Compare commits

...

1 Commits

Author SHA1 Message Date
28daa886e2
fmt: test nixfmt-rfc-style 2024-02-18 12:23:08 -07:00
156 changed files with 2807 additions and 2000 deletions

View File

@ -1,4 +1,5 @@
{ perl }: '' { perl }:
''
#!${perl}/bin/perl #!${perl}/bin/perl
use strict; use strict;

View File

@ -1,83 +1,69 @@
{ pkgs {
, config pkgs,
, isUnstable config,
, ... isUnstable,
...
}: }:
let let
gosignify = pkgs.callPackage ../pkgs/gosignify.nix { inherit isUnstable; }; gosignify = pkgs.callPackage ../pkgs/gosignify.nix { inherit isUnstable; };
ix = pkgs.writeScriptBin "ix" (import ./ix.nix { inherit (pkgs) perl; }); ix = pkgs.writeScriptBin "ix" (import ./ix.nix { inherit (pkgs) perl; });
checkRestart = checkRestart = pkgs.writeScriptBin "check-restart" (
pkgs.writeScriptBin "check-restart" import ./check-restart.nix { inherit (pkgs) perl; }
(import ./check-restart.nix { inherit (pkgs) perl; }); );
xinStatus = xinStatus = pkgs.writeScriptBin "xin-status" (
pkgs.writeScriptBin "xin-status" import ./xin-status.nix { inherit (pkgs) perl perlPackages; }
(import ./xin-status.nix { inherit (pkgs) perl perlPackages; }); );
sfetch = pkgs.writeScriptBin "sfetch" (import ./sfetch.nix { sfetch = pkgs.writeScriptBin "sfetch" (
inherit gosignify; import ./sfetch.nix {
inherit (pkgs) curl; inherit gosignify;
}); inherit (pkgs) curl;
}
);
genPatches = pkgs.callPackage ./gen-patches.nix { }; genPatches = pkgs.callPackage ./gen-patches.nix { };
upgrade-pg = pkgs.writeScriptBin "upgrade-pg" (import ./upgrade-pg.nix { upgrade-pg = pkgs.writeScriptBin "upgrade-pg" (
inherit pkgs; import ./upgrade-pg.nix {
inherit config; inherit pkgs;
}); inherit config;
}
);
in in
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages =
checkRestart with pkgs;
genPatches [
ix checkRestart
sfetch genPatches
xclip ix
xinStatus sfetch
] ++ (if config.services.postgresql.enable then xclip
[ upgrade-pg ] xinStatus
else [ ]); ]
++ (if config.services.postgresql.enable then [ upgrade-pg ] else [ ]);
environment.etc = { environment.etc = {
"signify/openbsd-70-base.pub".text = "signify/openbsd-70-base.pub".text = builtins.readFile ./pubs/openbsd-70-base.pub;
builtins.readFile ./pubs/openbsd-70-base.pub; "signify/openbsd-70-fw.pub".text = builtins.readFile ./pubs/openbsd-70-fw.pub;
"signify/openbsd-70-fw.pub".text = "signify/openbsd-70-pkg.pub".text = builtins.readFile ./pubs/openbsd-70-pkg.pub;
builtins.readFile ./pubs/openbsd-70-fw.pub; "signify/openbsd-70-syspatch.pub".text = builtins.readFile ./pubs/openbsd-70-syspatch.pub;
"signify/openbsd-70-pkg.pub".text =
builtins.readFile ./pubs/openbsd-70-pkg.pub;
"signify/openbsd-70-syspatch.pub".text =
builtins.readFile ./pubs/openbsd-70-syspatch.pub;
"signify/openbsd-71-base.pub".text = "signify/openbsd-71-base.pub".text = builtins.readFile ./pubs/openbsd-71-base.pub;
builtins.readFile ./pubs/openbsd-71-base.pub; "signify/openbsd-71-fw.pub".text = builtins.readFile ./pubs/openbsd-71-fw.pub;
"signify/openbsd-71-fw.pub".text = "signify/openbsd-71-pkg.pub".text = builtins.readFile ./pubs/openbsd-71-pkg.pub;
builtins.readFile ./pubs/openbsd-71-fw.pub; "signify/openbsd-71-syspatch.pub".text = builtins.readFile ./pubs/openbsd-71-syspatch.pub;
"signify/openbsd-71-pkg.pub".text =
builtins.readFile ./pubs/openbsd-71-pkg.pub;
"signify/openbsd-71-syspatch.pub".text =
builtins.readFile ./pubs/openbsd-71-syspatch.pub;
"signify/openbsd-72-base.pub".text = "signify/openbsd-72-base.pub".text = builtins.readFile ./pubs/openbsd-72-base.pub;
builtins.readFile ./pubs/openbsd-72-base.pub; "signify/openbsd-72-fw.pub".text = builtins.readFile ./pubs/openbsd-72-fw.pub;
"signify/openbsd-72-fw.pub".text = "signify/openbsd-72-pkg.pub".text = builtins.readFile ./pubs/openbsd-72-pkg.pub;
builtins.readFile ./pubs/openbsd-72-fw.pub; "signify/openbsd-72-syspatch.pub".text = builtins.readFile ./pubs/openbsd-72-syspatch.pub;
"signify/openbsd-72-pkg.pub".text =
builtins.readFile ./pubs/openbsd-72-pkg.pub;
"signify/openbsd-72-syspatch.pub".text =
builtins.readFile ./pubs/openbsd-72-syspatch.pub;
"signify/openbsd-73-base.pub".text = "signify/openbsd-73-base.pub".text = builtins.readFile ./pubs/openbsd-73-base.pub;
builtins.readFile ./pubs/openbsd-73-base.pub; "signify/openbsd-73-fw.pub".text = builtins.readFile ./pubs/openbsd-73-fw.pub;
"signify/openbsd-73-fw.pub".text = "signify/openbsd-73-pkg.pub".text = builtins.readFile ./pubs/openbsd-73-pkg.pub;
builtins.readFile ./pubs/openbsd-73-fw.pub; "signify/openbsd-73-syspatch.pub".text = builtins.readFile ./pubs/openbsd-73-syspatch.pub;
"signify/openbsd-73-pkg.pub".text =
builtins.readFile ./pubs/openbsd-73-pkg.pub;
"signify/openbsd-73-syspatch.pub".text =
builtins.readFile ./pubs/openbsd-73-syspatch.pub;
"signify/openbsd-74-base.pub".text = "signify/openbsd-74-base.pub".text = builtins.readFile ./pubs/openbsd-74-base.pub;
builtins.readFile ./pubs/openbsd-74-base.pub; "signify/openbsd-74-fw.pub".text = builtins.readFile ./pubs/openbsd-74-fw.pub;
"signify/openbsd-74-fw.pub".text = "signify/openbsd-74-pkg.pub".text = builtins.readFile ./pubs/openbsd-74-pkg.pub;
builtins.readFile ./pubs/openbsd-74-fw.pub; "signify/openbsd-74-syspatch.pub".text = builtins.readFile ./pubs/openbsd-74-syspatch.pub;
"signify/openbsd-74-pkg.pub".text =
builtins.readFile ./pubs/openbsd-74-pkg.pub;
"signify/openbsd-74-syspatch.pub".text =
builtins.readFile ./pubs/openbsd-74-syspatch.pub;
}; };
} }

View File

@ -1,13 +1,18 @@
{ writeShellApplication {
, diffutils writeShellApplication,
, findutils diffutils,
, coreutils findutils,
, ... coreutils,
...
}: }:
let let
genPatches = writeShellApplication { genPatches = writeShellApplication {
name = "gen-patches"; name = "gen-patches";
runtimeInputs = [ diffutils findutils coreutils ]; runtimeInputs = [
diffutils
findutils
coreutils
];
text = '' text = ''
suffix=".orig" suffix=".orig"
srcdir=$PWD srcdir=$PWD

View File

@ -1,7 +1,5 @@
{ pkgs { pkgs, icbirc }:
, icbirc ''
,
}: ''
#!${pkgs.yash}/bin/yash #!${pkgs.yash}/bin/yash
${pkgs.procps}/bin/pkill icbirc ${pkgs.procps}/bin/pkill icbirc

View File

@ -1,4 +1,5 @@
{ perl }: '' { perl }:
''
#!${perl}/bin/perl #!${perl}/bin/perl
use strict; use strict;

View File

@ -1,14 +1,8 @@
{ pkgs }: { pkgs }:
let let
oathPkg = pkgs.oath-toolkit or pkgs.oathToolkit; oathPkg = pkgs.oath-toolkit or pkgs.oathToolkit;
wlclip = wlclip = if pkgs.system == "aarch64-darwin" then "" else "${pkgs.wl-clipboard}/bin/wl-copy";
if pkgs.system == "aarch64-darwin" xclip = if pkgs.system == "aarch64-darwin" then "pbcopy" else "${pkgs.xclip}/bin/xclip";
then ""
else "${pkgs.wl-clipboard}/bin/wl-copy";
xclip =
if pkgs.system == "aarch64-darwin"
then "pbcopy"
else "${pkgs.xclip}/bin/xclip";
in in
'' ''
#!${pkgs.yash}/bin/yash #!${pkgs.yash}/bin/yash

View File

@ -1,7 +1,7 @@
{ tea {
, gh tea,
, hut gh,
, hut,
}: }:
let let
teaBin = "${tea}/bin/tea"; teaBin = "${tea}/bin/tea";

View File

@ -1,7 +1,5 @@
{ curl { curl, gosignify }:
, gosignify ''
,
}: ''
#!/usr/bin/env sh #!/usr/bin/env sh
set -e set -e

View File

@ -1,7 +1,5 @@
{ perl { perl, perlPackages, ... }:
, perlPackages ''
, ...
}: ''
#!${perl}/bin/perl #!${perl}/bin/perl
use strict; use strict;

View File

@ -25,6 +25,8 @@ in
"xdg/alacritty/alacritty.toml".text = builtins.readFile settingsFile; "xdg/alacritty/alacritty.toml".text = builtins.readFile settingsFile;
}; };
}; };
fonts = { packages = with pkgs; [ go-font ]; }; fonts = {
packages = with pkgs; [ go-font ];
};
}; };
} }

View File

@ -1,12 +1,14 @@
{ config {
, lib config,
, pkgs lib,
, ... pkgs,
...
}: }:
let let
cfg = config.services.xinCA; cfg = config.services.xinCA;
in in
with lib; { with lib;
{
options = { options = {
services.xinCA = { services.xinCA = {
enable = mkEnableOption "Configure host as a xin certificate authority."; enable = mkEnableOption "Configure host as a xin certificate authority.";
@ -67,9 +69,13 @@ with lib; {
}; };
}; };
networking.hosts = { "127.0.0.1" = [ "ca.bolddaemon.com" ]; }; networking.hosts = {
"127.0.0.1" = [ "ca.bolddaemon.com" ];
};
environment.sessionVariables = { STEPPATH = "/var/lib/step-ca"; }; environment.sessionVariables = {
STEPPATH = "/var/lib/step-ca";
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
step-cli step-cli
step-kms-plugin step-kms-plugin
@ -87,7 +93,9 @@ with lib; {
crt = config.sops.secrets."intermediate_ca.crt".path; crt = config.sops.secrets."intermediate_ca.crt".path;
key = config.sops.secrets.intermediate_ca_key.path; key = config.sops.secrets.intermediate_ca_key.path;
dnsNames = [ "ca.bolddaemon.com" ]; dnsNames = [ "ca.bolddaemon.com" ];
logger = { format = "text"; }; logger = {
format = "text";
};
db = { db = {
type = "badgerv2"; type = "badgerv2";
dataSource = "/var/lib/step-ca/db"; dataSource = "/var/lib/step-ca/db";
@ -98,7 +106,9 @@ with lib; {
{ {
type = "SSHPOP"; type = "SSHPOP";
name = "sshpop"; name = "sshpop";
claims = { enableSSHCA = true; }; claims = {
enableSSHCA = true;
};
} }
]; ];
}; };

View File

@ -1,9 +1,10 @@
{ config {
, lib config,
, pkgs lib,
, inputs pkgs,
, xinlib inputs,
, ... xinlib,
...
}: }:
let let
#inherit (xinlib) prIsOpen; #inherit (xinlib) prIsOpen;
@ -24,7 +25,8 @@ let
} }
]; ];
in in
with lib; { with lib;
{
options = { options = {
xinCI = { xinCI = {
enable = mkEnableOption "Configure host as a xin CI host."; enable = mkEnableOption "Configure host as a xin CI host.";
@ -43,7 +45,9 @@ with lib; {
config = mkIf config.xinCI.enable { config = mkIf config.xinCI.enable {
sops.defaultSopsFile = config.xin-secrets.ci; sops.defaultSopsFile = config.xin-secrets.ci;
sops.secrets = { sops.secrets = {
po_env = { owner = config.xinCI.user; }; po_env = {
owner = config.xinCI.user;
};
ci_ed25519_key = { ci_ed25519_key = {
mode = "400"; mode = "400";
owner = config.xinCI.user; owner = config.xinCI.user;
@ -98,7 +102,11 @@ with lib; {
nix = { nix = {
#settings.allowed-users = [ "root" config.xinCI.user "nix-serve" ]; #settings.allowed-users = [ "root" config.xinCI.user "nix-serve" ];
settings.allowed-users = [ "root" config.xinCI.user "harmonia" ]; settings.allowed-users = [
"root"
config.xinCI.user
"harmonia"
];
}; };
systemd.services = lib.listToAttrs (builtins.map xinlib.jobToService jobs); systemd.services = lib.listToAttrs (builtins.map xinlib.jobToService jobs);
@ -111,10 +119,15 @@ with lib; {
harmonia = { harmonia = {
enable = true; enable = true;
signKeyPath = config.sops.secrets.bin_cache_priv_key.path; signKeyPath = config.sops.secrets.bin_cache_priv_key.path;
settings = { bind = "127.0.0.1:5000"; }; settings = {
bind = "127.0.0.1:5000";
};
}; };
}; };
boot.binfmt.emulatedSystems = [ "aarch64-linux" "armv6l-linux" ]; boot.binfmt.emulatedSystems = [
"aarch64-linux"
"armv6l-linux"
];
}; };
} }

