Added qutebrowser

Installed and configured Yggdrasil; ported rustnet and install; GRUB
trial of USB Live stick

flake.lock

@@ -2,11 +2,11 @@
   "nodes": {
     "nixpkgs": {
       "locked": {
-        "lastModified": 1768127708,
+        "lastModified": 1771008912,
-        "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=",
+        "narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38",
+        "rev": "a82ccc39b39b621151d6732718e3e250109076fa",
         "type": "github"
       },
       "original": {

hosts/puter/default.nix

@@ -8,6 +8,7 @@
     ./syncthing.nix
     ./packages.nix
     ./wireguard.nix
+    ./prometheus-node-exporter.nix
     #./remotebuild_user.nix
     # DE
     ../../modules/de/multiple-dms.nix
@@ -15,17 +16,17 @@
     ../../modules/de/gnome.nix
     ../../modules/common/pipewire.nix
     ../../modules/userapps/kondo_timer.nix
-    ../../modules/userapps/gaming.nix
+    #../../modules/userapps/gaming.nix
     ../../modules/common/nix.nix
     ../../modules/common/networking.nix
     ../../modules/common/shell.nix
     ../../modules/common/security.nix
-    ../../modules/common/wine.nix
+    #../../modules/common/wine.nix
     ../../modules/common/libvirt.nix
     ../../modules/common/keyd.nix
+    ../../modules/common/unbound-cloud.nix
+    #../../modules/common/yggdrasil.nix
   ];
   networking.hostName = "puter";
   # This will be overridden by system/default.nix
-  system.stateVersion = "24.05";
-  security.pki.certificates = ["/home/user/.config/bigbox.local.crt"];
 }

hosts/puter/hardware-configuration.nix

@@ -61,10 +61,11 @@
 
   environment.sessionVariables = {LIBVA_DRIVER_NAME = "i965";};
 
-  hardware.facetimehd = {
+  # seems to be EOL "NixOS has built-in facetimehd support starting 16.03."
-    enable = true;
+  #hardware.facetimehd = {
-    withCalibration = true;
+  #  enable = true;
-  };
+  #  withCalibration = true;
+  #};
 
   #services.logind = {
   #  lidSwitch = "ignore";

hosts/puter/prometheus-node-exporter.nix

@@ -0,0 +1,27 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters
+  # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix
+  services.prometheus.exporters.node = {
+    enable = true;
+    port = 9100;
+    # For the list of available collectors, run, depending on your install:
+    # - Flake-based: nix run nixpkgs#prometheus-node-exporter -- --help
+    # - Classic: nix-shell -p prometheus-node-exporter --run "node_exporter --help"
+    enabledCollectors = [
+      "ethtool"
+      "softirqs"
+      "systemd"
+      "tcpstat"
+      "wifi"
+    ];
+    # You can pass extra options to the exporter using `extraFlags`, e.g.
+    # to configure collectors or disable those enabled by default.
+    # Enabling a collector is also possible using "--collector.[name]",
+    # but is otherwise equivalent to using `enabledCollectors` above.
+    # extraFlags = [ "--collector.ntp.protocol-version=4" "--no-collector.mdadm" ];
+  };
+}

hosts/puter/syncthing.nix

@@ -24,7 +24,7 @@
           id = "RFFXZJI-HJTEDCU-M7MU3SW-M7DJK4U-MESRKYA-OGHYOSG-KNZO7JB-6LQ5VAE";
         };
         "cloudhaus" = {
-          id = "B3WJKAE-KJFKO7G-CKOOLCO-EDC2AFV-EP5DB52-HWPLOMQ-6M5VJON-JBQEXAJ";
+          id = "7EQ6YAC-HIHCOR7-KQ6XJID-FHC7AYA-GZ3E7OY-24P5XPH-TV7FKA6-DGPTYQT";
         };
       };
       folders = {

