Testing update system from git repo script

Strangely fixes some qt themes (mainly kdenlive)
Fixed home-manager version mismatch for servers
2025-01-18 22:55:52 +05:30 · 2024-04-06 13:58:01 -05:00 · 2024-04-06 13:43:37 -05:00 · 2024-04-06 08:48:57 -05:00 · 2024-04-06 08:34:57 -05:00 · 2024-04-06 08:32:34 -05:00
12 changed files with 135 additions and 93 deletions
--- a/flake.lock
+++ b/flake.lock
@ -150,11 +150,11 @@
    "blocklist-hosts": {
      "flake": false,
      "locked": {
-        "lastModified": 1712150903,
-        "narHash": "sha256-mXtiXj+4Sm8nfHYI/cNItG/tOLeP1Rs9LEEgxYxY8rc=",
+        "lastModified": 1712248646,
+        "narHash": "sha256-pEiprVaO6CmIJ1qJMQn/y8vHvRQwiQq7CwbhzlneCOA=",
        "owner": "StevenBlack",
        "repo": "hosts",
-        "rev": "4d96abf2bc07773124ebc348a347254ba0601179",
+        "rev": "a340ebf0b8e9f81476c0ec0b6a9767858aea325c",
        "type": "github"
      },
      "original": {
@ -475,27 +475,6 @@
      }
    },
    "home-manager": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1712093955,
-        "narHash": "sha256-94I0sXz6fiVBvUAk2tg6t3UpM5rOImj4JTSTNFbg64s=",
-        "owner": "nix-community",
-        "repo": "home-manager",
-        "rev": "80546b220e95a575c66c213af1b09fe255299438",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "ref": "master",
-        "repo": "home-manager",
-        "type": "github"
-      }
-    },
-    "home-manager_2": {
      "inputs": {
        "nixpkgs": [
          "stylix",
@ -516,19 +495,45 @@
        "type": "github"
      }
    },
-    "hyprland-plugins": {
-      "flake": false,
+    "home-manager-stable": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs-stable"
+        ]
+      },
      "locked": {
-        "lastModified": 1712142571,
-        "narHash": "sha256-cwe70xoqlBqTNiZltjMMx3CLahiAnaPBkysUmSCpkdk=",
-        "owner": "hyprwm",
-        "repo": "hyprland-plugins",
-        "rev": "4334510363a8420f17d88505d13405d5126eabf0",
+        "lastModified": 1712386041,
+        "narHash": "sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "d6bb9f934f2870e5cbc5b94c79e9db22246141ff",
        "type": "github"
      },
      "original": {
-        "owner": "hyprwm",
-        "repo": "hyprland-plugins",
+        "owner": "nix-community",
+        "ref": "release-23.11",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "home-manager-unstable": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1712390667,
+        "narHash": "sha256-ebq+fJZfobqpsAdGDGpxNWSySbQejRwW9cdiil6krCo=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "b787726a8413e11b074cde42704b4af32d95545c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "master",
+        "repo": "home-manager",
        "type": "github"
      }
    },
@ -628,11 +633,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1712122226,
-        "narHash": "sha256-pmgwKs8Thu1WETMqCrWUm0CkN1nmCKX3b51+EXsAZyY=",
+        "lastModified": 1712163089,
+        "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "08b9151ed40350725eb40b1fe96b0b86304a654b",
+        "rev": "fd281bd6b7d3e32ddfa399853946f782553163b5",
        "type": "github"
      },
      "original": {
@ -643,11 +648,11 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1711668574,
-        "narHash": "sha256-u1dfs0ASQIEr1icTVrsKwg2xToIpn7ZXxW3RHfHxshg=",
+        "lastModified": 1712310679,
+        "narHash": "sha256-XgC/a/giEeNkhme/AV1ToipoZ/IVm1MV2ntiK4Tm+pw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "219951b495fc2eac67b1456824cc1ec1fd2ee659",
+        "rev": "72da83d9515b43550436891f538ff41d68eecc7f",
        "type": "github"
      },
      "original": {
@ -902,8 +907,8 @@
        "eaf": "eaf",
        "eaf-browser": "eaf-browser",
        "emacs-pin-nixpkgs": "emacs-pin-nixpkgs",
-        "home-manager": "home-manager",
-        "hyprland-plugins": "hyprland-plugins",
+        "home-manager-stable": "home-manager-stable",
+        "home-manager-unstable": "home-manager-unstable",
        "kdenlive-pin-nixpkgs": "kdenlive-pin-nixpkgs",
        "mini-frame": "mini-frame",
        "nix-doom-emacs": "nix-doom-emacs",
@ -942,11 +947,11 @@
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
-        "lastModified": 1712110341,
-        "narHash": "sha256-8LU2IM4ctHz043hlzoFUwQS1QIdhiMGEH/oIfPCxoWU=",
+        "lastModified": 1712369449,
+        "narHash": "sha256-tbWug3uXPlSm1j0xD80Y3xbP+otT6gLnQo1e/vQat48=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "74deb67494783168f5b6d2071d73177e6bccab65",
+        "rev": "41b3b080cc3e4b3a48e933b87fc15a05f1870779",
        "type": "github"
      },
      "original": {
@ -984,7 +989,7 @@
        "base16-vim": "base16-vim",
        "flake-compat": "flake-compat_2",
        "gnome-shell": "gnome-shell",
-        "home-manager": "home-manager_2",
+        "home-manager": "home-manager",
        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
--- a/flake.nix
+++ b/flake.nix
@ -1,9 +1,9 @@
 {
  description = "Flake of LibrePhoenix";

