diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..4a4726a --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use_nix diff --git a/.gitignore b/.gitignore index a806510..3357b94 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,3 @@ # Ignore build outputs from performing a nix-build or `nix build` command result result-* - diff --git a/README.md b/README.md index e860f06..a7ac37e 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,33 @@ -# nixos-config +# nixfiles -My NixOS configuration files \ No newline at end of file +My NixOS configuration files. + +The canonical location for this repository is https://git.unspecified.systems/qenya/nixfiles. If you're viewing it elsewhere, it is a mirror and may not be up-to-date. + +## Machines + +### Managed +* `kilgharrah`: Custom-built personal desktop; also currently running Jellyfin, Navidrome and Audiobookshelf servers (and an FTP server, for shits and giggles) +* `tohru`: Dell Latitude 5300, personal laptop +* `elucredassa`: Acer Aspire A315-53, old laptop with a broken keyboard that now sits in a corner being a backup server +* `yevaud`: Oracle Cloud free AMD VM, hosts a Forgejo instance and WireGuard server for the other machines in the network +* `orm`: Oracle Cloud free AMD VM, hosts an instance of Actual Budget and a PostgreSQL server for other services that need one +* `kalessin`: Oracle Cloud free ARM VM, currently idling + +### Referenced only +* `shaw`: [My girlfriend's NAS](https://github.com/randomnetcat/nix-configs/tree/main/hosts/shaw) +* `latias`: My Steam Deck + +## Usage + +### Building + +To build locally, run `nixos-rebuild switch --flake .#[hostname]` as root. + +To build the remote machines, run `colmena apply`. See the [colmena documentation](https://colmena.cli.rs/) for command-line options. Notable options include: +* `--on [hostname]`: build a specific machine only +* `--reboot`: reboot after building (but note [this bug](https://github.com/zhaofengli/colmena/issues/166) means it may hang even when the reboot completes successfully) + +### Updating + +`nix flake update --commit-lock-file` diff --git a/common/base-graphical/default.nix b/common/base-graphical/default.nix new file mode 100644 index 0000000..c444297 --- /dev/null +++ b/common/base-graphical/default.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.qenya.base-graphical; +in +{ + imports = [ + ./gnome.nix + ./sound.nix + ]; + + options.qenya.base-graphical.enable = mkEnableOption "Base configuration for graphical environments"; + + config = mkIf cfg.enable { + services.xserver.enable = true; + services.libinput.enable = true; + services.printing.enable = true; + services.avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; + + fonts.packages = with pkgs; [ + corefonts + caladea + carlito + ]; + }; +} diff --git a/common/base-graphical/gnome.nix b/common/base-graphical/gnome.nix new file mode 100644 index 0000000..819ea1c --- /dev/null +++ b/common/base-graphical/gnome.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkMerge mkOption types; + cfg = config.qenya.base-graphical; +in +{ + config = mkIf cfg.enable { + services.displayManager.gdm.enable = true; + services.desktopManager.gnome.enable = true; + # TODO: agree on this with randomcat as it affects her too, since for some reason this is system-wide + # environment.gnome.excludePackages = with pkgs.gnome; [ + # pkgs.gnome-tour + # epiphany # GNOME Web + # geary + # gnome-calendar + # gnome-contacts + # gnome-music + # ]; + }; +} diff --git a/common/base-graphical/sound.nix b/common/base-graphical/sound.nix new file mode 100644 index 0000000..140eb93 --- /dev/null +++ b/common/base-graphical/sound.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.qenya.base-graphical; +in +{ + config = mkIf cfg.enable { + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + }; + services.pulseaudio.enable = false; # this theoretically defaults to false but something else seems to be flipping it + environment.systemPackages = with pkgs; [ helvum ]; # patchbay + }; +} diff --git a/common/base-server/default.nix b/common/base-server/default.nix new file mode 100644 index 0000000..9e6125c --- /dev/null +++ b/common/base-server/default.nix @@ -0,0 +1,17 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.qenya.base-server; +in +{ + options.qenya.base-server.enable = mkEnableOption "Base configuration for headless servers"; + + config = mkIf cfg.enable { + time.timeZone = "Etc/UTC"; + + # Allow remote deployment with colmena + deployment.targetUser = null; + security.sudo.wheelNeedsPassword = false; + }; +} diff --git a/common/boot.nix b/common/boot.nix new file mode 100644 index 0000000..a5d9155 --- /dev/null +++ b/common/boot.nix @@ -0,0 +1,22 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf optionals; +in +{ + boot.loader = { + systemd-boot.enable = true; + systemd-boot.editor = false; + systemd-boot.memtest86.enable = mkIf config.nixpkgs.hostPlatform.isx86 true; + efi.canTouchEfiVariables = true; + }; + + services.resolved = { + enable = true; + fallbackDns = [ ]; + dnsovertls = "true"; + extraConfig = '' + DNS=2a07:e340::4#base.dns.mullvad.net 194.242.2.4#base.dns.mullvad.net + ''; + }; +} diff --git a/common/default.nix b/common/default.nix new file mode 100644 index 0000000..2517156 --- /dev/null +++ b/common/default.nix @@ -0,0 +1,21 @@ +{ + imports = [ + ./base-graphical + ./base-server + ./users + + ./boot.nix + ./docker.nix + ./gpg.nix + ./home-manager.nix + ./misc.nix + ./nginx.nix + ./nix.nix + ./packages.nix + ./sanoid.nix + ./security.nix + ./ssh.nix + ./steam.nix + ./tailscale.nix + ]; +} diff --git a/common/docker.nix b/common/docker.nix new file mode 100644 index 0000000..c33c246 --- /dev/null +++ b/common/docker.nix @@ -0,0 +1,11 @@ +{ config, lib, pkgs, ... }: + +{ + virtualisation.docker.daemon.settings = { + userland-proxy = false; + experimental = true; + metrics-addr = "0.0.0.0:9323"; + ipv6 = true; + fixed-cidr-v6 = "fd00::/80"; + }; +} diff --git a/common/gpg.nix b/common/gpg.nix new file mode 100644 index 0000000..07d1a0f --- /dev/null +++ b/common/gpg.nix @@ -0,0 +1,8 @@ +{ config, lib, pkgs, ... }: + +{ + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; +} diff --git a/common/home-manager.nix b/common/home-manager.nix new file mode 100644 index 0000000..cb4e6bd --- /dev/null +++ b/common/home-manager.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, inputs, ... }: + +{ + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + backupFileExtension = "backup"; + extraSpecialArgs = { + inherit inputs; + }; + }; +} diff --git a/common/misc.nix b/common/misc.nix new file mode 100644 index 0000000..3061e72 --- /dev/null +++ b/common/misc.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, ... }: + +{ + nix.gc = { + automatic = true; + dates = "weekly"; + randomizedDelaySec = "45min"; + options = "--delete-older-than 30d"; + }; + nix.optimise.automatic = true; + services.fstrim.enable = true; +} \ No newline at end of file diff --git a/common/nginx.nix b/common/nginx.nix new file mode 100644 index 0000000..af2712d --- /dev/null +++ b/common/nginx.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: + +{ + services.nginx = { + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + appendHttpConfig = '' + add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always; + add_header Content-Security-Policy "default-src https: data: blob: ws: 'unsafe-inline' 'wasm-unsafe-eval'; object-src 'none'; base-uri 'self';" always; + add_header Referrer-Policy strict-origin-when-cross-origin; + add_header X-Frame-Options SAMEORIGIN; + add_header X-Content-Type-Options nosniff; + add_header X-Clacks-Overhead "GNU Terry Pratchett" always; + proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; + ''; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "auto@qenya.tel"; + }; +} \ No newline at end of file diff --git a/common/nix.nix b/common/nix.nix new file mode 100644 index 0000000..1b4b96d --- /dev/null +++ b/common/nix.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, ... }: + +{ + nix.settings.experimental-features = "nix-command flakes"; + nixpkgs.flake = { + source = lib.cleanSource pkgs.path; + setNixPath = true; + setFlakeRegistry = true; + }; + nixpkgs.config.allowUnfree = true; + nix.settings.trusted-users = [ "@wheel" ]; + + nix.package = pkgs.lixPackageSets.stable.lix; + nixpkgs.overlays = [ + (final: prev: { + inherit (final.lixPackageSets.stable) + nixpkgs-review + nix-direnv + nix-eval-jobs + nix-fast-build + colmena; + }) + ]; +} diff --git a/common/packages.nix b/common/packages.nix new file mode 100644 index 0000000..8b46129 --- /dev/null +++ b/common/packages.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + btop + git + wget + + # hardware troubleshooting + lshw + parted + smartmontools + + # network troubleshooting + inetutils + lsof + tcpdump + netcat # <3 + wireguard-tools + ]; + + environment.wordlist.enable = true; +} \ No newline at end of file diff --git a/common/sanoid.nix b/common/sanoid.nix new file mode 100644 index 0000000..82137e0 --- /dev/null +++ b/common/sanoid.nix @@ -0,0 +1,35 @@ +{ config, pkgs, inputs, ... }: + +{ + config = { + services.sanoid = { + enable = true; + extraArgs = [ "--verbose" ]; + + # Local snapshots for important datasets + templates."production" = { + yearly = 0; + monthly = 3; + daily = 30; + hourly = 36; + autosnap = true; + autoprune = true; + }; + + # Reduced-retention version for datasets that are backed up to the NAS + templates."safe" = { + yearly = 0; + monthly = 0; + daily = 7; + hourly = 24; + autosnap = true; + autoprune = true; + }; + + # datasets."rpool_sggau1/reese/system" = { + # useTemplate = [ "safe" ]; + # recursive = "zfs"; + # }; + }; + }; +} \ No newline at end of file diff --git a/common/security.nix b/common/security.nix new file mode 100644 index 0000000..fe9b2fc --- /dev/null +++ b/common/security.nix @@ -0,0 +1,5 @@ +{ config, lib, pkgs,... }: + +{ + security.sudo.execWheelOnly = true; +} diff --git a/common/ssh.nix b/common/ssh.nix new file mode 100644 index 0000000..26b752d --- /dev/null +++ b/common/ssh.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) concatMapAttrs; + keys = import ../keys.nix; +in +{ + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + PermitRootLogin = "no"; + }; + }; + + programs.ssh.knownHosts = concatMapAttrs + (host: key: { + "${host}.birdsong.network".publicKey = key; + }) + keys.machines; +} diff --git a/common/steam.nix b/common/steam.nix new file mode 100644 index 0000000..b262ca9 --- /dev/null +++ b/common/steam.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: + +{ + config = lib.mkIf config.programs.steam.enable { + programs.steam = { + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + localNetworkGameTransfers.openFirewall = true; + gamescopeSession.enable = true; + extest.enable = true; + protontricks.enable = true; + }; + + services.joycond.enable = true; + }; +} diff --git a/common/tailscale.nix b/common/tailscale.nix new file mode 100644 index 0000000..1fa1da8 --- /dev/null +++ b/common/tailscale.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +{ + services.tailscale = { + enable = true; + openFirewall = true; + extraUpFlags = [ "--login-server" "https://headscale.unspecified.systems" ]; + extraDaemonFlags = [ "--no-logs-no-support" ]; # disable telemetry + }; + + systemd.services.tailscaled-autoconnect = { + after = [ "tailscaled.service" "network-online.target" ]; + wants = [ "tailscaled.service" "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig.Type = "oneshot"; + script = '' + sleep 2 # wait for tailscaled to settle + ${lib.getExe config.services.tailscale.package} up --reset ${lib.escapeShellArgs config.services.tailscale.extraUpFlags} + ''; + }; + + networking.domain = "birdsong.network"; +} diff --git a/common/users/default.nix b/common/users/default.nix new file mode 100644 index 0000000..d063db5 --- /dev/null +++ b/common/users/default.nix @@ -0,0 +1,32 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkOption types genAttrs; + cfg = config.fountain; +in +{ + # TODO: consider DRY-ing these + imports = [ + ./gaelan.nix + ./qenya.nix + ./randomcat.nix + ./trungle.nix + ]; + + options.fountain = { + admins = mkOption { + type = types.listOf types.str; + default = [ ]; + description = "List of users who should have root on this system"; + }; + }; + + config = { + users.mutableUsers = false; + + users.users = genAttrs cfg.admins + (name: { + extraGroups = [ "wheel" ]; + }); + }; +} diff --git a/common/users/gaelan.nix b/common/users/gaelan.nix new file mode 100644 index 0000000..0a365c9 --- /dev/null +++ b/common/users/gaelan.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkEnableOption; + keys = import ../../keys.nix; + cfg = config.fountain.users.gaelan; +in +{ + options.fountain.users.gaelan = { + enable = mkEnableOption "user gaelan"; + }; + + config = mkIf cfg.enable { + users.users.gaelan = { + uid = 1003; + isNormalUser = true; + group = "gaelan"; + openssh.authorizedKeys.keys = keys.users.gaelan; + }; + + users.groups.gaelan.gid = config.users.users.gaelan.uid; + }; +} \ No newline at end of file diff --git a/common/users/qenya.nix b/common/users/qenya.nix new file mode 100644 index 0000000..6a8e506 --- /dev/null +++ b/common/users/qenya.nix @@ -0,0 +1,28 @@ +{ config, lib, pkgs, self, ... }: + +let + inherit (lib) mkIf mkEnableOption; + keys = import ../../keys.nix; + cfg = config.fountain.users.qenya; +in +{ + options.fountain.users.qenya = { + enable = mkEnableOption "user qenya"; + }; + + config = mkIf cfg.enable { + users.users.qenya = { + uid = 1001; + isNormalUser = true; + group = "qenya"; + shell = pkgs.zsh; + openssh.authorizedKeys.keys = keys.users.qenya; + }; + + users.groups.qenya.gid = config.users.users.qenya.uid; + + programs.zsh.enable = true; + + home-manager.users."qenya" = self.homeManagerModules."qenya"; + }; +} diff --git a/common/users/randomcat.nix b/common/users/randomcat.nix new file mode 100644 index 0000000..de637fb --- /dev/null +++ b/common/users/randomcat.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkEnableOption; + keys = import ../../keys.nix; + cfg = config.fountain.users.randomcat; +in +{ + options.fountain.users.randomcat = { + enable = mkEnableOption "user randomcat"; + }; + + config = mkIf cfg.enable { + users.users.randomcat = { + uid = 1000; + isNormalUser = true; + group = "randomcat"; + openssh.authorizedKeys.keys = keys.users.randomcat; + }; + + users.groups.randomcat.gid = config.users.users.randomcat.uid; + }; +} \ No newline at end of file diff --git a/common/users/trungle.nix b/common/users/trungle.nix new file mode 100644 index 0000000..d1736ff --- /dev/null +++ b/common/users/trungle.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkEnableOption; + keys = import ../../keys.nix; + cfg = config.fountain.users.trungle; +in +{ + options.fountain.users.trungle = { + enable = mkEnableOption "user trungle"; + }; + + config = mkIf cfg.enable { + users.users.trungle = { + uid = 1002; + isNormalUser = true; + group = "trungle"; + openssh.authorizedKeys.keys = keys.users.trungle; + }; + + users.groups.trungle.gid = config.users.users.trungle.uid; + }; +} \ No newline at end of file diff --git a/flake.lock b/flake.lock index 3fb63ec..ec49815 100644 --- a/flake.lock +++ b/flake.lock @@ -1,24 +1,294 @@ { "nodes": { + "agenix": { + "inputs": { + "darwin": [], + "home-manager": [], + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1762618334, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", + "owner": "ryantm", + "repo": "agenix", + "rev": "fcdea223397448d35d9b31f798479227e80183f6", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "colmena": { + "inputs": { + "flake-compat": [], + "flake-utils": "flake-utils", + "nix-github-actions": [], + "nixpkgs": [ + "nixpkgs" + ], + "stable": [] + }, + "locked": { + "lastModified": 1762034856, + "narHash": "sha256-QVey3iP3UEoiFVXgypyjTvCrsIlA4ecx6Acaz5C8/PQ=", + "owner": "zhaofengli", + "repo": "colmena", + "rev": "349b035a5027f23d88eeb3bc41085d7ee29f18ed", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "colmena", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1763759067, + "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1764866045, + "narHash": "sha256-0GsEtXV9OquDQ1VclQfP16cU5VZh7NEVIOjSH4UaJuM=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "f63d0fe9d81d36e5fc95497217a72e02b8b7bcab", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-25.11", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager-unstable": { + "inputs": { + "nixpkgs": [ + "nixpkgs-unstable" + ] + }, + "locked": { + "lastModified": 1764952935, + "narHash": "sha256-cRPB2zESVMjIGxJ49qj4t4qnT0ae44E+fS/mkfOS/BY=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "519828bf1c97f8bc2ed2d3b79214067047d3c67d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1716361217, - "narHash": "sha256-mzZDr00WUiUXVm1ujBVv6A0qRd8okaITyUp4ezYRgc4=", + "lastModified": 1764831616, + "narHash": "sha256-OtzF5wBvO0jgW1WW1rQU9cMGx7zuvkF7CAVJ1ypzkxA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "46397778ef1f73414b03ed553a3368f0e7e33c2f", + "rev": "c97c47f2bac4fa59e2cbdeba289686ae615f8ed4", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.11", + "ref": "nixos-25.11", "repo": "nixpkgs", "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1761765539, + "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-small": { + "locked": { + "lastModified": 1764952718, + "narHash": "sha256-Gf75RCbeYcfXGNb9hHQ7DsVNsxU+TNWivose3JT53QY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d355f89e0014e51c9511298089d7ab55fd6f7056", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.11-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1764667669, + "narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "418468ac9527e799809c900eda37cbff999199b6", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable-small": { + "locked": { + "lastModified": 1764945329, + "narHash": "sha256-hHzryWFOvCnUfiQvsHEjVpAECIXB977Owi1Gno7YwYc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "21f4f13e179ba2b3d84d844b697612fa1b695b85", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "plasma-manager": { + "inputs": { + "home-manager": [ + "home-manager-unstable" + ], + "nixpkgs": [ + "nixpkgs-unstable" + ] + }, + "locked": { + "lastModified": 1763909441, + "narHash": "sha256-56LwV51TX/FhgX+5LCG6akQ5KrOWuKgcJa+eUsRMxsc=", + "owner": "nix-community", + "repo": "plasma-manager", + "rev": "b24ed4b272256dfc1cc2291f89a9821d5f9e14b4", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "plasma-manager", + "type": "github" + } + }, + "randomcat": { + "flake": false, + "locked": { + "lastModified": 1764900354, + "narHash": "sha256-/pWRIVfDkF26gaYGVc68Xo4WvDSXs+Chbr2iKcOESbc=", + "owner": "randomnetcat", + "repo": "nix-configs", + "rev": "03e246bb10c135386455af0e88899df2ca10495d", + "type": "github" + }, + "original": { + "owner": "randomnetcat", + "repo": "nix-configs", + "type": "github" + } + }, "root": { "inputs": { - "nixpkgs": "nixpkgs" + "agenix": "agenix", + "colmena": "colmena", + "flake-parts": "flake-parts", + "home-manager": "home-manager", + "home-manager-unstable": "home-manager-unstable", + "nixpkgs": "nixpkgs", + "nixpkgs-small": "nixpkgs-small", + "nixpkgs-unstable": "nixpkgs-unstable", + "nixpkgs-unstable-small": "nixpkgs-unstable-small", + "plasma-manager": "plasma-manager", + "randomcat": "randomcat", + "scoutshonour": "scoutshonour" + } + }, + "scoutshonour": { + "inputs": { + "nixpkgs": [ + "nixpkgs-unstable" + ] + }, + "locked": { + "lastModified": 1735301893, + "narHash": "sha256-d95MCTUYMCcOQv4LpmWxPuVnx7McezXYs2Idw8u8ngI=", + "ref": "main", + "rev": "f447cd380ea1fb81a0ff8f292b6bbdf0be9c9520", + "revCount": 23, + "type": "git", + "url": "https://git.qenya.tel/qenya/nix-scoutshonour" + }, + "original": { + "ref": "main", + "type": "git", + "url": "https://git.qenya.tel/qenya/nix-scoutshonour" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" } } }, diff --git a/flake.nix b/flake.nix index 7c6769c..7954bc9 100644 --- a/flake.nix +++ b/flake.nix @@ -1,14 +1,154 @@ { inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; - }; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; + nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-25.11-small"; + nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; + nixpkgs-unstable-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; - outputs = { self, nixpkgs, ... }@inputs: { - nixosConfigurations.tohru = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ./hosts/tohru/configuration.nix - ]; + home-manager = { + url = "github:nix-community/home-manager/release-25.11"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + home-manager-unstable = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; + }; + + plasma-manager = { + url = "github:nix-community/plasma-manager"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; + inputs.home-manager.follows = "home-manager-unstable"; + }; + + flake-parts.url = "github:hercules-ci/flake-parts"; + + agenix = { + url = "github:ryantm/agenix"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.darwin.follows = ""; + inputs.home-manager.follows = ""; + }; + + colmena = { + url = "github:zhaofengli/colmena"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.stable.follows = ""; + inputs.nix-github-actions.follows = ""; + inputs.flake-compat.follows = ""; + }; + + randomcat = { + url = "github:randomnetcat/nix-configs"; + flake = false; + }; + + scoutshonour = { + url = "git+https://git.qenya.tel/qenya/nix-scoutshonour?ref=main"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; }; }; + + outputs = inputs@{ self, nixpkgs, nixpkgs-small, nixpkgs-unstable, flake-parts, colmena, ... }: + flake-parts.lib.mkFlake { inherit inputs; } { + imports = [ ./flake ]; + + systems = [ "x86_64-linux" "aarch64-linux" ]; + + perSystem = { pkgs, system, ... }: { + devShells.default = pkgs.mkShell { + packages = [ + # TODO: improve the way this override works + (inputs.colmena.packages.${system}.colmena.override { + nix-eval-jobs = pkgs.lixPackageSets.stable.nix-eval-jobs; + }) + inputs.agenix.packages.${system}.default + inputs.plasma-manager.packages.