tmp

.gitattributes

@@ -1,3 +1,4 @@
 home-manager/secrets/factorio.nix filter=git-crypt diff=git-crypt
 etcnixos/secrets/secureboot.tar filter=git-crypt diff=git-crypt
 etcnixos/secrets/wifi-passwords.nix filter=git-crypt diff=git-crypt
+etcnixos/secrets/disk-password filter=git-crypt diff=git-crypt

etcnixos/common.nix

@@ -17,6 +17,7 @@
     inputs.agenix.nixosModules.default
     inputs.nixos-hardware.nixosModules.common-pc-ssd
     inputs.chaotic.nixosModules.default
+    inputs.disko.nixosModules.disko
   ];
 
   nixpkgs.config.allowUnfreePredicate =
@@ -48,8 +49,8 @@
 
   # kernel options
   boot = {
-    kernelPackages = pkgs.linuxPackages_cachyos-lto;
-    # kernelPackages = pkgs.linuxPackages_latest;
+    # kernelPackages = pkgs.linuxPackages_cachyos-lto;
+    kernelPackages = pkgs.linuxPackages_latest;
 
     kernel.sysctl = {
       # dmesg shushhhhh
@@ -167,9 +168,9 @@
     pulse.enable = true;
   };
 
-  age.secrets.primary-password = {
-    file = ./secrets/primary-password.age;
-    path = "/etc/secrets/primary-password";
+  age.secrets.password-hash = {
+    file = ./secrets/password-hash.age;
+    path = "/tmp/password-hash-secret";
   };
 
   # Define my user account (the rest of the configuration if found in `~/.config/home-manager/...`)
@@ -182,7 +183,7 @@
       "camera"
       "adbusers"
     ];
-    hashedPasswordFile = config.age.secrets.primary-password.path;
+    hashedPasswordFile = config.age.secrets.password-hash.path;
   };
 
   services.gvfs.enable = true;
@@ -224,6 +225,9 @@
     libmtp
     man-pages
     man-pages-posix
+
+    # https://github.com/chaotic-cx/nyx/issues/972
+    # config.boot.kernelPackages.perf
   ];
 
   # wayland with electron/chromium applications
@@ -246,5 +250,4 @@
   documentation.enable = true;
   documentation.man.enable = true;
   documentation.dev.enable = true;
-
 }

