diff --git a/configuration.nix b/configuration.nix index b11c576..4848963 100644 --- a/configuration.nix +++ b/configuration.nix @@ -51,20 +51,7 @@ alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; - jack.enable = true; - wireplumber.extraConfig = { - "monitor.bluez.properties" = { - "bluez5.enable-sbc-xq" = true; - "bluez5.enable-msbc" = true; - "bluez5.enable-hw-volume" = true; - "bluez5.roles" = [ - "hsp_hs" - "hsp_ag" - "hfp_hf" - "hfp_ag" - ]; - }; - }; + # jack.enable = true; }; logind.settings.Login = { HandlePowerKey = "ignore"; @@ -89,22 +76,9 @@ # }; # }; tailscale.enable = true; - openssh = { - enable = true; - ports = [ 22 ]; - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - PermitRootLogin = "no"; - AllowUsers = [ - "user" - ]; - }; - }; }; hardware = { - enableAllFirmware = true; graphics = { enable = true; enable32Bit = true; @@ -114,8 +88,7 @@ powerOnBoot = true; settings = { General = { - Experimental = true; - # Enable = "Source,Sink,Media,Socket"; + Enable = "Source,Sink,Media,Socket"; }; }; }; @@ -166,12 +139,5 @@ }; }; }; - - systemd.tmpfiles.rules = [ - "d /home/public 2775 root public - -" - "d /home/public/pictures 2775 root public - -" - - "a+ /home/public - - - - d:g:public:rwX,d:m::rwX" - "a+ /home/public/pictures - - - - d:g:public:rwX,d:m::rwX" - ]; + services.openssh.enable = true; } diff --git a/flake.lock b/flake.lock index 66ebce0..2b40de6 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,26 @@ { "nodes": { + "dgop": { + "inputs": { + "nixpkgs": [ + "dms", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1765838956, + "narHash": "sha256-A3a2ZfvjirX8VIdIPI+nAyukWs6vx4vet3fU0mpr7lU=", + "owner": "AvengeMedia", + "repo": "dgop", + "rev": "0ff697a4e3418966caa714c838fc73f1ef6ba59b", + "type": "github" + }, + "original": { + "owner": "AvengeMedia", + "repo": "dgop", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -23,41 +44,47 @@ }, "dms": { "inputs": { - "flake-compat": "flake-compat", + "dgop": "dgop", "nixpkgs": "nixpkgs", "quickshell": "quickshell" }, "locked": { - "lastModified": 1777675128, - "narHash": "sha256-2zuDs9Lju99dg8MsSPf1frKPPgCRakDn+CEGX71cHJ0=", + "lastModified": 1766776522, + "narHash": "sha256-wS2fSepxdtOr4RErdEY91hkxOjsrs2nA2nm72eZMEEU=", "owner": "AvengeMedia", "repo": "DankMaterialShell", - "rev": "c1cbd0994f5a3585dded85069f2c9103c54f5285", + "rev": "987856a1de35c62dc0930b007b561545d6a832a8", "type": "github" }, "original": { "owner": "AvengeMedia", "repo": "DankMaterialShell", - "type": "github" - } - }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1767039857, - "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", - "owner": "NixOS", - "repo": "flake-compat", - "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "flake-compat", + "rev": "987856a1de35c62dc0930b007b561545d6a832a8", "type": "github" } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "neovim-nightly-overlay", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "nur", @@ -103,16 +130,17 @@ ] }, "locked": { - "lastModified": 1777679572, - "narHash": "sha256-egYNbRrkn+6SwTHinhdb6WUfzzdC3nXfCRqS321VylY=", + "lastModified": 1770260404, + "narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=", "owner": "nix-community", "repo": "home-manager", - "rev": "9cb587ade2aa1b4a7257f0238d41072690b0ca4f", + "rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b", "type": "github" }, "original": { "owner": "nix-community", "repo": "home-manager", + "rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b", "type": "github" } }, @@ -156,6 +184,63 @@ "type": "github" } }, + "microvm": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "spectrum": "spectrum" + }, + "locked": { + "lastModified": 1770310890, + "narHash": "sha256-lyWAs4XKg3kLYaf4gm5qc5WJrDkYy3/qeV5G733fJww=", + "owner": "microvm-nix", + "repo": "microvm.nix", + "rev": "68c9f9c6ca91841f04f726a298c385411b7bfcd5", + "type": "github" + }, + "original": { + "owner": "microvm-nix", + "repo": "microvm.nix", + "type": "github" + } + }, + "neovim-nightly-overlay": { + "inputs": { + "flake-parts": "flake-parts", + "neovim-src": "neovim-src", + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1771632300, + "narHash": "sha256-uP5SbbbN86+LZ8VubL01UKD6bez5DK9prqIqQOMy3Jw=", + "owner": "nix-community", + "repo": "neovim-nightly-overlay", + "rev": "0f601090d4d54b3da0d03e270cb6a5c68bf84dd3", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "neovim-nightly-overlay", + "type": "github" + } + }, + "neovim-src": { + "flake": false, + "locked": { + "lastModified": 1771630915, + "narHash": "sha256-7RPG+RG/e0O79HjNT/ztC7K7j/xXazltq3TPk1mauqY=", + "owner": "neovim", + "repo": "neovim", + "rev": "d79a9dcd422133bc1e4b4ef94444962560d7a6d7", + "type": "github" + }, + "original": { + "owner": "neovim", + "repo": "neovim", + "type": "github" + } + }, "niri-branch": { "inputs": { "nixpkgs": [ @@ -164,11 +249,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1771283045, - "narHash": "sha256-AgD3KAkrQ4cs34kKZE8v/+FyFTc1Vq2sOJaPrWiCRio=", + "lastModified": 1769284707, + "narHash": "sha256-X60XGpLjNTgYyaC/gChHGpqQqLWGI+0n5BbWaybXKiE=", "owner": "argosnothing", "repo": "niri", - "rev": "eab116015a5a4d8f027c915dbd7b0a90e1e9a5e1", + "rev": "6dcaa349acf3b04ed1593022388b4f1cbef8893b", "type": "github" }, "original": { @@ -187,11 +272,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1774389340, - "narHash": "sha256-zPxNCLGMQ5gbziogsTl3COikFFco6Em6NDeHOy4fmUg=", + "lastModified": 1765743947, + "narHash": "sha256-kx8XFbzG59eLNImygoN9jRjgaxR7kvmjg64equccmK0=", "owner": "argosnothing", "repo": "niri-scratchpad-rs", - "rev": "7288342f08036bfc9abd58ab6a4bc692679dfcd3", + "rev": "163420c14c9199d311627501eedee2a3b2507db2", "type": "github" }, "original": { @@ -203,11 +288,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1776169885, - "narHash": "sha256-l/iNYDZ4bGOAFQY2q8y5OAfBBtrDAaPuRQqWaFHVRXM=", + "lastModified": 1766651565, + "narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4bd9165a9165d7b5e33ae57f3eecbcb28fb231c9", + "rev": "3e2499d5539c16d0d173ba53552a4ff8547f4539", "type": "github" }, "original": { @@ -234,6 +319,22 @@ } }, "nixpkgs_3": { + "locked": { + "lastModified": 1771207753, + "narHash": "sha256-b9uG8yN50DRQ6A7JdZBfzq718ryYrlmGgqkRm9OOwCE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d1c15b7d5806069da59e819999d70e1cec0760bf", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1744536153, "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=", @@ -249,13 +350,13 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { - "lastModified": 1777731324, - "narHash": "sha256-piLMdJYPP/9+/yiHxVMpqbAAoP8EnsqRO5921ilx0lk=", + "lastModified": 1771342064, + "narHash": "sha256-Aros+b3kQpzJAyxjDyhLUmnEfzQfyor2tiIoUTSgki0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "38e436af6ec1a3b1c9b666ceea098bf5ef05fc66", + "rev": "3f03a5f1bede585f58c878c22cb12988bb0d1ed2", "type": "github" }, "original": { @@ -264,13 +365,13 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { - "lastModified": 1777578337, - "narHash": "sha256-Ad49moKWeXtKBJNy2ebiTQUEgdLyvGmTeykAQ9xM+Z4=", + "lastModified": 1770562336, + "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", "owner": "nixos", "repo": "nixpkgs", - "rev": "15f4ee454b1dce334612fa6843b3e05cf546efab", + "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", "type": "github" }, "original": { @@ -282,15 +383,15 @@ }, "nur": { "inputs": { - "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_5" + "flake-parts": "flake-parts_2", + "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1777729540, - "narHash": "sha256-tF5WMS4SSSmDvEZ7qgOosh8q0BVdz/ynb4Wnruc1rgY=", + "lastModified": 1770758031, + "narHash": "sha256-YEq6M9OOEOl7l2zr/YjOi2UnuQZZ02HvXebpWGpkEHM=", "owner": "nix-community", "repo": "NUR", - "rev": "1091dd1d0f6589dc9a88d808052dda9b85835670", + "rev": "6701aa01b90606ab75078c1910bb991b8e7a389b", "type": "github" }, "original": { @@ -307,16 +408,16 @@ ] }, "locked": { - "lastModified": 1776854048, - "narHash": "sha256-lLbV66V3RMNp1l8/UelmR4YzoJ5ONtgvEtiUMJATH/o=", + "lastModified": 1766386896, + "narHash": "sha256-1uql4y229Rh+/2da99OVNe6DfsjObukXkf60TYRCvhI=", "ref": "refs/heads/master", - "rev": "783c953987dc56ff0601abe6845ed96f1d00495a", - "revCount": 806, + "rev": "3918290c1bcd93ed81291844d9f1ed146672dbfc", + "revCount": 714, "type": "git", "url": "https://git.outfoxxed.me/quickshell/quickshell" }, "original": { - "rev": "783c953987dc56ff0601abe6845ed96f1d00495a", + "rev": "3918290c1bcd93ed81291844d9f1ed146672dbfc", "type": "git", "url": "https://git.outfoxxed.me/quickshell/quickshell" } @@ -327,9 +428,11 @@ "dms": "dms", "home-manager": "home-manager", "impermanence": "impermanence", + "microvm": "microvm", + "neovim-nightly-overlay": "neovim-nightly-overlay", "niri-branch": "niri-branch", "niri-scratchpad": "niri-scratchpad", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nur": "nur", "sops-nix": "sops-nix" } @@ -357,14 +460,14 @@ }, "rust-overlay_2": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1772075164, - "narHash": "sha256-93XcvAt+6p7aAq1ERlxD2T17zLGoYGo64KJYasGcpgc=", + "lastModified": 1763952169, + "narHash": "sha256-+PeDBD8P+NKauH+w7eO/QWCIp8Cx4mCfWnh9sJmy9CM=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "07601339b15fa6810541c0e7dc2f3664d92a7ad0", + "rev": "ab726555a9a72e6dc80649809147823a813fa95b", "type": "github" }, "original": { @@ -380,11 +483,11 @@ ] }, "locked": { - "lastModified": 1777338324, - "narHash": "sha256-bc+ZZCmOTNq86/svGnw0tVpH7vJaLYvGLLKFYP08Q8E=", + "lastModified": 1770683991, + "narHash": "sha256-xVfPvXDf9QN3Eh9dV+Lw6IkWG42KSuQ1u2260HKvpnc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "8eaee5c45428b28b8c47a83e4c09dccec5f279b5", + "rev": "8b89f44c2cc4581e402111d928869fe7ba9f7033", "type": "github" }, "original": { @@ -393,6 +496,22 @@ "type": "github" } }, + "spectrum": { + "flake": false, + "locked": { + "lastModified": 1759482047, + "narHash": "sha256-H1wiXRQHxxPyMMlP39ce3ROKCwI5/tUn36P8x6dFiiQ=", + "ref": "refs/heads/main", + "rev": "c5d5786d3dc938af0b279c542d1e43bce381b4b9", + "revCount": 996, + "type": "git", + "url": "https://spectrum-os.org/git/spectrum" + }, + "original": { + "type": "git", + "url": "https://spectrum-os.org/git/spectrum" + } + }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 7790e94..d6a7c79 100644 --- a/flake.nix +++ b/flake.nix @@ -7,18 +7,18 @@ url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; - # microvm = { - # url = "github:microvm-nix/microvm.nix/da28962a2ba84718895b7325f600686c3b4ee099"; - # inputs.nixpkgs.follows = "nixpkgs"; - # }; + microvm = { + url = "github:microvm-nix/microvm.nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; disko = { url = "github:nix-community/disko/latest"; inputs.nixpkgs.follows = "nixpkgs"; }; impermanence.url = "github:nix-community/impermanence"; - # neovim-nightly-overlay.url = "github:nix-community/neovim-nightly-overlay"; + neovim-nightly-overlay.url = "github:nix-community/neovim-nightly-overlay"; home-manager = { - url = "github:nix-community/home-manager"; + url = "github:nix-community/home-manager/0d782ee42c86b196acff08acfbf41bb7d13eed5b"; inputs.nixpkgs.follows = "nixpkgs"; }; nur.url = "github:nix-community/NUR"; @@ -30,7 +30,7 @@ url = "github:argosnothing/niri-scratchpad-rs/hidden-workspaces"; inputs.nixpkgs.follows = "nixpkgs"; }; - dms.url = "github:AvengeMedia/DankMaterialShell"; + dms.url = "github:AvengeMedia/DankMaterialShell/987856a1de35c62dc0930b007b561545d6a832a8"; }; outputs = @@ -49,7 +49,7 @@ config.allowUnfree = true; # overlays = [ inputs.neovim-nightly-overlay.overlays.default ]; }; - # microvm = inputs.microvm.nixosModules.host; + microvm = inputs.microvm.nixosModules.host; in { nixosConfigurations."${hostname}" = nixpkgs.lib.nixosSystem { @@ -59,7 +59,7 @@ nixpkgs impermanence home-manager - # microvm + microvm sops-nix ; hostname = hostname; @@ -74,8 +74,8 @@ ./kernel ./home inputs.sops-nix.nixosModules.sops - # inputs.microvm.nixosModules.host - # (import ./vms) + inputs.microvm.nixosModules.host + (import ./vms) inputs.disko.nixosModules.disko inputs.impermanence.nixosModules.impermanence inputs.home-manager.nixosModules.home-manager @@ -88,13 +88,15 @@ ]; nixpkgs.overlays = [ (_: prev: { - - openldap = prev.openldap.overrideAttrs { - doCheck = !prev.stdenv.hostPlatform.isi686; - }; niri-scratchpad = inputs.niri-scratchpad.packages.