Install sops for encrypting kubernetes secrets.

nix/configuration/configuration.nix

@@ -63,6 +63,10 @@
     ./roles/shipwright
     ./roles/2ship2harkinian
     ./roles/nix_index
+    ./roles/flux
+    ./roles/tekton
+    ./roles/gnuplot
+    ./roles/sops
   ];
 
   nix.settings.experimental-features = [
@@ -152,6 +156,9 @@
     ncdu
     nix-tree
     libarchive # bsdtar
+    lsof
+    doas-sudo-shim # To support --use-remote-sudo for remote builds
+    dmidecode # Read SMBIOS information.
   ];
 
   services.openssh = {

nix/configuration/flake.lock

@@ -135,11 +135,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1737762889,
-        "narHash": "sha256-5HGG09bh/Yx0JA8wtBMAzt0HMCL1bYZ93x4IqzVExio=",
+        "lastModified": 1738378034,
+        "narHash": "sha256-mldSa2NhDlnjqeSSFTNnkXIDrCLltpJfhrHUMBBKEiY=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "daf04c5950b676f47a794300657f1d3d14c1a120",
+        "rev": "801ddd8693481866c2cfb1efd44ddbae778ea572",
         "type": "github"
       },
       "original": {
@@ -191,11 +191,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1737885589,
-        "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=",
+        "lastModified": 1738142207,
+        "narHash": "sha256-NGqpVVxNAHwIicXpgaVqJEJWeyqzoQJ9oc8lnK9+WC4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8",
+        "rev": "9d3ae807ebd2981d593cddd0080856873139aa40",
         "type": "github"
       },
       "original": {

nix/configuration/hosts/neelix/default.nix

@@ -21,7 +21,7 @@
   boot.initrd.kernelModules = [ "i915" ];
 
   # Mount tmpfs at /tmp
-  boot.tmp.useTmpfs = true;
+  # boot.tmp.useTmpfs = true;
 
   me.bluetooth.enable = true;
   me.emacs_flavor = "plainmacs";

nix/configuration/hosts/odo/default.nix

@@ -1,4 +1,9 @@
-{ config, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 {
   imports = [
     ./hardware-configuration.nix
@@ -7,6 +12,7 @@
     ./power_management.nix
     ./screen_brightness.nix
     ./wifi.nix
+    ./framework_module.nix
   ];
 
   # Generate with `head -c4 /dev/urandom | od -A none -t x4`
@@ -27,8 +33,15 @@
 
   environment.systemPackages = with pkgs; [
     fw-ectool
+    framework-tool
   ];
 
+  # Enable light sensor
+  # hardware.sensor.iio.enable = lib.mkDefault true;
+
+  # Enable TRIM
+  # services.fstrim.enable = lib.mkDefault true;
+
   me.alacritty.enable = true;
   me.ansible.enable = true;
   me.ares.enable = true;
@@ -38,7 +51,9 @@
   me.docker.enable = true;
   me.emacs_flavor = "full";
   me.firefox.enable = true;
+  me.flux.enable = true;
   me.git.config = ../../roles/git/files/gitconfig_home;
+  me.gnuplot.enable = true;
   me.gpg.enable = true;
   me.graphical = true;
   me.graphics_card_type = "amd";
@@ -52,9 +67,11 @@
   me.python.enable = true;
   me.qemu.enable = true;
   me.rust.enable = true;
+  me.sops.enable = true;
   me.sound.enable = true;
   me.steam.enable = true;
   me.sway.enable = true;
+  me.tekton.enable = true;
   me.terraform.enable = true;
   me.vnc_client.enable = true;
   me.vscode.enable = true;

nix/configuration/hosts/odo/framework_module.nix

@@ -0,0 +1,23 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  config = lib.mkMerge [
+    {
+      boot.extraModulePackages = with config.boot.kernelPackages; [
+        framework-laptop-kmod
+      ];
+      # https://github.com/DHowett/framework-laptop-kmod?tab=readme-ov-file#usage
+      boot.kernelModules = [
+        "cros_ec"
+        "cros_ec_lpcs"
+      ];
+    }
+  ];
+}

nix/configuration/roles/docker/default.nix

@@ -56,6 +56,32 @@
           # };
         };
 
