From 2649174093a72c4e1632aa26f1888c51cfe6c5b1 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 4 May 2026 08:37:03 -0300 Subject: [PATCH] bluetooth changes, update flakes --- configuration.nix | 19 +- flake.lock | 178 +++------- flake.nix | 14 +- home/agents.nix | 21 +- home/files/lf/lfrc | 0 home/nvim/default.nix | 6 +- home/user.nix | 6 + kernel/default.nix | 24 +- users.nix | 3 + vms/default.nix | 685 --------------------------------------- vms/secrets/secrets.yaml | 32 -- 11 files changed, 92 insertions(+), 896 deletions(-) delete mode 100644 home/files/lf/lfrc delete mode 100644 vms/default.nix delete mode 100644 vms/secrets/secrets.yaml diff --git a/configuration.nix b/configuration.nix index bb41e1b..b11c576 100644 --- a/configuration.nix +++ b/configuration.nix @@ -51,7 +51,20 @@ alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; - # jack.enable = true; + jack.enable = true; + wireplumber.extraConfig = { + "monitor.bluez.properties" = { + "bluez5.enable-sbc-xq" = true; + "bluez5.enable-msbc" = true; + "bluez5.enable-hw-volume" = true; + "bluez5.roles" = [ + "hsp_hs" + "hsp_ag" + "hfp_hf" + "hfp_ag" + ]; + }; + }; }; logind.settings.Login = { HandlePowerKey = "ignore"; @@ -91,6 +104,7 @@ }; hardware = { + enableAllFirmware = true; graphics = { enable = true; enable32Bit = true; @@ -100,7 +114,8 @@ powerOnBoot = true; settings = { General = { - Enable = "Source,Sink,Media,Socket"; + Experimental = true; + # Enable = "Source,Sink,Media,Socket"; }; }; }; diff --git a/flake.lock b/flake.lock index 5f3eff3..66ebce0 100644 --- a/flake.lock +++ b/flake.lock @@ -1,26 +1,5 @@ { "nodes": { - "dgop": { - "inputs": { - "nixpkgs": [ - "dms", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1765838956, - "narHash": "sha256-A3a2ZfvjirX8VIdIPI+nAyukWs6vx4vet3fU0mpr7lU=", - "owner": "AvengeMedia", - "repo": "dgop", - "rev": "0ff697a4e3418966caa714c838fc73f1ef6ba59b", - "type": "github" - }, - "original": { - "owner": "AvengeMedia", - "repo": "dgop", - "type": "github" - } - }, "disko": { "inputs": { "nixpkgs": [ @@ -44,47 +23,41 @@ }, "dms": { "inputs": { - "dgop": "dgop", + "flake-compat": "flake-compat", "nixpkgs": "nixpkgs", "quickshell": "quickshell" }, "locked": { - "lastModified": 1766776522, - "narHash": "sha256-wS2fSepxdtOr4RErdEY91hkxOjsrs2nA2nm72eZMEEU=", + "lastModified": 1777675128, + "narHash": "sha256-2zuDs9Lju99dg8MsSPf1frKPPgCRakDn+CEGX71cHJ0=", "owner": "AvengeMedia", "repo": "DankMaterialShell", - "rev": "987856a1de35c62dc0930b007b561545d6a832a8", + "rev": "c1cbd0994f5a3585dded85069f2c9103c54f5285", "type": "github" }, "original": { "owner": "AvengeMedia", "repo": "DankMaterialShell", - "rev": "987856a1de35c62dc0930b007b561545d6a832a8", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "NixOS", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "flake-compat", "type": "github" } }, "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "neovim-nightly-overlay", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1772408722, - "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "nur", @@ -130,11 +103,11 @@ ] }, "locked": { - "lastModified": 1774738535, - "narHash": "sha256-2jfBEZUC67IlnxO5KItFCAd7Oc+1TvyV/jQlR+2ykGQ=", + "lastModified": 1777679572, + "narHash": "sha256-egYNbRrkn+6SwTHinhdb6WUfzzdC3nXfCRqS321VylY=", "owner": "nix-community", "repo": "home-manager", - "rev": "769e07ef8f4cf7b1ec3b96ef015abec9bc6b1e2a", + "rev": "9cb587ade2aa1b4a7257f0238d41072690b0ca4f", "type": "github" }, "original": { @@ -183,42 +156,6 @@ "type": "github" } }, - "neovim-nightly-overlay": { - "inputs": { - "flake-parts": "flake-parts", - "neovim-src": "neovim-src", - "nixpkgs": "nixpkgs_3" - }, - "locked": { - "lastModified": 