qbit/xin
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

all: switch to nixpkgs-fmt

Browse Source
This commit is contained in:
Aaron Bieber 2023-09-12 08:44:05 -06:00
parent dcd0acbdd7
commit a0228f4226
No known key found for this signature in database
143 changed files with 3151 additions and 2994 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
bin/fmt
View File

@ -2,11 +2,12 @@
set -e
find . -name \*.nix -exec nix fmt -- -q {} \+
find . -name \*.nix -exec nix fmt {} \+
find . -name \*.sh -exec shfmt -w {} \+
deadnix -f .
shfmt -w bin/deploy
shfmt -w bin/mkboot
# TODO: https://github.com/nerdypepper/statix/issues/68
statix check --ignore lib/default.nix .
#statix check --ignore lib/default.nix .
statix check .

2
bins/check-restart.nix
View File

@ -1,4 +1,4 @@
{perl}: ''
{ perl }: ''
#!${perl}/bin/perl
use strict;

25
bins/default.nix
View File

@ -1,25 +1,26 @@
{
pkgs,
isUnstable,
...
}: let
gosignify = pkgs.callPackage ../pkgs/gosignify.nix {inherit isUnstable;};
{ pkgs
, isUnstable
, ...
}:
let
gosignify = pkgs.callPackage ../pkgs/gosignify.nix { inherit isUnstable; };
ix = pkgs.writeScriptBin "ix" (import ./ix.nix {inherit (pkgs) perl;});
ix = pkgs.writeScriptBin "ix" (import ./ix.nix { inherit (pkgs) perl; });
checkRestart =
pkgs.writeScriptBin "check-restart"
(import ./check-restart.nix {inherit (pkgs) perl;});
(import ./check-restart.nix { inherit (pkgs) perl; });
xinStatus =
pkgs.writeScriptBin "xin-status"
(import ./xin-status.nix {inherit (pkgs) perl perlPackages;});
(import ./xin-status.nix { inherit (pkgs) perl perlPackages; });
tstart =
pkgs.writeScriptBin "tstart" (import ./tstart.nix {inherit (pkgs) tmux;});
pkgs.writeScriptBin "tstart" (import ./tstart.nix { inherit (pkgs) tmux; });
sfetch = pkgs.writeScriptBin "sfetch" (import ./sfetch.nix {
inherit gosignify;
inherit (pkgs) curl;
});
genPatches = pkgs.callPackage ./gen-patches.nix {};
in {
genPatches = pkgs.callPackage ./gen-patches.nix { };
in
{
environment.systemPackages = with pkgs; [
checkRestart
genPatches

18
bins/gen-patches.nix
View File

@ -1,13 +1,13 @@
{
writeShellApplication,
diffutils,
findutils,
coreutils,
...
}: let
{ writeShellApplication
, diffutils
, findutils
, coreutils
, ...
}:
let
genPatches = writeShellApplication {
name = "gen-patches";
runtimeInputs = [diffutils findutils coreutils];
runtimeInputs = [ diffutils findutils coreutils ];
text = ''
suffix=".orig"
srcdir=$PWD
@ -52,4 +52,4 @@
'';
};
in
genPatches
genPatches

6
bins/icb-irc-tunnel.nix
View File

@ -1,6 +1,6 @@
{
pkgs,
icbirc,
{ pkgs
, icbirc
,
}: ''
#!${pkgs.yash}/bin/yash
${pkgs.procps}/bin/pkill icbirc

2
bins/ix.nix
View File

@ -1,4 +1,4 @@
{perl}: ''
{ perl }: ''
#!${perl}/bin/perl
use strict;

6
bins/rage.nix
View File

@ -1,4 +1,5 @@
{pkgs}: let
{ pkgs }:
let
oathPkg = pkgs.oath-toolkit or pkgs.oathToolkit;
wlclip =
if pkgs.system == "aarch64-darwin"
@ -8,7 +9,8 @@
if pkgs.system == "aarch64-darwin"
then "pbcopy"
else "${pkgs.xclip}/bin/xclip";
in ''
in
''
#!${pkgs.yash}/bin/yash
set -e

14
bins/restic.nix
View File

@ -1,16 +1,16 @@
{
lib,
pkgs,
config,
...
{ lib
, pkgs
, config
, ...
}:
assert (builtins.length
(lib.mapAttrsToList (a: _: a) config.services.restic.backups))
<= 1; let
<= 1; let
resticBin = "${pkgs.restic}/bin/restic";
cfg = config.services.restic.backups;
bkp = lib.mapAttrs' (_: lib.nameValuePair "default") cfg;
in ''
in
''
#!/usr/bin/env sh
set -e

14
bins/rpr.nix
View File

@ -1,12 +1,14 @@
{
tea,
gh,
hut,
}: let
{ tea
, gh
, hut
,
}:
let
teaBin = "${tea}/bin/tea";
ghBin = "${gh}/bin/gh";
htBin = "${hut}/bin/hut";
in ''
in
''
#!/usr/bin/env sh
set -eu

6
bins/sfetch.nix
View File

@ -1,6 +1,6 @@
{
curl,
gosignify,
{ curl
, gosignify
,
}: ''
#!/usr/bin/env sh

6
bins/tstart.nix
View File

@ -1,6 +1,8 @@
{tmux}: let
{ tmux }:
let
tmuxBin = "${tmux}/bin/tmux";
in ''
in
''
#!/usr/bin/env sh
set -e

7
bins/xin-status.nix
View File

@ -1,7 +1,6 @@
{
perl,
perlPackages,
...
{ perl
, perlPackages
, ...
}: ''
#!${perl}/bin/perl

28
configs/ca.nix
View File

@ -1,12 +1,12 @@
{
config,
lib,
pkgs,
...
}: let
{ config
, lib
, pkgs
, ...
}:
let
cfg = config.services.xinCA;
in
with lib; {
with lib; {
options = {
services.xinCA = {
enable = mkEnableOption "Configure host as a xin certificate authority.";
@ -21,7 +21,7 @@ in
};
};
imports = [../modules/ts-rev-prox.nix];
imports = [ ../modules/ts-rev-prox.nix ];
config = mkIf cfg.enable {
sops.secrets = {
ca_password = {
@ -67,9 +67,9 @@ in
};
};
networking.hosts = {"127.0.0.1" = ["ca.bolddaemon.com"];};
networking.hosts = { "127.0.0.1" = [ "ca.bolddaemon.com" ]; };
environment.sessionVariables = {STEPPATH = "/var/lib/step-ca";};
environment.sessionVariables = { STEPPATH = "/var/lib/step-ca"; };
environment.systemPackages = with pkgs; [
step-cli
step-kms-plugin
@ -86,8 +86,8 @@ in
root = config.sops.secrets."root_ca.crt".path;
crt = config.sops.secrets."intermediate_ca.crt".path;
key = config.sops.secrets.intermediate_ca_key.path;
dnsNames = ["ca.bolddaemon.com"];
logger = {format = "text";};
dnsNames = [ "ca.bolddaemon.com" ];
logger = { format = "text"; };
db = {
type = "badgerv2";
dataSource = "/var/lib/step-ca/db";
@ -98,7 +98,7 @@ in
{
type = "SSHPOP";
name = "sshpop";
claims = {enableSSHCA = true;};
claims = { enableSSHCA = true; };
}
];
};
@ -115,4 +115,4 @@ in
};
};
};
}
}

34
configs/ci.nix
View File

@ -1,11 +1,11 @@
{
config,
lib,
pkgs,
inputs,
xinlib,
...
}: let
{ config
, lib
, pkgs
, inputs
, xinlib
, ...
}:
let
#inherit (xinlib) prIsOpen;
jobs = [
{
@ -13,18 +13,18 @@
user = "qbit";
script = "cd ~/src/xin && ./bin/ci update";
startAt = "23:00";
path = [];
path = [ ];
}
{
name = "xin-ci";
user = "qbit";
script = "cd ~/src/xin && ./bin/ci";
startAt = "*:30:00";
path = [];
path = [ ];
}
];
in
with lib; {
with lib; {
options = {
xinCI = {
enable = mkEnableOption "Configure host as a xin CI host.";
@ -39,11 +39,11 @@ in
};
};
imports = [../modules/ts-rev-prox.nix];
imports = [ ../modules/ts-rev-prox.nix ];
config = mkIf config.xinCI.enable {
sops.defaultSopsFile = config.xin-secrets.ci;
sops.secrets = {
po_env = {owner = config.xinCI.user;};
po_env = { owner = config.xinCI.user; };
ci_ed25519_key = {
mode = "400";
owner = config.xinCI.user;
@ -82,7 +82,7 @@ in
nix = {
#settings.allowed-users = [ "root" config.xinCI.user "nix-serve" ];
settings.allowed-users = ["root" config.xinCI.user "harmonia"];
settings.allowed-users = [ "root" config.xinCI.user "harmonia" ];
};
systemd.services = lib.listToAttrs (builtins.map xinlib.jobToService jobs);
@ -96,7 +96,7 @@ in
harmonia = {
enable = true;
signKeyPath = config.sops.secrets.bin_cache_priv_key.path;
settings = {bind = "127.0.0.1:5000";};
settings = { bind = "127.0.0.1:5000"; };
};
#nix-serve = {
# package = pkgs.nix-serve-ng;
@ -106,6 +106,6 @@ in
#};
};
boot.binfmt.emulatedSystems = ["aarch64-linux" "armv6l-linux"];
boot.binfmt.emulatedSystems = [ "aarch64-linux" "armv6l-linux" ];
};
}
}

9
configs/colemak.nix
View File

@ -1,7 +1,6 @@
{
config,
lib,
...
{ config
, lib
, ...
}:
with lib; {
options = {
@ -16,7 +15,7 @@ with lib; {
};
config = mkIf config.colemak.enable {
console = {keyMap = "colemak";};
console = { keyMap = "colemak"; };
services.xserver = {
layout = "us";
xkbVariant = "colemak";

2
configs/default.nix
View File

@ -1,4 +1,4 @@
{...}: {
{ ... }: {
imports = [
./ca.nix
./ci.nix

9
configs/dns.nix
View File

@ -1,7 +1,6 @@
{
config,
lib,
...
{ config
, lib
, ...
}:
with lib; {
options = {
@ -22,7 +21,7 @@ with lib; {
enable = true;
dnssec = "allow-downgrade";
# TODO: Enable a toggle for ipv6
fallbackDns = ["9.9.9.9" "2620:fe::fe" "149.112.112.112" "2620:fe::9"];
fallbackDns = [ "9.9.9.9" "2620:fe::fe" "149.112.112.112" "2620:fe::9" ];
extraConfig = ''
[Resolve]
DNS=45.90.28.0#8436c6.dns1.nextdns.io

13
configs/doas.nix
View File

@ -1,23 +1,22 @@
{
config,
lib,
...
{ config
, lib
, ...
}:
with lib; {
options = {
doas = {enable = mkEnableOption "Enable doas for priv-escie";};
doas = { enable = mkEnableOption "Enable doas for priv-escie"; };
};
config = mkIf config.doas.enable {
nixpkgs.config.packageOverrides = pkgs: {
doas = pkgs.doas.override {withPAM = false;};
doas = pkgs.doas.override { withPAM = false; };
};
security = {
doas = {
enable = true;
extraRules = [
{
groups = ["wheel"];
groups = [ "wheel" ];
persist = true;
}
];

32
configs/emacs.nix
View File

@ -1,19 +1,19 @@
{
runCommand,
emacsWithPackagesFromUsePackage,
pkgs,
lib,
makeWrapper,
mu,
writeTextDir,
emacs,
emacsPkg ? pkgs.emacsPgtkNativeComp,
...
}: let
{ runCommand
, emacsWithPackagesFromUsePackage
, pkgs
, lib
, makeWrapper
, mu
, writeTextDir
, emacs
, emacsPkg ? pkgs.emacsPgtkNativeComp
, ...
}:
let
muDir = "${mu}/share/emacs/site-lisp/mu4e";
# Generate a .el file from our emacs.org.
emacsConfig = runCommand "emacsConfig" {} ''
emacsConfig = runCommand "emacsConfig" { } ''
mkdir -p $out
cp -v ${./emacs.org} $out/emacs.org
cd $out
@ -50,14 +50,14 @@
texlive.combined.scheme-full
];
in
emacsWithPackagesFromUsePackage {
emacsWithPackagesFromUsePackage {
config = ./emacs.org;
alwaysEnsure = true;
alwaysTangle = true;
package = emacsPkg.overrideAttrs (oa: {
nativeBuildInputs = oa.nativeBuildInputs ++ [makeWrapper emacsConfig];
nativeBuildInputs = oa.nativeBuildInputs ++ [ makeWrapper emacsConfig ];
postInstall = ''
${oa.postInstall}
wrapProgram $out/bin/emacs \
@ -65,4 +65,4 @@ in
--add-flags '--init-directory ${emacsInitDir}'
'';
});
}
}

2
configs/firefox.nix
View File

@ -1,4 +1,4 @@
{...}: {
{ ... }: {
programs = {
firefox = {
enable = true;

36
configs/git.nix
View File

@ -1,19 +1,21 @@
{config, ...}: let
{ config, ... }:
let
rewriteGitHub =
if config.networking.hostName != "stan"
then {
url = {"ssh://git@github.com/" = {insteadOf = "https://github.com/";};};
url = { "ssh://git@github.com/" = { insteadOf = "https://github.com/"; }; };
}
else {
url = {};
url = { };
};
in {
in
{
programs.git = {
enable = true;
lfs.enable = true;
config = [
{init = {defaultBranch = "main";};}
{advice.detachedHead = false;}
{ init = { defaultBranch = "main"; }; }
{ advice.detachedHead = false; }
{
user = {
name = "Aaron Bieber";
@ -22,7 +24,7 @@ in {
};
}
{branch = {sort = "-committerdate";};}
{ branch = { sort = "-committerdate"; }; }
{
alias = {
log = "log --color=never";
@ -32,10 +34,10 @@ in {
"!f() { git fetch $1 refs/pull/$2/head:refs/remotes/pr/$2; }; f"'';
};
}
{push = {default = "current";};}
{ push = { default = "current"; }; }
{gpg = {format = "ssh";};}
{commit = {gpgsign = true;};}
{ gpg = { format = "ssh"; }; }
{ commit = { gpgsign = true; }; }
{
color = {
@ -47,13 +49,13 @@ in {
};
}
{safe = {directory = "/home/qbit/src/nix-conf";};}
{ safe = { directory = "/home/qbit/src/nix-conf"; }; }
{transfer = {fsckobjects = true;};}
{fetch = {fsckobjects = true;};}
{github = {user = "qbit";};}
{ transfer = { fsckobjects = true; }; }
{ fetch = { fsckobjects = true; }; }
{ github = { user = "qbit"; }; }
{inherit (rewriteGitHub) url;}
{ inherit (rewriteGitHub) url; }
{
sendmail = {
@ -67,8 +69,8 @@ in {
};
}
{pull = {rebase = false;};}
{include = {path = "~/work/git/gitconfig";};}
{ pull = { rebase = false; }; }
{ include = { path = "~/work/git/gitconfig"; }; }
];
};
}

2
configs/hardened.nix
View File

@ -1,4 +1,4 @@
{lib, ...}:
{ lib, ... }:
with lib; {
environment = {
memoryAllocator.provider = mkDefault "scudo";

18
configs/helix.nix
View File

@ -1,9 +1,9 @@
{
pkgs,
linkFarm,
...
}: let
tomlFmt = pkgs.formats.toml {};
{ pkgs
, linkFarm
, ...
}:
let
tomlFmt = pkgs.formats.toml { };
helixBin = "${pkgs.helix}/bin/hx";
helixConfig = tomlFmt.generate "config.toml" {
@ -15,7 +15,7 @@
normal = "block";
select = "underline";
};
lsp = {auto-signature-help = false;};
lsp = { auto-signature-help = false; };
};
};
@ -38,9 +38,9 @@
}
];
in
pkgs.writeScriptBin "hx" ''
pkgs.writeScriptBin "hx" ''
# Conf: ${helixConfig}
# Theme: ${helixTheme}
env XDG_CONFIG_HOME="${xdgDir}" ${helixBin} "$@"
''
''

42
configs/manager.nix
View File

@ -1,17 +1,17 @@
{
config,
lib,
pkgs,
inputs,
...
}: let
{ config
, lib
, pkgs
, inputs
, ...
}:
let
microcaBin = "${pkgs.microca}/bin/microca";
microca = pkgs.writeScriptBin "microca" ''
#!/usr/bin/env sh
${microcaBin} -ca-key /run/secrets/ca_key -ca-cert /run/secrets/ca_cert $@
'';
in
with lib; {
with lib; {
options = {
nixManager = {
enable = mkEnableOption "Configure host as nix-conf manager.";
@ -25,18 +25,18 @@ in
};
};
imports = [./tailnet.nix];
imports = [ ./tailnet.nix ];
config = mkIf config.nixManager.enable {
sops.defaultSopsFile = config.xin-secrets.manager;
sops.secrets = {
xin_status_key = {owner = config.nixManager.user;};
xin_status_pubkey = {owner = config.nixManager.user;};
manager_key = {owner = config.nixManager.user;};
manager_pubkey = {owner = config.nixManager.user;};
ca_key = {owner = config.nixManager.user;};
ca_cert = {owner = config.nixManager.user;};
po_env = {owner = config.nixManager.user;};
xin_status_key = { owner = config.nixManager.user; };
xin_status_pubkey = { owner = config.nixManager.user; };
manager_key = { owner = config.nixManager.user; };
manager_pubkey = { owner = config.nixManager.user; };
ca_key = { owner = config.nixManager.user; };
ca_cert = { owner = config.nixManager.user; };
po_env = { owner = config.nixManager.user; };
};
environment.systemPackages = [
@ -47,11 +47,11 @@ in
networking = {
hosts = {
"66.135.2.235" = ["ns1"];
"23.234.251.216" = ["ns2"];
"46.23.94.18" = ["ns3"];
"198.23.149.18" = ["ns4"];
"66.135.2.235" = [ "ns1" ];
"23.234.251.216" = [ "ns2" ];
"46.23.94.18" = [ "ns3" ];
"198.23.149.18" = [ "ns4" ];
};
};
};
}
}

