From 32eab66d8ecd1c3dfc120c2c0cbdfcdfab1287e7 Mon Sep 17 00:00:00 2001 From: rogueking Date: Mon, 9 Mar 2026 20:05:04 -0700 Subject: [PATCH] tidy packages and added 1password systemd --- flake.lock | 36 +++---- home-manager/commands/commands.nix | 110 ++++++++++++++++------ home-manager/commands/starship.nix | 16 ++-- home-manager/programs/ghostty/ghostty.nix | 7 -- home-manager/programs/hypr/hypridle.nix | 10 +- home-manager/programs/hypr/waybar.nix | 2 +- hosts/acheron/configuration.nix | 28 +----- hosts/buildbox/configuration.nix | 26 +---- hosts/ender-ml/configuration.nix | 29 +----- hosts/eva-01/configuration.nix | 64 +++++-------- hosts/eva-03/configuration.nix | 67 +++++-------- 11 files changed, 161 insertions(+), 234 deletions(-) diff --git a/flake.lock b/flake.lock index 0da224a..760afdc 100644 --- a/flake.lock +++ b/flake.lock @@ -6,11 +6,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1772768709, - "narHash": "sha256-uzeT4oc5MyZaGJ4C1J2FMSfcUJUoMlzf1ZSWIgBrW7A=", + "lastModified": 1772918486, + "narHash": "sha256-lwpRpS7JPR4eqzfnJNt3Cdmi596cUnWRlFaHvCqVv9E=", "owner": "utensils", "repo": "comfyui-nix", - "rev": "390747dcc0631621fe43308b3464d2591e11e77d", + "rev": "2c0c411d90764084d7b75be6402c320bcc278776", "type": "github" }, "original": { @@ -97,11 +97,11 @@ ] }, "locked": { - "lastModified": 1772633058, - "narHash": "sha256-SO7JapRy2HPhgmqiLbfnW1kMx5rakPMKZ9z3wtRLQjI=", + "lastModified": 1772985280, + "narHash": "sha256-FdrNykOoY9VStevU4zjSUdvsL9SzJTcXt4omdEDZDLk=", "owner": "nix-community", "repo": "home-manager", - "rev": "080657a04188aca25f8a6c70a0fb2ea7e37f1865", + "rev": "8f736f007139d7f70752657dff6a401a585d6cbc", "type": "github" }, "original": { @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1772845525, - "narHash": "sha256-Dp5Ir2u4jJDGCgeMRviHvEQDe+U37hMxp6RSNOoMMPc=", + "lastModified": 1772985285, + "narHash": "sha256-wEEmvfqJcl9J0wyMgMrj1TixOgInBW/6tLPhWGoZE3s=", "owner": "nix-community", "repo": "home-manager", - "rev": "27b93804fbef1544cb07718d3f0a451f4c4cd6c0", + "rev": "5be5d8245cbc7bc0c09fbb5f38f23f223c543f85", "type": "github" }, "original": { @@ -138,11 +138,11 @@ ] }, "locked": { - "lastModified": 1772379624, - "narHash": "sha256-NG9LLTWlz4YiaTAiRGChbrzbVxBfX+Auq4Ab/SWmk4A=", + "lastModified": 1773000227, + "narHash": "sha256-zm3ftUQw0MPumYi91HovoGhgyZBlM4o3Zy0LhPNwzXE=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "52d061516108769656a8bd9c6e811c677ec5b462", + "rev": "da529ac9e46f25ed5616fd634079a5f3c579135f", "type": "github" }, "original": { @@ -174,11 +174,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1771969195, - "narHash": "sha256-qwcDBtrRvJbrrnv1lf/pREQi8t2hWZxVAyeMo7/E9sw=", + "lastModified": 1772972630, + "narHash": "sha256-mUJxsNOrBMNOUJzN0pfdVJ1r2pxeqm9gI/yIKXzVVbk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "41c6b421bdc301b2624486e11905c9af7b8ec68e", + "rev": "3966ce987e1a9a164205ac8259a5fe8a64528f72", "type": "github" }, "original": { @@ -236,11 +236,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1772773019, - "narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=", + "lastModified": 1772963539, + "narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "aca4d95fce4914b3892661bcb80b8087293536c6", + "rev": "9dcb002ca1690658be4a04645215baea8b95f31d", "type": "github" }, "original": { diff --git a/home-manager/commands/commands.nix b/home-manager/commands/commands.nix index 65d5a62..5974f57 100644 --- a/home-manager/commands/commands.nix +++ b/home-manager/commands/commands.nix @@ -48,69 +48,89 @@ in cpu-x curl dig + docker dust fd + file + findutils fosrl-olm fzf + git git-filter-repo glances gping graphviz jq kitty + kopia + lazydocker lazygit lazyjournal manga-tui mcat netop - # netscanner + nettools nix-du + nix-prefetch-github nmap - trippy - tuptime + openssh openssl + ptunnel ripgrep s3cmd timg tldr trippy trivy + tuptime + unzip wget wireguard-tools - #pkgs-unstable.witr yazi yt-dlp zstd list-keybinds ] + # Desktop-specific packages (Linux desktops and macOS) ++ lib.optionals (!(hostTypes.isServer hostname)) (with pkgs; [ claude-code caligula ocamlPackages.utop - # opencode openconnect - # termusic yubikey-manager ]) + # Server-specific packages ++ lib.optionals (hostTypes.isServer hostname) (with pkgs; [ - # Add server-specific packages here - ]) - ++ lib.optionals (hostname == "") [ - - ] - # Host-specific packages - ++ lib.optionals (hostname == "eva-01") [ - #apps - rpi-imager - - # cli - libusb1 + gparted parted + plocate + tailscale + tlp traceroute + ffmpeg-full + pkgs-unstable.witr + ]) - # cyber + # Linux desktop packages + ++ lib.optionals (hostTypes.isLinuxDesktop hostname) (with pkgs; [ + plocate + tlp + swaynotificationcenter + gparted + nerd-fonts.hack + nerd-fonts.fira-code + ]) + + # Pentesting/security tools (eva-01 and eva-03) + ++ lib.optionals (builtins.elem hostname [ "eva-01" "eva-03" ]) (with pkgs; [ + aircrack-ng + hcxdumptool + hcxtools + metasploit + wifite2 + wirelesstools amass bettercap bloodhound @@ -137,18 +157,52 @@ in sqlmap steghide thc-hydra + ]) + + # eva-01 specific + ++ lib.optionals (hostname == "eva-01") [ + pkgs.rpi-imager + pkgs.libusb1 + pkgs.parted + pkgs.traceroute + pkgs.android-tools + pkgs.goose-cli ] + + # eva-03 specific ++ lib.optionals (hostname == "eva-03") [ - # cli - parted - traceroute - ffmpeg-full + pkgs.parted + pkgs.traceroute + pkgs.ffmpeg-full + pkgs-unstable.vscode + (pkgs-unstable.llama-cpp.override { cudaSupport = true; }) + pkgs-unstable.witr ] + + # buildbox specific ++ lib.optionals (hostname == "buildbox") [ - # cli - parted - traceroute - ffmpeg-full + pkgs.parted + pkgs.traceroute + pkgs.ffmpeg-full + pkgs-unstable.witr + ] + + # ender-ml specific + ++ lib.optionals (hostname == "ender-ml") [ + pkgs-unstable.stable-diffusion-cpp-cuda + (pkgs-unstable.llama-cpp.override { cudaSupport = true; }) + pkgs-unstable.witr + pkgs-unstable.comfy-ui-cuda + ] + + # acheron specific + ++ lib.optionals (hostname == "acheron") [ + pkgs.pkgs-unstable.witr + ] + + # eva-02 (macOS) specific + ++ lib.optionals (hostname == "eva-02") [ + pkgs-unstable.vscode ]; programs = { @@ -206,6 +260,4 @@ in enableZshIntegration = true; }; }; - - # fonts.fontconfig.enable = lib.mkIf (hostname != "eva-02") true; } diff --git a/home-manager/commands/starship.nix b/home-manager/commands/starship.nix index f0c3054..9916cba 100644 --- a/home-manager/commands/starship.nix +++ b/home-manager/commands/starship.nix @@ -7,14 +7,14 @@ settings = { add_newline = true; format = lib.concatStrings [ - "$time" - "$directory" - "$git_branch" - "$git_status" - "$hostname" - "$golang" - "direnv" - "$status" + "$time" + "$directory" + "$git_branch" + "$git_status" + "$hostname" + "$golang" + "$direnv" + "$status" ]; right_format = lib.concatStrings [ diff --git a/home-manager/programs/ghostty/ghostty.nix b/home-manager/programs/ghostty/ghostty.nix index 7965c2c..f93ebc9 100644 --- a/home-manager/programs/ghostty/ghostty.nix +++ b/home-manager/programs/ghostty/ghostty.nix @@ -17,8 +17,6 @@ gtk-single-instance = true; - #custom-shader = "./shaders/tft.glsl"; - font-family = "JetBrainsMono Nerd Font"; font-family-italic = "Maple Mono"; font-family-bold-italic = "Maple Mono"; @@ -42,9 +40,4 @@ ]; }; }; - #home.file.".config/ghostty/shaders" = { - # enable = true; - # source = ./shaders; - # recursive = true; - #}; } diff --git a/home-manager/programs/hypr/hypridle.nix b/home-manager/programs/hypr/hypridle.nix index f442a07..fe1aca3 100644 --- a/home-manager/programs/hypr/hypridle.nix +++ b/home-manager/programs/hypr/hypridle.nix @@ -12,10 +12,9 @@ listeners = [ { - timeout = 30; + timeout = 300; on-timeout = "pidof hyprlock && hyprctl dispatch dpms off"; - on-resume = "pidof hyprlock && hyprctl dispatch dpms on"; - + on-resume = "hyprctl dispatch dpms on"; } { timeout = 540; @@ -27,11 +26,6 @@ on-timeout = "loginctl lock-session"; on-resume = "notify-send 'Desktop Unlocked!'"; } - # { - # timeout = 1200; - # on-timeout = "systemctl suspend"; - # on-resume = "notify-send 'Welcome back to your desktop!'"; - # } ]; }; }; diff --git a/home-manager/programs/hypr/waybar.nix b/home-manager/programs/hypr/waybar.nix index f1472a5..92e88fc 100644 --- a/home-manager/programs/hypr/waybar.nix +++ b/home-manager/programs/hypr/waybar.nix @@ -26,7 +26,7 @@ let base0F = "ff9e64"; }; # Laptop hostnames that should show battery - isLaptop = builtins.elem hostname [ "laptop" "thinkpad" "framework" "portable" ]; + isLaptop = builtins.elem hostname [ "eva-01" ]; in with lib; { diff --git a/hosts/acheron/configuration.nix b/hosts/acheron/configuration.nix index f32fc93..98fa326 100644 --- a/hosts/acheron/configuration.nix +++ b/hosts/acheron/configuration.nix @@ -9,6 +9,7 @@ inputs, configPath, hostname, + hostTypes, lib, ... }: @@ -135,31 +136,7 @@ # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ - - #cli tools - btop - curl - docker - dust - file - findutils - git - gparted - lazydocker - nettools - nix-prefetch-github - nmap - openssh - openssl - parted - plocate - ptunnel - tailscale - tlp - unzip - vim - - pkgs-unstable.witr + # System-level only — CLI tools moved to home-manager ]; home-manager = { @@ -169,6 +146,7 @@ inputs pkgs-unstable hostname + hostTypes ; }; users = { diff --git a/hosts/buildbox/configuration.nix b/hosts/buildbox/configuration.nix index d0bfbf8..0d49cfc 100644 --- a/hosts/buildbox/configuration.nix +++ b/hosts/buildbox/configuration.nix @@ -167,31 +167,7 @@ # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ - # Server-specific packages - btop - curl - docker - dust - file - findutils - git - gparted - kopia - lazydocker - nettools - nix-prefetch-github - nmap - openssh - openssl - parted - plocate - ptunnel - tailscale - tlp - unzip - vim - - pkgs-unstable.witr + # System-level only — CLI tools moved to home-manager ]; home-manager = { diff --git a/hosts/ender-ml/configuration.nix b/hosts/ender-ml/configuration.nix index 85ac53e..de51dcb 100644 --- a/hosts/ender-ml/configuration.nix +++ b/hosts/ender-ml/configuration.nix @@ -226,33 +226,8 @@ # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ - # Server-specific packages - btop-cuda - curl - docker - dust - file - findutils - git - gparted - lazydocker - nettools - nix-prefetch-github - nmap - openssh - openssl - parted - plocate - ptunnel - tailscale - tlp - unzip - vim - - pkgs-unstable.stable-diffusion-cpp-cuda - (pkgs-unstable.llama-cpp.override { cudaSupport = true; }) - pkgs-unstable.witr - pkgs-unstable.comfy-ui-cuda + # System-level only — CLI tools moved to home-manager + btop-cuda # cuda variant must stay system-level with nvidia drivers ]; home-manager = { diff --git a/hosts/eva-01/configuration.nix b/hosts/eva-01/configuration.nix index a4acd01..a8d6b22 100644 --- a/hosts/eva-01/configuration.nix +++ b/hosts/eva-01/configuration.nix @@ -218,6 +218,26 @@ polkitPolicyOwners = [ "rogueking" ]; }; + # 1Password SSH agent systemd socket + systemd.user.sockets."1password" = { + wantedBy = [ "sockets.target" ]; + socketConfig = { + ListenStream = "%t/1password/agent.sock"; + SocketMode = "0600"; + }; + }; + + systemd.user.services."1password" = { + description = "1Password SSH Agent"; + requires = [ "1password.socket" ]; + after = [ "graphical-session.target" ]; + serviceConfig = { + ExecStart = "${pkgs._1password-gui}/bin/1password --silent"; + Restart = "on-failure"; + RestartSec = 5; + }; + }; + #steam programs.steam.enable = true; @@ -253,48 +273,8 @@ # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ - #apps - #cider-2 - fprintd - #sddm-astronaut - - #cli tools - aircrack-ng - android-tools - btop - curl - docker - dust - file - findutils - git - goose-cli - hcxdumptool - hcxtools - kopia - lazydocker - metasploit - nettools - nix-prefetch-github - nmap - openssh - openssl - plocate - ptunnel - tailscale - tlp - unzip - vim - wifite2 - wirelesstools - swaynotificationcenter - - #fonts - nerd-fonts.hack - nerd-fonts.fira-code - - #unstable - #pkgs-unstable.vllm + # System-level only + fprintd # fingerprint daemon integration ]; home-manager = { diff --git a/hosts/eva-03/configuration.nix b/hosts/eva-03/configuration.nix index d1e865b..0c70cc8 100644 --- a/hosts/eva-03/configuration.nix +++ b/hosts/eva-03/configuration.nix @@ -235,11 +235,29 @@ programs._1password.enable = true; programs._1password-gui = { enable = true; - # Certain features, including CLI integration and system authentication support, - # require enabling PolKit integration on some desktop environments (e.g. Plasma). polkitPolicyOwners = [ "rogueking" ]; }; + # 1Password SSH agent systemd socket + systemd.user.sockets."1password" = { + wantedBy = [ "sockets.target" ]; + socketConfig = { + ListenStream = "%t/1password/agent.sock"; + SocketMode = "0600"; + }; + }; + + systemd.user.services."1password" = { + description = "1Password SSH Agent"; + requires = [ "1password.socket" ]; + after = [ "graphical-session.target" ]; + serviceConfig = { + ExecStart = "${pkgs._1password-gui}/bin/1password --silent"; + Restart = "on-failure"; + RestartSec = 5; + }; + }; + #steam programs.steam.enable = true; @@ -264,49 +282,10 @@ # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ - #apps + # System-level only fprintd - polonium - config.boot.kernelPackages.openrazer - - #cli tools - aircrack-ng - android-tools - btop-cuda - curl - docker - dust - file - findutils - fwupd - git - hcxdumptool - hcxtools - kopia - lazydocker - metasploit - nettools - nix-prefetch-github - nmap - openssh - openssl - plocate - ptunnel - tlp - unzip - vim - wifite2 - wirelesstools - - #unstable - pkgs-unstable.vscode - (pkgs-unstable.llama-cpp.override { cudaSupport = true; }) - pkgs-unstable.witr - - #fonts - nerd-fonts.hack - nerd-fonts.fira-code - + polonium # KDE tiling script + config.boot.kernelPackages.openrazer # kernel module, must be system-level ];