qbit/xin
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

all: switch to nixpkgs-fmt

Browse Source
This commit is contained in:
Aaron Bieber 2023-09-12 08:44:05 -06:00
parent dcd0acbdd7
commit a0228f4226
No known key found for this signature in database
143 changed files with 3151 additions and 2994 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
bin/fmt
View File

@ -2,11 +2,12 @@
set -e set -e
find . -name \*.nix -exec nix fmt -- -q {} \+ find . -name \*.nix -exec nix fmt {} \+
find . -name \*.sh -exec shfmt -w {} \+ find . -name \*.sh -exec shfmt -w {} \+
deadnix -f . deadnix -f .
shfmt -w bin/deploy shfmt -w bin/deploy
shfmt -w bin/mkboot shfmt -w bin/mkboot
# TODO: https://github.com/nerdypepper/statix/issues/68 # TODO: https://github.com/nerdypepper/statix/issues/68
statix check --ignore lib/default.nix . #statix check --ignore lib/default.nix .
statix check .

2
bins/check-restart.nix
View File

@ -1,4 +1,4 @@
{perl}: '' { perl }: ''
#!${perl}/bin/perl #!${perl}/bin/perl
use strict; use strict;

25
bins/default.nix
View File

@ -1,25 +1,26 @@
{ { pkgs
pkgs, , isUnstable
isUnstable, , ...
... }:
}: let let
gosignify = pkgs.callPackage ../pkgs/gosignify.nix {inherit isUnstable;}; gosignify = pkgs.callPackage ../pkgs/gosignify.nix { inherit isUnstable; };
ix = pkgs.writeScriptBin "ix" (import ./ix.nix {inherit (pkgs) perl;}); ix = pkgs.writeScriptBin "ix" (import ./ix.nix { inherit (pkgs) perl; });
checkRestart = checkRestart =
pkgs.writeScriptBin "check-restart" pkgs.writeScriptBin "check-restart"
(import ./check-restart.nix {inherit (pkgs) perl;}); (import ./check-restart.nix { inherit (pkgs) perl; });
xinStatus = xinStatus =
pkgs.writeScriptBin "xin-status" pkgs.writeScriptBin "xin-status"
(import ./xin-status.nix {inherit (pkgs) perl perlPackages;}); (import ./xin-status.nix { inherit (pkgs) perl perlPackages; });
tstart = tstart =
pkgs.writeScriptBin "tstart" (import ./tstart.nix {inherit (pkgs) tmux;}); pkgs.writeScriptBin "tstart" (import ./tstart.nix { inherit (pkgs) tmux; });
sfetch = pkgs.writeScriptBin "sfetch" (import ./sfetch.nix { sfetch = pkgs.writeScriptBin "sfetch" (import ./sfetch.nix {
inherit gosignify; inherit gosignify;
inherit (pkgs) curl; inherit (pkgs) curl;
}); });
genPatches = pkgs.callPackage ./gen-patches.nix {}; genPatches = pkgs.callPackage ./gen-patches.nix { };
in { in
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
checkRestart checkRestart
genPatches genPatches

18
bins/gen-patches.nix
View File

@ -1,13 +1,13 @@
{ { writeShellApplication
writeShellApplication, , diffutils
diffutils, , findutils
findutils, , coreutils
coreutils, , ...
... }:
}: let let
genPatches = writeShellApplication { genPatches = writeShellApplication {
name = "gen-patches"; name = "gen-patches";
runtimeInputs = [diffutils findutils coreutils]; runtimeInputs = [ diffutils findutils coreutils ];
text = '' text = ''
suffix=".orig" suffix=".orig"
srcdir=$PWD srcdir=$PWD
@ -52,4 +52,4 @@
''; '';
}; };
in in
genPatches genPatches

6
bins/icb-irc-tunnel.nix
View File

@ -1,6 +1,6 @@
{ { pkgs
pkgs, , icbirc
icbirc, ,
}: '' }: ''
#!${pkgs.yash}/bin/yash #!${pkgs.yash}/bin/yash
${pkgs.procps}/bin/pkill icbirc ${pkgs.procps}/bin/pkill icbirc

2
bins/ix.nix
View File

@ -1,4 +1,4 @@
{perl}: '' { perl }: ''
#!${perl}/bin/perl #!${perl}/bin/perl
use strict; use strict;

6
bins/rage.nix
View File

@ -1,4 +1,5 @@
{pkgs}: let { pkgs }:
let
oathPkg = pkgs.oath-toolkit or pkgs.oathToolkit; oathPkg = pkgs.oath-toolkit or pkgs.oathToolkit;
wlclip = wlclip =
if pkgs.system == "aarch64-darwin" if pkgs.system == "aarch64-darwin"
@ -8,7 +9,8 @@
if pkgs.system == "aarch64-darwin" if pkgs.system == "aarch64-darwin"
then "pbcopy" then "pbcopy"
else "${pkgs.xclip}/bin/xclip"; else "${pkgs.xclip}/bin/xclip";
in '' in
''
#!${pkgs.yash}/bin/yash #!${pkgs.yash}/bin/yash
set -e set -e

14
bins/restic.nix
View File

@ -1,16 +1,16 @@
{ { lib
lib, , pkgs
pkgs, , config
config, , ...
...
}: }:
assert (builtins.length assert (builtins.length
(lib.mapAttrsToList (a: _: a) config.services.restic.backups)) (lib.mapAttrsToList (a: _: a) config.services.restic.backups))
<= 1; let <= 1; let
resticBin = "${pkgs.restic}/bin/restic"; resticBin = "${pkgs.restic}/bin/restic";
cfg = config.services.restic.backups; cfg = config.services.restic.backups;
bkp = lib.mapAttrs' (_: lib.nameValuePair "default") cfg; bkp = lib.mapAttrs' (_: lib.nameValuePair "default") cfg;
in '' in
''
#!/usr/bin/env sh #!/usr/bin/env sh
set -e set -e

14
bins/rpr.nix
View File

@ -1,12 +1,14 @@
{ { tea
tea, , gh
gh, , hut
hut, ,
}: let }:
let
teaBin = "${tea}/bin/tea"; teaBin = "${tea}/bin/tea";
ghBin = "${gh}/bin/gh"; ghBin = "${gh}/bin/gh";
htBin = "${hut}/bin/hut"; htBin = "${hut}/bin/hut";
in '' in
''
#!/usr/bin/env sh #!/usr/bin/env sh
set -eu set -eu

6
bins/sfetch.nix
View File

@ -1,6 +1,6 @@
{ { curl
curl, , gosignify
gosignify, ,
}: '' }: ''
#!/usr/bin/env sh #!/usr/bin/env sh

6
bins/tstart.nix
View File

@ -1,6 +1,8 @@
{tmux}: let { tmux }:
let
tmuxBin = "${tmux}/bin/tmux"; tmuxBin = "${tmux}/bin/tmux";
in '' in
''
#!/usr/bin/env sh #!/usr/bin/env sh
set -e set -e

7
bins/xin-status.nix
View File

@ -1,7 +1,6 @@
{ { perl
perl, , perlPackages
perlPackages, , ...
...
}: '' }: ''
#!${perl}/bin/perl #!${perl}/bin/perl

28
configs/ca.nix
View File

@ -1,12 +1,12 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , ...
... }:
}: let let
cfg = config.services.xinCA; cfg = config.services.xinCA;
in in
with lib; { with lib; {
options = { options = {
services.xinCA = { services.xinCA = {
enable = mkEnableOption "Configure host as a xin certificate authority."; enable = mkEnableOption "Configure host as a xin certificate authority.";
@ -21,7 +21,7 @@ in
}; };
}; };
imports = [../modules/ts-rev-prox.nix]; imports = [ ../modules/ts-rev-prox.nix ];
config = mkIf cfg.enable { config = mkIf cfg.enable {
sops.secrets = { sops.secrets = {
ca_password = { ca_password = {
@ -67,9 +67,9 @@ in
}; };
}; };
networking.hosts = {"127.0.0.1" = ["ca.bolddaemon.com"];}; networking.hosts = { "127.0.0.1" = [ "ca.bolddaemon.com" ]; };
environment.sessionVariables = {STEPPATH = "/var/lib/step-ca";}; environment.sessionVariables = { STEPPATH = "/var/lib/step-ca"; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
step-cli step-cli
step-kms-plugin step-kms-plugin
@ -86,8 +86,8 @@ in
root = config.sops.secrets."root_ca.crt".path; root = config.sops.secrets."root_ca.crt".path;
crt = config.sops.secrets."intermediate_ca.crt".path; crt = config.sops.secrets."intermediate_ca.crt".path;
key = config.sops.secrets.intermediate_ca_key.path; key = config.sops.secrets.intermediate_ca_key.path;
dnsNames = ["ca.bolddaemon.com"]; dnsNames = [ "ca.bolddaemon.com" ];
logger = {format = "text";}; logger = { format = "text"; };
db = { db = {
type = "badgerv2"; type = "badgerv2";
dataSource = "/var/lib/step-ca/db"; dataSource = "/var/lib/step-ca/db";
@ -98,7 +98,7 @@ in
{ {
type = "SSHPOP"; type = "SSHPOP";
name = "sshpop"; name = "sshpop";
claims = {enableSSHCA = true;}; claims = { enableSSHCA = true; };
} }
]; ];
}; };
@ -115,4 +115,4 @@ in
}; };
}; };
}; };
} }

34
configs/ci.nix
View File

@ -1,11 +1,11 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , inputs
inputs, , xinlib
xinlib, , ...
... }:
}: let let
#inherit (xinlib) prIsOpen; #inherit (xinlib) prIsOpen;
jobs = [ jobs = [
{ {
@ -13,18 +13,18 @@
user = "qbit"; user = "qbit";
script = "cd ~/src/xin && ./bin/ci update"; script = "cd ~/src/xin && ./bin/ci update";
startAt = "23:00"; startAt = "23:00";
path = []; path = [ ];
} }
{ {
name = "xin-ci"; name = "xin-ci";
user = "qbit"; user = "qbit";
script = "cd ~/src/xin && ./bin/ci"; script = "cd ~/src/xin && ./bin/ci";
startAt = "*:30:00"; startAt = "*:30:00";
path = []; path = [ ];
} }
]; ];
in in
with lib; { with lib; {
options = { options = {
xinCI = { xinCI = {
enable = mkEnableOption "Configure host as a xin CI host."; enable = mkEnableOption "Configure host as a xin CI host.";
@ -39,11 +39,11 @@ in
}; };
}; };
imports = [../modules/ts-rev-prox.nix]; imports = [ ../modules/ts-rev-prox.nix ];
config = mkIf config.xinCI.enable { config = mkIf config.xinCI.enable {
sops.defaultSopsFile = config.xin-secrets.ci; sops.defaultSopsFile = config.xin-secrets.ci;
sops.secrets = { sops.secrets = {
po_env = {owner = config.xinCI.user;}; po_env = { owner = config.xinCI.user; };
ci_ed25519_key = { ci_ed25519_key = {
mode = "400"; mode = "400";
owner = config.xinCI.user; owner = config.xinCI.user;
@ -82,7 +82,7 @@ in
nix = { nix = {
#settings.allowed-users = [ "root" config.xinCI.user "nix-serve" ]; #settings.allowed-users = [ "root" config.xinCI.user "nix-serve" ];
settings.allowed-users = ["root" config.xinCI.user "harmonia"]; settings.allowed-users = [ "root" config.xinCI.user "harmonia" ];
}; };
systemd.services = lib.listToAttrs (builtins.map xinlib.jobToService jobs); systemd.services = lib.listToAttrs (builtins.map xinlib.jobToService jobs);
@ -96,7 +96,7 @@ in
harmonia = { harmonia = {
enable = true; enable = true;
signKeyPath = config.sops.secrets.bin_cache_priv_key.path; signKeyPath = config.sops.secrets.bin_cache_priv_key.path;
settings = {bind = "127.0.0.1:5000";}; settings = { bind = "127.0.0.1:5000"; };
}; };
#nix-serve = { #nix-serve = {
# package = pkgs.nix-serve-ng; # package = pkgs.nix-serve-ng;
@ -106,6 +106,6 @@ in
#}; #};
}; };
boot.binfmt.emulatedSystems = ["aarch64-linux" "armv6l-linux"]; boot.binfmt.emulatedSystems = [ "aarch64-linux" "armv6l-linux" ];
}; };
} }

9
configs/colemak.nix
View File

@ -1,7 +1,6 @@
{ { config
config, , lib
lib, , ...
...
}: }:
with lib; { with lib; {
options = { options = {
@ -16,7 +15,7 @@ with lib; {
}; };
config = mkIf config.colemak.enable { config = mkIf config.colemak.enable {
console = {keyMap = "colemak";}; console = { keyMap = "colemak"; };
services.xserver = { services.xserver = {
layout = "us"; layout = "us";
xkbVariant = "colemak"; xkbVariant = "colemak";

2
configs/default.nix
View File

@ -1,4 +1,4 @@
{...}: { { ... }: {
imports = [ imports = [
./ca.nix ./ca.nix
./ci.nix ./ci.nix

9
configs/dns.nix
View File

@ -1,7 +1,6 @@
{ { config
config, , lib
lib, , ...
...
}: }:
with lib; { with lib; {
options = { options = {
@ -22,7 +21,7 @@ with lib; {
enable = true; enable = true;
dnssec = "allow-downgrade"; dnssec = "allow-downgrade";
# TODO: Enable a toggle for ipv6 # TODO: Enable a toggle for ipv6
fallbackDns = ["9.9.9.9" "2620:fe::fe" "149.112.112.112" "2620:fe::9"]; fallbackDns = [ "9.9.9.9" "2620:fe::fe" "149.112.112.112" "2620:fe::9" ];
extraConfig = '' extraConfig = ''
[Resolve] [Resolve]
DNS=45.90.28.0#8436c6.dns1.nextdns.io DNS=45.90.28.0#8436c6.dns1.nextdns.io

13
configs/doas.nix
View File

@ -1,23 +1,22 @@
{ { config
config, , lib
lib, , ...
...
}: }:
with lib; { with lib; {
options = { options = {
doas = {enable = mkEnableOption "Enable doas for priv-escie";}; doas = { enable = mkEnableOption "Enable doas for priv-escie"; };
}; };
config = mkIf config.doas.enable { config = mkIf config.doas.enable {
nixpkgs.config.packageOverrides = pkgs: { nixpkgs.config.packageOverrides = pkgs: {
doas = pkgs.doas.override {withPAM = false;}; doas = pkgs.doas.override { withPAM = false; };
}; };
security = { security = {
doas = { doas = {
enable = true; enable = true;
extraRules = [ extraRules = [
{ {
groups = ["wheel"]; groups = [ "wheel" ];
persist = true; persist = true;
} }
]; ];

32
configs/emacs.nix
View File

@ -1,19 +1,19 @@
{ { runCommand
runCommand, , emacsWithPackagesFromUsePackage
emacsWithPackagesFromUsePackage, , pkgs
pkgs, , lib
lib, , makeWrapper
makeWrapper, , mu
mu, , writeTextDir
writeTextDir, , emacs
emacs, , emacsPkg ? pkgs.emacsPgtkNativeComp
emacsPkg ? pkgs.emacsPgtkNativeComp, , ...
... }:
}: let let
muDir = "${mu}/share/emacs/site-lisp/mu4e"; muDir = "${mu}/share/emacs/site-lisp/mu4e";
# Generate a .el file from our emacs.org. # Generate a .el file from our emacs.org.
emacsConfig = runCommand "emacsConfig" {} '' emacsConfig = runCommand "emacsConfig" { } ''
mkdir -p $out mkdir -p $out
cp -v ${./emacs.org} $out/emacs.org cp -v ${./emacs.org} $out/emacs.org
cd $out cd $out
@ -50,14 +50,14 @@
texlive.combined.scheme-full texlive.combined.scheme-full
]; ];
in in
emacsWithPackagesFromUsePackage { emacsWithPackagesFromUsePackage {
config = ./emacs.org; config = ./emacs.org;
alwaysEnsure = true; alwaysEnsure = true;
alwaysTangle = true; alwaysTangle = true;
package = emacsPkg.overrideAttrs (oa: { package = emacsPkg.overrideAttrs (oa: {
nativeBuildInputs = oa.nativeBuildInputs ++ [makeWrapper emacsConfig]; nativeBuildInputs = oa.nativeBuildInputs ++ [ makeWrapper emacsConfig ];
postInstall = '' postInstall = ''
${oa.postInstall} ${oa.postInstall}
wrapProgram $out/bin/emacs \ wrapProgram $out/bin/emacs \
@ -65,4 +65,4 @@ in
--add-flags '--init-directory ${emacsInitDir}' --add-flags '--init-directory ${emacsInitDir}'
''; '';
}); });
} }

2
configs/firefox.nix
View File

@ -1,4 +1,4 @@
{...}: { { ... }: {
programs = { programs = {
firefox = { firefox = {
enable = true; enable = true;

36
configs/git.nix
View File

@ -1,19 +1,21 @@
{config, ...}: let { config, ... }:
let
rewriteGitHub = rewriteGitHub =
if config.networking.hostName != "stan" if config.networking.hostName != "stan"
then { then {
url = {"ssh://git@github.com/" = {insteadOf = "https://github.com/";};}; url = { "ssh://git@github.com/" = { insteadOf = "https://github.com/"; }; };
} }
else { else {
url = {}; url = { };
}; };
in { in
{
programs.git = { programs.git = {
enable = true; enable = true;
lfs.enable = true; lfs.enable = true;
config = [ config = [
{init = {defaultBranch = "main";};} { init = { defaultBranch = "main"; }; }
{advice.detachedHead = false;} { advice.detachedHead = false; }
{ {
user = { user = {
name = "Aaron Bieber"; name = "Aaron Bieber";
@ -22,7 +24,7 @@ in {
}; };
} }
{branch = {sort = "-committerdate";};} { branch = { sort = "-committerdate"; }; }
{ {
alias = { alias = {
log = "log --color=never"; log = "log --color=never";
@ -32,10 +34,10 @@ in {
"!f() { git fetch $1 refs/pull/$2/head:refs/remotes/pr/$2; }; f"''; "!f() { git fetch $1 refs/pull/$2/head:refs/remotes/pr/$2; }; f"'';
}; };
} }
{push = {default = "current";};} { push = { default = "current"; }; }
{gpg = {format = "ssh";};} { gpg = { format = "ssh"; }; }
{commit = {gpgsign = true;};} { commit = { gpgsign = true; }; }
{ {
color = { color = {
@ -47,13 +49,13 @@ in {
}; };
} }
{safe = {directory = "/home/qbit/src/nix-conf";};} { safe = { directory = "/home/qbit/src/nix-conf"; }; }
{transfer = {fsckobjects = true;};} { transfer = { fsckobjects = true; }; }
{fetch = {fsckobjects = true;};} { fetch = { fsckobjects = true; }; }
{github = {user = "qbit";};} { github = { user = "qbit"; }; }
{inherit (rewriteGitHub) url;} { inherit (rewriteGitHub) url; }
{ {
sendmail = { sendmail = {
@ -67,8 +69,8 @@ in {
}; };
} }
{pull = {rebase = false;};} { pull = { rebase = false; }; }
{include = {path = "~/work/git/gitconfig";};} { include = { path = "~/work/git/gitconfig"; }; }
]; ];
}; };
} }

2
configs/hardened.nix
View File

@ -1,4 +1,4 @@
{lib, ...}: { lib, ... }:
with lib; { with lib; {
environment = { environment = {
memoryAllocator.provider = mkDefault "scudo"; memoryAllocator.provider = mkDefault "scudo";

18
configs/helix.nix
View File

@ -1,9 +1,9 @@
{ { pkgs
pkgs, , linkFarm
linkFarm, , ...
... }:
}: let let
tomlFmt = pkgs.formats.toml {}; tomlFmt = pkgs.formats.toml { };
helixBin = "${pkgs.helix}/bin/hx"; helixBin = "${pkgs.helix}/bin/hx";
helixConfig = tomlFmt.generate "config.toml" { helixConfig = tomlFmt.generate "config.toml" {
@ -15,7 +15,7 @@
normal = "block"; normal = "block";
select = "underline"; select = "underline";
}; };
lsp = {auto-signature-help = false;}; lsp = { auto-signature-help = false; };
}; };
}; };
@ -38,9 +38,9 @@
} }
]; ];
in in
pkgs.writeScriptBin "hx" '' pkgs.writeScriptBin "hx" ''
# Conf: ${helixConfig} # Conf: ${helixConfig}
# Theme: ${helixTheme} # Theme: ${helixTheme}
env XDG_CONFIG_HOME="${xdgDir}" ${helixBin} "$@" env XDG_CONFIG_HOME="${xdgDir}" ${helixBin} "$@"
'' ''

42
configs/manager.nix
View File

@ -1,17 +1,17 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , inputs
inputs, , ...
... }:
}: let let
microcaBin = "${pkgs.microca}/bin/microca"; microcaBin = "${pkgs.microca}/bin/microca";
microca = pkgs.writeScriptBin "microca" '' microca = pkgs.writeScriptBin "microca" ''
#!/usr/bin/env sh #!/usr/bin/env sh
${microcaBin} -ca-key /run/secrets/ca_key -ca-cert /run/secrets/ca_cert $@ ${microcaBin} -ca-key /run/secrets/ca_key -ca-cert /run/secrets/ca_cert $@
''; '';
in in
with lib; { with lib; {
options = { options = {
nixManager = { nixManager = {
enable = mkEnableOption "Configure host as nix-conf manager."; enable = mkEnableOption "Configure host as nix-conf manager.";
@ -25,18 +25,18 @@ in
}; };
}; };
imports = [./tailnet.nix]; imports = [ ./tailnet.nix ];
config = mkIf config.nixManager.enable { config = mkIf config.nixManager.enable {
sops.defaultSopsFile = config.xin-secrets.manager; sops.defaultSopsFile = config.xin-secrets.manager;
sops.secrets = { sops.secrets = {
xin_status_key = {owner = config.nixManager.user;}; xin_status_key = { owner = config.nixManager.user; };
xin_status_pubkey = {owner = config.nixManager.user;}; xin_status_pubkey = { owner = config.nixManager.user; };
manager_key = {owner = config.nixManager.user;}; manager_key = { owner = config.nixManager.user; };
manager_pubkey = {owner = config.nixManager.user;}; manager_pubkey = { owner = config.nixManager.user; };
ca_key = {owner = config.nixManager.user;}; ca_key = { owner = config.nixManager.user; };
ca_cert = {owner = config.nixManager.user;}; ca_cert = { owner = config.nixManager.user; };
po_env = {owner = config.nixManager.user;}; po_env = { owner = config.nixManager.user; };
}; };
environment.systemPackages = [ environment.systemPackages = [
@ -47,11 +47,11 @@ in
networking = { networking = {
hosts = { hosts = {
"66.135.2.235" = ["ns1"]; "66.135.2.235" = [ "ns1" ];
"23.234.251.216" = ["ns2"]; "23.234.251.216" = [ "ns2" ];
"46.23.94.18" = ["ns3"]; "46.23.94.18" = [ "ns3" ];
"198.23.149.18" = ["ns4"]; "198.23.149.18" = [ "ns4" ];
}; };
}; };
}; };
} }