${system}.rc2nix + ]; + }; + }; + + flake.nixosConfigurations = self.outputs.colmenaHive.nodes; + flake.colmenaHive = colmena.lib.makeHive self.outputs.colmena; + + # The name of this output type is not standardised. I have picked + # "homeManagerModules" as the discussion here suggests it's the most common: + # https://github.com/nix-community/home-manager/issues/1783 + # + # However, note CppNix >= 2.22.3, >= 2.24 has blessed "homeModules": + # https://github.com/NixOS/nix/pull/10858 + flake.homeManagerModules = { + "qenya".imports = [ ./home/qenya ]; + "qenya@shaw".imports = [ ./hosts/shaw/home.nix ]; + }; + + fountain.backup = { + keys = { + elucredassa = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFa3hjej6KGmS2aQ4s46Y7U8pN4yyR2FuMofpHRwXNk syncoid@elucredassa" ]; + }; + sync = { + "orm-state" = { + dataset = "state"; + sourceHost = "orm"; + targetHost = "elucredassa"; + source = "rpool_orm"; + target = "rpool_elucredassa/backup/orm"; + }; + "kalessin-state" = { + dataset = "state"; + sourceHost = "kalessin"; + targetHost = "elucredassa"; + source = "rpool_kalessin"; + target = "rpool_elucredassa/backup/kalessin"; + }; + }; + }; + + flake.colmena = + let + home-manager = inputs.home-manager.nixosModules.home-manager; + home-manager-unstable = inputs.home-manager-unstable.nixosModules.home-manager; + in + { + meta = { + nixpkgs = import nixpkgs-unstable { system = "x86_64-linux"; }; + nodeNixpkgs = { + kilgharrah = import nixpkgs { system = "x86_64-linux"; }; + tohru = import nixpkgs { system = "x86_64-linux"; }; + elucredassa = import nixpkgs-small { system = "x86_64-linux"; }; + yevaud = import nixpkgs-small { system = "x86_64-linux"; }; + orm = import nixpkgs-small { system = "x86_64-linux"; }; + kalessin = import nixpkgs-small { system = "aarch64-linux"; }; + tehanu = import nixpkgs-small { system = "aarch64-linux"; }; + }; + specialArgs = { + inherit self; + inherit inputs; + }; + }; + + defaults = { config, lib, pkgs, ... }: { + deployment.targetHost = lib.mkDefault config.networking.fqdn; + deployment.buildOnTarget = lib.mkDefault true; + + imports = [ + inputs.agenix.nixosModules.default + ./common + ./services + ]; + }; + + kilgharrah.deployment.targetHost = null; # disable remote deployment + tohru.deployment.targetHost = null; # disable remote deployment + elucredassa.deployment.targetHost = "100.73.34.182"; # TODO: no fqdn yet + + kilgharrah.imports = [ ./hosts/kilgharrah home-manager ]; + tohru.imports = [ ./hosts/tohru home-manager ]; + elucredassa.imports = [ ./hosts/elucredassa home-manager ]; + yevaud.imports = [ ./hosts/yevaud home-manager ]; + orm.imports = [ ./hosts/orm home-manager ]; + kalessin.imports = [ ./hosts/kalessin home-manager ]; + tehanu.imports = [ ./hosts/tehanu home-manager ]; + }; + }; } diff --git a/flake/backup.nix b/flake/backup.nix new file mode 100644 index 0000000..6a103aa --- /dev/null +++ b/flake/backup.nix @@ -0,0 +1,134 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.fountain.backup; + keys = import ../keys.nix; + + syncOptions = { + dataset = lib.mkOption { + type = lib.types.str; + description = '' + The name of the dataset to be synced (not including its parent + datasets, if any). This will be the same on the source and target. + It must already exist on the source, defined with the + {option}`randomcat.services.zfs` module, and not exist on the target. + ''; + }; + sourceHost = lib.mkOption { + type = lib.types.str; + description = '' + The host from which the dataset should be synced. Must be an entry in + {option}`flake.colmena`. + ''; + }; + targetHost = lib.mkOption { + type = lib.types.str; + description = '' + The host to which the dataset should be synced. Must be an entry in + {option}`flake.colmena`. + ''; + }; + source = lib.mkOption { + type = lib.types.str; + description = '' + The path to the synced dataset in the ZFS namespace on the source host, + excluding the component that is the name of the dataset itself. + ''; + }; + target = lib.mkOption { + type = lib.types.str; + description = '' + The path to the synced dataset in the ZFS namespace on the target host, + excluding the component that is the name of the dataset itself. It must + already exist, defined with the {option}`randomcat.services.zfs` + module. + ''; + }; + }; +in +{ + options.fountain.backup = { + keys = lib.mkOption { + type = lib.types.attrsOf (lib.types.listOf lib.types.singleLineStr); + default = { }; + description = '' + Lists of verbatim OpenSSH public keys that may be used to identify the + syncoid user on each target host. The key to each list must be the + host's hostname, as listed in {option}`flake.colmena`. + ''; + example = { + host = [ "ssh-rsa AAAAB3NzaC1yc2etc/etc/etcjwrsh8e596z6J0l7 example@host" ]; + bar = [ "ssh-ed25519 AAAAC3NzaCetcetera/etceteraJZMfk3QPfQ foo@bar" ]; + }; + }; + + sync = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule { options = syncOptions; }); + default = { }; + description = '' + Details of ZFS datasets whose snapshots should be synced from machine + to machine using syncoid. Syncoid will run hourly at 15 past the hour + and copy all ZFS snapshots from the source dataset to the target + dataset (recursing into child datasets). + + See descriptions for the individual options for more details. The name + of each attribute in this set is arbitrary and used to generate systemd + unit names. + + This module does not actually cause snapshots to be taken; sanoid must + be configured separately to do this. + ''; + example = { + "orm-state" = { + dataset = "state"; + sourceHost = "orm"; + targetHost = "elucredassa"; + source = "rpool_orm"; + target = "rpool_elucredassa/backup/orm"; + }; + }; + }; + }; + + # TODO: add some assertions to verify the options + + config.flake.colmena = lib.mkMerge (lib.mapAttrsToList + (name: sync: + let + inherit (sync) dataset sourceHost targetHost source target; + sourceFqdn = "${sourceHost}.birdsong.network"; + in + { + ${sourceHost} = { pkgs, ... }: { + randomcat.services.zfs.datasets."${source}/${dataset}".zfsPermissions.users.backup = [ "hold" "send" ]; + + users.users.backup = { + group = "backup"; + isSystemUser = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = cfg.keys.${targetHost}; + packages = with pkgs; [ mbuffer lzop ]; # syncoid uses these if available but doesn't pull them in automatically + }; + users.groups.backup = { }; + }; + + ${targetHost} = { + randomcat.services.zfs.datasets.${target}.zfsPermissions.users.syncoid = [ "mount" "create" "receive" "recordsize" ]; + + services.syncoid = { + enable = true; + interval = "*-*-* *:15:00"; + commonArgs = [ "--no-sync-snap" ]; + commands = { + ${name} = { + source = "backup@${sourceFqdn}:${source}/${dataset}"; + target = "${target}/${dataset}"; + recursive = true; + recvOptions = "ux recordsize o compression=lz4"; + }; + }; + }; + }; + }) + cfg.sync + ); +} diff --git a/flake/colmena.nix b/flake/colmena.nix new file mode 100644 index 0000000..1679e17 --- /dev/null +++ b/flake/colmena.nix @@ -0,0 +1,19 @@ +# https://git.lix.systems/the-distro/infra/src/commit/fbb23bf517206175764f154ddfd304b9ec501f87/colmena.nix +{ lib, ... }: { + options.flake.colmena = lib.mkOption { + type = lib.types.submodule { + freeformType = lib.types.attrsOf (lib.mkOptionType { + name = "NixOS module"; + description = "module containing NixOS options and/or config"; + descriptionClass = "noun"; + check = value: builtins.isAttrs value || builtins.isFunction value || builtins.isPath value; + merge = loc: defs: { + imports = map (def: def.value) defs; + }; + }); + options.meta = lib.mkOption { + type = lib.types.attrs; + }; + }; + }; +} diff --git a/flake/default.nix b/flake/default.nix new file mode 100644 index 0000000..b567fab --- /dev/null +++ b/flake/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./backup.nix + ./colmena.nix + ]; +} diff --git a/home/qenya/.p10k.zsh b/home/qenya/.p10k.zsh new file mode 100644 index 0000000..a47b12a --- /dev/null +++ b/home/qenya/.p10k.zsh @@ -0,0 +1,1832 @@ +# Generated by Powerlevel10k configuration wizard on 2025-04-28 at 17:26 BST. +# Based on romkatv/powerlevel10k/config/p10k-rainbow.zsh. +# Wizard options: nerdfont-complete + powerline, small icons, rainbow, unicode, +# angled separators, sharp heads, round tails, 2 lines, disconnected, no frame, sparse, +# few icons, concise, transient_prompt, instant_prompt=off. +# Type `p10k configure` to generate another config. +# +# Config for Powerlevel10k with powerline prompt style with colorful background. +# Type `p10k configure` to generate your own config based on it. +# +# Tip: Looking for a nice color? Here's a one-liner to print colormap. +# +# for i in {0..255}; do print -Pn "%K{$i} %k%F{$i}${(l:3::0:)i}%f " ${${(M)$((i%6)):#3}:+$'\n'}; done + +# Temporarily change options. +'builtin' 'local' '-a' 'p10k_config_opts' +[[ ! -o 'aliases' ]] || p10k_config_opts+=('aliases') +[[ ! -o 'sh_glob' ]] || p10k_config_opts+=('sh_glob') +[[ ! -o 'no_brace_expand' ]] || p10k_config_opts+=('no_brace_expand') +'builtin' 'setopt' 'no_aliases' 'no_sh_glob' 'brace_expand' + +() { + emulate -L zsh -o extended_glob + + # Unset all configuration options. This allows you to apply configuration changes without + # restarting zsh. Edit ~/.p10k.zsh and type `source ~/.p10k.zsh`. + unset -m '(POWERLEVEL9K_*|DEFAULT_USER)~POWERLEVEL9K_GITSTATUS_DIR' + + # Zsh >= 5.1 is required. + [[ $ZSH_VERSION == (5.<1->*|<6->.*) ]] || return + + # The list of segments shown on the left. Fill it with the most important segments. + typeset -g POWERLEVEL9K_LEFT_PROMPT_ELEMENTS=( + # =========================[ Line #1 ]========================= + # os_icon # os identifier + dir # current directory + vcs # git status + # =========================[ Line #2 ]========================= + newline # \n + prompt_char # prompt symbol + ) + + # The list of segments shown on the right. Fill it with less important segments. + # Right prompt on the last prompt line (where you are typing your commands) gets + # automatically hidden when the input line reaches it. Right prompt above the + # last prompt line gets hidden if it would overlap with left prompt. + typeset -g POWERLEVEL9K_RIGHT_PROMPT_ELEMENTS=( + # =========================[ Line #1 ]========================= + status # exit code of the last command + command_execution_time # duration of the last command + background_jobs # presence of background jobs + direnv # direnv status (https://direnv.net/) + asdf # asdf version manager (https://github.com/asdf-vm/asdf) + virtualenv # python virtual environment (https://docs.python.org/3/library/venv.html) + anaconda # conda environment (https://conda.io/) + pyenv # python environment (https://github.com/pyenv/pyenv) + goenv # go environment (https://github.com/syndbg/goenv) + nodenv # node.js version from nodenv (https://github.com/nodenv/nodenv) + nvm # node.js version from nvm (https://github.com/nvm-sh/nvm) + nodeenv # node.js environment (https://github.com/ekalinin/nodeenv) + # node_version # node.js version + # go_version # go version (https://golang.org) + # rust_version # rustc version (https://www.rust-lang.org) + # dotnet_version # .NET version (https://dotnet.microsoft.com) + # php_version # php version (https://www.php.net/) + # laravel_version # laravel php framework version (https://laravel.com/) + # java_version # java version (https://www.java.com/) + # package # name@version from package.json (https://docs.npmjs.com/files/package.json) + rbenv # ruby version from rbenv (https://github.com/rbenv/rbenv) + rvm # ruby version from rvm (https://rvm.io) + fvm # flutter version management (https://github.com/leoafarias/fvm) + luaenv # lua version from luaenv (https://github.com/cehoffman/luaenv) + jenv # java version from jenv (https://github.com/jenv/jenv) + plenv # perl version from plenv (https://github.com/tokuhirom/plenv) + perlbrew # perl version from perlbrew (https://github.com/gugod/App-perlbrew) + phpenv # php version from phpenv (https://github.com/phpenv/phpenv) + scalaenv # scala version from scalaenv (https://github.com/scalaenv/scalaenv) + haskell_stack # haskell version from stack (https://haskellstack.org/) + kubecontext # current kubernetes context (https://kubernetes.io/) + terraform # terraform workspace (https://www.terraform.io) + # terraform_version # terraform version (https://www.terraform.io) + aws # aws profile (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html) + aws_eb_env # aws elastic beanstalk environment (https://aws.amazon.com/elasticbeanstalk/) + azure # azure account name (https://docs.microsoft.com/en-us/cli/azure) + gcloud # google cloud cli account and project (https://cloud.google.com/) + google_app_cred # google application credentials (https://cloud.google.com/docs/authentication/production) + toolbox # toolbox name (https://github.com/containers/toolbox) + context # user@hostname + nordvpn # nordvpn connection status, linux only (https://nordvpn.com/) + ranger # ranger shell (https://github.com/ranger/ranger) + nnn # nnn shell (https://github.com/jarun/nnn) + lf # lf shell (https://github.com/gokcehan/lf) + xplr # xplr shell (https://github.com/sayanarijit/xplr) + vim_shell # vim shell indicator (:sh) + midnight_commander # midnight commander shell (https://midnight-commander.org/) + nix_shell # nix shell (https://nixos.org/nixos/nix-pills/developing-with-nix-shell.html) + chezmoi_shell # chezmoi shell (https://www.chezmoi.io/) + # vi_mode # vi mode (you don't need this if you've enabled prompt_char) + # vpn_ip # virtual private network indicator + # load # CPU load + # disk_usage # disk usage + # ram # free RAM + # swap # used swap + todo # todo items (https://github.com/todotxt/todo.txt-cli) + timewarrior # timewarrior tracking status (https://timewarrior.net/) + taskwarrior # taskwarrior task count (https://taskwarrior.org/) + per_directory_history # Oh My Zsh per-directory-history local/global indicator + # cpu_arch # CPU architecture + # time # current time + # =========================[ Line #2 ]========================= + newline + # ip # ip address and bandwidth usage for a specified network interface + # public_ip # public IP address + # proxy # system-wide http/https/ftp proxy + # battery # internal battery + # wifi # wifi speed + # example # example user-defined segment (see prompt_example function below) + ) + + # Defines character set used by powerlevel10k. It's best to let `p10k configure` set it for you. + typeset -g POWERLEVEL9K_MODE=nerdfont-complete + # When set to `moderate`, some icons will have an extra space after them. This is meant to avoid + # icon overlap when using non-monospace fonts. When set to `none`, spaces are not added. + typeset -g POWERLEVEL9K_ICON_PADDING=none + + # When set to true, icons appear before content on both sides of the prompt. When set + # to false, icons go after content. If empty or not set, icons go before content in the left + # prompt and after content in the right prompt. + # + # You can also override it for a specific segment: + # + # POWERLEVEL9K_STATUS_ICON_BEFORE_CONTENT=false + # + # Or for a specific segment in specific state: + # + # POWERLEVEL9K_DIR_NOT_WRITABLE_ICON_BEFORE_CONTENT=false + typeset -g POWERLEVEL9K_ICON_BEFORE_CONTENT= + + # Add an empty line before each prompt. + typeset -g POWERLEVEL9K_PROMPT_ADD_NEWLINE=true + + # Connect left prompt lines with these symbols. You'll probably want to use the same color + # as POWERLEVEL9K_MULTILINE_FIRST_PROMPT_GAP_FOREGROUND below. + typeset -g POWERLEVEL9K_MULTILINE_FIRST_PROMPT_PREFIX= + typeset -g POWERLEVEL9K_MULTILINE_NEWLINE_PROMPT_PREFIX= + typeset -g POWERLEVEL9K_MULTILINE_LAST_PROMPT_PREFIX= + # Connect right prompt lines with these symbols. + typeset -g POWERLEVEL9K_MULTILINE_FIRST_PROMPT_SUFFIX= + typeset -g POWERLEVEL9K_MULTILINE_NEWLINE_PROMPT_SUFFIX= + typeset -g POWERLEVEL9K_MULTILINE_LAST_PROMPT_SUFFIX= + + # Filler between left and right prompt on the first prompt line. You can set it to ' ', '·' or + # '─'. The last two make it easier to see the alignment between left and right prompt and to + # separate prompt from command output. You might want to set POWERLEVEL9K_PROMPT_ADD_NEWLINE=false + # for more compact prompt if using this option. + typeset -g POWERLEVEL9K_MULTILINE_FIRST_PROMPT_GAP_CHAR=' ' + typeset -g POWERLEVEL9K_MULTILINE_FIRST_PROMPT_GAP_BACKGROUND= + typeset -g POWERLEVEL9K_MULTILINE_NEWLINE_PROMPT_GAP_BACKGROUND= + if [[ $POWERLEVEL9K_MULTILINE_FIRST_PROMPT_GAP_CHAR != ' ' ]]; then + # The color of the filler. You'll probably want to match the color of POWERLEVEL9K_MULTILINE + # ornaments defined above. + typeset -g POWERLEVEL9K_MULTILINE_FIRST_PROMPT_GAP_FOREGROUND=242 + # Start filler from the edge of the screen if there are no left segments on the first line. + typeset -g POWERLEVEL9K_EMPTY_LINE_LEFT_PROMPT_FIRST_SEGMENT_END_SYMBOL='%{%}' + # End filler on the edge of the screen if there are no right segments on the first line. + typeset -g POWERLEVEL9K_EMPTY_LINE_RIGHT_PROMPT_FIRST_SEGMENT_START_SYMBOL='%{%}' + fi + + # Separator between same-color segments on the left. + typeset -g POWERLEVEL9K_LEFT_SUBSEGMENT_SEPARATOR='\uE0B1' + # Separator between same-color segments on the right. + typeset -g POWERLEVEL9K_RIGHT_SUBSEGMENT_SEPARATOR='\uE0B3' + # Separator between different-color segments on the left. + typeset -g POWERLEVEL9K_LEFT_SEGMENT_SEPARATOR='\uE0B0' + # Separator between different-color segments on the right. + typeset -g POWERLEVEL9K_RIGHT_SEGMENT_SEPARATOR='\uE0B2' + # To remove a separator between two segments, add "_joined" to the second segment name. + # For example: POWERLEVEL9K_RIGHT_PROMPT_ELEMENTS=(os_icon context_joined) + + # The right end of left prompt. + typeset -g POWERLEVEL9K_LEFT_PROMPT_LAST_SEGMENT_END_SYMBOL='\uE0B0' + # The left end of right prompt. + typeset -g POWERLEVEL9K_RIGHT_PROMPT_FIRST_SEGMENT_START_SYMBOL='\uE0B2' + # The left end of left prompt. + typeset -g POWERLEVEL9K_LEFT_PROMPT_FIRST_SEGMENT_START_SYMBOL='\uE0B6' + # The right end of right prompt. + typeset -g POWERLEVEL9K_RIGHT_PROMPT_LAST_SEGMENT_END_SYMBOL='\uE0B4' + # Left prompt terminator for lines without any segments. + typeset -g POWERLEVEL9K_EMPTY_LINE_LEFT_PROMPT_LAST_SEGMENT_END_SYMBOL= + + #################################[ os_icon: os identifier ]################################## + # OS identifier color. + typeset -g POWERLEVEL9K_OS_ICON_FOREGROUND=232 + typeset -g POWERLEVEL9K_OS_ICON_BACKGROUND=7 + # Custom icon. + # typeset -g POWERLEVEL9K_OS_ICON_CONTENT_EXPANSION='⭐' + + ################################[ prompt_char: prompt symbol ]################################ + # Transparent background. + typeset -g POWERLEVEL9K_PROMPT_CHAR_BACKGROUND= + # Green prompt symbol if the last command succeeded. + typeset -g POWERLEVEL9K_PROMPT_CHAR_OK_{VIINS,VICMD,VIVIS,VIOWR}_FOREGROUND=76 + # Red prompt symbol if the last command failed. + typeset -g POWERLEVEL9K_PROMPT_CHAR_ERROR_{VIINS,VICMD,VIVIS,VIOWR}_FOREGROUND=196 + # Default prompt symbol. + typeset -g POWERLEVEL9K_PROMPT_CHAR_{OK,ERROR}_VIINS_CONTENT_EXPANSION='❯' + # Prompt symbol in command vi mode. + typeset -g POWERLEVEL9K_PROMPT_CHAR_{OK,ERROR}_VICMD_CONTENT_EXPANSION='❮' + # Prompt symbol in visual vi mode. + typeset -g POWERLEVEL9K_PROMPT_CHAR_{OK,ERROR}_VIVIS_CONTENT_EXPANSION='V' + # Prompt symbol in overwrite vi mode. + typeset -g POWERLEVEL9K_PROMPT_CHAR_{OK,ERROR}_VIOWR_CONTENT_EXPANSION='▶' + typeset -g POWERLEVEL9K_PROMPT_CHAR_OVERWRITE_STATE=true + # No line terminator if prompt_char is the last segment. + typeset -g POWERLEVEL9K_PROMPT_CHAR_LEFT_PROMPT_LAST_SEGMENT_END_SYMBOL= + # No line introducer if prompt_char is the first segment. + typeset -g POWERLEVEL9K_PROMPT_CHAR_LEFT_PROMPT_FIRST_SEGMENT_START_SYMBOL= + # No surrounding whitespace. + typeset -g POWERLEVEL9K_PROMPT_CHAR_LEFT_{LEFT,RIGHT}_WHITESPACE= + + ##################################[ dir: current directory ]################################## + # Current directory background color. + typeset -g POWERLEVEL9K_DIR_BACKGROUND=4 + # Default current directory foreground color. + typeset -g POWERLEVEL9K_DIR_FOREGROUND=254 + # If directory is too long, shorten some of its segments to the shortest possible unique + # prefix. The shortened directory can be tab-completed to the original. + typeset -g POWERLEVEL9K_SHORTEN_STRATEGY=truncate_to_unique + # Replace removed segment suffixes with this symbol. + typeset -g POWERLEVEL9K_SHORTEN_DELIMITER= + # Color of the shortened directory segments. + typeset -g POWERLEVEL9K_DIR_SHORTENED_FOREGROUND=250 + # Color of the anchor directory segments. Anchor segments are never shortened. The first + # segment is always an anchor. + typeset -g POWERLEVEL9K_DIR_ANCHOR_FOREGROUND=255 + # Display anchor directory segments in bold. + typeset -g POWERLEVEL9K_DIR_ANCHOR_BOLD=true + # Don't shorten directories that contain any of these files. They are anchors. + local anchor_files=( + .bzr + .citc + .git + .hg + .node-version + .python-version + .go-version + .ruby-version + .lua-version + .java-version + .perl-version + .php-version + .tool-versions + .shorten_folder_marker + .svn + .terraform + CVS + Cargo.toml + composer.json + go.mod + package.json + stack.yaml + ) + typeset -g POWERLEVEL9K_SHORTEN_FOLDER_MARKER="(${(j:|:)anchor_files})" + # If set to "first" ("last"), remove everything before the first (last) subdirectory that contains + # files matching $POWERLEVEL9K_SHORTEN_FOLDER_MARKER. For example, when the current directory is + # /foo/bar/git_repo/nested_git_repo/baz, prompt will display git_repo/nested_git_repo/baz (first) + # or nested_git_repo/baz (last). This assumes that git_repo and nested_git_repo contain markers + # and other directories don't. + # + # Optionally, "first" and "last" can be followed by ":" where is an integer. + # This moves the truncation point to the right (positive offset) or to the left (negative offset) + # relative to the marker. Plain "first" and "last" are equivalent to "first:0" and "last:0" + # respectively. + typeset -g POWERLEVEL9K_DIR_TRUNCATE_BEFORE_MARKER=false + # Don't shorten this many last directory segments. They are anchors. + typeset -g POWERLEVEL9K_SHORTEN_DIR_LENGTH=1 + # Shorten directory if it's longer than this even if there is space for it. The value can + # be either absolute (e.g., '80') or a percentage of terminal width (e.g, '50%'). If empty, + # directory will be shortened only when prompt doesn't fit or when other parameters demand it + # (see POWERLEVEL9K_DIR_MIN_COMMAND_COLUMNS and POWERLEVEL9K_DIR_MIN_COMMAND_COLUMNS_PCT below). + # If set to `0`, directory will always be shortened to its minimum length. + typeset -g POWERLEVEL9K_DIR_MAX_LENGTH=80 + # When `dir` segment is on the last prompt line, try to shorten it enough to leave at least this + # many columns for typing commands. + typeset -g POWERLEVEL9K_DIR_MIN_COMMAND_COLUMNS=40 + # When `dir` segment is on the last prompt line, try to shorten it enough to leave at least + # COLUMNS * POWERLEVEL9K_DIR_MIN_COMMAND_COLUMNS_PCT * 0.01 columns for typing commands. + typeset -g POWERLEVEL9K_DIR_MIN_COMMAND_COLUMNS_PCT=50 + # If set to true, embed a hyperlink into the directory. Useful for quickly + # opening a directory in the file manager simply by clicking the link. + # Can also be handy when the directory is shortened, as it allows you to see + # the full directory that was used in previous commands. + typeset -g POWERLEVEL9K_DIR_HYPERLINK=false + + # Enable special styling for non-writable and non-existent directories. See POWERLEVEL9K_LOCK_ICON + # and POWERLEVEL9K_DIR_CLASSES below. + typeset -g POWERLEVEL9K_DIR_SHOW_WRITABLE=v3 + + # The default icon shown next to non-writable and non-existent directories when + # POWERLEVEL9K_DIR_SHOW_WRITABLE is set to v3. + # typeset -g POWERLEVEL9K_LOCK_ICON='⭐' + + # POWERLEVEL9K_DIR_CLASSES allows you to specify custom icons and colors for different + # directories. It must be an array with 3 * N elements. Each triplet consists of: + # + # 1. A pattern against which the current directory ($PWD) is matched. Matching is done with + # extended_glob option enabled. + # 2. Directory class for the purpose of styling. + # 3. An empty string. + # + # Triplets are tried in order. The first triplet whose pattern matches $PWD wins. + # + # If POWERLEVEL9K_DIR_SHOW_WRITABLE is set to v3, non-writable and non-existent directories + # acquire class suffix _NOT_WRITABLE and NON_EXISTENT respectively. + # + # For example, given these settings: + # + # typeset -g POWERLEVEL9K_DIR_CLASSES=( + # '~/work(|/*)' WORK '' + # '~(|/*)' HOME '' + # '*' DEFAULT '') + # + # Whenever the current directory is ~/work or a subdirectory of ~/work, it gets styled with one + # of the following classes depending on its writability and existence: WORK, WORK_NOT_WRITABLE or + # WORK_NON_EXISTENT. + # + # Simply assigning classes to directories doesn't have any visible effects. It merely gives you an + # option to define custom colors and icons for different directory classes. + # + # # Styling for WORK. + # typeset -g POWERLEVEL9K_DIR_WORK_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_DIR_WORK_BACKGROUND=4 + # typeset -g POWERLEVEL9K_DIR_WORK_FOREGROUND=254 + # typeset -g POWERLEVEL9K_DIR_WORK_SHORTENED_FOREGROUND=250 + # typeset -g POWERLEVEL9K_DIR_WORK_ANCHOR_FOREGROUND=255 + # + # # Styling for WORK_NOT_WRITABLE. + # typeset -g POWERLEVEL9K_DIR_WORK_NOT_WRITABLE_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_DIR_WORK_NOT_WRITABLE_BACKGROUND=4 + # typeset -g POWERLEVEL9K_DIR_WORK_NOT_WRITABLE_FOREGROUND=254 + # typeset -g POWERLEVEL9K_DIR_WORK_NOT_WRITABLE_SHORTENED_FOREGROUND=250 + # typeset -g POWERLEVEL9K_DIR_WORK_NOT_WRITABLE_ANCHOR_FOREGROUND=255 + # + # # Styling for WORK_NON_EXISTENT. + # typeset -g POWERLEVEL9K_DIR_WORK_NON_EXISTENT_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_DIR_WORK_NON_EXISTENT_BACKGROUND=4 + # typeset -g POWERLEVEL9K_DIR_WORK_NON_EXISTENT_FOREGROUND=254 + # typeset -g POWERLEVEL9K_DIR_WORK_NON_EXISTENT_SHORTENED_FOREGROUND=250 + # typeset -g POWERLEVEL9K_DIR_WORK_NON_EXISTENT_ANCHOR_FOREGROUND=255 + # + # If a styling parameter isn't explicitly defined for some class, it falls back to the classless + # parameter. For example, if POWERLEVEL9K_DIR_WORK_NOT_WRITABLE_FOREGROUND is not set, it falls + # back to POWERLEVEL9K_DIR_FOREGROUND. + # + typeset -g POWERLEVEL9K_DIR_CLASSES=() + + # Custom prefix. + # typeset -g POWERLEVEL9K_DIR_PREFIX='in ' + + #####################################[ vcs: git status ]###################################### + # Version control background colors. + typeset -g POWERLEVEL9K_VCS_CLEAN_BACKGROUND=2 + typeset -g POWERLEVEL9K_VCS_MODIFIED_BACKGROUND=3 + typeset -g POWERLEVEL9K_VCS_UNTRACKED_BACKGROUND=2 + typeset -g POWERLEVEL9K_VCS_CONFLICTED_BACKGROUND=3 + typeset -g POWERLEVEL9K_VCS_LOADING_BACKGROUND=8 + + # Branch icon. Set this parameter to '\UE0A0 ' for the popular Powerline branch icon. + typeset -g POWERLEVEL9K_VCS_BRANCH_ICON= + + # Untracked files icon. It's really a question mark, your font isn't broken. + # Change the value of this parameter to show a different icon. + typeset -g POWERLEVEL9K_VCS_UNTRACKED_ICON='?' + + # Formatter for Git status. + # + # Example output: master wip ⇣42⇡42 *42 merge ~42 +42 !42 ?42. + # + # You can edit the function to customize how Git status looks. + # + # VCS_STATUS_* parameters are set by gitstatus plugin. See reference: + # https://github.com/romkatv/gitstatus/blob/master/gitstatus.plugin.zsh. + function my_git_formatter() { + emulate -L zsh + + if [[ -n $P9K_CONTENT ]]; then + # If P9K_CONTENT is not empty, use it. It's either "loading" or from vcs_info (not from + # gitstatus plugin). VCS_STATUS_* parameters are not available in this case. + typeset -g my_git_format=$P9K_CONTENT + return + fi + + # Styling for different parts of Git status. + local meta='%7F' # white foreground + local clean='%0F' # black foreground + local modified='%0F' # black foreground + local untracked='%0F' # black foreground + local conflicted='%1F' # red foreground + + local res + + if [[ -n $VCS_STATUS_LOCAL_BRANCH ]]; then + local branch=${(V)VCS_STATUS_LOCAL_BRANCH} + # If local branch name is at most 32 characters long, show it in full. + # Otherwise show the first 12 … the last 12. + # Tip: To always show local branch name in full without truncation, delete the next line. + (( $#branch > 32 )) && branch[13,-13]="…" # <-- this line + res+="${clean}${(g::)POWERLEVEL9K_VCS_BRANCH_ICON}${branch//\%/%%}" + fi + + if [[ -n $VCS_STATUS_TAG + # Show tag only if not on a branch. + # Tip: To always show tag, delete the next line. + && -z $VCS_STATUS_LOCAL_BRANCH # <-- this line + ]]; then + local tag=${(V)VCS_STATUS_TAG} + # If tag name is at most 32 characters long, show it in full. + # Otherwise show the first 12 … the last 12. + # Tip: To always show tag name in full without truncation, delete the next line. + (( $#tag > 32 )) && tag[13,-13]="…" # <-- this line + res+="${meta}#${clean}${tag//\%/%%}" + fi + + # Display the current Git commit if there is no branch and no tag. + # Tip: To always display the current Git commit, delete the next line. + [[ -z $VCS_STATUS_LOCAL_BRANCH && -z $VCS_STATUS_TAG ]] && # <-- this line + res+="${meta}@${clean}${VCS_STATUS_COMMIT[1,8]}" + + # Show tracking branch name if it differs from local branch. + if [[ -n ${VCS_STATUS_REMOTE_BRANCH:#$VCS_STATUS_LOCAL_BRANCH} ]]; then + res+="${meta}:${clean}${(V)VCS_STATUS_REMOTE_BRANCH//\%/%%}" + fi + + # Display "wip" if the latest commit's summary contains "wip" or "WIP". + if [[ $VCS_STATUS_COMMIT_SUMMARY == (|*[^[:alnum:]])(wip|WIP)(|[^[:alnum:]]*) ]]; then + res+=" ${modified}wip" + fi + + if (( VCS_STATUS_COMMITS_AHEAD || VCS_STATUS_COMMITS_BEHIND )); then + # ⇣42 if behind the remote. + (( VCS_STATUS_COMMITS_BEHIND )) && res+=" ${clean}⇣${VCS_STATUS_COMMITS_BEHIND}" + # ⇡42 if ahead of the remote; no leading space if also behind the remote: ⇣42⇡42. + (( VCS_STATUS_COMMITS_AHEAD && !VCS_STATUS_COMMITS_BEHIND )) && res+=" " + (( VCS_STATUS_COMMITS_AHEAD )) && res+="${clean}⇡${VCS_STATUS_COMMITS_AHEAD}" + elif [[ -n $VCS_STATUS_REMOTE_BRANCH ]]; then + # Tip: Uncomment the next line to display '=' if up to date with the remote. + # res+=" ${clean}=" + fi + + # ⇠42 if behind the push remote. + (( VCS_STATUS_PUSH_COMMITS_BEHIND )) && res+=" ${clean}⇠${VCS_STATUS_PUSH_COMMITS_BEHIND}" + (( VCS_STATUS_PUSH_COMMITS_AHEAD && !VCS_STATUS_PUSH_COMMITS_BEHIND )) && res+=" " + # ⇢42 if ahead of the push remote; no leading space if also behind: ⇠42⇢42. + (( VCS_STATUS_PUSH_COMMITS_AHEAD )) && res+="${clean}⇢${VCS_STATUS_PUSH_COMMITS_AHEAD}" + # *42 if have stashes. + (( VCS_STATUS_STASHES )) && res+=" ${clean}*${VCS_STATUS_STASHES}" + # 'merge' if the repo is in an unusual state. + [[ -n $VCS_STATUS_ACTION ]] && res+=" ${conflicted}${VCS_STATUS_ACTION}" + # ~42 if have merge conflicts. + (( VCS_STATUS_NUM_CONFLICTED )) && res+=" ${conflicted}~${VCS_STATUS_NUM_CONFLICTED}" + # +42 if have staged changes. + (( VCS_STATUS_NUM_STAGED )) && res+=" ${modified}+${VCS_STATUS_NUM_STAGED}" + # !42 if have unstaged changes. + (( VCS_STATUS_NUM_UNSTAGED )) && res+=" ${modified}!${VCS_STATUS_NUM_UNSTAGED}" + # ?42 if have untracked files. It's really a question mark, your font isn't broken. + # See POWERLEVEL9K_VCS_UNTRACKED_ICON above if you want to use a different icon. + # Remove the next line if you don't want to see untracked files at all. + (( VCS_STATUS_NUM_UNTRACKED )) && res+=" ${untracked}${(g::)POWERLEVEL9K_VCS_UNTRACKED_ICON}${VCS_STATUS_NUM_UNTRACKED}" + # "─" if the number of unstaged files is unknown. This can happen due to + # POWERLEVEL9K_VCS_MAX_INDEX_SIZE_DIRTY (see below) being set to a non-negative number lower + # than the number of files in the Git index, or due to bash.showDirtyState being set to false + # in the repository config. The number of staged and untracked files may also be unknown + # in this case. + (( VCS_STATUS_HAS_UNSTAGED == -1 )) && res+=" ${modified}─" + + typeset -g my_git_format=$res + } + functions -M my_git_formatter 2>/dev/null + + # Don't count the number of unstaged, untracked and conflicted files in Git repositories with + # more than this many files in the index. Negative value means infinity. + # + # If you are working in Git repositories with tens of millions of files and seeing performance + # sagging, try setting POWERLEVEL9K_VCS_MAX_INDEX_SIZE_DIRTY to a number lower than the output + # of `git ls-files | wc -l`. Alternatively, add `bash.showDirtyState = false` to the repository's + # config: `git config bash.showDirtyState false`. + typeset -g POWERLEVEL9K_VCS_MAX_INDEX_SIZE_DIRTY=-1 + + # Don't show Git status in prompt for repositories whose workdir matches this pattern. + # For example, if set to '~', the Git repository at $HOME/.git will be ignored. + # Multiple patterns can be combined with '|': '~(|/foo)|/bar/baz/*'. + typeset -g POWERLEVEL9K_VCS_DISABLED_WORKDIR_PATTERN='~' + + # Disable the default Git status formatting. + typeset -g POWERLEVEL9K_VCS_DISABLE_GITSTATUS_FORMATTING=true + # Install our own Git status formatter. + typeset -g POWERLEVEL9K_VCS_CONTENT_EXPANSION='${$((my_git_formatter()))+${my_git_format}}' + # Enable counters for staged, unstaged, etc. + typeset -g POWERLEVEL9K_VCS_{STAGED,UNSTAGED,UNTRACKED,CONFLICTED,COMMITS_AHEAD,COMMITS_BEHIND}_MAX_NUM=-1 + + # Custom icon. + typeset -g POWERLEVEL9K_VCS_VISUAL_IDENTIFIER_EXPANSION= + # Custom prefix. + # typeset -g POWERLEVEL9K_VCS_PREFIX='on ' + + # Show status of repositories of these types. You can add svn and/or hg if you are + # using them. If you do, your prompt may become slow even when your current directory + # isn't in an svn or hg repository. + typeset -g POWERLEVEL9K_VCS_BACKENDS=(git) + + ##########################[ status: exit code of the last command ]########################### + # Enable OK_PIPE, ERROR_PIPE and ERROR_SIGNAL status states to allow us to enable, disable and + # style them independently from the regular OK and ERROR state. + typeset -g POWERLEVEL9K_STATUS_EXTENDED_STATES=true + + # Status on success. No content, just an icon. No need to show it if prompt_char is enabled as + # it will signify success by turning green. + typeset -g POWERLEVEL9K_STATUS_OK=false + typeset -g POWERLEVEL9K_STATUS_OK_VISUAL_IDENTIFIER_EXPANSION='✔' + typeset -g POWERLEVEL9K_STATUS_OK_FOREGROUND=2 + typeset -g POWERLEVEL9K_STATUS_OK_BACKGROUND=0 + + # Status when some part of a pipe command fails but the overall exit status is zero. It may look + # like this: 1|0. + typeset -g POWERLEVEL9K_STATUS_OK_PIPE=true + typeset -g POWERLEVEL9K_STATUS_OK_PIPE_VISUAL_IDENTIFIER_EXPANSION='✔' + typeset -g POWERLEVEL9K_STATUS_OK_PIPE_FOREGROUND=2 + typeset -g POWERLEVEL9K_STATUS_OK_PIPE_BACKGROUND=0 + + # Status when it's just an error code (e.g., '1'). No need to show it if prompt_char is enabled as + # it will signify error by turning red. + typeset -g POWERLEVEL9K_STATUS_ERROR=false + typeset -g POWERLEVEL9K_STATUS_ERROR_VISUAL_IDENTIFIER_EXPANSION='✘' + typeset -g POWERLEVEL9K_STATUS_ERROR_FOREGROUND=3 + typeset -g POWERLEVEL9K_STATUS_ERROR_BACKGROUND=1 + + # Status when the last command was terminated by a signal. + typeset -g POWERLEVEL9K_STATUS_ERROR_SIGNAL=true + # Use terse signal names: "INT" instead of "SIGINT(2)". + typeset -g POWERLEVEL9K_STATUS_VERBOSE_SIGNAME=false + typeset -g POWERLEVEL9K_STATUS_ERROR_SIGNAL_VISUAL_IDENTIFIER_EXPANSION='✘' + typeset -g POWERLEVEL9K_STATUS_ERROR_SIGNAL_FOREGROUND=3 + typeset -g POWERLEVEL9K_STATUS_ERROR_SIGNAL_BACKGROUND=1 + + # Status when some part of a pipe command fails and the overall exit status is also non-zero. + # It may look like this: 1|0. + typeset -g POWERLEVEL9K_STATUS_ERROR_PIPE=true + typeset -g POWERLEVEL9K_STATUS_ERROR_PIPE_VISUAL_IDENTIFIER_EXPANSION='✘' + typeset -g POWERLEVEL9K_STATUS_ERROR_PIPE_FOREGROUND=3 + typeset -g POWERLEVEL9K_STATUS_ERROR_PIPE_BACKGROUND=1 + + ###################[ command_execution_time: duration of the last command ]################### + # Execution time color. + typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_FOREGROUND=0 + typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_BACKGROUND=3 + # Show duration of the last command if takes at least this many seconds. + typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_THRESHOLD=3 + # Show this many fractional digits. Zero means round to seconds. + typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_PRECISION=0 + # Duration format: 1d 2h 3m 4s. + typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_FORMAT='d h m s' + # Custom icon. + typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_VISUAL_IDENTIFIER_EXPANSION= + # Custom prefix. + # typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_PREFIX='took ' + + #######################[ background_jobs: presence of background jobs ]####################### + # Background jobs color. + typeset -g POWERLEVEL9K_BACKGROUND_JOBS_FOREGROUND=6 + typeset -g POWERLEVEL9K_BACKGROUND_JOBS_BACKGROUND=0 + # Don't show the number of background jobs. + typeset -g POWERLEVEL9K_BACKGROUND_JOBS_VERBOSE=false + # Custom icon. + # typeset -g POWERLEVEL9K_BACKGROUND_JOBS_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #######################[ direnv: direnv status (https://direnv.net/) ]######################## + # Direnv color. + typeset -g POWERLEVEL9K_DIRENV_FOREGROUND=3 + typeset -g POWERLEVEL9K_DIRENV_BACKGROUND=0 + # Custom icon. + # typeset -g POWERLEVEL9K_DIRENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###############[ asdf: asdf version manager (https://github.com/asdf-vm/asdf) ]############### + # Default asdf color. Only used to display tools for which there is no color override (see below). + # Tip: Override these parameters for ${TOOL} with POWERLEVEL9K_ASDF_${TOOL}_FOREGROUND and + # POWERLEVEL9K_ASDF_${TOOL}_BACKGROUND. + typeset -g POWERLEVEL9K_ASDF_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_BACKGROUND=7 + + # There are four parameters that can be used to hide asdf tools. Each parameter describes + # conditions under which a tool gets hidden. Parameters can hide tools but not unhide them. If at + # least one parameter decides to hide a tool, that tool gets hidden. If no parameter decides to + # hide a tool, it gets shown. + # + # Special note on the difference between POWERLEVEL9K_ASDF_SOURCES and + # POWERLEVEL9K_ASDF_PROMPT_ALWAYS_SHOW. Consider the effect of the following commands: + # + # asdf local python 3.8.1 + # asdf global python 3.8.1 + # + # After running both commands the current python version is 3.8.1 and its source is "local" as + # it takes precedence over "global". If POWERLEVEL9K_ASDF_PROMPT_ALWAYS_SHOW is set to false, + # it'll hide python version in this case because 3.8.1 is the same as the global version. + # POWERLEVEL9K_ASDF_SOURCES will hide python version only if the value of this parameter doesn't + # contain "local". + + # Hide tool versions that don't come from one of these sources. + # + # Available sources: + # + # - shell `asdf current` says "set by ASDF_${TOOL}_VERSION environment variable" + # - local `asdf current` says "set by /some/not/home/directory/file" + # - global `asdf current` says "set by /home/username/file" + # + # Note: If this parameter is set to (shell local global), it won't hide tools. + # Tip: Override this parameter for ${TOOL} with POWERLEVEL9K_ASDF_${TOOL}_SOURCES. + typeset -g POWERLEVEL9K_ASDF_SOURCES=(shell local global) + + # If set to false, hide tool versions that are the same as global. + # + # Note: The name of this parameter doesn't reflect its meaning at all. + # Note: If this parameter is set to true, it won't hide tools. + # Tip: Override this parameter for ${TOOL} with POWERLEVEL9K_ASDF_${TOOL}_PROMPT_ALWAYS_SHOW. + typeset -g POWERLEVEL9K_ASDF_PROMPT_ALWAYS_SHOW=false + + # If set to false, hide tool versions that are equal to "system". + # + # Note: If this parameter is set to true, it won't hide tools. + # Tip: Override this parameter for ${TOOL} with POWERLEVEL9K_ASDF_${TOOL}_SHOW_SYSTEM. + typeset -g POWERLEVEL9K_ASDF_SHOW_SYSTEM=true + + # If set to non-empty value, hide tools unless there is a file matching the specified file pattern + # in the current directory, or its parent directory, or its grandparent directory, and so on. + # + # Note: If this parameter is set to empty value, it won't hide tools. + # Note: SHOW_ON_UPGLOB isn't specific to asdf. It works with all prompt segments. + # Tip: Override this parameter for ${TOOL} with POWERLEVEL9K_ASDF_${TOOL}_SHOW_ON_UPGLOB. + # + # Example: Hide nodejs version when there is no package.json and no *.js files in the current + # directory, in `..`, in `../..` and so on. + # + # typeset -g POWERLEVEL9K_ASDF_NODEJS_SHOW_ON_UPGLOB='*.js|package.json' + typeset -g POWERLEVEL9K_ASDF_SHOW_ON_UPGLOB= + + # Ruby version from asdf. + typeset -g POWERLEVEL9K_ASDF_RUBY_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_RUBY_BACKGROUND=1 + # typeset -g POWERLEVEL9K_ASDF_RUBY_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_RUBY_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Python version from asdf. + typeset -g POWERLEVEL9K_ASDF_PYTHON_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_PYTHON_BACKGROUND=4 + # typeset -g POWERLEVEL9K_ASDF_PYTHON_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_PYTHON_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Go version from asdf. + typeset -g POWERLEVEL9K_ASDF_GOLANG_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_GOLANG_BACKGROUND=4 + # typeset -g POWERLEVEL9K_ASDF_GOLANG_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_GOLANG_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Node.js version from asdf. + typeset -g POWERLEVEL9K_ASDF_NODEJS_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_NODEJS_BACKGROUND=2 + # typeset -g POWERLEVEL9K_ASDF_NODEJS_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_NODEJS_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Rust version from asdf. + typeset -g POWERLEVEL9K_ASDF_RUST_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_RUST_BACKGROUND=208 + # typeset -g POWERLEVEL9K_ASDF_RUST_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_RUST_SHOW_ON_UPGLOB='*.foo|*.bar' + + # .NET Core version from asdf. + typeset -g POWERLEVEL9K_ASDF_DOTNET_CORE_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_DOTNET_CORE_BACKGROUND=5 + # typeset -g POWERLEVEL9K_ASDF_DOTNET_CORE_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_DOTNET_CORE_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Flutter version from asdf. + typeset -g POWERLEVEL9K_ASDF_FLUTTER_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_FLUTTER_BACKGROUND=4 + # typeset -g POWERLEVEL9K_ASDF_FLUTTER_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_FLUTTER_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Lua version from asdf. + typeset -g POWERLEVEL9K_ASDF_LUA_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_LUA_BACKGROUND=4 + # typeset -g POWERLEVEL9K_ASDF_LUA_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_LUA_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Java version from asdf. + typeset -g POWERLEVEL9K_ASDF_JAVA_FOREGROUND=1 + typeset -g POWERLEVEL9K_ASDF_JAVA_BACKGROUND=7 + # typeset -g POWERLEVEL9K_ASDF_JAVA_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_JAVA_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Perl version from asdf. + typeset -g POWERLEVEL9K_ASDF_PERL_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_PERL_BACKGROUND=4 + # typeset -g POWERLEVEL9K_ASDF_PERL_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_PERL_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Erlang version from asdf. + typeset -g POWERLEVEL9K_ASDF_ERLANG_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_ERLANG_BACKGROUND=1 + # typeset -g POWERLEVEL9K_ASDF_ERLANG_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_ERLANG_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Elixir version from asdf. + typeset -g POWERLEVEL9K_ASDF_ELIXIR_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_ELIXIR_BACKGROUND=5 + # typeset -g POWERLEVEL9K_ASDF_ELIXIR_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_ELIXIR_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Postgres version from asdf. + typeset -g POWERLEVEL9K_ASDF_POSTGRES_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_POSTGRES_BACKGROUND=6 + # typeset -g POWERLEVEL9K_ASDF_POSTGRES_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_POSTGRES_SHOW_ON_UPGLOB='*.foo|*.bar' + + # PHP version from asdf. + typeset -g POWERLEVEL9K_ASDF_PHP_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_PHP_BACKGROUND=5 + # typeset -g POWERLEVEL9K_ASDF_PHP_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_PHP_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Haskell version from asdf. + typeset -g POWERLEVEL9K_ASDF_HASKELL_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_HASKELL_BACKGROUND=3 + # typeset -g POWERLEVEL9K_ASDF_HASKELL_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_HASKELL_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Julia version from asdf. + typeset -g POWERLEVEL9K_ASDF_JULIA_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_JULIA_BACKGROUND=2 + # typeset -g POWERLEVEL9K_ASDF_JULIA_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_JULIA_SHOW_ON_UPGLOB='*.foo|*.bar' + + ##########[ nordvpn: nordvpn connection status, linux only (https://nordvpn.com/) ]########### + # NordVPN connection indicator color. + typeset -g POWERLEVEL9K_NORDVPN_FOREGROUND=7 + typeset -g POWERLEVEL9K_NORDVPN_BACKGROUND=4 + # Hide NordVPN connection indicator when not connected. + typeset -g POWERLEVEL9K_NORDVPN_{DISCONNECTED,CONNECTING,DISCONNECTING}_CONTENT_EXPANSION= + typeset -g POWERLEVEL9K_NORDVPN_{DISCONNECTED,CONNECTING,DISCONNECTING}_VISUAL_IDENTIFIER_EXPANSION= + # Custom icon. + # typeset -g POWERLEVEL9K_NORDVPN_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #################[ ranger: ranger shell (https://github.com/ranger/ranger) ]################## + # Ranger shell color. + typeset -g POWERLEVEL9K_RANGER_FOREGROUND=3 + typeset -g POWERLEVEL9K_RANGER_BACKGROUND=0 + # Custom icon. + # typeset -g POWERLEVEL9K_RANGER_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ######################[ nnn: nnn shell (https://github.com/jarun/nnn) ]####################### + # Nnn shell color. + typeset -g POWERLEVEL9K_NNN_FOREGROUND=0 + typeset -g POWERLEVEL9K_NNN_BACKGROUND=6 + # Custom icon. + # typeset -g POWERLEVEL9K_NNN_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ######################[ lf: lf shell (https://github.com/gokcehan/lf) ]####################### + # lf shell color. + typeset -g POWERLEVEL9K_LF_FOREGROUND=0 + typeset -g POWERLEVEL9K_LF_BACKGROUND=6 + # Custom icon. + # typeset -g POWERLEVEL9K_LF_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##################[ xplr: xplr shell (https://github.com/sayanarijit/xplr) ]################## + # xplr shell color. + typeset -g POWERLEVEL9K_XPLR_FOREGROUND=0 + typeset -g POWERLEVEL9K_XPLR_BACKGROUND=6 + # Custom icon. + # typeset -g POWERLEVEL9K_XPLR_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###########################[ vim_shell: vim shell indicator (:sh) ]########################### + # Vim shell indicator color. + typeset -g POWERLEVEL9K_VIM_SHELL_FOREGROUND=0 + typeset -g POWERLEVEL9K_VIM_SHELL_BACKGROUND=2 + # Custom icon. + # typeset -g POWERLEVEL9K_VIM_SHELL_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ######[ midnight_commander: midnight commander shell (https://midnight-commander.org/) ]###### + # Midnight Commander shell color. + typeset -g POWERLEVEL9K_MIDNIGHT_COMMANDER_FOREGROUND=3 + typeset -g POWERLEVEL9K_MIDNIGHT_COMMANDER_BACKGROUND=0 + # Custom icon. + # typeset -g POWERLEVEL9K_MIDNIGHT_COMMANDER_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #[ nix_shell: nix shell (https://nixos.org/nixos/nix-pills/developing-with-nix-shell.html) ]## + # Nix shell color. + typeset -g POWERLEVEL9K_NIX_SHELL_FOREGROUND=0 + typeset -g POWERLEVEL9K_NIX_SHELL_BACKGROUND=4 + + # Display the icon of nix_shell if PATH contains a subdirectory of /nix/store. + # typeset -g POWERLEVEL9K_NIX_SHELL_INFER_FROM_PATH=false + + # Tip: If you want to see just the icon without "pure" and "impure", uncomment the next line. + # typeset -g POWERLEVEL9K_NIX_SHELL_CONTENT_EXPANSION= + + # Custom icon. + # typeset -g POWERLEVEL9K_NIX_SHELL_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##################[ chezmoi_shell: chezmoi shell (https://www.chezmoi.io/) ]################## + # chezmoi shell color. + typeset -g POWERLEVEL9K_CHEZMOI_SHELL_FOREGROUND=0 + typeset -g POWERLEVEL9K_CHEZMOI_SHELL_BACKGROUND=4 + # Custom icon. + # typeset -g POWERLEVEL9K_CHEZMOI_SHELL_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##################################[ disk_usage: disk usage ]################################## + # Colors for different levels of disk usage. + typeset -g POWERLEVEL9K_DISK_USAGE_NORMAL_FOREGROUND=3 + typeset -g POWERLEVEL9K_DISK_USAGE_NORMAL_BACKGROUND=0 + typeset -g POWERLEVEL9K_DISK_USAGE_WARNING_FOREGROUND=0 + typeset -g POWERLEVEL9K_DISK_USAGE_WARNING_BACKGROUND=3 + typeset -g POWERLEVEL9K_DISK_USAGE_CRITICAL_FOREGROUND=7 + typeset -g POWERLEVEL9K_DISK_USAGE_CRITICAL_BACKGROUND=1 + # Thresholds for different levels of disk usage (percentage points). + typeset -g POWERLEVEL9K_DISK_USAGE_WARNING_LEVEL=90 + typeset -g POWERLEVEL9K_DISK_USAGE_CRITICAL_LEVEL=95 + # If set to true, hide disk usage when below $POWERLEVEL9K_DISK_USAGE_WARNING_LEVEL percent. + typeset -g POWERLEVEL9K_DISK_USAGE_ONLY_WARNING=false + # Custom icon. + # typeset -g POWERLEVEL9K_DISK_USAGE_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###########[ vi_mode: vi mode (you don't need this if you've enabled prompt_char) ]########### + # Foreground color. + typeset -g POWERLEVEL9K_VI_MODE_FOREGROUND=0 + # Text and color for normal (a.k.a. command) vi mode. + typeset -g POWERLEVEL9K_VI_COMMAND_MODE_STRING=NORMAL + typeset -g POWERLEVEL9K_VI_MODE_NORMAL_BACKGROUND=2 + # Text and color for visual vi mode. + typeset -g POWERLEVEL9K_VI_VISUAL_MODE_STRING=VISUAL + typeset -g POWERLEVEL9K_VI_MODE_VISUAL_BACKGROUND=4 + # Text and color for overtype (a.k.a. overwrite and replace) vi mode. + typeset -g POWERLEVEL9K_VI_OVERWRITE_MODE_STRING=OVERTYPE + typeset -g POWERLEVEL9K_VI_MODE_OVERWRITE_BACKGROUND=3 + # Text and color for insert vi mode. + typeset -g POWERLEVEL9K_VI_INSERT_MODE_STRING= + typeset -g POWERLEVEL9K_VI_MODE_INSERT_FOREGROUND=8 + + ######################################[ ram: free RAM ]####################################### + # RAM color. + typeset -g POWERLEVEL9K_RAM_FOREGROUND=0 + typeset -g POWERLEVEL9K_RAM_BACKGROUND=3 + # Custom icon. + # typeset -g POWERLEVEL9K_RAM_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #####################################[ swap: used swap ]###################################### + # Swap color. + typeset -g POWERLEVEL9K_SWAP_FOREGROUND=0 + typeset -g POWERLEVEL9K_SWAP_BACKGROUND=3 + # Custom icon. + # typeset -g POWERLEVEL9K_SWAP_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ######################################[ load: CPU load ]###################################### + # Show average CPU load over this many last minutes. Valid values are 1, 5 and 15. + typeset -g POWERLEVEL9K_LOAD_WHICH=5 + # Load color when load is under 50%. + typeset -g POWERLEVEL9K_LOAD_NORMAL_FOREGROUND=0 + typeset -g POWERLEVEL9K_LOAD_NORMAL_BACKGROUND=2 + # Load color when load is between 50% and 70%. + typeset -g POWERLEVEL9K_LOAD_WARNING_FOREGROUND=0 + typeset -g POWERLEVEL9K_LOAD_WARNING_BACKGROUND=3 + # Load color when load is over 70%. + typeset -g POWERLEVEL9K_LOAD_CRITICAL_FOREGROUND=0 + typeset -g POWERLEVEL9K_LOAD_CRITICAL_BACKGROUND=1 + # Custom icon. + # typeset -g POWERLEVEL9K_LOAD_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ################[ todo: todo items (https://github.com/todotxt/todo.txt-cli) ]################ + # Todo color. + typeset -g POWERLEVEL9K_TODO_FOREGROUND=0 + typeset -g POWERLEVEL9K_TODO_BACKGROUND=8 + # Hide todo when the total number of tasks is zero. + typeset -g POWERLEVEL9K_TODO_HIDE_ZERO_TOTAL=true + # Hide todo when the number of tasks after filtering is zero. + typeset -g POWERLEVEL9K_TODO_HIDE_ZERO_FILTERED=false + + # Todo format. The following parameters are available within the expansion. + # + # - P9K_TODO_TOTAL_TASK_COUNT The total number of tasks. + # - P9K_TODO_FILTERED_TASK_COUNT The number of tasks after filtering. + # + # These variables correspond to the last line of the output of `todo.sh -p ls`: + # + # TODO: 24 of 42 tasks shown + # + # Here 24 is P9K_TODO_FILTERED_TASK_COUNT and 42 is P9K_TODO_TOTAL_TASK_COUNT. + # + # typeset -g POWERLEVEL9K_TODO_CONTENT_EXPANSION='$P9K_TODO_FILTERED_TASK_COUNT' + + # Custom icon. + # typeset -g POWERLEVEL9K_TODO_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###########[ timewarrior: timewarrior tracking status (https://timewarrior.net/) ]############ + # Timewarrior color. + typeset -g POWERLEVEL9K_TIMEWARRIOR_FOREGROUND=255 + typeset -g POWERLEVEL9K_TIMEWARRIOR_BACKGROUND=8 + + # If the tracked task is longer than 24 characters, truncate and append "…". + # Tip: To always display tasks without truncation, delete the following parameter. + # Tip: To hide task names and display just the icon when time tracking is enabled, set the + # value of the following parameter to "". + typeset -g POWERLEVEL9K_TIMEWARRIOR_CONTENT_EXPANSION='${P9K_CONTENT:0:24}${${P9K_CONTENT:24}:+…}' + + # Custom icon. + # typeset -g POWERLEVEL9K_TIMEWARRIOR_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##############[ taskwarrior: taskwarrior task count (https://taskwarrior.org/) ]############## + # Taskwarrior color. + typeset -g POWERLEVEL9K_TASKWARRIOR_FOREGROUND=0 + typeset -g POWERLEVEL9K_TASKWARRIOR_BACKGROUND=6 + + # Taskwarrior segment format. The following parameters are available within the expansion. + # + # - P9K_TASKWARRIOR_PENDING_COUNT The number of pending tasks: `task +PENDING count`. + # - P9K_TASKWARRIOR_OVERDUE_COUNT The number of overdue tasks: `task +OVERDUE count`. + # + # Zero values are represented as empty parameters. + # + # The default format: + # + # '${P9K_TASKWARRIOR_OVERDUE_COUNT:+"!$P9K_TASKWARRIOR_OVERDUE_COUNT/"}$P9K_TASKWARRIOR_PENDING_COUNT' + # + # typeset -g POWERLEVEL9K_TASKWARRIOR_CONTENT_EXPANSION='$P9K_TASKWARRIOR_PENDING_COUNT' + + # Custom icon. + # typeset -g POWERLEVEL9K_TASKWARRIOR_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ######[ per_directory_history: Oh My Zsh per-directory-history local/global indicator ]####### + # Color when using local/global history. + typeset -g POWERLEVEL9K_PER_DIRECTORY_HISTORY_LOCAL_FOREGROUND=0 + typeset -g POWERLEVEL9K_PER_DIRECTORY_HISTORY_LOCAL_BACKGROUND=5 + typeset -g POWERLEVEL9K_PER_DIRECTORY_HISTORY_GLOBAL_FOREGROUND=0 + typeset -g POWERLEVEL9K_PER_DIRECTORY_HISTORY_GLOBAL_BACKGROUND=3 + + # Tip: Uncomment the next two lines to hide "local"/"global" text and leave just the icon. + # typeset -g POWERLEVEL9K_PER_DIRECTORY_HISTORY_LOCAL_CONTENT_EXPANSION='' + # typeset -g POWERLEVEL9K_PER_DIRECTORY_HISTORY_GLOBAL_CONTENT_EXPANSION='' + + # Custom icon. + # typeset -g POWERLEVEL9K_PER_DIRECTORY_HISTORY_LOCAL_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_PER_DIRECTORY_HISTORY_GLOBAL_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ################################[ cpu_arch: CPU architecture ]################################ + # CPU architecture color. + typeset -g POWERLEVEL9K_CPU_ARCH_FOREGROUND=0 + typeset -g POWERLEVEL9K_CPU_ARCH_BACKGROUND=3 + + # Hide the segment when on a specific CPU architecture. + # typeset -g POWERLEVEL9K_CPU_ARCH_X86_64_CONTENT_EXPANSION= + # typeset -g POWERLEVEL9K_CPU_ARCH_X86_64_VISUAL_IDENTIFIER_EXPANSION= + + # Custom icon. + # typeset -g POWERLEVEL9K_CPU_ARCH_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##################################[ context: user@hostname ]################################## + # Context color when running with privileges. + typeset -g POWERLEVEL9K_CONTEXT_ROOT_FOREGROUND=1 + typeset -g POWERLEVEL9K_CONTEXT_ROOT_BACKGROUND=0 + # Context color in SSH without privileges. + typeset -g POWERLEVEL9K_CONTEXT_{REMOTE,REMOTE_SUDO}_FOREGROUND=3 + typeset -g POWERLEVEL9K_CONTEXT_{REMOTE,REMOTE_SUDO}_BACKGROUND=0 + # Default context color (no privileges, no SSH). + typeset -g POWERLEVEL9K_CONTEXT_FOREGROUND=3 + typeset -g POWERLEVEL9K_CONTEXT_BACKGROUND=0 + + # Context format when running with privileges: user@hostname. + typeset -g POWERLEVEL9K_CONTEXT_ROOT_TEMPLATE='%n@%m' + # Context format when in SSH without privileges: user@hostname. + typeset -g POWERLEVEL9K_CONTEXT_{REMOTE,REMOTE_SUDO}_TEMPLATE='%n@%m' + # Default context format (no privileges, no SSH): user@hostname. + typeset -g POWERLEVEL9K_CONTEXT_TEMPLATE='%n@%m' + + # Don't show context unless running with privileges or in SSH. + # Tip: Remove the next line to always show context. + typeset -g POWERLEVEL9K_CONTEXT_{DEFAULT,SUDO}_{CONTENT,VISUAL_IDENTIFIER}_EXPANSION= + + # Custom icon. + # typeset -g POWERLEVEL9K_CONTEXT_VISUAL_IDENTIFIER_EXPANSION='⭐' + # Custom prefix. + # typeset -g POWERLEVEL9K_CONTEXT_PREFIX='with ' + + ###[ virtualenv: python virtual environment (https://docs.python.org/3/library/venv.html) ]### + # Python virtual environment color. + typeset -g POWERLEVEL9K_VIRTUALENV_FOREGROUND=0 + typeset -g POWERLEVEL9K_VIRTUALENV_BACKGROUND=4 + # Don't show Python version next to the virtual environment name. + typeset -g POWERLEVEL9K_VIRTUALENV_SHOW_PYTHON_VERSION=false + # If set to "false", won't show virtualenv if pyenv is already shown. + # If set to "if-different", won't show virtualenv if it's the same as pyenv. + typeset -g POWERLEVEL9K_VIRTUALENV_SHOW_WITH_PYENV=false + # Separate environment name from Python version only with a space. + typeset -g POWERLEVEL9K_VIRTUALENV_{LEFT,RIGHT}_DELIMITER= + # Custom icon. + # typeset -g POWERLEVEL9K_VIRTUALENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #####################[ anaconda: conda environment (https://conda.io/) ]###################### + # Anaconda environment color. + typeset -g POWERLEVEL9K_ANACONDA_FOREGROUND=0 + typeset -g POWERLEVEL9K_ANACONDA_BACKGROUND=4 + + # Anaconda segment format. The following parameters are available within the expansion. + # + # - CONDA_PREFIX Absolute path to the active Anaconda/Miniconda environment. + # - CONDA_DEFAULT_ENV Name of the active Anaconda/Miniconda environment. + # - CONDA_PROMPT_MODIFIER Configurable prompt modifier (see below). + # - P9K_ANACONDA_PYTHON_VERSION Current python version (python --version). + # + # CONDA_PROMPT_MODIFIER can be configured with the following command: + # + # conda config --set env_prompt '({default_env}) ' + # + # The last argument is a Python format string that can use the following variables: + # + # - prefix The same as CONDA_PREFIX. + # - default_env The same as CONDA_DEFAULT_ENV. + # - name The last segment of CONDA_PREFIX. + # - stacked_env Comma-separated list of names in the environment stack. The first element is + # always the same as default_env. + # + # Note: '({default_env}) ' is the default value of env_prompt. + # + # The default value of POWERLEVEL9K_ANACONDA_CONTENT_EXPANSION expands to $CONDA_PROMPT_MODIFIER + # without the surrounding parentheses, or to the last path component of CONDA_PREFIX if the former + # is empty. + typeset -g POWERLEVEL9K_ANACONDA_CONTENT_EXPANSION='${${${${CONDA_PROMPT_MODIFIER#\(}% }%\)}:-${CONDA_PREFIX:t}}' + + # Custom icon. + # typeset -g POWERLEVEL9K_ANACONDA_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ################[ pyenv: python environment (https://github.com/pyenv/pyenv) ]################ + # Pyenv color. + typeset -g POWERLEVEL9K_PYENV_FOREGROUND=0 + typeset -g POWERLEVEL9K_PYENV_BACKGROUND=4 + # Hide python version if it doesn't come from one of these sources. + typeset -g POWERLEVEL9K_PYENV_SOURCES=(shell local global) + # If set to false, hide python version if it's the same as global: + # $(pyenv version-name) == $(pyenv global). + typeset -g POWERLEVEL9K_PYENV_PROMPT_ALWAYS_SHOW=false + # If set to false, hide python version if it's equal to "system". + typeset -g POWERLEVEL9K_PYENV_SHOW_SYSTEM=true + + # Pyenv segment format. The following parameters are available within the expansion. + # + # - P9K_CONTENT Current pyenv environment (pyenv version-name). + # - P9K_PYENV_PYTHON_VERSION Current python version (python --version). + # + # The default format has the following logic: + # + # 1. Display just "$P9K_CONTENT" if it's equal to "$P9K_PYENV_PYTHON_VERSION" or + # starts with "$P9K_PYENV_PYTHON_VERSION/". + # 2. Otherwise display "$P9K_CONTENT $P9K_PYENV_PYTHON_VERSION". + typeset -g POWERLEVEL9K_PYENV_CONTENT_EXPANSION='${P9K_CONTENT}${${P9K_CONTENT:#$P9K_PYENV_PYTHON_VERSION(|/*)}:+ $P9K_PYENV_PYTHON_VERSION}' + + # Custom icon. + # typeset -g POWERLEVEL9K_PYENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ################[ goenv: go environment (https://github.com/syndbg/goenv) ]################ + # Goenv color. + typeset -g POWERLEVEL9K_GOENV_FOREGROUND=0 + typeset -g POWERLEVEL9K_GOENV_BACKGROUND=4 + # Hide go version if it doesn't come from one of these sources. + typeset -g POWERLEVEL9K_GOENV_SOURCES=(shell local global) + # If set to false, hide go version if it's the same as global: + # $(goenv version-name) == $(goenv global). + typeset -g POWERLEVEL9K_GOENV_PROMPT_ALWAYS_SHOW=false + # If set to false, hide go version if it's equal to "system". + typeset -g POWERLEVEL9K_GOENV_SHOW_SYSTEM=true + # Custom icon. + # typeset -g POWERLEVEL9K_GOENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##########[ nodenv: node.js version from nodenv (https://github.com/nodenv/nodenv) ]########## + # Nodenv color. + typeset -g POWERLEVEL9K_NODENV_FOREGROUND=2 + typeset -g POWERLEVEL9K_NODENV_BACKGROUND=0 + # Hide node version if it doesn't come from one of these sources. + typeset -g POWERLEVEL9K_NODENV_SOURCES=(shell local global) + # If set to false, hide node version if it's the same as global: + # $(nodenv version-name) == $(nodenv global). + typeset -g POWERLEVEL9K_NODENV_PROMPT_ALWAYS_SHOW=false + # If set to false, hide node version if it's equal to "system". + typeset -g POWERLEVEL9K_NODENV_SHOW_SYSTEM=true + # Custom icon. + # typeset -g POWERLEVEL9K_NODENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##############[ nvm: node.js version from nvm (https://github.com/nvm-sh/nvm) ]############### + # Nvm color. + typeset -g POWERLEVEL9K_NVM_FOREGROUND=0 + typeset -g POWERLEVEL9K_NVM_BACKGROUND=5 + # If set to false, hide node version if it's the same as default: + # $(nvm version current) == $(nvm version default). + typeset -g POWERLEVEL9K_NVM_PROMPT_ALWAYS_SHOW=false + # If set to false, hide node version if it's equal to "system". + typeset -g POWERLEVEL9K_NVM_SHOW_SYSTEM=true + # Custom icon. + # typeset -g POWERLEVEL9K_NVM_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ############[ nodeenv: node.js environment (https://github.com/ekalinin/nodeenv) ]############ + # Nodeenv color. + typeset -g POWERLEVEL9K_NODEENV_FOREGROUND=2 + typeset -g POWERLEVEL9K_NODEENV_BACKGROUND=0 + # Don't show Node version next to the environment name. + typeset -g POWERLEVEL9K_NODEENV_SHOW_NODE_VERSION=false + # Separate environment name from Node version only with a space. + typeset -g POWERLEVEL9K_NODEENV_{LEFT,RIGHT}_DELIMITER= + # Custom icon. + # typeset -g POWERLEVEL9K_NODEENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##############################[ node_version: node.js version ]############################### + # Node version color. + typeset -g POWERLEVEL9K_NODE_VERSION_FOREGROUND=7 + typeset -g POWERLEVEL9K_NODE_VERSION_BACKGROUND=2 + # Show node version only when in a directory tree containing package.json. + typeset -g POWERLEVEL9K_NODE_VERSION_PROJECT_ONLY=true + # Custom icon. + # typeset -g POWERLEVEL9K_NODE_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #######################[ go_version: go version (https://golang.org) ]######################## + # Go version color. + typeset -g POWERLEVEL9K_GO_VERSION_FOREGROUND=255 + typeset -g POWERLEVEL9K_GO_VERSION_BACKGROUND=2 + # Show go version only when in a go project subdirectory. + typeset -g POWERLEVEL9K_GO_VERSION_PROJECT_ONLY=true + # Custom icon. + # typeset -g POWERLEVEL9K_GO_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #################[ rust_version: rustc version (https://www.rust-lang.org) ]################## + # Rust version color. + typeset -g POWERLEVEL9K_RUST_VERSION_FOREGROUND=0 + typeset -g POWERLEVEL9K_RUST_VERSION_BACKGROUND=208 + # Show rust version only when in a rust project subdirectory. + typeset -g POWERLEVEL9K_RUST_VERSION_PROJECT_ONLY=true + # Custom icon. + # typeset -g POWERLEVEL9K_RUST_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###############[ dotnet_version: .NET version (https://dotnet.microsoft.com) ]################ + # .NET version color. + typeset -g POWERLEVEL9K_DOTNET_VERSION_FOREGROUND=7 + typeset -g POWERLEVEL9K_DOTNET_VERSION_BACKGROUND=5 + # Show .NET version only when in a .NET project subdirectory. + typeset -g POWERLEVEL9K_DOTNET_VERSION_PROJECT_ONLY=true + # Custom icon. + # typeset -g POWERLEVEL9K_DOTNET_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #####################[ php_version: php version (https://www.php.net/) ]###################### + # PHP version color. + typeset -g POWERLEVEL9K_PHP_VERSION_FOREGROUND=0 + typeset -g POWERLEVEL9K_PHP_VERSION_BACKGROUND=5 + # Show PHP version only when in a PHP project subdirectory. + typeset -g POWERLEVEL9K_PHP_VERSION_PROJECT_ONLY=true + # Custom icon. + # typeset -g POWERLEVEL9K_PHP_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##########[ laravel_version: laravel php framework version (https://laravel.com/) ]########### + # Laravel version color. + typeset -g POWERLEVEL9K_LARAVEL_VERSION_FOREGROUND=1 + typeset -g POWERLEVEL9K_LARAVEL_VERSION_BACKGROUND=7 + # Custom icon. + # typeset -g POWERLEVEL9K_LARAVEL_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #############[ rbenv: ruby version from rbenv (https://github.com/rbenv/rbenv) ]############## + # Rbenv color. + typeset -g POWERLEVEL9K_RBENV_FOREGROUND=0 + typeset -g POWERLEVEL9K_RBENV_BACKGROUND=1 + # Hide ruby version if it doesn't come from one of these sources. + typeset -g POWERLEVEL9K_RBENV_SOURCES=(shell local global) + # If set to false, hide ruby version if it's the same as global: + # $(rbenv version-name) == $(rbenv global). + typeset -g POWERLEVEL9K_RBENV_PROMPT_ALWAYS_SHOW=false + # If set to false, hide ruby version if it's equal to "system". + typeset -g POWERLEVEL9K_RBENV_SHOW_SYSTEM=true + # Custom icon. + # typeset -g POWERLEVEL9K_RBENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ####################[ java_version: java version (https://www.java.com/) ]#################### + # Java version color. + typeset -g POWERLEVEL9K_JAVA_VERSION_FOREGROUND=1 + typeset -g POWERLEVEL9K_JAVA_VERSION_BACKGROUND=7 + # Show java version only when in a java project subdirectory. + typeset -g POWERLEVEL9K_JAVA_VERSION_PROJECT_ONLY=true + # Show brief version. + typeset -g POWERLEVEL9K_JAVA_VERSION_FULL=false + # Custom icon. + # typeset -g POWERLEVEL9K_JAVA_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###[ package: name@version from package.json (https://docs.npmjs.com/files/package.json) ]#### + # Package color. + typeset -g POWERLEVEL9K_PACKAGE_FOREGROUND=0 + typeset -g POWERLEVEL9K_PACKAGE_BACKGROUND=6 + + # Package format. The following parameters are available within the expansion. + # + # - P9K_PACKAGE_NAME The value of `name` field in package.json. + # - P9K_PACKAGE_VERSION The value of `version` field in package.json. + # + # typeset -g POWERLEVEL9K_PACKAGE_CONTENT_EXPANSION='${P9K_PACKAGE_NAME//\%/%%}@${P9K_PACKAGE_VERSION//\%/%%}' + + # Custom icon. + # typeset -g POWERLEVEL9K_PACKAGE_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #######################[ rvm: ruby version from rvm (https://rvm.io) ]######################## + # Rvm color. + typeset -g POWERLEVEL9K_RVM_FOREGROUND=0 + typeset -g POWERLEVEL9K_RVM_BACKGROUND=240 + # Don't show @gemset at the end. + typeset -g POWERLEVEL9K_RVM_SHOW_GEMSET=false + # Don't show ruby- at the front. + typeset -g POWERLEVEL9K_RVM_SHOW_PREFIX=false + # Custom icon. + # typeset -g POWERLEVEL9K_RVM_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###########[ fvm: flutter version management (https://github.com/leoafarias/fvm) ]############ + # Fvm color. + typeset -g POWERLEVEL9K_FVM_FOREGROUND=0 + typeset -g POWERLEVEL9K_FVM_BACKGROUND=4 + # Custom icon. + # typeset -g POWERLEVEL9K_FVM_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##########[ luaenv: lua version from luaenv (https://github.com/cehoffman/luaenv) ]########### + # Lua color. + typeset -g POWERLEVEL9K_LUAENV_FOREGROUND=0 + typeset -g POWERLEVEL9K_LUAENV_BACKGROUND=4 + # Hide lua version if it doesn't come from one of these sources. + typeset -g POWERLEVEL9K_LUAENV_SOURCES=(shell local global) + # If set to false, hide lua version if it's the same as global: + # $(luaenv version-name) == $(luaenv global). + typeset -g POWERLEVEL9K_LUAENV_PROMPT_ALWAYS_SHOW=false + # If set to false, hide lua version if it's equal to "system". + typeset -g POWERLEVEL9K_LUAENV_SHOW_SYSTEM=true + # Custom icon. + # typeset -g POWERLEVEL9K_LUAENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###############[ jenv: java version from jenv (https://github.com/jenv/jenv) ]################ + # Java color. + typeset -g POWERLEVEL9K_JENV_FOREGROUND=1 + typeset -g POWERLEVEL9K_JENV_BACKGROUND=7 + # Hide java version if it doesn't come from one of these sources. + typeset -g POWERLEVEL9K_JENV_SOURCES=(shell local global) + # If set to false, hide java version if it's the same as global: + # $(jenv version-name) == $(jenv global). + typeset -g POWERLEVEL9K_JENV_PROMPT_ALWAYS_SHOW=false + # If set to false, hide java version if it's equal to "system". + typeset -g POWERLEVEL9K_JENV_SHOW_SYSTEM=true + # Custom icon. + # typeset -g POWERLEVEL9K_JENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###########[ plenv: perl version from plenv (https://github.com/tokuhirom/plenv) ]############ + # Perl color. + typeset -g POWERLEVEL9K_PLENV_FOREGROUND=0 + typeset -g POWERLEVEL9K_PLENV_BACKGROUND=4 + # Hide perl version if it doesn't come from one of these sources. + typeset -g POWERLEVEL9K_PLENV_SOURCES=(shell local global) + # If set to false, hide perl version if it's the same as global: + # $(plenv version-name) == $(plenv global). + typeset -g POWERLEVEL9K_PLENV_PROMPT_ALWAYS_SHOW=false + # If set to false, hide perl version if it's equal to "system". + typeset -g POWERLEVEL9K_PLENV_SHOW_SYSTEM=true + # Custom icon. + # typeset -g POWERLEVEL9K_PLENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###########[ perlbrew: perl version from perlbrew (https://github.com/gugod/App-perlbrew) ]############ + # Perlbrew color. + typeset -g POWERLEVEL9K_PERLBREW_FOREGROUND=67 + # Show perlbrew version only when in a perl project subdirectory. + typeset -g POWERLEVEL9K_PERLBREW_PROJECT_ONLY=true + # Don't show "perl-" at the front. + typeset -g POWERLEVEL9K_PERLBREW_SHOW_PREFIX=false + # Custom icon. + # typeset -g POWERLEVEL9K_PERLBREW_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ############[ phpenv: php version from phpenv (https://github.com/phpenv/phpenv) ]############ + # PHP color. + typeset -g POWERLEVEL9K_PHPENV_FOREGROUND=0 + typeset -g POWERLEVEL9K_PHPENV_BACKGROUND=5 + # Hide php version if it doesn't come from one of these sources. + typeset -g POWERLEVEL9K_PHPENV_SOURCES=(shell local global) + # If set to false, hide php version if it's the same as global: + # $(phpenv version-name) == $(phpenv global). + typeset -g POWERLEVEL9K_PHPENV_PROMPT_ALWAYS_SHOW=false + # If set to false, hide PHP version if it's equal to "system". + typeset -g POWERLEVEL9K_PHPENV_SHOW_SYSTEM=true + # Custom icon. + # typeset -g POWERLEVEL9K_PHPENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #######[ scalaenv: scala version from scalaenv (https://github.com/scalaenv/scalaenv) ]####### + # Scala color. + typeset -g POWERLEVEL9K_SCALAENV_FOREGROUND=0 + typeset -g POWERLEVEL9K_SCALAENV_BACKGROUND=1 + # Hide scala version if it doesn't come from one of these sources. + typeset -g POWERLEVEL9K_SCALAENV_SOURCES=(shell local global) + # If set to false, hide scala version if it's the same as global: + # $(scalaenv version-name) == $(scalaenv global). + typeset -g POWERLEVEL9K_SCALAENV_PROMPT_ALWAYS_SHOW=false + # If set to false, hide scala version if it's equal to "system". + typeset -g POWERLEVEL9K_SCALAENV_SHOW_SYSTEM=true + # Custom icon. + # typeset -g POWERLEVEL9K_SCALAENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##########[ haskell_stack: haskell version from stack (https://haskellstack.org/) ]########### + # Haskell color. + typeset -g POWERLEVEL9K_HASKELL_STACK_FOREGROUND=0 + typeset -g POWERLEVEL9K_HASKELL_STACK_BACKGROUND=3 + + # Hide haskell version if it doesn't come from one of these sources. + # + # shell: version is set by STACK_YAML + # local: version is set by stack.yaml up the directory tree + # global: version is set by the implicit global project (~/.stack/global-project/stack.yaml) + typeset -g POWERLEVEL9K_HASKELL_STACK_SOURCES=(shell local) + # If set to false, hide haskell version if it's the same as in the implicit global project. + typeset -g POWERLEVEL9K_HASKELL_STACK_ALWAYS_SHOW=true + # Custom icon. + # typeset -g POWERLEVEL9K_HASKELL_STACK_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ################[ terraform: terraform workspace (https://www.terraform.io) ]################# + # Don't show terraform workspace if it's literally "default". + typeset -g POWERLEVEL9K_TERRAFORM_SHOW_DEFAULT=false + # POWERLEVEL9K_TERRAFORM_CLASSES is an array with even number of elements. The first element + # in each pair defines a pattern against which the current terraform workspace gets matched. + # More specifically, it's P9K_CONTENT prior to the application of context expansion (see below) + # that gets