diff --git a/flake.lock b/flake.lock index b94fa32..7cb9f86 100644 --- a/flake.lock +++ b/flake.lock @@ -17,12 +17,15 @@ } }, "flake-utils": { + "inputs": { + "systems": "systems" + }, "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "lastModified": 1681202837, + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", "owner": "numtide", "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", "type": "github" }, "original": { @@ -53,11 +56,11 @@ ] }, "locked": { - "lastModified": 1682072616, - "narHash": "sha256-sR5RL3LACGuq5oePcAoJ/e1S3vitKQQSNACMYmqIE1E=", + "lastModified": 1685108129, + "narHash": "sha256-6Jv6LxrLfaueHj095oBUKBk++eW4Ya0qfHwhQVQqyoo=", "owner": "nix-community", "repo": "home-manager", - "rev": "47d6c3f65234230d37f1cf7d3d6b5575ec80fe0c", + "rev": "bec196cd9b5f34213c7dc90ef2a524336df70e30", "type": "github" }, "original": { @@ -73,11 +76,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1682125871, - "narHash": "sha256-b5z2R7qRe5lIn7UYFrVokFy9r3RoyrrYKqgJH/r9B34=", + "lastModified": 1685150126, + "narHash": "sha256-Pzliu5Q0Ck95vtuIAGw+rjuvEpnZOdQ6hnEoEOwhEE4=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "abda642f7216d43b1c61cc864eb571df78d96464", + "rev": "10ce968c6896fb0866d4c80c7e4c684f849d56d2", "type": "github" }, "original": { @@ -94,11 +97,11 @@ ] }, "locked": { - "lastModified": 1682040433, - "narHash": "sha256-5RxsRpH7pidvRu9Fcejt5Akl+aMnduSlaIrureT0Qz8=", + "lastModified": 1682818384, + "narHash": "sha256-l8jh9BQj6nfjPDYGyrZkZwX1GaOqBX+pBHU+7fFZU3w=", "owner": "nixos-cn", "repo": "flakes", - "rev": "1f8ff8330186b40b61d7f16d7d78d656b9e06399", + "rev": "2d475ec68cca251ef6c6c69a9224db5c264c5e5b", "type": "github" }, "original": { @@ -109,11 +112,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1680876084, - "narHash": "sha256-eP9yxP0wc7XuVaODugh+ajgbFGaile2O1ihxiLxOuvU=", + "lastModified": 1684899633, + "narHash": "sha256-NtwerXX8UFsoNy6k+DukJMriWtEjQtMU/Urbff2O2Dg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "3006d2860a6ed5e01b0c3e7ffb730e9b293116e2", + "rev": "4cc688ee711159b9bcb5a367be44007934e1a49d", "type": "github" }, "original": { @@ -125,11 +128,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1675763311, - "narHash": "sha256-bz0Q2H3mxsF1CUfk26Sl9Uzi8/HFjGFD/moZHz1HebU=", + "lastModified": 1684570954, + "narHash": "sha256-FX5y4Sm87RWwfu9PI71XFvuRpZLowh00FQpIJ1WfXqE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fab09085df1b60d6a0870c8a89ce26d5a4a708c2", + "rev": "3005f20ce0aaa58169cdee57c8aa12e5f1b6e1b3", "type": "github" }, "original": { @@ -141,27 +144,27 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1681932375, - "narHash": "sha256-tSXbYmpnKSSWpzOrs27ie8X3I0yqKA6AuCzCYNtwbCU=", + "lastModified": 1685004253, + "narHash": "sha256-AbVL1nN/TDicUQ5wXZ8xdLERxz/eJr7+o8lqkIOVuaE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3d302c67ab8647327dba84fbdb443cdbf0e82744", + "rev": "3e01645c40b92d29f3ae76344a6d654986a91a91", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-22.11", + "ref": "nixos-23.