Merge branch 'revan'

.sops.yaml

@@ -21,6 +21,7 @@ keys:
   - &host_sidious age1wv5n63qt2jvlrap064j84sjvhpge0utaz36n7pm28aypx7qtagxs22qhqz
   - &host_tanis age1kscrpd0rx7ud06y635rsdc6h2ehyuwakhs65w442wa70qc0ct5ps0t0h5j
   - &host_vader age1xs0vlxts7dfa770kea0nyagq0j95nennmx79qml4ddfg6np2qefs9gah9e
+  - &host_revan age18qvgrnqftm43getj6m8qc09hg5cpwsyt6ac2zkl7w2r60d2gjajqz60n9w
 creation_rules:
   - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
     key_groups:
@@ -31,3 +32,4 @@ creation_rules:
       - *host_sidious
       - *host_tanis
       - *host_vader
+      - *host_revan

README.md

@@ -261,7 +261,6 @@ Things I should do or improve:
 
 ### Shell
 
-- [ ] `zellij`, `tmate` or `tmux`
 - [ ] `git-graph` and/or `git-igitt` integration
 
 #### Servers

home-manager/_mixins/users/martin/default.nix

@@ -40,20 +40,26 @@ in
       disk_img="nixos-gnome/disk.qcow2"
       disk_size="96G"
       iso="nixos-gnome/nixos.iso"
+      width="1920"
+      height="1080"
     '';
     file."Quickemu/nixos-mate.conf".text = ''
       #!/run/current-system/sw/bin/quickemu --vm
       guest_os="linux"
       disk_img="nixos-mate/disk.qcow2"
       disk_size="96G"
       iso="nixos-mate/nixos.iso"
+      width="1920"
+      height="1080"
     '';
     file."Quickemu/nixos-pantheon.conf".text = ''
       #!/run/current-system/sw/bin/quickemu --vm
       guest_os="linux"
       disk_img="nixos-pantheon/disk.qcow2"
       disk_size="96G"
       iso="nixos-pantheon/nixos.iso"
+      width="1920"
+      height="1080"
     '';
     file."/Development/.keep".text = "";
     file."/Games/.keep".text = "";
@@ -66,7 +72,9 @@ in
     file."/Syncthing/.keep".text = "";
     file."/Websites/.keep".text = "";
     file."/Zero/.keep".text = "";
-
+    file.".ssh/allowed_signers".text = ''
+      martin@wimpress.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAywaYwPN4LVbPqkc+kUc7ZVazPBDy4LCAud5iGJdr7g9CwLYoudNjXt/98Oam5lK7ai6QPItK6ECj5+33x/iFpWb3Urr9SqMc/tH5dU1b9N/9yWRhE2WnfcvuI0ms6AXma8QGp1pj/DoLryPVQgXvQlglHaDIL1qdRWFqXUO2u30X5tWtDdOoR02UyAtYBttou4K0rG7LF9rRaoLYP9iCBLxkMJbCIznPD/pIYa6Fl8V8/OVsxYiFy7l5U0RZ7gkzJv8iNz+GG8vw2NX4oIJfAR4oIk3INUvYrKvI2NSMSw5sry+z818fD1hK+soYLQ4VZ4hHRHcf4WV4EeVa5ARxdw== Martin Wimpress
+    '';
     sessionVariables = {
       BZR_EMAIL = "Martin Wimpress <code@wimpress.io>";
       DEBFULLNAME = "Martin Wimpress";
@@ -79,11 +87,22 @@ in
       set -x GH_TOKEN (cat ${config.sops.secrets.gh_token.path})
       set -x GITHUB_TOKEN (cat ${config.sops.secrets.gh_token.path})
     '';
+    fish.loginShellInit = ''
+      ${pkgs.figurine}/bin/figurine -f "DOS Rebel.flf" $hostname
+    '';
     git = {
+      extraConfig = {
+        gpg = {
+          format = "ssh";
+          ssh = {
+            allowedSignersFile = "${config.home.homeDirectory}/.ssh/allowed_signers";
+          };
+        };
+      };
       userEmail = "martin@wimpress.org";
       userName = "Martin Wimpress";
       signing = {
-        key = "15E06DA3";
+        key = "${config.home.homeDirectory}/.ssh/id_rsa";
         signByDefault = true;
       };
     };

home-manager/default.nix

@@ -479,6 +479,13 @@ in
       ];
       enable = true;
     };
+    tmux = {
+      clock24 = true;
+      enable = true;
+      mouse = true;
+      newSession = true;
+      terminal = "screen-256color";
+    };
     yazi = {
       enable = true;
       enableBashIntegration = true;