View File

@ -1,8 +1,6 @@
{ config { config, lib, ... }:
, lib with lib;
, ... {
}:
with lib; {
options = { options = {
colemak = { colemak = {
enable = mkOption { enable = mkOption {
@ -15,7 +13,9 @@ with lib; {
}; };
config = mkIf config.colemak.enable { config = mkIf config.colemak.enable {
console = { keyMap = "colemak"; }; console = {
keyMap = "colemak";
};
services.xserver = { services.xserver = {
layout = "us"; layout = "us";
xkbVariant = "colemak"; xkbVariant = "colemak";

View File

@ -1,4 +1,5 @@
{ ... }: { { ... }:
{
imports = [ imports = [
./alacritty.nix ./alacritty.nix
./ca.nix ./ca.nix

View File

@ -1,8 +1,6 @@
{ config { config, lib, ... }:
, lib with lib;
, ... {
}:
with lib; {
options = { options = {
preDNS = { preDNS = {
enable = mkOption { enable = mkOption {
@ -21,7 +19,12 @@ with lib; {
enable = true; enable = true;
dnssec = "allow-downgrade"; dnssec = "allow-downgrade";
# TODO: Enable a toggle for ipv6 # TODO: Enable a toggle for ipv6
fallbackDns = [ "9.9.9.9" "2620:fe::fe" "149.112.112.112" "2620:fe::9" ]; fallbackDns = [
"9.9.9.9"
"2620:fe::fe"
"149.112.112.112"
"2620:fe::9"
];
extraConfig = '' extraConfig = ''
[Resolve] [Resolve]
DNS=45.90.28.0#8436c6.dns.nextdns.io DNS=45.90.28.0#8436c6.dns.nextdns.io

View File

@ -1,16 +1,14 @@
{ config { config, lib, ... }:
, lib with lib;
, ... {
}:
with lib; {
options = { options = {
doas = { enable = mkEnableOption "Enable doas for priv-escie"; }; doas = {
enable = mkEnableOption "Enable doas for priv-escie";
};
}; };
config = mkIf config.doas.enable { config = mkIf config.doas.enable {
nixpkgs.config.packageOverrides = pkgs: { nixpkgs.config.packageOverrides = pkgs: { doas = pkgs.doas.override { withPAM = false; }; };
doas = pkgs.doas.override { withPAM = false; };
};
security = { security = {
doas = { doas = {
enable = true; enable = true;

View File

@ -1,11 +1,12 @@
{ runCommand {
, emacsWithPackagesFromUsePackage runCommand,
, pkgs emacsWithPackagesFromUsePackage,
, makeWrapper pkgs,
, writeTextDir makeWrapper,
, emacs writeTextDir,
, emacsPkg ? pkgs.emacs-gtk emacs,
, ... emacsPkg ? pkgs.emacs-gtk,
...
}: }:
let let
# Generate a .el file from our emacs.org. # Generate a .el file from our emacs.org.
@ -46,13 +47,18 @@ emacsWithPackagesFromUsePackage {
alwaysEnsure = true; alwaysEnsure = true;
alwaysTangle = true; alwaysTangle = true;
package = emacsPkg.overrideAttrs (oa: { package = emacsPkg.overrideAttrs (
nativeBuildInputs = oa.nativeBuildInputs ++ [ makeWrapper emacsConfig ]; oa: {
postInstall = '' nativeBuildInputs = oa.nativeBuildInputs ++ [
${oa.postInstall} makeWrapper
wrapProgram $out/bin/emacs \ emacsConfig
--prefix PATH : ${pkgs.lib.makeBinPath emacsDepList} \ ];
--add-flags '--init-directory ${emacsInitDir}' postInstall = ''
''; ${oa.postInstall}
}); wrapProgram $out/bin/emacs \
--prefix PATH : ${pkgs.lib.makeBinPath emacsDepList} \
--add-flags '--init-directory ${emacsInitDir}'
'';
}
);
} }

View File

@ -1,4 +1,5 @@
{ ... }: { { ... }:
{
programs = { programs = {
firefox = { firefox = {
enable = true; enable = true;
@ -107,17 +108,12 @@
"browser.aboutConfig.showWarning" = false; "browser.aboutConfig.showWarning" = false;
"browser.contentblocking.category" = "strict"; "browser.contentblocking.category" = "strict";
"browser.newtabpage.activity-stream.feeds.recommendationprovider" = "browser.newtabpage.activity-stream.feeds.recommendationprovider" = false;
false;
"browser.newtabpage.activity-stream.feeds.section.topstories" = false; "browser.newtabpage.activity-stream.feeds.section.topstories" = false;
"browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false;
false; "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false;
"browser.newtabpage.activity-stream.section.highlights.includeDownloads" = "browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
false; "browser.newtabpage.activity-stream.section.highlights.includeVisited" = false;
"browser.newtabpage.activity-stream.section.highlights.includePocket" =
false;
"browser.newtabpage.activity-stream.section.highlights.includeVisited" =
false;
"browser.newtabpage.activity-stream.showSearch" = false; "browser.newtabpage.activity-stream.showSearch" = false;
"browser.newtabpage.activity-stream.showSponsored" = false; "browser.newtabpage.activity-stream.showSponsored" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false; "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;

View File

@ -1,20 +1,27 @@
{ config, ... }: { config, ... }:
let let
rewriteGitHub = rewriteGitHub =
if config.networking.hostName != "stan" if config.networking.hostName != "stan" then
then { {
url = { "ssh://git@github.com/" = { insteadOf = "https://github.com/"; }; }; url = {
} "ssh://git@github.com/" = {
else { insteadOf = "https://github.com/";
url = { }; };
}; };
}
else
{ url = { }; };
in in
{ {
programs.git = { programs.git = {
enable = true; enable = true;
lfs.enable = true; lfs.enable = true;
config = [ config = [
{ init = { defaultBranch = "main"; }; } {
init = {
defaultBranch = "main";
};
}
{ advice.detachedHead = false; } { advice.detachedHead = false; }
{ {
user = { user = {
@ -24,20 +31,35 @@ in
}; };
} }
{ branch = { sort = "-committerdate"; }; } {
branch = {
sort = "-committerdate";
};
}
{ {
alias = { alias = {
log = "log --color=never"; log = "log --color=never";
diff = "diff --color=always"; diff = "diff --color=always";
pr = ''"!f() { git fetch-pr upstream $1; git checkout pr/$1; }; f"''; pr = ''"!f() { git fetch-pr upstream $1; git checkout pr/$1; }; f"'';
fetch-pr = '' fetch-pr = ''"!f() { git fetch $1 refs/pull/$2/head:refs/remotes/pr/$2; }; f"'';
"!f() { git fetch $1 refs/pull/$2/head:refs/remotes/pr/$2; }; f"''; };
}
{
push = {
default = "current";
}; };
} }
{ push = { default = "current"; }; }
{ gpg = { format = "ssh"; }; } {
{ commit = { gpgsign = true; }; } gpg = {
format = "ssh";
};
}
{
commit = {
gpgsign = true;
};
}
{ {
color = { color = {
@ -49,11 +71,27 @@ in
}; };
} }
{ safe = { directory = "/home/qbit/src/nix-conf"; }; } {
safe = {
directory = "/home/qbit/src/nix-conf";
};
}
{ transfer = { fsckobjects = true; }; } {
{ fetch = { fsckobjects = true; }; } transfer = {
{ github = { user = "qbit"; }; } fsckobjects = true;
};
}
{
fetch = {
fsckobjects = true;
};
}
{
github = {
user = "qbit";
};
}
{ inherit (rewriteGitHub) url; } { inherit (rewriteGitHub) url; }
@ -69,8 +107,16 @@ in
}; };
} }
{ pull = { rebase = false; }; } {
{ include = { path = "~/work/git/gitconfig"; }; } pull = {
rebase = false;
};
}
{
include = {
path = "~/work/git/gitconfig";
};
}
]; ];
}; };
} }

View File

@ -1,5 +1,6 @@
{ lib, ... }: { lib, ... }:
with lib; { with lib;
{
environment = { environment = {
memoryAllocator.provider = mkDefault "libc"; memoryAllocator.provider = mkDefault "libc";
variables.SCUDO_OPTIONS = mkDefault "ZeroContents=1"; variables.SCUDO_OPTIONS = mkDefault "ZeroContents=1";

View File

@ -1,7 +1,4 @@
{ pkgs { pkgs, linkFarm, ... }:
, linkFarm
, ...
}:
let let
tomlFmt = pkgs.formats.toml { }; tomlFmt = pkgs.formats.toml { };
helixBin = "${pkgs.helix}/bin/hx"; helixBin = "${pkgs.helix}/bin/hx";
@ -15,7 +12,9 @@ let
normal = "block"; normal = "block";
select = "underline"; select = "underline";
}; };
lsp = { auto-signature-help = false; }; lsp = {
auto-signature-help = false;
};
}; };
}; };

View File

@ -1,8 +1,9 @@
{ config {
, lib config,
, pkgs lib,
, inputs pkgs,
, ... inputs,
...
}: }:
let let
microcaBin = "${pkgs.microca}/bin/microca"; microcaBin = "${pkgs.microca}/bin/microca";
@ -11,7 +12,8 @@ let
${microcaBin} -ca-key /run/secrets/ca_key -ca-cert /run/secrets/ca_cert $@ ${microcaBin} -ca-key /run/secrets/ca_key -ca-cert /run/secrets/ca_cert $@
''; '';
in in
with lib; { with lib;
{
options = { options = {
nixManager = { nixManager = {
enable = mkEnableOption "Configure host as nix-conf manager."; enable = mkEnableOption "Configure host as nix-conf manager.";
@ -30,13 +32,27 @@ with lib; {
config = mkIf config.nixManager.enable { config = mkIf config.nixManager.enable {
sops.defaultSopsFile = config.xin-secrets.manager; sops.defaultSopsFile = config.xin-secrets.manager;
sops.secrets = { sops.secrets = {
xin_status_key = { owner = config.nixManager.user; }; xin_status_key = {
xin_status_pubkey = { owner = config.nixManager.user; }; owner = config.nixManager.user;
manager_key = { owner = config.nixManager.user; }; };
manager_pubkey = { owner = config.nixManager.user; }; xin_status_pubkey = {
ca_key = { owner = config.nixManager.user; }; owner = config.nixManager.user;
ca_cert = { owner = config.nixManager.user; }; };
po_env = { owner = config.nixManager.user; }; manager_key = {
owner = config.nixManager.user;
};
manager_pubkey = {
owner = config.nixManager.user;
};
ca_key = {
owner = config.nixManager.user;
};
ca_cert = {
owner = config.nixManager.user;
};
po_env = {
owner = config.nixManager.user;
};
}; };
environment.systemPackages = [ environment.systemPackages = [

View File

@ -1,5 +1,9 @@
{ pkgs, ... }: { { pkgs, ... }:
environment.systemPackages = with pkgs; [ neomutt urlview ]; {
environment.systemPackages = with pkgs; [
neomutt
urlview
];
environment.etc."neomuttrc" = { environment.etc."neomuttrc" = {
text = '' text = ''
ignore * ignore *

View File

@ -26,7 +26,11 @@ let
sha256 = "sha256-VIc5qgzqJjSv2A0v8tM25pWh+smX9DYXVsyFNTGMPbQ="; sha256 = "sha256-VIc5qgzqJjSv2A0v8tM25pWh+smX9DYXVsyFNTGMPbQ=";
fetchSubmodules = true; fetchSubmodules = true;
}; };
dependencies = with vimPlugins; [ nvim-cmp tabular plenary-nvim ]; dependencies = with vimPlugins; [
nvim-cmp
tabular
plenary-nvim
];
}; };
baseVimPackages = with vimPlugins; [ baseVimPackages = with vimPlugins; [
@ -96,7 +100,9 @@ in
enable = true; enable = true;
defaultEditor = true; defaultEditor = true;
configure = { configure = {
packages.myVimPackage = { start = myVimPackages; }; packages.myVimPackage = {
start = myVimPackages;
};
customRC = '' customRC = ''
" Restore cursor position " Restore cursor position
autocmd BufReadPost * autocmd BufReadPost *

View File

@ -1,9 +1,11 @@
{ config {
, lib config,
, pkgs lib,
, ... pkgs,
...
}: }:
with lib; { with lib;
{
options = { options = {
zerotier = { zerotier = {
enable = mkOption { enable = mkOption {
@ -31,7 +33,11 @@ with lib; {
config = mkMerge [ config = mkMerge [
(mkIf config.tailscale.enable { (mkIf config.tailscale.enable {
services = { tailscale = { enable = mkDefault true; }; }; services = {
tailscale = {
enable = mkDefault true;
};
};
systemd.services.tailscaled.serviceConfig.Environment = [ "TS_NO_LOGS_NO_SUPPORT=true" ]; systemd.services.tailscaled.serviceConfig.Environment = [ "TS_NO_LOGS_NO_SUPPORT=true" ];
networking.firewall.checkReversePath = mkDefault "loose"; networking.firewall.checkReversePath = mkDefault "loose";
}) })

