diff --git a/flake.nix b/flake.nix index d5d4fd3..2372f80 100644 --- a/flake.nix +++ b/flake.nix @@ -36,7 +36,7 @@ system = "x86_64-linux"; # hostnames - hosts = ["thonkpad" "rq" "yoga" "server1" "server2" "server3"]; + hosts = ["thonkpad" "rq" "yoga" "server1" "server2" "server3" "store"]; baseModule = {lib, ...}: { imports = [ diff --git a/home/home.nix b/home/home.nix index f98417a..72f12a5 100644 --- a/home/home.nix +++ b/home/home.nix @@ -53,7 +53,7 @@ in { home.sessionVariables = { EDITOR = "nvim"; - SHELL = "zsh"; + SHELL = "/etc/profiles/per-user/synchronous/bin/zsh"; # just zsh no longer works? HOME = "/home/synchronous"; # XDG_CACHE_HOME = "$HOME/.cache"; DBUS_SESSION_BUS_ADDRESS = "unix:path=$XDG_RUNTIME_DIR/bus"; @@ -120,6 +120,11 @@ in { yq semgrep tectonic + electrum + feather + gnupg + texpresso + python313Packages.pygments # texlive.combined.scheme-full # security diff --git a/home/programs/firefox/default.nix b/home/programs/firefox/default.nix index cd99a87..f708454 100644 --- a/home/programs/firefox/default.nix +++ b/home/programs/firefox/default.nix @@ -210,6 +210,10 @@ in { name = "verus github"; url = "https://github.com/verus-lang/verus"; } + { + name = "secure foundations"; + url = "https://github.com/secure-foundations"; + } ]; } { diff --git a/home/programs/nvim/default.nix b/home/programs/nvim/default.nix index 405c611..01c22c9 100644 --- a/home/programs/nvim/default.nix +++ b/home/programs/nvim/default.nix @@ -41,10 +41,11 @@ vim-airline-themes plenary-nvim nvim-web-devicons - { - plugin = smear-cursor-nvim; - config = toLuaFile ./plugins/smear.lua; - } + texpresso-vim + # { + # plugin = smear-cursor-nvim; + # config = toLuaFile ./plugins/smear.lua; + # } # { # plugin = neovide; # config = toLuaFile ./plugins/neovide.lua; @@ -86,6 +87,10 @@ # plugin = vim-airline; # config = toLuaFile ./plugins/airline.lua; # } + { + plugin = markdown-preview-nvim; + config = toLuaFile ./plugins/markdown-preview-nvim.lua; + } { plugin = barbar-nvim; config = toLuaFile ./plugins/barbar.lua; diff --git a/home/programs/nvim/init.lua b/home/programs/nvim/init.lua index 653d883..27fb8e6 100644 --- a/home/programs/nvim/init.lua +++ b/home/programs/nvim/init.lua @@ -165,6 +165,31 @@ vim.api.nvim_create_autocmd("FileType", { command = "setlocal wrap" }) +vim.api.nvim_create_augroup("vimrc", { clear = true }) + +-- vim.api.nvim_create_autocmd("FileType", { + -- desc = "texpresso compile", + -- group = "vimrc", + -- pattern = "tex", + -- callback = function(args) + -- -- start server on first BufWrite + -- vim.api.nvim_create_autocmd("BufWritePost", { + -- group = vim.api.nvim_create_augroup( + -- string.format("latex", args.buf), + -- { clear = true } + -- ), + -- buffer = args.buf, + -- callback = function() + -- if not vim.b.latex_started then + -- vim.cmd "TeXpresso %" + -- vim.b.latex_started = true + -- end + -- -- vim.cmd "VimtexView" + -- end, + -- }) + -- end, +-- }) + -- idk why i need to define it here bro -- local builtin = require('telescope.builtin') -- vim.keymap.set('n', 'ff', builtin.find_files, { desc = 'Telescope find