diff --git a/.ansible/.lock b/.ansible/.lock new file mode 100644 index 0000000..e69de29 diff --git a/.bashrc b/.bashrc index ce0e00d..5428e1f 100644 --- a/.bashrc +++ b/.bashrc @@ -73,9 +73,10 @@ if [[ $(uname -a) == *"microsoft-standard-WSL2"* ]]; then fi # PATH Manipulation +export DOTFILES_PATH=$HOME/.dotfiles export PATH=$PATH:$HOME/.local/bin export PATH=$PATH:$HOME/.cargo/bin -export PATH=$PATH:$HOME/dotfiles/bin +export PATH=$PATH:$DOTFILES_PATH/bin # Add flatpak to XDG_DATA_DIRS export XDG_DATA_DIRS=$XDG_DATA_DIRS:/usr/share:/var/lib/flatpak/exports/share:$HOME/.local/share/flatpak/exports/share @@ -98,9 +99,6 @@ if [ -d "/home/menno/Projects/Work" ]; then export TRADAWARE_DEVOPS=true fi -# Flutter Web and other tools that require Chrome -export CHROME_EXECUTABLE=$(which brave-browser) - # 1Password Source Plugin (Assuming bash compatibility) if [ -f /home/menno/.config/op/plugins.sh ]; then source /home/menno/.config/op/plugins.sh @@ -121,7 +119,7 @@ if [ -f "$HOME/.nix-profile/etc/profile.d/hm-session-vars.sh" ]; then fi # Source agent-bridge script for 1password -source $HOME/dotfiles/bin/1password-agent-bridge.sh +source $DOTFILES_PATH/bin/1password-agent-bridge.sh # zoxide if available if command -v zoxide &> /dev/null; then diff --git a/.vscode/settings.json b/.vscode/settings.json index a5e6029..1d6d8ab 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -7,8 +7,8 @@ "**/.DS_Store": true, "**/*.sha256": true, }, - "ansible.python.interpreterPath": "/usr/bin/python", "files.associations": { "*.yml": "ansible" - } + }, + "ansible.python.interpreterPath": "/usr/bin/python3" } \ No newline at end of file diff --git a/bin/1password-agent-bridge.sh b/bin/1password-agent-bridge.sh index ad587d5..fa203cb 100755 --- a/bin/1password-agent-bridge.sh +++ b/bin/1password-agent-bridge.sh @@ -1,4 +1,4 @@ -source $HOME/dotfiles/bin/helpers/functions.sh +source $DOTFILES_PATH/bin/helpers/functions.sh export SSH_AUTH_SOCK=$HOME/.1password/agent.sock # Check if is_wsl function returns true, don't continue if we are not on WSL diff --git a/bin/actions/auto-start.sh b/bin/actions/auto-start.sh index f9b7eb8..b26f1ba 100755 --- a/bin/actions/auto-start.sh +++ b/bin/actions/auto-start.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -source $HOME/dotfiles/bin/helpers/functions.sh +source $DOTFILES_PATH/bin/helpers/functions.sh # Define associative array with app_name => command mapping declare -A apps=( diff --git a/bin/actions/hello.sh b/bin/actions/hello.sh index 874a1fe..366d596 100755 --- a/bin/actions/hello.sh +++ b/bin/actions/hello.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -source $HOME/dotfiles/bin/helpers/functions.sh +source $HOMEsource $DOTFILES_PATH/bin/helpers/functions.sh welcome() { echo diff --git a/bin/actions/help.sh b/bin/actions/help.sh index b1b7aef..c8d7b65 100755 --- a/bin/actions/help.sh +++ b/bin/actions/help.sh @@ -1,10 +1,10 @@ #!/usr/bin/env bash -source $HOME/dotfiles/bin/helpers/functions.sh +source $DOTFILES_PATH/bin/helpers/functions.sh # Print logo logo # Print help -cat $HOME/dotfiles/bin/resources/help.txt +cat $DOTFILES_PATH/bin/resources/help.txt println " " "cyan" diff --git a/bin/actions/secrets.sh b/bin/actions/secrets.sh index 2aa0500..30eaf01 100755 --- a/bin/actions/secrets.sh +++ b/bin/actions/secrets.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -source $HOME/dotfiles/bin/helpers/functions.sh +source $DOTFILES_PATH/bin/helpers/functions.sh if is_wsl; then output=$(op.exe item get "Dotfiles Secrets" --fields password) @@ -111,8 +111,8 @@ decrypt_folder() { if [[ "$1" == "decrypt" ]]; then printfe "%s\n" "cyan" "Decrypting secrets..." - decrypt_folder ~/dotfiles/secrets + decrypt_folder $DOTFILES_PATH/secrets elif [[ "$1" == "encrypt" ]]; then printfe "%s\n" "cyan" "Encrypting secrets..." - encrypt_folder ~/dotfiles/secrets + encrypt_folder $DOTFILES_PATH/secrets fi diff --git a/bin/actions/update.sh b/bin/actions/update.sh index 04f25dd..81e854f 100755 --- a/bin/actions/update.sh +++ b/bin/actions/update.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -source $HOME/dotfiles/bin/helpers/functions.sh +source $DOTFILES_PATH/bin/helpers/functions.sh help() { printfe "%s\n" "green" "Usage: upgrade.sh [options]" @@ -45,14 +45,14 @@ printfe "%s\n" "cyan" "Limiting to $CORES cores with $JOBS jobs." if [[ "$RUN_HA" == true ]]; then printfe "%s\n" "cyan" "Updating Home Manager flake..." - cd $HOME/dotfiles/config/home-manager && nix --extra-experimental-features nix-command --extra-experimental-features flakes flake update + cd $DOTFILES_PATH/config/home-manager && nix --extra-experimental-features nix-command --extra-experimental-features flakes flake update if command -v home-manager &> /dev/null; then printfe "%s\n" "cyan" "Cleaning old backup files..." rm -rf $HOME/.config/mimeapps.list.backup printfe "%s\n" "cyan" "Upgrading Home Manager packages..." - cd $HOME/dotfiles/config/home-manager && NIXPKGS_ALLOW_UNFREE=1 home-manager --extra-experimental-features nix-command --extra-experimental-features flakes switch -b backup --flake .#$HOSTNAME --impure --cores $CORES -j $JOBS + cd $DOTFILES_PATH/config/home-manager && NIXPKGS_ALLOW_UNFREE=1 home-manager --extra-experimental-features nix-command --extra-experimental-features flakes switch -b backup --flake .#$HOSTNAME --impure --cores $CORES -j $JOBS if [[ $? -ne 0 ]]; then printfe "%s\n" "red" "Failed to upgrade Home Manager packages." @@ -76,7 +76,7 @@ if [[ "$RUN_ANSIBLE" == true ]]; then fi printfe "%s\n" "cyan" "Running Ansible playbook..." - cd $HOME/dotfiles/config/ansible && ansible-playbook -i $HOME/dotfiles/config/ansible/inventory.ini $HOME/dotfiles/config/ansible/main.yml --extra-vars "hostname=$HOSTNAME" --extra-vars "ansible_user=$USER" --limit $HOSTNAME --ask-become-pass ${ANSIBLE_VERBOSE:+-vvv} + cd $DOTFILES_PATH/config/ansible && ansible-playbook -i $DOTFILES_PATH/config/ansible/inventory.ini $DOTFILES_PATH/config/ansible/main.yml --extra-vars "hostname=$HOSTNAME" --extra-vars "ansible_user=$USER" --limit $HOSTNAME --ask-become-pass ${ANSIBLE_VERBOSE:+-vvv} if [[ $? -ne 0 ]]; then printfe "%s\n" "red" "Failed to upgrade Ansible packages." diff --git a/bin/dotf b/bin/dotf index b5c2374..ae5d601 100755 --- a/bin/dotf +++ b/bin/dotf @@ -5,7 +5,7 @@ set -euo pipefail IFS=$'\n\t' # Script constants -readonly DOTFILES_ROOT="$HOME/dotfiles" +readonly DOTFILES_ROOT="$HOME/.dotfiles" readonly DOTFILES_BIN="$DOTFILES_ROOT/bin" # Source helper functions diff --git a/bin/helpers/flatpak_packages.sh b/bin/helpers/flatpak_packages.sh deleted file mode 100755 index 00510f8..0000000 --- a/bin/helpers/flatpak_packages.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/usr/bin/env bash - -source $HOME/dotfiles/bin/helpers/functions.sh - -ensure_flatpak_packages_installed() { - flatpak_packages=($(ls $HOME/dotfiles/config/flatpaks/ | sed 's/.flatpakref//g')) - - for package in "${flatpak_packages[@]}"; do - if ! flatpak list | grep -q $package; then - printfe "%s\n" "cyan" " - Installing $package..." - flatpak install -y flathub $package - - if [ $? -eq 0 ]; then - printfe "%s\n" "green" " - $package installed successfully" - else - printfe "%s\n" "red" " - $package failed to install" - fi - else - printfe "%s\n" "green" " - $package is already installed" - fi - done -} - -print_flatpak_status() { - if is_wsl; then - printfe "%s\n" "yellow" "Running in WSL, skipping Flatpak packages check." - return - fi - - printfe "%s" "cyan" "Checking Flatpak packages..." - clear_line - - flatpak_packages=($(ls $HOME/dotfiles/config/flatpaks/ | sed 's/.flatpakref//g')) - - count=$(echo $flatpak_packages | wc -w) - installed=0 - - for package in "${flatpak_packages[@]}"; do - if flatpak list | grep -q $package; then - installed=$((installed + 1)) - else - if [ "$verbose" = true ]; then - printfe "%s\n" "red" "$package is