View File

@ -15,7 +15,10 @@
settings = { settings = {
sandbox = true; sandbox = true;
trusted-users = [ "@wheel" ]; trusted-users = [ "@wheel" ];
allowed-users = [ "root" "qbit" ]; allowed-users = [
"root"
"qbit"
];
}; };
}; };
} }

View File

@ -1,9 +1,11 @@
{ config {
, lib config,
, pkgs lib,
, ... pkgs,
...
}: }:
with lib; { with lib;
{
options = { options = {
tsPeerix = { tsPeerix = {
enable = mkOption { enable = mkOption {
@ -27,7 +29,9 @@ with lib; {
}; };
config = mkIf config.tsPeerix.enable { config = mkIf config.tsPeerix.enable {
users.groups.peerix = { name = "peerix"; }; users.groups.peerix = {
name = "peerix";
};
users.users.peerix = { users.users.peerix = {
name = "peerix"; name = "peerix";
group = "peerix"; group = "peerix";
@ -54,14 +58,18 @@ with lib; {
environment.systemPackages = [ pkgs.zerotierone ]; environment.systemPackages = [ pkgs.zerotierone ];
networking.firewall.interfaces = listToAttrs (flatten (map networking.firewall.interfaces = listToAttrs (
(i: { flatten (
name = i; map
value = { (i: {
allowedUDPPorts = [ 12304 ]; name = i;
allowedTCPPorts = [ 12304 ]; value = {
}; allowedUDPPorts = [ 12304 ];
}) allowedTCPPorts = [ 12304 ];
config.tsPeerix.interfaces)); };
})
config.tsPeerix.interfaces
)
);
}; };
} }

View File

@ -120,6 +120,8 @@ in
"xdg/polybar/config.ini".text = builtins.readFile settingsFile; "xdg/polybar/config.ini".text = builtins.readFile settingsFile;
}; };
}; };
fonts = { packages = [ pkgs.go-font ]; }; fonts = {
packages = [ pkgs.go-font ];
};
}; };
} }

View File

@ -7,83 +7,87 @@ in
programs.zsh.promptInit = '' programs.zsh.promptInit = ''
alias tstart='smug -f /etc/smug/main.yml start'; alias tstart='smug -f /etc/smug/main.yml start';
alias cistart='smug -f /etc/smug/ci.yml start'; alias cistart='smug -f /etc/smug/ci.yml start';
alias nomad='smug -f /etc/smug/nomad.yml start';
''; '';
environment = { environment = {
systemPackages = with pkgs; [ systemPackages = with pkgs; [ smug ];
smug etc."smug/nomad.yml".text = builtins.readFile (
]; tmuxFormat.generate "nomad.yml" {
etc."smug/ci.yml".text = builtins.readFile (tmuxFormat.generate "ci.yml" { session = "nomad";
session = "CI"; root = "~/";
root = "~/"; windows = [
windows = [ {
{ name = "rnsd";
name = "CI Status"; layout = "even-vertical";
layout = "even-vertical"; root = "~/reticulum";
commands = [ commands = [ "./bin/rnsd" ];
"journalctl -xef -u xin-ci-update.service" }
]; {
panes = [ name = "NomadNet";
{ root = "~/reticulum";
type = "even-vertical"; commands = [ "./bin/nomadnet" ];
commands = [ "journalctl -xef -u xin-ci.service" ]; }
} ];
]; }
} );
{ etc."smug/ci.yml".text = builtins.readFile (
name = "btop"; tmuxFormat.generate "ci.yml" {
commands = [ session = "CI";
"btop" root = "~/";
]; windows = [
} {
]; name = "CI Status";
}); layout = "even-vertical";
etc."smug/main.yml".text = builtins.readFile (tmuxFormat.generate "main.yml" { commands = [ "journalctl -xef -u xin-ci-update.service" ];
session = "Main"; panes = [
root = "~/"; {
before_start = [ type = "even-vertical";
"ssh-add" commands = [ "journalctl -xef -u xin-ci.service" ];
]; }
windows = [ ];
{ }
name = "Status"; {
commands = [ name = "btop";
"while true; do ssh -4 anonicb@slackers.openbsd.org; sleep 300; done" commands = [ "btop" ];
]; }
panes = [ ];
{ }
commands = [ "mosh pwntie 'smug -f /etc/smug/ci.yml start'" ]; );
} etc."smug/main.yml".text = builtins.readFile (
]; tmuxFormat.generate "main.yml" {
} session = "Main";
{ root = "~/";
name = "Barrier"; before_start = [ "ssh-add" ];
commands = [ windows = [
"barriers -a 127.0.0.1 -f --disable-crypto" {
]; name = "Status";
panes = [ commands = [ "while true; do ssh -4 anonicb@slackers.openbsd.org; sleep 300; done" ];
{ panes = [ { commands = [ "mosh pwntie 'smug -f /etc/smug/ci.yml start'" ]; } ];
commands = [ "ssh stan" ]; }
} {
]; name = "Barrier";
} commands = [ "barriers -a 127.0.0.1 -f --disable-crypto" ];
{ panes = [ { commands = [ "ssh stan" ]; } ];
name = "Xin"; }
root = "src/xin"; {
} name = "Xin";
{ root = "src/xin";
name = "Lab"; }
root = "src/biltong"; {
} name = "Lab";
{ root = "src/biltong";
name = "NixPkgs"; }
root = "src/nixpkgs"; {
} name = "NixPkgs";
{ root = "src/nixpkgs";
name = "NomadNet"; }
root = "reticulum"; {
} name = "NomadNet";
]; root = "reticulum";
}); }
];
}
);
}; };
}; };
} }

View File

@ -1,9 +1,10 @@
{ config {
, pkgs config,
, lib pkgs,
, inputs lib,
, xinlib inputs,
, ... xinlib,
...
}: }:
let let
tailnetACLs = tailnetACLs =
@ -44,8 +45,16 @@ let
} }
{ {
action = "accept"; action = "accept";
src = [ "tag:minservice" "tag:sshonly" ]; src = [
dst = [ "*:22" "box:3030" "nbc:443" "console:2222" ]; "tag:minservice"
"tag:sshonly"
];
dst = [
"*:22"
"box:3030"
"nbc:443"
"console:2222"
];
} }
{ {
action = "accept"; action = "accept";
@ -90,7 +99,8 @@ let
]; ];
enabled = config.nixManager.enable; enabled = config.nixManager.enable;
in in
with lib; { with lib;
{
sops.secrets = mkIf enabled { sops.secrets = mkIf enabled {
tailnet_acl_manager = { tailnet_acl_manager = {
owner = config.nixManager.user; owner = config.nixManager.user;

View File

@ -1,4 +1,5 @@
{ ... }: { { ... }:
{
programs.tmux = { programs.tmux = {
enable = true; enable = true;
extraConfig = '' extraConfig = ''

View File

@ -1,8 +1,6 @@
{ config { config, lib, ... }:
, lib with lib;
, ... {
}:
with lib; {
options = { options = {
autoUpdate = { autoUpdate = {
enable = mkOption { enable = mkOption {

View File

@ -1,4 +1,5 @@
{ ... }: { { ... }:
{
config = { config = {
programs.zsh.interactiveShellInit = '' programs.zsh.interactiveShellInit = ''
export NO_COLOR=1 export NO_COLOR=1

View File

@ -1,16 +1,20 @@
{ config { config, lib, ... }:
, lib with lib;
, ... {
}:
with lib; {
options = { options = {
buildConsumer = { enable = mkEnableOption "Use remote build machines"; }; buildConsumer = {
enable = mkEnableOption "Use remote build machines";
};
}; };
config = mkIf config.buildConsumer.enable { config = mkIf config.buildConsumer.enable {
programs.ssh.knownHosts = { programs.ssh.knownHosts = {
pcake = { pcake = {
hostNames = [ "pcake" "pcake.tapenet.org" "10.6.0.202" ]; hostNames = [
"pcake"
"pcake.tapenet.org"
"10.6.0.202"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHgqVw3QWNG6Ty5o2HwW+25Eh59W3lZ30+wMqTEkUZVH"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHgqVw3QWNG6Ty5o2HwW+25Eh59W3lZ30+wMqTEkUZVH";
}; };
}; };
@ -24,10 +28,18 @@ with lib; {
buildMachines = [ buildMachines = [
{ {
hostName = "pcake"; hostName = "pcake";
systems = [ "x86_64-linux" "aarch64-linux" ]; systems = [
"x86_64-linux"
"aarch64-linux"
];
maxJobs = 2; maxJobs = 2;
speedFactor = 4; speedFactor = 4;
supportedFeatures = [ "kvm" "big-parallel" "nixos-test" "benchmark" ]; supportedFeatures = [
"kvm"
"big-parallel"
"nixos-test"
"benchmark"
];
mandatoryFeatures = [ ]; mandatoryFeatures = [ ];
} }
]; ];

View File

@ -1,8 +1,6 @@
{ config { config, lib, ... }:
, lib with lib;
, ... {
}:
with lib; {
options = { options = {
buildServer = { buildServer = {
enable = mkEnableOption "Server will be used as part of the build infra"; enable = mkEnableOption "Server will be used as part of the build infra";

View File

@ -1 +1,7 @@
{ ... }: { imports = [ ./build-consumer.nix ./build-server.nix ]; } { ... }:
{
imports = [
./build-consumer.nix
./build-server.nix
];
}

View File

@ -1,10 +1,11 @@
{ config {
, lib config,
, options lib,
, pkgs options,
, xinlib pkgs,
, isUnstable xinlib,
, ... isUnstable,
...
}: }:
let let
inherit (xinlib) todo; inherit (xinlib) todo;
@ -35,14 +36,16 @@ in
./bins ./bins
]; ];
disabledModules = [ disabledModules = [ "services/web-apps/gotosocial.nix" ];
"services/web-apps/gotosocial.nix"
];
options.myconf = { options.myconf = {
managementPubKeys = lib.mkOption rec { managementPubKeys = lib.mkOption rec {
type = lib.types.listOf lib.types.str; type = lib.types.listOf lib.types.str;
default = [ managementKey statusKey breakGlassKey ]; default = [
managementKey
statusKey
breakGlassKey
];
example = default; example = default;
description = "List of management public keys to use"; description = "List of management public keys to use";
}; };
@ -127,7 +130,9 @@ in
''; '';
boot = { boot = {
loader = { systemd-boot.configurationLimit = 15; }; loader = {
systemd-boot.configurationLimit = 15;
};
kernelPackages = lib.mkDefault pkgs.linuxPackages_hardened; kernelPackages = lib.mkDefault pkgs.linuxPackages_hardened;
kernel.sysctl = { kernel.sysctl = {
"net.ipv4.tcp_keepalive_time" = 60; "net.ipv4.tcp_keepalive_time" = 60;
@ -138,23 +143,27 @@ in
nix = { nix = {
settings = settings =
if config.xinCI.enable if config.xinCI.enable then
then { } { }
else { else
substituters = lib.mkForce [ {
"https://cache.nixos.org" substituters = lib.mkForce [
"https://nix-binary-cache.otter-alligator.ts.net/" "https://cache.nixos.org"
]; "https://nix-binary-cache.otter-alligator.ts.net/"
trusted-public-keys = [ ];
"nix-binary-cache.otter-alligator.ts.net:XzgdqR79WNOzcvSHlgh4FDeFNUYR8U2m9dZGI7whuco=" trusted-public-keys = [
"nix-binary-cache.humpback-trout.ts.net:e9fJhcRtNVp6miW2pffFyK/gZ2et4y6IDigBNrEsAa0=" "nix-binary-cache.otter-alligator.ts.net:XzgdqR79WNOzcvSHlgh4FDeFNUYR8U2m9dZGI7whuco="
]; "nix-binary-cache.humpback-trout.ts.net:e9fJhcRtNVp6miW2pffFyK/gZ2et4y6IDigBNrEsAa0="
}; ];
};
}; };
environment = { environment = {
etc."ssh/ca.pub" = { text = caPubKeys; }; etc."ssh/ca.pub" = {
systemPackages = with pkgs; text = caPubKeys;
};
systemPackages =
with pkgs;
[ [
age age
apg apg
@ -179,11 +188,7 @@ in
taskwarrior taskwarrior
tmux tmux
] ]
++ ( ++ (if isUnstable then [ nil ] else [ ]);
if isUnstable
then [ nil ]
else [ ]
);
interactiveShellInit = '' interactiveShellInit = ''
alias vi=nvim alias vi=nvim
@ -221,8 +226,7 @@ in
}; };
}; };
services.logrotate.checkConfig = services.logrotate.checkConfig = todo "logrotate.checkConfig disabled: https://github.com/NixOS/nix/issues/8502" false;
todo "logrotate.checkConfig disabled: https://github.com/NixOS/nix/issues/8502" false;
services = { services = {
openssh = { openssh = {
@ -233,7 +237,10 @@ in
settings = { settings = {
PermitRootLogin = "prohibit-password"; PermitRootLogin = "prohibit-password";
PasswordAuthentication = false; PasswordAuthentication = false;
KexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ]; KexAlgorithms = [
"curve25519-sha256"
"curve25519-sha256@libssh.org"
];
Macs = [ Macs = [
"hmac-sha2-512-etm@openssh.com" "hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com" "hmac-sha2-256-etm@openssh.com"

