.dobutterfliescry.net -> tearforge.net - [X] rename forgejo user to git diff --git a/colors.rasi b/colors.rasi new file mode 100644 index 0000000..a36f6aa --- /dev/null +++ b/colors.rasi @@ -0,0 +1,20 @@ +* { + background: rgba(51,37,65,0.9); + foreground: rgba(198,186,227,0.9); + color00: rgba(78,66,70,0.9); + color01: rgba(111,91,159,0.9); + color02: rgba(120,98,164,0.9); + color03: rgba(131,128,181,0.9); + color04: rgba(154,127,183,0.9); + color05: rgba(157,129,185,0.9); + color06: rgba(123,153,183,0.9); + color07: rgba(165,148,207,0.9); + color08: rgba(115,103,145,0.9); + color09: rgba(129,102,193,0.9); + color10: rgba(140,112,199,0.9); + color11: rgba(145,141,218,0.9); + color12: rgba(170,126,217,0.9); + color13: rgba(174,130,220,0.9); + color14: rgba(135,181,228,0.9); + color15: rgba(165,148,207,0.9); +} diff --git a/flake.lock b/flake.lock index 26fea2d..fc073a7 100644 --- a/flake.lock +++ b/flake.lock @@ -3,7 +3,9 @@ "cerulean": { "inputs": { "deploy-rs": "deploy-rs", - "home-manager": "home-manager", + "home-manager": [ + "home-manager" + ], "microvm": "microvm", "nixpkgs": [ "nixpkgs" @@ -16,17 +18,17 @@ ] }, "locked": { - "lastModified": 1771194110, - "narHash": "sha256-x6rijGWmPL5FTpkr+8vpcKKCOT33QHEV8bP6ibEAXFE=", - "owner": "cry128", - "repo": "Cerulean", - "rev": "d527937829dec0f410f126a2f85e374cb99a2fbb", - "type": "github" + "lastModified": 1771399468, + "narHash": "sha256-Nppe/RD8/zJZ9e1vhX/Ma1fKZ+rMbp8ZFPMflTLGbk8=", + "ref": "refs/heads/main", + "rev": "870bbb1f3738736ea248c171685bffdb242e294a", + "revCount": 172, + "type": "git", + "url": "https://tearforge.net/cry/cerulean" }, "original": { - "owner": "cry128", - "repo": "Cerulean", - "type": "github" + "type": "git", + "url": "https://tearforge.net/cry/cerulean" } }, "deploy-rs": { @@ -65,17 +67,17 @@ ] }, "locked": { - "lastModified": 1770947070, - "narHash": "sha256-g/l/iUET/M+nSrXlwYF2e0KeKqgGpjy3qhwQY4tG62A=", + "lastModified": 1771281537, + "narHash": "sha256-mSFKM4DEvg1mMk3WaE4VQHOEg4UUxfqqfYUnIxeQeQE=", "ref": "refs/heads/main", - "rev": "4fc28bfb4f95071d34184c7ba3153eaff87eba41", - "revCount": 121, + "rev": "3678fe95787bb660c4e9ff9933c5d03693a07a76", + "revCount": 122, "type": "git", - "url": "https://forge.dobutterfliescry.net/cry/site" + "url": "https://tearforge.net/cry/site" }, "original": { "type": "git", - "url": "https://forge.dobutterfliescry.net/cry/site" + "url": "https://tearforge.net/cry/site" } }, "flake-compat": { @@ -169,28 +171,6 @@ } }, "home-manager": { - "inputs": { - "nixpkgs": [ - "cerulean", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1770260404, - "narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "release-25.11", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -220,11 +200,11 @@ "spectrum": "spectrum" }, "locked": { - "lastModified": 1770310890, - "narHash": "sha256-lyWAs4XKg3kLYaf4gm5qc5WJrDkYy3/qeV5G733fJww=", + "lastModified": 1771365290, + "narHash": "sha256-1XJOslVyF7yzf6yd/yl1VjGLywsbtwmQh3X1LuJcLI4=", "owner": "microvm-nix", "repo": "microvm.nix", - "rev": "68c9f9c6ca91841f04f726a298c385411b7bfcd5", + "rev": "789c90b164b55b4379e7a94af8b9c01489024c18", "type": "github" }, "original": { @@ -304,11 +284,11 @@ ] }, "locked": { - "lastModified": 1770943752, - "narHash": "sha256-3vWAy2BCP5liaCEKmeqeVWbTCF/JnukgMOg8qf8mCcg=", + "lastModified": 1771375681, + "narHash": "sha256-qDDw0ruBZ1kt63j4uVP5Xrd1OxGKIYrSFnig0z6ozSw=", "owner": "FlameFlag", "repo": "nixcord", - "rev": "aa1626057e57eca3686fbc1c3e2ddfde884c6b2a", + "rev": "d030dbb48ab020092681a39c878c1d48a553ffc1", "type": "github" }, "original": { @@ -319,11 +299,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1770770419, - "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=", + "lastModified": 1771208521, + "narHash": "sha256-X01Q3DgSpjeBpapoGA4rzKOn25qdKxbPnxHeMLNoHTU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a", + "rev": "fa56d7d6de78f5a7f997b0ea2bc6efd5868ad9e8", "type": "github" }, "original": { @@ -350,11 +330,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1770841267, - "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=", + "lastModified": 1771008912, + "narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ec7c70d12ce2fc37cb92aff673dcdca89d187bae", + "rev": "a82ccc39b39b621151d6732718e3e250109076fa", "type": "github" }, "original": { @@ -389,15 +369,15 @@ "locked": { "lastModified": 1770975056, "narHash": "sha256-ZXTz/P3zUbbM6lNXzt91u8EwfNqhXpYMu8+wvFZqQHE=", - "owner": "cry128", - "repo": "nt", + "ref": "refs/heads/main", "rev": "f42dcdd49a7921a7f433512e83d5f93696632412", - "type": "github" + "revCount": 205, + "type": "git", + "url": "https://tearforge.net/cry/nt" }, "original": { - "owner": "cry128", - "repo": "nt", - "type": "github" + "type": "git", + "url": "https://tearforge.net/cry/nt" } }, "root": { @@ -405,7 +385,7 @@ "cerulean": "cerulean", "dobutterfliescry-net": "dobutterfliescry-net", "grub2-themes": "grub2-themes", - "home-manager": "home-manager_2", + "home-manager": "home-manager", "nix-flatpak": "nix-flatpak", "nixcord": "nixcord", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index 2e7b315..7bcc07a 100644 --- a/flake.nix +++ b/flake.nix @@ -12,16 +12,16 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - nt.url = "github:cry128/nt"; - # nt.url = "/home/me/cry/mk/nt"; + nt.url = "git+https://tearforge.net/cry/nt"; cerulean = { - url = "github:cry128/Cerulean"; - # url = "/home/me/cry/mk/Cerulean"; + # url = "git+https://tearforge.net/cry/cerulean"; + url = "/home/me/cry/mk/cerulean"; inputs = { + nt.follows = "nt"; systems.follows = "systems"; nixpkgs.follows = "nixpkgs"; - nt.follows = "nt"; + home-manager.follows = "home-manager"; }; }; @@ -37,7 +37,7 @@ }; dobutterfliescry-net = { - url = "git+https://forge.dobutterfliescry.net/cry/site"; + url = "git+https://tearforge.net/cry/site"; inputs = { nixpkgs.follows = "nixpkgs"; nixpkgs-unstable.follows = "nixpkgs-unstable"; @@ -50,6 +50,8 @@ extra-experimental-features = "pipe-operators"; }; - outputs = inputs: - import ./snow.nix inputs; + outputs = inputs: let + inherit (inputs.cerulean) snow; + in + snow.flake inputs ./.; } diff --git a/groups/all/default.nix b/groups/all/default.nix index a636196..fac958f 100644 --- a/groups/all/default.nix +++ b/groups/all/default.nix @@ -9,13 +9,16 @@ # NOTE: mkDefault is 1000 and mkForce is 50 # NOTE: so this is like a second mkDefault - security.sudo.wheelNeedsPassword = lib.mkDefault true; + security.sudo.wheelNeedsPassword = true; networking = { networkmanager.enable = true; nftables.enable = true; - firewall.enable = lib.mkDefault true; + firewall = { + enable = lib.mkDefault true; + allowPing = lib.mkDefault true; + }; # Use CloudFlare's WARP+ 1.1.1.1 DNS service nameservers = [ @@ -28,6 +31,7 @@ enable = true; clean.enable = true; clean.extraArgs = "--keep-since 7d --keep 3"; + # TODO: move nh config to be home-manager flake = "/home/me/flake"; # sets NH_OS_FLAKE variable for you }; diff --git a/groups/cryde/default.nix b/groups/cryde/default.nix index 02c1be0..7e09671 100644 --- a/groups/cryde/default.nix +++ b/groups/cryde/default.nix @@ -1,16 +1,20 @@ { + inputs, pkgs, upkgs, config, ... }: { - imports = [ + imports = with inputs; [ ./programs.nix ../../hosts/modules/bashistrans.nix ../../hosts/modules/wm/hyprland.nix ../../hosts/modules/steam.nix ../../hosts/modules/obsidian.nix + + grub2-themes.nixosModules.default + nix-flatpak.nixosModules.nix-flatpak ]; boot.loader.grub2-theme = { diff --git a/groups/cryos/programs.nix b/groups/cryos/programs.nix index 06f93bc..c915036 100644 --- a/groups/cryos/programs.nix +++ b/groups/cryos/programs.nix @@ -111,13 +111,12 @@ libargon2 ]; - services.pcscd.enable = true; - - programs = { - gnupg.agent = { - enable = true; - pinentryPackage = pkgs.pinentry-curses; - enableSSHSupport = true; - }; - }; + # services.pcscd.enable = true; + # programs = { + # gnupg.agent = { + # enable = true; + # pinentryPackage = pkgs.pinentry-curses; + # enableSSHSupport = true; + # }; + # }; } diff --git a/groups/server/default.nix b/groups/server/default.nix index 1c70adb..1f97310 100644 --- a/groups/server/default.nix +++ b/groups/server/default.nix @@ -49,6 +49,7 @@ services.fail2ban = { enable = true; + ignoreIP = ["192.168.0.0/16"]; maxretry = 5; bantime = "10m"; # 10 minute ban bantime-increment = { @@ -69,6 +70,7 @@ extraGroups = ["wheel"]; openssh.authorizedKeys.keys = lib.mkDefault [ (throw '' + You goofy goober :3 Hosts in the `server` group must set `users.users.cry.openssh.authorizedKeys.keys = [ ... ]`. '') ]; diff --git a/homes/ae/default.nix b/homes/cry/default.nix similarity index 100% rename from homes/ae/default.nix rename to homes/cry/default.nix diff --git a/homes/me/default.nix b/homes/me/default.nix index 169219f..73a4074 100755 --- a/homes/me/default.nix +++ b/homes/me/default.nix @@ -118,25 +118,31 @@ hostname = "dobutterfliescry.net"; user = "cry"; port = 42069; - identityFile = "~/.ssh/id_butterfly"; + identityFile = "~/keys/butterfly"; setEnv = { - TERM = "linux"; + TERM = "xterm-256color"; }; }; - clocktown = { + hyrule = { hostname = "hyrule.dobutterfliescry.net"; user = "cry"; port = 42069; - identityFile = "~/.ssh/id_hyrule"; + identityFile = "~/keys/hyrule"; setEnv = { - TERM = "linux"; + TERM = "xterm-256color"; }; }; + matcha = { + hostname = "192.168.88.250"; + user = "emile"; + port = 22; + identityFile = "~/keys/matcha"; + }; youcue = { hostname = "moss.labs.eait.uq.edu.au"; user = "s4740056"; port = 22; - identityFile = "~/.ssh/id_youcue"; + identityFile = "~/keys/other/youcue"; setEnv = { TERM = "xterm-256color"; }; diff --git a/hosts/butterfly/default.nix b/hosts/butterfly/default.nix index 636950c..feeff1f 100755 --- a/hosts/butterfly/default.nix +++ b/hosts/butterfly/default.nix @@ -1,6 +1,6 @@ {...