diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..4a4726a --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use_nix diff --git a/README.md b/README.md index e1c5faf..a7ac37e 100644 --- a/README.md +++ b/README.md @@ -2,18 +2,19 @@ My NixOS configuration files. -The canonical location for this repository is https://git.qenya.tel/qenya/nixfiles. If you're viewing it elsewhere, it is a mirror and may not be up-to-date. +The canonical location for this repository is https://git.unspecified.systems/qenya/nixfiles. If you're viewing it elsewhere, it is a mirror and may not be up-to-date. ## Machines ### Managed +* `kilgharrah`: Custom-built personal desktop; also currently running Jellyfin, Navidrome and Audiobookshelf servers (and an FTP server, for shits and giggles) * `tohru`: Dell Latitude 5300, personal laptop +* `elucredassa`: Acer Aspire A315-53, old laptop with a broken keyboard that now sits in a corner being a backup server * `yevaud`: Oracle Cloud free AMD VM, hosts a Forgejo instance and WireGuard server for the other machines in the network -* `orm`: Oracle Cloud free AMD VM, currently idling +* `orm`: Oracle Cloud free AMD VM, hosts an instance of Actual Budget and a PostgreSQL server for other services that need one * `kalessin`: Oracle Cloud free ARM VM, currently idling ### Referenced only -* `kilgharrah`: Custom-built personal desktop, currently running Arch * `shaw`: [My girlfriend's NAS](https://github.com/randomnetcat/nix-configs/tree/main/hosts/shaw) * `latias`: My Steam Deck @@ -21,7 +22,7 @@ The canonical location for this repository is https://git.qenya.tel/qenya/nixfil ### Building -To build locally, run `colmena apply-local` as root. +To build locally, run `nixos-rebuild switch --flake .#[hostname]` as root. To build the remote machines, run `colmena apply`. See the [colmena documentation](https://colmena.cli.rs/) for command-line options. Notable options include: * `--on [hostname]`: build a specific machine only @@ -29,14 +30,4 @@ To build the remote machines, run `colmena apply`. See the [colmena documentatio ### Updating -Run `npins update` to update the dependencies within the currently selected upgrade channels. - -To upgrade to a new major version of a dependency, simply re-add it and the old version will be overwritten, e.g.: - -```sh -npins add --name nixpkgs channel nixos-unstable -``` - -In either case, commit the changes to `npins/sources.json`. - -See the [npins documentation](https://github.com/andir/npins) for more details. \ No newline at end of file +`nix flake update --commit-lock-file` diff --git a/common/base-graphical/default.nix b/common/base-graphical/default.nix new file mode 100644 index 0000000..e77e434 --- /dev/null +++ b/common/base-graphical/default.nix @@ -0,0 +1,29 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.qenya.base-graphical; +in +{ + imports = [ + ./gnome.nix + ./sound.nix + ]; + + options.qenya.base-graphical.enable = mkEnableOption "Base configuration for graphical environments"; + + config = mkIf cfg.enable { + services.xserver.enable = true; + services.libinput.enable = true; + services.printing.enable = true; + services.avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; + + fonts.packages = with pkgs; [ + corefonts + ]; + }; +} diff --git a/common/base-graphical/gnome.nix b/common/base-graphical/gnome.nix new file mode 100644 index 0000000..1d077de --- /dev/null +++ b/common/base-graphical/gnome.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkMerge mkOption types; + cfg = config.qenya.base-graphical; +in +{ + config = mkIf cfg.enable { + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + # TODO: agree on this with randomcat as it affects her too, since for some reason this is system-wide + # environment.gnome.excludePackages = with pkgs.gnome; [ + # pkgs.gnome-tour + # epiphany # GNOME Web + # geary + # gnome-calendar + # gnome-contacts + # gnome-music + # ]; + }; +} diff --git a/common/base-graphical/sound.nix b/common/base-graphical/sound.nix new file mode 100644 index 0000000..140eb93 --- /dev/null +++ b/common/base-graphical/sound.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.qenya.base-graphical; +in +{ + config = mkIf cfg.enable { + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + }; + services.pulseaudio.enable = false; # this theoretically defaults to false but something else seems to be flipping it + environment.systemPackages = with pkgs; [ helvum ]; # patchbay + }; +} diff --git a/common/base-server/default.nix b/common/base-server/default.nix new file mode 100644 index 0000000..9e6125c --- /dev/null +++ b/common/base-server/default.nix @@ -0,0 +1,17 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.qenya.base-server; +in +{ + options.qenya.base-server.enable = mkEnableOption "Base configuration for headless servers"; + + config = mkIf cfg.enable { + time.timeZone = "Etc/UTC"; + + # Allow remote deployment with colmena + deployment.targetUser = null; + security.sudo.wheelNeedsPassword = false; + }; +} diff --git a/common/boot.nix b/common/boot.nix new file mode 100644 index 0000000..1eb8089 --- /dev/null +++ b/common/boot.nix @@ -0,0 +1,22 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf; +in +{ + boot.loader = { + systemd-boot.enable = true; + systemd-boot.editor = false; + systemd-boot.memtest86.enable = mkIf config.nixpkgs.hostPlatform.isx86 true; + efi.canTouchEfiVariables = true; + }; + + services.resolved = { + enable = true; + fallbackDns = [ ]; + dnsovertls = "true"; + extraConfig = '' + DNS=2a07:e340::4#base.dns.mullvad.net 194.242.2.4#base.dns.mullvad.net + ''; + }; +} diff --git a/common/default.nix b/common/default.nix index 1f4547d..6b78942 100644 --- a/common/default.nix +++ b/common/default.nix @@ -1,10 +1,19 @@ { imports = [ + ./base-graphical + ./base-server ./users - ./environment.nix + ./boot.nix + ./gpg.nix + ./home-manager.nix + ./misc.nix ./nginx.nix - ./openssh.nix + ./nix.nix + ./packages.nix + ./sanoid.nix ./security.nix - ./zsh.nix + ./ssh.nix + ./steam.nix + ./tailscale.nix ]; -} \ No newline at end of file +} diff --git a/common/gpg.nix b/common/gpg.nix new file mode 100644 index 0000000..07d1a0f --- /dev/null +++ b/common/gpg.nix @@ -0,0 +1,8 @@ +{ config, lib, pkgs, ... }: + +{ + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; +} diff --git a/common/home-manager.nix b/common/home-manager.nix new file mode 100644 index 0000000..cb4e6bd --- /dev/null +++ b/common/home-manager.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, inputs, ... }: + +{ + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + backupFileExtension = "backup"; + extraSpecialArgs = { + inherit inputs; + }; + }; +} diff --git a/common/misc.nix b/common/misc.nix new file mode 100644 index 0000000..3061e72 --- /dev/null +++ b/common/misc.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, ... }: + +{ + nix.gc = { + automatic = true; + dates = "weekly"; + randomizedDelaySec = "45min"; + options = "--delete-older-than 30d"; + }; + nix.optimise.automatic = true; + services.fstrim.enable = true; +} \ No newline at end of file diff --git a/common/nginx.nix b/common/nginx.nix index 10e498d..af2712d 100644 --- a/common/nginx.nix +++ b/common/nginx.nix @@ -7,23 +7,19 @@ recommendedProxySettings = true; recommendedTlsSettings = true; - sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; - appendHttpConfig = '' - map $scheme $hsts_header { - https "max-age=31536000; includeSubdomains; preload"; - } - add_header Strict-Transport-Security $hsts_header; - #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; - add_header 'Referrer-Policy' 'strict-origin-when-cross-origin'; + add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always; + add_header Content-Security-Policy "default-src https: data: blob: ws: 'unsafe-inline' 'wasm-unsafe-eval'; object-src 'none'; base-uri 'self';" always; + add_header Referrer-Policy strict-origin-when-cross-origin; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; + add_header X-Clacks-Overhead "GNU Terry Pratchett" always; proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; ''; }; security.acme = { acceptTerms = true; - defaults.email = "accounts@katherina.rocks"; # TODO: replace with more appropriate email + defaults.email = "auto@qenya.tel"; }; } \ No newline at end of file diff --git a/common/nix.nix b/common/nix.nix new file mode 100644 index 0000000..c5174d8 --- /dev/null +++ b/common/nix.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, ... }: + +{ + nix.settings.experimental-features = "nix-command flakes"; + nixpkgs.flake = { + source = lib.cleanSource pkgs.path; + setNixPath = true; + setFlakeRegistry = true; + }; + nixpkgs.config.allowUnfree = true; + nix.settings.trusted-users = [ "@wheel" ]; +} diff --git a/common/openssh.nix b/common/openssh.nix deleted file mode 100644 index d8dd364..0000000 --- a/common/openssh.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - PermitRootLogin = "no"; - }; - }; - - services.fail2ban.enable = true; -} \ No newline at end of file diff --git a/common/environment.nix b/common/packages.nix similarity index 75% rename from common/environment.nix rename to common/packages.nix index 857dce4..8b46129 100644 --- a/common/environment.nix +++ b/common/packages.nix @@ -2,21 +2,21 @@ { environment.systemPackages = with pkgs; [ + btop git + wget + + # hardware troubleshooting lshw parted - wget + smartmontools # network troubleshooting inetutils lsof tcpdump netcat # <3 - - # used for nix config - npins - colmena - agenix + wireguard-tools ]; environment.wordlist.enable = true; diff --git a/common/sanoid.nix b/common/sanoid.nix new file mode 100644 index 0000000..82137e0 --- /dev/null +++ b/common/sanoid.nix @@ -0,0 +1,35 @@ +{ config, pkgs, inputs, ... }: + +{ + config = { + services.sanoid = { + enable = true; + extraArgs = [ "--verbose" ]; + + # Local snapshots for important datasets + templates."production" = { + yearly = 0; + monthly = 3; + daily = 30; + hourly = 36; + autosnap = true; + autoprune = true; + }; + + # Reduced-retention version for datasets that are backed up to the NAS + templates."safe" = { + yearly = 0; + monthly = 0; + daily = 7; + hourly = 24; + autosnap = true; + autoprune = true; + }; + + # datasets."rpool_sggau1/reese/system" = { + # useTemplate = [ "safe" ]; + # recursive = "zfs"; + # }; + }; + }; +} \ No newline at end of file diff --git a/common/ssh.nix b/common/ssh.nix new file mode 100644 index 0000000..26b752d --- /dev/null +++ b/common/ssh.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) concatMapAttrs; + keys = import ../keys.nix; +in +{ + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + PermitRootLogin = "no"; + }; + }; + + programs.ssh.knownHosts = concatMapAttrs + (host: key: { + "${host}.birdsong.network".publicKey = key; + }) + keys.machines; +} diff --git a/common/steam.nix b/common/steam.nix new file mode 100644 index 0000000..cd27dac --- /dev/null +++ b/common/steam.nix @@ -0,0 +1,17 @@ +{ config, lib, pkgs, ... }: + +{ + config = lib.mkIf config.programs.steam.enable { + programs.steam = { + package = pkgs.steam.override { + extraArgs = "-pipewire"; # for remote play with PipeWire + }; + + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + localNetworkGameTransfers.openFirewall = true; + }; + + services.joycond.enable = true; + }; +} diff --git a/common/tailscale.nix b/common/tailscale.nix new file mode 100644 index 0000000..1fa1da8 --- /dev/null +++ b/common/tailscale.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +{ + services.tailscale = { + enable = true; + openFirewall = true; + extraUpFlags = [ "--login-server" "https://headscale.unspecified.systems" ]; + extraDaemonFlags = [ "--no-logs-no-support" ]; # disable telemetry + }; + + systemd.services.tailscaled-autoconnect = { + after = [ "tailscaled.service" "network-online.target" ]; + wants = [ "tailscaled.service" "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig.Type = "oneshot"; + script = '' + sleep 2 # wait for tailscaled to settle + ${lib.getExe config.services.tailscale.package} up --reset ${lib.escapeShellArgs config.services.tailscale.extraUpFlags} + ''; + }; + + networking.domain = "birdsong.network"; +} diff --git a/common/users/default.nix b/common/users/default.nix index 620c824..d063db5 100644 --- a/common/users/default.nix +++ b/common/users/default.nix @@ -1,7 +1,32 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkOption types genAttrs; + cfg = config.fountain; +in { + # TODO: consider DRY-ing these imports = [ + ./gaelan.nix ./qenya.nix ./randomcat.nix - ./richard.nix + ./trungle.nix ]; -} \ No newline at end of file + + options.fountain = { + admins = mkOption { + type = types.listOf types.str; + default = [ ]; + description = "List of users who should have root on this system"; + }; + }; + + config = { + users.mutableUsers = false; + + users.users = genAttrs cfg.admins + (name: { + extraGroups = [ "wheel" ]; + }); + }; +} diff --git a/common/users/gaelan.nix b/common/users/gaelan.nix new file mode 100644 index 0000000..0a365c9 --- /dev/null +++ b/common/users/gaelan.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkEnableOption; + keys = import ../../keys.nix; + cfg = config.fountain.users.gaelan; +in +{ + options.fountain.users.gaelan = { + enable = mkEnableOption "user gaelan"; + }; + + config = mkIf cfg.enable { + users.users.gaelan = { + uid = 1003; + isNormalUser = true; + group = "gaelan"; + openssh.authorizedKeys.keys = keys.users.gaelan; + }; + + users.groups.gaelan.gid = config.users.users.gaelan.uid; + }; +} \ No newline at end of file diff --git a/common/users/qenya.nix b/common/users/qenya.nix index 00f35af..6a8e506 100644 --- a/common/users/qenya.nix +++ b/common/users/qenya.nix @@ -1,25 +1,28 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, self, ... }: -let keys = import ../../keys.nix; -in { - users.users.qenya = { - isNormalUser = true; - home = "/home/qenya"; - extraGroups = [ - "wheel" # sudo - "networkmanager" # UI wifi configuration - "dialout" # access to serial ports - ]; - shell = pkgs.zsh; - openssh.authorizedKeys.keys = keys.users.qenya; - uid = 1001; +let + inherit (lib) mkIf mkEnableOption; + keys = import ../../keys.nix; + cfg = config.fountain.users.qenya; +in +{ + options.fountain.users.qenya = { + enable = mkEnableOption "user qenya"; }; - home-manager.users.qenya = { config, lib, pkgs, osConfig, ... }: { - home.homeDirectory = osConfig.users.users.qenya.home; + config = mkIf cfg.enable { + users.users.qenya = { + uid = 1001; + isNormalUser = true; + group = "qenya"; + shell = pkgs.zsh; + openssh.authorizedKeys.keys = keys.users.qenya; + }; - imports = [ - ../../home - ]; + users.groups.qenya.gid = config.users.users.qenya.uid; + + programs.zsh.enable = true; + + home-manager.users."qenya" = self.homeManagerModules."qenya"; }; } diff --git a/common/users/randomcat.nix b/common/users/randomcat.nix index f425424..de637fb 100644 --- a/common/users/randomcat.nix +++ b/common/users/randomcat.nix @@ -1,12 +1,23 @@ { config, lib, pkgs, ... }: -let keys = import ../../keys.nix; +let + inherit (lib) mkIf mkEnableOption; + keys = import ../../keys.nix; + cfg = config.fountain.users.randomcat; in { - users.users.randomcat = { - isNormalUser = true; - home = "/home/randomcat"; - openssh.authorizedKeys.keys = keys.users.randomcat; - uid = 1003; + options.fountain.users.randomcat = { + enable = mkEnableOption "user randomcat"; }; -} + + config = mkIf cfg.enable { + users.users.randomcat = { + uid = 1000; + isNormalUser = true; + group = "randomcat"; + openssh.authorizedKeys.keys = keys.users.randomcat; + }; + + users.groups.randomcat.gid = config.users.users.randomcat.uid; + }; +} \ No newline at end of file diff --git a/common/users/richard.nix b/common/users/richard.nix deleted file mode 100644 index f910d93..0000000 --- a/common/users/richard.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, lib, pkgs, ... }: - -let keys = import ../../keys.nix; -in -{ - users.users.richard = { - isNormalUser = true; - home = "/home/richard"; - openssh.authorizedKeys.keys = keys.users.richard; - uid = 1002; - }; -} diff --git a/common/users/trungle.nix b/common/users/trungle.nix new file mode 100644 index 0000000..d1736ff --- /dev/null +++ b/common/users/trungle.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkEnableOption; + keys = import ../../keys.nix; + cfg = config.fountain.users.trungle; +in +{ + options.fountain.users.trungle = { + enable = mkEnableOption "user trungle"; + }; + + config = mkIf cfg.enable { + users.users.trungle = { + uid = 1002; + isNormalUser = true; + group = "trungle"; + openssh.authorizedKeys.keys = keys.users.trungle; + }; + + users.groups.trungle.gid = config.users.users.trungle.uid; + }; +} \ No newline at end of file diff --git a/common/zsh.nix b/common/zsh.nix deleted file mode 100644 index 228a5cd..0000000 --- a/common/zsh.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ config, lib, pkgs,... }: - -{ - programs.zsh.enable = true; -} diff --git a/deployment/local.nix b/deployment/local.nix deleted file mode 100644 index 752e9ce..0000000 --- a/deployment/local.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ name, nodes, config, lib, pkgs, ... }: - -{ - deployment = { - allowLocalDeployment = true; - targetHost = null; - tags = [ "local" ]; - }; -} diff --git a/deployment/remote.nix b/deployment/remote.nix deleted file mode 100644 index 022ff5e..0000000 --- a/deployment/remote.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ name, nodes, config, lib, pkgs, ... }: - -{ - deployment = { - targetHost = "${name}.birdsong.network"; - targetUser = "qenya"; - tags = [ "remote" ]; - }; - - security.sudo.wheelNeedsPassword = false; - nix.settings.trusted-users = [ "@wheel" ]; -} diff --git a/flake.lock b/flake.lock index 5f61b87..a70d4c4 100644 --- a/flake.lock +++ b/flake.lock @@ -3,18 +3,18 @@ "agenix": { "inputs": { "darwin": [], - "home-manager": "home-manager", + "home-manager": [], "nixpkgs": [ "nixpkgs" ], "systems": "systems" }, "locked": { - "lastModified": 1723293904, - "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", + "lastModified": 1750173260, + "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", "owner": "ryantm", "repo": "agenix", - "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", + "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", "type": "github" }, "original": { @@ -23,35 +23,152 @@ "type": "github" } }, - "birdsong": { + "colmena": { + "inputs": { + "flake-compat": [], + "flake-utils": "flake-utils", + "nix-github-actions": [], + "nixpkgs": [ + "nixpkgs" + ], + "stable": [] + }, "locked": { - "lastModified": 1722971137, - "narHash": "sha256-1x0vaUy/uFCfoDn0a4K55+MNseAqLQmv1GPP6GQFFIA=", - "ref": "main", - "rev": "2fd6d96a00ef69a2afe72a2fe9d18d759c1cc8f3", - "revCount": 7, - "type": "git", - "url": "https://git.qenya.tel/qenya/birdsong" + "lastModified": 1749739748, + "narHash": "sha256-csQQPoCA5iv+Nd9yCOCQNKflP7qUKEe7D27wsz+LPKM=", + "owner": "zhaofengli", + "repo": "colmena", + "rev": "c61641b156dfa3e82fc0671e77fccf7d7ccfaa3b", + "type": "github" }, "original": { - "ref": "main", - "type": "git", - "url": "https://git.qenya.tel/qenya/birdsong" + "owner": "zhaofengli", + "repo": "colmena", + "type": "github" + } + }, + "firefox-addons": { + "inputs": { + "nixpkgs": [ + "nixpkgs-unstable" + ] + }, + "locked": { + "dir": "pkgs/firefox-addons", + "lastModified": 1750737804, + "narHash": "sha256-wClGd2PhxdjjphR6wIgoiDcR+Gfg4/+FyseSOjIIzVU=", + "owner": "rycee", + "repo": "nur-expressions", + "rev": "aaaf4fec792bad465ea4a35c0be5bc2a54f33095", + "type": "gitlab" + }, + "original": { + "dir": "pkgs/firefox-addons", + "owner": "rycee", + "ref": "master", + "repo": "nur-expressions", + "type": "gitlab" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1749398372, + "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" } }, "home-manager": { "inputs": { "nixpkgs": [ - "agenix", "nixpkgs" ] }, "locked": { - "lastModified": 1703113217, - "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "lastModified": 1750792728, + "narHash": "sha256-Lh3dopA8DdY+ZoaAJPrtkZOZaFEJGSYjOdAYYgOPgE4=", "owner": "nix-community", "repo": "home-manager", - "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "rev": "366f00797b1efb70f2882d3da485e3c10fd3d557", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-25.05", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager-unstable": { + "inputs": { + "nixpkgs": [ + "nixpkgs-unstable" + ] + }, + "locked": { + "lastModified": 1750798083, + "narHash": "sha256-DTCCcp6WCFaYXWKFRA6fiI2zlvOLCf5Vwx8+/0R8Wc4=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "ff31a4677c1a8ae506aa7e003a3dba08cb203f82", "type": "github" }, "original": { @@ -60,49 +177,196 @@ "type": "github" } }, - "home-manager_2": { + "lix": { + "flake": false, + "locked": { + "lastModified": 1750762203, + "narHash": "sha256-LmQhjQ7c+AOkwhvR9GFgJOy8oHW35MoQRELtrwyVnPw=", + "rev": "38b358ce27203f972faa2973cf44ba80c758f46e", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/38b358ce27203f972faa2973cf44ba80c758f46e.tar.gz?rev=38b358ce27203f972faa2973cf44ba80c758f46e" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/release-2.93.tar.gz" + } + }, + "lix-module": { "inputs": { + "flake-utils": "flake-utils_2", + "flakey-profile": "flakey-profile", + "lix": "lix", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1720042825, - "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", - "type": "github" + "lastModified": 1750776670, + "narHash": "sha256-EfA5K5EZAnspmraJrXQlziffVpaT+QDBiE6yKmuaNNQ=", + "rev": "c3c78a32273e89d28367d8605a4c880f0b6607e3", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/c3c78a32273e89d28367d8605a4c880f0b6607e3.tar.gz?rev=c3c78a32273e89d28367d8605a4c880f0b6607e3" }, "original": { - "owner": "nix-community", - "ref": "release-24.05", - "repo": "home-manager", - "type": "github" + "type": "tarball", + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.1.tar.gz" } }, "nixpkgs": { "locked": { - "lastModified": 1723688146, - "narHash": "sha256-sqLwJcHYeWLOeP/XoLwAtYjr01TISlkOfz+NG82pbdg=", + "lastModified": 1750622754, + "narHash": "sha256-kMhs+YzV4vPGfuTpD3mwzibWUE6jotw5Al2wczI0Pv8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c3d4ac725177c030b1e289015989da2ad9d56af0", + "rev": "c7ab75210cb8cb16ddd8f290755d9558edde7ee1", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.05", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1748740939, + "narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "656a64127e9d791a334452c6b6606d17539476e2", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-small": { + "locked": { + "lastModified": 1750784235, + "narHash": "sha256-IYCCkKerO3lMUcMaDRLfwnfyPopQbGWF8iHRd0XcCBc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a5e9291e97f5ba0b4ba7d657ddedd5f86d11acfd", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1750506804, + "narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "4206c4cb56751df534751b058295ea61357bbbaa", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable-small": { + "locked": { + "lastModified": 1750776346, + "narHash": "sha256-sWw7gz2B02fHQkmPSutVcoawLuiPT0hpztL0ldCnIy0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "4396a137499b6cc9f9fe9f3c266577bd52d455a4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "plasma-manager": { + "inputs": { + "home-manager": [ + "home-manager-unstable" + ], + "nixpkgs": [ + "nixpkgs-unstable" + ] + }, + "locked": { + "lastModified": 1748196248, + "narHash": "sha256-1iHjsH6/5UOerJEoZKE+Gx1BgAoge/YcnUsOA4wQ/BU=", + "owner": "nix-community", + "repo": "plasma-manager", + "rev": "b7697abe89967839b273a863a3805345ea54ab56", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "plasma-manager", + "type": "github" + } + }, + "randomcat": { + "flake": false, + "locked": { + "lastModified": 1750730821, + "narHash": "sha256-U5uW9mRSuA2dRaOyswmz2I0fUVQbGRSZROXIe2WKS+8=", + "owner": "randomnetcat", + "repo": "nix-configs", + "rev": "1a2a536f5550c3b323e19f46d166340ad01745fd", + "type": "github" + }, + "original": { + "owner": "randomnetcat", + "repo": "nix-configs", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", - "birdsong": "birdsong", - "home-manager": "home-manager_2", - "nixpkgs": "nixpkgs" + "colmena": "colmena", + "firefox-addons": "firefox-addons", + "flake-parts": "flake-parts", + "home-manager": "home-manager", + "home-manager-unstable": "home-manager-unstable", + "lix-module": "lix-module", + "nixpkgs": "nixpkgs", + "nixpkgs-small": "nixpkgs-small", + "nixpkgs-unstable": "nixpkgs-unstable", + "nixpkgs-unstable-small": "nixpkgs-unstable-small", + "plasma-manager": "plasma-manager", + "randomcat": "randomcat", + "scoutshonour": "scoutshonour" + } + }, + "scoutshonour": { + "inputs": { + "nixpkgs": [ + "nixpkgs-unstable" + ] + }, + "locked": { + "lastModified": 1735301893, + "narHash": "sha256-d95MCTUYMCcOQv4LpmWxPuVnx7McezXYs2Idw8u8ngI=", + "ref": "main", + "rev": "f447cd380ea1fb81a0ff8f292b6bbdf0be9c9520", + "revCount": 23, + "type": "git", + "url": "https://git.qenya.tel/qenya/nix-scoutshonour" + }, + "original": { + "ref": "main", + "type": "git", + "url": "https://git.qenya.tel/qenya/nix-scoutshonour" } }, "systems": { @@ -119,6 +383,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index f079a70..73fe576 100644 --- a/flake.nix +++ b/flake.nix @@ -1,103 +1,169 @@ { inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; + nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-25.05-small"; + nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; + nixpkgs-unstable-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; - home-manager = { - url = "github:nix-community/home-manager/release-24.05"; + lix-module = { + # lix haven't figured out automatic updates yet: https://git.lix.systems/lix-project/nixos-module/issues/39 + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.1.