184
flake.nix
View File

@ -104,41 +104,46 @@
}; };
outputs = outputs =
{ self {
, darwin self,
, gostart darwin,
, peerix gostart,
, po peerix,
, pots po,
, pr-status pots,
, stable pr-status,
, tsRevProx stable,
, traygent tsRevProx,
, tsvnstat traygent,
, unstable tsvnstat,
, unstableSmall unstable,
, xin-secrets unstableSmall,
, xintray xin-secrets,
, simple-nixos-mailserver xintray,
, nixos-hardware simple-nixos-mailserver,
, beyt nixos-hardware,
, ... beyt,
} @ inputs: ...
}@inputs:
let let
xinlib = import ./lib { inherit (unstable) lib; }; xinlib = import ./lib { inherit (unstable) lib; };
supportedSystems = [ "x86_64-linux" ]; supportedSystems = [ "x86_64-linux" ];
#[ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ]; #[ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
forAllSystems = unstable.lib.genAttrs supportedSystems; forAllSystems = unstable.lib.genAttrs supportedSystems;
unstablePkgsFor = forAllSystems (system: unstablePkgsFor = forAllSystems (
system:
import unstable { import unstable {
inherit system; inherit system;
#imports = [ ./overlays ]; #imports = [ ./overlays ];
}); }
stablePkgsFor = forAllSystems (system: );
stablePkgsFor = forAllSystems (
system:
import stable { import stable {
inherit system; inherit system;
#imports = [ ./overlays ]; #imports = [ ./overlays ];
}); }
);
hostBase = { hostBase = {
modules = [ modules = [
# Common config stuffs # Common config stuffs
@ -162,7 +167,8 @@
inputs.tsRevProx.overlay inputs.tsRevProx.overlay
]; ];
buildSys = sys: sysBase: extraMods: name: buildSys =
sys: sysBase: extraMods: name:
sysBase.lib.nixosSystem { sysBase.lib.nixosSystem {
system = sys; system = sys;
specialArgs = { specialArgs = {
@ -184,8 +190,11 @@
}; };
} }
] ]
++ [ (xinlib.buildVer self) (./. + "/hosts/${name}") ] ++ [
++ [{ nixpkgs.overlays = overlays; }]; (xinlib.buildVer self)
(./. + "/hosts/${name}")
]
++ [ { nixpkgs.overlays = overlays; } ];
}; };
lpkgs = unstable.legacyPackages.x86_64-linux; lpkgs = unstable.legacyPackages.x86_64-linux;
darwinPkgs = unstableSmall.legacyPackages.aarch64-darwin; darwinPkgs = unstableSmall.legacyPackages.aarch64-darwin;
@ -194,7 +203,9 @@
darwinConfigurations = { darwinConfigurations = {
plq = darwin.lib.darwinSystem { plq = darwin.lib.darwinSystem {
system = "aarch64-darwin"; system = "aarch64-darwin";
specialArgs = { inherit xinlib; }; specialArgs = {
inherit xinlib;
};
modules = [ modules = [
xin-secrets.nixosModules.sops xin-secrets.nixosModules.sops
./overlays ./overlays
@ -223,34 +234,37 @@
stableList.nixpkgs.overlays ++ unstableList.nixpkgs.overlays; stableList.nixpkgs.overlays ++ unstableList.nixpkgs.overlays;
}; };
formatter.x86_64-linux = stable.legacyPackages.x86_64-linux.nixpkgs-fmt; formatter.x86_64-linux = unstable.legacyPackages.x86_64-linux.nixfmt-rfc-style;
formatter.aarch64-darwin = stable.legacyPackages.aarch64-darwin.nixpkgs-fmt; formatter.aarch64-darwin = unstable.legacyPackages.aarch64-darwin.nixfmt-rfc-style;
devShells.x86_64-linux.default = xinlib.buildShell lpkgs; devShells.x86_64-linux.default = xinlib.buildShell lpkgs;
devShells.aarch64-darwin.default = xinlib.buildShell darwinPkgs; devShells.aarch64-darwin.default = xinlib.buildShell darwinPkgs;
nixosConfigurations = { nixosConfigurations = {
europa = buildSys "x86_64-linux" unstable [ europa =
nixos-hardware.nixosModules.framework-11th-gen-intel buildSys "x86_64-linux" unstable [ nixos-hardware.nixosModules.framework-11th-gen-intel ]
] "europa"; "europa";
clunk = buildSys "x86_64-linux" unstable [ ] "clunk"; clunk = buildSys "x86_64-linux" unstable [ ] "clunk";
orcim = buildSys "x86_64-linux" unstable [ ] "orcim"; orcim = buildSys "x86_64-linux" unstable [ ] "orcim";
pwntie = buildSys "x86_64-linux" stable [ ] "pwntie"; pwntie = buildSys "x86_64-linux" stable [ ] "pwntie";
stan = buildSys "x86_64-linux" unstable [ stan =
nixos-hardware.nixosModules.framework-11th-gen-intel buildSys "x86_64-linux" unstable [ nixos-hardware.nixosModules.framework-11th-gen-intel ]
] "stan"; "stan";
weather = buildSys "aarch64-linux" stable [ ] "weather"; weather = buildSys "aarch64-linux" stable [ ] "weather";
octo = buildSys "aarch64-linux" stable [ ] "octo"; octo = buildSys "aarch64-linux" stable [ ] "octo";
faf = buildSys "x86_64-linux" stable [ ./configs/hardened.nix ] "faf"; faf = buildSys "x86_64-linux" stable [ ./configs/hardened.nix ] "faf";
box = buildSys "x86_64-linux" unstable [ ./configs/hardened.nix ] "box"; box = buildSys "x86_64-linux" unstable [ ./configs/hardened.nix ] "box";
h = buildSys "x86_64-linux" stable [ h =
./configs/hardened.nix buildSys "x86_64-linux" stable
gostart.nixosModule [
pots.nixosModule ./configs/hardened.nix
pr-status.nixosModule gostart.nixosModule
simple-nixos-mailserver.nixosModule pots.nixosModule
] "h"; pr-status.nixosModule
simple-nixos-mailserver.nixosModule
]
"h";
#router = #router =
# buildSys "x86_64-linux" stable [ ./configs/hardened.nix ] "router"; # buildSys "x86_64-linux" stable [ ./configs/hardened.nix ] "router";
@ -294,14 +308,14 @@
}; };
}; };
packages = forAllSystems (system: packages = forAllSystems (
system:
let let
upkgs = unstablePkgsFor.${system}; upkgs = unstablePkgsFor.${system};
spkgs = stablePkgsFor.${system}; spkgs = stablePkgsFor.${system};
in in
{ {
ada_language_server = ada_language_server = spkgs.callPackage ./pkgs/ada_language_server.nix { inherit spkgs; };
spkgs.callPackage ./pkgs/ada_language_server.nix { inherit spkgs; };
alire = spkgs.callPackage ./pkgs/alire.nix { inherit spkgs; }; alire = spkgs.callPackage ./pkgs/alire.nix { inherit spkgs; };
bearclaw = spkgs.callPackage ./pkgs/bearclaw.nix { inherit spkgs; }; bearclaw = spkgs.callPackage ./pkgs/bearclaw.nix { inherit spkgs; };
rtlamr = spkgs.callPackage ./pkgs/rtlamr.nix { inherit spkgs; }; rtlamr = spkgs.callPackage ./pkgs/rtlamr.nix { inherit spkgs; };
@ -309,9 +323,7 @@
inherit spkgs; inherit spkgs;
isUnstable = true; isUnstable = true;
}; };
himitsu = upkgs.callPackage ./pkgs/himitsu.nix { himitsu = upkgs.callPackage ./pkgs/himitsu.nix { inherit upkgs; };
inherit upkgs;
};
icbirc = spkgs.callPackage ./pkgs/icbirc.nix { icbirc = spkgs.callPackage ./pkgs/icbirc.nix {
inherit spkgs; inherit spkgs;
isUnstable = true; isUnstable = true;
@ -319,52 +331,32 @@
femtolisp = upkgs.callPackage ./pkgs/femtolisp.nix { }; femtolisp = upkgs.callPackage ./pkgs/femtolisp.nix { };
ttfs = upkgs.callPackage ./pkgs/ttfs.nix { }; ttfs = upkgs.callPackage ./pkgs/ttfs.nix { };
fyne = upkgs.callPackage ./pkgs/fyne.nix { inherit upkgs; }; fyne = upkgs.callPackage ./pkgs/fyne.nix { inherit upkgs; };
flake-warn = flake-warn = spkgs.callPackage ./pkgs/flake-warn.nix { inherit spkgs; };
spkgs.callPackage ./pkgs/flake-warn.nix { inherit spkgs; };
#kurinto = spkgs.callPackage ./pkgs/kurinto.nix {}; #kurinto = spkgs.callPackage ./pkgs/kurinto.nix {};
mcchunkie = spkgs.callPackage ./pkgs/mcchunkie.nix { inherit spkgs; }; mcchunkie = spkgs.callPackage ./pkgs/mcchunkie.nix { inherit spkgs; };
yaegi = spkgs.callPackage ./pkgs/yaegi.nix { inherit spkgs; }; yaegi = spkgs.callPackage ./pkgs/yaegi.nix { inherit spkgs; };
gen-patches = gen-patches = spkgs.callPackage ./bins/gen-patches.nix { inherit spkgs; };
spkgs.callPackage ./bins/gen-patches.nix { inherit spkgs; };
yarr = spkgs.callPackage ./pkgs/yarr.nix { yarr = spkgs.callPackage ./pkgs/yarr.nix {
inherit spkgs; inherit spkgs;
isUnstable = true; isUnstable = true;
}; };
precursorupdater = spkgs.python3Packages.callPackage ./pkgs/precursorupdater.nix { precursorupdater = spkgs.python3Packages.callPackage ./pkgs/precursorupdater.nix { inherit spkgs; };
inherit spkgs; rtlamr2mqtt = spkgs.python3Packages.callPackage ./pkgs/rtlamr2mqtt.nix { inherit spkgs; };
}; kobuddy = upkgs.python3Packages.callPackage ./pkgs/kobuddy.nix { inherit upkgs; };
rtlamr2mqtt = spkgs.python3Packages.callPackage ./pkgs/rtlamr2mqtt.nix {
inherit spkgs;
};
kobuddy = upkgs.python3Packages.callPackage ./pkgs/kobuddy.nix {
inherit upkgs;
};
bandcamp-downloader = upkgs.python3Packages.callPackage ./pkgs/bandcamp-downloader.nix { bandcamp-downloader = upkgs.python3Packages.callPackage ./pkgs/bandcamp-downloader.nix {
inherit upkgs; inherit upkgs;
}; };
ghexport = upkgs.python3Packages.callPackage ./pkgs/ghexport.nix { ghexport = upkgs.python3Packages.callPackage ./pkgs/ghexport.nix { inherit upkgs; };
inherit upkgs; hpi = upkgs.python3Packages.callPackage ./pkgs/hpi.nix { inherit upkgs; };
}; openevse = upkgs.python3Packages.callPackage ./pkgs/openevse.nix { inherit upkgs; };
hpi = promnesia = upkgs.python3Packages.callPackage ./pkgs/promnesia.nix { inherit upkgs; };
upkgs.python3Packages.callPackage ./pkgs/hpi.nix { inherit upkgs; }; sliding-sync = spkgs.callPackage ./pkgs/sliding-sync.nix { inherit spkgs; };
openevse =
upkgs.python3Packages.callPackage ./pkgs/openevse.nix { inherit upkgs; };
promnesia = upkgs.python3Packages.callPackage ./pkgs/promnesia.nix {
inherit upkgs;
};
sliding-sync =
spkgs.callPackage ./pkgs/sliding-sync.nix { inherit spkgs; };
golink = spkgs.callPackage ./pkgs/golink.nix { inherit spkgs; }; golink = spkgs.callPackage ./pkgs/golink.nix { inherit spkgs; };
gokrazy = upkgs.callPackage ./pkgs/gokrazy.nix { inherit upkgs; }; gokrazy = upkgs.callPackage ./pkgs/gokrazy.nix { inherit upkgs; };
gosignify = spkgs.callPackage ./pkgs/gosignify.nix { inherit spkgs; }; gosignify = spkgs.callPackage ./pkgs/gosignify.nix { inherit spkgs; };
gotosocial = gotosocial = spkgs.callPackage ./pkgs/gotosocial.nix { inherit spkgs; };
spkgs.callPackage ./pkgs/gotosocial.nix { inherit spkgs; }; zutty = upkgs.callPackage ./pkgs/zutty.nix { inherit upkgs; };
zutty = upkgs.callPackage ./pkgs/zutty.nix { mvoice = upkgs.callPackage ./pkgs/mvoice.nix { inherit upkgs; };
inherit upkgs;
};
mvoice = upkgs.callPackage ./pkgs/mvoice.nix {
inherit upkgs;
};
inherit (xintray.packages.${system}) xintray; inherit (xintray.packages.${system}) xintray;
inherit (beyt.packages.${system}) beyt; inherit (beyt.packages.${system}) beyt;
inherit (tsvnstat.packages.${system}) tsvnstat; inherit (tsvnstat.packages.${system}) tsvnstat;
@ -374,7 +366,8 @@
inherit (traygent.packages.${system}) traygent; inherit (traygent.packages.${system}) traygent;
inherit (spkgs) matrix-synapse; inherit (spkgs) matrix-synapse;
}); }
);
templates = { templates = {
"ada" = { "ada" = {
@ -405,15 +398,24 @@
checks = checks =
let let
buildList = [ "europa" "stan" "h" "box" "faf" "weather" "clunk" "orcim" ]; buildList = [
"europa"
"stan"
"h"
"box"
"faf"
"weather"
"clunk"
"orcim"
];
in in
with unstable.lib; with unstable.lib;
foldl' recursiveUpdate { } (mapAttrsToList foldl' recursiveUpdate { } (
(name: system: { mapAttrsToList
"${system.pkgs.stdenv.hostPlatform.system}"."${name}" = (name: system: {
system.config.system.build.toplevel; "${system.pkgs.stdenv.hostPlatform.system}"."${name}" = system.config.system.build.toplevel;
}) })
(filterAttrs (n: _: (builtins.elem n buildList)) (filterAttrs (n: _: (builtins.elem n buildList)) self.nixosConfigurations)
self.nixosConfigurations)); );
}; };
} }