4
configs/neomutt.nix
View File

@ -1,5 +1,5 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [neomutt urlview];
{ pkgs, ... }: {
environment.systemPackages = with pkgs; [ neomutt urlview ];
environment.etc."neomuttrc" = {
text = ''
ignore *

26
configs/neovim.nix
View File

@ -1,4 +1,4 @@
{pkgs, ...}:
{ pkgs, ... }:
with pkgs; let
parchment = pkgs.vimUtils.buildVimPluginFrom2Nix rec {
pname = "parchment";
@ -30,7 +30,7 @@ with pkgs; let
sha256 = "sha256-pMYvtNEYoVFaWlj35F1rDlfJkNY4y4S62RNpHBNBgto=";
fetchSubmodules = true;
};
dependencies = with vimPlugins; [nvim-cmp tabular];
dependencies = with vimPlugins; [ nvim-cmp tabular ];
};
neogen = pkgs.vimUtils.buildVimPluginFrom2Nix rec {
pname = "neogen";
@ -51,10 +51,10 @@ with pkgs; let
url = "mirror://cpan/authors/id/J/JA/JACQUESG/MsgPack-Raw-0.05.tar.gz";
sha256 = "8559e2b64cd98d99abc666edf2a4c8724c9534612616af11f4eb0bbd0d422dac";
};
buildInputs = with perlPackages; [TestPod TestPodCoverage];
buildInputs = with perlPackages; [ TestPod TestPodCoverage ];
meta = {
description = "Perl bindings to the msgpack C library";
license = with lib.licenses; [artistic1 gpl1Plus];
license = with lib.licenses; [ artistic1 gpl1Plus ];
};
};
@ -66,7 +66,7 @@ with pkgs; let
sha256 = "55a52c233e2dae86113f9f19b34f617edcfc8416f9bece671267bd1811b12111";
};
outputs = ["out" "dev"];
outputs = [ "out" "dev" ];
meta = {
description = "Simplified safe evaluation of Perl code";
@ -99,11 +99,11 @@ with pkgs; let
# Attempts to download stuff from the internet.
doCheck = false;
outputs = ["out" "dev"];
outputs = [ "out" "dev" ];
meta = {
description = "Perl bindings for neovim";
license = with lib.licenses; [artistic1 gpl1Plus];
license = with lib.licenses; [ artistic1 gpl1Plus ];
};
};
@ -139,13 +139,11 @@ with pkgs; let
parchment
vacme
];
myVimPackages =
if pkgs.system == "aarch64-linux"
then baseVimPackages
else baseVimPackages ++ [];
in {
myVimPackages = baseVimPackages;
in
{
environment.systemPackages = with pkgs; [
alejandra
nixpkgs-fmt
elmPackages.elm
elmPackages.elm-format
elmPackages.elm-language-server
@ -177,7 +175,7 @@ in {
enable = true;
defaultEditor = true;
configure = {
packages.myVimPackage = {start = myVimPackages;};
packages.myVimPackage = { start = myVimPackages; };
customRC = ''
" Restore cursor position
autocmd BufReadPost *

19
configs/net-overlay.nix
View File

@ -1,8 +1,7 @@
{
config,
lib,
pkgs,
...
{ config
, lib
, pkgs
, ...
}:
with lib; {
options = {
@ -32,7 +31,7 @@ with lib; {
config = mkMerge [
(mkIf config.tailscale.enable {
services = {tailscale = {enable = mkDefault true;};};
services = { tailscale = { enable = mkDefault true; }; };
networking.firewall.checkReversePath = mkDefault "loose";
})
(mkIf (config.tailscale.enable && config.tailscale.sshOnly) {
@ -45,8 +44,8 @@ with lib; {
};
systemd.services = {
"tailscale-ssh-init" = {
wantedBy = ["tailscaled.service"];
after = ["tailscaled.service"];
wantedBy = [ "tailscaled.service" ];
after = [ "tailscaled.service" ];
serviceConfig = {
ExecStart = "${pkgs.tailscale}/bin/tailscale up --auth-key file://${config.sops.secrets.ts_sshonly.path}";
};
@ -54,11 +53,11 @@ with lib; {
};
})
(mkIf config.zerotier.enable {
environment.systemPackages = with pkgs; [zerotierone];
environment.systemPackages = with pkgs; [ zerotierone ];
services = {
zerotierone = {
enable = true;
joinNetworks = ["db64858fedd3b256"];
joinNetworks = [ "db64858fedd3b256" ];
};
};
networking.firewall.checkReversePath = "loose";

26
configs/peerix.nix
View File

@ -1,8 +1,7 @@
{
config,
lib,
pkgs,
...
{ config
, lib
, pkgs
, ...
}:
with lib; {
options = {
@ -22,25 +21,25 @@ with lib; {
interfaces = mkOption {
description = "Interfaces to allow peerix to listen on.";
type = types.listOf types.str;
default = ["tailscale0"];
default = [ "tailscale0" ];
};
};
};
config = mkIf config.tsPeerix.enable {
users.groups.peerix = {name = "peerix";};
users.groups.peerix = { name = "peerix"; };
users.users.peerix = {
name = "peerix";
group = "peerix";
isSystemUser = true;
};
nix.settings.allowed-users = ["peerix"];
nix.settings.allowed-users = [ "peerix" ];
services = {
zerotierone = {
enable = true;
joinNetworks = ["db64858fedd3b256"];
joinNetworks = [ "db64858fedd3b256" ];
};
peerix = {
@ -53,13 +52,14 @@ with lib; {
};
};
environment.systemPackages = [pkgs.zerotierone];
environment.systemPackages = [ pkgs.zerotierone ];
networking.firewall.interfaces = listToAttrs (flatten (map (i: {
networking.firewall.interfaces = listToAttrs (flatten (map
(i: {
name = i;
value = {
allowedUDPPorts = [12304];
allowedTCPPorts = [12304];
allowedUDPPorts = [ 12304 ];
allowedTCPPorts = [ 12304 ];
};
})
config.tsPeerix.interfaces));

47
configs/tailnet.nix
View File

@ -1,12 +1,13 @@
{
config,
pkgs,
lib,
inputs,
xinlib,
...
}: let
tailnetACLs = let
{ config
, pkgs
, lib
, inputs
, xinlib
, ...
}:
let
tailnetACLs =
let
acls = {
hosts = {
europa = "100.92.31.80";
@ -19,18 +20,18 @@
};
tagOwners = {
"tag:untrusted" = ["qbit@github"];
"tag:minservice" = ["qbit@github"];
"tag:sshonly" = ["qbit@github"];
"tag:apper" = ["qbit@github"];
"tag:golink" = ["qbit@github"];
"tag:lab" = ["qbit@github"];
"tag:untrusted" = [ "qbit@github" ];
"tag:minservice" = [ "qbit@github" ];
"tag:sshonly" = [ "qbit@github" ];
"tag:apper" = [ "qbit@github" ];
"tag:golink" = [ "qbit@github" ];
"tag:lab" = [ "qbit@github" ];
};
acls = [
{
action = "accept";
src = ["tag:untrusted"];
src = [ "tag:untrusted" ];
dst = [
"europa:22"
"europa:12304"
@ -43,13 +44,13 @@
}
{
action = "accept";
src = ["tag:minservice" "tag:sshonly"];
dst = ["*:22" "box:3030" "nbc:443" "console:2222"];
src = [ "tag:minservice" "tag:sshonly" ];
dst = [ "*:22" "box:3030" "nbc:443" "console:2222" ];
}
{
action = "accept";
src = ["qbit@github"];
dst = ["*:*"];
src = [ "qbit@github" ];
dst = [ "*:*" ];
}
];
};
@ -83,13 +84,13 @@
name = "update-talenet-acls";
script = "${aclUpdateScript}/bin/tailnet-acl-updater";
startAt = "*:30:00";
path = [];
path = [ ];
inherit (config.nixManager) user;
}
];
enabled = config.nixManager.enable;
in
with lib; {
with lib; {
sops.secrets = mkIf enabled {
tailnet_acl_manager = {
owner = config.nixManager.user;
@ -101,4 +102,4 @@ in
};
};
systemd.services = mkIf enabled (listToAttrs (builtins.map xinlib.jobToService jobs));
}
}

2
configs/tmux.nix
View File

@ -1,4 +1,4 @@
{...}: {
{ ... }: {
programs.tmux = {
enable = true;
extraConfig = ''

2
configs/zsh.nix
View File

@ -1,4 +1,4 @@
{...}: {
{ ... }: {
config = {
programs.zsh.interactiveShellInit = ''
export NO_COLOR=1

25
dbuild/build-consumer.nix
View File

@ -1,17 +1,16 @@
{
config,
lib,
...
{ config
, lib
, ...
}:
with lib; {
options = {
buildConsumer = {enable = mkEnableOption "Use remote build machines";};
buildConsumer = { enable = mkEnableOption "Use remote build machines"; };
};
config = mkIf config.buildConsumer.enable {
programs.ssh.knownHosts = {
pcake = {
hostNames = ["pcake" "pcake.tapenet.org" "10.6.0.202"];
hostNames = [ "pcake" "pcake.tapenet.org" "10.6.0.202" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHgqVw3QWNG6Ty5o2HwW+25Eh59W3lZ30+wMqTEkUZVH";
};
};
@ -21,20 +20,22 @@ with lib; {
IdentitiesOnly yes
IdentityFile /root/.ssh/nix_remote
'';
nix.buildMachines = [
nix = {
buildMachines = [
{
hostName = "pcake";
systems = ["x86_64-linux" "aarch64-linux"];
systems = [ "x86_64-linux" "aarch64-linux" ];
maxJobs = 2;
speedFactor = 4;
supportedFeatures = ["kvm" "big-parallel" "nixos-test" "benchmark"];
mandatoryFeatures = [];
supportedFeatures = [ "kvm" "big-parallel" "nixos-test" "benchmark" ];
mandatoryFeatures = [ ];
}
];
nix.distributedBuilds = true;
nix.extraOptions = ''
distributedBuilds = true;
extraOptions = ''
builders-use-substitutes = true
'';
};
};
}

9
dbuild/build-server.nix
View File

@ -1,7 +1,6 @@
{
config,
lib,
...
{ config
, lib
, ...
}:
with lib; {
options = {
@ -11,7 +10,7 @@ with lib; {
};
config = mkIf config.buildServer.enable {
boot.binfmt.emulatedSystems = ["aarch64-linux"];
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICEtoU6ObMP7wmglT7rXMg0HEnh7cGBo6COL7BpmRC/o"

2
dbuild/default.nix
View File

@ -1 +1 @@
{...}: {imports = [./build-consumer.nix ./build-server.nix];}
{ ... }: { imports = [ ./build-consumer.nix ./build-server.nix ]; }

54
default.nix
View File

@ -1,12 +1,12 @@
{
config,
lib,
options,
pkgs,
xinlib,
isUnstable,
...
}: let
{ config
, lib
, options
, pkgs
, xinlib
, isUnstable
, ...
}:
let
inherit (xinlib) todo;
caPubKeys = builtins.concatStringsSep "\n" [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5xMSYMwu6rjjLe2UYs1YGCIBVs35E9db2qAjNltCVPG5UoctxCDXxIz0PMOJrBbfqZzP/6qPU1WAhdGNTZ5eXq/ftnhI+2xFfMg1uzpXZ9vjy8lUCfXIObtoEdZ9h/7OUCN/BnL0ySqsamkcUo8SAj6wXoNCdwk6oncfyTmhPnoW5tCWCS9p7Q/LuWpYGsvW5nFDSxteP7re6SUe10eftIkFAPNhKA2lsrvzMgjxhnXqwIr1qJeY0otcuYA4V5V09FmElbnOWVuy4Pt8SqV4N9ykkAUXZN1Pi7Q4JnCUifRJVWpKHLoJe0mqwMDJbGtt2Akn3EwiGhyaVjq2FFgBKAb7w8UAE8gob8n4+DOx4TQAXlmWviYij2Xh6CvepbamxlJMvVdWgqk53+u4e+/oOQQ9QTmQvAuecg9dSO3m7+hNHEf+0TXjuTNlk9KHRg4s7ZAI+2Stfo1tBrvEeE2fAF//Mw7zaLPKmEbMiXdbDs816gvYtG6Y36fTGyzhowDQAMNm+zbg8YPz7xFukLdSCPt7RcpPnP1iJs/hGBnog5UaG/Cm4ftkm9zKvOaQKIoA/GQ3yQSyltczA+2h5fur6VQQGrQeVhAcXm9a6GaLPWxgvJX/og76CHps0rYzFM3QBlsiJ+Z0sstk5TtBex9nTjwRZ1U9+4DQes2TB4/uxnQ== SUAH CA"
@ -16,9 +16,10 @@
statusKey = ''
command="/run/current-system/sw/bin/xin-status",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE9PIhQ+yWfBM2tEG+W8W8HXJXqISXif8BcPZHakKvLM xin-status
'';
gosignify = pkgs.callPackage ./pkgs/gosignify.nix {inherit isUnstable;};
myOpenSSH = pkgs.callPackage ./pkgs/openssh {};
in {
gosignify = pkgs.callPackage ./pkgs/gosignify.nix { inherit isUnstable; };
myOpenSSH = pkgs.callPackage ./pkgs/openssh { };
in
{
imports = [
./configs
./dbuild
@ -44,7 +45,7 @@ in {
options.myconf = {
managementPubKeys = lib.mkOption rec {
type = lib.types.listOf lib.types.str;
default = [managementKey statusKey breakGlassKey];
default = [ managementKey statusKey breakGlassKey ];
example = default;
description = "List of management public keys to use";
};
@ -63,7 +64,7 @@ in {
};
config = {
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.secrets = {
xin_secrets_deploy_key = {
@ -74,7 +75,7 @@ in {
};
};
security.pki.caCertificateBlacklist = ["TrustCor ECA-1" "TrustCor RootCert CA-1" "TrustCor RootCert CA-2"];
security.pki.caCertificateBlacklist = [ "TrustCor ECA-1" "TrustCor RootCert CA-1" "TrustCor RootCert CA-2" ];
security.pki.certificates = [
''
-----BEGIN CERTIFICATE-----
@ -130,7 +131,7 @@ in {
'';
boot = {
loader = {systemd-boot.configurationLimit = 15;};
loader = { systemd-boot.configurationLimit = 15; };
kernelPackages = lib.mkDefault pkgs.linuxPackages_hardened;
kernel.sysctl = {
"net.ipv4.tcp_keepalive_time" = 60;
@ -142,16 +143,18 @@ in {
nix = {
settings =
if config.xinCI.enable
then {}
then { }
else {
substituters = ["https://nix-binary-cache.humpback-trout.ts.net/"];
substituters = [ "https://nix-binary-cache.humpback-trout.ts.net/" ];
trusted-public-keys = [
"nix-binary-cache.humpback-trout.ts.net:e9fJhcRtNVp6miW2pffFyK/gZ2et4y6IDigBNrEsAa0="
];
};
};
environment.systemPackages = with pkgs;
environment = {
etc."ssh/ca.pub" = { text = caPubKeys; };
systemPackages = with pkgs;
[
age
apg
@ -177,13 +180,14 @@ in {
]
++ (
if isUnstable
then [nil]
else []
then [ nil ]
else [ ]
);
environment.interactiveShellInit = ''
interactiveShellInit = ''
alias vi=nvim
'';
};
time.timeZone = "US/Mountain";
@ -201,7 +205,7 @@ in {
"[namish.humpback-trout.ts.net]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9jlU5XATs8N90mXuCqrflwOJ+s3s7LefDmFZBx8cCk";
"[git.tapenet.org]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkbSJWeWJyJjak/boaMTqzPVq91wfJz1P+I4rnBUsPW";
};
knownHostsFiles = [./configs/ssh_known_hosts];
knownHostsFiles = [ ./configs/ssh_known_hosts ];
startAgent = true;
agentTimeout = "100m";
extraConfig = ''
@ -216,8 +220,6 @@ in {
};
};
environment.etc."ssh/ca.pub" = {text = caPubKeys;};
services.logrotate.checkConfig =
todo "logrotate disabled: https://github.com/NixOS/nix/issues/8502" false;
@ -230,7 +232,7 @@ in {
settings = {
PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;
KexAlgorithms = ["curve25519-sha256" "curve25519-sha256@libssh.org"];
KexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
Macs = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"

