From 7564dffa83ec966afb932dea62d9c0bfe1e4cdc3 Mon Sep 17 00:00:00 2001 From: wieerwill Date: Wed, 7 Jan 2026 19:40:06 +0100 Subject: [PATCH] update for ubuntu nix --- home/design.nix | 9 ++- home/keepass.nix | 2 +- home/logseq.nix | 4 +- home/obsidian.nix | 2 +- hosts/t440p/home.nix | 2 +- hosts/xaorus/home.nix | 24 +++---- modules/secrets.nix | 8 +++ scripts/check-home-manager.sh | 11 +++ scripts/install-nix.sh | 122 ++++++++++++++++++++++++++++++++++ scripts/nix-maintain.sh | 4 +- secrets/.sops.yaml | 1 + 11 files changed, 166 insertions(+), 23 deletions(-) create mode 100644 scripts/install-nix.sh diff --git a/home/design.nix b/home/design.nix index 533acb8..7998356 100644 --- a/home/design.nix +++ b/home/design.nix @@ -31,7 +31,7 @@ lib.mkIf cfg.enable { terminal = false; icon = "gimp"; type = "Application"; - categories = [ "Graphics" "2DGraphics" "RasterGraphics" ]; + categories = [ "Graphics" ]; }; inkscape = { @@ -41,7 +41,7 @@ lib.mkIf cfg.enable { terminal = false; icon = "inkscape"; type = "Application"; - categories = [ "Graphics" "VectorGraphics" ]; + categories = [ "Graphics" ]; }; openscad = { @@ -51,7 +51,7 @@ lib.mkIf cfg.enable { terminal = false; icon = "openscad"; type = "Application"; - categories = [ "Graphics" "3DGraphics" "Engineering" ]; + categories = [ "Graphics" ]; }; darktable = { @@ -61,9 +61,8 @@ lib.mkIf cfg.enable { terminal = false; icon = "darktable"; type = "Application"; - categories = [ "Graphics" "Photography" "RAW" ]; + categories = [ "Graphics" ]; }; }; - # Optional tweaks or plugins setup can go here if needed in the future } diff --git a/home/keepass.nix b/home/keepass.nix index 780fd9e..184be3d 100644 --- a/home/keepass.nix +++ b/home/keepass.nix @@ -20,7 +20,7 @@ lib.mkIf cfg.enable { genericName = "Password Manager"; exec = "keepassxc %f"; terminal = false; - categories = [ "Utility" "Security" ]; + categories = [ "Utility" ]; mimeType = [ "application/x-kdbx" ]; }; diff --git a/home/logseq.nix b/home/logseq.nix index 664f7ff..5317814 100644 --- a/home/logseq.nix +++ b/home/logseq.nix @@ -1,7 +1,7 @@ { config, pkgs, lib, ... }: let - notesDir = "${config.home.homeDirectory}/Logseq"; + notesDir = "${config.home.homeDirectory}/logseq"; cfg = config.homeModules.logseq; in @@ -26,7 +26,7 @@ lib.mkIf cfg.enable { exec = "logseq"; icon = "logseq"; type = "Application"; - categories = [ "Office" "NoteTaking" "Utility" ]; + categories = [ "Office" ]; }; home.file.".config/logseq/config.edn".text = ''{ diff --git a/home/obsidian.nix b/home/obsidian.nix index e7cc0bf..c85ff66 100644 --- a/home/obsidian.nix +++ b/home/obsidian.nix @@ -50,7 +50,7 @@ lib.mkIf cfg.enable { exec = "obsidian ${vaultDir}"; icon = "obsidian"; type = "Application"; - categories = [ "Office" "TextEditor" "Utility" ]; + categories = [ "Office" ]; }; # Reminder to run plugin setup diff --git a/hosts/t440p/home.nix b/hosts/t440p/home.nix index ada92fc..0b5f8a2 100644 --- a/hosts/t440p/home.nix +++ b/hosts/t440p/home.nix @@ -9,7 +9,7 @@ embedded.enable = true; fonts.enable = true; git.enable = true; - #javascript.enable = true; + javascript.enable = true; keepass.enable = true; #llm.enable = true; logseq.enable = true; diff --git a/hosts/xaorus/home.nix b/hosts/xaorus/home.nix index ce412e4..ae8f620 100644 --- a/hosts/xaorus/home.nix +++ b/hosts/xaorus/home.nix @@ -11,13 +11,13 @@ programs.home-manager.enable = true; # create soft links from source to target - home.file = { - "nixConig".source = "/home/wieerwill/Dokumente/GitHub/NixHomeManager"; - "logseq".source = "/home/wieerwill/Dokumente/logseq"; - "projects".source = "/home/wieerwill/Dokumente/projects"; - "vereine".source = "/home/wieerwill/Dokumente/vereine"; - #"Downloads".source = "/home/wieerwill/Dokumente/Downloads"; - }; + #home.file = { + # "nixConig".source = "/home/wieerwill/Dokumente/GitHub/NixHomeManager"; + # "logseq".source = "/home/wieerwill/Dokumente/logseq"; + # "projects".source = "/home/wieerwill/Dokumente/projects"; + # "vereine".source = "/home/wieerwill/Dokumente/vereine"; + # "Downloads".source = "/home/wieerwill/Dokumente/Downloads"; + #}; #programs.gnome-terminal.enable = true; @@ -47,11 +47,11 @@ #design.enable = true; #embedded.enable = true; fonts.enable = true; - #git.enable = true; + git.enable = true; #javascript.enable = true; - #keepass.enable = true; + keepass.enable = true; #llm.enable = true; - #logseq.enable = true; + logseq.enable = true; #mail.enable = true; #obsidian.enable = true; #redshift.enable = true; @@ -60,9 +60,9 @@ #social.enable = true; #sway.enable = true; syncthing.enable = true; - #terminal.enable = true; + terminal.enable = true; #tor.enable = true; - #vim.enable = true; + vim.enable = true; #vpnpia.enable = true; #vscode.enable = false; #zenbrowser.enable = true; diff --git a/modules/secrets.nix b/modules/secrets.nix index ada53f2..d17fe6d 100644 --- a/modules/secrets.nix +++ b/modules/secrets.nix @@ -1,3 +1,11 @@ +# Generate age key +# $ mkdir -p ~/.config/sops/age +# $ age-keygen -o ~/.config/sops/age/keys.txt +# Copy Public Key +# $ age-keygen -y ~/.config/sops/age/keys.txt +# Add it to .sops.yaml and update keys +# $ sops updatekeys secrets/secrets.enc.yaml + { config, lib, pkgs, ... }: { diff --git a/scripts/check-home-manager.sh b/scripts/check-home-manager.sh index 7d7578b..3e39865 100755 --- a/scripts/check-home-manager.sh +++ b/scripts/check-home-manager.sh @@ -4,6 +4,7 @@ set -euo pipefail echo "๐Ÿ” Checking if Nix is installed..." if ! command -v nix &> /dev/null; then echo "โŒ Nix is not installed. Install it from https://nixos.org/download.html" + echo "$ curl -L https://nixos.org/nix/install | sh -s -- --daemon" exit 1 fi echo "โœ… Nix is installed." @@ -23,6 +24,15 @@ if [ -x "$HM_BIN" ]; then echo " Ensure it's not managing your home separately from your flake config." fi +STATE_DIR="$HOME/.local/state/nix/profiles" +if [ ! -d "$STATE_DIR" ]; then + echo "๐Ÿ“ Creating Nix state dir at: $STATE_DIR" + mkdir -p "$STATE_DIR" +fi + +echo +read -r -p "๐Ÿš€ Do you want to check the Home Manager configuration for duplicate packages now? [y/N] " confirm_packages +if [[ "$confirm_packages" =~ ^[Yy]$ ]]; then echo "๐Ÿ“ฆ Gathering APT-installed packages..." apt list --manual-installed 2>/dev/null | awk -F/ '{print tolower($1)}' | sort > /tmp/apt-installed.txt @@ -72,6 +82,7 @@ rm /tmp/home-manager-packages.txt rm /tmp/duplicate-packages.txt rm /tmp/exact-matches.txt rm /tmp/fuzzy-matches.txt +fi # check username and home dir EXPECTED_USERNAME="wieerwill" diff --git a/scripts/install-nix.sh b/scripts/install-nix.sh new file mode 100644 index 0000000..5967188 --- /dev/null +++ b/scripts/install-nix.sh @@ -0,0 +1,122 @@ +#!/bin/sh + +# This script installs the Nix package manager on your system by +# downloading a binary distribution and running its installer script +# (which in turn creates and populates /nix). + +{ # Prevent execution if this script was only partially downloaded +oops() { + echo "$0:" "$@" >&2 + exit 1 +} + +umask 0022 + +tmpDir="$(mktemp -d -t nix-binary-tarball-unpack.XXXXXXXXXX || \ + oops "Can't create temporary directory for downloading the Nix binary tarball")" +cleanup() {} +trap cleanup EXIT INT QUIT TERM + +require_util() { + command -v "$1" > /dev/null 2>&1 || + oops "you do not have '$1' installed, which I need to $2" +} + +case "$(uname -s).