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; }; + home-manager = { + url = "github:nix-community/home-manager/release-25.05"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + home-manager-unstable = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; + }; + + plasma-manager = { + url = "github:nix-community/plasma-manager"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; + inputs.home-manager.follows = "home-manager-unstable"; + }; + + flake-parts.url = "github:hercules-ci/flake-parts"; + agenix = { - url = "github:ryantm/agenix?tag=0.15.0"; - inputs = { - nixpkgs.follows = "nixpkgs"; - darwin.follows = ""; - }; + url = "github:ryantm/agenix"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.darwin.follows = ""; + inputs.home-manager.follows = ""; }; - birdsong.url = "git+https://git.qenya.tel/qenya/birdsong?ref=main"; - }; - - outputs = inputs@{ self, nixpkgs, home-manager, agenix, birdsong, ... }: { colmena = { - meta.nixpkgs = import nixpkgs { system = "x86_64-linux"; }; - meta.nodeNixpkgs.kalessin = import nixpkgs { system = "aarch64-linux"; }; # TODO: this should be generated from the host config somehow + url = "github:zhaofengli/colmena"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.stable.follows = ""; + inputs.nix-github-actions.follows = ""; + inputs.flake-compat.follows = ""; + }; - defaults = { name, nodes, config, lib, pkgs, ... }: { - deployment.replaceUnknownProfiles = lib.mkDefault false; - networking.hostName = name; + randomcat = { + url = "github:randomnetcat/nix-configs"; + flake = false; + }; - nix.settings.experimental-features = "nix-command flakes"; - nixpkgs.flake.source = nixpkgs; - nix.nixPath = [ "nixpkgs=flake:nixpkgs" ]; + firefox-addons = { + url = "gitlab:rycee/nur-expressions?ref=master&dir=pkgs/firefox-addons"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; + }; - nixpkgs.config = { - allowUnfree = true; - packageOverrides = pkgs: - let sources = import ./npins; - in { - agenix = agenix.packages.${config.nixpkgs.hostPlatform.system}.default; - nur = (import sources.nur { inherit pkgs; }); - }; - }; - - home-manager = { - useUserPackages = true; - useGlobalPkgs = true; - }; - - imports = [ - home-manager.nixosModules.home-manager - agenix.nixosModules.default - birdsong.nixosModules.default - ./common - ./services - ]; - }; - - tohru = { name, nodes, ... }: { - networking.hostId = "31da19c1"; - time.timeZone = "Europe/London"; - - imports = [ - ./deployment/local.nix - ./hosts/tohru/configuration.nix - ]; - }; - - yevaud = { name, nodes, ... }: { - networking.hostId = "09673d65"; - time.timeZone = "Etc/UTC"; - - imports = [ - ./deployment/remote.nix - ./hosts/yevaud/configuration.nix - ]; - }; - - orm = { name, nodes, ... }: { - networking.hostId = "00000000"; - time.timeZone = "Etc/UTC"; - - imports = [ - ./deployment/remote.nix - ./hosts/orm/configuration.nix - ]; - }; - - kalessin = { name, nodes, ... }: { - networking.hostId = "534b538e"; - time.timeZone = "Etc/UTC"; - deployment = { - buildOnTarget = true; - replaceUnknownProfiles = true; - }; - - imports = [ - ./deployment/remote.nix - ./hosts/kalessin/configuration.nix - ]; - }; + scoutshonour = { + url = "git+https://git.qenya.tel/qenya/nix-scoutshonour?ref=main"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; }; }; + + outputs = inputs@{ self, nixpkgs, nixpkgs-small, nixpkgs-unstable, flake-parts, colmena, ... }: + flake-parts.lib.mkFlake { inherit inputs; } { + imports = [ ./flake ]; + + systems = [ "x86_64-linux" "aarch64-linux" ]; + + perSystem = { pkgs, system, ... }: { + devShells.default = pkgs.mkShell { + packages = [ + inputs.colmena.packages.${system}.colmena + inputs.agenix.packages.${system}.default + inputs.plasma-manager.packages.${system}.rc2nix + ]; + }; + }; + + flake.nixosConfigurations = self.outputs.colmenaHive.nodes; + flake.colmenaHive = colmena.lib.makeHive self.outputs.colmena; + + # The name of this output type is not standardised. I have picked + # "homeManagerModules" as the discussion here suggests it's the most common: + # https://github.com/nix-community/home-manager/issues/1783 + # + # However, note CppNix >= 2.22.3, >= 2.24 has blessed "homeModules": + # https://github.com/NixOS/nix/pull/10858 + flake.homeManagerModules = { + "qenya".imports = [ ./home/qenya ]; + "qenya@shaw".imports = [ ./hosts/shaw/home.nix ]; + }; + + fountain.backup = { + keys = { + elucredassa = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFa3hjej6KGmS2aQ4s46Y7U8pN4yyR2FuMofpHRwXNk syncoid@elucredassa" ]; + }; + sync = { + "orm-state" = { + dataset = "state"; + sourceHost = "orm"; + targetHost = "elucredassa"; + source = "rpool_orm"; + target = "rpool_elucredassa/backup/orm"; + }; + "kalessin-state" = { + dataset = "state"; + sourceHost = "kalessin"; + targetHost = "elucredassa"; + source = "rpool_kalessin"; + target = "rpool_elucredassa/backup/kalessin"; + }; + }; + }; + + flake.colmena = + let + home-manager = inputs.home-manager.nixosModules.home-manager; + home-manager-unstable = inputs.home-manager-unstable.nixosModules.home-manager; + in + { + meta = { + nixpkgs = import nixpkgs-unstable { + system = "x86_64-linux"; + overlays = [ + inputs.lix-module.overlays.default + ]; + }; + nodeNixpkgs = { + kilgharrah = import nixpkgs-unstable { system = "x86_64-linux"; }; + tohru = import nixpkgs { system = "x86_64-linux"; }; + elucredassa = import nixpkgs-small { system = "x86_64-linux"; }; + yevaud = import nixpkgs-small { system = "x86_64-linux"; }; + orm = import nixpkgs-small { system = "x86_64-linux"; }; + kalessin = import nixpkgs-small { system = "aarch64-linux"; }; + tehanu = import nixpkgs-small { system = "aarch64-linux"; }; + }; + specialArgs = { + inherit self; + inherit inputs; + }; + }; + + defaults = { config, lib, pkgs, ... }: { + deployment.targetHost = lib.mkDefault config.networking.fqdn; + deployment.buildOnTarget = lib.mkDefault true; + + imports = [ + inputs.lix-module.nixosModules.default + inputs.agenix.nixosModules.default + ./common + ./services + (builtins.toPath "${inputs.randomcat}/services/default.nix") + ]; + }; + + kilgharrah.deployment.targetHost = null; # disable remote deployment + tohru.deployment.targetHost = null; # disable remote deployment + elucredassa.deployment.targetHost = "100.73.34.182"; # TODO: no fqdn yet + + kilgharrah.imports = [ ./hosts/kilgharrah home-manager-unstable ]; + tohru.imports = [ ./hosts/tohru home-manager ]; + elucredassa.imports = [ ./hosts/elucredassa home-manager ]; + yevaud.imports = [ ./hosts/yevaud home-manager ]; + orm.imports = [ ./hosts/orm home-manager ]; + kalessin.imports = [ ./hosts/kalessin home-manager ]; + tehanu.imports = [ ./hosts/tehanu home-manager ]; + }; + }; } diff --git a/flake/backup.nix b/flake/backup.nix new file mode 100644 index 0000000..6a103aa --- /dev/null +++ b/flake/backup.nix @@ -0,0 +1,134 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.fountain.backup; + keys = import ../keys.nix; + + syncOptions = { + dataset = lib.mkOption { + type = lib.types.str; + description = '' + The name of the dataset to be synced (not including its parent + datasets, if any). This will be the same on the source and target. + It must already exist on the source, defined with the + {option}`randomcat.services.zfs` module, and not exist on the target. + ''; + }; + sourceHost = lib.mkOption { + type = lib.types.str; + description = '' + The host from which the dataset should be synced. Must be an entry in + {option}`flake.colmena`. + ''; + }; + targetHost = lib.mkOption { + type = lib.types.str; + description = '' + The host to which the dataset should be synced. Must be an entry in + {option}`flake.colmena`. + ''; + }; + source = lib.mkOption { + type = lib.types.str; + description = '' + The path to the synced dataset in the ZFS namespace on the source host, + excluding the component that is the name of the dataset itself. + ''; + }; + target = lib.mkOption { + type = lib.types.str; + description = '' + The path to the synced dataset in the ZFS namespace on the target host, + excluding the component that is the name of the dataset itself. It must + already exist, defined with the {option}`randomcat.services.zfs` + module. + ''; + }; + }; +in +{ + options.fountain.backup = { + keys = lib.mkOption { + type = lib.types.attrsOf (lib.types.listOf lib.types.singleLineStr); + default = { }; + description = '' + Lists of verbatim OpenSSH public keys that may be used to identify the + syncoid user on each target host. The key to each list must be the + host's hostname, as listed in {option}`flake.colmena`. + ''; + example = { + host = [ "ssh-rsa AAAAB3NzaC1yc2etc/etc/etcjwrsh8e596z6J0l7 example@host" ]; + bar = [ "ssh-ed25519 AAAAC3NzaCetcetera/etceteraJZMfk3QPfQ foo@bar" ]; + }; + }; + + sync = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule { options = syncOptions; }); + default = { }; + description = '' + Details of ZFS datasets whose snapshots should be synced from machine + to machine using syncoid. Syncoid will run hourly at 15 past the hour + and copy all ZFS snapshots from the source dataset to the target + dataset (recursing into child datasets). + + See descriptions for the individual options for more details. The name + of each attribute in this set is arbitrary and used to generate systemd + unit names. + + This module does not actually cause snapshots to be taken; sanoid must + be configured separately to do this. + ''; + example = { + "orm-state" = { + dataset = "state"; + sourceHost = "orm"; + targetHost = "elucredassa"; + source = "rpool_orm"; + target = "rpool_elucredassa/backup/orm"; + }; + }; + }; + }; + + # TODO: add some assertions to verify the options + + config.flake.colmena = lib.mkMerge (lib.mapAttrsToList + (name: sync: + let + inherit (sync) dataset sourceHost targetHost source target; + sourceFqdn = "${sourceHost}.birdsong.network"; + in + { + ${sourceHost} = { pkgs, ... }: { + randomcat.services.zfs.datasets."${source}/${dataset}".zfsPermissions.users.backup = [ "hold" "send" ]; + + users.users.backup = { + group = "backup"; + isSystemUser = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = cfg.keys.${targetHost}; + packages = with pkgs; [ mbuffer lzop ]; # syncoid uses these if available but doesn't pull them in automatically + }; + users.groups.backup = { }; + }; + + ${targetHost} = { + randomcat.services.zfs.datasets.${target}.zfsPermissions.users.syncoid = [ "mount" "create" "receive" "recordsize" ]; + + services.syncoid = { + enable = true; + interval = "*-*-* *:15:00"; + commonArgs = [ "--no-sync-snap" ]; + commands = { + ${name} = { + source = "backup@${sourceFqdn}:${source}/${dataset}"; + target = "${target}/${dataset}"; + recursive = true; + recvOptions = "ux recordsize o compression=lz4"; + }; + }; + }; + }; + }) + cfg.sync + ); +} diff --git a/flake/colmena.nix b/flake/colmena.nix new file mode 100644 index 0000000..1679e17 --- /dev/null +++ b/flake/colmena.nix @@ -0,0 +1,19 @@ +# https://git.lix.systems/the-distro/infra/src/commit/fbb23bf517206175764f154ddfd304b9ec501f87/colmena.nix +{ lib, ... }: { + options.flake.colmena = lib.mkOption { + type = lib.types.submodule { + freeformType = lib.types.attrsOf (lib.mkOptionType { + name = "NixOS module"; + description = "module containing NixOS options and/or config"; + descriptionClass = "noun"; + check = value: builtins.isAttrs value || builtins.isFunction value || builtins.isPath value; + merge = loc: defs: { + imports = map (def: def.value) defs; + }; + }); + options.meta = lib.mkOption { + type = lib.types.attrs; + }; + }; + }; +} diff --git a/flake/default.nix b/flake/default.nix new file mode 100644 index 0000000..b567fab --- /dev/null +++ b/flake/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./backup.nix + ./colmena.nix + ]; +} diff --git a/home/cli.nix b/home/cli.nix deleted file mode 100644 index 689a9b8..0000000 --- a/home/cli.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - home.packages = with pkgs; [ - tree # like `ls -R` but nicer - - # Extremely important - fortune - cowsay - lolcat - ]; - - programs.btop.enable = true; -} diff --git a/home/dconf/appearance.nix b/home/dconf/appearance.nix deleted file mode 100644 index d6f1fab..0000000 --- a/home/dconf/appearance.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, lib, pkgs, ... }: - -let inherit (lib) mkIf; -in { - dconf = { - settings = - let - backgroundOptions = { - color-shading-type = "solid"; - picture-options = "zoom"; - picture-uri = "${config.home.homeDirectory}/.background-image"; - primary-color = "#3a4ba0"; - secondary-color = "#2f302f"; - }; - in - { - "org/gnome/desktop/background" = backgroundOptions // { - picture-uri-dark = backgroundOptions.picture-uri; - }; - "org/gnome/desktop/screensaver" = backgroundOptions; - "org/gnome/desktop/interface".color-scheme = "prefer-dark"; - }; - }; - home.file.".background-image" = mkIf config.dconf.enable { - source = ./background-image.jpg; - }; -} diff --git a/home/dconf/default.nix b/home/dconf/default.nix deleted file mode 100644 index 66f82cd..0000000 --- a/home/dconf/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, lib, pkgs, ... }: - -# dconf is the configuration manager for GNOME. - -# home-manager, in its infinite wisdom, sets `dconf.enable` to true by default. -# This is a problem because we don't want it to attempt to apply our settings on -# a system that doesn't actually have GNOME installed. So, we override the -# default to false. - -let inherit (lib) mkDefault; -in { - dconf.enable = mkDefault false; - - imports = [ - # TODO: nix-ify other parts of GNOME config - ./appearance.nix - ./keyboard.nix - ]; -} diff --git a/home/dconf/keyboard.nix b/home/dconf/keyboard.nix deleted file mode 100644 index e96a6f2..0000000 --- a/home/dconf/keyboard.nix +++ /dev/null @@ -1,14 +0,0 @@ -# { config, lib, pkgs, ... }: - -{ - dconf = { - settings = { - "org/gnome/desktop/wm/keybindings" = { - # These are largely useless on most normal systems - # and conflict with VS Code's default keybinds for "Copy Line Up/Down" - move-to-workspace-up = [ ]; - move-to-workspace-down = [ ]; - }; - }; - }; -} diff --git a/home/qenya/.p10k.zsh b/home/qenya/.p10k.zsh new file mode 100644 index 0000000..a47b12a --- /dev/null +++ b/home/qenya/.p10k.zsh @@ -0,0 +1,1832 @@ +# Generated by Powerlevel10k configuration wizard on 2025-04-28 at 17:26 BST. +# Based on romkatv/powerlevel10k/config/p10k-rainbow.zsh. +# Wizard options: nerdfont-complete + powerline, small icons, rainbow, unicode, +# angled separators, sharp heads, round tails, 2 lines, disconnected, no frame, sparse, +# few icons, concise, transient_prompt, instant_prompt=off. +# Type `p10k configure` to generate another config. +# +# Config for Powerlevel10k with powerline prompt style with colorful background. +# Type `p10k configure` to generate your own config based on it. +# +# Tip: Looking for a nice color? Here's a one-liner to print colormap. +# +# for i in {0..255}; do print -Pn "%K{$i} %k%F{$i}${(l:3::0:)i}%f " ${${(M)$((i%6)):#3}:+$'\n'}; done + +# Temporarily change options. +'builtin' 'local' '-a' 'p10k_config_opts' +[[ ! -o 'aliases' ]] || p10k_config_opts+=('aliases') +[[ ! -o 'sh_glob' ]] || p10k_config_opts+=('sh_glob') +[[ ! -o 'no_brace_expand' ]] || p10k_config_opts+=('no_brace_expand') +'builtin' 'setopt' 'no_aliases' 'no_sh_glob' 'brace_expand' + +() { + emulate -L zsh -o extended_glob + + # Unset all configuration options. This allows you to apply configuration changes without + # restarting zsh. Edit ~/.p10k.zsh and type `source ~/.p10k.zsh`. + unset -m '(POWERLEVEL9K_*|DEFAULT_USER)~POWERLEVEL9K_GITSTATUS_DIR' + + # Zsh >= 5.1 is required. + [[ $ZSH_VERSION == (5.<1->*|<6->.*) ]] || return + + # The list of segments shown on the left. Fill it with the most important segments. + typeset -g POWERLEVEL9K_LEFT_PROMPT_ELEMENTS=( + # =========================[ Line #1 ]========================= + # os_icon # os identifier + dir # current directory + vcs # git status + # =========================[ Line #2 ]========================= + newline # \n + prompt_char # prompt symbol + ) + + # The list of segments shown on the right. Fill it with less important segments. + # Right prompt on the last prompt line (where you are typing your commands) gets + # automatically hidden when the input line reaches it. Right prompt above the + # last prompt line gets hidden if it would overlap with left prompt. + typeset -g POWERLEVEL9K_RIGHT_PROMPT_ELEMENTS=( + # =========================[ Line #1 ]========================= + status # exit code of the last command + command_execution_time # duration of the last command + background_jobs # presence of background jobs + direnv # direnv status (https://direnv.net/) + asdf # asdf version manager (https://github.com/asdf-vm/asdf) + virtualenv # python virtual environment (https://docs.python.org/3/library/venv.html) + anaconda # conda environment (https://conda.io/) + pyenv # python environment (https://github.com/pyenv/pyenv) + goenv # go environment (https://github.com/syndbg/goenv) + nodenv # node.js version from nodenv (https://github.com/nodenv/nodenv) + nvm # node.js version from nvm (https://github.com/nvm-sh/nvm) + nodeenv # node.js environment (https://github.com/ekalinin/nodeenv) + # node_version # node.js version + # go_version # go version (https://golang.org) + # rust_version # rustc version (https://www.rust-lang.org) + # dotnet_version # .NET version (https://dotnet.microsoft.com) + # php_version # php version (https://www.php.net/) + # laravel_version # laravel php framework version (https://laravel.com/) + # java_version # java version (https://www.java.com/) + # package # name@version from package.json (https://docs.npmjs.com/files/package.json) + rbenv # ruby version from rbenv (https://github.com/rbenv/rbenv) + rvm # ruby version from rvm (https://rvm.io) + fvm # flutter version management (https://github.com/leoafarias/fvm) + luaenv # lua version from luaenv (https://github.com/cehoffman/luaenv) + jenv # java version from jenv (https://github.com/jenv/jenv) + plenv # perl version from plenv (https://github.com/tokuhirom/plenv) + perlbrew # perl version from perlbrew (https://github.com/gugod/App-perlbrew) + phpenv # php version from phpenv (https://github.com/phpenv/phpenv) + scalaenv # scala version from scalaenv (https://github.com/scalaenv/scalaenv) + haskell_stack # haskell version from stack (https://haskellstack.org/) + kubecontext # current kubernetes context (https://kubernetes.io/) + terraform # terraform workspace (https://www.terraform.io) + # terraform_version # terraform version (https://www.terraform.io) + aws # aws profile (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html) + aws_eb_env # aws elastic beanstalk environment (https://aws.amazon.com/elasticbeanstalk/) + azure # azure account name (https://docs.microsoft.com/en-us/cli/azure) + gcloud # google cloud cli account and project (https://cloud.google.com/) + google_app_cred # google application credentials (https://cloud.google.com/docs/authentication/production) + toolbox # toolbox name (https://github.com/containers/toolbox) + context # user@hostname + nordvpn # nordvpn connection status, linux only (https://nordvpn.com/) + ranger # ranger shell (https://github.com/ranger/ranger) + nnn # nnn shell (https://github.com/jarun/nnn) + lf # lf shell (https://github.com/gokcehan/lf) + xplr # xplr shell (https://github.com/sayanarijit/xplr) + vim_shell # vim shell indicator (:sh) + midnight_commander # midnight commander shell (https://midnight-commander.org/) + nix_shell # nix shell (https://nixos.org/nixos/nix-pills/developing-with-nix-shell.html) + chezmoi_shell # chezmoi shell (https://www.chezmoi.io/) + # vi_mode # vi mode (you don't need this if you've enabled prompt_char) + # vpn_ip # virtual private network indicator + # load # CPU load + # disk_usage # disk usage + # ram # free RAM + # swap # used swap + todo # todo items (https://github.com/todotxt/todo.txt-cli) + timewarrior # timewarrior tracking status (https://timewarrior.net/) + taskwarrior # taskwarrior task count (https://taskwarrior.org/) + per_directory_history # Oh My Zsh per-directory-history local/global indicator + # cpu_arch # CPU architecture + # time # current time + # =========================[ Line #2 ]========================= + newline + # ip # ip address and bandwidth usage for a specified network interface + # public_ip # public IP address + # proxy # system-wide http/https/ftp proxy + # battery # internal battery + # wifi # wifi speed + # example # example user-defined segment (see prompt_example function below) + ) + + # Defines character set used by powerlevel10k. It's best to let `p10k configure` set it for you. + typeset -g POWERLEVEL9K_MODE=nerdfont-complete + # When set to `moderate`, some icons will have an extra space after them. This is meant to avoid + # icon overlap when using non-monospace fonts. When set to `none`, spaces are not added. + typeset -g POWERLEVEL9K_ICON_PADDING=none + + # When set to true, icons appear before content on both sides of the prompt. When set + # to false, icons go after content. If empty or not set, icons go before content in the left + # prompt and after content in the right prompt. + # + # You can also override it for a specific segment: + # + # POWERLEVEL9K_STATUS_ICON_BEFORE_CONTENT=false + # + # Or for a specific segment in specific state: + # + # POWERLEVEL9K_DIR_NOT_WRITABLE_ICON_BEFORE_CONTENT=false + typeset -g POWERLEVEL9K_ICON_BEFORE_CONTENT= + + # Add an empty line before each prompt. + typeset -g POWERLEVEL9K_PROMPT_ADD_NEWLINE=true + + # Connect left prompt lines with these symbols. You'll probably want to use the same color + # as POWERLEVEL9K_MULTILINE_FIRST_PROMPT_GAP_FOREGROUND below. + typeset -g POWERLEVEL9K_MULTILINE_FIRST_PROMPT_PREFIX= + typeset -g POWERLEVEL9K_MULTILINE_NEWLINE_PROMPT_PREFIX= + typeset -g POWERLEVEL9K_MULTILINE_LAST_PROMPT_PREFIX= + # Connect right prompt lines with these symbols. + typeset -g POWERLEVEL9K_MULTILINE_FIRST_PROMPT_SUFFIX= + typeset -g POWERLEVEL9K_MULTILINE_NEWLINE_PROMPT_SUFFIX= + typeset -g POWERLEVEL9K_MULTILINE_LAST_PROMPT_SUFFIX= + + # Filler between left and right prompt on the first prompt line. You can set it to ' ', '·' or + # '─'. The last two make it easier to see the alignment between left and right prompt and to + # separate prompt from command output. You might want to set POWERLEVEL9K_PROMPT_ADD_NEWLINE=false + # for more compact prompt if using this option. + typeset -g POWERLEVEL9K_MULTILINE_FIRST_PROMPT_GAP_CHAR=' ' + typeset -g POWERLEVEL9K_MULTILINE_FIRST_PROMPT_GAP_BACKGROUND= + typeset -g POWERLEVEL9K_MULTILINE_NEWLINE_PROMPT_GAP_BACKGROUND= + if [[ $POWERLEVEL9K_MULTILINE_FIRST_PROMPT_GAP_CHAR != ' ' ]]; then + # The color of the filler. You'll probably want to match the color of POWERLEVEL9K_MULTILINE + # ornaments defined above. + typeset -g POWERLEVEL9K_MULTILINE_FIRST_PROMPT_GAP_FOREGROUND=242 + # Start filler from the edge of the screen if there are no left segments on the first line. + typeset -g POWERLEVEL9K_EMPTY_LINE_LEFT_PROMPT_FIRST_SEGMENT_END_SYMBOL='%{%}' + # End filler on the edge of the screen if there are no right segments on the first line. + typeset -g POWERLEVEL9K_EMPTY_LINE_RIGHT_PROMPT_FIRST_SEGMENT_START_SYMBOL='%{%}' + fi + + # Separator between same-color segments on the left. + typeset -g POWERLEVEL9K_LEFT_SUBSEGMENT_SEPARATOR='\uE0B1' + # Separator between same-color segments on the right. + typeset -g POWERLEVEL9K_RIGHT_SUBSEGMENT_SEPARATOR='\uE0B3' + # Separator between different-color segments on the left. + typeset -g POWERLEVEL9K_LEFT_SEGMENT_SEPARATOR='\uE0B0' + # Separator between different-color segments on the right. + typeset -g POWERLEVEL9K_RIGHT_SEGMENT_SEPARATOR='\uE0B2' + # To remove a separator between two segments, add "_joined" to the second segment name. + # For example: POWERLEVEL9K_RIGHT_PROMPT_ELEMENTS=(os_icon context_joined) + + # The right end of left prompt. + typeset -g POWERLEVEL9K_LEFT_PROMPT_LAST_SEGMENT_END_SYMBOL='\uE0B0' + # The left end of right prompt. + typeset -g POWERLEVEL9K_RIGHT_PROMPT_FIRST_SEGMENT_START_SYMBOL='\uE0B2' + # The left end of left prompt. + typeset -g POWERLEVEL9K_LEFT_PROMPT_FIRST_SEGMENT_START_SYMBOL='\uE0B6' + # The right end of right prompt. + typeset -g POWERLEVEL9K_RIGHT_PROMPT_LAST_SEGMENT_END_SYMBOL='\uE0B4' + # Left prompt terminator for lines without any segments. + typeset -g POWERLEVEL9K_EMPTY_LINE_LEFT_PROMPT_LAST_SEGMENT_END_SYMBOL= + + #################################[ os_icon: os identifier ]################################## + # OS identifier color. + typeset -g POWERLEVEL9K_OS_ICON_FOREGROUND=232 + typeset -g POWERLEVEL9K_OS_ICON_BACKGROUND=7 + # Custom icon. + # typeset -g POWERLEVEL9K_OS_ICON_CONTENT_EXPANSION='⭐' + + ################################[ prompt_char: prompt symbol ]################################ + # Transparent background. + typeset -g POWERLEVEL9K_PROMPT_CHAR_BACKGROUND= + # Green prompt symbol if the last command succeeded. + typeset -g POWERLEVEL9K_PROMPT_CHAR_OK_{VIINS,VICMD,VIVIS,VIOWR}_FOREGROUND=76 + # Red prompt symbol if the last command failed. + typeset -g POWERLEVEL9K_PROMPT_CHAR_ERROR_{VIINS,VICMD,VIVIS,VIOWR}_FOREGROUND=196 + # Default prompt symbol. + typeset -g POWERLEVEL9K_PROMPT_CHAR_{OK,ERROR}_VIINS_CONTENT_EXPANSION='❯' + # Prompt symbol in command vi mode. + typeset -g POWERLEVEL9K_PROMPT_CHAR_{OK,ERROR}_VICMD_CONTENT_EXPANSION='❮' + # Prompt symbol in visual vi mode. + typeset -g POWERLEVEL9K_PROMPT_CHAR_{OK,ERROR}_VIVIS_CONTENT_EXPANSION='V' + # Prompt symbol in overwrite vi mode. + typeset -g