this is where we're at now

2022-12-30 13:49:11 +11:00 · 2022-12-30 13:49:11 +11:00 · 06b48475d8
commit 06b48475d8
parent 37a11e11ff
7 changed files with 272 additions and 41 deletions
--- a/flake.nix
+++ b/flake.nix
@ -0,0 +1,41 @@
+{
+  description = "the fabled ryzen build";
+  inputs = {
+    nixpkgs.url = "nixpkgs/nixos-unstable";
+    home-manager = {
+      url = "github:nix-community/home-manager";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+  };
+
+  outputs = { nixpkgs, home-manager, ... }@inputs:
+    let
+      inherit (nixpkgs) lib;
+      util = import ./lib {
+        inherit system pkgs home-manager lib; overlays = (pkgs.overlays);
+      };
+      inherit (util) user;
+      inherit (util) host;
+      pkgs = import nixpkgs {
+        inherit system;
+        config.allowUnfree = true;
+        overlays = [ ];
+      };
+
+      system = "x86_64-linux";
+    in
+    {
+      homeManagerConfigurations = {
+        bolt = user.mkHMUser {
+        
+        };
+      };
+      
+      nixosConfigurations = {
+        quiver = host.mkHost {
+          
+        };
+      };
+
+    };
+}
--- a/1
+++ b/1
@ -0,0 +1 @@
+Subproject commit 342a9df73f90eb784d70bb7b096cff0e9699d14f
--- a/home/home.nix
+++ b/home/home.nix
@ -19,8 +19,6 @@

  home.packages = with pkgs; [
  
-    rustup
-    
    kitty
    thunderbird

@ -29,18 +27,23 @@

    btop
    bat
-    broot
+    joshuto
    ripgrep
    fd
    lazygit
+    fzf

    latte-dock

    kdeconnect
    keepassxc
+
+    direnv
    
    mpv

+    vscodium
+
    syncthing

    zoxide
@ -58,15 +61,21 @@
    
    (callPackage ./homepkgs/git-credential-keepassxc.nix { })
    (callPackage ./homepkgs/culr.nix { })
-    # (libsForQt5.callPackage ./homepkgs/bismuth.nix { })

  ];

+  programs.direnv = {
+    enable = true;
+    nix-direnv = {
+      enable = true;
+    };
+  };
+  
  gtk = {
    enable = true;
    theme = {
-      #package = pkgs.arc-theme;
-      name = "Simplewaita";
+      package = (pkgs.callPackage ./homepkgs/simplewaita-gtk.nix {});
+      name = "simplewaita";
    };
  };

@ -79,7 +88,7 @@
      };
      enable = true;
      extensions = with pkgs.nur.repos.rycee.firefox-addons; [
-        vimium
+        vimium-c
        darkreader
        localcdn
        ublock-origin
@ -89,7 +98,6 @@
        keepassxc-browser
        user-agent-string-switcher
        # happy-bonobo-disable-webrtc
-        # arc-dark-theme-we
      ];
      profiles.default = {
        id = 0;
@ -100,11 +108,6 @@
      };
    };

-  programs.broot = {
-    enable = true;
-    modal = true;
-  };
-
  services.syncthing = {
    enable = true;
  };
@ -159,6 +162,26 @@
    enableZshIntegration = true;
  };

+  programs.fzf = {
+    enable = true;
+    enableZshIntegration = true;
+    colors = {
+      fg = "#d3dae3";
+      "fg+" = "#d3dae3";
+      bg = "#060604";
+      "bg+" = "#060604";
+      preview-fg = "#fdbc4b";
+      preview-bg = "#1e2233";
+      hl = "#da4453";
+      "hl+" = "#ed244e";
+      info = "#fdbc4b";
+      border = "#656a73";
+      prompt = "#c50ed2";
+      pointer = "#27ae60";
+      header = "#da4453";
+    };
+  };
+
  programs.zsh = {
    enable = true;
    enableAutosuggestions = true;
@ -185,6 +208,10 @@ ps_culr()
     ps ww$@ | culr
 }