-  outputs = inputs@{ self, nixpkgs, nixpkgs-stable, emacs-pin-nixpkgs,
-                     kdenlive-pin-nixpkgs, home-manager, nix-doom-emacs, nix-straight, stylix,
-                     blocklist-hosts, hyprland-plugins, rust-overlay, org-nursery, org-yaap,
+  outputs = inputs@{ self, nixpkgs, nixpkgs-stable, emacs-pin-nixpkgs, kdenlive-pin-nixpkgs,
+                     home-manager-unstable, home-manager-stable, nix-doom-emacs,
+                     nix-straight, stylix, blocklist-hosts, rust-overlay, org-nursery, org-yaap,
                     org-side-tree, org-timeblock, org-krita, phscroll, mini-frame, ... }:
    let
      # ---- SYSTEM SETTINGS ---- #
@ -98,6 +98,14 @@
             else
               nixpkgs.lib);

+      # use home-manager-stable if running a server (homelab or worklab profile)
+      # otherwise use home-manager-unstable
+      home-manager = (if ((systemSettings.profile == "homelab") || (systemSettings.profile == "worklab"))
+             then
+               home-manager-stable
+             else
+               home-manager-unstable);
+
      # Systems that can run tests:
      supportedSystems = [ "aarch64-linux" "i686-linux" "x86_64-linux" ];

@ -134,7 +142,6 @@
            inherit (inputs) mini-frame;
            #inherit (inputs) nix-flatpak;
            inherit (inputs) stylix;
-            inherit (inputs) hyprland-plugins;
          };
        };
      };
@ -184,8 +191,11 @@
    emacs-pin-nixpkgs.url = "nixpkgs/f72123158996b8d4449de481897d855bc47c7bf6";
    kdenlive-pin-nixpkgs.url = "nixpkgs/cfec6d9203a461d9d698d8a60ef003cac6d0da94";

-    home-manager.url = "github:nix-community/home-manager/master";
-    home-manager.inputs.nixpkgs.follows = "nixpkgs";
+    home-manager-unstable.url = "github:nix-community/home-manager/master";
+    home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs";
+
+    home-manager-stable.url = "github:nix-community/home-manager/release-23.11";
+    home-manager-stable.inputs.nixpkgs.follows = "nixpkgs-stable";

    nix-doom-emacs.url = "github:nix-community/nix-doom-emacs";
    nix-doom-emacs.inputs.nixpkgs.follows = "emacs-pin-nixpkgs";
@ -239,10 +249,5 @@
      url = "github:StevenBlack/hosts";
      flake = false;
    };
-
-    hyprland-plugins = {
-      url = "github:hyprwm/hyprland-plugins";
-      flake = false;
-    };
  };
 }
--- a/harden.sh
+++ b/harden.sh
@ -27,5 +27,8 @@ chown 0:0 flake.lock;
 chown 0:0 flake.nix
 chown 0:0 profiles/*/configuration.nix;
 chown 0:0 harden.sh;
+chown 0:0 soften.sh;
+chown 0:0 install.sh;
+chown 0:0 update.sh;
 chown 1000:users **/README.org;
 popd &> /dev/null;
--- a/install.sh
+++ b/install.sh
@ -28,11 +28,12 @@ if [ -z "$EDITOR" ]; then
 fi
 $EDITOR ~/.dotfiles/flake.nix;

