diff --git a/flake.lock b/flake.lock index e374a7d..5948afa 100644 --- a/flake.lock +++ b/flake.lock @@ -1,6 +1,22 @@ { "nodes": { "advisory-db": { + "flake": false, + "locked": { + "lastModified": 1741826510, + "narHash": "sha256-VPfsy7Iymk/Gs/sRgAiy5vkZmnJb1r9GmuF46/aiXNg=", + "owner": "rustsec", + "repo": "advisory-db", + "rev": "825bd26e5e14f8906f9314be1ba6734a753341d1", + "type": "github" + }, + "original": { + "owner": "rustsec", + "repo": "advisory-db", + "type": "github" + } + }, + "advisory-db_2": { "flake": false, "locked": { "lastModified": 1735408444, @@ -16,7 +32,7 @@ "type": "github" } }, - "advisory-db_2": { + "advisory-db_3": { "flake": false, "locked": { "lastModified": 1733749954, @@ -32,7 +48,7 @@ "type": "github" } }, - "advisory-db_3": { + "advisory-db_4": { "flake": false, "locked": { "lastModified": 1741367336, @@ -130,11 +146,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1741691385, - "narHash": "sha256-Zjs3cBTVm4GLjjLgdi9XS/7nEdjjciKPj2EFOLOrNcE=", + "lastModified": 1741864154, + "narHash": "sha256-A39pa4ZmUqSjuE2L4swvHKGUQ2maKiY0P5UduZ+yE90=", "owner": "lilyinstarlight", "repo": "nixos-cosmic", - "rev": "5af413f4e97073783ed2dc11fd134ffc7771414d", + "rev": "05f8b43a311b3a1f914af89a94480b19d2eceac6", "type": "github" }, "original": { @@ -144,6 +160,21 @@ } }, "crane": { + "locked": { + "lastModified": 1741481578, + "narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=", + "owner": "ipetkov", + "repo": "crane", + "rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_2": { "locked": { "lastModified": 1734808813, "narHash": "sha256-3aH/0Y6ajIlfy7j52FGZ+s4icVX0oHhqBzRdlOeztqg=", @@ -158,7 +189,7 @@ "type": "github" } }, - "crane_2": { + "crane_3": { "locked": { "lastModified": 1734324364, "narHash": "sha256-omYTR59TdH0AumP1cfh49fBnWZ52HjfdNfaLzCMZBx0=", @@ -173,7 +204,7 @@ "type": "github" } }, - "crane_3": { + "crane_4": { "locked": { "lastModified": 1739936662, "narHash": "sha256-x4syUjNUuRblR07nDPeLDP7DpphaBVbUaSoeZkFbGSk=", @@ -188,7 +219,7 @@ "type": "github" } }, - "crane_4": { + "crane_5": { "locked": { "lastModified": 1741396358, "narHash": "sha256-js4c6tqxluo4Fysn8gloLnlZ6ZjQkuWMgGjHN8+WssE=", @@ -245,7 +276,53 @@ "type": "github" } }, + "disqalculate": { + "inputs": { + "advisory-db": "advisory-db", + "crane": "crane", + "fenix": "fenix", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1741901720, + "narHash": "sha256-wCKN/Of+zslcYUJq1IAZJjliCKk29YTJftnvlKurKGs=", + "owner": "itepastra", + "repo": "disqalculate", + "rev": "6ccdac2bb18e7a625f96b2faf68b8d59ceed1c84", + "type": "github" + }, + "original": { + "owner": "itepastra", + "repo": "disqalculate", + "type": "github" + } + }, "fenix": { + "inputs": { + "nixpkgs": [ + "disqalculate", + "nixpkgs" + ], + "rust-analyzer-src": [ + "disqalculate" + ] + }, + "locked": { + "lastModified": 1741847799, + "narHash": "sha256-muvsng8/+e9AC+xg5HuHgHwuQ/etKlTevNgr8fw5r9s=", + "owner": "nix-community", + "repo": "fenix", + "rev": "05f331e61277f70f55769060f783457fdacf8da1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, + "fenix_2": { "inputs": { "nixpkgs": [ "flurry", @@ -269,7 +346,7 @@ "type": "github" } }, - "fenix_2": { + "fenix_3": { "inputs": { "nixpkgs": [ "flurry", @@ -295,7 +372,7 @@ "type": "github" } }, - "fenix_3": { + "fenix_4": { "inputs": { "nixpkgs": [ "tsunami", @@ -477,7 +554,25 @@ }, "flake-utils_5": { "inputs": { - "systems": "systems_7" + "systems": "systems_6" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_6": { + "inputs": { + "systems": "systems_8" }, "locked": { "lastModified": 1731533236, @@ -510,10 +605,10 @@ }, "flurry": { "inputs": { - "advisory-db": "advisory-db", - "crane": "crane", - "fenix": "fenix", - "flake-utils": "flake-utils", + "advisory-db": "advisory-db_2", + "crane": "crane_2", + "fenix": "fenix_2", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ], @@ -600,11 +695,11 @@ ] }, "locked": { - "lastModified": 1741791118, - "narHash": "sha256-4Y427uj0eql4yRU5rely3EcOlB9q457UDbG9omPtXiA=", + "lastModified": 