146
flake.nix
View File

@ -19,7 +19,7 @@
inputs.sops-nix.follows = "sops-nix";
};
nixos-hardware = {url = "github:NixOS/nixos-hardware/master";};
nixos-hardware = { url = "github:NixOS/nixos-hardware/master"; };
#emacs-overlay = {
# url = "github:nix-community/emacs-overlay/d54a1521619daa37c9aa8c9e3362abb34e676007";
@ -80,26 +80,27 @@
};
};
outputs = {
self,
darwin,
gostart,
nixos-hardware,
peerix,
po,
pots,
pr-status,
stable,
tsRevProx,
tsvnstat,
unstable,
unstableSmall,
xin-secrets,
xintray,
...
} @ inputs: let
xinlib = import ./lib {inherit (unstable) lib;};
supportedSystems = ["x86_64-linux"];
outputs =
{ self
, darwin
, gostart
, nixos-hardware
, peerix
, po
, pots
, pr-status
, stable
, tsRevProx
, tsvnstat
, unstable
, unstableSmall
, xin-secrets
, xintray
, ...
} @ inputs:
let
xinlib = import ./lib { inherit (unstable) lib; };
supportedSystems = [ "x86_64-linux" ];
#[ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
forAllSystems = unstable.lib.genAttrs supportedSystems;
unstablePkgsFor = forAllSystems (system:
@ -148,23 +149,26 @@
++ [
{
nix = {
registry.nixpkgs.flake = sysBase;
registry.stable.flake = stable;
registry.unstable.flake = unstable;
nixPath = ["nixpkgs=${sysBase}"];
registry = {
nixpkgs.flake = sysBase;
stable.flake = stable;
unstable.flake = unstable;
};
nixPath = [ "nixpkgs=${sysBase}" ];
};
}
]
++ [(xinlib.buildVer self) (./. + "/hosts/${name}")]
++ [{nixpkgs.overlays = overlays;}];
++ [ (xinlib.buildVer self) (./. + "/hosts/${name}") ]
++ [{ nixpkgs.overlays = overlays; }];
};
lpkgs = unstable.legacyPackages.x86_64-linux;
darwinPkgs = unstableSmall.legacyPackages.aarch64-darwin;
in {
in
{
darwinConfigurations = {
plq = darwin.lib.darwinSystem {
system = "aarch64-darwin";
specialArgs = {inherit xinlib;};
specialArgs = { inherit xinlib; };
modules = [
xin-secrets.nixosModules.sops
./overlays
@ -178,7 +182,8 @@
# everything before deploying
legacyPackages.x86_64-linux = import unstable {
system = "x86_64-linux";
overlays = let
overlays =
let
overlayFn = import ./overlays;
stableList = overlayFn {
isUnstable = true;
@ -189,11 +194,11 @@
inherit xinlib;
};
in
[] ++ stableList.nixpkgs.overlays ++ unstableList.nixpkgs.overlays;
stableList.nixpkgs.overlays ++ unstableList.nixpkgs.overlays;
};
formatter.x86_64-linux = stable.legacyPackages.x86_64-linux.alejandra;
formatter.aarch64-darwin = stable.legacyPackages.aarch64-darwin.alejandra;
formatter.x86_64-linux = stable.legacyPackages.x86_64-linux.nixpkgs-fmt;
formatter.aarch64-darwin = stable.legacyPackages.aarch64-darwin.nixpkgs-fmt;
devShells.x86_64-linux.default = xinlib.buildShell lpkgs;
devShells.aarch64-darwin.default = xinlib.buildShell darwinPkgs;
@ -202,12 +207,12 @@
europa = buildSys "x86_64-linux" unstable [
nixos-hardware.nixosModules.framework
] "europa";
pwntie = buildSys "x86_64-linux" stable [] "pwntie";
stan = buildSys "x86_64-linux" unstable [] "stan";
weather = buildSys "aarch64-linux" stable [] "weather";
pwntie = buildSys "x86_64-linux" stable [ ] "pwntie";
stan = buildSys "x86_64-linux" unstable [ ] "stan";
weather = buildSys "aarch64-linux" stable [ ] "weather";
faf = buildSys "x86_64-linux" stable [./configs/hardened.nix] "faf";
box = buildSys "x86_64-linux" stable [./configs/hardened.nix] "box";
faf = buildSys "x86_64-linux" stable [ ./configs/hardened.nix ] "faf";
box = buildSys "x86_64-linux" stable [ ./configs/hardened.nix ] "box";
#luna = buildSys "x86_64-linux" stable
# [ "${nixos-hardware}/common/cpu/intel" ] "luna";
h = buildSys "x86_64-linux" stable [
@ -259,34 +264,36 @@
};
};
packages = forAllSystems (system: let
packages = forAllSystems (system:
let
upkgs = unstablePkgsFor.${system};
spkgs = stablePkgsFor.${system};
in {
in
{
ada_language_server =
spkgs.callPackage ./pkgs/ada_language_server.nix {inherit spkgs;};
alire = spkgs.callPackage ./pkgs/alire.nix {inherit spkgs;};
bearclaw = spkgs.callPackage ./pkgs/bearclaw.nix {inherit spkgs;};
rtlamr = spkgs.callPackage ./pkgs/rtlamr.nix {inherit spkgs;};
clilol = spkgs.callPackage ./pkgs/clilol.nix {inherit spkgs;};
spkgs.callPackage ./pkgs/ada_language_server.nix { inherit spkgs; };
alire = spkgs.callPackage ./pkgs/alire.nix { inherit spkgs; };
bearclaw = spkgs.callPackage ./pkgs/bearclaw.nix { inherit spkgs; };
rtlamr = spkgs.callPackage ./pkgs/rtlamr.nix { inherit spkgs; };
clilol = spkgs.callPackage ./pkgs/clilol.nix { inherit spkgs; };
gqrss = spkgs.callPackage ./pkgs/gqrss.nix {
inherit spkgs;
isUnstable = true;
};
iamb = upkgs.callPackage ./pkgs/iamb.nix {};
iamb = upkgs.callPackage ./pkgs/iamb.nix { };
icbirc = spkgs.callPackage ./pkgs/icbirc.nix {
inherit spkgs;
isUnstable = true;
};
femtolisp = upkgs.callPackage ./pkgs/femtolisp.nix {};
fyne = upkgs.callPackage ./pkgs/fyne.nix {inherit upkgs;};
femtolisp = upkgs.callPackage ./pkgs/femtolisp.nix { };
fyne = upkgs.callPackage ./pkgs/fyne.nix { inherit upkgs; };
flake-warn =
spkgs.callPackage ./pkgs/flake-warn.nix {inherit spkgs;};
spkgs.callPackage ./pkgs/flake-warn.nix { inherit spkgs; };
#kurinto = spkgs.callPackage ./pkgs/kurinto.nix {};
mcchunkie = spkgs.callPackage ./pkgs/mcchunkie.nix {inherit spkgs;};
yaegi = spkgs.callPackage ./pkgs/yaegi.nix {inherit spkgs;};
mcchunkie = spkgs.callPackage ./pkgs/mcchunkie.nix { inherit spkgs; };
yaegi = spkgs.callPackage ./pkgs/yaegi.nix { inherit spkgs; };
gen-patches =
spkgs.callPackage ./bins/gen-patches.nix {inherit spkgs;};
spkgs.callPackage ./bins/gen-patches.nix { inherit spkgs; };
yarr = spkgs.callPackage ./pkgs/yarr.nix {
inherit spkgs;
isUnstable = true;
@ -304,17 +311,17 @@
inherit upkgs;
};
hpi =
upkgs.python3Packages.callPackage ./pkgs/hpi.nix {inherit upkgs;};
upkgs.python3Packages.callPackage ./pkgs/hpi.nix { inherit upkgs; };
promnesia = upkgs.python3Packages.callPackage ./pkgs/promnesia.nix {
inherit upkgs;
};
sliding-sync =
spkgs.callPackage ./pkgs/sliding-sync.nix {inherit spkgs;};
golink = spkgs.callPackage ./pkgs/golink.nix {inherit spkgs;};
gokrazy = upkgs.callPackage ./pkgs/gokrazy.nix {inherit upkgs;};
gosignify = spkgs.callPackage ./pkgs/gosignify.nix {inherit spkgs;};
spkgs.callPackage ./pkgs/sliding-sync.nix { inherit spkgs; };
golink = spkgs.callPackage ./pkgs/golink.nix { inherit spkgs; };
gokrazy = upkgs.callPackage ./pkgs/gokrazy.nix { inherit upkgs; };
gosignify = spkgs.callPackage ./pkgs/gosignify.nix { inherit spkgs; };
gotosocial =
spkgs.callPackage ./pkgs/gotosocial.nix {inherit spkgs;};
spkgs.callPackage ./pkgs/gotosocial.nix { inherit spkgs; };
zutty = upkgs.callPackage ./pkgs/zutty.nix {
inherit upkgs;
};
@ -330,35 +337,40 @@
inherit (spkgs) matrix-synapse;
});
templates."ada" = {
templates = {
"ada" = {
path = ./templates/ada;
description = "Ada template.";
};
templates."go" = {
"go" = {
path = ./templates/go;
description = "Go template.";
};
templates."perl" = {
"perl" = {
path = ./templates/perl;
description = "Perl template.";
};
templates."mojo" = {
"mojo" = {
path = ./templates/mojo;
description = "Perl MojoLicious template.";
};
templates."ocaml" = {
"ocaml" = {
path = ./templates/ocaml;
description = "OCaml template.";
};
};
checks = let
buildList = ["europa" "stan" "h" "box" "faf" "weather"];
checks =
let
buildList = [ "europa" "stan" "h" "box" "faf" "weather" ];
in
with unstable.lib;
foldl' recursiveUpdate {} (mapAttrsToList (name: system: {
foldl' recursiveUpdate { } (mapAttrsToList
(name: system: {
"${system.pkgs.stdenv.hostPlatform.system}"."${name}" =
system.config.system.build.toplevel;
}) (filterAttrs (n: _: (builtins.elem n buildList))
})
(filterAttrs (n: _: (builtins.elem n buildList))
self.nixosConfigurations));
};
}

13
gui/arcan.nix
View File

@ -1,15 +1,14 @@
{
config,
lib,
pkgs,
...
{ config
, lib
, pkgs
, ...
}:
with lib; {
options = {
arcan = {enable = mkEnableOption "Enable Arcan/Durden desktop.";};
arcan = { enable = mkEnableOption "Enable Arcan/Durden desktop."; };
};
config = mkIf config.arcan.enable {
environment.systemPackages = with pkgs; [arcanPackages.all-wrapped];
environment.systemPackages = with pkgs; [ arcanPackages.all-wrapped ];
};
}

44
gui/default.nix
View File

@ -1,24 +1,24 @@
{
config,
lib,
pkgs,
xinlib,
...
}: let
firefox = import ../configs/firefox.nix {inherit pkgs;};
rage = pkgs.writeScriptBin "rage" (import ../bins/rage.nix {inherit pkgs;});
{ config
, lib
, pkgs
, xinlib
, ...
}:
let
firefox = import ../configs/firefox.nix { inherit pkgs; };
rage = pkgs.writeScriptBin "rage" (import ../bins/rage.nix { inherit pkgs; });
rpr =
pkgs.writeScriptBin "rpr"
(import ../bins/rpr.nix {inherit (pkgs) hut gh tea;});
(import ../bins/rpr.nix { inherit (pkgs) hut gh tea; });
promnesia =
pkgs.python3Packages.callPackage ../pkgs/promnesia.nix {inherit pkgs;};
hpi = pkgs.python3Packages.callPackage ../pkgs/hpi.nix {inherit pkgs;};
pkgs.python3Packages.callPackage ../pkgs/promnesia.nix { inherit pkgs; };
hpi = pkgs.python3Packages.callPackage ../pkgs/hpi.nix { inherit pkgs; };
promnesiaService = {
promnesia = {
description = "Service for promnesia.server";
wantedBy = ["graphical-session.target"];
partOf = ["graphical-session.target"];
after = ["graphical-session.target"];
wantedBy = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
script = ''
${promnesia}/bin/promnesia serve
'';
@ -29,12 +29,12 @@
name = "promnesia-index";
script = "${promnesia}/bin/promnesia index";
startAt = "*:0/5";
path = [promnesia hpi];
path = [ promnesia hpi ];
}
];
in
with lib; {
imports = [./gnome.nix ./kde.nix ./xfce.nix ./arcan.nix];
with lib; {
imports = [ ./gnome.nix ./kde.nix ./xfce.nix ./arcan.nix ];
options = {
pulse = {
@ -66,7 +66,7 @@ in
# TODO: TEMP FIX
systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart =
lib.mkForce ["" "${pkgs.networkmanager}/bin/nm-online -q"];
lib.mkForce [ "" "${pkgs.networkmanager}/bin/nm-online -q" ];
fonts.fonts = with pkgs; [
go-font
#(callPackage ../pkgs/kurinto.nix {})
@ -88,10 +88,10 @@ in
vlc
zeal
(callPackage ../configs/helix.nix {})
(callPackage ../configs/helix.nix { })
]);
programs = {} // firefox.programs;
programs = { } // firefox.programs;
systemd.user.services =
(lib.listToAttrs (builtins.map xinlib.jobToUserService jobs))
@ -107,4 +107,4 @@ in
};
})
];
}
}

9
gui/gnome.nix
View File

@ -1,10 +1,9 @@
{
config,
lib,
...
{ config
, lib
, ...
}:
with lib; {
options = {gnome = {enable = mkEnableOption "Enable GNOME desktop.";};};
options = { gnome = { enable = mkEnableOption "Enable GNOME desktop."; }; };
config = mkIf config.gnome.enable {
services.xserver.displayManager.gdm.enable = true;

19
gui/kde.nix
View File

@ -1,12 +1,13 @@
{
config,
lib,
pkgs,
...
}: let
{ config
, lib
, pkgs
, ...
}:
let
inherit (pkgs.libsForQt5) callPackage;
in {
options = {kde = {enable = lib.mkEnableOption "Enable KDE desktop.";};};
in
{
options = { kde = { enable = lib.mkEnableOption "Enable KDE desktop."; }; };
config = lib.mkIf config.kde.enable {
services.xserver.displayManager.sddm.enable = true;
@ -21,7 +22,7 @@ in {
};
environment.systemPackages = with pkgs; [
(callPackage ../pkgs/tile-gaps.nix {})
(callPackage ../pkgs/tile-gaps.nix { })
libsForQt5.bismuth
plasma5Packages.kdeconnect-kde
waynergy

13
gui/xfce.nix
View File

@ -1,11 +1,10 @@
{
config,
lib,
pkgs,
...
{ config
, lib
, pkgs
, ...
}:
with lib; {
options = {xfce = {enable = mkEnableOption "Enable XFCE desktop.";};};
options = { xfce = { enable = mkEnableOption "Enable XFCE desktop."; }; };
config = mkIf config.xfce.enable {
security.pam.services = {
@ -23,6 +22,6 @@ with lib; {
];
services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.xfce = {enable = true;};
services.xserver.desktopManager.xfce = { enable = true; };
};
}

