stuff

2025-01-15 13:28:20 -05:00 · 2025-01-15 13:28:20 -05:00 · 42a0bf27e0
commit 42a0bf27e0
parent badcf3aa40
24 changed files with 2870 additions and 392 deletions
--- a/hosts/candlekeep/configuration.sync-conflict-20240508-115349-N2TYFZ4.nix
+++ b/hosts/candlekeep/configuration.sync-conflict-20240508-115349-N2TYFZ4.nix
@ -1,135 +0,0 @@
-# This is your system's configuration file.
-# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
-{
-  inputs,
-  outputs,
-  lib,
-  config,
-  pkgs,
-  user,
-  ...
-}:
-{
-  # You can import other NixOS modules here
-  imports = [
-    # If you want to use modules your own flake exports (from modules/nixos):
-    # outputs.nixosModules.example
-    ../../common/nixos/common.nix
-    ../../common/nixos/laptop.nix
-    ../../common/networking/default.nix
-    ../../common/nixos/bluetooth.nix
-    ../../common/nixos/restic.nix
-    ../../common/nixos/ssh/default.nix
-    ../../common/gui/hyprland.nix
-    ../../common/gui/default.nix
-    ../../common/style/stylix.nix
-    ../../common/virtualization/default.nix
-    ../../common/nixos/sysctl/default.nix
-
-    ./auditd.nix
-    ./kernel.nix
-    ./sysctl.nix
-    ./earlyoom.nix
-    ./syncthing.nix
-
-    # Or modules from other flakes (such as nixos-hardware):
-    # inputs.hardware.nixosModules.common-cpu-amd
-    # inputs.hardware.nixosModules.common-ssd
-    inputs.nix-index-database.nixosModules.nix-index
-    inputs.stylix.nixosModules.stylix
-    inputs.sops-nix.nixosModules.sops
-    # You can also split up your configuration and import pieces of it here:
-    # ./users.nix
-
-    # Import your generated (nixos-generate-config) hardware configuration
-    ./hardware-configuration.nix
-  ];
-
-  ssh.enable = true;
-  ssh_guard.enable = true;
-
-  # Bootloader.
-  boot = {
-    loader = {
-      systemd-boot.enable = true;
-      efi.canTouchEfiVariables = true;
-    };
-    initrd.luks.devices."luks-b13379b3-2025-4d55-a40a-c0f3ad8ec801".device = "/dev/disk/by-uuid/b13379b3-2025-4d55-a40a-c0f3ad8ec801";
-  };
-
-  # sops
-  sops = {
-    defaultSopsFile = ../../secrets/secrets.yaml;
-    defaultSopsFormat = "yaml";
-    age.keyFile = "/home/${user}/.config/sops/age/keys.txt";
-  };
-
-  nixpkgs = {
-    # You can add overlays here
-    overlays = [
-      # Add overlays your own flake exports (from overlays and pkgs dir):
-      outputs.overlays.additions
-      outputs.overlays.modifications
-      outputs.overlays.unstable-packages
-
-      # You can also add overlays exported from other flakes:
-      # neovim-nightly-overlay.overlays.default
-
-      # Or define it inline, for example:
-      # (final: prev: {
-      #   hi = final.hello.overrideAttrs (oldAttrs: {
-      #     patches = [ ./change-hello-to-hi.patch ];
-      #   });
-      # })
-    ];
-    # Configure your nixpkgs instance
-    config = {
-      # Disable if you don't want unfree packages
-      allowUnfree = true;
-    };
-  };
-
-  # This will add each flake input as a registry
-  # To make nix3 commands consistent with your flake
-  nix.registry = (lib.mapAttrs (_: flake: { inherit flake; })) (
-    (lib.filterAttrs (_: lib.isType "flake")) inputs
-  );
-
-  # This will additionally add your inputs to the system's legacy channels
-  # Making legacy nix commands consistent as well, awesome!
-  nix.nixPath = [ "/etc/nix/path" ];
-  environment.etc = lib.mapAttrs' (name: value: {
-    name = "nix/path/${name}";
-    value.source = value.flake;
-  }) config.nix.registry;
-
-  networking.hostName = "candlekeep";
-  networking.networkmanager.enable = true;
-
-  users.users = {
-    gwg313 = {
-      initialPassword = "correcthorsebatterystaple";
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILq54YrM3BbhBs0oDLOrc1bkg6FCCmkV4E3pWLZp0ejN gwg313@pm.me"
-      ];
-      extraGroups = [ "wheel" ];
-    };
-  };
-
-  environment = {
-    loginShellInit = ''
-      if [ -z $DISPLAY ] && [ "$(tty)" = "/dev/tty1" ]; then
-        exec Hyprland
-      fi
-    ''; # Will automatically open Hyprland when logged into tty1
-    variables = {
-      TERMINAL = "alacritty";
-      EDITOR = "nvim";
-      VISUAL = "nvim";
-      PAGER = "moar";
-    };
-  };
-  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
-  system.stateVersion = "23.05";
-}
--- a/hosts/candlekeep/earlyoom.nix
+++ b/hosts/candlekeep/earlyoom.nix
@ -3,6 +3,7 @@
    enable = true;
    freeSwapThreshold = 2;
    freeMemThreshold = 2;
+    enableNotifications = true;
    extraArgs = [
      "-g"
      "--avoid '^(.Hyrpland-wrapp|alacritty|zerotier-one|.waybar-wrapped)$'"
--- a/hosts/candlekeep/kernel.nix
+++ b/hosts/candlekeep/kernel.nix
@ -3,8 +3,9 @@
  pkgs,
  stdenv,
  ...
-}: {
-  boot.kernelPackages = pkgs.linuxPackages_hardened;
+}:
+{
+  # boot.kernelPackages = pkgs.linuxPackages_hardened;
  boot.kernelParams = [
    # Disable slab merging to prevent heap exploitation
    "slab_nomerge"
--- a/hosts/grymforge/syncthing.nix
+++ b/hosts/grymforge/syncthing.nix
@ -19,7 +19,7 @@
    settings = {
      devices = {
        "candlekeep" = {
-          id = "762A3TK-Z3ZX6DG-V4VASMJ-H6DJHE5-PBD6YZQ-MPILUWT-E7EY4O7-4EAPHAX";
+          id = "OREQCG7-JQMPCU4-HWFEQVM-7C6VYSC-A25I3PD-BYQ6RSU-7FQGDFX-SJDPGQY";
        };
      };