View File

@ -1,10 +1,11 @@
{ config {
, lib config,
, pkgs lib,
, xinlib pkgs,
, isUnstable xinlib,
, inputs isUnstable,
, ... inputs,
...
}: }:
let let
inherit (builtins) toJSON; inherit (builtins) toJSON;
@ -13,11 +14,8 @@ let
firefox = import ../configs/firefox.nix { inherit pkgs; }; firefox = import ../configs/firefox.nix { inherit pkgs; };
myEmacs = pkgs.callPackage ../configs/emacs.nix { }; myEmacs = pkgs.callPackage ../configs/emacs.nix { };
rage = pkgs.writeScriptBin "rage" (import ../bins/rage.nix { inherit pkgs; }); rage = pkgs.writeScriptBin "rage" (import ../bins/rage.nix { inherit pkgs; });
rpr = rpr = pkgs.writeScriptBin "rpr" (import ../bins/rpr.nix { inherit (pkgs) hut gh tea; });
pkgs.writeScriptBin "rpr" promnesia = pkgs.python3Packages.callPackage ../pkgs/promnesia.nix { inherit pkgs; };
(import ../bins/rpr.nix { inherit (pkgs) hut gh tea; });
promnesia =
pkgs.python3Packages.callPackage ../pkgs/promnesia.nix { inherit pkgs; };
hpi = pkgs.python3Packages.callPackage ../pkgs/hpi.nix { inherit pkgs; }; hpi = pkgs.python3Packages.callPackage ../pkgs/hpi.nix { inherit pkgs; };
promnesiaService = { promnesiaService = {
promnesia = { promnesia = {
@ -35,7 +33,10 @@ let
name = "promnesia-index"; name = "promnesia-index";
script = "${promnesia}/bin/promnesia index"; script = "${promnesia}/bin/promnesia index";
startAt = "*:0/5"; startAt = "*:0/5";
path = [ promnesia hpi ]; path = [
promnesia
hpi
];
} }
]; ];
fontSet = with pkgs; [ fontSet = with pkgs; [
@ -51,18 +52,35 @@ let
} }
{ {
command_path = "${pkgs.kdialog}/bin/kdialog"; command_path = "${pkgs.kdialog}/bin/kdialog";
command_args = [ "--title" "traygent" "--passivepopup" "SSH Key Added" "5" ]; command_args = [
"--title"
"traygent"
"--passivepopup"
"SSH Key Added"
"5"
];
event = "added"; event = "added";
} }
{ {
command_path = "${pkgs.kdialog}/bin/kdialog"; command_path = "${pkgs.kdialog}/bin/kdialog";
command_args = [ "--title" "traygent" "--passivepopup" "SSH Key Removed" "5" ]; command_args = [
"--title"
"traygent"
"--passivepopup"
"SSH Key Removed"
"5"
];
event = "removed"; event = "removed";
} }
]; ];
in in
with lib; { with lib;
imports = [ ./gnome.nix ./kde.nix ./xfce.nix ]; {
imports = [
./gnome.nix
./kde.nix
./xfce.nix
];
options = { options = {
pulse = { pulse = {
@ -98,43 +116,48 @@ with lib; {
documentation.enable = true; documentation.enable = true;
# TODO: TEMP FIX # TODO: TEMP FIX
systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart = systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart = lib.mkForce [
lib.mkForce [ "" "${pkgs.networkmanager}/bin/nm-online -q" ]; ""
"${pkgs.networkmanager}/bin/nm-online -q"
];
fonts = if isUnstable then { packages = fontSet; } else { fonts = fontSet; }; fonts = if isUnstable then { packages = fontSet; } else { fonts = fontSet; };
sound.enable = true; sound.enable = true;
environment = { environment = {
etc."traygent.json" = { text = traygentCmds; }; etc."traygent.json" = {
text = traygentCmds;
};
sessionVariables = { sessionVariables = {
SSH_AUTH_SOCK = "$HOME/.traygent"; SSH_AUTH_SOCK = "$HOME/.traygent";
}; };
systemPackages = with pkgs; (xinlib.filterList [ systemPackages =
alacritty with pkgs;
bc (xinlib.filterList [
beyt alacritty
black bc
drawterm beyt
exiftool black
go-font drawterm
govulncheck exiftool
hpi go-font
pcsctools govulncheck
plan9port hpi
promnesia pcsctools
rage plan9port
rpr promnesia
traygent rage
vlc rpr
zeal traygent
vlc
zeal
(callPackage ../configs/helix.nix { }) (callPackage ../configs/helix.nix { })
]); ]);
}; };
programs = { } // firefox.programs; programs = { } // firefox.programs;
systemd.user.services = systemd.user.services =
(lib.listToAttrs (builtins.map xinlib.jobToUserService jobs)) (lib.listToAttrs (builtins.map xinlib.jobToUserService jobs)) // promnesiaService;
// promnesiaService;
security.rtkit.enable = true; security.rtkit.enable = true;
}) })
(mkIf config.pipewire.enable { (mkIf config.pipewire.enable {

View File

@ -1,9 +1,11 @@
{ config { config, lib, ... }:
, lib with lib;
, ... {
}: options = {
with lib; { gnome = {
options = { gnome = { enable = mkEnableOption "Enable GNOME desktop."; }; }; enable = mkEnableOption "Enable GNOME desktop.";
};
};
config = mkIf config.gnome.enable { config = mkIf config.gnome.enable {
services.xserver.displayManager.gdm.enable = true; services.xserver.displayManager.gdm.enable = true;

View File

@ -1,13 +1,18 @@
{ config {
, lib config,
, pkgs lib,
, ... pkgs,
...
}: }:
let let
inherit (pkgs.libsForQt5) callPackage; inherit (pkgs.libsForQt5) callPackage;
in in
{ {
options = { kde = { enable = lib.mkEnableOption "Enable KDE desktop."; }; }; options = {
kde = {
enable = lib.mkEnableOption "Enable KDE desktop.";
};
};
config = lib.mkIf config.kde.enable { config = lib.mkIf config.kde.enable {
services.xserver.displayManager.sddm.enable = true; services.xserver.displayManager.sddm.enable = true;

View File

@ -1,10 +1,16 @@
{ config {
, lib config,
, pkgs lib,
, ... pkgs,
...
}: }:
with lib; { with lib;
options = { xfce = { enable = mkEnableOption "Enable XFCE desktop."; }; }; {
options = {
xfce = {
enable = mkEnableOption "Enable XFCE desktop.";
};
};
config = mkIf config.xfce.enable { config = mkIf config.xfce.enable {
security.pam.services = { security.pam.services = {
@ -22,6 +28,8 @@ with lib; {
]; ];
services.xserver.displayManager.sddm.enable = true; services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.xfce = { enable = true; }; services.xserver.desktopManager.xfce = {
enable = true;
};
}; };
} }