204
hosts/box/default.nix
View File

@ -1,11 +1,11 @@
{
inputs,
config,
lib,
pkgs,
isUnstable,
...
}: let
{ inputs
, config
, lib
, pkgs
, isUnstable
, ...
}:
let
#photoPrismTag = "220901-bullseye";
httpCacheTime = "720m";
httpAllow = ''
@ -38,13 +38,14 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
];
userBase = {openssh.authorizedKeys.keys = pubKeys;};
userBase = { openssh.authorizedKeys.keys = pubKeys; };
mkNginxSecret = {
sopsFile = config.xin-secrets.box.certs;
owner = config.users.users.nginx.name;
mode = "400";
};
in {
in
{
_module.args.isUnstable = false;
imports = [
./hardware-configuration.nix
@ -65,41 +66,45 @@ in {
owner = config.users.users.gitea.name;
sopsFile = config.xin-secrets.box.services;
};
"bitwarden_rs.env" = {sopsFile = config.xin-secrets.box.services;};
"wireguard_private_key" = {sopsFile = config.xin-secrets.box.services;};
"bitwarden_rs.env" = { sopsFile = config.xin-secrets.box.services; };
"wireguard_private_key" = { sopsFile = config.xin-secrets.box.services; };
books_cert = mkNginxSecret;
books_key = mkNginxSecret;
jelly_cert = mkNginxSecret;
jelly_key = mkNginxSecret;
lidarr_cert = mkNginxSecret;
lidarr_key = mkNginxSecret;
nzb_cert = mkNginxSecret;
nzb_key = mkNginxSecret;
prowlarr_cert = mkNginxSecret;
prowlarr_key = mkNginxSecret;
radarr_cert = mkNginxSecret;
radarr_key = mkNginxSecret;
reddit_cert = mkNginxSecret;
reddit_key = mkNginxSecret;
sonarr_cert = mkNginxSecret;
sonarr_key = mkNginxSecret;
graph_cert = mkNginxSecret;
graph_key = mkNginxSecret;
bw_cert = mkNginxSecret;
bw_key = mkNginxSecret;
invidious_cert = mkNginxSecret;
invidious_key = mkNginxSecret;
readarr_cert = mkNginxSecret;
readarr_key = mkNginxSecret;
home_cert = mkNginxSecret;
home_key = mkNginxSecret;
};
sops.secrets.books_cert = mkNginxSecret;
sops.secrets.books_key = mkNginxSecret;
sops.secrets.jelly_cert = mkNginxSecret;
sops.secrets.jelly_key = mkNginxSecret;
sops.secrets.lidarr_cert = mkNginxSecret;
sops.secrets.lidarr_key = mkNginxSecret;
sops.secrets.nzb_cert = mkNginxSecret;
sops.secrets.nzb_key = mkNginxSecret;
sops.secrets.prowlarr_cert = mkNginxSecret;
sops.secrets.prowlarr_key = mkNginxSecret;
sops.secrets.radarr_cert = mkNginxSecret;
sops.secrets.radarr_key = mkNginxSecret;
sops.secrets.reddit_cert = mkNginxSecret;
sops.secrets.reddit_key = mkNginxSecret;
sops.secrets.sonarr_cert = mkNginxSecret;
sops.secrets.sonarr_key = mkNginxSecret;
sops.secrets.graph_cert = mkNginxSecret;
sops.secrets.graph_key = mkNginxSecret;
sops.secrets.bw_cert = mkNginxSecret;
sops.secrets.bw_key = mkNginxSecret;
sops.secrets.invidious_cert = mkNginxSecret;
sops.secrets.invidious_key = mkNginxSecret;
sops.secrets.readarr_cert = mkNginxSecret;
sops.secrets.readarr_key = mkNginxSecret;
sops.secrets.home_cert = mkNginxSecret;
sops.secrets.home_key = mkNginxSecret;
boot.supportedFilesystems = ["zfs"];
boot.loader.grub.copyKernels = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot = {
supportedFilesystems = [ "zfs" ];
loader = {
grub.copyKernels = true;
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
doas.enable = true;
@ -111,14 +116,14 @@ in {
enableIPv6 = false;
hosts = {
"127.0.0.1" = ["git.tapenet.org"];
"10.6.0.15" = ["jelly.bold.daemon"];
"100.122.61.43" = ["nix-binary-cache.humpback-trout.ts.net"];
"127.0.0.1" = [ "git.tapenet.org" ];
"10.6.0.15" = [ "jelly.bold.daemon" ];
"100.122.61.43" = [ "nix-binary-cache.humpback-trout.ts.net" ];
};
interfaces.enp7s0 = {useDHCP = true;};
interfaces.enp7s0 = { useDHCP = true; };
firewall = {
interfaces = {"tailscale0" = {allowedTCPPorts = [3030];};};
interfaces = { "tailscale0" = { allowedTCPPorts = [ 3030 ]; }; };
interfaces = {
"wg0" = {
allowedTCPPorts = [
@ -154,12 +159,12 @@ in {
interfaces = {
wg0 = {
listenPort = 7122;
ips = ["192.168.112.4/32"];
ips = [ "192.168.112.4/32" ];
peers = [
{
publicKey = "IMJ1gVK6KzRghon5Wg1dxv1JCB8IbdSqeFjwQAxJM10=";
endpoint = "23.29.118.127:7122";
allowedIPs = ["192.168.112.3/32"];
allowedIPs = [ "192.168.112.3/32" ];
persistentKeepalive = 25;
}
];
@ -192,7 +197,7 @@ in {
glowing-bear
rtl_433
(callPackage ../../pkgs/athens.nix {inherit isUnstable;})
(callPackage ../../pkgs/athens.nix { inherit isUnstable; })
];
security.acme = {
@ -200,21 +205,25 @@ in {
defaults.email = "aaron@bolddaemon.com";
};
users.groups.media = {
users = {
groups = {
media = {
name = "media";
members = ["qbit" "sonarr" "radarr" "lidarr" "nzbget" "jellyfin" "headphones" "rtorrent" "readarr"];
members = [ "qbit" "sonarr" "radarr" "lidarr" "nzbget" "jellyfin" "headphones" "rtorrent" "readarr" ];
};
users.groups.photos = {
photos = {
name = "photos";
members = ["qbit"];
members = [ "qbit" ];
};
users.groups.photoprism = {
photoprism = {
name = "photoprism";
gid = 986;
};
users.users.photoprism = {
};
users = {
photoprism = {
uid = 991;
name = "photoprism";
isSystemUser = true;
@ -223,12 +232,7 @@ in {
shell = "/bin/sh";
openssh.authorizedKeys.keys = pubKeys;
};
systemd.services.photoprism = {
serviceConfig = {
WorkingDirectory = lib.mkForce "/media/pictures/photoprism";
};
preStart = lib.mkForce "";
};
hardware.rtl-sdr.enable = true;
@ -238,7 +242,7 @@ in {
enable = true;
listeners = [
{
acl = ["pattern readwrite #"];
acl = [ "pattern readwrite #" ];
omitPasswordAuth = true;
settings.allow_anonymous = true;
}
@ -311,7 +315,7 @@ in {
];
device_tracker = [
];
default_config = {};
default_config = { };
http = {
use_x_forwarded_for = true;
server_host = "127.0.0.1";
@ -382,7 +386,8 @@ in {
};
cron = {
enable = true;
systemCronJobs = let
systemCronJobs =
let
tsCertsScript = pkgs.writeScriptBin "ts-certs.sh" ''
#!/usr/bin/env sh
. /etc/profile;
@ -396,9 +401,10 @@ in {
chown nginx /etc/nixos/secrets/box.humpback-trout.ts.net.*
) >/dev/null 2>&1
'';
in ["@daily root ${tsCertsScript}/bin/ts-certs.sh"];
in
[ "@daily root ${tsCertsScript}/bin/ts-certs.sh" ];
};
openssh = {settings.X11Forwarding = true;};
openssh = { settings.X11Forwarding = true; };
tor.enable = true;
@ -424,7 +430,7 @@ in {
nzbget = {
enable = true;
group = "media";
settings = {MainDir = "/media/downloads";};
settings = { MainDir = "/media/downloads"; };
};
fwupd.enable = true;
@ -449,7 +455,7 @@ in {
calibre-web = {
enable = true;
group = "media";
options = {enableBookUploading = true;};
options = { enableBookUploading = true; };
listen.port = 8909;
listen.ip = "127.0.0.1";
};
@ -501,7 +507,7 @@ in {
lifecycler = {
address = "127.0.0.1";
ring = {
kvstore = {store = "inmemory";};
kvstore = { store = "inmemory"; };
replication_factor = 1;
};
};
@ -535,7 +541,7 @@ in {
shared_store = "filesystem";
};
filesystem = {directory = "/var/lib/loki/chunks";};
filesystem = { directory = "/var/lib/loki/chunks"; };
};
limits_config = {
@ -543,7 +549,7 @@ in {
reject_old_samples_max_age = "168h";
};
chunk_store_config = {max_look_back_period = "0s";};
chunk_store_config = { max_look_back_period = "0s"; };
table_manager = {
retention_deletes_enabled = false;
@ -553,7 +559,7 @@ in {
compactor = {
working_directory = "/var/lib/loki";
shared_store = "filesystem";
compactor_ring = {kvstore = {store = "inmemory";};};
compactor_ring = { kvstore = { store = "inmemory"; }; };
};
};
};
@ -565,7 +571,7 @@ in {
http_listen_port = 3031;
grpc_listen_port = 0;
};
positions = {filename = "/tmp/positions.yaml";};
positions = { filename = "/tmp/positions.yaml"; };
clients = [
{
url = "http://127.0.0.1:${
@ -586,7 +592,7 @@ in {
};
relabel_configs = [
{
source_labels = ["__journal__systemd_unit"];
source_labels = [ "__journal__systemd_unit" ];
target_label = "unit";
}
];
@ -602,11 +608,11 @@ in {
exporters = {
node = {
enable = true;
enabledCollectors = ["systemd"];
enabledCollectors = [ "systemd" ];
port = 9002;
};
nginx = {enable = true;};
nginx = { enable = true; };
rtl_433 = {
enable = true;
@ -648,27 +654,27 @@ in {
}
{
job_name = "greenhouse";
static_configs = [{targets = ["10.6.0.20:80"];}];
static_configs = [{ targets = [ "10.6.0.20:80" ]; }];
}
{
job_name = "house";
static_configs = [{targets = ["10.6.0.21:80"];}];
static_configs = [{ targets = [ "10.6.0.21:80" ]; }];
}
{
job_name = "outside";
static_configs = [{targets = ["10.6.0.22:8811"];}];
static_configs = [{ targets = [ "10.6.0.22:8811" ]; }];
}
{
job_name = "faf";
static_configs = [{targets = ["10.6.0.245:9002"];}];
static_configs = [{ targets = [ "10.6.0.245:9002" ]; }];
}
{
job_name = "h";
static_configs = [{targets = ["100.64.247.69:9002"];}];
static_configs = [{ targets = [ "100.64.247.69:9002" ]; }];
}
{
job_name = "namish";
static_configs = [{targets = ["10.200.0.100:9100"];}];
static_configs = [{ targets = [ "10.200.0.100:9100" ]; }];
}
{
job_name = "nginx";
@ -746,7 +752,7 @@ in {
backup root@suah.dev:/var/www/ suah.dev/
backup_exec date "+ backup of suah.dev ended at %c"
'';
cronIntervals = {daily = "50 21 * * *";};
cronIntervals = { daily = "50 21 * * *"; };
};
libreddit = {
@ -1031,7 +1037,7 @@ in {
# host all all ::1/128 trust
#'';
ensureDatabases = ["nextcloud" "gitea" "invidious"];
ensureDatabases = [ "nextcloud" "gitea" "invidious" ];
ensureUsers = [
{
name = "nextcloud";
@ -1049,23 +1055,35 @@ in {
};
};
systemd.services.nginx.serviceConfig = {
ReadWritePaths = ["/backups/nginx_cache"];
ReadOnlyPaths = ["/etc/nixos/secrets"];
systemd = {
services = {
photoprism = {
serviceConfig = {
WorkingDirectory = lib.mkForce "/media/pictures/photoprism";
};
preStart = lib.mkForce "";
};
systemd.services.gitea.environment = {
nginx.serviceConfig = {
ReadWritePaths = [ "/backups/nginx_cache" ];
ReadOnlyPaths = [ "/etc/nixos/secrets" ];
};
gitea.environment = {
GIT_CONFIG_NOGLOBAL = "true";
GIT_CONFIG_NOSYSTEM = "true";
};
#systemd.services."nextcloud-setup" = {
#"nextcloud-setup" = {
# requires = [ "postgresql.service" ];
# after = [ "postgresql.service" ];
#};
};
};
users.users.qbit = userBase;
users.users.root = userBase;
users.users = {
qbit = userBase;
root = userBase;
};
programs.zsh.enable = true;

42
hosts/box/hardware-configuration.nix
View File

@ -1,70 +1,76 @@
{...}: {
boot.initrd.availableKernelModules = ["ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel" "wireguard"];
boot.extraModulePackages = [];
{ ... }: {
boot = {
initrd = {
availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
kernelModules = [ ];
};
kernelModules = [ "kvm-intel" "wireguard" ];
extraModulePackages = [ ];
};
hardware.enableRedistributableFirmware = true;
fileSystems."/" = {
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/248dfcf7-999b-4dba-bfbf-0b10dbb376b1";
fsType = "ext4";
};
fileSystems."/home" = {
"/home" = {
device = "rpool/home";
fsType = "zfs";
};
fileSystems."/backups" = {
"/backups" = {
device = "rpool/backups";
fsType = "zfs";
};
fileSystems."/media/music" = {
"/media/music" = {
device = "rpool/media/music";
fsType = "zfs";
};
fileSystems."/media/movies" = {
"/media/movies" = {
device = "rpool/media/movies";
fsType = "zfs";
};
fileSystems."/media/pictures" = {
"/media/pictures" = {
device = "rpool/pictures";
fsType = "zfs";
};
fileSystems."/media/tv" = {
"/media/tv" = {
device = "rpool/media/tv";
fsType = "zfs";
};
fileSystems."/media/nextcloud" = {
"/media/nextcloud" = {
device = "rpool/nextcloud";
fsType = "zfs";
};
fileSystems."/media/git" = {
"/media/git" = {
device = "rpool/git";
fsType = "zfs";
};
fileSystems."/media/downloads" = {
"/media/downloads" = {
device = "rpool/downloads";
fsType = "zfs";
};
fileSystems."/db/postgres" = {
"/db/postgres" = {
device = "rpool/db/postgres";
fsType = "zfs";
};
fileSystems."/boot" = {
"/boot" = {
device = "/dev/disk/by-uuid/2AC3-DB6C";
fsType = "vfat";
};
};
swapDevices = [{device = "/dev/disk/by-uuid/97d6ef56-ea18-493b-aac0-e58e773ced30";}];
swapDevices = [{ device = "/dev/disk/by-uuid/97d6ef56-ea18-493b-aac0-e58e773ced30"; }];
}

75
hosts/europa/default.nix
View File

@ -1,11 +1,11 @@
{
inputs,
config,
pkgs,
lib,
xinlib,
...
}: let
{ inputs
, config
, pkgs
, lib
, xinlib
, ...
}:
let
inherit (inputs.stable.legacyPackages.${pkgs.system}) chirp;
restic = pkgs.writeScriptBin "restic" (import ../../bins/restic.nix {
inherit pkgs;
@ -25,25 +25,26 @@
name = "brain";
script = "cd ~/Brain && git sync";
startAt = "*:0/2";
path = [pkgs.git pkgs.git-sync];
path = [ pkgs.git pkgs.git-sync ];
}
{
name = "org";
script = "(cd ~/org && git sync)";
startAt = "*:0/5";
path = [pkgs.git pkgs.git-sync];
path = [ pkgs.git pkgs.git-sync ];
}
{
name = "taskobs";
script = "taskobs";
startAt = "*:0/30";
path = [pkgs.taskobs] ++ pkgs.taskobs.buildInputs;
path = [ pkgs.taskobs ] ++ pkgs.taskobs.buildInputs;
}
];
in {
in
{
_module.args.isUnstable = true;
imports = [./hardware-configuration.nix ../../pkgs ../../configs/neomutt.nix];
imports = [ ./hardware-configuration.nix ../../pkgs ../../configs/neomutt.nix ];
sops.secrets = {
fastmail = {
@ -94,7 +95,7 @@ in {
};
boot = {
binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ];
initrd.systemd.enable = true;
loader = {
systemd-boot.enable = true;
@ -103,7 +104,7 @@ in {
efiSysMountPoint = "/boot/efi";
};
};
kernelParams = ["boot.shell_on_fail" "mem_sleep_default=deep"];
kernelParams = [ "boot.shell_on_fail" "mem_sleep_default=deep" ];
kernelPackages = pkgs.linuxPackages_latest;
};
@ -122,21 +123,21 @@ in {
hostName = "europa";
hostId = "87703c3e";
hosts = {
"192.168.122.6" = ["chubs"];
"192.168.122.6" = [ "chubs" ];
};
wireless.userControlled.enable = true;
networkmanager.enable = true;
firewall = {
enable = true;
allowedTCPPorts = [22];
allowedTCPPorts = [ 22 ];
};
};
tsPeerix = {
enable = false;
privateKeyFile = "${config.sops.secrets.peerix_private_key.path}";
interfaces = ["wlp170s0" "ztksevmpn3"];
interfaces = [ "wlp170s0" "ztksevmpn3" ];
};
programs = {
@ -144,7 +145,7 @@ in {
_1password.enable = true;
_1password-gui = {
enable = true;
polkitPolicyOwners = ["qbit"];
polkitPolicyOwners = [ "qbit" ];
};
dconf.enable = true;
zsh = {
@ -162,7 +163,7 @@ in {
};
};
services.xinCA = {enable = false;};
services.xinCA = { enable = false; };
services = {
avahi = {
@ -178,9 +179,9 @@ in {
environmentFile = "${config.sops.secrets.restic_env_file.path}";
passwordFile = "${config.sops.secrets.restic_password_file.path}";
paths = ["/home/qbit" "/var/lib/libvirt"];
paths = [ "/home/qbit" "/var/lib/libvirt" ];
pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-yearly 5"];
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-yearly 5" ];
};
};
};
@ -231,18 +232,20 @@ in {
''
];
systemd.user.services =
systemd = {
user.services =
lib.listToAttrs (builtins.map xinlib.jobToUserService jobs);
systemd.services."whytailscalewhy" = {
services."whytailscalewhy" = {
description = "Tailscale restart on resume";
wantedBy = ["post-resume.target"];
after = ["post-resume.target"];
wantedBy = [ "post-resume.target" ];
after = [ "post-resume.target" ];
script = ''
. /etc/profile;
${pkgs.systemd}/bin/systemctl restart tailscaled.service
'';
serviceConfig.Type = "oneshot";
};
};
virtualisation.docker.enable = false;
users.users.qbit.extraGroups = [
@ -259,7 +262,7 @@ in {
XDG_DATA_HOME = "\${HOME}/.local/share";
STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d";
PATH = ["\${XDG_BIN_HOME}"];
PATH = [ "\${XDG_BIN_HOME}" ];
MUHOME = "\${HOME}/.config/mu";
};
@ -320,8 +323,8 @@ in {
#yubioath-flutter
zig
(callPackage ../../pkgs/clilol.nix {})
(callPackage ../../pkgs/iamb.nix {})
(callPackage ../../pkgs/clilol.nix { })
(callPackage ../../pkgs/iamb.nix { })
(callPackage ../../pkgs/kobuddy.nix {
inherit pkgs;
inherit
@ -335,9 +338,9 @@ in {
alembic
;
})
(callPackage ../../pkgs/gokrazy.nix {})
(callPackage ../../pkgs/mvoice.nix {})
(callPackage ../../pkgs/zutty.nix {})
(callPackage ../../pkgs/gokrazy.nix { })
(callPackage ../../pkgs/mvoice.nix { })
(callPackage ../../pkgs/zutty.nix { })
restic
];
@ -358,7 +361,9 @@ in {
}
];
system.autoUpgrade.allowReboot = false;
system.autoUpgrade.enable = false;
system.stateVersion = "21.11";
system = {
autoUpgrade.allowReboot = false;
autoUpgrade.enable = false;
stateVersion = "21.11";
};
}