+# Permissions for files that should be owned by root
+sudo ~/.dotfiles/harden.sh ~/.dotfiles;
+
 # Rebuild system
 sudo nixos-rebuild switch --flake ~/.dotfiles#system;

 # Install and build home-manager configuration
 nix run home-manager/master --extra-experimental-features nix-command --extra-experimental-features flakes -- switch --flake ~/.dotfiles#user;

-# Permissions for files that should be owned by root
-sudo ~/.dotfiles/harden.sh ~/.dotfiles;
--- a/profiles/homelab/base.nix
+++ b/profiles/homelab/base.nix
@ -4,6 +4,7 @@
  imports =
    [ ../../system/hardware-configuration.nix
      ../../system/hardware/time.nix # Network time sync
+      ../../system/security/firewall.nix
      ../../system/security/doas.nix
      ../../system/security/gpg.nix
      ( import ../../system/app/docker.nix {storageDriver = null; inherit pkgs userSettings lib;} )
@ -71,10 +72,15 @@
    git
    rclone
    rdiff-backup
+    rsnapshot
    cryptsetup
    gocryptfs
  ];

+  programs.fuse.userAllowOther = true;
+
+  services.haveged.enable = true;
+
  # I use zsh btw
  environment.shells = with pkgs; [ zsh ];
  users.defaultUserShell = pkgs.zsh;
--- a/soften.sh
+++ b/soften.sh
@ -0,0 +1,27 @@
+#!/bin/sh
+
+# This will soften the security of these dotfiles, allowing
+# the default unpriveleged user with UID/GID of 1000 to edit ALL FILES
+# in the dotfiles directory
+
+# This mainly is just here to be used by some scripts
+
+# Run this inside of ~/.dotfiles (or whatever directory you installed
+# the dotfiles to)
+
+# Run this as root!
+
+# BTW, this assumes your user account has a UID/GID of 1000
+
+# After running this, YOUR UNPRIVELEGED USER CAN MAKE EDITS TO
+# IMPORTANT SYSTEM FILES WHICH MAY COMPROMISE THE SYSTEM AFTER
+# RUNNING nixos-rebuild switch!
+
+if [ "$#" = 1 ]; then
+    dotfilesDir=$1;
+else
+    dotfilesDir=$(pwd);
+fi
+pushd $dotfilesDir &> /dev/null;
+chown -R 1000:users .;
+popd &> /dev/null;
--- a/system/app/docker.nix
+++ b/system/app/docker.nix
@ -19,6 +19,7 @@ assert lib.asserts.assertOneOf "storageDriver" storageDriver [
  };
  users.users.${userSettings.username}.extraGroups = [ "docker" ];
  environment.systemPackages = with pkgs; [
+    docker
    docker-compose
    lazydocker
  ];
--- a/update.sh
+++ b/update.sh
@ -0,0 +1,23 @@
+#!/bin/sh
+
+# Automated script to update my non-primary systems
+# to be in sync with upstream git repo while
+# preserving local edits to dotfiles via git stash
+
+# Relax permissions temporarily so git can work
+sudo ~/.dotfiles/soften.sh ~/.dotfiles;
+
+# Stash local edits, pull changes, and re-apply local edits
+git stash
+git pull
+git stash apply
+
+# Permissions for files that should be owned by root
+sudo ~/.dotfiles/harden.sh ~/.dotfiles;
+
+# Rebuild system
+sudo nixos-rebuild switch --flake ~/.dotfiles#system;
+
+# Install and build home-manager configuration
+home-manager --extra-experimental-features nix-command --extra-experimental-features flakes -- switch --flake ~/.dotfiles#user;
+
--- a/user/shell/sh.nix
+++ b/user/shell/sh.nix
@ -11,8 +11,6 @@ let
    neofetch = "disfetch";
    fetch = "disfetch";
    gitfetch = "onefetch";