4
configs/neomutt.nix
View File

@ -1,5 +1,5 @@
{pkgs, ...}: { { pkgs, ... }: {
environment.systemPackages = with pkgs; [neomutt urlview]; environment.systemPackages = with pkgs; [ neomutt urlview ];
environment.etc."neomuttrc" = { environment.etc."neomuttrc" = {
text = '' text = ''
ignore * ignore *

26
configs/neovim.nix
View File

@ -1,4 +1,4 @@
{pkgs, ...}: { pkgs, ... }:
with pkgs; let with pkgs; let
parchment = pkgs.vimUtils.buildVimPluginFrom2Nix rec { parchment = pkgs.vimUtils.buildVimPluginFrom2Nix rec {
pname = "parchment"; pname = "parchment";
@ -30,7 +30,7 @@ with pkgs; let
sha256 = "sha256-pMYvtNEYoVFaWlj35F1rDlfJkNY4y4S62RNpHBNBgto="; sha256 = "sha256-pMYvtNEYoVFaWlj35F1rDlfJkNY4y4S62RNpHBNBgto=";
fetchSubmodules = true; fetchSubmodules = true;
}; };
dependencies = with vimPlugins; [nvim-cmp tabular]; dependencies = with vimPlugins; [ nvim-cmp tabular ];
}; };
neogen = pkgs.vimUtils.buildVimPluginFrom2Nix rec { neogen = pkgs.vimUtils.buildVimPluginFrom2Nix rec {
pname = "neogen"; pname = "neogen";
@ -51,10 +51,10 @@ with pkgs; let
url = "mirror://cpan/authors/id/J/JA/JACQUESG/MsgPack-Raw-0.05.tar.gz"; url = "mirror://cpan/authors/id/J/JA/JACQUESG/MsgPack-Raw-0.05.tar.gz";
sha256 = "8559e2b64cd98d99abc666edf2a4c8724c9534612616af11f4eb0bbd0d422dac"; sha256 = "8559e2b64cd98d99abc666edf2a4c8724c9534612616af11f4eb0bbd0d422dac";
}; };
buildInputs = with perlPackages; [TestPod TestPodCoverage]; buildInputs = with perlPackages; [ TestPod TestPodCoverage ];
meta = { meta = {
description = "Perl bindings to the msgpack C library"; description = "Perl bindings to the msgpack C library";
license = with lib.licenses; [artistic1 gpl1Plus]; license = with lib.licenses; [ artistic1 gpl1Plus ];
}; };
}; };
@ -66,7 +66,7 @@ with pkgs; let
sha256 = "55a52c233e2dae86113f9f19b34f617edcfc8416f9bece671267bd1811b12111"; sha256 = "55a52c233e2dae86113f9f19b34f617edcfc8416f9bece671267bd1811b12111";
}; };
outputs = ["out" "dev"]; outputs = [ "out" "dev" ];
meta = { meta = {
description = "Simplified safe evaluation of Perl code"; description = "Simplified safe evaluation of Perl code";
@ -99,11 +99,11 @@ with pkgs; let
# Attempts to download stuff from the internet. # Attempts to download stuff from the internet.
doCheck = false; doCheck = false;
outputs = ["out" "dev"]; outputs = [ "out" "dev" ];
meta = { meta = {
description = "Perl bindings for neovim"; description = "Perl bindings for neovim";
license = with lib.licenses; [artistic1 gpl1Plus]; license = with lib.licenses; [ artistic1 gpl1Plus ];
}; };
}; };
@ -139,13 +139,11 @@ with pkgs; let
parchment parchment
vacme vacme
]; ];
myVimPackages = myVimPackages = baseVimPackages;
if pkgs.system == "aarch64-linux" in
then baseVimPackages {
else baseVimPackages ++ [];
in {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
alejandra nixpkgs-fmt
elmPackages.elm elmPackages.elm
elmPackages.elm-format elmPackages.elm-format
elmPackages.elm-language-server elmPackages.elm-language-server
@ -177,7 +175,7 @@ in {
enable = true; enable = true;
defaultEditor = true; defaultEditor = true;
configure = { configure = {
packages.myVimPackage = {start = myVimPackages;}; packages.myVimPackage = { start = myVimPackages; };
customRC = '' customRC = ''
" Restore cursor position " Restore cursor position
autocmd BufReadPost * autocmd BufReadPost *

19
configs/net-overlay.nix
View File

@ -1,8 +1,7 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , ...
...
}: }:
with lib; { with lib; {
options = { options = {
@ -32,7 +31,7 @@ with lib; {
config = mkMerge [ config = mkMerge [
(mkIf config.tailscale.enable { (mkIf config.tailscale.enable {
services = {tailscale = {enable = mkDefault true;};}; services = { tailscale = { enable = mkDefault true; }; };
networking.firewall.checkReversePath = mkDefault "loose"; networking.firewall.checkReversePath = mkDefault "loose";
}) })
(mkIf (config.tailscale.enable && config.tailscale.sshOnly) { (mkIf (config.tailscale.enable && config.tailscale.sshOnly) {
@ -45,8 +44,8 @@ with lib; {
}; };
systemd.services = { systemd.services = {
"tailscale-ssh-init" = { "tailscale-ssh-init" = {
wantedBy = ["tailscaled.service"]; wantedBy = [ "tailscaled.service" ];
after = ["tailscaled.service"]; after = [ "tailscaled.service" ];
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.tailscale}/bin/tailscale up --auth-key file://${config.sops.secrets.ts_sshonly.path}"; ExecStart = "${pkgs.tailscale}/bin/tailscale up --auth-key file://${config.sops.secrets.ts_sshonly.path}";
}; };
@ -54,11 +53,11 @@ with lib; {
}; };
}) })
(mkIf config.zerotier.enable { (mkIf config.zerotier.enable {
environment.systemPackages = with pkgs; [zerotierone]; environment.systemPackages = with pkgs; [ zerotierone ];
services = { services = {
zerotierone = { zerotierone = {
enable = true; enable = true;
joinNetworks = ["db64858fedd3b256"]; joinNetworks = [ "db64858fedd3b256" ];
}; };
}; };
networking.firewall.checkReversePath = "loose"; networking.firewall.checkReversePath = "loose";

26
configs/peerix.nix
View File

@ -1,8 +1,7 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , ...
...
}: }:
with lib; { with lib; {
options = { options = {
@ -22,25 +21,25 @@ with lib; {
interfaces = mkOption { interfaces = mkOption {
description = "Interfaces to allow peerix to listen on."; description = "Interfaces to allow peerix to listen on.";
type = types.listOf types.str; type = types.listOf types.str;
default = ["tailscale0"]; default = [ "tailscale0" ];
}; };
}; };
}; };
config = mkIf config.tsPeerix.enable { config = mkIf config.tsPeerix.enable {
users.groups.peerix = {name = "peerix";}; users.groups.peerix = { name = "peerix"; };
users.users.peerix = { users.users.peerix = {
name = "peerix"; name = "peerix";
group = "peerix"; group = "peerix";
isSystemUser = true; isSystemUser = true;
}; };
nix.settings.allowed-users = ["peerix"]; nix.settings.allowed-users = [ "peerix" ];
services = { services = {
zerotierone = { zerotierone = {
enable = true; enable = true;
joinNetworks = ["db64858fedd3b256"]; joinNetworks = [ "db64858fedd3b256" ];
}; };
peerix = { peerix = {
@ -53,13 +52,14 @@ with lib; {
}; };
}; };
environment.systemPackages = [pkgs.zerotierone]; environment.systemPackages = [ pkgs.zerotierone ];
networking.firewall.interfaces = listToAttrs (flatten (map (i: { networking.firewall.interfaces = listToAttrs (flatten (map
(i: {
name = i; name = i;
value = { value = {
allowedUDPPorts = [12304]; allowedUDPPorts = [ 12304 ];
allowedTCPPorts = [12304]; allowedTCPPorts = [ 12304 ];
}; };
}) })
config.tsPeerix.interfaces)); config.tsPeerix.interfaces));

47
configs/tailnet.nix
View File

@ -1,12 +1,13 @@
{ { config
config, , pkgs
pkgs, , lib
lib, , inputs
inputs, , xinlib
xinlib, , ...
... }:
}: let let
tailnetACLs = let tailnetACLs =
let
acls = { acls = {
hosts = { hosts = {
europa = "100.92.31.80"; europa = "100.92.31.80";
@ -19,18 +20,18 @@
}; };
tagOwners = { tagOwners = {
"tag:untrusted" = ["qbit@github"]; "tag:untrusted" = [ "qbit@github" ];
"tag:minservice" = ["qbit@github"]; "tag:minservice" = [ "qbit@github" ];
"tag:sshonly" = ["qbit@github"]; "tag:sshonly" = [ "qbit@github" ];
"tag:apper" = ["qbit@github"]; "tag:apper" = [ "qbit@github" ];
"tag:golink" = ["qbit@github"]; "tag:golink" = [ "qbit@github" ];
"tag:lab" = ["qbit@github"]; "tag:lab" = [ "qbit@github" ];
}; };
acls = [ acls = [
{ {
action = "accept"; action = "accept";
src = ["tag:untrusted"]; src = [ "tag:untrusted" ];
dst = [ dst = [
"europa:22" "europa:22"
"europa:12304" "europa:12304"
@ -43,13 +44,13 @@
} }
{ {
action = "accept"; action = "accept";
src = ["tag:minservice" "tag:sshonly"]; src = [ "tag:minservice" "tag:sshonly" ];
dst = ["*:22" "box:3030" "nbc:443" "console:2222"]; dst = [ "*:22" "box:3030" "nbc:443" "console:2222" ];
} }
{ {
action = "accept"; action = "accept";
src = ["qbit@github"]; src = [ "qbit@github" ];
dst = ["*:*"]; dst = [ "*:*" ];
} }
]; ];
}; };
@ -83,13 +84,13 @@
name = "update-talenet-acls"; name = "update-talenet-acls";
script = "${aclUpdateScript}/bin/tailnet-acl-updater"; script = "${aclUpdateScript}/bin/tailnet-acl-updater";
startAt = "*:30:00"; startAt = "*:30:00";
path = []; path = [ ];
inherit (config.nixManager) user; inherit (config.nixManager) user;
} }
]; ];
enabled = config.nixManager.enable; enabled = config.nixManager.enable;
in in
with lib; { with lib; {
sops.secrets = mkIf enabled { sops.secrets = mkIf enabled {
tailnet_acl_manager = { tailnet_acl_manager = {
owner = config.nixManager.user; owner = config.nixManager.user;
@ -101,4 +102,4 @@ in
}; };
}; };
systemd.services = mkIf enabled (listToAttrs (builtins.map xinlib.jobToService jobs)); systemd.services = mkIf enabled (listToAttrs (builtins.map xinlib.jobToService jobs));
} }

2
configs/tmux.nix
View File

@ -1,4 +1,4 @@
{...}: { { ... }: {
programs.tmux = { programs.tmux = {
enable = true; enable = true;
extraConfig = '' extraConfig = ''

2
configs/zsh.nix
View File

@ -1,4 +1,4 @@
{...}: { { ... }: {
config = { config = {
programs.zsh.interactiveShellInit = '' programs.zsh.interactiveShellInit = ''
export NO_COLOR=1 export NO_COLOR=1

25
dbuild/build-consumer.nix
View File

@ -1,17 +1,16 @@
{ { config
config, , lib
lib, , ...
...
}: }:
with lib; { with lib; {
options = { options = {
buildConsumer = {enable = mkEnableOption "Use remote build machines";}; buildConsumer = { enable = mkEnableOption "Use remote build machines"; };
}; };
config = mkIf config.buildConsumer.enable { config = mkIf config.buildConsumer.enable {
programs.ssh.knownHosts = { programs.ssh.knownHosts = {
pcake = { pcake = {
hostNames = ["pcake" "pcake.tapenet.org" "10.6.0.202"]; hostNames = [ "pcake" "pcake.tapenet.org" "10.6.0.202" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHgqVw3QWNG6Ty5o2HwW+25Eh59W3lZ30+wMqTEkUZVH"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHgqVw3QWNG6Ty5o2HwW+25Eh59W3lZ30+wMqTEkUZVH";
}; };
}; };
@ -21,20 +20,22 @@ with lib; {
IdentitiesOnly yes IdentitiesOnly yes
IdentityFile /root/.ssh/nix_remote IdentityFile /root/.ssh/nix_remote
''; '';
nix.buildMachines = [ nix = {
buildMachines = [
{ {
hostName = "pcake"; hostName = "pcake";
systems = ["x86_64-linux" "aarch64-linux"]; systems = [ "x86_64-linux" "aarch64-linux" ];
maxJobs = 2; maxJobs = 2;
speedFactor = 4; speedFactor = 4;
supportedFeatures = ["kvm" "big-parallel" "nixos-test" "benchmark"]; supportedFeatures = [ "kvm" "big-parallel" "nixos-test" "benchmark" ];
mandatoryFeatures = []; mandatoryFeatures = [ ];
} }
]; ];
nix.distributedBuilds = true; distributedBuilds = true;
nix.extraOptions = '' extraOptions = ''
builders-use-substitutes = true builders-use-substitutes = true
''; '';
}; };
};
} }

9
dbuild/build-server.nix
View File

@ -1,7 +1,6 @@
{ { config
config, , lib
lib, , ...
...
}: }:
with lib; { with lib; {
options = { options = {
@ -11,7 +10,7 @@ with lib; {
}; };
config = mkIf config.buildServer.enable { config = mkIf config.buildServer.enable {
boot.binfmt.emulatedSystems = ["aarch64-linux"]; boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICEtoU6ObMP7wmglT7rXMg0HEnh7cGBo6COL7BpmRC/o" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICEtoU6ObMP7wmglT7rXMg0HEnh7cGBo6COL7BpmRC/o"

2
dbuild/default.nix
View File

@ -1 +1 @@
{...}: {imports = [./build-consumer.nix ./build-server.nix];} { ... }: { imports = [ ./build-consumer.nix ./build-server.nix ]; }

54
default.nix
View File

@ -1,12 +1,12 @@
{ { config
config, , lib
lib, , options
options, , pkgs
pkgs, , xinlib
xinlib, , isUnstable
isUnstable, , ...
... }:
}: let let
inherit (xinlib) todo; inherit (xinlib) todo;
caPubKeys = builtins.concatStringsSep "\n" [ caPubKeys = builtins.concatStringsSep "\n" [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5xMSYMwu6rjjLe2UYs1YGCIBVs35E9db2qAjNltCVPG5UoctxCDXxIz0PMOJrBbfqZzP/6qPU1WAhdGNTZ5eXq/ftnhI+2xFfMg1uzpXZ9vjy8lUCfXIObtoEdZ9h/7OUCN/BnL0ySqsamkcUo8SAj6wXoNCdwk6oncfyTmhPnoW5tCWCS9p7Q/LuWpYGsvW5nFDSxteP7re6SUe10eftIkFAPNhKA2lsrvzMgjxhnXqwIr1qJeY0otcuYA4V5V09FmElbnOWVuy4Pt8SqV4N9ykkAUXZN1Pi7Q4JnCUifRJVWpKHLoJe0mqwMDJbGtt2Akn3EwiGhyaVjq2FFgBKAb7w8UAE8gob8n4+DOx4TQAXlmWviYij2Xh6CvepbamxlJMvVdWgqk53+u4e+/oOQQ9QTmQvAuecg9dSO3m7+hNHEf+0TXjuTNlk9KHRg4s7ZAI+2Stfo1tBrvEeE2fAF//Mw7zaLPKmEbMiXdbDs816gvYtG6Y36fTGyzhowDQAMNm+zbg8YPz7xFukLdSCPt7RcpPnP1iJs/hGBnog5UaG/Cm4ftkm9zKvOaQKIoA/GQ3yQSyltczA+2h5fur6VQQGrQeVhAcXm9a6GaLPWxgvJX/og76CHps0rYzFM3QBlsiJ+Z0sstk5TtBex9nTjwRZ1U9+4DQes2TB4/uxnQ== SUAH CA" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5xMSYMwu6rjjLe2UYs1YGCIBVs35E9db2qAjNltCVPG5UoctxCDXxIz0PMOJrBbfqZzP/6qPU1WAhdGNTZ5eXq/ftnhI+2xFfMg1uzpXZ9vjy8lUCfXIObtoEdZ9h/7OUCN/BnL0ySqsamkcUo8SAj6wXoNCdwk6oncfyTmhPnoW5tCWCS9p7Q/LuWpYGsvW5nFDSxteP7re6SUe10eftIkFAPNhKA2lsrvzMgjxhnXqwIr1qJeY0otcuYA4V5V09FmElbnOWVuy4Pt8SqV4N9ykkAUXZN1Pi7Q4JnCUifRJVWpKHLoJe0mqwMDJbGtt2Akn3EwiGhyaVjq2FFgBKAb7w8UAE8gob8n4+DOx4TQAXlmWviYij2Xh6CvepbamxlJMvVdWgqk53+u4e+/oOQQ9QTmQvAuecg9dSO3m7+hNHEf+0TXjuTNlk9KHRg4s7ZAI+2Stfo1tBrvEeE2fAF//Mw7zaLPKmEbMiXdbDs816gvYtG6Y36fTGyzhowDQAMNm+zbg8YPz7xFukLdSCPt7RcpPnP1iJs/hGBnog5UaG/Cm4ftkm9zKvOaQKIoA/GQ3yQSyltczA+2h5fur6VQQGrQeVhAcXm9a6GaLPWxgvJX/og76CHps0rYzFM3QBlsiJ+Z0sstk5TtBex9nTjwRZ1U9+4DQes2TB4/uxnQ== SUAH CA"
@ -16,9 +16,10 @@
statusKey = '' statusKey = ''
command="/run/current-system/sw/bin/xin-status",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE9PIhQ+yWfBM2tEG+W8W8HXJXqISXif8BcPZHakKvLM xin-status command="/run/current-system/sw/bin/xin-status",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE9PIhQ+yWfBM2tEG+W8W8HXJXqISXif8BcPZHakKvLM xin-status
''; '';
gosignify = pkgs.callPackage ./pkgs/gosignify.nix {inherit isUnstable;}; gosignify = pkgs.callPackage ./pkgs/gosignify.nix { inherit isUnstable; };
myOpenSSH = pkgs.callPackage ./pkgs/openssh {}; myOpenSSH = pkgs.callPackage ./pkgs/openssh { };
in { in
{
imports = [ imports = [
./configs ./configs
./dbuild ./dbuild
@ -44,7 +45,7 @@ in {
options.myconf = { options.myconf = {
managementPubKeys = lib.mkOption rec { managementPubKeys = lib.mkOption rec {
type = lib.types.listOf lib.types.str; type = lib.types.listOf lib.types.str;
default = [managementKey statusKey breakGlassKey]; default = [ managementKey statusKey breakGlassKey ];
example = default; example = default;
description = "List of management public keys to use"; description = "List of management public keys to use";
}; };
@ -63,7 +64,7 @@ in {
}; };
config = { config = {
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.secrets = { sops.secrets = {
xin_secrets_deploy_key = { xin_secrets_deploy_key = {
@ -74,7 +75,7 @@ in {
}; };
}; };
security.pki.caCertificateBlacklist = ["TrustCor ECA-1" "TrustCor RootCert CA-1" "TrustCor RootCert CA-2"]; security.pki.caCertificateBlacklist = [ "TrustCor ECA-1" "TrustCor RootCert CA-1" "TrustCor RootCert CA-2" ];
security.pki.certificates = [ security.pki.certificates = [
'' ''
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
@ -130,7 +131,7 @@ in {
''; '';
boot = { boot = {
loader = {systemd-boot.configurationLimit = 15;}; loader = { systemd-boot.configurationLimit = 15; };
kernelPackages = lib.mkDefault pkgs.linuxPackages_hardened; kernelPackages = lib.mkDefault pkgs.linuxPackages_hardened;
kernel.sysctl = { kernel.sysctl = {
"net.ipv4.tcp_keepalive_time" = 60; "net.ipv4.tcp_keepalive_time" = 60;
@ -142,16 +143,18 @@ in {
nix = { nix = {
settings = settings =
if config.xinCI.enable if config.xinCI.enable
then {} then { }
else { else {
substituters = ["https://nix-binary-cache.humpback-trout.ts.net/"]; substituters = [ "https://nix-binary-cache.humpback-trout.ts.net/" ];
trusted-public-keys = [ trusted-public-keys = [
"nix-binary-cache.humpback-trout.ts.net:e9fJhcRtNVp6miW2pffFyK/gZ2et4y6IDigBNrEsAa0=" "nix-binary-cache.humpback-trout.ts.net:e9fJhcRtNVp6miW2pffFyK/gZ2et4y6IDigBNrEsAa0="
]; ];
}; };
}; };
environment.systemPackages = with pkgs; environment = {
etc."ssh/ca.pub" = { text = caPubKeys; };
systemPackages = with pkgs;
[ [
age age
apg apg
@ -177,13 +180,14 @@ in {
] ]
++ ( ++ (
if isUnstable if isUnstable
then [nil] then [ nil ]
else [] else [ ]
); );
environment.interactiveShellInit = '' interactiveShellInit = ''
alias vi=nvim alias vi=nvim
''; '';
};
time.timeZone = "US/Mountain"; time.timeZone = "US/Mountain";
@ -201,7 +205,7 @@ in {
"[namish.humpback-trout.ts.net]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9jlU5XATs8N90mXuCqrflwOJ+s3s7LefDmFZBx8cCk"; "[namish.humpback-trout.ts.net]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9jlU5XATs8N90mXuCqrflwOJ+s3s7LefDmFZBx8cCk";
"[git.tapenet.org]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkbSJWeWJyJjak/boaMTqzPVq91wfJz1P+I4rnBUsPW"; "[git.tapenet.org]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkbSJWeWJyJjak/boaMTqzPVq91wfJz1P+I4rnBUsPW";
}; };
knownHostsFiles = [./configs/ssh_known_hosts]; knownHostsFiles = [ ./configs/ssh_known_hosts ];
startAgent = true; startAgent = true;
agentTimeout = "100m"; agentTimeout = "100m";
extraConfig = '' extraConfig = ''
@ -216,8 +220,6 @@ in {
}; };
}; };
environment.etc."ssh/ca.pub" = {text = caPubKeys;};
services.logrotate.checkConfig = services.logrotate.checkConfig =
todo "logrotate disabled: https://github.com/NixOS/nix/issues/8502" false; todo "logrotate disabled: https://github.com/NixOS/nix/issues/8502" false;
@ -230,7 +232,7 @@ in {
settings = { settings = {
PermitRootLogin = "prohibit-password"; PermitRootLogin = "prohibit-password";
PasswordAuthentication = false; PasswordAuthentication = false;
KexAlgorithms = ["curve25519-sha256" "curve25519-sha256@libssh.org"]; KexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
Macs = [ Macs = [
"hmac-sha2-512-etm@openssh.com" "hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com" "hmac-sha2-256-etm@openssh.com"