files' }) diff --git a/home/programs/nvim/plugins/markdown-preview-nvim.lua b/home/programs/nvim/plugins/markdown-preview-nvim.lua new file mode 100644 index 0000000..a742414 --- /dev/null +++ b/home/programs/nvim/plugins/markdown-preview-nvim.lua @@ -0,0 +1,4 @@ +-- browser +vim.g.mkdp_browser = "firefox" +-- keybindings +vim.keymap.set("n", "m", "MarkdownPreview") diff --git a/home/programs/nvim/plugins/smear.lua b/home/programs/nvim/plugins/smear.lua index 655f39b..59a3d59 100644 --- a/home/programs/nvim/plugins/smear.lua +++ b/home/programs/nvim/plugins/smear.lua @@ -2,9 +2,10 @@ require('smear_cursor').setup({ scroll_buffer_space = false, smear_between_buffers = false, smear_between_neighbor_lines = false, + scroll_buffer_space = false, stiffness = 0.5, trailing_stiffness = 0.5, matrix_pixel_threshold = 0.5, - damping = 0.95, + damping = 0.9999, -- how "bouncy" the cursor is. 1 makes the cursor freeze in the top left lmao smear_insert_mode = false, }) diff --git a/home/programs/nvim/plugins/vimtex.lua b/home/programs/nvim/plugins/vimtex.lua index ef5811b..465c2ba 100644 --- a/home/programs/nvim/plugins/vimtex.lua +++ b/home/programs/nvim/plugins/vimtex.lua @@ -7,11 +7,10 @@ vim.g.vimtex_view_method = 'zathura' vim.g.vimtex_view_general_viewer = 'zathura' vim.g.vimtex_view_general_options = '--unique file:@pdf#src:@line@tex' - -- Set the TeX flavor and quickfix mode. vim.g.tex_flavor = 'latex' -vim.g.vimtex_quickfix_mode = 0 -vim.g.vimtex_quickfix_enabled = 0 +-- vim.g.vimtex_quickfix_mode = 0 +-- vim.g.vimtex_quickfix_enabled = 0 -- Compiler backend. -- vim.g.vimtex_compiler_method = 'latexmk' @@ -48,7 +47,7 @@ vim.g.maplocalleader = ',' -- vim.g.Tex_IgnoreLevel = 8 -- Delete extra compilation files when a TeX buffer is deleted. -vim.api.nvim_create_autocmd("BufDelete", { - pattern = "*.tex", - command = "silent! !latexmk -c > /dev/null 2>&1 %:p", -}) +-- vim.api.nvim_create_autocmd("BufDelete", { + -- pattern = "*.tex", + -- command = "silent! !latexmk -c > /dev/null 2>&1 %:p", +-- }) diff --git a/home/programs/nvim/snippets/tex.lua b/home/programs/nvim/snippets/tex.lua index 4e5dff6..81531b6 100644 --- a/home/programs/nvim/snippets/tex.lua +++ b/home/programs/nvim/snippets/tex.lua @@ -171,6 +171,155 @@ ls.add_snippets("tex", { })) }) +ls.add_snippets("tex", { + s("template-report", fmta([[ +\documentclass[10pt]{article} +\usepackage{graphicx} % Required for inserting images +\usepackage[margin=1in]{geometry} +\usepackage[dvipsnames]{xcolor} +\usepackage{url} +\usepackage{amssymb} +\usepackage{amsmath} +\usepackage{amsthm} +\usepackage{fullpage} +\usepackage{listings} +\usepackage[utf8]{inputenc} +\usepackage{parskip} +\usepackage{hyperref} +\usepackage{bookmark} +\usepackage[linguistics]{forest} +\usepackage{tikz} +\usepackage{float} + +\usepackage[minted,skins]{tcolorbox} % 'skins' needed for shadows + +% Define a new command \rustshadowfile that replaces \rustfile +\newtcbinputlisting{\rustshadowfile}[2][]{% + listing engine=minted, + minted language=rust, + minted options={linenos, numbersep=5pt, fontsize=\footnotesize, baselinestretch=1.05}, + listing