}: { imports = [ - ./hardware-configuration.nix + ./hardware.nix ./services ]; diff --git a/hosts/butterfly/hardware-configuration.nix b/hosts/butterfly/hardware.nix similarity index 100% rename from hosts/butterfly/hardware-configuration.nix rename to hosts/butterfly/hardware.nix diff --git a/hosts/hyrule/default.nix b/hosts/hyrule/default.nix index 9690354..0adb056 100755 --- a/hosts/hyrule/default.nix +++ b/hosts/hyrule/default.nix @@ -1,6 +1,6 @@ {...}: { imports = [ - ./hardware-configuration.nix + ./hardware.nix ]; # super duper minimum grub2 config diff --git a/hosts/hyrule/hardware-configuration.nix b/hosts/hyrule/hardware.nix similarity index 100% rename from hosts/hyrule/hardware-configuration.nix rename to hosts/hyrule/hardware.nix diff --git a/hosts/lolcathost/default.nix b/hosts/lolcathost/default.nix index b0d87f8..e3a1309 100755 --- a/hosts/lolcathost/default.nix +++ b/hosts/lolcathost/default.nix @@ -1,6 +1,6 @@ {...}: { imports = [ - ./hardware-configuration.nix + ./hardware.nix ]; networking.hostName = "lolcathost"; diff --git a/hosts/lolcathost/hardware-configuration.nix b/hosts/lolcathost/hardware.nix similarity index 100% rename from hosts/lolcathost/hardware-configuration.nix rename to hosts/lolcathost/hardware.nix diff --git a/hosts/matcha/default.nix b/hosts/matcha/default.nix new file mode 100644 index 0000000..4d5d322 --- /dev/null +++ b/hosts/matcha/default.nix @@ -0,0 +1,26 @@ +{...}: { + imports = [ + ./hardware.nix + ./state.nix + ]; + + boot.loader = { + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot/efi"; + }; + grub = { + efiSupport = true; + device = "nodev"; + }; + }; + + networking.hostName = "matcha"; + + users.users.cry = { + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYwbPjW26fHivB+UpxRArY7nFI09VLAD9xxOiPk/u+YPAOVR8SYTpsHj3L8kI3ENRtt3PRJb97ZfLpPaAJ0LJiZv4qzisDjbfck12FxSDseQlF2JaJZ4wrJ9llcqJbRLKd5wV4KotrDm8Ct2JSBFOdTBQBGJqtNrLOcAtDqVmDPXsWyONINegtcYHumTbJcQU1ksCABdjW5R1dhJesOuMOM8EvrUtDyftvD7sgnBlXTzybP9c1AphUuBMSR5yEz/cDl+iPtQq7tgB+iepCCuNMGQu1wZFPBCMrZtMoxq6gzmZ4oV+W6tfmGEbtdkY+ix+2j960Zngcw7Gj+aYyMY2TyVJuJmIvlzfcrlsbr1TH35Y/5oYhJA+X6aFpgomUsurJ6/QdI1wQ+ceUCnZEeg/8z+WNaq/Bp2hPzT9Y7SPWolpaotDhh9wiuyVqn5VQqwL2lELfvZM4Lu8l6vRPDeMZTemI1nc5jg3aVpJqZTPqFVcCWrWXfdCFwnfy/SdU0JAprCzVvoqkwDHsJwkxY/NcxlNGNha+8oYZgSH1CZhEp3Z7CDJCTDd5PxxCQHs90ENCWFsoGQIV01dAgwD63460En9q2kGr6gO2aRewMD5Vr8AzeGV87vsR3ARpPQVzEWLX08B076Idjwrz8aebdRYBEg7WCxRe5UVI1i/V8j/zQw== emile@deadlyserver.com" + "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGEvtRs3C4hjSuvVm2lukqOvObCz5gVlFthcvpGHAqlBgZo47CNJM78WoviEQWceqtu9ZzJdRJ7qEK9ZGvTM0XTSgExkOs6YdS3J7M3i3YS1vcj9KVPinLhiE90aED/319pbYKFrRs/lRzl8XLeaPNqenNMNJBqeary8+r5u9JC6zYCeQ== me@lolcathost" + ]; + }; +} diff --git a/hosts/matcha/hardware.nix b/hosts/matcha/hardware.nix new file mode 100644 index 0000000..aadc3d1 --- /dev/null +++ b/hosts/matcha/hardware.