etcnixos/flake.lock

@@ -34,11 +34,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1738869872,
-        "narHash": "sha256-lN1HkC+NXxlO5eGFjVWVkedObBoBCWPhAMucHH0/ck8=",
+        "lastModified": 1739212779,
+        "narHash": "sha256-7U7fOAOVy/AaOtw3HflnwEeXZJ9+ldxVU/Mx5tGN9A4=",
         "owner": "chaotic-cx",
         "repo": "nyx",
-        "rev": "eeb2fd1d5c96ec9755dba4ccd3d22802444cb55f",
+        "rev": "175a7f545d07bd08c14709f0d0849a8cddaaf460",
         "type": "github"
       },
       "original": {
@@ -94,11 +94,11 @@
         "rust-analyzer-src": "rust-analyzer-src"
       },
       "locked": {
-        "lastModified": 1738823732,
-        "narHash": "sha256-1NnSYno8qRN5zBF7xhaOn1WmC52qKBh7tEuRaDRFuMs=",
+        "lastModified": 1739082714,
+        "narHash": "sha256-cylMa750pId3Hqvzyurd86qJIYyyMWB0M7Gbh7ZB2tY=",
         "owner": "nix-community",
         "repo": "fenix",
-        "rev": "17bbc481e3d0cb52a605dd9316043c66ceaa17d7",
+        "rev": "e84058a7fe56aa01f2db19373cce190098494698",
         "type": "github"
       },
       "original": {
@@ -209,11 +209,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1738841109,
-        "narHash": "sha256-sEgE3nifaRU5gfAx33ds0tx/j+qM0/5/bHopv/w6c0c=",
+        "lastModified": 1739051380,
+        "narHash": "sha256-p1QSLO8DJnANY+ppK7fjD8GqfCrEIDjso1CSRHsXL7Y=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "f99c704fe3a4cf8d72b2d568ec80bc38be1a9407",
+        "rev": "5af1b9a0f193ab6138b89a8e0af8763c21bbf491",
         "type": "github"
       },
       "original": {
@@ -231,11 +231,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1738656811,
-        "narHash": "sha256-z7Dzz713ueSQJYSdsWcH+D7o2pbq/sAl7/nBxru5oNA=",
+        "lastModified": 1738875499,
+        "narHash": "sha256-P3VbO2IkEW+0d0pJU7CuX8e+obSoiDw/YCVL1mnA26w=",
         "owner": "Jovian-Experiments",
         "repo": "Jovian-NixOS",
-        "rev": "cd9caf9afb1c8fe848f140a7831fe462b73df91a",
+        "rev": "4642ec1073a7417e6303484d8f2e7d29dc24a50f",
         "type": "github"
       },
       "original": {
@@ -256,11 +256,11 @@
         "rust-overlay": "rust-overlay"
       },
       "locked": {
-        "lastModified": 1737639419,
-        "narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=",
+        "lastModified": 1739186342,
+        "narHash": "sha256-2j+sln9RwQn+g7J4GmdFFgvqXnLkvWBNMaUzONlkzUE=",
         "owner": "nix-community",
         "repo": "lanzaboote",
-        "rev": "a65905a09e2c43ff63be8c0e86a93712361f871e",
+        "rev": "3bdeebbc484a09391c4f0ec8a37bb77809426660",
         "type": "github"
       },
       "original": {
@@ -310,11 +310,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1738824222,
-        "narHash": "sha256-U3SNq+waitGIotmgg/Et3J7o4NvUtP2gb2VhME5QXiw=",
+        "lastModified": 1739020877,
+        "narHash": "sha256-mIvECo/NNdJJ/bXjNqIh8yeoSjVLAuDuTUzAo7dzs8Y=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "550e11f27ba790351d390d9eca3b80ad0f0254e7",
+        "rev": "a79cfe0ebd24952b580b1cf08cd906354996d547",
         "type": "github"
       },
       "original": {
@@ -379,11 +379,11 @@
     "rust-analyzer-src": {
       "flake": false,
       "locked": {
-        "lastModified": 1738754241,
-        "narHash": "sha256-hiw8wVE2tTrLPtIz1xSbJ3eEXCOx729kRq7UpMRTaU0=",
+        "lastModified": 1738997488,
+        "narHash": "sha256-jeNdFVtEDLypGIbNqBjURovfw9hMkVtlLR7j/5fRh54=",
         "owner": "rust-lang",
         "repo": "rust-analyzer",
-        "rev": "ca47cddc31ae76a05e8709ed4aec805c5ef741d3",
+        "rev": "208bc52b5dc177badc081c64eb0584a313c73242",
         "type": "github"
       },
       "original": {

etcnixos/flake.nix

@@ -20,6 +20,11 @@
       url = "github:chaotic-cx/nyx/nyxpkgs-unstable";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
+    disko = {
+      url = "github:nix-community/disko/latest";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs =

etcnixos/hardware_laptop.nix

@@ -15,25 +15,70 @@
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
 
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/acbd96e3-e7c7-442d-82cc-ce2913a9e90c";
-    fsType = "btrfs";
-    options = [
-      "subvol=@"
-      "compress=zstd"
-      "autodefrag"
-      "noatime"
-      "space_cache=v2"
-      "discard"
+  # fileSystems."/" = {
+  #   device = "/dev/disk/by-uuid/acbd96e3-e7c7-442d-82cc-ce2913a9e90c";
+  #   fsType = "btrfs";
+  #   options = [
+  #     "subvol=@"
+  #     "compress=zstd"
+  #     "autodefrag"
+  #     "noatime"
+  #     "space_cache=v2"
+  #     "discard"
+  #   ];
+  # };
+
+  # boot.initrd.luks.devices."luks-0f481d5f-528c-4838-bd8a-d2780b4ba234".device =
+  #   "/dev/disk/by-uuid/0f481d5f-528c-4838-bd8a-d2780b4ba234";
+
+  # fileSystems."/boot" = {
+  #   device = "/dev/disk/by-uuid/4D19-520E";
+  #   fsType = "vfat";
+  # };
+
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/disk/by-path/pci-0000:01:00.0-nvme-1";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "umask=0077" ];
+              };
+            };
+            luks = {
+              size = "100%";
+              content = {
+                type = "luks";
+                name = "crypted";
+                passwordFile = "${./secrets/disk-password}";
+                content = {
+                  type = "filesystem";
+                  format = "f2fs";
+                  mountpoint = "/";
+                  extraArgs = [
+                    "-O"
+                    "extra_attr,inode_checksum,sb_checksum,compression"
+                  ];
+                  mountOptions = [
+                    "compress_algorithm=zstd:6,compress_chksum,atgc,gc_merge,lazytime,nodiscard"
                   ];
                 };
+              };
+            };
+          };
+        };
+      };
+    };
 