+        systemd.services.link-docker-creds = {
+          # Contains credentials so it cannot be added to the nix store
+          enable = true;
+          description = "link-docker-creds";
+          wantedBy = [ "multi-user.target" ];
+          wants = [ "multi-user.target" ];
+          after = [ "multi-user.target" ];
+          # path = with pkgs; [
+          #   zfs
+          # ];
+          unitConfig.DefaultDependencies = "no";
+          serviceConfig = {
+            Type = "oneshot";
+            RemainAfterExit = "yes";
+          };
+          script = ''
+            if [ -e /persist/manual/docker/config.json ]; then
+              install --directory --owner talexander --group talexander --mode 0700 /home/talexander/.docker
+              ln -s /persist/manual/docker/config.json /home/talexander/.docker/config.json
+            fi
+          '';
+          preStop = ''
+            rm -f /home/talexander/.docker/config.json
+          '';
+        };
+
         # Needed for non-rootless docker
         users.users.talexander.extraGroups = [ "docker" ];
       }

nix/configuration/roles/emacs/default.nix

@@ -129,6 +129,8 @@ in
                     final.shellcheck
                     final.cmake-language-server
                     final.cmake # Used by cmake-language-server
+                    final.rust-analyzer
+                    final.nodePackages_latest.prettier # Format yaml, json, and JS
                   ]
                 }
               '';

nix/configuration/roles/emacs/files/emacs/elisp/base-extensions.el

@@ -51,6 +51,7 @@
 ;; Persist history over Emacs restarts. Vertico sorts by history position.
 (use-package savehist
   ;; This is an emacs built-in but we're pulling the latest version
+  :pin gnu
   :config
   (savehist-mode))
 
@@ -60,8 +61,16 @@
   (which-key-mode))
 
 (use-package windmove
-  :config
-  (windmove-default-keybindings))
+  ;; This is an emacs built-in but we're pulling the latest version
+  :pin gnu
+  :bind
+  (
+   ("S-<up>" . windmove-up)
+   ("S-<right>" . windmove-right)
+   ("S-<down>" . windmove-down)
+   ("S-<left>" . windmove-left)
+   )
+  )
 
 (setq tramp-default-method "ssh")
 

nix/configuration/roles/emacs/files/emacs/elisp/lang-org.el

@@ -1,16 +1,23 @@
 (use-package org
   :ensure nil
   :commands org-mode
-  :bind (
+  :bind (:map org-mode-map
          ("C-c l" . org-store-link)
          ("C-c a" . org-agenda)
-         ("C--" . org-timestamp-down)
-         ("C-=" . org-timestamp-up)
+         ("S-<up>" . org-shiftup)
+         ("S-<right>" . org-shiftright)
+         ("S-<down>" . org-shiftdown)
+         ("S-<left>" . org-shiftleft)
          )
   :hook (
          (org-mode . (lambda ()
                        (org-indent-mode +1)
                        ))
+         ;; Make windmove work in Org mode:
+         (org-shiftup-final . windmove-up)
+         (org-shiftleft-final . windmove-left)
+         (org-shiftdown-final . windmove-down)
+         (org-shiftright-final . windmove-right)
          )
   :config
   (require 'org-tempo)

nix/configuration/roles/flux/default.nix

@@ -0,0 +1,29 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    flux.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install flux.";
+    };
+  };
+
+  config = lib.mkIf config.me.flux.enable (
+    lib.mkMerge [
+      {
+        environment.systemPackages = with pkgs; [
+          fluxcd
+        ];
+      }
+    ]
+  );
+}