1774742707, - "narHash": "sha256-a3FjZJxDOn0t18VwtIAgpNuUNaIEl6T+Awu5tXifQQw=", - "owner": "nix-community", - "repo": "neovim-nightly-overlay", - "rev": "7966a9c203276bea3b7e8dd2e125fd2b4c8b6753", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "neovim-nightly-overlay", - "type": "github" - } - }, - "neovim-src": { - "flake": false, - "locked": { - "lastModified": 1774725909, - "narHash": "sha256-aOiiQCmjCrvo+jAUDO2oMa377FvOtU97aqvTm74ZRGU=", - "owner": "neovim", - "repo": "neovim", - "rev": "d5516daf121aa718e79bcd423ee24c24492893c0", - "type": "github" - }, - "original": { - "owner": "neovim", - "repo": "neovim", - "type": "github" - } - }, "niri-branch": { "inputs": { "nixpkgs": [ @@ -266,11 +203,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1766651565, - "narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=", + "lastModified": 1776169885, + "narHash": "sha256-l/iNYDZ4bGOAFQY2q8y5OAfBBtrDAaPuRQqWaFHVRXM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3e2499d5539c16d0d173ba53552a4ff8547f4539", + "rev": "4bd9165a9165d7b5e33ae57f3eecbcb28fb231c9", "type": "github" }, "original": { @@ -297,22 +234,6 @@ } }, "nixpkgs_3": { - "locked": { - "lastModified": 1774610258, - "narHash": "sha256-HaThtroVD9wRdx7KQk0B75JmFcXlMUoEdDFNOMOlsOs=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "832efc09b4caf6b4569fbf9dc01bec3082a00611", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { "locked": { "lastModified": 1744536153, "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=", @@ -328,13 +249,13 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { - "lastModified": 1774786714, - "narHash": "sha256-Hwf8ylZAX3wIk8oRec1AH/0JDp1OTrruuE0w7uUhCAI=", + "lastModified": 1777731324, + "narHash": "sha256-piLMdJYPP/9+/yiHxVMpqbAAoP8EnsqRO5921ilx0lk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "566e0e6a542cde5fd168783a4b4ed376b6d0435a", + "rev": "38e436af6ec1a3b1c9b666ceea098bf5ef05fc66", "type": "github" }, "original": { @@ -343,13 +264,13 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { - "lastModified": 1774386573, - "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=", + "lastModified": 1777578337, + "narHash": "sha256-Ad49moKWeXtKBJNy2ebiTQUEgdLyvGmTeykAQ9xM+Z4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9", + "rev": "15f4ee454b1dce334612fa6843b3e05cf546efab", "type": "github" }, "original": { @@ -361,15 +282,15 @@ }, "nur": { "inputs": { - "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_6" + "flake-parts": "flake-parts", + "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1774786962, - "narHash": "sha256-d1q1KXQ/IvF0rWtc6LL5lle/Bfsx2PBCCottS5yYCgc=", + "lastModified": 1777729540, + "narHash": "sha256-tF5WMS4SSSmDvEZ7qgOosh8q0BVdz/ynb4Wnruc1rgY=", "owner": "nix-community", "repo": "NUR", - "rev": "7ed0fb4ccb47ccac7652056e42f42bb70c56ac48", + "rev": "1091dd1d0f6589dc9a88d808052dda9b85835670", "type": "github" }, "original": { @@ -386,16 +307,16 @@ ] }, "locked": { - "lastModified": 1766386896, - "narHash": "sha256-1uql4y229Rh+/2da99OVNe6DfsjObukXkf60TYRCvhI=", + "lastModified": 1776854048, + "narHash": "sha256-lLbV66V3RMNp1l8/UelmR4YzoJ5ONtgvEtiUMJATH/o=", "ref": "refs/heads/master", - "rev": "3918290c1bcd93ed81291844d9f1ed146672dbfc", - "revCount": 714, + "rev": "783c953987dc56ff0601abe6845ed96f1d00495a", + "revCount": 806, "type": "git", "url": "https://git.outfoxxed.me/quickshell/quickshell" }, "original": { - "rev": "3918290c1bcd93ed81291844d9f1ed146672dbfc", + "rev": "783c953987dc56ff0601abe6845ed96f1d00495a", "type": "git", "url": "https://git.outfoxxed.me/quickshell/quickshell" } @@ -406,10 +327,9 @@ "dms": "dms", "home-manager": "home-manager", "impermanence": "impermanence", - "neovim-nightly-overlay": "neovim-nightly-overlay", "niri-branch": "niri-branch", "niri-scratchpad": "niri-scratchpad", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "nur": "nur", "sops-nix": "sops-nix" } @@ -437,7 +357,7 @@ }, "rust-overlay_2": { "inputs": { - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1772075164, @@ -460,11 +380,11 @@ ] }, "locked": { - "lastModified": 1774760784, - "narHash": "sha256-D+tgywBHldTc0klWCIC49+6Zlp57Y4GGwxP1CqfxZrY=", + "lastModified": 1777338324, + "narHash": "sha256-bc+ZZCmOTNq86/svGnw0tVpH7vJaLYvGLLKFYP08Q8E=", "owner": "Mic92", "repo": "sops-nix", - "rev": "8adb84861fe70e131d44e1e33c426a51e2e0bfa5", + "rev": "8eaee5c45428b28b8c47a83e4c09dccec5f279b5", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 59604b0..7790e94 100644 --- a/flake.nix +++ b/flake.nix @@ -16,7 +16,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; impermanence.url = "github:nix-community/impermanence"; - neovim-nightly-overlay.url = "github:nix-community/neovim-nightly-overlay"; + # neovim-nightly-overlay.url = "github:nix-community/neovim-nightly-overlay"; home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; @@ -30,7 +30,7 @@ url = "github:argosnothing/niri-scratchpad-rs/hidden-workspaces"; inputs.nixpkgs.follows = "nixpkgs"; }; - dms.url = "github:AvengeMedia/DankMaterialShell/987856a1de35c62dc0930b007b561545d6a832a8"; + dms.url = "github:AvengeMedia/DankMaterialShell"; }; outputs = @@ -88,15 +88,13 @@ ]; nixpkgs.overlays = [ (_: prev: { + + openldap = prev.openldap.overrideAttrs { + doCheck = !prev.stdenv.hostPlatform.isi686; + }; niri-scratchpad = inputs.niri-scratchpad.packages.${prev.system}.default; vimPlugins = prev.vimPlugins.extend ( f: p: { - neotest = p.neotest.overrideAttrs { - src = prev.fetchzip { - url = "https://github.com/archie-judd/neotest/archive/c8dd7597bb4182c0547d188e1dd5f684a4f01852.zip"; - sha256 = "sha256-E/Heh+mAxvN5RaWqv1UJuHSA90c0evMKFkDD1BrpV7g="; - }; - }; neotest-pest = p.neotest-pest.overrideAttrs (_: { src = prev.fetchFromGitHub { owner = "jradtilbrook"; diff --git a/home/agents.nix b/home/agents.nix index dba7e99..0429d5c 100644 --- a/home/agents.nix +++ b/home/agents.nix @@ -166,23 +166,16 @@ let ''; xdg.configFile."opencode/opencode.json".text = builtins.toJSON { "$schema" = "https://opencode.ai/config.json"; - plugin = [ "opencode-antigravity-auth@latest" ]; - # { - # "provider": "ollama", - # "ollama": { - # "base_url": "http://localhost:11434", - # "model": "llama3.2" - # } - # } - provider = { - ollama = { - model = "qwen3.6"; - base_url = "http://localhost:11434"; - }; - }; + # provider = { + # ollama = { + # model = "qwen3.6"; + # base_url = "http://localhost:11434"; + # }; + # }; }; xdg.userDirs = { enable = true; + setSessionVariables = false; extraConfig = { XDG_CACHE_HOME = "$HOME/.cache"; }; diff --git a/home/files/lf/lfrc b/home/files/lf/lfrc deleted file mode 100644 index e69de29..0000000 diff --git a/home/nvim/default.nix b/home/nvim/default.nix index f2b23ac..fec98e7 100644 --- a/home/nvim/default.nix +++ b/home/nvim/default.nix @@ -29,6 +29,8 @@ in viAlias = true; vimAlias = false; vimdiffAlias = true; + withPython3 = false; + withRuby = false; plugins = with pkgs.vimPlugins; [ { plugin = auto-session; @@ -438,12 +440,10 @@ in } vim-fugitive ]; - extraConfig = '' - colorscheme ${cfg.colorscheme} - ''; initLua = '' ${builtins.readFile ./settings.lua} ${builtins.replaceStrings [ "@HOSTNAME@" ] [ cfg.hostname ] (builtins.readFile ./plugins.lua)} + vim.cmd.colorscheme("${cfg.colorscheme}") require("custom") ''; }; diff --git a/home/user.nix b/home/user.nix index 6b454a5..1dae7c0 100644 --- a/home/user.nix +++ b/home/user.nix @@ -14,6 +14,11 @@ home.username = "user"; home.homeDirectory = HOME; home.stateVersion = "25.11"; + home.sessionVariables = { + QMK_HOME = "${HOME}/var/qmk"; + GOMODCACHE = "${HOME}/.cache/go_mod"; + GOPATH = "${HOME}/.local/share/go"; + }; imports = [ ./nvim @@ -405,6 +410,7 @@ programs.firefox = { enable = true; package = pkgs.firefox; + configPath = ".mozilla/firefox"; nativeMessagingHosts = [ pkgs.browserpass pkgs.tridactyl-native diff --git a/kernel/default.nix b/kernel/default.nix index c8eed45..404a84e 100644 --- a/kernel/default.nix +++ b/kernel/default.nix @@ -88,35 +88,13 @@ in security.pam.services.su.requireWheel = true; security.pam.services.newgrp.requireWheel = true; - security.pam.services.login.text = '' - # Account management. - account required /nix/store/2hp2kc85zapzjaj9y22jf9xgwqmlsk6m-linux-pam-1.7.1/lib/security/pam_unix.so # unix (order 10900) - - # Authentication management. - auth optional /nix/store/2hp2kc85zapzjaj9y22jf9xgwqmlsk6m-linux-pam-1.7.1/lib/security/pam_unix.so likeauth nullok # unix-early (order 11700) - auth optional /nix/store/r7z6w4c2nq9cwjf0m2mjabpa0xy4c7d3-gnome-keyring-48.0/lib/security/pam_gnome_keyring.so # gnome_keyring (order 12200) - auth sufficient /nix/store/2hp2kc85zapzjaj9y22jf9xgwqmlsk6m-linux-pam-1.7.1/lib/security/pam_unix.so likeauth nullok try_first_pass # unix (order 12900) - auth required /nix/store/2hp2kc85zapzjaj9y22jf9xgwqmlsk6m-linux-pam-1.7.1/lib/security/pam_deny.so # deny (order 13700) - - # Password management. - password sufficient /nix/store/2hp2kc85zapzjaj9y22jf9xgwqmlsk6m-linux-pam-1.7.1/lib/security/pam_unix.so nullok yescrypt # unix (order 10200) - password optional /nix/store/r7z6w4c2nq9cwjf0m2mjabpa0xy4c7d3-gnome-keyring-48.0/lib/security/pam_gnome_keyring.so use_authtok # gnome_keyring (order 11100) - - # Session management. - session required /nix/store/2hp2kc85zapzjaj9y22jf9xgwqmlsk6m-linux-pam-1.7.1/lib/security/pam_env.so conffile=/etc/pam/environment readenv=0 # env (order 10100) - session required /nix/store/2hp2kc85zapzjaj9y22jf9xgwqmlsk6m-linux-pam-1.7.1/lib/security/pam_unix.so # unix (order 10200) - session required /nix/store/2hp2kc85zapzjaj9y22jf9xgwqmlsk6m-linux-pam-1.7.1/lib/security/pam_loginuid.so # loginuid (order 10300) - session optional /nix/store/wxyn8d3m8g4fnn6xazinjwhzhzdg6wib-systemd-259/lib/security/pam_systemd.so # systemd (order 12000) - session required /nix/store/2hp2kc85zapzjaj9y22jf9xgwqmlsk6m-linux-pam-1.7.1/lib/security/pam_limits.so conf=/nix/store/zxagblabdf6xawphfs1w50pg2b0ml9px-limits.conf # limits (order 12200) - session optional /nix/store/r7z6w4c2nq9cwjf0m2mjabpa0xy4c7d3-gnome-keyring-48.0/lib/security/pam_gnome_keyring.so auto_start # gnome_keyring (order 12600) - ''; boot = { loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; - kernelPackages = pkgs.linuxPackages_zen; + kernelPackages = pkgs.linuxPackages_latest; kernelParams = [ "amd_iommu=on" ]; diff --git a/users.nix b/users.nix index 6a404d8..b56284c 100644 --- a/users.nix +++ b/users.nix @@ -75,6 +75,9 @@ "public" "agent" "sandbox" + "audio" + "video" + "bluetooth" # "work" ]; hashedPasswordFile = config.sops.secrets."user/password".path; diff --git a/vms/default.nix b/vms/default.nix deleted file mode 100644 index 4f17465..0000000 --- a/vms/default.nix +++ /dev/null @@ -1,685 +0,0 @@ -{ - nixpkgs, - sops-nix, - impermanence, - home-manager, - ... -}: -{ - systemd.network.netdevs."20-microbr".netdevConfig = { - Kind = "bridge"; - Name = "microbr"; - }; - - systemd.network.networks."20-microbr" = { - matchConfig.Name = "microbr"; - addresses = [ { Address = "192.168.77.1/24"; } ]; - networkConfig = { - ConfigureWithoutCarrier = true; - }; - }; - - systemd.network.networks."21-microvm-tap" = { - matchConfig.Name = "vm-*"; - networkConfig.Bridge = "microbr"; - }; - - networking.nat = { - enable = true; - internalInterfaces = [ "microbr" ]; - externalInterface = "enp7e0"; - }; - networking.nftables = { - enable = true; - tables.nat = { - family = "ip"; - content = '' - chain postrouting { - type nat hook postrouting priority srcnat; - iifname "microbr" masquerade - } - ''; - }; - }; - - microvm.vms = { - "agent" = { - pkgs = import nixpkgs { - system = "x86_64-linux"; - config.allowUnfreePredicate = - pkg: - builtins.elem (nixpkgs.lib.getName pkg) [ - "claude-code" - ]; - }; - - config = - let - hostname = "agent"; - mac = "02:00:00:00:00:07"; - in - { - config, - lib, - pkgs, - ... - }: - { - imports = [ - impermanence.nixosModules.impermanence - home-manager.nixosModules.home-manager - ]; - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - boot.kernel.sysctl."kernel.unprivileged_userns_clone" = 1; - systemd.network = { - enable = true; - networks = { - "10-net" = { - matchConfig.MACAddress = mac; - linkConfig.RequiredForOnline = "routable"; - addresses = [ { Address = "192.168.77.2/24"; } ]; - routes = [ - { - Gateway = "192.168.77.1"; - Metric = 100; - } - { - Destination = "103.69.224.4/32"; - Gateway = "192.168.77.1"; - } - ]; - }; - }; - }; - systemd.user.services.wayland-proxy = { - enable = true; - description = "Wayland Proxy"; - serviceConfig = with pkgs; { - # Environment = "WAYLAND_DISPLAY=wayland-1"; - ExecStart = "${wayland-proxy-virtwl}/bin/wayland-proxy-virtwl --virtio-gpu --x-display=0 --xwayland-binary=${xwayland}/bin/Xwayland"; - Restart = "on-failure"; - RestartSec = 5; - }; - wantedBy = [ "default.target" ]; - }; - - services.resolved.enable = false; - environment.etc."resolv.conf".text = '' - nameserver 10.2.0.1 - ''; - networking = { - hostName = hostname; - useNetworkd = true; - useDHCP = false; - firewall.enable = false; - }; - - users.mutableUsers = false; - users.users.root = { - password = ""; - home = "/root"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILABd/iSJ4gn/ystDqNxLJTG0n0z5VIC9YXlmdUfOhHf desktop@icefox.sh" - ]; - }; - users.users.user = { - linger = true; - home = "/home/user"; - password = ""; - group = "user"; - isNormalUser = true; - extraGroups = [ - "video" - ]; - uid = 1000; - shell = pkgs.fish; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILABd/iSJ4gn/ystDqNxLJTG0n0z5VIC9YXlmdUfOhHf desktop@icefox.sh" - ]; - }; - users.groups.user.gid = 1000; - - environment.sessionVariables = { - WAYLAND_DISPLAY = "/var/host/wayland-agent"; - DISPLAY = ":0"; - QT_QPA_PLATFORM = "wayland"; # Qt Applications - GDK_BACKEND = "wayland"; # GTK Applications - XDG_SESSION_TYPE = "wayland"; # Electron Applications - SDL_VIDEODRIVER = "wayland"; - CLUTTER_BACKEND = "wayland"; - }; - - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - users.user = { - imports = [ - ../home/nvim - ../home/tmux.nix - ]; - home.username = "user"; - home.homeDirectory = "/home/user"; - home.stateVersion = "25.11"; - home.enableNixpkgsReleaseCheck = false; - xdg.configFile."containers/containers.conf".text = '' - [engine] - compose_warning_logs=false - events_logger="file" - - [containers] - log_driver="k8s-file" - ''; - xdg.configFile."lazygit/config.yml".text = lib.generators.toYAML { } { - gui = { - theme = { - selectedLineBgColor = [ "reverse" ]; - }; - }; - }; - xdg.configFile."opencode/opencode.json".text = builtins.toJSON { - "$schema" = "https://opencode.ai/config.json"; - plugin = [ "opencode-antigravity-auth@latest" ]; - provider = { - google = { - models = { - antigravity-gemini-3-pro = { - name = "Gemini 3 Pro (Antigravity)"; - limit = { - context = 1048576; - output = 65535; - }; - modalities = { - input = [ - "text" - "image" - "pdf" - ]; - output = [ "text" ]; - }; - variants = { - low = { - thinkingLevel = "low"; - }; - high = { - thinkingLevel = "high"; - }; - }; - }; - antigravity-gemini-3-flash = { - name = "Gemini 3 Flash (Antigravity)"; - limit = { - context = 1048576; - output = 65536; - }; - modalities = { - input = [ - "text" - "image" - "pdf" - ]; - output = [ "text" ]; - }; - variants = { - minimal = { - thinkingLevel = "minimal"; - }; - low = { - thinkingLevel = "low"; - }; - medium = { - thinkingLevel = "medium"; - }; - high = { - thinkingLevel = "high"; - }; - }; - }; - antigravity-claude-sonnet-4-5 = { - name = "Claude Sonnet 4.5 (Antigravity)"; - limit = { - context = 200000; - output = 64000; - }; - modalities = { - input = [ - "text" - "image" - "pdf" - ]; - output = [ "text" ]; - }; - }; - antigravity-claude-sonnet-4-5-thinking = { - name = "Claude Sonnet 4.5 Thinking (Antigravity)"; - limit = { - context = 200000; - output = 64000; - }; - modalities = { - input = [ - "text" - "image" - "pdf" - ]; - output = [ "text" ]; - }; - variants = { - low = { - thinkingConfig = { - thinkingBudget = 8192; - }; - }; - max = { - thinkingConfig = { - thinkingBudget = 32768; - }; - }; - }; - }; - antigravity-claude-opus-4-5-thinking = { - name = "Claude Opus 4.5 Thinking (Antigravity)"; - limit = { - context = 200000; - output = 64000; - }; - modalities = { - input = [ - "text" - "image" - "pdf" - ]; - output = [ "text" ]; - }; - variants = { - low = { - thinkingConfig = { - thinkingBudget = 8192; - }; - }; - max = { - thinkingConfig = { - thinkingBudget = 32768; - }; - }; - }; - }; - antigravity-claude-opus-4-6-thinking = { - name = "Claude Opus 4.6 Thinking (Antigravity)"; - limit = { - context = 200000; - output = 64000; - }; - modalities = { - input = [ - "text" - "image" - "pdf" - ]; - output = [ "text" ]; - }; - variants = { - low = { - thinkingConfig = { - thinkingBudget = 8192; - }; - }; - max = { - thinkingConfig = { - thinkingBudget = 32768; - }; - }; - }; - }; - "gemini-2.5-flash" = { - name = "Gemini 2.5 Flash (Gemini CLI)"; - limit = { - context = 1048576; - output = 65536; - }; - modalities = { - input = [ - "text" - "image" - "pdf" - ]; - output = [ "text" ]; - }; - }; - "gemini-2.5-pro" = { - name = "Gemini 2.5 Pro (Gemini CLI)"; - limit = { - context = 1048576; - output = 65536; - }; - modalities = { - input = [ - "text" - "image" - "pdf" - ]; - output = [ "text" ]; - }; - }; - gemini-3-flash-preview = { - name = "Gemini 3 Flash Preview (Gemini CLI)"; - limit = { - context = 1048576; - output = 65536; - }; - modalities = { - input = [ - "text" - "image" - "pdf" - ]; - output = [ "text" ]; - }; - }; - gemini-3-pro-preview = { - name = "Gemini 3 Pro Preview (Gemini CLI)"; - limit = { - context = 1048576; - output = 65535; - }; - modalities = { - input = [ - "text" - "image" - "pdf" - ]; - output = [ "text" ]; - }; - }; - }; - }; - }; - }; - - home.packages = with pkgs; [ - (writeShellApplication { - name = "tmux-sessionizer"; - runtimeInputs = [ - tmux - fzf - ]; - text = builtins.readFile ../home/bin/tmux-sessionizer; - }) - ]; - custom.tmux.enable = true; - custom.neovim = { - enable = true; - colorscheme = "rose-pine-moon"; - hostname = hostname; - }; - - programs.fish = { - enable = true; - plugins = [ - { - name = "puffer"; - src = pkgs.fetchFromGitHub { - owner = "nickeb96"; - repo = "puffer-fish"; - rev = "83174b0"; - sha256 = "sha256-Dhx5+XRxJvlhdnFyimNxFyFiASrGU4ZwyefsDwtKnSg="; - }; - } - ]; - - interactiveShellInit = '' - set fish_greeting - bind ctrl-space "" - ''; - }; - programs = { - delta = { - enable = true; - options = { - navigate = true; - line-numbers = true; - side-by-side = true; - }; - enableGitIntegration = true; - }; - git = { - enable = true; - lfs.enable = true; - settings = { - user = { - email = "user@sandbox.dev"; - name = "sandbox"; - }; - gpg.format = "ssh"; - commit.gpgsign = true; - tag.gpgsign = true; - core = { - editor = "nvim"; - whitespace = "fix,only-indent-error,trailing-space,space-before-tab"; - quotepath = false; - }; - diff = { - algorithm = "histogram"; - renames = "copies"; - tool = "nvim"; - }; - difftool = { - prompt = false; - nvim.cmd = "nvim -d $LOCAL $REMOTE"; - }; - merge = { - conflictstyle = "zdiff3"; - tool = "nvim"; - }; - mergetool = { - prompt = false; - keepBackup = false; - nvim.cmd = "nvim -d $LOCAL $REMOTE $MERGED -c 'wincmd w' -c 'wincmd J'"; - }; - init = { - defaultBranch = "master"; - }; - push = { - autoSetupRemote = true; - default = "current"; - }; - pull = { - rebase = true; - }; - fetch = { - prune = true; - }; - help = { - autocorrect = "prompt"; - }; - }; - }; - }; - }; - }; - - fileSystems = { - "/.persist".neededForBoot = true; - }; - environment.systemPackages = with pkgs; [ - xdg-utils - coreutils - jq - git - fzf - claude-code - neovim - ripgrep - fd - podman-compose - opencode - lf - lazygit - ungoogled-chromium - bat - eza - ffmpeg - fira-code-symbols - gh - imagemagick - luarocks - wl-clipboard - ]; - - hardware.graphics.enable = true; - - programs = { - fish.enable = true; - starship.enable = true; - ssh = { - knownHosts = { - "github.com".publicKey = - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; - }; - }; - }; - - environment.persistence."/.persist" = { - enable = true; - hideMounts = true; - directories = [ - "/var/lib/nixos" - ]; - files = [ - "/etc/ssh/ssh_host_ed25519_key" - "/etc/ssh/ssh_host_ed25519_key.pub" - "/etc/ssh/ssh_host_rsa_key" - "/etc/ssh/ssh_host_rsa_key.pub" - ]; - users.root = { - files = [ - ".config/sops/age/keys.txt" - ]; - }; - }; - - services = { - openssh = { - enable = true; - ports = [ 22 ]; - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - PermitRootLogin = "yes"; - AllowUsers = [ - "user" - "root" - ]; - }; - }; - getty = { - autologinUser = "root"; - autologinOnce = true; - }; - }; - - virtualisation = { - containers.enable = true; - podman = { - enable = true; - defaultNetwork.settings.dns_enabled = true; - dockerCompat = true; - }; - }; - - environment.sessionVariables = { - EDITOR = "nvim"; - }; - - microvm = { - hypervisor = "crosvm"; - graphics.enable = true; - - vcpu = 20; - mem = 16384; - # socket = "control.sock"; - - interfaces = [ - { - id = "vm-${hostname}"; - type = "tap"; - mac = mac; - } - ]; - - volumes = [ - { - mountPoint = "/.persist"; - image = "persist.img"; - size = 1024 * 128; - } - { - mountPoint = "/nix/.rw-store"; - image = "nix-store.img"; - size = 1024 * 128; - } - ]; - - writableStoreOverlay = "/nix/.rw-store"; - shares = [ - { - proto = "virtiofs"; - tag = "pictures"; - source = "/home/user/pictures"; - mountPoint = "/home/user/pictures"; - } - { - proto = "virtiofs"; - tag = "home"; - source = "/data/vm/${hostname}"; - mountPoint = "/home/user"; - } - { - proto = "virtiofs"; - tag = "ro-store"; - source = "/nix/store"; - mountPoint = "/nix/.ro-store"; - } - # { - # proto = "virtiofs"; - # tag = "xdg-host"; - # source = "/run/user/1000"; - # mountPoint = "/var/host"; - # } - # { - # proto = "virtiofs"; - # tag = "gpu"; - # source = "/dev/dri"; - # mountPoint = "/dev/dri"; - # } - ]; - crosvm.extraArgs = [ - "--disable-sandbox" - ]; - # qemu.extraArgs = [ - # "-cpu" - # "host" - # "-vnc" - # ":0" - # "-vga" - # "qxl" - # "-device" - # "virtio-keyboard" - # "-usb" - # "-device" - # "usb-table,bus=usb-bus.0" - # "-display" - # "spice-app" - # "-device" - # "virtio-gpu" - # "-spice" - # "port=5900,disable-ticketing=on" - # ]; - }; - system.stateVersion = "25.11"; - }; - }; - }; -} diff --git a/vms/secrets/secrets.yaml b/vms/secrets/secrets.yaml deleted file mode 100644 index 74be351..0000000 --- a/vms/secrets/secrets.yaml +++ /dev/null @@ -1,32 +0,0 @@ -ssh: - private_key: ENC[AES256_GCM,data:0EDM0MEirn14hmU3UV0yFcB6kG8zjYyt+sbIb6v2vr3sqaK0EmBf4VxX1TRxjlT3nDk7NZG60+Lw6+c45COhZX0ApYkElUxPtKXsLM4HZKruJiL3cLicdFDsL7/53tMyp6waFVejq5dbog/kya+dbUujM8p2ILqO9GjB2k0truipq6ThpinytRqu5xccjJzUbEqCrr1U2lKTIm6s83zAJfcrnwEipIoV2WqxjPpeGjGBKwfi4284O1J5zZHvbxB+CQ+4rHrkcsio4CEDLdV6s93d5FHARGt/Ni/ZXfcP2Yve5M4PrakliHVv7dVNrGqX6tDXZkhVlhzCHk0vY9dSTONuvlmeoFtSWpJXG8MfaGzmfkT+/F39U1TpbRyIPL4OyeidvBV4hTJuKmCOSraXnFwz5l3EnZhBbrCBRw8XFTZGS8v8jMcC7QTFYxCDL4GcrSJac9cgDlggygr3Vv8627a+zYSwauuNWPYEf1Nr56owZdJUc6LJpOBd+QR2fiV+coA/cNbNhWOaRS3K/NRS,iv:1lU+UUhH4m5OjyDO5s/sNGGGoT/7NxI5Cs1GL5CEIGU=,tag:EG8YZERDyeG/XkCNO7f/cQ==,type:str] -wg0: - private_key: ENC[AES256_GCM,data:nr7y3wp7EtVW6uI6MBSwyMO9YuMyx/F0AZmD8GmuA3BPQTVTsVSctoKIxLE=,iv:KN68DwGuDo+aPP4mBk1MqY+lxFjisKSwXn0w+yngDRQ=,tag:gpjxIFWaZE+5hbYHVsO1ZQ==,type:str] - address: ENC[AES256_GCM,data:9Tnph2SHKeEt9Ss=,iv:CPR1N7fqqlaThGltSpfqeAOc5bAe13KWskGWj3jI8LQ=,tag:xha/hQOVqfUoGyfKbHhnuQ==,type:str] - conf: ENC[AES256_GCM,data:SRDnI+2PvK7Zz1L5XBvrBNejgJEg8DK+qVO5XEtx6Nal+f7IeB3Ascp8Bkit5fd5myn/RxiK80wYmvLkDmcJAk46UjHKOpbxJl1s5FmKDuZJ3c3MXLwH7k2PeZP14VDDlyQqlcyGBrSu74L64ZMh/6EWGKbONTD1Wt3Ykg+/RegzQFDr2CPbj6XQeXsNS2p0ugicP5ffBMTUa9KSYDMQVV80mjSZ246aeY0owU1VUsitdvsCbfxtFd5gr/9zdfOXOvGY/BKxAlvVbszCalNs9DgJDHt/,iv:FP90SvUGnsZJS7F/uxtbOqTvGOgtC4+r2+YgF5FBoQY=,tag:9G1tkXHTpbytmG9T6sTpMw==,type:str] -wg-br0: - private_key: ENC[AES256_GCM,data:AwGwtS6Bkx5SUwxfaz/UaogGQIwqJidHzyOC0EWCA1UzEo1XV+bFKpdvOjg=,iv:O5RTjtNHC3lY+uVb6JBTwCrxpDSOsVAy8VOvsSatr0M=,tag:HelKY1PtxI3Zi+9Alrw+Ow==,type:str] -sops: - age: - - recipient: age1y0tj3kt67pfnj38t9c8g2ghry3a0mhcq8rrqv5xr4jekwepxaelqzu3dkf - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtOHZSRkpBVVdUUk9OYUFH - cVBra014WXJyRTJ0QWFKallLQlc0SXhNSlFBCmpwME92M2lCN2liVjZBRndlSVBk - OEpUU1YyakdCa0xVaHdhRlpXbGxYdUEKLS0tIDFlV1k0Qkx1UDd2NUVHTTI3NDZE - OWhIdUxDcHB4Z3dTdDkyZWF6NEJCYzAKfPB9AZFQ08yqil+4AhIi6EMy8PXI4CAz - lK4ON/M67T0UrlWN/m3pryOOr4Lj4oiZvdOR0BCO3kn4Pj0nq5jQOA== - -----END AGE ENCRYPTED FILE----- - - recipient: age16v8w7q4wmn22hhakq2uzaus2508rhldm7lcwh0kukshzjzyhuqesqz44ze - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMSC9Td1NTMzk2NlJDTDNM - UVUzTSt1dGkrUVRGT1UzeXcwR1REN1U0dW5JCnNJRzdKZHVyR0dzaUw2TlVzQnQ2 - SHhSSGlDWUNBSXZiME5GM0JPTFRseDQKLS0tIEFnOXgzWFo2Rmo2THN4VFFIY1h0 - OEZ4WUp1QlVrTkVTN1BHMG0yaXFuSk0KLw3ZuvWTurJDTpyoq5YafLm8YFT4v4Vh - s+ay8ju3kA1CKjMF3gBQF08EoCdP/jU6tZerNwwcs17el5zIvRmG7Q== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-02-06T22:06:59Z" - mac: ENC[AES256_GCM,data:IJXeoVdP8/R51hHNTkpYSj9f1bGRBh5PtlEdbcXuD12DFGZtEFcAeBgfKHSnYBRxZMedd/IxhsQYNatW8T/spAuPi0dEh2mnn9yz3evGjkc1WKGOy24Ou3xhZBboo9tzYfkX3PVGd10kx+vTJh3by7Eq4LjAfyq1vyGj1g3S5nU=,iv:wQsntFE/TO0Z5An9U7yYUIQ/nXbo5nnUQ9ukVMm0KRo=,tag:D9HpVrYEbzaCktzGmD0xvg==,type:str] - unencrypted_suffix: _unencrypted - version: 3.11.0