matched. If you unset all POWERLEVEL9K_TERRAFORM_*CONTENT_EXPANSION parameters, + # you'll see this value in your prompt. The second element of each pair in + # POWERLEVEL9K_TERRAFORM_CLASSES defines the workspace class. Patterns are tried in order. The + # first match wins. + # + # For example, given these settings: + # + # typeset -g POWERLEVEL9K_TERRAFORM_CLASSES=( + # '*prod*' PROD + # '*test*' TEST + # '*' OTHER) + # + # If your current terraform workspace is "project_test", its class is TEST because "project_test" + # doesn't match the pattern '*prod*' but does match '*test*'. + # + # You can define different colors, icons and content expansions for different classes: + # + # typeset -g POWERLEVEL9K_TERRAFORM_TEST_FOREGROUND=2 + # typeset -g POWERLEVEL9K_TERRAFORM_TEST_BACKGROUND=0 + # typeset -g POWERLEVEL9K_TERRAFORM_TEST_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_TERRAFORM_TEST_CONTENT_EXPANSION='> ${P9K_CONTENT} <' + typeset -g POWERLEVEL9K_TERRAFORM_CLASSES=( + # '*prod*' PROD # These values are examples that are unlikely + # '*test*' TEST # to match your needs. Customize them as needed. + '*' OTHER) + typeset -g POWERLEVEL9K_TERRAFORM_OTHER_FOREGROUND=4 + typeset -g POWERLEVEL9K_TERRAFORM_OTHER_BACKGROUND=0 + # typeset -g POWERLEVEL9K_TERRAFORM_OTHER_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #############[ terraform_version: terraform version (https://www.terraform.io) ]############## + # Terraform version color. + typeset -g POWERLEVEL9K_TERRAFORM_VERSION_FOREGROUND=4 + typeset -g POWERLEVEL9K_TERRAFORM_VERSION_BACKGROUND=0 + # Custom icon. + # typeset -g POWERLEVEL9K_TERRAFORM_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ################[ terraform_version: It shows active terraform version (https://www.terraform.io) ]################# + typeset -g POWERLEVEL9K_TERRAFORM_VERSION_SHOW_ON_COMMAND='terraform|tf' + + #############[ kubecontext: current kubernetes context (https://kubernetes.io/) ]############# + # Show kubecontext only when the command you are typing invokes one of these tools. + # Tip: Remove the next line to always show kubecontext. + typeset -g POWERLEVEL9K_KUBECONTEXT_SHOW_ON_COMMAND='kubectl|helm|kubens|kubectx|oc|istioctl|kogito|k9s|helmfile|flux|fluxctl|stern|kubeseal|skaffold|kubent|kubecolor|cmctl|sparkctl' + + # Kubernetes context classes for the purpose of using different colors, icons and expansions with + # different contexts. + # + # POWERLEVEL9K_KUBECONTEXT_CLASSES is an array with even number of elements. The first element + # in each pair defines a pattern against which the current kubernetes context gets matched. + # More specifically, it's P9K_CONTENT prior to the application of context expansion (see below) + # that gets matched. If you unset all POWERLEVEL9K_KUBECONTEXT_*CONTENT_EXPANSION parameters, + # you'll see this value in your prompt. The second element of each pair in + # POWERLEVEL9K_KUBECONTEXT_CLASSES defines the context class. Patterns are tried in order. The + # first match wins. + # + # For example, given these settings: + # + # typeset -g POWERLEVEL9K_KUBECONTEXT_CLASSES=( + # '*prod*' PROD + # '*test*' TEST + # '*' DEFAULT) + # + # If your current kubernetes context is "deathray-testing/default", its class is TEST + # because "deathray-testing/default" doesn't match the pattern '*prod*' but does match '*test*'. + # + # You can define different colors, icons and content expansions for different classes: + # + # typeset -g POWERLEVEL9K_KUBECONTEXT_TEST_FOREGROUND=0 + # typeset -g POWERLEVEL9K_KUBECONTEXT_TEST_BACKGROUND=2 + # typeset -g POWERLEVEL9K_KUBECONTEXT_TEST_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_KUBECONTEXT_TEST_CONTENT_EXPANSION='> ${P9K_CONTENT} <' + typeset -g POWERLEVEL9K_KUBECONTEXT_CLASSES=( + # '*prod*' PROD # These values are examples that are unlikely + # '*test*' TEST # to match your needs. Customize them as needed. + '*' DEFAULT) + typeset -g POWERLEVEL9K_KUBECONTEXT_DEFAULT_FOREGROUND=7 + typeset -g POWERLEVEL9K_KUBECONTEXT_DEFAULT_BACKGROUND=5 + # typeset -g POWERLEVEL9K_KUBECONTEXT_DEFAULT_VISUAL_IDENTIFIER_EXPANSION='⭐' + + # Use POWERLEVEL9K_KUBECONTEXT_CONTENT_EXPANSION to specify the content displayed by kubecontext + # segment. Parameter expansions are very flexible and fast, too. See reference: + # http://zsh.sourceforge.net/Doc/Release/Expansion.html#Parameter-Expansion. + # + # Within the expansion the following parameters are always available: + # + # - P9K_CONTENT The content that would've been displayed if there was no content + # expansion defined. + # - P9K_KUBECONTEXT_NAME The current context's name. Corresponds to column NAME in the + # output of `kubectl config get-contexts`. + # - P9K_KUBECONTEXT_CLUSTER The current context's cluster. Corresponds to column CLUSTER in the + # output of `kubectl config get-contexts`. + # - P9K_KUBECONTEXT_NAMESPACE The current context's namespace. Corresponds to column NAMESPACE + # in the output of `kubectl config get-contexts`. If there is no + # namespace, the parameter is set to "default". + # - P9K_KUBECONTEXT_USER The current context's user. Corresponds to column AUTHINFO in the + # output of `kubectl config get-contexts`. + # + # If the context points to Google Kubernetes Engine (GKE) or Elastic Kubernetes Service (EKS), + # the following extra parameters are available: + # + # - P9K_KUBECONTEXT_CLOUD_NAME Either "gke" or "eks". + # - P9K_KUBECONTEXT_CLOUD_ACCOUNT Account/project ID. + # - P9K_KUBECONTEXT_CLOUD_ZONE Availability zone. + # - P9K_KUBECONTEXT_CLOUD_CLUSTER Cluster. + # + # P9K_KUBECONTEXT_CLOUD_* parameters are derived from P9K_KUBECONTEXT_CLUSTER. For example, + # if P9K_KUBECONTEXT_CLUSTER is "gke_my-account_us-east1-a_my-cluster-01": + # + # - P9K_KUBECONTEXT_CLOUD_NAME=gke + # - P9K_KUBECONTEXT_CLOUD_ACCOUNT=my-account + # - P9K_KUBECONTEXT_CLOUD_ZONE=us-east1-a + # - P9K_KUBECONTEXT_CLOUD_CLUSTER=my-cluster-01 + # + # If P9K_KUBECONTEXT_CLUSTER is "arn:aws:eks:us-east-1:123456789012:cluster/my-cluster-01": + # + # - P9K_KUBECONTEXT_CLOUD_NAME=eks + # - P9K_KUBECONTEXT_CLOUD_ACCOUNT=123456789012 + # - P9K_KUBECONTEXT_CLOUD_ZONE=us-east-1 + # - P9K_KUBECONTEXT_CLOUD_CLUSTER=my-cluster-01 + typeset -g POWERLEVEL9K_KUBECONTEXT_DEFAULT_CONTENT_EXPANSION= + # Show P9K_KUBECONTEXT_CLOUD_CLUSTER if it's not empty and fall back to P9K_KUBECONTEXT_NAME. + POWERLEVEL9K_KUBECONTEXT_DEFAULT_CONTENT_EXPANSION+='${P9K_KUBECONTEXT_CLOUD_CLUSTER:-${P9K_KUBECONTEXT_NAME}}' + # Append the current context's namespace if it's not "default". + POWERLEVEL9K_KUBECONTEXT_DEFAULT_CONTENT_EXPANSION+='${${:-/$P9K_KUBECONTEXT_NAMESPACE}:#/default}' + + # Custom prefix. + # typeset -g POWERLEVEL9K_KUBECONTEXT_PREFIX='at ' + + #[ aws: aws profile (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html) ]# + # Show aws only when the command you are typing invokes one of these tools. + # Tip: Remove the next line to always show aws. + typeset -g POWERLEVEL9K_AWS_SHOW_ON_COMMAND='aws|awless|cdk|terraform|pulumi|terragrunt' + + # POWERLEVEL9K_AWS_CLASSES is an array with even number of elements. The first element + # in each pair defines a pattern against which the current AWS profile gets matched. + # More specifically, it's P9K_CONTENT prior to the application of context expansion (see below) + # that gets matched. If you unset all POWERLEVEL9K_AWS_*CONTENT_EXPANSION parameters, + # you'll see this value in your prompt. The second element of each pair in + # POWERLEVEL9K_AWS_CLASSES defines the profile class. Patterns are tried in order. The + # first match wins. + # + # For example, given these settings: + # + # typeset -g POWERLEVEL9K_AWS_CLASSES=( + # '*prod*' PROD + # '*test*' TEST + # '*' DEFAULT) + # + # If your current AWS profile is "company_test", its class is TEST + # because "company_test" doesn't match the pattern '*prod*' but does match '*test*'. + # + # You can define different colors, icons and content expansions for different classes: + # + # typeset -g POWERLEVEL9K_AWS_TEST_FOREGROUND=28 + # typeset -g POWERLEVEL9K_AWS_TEST_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_AWS_TEST_CONTENT_EXPANSION='> ${P9K_CONTENT} <' + typeset -g POWERLEVEL9K_AWS_CLASSES=( + # '*prod*' PROD # These values are examples that are unlikely + # '*test*' TEST # to match your needs. Customize them as needed. + '*' DEFAULT) + typeset -g POWERLEVEL9K_AWS_DEFAULT_FOREGROUND=7 + typeset -g POWERLEVEL9K_AWS_DEFAULT_BACKGROUND=1 + # typeset -g POWERLEVEL9K_AWS_DEFAULT_VISUAL_IDENTIFIER_EXPANSION='⭐' + + # AWS segment format. The following parameters are available within the expansion. + # + # - P9K_AWS_PROFILE The name of the current AWS profile. + # - P9K_AWS_REGION The region associated with the current AWS profile. + typeset -g POWERLEVEL9K_AWS_CONTENT_EXPANSION='${P9K_AWS_PROFILE//\%/%%}${P9K_AWS_REGION:+ ${P9K_AWS_REGION//\%/%%}}' + + #[ aws_eb_env: aws elastic beanstalk environment (https://aws.amazon.com/elasticbeanstalk/) ]# + # AWS Elastic Beanstalk environment color. + typeset -g POWERLEVEL9K_AWS_EB_ENV_FOREGROUND=2 + typeset -g POWERLEVEL9K_AWS_EB_ENV_BACKGROUND=0 + # Custom icon. + # typeset -g POWERLEVEL9K_AWS_EB_ENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##########[ azure: azure account name (https://docs.microsoft.com/en-us/cli/azure) ]########## + # Show azure only when the command you are typing invokes one of these tools. + # Tip: Remove the next line to always show azure. + typeset -g POWERLEVEL9K_AZURE_SHOW_ON_COMMAND='az|terraform|pulumi|terragrunt' + + # POWERLEVEL9K_AZURE_CLASSES is an array with even number of elements. The first element + # in each pair defines a pattern against which the current azure account name gets matched. + # More specifically, it's P9K_CONTENT prior to the application of context expansion (see below) + # that gets matched. If you unset all POWERLEVEL9K_AZURE_*CONTENT_EXPANSION parameters, + # you'll see this value in your prompt. The second element of each pair in + # POWERLEVEL9K_AZURE_CLASSES defines the account class. Patterns are tried in order. The + # first match wins. + # + # For example, given these settings: + # + # typeset -g POWERLEVEL9K_AZURE_CLASSES=( + # '*prod*' PROD + # '*test*' TEST + # '*' OTHER) + # + # If your current azure account is "company_test", its class is TEST because "company_test" + # doesn't match the pattern '*prod*' but does match '*test*'. + # + # You can define different colors, icons and content expansions for different classes: + # + # typeset -g POWERLEVEL9K_AZURE_TEST_FOREGROUND=2 + # typeset -g POWERLEVEL9K_AZURE_TEST_BACKGROUND=0 + # typeset -g POWERLEVEL9K_AZURE_TEST_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_AZURE_TEST_CONTENT_EXPANSION='> ${P9K_CONTENT} <' + typeset -g POWERLEVEL9K_AZURE_CLASSES=( + # '*prod*' PROD # These values are examples that are unlikely + # '*test*' TEST # to match your needs. Customize them as needed. + '*' OTHER) + + # Azure account name color. + typeset -g POWERLEVEL9K_AZURE_OTHER_FOREGROUND=7 + typeset -g POWERLEVEL9K_AZURE_OTHER_BACKGROUND=4 + # Custom icon. + # typeset -g POWERLEVEL9K_AZURE_OTHER_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##########[ gcloud: google cloud account and project (https://cloud.google.com/) ]########### + # Show gcloud only when the command you are typing invokes one of these tools. + # Tip: Remove the next line to always show gcloud. + typeset -g POWERLEVEL9K_GCLOUD_SHOW_ON_COMMAND='gcloud|gcs|gsutil' + # Google cloud color. + typeset -g POWERLEVEL9K_GCLOUD_FOREGROUND=7 + typeset -g POWERLEVEL9K_GCLOUD_BACKGROUND=4 + + # Google cloud format. Change the value of POWERLEVEL9K_GCLOUD_PARTIAL_CONTENT_EXPANSION and/or + # POWERLEVEL9K_GCLOUD_COMPLETE_CONTENT_EXPANSION if the default is too verbose or not informative + # enough. You can use the following parameters in the expansions. Each of them corresponds to the + # output of `gcloud` tool. + # + # Parameter | Source + # -------------------------|-------------------------------------------------------------------- + # P9K_GCLOUD_CONFIGURATION | gcloud config configurations list --format='value(name)' + # P9K_GCLOUD_ACCOUNT | gcloud config get-value account + # P9K_GCLOUD_PROJECT_ID | gcloud config get-value project + # P9K_GCLOUD_PROJECT_NAME | gcloud projects describe $P9K_GCLOUD_PROJECT_ID --format='value(name)' + # + # Note: ${VARIABLE//\%/%%} expands to ${VARIABLE} with all occurrences of '%' replaced with '%%'. + # + # Obtaining project name requires sending a request to Google servers. This can take a long time + # and even fail. When project name is unknown, P9K_GCLOUD_PROJECT_NAME is not set and gcloud + # prompt segment is in state PARTIAL. When project name gets known, P9K_GCLOUD_PROJECT_NAME gets + # set and gcloud prompt segment transitions to state COMPLETE. + # + # You can customize the format, icon and colors of gcloud segment separately for states PARTIAL + # and COMPLETE. You can also hide gcloud in state PARTIAL by setting + # POWERLEVEL9K_GCLOUD_PARTIAL_VISUAL_IDENTIFIER_EXPANSION and + # POWERLEVEL9K_GCLOUD_PARTIAL_CONTENT_EXPANSION to empty. + typeset -g POWERLEVEL9K_GCLOUD_PARTIAL_CONTENT_EXPANSION='${P9K_GCLOUD_PROJECT_ID//\%/%%}' + typeset -g POWERLEVEL9K_GCLOUD_COMPLETE_CONTENT_EXPANSION='${P9K_GCLOUD_PROJECT_NAME//\%/%%}' + + # Send a request to Google (by means of `gcloud projects describe ...`) to obtain project name + # this often. Negative value disables periodic polling. In this mode project name is retrieved + # only when the current configuration, account or project id changes. + typeset -g POWERLEVEL9K_GCLOUD_REFRESH_PROJECT_NAME_SECONDS=60 + + # Custom icon. + # typeset -g POWERLEVEL9K_GCLOUD_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #[ google_app_cred: google application credentials (https://cloud.google.com/docs/authentication/production) ]# + # Show google_app_cred only when the command you are typing invokes one of these tools. + # Tip: Remove the next line to always show google_app_cred. + typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_SHOW_ON_COMMAND='terraform|pulumi|terragrunt' + + # Google application credentials classes for the purpose of using different colors, icons and + # expansions with different credentials. + # + # POWERLEVEL9K_GOOGLE_APP_CRED_CLASSES is an array with even number of elements. The first + # element in each pair defines a pattern against which the current kubernetes context gets + # matched. More specifically, it's P9K_CONTENT prior to the application of context expansion + # (see below) that gets matched. If you unset all POWERLEVEL9K_GOOGLE_APP_CRED_*CONTENT_EXPANSION + # parameters, you'll see this value in your prompt. The second element of each pair in + # POWERLEVEL9K_GOOGLE_APP_CRED_CLASSES defines the context class. Patterns are tried in order. + # The first match wins. + # + # For example, given these settings: + # + # typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_CLASSES=( + # '*:*prod*:*' PROD + # '*:*test*:*' TEST + # '*' DEFAULT) + # + # If your current Google application credentials is "service_account deathray-testing x@y.com", + # its class is TEST because it doesn't match the pattern '* *prod* *' but does match '* *test* *'. + # + # You can define different colors, icons and content expansions for different classes: + # + # typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_TEST_FOREGROUND=28 + # typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_TEST_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_TEST_CONTENT_EXPANSION='$P9K_GOOGLE_APP_CRED_PROJECT_ID' + typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_CLASSES=( + # '*:*prod*:*' PROD # These values are examples that are unlikely + # '*:*test*:*' TEST # to match your needs. Customize them as needed. + '*' DEFAULT) + typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_DEFAULT_FOREGROUND=7 + typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_DEFAULT_BACKGROUND=4 + # typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_DEFAULT_VISUAL_IDENTIFIER_EXPANSION='⭐' + + # Use POWERLEVEL9K_GOOGLE_APP_CRED_CONTENT_EXPANSION to specify the content displayed by + # google_app_cred segment. Parameter expansions are very flexible and fast, too. See reference: + # http://zsh.sourceforge.net/Doc/Release/Expansion.html#Parameter-Expansion. + # + # You can use the following parameters in the expansion. Each of them corresponds to one of the + # fields in the JSON file pointed to by GOOGLE_APPLICATION_CREDENTIALS. + # + # Parameter | JSON key file field + # ---------------------------------+--------------- + # P9K_GOOGLE_APP_CRED_TYPE | type + # P9K_GOOGLE_APP_CRED_PROJECT_ID | project_id + # P9K_GOOGLE_APP_CRED_CLIENT_EMAIL | client_email + # + # Note: ${VARIABLE//\%/%%} expands to ${VARIABLE} with all occurrences of '%' replaced by '%%'. + typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_DEFAULT_CONTENT_EXPANSION='${P9K_GOOGLE_APP_CRED_PROJECT_ID//\%/%%}' + + ##############[ toolbox: toolbox name (https://github.com/containers/toolbox) ]############### + # Toolbox color. + typeset -g POWERLEVEL9K_TOOLBOX_FOREGROUND=0 + typeset -g POWERLEVEL9K_TOOLBOX_BACKGROUND=3 + # Don't display the name of the toolbox if it matches fedora-toolbox-*. + typeset -g POWERLEVEL9K_TOOLBOX_CONTENT_EXPANSION='${P9K_TOOLBOX_NAME:#fedora-toolbox-*}' + # Custom icon. + # typeset -g POWERLEVEL9K_TOOLBOX_VISUAL_IDENTIFIER_EXPANSION='⭐' + # Custom prefix. + # typeset -g POWERLEVEL9K_TOOLBOX_PREFIX='in ' + + ###############################[ public_ip: public IP address ]############################### + # Public IP color. + typeset -g POWERLEVEL9K_PUBLIC_IP_FOREGROUND=7 + typeset -g POWERLEVEL9K_PUBLIC_IP_BACKGROUND=0 + # Custom icon. + # typeset -g POWERLEVEL9K_PUBLIC_IP_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ########################[ vpn_ip: virtual private network indicator ]######################### + # VPN IP color. + typeset -g POWERLEVEL9K_VPN_IP_FOREGROUND=0 + typeset -g POWERLEVEL9K_VPN_IP_BACKGROUND=6 + # When on VPN, show just an icon without the IP address. + # Tip: To display the private IP address when on VPN, remove the next line. + typeset -g POWERLEVEL9K_VPN_IP_CONTENT_EXPANSION= + # Regular expression for the VPN network interface. Run `ifconfig` or `ip -4 a show` while on VPN + # to see the name of the interface. + typeset -g POWERLEVEL9K_VPN_IP_INTERFACE='(gpd|wg|(.*tun)|tailscale)[0-9]*|(zt.*)' + # If set to true, show one segment per matching network interface. If set to false, show only + # one segment corresponding to the first matching network interface. + # Tip: If you set it to true, you'll probably want to unset POWERLEVEL9K_VPN_IP_CONTENT_EXPANSION. + typeset -g POWERLEVEL9K_VPN_IP_SHOW_ALL=false + # Custom icon. + # typeset -g POWERLEVEL9K_VPN_IP_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###########[ ip: ip address and bandwidth usage for a specified network interface ]########### + # IP color. + typeset -g POWERLEVEL9K_IP_BACKGROUND=4 + typeset -g POWERLEVEL9K_IP_FOREGROUND=0 + # The following parameters are accessible within the expansion: + # + # Parameter | Meaning + # ----------------------+------------------------------------------- + # P9K_IP_IP | IP address + # P9K_IP_INTERFACE | network interface + # P9K_IP_RX_BYTES | total number of bytes received + # P9K_IP_TX_BYTES | total number of bytes sent + # P9K_IP_RX_BYTES_DELTA | number of bytes received since last prompt + # P9K_IP_TX_BYTES_DELTA | number of bytes sent since last prompt + # P9K_IP_RX_RATE | receive rate (since last prompt) + # P9K_IP_TX_RATE | send rate (since last prompt) + typeset -g POWERLEVEL9K_IP_CONTENT_EXPANSION='${P9K_IP_RX_RATE:+⇣$P9K_IP_RX_RATE }${P9K_IP_TX_RATE:+⇡$P9K_IP_TX_RATE }$P9K_IP_IP' + # Show information for the first network interface whose name matches this regular expression. + # Run `ifconfig` or `ip -4 a show` to see the names of all network interfaces. + typeset -g POWERLEVEL9K_IP_INTERFACE='[ew].*' + # Custom icon. + # typeset -g POWERLEVEL9K_IP_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #########################[ proxy: system-wide http/https/ftp proxy ]########################## + # Proxy color. + typeset -g POWERLEVEL9K_PROXY_FOREGROUND=4 + typeset -g POWERLEVEL9K_PROXY_BACKGROUND=0 + # Custom icon. + # typeset -g POWERLEVEL9K_PROXY_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ################################[ battery: internal battery ]################################# + # Show battery in red when it's below this level and not connected to power supply. + typeset -g POWERLEVEL9K_BATTERY_LOW_THRESHOLD=20 + typeset -g POWERLEVEL9K_BATTERY_LOW_FOREGROUND=1 + # Show battery in green when it's charging or fully charged. + typeset -g POWERLEVEL9K_BATTERY_{CHARGING,CHARGED}_FOREGROUND=2 + # Show battery in yellow when it's discharging. + typeset -g POWERLEVEL9K_BATTERY_DISCONNECTED_FOREGROUND=3 + # Battery pictograms going from low to high level of charge. + typeset -g POWERLEVEL9K_BATTERY_STAGES='\uf58d\uf579\uf57a\uf57b\uf57c\uf57d\uf57e\uf57f\uf580\uf581\uf578' + # Don't show the remaining time to charge/discharge. + typeset -g POWERLEVEL9K_BATTERY_VERBOSE=false + typeset -g POWERLEVEL9K_BATTERY_BACKGROUND=0 + + #####################################[ wifi: wifi speed ]##################################### + # WiFi color. + typeset -g POWERLEVEL9K_WIFI_FOREGROUND=0 + typeset -g POWERLEVEL9K_WIFI_BACKGROUND=4 + # Custom icon. + # typeset -g POWERLEVEL9K_WIFI_VISUAL_IDENTIFIER_EXPANSION='⭐' + + # Use different colors and icons depending on signal strength ($P9K_WIFI_BARS). + # + # # Wifi colors and icons for different signal strength levels (low to high). + # typeset -g my_wifi_fg=(0 0 0 0 0) # <-- change these values + # typeset -g my_wifi_icon=('WiFi' 'WiFi' 'WiFi' 'WiFi' 'WiFi') # <-- change these values + # + # typeset -g POWERLEVEL9K_WIFI_CONTENT_EXPANSION='%F{${my_wifi_fg[P9K_WIFI_BARS+1]}}$P9K_WIFI_LAST_TX_RATE Mbps' + # typeset -g POWERLEVEL9K_WIFI_VISUAL_IDENTIFIER_EXPANSION='%F{${my_wifi_fg[P9K_WIFI_BARS+1]}}${my_wifi_icon[P9K_WIFI_BARS+1]}' + # + # The following parameters are accessible within the expansions: + # + # Parameter | Meaning + # ----------------------+--------------- + # P9K_WIFI_SSID | service set identifier, a.k.a. network name + # P9K_WIFI_LINK_AUTH | authentication protocol such as "wpa2-psk" or "none"; empty if unknown + # P9K_WIFI_LAST_TX_RATE | wireless transmit rate in megabits per second + # P9K_WIFI_RSSI | signal strength in dBm, from -120 to 0 + # P9K_WIFI_NOISE | noise in dBm, from -120 to 0 + # P9K_WIFI_BARS | signal strength in bars, from 0 to 4 (derived from P9K_WIFI_RSSI and P9K_WIFI_NOISE) + + ####################################[ time: current time ]#################################### + # Current time color. + typeset -g POWERLEVEL9K_TIME_FOREGROUND=0 + typeset -g POWERLEVEL9K_TIME_BACKGROUND=7 + # Format for the current time: 09:51:02. See `man 3 strftime`. + typeset -g POWERLEVEL9K_TIME_FORMAT='%D{%H:%M:%S}' + # If set to true, time will update when you hit enter. This way prompts for the past + # commands will contain the start times of their commands as opposed to the default + # behavior where they contain the end times of their preceding commands. + typeset -g POWERLEVEL9K_TIME_UPDATE_ON_COMMAND=false + # Custom icon. + typeset -g POWERLEVEL9K_TIME_VISUAL_IDENTIFIER_EXPANSION= + # Custom prefix. + # typeset -g POWERLEVEL9K_TIME_PREFIX='at ' + + # Example of a user-defined prompt segment. Function prompt_example will be called on every + # prompt if `example` prompt segment is added to POWERLEVEL9K_LEFT_PROMPT_ELEMENTS or + # POWERLEVEL9K_RIGHT_PROMPT_ELEMENTS. It displays an icon and yellow text on red background + # greeting the user. + # + # Type `p10k help segment` for documentation and a more sophisticated example. + function prompt_example() { + p10k segment -b 1 -f 3 -i '⭐' -t 'hello, %n' + } + + # User-defined prompt segments may optionally provide an instant_prompt_* function. Its job + # is to generate the prompt segment for display in instant prompt. See + # https://github.com/romkatv/powerlevel10k/blob/master/README.md#instant-prompt. + # + # Powerlevel10k will call instant_prompt_* at the same time as the regular prompt_* function + # and will record all `p10k segment` calls it makes. When displaying instant prompt, Powerlevel10k + # will replay these calls without actually calling instant_prompt_*. It is imperative that + # instant_prompt_* always makes the same `p10k segment` calls regardless of environment. If this + # rule is not observed, the content of instant prompt will be incorrect. + # + # Usually, you should either not define instant_prompt_* or simply call prompt_* from it. If + # instant_prompt_* is not defined for a segment, the segment won't be shown in instant prompt. + function instant_prompt_example() { + # Since prompt_example always makes the same `p10k segment` calls, we can call it from + # instant_prompt_example. This will give us the same `example` prompt segment in the instant + # and regular prompts. + prompt_example + } + + # User-defined prompt segments can be customized the same way as built-in segments. + typeset -g POWERLEVEL9K_EXAMPLE_FOREGROUND=3 + typeset -g POWERLEVEL9K_EXAMPLE_BACKGROUND=1 + # typeset -g POWERLEVEL9K_EXAMPLE_VISUAL_IDENTIFIER_EXPANSION='⭐' + + # Transient prompt works similarly to the builtin transient_rprompt option. It trims down prompt + # when accepting a command line. Supported values: + # + # - off: Don't change prompt when accepting a command line. + # - always: Trim down prompt when accepting a command line. + # - same-dir: Trim down prompt when accepting a command line unless this is the first command + # typed after changing current working directory. + typeset -g POWERLEVEL9K_TRANSIENT_PROMPT=always + + # Instant prompt mode. + # + # - off: Disable instant prompt. Choose this if you've tried instant prompt and found + # it incompatible with your zsh configuration files. + # - quiet: Enable instant prompt and don't print warnings when detecting console output + # during zsh initialization. Choose this if you've read and understood + # https://github.com/romkatv/powerlevel10k/blob/master/README.md#instant-prompt. + # - verbose: Enable instant prompt and print a warning when detecting console output during + # zsh initialization. Choose this if you've never tried instant prompt, haven't + # seen the warning, or if you are unsure what this all means. + typeset -g POWERLEVEL9K_INSTANT_PROMPT=off + + # Hot reload allows you to change POWERLEVEL9K options after Powerlevel10k has been initialized. + # For example, you can type POWERLEVEL9K_BACKGROUND=red and see your prompt turn red. Hot reload + # can slow down prompt by 1-2 milliseconds, so it's better to keep it turned off unless you + # really need it. + typeset -g POWERLEVEL9K_DISABLE_HOT_RELOAD=true + + # If p10k is already loaded, reload configuration. + # This works even with POWERLEVEL9K_DISABLE_HOT_RELOAD=true. + (( ! $+functions[p10k] )) || p10k reload +} + +# Tell `p10k configure` which file it should overwrite. +typeset -g POWERLEVEL9K_CONFIG_FILE=${${(%):-%x}:a} + +(( ${#p10k_config_opts} )) && setopt ${p10k_config_opts[@]} +'builtin' 'unset' 'p10k_config_opts' diff --git a/home/qenya/dconf/background-image.jpg b/home/qenya/dconf/background-image.jpg new file mode 100755 index 0000000..bc9a614 Binary files /dev/null and b/home/qenya/dconf/background-image.jpg differ diff --git a/home/qenya/dconf/default.nix b/home/qenya/dconf/default.nix new file mode 100644 index 0000000..466ff5b --- /dev/null +++ b/home/qenya/dconf/default.