-  boot.initrd.luks.devices."luks-0f481d5f-528c-4838-bd8a-d2780b4ba234".device =
-    "/dev/disk/by-uuid/0f481d5f-528c-4838-bd8a-d2780b4ba234";
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/4D19-520E";
-    fsType = "vfat";
   };
 
   swapDevices = [ ];

etcnixos/secrets/secrets.nix

@@ -11,6 +11,6 @@ in
       ];
     })
     [
-      "primary-password.age"
+      "password-hash.age"
     ]
 ))

etcnixos/system-mreow.nix

@@ -58,10 +58,10 @@
   };
 
   boot = {
-    lanzaboote = {
-      enable = true;
-      pkiBundle = "/etc/secureboot";
-    };
+    # lanzaboote = {
+    # enable = true;
+    # pkiBundle = "/etc/secureboot";
+    # };
 
     # Bootloader.
     loader = {
@@ -71,7 +71,7 @@
         generated at installation time. So we force it to false
         for now.
       */
-      systemd-boot.enable = lib.mkForce false;
+      # systemd-boot.enable = lib.mkForce false;
     };
 
     kernelParams = [
@@ -110,15 +110,15 @@
   # if I move to another lock screen program, i will have to replace `swaylock`
   security.pam.services.swaylock = { };
 
-  system.activationScripts = {
-    # extract all my secureboot keys
-    "secureboot-keys".text = ''
-      #!/bin/sh
-      rm -fr ${config.boot.lanzaboote.pkiBundle} || true
-      mkdir -p ${config.boot.lanzaboote.pkiBundle}
-      ${pkgs.gnutar}/bin/tar xf ${./secrets/secureboot.tar} -C ${config.boot.lanzaboote.pkiBundle}
-    '';
-  };
+  # system.activationScripts = {
+  #   # extract all my secureboot keys
+  #   "secureboot-keys".text = ''
+  #     #!/bin/sh
+  #     rm -fr ${config.boot.lanzaboote.pkiBundle} || true
+  #     mkdir -p ${config.boot.lanzaboote.pkiBundle}
+  #     ${pkgs.gnutar}/bin/tar xf ${./secrets/secureboot.tar} -C ${config.boot.lanzaboote.pkiBundle}
+  #   '';
+  # };
 
   # disable framework kernel module
   # https://github.com/NixOS/nixos-hardware/issues/1330

etcnixos/vm.nix

@@ -61,13 +61,13 @@
 
   users.users."${username}".extraGroups = [ "libvirtd" ];
 
-  boot.kernelPatches = [
-    {
-      name = "undetected-kvm";
-      patch = pkgs.fetchurl {
-        url = "https://raw.githubusercontent.com/Scrut1ny/Hypervisor-Phantom/d09d66813570704e2b05440f290d6f9bdf2d26c7/Hypervisor-Phantom/patches/Kernel/linux-6.13-svm.patch";
-        sha256 = "zz18xerutulLGzlHhnu26WCY8rVQXApyeoDtCjbejIk=";
-      };
-    }
-  ];
+  # boot.kernelPatches = [
+  #   {
+  #     name = "undetected-kvm";
+  #     patch = pkgs.fetchurl {
+  #       url = "https://raw.githubusercontent.com/Scrut1ny/Hypervisor-Phantom/d09d66813570704e2b05440f290d6f9bdf2d26c7/Hypervisor-Phantom/patches/Kernel/linux-6.13-svm.patch";
+  #       sha256 = "zz18xerutulLGzlHhnu26WCY8rVQXApyeoDtCjbejIk=";
+  #     };
+  #   }
+  # ];
 }