View File

@ -1,8 +1,9 @@
{ config {
, lib config,
, pkgs lib,
, xinlib pkgs,
, ... xinlib,
...
}: }:
let let
inherit (xinlib) todo; inherit (xinlib) todo;
@ -38,7 +39,9 @@ let
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
]; ];
userBase = { openssh.authorizedKeys.keys = pubKeys; }; userBase = {
openssh.authorizedKeys.keys = pubKeys;
};
mkNginxSecret = { mkNginxSecret = {
sopsFile = config.xin-secrets.box.certs; sopsFile = config.xin-secrets.box.certs;
owner = config.users.users.nginx.name; owner = config.users.users.nginx.name;
@ -66,8 +69,12 @@ in
owner = config.users.users.gitea.name; owner = config.users.users.gitea.name;
sopsFile = config.xin-secrets.box.services; sopsFile = config.xin-secrets.box.services;
}; };
"bitwarden_rs.env" = { sopsFile = config.xin-secrets.box.services; }; "bitwarden_rs.env" = {
"wireguard_private_key" = { sopsFile = config.xin-secrets.box.services; }; sopsFile = config.xin-secrets.box.services;
};
"wireguard_private_key" = {
sopsFile = config.xin-secrets.box.services;
};
"restic_htpasswd" = { "restic_htpasswd" = {
owner = config.users.users.restic.name; owner = config.users.users.restic.name;
sopsFile = config.xin-secrets.box.services; sopsFile = config.xin-secrets.box.services;
@ -132,10 +139,16 @@ in
"10.6.0.15" = [ "jelly.bold.daemon" ]; "10.6.0.15" = [ "jelly.bold.daemon" ];
"100.74.8.55" = [ "nix-binary-cache.otter-alligator.ts.net" ]; "100.74.8.55" = [ "nix-binary-cache.otter-alligator.ts.net" ];
}; };
interfaces.enp7s0 = { useDHCP = true; }; interfaces.enp7s0 = {
useDHCP = true;
};
firewall = { firewall = {
interfaces = { "tailscale0" = { allowedTCPPorts = [ 3030 ]; }; }; interfaces = {
"tailscale0" = {
allowedTCPPorts = [ 3030 ];
};
};
interfaces = { interfaces = {
"wg0" = { "wg0" = {
allowedTCPPorts = [ allowedTCPPorts = [
@ -145,19 +158,17 @@ in
]; ];
}; };
}; };
allowedTCPPorts = allowedTCPPorts = config.services.openssh.ports ++ [
config.services.openssh.ports 80
++ [ 443
80 config.services.gitea.settings.server.SSH_PORT
443 21063 # homekit
config.services.gitea.settings.server.SSH_PORT 21064 # homekit
21063 #homekit 1883 # mosquitto
21064 #homekit 8484 # restic-rest server
1883 # mosquitto ];
8484 # restic-rest server
];
allowedUDPPorts = [ allowedUDPPorts = [
5353 #homekit 5353 # homekit
]; ];
allowedUDPPortRanges = [ allowedUDPPortRanges = [
{ {
@ -191,9 +202,7 @@ in
nixpkgs = { nixpkgs = {
config = { config = {
allowUnfree = true; allowUnfree = true;
permittedInsecurePackages = todo "figure out what is using openssl-1.1.1w" [ permittedInsecurePackages = todo "figure out what is using openssl-1.1.1w" [ "openssl-1.1.1w" ];
"openssl-1.1.1w"
];
}; };
#overlays = [ #overlays = [
# (_: _: { # (_: _: {
@ -227,7 +236,17 @@ in
groups = { groups = {
media = { media = {
name = "media"; name = "media";
members = [ "qbit" "sonarr" "radarr" "lidarr" "nzbget" "jellyfin" "headphones" "rtorrent" "readarr" ]; members = [
"qbit"
"sonarr"
"radarr"
"lidarr"
"nzbget"
"jellyfin"
"headphones"
"rtorrent"
"readarr"
];
}; };
photos = { photos = {
@ -290,8 +309,8 @@ in
}; };
home-assistant = { home-assistant = {
enable = true; enable = true;
extraPackages = python3Packages: extraPackages =
with python3Packages; [ python3Packages: with python3Packages; [
pyipp pyipp
pymetno pymetno
ical ical
@ -326,8 +345,7 @@ in
"zeroconf" "zeroconf"
]; ];
config = { config = {
sensor = [ sensor = [ ];
];
mqtt.sensor = [ mqtt.sensor = [
{ {
name = "Greenhouse Temperature"; name = "Greenhouse Temperature";
@ -348,8 +366,7 @@ in
#"homeassistant.components.aprs" = "debug"; #"homeassistant.components.aprs" = "debug";
}; };
}; };
"automation manual" = [ "automation manual" = [ ];
];
"automation ui" = "!include automations.yaml"; "automation ui" = "!include automations.yaml";
rest = [ rest = [
{ {
@ -381,8 +398,7 @@ in
}; };
} }
]; ];
device_tracker = [ device_tracker = [ ];
];
default_config = { }; default_config = { };
http = { http = {
use_x_forwarded_for = true; use_x_forwarded_for = true;
@ -482,7 +498,9 @@ in
in in
[ "@daily root ${tsCertsScript}/bin/ts-certs.sh" ]; [ "@daily root ${tsCertsScript}/bin/ts-certs.sh" ];
}; };
openssh = { settings.X11Forwarding = true; }; openssh = {
settings.X11Forwarding = true;
};
tor.enable = true; tor.enable = true;
@ -508,7 +526,9 @@ in
nzbget = { nzbget = {
enable = true; enable = true;
group = "media"; group = "media";
settings = { MainDir = "/media/downloads"; }; settings = {
MainDir = "/media/downloads";
};
}; };
fwupd.enable = true; fwupd.enable = true;
@ -539,7 +559,9 @@ in
calibre-web = { calibre-web = {
enable = true; enable = true;
group = "media"; group = "media";
options = { enableBookUploading = true; }; options = {
enableBookUploading = true;
};
listen.port = 8909; listen.port = 8909;
listen.ip = "127.0.0.1"; listen.ip = "127.0.0.1";
}; };
@ -570,10 +592,7 @@ in
name = "Loki"; name = "Loki";
type = "loki"; type = "loki";
access = "proxy"; access = "proxy";
url = "http://127.0.0.1:${ url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}";
toString
config.services.loki.configuration.server.http_listen_port
}";
} }
]; ];
}; };
@ -591,7 +610,9 @@ in
lifecycler = { lifecycler = {
address = "127.0.0.1"; address = "127.0.0.1";
ring = { ring = {
kvstore = { store = "inmemory"; }; kvstore = {
store = "inmemory";
};
replication_factor = 1; replication_factor = 1;
}; };
}; };
@ -625,7 +646,9 @@ in
shared_store = "filesystem"; shared_store = "filesystem";
}; };
filesystem = { directory = "/var/lib/loki/chunks"; }; filesystem = {
directory = "/var/lib/loki/chunks";
};
}; };
limits_config = { limits_config = {
@ -633,7 +656,9 @@ in
reject_old_samples_max_age = "168h"; reject_old_samples_max_age = "168h";
}; };
chunk_store_config = { max_look_back_period = "0s"; }; chunk_store_config = {
max_look_back_period = "0s";
};
table_manager = { table_manager = {
retention_deletes_enabled = false; retention_deletes_enabled = false;
@ -643,7 +668,11 @@ in
compactor = { compactor = {
working_directory = "/var/lib/loki"; working_directory = "/var/lib/loki";
shared_store = "filesystem"; shared_store = "filesystem";
compactor_ring = { kvstore = { store = "inmemory"; }; }; compactor_ring = {
kvstore = {
store = "inmemory";
};
};
}; };
}; };
}; };
@ -655,13 +684,12 @@ in
http_listen_port = 3031; http_listen_port = 3031;
grpc_listen_port = 0; grpc_listen_port = 0;
}; };
positions = { filename = "/tmp/positions.yaml"; }; positions = {
filename = "/tmp/positions.yaml";
};
clients = [ clients = [
{ {
url = "http://127.0.0.1:${ url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
toString
config.services.loki.configuration.server.http_listen_port
}/loki/api/v1/push";
} }
]; ];
scrape_configs = [ scrape_configs = [
@ -696,7 +724,9 @@ in
port = 9002; port = 9002;
}; };
nginx = { enable = true; }; nginx = {
enable = true;
};
rtl_433 = { rtl_433 = {
enable = true; enable = true;
@ -720,53 +750,35 @@ in
{ {
job_name = "rtl_433"; job_name = "rtl_433";
static_configs = [ static_configs = [
{ { targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.rtl_433.port}" ]; }
targets = [
"127.0.0.1:${
toString config.services.prometheus.exporters.rtl_433.port
}"
];
}
]; ];
} }
{ {
job_name = "box"; job_name = "box";
static_configs = [ static_configs = [
{ { targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ]; }
targets = [
"127.0.0.1:${
toString config.services.prometheus.exporters.node.port
}"
];
}
]; ];
} }
{ {
job_name = "faf"; job_name = "faf";
static_configs = [{ targets = [ "10.6.0.245:9002" ]; }]; static_configs = [ { targets = [ "10.6.0.245:9002" ]; } ];
} }
{ {
job_name = "h"; job_name = "h";
static_configs = [{ targets = [ "100.83.77.133:9002" ]; }]; static_configs = [ { targets = [ "100.83.77.133:9002" ]; } ];
} }
{ {
job_name = "pwntie"; job_name = "pwntie";
static_configs = [{ targets = [ "100.84.170.57:9002" ]; }]; static_configs = [ { targets = [ "100.84.170.57:9002" ]; } ];
} }
{ {
job_name = "namish"; job_name = "namish";
static_configs = [{ targets = [ "10.200.0.100:9100" ]; }]; static_configs = [ { targets = [ "10.200.0.100:9100" ]; } ];
} }
{ {
job_name = "nginx"; job_name = "nginx";
static_configs = [ static_configs = [
{ { targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.nginx.port}" ]; }
targets = [
"127.0.0.1:${
toString config.services.prometheus.exporters.nginx.port
}"
];
}
]; ];
} }
]; ];
@ -833,7 +845,9 @@ in
backup root@suah.dev:/var/www/ suah.dev/ backup root@suah.dev:/var/www/ suah.dev/
backup_exec date "+ backup of suah.dev ended at %c" backup_exec date "+ backup of suah.dev ended at %c"
''; '';
cronIntervals = { daily = "50 21 * * *"; }; cronIntervals = {
daily = "50 21 * * *";
};
}; };
libreddit = { libreddit = {
@ -877,9 +891,7 @@ in
sslCertificateKey = "${config.sops.secrets.invidious_key.path}"; sslCertificateKey = "${config.sops.secrets.invidious_key.path}";
sslCertificate = "${config.sops.secrets.invidious_cert.path}"; sslCertificate = "${config.sops.secrets.invidious_cert.path}";
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${ proxyPass = "http://127.0.0.1:${toString config.services.invidious.port}";
toString config.services.invidious.port
}";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
@ -941,9 +953,7 @@ in
sslCertificate = "${config.sops.secrets.books_cert.path}"; sslCertificate = "${config.sops.secrets.books_cert.path}";
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://localhost:${ proxyPass = "http://localhost:${toString config.services.calibre-web.listen.port}";
toString config.services.calibre-web.listen.port
}";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = '' extraConfig = ''
${httpAllow} ${httpAllow}
@ -1047,9 +1057,7 @@ in
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${ proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";
toString config.services.grafana.settings.server.http_port
}";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = '' extraConfig = ''
${httpAllow} ${httpAllow}
@ -1072,17 +1080,13 @@ in
end end
local sock = ngx.socket.tcp() local sock = ngx.socket.tcp()
local ok, err = sock:connect("127.0.0.1", ${ local ok, err = sock:connect("127.0.0.1", ${toString config.services.prometheus.port})
toString config.services.prometheus.port
})
if not ok then if not ok then
ngx.say("failed to connect to backend: ", err) ngx.say("failed to connect to backend: ", err)
return return
end end
local bytes = sock:send("GET /api/v1/query?query=wstation_temp_c HTTP/1.1\nHost: 127.0.0.1:${ local bytes = sock:send("GET /api/v1/query?query=wstation_temp_c HTTP/1.1\nHost: 127.0.0.1:${toString config.services.prometheus.port}\n\n")
toString config.services.prometheus.port
}\n\n")
sock:settimeouts(1000, 1000, 1000) sock:settimeouts(1000, 1000, 1000)
@ -1120,7 +1124,11 @@ in
host all all ::1/128 trust host all all ::1/128 trust
''; '';
ensureDatabases = [ "nextcloud" "gitea" "invidious" ]; ensureDatabases = [
"nextcloud"
"gitea"
"invidious"
];
ensureUsers = [ ensureUsers = [
{ {
name = "nextcloud"; name = "nextcloud";

View File

@ -1,10 +1,20 @@
{ ... }: { { ... }:
{
boot = { boot = {
initrd = { initrd = {
availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; availableKernelModules = [
"ehci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
kernelModules = [ ]; kernelModules = [ ];
}; };
kernelModules = [ "kvm-intel" "wireguard" ]; kernelModules = [
"kvm-intel"
"wireguard"
];
extraModulePackages = [ ]; extraModulePackages = [ ];
}; };
@ -72,5 +82,5 @@
}; };
}; };
swapDevices = [{ device = "/dev/disk/by-uuid/97d6ef56-ea18-493b-aac0-e58e773ced30"; }]; swapDevices = [ { device = "/dev/disk/by-uuid/97d6ef56-ea18-493b-aac0-e58e773ced30"; } ];
} }

View File

@ -1,6 +1,4 @@
{ pkgs { pkgs, ... }:
, ...
}:
let let
pubKeys = [ pubKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
@ -8,18 +6,14 @@ let
in in
{ {
_module.args.isUnstable = true; _module.args.isUnstable = true;
imports = [ imports = [ ./hardware-configuration.nix ];
./hardware-configuration.nix
];
hardware.rtl-sdr.enable = true; hardware.rtl-sdr.enable = true;
boot = { boot = {
loader.grub = { loader.grub = {
enable = true; enable = true;
devices = [ devices = [ "/dev/disk/by-id/wwn-0x5001b448be78d64a" ];
"/dev/disk/by-id/wwn-0x5001b448be78d64a"
];
}; };
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
}; };
@ -69,7 +63,11 @@ in
windowManager.xmonad = { windowManager.xmonad = {
enable = true; enable = true;
extraPackages = haskellPackages: with haskellPackages; [ xmonad-contrib hostname ]; extraPackages =
haskellPackages: with haskellPackages; [
xmonad-contrib
hostname
];
config = builtins.readFile ./xmonad.hs; config = builtins.readFile ./xmonad.hs;
}; };
}; };
@ -77,10 +75,16 @@ in
users = { users = {
users = { users = {
root = { openssh.authorizedKeys.keys = pubKeys; }; root = {
openssh.authorizedKeys.keys = pubKeys;
};
qbit = { qbit = {
openssh.authorizedKeys.keys = pubKeys; openssh.authorizedKeys.keys = pubKeys;
extraGroups = [ "dialout" "libvirtd" "plugdev" ]; extraGroups = [
"dialout"
"libvirtd"
"plugdev"
];
}; };
}; };
}; };

View File

@ -1,28 +1,35 @@
{ config, lib, modulesPath, ... }: {
config,
lib,
modulesPath,
...
}:
{ {
imports = imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = { boot = {
initrd = { initrd = {
availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "usb_storage" "ums_realtek" "sd_mod" ]; availableKernelModules = [
"uhci_hcd"
"ehci_pci"
"ahci"
"usb_storage"
"ums_realtek"
"sd_mod"
];
kernelModules = [ ]; kernelModules = [ ];
}; };
kernelModules = [ ]; kernelModules = [ ];
extraModulePackages = [ ]; extraModulePackages = [ ];
}; };
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/d97f80ac-63fe-43d3-a3f5-3c385a41a068";
device = "/dev/disk/by-uuid/d97f80ac-63fe-43d3-a3f5-3c385a41a068"; fsType = "ext4";
fsType = "ext4"; };
};
swapDevices = swapDevices = [ { device = "/dev/disk/by-uuid/b70a6cac-996e-4a05-a3d0-17c7acf90f08"; } ];
[{ device = "/dev/disk/by-uuid/b70a6cac-996e-4a05-a3d0-17c7acf90f08"; }];
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;

View File

@ -1,9 +1,10 @@
{ inputs {
, config inputs,
, pkgs config,
, lib pkgs,
, xinlib lib,
, ... xinlib,
...
}: }:
let let
inherit (inputs.stable.legacyPackages.${pkgs.system}) chirp beets; inherit (inputs.stable.legacyPackages.${pkgs.system}) chirp beets;
@ -13,21 +14,25 @@ let
# doomPrivateDir = ../../configs/doom.d; # doomPrivateDir = ../../configs/doom.d;
#}; #};
peerixUser = peerixUser =
if builtins.hasAttr "peerix" config.users.users if builtins.hasAttr "peerix" config.users.users then config.users.users.peerix.name else "root";
then config.users.users.peerix.name
else "root";
jobs = [ jobs = [
{ {
name = "brain"; name = "brain";
script = "cd ~/Brain && git sync"; script = "cd ~/Brain && git sync";
startAt = "*:0/2"; startAt = "*:0/2";
path = [ pkgs.git pkgs.git-sync ]; path = [
pkgs.git
pkgs.git-sync
];
} }
{ {
name = "org"; name = "org";
script = "(cd ~/org && git sync)"; script = "(cd ~/org && git sync)";
startAt = "*:0/5"; startAt = "*:0/5";
path = [ pkgs.git pkgs.git-sync ]; path = [
pkgs.git
pkgs.git-sync
];
} }
{ {
name = "taskobs"; name = "taskobs";
@ -40,7 +45,10 @@ in
{ {
_module.args.isUnstable = true; _module.args.isUnstable = true;
imports = [ ./hardware-configuration.nix ../../pkgs ]; imports = [
./hardware-configuration.nix
../../pkgs
];
sops.secrets = { sops.secrets = {
fastmail = { fastmail = {
@ -107,7 +115,10 @@ in
}; };
boot = { boot = {
binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ]; binfmt.emulatedSystems = [
"aarch64-linux"
"riscv64-linux"
];
initrd.systemd.enable = true; initrd.systemd.enable = true;
loader = { loader = {
systemd-boot.enable = true; systemd-boot.enable = true;
@ -116,9 +127,7 @@ in
efiSysMountPoint = "/boot/efi"; efiSysMountPoint = "/boot/efi";
}; };
}; };
kernelParams = [ kernelParams = [ "boot.shell_on_fail" ];
"boot.shell_on_fail"
];
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
}; };
@ -145,14 +154,21 @@ in
firewall = { firewall = {
enable = true; enable = true;
allowedTCPPorts = [ 22 ]; allowedTCPPorts = [ 22 ];
interfaces = { "tailscale0" = { allowedTCPPorts = [ 8384 ]; }; }; interfaces = {
"tailscale0" = {
allowedTCPPorts = [ 8384 ];
};
};
}; };
}; };
tsPeerix = { tsPeerix = {
enable = false; enable = false;
privateKeyFile = "${config.sops.secrets.peerix_private_key.path}"; privateKeyFile = "${config.sops.secrets.peerix_private_key.path}";
interfaces = [ "wlp170s0" "ztksevmpn3" ]; interfaces = [
"wlp170s0"
"ztksevmpn3"
];
}; };
programs = { programs = {
@ -175,7 +191,9 @@ in
}; };
}; };
services.xinCA = { enable = false; }; services.xinCA = {
enable = false;
};
services = { services = {
power-profiles-daemon.enable = false; power-profiles-daemon.enable = false;
@ -222,9 +240,16 @@ in
repositoryFile = "${config.sops.secrets.restic_remote_repo_file.path}"; repositoryFile = "${config.sops.secrets.restic_remote_repo_file.path}";
#repository = "https://europa@backup.bold.daemon:8484/"; #repository = "https://europa@backup.bold.daemon:8484/";
paths = [ "/home/qbit" "/var/lib/libvirt" ]; paths = [
"/home/qbit"
"/var/lib/libvirt"
];
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-yearly 4" ]; pruneOpts = [
"--keep-daily 7"
"--keep-weekly 5"
"--keep-yearly 4"
];
}; };
local = { local = {
initialize = true; initialize = true;
@ -232,9 +257,16 @@ in
environmentFile = "${config.sops.secrets.restic_env_file.path}"; environmentFile = "${config.sops.secrets.restic_env_file.path}";
passwordFile = "${config.sops.secrets.restic_password_file.path}"; passwordFile = "${config.sops.secrets.restic_password_file.path}";
paths = [ "/home/qbit" "/var/lib/libvirt" ]; paths = [
"/home/qbit"
"/var/lib/libvirt"
];
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-yearly 5" ]; pruneOpts = [
"--keep-daily 7"
"--keep-weekly 5"
"--keep-yearly 5"
];
}; };
}; };
}; };
@ -280,8 +312,7 @@ in
]; ];
systemd = { systemd = {
user.services = user.services = lib.listToAttrs (builtins.map jobToUserService jobs);
lib.listToAttrs (builtins.map jobToUserService jobs);
services = { services = {
"whytailscalewhy" = { "whytailscalewhy" = {
description = "Tailscale restart on resume"; description = "Tailscale restart on resume";
@ -305,7 +336,9 @@ in
]; ];
environment = { environment = {
etc."barrier.conf" = { text = readFile ../../configs/barrier.conf; }; etc."barrier.conf" = {
text = readFile ../../configs/barrier.conf;
};
sessionVariables = { sessionVariables = {
XDG_BIN_HOME = "\${HOME}/.local/bin"; XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_CACHE_HOME = "\${HOME}/.cache"; XDG_CACHE_HOME = "\${HOME}/.cache";
@ -377,8 +410,7 @@ in
(callPackage ../../pkgs/ttfs.nix { }) (callPackage ../../pkgs/ttfs.nix { })
(callPackage ../../pkgs/kobuddy.nix { (callPackage ../../pkgs/kobuddy.nix {
inherit pkgs; inherit pkgs;
inherit inherit (pkgs.python39Packages)
(pkgs.python39Packages)
buildPythonPackage buildPythonPackage
fetchPypi fetchPypi
setuptools-scm setuptools-scm