$(uname -m)" in + Linux.x86_64) + hash=0737755f3106e8dffbf26a77af398888e8421974b91fe2b86052c891f71e16b5 + path=cp85f1ak1aww5gbaj474w8rgvkj0nidi/nix-2.32.4-x86_64-linux.tar.xz + system=x86_64-linux + ;; + Linux.i?86) + hash=a7b28b6144cd1d438dbf8d89a9cf3d614c11f7493f81c1830a99bc8daae43d1d + path=ndbgicakygnnml69r29nqn2whxrkgr8b/nix-2.32.4-i686-linux.tar.xz + system=i686-linux + ;; + Linux.aarch64) + hash=ee8541c595a283079a52ca14b1db7f88f2d927d6f46b61bcede5abfb104e5b57 + path=ap7fbbm31w9xd131hj7bb9d2nfxq30k6/nix-2.32.4-aarch64-linux.tar.xz + system=aarch64-linux + ;; + Linux.armv6l) + hash=6d2d7b0efab456b83e11bf246e4f1c97b1d7db99bf368ee820097ec5bfd2eae0 + path=5n1c1llpz40q0q5hsjb3nylj1a13c44q/nix-2.32.4-armv6l-linux.tar.xz + system=armv6l-linux + ;; + Linux.armv7l) + hash=13a97cdf6abf7d864a215c4a098e4e3644802a4dcb42ec176acea9531fba2b1f + path=8llv3935a12x12vdrxgdax01i2pqklvl/nix-2.32.4-armv7l-linux.tar.xz + system=armv7l-linux + ;; + Linux.riscv64) + hash=be62d66966ac8e08b664bba748e31ec9ad5cc73edc69766794728ac02e4e0f73 + path=qwkciyhb8kp44l93rz5p5sdjhc11b4dd/nix-2.32.4-riscv64-linux.tar.xz + system=riscv64-linux + ;; + Darwin.x86_64) + hash=140454e17ba481e4b1292417192dc664c613695ee2e5350e72bd13a2607e12b5 + path=442k6y40chrxx7m0rqlrgcmgdfvk9af4/nix-2.32.4-x86_64-darwin.tar.xz + system=x86_64-darwin + ;; + Darwin.arm64|Darwin.aarch64) + hash=073c1f99d372492264601b78f5794b5db418d0654370b47f39d24aeb6cc1a7e6 + path=h6fkcd48cj9ycp1p9vgjb5kdllcjsqvs/nix-2.32.4-aarch64-darwin.tar.xz + system=aarch64-darwin + ;; + *) oops "sorry, there is no binary distribution of Nix for your platform";; +esac + +# Use this command-line option to fetch the tarballs using nar-serve or Cachix +if [ "${1:-}" = "--tarball-url-prefix" ]; then + if [ -z "${2:-}" ]; then + oops "missing argument for --tarball-url-prefix" + fi + url=${2}/${path} + shift 2 +else + url=https://releases.nixos.org/nix/nix-2.32.4/nix-2.32.4-$system.tar.xz +fi + +tarball=$tmpDir/nix-2.32.4-$system.tar.xz + +require_util tar "unpack the binary tarball" +if [ "$(uname -s)" != "Darwin" ]; then + require_util xz "unpack the binary tarball" +fi + +if command -v curl > /dev/null 2>&1; then + fetch() { curl --fail -L "$1" -o "$2"; } +elif command -v wget > /dev/null 2>&1; then + fetch() { wget "$1" -O "$2"; } +else + oops "you don't have wget or curl installed, which I need to download the binary tarball" +fi + +echo "downloading Nix 2.32.4 binary tarball for $system from '$url' to '$tmpDir'..." +fetch "$url" "$tarball" || oops "failed to download '$url'" + +if command -v sha256sum > /dev/null 2>&1; then + hash2="$(sha256sum -b "$tarball" | cut -c1-64)" +elif command -v shasum > /dev/null 2>&1; then + hash2="$(shasum -a 256 -b "$tarball" | cut -c1-64)" +elif command -v openssl > /dev/null 2>&1; then + hash2="$(openssl dgst -r -sha256 "$tarball" | cut -c1-64)" +else + oops "cannot verify the SHA-256 hash of '$url'; you need one of 'shasum', 'sha256sum', or 'openssl'" +fi + +if [ "$hash" != "$hash2" ]; then + oops "SHA-256 hash mismatch in '$url'; expected $hash, got $hash2" +fi + +unpack=$tmpDir/unpack +mkdir -p "$unpack" +tar -xJf "$tarball" -C "$unpack" || oops "failed to unpack '$url'" + +script=$(echo "$unpack"/*/install) + +[ -e "$script" ] || oops "installation script is missing from the binary tarball!" +export INVOKED_FROM_INSTALL_IN=1 +"$script" "$@" + +} # End of wrapping \ No newline at end of file diff --git a/scripts/nix-maintain.sh b/scripts/nix-maintain.sh index a212f3f..6da6c10 100755 --- a/scripts/nix-maintain.sh +++ b/scripts/nix-maintain.sh @@ -5,11 +5,13 @@ set -e HOST=$(hostname) FLAKE_PATH="${HOME}/nixConfig" +nix-channel --update + echo "๐Ÿ” Rebuilding system for host: $HOST" sudo nixos-rebuild switch --flake "$FLAKE_PATH#$HOST" echo "๐Ÿงน Collecting garbage..." -sudo nix-collect-garbage -d +sudo nix-collect-garbage --delete-older-than 15d nix store gc echo "โœ… System rebuilt and cleaned." diff --git a/secrets/.sops.yaml b/secrets/.sops.yaml index e3abd11..3537c0b 100644 --- a/secrets/.sops.yaml +++ b/secrets/.sops.yaml @@ -1,3 +1,4 @@ creation_rules: - age: - age1wjvdck3ec0ac49xcckqazv2hswgut90t6nlwu72fs6hm7fzr7ejqz73pe8 + - age1f2c62m6z2nt66gtn3ffs79mn4tvutwq6e3l5jappwjkdpnep8arsw7fnkz