From 3ef71b9fa2e847f732b2d2bce0b73bc7f1cf1d34 Mon Sep 17 00:00:00 2001 From: Hadi <112569860+anotherhadi@users.noreply.github.com> Date: Thu, 22 Aug 2024 15:25:32 +0200 Subject: [PATCH] Update --- .sops.yaml | 4 +- flake.lock | 20 ++-- home/system/hyprland/default.nix | 2 + hosts/laptop/secrets/secrets.yaml | 8 +- hosts/modules/grub.nix | 10 ++ hosts/modules/tuigreet.nix | 4 + hosts/server/configuration.nix | 113 ++---------------- .../modules/exposed/cloudflare-dyndns.nix | 2 - hosts/server/modules/exposed/nextcloud.nix | 2 +- hosts/server/modules/www/default.nix | 2 +- hosts/server/variables.nix | 6 +- 11 files changed, 49 insertions(+), 124 deletions(-) create mode 100644 hosts/modules/grub.nix diff --git a/.sops.yaml b/.sops.yaml index 2db2699..50bce44 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,11 +1,11 @@ keys: - &primary age12yvtj49pfh3fqzqflscm0ek4yzrjhr6cqhn7x89gdxnlykq0xudq5c7334 creation_rules: - - path_regex: hosts/laptop/secrets/laptop.yaml$ + - path_regex: hosts/laptop/secrets/secrets.yaml$ key_groups: - age: - *primary - - path_regex: hosts/server/secrets/server.yaml$ + - path_regex: hosts/server/secrets/secrets.yaml$ key_groups: - age: - *primary diff --git a/flake.lock b/flake.lock index 4f88458..23c559b 100644 --- a/flake.lock +++ b/flake.lock @@ -299,11 +299,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1724085862, - "narHash": "sha256-qIPLv+MmTVZ0sjhx99EZhe/2aGzy5JOskmlqPd6DNFQ=", + "lastModified": 1724243887, + "narHash": "sha256-qa5TXlcANiWSEzLNZmenvXkqzzh3cDUYSfNniGi+LaU=", "ref": "refs/heads/main", - "rev": "c86db7bbb0cf14d4955ee3a4d13c0ed9f8a0e0ae", - "revCount": 5115, + "rev": "883463f9dd7f1cdc68c3e32017c0a71ccbe39b26", + "revCount": 5119, "submodules": true, "type": "git", "url": "https://github.com/hyprwm/Hyprland" @@ -536,11 +536,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1724127528, - "narHash": "sha256-fKtsvNQeLhPuz1O53x6Xxkd/yYecpolNXRq7mfvnXQk=", + "lastModified": 1724222231, + "narHash": "sha256-IFlMn1lgVsZQZC9WklY9YKcCdI0mUxSYZ7EfkaKCsQU=", "owner": "nix-community", "repo": "nixvim", - "rev": "cb413995e1e101c76d755b7f131ce60c7ea3985d", + "rev": "b7f419a759f70126e220533b724cc17e8528b184", "type": "github" }, "original": { @@ -672,11 +672,11 @@ ] }, "locked": { - "lastModified": 1724127458, - "narHash": "sha256-2ZNwq7AC62nMGAeb/ylpnK+0O+CTbXhpeyKCCP+/zFU=", + "lastModified": 1724213823, + "narHash": "sha256-2IWw1IagCe1yb/y2hzB5ofxO5KKcLPzcJYYUdVP0hRk=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "94195e44cd5d267256cb3e5d5eae30f1cca6fdd1", + "rev": "24285dbcf8f0769c7af50a0b6e38ec4fd841389e", "type": "github" }, "original": { diff --git a/home/system/hyprland/default.nix