27
hosts/europa/hardware-configuration.nix
View File

@ -1,15 +1,18 @@
{
config,
lib,
modulesPath,
...
{ config
, lib
, modulesPath
, ...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot = {
initrd = {
availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" ];
kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems = {
"/" = {
@ -25,14 +28,14 @@
};
boot.initrd.luks.devices."luks-1f16b568-7726-44b6-b082-6b9d5e4d1972".device = "/dev/disk/by-uuid/1f16b568-7726-44b6-b082-6b9d5e4d1972";
boot.initrd.luks.devices."luks-1f16b568-7726-44b6-b082-6b9d5e4d1972".crypttabExtraOpts = ["fido2-device=auto"];
boot.initrd.luks.devices."luks-1f16b568-7726-44b6-b082-6b9d5e4d1972".crypttabExtraOpts = [ "fido2-device=auto" ];
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/F0A2-4A56";
fsType = "vfat";
};
swapDevices = [{device = "/dev/disk/by-label/swap";}];
swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware = {

40
hosts/faf/default.nix
View File

@ -1,19 +1,25 @@
{config, ...}: let
{ config, ... }:
let
pubKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPMaAm4rDxyU975Z54YiNw3itC2fGc3SaE2VaS1fai8 root@box"
];
userBase = {
openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys;
};
in {
in
{
_module.args.isUnstable = false;
imports = [./hardware-configuration.nix];
imports = [ ./hardware-configuration.nix ];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
boot.supportedFilesystems = ["zfs"];
boot.zfs.devNodes = "/dev/";
supportedFilesystems = [ "zfs" ];
zfs.devNodes = "/dev/";
};
networking = {
hostName = "faf";
@ -23,13 +29,17 @@ in {
interfaces.enp1s0.useDHCP = true;
interfaces.enp2s0.useDHCP = true;
firewall.allowedTCPPorts = [22 53 config.services.prometheus.exporters.node.port];
firewall.allowedUDPPorts = [53];
hosts = {"100.122.61.43" = ["nix-binary-cache.humpback-trout.ts.net"];};
firewall = {
allowedTCPPorts = [ 22 53 config.services.prometheus.exporters.node.port ];
allowedUDPPorts = [ 53 ];
};
hosts = { "100.122.61.43" = [ "nix-binary-cache.humpback-trout.ts.net" ]; };
};
users.users.root = userBase;
users.users.qbit = userBase;
users.users = {
root = userBase;
qbit = userBase;
};
services = {
prometheus = {
@ -39,7 +49,7 @@ in {
exporters = {
node = {
enable = true;
enabledCollectors = ["systemd"];
enabledCollectors = [ "systemd" ];
port = 9002;
};
};
@ -101,8 +111,8 @@ in {
enable = true;
settings = {
server = {
interface = ["100.64.130.122"];
access-control = ["100.64.0.0/10 allow"];
interface = [ "100.64.130.122" ];
access-control = [ "100.64.0.0/10 allow" ];
};
local-zone = ''"bold.daemon." static'';
local-data = [

43
hosts/faf/hardware-configuration.nix
View File

@ -1,15 +1,15 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
{ config
, lib
, modulesPath
, ...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [
boot = {
initrd.availableKernelModules = [
"uhci_hcd"
"ehci_pci"
"ahci"
@ -19,56 +19,59 @@
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
initrd.kernelModules = [ ];
kernelModules = [ ];
extraModulePackages = [ ];
};
fileSystems."/" = {
fileSystems = {
"/" = {
device = "tank/nixos";
fsType = "zfs";
};
fileSystems."/nix" = {
"/nix" = {
device = "tank/nixos/nix";
fsType = "zfs";
};
fileSystems."/etc" = {
"/etc" = {
device = "tank/nixos/etc";
fsType = "zfs";
};
fileSystems."/var" = {
"/var" = {
device = "tank/nixos/var";
fsType = "zfs";
};
fileSystems."/var/lib" = {
"/var/lib" = {
device = "tank/nixos/var/lib";
fsType = "zfs";
};
fileSystems."/var/log" = {
"/var/log" = {
device = "tank/nixos/var/log";
fsType = "zfs";
};
fileSystems."/var/spool" = {
"/var/spool" = {
device = "tank/nixos/var/spool";
fsType = "zfs";
};
fileSystems."/home" = {
"/home" = {
device = "tank/userdata/home";
fsType = "zfs";
};
fileSystems."/boot" = {
"/boot" = {
device = "/dev/disk/by-uuid/5851-DEF2";
fsType = "vfat";
};
};
swapDevices = [];
swapDevices = [ ];
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;

153
hosts/h/default.nix
View File

@ -1,9 +1,8 @@
{
config,
pkgs,
isUnstable,
inputs,
...
{ config
, pkgs
, isUnstable
, inputs
, ...
}:
with pkgs; let
restic = pkgs.writeScriptBin "restic" (import ../../bins/restic.nix {
@ -11,18 +10,18 @@ with pkgs; let
inherit lib;
inherit config;
});
gqrss = callPackage ../../pkgs/gqrss.nix {inherit isUnstable;};
icbirc = callPackage ../../pkgs/icbirc.nix {inherit isUnstable;};
mcchunkie = callPackage ../../pkgs/mcchunkie.nix {inherit isUnstable;};
slidingSyncPkg = callPackage ../../pkgs/sliding-sync.nix {};
gqrss = callPackage ../../pkgs/gqrss.nix { inherit isUnstable; };
icbirc = callPackage ../../pkgs/icbirc.nix { inherit isUnstable; };
mcchunkie = callPackage ../../pkgs/mcchunkie.nix { inherit isUnstable; };
slidingSyncPkg = callPackage ../../pkgs/sliding-sync.nix { };
weepushover =
python3Packages.callPackage ../../pkgs/weepushover.nix {inherit pkgs;};
python3Packages.callPackage ../../pkgs/weepushover.nix { inherit pkgs; };
pgBackupDir = "/var/backups/postgresql";
pubKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
];
userBase = {openssh.authorizedKeys.keys = pubKeys;};
userBase = { openssh.authorizedKeys.keys = pubKeys; };
icbIrcTunnel =
pkgs.writeScriptBin "icb-irc-tunnel"
(import ../../bins/icb-irc-tunnel.nix {
@ -44,9 +43,9 @@ with pkgs; let
matrixServer = "tapenet.org";
matrixClientConfig = {
"m.homeserver".base_url = "https://${matrixServer}:443";
"org.matrix.msc3575.proxy" = {url = "https://${matrixServer}";};
"org.matrix.msc3575.proxy" = { url = "https://${matrixServer}"; };
};
matrixServerConfig = {"m.server" = "${matrixServer}:443";};
matrixServerConfig = { "m.server" = "${matrixServer}:443"; };
mkMatrixWellKnown = p: ''
return 200 '${builtins.toJSON p}';
'';
@ -61,25 +60,30 @@ with pkgs; let
proxyWebsockets = true;
proxyPass = "http://${mtxCfg.address}:${toString mtxCfg.port}";
};
in {
in
{
_module.args.isUnstable = false;
imports = [
./hardware-configuration.nix
];
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
boot.loader.grub.configurationLimit = 15;
boot = {
loader.grub = {
enable = true;
device = "/dev/sda";
configurationLimit = 15;
};
boot.kernelParams = ["net.ifnames=0"];
kernelParams = [ "net.ifnames=0" ];
};
tailscale.sshOnly = true;
nixpkgs.overlays = [
(_: super: {
weechat = super.weechat.override {
configure = {...}: {
scripts = with super.weechatScripts; [highmon weepushover];
configure = { ... }: {
scripts = with super.weechatScripts; [ highmon weepushover ];
};
};
})
@ -129,7 +133,7 @@ in {
sopsFile = config.xin-secrets.h.services;
owner = config.users.users.gostart.name;
};
wireguard_private_key = {sopsFile = config.xin-secrets.h.services;};
wireguard_private_key = { sopsFile = config.xin-secrets.h.services; };
pots_env_file = {
owner = config.users.users.pots.name;
mode = "400";
@ -158,7 +162,7 @@ in {
useDHCP = false;
defaultGateway = "23.29.118.1";
defaultGateway6 = "2602:ff16:3::1";
nameservers = ["9.9.9.9"];
nameservers = [ "9.9.9.9" ];
interfaces.eth0 = {
ipv4.addresses = [
@ -182,11 +186,11 @@ in {
interfaces = {
wg0 = {
listenPort = 7122;
ips = ["192.168.112.3/32"];
ips = [ "192.168.112.3/32" ];
peers = [
{
publicKey = "gZ16FwqUgzKgEpJgVC9BngJ+Dd0e5LPsDhDuJby0VzY=";
allowedIPs = ["192.168.112.4/32"];
allowedIPs = [ "192.168.112.4/32" ];
persistentKeepalive = 25;
}
];
@ -196,9 +200,9 @@ in {
};
firewall = {
interfaces = {"tailscale0" = {allowedTCPPorts = [9002];};};
allowedTCPPorts = [22 80 443 2222 53589];
allowedUDPPorts = [7122];
interfaces = { "tailscale0" = { allowedTCPPorts = [ 9002 ]; }; };
allowedTCPPorts = [ 22 80 443 2222 53589 ];
allowedUDPPorts = [ 7122 ];
allowedUDPPortRanges = [
{
from = 60000;
@ -231,18 +235,23 @@ in {
defaults.email = "aaron@bolddaemon.com";
};
users.groups.mcchunkie = {};
users.users.mcchunkie = {
users = {
users = {
qbit = userBase;
mcchunkie = {
createHome = true;
isSystemUser = true;
home = "/var/lib/mcchunkie";
group = "mcchunkie";
};
};
groups.mcchunkie = { };
};
systemd.services.icb-tunnel = {
wantedBy = ["network.target"];
after = ["network.target" "multi-user.target"];
systemd.services = {
icb-tunnel = {
wantedBy = [ "network.target" ];
after = [ "network.target" "multi-user.target" ];
serviceConfig = {
User = "qbit";
WorkingDirectory = "/home/qbit";
@ -250,8 +259,8 @@ in {
};
};
systemd.services.mcchunkie = {
wantedBy = ["multi-user.target"];
mcchunkie = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "mcchunkie";
Group = "mcchunkie";
@ -260,6 +269,7 @@ in {
ExecStart = "${mcchunkie}/bin/mcchunkie";
};
};
};
services = {
veilid-server = {
@ -277,8 +287,8 @@ in {
exclusive = true;
}
];
aliases = [];
rooms = [];
aliases = [ ];
rooms = [ ];
};
};
tsrevprox = {
@ -296,7 +306,7 @@ in {
enable = true;
envFile = "${config.sops.secrets.pots_env_file.path}";
};
pr-status = {enable = true;};
pr-status = { enable = true; };
gostart = {
enable = true;
keyPath = "${config.sops.secrets.gostart.path}";
@ -335,7 +345,7 @@ in {
protocol = "https";
storage-backend = "local";
storage-local-base-path = "/var/lib/gotosocial";
trusted-proxies = ["127.0.0.1/32" "23.29.118.0/24"];
trusted-proxies = [ "127.0.0.1/32" "23.29.118.0/24" ];
web-template-base-dir = "${config.services.gotosocial.package}/assets/web/template/";
web-asset-base-dir = "${config.services.gotosocial.package}/assets/web/assets/";
};
@ -347,8 +357,8 @@ in {
http_listen_port = 3031;
grpc_listen_port = 0;
};
positions = {filename = "/tmp/positions.yaml";};
clients = [{url = "http://box.humpback-trout.ts.net:3030/loki/api/v1/push";}];
positions = { filename = "/tmp/positions.yaml"; };
clients = [{ url = "http://box.humpback-trout.ts.net:3030/loki/api/v1/push"; }];
scrape_configs = [
{
job_name = "journal";
@ -361,7 +371,7 @@ in {
};
relabel_configs = [
{
source_labels = ["__journal__systemd_unit"];
source_labels = [ "__journal__systemd_unit" ];
target_label = "unit";
}
];
@ -377,7 +387,7 @@ in {
exporters = {
node = {
enable = true;
enabledCollectors = ["systemd"];
enabledCollectors = [ "systemd" ];
port = 9002;
};
};
@ -386,7 +396,7 @@ in {
enable = true;
fqdn = "tasks.suah.dev";
listenHost = "::";
organisations."bolddaemon".users = ["qbit"];
organisations."bolddaemon".users = [ "qbit" ];
openFirewall = false;
};
cron = {
@ -418,9 +428,9 @@ in {
"/var/lib/writefreely"
];
timerConfig = {OnCalendar = "00:05";};
timerConfig = { OnCalendar = "00:05"; };
pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-yearly 10"];
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-yearly 10" ];
};
};
};
@ -480,7 +490,7 @@ in {
'';
upstreams = {
"ssh_gitea" = {servers = {"192.168.112.4:2222" = {};};};
"ssh_gitea" = { servers = { "192.168.112.4:2222" = { }; }; };
};
streamConfig = ''
@ -551,7 +561,7 @@ in {
forceSSL = true;
enableACME = true;
locations."/" = {root = "${pkgs.glowing-bear}";};
locations."/" = { root = "${pkgs.glowing-bear}"; };
};
"git.tapenet.org" = {
@ -569,17 +579,19 @@ in {
forceSSL = true;
enableACME = true;
locations."/" = {
locations = {
"/" = {
proxyPass = "http://192.168.112.4:8222";
proxyWebsockets = true;
};
locations."/admin" = {
"/admin" = {
extraConfig = ''
${httpAllow}
deny all;
'';
};
};
};
"suah.dev" = {
forceSSL = true;
@ -728,29 +740,33 @@ in {
forceSSL = true;
enableACME = true;
root = "/var/www/tapenet.org";
locations."/.well-known/matrix/client".extraConfig =
locations = {
"/.well-known/matrix/client".extraConfig =
mkMatrixWellKnown matrixClientConfig;
locations."/.well-known/matrix/server".extraConfig =
"/.well-known/matrix/server".extraConfig =
mkMatrixWellKnown matrixServerConfig;
locations."/client" = mkMatrixSliderLoc;
locations."/_matrix/client/unstable/org.matrix.msc3575/sync" =
"/client" = mkMatrixSliderLoc;
"/_matrix/client/unstable/org.matrix.msc3575/sync" =
mkMatrixSliderLoc;
locations."/_matrix" = mkMatrixLoc;
locations."/_synapse/client" = mkMatrixLoc;
"/_matrix" = mkMatrixLoc;
"/_synapse/client" = mkMatrixLoc;
};
}
else {
forceSSL = true;
enableACME = true;
root = "/var/www/tapenet.org";
locations."/.well-known/matrix/client".extraConfig =
locations = {
"/.well-known/matrix/client".extraConfig =
mkMatrixWellKnown matrixClientConfig;
locations."/.well-known/matrix/server".extraConfig =
"/.well-known/matrix/server".extraConfig =
mkMatrixWellKnown matrixServerConfig;
locations."/_matrix" = mkMatrixLoc;
locations."/_synapse/client" = mkMatrixLoc;
"/_matrix" = mkMatrixLoc;
"/_synapse/client" = mkMatrixLoc;
};
};
};
};
@ -764,7 +780,7 @@ in {
enable = true;
package = pkgs.postgresql_14;
settings = {};
settings = { };
enableTCPIP = true;
authentication = pkgs.lib.mkOverride 14 ''
@ -780,7 +796,7 @@ in {
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
ensureDatabases = ["synapse" "gotosocial" "syncv3"];
ensureDatabases = [ "synapse" "gotosocial" "syncv3" ];
ensureUsers = [
{
name = "synapse_user";
@ -834,7 +850,7 @@ in {
"porn"
"csam"
];
aditionalPrefixes = ["hammer"];
aditionalPrefixes = [ "hammer" ];
confirmWildcardBan = false;
};
};
@ -850,7 +866,7 @@ in {
server_name = "tapenet.org";
signing_key_path = "${config.sops.secrets.synapse_signing_key.path}";
url_preview_enabled = false;
plugins = with config.services.matrix-synapse.package.plugins; [matrix-synapse-mjolnir-antispam];
plugins = with config.services.matrix-synapse.package.plugins; [ matrix-synapse-mjolnir-antispam ];
app_service_config_files = [
"/var/lib/heisenbridge/registration.yml"
];
@ -864,15 +880,15 @@ in {
listeners = [
{
inherit (mtxCfg) port;
bind_addresses = [mtxCfg.address];
bind_addresses = [ mtxCfg.address ];
resources = [
{
compress = true;
names = ["client"];
names = [ "client" ];
}
{
compress = false;
names = ["federation"];
names = [ "federation" ];
}
];
tls = false;
@ -884,7 +900,6 @@ in {
};
};
users.users.qbit = userBase;
system.stateVersion = "22.11";
}

25
hosts/h/hardware-configuration.nix
View File

@ -1,25 +1,28 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
{ config
, lib
, modulesPath
, ...
}: {
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["wireguard"];
boot.extraModulePackages = [];
boot = {
initrd = {
availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" ];
kernelModules = [ ];
};
kernelModules = [ "wireguard" ];
extraModulePackages = [ ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/b3caa6ff-5610-4ae2-999d-f8f0b1599c4f";
fsType = "ext4";
};
swapDevices = [{device = "/dev/disk/by-uuid/610a3dbc-59d5-4e5b-b5de-b31402135d44";}];
swapDevices = [{ device = "/dev/disk/by-uuid/610a3dbc-59d5-4e5b-b5de-b31402135d44"; }];
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;