View File

@ -1,12 +1,17 @@
{ lib { lib, modulesPath, ... }:
, modulesPath {
, ...
}: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = { boot = {
initrd = { initrd = {
availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" ]; availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
"usb_storage"
"usbhid"
"sd_mod"
];
kernelModules = [ ]; kernelModules = [ ];
}; };
kernelModules = [ "kvm-intel" ]; kernelModules = [ "kvm-intel" ];
@ -27,14 +32,16 @@
}; };
boot.initrd.luks.devices."luks-1f16b568-7726-44b6-b082-6b9d5e4d1972".device = "/dev/disk/by-uuid/1f16b568-7726-44b6-b082-6b9d5e4d1972"; boot.initrd.luks.devices."luks-1f16b568-7726-44b6-b082-6b9d5e4d1972".device = "/dev/disk/by-uuid/1f16b568-7726-44b6-b082-6b9d5e4d1972";
boot.initrd.luks.devices."luks-1f16b568-7726-44b6-b082-6b9d5e4d1972".crypttabExtraOpts = [ "fido2-device=auto" ]; boot.initrd.luks.devices."luks-1f16b568-7726-44b6-b082-6b9d5e4d1972".crypttabExtraOpts = [
"fido2-device=auto"
];
fileSystems."/boot/efi" = { fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/F0A2-4A56"; device = "/dev/disk/by-uuid/F0A2-4A56";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [{ device = "/dev/disk/by-label/swap"; }]; swapDevices = [ { device = "/dev/disk/by-label/swap"; } ];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware = { hardware = {

View File

@ -30,10 +30,16 @@ in
interfaces.enp2s0.useDHCP = true; interfaces.enp2s0.useDHCP = true;
firewall = { firewall = {
allowedTCPPorts = [ 22 53 config.services.prometheus.exporters.node.port ]; allowedTCPPorts = [
22
53
config.services.prometheus.exporters.node.port
];
allowedUDPPorts = [ 53 ]; allowedUDPPorts = [ 53 ];
}; };
hosts = { "100.74.8.55" = [ "nix-binary-cache.otter-alligator.ts.net" ]; }; hosts = {
"100.74.8.55" = [ "nix-binary-cache.otter-alligator.ts.net" ];
};
}; };
users.users = { users.users = {

View File

@ -1,11 +1,13 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config {
, lib config,
, modulesPath lib,
, ... modulesPath,
}: { ...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = { boot = {
@ -73,6 +75,5 @@
swapDevices = [ ]; swapDevices = [ ];
hardware.cpu.intel.updateMicrocode = hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

View File

@ -1,28 +1,31 @@
{ config {
, pkgs config,
, isUnstable pkgs,
, inputs isUnstable,
, ... inputs,
...
}: }:
with pkgs; let with pkgs;
let
gqrss = callPackage ../../pkgs/gqrss.nix { inherit isUnstable; }; gqrss = callPackage ../../pkgs/gqrss.nix { inherit isUnstable; };
icbirc = callPackage ../../pkgs/icbirc.nix { inherit isUnstable; }; icbirc = callPackage ../../pkgs/icbirc.nix { inherit isUnstable; };
mcchunkie = callPackage ../../pkgs/mcchunkie.nix { inherit isUnstable; }; mcchunkie = callPackage ../../pkgs/mcchunkie.nix { inherit isUnstable; };
slidingSyncPkg = callPackage ../../pkgs/sliding-sync.nix { }; slidingSyncPkg = callPackage ../../pkgs/sliding-sync.nix { };
weepushover = weepushover = python3Packages.callPackage ../../pkgs/weepushover.nix { inherit pkgs; };
python3Packages.callPackage ../../pkgs/weepushover.nix { inherit pkgs; };
pgBackupDir = "/var/backups/postgresql"; pgBackupDir = "/var/backups/postgresql";
pubKeys = [ pubKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
]; ];
userBase = { openssh.authorizedKeys.keys = pubKeys; }; userBase = {
icbIrcTunnel = openssh.authorizedKeys.keys = pubKeys;
pkgs.writeScriptBin "icb-irc-tunnel" };
(import ../../bins/icb-irc-tunnel.nix { icbIrcTunnel = pkgs.writeScriptBin "icb-irc-tunnel" (
inherit pkgs; import ../../bins/icb-irc-tunnel.nix {
inherit icbirc; inherit pkgs;
}); inherit icbirc;
}
);
goModuleHost = "https://codeberg.org/qbit"; # "https://git.sr.ht/~qbit"; goModuleHost = "https://codeberg.org/qbit"; # "https://git.sr.ht/~qbit";
httpAllow = '' httpAllow = ''
allow 10.6.0.0/24; allow 10.6.0.0/24;
@ -38,18 +41,20 @@ with pkgs; let
matrixServer = "tapenet.org"; matrixServer = "tapenet.org";
matrixClientConfig = { matrixClientConfig = {
"m.homeserver".base_url = "https://${matrixServer}:443"; "m.homeserver".base_url = "https://${matrixServer}:443";
"org.matrix.msc3575.proxy" = { url = "https://${matrixServer}"; }; "org.matrix.msc3575.proxy" = {
url = "https://${matrixServer}";
};
};
matrixServerConfig = {
"m.server" = "${matrixServer}:443";
}; };
matrixServerConfig = { "m.server" = "${matrixServer}:443"; };
mkMatrixWellKnown = p: '' mkMatrixWellKnown = p: ''
return 200 '${builtins.toJSON p}'; return 200 '${builtins.toJSON p}';
''; '';
mkMatrixSliderLoc = { mkMatrixSliderLoc = {
proxyWebsockets = true; proxyWebsockets = true;
proxyPass = "http://${config.services.sliding-sync.address}:${ proxyPass = "http://${config.services.sliding-sync.address}:${toString config.services.sliding-sync.port}";
toString config.services.sliding-sync.port
}";
}; };
mkMatrixLoc = { mkMatrixLoc = {
proxyWebsockets = true; proxyWebsockets = true;
@ -58,9 +63,7 @@ with pkgs; let
in in
{ {
_module.args.isUnstable = false; _module.args.isUnstable = false;
imports = [ imports = [ ./hardware-configuration.nix ];
./hardware-configuration.nix
];
boot = { boot = {
loader.grub = { loader.grub = {
@ -84,9 +87,14 @@ in
nixpkgs.overlays = [ nixpkgs.overlays = [
(_: super: { (_: super: {
weechat = super.weechat.override { weechat = super.weechat.override {
configure = { ... }: { configure =
scripts = with super.weechatScripts; [ highmon weepushover ]; { ... }:
}; {
scripts = with super.weechatScripts; [
highmon
weepushover
];
};
}; };
}) })
]; ];
@ -140,7 +148,9 @@ in
sopsFile = config.xin-secrets.h.services; sopsFile = config.xin-secrets.h.services;
owner = config.users.users.gostart.name; owner = config.users.users.gostart.name;
}; };
wireguard_private_key = { sopsFile = config.xin-secrets.h.services; }; wireguard_private_key = {
sopsFile = config.xin-secrets.h.services;
};
pots_env_file = { pots_env_file = {
owner = config.users.users.pots.name; owner = config.users.users.pots.name;
mode = "400"; mode = "400";
@ -212,8 +222,21 @@ in
}; };
firewall = { firewall = {
interfaces = { "tailscale0" = { allowedTCPPorts = [ 9002 config.services.shiori.port ]; }; }; interfaces = {
allowedTCPPorts = [ 22 80 443 2222 53589 ]; "tailscale0" = {
allowedTCPPorts = [
9002
config.services.shiori.port
];
};
};
allowedTCPPorts = [
22
80
443
2222
53589
];
allowedUDPPorts = [ 7122 ]; allowedUDPPorts = [ 7122 ];
allowedUDPPortRanges = [ allowedUDPPortRanges = [
{ {
@ -281,7 +304,10 @@ in
matrix-synapse.after = [ "icbirc.service" ]; matrix-synapse.after = [ "icbirc.service" ];
icb-tunnel = { icb-tunnel = {
wantedBy = [ "network.target" ]; wantedBy = [ "network.target" ];
after = [ "network.target" "multi-user.target" ]; after = [
"network.target"
"multi-user.target"
];
serviceConfig = { serviceConfig = {
User = "qbit"; User = "qbit";
WorkingDirectory = "/home/qbit"; WorkingDirectory = "/home/qbit";
@ -314,7 +340,10 @@ in
loginAccounts = { loginAccounts = {
"qbit@suah.dev" = { "qbit@suah.dev" = {
hashedPasswordFile = "${config.sops.secrets.qbit_at_suah_pass_file.path}"; hashedPasswordFile = "${config.sops.secrets.qbit_at_suah_pass_file.path}";
aliases = [ "postmaster@suah.dev" "aaron@suah.dev" ]; aliases = [
"postmaster@suah.dev"
"aaron@suah.dev"
];
}; };
}; };
@ -380,7 +409,9 @@ in
enable = true; enable = true;
envFile = "${config.sops.secrets.pots_env_file.path}"; envFile = "${config.sops.secrets.pots_env_file.path}";
}; };
pr-status = { enable = true; }; pr-status = {
enable = true;
};
gostart = { gostart = {
enable = true; enable = true;
keyPath = "${config.sops.secrets.gostart.path}"; keyPath = "${config.sops.secrets.gostart.path}";
@ -419,7 +450,10 @@ in
protocol = "https"; protocol = "https";
storage-backend = "local"; storage-backend = "local";
storage-local-base-path = "/var/lib/gotosocial"; storage-local-base-path = "/var/lib/gotosocial";
trusted-proxies = [ "127.0.0.1/32" "23.29.118.0/24" ]; trusted-proxies = [
"127.0.0.1/32"
"23.29.118.0/24"
];
web-template-base-dir = "${config.services.gotosocial.package}/assets/web/template/"; web-template-base-dir = "${config.services.gotosocial.package}/assets/web/template/";
web-asset-base-dir = "${config.services.gotosocial.package}/assets/web/assets/"; web-asset-base-dir = "${config.services.gotosocial.package}/assets/web/assets/";
}; };
@ -431,8 +465,10 @@ in
http_listen_port = 3031; http_listen_port = 3031;
grpc_listen_port = 0; grpc_listen_port = 0;
}; };
positions = { filename = "/tmp/positions.yaml"; }; positions = {
clients = [{ url = "http://box.otter-alligator.ts.net:3030/loki/api/v1/push"; }]; filename = "/tmp/positions.yaml";
};
clients = [ { url = "http://box.otter-alligator.ts.net:3030/loki/api/v1/push"; } ];
scrape_configs = [ scrape_configs = [
{ {
job_name = "journal"; job_name = "journal";
@ -476,8 +512,7 @@ in
cron = { cron = {
enable = true; enable = true;
systemCronJobs = [ systemCronJobs = [
'' ''@hourly qbit (export GH_AUTH_TOKEN=$(cat /run/secrets/gqrss_token); cd /var/www/suah.dev/rss; ${gqrss}/bin/gqrss ; ${gqrss}/bin/gqrss -search "LibreSSL" -prefix libressl_ ) >/dev/null 2>&1''
@hourly qbit (export GH_AUTH_TOKEN=$(cat /run/secrets/gqrss_token); cd /var/www/suah.dev/rss; ${gqrss}/bin/gqrss ; ${gqrss}/bin/gqrss -search "LibreSSL" -prefix libressl_ ) >/dev/null 2>&1''
]; ];
}; };
@ -504,9 +539,15 @@ in
"/var/dkim" "/var/dkim"
]; ];
timerConfig = { OnCalendar = "00:05"; }; timerConfig = {
OnCalendar = "00:05";
};
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-yearly 10" ]; pruneOpts = [
"--keep-daily 7"
"--keep-weekly 5"
"--keep-yearly 10"
];
}; };
}; };
}; };
@ -548,7 +589,11 @@ in
''; '';
upstreams = { upstreams = {
"ssh_gitea" = { servers = { "192.168.112.4:2222" = { }; }; }; "ssh_gitea" = {
servers = {
"192.168.112.4:2222" = { };
};
};
}; };
streamConfig = '' streamConfig = ''
@ -574,7 +619,6 @@ in
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
root = "/var/www/bolddaemon.com"; root = "/var/www/bolddaemon.com";
}; };
"notes.suah.dev" = { "notes.suah.dev" = {
forceSSL = true; forceSSL = true;
@ -753,27 +797,26 @@ in
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
extraConfig = extraConfig =
if config.services.gotosocial.package.version == "0.7.1" if config.services.gotosocial.package.version == "0.7.1" then
then '' ''
# TODO: This can be removed next release # TODO: This can be removed next release
# https://github.com/superseriousbusiness/gotosocial/issues/1419 # https://github.com/superseriousbusiness/gotosocial/issues/1419
# Workaround for missing API + Ice Cubes # Workaround for missing API + Ice Cubes
location ~ ^/api/v1/accounts/[0-9A-Z]+/featured_tags { location ~ ^/api/v1/accounts/[0-9A-Z]+/featured_tags {
default_type application/json; default_type application/json;
return 200 '[]'; return 200 '[]';
} }
'' ''
else ""; else
"";
locations."/" = { locations."/" = {
extraConfig = '' extraConfig = ''
proxy_pass http://127.0.0.1:${ proxy_pass http://127.0.0.1:${toString config.services.gotosocial.configuration.port};
toString config.services.gotosocial.configuration.port proxy_set_header Host $host;
}; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host; proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade; proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "upgrade"; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
''; '';
}; };
}; };
@ -788,65 +831,64 @@ in
root = "/var/www/rss.bolddaemon.com"; root = "/var/www/rss.bolddaemon.com";
locations."/" = { locations."/" = {
proxyWebsockets = true; proxyWebsockets = true;
proxyPass = "http://${config.services.yarr.address}:${ proxyPass = "http://${config.services.yarr.address}:${toString config.services.yarr.port}";
toString config.services.yarr.port
}";
}; };
}; };
"tapenet.org" = { "tapenet.org" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
root = "/var/www/tapenet.org"; root = "/var/www/tapenet.org";
locations = { locations =
"/.well-known/webfinger" = { {
extraConfig = '' "/.well-known/webfinger" = {
default_type 'application/json'; extraConfig = ''
default_type 'application/json';
content_by_lua_block { content_by_lua_block {
local acct = ngx.unescape_uri(ngx.var.arg_resource) local acct = ngx.unescape_uri(ngx.var.arg_resource)
local json = '${builtins.toJSON { local json = '${
subject = "%s"; builtins.toJSON {
links = [ subject = "%s";
{ links = [
rel = "http://openid.net/specs/connect/1.0/issuer"; {
href = "https://git.tapenet.org/"; rel = "http://openid.net/specs/connect/1.0/issuer";
href = "https://git.tapenet.org/";
}
];
} }
]; }';
}}'; local newjson, n, err = ngx.re.sub(json, "%s", acct)
local newjson, n, err = ngx.re.sub(json, "%s", acct) if not err then
if not err then ngx.say(newjson)
ngx.say(newjson) else
else ngx.say("")
ngx.say("") end
end return
return }
'';
};
}
// (
if config.services.sliding-sync.enable then
{
"/.well-known/matrix/client".extraConfig = mkMatrixWellKnown matrixClientConfig;
"/.well-known/matrix/server".extraConfig = mkMatrixWellKnown matrixServerConfig;
"/client" = mkMatrixSliderLoc;
"/_matrix/client/unstable/org.matrix.msc3575/sync" = mkMatrixSliderLoc;
"/_matrix" = mkMatrixLoc;
"/_synapse/client" = mkMatrixLoc;
} }
''; else
}; {
} "/.well-known/matrix/client".extraConfig = mkMatrixWellKnown matrixClientConfig;
// (if config.services.sliding-sync.enable "/.well-known/matrix/server".extraConfig = mkMatrixWellKnown matrixServerConfig;
then {
"/.well-known/matrix/client".extraConfig =
mkMatrixWellKnown matrixClientConfig;
"/.well-known/matrix/server".extraConfig =
mkMatrixWellKnown matrixServerConfig;
"/client" = mkMatrixSliderLoc; "/_matrix" = mkMatrixLoc;
"/_matrix/client/unstable/org.matrix.msc3575/sync" = "/_synapse/client" = mkMatrixLoc;
mkMatrixSliderLoc; }
);
"/_matrix" = mkMatrixLoc;
"/_synapse/client" = mkMatrixLoc;
}
else {
"/.well-known/matrix/client".extraConfig =
mkMatrixWellKnown matrixClientConfig;
"/.well-known/matrix/server".extraConfig =
mkMatrixWellKnown matrixServerConfig;
"/_matrix" = mkMatrixLoc;
"/_synapse/client" = mkMatrixLoc;
});
}; };
}; };
}; };
@ -876,11 +918,14 @@ in
LC_COLLATE = "C" LC_COLLATE = "C"
LC_CTYPE = "C"; LC_CTYPE = "C";
''; '';
ensureDatabases = [ "synapse" "gotosocial" "syncv3" "wallabag" ]; ensureDatabases = [
"synapse"
"gotosocial"
"syncv3"
"wallabag"
];
ensureUsers = [ ensureUsers = [
{ { name = "synapse_user"; }
name = "synapse_user";
}
{ {
name = "gotosocial"; name = "gotosocial";
ensureDBOwnership = true; ensureDBOwnership = true;
@ -953,9 +998,7 @@ in
signing_key_path = "${config.sops.secrets.synapse_signing_key.path}"; signing_key_path = "${config.sops.secrets.synapse_signing_key.path}";
url_preview_enabled = false; url_preview_enabled = false;
plugins = with config.services.matrix-synapse.package.plugins; [ matrix-synapse-mjolnir-antispam ]; plugins = with config.services.matrix-synapse.package.plugins; [ matrix-synapse-mjolnir-antispam ];
app_service_config_files = [ app_service_config_files = [ "/var/lib/heisenbridge/registration.yml" ];
"/var/lib/heisenbridge/registration.yml"
];
database = { database = {
name = "psycopg2"; name = "psycopg2";
args = { args = {
@ -986,6 +1029,5 @@ in
}; };
}; };
system.stateVersion = "22.11"; system.stateVersion = "22.11";
} }