1741894454, + "narHash": "sha256-Mu2YXrGr/8Cid6W44AXci/YYnASoXjGrMV9Sjs66oyc=", "owner": "nix-community", "repo": "home-manager", - "rev": "18780912345970e5b546b1b085385789b6935a83", + "rev": "0b0baed7b2bf6a5e365d4cba042b580a2bc32e34", "type": "github" }, "original": { @@ -636,10 +731,10 @@ }, "lanzaboote": { "inputs": { - "crane": "crane_3", + "crane": "crane_4", "flake-compat": "flake-compat_2", "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "pre-commit-hooks-nix": "pre-commit-hooks-nix", "rust-overlay": "rust-overlay" }, @@ -659,7 +754,7 @@ }, "lazy": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_4", "home-manager": "home-manager_3", "lanzaboote": "lanzaboote", "nix-index-database": "nix-index-database", @@ -697,7 +792,7 @@ }, "lix-module": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_5", "flakey-profile": "flakey-profile", "lix": "lix", "nixpkgs": [ @@ -709,7 +804,7 @@ "narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=", "rev": "b90bf629bbd835e61f1317b99e12f8c831017006", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/b90bf629bbd835e61f1317b99e12f8c831017006.tar.gz?rev=b90bf629bbd835e61f1317b99e12f8c831017006" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/b90bf629bbd835e61f1317b99e12f8c831017006.tar.gz" }, "original": { "type": "tarball", @@ -748,11 +843,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1741786494, - "narHash": "sha256-td/mvuzgAFKo2GJ1Xu6eLVN1m8O5UQj8h1Pga1MZ0c8=", + "lastModified": 1741891147, + "narHash": "sha256-hCD/llnO/I0ARk6divzVG3a82nNgrcG58dIe0yhzNo8=", "owner": "YaLTeR", "repo": "niri", - "rev": "9f9c4a99af203366b426192160de528bfb065d9e", + "rev": "ee0e2c7f1b4edae42d2f1b05466adbdffe156e61", "type": "github" }, "original": { @@ -797,7 +892,7 @@ }, "nix-index-database": { "inputs": { - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1740886574, @@ -816,16 +911,16 @@ "nixcord": { "inputs": { "flake-compat": "flake-compat_4", - "nixpkgs": "nixpkgs_5", - "systems": "systems_6", + "nixpkgs": "nixpkgs_6", + "systems": "systems_7", "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1741307969, - "narHash": "sha256-JxWxScHu0g/ltTas3ZvwPX/J6xhHm540+FY8ZfTigDg=", + "lastModified": 1741826393, + "narHash": "sha256-deaIXY9Q5OpcSqWEaX5cB4pw0711q9+hRiiq6arqqoU=", "owner": "kaylorben", "repo": "nixcord", - "rev": "269b69665a78f57f2bc1b62e05e823815f41cea9", + "rev": "91abbf5736459beeacb1c3163a2236241cfc6c71", "type": "github" }, "original": { @@ -882,11 +977,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1741600792, - "narHash": "sha256-yfDy6chHcM7pXpMF4wycuuV+ILSTG486Z/vLx/Bdi6Y=", + "lastModified": 1741724370, + "narHash": "sha256-WsD+8uodhl58jzKKcPH4jH9dLTLFWZpVmGq4W1XDVF4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ebe2788eafd539477f83775ef93c3c7e244421d3", + "rev": "95600680c021743fd87b3e2fe13be7c290e1cac4", "type": "github" }, "original": { @@ -897,6 +992,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1741708242, + "narHash": "sha256-cNRqdQD4sZpN7JLqxVOze4+WsWTmv2DGH0wNCOVwrWc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b62d2a95c72fb068aecd374a7262b37ed92df82b", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1734126203, "narHash": "sha256-0XovF7BYP50rTD2v4r55tR5MuBLet7q4xIz6Rgh3BBU=", @@ -912,7 +1023,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1740388614, "narHash": "sha256-NgKqyZxckkuTRDNNjlJ3kYWUmarJ9+/VHWkGOy0oONQ=", @@ -928,7 +1039,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1740695751, "narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=", @@ -944,7 +1055,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1737003892, "narHash": "sha256-RCzJE9wKByLCXmRBp+z8LK9EgdW+K+W/DXnJS4S/NVo=", @@ -960,7 +1071,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1735554305, "narHash": "sha256-zExSA1i/b+1NMRhGGLtNfFGXgLtgo+dcuzHzaWA6w3Q=", @@ -976,13 +1087,13 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { - "lastModified": 1741819579, - "narHash": "sha256-5+hR3hv98x0RouAYrZfAMezBYtRW39K7qdjuUOartdQ=", + "lastModified": 1741900716, + "narHash": "sha256-XYnb3VZXVCOEtvv/PEhs5dbF3XFXSaaJjuYgVw5+L38=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b33a84fddaf04c082553d6f785145a88c6735eee", + "rev": "d1e14a925afb898fa00f7870e5dc830cb8ce4c5b", "type": "github" }, "original": { @@ -999,11 +1110,11 @@ ] }, "locked": { - "lastModified": 1741746673, - "narHash": "sha256-7L4J5F96ku6DBkbEwxNdPZF41bAEhMMoHUlZD/jGYq4=", + "lastModified": 1741833135, + "narHash": "sha256-HUtFcF4NLwvu7CAowWgqCHXVkNj0EOc/W6Ism4biV6I=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "7af16cbd1464fddde8ad0c4ed7baaa2292445ba4", + "rev": "f3cd1e0feb994188fe3ad9a5c3ab021ed433b8c8", "type": "github" }, "original": { @@ -1046,6 +1157,7 @@ "automapaper": "automapaper", "cosmic": "cosmic", "disko": "disko", + "disqalculate": "disqalculate", "flurry": "flurry", "hardware": "hardware", "home-manager": "home-manager_2", @@ -1055,7 +1167,7 @@ "niri": "niri", "nix-colors": "nix-colors", "nixcord": "nixcord", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "oxalica": "oxalica", "tsunami": "tsunami_2" } @@ -1179,6 +1291,21 @@ } }, "systems_6": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_7": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -1192,7 +1319,7 @@ "type": "indirect" } }, - "systems_7": { + "systems_8": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -1209,7 +1336,7 @@ }, "treefmt-nix": { "inputs": { - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1737103437, @@ -1227,11 +1354,11 @@ }, "tsunami": { "inputs": { - "advisory-db": "advisory-db_2", - "crane": "crane_2", - "fenix": "fenix_2", - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_2" + "advisory-db": "advisory-db_3", + "crane": "crane_3", + "fenix": "fenix_3", + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1734442391, @@ -1249,10 +1376,10 @@ }, "tsunami_2": { "inputs": { - "advisory-db": "advisory-db_3", - "crane": "crane_4", - "fenix": "fenix_3", - "flake-utils": "flake-utils_5", + "advisory-db": "advisory-db_4", + "crane": "crane_5", + "fenix": "fenix_4", + "flake-utils": "flake-utils_6", "nixpkgs": [ "nixpkgs" ] diff --git a/flake.nix b/flake.nix index 0a29799..0de73c9 100644 --- a/flake.nix +++ b/flake.nix @@ -77,6 +77,9 @@ nixcord = { url = "github:kaylorben/nixcord"; }; + disqalculate = { + url = "github:itepastra/disqalculate"; + }; }; outputs = diff --git a/hosts/nuos/configuration.nix b/hosts/nuos/configuration.nix index 2618ae0..1af0024 100644 --- a/hosts/nuos/configuration.nix +++ b/hosts/nuos/configuration.nix @@ -48,7 +48,12 @@ in # Define a user account. Don't forget to set a password with ‘passwd’. users.defaultUserShell = pkgs.zsh; + users.groups.disqalculate = { }; users.users = { + disqalculate = { + isSystemUser = true; + group = "disqalculate"; + }; noa = { isNormalUser = true; extraGroups = [ @@ -162,6 +167,35 @@ in ]; wantedBy = [ "default.target" ]; }; + + "disqalculate" = { + wants = [ + "network-online.target" + ]; + after = [ + "network-online.target" + ]; + serviceConfig = { + Type = "simple"; + ExecStart = "${inputs.disqalculate.packages.${pkgs.system}.default}/bin/disqalculate"; + ExecStop = "${pkgs.busybox}/bin/pkill disqalculate"; + RuntimeDirectory = "disqalculate"; + RootDirectory = "/run/disqalculate"; + User = "disqalculate"; + NoNewPrivileges = true; + ProtectHome = true; + EnvironmentFile = config.age.secrets."discord/disqalculate".path; + BindReadOnlyPaths = [ + "/nix/store" + "/etc/ssl" + "/etc/static/ssl" + "/etc/resolv.conf" + ]; + Restart = "on-failure"; + RestartSec = 1; + TimeoutStopSec = 10; + }; + }; }; virtualisation = { @@ -194,6 +228,7 @@ in "secrets/token-anstml".file = ../../secrets/github/anstml.age; "secrets/token-nixconf".file = ../../secrets/github/nixconf.age; "secrets/nix-store-key".file = ../../secrets/nix-serve/private.age; + "discord/disqalculate".file = ../../secrets/discord/disqalculate.age; "factorio/solrunners".file = ../../secrets/factorio/solrunners.age; "rsecrets/radicale" = { file = ../../secrets/radicale/htpasswd.age; diff --git a/secrets/discord/disqalculate.age b/secrets/discord/disqalculate.age new file mode 100644 index 0000000..5640a86 Binary files /dev/null and b/secrets/discord/disqalculate.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 4ba96a2..9826175 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -38,4 +38,8 @@ in noa nuOS ]; + "discord/disqalculate.age".publicKeys = [ + noa + nuOS + ]; }