file={#2}, % The file to read + enhanced, % Enable skins for shadows + drop shadow, % Add the shadow + colback=white, % Background color + colframe=black!70, % Border color + boxrule=0.5pt, % Border width + arc=2pt, % Rounded corners (optional) + listing only, % Display code only (no title bar inside box) + #1 % Pass extra options like labels +} + +\newtcblisting{rustcode}[1][]{ + listing engine=minted, + minted language=rust, + minted options={linenos, numbersep=5pt, fontsize=\footnotesize, baselinestretch=1.05}, + enhanced, + drop shadow, % Adds the shadow + colback=white, % Background color + colframe=black!70,% Border color + boxrule=0.5pt, % Border width + arc=2pt, % Rounded corners + listing only, % Hides the internal tcolorbox title bar + #1 % Allows passing extra options +} + +% \usepackage{enumitem} +% \usepackage{euler} +% \usepackage{libertine} + +\usepackage{import} +\usepackage{pdfpages} +\usepackage{transparent} + +\newtheoremstyle{definitionstyle} +{} +{} +{\normalfont} +{} +{\bfseries} +{:} +{0.5em} +{} + +\theoremstyle{definitionstyle} +\newtheorem{definition}{Definition}[section] + +\newtheorem{all}{Theorem}[section] +\newtheorem{corollary}[all]{Corollary} +\newtheorem{lemma}[all]{Lemma} +\newtheorem{exercise}[all]{Exercise} +\newtheorem{proposition}[all]{Proposition} +\newtheorem{example}[all]{Example} +\newtheorem{theorem}{Theorem} + +\newcommand{\namedcomment}[3]{{\sf \scriptsize \color{#2} #1: #3}} +\newcommand{\jake}[1]{\namedcomment{jake}{red}{#1}} +\title{<>} +\author{Jake Ginesin \and <>} +\date{December 5th, 1999} + +\begin{document} +\maketitle + +\end{document} + ]], {i(1), i(0)}, { + indent_string = "" + })) +}) + + +ls.add_snippets("tex", { + s("beamer", fmta([[ +\documentclass{beamer} +\usetheme{metropolis} % Use metropolis theme +\title{<>} +\date{\today} +\author{Jacob Ginesin} +\institute{<>} +\begin{document} + \maketitle + \section{First Section} + \begin{frame}{First Frame} + Hello, world! + \end{frame} +\end{document} + + ]], {i(1), i(0)}, { + indent_string = "" + })) +}) + +ls.add_snippets("tex", { + s("beamer", fmta([[ +\documentclass{beamer} +\usetheme{metropolis} % Use metropolis theme +\title{<>} +\date{\today} +\author{Jacob Ginesin} +\institute{<>} +\begin{document} + \maketitle + \section{First Section} + \begin{frame}{First Frame} + Hello, world! + \end{frame} +\end{document} + + ]], {i(1), i(0)}, { + indent_string = "" + })) +}) + +ls.add_snippets("tex", { + s("bib", fmta([[ +\bibliographystyle{plain} +\bibliography{<>} + ]], {i(0)}, { + indent_string = "" + })) +}) + + -- ---- @@ -461,6 +610,19 @@ ls.add_snippets("tex", { {condition = in_mathzone} ), + s({trig = "rustcode"}, + fmta( + [[ + \begin{listing}[H] + \begin{rustcode} + <> + \end{rustcode} + \end{listing} + ]], + { i(1) } + ) + ), + s({ trig = "notin", snippetType="autosnippet", diff --git a/home/programs/sxhkd/sxhkdrc b/home/programs/sxhkd/sxhkdrc index 8c1a5d9..8b22592 100644 --- a/home/programs/sxhkd/sxhkdrc +++ b/home/programs/sxhkd/sxhkdrc @@ -186,6 +186,12 @@ super + bracket{left,right} super + {o} sh nf daily +super + semicolon + sh nf idk + +super + {m} + sh nf misc + # open my notes without goyo and with nvimteee super + {shift} + {o} sh nf daily diff --git a/home/programs/zsh/zshrc b/home/programs/zsh/zshrc index 9018a4b..8e3fc37 100644 --- a/home/programs/zsh/zshrc +++ b/home/programs/zsh/zshrc @@ -220,11 +220,20 @@ alias dnsblock-add="nvim /home/synchronous/nix-cfg/system/networking/blockers.sh alias focus-wifi="nvim /home/synchronous/nix-cfg/system/networking/blockers.sh" alias verus-dir="cd /home/synchronous/code/verus" alias cure="cd /home/synchronous/code/cure53" +alias scripts="cd /home/synchronous/nix-cfg/home/scripts" +alias bookmarks="vim -c '80' /home/synchronous/nix-cfg/home/programs/firefox/default.nix" stack() { find . -type f -exec echo -e "\n--- {} ---\n" \; -exec cat {} \; } +stack-fast() { + rg -l . | while read -r file; do + echo -e "\n--- $file ---\n" + cat "$file" + done +} + stack-b() { ( while IFS= read -r -d '' file; do diff --git a/home/scripts/brainrot-transfer.sh b/home/scripts/brainrot-transfer.sh new file mode 100644 index 0000000..36bf570 --- /dev/null +++ b/home/scripts/brainrot-transfer.sh @@ -0,0 +1,73 @@ +# --- CONFIGURATION --- +ip=$(cat /home/synchronous/.agenix/agenix/ip-master-k3s) +SSH_TARGET="synchronous@$ip" +NAMESPACE="ingress-nginx" +POD_LABEL="app=pvc-explorer" +TARGET_DIR="/data" +# --------------------- + +# 1. Check for an argument +LOCAL_PATH="$1" +if [ -z "$LOCAL_PATH" ]; then + echo "Usage: $0 " + exit 1 +fi + +if [ ! -e "$LOCAL_PATH" ]; then + echo "Error: Local path not found: $LOCAL_PATH" + exit 1 +fi + +# Define a unique name for the temporary archive +TEMP_ARCHIVE="kube_cp_temp_$(date +%s).tar.gz" + +# --- PART 1: Create local archive --- +echo "[Local] Creating temporary archive: $TEMP_ARCHIVE" +tar czf "$TEMP_ARCHIVE" "$LOCAL_PATH" +if [ $? -ne 0 ]; then + echo "Error: Failed to create local archive." + rm -f "$TEMP_ARCHIVE" # Clean up on failure + exit 1 +fi + +# --- PART 2: Copy archive to remote machine --- +echo "[Local] Copying archive to $SSH_TARGET:~/ " +scp "$TEMP_ARCHIVE" "$SSH_TARGET:~/$TEMP_ARCHIVE" +if [ $? -ne 0 ]; then + echo "Error: Failed to scp archive to remote machine." + rm -f "$TEMP_ARCHIVE" # Clean up local + exit 1 +fi + +# --- PART 3: Execute remote commands --- +echo "[Local] Connecting via SSH to import archive... You will be prompted for your SUDO password." + +# Define the set of commands to run on the remote machine +REMOTE_CMD=$(cat <&2 + rm -f ~/"$TEMP_ARCHIVE" # Clean up remote archive + exit 1 +fi + +echo "[Remote] Found pod: \$POD_NAME" +echo "[Remote] Streaming archive from ~/$TEMP_ARCHIVE into pod..." +cat ~/"$TEMP_ARCHIVE" | sudo kubectl exec -i \$POD_NAME -n "$NAMESPACE" -- tar xzf - -C "$TARGET_DIR" + +echo "[Remote] Cleaning up remote archive..." +rm ~/"$TEMP_ARCHIVE" +echo "[Remote] Transfer complete." +EOF +) + +# Run the remote commands +ssh -tt "$SSH_TARGET" "$REMOTE_CMD" + +# --- PART 4: Local cleanup --- +echo "[Local] Cleaning up local archive: $TEMP_ARCHIVE" +rm "$TEMP_ARCHIVE" + +echo "[Local] All done." diff --git a/home/scripts/daily.sh