nixos/_mixins/configs/build-all.nix

@@ -4,12 +4,12 @@ pkgs.writeScriptBin "build-all" ''
 #!${pkgs.stdenv.shell}
 
 if [ -e $HOME/Zero/nix-config ]; then
-  all_cores=$(nproc)
+  all_cores=$(${pkgs.coreutils-full}/bin/nproc)
   build_cores=$(printf "%.0f" $(echo "$all_cores * 0.75" | ${pkgs.bc}/bin/bc))
   echo "Building NixOS with $build_cores cores"
-  nh os switch --ask ~/Zero/nix-config/ -- --cores $build_cores
+  ${pkgs.nh}/bin/nh os switch --ask ~/Zero/nix-config/ -- --cores $build_cores
   echo "Building Home Manager with $build_cores cores"
-  nh home switch --ask ~/Zero/nix-config/ -- --cores $build_cores
+  ${pkgs.nh}/bin/nh home switch --ask ~/Zero/nix-config/ -- --cores $build_cores
 else
   ${pkgs.coreutils-full}/bin/echo "ERROR! No nix-config found in $HOME/Zero/nix-config"
 fi

nixos/_mixins/configs/build-host.nix

@@ -4,10 +4,10 @@ pkgs.writeScriptBin "build-host" ''
 #!${pkgs.stdenv.shell}
 
 if [ -e $HOME/Zero/nix-config ]; then
-  all_cores=$(nproc)
-  build_cores=$(printf "%.0f" $(echo "$all_cores * 0.75" | bc))
+  all_cores=$(${pkgs.coreutils-full}/bin/nproc)
+  build_cores=$(printf "%.0f" $(echo "$all_cores * 0.75" | ${pkgs.bc}/bin/bc))
   echo "Building NixOS with $build_cores cores"
-  nh os switch --ask ~/Zero/nix-config/ -- --cores $build_cores
+  ${pkgs.nh}/bin/nh os switch --ask ~/Zero/nix-config/ -- --cores $build_cores
 else
   ${pkgs.coreutils-full}/bin/echo "ERROR! No nix-config found in $HOME/Zero/nix-config"
 fi

nixos/_mixins/configs/build-iso.nix

@@ -8,11 +8,11 @@ if [ -z $1 ]; then
 fi
 
 if [ -e $HOME/Zero/nix-config ]; then
-  all_cores=$(nproc)
-  build_cores=$(printf "%.0f" $(echo "$all_cores * 0.75" | bc))
+  all_cores=$(${pkgs.coreutils-full}/bin/nproc)
+  build_cores=$(printf "%.0f" $(echo "$all_cores * 0.75" | ${pkgs.bc}/bin/bc))
   pushd $HOME/Zero/nix-config 2>&1 > /dev/null
   echo "Building ISO ($1) with $build_cores cores"
-  nom build .#nixosConfigurations.iso-$1.config.system.build.isoImage -L --cores $build_cores
+  ${pkgs.nix-output-monitor}/bin/nom build .#nixosConfigurations.iso-$1.config.system.build.isoImage --cores $build_cores
   ISO=$(${pkgs.coreutils-full}/bin/head -n1 result/nix-support/hydra-build-products | ${pkgs.coreutils-full}/bin/cut -d'/' -f6)
   ${pkgs.coreutils-full}/bin/mkdir -p $HOME/Quickemu/nixos-$1 2>/dev/null
   ${pkgs.coreutils-full}/bin/cp result/iso/$ISO $HOME/Quickemu/nixos-$1/nixos.iso

nixos/_mixins/configs/switch-all.nix

@@ -4,12 +4,12 @@ pkgs.writeScriptBin "switch-all" ''
 #!${pkgs.stdenv.shell}
 
 if [ -e $HOME/Zero/nix-config ]; then
-  all_cores=$(nproc)
+  all_cores=$(${pkgs.coreutils-full}/bin/nproc)
   build_cores=$(printf "%.0f" $(echo "$all_cores * 0.75" | ${pkgs.bc}/bin/bc))
   echo "Switching NixOS with $build_cores cores"
-  nh os switch ~/Zero/nix-config/ -- --cores $build_cores
+  ${pkgs.nh}/bin/nh os switch ~/Zero/nix-config/ -- --cores $build_cores
   echo "Switching Home Manager with $build_cores cores"
-  nh home switch ~/Zero/nix-config/ -- --cores $build_cores
+  ${pkgs.nh}/bin/nh home switch ~/Zero/nix-config/ -- --cores $build_cores
 else
   ${pkgs.coreutils-full}/bin/echo "ERROR! No nix-config found in $HOME/Zero/nix-config"
 fi