146
flake.nix
View File

@ -19,7 +19,7 @@
inputs.sops-nix.follows = "sops-nix"; inputs.sops-nix.follows = "sops-nix";
}; };
nixos-hardware = {url = "github:NixOS/nixos-hardware/master";}; nixos-hardware = { url = "github:NixOS/nixos-hardware/master"; };
#emacs-overlay = { #emacs-overlay = {
# url = "github:nix-community/emacs-overlay/d54a1521619daa37c9aa8c9e3362abb34e676007"; # url = "github:nix-community/emacs-overlay/d54a1521619daa37c9aa8c9e3362abb34e676007";
@ -80,26 +80,27 @@
}; };
}; };
outputs = { outputs =
self, { self
darwin, , darwin
gostart, , gostart
nixos-hardware, , nixos-hardware
peerix, , peerix
po, , po
pots, , pots
pr-status, , pr-status
stable, , stable
tsRevProx, , tsRevProx
tsvnstat, , tsvnstat
unstable, , unstable
unstableSmall, , unstableSmall
xin-secrets, , xin-secrets
xintray, , xintray
... , ...
} @ inputs: let } @ inputs:
xinlib = import ./lib {inherit (unstable) lib;}; let
supportedSystems = ["x86_64-linux"]; xinlib = import ./lib { inherit (unstable) lib; };
supportedSystems = [ "x86_64-linux" ];
#[ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ]; #[ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
forAllSystems = unstable.lib.genAttrs supportedSystems; forAllSystems = unstable.lib.genAttrs supportedSystems;
unstablePkgsFor = forAllSystems (system: unstablePkgsFor = forAllSystems (system:
@ -148,23 +149,26 @@
++ [ ++ [
{ {
nix = { nix = {
registry.nixpkgs.flake = sysBase; registry = {
registry.stable.flake = stable; nixpkgs.flake = sysBase;
registry.unstable.flake = unstable; stable.flake = stable;
nixPath = ["nixpkgs=${sysBase}"]; unstable.flake = unstable;
};
nixPath = [ "nixpkgs=${sysBase}" ];
}; };
} }
] ]
++ [(xinlib.buildVer self) (./. + "/hosts/${name}")] ++ [ (xinlib.buildVer self) (./. + "/hosts/${name}") ]
++ [{nixpkgs.overlays = overlays;}]; ++ [{ nixpkgs.overlays = overlays; }];
}; };
lpkgs = unstable.legacyPackages.x86_64-linux; lpkgs = unstable.legacyPackages.x86_64-linux;
darwinPkgs = unstableSmall.legacyPackages.aarch64-darwin; darwinPkgs = unstableSmall.legacyPackages.aarch64-darwin;
in { in
{
darwinConfigurations = { darwinConfigurations = {
plq = darwin.lib.darwinSystem { plq = darwin.lib.darwinSystem {
system = "aarch64-darwin"; system = "aarch64-darwin";
specialArgs = {inherit xinlib;}; specialArgs = { inherit xinlib; };
modules = [ modules = [
xin-secrets.nixosModules.sops xin-secrets.nixosModules.sops
./overlays ./overlays
@ -178,7 +182,8 @@
# everything before deploying # everything before deploying
legacyPackages.x86_64-linux = import unstable { legacyPackages.x86_64-linux = import unstable {
system = "x86_64-linux"; system = "x86_64-linux";
overlays = let overlays =
let
overlayFn = import ./overlays; overlayFn = import ./overlays;
stableList = overlayFn { stableList = overlayFn {
isUnstable = true; isUnstable = true;
@ -189,11 +194,11 @@
inherit xinlib; inherit xinlib;
}; };
in in
[] ++ stableList.nixpkgs.overlays ++ unstableList.nixpkgs.overlays; stableList.nixpkgs.overlays ++ unstableList.nixpkgs.overlays;
}; };
formatter.x86_64-linux = stable.legacyPackages.x86_64-linux.alejandra; formatter.x86_64-linux = stable.legacyPackages.x86_64-linux.nixpkgs-fmt;
formatter.aarch64-darwin = stable.legacyPackages.aarch64-darwin.alejandra; formatter.aarch64-darwin = stable.legacyPackages.aarch64-darwin.nixpkgs-fmt;
devShells.x86_64-linux.default = xinlib.buildShell lpkgs; devShells.x86_64-linux.default = xinlib.buildShell lpkgs;
devShells.aarch64-darwin.default = xinlib.buildShell darwinPkgs; devShells.aarch64-darwin.default = xinlib.buildShell darwinPkgs;
@ -202,12 +207,12 @@
europa = buildSys "x86_64-linux" unstable [ europa = buildSys "x86_64-linux" unstable [
nixos-hardware.nixosModules.framework nixos-hardware.nixosModules.framework
] "europa"; ] "europa";
pwntie = buildSys "x86_64-linux" stable [] "pwntie"; pwntie = buildSys "x86_64-linux" stable [ ] "pwntie";
stan = buildSys "x86_64-linux" unstable [] "stan"; stan = buildSys "x86_64-linux" unstable [ ] "stan";
weather = buildSys "aarch64-linux" stable [] "weather"; weather = buildSys "aarch64-linux" stable [ ] "weather";
faf = buildSys "x86_64-linux" stable [./configs/hardened.nix] "faf"; faf = buildSys "x86_64-linux" stable [ ./configs/hardened.nix ] "faf";
box = buildSys "x86_64-linux" stable [./configs/hardened.nix] "box"; box = buildSys "x86_64-linux" stable [ ./configs/hardened.nix ] "box";
#luna = buildSys "x86_64-linux" stable #luna = buildSys "x86_64-linux" stable
# [ "${nixos-hardware}/common/cpu/intel" ] "luna"; # [ "${nixos-hardware}/common/cpu/intel" ] "luna";
h = buildSys "x86_64-linux" stable [ h = buildSys "x86_64-linux" stable [
@ -259,34 +264,36 @@
}; };
}; };
packages = forAllSystems (system: let packages = forAllSystems (system:
let
upkgs = unstablePkgsFor.${system}; upkgs = unstablePkgsFor.${system};
spkgs = stablePkgsFor.${system}; spkgs = stablePkgsFor.${system};
in { in
{
ada_language_server = ada_language_server =
spkgs.callPackage ./pkgs/ada_language_server.nix {inherit spkgs;}; spkgs.callPackage ./pkgs/ada_language_server.nix { inherit spkgs; };
alire = spkgs.callPackage ./pkgs/alire.nix {inherit spkgs;}; alire = spkgs.callPackage ./pkgs/alire.nix { inherit spkgs; };
bearclaw = spkgs.callPackage ./pkgs/bearclaw.nix {inherit spkgs;}; bearclaw = spkgs.callPackage ./pkgs/bearclaw.nix { inherit spkgs; };
rtlamr = spkgs.callPackage ./pkgs/rtlamr.nix {inherit spkgs;}; rtlamr = spkgs.callPackage ./pkgs/rtlamr.nix { inherit spkgs; };
clilol = spkgs.callPackage ./pkgs/clilol.nix {inherit spkgs;}; clilol = spkgs.callPackage ./pkgs/clilol.nix { inherit spkgs; };
gqrss = spkgs.callPackage ./pkgs/gqrss.nix { gqrss = spkgs.callPackage ./pkgs/gqrss.nix {
inherit spkgs; inherit spkgs;
isUnstable = true; isUnstable = true;
}; };
iamb = upkgs.callPackage ./pkgs/iamb.nix {}; iamb = upkgs.callPackage ./pkgs/iamb.nix { };
icbirc = spkgs.callPackage ./pkgs/icbirc.nix { icbirc = spkgs.callPackage ./pkgs/icbirc.nix {
inherit spkgs; inherit spkgs;
isUnstable = true; isUnstable = true;
}; };
femtolisp = upkgs.callPackage ./pkgs/femtolisp.nix {}; femtolisp = upkgs.callPackage ./pkgs/femtolisp.nix { };
fyne = upkgs.callPackage ./pkgs/fyne.nix {inherit upkgs;}; fyne = upkgs.callPackage ./pkgs/fyne.nix { inherit upkgs; };
flake-warn = flake-warn =
spkgs.callPackage ./pkgs/flake-warn.nix {inherit spkgs;}; spkgs.callPackage ./pkgs/flake-warn.nix { inherit spkgs; };
#kurinto = spkgs.callPackage ./pkgs/kurinto.nix {}; #kurinto = spkgs.callPackage ./pkgs/kurinto.nix {};
mcchunkie = spkgs.callPackage ./pkgs/mcchunkie.nix {inherit spkgs;}; mcchunkie = spkgs.callPackage ./pkgs/mcchunkie.nix { inherit spkgs; };
yaegi = spkgs.callPackage ./pkgs/yaegi.nix {inherit spkgs;}; yaegi = spkgs.callPackage ./pkgs/yaegi.nix { inherit spkgs; };
gen-patches = gen-patches =
spkgs.callPackage ./bins/gen-patches.nix {inherit spkgs;}; spkgs.callPackage ./bins/gen-patches.nix { inherit spkgs; };
yarr = spkgs.callPackage ./pkgs/yarr.nix { yarr = spkgs.callPackage ./pkgs/yarr.nix {
inherit spkgs; inherit spkgs;
isUnstable = true; isUnstable = true;
@ -304,17 +311,17 @@
inherit upkgs; inherit upkgs;
}; };
hpi = hpi =
upkgs.python3Packages.callPackage ./pkgs/hpi.nix {inherit upkgs;}; upkgs.python3Packages.callPackage ./pkgs/hpi.nix { inherit upkgs; };
promnesia = upkgs.python3Packages.callPackage ./pkgs/promnesia.nix { promnesia = upkgs.python3Packages.callPackage ./pkgs/promnesia.nix {
inherit upkgs; inherit upkgs;
}; };
sliding-sync = sliding-sync =
spkgs.callPackage ./pkgs/sliding-sync.nix {inherit spkgs;}; spkgs.callPackage ./pkgs/sliding-sync.nix { inherit spkgs; };
golink = spkgs.callPackage ./pkgs/golink.nix {inherit spkgs;}; golink = spkgs.callPackage ./pkgs/golink.nix { inherit spkgs; };
gokrazy = upkgs.callPackage ./pkgs/gokrazy.nix {inherit upkgs;}; gokrazy = upkgs.callPackage ./pkgs/gokrazy.nix { inherit upkgs; };
gosignify = spkgs.callPackage ./pkgs/gosignify.nix {inherit spkgs;}; gosignify = spkgs.callPackage ./pkgs/gosignify.nix { inherit spkgs; };
gotosocial = gotosocial =
spkgs.callPackage ./pkgs/gotosocial.nix {inherit spkgs;}; spkgs.callPackage ./pkgs/gotosocial.nix { inherit spkgs; };
zutty = upkgs.callPackage ./pkgs/zutty.nix { zutty = upkgs.callPackage ./pkgs/zutty.nix {
inherit upkgs; inherit upkgs;
}; };
@ -330,35 +337,40 @@
inherit (spkgs) matrix-synapse; inherit (spkgs) matrix-synapse;
}); });
templates."ada" = { templates = {
"ada" = {
path = ./templates/ada; path = ./templates/ada;
description = "Ada template."; description = "Ada template.";
}; };
templates."go" = { "go" = {
path = ./templates/go; path = ./templates/go;
description = "Go template."; description = "Go template.";
}; };
templates."perl" = { "perl" = {
path = ./templates/perl; path = ./templates/perl;
description = "Perl template."; description = "Perl template.";
}; };
templates."mojo" = { "mojo" = {
path = ./templates/mojo; path = ./templates/mojo;
description = "Perl MojoLicious template."; description = "Perl MojoLicious template.";
}; };
templates."ocaml" = { "ocaml" = {
path = ./templates/ocaml; path = ./templates/ocaml;
description = "OCaml template."; description = "OCaml template.";
}; };
};
checks = let checks =
buildList = ["europa" "stan" "h" "box" "faf" "weather"]; let
buildList = [ "europa" "stan" "h" "box" "faf" "weather" ];
in in
with unstable.lib; with unstable.lib;
foldl' recursiveUpdate {} (mapAttrsToList (name: system: { foldl' recursiveUpdate { } (mapAttrsToList
(name: system: {
"${system.pkgs.stdenv.hostPlatform.system}"."${name}" = "${system.pkgs.stdenv.hostPlatform.system}"."${name}" =
system.config.system.build.toplevel; system.config.system.build.toplevel;
}) (filterAttrs (n: _: (builtins.elem n buildList)) })
(filterAttrs (n: _: (builtins.elem n buildList))
self.nixosConfigurations)); self.nixosConfigurations));
}; };
} }

13
gui/arcan.nix
View File

@ -1,15 +1,14 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , ...
...
}: }:
with lib; { with lib; {
options = { options = {
arcan = {enable = mkEnableOption "Enable Arcan/Durden desktop.";}; arcan = { enable = mkEnableOption "Enable Arcan/Durden desktop."; };
}; };
config = mkIf config.arcan.enable { config = mkIf config.arcan.enable {
environment.systemPackages = with pkgs; [arcanPackages.all-wrapped]; environment.systemPackages = with pkgs; [ arcanPackages.all-wrapped ];
}; };
} }

44
gui/default.nix
View File

@ -1,24 +1,24 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , xinlib
xinlib, , ...
... }:
}: let let
firefox = import ../configs/firefox.nix {inherit pkgs;}; firefox = import ../configs/firefox.nix { inherit pkgs; };
rage = pkgs.writeScriptBin "rage" (import ../bins/rage.nix {inherit pkgs;}); rage = pkgs.writeScriptBin "rage" (import ../bins/rage.nix { inherit pkgs; });
rpr = rpr =
pkgs.writeScriptBin "rpr" pkgs.writeScriptBin "rpr"
(import ../bins/rpr.nix {inherit (pkgs) hut gh tea;}); (import ../bins/rpr.nix { inherit (pkgs) hut gh tea; });
promnesia = promnesia =
pkgs.python3Packages.callPackage ../pkgs/promnesia.nix {inherit pkgs;}; pkgs.python3Packages.callPackage ../pkgs/promnesia.nix { inherit pkgs; };
hpi = pkgs.python3Packages.callPackage ../pkgs/hpi.nix {inherit pkgs;}; hpi = pkgs.python3Packages.callPackage ../pkgs/hpi.nix { inherit pkgs; };
promnesiaService = { promnesiaService = {
promnesia = { promnesia = {
description = "Service for promnesia.server"; description = "Service for promnesia.server";
wantedBy = ["graphical-session.target"]; wantedBy = [ "graphical-session.target" ];
partOf = ["graphical-session.target"]; partOf = [ "graphical-session.target" ];
after = ["graphical-session.target"]; after = [ "graphical-session.target" ];
script = '' script = ''
${promnesia}/bin/promnesia serve ${promnesia}/bin/promnesia serve
''; '';
@ -29,12 +29,12 @@
name = "promnesia-index"; name = "promnesia-index";
script = "${promnesia}/bin/promnesia index"; script = "${promnesia}/bin/promnesia index";
startAt = "*:0/5"; startAt = "*:0/5";
path = [promnesia hpi]; path = [ promnesia hpi ];
} }
]; ];
in in
with lib; { with lib; {
imports = [./gnome.nix ./kde.nix ./xfce.nix ./arcan.nix]; imports = [ ./gnome.nix ./kde.nix ./xfce.nix ./arcan.nix ];
options = { options = {
pulse = { pulse = {
@ -66,7 +66,7 @@ in
# TODO: TEMP FIX # TODO: TEMP FIX
systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart = systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart =
lib.mkForce ["" "${pkgs.networkmanager}/bin/nm-online -q"]; lib.mkForce [ "" "${pkgs.networkmanager}/bin/nm-online -q" ];
fonts.fonts = with pkgs; [ fonts.fonts = with pkgs; [
go-font go-font
#(callPackage ../pkgs/kurinto.nix {}) #(callPackage ../pkgs/kurinto.nix {})
@ -88,10 +88,10 @@ in
vlc vlc
zeal zeal
(callPackage ../configs/helix.nix {}) (callPackage ../configs/helix.nix { })
]); ]);
programs = {} // firefox.programs; programs = { } // firefox.programs;
systemd.user.services = systemd.user.services =
(lib.listToAttrs (builtins.map xinlib.jobToUserService jobs)) (lib.listToAttrs (builtins.map xinlib.jobToUserService jobs))
@ -107,4 +107,4 @@ in
}; };
}) })
]; ];
} }

9
gui/gnome.nix
View File

@ -1,10 +1,9 @@
{ { config
config, , lib
lib, , ...
...
}: }:
with lib; { with lib; {
options = {gnome = {enable = mkEnableOption "Enable GNOME desktop.";};}; options = { gnome = { enable = mkEnableOption "Enable GNOME desktop."; }; };
config = mkIf config.gnome.enable { config = mkIf config.gnome.enable {
services.xserver.displayManager.gdm.enable = true; services.xserver.displayManager.gdm.enable = true;

19
gui/kde.nix
View File

@ -1,12 +1,13 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , ...
... }:
}: let let
inherit (pkgs.libsForQt5) callPackage; inherit (pkgs.libsForQt5) callPackage;
in { in
options = {kde = {enable = lib.mkEnableOption "Enable KDE desktop.";};}; {
options = { kde = { enable = lib.mkEnableOption "Enable KDE desktop."; }; };
config = lib.mkIf config.kde.enable { config = lib.mkIf config.kde.enable {
services.xserver.displayManager.sddm.enable = true; services.xserver.displayManager.sddm.enable = true;
@ -21,7 +22,7 @@ in {
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
(callPackage ../pkgs/tile-gaps.nix {}) (callPackage ../pkgs/tile-gaps.nix { })
libsForQt5.bismuth libsForQt5.bismuth
plasma5Packages.kdeconnect-kde plasma5Packages.kdeconnect-kde
waynergy waynergy

13
gui/xfce.nix
View File

@ -1,11 +1,10 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , ...
...
}: }:
with lib; { with lib; {
options = {xfce = {enable = mkEnableOption "Enable XFCE desktop.";};}; options = { xfce = { enable = mkEnableOption "Enable XFCE desktop."; }; };
config = mkIf config.xfce.enable { config = mkIf config.xfce.enable {
security.pam.services = { security.pam.services = {
@ -23,6 +22,6 @@ with lib; {
]; ];
services.xserver.displayManager.sddm.enable = true; services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.xfce = {enable = true;}; services.xserver.desktopManager.xfce = { enable = true; };
}; };
} }