-    nixos-rebuild = "systemd-run --no-ask-password --uid=0 --system --scope -p MemoryLimit=16000M -p CPUQuota=60% nixos-rebuild";
-    home-manager = "systemd-run --no-ask-password --uid=1000 --user --scope -p MemoryLimit=16000M -p CPUQuota=60% home-manager";
  };
 in
 {
--- a/user/style/oomox-current.conf.mustache
+++ b/user/style/oomox-current.conf.mustache
@ -1,10 +1,5 @@
 #               FG              BTN_BG bright less brdark        less da     txt fg               br text              btn fg           txt bg     bg     shadow   sel bg     sel fg     link       visited           alt bg default          tooltip bg  tooltip_fg
 [ColorScheme]
-  active_colors=#{{base07-hex}},          #{{base00-hex}}, #{{base00-hex}}, #{{base00-hex}}, #{{base00-hex}}, #{{base00-hex}}, #{{base0F-hex}},           #{{base07-hex}},           #{{base07-hex}},           #{{base00-hex}}, #{{base00-hex}}, #{{base00-hex}}, #{{base01-hex}}, #{{base00-hex}}, #{{base01-hex}}, #{{base07-hex}},            #{{base00-hex}}, #{{base07-hex}},           181b24,  #{{base07-hex}}
-disabled_colors=#767081, #{{base00-hex}}, #{{base00-hex}}, #{{base00-hex}}, #{{base00-hex}}, #{{base00-hex}}, #767081,  #767081,  #767081,  #{{base00-hex}}, #{{base00-hex}}, #{{base00-hex}}, #{{base01-hex}}, #{{base00-hex}}, #{{base01-hex}}, #767081,   #{{base00-hex}}, #767081,  #{{base00-hex}}, #767081
-inactive_colors=#{{base07-hex}},          #{{base00-hex}}, #{{base00-hex}}, #{{base00-hex}}, #{{base00-hex}}, #{{base00-hex}}, #{{base07-hex}},           #{{base07-hex}},           #{{base07-hex}},           #{{base00-hex}}, #{{base00-hex}}, #{{base00-hex}}, #{{base01-hex}}, #{{base00-hex}}, #{{base01-hex}}, #{{base07-hex}},            #{{base00-hex}}, #{{base07-hex}},           #{{base00-hex}}, #{{base07-hex}}
-
-#               FG              BTN_BG     bright   less br  dark     less da  txt fg               br text  btn fg     txt bg     bg     shadow   sel bg     sel fg     link       visite alt bg default  tooltip bg  tooltip_fg
-#  active_colors=#{{base07-hex}},          #{{base02-hex}}, #{{base00-hex}}, #cbc7c4, #9f9d9a, #b8b5b2, #{{base07-hex}},           #ff0000, #{{base07-hex}}, #{{base00-hex}}, #{{base00-hex}}, #767472, #{{base01-hex}}, #{{base00-hex}}, #{{base01-hex}}, #{{base07-hex}},            #{{base00-hex}}, #{{base07-hex}},           181b24, #{{base07-hex}}
-#disabled_colors=#767081, #{{base02-hex}}, #{{base00-hex}}, #cbc7c4, #9f9d9a, #b8b5b2, #767081,  #ffec17, #{{base07-hex}}, #{{base00-hex}}, #{{base00-hex}}, #767472, #{{base01-hex}}, #{{base00-hex}}, #{{base01-hex}}, #767081,   #{{base00-hex}}, #767081,  #{{base00-hex}}, #767081
-#inactive_colors=#{{base07-hex}},          #{{base02-hex}}, #{{base00-hex}}, #cbc7c4, #9f9d9a, #b8b5b2, #{{base07-hex}},           #ff9040, #{{base07-hex}}, #{{base00-hex}}, #{{base00-hex}}, #767472, #{{base01-hex}}, #{{base00-hex}}, #{{base01-hex}}, #{{base07-hex}},            #{{base00-hex}}, #{{base07-hex}},           #{{base00-hex}}, #{{base07-hex}}
+  active_colors=#{{base07-hex}},          #{{base00-hex}}, #{{base00-hex}}, #{{base00-hex}}, #{{base00-hex}}, #{{base00-hex}}, #{{base07-hex}},           #{{base07-hex}},           #{{base07-hex}},           #{{base00-hex}}, #{{base00-hex}}, #{{base00-hex}}, #{{base01-hex}}, #{{base00-hex}}, #{{base01-hex}}, #{{base07-hex}},            #{{base00-hex}}, #{{base07-hex}},           #{{base00-hex}}, #{{base07-hex}}