not installed" - fi - fi - done - - printfe "%s" "cyan" "Flatpak" - if [ $installed -eq $count ]; then - printfe "%s" "green" " $installed/$count " - else - printfe "%s" "red" " $installed/$count " - fi - printfe "%s\n" "cyan" "packages installed" -} \ No newline at end of file diff --git a/bin/helpers/functions.sh b/bin/helpers/functions.sh index b32da2f..26c80ca 100755 --- a/bin/helpers/functions.sh +++ b/bin/helpers/functions.sh @@ -22,16 +22,16 @@ logo() { fi # Print if repo is dirty and the count of untracked files, modified files and staged files - if [[ $(git -C ~/dotfiles status --porcelain) ]]; then + if [[ $(git -C $DOTFILES_PATH status --porcelain) ]]; then printfe "%s" "yellow" "dotfiles is dirty " - printfe "%s" "red" "[$(git -C ~/dotfiles status --porcelain | grep -c '^??')] untracked " - printfe "%s" "yellow" "[$(git -C ~/dotfiles status --porcelain | grep -c '^ M')] modified " - printfe "%s" "green" "[$(git -C ~/dotfiles status --porcelain | grep -c '^M ')] staged " + printfe "%s" "red" "[$(git -C $DOTFILES_PATH status --porcelain | grep -c '^??')] untracked " + printfe "%s" "yellow" "[$(git -C $DOTFILES_PATH status --porcelain | grep -c '^ M')] modified " + printfe "%s" "green" "[$(git -C $DOTFILES_PATH status --porcelain | grep -c '^M ')] staged " fi - printfe "%s" "blue" "[$(git -C ~/dotfiles rev-parse --short HEAD)] " - if [[ $(git -C ~/dotfiles log origin/master..HEAD) ]]; then - printfe "%s" "yellow" "[!] You have $(git -C ~/dotfiles log origin/master..HEAD --oneline | wc -l | tr -d ' ') commit(s) to push" + printfe "%s" "blue" "[$(git -C $DOTFILES_PATH rev-parse --short HEAD)] " + if [[ $(git -C $DOTFILES_PATH log origin/master..HEAD) ]]; then + printfe "%s" "yellow" "[!] You have $(git -C $DOTFILES_PATH log origin/master..HEAD --oneline | wc -l | tr -d ' ') commit(s) to push" fi println "" "normal" diff --git a/config/ansible/tasks/global/symlinks.yml b/config/ansible/tasks/global/symlinks.yml index 86b8237..c6badaf 100644 --- a/config/ansible/tasks/global/symlinks.yml +++ b/config/ansible/tasks/global/symlinks.yml @@ -10,11 +10,11 @@ force: true follow: false loop: - - { src: "~/dotfiles/config/home-manager", dest: "~/.config/home-manager" } - - { src: "~/dotfiles/vscode/settings.json", dest: "~/.config/Code/User/settings.json" } - - { src: "~/dotfiles/config/ssh/config", dest: "~/.ssh/config" } - - { src: "~/dotfiles/config/ssh/config.d", dest: "~/.ssh/config.d" } - - { src: "~/dotfiles/config/starship.toml", dest: "~/.config/starship.toml" } + - { src: "$DOTFILES_PATH/config/home-manager", dest: "~/.config/home-manager" } + - { src: "$DOTFILES_PATH/vscode/settings.json", dest: "~/.config/Code/User/settings.json" } + - { src: "$DOTFILES_PATH/config/ssh/config", dest: "~/.ssh/config" } + - { src: "$DOTFILES_PATH/config/ssh/config.d", dest: "~/.ssh/config.d" } + - { src: "$DOTFILES_PATH/config/starship.toml", dest: "~/.config/starship.toml" } - name: Create gitconfig symlink ansible.builtin.file: @@ -25,11 +25,11 @@ follow: false vars: gitconfig_mapping: - mennos-desktop: "~/dotfiles/config/git/gitconfig.linux" - mennos-laptop: "~/dotfiles/config/git/gitconfig.linux" - mennos-server: "~/dotfiles/config/git/gitconfig.mennos-server" - mennos-vm: "~/dotfiles/config/git/gitconfig.mennos-server" - mennos-hobbypc: "~/dotfiles/config/git/gitconfig.linux" + mennos-desktop: "$DOTFILES_PATH/config/git/gitconfig.linux" + mennos-laptop: "$DOTFILES_PATH/config/git/gitconfig.linux" + mennos-server: "$DOTFILES_PATH/config/git/gitconfig.mennos-server" + mennos-vm: "$DOTFILES_PATH/config/git/gitconfig.mennos-server" + mennos-hobbypc: "$DOTFILES_PATH/config/git/gitconfig.linux" - name: Create SSH authorized_keys symlink ansible.builtin.file: @@ -40,8 +40,8 @@ follow: false vars: authorized_keys_mapping: - mennos-desktop: "~/dotfiles/config/ssh/authorized_keys/mennos-desktop" - mennos-laptop: "~/dotfiles/config/ssh/authorized_keys/mennos-laptop" - mennos-server: "~/dotfiles/config/ssh/authorized_keys/mennos-server" - mennos-vm: "~/dotfiles/config/ssh/authorized_keys/mennos-server" - mennos-hobbypc: "~/dotfiles/config/ssh/authorized_keys/mennos-hobbypc" + mennos-desktop: "$DOTFILES_PATH/config/ssh/authorized_keys/mennos-desktop" + mennos-laptop: "$DOTFILES_PATH/config/ssh/authorized_keys/mennos-laptop" + mennos-server: "$DOTFILES_PATH/config/ssh/authorized_keys/mennos-server" + mennos-vm: "$DOTFILES_PATH/config/ssh/authorized_keys/mennos-server" + mennos-hobbypc: "$DOTFILES_PATH/config/ssh/authorized_keys/mennos-hobbypc" diff --git a/config/ansible/tasks/global/tailscale.yml b/config/ansible/tasks/global/tailscale.yml index 500c043..ca8a193 100644 --- a/config/ansible/tasks/global/tailscale.yml +++ b/config/ansible/tasks/global/tailscale.yml @@ -1,19 +1,13 @@ -- name: Ensure Tailscale is installed - ansible.builtin.package: - name: tailscale - state: present - become: true - - name: Check if Tailscale is installed - ansible.builtin.command: tailscale + ansible.builtin.command: which tailscale register: tailscale_check changed_when: false failed_when: false -- name: Install Tailscale - ansible.builtin.command: tailscale up +- name: Install Tailscale using curl script + ansible.builtin.shell: curl -fsSL https://tailscale.com/install.sh | sh args: - creates: /var/lib/tailscale/tailscaled.state + creates: /usr/bin/tailscale when: tailscale_check.rc != 0 become: true diff --git a/config/ansible/tasks/workstations/1password-zen-browser.yml b/config/ansible/tasks/workstations/1password-zen-browser.yml new file mode 100644 index 0000000..fb128b4 --- /dev/null +++ b/config/ansible/tasks/workstations/1password-zen-browser.yml @@ -0,0 +1,40 @@ +- name: Check if 1Password is installed + ansible.builtin.command: 1password --version + register: onepassword_check + changed_when: false + failed_when: false + +- name: Check if 1Password is running anywhere + ansible.builtin.command: pgrep 1password + register: onepassword_running + changed_when: false + failed_when: false + +- name: Kill any running 1Password instances + ansible.builtin.command: pkill 1password + when: onepassword_running.stdout != "" + changed_when: onepassword_running.stdout != "" + +- name: Ensure 1Password custom allowed browsers directory exists + ansible.builtin.file: + path: /etc/1password + state: directory + mode: '0755' + become: true + +- name: Add Zen browser to 1Password custom allowed browsers + ansible.builtin.copy: + content: | + ZenBrowser + zen-browser + app.zen_browser.zen + zen + dest: /etc/1password/custom_allowed_browsers + owner: root + group: root + mode: '0755' + become: true + +- name: If 1Password was running, restart it + ansible.builtin.command: screen -dmS 1password 1password + when: onepassword_running.stdout != "" diff --git a/config/ansible/tasks/workstations/1password.yml b/config/ansible/tasks/workstations/1password.yml deleted file mode 100644 index 5015b04..0000000 --- a/config/ansible/tasks/workstations/1password.yml +++ /dev/null @@ -1,43 +0,0 @@ -- name: Import 1Password GPG key (RPM) - ansible.builtin.rpm_key: - key: https://downloads.1password.com/linux/keys/1password.asc - state: present - when: ansible_pkg_mgr == "yum" or ansible_pkg_mgr == "dnf" - -- name: Import 1Password GPG key (APT) - ansible.builtin.apt_key: - url: https://downloads.1password.com/linux/keys/1password.asc - state: present - when: ansible_pkg_mgr == "apt" - -- name: Add 1Password repository (RPM) - ansible.builtin.copy: - content: | - [1password] - name=1Password Stable Channel - baseurl=https://downloads.1password.com/linux/rpm/stable/$basearch - enabled=1 - gpgcheck=1 - repo_gpgcheck=1 - gpgkey=https://downloads.1password.com/linux/keys/1password.asc - dest: /etc/yum.repos.d/1password.repo - mode: '0644' - when: ansible_pkg_mgr == "yum" or ansible_pkg_mgr == "dnf" - -- name: Add 1Password repository (APT) - ansible.builtin.apt_repository: - repo: deb [arch=amd64] https://downloads.1password.com/linux/debian stable main - state: present - when: ansible_pkg_mgr == "apt" - -- name: Install 1Password CLI (RPM) - ansible.builtin.package: - name: 1password-cli - state: present - when: ansible_pkg_mgr == "yum" or ansible_pkg_mgr == "dnf" - -- name: Install 1Password CLI (APT) - ansible.builtin.package: - name: 1password-cli - state: present - when: ansible_pkg_mgr == "apt" diff --git a/config/ansible/tasks/workstations/brave.yml b/config/ansible/tasks/workstations/brave.yml deleted file mode 100644 index 77be083..0000000 --- a/config/ansible/tasks/workstations/brave.yml +++ /dev/null @@ -1,18 +0,0 @@ -- name: Check if Brave is installed - ansible.builtin.command: brave-browser --version - register: brave_check - changed_when: false - failed_when: false - -- name: Download Brave Browser install script - ansible.builtin.get_url: - url: https://dl.brave.com/install.sh - dest: /tmp/install_brave.sh - mode: '0755' - when: brave_check.rc != 0 - -- name: Install Brave Browser - ansible.builtin.command: bash -c 'set -o pipefail && /tmp/install_brave.sh -y' - when: brave_check.rc != 0 - args: - creates: /usr/bin/brave-browser diff --git a/config/ansible/tasks/workstations/flatpaks.yml b/config/ansible/tasks/workstations/flatpaks.yml index 94cbe14..5b7f31d 100644 --- a/config/ansible/tasks/workstations/flatpaks.yml +++ b/config/ansible/tasks/workstations/flatpaks.yml @@ -1,3 +1,16 @@ +- name: Check if Flatpak is installed + ansible.builtin.command: which flatpak + register: flatpak_check + changed_when: false + failed_when: false + +- name: Install Flatpak + ansible.builtin.package: + name: flatpak + state: present + become: true + when: flatpak_check.rc != 0 + - name: Add Flathub remote repository community.general.flatpak_remote: name: flathub @@ -14,42 +27,22 @@ register: system_remotes changed_when: false -- name: Get list of user installed Flatpaks - ansible.builtin.command: flatpak list --user --app --columns=application - register: installed_user_flatpaks - changed_when: false - -- name: Get list of user remotes - ansible.builtin.command: flatpak remote-list --user --columns=name - register: user_remotes - changed_when: false - - - name: Define system desired Flatpaks ansible.builtin.set_fact: desired_system_flatpaks: - org.fkoehler.KTailctl - com.spotify.Client - org.gnome.Extensions - - com.tomjwatson.Emote - io.github.openhv.OpenHV - - com.github.k4zmu2a.spacecadetpinball - com.usebottles.bottles - io.github.shiftey.Desktop - - org.fedoraproject.MediaWriter - com.github.tchx84.Flatseal - - de.haeckerfelix.Shortwave - - io.github.thetumultuousunicornofdarkness.cpu-x - - org.gnome.Crosswords - com.github.wwmm.easyeffects - dev.bragefuglseth.Keypunch - org.onlyoffice.desktopeditors - - com.jeffser.Alpaca - - info.beyondallreason.bar - io.gitlab.adhami3310.Impression - org.prismlauncher.PrismLauncher - io.ente.auth - - org.signal.Signal - io.github.fastrizwaan.WineZGUI - net.davidotek.pupgui2 - tv.plex.PlexDesktop @@ -63,35 +56,17 @@ - page.tesk.Refine - io.github.flattool.Ignition - io.github.bytezz.IPLookup - - com.github.marhkb.Pods - io.github.giantpinkrobots.varia - io.bassi.Amberol - org.gaphor.Gaphor - io.github.seadve.Mousai + - info.beyondallreason.bar + - com.jeffser.Alpaca - name: Define system desired Flatpak remotes ansible.builtin.set_fact: desired_system_flatpak_remotes: - flathub - - fedora - -- name: Define user desired Flatpaks - ansible.builtin.set_fact: - desired_user_flatpaks: - - com.discordapp.Discord - - io.github.moonlight_mod.moonlight-installer - -- name: Define user desired Flatpak remotes - ansible.builtin.set_fact: - desired_user_flatpak_remotes: - - flathub - -- name: Add desired user Flatpak remotes - community.general.flatpak_remote: - name: "{{ item }}" - state: present - method: user - loop: "{{ desired_user_flatpak_remotes }}" - name: Add desired system Flatpak remotes community.general.flatpak_remote: @@ -100,13 +75,6 @@ method: system loop: "{{ desired_system_flatpak_remotes }}" -- name: Remove undesired user Flatpak remotes - community.general.flatpak_remote: - name: "{{ item }}" - state: absent - method: user - loop: "{{ user_remotes.stdout_lines | difference(desired_user_flatpak_remotes) }}" - - name: Remove undesired system Flatpak remotes community.general.flatpak_remote: name: "{{ item }}" @@ -114,13 +82,6 @@ method: system loop: "{{ system_remotes.stdout_lines | difference(desired_system_flatpak_remotes) }}" -- name: Install desired user Flatpaks - community.general.flatpak: - name: "{{ item }}" - state: present - method: user - loop: "{{ desired_user_flatpaks }}" - - name: Install/Upgrade Flatpak packages community.general.flatpak: name: "{{ item }}" @@ -128,13 +89,6 @@ method: system loop: "{{ desired_system_flatpaks }}" -- name: Remove undesired user Flatpaks - community.general.flatpak: - name: "{{ item }}" - state: absent - method: user - loop: "{{ installed_user_flatpaks.stdout_lines | difference(desired_user_flatpaks) }}" - - name: Remove undesired system Flatpaks community.general.flatpak: name: "{{ item }}" diff --git a/config/ansible/tasks/workstations/snaps.yml b/config/ansible/tasks/workstations/snaps.yml index a4b130e..ea8592f 100644 --- a/config/ansible/tasks/workstations/snaps.yml +++ b/config/ansible/tasks/workstations/snaps.yml @@ -29,10 +29,18 @@ - gnome-3-28-1804 - gnome-3-34-1804 - gnome-3-38-2004 + - gnome-42-2204 + - desktop-security-center + - firmware-updater + - prompting-client + - snap-store + - snapd-desktop-integration - name: Define desired Snaps ansible.builtin.set_fact: desired_snaps: + - name: firefox + classic: false - name: bitwarden classic: false - name: bw @@ -51,7 +59,14 @@ - name: Remove undesired Snap packages ansible.builtin.command: "snap remove {{ item }}" become: true - loop: "{{ installed_snaps.stdout_lines[1:] | map('split', ' ') | map('first') | difference(desired_snaps | map(attribute='name')) | difference(system_snaps) }}" + loop: >- + {{ + installed_snaps.stdout_lines[1:] + | map('split', ' ') + | map('first') + | difference(desired_snaps | map(attribute='name')) + | difference(system_snaps) + }} register: snap_remove changed_when: snap_remove.rc == 0 failed_when: diff --git a/config/ansible/tasks/workstations/ulauncher.yml b/config/ansible/tasks/workstations/ulauncher.yml index 51283dc..849244a 100644 --- a/config/ansible/tasks/workstations/ulauncher.yml +++ b/config/ansible/tasks/workstations/ulauncher.yml @@ -2,7 +2,7 @@ ansible.builtin.package: name: - ulauncher - - python3-pytz + # - python3-pytz - python3-tornado - python3-docker - python3-requests @@ -27,7 +27,9 @@ mode: '0644' vars: ulauncher_settings: - blacklisted-desktop-dirs: "/usr/share/locale:/usr/share/app-install:/usr/share/kservices5:/usr/share/fk5:/usr/share/kservicetypes5:/usr/share/applications/screensavers:/usr/share/kde4:/usr/share/mimelnk" + blacklisted-desktop-dirs: > + /usr/share/locale:/usr/share/app-install:/usr/share/kservices5:/usr/share/fk5:/usr/share/kservicetypes5: + /usr/share/applications/screensavers:/usr/share/kde4:/usr/share/mimelnk clear-previous-query: true disable-desktop-filters: false grab-mouse-pointer: false diff --git a/config/ansible/tasks/workstations/vscode.yml b/config/ansible/tasks/workstations/vscode.yml index 5b75b19..948589b 100644 --- a/config/ansible/tasks/workstations/vscode.yml +++ b/config/ansible/tasks/workstations/vscode.yml @@ -1,9 +1,14 @@ -- name: Import Microsoft GPG key +- name: Gather OS facts + ansible.builtin.setup: + filter: ansible_distribution + register: os_facts + +- name: Import Microsoft GPG key (Fedora) ansible.builtin.rpm_key: key: https://packages.microsoft.com/keys/microsoft.asc - state: present + when: os_facts.ansible_facts.ansible_distribution == 'Fedora' -- name: Add VSCode repository +- name: Add VSCode repository (Fedora) ansible.builtin.copy: content: | [code] @@ -14,6 +19,19 @@ gpgkey=https://packages.microsoft.com/keys/microsoft.asc dest: /etc/yum.repos.d/vscode.repo mode: '0644' + when: os_facts.ansible_facts.ansible_distribution == 'Fedora' + +- name: Add VSCode repository (Ubuntu/Debian) + ansible.builtin.apt_repository: + repo: 'deb [arch=amd64] https://packages.microsoft.com/repos/vscode stable main' + state: present + when: os_facts.ansible_facts.ansible_distribution in ['Ubuntu', 'Debian'] + +- name: Import Microsoft GPG key (Ubuntu/Debian) + ansible.builtin.apt_key: + url: https://packages.microsoft.com/keys/microsoft.asc + state: present + when: os_facts.ansible_facts.ansible_distribution in ['Ubuntu', 'Debian'] - name: Check if VSCode is installed ansible.builtin.command: code --version @@ -21,8 +39,14 @@ changed_when: false failed_when: false -- name: Install VSCode +- name: Install VSCode (Fedora) ansible.builtin.package: name: code state: present - when: vscode_check.rc != 0 + when: vscode_check.rc != 0 and os_facts.ansible_facts.ansible_distribution == 'Fedora' + +- name: Install VSCode (Ubuntu/Debian) + ansible.builtin.apt: + name: code + state: present + when: vscode_check.rc != 0 and os_facts.ansible_facts.ansible_distribution in ['Ubuntu', 'Debian'] diff --git a/config/ansible/tasks/workstations/workstation.yml b/config/ansible/tasks/workstations/workstation.yml index 2fff9ee..2a6914c 100644 --- a/config/ansible/tasks/workstations/workstation.yml +++ b/config/ansible/tasks/workstations/workstation.yml @@ -11,46 +11,34 @@ ansible.builtin.import_tasks: tasks/workstations/vscode.yml become: true -- name: Include Brave tasks - ansible.builtin.import_tasks: tasks/workstations/brave.yml - become: true - - name: Include Zen browser tasks ansible.builtin.import_tasks: tasks/workstations/zen-browser.yml + vars: + browser_name: "zen" + browser_executable: "zen" + +- name: Include 1Password Zen Browser tasks + ansible.builtin.import_tasks: tasks/workstations/1password-zen-browser.yml - name: Include Ulauncher tasks ansible.builtin.import_tasks: tasks/workstations/ulauncher.yml -- name: Include 1Password tasks - ansible.builtin.import_tasks: tasks/workstations/1password.yml - become: true - - name: Ensure common packages are installed ansible.builtin.package: name: - # Flatpak package manager, used for various applications - - flatpak + ###### THE FOLLOWING PACKAGES ARE DISABLED DUE TO MISSING ON UBUNTU REPOS ###### # Required by Pano - Clipboard Manager (GNOME Extension) - - libgda - - libgda-sqlite + # - libgda + # - libgda-sqlite # Required by Bubblemail - Email Notifications (GNOME Extension) - - bubblemail + # - bubblemail + # Steam and it's dependencies + # - steam + # - steam-devices + ################################################################################ # Statistics HUD for gaming - mangohud - # Steam and it's dependencies - - steam - - steam-devices - # Missing icons in GNOME Shell (If not working, reset your icon theme with `gsettings reset gsettings reset org.gnome.desktop.interface icon-theme`) - - gdk-pixbuf2-modules-extra - - adwaita-icon-theme - - gnome-icon-theme # Used for VSCode Extensions - - nodejs20 + - nodejs state: present become: true - -- name: Regenerate GNOME Icon Cache - ansible.builtin.command: - cmd: gtk-update-icon-cache /usr/share/icons/gnome - creates: /usr/share/icons/gnome/icon-theme.cache - become: true diff --git a/config/ansible/tasks/workstations/zen-browser.yml b/config/ansible/tasks/workstations/zen-browser.yml index 7dbb8f8..8c81067 100644 --- a/config/ansible/tasks/workstations/zen-browser.yml +++ b/config/ansible/tasks/workstations/zen-browser.yml @@ -1,14 +1,64 @@ -- name: Check if Zen browser is installed - stat: - path: ~/.local/share/AppImage/ZenBrowser.AppImage - register: zen_browser_installed +- name: Set Zen browser version + ansible.builtin.set_fact: + zen_browser_version: "1.8.2b" -- name: Install Zen browser - ansible.builtin.command: > - echo "1" | bash <(curl https://updates.zen-browser.app/appimage.sh) - when: not zen_browser_installed.stat.exists +- name: Create directory for browser + ansible.builtin.file: + path: "/opt/{{ browser_name }}" + state: directory + mode: '0755' + become: true -- name: Update Zen browser - ansible.builtin.command: > - echo "3" | bash <(curl https://updates.zen-browser.app/appimage.sh) - when: zen_browser_installed.stat.exists +- name: Download Zen browser tarball + ansible.builtin.get_url: + url: "https://github.com/zen-browser/desktop/releases/download/{{ zen_browser_version }}/zen.linux-x86_64.tar.xz" + dest: "/tmp/{{ browser_name }}.tar.xz" + mode: '0644' + become: true + +- name: Extract browser tarball + ansible.builtin.unarchive: + src: "/tmp/{{ browser_name }}.tar.xz" + dest: "/opt/{{ browser_name }}" + remote_src: true + extra_opts: [--strip-components=1] + become: true + +- name: Create symlink to browser executable + ansible.builtin.file: + src: "/opt/{{ browser_name }}/{{ browser_executable }}" + dest: "/usr/local/bin/{{ browser_name }}" + state: link + become: true + +- name: Create desktop file + ansible.builtin.copy: + content: | + [Desktop Entry] + Version=1.0 + Name=Zen Browser + Exec=/usr/local/bin/{{ browser_name }} + Icon=/opt/zen/browser/chrome/icons/default/default128.png + Type=Application + Categories=Network;WebBrowser; + dest: "/usr/share/applications/zen.desktop" + mode: '0644' + become: true + +- name: Update desktop database + ansible.builtin.command: + cmd: update-desktop-database + creates: /usr/share/applications/mimeinfo.cache + become: true + +- name: Make desktop file executable + ansible.builtin.file: + dest: "/usr/share/applications/zen.desktop" + mode: '0755' + become: true + +- name: Clean up downloaded tarball + ansible.builtin.file: + path: "/tmp/{{ browser_name }}.tar.xz" + state: absent + become: true diff --git a/config/home-manager/flake.lock b/config/home-manager/flake.lock index 9f57dce..bc65b24 100644 --- a/config/home-manager/flake.lock +++ b/config/home-manager/flake.lock @@ -23,11 +23,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1740932899, - "narHash": "sha256-F0qDu2egq18M3edJwEOAE+D+VQ+yESK6YWPRQBfOqq8=", + "lastModified": 1741048562, + "narHash": "sha256-W4YZ3fvWZiFYYyd900kh8P8wU6DHSiwaH0j4+fai1Sk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1546c45c538633ae40b93e2d14e0bb6fd8f13347", + "rev": "6af28b834daca767a7ef99f8a7defa957d0ade6f", "type": "github" }, "original": { diff --git a/config/home-manager/packages/common/bash.nix b/config/home-manager/packages/common/bash.nix index 94545e1..d788fdf 100644 --- a/config/home-manager/packages/common/bash.nix +++ b/config/home-manager/packages/common/bash.nix @@ -1,6 +1,10 @@ { config, pkgs, ... }: + +let + dotfilesPath = builtins.getEnv "DOTFILES_PATH"; +in { - home.file.".bashrc.extra".source = "${config.home.homeDirectory}/dotfiles/.bashrc"; + home.file.".bashrc.extra".source = "${dotfilesPath}/.bashrc"; programs.bash = { enable = true; diff --git a/config/home-manager/packages/workstation/brave-search-engines.sh b/config/home-manager/packages/workstation/brave-search-engines.sh deleted file mode 100755 index 90fa649..0000000 --- a/config/home-manager/packages/workstation/brave-search-engines.sh +++ /dev/null @@ -1,108 +0,0 @@ -#!