204
hosts/box/default.nix
View File

@ -1,11 +1,11 @@
{ { inputs
inputs, , config
config, , lib
lib, , pkgs
pkgs, , isUnstable
isUnstable, , ...
... }:
}: let let
#photoPrismTag = "220901-bullseye"; #photoPrismTag = "220901-bullseye";
httpCacheTime = "720m"; httpCacheTime = "720m";
httpAllow = '' httpAllow = ''
@ -38,13 +38,14 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
]; ];
userBase = {openssh.authorizedKeys.keys = pubKeys;}; userBase = { openssh.authorizedKeys.keys = pubKeys; };
mkNginxSecret = { mkNginxSecret = {
sopsFile = config.xin-secrets.box.certs; sopsFile = config.xin-secrets.box.certs;
owner = config.users.users.nginx.name; owner = config.users.users.nginx.name;
mode = "400"; mode = "400";
}; };
in { in
{
_module.args.isUnstable = false; _module.args.isUnstable = false;
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
@ -65,41 +66,45 @@ in {
owner = config.users.users.gitea.name; owner = config.users.users.gitea.name;
sopsFile = config.xin-secrets.box.services; sopsFile = config.xin-secrets.box.services;
}; };
"bitwarden_rs.env" = {sopsFile = config.xin-secrets.box.services;}; "bitwarden_rs.env" = { sopsFile = config.xin-secrets.box.services; };
"wireguard_private_key" = {sopsFile = config.xin-secrets.box.services;}; "wireguard_private_key" = { sopsFile = config.xin-secrets.box.services; };
books_cert = mkNginxSecret;
books_key = mkNginxSecret;
jelly_cert = mkNginxSecret;
jelly_key = mkNginxSecret;
lidarr_cert = mkNginxSecret;
lidarr_key = mkNginxSecret;
nzb_cert = mkNginxSecret;
nzb_key = mkNginxSecret;
prowlarr_cert = mkNginxSecret;
prowlarr_key = mkNginxSecret;
radarr_cert = mkNginxSecret;
radarr_key = mkNginxSecret;
reddit_cert = mkNginxSecret;
reddit_key = mkNginxSecret;
sonarr_cert = mkNginxSecret;
sonarr_key = mkNginxSecret;
graph_cert = mkNginxSecret;
graph_key = mkNginxSecret;
bw_cert = mkNginxSecret;
bw_key = mkNginxSecret;
invidious_cert = mkNginxSecret;
invidious_key = mkNginxSecret;
readarr_cert = mkNginxSecret;
readarr_key = mkNginxSecret;
home_cert = mkNginxSecret;
home_key = mkNginxSecret;
}; };
sops.secrets.books_cert = mkNginxSecret; boot = {
sops.secrets.books_key = mkNginxSecret; supportedFilesystems = [ "zfs" ];
sops.secrets.jelly_cert = mkNginxSecret; loader = {
sops.secrets.jelly_key = mkNginxSecret; grub.copyKernels = true;
sops.secrets.lidarr_cert = mkNginxSecret; systemd-boot.enable = true;
sops.secrets.lidarr_key = mkNginxSecret; efi.canTouchEfiVariables = true;
sops.secrets.nzb_cert = mkNginxSecret; };
sops.secrets.nzb_key = mkNginxSecret; };
sops.secrets.prowlarr_cert = mkNginxSecret;
sops.secrets.prowlarr_key = mkNginxSecret;
sops.secrets.radarr_cert = mkNginxSecret;
sops.secrets.radarr_key = mkNginxSecret;
sops.secrets.reddit_cert = mkNginxSecret;
sops.secrets.reddit_key = mkNginxSecret;
sops.secrets.sonarr_cert = mkNginxSecret;
sops.secrets.sonarr_key = mkNginxSecret;
sops.secrets.graph_cert = mkNginxSecret;
sops.secrets.graph_key = mkNginxSecret;
sops.secrets.bw_cert = mkNginxSecret;
sops.secrets.bw_key = mkNginxSecret;
sops.secrets.invidious_cert = mkNginxSecret;
sops.secrets.invidious_key = mkNginxSecret;
sops.secrets.readarr_cert = mkNginxSecret;
sops.secrets.readarr_key = mkNginxSecret;
sops.secrets.home_cert = mkNginxSecret;
sops.secrets.home_key = mkNginxSecret;
boot.supportedFilesystems = ["zfs"];
boot.loader.grub.copyKernels = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
doas.enable = true; doas.enable = true;
@ -111,14 +116,14 @@ in {
enableIPv6 = false; enableIPv6 = false;
hosts = { hosts = {
"127.0.0.1" = ["git.tapenet.org"]; "127.0.0.1" = [ "git.tapenet.org" ];
"10.6.0.15" = ["jelly.bold.daemon"]; "10.6.0.15" = [ "jelly.bold.daemon" ];
"100.122.61.43" = ["nix-binary-cache.humpback-trout.ts.net"]; "100.122.61.43" = [ "nix-binary-cache.humpback-trout.ts.net" ];
}; };
interfaces.enp7s0 = {useDHCP = true;}; interfaces.enp7s0 = { useDHCP = true; };
firewall = { firewall = {
interfaces = {"tailscale0" = {allowedTCPPorts = [3030];};}; interfaces = { "tailscale0" = { allowedTCPPorts = [ 3030 ]; }; };
interfaces = { interfaces = {
"wg0" = { "wg0" = {
allowedTCPPorts = [ allowedTCPPorts = [
@ -154,12 +159,12 @@ in {
interfaces = { interfaces = {
wg0 = { wg0 = {
listenPort = 7122; listenPort = 7122;
ips = ["192.168.112.4/32"]; ips = [ "192.168.112.4/32" ];
peers = [ peers = [
{ {
publicKey = "IMJ1gVK6KzRghon5Wg1dxv1JCB8IbdSqeFjwQAxJM10="; publicKey = "IMJ1gVK6KzRghon5Wg1dxv1JCB8IbdSqeFjwQAxJM10=";
endpoint = "23.29.118.127:7122"; endpoint = "23.29.118.127:7122";
allowedIPs = ["192.168.112.3/32"]; allowedIPs = [ "192.168.112.3/32" ];
persistentKeepalive = 25; persistentKeepalive = 25;
} }
]; ];
@ -192,7 +197,7 @@ in {
glowing-bear glowing-bear
rtl_433 rtl_433
(callPackage ../../pkgs/athens.nix {inherit isUnstable;}) (callPackage ../../pkgs/athens.nix { inherit isUnstable; })
]; ];
security.acme = { security.acme = {
@ -200,21 +205,25 @@ in {
defaults.email = "aaron@bolddaemon.com"; defaults.email = "aaron@bolddaemon.com";
}; };
users.groups.media = { users = {
groups = {
media = {
name = "media"; name = "media";
members = ["qbit" "sonarr" "radarr" "lidarr" "nzbget" "jellyfin" "headphones" "rtorrent" "readarr"]; members = [ "qbit" "sonarr" "radarr" "lidarr" "nzbget" "jellyfin" "headphones" "rtorrent" "readarr" ];
}; };
users.groups.photos = { photos = {
name = "photos"; name = "photos";
members = ["qbit"]; members = [ "qbit" ];
}; };
users.groups.photoprism = { photoprism = {
name = "photoprism"; name = "photoprism";
gid = 986; gid = 986;
}; };
users.users.photoprism = { };
users = {
photoprism = {
uid = 991; uid = 991;
name = "photoprism"; name = "photoprism";
isSystemUser = true; isSystemUser = true;
@ -223,12 +232,7 @@ in {
shell = "/bin/sh"; shell = "/bin/sh";
openssh.authorizedKeys.keys = pubKeys; openssh.authorizedKeys.keys = pubKeys;
}; };
systemd.services.photoprism = {
serviceConfig = {
WorkingDirectory = lib.mkForce "/media/pictures/photoprism";
}; };
preStart = lib.mkForce "";
}; };
hardware.rtl-sdr.enable = true; hardware.rtl-sdr.enable = true;
@ -238,7 +242,7 @@ in {
enable = true; enable = true;
listeners = [ listeners = [
{ {
acl = ["pattern readwrite #"]; acl = [ "pattern readwrite #" ];
omitPasswordAuth = true; omitPasswordAuth = true;
settings.allow_anonymous = true; settings.allow_anonymous = true;
} }
@ -311,7 +315,7 @@ in {
]; ];
device_tracker = [ device_tracker = [
]; ];
default_config = {}; default_config = { };
http = { http = {
use_x_forwarded_for = true; use_x_forwarded_for = true;
server_host = "127.0.0.1"; server_host = "127.0.0.1";
@ -382,7 +386,8 @@ in {
}; };
cron = { cron = {
enable = true; enable = true;
systemCronJobs = let systemCronJobs =
let
tsCertsScript = pkgs.writeScriptBin "ts-certs.sh" '' tsCertsScript = pkgs.writeScriptBin "ts-certs.sh" ''
#!/usr/bin/env sh #!/usr/bin/env sh
. /etc/profile; . /etc/profile;
@ -396,9 +401,10 @@ in {
chown nginx /etc/nixos/secrets/box.humpback-trout.ts.net.* chown nginx /etc/nixos/secrets/box.humpback-trout.ts.net.*
) >/dev/null 2>&1 ) >/dev/null 2>&1
''; '';
in ["@daily root ${tsCertsScript}/bin/ts-certs.sh"]; in
[ "@daily root ${tsCertsScript}/bin/ts-certs.sh" ];
}; };
openssh = {settings.X11Forwarding = true;}; openssh = { settings.X11Forwarding = true; };
tor.enable = true; tor.enable = true;
@ -424,7 +430,7 @@ in {
nzbget = { nzbget = {
enable = true; enable = true;
group = "media"; group = "media";
settings = {MainDir = "/media/downloads";}; settings = { MainDir = "/media/downloads"; };
}; };
fwupd.enable = true; fwupd.enable = true;
@ -449,7 +455,7 @@ in {
calibre-web = { calibre-web = {
enable = true; enable = true;
group = "media"; group = "media";
options = {enableBookUploading = true;}; options = { enableBookUploading = true; };
listen.port = 8909; listen.port = 8909;
listen.ip = "127.0.0.1"; listen.ip = "127.0.0.1";
}; };
@ -501,7 +507,7 @@ in {
lifecycler = { lifecycler = {
address = "127.0.0.1"; address = "127.0.0.1";
ring = { ring = {
kvstore = {store = "inmemory";}; kvstore = { store = "inmemory"; };
replication_factor = 1; replication_factor = 1;
}; };
}; };
@ -535,7 +541,7 @@ in {
shared_store = "filesystem"; shared_store = "filesystem";
}; };
filesystem = {directory = "/var/lib/loki/chunks";}; filesystem = { directory = "/var/lib/loki/chunks"; };
}; };
limits_config = { limits_config = {
@ -543,7 +549,7 @@ in {
reject_old_samples_max_age = "168h"; reject_old_samples_max_age = "168h";
}; };
chunk_store_config = {max_look_back_period = "0s";}; chunk_store_config = { max_look_back_period = "0s"; };
table_manager = { table_manager = {
retention_deletes_enabled = false; retention_deletes_enabled = false;
@ -553,7 +559,7 @@ in {
compactor = { compactor = {
working_directory = "/var/lib/loki"; working_directory = "/var/lib/loki";
shared_store = "filesystem"; shared_store = "filesystem";
compactor_ring = {kvstore = {store = "inmemory";};}; compactor_ring = { kvstore = { store = "inmemory"; }; };
}; };
}; };
}; };
@ -565,7 +571,7 @@ in {
http_listen_port = 3031; http_listen_port = 3031;
grpc_listen_port = 0; grpc_listen_port = 0;
}; };
positions = {filename = "/tmp/positions.yaml";}; positions = { filename = "/tmp/positions.yaml"; };
clients = [ clients = [
{ {
url = "http://127.0.0.1:${ url = "http://127.0.0.1:${
@ -586,7 +592,7 @@ in {
}; };
relabel_configs = [ relabel_configs = [
{ {
source_labels = ["__journal__systemd_unit"]; source_labels = [ "__journal__systemd_unit" ];
target_label = "unit"; target_label = "unit";
} }
]; ];
@ -602,11 +608,11 @@ in {
exporters = { exporters = {
node = { node = {
enable = true; enable = true;
enabledCollectors = ["systemd"]; enabledCollectors = [ "systemd" ];
port = 9002; port = 9002;
}; };
nginx = {enable = true;}; nginx = { enable = true; };
rtl_433 = { rtl_433 = {
enable = true; enable = true;
@ -648,27 +654,27 @@ in {
} }
{ {
job_name = "greenhouse"; job_name = "greenhouse";
static_configs = [{targets = ["10.6.0.20:80"];}]; static_configs = [{ targets = [ "10.6.0.20:80" ]; }];
} }
{ {
job_name = "house"; job_name = "house";
static_configs = [{targets = ["10.6.0.21:80"];}]; static_configs = [{ targets = [ "10.6.0.21:80" ]; }];
} }
{ {
job_name = "outside"; job_name = "outside";
static_configs = [{targets = ["10.6.0.22:8811"];}]; static_configs = [{ targets = [ "10.6.0.22:8811" ]; }];
} }
{ {
job_name = "faf"; job_name = "faf";
static_configs = [{targets = ["10.6.0.245:9002"];}]; static_configs = [{ targets = [ "10.6.0.245:9002" ]; }];
} }
{ {
job_name = "h"; job_name = "h";
static_configs = [{targets = ["100.64.247.69:9002"];}]; static_configs = [{ targets = [ "100.64.247.69:9002" ]; }];
} }
{ {
job_name = "namish"; job_name = "namish";
static_configs = [{targets = ["10.200.0.100:9100"];}]; static_configs = [{ targets = [ "10.200.0.100:9100" ]; }];
} }
{ {
job_name = "nginx"; job_name = "nginx";
@ -746,7 +752,7 @@ in {
backup root@suah.dev:/var/www/ suah.dev/ backup root@suah.dev:/var/www/ suah.dev/
backup_exec date "+ backup of suah.dev ended at %c" backup_exec date "+ backup of suah.dev ended at %c"
''; '';
cronIntervals = {daily = "50 21 * * *";}; cronIntervals = { daily = "50 21 * * *"; };
}; };
libreddit = { libreddit = {
@ -1031,7 +1037,7 @@ in {
# host all all ::1/128 trust # host all all ::1/128 trust
#''; #'';
ensureDatabases = ["nextcloud" "gitea" "invidious"]; ensureDatabases = [ "nextcloud" "gitea" "invidious" ];
ensureUsers = [ ensureUsers = [
{ {
name = "nextcloud"; name = "nextcloud";
@ -1049,23 +1055,35 @@ in {
}; };
}; };
systemd.services.nginx.serviceConfig = { systemd = {
ReadWritePaths = ["/backups/nginx_cache"]; services = {
ReadOnlyPaths = ["/etc/nixos/secrets"]; photoprism = {
serviceConfig = {
WorkingDirectory = lib.mkForce "/media/pictures/photoprism";
};
preStart = lib.mkForce "";
}; };
systemd.services.gitea.environment = { nginx.serviceConfig = {
ReadWritePaths = [ "/backups/nginx_cache" ];
ReadOnlyPaths = [ "/etc/nixos/secrets" ];
};
gitea.environment = {
GIT_CONFIG_NOGLOBAL = "true"; GIT_CONFIG_NOGLOBAL = "true";
GIT_CONFIG_NOSYSTEM = "true"; GIT_CONFIG_NOSYSTEM = "true";
}; };
#"nextcloud-setup" = {
#systemd.services."nextcloud-setup" = {
# requires = [ "postgresql.service" ]; # requires = [ "postgresql.service" ];
# after = [ "postgresql.service" ]; # after = [ "postgresql.service" ];
#}; #};
};
};
users.users.qbit = userBase; users.users = {
users.users.root = userBase; qbit = userBase;
root = userBase;
};
programs.zsh.enable = true; programs.zsh.enable = true;

42
hosts/box/hardware-configuration.nix
View File

@ -1,70 +1,76 @@
{...}: { { ... }: {
boot.initrd.availableKernelModules = ["ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"]; boot = {
boot.initrd.kernelModules = []; initrd = {
boot.kernelModules = ["kvm-intel" "wireguard"]; availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.extraModulePackages = []; kernelModules = [ ];
};
kernelModules = [ "kvm-intel" "wireguard" ];
extraModulePackages = [ ];
};
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
fileSystems."/" = { fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/248dfcf7-999b-4dba-bfbf-0b10dbb376b1"; device = "/dev/disk/by-uuid/248dfcf7-999b-4dba-bfbf-0b10dbb376b1";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/home" = { "/home" = {
device = "rpool/home"; device = "rpool/home";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/backups" = { "/backups" = {
device = "rpool/backups"; device = "rpool/backups";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/media/music" = { "/media/music" = {
device = "rpool/media/music"; device = "rpool/media/music";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/media/movies" = { "/media/movies" = {
device = "rpool/media/movies"; device = "rpool/media/movies";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/media/pictures" = { "/media/pictures" = {
device = "rpool/pictures"; device = "rpool/pictures";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/media/tv" = { "/media/tv" = {
device = "rpool/media/tv"; device = "rpool/media/tv";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/media/nextcloud" = { "/media/nextcloud" = {
device = "rpool/nextcloud"; device = "rpool/nextcloud";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/media/git" = { "/media/git" = {
device = "rpool/git"; device = "rpool/git";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/media/downloads" = { "/media/downloads" = {
device = "rpool/downloads"; device = "rpool/downloads";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/db/postgres" = { "/db/postgres" = {
device = "rpool/db/postgres"; device = "rpool/db/postgres";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/boot" = { "/boot" = {
device = "/dev/disk/by-uuid/2AC3-DB6C"; device = "/dev/disk/by-uuid/2AC3-DB6C";
fsType = "vfat"; fsType = "vfat";
}; };
};
swapDevices = [{device = "/dev/disk/by-uuid/97d6ef56-ea18-493b-aac0-e58e773ced30";}]; swapDevices = [{ device = "/dev/disk/by-uuid/97d6ef56-ea18-493b-aac0-e58e773ced30"; }];
} }

75
hosts/europa/default.nix
View File

@ -1,11 +1,11 @@
{ { inputs
inputs, , config
config, , pkgs
pkgs, , lib
lib, , xinlib
xinlib, , ...
... }:
}: let let
inherit (inputs.stable.legacyPackages.${pkgs.system}) chirp; inherit (inputs.stable.legacyPackages.${pkgs.system}) chirp;
restic = pkgs.writeScriptBin "restic" (import ../../bins/restic.nix { restic = pkgs.writeScriptBin "restic" (import ../../bins/restic.nix {
inherit pkgs; inherit pkgs;
@ -25,25 +25,26 @@
name = "brain"; name = "brain";
script = "cd ~/Brain && git sync"; script = "cd ~/Brain && git sync";
startAt = "*:0/2"; startAt = "*:0/2";
path = [pkgs.git pkgs.git-sync]; path = [ pkgs.git pkgs.git-sync ];
} }
{ {
name = "org"; name = "org";
script = "(cd ~/org && git sync)"; script = "(cd ~/org && git sync)";
startAt = "*:0/5"; startAt = "*:0/5";
path = [pkgs.git pkgs.git-sync]; path = [ pkgs.git pkgs.git-sync ];
} }
{ {
name = "taskobs"; name = "taskobs";
script = "taskobs"; script = "taskobs";
startAt = "*:0/30"; startAt = "*:0/30";
path = [pkgs.taskobs] ++ pkgs.taskobs.buildInputs; path = [ pkgs.taskobs ] ++ pkgs.taskobs.buildInputs;
} }
]; ];
in { in
{
_module.args.isUnstable = true; _module.args.isUnstable = true;
imports = [./hardware-configuration.nix ../../pkgs ../../configs/neomutt.nix]; imports = [ ./hardware-configuration.nix ../../pkgs ../../configs/neomutt.nix ];
sops.secrets = { sops.secrets = {
fastmail = { fastmail = {
@ -94,7 +95,7 @@ in {
}; };
boot = { boot = {
binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"]; binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ];
initrd.systemd.enable = true; initrd.systemd.enable = true;
loader = { loader = {
systemd-boot.enable = true; systemd-boot.enable = true;
@ -103,7 +104,7 @@ in {
efiSysMountPoint = "/boot/efi"; efiSysMountPoint = "/boot/efi";
}; };
}; };
kernelParams = ["boot.shell_on_fail" "mem_sleep_default=deep"]; kernelParams = [ "boot.shell_on_fail" "mem_sleep_default=deep" ];
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
}; };
@ -122,21 +123,21 @@ in {
hostName = "europa"; hostName = "europa";
hostId = "87703c3e"; hostId = "87703c3e";
hosts = { hosts = {
"192.168.122.6" = ["chubs"]; "192.168.122.6" = [ "chubs" ];
}; };
wireless.userControlled.enable = true; wireless.userControlled.enable = true;
networkmanager.enable = true; networkmanager.enable = true;
firewall = { firewall = {
enable = true; enable = true;
allowedTCPPorts = [22]; allowedTCPPorts = [ 22 ];
}; };
}; };
tsPeerix = { tsPeerix = {
enable = false; enable = false;
privateKeyFile = "${config.sops.secrets.peerix_private_key.path}"; privateKeyFile = "${config.sops.secrets.peerix_private_key.path}";
interfaces = ["wlp170s0" "ztksevmpn3"]; interfaces = [ "wlp170s0" "ztksevmpn3" ];
}; };
programs = { programs = {
@ -144,7 +145,7 @@ in {
_1password.enable = true; _1password.enable = true;
_1password-gui = { _1password-gui = {
enable = true; enable = true;
polkitPolicyOwners = ["qbit"]; polkitPolicyOwners = [ "qbit" ];
}; };
dconf.enable = true; dconf.enable = true;
zsh = { zsh = {
@ -162,7 +163,7 @@ in {
}; };
}; };
services.xinCA = {enable = false;}; services.xinCA = { enable = false; };
services = { services = {
avahi = { avahi = {
@ -178,9 +179,9 @@ in {
environmentFile = "${config.sops.secrets.restic_env_file.path}"; environmentFile = "${config.sops.secrets.restic_env_file.path}";
passwordFile = "${config.sops.secrets.restic_password_file.path}"; passwordFile = "${config.sops.secrets.restic_password_file.path}";
paths = ["/home/qbit" "/var/lib/libvirt"]; paths = [ "/home/qbit" "/var/lib/libvirt" ];
pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-yearly 5"]; pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-yearly 5" ];
}; };
}; };
}; };
@ -231,18 +232,20 @@ in {
'' ''
]; ];
systemd.user.services = systemd = {
user.services =
lib.listToAttrs (builtins.map xinlib.jobToUserService jobs); lib.listToAttrs (builtins.map xinlib.jobToUserService jobs);
systemd.services."whytailscalewhy" = { services."whytailscalewhy" = {
description = "Tailscale restart on resume"; description = "Tailscale restart on resume";
wantedBy = ["post-resume.target"]; wantedBy = [ "post-resume.target" ];
after = ["post-resume.target"]; after = [ "post-resume.target" ];
script = '' script = ''
. /etc/profile; . /etc/profile;
${pkgs.systemd}/bin/systemctl restart tailscaled.service ${pkgs.systemd}/bin/systemctl restart tailscaled.service
''; '';
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
}; };
};
virtualisation.docker.enable = false; virtualisation.docker.enable = false;
users.users.qbit.extraGroups = [ users.users.qbit.extraGroups = [
@ -259,7 +262,7 @@ in {
XDG_DATA_HOME = "\${HOME}/.local/share"; XDG_DATA_HOME = "\${HOME}/.local/share";
STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d"; STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d";
PATH = ["\${XDG_BIN_HOME}"]; PATH = [ "\${XDG_BIN_HOME}" ];
MUHOME = "\${HOME}/.config/mu"; MUHOME = "\${HOME}/.config/mu";
}; };
@ -320,8 +323,8 @@ in {
#yubioath-flutter #yubioath-flutter
zig zig
(callPackage ../../pkgs/clilol.nix {}) (callPackage ../../pkgs/clilol.nix { })
(callPackage ../../pkgs/iamb.nix {}) (callPackage ../../pkgs/iamb.nix { })
(callPackage ../../pkgs/kobuddy.nix { (callPackage ../../pkgs/kobuddy.nix {
inherit pkgs; inherit pkgs;
inherit inherit
@ -335,9 +338,9 @@ in {
alembic alembic
; ;
}) })
(callPackage ../../pkgs/gokrazy.nix {}) (callPackage ../../pkgs/gokrazy.nix { })
(callPackage ../../pkgs/mvoice.nix {}) (callPackage ../../pkgs/mvoice.nix { })
(callPackage ../../pkgs/zutty.nix {}) (callPackage ../../pkgs/zutty.nix { })
restic restic
]; ];
@ -358,7 +361,9 @@ in {
} }
]; ];
system.autoUpgrade.allowReboot = false; system = {
system.autoUpgrade.enable = false; autoUpgrade.allowReboot = false;
system.stateVersion = "21.11"; autoUpgrade.enable = false;
stateVersion = "21.11";
};
} }

27
hosts/europa/hardware-configuration.nix
View File

@ -1,15 +1,18 @@
{ { config
config, , lib
lib, , modulesPath
modulesPath, , ...
...
}: { }: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod"]; boot = {
boot.initrd.kernelModules = []; initrd = {
boot.kernelModules = ["kvm-intel"]; availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.extraModulePackages = []; kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems = { fileSystems = {
"/" = { "/" = {
@ -25,14 +28,14 @@
}; };
boot.initrd.luks.devices."luks-1f16b568-7726-44b6-b082-6b9d5e4d1972".device = "/dev/disk/by-uuid/1f16b568-7726-44b6-b082-6b9d5e4d1972"; boot.initrd.luks.devices."luks-1f16b568-7726-44b6-b082-6b9d5e4d1972".device = "/dev/disk/by-uuid/1f16b568-7726-44b6-b082-6b9d5e4d1972";
boot.initrd.luks.devices."luks-1f16b568-7726-44b6-b082-6b9d5e4d1972".crypttabExtraOpts = ["fido2-device=auto"]; boot.initrd.luks.devices."luks-1f16b568-7726-44b6-b082-6b9d5e4d1972".crypttabExtraOpts = [ "fido2-device=auto" ];
fileSystems."/boot/efi" = { fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/F0A2-4A56"; device = "/dev/disk/by-uuid/F0A2-4A56";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [{device = "/dev/disk/by-label/swap";}]; swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware = { hardware = {