28
hosts/luna/default.nix
View File

@ -1,24 +1,30 @@
{...}: let
{ ... }:
let
pubKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPMaAm4rDxyU975Z54YiNw3itC2fGc3SaE2VaS1fai8 root@box"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq"
];
userBase = {openssh.authorizedKeys.keys = pubKeys;};
in {
userBase = { openssh.authorizedKeys.keys = pubKeys; };
in
{
_module.args.isUnstable = false;
imports = [./hardware-configuration.nix];
imports = [ ./hardware-configuration.nix ];
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sdb";
boot.loader.grub.useOSProber = true;
boot.loader.grub = {
enable = true;
device = "/dev/sdb";
useOSProber = true;
};
# The moon based shipyard
networking.hostName = "luna";
networking = {
hostName = "luna";
networking.networkmanager.enable = true;
networking.firewall.allowedTCPPorts = [22];
networkmanager.enable = true;
firewall.allowedTCPPorts = [ 22 ];
};
environment.systemPackages = [];
environment.systemPackages = [ ];
users.users.root = userBase;
users.users.qbit = userBase;

25
hosts/luna/hardware-configuration.nix
View File

@ -1,12 +1,13 @@
{
config,
lib,
modulesPath,
...
{ config
, lib
, modulesPath
, ...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [
boot = {
initrd = {
availableKernelModules = [
"uhci_hcd"
"ehci_pci"
"ata_piix"
@ -16,16 +17,18 @@
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/caa1051c-f7c3-4809-9a63-b3908de9c27c";
fsType = "ext4";
};
swapDevices = [{device = "/dev/disk/by-uuid/53f8fb0f-1fd8-4785-9278-343b525a23be";}];
swapDevices = [{ device = "/dev/disk/by-uuid/53f8fb0f-1fd8-4785-9278-343b525a23be"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

25
hosts/plq/default.nix
View File

@ -1,17 +1,18 @@
{
pkgs,
lib,
isUnstable,
...
}: let
{ pkgs
, lib
, isUnstable
, ...
}:
let
secretAgent = "Contents/Library/LoginItems/SecretAgent.app/Contents/MacOS/SecretAgent";
rage =
pkgs.writeScriptBin "rage" (import ../../bins/rage.nix {inherit pkgs;});
in {
pkgs.writeScriptBin "rage" (import ../../bins/rage.nix { inherit pkgs; });
in
{
_module.args.isUnstable = false;
imports = [../../configs/tmux.nix ../../configs/zsh.nix ../../bins];
imports = [ ../../configs/tmux.nix ../../configs/zsh.nix ../../bins ];
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
networking.hostName = "plq";
@ -69,8 +70,8 @@ in {
};
environment.systemPackages = with pkgs; [
(callPackage ../../pkgs/secretive.nix {inherit isUnstable;})
(callPackage ../../pkgs/hammerspoon.nix {inherit isUnstable;})
(callPackage ../../pkgs/secretive.nix { inherit isUnstable; })
(callPackage ../../pkgs/hammerspoon.nix { inherit isUnstable; })
direnv
exiftool

48
hosts/pwntie/default.nix
View File

@ -1,13 +1,14 @@
{
pkgs,
config,
...
}: let
{ pkgs
, config
, ...
}:
let
#myEmacs = pkgs.callPackage ../../configs/emacs.nix { };
pubKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
];
in {
in
{
_module.args.isUnstable = false;
imports = [
./hardware-configuration.nix
@ -16,12 +17,18 @@ in {
hardware.rtl-sdr.enable = true;
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.kernelPackages = pkgs.linuxPackages_latest;
boot = {
loader = {
systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/efi";
};
};
kernelPackages = pkgs.linuxPackages_latest;
boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ];
};
nixpkgs.config.allowUnsupportedSystem = true;
networking = {
@ -29,7 +36,7 @@ in {
networkmanager.enable = true;
firewall = {
enable = true;
allowedTCPPorts = [22];
allowedTCPPorts = [ 22 ];
checkReversePath = "loose";
};
};
@ -43,16 +50,14 @@ in {
XDG_DATA_HOME = "\${HOME}/.local/share";
STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d";
PATH = ["\${XDG_BIN_HOME}"];
PATH = [ "\${XDG_BIN_HOME}" ];
};
users.users.qbit.extraGroups = ["dialout" "libvirtd" "docker" "plugdev"];
#nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
rtl-sdr
direwolf
(callPackage ../../pkgs/rtlamr.nix {})
(callPackage ../../pkgs/rtlamr.nix { })
];
#programs = {
@ -116,8 +121,15 @@ in {
};
};
users.users.root = {openssh.authorizedKeys.keys = pubKeys;};
users.users.qbit = {openssh.authorizedKeys.keys = pubKeys;};
users = {
users = {
root = { openssh.authorizedKeys.keys = pubKeys; };
qbit = {
openssh.authorizedKeys.keys = pubKeys;
extraGroups = [ "dialout" "libvirtd" "docker" "plugdev" ];
};
};
};
system.stateVersion = "22.11";
}

29
hosts/pwntie/hardware-configuration.nix
View File

@ -1,30 +1,33 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
{ config
, lib
, modulesPath
, ...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
boot = {
initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
};
fileSystems."/" = {
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/dd7f2225-4c7a-4f40-8452-0aebf1a75aec";
fsType = "ext4";
};
fileSystems."/boot/efi" = {
"/boot/efi" = {
device = "/dev/disk/by-uuid/2079-D1CE";
fsType = "vfat";
};
};
swapDevices = [{device = "/dev/disk/by-uuid/e14ac85b-d7b0-4a76-b9ab-a2c61fd67a5d";}];
swapDevices = [{ device = "/dev/disk/by-uuid/e14ac85b-d7b0-4a76-b9ab-a2c61fd67a5d"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

39
hosts/router/default.nix
View File

@ -1,9 +1,9 @@
{
config,
pkgs,
lib,
...
}: let
{ config
, pkgs
, lib
, ...
}:
let
inherit
(builtins)
head
@ -11,7 +11,7 @@
attrValues
mapAttrs
attrNames
; # hasAttr;
;# hasAttr;
inherit (lib.attrsets) filterAttrsRecursive filterAttrs;
pubKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
@ -22,9 +22,9 @@
wan = "enp5s0f0";
trunk = "enp5s0f1";
dnsServers = ["45.90.28.147" "45.90.30.147"];
dnsServers = [ "45.90.28.147" "45.90.30.147" ];
interfaces = {
"${wan}" = {useDHCP = true;};
"${wan}" = { useDHCP = true; };
"${trunk}" = rec {
ipv4.addresses = [
{
@ -96,7 +96,7 @@
enable = true;
start = "10.99.1.100";
end = "10.99.1.155";
staticIPs = [];
staticIPs = [ ];
};
};
};
@ -118,7 +118,7 @@
enable = true;
start = "10.98.1.100";
end = "10.98.1.150";
staticIPs = [];
staticIPs = [ ];
};
};
};
@ -140,7 +140,7 @@
enable = true;
start = "10.10.0.100";
end = "10.10.0.155";
staticIPs = [];
staticIPs = [ ];
};
};
};
@ -162,7 +162,7 @@
enable = false;
start = "10.12.0.100";
end = "10.12.0.155";
staticIPs = [];
staticIPs = [ ];
};
};
};
@ -213,7 +213,7 @@
enable = false;
start = "10.20.30.100";
end = "10.20.30.155";
staticIPs = [];
staticIPs = [ ];
};
};
};
@ -294,14 +294,15 @@
enable = false;
start = "10.7.0.100";
end = "10.7.0.155";
staticIPs = [];
staticIPs = [ ];
};
};
};
};
in {
in
{
_module.args.isUnstable = false;
imports = [./hardware-configuration.nix ../../modules/tsvnstat.nix];
imports = [ ./hardware-configuration.nix ../../modules/tsvnstat.nix ];
boot.kernel.sysctl = {
"net.ipv4.conf.all.forwarding" = true;
@ -463,7 +464,7 @@ in {
{
name = "common";
advertise = true;
prefix = [{prefix = "::/64";}];
prefix = [{ prefix = "::/64"; }];
}
];
};
@ -514,7 +515,7 @@ in {
};
};
environment.systemPackages = with pkgs; [bmon termshark tcpdump];
environment.systemPackages = with pkgs; [ bmon termshark tcpdump ];
users.users.root = userBase;
users.users.qbit = userBase;

33
hosts/router/hardware-configuration.nix
View File

@ -1,29 +1,34 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
{ config
, lib
, modulesPath
, ...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
boot.loader.grub.useOSProber = true;
boot.loader.grub = {
enable = true;
device = "/dev/sda";
useOSProber = true;
};
boot.initrd.availableKernelModules = ["ehci_pci" "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["nf_tables" "nf_tables_ipv6" "nf_conntrack_tftp"];
boot.extraModulePackages = [];
boot = {
initrd = {
availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" ];
kernelModules = [ ];
};
kernelModules = [ "nf_tables" "nf_tables_ipv6" "nf_conntrack_tftp" ];
extraModulePackages = [ ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/4c84fd36-f143-4db8-bfe5-65de0287f894";
fsType = "ext4";
};
swapDevices = [];
swapDevices = [ ];
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;

50
hosts/stan/default.nix
View File

@ -1,9 +1,9 @@
{
config,
inputs,
pkgs,
...
}: let
{ config
, inputs
, pkgs
, ...
}:
let
pubKeys = [
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0= hosts@secretive.plq.local"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
@ -20,9 +20,10 @@
doom-emacs = inputs.nix-doom-emacs.packages.${pkgs.system}.default.override {
doomPrivateDir = ../../configs/doom.d;
};
in {
in
{
_module.args.isUnstable = true;
imports = [./hardware-configuration.nix];
imports = [ ./hardware-configuration.nix ];
boot = {
loader = {
@ -34,9 +35,9 @@ in {
initrd = {
luks.devices."luks-23b20980-eb1e-4390-b706-f0f42a623ddf".device = "/dev/disk/by-uuid/23b20980-eb1e-4390-b706-f0f42a623ddf";
luks.devices."luks-23b20980-eb1e-4390-b706-f0f42a623ddf".keyFile = "/crypto_keyfile.bin";
secrets = {"/crypto_keyfile.bin" = null;};
secrets = { "/crypto_keyfile.bin" = null; };
};
kernelParams = ["intel_idle.max_cstate=4"];
kernelParams = [ "intel_idle.max_cstate=4" ];
kernelPackages = pkgs.linuxPackages;
};
security.pki.certificates = [
@ -97,15 +98,15 @@ in {
hostName = "stan";
hosts = {
"172.16.30.253" = ["proxmox-02.vm.calyptix.local"];
"127.0.0.1" = ["borg.calyptix.dev" "localhost"];
"192.168.122.249" = ["arst.arst" "vm"];
"192.168.8.194" = ["router.arst" "router"];
"172.16.30.253" = [ "proxmox-02.vm.calyptix.local" ];
"127.0.0.1" = [ "borg.calyptix.dev" "localhost" ];
"192.168.122.249" = [ "arst.arst" "vm" ];
"192.168.8.194" = [ "router.arst" "router" ];
};
networkmanager.enable = true;
firewall = {
allowedTCPPorts = [22];
allowedTCPPorts = [ 22 ];
checkReversePath = "loose";
};
};
@ -138,8 +139,8 @@ in {
systemd.services = {
"tailscale-init" = {
wantedBy = ["tailscaled.service"];
after = ["tailscaled.service"];
wantedBy = [ "tailscaled.service" ];
after = [ "tailscaled.service" ];
serviceConfig = {
ExecStart = "${pkgs.tailscale}/bin/tailscale up --auth-key file://${config.sops.secrets.tskey.path}";
};
@ -152,7 +153,7 @@ in {
isNormalUser = true;
description = "Aaron Bieber";
shell = pkgs.zsh;
extraGroups = ["networkmanager" "wheel" "libvirtd"];
extraGroups = [ "networkmanager" "wheel" "libvirtd" ];
}
// userBase;
@ -184,22 +185,24 @@ in {
zig
rustdesk
(callPackage ../../pkgs/zutty.nix {})
(callPackage ../../pkgs/zutty.nix { })
];
virtualisation.libvirtd.enable = true;
programs.git.config.safe.directory = "/home/abieber/aef100";
programs = {
git.config.safe.directory = "/home/abieber/aef100";
dconf.enable = true;
zsh.enable = true;
ssh.knownHosts = {
"[192.168.122.249]:7022".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAOzf2Rv6FZYuH758TlNBcq4CXAHTPJxe5qoQTRM3nRc";
};
};
tsPeerix = {
enable = false;
privateKeyFile = "${config.sops.secrets.peerix_private_key.path}";
interfaces = ["wlp170s0" "ztksevmpn3"];
interfaces = [ "wlp170s0" "ztksevmpn3" ];
};
services = {
@ -213,9 +216,6 @@ in {
};
};
programs.ssh.knownHosts = {
"[192.168.122.249]:7022".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAOzf2Rv6FZYuH758TlNBcq4CXAHTPJxe5qoQTRM3nRc";
};
system.autoUpgrade.allowReboot = false;
system.stateVersion = "22.05"; # Did you read the comment?

33
hosts/stan/hardware-configuration.nix
View File

@ -1,18 +1,22 @@
{
pkgs,
config,
lib,
modulesPath,
...
{ pkgs
, config
, lib
, modulesPath
, ...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot = {
initrd = {
availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ];
kernelModules = [ ];
luks.devices."luks-e12e4b82-6f9e-4f80-b3f4-7e9a248e7827".device = "/dev/disk/by-uuid/e12e4b82-6f9e-4f80-b3f4-7e9a248e7827";
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
system.fsPackages = [pkgs.sshfs];
system.fsPackages = [ pkgs.sshfs ];
fileSystems = {
"/" = {
@ -30,7 +34,7 @@
"_netdev"
"x-systemd.automount"
(builtins.replaceStrings [" "] ["\\040"]
(builtins.replaceStrings [ " " ] [ "\\040" ]
"ssh_command=${pkgs.openssh}/bin/ssh -F /home/abieber/.ssh/config")
"reconnect"
"allow_other"
@ -43,9 +47,8 @@
};
};
boot.initrd.luks.devices."luks-e12e4b82-6f9e-4f80-b3f4-7e9a248e7827".device = "/dev/disk/by-uuid/e12e4b82-6f9e-4f80-b3f4-7e9a248e7827";
swapDevices = [{device = "/dev/disk/by-uuid/85a3b559-0c0f-485d-9107-9f6ba5ad31da";}];
swapDevices = [{ device = "/dev/disk/by-uuid/85a3b559-0c0f-485d-9107-9f6ba5ad31da"; }];
networking.useDHCP = lib.mkDefault true;

35
hosts/weather/default.nix
View File

@ -1,9 +1,9 @@
{
config,
pkgs,
lib,
...
}: let
{ config
, pkgs
, lib
, ...
}:
let
pubKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0= hosts@secretive.plq.local"
@ -11,19 +11,20 @@
userBase = {
openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys;
};
firefox = import ../../configs/firefox.nix {inherit pkgs;};
in {
firefox = import ../../configs/firefox.nix { inherit pkgs; };
in
{
_module.args.isUnstable = false;
imports = [./hardware-configuration.nix];
imports = [ ./hardware-configuration.nix ];
defaultUsers.enable = false;
programs = {} // firefox.programs;
programs = { } // firefox.programs;
boot = {
initrd.availableKernelModules = ["usbhid" "usb_storage" "vc4" "rtc-ds3232" "rtc-ds1307"];
initrd.availableKernelModules = [ "usbhid" "usb_storage" "vc4" "rtc-ds3232" "rtc-ds1307" ];
kernelPackages = pkgs.linuxPackages_latest;
kernelModules = ["raspberrypi_ts" "rtc-ds3232" "rtc-ds1307"];
kernelModules = [ "raspberrypi_ts" "rtc-ds3232" "rtc-ds1307" ];
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
@ -32,21 +33,21 @@ in {
networking = {
hostName = "weather";
networkmanager = {enable = true;};
networkmanager = { enable = true; };
wireless.userControlled.enable = true;
hosts."100.120.151.126" = ["graph.tapenet.org"];
hosts."100.120.151.126" = [ "graph.tapenet.org" ];
};
users.users.weather = {
shell = pkgs.zsh;
isNormalUser = true;
description = "Weather";
extraGroups = ["wheel"];
extraGroups = [ "wheel" ];
};
preDNS.enable = false;
systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart =
lib.mkForce ["" "${pkgs.networkmanager}/bin/nm-online -q"];
lib.mkForce [ "" "${pkgs.networkmanager}/bin/nm-online -q" ];
services.xserver = {
enable = true;
@ -54,7 +55,7 @@ in {
windowManager.xmonad = {
enable = true;
extraPackages = haskellPackages: [haskellPackages.xmonad-contrib];
extraPackages = haskellPackages: [ haskellPackages.xmonad-contrib ];
config = ''
{-# LANGUAGE QuasiQuotes #-}

2
hosts/weather/hardware-configuration.nix
View File

@ -1,4 +1,4 @@
{...}: {
{ ... }: {
fileSystems = {
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";

23
hosts/weatherzero/default.nix
View File

@ -1,9 +1,9 @@
{
config,
pkgs,
lib,
...
}: let
{ config
, pkgs
, lib
, ...
}:
let
pubKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0= hosts@secretive.plq.local"
@ -11,7 +11,8 @@
userBase = {
openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys;
};
in {
in
{
_module.args.isUnstable = false;
imports = [
./hardware-configuration.nix
@ -27,23 +28,23 @@ in {
"hid_microsoft"
];
supportedFilesystems = lib.mkForce ["vfat"];
supportedFilesystems = lib.mkForce [ "vfat" ];
kernelPackages = lib.mkForce pkgs.linuxPackages_rpi0;
};
networking = {
hostName = "wzero";
networkmanager = {enable = true;};
networkmanager = { enable = true; };
wireless.userControlled.enable = true;
hosts."100.120.151.126" = ["graph.tapenet.org"];
hosts."100.120.151.126" = [ "graph.tapenet.org" ];
};
users.users.weather = {
shell = pkgs.zsh;
isNormalUser = true;
description = "Weather";
extraGroups = ["wheel"];
extraGroups = [ "wheel" ];
};
preDNS.enable = false;

