add docker auto-pruning

.envrc

@@ -1,3 +1,4 @@
+#! /usr/bin/env bash
 # make this point to wherever your own es25519 ssh key is
 SOPS_AGE_KEY=$(ssh-to-age -i ~/.ssh/id_ed25519 -private-key)
 export SOPS_AGE_KEY

config/xonsh/aliases.py

@@ -4,22 +4,34 @@ from pathlib import Path
 import subprocess
 from socket import gethostname
 import colors
+from typing import Mapping
 
 def format_link(link: str, text: str) -> str:
     return f"\033]8;;{link}\033\\{text}\033]8;;\033\\"
 
-def run(cmd: list[str], cwd: Path = Path.cwd(), exit_on_error: bool = True, **kwargs) -> subprocess.CompletedProcess:
+def get_environment() -> dict[str, str]:
+    env = dict(environ)
+    env["DIRENV_DISABLE"] = "1"
+    return env
+
+def run(cmd: list[str], cwd: Path = Path.cwd(), exit_on_error: bool = True, env: dict[str, str] | None = None, **kwargs) -> subprocess.CompletedProcess:
+    if not env:
+        env = get_environment()
     c = colors.Colors
+
     print(f"{c.GREEN}Running command: {c.PURPLE}'{' '.join(cmd)}'{c.END}")
     if cwd != Path.cwd():
         print(f"{c.GREEN} 󱞩 in directory: {c.YELLOW}'{format_link(link="file://" + str(cwd), text=cwd)}'{c.END}")
-    result = subprocess.run(cmd, cwd=cwd, check=False, **kwargs)
+
+    result = subprocess.run(cmd, cwd=cwd, check=False, env=env, **kwargs)
+
     if result.returncode != 0:
         print(f"{c.RED}Command exited with non-zero exit code {c.CYAN}{c.BOLD}{result.returncode}{c.END}")
         if exit_on_error is True:
             result.check_returncode()
     else:
         print(f"{c.GREEN}Command exited with exit code {c.CYAN}{c.BOLD}{result.returncode}{c.END}")
+
     return result
 
 @aliases.register
@@ -49,6 +61,13 @@ def _vm(args):
 @aliases.register
 def _upd(args: list):
     path = Path("/etc/nixos")
+    possible_subcommands = ("switch", "boot")
+    subcommand = "switch"
+    for arg in args:
+        if arg in possible_subcommands:
+            subcommand = arg
+            args.remove(arg)
+            break
     if path.exists():
         c = colors.Colors
         files_to_delete = {
@@ -57,7 +76,7 @@ def _upd(args: list):
         }
         if not "--no-pull" in args:
             print(f"{c.BLUE}Pulling {c.YELLOW}NixOS{c.BLUE} configuration from remote{c.END}")
-            run["git", "pull", cwd=path]
+            run(["git", "pull"], cwd=path)
         else:
             args.remove("--no-pull")
         if "--rewrite-hardware-configuration" in args:
@@ -84,7 +103,7 @@ def _upd(args: list):
         args.append("--impure")
         if "--impure" in args:
             print(f"{c.RED}WARNING: The --impure flag is set!{c.END}")
-        run(["sudo", "nixos-rebuild", "switch", *args], cwd=path)
+        run(["sudo", "nixos-rebuild", subcommand, *args], cwd=path)
 
 @aliases.register
 def _lock(args):

home-manager/vscode.nix

@@ -420,7 +420,9 @@ rec {
           ru = true;
         };
         "terminal.integrated.defaultProfile.linux" = "xonsh";
+        "terminal.integrated.inheritEnv" = "true";
         "explorer.confirmPasteNative" = false;
+        "editor.formatOnSave" = true;
         "editor.renderWhitespace" = "none";
         "explorer.fileNesting.patterns" = {
           "*.ts" = "\${capture}.js";

nixos/configuration.nix

@@ -1,7 +1,12 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
-{ pkgs, config, hostname, ... }:
+{
+  pkgs,
+  config,
+  hostname,
+  ...
+}:
 {
   nix = {
     settings = {
@@ -18,10 +23,10 @@
 
   # install the most recent stable linux kernel
   /*
-  TODO: change this back to 'pkgs.linuxPackages_latest' once
+    TODO: change this back to 'pkgs.linuxPackages_latest' once
-  https://github.com/NixOS/nixpkgs/commit/c805021f3a95da44a1811f1235b997f57d893dc3
+    https://github.com/NixOS/nixpkgs/commit/c805021f3a95da44a1811f1235b997f57d893dc3
-  and https://github.com/NixOS/nixpkgs/pull/375838
+    and https://github.com/NixOS/nixpkgs/pull/375838
-  trickle down to nixos-unstable
+    trickle down to nixos-unstable
   */
   boot.kernelPackages = pkgs.linuxPackages_6_12;
 