+alias ...=\"cd ../..\"
+alias ....=\"cd ../../..\"
+alias .....=\"cd ../../../..\"
+
 alias fresh=\"clear; echo; ~/.nix/header.sh\"
 alias icat=\"kitty +kitten icat\"
 alias chmox=\"chmod +x\"
@ -197,6 +224,8 @@ alias gl=\"git pull\"
 alias gp=\"git push\"
 alias gd=\"git diff\"
 alias gcam=\"git commit -am\"
+alias gcm=\"git commit -m\"
+alias gr=\"git restore\"
 alias gm=\"git merge\"
 alias l=\"ls_culr\"
 alias la=\"la_culr\"
@ -216,16 +245,26 @@ fresh
        src = pkgs.zsh-vi-mode;
        file = "share/zsh-vi-mode/zsh-vi-mode.zsh";
      }
+      {
+        name = "zsh-autopair";
+        src = pkgs.zsh-autopair;
+        file = "share/zsh-autopair/zsh-autopair.zsh";
+      }
      {
        name = "zsh-completions";
        src = pkgs.zsh-completions;
        file = "share/zsh-completions/zsh-completions.zsh";
      }
      {
-        name = "zsh-autopair";
-        src = pkgs.zsh-autopair;
-        file = "share/zsh-autopair/zsh-autopair.zsh";
+        name = "zsh-command-time";
+        src = pkgs.zsh-command-time;
+        file = "share/zsh-completions/zsh-command-time.zsh";
      }
+      # {
+      #   name = "zsh-you-should-use";
+      #   src = pkgs.zsh-you-should-use;
+      # #   file = "share/zsh-completions/zsh-you-should-use.zsh";
+      # }
      {
        name = "zsh-autocomplete";
        src = pkgs.zsh-autocomplete;
@ -236,21 +275,26 @@ fresh
        src = pkgs.zsh-fast-syntax-highlighting;
        file = "share/zsh-fast-syntax-highlighting/zsh-fast-syntax-highlighting.zsh";
      }
-      {
-        name = "zsh-history-search-multi-word";
-        src = pkgs.zsh-history-search-multi-word;
-        file = "share/zsh-history-search-multi-word/zsh-history-search-multi-word.zsh";
-      }
      {
        name = "zsh-nix-shell";
        src = pkgs.zsh-nix-shell;
        file = "share/zsh-nix-shell/zsh-nix-shell.zsh";
      }
+      {
+        name = "any-nix-shell";
+        src = pkgs.any-nix-shell;
+        file = "share/any-nix-shell/any-nix-shell.zsh";
+      }
      {
        name = "nix-zsh-completions";
        src = pkgs.nix-zsh-completions;
        file = "share/nix-zsh-completions/nix-zsh-completions.zsh";
      }
+      # {
+      #   name = "zsh-fzf-tab";
+      #   src = pkgs.zsh-fzf-tab;
+      # #   file = "share/zsh-fzf-tab/zsh-fzf-tab.zsh";
+      # }
    ];
  };

@ -296,8 +340,12 @@ fresh
  programs.helix.settings = {
    theme = "bogster";
  };
+  
+  home.sessionVariables = {
+    GTK_THEME = "simplewaita";
+  };

-  home.stateVersion ="22.11";
+  home.stateVersion = "22.11";

