fix: update hyprpanel scripts

Signed-off-by: gwg313 <gwg313@pm.me>

common/nixos/common.nix

@@ -33,6 +33,7 @@
   nix = {
     settings = {
       substituters = [
+        "https://cache.gwg313.xyz/mycache?priority=5"
         "https://cache.nixos.org?priority=10"
         "https://hyprland.cachix.org"
         "https://nix-community.cachix.org"
@@ -40,6 +41,7 @@
         "https://numtide.cachix.org"
       ];
       trusted-public-keys = [
+        "mycache:ovUjiiyQNUGjK8yZA4dPV1f8tIfCZrGIubdWvWpdvtc="
         "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
         "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
         "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
@@ -58,7 +60,6 @@
       dates = "daily";
       options = "--delete-older-than 14d";
     };
-
   };
 
   services = {

common/nixos/nfs.nix

@@ -11,17 +11,6 @@
 
   config = lib.mkIf config.nfs.enable {
     fileSystems = {
-      "/media" = {
-        device = inputs.secrets.nfs.devices.media;
-        fsType = "nfs";
-        options = [
-          "x-systemd.automount"
-          "noauto"
-          "x-systemd.after=network-online.target"
-          "x-systemd.mount-timeout=90"
-        ];
-      };
-
       "/books" = {
         device = inputs.secrets.nfs.devices.books;
         fsType = "nfs";
@@ -44,8 +33,8 @@
         ];
       };
 
-      "/projects" = {
-        device = inputs.secrets.nfs.devices.projects;
+      "/personal" = {
+        device = inputs.secrets.nfs.devices.personal;
         fsType = "nfs";
         options = [
           "x-systemd.automount"

common/style/vars/vars.nix

@@ -89,9 +89,6 @@
     };
 
     polarity = "light";
-    image = pkgs.fetchurl {
-      url = "https://raw.githubusercontent.com/anotherhadi/awesome-wallpapers/refs/heads/main/app/static/wallpapers/black-and-white-forest_minimalist_black-and-white.png";
-      sha256 = "sha256-MOlLRQonZ6UAaSJlysjL8snxnMrSFH9VOLrjXaU82Kw=";
-    };
+    image = ../../../wallpapers/ign_circuit.png;
   };
 }

home-manager/modules/common.nix

@@ -26,6 +26,7 @@
   home.packages =
     with pkgs;
     [
+      attic-client
       ncdu
       minio-client
 

home-manager/modules/hyprland/bindings.nix

@@ -16,17 +16,25 @@
         ",switch:Lid Switch, exec, ${pkgs.hyprlock}/bin/hyprlock" # Lock when closing Lid
         # "$mod, RETURN, exec, ${pkgs.alacritty}/bin/alacritty"
         "$mod, RETURN, exec, ${pkgs.kitty}/bin/kitty"
+        "$mod,E, exec,  uwsm app -- ${pkgs.xfce.thunar}/bin/thunar" # Thunar
         "$shiftMod,SPACE, exec, hyprfocus-toggle" # Toggle HyprFocus
         "$mod, Q, killactive"
         "SUPER_SHIFT, Q, exec, ${pkgs.wlogout}/bin/wlogout"
         "$mod, SPACE, exec, pkill fuzzel || ${pkgs.fuzzel}/bin/fuzzel" # pkill or allows for toggle
-        "SUPER_SHIFT, SPACE, togglefloating"
+        "$mod,T, togglefloating," # Toggle Floating
         # "$mod, F, fullscreen"
         "$mod,F, fullscreen" # Toggle fullscreen
         "$mod, L, exec, ${pkgs.hyprlock}/bin/hyprlock"
         "$mod, B, exec, ${pkgs.grim}/bin/grim \"desktop-$(${pkgs.busybox}/bin/date +\"%Y%m%d%H%m\").png"
         "SUPER_SHIFT, B, exec, ${pkgs.grim}/bin/grim -g \"$(${pkgs.slurp}/bin/slurp -d)\" - | ${pkgs.wl-clipboard}/bin/wl-copy" # Screenshot selection directly to clipboard
 
