From c1c092bea7c05e8f0c4dce103b673bd120b099e7 Mon Sep 17 00:00:00 2001 From: Audrey Dutcher Date: Wed, 17 Sep 2025 15:44:01 -0700 Subject: [PATCH] what is even the point of this if I'm not going to commit for weeks at a time --- configuration-cross.nix | 9 +- configuration-desktop.nix | 174 ++++++++++++++++++++++++++++-- configuration-nixos.nix | 8 +- configuration.nix | 28 ++++- dotfiles/nvim-init.lua | 62 +++++++---- dotfiles/zsh-init.sh | 10 +- dotfiles/zsh-input.sh | 41 +++---- flake.lock | 115 ++++---------------- flake.nix | 11 +- pkgs/binsync.nix | 4 +- pkgs/idapro9.nix | 31 +++--- sites/daisy/configuration.nix | 37 ++++--- sites/sunflower/configuration.nix | 83 +++++++++++++- 13 files changed, 427 insertions(+), 186 deletions(-) diff --git a/configuration-cross.nix b/configuration-cross.nix index c819ba4..08d3931 100644 --- a/configuration-cross.nix +++ b/configuration-cross.nix @@ -9,7 +9,7 @@ ]; programs.git.config.merge.tool = "meld"; - programs.git.config.core.editor = "nvim"; + programs.git.config.core.editor = "kak"; programs.neovim = { enable = true; @@ -26,12 +26,12 @@ ''; packages.myVimPackage = with pkgs.vimPlugins; { start = [ - rust-vim + #rust-vim vim-tmux-navigator popup-nvim vim-sleuth nvim-lspconfig - rust-tools-nvim + #rust-tools-nvim tabby-nvim nvim-lint nvim-cmp @@ -44,7 +44,8 @@ telescope-file-browser-nvim telescope-fzy-native-nvim nvim-treesitter.withAllGrammars - sweetie-nvim + #sweetie-nvim + tokyonight-nvim vim-nix csharpls-extended-lsp-nvim ]; diff --git a/configuration-desktop.nix b/configuration-desktop.nix index 3087f75..d1499d3 100644 --- a/configuration-desktop.nix +++ b/configuration-desktop.nix @@ -1,4 +1,7 @@ { config, lib, pkgs, ... }: +let + swaylockCmd = "swaylock -c 1a1b26"; +in { networking.networkmanager.enable = true; @@ -16,14 +19,161 @@ libinput.enable = true; - displayManager.sddm = { - enable = true; - wayland.enable = true; - }; - desktopManager.plasma6 = { enable = true; }; + + blueman.enable = true; + }; + + # sway stuff + programs.regreet.enable = true; + services.greetd.settings = { + default_session.command = "${pkgs.dbus}/bin/dbus-run-session ${lib.getExe config.programs.sway.package} -c /etc/sway/greeter-config"; + }; + programs.regreet.settings = { + background.path = "/home/audrey/Pictures/smotsgamed.jpg"; + background.fit = "Fill"; + GTK.application_prefer_dark_theme = true; + }; + environment.etc."sway/greeter-config".source = lib.mkForce (pkgs.writeText "sway-greeter-config" '' + exec "${lib.getExe config.programs.regreet.package}; swaymsg exit" + output * scale 2 + input type:keyboard { + xkb_options "caps:escape" + } + input type:touchpad { + dwt enabled + dwtp enabled + tap enabled + tap_button_map lrm + natural_scroll enabled + } + + # Brightness + bindsym --locked XF86MonBrightnessDown exec light -U 10 + bindsym --locked XF86MonBrightnessUp exec light -A 10 + + blur enable + corner_radius 8 + shadows enable + shadow_blur_radius 8 + ''); + + programs.uwsm = { + enable = true; + waylandCompositors.sway = { + prettyName = "Sway"; + binPath = "/run/current-system/sw/bin/sway"; + }; + }; + programs.sway = { + enable = true; + package = pkgs.swayfx; + wrapperFeatures.gtk = true; + xwayland.enable = true; + extraPackages = with pkgs; [ + swaylock + pavucontrol + pasystray + libnotify + wdisplays + playerctl + grim + slurp + wl-clipboard + wlogout + fuzzel + gsettings-desktop-schemas + adwaita-icon-theme + glib + kdePackages.kwallet + swaynotificationcenter + ]; + extraSessionCommands = '' + export