40
hosts/faf/default.nix
View File

@ -1,19 +1,25 @@
{config, ...}: let { config, ... }:
let
pubKeys = [ pubKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPMaAm4rDxyU975Z54YiNw3itC2fGc3SaE2VaS1fai8 root@box" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPMaAm4rDxyU975Z54YiNw3itC2fGc3SaE2VaS1fai8 root@box"
]; ];
userBase = { userBase = {
openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys; openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys;
}; };
in { in
{
_module.args.isUnstable = false; _module.args.isUnstable = false;
imports = [./hardware-configuration.nix]; imports = [ ./hardware-configuration.nix ];
boot.loader.systemd-boot.enable = true; boot = {
boot.loader.efi.canTouchEfiVariables = true; loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
boot.supportedFilesystems = ["zfs"]; supportedFilesystems = [ "zfs" ];
boot.zfs.devNodes = "/dev/"; zfs.devNodes = "/dev/";
};
networking = { networking = {
hostName = "faf"; hostName = "faf";
@ -23,13 +29,17 @@ in {
interfaces.enp1s0.useDHCP = true; interfaces.enp1s0.useDHCP = true;
interfaces.enp2s0.useDHCP = true; interfaces.enp2s0.useDHCP = true;
firewall.allowedTCPPorts = [22 53 config.services.prometheus.exporters.node.port]; firewall = {
firewall.allowedUDPPorts = [53]; allowedTCPPorts = [ 22 53 config.services.prometheus.exporters.node.port ];
hosts = {"100.122.61.43" = ["nix-binary-cache.humpback-trout.ts.net"];}; allowedUDPPorts = [ 53 ];
};
hosts = { "100.122.61.43" = [ "nix-binary-cache.humpback-trout.ts.net" ]; };
}; };
users.users.root = userBase; users.users = {
users.users.qbit = userBase; root = userBase;
qbit = userBase;
};
services = { services = {
prometheus = { prometheus = {
@ -39,7 +49,7 @@ in {
exporters = { exporters = {
node = { node = {
enable = true; enable = true;
enabledCollectors = ["systemd"]; enabledCollectors = [ "systemd" ];
port = 9002; port = 9002;
}; };
}; };
@ -101,8 +111,8 @@ in {
enable = true; enable = true;
settings = { settings = {
server = { server = {
interface = ["100.64.130.122"]; interface = [ "100.64.130.122" ];
access-control = ["100.64.0.0/10 allow"]; access-control = [ "100.64.0.0/10 allow" ];
}; };
local-zone = ''"bold.daemon." static''; local-zone = ''"bold.daemon." static'';
local-data = [ local-data = [

43
hosts/faf/hardware-configuration.nix
View File

@ -1,15 +1,15 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config
config, , lib
lib, , modulesPath
modulesPath, , ...
...
}: { }: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ boot = {
initrd.availableKernelModules = [
"uhci_hcd" "uhci_hcd"
"ehci_pci" "ehci_pci"
"ahci" "ahci"
@ -19,56 +19,59 @@
"usbhid" "usbhid"
"sd_mod" "sd_mod"
]; ];
boot.initrd.kernelModules = []; initrd.kernelModules = [ ];
boot.kernelModules = []; kernelModules = [ ];
boot.extraModulePackages = []; extraModulePackages = [ ];
};
fileSystems."/" = { fileSystems = {
"/" = {
device = "tank/nixos"; device = "tank/nixos";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/nix" = { "/nix" = {
device = "tank/nixos/nix"; device = "tank/nixos/nix";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/etc" = { "/etc" = {
device = "tank/nixos/etc"; device = "tank/nixos/etc";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var" = { "/var" = {
device = "tank/nixos/var"; device = "tank/nixos/var";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib" = { "/var/lib" = {
device = "tank/nixos/var/lib"; device = "tank/nixos/var/lib";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/log" = { "/var/log" = {
device = "tank/nixos/var/log"; device = "tank/nixos/var/log";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/spool" = { "/var/spool" = {
device = "tank/nixos/var/spool"; device = "tank/nixos/var/spool";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/home" = { "/home" = {
device = "tank/userdata/home"; device = "tank/userdata/home";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/boot" = { "/boot" = {
device = "/dev/disk/by-uuid/5851-DEF2"; device = "/dev/disk/by-uuid/5851-DEF2";
fsType = "vfat"; fsType = "vfat";
}; };
};
swapDevices = []; swapDevices = [ ];
hardware.cpu.intel.updateMicrocode = hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware; lib.mkDefault config.hardware.enableRedistributableFirmware;

153
hosts/h/default.nix
View File

@ -1,9 +1,8 @@
{ { config
config, , pkgs
pkgs, , isUnstable
isUnstable, , inputs
inputs, , ...
...
}: }:
with pkgs; let with pkgs; let
restic = pkgs.writeScriptBin "restic" (import ../../bins/restic.nix { restic = pkgs.writeScriptBin "restic" (import ../../bins/restic.nix {
@ -11,18 +10,18 @@ with pkgs; let
inherit lib; inherit lib;
inherit config; inherit config;
}); });
gqrss = callPackage ../../pkgs/gqrss.nix {inherit isUnstable;}; gqrss = callPackage ../../pkgs/gqrss.nix { inherit isUnstable; };
icbirc = callPackage ../../pkgs/icbirc.nix {inherit isUnstable;}; icbirc = callPackage ../../pkgs/icbirc.nix { inherit isUnstable; };
mcchunkie = callPackage ../../pkgs/mcchunkie.nix {inherit isUnstable;}; mcchunkie = callPackage ../../pkgs/mcchunkie.nix { inherit isUnstable; };
slidingSyncPkg = callPackage ../../pkgs/sliding-sync.nix {}; slidingSyncPkg = callPackage ../../pkgs/sliding-sync.nix { };
weepushover = weepushover =
python3Packages.callPackage ../../pkgs/weepushover.nix {inherit pkgs;}; python3Packages.callPackage ../../pkgs/weepushover.nix { inherit pkgs; };
pgBackupDir = "/var/backups/postgresql"; pgBackupDir = "/var/backups/postgresql";
pubKeys = [ pubKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
]; ];
userBase = {openssh.authorizedKeys.keys = pubKeys;}; userBase = { openssh.authorizedKeys.keys = pubKeys; };
icbIrcTunnel = icbIrcTunnel =
pkgs.writeScriptBin "icb-irc-tunnel" pkgs.writeScriptBin "icb-irc-tunnel"
(import ../../bins/icb-irc-tunnel.nix { (import ../../bins/icb-irc-tunnel.nix {
@ -44,9 +43,9 @@ with pkgs; let
matrixServer = "tapenet.org"; matrixServer = "tapenet.org";
matrixClientConfig = { matrixClientConfig = {
"m.homeserver".base_url = "https://${matrixServer}:443"; "m.homeserver".base_url = "https://${matrixServer}:443";
"org.matrix.msc3575.proxy" = {url = "https://${matrixServer}";}; "org.matrix.msc3575.proxy" = { url = "https://${matrixServer}"; };
}; };
matrixServerConfig = {"m.server" = "${matrixServer}:443";}; matrixServerConfig = { "m.server" = "${matrixServer}:443"; };
mkMatrixWellKnown = p: '' mkMatrixWellKnown = p: ''
return 200 '${builtins.toJSON p}'; return 200 '${builtins.toJSON p}';
''; '';
@ -61,25 +60,30 @@ with pkgs; let
proxyWebsockets = true; proxyWebsockets = true;
proxyPass = "http://${mtxCfg.address}:${toString mtxCfg.port}"; proxyPass = "http://${mtxCfg.address}:${toString mtxCfg.port}";
}; };
in { in
{
_module.args.isUnstable = false; _module.args.isUnstable = false;
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
boot.loader.grub.enable = true; boot = {
boot.loader.grub.device = "/dev/sda"; loader.grub = {
boot.loader.grub.configurationLimit = 15; enable = true;
device = "/dev/sda";
configurationLimit = 15;
};
boot.kernelParams = ["net.ifnames=0"]; kernelParams = [ "net.ifnames=0" ];
};
tailscale.sshOnly = true; tailscale.sshOnly = true;
nixpkgs.overlays = [ nixpkgs.overlays = [
(_: super: { (_: super: {
weechat = super.weechat.override { weechat = super.weechat.override {
configure = {...}: { configure = { ... }: {
scripts = with super.weechatScripts; [highmon weepushover]; scripts = with super.weechatScripts; [ highmon weepushover ];
}; };
}; };
}) })
@ -129,7 +133,7 @@ in {
sopsFile = config.xin-secrets.h.services; sopsFile = config.xin-secrets.h.services;
owner = config.users.users.gostart.name; owner = config.users.users.gostart.name;
}; };
wireguard_private_key = {sopsFile = config.xin-secrets.h.services;}; wireguard_private_key = { sopsFile = config.xin-secrets.h.services; };
pots_env_file = { pots_env_file = {
owner = config.users.users.pots.name; owner = config.users.users.pots.name;
mode = "400"; mode = "400";
@ -158,7 +162,7 @@ in {
useDHCP = false; useDHCP = false;
defaultGateway = "23.29.118.1"; defaultGateway = "23.29.118.1";
defaultGateway6 = "2602:ff16:3::1"; defaultGateway6 = "2602:ff16:3::1";
nameservers = ["9.9.9.9"]; nameservers = [ "9.9.9.9" ];
interfaces.eth0 = { interfaces.eth0 = {
ipv4.addresses = [ ipv4.addresses = [
@ -182,11 +186,11 @@ in {
interfaces = { interfaces = {
wg0 = { wg0 = {
listenPort = 7122; listenPort = 7122;
ips = ["192.168.112.3/32"]; ips = [ "192.168.112.3/32" ];
peers = [ peers = [
{ {
publicKey = "gZ16FwqUgzKgEpJgVC9BngJ+Dd0e5LPsDhDuJby0VzY="; publicKey = "gZ16FwqUgzKgEpJgVC9BngJ+Dd0e5LPsDhDuJby0VzY=";
allowedIPs = ["192.168.112.4/32"]; allowedIPs = [ "192.168.112.4/32" ];
persistentKeepalive = 25; persistentKeepalive = 25;
} }
]; ];
@ -196,9 +200,9 @@ in {
}; };
firewall = { firewall = {
interfaces = {"tailscale0" = {allowedTCPPorts = [9002];};}; interfaces = { "tailscale0" = { allowedTCPPorts = [ 9002 ]; }; };
allowedTCPPorts = [22 80 443 2222 53589]; allowedTCPPorts = [ 22 80 443 2222 53589 ];
allowedUDPPorts = [7122]; allowedUDPPorts = [ 7122 ];
allowedUDPPortRanges = [ allowedUDPPortRanges = [
{ {
from = 60000; from = 60000;
@ -231,18 +235,23 @@ in {
defaults.email = "aaron@bolddaemon.com"; defaults.email = "aaron@bolddaemon.com";
}; };
users.groups.mcchunkie = {}; users = {
users = {
users.users.mcchunkie = { qbit = userBase;
mcchunkie = {
createHome = true; createHome = true;
isSystemUser = true; isSystemUser = true;
home = "/var/lib/mcchunkie"; home = "/var/lib/mcchunkie";
group = "mcchunkie"; group = "mcchunkie";
}; };
};
groups.mcchunkie = { };
};
systemd.services.icb-tunnel = { systemd.services = {
wantedBy = ["network.target"]; icb-tunnel = {
after = ["network.target" "multi-user.target"]; wantedBy = [ "network.target" ];
after = [ "network.target" "multi-user.target" ];
serviceConfig = { serviceConfig = {
User = "qbit"; User = "qbit";
WorkingDirectory = "/home/qbit"; WorkingDirectory = "/home/qbit";
@ -250,8 +259,8 @@ in {
}; };
}; };
systemd.services.mcchunkie = { mcchunkie = {
wantedBy = ["multi-user.target"]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
User = "mcchunkie"; User = "mcchunkie";
Group = "mcchunkie"; Group = "mcchunkie";
@ -260,6 +269,7 @@ in {
ExecStart = "${mcchunkie}/bin/mcchunkie"; ExecStart = "${mcchunkie}/bin/mcchunkie";
}; };
}; };
};
services = { services = {
veilid-server = { veilid-server = {
@ -277,8 +287,8 @@ in {
exclusive = true; exclusive = true;
} }
]; ];
aliases = []; aliases = [ ];
rooms = []; rooms = [ ];
}; };
}; };
tsrevprox = { tsrevprox = {
@ -296,7 +306,7 @@ in {
enable = true; enable = true;
envFile = "${config.sops.secrets.pots_env_file.path}"; envFile = "${config.sops.secrets.pots_env_file.path}";
}; };
pr-status = {enable = true;}; pr-status = { enable = true; };
gostart = { gostart = {
enable = true; enable = true;
keyPath = "${config.sops.secrets.gostart.path}"; keyPath = "${config.sops.secrets.gostart.path}";
@ -335,7 +345,7 @@ in {
protocol = "https"; protocol = "https";
storage-backend = "local"; storage-backend = "local";
storage-local-base-path = "/var/lib/gotosocial"; storage-local-base-path = "/var/lib/gotosocial";
trusted-proxies = ["127.0.0.1/32" "23.29.118.0/24"]; trusted-proxies = [ "127.0.0.1/32" "23.29.118.0/24" ];
web-template-base-dir = "${config.services.gotosocial.package}/assets/web/template/"; web-template-base-dir = "${config.services.gotosocial.package}/assets/web/template/";
web-asset-base-dir = "${config.services.gotosocial.package}/assets/web/assets/"; web-asset-base-dir = "${config.services.gotosocial.package}/assets/web/assets/";
}; };
@ -347,8 +357,8 @@ in {
http_listen_port = 3031; http_listen_port = 3031;
grpc_listen_port = 0; grpc_listen_port = 0;
}; };
positions = {filename = "/tmp/positions.yaml";}; positions = { filename = "/tmp/positions.yaml"; };
clients = [{url = "http://box.humpback-trout.ts.net:3030/loki/api/v1/push";}]; clients = [{ url = "http://box.humpback-trout.ts.net:3030/loki/api/v1/push"; }];
scrape_configs = [ scrape_configs = [
{ {
job_name = "journal"; job_name = "journal";
@ -361,7 +371,7 @@ in {
}; };
relabel_configs = [ relabel_configs = [
{ {
source_labels = ["__journal__systemd_unit"]; source_labels = [ "__journal__systemd_unit" ];
target_label = "unit"; target_label = "unit";
} }
]; ];
@ -377,7 +387,7 @@ in {
exporters = { exporters = {
node = { node = {
enable = true; enable = true;
enabledCollectors = ["systemd"]; enabledCollectors = [ "systemd" ];
port = 9002; port = 9002;
}; };
}; };
@ -386,7 +396,7 @@ in {
enable = true; enable = true;
fqdn = "tasks.suah.dev"; fqdn = "tasks.suah.dev";
listenHost = "::"; listenHost = "::";
organisations."bolddaemon".users = ["qbit"]; organisations."bolddaemon".users = [ "qbit" ];
openFirewall = false; openFirewall = false;
}; };
cron = { cron = {
@ -418,9 +428,9 @@ in {
"/var/lib/writefreely" "/var/lib/writefreely"
]; ];
timerConfig = {OnCalendar = "00:05";}; timerConfig = { OnCalendar = "00:05"; };
pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-yearly 10"]; pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-yearly 10" ];
}; };
}; };
}; };
@ -480,7 +490,7 @@ in {
''; '';
upstreams = { upstreams = {
"ssh_gitea" = {servers = {"192.168.112.4:2222" = {};};}; "ssh_gitea" = { servers = { "192.168.112.4:2222" = { }; }; };
}; };
streamConfig = '' streamConfig = ''
@ -551,7 +561,7 @@ in {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = {root = "${pkgs.glowing-bear}";}; locations."/" = { root = "${pkgs.glowing-bear}"; };
}; };
"git.tapenet.org" = { "git.tapenet.org" = {
@ -569,17 +579,19 @@ in {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations = {
"/" = {
proxyPass = "http://192.168.112.4:8222"; proxyPass = "http://192.168.112.4:8222";
proxyWebsockets = true; proxyWebsockets = true;
}; };
locations."/admin" = { "/admin" = {
extraConfig = '' extraConfig = ''
${httpAllow} ${httpAllow}
deny all; deny all;
''; '';
}; };
}; };
};
"suah.dev" = { "suah.dev" = {
forceSSL = true; forceSSL = true;
@ -728,29 +740,33 @@ in {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
root = "/var/www/tapenet.org"; root = "/var/www/tapenet.org";
locations."/.well-known/matrix/client".extraConfig = locations = {
"/.well-known/matrix/client".extraConfig =
mkMatrixWellKnown matrixClientConfig; mkMatrixWellKnown matrixClientConfig;
locations."/.well-known/matrix/server".extraConfig = "/.well-known/matrix/server".extraConfig =
mkMatrixWellKnown matrixServerConfig; mkMatrixWellKnown matrixServerConfig;
locations."/client" = mkMatrixSliderLoc; "/client" = mkMatrixSliderLoc;
locations."/_matrix/client/unstable/org.matrix.msc3575/sync" = "/_matrix/client/unstable/org.matrix.msc3575/sync" =
mkMatrixSliderLoc; mkMatrixSliderLoc;
locations."/_matrix" = mkMatrixLoc; "/_matrix" = mkMatrixLoc;
locations."/_synapse/client" = mkMatrixLoc; "/_synapse/client" = mkMatrixLoc;
};
} }
else { else {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
root = "/var/www/tapenet.org"; root = "/var/www/tapenet.org";
locations."/.well-known/matrix/client".extraConfig = locations = {
"/.well-known/matrix/client".extraConfig =
mkMatrixWellKnown matrixClientConfig; mkMatrixWellKnown matrixClientConfig;
locations."/.well-known/matrix/server".extraConfig = "/.well-known/matrix/server".extraConfig =
mkMatrixWellKnown matrixServerConfig; mkMatrixWellKnown matrixServerConfig;
locations."/_matrix" = mkMatrixLoc; "/_matrix" = mkMatrixLoc;
locations."/_synapse/client" = mkMatrixLoc; "/_synapse/client" = mkMatrixLoc;
};
}; };
}; };
}; };
@ -764,7 +780,7 @@ in {
enable = true; enable = true;
package = pkgs.postgresql_14; package = pkgs.postgresql_14;
settings = {}; settings = { };
enableTCPIP = true; enableTCPIP = true;
authentication = pkgs.lib.mkOverride 14 '' authentication = pkgs.lib.mkOverride 14 ''
@ -780,7 +796,7 @@ in {
LC_COLLATE = "C" LC_COLLATE = "C"
LC_CTYPE = "C"; LC_CTYPE = "C";
''; '';
ensureDatabases = ["synapse" "gotosocial" "syncv3"]; ensureDatabases = [ "synapse" "gotosocial" "syncv3" ];
ensureUsers = [ ensureUsers = [
{ {
name = "synapse_user"; name = "synapse_user";
@ -834,7 +850,7 @@ in {
"porn" "porn"
"csam" "csam"
]; ];
aditionalPrefixes = ["hammer"]; aditionalPrefixes = [ "hammer" ];
confirmWildcardBan = false; confirmWildcardBan = false;
}; };
}; };
@ -850,7 +866,7 @@ in {
server_name = "tapenet.org"; server_name = "tapenet.org";
signing_key_path = "${config.sops.secrets.synapse_signing_key.path}"; signing_key_path = "${config.sops.secrets.synapse_signing_key.path}";
url_preview_enabled = false; url_preview_enabled = false;
plugins = with config.services.matrix-synapse.package.plugins; [matrix-synapse-mjolnir-antispam]; plugins = with config.services.matrix-synapse.package.plugins; [ matrix-synapse-mjolnir-antispam ];
app_service_config_files = [ app_service_config_files = [
"/var/lib/heisenbridge/registration.yml" "/var/lib/heisenbridge/registration.yml"
]; ];
@ -864,15 +880,15 @@ in {
listeners = [ listeners = [
{ {
inherit (mtxCfg) port; inherit (mtxCfg) port;
bind_addresses = [mtxCfg.address]; bind_addresses = [ mtxCfg.address ];
resources = [ resources = [
{ {
compress = true; compress = true;
names = ["client"]; names = [ "client" ];
} }
{ {
compress = false; compress = false;
names = ["federation"]; names = [ "federation" ];
} }
]; ];
tls = false; tls = false;
@ -884,7 +900,6 @@ in {
}; };
}; };
users.users.qbit = userBase;
system.stateVersion = "22.11"; system.stateVersion = "22.11";
} }

25
hosts/h/hardware-configuration.nix
View File

@ -1,25 +1,28 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config
config, , lib
lib, , modulesPath
modulesPath, , ...
...
}: { }: {
imports = [(modulesPath + "/profiles/qemu-guest.nix")]; imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "sd_mod"]; boot = {
boot.initrd.kernelModules = []; initrd = {
boot.kernelModules = ["wireguard"]; availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" ];
boot.extraModulePackages = []; kernelModules = [ ];
};
kernelModules = [ "wireguard" ];
extraModulePackages = [ ];
};
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/b3caa6ff-5610-4ae2-999d-f8f0b1599c4f"; device = "/dev/disk/by-uuid/b3caa6ff-5610-4ae2-999d-f8f0b1599c4f";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = [{device = "/dev/disk/by-uuid/610a3dbc-59d5-4e5b-b5de-b31402135d44";}]; swapDevices = [{ device = "/dev/disk/by-uuid/610a3dbc-59d5-4e5b-b5de-b31402135d44"; }];
hardware.cpu.intel.updateMicrocode = hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware; lib.mkDefault config.hardware.enableRedistributableFirmware;

28
hosts/luna/default.nix
View File

@ -1,24 +1,30 @@
{...}: let { ... }:
let
pubKeys = [ pubKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPMaAm4rDxyU975Z54YiNw3itC2fGc3SaE2VaS1fai8 root@box" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPMaAm4rDxyU975Z54YiNw3itC2fGc3SaE2VaS1fai8 root@box"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq"
]; ];
userBase = {openssh.authorizedKeys.keys = pubKeys;}; userBase = { openssh.authorizedKeys.keys = pubKeys; };
in { in
{
_module.args.isUnstable = false; _module.args.isUnstable = false;
imports = [./hardware-configuration.nix]; imports = [ ./hardware-configuration.nix ];
boot.loader.grub.enable = true; boot.loader.grub = {
boot.loader.grub.device = "/dev/sdb"; enable = true;
boot.loader.grub.useOSProber = true; device = "/dev/sdb";
useOSProber = true;
};
# The moon based shipyard # The moon based shipyard
networking.hostName = "luna"; networking = {
hostName = "luna";
networking.networkmanager.enable = true; networkmanager.enable = true;
networking.firewall.allowedTCPPorts = [22]; firewall.allowedTCPPorts = [ 22 ];
};
environment.systemPackages = []; environment.systemPackages = [ ];
users.users.root = userBase; users.users.root = userBase;
users.users.qbit = userBase; users.users.qbit = userBase;