+        "$shiftMod,T, exec, hyprpanel-toggle" # Toggle hyprpanel
+
+        "$shiftMod,up, focusmonitor, -1" # Focus previous monitor
+        "$shiftMod,down, focusmonitor, 1" # Focus next monitor
+        "$shiftMod,left, layoutmsg, addmaster" # Add to master
+        "$shiftMod,right, layoutmsg, removemaster" # Remove from master
+
         # move focus
         "$mod, left, movefocus, l"
         "$mod, right, movefocus, r"

home-manager/modules/hyprland/default.nix

@@ -25,7 +25,6 @@ in
     ./hyprspace.nix
     ./hyprpanel.nix
     ./hyprlock.nix
-    ../gammastep.nix
   ];
 
   home.packages = with pkgs; [
@@ -76,6 +75,8 @@ in
 
       monitor = [
         "eDP-2,highres,0x0,1" # My internal laptop screen
+        "DP-1, highres, 0x0,1"
+        "HDMI-A-1, highres, auto-right,1"
         ",prefered,auto,1" # default
       ];
 

home-manager/modules/ssh.nix

@@ -51,6 +51,12 @@
         user = "root";
         identityFile = "/home/gwg313/.ssh/colmena/id_ed25519";
       };
+
+      "vault-tec" = {
+        hostname = "10.1.10.13";
+        user = "root";
+        identityFile = "/home/gwg313/.ssh/colmena/id_ed25519";
+      };
     };
   };
 }

home-manager/scripts/hyprpanel/default.nix

@@ -9,31 +9,31 @@
 { pkgs, ... }:
 let
   hyprpanel-toggle = pkgs.writeShellScriptBin "hyprpanel-toggle" ''
-    hyprpanel -t bar-0
-    hyprpanel -t bar-1
-    hyprpanel -t bar-2
-    hyprpanel -t bar-3
+    hyprpanel toggleWindow bar-0
+    hyprpanel toggleWindow bar-1
+    hyprpanel toggleWindow bar-2
+    hyprpanel toggleWindow bar-3
   '';
 
   hyprpanel-hide = pkgs.writeShellScriptBin "hyprpanel-hide" ''
     status=$(hyprpanel -r "isWindowVisible('bar-0')")
     if [[ $status == "true" ]]; then
-      hyprpanel -t bar-0
+      hyprpanel toggleWindow bar-0
     fi
     status=$(hyprpanel -r "isWindowVisible('bar-1')")
     if [[ $status == "true" ]]; then
-      hyprpanel -t bar-1
+      hyprpanel toggleWindow bar-1
     fi
   '';
 
   hyprpanel-show = pkgs.writeShellScriptBin "hyprpanel-show" ''
     status=$(hyprpanel -r "isWindowVisible('bar-0')")
     if [[ $status == "false" ]]; then
-      hyprpanel -t bar-0
+      hyprpanel toggleWindow bar-0
     fi
     status=$(hyprpanel -r "isWindowVisible('bar-1')")
     if [[ $status == "false" ]]; then
-      hyprpanel -t bar-1
+      hyprpanel toggleWindow bar-1
     fi
   '';
 

hosts/vault-tec/attic.nix

@@ -0,0 +1,73 @@
+{ config, ... }:
+{
+  users.users.atticd = {
+    isSystemUser = true;
+    group = "atticd";
+  };
+  users.groups.atticd = { };
+  sops.secrets.attic-access-key = { };
+  sops.secrets.attic-secret-key = { };
+  sops.secrets.attic-jwt-secret = { };
+
+  sops.templates."atticd.env" = {
+    content = ''
+      # AWS_ACCESS_KEY_ID=${config.sops.placeholder."attic-access-key"}
+      # AWS_SECRET_ACCESS_KEY=${config.sops.placeholder."attic-secret-key"}
+      ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64=${config.sops.placeholder."attic-jwt-secret"}
+    '';
+    path = "/etc/atticd.env";
+    owner = "atticd";
+    group = "atticd";
+    mode = "0400";
+  };
+
+  # Load it in systemd
+  systemd.services.atticd.serviceConfig = {
+    EnvironmentFile = "/etc/atticd.env";
+  };
+  services.atticd = {
+    enable = true;
+
+    # Replace with absolute path to your environment file
+    environmentFile = "/etc/atticd.env";
+
+    settings = {
+      listen = "127.0.0.1:8080";
+
+      jwt = { };
+      storage = {
+        type = "local";
+        path = "/cache";
+      };
+      # storage = {
+      #   type = "s3";
+      #   region = "us-east-1";
+      #   bucket = "attic-cache";
+      #   endpoint = "https://s3.gwg313.xyz";
+      # };
+
+      # Data chunking
+      #
+      # Warning: If you change any of the values here, it will be
+      # difficult to reuse existing chunks for newly-uploaded NARs
+      # since the cutpoints will be different. As a result, the
+      # deduplication ratio will suffer for a while after the change.
+      chunking = {
+        # The minimum NAR size to trigger chunking
+        #
+        # If 0, chunking is disabled entirely for newly-uploaded NARs.
+        # If 1, all NARs are chunked.
+        nar-size-threshold = 64 * 1024; # 64 KiB
+
+        # The preferred minimum size of a chunk, in bytes
+        min-size = 16 * 1024; # 16 KiB
+
+        # The preferred average size of a chunk, in bytes
+        avg-size = 64 * 1024; # 64 KiB
+
+        # The preferred maximum size of a chunk, in bytes
+        max-size = 256 * 1024; # 256 KiB
+      };
+    };
+  };
+}