hosts/puter/wireguard.nix

@@ -9,12 +9,18 @@
       listenPort = 5553;
       privateKeyFile = "/etc/wireguard/wg0.key";
       peers = [
-              { # cloudhaus
+        {
+          # cloudhaus
           publicKey = "SOqdU6uku2t0l8lGBDEnwDNHrb5Nk/64qA6++mGa+CI=";
           allowedIPs = ["10.0.0.1/32"];
           endpoint = "46.62.255.194:51820";
           persistentKeepalive = 25;
-              }];
+        }
+      ];
     };
   };
+  networking.firewall.allowedTCPPorts = [9100];
+  networking.firewall.interfaces = {
+    wg0.allowedTCPPorts = [9100];
+  };
 }

modules/common/rustnet.nix

@@ -0,0 +1,27 @@
+{pkgs ? import <nixpkgs> {}}:
+pkgs.stdenv.mkDerivation rec {
+  pname = "rustnet";
+  version = "0.18.0";
+
+  src = pkgs.fetchurl {
+    url = "https://github.com/domcyrus/rustnet/releases/download/v${version}/rustnet-v${version}-x86_64-unknown-linux-musl.tar.gz";
+    hash = "sha256-yAjemn3Qi0GjTG5u7UEXHBJFTCd6ctVacV5UoAX7bWA=";
+  };
+
+  sourceRoot = "rustnet-v${version}-x86_64-unknown-linux-musl";
+
+  installPhase = ''
+    runHook preInstall
+    # 1. Install the binary
+    install -m755 -D rustnet $out/bin/rustnet
+    runHook postInstall
+  '';
+
+  meta = with pkgs.lib; {
+    description = "A cross-platform network monitoring terminal UI tool built with Rust.";
+    #maintainers = lib.maintainers.0x545a;
+    #license = lib.licenses.asl20;
+    homepage = "https://github.com/domcyrus/rustnet";
+    platforms = ["x86_64-linux"];
+  };
+}

modules/common/unbound-cloud.nix

@@ -0,0 +1,38 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  services.unbound = {
+    enable = true;
+    settings = {
+      server = {
+        # Listen only locally
+        interface = ["127.0.0.1"];
+        port = 53;
+        access-control = ["127.0.0.1 allow"];
+
+        # Recommended hardening
+        harden-glue = true;
+        harden-dnssec-stripped = true;
+        use-caps-for-id = false;
+
+        # Performance
+        prefetch = true;
+        edns-buffer-size = 1232;
+
+        # Privacy
+        hide-identity = true;
+        hide-version = true;
+      };
+
+      forward-zone = [
+        {
+          name = ".";
+          forward-addr = ["46.62.255.194@853"];
+          forward-tls-upstream = true; # Enable DoT
+        }
+      ];
+    };
+  };
+}

modules/common/weathr.nix

@@ -0,0 +1,39 @@
+{ lib
+, rustPlatform
+, fetchFromGitHub
+, pkg-config
+}:
+
+rustPlatform.buildRustPackage rec {
+  pname = "weathr";
+  version = "1.3.0"; # Use the latest version from the repository
+
+  src = fetchFromGitHub {
+    owner = "veirt";
+    repo = "weathr";
+    rev = "v${version}"; # Tags are in the format "v1.3.0"
+    hash = "sha256-JwI5a+O5Nu39Nr0st5yBLTM5kPLC8UIGAoBMqxnOOl4="; # Replace with the actual hash after the first build attempt
+  };
+
+  # Use this for the initial build to let Nix tell you the correct hash
+  cargoHash = "sha256-Yj1WxpOLL8GiVpCebPZQgdw+L9g+4CNY7n2z8PJQz4k=";
+
+
+  nativeBuildInputs = [
+    pkg-config
+  ];
+
+  doCheck = false;
+
+  #postInstall = ''
+  #'';
+
+  meta = with lib; {
+    description = "A terminal weather app with ASCII animations driven by real-time weather data";
+    homepage = "https://github.com/veirt/weathr";
+    #changelog = "https://github.com/veirt/weathr/blob/v${version}/CHANGELOG.md"; # Check if a CHANGELOG.md exists
+    license = licenses.gpl3Only;
+    # maintainers = with maintainers; [ ]; # Add your handle if you plan to upstream
+    mainProgram = "weathr";
+  };
+}

