From f4e2368893d85eea21841ad494e179e2a8661aae Mon Sep 17 00:00:00 2001 From: Harald Hoyer Date: Thu, 21 Mar 2024 15:00:36 +0100 Subject: [PATCH] A new start --- .gitattributes | 1 + .gitignore | 1 + .secrets/hetzner/internetbs.yaml | 30 + .secrets/hetzner/postgres.yaml | 31 + .secrets/sgx/backup-s3.yaml | 31 + .secrets/sgx/pccs.yaml | 30 + .secrets/t15/backup-s3.yaml | 31 + .sops.yaml | 21 + README.md | 28 + flake.lock | 2738 +++++++++++++++++ flake.nix | 88 + homes/x86_64-darwin/harald@mpro/default.nix | 32 + homes/x86_64-linux/harald@mx/default.nix | 35 + .../x86_64-linux/harald@sgx-azure/default.nix | 39 + .../x86_64-linux/harald@sgx-nixos/default.nix | 30 + homes/x86_64-linux/harald@sgx/default.nix | 30 + homes/x86_64-linux/harald@t15/default.nix | 65 + homes/x86_64-linux/harald@x1/default.nix | 65 + lib/audio/default.nix | 65 + lib/default.nix | 20 + lib/deploy/default.nix | 51 + lib/file/default.nix | 25 + lib/module/default.nix | 62 + lib/network/default.nix | 54 + modules/darwin/home/default.nix | 40 + modules/darwin/nix/default.nix | 74 + modules/darwin/security/gpg/default.nix | 122 + .../darwin/services/nix-daemon/default.nix | 17 + modules/darwin/suites/common/default.nix | 30 + modules/darwin/system/fonts/default.nix | 32 + modules/darwin/system/interface/default.nix | 29 + modules/darwin/user/default.nix | 45 + modules/home/cli-apps/bash/default.nix | 28 + modules/home/cli-apps/bat/default.nix | 22 + modules/home/cli-apps/fish/default.nix | 60 + .../home/cli-apps/home-manager/default.nix | 31 + modules/home/cli-apps/neovim/default.nix | 230 ++ modules/home/cli-apps/starship/default.nix | 32 + modules/home/cli-apps/tmux/default.nix | 20 + modules/home/host/default.nix | 11 + modules/home/tools/alacritty/default.nix | 22 + modules/home/tools/direnv/default.nix | 18 + modules/home/tools/git/default.nix | 66 + modules/home/tools/jetbrains/default.nix | 21 + modules/home/tools/ssh/default.nix | 24 + modules/home/user/default.nix | 50 + modules/nixos/home/default.nix | 32 + modules/nixos/nix-ld/default.nix | 135 + modules/nixos/nix/default.nix | 94 + modules/nixos/services/base/default.nix | 159 + modules/nixos/services/gui/default.nix | 138 + modules/nixos/services/podman/default.nix | 25 + modules/nixos/services/secureboot/default.nix | 21 + modules/nixos/sgx/aesmd_dcap/default.nix | 30 + modules/nixos/sgx/pccs/default.nix | 69 + modules/nixos/tools/direnv/default.nix | 20 + modules/nixos/tools/git/default.nix | 61 + modules/nixos/user/default.nix | 104 + modules/nixos/user/profile.jpg | Bin 0 -> 33293 bytes overlays/jetbrains-toolbox/default.nix | 5 + overlays/nixsgx/default.nix | 5 + packages/nixos-hosts/default.nix | 49 + packages/nixos-hosts/help/nixos-hosts.sh | 16 + packages/nixos-hosts/nixos-hosts.sh | 324 ++ packages/nixos-revision/default.nix | 73 + packages/rot8000/Cargo.lock | 54 + packages/rot8000/default.nix | 28 + systems/x86_64-darwin/mpro/default.nix | 16 + systems/x86_64-linux/mx/acme.nix | 79 + systems/x86_64-linux/mx/backup.nix | 18 + systems/x86_64-linux/mx/default.nix | 71 + systems/x86_64-linux/mx/forgejo.nix | 54 + systems/x86_64-linux/mx/goaccess.nix | 26 + .../mx/hardware-configuration.nix | 45 + systems/x86_64-linux/mx/kicker.nix | 17 + systems/x86_64-linux/mx/mailserver.nix | 233 ++ systems/x86_64-linux/mx/network.nix | 45 + systems/x86_64-linux/mx/nextcloud.nix | 29 + systems/x86_64-linux/mx/nginx.nix | 166 + systems/x86_64-linux/mx/rspamd.nix | 40 + systems/x86_64-linux/mx/server-raid.nix | 77 + systems/x86_64-linux/mx/users.nix | 23 + systems/x86_64-linux/sgx-nixos/default.nix | 50 + .../sgx-nixos/hardware-configuration.nix | 39 + systems/x86_64-linux/sgx/backup.nix | 76 + systems/x86_64-linux/sgx/default.nix | 55 + systems/x86_64-linux/sgx/fileserver.nix | 75 + .../sgx/hardware-configuration.nix | 64 + systems/x86_64-linux/sgx/network.nix | 42 + systems/x86_64-linux/t15/default.nix | 38 + .../t15/hardware-configuration.nix | 97 + systems/x86_64-linux/x1/default.nix | 23 + .../x1/hardware-configuration.nix | 54 + 93 files changed, 7621 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 .secrets/hetzner/internetbs.yaml create mode 100644 .secrets/hetzner/postgres.yaml create mode 100644 .secrets/sgx/backup-s3.yaml create mode 100644 .secrets/sgx/pccs.yaml create mode 100644 .secrets/t15/backup-s3.yaml create mode 100644 .sops.yaml create mode 100644 README.md create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 homes/x86_64-darwin/harald@mpro/default.nix create mode 100644 homes/x86_64-linux/harald@mx/default.nix create mode 100644 homes/x86_64-linux/harald@sgx-azure/default.nix create mode 100644 homes/x86_64-linux/harald@sgx-nixos/default.nix create mode 100644 homes/x86_64-linux/harald@sgx/default.nix create mode 100644 homes/x86_64-linux/harald@t15/default.nix create mode 100644 homes/x86_64-linux/harald@x1/default.nix create mode 100644 lib/audio/default.nix create mode 100644 lib/default.nix create mode 100644 lib/deploy/default.nix create mode 100644 lib/file/default.nix create mode 100644 lib/module/default.nix create mode 100644 lib/network/default.nix create mode 100644 modules/darwin/home/default.nix create mode 100644 modules/darwin/nix/default.nix create mode 100644 modules/darwin/security/gpg/default.nix create mode 100644 modules/darwin/services/nix-daemon/default.nix create mode 100644 modules/darwin/suites/common/default.nix create mode 100644 modules/darwin/system/fonts/default.nix create mode 100644 modules/darwin/system/interface/default.nix create mode 100644 modules/darwin/user/default.nix create mode 100644 modules/home/cli-apps/bash/default.nix create mode 100644 modules/home/cli-apps/bat/default.nix create mode 100644 modules/home/cli-apps/fish/default.nix create mode 100644 modules/home/cli-apps/home-manager/default.nix create mode 100644 modules/home/cli-apps/neovim/default.nix create mode 100644 modules/home/cli-apps/starship/default.nix create mode 100644 modules/home/cli-apps/tmux/default.nix create mode 100644 modules/home/host/default.nix create mode 100644 modules/home/tools/alacritty/default.nix create mode 100644 modules/home/tools/direnv/default.nix create mode 100644 modules/home/tools/git/default.nix create mode 100644 modules/home/tools/jetbrains/default.nix create mode 100644 modules/home/tools/ssh/default.nix create mode 100644 modules/home/user/default.nix create mode 100644 modules/nixos/home/default.nix create mode 100644 modules/nixos/nix-ld/default.nix create mode 100644 modules/nixos/nix/default.nix create mode 100644 modules/nixos/services/base/default.nix create mode 100644 modules/nixos/services/gui/default.nix create mode 100644 modules/nixos/services/podman/default.nix create mode 100644 modules/nixos/services/secureboot/default.nix create mode 100644 modules/nixos/sgx/aesmd_dcap/default.nix create mode 100644 modules/nixos/sgx/pccs/default.nix create mode 100644 modules/nixos/tools/direnv/default.nix create mode 100644 modules/nixos/tools/git/default.nix create mode 100644 modules/nixos/user/default.nix create mode 100644 modules/nixos/user/profile.jpg create mode 100644 overlays/jetbrains-toolbox/default.nix create mode 100644 overlays/nixsgx/default.nix create mode 100644 packages/nixos-hosts/default.nix create mode 100644 packages/nixos-hosts/help/nixos-hosts.sh create mode 100644 packages/nixos-hosts/nixos-hosts.sh create mode 100644 packages/nixos-revision/default.nix create mode 100644 packages/rot8000/Cargo.lock create mode 100644 packages/rot8000/default.nix create mode 100644 systems/x86_64-darwin/mpro/default.nix create mode 100644 systems/x86_64-linux/mx/acme.nix create mode 100644 systems/x86_64-linux/mx/backup.nix create mode 100644 systems/x86_64-linux/mx/default.nix create mode 100644 systems/x86_64-linux/mx/forgejo.nix create mode 100644 systems/x86_64-linux/mx/goaccess.nix create mode 100644 systems/x86_64-linux/mx/hardware-configuration.nix create mode 100644 systems/x86_64-linux/mx/kicker.nix create mode 100644 systems/x86_64-linux/mx/mailserver.nix create mode 100644 systems/x86_64-linux/mx/network.nix create mode 100644 systems/x86_64-linux/mx/nextcloud.nix create mode 100644 systems/x86_64-linux/mx/nginx.nix create mode 100644 systems/x86_64-linux/mx/rspamd.nix create mode 100644 systems/x86_64-linux/mx/server-raid.nix create mode 100644 systems/x86_64-linux/mx/users.nix create mode 100644 systems/x86_64-linux/sgx-nixos/default.nix create mode 100644 systems/x86_64-linux/sgx-nixos/hardware-configuration.nix create mode 100644 systems/x86_64-linux/sgx/backup.nix create mode 100644 systems/x86_64-linux/sgx/default.nix create mode 100644 systems/x86_64-linux/sgx/fileserver.nix create mode 100644 systems/x86_64-linux/sgx/hardware-configuration.nix create mode 100644 systems/x86_64-linux/sgx/network.nix create mode 100644 systems/x86_64-linux/t15/default.nix create mode 100644 systems/x86_64-linux/t15/hardware-configuration.nix create mode 100644 systems/x86_64-linux/x1/default.nix create mode 100644 systems/x86_64-linux/x1/hardware-configuration.nix diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..b5040d3 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +systems/x86_64-linux/mx/mailserver.nix text filter=rot8000 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a09c56d --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/.idea diff --git a/.secrets/hetzner/internetbs.yaml b/.secrets/hetzner/internetbs.yaml new file mode 100644 index 0000000..887fd92 --- /dev/null +++ b/.secrets/hetzner/internetbs.yaml @@ -0,0 +1,30 @@ +internetbs: ENC[AES256_GCM,data:usJ/08NTnlLNcnzVyycFVe7VN2LS7gNkqQRltpTEKBHu8POjaNK2E7t0tuq3a+EcxkhxBsd7O8lw7fjFDh6ZPo7nfUQjvVQzbaI1JjMUOw==,iv:kJFbg9mt3EMSzrUWEzC4xK6ilAiRp+fktYUX+W6uwSM=,tag:tsE6qpyjA5d4egFM2IJzRA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1qur4kh3gay9ryk3jh2snvjp6x9eq94zdrmgkrfcv4fzsu7l6lumq4tr3uy + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHT3U4dmhTTmRGRnFxMmhQ + Lzc0RWdQaThYZDhtcHFTSHNPNS9pd2RKS0N3CnVlUmx0V3BCUHhkQ1d0Nlk3NGEw + bHM1YWQySEZVV3VjZUcwcE1TSW9scDgKLS0tIFNYbnJxVzA4d2dsQTRVVXhDdFUv + OS9xVXVUSTFmbStObGdLRUl5RWlGTk0Ki6/1TMHB/BfL53qDYvQwmW6xHes27Ni4 + exk+T9OlgKsHQfdRpu3t3TrdnFIJYmAJeuU6NNdlp18juNPp9kbBEg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1dwcz3fmp29ju4svy0t0wz4ylhpwlqa8xpw4l7t4gmgqr0ev37qrsfn840l + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUY2VCS1ZtWjc3VFFLSUhl + R2EzbE5SMWlWOXZhWmVuckFzVGR1aFp2aVQ0CllkemVFaFhwYzgxNFNlL3Z1QWRP + d0Rqb2FtYXI5T2ZzUjJIMXluUWwwdnMKLS0tIEQ4Yk1vRzVpZVF4blFxVkdIRGFl + ZmMxald2NU9HSE1ZOUN5R2twMXdmVGcKAXcUXemrleTxGxkMP+4mWh8uYwN1FTDc + cHbaln4DsDOqHtqqpJheTqN0mMOmkDvTCq2jbiKIkr2sruh49acIoA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-24T13:45:16Z" + mac: ENC[AES256_GCM,data:MOEFuQSx+SlXM7ajjQR6twCULem19A/hYKHBQhnLMb2V9o8SuYOvhmn8dz/UE558dnJt6eIB0rRKTItEbxNfyjvr6r2q+GPi7OM85ytLd0UuNPwcKUrqmlx5JPCRWt189U+qetbIDH7PXCawfccbLJmJWHBhFn+ZwqPbLs2wUnI=,iv:YUcEofcFTT8KgVVoQg/+bsCgBTdyGmmYLX7m1cqonhA=,tag:9oKLUS0eebRvC7UwEgkhew==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/.secrets/hetzner/postgres.yaml b/.secrets/hetzner/postgres.yaml new file mode 100644 index 0000000..502eb90 --- /dev/null +++ b/.secrets/hetzner/postgres.yaml @@ -0,0 +1,31 @@ +postgres: + gitea_dbpass: ENC[AES256_GCM,data:YdouHox7M6iTygteftGMB1W/hEWUchlZ+35ofgbI0xoYGt7QzVZyPKpO8cvcVNPTgdWk6B1zWlFw6JRhXv+ovg==,iv:0EkZGv8iQkq2fcyViCJy/Rj7n3w1BSuU5NiPw5sJhr0=,tag:z3Ff2dNzJBuBqyGiqoxZcg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1qur4kh3gay9ryk3jh2snvjp6x9eq94zdrmgkrfcv4fzsu7l6lumq4tr3uy + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBOUVxRXduVWhjNHdnZCtH + U0VLWE01VkJaWmNDUzE1bmorRDN5RWNwTnhJClRkcDNzb1U2MzZ3TDhXSnI4Z252 + a1A0dzQ5eUlScDhhYjl6WEdnYnlxUm8KLS0tIDczaXlvcDVwUzdQY1h6a01QM2p6 + T3FBVWJqaHQwVnIrNFVsWVBub2djMG8KsbZb43UkVe1Up0O15UTC/PdsEkwwOnVW + 9P4AGO097HfTLkAjKJHx5QYF02dJ+4xb6rgzUYt9Nr8h8+GD0xRAfQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1dwcz3fmp29ju4svy0t0wz4ylhpwlqa8xpw4l7t4gmgqr0ev37qrsfn840l + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdlhZbDhqamNGU2QrZDN5 + MlY5RFgrV3NJUk1PYWJLSnpCZjhiTUF5b0RrCmRHV0JnYlBmL2p0WE9UTzJUcVhK + dkhiYlJtYWtDN0lseHRCNTUzb252TmsKLS0tIGZKbjA3dkVwcnZNK2djV1BvSkJo + a09FM1ZqSWdsdytjdVFCanVldHVoWUUKyy/LXNd/vZLdgXYXfloFkNviaddvrazw + 4Z0bJ/fqGvRPlLkTUzZlhWKVXfZFGgo5nQSEvyphkIb6UCyd9VamnA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-24T14:02:40Z" + mac: ENC[AES256_GCM,data:7yikTQ7wsy13Hfwo5VKpUow8KW2/UYfzrWuA6Rp+21FglG3f7s6PLlrpMLooDPiaHxiPfc1fHg3u6UDcotyUljMZMQCCfvmLC1saALB6lFHEj3KoTa/NtgimYB2FeK92RcrU+EymmwZItmI/t1CuH8/qvXydWnO9zMWplMtW89Y=,iv:PEmElInahA5pPQvR9aatpKt+JhsKEtBPCPm926/59Uo=,tag:mflo6uSOh8SDKoC5JLHDIw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/.secrets/sgx/backup-s3.yaml b/.secrets/sgx/backup-s3.yaml new file mode 100644 index 0000000..448895a --- /dev/null +++ b/.secrets/sgx/backup-s3.yaml @@ -0,0 +1,31 @@ +backup-s3: ENC[AES256_GCM,data:gT5yQDC/nW7INa6e+BZOiR+Ky6SvU8hsRMvCoBDw8bOJT4yWlLkeYjoZOUSAdNaWyrNuypy72TUnq4+Udhrqd9YeneR7vj+UOSsNpDdqzVaTb0kTiL0lBT3RvXZ3QYVmSqYFnjrR,iv:VVQkDUuQwxHYFgOWueYIYq9M3WSIEYycdH+j+ibeS8w=,tag:wKe5kz0HxpZOW7GCw9rctg==,type:str] +backup-pw: ENC[AES256_GCM,data:JRgZXuO1eABr4fNmWJO/WgFLirEbGssLy+Lc29FWNFfBomDlr+73AFUcj1Ln8w92msuxubOY81jgEtG15PFX/g==,iv:4i6UyGYMJE4a2L4485ywlhZAE900wjVRia/X92Xr3Yg=,tag:d2oU6tSUwj3cdLJNmDHEEQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age149fqcw5jze00vd7jauylrp4j5xyv7amlu57jjfuzghkqtzlnxajs704uz3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPRjFydkVQTXlCWEJCSjNl + Unk1ejJ3K0M4dFVNeFFHK1c4ZjhwTG93b1cwCnJkN3BQZE1Na3VyZkc5SU1PNVkv + b3hVNzNIRStnemZ2RUlxSDJxRWtGTDAKLS0tIGVmK0d0Y2twMTE0U0hoRmRVR2R0 + cjhYNlJZdG1QVzYyRzhoUm1wLzdGY1kK0QNSItqjmwLTxQaMEC1bYrtlpE8EGlHb + hkWADj/Qw8m7Hbi1YCL6YWalHfoHM80VlfGGV6oAH4KH7l2mykqfzQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1dwcz3fmp29ju4svy0t0wz4ylhpwlqa8xpw4l7t4gmgqr0ev37qrsfn840l + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNcHc0NXY1YVhiREJ6ZFBz + cGVqM2ZvZVBYSnlZZ00vS2ZjeUZHeEVrelJ3CnhQRWhWcFRHeUJrcE9OaU9sQ21n + bDJBdnMrRTRKdEtMcWpDQTdqc0R4dDAKLS0tIGZPeTdGOFBSMjhTOEk5TEVnS2tm + QVZ6UEU3eFBEZ2RBRFdMd0sraVl4Z2cKOxGZrvhamIKuYubd6xvHS5VgFuXw7i+x + JvB7Wuu1+GTKk3VM7n66tjZrcZId4W8N9kYtl7w/mE4l5Wg9zIK6ig== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-12-06T12:32:28Z" + mac: ENC[AES256_GCM,data:wkR3Z6WuR2h2MuA9vPwcr1Lw0xJrNRIa5REUYT8j4Fhxd+zLghzemp7CoSBxzYaVeD5xIS4FYYvjAxkAV9FZMMWznjkFI+RkBMvlA6O7cUrUtTwh7YJ4ZTfh0iNcihuBXH9XWA7Ku0C9SwGUjGj+uaKPW4JCaVaNxDg0VzdyFeg=,iv:BdI68VoQlPF+eT7FglGyMgtgUT+3okSp9KIZQsIZSZo=,tag:hzQ9I/WXdtqwYjQyeD9XcA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/.secrets/sgx/pccs.yaml b/.secrets/sgx/pccs.yaml new file mode 100644 index 0000000..be1c54c --- /dev/null +++ b/.secrets/sgx/pccs.yaml @@ -0,0 +1,30 @@ +pccs: ENC[AES256_GCM,data:gsew4gI/i9vGt0X9pKeGed1ItbKEwL/OuYi7W4kti421V2Lor5QGXWsfw89408mPBP68d1qI6Q5BIUvCJdw7c3NJRH/W5UMF7c5ZlVtwrPK2q2v98LiwoeZ1KRDVrGSrchqVw00PClWIKkvh69s7iD10G3Wm8Ctr8ownLVaJnPPn2GQBtX1KJFXz8ikqKf5dUw3aQh7RGxkoLjzgrMx+7jW/t3R9MnPB1eMIUrsXrC40WXuxPaFDRdgvkCZG3KY0RGxR9ndvdDixunYheeKCt8norFrE4GG5Zj9/SHL40JVOTp53lu2IqkroxvDCiANCvVmKiwhLBcPwblgJ8gB9/6+ofNZqKunnBsJ6HNQczqHWFG1p7YNXAkCeZF4R6+TGHEfCmtrzoV0sPPv43peQX5Ibp84iHggCHAaDvOMtDz6zdKFmNC08jqPVC393IkP5KeHDK3hyoa8sVm6PhqCDG5QR8NmySGoXDDdOx1aj0b0xUPHviEQbegn6LlwmXA==,iv:7m5Y0h6apbtOHufVnV/uoK3sEzj5mPvk4eHd1/XCpKs=,tag:K4JmlbXlFzQHlJSYoFasww==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age149fqcw5jze00vd7jauylrp4j5xyv7amlu57jjfuzghkqtzlnxajs704uz3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3VXloZWZoWFpPcm9KMnJp + c00vZDM3d01PWXpnVy9tb3NXZkZ0a0JlaVhVCmx6dXZwaUNWY3FzbTdBMlJNTEVB + MlNHa1Q3VmlrUnhNSlpFYmc4Qm5mNFkKLS0tIHlzY2VMVXBZYW9kaUdRakZUNlk3 + SXBoeEZxNktZSDc3aUh2b2g2OXpZQ3cKLNHjYAAHR5LwoSKfaFT8eLJxYNmk/f1S + xNaGpR+sS/6xNSHtkz2w++crcPa/mt9qlQja1kLSGB3PFURSqfUjRQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1dwcz3fmp29ju4svy0t0wz4ylhpwlqa8xpw4l7t4gmgqr0ev37qrsfn840l + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2anNCTitMRzh0dmt3M1pa + REs5SmhJdExtS2lubXd3ZzY0OGxrTEtnVnlJCmRQNTQ1Rnh6aVpVdTZyYzl4aGJY + OVFiMHNTR090UkRqWDAxS0wwMEhDREkKLS0tIHVDU1A3Y3dKZGh6YlVud3FWNDJj + NW1jNlNVd2cwYXZyY3ZZQTJPM3ZRUlEK8/MXSxDhEo/P2NlZT8IrgwuWRAM/75XA + vrnlknbGJI9bto7O5j77O4OKSuniGat1/ZA5xG/o8YhumSbDtk5ZTA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-12-06T11:31:45Z" + mac: ENC[AES256_GCM,data:5nHxMRjWM8OQ1eyU5KtaC7m74Ss/L4/FF5Bn/zKCfX/x0GS/Q01lwGmHk/4Loyj66pt8wJCtK8mzL67RKPARAiX/9BS9pENYgfRwRk4cEmo/OdjSTOKkr7BO8Q9vAd1beMbDkX1pY/MJpmqvsYdK1yd5yNioAh8IC/PvSh2wu7s=,iv:a7cM8dpm+LMUysaQRT6odCChuLPM1biPHQOFTilH1o8=,tag:f330s/P+rlFVgr0CMc5Jjg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/.secrets/t15/backup-s3.yaml b/.secrets/t15/backup-s3.yaml new file mode 100644 index 0000000..ccf1a76 --- /dev/null +++ b/.secrets/t15/backup-s3.yaml @@ -0,0 +1,31 @@ +backup-s3: ENC[AES256_GCM,data:VsEBUFu2QekSxaBTik4pfnmDKmW68x/R0H90sRVPLyup3MRs0PBk7Qk0hCJGbxzShjlLYcDQcHe0nHyhqmrbNz9U9/cu7hyOKa9QKZvvBcpGApfd8ngdgNnrNdQs4X8No/l66T3w,iv:ylNxJncjVQ6EamgMYbbsoDOcjSocZDV/C/lZTnoX4x0=,tag:SPMFr9cOKyuDhSZaXoUuTg==,type:str] +backup-pw: ENC[AES256_GCM,data:9hF0rxhktvZ/WSY3/AypZ4FBv0c8Ny2XGKXR647LkAbxWgGsP9iMBMOse/RT/ysgBoOvew2i8/8BPt8xtaMHhw==,iv:H/skkAgZOQCKQZ1a8MnuiFDjsNYlfZafbmYxH38EIv4=,tag:Zs231HOXzxCP2KsLgD7rew==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1f2yu0cc826ej7hs4g865y29zy9uqfy0yp32f2m80typpk2pxqp7sfcffj4 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBheng3clhCbklBZkM3RTdI + Sm5ld1Y4R3VEdjFLV0hMMVNWVXFKK21vRG5nClptb1ZXckQ1YmJQVSt2VVNFOFVq + RUo0ait0eWl6dXBwd3UzUjNBTWNDZzAKLS0tIGlwSnhpTTFIRUVNVUxnNWxnNTlh + VW5ka2c1dzFBSFFqaHJKWXBUL0RBbTgKwdvyBXOa8B2K1VezacEuO0sYX2ApzGt6 + JUHUiIOTEWL703FGnkv+hRAtItePYHXmmotpysc1bA25F8Pl4obrqA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1dwcz3fmp29ju4svy0t0wz4ylhpwlqa8xpw4l7t4gmgqr0ev37qrsfn840l + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5ODhLMzNqVm9DMTJ4Sm1p + bXNZMTZreUNPUVdCelJyWGhlUGVYai9hOFVnCkIzM1Vrcjd4YVJhM1hKQ200b3FT + cDJyK3FqTGNHSEtKc3U4bVltS252WEEKLS0tIHViSXB6a1dHZlQrbjB4N2FEcjhh + YktVSFdCempHOTVvL1kxbG44c1RpejAKSMeyP6ayLajIvDKGcG7s5JwIvVXiKaFU + VDDj3eTOEKNBZYCyOoq4IA82G8AvRWaacefAgqBk5dE25LbD2xYHLg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-12-18T13:32:35Z" + mac: ENC[AES256_GCM,data:c4Jum1uWOOsYORM5c3Woo/rjKII4femGBDfc4YPxl8BSKR9oo6Z9R+88lO5egrxT7CoKdJz+izuPgT2EjU7C4OvQ+7aDwpMV2X/lHgvB54V5Lq6I+lLKL5gXG8lt1Bm2YcDrFIWsa+RfInwO9S8yBjkCVbdTnOZZGwNlAYrI31o=,iv:dGK1WmLKryXpjEHvmFXkXYOESTLOIS6ovaunlreVhmI=,tag:W88dYlb2cJ61m7JWYJQIJA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..7449b04 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,21 @@ +keys: + - &server_hetzner age1qur4kh3gay9ryk3jh2snvjp6x9eq94zdrmgkrfcv4fzsu7l6lumq4tr3uy + - &server_sgx age149fqcw5jze00vd7jauylrp4j5xyv7amlu57jjfuzghkqtzlnxajs704uz3 + - &server_t15 age1f2yu0cc826ej7hs4g865y29zy9uqfy0yp32f2m80typpk2pxqp7sfcffj4 + - &harald age1dwcz3fmp29ju4svy0t0wz4ylhpwlqa8xpw4l7t4gmgqr0ev37qrsfn840l +creation_rules: + - path_regex: .secrets/hetzner/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - age: + - *server_hetzner + - *harald + - path_regex: .secrets/sgx/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - age: + - *server_sgx + - *harald + - path_regex: .secrets/t15/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - age: + - *server_t15 + - *harald diff --git a/README.md b/README.md new file mode 100644 index 0000000..7543ad0 --- /dev/null +++ b/README.md @@ -0,0 +1,28 @@ +Install system via nixos-anywhere + +```bash +❯ nix run github:numtide/nixos-anywhere -- \ + --flake 'git+https://git.hoyer.xyz/harald/nixcfg'.