From 5cd40d6f60eef1b3986a68954467c67c1d025c92 Mon Sep 17 00:00:00 2001 From: LordGrimmauld Date: Fri, 2 Feb 2024 12:59:59 +0100 Subject: [PATCH] toolchains and spotifyd --- flake.lock | 152 +++++++++++++++++++++++++++++------- flake.nix | 6 +- modules/sound.nix | 95 ++++++++++++++++++++-- modules/system-packages.nix | 17 +--- modules/toolchains.nix | 49 ++++++++++++ modules/users.nix | 25 ++---- secrets/secrets.nix | 5 ++ secrets/spotify_pass.age | 10 +++ 8 files changed, 289 insertions(+), 70 deletions(-) create mode 100644 modules/toolchains.nix create mode 100644 secrets/secrets.nix create mode 100644 secrets/spotify_pass.age diff --git a/flake.lock b/flake.lock index d7ed3a6..0070936 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,48 @@ { "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "systems": "systems" + }, + "locked": { + "lastModified": 1703433843, + "narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=", + "owner": "ryantm", + "repo": "agenix", + "rev": "417caa847f9383e111d1397039c9d4337d024bf0", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -52,14 +95,14 @@ }, "flake-utils": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", "owner": "numtide", "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", "type": "github" }, "original": { @@ -90,17 +133,38 @@ "type": "github" } }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "nix-gaming": { "inputs": { "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1705242731, - "narHash": "sha256-gfuMbiOPlPpl48jH8hGPY/zfaS3OTjdVN2cn450RTBg=", + "lastModified": 1706750085, + "narHash": "sha256-y/+t2ctdeUD/b0DLWS96UgGUs/srj7vbWef709DPxW4=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "c41c0e5e4fbf942046512760dfa31e88c61d4347", + "rev": "63fa64659760172fef0e4d674c6661b7ad53b16b", "type": "github" }, "original": { @@ -111,16 +175,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1704842529, - "narHash": "sha256-OTeQA+F8d/Evad33JMfuXC89VMetQbsU4qcaePchGr4=", + "lastModified": 1703013332, + "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "eabe8d3eface69f5bb16c18f8662a702f50c20d5", + "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -161,11 +225,27 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1705133751, - "narHash": "sha256-rCIsyE80jgiOU78gCWN3A0wE0tR2GI5nH6MlS+HaaSQ=", + "lastModified": 1706367331, + "narHash": "sha256-AqgkGHRrI6h/8FWuVbnkfFmXr4Bqsr4fV23aISqj/xg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9b19f5e77dd906cb52dade0b7bd280339d2a1f3d", + "rev": "160b762eda6d139ac10ae081f8f78d640dd523eb", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1706550542, + "narHash": "sha256-UcsnCG6wx++23yeER4Hg18CXWbgNpqNXcHIo5/1Y+hc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "97b17f32362e475016f942bbdfda4a4a72a8a652", "type": "github" }, "original": { @@ -175,18 +255,18 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { - "lastModified": 1705133751, - "narHash": "sha256-rCIsyE80jgiOU78gCWN3A0wE0tR2GI5nH6MlS+HaaSQ=", + "lastModified": 1706672657, + "narHash": "sha256-API05c0SDZrmzz1wpqt/K3iCwlaOqDeDfZGp0YGQnek=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9b19f5e77dd906cb52dade0b7bd280339d2a1f3d", + "rev": "632751bf0ceeefc74af7a9d2335ea923ad9c831a", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixos-unstable-small", "repo": "nixpkgs", "type": "github" } @@ -194,15 +274,15 @@ "plasma6": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1705232580, - "narHash": "sha256-OJHqtLx+VHgwJL8GcpDouQiwDybQ4mzwLwtXPG9QLqg=", + "lastModified": 1706731447, + "narHash": "sha256-VbsFKQZwtFH6+k4U/YjgF20Byhz4Z21kmoLcG5dV2M8=", "owner": "nix-community", "repo": "kde2nix", - "rev": "155d24c82dde0f4738f05760e5dfc1c13d84fe11", + "rev": "e7aded2df9d79e3c23c953bd6011b66ba2b87d98", "type": "github" }, "original": { @@ -226,11 +306,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1705229514, - "narHash": "sha256-itILy0zimR/iyUGq5Dgg0fiW8plRDyxF153LWGsg3Cw=", + "lastModified": 1706424699, + "narHash": "sha256-Q3RBuOpZNH2eFA1e+IHgZLAOqDD9SKhJ/sszrL8bQD4=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "ffa9a5b90b0acfaa03b1533b83eaf5dead819a05", + "rev": "7c54e08a689b53c8a1e5d70169f2ec9e2a68ffaf", "type": "github" }, "original": { @@ -241,8 +321,9 @@ }, "root": { "inputs": { + "agenix": "agenix", "nix-gaming": "nix-gaming", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "plasma6": "plasma6", "swayfx": "swayfx" } @@ -282,6 +363,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 8dd9813..aa2ca32 100644 --- a/flake.nix +++ b/flake.nix @@ -5,6 +5,7 @@ nixpkgs = { url = "github:NixOS/nixpkgs/nixos-unstable"; }; + agenix.url = "github:ryantm/agenix"; swayfx = { url = "github:WillPower3309/swayfx"; inputs.nixpkgs.follows = "nixpkgs"; @@ -13,7 +14,7 @@ nix-gaming.url = "github:fufexan/nix-gaming"; }; - outputs = inputs @ { self, nix-gaming, nixpkgs, plasma6, swayfx, ... }: let + outputs = inputs @ { self, agenix, nix-gaming, nixpkgs, plasma6, swayfx, ... }: let system = "x86_64-linux"; # pkg-overlays = import nixpkgs { @@ -31,6 +32,7 @@ modules = [ # ({ config, pkgs, ... }: { nixpkgs.overlays = [ (import ./overlay.nix {inherit inputs system;} ) ]; }) plasma6.nixosModules.default + agenix.nixosModules.default nix-gaming.nixosModules.pipewireLowLatency # ./kernel.nix ./configuration.nix @@ -51,7 +53,9 @@ ./modules/mypackaegsstayinstoreffs.nix ./modules/opengl.nix ./modules/kvm.nix + ./modules/toolchains.nix ./cachix.nix + { environment.systemPackages = [ agenix.packages.${system}.default ]; } ]; }; }; diff --git a/modules/sound.nix b/modules/sound.nix index 4394cd4..3850511 100644 --- a/modules/sound.nix +++ b/modules/sound.nix @@ -1,5 +1,31 @@ -{pkgs, ...}: -{ +{config, pkgs, ...}: +let + spotifyd_cache_dir = "/tmp/spotifyd"; +in { + nixpkgs.overlays = [ (final: prev: { spotifyd = prev.spotifyd.overrideAttrs (old: { + postInstall = '' + mkdir -p $out/share/dbus-1/system.d/ +tee $out/share/dbus-1/system.d/org.mpris.MediaPlayer2.spotifyd.conf < + + + + + + + + + + + + + +END + ''; + });}) + ]; # Enable sound with pipewire. sound.enable = true; hardware.pulseaudio.enable = false; @@ -10,13 +36,70 @@ alsa.support32Bit = true; pulse.enable = true; jack.enable = true; # osu uses jack - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; + systemWide = true; # required for spotifyd as spotifyd runs as the spotifyd user }; environment.systemPackages = with pkgs; [ pavucontrol + spotify-tui + spotifyd ]; + + # decrypt spotify password + age.identityPaths = [ "/home/grimmauld/.ssh/id_rsa" ]; + + # spotify pass + age.secrets.spotify_pass = { + file = ../secrets/spotify_pass.age; + owner = "spotifyd"; + group = "spotifyd"; + mode = "700"; + }; + + systemd.services.init-spotifyd-cache-dir = { + description = "Create the spotifyd cache dir"; + wantedBy = [ "multi-user.target" ]; + + serviceConfig.Type = "oneshot"; + script ='' + mkdir -p ${spotifyd_cache_dir} + chown spotifyd:spotifyd -R ${spotifyd_cache_dir} + ''; + }; + + # spotifyd config + services.spotifyd = { + enable = true; + settings.global = { + bitrate = 320; + username = "3tyhk4i01l54w7co7xm7jvu32"; + device_name = "grimm_laptop"; + password_cmd = "${pkgs.coreutils-full}/bin/cat ${config.age.secrets.spotify_pass.path}"; # read password secret + device_type = "computer"; + dbus_type = "system"; + device = "default"; + control = "default"; + volume_controller = "softvol"; +# no_audio_cache = true; + spotifyd_cache_dir = spotifyd_cache_dir; + max_cache_size = 10000000000; + initial_volume = "90"; + backend = "alsa"; # fixme + }; + }; + + + services.dbus.packages = with pkgs; [ + spotifyd # add above dbus code to the config + ]; + + # spotifyd has access to global pipewire + users.users.spotifyd = { + isSystemUser = true; + group = "spotifyd"; + extraGroups = [ "audio" "pipewire" ]; + }; + + # spotifyd is also a group + users.groups = { spotifyd = {}; }; } diff --git a/modules/system-packages.nix b/modules/system-packages.nix index d8e2d45..938ac82 100644 --- a/modules/system-packages.nix +++ b/modules/system-packages.nix @@ -1,13 +1,4 @@ -{pkgs, ...}: -let - my-python-packages = ps: with ps; [ - requests - matplotlib - numpy - scipy - ]; -in -{ +{pkgs, ...