25
hosts/luna/hardware-configuration.nix
View File

@ -1,12 +1,13 @@
{ { config
config, , lib
lib, , modulesPath
modulesPath, , ...
...
}: { }: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ boot = {
initrd = {
availableKernelModules = [
"uhci_hcd" "uhci_hcd"
"ehci_pci" "ehci_pci"
"ata_piix" "ata_piix"
@ -16,16 +17,18 @@
"sd_mod" "sd_mod"
"sr_mod" "sr_mod"
]; ];
boot.initrd.kernelModules = []; kernelModules = [ ];
boot.kernelModules = ["kvm-intel"]; };
boot.extraModulePackages = []; kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/caa1051c-f7c3-4809-9a63-b3908de9c27c"; device = "/dev/disk/by-uuid/caa1051c-f7c3-4809-9a63-b3908de9c27c";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = [{device = "/dev/disk/by-uuid/53f8fb0f-1fd8-4785-9278-343b525a23be";}]; swapDevices = [{ device = "/dev/disk/by-uuid/53f8fb0f-1fd8-4785-9278-343b525a23be"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

25
hosts/plq/default.nix
View File

@ -1,17 +1,18 @@
{ { pkgs
pkgs, , lib
lib, , isUnstable
isUnstable, , ...
... }:
}: let let
secretAgent = "Contents/Library/LoginItems/SecretAgent.app/Contents/MacOS/SecretAgent"; secretAgent = "Contents/Library/LoginItems/SecretAgent.app/Contents/MacOS/SecretAgent";
rage = rage =
pkgs.writeScriptBin "rage" (import ../../bins/rage.nix {inherit pkgs;}); pkgs.writeScriptBin "rage" (import ../../bins/rage.nix { inherit pkgs; });
in { in
{
_module.args.isUnstable = false; _module.args.isUnstable = false;
imports = [../../configs/tmux.nix ../../configs/zsh.nix ../../bins]; imports = [ ../../configs/tmux.nix ../../configs/zsh.nix ../../bins ];
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
networking.hostName = "plq"; networking.hostName = "plq";
@ -69,8 +70,8 @@ in {
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
(callPackage ../../pkgs/secretive.nix {inherit isUnstable;}) (callPackage ../../pkgs/secretive.nix { inherit isUnstable; })
(callPackage ../../pkgs/hammerspoon.nix {inherit isUnstable;}) (callPackage ../../pkgs/hammerspoon.nix { inherit isUnstable; })
direnv direnv
exiftool exiftool

48
hosts/pwntie/default.nix
View File

@ -1,13 +1,14 @@
{ { pkgs
pkgs, , config
config, , ...
... }:
}: let let
#myEmacs = pkgs.callPackage ../../configs/emacs.nix { }; #myEmacs = pkgs.callPackage ../../configs/emacs.nix { };
pubKeys = [ pubKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
]; ];
in { in
{
_module.args.isUnstable = false; _module.args.isUnstable = false;
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
@ -16,12 +17,18 @@ in {
hardware.rtl-sdr.enable = true; hardware.rtl-sdr.enable = true;
# Bootloader. # Bootloader.
boot.loader.systemd-boot.enable = true; boot = {
boot.loader.efi.canTouchEfiVariables = true; loader = {
boot.loader.efi.efiSysMountPoint = "/boot/efi"; systemd-boot.enable = true;
boot.kernelPackages = pkgs.linuxPackages_latest; efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/efi";
};
};
kernelPackages = pkgs.linuxPackages_latest;
boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"]; binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ];
};
nixpkgs.config.allowUnsupportedSystem = true; nixpkgs.config.allowUnsupportedSystem = true;
networking = { networking = {
@ -29,7 +36,7 @@ in {
networkmanager.enable = true; networkmanager.enable = true;
firewall = { firewall = {
enable = true; enable = true;
allowedTCPPorts = [22]; allowedTCPPorts = [ 22 ];
checkReversePath = "loose"; checkReversePath = "loose";
}; };
}; };
@ -43,16 +50,14 @@ in {
XDG_DATA_HOME = "\${HOME}/.local/share"; XDG_DATA_HOME = "\${HOME}/.local/share";
STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d"; STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d";
PATH = ["\${XDG_BIN_HOME}"]; PATH = [ "\${XDG_BIN_HOME}" ];
}; };
users.users.qbit.extraGroups = ["dialout" "libvirtd" "docker" "plugdev"];
#nixpkgs.config.allowUnfree = true; #nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
rtl-sdr rtl-sdr
direwolf direwolf
(callPackage ../../pkgs/rtlamr.nix {}) (callPackage ../../pkgs/rtlamr.nix { })
]; ];
#programs = { #programs = {
@ -116,8 +121,15 @@ in {
}; };
}; };
users.users.root = {openssh.authorizedKeys.keys = pubKeys;}; users = {
users.users.qbit = {openssh.authorizedKeys.keys = pubKeys;}; users = {
root = { openssh.authorizedKeys.keys = pubKeys; };
qbit = {
openssh.authorizedKeys.keys = pubKeys;
extraGroups = [ "dialout" "libvirtd" "docker" "plugdev" ];
};
};
};
system.stateVersion = "22.11"; system.stateVersion = "22.11";
} }

29
hosts/pwntie/hardware-configuration.nix
View File

@ -1,30 +1,33 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config
config, , lib
lib, , modulesPath
modulesPath, , ...
...
}: { }: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"]; boot = {
boot.initrd.kernelModules = []; initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.kernelModules = ["kvm-amd"]; initrd.kernelModules = [ ];
boot.extraModulePackages = []; kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
};
fileSystems."/" = { fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/dd7f2225-4c7a-4f40-8452-0aebf1a75aec"; device = "/dev/disk/by-uuid/dd7f2225-4c7a-4f40-8452-0aebf1a75aec";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot/efi" = { "/boot/efi" = {
device = "/dev/disk/by-uuid/2079-D1CE"; device = "/dev/disk/by-uuid/2079-D1CE";
fsType = "vfat"; fsType = "vfat";
}; };
};
swapDevices = [{device = "/dev/disk/by-uuid/e14ac85b-d7b0-4a76-b9ab-a2c61fd67a5d";}]; swapDevices = [{ device = "/dev/disk/by-uuid/e14ac85b-d7b0-4a76-b9ab-a2c61fd67a5d"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

39
hosts/router/default.nix
View File

@ -1,9 +1,9 @@
{ { config
config, , pkgs
pkgs, , lib
lib, , ...
... }:
}: let let
inherit inherit
(builtins) (builtins)
head head
@ -11,7 +11,7 @@
attrValues attrValues
mapAttrs mapAttrs
attrNames attrNames
; # hasAttr; ;# hasAttr;
inherit (lib.attrsets) filterAttrsRecursive filterAttrs; inherit (lib.attrsets) filterAttrsRecursive filterAttrs;
pubKeys = [ pubKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
@ -22,9 +22,9 @@
wan = "enp5s0f0"; wan = "enp5s0f0";
trunk = "enp5s0f1"; trunk = "enp5s0f1";
dnsServers = ["45.90.28.147" "45.90.30.147"]; dnsServers = [ "45.90.28.147" "45.90.30.147" ];
interfaces = { interfaces = {
"${wan}" = {useDHCP = true;}; "${wan}" = { useDHCP = true; };
"${trunk}" = rec { "${trunk}" = rec {
ipv4.addresses = [ ipv4.addresses = [
{ {
@ -96,7 +96,7 @@
enable = true; enable = true;
start = "10.99.1.100"; start = "10.99.1.100";
end = "10.99.1.155"; end = "10.99.1.155";
staticIPs = []; staticIPs = [ ];
}; };
}; };
}; };
@ -118,7 +118,7 @@
enable = true; enable = true;
start = "10.98.1.100"; start = "10.98.1.100";
end = "10.98.1.150"; end = "10.98.1.150";
staticIPs = []; staticIPs = [ ];
}; };
}; };
}; };
@ -140,7 +140,7 @@
enable = true; enable = true;
start = "10.10.0.100"; start = "10.10.0.100";
end = "10.10.0.155"; end = "10.10.0.155";
staticIPs = []; staticIPs = [ ];
}; };
}; };
}; };
@ -162,7 +162,7 @@
enable = false; enable = false;
start = "10.12.0.100"; start = "10.12.0.100";
end = "10.12.0.155"; end = "10.12.0.155";
staticIPs = []; staticIPs = [ ];
}; };
}; };
}; };
@ -213,7 +213,7 @@
enable = false; enable = false;
start = "10.20.30.100"; start = "10.20.30.100";
end = "10.20.30.155"; end = "10.20.30.155";
staticIPs = []; staticIPs = [ ];
}; };
}; };
}; };
@ -294,14 +294,15 @@
enable = false; enable = false;
start = "10.7.0.100"; start = "10.7.0.100";
end = "10.7.0.155"; end = "10.7.0.155";
staticIPs = []; staticIPs = [ ];
}; };
}; };
}; };
}; };
in { in
{
_module.args.isUnstable = false; _module.args.isUnstable = false;
imports = [./hardware-configuration.nix ../../modules/tsvnstat.nix]; imports = [ ./hardware-configuration.nix ../../modules/tsvnstat.nix ];
boot.kernel.sysctl = { boot.kernel.sysctl = {
"net.ipv4.conf.all.forwarding" = true; "net.ipv4.conf.all.forwarding" = true;
@ -463,7 +464,7 @@ in {
{ {
name = "common"; name = "common";
advertise = true; advertise = true;
prefix = [{prefix = "::/64";}]; prefix = [{ prefix = "::/64"; }];
} }
]; ];
}; };
@ -514,7 +515,7 @@ in {
}; };
}; };
environment.systemPackages = with pkgs; [bmon termshark tcpdump]; environment.systemPackages = with pkgs; [ bmon termshark tcpdump ];
users.users.root = userBase; users.users.root = userBase;
users.users.qbit = userBase; users.users.qbit = userBase;

33
hosts/router/hardware-configuration.nix
View File

@ -1,29 +1,34 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config
config, , lib
lib, , modulesPath
modulesPath, , ...
...
}: { }: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.loader.grub.enable = true; boot.loader.grub = {
boot.loader.grub.device = "/dev/sda"; enable = true;
boot.loader.grub.useOSProber = true; device = "/dev/sda";
useOSProber = true;
};
boot.initrd.availableKernelModules = ["ehci_pci" "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod"]; boot = {
boot.initrd.kernelModules = []; initrd = {
boot.kernelModules = ["nf_tables" "nf_tables_ipv6" "nf_conntrack_tftp"]; availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" ];
boot.extraModulePackages = []; kernelModules = [ ];
};
kernelModules = [ "nf_tables" "nf_tables_ipv6" "nf_conntrack_tftp" ];
extraModulePackages = [ ];
};
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/4c84fd36-f143-4db8-bfe5-65de0287f894"; device = "/dev/disk/by-uuid/4c84fd36-f143-4db8-bfe5-65de0287f894";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = []; swapDevices = [ ];
hardware.cpu.intel.updateMicrocode = hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware; lib.mkDefault config.hardware.enableRedistributableFirmware;

50
hosts/stan/default.nix
View File

@ -1,9 +1,9 @@
{ { config
config, , inputs
inputs, , pkgs
pkgs, , ...
... }:
}: let let
pubKeys = [ pubKeys = [
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0= hosts@secretive.plq.local" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0= hosts@secretive.plq.local"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
@ -20,9 +20,10 @@
doom-emacs = inputs.nix-doom-emacs.packages.${pkgs.system}.default.override { doom-emacs = inputs.nix-doom-emacs.packages.${pkgs.system}.default.override {
doomPrivateDir = ../../configs/doom.d; doomPrivateDir = ../../configs/doom.d;
}; };
in { in
{
_module.args.isUnstable = true; _module.args.isUnstable = true;
imports = [./hardware-configuration.nix]; imports = [ ./hardware-configuration.nix ];
boot = { boot = {
loader = { loader = {
@ -34,9 +35,9 @@ in {
initrd = { initrd = {
luks.devices."luks-23b20980-eb1e-4390-b706-f0f42a623ddf".device = "/dev/disk/by-uuid/23b20980-eb1e-4390-b706-f0f42a623ddf"; luks.devices."luks-23b20980-eb1e-4390-b706-f0f42a623ddf".device = "/dev/disk/by-uuid/23b20980-eb1e-4390-b706-f0f42a623ddf";
luks.devices."luks-23b20980-eb1e-4390-b706-f0f42a623ddf".keyFile = "/crypto_keyfile.bin"; luks.devices."luks-23b20980-eb1e-4390-b706-f0f42a623ddf".keyFile = "/crypto_keyfile.bin";
secrets = {"/crypto_keyfile.bin" = null;}; secrets = { "/crypto_keyfile.bin" = null; };
}; };
kernelParams = ["intel_idle.max_cstate=4"]; kernelParams = [ "intel_idle.max_cstate=4" ];
kernelPackages = pkgs.linuxPackages; kernelPackages = pkgs.linuxPackages;
}; };
security.pki.certificates = [ security.pki.certificates = [
@ -97,15 +98,15 @@ in {
hostName = "stan"; hostName = "stan";
hosts = { hosts = {
"172.16.30.253" = ["proxmox-02.vm.calyptix.local"]; "172.16.30.253" = [ "proxmox-02.vm.calyptix.local" ];
"127.0.0.1" = ["borg.calyptix.dev" "localhost"]; "127.0.0.1" = [ "borg.calyptix.dev" "localhost" ];
"192.168.122.249" = ["arst.arst" "vm"]; "192.168.122.249" = [ "arst.arst" "vm" ];
"192.168.8.194" = ["router.arst" "router"]; "192.168.8.194" = [ "router.arst" "router" ];
}; };
networkmanager.enable = true; networkmanager.enable = true;
firewall = { firewall = {
allowedTCPPorts = [22]; allowedTCPPorts = [ 22 ];
checkReversePath = "loose"; checkReversePath = "loose";
}; };
}; };
@ -138,8 +139,8 @@ in {
systemd.services = { systemd.services = {
"tailscale-init" = { "tailscale-init" = {
wantedBy = ["tailscaled.service"]; wantedBy = [ "tailscaled.service" ];
after = ["tailscaled.service"]; after = [ "tailscaled.service" ];
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.tailscale}/bin/tailscale up --auth-key file://${config.sops.secrets.tskey.path}"; ExecStart = "${pkgs.tailscale}/bin/tailscale up --auth-key file://${config.sops.secrets.tskey.path}";
}; };
@ -152,7 +153,7 @@ in {
isNormalUser = true; isNormalUser = true;
description = "Aaron Bieber"; description = "Aaron Bieber";
shell = pkgs.zsh; shell = pkgs.zsh;
extraGroups = ["networkmanager" "wheel" "libvirtd"]; extraGroups = [ "networkmanager" "wheel" "libvirtd" ];
} }
// userBase; // userBase;
@ -184,22 +185,24 @@ in {
zig zig
rustdesk rustdesk
(callPackage ../../pkgs/zutty.nix {}) (callPackage ../../pkgs/zutty.nix { })
]; ];
virtualisation.libvirtd.enable = true; virtualisation.libvirtd.enable = true;
programs.git.config.safe.directory = "/home/abieber/aef100";
programs = { programs = {
git.config.safe.directory = "/home/abieber/aef100";
dconf.enable = true; dconf.enable = true;
zsh.enable = true; zsh.enable = true;
ssh.knownHosts = {
"[192.168.122.249]:7022".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAOzf2Rv6FZYuH758TlNBcq4CXAHTPJxe5qoQTRM3nRc";
};
}; };
tsPeerix = { tsPeerix = {
enable = false; enable = false;
privateKeyFile = "${config.sops.secrets.peerix_private_key.path}"; privateKeyFile = "${config.sops.secrets.peerix_private_key.path}";
interfaces = ["wlp170s0" "ztksevmpn3"]; interfaces = [ "wlp170s0" "ztksevmpn3" ];
}; };
services = { services = {
@ -213,9 +216,6 @@ in {
}; };
}; };
programs.ssh.knownHosts = {
"[192.168.122.249]:7022".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAOzf2Rv6FZYuH758TlNBcq4CXAHTPJxe5qoQTRM3nRc";
};
system.autoUpgrade.allowReboot = false; system.autoUpgrade.allowReboot = false;
system.stateVersion = "22.05"; # Did you read the comment? system.stateVersion = "22.05"; # Did you read the comment?

33
hosts/stan/hardware-configuration.nix
View File

@ -1,18 +1,22 @@
{ { pkgs
pkgs, , config
config, , lib
lib, , modulesPath
modulesPath, , ...
...
}: { }: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"]; boot = {
boot.initrd.kernelModules = []; initrd = {
boot.kernelModules = ["kvm-intel"]; availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ];
boot.extraModulePackages = []; kernelModules = [ ];
luks.devices."luks-e12e4b82-6f9e-4f80-b3f4-7e9a248e7827".device = "/dev/disk/by-uuid/e12e4b82-6f9e-4f80-b3f4-7e9a248e7827";
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
system.fsPackages = [pkgs.sshfs]; system.fsPackages = [ pkgs.sshfs ];
fileSystems = { fileSystems = {
"/" = { "/" = {
@ -30,7 +34,7 @@
"_netdev" "_netdev"
"x-systemd.automount" "x-systemd.automount"
(builtins.replaceStrings [" "] ["\\040"] (builtins.replaceStrings [ " " ] [ "\\040" ]
"ssh_command=${pkgs.openssh}/bin/ssh -F /home/abieber/.ssh/config") "ssh_command=${pkgs.openssh}/bin/ssh -F /home/abieber/.ssh/config")
"reconnect" "reconnect"
"allow_other" "allow_other"
@ -43,9 +47,8 @@
}; };
}; };
boot.initrd.luks.devices."luks-e12e4b82-6f9e-4f80-b3f4-7e9a248e7827".device = "/dev/disk/by-uuid/e12e4b82-6f9e-4f80-b3f4-7e9a248e7827";
swapDevices = [{device = "/dev/disk/by-uuid/85a3b559-0c0f-485d-9107-9f6ba5ad31da";}]; swapDevices = [{ device = "/dev/disk/by-uuid/85a3b559-0c0f-485d-9107-9f6ba5ad31da"; }];
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;

35
hosts/weather/default.nix
View File

@ -1,9 +1,9 @@
{ { config
config, , pkgs
pkgs, , lib
lib, , ...
... }:
}: let let
pubKeys = [ pubKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0= hosts@secretive.plq.local" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0= hosts@secretive.plq.local"
@ -11,19 +11,20 @@
userBase = { userBase = {
openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys; openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys;
}; };
firefox = import ../../configs/firefox.nix {inherit pkgs;}; firefox = import ../../configs/firefox.nix { inherit pkgs; };
in { in
{
_module.args.isUnstable = false; _module.args.isUnstable = false;
imports = [./hardware-configuration.nix]; imports = [ ./hardware-configuration.nix ];
defaultUsers.enable = false; defaultUsers.enable = false;
programs = {} // firefox.programs; programs = { } // firefox.programs;
boot = { boot = {
initrd.availableKernelModules = ["usbhid" "usb_storage" "vc4" "rtc-ds3232" "rtc-ds1307"]; initrd.availableKernelModules = [ "usbhid" "usb_storage" "vc4" "rtc-ds3232" "rtc-ds1307" ];
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
kernelModules = ["raspberrypi_ts" "rtc-ds3232" "rtc-ds1307"]; kernelModules = [ "raspberrypi_ts" "rtc-ds3232" "rtc-ds1307" ];
loader = { loader = {
grub.enable = false; grub.enable = false;
generic-extlinux-compatible.enable = true; generic-extlinux-compatible.enable = true;
@ -32,21 +33,21 @@ in {
networking = { networking = {
hostName = "weather"; hostName = "weather";
networkmanager = {enable = true;}; networkmanager = { enable = true; };
wireless.userControlled.enable = true; wireless.userControlled.enable = true;
hosts."100.120.151.126" = ["graph.tapenet.org"]; hosts."100.120.151.126" = [ "graph.tapenet.org" ];
}; };
users.users.weather = { users.users.weather = {
shell = pkgs.zsh; shell = pkgs.zsh;
isNormalUser = true; isNormalUser = true;
description = "Weather"; description = "Weather";
extraGroups = ["wheel"]; extraGroups = [ "wheel" ];
}; };
preDNS.enable = false; preDNS.enable = false;
systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart = systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart =
lib.mkForce ["" "${pkgs.networkmanager}/bin/nm-online -q"]; lib.mkForce [ "" "${pkgs.networkmanager}/bin/nm-online -q" ];
services.xserver = { services.xserver = {
enable = true; enable = true;
@ -54,7 +55,7 @@ in {
windowManager.xmonad = { windowManager.xmonad = {
enable = true; enable = true;
extraPackages = haskellPackages: [haskellPackages.xmonad-contrib]; extraPackages = haskellPackages: [ haskellPackages.xmonad-contrib ];
config = '' config = ''
{-# LANGUAGE QuasiQuotes #-} {-# LANGUAGE QuasiQuotes #-}

2
hosts/weather/hardware-configuration.nix
View File

@ -1,4 +1,4 @@
{...}: { { ... }: {
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/disk/by-label/NIXOS_SD"; device = "/dev/disk/by-label/NIXOS_SD";

23
hosts/weatherzero/default.nix
View File

@ -1,9 +1,9 @@
{ { config
config, , pkgs
pkgs, , lib
lib, , ...
... }:
}: let let
pubKeys = [ pubKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0= hosts@secretive.plq.local" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0= hosts@secretive.plq.local"
@ -11,7 +11,8 @@
userBase = { userBase = {
openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys; openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys;
}; };
in { in
{
_module.args.isUnstable = false; _module.args.isUnstable = false;
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
@ -27,23 +28,23 @@ in {
"hid_microsoft" "hid_microsoft"
]; ];
supportedFilesystems = lib.mkForce ["vfat"]; supportedFilesystems = lib.mkForce [ "vfat" ];
kernelPackages = lib.mkForce pkgs.linuxPackages_rpi0; kernelPackages = lib.mkForce pkgs.linuxPackages_rpi0;
}; };
networking = { networking = {
hostName = "wzero"; hostName = "wzero";
networkmanager = {enable = true;}; networkmanager = { enable = true; };
wireless.userControlled.enable = true; wireless.userControlled.enable = true;
hosts."100.120.151.126" = ["graph.tapenet.org"]; hosts."100.120.151.126" = [ "graph.tapenet.org" ];
}; };
users.users.weather = { users.users.weather = {
shell = pkgs.zsh; shell = pkgs.zsh;
isNormalUser = true; isNormalUser = true;
description = "Weather"; description = "Weather";
extraGroups = ["wheel"]; extraGroups = [ "wheel" ];
}; };
preDNS.enable = false; preDNS.enable = false;

4
hosts/weatherzero/hardware-configuration.nix
View File

@ -1,8 +1,8 @@
{pkgs, ...}: { { pkgs, ... }: {
hardware = { hardware = {
deviceTree = { deviceTree = {
enable = true; enable = true;
overlays = ["${pkgs.device-tree_rpi.overlays}/hifiberry-dac.dtbo"]; overlays = [ "${pkgs.device-tree_rpi.overlays}/hifiberry-dac.dtbo" ];
}; };
enableRedistributableFirmware = true; enableRedistributableFirmware = true;