#hostname \ + root@hostname --no-reboot --tty -i $HOME/.ssh/id_ed25519 +... enter disk password +❯ ssh -t root@hostname systemd-cryptenroll /dev/luksdev --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=1,15 +``` + +nixos-rebuild remote git flake + +```bash +❯ sudo nixos-rebuild boot --refresh --flake git+https://git.hoyer.xyz/harald/nixcfg +``` + +home-manager remote git flake + +```bash +❯ nix --refresh run 'git+https://git.hoyer.xyz/harald/nixcfg' -- \ + switch -b backup --flake 'git+https://git.hoyer.xyz/harald/nixcfg' +``` + +`command-not-found` unable to open database + +```bash +❯ sudo nix-channel --update +``` diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..cb96378 --- /dev/null +++ b/flake.lock @@ -0,0 +1,2738 @@ +{ + "nodes": { + "alpha-nvim": { + "flake": false, + "locked": { + "lastModified": 1689470865, + "narHash": "sha256-wgjYus4XlJ0GoQWTo5gf7yyKYhseOXKOqUXEiwXpEJQ=", + "owner": "goolord", + "repo": "alpha-nvim", + "rev": "e4fc5e29b731bdf55d204c5c6a11dc3be70f3b65", + "type": "github" + }, + "original": { + "owner": "goolord", + "repo": "alpha-nvim", + "type": "github" + } + }, + "blobs": { + "flake": false, + "locked": { + "lastModified": 1604995301, + "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=", + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "type": "gitlab" + } + }, + "bufdelete-nvim": { + "flake": false, + "locked": { + "lastModified": 1688027130, + "narHash": "sha256-UubYRfRAXZ89WOc3QFMvAMjNjLW6bV4nDgSa1CRZkIM=", + "owner": "famiu", + "repo": "bufdelete.nvim", + "rev": "07d1f8ba79dec59d42b975a4df1c732b2e4e37b4", + "type": "github" + }, + "original": { + "owner": "famiu", + "repo": "bufdelete.nvim", + "type": "github" + } + }, + "catppuccin": { + "flake": false, + "locked": { + "lastModified": 1700667946, + "narHash": "sha256-TBOaD7A8/c/sg78C1hUpPDuIrrQkSUQR1KgHiDb6jxs=", + "owner": "catppuccin", + "repo": "nvim", + "rev": "a2107df4379d66e72a36a89792603151cebec1bf", + "type": "github" + }, + "original": { + "owner": "catppuccin", + "repo": "nvim", + "type": "github" + } + }, + "ccc": { + "flake": false, + "locked": { + "lastModified": 1686587775, + "narHash": "sha256-T1ryyTdbU/335MpD184PSnBLgj4S2Kzf9hZnwc9to+I=", + "owner": "uga-rosa", + "repo": "ccc.nvim", + "rev": "4a0ddaf787cc82796e84ab8a7f70d086f250aeb6", + "type": "github" + }, + "original": { + "owner": "uga-rosa", + "repo": "ccc.nvim", + "type": "github" + } + }, + "cellular-automaton": { + "flake": false, + "locked": { + "lastModified": 1674679594, + "narHash": "sha256-h4KQCf8+GbxWSyZzDny07YFZm7j+aSSfm51lsaK0Ers=", + "owner": "Eandrju", + "repo": "cellular-automaton.nvim", + "rev": "679943b8e1e5ef79aaeeaf4b00782c52eb4e928f", + "type": "github" + }, + "original": { + "owner": "Eandrju", + "repo": "cellular-automaton.nvim", + "type": "github" + } + }, + "cheatsheet-nvim": { + "flake": false, + "locked": { + "lastModified": 1640255456, + "narHash": "sha256-TYkGB7cON2t4GwMaR9H1MDG2j3btBv2AR37ade8kqTY=", + "owner": "sudormrfbin", + "repo": "cheatsheet.nvim", + "rev": "9716f9aaa94dd1fd6ce59b5aae0e5f25e2a463ef", + "type": "github" + }, + "original": { + "owner": "sudormrfbin", + "repo": "cheatsheet.nvim", + "type": "github" + } + }, + "cinnamon-nvim": { + "flake": false, + "locked": { + "lastModified": 1670143364, + "narHash": "sha256-JglXQhoPgN9sQ3yuv0+VQxmKMvoQTu5lbGLSRaQkytI=", + "owner": "declancm", + "repo": "cinnamon.nvim", + "rev": "c406ffda3a0302f32c23b24ab756ea20467d6578", + "type": "github" + }, + "original": { + "owner": "declancm", + "repo": "cinnamon.nvim", + "type": "github" + } + }, + "cmp-buffer": { + "flake": false, + "locked": { + "lastModified": 1660101488, + "narHash": "sha256-dG4U7MtnXThoa/PD+qFtCt76MQ14V1wX8GMYcvxEnbM=", + "owner": "hrsh7th", + "repo": "cmp-buffer", + "rev": "3022dbc9166796b644a841a02de8dd1cc1d311fa", + "type": "github" + }, + "original": { + "owner": "hrsh7th", + "repo": "cmp-buffer", + "type": "github" + } + }, + "cmp-nvim-lsp": { + "flake": false, + "locked": { + "lastModified": 1687494203, + "narHash": "sha256-mU0soCz79erJXMMqD/FyrJZ0mu2n6fE0deymPzQlxts=", + "owner": "hrsh7th", + "repo": "cmp-nvim-lsp", + "rev": "44b16d11215dce86f253ce0c30949813c0a90765", + "type": "github" + }, + "original": { + "owner": "hrsh7th", + "repo": "cmp-nvim-lsp", + "type": "github" + } + }, + "cmp-path": { + "flake": false, + "locked": { + "lastModified": 1664784283, + "narHash": "sha256-thppiiV3wjIaZnAXmsh7j3DUc6ceSCvGzviwFUnoPaI=", + "owner": "hrsh7th", + "repo": "cmp-path", + "rev": "91ff86cd9c29299a64f968ebb45846c485725f23", + "type": "github" + }, + "original": { + "owner": "hrsh7th", + "repo": "cmp-path", + "type": "github" + } + }, + "cmp-treesitter": { + "flake": false, + "locked": { + "lastModified": 1680745848, + "narHash": "sha256-WOcg6w4M20gpMCZjZ3DpPIA55SGLjV75fhckefiVfU0=", + "owner": "ray-x", + "repo": "cmp-treesitter", + "rev": "389eadd48c27aa6dc0e6b992644704f026802a2e", + "type": "github" + }, + "original": { + "owner": "ray-x", + "repo": "cmp-treesitter", + "type": "github" + } + }, + "cmp-vsnip": { + "flake": false, + "locked": { + "lastModified": 1669100283, + "narHash": "sha256-2mkN03noOr5vBvRbSb35xZKorSH+8savQNZtgM9+QcM=", + "owner": "hrsh7th", + "repo": "cmp-vsnip", + "rev": "989a8a73c44e926199bfd05fa7a516d51f2d2752", + "type": "github" + }, + "original": { + "owner": "hrsh7th", + "repo": "cmp-vsnip", + "type": "github" + } + }, + "codewindow-nvim": { + "flake": false, + "locked": { + "lastModified": 1690128662, + "narHash": "sha256-7ntC06PhxfuKnGyXpiW4juP3fWR97DH3Gygwvscv3OY=", + "owner": "gorbit99", + "repo": "codewindow.nvim", + "rev": "11fb5520898d22a563fe6a124a61c0d2887f3d3f", + "type": "github" + }, + "original": { + "owner": "gorbit99", + "repo": "codewindow.nvim", + "type": "github" + } + }, + "comment-nvim": { + "flake": false, + "locked": { + "lastModified": 1686546603, + "narHash": "sha256-XM9yhp+SGxfAOdN/eDunzM0TMoCJhVth3wpFKNCGf3g=", + "owner": "numToStr", + "repo": "Comment.nvim", + "rev": "176e85eeb63f1a5970d6b88f1725039d85ca0055", + "type": "github" + }, + "original": { + "owner": "numToStr", + "repo": "Comment.nvim", + "type": "github" + } + }, + "copilot-cmp": { + "flake": false, + "locked": { + "lastModified": 1683831407, + "narHash": "sha256-+MzEGnhlrYRvAfskOwmw69OC1CsPXt7s3z+xPe9XPqs=", + "owner": "zbirenbaum", + "repo": "copilot-cmp", + "rev": "c2cdb3c0f5078b0619055af192295830a7987790", + "type": "github" + }, + "original": { + "owner": "zbirenbaum", + "repo": "copilot-cmp", + "type": "github" + } + }, + "copilot-lua": { + "flake": false, + "locked": { + "lastModified": 1688190439, + "narHash": "sha256-lD9FdbKKZ6d/BjIfqp0Ust2hqSYNLpCFWxuaKUO9qLs=", + "owner": "zbirenbaum", + "repo": "copilot.lua", + "rev": "e48bd7020a98be217d85c006a298656294fd6210", + "type": "github" + }, + "original": { + "owner": "zbirenbaum", + "repo": "copilot.lua", + "type": "github" + } + }, + "crane": { + "inputs": { + "flake-compat": [ + "lanzaboote", + "flake-compat" + ], + "flake-utils": [ + "lanzaboote", + "flake-utils" + ], + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ], + "rust-overlay": [ + "lanzaboote", + "rust-overlay" + ] + }, + "locked": { + "lastModified": 1681177078, + "narHash": "sha256-ZNIjBDou2GOabcpctiQykEQVkI8BDwk7TyvlWlI4myE=", + "owner": "ipetkov", + "repo": "crane", + "rev": "0c9f468ff00576577d83f5019a66c557ede5acf6", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crates-nvim": { + "flake": false, + "locked": { + "lastModified": 1688295570, + "narHash": "sha256-ah+fTmzkZn+xuL3sG2RxlCtDiFsRv3SY1iJzYKMIaMg=", + "owner": "Saecki", + "repo": "crates.nvim", + "rev": "4ce7c51b881e58f1e2f8f437f30e4e583cbac319", + "type": "github" + }, + "original": { + "owner": "Saecki", + "repo": "crates.nvim", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1710717205, + "narHash": "sha256-Wf3gHh5uV6W1TV/A8X8QJf99a5ypDSugY4sNtdJDe0A=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "bcc8afd06e237df060c85bad6af7128e05fd61a3", + "type": "github" + }, + "original": { + "owner": "lnl7", + "repo": "nix-darwin", + "type": "github" + } + }, + "dashboard-nvim": { + "flake": false, + "locked": { + "lastModified": 1690351087, + "narHash": "sha256-aVMugjgA9lnORUVDBpa8G800Ev86htP4hDGrBq6Sw6s=", + "owner": "glepnir", + "repo": "dashboard-nvim", + "rev": "c17d3210b3dec8798b4fc82a11c542989251f85d", + "type": "github" + }, + "original": { + "owner": "glepnir", + "repo": "dashboard-nvim", + "type": "github" + } + }, + "diffview-nvim": { + "flake": false, + "locked": { + "lastModified": 1689788060, + "narHash": "sha256-0tsgwI/qZm8Gj3NyN9CA+YHf3qim7vGXI+vbEcFBKbQ=", + "owner": "sindrets", + "repo": "diffview.nvim", + "rev": "e91110d2a7f8e2f667666aba6ea089ff823f8748", + "type": "github" + }, + "original": { + "owner": "sindrets", + "repo": "diffview.nvim", + "type": "github" + } + }, + "dirt-samples-src": { + "flake": false, + "locked": { + "lastModified": 1588278411, + "narHash": "sha256-h8vQxRym6QzNLOTZU7A43VCHuG0H77l+BFwXnC0L1CE=", + "owner": "tidalcycles", + "repo": "dirt-samples", + "rev": "66d432418c9a7d82cf049d9246adfa62f46df2a6", + "type": "github" + }, + "original": { + "owner": "tidalcycles", + "ref": "master", + "repo": "dirt-samples", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1710724748, + "narHash": "sha256-aXlifKr6Brg0SBUBgRNEBaZf3JLUeGhM9BX2gam+vvo=", + "owner": "nix-community", + "repo": "disko", + "rev": "c09c3a9639690f94ddff44c3dd25c85602e5aeb2", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "dracula": { + "flake": false, + "locked": { + "lastModified": 1690594744, + "narHash": "sha256-gblqxRTphGBpEOx57/4oU/B50O0OguIm1bFtd4LXuQ4=", + "owner": "Mofiqul", + "repo": "dracula.nvim", + "rev": "9fe831e685a76e1a1898a694623b33247c4d036c", + "type": "github" + }, + "original": { + "owner": "Mofiqul", + "repo": "dracula.nvim", + "type": "github" + } + }, + "dressing-nvim": { + "flake": false, + "locked": { + "lastModified": 1690648598, + "narHash": "sha256-hndRErSXhX1BHM90nuhiZkgHwkclLEMv5vtF+GDzUP4=", + "owner": "stevearc", + "repo": "dressing.nvim", + "rev": "829bc80400651aea31b03d8fc9a99135512fe67a", + "type": "github" + }, + "original": { + "owner": "stevearc", + "repo": "dressing.nvim", + "type": "github" + } + }, + "elixir-ls": { + "flake": false, + "locked": { + "lastModified": 1690526097, + "narHash": "sha256-lR1xsOJhz0W/Z3E2EUWujpUvpgUkLLDr0E6Ao31zi8s=", + "owner": "elixir-lsp", + "repo": "elixir-ls", + "rev": "216ff0e2969c2bbe45d324c4d6a5f08e6b681f5e", + "type": "github" + }, + "original": { + "owner": "elixir-lsp", + "repo": "elixir-ls", + "type": "github" + } + }, + "elixir-tools": { + "flake": false, + "locked": { + "lastModified": 1690555653, + "narHash": "sha256-7wDEChXTUGp8ONT6jufIJp05vawzo4AXg35ELNLvysA=", + "owner": "elixir-tools", + "repo": "elixir-tools.nvim", + "rev": "883933b57c9150c71ad2b99a4080685d83e095b8", + "type": "github" + }, + "original": { + "owner": "elixir-tools", + "repo": "elixir-tools.nvim", + "type": "github" + } + }, + "fidget-nvim": { + "flake": false, + "locked": { + "lastModified": 1686378433, + "narHash": "sha256-N3O/AvsD6Ckd62kDEN4z/K5A3SZNR15DnQeZhH6/Rr0=", + "owner": "j-hui", + "repo": "fidget.nvim", + "rev": "90c22e47be057562ee9566bad313ad42d622c1d3", + "type": "github" + }, + "original": { + "owner": "j-hui", + "ref": "legacy", + "repo": "fidget.nvim", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_4": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_5": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1680392223, + "narHash": "sha256-n3g7QFr85lDODKt250rkZj2IFS3i4/8HBU2yKHO3tqw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "dcc36e45d054d7bb554c9cdab69093debd91a0b5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1688466019, + "narHash": "sha256-VeM2akYrBYMsb4W/MmBo1zmaMfgbL4cH3Pu8PGyIwJ0=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "8e8d955c22df93dbe24f19ea04f47a74adbdc5ec", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1681202837, + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils-plus": { + "inputs": { + "flake-utils": "flake-utils_4" + }, + "locked": { + "lastModified": 1696331477, + "narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=", + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3", + "type": "github" + }, + "original": { + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "type": "github" + } + }, + "flake-utils-plus_2": { + "inputs": { + "flake-utils": "flake-utils_5" + }, + "locked": { + "lastModified": 1696331477, + "narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=", + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3", + "type": "github" + }, + "original": { + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1689068808, + "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_4": { + "inputs": { + "systems": "systems_4" + }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_5": { + "inputs": { + "systems": "systems_5" + }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flutter-tools": { + "flake": false, + "locked": { + "lastModified": 1690188839, + "narHash": "sha256-h8s5g6KU7dMesDqiwzv2MmUGk6jlU5lBnuVA3LaoI1g=", + "owner": "akinsho", + "repo": "flutter-tools.nvim", + "rev": "561d85b16d8ca2938820a9c26b2fe74096d89c81", + "type": "github" + }, + "original": { + "owner": "akinsho", + "repo": "flutter-tools.nvim", + "type": "github" + } + }, + "gesture-nvim": { + "flake": false, + "locked": { + "lastModified": 1687655077, + "narHash": "sha256-ps/dAKIga2ZVunwj+KU/Iej4PGZbBvm5ZzcK30EiKMc=", + "owner": "notomo", + "repo": "gesture.nvim", + "rev": "aa273e7982943ac6ccf6b864f3fd40ad287a9fe2", + "type": "github" + }, + "original": { + "owner": "notomo", + "repo": "gesture.nvim", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1660459072, + "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitsigns-nvim": { + "flake": false, + "locked": { + "lastModified": 1690463120, + "narHash": "sha256-kraK0GP5aLGbh1eVZCm41D6BztjFxthSXGnE5CxhrZs=", + "owner": "lewis6991", + "repo": "gitsigns.nvim", + "rev": "5d73da785a3c05fd63ac31769079db05169a6ec7", + "type": "github" + }, + "original": { + "owner": "lewis6991", + "repo": "gitsigns.nvim", + "type": "github" + } + }, + "glow-nvim": { + "flake": false, + "locked": { + "lastModified": 1690579937, + "narHash": "sha256-ZDlQfSJHq9CbOpTDgmIoMq4gDzHxoUslFfN5XKtrDtM=", + "owner": "ellisonleao", + "repo": "glow.nvim", + "rev": "8942dfb05794f436af4fbc90a34393f1fd36f361", + "type": "github" + }, + "original": { + "owner": "ellisonleao", + "repo": "glow.nvim", + "type": "github" + } + }, + "highlight-undo": { + "flake": false, + "locked": { + "lastModified": 1695227852, + "narHash": "sha256-I1AwVYqpJNA3K1AwGy/VgPnbrYvX19qfI9bQFZNu1SU=", + "owner": "tzachar", + "repo": "highlight-undo.nvim", + "rev": "50a6884a8476be04ecce8f1c4ed692c5000ef0a1", + "type": "github" + }, + "original": { + "owner": "tzachar", + "repo": "highlight-undo.nvim", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1710888565, + "narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-23.11", + "repo": "home-manager", + "type": "github" + } + }, + "hop-nvim": { + "flake": false, + "locked": { + "lastModified": 1684332066, + "narHash": "sha256-xdjFbdp0+S3pVdwcOFmad8PMUU033WeDzswOSdxSQjg=", + "owner": "phaazon", + "repo": "hop.nvim", + "rev": "03f0434869f1f38868618198b5f4f2ab6d39aef2", + "type": "github" + }, + "original": { + "owner": "phaazon", + "repo": "hop.nvim", + "type": "github" + } + }, + "icon-picker-nvim": { + "flake": false, + "locked": { + "lastModified": 1683205244, + "narHash": "sha256-/oi2Kj7GDXzN3ccPoxyxXtQTYSxtZndgELZa2XgZ3U8=", + "owner": "ziontee113", + "repo": "icon-picker.nvim", + "rev": "e6dca182518eeb7a51470c13605a5bce08a816e4", + "type": "github" + }, + "original": { + "owner": "ziontee113", + "repo": "icon-picker.nvim", + "type": "github" + } + }, + "indent-blankline": { + "flake": false, + "locked": { + "lastModified": 1697081010, + "narHash": "sha256-e8gn4pJYALaQ6sGA66SFf8p6VLJBPxT/BimQhOd5eBs=", + "owner": "lukas-reineke", + "repo": "indent-blankline.nvim", + "rev": "0fe34b4c1b926e106d105d3ae88ef6cbf6743572", + "type": "github" + }, + "original": { + "owner": "lukas-reineke", + "repo": "indent-blankline.nvim", + "type": "github" + } + }, + "kommentary": { + "flake": false, + "locked": { + "lastModified": 1672983049, + "narHash": "sha256-N4n5tjNB1yX/QxH+t5aG0VxNwZhUJejv0b5V62WEKDU=", + "owner": "b3nj5m1n", + "repo": "kommentary", + "rev": "3a80117148c6798972bb69414423311ab151d368", + "type": "github" + }, + "original": { + "owner": "b3nj5m1n", + "repo": "kommentary", + "type": "github" + } + }, + "lanzaboote": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ], + "pre-commit-hooks-nix": "pre-commit-hooks-nix", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1682802423, + "narHash": "sha256-Fb5TeRTdvUlo/5Yi2d+FC8a6KoRLk2h1VE0/peMhWPs=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "64b903ca87d18cef2752c19c098af275c6e51d63", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "v0.3.0", + "repo": "lanzaboote", + "type": "github" + } + }, + "leap-nvim": { + "flake": false, + "locked": { + "lastModified": 1690120911, + "narHash": "sha256-9GFZ5CuR92kFGwh/ouqSSp14eOLZLpzpoFTEuYL7biQ=", + "owner": "ggandor", + "repo": "leap.nvim", + "rev": "5efe985cf68fac3b6a6dfe7a75fbfaca8db2af9c", + "type": "github" + }, + "original": { + "owner": "ggandor", + "repo": "leap.nvim", + "type": "github" + } + }, + "lsp-lines": { + "flake": false, + "locked": { + "lastModified": 1684163755, + "narHash": "sha256-Zhf2xitLWtE+dWqhvWtLM1K1WdtBvkqqoRLSYIO42oY=", + "owner": "~whynothugo", + "repo": "lsp_lines.nvim", + "rev": "f53af96d4789eef39a082dbcce078d2bfc384ece", + "type": "sourcehut" + }, + "original": { + "owner": "~whynothugo", + "repo": "lsp_lines.nvim", + "type": "sourcehut" + } + }, + "lsp-signature": { + "flake": false, + "locked": { + "lastModified": 1690267930, + "narHash": "sha256-qvcs0KuO2/NdtiTZIxJ2vrwV0I5PjzjMvoAePPasaJM=", + "owner": "ray-x", + "repo": "lsp_signature.nvim", + "rev": "58d4e810801da74c29313da86075d6aea537501f", + "type": "github" + }, + "original": { + "owner": "ray-x", + "repo": "lsp_signature.nvim", + "type": "github" + } + }, + "lspkind": { + "flake": false, + "locked": { + "lastModified": 1683275543, + "narHash": "sha256-S+qZm51hw/cRujIfHV/1x1fYyCKI4XQ0utSL8uy4l6I=", + "owner": "onsails", + "repo": "lspkind-nvim", + "rev": "57610d5ab560c073c465d6faf0c19f200cb67e6e", + "type": "github" + }, + "original": { + "owner": "onsails", + "repo": "lspkind-nvim", + "type": "github" + } + }, + "lspsaga": { + "flake": false, + "locked": { + "lastModified": 1670360222, + "narHash": "sha256-7ENInq3LAPPTdm0Fb7klOc630j8m4LRj1kLZZFYLh68=", + "owner": "tami5", + "repo": "lspsaga.nvim", + "rev": "5faeec9f2508d2d49a66c0ac0d191096b4e3fa81", + "type": "github" + }, + "original": { + "owner": "tami5", + "repo": "lspsaga.nvim", + "type": "github" + } + }, + "lualine": { + "flake": false, + "locked": { + "lastModified": 1683213422, + "narHash": "sha256-ltHE8UIquGo07BSlFGM1l3wmTNN43i8kx6QY7Fj2CNo=", + "owner": "hoob3rt", + "repo": "lualine.nvim", + "rev": "05d78e9fd0cdfb4545974a5aa14b1be95a86e9c9", + "type": "github" + }, + "original": { + "owner": "hoob3rt", + "repo": "lualine.nvim", + "type": "github" + } + }, + "mind-nvim": { + "flake": false, + "locked": { + "lastModified": 1679526071, + "narHash": "sha256-JIhAhQYGLLRucwlhzfckQYU5qjqbHtNH52JlGS5a79w=", + "owner": "phaazon", + "repo": "mind.nvim", + "rev": "002137dd7cf97865ebd01b6a260209d2daf2da66", + "type": "github" + }, + "original": { + "owner": "phaazon", + "repo": "mind.nvim", + "type": "github" + } + }, + "minimap-vim": { + "flake": false, + "locked": { + "lastModified": 1690301768, + "narHash": "sha256-yRWZH9caSxrWjUXlM84fU90tZjNfX97m0m491ZsIHxA=", + "owner": "wfxr", + "repo": "minimap.vim", + "rev": "74573b63b9ef0583262b6bf6ef209eb7f3b06b94", + "type": "github" + }, + "original": { + "owner": "wfxr", + "repo": "minimap.vim", + "type": "github" + } + }, + "modes-nvim": { + "flake": false, + "locked": { + "lastModified": 1682778003, + "narHash": "sha256-qrGgraBdAvIc6AXqMMWESlOV29lM5zC1du1r5L2kpQQ=", + "owner": "mvllow", + "repo": "modes.nvim", + "rev": "4d97a51ebbdb649b85f6d79da0009fddd7081a6b", + "type": "github" + }, + "original": { + "owner": "mvllow", + "repo": "modes.nvim", + "type": "github" + } + }, + "naersk": { + "inputs": { + "nixpkgs": [ + "neovim-flake", + "rnix-lsp", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1655042882, + "narHash": "sha256-9BX8Fuez5YJlN7cdPO63InoyBy7dm3VlJkkmTt6fS1A=", + "owner": "nix-community", + "repo": "naersk", + "rev": "cddffb5aa211f50c4b8750adbec0bbbdfb26bb9f", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "naersk", + "type": "github" + } + }, + "neodev-nvim": { + "flake": false, + "locked": { + "lastModified": 1695449121, + "narHash": "sha256-WisbNLKEz0IgO7gLDA2quNzK69hJaHzmvWkZSUPQb6k=", + "owner": "folke", + "repo": "neodev.nvim", + "rev": "c8e126393a34939fb448d48eeddb510971739e3a", + "type": "github" + }, + "original": { + "owner": "folke", + "repo": "neodev.nvim", + "type": "github" + } + }, + "neovim-flake": { + "inputs": { + "alpha-nvim": "alpha-nvim", + "bufdelete-nvim": "bufdelete-nvim", + "catppuccin": "catppuccin", + "ccc": "ccc", + "cellular-automaton": "cellular-automaton", + "cheatsheet-nvim": "cheatsheet-nvim", + "cinnamon-nvim": "cinnamon-nvim", + "cmp-buffer": "cmp-buffer", + "cmp-nvim-lsp": "cmp-nvim-lsp", + "cmp-path": "cmp-path", + "cmp-treesitter": "cmp-treesitter", + "cmp-vsnip": "cmp-vsnip", + "codewindow-nvim": "codewindow-nvim", + "comment-nvim": "comment-nvim", + "copilot-cmp": "copilot-cmp", + "copilot-lua": "copilot-lua", + "crates-nvim": "crates-nvim", + "dashboard-nvim": "dashboard-nvim", + "diffview-nvim": "diffview-nvim", + "dracula": "dracula", + "dressing-nvim": "dressing-nvim", + "elixir-ls": "elixir-ls", + "elixir-tools": "elixir-tools", + "fidget-nvim": "fidget-nvim", + "flake-parts": "flake-parts_2", + "flake-utils": "flake-utils_2", + "flutter-tools": "flutter-tools", + "gesture-nvim": "gesture-nvim", + "gitsigns-nvim": "gitsigns-nvim", + "glow-nvim": "glow-nvim", + "highlight-undo": "highlight-undo", + "hop-nvim": "hop-nvim", + "icon-picker-nvim": "icon-picker-nvim", + "indent-blankline": "indent-blankline", + "kommentary": "kommentary", + "leap-nvim": "leap-nvim", + "lsp-lines": "lsp-lines", + "lsp-signature": "lsp-signature", + "lspkind": "lspkind", + "lspsaga": "lspsaga", + "lualine": "lualine", + "mind-nvim": "mind-nvim", + "minimap-vim": "minimap-vim", + "modes-nvim": "modes-nvim", + "neodev-nvim": "neodev-nvim", + "nil": "nil", + "nixpkgs": [ + "nixpkgs" + ], + "nmd": "nmd", + "noice-nvim": "noice-nvim", + "none-ls": "none-ls", + "nui-nvim": "nui-nvim", + "nvim-autopairs": "nvim-autopairs", + "nvim-bufferline-lua": "nvim-bufferline-lua", + "nvim-cmp": "nvim-cmp", + "nvim-code-action-menu": "nvim-code-action-menu", + "nvim-colorizer-lua": "nvim-colorizer-lua", + "nvim-compe": "nvim-compe", + "nvim-cursorline": "nvim-cursorline", + "nvim-dap": "nvim-dap", + "nvim-dap-ui": "nvim-dap-ui", + "nvim-docs-view": "nvim-docs-view", + "nvim-lightbulb": "nvim-lightbulb", + "nvim-lspconfig": "nvim-lspconfig", + "nvim-navbuddy": "nvim-navbuddy", + "nvim-navic": "nvim-navic", + "nvim-neoclip": "nvim-neoclip", + "nvim-notify": "nvim-notify", + "nvim-session-manager": "nvim-session-manager", + "nvim-surround": "nvim-surround", + "nvim-tree-lua": "nvim-tree-lua", + "nvim-treesitter-context": "nvim-treesitter-context", + "nvim-ts-autotag": "nvim-ts-autotag", + "nvim-web-devicons": "nvim-web-devicons", + "obsidian-nvim": "obsidian-nvim", + "onedark": "onedark", + "orgmode-nvim": "orgmode-nvim", + "oxocarbon": "oxocarbon", + "plenary-nvim": "plenary-nvim", + "presence-nvim": "presence-nvim", + "project-nvim": "project-nvim", + "registers": "registers", + "rnix-lsp": "rnix-lsp", + "rust-tools": "rust-tools", + "scrollbar-nvim": "scrollbar-nvim", + "smartcolumn": "smartcolumn", + "sqls-nvim": "sqls-nvim", + "systems": "systems_3", + "tabular": "tabular", + "telescope": "telescope", + "tidalcycles": "tidalcycles", + "todo-comments": "todo-comments", + "toggleterm-nvim": "toggleterm-nvim", + "tokyonight": "tokyonight", + "trouble": "trouble", + "vim-dirtytalk": "vim-dirtytalk", + "vim-illuminate": "vim-illuminate", + "vim-markdown": "vim-markdown", + "vim-repeat": "vim-repeat", + "vim-startify": "vim-startify", + "vim-vsnip": "vim-vsnip", + "which-key": "which-key", + "zig": "zig" + }, + "locked": { + "lastModified": 1700843779, + "narHash": "sha256-hEc9YWsUYAAHUz8tLHwIBvFfJbSD49rpvMBMC9HS7g4=", + "owner": "notashelf", + "repo": "neovim-flake", + "rev": "712b8a8e934ddbb41678b82b19c67ff9155619ff", + "type": "github" + }, + "original": { + "owner": "notashelf", + "ref": "v0.5", + "repo": "neovim-flake", + "type": "github" + } + }, + "nil": { + "inputs": { + "flake-utils": [ + "neovim-flake", + "flake-utils" + ], + "nixpkgs": [ + "neovim-flake", + "nixpkgs" + ], + "rust-overlay": "rust-overlay_2" + }, + "locked": { + "lastModified": 1699423608, + "narHash": "sha256-WEVUgivm5DCziwZqiXRPeoD3FQTXW38ExKrZjvMveqE=", + "owner": "oxalica", + "repo": "nil", + "rev": "5607d429016d6f9a72843b07127fad23ea9d661f", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "nil", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1656753965, + "narHash": "sha256-BCrB3l0qpJokOnIVc3g2lHiGhnjUi0MoXiw6t1o8H1E=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "0ea7a8f1b939d74e5df8af9a8f7342097cdf69eb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-23_05": { + "locked": { + "lastModified": 1704290814, + "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.05", + "type": "indirect" + } + }, + "nixpkgs-23_11": { + "locked": { + "lastModified": 1706098335, + "narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a77ab169a83a4175169d78684ddd2e54486ac651", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.11", + "type": "indirect" + } + }, + "nixpkgs-lib": { + "locked": { + "dir": "lib", + "lastModified": 1688049487, + "narHash": "sha256-100g4iaKC9MalDjUW9iN6Jl/OocTDtXdeAj7pEGIRh4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "4bc72cae107788bf3f24f30db2e2f685c9298dc9", + "type": "github" + }, + "original": { + "dir": "lib", + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1678872516, + "narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9b8e5abb18324c7fe9f07cb100c3cd4a29cda8b8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-22.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { + "locked": { + "lastModified": 1710628718, + "narHash": "sha256-y+l3eH53UlENaYa1lmnCBHusZb1kxBEFd2/c7lDsGpw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "6dc11d9859d6a18ab0c5e5829a5b8e4810658de3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1655400192, + "narHash": "sha256-49OBVVRgb9H/PSmNT9W61+NRdDbuSJVuDDflwXlaUKU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3d7435c638baffaa826b85459df0fff47f12317d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1689088367, + "narHash": "sha256-Y2tl2TlKCWEHrOeM9ivjCLlRAKH3qoPUE/emhZECU14=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5c9ddb86679c400d6b7360797b8a22167c2053f8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1710951922, + "narHash": "sha256-FOOBJ3DQenLpTNdxMHR2CpGZmYuctb92gF0lpiirZ30=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "f091af045dff8347d66d186a62d42aceff159456", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1707091808, + "narHash": "sha256-LahKBAfGbY836gtpVNnWwBTIzN7yf/uYM/S0g393r0Y=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "9f2ee8c91ac42da3ae6c6a1d21555f283458247e", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixsgx-flake": { + "inputs": { + "nixpkgs": "nixpkgs_5", + "snowfall-lib": "snowfall-lib" + }, + "locked": { + "lastModified": 1710409997, + "narHash": "sha256-wJNbtX4pbPdkoS9oKRLqiZRCAwqT0JG6esCJtJEjSBw=", + "owner": "matter-labs", + "repo": "nixsgx", + "rev": "6aef709945875bae7cd4e62a1ef0b62766a507b7", + "type": "github" + }, + "original": { + "owner": "matter-labs", + "repo": "nixsgx", + "type": "github" + } + }, + "nmd": { + "flake": false, + "locked": { + "lastModified": 1696846470, + "narHash": "sha256-S/6s3nRcg+xZfsO7aLe01W+EMAKFVyieHa4eFvOKOLk=", + "owner": "horriblename", + "repo": "nmd", + "rev": "bcf805ce85b9e938f7e027b3311137ffbd995794", + "type": "github" + }, + "original": { + "owner": "horriblename", + "repo": "nmd", + "type": "github" + } + }, + "noice-nvim": { + "flake": false, + "locked": { + "lastModified": 1690306450, + "narHash": "sha256-Zca6meJkfF4fl17Y+6s77GYrqnhkkzIYW73vAhKg7e4=", + "owner": "folke", + "repo": "noice.nvim", + "rev": "894db25ec726d32047799d4d0a982b701bec453b", + "type": "github" + }, + "original": { + "owner": "folke", + "repo": "noice.nvim", + "type": "github" + } + }, + "none-ls": { + "flake": false, + "locked": { + "lastModified": 1697600654, + "narHash": "sha256-dDMZEgT5uG31bEsLiX9r6MJlOJUdQyeTPJAeRcY2z7s=", + "owner": "nvimtools", + "repo": "none-ls.nvim", + "rev": "dc9b7e28f5573a1a2225ffb33893d23d3e052ed6", + "type": "github" + }, + "original": { + "owner": "nvimtools", + "repo": "none-ls.nvim", + "type": "github" + } + }, + "nui-nvim": { + "flake": false, + "locked": { + "lastModified": 1689828309, + "narHash": "sha256-nSUs9zAX7hQ3PuFrH4zQblMfTY6ALDNggmqaQnkbR5E=", + "owner": "MunifTanjim", + "repo": "nui.nvim", + "rev": "9e3916e784660f55f47daa6f26053ad044db5d6a", + "type": "github" + }, + "original": { + "owner": "MunifTanjim", + "repo": "nui.nvim", + "type": "github" + } + }, + "nvim-autopairs": { + "flake": false, + "locked": { + "lastModified": 1689332359, + "narHash": "sha256-bu+WpW5Wfk3pS74mzVvehl7dVMHgrttmV4ZSlfwbai4=", + "owner": "windwp", + "repo": "nvim-autopairs", + "rev": "ae5b41ce880a6d850055e262d6dfebd362bb276e", + "type": "github" + }, + "original": { + "owner": "windwp", + "repo": "nvim-autopairs", + "type": "github" + } + }, + "nvim-bufferline-lua": { + "flake": false, + "locked": { + "lastModified": 1690184232, + "narHash": "sha256-MiQsYeLgADCaUf1x88q/7gO17F992HMlt1pu9dYEmp0=", + "owner": "akinsho", + "repo": "nvim-bufferline.lua", + "rev": "99f0932365b34e22549ff58e1bea388465d15e99", + "type": "github" + }, + "original": { + "owner": "akinsho", + "repo": "nvim-bufferline.lua", + "type": "github" + } + }, + "nvim-cmp": { + "flake": false, + "locked": { + "lastModified": 1688965049, + "narHash": "sha256-Hq6YUfMQo1rHoay3/NieGCne7U/f06GwUPhN2HO0PdQ=", + "owner": "hrsh7th", + "repo": "nvim-cmp", + "rev": "c4e491a87eeacf0408902c32f031d802c7eafce8", + "type": "github" + }, + "original": { + "owner": "hrsh7th", + "repo": "nvim-cmp", + "type": "github" + } + }, + "nvim-code-action-menu": { + "flake": false, + "locked": { + "lastModified": 1671523188, + "narHash": "sha256-7szx+Me6WhrANbmfQ6C6gfSVB2owd02b3iZYhz7K6wY=", + "owner": "weilbith", + "repo": "nvim-code-action-menu", + "rev": "e4399dbaf6eabff998d3d5f1cbcd8d9933710027", + "type": "github" + }, + "original": { + "owner": "weilbith", + "repo": "nvim-code-action-menu", + "type": "github" + } + }, + "nvim-colorizer-lua": { + "flake": false, + "locked": { + "lastModified": 1591879145, + "narHash": "sha256-6YrnItxExL2C8pNIdLd+hXCjsB2MbZANwWkah6dreD8=", + "owner": "norcalli", + "repo": "nvim-colorizer.lua", + "rev": "36c610a9717cc9ec426a07c8e6bf3b3abcb139d6", + "type": "github" + }, + "original": { + "owner": "norcalli", + "repo": "nvim-colorizer.lua", + "type": "github" + } + }, + "nvim-compe": { + "flake": false, + "locked": { + "lastModified": 1633188506, + "narHash": "sha256-Y2oqvsuAKM3qjmmtJVD9z34682eCRF25kPL+rxhhg7I=", + "owner": "hrsh7th", + "repo": "nvim-compe", + "rev": "d186d739c54823e0b010feb205c6f97792322c08", + "type": "github" + }, + "original": { + "owner": "hrsh7th", + "repo": "nvim-compe", + "type": "github" + } + }, + "nvim-cursorline": { + "flake": false, + "locked": { + "lastModified": 1650034925, + "narHash": "sha256-Uhw65p1KBjs8KsVOmTzuiu3XKclxBob8AVdWEt30C/8=", + "owner": "yamatsum", + "repo": "nvim-cursorline", + "rev": "804f0023692653b2b2368462d67d2a87056947f9", + "type": "github" + }, + "original": { + "owner": "yamatsum", + "repo": "nvim-cursorline", + "type": "github" + } + }, + "nvim-dap": { + "flake": false, + "locked": { + "lastModified": 1690444190, + "narHash": "sha256-OSJA+K8eGj87RWo2tE0kT6bAItGkMMtuR0HB8WEXZ4k=", + "owner": "mfussenegger", + "repo": "nvim-dap", + "rev": "2f28ea843bcdb378b171a66ddcd568516e431d55", + "type": "github" + }, + "original": { + "owner": "mfussenegger", + "repo": "nvim-dap", + "type": "github" + } + }, + "nvim-dap-ui": { + "flake": false, + "locked": { + "lastModified": 1689371609, + "narHash": "sha256-z6TFe7+r/g2tfgdXr6PCPri5lSboi66zZmsdyWTI1BM=", + "owner": "rcarriga", + "repo": "nvim-dap-ui", + "rev": "85b16ac2309d85c88577cd8ee1733ce52be8227e", + "type": "github" + }, + "original": { + "owner": "rcarriga", + "repo": "nvim-dap-ui", + "type": "github" + } + }, + "nvim-docs-view": { + "flake": false, + "locked": { + "lastModified": 1697737319, + "narHash": "sha256-EmQbnleqxE+VHO5bMI9U/gMpwbJbPdNhrEWE7357MCE=", + "owner": "amrbashir", + "repo": "nvim-docs-view", + "rev": "74a5e989e3fdcfd9418bb9dfec0ace308e00a5a0", + "type": "github" + }, + "original": { + "owner": "amrbashir", + "repo": "nvim-docs-view", + "type": "github" + } + }, + "nvim-lightbulb": { + "flake": false, + "locked": { + "lastModified": 1689887436, + "narHash": "sha256-Meoop66jINllnxN6aohuPmU7DEjn64FMq/b8zuy9FEQ=", + "owner": "kosayoda", + "repo": "nvim-lightbulb", + "rev": "8f00b89dd1b1dbde16872bee5fbcee2e58c9b8e9", + "type": "github" + }, + "original": { + "owner": "kosayoda", + "repo": "nvim-lightbulb", + "type": "github" + } + }, + "nvim-lspconfig": { + "flake": false, + "locked": { + "lastModified": 1690356683, + "narHash": "sha256-Ama9nLC/T1wJWal6bKvgY0ywUUiJ5VLuIxoY1xbJKtY=", + "owner": "neovim", + "repo": "nvim-lspconfig", + "rev": "b6091272422bb0fbd729f7f5d17a56d37499c54f", + "type": "github" + }, + "original": { + "owner": "neovim", + "repo": "nvim-lspconfig", + "type": "github" + } + }, + "nvim-navbuddy": { + "flake": false, + "locked": { + "lastModified": 1688569844, + "narHash": "sha256-011RT/wnQdBR1vMrXFwxbicBAgdcd4eQYPbok/o3CIE=", + "owner": "SmiteshP", + "repo": "nvim-navbuddy", + "rev": "244a4cded6f2b568403684131d148048efe4e8af", + "type": "github" + }, + "original": { + "owner": "SmiteshP", + "repo": "nvim-navbuddy", + "type": "github" + } + }, + "nvim-navic": { + "flake": false, + "locked": { + "lastModified": 1689944100, + "narHash": "sha256-M7BT1C9xHyLgr22JI3b+wyD+bYs6FgKc6PIqMrXnNr4=", + "owner": "SmiteshP", + "repo": "nvim-navic", + "rev": "9c89730da6a05acfeb6a197e212dfadf5aa60ca0", + "type": "github" + }, + "original": { + "owner": "SmiteshP", + "repo": "nvim-navic", + "type": "github" + } + }, + "nvim-neoclip": { + "flake": false, + "locked": { + "lastModified": 1684196333, + "narHash": "sha256-96AwMgyC7PTDEPS5tXwDT3WfK8jJJuIYGE+q+j6U5Uc=", + "owner": "AckslD", + "repo": "nvim-neoclip.lua", + "rev": "4e406ae0f759262518731538f2585abb9d269bac", + "type": "github" + }, + "original": { + "owner": "AckslD", + "repo": "nvim-neoclip.lua", + "type": "github" + } + }, + "nvim-notify": { + "flake": false, + "locked": { + "lastModified": 1685978736, + "narHash": "sha256-Rr2tzuEr06M9ZbvQbC07qcxkyjFJFYdABwRpYelKBFI=", + "owner": "rcarriga", + "repo": "nvim-notify", + "rev": "ea9c8ce7a37f2238f934e087c255758659948e0f", + "type": "github" + }, + "original": { + "owner": "rcarriga", + "repo": "nvim-notify", + "type": "github" + } + }, + "nvim-session-manager": { + "flake": false, + "locked": { + "lastModified": 1689976511, + "narHash": "sha256-04GL+0JdtD2hEOSrRJUh3Wdpoy2igjHt95Nf3WioFU4=", + "owner": "Shatur", + "repo": "neovim-session-manager", + "rev": "4883372b1ef2bdcf4cbdac44c98d68c216914462", + "type": "github" + }, + "original": { + "owner": "Shatur", + "repo": "neovim-session-manager", + "type": "github" + } + }, + "nvim-surround": { + "flake": false, + "locked": { + "lastModified": 1685464327, + "narHash": "sha256-r3D5WTqEnIL1T3p7cmkRmBY8qgwFFJptM7BKNNsCT8k=", + "owner": "kylechui", + "repo": "nvim-surround", + "rev": "10b20ca7d9da1ac8df8339e140ffef94f9ab3b18", + "type": "github" + }, + "original": { + "owner": "kylechui", + "repo": "nvim-surround", + "type": "github" + } + }, + "nvim-tree-lua": { + "flake": false, + "locked": { + "lastModified": 1690616703, + "narHash": "sha256-kTbYvT21wLfiwEpQAgGZtep2GP4F9e7e6XGVpr4D1hY=", + "owner": "nvim-tree", + "repo": "nvim-tree.lua", + "rev": "4bd30f0137e44dcf3e74cc1164efb568f78f2b02", + "type": "github" + }, + "original": { + "owner": "nvim-tree", + "repo": "nvim-tree.lua", + "type": "github" + } + }, + "nvim-treesitter-context": { + "flake": false, + "locked": { + "lastModified": 1689239188, + "narHash": "sha256-AJamiDezFK7l0bqb/VFm+pzBKugQNCmQ6JAWKmjH76g=", + "owner": "nvim-treesitter", + "repo": "nvim-treesitter-context", + "rev": "6f8f788738b968f24a108ee599c5be0031f94f06", + "type": "github" + }, + "original": { + "owner": "nvim-treesitter", + "repo": "nvim-treesitter-context", + "type": "github" + } + }, + "nvim-ts-autotag": { + "flake": false, + "locked": { + "lastModified": 1686883732, + "narHash": "sha256-4qTtXYA5HyG1sADV0wsiccO/G89qEoYPmlg8tTx7h8g=", + "owner": "windwp", + "repo": "nvim-ts-autotag", + "rev": "6be1192965df35f94b8ea6d323354f7dc7a557e4", + "type": "github" + }, + "original": { + "owner": "windwp", + "repo": "nvim-ts-autotag", + "type": "github" + } + }, + "nvim-web-devicons": { + "flake": false, + "locked": { + "lastModified": 1689474464, + "narHash": "sha256-FtEJBhqvs+c/Rvy4qXf3iyoMTTKrDBvQw5g63n4KEYo=", + "owner": "nvim-tree", + "repo": "nvim-web-devicons", + "rev": "efbfed0567ef4bfac3ce630524a0f6c8451c5534", + "type": "github" + }, + "original": { + "owner": "nvim-tree", + "repo": "nvim-web-devicons", + "type": "github" + } + }, + "obsidian-nvim": { + "flake": false, + "locked": { + "lastModified": 1690662423, + "narHash": "sha256-qemlp11QSp4BnWadN3+3ndv47e+1yS+w91GumbzQric=", + "owner": "epwalsh", + "repo": "obsidian.nvim", + "rev": "f81ddfa56b87fda158d3a56625a8040a7cf23fef", + "type": "github" + }, + "original": { + "owner": "epwalsh", + "repo": "obsidian.nvim", + "type": "github" + } + }, + "onedark": { + "flake": false, + "locked": { + "lastModified": 1689269544, + "narHash": "sha256-HfyYEppo9NFswYlPKnHNOZO5eiTQSORQhWAkzCmM2m4=", + "owner": "navarasu", + "repo": "onedark.nvim", + "rev": "cae5fdf035ee92c407a29ee2ccfcff503d2be7f1", + "type": "github" + }, + "original": { + "owner": "navarasu", + "repo": "onedark.nvim", + "type": "github" + } + }, + "orgmode-nvim": { + "flake": false, + "locked": { + "lastModified": 1690291768, + "narHash": "sha256-jc89zEAtHBh8785gNW/UZ9jkgTee/XYMm4+jyW7G2Oo=", + "owner": "nvim-orgmode", + "repo": "orgmode", + "rev": "6b6eb8eabbed4d95568fd1f5374a3dff7ed51a3b", + "type": "github" + }, + "original": { + "owner": "nvim-orgmode", + "repo": "orgmode", + "type": "github" + } + }, + "oxocarbon": { + "flake": false, + "locked": { + "lastModified": 1687168305, + "narHash": "sha256-2o++5aRDULfI35d+7psa6bk0eSXH2HwfuGjGtYGjR4w=", + "owner": "glyh", + "repo": "oxocarbon.nvim", + "rev": "7591d2e18df05374d612acba2b2573c7ff44dce4", + "type": "github" + }, + "original": { + "owner": "glyh", + "ref": "lualine-support", + "repo": "oxocarbon.nvim", + "type": "github" + } + }, + "plenary-nvim": { + "flake": false, + "locked": { + "lastModified": 1689589150, + "narHash": "sha256-oRtNcURQzrIRS3D88tWAl3HuFHxVJr8m/zzL7xoa/II=", + "owner": "nvim-lua", + "repo": "plenary.nvim", + "rev": "267282a9ce242bbb0c5dc31445b6d353bed978bb", + "type": "github" + }, + "original": { + "owner": "nvim-lua", + "repo": "plenary.nvim", + "type": "github" + } + }, + "pre-commit-hooks-nix": { + "inputs": { + "flake-compat": [ + "lanzaboote", + "flake-compat" + ], + "flake-utils": [ + "lanzaboote", + "flake-utils" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1681413034, + "narHash": "sha256-/t7OjNQcNkeWeSq/CFLYVBfm+IEnkjoSm9iKvArnUUI=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "d3de8f69ca88fb6f8b09e5b598be5ac98d28ede5", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "presence-nvim": { + "flake": false, + "locked": { + "lastModified": 1674984077, + "narHash": "sha256-ZpsunLsn//zYgUtmAm5FqKVueVd/Pa1r55ZDqxCimBk=", + "owner": "andweeb", + "repo": "presence.nvim", + "rev": "87c857a56b7703f976d3a5ef15967d80508df6e6", + "type": "github" + }, + "original": { + "owner": "andweeb", + "repo": "presence.nvim", + "type": "github" + } + }, + "project-nvim": { + "flake": false, + "locked": { + "lastModified": 1680567592, + "narHash": "sha256-avV3wMiDbraxW4mqlEsKy0oeewaRj9Q33K8NzWoaptU=", + "owner": "ahmedkhalf", + "repo": "project.nvim", + "rev": "8c6bad7d22eef1b71144b401c9f74ed01526a4fb", + "type": "github" + }, + "original": { + "owner": "ahmedkhalf", + "repo": "project.nvim", + "type": "github" + } + }, + "registers": { + "flake": false, + "locked": { + "lastModified": 1680595111, + "narHash": "sha256-MeBlcF5LLk6bhIofYuG+0Z2xwc0BVqP85yNCvjH66fw=", + "owner": "tversteeg", + "repo": "registers.nvim", + "rev": "2ab8372bb837f05fae6b43091f10a0b725d113ca", + "type": "github" + }, + "original": { + "owner": "tversteeg", + "repo": "registers.nvim", + "type": "github" + } + }, + "rnix-lsp": { + "inputs": { + "naersk": "naersk", + "nixpkgs": "nixpkgs", + "utils": "utils" + }, + "locked": { + "lastModified": 1669555118, + "narHash": "sha256-F0s0m62S5bHNVWNHLZD6SeHiLrsDx98VQbRjDyIu+qQ=", + "owner": "nix-community", + "repo": "rnix-lsp", + "rev": "95d40673fe43642e2e1144341e86d0036abd95d9", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "rnix-lsp", + "type": "github" + } + }, + "root": { + "inputs": { + "darwin": "darwin", + "disko": "disko", + "home-manager": "home-manager", + "lanzaboote": "lanzaboote", + "neovim-flake": "neovim-flake", + "nixpkgs": "nixpkgs_4", + "nixsgx-flake": "nixsgx-flake", + "simple-nixos-mailserver": "simple-nixos-mailserver", + "snowfall-lib": "snowfall-lib_2", + "sops-nix": "sops-nix", + "unstable": "unstable" + } + }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "lanzaboote", + "flake-utils" + ], + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1682129965, + "narHash": "sha256-1KRPIorEL6pLpJR04FwAqqnt4Tzcm4MqD84yhlD+XSk=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "2c417c0460b788328220120c698630947547ee83", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_2": { + "inputs": { + "flake-utils": [ + "neovim-flake", + "nil", + "flake-utils" + ], + "nixpkgs": [ + "neovim-flake", + "nil", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1696817516, + "narHash": "sha256-Xt9OY4Wnk9/vuUfA0OHFtmSlaen5GyiS9msgwOz3okI=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "c0df7f2a856b5ff27a3ce314f6d7aacf5fda546f", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-tools": { + "flake": false, + "locked": { + "lastModified": 1689033186, + "narHash": "sha256-jtfyDxifchznUupLSao6nmpVqaX1yO0xN+NhqS9fgxg=", + "owner": "simrat39", + "repo": "rust-tools.nvim", + "rev": "0cc8adab23117783a0292a0c8a2fbed1005dc645", + "type": "github" + }, + "original": { + "owner": "simrat39", + "repo": "rust-tools.nvim", + "type": "github" + } + }, + "scrollbar-nvim": { + "flake": false, + "locked": { + "lastModified": 