${prev.system}.default; vimPlugins = prev.vimPlugins.extend ( f: p: { + neotest = p.neotest.overrideAttrs { + src = prev.fetchzip { + url = "https://github.com/archie-judd/neotest/archive/c8dd7597bb4182c0547d188e1dd5f684a4f01852.zip"; + sha256 = "sha256-E/Heh+mAxvN5RaWqv1UJuHSA90c0evMKFkDD1BrpV7g="; + }; + }; neotest-pest = p.neotest-pest.overrideAttrs (_: { src = prev.fetchFromGitHub { owner = "jradtilbrook"; diff --git a/home/agents.nix b/home/agents.nix deleted file mode 100644 index 0429d5c..0000000 --- a/home/agents.nix +++ /dev/null @@ -1,193 +0,0 @@ -{ pkgs, lib, ... }: -let - home-manager-config = - { - uid, - username, - }: - let - HOME = "/home/${username}"; - in - { - ${username} = - { config, ... }: - { - imports = [ - ./nvim - ./tmux.nix - ]; - - home.username = username; - home.homeDirectory = "${HOME}"; - home.stateVersion = "25.11"; - home.enableNixpkgsReleaseCheck = false; - home.sessionVariables = { - DISPLAY = ":1"; - }; - - programs = { - chromium.enable = true; - claude-code.enable = true; - opencode.enable = true; - ssh = { - enable = true; - enableDefaultConfig = false; - matchBlocks = { - "*" = { - serverAliveInterval = 60; - serverAliveCountMax = 3; - }; - "github.com" = { - identityFile = "${HOME}/.ssh/id_ed25519"; - }; - }; - }; - delta = { - enable = true; - options = { - navigate = true; - line-numbers = true; - side-by-side = true; - }; - enableGitIntegration = true; - }; - git = { - enable = true; - lfs.enable = true; - signing = { - key = "${HOME}/.ssh/id_ed25519.pub"; - signByDefault = true; - }; - includes = [ - { - condition = "gitdir:~/dealwise/"; - contents = { - user = { - name = "felipematos"; - email = "5471818+fnzr@users.noreply.github.com"; - signingkey = "${HOME}/.ssh/id_ed25519.pub"; - }; - }; - } - { - contents = { - user = { - name = "${username}"; - email = "${username}@sandbox.dev"; - signingkey = "${HOME}/.ssh/id_ed25519.pub"; - }; - }; - } - ]; - settings = { - user = { - email = "${username}@sandbox.dev"; - name = "${username}"; - signingkey = "${HOME}/.ssh/id_ed25519.pub"; - }; - gpg.format = "ssh"; - commit.gpgsign = true; - tag.gpgsign = true; - core = { - editor = "nvim"; - whitespace = "fix,only-indent-error,trailing-space,space-before-tab"; - quotepath = false; - }; - diff = { - algorithm = "histogram"; - renames = "copies"; - tool = "nvim"; - }; - difftool = { - prompt = false; - nvim.cmd = "nvim -d $LOCAL $REMOTE"; - }; - merge = { - conflictstyle = "zdiff3"; - tool = "nvim"; - }; - mergetool = { - prompt = false; - keepBackup = false; - nvim.cmd = "nvim -d $LOCAL $REMOTE $MERGED -c 'wincmd w' -c 'wincmd J'"; - }; - init = { - defaultBranch = "master"; - }; - push = { - autoSetupRemote = true; - default = "current"; - }; - pull = { - rebase = true; - }; - fetch = { - prune = true; - }; - help = { - autocorrect = "prompt"; - }; - }; - }; - fish = { - enable = true; - plugins = [ - { - name = "puffer"; - src = pkgs.fetchFromGitHub { - owner = "nickeb96"; - repo = "puffer-fish"; - rev = "83174b0"; - sha256 = "sha256-Dhx5+XRxJvlhdnFyimNxFyFiASrGU4ZwyefsDwtKnSg="; - }; - } - ]; - - interactiveShellInit = '' - set fish_greeting - bind ctrl-space "" - ''; - }; - starship.enable = true; - }; - custom.tmux.enable = true; - custom.neovim = { - enable = true; - colorscheme = "rose-pine-moon"; - hostname = "amelia"; - }; - xdg.configFile."containers/containers.conf".text = '' - [engine] - compose_warning_logs=false - events_logger="file" - - [containers] - log_driver="k8s-file" - ''; - xdg.configFile."opencode/opencode.json".text = builtins.toJSON { - "$schema" = "https://opencode.ai/config.json"; - # provider = { - # ollama = { - # model = "qwen3.6"; - # base_url = "http://localhost:11434"; - # }; - # }; - }; - xdg.userDirs = { - enable = true; - setSessionVariables = false; - extraConfig = { - XDG_CACHE_HOME = "$HOME/.cache"; - }; - }; - }; - }; -in -{ - home-manager.users = lib.mkMerge [ - (home-manager-config { - uid = 1002; - username = "agent"; - }) - ]; -} diff --git a/home/files/lf/lfrc b/home/files/lf/lfrc new file mode 100644 index 0000000..e69de29 diff --git a/home/nvim/default.nix b/home/nvim/default.nix index fec98e7..d99962e 100644 --- a/home/nvim/default.nix +++ b/home/nvim/default.nix @@ -29,8 +29,6 @@ in viAlias = true; vimAlias = false; vimdiffAlias = true; - withPython3 = false; - withRuby = false; plugins = with pkgs.vimPlugins; [ { plugin = auto-session; @@ -88,7 +86,6 @@ in blade = { "blade-formatter" }, go = { "gofmt" }, wgsl = { "wgsl_fmt" }, - odin = { "odinfmt" }, }, }) vim.api.nvim_create_autocmd("BufWritePre", { @@ -130,14 +127,7 @@ in }, adapters = { require('neotest-pest'), - require('neotest-zig'), - -- require('neotest-odin'), - }, - watch = { - filter_path = function(path, root) - return true - end, - }, + } }) vim.keymap.set('n', 'pn', function() require('neotest').run.run() end, { desc = "test nearest" }) vim.keymap.set('n', 'pe', function() require('neotest').run.run(vim.fn.expand('%')) end, { desc = "test file" }) @@ -148,10 +138,6 @@ in type = "lua"; } # { - # plugin = neotest-zig; - # type = "lua"; - # } - # { # plugin = nvim-autopairs; # type = "lua"; # config = '' @@ -163,43 +149,19 @@ in type = "lua"; config = '' local dap = require("dap") - dap.adapters = { - php = { - type = "executable", - command = "${pkgs.nodejs}/bin/node", - args = { "${pkgs.vscode-extensions.xdebug.php-debug}/share/vscode/extensions/xdebug.php-debug/out/phpDebug.js" }, - }, - - codelldb = { - type = "server", - port = "''${port}", - executable = { - command = '${pkgs.vscode-extensions.vadimcn.vscode-lldb}/share/vscode/extensions/vadimcn.vscode-lldb/adapter/codelldb', - args = { "--port", "''${port}" }, - }, - }, + dap.adapters.php = { + type = 'executable', + command = '${pkgs.nodejs}/bin/node', + args = { '${pkgs.vscode-extensions.xdebug.php-debug}/share/vscode/extensions/xdebug.php-debug/out/phpDebug.js' }, } - dap.configurations = { - php = { - { - type = 'php', - request = 'launch', - name = 'listen for xdebug', - port = 9003, - } - }, - zig = { - { - name = 'launch', - type = 'codelldb', - request = 'launch', - program = "''${workspaceFolder}/zig-out/bin/''${workspaceFolderBasename}", - cwd = "''${workspaceFolder}", - stopOnEntry = false, - args = {}, - } - }, + dap.configurations.php = { + { + type = 'php', + request = 'launch', + name = 'listen for xdebug', + port = 9003, + } } ''; } @@ -237,7 +199,7 @@ in 'fsharp', 'git_config', 'git_rebase', 'gitignore', 'glsl', 'go', 'gomod', 'graphql', 'haskell', 'hlsl', 'http', 'ini', 'javadoc', 'jq', 'jsdoc', 'json', 'json5', 'kitty', 'latex', 'markdown', 'nginx', 'nix', 'php', 'php_only', 'phpdoc', 'regex', 'rust', 'sql', - 'ssh_config', 'tmux', 'vim', 'wgsl', 'yaml', 'zig', 'odin', + 'ssh_config', 'tmux', 'vim', 'wgsl', 'yaml', 'zig', 'ols', }, callback = function() vim.treesitter.start() @@ -284,11 +246,12 @@ in config = '' vim.o.autoread = true -- Recommended/example keymaps. - vim.keymap.set({ "n", "x" }, "h", function() require("opencode").ask("@this: ", { submit = true }) end, { desc = "Ask opencode…" }) + vim.keymap.set({ "n", "x" }, "", function() require("opencode").ask("@this: ", { submit = true }) end, { desc = "Ask opencode…" }) vim.keymap.set({ "n", "x" }, "", function() require("opencode").select() end, { desc = "Execute opencode action…" }) vim.keymap.set({ "n", "t" }, "", function() require("opencode").toggle() end, { desc = "Toggle opencode" }) vim.keymap.set({ "n", "x" }, "go", function() return require("opencode").operator("@this ") end, { desc = "Add range to opencode", expr = true }) + vim.keymap.set("n", "goo", function() return require("opencode").operator("@this ") .. "_" end, { desc = "Add line to opencode", expr = true }) vim.keymap.set("n", "", function() require("opencode").command("session.half.page.up") end, { desc = "Scroll opencode up" }) vim.keymap.set("n", "", function() require("opencode").command("session.half.page.down") end, { desc = "Scroll opencode down" }) @@ -440,10 +403,12 @@ in } vim-fugitive ]; - initLua = '' + extraConfig = '' + colorscheme ${cfg.colorscheme} + ''; + extraLuaConfig = '' ${builtins.readFile ./settings.lua} ${builtins.replaceStrings [ "@HOSTNAME@" ] [ cfg.hostname ] (builtins.readFile ./plugins.lua)} - vim.cmd.colorscheme("${cfg.colorscheme}") require("custom") ''; }; diff --git a/home/nvim/plugins.lua b/home/nvim/plugins.lua index a0ea9f2..e94ea77 100644 --- a/home/nvim/plugins.lua +++ b/home/nvim/plugins.lua @@ -42,7 +42,6 @@ local servers = { zls = { enable_build_on_save = true, semantic_tokens = "partial", - global_cache_path = vim.fn.getcwd(0, 0) .. "/.cache/zls", }, }, }, @@ -53,11 +52,7 @@ local servers = { html = { filetypes = { "html", "blade" } }, htmx = { filetypes = { "html", "blade" } }, gopls = {}, - ols = { - enable_semantic_tokens = true, - enable_auto_import = true, - checker_args = "-vet", - }, + ols = {}, wgsl_analyzer = {}, } for server, config in pairs(servers) do @@ -82,12 +77,12 @@ local leap = require("leap") leap.opts.preview = function(ch0, ch1, ch2) return not (ch1:match("%s") or (ch0:match("%a") and ch1:match("%a") and ch2:match("%a"))) end --- leap.opts.equivalence_classes = { --- " \t\r\n", --- "([{", --- ")]}", --- "'\"`", --- } +leap.opts.equivalence_classes = { + " \t\r\n", + "([{", + ")]}", + "'\"`", +} vim.api.nvim_set_hl(0, "LeapBackdrop", { link = "Comment" }) do diff --git a/home/nvim/settings.lua b/home/nvim/settings.lua index 7cdbfb3..83d9a76 100644 --- a/home/nvim/settings.lua +++ b/home/nvim/settings.lua @@ -107,6 +107,9 @@ vim.keymap.set({ "n", "t" }, "", function() end, { desc = "Go to previous tab" }) vim.keymap.set({ "n", "t" }, "", "p", { desc = "Go to previous pane" }) +vim.keymap.set("n", "v", "vsplit", { desc = "split (vertical line)" }) +vim.keymap.set("n", "h", "split", { desc = "split (horizontal line)" }) + vim.keymap.set("n", "", "w", { desc = "save buffer" }) vim.diagnostic.config({ diff --git a/home/root.nix b/home/root.nix index f601343..eaa3dee 100644 --- a/home/root.nix +++ b/home/root.nix @@ -2,9 +2,6 @@ { home-manager.users.root = { config, ... }: - let - HOME = "/root"; - in { imports = [ ./nvim ]; home.username = "root"; @@ -15,6 +12,13 @@ home.file."/.ssh/desktop.pub".text = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILquARrJ3Vyh5z6aeVoiYrkLpgiMts+V/JzFEvs3Cnth root@icefox.sh"; + xdg.userDirs = { + enable = false; + extraConfig = { + XDG_CACHE_HOME = "${config.home.homeDirectory}/.cache"; + }; + }; + programs = { ssh = { enable = true; @@ -44,7 +48,7 @@ name = "root"; }; gpg.format = "ssh"; - user.signingkey = "${HOME}/.ssh/desktop.pub"; + user.signingkey = "${config.home.homeDirectory}/.ssh/desktop.pub"; commit.gpgsign = true; tag.gpgsign = true; core = { diff --git a/home/user.nix b/home/user.nix index 1dae7c0..74eb5bf 100644 --- a/home/user.nix +++ b/home/user.nix @@ -7,17 +7,12 @@ lib, ... }: - let - HOME = "/home/user"; - in { home.username = "user"; - home.homeDirectory = HOME; + home.homeDirectory = "/home/user"; home.stateVersion = "25.11"; home.sessionVariables = { - QMK_HOME = "${HOME}/var/qmk"; - GOMODCACHE = "${HOME}/.cache/go_mod"; - GOPATH = "${HOME}/.local/share/go"; + HOME = "/home/user"; }; imports = [ @@ -26,15 +21,15 @@ ]; sops.defaultSopsFile = ../secrets/home.yaml; - sops.age.keyFile = "/.persist/${HOME}/.config/sops/age/keys.txt"; + sops.age.keyFile = "/.persist/${config.home.homeDirectory}/.config/sops/age/keys.txt"; sops.secrets."user/ssh/desktop" = { - path = "${HOME}/.ssh/desktop"; + path = "${config.home.homeDirectory}/.ssh/desktop"; mode = "0600"; }; home.file."/.ssh/desktop.pub".text = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILABd/iSJ4gn/ystDqNxLJTG0n0z5VIC9YXlmdUfOhHf desktop@icefox.sh"; sops.secrets."user/ssh/legacy_ed25519" = { - path = "${HOME}/.ssh/legacy_ed25519"; + path = "${config.home.homeDirectory}/.ssh/legacy_ed25519"; mode = "0600"; }; home.file."