home-manager/flake.lock

@@ -54,11 +54,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1738878603,
-        "narHash": "sha256-fmhq8B3MvQLawLbMO+LWLcdC2ftLMmwSk+P29icJ3tE=",
+        "lastModified": 1739226747,
+        "narHash": "sha256-uO80xwFP2sjL8qWhwplxD6GcadHbbLs5ph2CFPNh8pI=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "433799271274c9f2ab520a49527ebfe2992dcfbd",
+        "rev": "a3c9e88177f0dc4a2662b5324572425f59129f11",
         "type": "github"
       },
       "original": {
@@ -79,11 +79,11 @@
         "xwayland-satellite-unstable": "xwayland-satellite-unstable"
       },
       "locked": {
-        "lastModified": 1738958180,
-        "narHash": "sha256-I1BUQ6qbXg0vZMffrdD/dV/1R+YMBVySgSk3fA9snf8=",
+        "lastModified": 1739206396,
+        "narHash": "sha256-dfU3l47sxFQbqLe5R9um//V5hplv/MhSwsZJR7JzBrg=",
         "owner": "sodiboo",
         "repo": "niri-flake",
-        "rev": "eaf57f2dbdd448d541bda6049ce99aab070f0db1",
+        "rev": "9f15e7ace2dea798ce3490d2f723095ad4cce0d4",
         "type": "github"
       },
       "original": {
@@ -112,11 +112,11 @@
     "niri-unstable": {
       "flake": false,
       "locked": {
-        "lastModified": 1738911818,
-        "narHash": "sha256-7bhr9ldHrNP71qOmKI1Hu80uclx+Tco0RNmO+GKtC1Y=",
+        "lastModified": 1739201373,
+        "narHash": "sha256-6upEicgdJH3JaS1oXS+wsgLToU14XL8/aOyL2KcS3KY=",
         "owner": "YaLTeR",
         "repo": "niri",
-        "rev": "397e704d644d1bfe7736f2fdacbfe5742c7b2f9f",
+        "rev": "20769b4c2f843566880f020f117e7bde36edc332",
         "type": "github"
       },
       "original": {
@@ -127,11 +127,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1738824222,
-        "narHash": "sha256-U3SNq+waitGIotmgg/Et3J7o4NvUtP2gb2VhME5QXiw=",
+        "lastModified": 1739020877,
+        "narHash": "sha256-mIvECo/NNdJJ/bXjNqIh8yeoSjVLAuDuTUzAo7dzs8Y=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "550e11f27ba790351d390d9eca3b80ad0f0254e7",
+        "rev": "a79cfe0ebd24952b580b1cf08cd906354996d547",
         "type": "github"
       },
       "original": {
@@ -143,11 +143,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1738843498,
-        "narHash": "sha256-7x+Q4xgFj9UxZZO9aUDCR8h4vyYut4zPUvfj3i+jBHE=",
+        "lastModified": 1739055578,
+        "narHash": "sha256-2MhC2Bgd06uI1A0vkdNUyDYsMD0SLNGKtD8600mZ69A=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "f5a32fa27df91dfc4b762671a0e0a859a8a0058f",
+        "rev": "a45fa362d887f4d4a7157d95c28ca9ce2899b70e",
         "type": "github"
       },
       "original": {
@@ -174,11 +174,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1738981474,
-        "narHash": "sha256-YIELTXxfATG0g1wXjyaOWA4qrlubds3MG4FvMPCxSGg=",
+        "lastModified": 1739154531,
+        "narHash": "sha256-QGeN6e0nMJlNLzm3Y2A7P6riXhQXMeCXLZ7yajZYFQM=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "5c571e5ff246d8fc5f76ba6e38dc8edb6e4002fe",
+        "rev": "035dac86ab7ce5c1e8a4d59dfe85e6911a3526ea",
         "type": "github"
       },
       "original": {
@@ -242,11 +242,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1738951757,
-        "narHash": "sha256-I0Bmxpjid9m7Gg+z2HVASlpQpKzR7QJq5X8b9wCZFVY=",
+        "lastModified": 1739161281,
+        "narHash": "sha256-cMM5E5EzEnfQFdBurCVqCi9mhsmRCeaEJB4iskPsQ1o=",
         "owner": "0xc000022070",
         "repo": "zen-browser-flake",
-        "rev": "e2f657fb55f62fb57e614a1e22e9e667996f5234",
+        "rev": "0e962f036e6e2a9dde28f37d80104c7ea477a801",
         "type": "github"
       },
       "original": {

home-manager/flake.nix

@@ -61,18 +61,7 @@
           }
         );
 
