diff --git a/.secrets/x1/files.yaml b/.secrets/x1/files.yaml index 0d34976..28a9e42 100644 --- a/.secrets/x1/files.yaml +++ b/.secrets/x1/files.yaml @@ -1,20 +1,5 @@ -hello: ENC[AES256_GCM,data:fXNDiacuFhmqmbo9FiGmoBKeOk7KvuVw3ytzcEzj/VxkqoDCGtJ2YX/TaVQfsQ==,iv:bHP2CYXZth3DX6OIeqdzv3zmFVWdRaNBvLuZx0FSyf8=,tag:bn1w5QcyyQ5EcXyoFnc1Zw==,type:str] -example_key: ENC[AES256_GCM,data:lumROh5JwNpCJrNzxg==,iv:FLmpmVtzMUzPV9Y0nLTKXzisUqCZKonv44LviQTMsfU=,tag:Hp2N7AG7lGNQstt27Ty8pw==,type:str] -#ENC[AES256_GCM,data:KrggG2yc0mFi3zoZ+WLd7w==,iv:GQZPZZH4xGxFcP5BLiwUIVQkCi7Bsmalsz/myNBbdoI=,tag:fzmEQLnWjfVc+iywEFwp9Q==,type:comment] -example_array: - - ENC[AES256_GCM,data:7go3euwMIP7BDuq96vo=,iv:P8hx+DSSbkhrw0SOKLMtcc4/TZBODnQnQFRUxv49oio=,tag:Xi5JbLc+xvcOOv10pY1ydw==,type:str] - - ENC[AES256_GCM,data:WVgP3/Hak8ha5yaPmTU=,iv:2DwnOLze1a0vXfOey2xv4qOVE1PhOMq3e+GR/3RiOPU=,tag:TftAtYcHRQctTV5sBHPKFw==,type:str] -example_number: ENC[AES256_GCM,data:fOprnAAZ/267JQ==,iv:5jvsM3i5iHcpSJWqcryqQJQZCrEP72jcAkyc7qVVirk=,tag:nxecWgcSZOyzuwvOlFawyw==,type:float] -example_booleans: - - ENC[AES256_GCM,data:iCUmxA==,iv:On6DiKbzithmRq+smOW4pEq3tod0zWWT7dyW9ArolLY=,tag:yoD9ODLYSZkuP0qkUrkR3w==,type:bool] - - ENC[AES256_GCM,data:dAYxptk=,iv:JAm9mvA5EH581cZkaNK8yYkV8U8o2gWR2jAh+mUMxt0=,tag:W5sHPszsOzUDZ6mQgIcq+w==,type:bool] -hosts: ENC[AES256_GCM,data:/28ojxFukz4ThwSjQGURtf+h5Ic5WJN6P8nC75zQWan6LANOVc1zk5tVh7qmSLXcGvGW/2IE0dpz2ysY+z7ujYdKSDA2neFy8+NoBXc3REG60nF/QdNiHMg2rlLfq9n7eQAqXGBSpED/41Y/YO2nuV8ehL4GtsDOuFZnxujnLbu+Q6u30yf+/IVqlk3VnWm5C+Fy6bdX2bYOUyM5ce313i4u5slBEBs0l1lQjX1vE4KK5F6t3d410NdGHShB+RXkOhaBujKX/hKEXWQku/nnjgOiP+JURB/qA/SZzxO/yoV7htNvCE/JcfmTk85SVPAmp7uy4egyK4FveKRXtT5Gla1Vnrg1v9NAVCuYgQECqhE3IYEjtUlxul0h+OI4JmnP6y90nLz8RozxGw4qIc8yJgOZmVORqr2PqbFbtdj8MKid9Df0ciU=,iv:YhMTYHV3kc3LQrAGaPgkek5ZrEYYcZxNOPyKUSbgsC8=,tag:Axx5CIPWdDb8hukM7H4sxg==,type:str] wg: ENC[AES256_GCM,data:HjvSsKAkH2yIpuPPteNz/7guP46OrRvH2eKIQPxMSf/kiWXHTRUZDUmGakbOryirkakkgQF1fwxRXehiFULvfaPb9WNx6kR7X7orNWmSR5CRmNWBCB5y7CRsSlO3frL8iKR1JLFjew7omktHiXBew63q38YvsvOeXI2zoLumuGuXl6JH5D9hK2AvEBUehMSkBzrLFgZNeNjsxnFatQEic9e6namjJ2TqcT4F1z4u/5yptkmUCpn4isLjV23zFOALOXcjjyy/9ztcKMGiGE+ULQM3fm+7c3ryux/PmREr2Aj0IDQMDXgJCPvdiHhXvC7K/oGwJPDJeP0v,iv:Lnz5RyUi9D3dClgzFmm4EeD6SZGuFFbs6JBIZevUIdo=,tag:EjheBu/a392lcAgQVVtIuw==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1z87u2na6vts0sqg6sc73p9ym6e5g9a0gf3hp9e7ha47e83zy4efqcjhk0y enc: | @@ -43,8 +28,7 @@ sops: ZktoOXRCUHJIbEhYQVhWT0hHRjUzMU0KcL64LuhLbd5wSM0KzLA3ObUm7s4kjUZ5 IQ9S8DnWyaCurfd+6/fZQR+SVjImI0n67I7EvoFLWUt1heXaRKRqLA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-04T11:23:03Z" - mac: ENC[AES256_GCM,data:l/WirVeSYQLuaZEjAPyX+5DJu3hfqiw1ZzPUNAbNKFQ1vUQf5Zxo3tfM7ROO+x95T9jGE271TIchTJAVu0C2XFTSPv7fJ9+WWyUr3JeFN1kFXt/k8Q5aLGdffAInhN2exsw/KKP0IXta5t4g2QfFsBZTDKCqLaj+WUeGBEJfjoc=,iv:J+6OIcE6i0Nt1Nb4m+aBBYeCj1iLNFigrRWYyYbY5GU=,tag:XTBvtWFNgRzuVyT7sWkGlg==,type:str] - pgp: [] + lastmodified: "2026-01-16T12:48:19Z" + mac: ENC[AES256_GCM,data:U1SIW5TqbvKEWLVIK4cNTqTPROyEqlSdnqaaSHeP2gKbhzCLyV6sTrwoE9D0x8GMXWRAImhI5FtnU1j485cvoYn+LCwjd9RiXNtvuHD8LL2j5lYiMpQHoctpDCx4LR9Mx8MCi9tio+JDUZXKBLM6F/9rHD6rwj0GSQoyG6ExxKI=,iv:6lPl0581yLz5zGN3UBjgiKghk/hsSAWRT1E/JQWBiQc=,tag:HSFHKyd+aVCgr9dl+1ncwQ==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.4 + version: 3.11.0 diff --git a/flake.lock b/flake.lock index 9dbcd34..07d3d9e 100644 --- a/flake.lock +++ b/flake.lock @@ -403,11 +403,11 @@ ] }, "locked": { - "lastModified": 1767910483, - "narHash": "sha256-MOU5YdVu4DVwuT5ztXgQpPuRRBjSjUGIdUzOQr9iQOY=", + "lastModified": 1768603898, + "narHash": "sha256-vRV1dWJOCpCal3PRr86wE2WTOMfAhTu6G7bSvOsryUo=", "owner": "nix-community", "repo": "home-manager", - "rev": "82fb7dedaad83e5e279127a38ef410bcfac6d77c", + "rev": "2a63d0e9d2c72ac4d4150ebb242cf8d86f488c8c", "type": "github" }, "original": { @@ -623,11 +623,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1768028080, - "narHash": "sha256-50aDK+8eLvsLK39TzQhKNq50/HcXyP4hyxOYoPoVxjo=", + "lastModified": 1768323494, + "narHash": "sha256-yBXJLE6WCtrGo7LKiB6NOt6nisBEEkguC/lq/rP3zRQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d03088749a110d52a4739348f39a63f84bb0be14", + "rev": "2c3e5ec5df46d3aeee2a1da0bfedd74e21f4bf3a", "type": "github" }, "original": { @@ -854,11 +854,11 @@ }, "unstable": { "locked": { - "lastModified": 1768127708, - "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=", + "lastModified": 1768564909, + "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38", + "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", "type": "github" }, "original": { diff --git a/homes/x86_64-linux/harald@amd/default.nix b/homes/x86_64-linux/harald@amd/default.nix new file mode 100644 index 0000000..600e092 --- /dev/null +++ b/homes/x86_64-linux/harald@amd/default.nix @@ -0,0 +1,96 @@ +{ config, ... }: +{ + home.sessionPath = [ + "$HOME/bin" + "$HOME/.local/share/JetBrains/Toolbox/scripts" + ]; + + metacfg = { + user = { + enable = true; + name = config.snowfallorg.user.name; + }; + cli-apps = { + bash.enable = true; + fish.enable = true; + neovim.enable = false; + bat.enable = true; + starship.enable = true; + home-manager.enable = true; + }; + tools = { + git.enable = true; + }; + gui.kbd.ellipsis = true; + }; + + fonts.fontconfig.enable = true; + + services.syncthing = { + enable = true; + tray.enable = true; + /* + settings = { + devices = { + "sgx" = { + id = "2AAVSVQ-PK66I2B-2B4KWAU-TF674DG-IXNEKLF-CIWK7HG-7MUC7OW-DQQNAQM"; + }; + "x1" = { + id = "ZXRDFYU-W22PYCZ-7QJJCVN-GGHP3TS-KSY56B4-75OLQRN-UR2A4ZU-7BQBQQZ"; + }; + }; + folders = { + "qibxq-03l4j" = { + path = "~/Documents/logseq"; + devices = [ + "sgx" + ]; + }; + }; + }; + */ + + # overrideFolders = false; + # overrideDevices = false; + }; + + dconf.settings = { + # ... + "org/gnome/shell" = { + disable-user-extensions = false; + + # `gnome-extensions list` for a list + enabled-extensions = [ + "Vitals@CoreCoding.com" + "appindicatorsupport@rgcjonas.gmail.com" + "dash-to-panel@jderose9.github.com" + "hibernate-status@dromi" + "autohide-battery@sitnik.ru" + "clipboard-history@alexsaveau.dev" + ]; + + favorite-apps = [ + "org.gnome.Terminal.desktop" + "jetbrains-toolbox.desktop" + "org.mozilla.firefox.desktop" + "firefox.desktop" + "thunderbird.desktop" + "org.mozilla.Thunderbird.desktop" + "slack.desktop" + "keybase.desktop" + "spotify.desktop" + "org.gnome.Nautilus.desktop" + "virt-manager.desktop" + ]; + }; + "org/virt-manager/virt-manager/connections" = { + autoconnect = [ "qemu:///system" ]; + uris = [ "qemu:///system" ]; + }; + }; + + dconf.settings."org/gnome/desktop/input-sources".xkb-options = [ "mod:ellipsis" ]; + + xdg.enable = true; + xdg.mime.enable = true; +} diff --git a/overlays/unstable/default.nix b/overlays/unstable/default.nix index 6dfc4d1..057670d 100644 --- a/overlays/unstable/default.nix +++ b/overlays/unstable/default.nix @@ -5,13 +5,18 @@ final: prev: { # opencode tailscale claude-code - gnome-remote-desktop freerdp # open-webui # vscode # nodejs_20 ; + gnome-remote-desktop = channels.unstable.gnome-remote-desktop.overrideAttrs (prevAttrs: { + patches = (prevAttrs.patches or [ ]) ++ [ + ./gnome-remote-desktop-mac.patch + ]; + }); + # goose-cli = channels.unstable.callPackage ./goose.nix { }; # claude-code = channels.unstable.callPackage ./claude-code/package.nix { }; # gemini-cli = channels.unstable.callPackage ./gemini-cli/package.nix { }; diff --git a/overlays/unstable/gnome-remote-desktop-mac.patch b/overlays/unstable/gnome-remote-desktop-mac.patch new file mode 100644 index 0000000..ee56c9d --- /dev/null +++ b/overlays/unstable/gnome-remote-desktop-mac.patch @@ -0,0 +1,38 @@ +From 35f9645cf500695da45e6faeacef536dc929d513 Mon Sep 17 00:00:00 2001 +From: Pascal Nowack +Date: Fri, 2 Aug 2024 15:03:06 +0200 +Subject: [PATCH] session-rdp: Also try to identify MS remote desktop client + for Mac + +WIP +--- + src/grd-session-rdp.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/src/grd-session-rdp.c b/src/grd-session-rdp.c +index ecac9e0a..3923e91d 100644 +--- a/src/grd-session-rdp.c ++++ b/src/grd-session-rdp.c +@@ -274,11 +274,15 @@ grd_session_rdp_is_client_mstsc (GrdSessionRdp *session_rdp) + { + rdpContext *rdp_context = session_rdp->peer->context; + rdpSettings *rdp_settings = rdp_context->settings; ++ uint32_t os_major_type = ++ freerdp_settings_get_uint32 (rdp_settings, FreeRDP_OsMajorType); ++ uint32_t os_minor_type = ++ freerdp_settings_get_uint32 (rdp_settings, FreeRDP_OsMinorType); + +- return freerdp_settings_get_uint32 (rdp_settings, FreeRDP_OsMajorType) == +- OSMAJORTYPE_WINDOWS && +- freerdp_settings_get_uint32 (rdp_settings, FreeRDP_OsMinorType) == +- OSMINORTYPE_WINDOWS_NT; ++ return (os_major_type == OSMAJORTYPE_WINDOWS && ++ os_minor_type == OSMINORTYPE_WINDOWS_NT) || ++ (os_major_type == OSMAJORTYPE_OSX && ++ os_minor_type == OSMINORTYPE_UNSPECIFIED); + } + + static WCHAR * +-- +2.45.2 + diff --git a/systems/x86_64-linux/amd/default.nix b/systems/x86_64-linux/amd/default.nix new file mode 100644 index 0000000..9196c56 --- /dev/null +++ b/systems/x86_64-linux/amd/default.nix @@ -0,0 +1,138 @@ +{ + pkgs, + lib, + config, + ... +}: +with lib; +with lib.metacfg; +{ + imports = [ + ./hardware-configuration.nix + ./xremap.nix + ]; + + services.rustdesk-server.signal.enable = false; + networking.firewall.allowedTCPPorts = [ + 22000 + ]; + + programs.ccache.enable = true; + nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; + + services.tailscale.enable = true; + + services.cratedocs-mcp.enable = true; + + services.openssh = { + enable = true; + }; + + hardware.bluetooth.input.General.ClassicBondedOnly = false; + services.udev.extraRules = '' + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="342d", ATTRS{idProduct}=="e4c5", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl" + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="342d", ATTRS{idProduct}=="e489", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl" + ''; + + metacfg = { + base.enable = true; + gui.enable = true; + nix-ld.enable = true; + nix.enable = true; + podman.enable = true; + secureboot.enable = true; + homeprinter.enable = true; + + system = { + limits = { + enable = true; + nofileLimit = 32768; + memlockLimit = 32768; + }; + }; + + # User configuration + tools = { + direnv.enable = true; + }; + user.extraGroups = [ + "docker" + "dialout" + "tss" + ]; + }; + + nixpkgs.config.permittedInsecurePackages = [ + "electron-27.3.11" + ]; + + # increase freezing timeout + boot.kernel.sysctl = { + "power.pm_freeze_timeout" = 30000; + }; + + environment.systemPackages = with pkgs; [ + attic-client + azure-cli + claude-code + claude-desktop-with-fhs + desktop-file-utils + fabric-ai + gemini-cli + gnome-terminal + gnome-remote-desktop + gtypist + k9s + klavaro + kubectl + kubectx + libcamera + logseq + obsidian + piper-tts + tipp10 + uv + vscode + ]; + + zramSwap.enable = true; + + services.ratbagd.enable = true; + + services.resolved.enable = true; + #services.resolved.dnssec = "allow-downgrade"; + #services.resolved.extraConfig = '' + # ResolveUnicastSingleLabel=yes + #''; + + virtualisation = { + libvirtd.enable = true; + }; + + system.autoUpgrade = { + enable = true; + operation = "boot"; + allowReboot = false; + }; + + services.trezord.enable = true; + + services.ollama = { + enable = false; + acceleration = "rocm"; + environmentVariables = { + HSA_OVERRIDE_GFX_VERSION = "10.1.0"; + }; + }; + + /* + environment.sessionVariables = { + LIBVA_DRIVER_NAME = "iHD"; + # NIXOS_OZONE_WL = "1"; + # DRI_PRIME = "pci-0000_24_00_0"; + DRI_PRIME = "pci-0000_00_02_0"; + }; + */ + + system.stateVersion = "25.11"; +} diff --git a/systems/x86_64-linux/amd/hardware-configuration.nix b/systems/x86_64-linux/amd/hardware-configuration.nix new file mode 100644 index 0000000..e73c49b --- /dev/null +++ b/systems/x86_64-linux/amd/hardware-configuration.nix @@ -0,0 +1,31 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "ahci" "xhci_pci" "thunderbolt" "usbhid" "uas" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/050c9912-36c3-4a65-ba8b-ba68e5171e18"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/2C8E-85CB"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/systems/x86_64-linux/amd/xremap.nix b/systems/x86_64-linux/amd/xremap.nix new file mode 100644 index 0000000..64a45c0 --- /dev/null +++ b/systems/x86_64-linux/amd/xremap.nix @@ -0,0 +1,33 @@ +# In /etc/nixos/configuration.nix +{ ... }: +{ + users.users.harald.extraGroups = [ "input" ]; + + # Enable the xremap service + services.xremap.enable = true; + services.xremap.userName = "harald"; # Replace with your username + services.xremap.serviceMode = "user"; # Run as user service, not system-wide + services.xremap.withGnome = true; + + # Add a specific configuration block to select your keyboard(s) by name + services.xremap.deviceNames = [ + # Use the name found in the log output: "Hangsheng MonsGeek Keyboard System Control" + "Hangsheng MonsGeek Keyboard" + "HS Galaxy100 Keyboard" + # You can usually shorten the name slightly to match the device you want + ]; + + # Define your remapping configuration using Nix's attribute set format + services.xremap.config = { + keymap = [ + { + remap = { + # Map Alt+C (LeftAlt-C) to Ctrl+C (LeftControl-C) + LeftAlt-C = "COPY"; + LeftAlt-V = "PASTE"; + LeftAlt-X = "CUT"; + }; + } + ]; + }; +} diff --git a/systems/x86_64-linux/x1/default.nix b/systems/x86_64-linux/x1/default.nix index c9e906c..96122d9 100644 --- a/systems/x86_64-linux/x1/default.nix +++ b/systems/x86_64-linux/x1/default.nix @@ -27,11 +27,8 @@ with lib.metacfg; sops.age.sshKeyPaths = [ "/var/lib/secrets/ssh_host_ed25519_key" ]; sops.secrets."wg".sopsFile = ../../../.secrets/x1/files.yaml; sops.secrets."wg".mode = "0444"; - sops.secrets."hosts".sopsFile = ../../../.secrets/x1/files.yaml; - sops.secrets."hosts".mode = "0444"; environment.etc."wg0.backup.conf".source = config.sops.secrets."wg".path; - environment.etc."hosts.backup".source = config.sops.secrets."hosts".path; services.openssh = { enable = true;