@@ -79,11 +84,11 @@
 
   # Add /etc/current-system-packages
   environment.etc."current-system-packages".text =
-  let
+    let
-    packages = builtins.map (p: "${p.name}") config.environment.systemPackages;
+      packages = builtins.map (p: "${p.name}") config.environment.systemPackages;
-    sortedUnique = builtins.sort builtins.lessThan (pkgs.lib.lists.unique packages);
+      sortedUnique = builtins.sort builtins.lessThan (pkgs.lib.lists.unique packages);
-    formatted = builtins.concatStringsSep "\n" sortedUnique;
+      formatted = builtins.concatStringsSep "\n" sortedUnique;
-  in
+    in
     formatted;
 
   # Enable CUPS to print documents.
@@ -132,17 +137,27 @@
   # programs.mtr.enable = true;
   programs.gnupg.agent = {
     enable = true;
-    enableSSHSupport = true;
+    # enableSSHSupport = true;
+    enableExtraSocket = true; # VSCode devcontainers require this
+  };
+  programs.ssh = {
+    startAgent = true;
+    extraConfig = ''
+      AddKeysToAgent yes
+      IdentityFile ~/.ssh/id_ed25519
+    '';
   };
 
   # PAM modules
   security.pam = {
-    loginLimits = [{
+    loginLimits = [
-      domain = "*";
+      {
-      type = "soft";
+        domain = "*";
-      item = "nofile";
+        type = "soft";
-      value = 8192;
+        item = "nofile";
-    }];
+        value = 8192;
+      }
+    ];
   };
 
   # List services that you want to enable:

nixos/development.nix

@@ -10,6 +10,9 @@
   programs.direnv = {
     enable = true;
     nix-direnv.enable = true;
+    direnvrcExtra = ''
+    ''${DIRENV_DISABLE:+exit}
+    '';
   };
 
   nix.extraOptions = ''

nixos/gaming.nix

@@ -58,6 +58,7 @@
     ryujinx-greemdev
     protonup-qt
     winetricks
+    #(pkgs.callPackage ../packages/lucem.nix { inherit pkgs; })
     vinegar # Roblox Studio, use Sober in ./flatpak.nix for the Roblox Player
     celeste64
   ];

nixos/gui-pkgs.nix

@@ -52,6 +52,14 @@ in
   programs.partition-manager.enable = true;
   programs.kdeconnect.enable = true;
 
+  programs.ssh = {
+    enableAskPassword = true;
+    askPassword = pkgs.lib.mkForce "${pkgs.ksshaskpass.out}/bin/ksshaskpass";
+  };
+  environment.variables = {
+    SSH_ASKPASS_REQUIRE = "prefer";
+  };
+
   fonts = {
     enableDefaultPackages = true;
     fontDir.enable = true;

nixos/pkg.nix

@@ -74,6 +74,10 @@ in
   # install docker
   virtualisation.docker = {
     enable = true;
+    autoPrune = {
+      enable = true;
+      dates = "daily";
+    };
   };
 
   # remove nano

packages/lucem.nix

@@ -0,0 +1,55 @@
+{
+  pkgs,
+  lib,
+  ...
+}:
+pkgs.stdenv.mkDerivation rec {
+  pname = "lucem";
+  version = "2.1.2";
+
+  src = pkgs.fetchFromGitHub {
+    owner = "xTrayambak";
+    repo = "lucem";
+    rev = version;
+    hash = "sha256-31EdtCQftxhpp2b7fpM5XqRh+r0rBE/k9SpYEPpGpV0=";
+  };
+
+  nativeBuildInputs = with pkgs; [
+    gtk4.dev
+    libadwaita.dev
+    pkg-config
+    openssl.dev
+    curl.dev
+    xorg.libX11
+    xorg.libXcursor.dev
+    xorg.libXrender
+    xorg.libXext
+    libxkbcommon
+    libGL.dev
+    wayland.dev
+    wayland-protocols
+    wayland-scanner.dev
+    nimble
+  ];
+
+  buildPhase = ''
+    runHook preBuild
+    nimble build
+    runHook postBuild
+  '';
+
+  installPhase = ''
+    runHook preInstall
+    runHook postInstall
+  '';
+
+  meta = {
+    description = "An open-source bootstrapper for Sober, similar to Bloxstrap.";
+    homepage = "https://github.com/xTrayambak/lucem";
+    downloadPage = "https://github.com/xTrayambak/lucem/releases/tag/${version}";
+    license = lib.licenses.mit; # https://github.com/xTrayambak/lucem/blob/31f996b64edafba1d75e16130bcb14576a326ebd/lucem.nimble#L6
+    platforms = lib.platforms.linux;
+    maintainers = with lib.maintainers; [ cswimr ];
+    mainProgram = "lucem";
+  };
+}