diff --git a/home-manager/nathan/programs/hyprland/default.nix b/home-manager/nathan/programs/hyprland/default.nix index 23f1c2b..8f51447 100644 --- a/home-manager/nathan/programs/hyprland/default.nix +++ b/home-manager/nathan/programs/hyprland/default.nix @@ -15,28 +15,16 @@ pyprland ]; - wayland.windowManager.hyprland = { - - enable = true; - - systemd = { - enable = true; - variables = [ "--all" ]; - }; - - extraConfig = let - monitor = if config.homeconfig.host == "laptop" then '' - monitor=eDP-1,1920x1080@60,0x0,1 - '' else if config.homeconfig.host == "homebox" then '' - monitor=HDMI-A-2,1920x1080@60,0x0,1 - monitor=HEADLESS-2,1920x1080@60,0x0,1 - exec-once=kitty -e tmux new-session -s hypr - '' else ''''; - in '' - source = /home/nathan/.config/hypr/main.conf - '' + monitor; - - }; + home.file.".config/hypr/hyprland.conf".text = let + monitor = if config.homeconfig.host == "laptop" then '' + monitor=eDP-1,1920x1080@60,0x0,1 + '' else if config.homeconfig.host == "homebox" then '' + monitor=HDMI-A-2,1920x1080@60,0x0,1 + monitor=HEADLESS-2,1920x1080@60,0x0,1 + exec-once=kitty -e tmux new-session -s hypr + '' else ''''; + in '' + source = /home/nathan/.config/hypr/main.conf + '' + monitor; }; - } diff --git a/system-config/configuration/container-nathan/default.nix b/system-config/configuration/container-nathan/default.nix new file mode 100644 index 0000000..827f554 --- /dev/null +++ b/system-config/configuration/container-nathan/default.nix @@ -0,0 +1,149 @@ +{ config, pkgs, lib, inputs, ... }: + +{ + imports = + [ + + inputs.sops-nix.nixosModules.sops + + inputs.home-manager.nixosModules.default + + ]; + + services = { + xserver = { + #enable = true; + videoDrivers = ["nvidia"]; + }; + displayManager = { + enable = true; + defaultSession = "hyprland"; + autoLogin = { + enable = true; + user = "nathan"; + }; + }; + pulseaudio.enable = false; + }; + + systemd.extraConfig = "DefaultLimitNOFILE=2048"; + + environment.sessionVariables = { + WLR_BACKENDS = "headless"; + WLR_LIBINPUT_NO_DEVICES = "1"; + }; + + programs.zsh.enable = true; + environment.shells = with pkgs; [ zsh ]; + users.defaultUserShell = pkgs.zsh; + + nixpkgs.config.allowUnfree = true; + + # Set your time zone. + time.timeZone = "America/Chicago"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + services.displayManager.sddm.settings.AutoLogin = { + User = "nathan"; + Session = "hyprland"; + Relogin = true; + }; + + networking = { + hostName = "container"; + nameservers = [ "1.1.1.1" "1.0.0.1" ]; + networkmanager.enable = true; + }; + + system.stateVersion = "25.05"; # Did you read the comment? + + users.users."nathan" = { + isNormalUser = true; + initialPassword = "7567"; +#hashedPasswordFile = config.sops.secrets."nathan/pass".path; + extraGroups = [ + "wheel" + ]; # Enable ‘sudo’ for the user. + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop" + ]; + }; + + nix = { + nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; + settings = { + experimental-features = [ "nix-command" "flakes" ]; + }; + }; + + sops = { + age.keyFile = "/home/nathan/.config/sops/age/keys.txt"; + defaultSopsFile = ./secrets.yaml; + defaultSopsFormat = "yaml"; + + secrets = { + "nathan/pass" = { + neededForUsers = true; + }; + }; + }; + + programs.fuse.userAllowOther = true; + + home-manager = { + backupFileExtension = "backup"; + extraSpecialArgs = {inherit inputs;}; + users = { + "nathan" = lib.mkMerge [ + inputs.nathan-home-manager + { + config.homeconfig = { + host = "homebox"; + minimal = false; + wayvnc.enable = true; + impermanence.enable = true; + hyprland.enable = true; + swaylock.enable = true; + wal.enable = true; + mpd.enable = true; + ags.enable = true; + calcurse.enable = true; + rofi.enable = true; + firefox.enable = true; + }; + } + ]; + }; + }; + + sysconfig = { + opts = { + novnc.enable = true; + sddm.enable = true; + openssh.enable = true; + pipewire.enable = true; + ags.enable = true; + hyprland.enable = true; + git.enable = true; + nh.enable = true; + netbird.enable = true; + }; + }; + + fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; + +} diff --git a/system-config/configuration/container-nathan/secrets.yaml b/system-config/configuration/container-nathan/secrets.yaml new file mode 100644 index 0000000..8ef55cc --- /dev/null +++ b/system-config/configuration/container-nathan/secrets.yaml @@ -0,0 +1,41 @@ +nathan: + pass: ENC[AES256_GCM,data:hAqmFg==,iv:iw85yox2jdlpvF+a4c0wsXlN6rFd75Yf32nuove91hA=,tag:eoFowxaNogmwElnBs5vYGA==,type:str] +authentik: + pass: ENC[AES256_GCM,data:pTjpwRgdUVU5543T199P7Zoy,iv:93WpIK6qq+A1LhaQdBvMQ4jzuAOmMUt575y/p8m8Ugk=,tag:jTg/JED3vpdOVHF8LdIyLg==,type:str] + secret_key: ENC[AES256_GCM,data:tIWDGtB/z7Ysizz9FPQJe2EeSTAxDPkeHJnaDfytDvbqvRaiCgg7qGpEF6hAQFdZ,iv:gloup5aI0qY+SYJt8V6lvUdE+18IWH09BXtz8dRi6JE=,tag:vFwF9h1Rsa/X1bjvdSRSfQ==,type:str] +pihole: + pass: ENC[AES256_GCM,data:hintZA==,iv:HA5K8mHYlLtf5s8iaLI/QRolYgcKwG8DWCH+LXnWI4k=,tag:DlnXxG0n9dBVpk2kILlPKg==,type:str] +gitea: + dbpass: ENC[AES256_GCM,data:hVRLXACRECNSnXRn8BEP0ZFT,iv:zuIvzStek6OEu+P4Nh8Wsq9eRVt/zP8KGVXYZWjSvW0=,tag:m4t8vKNGhz8NqkDWbCRgnA==,type:str] +keycloak: + dbpass: ENC[AES256_GCM,data:tc4wIAqzY7nonBhz8s+YdAux,iv:Wg0b0/xnl6cANLTOJWBsX+gw1iF8Q/GvO/iKyKwqJrM=,tag:LORKRmo4RjcrVbPNhk2A9Q==,type:str] +netbird: + coturnPass: ENC[AES256_GCM,data:zB6P9RyTTKkXEOIhOyeJuF4Y,iv:8SWVfcdmMnXQJxezu3uanrlmFhR+hxXEJ3T7KA+YZqE=,tag:1H21K3kbZOuLOdN2zufWJw==,type:str] +gitlab: + db_pass: ENC[AES256_GCM,data:N3KvXkXql/PDjxZSpGo/Apr/,iv:OOzhR4BEmV3T01PA50vqdJMg7D2OGKHn/8hiqKEaOd4=,tag:jzdonXH/D/5kZ5Cld2W//w==,type:str] + root_pass: ENC[AES256_GCM,data:bALaUkoJw3N0ugZP/4MCnEsD,iv:LJdJpXlyzA6o00UVlK+l5WCCFIL/sT/fQNjI8wA5LAg=,tag:BYk1o/rjubyEpeHbgYA1Sg==,type:str] + secrets: + secret: ENC[AES256_GCM,data:3/26giCD58RErtEDxQ90KxRl3aa8oH4co2Urw21r7hHCKaoSti1VpYoBtlvHdr5j,iv:SwliwLWSFfTZoc31JSm9YKBDGKiPQE7ujkiGaZmCQUc=,tag:2KT5BpJukixvhb6tnZb6lw==,type:str] + otp: ENC[AES256_GCM,data:RWOkQVPRsrJgPVtx49hiWRMAxVOszKxaDl40XQDL+QoDuoZi03wSxHiu4Ix9X2BR,iv:uO+CTR5S4r1q7n1ycQw0hYdu8JflSrvkgLiBbCmT8mk=,tag:gqCwNOqD78lFtgxUPyUw3A==,type:str] + db: ENC[AES256_GCM,data:rF4IIp1uFSGa67LVm8fy4/qFOmZLInRcG2IAfnuZG3+xtS9Z2RXpNcTZNFBDdOaD,iv:/KYwf3ZH6w48L49rY/FmaGQOt3jGdOUTZ9vFhmLZG60=,tag:f38iYIgpgdjWF34qD1fz2w==,type:str] + jws: ENC[AES256_GCM,data:C+GVDeO319QGjq2+fBMr1LaY6/6Tuz6jWomkvFVul6ydJjmMFO3A9dYI66WWY6g2iZgYEWDKUikW1qDK5sGgU5ZAZzaqS01LUsSsPHUcMqIg/AjtcRfaEvHYODYPPSEwdISzhceDaim8yqhrNTIOHUHvOxcILvtUmsI61hNfVSnOQbqifIJDgGP7bKaf96t8+qcBvp/UBwP1qHj/m4jD83yc8Pdih+ZuPmyNdo3Ew0nbLTykYVX3XsrO1RlJ/Gp+KPfRSJzVGAnqUKr8mI+32LUpXSJ96bEGA67/blSh1dbBxSVo3K83aZYuY6vvXb+Et6qd4piZYKGCxA+waSrTkYHvSgS5vJRbCGWauXKCYFASxxqmdJ3cu+rbphbshBVA3SIPHhZxun6BWaP0qTYZyfB/YsSU4J+kYiE3UEYX9GYEAY9bsO89IYZSsTsmYke2EI4KMcjyUFstZ2WTYqCpwJ6CMAuerDEMHP6N3xCO5MVDZfE4sKKHpfSCVQg8ak7IxV+3jZvZi2tUbvZZf/tYORzPeTUSEpcC4cGwwAJd3XKUetaiuDwQVkLa13xotfL0d+Lwc6eZil0e/sureLqvQM6kpWhK7yscu2hKGOzxx/OZClry2Uyc1fL5iWWxvM8Djg+ShoAS5m3Nt0R+mcLdgaylkZvMl9gNWFO1uzlnhGnJQtekVaXCJ9f9QZt5RizJYwM9pMKhSDTZ0vd4y69iZpz3YXhKtkvYX02RIFtTiqsbyU0pXVjK0SpKsb5T+yphacGeZRwQS9QadW9dE6xQsxwwYC//swm5l6ke+DyZrcsc/J+MBHFuN71D2st+jtfywZYg/YT9EcCFOMjqEgfDq7YICgyqfqRGAdVWQy660T5Mi+gYKcHqbYXaaB3VNL2RGIu/uybih/7ynGRM2+0ro9oKJ+fEbdi1alSFFJ0IvA5lU6XHd2CSyizEC9ak+HBLkYeSqOPfItfLH82jRiUtrY5u4fIlioLQTA1aKHax6q8cIf30FCGenhjM6jMj2WpXKI16+1xK9Om9mg94YmFjM+erQh3o/fbPuMbkNaNJQwabupshBK2h3caaE0cDUnDukUFUANHz9q5LVxSkw39GTjGpovxQJiZHbSdeIC/AzFXRVA1ojhzkeuefygdP27Aa+fLjEBn2x8AcdhyP1n8lQyjy0Wnxq9hJDbVXJF93FIdcCmF/JGejgHcr3YZUMY4OFG9gzISDEdgR99fYvKM+A9Pj2JNtCQ5iKCctg5opIEKA1z4RIpRQs0KmXq3JgjWhU1LeOWaX2YzS5rCJWyhxnTJXGk4a/cMvhbLRjFOKcDNNMp8yJrXk1pth7nFOJ4Put6o67jtjbgpgnPuEdelnXEEaReCfJEo2z8zka63kYqbIvcG4W2pKwsA4tT0QctVwltRdYU8YyKuOpQJtKvVdlZL0oxOwxPioTT8fOebRBaecKhQKF4fp9UGlE/GStud6oFSbN685U2TKihvYNmfLRSWQk1Y/APyCRlhOmhFLaIzJxogdlKzpg4AEg/2SRoEZPsqyZThI8uhCIT1qG0UBiZBTjey322fsEEZtNxO5nX/JeBDOVty3sIGs1OKBTjMXSZ+nzU9AIH6dek9Bz+Fix7a90IkQUB5xtgrIYgCH34L4a0o1jWy5bzT9fl53VnbzrICcT/wdRU/GznYYjxlF2uRBKIu7s0glDmsPXCZuorqvJlr2hySgN/hJKOlrCghraUD14pRk4OfRVKULkPQ7betgaCVbsihXplodrAgJ0BdIbf3tKRC8Ghx8+mYAWNXj+PtWBydEjEirCH70SJu53gjF5mNgl2EIaHNK7jqBgXhDr2/7uH97Tl+S9ue+TDlpr067T5JAqU3fOqq+ZS4wqEvqMYRfXd/V2FjNbBpoH8UW6pMuFaM06DBI+6p9O9xBl1eP3Sy3vrBwK2pCwLbi0LdJ2apQTl/51ZXp2xaaUAAh1Fu/bM21V7ENa5sGxpSTYwdSLyPnd8usqECw9W1XDNUI2EmJnp9AelD/joNwuL6U7pydrNUCguCjxHfbd+m0vc/te53GerJlSXbjEWz53f3RjSB90AaA6sOGhi1BFiHYSAjzMdqVSj4M68r+UF3YIuEuoaOzrVrkb5st3tYD0dz+ORhxo44aKEzgohseha5fg0wcTz9orqkeP/FyoOeItG2UwNVAWWGh/lBtXh8c4ILUMolZ1m2DWiYj/pyDvODVnP96u6TvyMC0H8aolgGHn7nDMTi+mCIvNFQYeXdVrRCpWS9aQik=,iv:cxdargXx2a7pET7BjCSZ/yXL7AnxNqncyDQ7CR3E3AA=,tag:2xKXfhBjynDqlvH377lpSA==,type:str] + oidc: + id: ENC[AES256_GCM,data:b6o2cCCSXJ5bIhA47InfhqwjO5Tjr0Mls+7VT5cunFfEHkdOInxplw==,iv:txren/8jnAUvCI/k9cxN29ZkSgCuPEAo0IpyREf2E9A=,tag:BFOZrM18zUJMEACpLz7KRw==,type:str] + secret: ENC[AES256_GCM,data:4HPPbVBOeDjdL81d402Rz6Luk1DZbk8InHfO+Sx/OJIvUf/shkCRyp3hStIDC03bA8HV66GeejvWFte+vQ2b5X3Fl2GXfHQi7brMFVEYfYdR2XRdra0aOeSrHtW5uUn0MpVCRwYDb1JahIWhLyqcYyOpV91xjNiIVg8S3MHr+mo=,iv:c3Q4qPMxZJuoO5XRzUDZh5XJOtff9eiMTlOx+MDMSaE=,tag:07fIkN9YXXJMEV59QEFIag==,type:str] +nextcloud: + pass: ENC[AES256_GCM,data:U/VI/uHDT1a5O4iAHUVwsz/h,iv:W0hAXBddFKhXmDWHpCB2JhjPPTEGer7721WtIRxg4Zo=,tag:OE4wzibNaaXsbfFuk0dwTA==,type:str] +sops: + age: + - recipient: age1640eg0pnmkruc89m5xguz0m8fek44fl4tzez6qwuzlz6kmapqewsp8esxd + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDVFhtcWkreVV6UmJkcW1P + WUluUTlOcjYzME1yVVNpVWJldXVsWG1vN3dNCmlvYURNV285anlIa3FrbXRVTERB + dXZDWHhEbFp3YWw5d2w4Y09vbUVCNHcKLS0tIEF4ZU5ZdWI5MVBtN0FOUUZDQUR4 + S0NMRGJSeks0Q0UrVnZmUVdyU2NqVm8KLu2kQpD1fJdU0fTdR9A2cTQzRp+waJ6M + 8vA+E8xYb2U4d7m0YnwKkGzw0CBPb0BvdEgvWvqpFViftoDwRv5KGA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-07-29T21:54:33Z" + mac: ENC[AES256_GCM,data:FdEOqSuTYZzl2T9QOJ3G+MlgZIvlLi3YhL9aOP3bws1N6MLfQcSgkQbhS4Nz4dQBpebOQ2OdT0QinFgXC7QyveiFefh1K1IxVAyRkwMd1xeCwbf2J/ERunCdJ7QsNh6pGJtTcv0h/gvviEVQ2S4FTmpFOjrLSUJI7kz92FI3vd4=,iv:1lOKQzHtG0kYcFLtn522uYrXE96Vq1a6qTj3/SkLSyI=,tag:69spH8TETUv3KYzH9eQcMA==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/system-config/programs/hyprland/default.nix b/system-config/programs/hyprland/default.nix index 64d1ea7..2774d4f 100644 --- a/system-config/programs/hyprland/default.nix +++ b/system-config/programs/hyprland/default.nix @@ -16,6 +16,10 @@ xwayland.enable = true; + systemd.setPath.enable = true; + + withUWSM = true; + package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland; portalPackage = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland; diff --git a/system-config/services/default.nix b/system-config/services/default.nix index 2b8fbb0..299682c 100644 --- a/system-config/services/default.nix +++ b/system-config/services/default.nix @@ -7,5 +7,6 @@ ./containers ./minecraft ./sddm + ./novnc ]; } diff --git a/system-config/services/novnc/default.nix b/system-config/services/novnc/default.nix new file mode 100644 index 0000000..0288268 --- /dev/null +++ b/system-config/services/novnc/default.nix @@ -0,0 +1,30 @@ +{ config, lib, pkgs, ... }: { + + options.sysconfig.opts.novnc.enable = lib.mkOption { + type = lib.types.bool; + default = false; + }; + + config = lib.mkIf config.sysconfig.opts.novnc.enable { + systemd.services.novnc = { + enable = true; + + path = with pkgs; [ + novnc + ps + ]; + + script = '' + novnc --listen 80 --vnc 127.0.0.1:5900 + ''; + + serviceConfig = { + Type = "exec"; + }; + + wantedBy = [ "multi-user.target" ]; + }; + + networking.firewall.allowedTCPPorts = [ 80 ]; + }; +}