ELECTRON_OZONE_PLATFORM_HINT=wayland + export SDL_VIDEODRIVER=wayland + export QT_QPA_PLATFORM=wayland-egl + export QT_WAYLAND_DISABLE_WINDOWDECORATION=1 + ''; + }; + environment.sessionVariables.XDG_DATA_DIRS = [ "/run/current-system/sw/share/gsettings-schemas/${pkgs.gsettings-desktop-schemas.name}" ]; + programs.light.enable = lib.mkIf config.programs.sway.enable true; + security.pam.services.swaylock = {}; + security.pam.loginLimits = [ + { domain = "@users"; item = "rtprio"; type = "-"; value = 1; } + ]; + security.pam.services = { + greetd.kwallet = { + enable = true; + package = pkgs.kdePackages.kwallet-pam; + forceRun = true; + }; + greetd.rules.session.kwallet.settings.auto_start = true; + }; + programs.dconf.enable = true; + systemd.user.targets.graphical-environment = lib.mkIf config.programs.sway.enable { }; + systemd.user.services.kanshi = lib.mkIf config.programs.sway.enable { + description = "Monitor hotswap daemon"; + serviceConfig = { + Type = "simple"; + ExecStart = lib.getExe pkgs.kanshi; + }; + partOf = [ "graphical-environment.target" ]; + wantedBy = [ "graphical-environment.target" ]; + }; + systemd.user.services.swayidle = lib.mkIf config.programs.sway.enable { + description = "Idle lock + sleep manager"; + serviceConfig = { + Type = "simple"; + ExecStart = ''${lib.getExe pkgs.swayidle} -w \ + timeout 300 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' \ + timeout 360 '${swaylockCmd} -f' \ + timeout 600 'systemctl suspend' before-sleep '${swaylockCmd} -f' + ''; + }; + partOf = [ "graphical-environment.target" ]; + wantedBy = [ "graphical-environment.target" ]; + }; + systemd.user.services.waybar = lib.mkIf config.programs.sway.enable { + description = "Desktop status bar"; + serviceConfig = { + Type = "simple"; + ExecStart = lib.getExe pkgs.waybar; + }; + path = [ "/run/current-system/sw" ]; + partOf = [ "graphical-environment.target" ]; + wantedBy = [ "graphical-environment.target" ]; + }; + systemd.user.services.networkmanagerapplet = lib.mkIf config.programs.sway.enable { + description = "Networkmanager applet"; + serviceConfig = { + Type = "simple"; + ExecStart = lib.getExe pkgs.networkmanagerapplet; + }; + path = [ "/run/current-system/sw" ]; + partOf = [ "graphical-environment.target" ]; + wantedBy = [ "graphical-environment.target" ]; + }; + systemd.user.services.swaynotificationcenter = lib.mkIf config.programs.sway.enable { + description = "Sway Notification Center"; + serviceConfig = { + Type = "simple"; + ExecStart = lib.getExe pkgs.swaynotificationcenter; + }; + path = [ "/run/current-system/sw" ]; + partOf = [ "graphical-environment.target" ]; + wantedBy = [ "graphical-environment.target" ]; + }; + systemd.user.services.kdeconnect-indicator = lib.mkIf config.programs.sway.enable { + description = "KDE connect indicator"; + serviceConfig = { + Type = "simple"; + ExecStart = "${lib.getBin pkgs.kdePackages.kdeconnect-kde}/bin/kdeconnect-indicator"; + }; + path = [ "/run/current-system/sw" ]; + partOf = [ "graphical-environment.target" ]; + wantedBy = [ "graphical-environment.target" ]; }; virtualisation.docker = { @@ -36,11 +186,19 @@ }; programs = { + chromium.enable = true; firefox.enable = true; kdeconnect.enable = true; + partition-manager.enable = true; wireshark.enable = true; wireshark.package = pkgs.wireshark; foot.enable = true; + obs-studio = { + enable = true; + plugins = with pkgs.obs-studio-plugins; [ + obs-livesplit-one + ]; + }; }; environment.systemPackages = with pkgs; [ @@ -49,7 +207,8 @@ element-desktop