/usr/bin/env bash - -BRAVE_DIR="$HOME/.config/BraveSoftware/Brave-Browser/Default" -MAX_ATTEMPTS=30 # Maximum number of seconds to wait - -# Function to check if database is locked -is_db_locked() { - local db_file="$1" - if lsof "$db_file" >/dev/null 2>&1; then - return 0 # true, db is locked - else - return 1 # false, db is not locked - fi -} - -# Check if profile exists -if [ ! -d "$BRAVE_DIR" ]; then - echo "Brave profile directory doesn't exist. Please run Brave at least once." - exit 1 -fi - -# Check if Web Data exists -if [ ! -f "$BRAVE_DIR/Web Data" ]; then - echo "Web Data file doesn't exist. Please run Brave at least once." - exit 1 -fi - -# Wait for database to be unlocked -attempts=0 -while is_db_locked "$BRAVE_DIR/Web Data" && [ $attempts -lt $MAX_ATTEMPTS ]; do - echo "Database is locked. Waiting... ($attempts/$MAX_ATTEMPTS)" - sleep 1 - attempts=$((attempts + 1)) -done - -if is_db_locked "$BRAVE_DIR/Web Data"; then - echo "Database is still locked after $MAX_ATTEMPTS seconds. Please ensure Brave is completely closed and try again." - exit 1 -fi - -echo "Setting up search engines..." - -# Create temporary file for SQL commands -SQLCOMMANDS=$(mktemp) - -cat > $SQLCOMMANDS << 'ENDSQL' -DELETE FROM keywords WHERE keyword NOT IN ('@bookmarks', '@history'); - -INSERT INTO keywords ( - short_name, keyword, favicon_url, url, safe_for_autoreplace, - date_created, usage_count, input_encodings, suggest_url, prepopulate_id, - sync_guid, alternate_urls, last_visited, is_active -) VALUES -( - 'Brave', ':br', - 'https://cdn.search.brave.com/serp/v2/_app/immutable/assets/favicon.acxxetWH.ico', - 'https://search.brave.com/search?q={searchTerms}&source=desktop', - 1, 0, 0, 'UTF-8', - 'https://search.brave.com/api/suggest?q={searchTerms}&rich=true&source=desktop', - 550, '485bf7d3-0215-45af-87dc-538868000550', '[]', 0, 0 -), -( - 'Google', ':gg', - 'https://www.google.com/images/branding/product/ico/googleg_alldp.ico', - '{google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:language}{google:prefetchSource}{google:searchClient}{google:sourceId}{google:contextualSearchVersion}ie={inputEncoding}', - 1, 0, 0, 'UTF-8', - '{google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:omniboxFocusType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:clientCacheTimeToLive}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}', - 1, '485bf7d3-0215-45af-87dc-538868000001', '[]', 0, 0 -), -( - 'DuckDuckGo', ':dd', - 'https://duckduckgo.com/favicon.ico', - 'https://duckduckgo.com/?q={searchTerms}&t=brave', - 1, 0, 0, 'UTF-8', - 'https://ac.duckduckgo.com/ac/?q={searchTerms}&type=list', - 501, '485bf7d3-0215-45af-87dc-538868000501', '[]', 0, 0 -), -( - 'NixOS', ':nix', - 'https://search.nixos.org/favicon.png', - 'https://search.nixos.org/packages?query={searchTerms}', - 1, 0, 0, '', - '', - 0, '485bf7d3-0215-45af-87dc-538868000552', '[]', 0, 1 -), -( - 'GoLink', ':go', - 'http://go/favicon.ico', - 'http://go/{searchTerms}', - 1, 0, 0, '', - '', - 0, '485bf7d3-0215-45af-87dc-538868000551', '[]', 0, 1 -); -ENDSQL - -# Execute SQL commands -sqlite3 "$BRAVE_DIR/Web Data" < $SQLCOMMANDS - -# Cleanup -rm $SQLCOMMANDS - -echo "Search engines setup completed successfully!" - -# Restart Brave if it was running before -if [ "$BRAVE_WAS_RUNNING" = "1" ]; then - echo "Restarting Brave..." - brave &> /dev/null & -fi diff --git a/config/home-manager/packages/workstation/brave.nix b/config/home-manager/packages/workstation/brave.nix deleted file mode 100644 index 539baad..0000000 --- a/config/home-manager/packages/workstation/brave.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - # Copy search engine configuration script - home.file.".local/bin/brave-search-engines.sh" = { - source = ./brave-search-engines.sh; - executable = true; - }; - - # Run search engine configuration script - home.activation = { - setBraveSearchEngines = lib.hm.dag.entryAfter [ "writeBoundary" ] '' - PATH="${pkgs.procps}/bin:${pkgs.sqlite}/bin:$PATH" $HOME/.local/bin/brave-search-engines.sh - ''; - }; -} diff --git a/config/home-manager/packages/workstation/default.nix b/config/home-manager/packages/workstation/default.nix index cfd917e..a8ff8b3 100644 --- a/config/home-manager/packages/workstation/default.nix +++ b/config/home-manager/packages/workstation/default.nix @@ -3,7 +3,6 @@ let files = builtins.removeAttrs (builtins.readDir ./.) [ "default.nix" - "brave-search-engines.sh" "ulauncher.nix" # Disabled, since we switched to ansible for this ]; diff --git a/config/home-manager/packages/workstation/packages.nix b/config/home-manager/packages/workstation/packages.nix index 190750b..fc22934 100644 --- a/config/home-manager/packages/workstation/packages.nix +++ b/config/home-manager/packages/workstation/packages.nix @@ -23,7 +23,6 @@ gpredict # Satellite tracking ## Chat Apps - betterdiscordctl vesktop ## Multimedia diff --git a/config/home-manager/workstation/dconf.nix b/config/home-manager/workstation/dconf.nix index 12635af..b6ac77d 100644 --- a/config/home-manager/workstation/dconf.nix +++ b/config/home-manager/workstation/dconf.nix @@ -5,15 +5,15 @@ enable = true; iconTheme = { - name = "Adwaita"; + name = "Yaru"; }; theme = { - name = "Adwaita"; + name = "Yaru"; }; cursorTheme = { - name = "Adwaita"; + name = "Yaru"; }; gtk3.extraConfig = { @@ -51,7 +51,7 @@ # add more by listing them with `dconf read /org/gnome/shell/favorite-apps | sed "s/,//g; s/'/\"/g"` then copy pasting the output here "org/gnome/shell" = { favorite-apps = [ - "ZenBrowser.desktop" + "zen.desktop" "org.gnome.Nautilus.desktop" "com.spotify.Client.desktop" "vesktop.desktop" diff --git a/config/home-manager/workstation/default-apps.nix b/config/home-manager/workstation/default-apps.nix index 3a731c6..3b4cb74 100644 --- a/config/home-manager/workstation/default-apps.nix +++ b/config/home-manager/workstation/default-apps.nix @@ -4,11 +4,11 @@ xdg.mimeApps = { enable = true; defaultApplications = { - # Brave Browser - "application/xhtml+xml" = [ "ZenBrowser.desktop" ]; - "text/html" = [ "ZenBrowser.desktop" ]; - "x-scheme-handler/http" = [ "ZenBrowser.desktop" ]; - "x-scheme-handler/https" = [ "ZenBrowser.desktop" ]; + # default browser + "application/xhtml+xml" = [ "zen.desktop" ]; + "text/html" = [ "zen.desktop" ]; + "x-scheme-handler/http" = [ "zen.desktop" ]; + "x-scheme-handler/https" = [ "zen.desktop" ]; # Geary "x-scheme-handler/mailto" = [ "org.gnome.Geary.desktop" ]; diff --git a/config/nixos/common/server.nix b/config/nixos/common/server.nix deleted file mode 100644 index b41d0a8..0000000 --- a/config/nixos/common/server.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ config, pkgs, ... }: -{ - # Install xanmod kernel - # boot.kernelPackages = pkgs.linuxKernel.packages.linux_xanmod_stable.zfs; - - services.openssh = { - enable = true; - ports = [ 400 ]; - settings = { - PasswordAuthentication = false; - AllowUsers = [ "menno" ]; - X11Forwarding = false; - PermitRootLogin = "prohibit-password"; - AllowTCPForwarding = true; - AllowAgentForwarding = true; - PermitEmptyPasswords = false; - PubkeyAuthentication = true; - }; - }; - - networking = { - firewall = { - enable = true; - - # External ports - allowedTCPPorts = [ - ## Portforwarded - 80 # HTTP - 443 # HTTPS - 22 # Git over SSH - 25565 # Minecraft - 24454 # Minecraft (Voice Chat) - 32400 # Plex - 51820 # WireGuard - - ## Internal services / TailScale - 400 # SSH - ]; - - allowedUDPPorts = [ - 51820 # WireGuard - 25565 # Minecraft - ]; - }; - }; -} diff --git a/config/nixos/common/workstation.nix b/config/nixos/common/workstation.nix deleted file mode 100644 index 2837194..0000000 --- a/config/nixos/common/workstation.nix +++ /dev/null @@ -1,75 +0,0 @@ -{ pkgs, ... }: -{ - # Enable the X11 windowing system. - services.xserver.enable = true; - - # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - - # Enable the Cosmic Desktop Environment. - # services.desktopManager.cosmic.enable = true; - # services.displayManager.cosmic-greeter.enable = true; - - # Install xanmod kernel - boot.kernelPackages = pkgs.linuxKernel.packages.linux_xanmod_stable; - - environment.systemPackages = with pkgs; [ - gnome-session - xdg-desktop-portal - xdg-desktop-portal-gnome - xdg-desktop-portal-gtk - ]; - - # Configure keymap in X11 - services.xserver.xkb = { - layout = "us"; - variant = "euro"; - }; - - # Enable sound with pipewire. - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - }; - - # Open ports in the firewall - networking.firewall = { - enable = true; - allowedTCPPorts = [ - # RDP (Gnome Remote Desktop) - 3389 - 3390 - 3391 - - # SSH - 400 - ]; - allowedUDPPorts = [ - # RDP (Gnome Remote Desktop) - 3389 - 3390 - 3391 - ]; - }; - - # OpenSSH server - services.openssh = { - enable = true; - ports = [ 400 ]; - settings = { - PasswordAuthentication = false; - AllowUsers = [ "menno" ]; - X11Forwarding = true; - PermitRootLogin = "prohibit-password"; - AllowTCPForwarding = true; - AllowAgentForwarding = true; - PermitEmptyPasswords = false; - PubkeyAuthentication = true; - }; - }; -} diff --git a/config/nixos/configuration.nix b/config/nixos/configuration.nix deleted file mode 100644 index dd71ed8..0000000 --- a/config/nixos/configuration.