hosts/vault-tec/cache.nix

@@ -0,0 +1,15 @@
+{
+  atticCacheName ? "mycache",
+  cacheURLs ? [
+    "http://attic.lan:8080"
+    "http://attic.zt:8080"
+  ],
+}:
+{
+  nix.settings = {
+    substituters = map (url: "${url}/${atticCacheName}") cacheURLs;
+    trusted-public-keys = [
+      "${atticCacheName}:AbCdEfGhIjKlMnOpQrStUvWxYz1234567890="
+    ];
+  };
+}

hosts/vault-tec/configuration.nix

@@ -0,0 +1,115 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+{
+  config,
+  pkgs,
+  lib,
+  inputs,
+  ...
+}:
+{
+  # sops
+  sops = {
+    defaultSopsFile = ../../secrets/secrets.yaml;
+    defaultSopsFormat = "yaml";
+    age.keyFile = "/home/gwg313/.config/sops/age/keys.txt";
+  };
+  imports = [
+    # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+    ../../common/nixos/ssh/default.nix
+    inputs.sops-nix.nixosModules.sops
+    ./traefik.nix
+    ./attic.nix
+  ];
+
+  ssh.enable = true;
+  ssh_guard.enable = true;
+  ssh_client.enable = false;
+  services.openssh.authorizedKeysFiles = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINvOfDSjlvegGqfUS18XwXB7SvS2n9/hGYUpKxRb9vgb gwg313@pm.me"
+  ];
+  services.openssh.settings = {
+    PermitRootLogin = lib.mkForce "yes";
+
+    AllowUsers = lib.mkForce [
+      "gwg313"
+      "root"
+    ];
+  };
+
+  users.users.gwg313 = {
+    isNormalUser = true;
+    description = "gwg313";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINvOfDSjlvegGqfUS18XwXB7SvS2n9/hGYUpKxRb9vgb gwg313@pm.me"
+    ];
+    extraGroups = [
+      "networkmanager"
+      "wheel"
+    ];
+    packages = with pkgs; [ ];
+  };
+
+  users.users = {
+    root = {
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINvOfDSjlvegGqfUS18XwXB7SvS2n9/hGYUpKxRb9vgb gwg313@pm.me"
+      ];
+    };
+  };
+
+  # Bootloader.
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "vault-tec"; # Define your hostname.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+  # Enable networking
+  networking.networkmanager.enable = true;
+  # Set your time zone.
+  time.timeZone = "America/Toronto";
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_CA.UTF-8";
+  # Configure keymap in X11
+  services.xserver.xkb = {
+    layout = "us";
+    variant = "";
+  };
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+    #  wget
+  ];
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
+  # List services that you want to enable:
+  # Enable the OpenSSH daemon.
+  # services.openssh.enable = true;
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "24.11"; # Did you read the comment?
+}

hosts/vault-tec/hardware-configuration.nix

@@ -0,0 +1,63 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "ahci"
+    "xhci_pci"
+    "usb_storage"
+    "usbhid"
+    "ums_realtek"
+    "sd_mod"
+    "sdhci_pci"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/6e483d16-1ff2-46bf-9354-de38b2a9408b";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/9F91-DC0C";
+    fsType = "vfat";
+    options = [
+      "fmask=0077"
+      "dmask=0077"
+    ];
+  };
+
+  fileSystems."/cache" = {
+    device = "/dev/disk/by-label/attic-cache";
+    fsType = "ext4"; # or "xfs"
+    neededForBoot = false;
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/97f01621-992c-4af4-8646-15e13d9c2c66"; }
+  ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/vault-tec/routes.nix