  programs.home-manager.enable = true;
 }
--- a/home/homepkgs/simplewaita-gtk.nix
+++ b/home/homepkgs/simplewaita-gtk.nix
@ -0,0 +1,30 @@
+{ stdenvNoCC, lib, fetchFromGitea, }:
+
+stdenvNoCC.mkDerivation rec {
+  pname = "Simplewaita";
+  version = "0.1.0";
+
+  src = fetchFromGitea {
+    domain = "git.disroot.org";
+    owner = "eudaimon";
+    repo = pname;
+    rev = "16c5f75fd3e03671c3998dcb9a67e3ff6da5a538";
+    hash = "sha256-VvPQGsdikfIi3VG5Mh8FcioTVwXaxKxaSf2X+yWJckA=";
+  };
+
+  dontPatch = true;
+  dontConfigure = true;
+  installPhase = ''
+    mkdir $out
+    cp -r ./ $out
+  '';
+  dontBuild = true;
+  dontFixup = true;
+
+  meta = with lib; {
+    description = "A mix of Skewaita and Simple. Or, more precisely: Skewaita Simple-ified.";
+    homepage = "https://git.disroot.org/eudaimon/Simplewaita";
+    license = licenses.gpl1Only;
+    platforms = platforms.linux;
+  };  
+}
--- a/system/configuration.nix
+++ b/system/configuration.nix
@ -9,7 +9,6 @@
    #./wollomi.nix
    # ./adrift.nix
    ./quiver.nix
-    ./docker.nix

    # home manager should exist for users
    <home-manager/nixos>
@ -26,7 +25,9 @@
  
  nix.extraOptions = ''
    experimental-features = nix-command flakes
-    '';
+    keep-outputs = true
+    keep-derivations = true
+  '';
  environment.pathsToLink = [ "/share/zsh" ];
  boot.loader.systemd-boot.enable = true;
  boot.loader.systemd-boot.configurationLimit = 2;
@ -34,6 +35,9 @@
  boot.loader.timeout = 3;
  
  boot.kernelPackages = pkgs.linuxPackages_xanmod_latest;
+  
+  boot.tmpOnTmpfs = true;
+

  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.

@ -62,10 +66,28 @@
  services.xserver.libinput.enable = true;
  # kde time
  services.xserver.desktopManager.plasma5.enable = true;
-  services.xserver.displayManager.sddm.enable = true;
+  services.xserver.displayManager.sddm = {
+    enable = true;
+    theme = "${(pkgs.fetchFromGitHub {
+      owner = "EricKotato";
+      repo = "sddm-slice";
+      rev = "763b8f4e01c00c1f8590fc7a103e14f6e8449443";
+      sha256 = "sha256-UW53ZdKb3RSrrcZ9GxZsJyjzS/uKR8lkaLLyi+2o27U=";
+    })}";
+    autoNumlock = true;
+    settings = {
+      General = {
+        InputMethod = "";
+      };
+    };
+  };
  services.xserver.desktopManager.plasma5.runUsingSystemd = true;
-  # programs.xwayland.enable = true;
  programs.dconf.enable = true;
+
+  services.resolved = {
+    enable = true;
+    fallbackDns = [ "103.1.206.179" "168.138.8.38" "168.138.12.137" ];
+  };
  

  # Enable sound.
@ -79,21 +101,25 @@
  };

  # gtk compatibility
-  # qt5.enable = true;
-  # qt5.platformTheme = "gtk2";
-  # qt5.style = "gtk2";
+  qt5.enable = true;
+  qt5.platformTheme = "kde";
+  #qt5.style = "gtk2";

  programs.zsh.enable = true;
  users.defaultUserShell = pkgs.zsh;
  
  services.tailscale.enable = true;

+  services.mullvad-vpn.enable = true;
+
  environment.systemPackages = with pkgs; [
  
    rnix-lsp

    tailscale
-    
+    mullvad
+    mullvad-vpn
+
    cachix

    helix
@ -106,17 +132,56 @@

    zsh
    
-    libsForQt5.sddm-kcm
-    
-    
  ];
  