b/home/system/hyprland/default.nix index 7b34139..e19dc84 100644 --- a/home/system/hyprland/default.nix +++ b/home/system/hyprland/default.nix @@ -146,6 +146,8 @@ new_window_takes_over_fullscreen = 2; }; + render = { explicit_sync = "0"; }; + opengl = { nvidia_anti_flicker = false; }; input = { diff --git a/hosts/laptop/secrets/secrets.yaml b/hosts/laptop/secrets/secrets.yaml index 771f762..def5ee7 100644 --- a/hosts/laptop/secrets/secrets.yaml +++ b/hosts/laptop/secrets/secrets.yaml @@ -1,4 +1,4 @@ -sshconfig: ENC[AES256_GCM,data:Y3NfsEzlL3QlB1P6FCq5PKS7ZPv6dzJRRs6LF5oJfJ3RXmaU2vqgDKgN6RtVNFSngCOePB7UgzcWriaVCmno2TZH8K/aLfYlodu1tQ8f4D8Vyi9jYBL3gRoyrBeeE+U8taj/uqA07mvLCuSSuPgbQSNe3hUATjgeym1JYSObjMphUmHg4zMc8jbip4SDMnGAiipf4w3tDyaVoCPaEWSGwOGD5I6PVw8Zi4IxOb787RFaMg23ImzQAd0COkV7004lIcjlkSuKvzDSAPB1zP8HwrraNINppExFMxbemhvmGiVsxPy3Jf0x5bQ/ieJBtfrRnlFgiyx92sizOe/XI2MiuSlqMgXakTL2twLAggnz/YZ53c1G5sDDmWOa8eVYTp5+xD5oiZP9hSHc/5Mid2tK1U9dLyV3/ynF5bOPOht61U/HfFJTsSxT6fOue4anagHkwAXgoHLDMH1JS9zyp7ND661W,iv:yVDLiw9WIuIOm08B+CmbO/hHXZ6NCno+57OD6myzDYg=,tag:eKu7dLN2N3hFu+CmsMy7Vw==,type:str] +sshconfig: ENC[AES256_GCM,data:/sDTGVeYRjxF5Epp5kmVS0ScSYOqOs2grX0+Ap8HJc8CQftpNOYXNYdEyqLDMc5g5ualaO4iKg4sQ76J4j9ZPugt4iprIvOo2Uxmu7KRU47Z8SNwrrMNpv6x/XA2P6r261e/e/pOHyrmiFfV/I5Km9IwGqY5TWbEhvjx8qyRO2bQDIdffI1L1ZWJGC9ZOZ4o5RJCr2xB+qxLLI2pl8qHZhvfZlGHnyHw5ne0RfAFubIrW4nQJTamoaGHZqWro4tVSfXAEb+9IsYCc1aj3MehVdV8PUQ38/LxL2MAQTt9bs7sHLf9DmxZ6rGPWmpJ+IRoQbP1PA65tobFOd+Kf13XvWymNUcQpQFHDj0vpvDONxIikO+vj2T7SteRRPy+38UPdB8jrHfQ1JrGbxUQIrWOWeD3S44lINmquIMclJQ26zf6nvklXR7xCuzNAvmjublsnYK+CGDkt/ap/kDD7nCuQYYY,iv:VX55dyt2N80LJPDYoUES7ZWJjlqVyQrUQWvOQ/yItBc=,tag:6NlHwy0SqJ40+ltQHzmX7g==,type:str] github-key: ENC[AES256_GCM,data:xUgFMlBo8e+3eXqNscxbby1dWug3SgUagDiNUe/IGVbU6cczkaJ3uOaB0OuRBQ8AYhOLkzXj0pIKjUrElHwmYrhURtS1aF4SFEGJsjhhobNA//j3E2/5/nLVjfco+lRzyHdwmsNhEUCqEhsXrrodJMb39H4b5oip3z0rjc729YveiWUKQxXVZVPurp3nq9yNnix9R4CA6XYFRW6T6MNqgPD5qhbcDlhxLb/SN+uI5h+5eZIS24VDWlKaTaCLL5KLhZmfuA37SquOQ+edi9Yg8MnfrZkMrp/3qmAjP2rSQLMOc4QdQCLQBQSf0/snpydgLwY+FoJmMSztwtkqUdIZWOfDUJbJxegEOrAR68jLTNbp+GYiDn3thtOZDiK5p/M1amjCT+A9qeFMed5WS+aZHNTRbR9UcfiP6+48MGZFt1mr7q+/CoL04/DTp0w6tUf6/SZD31NvTJDqngkhpc0ZH9Dh5+2JcnBWpq25AM36kZTn1hIQCLNTr/oGWZXSLA2tksAhQCaUcFj4IIh6Bl96,iv:GEJsAs5NriwENYTV/VShgJF6iMmrtTwNiXOvfXyEP8E=,tag:nfZgsFqaet075GjQAoVZxQ==,type:str] gitlab-key: ENC[AES256_GCM,data:6271Tg7LIJsXAw7Co32vva+iUWv+eRAfVfXaGkoirHxiPTAgZfq8yDpGJwti2D/aFnLvbURcUgp3B5zy1aURu9puXi6QMu3orJOE2Zx0dX3lyeHyIhOZ1hAWsQxwBDkJYODuMZbIKHNrF26Mkk6smFF9SrGoADZGxY7XSou/iopw6yrLvQAXP6lN55PQvoP5/ek/QzKNwjJAbAjp7FjjtPqPUbUdj7bfIfr9avs6gpRYnRzb2H3auyhb5qvyuRWnKu4+FeZUofC7HnfRU1eSI8UzG49Rg4f2b1Xqr0JtsjvEmuRx7lbptINXEAjW7zaSZ2B9NgotWPIzkNZRNZkuTEaOulBf5iH3wJ9GM1FcbUu2gpCt6y+CMIk5QkVvETYtKuALLbcPx9/sc90doiH1411LeKQCs5l88BBILG9KPkKmXiGGUVNxzFtjbRYQIUEmmyl95kPPEdCkkzGzHXNfE3F9HRu4MCGKPK2yZPZtCXd3Jp1b21wKSIRNYqLqxru+J8eLSljd3czO0SuTG/Vx,iv:E+y3aVLaiStlPLTQBqyfJuEXtAQyOvDUYS+XfuOHuA0=,tag:6d1IAsGcmcpgL1pE9dDcbw==,type:str] jack-key: ENC[AES256_GCM,data:VfCl3wH0MMBc8QDyjLDFeSvzSEsf7uGpfJvRjFrmjW+bPRUXBpZhJV8a9VQIAz7z7zZXvzARMfCeI0ydyC57CW81GH5/H5pneJ4b+xreINjVfdLbL1nC1thelo/O64jda/L+xVKhgE+QQi8/zt4JmXGghkP+74nYcTTaMpmcbgWw354J1ybXqyCEY+88nsJ1d2s+M7M2bplx4fGb7sLUs6sqdsad3sENzhH/0HQCFXreHTtgsLbIs8ccmdRgFNKM8/wD0OoW76rOQsJoA9JY4yOTQNVoX5M8+Olj6+wVlt6QBrWrYRuEztGnHrHvzxiHXtmEkMwVNfoPpEflQyRYRa0rVp/66REOkMckGx6/LbxKFgrxnifRlsK3kWd28v2bRGVQOghUluYUtVkaJ+eh6o6ik0NQKx8/H6BznBSDE6MjDwbLv434LHBfDtAqhWN1eMbOlunFivsl5Hb/6rl9kydHlcCS6FY8cUHoKQ90gDaUuDrvUifwmdO5hU0GH5tgvGi1ReK9ndcpQsrHptG6,iv:oC1xU5Tu3The105VYRmxIw4kEwDoqe8T/EH6mmqpqwQ=,tag:Pu8c536u6W7ALrqjRsvXDw==,type:str] @@ -17,8 +17,8 @@ sops: cmVxVC8rVDlWMUdZaGw3bmdOaWZGS1EKYahBlc8XpB5UdKZQkvxbLcKQ/xkFJjWo FSfQWnjhe/a7BJtJEcKZkjOQU0mYqlSu+uT2RA9diCQeRUJPRF+nAw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-20T15:42:14Z" - mac: ENC[AES256_GCM,data:EEHDEwSd8PJqujX5oMxaYhWJKci8BJLbSFUEOVT8M+/jYDhIosLJawcoX1IXPBy3Dj65xQ35WMnQ70q/xUzQaW1nAx/auiMyVS++1DWv1Jxx5KkvCEz7TbqH12/Sbe6F1Li4MUBTETuiQwn89mlDAmWLM4fFcqx2I6twdFiFH+0=,iv:oda5u/4kB8o9nJqHIufWVBkREbD17cp/mRqHNYTJIwY=,tag:+mcI40OHz0eQV/C1/nJt9Q==,type:str] + lastmodified: "2024-08-22T13:06:39Z" + mac: ENC[AES256_GCM,data:og4QkXzbYu26vAA+0TDtuGbZGVOwNxXYK7Kh8zHqZsCOriJmA6FsPLkmqiJ46xiA1D9SDneE5utyiV2mhkmwIUKYKZGZGB+GnPCg5iF9PvLUI7M7UkLpAXXxdiCYHa7QecRMNtU64SW8tRKs46ujsR1c1eBeFsv2kKifIOshTS8=,iv:x8D22vy+4bwgNxWbIBQ/YOFDXr/rpqC4sn0eKkFLpA0=,tag:gjg35ATdp6uC8qJ18htZog==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0 diff --git a/hosts/modules/grub.nix b/hosts/modules/grub.nix new file mode 100644 index 0000000..3a891f9 --- /dev/null +++ b/hosts/modules/grub.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: { + boot = { + loader.grub.enable = true; + loader.grub.device = "/dev/sda"; + loader.grub.useOSProber = true; + tmp.cleanOnBoot = true; + kernelPackages = + pkgs.linuxPackages_latest; # _zen, _hardened, _rt, _rt_latest, etc. + }; +} diff --git a/hosts/modules/tuigreet.nix b/hosts/modules/tuigreet.nix index c9ffba9..a8747a4 100644 --- a/hosts/modules/tuigreet.nix +++ b/hosts/modules/tuigreet.nix @@ -26,4 +26,8 @@ TTYVHangup = true; TTYVTDisallocate = true; }; + + # To prevent getting stuck at shutdown + systemd.extraConfig = "DefaultTimeoutStopSec=10s"; + } diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix index 