diff --git a/flake.lock b/flake.lock index 370907a..293aefd 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1770165109, - "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", + "lastModified": 1762618334, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", + "rev": "fcdea223397448d35d9b31f798479227e80183f6", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1770260404, - "narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=", + "lastModified": 1768949235, + "narHash": "sha256-TtjKgXyg1lMfh374w5uxutd6Vx2P/hU81aEhTxrO2cg=", "owner": "nix-community", "repo": "home-manager", - "rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b", + "rev": "75ed713570ca17427119e7e204ab3590cc3bf2a5", "type": "github" }, "original": { @@ -97,11 +97,11 @@ ] }, "locked": { - "lastModified": 1770641372, - "narHash": "sha256-Vwc5X8QZEeVoJSy0i3SrLN/t8v17mCAirhlTVouUjd4=", + "lastModified": 1770072491, + "narHash": "sha256-tTYck5pk+Aio5gju+AlaYi862dh8OLog9NxSwqvV3J0=", "owner": "KoenDR06", "repo": "nix-hyprland", - "rev": "bd4b87ef132fd55dcfb446211bc9c83fef344285", + "rev": "eaaba884058f7ebdf9a9c7db40fadb90c11a78a0", "type": "github" }, "original": { @@ -112,11 +112,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1770464364, - "narHash": "sha256-z5NJPSBwsLf/OfD8WTmh79tlSU8XgIbwmk6qB1/TFzY=", + "lastModified": 1769318308, + "narHash": "sha256-Mjx6p96Pkefks3+aA+72lu1xVehb6mv2yTUUqmSet6Q=", "owner": "nixos", "repo": "nixpkgs", - "rev": "23d72dabcb3b12469f57b37170fcbc1789bd7457", + "rev": "1cd347bf3355fce6c64ab37d3967b4a2cb4b878c", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1769956244, - "narHash": "sha256-12RCFLyAedyMOdenUi7cN3ioJPEGjA/ZG1BLjugfUVs=", + "lastModified": 1767662275, + "narHash": "sha256-d5Q1GmQ+sW1Bt8cgDE0vOihzLaswsm8cSdg8124EqXE=", "owner": "pjones", "repo": "plasma-manager", - "rev": "fe54ea85c6e4413fba03b84d50f2b431d2f7c831", + "rev": "51816be33a1ff0d4b22427de83222d5bfa96d30e", "type": "github" }, "original": { diff --git a/machines/artemis/modules.nix b/machines/artemis/modules.nix index 2513b45..40208c2 100644 --- a/machines/artemis/modules.nix +++ b/machines/artemis/modules.nix @@ -29,12 +29,6 @@ users.default.enable = true; - containers = { - forgejo.enable = true; - nginx.enable = true; - vaultwarden.enable = true; - }; - base = { nix.enable = true; locale.enable = true; diff --git a/machines/solis/modules.nix b/machines/solis/modules.nix index 0c9e32e..f5e7307 100644 --- a/machines/solis/modules.nix +++ b/machines/solis/modules.nix @@ -32,7 +32,7 @@ timers = { backup.enable = true; - rooms.enable = true; + rooms.enable = false; }; }; } diff --git a/machines/terra/modules.nix b/machines/terra/modules.nix index 145ba7e..c6db737 100644 --- a/machines/terra/modules.nix +++ b/machines/terra/modules.nix @@ -37,12 +37,6 @@ users.default.enable = true; - containers = { - nginx.enable = true; - forgejo.enable = true; - vaultwarden.enable = true; - }; - base = { nix.enable = true; locale.enable = true; diff --git a/modules/base/secrets.nix b/modules/base/secrets.nix index 429d96e..6699d79 100644 --- a/modules/base/secrets.nix +++ b/modules/base/secrets.nix @@ -6,7 +6,7 @@ }: let inherit (lib) mkEnableOption mkIf; cfg = config.horseman.base.secrets; - secretFile = path: ../../secrets/${path}.age; + secretFile = path: ../../secrets/${path}; username = config.horseman.username; in { options = { @@ -19,45 +19,38 @@ in { environment.systemPackages = [pkgs.ragenix]; age.secrets = { - wifi.file = secretFile "wifi"; + wifi.file = secretFile "wifi.age"; personalSSHpub = { - file = secretFile "ssh/id_personal.pub"; + file = secretFile "ssh/id_personal.pub.age"; owner = username; group = "users"; - path = "/home/${username}/.ssh/id_ed25519.pub"; + path = "/home/horseman/.ssh/id_ed25519.pub"; }; personalSSH = { - file = secretFile "ssh/id_personal"; + file = secretFile "ssh/id_personal.age"; owner = username; group = "users"; - path = "/home/${username}/.ssh/id_ed25519"; + path = "/home/horseman/.ssh/id_ed25519"; }; githubSSHpub = { - file = secretFile "ssh/id_github.pub"; + file = secretFile "ssh/id_github.pub.age"; owner = username; group = "users"; - path = "/home/${username}/.ssh/id_github.pub"; + path = "/home/horseman/.ssh/id_github.pub"; }; githubSSH = { - file = secretFile "ssh/id_github"; + file = secretFile "ssh/id_github.age"; owner = username; group = "users"; - path = "/home/${username}/.ssh/id_github"; + path = "/home/horseman/.ssh/id_github"; }; sshConfig = { - file = secretFile "ssh/config"; + file = secretFile "ssh/config.age"; owner = username; group = "users"; - path = "/home/${username}/.ssh/config"; - }; - - forgejo-secret = { - file = secretFile "containers/forgejo-secret"; - path = "/run/forgejo-secrets/secret"; - symlink = false; - mode = "444"; + path = "/home/horseman/.ssh/config"; }; }; }; diff --git a/modules/containers/default.nix b/modules/containers/default.nix deleted file mode 100644 index 841dcdb..0000000 --- a/modules/containers/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{lib, ...}: let - inherit (lib) mkOption types; -in { - imports = [ - ./nginx.nix - ./forgejo.nix - ./vaultwarden.nix - ]; - - options = { - backupDir = mkOption { - type = types.str; - }; - }; - - config = { - networking.nat = { - enable = true; - # Use "ve-*" when using nftables instead of iptables - internalInterfaces = ["ve-+"]; - externalInterface = "eno1"; - # Lazy IPv6 connectivity for the container - enableIPv6 = true; - }; - }; -} diff --git a/modules/containers/forgejo.nix b/modules/containers/forgejo.nix deleted file mode 100644 index f8e7a8e..0000000 --- a/modules/containers/forgejo.nix +++ /dev/null @@ -1,173 +0,0 @@ -{ - inputs, - outputs, - lib, - config, - pkgs, - ... -}: let - inherit (lib) types mkOption mkEnableOption mkIf; - cfg = config.horseman.containers.forgejo; - username = config.horseman.username; - - BACKUP_DIR = config.horseman.containers.backupDir; - DATA_DIR = "/home/${username}/backups/volumes/forgejo"; -in { - options = { - horseman.containers.forgejo = { - enable = mkEnableOption "forgejo containers"; - - port = mkOption { - default = 3000; - type = types.int; - }; - - sshPort = mkOption { - default = 34916; - type = types.int; - }; - - url = mkOption { - default = "https://git.koendev.nl"; - type = types.str; - }; - }; - }; - - config = mkIf cfg.enable { - systemd.timers."backup-forgejo" = { - wantedBy = ["timers.target"]; - timerConfig = { - OnCalendar = "daily"; - Persistent = true; - }; - }; - - environment.systemPackages = [pkgs.gnutar]; - systemd.services."backup-forgejo" = { - script = '' - cd ${BACKUP_DIR} - ${pkgs.gnutar}/bin/tar -cf forgejo-$(date +'%Y-%m-%d').tar ${DATA_DIR} - ''; - serviceConfig = { - User = "root"; - }; - }; - - containers.forgejoRunner = { - autoStart = true; - privateNetwork = true; - hostAddress = "172.16.0.2"; - localAddress = "192.168.100.2"; - - bindMounts = { - "/var/lib/secrets" = { - hostPath = "/run/forgejo-secrets"; - isReadOnly = true; - }; - }; - - config = { - config, - pkgs, - ... - }: let - configFile = pkgs.writeText "runner.yml" '' - runner: - labels: - - "self-hosted:host" - ''; - in { - environment.systemPackages = with pkgs; [ - forgejo-runner - ]; - - users.groups.runner = {}; - users.users.runner = { - isNormalUser = true; - group = "runner"; - }; - - systemd.services.startup = { - script = '' - cd ${config.users.users.runner.home} - ${pkgs.forgejo-runner}/bin/forgejo-runner create-runner-file --instance http://192.168.100.3:3000 --secret $(cat /var/lib/secrets/secret) --name runner - sleep 10 - ${pkgs.forgejo-runner}/bin/forgejo-runner daemon --config ${configFile} - ''; - serviceConfig.User = "runner"; - wantedBy = ["multi-user.target"]; - }; - - system.stateVersion = "23.11"; - }; - }; - - containers.forgejo = { - autoStart = true; - privateNetwork = true; - hostAddress = "172.16.0.3"; - localAddress = "192.168.100.3"; - - bindMounts = { - "/var/lib/forgejo" = { - hostPath = DATA_DIR; - isReadOnly = false; - }; - - "/var/lib/secrets" = { - hostPath = "/run/forgejo-secrets"; - isReadOnly = true; - }; - }; - - config = { - config, - pkgs, - ... - }: { - environment.systemPackages = [pkgs.forgejo]; - services.forgejo = { - enable = true; - - stateDir = "/var/lib/forgejo"; - - settings = { - server = { - HTTP_PORT = cfg.port; - SSH_PORT = cfg.sshPort; - ROOT_URL = cfg.url; - }; - session = { - COOKIE_SECURE = false; # TODO Set to true - }; - service = { - DISABLE_REGISTRATION = true; - }; - }; - }; - - systemd.services.startup = { - script = '' - cd ${config.users.users.forgejo.home} - ${pkgs.forgejo}/bin/forgejo forgejo-cli actions register --name runner --secret $(cat /var/lib/secrets/secret) --config ${config.services.forgejo.stateDir}/custom/conf/app.ini - ''; - serviceConfig.User = "forgejo"; - wantedBy = ["multi-user.target"]; - }; - - networking = { - firewall = { - enable = true; - allowedTCPPorts = [cfg.port cfg.sshPort]; - }; - # Use systemd-resolved inside the container - # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 - useHostResolvConf = lib.mkForce false; - }; - - system.stateVersion = "23.11"; - }; - }; - }; -} diff --git a/modules/containers/nginx.nix b/modules/containers/nginx.nix deleted file mode 100644 index 348447d..0000000 --- a/modules/containers/nginx.nix +++ /dev/null @@ -1,107 +0,0 @@ -{ - inputs, - outputs, - lib, - config, - pkgs, - ... -}: let - inherit (lib) mkEnableOption mkIf mkOption types; - cfg = config.horseman.containers.nginx; - osConfig = config; -in { - options = { - horseman.containers.nginx = { - enable = mkEnableOption "nginx container"; - - domain = mkOption { - type = types.str; - default = "koendev.nl"; - }; - }; - }; - - config = mkIf cfg.enable { - security.acme = { - acceptTerms = true; - defaults.email = "koen.de.ruiter@hotmail.com"; - }; - - containers.nginx = { - autoStart = true; - privateNetwork = true; - hostAddress = "172.16.0.1"; - localAddress = "192.168.100.1"; - - bindMounts = { - "/var/www/portfolio" = { - hostPath = "/var/www/portfolio"; - isReadOnly = true; - }; - "/var/www/public" = { - hostPath = "/var/www/public"; - isReadOnly = true; - }; - }; - - config = { - config, - pkgs, - lib, - ... - }: { - services.nginx = { - enable = true; - - virtualHosts = { - "${cfg.domain}" = { - forceSSL = true; - enableACME = true; - - root = "/var/www/portfolio"; - default = true; - extraConfig = '' - error_page 404 /404.html; - ''; - }; - - "public.${cfg.domain}" = { - forceSSL = true; - enableACME = true; - - root = "/var/www/public"; - }; - - "git.${cfg.domain}" = { - forceSSL = true; - enableACME = true; - - locations."/" = { - proxyPass = "http://${osConfig.containers.forgejo.localAddress}:${toString osConfig.horseman.containers.forgejo.port}"; - }; - }; - - "vault.${cfg.domain}" = { - forceSSL = true; - enableACME = true; - - locations."/" = { - proxyPass = "http://${osConfig.containers.vaultwarden.localAddress}:${toString osConfig.horseman.containers.vaultwarden.port}"; - }; - }; - }; - }; - - networking = { - firewall = { - enable = true; - allowedTCPPorts = [80 443]; - }; - useHostResolvConf = lib.mkForce false; - }; - services.resolved.enable = true; - system.stateVersion = "23.11"; - }; - }; - }; -} diff --git a/modules/containers/vaultwarden.nix b/modules/containers/vaultwarden.nix deleted file mode 100644 index 6d748dc..0000000 --- a/modules/containers/vaultwarden.nix +++ /dev/null @@ -1,95 +0,0 @@ -{ - inputs, - outputs, - lib, - config, - pkgs, - ... -}: let - inherit (lib) types mkOption mkEnableOption mkIf; - cfg = config.horseman.containers.vaultwarden; - username = config.horseman.username; - - BACKUP_DIR = config.horseman.containers.backupDir; - DATA_DIR = "/home/${username}/backups/volumes/vaultwarden"; -in { - options = { - horseman.containers.vaultwarden = { - enable = mkEnableOption "Password manager"; - - port = mkOption { - default = 3000; - type = types.int; - }; - - url = mkOption { - default = "https://vault.koendev.nl"; - type = types.str; - }; - }; - }; - - config = mkIf cfg.enable { - systemd.timers."backup-vaultwarden" = { - wantedBy = ["timers.target"]; - timerConfig = { - OnCalendar = "daily"; - Persistent = true; - }; - }; - - environment.systemPackages = [pkgs.gnutar]; - systemd.services."backup-vaultwarden" = { - script = '' - cd ${BACKUP_DIR} - ${pkgs.gnutar}/bin/tar -cf vaultwarden-$(date +'%Y-%m-%d').tar ${DATA_DIR} - ''; - serviceConfig = { - User = "root"; - }; - }; - - containers.vaultwarden = { - autoStart = true; - privateNetwork = true; - hostAddress = "172.16.0.4"; - localAddress = "192.168.100.4"; - - bindMounts = { - "/var/lib/vaultwarden" = { - hostPath = DATA_DIR; - isReadOnly = false; - }; # TODO set correct - }; - - config = { - config, - pkgs, - ... - }: { - environment.systemPackages = with pkgs; [ - vaultwarden.webvault - ]; - - services.vaultwarden = { - enable = true; - config = { - ROCKET_PORT = cfg.port; - ROCKET_ADDRESS = "0.0.0.0"; - WEB_VAULT_FOLDER = "${pkgs.vaultwarden.webvault}/share/vaultwarden/vault"; - }; - }; - - networking = { - firewall = { - enable = true; - allowedTCPPorts = [cfg.port]; - }; - useHostResolvConf = lib.mkForce false; - }; - - system.stateVersion = "23.11"; - }; - }; - }; -} diff --git a/modules/default.nix b/modules/default.nix index 2c57013..7b85bd5 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -12,7 +12,6 @@ in { ./base ./boot ./catppuccin - ./containers ./hardware ./network ./timers diff --git a/modules/wm/hyprland/animations.nix b/modules/wm/hyprland/animations.nix index cbf7ccc..d175c97 100644 --- a/modules/wm/hyprland/animations.nix +++ b/modules/wm/hyprland/animations.nix @@ -46,13 +46,13 @@ in { }; workspaces = { - speed = 3; + speed = 4; curve = easeInOut; style = "slidefade 5%"; }; specialWorkspace = { - speed = 3; + speed = 2; curve = easeInOut; style = "slidefadevert 10%"; }; @@ -64,7 +64,7 @@ in { windows = { speed = 3; - curve = easeOut; + curve = easeInOut; style = "gnomed"; }; @@ -78,6 +78,7 @@ in { speed = 1.5; curve = linear; }; + fadeOut = { speed = 10; curve = linear; diff --git a/modules/wm/hyprland/keybindings.nix b/modules/wm/hyprland/keybindings.nix index 7ad6416..a9c4bfe 100644 --- a/modules/wm/hyprland/keybindings.nix +++ b/modules/wm/hyprland/keybindings.nix @@ -441,6 +441,13 @@ in { params = ""; } + { + flags = []; + mods = []; + key = "XF86AudioMute"; + dispatcher = "exec"; + params = "wpctl set-volume -l 1.0 @DEFAULT_AUDIO_SINK@ 0%"; + } { flags = ["e" "l"]; mods = []; @@ -474,7 +481,7 @@ in { mods = []; key = "XF86AudioMute"; dispatcher = "exec"; - params = "wpctl set-volume -l 1.0 @DEFAULT_AUDIO_SINK@ 0%"; + params = "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"; } { flags = ["e" "l"]; diff --git a/secrets.nix b/secrets.nix index edb111b..52a7f5c 100644 --- a/secrets.nix +++ b/secrets.nix @@ -17,7 +17,6 @@ let "ssh/id_github" "ssh/id_github.pub" "ssh/config" - "containers/forgejo-secret" ]; attrs = map (secret: {"secrets/${secret}.age".publicKeys = all;}) secrets; in diff --git a/secrets/containers/forgejo-secret.age b/secrets/containers/forgejo-secret.age deleted file mode 100644 index 81b3f0a..0000000 --- a/secrets/containers/forgejo-secret.age +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IC9tczZkdyAvWjRI -VkpQNWpZNHdiZm9jVlZvcTYxS04wUk1hTWtmdWRXL2dydGwxc3pVCklSOWZYNThu -aVBSeDBwRldwTjVzT0VOaG9kNnV5SWJnT2M1YXVRSjUwUFkKLT4gc3NoLWVkMjU1 -MTkgZ1BJZFpBIExmTUxudEFaR21CQzg5ejlUaXRoQW5ORmVqcUlRd1o2L0pZbTd5 -UVBIeWcKZWVSV3k4bHZqV3pDaDMxYzBnZW9FL085TG14bkl0UlZoQ25CbW9iVENv -RQotPiBzc2gtZWQyNTUxOSBXeUlGekEgY2Zkd0VaZmxRaVV4cXBlRnNHeDMyUFFV -YVVzZlF2SXFjak5LREZINFRTMAp6dmFKOTd5eUMrczZ0WUU2T3hER3lkSHlTTGZj -U1k4ZVV1THJMK0RSd21zCi0+IHNzaC1lZDI1NTE5IGRiT2VoQSB0WkJpSkZHZ1BM -QitLdG9SdDdjckxVa0dxQ2dmQlNGekVITlllN2R3OWxZCmt2Zk5VSjNTdnB4Z2ln -TnExNytuZ2FtVE83NWZWcm1Fd25MS1NEL3JsbzgKLT4gc3NoLWVkMjU1MTkgdHYv -Q3pnIFVDMU9Kbld0aHFia3FmTEs2aGF2THdaSk1Ec2h2WWlMVjZvUkNHTFpCR1EK -NkR6R2JaZkZtbitBMmk1UjRFS3FFZ293bFhDUWxmR2M0ZHFoSVRGV2E1ZwotPiAn -eCFtQ3htLWdyZWFzZQp4VFZWeTlDNWlsNDI5WWlPTzNGbQotLS0gRmZIdXk3UUVw -ZEJjOGdnVVdlWWN5Y0VxaUJORG0ycTBQdVFGVGw1RVpZdwqD8VD14PUaG2u0/h9o -6VeX+m3nJkJgsXUkGPskTHHEc+1NaZ9MQM5dXzrmjfVHBT7N27bDcYlGG2RIfehC -Xz5jRZwSTG58wzt9 ------END AGE ENCRYPTED FILE-----