signal-desktop slack - obs-studio + zotero + via dwarfdump @@ -71,4 +230,7 @@ ''; before = [ "boot-complete.target" ]; }; + + hardware.keyboard.qmk.enable = true; + services.udev.packages = [ pkgs.via ]; } diff --git a/configuration-nixos.nix b/configuration-nixos.nix index 141e499..363a3b8 100644 --- a/configuration-nixos.nix +++ b/configuration-nixos.nix @@ -35,7 +35,7 @@ in { # language servers nil - rust-analyzer + #rust-analyzer # misbehaves unless it's in a dev shell with other environment variables... see shelld lua-language-server clang-tools bash-language-server @@ -49,6 +49,7 @@ in { ]; programs = { + firejail.enable = true; virt-manager.enable = true; nix-ld = { enable = true; @@ -66,6 +67,11 @@ in { xorg.xcbutilkeysyms xorg.xcbutilrenderutil xorg.xcbutilwm + xorg.libXrandr + xorg.libXxf86vm + xorg.libXi + xorg.libXcursor + xorg.libXinerama ]; }; }; diff --git a/configuration.nix b/configuration.nix index a55c13e..a822cc6 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, pkgs-unstable, ... }: let rhelmot = config.rhelmot; in { options.rhelmot = { @@ -7,6 +7,11 @@ in { default = []; description = "python packages (p: with p; [ x ]) to include in the global python environment"; }; + globalKakounePlugins = lib.mkOption { + type = with lib.types; listOf package; + default = []; + description = "kakoune packages to include in the global editor"; + }; }; imports = [ ./overlays/packages.nix ./configuration-cross.nix ]; config = { @@ -18,6 +23,7 @@ in { nix.settings.cores = 0; nix.settings.secret-key-files = [ "/var/lib/nix/binary-cache-key" ]; nix.settings.trusted-public-keys = builtins.filter (f: f != "") <| lib.strings.splitString "\n" <| builtins.readFile ./keys/nix; + nix.package = pkgs.lixPackageSets.stable.lix; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; @@ -32,11 +38,15 @@ in { uid = 1000; description = "Audrey Dutcher"; isNormalUser = true; - extraGroups = [ "wheel" "docker" ]; + extraGroups = [ "wheel" "docker" "video" "networkmanager" ]; openssh.authorizedKeys.keyFiles = [ ./keys/ssh ]; }; environment.systemPackages = with pkgs; [ + man-pages + man-pages-posix + bat + gnumake wget ripgrep fd @@ -47,6 +57,7 @@ in { psmisc patchelf gdb + kubectl p7zip unzip foremost @@ -56,9 +67,18 @@ in { openssl wireguard-tools cached-nix-shell + tcpdump + editorconfig-core-c + pkgs-unstable.kakoune-lsp + (pkgs-unstable.kakoune.override { plugins = rhelmot.globalKakounePlugins; }) (python3.withPackages (p: lib.concatMap (pl: pl p) rhelmot.globalPythonPackages)) ]; + rhelmot.globalKakounePlugins = with pkgs-unstable.kakounePlugins; [ + kak-fzf + smarttab-kak + ]; + rhelmot.globalPythonPackages = [ (p: with p; [ virtualenvwrapper pylint @@ -70,8 +90,11 @@ in { snakeviz requests pysocks + aiohttp ]) ]; + documentation.dev.enable = true; + programs = { zsh = { enable = true; @@ -93,6 +116,7 @@ in { gits = "git status"; pag = "ps aux | grep -v grep | grep -i"; hd = "hexdump -C"; + hdc = "hexdump -ve '\"\\\x\" 1/1 \"%02x\"'"; man = "MAN_POSIXLY_CORRECT=1 man"; nose = "pytest -v --capture=no --pdbcls=IPython.terminal.debugger:TerminalPdb"; mkvirtualenv = "mkvirtualenv -r /etc/venv-default.txt"; diff --git a/dotfiles/nvim-init.lua b/dotfiles/nvim-init.lua index 82102f6..b44deae 100644 --- a/dotfiles/nvim-init.lua +++ b/dotfiles/nvim-init.lua @@ -8,7 +8,7 @@ if ok then end end -local rt = require("rust-tools") +--local rt = require("rust-tools") local lint = require('lint') local lspconfig = require('lspconfig') tb = require("telescope.builtin") @@ -345,7 +345,7 @@ end