7eaddf3..44ae86d 100644 --- a/hosts/server/configuration.nix +++ b/hosts/server/configuration.nix @@ -1,17 +1,24 @@ -{ pkgs, config, ... }: { +{ config, ... }: { imports = [ ./hardware-configuration.nix ./variables.nix - ../modules/usb.nix + + ../modules/grub.nix + ../modules/timezone.nix + ../modules/utils.nix + ../modules/users.nix + ../modules/zsh.nix + ../modules/nix.nix + ../modules/auto-upgrade.nix # internal ./modules/internal/security.nix ./modules/internal/openssh.nix - ./modules/internal/adguard.nix - ./modules/internal/cockpit.nix + # ./modules/internal/adguard.nix # TODO + # ./modules/internal/cockpit.nix # exposed - ./modules/exposed/ntfy-sh.nix + # ./modules/exposed/ntfy-sh.nix ./modules/exposed/tailscale.nix ./modules/exposed/kuma.nix ./modules/exposed/cloudflare-dyndns.nix @@ -20,111 +27,15 @@ ./modules/exposed/vaultwarden.nix ./modules/www - # jackflix - ./modules/jackflix - ./secrets ]; - # Bootloader. - boot = { - loader.grub.enable = true; - loader.grub.device = "/dev/sda"; - loader.grub.useOSProber = true; - tmp.cleanOnBoot = true; - kernelPackages = - pkgs.linuxPackages_latest; # _zen, _hardened, _rt, _rt_latest, etc. - }; - virtualisation.docker.enable = true; - # Networking - networking = { hostName = config.var.hostname; }; - - # Timezone and locale - time.timeZone = config.var.timeZone; - i18n.defaultLocale = config.var.defaultLocale; - i18n.extraLocaleSettings = { - LC_ADDRESS = config.var.extraLocale; - LC_IDENTIFICATION = config.var.extraLocale; - LC_MEASUREMENT = config.var.extraLocale; - LC_MONETARY = config.var.extraLocale; - LC_NAME = config.var.extraLocale; - LC_NUMERIC = config.var.extraLocale; - LC_PAPER = config.var.extraLocale; - LC_TELEPHONE = config.var.extraLocale; - LC_TIME = config.var.extraLocale; - }; - - # Users users.users.${config.var.username} = { - isNormalUser = true; - description = "${config.var.username} account"; - extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = [ config.var.sshPublicKey ]; }; - services = { - xserver = { - enable = true; - xkb.layout = config.var.keyboardLayout; - xkb.variant = ""; - }; - gnome.gnome-keyring.enable = true; - }; - console.keyMap = config.var.keyboardLayout; - - # Shell - programs.zsh = { - enable = true; - loginShellInit = '' - dbus-update-activation-environment --systemd DISPLAY - ''; - }; - users.defaultUserShell = pkgs.zsh; - - nix = { - settings = { - auto-optimise-store = true; - experimental-features = [ "nix-command" "flakes" ]; - substituters = [ "https://hyprland.cachix.org" ]; - trusted-public-keys = [ - "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" - ]; - }; - gc = if config.var.autoGarbageCollector then { - automatic = true; - persistent = true; - dates = "weekly"; - options = "--delete-older-than 7d"; - } else - { }; - }; - - nixpkgs.config.allowUnfree = true; - - system.autoUpgrade = if config.var.autoUpgrade then { - enable = true; - dates = "04:00"; - flake = "${config.var.configDirectory}"; - flags = [ "--update-input" "nixpkgs" "--commit-lock-file" ]; - allowReboot = false; - } else - { }; - - services.libinput.enable = true; - programs.dconf.enable = true; - - # Faster rebuilding - documentation = { - enable = true; - doc.enable = false; - man.enable = true; - dev.enable = false; - }; - - services.dbus.enable = true; - # Don't touch this system.stateVersion = "24.05"; } diff --git a/hosts/server/modules/exposed/cloudflare-dyndns.nix b/hosts/server/modules/exposed/cloudflare-dyndns.nix index f913873..95b13a7 100644 --- a/hosts/server/modules/exposed/cloudflare-dyndns.nix +++ b/hosts/server/modules/exposed/cloudflare-dyndns.nix @@ -8,12 +8,10 @@ "vault.anotherhadi.com" "anotherhadi.com" "www.anotherhadi.com" - "test.anotherhadi.com" "jack.anotherhadi.com" "ntfy.anotherhadi.com" "home.anotherhadi.com" "kuma.anotherhadi.com" - "start.anotherhadi.com" ]; proxied = true; apiTokenFile = "/etc/cloudflare/apiToken"; diff --git a/hosts/server/modules/exposed/nextcloud.nix b/hosts/server/modules/exposed/nextcloud.nix index d10d211..7bdf365 100644 --- a/hosts/server/modules/exposed/nextcloud.nix +++ b/hosts/server/modules/exposed/nextcloud.nix @@ -12,7 +12,7 @@ in { }; settings = { trusted_domains = - [ "localhost" "127.0.0.1" "192.168.2.23" "cloud.anotherhadi.com" ]; + [ "localhost" "127.0.0.1" "192.168.1.99" "cloud.anotherhadi.com" ]; }; nginx.recommendedHttpHeaders = true; extraApps = { diff --git a/hosts/server/modules/www/default.nix b/hosts/server/modules/www/default.nix index cfb9b1f..326ee69 100644 --- a/hosts/server/modules/www/default.nix +++ b/hosts/server/modules/www/default.nix @@ -2,6 +2,6 @@ imports = [ ./home.anotherhadi.com.nix ./anotherhadi.com.nix ]; services.nginx.virtualHosts = { - "test.anotherhadi.com" = { root = "/var/www/test"; }; + # "test.anotherhadi.com" = { root = "/var/www/test"; }; }; } diff --git a/hosts/server/variables.nix b/hosts/server/variables.nix index bad251a..7222bb8 100644 --- a/hosts/server/variables.nix +++ b/hosts/server/variables.nix @@ -18,14 +18,14 @@ email = "112569860+anotherhadi@users.noreply.github.com"; }; - stateVersion = "24.05"; - autoUpgrade = false; autoGarbageCollector = false; sops = true; - obsidian = false; tailscale = true; + usbguard = false; + usbguardRules = ""; + sshPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPG9SE80ZyBcXZK/f5ypSKudaM5Jo3XtQikCnGo0jI5E hadi@nixy";