/.ssh/legacy_ed25519.pub".text = @@ -56,21 +51,18 @@ # "Xft.rgba" = "rgb"; # }; - systemd.user.services.waypipe-socket = { - Unit = { - Description = "start waypipe client"; - }; - Install = { - WantedBy = [ "graphical-session.target" ]; - }; - Service = { - ExecStart = "${pkgs.waypipe}/bin/waypipe --socket /tmp/waypipe.sock client"; - ExecStartPost = "${pkgs.acl}/bin/setfacl -m u:agent:rw /tmp/waypipe.sock"; - RuntimeDirectory = "waypipe"; - Type = "simple"; - Restart = "on-failure"; - }; - }; + # systemd.user.services.xrdb-configure = { + # Unit = { + # Description = "Load Xresources"; + # }; + # Intall = { + # WantedBy = [ "graphical-session.target" ]; + # }; + # Service = { + # ExecStart = "${pkgs.xrdb}/bin/xrdb -merge ${config.home.homeDirectory}/.Xresources"; + # Type = "oneshot"; + # }; + # }; sops.secrets."user/gpg/legacy_fnzr" = { }; home.activation.importGpgKey = config.lib.dag.entryAfter [ "writeBoundary" ] '' if [[ -f "${config.sops.secrets."user/gpg/legacy_fnzr".path}" ]]; then @@ -100,6 +92,225 @@ }; }; + # xdg.configFile."opencode/opencode.json".text = builtins.toJSON { + # "$schema" = "https://opencode.ai/config.json"; + # plugin = [ "opencode-antigravity-auth@latest" ]; + # provider = { + # google = { + # models = { + # antigravity-gemini-3-pro = { + # name = "Gemini 3 Pro (Antigravity)"; + # limit = { + # context = 1048576; + # output = 65535; + # }; + # modalities = { + # input = [ + # "text" + # "image" + # "pdf" + # ]; + # output = [ "text" ]; + # }; + # variants = { + # low = { + # thinkingLevel = "low"; + # }; + # high = { + # thinkingLevel = "high"; + # }; + # }; + # }; + # antigravity-gemini-3-flash = { + # name = "Gemini 3 Flash (Antigravity)"; + # limit = { + # context = 1048576; + # output = 65536; + # }; + # modalities = { + # input = [ + # "text" + # "image" + # "pdf" + # ]; + # output = [ "text" ]; + # }; + # variants = { + # minimal = { + # thinkingLevel = "minimal"; + # }; + # low = { + # thinkingLevel = "low"; + # }; + # medium = { + # thinkingLevel = "medium"; + # }; + # high = { + # thinkingLevel = "high"; + # }; + # }; + # }; + # antigravity-claude-sonnet-4-5 = { + # name = "Claude Sonnet 4.5 (Antigravity)"; + # limit = { + # context = 200000; + # output = 64000; + # }; + # modalities = { + # input = [ + # "text" + # "image" + # "pdf" + # ]; + # output = [ "text" ]; + # }; + # }; + # antigravity-claude-sonnet-4-5-thinking = { + # name = "Claude Sonnet 4.5 Thinking (Antigravity)"; + # limit = { + # context = 200000; + # output = 64000; + # }; + # modalities = { + # input = [ + # "text" + # "image" + # "pdf" + # ]; + # output = [ "text" ]; + # }; + # variants = { + # low = { + # thinkingConfig = { + # thinkingBudget = 8192; + # }; + # }; + # max = { + # thinkingConfig = { + # thinkingBudget = 32768; + # }; + # }; + # }; + # }; + # antigravity-claude-opus-4-5-thinking = { + # name = "Claude Opus 4.5 Thinking (Antigravity)"; + # limit = { + # context = 200000; + # output = 64000; + # }; + # modalities = { + # input = [ + # "text" + # "image" + # "pdf" + # ]; + # output = [ "text" ]; + # }; + # variants = { + # low = { + # thinkingConfig = { + # thinkingBudget = 8192; + # }; + # }; + # max = { + # thinkingConfig = { + # thinkingBudget = 32768; + # }; + # }; + # }; + # }; + # antigravity-claude-opus-4-6-thinking = { + # name = "Claude Opus 4.6 Thinking (Antigravity)"; + # limit = { + # context = 200000; + # output = 64000; + # }; + # modalities = { + # input = [ + # "text" + # "image" + # "pdf" + # ]; + # output = [ "text" ]; + # }; + # variants = { + # low = { + # thinkingConfig = { + # thinkingBudget = 8192; + # }; + # }; + # max = { + # thinkingConfig = { + # thinkingBudget = 32768; + # }; + # }; + # }; + # }; + # "gemini-2.5-flash" = { + # name = "Gemini 2.5 Flash (Gemini CLI)"; + # limit = { + # context = 1048576; + # output = 65536; + # }; + # modalities = { + # input = [ + # "text" + # "image" + # "pdf" + # ]; + # output = [ "text" ]; + # }; + # }; + # "gemini-2.5-pro" = { + # name = "Gemini 2.5 Pro (Gemini CLI)"; + # limit = { + # context = 1048576; + # output = 65536; + # }; + # modalities = { + # input = [ + # "text" + # "image" + # "pdf" + # ]; + # output = [ "text" ]; + # }; + # }; + # gemini-3-flash-preview = { + # name = "Gemini 3 Flash Preview (Gemini CLI)"; + # limit = { + # context = 1048576; + # output = 65536; + # }; + # modalities = { + # input = [ + # "text" + # "image" + # "pdf" + # ]; + # output = [ "text" ]; + # }; + # }; + # gemini-3-pro-preview = { + # name = "Gemini 3 Pro Preview (Gemini CLI)"; + # limit = { + # context = 1048576; + # output = 65535; + # }; + # modalities = { + # input = [ + # "text" + # "image" + # "pdf" + # ]; + # output = [ "text" ]; + # }; + # }; + # }; + # }; + # }; + # }; + xdg.desktopEntries = { google-chrome = { name = "Google Chrome"; @@ -216,20 +427,19 @@ xdg.userDirs = { enable = true; createDirectories = true; - setSessionVariables = true; - download = "${HOME}/downloads"; - documents = "${HOME}/documents"; - desktop = "${HOME}/desktop"; - pictures = "${HOME}/pictures"; - music = "${HOME}/music"; - videos = "${HOME}/videos"; - templates = "${HOME}"; - publicShare = "${HOME}"; + download = "${config.home.homeDirectory}/downloads"; + documents = "${config.home.homeDirectory}/documents"; + desktop = "${config.home.homeDirectory}/desktop"; + pictures = "${config.home.homeDirectory}/pictures"; + music = "${config.home.homeDirectory}/music"; + videos = "${config.home.homeDirectory}/videos"; + templates = "${config.home.homeDirectory}"; + publicShare = "${config.home.homeDirectory}"; extraConfig = { - SCREENSHOTS = "$HOME/pictures/screenshots"; - XDG_CACHE_HOME = "$HOME/.cache"; + SCREENSHOTS = "${config.home.homeDirectory}/pictures/screenshots"; + XDG_CACHE_HOME = "${config.home.homeDirectory}/.cache"; }; }; @@ -265,7 +475,7 @@ enable = true; lfs.enable = true; signing = { - key = "${HOME}/.ssh/desktop.pub"; + key = "${config.home.homeDirectory}/.ssh/desktop.pub"; signByDefault = true; }; includes = [ @@ -275,7 +485,6 @@ user = { name = "felipematos"; email = "5471818+fnzr@users.noreply.github.com"; - signingkey = "${HOME}/.ssh/desktop.pub"; }; }; } @@ -284,7 +493,7 @@ user = { email = "felipe@icefox.sh"; name = "icefox"; - signingkey = "${HOME}/.ssh/desktop.pub"; + signingkey = "${config.home.homeDirectory}/.ssh/desktop.pub"; }; gpg.format = "ssh"; commit.gpgsign = true; @@ -328,20 +537,12 @@ help = { autocorrect = "prompt"; }; - safe = { - directory = [ - "/home/agent/*" - ]; - }; }; }; }; home.packages = with pkgs; [ xrdb - (writeShellScriptBin "agent" '' - machinectl shell agent@ ${waypipe}/bin/waypipe --socket /run/waypipe.sock server fish - '') (writeShellApplication { name = "tmux-sessionizer"; runtimeInputs = [ @@ -350,7 +551,20 @@ ]; text = builtins.readFile ./bin/tmux-sessionizer; }) + (writeShellScriptBin "opencode" '' + ssh -t user@192.168.77.2 " + cd $(pwd) 2>/dev/null || cd \$(mktemp -d) + opencode $* + " + '') + (writeShellScriptBin "claude" '' + ssh -t user@192.168.77.2 " + cd $(pwd) 2>/dev/null || cd \$(mktemp -d) + claude $* + " + '') ]; + custom.tmux.enable = true; custom.neovim = { enable = true; @@ -410,7 +624,6 @@ programs.firefox = { enable = true; package = pkgs.firefox; - configPath = ".mozilla/firefox"; nativeMessagingHosts = [ pkgs.browserpass pkgs.tridactyl-native diff --git a/kernel/default.nix b/kernel/default.nix index 404a84e..c823c54 100644 --- a/kernel/default.nix +++ b/kernel/default.nix @@ -3,22 +3,6 @@ pkgs, ... }: -let - nsExec = pkgs.writeShellScriptBin "ns-raw" '' - ns="$1" - shift - exec ${pkgs.iproute2}/bin/ip netns exec "$ns" \ - ${pkgs.util-linux}/bin/setpriv \ - --reuid="$DOAS_USER" --regid="$DOAS_USER" \ - --clear-groups \ - --inh-caps=-all \ - "$@" - ''; - nsWrapper = pkgs.writeShellScriptBin "ns" '' - - exec /run/wrappers/bin/doas ${nsExec}/bin/ns-raw "$@" - ''; -in { imports = [ ./hardened.nix @@ -54,47 +38,24 @@ in extraRules = [ { users = [ "user" ]; - runAs = "root"; keepEnv = true; persist = true; } { users = [ "user" ]; - runAs = "work"; + runAs = "agent"; noPass = true; keepEnv = false; } - { - users = [ "user" ]; - runAs = "agent"; - noPass = true; - keepEnv = true; - } - { - users = [ - "user" - "agent" - "work" - ]; - runAs = "root"; - noPass = true; - keepEnv = true; - cmd = "${nsExec}/bin/ns-raw"; - } ]; }; - environment.systemPackages = [ nsWrapper ]; - - security.pam.services.su.requireWheel = true; - security.pam.services.newgrp.requireWheel = true; - boot = { loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; - kernelPackages = pkgs.linuxPackages_latest; + kernelPackages = pkgs.linuxPackages_zen; kernelParams = [ "amd_iommu=on" ]; diff --git a/networking.nix b/networking.nix index 65c34eb..d0627e5 100644 --- a/networking.nix +++ b/networking.nix @@ -33,8 +33,6 @@ # interfaces = [ inetInterface ]; # }; firewall.allowedTCPPorts = [ - 5900 - 8080 9003 10000 10001 diff --git a/packages.nix b/packages.nix index 3c863b3..531f167 100644 --- a/packages.nix +++ b/packages.nix @@ -2,10 +2,6 @@ { environment.systemPackages = with pkgs; [ bat - bc - (pkgs.writeShellScriptBin "bci" '' - echo "$@" | ${bc}/bin/bc -l - '') black blade-formatter cmake @@ -19,7 +15,6 @@ clang-tools clevis cliphist - chromium distrobox dos2unix dnsutils @@ -28,7 +23,6 @@ eza fd ffmpeg - file fira-code-symbols fish fractal @@ -52,10 +46,9 @@ poppler jetbrains.datagrip jq - kitty lazygit (pkgs.writeShellScriptBin "lf" '' - cd_file="/tmp/lf-lastdir" + cd_file="/tmp/lf-lastdir-$$" ${pkgs.lf}/bin/lf "$@" @@ -88,13 +81,12 @@ php84Packages.composer php84Packages.php-cs-fixer phpactor - pistol podman-compose podman-tui prettierd playerctl + qemu_full qmk - quickemu quickshell resvg ripgrep @@ -112,6 +104,7 @@ tmux thunderbird tor-browser + ungoogled-chromium unzip virt-manager virt-viewer @@ -153,7 +146,12 @@ virtualisation.podman = { enable = true; dockerCompat = true; + # rootless = { + # enable = true; + # setSocketVariable = true; + # }; defaultNetwork.settings.dns_enabled = true; + # storageDriver = "btrfs"; }; virtualisation.spiceUSBRedirection.enable = true; @@ -165,7 +163,7 @@ onBoot = "ignore"; onShutdown = "shutdown"; qemu = { - package = pkgs.qemu; + package = pkgs.qemu_full; verbatimConfig = '' cgroup_device_acl = [ "/dev/null", "/dev/full", "/dev/zero", @@ -230,15 +228,16 @@ }; }; - services.ollama = { - enable = true; - package = pkgs.ollama-cuda; - home = "/data/ollama"; - loadModels = [ - "qwen3.6" - "glm-5.1" - ]; - }; + # services.ollama = { + # enable = true; + # package = pkgs.ollama-cuda; + # home = "/data/ollama"; + # user = "ollama"; + # group = "user"; + # loadModels = [ + # "llama3" + # ]; + # }; # services.open-webui = { # enable = true; # port = 11347; diff --git a/users.nix b/users.nix index b56284c..4780839 100644 --- a/users.nix +++ b/users.nix @@ -7,7 +7,6 @@ imports = [ ./home/user.nix ./home/root.nix - ./home/agents.nix ]; sops.secrets."user/password" = { neededForUsers = true; @@ -25,41 +24,17 @@ homeMode = "700"; hashedPasswordFile = config.sops.secrets."root/password".path; }; - # microvm = { - # uid = 999; - # isSystemUser = true; - # }; - # work = { + microvm = { + uid = 999; + isSystemUser = true; + }; + # agent = { # uid = 1001; # homeMode = "770"; - # home = "/home/work"; - # isNormalUser = true; - # shell = pkgs.fish; - # group = "work"; - # extraGroups = [ - # "public" - # ]; - # linger = true; - # }; - agent = { - uid = 1002; - homeMode = "770"; - home = "/home/agent"; - shell = pkgs.fish; - isNormalUser = true; - group = "agent"; - extraGroups = [ "public" ]; - linger = true; - }; - # sandbox = { - # uid = 1003; - # homeMode = "770"; - # home = "/home/sandbox"; # shell = pkgs.fish; # isNormalUser = true; - # group = "sandbox"; - # extraGroups = [ "public" ]; - # linger = true; + # group = "agents"; + # extraGroups = [ "user" ]; # }; user = { uid = 1000; @@ -72,23 +47,14 @@ "libvirt" "systemd-journal" "kvm" - "public" - "agent" - "sandbox" - "audio" - "video" - "bluetooth" - # "work" + "agents" ]; hashedPasswordFile = config.sops.secrets."user/password".path; - linger = true; }; }; groups = { user.gid = 1000; - agent.gid = 1002; - public.gid = 777; - # sandbox.gid = 1003; + agents.gid = 777; }; }; } diff --git a/vms/default.nix b/vms/default.nix new file mode 100644 index 0000000..2b47a76 --- /dev/null +++ b/vms/default.nix @@ -0,0 +1,571 @@ +{ + nixpkgs, + sops-nix, + impermanence, + home-manager, + ... +}: +{ + systemd.network.netdevs."20-microbr".netdevConfig = { + Kind = "bridge"; + Name = "microbr"; + }; + + systemd.network.networks."20-microbr" = { + matchConfig.Name = "microbr"; + addresses = [ { Address = "192.168.77.1/24"; } ]; + networkConfig = { + ConfigureWithoutCarrier = true; + }; + }; + + systemd.network.networks."21-microvm-tap" = { + matchConfig.Name = "vm-*"; + networkConfig.Bridge = "microbr"; + }; + + networking.nat = { + enable = true; + internalInterfaces = [ "microbr" ]; + externalInterface = "enp7e0"; + }; + networking.nftables = { + enable = true; + tables.nat = { + family = "ip"; + content = '' + chain postrouting { + type nat hook postrouting priority srcnat; + iifname "microbr" masquerade + } + ''; + }; + }; + + microvm.vms = { + "dealwise" = { + pkgs = import nixpkgs { + system = "x86_64-linux"; + config.allowUnfreePredicate = + pkg: + builtins.elem (nixpkgs.lib.getName pkg) [ + "claude-code" + ]; + }; + + config = + let + hostname = "ai-sandbox"; + mac = "02:00:00:00:00:06"; + in + { + config, + pkgs, + ... + }: + { + imports = [ + impermanence.nixosModules.impermanence + sops-nix.nixosModules.sops + home-manager.nixosModules.home-manager + ]; + sops = { + defaultSopsFile = ./secrets/secrets.yaml; + age.keyFile = "/.persist/root/.config/sops/age/keys.txt"; + secrets = { + "wg0/private_key" = { }; + }; + }; + boot.kernel.sysctl."kernel.unprivileged_userns_clone" = 1; + systemd.network = { + enable = true; + networks = { + "10-net" = { + matchConfig.MACAddress = mac; + linkConfig.RequiredForOnline = "routable"; + addresses = [ { Address = "192.168.77.2/24"; } ]; + routes = [ + { + Gateway = "192.168.77.1"; + Metric = 100; + } + { + Destination = "103.69.224.4/32"; + Gateway = "192.168.77.1"; + } + ]; + }; + }; + }; + + services.resolved.enable = false; + environment.etc."resolv.conf".text = '' + nameserver 10.2.0.1 + ''; + networking = { + hostName = hostname; + useNetworkd = true; + useDHCP = false; + firewall.enable = false; + wireguard.interfaces.wg0 = { + ips = [ "10.2.0.2/32" ]; + listenPort = 45974; + privateKeyFile = config.sops.secrets."wg0/private_key".path; + metric = 10; + peers = [ + { + publicKey = "D8Sqlj3TYwwnTkycV08HAlxcXXS3Ura4oamz8rB5ImM="; + endpoint = "103.69.224.4:51820"; + allowedIPs = [ + "0.0.0.0/0" + "::/0" + ]; + persistentKeepalive = 25; + } + ]; + }; + }; + + users.mutableUsers = false; + users.users.root = { + password = ""; + home = "/root"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILABd/iSJ4gn/ystDqNxLJTG0n0z5VIC9YXlmdUfOhHf desktop@icefox.sh" + ]; + }; + users.users.user = { + linger = true; + home = "/home/user"; + password = ""; + group = "user"; + isNormalUser = true; + uid = 1000; + shell = pkgs.fish; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILABd/iSJ4gn/ystDqNxLJTG0n0z5VIC9YXlmdUfOhHf desktop@icefox.sh" + ]; + }; + users.groups.user.gid = 1000; + + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + users.user = { + home.username = "user"; + home.homeDirectory = "/home/user"; + home.stateVersion = "25.11"; + home.enableNixpkgsReleaseCheck = false; + xdg.configFile."containers/containers.conf".text = '' + [engine] + compose_warning_logs=false + events_logger="file" + + [containers] + log_driver="k8s-file" + ''; + xdg.configFile."opencode/opencode.json".text = builtins.toJSON { + "$schema" = "https://opencode.ai/config.json"; + plugin = [ "opencode-antigravity-auth@latest" ]; + provider = { + google = { + models = { + antigravity-gemini-3-pro = { + name = "Gemini 3 Pro (Antigravity)"; + limit = { + context = 1048576; + output = 65535; + }; + modalities = { + input = [ + "text" + "image" + "pdf" + ]; + output = [ "text" ]; + }; + variants = { + low = { + thinkingLevel = "low"; + }; + high = { + thinkingLevel = "high"; + }; + }; + }; + antigravity-gemini-3-flash = { + name = "Gemini 3 Flash (Antigravity)"; + limit = { + context = 1048576; + output = 65536; + }; + modalities = { + input = [ + "text" + "image" + "pdf" + ]; + output = [ "text" ]; + }; + variants = { + minimal = { + thinkingLevel = "minimal"; + }; + low = { + thinkingLevel = "low"; + }; + medium = { + thinkingLevel = "medium"; + }; + high = { + thinkingLevel = "high"; + }; + }; + }; + antigravity-claude-sonnet-4-5 = { + name = "Claude Sonnet 4.5 (Antigravity)"; + limit = { + context = 200000; + output = 64000; + }; + modalities = { + input = [ + "text" + "image" + "pdf" + ]; + output = [ "text" ]; + }; + }; + antigravity-claude-sonnet-4-5-thinking = { + name = "Claude Sonnet 4.5 Thinking (Antigravity)"; + limit = { + context = 200000; + output = 64000; + }; + modalities = { + input = [ + "text" + "image" + "pdf" + ]; + output = [ "text" ]; + }; + variants = { + low = { + thinkingConfig = { + thinkingBudget = 8192; + }; + }; + max = { + thinkingConfig = { + thinkingBudget = 32768; + }; + }; + }; + }; + antigravity-claude-opus-4-5-thinking = { + name = "Claude Opus 4.5 Thinking (Antigravity)"; + limit = { + context = 200000; + output = 64000; + }; + modalities = { + input = [ + "text" + "image" + "pdf" + ]; + output = [ "text" ]; + }; + variants = { + low = { + thinkingConfig = { + thinkingBudget = 8192; + }; + }; + max = { + thinkingConfig = { + thinkingBudget = 32768; + }; + }; + }; + }; + antigravity-claude-opus-4-6-thinking = { + name = "Claude Opus 4.6 Thinking (Antigravity)"; + limit = { + context = 200000; + output = 64000; + }; + modalities = { + input = [ + "text" + "image" + "pdf" + ]; + output = [ "text" ]; + }; + variants = { + low = { + thinkingConfig = { + thinkingBudget = 8192; + }; + }; + max = { + thinkingConfig = { + thinkingBudget = 32768; + }; + }; + }; + }; + "gemini-2.5-flash" = { + name = "Gemini 2.5 Flash (Gemini CLI)"; + limit = { + context = 1048576; + output = 65536; + }; + modalities = { + input = [ + "text" + "image" + "pdf" + ]; + output = [ "text" ]; + }; + }; + "gemini-2.5-pro" = { + name = "Gemini 2.5 Pro (Gemini CLI)"; + limit = { + context = 1048576; + output = 65536; + }; + modalities = { + input = [ + "text" + "image" + "pdf" + ]; + output = [ "text" ]; + }; + }; + gemini-3-flash-preview = { + name = "Gemini 3 Flash Preview (Gemini CLI)"; + limit = { + context = 1048576; + output = 65536; + }; + modalities = { + input = [ + "text" + "image" + "pdf" + ]; + output = [ "text" ]; + }; + }; + gemini-3-pro-preview = { + name = "Gemini 3 Pro Preview (Gemini CLI)"; + limit = { + context = 1048576; + output = 65535; + }; + modalities = { + input = [ + "text" + "image" + "pdf" + ]; + output = [ "text" ]; + }; + }; + }; + }; + }; + }; + }; + }; + + fileSystems = { + "/.persist".neededForBoot = true; + }; + environment.systemPackages = with pkgs; [ + coreutils + jq + git + fzf + claude-code + neovim + ripgrep + fd + podman-compose + opencode + + php + php.packages.composer + pkgs.nodejs_24 + pkgs.dotnet-sdk_9 + pkgs.go_1_24 + ]; + + programs = { + fish.enable = true; + starship.enable = true; + ssh = { + knownHosts = { + "github.com".publicKey = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; + }; + }; + }; + + systemd.tmpfiles.rules = [ + "d /var/log/laravel 0755 1000 1000" + ]; + + environment.persistence."