40
install_template.nix
View File

@ -1,4 +1,5 @@
{pkgs, ...}: let { pkgs, ... }:
let
pubKeys = [ pubKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDM2k2C6Ufx5RNf4qWA9BdQHJfAkskOaqEWf8yjpySwH Nix Manager" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDM2k2C6Ufx5RNf4qWA9BdQHJfAkskOaqEWf8yjpySwH Nix Manager"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB1cBO17AFcS2NtIT+rIxR2Fhdu3HD4de4+IsFyKKuGQAAAACnNzaDpsZXNzZXI=" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB1cBO17AFcS2NtIT+rIxR2Fhdu3HD4de4+IsFyKKuGQAAAACnNzaDpsZXNzZXI="
@ -6,12 +7,17 @@
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0=" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHrYWbbgBkGcOntDqdMaWVZ9xn+dHM+Ap6s1HSAalL28AAAACHNzaDptYWlu" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHrYWbbgBkGcOntDqdMaWVZ9xn+dHM+Ap6s1HSAalL28AAAACHNzaDptYWlu"
]; ];
in { in
imports = [./hardware-configuration.nix]; {
imports = [ ./hardware-configuration.nix ];
boot.loader.systemd-boot.enable = true; boot.loader = {
boot.loader.efi.canTouchEfiVariables = true; systemd-boot.enable = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi"; efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/efi";
};
};
nix = { nix = {
package = pkgs.nixUnstable; package = pkgs.nixUnstable;
@ -20,9 +26,10 @@ in {
''; '';
}; };
networking.hostName = "changeme"; networking = {
hostName = "changeme";
networking.networkmanager.enable = true; networkmanager.enable = true;
};
time.timeZone = "America/Denver"; time.timeZone = "America/Denver";
@ -32,24 +39,25 @@ in {
layout = "us"; layout = "us";
xkbVariant = "colemak"; xkbVariant = "colemak";
}; };
console = {keyMap = "colemak";}; console = { keyMap = "colemak"; };
users.users.qbit = { users.users = {
qbit = {
isNormalUser = true; isNormalUser = true;
description = "Aaron Bieber"; description = "Aaron Bieber";
extraGroups = ["networkmanager" "wheel"]; extraGroups = [ "networkmanager" "wheel" ];
packages = []; packages = [ ];
};
root = { openssh.authorizedKeys.keys = pubKeys; };
}; };
# neovim will overwrite my neovim!! # neovim will overwrite my neovim!!
environment.systemPackages = with pkgs; [neovim jq]; environment.systemPackages = with pkgs; [ neovim jq ];
services.openssh = { services.openssh = {
enable = true; enable = true;
permitRootLogin = "prohibit-password"; permitRootLogin = "prohibit-password";
}; };
users.users.root = {openssh.authorizedKeys.keys = pubKeys;};
system.stateVersion = "22.05"; # Did you read the comment? system.stateVersion = "22.05"; # Did you read the comment?
} }

34
installer.nix
View File

@ -1,13 +1,13 @@
{ { config
config, , lib
lib, , pkgs
options, , ...
pkgs, }:
... let
}: let
managementKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDM2k2C6Ufx5RNf4qWA9BdQHJfAkskOaqEWf8yjpySwH Nix Manager"; managementKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDM2k2C6Ufx5RNf4qWA9BdQHJfAkskOaqEWf8yjpySwH Nix Manager";
in { in
imports = [./configs/colemak.nix ./configs/tmux.nix ./configs/neovim.nix]; {
imports = [ ./configs/colemak.nix ./configs/tmux.nix ./configs/neovim.nix ];
options.myconf = { options.myconf = {
hwPubKeys = lib.mkOption rec { hwPubKeys = lib.mkOption rec {
@ -74,7 +74,7 @@ in {
}; };
config = { config = {
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# from https://github.com/dylanaraps/neofetch # from https://github.com/dylanaraps/neofetch
users.motd = '' users.motd = ''
@ -102,11 +102,13 @@ in {
''; '';
boot.tmp.cleanOnBoot = true; boot.tmp.cleanOnBoot = true;
environment.systemPackages = with pkgs; [apg inetutils]; environment = {
systemPackages = with pkgs; [ apg inetutils ];
environment.interactiveShellInit = '' interactiveShellInit = ''
alias vi=nvim alias vi=nvim
''; '';
};
time.timeZone = "US/Mountain"; time.timeZone = "US/Mountain";
@ -114,15 +116,15 @@ in {
if pkgs.system == "aarch64-linux" if pkgs.system == "aarch64-linux"
then { then {
description = "Set date on boot"; description = "Set date on boot";
wantedBy = ["network-online.target"]; wantedBy = [ "network-online.target" ];
after = ["network-online.target"]; after = [ "network-online.target" ];
script = '' script = ''
. /etc/profile; . /etc/profile;
${pkgs.outils}/bin/rdate pool.ntp.org ${pkgs.outils}/bin/rdate pool.ntp.org
''; '';
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
} }
else {}; else { };
programs = { programs = {
zsh.enable = true; zsh.enable = true;
@ -149,7 +151,7 @@ in {
settings = { settings = {
PermitRootLogin = lib.mkForce "prohibit-password"; PermitRootLogin = lib.mkForce "prohibit-password";
PasswordAuthentication = false; PasswordAuthentication = false;
KexAlgorithms = ["curve25519-sha256" "curve25519-sha256@libssh.org"]; KexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
Macs = [ Macs = [
"hmac-sha2-512-etm@openssh.com" "hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com" "hmac-sha2-256-etm@openssh.com"

30
lib/default.nix
View File

@ -1,18 +1,22 @@
{lib, ...}: let { lib, ... }:
let
inherit (builtins) toString readFile fromJSON filter; inherit (builtins) toString readFile fromJSON filter;
getPrStatus = pr: let getPrStatus = pr:
let
prstr = toString pr; prstr = toString pr;
prStatus = fromJSON (readFile ../pull_requests/${prstr}.json); prStatus = fromJSON (readFile ../pull_requests/${prstr}.json);
in in
prStatus; prStatus;
prIsOpen = { prIsOpen = {
option = pr: a: let option = pr: a:
let
prStatus = getPrStatus pr; prStatus = getPrStatus pr;
in in
if prStatus.status == "open" if prStatus.status == "open"
then a then a
else {}; else { };
pkg = pr: localPkg: upstreamPkg: let pkg = pr: localPkg: upstreamPkg:
let
prStatus = getPrStatus pr; prStatus = getPrStatus pr;
in in
if prStatus.status == "open" if prStatus.status == "open"
@ -22,7 +26,8 @@
"PR: ${toString pr} (${prStatus.title}) is complete, ignoring pkg..." "PR: ${toString pr} (${prStatus.title}) is complete, ignoring pkg..."
upstreamPkg; upstreamPkg;
overlay = pr: overlay: let overlay = pr: overlay:
let
prStatus = getPrStatus pr; prStatus = getPrStatus pr;
in in
if pr == 0 || prStatus.status == "open" if pr == 0 || prStatus.status == "open"
@ -30,7 +35,8 @@
else else
lib.warn "PR: ${ lib.warn "PR: ${
toString pr toString pr
} (${prStatus.title}) is complete, ignoring overlay..." (_: _: {}); } (${prStatus.title}) is complete, ignoring overlay..."
(_: _: { });
}; };
todo = msg: lib.warn "TODO: ${msg}"; todo = msg: lib.warn "TODO: ${msg}";
@ -48,7 +54,7 @@
value = { value = {
script = mkCronScript "${job.name}_script" job.script; script = mkCronScript "${job.name}_script" job.script;
inherit (job) startAt path; inherit (job) startAt path;
serviceConfig = {Type = "oneshot";}; serviceConfig = { Type = "oneshot"; };
}; };
}; };
jobToService = job: { jobToService = job: {
@ -91,9 +97,11 @@
# Set our configurationRevison based on the status of our git repo. # Set our configurationRevison based on the status of our git repo.
# If the repo is dirty, disable autoUpgrade as it means we are # If the repo is dirty, disable autoUpgrade as it means we are
# testing something. # testing something.
buildVer = self: let buildVer = self:
let
state = self.rev or "DIRTY"; state = self.rev or "DIRTY";
in { in
{
system.configurationRevision = state; system.configurationRevision = state;
system.autoUpgrade.enable = lib.mkDefault (state != "DIRTY"); system.autoUpgrade.enable = lib.mkDefault (state != "DIRTY");
}; };
@ -111,4 +119,4 @@
; ;
}; };
in in
xinlib xinlib

2
modules/default.nix
View File

@ -1,4 +1,4 @@
{...}: { { ... }: {
imports = [ imports = [
./golink.nix ./golink.nix
./gotosocial.nix ./gotosocial.nix

26
modules/golink.nix
View File

@ -1,19 +1,19 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , ...
...
}: }:
with pkgs; let with pkgs; let
cfg = config.services.golink; cfg = config.services.golink;
golink = callPackage ../pkgs/golink.nix {}; golink = callPackage ../pkgs/golink.nix { };
in { in
{
options = with lib; { options = with lib; {
services.golink = { services.golink = {
enable = mkEnableOption "Enable golink"; enable = mkEnableOption "Enable golink";
user = mkOption { user = mkOption {
type = with types; oneOf [str int]; type = with types; oneOf [ str int ];
default = "golink"; default = "golink";
description = '' description = ''
The user the service will use. The user the service will use.
@ -37,7 +37,7 @@ in {
}; };
group = mkOption { group = mkOption {
type = with types; oneOf [str int]; type = with types; oneOf [ str int ];
default = "golink"; default = "golink";
description = '' description = ''
The user the service will use. The user the service will use.
@ -53,7 +53,7 @@ in {
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
users.groups.${cfg.group} = {}; users.groups.${cfg.group} = { };
users.users.${cfg.user} = { users.users.${cfg.user} = {
description = "golink service user"; description = "golink service user";
isSystemUser = true; isSystemUser = true;
@ -65,10 +65,10 @@ in {
systemd.services.golink = { systemd.services.golink = {
enable = true; enable = true;
description = "golink server"; description = "golink server";
wantedBy = ["network-online.target"]; wantedBy = [ "network-online.target" ];
after = ["network-online.target"]; after = [ "network-online.target" ];
path = [pkgs.vnstat]; path = [ pkgs.vnstat ];
environment = { environment = {
HOME = cfg.dataDir; HOME = cfg.dataDir;

28
modules/gotosocial.nix
View File

@ -1,27 +1,27 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , ...
...
}: }:
with pkgs; let with pkgs; let
cfg = config.services.gotosocial; cfg = config.services.gotosocial;
gotosocial = callPackage ../pkgs/gotosocial.nix {}; gotosocial = callPackage ../pkgs/gotosocial.nix { };
settingsFormat = pkgs.formats.json {}; settingsFormat = pkgs.formats.json { };
settingsType = settingsFormat.type; settingsType = settingsFormat.type;
prettyJSON = conf: prettyJSON = conf:
pkgs.runCommandLocal "gotosocial-config.json" {} '' pkgs.runCommandLocal "gotosocial-config.json" { } ''
echo '${ echo '${
builtins.toJSON conf builtins.toJSON conf
}' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out }' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out
''; '';
in { in
{
options = with lib; { options = with lib; {
services.gotosocial = { services.gotosocial = {
enable = mkEnableOption "Enable gotosocial"; enable = mkEnableOption "Enable gotosocial";
user = mkOption { user = mkOption {
type = with types; oneOf [str int]; type = with types; oneOf [ str int ];
default = "gotosocial"; default = "gotosocial";
description = '' description = ''
The user the service will use. The user the service will use.
@ -29,7 +29,7 @@ in {
}; };
group = mkOption { group = mkOption {
type = with types; oneOf [str int]; type = with types; oneOf [ str int ];
default = "gotosocial"; default = "gotosocial";
description = '' description = ''
The user the service will use. The user the service will use.
@ -53,7 +53,7 @@ in {
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
users.groups.gotosocial = {}; users.groups.gotosocial = { };
users.users.gotosocial = { users.users.gotosocial = {
description = "Gotosocial service user"; description = "Gotosocial service user";
isSystemUser = true; isSystemUser = true;
@ -65,8 +65,8 @@ in {
systemd.services.gotosocial = { systemd.services.gotosocial = {
enable = true; enable = true;
description = "GoToSocial server"; description = "GoToSocial server";
wantedBy = ["multi-user.target"]; wantedBy = [ "multi-user.target" ];
after = ["postgresql.service"]; after = [ "postgresql.service" ];
serviceConfig = { serviceConfig = {
User = cfg.user; User = cfg.user;

28
modules/rtlamr2mqtt.nix
View File

@ -1,27 +1,27 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , ...
...
}: }:
with pkgs; let with pkgs; let
cfg = config.services.rtlamr2mqtt; cfg = config.services.rtlamr2mqtt;
rtlamr2mqtt = pkgs.python3Packages.callPackage ../pkgs/rtlamr2mqtt.nix {}; rtlamr2mqtt = pkgs.python3Packages.callPackage ../pkgs/rtlamr2mqtt.nix { };
settingsFormat = pkgs.formats.json {}; settingsFormat = pkgs.formats.json { };
settingsType = settingsFormat.type; settingsType = settingsFormat.type;
prettyJSON = conf: prettyJSON = conf:
pkgs.runCommandLocal "rtlamr2mqtt-config.json" {} '' pkgs.runCommandLocal "rtlamr2mqtt-config.json" { } ''
echo '${ echo '${
builtins.toJSON conf builtins.toJSON conf
}' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out }' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out
''; '';
in { in
{
options = with lib; { options = with lib; {
services.rtlamr2mqtt = { services.rtlamr2mqtt = {
enable = mkEnableOption "Enable rtlamr2mqtt"; enable = mkEnableOption "Enable rtlamr2mqtt";
user = mkOption { user = mkOption {
type = with types; oneOf [str int]; type = with types; oneOf [ str int ];
default = "rtlamr2mqtt"; default = "rtlamr2mqtt";
description = '' description = ''
The user the service will use. The user the service will use.
@ -29,7 +29,7 @@ in {
}; };
group = mkOption { group = mkOption {
type = with types; oneOf [str int]; type = with types; oneOf [ str int ];
default = "rtlamr2mqtt"; default = "rtlamr2mqtt";
description = '' description = ''
The user the service will use. The user the service will use.
@ -53,20 +53,20 @@ in {
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
users.groups.rtlamr2mqtt = {}; users.groups.rtlamr2mqtt = { };
users.users.rtlamr2mqtt = { users.users.rtlamr2mqtt = {
description = "rtlamr2mqtt service user"; description = "rtlamr2mqtt service user";
isSystemUser = true; isSystemUser = true;
home = "/var/lib/rtlamr2mqtt"; home = "/var/lib/rtlamr2mqtt";
createHome = true; createHome = true;
group = "rtlamr2mqtt"; group = "rtlamr2mqtt";
extraGroups = ["plugdev"]; extraGroups = [ "plugdev" ];
}; };
systemd.services.rtlamr2mqtt = { systemd.services.rtlamr2mqtt = {
enable = true; enable = true;
description = "rtlamr2mqtt server"; description = "rtlamr2mqtt server";
wantedBy = ["multi-user.target"]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
User = cfg.user; User = cfg.user;

25
modules/sliding-sync.nix
View File

@ -1,17 +1,18 @@
{ { lib
lib, , config
config, , pkgs
pkgs, , ...
... }:
}: let let
cfg = config.services.sliding-sync; cfg = config.services.sliding-sync;
in { in
{
options = with lib; { options = with lib; {
services.sliding-sync = { services.sliding-sync = {
enable = lib.mkEnableOption "Enable sliding-sync"; enable = lib.mkEnableOption "Enable sliding-sync";
user = mkOption { user = mkOption {
type = with types; oneOf [str int]; type = with types; oneOf [ str int ];
default = "syncv3"; default = "syncv3";
description = '' description = ''
The user the service will use. The user the service will use.
@ -19,7 +20,7 @@ in {
}; };
group = mkOption { group = mkOption {
type = with types; oneOf [str int]; type = with types; oneOf [ str int ];
default = "syncv3"; default = "syncv3";
description = '' description = ''
The group the service will use. The group the service will use.
@ -68,7 +69,7 @@ in {
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
users.groups.${cfg.group} = {}; users.groups.${cfg.group} = { };
users.users.${cfg.user} = { users.users.${cfg.user} = {
description = "sliding-sync service user"; description = "sliding-sync service user";
isSystemUser = true; isSystemUser = true;
@ -80,8 +81,8 @@ in {
systemd.services.sliding-sync = { systemd.services.sliding-sync = {
enable = true; enable = true;
description = "sliding-sync server"; description = "sliding-sync server";
wantedBy = ["network-online.target"]; wantedBy = [ "network-online.target" ];
after = ["network-online.target" "matrix-synapse.service"]; after = [ "network-online.target" "matrix-synapse.service" ];
environment = { environment = {
HOME = "${cfg.dataDir}"; HOME = "${cfg.dataDir}";

23
modules/ssh-fido-agent.nix
View File

@ -1,9 +1,9 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , ...
... }:
}: let let
perl = "${pkgs.perl}/bin/perl"; perl = "${pkgs.perl}/bin/perl";
sshAdd = "${pkgs.openssh}/bin/ssh-add"; sshAdd = "${pkgs.openssh}/bin/ssh-add";
pKill = "${pkgs.procps}/bin/pkill"; pKill = "${pkgs.procps}/bin/pkill";
@ -45,7 +45,8 @@
export SSH_AUTH_SOCK="$(echo $XDG_RUNTIME_DIR/ssh-agent)"; export SSH_AUTH_SOCK="$(echo $XDG_RUNTIME_DIR/ssh-agent)";
exec ${config.programs.ssh.askPassword} "$@" exec ${config.programs.ssh.askPassword} "$@"
''; '';
in { in
{
options = { options = {
sshFidoAgent = { sshFidoAgent = {
enable = lib.mkEnableOption "Add FIDO keys to ssh-agent when attached."; enable = lib.mkEnableOption "Add FIDO keys to ssh-agent when attached.";
@ -53,14 +54,14 @@ in {
}; };
config = lib.mkIf config.sshFidoAgent.enable { config = lib.mkIf config.sshFidoAgent.enable {
environment.systemPackages = [fidoAddDevice]; environment.systemPackages = [ fidoAddDevice ];
systemd.user.services.sshfidoagent = { systemd.user.services.sshfidoagent = {
script = '' script = ''
${fidoAddDevice}/bin/fido-add-device ${fidoAddDevice}/bin/fido-add-device
''; '';
wantedBy = ["graphical-session.target"]; wantedBy = [ "graphical-session.target" ];
partOf = ["graphical-session.target"]; partOf = [ "graphical-session.target" ];
after = ["graphical-session.target"]; after = [ "graphical-session.target" ];
environment.DISPLAY = "fake"; environment.DISPLAY = "fake";
environment.SSH_ASKPASS = askPassWrapper; environment.SSH_ASKPASS = askPassWrapper;
#serviceConfig = { Restart = "on-failure"; }; #serviceConfig = { Restart = "on-failure"; };

27
modules/ts-rev-prox.nix
View File

@ -1,11 +1,12 @@
{ { lib
lib, , config
config, , pkgs
pkgs, , ...
... }:
}: let let
cfg = config.services.tsrevprox; cfg = config.services.tsrevprox;
in { in
{
options = with lib; { options = with lib; {
services.tsrevprox = { services.tsrevprox = {
enable = lib.mkEnableOption "Enable tsrevprox"; enable = lib.mkEnableOption "Enable tsrevprox";
@ -35,7 +36,7 @@ in {
}; };
user = mkOption { user = mkOption {
type = with types; oneOf [str int]; type = with types; oneOf [ str int ];
default = "tsrevprox"; default = "tsrevprox";
description = '' description = ''
The user the service will use. The user the service will use.
@ -43,7 +44,7 @@ in {
}; };
group = mkOption { group = mkOption {
type = with types; oneOf [str int]; type = with types; oneOf [ str int ];
default = "tsrevprox"; default = "tsrevprox";
description = '' description = ''
The group the service will use. The group the service will use.
@ -74,7 +75,7 @@ in {
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
users.groups.${cfg.group} = {}; users.groups.${cfg.group} = { };
users.users.${cfg.user} = { users.users.${cfg.user} = {
description = "tsrevprox service user"; description = "tsrevprox service user";
isSystemUser = true; isSystemUser = true;
@ -86,10 +87,10 @@ in {
systemd.services.tsrevprox = { systemd.services.tsrevprox = {
enable = true; enable = true;
description = "tsrevprox server"; description = "tsrevprox server";
wantedBy = ["network-online.target"]; wantedBy = [ "network-online.target" ];
after = ["network-online.target"]; after = [ "network-online.target" ];
environment = {HOME = "${cfg.dataDir}";}; environment = { HOME = "${cfg.dataDir}"; };
serviceConfig = { serviceConfig = {
User = cfg.user; User = cfg.user;

26
modules/tsvnstat.nix
View File

@ -1,20 +1,20 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , inputs
inputs, , ...
...
}: }:
with pkgs; let with pkgs; let
cfg = config.services.tsvnstat; cfg = config.services.tsvnstat;
inherit (inputs.tsvnstat.packages.${pkgs.system}) tsvnstat; inherit (inputs.tsvnstat.packages.${pkgs.system}) tsvnstat;
in { in
{
options = with lib; { options = with lib; {
services.tsvnstat = { services.tsvnstat = {
enable = mkEnableOption "Enable tsvnstat"; enable = mkEnableOption "Enable tsvnstat";
user = mkOption { user = mkOption {
type = with types; oneOf [str int]; type = with types; oneOf [ str int ];
default = "tsvnstat"; default = "tsvnstat";
description = '' description = ''
The user the service will use. The user the service will use.
@ -38,7 +38,7 @@ in {
}; };
group = mkOption { group = mkOption {
type = with types; oneOf [str int]; type = with types; oneOf [ str int ];
default = "tsvnstat"; default = "tsvnstat";
description = '' description = ''
The user the service will use. The user the service will use.
@ -53,7 +53,7 @@ in {
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
users.groups.${cfg.group} = {}; users.groups.${cfg.group} = { };
users.users.${cfg.user} = { users.users.${cfg.user} = {
description = "tsvnstat service user"; description = "tsvnstat service user";
isSystemUser = true; isSystemUser = true;
@ -67,10 +67,10 @@ in {
systemd.services.tsvnstat = { systemd.services.tsvnstat = {
enable = true; enable = true;
description = "tsvnstat server"; description = "tsvnstat server";
wantedBy = ["network-online.target"]; wantedBy = [ "network-online.target" ];
after = ["network-online.target"]; after = [ "network-online.target" ];
path = [pkgs.vnstat]; path = [ pkgs.vnstat ];
environment = { environment = {
HOME = "/var/lib/tsvnstat"; HOME = "/var/lib/tsvnstat";