b/home/scripts/daily.sh new file mode 100644 index 0000000..288d341 --- /dev/null +++ b/home/scripts/daily.sh @@ -0,0 +1,59 @@ +# get today's date +curr=$(date +%y-%m-%d) +curr_bigyear=$(date +%Y-%m-%d) +# echo "$curr" +curr_pretty=$(date "+%A, %B %d %G") +curr_onenumber=$(date +%Y%m%d) +echo "Today: $curr_pretty" + +# get written journal lines +journal_len=$(wc /home/synchronous/journal/daily.md | awk '{print $1}') +journal_date_area=$(rg 25-12-03 /home/synchronous/journal/daily.md -n -o | sed 's/:/ /' | awk '{print $1}') +journal="" +if [[ $journal_date_area == "" ]]; then + journal="No writing in the journal yet today.." +else + jd_diff=$(echo "$journal_len - $journal_date_area" | bc) + journal="You've written $jd_diff journal line(s)" +fi + +# get todos for today +todo_len=$(awk '!NF { print NR; exit }' /home/synchronous/journal/todo.md) +todo_len_1=$(echo "$todo_len" - 1 | bc) +todo_len_2=$(echo "$todo_len" - 2 | bc) +todos=$(head /home/synchronous/journal/todo.md -n "$todo_len_1" | tail -n "$todo_len_2") + +# choose idk based on psuedorandom seeded with date +idk_len=$(wc -l /home/synchronous/journal/rest/idk.md | awk '{print $1'}) +idk_date=$(date +%Y%m%d) +idk_pseudo=$(python3 -c "import math; import random; random.seed($idk_date); print( math.floor(random.random() * 10000) % $idk_len)") +idk=$(sed -n '7 p' /home/synchronous/journal/rest/idk.md | cut -c3-) + +# check if there exists a .daily in home for this day +daily_date=$(stat -c "%y" /home/synchronous/.daily | awk '{print $1}') +if [[ $daily_date != $curr_bigyear ]]; then + rm /home/synchronous/.daily + touch /home/synchronous/.daily + + # set idk + echo "- idk: $idk" >> /home/synchronous/.daily +else + idk_prev=$(rg idk /home/synchronous/.daily | cut -c8-) # take existing idk + if [[ $idk_prev != $idk ]]; then + idk="$idk_prev [done!]" + fi +fi + +echo + +# echo $idk + +echo "Lore for today:" +echo "- idk: $idk" +echo "- $journal" + +echo + +# TODOS SETUP +echo "Todos for today ($todo_len_2 items):" +echo "$todos" diff --git a/home/scripts/idk.sh b/home/scripts/idk.sh new file mode 100644 index 0000000..640dc16 --- /dev/null +++ b/home/scripts/idk.sh @@ -0,0 +1,25 @@ +add_idk() { + if [[ "$1" == "" ]]; then + echo "Empty entry" + exit 0 + fi + fq=$(rg "$1" /home/synchronous/journal/rest/idk.md 2> /dev/null) + if [[ "$fq" != "" ]]; then + echo "Entry already present" + exit 0 + fi + echo "- $1" >> /home/synchronous/journal/rest/idk.md + echo "Added entry: '$1'" + idk_len=$(wc -l /home/synchronous/journal/rest/idk.md | awk '{print $1}') + echo "You do not know $idk_len things!" +} + +run_command() { + case $1 in + "add") add_idk "$2" ;; + "del") remove_idk "$2" ;; + *) + esac +} + +run_command "$1" "$2" diff --git a/home/scripts/journal/nf.sh b/home/scripts/journal/nf.sh index 924b9da..a806c31 100644 --- a/home/scripts/journal/nf.sh +++ b/home/scripts/journal/nf.sh @@ -44,6 +44,13 @@ open_daily() { -c "lua vim.g.goyo_if = 1" &! } +open_idk() { + alacritty -t "idk.md" -e nvim "$main/rest/idk.md" \ + -c "Goyo | set wrap | set path+=$main_dir" \ + -c "execute 'normal G'" \ + -c "lua vim.g.goyo_if = 1" &! +} + open_todo() { alacritty -t "todo.md" -e nvim "$main/todo.md" \ -c "execute 'lua vim.g.goyo_if = 1' | set wrap | Goyo | set path+=$main_dir" &! @@ -152,14 +159,24 @@ search_by_title() { fi } +open_misc() { + tf=$(mktemp --suffix=.md) + # sh -c keeps window open for nvim, then deletes file immediately on exit + alacritty -t "scratch" -e sh -c "nvim '$tf' \ + -c 'execute \"lua vim.g.goyo_if = 1\" | Goyo | set wrap | autocmd BufEnter * let b:coc_suggest_disable=1'; \ + rm '$tf'" &! +} + run_command() { case $1 in "search") search ;; "daily") open_daily ;; "todo") open_todo ;; + "idk") open_idk ;; "find") notes_find ;; "tags") search_by_tags ;; "title") search_by_title ;; + "misc") open_misc ;; *) esac } diff --git a/home/scripts/macflip.sh b/home/scripts/macflip.sh index 79ab8f2..911ed6d 100644 --- a/home/scripts/macflip.sh +++ b/home/scripts/macflip.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash newmac=$1 -suod ip link set wlan0 down +sudo ip link set wlan0 down sudo macchanger wlan0 --mac "$1" sudo ip link set wlan0 up diff --git a/home/scripts/security/sg.sh b/home/scripts/security/semgrep-auto.sh similarity index 100% rename from home/scripts/security/sg.sh rename to home/scripts/security/semgrep-auto.sh diff --git a/home/scripts/security/wpcap.sh b/home/scripts/security/wpcap.sh index 71247ba..0c2c291 100644 --- a/home/scripts/security/wpcap.sh +++ b/home/scripts/security/wpcap.sh @@ -1,5 +1,3 @@ -#!/bin/bash - if [[ $EUID -ne 0 ]]; then echo "This script must be run as root." exit 1 diff --git a/home/scripts/tex/safe-tex.sh b/home/scripts/tex/safe-tex.sh new file mode 100644 index 0000000..076fa4a --- /dev/null +++ b/home/scripts/tex/safe-tex.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env bash +# designed to compile tex with isolation, in the case something like minted is used +set -euo pipefail + +if [[ $# -lt 1 ]]; then + echo "Usage: $0 [tectonic args...]" + exit 1 +fi + +TEXFILE="$1" +shift + +mkdir -p ~/.cache/Tectonic + +nix-shell -p bubblewrap tectonic cacert python313Packages.pygments which --run " + bwrap --ro-bind /nix /nix \ + --bind \$(pwd) /workspace \ + --bind ~/.cache/Tectonic ~/.cache/Tectonic \ + --chdir /workspace \ + --dev /dev \ + --proc /proc \ + --tmpfs /tmp \ + --symlink \$(which bash) /bin/sh \ + --ro-bind /etc/resolv.conf /etc/resolv.conf \ + --ro-bind /etc/hosts /etc/hosts \ + --ro-bind /etc/nsswitch.conf /etc/nsswitch.conf \ + --setenv SSL_CERT_FILE \"\$SSL_CERT_FILE\" \ + --setenv TMPDIR /tmp \ + --setenv PATH \"\$PATH\" \ + tectonic -Z shell-escape '$TEXFILE' --keep-intermediates $* +" diff --git a/hosts/meta.nix b/hosts/meta.nix index 7577bb6..0ea6a12 100644 --- a/hosts/meta.nix +++ b/hosts/meta.nix @@ -35,6 +35,16 @@ owner = "synchronous"; mode = "0400"; }; + ip-master-k3s = { + file = ../secrets/ip-master-k3s.age; + owner = "synchronous"; + mode = "0400"; + }; + ip-cmu = { + file = ../secrets/ip-cmu.age; + owner = "synchronous"; + mode = "0400"; + }; }; secretsDir = "/home/synchronous/.agenix/agenix"; secretsMountPoint = "/home/synchronous/.agenix/agenix.d"; diff --git