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/d54a5644-744b-4b2a-8c4b-c12836498724"; + fsType = "ext4"; + }; + + fileSystems."/boot/efi" = + { device = "/dev/disk/by-uuid/12CE-A600"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/9513ded6-662e-42f7-926e-64d198c2ae7c"; } + ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/matcha/state.nix b/hosts/matcha/state.nix new file mode 100644 index 0000000..f6f238f --- /dev/null +++ b/hosts/matcha/state.nix @@ -0,0 +1,20 @@ +{...}: { + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "25.11"; # Did you read the comment? +} diff --git a/hosts/myputer/default.nix b/hosts/myputer/default.nix index 1b397d4..28e7e05 100755 --- a/hosts/myputer/default.nix +++ b/hosts/myputer/default.nix @@ -5,7 +5,7 @@ ... }: { imports = [ - ./hardware-configuration.nix + ./hardware.nix ]; networking = { diff --git a/hosts/myputer/hardware-configuration.nix b/hosts/myputer/hardware.nix similarity index 100% rename from hosts/myputer/hardware-configuration.nix rename to hosts/myputer/hardware.nix diff --git a/nixpkgs.nix b/nixpkgs.nix index 816800f..aa60157 100644 --- a/nixpkgs.nix +++ b/nixpkgs.nix @@ -4,7 +4,7 @@ system, ... } @ args: { - nixpkgs.channels.default = rec { + nixpkgs.channels = rec { default = pkgs; # nixpkgs (stable branch) pkgs = { diff --git a/overlays/default.nix b/overlays/default.nix index d18a23d..ac0af8a 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,4 +1,4 @@ -{inputs, ...}: ( +{...}: ( self: super: { angry-oxide = import ../packages/angryoxide { pkgs = super; diff --git a/snow.nix b/snow.nix index 4d3b575..0f70031 100644 --- a/snow.nix +++ b/snow.nix @@ -1,7 +1,8 @@ {cerulean, ...} @ inputs: cerulean.mkNexus ./. (self: { nexus = { - specialArgs = {inherit inputs;}; + base = inputs.nixpkgs; + args = {inherit inputs;}; groups = { # wait.. that's too cold... @@ -23,20 +24,20 @@ cerulean.mkNexus ./. (self: { lolcathost = { system = "x86_64-linux"; groups = [groups.cryos.cryde]; - extraModules = with inputs; [ - grub2-themes.nixosModules.default - nix-flatpak.nixosModules.nix-flatpak - ]; + # modules = with inputs; [ + # grub2-themes.nixosModules.default + # nix-flatpak.nixosModules.nix-flatpak + # ]; }; # i be on my puter frfr myputer = { system = "x86_64-linux"; groups = [groups.cryos.cryde]; - extraModules = with inputs; [ - grub2-themes.nixosModules.default - nix-flatpak.nixosModules.nix-flatpak - ]; + # modules = with inputs; [ + # grub2-themes.nixosModules.default + # nix-flatpak.nixosModules.nix-flatpak + # ]; }; # courtesy of aurora <3 @@ -61,11 +62,17 @@ cerulean.mkNexus ./. (self: { }; # call me a statistician the way she spreads in my sheets - # matcha = { - # system = "x86_64-linux"; - # groups = [groups.server]; - # deploy.ssh.host = "bedroom.dobutterfliescry.net"; - # }; + matcha = { + system = "x86_64-linux"; + groups = [groups.server]; + deploy = { + remoteBuild = true; + ssh = { + host = "192.168.88.250"; # <- DEBUG: TEMP: TODO: switch to `matcha.dobutterfliescry.net` + user = "emile"; + }; + }; + }; }; }; })