diff --git a/.sops.yaml b/.sops.yaml index 4abd30dd..41c909ae 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,5 +1,5 @@ keys: - - &lilith 3586D8D6689B9C9ECD598C588712A0F317C37175 + - &lilith 35FA53C3B39A778CBD0F0ADD0A0316EDDEDCA368 - &lilith-pad age1mqw75xvd2gnhx2wsmkr8yctegjfym6xkypwjh82s3yws2glk4vms3cxqaz - &lilith-pc age1pyav93usza3s363g56687yxh9jmp364w32gs77le7t0cgg7jveyq4zcl6v creation_rules: diff --git a/flake.lock b/flake.lock index f13ad9eb..362004e5 100644 --- a/flake.lock +++ b/flake.lock @@ -42,11 +42,11 @@ ] }, "locked": { - "lastModified": 1743265529, - "narHash": "sha256-QbjP15/2N+VJl0b5jxrrTc+VOt39aU4XrDvtP0Lz5ik=", + "lastModified": 1744289235, + "narHash": "sha256-ZFkHLdimtFzQACsVVyZkZlfYdj4iNy3PkzXfrwmlse8=", "owner": "hyprwm", "repo": "aquamarine", - "rev": "1d2dbd72c2bbaceab031c592d4810f744741d203", + "rev": "c8282f4982b56dfa5e9b9f659809da93f8d37e7a", "type": "github" }, "original": { @@ -234,6 +234,22 @@ "type": "github" } }, + "flake-private": { + "locked": { + "lastModified": 1744570005, + "narHash": "sha256-SnV4raQWMiysxsZBOq4wrR9kWxF8Fk/Arn9bERr1XOg=", + "ref": "main", + "rev": "ce669973291ca0e09677fb2491922ea15562e9ef", + "revCount": 2, + "type": "git", + "url": "ssh://git@git.firelilith.org/lilith/flake-private.git" + }, + "original": { + "ref": "main", + "type": "git", + "url": "ssh://git@git.firelilith.org/lilith/flake-private.git" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -362,11 +378,11 @@ ] }, "locked": { - "lastModified": 1744038920, - "narHash": "sha256-9a4V1wQXS8hXZtc7mRtz0qINkGW+C99aDrmXY6oYBFg=", + "lastModified": 1744919155, + "narHash": "sha256-IJksPW32V9gid9vDxoloJMRk+YGjxq5drFHBFeBkKU8=", "owner": "nix-community", "repo": "home-manager", - "rev": "a4d8020820a85b47f842eae76ad083b0ec2a886a", + "rev": "72526a5f7cde2ef9075637802a1e2a8d2d658f70", "type": "github" }, "original": { @@ -420,11 +436,11 @@ ] }, "locked": { - "lastModified": 1739049071, - "narHash": "sha256-3+7TpXMrbsUXSwgr5VAKAnmkzMb6JO+Rvc9XRb5NMg4=", + "lastModified": 1743953322, + "narHash": "sha256-prQ5JKopXtzCMX2eT3dXbaVvGmzjMRE2bXStQDdazpM=", "owner": "hyprwm", "repo": "hyprgraphics", - "rev": "175c6b29b6ff82100539e7c4363a35a02c74dd73", + "rev": "9d7f2687c84c729afbc3b13f7937655570f2978d", "type": "github" }, "original": { @@ -445,11 +461,11 @@ ] }, "locked": { - "lastModified": 1743905069, - "narHash": "sha256-XrZmg+aXDPMWscVfKjArwgjyo9Wtf8Kz1NmhtEOsCL0=", + "lastModified": 1744528518, + "narHash": "sha256-F3upSTM0XntGzO6VajVFLEEAJUHEKD4tUd7psn0+T0s=", "owner": "horriblename", "repo": "hyprgrass", - "rev": "9cf17688ca7346f38d735a7e47339f8a1d895d86", + "rev": "5106f7e6857935aed04f579752095fdd2df4d3d1", "type": "github" }, "original": { @@ -476,11 +492,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1744052896, - "narHash": "sha256-8KlDFFdFbK2rT5a7nb7BY2eYILW0b/n3bqkA8p/bPWs=", + "lastModified": 