diff --git a/flake.lock b/flake.lock index 92543e0..a3e367b 100644 --- a/flake.lock +++ b/flake.lock @@ -1,10 +1,31 @@ { "nodes": { - "ags": { + "agenix": { "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", "nixpkgs": "nixpkgs", "systems": "systems" }, + "locked": { + "lastModified": 1723293904, + "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", + "owner": "ryantm", + "repo": "agenix", + "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "ags": { + "inputs": { + "nixpkgs": "nixpkgs_2", + "systems": "systems_2" + }, "locked": { "lastModified": 1728326430, "narHash": "sha256-tV1ABHuA1HItMdCTuNdA8fMB+qw7LpjvI945VwMSABI=", @@ -19,6 +40,28 @@ "type": "github" } }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "dotfiles": { "flake": false, "locked": { @@ -38,15 +81,36 @@ "home-manager": { "inputs": { "nixpkgs": [ + "agenix", "nixpkgs" ] }, "locked": { - "lastModified": 1730837930, - "narHash": "sha256-0kZL4m+bKBJUBQse0HanewWO0g8hDdCvBhudzxgehqc=", + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f607e07f3ac7e53541120536708e824acccfaa8", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1731235328, + "narHash": "sha256-NjavpgE9/bMe/ABvZpyHIUeYF1mqR5lhaep3wB79ucs=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "60bb110917844d354f3c18e05450606a435d2d10", "type": "github" }, "original": { @@ -58,7 +122,7 @@ "hyprpanel": { "inputs": { "ags": "ags", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1730958442, @@ -76,11 +140,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725634671, - "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", + "lastModified": 1703013332, + "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", + "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", "type": "github" }, "original": { @@ -108,11 +172,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1730906268, - "narHash": "sha256-JTpBZcKpiz0/Fm5saVrTdPRsywNlBFz5pSdwMaVKwH8=", + "lastModified": 1731503721, + "narHash": "sha256-sEDguy1Fy9oGwdJTD27axz7yjUmFUe9SREkaWEybsRU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a40c3f1a5a8d3fa81fc4edc9dfa4719f8908b1d8", + "rev": "83cabf210fb7b5f0adc67142ceb4dab95519ccdd", "type": "github" }, "original": { @@ -124,11 +188,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1730741070, - "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", + "lastModified": 1731239293, + "narHash": "sha256-q2yjIWFFcTzp5REWQUOU9L6kHdCDmFDpqeix86SOvDc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", + "rev": "9256f7c71a195ebe7a218043d9f93390d49e6884", "type": "github" }, "original": { @@ -139,6 +203,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1725634671, + "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1729880355, "narHash": "sha256-RP+OQ6koQQLX5nw0NmcDrzvGL8HDLnyXt/jHhL1jwjM=", @@ -154,13 +234,13 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { - "lastModified": 1730785428, - "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=", + "lastModified": 1731139594, + "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7", + "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2", "type": "github" }, "original": { @@ -172,16 +252,32 @@ }, "root": { "inputs": { + "agenix": "agenix", "dotfiles": "dotfiles", - "home-manager": "home-manager", + "home-manager": "home-manager_2", "hyprpanel": "hyprpanel", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nixpkgs-b69de56": "nixpkgs-b69de56", "nixpkgs-master": "nixpkgs-master", "nixpkgs-stable": "nixpkgs-stable" } }, "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { "locked": { "lastModified": 1689347949, "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", diff --git a/flake.nix b/flake.nix index 13a204f..5fca0a7 100644 --- a/flake.nix +++ b/flake.nix @@ -20,6 +20,8 @@ nixpkgs-b69de56.url = "github:nixos/nixpkgs/b69de56fac8c2b6f8fd27f2eca01dcda8e0a4221"; nixpkgs-master.url = "github:nixos/nixpkgs/master"; + agenix.url = "github:ryantm/agenix"; + hyprpanel.url = "github:Jas-SinghFSU/HyprPanel"; dotfiles = { @@ -30,6 +32,7 @@ outputs = { self, + agenix, dotfiles, home-manager, nixpkgs, @@ -55,7 +58,10 @@ inherit inputs outputs; hostname = "m3-kratos"; }; - modules = [./hosts/m3-kratos]; + modules = [ + ./hosts/m3-kratos + agenix.nixosModules.default + ]; }; }; homeConfigurations = { diff --git a/home/features/cli/default.nix b/home/features/cli/default.nix index 28bd373..d3e000f 100644 --- a/home/features/cli/default.nix +++ b/home/features/cli/default.nix @@ -74,6 +74,7 @@ unimatrix unzip wttrbar + wireguard-tools #yazi zellij-ps zip diff --git a/home/features/desktop/default.nix b/home/features/desktop/default.nix index 1fccfba..2bf17ae 100644 --- a/home/features/desktop/default.nix +++ b/home/features/desktop/default.nix @@ -97,7 +97,6 @@ # google-chrome # gsettings-desktop-schemas # graphviz - hyprpaper # ksnip nwg-look # pamixer diff --git a/home/features/desktop/wayland.nix b/home/features/desktop/wayland.nix index e15b511..668b0b7 100644 --- a/home/features/desktop/wayland.nix +++ b/home/features/desktop/wayland.nix @@ -268,7 +268,9 @@ in { home.packages = with pkgs; [ grim + hyprcursor hyprlock + hyprpaper qt6.qtwayland slurp waypipe diff --git a/hosts/m3-kratos/default.nix b/hosts/m3-kratos/default.nix index 1b09c02..36a9237 100644 --- a/hosts/m3-kratos/default.nix +++ b/hosts/m3-kratos/default.nix @@ -38,6 +38,7 @@ ./configuration.nix ./hardware.nix ./programs.nix + ./secrets.nix ./services ]; diff --git a/hosts/m3-kratos/secrets.nix b/hosts/m3-kratos/secrets.nix new file mode 100644 index 0000000..5f50d47 --- /dev/null +++ b/hosts/m3-kratos/secrets.nix @@ -0,0 +1,31 @@ +{ + age = { + secrets = { + wg-DE = { + file = ../../secrets/wg-DE.age; + path = "/etc/wireguard/DE.conf"; + }; + wg-NL = { + file = ../../secrets/wg-NL.age; + path = "/etc/wireguard/NL.conf"; + }; + wg-NO = { + file = ../../secrets/wg-NO.age; + path = "/etc/wireguard/NO.conf"; + }; + wg-US = { + file = ../../secrets/wg-US.age; + path = "/etc/wireguard/US.conf"; + }; + wg-BR = { + file = ../../secrets/wg-BR.age; + path = "/etc/wireguard/BR.conf"; + }; + tailscale-key.file = ../../secrets/tailscale-key.age; + m3tam3re-secrets = { + file = ../../secrets/m3tam3re-secrets.age; + owner = "m3tam3re"; + }; + }; + }; +} diff --git a/hosts/m3-kratos/services/default.nix b/hosts/m3-kratos/services/default.nix index 7595f39..3ca540f 100644 --- a/hosts/m3-kratos/services/default.nix +++ b/hosts/m3-kratos/services/default.nix @@ -5,6 +5,7 @@ ./postgres.nix ./sound.nix ./udev.nix + ./wireguard.nix ]; services = { hypridle.enable = true; @@ -12,6 +13,7 @@ gvfs.enable = true; trezord.enable = true; gnome.gnome-keyring.enable = true; + qdrant.enable = true; avahi = { enable = true; nssmdns4 = true; diff --git a/hosts/m3-kratos/services/wireguard.nix b/hosts/m3-kratos/services/wireguard.nix new file mode 100644 index 0000000..b98e312 --- /dev/null +++ b/hosts/m3-kratos/services/wireguard.nix @@ -0,0 +1,25 @@ +{config, ...