1684886154, + "narHash": "sha256-zLBexSxQCn9HPY04a9w/UCJP1F5ShI2X12I9xE9H0cM=", + "owner": "petertriho", + "repo": "nvim-scrollbar", + "rev": "35f99d559041c7c0eff3a41f9093581ceea534e8", + "type": "github" + }, + "original": { + "owner": "petertriho", + "repo": "nvim-scrollbar", + "type": "github" + } + }, + "simple-nixos-mailserver": { + "inputs": { + "blobs": "blobs", + "flake-compat": "flake-compat_4", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-23_05": "nixpkgs-23_05", + "nixpkgs-23_11": "nixpkgs-23_11", + "utils": "utils_3" + }, + "locked": { + "lastModified": 1706219574, + "narHash": "sha256-qO+8UErk+bXCq2ybHU4GzXG4Ejk4Tk0rnnTPNyypW4g=", + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "rev": "e47f3719f1db3e0961a4358d4cb234a0acaa7baf", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "ref": "nixos-23.11", + "repo": "nixos-mailserver", + "type": "gitlab" + } + }, + "smartcolumn": { + "flake": false, + "locked": { + "lastModified": 1679417638, + "narHash": "sha256-DjPWBOLbzdfOQAx+6xgV1CD5NKuP1N6An2lmHNHd39Q=", + "owner": "m4xshen", + "repo": "smartcolumn.nvim", + "rev": "0c572e3eae48874f25b74394a486f38cadb5c958", + "type": "github" + }, + "original": { + "owner": "m4xshen", + "repo": "smartcolumn.nvim", + "type": "github" + } + }, + "snowfall-lib": { + "inputs": { + "flake-compat": "flake-compat_3", + "flake-utils-plus": "flake-utils-plus", + "nixpkgs": [ + "nixsgx-flake", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1696432959, + "narHash": "sha256-oJQZv2MYyJaVyVJY5IeevzqpGvMGKu5pZcCCJvb+xjc=", + "owner": "snowfallorg", + "repo": "lib", + "rev": "92803a029b5314d4436a8d9311d8707b71d9f0b6", + "type": "github" + }, + "original": { + "owner": "snowfallorg", + "repo": "lib", + "type": "github" + } + }, + "snowfall-lib_2": { + "inputs": { + "flake-compat": "flake-compat_5", + "flake-utils-plus": "flake-utils-plus_2", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709576611, + "narHash": "sha256-vkcNo9pDhKObEU1xKDHcUUWKQbuYIi5051/5s/l6Iig=", + "owner": "snowfallorg", + "repo": "lib", + "rev": "5082cdac87c5fd99ef2ee5989d9f73888bc5ed14", + "type": "github" + }, + "original": { + "owner": "snowfallorg", + "repo": "lib", + "rev": "5082cdac87c5fd99ef2ee5989d9f73888bc5ed14", + "type": "github" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_2" + }, + "locked": { + "lastModified": 1710644594, + "narHash": "sha256-RquCuzxfy4Nr8DPbdp3D/AsbYep21JgQzG8aMH9jJ4A=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "83b68a0e8c94b72cdd0a6e547a14ca7eb1c03616", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "sqls-nvim": { + "flake": false, + "locked": { + "lastModified": 1684697500, + "narHash": "sha256-jKFut6NZAf/eIeIkY7/2EsjsIhvZQKCKAJzeQ6XSr0s=", + "owner": "nanotee", + "repo": "sqls.nvim", + "rev": "4b1274b5b44c48ce784aac23747192f5d9d26207", + "type": "github" + }, + "original": { + "owner": "nanotee", + "repo": "sqls.nvim", + "type": "github" + } + }, + "superdirt-src": { + "flake": false, + "locked": { + "lastModified": 1611740180, + "narHash": "sha256-GtnqZeMFqFkVhgx2Exu0wY687cHa7mNnVCgjQd6fiIA=", + "owner": "musikinformatik", + "repo": "superdirt", + "rev": "7abb62e89649daa1232b9cbd6427241868abd30e", + "type": "github" + }, + "original": { + "owner": "musikinformatik", + "ref": "master", + "repo": "superdirt", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_5": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "tabular": { + "flake": false, + "locked": { + "lastModified": 1550598128, + "narHash": "sha256-irolBA/m3YIaezl+90h5G+xUOpad+3u44uJqDs4JCUs=", + "owner": "godlygeek", + "repo": "tabular", + "rev": "339091ac4dd1f17e225fe7d57b48aff55f99b23a", + "type": "github" + }, + "original": { + "owner": "godlygeek", + "repo": "tabular", + "type": "github" + } + }, + "telescope": { + "flake": false, + "locked": { + "lastModified": 1690663693, + "narHash": "sha256-okyOr5t0e+oV3mY7Yq1ad/7f6qEEDS/ZQrqJcjktYRI=", + "owner": "nvim-telescope", + "repo": "telescope.nvim", + "rev": "b6fccfb0f7589a87587875206786daccba62acc3", + "type": "github" + }, + "original": { + "owner": "nvim-telescope", + "repo": "telescope.nvim", + "type": "github" + } + }, + "tidal-src": { + "flake": false, + "locked": { + "lastModified": 1654350756, + "narHash": "sha256-tONM5SYYBca0orTLH1EUOilSC1FCluWrFt8AetUx+YQ=", + "owner": "tidalcycles", + "repo": "tidal", + "rev": "fda9c1ecb3722698935245e5409ef8ccdfca16c8", + "type": "github" + }, + "original": { + "owner": "tidalcycles", + "ref": "main", + "repo": "tidal", + "type": "github" + } + }, + "tidalcycles": { + "inputs": { + "dirt-samples-src": "dirt-samples-src", + "nixpkgs": "nixpkgs_2", + "superdirt-src": "superdirt-src", + "tidal-src": "tidal-src", + "utils": "utils_2", + "vim-tidal-src": "vim-tidal-src", + "vowel-src": "vowel-src" + }, + "locked": { + "lastModified": 1664760044, + "narHash": "sha256-e5LGk/tDnphory1mYhADgPnVtShofY2w/3xY09jEE2A=", + "owner": "mitchmindtree", + "repo": "tidalcycles.nix", + "rev": "3f3a820cd43709077d15a24fa6062de7d623a6bf", + "type": "github" + }, + "original": { + "owner": "mitchmindtree", + "repo": "tidalcycles.nix", + "type": "github" + } + }, + "todo-comments": { + "flake": false, + "locked": { + "lastModified": 1690569591, + "narHash": "sha256-Qm8AJ8omU5eCfjLt91DVxLS0R3QHbfW55ZTegB1JvWI=", + "owner": "folke", + "repo": "todo-comments.nvim", + "rev": "3094ead8edfa9040de2421deddec55d3762f64d1", + "type": "github" + }, + "original": { + "owner": "folke", + "repo": "todo-comments.nvim", + "type": "github" + } + }, + "toggleterm-nvim": { + "flake": false, + "locked": { + "lastModified": 1689602083, + "narHash": "sha256-/sUulN93nRHa3Je+tXr8/i1cgCrd/wtrvMPkjG5Ofzs=", + "owner": "akinsho", + "repo": "toggleterm.nvim", + "rev": "00c13dccc78c09fa5da4c5edda990a363e75035e", + "type": "github" + }, + "original": { + "owner": "akinsho", + "repo": "toggleterm.nvim", + "type": "github" + } + }, + "tokyonight": { + "flake": false, + "locked": { + "lastModified": 1689285710, + "narHash": "sha256-x26qLaZzg7sJIc1d/5Q/DJ/YvRSc3s87PwPHTPTl+Xk=", + "owner": "folke", + "repo": "tokyonight.nvim", + "rev": "1ee11019f8a81dac989ae1db1a013e3d582e2033", + "type": "github" + }, + "original": { + "owner": "folke", + "repo": "tokyonight.nvim", + "type": "github" + } + }, + "trouble": { + "flake": false, + "locked": { + "lastModified": 1690614197, + "narHash": "sha256-Ee0AM8S/A8DU0hyOnZoKC1hkW0fvk0A+c3WGvPqmKcU=", + "owner": "folke", + "repo": "trouble.nvim", + "rev": "40aad004f53ae1d1ba91bcc5c29d59f07c5f01d3", + "type": "github" + }, + "original": { + "owner": "folke", + "repo": "trouble.nvim", + "type": "github" + } + }, + "unstable": { + "locked": { + "lastModified": 1710806803, + "narHash": "sha256-qrxvLS888pNJFwJdK+hf1wpRCSQcqA6W5+Ox202NDa0=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "b06025f1533a1e07b6db3e75151caa155d1c7eb3", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "utils": { + "locked": { + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_2": { + "locked": { + "lastModified": 1653893745, + "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_3": { + "locked": { + "lastModified": 1605370193, + "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5021eac20303a61fafe17224c087f5519baed54d", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "vim-dirtytalk": { + "flake": false, + "locked": { + "lastModified": 1690722430, + "narHash": "sha256-kjyLwkAk6mqK7u4+zAr+Yh+zbSiukNKtXwb7t39LUco=", + "owner": "psliwka", + "repo": "vim-dirtytalk", + "rev": "a49251dce1852875951d95f7013979ece5caebf0", + "type": "github" + }, + "original": { + "owner": "psliwka", + "repo": "vim-dirtytalk", + "type": "github" + } + }, + "vim-illuminate": { + "flake": false, + "locked": { + "lastModified": 1679187974, + "narHash": "sha256-8dL3cBjQ2iY4D4gTxKVVmOGhxcSSRuDBvmEwwFIbWsQ=", + "owner": "RRethy", + "repo": "vim-illuminate", + "rev": "a2907275a6899c570d16e95b9db5fd921c167502", + "type": "github" + }, + "original": { + "owner": "RRethy", + "repo": "vim-illuminate", + "type": "github" + } + }, + "vim-markdown": { + "flake": false, + "locked": { + "lastModified": 1680951012, + "narHash": "sha256-B00rad/Bbp+kJBN/fYliOaGiUe0AfBng6gs/fVBve9A=", + "owner": "preservim", + "repo": "vim-markdown", + "rev": "cc82d88e2a791f54d2b6e2b26e41f743351ac947", + "type": "github" + }, + "original": { + "owner": "preservim", + "repo": "vim-markdown", + "type": "github" + } + }, + "vim-repeat": { + "flake": false, + "locked": { + "lastModified": 1611544268, + "narHash": "sha256-8rfZa3uKXB3TRCqaDHZ6DfzNbm7WaYnLvmTNzYtnKHg=", + "owner": "tpope", + "repo": "vim-repeat", + "rev": "24afe922e6a05891756ecf331f39a1f6743d3d5a", + "type": "github" + }, + "original": { + "owner": "tpope", + "repo": "vim-repeat", + "type": "github" + } + }, + "vim-startify": { + "flake": false, + "locked": { + "lastModified": 1620487920, + "narHash": "sha256-//3bzFTe1WKqvQ3uYrDbk5Zu5BKq2hXQGeBhmhKIHvk=", + "owner": "mhinz", + "repo": "vim-startify", + "rev": "81e36c352a8deea54df5ec1e2f4348685569bed2", + "type": "github" + }, + "original": { + "owner": "mhinz", + "repo": "vim-startify", + "type": "github" + } + }, + "vim-tidal-src": { + "flake": false, + "locked": { + "lastModified": 1685703852, + "narHash": "sha256-8gyk17YLeKpLpz3LRtxiwbpsIbZka9bb63nK5/9IUoA=", + "owner": "tidalcycles", + "repo": "vim-tidal", + "rev": "e440fe5bdfe07f805e21e6872099685d38e8b761", + "type": "github" + }, + "original": { + "owner": "tidalcycles", + "ref": "master", + "repo": "vim-tidal", + "type": "github" + } + }, + "vim-vsnip": { + "flake": false, + "locked": { + "lastModified": 1678609126, + "narHash": "sha256-ehPnvGle7YrECn76YlSY/2V7Zeq56JGlmZPlwgz2FdE=", + "owner": "hrsh7th", + "repo": "vim-vsnip", + "rev": "7753ba9c10429c29d25abfd11b4c60b76718c438", + "type": "github" + }, + "original": { + "owner": "hrsh7th", + "repo": "vim-vsnip", + "type": "github" + } + }, + "vowel-src": { + "flake": false, + "locked": { + "lastModified": 1641306144, + "narHash": "sha256-zfF6cvAGDNYWYsE8dOIo38b+dIymd17Pexg0HiPFbxM=", + "owner": "supercollider-quarks", + "repo": "vowel", + "rev": "ab59caa870201ecf2604b3efdd2196e21a8b5446", + "type": "github" + }, + "original": { + "owner": "supercollider-quarks", + "ref": "master", + "repo": "vowel", + "type": "github" + } + }, + "which-key": { + "flake": false, + "locked": { + "lastModified": 1690570286, + "narHash": "sha256-B1+EHd2eH/EbD5Kip9PfhdPyyGfIkD6rsx0Z3rXvb5w=", + "owner": "folke", + "repo": "which-key.nvim", + "rev": "7ccf476ebe0445a741b64e36c78a682c1c6118b7", + "type": "github" + }, + "original": { + "owner": "folke", + "repo": "which-key.nvim", + "type": "github" + } + }, + "zig": { + "inputs": { + "flake-compat": "flake-compat_2", + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1690718829, + "narHash": "sha256-GN19SrCqWxIJN+rnbv+pIkF/yynh6FG2y7jY6PZRiYw=", + "owner": "mitchellh", + "repo": "zig-overlay", + "rev": "92e485cc7887f57be4d2921ed077f467912b7d33", + "type": "github" + }, + "original": { + "owner": "mitchellh", + "repo": "zig-overlay", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..d398cd0 --- /dev/null +++ b/flake.nix @@ -0,0 +1,88 @@ +{ + description = "Harald Hoyer's Nix Configurations"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + + # NixPkgs Unstable (nixos-unstable) + unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + + lanzaboote = { + url = "github:nix-community/lanzaboote/v0.3.0"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + snowfall-lib = { + url = "github:snowfallorg/lib?rev=5082cdac87c5fd99ef2ee5989d9f73888bc5ed14"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + # macOS Support (master) + darwin.url = "github:lnl7/nix-darwin"; + darwin.inputs.nixpkgs.follows = "nixpkgs"; + + home-manager.url = "github:nix-community/home-manager/release-23.11"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + + neovim-flake.url = "github:notashelf/neovim-flake/v0.5"; + neovim-flake.inputs.nixpkgs.follows = "nixpkgs"; + + disko.url = "github:nix-community/disko"; + disko.inputs.nixpkgs.follows = "nixpkgs"; + + sops-nix.url = "github:Mic92/sops-nix"; + sops-nix.inputs.nixpkgs.follows = "nixpkgs"; + + nixsgx-flake = { + url = "github:matter-labs/nixsgx"; + # inputs.nixpkgs.follows = "nixpkgs"; + }; + + simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11"; + simple-nixos-mailserver.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = inputs: + let + lib = inputs.snowfall-lib.mkLib { + inherit inputs; + src = ./.; + + snowfall.namespace = "metacfg"; + + snowfall = { + meta = { + name = "metacfg"; + title = "Metacfg"; + }; + }; + }; + in + lib.mkFlake { + channels-config = { + allowUnfree = true; + }; + + homes.modules = with inputs; [ + neovim-flake.homeManagerModules.default + ]; + + systems.modules.nixos = with inputs; [ + lanzaboote.nixosModules.lanzaboote + home-manager.nixosModules.home-manager + sops-nix.nixosModules.sops + disko.nixosModules.disko + simple-nixos-mailserver.nixosModule + ]; + + overlays = with inputs; [ + nixsgx-flake.overlays.default + ]; + + outputs-builder = channels: { + formatter = channels.nixpkgs.nixpkgs-fmt; + defaultApp = lib.flake-utils-plus.mkApp { drv = channels.nixpkgs.home-manager; }; + }; + + }; +} diff --git a/homes/x86_64-darwin/harald@mpro/default.nix b/homes/x86_64-darwin/harald@mpro/default.nix new file mode 100644 index 0000000..f7f8d31 --- /dev/null +++ b/homes/x86_64-darwin/harald@mpro/default.nix @@ -0,0 +1,32 @@ +{ lib +, pkgs +, config +, ... +}: +{ + home = { + username = "harald"; + homeDirectory = "/Users/${config.home.username}"; + stateVersion = "23.11"; # Please read the comment before changing. + sessionPath = [ "$HOME/bin" ]; + }; + + metacfg = { + cli-apps = { + bash.enable = true; + fish.enable = true; + neovim.enable = true; + tmux.enable = true; + bat.enable = true; + starship.enable = true; + home-manager.enable = true; + }; + tools = { + direnv.enable = true; + alacritty.enable = true; + ssh.enable = true; + git.enable = true; + }; + }; +} + diff --git a/homes/x86_64-linux/harald@mx/default.nix b/homes/x86_64-linux/harald@mx/default.nix new file mode 100644 index 0000000..0ec0cb6 --- /dev/null +++ b/homes/x86_64-linux/harald@mx/default.nix @@ -0,0 +1,35 @@ +{ lib +, pkgs +, config +, ... +}: +{ + home.sessionPath = [ "$HOME/bin" ]; + + programs.bash.profileExtra = '' + ${lib.getExe pkgs.rust-motd} + ''; + + metacfg = { + user = { + enable = true; + name = config.snowfallorg.user.name; + }; + cli-apps = { + bash.enable = true; + fish.enable = true; + neovim.enable = true; + bat.enable = true; + starship.enable = true; + home-manager.enable = true; + }; + tools = { + git.enable = true; + direnv.enable = true; + }; + }; + + xdg.enable = true; + xdg.mime.enable = true; +} + diff --git a/homes/x86_64-linux/harald@sgx-azure/default.nix b/homes/x86_64-linux/harald@sgx-azure/default.nix new file mode 100644 index 0000000..228958e --- /dev/null +++ b/homes/x86_64-linux/harald@sgx-azure/default.nix @@ -0,0 +1,39 @@ +{ lib +, pkgs +, config +, ... +}: +{ + home = { + username = "harald"; + homeDirectory = "/home/${config.home.username}"; + stateVersion = "23.11"; # Please read the comment before changing. + sessionPath = [ "$HOME/bin" ]; + }; + + nix.settings = { + substituters = [ "https://cache.nixos.org" "https://nixsgx.cachix.org" ]; + trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=" + ]; + }; + + metacfg = { + cli-apps = { + bash.enable = true; + fish.enable = true; + neovim.enable = true; + tmux.enable = true; + bat.enable = true; + starship.enable = true; + home-manager.enable = true; + }; + tools = { + git.enable = true; + direnv.enable = true; + ssh.enable = true; + }; + }; +} + diff --git a/homes/x86_64-linux/harald@sgx-nixos/default.nix b/homes/x86_64-linux/harald@sgx-nixos/default.nix new file mode 100644 index 0000000..59320c9 --- /dev/null +++ b/homes/x86_64-linux/harald@sgx-nixos/default.nix @@ -0,0 +1,30 @@ +{ lib +, config +, ... +}: +{ + home.sessionPath = [ "$HOME/bin" ]; + + metacfg = { + user = { + enable = true; + name = config.snowfallorg.user.name; + }; + cli-apps = { + bash.enable = true; + fish.enable = true; + neovim.enable = true; + bat.enable = true; + starship.enable = true; + home-manager.enable = true; + }; + tools = { + git.enable = true; + direnv.enable = true; + }; + }; + + xdg.enable = true; + xdg.mime.enable = true; +} + diff --git a/homes/x86_64-linux/harald@sgx/default.nix b/homes/x86_64-linux/harald@sgx/default.nix new file mode 100644 index 0000000..59320c9 --- /dev/null +++ b/homes/x86_64-linux/harald@sgx/default.nix @@ -0,0 +1,30 @@ +{ lib +, config +, ... +}: +{ + home.sessionPath = [ "$HOME/bin" ]; + + metacfg = { + user = { + enable = true; + name = config.snowfallorg.user.name; + }; + cli-apps = { + bash.enable = true; + fish.enable = true; + neovim.enable = true; + bat.enable = true; + starship.enable = true; + home-manager.enable = true; + }; + tools = { + git.enable = true; + direnv.enable = true; + }; + }; + + xdg.enable = true; + xdg.mime.enable = true; +} + diff --git a/homes/x86_64-linux/harald@t15/default.nix b/homes/x86_64-linux/harald@t15/default.nix new file mode 100644 index 0000000..de75cc8 --- /dev/null +++ b/homes/x86_64-linux/harald@t15/default.nix @@ -0,0 +1,65 @@ +{ lib +, config +, ... +}: +{ + home.sessionPath = [ "$HOME/bin" ]; + + metacfg = { + user = { + enable = true; + name = config.snowfallorg.user.name; + }; + cli-apps = { + bash.enable = true; + fish.enable = true; + neovim.enable = true; + bat.enable = true; + starship.enable = true; + home-manager.enable = true; + }; + tools = { + git.enable = true; + direnv.enable = true; + }; + }; + + fonts.fontconfig.enable = true; + + dconf.settings = { + # ... + "org/gnome/shell" = { + disable-user-extensions = false; + + # `gnome-extensions list` for a list + enabled-extensions = [ + "Vitals@CoreCoding.com" + "appindicatorsupport@rgcjonas.gmail.com" + "dash-to-panel@jderose9.github.com" + "hibernate-status@dromi" + ]; + + favorite-apps = [ + "org.gnome.Console.desktop" + "jetbrains-toolbox.desktop" + "org.mozilla.firefox.desktop" + "firefox.desktop" + "thunderbird.desktop" + "org.mozilla.Thunderbird.desktop" + "slack.desktop" + "keybase.desktop" + "spotify.desktop" + "org.gnome.Nautilus.desktop" + "virt-manager.desktop" + ]; + }; + "org/virt-manager/virt-manager/connections" = { + autoconnect = [ "qemu:///system" ]; + uris = [ "qemu:///system" ]; + }; + }; + + xdg.enable = true; + xdg.mime.enable = true; +} + diff --git a/homes/x86_64-linux/harald@x1/default.nix b/homes/x86_64-linux/harald@x1/default.nix new file mode 100644 index 0000000..de75cc8 --- /dev/null +++ b/homes/x86_64-linux/harald@x1/default.nix @@ -0,0 +1,65 @@ +{ lib +, config +, ... +}: +{ + home.sessionPath = [ "$HOME/bin" ]; + + metacfg = { + user = { + enable = true; + name = config.snowfallorg.user.name; + }; + cli-apps = { + bash.enable = true; + fish.enable = true; + neovim.enable = true; + bat.enable = true; + starship.enable = true; + home-manager.enable = true; + }; + tools = { + git.enable = true; + direnv.enable = true; + }; + }; + + fonts.fontconfig.enable = true; + + dconf.settings = { + # ... + "org/gnome/shell" = { + disable-user-extensions = false; + + # `gnome-extensions list` for a list + enabled-extensions = [ + "Vitals@CoreCoding.com" + "appindicatorsupport@rgcjonas.gmail.com" + "dash-to-panel@jderose9.github.com" + "hibernate-status@dromi" + ]; + + favorite-apps = [ + "org.gnome.Console.desktop" + "jetbrains-toolbox.desktop" + "org.mozilla.firefox.desktop" + "firefox.desktop" + "thunderbird.desktop" + "org.mozilla.Thunderbird.desktop" + "slack.desktop" + "keybase.desktop" + "spotify.desktop" + "org.gnome.Nautilus.desktop" + "virt-manager.desktop" + ]; + }; + "org/virt-manager/virt-manager/connections" = { + autoconnect = [ "qemu:///system" ]; + uris = [ "qemu:///system" ]; + }; + }; + + xdg.enable = true; + xdg.mime.enable = true; +} + diff --git a/lib/audio/default.nix b/lib/audio/default.nix new file mode 100644 index 0000000..ebe8154 --- /dev/null +++ b/lib/audio/default.nix @@ -0,0 +1,65 @@ +{ lib }: + +rec { + ## Renames an alsa device from a given `name` using the new `description`. + ## + #@ { name: String, description: String } -> { matches: List, apply_properties: Attrs } + mkAlsaRename = { name, description }: { + matches = [ + [ + [ "device.name" "matches" name ] + ] + ]; + # actions = { "update-props" = { "node.description" = description; }; }; + apply_properties = { + "device.description" = description; + }; + }; + + ## Create a pipewire audio node. + ## + #@ { name: String, factory: String ? "adapter", ... } -> { factory: String, args: Attrs } + mkAudioNode = args@{ name, factory ? "adapter", ... }: { + inherit factory; + args = (builtins.removeAttrs args [ "name" "description" ]) // { + "node.name" = name; + "node.description" = args.description or args."node.description"; + "factory.name" = args."factory.name" or "support.null-audio-sink"; + }; + }; + + ## Create a virtual pipewire audio node. + ## + #@ { name: String, ... } -> { factory: "adapter", args: Attrs } + mkVirtualAudioNode = args@{ name, ... }: + mkAudioNode (args // { + name = "virtual-${lib.toLower name}-audio"; + description = "${name} (Virtual)"; + "media.class" = args.class or args."media.class" or "Audio/Duplex"; + "object.linger" = args."object.linger" or true; + "audio.position" = args."audio.position" or [ "FL" "FR" ]; + "monitor.channel-volumes" = args."monitor.channel-volumes" or true; + }); + + ## Connect two pipewire audio nodes + ## + #@ { name: String?, from: String, to: String, ... } -> { name: "libpipewire-module-loopback", args: Attrs } + mkBridgeAudioModule = args@{ from, to, ... }: { + name = "libpipewire-module-loopback"; + args = (builtins.removeAttrs args [ "from" "to" "name" ]) // { + "node.name" = + if args ? name then + "${args.name}-bridge" + else + "${lib.toLower from}-to-${lib.toLower to}-bridge"; + "audio.position" = args."audio.position" or [ "FL" "FR" ]; + "capture.props" = { + "node.target" = from; + } // (args."capture.props" or { }); + "playback.props" = { + "node.target" = to; + "monitor.channel-volumes" = true; + } // (args."playback.props" or { }); + }; + }; +} diff --git a/lib/default.nix b/lib/default.nix new file mode 100644 index 0000000..61216de --- /dev/null +++ b/lib/default.nix @@ -0,0 +1,20 @@ +{ lib, inputs, snowfall-inputs }: + +rec { + ## Override a package's metadata + ## + ## ```nix + ## let + ## new-meta = { + ## description = "My new description"; + ## }; + ## in + ## lib.override-meta new-meta pkgs.hello + ## ``` + ## + #@ Attrs -> Package -> Package + override-meta = meta: package: + package.overrideAttrs (attrs: { + meta = (attrs.meta or { }) // meta; + }); +} diff --git a/lib/deploy/default.nix b/lib/deploy/default.nix new file mode 100644 index 0000000..ea2b05f --- /dev/null +++ b/lib/deploy/default.nix @@ -0,0 +1,51 @@ +{ lib, inputs }: + +let + inherit (inputs) deploy-rs; +in +rec { + ## Create deployment configuration for use with deploy-rs. + ## + ## ```nix + ## mkDeploy { + ## inherit self; + ## overrides = { + ## my-host.system.sudo = "doas -u"; + ## }; + ## } + ## ``` + ## + #@ { self: Flake, overrides: Attrs ? {} } -> Attrs + mkDeploy = { self, overrides ? { } }: + let + hosts = self.nixosConfigurations or { }; + names = builtins.attrNames hosts; + nodes = lib.foldl + (result: name: + let + host = hosts.