@@ -0,0 +1,20 @@
+{
+  imports = [
+    ./services.nix
+  ];
+  services.traefik = {
+    dynamicConfigOptions = {
+      http = {
+        routers = {
+          attic_local = {
+            entryPoints = [ "websecure" ];
+            rule = "Host(`cache.gwg313.xyz`)";
+            service = "attic_local";
+            tls.certResolver = "le";
+            middlewares = [ "headers" ];
+          };
+        };
+      };
+    };
+  };
+}

hosts/vault-tec/services.nix

@@ -0,0 +1,15 @@
+{
+  services.traefik = {
+    dynamicConfigOptions = {
+      http = {
+        services = {
+          attic_local.loadBalancer.servers = [
+            {
+              url = "http://127.0.0.1:8080";
+            }
+          ];
+        };
+      };
+    };
+  };
+}

hosts/vault-tec/traefik.nix

@@ -0,0 +1,140 @@
+# Traefik
+{ config, ... }:
+{
+  imports = [
+    ./routes.nix
+  ];
+  sops.secrets.cf-api-token = {
+    mode = "0440";
+    owner = config.users.users.traefik.name;
+    group = config.users.users.traefik.group;
+  };
+
+  systemd.services.traefik.environment = {
+    CF_DNS_API_TOKEN_FILE = "${config.sops.secrets.cf-api-token.path}";
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+
+  services.traefik = {
+    enable = true;
+    staticConfigOptions = {
+      serversTransport = {
+        insecureSkipVerify = true;
+        forwardingTimeouts = {
+          dialTimeout = "30s";
+          responseHeaderTimeout = "600s";
+          idleConnTimeout = "120s";
+        };
+      };
+      entryPoints = {
+        web = {
+          address = ":80";
+          http = {
+            redirections = {
+              entryPoint = {
+                to = "websecure";
+                scheme = "https";
+              };
+            };
+          };
+        };
+        websecure = {
+          address = ":443";
+          http = {
+            tls = {
+              options = "default";
+            };
+          };
+
+          transport = {
+            respondingTimeouts = {
+              readTimeout = 0;
+            };
+          };
+        };
+      };
+      api = {
+        dashboard = true;
+      };
+      certificatesResolvers = {
+        le = {
+          acme = {
+            email = "glen.goodwin@protonmail.com";
+            storage = "/var/lib/traefik/acme.json";
+            dnsChallenge = {
+              provider = "cloudflare";
+              resolvers = [ "1.1.1.1:53" ];
+            };
+          };
+        };
+      };
+      # log = {
+      #   level = "DEBUG";
+      #   filePath = "/var/log/traefik/traefik.log";
+      # };
+      #
+      # accessLog = {
+      #   filePath = "/var/log/traefik/access.log";
+      #   bufferingSize = 0;
+      #   filters = {};
+      #   fields = {
+      #     defaultMode = "keep";
+      #     names = {
+      #       StartUTC = "drop";
+      #     };
+      #   };
+      # };
+    };
+    dynamicConfigOptions = {
+      http = {
+        routers = {
+          dashboard = {
+            rule = "Host(`monitor.local.gwg313.xyz`)";
+            service = "api@internal";
+            middlewares = [
+              # "auth"
+              "headers"
+            ];
+            entrypoints = [ "websecure" ];
+            tls = {
+              certResolver = "le";
+            };
+          };
+        };
+        middlewares = {
+          headers = {
+            headers = {
+              browserxssfilter = true;
+
+              contenttypenosniff = true;
+              customframeoptionsvalue = "SAMEORIGIN";
+              forcestsheader = true;
+              framedeny = true;
+              sslhost = "gwg313.xyz";
+              sslredirect = true;
+              stsincludesubdomains = true;
+              stspreload = true;
+              stsseconds = "315360000";
+            };
+          };
+        };
+      };
+      tls = {
+        options = {
+          default = {
+            minVersion = "VersionTLS13";
+            sniStrict = true;
+            curvePreferences = [
+              "CurveP521"
+              "CurveP384"
+            ];
+          };
+        };
+      };
+    };
+  };
+}