}: { + networking.wg-quick.interfaces = { + DE = { + configFile = config.age.secrets.wg-DE.path; + autostart = false; + }; + NL = { + configFile = config.age.secrets.wg-NL.path; + autostart = false; + }; + NO = { + configFile = config.age.secrets.wg-NO.path; + autostart = false; + }; + US = { + configFile = config.age.secrets.wg-US.path; + autostart = false; + }; + BR = { + configFile = config.age.secrets.wg-BR.path; + autostart = false; + }; + }; + services.resolved.enable = true; +} diff --git a/overlays/default.nix b/overlays/default.nix index a3a3285..3cd050d 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -9,7 +9,16 @@ # https://nixos.wiki/wiki/Overlays modifications = final: prev: { n8n = import ./mods/n8n.nix {inherit prev;}; - ffmpeg = inputs.nixpkgs-stable.legacyPackages.${prev.system}.ffmpeg; + hyprpanel = inputs.hyprpanel.packages.${prev.system}.default.overrideAttrs (prev: { + version = "latest"; # or whatever version you want + src = final.fetchFromGitHub { + owner = "Jas-SinghFSU"; + repo = "HyprPanel"; + rev = "master"; # or a specific commit hash + hash = "sha256-l623fIVhVCU/ylbBmohAtQNbK0YrWlEny0sC/vBJ+dU="; + }; + }); + #ffmpeg = inputs.nixpkgs-stable.legacyPackages.${prev.system}.ffmpeg; }; stable-packages = final: _prev: { diff --git a/secrets/m3tam3re-secrets.age b/secrets/m3tam3re-secrets.age new file mode 100644 index 0000000..66aab85 Binary files /dev/null and b/secrets/m3tam3re-secrets.age differ diff --git a/secrets/tailscale-key.age b/secrets/tailscale-key.age new file mode 100644 index 0000000..9ff3ac2 --- /dev/null +++ b/secrets/tailscale-key.age @@ -0,0 +1,15 @@ +age-encryption.org/v1 +-> ssh-rsa DQlE7w +poMyzXs431KnYjtY70mRTXrMd8U2cJynbwR0eeIFibiPC+2UT+U1yyNvGrNUL3p2 +Zj3x5oGJJsWhTsaUZ+AJjeuGk4Pyapvyr/twnZ7th8JXIwOfXeaDaCRTOnV9JpBG +WDFPtWOvrMnShXno0BA/LVuLcx1bNay4vk0Ms0P7NvQ8qnKMyYrxIkXZw1CiC/L3 +3zUfnOiecagLqtUgi84S2PnGqBEsD2MoAVyvDPCp6KnKfUhDXknnx0M52crQXDNt +QYjHvYpt9YZTg9IudaFeE45+lpUkmv4ImELjNsbYgPSVNy9Wx7q8csRlI3MKNdTw +oSs24QO/s7sR3xH4JD154ZYf3+iGXjO/IUgKmdgrk10Hv/1t+wmi72pN91GxJEKr +uHCo0q0RmP0+Pj+T9HE0Wd45PSJNj3vRYBGKdRjB7Z1RBht7b3WPde6In8L6aVsl +AAUGjzImH/0OSDUbLhoOlrO7GCVXakKLGs4Xq3kWT8BovLDbsjNvsO0NS2Gc3rFr + +-> ssh-ed25519 3Bcr1w 48B9vctea23jzcVicnhkKJs4v0ZZYY21hM977s1pv1k +20FihxrgLUSJ/E9Ko9TfPCkX8uQllu17ubML8bj5Sow +--- py4u7/Jd2kJ6Cxd/iiVqJWOk22OcxfhEN+rz+noqQXk +P,83e34]Vj{EH}B!D94D-6ei }ek;kOg5o~1hyvp2+)}BL6l# \ No newline at end of file diff --git a/secrets/wg-BR.age b/secrets/wg-BR.age new file mode 100644 index 0000000..1018244 Binary files /dev/null and b/secrets/wg-BR.age differ diff --git a/secrets/wg-DE.age b/secrets/wg-DE.age new file mode 100644 index 0000000..11ac80b Binary files /dev/null and b/secrets/wg-DE.age differ diff --git a/secrets/wg-NL.age b/secrets/wg-NL.age new file mode 100644 index 0000000..6755197 Binary files /dev/null and b/secrets/wg-NL.age differ diff --git a/secrets/wg-NO.age b/secrets/wg-NO.age new file mode 100644 index 0000000..4607ff9 Binary files /dev/null and b/secrets/wg-NO.age differ diff --git a/secrets/wg-US.age b/secrets/wg-US.age new file mode 100644 index 0000000..aa2bda3 Binary files /dev/null and b/secrets/wg-US.age differ