diff --git a/modules/nixos/desktop/hyprland/default.nix b/modules/nixos/desktop/hyprland/default.nix index 92010ac..17adffb 100644 --- a/modules/nixos/desktop/hyprland/default.nix +++ b/modules/nixos/desktop/hyprland/default.nix @@ -34,6 +34,48 @@ let 1password& fi ''; + + # clipsync = pkgs.writeShellScriptBin "clipsync" '' + # insert() { + # # Read all the piped input into variable. + # value=$(cat) + # wValue="$(wl-paste)" + # xValue="$(xclip -o -selection clipboard)" + + # notify() { + # notify-send -u low -c clipboard "$1" "$value" + # } + + # if [ "$value" != "$wValue" ]; then + # notify "Wayland" + # echo -n "$value" | wl-copy + # fi + + # if [ "$value" != "$xValue" ]; then + # notify "X11" + # echo -n "$value" | xclip -selection clipboard + # fi + # } + + # watch() { + # # Wayland -> X11 + # wl-paste --type text --watch clipsync insert & + + # # X11 -> Wayland + # while clipnotify; do + # xclip -o -selection clipboard | clipsync insert + # done & + # } + + # kill() { + # pkill wl-paste + # pkill clipnotify + # pkill xclip + # pkill clipsync + # } + # "$@" + # ''; + in { options.${namespace}.desktop.hyprland = { @@ -54,9 +96,14 @@ in libnotify # Wayland Utilities - wl-clipboard wlr-randr + # Clipboard Stuff + wl-clipboard + xclip + clipnotify + # clipsync + # Screenshot Utility grimblast @@ -128,6 +175,8 @@ in "[workspace 8 silent] vesktop" "[workspace 9 silent] 1password" "[workspace 1 silent] zen" + + "${pkgs.xorg.xhost}/bin/xhost +" ]; windowrulev2 = [ diff --git a/modules/nixos/services/openssh/default.nix b/modules/nixos/services/openssh/default.nix new file mode 100644 index 0000000..4ec9816 --- /dev/null +++ b/modules/nixos/services/openssh/default.nix @@ -0,0 +1,29 @@ +{ + lib, + config, + namespace, + ... +}: +let + cfg = config.${namespace}.services.openssh; + inherit (lib) mkIf mkEnableOption; +in +{ + options.${namespace}.services.openssh = { + enable = mkEnableOption "Enable SSH"; + }; + + config = mkIf cfg.enable { + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + }; + + services.fail2ban = { + enable = true; + }; + }; +} diff --git a/modules/nixos/services/remotebuild/default.nix b/modules/nixos/services/remotebuild/default.nix new file mode 100644 index 0000000..cd6b8ab --- /dev/null +++ b/modules/nixos/services/remotebuild/default.nix @@ -0,0 +1,48 @@ +{ + lib, + config, + namespace, + ... +}: +let + cfg = config.${namespace}.services.remotebuild; + inherit (lib) mkIf mkEnableOption; +in +{ + options.${namespace}.services.remotebuild = { + enable = mkEnableOption "Enable remotebuild"; + }; + + config = mkIf cfg.enable { + users.users.remotebuild = { + isNormalUser = true; + createHome = false; + group = "remotebuild"; + + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYZjG+XPNoVHVdCel5MK4mwvtoFCqDY1WMI1yoU71Rd root@yggdrasil" + ]; + }; + + users.groups.remotebuild = { }; + + nix = { + nrBuildUsers = 64; + settings = { + trusted-users = [ "remotebuild" ]; + + min-free = 10 * 1024 * 1024; + max-free = 200 * 1024 * 1024; + + max-jobs = "auto"; + cores = 0; + }; + }; + + systemd.services.nix-daemon.serviceConfig = { + MemoryAccounting = true; + MemoryMax = "90%"; + OOMScoreAdjust = 500; + }; + }; +} diff --git a/systems/aarch64-linux/nixberry/default.nix b/systems/aarch64-linux/nixberry/default.nix index 5c7cb07..cfbd7d5 100644 --- a/systems/aarch64-linux/nixberry/default.nix +++ b/systems/aarch64-linux/nixberry/default.nix @@ -19,38 +19,6 @@ in raspberry-pi-5 ]; - security.sudo.wheelNeedsPassword = false; - users.users.remotebuild = { - isNormalUser = true; - createHome = false; - group = "remotebuild"; - - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYZjG+XPNoVHVdCel5MK4mwvtoFCqDY1WMI1yoU71Rd root@yggdrasil" - ]; - }; - - users.groups.remotebuild = { }; - - nix = { - nrBuildUsers = 64; - settings = { - trusted-users = [ "remotebuild" ]; - - min-free = 10 * 1024 * 1024; - max-free = 200 * 1024 * 1024; - - max-jobs = "auto"; - cores = 0; - }; - }; - - systemd.services.nix-daemon.serviceConfig = { - MemoryAccounting = true; - MemoryMax = "90%"; - OOMScoreAdjust = 500; - }; - networking = { interfaces.wlan0 = { ipv4.addresses = [ @@ -74,16 +42,15 @@ in }; }; }; - }; - - networking.firewall = { - allowedTCPPorts = [ - 53 - 80 - ]; - allowedUDPPorts = [ - 53 - ]; + firewall = { + allowedTCPPorts = [ + 53 + 80 + ]; + allowedUDPPorts = [ + 53 + ]; + }; }; services.adguardhome = { @@ -126,6 +93,10 @@ in "https://adguardteam.github.io/HostlistsRegistry/assets/filter_47.txt" ]; + statistics = { + enabled = true; + interval = "8760h"; + }; }; }; @@ -156,17 +127,14 @@ in }; }; - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; - ${namespace} = { submodules.basics = enabled; + services = { + openssh = enabled; + remotebuild = enabled; + }; + system = { # cachemiss for webkit gtk hardware.networking.enable = mkForce false; diff --git a/systems/x86_64-linux/loptland/default.nix b/systems/x86_64-linux/loptland/default.nix index d275c7b..f503838 100644 --- a/systems/x86_64-linux/loptland/default.nix +++ b/systems/x86_64-linux/loptland/default.nix @@ -29,18 +29,6 @@ in }; }; - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; - - services.fail2ban = { - enable = true; - }; - services.nginx = { enable = true; recommendedProxySettings = true; @@ -101,6 +89,7 @@ in enable = true; inherit sopsFile; }; + openssh = enabled; }; security = { diff --git a/systems/x86_64-linux/yggdrasil/default.nix b/systems/x86_64-linux/yggdrasil/default.nix index cf56fec..def7f10 100644 --- a/systems/x86_64-linux/yggdrasil/default.nix +++ b/systems/x86_64-linux/yggdrasil/default.nix @@ -80,9 +80,10 @@ in }; exec-once = [ - "xrandr --output DP-2 --primary" "[workspace 1 silent] obsidian --disabled-gpu" "[workspace 9 silent] git-butler" + + "${pkgs.xorg.xrandr}/bin/xrandr --output DP-2 --primary" ]; workspace = [