local pipe = io.popen('rustup which rust-analyzer --toolchain nightly 2>/dev/null') local rust_analyzer = pipe:read() if rust_analyzer == nil then - pipe = io.popen('which rust-analyzer') + pipe = io.popen('which rust-analyzer 2>/dev/null') rust_analyzer = pipe:read() end pipe = io.popen('which clangd') @@ -360,14 +360,25 @@ pipe = io.popen('which pyright-langserver') pyright = pipe:read() pipe.close() if rust_analyzer ~= nil then - rt.setup({ - server = { - on_attach = lsp_keybinds, - capabilities = capabilities, - root_dir = rust_root_dir, - cmd = {rust_analyzer}, + --rt.setup({ + -- server = { + -- on_attach = lsp_keybinds, + -- capabilities = capabilities, + -- root_dir = rust_root_dir, + -- cmd = {rust_analyzer}, + -- }, + --}) + lspconfig.rust_analyzer.setup{ + on_attach = lsp_keybinds, + capabilities = capabilities, + settings = { + ["rust-analyzer"] = { + diagnostics = { + enable = true, + }, + }, }, - }) + } end if pyright ~= nil then lspconfig.pyright.setup{ @@ -509,24 +520,29 @@ show = function(x) vim.notify(vim.inspect(x)) end -vim.g.sweetie = { - palette = { - dark = { - bg_alt = "#151523", - bg_hl = "#505040", - } - }, - overrides = { - StatusLineNC = { fg = "#eeffee", bg = "#151523" }, - StatusLine = {fg = "#ffffff", bg = "#151523", bold = true }, - MatchParen = { fg = '#ae920a', reverse = false }, - Search = { fg = '#ae920a', bg = "#0b658e" }, - } +--vim.g.sweetie = { +-- palette = { +-- dark = { +-- bg = "NONE", +-- bg_alt = "#151523", +-- bg_hl = "#505040", +-- } +-- }, +-- overrides = { +-- StatusLineNC = { fg = "#eeffee", bg = "#151523" }, +-- StatusLine = {fg = "#ffffff", bg = "#151523", bold = true }, +-- MatchParen = { fg = '#ae920a', reverse = false }, +-- Search = { fg = '#ae920a', bg = "#0b658e" }, +-- } +--} +require("tokyonight").setup { + style = "night", + transparent = true, } if vim.env.TERM == "tmux" or vim.env.TERM == "xterm" then vim.cmd.colorscheme("default") else - vim.cmd.colorscheme("sweetie") + vim.cmd.colorscheme("tokyonight") end local tabtheme = { diff --git a/dotfiles/zsh-init.sh b/dotfiles/zsh-init.sh index d894260..079481d 100644 --- a/dotfiles/zsh-init.sh +++ b/dotfiles/zsh-init.sh @@ -10,7 +10,7 @@ unsetopt beep nomatch # standard functions function nixos-edit() { - (cd ~/nixos-config && vim configuration.nix) + (cd ~/nixos-config && kak configuration.nix) } function nixos-apply() { @@ -93,11 +93,19 @@ function preexec-osc133-marker() { print -Pn "\e]133;B\e\\" print -n "\e]133;C\e\\" } +function precmd-osc-title() { + print -Pn "\e]2;%n@%M | %~\a" +} +function preexec-osc-title() { + print -Pn "\e]2;%n@%M | $1\a" +} autoload -Uz add-zsh-hook add-zsh-hook -Uz chpwd chpwd-osc7-pwd add-zsh-hook -Uz precmd precmd-osc133-marker +add-zsh-hook -Uz precmd precmd-osc-title add-zsh-hook -Uz preexec preexec-osc133-marker +add-zsh-hook -Uz preexec preexec-osc-title # virtualenv integration diff --git a/dotfiles/zsh-input.sh b/dotfiles/zsh-input.sh index cc5d027..2cb74bf 100644 --- a/dotfiles/zsh-input.sh +++ b/dotfiles/zsh-input.sh @@ -26,29 +26,34 @@ key[CtrlRight]=${terminfo[kRIT5]} bindkey -v export KEYTIMEOUT=1 -[[ -n "${key[Home]}" ]] && bindkey "${key[Home]}" beginning-of-line -[[ -n "${key[End]}" ]] && bindkey "${key[End]}" end-of-line -[[ -n "${key[Insert]}" ]] && bindkey "${key[Insert]}" overwrite-mode -[[ -n "${key[Delete]}" ]] && bindkey "${key[Delete]}" backward-delete-char -[[ -n "${key[Up]}" ]] && bindkey "${key[Up]}" up-line-or-history -[[ -n "${key[Down]}" ]] && bindkey "${key[Down]}" down-line-or-history -[[ -n "${key[Left]}" ]] && bindkey "${key[Left]}" backward-char -[[ -n "${key[Right]}" ]] && bindkey "${key[Right]}" forward-char -[[ -n "${key[Backspace]}" ]] && bindkey "${key[Backspace]}" backward-delete-char -[[ -n "${key[PageUp]}" ]] && bindkey "${key[PageUp]}" up-history -[[ -n "${key[PageDown]}" ]] && bindkey "${key[PageDown]}" down-history -[[ -n "${key[CtrlLeft]}" ]] && bindkey "${key[CtrlLeft]}" backward-word -[[ -n "${key[CtrlRight]}" ]] && bindkey "${key[CtrlRight]}" forward-word +bindkey-both() { + bindkey "$@" + bindkey -a "$@" +} -bindkey '^P' up-history -bindkey '^N' down-history +[[ -n "${key[Home]}" ]] && bindkey-both "${key[Home]}" beginning-of-line +[[ -n "${key[End]}" ]] && bindkey-both "${key[End]}" end-of-line +[[ -n "${key[Insert]}" ]] && bindkey-both "${key[Insert]}" overwrite-mode +[[ -n "${key[Delete]}" ]] && bindkey-both "${key[Delete]}" backward-delete-char +[[ -n "${key[Up]}" ]] && bindkey-both "${key[Up]}" up-line-or-history +[[ -n "${key[Down]}" ]] && bindkey-both "${key[Down]}" down-line-or-history +[[ -n "${key[Left]}" ]] && bindkey-both "${key[Left]}" backward-char +[[ -n "${key[Right]}" ]] && bindkey-both "${key[Right]}" forward-char +[[ -n "${key[Backspace]}" ]] && bindkey "${key[Backspace]}" backward-delete-char +[[ -n "${key[PageUp]}" ]] && bindkey-both "${key[PageUp]}" up-history +[[ -n "${key[PageDown]}" ]] && bindkey-both "${key[PageDown]}" down-history +[[ -n "${key[CtrlLeft]}" ]] && bindkey-both "${key[CtrlLeft]}" backward-word +[[ -n "${key[CtrlRight]}" ]] && bindkey-both "${key[CtrlRight]}" forward-word + +bindkey-both '^P' up-history +bindkey-both '^N' down-history bindkey '^h' backward-delete-char bindkey '^w' backward-kill-word -bindkey '^r' history-incremental-search-backward +bindkey-both '^r' history-incremental-search-backward bindkey -a '/' history-incremental-search-backward # https://github.com/romkatv/zsh4humans/issues/7 -bindkey "^[[H" beginning-of-line -bindkey "^[[F" end-of-line +bindkey-both "^[[H" beginning-of-line +bindkey-both "^[[F" end-of-line # Finally, make sure the terminal is in application mode, when zle is # active. Only then are the values from $terminfo valid. diff --git a/flake.lock b/flake.lock index 7237a02..70b8417 100644 --- a/flake.lock +++ b/flake.lock @@ -88,77 +88,7 @@ "type": "github" } }, - "flake-utils": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flakey-profile": { - "locked": { - "lastModified": 1712898590, - "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", - "owner": "lf-", - "repo": "flakey-profile", - "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", - "type": "github" - }, - "original": { - "owner": "lf-", - "repo": "flakey-profile", - "type": "github" - } - }, "lix": { - "flake": false, - "locked": { - "lastModified": 1751825501, - "narHash": "sha256-6Jve3xCvRJGkz0A9D8dXH/DMWYE8MkFt+KJWQs9cLkw=", - "rev": "378b360bf8e0d04e8dd3733acd20d7a9b70360f1", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/378b360bf8e0d04e8dd3733acd20d7a9b70360f1.tar.gz?rev=378b360bf8e0d04e8dd3733acd20d7a9b70360f1" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz" - } - }, - "lix-module": { - "inputs": { - "flake-utils": "flake-utils", - "flakey-profile": "flakey-profile", - "lix": "lix", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1751909859, - "narHash": "sha256-gbpuESxl/An4GTh7QEbQRYJozVIxWkwVGbWK0/0GoRc=", - "ref": "refs/heads/main", - "rev": "4d4c2b8f0a801c91ce5b717c77fe3a17efa1402f", - "revCount": 