/.persist" = { + enable = true; + hideMounts = true; + directories = [ + "/var/lib/nixos" + ]; + files = [ + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + ]; + users.root = { + files = [ + ".config/sops/age/keys.txt" + ]; + }; + users.user = { + files = [ + ".claude.json" + ".claude.json.backup" + ]; + directories = [ + ".claude" + ".local/share/containers" + ".local/share/opencode" + ]; + }; + }; + + services = { + openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + PermitRootLogin = "yes"; + AllowUsers = [ + "user" + "root" + ]; + }; + }; + getty = { + autologinUser = "root"; + autologinOnce = true; + }; + }; + + virtualisation = { + containers.enable = true; + podman = { + enable = true; + defaultNetwork.settings.dns_enabled = true; + dockerCompat = true; + }; + }; + + environment.sessionVariables = { + EDITOR = "nvim"; + }; + + microvm = { + hypervisor = "qemu"; + + vcpu = 4; + mem = 8192; + socket = "control.sock"; + + interfaces = [ + { + id = "vm-${hostname}"; + type = "tap"; + mac = mac; + } + ]; + + volumes = [ + { + mountPoint = "/.persist"; + image = "persist.img"; + size = 1024 * 128; + } + { + mountPoint = "/nix/.rw-store"; + image = "nix-store.img"; + size = 1024 * 128; + } + ]; + + writableStoreOverlay = "/nix/.rw-store"; + shares = [ + { + proto = "virtiofs"; + tag = "downloads"; + source = "/home/user/downloads"; + mountPoint = "/home/user/downloads"; + } + { + proto = "virtiofs"; + tag = "pictures"; + source = "/home/user/pictures"; + mountPoint = "/home/user/pictures"; + } + { + proto = "virtiofs"; + tag = "dealwise"; + source = "/home/user/work/dealwise"; + mountPoint = "/home/user/work/dealwise"; + } + { + proto = "virtiofs"; + tag = "php-data-transfer-object"; + source = "/home/user/dev/icefox/php/data-transfer-object"; + mountPoint = "/home/user/dev/icefox/php/data-transfer-object"; + } + { + proto = "virtiofs"; + tag = "uni"; + source = "/home/user/uni"; + mountPoint = "/home/user/uni"; + } + { + proto = "virtiofs"; + tag = "dev"; + source = "/home/user/dev"; + mountPoint = "/home/user/dev"; + } + { + proto = "virtiofs"; + tag = "ro-store"; + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + } + ]; + + qemu.extraArgs = [ + "-cpu" + "host" + ]; + }; + system.stateVersion = "25.11"; + }; + }; + }; +} diff --git a/vms/secrets/secrets.yaml b/vms/secrets/secrets.yaml new file mode 100644 index 0000000..74be351 --- /dev/null +++ b/vms/secrets/secrets.yaml @@ -0,0 +1,32 @@ +ssh: + private_key: ENC[AES256_GCM,data:0EDM0MEirn14hmU3UV0yFcB6kG8zjYyt+sbIb6v2vr3sqaK0EmBf4VxX1TRxjlT3nDk7NZG60+Lw6+c45COhZX0ApYkElUxPtKXsLM4HZKruJiL3cLicdFDsL7/53tMyp6waFVejq5dbog/kya+dbUujM8p2ILqO9GjB2k0truipq6ThpinytRqu5xccjJzUbEqCrr1U2lKTIm6s83zAJfcrnwEipIoV2WqxjPpeGjGBKwfi4284O1J5zZHvbxB+CQ+4rHrkcsio4CEDLdV6s93d5FHARGt/Ni/ZXfcP2Yve5M4PrakliHVv7dVNrGqX6tDXZkhVlhzCHk0vY9dSTONuvlmeoFtSWpJXG8MfaGzmfkT+/F39U1TpbRyIPL4OyeidvBV4hTJuKmCOSraXnFwz5l3EnZhBbrCBRw8XFTZGS8v8jMcC7QTFYxCDL4GcrSJac9cgDlggygr3Vv8627a+zYSwauuNWPYEf1Nr56owZdJUc6LJpOBd+QR2fiV+coA/cNbNhWOaRS3K/NRS,iv:1lU+UUhH4m5OjyDO5s/sNGGGoT/7NxI5Cs1GL5CEIGU=,tag:EG8YZERDyeG/XkCNO7f/cQ==,type:str] +wg0: + private_key: ENC[AES256_GCM,data:nr7y3wp7EtVW6uI6MBSwyMO9YuMyx/F0AZmD8GmuA3BPQTVTsVSctoKIxLE=,iv:KN68DwGuDo+aPP4mBk1MqY+lxFjisKSwXn0w+yngDRQ=,tag:gpjxIFWaZE+5hbYHVsO1ZQ==,type:str] + address: ENC[AES256_GCM,data:9Tnph2SHKeEt9Ss=,iv:CPR1N7fqqlaThGltSpfqeAOc5bAe13KWskGWj3jI8LQ=,tag:xha/hQOVqfUoGyfKbHhnuQ==,type:str] + conf: ENC[AES256_GCM,data:SRDnI+2PvK7Zz1L5XBvrBNejgJEg8DK+qVO5XEtx6Nal+f7IeB3Ascp8Bkit5fd5myn/RxiK80wYmvLkDmcJAk46UjHKOpbxJl1s5FmKDuZJ3c3MXLwH7k2PeZP14VDDlyQqlcyGBrSu74L64ZMh/6EWGKbONTD1Wt3Ykg+/RegzQFDr2CPbj6XQeXsNS2p0ugicP5ffBMTUa9KSYDMQVV80mjSZ246aeY0owU1VUsitdvsCbfxtFd5gr/9zdfOXOvGY/BKxAlvVbszCalNs9DgJDHt/,iv:FP90SvUGnsZJS7F/uxtbOqTvGOgtC4+r2+YgF5FBoQY=,tag:9G1tkXHTpbytmG9T6sTpMw==,type:str] +wg-br0: + private_key: ENC[AES256_GCM,data:AwGwtS6Bkx5SUwxfaz/UaogGQIwqJidHzyOC0EWCA1UzEo1XV+bFKpdvOjg=,iv:O5RTjtNHC3lY+uVb6JBTwCrxpDSOsVAy8VOvsSatr0M=,tag:HelKY1PtxI3Zi+9Alrw+Ow==,type:str] +sops: + age: + - recipient: age1y0tj3kt67pfnj38t9c8g2ghry3a0mhcq8rrqv5xr4jekwepxaelqzu3dkf + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtOHZSRkpBVVdUUk9OYUFH + cVBra014WXJyRTJ0QWFKallLQlc0SXhNSlFBCmpwME92M2lCN2liVjZBRndlSVBk + OEpUU1YyakdCa0xVaHdhRlpXbGxYdUEKLS0tIDFlV1k0Qkx1UDd2NUVHTTI3NDZE + OWhIdUxDcHB4Z3dTdDkyZWF6NEJCYzAKfPB9AZFQ08yqil+4AhIi6EMy8PXI4CAz + lK4ON/M67T0UrlWN/m3pryOOr4Lj4oiZvdOR0BCO3kn4Pj0nq5jQOA== + -----END AGE ENCRYPTED FILE----- + - recipient: age16v8w7q4wmn22hhakq2uzaus2508rhldm7lcwh0kukshzjzyhuqesqz44ze + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMSC9Td1NTMzk2NlJDTDNM + UVUzTSt1dGkrUVRGT1UzeXcwR1REN1U0dW5JCnNJRzdKZHVyR0dzaUw2TlVzQnQ2 + SHhSSGlDWUNBSXZiME5GM0JPTFRseDQKLS0tIEFnOXgzWFo2Rmo2THN4VFFIY1h0 + OEZ4WUp1QlVrTkVTN1BHMG0yaXFuSk0KLw3ZuvWTurJDTpyoq5YafLm8YFT4v4Vh + s+ay8ju3kA1CKjMF3gBQF08EoCdP/jU6tZerNwwcs17el5zIvRmG7Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-02-06T22:06:59Z" + mac: ENC[AES256_GCM,data:IJXeoVdP8/R51hHNTkpYSj9f1bGRBh5PtlEdbcXuD12DFGZtEFcAeBgfKHSnYBRxZMedd/IxhsQYNatW8T/spAuPi0dEh2mnn9yz3evGjkc1WKGOy24Ou3xhZBboo9tzYfkX3PVGd10kx+vTJh3by7Eq4LjAfyq1vyGj1g3S5nU=,iv:wQsntFE/TO0Z5An9U7yYUIQ/nXbo5nnUQ9ukVMm0KRo=,tag:D9HpVrYEbzaCktzGmD0xvg==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0