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1681613598, - "narHash": "sha256-Ogkoma0ytYcDoMR2N7CZFABPo+i0NNo26dPngru9tPc=", + "lastModified": 1684632198, + "narHash": "sha256-SdxMPd0WmU9MnDBuuy7ouR++GftrThmSGL7PCQj/uVI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1040ce5f652b586da95dfd80d48a745e107b9eac", + "rev": "d0dade110dc7072d67ce27826cfe9ab2ab0cf247", "type": "github" }, "original": { @@ -173,11 +176,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1681920287, - "narHash": "sha256-+/d6XQQfhhXVfqfLROJoqj3TuG38CAeoT6jO1g9r1k0=", + "lastModified": 1684935479, + "narHash": "sha256-6QMMsXMr2nhmOPHdti2j3KRHt+bai2zw+LJfdCl97Mk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "645bc49f34fa8eff95479f0345ff57e55b53437e", + "rev": "f91ee3065de91a3531329a674a45ddcb3467a650", "type": "github" }, "original": { @@ -189,11 +192,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1681571934, - "narHash": "sha256-Q3B3HTqhTahhPCT53ahK1FPktOXlEWmudSttd9CWGbE=", + "lastModified": 1684585791, + "narHash": "sha256-lYPboblKrchmbkGMoAcAivomiOscZCjtGxxTSCY51SM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "29176972b4be60f7d3eb3101f696c99f2e6ada57", + "rev": "eea79d584eff53bf7a76aeb63f8845da6d386129", "type": "github" }, "original": { @@ -205,11 +208,11 @@ }, "nur": { "locked": { - "lastModified": 1682066678, - "narHash": "sha256-uMHlSn+i49GW4AwjNQh+gN1Hv3IyaXIwWCicHd/wo4g=", + "lastModified": 1685145797, + "narHash": "sha256-a4mMWQKgjWShf0MkEMoDJPYEJ8eu2T7MA8DxbTMQRUA=", "owner": "nix-community", "repo": "NUR", - "rev": "c2778754ec284fade289ce5c4ac82ffb48b2b97a", + "rev": "cbc0fb5c6412cc84de6a4fb33d6500217082c4c9", "type": "github" }, "original": { @@ -236,11 +239,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1681821695, - "narHash": "sha256-uwyBGo/9IALi97AfMuzkJroQQhV6hkybaZVdw6pRNG4=", + "lastModified": 1684637723, + "narHash": "sha256-0vAxL7MVMhGbTkAyvzLvleELHjVsaS43p+PR1h9gzNQ=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5698b06b0731a2c15ff8c2351644427f8ad33993", + "rev": "4ccdfb573f323a108a44c13bb7730e42baf962a9", "type": "github" }, "original": { @@ -248,6 +251,21 @@ "repo": "sops-nix", "type": "github" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 6097107..500585a 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ inputs = { # Pin nixpkgs to a specific commit nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-22.11"; + nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-23.05"; home-manager = { url = "github:nix-community/home-manager"; diff --git a/home/xin/calcite/default.nix b/home/xin/calcite/default.nix index f2085ac..84af437 100644 --- a/home/xin/calcite/default.nix +++ b/home/xin/calcite/default.nix @@ -27,8 +27,8 @@ address = "lixinyang411@foxmail.com"; }; - i18n.inputMethod = { - enabled = "fcitx5"; - fcitx5.addons = with pkgs; [ fcitx5-rime ]; - }; + home.packages = with pkgs; [ + thunderbird + ]; + } diff --git a/home/xin/common/default.nix b/home/xin/common/default.nix index 391bf9c..fc8de9d 100644 --- a/home/xin/common/default.nix +++ b/home/xin/common/default.nix @@ -3,13 +3,15 @@ ./fish.nix ./git.nix ./zellij.nix + ./vim.nix ]; home.packages = with pkgs; [ dig du-dust # du + rust zoxide # autojumper file - # man-pages + man-pages + unar tree wget tmux @@ -19,4 +21,4 @@ rclone clash ]; -} \ No newline at end of file +} diff --git a/home/xin/common/vim.nix b/home/xin/common/vim.nix new file mode 100644 index 0000000..c6ae2af --- /dev/null +++ b/home/xin/common/vim.nix @@ -0,0 +1,27 @@ +{ pkgs, ... }: { + programs.neovim = { + enable = true; + vimAlias = true; + vimdiffAlias = true; + plugins = with pkgs.vimPlugins; [ + nvim-treesitter.withAllGrammars + dracula-nvim + ]; + extraConfig = '' + set nocompatible + + syntax on + set number + set relativenumber + set shortmess+=I + set laststatus=2 + + set ignorecase + set smartcase + + set mouse+=a + + colorscheme dracula + ''; + }; +} \ No newline at end of file diff --git a/home/xin/vscode.nix b/home/xin/vscode.nix index 2f05702..66f1a15 100644 --- a/home/xin/vscode.nix +++ b/home/xin/vscode.nix @@ -5,7 +5,7 @@ enableUpdateCheck = false; enableExtensionUpdateCheck = false; mutableExtensionsDir = false; - extensions = with inputs.nix-vscode-extensions.extensions.