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, osConfig, ... }: + +# dconf is the configuration manager for GNOME. + +let + isGnome = osConfig.services.desktopManager.gnome.enable; +in +{ + dconf.enable = isGnome; + + dconf.settings = { + "org/gnome/settings-daemon/plugins/color".night-light-enabled = true; + "org/gnome/desktop/sound".event-sounds = false; + "org/gnome/desktop/sound".allow-volume-above-100-percent = true; + "org/gnome/settings-daemon/plugins/power".power-saver-profile-on-low-battery = true; + }; + + imports = [ + ./desktop.nix + ./keyboard.nix + ./mouse-touchpad.nix + ./multitasking.nix + ./shell.nix + ./wellbeing.nix + ]; +} diff --git a/home/qenya/dconf/desktop.nix b/home/qenya/dconf/desktop.nix new file mode 100644 index 0000000..4cfbaa7 --- /dev/null +++ b/home/qenya/dconf/desktop.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +let inherit (lib) mkIf; +in { + dconf.settings = { + "org/gnome/desktop/background" = { + picture-options = "zoom"; + picture-uri = "${config.home.homeDirectory}/.background-image"; + picture-uri-dark = "${config.home.homeDirectory}/.background-image"; + }; + "org/gnome/desktop/screensaver" = { + picture-options = "zoom"; + picture-uri = "${config.home.homeDirectory}/.background-image"; + }; + "org/gnome/desktop/interface" = { + color-scheme = "prefer-dark"; + enable-hot-corners = false; + }; + }; + home.file.".background-image" = mkIf config.dconf.enable { + source = ./background-image.jpg; + }; +} diff --git a/home/qenya/dconf/keyboard.nix b/home/qenya/dconf/keyboard.nix new file mode 100644 index 0000000..5271bae --- /dev/null +++ b/home/qenya/dconf/keyboard.nix @@ -0,0 +1,12 @@ +# { config, lib, pkgs, ... }: + +{ + dconf.settings = { + "org/gnome/desktop/wm/keybindings" = { + # These are largely useless on most normal systems + # and conflict with VS Code's default keybinds for "Copy Line Up/Down" + move-to-workspace-up = [ ]; + move-to-workspace-down = [ ]; + }; + }; +} diff --git a/home/qenya/dconf/mouse-touchpad.nix b/home/qenya/dconf/mouse-touchpad.nix new file mode 100644 index 0000000..f3fd932 --- /dev/null +++ b/home/qenya/dconf/mouse-touchpad.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: + +{ + dconf.settings = { + "org/gnome/desktop/peripherals/mouse" = { + natural-scroll = false; + }; + "org/gnome/desktop/peripherals/touchpad" = { + click-method = "fingers"; + disable-while-typing = false; + natural-scroll = true; # the correct option, whatever Janet says + tap-to-click = true; + two-finger-scrolling-enabled = true; + }; + }; +} diff --git a/home/qenya/dconf/multitasking.nix b/home/qenya/dconf/multitasking.nix new file mode 100644 index 0000000..1d93972 --- /dev/null +++ b/home/qenya/dconf/multitasking.nix @@ -0,0 +1,11 @@ +{ config, lib, pkgs, ... }: + +{ + dconf.settings = { + "org/gnome/mutter" = { + edge-tiling = true; + dynamic-workspaces = true; + workspaces-only-on-primary = true; + }; + }; +} diff --git a/home/qenya/dconf/shell.nix b/home/qenya/dconf/shell.nix new file mode 100644 index 0000000..73672fd --- /dev/null +++ b/home/qenya/dconf/shell.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, ... }: +{ + dconf.settings = { + "org/gnome/shell" = { + disable-user-extensions = true; + + # TODO: this is fine for now on tohru (the only GNOME system I use) but shouldn't depend on certain apps being installed + favorite-apps = [ + "discord.desktop" + "org.gnome.Evolution.desktop" + "firefox.desktop" + "torbrowser.desktop" + "steam.desktop" + "codium.desktop" + "org.gnome.Console.desktop" + "org.gnome.Nautilus.desktop" + "org.gnome.SystemMonitor.desktop" + ]; + + # TODO: fill this out (needs preinstalled stuff removing first) + # app-picker-layout = [ + # ... + # ]; + }; + }; +} diff --git a/home/qenya/dconf/wellbeing.nix b/home/qenya/dconf/wellbeing.nix new file mode 100644 index 0000000..b547b0f --- /dev/null +++ b/home/qenya/dconf/wellbeing.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, ... }: + +# These features are cool and I would like to keep trying them, but they are +# horribly bugged in GNOME 48.1. Consider re-enabling them when 48.2 is +# released. See, e.g.: +# https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/8289 +# https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/8299 +# https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/8305 +# https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/8376 +# https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/8398 + +{ + dconf.settings = { + # "org/gnome/desktop/screen-time-limits".daily-limit-enabled = true; + # "org/gnome/desktop/break-reminders".selected-breaks = [ "eyesight" "movement" ]; + "org/gnome/desktop/screen-time-limits".daily-limit-enabled = false; + "org/gnome/desktop/break-reminders".selected-breaks = [ ]; + }; +} diff --git a/home/qenya/default.nix b/home/qenya/default.nix new file mode 100644 index 0000000..47c64dd --- /dev/null +++ b/home/qenya/default.nix @@ -0,0 +1,16 @@ +{ + imports = [ + ./dconf + ./feishin.nix + ./firefox.nix + ./fonts.nix + ./git.nix + ./packages.nix + ./tmux.nix + ./vscode.nix + ./xdg-mime-apps.nix + ./zsh.nix + ]; + + home.stateVersion = "23.11"; +} diff --git a/home/qenya/feishin.nix b/home/qenya/feishin.nix new file mode 100644 index 0000000..e3c7360 --- /dev/null +++ b/home/qenya/feishin.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, osConfig, ... }: + +# Feishin ideally wants to see mpv at runtime, but this isn't catered for by +# the derivation in nixpkgs as it isn't strictly necessary. +# An easier way to do this would be to write mpv's full nix store path to +# Feishin's config. But Feishin has one JSON file for config and state, and +# we'd rather not overwrite the latter. Until and unless home-manager grows +# support for partially patching files, we live with this. + +let + inherit (lib) mkIf; + isGraphical = osConfig.services.xserver.enable; +in +{ + home.packages = mkIf isGraphical [ + (pkgs.feishin.overrideAttrs (originalAttrs: { + buildInputs = originalAttrs.buildInputs ++ [ pkgs.mpv ]; + postFixup = '' + ${originalAttrs.postFixup or ""} + wrapProgram $out/bin/feishin --prefix PATH : ${lib.makeBinPath [ pkgs.mpv ]} + ''; + })) + ]; +} diff --git a/home/qenya/firefox.nix b/home/qenya/firefox.nix new file mode 100644 index 0000000..5335728 --- /dev/null +++ b/home/qenya/firefox.nix @@ -0,0 +1,120 @@ +{ config, lib, pkgs, osConfig, inputs, ... }: + +let + inherit (lib) mkIf; + isGraphical = osConfig.services.xserver.enable; +in +{ + programs.firefox = lib.mkIf isGraphical { + enable = true; + languagePacks = [ "en-GB" ]; + + policies = { + ExtensionSettings = { + # uBlock Origin + "uBlock0@raymondhill.net" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"; + installation_mode = "force_installed"; + private_browsing = true; + }; + # 1Password + "{d634138d-c276-4fc8-924b-40a0ea21d284}" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/1password-x-password-manager/latest.xpi"; + installation_mode = "force_installed"; + default_area = "navbar"; + }; + # Disqus Auto-Expander + "disqus-auto-expander@john30013.com" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/disqus-auto-expander/latest.xpi"; + installation_mode = "force_installed"; + }; + # Indie Wiki Buddy + "{cb31ec5d-c49a-4e5a-b240-16c767444f62}" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/indie-wiki-buddy/latest.xpi"; + installation_mode = "force_installed"; + }; + # SteamDB + "firefox-extension@steamdb.info" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/steam-database/latest.xpi"; + installation_mode = "force_installed"; + }; + }; + }; + + profiles.default = { + search = { + force = true; + default = "leta"; + privateDefault = "leta"; + order = [ "leta" "searxng" ]; + engines = { + searxng = { + name = "SearXNG metasearch"; + description = "SearXNG is a metasearch engine that respects your privacy."; + urls = [{ + method = "POST"; + template = "https://sx.catgirl.cloud/search"; + params = [{ name = "q"; value = "{searchTerms}"; }]; + }]; + icon = "https://sx.catgirl.cloud/static/themes/simple/img/favicon.png"; + definedAliases = [ "@sx" ]; + }; + leta = { + name = "Mullvad Leta"; + description = "A privacy focused search engine provided by Mullvad."; + urls = [{ template = "https://leta.mullvad.net/search?q={searchTerms}&engine=google"; }]; + iconMapObj."16" = "https://mullvad.net/favicon.ico"; + definedAliases = [ "@leta" ]; + }; + netrunnerdb = { + name = "NetrunnerDB"; + urls = [{ template = "https://netrunnerdb.com/find/?q={searchTerms}"; }]; + iconMapObj."16" = "https://netrunnerdb.com/favicon.png"; + iconMapObj."196" = "https://netrunnerdb.com/icon.png"; + definedAliases = [ "@nrdb" ]; + }; + }; + }; + + settings = { + "browser.startup.page" = 3; # resume previous session + "browser.newtabpage.activity-stream.showSponsored" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + + # disable telemetry + "datareporting.healthreport.uploadEnabled" = false; + "app.shield.optoutstudies.enabled" = false; + "browser.crashReports.unsubmittedCheck.autoSubmit2" = false; + + # disable prefetch? + + # DNS over HTTPS + "network.trr.custom_uri" = "https://base.dns.mullvad.net/dns-query"; + "network.trr.excluded-domains" = "detectportal.firefox.com"; + "network.trr.mode" = 3; + "network.trr.uri" = "https://base.dns.mullvad.net/dns-query"; + + "browser.search.suggest.enabled" = false; + "browser.urlbar.suggest.searches" = false; + + "dom.security.https_only_mode" = true; + "browser.contentblocking.category" = "strict"; # Enhanced Tracking Protection + # I think these are implied by the above + # "privacy.donottrackheader.enabled" = true; + # "privacy.trackingprotection.enabled" = true; + # "privacy.trackingprotection.emailtracking.enabled" = true; + # "privacy.trackingprotection.socialtracking.enabled" = true; + + "privacy.sanitize.sanitizeOnShutdown" = true; + "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = false; + + "dom.private-attribution.submission.enabled" = false; # disable "Privacy-Preserving Attribution for Advertising" + "extensions.autoDisableScopes" = 0; # automatically enable extensions installed through nix + + # external password manager + "signon.rememberSignons" = false; + "extensions.formautofill.creditCards.enabled" = false; + }; + }; + }; +} diff --git a/home/qenya/fonts.nix b/home/qenya/fonts.nix new file mode 100644 index 0000000..e1b418f --- /dev/null +++ b/home/qenya/fonts.nix @@ -0,0 +1,17 @@ +{ config, lib, pkgs, osConfig, ... }: + +let + inherit (lib) mkIf; + isGraphical = osConfig.services.xserver.enable; +in +mkIf isGraphical { + fonts.fontconfig = { + enable = true; + }; + + home.packages = with pkgs; [ + meslo-lgs-nf + ]; + + programs.vscode.profiles.default.userSettings."terminal.integrated.fontFamily" = "MesloLGS NF"; +} diff --git a/home/qenya/git.nix b/home/qenya/git.nix new file mode 100644 index 0000000..7bec854 --- /dev/null +++ b/home/qenya/git.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ... }: + +{ + programs.git = { + enable = true; + settings = { + user.email = "git@qenya.tel"; + user.name = "Katherina Walshe-Grey"; + init.defaultBranch = "main"; + pull.rebase = true; + push.autoSetupRemote = true; + }; + }; +} diff --git a/home/qenya/packages.nix b/home/qenya/packages.nix new file mode 100644 index 0000000..acc7183 --- /dev/null +++ b/home/qenya/packages.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, osConfig, ... }: + +let + inherit (lib) optionals; + isGraphical = osConfig.services.xserver.enable; + isGnome = osConfig.services.desktopManager.gnome.enable; + isPlasma = osConfig.services.desktopManager.plasma6.enable; +in +{ + home.packages = with pkgs; [ + eza # like `ls` but fancier + hexyl # like `xxd` but cooler + ripgrep # like `grep` but faster + tree # like `ls -R` but nicer + units + zip + unzip + + # Extremely important + fortune + cowsay + lolcat + ] ++ optionals isGraphical [ + _1password-gui + discord + # https://github.com/NixOS/nixpkgs/issues/427155 + # gimp-with-plugins + tor-browser + zoom-us + + # libreoffice + libreoffice + hunspell + hunspellDicts.en_GB-ise + ] ++ optionals isGnome [ + celluloid + ] ++ optionals isPlasma [ + haruna + ]; +} diff --git a/home/qenya/tmux.nix b/home/qenya/tmux.nix new file mode 100644 index 0000000..407a517 --- /dev/null +++ b/home/qenya/tmux.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, ... }: + +{ + # Derived from https://github.com/srid/nixos-config/blob/master/home/tmux.nix + + programs.tmux = { + enable = true; + clock24 = true; + shortcut = "a"; # `screen` muscle memory compatibility + baseIndex = 1; # this is a UI, 0-indexing is not appropriate, fight me + newSession = true; # skip the manual step + escapeTime = 0; # otherwise I keep reflexively hammering Esc + secureSocket = false; # make sessions survive user logout + + plugins = with pkgs; [ + tmuxPlugins.better-mouse-mode + ]; + mouse = true; + + extraConfig = '' + # https://old.reddit.com/r/tmux/comments/mesrci/tmux_2_doesnt_seem_to_use_256_colors/ + set -g default-terminal "xterm-256color" + set -ga terminal-overrides ",*256col*:Tc" + set -ga terminal-overrides '*:Ss=\E[%p1%d q:Se=\E[ q' + set-environment -g COLORTERM "truecolor" + + # easy-to-remember split pane commands + bind | split-window -h -c "#{pane_current_path}" + bind - split-window -v -c "#{pane_current_path}" + bind c new-window -c "#{pane_current_path}" + ''; + }; +} diff --git a/home/qenya/vscode.nix b/home/qenya/vscode.nix new file mode 100644 index 0000000..bfbea1c --- /dev/null +++ b/home/qenya/vscode.nix @@ -0,0 +1,100 @@ +{ config, lib, pkgs, osConfig, ... }: + +let + inherit (lib) mkIf mkDefault; + isGraphical = osConfig.services.xserver.enable; +in +{ + programs.vscode = mkIf isGraphical { + enable = true; + package = pkgs.vscodium; + mutableExtensionsDir = false; + profiles.default = { + enableExtensionUpdateCheck = false; + enableUpdateCheck = false; + extensions = with pkgs.vscode-extensions; [ + redhat.ansible + ms-python.black-formatter + ms-azuretools.vscode-docker + mkhl.direnv + dbaeumer.vscode-eslint + golang.go + eamodio.gitlens + jdinhlife.gruvbox + vadimcn.vscode-lldb + matangover.mypy + jnoortheen.nix-ide + ms-python.python + shopify.ruby-lsp + charliermarsh.ruff + rust-lang.rust-analyzer + redhat.vscode-yaml + ]; + userSettings = { + "ansible.validation.lint.enabled" = true; + "ansible.python.interpreterPath" = "\${workspaceFolder}/.venv/bin/python"; # needs some manual one-time setup per repo, but it's better than fucking with FHS + "ansible.lightspeed.enabled" = false; + "css.format.spaceAroundSelectorSeparator" = true; + "css.format.newlineBetweenSelectors" = false; + "debug.allowBreakpointsEverywhere" = true; + "extensions.autoUpdate" = false; + "files.insertFinalNewline" = true; + "git.autofetch" = true; + "git.confirmSync" = false; + "git.enableSmartCommit" = true; + "git.inputValidation" = true; + "git.inputValidationSubjectLength" = null; + "javascript.updateImportsOnFileMove.enabled" = "always"; + "nix.enableLanguageServer" = true; + "nix.serverPath" = "${pkgs.nil}/bin/nil"; + "nix.serverSettings".nil = { + diagnostics.ignored = [ "unused_binding" "unused_with" ]; + formatting.command = [ "${pkgs.nixpkgs-fmt}/bin/nixpkgs-fmt" ]; + nix.flake.autoArchive = true; + }; + "redhat.telemetry.enabled" = false; + "rust-analyzer.check.command" = "clippy"; + "terminal.integrated.allowChords" = false; + "terminal.integrated.defaultProfile.linux" = "zsh"; + "workbench.colorTheme" = "Gruvbox Dark Medium"; + + "[go]" = { + "editor.defaultFormatter" = "golang.go"; + "editor.formatOnSave" = false; + }; + "go.alternateTools" = { + "go" = "${pkgs.go}/bin/go"; + "golangci-lint" = "${pkgs.golangci-lint}/bin/golangci-lint"; + "gopls" = "${pkgs.gopls}/bin/gopls"; + "dlv" = "${pkgs.delve}/bin/dlv"; + "staticcheck" = "${pkgs.go-tools}/bin/staticcheck"; + }; + "go.lintTool" = "golangci-lint"; + "go.toolsManagement.checkForUpdates" = "off"; + "gopls" = { + "formatting.gofumpt" = true; + "ui.semanticTokens" = true; + }; + + "[python]" = { + "editor.defaultFormatter" = "ms-python.black-formatter"; + "editor.formatOnSave" = true; + "editor.codeActionsOnSave" = { + "source.fixAll" = "explicit"; + "source.organizeImports" = "explicit"; + }; + }; + "python.createEnvironment.contentButton" = "show"; + "python.defaultInterpreterPath" = "${pkgs.python3}/bin/python"; + "ruff.nativeServer" = "on"; + "ruff.path" = [ "${pkgs.ruff}/bin/ruff" ]; + "mypy.dmypyExecutable" = "${pkgs.mypy}/bin/dmypy"; + + "[ruby]" = { + "editor.formatOnSave" = true; + "editor.formatOnType" = true; + }; + }; + }; + }; +} diff --git a/home/qenya/xdg-mime-apps.nix b/home/qenya/xdg-mime-apps.nix new file mode 100644 index 0000000..b16f234 --- /dev/null +++ b/home/qenya/xdg-mime-apps.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, osConfig, ... }: + +let + isGraphical = osConfig.services.xserver.enable; +in +{ + xdg.mimeApps = { + enable = isGraphical; + defaultApplications = { + "application/pdf" = [ "org.gnome.Evince.desktop" "org.kde.okular.desktop" ]; + "application/zip" = [ "org.gnome.FileRoller.desktop" "org.kde.ark.desktop" ]; + "image/gif" = [ "org.gnome.Loupe.desktop" "org.kde.gwenview.desktop" ]; + "image/jpeg" = [ "org.gnome.Loupe.desktop" "org.kde.gwenview.desktop" ]; + "image/png" = [ "org.gnome.Loupe.desktop" "org.kde.gwenview.desktop" ]; + "text/plain" = [ "org.gnome.TextEditor.desktop" "org.kde.kate.desktop" ]; + "x-scheme-handler/http" = "firefox.desktop"; + "x-scheme-handler/https" = "firefox.desktop"; + "x-scheme-handler/mailto" = "org.gnome.Evolution.desktop"; # TODO: email on KDE - is Kontact any good? + }; + }; +} diff --git a/home/qenya/zsh.nix b/home/qenya/zsh.nix new file mode 100644 index 0000000..e7e550b --- /dev/null +++ b/home/qenya/zsh.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, ... }: + +{ + home.packages = with pkgs; [ direnv ]; + programs.zsh = { + enable = true; + enableCompletion = true; + autosuggestion.enable = true; + syntaxHighlighting.enable = true; + dotDir = ".config/zsh"; + + shellAliases = { + ll = "ls -l"; + + # don't clobber + mv = "mv -i"; + rename = "rename -i"; + + nix-shell = ''nix-shell --command "zsh"''; + }; + + history = { + size = 10000; + path = "${config.xdg.dataHome}/zsh/history"; + ignorePatterns = [ "rm *" "pkill *" ]; + }; + + oh-my-zsh = { + enable = true; + plugins = [ "git" "sudo" "direnv" ]; + theme = ""; # defer to powerlevel10k + }; + + initContent = '' + source ${pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k/powerlevel10k.zsh-theme + source ${./.p10k.zsh} + ''; + + envExtra = '' + DEFAULT_USER=qenya + ''; + }; +} diff --git a/hosts/elucredassa/default.nix b/hosts/elucredassa/default.nix new file mode 100644 index 0000000..97aba67 --- /dev/null +++ b/hosts/elucredassa/default.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, inputs, ... }: + +let + inherit (lib) mkForce; +in +{ + imports = [ + ./filesystems.nix + ./hardware.nix + ./networking.nix + ]; + + nixpkgs.hostPlatform = "x86_64-linux"; + networking.hostName = "elucredassa"; + networking.hostId = "a8ec6755"; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + + qenya.base-server.enable = true; + + i18n.defaultLocale = "en_GB.UTF-8"; + console.keyMap = "uk"; + services.xserver.xkb.layout = "gb"; + + # These are populated by fountain.backup + randomcat.services.zfs.datasets = { + "rpool_elucredassa/backup" = { mountpoint = "none"; }; + "rpool_elucredassa/backup/kalessin" = { mountpoint = "none"; }; + "rpool_elucredassa/backup/orm" = { mountpoint = "none"; }; + }; + + qenya.services.distributed-builds = { + enable = true; + keyFile = "/etc/ssh/ssh_host_ed25519_key"; + builders = [ "kilgharrah" ]; + }; + + fountain.users.qenya.enable = true; + fountain.admins = [ "qenya" ]; + + system.stateVersion = "24.11"; +} diff --git a/hosts/elucredassa/filesystems.nix b/hosts/elucredassa/filesystems.nix new file mode 100644 index 0000000..40de941 --- /dev/null +++ b/hosts/elucredassa/filesystems.