}: { virtualisation.libvirtd.qemu.ovmf.packages = [ # pkgs.pkgsCross.aarch64-multiplatform.OVMF.fd # AAVMF pkgs.OVMF.fd @@ -22,10 +13,8 @@ in spice-gtk wget tree - git file kate - git-lfs util-linux btop kitty @@ -46,7 +35,6 @@ in matplotlib numpy scipy -# kio-admin ])) (writeShellScriptBin "primerun" '' @@ -58,8 +46,7 @@ exec "$@" '') (writeShellScriptBin "rebuild" '' - sudo nixos-rebuild switch --flake /home/grimmauld/grimm-nixos-laptop + pkexec nixos-rebuild switch --flake /home/grimmauld/grimm-nixos-laptop '') ]); - programs.xonsh.enable = true; } diff --git a/modules/toolchains.nix b/modules/toolchains.nix new file mode 100644 index 0000000..3b8fef4 --- /dev/null +++ b/modules/toolchains.nix @@ -0,0 +1,49 @@ +{config, pkgs, ...}: let + git_user = "Grimmauld"; +in { + environment.systemPackages = with pkgs; [ + (writeShellScriptBin "silent-add" "git add --intent-to-add $@ ; git update-index --assume-unchanged $@") + (writeShellScriptBin "systemd-owner" "systemctl show -pUser,UID $@") + (writeShellScriptBin "nix-referrers" "nix-store --query --referrers $@") + mkpasswd + ]; + + programs.git = { + enable = true; + lfs.enable = true; + config = { + init.defaultBranch = "main"; + credential.username = git_user; + core.editor = "${pkgs.neovim}/bin/nvim"; + user.name = git_user; + user.email = "${git_user}@grimmauld.de"; + }; + }; + + programs.tmux = { + enable = true; + historyLimit = 42000; + #keyMode = "vi"; + }; + + programs.neovim = { + enable = true; + viAlias = true; + defaultEditor = true; + configure = { + customRC = '' + set number + set hidden + set nocompatible + ''; + packages.myVimPackage = with pkgs.vimPlugins; { + # loaded on launch + start = [ vim-nix vim-scala fugitive autoclose-nvim ]; + # manually loadable by calling `:packadd $plugin-name` + opt = [ ]; + }; + }; + }; + + programs.xonsh.enable = true; +} diff --git a/modules/users.nix b/modules/users.nix index dbe3707..81cae7f 100644 --- a/modules/users.nix +++ b/modules/users.nix @@ -1,16 +1,16 @@ -{pkgs, ...}: -{ +{lib, config, pkgs, ...}: { users.users.grimmauld = { isNormalUser = true; shell = pkgs.xonsh; description = "grimmauld"; - extraGroups = [ "networkmanager" "wheel" "input" "video" "lp" "scanner" "libvirtd" ]; + extraGroups = [ "networkmanager" "wheel" "input" "video" "lp" "scanner" "libvirtd" "pipewire" ]; packages = with pkgs; [ webcord heroic plasma-browser-integration pdfarranger kwrited + hyfetch gparted element-desktop nmap @@ -24,23 +24,8 @@ freecad openscad blender + gomuks + fbcat ]; }; - programs.neovim = { - enable = true; - viAlias = true; - configure = { - customRC = '' - set number - set hidden - set nocompatible - ''; - packages.myVimPackage = with pkgs.vimPlugins; { - # loaded on launch - start = [ vim-nix vim-scala fugitive ]; - # manually loadable by calling `:packadd $plugin-name` - opt = [ ]; - }; - }; - }; } diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 0000000..b276208 --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,5 @@ +let + laptop_pub = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCy7X5ByG4/9y2XkQSnXcpMGnV5WPGUd+B6FaYCDNmPQ7xIZEteS+kCpu9oiMP6C/H/FT+i9DZvCflkzgdFAyujYLKRYaZbZ3K6F60qN0rkJ0z/ZO5c6rqwIwR6BEoB7dq5inkyH9fZ8/SI+PXxELmeWF9ehT7kkQC+o9Ujpcjd7ZuZllbAz4UQZFRbbpwdVJCEDenu9/63yuYbvMupgGk0edaTiFT0Q9MSzs/3pNP8xlAxmmZ3HzSjeF7gUzBF7CaIroTeguiUjSVybUEx48P8fy878t7dUZf4anEno9MS0B3aqfZvCKuuPdAUdeBfCbFHRqN7GuCylFIXGPe95Mxl grimmauld@grimmauld-nixos"; +in { + "spotify_pass.age".publicKeys = [ laptop_pub ]; +} diff --git a/secrets/spotify_pass.age b/secrets/spotify_pass.age new file mode 100644 index 0000000..620e1a0 --- /dev/null +++ b/secrets/spotify_pass.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-rsa skhaxw +PhR0Qi/St6DfuGcO3ffNYN7oq7FzIwHVTeEF+Fsub5n4eRXNpaQlBZjbtksWiRel +pTsvX/raALr3UTfsGTIhPMEBhw2fZn6+Qh7y/INfobVFzE3iz0FIk+sb27xYdXcy +ULB6V5gjYmiMpQ6D1WF25NTNBkdZg9hss/kdjcFUfrtptgWmqkO6rnjS57G1TUlO +uOHAAfTPUPMNpE5i0QMyLZWi5H8ku7xqz6m7piAyz+uBb/L1hlfOjOL5sO7CDNL6 +vAlBK2mmVvglVTQ+7ImehD71YzkTvgccqWKs8IwA5ADprC0rnKIin0/ZrKoKTzho +6/qo0YYYLYBKHeZ1cWlgjg +--- VIhwPiuGDfbYLf2Uip3/sVBlK+zqs+2v9/A28kuw0TQ +µ¯çdEÿ