-  
-  networking.firewall = {
-      # allowedUDPPorts = [ 41641 ];
-      trustedInterfaces = [ "tailscale0" ];
-      checkReversePath = "loose";
+  networking.nftables = {
+    enable = true;
+    ruleset = ''
+
+      table inet mullvad-ts {
+        chain exclude-outgoing {
+          type route hook output priority 0; policy accept;
+          ip daddr 100.64.0.0/10 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
+          ip daddr 100.100.100.100 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
+        }
+
+        chain allow-incoming {
+          type filter hook input priority -10; policy accept;
+          iif "tailscale0" ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
+        }
+
+        chain exclude-dns {
+          type filter hook output priority -10; policy accept;
+          ip daddr 100.100.100.100 udp dport 53 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
+          ip daddr 100.100.100.100 tcp dport 53 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
+        }
+      }
+
+      table inet filter {
+      	chain input {
+      		type filter hook input priority 0; policy drop;
+      		ct state invalid counter drop comment "early drop of invalid packets"
+      		ct state {established, related} counter accept comment "accept all connections related to connections made by us"
+          iifname "tailscale0" accept comment "allow all tailscale packets"
+      		iif lo accept comment "accept loopback"
+      		ip protocol icmp counter accept comment "accept all ICMP types"
+      		ip6 nexthdr icmpv6 counter accept comment "accept all ICMP types"
+      		tcp dport 22 counter accept comment "accept SSH"
+      		counter comment "count dropped packets"
+      	}
+
+      	chain forward {
+      		type filter hook forward priority 0; policy drop;
+      	}
+
+      }
+    '';
  };
+  networking.firewall.enable = false;
+  # networking.firewall = {
+  #   trustedInterfaces = [ "tailscale0" ];
+  #   checkReversePath = "loose";
+  # };
  

  system.stateVersion = "22.05"; # Did you read the comment?
--- a/system/quiver.nix
+++ b/system/quiver.nix
@ -16,6 +16,8 @@
  
  boot.supportedFilesystems = [ "ntfs" ];

+  security.tpm2.enable = true;
+
  networking.useDHCP = lib.mkDefault true;

  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
@ -29,11 +31,28 @@
  };

  services.xserver.videoDrivers = [ "nvidia" ];
-  hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.stable;
+  hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.beta;
+  hardware.nvidia.modesetting.enable = true;
+  hardware.nvidia.powerManagement.enable = true;
+  programs.xwayland.enable = true;
+  
+  systemd.services.noRgb = {
+    wantedBy = [ "multi-user.target" ];
+    description = "rgb led turn-off-er";
+    serviceConfig = {
+      Type = "oneshot";
+      ExecStart = ''${pkgs.openrgb}/bin/openrgb -c 000000'';
+    };
+  };
+  
  hardware.ckb-next.enable = true;  
  environment.systemPackages = with pkgs; [
+    xdg-desktop-portal-kde
    ckb-next
    openrgb
+    wl-clipboard
+    wl-clipboard-x11
+    xclip
  ];

  networking.hostName = "quiver"; # Define your hostname.
@ -63,11 +82,15 @@
    options = [ "rw" "uid=1001" "gid=100" ];
  };
  
-  swapDevices = [ ];
+  swapDevices = [ {
+    device = "/home/swapfile";
+    size = 4096;
+    }
+  ];

  networking.firewall = {
    allowedUDPPorts = [ 1900 ];
-    allowedTCPPorts = [ 8200 ];
+    allowedTCPPorts = [ 8200 2234 ];
  };

 }
--- a/system/syspkgs/headscale-ui.nix
+++ b/system/syspkgs/headscale-ui.nix
@ -0,0 +1,23 @@
+{ lib, stdenv, fetchurl, unzip }:
+
+stdenv.mkDerivation rec {
+  pname = "headscale-ui";
+  version = "2022.12.23.2-beta";
+
+  src = fetchurl {
+    url = "https://github.com/gurucomputing/headscale-ui/releases/download/${version}/headscale-ui.zip";
+    sha256 = "sha256-QF10la68Rl2t0K53CH63Qiq54ynkySQACdELorZF/cY=";
+  };
+
+  nativeBuildInputs = [ unzip ];
+
+  unpackCmd = "unzip headscale-ui.zip";
+
+  dontConfigure = true;
+  dontBuild = true;
+  installPhase = ''
+    mkdir $out/
+    cp -R . $out
+  '';
+
+}
				`@ -0,0 +1 @@`
				`Subproject commit 342a9df73f90eb784d70bb7b096cff0e9699d14f`