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +{ + boot.initrd.luks.devices = { + "luks-rpool-elucredassa".device = "/dev/disk/by-uuid/5ece5b58-c57a-41ae-b086-03707c39c9a7"; + }; + + fileSystems = { + "/" = { + device = "rpool_elucredassa/root"; + fsType = "zfs"; + }; + "/boot" = { + device = "/dev/disk/by-uuid/2519-E2D6"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + }; + + swapDevices = [{ device = "/dev/disk/by-uuid/c7c48325-e90d-414d-b579-84cb45616ee9"; }]; + + boot.supportedFilesystems = [ "ntfs" ]; # for USB drives +} diff --git a/hosts/elucredassa/hardware.nix b/hosts/elucredassa/hardware.nix new file mode 100644 index 0000000..aca6ddc --- /dev/null +++ b/hosts/elucredassa/hardware.nix @@ -0,0 +1,11 @@ +{ config, lib, pkgs, ... }: + +{ + hardware.enableAllFirmware = true; + hardware.cpu.intel.updateMicrocode = true; + services.fwupd.enable = true; + + # this is an old laptop + services.logind.lidSwitch = "ignore"; +} + diff --git a/hosts/elucredassa/networking.nix b/hosts/elucredassa/networking.nix new file mode 100644 index 0000000..82b4e96 --- /dev/null +++ b/hosts/elucredassa/networking.nix @@ -0,0 +1,36 @@ +{ config, lib, pkgs, ... }: + +{ + systemd.network.enable = true; + networking.useDHCP = false; + + systemd.network.networks."10-wan" = { + matchConfig.Name = "enp1s0f1"; + networkConfig = { + DHCP = "ipv4"; + IPv6AcceptRA = true; + Tunnel = "sit-he-ipv6"; + }; + linkConfig.RequiredForOnline = "routable"; + }; + + systemd.network.netdevs."25-he-ipv6" = { + netdevConfig = { + Name = "sit-he-ipv6"; + Kind = "sit"; + Description = "Hurricane Electric IPv6 Tunnel"; + MTUBytes = 1480; + }; + + tunnelConfig = { + Remote = "216.66.88.98"; + TTL = 255; + }; + }; + + systemd.network.networks."25-he-ipv6" = { + matchConfig.Name = "sit-he-ipv6"; + networkConfig.Address = [ "2001:470:1f1c:3e::2/64" ]; + routes = [{ Destination = [ "::/0" ]; }]; + }; +} diff --git a/hosts/kalessin/default.nix b/hosts/kalessin/default.nix new file mode 100644 index 0000000..9b47cc8 --- /dev/null +++ b/hosts/kalessin/default.nix @@ -0,0 +1,65 @@ +{ config, lib, pkgs, ... }: + +let + keys = import ../../keys.nix; +in +{ + imports = [ + ./hardware-configuration.nix + ./networking.nix + ]; + + nixpkgs.hostPlatform = "aarch64-linux"; + networking.hostName = "kalessin"; + networking.hostId = "534b538e"; + + fountain.users.qenya.enable = true; + fountain.users.randomcat.enable = true; + fountain.users.trungle.enable = true; + fountain.admins = [ "qenya" "randomcat" ]; + + qenya.base-server.enable = true; + + qenya.services.remote-builder = { + enable = true; + authorizedKeys.keys = [ ]; + }; + + randomcat.services.zfs.datasets = { + "rpool_kalessin/state" = { mountpoint = "none"; }; + "rpool_kalessin/state/headscale" = { mountpoint = "/var/lib/headscale"; }; + "rpool_kalessin/state/owncast" = { mountpoint = "/var/lib/owncast"; }; + "rpool_kalessin/state/forgejo" = { mountpoint = "/var/lib/forgejo"; }; + }; + + services.sanoid.datasets."rpool_kalessin/state" = { + useTemplate = [ "production" ]; + recursive = "zfs"; + }; + + qenya.services.owncast = { + enable = true; + domain = "live.qenya.tel"; + dataDir = "/var/lib/owncast"; + }; + + qenya.services.headscale = { + enable = true; + domain = "headscale.unspecified.systems"; + dataDir = "/var/lib/headscale"; + }; + + qenya.services.forgejo = { + enable = true; + domain = "git.unspecified.systems"; + }; + fountain.services.web-redirect = { + enable = true; + domains = { + "git.katherina.rocks" = "git.unspecified.systems"; + "git.qenya.tel" = "git.unspecified.systems"; + }; + }; + + system.stateVersion = "23.11"; +} diff --git a/hosts/kalessin/hardware-configuration.nix b/hosts/kalessin/hardware-configuration.nix new file mode 100644 index 0000000..1007f6f --- /dev/null +++ b/hosts/kalessin/hardware-configuration.nix @@ -0,0 +1,38 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_scsi" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "rpool_kalessin/root"; + fsType = "zfs"; + }; + + fileSystems."/nix" = + { device = "rpool_kalessin/nix"; + fsType = "zfs"; + }; + + fileSystems."/var" = + { device = "rpool_kalessin/var"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/2ADE-A033"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = [ ]; +} diff --git a/hosts/kalessin/networking.nix b/hosts/kalessin/networking.nix new file mode 100644 index 0000000..3c27781 --- /dev/null +++ b/hosts/kalessin/networking.nix @@ -0,0 +1,6 @@ +{ config, lib, pkgs, ... }: + +{ + networking.useNetworkd = true; + networking.interfaces.enp0s6.useDHCP = true; +} diff --git a/hosts/kilgharrah/backup.nix b/hosts/kilgharrah/backup.nix new file mode 100644 index 0000000..efa72f9 --- /dev/null +++ b/hosts/kilgharrah/backup.nix @@ -0,0 +1,8 @@ +{ config, lib, pkgs, ... }: + +{ + services.sanoid.datasets."rpool_albion/state" = { + useTemplate = [ "production" ]; + recursive = "zfs"; + }; +} \ No newline at end of file diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix new file mode 100644 index 0000000..71a0312 --- /dev/null +++ b/hosts/kilgharrah/default.nix @@ -0,0 +1,75 @@ +{ config, lib, pkgs, ... }: + +let + keys = import ../../keys.nix; +in +{ + imports = [ + ./backup.nix + ./filesystems.nix + ./hardware.nix + ./networking.nix + ./plasma.nix + + ./ftp.nix + ]; + + nixpkgs.hostPlatform = "x86_64-linux"; + networking.hostName = "kilgharrah"; + networking.hostId = "72885bb5"; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; + boot.kernelModules = [ "kvm-intel" ]; + + qenya.base-graphical.enable = true; + + time.timeZone = "Europe/London"; + i18n.defaultLocale = "en_GB.UTF-8"; + console.keyMap = "uk"; + services.xserver.xkb.layout = "gb"; + + fountain.users.qenya.enable = true; + age.secrets.user-password-kilgharrah-qenya.file = ../../secrets/user-password-kilgharrah-qenya.age; + users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-kilgharrah-qenya.path; + fountain.admins = [ "qenya" ]; + home-manager.users.qenya = { pkgs, ... }: { + home.packages = with pkgs; [ + heroic + obs-studio + ]; + }; + + qenya.services.remote-builder = { + enable = true; + authorizedKeys.keys = [ + keys.machines.yevaud + keys.machines.orm + keys.machines.tohru + keys.machines.elucredassa + ]; + }; + + programs.steam.enable = true; + qenya.services.audiobookshelf = { + enable = true; + domain = "audiobookshelf.qenya.tel"; + }; + qenya.services.jellyfin = { + enable = true; + domain = "tv.qenya.tel"; + }; + qenya.services.navidrome = { + enable = true; + domain = "music.qenya.tel"; + dataDir = "/srv/music"; + }; + fountain.services.web-redirect = { + enable = true; + domains = { + "jellyfin.qenya.tel" = "tv.qenya.tel"; + }; + }; + + system.stateVersion = "24.05"; + +} diff --git a/hosts/kilgharrah/filesystems.nix b/hosts/kilgharrah/filesystems.nix new file mode 100644 index 0000000..9ebc758 --- /dev/null +++ b/hosts/kilgharrah/filesystems.nix @@ -0,0 +1,93 @@ +{ config, lib, pkgs, ... }: + +{ + # SSD on board + + boot.initrd.luks.devices = { + "cryptroot".device = "/dev/disk/by-uuid/b414aaba-0a36-4135-a7e1-dc9489286acd"; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@" "compress=zstd" ]; + }; + "/home" = { + device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@home" "compress=zstd" ]; + }; + "/nix" = { + device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@nix" "compress=zstd" "noatime" ]; + }; + "/swap" = { + device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@swap" "noatime" ]; + }; + "/root" = { + device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@root" "compress=zstd" ]; + }; + "/srv" = { + device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@srv" "compress=zstd" ]; + }; + "/var/cache" = { + device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@cache" "compress=zstd" "noatime" ]; + }; + "/var/tmp" = { + device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@tmp" "compress=zstd" "noatime" ]; + }; + "/var/log" = { + device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@log" "compress=zstd" "noatime" ]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/9582-E78D"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + }; + + swapDevices = [{ + device = "/swap/swapfile"; + size = 32 * 1024; + }]; + + + # HDD in bay + + environment.etc.crypttab.text = '' + albion UUID=8a924f24-9b65-4f05-aeda-5b4080cc7aa1 /root/luks-albion.key + ''; + + randomcat.services.zfs.datasets = { + "rpool_albion/data" = { mountpoint = "none"; }; + "rpool_albion/data/steam" = { mountpoint = "/home/qenya/.local/share/Steam"; }; + "rpool_albion/state" = { mountpoint = "none"; }; + "rpool_albion/state/audiobookshelf" = { mountpoint = "/var/lib/audiobookshelf"; }; + "rpool_albion/state/jellyfin" = { mountpoint = "/var/lib/jellyfin"; }; + "rpool_albion/state/navidrome" = { mountpoint = "/var/lib/navidrome"; }; + "rpool_albion/srv" = { mountpoint = "none"; }; + "rpool_albion/srv/audiobookshelf" = { mountpoint = "/srv/audiobookshelf"; }; + "rpool_albion/srv/ftp" = { mountpoint = "/srv/ftp"; }; + "rpool_albion/srv/jellyfin" = { mountpoint = "/srv/jellyfin"; }; + "rpool_albion/srv/music" = { mountpoint = "/srv/music"; }; + }; + + + # Other + + boot.supportedFilesystems = [ "ntfs" "zfs" ]; +} diff --git a/hosts/kilgharrah/ftp.nix b/hosts/kilgharrah/ftp.nix new file mode 100644 index 0000000..4164679 --- /dev/null +++ b/hosts/kilgharrah/ftp.nix @@ -0,0 +1,70 @@ +{ config, lib, pkgs, ... }: + +{ + age.secrets.ftp-userDb-qenya = { + # To update this, see the nixos docs for services.vsftpd.userDbPath. Note + # that the command it gives to create a userDb, if applied to an *existing* + # userDb, will *add* the entries from the source file, overwriting any + # entries with the same username but leaving other existing entries intact. + # Also note the database format does not salt hashes. + file = ../../secrets/ftp-userDb-qenya.age; + + # we have to specify this manually because pam_userdb strips the extension + path = "/etc/vsftpd/userDb.db"; + }; + + services.vsftpd = { + enable = true; + localUsers = true; + forceLocalLoginsSSL = true; + forceLocalDataSSL = true; + rsaCertFile = "${config.security.acme.certs."ftp.qenya.tel".directory}/fullchain.pem"; + rsaKeyFile = "${config.security.acme.certs."ftp.qenya.tel".directory}/key.pem"; + + enableVirtualUsers = true; + userlistDeny = false; # turn userlist from a denylist into an allowlist + userlist = [ "qenya" ]; # this is just a list of the users in the userDb + userDbPath = "/etc/vsftpd/userDb"; + + localRoot = "/srv/ftp"; + + extraConfig = '' + # nothing in the default cipher suite is enabled in modern ssl clients! + ssl_ciphers=HIGH + + # set this to something firewallable + pasv_min_port=51000 + pasv_max_port=51099 + + # don't bother with upgrading to TLS, just listen on FTPS only + implicit_ssl=YES + listen_port=990 + ''; + }; + + services.nginx = { + enable = true; + virtualHosts = { + "ftp.qenya.tel" = { + forceSSL = true; + useACMEHost = "ftp.qenya.tel"; + locations."/".return = "503"; + }; + }; + }; + + security.acme.certs = { + "ftp.qenya.tel" = { + webroot = "/var/lib/acme/acme-challenge"; + group = "acme_ftp.qenya.tel"; + }; + }; + + users.groups."acme_ftp.qenya.tel".members = [ + "vsftpd" # not configurable in the vsftpd nixos module + config.services.nginx.group + ]; + + networking.firewall.allowedTCPPorts = [ 990 80 443 ]; + networking.firewall.allowedTCPPortRanges = [{ from = 51000; to = 51099; }]; +} diff --git a/hosts/kilgharrah/hardware.nix b/hosts/kilgharrah/hardware.nix new file mode 100644 index 0000000..360029e --- /dev/null +++ b/hosts/kilgharrah/hardware.nix @@ -0,0 +1,57 @@ +{ config, lib, pkgs, ... }: + +{ + hardware.enableAllFirmware = true; + hardware.cpu.intel.updateMicrocode = true; + services.fwupd.enable = true; + + services.xserver.videoDrivers = [ "nvidia" ]; + hardware.nvidia.open = false; + nixpkgs.config.cudaSupport = true; + nix.settings = { + # Community cache with prebuilt packages with cudaSupport enabled + substituters = [ "https://cache.nixos-cuda.org" ]; + trusted-public-keys = [ "cache.nixos-cuda.org:74DUi4Ye579gUqzH4ziL9IyiJBlDpMRn9MBN8oNan9M=" ]; + }; + + # # Downgrade to driver version 535 as 550 has problems with Wayland + # hardware.nvidia.package = + # let + # rcu_patch = pkgs.fetchpatch { + # url = "https://github.com/gentoo/gentoo/raw/c64caf53/x11-drivers/nvidia-drivers/files/nvidia-drivers-470.223.02-gpl-pfn_valid.patch"; + # hash = "sha256-eZiQQp2S/asE7MfGvfe6dA/kdCvek9SYa/FFGp24dVg="; + # }; + # in + # config.boot.kernelPackages.nvidiaPackages.mkDriver { + # version = "535.154.05"; + # sha256_64bit = "sha256-fpUGXKprgt6SYRDxSCemGXLrEsIA6GOinp+0eGbqqJg="; + # sha256_aarch64 = "sha256-G0/GiObf/BZMkzzET8HQjdIcvCSqB1uhsinro2HLK9k="; + # openSha256 = "sha256-wvRdHguGLxS0mR06P5Qi++pDJBCF8pJ8hr4T8O6TJIo="; + # settingsSha256 = "sha256-9wqoDEWY4I7weWW05F4igj1Gj9wjHsREFMztfEmqm10="; + # persistencedSha256 = "sha256-d0Q3Lk80JqkS1B54Mahu2yY/WocOqFFbZVBh+ToGhaE="; + # patches = [ rcu_patch ]; + # }; + + services.printing.drivers = [ pkgs.hplip ]; + + # enable playing from bluray drive + boot.kernelModules = [ "sg" ]; + environment.systemPackages = [ + ((pkgs.vlc.override { + libbluray = (pkgs.libbluray.override { + withJava = true; + withAACS = true; + withBDplus = true; + }); + }).overrideAttrs (originalAttrs: { + buildInputs = originalAttrs.buildInputs ++ [ pkgs.libdvdcss ]; + # TODO: nixpkgs bug: libbluray needs patching to look at the nix store path of jdk17 when searching for a jdk + # as a workaround, wrap vlc and set JAVA_HOME, which it uses instead of searching when specified + nativeBuildInputs = originalAttrs.nativeBuildInputs ++ [ pkgs.makeWrapper ]; + postFixup = '' + ${originalAttrs.postFixup or ""} + wrapProgram $out/bin/vlc --set JAVA_HOME ${pkgs.jdk17.home} + ''; + })) + ]; +} diff --git a/hosts/kilgharrah/networking.nix b/hosts/kilgharrah/networking.nix new file mode 100644 index 0000000..2db377f --- /dev/null +++ b/hosts/kilgharrah/networking.nix @@ -0,0 +1,15 @@ +{ config, lib, pkgs, ... }: + +{ + systemd.network.enable = true; + networking.useDHCP = false; + + systemd.network.networks."10-wan" = { + matchConfig.Name = "enp2s0"; + networkConfig = { + DHCP = "ipv4"; + IPv6AcceptRA = true; + }; + linkConfig.RequiredForOnline = "routable"; + }; +} diff --git a/hosts/kilgharrah/plasma.nix b/hosts/kilgharrah/plasma.nix new file mode 100644 index 0000000..9913dad --- /dev/null +++ b/hosts/kilgharrah/plasma.nix @@ -0,0 +1,109 @@ +{ config, lib, pkgs, inputs, ... }: + +let + inherit (lib) mkForce; +in +{ + services.displayManager.gdm.enable = mkForce false; + services.desktopManager.gnome.enable = mkForce false; + services.displayManager.sddm.enable = true; + services.displayManager.sddm.wayland.enable = true; + services.desktopManager.plasma6.enable = true; + + environment.systemPackages = with pkgs; [ + (catppuccin-kde.override { + flavour = [ "mocha" ]; + accents = [ "mauve" ]; + winDecStyles = [ "modern" ]; + }) + ]; + + home-manager.users.qenya = { pkgs, ... }: { + imports = [ + inputs.plasma-manager.homeManagerModules.plasma-manager + ]; + + programs.plasma = { + enable = true; + overrideConfig = true; + + workspace = { + lookAndFeel = "Catppuccin-Mocha-Mauve"; + colorScheme = "CatppuccinMochaMauve"; + splashScreen.engine = "KSplashQML"; + splashScreen.theme = "Catppuccin-Mocha-Mauve"; + windowDecorations.library = "org.kde.kwin.aurorae"; + windowDecorations.theme = "__aurorae__svg__CatppuccinMocha-Modern"; + }; + + # For the moment, this hosts some network-accessible services, so we want it on 24/7 + powerdevil.AC.autoSuspend.action = "nothing"; + + panels = [ + # Dock + { + height = 49; # 41 * 1.2 + lengthMode = "fit"; + location = "bottom"; + alignment = "center"; + hiding = "dodgewindows"; + widgets = [{ + name = "org.kde.plasma.icontasks"; + config.General = { + fill = false; + iconSpacing = 2; + launchers = lib.concatStringsSep "," [ + "applications:firefox.desktop" + "applications:codium.desktop" + "applications:steam.desktop" + "applications:discord.desktop" + "applications:com.obsproject.Studio.desktop" + "applications:org.kde.dolphin.desktop" + "applications:org.kde.konsole.desktop" + "applications:org.kde.plasma-systemmonitor.desktop" + ]; + maxStripes = 1; + showOnlyCurrentDesktop = false; + showOnlyCurrentScreen = false; + }; + }]; + screen = "all"; + } + + # Top bar + { + height = 29; # 24 * 1.2 + location = "top"; + alignment = "left"; + floating = false; + widgets = [ + { + name = "org.kde.plasma.kickoff"; + config.General = { + lengthFirstMargin = 7; + }; + } + { name = "org.kde.plasma.panelspacer"; } + { + name = "org.kde.plasma.digitalclock"; + config.Appearance = { + autoFontAndSize = false; + customDateFormat = "dddd, d MMM"; + dateDisplayFormat = "BesideTime"; + dateFormat = "custom"; + fontFamily = "Inter"; + fontStyleName = "Bold"; + fontWeight = 700; + boldText = true; + showWeekNumbers = true; + }; + } + { name = "org.kde.plasma.panelspacer"; } + { name = "org.kde.plasma.systemtray"; } + ]; + screen = "all"; + } + ]; + }; + }; +} diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix new file mode 100644 index 0000000..dc696e9 --- /dev/null +++ b/hosts/orm/default.nix @@ -0,0 +1,69 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ./networking.nix + ]; + + nixpkgs.hostPlatform = "x86_64-linux"; + networking.hostName = "orm"; + networking.hostId = "00000000"; + + fountain.users.qenya.enable = true; + fountain.admins = [ "qenya" ]; + qenya.base-server.enable = true; + + qenya.services.distributed-builds = { + enable = true; + keyFile = "/etc/ssh/ssh_host_ed25519_key"; + builders = [ "kilgharrah" ]; + }; + nix.settings.max-jobs = 0; + + randomcat.services.zfs.datasets = { + "rpool_orm/state" = { mountpoint = "none"; }; + "rpool_orm/state/actual" = { mountpoint = "/var/lib/private/actual"; }; + "rpool_orm/state/postgresql" = { mountpoint = "/var/lib/postgresql"; }; + }; + + services.sanoid.datasets."rpool_orm/state" = { + useTemplate = [ "production" ]; + recursive = "zfs"; + }; + + services.postgresql = { + enable = true; + package = pkgs.postgresql_17; + dataDir = "/var/lib/postgresql/17"; + # managing imperatively instead of using ensureDatabases/ensureUsers + + enableTCPIP = true; + settings = { + port = 5432; + # TODO: fix SSL + # ssl = true; + }; + # only allow remote connections from within Tailscale + authentication = pkgs.lib.mkOverride 10 '' + #type database DBuser auth-method + local all all trust # used by nixos for local monitoring + host sameuser all 100.64.0.0/10 scram-sha-256 + host sameuser all fd7a:115c:a1e0::/48 scram-sha-256 + ''; + }; + networking.firewall.interfaces."tailscale0".allowedTCPPorts = [ 5432 ]; + + qenya.services.actual = { + enable = true; + domain = "actual.unspecified.systems"; + }; + fountain.services.web-redirect = { + enable = true; + domains = { + "actual.qenya.tel" = "actual.unspecified.systems"; + }; + }; + + system.stateVersion = "23.11"; +} diff --git a/hosts/orm/hardware-configuration.nix b/hosts/orm/hardware-configuration.nix new file mode 100644 index 0000000..34ef7b3 --- /dev/null +++ b/hosts/orm/hardware-configuration.nix @@ -0,0 +1,40 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "rpool_orm/root"; + fsType = "zfs"; + }; + + fileSystems."/nix" = + { device = "rpool_orm/nix"; + fsType = "zfs"; + }; + + fileSystems."/var" = + { device = "rpool_orm/var"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/3739-E8C1"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/a0ac8f60-25f9-4dec-af70-e3f4cd36c575"; } + ]; +} diff --git a/hosts/orm/networking.nix b/hosts/orm/networking.nix new file mode 100644 index 0000000..9423165 --- /dev/null +++ b/hosts/orm/networking.nix @@ -0,0 +1,6 @@ +{ config, lib, pkgs, ... }: + +{ + networking.useNetworkd = true; + networking.interfaces.ens3.useDHCP = true; +} diff --git a/hosts/shaw/home.nix b/hosts/shaw/home.nix new file mode 100644 index 0000000..4878cc4 --- /dev/null +++ b/hosts/shaw/home.nix @@ -0,0 +1,11 @@ +{ config, lib, pkgs, ... }: + +{ + services.syncthing = { + # enable = true; + extraOptions = [ + "--gui-address=:8385" + "--home=/home/qenya/state/syncthing" + ]; + }; +} diff --git a/hosts/tehanu/default.nix b/hosts/tehanu/default.nix new file mode 100644 index 0000000..fc1ecad --- /dev/null +++ b/hosts/tehanu/default.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ./networking.nix + ]; + + nixpkgs.hostPlatform = "aarch64-linux"; + networking.hostName = "tehanu"; + networking.hostId = "8e1185ab"; + + fountain.users.qenya.enable = true; + fountain.admins = [ "qenya" ]; + + qenya.base-server.enable = true; + + system.stateVersion = "23.11"; +} diff --git a/hosts/tehanu/hardware-configuration.nix b/hosts/tehanu/hardware-configuration.nix new file mode 100644 index 0000000..04d514e --- /dev/null +++ b/hosts/tehanu/hardware-configuration.nix @@ -0,0 +1,38 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_scsi" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "rpool_tehanu/root"; + fsType = "zfs"; + }; + + fileSystems."/nix" = + { device = "rpool_tehanu/nix"; + fsType = "zfs"; + }; + + fileSystems."/var" = + { device = "rpool_tehanu/var"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/629B-BA09"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = [ ]; +} diff --git a/hosts/tehanu/networking.nix b/hosts/tehanu/networking.nix new file mode 100644 index 0000000..3c27781 --- /dev/null +++ b/hosts/tehanu/networking.nix @@ -0,0 +1,6 @@ +{ config, lib, pkgs, ... }: + +{ + networking.useNetworkd = true; + networking.interfaces.enp0s6.useDHCP = true; +} diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix deleted file mode 100644 index 5abb6b0..0000000 --- a/hosts/tohru/configuration.nix +++ /dev/null @@ -1,90 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.systemd-boot.editor = false; - - networking.hostName = "tohru"; - networking.hostId = "31da19c1"; - networking.networkmanager.enable = true; - - time.timeZone = "Europe/London"; - - i18n.defaultLocale = "en_GB.UTF-8"; - console.keyMap = "uk"; - - services.xserver.enable = true; - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - - services.xserver.xkb.layout = "gb"; - - services.printing.enable = true; - - sound.enable = true; - hardware.pulseaudio.enable = true; - - # Enable touchpad support (enabled default in most desktopManager). - services.xserver.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.bluebird = { - isNormalUser = true; - extraGroups = [ "wheel" "networkmanager" ]; - packages = with pkgs; [ - tor-browser-bundle-bin - firefox - tree - ]; - }; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - bitwarden - git - plocate - wget - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - nixpkgs.config.allowUnfree = true; - hardware.enableAllFirmware = true; - services.fwupd.enable = true; - services.fstrim.enable = true; - - boot.initrd.luks.devices = { - "rpool".device = "/dev/nvme0n1p2"; - }; - - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . - system.stateVersion = "23.11"; -} - diff --git a/hosts/tohru/default.nix b/hosts/tohru/default.nix new file mode 100644 index 0000000..b1e5bf9 --- /dev/null +++ b/hosts/tohru/default.nix @@ -0,0 +1,73 @@ +{ config, lib, pkgs, inputs, ... }: + +let + inherit (lib) mkIf mkForce; +in +{ + imports = [ + ./filesystems.nix + ./hardware.nix + ./networking.nix + + ./syncthing.nix + ]; + + nixpkgs.hostPlatform = "x86_64-linux"; + networking.hostName = "tohru"; + networking.hostId = "31da19c1"; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + + qenya.base-graphical.enable = true; + + time.timeZone = "Europe/London"; + i18n.defaultLocale = "en_GB.UTF-8"; + console.keyMap = "uk"; + services.xserver.xkb.layout = "gb"; + + # tohru does not have the resources to run this under other load and is generally powered off when not in use. + # instead, just run `nix-store --optimise` every so often. + nix.optimise.automatic = mkForce false; + + fountain.users.qenya.enable = true; + fountain.admins = [ "qenya" ]; + age.secrets.user-password-tohru-qenya.file = ../../secrets/user-password-tohru-qenya.age; + users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-tohru-qenya.path; + users.users.qenya.extraGroups = [ + "networkmanager" # UI wifi configuration + "dialout" # access to serial ports + "docker" + ]; + + nixpkgs.overlays = [ inputs.scoutshonour.overlays.default ]; + home-manager.users.qenya = { pkgs, ... }: { + home.packages = with pkgs; [ + keepassxc + apostrophe + foliate + nicotine-plus + tuba + + # games + openttd + prismlauncher + scoutshonour.digital-a-love-story + scoutshonour.dont-take-it-personally-babe + ]; + + services.podman.enable = true; + }; + + qenya.services.distributed-builds = { + enable = true; + keyFile = "/etc/ssh/ssh_host_ed25519_key"; + builders = [ "kilgharrah" ]; + }; + + programs.evolution.enable = true; # not in home-manager yet; not declaratively configurable yet + programs.steam.enable = true; + virtualisation.docker.enable = true; + + system.stateVersion = "23.11"; +} diff --git a/hosts/tohru/filesystems.nix b/hosts/tohru/filesystems.nix new file mode 100644 index 0000000..6975fe6 --- /dev/null +++ b/hosts/tohru/filesystems.nix @@ -0,0 +1,51 @@ +{ config, lib, pkgs, ... }: + +{ + boot.initrd.luks.devices = { + "rpool".device = "/dev/nvme0n1p2"; + }; + + boot.supportedFilesystems = [ "ntfs" ]; # for USB drives + + fileSystems = { + "/" = { + device = "rpool/root"; + fsType = "zfs"; + }; + "/nix" = { + device = "rpool/nix"; + fsType = "zfs"; + }; + "/var" = { + device = "rpool/var"; + fsType = "zfs"; + }; + "/config" = { + device = "rpool/config"; + fsType = "zfs"; + }; + "/home" = { + device = "rpool/home"; + fsType = "zfs"; + }; + "/data" = { + device = "rpool/data"; + fsType = "zfs"; + }; + "/data/syncthing" = { + device = "rpool/data/syncthing"; + fsType = "zfs"; + }; + "/data/steam" = { + device = "rpool/data/steam"; + fsType = "zfs"; + }; + "/boot" = { + device = "/dev/disk/by-uuid/7DD4-487E"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + }; + + swapDevices = [{ device = "/dev/disk/by-uuid/a066313e-2467-4e07-ad0c-aeb7ff3f8d97"; }]; +} diff --git a/hosts/tohru/hardware-configuration.nix b/hosts/tohru/hardware-configuration.nix deleted file mode 100644 index 95d3991..0000000 --- a/hosts/tohru/hardware-configuration.nix +++ /dev/null @@ -1,54 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "rpool/root"; - fsType = "zfs"; - }; - - fileSystems."