${name}; + user = host.config.metacfg.user.name or null; + inherit (host.pkgs) system; + in + result // { + ${name} = (overrides.${name} or { }) // { + hostname = overrides.${name}.hostname or "${name}"; + profiles = (overrides.${name}.profiles or { }) // { + system = (overrides.${name}.profiles.system or { }) // { + path = deploy-rs.lib.${system}.activate.nixos host; + } // lib.optionalAttrs (user != null) { + user = "root"; + sshUser = user; + } // lib.optionalAttrs + (host.config.metacfg.security.doas.enable or false) + { + sudo = "doas -u"; + }; + }; + }; + }) + { } + names; + in + { inherit nodes; }; +} diff --git a/lib/file/default.nix b/lib/file/default.nix new file mode 100644 index 0000000..97a3078 --- /dev/null +++ b/lib/file/default.nix @@ -0,0 +1,25 @@ +{ lib, ... }: + +rec { + ## Append text to the contents of a file + ## + ## ```nix + ## fileWithText ./some.txt "appended text" + ## ``` + ## + #@ Path -> String -> String + fileWithText = file: text: '' + ${builtins.readFile file} + ${text}''; + + ## Prepend text to the contents of a file + ## + ## ```nix + ## fileWithText' ./some.txt "prepended text" + ## ``` + ## + #@ Path -> String -> String + fileWithText' = file: text: '' + ${text} + ${builtins.readFile file}''; +} diff --git a/lib/module/default.nix b/lib/module/default.nix new file mode 100644 index 0000000..48e53c6 --- /dev/null +++ b/lib/module/default.nix @@ -0,0 +1,62 @@ +{ lib, ... }: + +with lib; rec { + ## Create a NixOS module option. + ## + ## ```nix + ## lib.mkOpt nixpkgs.lib.types.str "My default" "Description of my option." + ## ``` + ## + #@ Type -> Any -> String + mkOpt = type: default: description: + mkOption { inherit type default description; }; + + ## Create a NixOS module option without a description. + ## + ## ```nix + ## lib.mkOpt' nixpkgs.lib.types.str "My default" + ## ``` + ## + #@ Type -> Any -> String + mkOpt' = type: default: mkOpt type default null; + + ## Create a boolean NixOS module option. + ## + ## ```nix + ## lib.mkBoolOpt true "Description of my option." + ## ``` + ## + #@ Type -> Any -> String + mkBoolOpt = mkOpt types.bool; + + ## Create a boolean NixOS module option without a description. + ## + ## ```nix + ## lib.mkBoolOpt true + ## ``` + ## + #@ Type -> Any -> String + mkBoolOpt' = mkOpt' types.bool; + + enabled = { + ## Quickly enable an option. + ## + ## ```nix + ## services.nginx = enabled; + ## ``` + ## + #@ true + enable = true; + }; + + disabled = { + ## Quickly disable an option. + ## + ## ```nix + ## services.nginx = enabled; + ## ``` + ## + #@ false + enable = false; + }; +} diff --git a/lib/network/default.nix b/lib/network/default.nix new file mode 100644 index 0000000..5b1033a --- /dev/null +++ b/lib/network/default.nix @@ -0,0 +1,54 @@ +{ lib, inputs, snowfall-inputs }: + +let + inherit (inputs.nixpkgs.lib) assertMsg last; +in +{ + network = { + # Split an address to get its host name or ip and its port. + # Type: String -> Attrs + # Usage: get-address-parts "bismuth:3000" + # result: { host = "bismuth"; port = "3000"; } + get-address-parts = address: + let + address-parts = builtins.split ":" address; + ip = builtins.head address-parts; + host = if ip == "" then "127.0.0.1" else ip; + port = if builtins.length address-parts != 3 then "" else last address-parts; + in + { inherit host port; }; + + ## Create proxy configuration for NGINX virtual hosts. + ## + ## ```nix + ## services.nginx.virtualHosts."example.com" = lib.network.create-proxy { + ## port = 3000; + ## host = "0.0.0.0"; + ## proxy-web-sockets = true; + ## extra-config = { + ## forceSSL = true; + ## }; + ## } + ## `` + ## + #@ { port: Int ? null, host: String ? "127.0.0.1", proxy-web-sockets: Bool ? false, extra-config: Attrs ? { } } -> Attrs + create-proxy = + { port ? null + , host ? "127.0.0.1" + , proxy-web-sockets ? false + , extra-config ? { } + }: + assert assertMsg (port != "" && port != null) "port cannot be empty"; + assert assertMsg (host != "") "host cannot be empty"; + extra-config // { + locations = (extra-config.locations or { }) // { + "/" = (extra-config.locations."/" or { }) // { + proxyPass = + "http://${host}${if port != null then ":${builtins.toString port}" else ""}"; + + proxyWebsockets = proxy-web-sockets; + }; + }; + }; + }; +} diff --git a/modules/darwin/home/default.nix b/modules/darwin/home/default.nix new file mode 100644 index 0000000..d75b42c --- /dev/null +++ b/modules/darwin/home/default.nix @@ -0,0 +1,40 @@ +{ options, config, pkgs, lib, inputs, ... }: + +with lib; +with lib.metacfg; +let + cfg = config.metacfg.home; +in +{ + # imports = with inputs; [ + # home-manager.darwinModules.home-manager + # ]; + + options.metacfg.home = with types; { + file = mkOpt attrs { } + "A set of files to be managed by home-manager's ."; + configFile = mkOpt attrs { } + "A set of files to be managed by home-manager's ."; + extraOptions = mkOpt attrs { } "Options to pass directly to home-manager."; + homeConfig = mkOpt attrs { } "Final config for home-manager."; + }; + + config = { + metacfg.home.extraOptions = { + home.stateVersion = mkDefault "23.11"; + home.file = mkAliasDefinitions options.metacfg.home.file; + xdg.enable = true; + xdg.configFile = mkAliasDefinitions options.metacfg.home.configFile; + }; + + snowfallorg.users.${config.metacfg.user.name}.home.config = mkAliasDefinitions options.metacfg.home.extraOptions; + + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + + # users.${config.metacfg.user.name} = args: + # mkAliasDefinitions options.metacfg.home.extraOptions; + }; + }; +} diff --git a/modules/darwin/nix/default.nix b/modules/darwin/nix/default.nix new file mode 100644 index 0000000..ea488df --- /dev/null +++ b/modules/darwin/nix/default.nix @@ -0,0 +1,74 @@ +{ options +, config +, pkgs +, lib +, ... +}: +with lib; +with lib.metacfg; let + cfg = config.metacfg.nix; +in +{ + options.metacfg.nix = with types; { + enable = mkBoolOpt true "Whether or not to manage nix configuration."; + package = mkOpt package pkgs.nixUnstable "Which nix package to use."; + }; + + config = mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + deploy-rs + nixfmt + nix-index + nix-prefetch-git + ]; + + nix = + let + users = [ "root" config.metacfg.user.name ]; + in + { + package = cfg.package; + + settings = { + experimental-features = "nix-command flakes"; + http-connections = 50; + warn-dirty = false; + log-lines = 50; + + # Large builds apparently fail due to an issue with darwin: + # https://github.com/NixOS/nix/issues/4119 + sandbox = false; + + # This appears to break on darwin + # https://github.com/NixOS/nix/issues/7273 + auto-optimise-store = false; + + allow-import-from-derivation = true; + + trusted-users = users; + allowed-users = users; + + # NOTE: This configuration is generated by nix-installer so I'm adding it here in + # case it becomes important. + extra-nix-path = "nixpkgs=flake:nixpkgs"; + build-users-group = "nixbld"; + }; + #// (lib.optionalAttrs config.metacfg.tools.direnv.enable { + # keep-outputs = true; + # keep-derivations = true; + #}); + + gc = { + automatic = true; + interval = { Day = 7; }; + options = "--delete-older-than 30d"; + user = config.metacfg.user.name; + }; + + # flake-utils-plus + generateRegistryFromInputs = true; + generateNixPathFromInputs = true; + linkInputs = true; + }; + }; +} diff --git a/modules/darwin/security/gpg/default.nix b/modules/darwin/security/gpg/default.nix new file mode 100644 index 0000000..97984ba --- /dev/null +++ b/modules/darwin/security/gpg/default.nix @@ -0,0 +1,122 @@ +{ lib, config, pkgs, inputs, ... }: + +let + inherit (lib) types mkEnableOption mkIf; + inherit (lib.metacfg) mkOpt; + + cfg = config.metacfg.security.gpg; + gpgConf = "${inputs.gpg-base-conf}/gpg.conf"; + + gpgAgentConf = '' + enable-ssh-support + default-cache-ttl 60 + max-cache-ttl 120 + ''; + +in +{ + options.metacfg.security.gpg = { + enable = mkEnableOption "GPG"; + agentTimeout = mkOpt types.int 5 "The amount of time to wait before continuing with shell init."; + }; + + config = mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + gnupg + ]; + + environment.shellInit = '' + export GPG_TTY="$(tty)" + export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket) + + ${pkgs.coreutils}/bin/timeout ${builtins.toString cfg.agentTimeout} ${pkgs.gnupg}/bin/gpgconf --launch gpg-agent + gpg_agent_timeout_status=$? + + if [ "$gpg_agent_timeout_status" = 124 ]; then + # Command timed out... + echo "GPG Agent timed out..." + echo 'Run "gpgconf --launch gpg-agent" to try and launch it again.' + fi + ''; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + metacfg.home.file = { + ".gnupg/.keep".text = ""; + + ".gnupg/gpg.conf".text = '' + # https://github.com/drduh/config/blob/master/gpg.conf + # https://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration-Options.html + # https://www.gnupg.org/documentation/manuals/gnupg/GPG-Esoteric-Options.html + # 'gpg --version' to get capabilities + # Use AES256, 192, or 128 as cipher + personal-cipher-preferences AES256 AES192 AES + # Use SHA512, 384, or 256 as digest + personal-digest-preferences SHA512 SHA384 SHA256 + # Use ZLIB, BZIP2, ZIP, or no compression + personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed + # Default preferences for new keys + default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed + # SHA512 as digest to sign keys + cert-digest-algo SHA512 + # SHA512 as digest for symmetric ops + s2k-digest-algo SHA512 + # AES256 as cipher for symmetric ops + s2k-cipher-algo AES256 + # UTF-8 support for compatibility + charset utf-8 + # No comments in messages + no-comments + # No version in output + no-emit-version + # Disable banner + no-greeting + # Long key id format + keyid-format 0xlong + # Display UID validity + list-options show-uid-validity + verify-options show-uid-validity + # Display all keys and their fingerprints + with-fingerprint + # Display key origins and updates + #with-key-origin + # Cross-certify subkeys are present and valid + require-cross-certification + # Disable caching of passphrase for symmetrical ops + no-symkey-cache + # Enable smartcard + use-agent + # Disable recipient key ID in messages (breaks Mailvelope) + throw-keyids + # Default key ID to use (helpful with throw-keyids) + #default-key 0xFF3E7D88647EBCDB + #trusted-key 0xFF3E7D88647EBCDB + # Group recipient keys (preferred ID last) + #group keygroup = 0xFF00000000000001 0xFF00000000000002 0xFF3E7D88647EBCDB + # Keyserver URL + #keyserver hkps://keys.openpgp.org + #keyserver hkps://keys.mailvelope.com + #keyserver hkps://keyserver.ubuntu.com:443 + #keyserver hkps://pgpkeys.eu + #keyserver hkps://pgp.circl.lu + #keyserver hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion + # Keyserver proxy + #keyserver-options http-proxy=http://127.0.0.1:8118 + #keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050 + # Enable key retrieval using WKD and DANE + #auto-key-locate wkd,dane,local + #auto-key-retrieve + # Trust delegation mechanism + #trust-model tofu+pgp + # Show expired subkeys + #list-options show-unusable-subkeys + # Verbose output + #verbose + ''; + ".gnupg/gpg-agent.conf".text = gpgAgentConf; + }; + }; +} diff --git a/modules/darwin/services/nix-daemon/default.nix b/modules/darwin/services/nix-daemon/default.nix new file mode 100644 index 0000000..0efa94d --- /dev/null +++ b/modules/darwin/services/nix-daemon/default.nix @@ -0,0 +1,17 @@ +{ lib, config, ... }: + +let + inherit (lib) types mkIf; + inherit (lib.metacfg) mkOpt enabled; + + cfg = config.metacfg.services.nix-daemon; +in +{ + options.metacfg.services.nix-daemon = { + enable = mkOpt types.bool true "Whether to enable the Nix daemon."; + }; + + config = mkIf cfg.enable { + services.nix-daemon = enabled; + }; +} diff --git a/modules/darwin/suites/common/default.nix b/modules/darwin/suites/common/default.nix new file mode 100644 index 0000000..64686a2 --- /dev/null +++ b/modules/darwin/suites/common/default.nix @@ -0,0 +1,30 @@ +{ options, config, lib, pkgs, ... }: + +with lib; +with lib.metacfg; +let + cfg = config.metacfg.suites.common; +in +{ + options.metacfg.suites.common = with types; { + enable = mkBoolOpt false "Whether or not to enable common configuration."; + }; + + config = mkIf cfg.enable { + programs.fish = enabled; + + metacfg = { + nix = enabled; + + system = { + fonts = enabled; + #input = enabled; + interface = enabled; + }; + + security = { + gpg = enabled; + }; + }; + }; +} diff --git a/modules/darwin/system/fonts/default.nix b/modules/darwin/system/fonts/default.nix new file mode 100644 index 0000000..0c90510 --- /dev/null +++ b/modules/darwin/system/fonts/default.nix @@ -0,0 +1,32 @@ +{ options, config, pkgs, lib, ... }: + +with lib; +with lib.metacfg; +let cfg = config.metacfg.system.fonts; +in +{ + options.metacfg.system.fonts = with types; { + enable = mkBoolOpt false "Whether or not to manage fonts."; + fonts = mkOpt (listOf package) [ ] "Custom font packages to install."; + }; + + config = mkIf cfg.enable { + environment.variables = { + # Enable icons in tooling since we have nerdfonts. + LOG_ICONS = "true"; + }; + + fonts = { + fontDir = enabled; + + fonts = with pkgs; + [ + noto-fonts + noto-fonts-cjk-sans + noto-fonts-cjk-serif + noto-fonts-emoji + (nerdfonts.override { fonts = [ "Hack" ]; }) + ] ++ cfg.fonts; + }; + }; +} diff --git a/modules/darwin/system/interface/default.nix b/modules/darwin/system/interface/default.nix new file mode 100644 index 0000000..2f14504 --- /dev/null +++ b/modules/darwin/system/interface/default.nix @@ -0,0 +1,29 @@ +{ options, config, pkgs, lib, ... }: + +with lib; +with lib.metacfg; +let cfg = config.metacfg.system.interface; +in +{ + options.metacfg.system.interface = with types; { + enable = mkEnableOption "macOS interface"; + }; + + config = mkIf cfg.enable { + system.defaults = { + dock.autohide = true; + + finder = { + AppleShowAllExtensions = true; + FXEnableExtensionChangeWarning = false; + }; + + NSGlobalDomain = { + _HIHideMenuBar = true; + AppleShowScrollBars = "Always"; + }; + }; + + metacfg.home.file.".hushlogin".text = ""; + }; +} diff --git a/modules/darwin/user/default.nix b/modules/darwin/user/default.nix new file mode 100644 index 0000000..78a3813 --- /dev/null +++ b/modules/darwin/user/default.nix @@ -0,0 +1,45 @@ +{ lib +, config +, pkgs +, ... +}: +let + inherit (lib) types mkIf mkDefault; + inherit (lib.metacfg) mkOpt; + + cfg = config.metacfg.user; + + is-linux = pkgs.stdenv.isLinux; + is-darwin = pkgs.stdenv.isDarwin; +in +{ + options.metacfg.user = { + name = mkOpt types.str "harald" "The user account."; + + fullName = mkOpt types.str "Harald Hoyer" "The full name of the user."; + email = mkOpt types.str "harald@hoyer.xyz" "The email of the user."; + + uid = mkOpt (types.nullOr types.int) 501 "The uid for the user account."; + }; + + config = { + users.users.${cfg.name} = { + # NOTE: Setting the uid here is required for another + # module to evaluate successfully since it reads + # `users.users.${metacfg.user.name}.uid`. + uid = mkIf (cfg.uid != null) cfg.uid; + }; + + snowfallorg.users.${config.metacfg.user.name}.home.config = { + home = { + file = { + ".profile".text = '' + # The default file limit is far too low and throws an error when rebuilding the system. + # See the original with: ulimit -Sa + ulimit -n 4096 + ''; + }; + }; + }; + }; +} diff --git a/modules/home/cli-apps/bash/default.nix b/modules/home/cli-apps/bash/default.nix new file mode 100644 index 0000000..eb850b8 --- /dev/null +++ b/modules/home/cli-apps/bash/default.nix @@ -0,0 +1,28 @@ +{ lib +, config +, pkgs +, ... +}: +let + inherit (lib) mkEnableOption mkIf; + + cfg = config.metacfg.cli-apps.bash; +in +{ + options.metacfg.cli-apps.bash = { + enable = mkEnableOption "BASH shell"; + }; + + config = mkIf cfg.enable { + home.packages = with pkgs; [ + bashInteractive + ]; + programs.bash = { + enable = true; + initExtra = '' + function msh() { mosh "$@" -- bash -c 'if type -f tmux; then tmux new-session -A -s 0; else screen -R; fi;' ; }; + function tsh() { ssh -t "$@" -- bash -c 'if type -f tmux; then tmux new-session -A -s 0; else screen -R; fi;' ; }; + ''; + }; + }; +} diff --git a/modules/home/cli-apps/bat/default.nix b/modules/home/cli-apps/bat/default.nix new file mode 100644 index 0000000..5b99051 --- /dev/null +++ b/modules/home/cli-apps/bat/default.nix @@ -0,0 +1,22 @@ +{ lib +, config +, pkgs +, ... +}: +with lib; +with lib.metacfg; let + cfg = config.metacfg.cli-apps.bat; +in +{ + options.metacfg.cli-apps.bat = { + enable = mkEnableOption "bat"; + }; + + config = mkIf cfg.enable { + programs.bat = { + enable = true; + config.theme = "ansi"; + extraPackages = with pkgs.bat-extras; [ batdiff batman batgrep batwatch ]; + }; + }; +} diff --git a/modules/home/cli-apps/fish/default.nix b/modules/home/cli-apps/fish/default.nix new file mode 100644 index 0000000..3a62572 --- /dev/null +++ b/modules/home/cli-apps/fish/default.nix @@ -0,0 +1,60 @@ +{ lib +, config +, pkgs +, ... +}: +let + inherit (lib) mkEnableOption mkIf; + + cfg = config.metacfg.cli-apps.fish; +in +{ + options.metacfg.cli-apps.fish = { + enable = mkEnableOption "FISH shell"; + }; + + config = mkIf cfg.enable { + programs.fish = { + enable = true; + interactiveShellInit = '' + function msh --wraps mosh --description 'mosh with tmux' + if not set -q argv[1] + echo 'Usage: msh [user@]host [command]' + else + ${pkgs.mosh}/bin/mosh $argv -- tmux new-session -A -s 0 + end + end + function tsh --wraps ssh --description 'ssh with tmux' + if not set -q argv[1] + echo 'Usage: tsh [user@]host [command]' + else + ${pkgs.openssh}/bin/ssh -t $argv -- tmux new-session -A -s 0 + end + end + ''; + + plugins = [{ + name = "foreign-env"; + src = pkgs.fetchFromGitHub { + owner = "oh-my-fish"; + repo = "plugin-foreign-env"; + rev = "dddd9213272a0ab848d474d0cbde12ad034e65bc"; + sha256 = "00xqlyl3lffc5l0viin1nyp819wf81fncqyz87jx8ljjdhilmgbs"; + }; + }]; + + # shellInit = + # '' + # # nix + # if test -e /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh + # fenv source /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh + # end + # + # # home-manager + # if test -e $HOME/.nix-profile/etc/profile.d/hm-session-vars.sh + # fenv source $HOME/.nix-profile/etc/profile.d/hm-session-vars.sh + # end + # ''; + }; + }; +} diff --git a/modules/home/cli-apps/home-manager/default.nix b/modules/home/cli-apps/home-manager/default.nix new file mode 100644 index 0000000..de21236 --- /dev/null +++ b/modules/home/cli-apps/home-manager/default.nix @@ -0,0 +1,31 @@ +{ lib, config, pkgs, ... }: + +let + inherit (lib) mkEnableOption mkIf; + inherit (lib.metacfg) enabled; + + cfg = config.metacfg.cli-apps.home-manager; +in +{ + options.metacfg.cli-apps.home-manager = { + enable = mkEnableOption "home-manager"; + }; + + config = mkIf cfg.enable { + programs.home-manager = enabled; + home.sessionVariables = { + EDITOR = "${pkgs.vim}/bin/vim"; + BATDIFF_USE_DELTA = "true"; + }; + + home.shellAliases = { + cat = "${pkgs.bat}/bin/bat --decorations never"; + less = ''${pkgs.bat}/bin/bat --decorations never --paging=always --pager "${pkgs.less}/bin/less -RF"''; + man = "${pkgs.bat-extras.batman}/bin/batman"; + }; + + home.packages = with pkgs; [ + vim + ]; + }; +} diff --git a/modules/home/cli-apps/neovim/default.nix b/modules/home/cli-apps/neovim/default.nix new file mode 100644 index 0000000..9f82fda --- /dev/null +++ b/modules/home/cli-apps/neovim/default.nix @@ -0,0 +1,230 @@ +{ lib, config, pkgs, ... }: + +let + inherit (lib) mkEnableOption mkIf; + + cfg = config.metacfg.cli-apps.neovim; +in +{ + options.metacfg.cli-apps.neovim = { + enable = mkEnableOption "Neovim"; + }; + + config = mkIf cfg.enable { + programs.neovim-flake = { + enable = true; + # your settings need to go into the settings attrset + settings = { + vim = { + viAlias = false; + vimAlias = false; + debugMode = { + enable = false; + level = 20; + logFile = "/tmp/nvim.log"; + }; + }; + + vim.lsp = { + formatOnSave = true; + lspkind.enable = false; + lightbulb.enable = true; + lspsaga.enable = false; + nvimCodeActionMenu.enable = true; + trouble.enable = true; + lspSignature.enable = true; + lsplines.enable = true; + }; + + vim.debugger = { + nvim-dap = { + enable = true; + ui.enable = true; + }; + }; + + vim.languages = { + enableLSP = true; + enableFormat = true; + enableTreesitter = true; + enableExtraDiagnostics = true; + + nix = { + enable = true; + format.type = "nixpkgs-fmt"; + }; + html.enable = true; + clang = { + enable = true; + lsp.server = "clangd"; + }; + sql.enable = false; + rust = { + enable = true; + crates.enable = true; + }; + java.enable = true; + ts.enable = true; + svelte.enable = true; + go.enable = true; + zig.enable = true; + python.enable = true; + dart.enable = true; + elixir.enable = false; + }; + + vim.visuals = { + enable = true; + nvimWebDevicons.enable = true; + scrollBar.enable = true; + smoothScroll.enable = true; + cellularAutomaton.enable = true; + fidget-nvim.enable = true; + indentBlankline = { + enable = true; + fillChar = null; + eolChar = null; + showCurrContext = true; + }; + cursorline = { + enable = true; + lineTimeout = 0; + }; + }; + + vim.statusline = { + lualine = { + enable = true; + theme = "catppuccin"; + }; + }; + + vim.theme = { + enable = true; + name = "catppuccin"; + style = "mocha"; + transparent = false; + }; + + vim.autopairs.enable = true; + + vim.autocomplete = { + enable = true; + type = "nvim-cmp"; + }; + + vim.filetree = { + nvimTree = { + enable = true; + }; + }; + + vim.tabline = { + nvimBufferline.enable = true; + }; + + vim.treesitter.context.enable = true; + + vim.binds = { + whichKey.enable = true; + cheatsheet.enable = true; + }; + + vim.telescope.enable = true; + + vim.git = { + enable = true; + gitsigns.enable = true; + gitsigns.codeActions = false; # throws an annoying debug message + }; + + vim.minimap = { + minimap-vim.enable = false; + codewindow.enable = true; # lighter, faster, and uses lua for configuration + }; + + vim.dashboard = { + dashboard-nvim.enable = false; + alpha.enable = true; + }; + + vim.notify = { + nvim-notify.enable = true; + }; + + vim.projects = { + project-nvim.enable = true; + }; + + vim.utility = { + ccc.enable = true; + vim-wakatime.enable = false; + icon-picker.enable = true; + surround.enable = true; + diffview-nvim.enable = true; + motion = { + hop.enable = true; + leap.enable = true; + }; + }; + + vim.notes = { + obsidian.enable = false; # FIXME neovim fails to build if obsidian is enabled + orgmode.enable = false; + mind-nvim.enable = true; + todo-comments.enable = true; + }; + + vim.terminal = { + toggleterm = { + enable = true; + lazygit.enable = true; + }; + }; + + vim.ui = { + borders.enable = true; + noice.enable = true; + colorizer.enable = true; + modes-nvim.enable = false; # the theme looks terrible with catppuccin + illuminate.enable = true; + breadcrumbs = { + enable = true; + navbuddy.enable = true; + }; + smartcolumn = { + enable = true; + columnAt.languages = { + # this is a freeform module, it's `buftype = int;` for configuring column position + nix = 110; + ruby = 120; + java = 130; + go = [ 90 130 ]; + }; + }; + }; + + vim.assistant = { + copilot = { + enable = true; + cmp.enable = true; + }; + }; + + vim.session = { + nvim-session-manager.enable = false; + }; + + vim.gestures = { + gesture-nvim.enable = false; + }; + + vim.comments = { + comment-nvim.enable = true; + }; + + vim.spellChecking.languages = [ "en" "de" ]; + }; + }; + }; +} diff --git a/modules/home/cli-apps/starship/default.nix b/modules/home/cli-apps/starship/default.nix new file mode 100644 index 0000000..4f0d6d3 --- /dev/null +++ b/modules/home/cli-apps/starship/default.nix @@ -0,0 +1,32 @@ +{ lib +, config +, pkgs +, ... +}: +let + inherit (lib) mkEnableOption mkIf; + + cfg = config.metacfg.cli-apps.starship; +in +{ + options.metacfg.cli-apps.starship = { + enable = mkEnableOption "starship"; + }; + + config = mkIf cfg.enable { + home.packages = with pkgs; [ + (pkgs.nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "JetBrainsMono" ]; }) + ]; + programs.starship = { + enable = true; + settings = { + container.format = "[\\[$name\\]]($style) "; + git_status = { + ahead = "⇡$\{count}"; + diverged = "⇕⇡$\{ahead_count}⇣$\{behind_count}"; + behind = "⇣$\{count}"; + }; + }; + }; + }; +} diff --git a/modules/home/cli-apps/tmux/default.nix b/modules/home/cli-apps/tmux/default.nix new file mode 100644 index 0000000..336e82f --- /dev/null +++ b/modules/home/cli-apps/tmux/default.nix @@ -0,0 +1,20 @@ +{ lib +, config +, pkgs +, ... +}: +with lib; +with lib.metacfg; let + cfg = config.metacfg.cli-apps.tmux; +in +{ + options.metacfg.cli-apps.tmux = { + enable = mkEnableOption "Tmux"; + }; + + config = mkIf cfg.enable { + home.packages = with pkgs; [ + tmux + ]; + }; +} diff --git a/modules/home/host/default.nix b/modules/home/host/default.nix new file mode 100644 index 0000000..4aaba8a --- /dev/null +++ b/modules/home/host/default.nix @@ -0,0 +1,11 @@ +{ lib, config, pkgs, host ? null, format ? "unknown", ... }: + +let + inherit (lib) types; + inherit (lib.metacfg) mkOpt; +in +{ + options.metacfg.host = { + name = mkOpt (types.nullOr types.str) host "The host name."; + }; +} diff --git a/modules/home/tools/alacritty/default.nix b/modules/home/tools/alacritty/default.nix new file mode 100644 index 0000000..aad2262 --- /dev/null +++ b/modules/home/tools/alacritty/default.nix @@ -0,0 +1,22 @@ +{ lib +, config +, pkgs +, ... +}: +let + inherit (lib) mkEnableOption mkIf; + + cfg = config.metacfg.tools.alacritty; +in +{ + options.metacfg.tools.alacritty = { + enable = mkEnableOption "alacritty"; + }; + + config = mkIf cfg.enable { + home.packages = with pkgs; [ + alacritty + (pkgs.nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "JetBrainsMono" ]; }) + ]; + }; +} diff --git a/modules/home/tools/direnv/default.nix b/modules/home/tools/direnv/default.nix new file mode 100644 index 0000000..a1c83bf --- /dev/null +++ b/modules/home/tools/direnv/default.nix @@ -0,0 +1,18 @@ +{ options, config, lib, pkgs, ... }: + +with lib; +with lib.metacfg; +let cfg = config.metacfg.tools.direnv; +in +{ + options.metacfg.tools.direnv = with types; { + enable = mkBoolOpt false "Whether or not to enable direnv."; + }; + + config = mkIf cfg.enable { + programs.direnv = { + enable = true; + nix-direnv = enabled; + }; + }; +} diff --git a/modules/home/tools/git/default.nix b/modules/home/tools/git/default.nix new file mode 100644 index 0000000..b48c5a5 --- /dev/null +++ b/modules/home/tools/git/default.nix @@ -0,0 +1,66 @@ +{ lib, config, pkgs, ... }: + +let + inherit (lib) types mkEnableOption mkIf; + inherit (lib.metacfg) mkOpt enabled; + + cfg = config.metacfg.tools.git; + user = config.metacfg.user; +in +{ + options.metacfg.tools.git = { + enable = mkEnableOption "Git"; + userName = mkOpt types.str user.fullName "The name to configure git with."; + userEmail = mkOpt types.str user.email "The email to configure git with."; + signingKey = + mkOpt types.str "7F3D64824AC0B6B8009E50504BC0896FB5693595" "The key ID to sign commits with."; + signByDefault = mkOpt types.bool false "Whether to sign commits by default."; + }; + + config = mkIf cfg.enable { + home.packages = with pkgs; [ + git-delete-merged-branches + delta + ]; + programs.git = { + enable = true; + inherit (cfg) userName userEmail; + lfs = enabled; + signing = { + key = cfg.signingKey; + inherit (cfg) signByDefault; + }; + extraConfig = { + init = { defaultBranch = "main"; }; + pull = { rebase = true; }; + push = { autoSetupRemote = true; }; + core = { whitespace = "trailing-space,space-before-tab"; }; + safe = { + directory = "${user.home}/git"; + }; + "credential \"https://github.com\"" = { + helper = "!gh auth git-credential"; + }; + alias = { + co = "checkout"; + ci = "commit --signoff"; + }; + pull.ff = "only"; + core.pager = "${pkgs.delta}/bin/delta"; + delta = { + features = "decorations"; + syntax-theme = "DarkNeon"; + light = "false"; + navigate = "true"; + }; + interactive.diffFilter = "${pkgs.delta}/bin/delta --color-only"; + merge.conflictStyle = "diff3"; + diff.colorMoved = "default"; + filter.rot8000 = { + clean = "${pkgs.metacfg.rot8000}/bin/rot8000"; + smudge = "${pkgs.metacfg.rot8000}/bin/rot8000"; + }; + }; + }; + }; +} diff --git a/modules/home/tools/jetbrains/default.nix b/modules/home/tools/jetbrains/default.nix new file mode 100644 index 0000000..e2f934b --- /dev/null +++ b/modules/home/tools/jetbrains/default.nix @@ -0,0 +1,21 @@ +{ options, config, lib, pkgs, ... }: + +with lib; +with lib.metacfg; +let cfg = config.metacfg.tools.jetbrains; +in +{ + options.metacfg.tools.jetbrains = with types; { + enable = mkBoolOpt false "Whether or not to enable jetbrains."; + }; + + config = mkIf cfg.enable { + home.sessionPath = [ + "$HOME/.local/share/JetBrains/Toolbox/scripts" + ]; + home.packages = with pkgs; [ + jetbrains-toolbox + (pkgs.nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "JetBrainsMono" ]; }) + ]; + }; +} diff --git a/modules/home/tools/ssh/default.nix b/modules/home/tools/ssh/default.nix new file mode 100644 index 0000000..9278a73 --- /dev/null +++ b/modules/home/tools/ssh/default.nix @@ -0,0 +1,24 @@ +{ lib, config, pkgs, ... }: + +let + inherit (lib) types mkEnableOption mkIf; + cfg = config.metacfg.tools.ssh; +in +{ + options.metacfg.tools.ssh = { + enable = mkEnableOption "SSH"; + }; + + config = mkIf cfg.enable { + home.packages = with pkgs; [ + mosh + ]; + programs.ssh = { + enable = true; + extraConfig = '' + Host * + HostKeyAlgorithms +ssh-rsa + ''; + }; + }; +} diff --git a/modules/home/user/default.nix b/modules/home/user/default.nix new file mode 100644 index 0000000..49dcd68 --- /dev/null +++ b/modules/home/user/default.nix @@ -0,0 +1,50 @@ +{ lib, config, pkgs, osConfig ? { }, ... }: + +let + inherit (lib) types mkIf mkDefault mkMerge; + inherit (lib.metacfg) mkOpt; + + cfg = config.metacfg.user; + + is-linux = pkgs.stdenv.isLinux; + is-darwin = pkgs.stdenv.isDarwin; + + home-directory = + if cfg.name == null then + null + else if is-darwin then + "/Users/${cfg.name}" + else + "/home/${cfg.name}"; +in +{ + options.metacfg.user = { + enable = mkOpt types.bool false "Whether to configure the user account."; + name = mkOpt (types.nullOr types.str) config.snowfallorg.user.name "The user account."; + + fullName = mkOpt types.str "Harald Hoyer" "The full name of the user."; + email = mkOpt types.str "harald@hoyer.xyz" "The email of the user."; + + home = mkOpt (types.nullOr types.str) home-directory "The user's home directory."; + }; + + config = mkIf cfg.enable (mkMerge [ + { + assertions = [ + { + assertion = cfg.name != null; + message = "metacfg.user.name must be set"; + } + { + assertion = cfg.home != null; + message = "metacfg.user.home must be set"; + } + ]; + + home = { + username = mkDefault cfg.name; + homeDirectory = mkDefault cfg.home; + }; + } + ]); +} diff --git a/modules/nixos/home/default.nix b/modules/nixos/home/default.nix new file mode 100644 index 0000000..c7e9591 --- /dev/null +++ b/modules/nixos/home/default.nix @@ -0,0 +1,32 @@ +{ options, config, pkgs, lib, inputs, ... }: + +with lib; +with lib.metacfg; +let cfg = config.metacfg.home; +in +{ + options.metacfg.home = with types; { + file = mkOpt attrs { } + (mdDoc "A set of files to be managed by home-manager's `home.file`."); + configFile = mkOpt attrs { } + (mdDoc "A set of files to be managed by home-manager's `xdg.configFile`."); + extraOptions = mkOpt attrs { } "Options to pass directly to home-manager."; + }; + + config = { + metacfg.home.extraOptions = { + home.stateVersion = config.system.stateVersion; + home.file = mkAliasDefinitions options.metacfg.home.file; + xdg.enable = true; + xdg.configFile = mkAliasDefinitions options.metacfg.home.configFile; + }; + + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + + users.${config.metacfg.user.name} = + mkAliasDefinitions options.metacfg.home.extraOptions; + }; + }; +} diff --git a/modules/nixos/nix-ld/default.nix b/modules/nixos/nix-ld/default.nix new file mode 100644 index 0000000..3878c83 --- /dev/null +++ b/modules/nixos/nix-ld/default.nix @@ -0,0 +1,135 @@ +{ options, config, lib, pkgs, ... }: + +with lib; +with lib.metacfg; +let cfg = config.metacfg.nix-ld; +in +{ + options.metacfg.nix-ld = with types; { + enable = mkBoolOpt false "Whether or not to enable nix-ld."; + }; + + config = mkIf cfg.enable { + + programs.nix-ld.enable = true; + + # Sets up all the libraries to load + programs.nix-ld.libraries = with pkgs; [ + SDL + SDL2 + SDL2_image + SDL2_mixer + SDL2_ttf + SDL_image + SDL_mixer + SDL_ttf + alsa-lib + at-spi2-atk + at-spi2-core + atk + bzip2 + cairo + cups + curlWithGnuTls + dbus + dbus-glib + desktop-file-utils + e2fsprogs + expat + flac + fontconfig + freeglut + freetype + fribidi + fuse + fuse3 + gdk-pixbuf + glew110 + glib + gmp + gst_all_1.gst-plugins-base + gst_all_1.gst-plugins-ugly + gst_all_1.gstreamer + gtk2 + harfbuzz + icu + keyutils.lib + libGL + libGLU + libappindicator-gtk2 + libcaca + libcanberra + libcap + libclang.lib + libdbusmenu + libdrm + libgcrypt + libgpg-error + libidn + libjack2 + libjpeg + libmikmod + libogg + libpng12 + libpulseaudio + librsvg + libsamplerate + libsecret + libthai + libtheora + libtiff + libudev0-shim + libusb1 + libuuid + libvdpau + libvorbis + libvpx + libxcrypt-legacy + libxkbcommon + libxml2 + mesa + nspr + nss + openssl + p11-kit + pango + pixman + python3 + speex + stdenv.cc.cc + tbb + udev + vulkan-loader + wayland + xorg.libICE + xorg.libSM + xorg.libX11 + xorg.libXScrnSaver + xorg.libXcomposite + xorg.libXcursor + xorg.libXdamage + xorg.libXext + xorg.libXfixes + xorg.libXft + xorg.libXi + xorg.libXinerama + xorg.libXmu + xorg.libXrandr + xorg.libXrender + xorg.libXt + xorg.libXtst + xorg.libXxf86vm + xorg.libpciaccess + xorg.libxcb + xorg.xcbutil + xorg.xcbutilimage + xorg.xcbutilkeysyms + xorg.xcbutilrenderutil + xorg.xcbutilwm + xorg.xkeyboardconfig + xz + zlib + ]; + + }; +} diff --git a/modules/nixos/nix/default.nix b/modules/nixos/nix/default.nix new file mode 100644 index 0000000..fff517b --- /dev/null +++ b/modules/nixos/nix/default.nix @@ -0,0 +1,94 @@ +{ options, config, pkgs, lib, inputs, ... }: + +with lib; +with lib.metacfg; +let + cfg = config.metacfg.nix; + + substituters-submodule = types.submodule ({ name, ... }: { + options = with types; { + key = mkOpt (nullOr str) null "The trusted public key for this substituter."; + }; + }); +in +{ + options.metacfg.nix = with types; { + enable = mkBoolOpt false "Whether or not to manage nix configuration."; + package = mkOpt package pkgs.nix "Which nix package to use."; + + default-substituter = { + url = mkOpt str "https://cache.nixos.org" "The url for the substituter."; + key = mkOpt str "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "The trusted public key for the substituter."; + }; + + extra-substituters = mkOpt (attrsOf substituters-submodule) { } "Extra substituters to configure."; + }; + + config = mkIf cfg.enable { + assertions = mapAttrsToList + (name: value: { + assertion = value.key != null; + message = "metacfg.nix.extra-substituters.${name}.key must be set"; + }) + cfg.extra-substituters; + + environment.systemPackages = with pkgs; [ + metacfg.nixos-revision + (metacfg.nixos-hosts.override { + hosts = inputs.self.nixosConfigurations; + }) + deploy-rs + nixfmt + nix-index + nix-prefetch-git + nix-output-monitor + ]; + + nix = + let + users = [ "root" config.metacfg.user.name ] ++ + optional config.services.hydra.enable "hydra"; + extra-substituters = cfg.extra-substituters // { + "https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE="; + }; + in + { + package = cfg.package; + + settings = { + experimental-features = "nix-command flakes"; + http-connections = 50; + warn-dirty = false; + log-lines = 50; + sandbox = "relaxed"; + auto-optimise-store = true; + trusted-users = users; + allowed-users = users; + + substituters = + [ cfg.default-substituter.url ] + ++ + (mapAttrsToList (name: value: name) extra-substituters); + trusted-public-keys = + [ cfg.default-substituter.key ] + ++ + (mapAttrsToList (name: value: value.key) extra-substituters); + + } // (lib.optionalAttrs config.metacfg.tools.direnv.enable { + keep-outputs = true; + keep-derivations = true; + }); + + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + + # flake-utils-plus + generateRegistryFromInputs = true; + generateNixPathFromInputs = true; + linkInputs = true; + }; + }; +} diff --git a/modules/nixos/services/base/default.nix b/modules/nixos/services/base/default.nix new file mode 100644 index 0000000..18493d3 --- /dev/null +++ b/modules/nixos/services/base/default.nix @@ -0,0 +1,159 @@ +{ options +, config +, lib +, pkgs +, ... +}: +with lib; +with lib.metacfg; +let + cfg = config.metacfg.base; + gitconfig = pkgs.writeText "gitconfig" '' + [filter "rot8000"] + smudge = ${pkgs.metacfg.rot8000}/bin/rot8000 + clean = ${pkgs.metacfg.rot8000}/bin/rot8000 + ''; +in +{ + options.metacfg.base = with types; { + enable = mkBoolOpt false "Whether or not to enable the base config."; + + }; + + config = mkIf cfg.enable { + # Configure console keymap + console.keyMap = lib.mkDefault "us"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + i18n.extraLocaleSettings = { + LC_ADDRESS = "de_DE.UTF-8"; + LC_IDENTIFICATION = "de_DE.UTF-8"; + LC_MEASUREMENT = "de_DE.UTF-8"; + LC_MESSAGES = "en_US.UTF-8"; + LC_MONETARY = "de_DE.UTF-8"; + LC_NAME = "de_DE.UTF-8"; + LC_NUMERIC = "de_DE.UTF-8"; + LC_TELEPHONE = "de_DE.UTF-8"; + LC_TIME = "de_DE.UTF-8"; + }; + + environment = { + sessionVariables = { PATH = "$HOME/bin:$HOME/.cargo/bin"; }; + systemPackages = with pkgs; [ + age + bash + cifs-utils + clevis + delta + efibootmgr + git + git-crypt + git-delete-merged-branches + home-manager + htop + mosh + nixpkgs-fmt + openssl + restic + rrsync + sbctl + sops + strace + tmux + tpm2-pkcs11 + tpm2-pkcs11.out + tpm2-tools + vim + virt-manager + wget + ]; + shells = [ pkgs.fish pkgs.bash ]; + }; + + hardware = { + cpu = { + amd.updateMicrocode = lib.mkDefault true; + intel.updateMicrocode = lib.mkDefault true; + }; + enableRedistributableFirmware = lib.mkDefault true; + enableAllFirmware = true; + opengl.extraPackages = with pkgs; [ intel-compute-runtime ]; + }; + + programs = { + dconf.enable = true; + bash = { + ## shellInit = '' + interactiveShellInit = '' + bind '"\e[A": history-search-backward' + bind '"\e[B": history-search-forward' + ''; + }; + starship.enable = true; + mosh.enable = true; + vim.defaultEditor = true; + fish.enable = true; + }; + + # powerManagement.cpuFreqGovernor = "ondemand"; + + services = { + dbus.implementation = "broker"; + dbus.packages = [ pkgs.gcr ]; + fwupd.enable = true; + openssh = { + enable = true; + settings.PermitRootLogin = "prohibit-password"; + settings.X11Forwarding = true; + }; + }; + + security = { + tpm2.enable = lib.mkDefault true; + tpm2.abrmd.enable = lib.mkDefault true; + sudo = { + enable = true; + wheelNeedsPassword = false; + }; + }; + + time.timeZone = "Europe/Berlin"; + + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box" + "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDsb/Tr69YN5MQLweWPuJaRGm+h2kOyxfD6sqKEDTIwoAAAABHNzaDo= harald@fedora.fritz.box" + ]; + + boot = { + tmp.cleanOnBoot = true; + loader = { + systemd-boot.enable = lib.mkDefault true; + efi.canTouchEfiVariables = true; + timeout = 2; + }; + initrd.systemd.enable = true; + kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest; + }; + + system.autoUpgrade = { + flags = [ + "--update-input" + "nixpkgs" + "--update-input" + "unstable" + "--no-write-lock-file" + "-L" + ]; + flake = "git+https://git.hoyer.xyz/harald/nixcfg"; + }; + systemd.services.nixos-upgrade = { + path = [ pkgs.metacfg.rot8000 ]; + environment.GIT_CONFIG_GLOBAL = toString gitconfig; + }; + + virtualisation.libvirtd.enable = true; + + }; +} diff --git a/modules/nixos/services/gui/default.nix b/modules/nixos/services/gui/default.nix