-      pkgs = (
-        import ((import nixpkgs { }).applyPatches {
-          name = "gpt4all 3.9.0 (PR #372723)";
-          src = inputs.nixpkgs;
-          patches = [
-            (builtins.fetchurl {
-              url = "https://github.com/NixOS/nixpkgs/pull/372723.diff";
-              sha256 = "0kfx5vzsssv40iffr7cfdik9mxa7fcg1489i578vqsgcz230fhaf";
-            })
-          ];
-        }) { }
-      );
+      pkgs = (import nixpkgs { });
     in
     {
       homeConfigurations."${username}" = home-manager.lib.homeManagerConfiguration {

home-manager/gui.nix

@@ -92,8 +92,6 @@
       # freecad-wayland
       puddletag
 
-      epiphany
-
       mcaselector
 
       wireshark

home-manager/no-gui.nix

@@ -152,13 +152,18 @@
     lsof
 
     tcpdump
+
+    cargo-flamegraph
+
+    borgbackup
   ];
 
-  # home.file.".cargo/config.toml".text = ''
-  #   [target.${lib.strings.removeSuffix "-linux" pkgs.system}-unknown-linux-gnu]
-  #   linker = "${pkgs.clang}/bin/clang"
-  #   rustflags = ["-C", "link-arg=-fuse-ld=${pkgs.mold}/bin/mold"]
-  # '';
+  # https://github.com/flamegraph-rs/flamegraph
+  home.file.".cargo/config.toml".text = ''
+    [target.${lib.strings.removeSuffix "-linux" pkgs.system}-unknown-linux-gnu]
+    linker = "${pkgs.clang}/bin/clang"
+    rustflags = ["-Clink-arg=-Wl,--no-rosegment"]
+  '';
 
   # default applications
   home.sessionVariables = {

home-manager/progs/eww/config/scripts/currentWindow.fish

@@ -1,2 +1,10 @@
 #!/usr/bin/env fish
-niri msg focused-window | rg Title | sed -E "s/[[:space:]]+Title\: //g" | sed "s/\"//g" | head -c 55
+name=$(niri msg focused-window | rg Title | sed -E "s/[[:space:]]+Title\: //g" | sed "s/\"//g")
+proc_name=$(echo "$name" | head -c 55)
+
+# TODO! fix this logic, add a '...' at the end
+if ["$name" != "$proc_name"]
+    proc_name="$proc_name..."
+end
+
+echo "$proc_name"

home-manager/progs/eww/config/scripts/sound/getVolume.sh

@@ -1,8 +1,27 @@
 #!/usr/bin/env bash
-count=$(wpctl get-volume @DEFAULT_SINK@ | cut -d' ' -f2- | sed -E 's/\.//g' | sed 's/^0*//g')
+output=$(wpctl get-volume @DEFAULT_SINK@ | cut -d' ' -f2- | sed -E 's/\.//g' | sed 's/^0*//g')
+count=$(echo "$output" | cut -d' ' -f1)
+muted=$(echo "$output" | cut -d'[' -f2 | cut -d ']' -f1)
+
+# if not muted, set to empty string
+if [ "$muted" == "$count" ]; then
+  muted=""
+fi
+
+# fix removal of zero padding if volume is zero
+if [ "$count" == "" ]; then
+  count="0"
+fi
+
 color="green"
 if ((count > 75)); then color="yellow"; fi
 if ((count > 90)); then color="peach"; fi
 if ((count > 100)); then color="maroon"; fi
 if ((count > 110)); then color="red"; fi
-echo "{\"count\":\"${count}\", \"color\":\"${color}\"}"
+
+output="${count}%"
+if [ "$muted" != "" ]; then
+  output="${output} [${muted}]"
+fi
+
+echo "{\"count\":\"${output}\", \"color\":\"${color}\"}"

home-manager/progs/niri.nix

@@ -9,6 +9,12 @@
     settings = {
       prefer-no-csd = true;
 
+      input = {
+        touchpad = {
+          scroll-factor = 0.4;
+        };
+      };
+
       environment = {
         DISPLAY = ":0";
       };
@@ -39,8 +45,6 @@
       };
 
       spawn-at-startup = [
-        # waybar (status bar)
-        # { command = [ "${pkgs.waybar}/bin/waybar" ]; }
         {
           command = [
             "${config.programs.eww.package}/bin/eww"