150, - "type": "git", - "url": "https://git.lix.systems/lix-project/nixos-module" - }, - "original": { - "type": "git", - "url": "https://git.lix.systems/lix-project/nixos-module" - } - }, - "lix_2": { "inputs": { "flake-compat": "flake-compat_2", "nix2container": "nix2container", @@ -227,7 +157,7 @@ "nixbsd": { "inputs": { "flake-compat": "flake-compat", - "lix": "lix_2", + "lix": "lix", "mini-tmpfiles": "mini-tmpfiles", "nixpkgs": "nixpkgs" }, @@ -262,13 +192,29 @@ "type": "github" } }, - "nixpkgs_2": { + "nixpkgs-unstable": { "locked": { - "lastModified": 1753489912, - "narHash": "sha256-uDCFHeXdRIgJpYmtcUxGEsZ+hYlLPBhR83fdU+vbC1s=", + "lastModified": 1757545623, + "narHash": "sha256-mCxPABZ6jRjUQx3bPP4vjA68ETbPLNz9V2pk9tO7pRQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "13e8d35b7d6028b7198f8186bc0347c6abaa2701", + "rev": "8cd5ce828d5d1d16feff37340171a98fc3bf6526", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1757545623, + "narHash": "sha256-mCxPABZ6jRjUQx3bPP4vjA68ETbPLNz9V2pk9tO7pRQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "8cd5ce828d5d1d16feff37340171a98fc3bf6526", "type": "github" }, "original": { @@ -298,9 +244,9 @@ "inputs": { "bingosync": "bingosync", "blog-rhelmot-io": "blog-rhelmot-io", - "lix-module": "lix-module", "nixbsd": "nixbsd", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_2", + "nixpkgs-unstable": "nixpkgs-unstable" } }, "systems": { @@ -318,21 +264,6 @@ "type": "github" } }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "utils": { "inputs": { "systems": "systems" diff --git a/flake.nix b/flake.nix index e0737a7..bedd227 100644 --- a/flake.nix +++ b/flake.nix @@ -1,11 +1,8 @@ { inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; + nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-25.05"; nixbsd.url = "github:nixos-bsd/nixbsd/main"; - lix-module = { - url = "git+https://git.lix.systems/lix-project/nixos-module"; - inputs.nixpkgs.follows = "nixpkgs"; - }; bingosync.url = "github:rhelmot/bingosync"; blog-rhelmot-io.url = "git+https://git.lain.faith/rhelmot/blog.rhelmot.io"; @@ -14,7 +11,7 @@ #nixos-defcon.url = "path:/home/audrey/nixos-defcon"; #nixos-defcon.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = { self, nixpkgs, nixbsd, lix-module, bingosync, /*nixos-defcon, */... }@flakeInputs: let + outputs = { self, nixpkgs, nixbsd, bingosync, nixpkgs-unstable, ... }@flakeInputs: let sitesFiles = builtins.readDir ./sites; sitesNames = builtins.filter (name: builtins.pathExists ./sites/${name}/configuration.nix) (builtins.attrNames sitesFiles); systemTypes = { @@ -30,12 +27,14 @@ ./configuration-${systemName name}.nix ./sites/${name}/configuration.nix { nixpkgs.buildPlatform = platform; } - lix-module.nixosModules.default bingosync.nixosModules.default #nixos-defcon.nixosModules.pkgsOverlay #nixos-defcon.nixosModules.tulip #nixos-defcon.nixosModules.noscope ]; + specialArgs = { + pkgs-unstable = nixpkgs-unstable.legacyPackages.${platform}; + }; }; in { inherit (evaluated) config options; system = evaluated.config.system.build.toplevel; diff --git a/pkgs/binsync.nix b/pkgs/binsync.nix index 2d5912f..09d0381 100644 --- a/pkgs/binsync.nix +++ b/pkgs/binsync.nix @@ -33,7 +33,7 @@ pyhidra, writableTmpDirAsHomeHook, }: let - libbs_latest = buildPythonPackage rec { + libbs_latest = buildPythonPackage { pname = "libbs"; version = "2.15.5+dev"; pyproject = true; @@ -83,7 +83,7 @@ }; - binsync_latest = buildPythonPackage rec { + binsync_latest = buildPythonPackage { pname = "binsync"; version = "5.5.1+dev"; pyproject = true; diff --git a/pkgs/idapro9.nix b/pkgs/idapro9.nix