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ - config, - pkgs, - lib, - isServer ? false, - isWorkstation ? false, - ... -}: -{ - imports = - [ - ./packages/common/default.nix - ./users.nix - ./hosts.nix - ./yubikey.nix - ] - # Include packages based on whether this is a server or workstation. - ++ lib.optional isServer ./packages/server/default.nix - ++ lib.optional isWorkstation ./packages/workstation/default.nix; - - # Enable networking - networking.networkmanager.enable = true; - - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - - # Enable experimental nix-command flakes - nix = { - package = pkgs.nixVersions.stable; - extraOptions = '' - experimental-features = nix-command flakes - ''; - }; - - # Set your time zone. - time.timeZone = "Europe/Amsterdam"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "nl_NL.UTF-8"; - LC_IDENTIFICATION = "nl_NL.UTF-8"; - LC_MEASUREMENT = "nl_NL.UTF-8"; - LC_MONETARY = "nl_NL.UTF-8"; - LC_NAME = "nl_NL.UTF-8"; - LC_NUMERIC = "nl_NL.UTF-8"; - LC_PAPER = "nl_NL.UTF-8"; - LC_TELEPHONE = "nl_NL.UTF-8"; - LC_TIME = "nl_NL.UTF-8"; - }; - - environment.systemPackages = with pkgs; [ - tailscale - pciutils - ]; - - services.tailscale.enable = true; - security.sudo.extraConfig = '' - Defaults env_reset,pwfeedback - ''; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.11"; # Did you read the comment? -} diff --git a/config/nixos/flake.lock b/config/nixos/flake.lock deleted file mode 100644 index 91efe2e..0000000 --- a/config/nixos/flake.lock +++ /dev/null @@ -1,113 +0,0 @@ -{ - "nodes": { - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1717312683, - "narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=", - "owner": "nix-community", - "repo": "flake-compat", - "rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "flake-compat", - "type": "github" - } - }, - "nixos-cosmic": { - "inputs": { - "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs", - "nixpkgs-stable": "nixpkgs-stable" - }, - "locked": { - "lastModified": 1736944949, - "narHash": "sha256-rZJtjYBZe5vmanJ/yh5GoZgdISm+EU4iUhG6WD1SwBs=", - "owner": "lilyinstarlight", - "repo": "nixos-cosmic", - "rev": "0dc33f0eb391a1a942a358a01b47f763703d7097", - "type": "github" - }, - "original": { - "owner": "lilyinstarlight", - "repo": "nixos-cosmic", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1736798957, - "narHash": "sha256-qwpCtZhSsSNQtK4xYGzMiyEDhkNzOCz/Vfu4oL2ETsQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "9abb87b552b7f55ac8916b6fc9e5cb486656a2f3", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1736867362, - "narHash": "sha256-i/UJ5I7HoqmFMwZEH6vAvBxOrjjOJNU739lnZnhUln8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "9c6b49aeac36e2ed73a8c472f1546f6d9cf1addc", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1736798957, - "narHash": "sha256-qwpCtZhSsSNQtK4xYGzMiyEDhkNzOCz/Vfu4oL2ETsQ=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "9abb87b552b7f55ac8916b6fc9e5cb486656a2f3", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1736867362, - "narHash": "sha256-i/UJ5I7HoqmFMwZEH6vAvBxOrjjOJNU739lnZnhUln8=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "9c6b49aeac36e2ed73a8c472f1546f6d9cf1addc", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-24.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "root": { - "inputs": { - "nixos-cosmic": "nixos-cosmic", - "nixpkgs": "nixpkgs_2", - "nixpkgs-unstable": "nixpkgs-unstable" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/config/nixos/flake.nix b/config/nixos/flake.nix deleted file mode 100644 index 50fa9e4..0000000 --- a/config/nixos/flake.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ - description = "menno's dotfiles"; - - inputs = { - nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-24.11"; - nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; - nixos-cosmic.url = "github:lilyinstarlight/nixos-cosmic"; - }; - - outputs = - { - self, - nixpkgs, - nixpkgs-unstable, - nixos-cosmic, - }: - let - system = "x86_64-linux"; - - pkgs = import nixpkgs { - inherit system; - config.allowUnfree = true; - }; - - pkgs-unstable = import nixpkgs-unstable { - inherit system; - config.allowUnfree = true; - }; - in - { - nixosConfigurations = { - "mennos-laptop" = nixpkgs.lib.nixosSystem { - inherit system; - modules = [ - ./hardware/mennos-laptop.nix - ./common/workstation.nix - ./configuration.nix - ]; - specialArgs = { - inherit - pkgs-unstable - nixos-cosmic - ; - isWorkstation = true; - isServer = false; - }; - }; - - "mennos-gamingpc" = nixpkgs.lib.nixosSystem { - inherit system; - modules = [ - ./hardware/mennos-gamingpc.nix - ./common/workstation.nix - ./configuration.nix - ]; - specialArgs = { - inherit - pkgs-unstable - nixos-cosmic - ; - isWorkstation = true; - isServer = false; - }; - }; - - "mennos-server" = nixpkgs.lib.nixosSystem { - inherit system; - modules = [ - ./hardware/mennos-server.nix - ./common/server.nix - ./configuration.nix - ]; - specialArgs = { - inherit pkgs-unstable; - isWorkstation = false; - isServer = true; - }; - }; - }; - }; -} diff --git a/config/nixos/hardware/mennos-gamingpc.nix b/config/nixos/hardware/mennos-gamingpc.nix deleted file mode 100644 index b080924..0000000 --- a/config/nixos/hardware/mennos-gamingpc.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ - config, - lib, - pkgs, - modulesPath, - ... -}: -{ - imports = [ /etc/nixos/hardware-configuration.nix ]; - networking.hostName = "mennos-gamingpc"; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/ac5a70cf-4b12-4d02-b5b4-a6eddf4c40b5"; - fsType = "ext4"; - options = [ "noatime" ]; - }; - - networking.interfaces.enp8s0.wakeOnLan = { - enable = true; - }; - - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - # Enable Vulkan support for AMD graphics cards - hardware.graphics.extraPackages32 = with pkgs.pkgsi686Linux; [ amdvlk ]; - - # Swap file (Desktop PC has 48GB of RAM so 8GB swap should be enough) - swapDevices = [ - { - device = "/swapfile"; - size = 8192; - } - ]; - - # Enable graphics - hardware.graphics = { - enable = true; - - # Enable the latest AMDGPU drivers - extraPackages = with pkgs; [ - amdvlk - rocmPackages.clr - ]; - }; - - # Add ROCm packages and nvtop - environment.systemPackages = with pkgs; [ - rocmPackages.rocm-smi - rocmPackages.clr - rocmPackages.rocm-core - rocmPackages.hipcc - rocmPackages.rocm-device-libs - nvtopPackages.amd - ]; -} diff --git a/config/nixos/hardware/mennos-laptop.nix b/config/nixos/hardware/mennos-laptop.nix deleted file mode 100644 index 9b423f1..0000000 --- a/config/nixos/hardware/mennos-laptop.