POWERLEVEL9K_PROMPT_CHAR_{OK,ERROR}_VIOWR_CONTENT_EXPANSION='▶' + typeset -g POWERLEVEL9K_PROMPT_CHAR_OVERWRITE_STATE=true + # No line terminator if prompt_char is the last segment. + typeset -g POWERLEVEL9K_PROMPT_CHAR_LEFT_PROMPT_LAST_SEGMENT_END_SYMBOL= + # No line introducer if prompt_char is the first segment. + typeset -g POWERLEVEL9K_PROMPT_CHAR_LEFT_PROMPT_FIRST_SEGMENT_START_SYMBOL= + # No surrounding whitespace. + typeset -g POWERLEVEL9K_PROMPT_CHAR_LEFT_{LEFT,RIGHT}_WHITESPACE= + + ##################################[ dir: current directory ]################################## + # Current directory background color. + typeset -g POWERLEVEL9K_DIR_BACKGROUND=4 + # Default current directory foreground color. + typeset -g POWERLEVEL9K_DIR_FOREGROUND=254 + # If directory is too long, shorten some of its segments to the shortest possible unique + # prefix. The shortened directory can be tab-completed to the original. + typeset -g POWERLEVEL9K_SHORTEN_STRATEGY=truncate_to_unique + # Replace removed segment suffixes with this symbol. + typeset -g POWERLEVEL9K_SHORTEN_DELIMITER= + # Color of the shortened directory segments. + typeset -g POWERLEVEL9K_DIR_SHORTENED_FOREGROUND=250 + # Color of the anchor directory segments. Anchor segments are never shortened. The first + # segment is always an anchor. + typeset -g POWERLEVEL9K_DIR_ANCHOR_FOREGROUND=255 + # Display anchor directory segments in bold. + typeset -g POWERLEVEL9K_DIR_ANCHOR_BOLD=true + # Don't shorten directories that contain any of these files. They are anchors. + local anchor_files=( + .bzr + .citc + .git + .hg + .node-version + .python-version + .go-version + .ruby-version + .lua-version + .java-version + .perl-version + .php-version + .tool-versions + .shorten_folder_marker + .svn + .terraform + CVS + Cargo.toml + composer.json + go.mod + package.json + stack.yaml + ) + typeset -g POWERLEVEL9K_SHORTEN_FOLDER_MARKER="(${(j:|:)anchor_files})" + # If set to "first" ("last"), remove everything before the first (last) subdirectory that contains + # files matching $POWERLEVEL9K_SHORTEN_FOLDER_MARKER. For example, when the current directory is + # /foo/bar/git_repo/nested_git_repo/baz, prompt will display git_repo/nested_git_repo/baz (first) + # or nested_git_repo/baz (last). This assumes that git_repo and nested_git_repo contain markers + # and other directories don't. + # + # Optionally, "first" and "last" can be followed by ":" where is an integer. + # This moves the truncation point to the right (positive offset) or to the left (negative offset) + # relative to the marker. Plain "first" and "last" are equivalent to "first:0" and "last:0" + # respectively. + typeset -g POWERLEVEL9K_DIR_TRUNCATE_BEFORE_MARKER=false + # Don't shorten this many last directory segments. They are anchors. + typeset -g POWERLEVEL9K_SHORTEN_DIR_LENGTH=1 + # Shorten directory if it's longer than this even if there is space for it. The value can + # be either absolute (e.g., '80') or a percentage of terminal width (e.g, '50%'). If empty, + # directory will be shortened only when prompt doesn't fit or when other parameters demand it + # (see POWERLEVEL9K_DIR_MIN_COMMAND_COLUMNS and POWERLEVEL9K_DIR_MIN_COMMAND_COLUMNS_PCT below). + # If set to `0`, directory will always be shortened to its minimum length. + typeset -g POWERLEVEL9K_DIR_MAX_LENGTH=80 + # When `dir` segment is on the last prompt line, try to shorten it enough to leave at least this + # many columns for typing commands. + typeset -g POWERLEVEL9K_DIR_MIN_COMMAND_COLUMNS=40 + # When `dir` segment is on the last prompt line, try to shorten it enough to leave at least + # COLUMNS * POWERLEVEL9K_DIR_MIN_COMMAND_COLUMNS_PCT * 0.01 columns for typing commands. + typeset -g POWERLEVEL9K_DIR_MIN_COMMAND_COLUMNS_PCT=50 + # If set to true, embed a hyperlink into the directory. Useful for quickly + # opening a directory in the file manager simply by clicking the link. + # Can also be handy when the directory is shortened, as it allows you to see + # the full directory that was used in previous commands. + typeset -g POWERLEVEL9K_DIR_HYPERLINK=false + + # Enable special styling for non-writable and non-existent directories. See POWERLEVEL9K_LOCK_ICON + # and POWERLEVEL9K_DIR_CLASSES below. + typeset -g POWERLEVEL9K_DIR_SHOW_WRITABLE=v3 + + # The default icon shown next to non-writable and non-existent directories when + # POWERLEVEL9K_DIR_SHOW_WRITABLE is set to v3. + # typeset -g POWERLEVEL9K_LOCK_ICON='⭐' + + # POWERLEVEL9K_DIR_CLASSES allows you to specify custom icons and colors for different + # directories. It must be an array with 3 * N elements. Each triplet consists of: + # + # 1. A pattern against which the current directory ($PWD) is matched. Matching is done with + # extended_glob option enabled. + # 2. Directory class for the purpose of styling. + # 3. An empty string. + # + # Triplets are tried in order. The first triplet whose pattern matches $PWD wins. + # + # If POWERLEVEL9K_DIR_SHOW_WRITABLE is set to v3, non-writable and non-existent directories + # acquire class suffix _NOT_WRITABLE and NON_EXISTENT respectively. + # + # For example, given these settings: + # + # typeset -g POWERLEVEL9K_DIR_CLASSES=( + # '~/work(|/*)' WORK '' + # '~(|/*)' HOME '' + # '*' DEFAULT '') + # + # Whenever the current directory is ~/work or a subdirectory of ~/work, it gets styled with one + # of the following classes depending on its writability and existence: WORK, WORK_NOT_WRITABLE or + # WORK_NON_EXISTENT. + # + # Simply assigning classes to directories doesn't have any visible effects. It merely gives you an + # option to define custom colors and icons for different directory classes. + # + # # Styling for WORK. + # typeset -g POWERLEVEL9K_DIR_WORK_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_DIR_WORK_BACKGROUND=4 + # typeset -g POWERLEVEL9K_DIR_WORK_FOREGROUND=254 + # typeset -g POWERLEVEL9K_DIR_WORK_SHORTENED_FOREGROUND=250 + # typeset -g POWERLEVEL9K_DIR_WORK_ANCHOR_FOREGROUND=255 + # + # # Styling for WORK_NOT_WRITABLE. + # typeset -g POWERLEVEL9K_DIR_WORK_NOT_WRITABLE_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_DIR_WORK_NOT_WRITABLE_BACKGROUND=4 + # typeset -g POWERLEVEL9K_DIR_WORK_NOT_WRITABLE_FOREGROUND=254 + # typeset -g POWERLEVEL9K_DIR_WORK_NOT_WRITABLE_SHORTENED_FOREGROUND=250 + # typeset -g POWERLEVEL9K_DIR_WORK_NOT_WRITABLE_ANCHOR_FOREGROUND=255 + # + # # Styling for WORK_NON_EXISTENT. + # typeset -g POWERLEVEL9K_DIR_WORK_NON_EXISTENT_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_DIR_WORK_NON_EXISTENT_BACKGROUND=4 + # typeset -g POWERLEVEL9K_DIR_WORK_NON_EXISTENT_FOREGROUND=254 + # typeset -g POWERLEVEL9K_DIR_WORK_NON_EXISTENT_SHORTENED_FOREGROUND=250 + # typeset -g POWERLEVEL9K_DIR_WORK_NON_EXISTENT_ANCHOR_FOREGROUND=255 + # + # If a styling parameter isn't explicitly defined for some class, it falls back to the classless + # parameter. For example, if POWERLEVEL9K_DIR_WORK_NOT_WRITABLE_FOREGROUND is not set, it falls + # back to POWERLEVEL9K_DIR_FOREGROUND. + # + typeset -g POWERLEVEL9K_DIR_CLASSES=() + + # Custom prefix. + # typeset -g POWERLEVEL9K_DIR_PREFIX='in ' + + #####################################[ vcs: git status ]###################################### + # Version control background colors. + typeset -g POWERLEVEL9K_VCS_CLEAN_BACKGROUND=2 + typeset -g POWERLEVEL9K_VCS_MODIFIED_BACKGROUND=3 + typeset -g POWERLEVEL9K_VCS_UNTRACKED_BACKGROUND=2 + typeset -g POWERLEVEL9K_VCS_CONFLICTED_BACKGROUND=3 + typeset -g POWERLEVEL9K_VCS_LOADING_BACKGROUND=8 + + # Branch icon. Set this parameter to '\UE0A0 ' for the popular Powerline branch icon. + typeset -g POWERLEVEL9K_VCS_BRANCH_ICON= + + # Untracked files icon. It's really a question mark, your font isn't broken. + # Change the value of this parameter to show a different icon. + typeset -g POWERLEVEL9K_VCS_UNTRACKED_ICON='?' + + # Formatter for Git status. + # + # Example output: master wip ⇣42⇡42 *42 merge ~42 +42 !42 ?42. + # + # You can edit the function to customize how Git status looks. + # + # VCS_STATUS_* parameters are set by gitstatus plugin. See reference: + # https://github.com/romkatv/gitstatus/blob/master/gitstatus.plugin.zsh. + function my_git_formatter() { + emulate -L zsh + + if [[ -n $P9K_CONTENT ]]; then + # If P9K_CONTENT is not empty, use it. It's either "loading" or from vcs_info (not from + # gitstatus plugin). VCS_STATUS_* parameters are not available in this case. + typeset -g my_git_format=$P9K_CONTENT + return + fi + + # Styling for different parts of Git status. + local meta='%7F' # white foreground + local clean='%0F' # black foreground + local modified='%0F' # black foreground + local untracked='%0F' # black foreground + local conflicted='%1F' # red foreground + + local res + + if [[ -n $VCS_STATUS_LOCAL_BRANCH ]]; then + local branch=${(V)VCS_STATUS_LOCAL_BRANCH} + # If local branch name is at most 32 characters long, show it in full. + # Otherwise show the first 12 … the last 12. + # Tip: To always show local branch name in full without truncation, delete the next line. + (( $#branch > 32 )) && branch[13,-13]="…" # <-- this line + res+="${clean}${(g::)POWERLEVEL9K_VCS_BRANCH_ICON}${branch//\%/%%}" + fi + + if [[ -n $VCS_STATUS_TAG + # Show tag only if not on a branch. + # Tip: To always show tag, delete the next line. + && -z $VCS_STATUS_LOCAL_BRANCH # <-- this line + ]]; then + local tag=${(V)VCS_STATUS_TAG} + # If tag name is at most 32 characters long, show it in full. + # Otherwise show the first 12 … the last 12. + # Tip: To always show tag name in full without truncation, delete the next line. + (( $#tag > 32 )) && tag[13,-13]="…" # <-- this line + res+="${meta}#${clean}${tag//\%/%%}" + fi + + # Display the current Git commit if there is no branch and no tag. + # Tip: To always display the current Git commit, delete the next line. + [[ -z $VCS_STATUS_LOCAL_BRANCH && -z $VCS_STATUS_TAG ]] && # <-- this line + res+="${meta}@${clean}${VCS_STATUS_COMMIT[1,8]}" + + # Show tracking branch name if it differs from local branch. + if [[ -n ${VCS_STATUS_REMOTE_BRANCH:#$VCS_STATUS_LOCAL_BRANCH} ]]; then + res+="${meta}:${clean}${(V)VCS_STATUS_REMOTE_BRANCH//\%/%%}" + fi + + # Display "wip" if the latest commit's summary contains "wip" or "WIP". + if [[ $VCS_STATUS_COMMIT_SUMMARY == (|*[^[:alnum:]])(wip|WIP)(|[^[:alnum:]]*) ]]; then + res+=" ${modified}wip" + fi + + if (( VCS_STATUS_COMMITS_AHEAD || VCS_STATUS_COMMITS_BEHIND )); then + # ⇣42 if behind the remote. + (( VCS_STATUS_COMMITS_BEHIND )) && res+=" ${clean}⇣${VCS_STATUS_COMMITS_BEHIND}" + # ⇡42 if ahead of the remote; no leading space if also behind the remote: ⇣42⇡42. + (( VCS_STATUS_COMMITS_AHEAD && !VCS_STATUS_COMMITS_BEHIND )) && res+=" " + (( VCS_STATUS_COMMITS_AHEAD )) && res+="${clean}⇡${VCS_STATUS_COMMITS_AHEAD}" + elif [[ -n $VCS_STATUS_REMOTE_BRANCH ]]; then + # Tip: Uncomment the next line to display '=' if up to date with the remote. + # res+=" ${clean}=" + fi + + # ⇠42 if behind the push remote. + (( VCS_STATUS_PUSH_COMMITS_BEHIND )) && res+=" ${clean}⇠${VCS_STATUS_PUSH_COMMITS_BEHIND}" + (( VCS_STATUS_PUSH_COMMITS_AHEAD && !VCS_STATUS_PUSH_COMMITS_BEHIND )) && res+=" " + # ⇢42 if ahead of the push remote; no leading space if also behind: ⇠42⇢42. + (( VCS_STATUS_PUSH_COMMITS_AHEAD )) && res+="${clean}⇢${VCS_STATUS_PUSH_COMMITS_AHEAD}" + # *42 if have stashes. + (( VCS_STATUS_STASHES )) && res+=" ${clean}*${VCS_STATUS_STASHES}" + # 'merge' if the repo is in an unusual state. + [[ -n $VCS_STATUS_ACTION ]] && res+=" ${conflicted}${VCS_STATUS_ACTION}" + # ~42 if have merge conflicts. + (( VCS_STATUS_NUM_CONFLICTED )) && res+=" ${conflicted}~${VCS_STATUS_NUM_CONFLICTED}" + # +42 if have staged changes. + (( VCS_STATUS_NUM_STAGED )) && res+=" ${modified}+${VCS_STATUS_NUM_STAGED}" + # !42 if have unstaged changes. + (( VCS_STATUS_NUM_UNSTAGED )) && res+=" ${modified}!${VCS_STATUS_NUM_UNSTAGED}" + # ?42 if have untracked files. It's really a question mark, your font isn't broken. + # See POWERLEVEL9K_VCS_UNTRACKED_ICON above if you want to use a different icon. + # Remove the next line if you don't want to see untracked files at all. + (( VCS_STATUS_NUM_UNTRACKED )) && res+=" ${untracked}${(g::)POWERLEVEL9K_VCS_UNTRACKED_ICON}${VCS_STATUS_NUM_UNTRACKED}" + # "─" if the number of unstaged files is unknown. This can happen due to + # POWERLEVEL9K_VCS_MAX_INDEX_SIZE_DIRTY (see below) being set to a non-negative number lower + # than the number of files in the Git index, or due to bash.showDirtyState being set to false + # in the repository config. The number of staged and untracked files may also be unknown + # in this case. + (( VCS_STATUS_HAS_UNSTAGED == -1 )) && res+=" ${modified}─" + + typeset -g my_git_format=$res + } + functions -M my_git_formatter 2>/dev/null + + # Don't count the number of unstaged, untracked and conflicted files in Git repositories with + # more than this many files in the index. Negative value means infinity. + # + # If you are working in Git repositories with tens of millions of files and seeing performance + # sagging, try setting POWERLEVEL9K_VCS_MAX_INDEX_SIZE_DIRTY to a number lower than the output + # of `git ls-files | wc -l`. Alternatively, add `bash.showDirtyState = false` to the repository's + # config: `git config bash.showDirtyState false`. + typeset -g POWERLEVEL9K_VCS_MAX_INDEX_SIZE_DIRTY=-1 + + # Don't show Git status in prompt for repositories whose workdir matches this pattern. + # For example, if set to '~', the Git repository at $HOME/.git will be ignored. + # Multiple patterns can be combined with '|': '~(|/foo)|/bar/baz/*'. + typeset -g POWERLEVEL9K_VCS_DISABLED_WORKDIR_PATTERN='~' + + # Disable the default Git status formatting. + typeset -g POWERLEVEL9K_VCS_DISABLE_GITSTATUS_FORMATTING=true + # Install our own Git status formatter. + typeset -g POWERLEVEL9K_VCS_CONTENT_EXPANSION='${$((my_git_formatter()))+${my_git_format}}' + # Enable counters for staged, unstaged, etc. + typeset -g POWERLEVEL9K_VCS_{STAGED,UNSTAGED,UNTRACKED,CONFLICTED,COMMITS_AHEAD,COMMITS_BEHIND}_MAX_NUM=-1 + + # Custom icon. + typeset -g POWERLEVEL9K_VCS_VISUAL_IDENTIFIER_EXPANSION= + # Custom prefix. + # typeset -g POWERLEVEL9K_VCS_PREFIX='on ' + + # Show status of repositories of these types. You can add svn and/or hg if you are + # using them. If you do, your prompt may become slow even when your current directory + # isn't in an svn or hg repository. + typeset -g POWERLEVEL9K_VCS_BACKENDS=(git) + + ##########################[ status: exit code of the last command ]########################### + # Enable OK_PIPE, ERROR_PIPE and ERROR_SIGNAL status states to allow us to enable, disable and + # style them independently from the regular OK and ERROR state. + typeset -g POWERLEVEL9K_STATUS_EXTENDED_STATES=true + + # Status on success. No content, just an icon. No need to show it if prompt_char is enabled as + # it will signify success by turning green. + typeset -g POWERLEVEL9K_STATUS_OK=false + typeset -g POWERLEVEL9K_STATUS_OK_VISUAL_IDENTIFIER_EXPANSION='✔' + typeset -g POWERLEVEL9K_STATUS_OK_FOREGROUND=2 + typeset -g POWERLEVEL9K_STATUS_OK_BACKGROUND=0 + + # Status when some part of a pipe command fails but the overall exit status is zero. It may look + # like this: 1|0. + typeset -g POWERLEVEL9K_STATUS_OK_PIPE=true + typeset -g POWERLEVEL9K_STATUS_OK_PIPE_VISUAL_IDENTIFIER_EXPANSION='✔' + typeset -g POWERLEVEL9K_STATUS_OK_PIPE_FOREGROUND=2 + typeset -g POWERLEVEL9K_STATUS_OK_PIPE_BACKGROUND=0 + + # Status when it's just an error code (e.g., '1'). No need to show it if prompt_char is enabled as + # it will signify error by turning red. + typeset -g POWERLEVEL9K_STATUS_ERROR=false + typeset -g POWERLEVEL9K_STATUS_ERROR_VISUAL_IDENTIFIER_EXPANSION='✘' + typeset -g POWERLEVEL9K_STATUS_ERROR_FOREGROUND=3 + typeset -g POWERLEVEL9K_STATUS_ERROR_BACKGROUND=1 + + # Status when the last command was terminated by a signal. + typeset -g POWERLEVEL9K_STATUS_ERROR_SIGNAL=true + # Use terse signal names: "INT" instead of "SIGINT(2)". + typeset -g POWERLEVEL9K_STATUS_VERBOSE_SIGNAME=false + typeset -g POWERLEVEL9K_STATUS_ERROR_SIGNAL_VISUAL_IDENTIFIER_EXPANSION='✘' + typeset -g POWERLEVEL9K_STATUS_ERROR_SIGNAL_FOREGROUND=3 + typeset -g POWERLEVEL9K_STATUS_ERROR_SIGNAL_BACKGROUND=1 + + # Status when some part of a pipe command fails and the overall exit status is also non-zero. + # It may look like this: 1|0. + typeset -g POWERLEVEL9K_STATUS_ERROR_PIPE=true + typeset -g POWERLEVEL9K_STATUS_ERROR_PIPE_VISUAL_IDENTIFIER_EXPANSION='✘' + typeset -g POWERLEVEL9K_STATUS_ERROR_PIPE_FOREGROUND=3 + typeset -g POWERLEVEL9K_STATUS_ERROR_PIPE_BACKGROUND=1 + + ###################[ command_execution_time: duration of the last command ]################### + # Execution time color. + typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_FOREGROUND=0 + typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_BACKGROUND=3 + # Show duration of the last command if takes at least this many seconds. + typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_THRESHOLD=3 + # Show this many fractional digits. Zero means round to seconds. + typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_PRECISION=0 + # Duration format: 1d 2h 3m 4s. + typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_FORMAT='d h m s' + # Custom icon. + typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_VISUAL_IDENTIFIER_EXPANSION= + # Custom prefix. + # typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_PREFIX='took ' + + #######################[ background_jobs: presence of background jobs ]####################### + # Background jobs color. + typeset -g POWERLEVEL9K_BACKGROUND_JOBS_FOREGROUND=6 + typeset -g POWERLEVEL9K_BACKGROUND_JOBS_BACKGROUND=0 + # Don't show the number of background jobs. + typeset -g POWERLEVEL9K_BACKGROUND_JOBS_VERBOSE=false + # Custom icon. + # typeset -g POWERLEVEL9K_BACKGROUND_JOBS_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #######################[ direnv: direnv status (https://direnv.net/) ]######################## + # Direnv color. + typeset -g POWERLEVEL9K_DIRENV_FOREGROUND=3 + typeset -g POWERLEVEL9K_DIRENV_BACKGROUND=0 + # Custom icon. + # typeset -g POWERLEVEL9K_DIRENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###############[ asdf: asdf version manager (https://github.com/asdf-vm/asdf) ]############### + # Default asdf color. Only used to display tools for which there is no color override (see below). + # Tip: Override these parameters for ${TOOL} with POWERLEVEL9K_ASDF_${TOOL}_FOREGROUND and + # POWERLEVEL9K_ASDF_${TOOL}_BACKGROUND. + typeset -g POWERLEVEL9K_ASDF_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_BACKGROUND=7 + + # There are four parameters that can be used to hide asdf tools. Each parameter describes + # conditions under which a tool gets hidden. Parameters can hide tools but not unhide them. If at + # least one parameter decides to hide a tool, that tool gets hidden. If no parameter decides to + # hide a tool, it gets shown. + # + # Special note on the difference between POWERLEVEL9K_ASDF_SOURCES and + # POWERLEVEL9K_ASDF_PROMPT_ALWAYS_SHOW. Consider the effect of the following commands: + # + # asdf local python 3.8.1 + # asdf global python 3.8.1 + # + # After running both commands the current python version is 3.8.1 and its source is "local" as + # it takes precedence over "global". If POWERLEVEL9K_ASDF_PROMPT_ALWAYS_SHOW is set to false, + # it'll hide python version in this case because 3.8.1 is the same as the global version. + # POWERLEVEL9K_ASDF_SOURCES will hide python version only if the value of this parameter doesn't + # contain "local". + + # Hide tool versions that don't come from one of these sources. + # + # Available sources: + # + # - shell `asdf current` says "set by ASDF_${TOOL}_VERSION environment variable" + # - local `asdf current` says "set by /some/not/home/directory/file" + # - global `asdf current` says "set by /home/username/file" + # + # Note: If this parameter is set to (shell local global), it won't hide tools. + # Tip: Override this parameter for ${TOOL} with POWERLEVEL9K_ASDF_${TOOL}_SOURCES. + typeset -g POWERLEVEL9K_ASDF_SOURCES=(shell local global) + + # If set to false, hide tool versions that are the same as global. + # + # Note: The name of this parameter doesn't reflect its meaning at all. + # Note: If this parameter is set to true, it won't hide tools. + # Tip: Override this parameter for ${TOOL} with POWERLEVEL9K_ASDF_${TOOL}_PROMPT_ALWAYS_SHOW. + typeset -g POWERLEVEL9K_ASDF_PROMPT_ALWAYS_SHOW=false + + # If set to false, hide tool versions that are equal to "system". + # + # Note: If this parameter is set to true, it won't hide tools. + # Tip: Override this parameter for ${TOOL} with POWERLEVEL9K_ASDF_${TOOL}_SHOW_SYSTEM. + typeset -g POWERLEVEL9K_ASDF_SHOW_SYSTEM=true + + # If set to non-empty value, hide tools unless there is a file matching the specified file pattern + # in the current directory, or its parent directory, or its grandparent directory, and so on. + # + # Note: If this parameter is set to empty value, it won't hide tools. + # Note: SHOW_ON_UPGLOB isn't specific to asdf. It works with all prompt segments. + # Tip: Override this parameter for ${TOOL} with POWERLEVEL9K_ASDF_${TOOL}_SHOW_ON_UPGLOB. + # + # Example: Hide nodejs version when there is no package.json and no *.js files in the current + # directory, in `..`, in `../..` and so on. + # + # typeset -g POWERLEVEL9K_ASDF_NODEJS_SHOW_ON_UPGLOB='*.js|package.json' + typeset -g POWERLEVEL9K_ASDF_SHOW_ON_UPGLOB= + + # Ruby version from asdf. + typeset -g POWERLEVEL9K_ASDF_RUBY_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_RUBY_BACKGROUND=1 + # typeset -g POWERLEVEL9K_ASDF_RUBY_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_RUBY_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Python version from asdf. + typeset -g POWERLEVEL9K_ASDF_PYTHON_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_PYTHON_BACKGROUND=4 + # typeset -g POWERLEVEL9K_ASDF_PYTHON_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_PYTHON_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Go version from asdf. + typeset -g POWERLEVEL9K_ASDF_GOLANG_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_GOLANG_BACKGROUND=4 + # typeset -g POWERLEVEL9K_ASDF_GOLANG_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_GOLANG_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Node.js version from asdf. + typeset -g POWERLEVEL9K_ASDF_NODEJS_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_NODEJS_BACKGROUND=2 + # typeset -g POWERLEVEL9K_ASDF_NODEJS_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_NODEJS_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Rust version from asdf. + typeset -g POWERLEVEL9K_ASDF_RUST_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_RUST_BACKGROUND=208 + # typeset -g POWERLEVEL9K_ASDF_RUST_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_RUST_SHOW_ON_UPGLOB='*.foo|*.bar' + + # .NET Core version from asdf. + typeset -g POWERLEVEL9K_ASDF_DOTNET_CORE_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_DOTNET_CORE_BACKGROUND=5 + # typeset -g POWERLEVEL9K_ASDF_DOTNET_CORE_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_DOTNET_CORE_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Flutter version from asdf. + typeset -g POWERLEVEL9K_ASDF_FLUTTER_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_FLUTTER_BACKGROUND=4 + # typeset -g POWERLEVEL9K_ASDF_FLUTTER_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_FLUTTER_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Lua version from asdf. + typeset -g POWERLEVEL9K_ASDF_LUA_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_LUA_BACKGROUND=4 + # typeset -g POWERLEVEL9K_ASDF_LUA_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_LUA_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Java version from asdf. + typeset -g POWERLEVEL9K_ASDF_JAVA_FOREGROUND=1 + typeset -g POWERLEVEL9K_ASDF_JAVA_BACKGROUND=7 + # typeset -g POWERLEVEL9K_ASDF_JAVA_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_JAVA_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Perl version from asdf. + typeset -g POWERLEVEL9K_ASDF_PERL_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_PERL_BACKGROUND=4 + # typeset -g POWERLEVEL9K_ASDF_PERL_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_PERL_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Erlang version from asdf. + typeset -g POWERLEVEL9K_ASDF_ERLANG_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_ERLANG_BACKGROUND=1 + # typeset -g POWERLEVEL9K_ASDF_ERLANG_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_ERLANG_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Elixir version from asdf. + typeset -g POWERLEVEL9K_ASDF_ELIXIR_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_ELIXIR_BACKGROUND=5 + # typeset -g POWERLEVEL9K_ASDF_ELIXIR_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_ELIXIR_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Postgres version from asdf. + typeset -g POWERLEVEL9K_ASDF_POSTGRES_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_POSTGRES_BACKGROUND=6 + # typeset -g POWERLEVEL9K_ASDF_POSTGRES_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_POSTGRES_SHOW_ON_UPGLOB='*.foo|*.bar' + + # PHP version from asdf. + typeset -g POWERLEVEL9K_ASDF_PHP_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_PHP_BACKGROUND=5 + # typeset -g POWERLEVEL9K_ASDF_PHP_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_PHP_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Haskell version from asdf. + typeset -g POWERLEVEL9K_ASDF_HASKELL_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_HASKELL_BACKGROUND=3 + # typeset -g