1744849150, + "narHash": "sha256-eaKqF4Oc7atN7Y2yTTeAOLN05q+G2YY0597ukgAD2Cs=", "ref": "refs/heads/main", - "rev": "b15c2bfff6941bd2072eade13177433d7ab58a00", - "revCount": 5977, + "rev": "225e13c3cc83308175f0a9aa18cfa31324155034", + "revCount": 6003, "type": "git", "url": "https://github.com/hyprwm/Hyprland" }, @@ -598,11 +614,11 @@ ] }, "locked": { - "lastModified": 1741191527, - "narHash": "sha256-kM+11Nch47Xwfgtw2EpRitJuORy4miwoMuRi5tyMBDY=", + "lastModified": 1744468525, + "narHash": "sha256-9HySx+EtsbbKlZDlY+naqqOV679VdxP6x6fP3wxDXJk=", "owner": "hyprwm", "repo": "hyprlang", - "rev": "72df3861f1197e41b078faa3e38eedd60e00018d", + "rev": "f1000c54d266e6e4e9d646df0774fac5b8a652df", "type": "github" }, "original": { @@ -619,11 +635,11 @@ ] }, "locked": { - "lastModified": 1744015959, - "narHash": "sha256-MFzu2w1e142lC4sYUJaqQwgfRn1TcVZwRfvLhg0qvl0=", + "lastModified": 1744513377, + "narHash": "sha256-2ocy+qAVxTBmaK8MpAy7mpKIH+DYEzwf+KzXZX83oZ4=", "owner": "jas-singhfsu", "repo": "hyprpanel", - "rev": "93235f0fb1ec171055fc95f867edb5a341bcffb1", + "rev": "42943b3def85d8787d703778951944c8e791202b", "type": "github" }, "original": { @@ -699,11 +715,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743938762, - "narHash": "sha256-UgFYn8sGv9B8PoFpUfCa43CjMZBl1x/ShQhRDHBFQdI=", + "lastModified": 1744536153, + "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "74a40410369a1c35ee09b8a1abee6f4acbedc059", + "rev": "18dd725c29603f582cf1900e0d25f9f1063dbf11", "type": "github" }, "original": { @@ -738,11 +754,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1744057897, - "narHash": "sha256-eLQt1nwY5TkWltZMhncTFnVIUqlJCNMU8iDOVS0Kpl4=", + "lastModified": 1744917937, + "narHash": "sha256-KzHhtTA54EwiOgxh3Vy81JhoIiQgZRDZlgo85a6K9TE=", "owner": "nix-community", "repo": "NUR", - "rev": "6123b345b32b960842a53c6c330e9575639c5f98", + "rev": "74f1b9f96f695deab80d45e6a9859f980b072436", "type": "github" }, "original": { @@ -799,6 +815,7 @@ }, "root": { "inputs": { + "flake-private": "flake-private", "flake-utils": "flake-utils", "home-manager": "home-manager", "hyprgrass": "hyprgrass", @@ -848,11 +865,11 @@ ] }, "locked": { - "lastModified": 1743910657, - "narHash": "sha256-zr2jmWeWyhCD8WmO2aWov2g0WPPuZfcJDKzMJZYGq3Y=", + "lastModified": 1744669848, + "narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "523f58a4faff6c67f5f685bed33a7721e984c304", + "rev": "61154300d945f0b147b30d24ddcafa159148026a", "type": "github" }, "original": { @@ -889,11 +906,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1743961983, - "narHash": "sha256-azG6Dnaj4lPVBUMTINIbL6c7+u59IvhLGbceYxdmFxs=", + "lastModified": 