index 6620e36..7297741 100644 --- a/pkgs/idapro9.nix +++ b/pkgs/idapro9.nix @@ -6,7 +6,7 @@ autoPatchelfHook, copyDesktopItems, python311, - libsForQt5, + qt6, cairo, dbus, fontconfig, @@ -40,13 +40,13 @@ in # https://github.com/msanft/ida-pro-overlay/blob/main/packages/ida-pro.nix stdenv.mkDerivation (self: { pname = "idapro"; - version = "9.0.240807"; + version = "9.2.250908"; src = requireFile { - name = "IDA_Pro_Linux_9.tar.gz"; - hash = "sha256-PKbEHc8dPHOMwv76xjoMUoeSn1jF7VXF9QUmQ4YSmP0="; + name = "idapro-linux-9.2.250908.tar.xz"; + hash = "sha256-daQtHbJxCuKzfGiBzkmy7FOTCMEJX3WL7IwuuvwIi+Y="; message = '' - Please run nix store add-file IDA_Pro_Linux_9.tar.gz - Its sha256sum should be 3ca6c41dcf1d3c738cc2fefac63a0c5287929f58c5ed55c5f5052643861298fd + Please run nix store add-file idapro-linux-9.2.250908.tar.xz + Its sha256sum should be 75a42d1db2710ae2b37c6881ce49b2ec539308c1095f758bec8c2ebafc088be6 ''; }; @@ -87,6 +87,7 @@ stdenv.mkDerivation (self: { zlib curl.out pythonForIDA + qt6.qtwayland ]; buildInputs = self.runtimeDependencies; @@ -97,7 +98,6 @@ stdenv.mkDerivation (self: { runHook preInstall mkdir -p $out/opt $out/lib $out/bin - cp ${libsForQt5.qtbase.out}/lib/libQt5EglFSDeviceIntegration.so.5 . cp -a * $out/opt # Link the exported libraries to the output. @@ -105,8 +105,8 @@ stdenv.mkDerivation (self: { ln -s $lib $out/lib/$(basename $lib) done - ln -s $out/opt/ida64 $out/bin/ida64 - ln -s $out/opt/ida64 $out/bin/ida + ln -s $out/opt/ida $out/bin/ida64 + ln -s $out/opt/ida $out/bin/ida ln -s ${pythonForIDA}/bin/binsync $out/bin/binsync @@ -114,27 +114,26 @@ stdenv.mkDerivation (self: { ''; preFixup = '' - patchelf --shrink-rpath --allowed-rpath-prefixes $(patchelf --print-rpath $out/opt/libQt5EglFSDeviceIntegration.so.5 | sed 's/:/\n/g' | grep -v qtbase | paste -s -d: -) $out/opt/libQt5EglFSDeviceIntegration.so.5 # Some libraries come with the installer. addAutoPatchelfSearchPath $out/opt # Manually patch libraries that dlopen stuff. patchelf --add-needed libpython${pythonForIDA.pythonVersion}.so $out/lib/libida.so - patchelf --add-needed libpython${pythonForIDA.pythonVersion}.so $out/opt/plugins/idapython3_64.so + patchelf --add-needed libpython${pythonForIDA.pythonVersion}.so $out/opt/plugins/idapython3.so patchelf --add-needed libcrypto.so $out/lib/libida.so - patchelf --add-needed libcrypto.so $out/opt/plugins/idapython3_64.so + patchelf --add-needed libcrypto.so $out/opt/plugins/idapython3.so - wrapProgram "$out/opt/ida64" \ + wrapProgram "$out/opt/ida" \ --prefix PYTHONPATH : $out/opt/idalib/python \ --prefix PATH : ${pythonForIDA}/bin ''; - #--prefix QT_PLUGIN_PATH : $out/opt/plugins/platforms \ + dontWrapQtApps = true; desktopItem = makeDesktopItem { name = "ida-pro"; exec = "ida"; icon = runCommand "appico.png" {nativeBuildInputs = [gnutar]; strictDeps = true;} '' - tar --to-command cat -xf ${self.src} './idapro-9.0/appico.png' > "$out" + tar --to-command cat -xf ${self.src} 'idapro-linux-9.2.250908/appico.png' > "$out" ''; comment = self.meta.description; desktopName = "IDA Pro"; @@ -148,7 +147,7 @@ stdenv.mkDerivation (self: { inherit pythonForIDA; }; - meta = with lib; { + meta = with lib; { description = "The world's smartest and most feature-full disassembler"; homepage = "https://hex-rays.com/ida-pro/"; mainProgram = "ida"; diff --git a/sites/daisy/configuration.nix b/sites/daisy/configuration.nix index 8dcc876..b527d76 100644 --- a/sites/daisy/configuration.nix +++ b/sites/daisy/configuration.nix @@ -32,20 +32,20 @@ }; # not