POWERLEVEL9K_ASDF_HASKELL_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_HASKELL_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Julia version from asdf. + typeset -g POWERLEVEL9K_ASDF_JULIA_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_JULIA_BACKGROUND=2 + # typeset -g POWERLEVEL9K_ASDF_JULIA_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_JULIA_SHOW_ON_UPGLOB='*.foo|*.bar' + + ##########[ nordvpn: nordvpn connection status, linux only (https://nordvpn.com/) ]########### + # NordVPN connection indicator color. + typeset -g POWERLEVEL9K_NORDVPN_FOREGROUND=7 + typeset -g POWERLEVEL9K_NORDVPN_BACKGROUND=4 + # Hide NordVPN connection indicator when not connected. + typeset -g POWERLEVEL9K_NORDVPN_{DISCONNECTED,CONNECTING,DISCONNECTING}_CONTENT_EXPANSION= + typeset -g POWERLEVEL9K_NORDVPN_{DISCONNECTED,CONNECTING,DISCONNECTING}_VISUAL_IDENTIFIER_EXPANSION= + # Custom icon. + # typeset -g POWERLEVEL9K_NORDVPN_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #################[ ranger: ranger shell (https://github.com/ranger/ranger) ]################## + # Ranger shell color. + typeset -g POWERLEVEL9K_RANGER_FOREGROUND=3 + typeset -g POWERLEVEL9K_RANGER_BACKGROUND=0 + # Custom icon. + # typeset -g POWERLEVEL9K_RANGER_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ######################[ nnn: nnn shell (https://github.com/jarun/nnn) ]####################### + # Nnn shell color. + typeset -g POWERLEVEL9K_NNN_FOREGROUND=0 + typeset -g POWERLEVEL9K_NNN_BACKGROUND=6 + # Custom icon. + # typeset -g POWERLEVEL9K_NNN_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ######################[ lf: lf shell (https://github.com/gokcehan/lf) ]####################### + # lf shell color. + typeset -g POWERLEVEL9K_LF_FOREGROUND=0 + typeset -g POWERLEVEL9K_LF_BACKGROUND=6 + # Custom icon. + # typeset -g POWERLEVEL9K_LF_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##################[ xplr: xplr shell (https://github.com/sayanarijit/xplr) ]################## + # xplr shell color. + typeset -g POWERLEVEL9K_XPLR_FOREGROUND=0 + typeset -g POWERLEVEL9K_XPLR_BACKGROUND=6 + # Custom icon. + # typeset -g POWERLEVEL9K_XPLR_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###########################[ vim_shell: vim shell indicator (:sh) ]########################### + # Vim shell indicator color. + typeset -g POWERLEVEL9K_VIM_SHELL_FOREGROUND=0 + typeset -g POWERLEVEL9K_VIM_SHELL_BACKGROUND=2 + # Custom icon. + # typeset -g POWERLEVEL9K_VIM_SHELL_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ######[ midnight_commander: midnight commander shell (https://midnight-commander.org/) ]###### + # Midnight Commander shell color. + typeset -g POWERLEVEL9K_MIDNIGHT_COMMANDER_FOREGROUND=3 + typeset -g POWERLEVEL9K_MIDNIGHT_COMMANDER_BACKGROUND=0 + # Custom icon. + # typeset -g POWERLEVEL9K_MIDNIGHT_COMMANDER_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #[ nix_shell: nix shell (https://nixos.org/nixos/nix-pills/developing-with-nix-shell.html) ]## + # Nix shell color. + typeset -g POWERLEVEL9K_NIX_SHELL_FOREGROUND=0 + typeset -g POWERLEVEL9K_NIX_SHELL_BACKGROUND=4 + + # Display the icon of nix_shell if PATH contains a subdirectory of /nix/store. + # typeset -g POWERLEVEL9K_NIX_SHELL_INFER_FROM_PATH=false + + # Tip: If you want to see just the icon without "pure" and "impure", uncomment the next line. + # typeset -g POWERLEVEL9K_NIX_SHELL_CONTENT_EXPANSION= + + # Custom icon. + # typeset -g POWERLEVEL9K_NIX_SHELL_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##################[ chezmoi_shell: chezmoi shell (https://www.chezmoi.io/) ]################## + # chezmoi shell color. + typeset -g POWERLEVEL9K_CHEZMOI_SHELL_FOREGROUND=0 + typeset -g POWERLEVEL9K_CHEZMOI_SHELL_BACKGROUND=4 + # Custom icon. + # typeset -g POWERLEVEL9K_CHEZMOI_SHELL_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##################################[ disk_usage: disk usage ]################################## + # Colors for different levels of disk usage. + typeset -g POWERLEVEL9K_DISK_USAGE_NORMAL_FOREGROUND=3 + typeset -g POWERLEVEL9K_DISK_USAGE_NORMAL_BACKGROUND=0 + typeset -g POWERLEVEL9K_DISK_USAGE_WARNING_FOREGROUND=0 + typeset -g POWERLEVEL9K_DISK_USAGE_WARNING_BACKGROUND=3 + typeset -g POWERLEVEL9K_DISK_USAGE_CRITICAL_FOREGROUND=7 + typeset -g POWERLEVEL9K_DISK_USAGE_CRITICAL_BACKGROUND=1 + # Thresholds for different levels of disk usage (percentage points). + typeset -g POWERLEVEL9K_DISK_USAGE_WARNING_LEVEL=90 + typeset -g POWERLEVEL9K_DISK_USAGE_CRITICAL_LEVEL=95 + # If set to true, hide disk usage when below $POWERLEVEL9K_DISK_USAGE_WARNING_LEVEL percent. + typeset -g POWERLEVEL9K_DISK_USAGE_ONLY_WARNING=false + # Custom icon. + # typeset -g POWERLEVEL9K_DISK_USAGE_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###########[ vi_mode: vi mode (you don't need this if you've enabled prompt_char) ]########### + # Foreground color. + typeset -g POWERLEVEL9K_VI_MODE_FOREGROUND=0 + # Text and color for normal (a.k.a. command) vi mode. + typeset -g POWERLEVEL9K_VI_COMMAND_MODE_STRING=NORMAL + typeset -g POWERLEVEL9K_VI_MODE_NORMAL_BACKGROUND=2 + # Text and color for visual vi mode. + typeset -g POWERLEVEL9K_VI_VISUAL_MODE_STRING=VISUAL + typeset -g POWERLEVEL9K_VI_MODE_VISUAL_BACKGROUND=4 + # Text and color for overtype (a.k.a. overwrite and replace) vi mode. + typeset -g POWERLEVEL9K_VI_OVERWRITE_MODE_STRING=OVERTYPE + typeset -g POWERLEVEL9K_VI_MODE_OVERWRITE_BACKGROUND=3 + # Text and color for insert vi mode. + typeset -g POWERLEVEL9K_VI_INSERT_MODE_STRING= + typeset -g POWERLEVEL9K_VI_MODE_INSERT_FOREGROUND=8 + + ######################################[ ram: free RAM ]####################################### + # RAM color. + typeset -g POWERLEVEL9K_RAM_FOREGROUND=0 + typeset -g POWERLEVEL9K_RAM_BACKGROUND=3 + # Custom icon. + # typeset -g POWERLEVEL9K_RAM_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #####################################[ swap: used swap ]###################################### + # Swap color. + typeset -g POWERLEVEL9K_SWAP_FOREGROUND=0 + typeset -g POWERLEVEL9K_SWAP_BACKGROUND=3 + # Custom icon. + # typeset -g POWERLEVEL9K_SWAP_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ######################################[ load: CPU load ]###################################### + # Show average CPU load over this many last minutes. Valid values are 1, 5 and 15. + typeset -g POWERLEVEL9K_LOAD_WHICH=5 + # Load color when load is under 50%. + typeset -g POWERLEVEL9K_LOAD_NORMAL_FOREGROUND=0 + typeset -g POWERLEVEL9K_LOAD_NORMAL_BACKGROUND=2 + # Load color when load is between 50% and 70%. + typeset -g POWERLEVEL9K_LOAD_WARNING_FOREGROUND=0 + typeset -g POWERLEVEL9K_LOAD_WARNING_BACKGROUND=3 + # Load color when load is over 70%. + typeset -g POWERLEVEL9K_LOAD_CRITICAL_FOREGROUND=0 + typeset -g POWERLEVEL9K_LOAD_CRITICAL_BACKGROUND=1 + # Custom icon. + # typeset -g POWERLEVEL9K_LOAD_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ################[ todo: todo items (https://github.com/todotxt/todo.txt-cli) ]################ + # Todo color. + typeset -g POWERLEVEL9K_TODO_FOREGROUND=0 + typeset -g POWERLEVEL9K_TODO_BACKGROUND=8 + # Hide todo when the total number of tasks is zero. + typeset -g POWERLEVEL9K_TODO_HIDE_ZERO_TOTAL=true + # Hide todo when the number of tasks after filtering is zero. + typeset -g POWERLEVEL9K_TODO_HIDE_ZERO_FILTERED=false + + # Todo format. The following parameters are available within the expansion. + # + # - P9K_TODO_TOTAL_TASK_COUNT The total number of tasks. + # - P9K_TODO_FILTERED_TASK_COUNT The number of tasks after filtering. + # + # These variables correspond to the last line of the output of `todo.sh -p ls`: + # + # TODO: 24 of 42 tasks shown + # + # Here 24 is P9K_TODO_FILTERED_TASK_COUNT and 42 is P9K_TODO_TOTAL_TASK_COUNT. + # + # typeset -g POWERLEVEL9K_TODO_CONTENT_EXPANSION='$P9K_TODO_FILTERED_TASK_COUNT' + + # Custom icon. + # typeset -g POWERLEVEL9K_TODO_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###########[ timewarrior: timewarrior tracking status (https://timewarrior.net/) ]############ + # Timewarrior color. + typeset -g POWERLEVEL9K_TIMEWARRIOR_FOREGROUND=255 + typeset -g POWERLEVEL9K_TIMEWARRIOR_BACKGROUND=8 + + # If the tracked task is longer than 24 characters, truncate and append "…". + # Tip: To always display tasks without truncation, delete the following parameter. + # Tip: To hide task names and display just the icon when time tracking is enabled, set the + # value of the following parameter to "". + typeset -g POWERLEVEL9K_TIMEWARRIOR_CONTENT_EXPANSION='${P9K_CONTENT:0:24}${${P9K_CONTENT:24}:+…}' + + # Custom icon. + # typeset -g POWERLEVEL9K_TIMEWARRIOR_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##############[ taskwarrior: taskwarrior task count (https://taskwarrior.org/) ]############## + # Taskwarrior color. + typeset -g POWERLEVEL9K_TASKWARRIOR_FOREGROUND=0 + typeset -g POWERLEVEL9K_TASKWARRIOR_BACKGROUND=6 + + # Taskwarrior segment format. The following parameters are available within the expansion. + # + # - P9K_TASKWARRIOR_PENDING_COUNT The number of pending tasks: `task +PENDING count`. + # - P9K_TASKWARRIOR_OVERDUE_COUNT The number of overdue tasks: `task +OVERDUE count`. + # + # Zero values are represented as empty parameters. + # + # The default format: + # + # '${P9K_TASKWARRIOR_OVERDUE_COUNT:+"!$P9K_TASKWARRIOR_OVERDUE_COUNT/"}$P9K_TASKWARRIOR_PENDING_COUNT' + # + # typeset -g POWERLEVEL9K_TASKWARRIOR_CONTENT_EXPANSION='$P9K_TASKWARRIOR_PENDING_COUNT' + + # Custom icon. + # typeset -g POWERLEVEL9K_TASKWARRIOR_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ######[ per_directory_history: Oh My Zsh per-directory-history local/global indicator ]####### + # Color when using local/global history. + typeset -g POWERLEVEL9K_PER_DIRECTORY_HISTORY_LOCAL_FOREGROUND=0 + typeset -g POWERLEVEL9K_PER_DIRECTORY_HISTORY_LOCAL_BACKGROUND=5 + typeset -g POWERLEVEL9K_PER_DIRECTORY_HISTORY_GLOBAL_FOREGROUND=0 + typeset -g POWERLEVEL9K_PER_DIRECTORY_HISTORY_GLOBAL_BACKGROUND=3 + + # Tip: Uncomment the next two lines to hide "local"/"global" text and leave just the icon. + # typeset -g POWERLEVEL9K_PER_DIRECTORY_HISTORY_LOCAL_CONTENT_EXPANSION='' + # typeset -g POWERLEVEL9K_PER_DIRECTORY_HISTORY_GLOBAL_CONTENT_EXPANSION='' + + # Custom icon. + # typeset -g POWERLEVEL9K_PER_DIRECTORY_HISTORY_LOCAL_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_PER_DIRECTORY_HISTORY_GLOBAL_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ################################[ cpu_arch: CPU architecture ]################################ + # CPU architecture color. + typeset -g POWERLEVEL9K_CPU_ARCH_FOREGROUND=0 + typeset -g POWERLEVEL9K_CPU_ARCH_BACKGROUND=3 + + # Hide the segment when on a specific CPU architecture. + # typeset -g POWERLEVEL9K_CPU_ARCH_X86_64_CONTENT_EXPANSION= + # typeset -g POWERLEVEL9K_CPU_ARCH_X86_64_VISUAL_IDENTIFIER_EXPANSION= + + # Custom icon. + # typeset -g POWERLEVEL9K_CPU_ARCH_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##################################[ context: user@hostname ]################################## + # Context color when running with privileges. + typeset -g POWERLEVEL9K_CONTEXT_ROOT_FOREGROUND=1 + typeset -g POWERLEVEL9K_CONTEXT_ROOT_BACKGROUND=0 + # Context color in SSH without privileges. + typeset -g POWERLEVEL9K_CONTEXT_{REMOTE,REMOTE_SUDO}_FOREGROUND=3 + typeset -g POWERLEVEL9K_CONTEXT_{REMOTE,REMOTE_SUDO}_BACKGROUND=0 + # Default context color (no privileges, no SSH). + typeset -g POWERLEVEL9K_CONTEXT_FOREGROUND=3 + typeset -g POWERLEVEL9K_CONTEXT_BACKGROUND=0 + + # Context format when running with privileges: user@hostname. + typeset -g POWERLEVEL9K_CONTEXT_ROOT_TEMPLATE='%n@%m' + # Context format when in SSH without privileges: user@hostname. + typeset -g POWERLEVEL9K_CONTEXT_{REMOTE,REMOTE_SUDO}_TEMPLATE='%n@%m' + # Default context format (no privileges, no SSH): user@hostname. + typeset -g POWERLEVEL9K_CONTEXT_TEMPLATE='%n@%m' + + # Don't show context unless running with privileges or in SSH. + # Tip: Remove the next line to always show context. + typeset -g POWERLEVEL9K_CONTEXT_{DEFAULT,SUDO}_{CONTENT,VISUAL_IDENTIFIER}_EXPANSION= + + # Custom icon. + # typeset -g POWERLEVEL9K_CONTEXT_VISUAL_IDENTIFIER_EXPANSION='⭐' + # Custom prefix. + # typeset -g POWERLEVEL9K_CONTEXT_PREFIX='with ' + + ###[ virtualenv: python virtual environment (https://docs.python.org/3/library/venv.html) ]### + # Python virtual environment color. + typeset -g POWERLEVEL9K_VIRTUALENV_FOREGROUND=0 + typeset -g POWERLEVEL9K_VIRTUALENV_BACKGROUND=4 + # Don't show Python version next to the virtual environment name. + typeset -g POWERLEVEL9K_VIRTUALENV_SHOW_PYTHON_VERSION=false + # If set to "false", won't show virtualenv if pyenv is already shown. + # If set to "if-different", won't show virtualenv if it's the same as pyenv. + typeset -g POWERLEVEL9K_VIRTUALENV_SHOW_WITH_PYENV=false + # Separate environment name from Python version only with a space. + typeset -g POWERLEVEL9K_VIRTUALENV_{LEFT,RIGHT}_DELIMITER= + # Custom icon. + # typeset -g POWERLEVEL9K_VIRTUALENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #####################[ anaconda: conda environment (https://conda.io/) ]###################### + # Anaconda environment color. + typeset -g POWERLEVEL9K_ANACONDA_FOREGROUND=0 + typeset -g POWERLEVEL9K_ANACONDA_BACKGROUND=4 + + # Anaconda segment format. The following parameters are available within the expansion. + # + # - CONDA_PREFIX Absolute path to the active Anaconda/Miniconda environment. + # - CONDA_DEFAULT_ENV Name of the active Anaconda/Miniconda environment. + # - CONDA_PROMPT_MODIFIER Configurable prompt modifier (see below). + # - P9K_ANACONDA_PYTHON_VERSION Current python version (python --version). + # + # CONDA_PROMPT_MODIFIER can be configured with the following command: + # + # conda config --set env_prompt '({default_env}) ' + # + # The last argument is a Python format string that can use the following variables: + # + # - prefix The same as CONDA_PREFIX. + # - default_env The same as CONDA_DEFAULT_ENV. + # - name The last segment of CONDA_PREFIX. + # - stacked_env Comma-separated list of names in the environment stack. The first element is + # always the same as default_env. + # + # Note: '({default_env}) ' is the default value of env_prompt. + # + # The default value of POWERLEVEL9K_ANACONDA_CONTENT_EXPANSION expands to $CONDA_PROMPT_MODIFIER + # without the surrounding parentheses, or to the last path component of CONDA_PREFIX if the former + # is empty. + typeset -g POWERLEVEL9K_ANACONDA_CONTENT_EXPANSION='${${${${CONDA_PROMPT_MODIFIER#\(}% }%\)}:-${CONDA_PREFIX:t}}' + + # Custom icon. + # typeset -g POWERLEVEL9K_ANACONDA_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ################[ pyenv: python environment (https://github.com/pyenv/pyenv) ]################ + # Pyenv color. + typeset -g POWERLEVEL9K_PYENV_FOREGROUND=0 + typeset -g POWERLEVEL9K_PYENV_BACKGROUND=4 + # Hide python version if it doesn't come from one of these sources. + typeset -g POWERLEVEL9K_PYENV_SOURCES=(shell local global) + # If set to false, hide python version if it's the same as global: + # $(pyenv version-name) == $(pyenv global). + typeset -g POWERLEVEL9K_PYENV_PROMPT_ALWAYS_SHOW=false + # If set to false, hide python version if it's equal to "system". + typeset -g POWERLEVEL9K_PYENV_SHOW_SYSTEM=true + + # Pyenv segment format. The following parameters are available within the expansion. + # + # - P9K_CONTENT Current pyenv environment (pyenv version-name). + # - P9K_PYENV_PYTHON_VERSION Current python version (python --version). + # + # The default format has the following logic: + # + # 1. Display just "$P9K_CONTENT" if it's equal to "$P9K_PYENV_PYTHON_VERSION" or + # starts with "$P9K_PYENV_PYTHON_VERSION/". + # 2. Otherwise display "$P9K_CONTENT $P9K_PYENV_PYTHON_VERSION". + typeset -g POWERLEVEL9K_PYENV_CONTENT_EXPANSION='${P9K_CONTENT}${${P9K_CONTENT:#$P9K_PYENV_PYTHON_VERSION(|/*)}:+ $P9K_PYENV_PYTHON_VERSION}' + + # Custom icon. + # typeset -g POWERLEVEL9K_PYENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ################[ goenv: go environment (https://github.com/syndbg/goenv) ]################ + # Goenv color. + typeset -g POWERLEVEL9K_GOENV_FOREGROUND=0 + typeset -g POWERLEVEL9K_GOENV_BACKGROUND=4 + # Hide go version if it doesn't come from one of these sources. + typeset -g POWERLEVEL9K_GOENV_SOURCES=(shell local global) + # If set to false, hide go version if it's the same as global: + # $(goenv version-name) == $(goenv global). + typeset -g POWERLEVEL9K_GOENV_PROMPT_ALWAYS_SHOW=false + # If set to false, hide go version if it's equal to "system". + typeset -g POWERLEVEL9K_GOENV_SHOW_SYSTEM=true + # Custom icon. + # typeset -g POWERLEVEL9K_GOENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##########[ nodenv: node.js version from nodenv (https://github.com/nodenv/nodenv) ]########## + # Nodenv color. + typeset -g POWERLEVEL9K_NODENV_FOREGROUND=2 + typeset -g POWERLEVEL9K_NODENV_BACKGROUND=0 + # Hide node version if it doesn't come from one of these sources. + typeset -g POWERLEVEL9K_NODENV_SOURCES=(shell local global) + # If set to false, hide node version if it's the same as global: + # $(nodenv version-name) == $(nodenv global). + typeset -g POWERLEVEL9K_NODENV_PROMPT_ALWAYS_SHOW=false + # If set to false, hide node version if it's equal to "system". + typeset -g POWERLEVEL9K_NODENV_SHOW_SYSTEM=true + # Custom icon. + # typeset -g POWERLEVEL9K_NODENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##############[ nvm: node.js version from nvm (https://github.com/nvm-sh/nvm) ]############### + # Nvm color. + typeset -g POWERLEVEL9K_NVM_FOREGROUND=0 + typeset -g POWERLEVEL9K_NVM_BACKGROUND=5 + # If set to false, hide node version if it's the same as default: + # $(nvm version current) == $(nvm version default). + typeset -g POWERLEVEL9K_NVM_PROMPT_ALWAYS_SHOW=false + # If set to false, hide node version if it's equal to "system". + typeset -g POWERLEVEL9K_NVM_SHOW_SYSTEM=true + # Custom icon. + # typeset -g POWERLEVEL9K_NVM_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ############[ nodeenv: node.js environment (https://github.com/ekalinin/nodeenv) ]############ + # Nodeenv color. + typeset -g POWERLEVEL9K_NODEENV_FOREGROUND=2 + typeset -g POWERLEVEL9K_NODEENV_BACKGROUND=0 + # Don't show Node version next to the environment name. + typeset -g POWERLEVEL9K_NODEENV_SHOW_NODE_VERSION=false + # Separate environment name from Node version only with a space. + typeset -g POWERLEVEL9K_NODEENV_{LEFT,RIGHT}_DELIMITER= + # Custom icon. + # typeset -g POWERLEVEL9K_NODEENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##############################[ node_version: node.js version ]############################### + # Node version color. + typeset -g POWERLEVEL9K_NODE_VERSION_FOREGROUND=7 + typeset -g POWERLEVEL9K_NODE_VERSION_BACKGROUND=2 + # Show node version only when in a directory tree containing package.json. + typeset -g POWERLEVEL9K_NODE_VERSION_PROJECT_ONLY=true + # Custom icon. + # typeset -g POWERLEVEL9K_NODE_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #######################[ go_version: go version (https://golang.org) ]######################## + # Go version color. + typeset -g POWERLEVEL9K_GO_VERSION_FOREGROUND=255 + typeset -g POWERLEVEL9K_GO_VERSION_BACKGROUND=2 + # Show go version only when in a go project subdirectory. + typeset -g POWERLEVEL9K_GO_VERSION_PROJECT_ONLY=true + # Custom icon. + # typeset -g POWERLEVEL9K_GO_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #################[ rust_version: rustc version (https://www.rust-lang.org) ]################## + # Rust version color. + typeset -g POWERLEVEL9K_RUST_VERSION_FOREGROUND=0 + typeset -g POWERLEVEL9K_RUST_VERSION_BACKGROUND=208 + # Show rust version only when in a rust project subdirectory. + typeset -g POWERLEVEL9K_RUST_VERSION_PROJECT_ONLY=true + # Custom icon. + # typeset -g POWERLEVEL9K_RUST_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###############[ dotnet_version: .NET version (https://dotnet.microsoft.com) ]################ + # .NET version color. + typeset -g POWERLEVEL9K_DOTNET_VERSION_FOREGROUND=7 + typeset -g POWERLEVEL9K_DOTNET_VERSION_BACKGROUND=5 + # Show .NET version only when in a .NET project subdirectory. + typeset -g POWERLEVEL9K_DOTNET_VERSION_PROJECT_ONLY=true + # Custom icon. + # typeset -g POWERLEVEL9K_DOTNET_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #####################[ php_version: php version (https://www.php.net/) ]###################### + # PHP version color. + typeset -g POWERLEVEL9K_PHP_VERSION_FOREGROUND=0 + typeset -g POWERLEVEL9K_PHP_VERSION_BACKGROUND=5 + # Show PHP version only when in a PHP project subdirectory. + typeset -g POWERLEVEL9K_PHP_VERSION_PROJECT_ONLY=true + # Custom icon. + # typeset -g POWERLEVEL9K_PHP_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##########[ laravel_version: laravel php framework version (https://laravel.com/) ]########### + # Laravel version color. + typeset -g POWERLEVEL9K_LARAVEL_VERSION_FOREGROUND=1 + typeset -g POWERLEVEL9K_LARAVEL_VERSION_BACKGROUND=7 + # Custom icon. + # typeset -g POWERLEVEL9K_LARAVEL_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #############[ rbenv: ruby version from rbenv (https://github.com/rbenv/rbenv) ]############## + # Rbenv color. + typeset -g POWERLEVEL9K_RBENV_FOREGROUND=0 + typeset -g POWERLEVEL9K_RBENV_BACKGROUND=1 + # Hide ruby version if it doesn't come from one of these sources. + typeset -g POWERLEVEL9K_RBENV_SOURCES=(shell local global) + # If set to false, hide ruby version if it's the same as global: + # $(rbenv version-name) == $(rbenv global). + typeset -g POWERLEVEL9K_RBENV_PROMPT_ALWAYS_SHOW=false + # If set to false, hide ruby version if it's equal to "system". + typeset -g POWERLEVEL9K_RBENV_SHOW_SYSTEM=true + # Custom icon. + # typeset -g POWERLEVEL9K_RBENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ####################[ java_version: java version (https://www.java.com/) ]#################### + # Java version color. + typeset -g POWERLEVEL9K_JAVA_VERSION_FOREGROUND=1 + typeset -g POWERLEVEL9K_JAVA_VERSION_BACKGROUND=7 + # Show java version only when in a java project subdirectory. + typeset -g POWERLEVEL9K_JAVA_VERSION_PROJECT_ONLY=true + # Show brief version. + typeset -g POWERLEVEL9K_JAVA_VERSION_FULL=false + # Custom icon. + # typeset -g POWERLEVEL9K_JAVA_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###[ package: name@version from package.json (https://docs.npmjs.com/files/package.json) ]#### + # Package color. + typeset -g POWERLEVEL9K_PACKAGE_FOREGROUND=0 + typeset -g POWERLEVEL9K_PACKAGE_BACKGROUND=6 + + # Package format. The following parameters are available within the expansion. + # + # - P9K_PACKAGE_NAME The value of `name` field in package.json. + # - P9K_PACKAGE_VERSION The value of `version` field in package.json. + # + # typeset -g POWERLEVEL9K_PACKAGE_CONTENT_EXPANSION='${P9K_PACKAGE_NAME//\%/%%}@${P9K_PACKAGE_VERSION//\%/%%}' + + # Custom icon. + # typeset -g POWERLEVEL9K_PACKAGE_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #######################[ rvm: ruby version from rvm (https://rvm.io) ]######################## + # Rvm color. + typeset -g POWERLEVEL9K_RVM_FOREGROUND=0 + typeset -g POWERLEVEL9K_RVM_BACKGROUND=240 + # Don't show @gemset at the end. + typeset -g POWERLEVEL9K_RVM_SHOW_GEMSET=false + # Don't show ruby- at the front. + typeset -g POWERLEVEL9K_RVM_SHOW_PREFIX=false + # Custom icon. + # typeset -g POWERLEVEL9K_RVM_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###########[ fvm: flutter version management (https://github.com/leoafarias/fvm) ]############ + # Fvm color. + typeset -g POWERLEVEL9K_FVM_FOREGROUND=0 + typeset -g POWERLEVEL9K_FVM_BACKGROUND=4 + # Custom icon. + # typeset -g POWERLEVEL9K_FVM_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##########[ luaenv: lua version from luaenv (https://github.com/cehoffman/luaenv) ]########### + # Lua color. + typeset -g POWERLEVEL9K_LUAENV_FOREGROUND=0 + typeset -g POWERLEVEL9K_LUAENV_BACKGROUND=4 + # Hide lua version if it doesn't come from one of these sources. + typeset -g POWERLEVEL9K_LUAENV_SOURCES=(shell local global) + # If set to false, hide lua version if it's the same as global: + # $(luaenv version-name) == $(luaenv global). + typeset -g POWERLEVEL9K_LUAENV_PROMPT_ALWAYS_SHOW=false + # If set to false, hide lua version if it's equal to "system". + typeset -g POWERLEVEL9K_LUAENV_SHOW_SYSTEM=true + # Custom icon. + # typeset -g POWERLEVEL9K_LUAENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###############[ jenv: java version from jenv (https://github.com/jenv/jenv) ]################ + # Java color. + typeset -g POWERLEVEL9K_JENV_FOREGROUND=1 + typeset -g POWERLEVEL9K_JENV_BACKGROUND=7 + # Hide java version if it doesn't come from one of these sources. + typeset -g POWERLEVEL9K_JENV_SOURCES=(shell local global) + # If set to false, hide java version if it's the same as global: + # $(jenv version-name) == $(jenv global). + typeset -g POWERLEVEL9K_JENV_PROMPT_ALWAYS_SHOW=false + # If set to false, hide java version if it's equal to "system". + typeset -g POWERLEVEL9K_JENV_SHOW_SYSTEM=true + # Custom icon. + # typeset -g POWERLEVEL9K_JENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###########[ plenv: perl version from plenv (https://github.com/tokuhirom/plenv) ]############ + # Perl color. + typeset -g POWERLEVEL9K_PLENV_FOREGROUND=0 + typeset -g POWERLEVEL9K_PLENV_BACKGROUND=4 + # Hide perl version if it doesn't come from one of these sources. + typeset -g POWERLEVEL9K_PLENV_SOURCES=(shell local global) + # If set to false, hide perl version if it's the same as global: + # $(plenv version-name) == $(plenv global). + typeset -g POWERLEVEL9K_PLENV_PROMPT_ALWAYS_SHOW=false + # If set to false, hide perl version if it's equal to "system". + typeset -g POWERLEVEL9K_PLENV_SHOW_SYSTEM=true + # Custom icon. + # typeset -g POWERLEVEL9K_PLENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###########[ perlbrew: perl version from perlbrew (https://github.com/gugod/App-perlbrew) ]############ + # Perlbrew color. + typeset -g POWERLEVEL9K_PERLBREW_FOREGROUND=67 + # Show perlbrew version only when in a perl project subdirectory. + typeset -g POWERLEVEL9K_PERLBREW_PROJECT_ONLY=true + # Don't show "perl-" at the front. + typeset -g POWERLEVEL9K_PERLBREW_SHOW_PREFIX=false + # Custom icon. + # typeset -g POWERLEVEL9K_PERLBREW_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ############[ phpenv: php version from phpenv (https://github.com/phpenv/phpenv) ]############ + # PHP color. + typeset -g POWERLEVEL9K_PHPENV_FOREGROUND=0 + typeset -g POWERLEVEL9K_PHPENV_BACKGROUND=5 + # Hide php version if it doesn't come from one of these sources. + typeset -g POWERLEVEL9K_PHPENV_SOURCES=(shell local global) + # If set to false, hide php version if it's the same as global: + # $(phpenv version-name) == $(phpenv global). + typeset -g POWERLEVEL9K_PHPENV_PROMPT_ALWAYS_SHOW=false + # If set to false, hide PHP version if it's equal to "system". + typeset -g POWERLEVEL9K_PHPENV_SHOW_SYSTEM=true + # Custom icon. + # typeset -g POWERLEVEL9K_PHPENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #######[ scalaenv: scala version from scalaenv (https://github.com/scalaenv/scalaenv) ]####### + # Scala color. + typeset -g POWERLEVEL9K_SCALAENV_FOREGROUND=0 + typeset -g POWERLEVEL9K_SCALAENV_BACKGROUND=1 + # Hide scala version if it doesn't come from one of these sources. + typeset -g POWERLEVEL9K_SCALAENV_SOURCES=(shell local global) + # If set to false, hide scala version if it's the same as global: + # $(scalaenv version-name) == $(scalaenv global). + typeset -g POWERLEVEL9K_SCALAENV_PROMPT_ALWAYS_SHOW=false + # If set to false, hide scala version if it's equal to "system". + typeset -g POWERLEVEL9K_SCALAENV_SHOW_SYSTEM=true + # Custom icon. + # typeset -g POWERLEVEL9K_SCALAENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##########[ haskell_stack: haskell version from stack (https://haskellstack.org/) ]########### + # Haskell color. + typeset -g POWERLEVEL9K_HASKELL_STACK_FOREGROUND=0 + typeset -g POWERLEVEL9K_HASKELL_STACK_BACKGROUND=3 + + # Hide haskell version if it doesn't come from one of these sources. + # + # shell: version is set by STACK_YAML + # local: version is set by stack.yaml up the directory tree + # global: version is set by the implicit global project (~/.stack/global-project/stack.yaml) + typeset -g POWERLEVEL9K_HASKELL_STACK_SOURCES=(shell local) + # If set to false, hide haskell version if it's the same as in the implicit global project. + typeset -g POWERLEVEL9K_HASKELL_STACK_ALWAYS_SHOW=true + # Custom icon. + # typeset -g POWERLEVEL9K_HASKELL_STACK_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ################[ terraform: terraform workspace (https://www.terraform.io) ]################# + # Don't show terraform workspace if it's literally "default". + typeset -g POWERLEVEL9K_TERRAFORM_SHOW_DEFAULT=false + # POWERLEVEL9K_TERRAFORM_CLASSES is an array with even number of elements. The first element + # in each pair defines a pattern against which the current terraform workspace gets matched. + # More specifically, it's P9K_CONTENT prior to the application of context expansion (see below) + # that gets matched. If you unset all POWERLEVEL9K_TERRAFORM_*CONTENT_EXPANSION parameters, + # you'll see this value in your prompt. The second element of each pair in + # POWERLEVEL9K_TERRAFORM_CLASSES defines the workspace class. Patterns are tried in order. The + # first match wins. + # + # For example, given these settings: + # + # typeset -g POWERLEVEL9K_TERRAFORM_CLASSES=( + # '*prod*' PROD + # '*test*' TEST + # '*' OTHER) + # + # If your current terraform workspace is "project_test", its class is TEST because "project_test" + # doesn't match the pattern '*prod*' but does match '*test*'. + # + # You can define different colors, icons and content expansions for different classes: + # + # typeset -g POWERLEVEL9K_TERRAFORM_TEST_FOREGROUND=2 + # typeset -g POWERLEVEL9K_TERRAFORM_TEST_BACKGROUND=0 + # typeset -g POWERLEVEL9K_TERRAFORM_TEST_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_TERRAFORM_TEST_CONTENT_EXPANSION='> ${P9K_CONTENT} <' + typeset -g POWERLEVEL9K_TERRAFORM_CLASSES=( + # '*prod*' PROD # These values are examples that are unlikely + # '*test*' TEST # to match your needs. Customize them as needed. + '*' OTHER) + typeset -g POWERLEVEL9K_TERRAFORM_OTHER_FOREGROUND=4 + typeset -g POWERLEVEL9K_TERRAFORM_OTHER_BACKGROUND=0 + # typeset -g POWERLEVEL9K_TERRAFORM_OTHER_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #############[ terraform_version: terraform version (https://www.terraform.io) ]############## + # Terraform version color. + typeset -g POWERLEVEL9K_TERRAFORM_VERSION_FOREGROUND=4 + typeset -g POWERLEVEL9K_TERRAFORM_VERSION_BACKGROUND=0 + # Custom icon. + # typeset -g POWERLEVEL9K_TERRAFORM_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ################[ terraform_version: It shows active terraform version (https://www.terraform.io) ]################# + typeset -g POWERLEVEL9K_TERRAFORM_VERSION_SHOW_ON_COMMAND='terraform|tf' + + #############[ kubecontext: current kubernetes context (https://kubernetes.io/) ]############# + # Show kubecontext only when the command you are typing invokes one of these tools. + # Tip: Remove the next line to always show kubecontext. + typeset -g POWERLEVEL9K_KUBECONTEXT_SHOW_ON_COMMAND='kubectl|helm|kubens|kubectx|oc|istioctl|kogito|k9s|helmfile|flux|fluxctl|stern|kubeseal|skaffold|kubent|kubecolor|cmctl|sparkctl' + + # Kubernetes context classes for the purpose of using different colors, icons and expansions with + # different contexts. + # + # POWERLEVEL9K_KUBECONTEXT_CLASSES is an array with even number of elements. The first element + # in each pair defines a pattern against which the current kubernetes context gets matched. + # More specifically, it's P9K_CONTENT prior to the application of context expansion (see below) + # that gets matched. If you unset all POWERLEVEL9K_KUBECONTEXT_*CONTENT_EXPANSION parameters, + # you'll see this value in your prompt. The second element of each pair in + # POWERLEVEL9K_KUBECONTEXT_CLASSES defines the context class. Patterns are tried in order. The + # first match wins. + # + # For example, given these settings: + # + # typeset -g POWERLEVEL9K_KUBECONTEXT_CLASSES=( + # '*prod*' PROD + # '*test*' TEST + # '*' DEFAULT) + # + # If your current kubernetes context is "deathray-testing/default", its class is TEST + # because "deathray-testing/default" doesn't match the pattern '*prod*' but does match '*test*'. + # + # You can define different colors, icons and content expansions for different classes: + # + # typeset -g POWERLEVEL9K_KUBECONTEXT_TEST_FOREGROUND=0 + # typeset -g POWERLEVEL9K_KUBECONTEXT_TEST_BACKGROUND=2 + # typeset -g POWERLEVEL9K_KUBECONTEXT_TEST_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_KUBECONTEXT_TEST_CONTENT_EXPANSION='> ${P9K_CONTENT} <' + typeset -g POWERLEVEL9K_KUBECONTEXT_CLASSES=( + # '*prod*' PROD # These values are examples that are unlikely + # '*test*' TEST # to match your needs. Customize them as needed. + '*' DEFAULT) + typeset -g POWERLEVEL9K_KUBECONTEXT_DEFAULT_FOREGROUND=7 + typeset -g POWERLEVEL9K_KUBECONTEXT_DEFAULT_BACKGROUND=5 + # typeset -g POWERLEVEL9K_KUBECONTEXT_DEFAULT_VISUAL_IDENTIFIER_EXPANSION='⭐' + + # Use POWERLEVEL9K_KUBECONTEXT_CONTENT_EXPANSION to specify the content displayed by kubecontext + # segment. Parameter expansions are very flexible and fast, too. See reference: + # http://zsh.sourceforge.net/Doc/Release/Expansion.html#Parameter-Expansion. + # + # Within the expansion the following parameters are always available: + # + # - P9K_CONTENT The content that would've been displayed if there was no content + # expansion defined. + # - P9K_KUBECONTEXT_NAME The current context's name. Corresponds to column NAME in the + # output of `kubectl config get-contexts`. + # - P9K_KUBECONTEXT_CLUSTER The current context's cluster. Corresponds to column CLUSTER in the + # output of `kubectl config get-contexts`. + # - P9K_KUBECONTEXT_NAMESPACE The current context's namespace. Corresponds to column NAMESPACE + # in the output of `kubectl config get-contexts`. If there is no + # namespace, the parameter is set to "default". + # - P9K_KUBECONTEXT_USER The current context's user. Corresponds to column AUTHINFO in the + # output of `kubectl config get-contexts`. + # + # If the context points to Google Kubernetes Engine (GKE) or Elastic Kubernetes Service (EKS), + # the following extra parameters are available: + # + # - P9K_KUBECONTEXT_CLOUD_NAME Either "gke" or "eks". + # - P9K_KUBECONTEXT_CLOUD_ACCOUNT Account/project ID. + # - P9K_KUBECONTEXT_CLOUD_ZONE Availability zone. + # - P9K_KUBECONTEXT_CLOUD_CLUSTER Cluster. + # + # P9K_KUBECONTEXT_CLOUD_* parameters are derived from P9K_KUBECONTEXT_CLUSTER. For example, + # if P9K_KUBECONTEXT_CLUSTER is "gke_my-account_us-east1-a_my-cluster-01": + # + # - P9K_KUBECONTEXT_CLOUD_NAME=gke + # - P9K_KUBECONTEXT_CLOUD_ACCOUNT=my-account + # - P9K_KUBECONTEXT_CLOUD_ZONE=us-east1-a + # - P9K_KUBECONTEXT_CLOUD_CLUSTER=my-cluster-01 + # + # If P9K_KUBECONTEXT_CLUSTER is "arn:aws:eks:us-east-1:123456789012:cluster/my-cluster-01": + # + # - P9K_KUBECONTEXT_CLOUD_NAME=eks + # - P9K_KUBECONTEXT_CLOUD_ACCOUNT=123456789012 + # - P9K_KUBECONTEXT_CLOUD_ZONE=us-east-1 + # - P9K_KUBECONTEXT_CLOUD_CLUSTER=my-cluster-01 + typeset -g POWERLEVEL9K_KUBECONTEXT_DEFAULT_CONTENT_EXPANSION= + # Show P9K_KUBECONTEXT_CLOUD_CLUSTER if it's not empty and fall back to P9K_KUBECONTEXT_NAME. + POWERLEVEL9K_KUBECONTEXT_DEFAULT_CONTENT_EXPANSION+='${P9K_KUBECONTEXT_CLOUD_CLUSTER:-${P9K_KUBECONTEXT_NAME}}' + # Append the current context's namespace if it's not "default". + POWERLEVEL9K_KUBECONTEXT_DEFAULT_CONTENT_EXPANSION+='${${:-/$P9K_KUBECONTEXT_NAMESPACE}:#/default}' + + # Custom prefix. + # typeset -g POWERLEVEL9K_KUBECONTEXT_PREFIX='at ' + + #[ aws: aws profile (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html) ]# + # Show aws only when the command you are typing invokes one of these tools. + # Tip: Remove the next line to always show aws. + typeset -g POWERLEVEL9K_AWS_SHOW_ON_COMMAND='aws|awless|cdk|terraform|pulumi|terragrunt' + + # POWERLEVEL9K_AWS_CLASSES is an array with even number of elements. The first element + # in each pair defines a pattern against which the current AWS profile gets matched. + # More specifically, it's P9K_CONTENT prior to the application of context expansion (see below) + # that gets matched. If you unset all POWERLEVEL9K_AWS_*CONTENT_EXPANSION parameters, + # you'll see this value in your prompt. The second element of each pair in + # POWERLEVEL9K_AWS_CLASSES defines the profile class. Patterns are tried in order. The + # first match wins. + # + # For example, given these settings: + # + # typeset -g POWERLEVEL9K_AWS_CLASSES=( + # '*prod*' PROD + # '*test*' TEST + # '*' DEFAULT) + # + # If your current AWS profile is "company_test", its class is TEST + # because "company_test" doesn't match the pattern '*prod*' but does match '*test*'. + # + # You can define different colors, icons and content expansions for different classes: + # + # typeset -g POWERLEVEL9K_AWS_TEST_FOREGROUND=28 + # typeset -g POWERLEVEL9K_AWS_TEST_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_AWS_TEST_CONTENT_EXPANSION='> ${P9K_CONTENT} <' + typeset -g POWERLEVEL9K_AWS_CLASSES=( + # '*prod*' PROD # These values are examples that are unlikely + # '*test*' TEST # to match your needs. Customize them as needed. + '*' DEFAULT) + typeset -g POWERLEVEL9K_AWS_DEFAULT_FOREGROUND=7 + typeset -g POWERLEVEL9K_AWS_DEFAULT_BACKGROUND=1 + # typeset -g POWERLEVEL9K_AWS_DEFAULT_VISUAL_IDENTIFIER_EXPANSION='⭐' + + # AWS segment format. The following parameters are available within the expansion. + # + # - P9K_AWS_PROFILE The name of the current AWS profile. + # - P9K_AWS_REGION The region associated with the current AWS profile. + typeset -g POWERLEVEL9K_AWS_CONTENT_EXPANSION='${P9K_AWS_PROFILE//\%/%%}${P9K_AWS_REGION:+ ${P9K_AWS_REGION//\%/%%}}' + + #[ aws_eb_env: aws elastic beanstalk environment (https://aws.amazon.com/elasticbeanstalk/) ]# + # AWS Elastic Beanstalk environment color. + typeset -g POWERLEVEL9K_AWS_EB_ENV_FOREGROUND=2 + typeset -g POWERLEVEL9K_AWS_EB_ENV_BACKGROUND=0 + # Custom icon. + # typeset -g POWERLEVEL9K_AWS_EB_ENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##########[ azure: azure account name (https://docs.microsoft.com/en-us/cli/azure) ]########## + # Show azure only when the command you are typing invokes one of these tools. + # Tip: Remove the next line to always show azure. + typeset -g POWERLEVEL9K_AZURE_SHOW_ON_COMMAND='az|terraform|pulumi|terragrunt' + + # POWERLEVEL9K_AZURE_CLASSES is an array with even number of elements. The first element + # in each pair defines a pattern against which the current azure account name gets matched. + # More specifically, it's P9K_CONTENT prior to the application of context expansion (see below) + # that gets matched. If you unset all POWERLEVEL9K_AZURE_*CONTENT_EXPANSION parameters, + # you'll see this value in your prompt. The second element of each pair in + # POWERLEVEL9K_AZURE_CLASSES defines the account class. Patterns are tried in order. The + # first match wins. + # + # For example, given these settings: + # + # typeset -g POWERLEVEL9K_AZURE_CLASSES=( + # '*prod*' PROD + # '*test*' TEST + # '*' OTHER) + # + # If your current azure account is "company_test", its class is TEST because "company_test" + # doesn't match the pattern '*prod*' but does match '*test*'. + # + # You can define different colors, icons and content expansions for different classes: + # + # typeset -g POWERLEVEL9K_AZURE_TEST_FOREGROUND=2 + # typeset -g POWERLEVEL9K_AZURE_TEST_BACKGROUND=0 + # typeset -g POWERLEVEL9K_AZURE_TEST_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_AZURE_TEST_CONTENT_EXPANSION='> ${P9K_CONTENT} <' + typeset -g POWERLEVEL9K_AZURE_CLASSES=( + # '*prod*' PROD # These values are examples that are unlikely + # '*test*' TEST # to match your needs. Customize them as needed. + '*' OTHER) + + # Azure account name color. + typeset -g POWERLEVEL9K_AZURE_OTHER_FOREGROUND=7 + typeset -g POWERLEVEL9K_AZURE_OTHER_BACKGROUND=4 + # Custom icon. + # typeset -g POWERLEVEL9K_AZURE_OTHER_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##########[ gcloud: google cloud account and project (https://cloud.google.com/) ]########### + # Show gcloud only when the command you are typing invokes one of these tools. + # Tip: Remove the next line to always show gcloud. + typeset -g POWERLEVEL9K_GCLOUD_SHOW_ON_COMMAND='gcloud|gcs|gsutil' + # Google cloud color. + typeset -g POWERLEVEL9K_GCLOUD_FOREGROUND=7 + typeset -g POWERLEVEL9K_GCLOUD_BACKGROUND=4 + + # Google cloud format. Change the value of POWERLEVEL9K_GCLOUD_PARTIAL_CONTENT_EXPANSION and/or + # POWERLEVEL9K_GCLOUD_COMPLETE_CONTENT_EXPANSION if the default is too verbose or not informative + # enough. You can use the following parameters in the expansions. Each of them corresponds to the + # output of `gcloud` tool. + # + # Parameter | Source + # -------------------------|-------------------------------------------------------------------- + # P9K_GCLOUD_CONFIGURATION | gcloud config configurations list --format='value(name)' + # P9K_GCLOUD_ACCOUNT | gcloud config get-value account + # P9K_GCLOUD_PROJECT_ID | gcloud config get-value project + # P9K_GCLOUD_PROJECT_NAME | gcloud projects describe $P9K_GCLOUD_PROJECT_ID --format='value(name)' + # + # Note: ${VARIABLE//\%/%%} expands to ${VARIABLE} with all occurrences of '%' replaced with '%%'. + # + # Obtaining project name requires sending a request to Google servers. This can take a long time + # and even fail. When project name is unknown, P9K_GCLOUD_PROJECT_NAME is not set and gcloud + # prompt segment is in state PARTIAL. When project name gets known, P9K_GCLOUD_PROJECT_NAME gets + # set and gcloud prompt segment transitions to state COMPLETE. + # + # You can customize the format, icon and colors of gcloud segment separately for states PARTIAL + # and COMPLETE. You can also hide gcloud in state PARTIAL by setting + # POWERLEVEL9K_GCLOUD_PARTIAL_VISUAL_IDENTIFIER_EXPANSION and + # POWERLEVEL9K_GCLOUD_PARTIAL_CONTENT_EXPANSION to empty. + typeset -g POWERLEVEL9K_GCLOUD_PARTIAL_CONTENT_EXPANSION='${P9K_GCLOUD_PROJECT_ID//\%/%%}' + typeset -g POWERLEVEL9K_GCLOUD_COMPLETE_CONTENT_EXPANSION='${P9K_GCLOUD_PROJECT_NAME//\%/%%}' + + # Send a request to Google (by means of `gcloud projects describe ...`) to obtain project name + # this often. Negative value disables periodic polling. In this mode project name is retrieved + # only when the current configuration, account or project id changes. + typeset -g POWERLEVEL9K_GCLOUD_REFRESH_PROJECT_NAME_SECONDS=60 + + # Custom icon. + # typeset -g POWERLEVEL9K_GCLOUD_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #[ google_app_cred: google application credentials (https://cloud.google.com/docs/authentication/production) ]# + # Show google_app_cred only when the command you are typing invokes one of these tools. + # Tip: Remove the next line to always show google_app_cred. + typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_SHOW_ON_COMMAND='terraform|pulumi|terragrunt' + + # Google application credentials classes for the purpose of using different colors, icons and + # expansions with different credentials. + # + # POWERLEVEL9K_GOOGLE_APP_CRED_CLASSES is an array with even number of elements. The first + # element in each pair defines a pattern against which the current kubernetes context gets + # matched. More specifically, it's P9K_CONTENT prior to the application of context expansion + # (see below) that gets matched. If you unset all POWERLEVEL9K_GOOGLE_APP_CRED_*CONTENT_EXPANSION + # parameters, you'll see this value in your prompt. The second element of each pair in + # POWERLEVEL9K_GOOGLE_APP_CRED_CLASSES defines the context class. Patterns are tried in order. + # The first match wins. + # + # For example, given these settings: + # + # typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_CLASSES=( + # '*:*prod*:*' PROD + # '*:*test*:*' TEST + # '*' DEFAULT) + # + # If your current Google application credentials is "service_account deathray-testing x@y.com", + # its class is TEST because it doesn't match the pattern '* *prod* *' but does match '* *test* *'. + # + # You can define different colors, icons and content expansions for different classes: + # + # typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_TEST_FOREGROUND=28 + # typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_TEST_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_TEST_CONTENT_EXPANSION='$P9K_GOOGLE_APP_CRED_PROJECT_ID' + typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_CLASSES=( + # '*:*prod*:*' PROD # These values are examples that are unlikely + # '*:*test*:*' TEST # to match your needs. Customize them as needed. + '*' DEFAULT) + typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_DEFAULT_FOREGROUND=7 + typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_DEFAULT_BACKGROUND=4 + # typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_DEFAULT_VISUAL_IDENTIFIER_EXPANSION='⭐' + + # Use POWERLEVEL9K_GOOGLE_APP_CRED_CONTENT_EXPANSION to specify the content displayed by + # google_app_cred segment. Parameter expansions are very flexible and fast, too. See reference: + # http://zsh.sourceforge.net/Doc/Release/Expansion.html#Parameter-Expansion. + # + # You can use the following parameters in the expansion. Each of them corresponds to one of the + # fields in the JSON file pointed to by GOOGLE_APPLICATION_CREDENTIALS. + # + # Parameter | JSON key file field + # ---------------------------------+--------------- + # P9K_GOOGLE_APP_CRED_TYPE | type + # P9K_GOOGLE_APP_CRED_PROJECT_ID | project_id + # P9K_GOOGLE_APP_CRED_CLIENT_EMAIL | client_email + # + # Note: ${VARIABLE//\%/%%} expands to ${VARIABLE} with all occurrences of '%' replaced by '%%'. + typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_DEFAULT_CONTENT_EXPANSION='${P9K_GOOGLE_APP_CRED_PROJECT_ID//\%/%%}' + + ##############[ toolbox: toolbox name (https://github.com/containers/toolbox) ]############### + # Toolbox color. + typeset -g POWERLEVEL9K_TOOLBOX_FOREGROUND=0 + typeset -g POWERLEVEL9K_TOOLBOX_BACKGROUND=3 + # Don't display the name of the toolbox if it matches fedora-toolbox-*. + typeset -g POWERLEVEL9K_TOOLBOX_CONTENT_EXPANSION='${P9K_TOOLBOX_NAME:#fedora-toolbox-*}' + # Custom icon. + # typeset -g POWERLEVEL9K_TOOLBOX_VISUAL_IDENTIFIER_EXPANSION='⭐' + # Custom prefix. + # typeset -g POWERLEVEL9K_TOOLBOX_PREFIX='in ' + + ###############################[ public_ip: public IP address ]############################### + # Public IP color. + typeset -g POWERLEVEL9K_PUBLIC_IP_FOREGROUND=7 + typeset -g POWERLEVEL9K_PUBLIC_IP_BACKGROUND=0 + # Custom icon. + # typeset -g POWERLEVEL9K_PUBLIC_IP_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ########################[ vpn_ip: virtual private network indicator ]######################### + # VPN IP color. + typeset -g POWERLEVEL9K_VPN_IP_FOREGROUND=0 + typeset -g POWERLEVEL9K_VPN_IP_BACKGROUND=6 + # When on VPN, show just an icon without the IP address. + # Tip: To display the private IP address when on VPN, remove the next line. + typeset -g POWERLEVEL9K_VPN_IP_CONTENT_EXPANSION= + # Regular expression for the VPN network interface. Run `ifconfig` or `ip -4 a show` while on VPN + # to see the name of the interface. + typeset -g POWERLEVEL9K_VPN_IP_INTERFACE='(gpd|wg|(.*tun)|tailscale)[0-9]*|(zt.*)' + # If set to true, show one segment per matching network interface. If set to false, show only + # one segment corresponding to the first matching network interface. + # Tip: If you set it to true, you'll probably want to unset POWERLEVEL9K_VPN_IP_CONTENT_EXPANSION. + typeset -g POWERLEVEL9K_VPN_IP_SHOW_ALL=false + # Custom icon. + # typeset -g POWERLEVEL9K_VPN_IP_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###########[ ip: ip address and bandwidth usage for a specified network interface ]########### + # IP color. + typeset -g POWERLEVEL9K_IP_BACKGROUND=4 + typeset -g POWERLEVEL9K_IP_FOREGROUND=0 + # The following parameters are accessible within the expansion: + # + # Parameter | Meaning + # ----------------------+------------------------------------------- + # P9K_IP_IP | IP address + # P9K_IP_INTERFACE | network interface + # P9K_IP_RX_BYTES | total number of bytes received + # P9K_IP_TX_BYTES | total number of bytes sent + # P9K_IP_RX_BYTES_DELTA | number of bytes received since last prompt + # P9K_IP_TX_BYTES_DELTA | number of bytes sent since last prompt + # P9K_IP_RX_RATE | receive rate (since last prompt) + # P9K_IP_TX_RATE | send rate (since last prompt) + typeset -g POWERLEVEL9K_IP_CONTENT_EXPANSION='${P9K_IP_RX_RATE:+⇣$P9K_IP_RX_RATE }${P9K_IP_TX_RATE:+⇡$P9K_IP_TX_RATE }$P9K_IP_IP' + # Show information for the first network interface whose name matches this regular expression. + # Run `ifconfig` or `ip -4 a show` to see the names of all network interfaces. + typeset -g POWERLEVEL9K_IP_INTERFACE='[ew].