nixos/_mixins/configs/switch-host.nix

@@ -4,10 +4,10 @@ pkgs.writeScriptBin "switch-host" ''
 #!${pkgs.stdenv.shell}
 
 if [ -e $HOME/Zero/nix-config ]; then
-  all_cores=$(nproc)
-  build_cores=$(printf "%.0f" $(echo "$all_cores * 0.75" | bc))
+  all_cores=$(${pkgs.coreutils-full}/bin/nproc)
+  build_cores=$(printf "%.0f" $(echo "$all_cores * 0.75" | ${pkgs.bc}/bin/bc))
   echo "Switching NixOS with $build_cores cores"
-  nh os switch ~/Zero/nix-config/ -- --cores $build_cores
+  ${pkgs.nh}/bin/nh os switch ~/Zero/nix-config/ -- --cores $build_cores
 else
   ${pkgs.coreutils-full}/bin/echo "ERROR! No nix-config found in $HOME/Zero/nix-config"
 fi

nixos/_mixins/services/homepage.nix

@@ -193,21 +193,11 @@ in
         }
       ];
       services = [
-        {
-          "Hardware" = [
-            {
-              "Scrutiny" = {
-                description = "Scrutiny: ${hostname}";
-                href = "http://${hostname}.drongo-gamma.ts.net:8080";
-              };
-            }
-          ];
-        }
         {
           "Services" = [
             {
               "Syncthing" = {
-                description = "Syncthing: ${hostname}";
+                description = "${hostname}";
                 href = "http://${hostname}.drongo-gamma.ts.net:8384";
               };
             }

nixos/_mixins/users/martin/default.nix

@@ -63,6 +63,7 @@ in
       microsoft-edge
       opera
       pika-backup
+      tartube
       tenacity
       usbimager
       vivaldi

nixos/_mixins/users/nixos/default.nix

@@ -15,36 +15,34 @@ TARGET_BRANCH="''${3:-main}"
 
 function run_disko() {
   local DISKO_CONFIG="$1"
-  local DISKO_MODE="$2"
   local REPLY="n"
 
   # If the requested config doesn't exist, skip it.
   if [ ! -e "$DISKO_CONFIG" ]; then
     return
   fi
 
-  # If the requested mode is not mount, ask for confirmation.
-  if [ "$DISKO_MODE" != "mount" ]; then
-    ${pkgs.coreutils-full}/bin/echo "ALERT! Found $DISKO_CONFIG"
-    ${pkgs.coreutils-full}/bin/echo "       Do you want to format the disks in $DISKO_CONFIG"
-    ${pkgs.coreutils-full}/bin/echo "       This is a destructive operation!"
-    ${pkgs.coreutils-full}/bin/echo
-    read -p "Proceed with $DISKO_CONFIG format? [y/N]" -n 1 -r
-    ${pkgs.coreutils-full}/bin/echo
-  else
-    REPLY="y"
-  fi
+  ${pkgs.coreutils-full}/bin/echo "ALERT! Found $DISKO_CONFIG"
+  ${pkgs.coreutils-full}/bin/echo "       Do you want to format the disks in $DISKO_CONFIG"
+  ${pkgs.coreutils-full}/bin/echo "       This is a destructive operation!"
+  ${pkgs.coreutils-full}/bin/echo
+  read -p "Proceed with $DISKO_CONFIG format? [y/N]" -n 1 -r
+  ${pkgs.coreutils-full}/bin/echo
 
+  sudo true
   if [[ $REPLY =~ ^[Yy]$ ]]; then
-    sudo true
     # Workaround for mounting encrypted bcachefs filesystems.
     # - https://nixos.wiki/wiki/Bcachefs#NixOS_installation_on_bcachefs
     # - https://github.com/NixOS/nixpkgs/issues/32279
     sudo ${pkgs.keyutils}/bin/keyctl link @u @s
-    sudo disko --mode $DISKO_MODE "$DISKO_CONFIG"
+    sudo disko --mode disko "$DISKO_CONFIG"
+  else
+    sudo disko --mode mount "$DISKO_CONFIG"
   fi
 }
 
+sudo umount -R /mnt || true
+
 if [ "$(${pkgs.coreutils-full}/bin/id -u)" -eq 0 ]; then
   ${pkgs.coreutils-full}/bin/echo "ERROR! $(${pkgs.coreutils}/bin/basename "$0") should be run as a regular user"
   exit 1
@@ -75,7 +73,7 @@ if [[ -z "$TARGET_USER" ]]; then
 fi
 
 if [ ! -e "$HOME/.config/sops/age/keys.txt" ]; then
-  ${pkgs.coreutils-full}/bin/echo "WARNING! sops keys.txt was not found."
+  ${pkgs.coreutils-full}/bin/echo "WARNING! $HOME/.config/sops/age/keys.txt was not found."
   ${pkgs.coreutils-full}/bin/echo "         Do you want to continue without it?"
   ${pkgs.coreutils-full}/bin/echo
   read -p "Are you sure? [y/N]" -n 1 -r
@@ -127,16 +125,10 @@ else
     ${pkgs.coreutils-full}/bin/echo -n "$(head -c32 /dev/random | base64)" > /tmp/data.keyFile
   fi
 