4
hosts/weatherzero/hardware-configuration.nix
View File

@ -1,8 +1,8 @@
{pkgs, ...}: {
{ pkgs, ... }: {
hardware = {
deviceTree = {
enable = true;
overlays = ["${pkgs.device-tree_rpi.overlays}/hifiberry-dac.dtbo"];
overlays = [ "${pkgs.device-tree_rpi.overlays}/hifiberry-dac.dtbo" ];
};
enableRedistributableFirmware = true;

40
install_template.nix
View File

@ -1,4 +1,5 @@
{pkgs, ...}: let
{ pkgs, ... }:
let
pubKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDM2k2C6Ufx5RNf4qWA9BdQHJfAkskOaqEWf8yjpySwH Nix Manager"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB1cBO17AFcS2NtIT+rIxR2Fhdu3HD4de4+IsFyKKuGQAAAACnNzaDpsZXNzZXI="
@ -6,12 +7,17 @@
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHrYWbbgBkGcOntDqdMaWVZ9xn+dHM+Ap6s1HSAalL28AAAACHNzaDptYWlu"
];
in {
imports = [./hardware-configuration.nix];
in
{
imports = [ ./hardware-configuration.nix ];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.loader = {
systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/efi";
};
};
nix = {
package = pkgs.nixUnstable;
@ -20,9 +26,10 @@ in {
'';
};
networking.hostName = "changeme";
networking.networkmanager.enable = true;
networking = {
hostName = "changeme";
networkmanager.enable = true;
};
time.timeZone = "America/Denver";
@ -32,24 +39,25 @@ in {
layout = "us";
xkbVariant = "colemak";
};
console = {keyMap = "colemak";};
console = { keyMap = "colemak"; };
users.users.qbit = {
users.users = {
qbit = {
isNormalUser = true;
description = "Aaron Bieber";
extraGroups = ["networkmanager" "wheel"];
packages = [];
extraGroups = [ "networkmanager" "wheel" ];
packages = [ ];
};
root = { openssh.authorizedKeys.keys = pubKeys; };
};
# neovim will overwrite my neovim!!
environment.systemPackages = with pkgs; [neovim jq];
environment.systemPackages = with pkgs; [ neovim jq ];
services.openssh = {
enable = true;
permitRootLogin = "prohibit-password";
};
users.users.root = {openssh.authorizedKeys.keys = pubKeys;};
system.stateVersion = "22.05"; # Did you read the comment?
}

34
installer.nix
View File

@ -1,13 +1,13 @@
{
config,
lib,
options,
pkgs,
...
}: let
{ config
, lib
, pkgs
, ...
}:
let
managementKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDM2k2C6Ufx5RNf4qWA9BdQHJfAkskOaqEWf8yjpySwH Nix Manager";
in {
imports = [./configs/colemak.nix ./configs/tmux.nix ./configs/neovim.nix];
in
{
imports = [ ./configs/colemak.nix ./configs/tmux.nix ./configs/neovim.nix ];
options.myconf = {
hwPubKeys = lib.mkOption rec {
@ -74,7 +74,7 @@ in {
};
config = {
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# from https://github.com/dylanaraps/neofetch
users.motd = ''
@ -102,11 +102,13 @@ in {
'';
boot.tmp.cleanOnBoot = true;
environment.systemPackages = with pkgs; [apg inetutils];
environment = {
systemPackages = with pkgs; [ apg inetutils ];
environment.interactiveShellInit = ''
interactiveShellInit = ''
alias vi=nvim
'';
};
time.timeZone = "US/Mountain";
@ -114,15 +116,15 @@ in {
if pkgs.system == "aarch64-linux"
then {
description = "Set date on boot";
wantedBy = ["network-online.target"];
after = ["network-online.target"];
wantedBy = [ "network-online.target" ];
after = [ "network-online.target" ];
script = ''
. /etc/profile;
${pkgs.outils}/bin/rdate pool.ntp.org
'';
serviceConfig.Type = "oneshot";
}
else {};
else { };
programs = {
zsh.enable = true;
@ -149,7 +151,7 @@ in {
settings = {
PermitRootLogin = lib.mkForce "prohibit-password";
PasswordAuthentication = false;
KexAlgorithms = ["curve25519-sha256" "curve25519-sha256@libssh.org"];
KexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
Macs = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"

30
lib/default.nix
View File

@ -1,18 +1,22 @@
{lib, ...}: let
{ lib, ... }:
let
inherit (builtins) toString readFile fromJSON filter;
getPrStatus = pr: let
getPrStatus = pr:
let
prstr = toString pr;
prStatus = fromJSON (readFile ../pull_requests/${prstr}.json);
in
prStatus;
prIsOpen = {
option = pr: a: let
option = pr: a:
let
prStatus = getPrStatus pr;
in
if prStatus.status == "open"
then a
else {};
pkg = pr: localPkg: upstreamPkg: let
else { };
pkg = pr: localPkg: upstreamPkg:
let
prStatus = getPrStatus pr;
in
if prStatus.status == "open"
@ -22,7 +26,8 @@
"PR: ${toString pr} (${prStatus.title}) is complete, ignoring pkg..."
upstreamPkg;
overlay = pr: overlay: let
overlay = pr: overlay:
let
prStatus = getPrStatus pr;
in
if pr == 0 || prStatus.status == "open"
@ -30,7 +35,8 @@
else
lib.warn "PR: ${
toString pr
} (${prStatus.title}) is complete, ignoring overlay..." (_: _: {});
} (${prStatus.title}) is complete, ignoring overlay..."
(_: _: { });
};
todo = msg: lib.warn "TODO: ${msg}";
@ -48,7 +54,7 @@
value = {
script = mkCronScript "${job.name}_script" job.script;
inherit (job) startAt path;
serviceConfig = {Type = "oneshot";};
serviceConfig = { Type = "oneshot"; };
};
};
jobToService = job: {
@ -91,9 +97,11 @@
# Set our configurationRevison based on the status of our git repo.
# If the repo is dirty, disable autoUpgrade as it means we are
# testing something.
buildVer = self: let
buildVer = self:
let
state = self.rev or "DIRTY";
in {
in
{
system.configurationRevision = state;
system.autoUpgrade.enable = lib.mkDefault (state != "DIRTY");
};
@ -111,4 +119,4 @@
;
};
in
xinlib
xinlib

2
modules/default.nix
View File

@ -1,4 +1,4 @@
{...}: {
{ ... }: {
imports = [
./golink.nix
./gotosocial.nix

26
modules/golink.nix
View File

@ -1,19 +1,19 @@
{
config,
lib,
pkgs,
...
{ config
, lib
, pkgs
, ...
}:
with pkgs; let
cfg = config.services.golink;
golink = callPackage ../pkgs/golink.nix {};
in {
golink = callPackage ../pkgs/golink.nix { };
in
{
options = with lib; {
services.golink = {
enable = mkEnableOption "Enable golink";
user = mkOption {
type = with types; oneOf [str int];
type = with types; oneOf [ str int ];
default = "golink";
description = ''
The user the service will use.
@ -37,7 +37,7 @@ in {
};
group = mkOption {
type = with types; oneOf [str int];
type = with types; oneOf [ str int ];
default = "golink";
description = ''
The user the service will use.
@ -53,7 +53,7 @@ in {
};
};
config = lib.mkIf cfg.enable {
users.groups.${cfg.group} = {};
users.groups.${cfg.group} = { };
users.users.${cfg.user} = {
description = "golink service user";
isSystemUser = true;
@ -65,10 +65,10 @@ in {
systemd.services.golink = {
enable = true;
description = "golink server";
wantedBy = ["network-online.target"];
after = ["network-online.target"];
wantedBy = [ "network-online.target" ];
after = [ "network-online.target" ];
path = [pkgs.vnstat];
path = [ pkgs.vnstat ];
environment = {
HOME = cfg.dataDir;

28
modules/gotosocial.nix
View File

@ -1,27 +1,27 @@
{
config,
lib,
pkgs,
...
{ config
, lib
, pkgs
, ...
}:
with pkgs; let
cfg = config.services.gotosocial;
gotosocial = callPackage ../pkgs/gotosocial.nix {};
settingsFormat = pkgs.formats.json {};
gotosocial = callPackage ../pkgs/gotosocial.nix { };
settingsFormat = pkgs.formats.json { };
settingsType = settingsFormat.type;
prettyJSON = conf:
pkgs.runCommandLocal "gotosocial-config.json" {} ''
pkgs.runCommandLocal "gotosocial-config.json" { } ''
echo '${
builtins.toJSON conf
}' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out
'';
in {
in
{
options = with lib; {
services.gotosocial = {
enable = mkEnableOption "Enable gotosocial";
user = mkOption {
type = with types; oneOf [str int];
type = with types; oneOf [ str int ];
default = "gotosocial";
description = ''
The user the service will use.
@ -29,7 +29,7 @@ in {
};
group = mkOption {
type = with types; oneOf [str int];
type = with types; oneOf [ str int ];
default = "gotosocial";
description = ''
The user the service will use.
@ -53,7 +53,7 @@ in {
};
config = lib.mkIf cfg.enable {
users.groups.gotosocial = {};
users.groups.gotosocial = { };
users.users.gotosocial = {
description = "Gotosocial service user";
isSystemUser = true;
@ -65,8 +65,8 @@ in {
systemd.services.gotosocial = {
enable = true;
description = "GoToSocial server";
wantedBy = ["multi-user.target"];
after = ["postgresql.service"];
wantedBy = [ "multi-user.target" ];
after = [ "postgresql.service" ];
serviceConfig = {
User = cfg.user;

28
modules/rtlamr2mqtt.nix
View File

@ -1,27 +1,27 @@
{
config,
lib,
pkgs,
...
{ config
, lib
, pkgs
, ...
}:
with pkgs; let
cfg = config.services.rtlamr2mqtt;
rtlamr2mqtt = pkgs.python3Packages.callPackage ../pkgs/rtlamr2mqtt.nix {};
settingsFormat = pkgs.formats.json {};
rtlamr2mqtt = pkgs.python3Packages.callPackage ../pkgs/rtlamr2mqtt.nix { };
settingsFormat = pkgs.formats.json { };
settingsType = settingsFormat.type;
prettyJSON = conf:
pkgs.runCommandLocal "rtlamr2mqtt-config.json" {} ''
pkgs.runCommandLocal "rtlamr2mqtt-config.json" { } ''
echo '${
builtins.toJSON conf
}' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out
'';
in {
in
{
options = with lib; {
services.rtlamr2mqtt = {
enable = mkEnableOption "Enable rtlamr2mqtt";
user = mkOption {
type = with types; oneOf [str int];
type = with types; oneOf [ str int ];
default = "rtlamr2mqtt";
description = ''
The user the service will use.
@ -29,7 +29,7 @@ in {
};
group = mkOption {
type = with types; oneOf [str int];
type = with types; oneOf [ str int ];
default = "rtlamr2mqtt";
description = ''
The user the service will use.
@ -53,20 +53,20 @@ in {
};
config = lib.mkIf cfg.enable {
users.groups.rtlamr2mqtt = {};
users.groups.rtlamr2mqtt = { };
users.users.rtlamr2mqtt = {
description = "rtlamr2mqtt service user";
isSystemUser = true;
home = "/var/lib/rtlamr2mqtt";
createHome = true;
group = "rtlamr2mqtt";
extraGroups = ["plugdev"];
extraGroups = [ "plugdev" ];
};
systemd.services.rtlamr2mqtt = {
enable = true;
description = "rtlamr2mqtt server";
wantedBy = ["multi-user.target"];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = cfg.user;

25
modules/sliding-sync.nix
View File

@ -1,17 +1,18 @@
{
lib,
config,
pkgs,
...
}: let
{ lib
, config
, pkgs
, ...
}:
let
cfg = config.services.sliding-sync;
in {
in
{
options = with lib; {
services.sliding-sync = {
enable = lib.mkEnableOption "Enable sliding-sync";
user = mkOption {
type = with types; oneOf [str int];
type = with types; oneOf [ str int ];
default = "syncv3";
description = ''
The user the service will use.
@ -19,7 +20,7 @@ in {
};
group = mkOption {
type = with types; oneOf [str int];
type = with types; oneOf [ str int ];
default = "syncv3";
description = ''
The group the service will use.
@ -68,7 +69,7 @@ in {
};
config = lib.mkIf cfg.enable {
users.groups.${cfg.group} = {};
users.groups.${cfg.group} = { };
users.users.${cfg.user} = {
description = "sliding-sync service user";
isSystemUser = true;
@ -80,8 +81,8 @@ in {
systemd.services.sliding-sync = {
enable = true;
description = "sliding-sync server";
wantedBy = ["network-online.target"];
after = ["network-online.target" "matrix-synapse.service"];
wantedBy = [ "network-online.target" ];
after = [ "network-online.target" "matrix-synapse.service" ];
environment = {
HOME = "${cfg.dataDir}";

23
modules/ssh-fido-agent.nix
View File

@ -1,9 +1,9 @@
{
config,
lib,
pkgs,
...
}: let
{ config
, lib
, pkgs
, ...
}:
let
perl = "${pkgs.perl}/bin/perl";
sshAdd = "${pkgs.openssh}/bin/ssh-add";
pKill = "${pkgs.procps}/bin/pkill";
@ -45,7 +45,8 @@
export SSH_AUTH_SOCK="$(echo $XDG_RUNTIME_DIR/ssh-agent)";
exec ${config.programs.ssh.askPassword} "$@"
'';
in {
in
{
options = {
sshFidoAgent = {
enable = lib.mkEnableOption "Add FIDO keys to ssh-agent when attached.";
@ -53,14 +54,14 @@ in {
};
config = lib.mkIf config.sshFidoAgent.enable {
environment.systemPackages = [fidoAddDevice];
environment.systemPackages = [ fidoAddDevice ];
systemd.user.services.sshfidoagent = {
script = ''
${fidoAddDevice}/bin/fido-add-device
'';
wantedBy = ["graphical-session.target"];
partOf = ["graphical-session.target"];
after = ["graphical-session.target"];
wantedBy = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
environment.DISPLAY = "fake";
environment.SSH_ASKPASS = askPassWrapper;
#serviceConfig = { Restart = "on-failure"; };

27
modules/ts-rev-prox.nix
View File

@ -1,11 +1,12 @@
{
lib,
config,
pkgs,
...
}: let
{ lib
, config
, pkgs
, ...
}:
let
cfg = config.services.tsrevprox;
in {
in
{
options = with lib; {
services.tsrevprox = {
enable = lib.mkEnableOption "Enable tsrevprox";
@ -35,7 +36,7 @@ in {
};
user = mkOption {
type = with types; oneOf [str int];
type = with types; oneOf [ str int ];
default = "tsrevprox";
description = ''
The user the service will use.
@ -43,7 +44,7 @@ in {
};
group = mkOption {
type = with types; oneOf [str int];
type = with types; oneOf [ str int ];
default = "tsrevprox";
description = ''
The group the service will use.
@ -74,7 +75,7 @@ in {
};
config = lib.mkIf cfg.enable {
users.groups.${cfg.group} = {};
users.groups.${cfg.group} = { };
users.users.${cfg.user} = {
description = "tsrevprox service user";
isSystemUser = true;
@ -86,10 +87,10 @@ in {
systemd.services.tsrevprox = {
enable = true;
description = "tsrevprox server";
wantedBy = ["network-online.target"];
after = ["network-online.target"];
wantedBy = [ "network-online.target" ];
after = [ "network-online.target" ];
environment = {HOME = "${cfg.dataDir}";};
environment = { HOME = "${cfg.dataDir}"; };
serviceConfig = {
User = cfg.user;

26
modules/tsvnstat.nix
View File

@ -1,20 +1,20 @@
{
config,
lib,
pkgs,
inputs,
...
{ config
, lib
, pkgs
, inputs
, ...
}:
with pkgs; let
cfg = config.services.tsvnstat;
inherit (inputs.tsvnstat.packages.${pkgs.system}) tsvnstat;
in {
in
{
options = with lib; {
services.tsvnstat = {
enable = mkEnableOption "Enable tsvnstat";
user = mkOption {
type = with types; oneOf [str int];
type = with types; oneOf [ str int ];
default = "tsvnstat";
description = ''
The user the service will use.
@ -38,7 +38,7 @@ in {
};
group = mkOption {
type = with types; oneOf [str int];
type = with types; oneOf [ str int ];
default = "tsvnstat";
description = ''
The user the service will use.
@ -53,7 +53,7 @@ in {
};
};
config = lib.mkIf cfg.enable {
users.groups.${cfg.group} = {};
users.groups.${cfg.group} = { };
users.users.${cfg.user} = {
description = "tsvnstat service user";
isSystemUser = true;
@ -67,10 +67,10 @@ in {
systemd.services.tsvnstat = {
enable = true;
description = "tsvnstat server";
wantedBy = ["network-online.target"];
after = ["network-online.target"];
wantedBy = [ "network-online.target" ];
after = [ "network-online.target" ];
path = [pkgs.vnstat];
path = [ pkgs.vnstat ];
environment = {
HOME = "/var/lib/tsvnstat";