*' + # Custom icon. + # typeset -g POWERLEVEL9K_IP_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #########################[ proxy: system-wide http/https/ftp proxy ]########################## + # Proxy color. + typeset -g POWERLEVEL9K_PROXY_FOREGROUND=4 + typeset -g POWERLEVEL9K_PROXY_BACKGROUND=0 + # Custom icon. + # typeset -g POWERLEVEL9K_PROXY_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ################################[ battery: internal battery ]################################# + # Show battery in red when it's below this level and not connected to power supply. + typeset -g POWERLEVEL9K_BATTERY_LOW_THRESHOLD=20 + typeset -g POWERLEVEL9K_BATTERY_LOW_FOREGROUND=1 + # Show battery in green when it's charging or fully charged. + typeset -g POWERLEVEL9K_BATTERY_{CHARGING,CHARGED}_FOREGROUND=2 + # Show battery in yellow when it's discharging. + typeset -g POWERLEVEL9K_BATTERY_DISCONNECTED_FOREGROUND=3 + # Battery pictograms going from low to high level of charge. + typeset -g POWERLEVEL9K_BATTERY_STAGES='\uf58d\uf579\uf57a\uf57b\uf57c\uf57d\uf57e\uf57f\uf580\uf581\uf578' + # Don't show the remaining time to charge/discharge. + typeset -g POWERLEVEL9K_BATTERY_VERBOSE=false + typeset -g POWERLEVEL9K_BATTERY_BACKGROUND=0 + + #####################################[ wifi: wifi speed ]##################################### + # WiFi color. + typeset -g POWERLEVEL9K_WIFI_FOREGROUND=0 + typeset -g POWERLEVEL9K_WIFI_BACKGROUND=4 + # Custom icon. + # typeset -g POWERLEVEL9K_WIFI_VISUAL_IDENTIFIER_EXPANSION='⭐' + + # Use different colors and icons depending on signal strength ($P9K_WIFI_BARS). + # + # # Wifi colors and icons for different signal strength levels (low to high). + # typeset -g my_wifi_fg=(0 0 0 0 0) # <-- change these values + # typeset -g my_wifi_icon=('WiFi' 'WiFi' 'WiFi' 'WiFi' 'WiFi') # <-- change these values + # + # typeset -g POWERLEVEL9K_WIFI_CONTENT_EXPANSION='%F{${my_wifi_fg[P9K_WIFI_BARS+1]}}$P9K_WIFI_LAST_TX_RATE Mbps' + # typeset -g POWERLEVEL9K_WIFI_VISUAL_IDENTIFIER_EXPANSION='%F{${my_wifi_fg[P9K_WIFI_BARS+1]}}${my_wifi_icon[P9K_WIFI_BARS+1]}' + # + # The following parameters are accessible within the expansions: + # + # Parameter | Meaning + # ----------------------+--------------- + # P9K_WIFI_SSID | service set identifier, a.k.a. network name + # P9K_WIFI_LINK_AUTH | authentication protocol such as "wpa2-psk" or "none"; empty if unknown + # P9K_WIFI_LAST_TX_RATE | wireless transmit rate in megabits per second + # P9K_WIFI_RSSI | signal strength in dBm, from -120 to 0 + # P9K_WIFI_NOISE | noise in dBm, from -120 to 0 + # P9K_WIFI_BARS | signal strength in bars, from 0 to 4 (derived from P9K_WIFI_RSSI and P9K_WIFI_NOISE) + + ####################################[ time: current time ]#################################### + # Current time color. + typeset -g POWERLEVEL9K_TIME_FOREGROUND=0 + typeset -g POWERLEVEL9K_TIME_BACKGROUND=7 + # Format for the current time: 09:51:02. See `man 3 strftime`. + typeset -g POWERLEVEL9K_TIME_FORMAT='%D{%H:%M:%S}' + # If set to true, time will update when you hit enter. This way prompts for the past + # commands will contain the start times of their commands as opposed to the default + # behavior where they contain the end times of their preceding commands. + typeset -g POWERLEVEL9K_TIME_UPDATE_ON_COMMAND=false + # Custom icon. + typeset -g POWERLEVEL9K_TIME_VISUAL_IDENTIFIER_EXPANSION= + # Custom prefix. + # typeset -g POWERLEVEL9K_TIME_PREFIX='at ' + + # Example of a user-defined prompt segment. Function prompt_example will be called on every + # prompt if `example` prompt segment is added to POWERLEVEL9K_LEFT_PROMPT_ELEMENTS or + # POWERLEVEL9K_RIGHT_PROMPT_ELEMENTS. It displays an icon and yellow text on red background + # greeting the user. + # + # Type `p10k help segment` for documentation and a more sophisticated example. + function prompt_example() { + p10k segment -b 1 -f 3 -i '⭐' -t 'hello, %n' + } + + # User-defined prompt segments may optionally provide an instant_prompt_* function. Its job + # is to generate the prompt segment for display in instant prompt. See + # https://github.com/romkatv/powerlevel10k/blob/master/README.md#instant-prompt. + # + # Powerlevel10k will call instant_prompt_* at the same time as the regular prompt_* function + # and will record all `p10k segment` calls it makes. When displaying instant prompt, Powerlevel10k + # will replay these calls without actually calling instant_prompt_*. It is imperative that + # instant_prompt_* always makes the same `p10k segment` calls regardless of environment. If this + # rule is not observed, the content of instant prompt will be incorrect. + # + # Usually, you should either not define instant_prompt_* or simply call prompt_* from it. If + # instant_prompt_* is not defined for a segment, the segment won't be shown in instant prompt. + function instant_prompt_example() { + # Since prompt_example always makes the same `p10k segment` calls, we can call it from + # instant_prompt_example. This will give us the same `example` prompt segment in the instant + # and regular prompts. + prompt_example + } + + # User-defined prompt segments can be customized the same way as built-in segments. + typeset -g POWERLEVEL9K_EXAMPLE_FOREGROUND=3 + typeset -g POWERLEVEL9K_EXAMPLE_BACKGROUND=1 + # typeset -g POWERLEVEL9K_EXAMPLE_VISUAL_IDENTIFIER_EXPANSION='⭐' + + # Transient prompt works similarly to the builtin transient_rprompt option. It trims down prompt + # when accepting a command line. Supported values: + # + # - off: Don't change prompt when accepting a command line. + # - always: Trim down prompt when accepting a command line. + # - same-dir: Trim down prompt when accepting a command line unless this is the first command + # typed after changing current working directory. + typeset -g POWERLEVEL9K_TRANSIENT_PROMPT=always + + # Instant prompt mode. + # + # - off: Disable instant prompt. Choose this if you've tried instant prompt and found + # it incompatible with your zsh configuration files. + # - quiet: Enable instant prompt and don't print warnings when detecting console output + # during zsh initialization. Choose this if you've read and understood + # https://github.com/romkatv/powerlevel10k/blob/master/README.md#instant-prompt. + # - verbose: Enable instant prompt and print a warning when detecting console output during + # zsh initialization. Choose this if you've never tried instant prompt, haven't + # seen the warning, or if you are unsure what this all means. + typeset -g POWERLEVEL9K_INSTANT_PROMPT=off + + # Hot reload allows you to change POWERLEVEL9K options after Powerlevel10k has been initialized. + # For example, you can type POWERLEVEL9K_BACKGROUND=red and see your prompt turn red. Hot reload + # can slow down prompt by 1-2 milliseconds, so it's better to keep it turned off unless you + # really need it. + typeset -g POWERLEVEL9K_DISABLE_HOT_RELOAD=true + + # If p10k is already loaded, reload configuration. + # This works even with POWERLEVEL9K_DISABLE_HOT_RELOAD=true. + (( ! $+functions[p10k] )) || p10k reload +} + +# Tell `p10k configure` which file it should overwrite. +typeset -g POWERLEVEL9K_CONFIG_FILE=${${(%):-%x}:a} + +(( ${#p10k_config_opts} )) && setopt ${p10k_config_opts[@]} +'builtin' 'unset' 'p10k_config_opts' diff --git a/home/dconf/background-image.jpg b/home/qenya/dconf/background-image.jpg similarity index 100% rename from home/dconf/background-image.jpg rename to home/qenya/dconf/background-image.jpg diff --git a/home/qenya/dconf/default.nix b/home/qenya/dconf/default.nix new file mode 100644 index 0000000..0fe64e5 --- /dev/null +++ b/home/qenya/dconf/default.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, osConfig, ... }: + +# dconf is the configuration manager for GNOME. + +let + isGnome = osConfig.services.xserver.desktopManager.gnome.enable; +in +{ + dconf.enable = isGnome; + + dconf.settings = { + "org/gnome/settings-daemon/plugins/color".night-light-enabled = true; + "org/gnome/desktop/sound".event-sounds = false; + "org/gnome/desktop/sound".allow-volume-above-100-percent = true; + "org/gnome/settings-daemon/plugins/power".power-saver-profile-on-low-battery = true; + }; + + imports = [ + ./desktop.nix + ./keyboard.nix + ./mouse-touchpad.nix + ./multitasking.nix + ./shell.nix + ./wellbeing.nix + ]; +} diff --git a/home/qenya/dconf/desktop.nix b/home/qenya/dconf/desktop.nix new file mode 100644 index 0000000..4cfbaa7 --- /dev/null +++ b/home/qenya/dconf/desktop.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +let inherit (lib) mkIf; +in { + dconf.settings = { + "org/gnome/desktop/background" = { + picture-options = "zoom"; + picture-uri = "${config.home.homeDirectory}/.background-image"; + picture-uri-dark = "${config.home.homeDirectory}/.background-image"; + }; + "org/gnome/desktop/screensaver" = { + picture-options = "zoom"; + picture-uri = "${config.home.homeDirectory}/.background-image"; + }; + "org/gnome/desktop/interface" = { + color-scheme = "prefer-dark"; + enable-hot-corners = false; + }; + }; + home.file.".background-image" = mkIf config.dconf.enable { + source = ./background-image.jpg; + }; +} diff --git a/home/qenya/dconf/keyboard.nix b/home/qenya/dconf/keyboard.nix new file mode 100644 index 0000000..5271bae --- /dev/null +++ b/home/qenya/dconf/keyboard.nix @@ -0,0 +1,12 @@ +# { config, lib, pkgs, ... }: + +{ + dconf.settings = { + "org/gnome/desktop/wm/keybindings" = { + # These are largely useless on most normal systems + # and conflict with VS Code's default keybinds for "Copy Line Up/Down" + move-to-workspace-up = [ ]; + move-to-workspace-down = [ ]; + }; + }; +} diff --git a/home/qenya/dconf/mouse-touchpad.nix b/home/qenya/dconf/mouse-touchpad.nix new file mode 100644 index 0000000..f3fd932 --- /dev/null +++ b/home/qenya/dconf/mouse-touchpad.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: + +{ + dconf.settings = { + "org/gnome/desktop/peripherals/mouse" = { + natural-scroll = false; + }; + "org/gnome/desktop/peripherals/touchpad" = { + click-method = "fingers"; + disable-while-typing = false; + natural-scroll = true; # the correct option, whatever Janet says + tap-to-click = true; + two-finger-scrolling-enabled = true; + }; + }; +} diff --git a/home/qenya/dconf/multitasking.nix b/home/qenya/dconf/multitasking.nix new file mode 100644 index 0000000..1d93972 --- /dev/null +++ b/home/qenya/dconf/multitasking.nix @@ -0,0 +1,11 @@ +{ config, lib, pkgs, ... }: + +{ + dconf.settings = { + "org/gnome/mutter" = { + edge-tiling = true; + dynamic-workspaces = true; + workspaces-only-on-primary = true; + }; + }; +} diff --git a/home/qenya/dconf/shell.nix b/home/qenya/dconf/shell.nix new file mode 100644 index 0000000..73672fd --- /dev/null +++ b/home/qenya/dconf/shell.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, ... }: +{ + dconf.settings = { + "org/gnome/shell" = { + disable-user-extensions = true; + + # TODO: this is fine for now on tohru (the only GNOME system I use) but shouldn't depend on certain apps being installed + favorite-apps = [ + "discord.desktop" + "org.gnome.Evolution.desktop" + "firefox.desktop" + "torbrowser.desktop" + "steam.desktop" + "codium.desktop" + "org.gnome.Console.desktop" + "org.gnome.Nautilus.desktop" + "org.gnome.SystemMonitor.desktop" + ]; + + # TODO: fill this out (needs preinstalled stuff removing first) + # app-picker-layout = [ + # ... + # ]; + }; + }; +} diff --git a/home/qenya/dconf/wellbeing.nix b/home/qenya/dconf/wellbeing.nix new file mode 100644 index 0000000..b547b0f --- /dev/null +++ b/home/qenya/dconf/wellbeing.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, ... }: + +# These features are cool and I would like to keep trying them, but they are +# horribly bugged in GNOME 48.1. Consider re-enabling them when 48.2 is +# released. See, e.g.: +# https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/8289 +# https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/8299 +# https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/8305 +# https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/8376 +# https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/8398 + +{ + dconf.settings = { + # "org/gnome/desktop/screen-time-limits".daily-limit-enabled = true; + # "org/gnome/desktop/break-reminders".selected-breaks = [ "eyesight" "movement" ]; + "org/gnome/desktop/screen-time-limits".daily-limit-enabled = false; + "org/gnome/desktop/break-reminders".selected-breaks = [ ]; + }; +} diff --git a/home/default.nix b/home/qenya/default.nix similarity index 57% rename from home/default.nix rename to home/qenya/default.nix index e3197ef..47c64dd 100644 --- a/home/default.nix +++ b/home/qenya/default.nix @@ -1,10 +1,14 @@ { imports = [ ./dconf - ./cli.nix + ./feishin.nix + ./firefox.nix + ./fonts.nix ./git.nix + ./packages.nix ./tmux.nix ./vscode.nix + ./xdg-mime-apps.nix ./zsh.nix ]; diff --git a/home/qenya/feishin.nix b/home/qenya/feishin.nix new file mode 100644 index 0000000..e3c7360 --- /dev/null +++ b/home/qenya/feishin.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, osConfig, ... }: + +# Feishin ideally wants to see mpv at runtime, but this isn't catered for by +# the derivation in nixpkgs as it isn't strictly necessary. +# An easier way to do this would be to write mpv's full nix store path to +# Feishin's config. But Feishin has one JSON file for config and state, and +# we'd rather not overwrite the latter. Until and unless home-manager grows +# support for partially patching files, we live with this. + +let + inherit (lib) mkIf; + isGraphical = osConfig.services.xserver.enable; +in +{ + home.packages = mkIf isGraphical [ + (pkgs.feishin.overrideAttrs (originalAttrs: { + buildInputs = originalAttrs.buildInputs ++ [ pkgs.mpv ]; + postFixup = '' + ${originalAttrs.postFixup or ""} + wrapProgram $out/bin/feishin --prefix PATH : ${lib.makeBinPath [ pkgs.mpv ]} + ''; + })) + ]; +} diff --git a/home/qenya/firefox.nix b/home/qenya/firefox.nix new file mode 100644 index 0000000..603208a --- /dev/null +++ b/home/qenya/firefox.nix @@ -0,0 +1,59 @@ +{ config, lib, pkgs, osConfig, inputs, ... }: + +let + inherit (lib) mkIf; + isGraphical = osConfig.services.xserver.enable; +in +{ + programs.firefox = lib.mkIf isGraphical { + enable = true; + languagePacks = [ "en-GB" ]; + + profiles.default = { + extensions.packages = with inputs.firefox-addons.packages.${pkgs.hostPlatform.system}; [ + bitwarden + ublock-origin + ]; + + settings = { + "browser.startup.page" = 3; # resume previous session + "browser.newtabpage.activity-stream.showSponsored" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + + # disable telemetry + "datareporting.healthreport.uploadEnabled" = false; + "app.shield.optoutstudies.enabled" = false; + "browser.crashReports.unsubmittedCheck.autoSubmit2" = false; + + # disable prefetch? + + # DNS over HTTPS + "network.trr.custom_uri" = "https://base.dns.mullvad.net/dns-query"; + "network.trr.excluded-domains" = "detectportal.firefox.com"; + "network.trr.mode" = 3; + "network.trr.uri" = "https://base.dns.mullvad.net/dns-query"; + + "browser.search.suggest.enabled" = false; + "browser.urlbar.suggest.searches" = false; + + "dom.security.https_only_mode" = true; + "browser.contentblocking.category" = "strict"; # Enhanced Tracking Protection + # I think these are implied by the above + # "privacy.donottrackheader.enabled" = true; + # "privacy.trackingprotection.enabled" = true; + # "privacy.trackingprotection.emailtracking.enabled" = true; + # "privacy.trackingprotection.socialtracking.enabled" = true; + + "privacy.sanitize.sanitizeOnShutdown" = true; + "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = false; + + "dom.private-attribution.submission.enabled" = false; # disable "Privacy-Preserving Attribution for Advertising" + "extensions.autoDisableScopes" = 0; # automatically enable extensions installed through nix + + # external password manager + "signon.rememberSignons" = false; + "extensions.formautofill.creditCards.enabled" = false; + }; + }; + }; +} diff --git a/home/qenya/fonts.nix b/home/qenya/fonts.nix new file mode 100644 index 0000000..e1b418f --- /dev/null +++ b/home/qenya/fonts.nix @@ -0,0 +1,17 @@ +{ config, lib, pkgs, osConfig, ... }: + +let + inherit (lib) mkIf; + isGraphical = osConfig.services.xserver.enable; +in +mkIf isGraphical { + fonts.fontconfig = { + enable = true; + }; + + home.packages = with pkgs; [ + meslo-lgs-nf + ]; + + programs.vscode.profiles.default.userSettings."terminal.integrated.fontFamily" = "MesloLGS NF"; +} diff --git a/home/git.nix b/home/qenya/git.nix similarity index 61% rename from home/git.nix rename to home/qenya/git.nix index c73f24e..2101e64 100644 --- a/home/git.nix +++ b/home/qenya/git.nix @@ -6,12 +6,9 @@ userName = "Katherina Walshe-Grey"; userEmail = "git@qenya.tel"; extraConfig = { - init = { - defaultBranch = "main"; - }; - push = { - autoSetupRemote = true; - }; + init.defaultBranch = "main"; + pull.rebase = true; + push.autoSetupRemote = true; }; }; } diff --git a/home/qenya/packages.nix b/home/qenya/packages.nix new file mode 100644 index 0000000..df281b6 --- /dev/null +++ b/home/qenya/packages.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, osConfig, ... }: + +let + inherit (lib) optionals; + isGraphical = osConfig.services.xserver.enable; + isGnome = osConfig.services.xserver.desktopManager.gnome.enable; + isPlasma = osConfig.services.desktopManager.plasma6.enable || osConfig.services.xserver.desktopManager.plasma5.enable; +in +{ + home.packages = with pkgs; [ + eza # like `ls` but fancier + hexyl # like `xxd` but cooler + ripgrep # like `grep` but faster + tree # like `ls -R` but nicer + units + zip + unzip + + # Extremely important + fortune + cowsay + lolcat + ] ++ optionals isGraphical [ + bitwarden + discord + gimp-with-plugins + jellyfin-media-player + tor-browser-bundle-bin + zoom-us + + # libreoffice + libreoffice + hunspell + hunspellDicts.en_GB-ise + ] ++ optionals isGnome [ + celluloid + ] ++ optionals isPlasma [ + haruna + ]; +} diff --git a/home/tmux.nix b/home/qenya/tmux.nix similarity index 100% rename from home/tmux.nix rename to home/qenya/tmux.nix diff --git a/home/qenya/vscode.nix b/home/qenya/vscode.nix new file mode 100644 index 0000000..568913d --- /dev/null +++ b/home/qenya/vscode.nix @@ -0,0 +1,87 @@ +{ config, lib, pkgs, osConfig, ... }: + +let + inherit (lib) mkIf mkDefault; + isGraphical = osConfig.services.xserver.enable; +in +{ + programs.vscode = mkIf isGraphical { + enable = true; + package = pkgs.vscodium; + mutableExtensionsDir = false; + profiles.default = { + enableExtensionUpdateCheck = false; + enableUpdateCheck = false; + extensions = with pkgs.vscode-extensions; [ + charliermarsh.ruff + dbaeumer.vscode-eslint + eamodio.gitlens + golang.go + jdinhlife.gruvbox + jnoortheen.nix-ide + matangover.mypy + mkhl.direnv + ms-python.black-formatter + ms-python.python + rust-lang.rust-analyzer + vadimcn.vscode-lldb + ]; + userSettings = { + "css.format.spaceAroundSelectorSeparator" = true; + "css.format.newlineBetweenSelectors" = false; + "debug.allowBreakpointsEverywhere" = true; + "extensions.autoUpdate" = false; + "files.insertFinalNewline" = true; + "git.autofetch" = true; + "git.confirmSync" = false; + "git.enableSmartCommit" = true; + "git.inputValidation" = true; + "git.inputValidationSubjectLength" = null; + "javascript.updateImportsOnFileMove.enabled" = "always"; + "nix.enableLanguageServer" = true; + "nix.serverPath" = "${pkgs.nil}/bin/nil"; + "nix.serverSettings".nil = { + diagnostics.ignored = [ "unused_binding" "unused_with" ]; + formatting.command = [ "${pkgs.nixpkgs-fmt}/bin/nixpkgs-fmt" ]; + nix.flake.autoArchive = true; + }; + "rust-analyzer.check.command" = "clippy"; + "terminal.integrated.allowChords" = false; + "terminal.integrated.defaultProfile.linux" = "zsh"; + "workbench.colorTheme" = "Gruvbox Dark Medium"; + + "[go]" = { + "editor.defaultFormatter" = "golang.go"; + "editor.formatOnSave" = false; + }; + "go.alternateTools" = { + "go" = "${pkgs.go}/bin/go"; + "golangci-lint" = "${pkgs.golangci-lint}/bin/golangci-lint"; + "gopls" = "${pkgs.gopls}/bin/gopls"; + "dlv" = "${pkgs.delve}/bin/dlv"; + "staticcheck" = "${pkgs.go-tools}/bin/staticcheck"; + }; + "go.lintTool" = "golangci-lint"; + "go.toolsManagement.checkForUpdates" = "off"; + "gopls" = { + "formatting.gofumpt" = true; + "ui.semanticTokens" = true; + }; + + "[python]" = { + "editor.defaultFormatter" = "ms-python.black-formatter"; + "editor.formatOnSave" = true; + "editor.codeActionsOnSave" = { + "source.fixAll" = "explicit"; + "source.organizeImports" = "explicit"; + }; + }; + "python.createEnvironment.contentButton" = "show"; + "python.defaultInterpreterPath" = "${pkgs.python3}/bin/python"; + "ruff.nativeServer" = "on"; + "ruff.path" = [ "${pkgs.ruff}/bin/ruff" ]; + "mypy.dmypyExecutable" = "${pkgs.mypy}/bin/dmypy"; + }; + }; + }; +} diff --git a/home/qenya/xdg-mime-apps.nix b/home/qenya/xdg-mime-apps.nix new file mode 100644 index 0000000..b16f234 --- /dev/null +++ b/home/qenya/xdg-mime-apps.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, osConfig, ... }: + +let + isGraphical = osConfig.services.xserver.enable; +in +{ + xdg.mimeApps = { + enable = isGraphical; + defaultApplications = { + "application/pdf" = [ "org.gnome.Evince.desktop" "org.kde.okular.desktop" ]; + "application/zip" = [ "org.gnome.FileRoller.desktop" "org.kde.ark.desktop" ]; + "image/gif" = [ "org.gnome.Loupe.desktop" "org.kde.gwenview.desktop" ]; + "image/jpeg" = [ "org.gnome.Loupe.desktop" "org.kde.gwenview.desktop" ]; + "image/png" = [ "org.gnome.Loupe.desktop" "org.kde.gwenview.desktop" ]; + "text/plain" = [ "org.gnome.TextEditor.desktop" "org.kde.kate.desktop" ]; + "x-scheme-handler/http" = "firefox.desktop"; + "x-scheme-handler/https" = "firefox.desktop"; + "x-scheme-handler/mailto" = "org.gnome.Evolution.desktop"; # TODO: email on KDE - is Kontact any good? + }; + }; +} diff --git a/home/zsh.nix b/home/qenya/zsh.nix similarity index 55% rename from home/zsh.nix rename to home/qenya/zsh.nix index f6ded78..e7e550b 100644 --- a/home/zsh.nix +++ b/home/qenya/zsh.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: { + home.packages = with pkgs; [ direnv ]; programs.zsh = { enable = true; enableCompletion = true; @@ -10,7 +11,12 @@ shellAliases = { ll = "ls -l"; - nix-shell = ''nix-shell --command "zsh"''; # TODO: tweak theme to display something when inside nix-shell + + # don't clobber + mv = "mv -i"; + rename = "rename -i"; + + nix-shell = ''nix-shell --command "zsh"''; }; history = { @@ -21,10 +27,15 @@ oh-my-zsh = { enable = true; - plugins = [ "git" "sudo" ]; - theme = "agnoster"; + plugins = [ "git" "sudo" "direnv" ]; + theme = ""; # defer to powerlevel10k }; + initContent = '' + source ${pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k/powerlevel10k.zsh-theme + source ${./.p10k.zsh} + ''; + envExtra = '' DEFAULT_USER=qenya ''; diff --git a/home/vscode.nix b/home/vscode.nix deleted file mode 100644 index 80c4389..0000000 --- a/home/vscode.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ config, lib, pkgs, osConfig, ... }: - -let - inherit (lib) mkIf; - inherit (pkgs) fetchFromGitHub; - inherit (osConfig.nixpkgs.hostPlatform) system; - extensions = - (import (fetchFromGitHub { - # On a stable channel, do NOT keep this up-to-date! VS Code extensions - # have breaking changes more frequently than the NixOS release cadence. - owner = "nix-community"; - repo = "nix-vscode-extensions"; - rev = "27ce569a199d2da1a8483fe3d69dd41664da3a63"; - hash = "sha256-yyB4Kh3EFbYP+1JHza/IEeHwABypcYVi6vvWTmad/rY="; - })).extensions.${system}; -in -{ - programs.vscode = { - enableExtensionUpdateCheck = false; - enableUpdateCheck = false; - package = pkgs.vscodium; - extensions = with extensions.open-vsx; [ - golang.go - jdinhlife.gruvbox - jnoortheen.nix-ide - ms-python.python - ]; - mutableExtensionsDir = false; - userSettings = { - "[go]" = { - "editor.defaultFormatter" = "golang.go"; - "editor.formatOnSave" = false; - }; - "extensions.autoUpdate" = false; - "git.autofetch" = true; - "git.confirmSync" = false; - "git.enableSmartCommit" = true; - "git.inputValidation" = true; - "git.inputValidationSubjectLength" = null; - "gopls" = { - "formatting.gofumpt" = true; - "ui.semanticTokens" = true; - }; - "javascript.updateImportsOnFileMove.enabled" = "always"; - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - "nix.serverSettings".nil = { - diagnostics.ignored = [ "unused_binding" "unused_with" ]; - formatting.command = [ "nixpkgs-fmt" ]; - }; - "terminal.integrated.allowChords" = false; - "terminal.integrated.defaultProfile.linux" = "zsh"; - "workbench.colorTheme" = "Gruvbox Dark Hard"; - }; - }; - - # Language servers etc - home.packages = mkIf config.programs.vscode.enable (with pkgs; [ - gopls - nil - nixpkgs-fmt - ]); -} diff --git a/hosts/elucredassa/default.nix b/hosts/elucredassa/default.nix new file mode 100644 index 0000000..97aba67 --- /dev/null +++ b/hosts/elucredassa/default.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, inputs, ... }: + +let + inherit (lib) mkForce; +in +{ + imports = [ + ./filesystems.nix + ./hardware.nix + ./networking.nix + ]; + + nixpkgs.hostPlatform = "x86_64-linux"; + networking.hostName = "elucredassa"; + networking.hostId = "a8ec6755"; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + + qenya.base-server.enable = true; + + i18n.defaultLocale = "en_GB.UTF-8"; + console.keyMap = "uk"; + services.xserver.xkb.layout = "gb"; + + # These are populated by fountain.backup + randomcat.services.zfs.datasets = { + "rpool_elucredassa/backup" = { mountpoint = "none"; }; + "rpool_elucredassa/backup/kalessin" = { mountpoint = "none"; }; + "rpool_elucredassa/backup/orm" = { mountpoint = "none"; }; + }; + + qenya.services.distributed-builds = { + enable = true; + keyFile = "/etc/ssh/ssh_host_ed25519_key"; + builders = [ "kilgharrah" ]; + }; + + fountain.users.qenya.enable = true; + fountain.admins = [ "qenya" ]; + + system.stateVersion = "24.11"; +} diff --git a/hosts/elucredassa/filesystems.nix b/hosts/elucredassa/filesystems.nix new file mode 100644 index 0000000..40de941 --- /dev/null +++ b/hosts/elucredassa/filesystems.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +{ + boot.initrd.luks.devices = { + "luks-rpool-elucredassa".device = "/dev/disk/by-uuid/5ece5b58-c57a-41ae-b086-03707c39c9a7"; + }; + + fileSystems = { + "/" = { + device = "rpool_elucredassa/root"; + fsType = "zfs"; + }; + "/boot" = { + device = "/dev/disk/by-uuid/2519-E2D6"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + }; + + swapDevices = [{ device = "/dev/disk/by-uuid/c7c48325-e90d-414d-b579-84cb45616ee9"; }]; + + boot.supportedFilesystems = [ "ntfs" ]; # for USB drives +} diff --git a/hosts/elucredassa/hardware.nix b/hosts/elucredassa/hardware.nix new file mode 100644 index 0000000..aca6ddc --- /dev/null +++ b/hosts/elucredassa/hardware.nix @@ -0,0 +1,11 @@ +{ config, lib, pkgs, ... }: + +{ + hardware.enableAllFirmware = true; + hardware.cpu.intel.updateMicrocode = true; + services.fwupd.enable = true; + + # this is an old laptop + services.logind.lidSwitch = "ignore"; +} + diff --git a/hosts/elucredassa/networking.nix b/hosts/elucredassa/networking.nix new file mode 100644 index 0000000..82b4e96 --- /dev/null +++ b/hosts/elucredassa/networking.nix @@ -0,0 +1,36 @@ +{ config, lib, pkgs, ... }: + +{ + systemd.network.enable = true; + networking.useDHCP = false; + + systemd.network.networks."10-wan" = { + matchConfig.Name = "enp1s0f1"; + networkConfig = { + DHCP = "ipv4"; + IPv6AcceptRA = true; + Tunnel = "sit-he-ipv6"; + }; + linkConfig.RequiredForOnline = "routable"; + }; + + systemd.network.netdevs."25-he-ipv6" = { + netdevConfig = { + Name = "sit-he-ipv6"; + Kind = "sit"; + Description = "Hurricane Electric IPv6 Tunnel"; + MTUBytes = 1480; + }; + + tunnelConfig = { + Remote = "216.66.88.98"; + TTL = 255; + }; + }; + + systemd.network.networks."25-he-ipv6" = { + matchConfig.Name = "sit-he-ipv6"; + networkConfig.Address = [ "2001:470:1f1c:3e::2/64" ]; + routes = [{ Destination = [ "::/0" ]; }]; + }; +} diff --git a/hosts/kalessin/configuration.nix b/hosts/kalessin/configuration.nix deleted file mode 100644 index 84c9f82..0000000 --- a/hosts/kalessin/configuration.