-  run_disko "nixos/$TARGET_HOST/disks.nix" "disko"
-
-  # If the main configuration was denied, make sure the root partition is mounted.
-  if ! ${pkgs.util-linux}/bin/mountpoint -q /mnt; then
-    run_disko "nixos/$TARGET_HOST/disks.nix" "mount"
-  fi
+  run_disko "nixos/$TARGET_HOST/disks.nix"
 
   for CONFIG in $(${pkgs.findutils}/bin/find "nixos/$TARGET_HOST" -name "disks-*.nix" | ${pkgs.coreutils-full}/bin/sort); do
-    run_disko "$CONFIG" "disko"
-    run_disko "$CONFIG" "mount"
+    run_disko "$CONFIG"
   done
 fi
 

nixos/default.nix

@@ -12,6 +12,7 @@ let
       "sidious"
       "tanis"
       "vader"
+      "revan"
     ];
     tcpPorts = [ 22000 ];
     udpPorts = [ 22000 21027 ];
@@ -76,7 +77,7 @@ in
       LC_TIME = "en_GB.utf8";
     };
   };
-  services.xserver.layout = "gb";
+  services.xserver.xkb.layout = "gb";
   time.timeZone = "Europe/London";
 
   # Only install the docs I use
@@ -95,6 +96,7 @@ in
 
     systemPackages = with pkgs; [
       git
+      nix-output-monitor
     ] ++ lib.optionals (isInstall) [
       inputs.fh.packages.${platform}.default
       inputs.nixos-needtoreboot.packages.${platform}.default
@@ -103,7 +105,6 @@ in
       flyctl
       fuse-overlayfs
       libva-utils
-      nix-output-monitor
       nvd
       nvme-cli
       #https://nixos.wiki/wiki/Podman
@@ -152,13 +153,13 @@ in
       192.168.2.6     vader-wifi
       192.168.2.7     vader-lan
       192.168.2.11    printer
-      192.168.2.15	  nuc
+      192.168.2.15    nuc
       192.168.2.17    skull
-      192.168.2.20	  keylight-light key-left Elgato_Key_Light_Air_DAD4
+      192.168.2.20    keylight-light key-left Elgato_Key_Light_Air_DAD4
       192.168.2.21    keylight-right key-right Elgato_Key_Light_Air_EEE9
       192.168.2.23    moodlamp
       192.168.2.30    chimeraos-lan
-      192.168.2.31	  chimeraos-wifi chimeraos
+      192.168.2.31    chimeraos-wifi chimeraos
       192.168.2.58    vonage Vonage-HT801
       192.168.2.184   lametric LaMetric-LM2144
       192.168.2.250   hue-bridge
@@ -254,6 +255,7 @@ in
         nano = "micro";
       };
     };
+    mosh.enable = true;
     nano.enable = lib.mkDefault false;
     nh = {
       clean = {
@@ -277,7 +279,7 @@ in
   services = {
     avahi = {
       enable = true;
-      nssmdns = true;
+      nssmdns4 = true;
       # Only open the avahi firewall ports on servers
       openFirewall = isWorkstation;
       publish = {
@@ -308,10 +310,6 @@ in
       };
     };
     resolved.enable = true;
-    scrutiny = {
-      enable = isInstall;
-      collector.enable = false;
-    };
     smartd.enable = isInstall;
     snap.enable = isInstall;
     sshguard = {
@@ -375,6 +373,7 @@ in
   };
 
   virtualisation = lib.mkIf (isInstall) {
+    containers.cdi.dynamic.nvidia.enable = hasNvidia;
     lxd = {
       enable = true;
     };
@@ -385,7 +384,6 @@ in
       dockerCompat = true;
       dockerSocket.enable = true;
       enable = true;
-      enableNvidia = hasNvidia;
     };
     spiceUSBRedirection.enable = true;
   };

nixos/phasma/default.nix

@@ -60,6 +60,10 @@
       motherboard = "amd";
       package = pkgs.openrgb-with-all-plugins;
     };
+    udev.extraRules = ''
+      # Remove NVIDIA Audio devices, if present
+      ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x040300", ATTR{power/control}="auto", ATTR{remove}="1"
+    '';
     xserver.videoDrivers = [ "amdgpu" "nvidia" ];
   };
 }