+  disabled_colors=#767081, #{{base00-hex}}, #{{base00-hex}}, #{{base00-hex}}, #{{base00-hex}}, #{{base00-hex}}, #767081,  #767081,  #767081,  #{{base00-hex}}, #{{base00-hex}}, #{{base00-hex}}, #{{base01-hex}}, #{{base00-hex}}, #{{base01-hex}}, #767081,   #{{base00-hex}}, #767081,  #{{base00-hex}}, #767081
+  inactive_colors=#{{base07-hex}},          #{{base00-hex}}, #{{base00-hex}}, #{{base00-hex}}, #{{base00-hex}}, #{{base00-hex}}, #{{base07-hex}},           #{{base07-hex}},           #{{base07-hex}},           #{{base00-hex}}, #{{base00-hex}}, #{{base00-hex}}, #{{base01-hex}}, #{{base00-hex}}, #{{base01-hex}}, #{{base07-hex}},            #{{base00-hex}}, #{{base07-hex}},           #{{base00-hex}}, #{{base07-hex}}
--- a/user/style/stylix.nix
+++ b/user/style/stylix.nix
@ -70,6 +70,7 @@ in
    };
    font.size = config.stylix.fonts.sizes.terminal;
  };
+  stylix.targets.kde.enable = true;
  stylix.targets.kitty.enable = true;
  stylix.targets.gtk.enable = true;
  stylix.targets.rofi.enable = if (userSettings.wmType == "x11") then true else false;
@ -119,20 +120,12 @@ in
    wallpaper = DP-1,''+config.stylix.image+''
  '';
  home.packages = with pkgs; [
-     qt5ct pkgs.libsForQt5.breeze-qt5
+     libsForQt5.qt5ct pkgs.libsForQt5.breeze-qt5 libsForQt5.breeze-icons
  ];
-  home.sessionVariables = {
-    QT_QPA_PLATFORMTHEME="qt5ct";
-  };
-  programs.zsh.sessionVariables = {
-    QT_QPA_PLATFORMTHEME="qt5ct";
-  };
-  programs.bash.sessionVariables = {
-    QT_QPA_PLATFORMTHEME="qt5ct";
-  };
  qt = {
    enable = true;
    style.package = pkgs.libsForQt5.breeze-qt5;
    style.name = "breeze-dark";
+    platformTheme = "kde";
  };
 }
--- a/user/wm/hyprland/hyprbars.nix
+++ b/user/wm/hyprland/hyprbars.nix
@ -1,15 +0,0 @@
-{ config, lib, stdenv, pkgs, hyprland-plugins, ... }:
-
-stdenv.mkDerivation rec {
-        pname = "hyprbars";
-        version = "unstable";
-        src = "${hyprland-plugins}/hyprbars";
-        nativeBuildInputs = [ pkgs.hyprland.nativeBuildInputs ];
-        buildInputs = [ pkgs.hyprland pkgs.hyprland.buildInputs ];
-        meta = {
-          homepage = "https://gitlab.com/phoneybadger/pokemon-colorscripts";
-          description = "CLI utility to print out images of pokemon to terminal";
-          license = lib.licenses.mit;
-          maintainers = [];
-        };
-}
Author	SHA1	Message	Date
Emmet	5b80e2c497	Testing update system from git repo script	2024-04-06 13:58:01 -05:00
Emmet	df76ef046a	Strangely fixes some qt themes (mainly kdenlive)	2024-04-06 13:43:37 -05:00
Emmet	a4883bd3d6	Fixed home-manager version mismatch for servers	2024-04-06 08:48:57 -05:00
Emmet	0e5eb73efe	Updated system	2024-04-06 08:34:57 -05:00
Emmet	12b3d12dec	Incorporate config updates from homelab	2024-04-06 08:32:34 -05:00
Emmet	05cfe06e85	Removed nix rebuild systemd-run wrappers	2024-04-06 08:32:15 -05:00
Emmet	b7654cd2cd	Forgot to remove hyprland-plugins refs from flake	2024-04-06 08:29:05 -05:00
Emmet	d4b9032cf4	Removed broken hyprland plugins	2024-04-05 17:15:30 -05:00