new file mode 100644 index 0000000..322dc25 --- /dev/null +++ b/modules/nixos/services/gui/default.nix @@ -0,0 +1,138 @@ +{ options, config, lib, pkgs, ... }: + +with lib; +with lib.metacfg; +let cfg = config.metacfg.gui; +in +{ + options.metacfg.gui = with types; { + enable = mkBoolOpt false "Whether or not to enable a GUI."; + }; + + config = mkIf cfg.enable { + services = { + gnome.tracker-miners.enable = lib.mkForce false; + + flatpak.enable = true; + + pcscd.enable = lib.mkDefault false; + + # Enable CUPS to print documents. + printing.enable = true; + + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + + udev.packages = [ + pkgs.libu2f-host + pkgs.yubikey-personalization + ]; + + xserver = { + layout = lib.mkDefault "de+us"; + enable = true; + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; + }; + }; + #security.pam.p11.control = "sufficient"; + #security.pam.p11.control = "required"; + #security.pam.p11.enable = true; + # services.fprintd.enable = true; + #security.pam.yubico.enable = true; + #security.pam.yubico.control = "sufficient"; + #security.pam.yubico.mode = "challenge-response"; + + #security.tpm2.pkcs11.enable = true; + + # Enable sound with pipewire. + sound.enable = true; + hardware.pulseaudio.enable = false; + + security.rtkit.enable = true; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + enableBrowserSocket = true; + }; + + environment.systemPackages = with pkgs; [ + bat + cardpeek + ccache + clang + dive + file + firefox + gh + git + gimp + gnome.gnome-software + gnomeExtensions.appindicator + gnomeExtensions.dash-to-panel + gnomeExtensions.hibernate-status-button + gnomeExtensions.vitals + gnupg + go + jetbrains-toolbox + jq + kbfs + libu2f-host + mosh + mosh + nixpkgs-fmt + opensc + pasystray + #pcsctools + pinentry-gnome + pkg-config + ripgrep + slack + spotify + statix + thunderbird + tmux + vim + wl-clipboard + yubikey-personalization + yubikey-manager-qt + zellij + rustup + ]; + + #----=[ Fonts ]=----# + fonts = { + enableDefaultPackages = false; + packages = with pkgs; [ + noto-fonts-emoji + liberation_ttf + freefont_ttf + (nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "JetBrainsMono" ]; }) + ]; + + fontconfig = { + enable = true; + defaultFonts = { + serif = [ "Liberation" ]; + sansSerif = [ "Liberation" ]; + monospace = [ "JetBrainsMono" ]; + emoji = [ "Noto Color Emoji" ]; + }; + }; + }; + + # remote desktop + networking.firewall.allowedTCPPorts = [ 3389 ]; + }; +} diff --git a/modules/nixos/services/podman/default.nix b/modules/nixos/services/podman/default.nix new file mode 100644 index 0000000..51e0d63 --- /dev/null +++ b/modules/nixos/services/podman/default.nix @@ -0,0 +1,25 @@ +{ options, config, lib, pkgs, ... }: + +with lib; +with lib.metacfg; +let cfg = config.metacfg.podman; +in +{ + options.metacfg.podman = with types; { + enable = mkBoolOpt false "Whether or not to enable podman."; + }; + + config = mkIf cfg.enable { + virtualisation = { + podman = { + enable = true; + + # Create a `docker` alias for podman, to use it as a drop-in replacement + dockerCompat = lib.mkDefault true; + + # For Nixos version > 22.11 + defaultNetwork.settings = { dns_enabled = true; }; + }; + }; + }; +} diff --git a/modules/nixos/services/secureboot/default.nix b/modules/nixos/services/secureboot/default.nix new file mode 100644 index 0000000..e0e51d4 --- /dev/null +++ b/modules/nixos/services/secureboot/default.nix @@ -0,0 +1,21 @@ +{ options, config, lib, pkgs, ... }: + +with lib; +with lib.metacfg; +let cfg = config.metacfg.secureboot; +in +{ + options.metacfg.secureboot = with types; { + enable = mkBoolOpt false "Whether or not to enable secureboot."; + }; + + config = mkIf cfg.enable { + boot = { + lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; + }; + loader.systemd-boot.enable = lib.mkForce false; + }; + }; +} diff --git a/modules/nixos/sgx/aesmd_dcap/default.nix b/modules/nixos/sgx/aesmd_dcap/default.nix new file mode 100644 index 0000000..a68e50e --- /dev/null +++ b/modules/nixos/sgx/aesmd_dcap/default.nix @@ -0,0 +1,30 @@ +{ options, config, lib, pkgs, ... }: + +with lib; +with lib.metacfg; +let + cfg = config.metacfg.aesmd_dcap; +in +{ + options.metacfg.aesmd_dcap = with types; { + enable = mkBoolOpt false "Whether or not to enable aesmd in dcap mode."; + }; + + config = mkIf cfg.enable { + metacfg = { + nix.extra-substituters = { + "https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE="; + }; + }; + services.aesmd = { + enable = true; + quoteProviderLibrary = pkgs.nixsgx.sgx-dcap.default_qpl; + }; + systemd.services.aesmd = { + environment.LD_LIBRARY_PATH = lib.mkForce (lib.makeLibraryPath [ pkgs.nixsgx.sgx-dcap.default_qpl pkgs.curl.out ]); + serviceConfig.BindReadOnlyPaths = [ + "/etc/sgx_default_qcnl.conf" + ]; + }; + }; +} diff --git a/modules/nixos/sgx/pccs/default.nix b/modules/nixos/sgx/pccs/default.nix new file mode 100644 index 0000000..86c715a --- /dev/null +++ b/modules/nixos/sgx/pccs/default.nix @@ -0,0 +1,69 @@ +{ options, config, lib, pkgs, ... }: + +with lib; +with lib.metacfg; +let + cfg = config.metacfg.pccs; + cfg_podman = config.metacfg.podman; +in +{ + options.metacfg.pccs = with types; { + enable = mkBoolOpt false "Whether or not to enable a SGX-DCAP."; + secret = mkOption { + type = with types; nullOr path; + default = null; + example = literalExpression "config.sops.secrets.pccs.path"; + description = lib.mdDoc "path to the pccs secret file"; + }; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.secret != null; + message = "path to the pccs secret file is required when pccs is enabled"; + } + { + assertion = cfg_podman.enable; + message = "podman must be enabled when pccs is enabled"; + } + ]; + + metacfg = { + nix.extra-substituters = { + "https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE="; + }; + }; + + virtualisation.oci-containers.backend = "podman"; + virtualisation.oci-containers.containers = { + # podman run --pull=always --name pccs -it --rm -v /dev/log:/dev/log --secret PCCS_CONFIG,type=mount -p 8081:8081 registry.gitlab.com/haraldh/pccs:pccs_1_19 + pccs = { + image = "docker.io/backslashhh/pccs:dcap_1_19"; + autoStart = true; + ports = [ "8081:8081" ]; + extraOptions = [ + "--volume=/dev/log:/dev/log" + "--secret=PCCS_CONFIG,type=mount" + ]; + }; + }; + + systemd.services.pccs-secret = + { + description = "Inject pccs secret"; + wantedBy = [ "multi-user.target" ]; + before = [ "podman-pccs.service" ]; + + serviceConfig = { + EnvironmentFile = cfg.secret; + ExecStart = '' + -${pkgs.podman}/bin/podman secret create --env PCCS_CONFIG PCCS_CONFIG + ''; + RemainAfterExit = true; + }; + }; + + + }; +} diff --git a/modules/nixos/tools/direnv/default.nix b/modules/nixos/tools/direnv/default.nix new file mode 100644 index 0000000..c6c6066 --- /dev/null +++ b/modules/nixos/tools/direnv/default.nix @@ -0,0 +1,20 @@ +{ options, config, lib, pkgs, ... }: + +with lib; +with lib.metacfg; +let cfg = config.metacfg.tools.direnv; +in +{ + options.metacfg.tools.direnv = with types; { + enable = mkBoolOpt false "Whether or not to enable direnv."; + }; + + config = mkIf cfg.enable { + metacfg.home.extraOptions = { + programs.direnv = { + enable = true; + nix-direnv = enabled; + }; + }; + }; +} diff --git a/modules/nixos/tools/git/default.nix b/modules/nixos/tools/git/default.nix new file mode 100644 index 0000000..7bdafa4 --- /dev/null +++ b/modules/nixos/tools/git/default.nix @@ -0,0 +1,61 @@ +{ options, config, pkgs, lib, ... }: + +with lib; +with lib.metacfg; +let + cfg = config.metacfg.tools.git; + gpg = config.metacfg.security.gpg; + user = config.metacfg.user; +in +{ + options.metacfg.tools.git = with types; { + enable = mkBoolOpt false "Whether or not to install and configure git."; + userName = mkOpt types.str user.fullName "The name to configure git with."; + userEmail = mkOpt types.str user.email "The email to configure git with."; + signingKey = + mkOpt types.str "9762169A1B35EA68" "The key ID to sign commits with."; + }; + + config = mkIf cfg.enable { + environment.systemPackages = with pkgs; [ git ]; + + metacfg.home.extraOptions = { + programs.git = { + enable = true; + inherit (cfg) userName userEmail; + lfs = enabled; + signing = { + key = cfg.signingKey; + signByDefault = mkIf gpg.enable true; + }; + extraConfig = { + init = { defaultBranch = "main"; }; + pull = { rebase = true; }; + push = { autoSetupRemote = true; }; + core = { whitespace = "trailing-space,space-before-tab"; }; + safe = { + directory = "${user.home}/git"; + }; + "credential \"https://github.com\"" = { + helper = "!gh auth git-credential"; + }; + alias = { + co = "checkout"; + ci = "commit --signoff"; + }; + pull.ff = "only"; + core.pager = "${pkgs.delta}/bin/delta"; + delta = { + features = "decorations"; + syntax-theme = "DarkNeon"; + light = "false"; + navigate = "true"; + }; + interactive.diffFilter = "${pkgs.delta}/bin/delta --color-only"; + merge.conflictStyle = "diff3"; + diff.colorMoved = "default"; + }; + }; + }; + }; +} diff --git a/modules/nixos/user/default.nix b/modules/nixos/user/default.nix new file mode 100644 index 0000000..ddcc640 --- /dev/null +++ b/modules/nixos/user/default.nix @@ -0,0 +1,104 @@ +{ options +, config +, pkgs +, lib +, ... +}: +with lib; +with lib.metacfg; let + cfg = config.metacfg.user; + defaultIconFileName = "profile.jpg"; + defaultIcon = pkgs.stdenvNoCC.mkDerivation { + name = "default-icon"; + src = ./. + "/${defaultIconFileName}"; + + dontUnpack = true; + + installPhase = '' + cp $src $out + ''; + + passthru = { fileName = defaultIconFileName; }; + }; + propagatedIcon = + pkgs.runCommandNoCC "propagated-icon" + { passthru = { fileName = cfg.icon.fileName; }; } + '' + local target="$out/share/metacfg-icons/user/${cfg.name}" + mkdir -p "$target" + + cp ${cfg.icon} "$target/${cfg.icon.fileName}" + ''; +in +{ + options.metacfg.user = with types; { + name = mkOpt str "harald" "The name to use for the user account."; + fullName = mkOpt str "Harald Hoyer" "The full name of the user."; + email = mkOpt str "harald@hoyer.xyz" "The email of the user."; + initialPassword = + mkOpt str "password" + "The initial password to use when the user is first created."; + icon = + mkOpt (nullOr package) defaultIcon + "The profile picture to use for the user."; + prompt-init = mkBoolOpt true "Whether or not to show an initial message when opening a new shell."; + extraGroups = mkOpt (listOf str) [ ] "Groups for the user to be assigned."; + sshKeys = mkOpt (listOf str) [ + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDsb/Tr69YN5MQLweWPuJaRGm+h2kOyxfD6sqKEDTIwoAAAABHNzaDo= harald@fedora.fritz.box" + "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz" + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAYbUTKpy4QR3s944/hjJ1UK05asFEs/SmWeUbtS0cdA660sT4xHnRfals73FicOoz+uIucJCwn/SCM804j+wtM=" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box" + ] "ssh keys"; + extraOptions = + mkOpt attrs { } + (mdDoc "Extra options passed to `users.users.`."); + }; + + config = { + environment.systemPackages = with pkgs; [ + ]; + + metacfg.home = { + file = { + "Desktop/.keep".text = ""; + "Documents/.keep".text = ""; + "Downloads/.keep".text = ""; + "Music/.keep".text = ""; + "Pictures/.keep".text = ""; + "Videos/.keep".text = ""; + "work/.keep".text = ""; + ".face".source = cfg.icon; + "Pictures/${ + cfg.icon.fileName or (builtins.baseNameOf cfg.icon) + }".source = + cfg.icon; + }; + extraOptions.programs.bash.initExtra = '' + [[ $WANT_BASH ]] || ${pkgs.fish}/bin/fish -l + ''; + }; + + users.users.${cfg.name} = + { + isNormalUser = true; + + # inherit (cfg) name initialPassword; + + openssh.authorizedKeys.keys = cfg.sshKeys; + home = "/home/${cfg.name}"; + group = "users"; + + shell = pkgs.bash; + + # Arbitrary user ID to use for the user. Since I only + # have a single user on my machines this won't ever collide. + # However, if you add multiple users you'll need to change this + # so each user has their own unique uid (or leave it out for the + # system to select). + uid = 1000; + + extraGroups = [ ] ++ cfg.extraGroups; + } + // cfg.extraOptions; + }; +} diff --git a/modules/nixos/user/profile.jpg b/modules/nixos/user/profile.jpg new file mode 100644 index 0000000000000000000000000000000000000000..1188670c5cc538b24d7692359f7d7f0d35f2666c GIT binary patch literal 33293 zcmbrl1yCeS(?2-4E$;5_4vQ`B?kZ~FuLZYRuLjw3;WDIn16joA_`(Ld813oPNV;umPWBkX~{~`Q; z`-)&{<^ue@K-kZLJU~Zh*H8TI6DxSQI{t$bJ~0N+(%AG97k^>~=g$lL#54c!P5y)T z|G^gj!B78SXEha3008{UCnmA@4`%oWoBRj=GZzw|rL*1V7~4-wVQ1_1c@6*4KQsAa zX0NXLc_jGv;{s3tNCHFvBmfhD8^8)+3vdN6eje>VefIyX$M&zD0>I%@2l&}L0=xju zpBfeb%THZ~Pp%ul1z`4hH2>tAeKyh2GqetP<*4H%TFhRS^ieh5HFcx55mrMjhMPeV9}vEHH(?+E>m1% zmF@NNNR^pqzX+G!bVfu@wF-3-Z50;Q^pAhio$oxu_N^*keQE3DXsh~RqfaeS`>p-x zg#d8G&BfMMdvF0C5SH4&k%mm+<3ZowS}vj}eH-m3;4>(&Hmzyg(tDD}{^ApDU=Zy? zbJ1DT!_H+#9KaN^Uk#a5N|8X3z~n}=Y;H>684=3BP8H?a5S3I?<|i8mJ^DuzBh;m_ zbM?pXn5yA|xg+b? z$jWH@PuXaP?#g7uLUQ(Ol$X{is;U-b#)i1PWxp;?srzz9eaKt|xdYw#<&JOHP|B3Y zz$wG%;cKWYm zapb++A3j@TU;r0z;BB&*tw|pwthf**O>kpj>NDBpp{=Qc-N1S$S+YhZ+r&Gcg(e-6 z1ew(PKfcntM2Q18I;ssmYh1|TJ>fKPo76WK;-);J{JvVXDm!%fi;t>};F7(;iri)L zW+>O?o_Bwg{8({_TJkn~R%|naKJ#?C-2Ev@F*@g4lFsMtPJ^Q?lm`E7Mk8g>8Sf^Q zafX`Nl5I>k?=4UpgnnEF#50T)NY{S&v!qOFz&V^m5IMZ3Dmr;RYnnwbY0_>x71Z7VKk+Kt4Hno!fEm#>6xP~NjuIE97>4`Y%~Z=oKsT+&#}a&tjHpNAF_@% z6LJC z^&3Oy#g7^%9qo|pzWpG15kd&*2~KnCp@zf<+qS+Mrw!%l4FvmhXDx=E(~htC?-rd@ zzbKGt}iP61cmqIH7RucQ=4sqKtZ~L8CzgE;S}K%Tcu?AQ8XwEY92Sy3zL`$l^w$TT3#uT9`~j z=jQLEz06>YTPk7N?JAFn020z;b~mrYwzKs0XSgt+$;t_St9nGPO=(!Pxg0#qu&H3m zRh6lt$~eX5CDe>Q#d{aZ?KF*n9_GdgoK>ha%v~GQKB$`XysxcuUAIq43^U$X0m~=* zDp3aA9=#wKayg$B+K%_WW3jjxR&n*-4(YRW14jy%g$_5 zzDpc|cCW#>d5}fJXPUJ;J^<9S&92A?#{pWc#LMfZH(YuI7b6VlZl%0asijM_nYJ#Q zx3(0`QLBI3M_m`cA@2Q3o`&x%RnH(>Uv(xIc>_F_)D|6I^jvE z$LMH8lSiE({6pX9XBNL_eesz|OI942cq%cW}uQ3Heir%iBq{|-+8 ze#*++16#T(x`P;Q)Mt@>edjh(hZ0-3__j}9upKENo96{$jEU9au6CTSTy@PPBUiG7 z(XA5KN+FwS0>HP$a>wg#0ZJTR%6E0hb-TJx$^CK%G=rCOUMEN&lEVAF1imd)^ebxv zzqjryYJN>a;685+|1hFBA5)yaLgcQF|Ln_pv6sb+)(dmoW2ehXr`Al$?kRWIuJ5uB z_GIbMmYfS*>x}@6IEU0(L2K>tQ7O90xj!|R)}oWWQ_iu#Szu5p<}&Jx`Am5)DUE|< zB*ZF2v$W-;ZC*1*bM6xPk2{Y+e?|{R2RkT+!$}}FZf?VQ2BA9TZj(XR{(CKpZ&vnv ztW+a#KYNzr{+D5?mq1@@8)odh7g0(u7GJ6VLwk2tzOwXm1FSAL{S;0oXv~LG+!*bG z)vbV{ZmO06if47Zdb_H@^mN^xYFKuDnMm5nv-n3CA&=@A&54^QQ*#q+VKt4f&5G}z z);z2gyc7rG-ws4UT%*6^yABVt=3W(N+FrQhAiI$YDw&-hwX4aC=hVJ4=j1SdZ9lx` z;_kFZNYUWv+jmf-ax9fdv4UZ^^fm`!V|}1MMfIKR9J^o?CLNM78b=4zZ}|n{^Mvm0n)4bUy$bAPpZn zRjBA^L%uP((+dY|9mL4%3(h#o2F68e^#HXLi)X>?8*zAw?{}xBMO@@o1NBq)W3Mr4 zibCJ0rzd6XONVu2+PPKb1san|-H^T;)6@#l$shP5*)r-IWzgjK3EJWp|5X&IjIYc} zoP<#`G*gqYdu|eA+E1yI&sluruKEL!D5#-bMOI$;nCOJRV(Zji%RQIN)5e(X4_6%Y z8xzN=3VWA`)cHE7FfhR?ybkS!i#!&#_chD!5o#nT={pq|UfKnyG1$`%|n= zNQ|Qnq9pK73*=JT%4cHAfC2!61P6nFfc(rt|4qL?lTiprC{#2QbW&&xRuVE6VRE)_ zm=x?BpQ$SBX9f!f1&#=2?#E5|m-((nvMq6tjeC#QoupE?J$HjxSwDfn08O?OTHJvD z!FXZ6DAo*11DI=`5o7VQOPKL)BnJakkO9-i{iv10VSC+G|M~BYVZ9IQd7;l1`Bfd4 zdb))X@cYnCu}?8i_3YhUVGC8~1H*bAuAFAXxiof1YwEC%u*~m_qV3qI#491?Q`N*5 zs#1z(k7f)v+_mbARwBV4rS+G#NC}*6>oKXi5e3k6&A1d}8};<$(eu3FhHeD5Zk4?* zZO#L=xuyr?e>t+KTPrfV_+egaRaDsY@8uII196YO`DEK`xNwQ05}iqK{CZoo_4(42 zEvH2jZRfhQagU*Vta(`uKQA#QdY?Sp{;o-DH*~(TS832KtI@C`MsL+qONmDQWEce+S#v%h}MXT^H4eM><>tLEFW-46M?)>;F8$*Cb` z9s0C8{8a?Uslyu1JN~GM#3`ZnVw9GvL9_TO_Yz%zKz5=PhzgwY~9gn*F;9 z%u++)^N@B@&drX-WhD)cbIO4)x<=N;xSH)*xt1uQ=NvhtcTMzLPbnSz)7Fp(O<|9H z3gk(rJWzDqZ@H(<`8qLK{ZfGxjenG^>hL9CPA@XnKk*N7Bs)v`qDiH*mg`)Rdo7-p zZMY9I1FNL+QyFJnqvAkM8vz58uN}xp!O{h22@D_=$NXE*c8N{@OfAaCILS7EgtIiZ za7y2m>0y2`XOLFPXzHi#(vt{sC83)*q7SsPNI5({v6*m@1Y)05PL7@epvf zu%_s9k=?aw$FpbmzkKd z?Jmmt0N_b~0KypjMhnZW(kEO)+O3B#_J%Y$hMXN6tk3ZH-3ca{`0P1|JhU5Css3PY zom~tvG1N;MD6C^@z06xLS3R(DF|)8o1n=FZC?h;Pk$MHj*=AT%*6eG&iYJ_Mp9K)M zX2}(NXE2v!I$0jFrxt(YV*3(Hsa~+V zs3Af~iiYZWURuxEvqN)d)>f35k#(PyHe$6%Fp7m_&$gU5TzY*4{9|#;zF!h&*uafe zY98$>_J!HiHWRwHPi*zIznoiHeHJ4#RKp3yNum#dtlmUwz@CTUMJ{wWd7$2!CM?%5#y5q1yNSdxe+hVr<*|HjD-#ICCLZExH z_BN}N&NoIz5}`5W=eR0keaU7l-9&6$Rw#J zdf4Cb;)x_%{2D>CvrF>KLdP_(qxR-(c#G$n=JdqcT`^U$$#BTVlZ?YT^^Q)qb_mD> z0$Yb;UwOvoQCVXUbzr@|ku=Xu&k9W`YgJ4g=@i&jyO5zD@^-JgoKA@}$-qAIuuMFY z+FIbsu8$M=*fQAYgbUw6+=VtFKS$BFS*DNk{z$#7Y+Gbs%wBT#$&VR(0wxVKLAu$f zMc(`*vvnHc3i~leC@fjC_(Bx?2E{+L!{9vRsxkKFXvgnH=;Nd6(}DByzS>Gv&q8|D z(h}Txqq`+vT}ud0Lp*jcZdHTyN+~nUxfNiOHitjbd~WQM$I&p}eDaWckYyX1emX?4 zMdM4HJh$U8LT`-mHMIH;VN~>5@LL`*JGJ#mrqV32bW;3u-qvXDSCe~x8^+L$A3YgZ zTy!1Y2Y}&;7{TWhW~NVL@df<*D&nhHWm-{ahFs-tG_vAqKk@K3?NK80l|kFDG7P+! zz`{VpH2lE&J)n#s9RkL!_jGxLR*fki^-j-PzO7&ydp z2Vljs9y2M1d+j-VI6gTPa}%^k z2;z|;5o6^pi1}u)r!$S&aZqBCKmjq_Pn&!q?T3W--690M{O@hZae^G-N^R6qwVOav z%eM4ZgI{5MSe3KE^rto&nnlL7^dz+y~nTUu#%YYe0v6WXHjD9gQ>asr&9 zsuOC;ujZ_29nW&P+{A=hyNj8Zlsn)xdT~%1ouRXn1oB^)?3?FHQ}H`F?&$-fNrl{} z^cKQ8F{tY5o~C_-%D>q~lfX#0F7~9Pis}qu7JtqC?xpCS+U|aims%7AeS=^IV<*}4 zD5LI49=c@Lf+`Y|GmMO^phE+7lBP%zy2EbpiyDuu}LgOd0qel$w1@AUvW5+WOx3vdu;whv}b$<_{*A?C7 zpsKTp(9;Y7pQWAr>N)E~icK|IOcXqCzigT*&v$CE`!EK-wQ#yj@aoRGt%Xkpt221Y z_jP18=<9u#rrPh*HP@!qWo_J>*%pr;zT^2V8b9Ker{k@}JB$Ms{VgZA#8&<9F{X@G z?3Ng_nU_e;sUHAW=d_<^RC4f0x_{{LDV+LFd4GmSqsbjv{5-8Ky=Vh%)vV21Yo5u< z&tk_y4xdAm?D)Taqs^9sF+GFg-QU;)0BA_ zGr}G`!xUo;o==9i#rvg|c&k>!&_%i0*2Hm%EyqK>>szFD-cWSv>GA- zF-M@hUQ_Fw&EsE(Z{C>9gWqK)XWtpbc6G8-ZW~B}tiqAcEjN{{8C7u>baj00{>yB$ zKTM749%venp&7o@;nN}Ty-+976jrLPd{y3Q@SF3iZ`dn01w(Quzc#M;aidyGZfbNR zDLg~E1Kw$gc{}4v($YFpmM?fzM;_{CuObK=wdj7eRhPzzL>NVO(`pZ`doXS8 z9xJW)YB^W(5ffad!<@Z5C)ky24`~_f-w<`h9c*+E;+96%vJamqP9R2MNCI^gy^-{q zWS0bJ9W+duvtlcF8hC#wS7ORsdd6`{bKHvVmDIk+bQwB9AuMXq%VS2oNh|iqFrV!l z$r?(uYh-|gh+W(2IjNlJZANu8OwSu|#bPM{c#pM#f-#>zRY>MQKOwI? z4)h!72Nn^zrq|B0KWVJwgbT}Xr;pr2%1IakXW)BBb-QG5Fw zRM1U!+y^CgT69k5wPKfue2V5_3WTP}({m*?!F|KJjDA)vyo{B0E=9JnnJh<|t|~1W zg;@v4#KK~6`6nFJg@Gr{J@~qx_m=y>MWqun-6*X^aLX;0wp+rQBLG8a3zK)=9*L0B zxXhu&!hSnYo-U>&2$zdZG{@y0!@JH| z3mXuwpd*LRRmBB8h>;|eB#3z$ICUwn*RpQPHevb8n%fhKBmZF3S@-zS$|E2zVVk&R z`9exT!HSM;v1X(GCk5Yfu9jH(N;NW18V4r1&|Jf7+14o5GK_ek$g+wP4#$Zuq zbNaX9@Hs#TjCD|m+!~=!8(mUaW5jnOd8BCDAqW@Dx0oq<-MegCr9`KYK`we0F2ffT zX=tu}Vb0yc#qEodL5>?w>@HhuumnuKjz&jqpn2pgwp$;17z&9Ls)6-p8relFVp0TQ zk(OClWxbR8{Bl>tz-1_uRy@w7kWVkbTQ?)dW$eT@N5&(K#kbwS1W{AT)>6^b z))SxLlFO+$;djgXByOiR;+05%{%~zctr7TTu(xi%uu$#DStYQWG@BObZ4c#~NH9|v zG;uK{D$)zVbTnSil9ekRi)R%0C8?J0V(bGv&98!Xw~Djl~)#I9BP# zb&6H?^+WW|#&|8F@JFI7dPNF{`HQ{i%)q$S*nqmC3S$h@#gUy!F3m@8_TZs4QKjdhC^$;Dhs z7*r$TBNkrSQi7R?p@|jUP~s(O@YuxpXk%L>NnPD}lMPH|G$Va&AsywCxonUg5-ZZb z9?a+;#T}9@DwJwyZuII@!RN*go2d!7lA$jmcbB_~CoralrnMKPT%tn(HAkbK75;`Uzo)rHP1Lo@M0Hu^|pkV`vK5DUL6p`$GBDAzD5HJ*qS>ql_$y>QVkR1M8 z|J47i|Nqcu;q71gXZ@q0kdpjo{j))_C>#G90O0=w0Ck!&Wzz~&t?jC|nN+Gtyaa)Q z{R*Z&`OJ`zq#gPPAovw%oBaSxi^S2~KTfeND5$}Cnr4bITpYcNj}O;cV`pxVp;3}X zJrvg=F_ZA^iA87;8iT{xDXfJK`(=KU-YulT%X1f_l#nm7Bk>I63D^NS+7$s4zK9?C^C46JYL;Ex&34qV6Q`$M?d#^mT!0Mk~7{sQ| z)a29+NHN-y%Uzyq%B`lRl_6*2ZlFYu!E4lag@`|4LNBtf!3GKMvK@r2w$W#1sKd9_ zsmc)8KL8GRJ5CbCiKX2`g@RqES#p2HUHwx05`9hMK!wez>CTc=bcx|y@fsF`euc7` z*YSEnXYq-cG^-dC9{@3b{uKre5oRC}#;)vMJd{foQF4oQkA$2Ly#zs8v$>pl-%X=& z;ut8Lu84Xx`Hq+SZ0IlR{wmEzfedr@lmAG{_1(xp60$M#fsoQy%M z7xEXQaNA_OVIht~QykS?4|OCaJsTHGL@s-L$Eo}$NFuCCD?1!2eyc$xv!mnO9?Ia~t5 zE{AD2dr7!T>Kl&DWWyQ$uBBK)JjCkjMuf+CC3UBrhDolf{4ENb!#WgISZRQ+hFIt` za78`~=AQ*}7)V%1Na%k<_n(3}Dk&ryt1t>W2^pKRF^h()x<7ldsmiyXI!t7 zuhW`t@ywe3PI4U5FoDE7AcBDf&0&gCueDawA_TUha2H=fZc{CpV}D1eSuKg?;nYoh z5u-JY2(-~lY+M;HSP4J8TduLcJwa?st&TkRBgZh_kzgz&^?9j$-me|tt1dt7(m;(;IiZ?(xjLT8+0mo~<{1_TB7FNihk6dJ^dAJ;3cAm}O6uuM0YP+lNf z4y67JX0>p5U8;RibPEo{vR7=CAb?nDO>)%=vv>arkPn$K94MaRNzY+5+>T~H5C?Yj zW4p19B5eG|L9)s}%;$UKo`|P-T9>nG$7|vk`UF{rc4(*tE5^k0E zTUjK`6UU-(x~4h}-9i8G@-HRQAPnPi*;%1ZA>q&$3|%>y)!kh75S9XMT+|^1sm`-? zb&6#>+rw-;sm9>;O+V#UozOqs=hBJTKEj1iLOIlJq94ZOP zLNo3h)hj>LTq_V;uUFxwt7LX^?&%NQ9I%^rI*{^VfEgNnq|0bIpWUsJo#PGXUmEvi zQD3gB9}Gj0Kiz+-8xPvJc|TRJ$07^~y}qT+AeMogDu$xkQBNlPP+cGEfk@oyO2EIJ z@P@fbOK?HK5)j)Sa&yIw66j&-?7coT_KrC1(q-&Xu==}H(!*VhV3+8jFrLr*HIK&8 z)o?fC5>0-0#Q_0A^KX)&53+@+53s zT*EL{E#d`V`t5#*hKzZ21jept1ys&#=5=t&JIV(D_VS_KG8l2fZe^Zk=&tw#3T@y^ zp$FlU8sq5(x`Z{xhV~?qtRWIav+rEKNR>;ZSTdWFg4OR(H!gZsYqM@-gkNF9YTCQs zVwYon7yemdbbQKm^zME*E%embNvGGus!|AaR{{m;pIyVBCMEVty;5u-bq>PsxrD2u zksBW>k-6Z|ufUgyA7}2cSg5Z0Q*K;ds|*ae^*F1+aMi>-*D{+xu5g6W zwus!wOjp;UBRPbs4xzXnKsTfdRaR%vxGL;53hy7o(A>H;SZNKpmCHss>}o{H?1W6Q zL@!!nDHP_#rS{gHrC{fR*dTaabUfR>5dE85=_OzB^jyI>!@qDW@d03QQDA&67b_MhuC(!jz(9c_*W}*IS{tCkJ!Ey6Y z9mTQrxVrk;J6)4We=Rq*#BZ(TNHBk8IjRqCk<@wZH4ewX;RXsHwioVr%8No}1ivz) zoaC${ZJ7RIHfabX6L%W=Llf3=QNOV%JrS~2>%_=(3yO~3{Q(X!VHiDETa>)fkZ{u|$@R2}=f*W|jO(KnSK9*L7B){&erJmY zeQrQqF9*EPiMr)rWKtHk)4of(BURuB5Yex+TjWZKwRAI<8jk;F)Q^pA=o{f6JC0*= znn-nZj7oLJ$@oi?_AAxKL;EQ^a<@rh_==MY-EyW_os0He!p+IeNodX;!58;<$eX!i zbKp0rX=D4omsqYXOtzi=QeNo8A!9P)+nrhnpbT9?{eS6m!_z628^Mhd!SFMCa~V1dl}?U1s4*4eIcKT6?R#=?d=edH@iw+HOUp(Hz~+JvOEX4Udrei^FGAjenA3z_{I-wCouE@5#GWi%R37N@^P04%l`nsk;wynis?Lp+O3&JBH~NdMej@DZxC55pOw|2 z+8@vT5URhA^Q9|0pVN12z33_`y;TWz0ET7SCe^#r2;Bsnp@btARO5gZHW60Q2)E`w z8j$BJF`~p{GTrE_y+d1IR?)1H!>yWJaok9(SydM@+9U|)8^*k_2HMy$bzyFmi3`+w zssc-gzH;Y+7nY9qLXPHh_$D-o6U|ZGfD|U~=HfE*kNfQGOhXHq0UU5sU6%dO@2NrTvVM zY6vA@qw<=KULz+pldSu#U=a$Wu=N{Nv9#RDzG?K%cA;6%&$OaDNA&_#O2~Zc$q_Lm z+F8TcdEde+D6}+`rJEZg(MP`UgUsRp4e=N8HiH z9P_LV7K4$bLghK}Ea+%OlGVl|b(ZhKciv`l&q#y4%D-^P+79^iYq8Sc1oUf<7Ij?S zXp+L`(q;$z%zx@PL^1Y(eukm}asRDb(xljB zp@U*Oo|hHHTFt79*g3{fhpZX8$FJ~~BJYbGt-a~8>%`-#680O_1*XLU?k|-LyB&9^ z#fE$|+3ZWoQu5jE%t`I<$-i-AL=mHnBOj56qjxSraoP5y2?AJy29(6au4;rIN=ZDSE9vG=?mh5UeH~0Bdc$B7U z2=*mRsYF7U`Yn~K8>rB^wX(f{Ad?yl+`Q>j)`XbSNl?gzjOGpUl0l3}K5SEjNe z&w`SqWLe!