nix/configuration/roles/gnuplot/default.nix

@@ -0,0 +1,29 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    gnuplot.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install gnuplot.";
+    };
+  };
+
+  config = lib.mkIf config.me.gnuplot.enable (
+    lib.mkMerge [
+      {
+        environment.systemPackages = with pkgs; [
+          gnuplot
+        ];
+      }
+    ]
+  );
+}

nix/configuration/roles/graphics/default.nix

@@ -37,6 +37,11 @@
           xorg.xeyes # to test which windows are using x11
         ];
         hardware.graphics.enable = true;
+        # hardware.graphics.enable32Bit = true;
+
+        # Vulkan Support (64-bit is enabled by default, 32-bit is disabled by default)
+        # hardware.opengl.driSupport = true; # This is already enabled by default
+        # hardware.opengl.driSupport32Bit = true; # For 32 bit applications
       })
     ]
   );

nix/configuration/roles/media/default.nix

@@ -17,6 +17,8 @@ let
         buildCommand = "${old.buildCommand}\n patchShebangs $out";
 
       });
+  kernel_version_check = lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.12";
+  nixos_version_check = lib.versionAtLeast (lib.versions.majorMinor lib.version) "25.05";
 in
 {
   imports = [ ];
@@ -35,6 +37,8 @@ in
       {
         environment.systemPackages = with pkgs; [
           ffmpeg
+          libva-utils # for vainfo
+          vdpauinfo
         ];
       }
       (lib.mkIf config.me.graphical {
@@ -59,6 +63,21 @@ in
           cast_file_vaapi
         ];
       })
+      (lib.mkIf (config.me.graphics_card_type == "amd") {
+        environment.sessionVariables = {
+          VDPAU_DRIVER = "radeonsi";
+        };
+      })
+      (lib.mkIf (config.me.graphics_card_type == "intel") {
+        hardware.graphics.extraPackages = with pkgs; [
+          intel-media-driver
+          libvdpau-va-gl # Support vdpau applications using va-api
+        ];
+
+        environment.sessionVariables = {
+          VDPAU_DRIVER = "va_gl";
+        };
+      })
     ]
   );
 }

nix/configuration/roles/network/default.nix

@@ -61,6 +61,7 @@
     iwd
     ldns # for drill
     arp-scan # To find devices on the network
+    wavemon
   ];
 
   boot.extraModprobeConfig = ''

nix/configuration/roles/rust/default.nix

@@ -1,3 +1,6 @@
+# MANUAL: rustup target add x86_64-unknown-linux-musl
+# MANUAL: rustup target add wasm32-unknown-unknown
+# MANUAL: rustup component add rustc-codegen-cranelift
 {
   config,
   lib,
@@ -5,6 +8,21 @@
   ...
 }:
 
+let
+  cargo_wrapped =
+    package: prog:
+    pkgs.writeShellScriptBin "${prog}" ''
+      export PATH="$PATH:${
+        lib.makeBinPath [
+          pkgs.clang
+          pkgs.pkg-config # Needed for openssl-sys
+        ]
+      }"
+      # Needed for openssl-sys
+      export PKG_CONFIG_PATH="$PKG_CONFIG_PATH:${pkgs.openssl.dev}/lib/pkgconfig"
+      exec ${package}/bin/${prog} "''${@}"
+    '';
+in
 {
   imports = [ ];
 
@@ -24,7 +42,6 @@
           rustup
           lldb # for lldb-vscode
           musl # for building static binaries
-          rust-analyzer
           cargo-semver-checks
           # ? cargo-bloat
           # ? cargo-outdated
@@ -38,17 +55,89 @@
               ".cargo/config.toml" = {
                 source = ./files/cargo_config.toml;
               };
-              # # TODO: Figure out what to do with credentials.
-              # ".cargo/credentials.toml" = {
-              #   source = ./files/cargo_credentials.toml;
-              # };
+              ".rustup/settings.toml" = {
+                source = ./files/rustup_settings.toml;
+              };
             };
           };
 