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ - config, - lib, - pkgs, - modulesPath, - ... -}: -{ - imports = [ /etc/nixos/hardware-configuration.nix ]; - networking.hostName = "mennos-laptop"; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/1356cd09-5c55-45b5-8b06-6aadc84cee37"; - fsType = "ext4"; - options = [ "noatime" ]; - }; - - # Bootloader - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - # Enable graphics - hardware.graphics = { - enable = true; - extraPackages = with pkgs; [ - amdvlk - rocmPackages.clr - ]; - }; - - # Swap file (Laptop has 32GB of RAM so 8GB swap should be enough) - swapDevices = [ - { - device = "/swapfile"; - size = 8192; - } - ]; - - # Load AMD and NVIDIA drivers for Xorg and Wayland - services.xserver.videoDrivers = [ - "nvidia" - "amdgpu" - ]; - - # Monitoring tools - environment.systemPackages = with pkgs; [ - nvtopPackages.nvidia - nvtopPackages.amd - glxinfo - vulkan-tools - ]; - - hardware.nvidia = { - # Enable modesetting - modesetting.enable = true; - - # Power management configuration - powerManagement = { - enable = true; - finegrained = false; # Disabled as it requires offload mode - }; - - # Prime configuration for hybrid graphics - prime = { - offload = { - enable = true; - enableOffloadCmd = true; - }; - - # AMD GPU as primary - amdgpuBusId = "PCI:5:0:0"; - nvidiaBusId = "PCI:1:0:0"; - }; - - open = false; - nvidiaSettings = true; - package = config.boot.kernelPackages.nvidiaPackages.stable; - }; - - boot.kernelParams = [ - "amdgpu.sg_display=0" - "nvidia-drm.modeset=1" - ]; -} diff --git a/config/nixos/hardware/mennos-server.nix b/config/nixos/hardware/mennos-server.nix deleted file mode 100644 index 3cb86f7..0000000 --- a/config/nixos/hardware/mennos-server.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ - config, - lib, - pkgs, - modulesPath, - ... -}: -{ - imports = [ - /etc/nixos/hardware-configuration.nix - ./mennos-server/zfs.nix - ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/dd3fa13c-a1bd-4dc9-bcb4-aee17c7f12d1"; - fsType = "ext4"; - options = [ "noatime" ]; - }; - - networking.hostName = "mennos-server"; - networking.hostId = "64519940"; - - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - - # Load nvidia driver for Xorg and Wayland - services.xserver.videoDrivers = [ "nvidia" ]; - - # Enable graphics - hardware.graphics.enable = true; - - # nvtop, a system monitor for GPUs - environment.systemPackages = with pkgs; [ nvtopPackages.nvidia ]; - - # Enable NVIDIA Docker support - # test with: $ docker run --rm -it --device=nvidia.com/gpu=all ubuntu:latest nvidia-smi - hardware.nvidia-container-toolkit.enable = true; - virtualisation.docker = { - enable = true; - }; - - # Swap file (Laptop has 64GB of RAM so 16GB swap should be enough) - swapDevices = [ - { - device = "/swapfile"; - size = 16384; - } - ]; - - hardware.nvidia = { - modesetting.enable = true; - powerManagement.enable = false; - powerManagement.finegrained = false; - open = false; - nvidiaSettings = true; - - # Use the latest driver from the unstable channel - package = config.boot.kernelPackages.nvidiaPackages.stable; - }; -} diff --git a/config/nixos/hardware/mennos-server/zfs.nix b/config/nixos/hardware/mennos-server/zfs.nix deleted file mode 100644 index e0c3f1c..0000000 --- a/config/nixos/hardware/mennos-server/zfs.nix +++ /dev/null @@ -1,147 +0,0 @@ -{ config, pkgs, ... }: - -let - # Create a script to set permissions - permissionsScript = pkgs.writeShellScriptBin "set-zfs-permissions" '' - # Set default permissions for all service directories - find /mnt/services -mindepth 1 -maxdepth 1 -type d \ - -exec chmod 775 {} \; \ - -exec chown menno:users {} \; - - # Special cases - chmod 774 /mnt/services/golink - chown 65532:users /mnt/services/golink - - chmod 754 /mnt/services/torrent - chown menno:users /mnt/services/torrent - - chmod 755 /mnt/services/proxy - chmod 755 /mnt/services/static-websites - - chown menno:users /mnt/backups - chown menno:users /mnt/backups/photos - chown menno:users /mnt/backups/services - chmod 775 /mnt/backups - chmod 775 /mnt/backups/photos - chmod 775 /mnt/backups/services - - # Set permissions for other mount points - for dir in /mnt/{ai,astrophotography,audiobooks,downloads,ISOs,movies,music,old_backups,photos,stash,tvshows,VMs}; do - chmod 755 "$dir" - chown menno:users "$dir" - done - ''; -in -{ - environment.systemPackages = with pkgs; [ - zfs - zfstools - permissionsScript - smartmontools - ]; - - # Add the permissions service - systemd.services.zfs-permissions = { - description = "Set ZFS mount permissions"; - - # Run after ZFS mounts are available - after = [ "zfs.target" ]; - requires = [ "zfs.target" ]; - - # Run on boot and every 6 hours - startAt = "*-*-* */6:00:00"; - - serviceConfig = { - Type = "oneshot"; - ExecStart = "${permissionsScript}/bin/set-zfs-permissions"; - User = "root"; - Group = "root"; - }; - }; - - # Enable ZFS support - boot.supportedFilesystems = [ - "ntfs" - "zfs" - ]; - - # ZFS system services - services.zfs = { - autoScrub = { - enable = true; - interval = "weekly"; - }; - }; - - # If you want to keep compression settings - boot.kernelParams = [ - "zfs.zfs_compressed_arc_enabled=1" # Enable compressed ARC - "zfs.zfs_arc_max=21474836480" # 20 GiB - ]; - - fileSystems = { - # backup ZFS mount points - "/mnt/backups/photos" = { - device = "backup/photos-duplicati"; - fsType = "zfs"; - }; - "/mnt/backups/services" = { - device = "backup/services-duplicati"; - fsType = "zfs"; - }; - - # datapool ZFS mount points - "/mnt/ai" = { - device = "datapool/ai"; - fsType = "zfs"; - }; - "/mnt/astrophotography" = { - device = "datapool/astro"; - fsType = "zfs"; - }; - "/mnt/audiobooks" = { - device = "datapool/audiobooks"; - fsType = "zfs"; - }; - "/mnt/downloads" = { - device = "datapool/downloads"; - fsType = "zfs"; - }; - "/mnt/ISOs" = { - device = "datapool/isos"; - fsType = "zfs"; - }; - "/mnt/movies" = { - device = "datapool/movies"; - fsType = "zfs"; - }; - "/mnt/music" = { - device = "datapool/music"; - fsType = "zfs"; - }; - "/mnt/old_backups" = { - device = "datapool/old_backups"; - fsType = "zfs"; - }; - "/mnt/photos" = { - device = "datapool/photos"; - fsType = "zfs"; - }; - "/mnt/services" = { - device = "datapool/services"; - fsType = "zfs"; - }; - "/mnt/stash" = { - device = "datapool/stash"; - fsType = "zfs"; - }; - "/mnt/tvshows" = { - device = "datapool/tv_shows"; - fsType = "zfs"; - }; - "/mnt/VMs" = { - device = "datapool/vms"; - fsType = "zfs"; - }; - }; -} diff --git a/config/nixos/hosts.nix b/config/nixos/hosts.nix deleted file mode 100644 index 05a6769..0000000 --- a/config/nixos/hosts.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: -{ - networking.extraHosts = '' - 127.0.0.1 subsites.local - 127.0.0.1 discountoffice.nl.local - 127.0.0.1 discountoffice.be.local - 127.0.0.1 fr.discountoffice.be.local - 127.0.0.1 api.local - 127.0.0.1 mailpit.local - ''; -} diff --git a/config/nixos/packages/common/default.nix b/config/nixos/packages/common/default.nix deleted file mode 100644 index 71f4574..0000000 --- a/config/nixos/packages/common/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ pkgs, ... }: -{ - imports = [ ./virtualisation.nix ]; - - environment.systemPackages = with pkgs; [ - yubikey-manager - trash-cli - sqlite # Used for managing SQLite databases (Brave Settings etc.) - xcp # Rust implementation of cp/mv command - pandoc # Document converter (Markdown, HTML, PDF etc.) (Mostly used for static site generators) - ]; -} diff --git a/config/nixos/packages/common/virtualisation.nix b/config/nixos/packages/common/virtualisation.nix deleted file mode 100644 index 5704751..0000000 --- a/config/nixos/packages/common/virtualisation.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ - config, - pkgs, - pkgs-unstable, - ... -}: -{ - boot.kernelModules = [ "kvm-amd" ]; - - environment.systemPackages = with pkgs; [ - qemu - OVMF - ]; - - virtualisation = { - docker = { - enable = true; - package = pkgs-unstable.docker; - autoPrune.enable = true; - daemon.settings = { - "live-restore" = false; - }; - }; - - libvirtd = { - enable = true; - - qemu = { - package = pkgs.qemu; - runAsRoot = true; - swtpm.enable = true; - ovmf = { - enable = true; - packages = [ pkgs.OVMF.fd ]; - }; - }; - }; - }; -} diff --git a/config/nixos/packages/server/default.nix b/config/nixos/packages/server/default.nix deleted file mode 100644 index a1f59f2..0000000 --- a/config/nixos/packages/server/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ config, pkgs, ... }: -{ - # Import all the package modules - imports = [ - ]; -} diff --git a/config/nixos/packages/workstation/1password.nix b/config/nixos/packages/workstation/1password.nix deleted file mode 100644 index 8923165..0000000 --- a/config/nixos/packages/workstation/1password.