/nix" = - { device = "rpool/nix"; - fsType = "zfs"; - }; - - fileSystems."/var" = - { device = "rpool/var"; - fsType = "zfs"; - }; - - fileSystems."/home" = - { device = "rpool/home"; - fsType = "zfs"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/7DD4-487E"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno2.useDHCP = lib.mkDefault true; - # networking.interfaces.wlo1.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/tohru/hardware.nix b/hosts/tohru/hardware.nix new file mode 100644 index 0000000..a2515bd --- /dev/null +++ b/hosts/tohru/hardware.nix @@ -0,0 +1,10 @@ +{ config, lib, pkgs, ... }: + +{ + hardware.enableAllFirmware = true; + hardware.cpu.intel.updateMicrocode = true; + services.fwupd.enable = true; + + services.printing.drivers = [ pkgs.hplip ]; +} + diff --git a/hosts/tohru/networking.nix b/hosts/tohru/networking.nix new file mode 100644 index 0000000..be3822f --- /dev/null +++ b/hosts/tohru/networking.nix @@ -0,0 +1,8 @@ +{ config, lib, pkgs, ... }: + +{ + networking.useNetworkd = true; + systemd.network.wait-online.enable = false; + + networking.networkmanager.enable = true; +} diff --git a/hosts/tohru/syncthing.nix b/hosts/tohru/syncthing.nix new file mode 100644 index 0000000..990b267 --- /dev/null +++ b/hosts/tohru/syncthing.nix @@ -0,0 +1,53 @@ +{ config, lib, pkgs, ... }: + +{ + services.syncthing = { + # enable = true; + user = "qenya"; + dataDir = "/data/syncthing"; + openDefaultPorts = true; + overrideDevices = true; + overrideFolders = true; + settings = { + devices = { + "kilgharrah" = { id = "RDT7IGD-76FZ6LY-37PPB2W-DWPQRPR-LZ4AXF7-4GIIHYJ-RVXUUSG-ZXPN3AZ"; }; + "latias" = { id = "EN4W2SB-LB4AAZQ-6AQIE7G-S3BSCSP-V2EUNMM-KAQEHW3-PPAPGBO-PXRPWAL"; }; + "shaw" = { id = "NC7WMZS-GQETJYR-IAYGD65-GHTSTVP-VAAG43K-W7N3LO5-C5OQMZ2-DTK6YA7"; }; + }; + folders = { + "Sync" = { + id = "uln2v-zwzwj"; + path = "~/Sync"; + devices = [ "kilgharrah" "shaw" ]; + }; + + "Documents" = { + id = "alp59-7gs9s"; + path = "~/Documents"; + devices = [ "kilgharrah" "shaw" ]; + }; + "Music" = { + id = "7xvkf-y62s7"; + path = "~/Music"; + devices = [ "kilgharrah" "shaw" ]; + }; + "Pictures" = { + id = "tbmhx-ep7wk"; + path = "~/Pictures"; + devices = [ "kilgharrah" "shaw" ]; + }; + + "ES-DE" = { + id = "c1cbh-llw94"; + path = "~/ES-DE"; + devices = [ "kilgharrah" "latias" "shaw" ]; + }; + "ROMs" = { + id = "dcze4-v6act"; + path = "~/ROMs"; + devices = [ "kilgharrah" "latias" "shaw" ]; + }; + }; + }; + }; +} diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix new file mode 100644 index 0000000..24d2964 --- /dev/null +++ b/hosts/yevaud/default.nix @@ -0,0 +1,36 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ./networking.nix + + ./experiments/pennykettle.nix + ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + networking.hostName = "yevaud"; + networking.hostId = "09673d65"; + + fountain.users.qenya.enable = true; + fountain.admins = [ "qenya" ]; + qenya.base-server.enable = true; + + qenya.services.distributed-builds = { + enable = true; + keyFile = "/etc/ssh/ssh_host_ed25519_key"; + builders = [ "kilgharrah" ]; + }; + nix.settings.max-jobs = 0; + + randomcat.services.zfs.datasets = { + "rpool/state" = { mountpoint = "none"; }; + }; + + services.sanoid.datasets."rpool/state" = { + useTemplate = [ "production" ]; + recursive = "zfs"; + }; + + system.stateVersion = "23.11"; +} diff --git a/hosts/yevaud/experiments/pennykettle.nix b/hosts/yevaud/experiments/pennykettle.nix new file mode 100644 index 0000000..7453219 --- /dev/null +++ b/hosts/yevaud/experiments/pennykettle.nix @@ -0,0 +1,66 @@ +{ config, lib, pkgs, ... }: + +{ + networking.firewall.allowedUDPPorts = [ 51820 ]; + networking.firewall.interfaces."tailscale0".allowedTCPPorts = config.networking.firewall.allowedTCPPorts ++ [ 1080 ]; + + environment.systemPackages = [ pkgs.wireguard-tools ]; + networking.wireguard.interfaces."wg-protonvpn" = { + ips = [ "10.2.0.2/32" ]; + peers = [{ + allowedIPs = [ "0.0.0.0/0" "::/0" ]; + endpoint = "217.138.216.162:51820"; + publicKey = "C+u+eQw5yWI2APCfVJwW6Ovj3g4IrTOfe+tMZnNz43s="; + }]; + privateKeyFile = config.age.secrets.protonvpn-pennykettle1.path; + listenPort = 51820; + table = "957851094"; # randomly generated + }; + + networking.localCommands = '' + ip rule add from 10.2.0.2/32 table 957851094 + ''; + networking.firewall.checkReversePath = "loose"; + + age.secrets.protonvpn-pennykettle1 = { + file = ../../../secrets/protonvpn-pennykettle1.age; + owner = "root"; + group = "systemd-network"; + mode = "640"; + }; + + services.dante = { + enable = true; + config = '' + debug: 2 + internal: tailscale0 + external: wg-protonvpn + + # auth/tls handled by tailscale + clientmethod: none + socksmethod: none + + # allow connections from tailscale + # "0/0" matches any v4 or v6 address + client pass { + from: 100.64.0.0/10 to: 0/0 + log: error connect disconnect + } + client pass { + from: fd7a:115c:a1e0::/48 to: 0/0 + log: error connect disconnect + } + + socks pass { + from: 0/0 to: 0/0 + protocol: tcp udp + log: error connect disconnect iooperation + } + ''; + }; + + systemd.services.dante = { + wants = [ "tailscaled-autoconnect.service" ]; + after = [ "tailscaled-autoconnect.service" ]; + }; +} diff --git a/hosts/yevaud/hardware-configuration.nix b/hosts/yevaud/hardware-configuration.nix new file mode 100644 index 0000000..72da1b4 --- /dev/null +++ b/hosts/yevaud/hardware-configuration.nix @@ -0,0 +1,40 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "rpool/root"; + fsType = "zfs"; + }; + + fileSystems."/nix" = + { device = "rpool/nix"; + fsType = "zfs"; + }; + + fileSystems."/var" = + { device = "rpool/var"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/107D-5AB3"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/f8b6eb35-33ad-4e19-bf3d-cac5ec38a8dc"; } + ]; +} diff --git a/hosts/yevaud/networking.nix b/hosts/yevaud/networking.nix new file mode 100644 index 0000000..d54ca7f --- /dev/null +++ b/hosts/yevaud/networking.nix @@ -0,0 +1,5 @@ +{ config, lib, pkgs, ... }: + +{ + networking.interfaces.ens3.useDHCP = true; +} diff --git a/keys.nix b/keys.nix new file mode 100644 index 0000000..9b28be9 --- /dev/null +++ b/keys.nix @@ -0,0 +1,35 @@ +{ + machines = { + reese = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd0qGxvcMLDwX1bqYpwOUL5c/CIgBllMFr+bGkwiwAn root@reese"; + bear = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZ9Kn1CIcDHaleKHf7zO6O30Rbxs/FwL0/Ie+mEjZJr root@bear"; + shaw = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMC0AomCZZiUV/BCpImiV4p/vGvFaz5QNc+fJLXmS5p root@shaw"; + groves = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQNZ/Q+x7mDYfYXftpZpWkfPByyMBbYmVFobM4vSDW2 root@groves"; + tohru = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk8wuGzF0Y7SaH9aimo3SmCz99MTQwL+rEVhx0jsueU root@tohru"; + yevaud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHUAgyQhl390yUObLUI+jEbuNrZ2U6+8px628DolD+T root@yevaud"; + orm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGc9rkcdOVWozBFj3kLVnSyUQQbyyH+UG+bLawanQkRQ root@orm"; + kalessin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPt3iSSmgnlsv1/jafgZgI7o8UuXzcAL45hID2ThfS8 root@kalessin"; + tehanu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ1fNylfLo7Z8m/DroRlj7cHMLhYL7boP3r/upVrtMJQ root@tehanu"; + kilgharrah = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOgGF3gzzlMbxxk3UAAgHJ7sDdjqtrw7UW16M1XhXtz2 root@kilgharrah"; + elucredassa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+Y/vqGNc1wXUAg4XMAAcLupkggywj2LpYDwA16ONbH root@elucredassa"; + carter = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHHHYG6A995Po05+JXQsvB79ZoIiSOJnW6AiJgVYPic root@carter"; + siberys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICF9p2X9Mph+PYV1YZHuMXXBevJatecqx3yr/B8znQud root@vps-9fd2f351.vps.ovh.net"; + }; + + users = { + qenya = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjBuuxo+w3yED0aPnsNb8S90p/GgBqFEG9K4ETZ5Wkq qenya@kilgharrah" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on qenya@tohru" + ]; + randomcat = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHagOaeTR+/7FL9sErciMw30cmV/VW8HU7J3ZFU5nj9 janet@randomcat.org" + ]; + trungle = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA57legzdIcYTVVri4Wc0CvgWefbRhmUqhu0F/5f8FB reuben@glenda-artix" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHAuYWPfYVKdjBY/gBMt2n11Seb+hMqjui1PQ6C4ph8i richard@tress" + ]; + gaelan = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFbDvPKnPXe+58QgdgK8yZ3Ac9dkJdtHJ3pQwWhszM7McwCzCEO/b940K0orLjfeUruC+hGJZO8heIh0J6JwSK907aS2wpHofU9q7bMT0PYeuHrSb2iFrOFIkTIWpO8hnWad8TGKOlOdNTKEdB9zwxXEKTFb9QW1Z27Zql79W44jUvaOTb7gKUps37O77lHEJDModaRsXS2523pSbrTZKDwZ73+S0ECeNUwwzLUyOOUHfENEXnM18hWm8mV0iU7kxFcmS33z9rWlWPNiCXnBnSi5LPgBarYOAqQf56f9OisafKqvc3uX+yn0kGCDWglVGUkbhfSIP9+w+yv/h/NJWIJlJC92ndbktAqAQW4gb7lXYxpbdoWcmqEy97q0e2vyBdhcVXwZ+0q+U8I74m8trq36ieHDtLKYkiFBX6zvrLP4I5OZU+EecdV2HcMoU8HNa5u1mvG+oHaEgkR70a5cQtrPzWLS/OMLqvWL39vO7RNskzwWCSuWScxDGitr+BunRRbL4aKNkkPjdDlIqb/SfSrFikOo75f5Ku4I32nbM7SNpIjA4cHe50rx1UB8lT+RwHdxL99OdoxIPCe6OLA5uT8VGPXkvqd/ZIFOL2HaM+uPLaYbjwLrHlwSOLgGbehmsSD369EXv6NAc5wbzsSLJQhJ66d5unnzGjn4dRt9sbDw== gbs@canishe.com" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHId+2dJYiZK++p8lu9Bax0J29JjeuU4qcIBdLwEz3lm gbs@canishe.com" + ]; + }; +} diff --git a/secrets.nix b/secrets.nix new file mode 100644 index 0000000..25ba859 --- /dev/null +++ b/secrets.nix @@ -0,0 +1,18 @@ +let + keys = import ./keys.nix; + + secrets = with keys; { + ftp-userDb-qenya = [ machines.kilgharrah ] ++ keys.users.qenya; + user-password-kilgharrah-qenya = [ machines.kilgharrah ] ++ keys.users.qenya; + user-password-tohru-qenya = [ machines.tohru ] ++ keys.users.qenya; + protonvpn-pennykettle1 = [ machines.yevaud ] ++ keys.users.qenya; + }; +in +builtins.listToAttrs ( + map + (secretName: { + name = "secrets/${secretName}.age"; + value.publicKeys = secrets."${secretName}"; + }) + (builtins.attrNames secrets) +) diff --git a/secrets/ftp-userDb-qenya.age b/secrets/ftp-userDb-qenya.age new file mode 100644 index 0000000..53f83c0 Binary files /dev/null and b/secrets/ftp-userDb-qenya.age differ diff --git a/secrets/protonvpn-pennykettle1.age b/secrets/protonvpn-pennykettle1.age new file mode 100644 index 0000000..e58dc56 --- /dev/null +++ b/secrets/protonvpn-pennykettle1.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 uJfgGw +h4WiWyMlQZ5iaMFTl/whUD0vJnIN0GYeqRbZ0MIH0o +eKio4DsSJlrvSAjmR0naDO/lmB78o7cy7QC9WZjHUa0 +-> ssh-ed25519 seJ9Iw xov8WY0TxEj5/wkWg1T0kmrbpXsNhDLnZwqyIg0eExA +wu5QApQk6K8Fu5XMTrWY2veoYbJVuQmn3DJXewVB860 +-> ssh-ed25519 900ILw N6RbpHr4Vwgm0BUCuMXzVo3VEgrl29NF8ZJU5Far7yk +KdA1dZXmcSF3cH9bVdmIbj7iZO3uuSY+isjswDzSu+Y +--- YtnS9FqXVat2hi9BLvX+71HEZDw3zcxIQ7Dp5+iao4c +a'|N7NT5]O0Sm<-1:dg^/u7N?XM~s.9cC \ No newline at end of file diff --git a/secrets/user-password-kilgharrah-qenya.age b/secrets/user-password-kilgharrah-qenya.age new file mode 100644 index 0000000..58fae24 Binary files /dev/null and b/secrets/user-password-kilgharrah-qenya.age differ diff --git a/secrets/user-password-tohru-qenya.age b/secrets/user-password-tohru-qenya.age new file mode 100644 index 0000000..cfe5260 Binary files /dev/null and b/secrets/user-password-tohru-qenya.age differ diff --git a/services/default.nix b/services/default.nix new file mode 100644 index 0000000..97e6e70 --- /dev/null +++ b/services/default.nix @@ -0,0 +1,11 @@ +{ + imports = [ + ./qenya + ./randomcat + + ./distributed-builds.nix + ./remote-builder.nix + ./reverse-proxy.nix + ./web-redirect.nix + ]; +} diff --git a/services/distributed-builds.nix b/services/distributed-builds.nix new file mode 100644 index 0000000..025a0f0 --- /dev/null +++ b/services/distributed-builds.nix @@ -0,0 +1,54 @@ +{ config, lib, pkgs, ... }: + +let + inherit (builtins) elem; + inherit (lib) mkIf mkEnableOption mkOption types optional; + cfg = config.qenya.services.distributed-builds; +in +{ + options.qenya.services.distributed-builds = { + enable = mkEnableOption "distributed builds"; + keyFile = mkOption { + type = types.path; + description = '' + Path to the OpenSSH private key to be used for distributed builds. + ''; + }; + builders = mkOption { + type = types.listOf types.str; + default = [ ]; + description = '' + List of builders to attempt to use for distributed builds. + ''; + example = [ "kalessin" ]; + }; + }; + + config = mkIf cfg.enable { + assertions = [{ + assertion = cfg ? keyFile; + message = "must specify a private key to be used for distributed builds"; + }]; + + nix.distributedBuilds = true; + nix.settings.builders-use-substitutes = true; + + nix.buildMachines = + (optional (elem "kalessin" cfg.builders) { + hostName = "kalessin.birdsong.network"; + sshUser = "remotebuild"; + sshKey = cfg.keyFile; + systems = [ "aarch64-linux" ]; + maxJobs = 2; + supportedFeatures = [ "big-parallel" ]; + }) + ++ (optional (elem "kilgharrah" cfg.builders) { + hostName = "kilgharrah.birdsong.network"; + sshUser = "remotebuild"; + sshKey = cfg.keyFile; + systems = [ "x86_64-linux" ]; + maxJobs = 12; + supportedFeatures = [ "big-parallel" ]; + }); + }; +} diff --git a/services/qenya/actual.nix b/services/qenya/actual.nix new file mode 100644 index 0000000..aeec9ff --- /dev/null +++ b/services/qenya/actual.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, inputs, ... }: + +let + inherit (lib) mkIf mkOption mkEnableOption types; + cfg = config.qenya.services.actual; +in +{ + options.qenya.services.actual = { + enable = mkEnableOption "Actual Budget"; + domain = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable { + fountain.services.reverse-proxy.enable = true; + fountain.services.reverse-proxy.domains.${cfg.domain} = "http://127.0.0.1:5006/"; + + services.actual = { + enable = true; + settings.port = 5006; + }; + }; +} diff --git a/services/qenya/audiobookshelf.nix b/services/qenya/audiobookshelf.nix new file mode 100644 index 0000000..cf3f7fd --- /dev/null +++ b/services/qenya/audiobookshelf.nix @@ -0,0 +1,22 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.qenya.services.audiobookshelf; +in +{ + options.qenya.services.audiobookshelf = { + enable = mkEnableOption "Audiobookshelf"; + domain = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable { + fountain.services.reverse-proxy.enable = true; + fountain.services.reverse-proxy.domains.${cfg.domain} = "http://127.0.0.1:8234/"; + + services.audiobookshelf.enable = true; + services.audiobookshelf.port = 8234; + }; +} diff --git a/services/qenya/default.nix b/services/qenya/default.nix new file mode 100644 index 0000000..bd1c6ea --- /dev/null +++ b/services/qenya/default.nix @@ -0,0 +1,11 @@ +{ + imports = [ + ./actual.nix + ./audiobookshelf.nix + ./forgejo.nix + ./headscale.nix + ./jellyfin.nix + ./navidrome.nix + ./owncast.nix + ]; +} diff --git a/services/qenya/forgejo.nix b/services/qenya/forgejo.nix new file mode 100644 index 0000000..f4611dd --- /dev/null +++ b/services/qenya/forgejo.nix @@ -0,0 +1,44 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.qenya.services.forgejo; +in +{ + options.qenya.services.forgejo = { + enable = mkEnableOption "Forgejo"; + domain = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable { + fountain.services.reverse-proxy.enable = true; + fountain.services.reverse-proxy.domains.${cfg.domain} = "http://[::1]:3000/"; + + # TODO: email out + # TODO: interface customisation + + services.forgejo = { + enable = true; + settings = { + DEFAULT.APP_NAME = cfg.domain; + cache = { + ADAPTER = "twoqueue"; + HOST = ''{"size": 100, "recent_ratio": 0.25, "ghost_ratio": 0.5}''; + }; + database = { + DB_TYPE = "sqlite3"; + SQLITE_JOURNAL_MODE = "WAL"; + }; + security.LOGIN_REMEMBER_DAYS = 365; + server = { + DOMAIN = cfg.domain; + HTTP_PORT = 3000; + ROOT_URL = "https://${cfg.domain}/"; + }; + service.DISABLE_REGISTRATION = true; + }; + }; + }; +} diff --git a/services/qenya/headscale.nix b/services/qenya/headscale.nix new file mode 100644 index 0000000..c4609f9 --- /dev/null +++ b/services/qenya/headscale.nix @@ -0,0 +1,41 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkOption mkEnableOption types; + cfg = config.qenya.services.headscale; +in +{ + options.qenya.services.headscale = { + enable = mkEnableOption "Headscale"; + domain = mkOption { + type = types.str; + }; + dataDir = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable { + fountain.services.reverse-proxy.enable = true; + fountain.services.reverse-proxy.domains.${cfg.domain} = "http://127.0.0.1:32770/"; + + services.headscale = { + enable = true; + address = "0.0.0.0"; # required to disable built-in ACME client for some reason + port = 32770; + settings = { + server_url = "https://${cfg.domain}:443"; + prefixes.allocation = "random"; + dns = { + magic_dns = true; + base_domain = "birdsong.network"; + override_local_dns = false; + }; + + # disable built-in ACME client + tls_cert_path = null; + tls_key_path = null; + }; + }; + }; +} diff --git a/services/qenya/jellyfin.nix b/services/qenya/jellyfin.nix new file mode 100644 index 0000000..4c2e536 --- /dev/null +++ b/services/qenya/jellyfin.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.qenya.services.jellyfin; +in +{ + options.qenya.services.jellyfin = { + enable = mkEnableOption "Jellyfin"; + domain = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable { + fountain.services.reverse-proxy.enable = true; + fountain.services.reverse-proxy.domains.${cfg.domain} = "http://127.0.0.1:8096/"; + services.jellyfin.enable = true; + }; +} diff --git a/services/qenya/navidrome.nix b/services/qenya/navidrome.nix new file mode 100644 index 0000000..99f7dad --- /dev/null +++ b/services/qenya/navidrome.nix @@ -0,0 +1,28 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkOption mkEnableOption types; + cfg = config.qenya.services.navidrome; +in +{ + options.qenya.services.navidrome = { + enable = mkEnableOption "Navidrome"; + domain = mkOption { + type = types.str; + }; + dataDir = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable { + fountain.services.reverse-proxy.enable = true; + fountain.services.reverse-proxy.domains.${cfg.domain} = "http://127.0.0.1:4533/"; + + services.navidrome.enable = true; + services.navidrome.settings = { + MusicFolder = cfg.dataDir; + BaseUrl = "https://${cfg.domain}"; + }; + }; +} diff --git a/services/qenya/owncast.nix b/services/qenya/owncast.nix new file mode 100644 index 0000000..d4dd700 --- /dev/null +++ b/services/qenya/owncast.nix @@ -0,0 +1,28 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkOption mkEnableOption types; + cfg = config.qenya.services.owncast; +in +{ + options.qenya.services.owncast = { + enable = mkEnableOption "Owncast"; + domain = mkOption { + type = types.str; + }; + dataDir = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable { + fountain.services.reverse-proxy.enable = true; + fountain.services.reverse-proxy.domains.${cfg.domain} = "http://127.0.0.1:32769/"; + + networking.firewall.allowedTCPPorts = [ 1935 ]; # for rtmp + + services.owncast.enable = true; + services.owncast.port = 32769; + services.owncast.dataDir = cfg.dataDir; + }; +} diff --git a/services/randomcat/default.nix b/services/randomcat/default.nix new file mode 100644 index 0000000..72758b9 --- /dev/null +++ b/services/randomcat/default.nix @@ -0,0 +1,7 @@ +{ inputs, ... }: + +{ + imports = [ + (builtins.toPath "${inputs.randomcat}/services/default.nix") + ]; +} diff --git a/services/remote-builder.nix b/services/remote-builder.nix new file mode 100644 index 0000000..265241a --- /dev/null +++ b/services/remote-builder.nix @@ -0,0 +1,44 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkOption mkEnableOption types; + cfg = config.qenya.services.remote-builder; +in +{ + options.qenya.services.remote-builder = { + enable = mkEnableOption "remote builder"; + authorizedKeys = { + keys = mkOption { + type = types.listOf types.singleLineStr; + default = [ ]; + description = '' + A list of verbatim OpenSSH public keys that should be authorized to + use this remote builder. See + `users.users..openssh.authorizedKeys.keys`. + ''; + }; + keyFiles = mkOption { + type = types.listOf types.path; + default = [ ]; + description = '' + A list of files each containing one OpenSSH public key that should be + authorized to use this remote builder. See + `users.users..openssh.authorizedKeys.keyFiles`. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + users.users.remotebuild = { + isSystemUser = true; + group = "nogroup"; + shell = "/bin/sh"; + openssh.authorizedKeys.keys = cfg.authorizedKeys.keys; + openssh.authorizedKeys.keyFiles = cfg.authorizedKeys.keyFiles; + }; + + nix.nrBuildUsers = 64; + nix.settings.trusted-users = [ "remotebuild" ]; + }; +} diff --git a/services/reverse-proxy.nix b/services/reverse-proxy.nix new file mode 100644 index 0000000..f11d017 --- /dev/null +++ b/services/reverse-proxy.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkOption mkEnableOption types; + cfg = config.fountain.services.reverse-proxy; +in +{ + options.fountain.services.reverse-proxy = { + enable = mkEnableOption "Module to use nginx as a reverse proxy"; + domains = mkOption { + type = types.attrsOf types.str; + description = "Mapping from external domain to internal address"; + }; + }; + + config = mkIf cfg.enable { + services.nginx = { + enable = true; + virtualHosts = builtins.mapAttrs + (name: value: { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = value; + proxyWebsockets = true; + }; + }) + cfg.domains; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + }; +} diff --git a/services/web-redirect.nix b/services/web-redirect.nix new file mode 100644 index 0000000..92b9c5a --- /dev/null +++ b/services/web-redirect.nix @@ -0,0 +1,30 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkOption mkEnableOption types; + cfg = config.fountain.services.web-redirect; +in +{ + options.fountain.services.web-redirect = { + enable = mkEnableOption "Module to do simple 301 redirects from one domain to another"; + domains = mkOption { + type = types.attrsOf types.str; + description = "Mapping from source domain to destination domain"; + }; + }; + + config = mkIf cfg.enable { + services.nginx = { + enable = true; + virtualHosts = builtins.mapAttrs + (name: value: { + forceSSL = true; + enableACME = true; + locations."/".return = "301 https://${value}$request_uri"; + }) + cfg.domains; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + }; +} diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..a2d1b10 --- /dev/null +++ b/shell.nix @@ -0,0 +1,9 @@ +let + shell = (import + (fetchTarball { + url = "https://github.com/edolstra/flake-compat/archive/refs/tags/v1.0.1.tar.gz"; + sha256 = "0m9grvfsbwmvgwaxvdzv6cmyvjnlww004gfxjvcl806ndqaxzy4j"; + }) + { src = ./.; }).shellNix; +in +shell.devShells.${builtins.currentSystem}