modules/common/yggdrasil.nix

@@ -0,0 +1,22 @@
+{pkgs, ...}: {
+  services.yggdrasil = {
+    enable = true;
+    persistentKeys = false;
+    # The NixOS module will generate new keys and a new IPv6 address each time
+    # it is started if persistentKeys is not enabled.
+
+    settings = {
+      Peers = [
+        # Yggdrasil will automatically connect and "peer" with other nodes it
+        # discovers via link-local multicast announcements. Unless this is the
+        # case (it probably isn't) a node needs peers within the existing
+        # network that it can tunnel to.
+        #"tcp://185.165.169.234:8880"
+        #"tls://185.165.169.234:8443"
+        "tcp://10.0.0.1:4242"
+        # Public peers can be found at
+        # https://github.com/yggdrasil-network/public-peers
+      ];
+    };
+  };
+}

modules/de/multiple-dms.nix

@@ -9,42 +9,5 @@
     xkb.variant = "intl";
   };
 
-  services.displayManager.ly = {
+  services.displayManager.gdm.enable = true;
-    enable = true;
-    settings = {
-      path = "/run/current-system/sw/bin";
-      restart_cmd = "/run/current-system/systemd/bin/systemctl reboot";
-      service_name = "ly";
-      setup_cmd = "/nix/store/vksm36a608j7szhxn0bcnv5rna9xhxk5-xsession-wrapper";
-      shutdown_cmd = "/run/current-system/systemd/bin/systemctl poweroff";
-      term_reset_cmd = "/nix/store/yijhn548p2589pkybgvbhll09bqsxy0q-ncurses-6.5/bin/tput reset";
-      term_restore_cursor_cmd = "/nix/store/yijhn548p2589pkybgvbhll09bqsxy0q-ncurses-6.5/bin/tput cnorm";
-      # tty = "1";
-      waylandsessions = "/nix/store/1dp80bvcnaq30mh6728lc34xhbjp15zx-desktops/share/wayland-sessions";
-      x_cmd = "/nix/store/a1v7dyv80s5xd19in89h9i3wnll02ns5-xserver-wrapper";
-      xauth_cmd = "/nix/store/s7c6j1cp1xmx8l4ggwx90f51zn9ih0wz-xauth-1.1.4/bin/xauth";
-      xsessions = "/nix/store/1dp80bvcnaq30mh6728lc34xhbjp15zx-desktops/share/xsessions";
-      bigclock = "en";
-      bigclock_seconds = "true";
-      box_title = "Puter";
-      brightness_down_cmd = "bindsym XF86MonBrightnessDown exec light - U 5";
-      brightness_up_cmd = "bindsym XF86MonBrightnessUp exec light - A 5";
-      animation = "colormix";
-      battery_id = "BAT0";
-      bg = "0x00000000";
-      # Error background color id
-      error_bg = "0x00000000";
-      # Default is red and bold
-      error_fg = "0x01FF0000";
-      # Color mixing animation first color id
-      colormix_col1 = "0x66537B";
-      # Color mixing animation second color id
-      colormix_col2 = "0x292134";
-      # Color mixing animation third color id
-      colormix_col3 = "0x110D13";
-      # Foreground color id
-      fg = "0xB4BEFE";
-    };
-  };
-  # services.displayManager.gdm.enable = true;
 }

modules/userapps/internet.nix

@@ -12,6 +12,7 @@
     ungoogled-chromium
     tor-browser
     librewolf
+    qutebrowser
     transmission_4-gtk
     bitwarden-desktop
   ];

modules/userapps/productivity.nix

@@ -13,5 +13,6 @@
     anki-bin
     pomodoro-gtk
     #ticker
+    zathura
   ];
 }

modules/userapps/utils.nix

@@ -2,7 +2,10 @@
   config,
   pkgs,
   ...
-}: {
+}: let
+  rustnet = pkgs.callPackage ../../modules/common/rustnet.nix {};
+  weathr = pkgs.callPackage ../common/weathr.nix {};
+in {
   programs.neovim = {defaultEditor = true;};
   environment.systemPackages = with pkgs; [
     parallel-disk-usage
@@ -27,5 +30,7 @@
     just
     nh
     tty-clock
+    rustnet
+    weathr
   ];
 }