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - ./hardware-configuration.nix - ]; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - system.stateVersion = "23.11"; -} diff --git a/hosts/kalessin/default.nix b/hosts/kalessin/default.nix new file mode 100644 index 0000000..2ff3476 --- /dev/null +++ b/hosts/kalessin/default.nix @@ -0,0 +1,52 @@ +{ config, lib, pkgs, ... }: + +let + keys = import ../../keys.nix; +in +{ + imports = [ + ./hardware-configuration.nix + ./networking.nix + ]; + + nixpkgs.hostPlatform = "aarch64-linux"; + networking.hostName = "kalessin"; + networking.hostId = "534b538e"; + + fountain.users.qenya.enable = true; + fountain.users.randomcat.enable = true; + fountain.users.trungle.enable = true; + fountain.admins = [ "qenya" "randomcat" ]; + + qenya.base-server.enable = true; + + qenya.services.remote-builder = { + enable = true; + authorizedKeys.keys = [ ]; + }; + + randomcat.services.zfs.datasets = { + "rpool_kalessin/state" = { mountpoint = "none"; }; + "rpool_kalessin/state/headscale" = { mountpoint = "/var/lib/headscale"; }; + "rpool_kalessin/state/owncast" = { mountpoint = "/var/lib/owncast"; }; + }; + + services.sanoid.datasets."rpool_kalessin/state" = { + useTemplate = [ "production" ]; + recursive = "zfs"; + }; + + qenya.services.owncast = { + enable = true; + domain = "live.qenya.tel"; + dataDir = "/var/lib/owncast"; + }; + + qenya.services.headscale = { + enable = true; + domain = "headscale.unspecified.systems"; + dataDir = "/var/lib/headscale"; + }; + + system.stateVersion = "23.11"; +} diff --git a/hosts/kalessin/hardware-configuration.nix b/hosts/kalessin/hardware-configuration.nix index 8e0fb17..1007f6f 100644 --- a/hosts/kalessin/hardware-configuration.nix +++ b/hosts/kalessin/hardware-configuration.nix @@ -35,13 +35,4 @@ }; swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s6.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; } diff --git a/hosts/kalessin/networking.nix b/hosts/kalessin/networking.nix new file mode 100644 index 0000000..3c27781 --- /dev/null +++ b/hosts/kalessin/networking.nix @@ -0,0 +1,6 @@ +{ config, lib, pkgs, ... }: + +{ + networking.useNetworkd = true; + networking.interfaces.enp0s6.useDHCP = true; +} diff --git a/hosts/kilgharrah/backup.nix b/hosts/kilgharrah/backup.nix new file mode 100644 index 0000000..efa72f9 --- /dev/null +++ b/hosts/kilgharrah/backup.nix @@ -0,0 +1,8 @@ +{ config, lib, pkgs, ... }: + +{ + services.sanoid.datasets."rpool_albion/state" = { + useTemplate = [ "production" ]; + recursive = "zfs"; + }; +} \ No newline at end of file diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix new file mode 100644 index 0000000..87505c6 --- /dev/null +++ b/hosts/kilgharrah/default.nix @@ -0,0 +1,66 @@ +{ config, lib, pkgs, ... }: + +let + keys = import ../../keys.nix; +in +{ + imports = [ + ./backup.nix + ./filesystems.nix + ./hardware.nix + ./networking.nix + ./plasma.nix + + ./ftp.nix + ]; + + nixpkgs.hostPlatform = "x86_64-linux"; + networking.hostName = "kilgharrah"; + networking.hostId = "72885bb5"; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; + boot.kernelModules = [ "kvm-intel" ]; + + qenya.base-graphical.enable = true; + + time.timeZone = "Europe/London"; + i18n.defaultLocale = "en_GB.UTF-8"; + console.keyMap = "uk"; + services.xserver.xkb.layout = "gb"; + + fountain.users.qenya.enable = true; + age.secrets.user-password-kilgharrah-qenya.file = ../../secrets/user-password-kilgharrah-qenya.age; + users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-kilgharrah-qenya.path; + fountain.admins = [ "qenya" ]; + home-manager.users.qenya = { pkgs, ... }: { + home.packages = with pkgs; [ obs-studio ]; + }; + + qenya.services.remote-builder = { + enable = true; + authorizedKeys.keys = [ + keys.machines.yevaud + keys.machines.orm + keys.machines.tohru + keys.machines.elucredassa + ]; + }; + + programs.steam.enable = true; + qenya.services.audiobookshelf = { + enable = true; + domain = "audiobookshelf.qenya.tel"; + }; + qenya.services.jellyfin = { + enable = true; + domain = "jellyfin.qenya.tel"; + }; + qenya.services.navidrome = { + enable = true; + domain = "music.qenya.tel"; + dataDir = "/srv/music"; + }; + + system.stateVersion = "24.05"; + +} diff --git a/hosts/kilgharrah/filesystems.nix b/hosts/kilgharrah/filesystems.nix new file mode 100644 index 0000000..9ebc758 --- /dev/null +++ b/hosts/kilgharrah/filesystems.nix @@ -0,0 +1,93 @@ +{ config, lib, pkgs, ... }: + +{ + # SSD on board + + boot.initrd.luks.devices = { + "cryptroot".device = "/dev/disk/by-uuid/b414aaba-0a36-4135-a7e1-dc9489286acd"; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@" "compress=zstd" ]; + }; + "/home" = { + device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@home" "compress=zstd" ]; + }; + "/nix" = { + device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@nix" "compress=zstd" "noatime" ]; + }; + "/swap" = { + device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@swap" "noatime" ]; + }; + "/root" = { + device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@root" "compress=zstd" ]; + }; + "/srv" = { + device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@srv" "compress=zstd" ]; + }; + "/var/cache" = { + device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@cache" "compress=zstd" "noatime" ]; + }; + "/var/tmp" = { + device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@tmp" "compress=zstd" "noatime" ]; + }; + "/var/log" = { + device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@log" "compress=zstd" "noatime" ]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/9582-E78D"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + }; + + swapDevices = [{ + device = "/swap/swapfile"; + size = 32 * 1024; + }]; + + + # HDD in bay + + environment.etc.crypttab.text = '' + albion UUID=8a924f24-9b65-4f05-aeda-5b4080cc7aa1 /root/luks-albion.key + ''; + + randomcat.services.zfs.datasets = { + "rpool_albion/data" = { mountpoint = "none"; }; + "rpool_albion/data/steam" = { mountpoint = "/home/qenya/.local/share/Steam"; }; + "rpool_albion/state" = { mountpoint = "none"; }; + "rpool_albion/state/audiobookshelf" = { mountpoint = "/var/lib/audiobookshelf"; }; + "rpool_albion/state/jellyfin" = { mountpoint = "/var/lib/jellyfin"; }; + "rpool_albion/state/navidrome" = { mountpoint = "/var/lib/navidrome"; }; + "rpool_albion/srv" = { mountpoint = "none"; }; + "rpool_albion/srv/audiobookshelf" = { mountpoint = "/srv/audiobookshelf"; }; + "rpool_albion/srv/ftp" = { mountpoint = "/srv/ftp"; }; + "rpool_albion/srv/jellyfin" = { mountpoint = "/srv/jellyfin"; }; + "rpool_albion/srv/music" = { mountpoint = "/srv/music"; }; + }; + + + # Other + + boot.supportedFilesystems = [ "ntfs" "zfs" ]; +} diff --git a/hosts/kilgharrah/ftp.nix b/hosts/kilgharrah/ftp.nix new file mode 100644 index 0000000..4164679 --- /dev/null +++ b/hosts/kilgharrah/ftp.nix @@ -0,0 +1,70 @@ +{ config, lib, pkgs, ... }: + +{ + age.secrets.ftp-userDb-qenya = { + # To update this, see the nixos docs for services.vsftpd.userDbPath. Note + # that the command it gives to create a userDb, if applied to an *existing* + # userDb, will *add* the entries from the source file, overwriting any + # entries with the same username but leaving other existing entries intact. + # Also note the database format does not salt hashes. + file = ../../secrets/ftp-userDb-qenya.age; + + # we have to specify this manually because pam_userdb strips the extension + path = "/etc/vsftpd/userDb.db"; + }; + + services.vsftpd = { + enable = true; + localUsers = true; + forceLocalLoginsSSL = true; + forceLocalDataSSL = true; + rsaCertFile = "${config.security.acme.certs."ftp.qenya.tel".directory}/fullchain.pem"; + rsaKeyFile = "${config.security.acme.certs."ftp.qenya.tel".directory}/key.pem"; + + enableVirtualUsers = true; + userlistDeny = false; # turn userlist from a denylist into an allowlist + userlist = [ "qenya" ]; # this is just a list of the users in the userDb + userDbPath = "/etc/vsftpd/userDb"; + + localRoot = "/srv/ftp"; + + extraConfig = '' + # nothing in the default cipher suite is enabled in modern ssl clients! + ssl_ciphers=HIGH + + # set this to something firewallable + pasv_min_port=51000 + pasv_max_port=51099 + + # don't bother with upgrading to TLS, just listen on FTPS only + implicit_ssl=YES + listen_port=990 + ''; + }; + + services.nginx = { + enable = true; + virtualHosts = { + "ftp.qenya.tel" = { + forceSSL = true; + useACMEHost = "ftp.qenya.tel"; + locations."/".return = "503"; + }; + }; + }; + + security.acme.certs = { + "ftp.qenya.tel" = { + webroot = "/var/lib/acme/acme-challenge"; + group = "acme_ftp.qenya.tel"; + }; + }; + + users.groups."acme_ftp.qenya.tel".members = [ + "vsftpd" # not configurable in the vsftpd nixos module + config.services.nginx.group + ]; + + networking.firewall.allowedTCPPorts = [ 990 80 443 ]; + networking.firewall.allowedTCPPortRanges = [{ from = 51000; to = 51099; }]; +} diff --git a/hosts/kilgharrah/hardware.nix b/hosts/kilgharrah/hardware.nix new file mode 100644 index 0000000..0583c64 --- /dev/null +++ b/hosts/kilgharrah/hardware.nix @@ -0,0 +1,51 @@ +{ config, lib, pkgs, ... }: + +{ + hardware.enableAllFirmware = true; + hardware.cpu.intel.updateMicrocode = true; + services.fwupd.enable = true; + + services.xserver.videoDrivers = [ "nvidia" ]; + hardware.nvidia.open = false; + + # # Downgrade to driver version 535 as 550 has problems with Wayland + # hardware.nvidia.package = + # let + # rcu_patch = pkgs.fetchpatch { + # url = "https://github.com/gentoo/gentoo/raw/c64caf53/x11-drivers/nvidia-drivers/files/nvidia-drivers-470.223.02-gpl-pfn_valid.patch"; + # hash = "sha256-eZiQQp2S/asE7MfGvfe6dA/kdCvek9SYa/FFGp24dVg="; + # }; + # in + # config.boot.kernelPackages.nvidiaPackages.mkDriver { + # version = "535.154.05"; + # sha256_64bit = "sha256-fpUGXKprgt6SYRDxSCemGXLrEsIA6GOinp+0eGbqqJg="; + # sha256_aarch64 = "sha256-G0/GiObf/BZMkzzET8HQjdIcvCSqB1uhsinro2HLK9k="; + # openSha256 = "sha256-wvRdHguGLxS0mR06P5Qi++pDJBCF8pJ8hr4T8O6TJIo="; + # settingsSha256 = "sha256-9wqoDEWY4I7weWW05F4igj1Gj9wjHsREFMztfEmqm10="; + # persistencedSha256 = "sha256-d0Q3Lk80JqkS1B54Mahu2yY/WocOqFFbZVBh+ToGhaE="; + # patches = [ rcu_patch ]; + # }; + + services.printing.drivers = [ pkgs.hplip ]; + + # enable playing from bluray drive + boot.kernelModules = [ "sg" ]; + environment.systemPackages = [ + ((pkgs.vlc.override { + libbluray = (pkgs.libbluray.override { + withJava = true; + withAACS = true; + withBDplus = true; + }); + }).overrideAttrs (originalAttrs: { + buildInputs = originalAttrs.buildInputs ++ [ pkgs.libdvdcss ]; + # TODO: nixpkgs bug: libbluray needs patching to look at the nix store path of jdk17 when searching for a jdk + # as a workaround, wrap vlc and set JAVA_HOME, which it uses instead of searching when specified + nativeBuildInputs = originalAttrs.nativeBuildInputs ++ [ pkgs.makeWrapper ]; + postFixup = '' + ${originalAttrs.postFixup or ""} + wrapProgram $out/bin/vlc --set JAVA_HOME ${pkgs.jdk17.home} + ''; + })) + ]; +} diff --git a/hosts/kilgharrah/networking.nix b/hosts/kilgharrah/networking.nix new file mode 100644 index 0000000..2db377f --- /dev/null +++ b/hosts/kilgharrah/networking.nix @@ -0,0 +1,15 @@ +{ config, lib, pkgs, ... }: + +{ + systemd.network.enable = true; + networking.useDHCP = false; + + systemd.network.networks."10-wan" = { + matchConfig.Name = "enp2s0"; + networkConfig = { + DHCP = "ipv4"; + IPv6AcceptRA = true; + }; + linkConfig.RequiredForOnline = "routable"; + }; +} diff --git a/hosts/kilgharrah/plasma.nix b/hosts/kilgharrah/plasma.nix new file mode 100644 index 0000000..dba5270 --- /dev/null +++ b/hosts/kilgharrah/plasma.nix @@ -0,0 +1,109 @@ +{ config, lib, pkgs, inputs, ... }: + +let + inherit (lib) mkForce; +in +{ + services.xserver.displayManager.gdm.enable = mkForce false; + services.xserver.desktopManager.gnome.enable = mkForce false; + services.displayManager.sddm.enable = true; + services.displayManager.sddm.wayland.enable = true; + services.desktopManager.plasma6.enable = true; + + environment.systemPackages = with pkgs; [ + (catppuccin-kde.override { + flavour = [ "mocha" ]; + accents = [ "mauve" ]; + winDecStyles = [ "modern" ]; + }) + ]; + + home-manager.users.qenya = { pkgs, ... }: { + imports = [ + inputs.plasma-manager.homeManagerModules.plasma-manager + ]; + + programs.plasma = { + enable = true; + overrideConfig = true; + + workspace = { + lookAndFeel = "Catppuccin-Mocha-Mauve"; + colorScheme = "CatppuccinMochaMauve"; + splashScreen.engine = "KSplashQML"; + splashScreen.theme = "Catppuccin-Mocha-Mauve"; + windowDecorations.library = "org.kde.kwin.aurorae"; + windowDecorations.theme = "__aurorae__svg__CatppuccinMocha-Modern"; + }; + + # For the moment, this hosts some network-accessible services, so we want it on 24/7 + powerdevil.AC.autoSuspend.action = "nothing"; + + panels = [ + # Dock + { + height = 49; # 41 * 1.2 + lengthMode = "fit"; + location = "bottom"; + alignment = "center"; + hiding = "dodgewindows"; + widgets = [{ + name = "org.kde.plasma.icontasks"; + config.General = { + fill = false; + iconSpacing = 2; + launchers = lib.concatStringsSep "," [ + "applications:firefox.desktop" + "applications:codium.desktop" + "applications:steam.desktop" + "applications:discord.desktop" + "applications:com.obsproject.Studio.desktop" + "applications:org.kde.dolphin.desktop" + "applications:org.kde.konsole.desktop" + "applications:org.kde.plasma-systemmonitor.desktop" + ]; + maxStripes = 1; + showOnlyCurrentDesktop = false; + showOnlyCurrentScreen = false; + }; + }]; + screen = "all"; + } + + # Top bar + { + height = 29; # 24 * 1.2 + location = "top"; + alignment = "left"; + floating = false; + widgets = [ + { + name = "org.kde.plasma.kickoff"; + config.General = { + lengthFirstMargin = 7; + }; + } + { name = "org.kde.plasma.panelspacer"; } + { + name = "org.kde.plasma.digitalclock"; + config.Appearance = { + autoFontAndSize = false; + customDateFormat = "dddd, d MMM"; + dateDisplayFormat = "BesideTime"; + dateFormat = "custom"; + fontFamily = "Inter"; + fontStyleName = "Bold"; + fontWeight = 700; + boldText = true; + showWeekNumbers = true; + }; + } + { name = "org.kde.plasma.panelspacer"; } + { name = "org.kde.plasma.systemtray"; } + ]; + screen = "all"; + } + ]; + }; + }; +} diff --git a/hosts/orm/configuration.nix b/hosts/orm/configuration.nix deleted file mode 100644 index 1403b3d..0000000 --- a/hosts/orm/configuration.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - ./hardware-configuration.nix - ]; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - age.secrets.wireguard-peer-orm.file = ../../secrets/wireguard-peer-orm.age; - - birdsong.peering = { - enable = true; - privateKeyFile = config.age.secrets.wireguard-peer-orm.path; - }; - - system.stateVersion = "23.11"; -} diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix new file mode 100644 index 0000000..dc696e9 --- /dev/null +++ b/hosts/orm/default.nix @@ -0,0 +1,69 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ./networking.nix + ]; + + nixpkgs.hostPlatform = "x86_64-linux"; + networking.hostName = "orm"; + networking.hostId = "00000000"; + + fountain.users.qenya.enable = true; + fountain.admins = [ "qenya" ]; + qenya.base-server.enable = true; + + qenya.services.distributed-builds = { + enable = true; + keyFile = "/etc/ssh/ssh_host_ed25519_key"; + builders = [ "kilgharrah" ]; + }; + nix.settings.max-jobs = 0; + + randomcat.services.zfs.datasets = { + "rpool_orm/state" = { mountpoint = "none"; }; + "rpool_orm/state/actual" = { mountpoint = "/var/lib/private/actual"; }; + "rpool_orm/state/postgresql" = { mountpoint = "/var/lib/postgresql"; }; + }; + + services.sanoid.datasets."rpool_orm/state" = { + useTemplate = [ "production" ]; + recursive = "zfs"; + }; + + services.postgresql = { + enable = true; + package = pkgs.postgresql_17; + dataDir = "/var/lib/postgresql/17"; + # managing imperatively instead of using ensureDatabases/ensureUsers + + enableTCPIP = true; + settings = { + port = 5432; + # TODO: fix SSL + # ssl = true; + }; + # only allow remote connections from within Tailscale + authentication = pkgs.lib.mkOverride 10 '' + #type database DBuser auth-method + local all all trust # used by nixos for local monitoring + host sameuser all 100.64.0.0/10 scram-sha-256 + host sameuser all fd7a:115c:a1e0::/48 scram-sha-256 + ''; + }; + networking.firewall.interfaces."tailscale0".allowedTCPPorts = [ 5432 ]; + + qenya.services.actual = { + enable = true; + domain = "actual.unspecified.systems"; + }; + fountain.services.web-redirect = { + enable = true; + domains = { + "actual.qenya.tel" = "actual.unspecified.systems"; + }; + }; + + system.stateVersion = "23.11"; +} diff --git a/hosts/orm/hardware-configuration.nix b/hosts/orm/hardware-configuration.nix index 11459e7..34ef7b3 100644 --- a/hosts/orm/hardware-configuration.nix +++ b/hosts/orm/hardware-configuration.nix @@ -37,13 +37,4 @@ swapDevices = [ { device = "/dev/disk/by-uuid/a0ac8f60-25f9-4dec-af70-e3f4cd36c575"; } ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens3.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; } diff --git a/hosts/orm/networking.nix b/hosts/orm/networking.nix new file mode 100644 index 0000000..9423165 --- /dev/null +++ b/hosts/orm/networking.nix @@ -0,0 +1,6 @@ +{ config, lib, pkgs, ... }: + +{ + networking.useNetworkd = true; + networking.interfaces.ens3.useDHCP = true; +} diff --git a/hosts/tehanu/default.nix b/hosts/tehanu/default.nix new file mode 100644 index 0000000..fc1ecad --- /dev/null +++ b/hosts/tehanu/default.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ./networking.nix + ]; + + nixpkgs.hostPlatform = "aarch64-linux"; + networking.hostName = "tehanu"; + networking.hostId = "8e1185ab"; + + fountain.users.qenya.enable = true; + fountain.admins = [ "qenya" ]; + + qenya.base-server.enable = true; + + system.stateVersion = "23.11"; +} diff --git a/hosts/tehanu/hardware-configuration.nix b/hosts/tehanu/hardware-configuration.nix new file mode 100644 index 0000000..04d514e --- /dev/null +++ b/hosts/tehanu/hardware-configuration.nix @@ -0,0 +1,38 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_scsi" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "rpool_tehanu/root"; + fsType = "zfs"; + }; + + fileSystems."/nix" = + { device = "rpool_tehanu/nix"; + fsType = "zfs"; + }; + + fileSystems."/var" = + { device = "rpool_tehanu/var"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/629B-BA09"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = [ ]; +} diff --git a/hosts/tehanu/networking.nix b/hosts/tehanu/networking.nix new file mode 100644 index 0000000..3c27781 --- /dev/null +++ b/hosts/tehanu/networking.nix @@ -0,0 +1,6 @@ +{ config, lib, pkgs, ... }: + +{ + networking.useNetworkd = true; + networking.interfaces.enp0s6.useDHCP = true; +} diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix deleted file mode 100644 index bc9f644..0000000 --- a/hosts/tohru/configuration.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - ./hardware-configuration.nix - ./syncthing.nix - ]; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.systemd-boot.editor = false; - - age.secrets.wireguard-peer-tohru.file = ../../secrets/wireguard-peer-tohru.age; - - birdsong.peering = { - enable = true; - privateKeyFile = config.age.secrets.wireguard-peer-tohru.path; - persistentKeepalive = 23; - }; - - programs.evolution.enable = true; - qenya.services.fonts.enable = true; - qenya.services.steam.enable = true; - - home-manager.users.qenya = { pkgs, ... }: { - imports = [ - ./home.nix - ]; - }; - - networking.networkmanager.enable = true; - - i18n.defaultLocale = "en_GB.UTF-8"; - console.keyMap = "uk"; - - services.xserver.enable = true; - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - services.xserver.xkb.layout = "gb"; - - services.printing.enable = true; - - sound.enable = true; - hardware.pulseaudio.enable = true; - - # USB drives - boot.supportedFilesystems = [ "ntfs" ]; - - hardware.enableAllFirmware = true; - services.fwupd.enable = true; - services.fstrim.enable = true; - - boot.initrd.luks.devices = { - "rpool".device = "/dev/nvme0n1p2"; - }; - - system.stateVersion = "23.11"; -} - diff --git a/hosts/tohru/default.nix b/hosts/tohru/default.nix new file mode 100644 index 0000000..f9ee12c --- /dev/null +++ b/hosts/tohru/default.nix @@ -0,0 +1,69 @@ +{ config, lib, pkgs, inputs, ... }: + +let + inherit (lib) mkForce; +in +{ + imports = [ + ./filesystems.nix + ./hardware.nix + ./networking.nix + + ./syncthing.nix + ]; + + nixpkgs.hostPlatform = "x86_64-linux"; + networking.hostName = "tohru"; + networking.hostId = "31da19c1"; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + + qenya.base-graphical.enable = true; + + time.timeZone = "Europe/London"; + i18n.defaultLocale = "en_GB.UTF-8"; + console.keyMap = "uk"; + services.xserver.xkb.layout = "gb"; + + # tohru does not have the resources to run this under other load and is generally powered off when not in use. + # instead, just run `nix-store --optimise` every so often. + nix.optimise.automatic = mkForce false; + + fountain.users.qenya.enable = true; + fountain.admins = [ "qenya" ]; + age.secrets.user-password-tohru-qenya.file = ../../secrets/user-password-tohru-qenya.age; + users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-tohru-qenya.path; + users.users.qenya.extraGroups = [ + "networkmanager" # UI wifi configuration + "dialout" # access to serial ports + ]; + + nixpkgs.overlays = [ inputs.scoutshonour.overlays.default ]; + home-manager.users.qenya = { pkgs, ... }: { + home.packages = with pkgs; [ + keepassxc + apostrophe + foliate + nicotine-plus + tuba + + # games + openttd + prismlauncher + scoutshonour.digital-a-love-story + scoutshonour.dont-take-it-personally-babe + ]; + }; + + qenya.services.distributed-builds = { + enable = true; + keyFile = "/etc/ssh/ssh_host_ed25519_key"; + builders = [ "kilgharrah" ]; + }; + + programs.evolution.enable = true; # not in home-manager yet; not declaratively configurable yet + programs.steam.enable = true; + + system.stateVersion = "23.11"; +} diff --git a/hosts/tohru/filesystems.nix b/hosts/tohru/filesystems.nix new file mode 100644 index 0000000..6975fe6 --- /dev/null +++ b/hosts/tohru/filesystems.nix @@ -0,0 +1,51 @@ +{ config, lib, pkgs, ... }: + +{ + boot.initrd.luks.devices = { + "rpool".device = "/dev/nvme0n1p2"; + }; + + boot.supportedFilesystems = [ "ntfs" ]; # for USB drives + + fileSystems = { + "/" = { + device = "rpool/root"; + fsType = "zfs"; + }; + "/nix" = { + device = "rpool/nix"; + fsType = "zfs"; + }; + "/var" = { + device = "rpool/var"; + fsType = "zfs"; + }; + "/config" = { + device = "rpool/config"; + fsType = "zfs"; + }; + "/home" = { + device = "rpool/home"; + fsType = "zfs"; + }; + "/data" = { + device = "rpool/data"; + fsType = "zfs"; + }; + "/data/syncthing" = { + device = "rpool/data/syncthing"; + fsType = "zfs"; + }; + "/data/steam" = { + device = "rpool/data/steam"; + fsType = "zfs"; + }; + "/boot" = { + device = "/dev/disk/by-uuid/7DD4-487E"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + }; + + swapDevices = [{ device = "/dev/disk/by-uuid/a066313e-2467-4e07-ad0c-aeb7ff3f8d97"; }]; +} diff --git a/hosts/tohru/hardware-configuration.nix b/hosts/tohru/hardware-configuration.nix deleted file mode 100644 index 71a4dee..0000000 --- a/hosts/tohru/hardware-configuration.nix +++ /dev/null @@ -1,76 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "rtsx_pci_sdmmc" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "rpool/root"; - fsType = "zfs"; - }; - - fileSystems."/nix" = - { device = "rpool/nix"; - fsType = "zfs"; - }; - - fileSystems."/var" = - { device = "rpool/var"; - fsType = "zfs"; - }; - - fileSystems."/config" = - { device = "rpool/config"; - fsType = "zfs"; - }; - - fileSystems."/home" = - { device = "rpool/home"; - fsType = "zfs"; - }; - - fileSystems."/data" = - { device = "rpool/data"; - fsType = "zfs"; - }; - - fileSystems."/data/syncthing" = - { device = "rpool/data/syncthing"; - fsType = "zfs"; - }; - - fileSystems."/data/steam" = - { device = "rpool/data/steam"; - fsType = "zfs"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/7DD4-487E"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/a066313e-2467-4e07-ad0c-aeb7ff3f8d97"; } - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno2.useDHCP = lib.mkDefault true; - # networking.interfaces.wlo1.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/tohru/hardware.nix b/hosts/tohru/hardware.nix new file mode 100644 index 0000000..a2515bd --- /dev/null +++ b/hosts/tohru/hardware.nix @@ -0,0 +1,10 @@ +{ config, lib, pkgs, ... }: + +{ + hardware.enableAllFirmware = true; + hardware.cpu.intel.updateMicrocode = true; + services.fwupd.enable = true; + + services.printing.drivers = [ pkgs.hplip ]; +} + diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix deleted file mode 100644 index 20526df..0000000 --- a/hosts/tohru/home.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - dconf.enable = true; - - programs = { - firefox.enable = true; # TODO: config is not yet nix-ified - vscode.enable = true; - }; - - home.packages = with pkgs; [ - bitwarden - discord - foliate - gimp-with-plugins - jellyfin-media-player - keepassxc - tor-browser-bundle-bin - - # libreoffice - libreoffice - hunspell - hunspellDicts.en_GB-ise - - # games - openttd - prismlauncher - nur.repos.qenya.digital-a-love-story - nur.repos.qenya.dont-take-it-personally-babe - ]; -} diff --git a/hosts/tohru/networking.nix b/hosts/tohru/networking.nix new file mode 100644 index 0000000..be3822f --- /dev/null +++ b/hosts/tohru/networking.nix @@ -0,0 +1,8 @@ +{ config, lib, pkgs, ... }: + +{ + networking.useNetworkd = true; + systemd.network.wait-online.enable = false; + + networking.networkmanager.enable = true; +} diff --git a/hosts/yevaud/configuration.nix b/hosts/yevaud/configuration.nix deleted file mode 100644 index 0c21462..0000000 --- a/hosts/yevaud/configuration.