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ pkgs, pkgs-unstable, ... }: -{ - # Enables the 1Password CLI - programs._1password = { - enable = true; - }; - - # Enables the 1Password desktop app - programs._1password-gui = { - enable = true; - polkitPolicyOwners = [ "menno" ]; - package = pkgs-unstable._1password-gui; - }; - - environment.etc = { - "1password/custom_allowed_browsers" = { - text = '' - firefox - brave - zen - ''; - mode = "0755"; - }; - }; -} diff --git a/config/nixos/packages/workstation/default.nix b/config/nixos/packages/workstation/default.nix deleted file mode 100644 index 05444c2..0000000 --- a/config/nixos/packages/workstation/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, pkgs, ... }: -{ - # Import all the package modules - imports = [ - ./flatpak.nix - ./1password.nix - ]; -} diff --git a/config/nixos/packages/workstation/flatpak.nix b/config/nixos/packages/workstation/flatpak.nix deleted file mode 100644 index 71db5a7..0000000 --- a/config/nixos/packages/workstation/flatpak.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ pkgs, ... }: -{ - services.flatpak.enable = true; - systemd.services.flatpak-repo = { - wantedBy = [ "multi-user.target" ]; - path = [ pkgs.flatpak ]; - script = '' - flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo - ''; - }; -} diff --git a/config/nixos/users.nix b/config/nixos/users.nix deleted file mode 100644 index 542ed6b..0000000 --- a/config/nixos/users.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, pkgs, ... }: -{ - users.users.menno = { - shell = pkgs.bash; - isNormalUser = true; - description = "Menno van Leeuwen"; - extraGroups = [ - "networkmanager" - "wheel" - "kvm" - "libvirtd" - "qemu-libvirtd" - "docker" - "video" - "render" - "users" - "input" - "adbusers" - ]; - }; -} diff --git a/config/nixos/yubikey.nix b/config/nixos/yubikey.nix deleted file mode 100644 index 205c5b1..0000000 --- a/config/nixos/yubikey.nix +++ /dev/null @@ -1,109 +0,0 @@ -{ config, pkgs, ... }: -let - # List of authorized YubiKey serial numbers - authorizedKeys = [ - "10627969" - "30079068" - ]; - - sudo-wrapper = pkgs.writeScriptBin "sudo" '' - #!${pkgs.bash}/bin/bash - - # Function to show both terminal and desktop notification - notify() { - echo "$1" >&2 - ${pkgs.libnotify}/bin/notify-send -u critical "Sudo Authentication" "$1" - } - - # Function to check if any of our authorized YubiKeys are present - check_yubikey() { - # Get list of connected YubiKeys - local keys=$(${pkgs.yubikey-manager}/bin/ykman list 2>/dev/null) - - # Check if any of our authorized keys are in the list - for serial in ${toString authorizedKeys}; do - if echo "$keys" | grep -q "$serial"; then - return 0 # Found an authorized key - fi - done - return 1 # No authorized keys found - } - - # Check if we already have sudo permissions - if [ "$EUID" -eq 0 ]; then - exec /run/wrappers/bin/sudo "$@" - fi - - # Check for YubiKey presence - if check_yubikey; then - # YubiKey is present, show touch prompt - if [ -t 1 ]; then # Only show terminal message if interactive - echo -e "\033[1;34mPlease touch your YubiKey to authenticate...\033[0m" >&2 - fi - ${pkgs.libnotify}/bin/notify-send -u normal \ - -i security-high \ - "YubiKey Authentication" \ - "Please touch your YubiKey to authenticate..." - fi - - # Execute sudo with all original arguments - # This will fall back to password auth if no YubiKey is present - exec /run/wrappers/bin/sudo "$@" - ''; -in -{ - services.udev.packages = [ pkgs.yubikey-personalization ]; - - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - environment.systemPackages = with pkgs; [ - pam_u2f - libnotify - sudo-wrapper - ]; - - # Use normal U2F config without trying to modify PAM - security.pam.services = { - sudo.u2fAuth = true; - lock.u2fAuth = true; - gnome-screensaver.u2fAuth = true; - "polkit-1".u2fAuth = true; - }; - - # Enable polkit - security.polkit.enable = true; - - # Add custom polkit rules for 1Password - environment.etc."polkit-1/rules.d/90-1password-yubikey.rules".text = '' - polkit.addRule(function(action, subject) { - if (action.id == "com.1password.1Password.unlock") { - var authtype = subject.local ? "auth_admin_keep" : "auth_admin"; - return polkit.Result.AUTH_ADMIN; - } - }); - ''; - - # Make sure polkit is using the right authentication agent - services.xserver.displayManager.gdm = { - enable = true; - autoSuspend = false; - }; - - # GNOME keyring configuration - security.pam.services."gnome-keyring" = { - text = '' - auth optional pam_u2f.so - auth optional pam_unix.so nullok try_first_pass - session optional pam_keyinit.so force revoke - session optional pam_gnome_keyring.so auto_start - ''; - }; - - # Make sure the wrapper sudo is used instead of the system one - environment.shellAliases = { - sudo = "${sudo-wrapper}/bin/sudo"; - }; -} diff --git a/config/ssh/config b/config/ssh/config index d4376ff..a43e15c 100644 --- a/config/ssh/config +++ b/config/ssh/config @@ -1,5 +1,5 @@ Host * - IdentityFile ~/dotfiles/secrets/ssh_keys/mennos-2025.pem + IdentityFile $DOTFILES_PATH/secrets/ssh_keys/mennos-2025.pem IdentityAgent ~/.1password/agent.sock AddKeysToAgent yes ForwardAgent yes diff --git a/setup.sh b/setup.sh index b7ede79..c815311 100755 --- a/setup.sh +++ b/setup.sh @@ -6,7 +6,7 @@ IFS=$'\n\t' # Constants readonly NIXOS_RELEASE="24.11" # Home Manager release version (Must match NixOS version) readonly GIT_REPO="https://git.mvl.sh/vleeuwenmenno/dotfiles.git" # Dotfiles repository URL -readonly DOTFILES_DIR="${HOME}/dotfiles" # Dotfiles directory +readonly DOTFILES_PATH="${HOME}/.dotfiles" # Dotfiles directory readonly SETUP_MARKER="${HOME}/.dotfiles-setup" # Setup marker file indicates setup has been run # Color constants @@ -84,7 +84,7 @@ validate_hostname() { update_home_manager_flake() { local hostname="$1" local isServer="$2" - local flake_file="$DOTFILES_DIR/config/home-manager/flake.nix" + local flake_file="$DOTFILES_PATH/config/home-manager/flake.nix" # Create new configuration entry local new_config=" \"$hostname\" = home-manager.lib.homeManagerConfiguration { @@ -157,8 +157,8 @@ setup_symlinks() { die "Failed to backup home-manager config" fi - log_info "Linking ~/.config/home-manager to $DOTFILES_DIR/config/home-manager..." - ln -s "$DOTFILES_DIR/config/home-manager" "$HOME/.config/home-manager" || \ + log_info "Linking ~/.config/home-manager to $DOTFILES_PATH/config/home-manager..." + ln -s "$DOTFILES_PATH/config/home-manager" "$HOME/.config/home-manager" || \ die "Failed to create home-manager symlink" # Verify symlinks @@ -351,9 +351,9 @@ main() { check_prerequisites # Clone dotfiles if needed - if [ ! -d "$DOTFILES_DIR" ]; then + if [ ! -d "$DOTFILES_PATH" ]; then log_info "Cloning dotfiles repo..." - git clone "$GIT_REPO" "$DOTFILES_DIR" || die "Failed to clone dotfiles repository" + git clone "$GIT_REPO" "$DOTFILES_PATH" || die "Failed to clone dotfiles repository" fi if [ -n "${1:-}" ]; then @@ -382,7 +382,12 @@ main() { # Get hostname local hostname hostname=$(cat "$HOME/.hostname") || die "Failed to read hostname" - export PATH=$PATH:$HOME/dotfiles/bin + export PATH=$PATH:$DOTFILES_PATH/bin + + # Create new .bashrc with exports for initial `dotf update` command + echo "export NIXPKGS_ALLOW_INSECURE=1" >> $HOME/.bashrc + echo "export DOTFILES_PATH=$DOTFILES_PATH" >> $HOME/.bashrc + echo "export PATH=$PATH:$DOTFILES_PATH/bin" >> $HOME/.bashrc # Create setup marker touch "$SETUP_MARKER" || die "Failed to create setup marker"