1744910471, + "narHash": "sha256-HItOUMA2whFnPMJuyN2XHq9TZttgrgOAZcoUXsaD4Js=", "owner": "danth", "repo": "stylix", - "rev": "f98c2c42b210128f5a62099c12bc566b0050fea9", + "rev": "8d5cd725ad591890c0cd804bf68cc842b8afca51", "type": "github" }, "original": { @@ -1100,11 +1117,11 @@ ] }, "locked": { - "lastModified": 1741934139, - "narHash": "sha256-ZhTcTH9FoeAtbPfWGrhkH7RjLJZ7GeF18nygLAMR+WE=", + "lastModified": 1744644585, + "narHash": "sha256-p0D/e4J6Sv6GSb+9u8OQcVHSE2gPNYB5ygIfGDyEiXQ=", "owner": "hyprwm", "repo": "xdg-desktop-portal-hyprland", - "rev": "150b0b6f52bb422a1b232a53698606fe0320dde0", + "rev": "be6771e754345f18244fb00aae5c9e5ab21ccc26", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 06b0d79d..9f847777 100644 --- a/flake.nix +++ b/flake.nix @@ -5,6 +5,8 @@ nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixpkgs-stable.url = "github:NixOS/nixpkgs/release-24.05"; + flake-private.url = "git+ssh://git@git.firelilith.org/lilith/flake-private.git?ref=main"; + flake-utils.url = "github:numtide/flake-utils"; home-manager = { @@ -87,6 +89,7 @@ system: nixpkgs: let config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) (import ./unfree.nix).allowed; + config.rocmSupport = true; in import nixpkgs { inherit system config; diff --git a/home/lilith/git.nix b/home/lilith/git.nix index 9e8fbdc5..4946e8cd 100644 --- a/home/lilith/git.nix +++ b/home/lilith/git.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ programs.git = { enable = true; lfs.enable = true; @@ -6,7 +7,7 @@ userEmail = "liv@benstem.de"; difftastic.enable = true; signing = { - key = "3586D8D6689B9C9ECD598C588712A0F317C37175"; + key = "B96CE30E7F0B4319DE0025B4272C807BD91F8446"; signByDefault = true; }; extraConfig = { @@ -27,6 +28,8 @@ pruneTags = true; all = true; }; + + init.defaultBranch = "main"; }; }; } diff --git a/home/lilith/hyprland/default.nix b/home/lilith/hyprland/default.nix index d392f003..fd9c3a6e 100644 --- a/home/lilith/hyprland/default.nix +++ b/home/lilith/hyprland/default.nix @@ -70,6 +70,8 @@ allow_tearing = false; }; + ecosystem.no_update_news = true; + decoration = { rounding = 10; diff --git a/home/lilith/packages.nix b/home/lilith/packages.nix index 9e4152a3..a87ce1be 100644 --- a/home/lilith/packages.nix +++ b/home/lilith/packages.nix @@ -5,6 +5,8 @@ gnumake git + libsecret + pulsemixer pavucontrol playerctl diff --git a/home/lilith/sops.nix b/home/lilith/sops.nix index 6aef2b08..b0099500 100644 --- a/home/lilith/sops.nix +++ b/home/lilith/sops.nix @@ -1,9 +1,11 @@ -{ ... }: { +{ ... }: +{ # imports = [ # sops-nix.homeManagerModules.default # ]; - + sops = { - age.keyFile = /persist/data/home/lilith/.config/sops/age/keys.txt; + age.keyFile = "/persist/data/home/lilith/.config/sops/age/keys.txt"; + defaultSopsFile = ../../secrets/default.yaml; }; } diff --git a/home/lilith/thunderbird.nix b/home/lilith/thunderbird.nix index 86a185d0..f3360d11 100644 --- a/home/lilith/thunderbird.nix +++ b/home/lilith/thunderbird.nix @@ -1,11 +1,28 @@ -{...