sure when this commit will reach upstream - boot.kernelPackages = pkgs.linuxPackages_latest.extend ( self: super: { - ipu6-drivers = super.ipu6-drivers.overrideAttrs ( - final: previous: rec { - src = builtins.fetchGit { - url = "https://github.com/intel/ipu6-drivers.git"; - ref = "master"; - rev = "b4ba63df5922150ec14ef7f202b3589896e0301a"; - }; - patches = [ - "${src}/patches/0001-v6.10-IPU6-headers-used-by-PSYS.patch" - ] ; - } - ); - } ); + #boot.kernelPackages = pkgs.linuxPackages_6_16.extend ( self: super: { + # ipu6-drivers = super.ipu6-drivers.overrideAttrs ( + # final: previous: rec { + # src = builtins.fetchGit { + # url = "https://github.com/intel/ipu6-drivers.git"; + # ref = "master"; + # rev = "b4ba63df5922150ec14ef7f202b3589896e0301a"; + # }; + # patches = [ + # "${src}/patches/0001-v6.10-IPU6-headers-used-by-PSYS.patch" + # ] ; + # } + # ); + #} ); environment.systemPackages = [ pkgs.idapro9 @@ -62,6 +62,15 @@ openFirewall = true; }; + #services.coolify = { + # enable = true; + # hostname = "coolify"; + #}; + #networking.extraHosts = '' + # 127.0.0.1 coolify + #''; + + #services.influxdb2 = { # enable = true; # provision = { diff --git a/sites/sunflower/configuration.nix b/sites/sunflower/configuration.nix index 301ec40..d478be1 100644 --- a/sites/sunflower/configuration.nix +++ b/sites/sunflower/configuration.nix @@ -43,15 +43,73 @@ extraPythonPackages = p: [ p.psycopg2 ]; }; + users.users.wiki-js = { + isSystemUser = true; + group = "wiki-js"; + }; + users.groups.wiki-js = {}; + + users.groups.${config.services.forgejo.group}.members = [config.services.nginx.user]; + + services.wiki-js = { + enable = true; + settings = { + db.type = "postgres"; + db.db = "wiki-js"; + db.user = "wiki-js"; + db.host = "/run/postgresql"; + bindIP = "127.0.0.1"; + port = 5517; + }; + }; + + services.forgejo = { + enable = true; + lfs.enable = true; + database = { + createDatabase = true; + type = "postgres"; + socket = "/run/postgresql"; + }; + settings = { + DEFAULT = { + APP_NAME = "Shellphish Git"; + }; + + server = { + DOMAIN = "git.rhelmot.io"; + PROTOCOL = "http+unix"; + ROOT_URL = "https://git.rhelmot.io/"; + UNIX_SOCKET_PERMISSION = "770"; + LANDING_PAGE = "explore"; + }; + + "ssh.minimum_key_sizes".RSA = "2047"; + + repository = { + ENABLE_PUSH_CREATE_USER = "true"; + ENABLE_PUSH_CREATE_ORG = "true"; + }; + }; + }; + + services.keycloak = { + enable = true; + }; + services.postgresql = { enable = true; ensureDatabases = [ "bingosync" "mspa" + "wiki-js" + "forgejo" ]; ensureUsers = [ { name = "bingosync"; ensureDBOwnership = true; } { name = "mspa"; ensureDBOwnership = true; } + { name = "wiki-js"; ensureDBOwnership = true; } + { name = "forgejo"; ensureDBOwnership = true; } ]; authentication = pkgs.lib.mkOverride 10 '' #type database DBuser auth-method optional_ident_map @@ -61,8 +119,10 @@ # ArbitraryMapName systemUser DBUser defaultmap root postgres defaultmap postgres postgres - defaultmap php-nginx mspa + defaultmap php-nginx mspa defaultmap bingosync bingosync + defaultmap wiki-js wiki-js + defaultmap forgejo forgejo ''; }; @@ -162,6 +222,27 @@ globalRedirect = "mimispastrypost.com"; enableACME = true; }; + + "wiki.rhelmot.io" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:5517/"; + proxyWebsockets = true; + }; + }; + + "git.rhelmot.io" = { + forceSSL = true; + enableACME = true; + extraConfig = '' + client_max_body_size 4G; + ''; + locations."/" = { + proxyPass = "http://unix:/run/forgejo/forgejo.sock"; + proxyWebsockets = true; + }; + }; }; };