26
modules/veilid-server.nix
View File

@ -1,23 +1,23 @@
{
config,
lib,
pkgs,
...
{ config
, lib
, pkgs
, ...
}:
with pkgs; let
cfg = config.services.veilid-server;
in {
in
{
options = with lib; {
services.veilid-server = {
enable = mkEnableOption "Enable velid-server";
user = mkOption {
type = with types; oneOf [str int];
type = with types; oneOf [ str int ];
default = "veilid";
description = "The user veilid-server will run as.";
};
group = mkOption {
type = with types; oneOf [str int];
type = with types; oneOf [ str int ];
default = "veilid";
description = "The group veilid-server will run with.";
};
@ -42,7 +42,7 @@ in {
};
config = lib.mkIf cfg.enable {
users.groups.${cfg.group} = {};
users.groups.${cfg.group} = { };
users.users.${cfg.user} = {
inherit (cfg) group;
description = "veilid-server user";
@ -52,15 +52,15 @@ in {
};
networking.firewall = lib.mkIf cfg.openFirewall {
allowedTCPPorts = [5150];
allowedUDPPorts = [5150];
allowedTCPPorts = [ 5150 ];
allowedUDPPorts = [ 5150 ];
};
systemd.services.veilid-server = {
enable = true;
description = "veilid-server";
wantedBy = ["network-online.target"];
after = ["network-online.target"];
wantedBy = [ "network-online.target" ];
after = [ "network-online.target" ];
environment = {
HOME = cfg.dataDir;

24
modules/yarr.nix
View File

@ -1,13 +1,13 @@
{
config,
lib,
pkgs,
...
{ config
, lib
, pkgs
, ...
}:
with pkgs; let
cfg = config.services.yarr;
yarr = callPackage ../pkgs/yarr.nix {};
in {
yarr = callPackage ../pkgs/yarr.nix { };
in
{
options = with lib; {
services.yarr = {
enable = mkEnableOption "Enable yarr";
@ -51,7 +51,7 @@ in {
};
user = mkOption {
type = with types; oneOf [str int];
type = with types; oneOf [ str int ];
default = "yarr";
description = ''
The user the service will use.
@ -59,7 +59,7 @@ in {
};
group = mkOption {
type = with types; oneOf [str int];
type = with types; oneOf [ str int ];
default = "yarr";
description = ''
The user the service will use.
@ -76,7 +76,7 @@ in {
};
config = lib.mkIf cfg.enable {
users.groups.yarr = {};
users.groups.yarr = { };
users.users.yarr = {
description = "Yarr service user";
isSystemUser = true;
@ -88,8 +88,8 @@ in {
systemd.services.yarr = {
enable = true;
description = "Yet Another Rss Reader server";
wantedBy = ["multi-user.target"];
after = ["networking.service"];
wantedBy = [ "multi-user.target" ];
after = [ "networking.service" ];
serviceConfig = {
User = cfg.user;

16
monitoring/default.nix
View File

@ -1,7 +1,6 @@
{
config,
lib,
...
{ config
, lib
, ...
}:
with lib; let
cfg = config.services.xin-monitoring;
@ -15,7 +14,8 @@ with lib; let
;
nginxCfg = config.services.nginx;
buildFSChecker = fsList: (concatStringsSep "\n" (attrValues (mapAttrs (f: v:
buildFSChecker = fsList: (concatStringsSep "\n" (attrValues (mapAttrs
(f: v:
if v.fsType != "sshfs"
then ''
check filesystem ${replaceStrings ["/"] ["_"] f} with path ${f}
@ -24,7 +24,8 @@ with lib; let
''
else "")
fsList)));
buildNginxChecker = vhostList: (concatStringsSep "\n" (attrValues (mapAttrs (f: v: ''
buildNginxChecker = vhostList: (concatStringsSep "\n" (attrValues (mapAttrs
(f: v: ''
check host ${f} with address ${f}
if failed port 80 protocol http then alert
${
@ -41,7 +42,8 @@ with lib; let
then (buildNginxChecker nginxCfg.virtualHosts)
else ""
else "";
in {
in
{
options = {
services.xin-monitoring = {
enable = mkOption {

2
overlays/1password-gui.nix
View File

@ -9,4 +9,4 @@ let
});
};
in
_1password-gui
_1password-gui

13
overlays/default.nix
View File

@ -1,8 +1,8 @@
{
isUnstable,
xinlib,
...
}: let
{ isUnstable
, xinlib
, ...
}:
let
inherit (xinlib) prIsOpen;
#_1password-gui = prIsOpen.overlay 235900 (import ./1password-gui.nix);
#openssh = import ./openssh.nix;
@ -13,7 +13,8 @@
#nixd = prIsOpen.overlay 238779 (import ./nixd.nix);
heisenbridge = prIsOpen.overlay 0 (import ./heisenbridge.nix);
#rex = prIsOpen.overlay 0 (import ./rex.nix);
in {
in
{
nixpkgs.overlays =
if isUnstable
then [

2
overlays/heisenbridge.nix
View File

@ -14,4 +14,4 @@ let
});
};
in
heisenbridge
heisenbridge

2
overlays/matrix-synapse.nix
View File

@ -20,4 +20,4 @@ let
});
};
in
matrix-synapse
matrix-synapse

2
overlays/nixd.nix
View File

@ -18,4 +18,4 @@ let
});
};
in
nixd
nixd

2
overlays/obsidian.nix
View File

@ -16,4 +16,4 @@ let
});
};
in
obsidian
obsidian

2
overlays/openssh.nix
View File

@ -15,4 +15,4 @@ let
});
};
in
openssh
openssh

2
overlays/rex.nix
View File

@ -7,4 +7,4 @@ let
});
};
in
rex
rex

2
overlays/tailscale.nix
View File

@ -28,4 +28,4 @@ let
# };
#};
in
tailscale
tailscale

2
overlays/tidal-hifi.nix
View File

@ -10,4 +10,4 @@ let
});
};
in
tidal-hifi
tidal-hifi

32
pkgs/ada_language_server.nix
View File

@ -1,10 +1,10 @@
{
lib,
stdenv,
fetchFromGitHub,
pkgs,
...
}: let
{ lib
, stdenv
, fetchFromGitHub
, pkgs
, ...
}:
let
libadalang = stdenv.mkDerivation rec {
pname = "libadalang";
version = "22.0.0";
@ -25,7 +25,7 @@
gnatcoll-gmp
];
makeFlags = ["PREFIX=$(out)"];
makeFlags = [ "PREFIX=$(out)" ];
};
vss = stdenv.mkDerivation rec {
pname = "vss";
@ -38,9 +38,9 @@
sha256 = "sha256-IDPcIJfavlqMsxLOGrvXYv98FdYVWkCiimLcMFp3ees=";
};
buildInputs = with pkgs; [gnat12 gprbuild];
buildInputs = with pkgs; [ gnat12 gprbuild ];
makeFlags = ["PREFIX=$(out)"];
makeFlags = [ "PREFIX=$(out)" ];
};
gnatdoc = stdenv.mkDerivation rec {
pname = "gnatdoc";
@ -53,12 +53,12 @@
sha256 = "sha256-kA5yOd3NDkRl08o38F5CyeFrihBZktNF6di3PC+/ZLU=";
};
buildInputs = with pkgs; [gnat12 gprbuild libadalang];
buildInputs = with pkgs; [ gnat12 gprbuild libadalang ];
makeFlags = ["PREFIX=$(out)"];
makeFlags = [ "PREFIX=$(out)" ];
};
in
stdenv.mkDerivation rec {
stdenv.mkDerivation rec {
pname = "ada_language_server";
version = "23.0.10";
@ -69,7 +69,7 @@ in
sha256 = "sha256-ZUzym0aMjq14W9h/lDL5hVCF/i+1SFu6kccGqzmGO3E=";
};
buildInputs = with pkgs; [gnat12 gprbuild python3 vss gnatdoc];
buildInputs = with pkgs; [ gnat12 gprbuild python3 vss gnatdoc ];
meta = with lib; {
description = "Language server for Ada and SPARK";
@ -79,6 +79,6 @@ in
homepage = "https://github.com/AdaCore/ada_language_server";
license = licenses.gpl3;
platforms = platforms.linux;
maintainers = with maintainers; [qbit];
maintainers = with maintainers; [ qbit ];
};
}
}

21
pkgs/alire.nix
View File

@ -1,13 +1,12 @@
{
stdenv,
lib,
fetchurl,
unzip,
autoPatchelfHook,
...
{ stdenv
, lib
, fetchurl
, unzip
, autoPatchelfHook
, ...
}:
with lib;
stdenv.mkDerivation rec {
stdenv.mkDerivation rec {
pname = "alire";
version = "1.2.1";
@ -16,7 +15,7 @@ with lib;
sha256 = "sha256-bN/H5CPN7uvUH9+p+y/sg01qTJI3asToxVSVnKVNHuM=";
};
nativeBuildInputs = [unzip autoPatchelfHook];
nativeBuildInputs = [ unzip autoPatchelfHook ];
dontBuild = true;
doCheck = false;
@ -32,6 +31,6 @@ with lib;
description = "ALIRE: Ada LIbrary REpository.";
homepage = "https://github.com/alire-project/alire";
license = licenses.gpl3;
maintainers = with maintainers; [qbit];
maintainers = with maintainers; [ qbit ];
};
}
}

36
pkgs/athens.nix
View File

@ -1,21 +1,21 @@
{
stdenv,
lib,
buildGoModule,
fetchFromGitHub,
isUnstable,
makeWrapper,
go,
git,
...
}: let
{ stdenv
, lib
, buildGoModule
, fetchFromGitHub
, isUnstable
, makeWrapper
, go
, git
, ...
}:
let
vendorHash =
if isUnstable
then ""
else "sha256-7CnkKMZ1so1lflmp4D9EAESR6/u9ys5CTuVOsYetp0I=";
in
with lib;
buildGoModule rec {
with lib;
buildGoModule rec {
pname = "athens";
version = "0.11.0";
@ -28,13 +28,13 @@ in
doCheck = false;
ldflags = ["-X github.com/gomods/athens/pkg/build.version=${version}"];
ldflags = [ "-X github.com/gomods/athens/pkg/build.version=${version}" ];
nativeBuildInputs = lib.optionals stdenv.isLinux [makeWrapper go];
nativeBuildInputs = lib.optionals stdenv.isLinux [ makeWrapper go ];
proxyVendor = true;
subPackages = ["cmd/proxy"];
subPackages = [ "cmd/proxy" ];
vendorSha256 = vendorHash;
@ -47,6 +47,6 @@ in
description = "A Go module datastore and proxy";
homepage = "https://github.com/gomods/athens";
license = licenses.mit;
maintainers = with maintainers; [qbit];
maintainers = with maintainers; [ qbit ];
};
}
}

15
pkgs/bearclaw.nix
View File

@ -1,11 +1,10 @@
{
lib,
buildGoModule,
fetchFromGitHub,
...
{ lib
, buildGoModule
, fetchFromGitHub
, ...
}:
with lib;
buildGoModule rec {
buildGoModule rec {
pname = "bearclaw";
version = "1.1.0";
@ -22,6 +21,6 @@ with lib;
description = "tiny static site generator";
homepage = "https://github.com/donuts-are-good/bearclaw";
license = licenses.mit;
maintainers = with maintainers; [qbit];
maintainers = with maintainers; [ qbit ];
};
}
}

17
pkgs/cachew.nix
View File

@ -1,20 +1,19 @@
{
buildPythonPackage,
fetchPypi,
setuptools-scm,
appdirs,
sqlalchemy,
...
{ buildPythonPackage
, fetchPypi
, setuptools-scm
, appdirs
, sqlalchemy
, ...
}:
buildPythonPackage rec {
pname = "cachew";
version = "0.11.0";
nativeBuildInputs = [setuptools-scm];
nativeBuildInputs = [ setuptools-scm ];
doCheck = true;
propagatedBuildInputs = [appdirs sqlalchemy];
propagatedBuildInputs = [ appdirs sqlalchemy ];
src = fetchPypi {
inherit pname version;

18
pkgs/cinny-desktop.nix
View File

@ -1,9 +1,9 @@
{
fetchurl,
appimageTools,
desktop-file-utils,
...
}: let
{ fetchurl
, appimageTools
, desktop-file-utils
, ...
}:
let
name = "cinny-desktop";
version = "2.0.4";
@ -13,9 +13,9 @@
sha256 = "sha256-9ZQyVcTsHja67DhuIyniTK/xr0C6qN7fiCmjt8enUd8=";
};
appimageContents = appimageTools.extract {inherit name src;};
appimageContents = appimageTools.extract { inherit name src; };
in
appimageTools.wrapType2 rec {
appimageTools.wrapType2 rec {
inherit name src;
extraInstallCommands = ''
@ -56,4 +56,4 @@ in
xorg.libxcb
zlib
];
}
}

11
pkgs/clilol.nix
View File

@ -1,8 +1,7 @@
{
lib,
buildGoModule,
fetchgit,
...
{ lib
, buildGoModule
, fetchgit
, ...
}:
buildGoModule rec {
pname = "clilol";
@ -24,6 +23,6 @@ buildGoModule rec {
homepage = "https://mcornick.dev/clilol/";
changelog = "https://git.mcornick.dev/mcornick/clilol/releases/tag/${version}";
license = licenses.mpl20;
maintainers = [maintainers.qbit];
maintainers = [ maintainers.qbit ];
};
}

2
pkgs/default.nix
View File

@ -1,4 +1,4 @@
{...}: {
{ ... }: {
environment.systemPackages = [
#(callPackage ./cinny-desktop.nix { inherit isUnstable; })
#(callPackage ./mudita-center.nix { inherit isUnstable; })

14
pkgs/femtolisp.nix
View File

@ -1,8 +1,8 @@
{
stdenv,
lib,
fetchgit,
gnumake,
{ stdenv
, lib
, fetchgit
, gnumake
,
}:
stdenv.mkDerivation {
pname = "femtolisp";
@ -14,7 +14,7 @@ stdenv.mkDerivation {
hash = "sha256-mh7upbCmWXLhudtaaebBf1XTIv4nYPSh0OAJDOqaQnk=";
};
buildInputs = [gnumake];
buildInputs = [ gnumake ];
installPhase = ''
mkdir -p $out/bin
@ -25,7 +25,7 @@ stdenv.mkDerivation {
description = "A compact interpreter for a minimal lisp/scheme dialect.";
homepage = "https://git.sr.ht/~ft/femtolisp";
license = lib.licenses.bsd3;
maintainer = with lib.maintainers; [qbit];
maintainer = with lib.maintainers; [ qbit ];
mainProgram = "flisp";
};
}

17
pkgs/flake-warn.nix
View File

@ -1,11 +1,10 @@
{
stdenv,
lib,
substituteAll,
jq,
nix,
coreutils,
...
{ stdenv
, lib
, substituteAll
, jq
, nix
, coreutils
, ...
}:
stdenv.mkDerivation rec {
pname = "flake-warn";
@ -26,7 +25,7 @@ stdenv.mkDerivation rec {
description = "script to warn when flake inputs are out of date";
homepage = "https://github.com/qbit/xin";
license = lib.licenses.isc;
maintainer = with lib.maintainers; [qbit];
maintainer = with lib.maintainers; [ qbit ];
mainProgram = "flake-warn";
};
}

17
pkgs/fyne.nix
View File

@ -1,11 +1,10 @@
{
lib,
buildGoModule,
fetchFromGitHub,
...
{ lib
, buildGoModule
, fetchFromGitHub
, ...
}:
with lib;
buildGoModule rec {
buildGoModule rec {
pname = "fyne";
version = "2.3.5";
@ -20,12 +19,12 @@ with lib;
proxyVendor = true;
subPackages = ["cmd/fyne"];
subPackages = [ "cmd/fyne" ];
meta = {
description = "Fyne command line tool";
homepage = "https://github.com/fyne-io/fyne";
license = licenses.bsd3;
maintainers = with maintainers; [qbit];
maintainers = with maintainers; [ qbit ];
};
}
}

19
pkgs/ghexport.nix
View File

@ -1,21 +1,20 @@
{
buildPythonPackage,
setuptools-scm,
fetchFromGitHub,
PyGithub,
pytz,
...
{ buildPythonPackage
, setuptools-scm
, fetchFromGitHub
, PyGithub
, pytz
, ...
}:
buildPythonPackage rec {
pname = "ghexport";
version = "20220828";
nativeBuildInputs = [setuptools-scm];
propagatedBuildInputs = [PyGithub pytz];
nativeBuildInputs = [ setuptools-scm ];
propagatedBuildInputs = [ PyGithub pytz ];
doCheck = true;
buildInputs = [];
buildInputs = [ ];
preCheck = ''
export HOME=$(mktemp -d)

15
pkgs/gokrazy.nix
View File

@ -1,11 +1,10 @@
{
lib,
buildGoModule,
fetchFromGitHub,
...
{ lib
, buildGoModule
, fetchFromGitHub
, ...
}:
with lib;
buildGoModule {
buildGoModule {
pname = "gokrazy";
version = "0.0.0";
@ -26,6 +25,6 @@ with lib;
description = "CLI tools for gokrazy";
homepage = "https://github.com/gokrazy/tools";
license = licenses.bsd3;
maintainers = with maintainers; [qbit];
maintainers = with maintainers; [ qbit ];
};
}
}

15
pkgs/golink.nix
View File

@ -1,11 +1,10 @@
{
lib,
buildGoModule,
fetchFromGitHub,
...
{ lib
, buildGoModule
, fetchFromGitHub
, ...
}:
with lib;
buildGoModule rec {
buildGoModule rec {
pname = "golink";
version = "0.0.0";
@ -24,6 +23,6 @@ with lib;
description = "A private shortlink service for tailnets";
homepage = "https://github.com/tailscale/golink";
license = licenses.bsd3;
maintainers = with maintainers; [qbit];
maintainers = with maintainers; [ qbit ];
};
}
}

Some files were not shown because too many files have changed in this diff Show More