+        environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
+          hideMounts = true;
+          users.talexander = {
+            directories = [
+              {
+                directory = ".rustup";
+                user = "talexander";
+                group = "talexander";
+                mode = "0755";
+              }
+              {
+                directory = ".cargo/registry";
+                user = "talexander";
+                group = "talexander";
+                mode = "0755";
+              }
+            ];
+          };
+        };
+
+        systemd.services.link-rust-creds = {
+          # Contains credentials so it cannot be added to the nix store
+          enable = true;
+          description = "link-rust-creds";
+          wantedBy = [ "multi-user.target" ];
+          wants = [ "multi-user.target" ];
+          after = [ "multi-user.target" ];
+          # path = with pkgs; [
+          #   zfs
+          # ];
+          unitConfig.DefaultDependencies = "no";
+          serviceConfig = {
+            Type = "oneshot";
+            RemainAfterExit = "yes";
+          };
+          script = ''
+            if [ -e /persist/manual/rust/cargo_credentials.toml ]; then
+              install --directory --owner talexander --group talexander --mode 0755 /home/talexander/.cargo
+              ln -s /persist/manual/rust/cargo_credentials.toml /home/talexander/.cargo/credentials.toml
+            fi
+          '';
+          preStop = ''
+            rm -f /home/talexander/.cargo/credentials.toml
+          '';
+        };
+
+        nixpkgs.overlays = [
+          (final: prev: {
+            rustup = pkgs.symlinkJoin {
+              name = "rustup";
+              paths =
+                (builtins.map (cargo_wrapped prev.rustup) [
+                  "cargo"
+                  "cargo-clippy"
+                  "cargo-fmt"
+                  "cargo-miri"
+                  "clippy-driver"
+                  "rls"
+                  "rust-analyzer"
+                  "rust-gdb"
+                  "rust-gdbgui"
+                  "rust-lldb"
+                  "rustc"
+                  "rustdoc"
+                  "rustfmt"
+                  "rustup"
+                ])
+                ++ [
+                  prev.rustup
+                ];
+              buildInputs = [ pkgs.makeWrapper ];
+            };
+          })
+        ];
       }
     ]
   );
 }
 
 # TODO: Install clippy, cranelift, rust-src
-# TODO: Install rust targets x86_64-unknown-linux-musl and wasm32-unknown-unknown

nix/configuration/roles/rust/files/rustup_settings.toml

@@ -0,0 +1,5 @@
+default_toolchain = "nightly-x86_64-unknown-linux-gnu"
+profile = "default"
+version = "12"
+
+[overrides]

nix/configuration/roles/sops/default.nix

@@ -0,0 +1,29 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    sops.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install sops.";
+    };
+  };
+
+  config = lib.mkIf config.me.sops.enable (
+    lib.mkMerge [
+      {
+        environment.systemPackages = with pkgs; [
+          sops # For encrypting kubernetes secrets.
+        ];
+      }
+    ]
+  );
+}

nix/configuration/roles/tekton/default.nix

@@ -0,0 +1,29 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    tekton.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install tekton.";
+    };
+  };
+
+  config = lib.mkIf config.me.tekton.enable (
+    lib.mkMerge [
+      {
+        environment.systemPackages = with pkgs; [
+          tektoncd-cli
+        ];
+      }
+    ]
+  );
+}

nix/configuration/roles/waybar/files/style.css

@@ -53,6 +53,7 @@
 }
 
 tooltip {
+  /* CSS for hover menu */
   background-color: #323232;
 }
 
@@ -183,7 +184,23 @@ tooltip {
 }
 
 #tray {
-  /* No styles */
+  /* CSS rules for the tray (not the right-click or hover menu) */
+}
+
+/* #tray menu menuitem */
+#tray menu {
+  /* CSS for right click menu */
+  background: #323232;
+  padding: 5px;
+  border: 1px solid white;
+}
+#tray menu menuitem {
+  /* CSS for menu items in the right click menu */
+}
+
+#tray menu menuitem:hover {
+  /* CSS for hovering over a right-click menu item. */
+  background-color: #434343;
 }
 
 #window {