26
modules/veilid-server.nix
View File

@ -1,23 +1,23 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , ...
...
}: }:
with pkgs; let with pkgs; let
cfg = config.services.veilid-server; cfg = config.services.veilid-server;
in { in
{
options = with lib; { options = with lib; {
services.veilid-server = { services.veilid-server = {
enable = mkEnableOption "Enable velid-server"; enable = mkEnableOption "Enable velid-server";
user = mkOption { user = mkOption {
type = with types; oneOf [str int]; type = with types; oneOf [ str int ];
default = "veilid"; default = "veilid";
description = "The user veilid-server will run as."; description = "The user veilid-server will run as.";
}; };
group = mkOption { group = mkOption {
type = with types; oneOf [str int]; type = with types; oneOf [ str int ];
default = "veilid"; default = "veilid";
description = "The group veilid-server will run with."; description = "The group veilid-server will run with.";
}; };
@ -42,7 +42,7 @@ in {
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
users.groups.${cfg.group} = {}; users.groups.${cfg.group} = { };
users.users.${cfg.user} = { users.users.${cfg.user} = {
inherit (cfg) group; inherit (cfg) group;
description = "veilid-server user"; description = "veilid-server user";
@ -52,15 +52,15 @@ in {
}; };
networking.firewall = lib.mkIf cfg.openFirewall { networking.firewall = lib.mkIf cfg.openFirewall {
allowedTCPPorts = [5150]; allowedTCPPorts = [ 5150 ];
allowedUDPPorts = [5150]; allowedUDPPorts = [ 5150 ];
}; };
systemd.services.veilid-server = { systemd.services.veilid-server = {
enable = true; enable = true;
description = "veilid-server"; description = "veilid-server";
wantedBy = ["network-online.target"]; wantedBy = [ "network-online.target" ];
after = ["network-online.target"]; after = [ "network-online.target" ];
environment = { environment = {
HOME = cfg.dataDir; HOME = cfg.dataDir;

24
modules/yarr.nix
View File

@ -1,13 +1,13 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , ...
...
}: }:
with pkgs; let with pkgs; let
cfg = config.services.yarr; cfg = config.services.yarr;
yarr = callPackage ../pkgs/yarr.nix {}; yarr = callPackage ../pkgs/yarr.nix { };
in { in
{
options = with lib; { options = with lib; {
services.yarr = { services.yarr = {
enable = mkEnableOption "Enable yarr"; enable = mkEnableOption "Enable yarr";
@ -51,7 +51,7 @@ in {
}; };
user = mkOption { user = mkOption {
type = with types; oneOf [str int]; type = with types; oneOf [ str int ];
default = "yarr"; default = "yarr";
description = '' description = ''
The user the service will use. The user the service will use.
@ -59,7 +59,7 @@ in {
}; };
group = mkOption { group = mkOption {
type = with types; oneOf [str int]; type = with types; oneOf [ str int ];
default = "yarr"; default = "yarr";
description = '' description = ''
The user the service will use. The user the service will use.
@ -76,7 +76,7 @@ in {
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
users.groups.yarr = {}; users.groups.yarr = { };
users.users.yarr = { users.users.yarr = {
description = "Yarr service user"; description = "Yarr service user";
isSystemUser = true; isSystemUser = true;
@ -88,8 +88,8 @@ in {
systemd.services.yarr = { systemd.services.yarr = {
enable = true; enable = true;
description = "Yet Another Rss Reader server"; description = "Yet Another Rss Reader server";
wantedBy = ["multi-user.target"]; wantedBy = [ "multi-user.target" ];
after = ["networking.service"]; after = [ "networking.service" ];
serviceConfig = { serviceConfig = {
User = cfg.user; User = cfg.user;

16
monitoring/default.nix
View File

@ -1,7 +1,6 @@
{ { config
config, , lib
lib, , ...
...
}: }:
with lib; let with lib; let
cfg = config.services.xin-monitoring; cfg = config.services.xin-monitoring;
@ -15,7 +14,8 @@ with lib; let
; ;
nginxCfg = config.services.nginx; nginxCfg = config.services.nginx;
buildFSChecker = fsList: (concatStringsSep "\n" (attrValues (mapAttrs (f: v: buildFSChecker = fsList: (concatStringsSep "\n" (attrValues (mapAttrs
(f: v:
if v.fsType != "sshfs" if v.fsType != "sshfs"
then '' then ''
check filesystem ${replaceStrings ["/"] ["_"] f} with path ${f} check filesystem ${replaceStrings ["/"] ["_"] f} with path ${f}
@ -24,7 +24,8 @@ with lib; let
'' ''
else "") else "")
fsList))); fsList)));
buildNginxChecker = vhostList: (concatStringsSep "\n" (attrValues (mapAttrs (f: v: '' buildNginxChecker = vhostList: (concatStringsSep "\n" (attrValues (mapAttrs
(f: v: ''
check host ${f} with address ${f} check host ${f} with address ${f}
if failed port 80 protocol http then alert if failed port 80 protocol http then alert
${ ${
@ -41,7 +42,8 @@ with lib; let
then (buildNginxChecker nginxCfg.virtualHosts) then (buildNginxChecker nginxCfg.virtualHosts)
else "" else ""
else ""; else "";
in { in
{
options = { options = {
services.xin-monitoring = { services.xin-monitoring = {
enable = mkOption { enable = mkOption {

2
overlays/1password-gui.nix
View File

@ -9,4 +9,4 @@ let
}); });
}; };
in in
_1password-gui _1password-gui

13
overlays/default.nix
View File

@ -1,8 +1,8 @@
{ { isUnstable
isUnstable, , xinlib
xinlib, , ...
... }:
}: let let
inherit (xinlib) prIsOpen; inherit (xinlib) prIsOpen;
#_1password-gui = prIsOpen.overlay 235900 (import ./1password-gui.nix); #_1password-gui = prIsOpen.overlay 235900 (import ./1password-gui.nix);
#openssh = import ./openssh.nix; #openssh = import ./openssh.nix;
@ -13,7 +13,8 @@
#nixd = prIsOpen.overlay 238779 (import ./nixd.nix); #nixd = prIsOpen.overlay 238779 (import ./nixd.nix);
heisenbridge = prIsOpen.overlay 0 (import ./heisenbridge.nix); heisenbridge = prIsOpen.overlay 0 (import ./heisenbridge.nix);
#rex = prIsOpen.overlay 0 (import ./rex.nix); #rex = prIsOpen.overlay 0 (import ./rex.nix);
in { in
{
nixpkgs.overlays = nixpkgs.overlays =
if isUnstable if isUnstable
then [ then [

2
overlays/heisenbridge.nix
View File

@ -14,4 +14,4 @@ let
}); });
}; };
in in
heisenbridge heisenbridge

2
overlays/matrix-synapse.nix
View File

@ -20,4 +20,4 @@ let
}); });
}; };
in in
matrix-synapse matrix-synapse

2
overlays/nixd.nix
View File

@ -18,4 +18,4 @@ let
}); });
}; };
in in
nixd nixd

2
overlays/obsidian.nix
View File

@ -16,4 +16,4 @@ let
}); });
}; };
in in
obsidian obsidian

2
overlays/openssh.nix
View File

@ -15,4 +15,4 @@ let
}); });
}; };
in in
openssh openssh

2
overlays/rex.nix
View File

@ -7,4 +7,4 @@ let
}); });
}; };
in in
rex rex

2
overlays/tailscale.nix
View File

@ -28,4 +28,4 @@ let
# }; # };
#}; #};
in in
tailscale tailscale

2
overlays/tidal-hifi.nix
View File

@ -10,4 +10,4 @@ let
}); });
}; };
in in
tidal-hifi tidal-hifi

32
pkgs/ada_language_server.nix
View File

@ -1,10 +1,10 @@
{ { lib
lib, , stdenv
stdenv, , fetchFromGitHub
fetchFromGitHub, , pkgs
pkgs, , ...
... }:
}: let let
libadalang = stdenv.mkDerivation rec { libadalang = stdenv.mkDerivation rec {
pname = "libadalang"; pname = "libadalang";
version = "22.0.0"; version = "22.0.0";
@ -25,7 +25,7 @@
gnatcoll-gmp gnatcoll-gmp
]; ];
makeFlags = ["PREFIX=$(out)"]; makeFlags = [ "PREFIX=$(out)" ];
}; };
vss = stdenv.mkDerivation rec { vss = stdenv.mkDerivation rec {
pname = "vss"; pname = "vss";
@ -38,9 +38,9 @@
sha256 = "sha256-IDPcIJfavlqMsxLOGrvXYv98FdYVWkCiimLcMFp3ees="; sha256 = "sha256-IDPcIJfavlqMsxLOGrvXYv98FdYVWkCiimLcMFp3ees=";
}; };
buildInputs = with pkgs; [gnat12 gprbuild]; buildInputs = with pkgs; [ gnat12 gprbuild ];
makeFlags = ["PREFIX=$(out)"]; makeFlags = [ "PREFIX=$(out)" ];
}; };
gnatdoc = stdenv.mkDerivation rec { gnatdoc = stdenv.mkDerivation rec {
pname = "gnatdoc"; pname = "gnatdoc";
@ -53,12 +53,12 @@
sha256 = "sha256-kA5yOd3NDkRl08o38F5CyeFrihBZktNF6di3PC+/ZLU="; sha256 = "sha256-kA5yOd3NDkRl08o38F5CyeFrihBZktNF6di3PC+/ZLU=";
}; };
buildInputs = with pkgs; [gnat12 gprbuild libadalang]; buildInputs = with pkgs; [ gnat12 gprbuild libadalang ];
makeFlags = ["PREFIX=$(out)"]; makeFlags = [ "PREFIX=$(out)" ];
}; };
in in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "ada_language_server"; pname = "ada_language_server";
version = "23.0.10"; version = "23.0.10";
@ -69,7 +69,7 @@ in
sha256 = "sha256-ZUzym0aMjq14W9h/lDL5hVCF/i+1SFu6kccGqzmGO3E="; sha256 = "sha256-ZUzym0aMjq14W9h/lDL5hVCF/i+1SFu6kccGqzmGO3E=";
}; };
buildInputs = with pkgs; [gnat12 gprbuild python3 vss gnatdoc]; buildInputs = with pkgs; [ gnat12 gprbuild python3 vss gnatdoc ];
meta = with lib; { meta = with lib; {
description = "Language server for Ada and SPARK"; description = "Language server for Ada and SPARK";
@ -79,6 +79,6 @@ in
homepage = "https://github.com/AdaCore/ada_language_server"; homepage = "https://github.com/AdaCore/ada_language_server";
license = licenses.gpl3; license = licenses.gpl3;
platforms = platforms.linux; platforms = platforms.linux;
maintainers = with maintainers; [qbit]; maintainers = with maintainers; [ qbit ];
}; };
} }

21
pkgs/alire.nix
View File

@ -1,13 +1,12 @@
{ { stdenv
stdenv, , lib
lib, , fetchurl
fetchurl, , unzip
unzip, , autoPatchelfHook
autoPatchelfHook, , ...
...
}: }:
with lib; with lib;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "alire"; pname = "alire";
version = "1.2.1"; version = "1.2.1";
@ -16,7 +15,7 @@ with lib;
sha256 = "sha256-bN/H5CPN7uvUH9+p+y/sg01qTJI3asToxVSVnKVNHuM="; sha256 = "sha256-bN/H5CPN7uvUH9+p+y/sg01qTJI3asToxVSVnKVNHuM=";
}; };
nativeBuildInputs = [unzip autoPatchelfHook]; nativeBuildInputs = [ unzip autoPatchelfHook ];
dontBuild = true; dontBuild = true;
doCheck = false; doCheck = false;
@ -32,6 +31,6 @@ with lib;
description = "ALIRE: Ada LIbrary REpository."; description = "ALIRE: Ada LIbrary REpository.";
homepage = "https://github.com/alire-project/alire"; homepage = "https://github.com/alire-project/alire";
license = licenses.gpl3; license = licenses.gpl3;
maintainers = with maintainers; [qbit]; maintainers = with maintainers; [ qbit ];
}; };
} }

36
pkgs/athens.nix
View File

@ -1,21 +1,21 @@
{ { stdenv
stdenv, , lib
lib, , buildGoModule
buildGoModule, , fetchFromGitHub
fetchFromGitHub, , isUnstable
isUnstable, , makeWrapper
makeWrapper, , go
go, , git
git, , ...
... }:
}: let let
vendorHash = vendorHash =
if isUnstable if isUnstable
then "" then ""
else "sha256-7CnkKMZ1so1lflmp4D9EAESR6/u9ys5CTuVOsYetp0I="; else "sha256-7CnkKMZ1so1lflmp4D9EAESR6/u9ys5CTuVOsYetp0I=";
in in
with lib; with lib;
buildGoModule rec { buildGoModule rec {
pname = "athens"; pname = "athens";
version = "0.11.0"; version = "0.11.0";
@ -28,13 +28,13 @@ in
doCheck = false; doCheck = false;
ldflags = ["-X github.com/gomods/athens/pkg/build.version=${version}"]; ldflags = [ "-X github.com/gomods/athens/pkg/build.version=${version}" ];
nativeBuildInputs = lib.optionals stdenv.isLinux [makeWrapper go]; nativeBuildInputs = lib.optionals stdenv.isLinux [ makeWrapper go ];
proxyVendor = true; proxyVendor = true;
subPackages = ["cmd/proxy"]; subPackages = [ "cmd/proxy" ];
vendorSha256 = vendorHash; vendorSha256 = vendorHash;
@ -47,6 +47,6 @@ in
description = "A Go module datastore and proxy"; description = "A Go module datastore and proxy";
homepage = "https://github.com/gomods/athens"; homepage = "https://github.com/gomods/athens";
license = licenses.mit; license = licenses.mit;
maintainers = with maintainers; [qbit]; maintainers = with maintainers; [ qbit ];
}; };
} }

15
pkgs/bearclaw.nix
View File

@ -1,11 +1,10 @@
{ { lib
lib, , buildGoModule
buildGoModule, , fetchFromGitHub
fetchFromGitHub, , ...
...
}: }:
with lib; with lib;
buildGoModule rec { buildGoModule rec {
pname = "bearclaw"; pname = "bearclaw";
version = "1.1.0"; version = "1.1.0";
@ -22,6 +21,6 @@ with lib;
description = "tiny static site generator"; description = "tiny static site generator";
homepage = "https://github.com/donuts-are-good/bearclaw"; homepage = "https://github.com/donuts-are-good/bearclaw";
license = licenses.mit; license = licenses.mit;
maintainers = with maintainers; [qbit]; maintainers = with maintainers; [ qbit ];
}; };
} }

17
pkgs/cachew.nix
View File

@ -1,20 +1,19 @@
{ { buildPythonPackage
buildPythonPackage, , fetchPypi
fetchPypi, , setuptools-scm
setuptools-scm, , appdirs
appdirs, , sqlalchemy
sqlalchemy, , ...
...
}: }:
buildPythonPackage rec { buildPythonPackage rec {
pname = "cachew"; pname = "cachew";
version = "0.11.0"; version = "0.11.0";
nativeBuildInputs = [setuptools-scm]; nativeBuildInputs = [ setuptools-scm ];
doCheck = true; doCheck = true;
propagatedBuildInputs = [appdirs sqlalchemy]; propagatedBuildInputs = [ appdirs sqlalchemy ];
src = fetchPypi { src = fetchPypi {
inherit pname version; inherit pname version;

18
pkgs/cinny-desktop.nix
View File

@ -1,9 +1,9 @@
{ { fetchurl
fetchurl, , appimageTools
appimageTools, , desktop-file-utils
desktop-file-utils, , ...
... }:
}: let let
name = "cinny-desktop"; name = "cinny-desktop";
version = "2.0.4"; version = "2.0.4";
@ -13,9 +13,9 @@
sha256 = "sha256-9ZQyVcTsHja67DhuIyniTK/xr0C6qN7fiCmjt8enUd8="; sha256 = "sha256-9ZQyVcTsHja67DhuIyniTK/xr0C6qN7fiCmjt8enUd8=";
}; };
appimageContents = appimageTools.extract {inherit name src;}; appimageContents = appimageTools.extract { inherit name src; };
in in
appimageTools.wrapType2 rec { appimageTools.wrapType2 rec {
inherit name src; inherit name src;
extraInstallCommands = '' extraInstallCommands = ''
@ -56,4 +56,4 @@ in
xorg.libxcb xorg.libxcb
zlib zlib
]; ];
} }

11
pkgs/clilol.nix
View File

@ -1,8 +1,7 @@
{ { lib
lib, , buildGoModule
buildGoModule, , fetchgit
fetchgit, , ...
...
}: }:
buildGoModule rec { buildGoModule rec {
pname = "clilol"; pname = "clilol";
@ -24,6 +23,6 @@ buildGoModule rec {
homepage = "https://mcornick.dev/clilol/"; homepage = "https://mcornick.dev/clilol/";
changelog = "https://git.mcornick.dev/mcornick/clilol/releases/tag/${version}"; changelog = "https://git.mcornick.dev/mcornick/clilol/releases/tag/${version}";
license = licenses.mpl20; license = licenses.mpl20;
maintainers = [maintainers.qbit]; maintainers = [ maintainers.qbit ];
}; };
} }

2
pkgs/default.nix
View File

@ -1,4 +1,4 @@
{...}: { { ... }: {
environment.systemPackages = [ environment.systemPackages = [
#(callPackage ./cinny-desktop.nix { inherit isUnstable; }) #(callPackage ./cinny-desktop.nix { inherit isUnstable; })
#(callPackage ./mudita-center.nix { inherit isUnstable; }) #(callPackage ./mudita-center.nix { inherit isUnstable; })

14
pkgs/femtolisp.nix
View File

@ -1,8 +1,8 @@
{ { stdenv
stdenv, , lib
lib, , fetchgit
fetchgit, , gnumake
gnumake, ,
}: }:
stdenv.mkDerivation { stdenv.mkDerivation {
pname = "femtolisp"; pname = "femtolisp";
@ -14,7 +14,7 @@ stdenv.mkDerivation {
hash = "sha256-mh7upbCmWXLhudtaaebBf1XTIv4nYPSh0OAJDOqaQnk="; hash = "sha256-mh7upbCmWXLhudtaaebBf1XTIv4nYPSh0OAJDOqaQnk=";
}; };
buildInputs = [gnumake]; buildInputs = [ gnumake ];
installPhase = '' installPhase = ''
mkdir -p $out/bin mkdir -p $out/bin
@ -25,7 +25,7 @@ stdenv.mkDerivation {
description = "A compact interpreter for a minimal lisp/scheme dialect."; description = "A compact interpreter for a minimal lisp/scheme dialect.";
homepage = "https://git.sr.ht/~ft/femtolisp"; homepage = "https://git.sr.ht/~ft/femtolisp";
license = lib.licenses.bsd3; license = lib.licenses.bsd3;
maintainer = with lib.maintainers; [qbit]; maintainer = with lib.maintainers; [ qbit ];
mainProgram = "flisp"; mainProgram = "flisp";
}; };
} }

17
pkgs/flake-warn.nix
View File

@ -1,11 +1,10 @@
{ { stdenv
stdenv, , lib
lib, , substituteAll
substituteAll, , jq
jq, , nix
nix, , coreutils
coreutils, , ...
...
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "flake-warn"; pname = "flake-warn";
@ -26,7 +25,7 @@ stdenv.mkDerivation rec {
description = "script to warn when flake inputs are out of date"; description = "script to warn when flake inputs are out of date";
homepage = "https://github.com/qbit/xin"; homepage = "https://github.com/qbit/xin";
license = lib.licenses.isc; license = lib.licenses.isc;
maintainer = with lib.maintainers; [qbit]; maintainer = with lib.maintainers; [ qbit ];
mainProgram = "flake-warn"; mainProgram = "flake-warn";
}; };
} }

17
pkgs/fyne.nix
View File

@ -1,11 +1,10 @@
{ { lib
lib, , buildGoModule
buildGoModule, , fetchFromGitHub
fetchFromGitHub, , ...
...
}: }:
with lib; with lib;
buildGoModule rec { buildGoModule rec {
pname = "fyne"; pname = "fyne";
version = "2.3.5"; version = "2.3.5";
@ -20,12 +19,12 @@ with lib;
proxyVendor = true; proxyVendor = true;
subPackages = ["cmd/fyne"]; subPackages = [ "cmd/fyne" ];
meta = { meta = {
description = "Fyne command line tool"; description = "Fyne command line tool";
homepage = "https://github.com/fyne-io/fyne"; homepage = "https://github.com/fyne-io/fyne";
license = licenses.bsd3; license = licenses.bsd3;
maintainers = with maintainers; [qbit]; maintainers = with maintainers; [ qbit ];
}; };
} }

19
pkgs/ghexport.nix
View File

@ -1,21 +1,20 @@
{ { buildPythonPackage
buildPythonPackage, , setuptools-scm
setuptools-scm, , fetchFromGitHub
fetchFromGitHub, , PyGithub
PyGithub, , pytz
pytz, , ...
...
}: }:
buildPythonPackage rec { buildPythonPackage rec {
pname = "ghexport"; pname = "ghexport";
version = "20220828"; version = "20220828";
nativeBuildInputs = [setuptools-scm]; nativeBuildInputs = [ setuptools-scm ];
propagatedBuildInputs = [PyGithub pytz]; propagatedBuildInputs = [ PyGithub pytz ];
doCheck = true; doCheck = true;
buildInputs = []; buildInputs = [ ];
preCheck = '' preCheck = ''
export HOME=$(mktemp -d) export HOME=$(mktemp -d)

15
pkgs/gokrazy.nix
View File

@ -1,11 +1,10 @@
{ { lib
lib, , buildGoModule
buildGoModule, , fetchFromGitHub
fetchFromGitHub, , ...
...
}: }:
with lib; with lib;
buildGoModule { buildGoModule {
pname = "gokrazy"; pname = "gokrazy";
version = "0.0.0"; version = "0.0.0";
@ -26,6 +25,6 @@ with lib;
description = "CLI tools for gokrazy"; description = "CLI tools for gokrazy";
homepage = "https://github.com/gokrazy/tools"; homepage = "https://github.com/gokrazy/tools";
license = licenses.bsd3; license = licenses.bsd3;
maintainers = with maintainers; [qbit]; maintainers = with maintainers; [ qbit ];
}; };
} }

15
pkgs/golink.nix
View File

@ -1,11 +1,10 @@
{ { lib
lib, , buildGoModule
buildGoModule, , fetchFromGitHub
fetchFromGitHub, , ...
...
}: }:
with lib; with lib;
buildGoModule rec { buildGoModule rec {
pname = "golink"; pname = "golink";
version = "0.0.0"; version = "0.0.0";
@ -24,6 +23,6 @@ with lib;
description = "A private shortlink service for tailnets"; description = "A private shortlink service for tailnets";
homepage = "https://github.com/tailscale/golink"; homepage = "https://github.com/tailscale/golink";
license = licenses.bsd3; license = licenses.bsd3;
maintainers = with maintainers; [qbit]; maintainers = with maintainers; [ qbit ];
}; };
} }

Some files were not shown because too many files have changed in this diff Show More