a/hosts/store/configuration.nix b/hosts/store/configuration.nix new file mode 100644 index 0000000..d1226da --- /dev/null +++ b/hosts/store/configuration.nix @@ -0,0 +1,37 @@ +{ + config, + pkgs, + lib, + ... +}: { + imports = [ + ./hardware-configuration.nix + ../../system/system-server.nix + ../meta.nix + ../../extras/ssh.nix + ../../extras/k3s-node.nix + ]; + + config = { + networking.hostName = "store"; # Define your hostname. + res = "1920x1080"; + + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + backupFileExtension = "backup"; + users.synchronous.imports = [../../home/home.nix]; + }; + + # Bootloader. + #boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/sda"; + boot.loader.grub.useOSProber = true; + boot.loader.grub.version = 2; + # services.logind.lidSwitchExternalPower = "ignore"; + + boot.loader.systemd-boot.enable = false; + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.grub.enable = true; + }; +} diff --git a/hosts/store/hardware-configuration.nix b/hosts/store/hardware-configuration.nix new file mode 100644 index 0000000..495d0fb --- /dev/null +++ b/hosts/store/hardware-configuration.nix @@ -0,0 +1,40 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/bb36a123-4dc9-4583-8571-1aa180efb00b"; + fsType = "ext4"; + }; + + swapDevices = [ + {device = "/dev/disk/by-uuid/78565ab8-d7b8-476d-a6e7-46ceda4ee761";} + {device = "/dev/disk/by-uuid/c735b357-c35c-4249-bb0b-23321fe50c3d";} + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/secrets/ip-cmu.age b/secrets/ip-cmu.age new file mode 100644 index 0000000..6b2a0fc --- /dev/null +++ b/secrets/ip-cmu.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 1qNjsw iIlHsfHTOuuIYQREkl1jdSuHm03aLZFqDmhj2Ngx234 +BgmH1kx6pxDIBpyn2qpM6vTtAcJLxKqcIMn/LT7jLsw +--- ySOiv2BxTZC2/SIcq4cUJPlSYecE15wyf8w0/LJmptM +#þï½P~dá×I:ó&6 0bG28y™Ñ*.a1hœŸÃIŸA³7Jüw!°à \ No newline at end of file diff --git a/secrets/ip-master-k3s.age b/secrets/ip-master-k3s.age new file mode 100644 index 0000000..73cd9cb Binary files /dev/null and b/secrets/ip-master-k3s.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index d4c6ae4..56c0439 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -6,4 +6,6 @@ in { "tailscale-rq.age".publicKeys = [key]; "ssh-pub.age".publicKeys = [key]; "kube.age".publicKeys = [key]; + "ip-master-k3s.age".publicKeys = [key]; + "ip-cmu.age".publicKeys = [key]; } diff --git a/secrets/tailscale-rq.age b/secrets/tailscale-rq.age index b97303c..3d1f464 100644 Binary files a/secrets/tailscale-rq.age and b/secrets/tailscale-rq.age differ diff --git a/secrets/zsh_remote.age b/secrets/zsh_remote.age index 222be25..2af809e 100644 Binary files a/secrets/zsh_remote.age and b/secrets/zsh_remote.age differ diff --git a/system/system.nix b/system/system.nix index 2baf50f..f3058c5 100644 --- a/system/system.nix +++ b/system/system.nix @@ -48,6 +48,11 @@ services.printing.enable = true; hardware.bluetooth.enable = true; programs.dconf.enable = true; + services.pcscd.enable = true; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; xdg.mime.defaultApplications = { "application/pdf" = "firefox.desktop";