}:{ - programs.thunderbird = { +{ + flake-private, + config, + sops, + ... +}: +{ + programs.thunderbird = { enable = true; settings = { - + }; profiles."lilith" = { isDefault = true; }; }; + + sops.secrets = { + "email/personal/password" = { }; + "email/uni/password" = { }; + "email/work/password" = { }; + "email/fau/password" = { }; + }; + + # As this contains personal information, this part of the config has been + # put in a separate, private repository. Do _not_ use this for actual secrets! + accounts.email.accounts = flake-private.home.accounts.email.accounts { inherit config; }; } diff --git a/hosts/lilith-pc/default.nix b/hosts/lilith-pc/default.nix index 8270a80f..dd474aac 100644 --- a/hosts/lilith-pc/default.nix +++ b/hosts/lilith-pc/default.nix @@ -1,4 +1,4 @@ -{ lib, ... }: +{ lib, pkgs, ... }: let mkHostOverride = lib.mkOverride 75; in @@ -9,6 +9,12 @@ in gaming.enable = true; nfs.client.enable = true; auto_styling.enable = true; + ollama.enable = true; + + hardware.opengl.extraPackages = [ pkgs.rocmPackages.clr.icd ]; + hardware.graphics.extraPackages = [ pkgs.rocmPackages.clr.icd ]; + environment.systemPackages = [ pkgs.rocmPackages.clr.icd ]; + boot.kernelModules = [ "amdgpu" ]; home-manager.users."lilith".wayland.windowManager.hyprland.settings = { input.kb_layout = mkHostOverride "us"; diff --git a/secrets/default.yaml b/secrets/default.yaml index 8f067073..c9a6a469 100644 --- a/secrets/default.yaml +++ b/secrets/default.yaml @@ -2,11 +2,16 @@ ssh: nixremote: public: ENC[AES256_GCM,data:cpgaIleEj+S0AdPnZQ0HeOS44SZNRljSCzi2uzMfA/vb4rmXWPqE+Yh0yG+UD0UThEYmVkZnvK5JNps2lTvp3Dqo92rYLQrn14vFP8yCQMU=,iv:9R5n3yE5yx0JLESRqax2ZWuYFR2XT1Xd882BU/SnAdQ=,tag:IIykViHleEO2lgu1Tjz5pw==,type:str] private: ENC[AES256_GCM,data:7nT/pKf9rfUDQrRgXH/trJ7jv7C+1L71ZiAWK8uKbfYyonHzq3EJZ5hjSiP+9NFa1qoisL3JH/cv5kuDR8FZFLVTv0+oLW55YPD7SOAzVAeL45cnHzgaVvz7CCikve3ZtGHKurqyUcN7MXKDOqwnuQ1tcvzhAmfDBWwbnheUylmokBq20+eivjQ7AGt1lc0e0J2tpEZDdlUOrVFQd0QdoGBGOnadh/yA6fARfZb9oOYryooV1cGhlzoJNQ9/jXEasIDN+GDaNRpvXK5bvWKBNVmNF4QLnt9wJjIVfnpG6IrJJ2yduecgwAFnKj5Gn7NAkJ9RJzE0ysHLWYnIZWm8TGaBaphQLsmd6VJ/47nAiwfAGVoaCWI45lAFwEu9eEdbZn9joQvBFGsE6TEBbjb/JDWSzHFFwFDHNsApIs0w1FN6qEea2BoI6VINgwgzzcyV7XJNPqHd9KFQSSe7eqKAl6OiCGRxrF2pLzTohX/NCDkorkfdDLJ/DlEe+8B+Qe+IGDNtnbzLGDftI+GWYsSyjrUwGXcTSq1meIBB,iv:UBQb9m85xeYioV7VDi5tr7T75MTG9yddBMXASRwvq3A=,tag:1fkwUF1ZuvxNU6ntoXGk0w==,type:str] +email: + personal: + password: ENC[AES256_GCM,data:cEyBJzbA+nkHhg==,iv:xMXg4kTPcTwMHL3hJYf4Vd8ZxBVuAOdImrIJRfnlaXE=,tag:Q4E9iSkt7q3giNQ9+UdSRg==,type:str] + uni: + password: ENC[AES256_GCM,data:HQRcmOs+FE34xKxH+C5OOXWsrl4=,iv:CmMvihFvd5PHHcQi7DXpILx0RnVaS1vwULn15yVCgJc=,tag:I92pnp8TSlat1//D8sBU5Q==,type:str] + work: + password: ENC[AES256_GCM,data:QKR3SDIxzroB,iv:HCVsaBbPcd91fjoZC/V3p//43h1u8XFpiUf4hdO/0Og=,tag:KlCGA0XSQfT1Ox3JWmvbGw==,type:str] + fau: + password: ENC[AES256_GCM,data:livftrSQbA4vmFL9B0y1DyZmxTpWpwIULvKSlQysr6M=,iv:8kXbkg7N7U6px2Clrpw35Ee/yBCf/d9qFG4Sz5yZxUA=,tag:USaDOJEW2fIaIBNpGoCiTA==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1mqw75xvd2gnhx2wsmkr8yctegjfym6xkypwjh82s3yws2glk4vms3cxqaz enc: | @@ -26,8 +31,8 @@ sops: endmMkVMRjgvb05ycS9SamFOUk54QVUKB7eaUO/4Ttxjtt3/ZoryQiHeodnTcqHy 7Z4xQ21bWqDK3Bw/IaYsMEu1GJ5ZR7KcNENnuoU8wza3ymLv60Xzgw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-17T17:44:37Z" - mac: ENC[AES256_GCM,data:ws3pqokNCWVxXgXOFI8mDZQ9XTY1G8WZEEVzk3mD/+ERynLoD4xcPHL5tu3EisPBNIe90olnQy7/FwN8ZOkUl7UWjTPfCOPBqpY8P253YHz5mSdBp3U+9x16nbQHXH2InTzQQwbj7Z2Uz6kzz7Tk8tg8x+zli8lqWwFdpqv7p2k=,iv:Eqw4Q4Yy8/Yq8avXJ3na3lnu275YLvnacjluB++ta54=,tag:FcJDDJtPLm4pCG7ZKWCK0Q==,type:str] + lastmodified: "2025-04-09T22:14:24Z" + mac: ENC[AES256_GCM,data:Qkkazrqr8m89dCex194TLeiCn9S1/j24WFa2gu05AOhZ2Oev7z9LXZh8aH4dmKGdc3S1AsVojdD9zKpVdicVSKjCS372J9NCxtABP/JZQGI1YNz/QnH/CDXQxoEtqv27nMSDcv2E0S1aI4r2wa3JR8x6f7h2CuFzHz/C0zp0z3M=,iv:h1gOc4o9pNYnJIp8oniklLvm7V1OftqGwd8rdSSwRyg=,tag:ojeIa0/uxvAy0HH+Mlxcog==,type:str] pgp: - created_at: "2025-03-17T17:42:02Z" enc: |- @@ -41,4 +46,4 @@ sops: -----END PGP MESSAGE----- fp: 3586D8D6689B9C9ECD598C588712A0F317C37175 unencrypted_suffix: _unencrypted - version: 3.9.4 + version: 3.10.1 diff --git a/system/core/persistence.nix b/system/core/persistence.nix index a695ec34..fc72a7c0 100644 --- a/system/core/persistence.nix +++ b/system/core/persistence.nix @@ -1,10 +1,4 @@ -{ - impermanence, - conf, - lib, - config, - ... -}: +{ impermanence, ... }: { imports = [ impermanence.nixosModule ]; diff --git a/system/optional/default.nix b/system/optional/default.nix index 123f026d..f18973e4 100644 --- a/system/optional/default.nix +++ b/system/optional/default.nix @@ -1,8 +1,10 @@ -{...}: { +{ ... }: +{ imports = [ ./nfs.nix ./desktop.nix ./gaming.nix ./stylix.nix + ./ollama.nix ]; } diff --git a/system/optional/ollama.nix b/system/optional/ollama.nix new file mode 100644 index 00000000..c1c3e716 --- /dev/null +++ b/system/optional/ollama.nix @@ -0,0 +1,20 @@ +{ config, lib, ... }: +{ + options.ollama.enable = lib.mkEnableOption "Enable Ollama server /w GPU acceleration"; + + config.services.ollama = lib.mkIf config.ollama.enable { + enable = true; + host = "0.0.0.0"; + acceleration = "rocm"; + rocmOverrideGfx = "11.0.0"; + }; + config.networking.firewall = lib.mkIf config.ollama.enable { allowedTCPPorts = [ 11434 ]; }; + config.environment.persistence."/persist/cache".directories = lib.mkIf config.ollama.enable [ + { + directory = "/var/lib/private/ollama"; + user = "nouser"; + group = "nogroup"; + mode = "u=rwx,g=,o="; + } + ]; +}