${system}.vscode-marketplace; [ + extensions = (with inputs.nix-vscode-extensions.extensions.${system}.vscode-marketplace; [ arrterian.nix-env-selector bbenoist.nix @@ -28,11 +28,16 @@ jnoortheen.nix-ide # Latex james-yu.latex-workshop + # Vue + vue.volar + + ms-vscode-remote.remote-ssh-edit + ]) ++ (with inputs.nixpkgs.legacyPackages.${system}.vscode-extensions; [ # Rust rust-lang.rust-analyzer - ms-vscode-remote.remote-ssh-edit - ]; + mkhl.direnv + ]); userSettings = { "workbench.colorTheme" = "Default Dark+"; "terminal.integrated.sendKeybindingsToShell" = true; diff --git a/machines/calcite/configuration.nix b/machines/calcite/configuration.nix index b7e615f..5590c30 100644 --- a/machines/calcite/configuration.nix +++ b/machines/calcite/configuration.nix @@ -46,12 +46,18 @@ LC_TIME = "en_US.utf8"; }; + i18n.inputMethod = { + enabled = "fcitx5"; + fcitx5.addons = with pkgs; [ fcitx5-rime ]; + }; + # Enable the X11 windowing system. services.xserver.enable = true; # Enable the GNOME Desktop Environment. services.xserver.displayManager.gdm.enable = true; services.xserver.desktopManager.gnome.enable = true; + services.xserver.windowManager.icewm.enable = true; # Configure keymap in X11 services.xserver = { @@ -88,6 +94,9 @@ services.xserver.displayManager.autoLogin.enable = true; services.xserver.displayManager.autoLogin.user = "xin"; + # Smart services + services.smartd.enable = true; + # Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229 systemd.services."getty@tty1".enable = false; systemd.services."autovt@tty1".enable = false; @@ -95,6 +104,7 @@ # Allow unfree packages nixpkgs.config.allowUnfree = true; nixpkgs.config.permittedInsecurePackages = [ + "openssl-1.1.1t" # For wechat-uos "electron-19.0.7" ]; @@ -116,10 +126,11 @@ grc - # ==== Development ==== # - # VCS + sops git-crypt + # ==== Development ==== # + jetbrains.jdk # patch jetbrain runtime java jetbrains.clion jetbrains.pycharm-professional @@ -174,9 +185,6 @@ qq config.nur.repos.xddxdd.wechat-uos - # Mail - thunderbird - # Password manager keepassxc @@ -189,10 +197,13 @@ obsidian zotero wpsoffice + onlyoffice-bin config.nur.repos.linyinfeng.wemeet virt-manager + + ghidra ]; programs.steam = { diff --git a/machines/calcite/network.nix b/machines/calcite/network.nix index f77ead5..16a1c94 100644 --- a/machines/calcite/network.nix +++ b/machines/calcite/network.nix @@ -3,11 +3,30 @@ { # Enable networking networking = { - nameservers = [ "127.0.0.1" "::1" ]; networkmanager = { enable = true; + dns = "systemd-resolved"; + # dns = "none"; + }; - resolvconf.useLocalResolver = true; + }; + + services.resolved = { + enable = true; + extraConfig = '' + [Resolve] + Domains=~. + DNS=114.114.114.114 1.1.1.1 + DNSOverTLS=opportunistic + ''; + }; + + # Configure network proxy if necessary + networking.proxy = { + allProxy = "socks5://127.0.0.1:7891/"; + httpProxy = "http://127.0.0.1:7890/"; + httpsProxy = "http://127.0.0.1:7890/"; + noProxy = "127.0.0.1,localhost,internal.domain,.coho-tet.ts.net"; }; # Enable Tailscale @@ -15,10 +34,13 @@ # services.tailscale.useRoutingFeatures = "both"; # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; + networking.firewall.allowedTCPPorts = [ ]; networking.firewall.allowedUDPPorts = [ 41641 ]; # Or disable the firewall altogether. # networking.firewall.enable = false; + networking.firewall.trustedInterfaces = [ + "tailscale0" + ]; programs.steam.remotePlay.openFirewall = true; @@ -34,4 +56,7 @@ }; # services.gnome.gnome-remote-desktop.enable = true; -} \ No newline at end of file + # services.xrdp.enable = true; + # services.xrdp.openFirewall = true; + # services.xrdp.defaultWindowManager = icewm; +} diff --git a/machines/clash.nix b/machines/clash.nix index 5001a80..1ba117e 100644 Binary files a/machines/clash.nix and b/machines/clash.nix differ diff --git a/machines/netdrives.nix b/machines/netdrives.nix new file mode 100644 index 0000000..8092196 --- /dev/null +++ b/machines/netdrives.nix @@ -0,0 +1,22 @@ +{ pkgs, config, ... }: +{ + sops.secrets = { + autofs-nas = { + owner = "davfs2"; + }; + autofs-nas-secret = { + path = "/etc/davfs2/secrets"; + }; + }; + fileSystems."/media/nas" = { + device = "https://home.xinyang.life:5244/dav"; + fsType = "davfs"; + options = [ + "uid=1000" + "gid=1000" + "rw" + "_netdev" + ]; + + }; +} \ No newline at end of file diff --git a/machines/raspite/configuration.nix b/machines/raspite/configuration.nix index 4e3c149..b178e9e 100644 --- a/machines/raspite/configuration.nix +++ b/machines/raspite/configuration.nix @@ -40,6 +40,11 @@ interfaces.eth0.useDHCP = true; }; + networking.proxy = { + default = "http://127.0.0.1:7890/"; + noProxy = "127.0.0.1,localhost,internal.domain,.coho-tet.ts.net"; + }; + services.openssh = { enable = true; }; diff --git a/machines/secrets.yaml b/machines/secrets.yaml index 95ec167..3d9bfee 100644 --- a/machines/secrets.yaml +++ b/machines/secrets.yaml @@ -1,4 +1,6 @@ clash_subscription_link: ENC[AES256_GCM,data:QwszQooTzHboIgIsbxcL1ZrVgOn91pKC8mMUSY7R0FB426ERiVPNyGWBy5ar4m0yk/XwcFLdFRmiWOrQG9mWsx9J6/tH7K8=,iv:zeDuLmDRUiCtKfUlpl1KJl62DP4DnQ2c6gOjpiHw+4c=,tag:w5AQIUC1p3nrwepdxH7Kkw==,type:str] +autofs-nas: ENC[AES256_GCM,data:wcrA2t8/i9PaxA1PQ3CDVJZUhVchGV4vCfa5j/ReNahKV3cfDf2owbpeB827sMpjYyyvSH6nri7mra/BLMAPcgySCpZNAgdR9DQZXAQ=,iv:QJzsS5a6vWeoBxkB13yXdVbyn0tt2QTvqj0LaHn6S2g=,tag:TtgubLgWBBzl67MVal5BvQ==,type:str] +autofs-nas-secret: ENC[AES256_GCM,data:OBh8h5CFv1Z4G6bMesna4zmXNASKhYdjFBvg47T9aKBCLDp/xVWnnQj8N7AFGg49wJ+0gYuqb33lIqpSnQ==,iv:UCaGeE8j4RqJzA0xhu3oB2xvzombzQD3fjLKCWd5fDg=,tag:+Oc78ddpLH7R2aT7gW3Ouw==,type:str] sops: kms: [] gcp_kms: [] @@ -32,8 +34,8 @@ sops: dWVDd2VSd213NmpYdDcvNUZXTHdzSDgKj68TLxSYYExtGg/hyuAiPqmdXPGIWzou DnCdBitTPPswI+BVwYufnGmHdt8xz5nofBxACWg/bS3NUTGFcnIPWQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-04-23T03:03:14Z" - mac: ENC[AES256_GCM,data:LxnM5wRjyV0VxOWm0/XDF6iVoe2PoJ/Ps8iW6mNI4JDDy8EK7pRElcU0W+IuOq09eUCBJ4KzIssbUTqumUtQHXIOhkCx0qrsf4XWsLnKNqteMwkDuWhQAiUgzGa4T0zD7B1chnos9J85rHGrGLZ9aGzC04hwUrADcw0HbxQIBm4=,iv:U2sYlCl8cppaJT8ldJhVoHj2NbTCanJyPblsO11/hBs=,tag:h8cE/+uNDz5CXoX29RKCgQ==,type:str] + lastmodified: "2023-04-25T04:49:58Z" + mac: ENC[AES256_GCM,data:Xig/sBJAEs9D6hsoeTAJ4CL156IrFLipacI7eHfBd79Lsa0IXPfLvVn/tVTIfEixmBA9QKkQ9QYjTFVZNr0BTRqHC/C7izgZbOBn73EE+KXYLQEiZ4RbgRfrFb8gU2/uSWXGZEO6YELuom9BEXWCMp0HTS+MQTKk8Tz20/hVyV4=,iv:Uq74PG7DDanb5WpcXUdylT8LW4ERlEsT8YX0BxZdo8w=,tag:7zKveIEJjh0Yc2fLKsTUjA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3