+)gHbBbD6wusWA#JZNcTSNRs zhi?+jJXnW%azs|_9dps~Z4vRJ;;czl><(C*8Z~S+vq`lChY}mcjd(scos=}MeSGov zm3V`TfkmO}(uID(1h1t^07I6&qc1#Bv0*jKnOsP{JPr43x~X(7&RK++ylVj_DjY5r zO>KqJ`lz!aq-C%LlU)1HAqLOPqeIl)VNENfj#%&D*W>h&@^>3;SQ!v}-Smoq%e|AM z<6)qG03zid7F~_&xX5~3TJtS95KkiBH0Pzc7ogR43gQ~md&eSkr*KP%Ld}7f!PQxf zkMcTuv5{^6iG1USfw8&-`mdluTM@q$8GaHSb0o{Ps`C%P@>V-A`aU>gyf8~OOjG&|9aF2S+QZx7Q*DWQXD*w7h-PKduGc9zLYd1YUZ^iMT8VEvwxoMTy8DIS< zX@pU5is0(~kNRicg$_g1r51&R;W+8QsqbUTdt?>*;%=w+ED1iK0b+#zS7)jX<#-&9-6K=DWxjEASh#PTOb~fIg1p&O5Vwa4>?L_ zZufo51Nri(AT5GQ!Qm8xPY+!(vI+~2(+MVVKL)m@d-19bi$@M)P1TxEl2iv%592Ai zadmi`nU4XZV?7PtDj~89j~bFSQupw7Qcqbi=s8UxSC-OODMahKxa$JZMr@RqQIAYK z4R@W0sSK!!W#9Pg18@@}Ws0)H+Vo%%AzV{xRBbCGOF=3G(dXsM33{%r)dwFnHSb>k z_rZ{3(;{{sZS$1t(*+%b>Pa+9D5*xyIwUTQUEgu`bM74*a!+gcn5%}*ABIWB(FEdN z>ukWLXVsT>(Q?nPNfQZ?lTTC8SYfCHAG_dy^^y@Lv|FkzWH9an;Dx!|ri#hmgpy~C4nQ)|`46`eQ5_)Zz+mMQhur9SaL_FObqQhm z#qv+RaFg)|fQeCerrfd=9zWbOZbBZByWqN^0OmXOoo=!Z661a?%Y@a&llB>(w}Sl@ ze*#R5(mhCRmbGgow364jPM;Zwey6Wl)w}6%3#Pe~@%BSpn6bPOs*|!*$7&UU4~f&+ ziNC4;y?zx&(Wtr4s9JU6l{zye@gCR_6X%DulN`n<&^dpnYLZE%QGXZ-;!PprJ`4_n z5hI=4Ya(c&QrmcT*38`oU*ypzT+Du5s@85bX(g&S(_hZhZ$DG5ODfEbB!@;_pSYc4 zXfhy>;|{kpCT12uIH|-l2Q|wVTc-F+a z>w-p939vD$myM6roD?>Hg#PzMc~HHIN@uijj;SKZFzVzL>d2^=13c5)in`NfIoGmn z!AW&>Po<<_)3pDiwt%|%zax|KTOPoCL^*Z@Ja z&Km5w-Sb&dp+)(upnPryKtO)}CFb8+C>Q{hlvP;S7{w_tv7r8nrI!S>bN%gq-aix~ z{Q`go#}Vd*M`>kDO7LNcD`D^P>;PGUi+9DFHKh+IQZh!lmH1osVzWW2v zio^5-BRo(aX)ttjma?OmAmjvKLBPH~no!zr*3B^J^D+wi1S@H~JdvC;`KAkRhXSKe_stdtF-wcAbg?B&NeR)VB(FA0UsrL8W z`|19~O=7?O)Z4 zMeOTuM5-*2u-46y{r())NJ$MlxUoweKfvM*so(l84T-XDmT&X{2-Wy)@LkfeFwr}0 zaHDp~xsI+&G=3?vm6eYlCUrokly5h1yS8=8;7dI1)7vhVi?SuRbCS&K9Ym&3U3r-X zvZUnS7*}0C#OdzH6ZkAQqF}}BF|0xh&}&iw#*X0T&V6Xhsf0sT1lQ$JpPzZ(s}cLd zs|04yQY*2grD(^YE#}Y_CTd9CL%GdQ%@v=XdG`LN$S)`_5b$?eA~Tpx!YUgVHj5ywe>U(;2vIzYrxBDYWaYZN&A}#&?+ee%AMelc>VYXt)4CHj5!;)dTq0aX(+48nHRj3#z267g1 zVk7<`^B(ti>UowId2)^fq%Yi4I;kaGgdVuGu* z7$i1{09KARW8~(Suw0TKt&FRukE7^K>sZ6sy z?{9_h0%f9G1AZ%Thsq>6({3(qT6H4>go^KbCp4%X>#Rw1`6&pqo^BDXsV4md0G@P3 z;%3(RRpWfP3OMqdL2!}apWm}q-peQ+0@Ek*mm_~qS0e8j1_I51F>eM`s3oZ-}yF@y$FyswRK zO|jZJY&lS0O(niB(PZLWS0Cc$(MAW&y+~r)tcVgTPKXePkE#Qlfxd*OY5WdIKhoCQt88!Pj$ z*mOOdnpvl3paf9#?AwfAyB%nk4w+&2ZH%$2BXBfbv}*vq#h z@LF3d)~Qrimx}~c--9yP@HYxQy^JhdaS5}ivwhE@b_vjB zuQS~j=qtPz9eGOa17^gdPjD-ywdLtRDx?#ReE~l*i2j9ka;N_RxZ?`x@ZyZ8qTvF~ z9Dk47pFv?2H|_a4sOx;QHK+cisg05uyLMfcqGi)dMy0G3^Kl0<+T>aiyHuk z0DYAjr1lG%q6a-1v@sAy1)YES1bsPtD;SuBZDc(?73Xh$%xv@!NNx5uD#DYWB5>!6 zo}|_}7ORaExlZGG6NMYRHT!m19>ZX!wg2|^4bKe>ELi!NPXBA5*Y|1G?`=9ivNAed z7~wG;4g3%e%Tnl&KLA`HW%Ut4r&cT92+=lRUoXN8aq+%#*eXNsR#8b}Boz)85aaP%icr z#m6&$^Rmx~r4{=!u<&$EobeTP(1keOD~PSwWDlRJBgjz6o`j%oux%B%`~d)k<^Ks} z>MC-CM#iBN$SuhkKwH#nIDGB>$>-*Fv{Bnx6+5(E(|twsggTY1^NyvZad?Z)w!X`g z-TXUMtqF8!^UeJ$(RvU1n9|zad&y}yN!MSQm^U!?(eN#hgQp3&&OvrUOhM-5?DD$# zEPloz*e~&jGTe+`cp8sUM>JEV+Jc1ya@O1gX3ttalLSK}&kBOW7ZgvJOKLBlGl9k+fD5biorp+1U z7U>cRKTRGoQ7KE^npMGSS%ue-A+5nS*?eYfcvGJW9#i@_zD)dH>n0n}jYBjISz{yO z30hGb&|@O(qP}AHQ@8m!l*&(H&bC`Nif}=;1A87;UjEl?Voc{ZkM{?_QdeoP<<#PI zRleVRcmc~R26KQo-6{wnItPo>DG3LdA#pm#ArZF~Ir&4cc1hs$0QPaksPW(zq0t`c zgW-a0;K_^PWC88VutdP}gkNXw%08Vg-3GhVH+U0!n%jYP*1KThfe9GhwKiXz75osn zgGf-CU_ZUnjkv$0V{QMB^iiL&i97?_%LxG;TOP&Sc+_;FX{D`V6;Em_j3QN+<^UL5 zaJ@srx4gskl zXGlR(QV=N#>G1G;&pGQ|>-_`v+Q01UzOPSiHeyZ+rC%$9TCS?RYW?Y@{EpMhYA7RC zl}VN*E;JB3kh?wMY21v3OldX+cv!b8iPp&O5SMxwhALz#1+=icsvY)YJ>2W7=(9sE zlod(Qt^X`y$Wabkuo@`7`Bg;Qenx^AN~+sDEF~3aE~b!fweu4CgZVuc3+@4}c%Y`E zvlZzT+r5+@FIHdnkDzDi-`=S{x$E}nB6DExFW^M*^W;SBYuqKmfHCS2P|(A;V~5bN7=zB zK4Ql9`O)~jg&_7Ein!$aZH2_F8ld+N`B?wMDkfluW%AEMevxbld_|=Qme@6de52h7 zfk^hEcGlS;(cN zS258yXXP&}d0EK@P3e*mrXtx*(DGijL6j{5GUEvt2do{9cN+GUI%f~La`f3!(H7Pz z7L=y8C?xJ{^h$H?INE1UD;9{qL)3vUJIm17Sd2(5I*tWJnx=NwvS$uRtNzMP&1`CM zbWYYp85Bp>Fc})LeT+W+Yx*p@)8mY7q#Q&c@zDfoVU>mb4*&<17^S}m6j#%X@O(|@ zrHj!>>+k;uIOU>e>cXFPFY_U?Mm-~MTb2Wckva|%l-$P;j{RK(ZXgSG*QWoz;25Nq zY^UvBLcbp`$yv2rHqNrSddpD^^5%u+;;Ow$gVZ6d$6 zR047v6AQHDqR{J(sanR~xzteJ;uA4#en#soc2ELI!+~Jx%sdr7wmrxnmsZ_9!4i*s zbgw*(k*ww0YRH+$XDffS=)ds*lUsUBoi8JLYtVoE6v{t&l~evsgOMTe5AcU?3-)q( z&x$Leq@BNALgJu};Uhq~#FdRr+hcPSX3a~W2b)V71%a&08nn^afg!n{z8g|x^Vv_n*AE-8`o5;c3X!lHfVZ@hQo;o)uTJ4F_(gFxt&HQq(p&y%;dX;-x zr%~bTBxo>Vt)+|5p@IWLm-467wy0V|0yRimwKi6XPr+v*u;3xwDMfVe^c>;mtO%f3 z4-enx$MluYljlK8wmI9paM-ydu`&Z_0kl`oueML6w#N*PI4xvk(~sDnKMLv=TjQQ< zWl0>WxAfvHQw=Q*dluQV6B#b~d~zV-ZKK~09mg7W(Rsntpf8@$3g$>y*mO{p6*0!i zis*|Bu5EYE?%VC}rZS=F2L(~8(;J4} zJy!8CZOjJdg?Lk{k5@tLnf7p@2QmAo-#uVhTHwWwNYGe4X;>*&&O=#}KFyjpJ z8k>~>_A|C62y1T)0XnW>VE#Wq;TeV6JBpu7hGaIE7W!QL=PDBi8cyM#zMoL2O)O>2 zDB*er=NdRSgFb4M`nhIxUnRzp`Swfg$Qq0h_+-r%NlfYY+8FyfhA{64alEaS)=!7j za;ub#0Y1fRH*bt7u-ve%u)JVr%nNlN@A$AYxEP2C8-VzMJh^S!aN6t=R1(zGg!z>S zBp^$p9NsH4!=~CQ?)}X~NbJC^urH|(b>Dy}azQ?R*mh^t&L z=UtNa5XCd9D~t4YmMG=f(&UJWtGZ9=!P@xGo#?!D4T2)8RrnFAdnRs_0u^eIzZgV~gKm@iUxb zgb;Twzl1Tr2ZKY-Br;{K>r-zVU9&Ol5}VMACQl&zO&6EJn9f^2&{bzJ6go!euZwj!g{ z;!kTIqJG~Mh0{}BD}-PVnvJ-84sF^7+G#yO$8n11^5k?WWr87qYgbiiia!$S7NUXw z0A5;i5}#&OOy@rFodDbi4wY(kDuYp}qdj1dkWUBX9epjE^P7$Hh*SLa>jz5+qmaqg zIBKy}_!d91Sv!TI&#H@MwCfSKegImyk|-Wd-#2DT=B6)VNlo6)stt*K-x0Piz|I$R z5u){Na9`@&m~dy~RL%9_@73)4-aAypi%6@&xyy+!4#I-_!%J##FEGMG^WCu0Q~ExU z&lO<0&kr${!=;wbQ=>nrHeTeinib@;@riR?bV=7d}Pxioy2g>%8(S^GrWp;S*JFiJR2M>HZt*+zBvdazZ4LeeQs0=R#QL{ zE@YZeac?5fmpW!P`V*zIKsZx;*{rmz&3%CJ>qEb{%y?Dl;avW&r`yCN1)rht7h56S zA3-lmT+*ipzOYiS?P6RkD|t`oSuwA|CH0sPtYK)zOf|N;V{+3edOtwkJ%^Gh-|a6F ziPk4kzCDv>ZCLSpw_FJYDJ{n=Di=+sH#CWVE-PlIlFe>d8@s|Qo}Z)f@E5s~H=B_` zzdOMacL7mFehuFnT@VGBewdM^#!t*rhuhwxhg8x6stiOid#u9>tHCeaY{?(D|v1EGd{FRbQly9fTSk_mcrh9Cgxk( z50ZDmO!yt~b=_=g8cKKy3|OPy&gHv$QtQ@(87?uC8jEKZvt2*~kf4~H54mpDUwSUB z#A8*1CYKuH_m1h4SxFQRU<3Pb)x0@qR}m8+nVxSthjunO>dbTZU&~n~RtBBo>dK=} zgtMAK;ZtDqENr{)B@^be0*}ra zlguI3xBMxrwKj$X=3s4~HlDvEx`faLG7>r)eUHV~qjfU@%1!xi>SnVPQWrLqGZ;v2 zkRDA}9QrQc5>bWZ02+=h%V(LL>CF!p(a=|{_!*MrZXY)UaJMYI>RrQyZ5VP z?(Xoc`@C)hdtyK2`vxwBId4cBP|Bb@v4er*k2%Nq=8IvU&Lm~wFE8n5TL3NZMBHwb^{UBf}DB)oWh=EQB3O>TJtU6$zt^4|+r z`TZUgzy5rLLov@7aAg0We8@=t$>#ZbdR6%m;HjKmaS@pTW$W8!44LCX&;JAkS;AF< z^ni6dG)Ja$;*Vc1=esEO6vqCDyxDyPln$E(uaYpS{M3*y+4(cgd|#u67H&-Ep05PI zDJW+e-5et!)75G&tCHznbAYrk(B~Km-Y&J#Pnkd$WR^*|IVznRe_$SGCbyE|O=c`W|lL}B!iWh=8MGqO1!XW$$E@CCMpnq2Put?Ofufb+Yep8Yd@c!#q`>$&4zjn3%q@@2TNw_lF zwANn0j~A`O|I?8EOO)W=x)oOfx!>C^zL69bV(cfFz*o6m&x6mV8MM?vNQb^rGN)6I z_iLeWXcuSio$~#5xlxuYZ|zLxF5q(gjoT@V&bTn9iUxA-JQ!cV5oXTeDZ0{r^?F^ zmap@$81lx8$j50z)S4SW4o7*^`ME!$zZrGo+KV@ci`9Ge>~PI)dh_;?jc90h15LX% zjQw!0Th_EYx@q1^t`*;B=dF%Yw#6gEZzi`HT`RA&k}keEbCnih-XbLQ!z6h3Lq#3rr^$!%*iSqcDOZ|5Moj3Y zUeS=GY)|O2q^`J{ZhlG)OyE|VXm4oBrl8csV><2S-d<0EQjMyxx;F2=73 z7O4;BRc}8$Tnukgo8U^86Bql3T3M!ZH@==K?Z|9=jrG}JoV32-0|O07{bg0>Qzj15 z&82R~{fEtU)+T*(ZHXHS1T|hXk3|!bZz#&%P~e-7v}s_V570GYoD_8RI=`tS*ww2f z#{_lAkd%=fouZud?4WB}B{-hshdsH%7_KHA6#8|zPdO-y+xgT^#gvwq700LO?k#nT zU(B?{NUS#FER-%`@@&DUJ#&4&ncd5ohqC>%P_?HIx4To1?SD5@&@#etvO10t4j|Sh zrc>fMfpOLe-IS@yd^{4dU}E2|CGEQ{YI_up+vgvd%IVTPZlY*kQt#nT=OudLV%0oq zz8-Gyastzr@I1ar-M!3}JsEcN4LpAR>6(I)(-CR;+xk@2>}wg5Y6BTs3&9R0$lLt> zlqB_4mAGCN>eK-3Y6aHkz6~7Xe*^cwAj{iK{U7NTSB6&G+UsNK#qR$%asNeFa50Zr zdfm5r2MKSOBBohiHGdpwK1Jijy);pdo*UPAD!@xHZ27QbgCW0jK0dbYd-(XLl(-P{ z8TAb);dF7=+8&{BI`TLP(Dj-tVjrYQThjwjTqgFfsd?hJ5a;lsgqP+{;}#2FjM8mq z3Ma(h9Y2?AFbB}^3o!u$tO+!;#8n|tvYT43MnNECnF3akPj`0b=F3I9*$Ip(!-#*M zH9j7an_-&kDfV?8fZ=tCQSf^@@7(A+TNOT}1Wim6qqYwjvD6o9sI3?x+y zwWYzrx-j0k5?WSza^0c}?j8mC$A4vF{8aQ45$pG?8>ZOW+-T(}vqEol=xFx&e!qqT z2W;ob{e6up{VGsOZ|7%|sM(xGTB!p7}lQDRK|3hmW5%X5e|x_h~fZ z4`jb8|5kWDH`(>tYwv_<8p=LayzV7Ly&fus3^!M-TGkWZP}+T6nxrfT-}|*mW?l%L zV`mzleW>Ea!9%fV%n(lFUiuXAVeE|69g(rA%dWlxdVq#qBzhlWhWVR>=jovXemd`) zI|bi@NVdzi&yb*@uE4C)b}FZ9JBlE4uH1wrYD^7tfyh%_y7s{h^ZQ-mGkZaaaaRwB z5;u9dKm5f)n-zmcE8~T7wT*~`npj$6Q@jEy@bbgVq~ZutD9)a&8dA`u90_yi>_iPl zn6BSt0ZEmucBDk*T}poN_33`G)|}sKou`+pj3FQ@7I= z9RJkL?(=W;-Yr6?pJz*NI(W=Il(wHQZ$lEPu=oNIc|S`CvN3O|fp%Gz@Rz{>)^IH$ zm*ji+3SKhaE)k{9tbE~Nl1Q0$`$J=?v+vtz&&R4A?t~))Yy&%2VjYmLy?+NIGNeUZ zna&Lt(VMGV*2L22Jgn+K-*c6)6rC$rZzl*I@N~3(CJ0piw9!vO+RLZLGJcQd-}^wQ9jk?~bg64FgjS!%=dmE_UN-2rcIaz$|>@+f1|m zzjloO(wYC49plZ7ae-Ufx&R#BrTzb7EN^pNBZLaLP@!1Uf=iPro#5!b@mfK`dJQpN zby6DbBl)$=){QK;a=E`blrE7zdq_mh7nrElyRZ2 zWnT;7C|_E5IWphfNB^8dz_27-p|B|ueuHV#-SCR5UcXD63>491!nY>zpBx187?_kg7`-g(6Efn~vzT9qqK29r{ZTsFiVXETy43Lz!qM&1_y zGAPd4Dj`Pn58(&FBMx*f3_|Afmgf#+Yyk*{eO#W#lSi3YRO=&lWQphtC$5~%kpqf5 z=_^i8Dr+zL(S3wJhc57M9ruae*-M6OFgbyR9F%V6SYl+Aco#crSCOs(K;}_BcSlS; zF`b@#FNt2Wex#bMlzaMz&ERiXljhumULd-FtF(i8=rpoU4hPDR;+Ihww5*!R^}i_| zX4nJyT^&Do%1G5mG2UYeS>7vWA_n)*ju`#UJ*2GHHpxjVUP(0Q6#RNlEzR7^^IbfG zmav4E3r%#~W>$qOR5u5Sd(o?XHLDt|D%V71L;<+_tDjl(B|HN`NOs79^?)vtEg3#4 z`cDd%Y4g0Q;1?px2a4WCCKOHglXU-5odvD0y2M_Ad>1;8D^=S&XJxm#OLG8C1}YEW z8eN;2;X}el-D+6xNd4adzN2Rb#$IWZ7l%XQK&zSDJ@ub~ZBRgP(vnBtL(G!hUOalQ zOp3XdAV=M|h<^ZS)UP_3(CG*H%3xNEP^m%K?osGO4mKc5m9DqMJ7^}@NO!f!O!jK( zWEDQ%3a9hz8ou=(po z2E`EGQ3s_`4xL>^Bu&(9T(*Vih{SEZbKM{e8bxVSwqk3$q2%0;!dAg!QeU7S*6M1O zV;Z2$I3xzcs#vNzCJO>-EFAIWPA}UP6QJF!VQpx}F>lT9zbnrHA~7N(8Ja^Q0fL(> zb=@%*wv`(lV;W_j!84q?6b>?Ka7C=9-1z+Bg8CP=ysG#(g0XmbvaKFqB%{U~J0820 z`fGTd571a*8GvZK5f{4ce$);VJ>M;By=O#<9LNI{VjKlEguf`;iLy;|Rp3w(AzHGM zMO^Gd$hCX{4;v^4q|mISQgoUA%!#foIXv{lj&Ufwr-7z9mJ6DMM@ZVHgLxe7xjyVp z*)}wBkIC+C*>>VY^RmJv2)u2a%OK_NykT)~=;gyY%16*j<2Z8LB_Nh)chBBOS@=^k z6V~8ndmE9SmA4XITVX>5a5Aaa4=V_hSeV;Z)#!^E1CwStN0i(*P4ASL&ou*BQ-}F& z!O!z&@zH(oyNLB;jhyX8-`#A3)05qMub7>FNPnHAyppsYVmbOw7nj~c2C&%E^6|4@L&M;w0PZ878yo_Z=MYtXe5-vgX(Q8wT5s8PNod*2oG2G680okjD_ya+ z=QZ4jqhW(vH0~;r?49SO@=GyOJ}HWTZ&-1mc67-!N9otP^fV?-JvfY30S(}EX<&s? z0oyq3%jc@&d3jYX{|Mn|Im}@B1gtfVk)(@~7?Kq*H-GrM{k!IenCNjf8Wi$9%-Xy? z{{u*g=OAMt;-d_w${~0UFeD%I;PD7FgO|NIaN*LIc{%A`3AC4BG5m1Ydj^+dLz$SR zTn4vxwj~*Y#v0%4_cGDxi?D3w+V@sFY}<$m`W6O6XlHXzT zxexoFJ~PG7HDVi$0Cs*BzRwDLIY?k8mPOXWVb$K$Mk@_JmJxy#XS618hQw7<|#PzNHW5_8Uj&_g#}Kozc2 zhYihm6+|r?1H(55Nns^OP=lR81W1|&G19Nsh}=bs4;_L8lvWnLLBM^Hka_ES%8l3u-WR6+P#lB% zh#kYQW#a&Z@xt$m2DL(Du<%X&w* zX!kXw<(iUs2X%epp$YxQ*G#F({NffU`M2j)G8&U zuHW{za_XDVG7WN9zfaVFch?3&)W{;WF0x$&<&!GHq-9#7p&zp@2@DAC;s;e@-wwcP zt(E)Fqn_5rRlDrL4JZaqKYxnXOqh%mJ5r=5Dx&+3~8Bl+Hb*E*6X)QAExt5f@WFX<;ep6Ew18 zj4di9K4-8mb=t8GZ0yOltxsAr;{}Hs#W;cKVN4UYnC`G+jM5zTf@6Iaf;>e!Y_=SC zduOu9*RG86%vWoq{Jgr!bE-s)3jYJQj;3qMHqOkQ&rcD7kL2;o`_85R0Og+qFVEyq zCE@!H#W%7n*9T#vCH^(f@J2O`K(h}m*FLI*ZVV7k#)CS}ZKzArzM`0wC}j1Nidmet0+*r)bLO@MBpqe;|S zql5D+uYV7kO3tP2pHd7KDt;%t-o|*WQ-J+ig>5&9OKRQP$s;>@+1P1aU9^t)JQs$b zg5Q~tAf$(XhMSw`00rwde{tBp+pB>NBP4Km{sGjZKNblL{V6tz^RxBv)GD?tLp61` zYF&Xy>&7FIe7b~?vry#3h$|QyFVc_o#I0e#8(P?*hBE`Q(oNBA@iVv&^u@S!e$>No z<|C9mU!=L5>CkUO(!~fFFtq-5OhB9;rG`5OR_$>({8)Vql(aY(cwrNRPb47csPL2U zH>+h>zpCW}E8>-z^s>p2mg;ORG*WQFgxB>$*$GenFFh+Iums3Q2TE}1Y3Y)9x$ zBCFy_p1Fd-B)QVLZ+-Moj%a+2XmBJE@7Em>ez=l)?^)v%P@7fvCYoIuINKPzUu7%l zM{7Tgx_pWlbQ8%8P_9*OPZtVJINIQ%!@NKgT9EAxMaVviRMBf&N69F03Un{$ba?W2 z4Cd~C0k9_R(!Bh}Kixzer>H^};51PBBOGO#7S{(tcF&QLlCX*n@QR|~hgzVP{IDH7 z%H3-ruLk>Qq>ty)g+M*5s!f);0)g|Qa!EqJ0y^A^kRUuJUffLmqxzlK_`kaxQu;LG zsO<=QK_+0%ZPfVzF-tr^-?4#$?Aky&$KIO7n0#Vcr1#trn!zL{sVRu?M{kVaYy4s5 zYm^%A0@hRQyoESqUd8Tkhev>Hw+MaEL}dh{PcZ8zRUEOl^~b9nDUMbq8RD6LfU~8A zuT^m0?(m$`L&sXADg2S^=#4G^5ZbK32yr9d>8Q~QtL{_MAbn*U4hG(BEXh@s?gQHN zue4TIrDjRBiU|;_k_$7#q}xDoJz&Mv_z&i=Zmjd2oj_so#iL5>@#a?sC1bnpY{-E^ z&Y3J7Dk63){Q;D;^*e)PAjsEFUyDalB!{16`mcYNIQdMgv=)qOJAyCc+Yk)lUG5u3 z+^BKqvoBP9f8n9MWtxigan4I_^q6>Mso$Wo^QFw2UBnWOs^9tABAi`(mCNXrm8l>+ z6UW5YghusZc|zvFB-U|~%u*+E@{mElgZ`Ko|ENz1l%!i`=iRJLs4pEaW)j&@cZ{E^ z!2H{-?-6T>XjuC7!Mw>RGgai6S#J1Et7PTYw!^1J(>WjG{{(<CERyfOru=;^1On{( zllY0qlcT!Y^9TqCNiob}Ga%&<(Ndj#T4L&>sbGbf^HxTm-2DKHE{-&&-72) zUaqlQVi?ZWAn12gV4PwdlB$^(9DB)-TwR^yLCOv{CLHKO8Da5VwPbnBQm0}FeF5a8 z=B%)Di@{`+~T@<5TRb4g{6g$wSY+Z6Scp-|@ zCestLpxz!+FzESk8XTv)o19uwe`Kww~~uDbO41J z&GY&lpuDZqW-<*}Fy@iNuKt!DO-9B|&BxXX@AOvSwX=00R1Myqi{&by> z3m3Nu@glT6VzJDL6S%M;tvCu8X5JQSLIPhF4|!x22U!B9+$nlQW5{K10^FB@6O@7+ z|92?M6U&3=Bb9~8zo#B!Tk_Z`-4XngHb!{8zgm?Of-Q>Xap9|!CiFTly|G0_& zl1W|=gGh~w!a4mV^*#~nrp+Kj?d&z-KCr8#aquK)$v_s>r`DXCz1xu!pLlC;tRdfY z)Cp*!`a*xz2Fs#xO`g|iXnq}+nn&OY;MSy>|It)MT{`CxDxJKbul3uddO+?-h&b(Y zcrGJDY*1PQ8Ieaq4XxMAySVZIc=CkTyDW$*c4$JtQxL?g!|`Is+`{U^B{2*9UP)aT z_WRC?cqeKvcucMX<>%)!dP_8i>F1g2gOhM>UKSGBY8J%CDx|t)oCNpBXb=)$$&|@9 z(XVZsu58AD&`l(2C`^_+X%7`ECgdxV{hs%xe^h4NGE$c(#=C*t_P~tE{$%so0>_1H zeY5U0j@0@2Gmn+5S(52W#1J}RI|tc?L;Nev!1^HTx_en7U^D>w$EJ{Ew$0eefI62-@OevFTSE7EKn z_Tcdm3G|j#&Yi+90dEhra{KnU4io97KI;j6utp#BvdwsJy;#_cvgCj`XY=# zMTpd2w`Z%NZ>YKpKhlm^edH)q@8vtciWF}1siEscglpYs#fUg4D2tEBu|Ri@?b})2 zchxh|mi0CyqFqdG*<~%gDO+1j7%@UMZK=2Y27@4?gX5n3RGqpjy5HX%sL@wIrA&bFynD_@E ztr)(13ra8WvR4amvP_|Vzw60o&1YV}=2xJm$3ULrWKUf9itGL5L2Ih8kG)Sdes$n) z>3dyH0CwclZQF#NB8hS+@LZP>C@jr&R5ca{{9NeHyM%F`G z6LyoW(u)d`xZyY3Ck?JVg33EXJiF#vrxSJ#n`E52Bmf73Eh`pM8Lr|u_|oJaQu9uy zU1j9J@X3*zg^3IxOgM8!z!ga_H&!>SMGJ4vJNfYLG`=Y<+i?y#w=ibdI)h?hpe=ma zw9uNOMPUy`xrc=caG8#pR!&aAQ9u0a<UeiNXK-vX5cDZO$@B8&=sm z_9|9I~rIlKI9Z96~SbojvLY{jwu(SaPrL`Ppy&5gdKH!b(Hja`Rb_h3TCpJ&~H_tyL!C zNu(cXDvgst&f}L>I}@jtGDBpmQObQrsP*|Gm*n%2br!U_?8x7JE(E^>=q%)BJMYfi zLXG@~oWB%SD|BWeA{c)4dEF9@q~II*)|XwLLZnEs+30(2fk~05!T|AO<)(7Ua;_?V z(gpj{rR|u86?gdERxBl_?PHP-%c|s%2<*vhiK|#z5E6!nCW#$e#(o4T;FhU}bR>`b8jF1yf zccdh$EDBG#WJMGKR<+bGvX=Lm!aL*^z+UvJ=w_{=F5VFflk=-p$#**NdRzHTY2BGx zCtXj|t-pLx2u7VHY*Mi#AQa(B>A^5qz5`-7H{zihaCUxQyhTuU_1p6RnA!t}cq+#z z1u-&L61}T@{ZIwOYCDzkJml~BvY#fc)B}6=61lMu%u;w|?N9Q|F7SAQ3-EUIBkypP zo1~#Abfux{R{QI4$mI{D@NCg#PoWg&!kq~6JAseBzUm`3rMA8hamlHYo?0q=~o$MA%hLUzx)$h|;8`4l)Xn?KhHDjHj^0MYQn?2+%HAuwXNq})? zNPI4DHAh!Jl!IFy^_v907K%fwaSMLVqtLbY&&2ije6fJ z+9~IK7kMleU)S^tYF#eC>l>s7B{&~3M-wDv8k3XSiFO?UfbuJvItoXu96Ak+@clNe zeiNK@?JErY4OT+H?ew1BlqI82d8mwz2Bn?$FJ5}`^1z*x(5MIMJ@^)zWHHORBU#-5 z)7LWm;Z{Q0VF*hIJT<_N^3%pKvG>3|$S8cr>>H}8G;|YQOOe)TV9Z44hJ+!36<3k; z>rMO)YsJLxLJy6H2UW?O9Yq){+L3eUjq)cv%AiI|wasfu21*n}E6&;)Q9m`kvcQy#%PwN;04VN>kGY ziC>iRTNQ%75mFuM9i`O;1Kg_1!lrPezoTP*B`}23Rea}Gs#$G*hLWmB=WqoJS?to+eM@?l)+tO5 zc&m8Osy%K^M#6D0Qlt99qkHI~l8rDN?Uu4QMkK@D`wuW&K8?c7AvR#hFM5kvLM&QB zeg3RuhW_o4E0Bv?^B3=9Z|J}nEnp&mGi~9O0p}ThFIY0QS z&D`Rbj}$uVxds~)5xL9siPCy)~N7Ii@Rd?V6US|xfY)ELbd>>;oHyhI*1>|GCmON2O63gg+#jeOvb zw@95uvuklD#U@FVi+%tJAJYqQHY%;;_`K7=epVECLo{0Uo8+$pyw6DP@>}5=>idF_ z8v5zX7#zjfTY$8XEP(E3L@WtqfpWQh{nrw#tabSkBdYDgh#+sllCggPZRbXP83!Ux zc=)HB@~?^!QV|R9YF&{d5A*?iHDtDw1qdXhp5-A}l=Z+|)cNiAk}ao9((g!eM^0VA zWnytUrL(JOT_~>R-QV=!rXUy z2%-}oLoR}Bd<0B+N)OrN^mv@qpyY(7>*YAw(Ia_Ej|eC)amKbdm=PQ_P7$Y6+eWjX zf}zuRFZ_`|*H_(wzOJk!Jns95Uw{csPDvfY03vfG1IaNb)$VuxqNY}czq1A>qZd|# zPM%t&a6i$-@AUBOMH_vgDXEAhu4~#0pH()WH*~E3_45Sw)-=Jk`)ui*;o>lT>7g1Z z`5146tK^XTRf;{0B&mF}rpvSnKGo6()VRwOofMeVr2iM}J-*NJZE2z}$f}WjST&ev zKm-2`MQkTXGU?=8wEF7pi{|Fk3K909->~V|Z+5FF(gt&D;~yCxd%vZDddtp;U(Fs@ z$RTuOIOHkLpLLyVkGu&mShdQ8G8_p-IY>zX806AZo*y*^a48p4I=tTs4+hv@NkxH*Ez#rR#F&ZK(r5ely})a>4ns>3~5L345Gw!@ICRcK$o z{mIu-bur#xG2B}CgtU^4``+kPXD#bX9jKM1&h`eL^M{N1Tfh$e&RI2xdU{(pr0VA$ z`3zO@{%uz5NBmxs4fqM>N(>wDs>5gxKxJEEeA&yc;`N|`Sn!T&0y0+Y$)yh=X56m_ zad`m-^9$c^YVX2&$7pyJd{2P5ZeOC^fS3Fplp}c3$n<6Lr*JYZU;$sOM*rWP6|6s4 z%Sen4&QiPT>ru zdVK$$l?8tbSt{Gl&mBibW~XS!S4NJM2!(ga--J%|g4t!RCL~*HJby=kP5eH-#0^Hh zX5c1p5m5}hi>t~VJBv;8#uPB9Y`o&!%iAkN`b1U-#EB2mL2HA-xqwKx=yqCq~bO0W~8;chR|U zn${62jem7Bu^wZ|&mF4tmiz==K-G{pttAA^U5GOXXywGa8hiD^kfRAOU5T4wTy|o$ zLM{T2zPz=q8Eiiu$qRZ#hiWJX{H~d2J)(OY?d0-ubhT*e0QeIyF*h3q$lCB`+j3SIk{&Lhm`Xls$A zjcyFx@LP74%cBxj3Z|)L6jWV2B-n%u>X(%0t!r?jm*oL^WzTG)*b9zqR^@Zy+!y%0DQ} zNMa^a@mR!?#kGO)2gU1No$wxU&ZZwFaeKT4GGxg<`gfP9u^X6k?lGK)6>3<+ItHX< zyWo`RD_nLewhL4J()8hlsZ2h#B*u$Q-?OGnP(n3A2LIN1r^ghr$IU5{K6HXhe(xmr z$HzQ8R+CGI)G!I~_gM(WAUQR7Z_3Kd-1RUszHBH(IwM~o`WK{U3Ce!SDrCy662^@= z+qHYuD1hEheN1fbZqIKvdl9FhT%SFUgQ8_p`W4qiDku}%!p7*hHx`il;cz)PM;w&{ z^PCyJgsH^3Hqu zlN+vIkC!KltJo*7Mumx8FOR}Qry@;!_=+sdkZN52{U9#j&(hi$q_*It>c`RaCmFU? z!;e@To_MlJ?B2y|#WDS5vq}Syzwch>%atTH^@qssuyG9@ja&+N(H?UTO_4kc`Kjb{Nmd8WoIkr6Z&bh+sT$zj zQiYJ%A{i7C-r6QU_)WwT*-qE?(A}ae>E5lz+2SH|bcM;=HhPP{%c<|^{xNG3@nzqB zx|v^M!gDAEL6t`Ly={{%ZUm51Aq5X{N0Sy`JEys(4$#D0)Tqxzs6ZN=G?@s)KlkuT z9RkckLAcd-GtxYwVUoz;vAvbo!XYvEOP zhm7c(0*|~(Mu!{_Pkhc+3TI+9J|F!LRvl@`s1I~u$tD!$1d()DJL1$KR(&|5t~6(_ zdUR?AnJDN!&mu4ij5}6ZBBi23`8#X78~>L(a(c3Lf%g6Gh%qc~*rx%pcuITWx;O(z zfZaJ(l4f2!G^9|NQua|WrT-=`NaZ(vhrScIp#F}Qs=6(n)J55w1#%o z;Jo3eEf7@B{yvWE1k-J{xB{o~OFHSnCCM7&N?-HVq08?d6YHfUypcHq;7-zB9?$Vo zl?x{RT{$h`C|)YO&8ckUGJo!kaH)0c+4ONrikXP!xd+Ub(s3Um%z+A_Cp^8jZyept zJdbfCZx!cKxJvJO<3MzWh}hiumYy zpdRTjA&hsGngPh;V-*8Rb?MrIVoiJR+8+wAGF$f_o}TR0xR*db z68J=C$)B6|4@3{Sr79hDZ`>f z@7yW*?_f(cHzQs;-(PtlvPQ9Mt$xS02jJyL@J*N*p!6DEkmG}6K|*eN`fjrG>=pwd zx_Ap?+d~Su$__|bJaGz+QhTdV5 uxv5IHBEqReSCgO3Jpa3ur_|C^bm4t&8CM&tNel*}^U%J~6Sc#?wf_eon2&7$ literal 0 HcmV?d00001 diff --git a/overlays/jetbrains-toolbox/default.nix b/overlays/jetbrains-toolbox/default.nix new file mode 100644 index 0000000..94485f7 --- /dev/null +++ b/overlays/jetbrains-toolbox/default.nix @@ -0,0 +1,5 @@ +{ channels, ... }: +final: prev: +{ + inherit (channels.unstable) jetbrains-toolbox; +} diff --git a/overlays/nixsgx/default.nix b/overlays/nixsgx/default.nix new file mode 100644 index 0000000..66b492e --- /dev/null +++ b/overlays/nixsgx/default.nix @@ -0,0 +1,5 @@ +{ channels, ... }: +final: prev: +{ + inherit (channels.nixpkgs.nixsgx) sgx-psw; +} diff --git a/packages/nixos-hosts/default.nix b/packages/nixos-hosts/default.nix new file mode 100644 index 0000000..432ba36 --- /dev/null +++ b/packages/nixos-hosts/default.nix @@ -0,0 +1,49 @@ +{ lib +, writeText +, writeShellApplication +, substituteAll +, gum +, inputs +, hosts ? { } +, ... +}: + +let + inherit (lib) mapAttrsToList concatStringsSep; + inherit (lib.metacfg) override-meta; + + substitute = args: builtins.readFile (substituteAll args); + + formatted-hosts = mapAttrsToList + (name: host: "${name},${host.pkgs.system}") + hosts; + + hosts-csv = writeText "hosts.csv" '' + Name,System + ${concatStringsSep "\n" formatted-hosts} + ''; + + nixos-hosts = writeShellApplication { + name = "nixos-hosts"; + + text = substitute { + src = ./nixos-hosts.sh; + + help = ./help; + hosts = if hosts == { } then "" else hosts-csv; + }; + + checkPhase = ""; + + runtimeInputs = [ + gum + ]; + }; + + new-meta = with lib; { + description = "A helper to list all of the NixOS hosts available from your flake."; + license = licenses.asl20; + maintainers = with maintainers; [ jakehamilton ]; + }; +in +override-meta new-meta nixos-hosts diff --git a/packages/nixos-hosts/help/nixos-hosts.sh b/packages/nixos-hosts/help/nixos-hosts.sh new file mode 100644 index 0000000..eef512d --- /dev/null +++ b/packages/nixos-hosts/help/nixos-hosts.sh @@ -0,0 +1,16 @@ +echo -e " +${text_bold}${text_fg_blue}nixos-hosts${text_reset} + +${text_bold}DESCRIPTION${text_reset} + + Show NixOS hosts from your flake. + +${text_bold}USAGE${text_reset} + + ${text_dim}\$${text_reset} ${text_bold}nixos-hosts${text_reset} [options] + +${text_bold}OPTIONS${text_reset} + + --help, -h Show this help message + --debug Show debug messages +" diff --git a/packages/nixos-hosts/nixos-hosts.sh b/packages/nixos-hosts/nixos-hosts.sh new file mode 100644 index 0000000..6532660 --- /dev/null +++ b/packages/nixos-hosts/nixos-hosts.sh @@ -0,0 +1,324 @@ +#!/usr/bin/env bash + +#==============================# +# Global # +#==============================# + +DEBUG=${DEBUG:-"false"} + +#==============================# +# Injected # +#==============================# + +hosts="@hosts@" +help_root="@help@" + +#==============================# +# Logging # +#==============================# + +text_reset="\e[m" +text_bold="\e[1m" +text_dim="\e[2m" +text_italic="\e[3m" +text_underline="\e[4m" +text_blink="\e[5m" +text_highlight="\e[7m" +text_hidden="\e[8m" +text_strike="\e[9m" + +text_fg_red="\e[38;5;1m" +text_fg_green="\e[38;5;2m" +text_fg_yellow="\e[38;5;3m" +text_fg_blue="\e[38;5;4m" +text_fg_magenta="\e[38;5;5m" +text_fg_cyan="\e[38;5;6m" +text_fg_white="\e[38;5;7m" +text_fg_dim="\e[38;5;8m" + +text_bg_red="\e[48;5;1m" +text_bg_green="\e[48;5;2m" +text_bg_yellow="\e[48;5;3m" +text_bg_blue="\e[48;5;4m" +text_bg_magenta="\e[48;5;5m" +text_bg_cyan="\e[48;5;6m" +text_bg_white="\e[48;5;7m" +text_bg_dim="\e[48;5;8m" + +# Usage: log_info +log_info() { + echo -e "${text_fg_blue}info${text_reset} $1" +} + +# Usage: log_todo +log_todo() { + echo -e "${text_bg_magenta}${text_fg_white}todo${text_reset} $1" +} + +# Usage: log_debug +log_debug() { + if [[ $DEBUG == true ]]; then + echo -e "${text_fg_dim}debug${text_reset} $1" + fi +} + +# Usage: log_warn +log_warn() { + echo -e "${text_fg_yellow}warn${text_reset} $1" +} + +# Usage: log_error +log_error() { + echo -e "${text_fg_red}error${text_reset} $1" +} + +# Usage: log_fatal [exit-code] +log_fatal() { + echo -e "${text_fg_white}${text_bg_red}fatal${text_reset} $1" + + if [ -z ${2:-} ]; then + exit 1 + else + exit $2 + fi +} + +# Usage: clear_previous_line [number] +clear_line() { + echo -e "\e[${1:-"1"}A\e[2K" +} + +# Usage: +# rewrite_line +# rewrite_line +rewrite_line() { + if [[ $# == 1 ]]; then + echo -e "\e[1A\e[2K${1}" + else + echo -e "\e[${1}A\e[2K${2}" + fi +} + +#==============================# +# Options # +#==============================# +positional_args=() + +opt_help=false +opt_pick=false +opt_list=false + +# Usage: missing_value