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - ./hardware-configuration.nix - ]; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - age.secrets.wireguard-peer-yevaud.file = ../../secrets/wireguard-peer-yevaud.age; - - birdsong.peering = { - enable = true; - privateKeyFile = config.age.secrets.wireguard-peer-yevaud.path; - }; - - qenya.services.forgejo = { - enable = true; - domain = "git.qenya.tel"; - stateDir = "/data/forgejo"; - }; - - services.nginx = { - enable = true; - virtualHosts = { - "git.katherina.rocks" = { - forceSSL = true; - enableACME = true; - locations."/".return = "301 https://git.qenya.tel$request_uri"; - }; - "birdsong.network" = { - forceSSL = true; - enableACME = true; - locations."/".return = "301 https://git.qenya.tel/qenya/birdsong/"; - }; - }; - }; - - system.stateVersion = "23.11"; -} diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix new file mode 100644 index 0000000..6834203 --- /dev/null +++ b/hosts/yevaud/default.nix @@ -0,0 +1,49 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ./networking.nix + + ./experiments/pennykettle.nix + ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + networking.hostName = "yevaud"; + networking.hostId = "09673d65"; + + fountain.users.qenya.enable = true; + fountain.admins = [ "qenya" ]; + qenya.base-server.enable = true; + + qenya.services.distributed-builds = { + enable = true; + keyFile = "/etc/ssh/ssh_host_ed25519_key"; + builders = [ "kilgharrah" ]; + }; + nix.settings.max-jobs = 0; + + randomcat.services.zfs.datasets = { + "rpool/state" = { mountpoint = "none"; }; + "rpool/state/forgejo" = { mountpoint = "/var/lib/forgejo"; }; + }; + + services.sanoid.datasets."rpool/state" = { + useTemplate = [ "production" ]; + recursive = "zfs"; + }; + + qenya.services.forgejo = { + enable = true; + domain = "git.unspecified.systems"; + }; + fountain.services.web-redirect = { + enable = true; + domains = { + "git.katherina.rocks" = "git.unspecified.systems"; + "git.qenya.tel" = "git.unspecified.systems"; + }; + }; + + system.stateVersion = "23.11"; +} diff --git a/hosts/yevaud/experiments/pennykettle.nix b/hosts/yevaud/experiments/pennykettle.nix new file mode 100644 index 0000000..7453219 --- /dev/null +++ b/hosts/yevaud/experiments/pennykettle.nix @@ -0,0 +1,66 @@ +{ config, lib, pkgs, ... }: + +{ + networking.firewall.allowedUDPPorts = [ 51820 ]; + networking.firewall.interfaces."tailscale0".allowedTCPPorts = config.networking.firewall.allowedTCPPorts ++ [ 1080 ]; + + environment.systemPackages = [ pkgs.wireguard-tools ]; + networking.wireguard.interfaces."wg-protonvpn" = { + ips = [ "10.2.0.2/32" ]; + peers = [{ + allowedIPs = [ "0.0.0.0/0" "::/0" ]; + endpoint = "217.138.216.162:51820"; + publicKey = "C+u+eQw5yWI2APCfVJwW6Ovj3g4IrTOfe+tMZnNz43s="; + }]; + privateKeyFile = config.age.secrets.protonvpn-pennykettle1.path; + listenPort = 51820; + table = "957851094"; # randomly generated + }; + + networking.localCommands = '' + ip rule add from 10.2.0.2/32 table 957851094 + ''; + networking.firewall.checkReversePath = "loose"; + + age.secrets.protonvpn-pennykettle1 = { + file = ../../../secrets/protonvpn-pennykettle1.age; + owner = "root"; + group = "systemd-network"; + mode = "640"; + }; + + services.dante = { + enable = true; + config = '' + debug: 2 + internal: tailscale0 + external: wg-protonvpn + + # auth/tls handled by tailscale + clientmethod: none + socksmethod: none + + # allow connections from tailscale + # "0/0" matches any v4 or v6 address + client pass { + from: 100.64.0.0/10 to: 0/0 + log: error connect disconnect + } + client pass { + from: fd7a:115c:a1e0::/48 to: 0/0 + log: error connect disconnect + } + + socks pass { + from: 0/0 to: 0/0 + protocol: tcp udp + log: error connect disconnect iooperation + } + ''; + }; + + systemd.services.dante = { + wants = [ "tailscaled-autoconnect.service" ]; + after = [ "tailscaled-autoconnect.service" ]; + }; +} diff --git a/hosts/yevaud/hardware-configuration.nix b/hosts/yevaud/hardware-configuration.nix index aa624a3..72da1b4 100644 --- a/hosts/yevaud/hardware-configuration.nix +++ b/hosts/yevaud/hardware-configuration.nix @@ -28,11 +28,6 @@ fsType = "zfs"; }; - fileSystems."/data/forgejo" = - { device = "rpool/forgejo"; - fsType = "zfs"; - }; - fileSystems."/boot" = { device = "/dev/disk/by-uuid/107D-5AB3"; fsType = "vfat"; @@ -42,13 +37,4 @@ swapDevices = [ { device = "/dev/disk/by-uuid/f8b6eb35-33ad-4e19-bf3d-cac5ec38a8dc"; } ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens3.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; } diff --git a/hosts/yevaud/networking.nix b/hosts/yevaud/networking.nix new file mode 100644 index 0000000..d54ca7f --- /dev/null +++ b/hosts/yevaud/networking.nix @@ -0,0 +1,5 @@ +{ config, lib, pkgs, ... }: + +{ + networking.interfaces.ens3.useDHCP = true; +} diff --git a/keys.nix b/keys.nix index de1a65d..cba8c49 100644 --- a/keys.nix +++ b/keys.nix @@ -1,19 +1,34 @@ { machines = { + reese = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd0qGxvcMLDwX1bqYpwOUL5c/CIgBllMFr+bGkwiwAn root@reese"; + bear = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZ9Kn1CIcDHaleKHf7zO6O30Rbxs/FwL0/Ie+mEjZJr root@bear"; + shaw = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMC0AomCZZiUV/BCpImiV4p/vGvFaz5QNc+fJLXmS5p root@shaw"; + groves = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQNZ/Q+x7mDYfYXftpZpWkfPByyMBbYmVFobM4vSDW2 root@groves"; tohru = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk8wuGzF0Y7SaH9aimo3SmCz99MTQwL+rEVhx0jsueU root@tohru"; yevaud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHUAgyQhl390yUObLUI+jEbuNrZ2U6+8px628DolD+T root@yevaud"; orm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGc9rkcdOVWozBFj3kLVnSyUQQbyyH+UG+bLawanQkRQ root@orm"; + kalessin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPt3iSSmgnlsv1/jafgZgI7o8UuXzcAL45hID2ThfS8 root@kalessin"; + tehanu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ1fNylfLo7Z8m/DroRlj7cHMLhYL7boP3r/upVrtMJQ root@tehanu"; + kilgharrah = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOgGF3gzzlMbxxk3UAAgHJ7sDdjqtrw7UW16M1XhXtz2 root@kilgharrah"; + elucredassa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+Y/vqGNc1wXUAg4XMAAcLupkggywj2LpYDwA16ONbH root@elucredassa"; + carter = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHHHYG6A995Po05+JXQsvB79ZoIiSOJnW6AiJgVYPic root@carter"; }; users = { qenya = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjBuuxo+w3yED0aPnsNb8S90p/GgBqFEG9K4ETZ5Wkq qenya@kilgharrah" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on qenya@tohru" ]; randomcat = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHagOaeTR+/7FL9sErciMw30cmV/VW8HU7J3ZFU5nj9 janet@randomcat.org" ]; - richard = [ + trungle = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA57legzdIcYTVVri4Wc0CvgWefbRhmUqhu0F/5f8FB reuben@glenda-artix" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHAuYWPfYVKdjBY/gBMt2n11Seb+hMqjui1PQ6C4ph8i richard@tress" ]; + gaelan = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFbDvPKnPXe+58QgdgK8yZ3Ac9dkJdtHJ3pQwWhszM7McwCzCEO/b940K0orLjfeUruC+hGJZO8heIh0J6JwSK907aS2wpHofU9q7bMT0PYeuHrSb2iFrOFIkTIWpO8hnWad8TGKOlOdNTKEdB9zwxXEKTFb9QW1Z27Zql79W44jUvaOTb7gKUps37O77lHEJDModaRsXS2523pSbrTZKDwZ73+S0ECeNUwwzLUyOOUHfENEXnM18hWm8mV0iU7kxFcmS33z9rWlWPNiCXnBnSi5LPgBarYOAqQf56f9OisafKqvc3uX+yn0kGCDWglVGUkbhfSIP9+w+yv/h/NJWIJlJC92ndbktAqAQW4gb7lXYxpbdoWcmqEy97q0e2vyBdhcVXwZ+0q+U8I74m8trq36ieHDtLKYkiFBX6zvrLP4I5OZU+EecdV2HcMoU8HNa5u1mvG+oHaEgkR70a5cQtrPzWLS/OMLqvWL39vO7RNskzwWCSuWScxDGitr+BunRRbL4aKNkkPjdDlIqb/SfSrFikOo75f5Ku4I32nbM7SNpIjA4cHe50rx1UB8lT+RwHdxL99OdoxIPCe6OLA5uT8VGPXkvqd/ZIFOL2HaM+uPLaYbjwLrHlwSOLgGbehmsSD369EXv6NAc5wbzsSLJQhJ66d5unnzGjn4dRt9sbDw== gbs@canishe.com" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHId+2dJYiZK++p8lu9Bax0J29JjeuU4qcIBdLwEz3lm gbs@canishe.com" + ]; }; } diff --git a/npins/default.nix b/npins/default.nix deleted file mode 100644 index 5e7d086..0000000 --- a/npins/default.nix +++ /dev/null @@ -1,80 +0,0 @@ -# Generated by npins. Do not modify; will be overwritten regularly -let - data = builtins.fromJSON (builtins.readFile ./sources.json); - version = data.version; - - mkSource = - spec: - assert spec ? type; - let - path = - if spec.type == "Git" then - mkGitSource spec - else if spec.type == "GitRelease" then - mkGitSource spec - else if spec.type == "PyPi" then - mkPyPiSource spec - else if spec.type == "Channel" then - mkChannelSource spec - else - builtins.throw "Unknown source type ${spec.type}"; - in - spec // { outPath = path; }; - - mkGitSource = - { - repository, - revision, - url ? null, - hash, - branch ? null, - ... - }: - assert repository ? type; - # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository - # In the latter case, there we will always be an url to the tarball - if url != null then - (builtins.fetchTarball { - inherit url; - sha256 = hash; # FIXME: check nix version & use SRI hashes - }) - else - assert repository.type == "Git"; - let - urlToName = - url: rev: - let - matched = builtins.match "^.*/([^/]*)(\\.git)?$" repository.url; - - short = builtins.substring 0 7 rev; - - appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else ""; - in - "${if matched == null then "source" else builtins.head matched}${appendShort}"; - name = urlToName repository.url revision; - in - builtins.fetchGit { - url = repository.url; - rev = revision; - inherit name; - # hash = hash; - }; - - mkPyPiSource = - { url, hash, ... }: - builtins.fetchurl { - inherit url; - sha256 = hash; - }; - - mkChannelSource = - { url, hash, ... }: - builtins.fetchTarball { - inherit url; - sha256 = hash; - }; -in -if version == 3 then - builtins.mapAttrs (_: mkSource) data.pins -else - throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`" diff --git a/npins/sources.json b/npins/sources.json deleted file mode 100644 index 7110f10..0000000 --- a/npins/sources.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "pins": { - "nur": { - "type": "Git", - "repository": { - "type": "GitHub", - "owner": "nix-community", - "repo": "NUR" - }, - "branch": "master", - "revision": "6cbb9fb9c5d55fa2af9a5b0d3185d56c90ad62aa", - "url": "https://github.com/nix-community/NUR/archive/6cbb9fb9c5d55fa2af9a5b0d3185d56c90ad62aa.tar.gz", - "hash": "1w1n56p4hbq1zlz8hiw3169kxsw4cn5maahlk8vdzprs498f69kg" - } - }, - "version": 3 -} \ No newline at end of file diff --git a/secrets.nix b/secrets.nix index e6dd703..25ba859 100644 --- a/secrets.nix +++ b/secrets.nix @@ -1,19 +1,18 @@ let keys = import ./keys.nix; - commonKeys = keys.users.qenya; - secrets = with keys; { - wireguard-peer-orm = [ machines.orm ]; - wireguard-peer-tohru = [ machines.tohru ]; - wireguard-peer-yevaud = [ machines.yevaud ]; + ftp-userDb-qenya = [ machines.kilgharrah ] ++ keys.users.qenya; + user-password-kilgharrah-qenya = [ machines.kilgharrah ] ++ keys.users.qenya; + user-password-tohru-qenya = [ machines.tohru ] ++ keys.users.qenya; + protonvpn-pennykettle1 = [ machines.yevaud ] ++ keys.users.qenya; }; in builtins.listToAttrs ( map (secretName: { name = "secrets/${secretName}.age"; - value.publicKeys = secrets."${secretName}" ++ commonKeys; + value.publicKeys = secrets."${secretName}"; }) (builtins.attrNames secrets) ) diff --git a/secrets/ftp-userDb-qenya.age b/secrets/ftp-userDb-qenya.age new file mode 100644 index 0000000..53f83c0 Binary files /dev/null and b/secrets/ftp-userDb-qenya.age differ diff --git a/secrets/protonvpn-pennykettle1.age b/secrets/protonvpn-pennykettle1.age new file mode 100644 index 0000000..e58dc56 --- /dev/null +++ b/secrets/protonvpn-pennykettle1.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 uJfgGw +h4WiWyMlQZ5iaMFTl/whUD0vJnIN0GYeqRbZ0MIH0o +eKio4DsSJlrvSAjmR0naDO/lmB78o7cy7QC9WZjHUa0 +-> ssh-ed25519 seJ9Iw xov8WY0TxEj5/wkWg1T0kmrbpXsNhDLnZwqyIg0eExA +wu5QApQk6K8Fu5XMTrWY2veoYbJVuQmn3DJXewVB860 +-> ssh-ed25519 900ILw N6RbpHr4Vwgm0BUCuMXzVo3VEgrl29NF8ZJU5Far7yk +KdA1dZXmcSF3cH9bVdmIbj7iZO3uuSY+isjswDzSu+Y +--- YtnS9FqXVat2hi9BLvX+71HEZDw3zcxIQ7Dp5+iao4c +a'|N7NT5]O0Sm<-1:dg^/u7N?XM~s.9cC \ No newline at end of file diff --git a/secrets/user-password-kilgharrah-qenya.age b/secrets/user-password-kilgharrah-qenya.age new file mode 100644 index 0000000..58fae24 Binary files /dev/null and b/secrets/user-password-kilgharrah-qenya.age differ diff --git a/secrets/user-password-tohru-qenya.age b/secrets/user-password-tohru-qenya.age new file mode 100644 index 0000000..cfe5260 Binary files /dev/null and b/secrets/user-password-tohru-qenya.age differ diff --git a/secrets/wireguard-peer-orm.age b/secrets/wireguard-peer-orm.age deleted file mode 100644 index 6cd9c12..0000000 --- a/secrets/wireguard-peer-orm.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 l/RSAw +h2Jz8m9ZEklGxWK8HcixO3+D4AVATPI3m3wE1ITviM -US+J+FDPJ/nmLT1ylRGfXyfjiJRgLpdgCg1L3IPrmrc --> ssh-ed25519 900ILw bX/KdX53EFQCmWI0MU/wKfzqKmAw+/fMs4/955iYOlw -7epwHu5g+p6BHe/ksaA9MAvpneZBwHeqnMtSc1m3FFY --> !V-grease &x6T2i d0B}! -tkT/G8gEKyx280vDO1QgG5ERBCkR9XCgk8IIE1AeBONi9eo+Z0sGfNHv2DXFx14B -TcKX31wDmUbtv8j+4d7722YeZ4jvKiSuQA38zLREOGJyhA ---- TR/GFMXQ4N6AMuScg8LSednd6jAJugxgCJLegPtFmgI -4>?(Y|R5V  ×4'[K_ѝ,ϧ Tk5TC~c*D[N䃼< \ No newline at end of file diff --git a/secrets/wireguard-peer-orm.pub b/secrets/wireguard-peer-orm.pub deleted file mode 100644 index c6f541c..0000000 --- a/secrets/wireguard-peer-orm.pub +++ /dev/null @@ -1 +0,0 @@ -birdLVh8roeZpcVo308Ums4l/aibhAxbi7MBsglkJyA= diff --git a/secrets/wireguard-peer-tohru.age b/secrets/wireguard-peer-tohru.age deleted file mode 100644 index f99168e..0000000 --- a/secrets/wireguard-peer-tohru.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 yZzWlg HKjvqxwrKVDSKuKcog2RTryVc+0vWII6DdFuouffNWs -fPlYoR4wSrGPlX3t11J1YSP3yToM2RjJVfLKM4oATxA --> ssh-ed25519 900ILw f76/jY251hkNMd3fBVZPuoWleh4ZdSdu95p7WDlmZi4 -iSULkGxw9aokMgv59fhW3LzJR/Dpx+LVCc6jbbPwCgU --> vdo-grease -8NUae81gLW0x8UoCVKqQUZaqkG8FTXwnysjEgXaEGBgDxjpuTp+C5qWczNYAXOFN -ha3mtF6IYHFHBZKsH0t1366nfYDAQXHOuu0hN4GBBz8gqnUt ---- uB1k+yMkL5ZUHXGSDv8ZPHDn0UfHOv1x3tRa2eIdbP8 -EY3Due/e4G[lQ=CovͿz/nbLa_h{A{ \ No newline at end of file diff --git a/secrets/wireguard-peer-tohru.pub b/secrets/wireguard-peer-tohru.pub deleted file mode 100644 index 6930ed6..0000000 --- a/secrets/wireguard-peer-tohru.pub +++ /dev/null @@ -1 +0,0 @@ -lk3PCQM1jmZoI8sM/rWSyKNuZOUnjox3n9L9geJD+18= diff --git a/secrets/wireguard-peer-yevaud.age b/secrets/wireguard-peer-yevaud.age deleted file mode 100644 index d331bda..0000000 Binary files a/secrets/wireguard-peer-yevaud.age and /dev/null differ diff --git a/secrets/wireguard-peer-yevaud.pub b/secrets/wireguard-peer-yevaud.pub deleted file mode 100644 index 871b993..0000000 --- a/secrets/wireguard-peer-yevaud.pub +++ /dev/null @@ -1 +0,0 @@ -YPJsIs9x4wuWdFi/QRWSJbWvKE0GQAfVL4MNMqHygDw= diff --git a/services/actual.nix b/services/actual.nix new file mode 100644 index 0000000..3a006ea --- /dev/null +++ b/services/actual.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkOption mkEnableOption types; + cfg = config.qenya.services.actual; +in +{ + options.qenya.services.actual = { + enable = mkEnableOption "Actual Budget"; + domain = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable { + services.nginx = { + enable = true; + virtualHosts = { + ${cfg.domain} = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://127.0.0.1:5006/"; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + services.actual = { + enable = true; + settings.port = 5006; + }; + }; +} diff --git a/services/audiobookshelf.nix b/services/audiobookshelf.nix new file mode 100644 index 0000000..6019108 --- /dev/null +++ b/services/audiobookshelf.nix @@ -0,0 +1,35 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.qenya.services.audiobookshelf; +in +{ + options.qenya.services.audiobookshelf = { + enable = mkEnableOption "Audiobookshelf"; + domain = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable { + services.nginx = { + enable = true; + virtualHosts = { + ${cfg.domain} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8234/"; + proxyWebsockets = true; + }; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + services.audiobookshelf.enable = true; + services.audiobookshelf.port = 8234; + }; +} diff --git a/services/default.nix b/services/default.nix index 7c73723..194eb43 100644 --- a/services/default.nix +++ b/services/default.nix @@ -1,7 +1,14 @@ { imports = [ - ./fonts.nix + ./actual.nix + ./audiobookshelf.nix + ./distributed-builds.nix ./forgejo.nix - ./steam.nix + ./headscale.nix + ./jellyfin.nix + ./navidrome.nix + ./owncast.nix + ./remote-builder.nix + ./web-redirect.nix ]; -} \ No newline at end of file +} diff --git a/services/distributed-builds.nix b/services/distributed-builds.nix new file mode 100644 index 0000000..025a0f0 --- /dev/null +++ b/services/distributed-builds.nix @@ -0,0 +1,54 @@ +{ config, lib, pkgs, ... }: + +let + inherit (builtins) elem; + inherit (lib) mkIf mkEnableOption mkOption types optional; + cfg = config.qenya.services.distributed-builds; +in +{ + options.qenya.services.distributed-builds = { + enable = mkEnableOption "distributed builds"; + keyFile = mkOption { + type = types.path; + description = '' + Path to the OpenSSH private key to be used for distributed builds. + ''; + }; + builders = mkOption { + type = types.listOf types.str; + default = [ ]; + description = '' + List of builders to attempt to use for distributed builds. + ''; + example = [ "kalessin" ]; + }; + }; + + config = mkIf cfg.enable { + assertions = [{ + assertion = cfg ? keyFile; + message = "must specify a private key to be used for distributed builds"; + }]; + + nix.distributedBuilds = true; + nix.settings.builders-use-substitutes = true; + + nix.buildMachines = + (optional (elem "kalessin" cfg.builders) { + hostName = "kalessin.birdsong.network"; + sshUser = "remotebuild"; + sshKey = cfg.keyFile; + systems = [ "aarch64-linux" ]; + maxJobs = 2; + supportedFeatures = [ "big-parallel" ]; + }) + ++ (optional (elem "kilgharrah" cfg.builders) { + hostName = "kilgharrah.birdsong.network"; + sshUser = "remotebuild"; + sshKey = cfg.keyFile; + systems = [ "x86_64-linux" ]; + maxJobs = 12; + supportedFeatures = [ "big-parallel" ]; + }); + }; +} diff --git a/services/fonts.nix b/services/fonts.nix deleted file mode 100644 index dcd9d1b..0000000 --- a/services/fonts.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.qenya.services.fonts; -in -{ - options.qenya.services.fonts = { - enable = mkEnableOption "Fonts"; - }; - - config = mkIf cfg.enable { - fonts.packages = with pkgs; [ - corefonts - ]; - }; -} diff --git a/services/forgejo.nix b/services/forgejo.nix index 9f3f6f1..cf18e8f 100644 --- a/services/forgejo.nix +++ b/services/forgejo.nix @@ -10,9 +10,6 @@ in domain = mkOption { type = types.str; }; - stateDir = mkOption { - type = types.str; - }; }; config = mkIf cfg.enable { @@ -33,7 +30,6 @@ in forgejo = { enable = true; - stateDir = cfg.stateDir; settings = { DEFAULT.APP_NAME = cfg.domain; cache = { diff --git a/services/headscale.nix b/services/headscale.nix new file mode 100644 index 0000000..d5f2fe9 --- /dev/null +++ b/services/headscale.nix @@ -0,0 +1,53 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkOption mkEnableOption types; + cfg = config.qenya.services.headscale; +in +{ + options.qenya.services.headscale = { + enable = mkEnableOption "Headscale"; + domain = mkOption { + type = types.str; + }; + dataDir = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable { + services.nginx = { + enable = true; + virtualHosts = { + ${cfg.domain} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:32770/"; + proxyWebsockets = true; + }; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + services.headscale = { + enable = true; + address = "0.0.0.0"; # required to disable built-in ACME client for some reason + port = 32770; + settings = { + server_url = "https://${cfg.domain}:443"; + prefixes.allocation = "random"; + dns = { + magic_dns = true; + base_domain = "birdsong.network"; + }; + + # disable built-in ACME client + tls_cert_path = null; + tls_key_path = null; + }; + }; + }; +} diff --git a/services/jellyfin.nix b/services/jellyfin.nix new file mode 100644 index 0000000..154007d --- /dev/null +++ b/services/jellyfin.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.qenya.services.jellyfin; +in +{ + options.qenya.services.jellyfin = { + enable = mkEnableOption "Jellyfin"; + domain = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable { + services.nginx = { + enable = true; + virtualHosts = { + ${cfg.domain} = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://127.0.0.1:8096/"; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + services.jellyfin.enable = true; + }; +} diff --git a/services/navidrome.nix b/services/navidrome.nix new file mode 100644 index 0000000..d678005 --- /dev/null +++ b/services/navidrome.nix @@ -0,0 +1,38 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkOption mkEnableOption types; + cfg = config.qenya.services.navidrome; +in +{ + options.qenya.services.navidrome = { + enable = mkEnableOption "Navidrome"; + domain = mkOption { + type = types.str; + }; + dataDir = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable { + services.nginx = { + enable = true; + virtualHosts = { + ${cfg.domain} = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://127.0.0.1:4533/"; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + services.navidrome.enable = true; + services.navidrome.settings = { + MusicFolder = cfg.dataDir; + BaseUrl = "https://${cfg.domain}"; + }; + }; +} diff --git a/services/owncast.nix b/services/owncast.nix new file mode 100644 index 0000000..47173d0 --- /dev/null +++ b/services/owncast.nix @@ -0,0 +1,36 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkOption mkEnableOption types; + cfg = config.qenya.services.owncast; +in +{ + options.qenya.services.owncast = { + enable = mkEnableOption "Owncast"; + domain = mkOption { + type = types.str; + }; + dataDir = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable { + services.nginx = { + enable = true; + virtualHosts = { + ${cfg.domain} = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://127.0.0.1:32769/"; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 1935 ]; # 1935 for rtmp + + services.owncast.enable = true; + services.owncast.port = 32769; + services.owncast.dataDir = cfg.dataDir; + }; +} diff --git a/services/remote-builder.nix b/services/remote-builder.nix new file mode 100644 index 0000000..265241a --- /dev/null +++ b/services/remote-builder.nix @@ -0,0 +1,44 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkOption mkEnableOption types; + cfg = config.qenya.services.remote-builder; +in +{ + options.qenya.services.remote-builder = { + enable = mkEnableOption "remote builder"; + authorizedKeys = { + keys = mkOption { + type = types.listOf types.singleLineStr; + default = [ ]; + description = '' + A list of verbatim OpenSSH public keys that should be authorized to + use this remote builder. See + `users.users..openssh.authorizedKeys.keys`. + ''; + }; + keyFiles = mkOption { + type = types.listOf types.path; + default = [ ]; + description = '' + A list of files each containing one OpenSSH public key that should be + authorized to use this remote builder. See + `users.users..openssh.authorizedKeys.keyFiles`. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + users.users.remotebuild = { + isSystemUser = true; + group = "nogroup"; + shell = "/bin/sh"; + openssh.authorizedKeys.keys = cfg.authorizedKeys.keys; + openssh.authorizedKeys.keyFiles = cfg.authorizedKeys.keyFiles; + }; + + nix.nrBuildUsers = 64; + nix.settings.trusted-users = [ "remotebuild" ]; + }; +} diff --git a/services/steam.nix b/services/steam.nix deleted file mode 100644 index d7ef010..0000000 --- a/services/steam.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.qenya.services.steam; -in -{ - options.qenya.services.steam = { - enable = mkEnableOption "Steam"; - }; - - config = mkIf cfg.enable { - programs.steam = { - enable = true; - remotePlay.openFirewall = true; - dedicatedServer.openFirewall = true; - }; - - services.joycond.enable = true; - }; -} diff --git a/services/web-redirect.nix b/services/web-redirect.nix new file mode 100644 index 0000000..92b9c5a --- /dev/null +++ b/services/web-redirect.nix @@ -0,0 +1,30 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkOption mkEnableOption types; + cfg = config.fountain.services.web-redirect; +in +{ + options.fountain.services.web-redirect = { + enable = mkEnableOption "Module to do simple 301 redirects from one domain to another"; + domains = mkOption { + type = types.attrsOf types.str; + description = "Mapping from source domain to destination domain"; + }; + }; + + config = mkIf cfg.enable { + services.nginx = { + enable = true; + virtualHosts = builtins.mapAttrs + (name: value: { + forceSSL = true; + enableACME = true; + locations."/".return = "301 https://${value}$request_uri"; + }) + cfg.domains; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + }; +} diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..a2d1b10 --- /dev/null +++ b/shell.nix @@ -0,0 +1,9 @@ +let + shell = (import + (fetchTarball { + url = "https://github.com/edolstra/flake-compat/archive/refs/tags/v1.0.1.tar.gz"; + sha256 = "0m9grvfsbwmvgwaxvdzv6cmyvjnlww004gfxjvcl806ndqaxzy4j"; + }) + { src = ./.; }).shellNix; +in +shell.devShells.${builtins.currentSystem}