View File

@ -1,16 +1,23 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config {
, lib config,
, modulesPath lib,
, ... modulesPath,
}: { ...
}:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = { boot = {
initrd = { initrd = {
availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" ]; availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"sd_mod"
];
kernelModules = [ ]; kernelModules = [ ];
}; };
kernelModules = [ "wireguard" ]; kernelModules = [ "wireguard" ];
@ -22,8 +29,7 @@
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = [{ device = "/dev/disk/by-uuid/610a3dbc-59d5-4e5b-b5de-b31402135d44"; }]; swapDevices = [ { device = "/dev/disk/by-uuid/610a3dbc-59d5-4e5b-b5de-b31402135d44"; } ];
hardware.cpu.intel.updateMicrocode = hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

View File

@ -4,7 +4,9 @@ let
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPMaAm4rDxyU975Z54YiNw3itC2fGc3SaE2VaS1fai8 root@box" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPMaAm4rDxyU975Z54YiNw3itC2fGc3SaE2VaS1fai8 root@box"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq"
]; ];
userBase = { openssh.authorizedKeys.keys = pubKeys; }; userBase = {
openssh.authorizedKeys.keys = pubKeys;
};
in in
{ {
_module.args.isUnstable = false; _module.args.isUnstable = false;

View File

@ -1,8 +1,10 @@
{ config {
, lib config,
, modulesPath lib,
, ... modulesPath,
}: { ...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = { boot = {
@ -28,7 +30,7 @@
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = [{ device = "/dev/disk/by-uuid/53f8fb0f-1fd8-4785-9278-343b525a23be"; }]; swapDevices = [ { device = "/dev/disk/by-uuid/53f8fb0f-1fd8-4785-9278-343b525a23be"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
@ -40,6 +42,5 @@
# networking.interfaces.eno3.useDHCP = lib.mkDefault true; # networking.interfaces.eno3.useDHCP = lib.mkDefault true;
# networking.interfaces.eno4.useDHCP = lib.mkDefault true; # networking.interfaces.eno4.useDHCP = lib.mkDefault true;
hardware.cpu.intel.updateMicrocode = hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

View File

@ -1,7 +1,8 @@
{ config {
, pkgs config,
, lib pkgs,
, ... lib,
...
}: }:
let let
pubKeys = [ pubKeys = [
@ -17,7 +18,10 @@ in
imports = [ ./hardware-configuration.nix ]; imports = [ ./hardware-configuration.nix ];
boot = { boot = {
initrd.availableKernelModules = [ "usbhid" "usb_storage" ]; initrd.availableKernelModules = [
"usbhid"
"usb_storage"
];
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
kernelModules = [ "raspberrypi_ts" ]; kernelModules = [ "raspberrypi_ts" ];
loader = { loader = {
@ -28,13 +32,17 @@ in
networking = { networking = {
hostName = "octo"; hostName = "octo";
networkmanager = { enable = true; }; networkmanager = {
enable = true;
};
wireless.userControlled.enable = true; wireless.userControlled.enable = true;
}; };
preDNS.enable = false; preDNS.enable = false;
systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart = systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart = lib.mkForce [
lib.mkForce [ "" "${pkgs.networkmanager}/bin/nm-online -q" ]; ""
"${pkgs.networkmanager}/bin/nm-online -q"
];
users.users = { users.users = {
root = userBase; root = userBase;

View File

@ -1,4 +1,5 @@
{ ... }: { { ... }:
{
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/disk/by-label/NIXOS_SD"; device = "/dev/disk/by-label/NIXOS_SD";

View File

@ -1,6 +1,4 @@
{ pkgs { pkgs, ... }:
, ...
}:
let let
pubKeys = [ pubKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
@ -8,9 +6,7 @@ let
in in
{ {
_module.args.isUnstable = true; _module.args.isUnstable = true;
imports = [ imports = [ ./hardware-configuration.nix ];
./hardware-configuration.nix
];
hardware = { hardware = {
rtl-sdr.enable = true; rtl-sdr.enable = true;
@ -32,7 +28,10 @@ in
"video=DSI-1:panel_orientation=right_side_up" "video=DSI-1:panel_orientation=right_side_up"
]; ];
kernelModules = [ "btusb" "kvm-intel" ]; kernelModules = [
"btusb"
"kvm-intel"
];
initrd = { initrd = {
kernelModules = [ kernelModules = [
@ -53,7 +52,6 @@ in
"rtsx_pci_sdmmc" "rtsx_pci_sdmmc"
]; ];
}; };
}; };
nixpkgs.config.allowUnsupportedSystem = true; nixpkgs.config.allowUnsupportedSystem = true;
@ -85,13 +83,15 @@ in
services = { services = {
xserver = { xserver = {
dpi = 200; dpi = 200;
xrandrHeads = [{ xrandrHeads = [
output = "DSI-1"; {
primary = true; output = "DSI-1";
monitorConfig = '' primary = true;
Option "Rotate" "right" monitorConfig = ''
''; Option "Rotate" "right"
}]; '';
}
];
}; };
power-profiles-daemon.enable = false; power-profiles-daemon.enable = false;
tlp = { tlp = {
@ -110,10 +110,16 @@ in
users = { users = {
users = { users = {
root = { openssh.authorizedKeys.keys = pubKeys; }; root = {
openssh.authorizedKeys.keys = pubKeys;
};
qbit = { qbit = {
openssh.authorizedKeys.keys = pubKeys; openssh.authorizedKeys.keys = pubKeys;
extraGroups = [ "dialout" "libvirtd" "plugdev" ]; extraGroups = [
"dialout"
"libvirtd"
"plugdev"
];
}; };
}; };
}; };

View File

@ -1,35 +1,42 @@
{ config, lib, modulesPath, ... }: {
config,
lib,
modulesPath,
...
}:
{ {
imports = imports = [
[ (modulesPath + "/hardware/network/broadcom-43xx.nix")
(modulesPath + "/hardware/network/broadcom-43xx.nix") (modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/installer/scan/not-detected.nix") ];
];
boot = { boot = {
initrd = { initrd = {
availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi" ]; availableKernelModules = [
"xhci_pci"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_acpi"
];
kernelModules = [ ]; kernelModules = [ ];
}; };
kernelModules = [ "kvm-intel" ]; kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ]; extraModulePackages = [ ];
}; };
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/aa1b622f-2bce-4c7d-b344-8d11a73d738a";
device = "/dev/disk/by-uuid/aa1b622f-2bce-4c7d-b344-8d11a73d738a"; fsType = "ext4";
fsType = "ext4"; };
};
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/03B6-6D57";
device = "/dev/disk/by-uuid/03B6-6D57"; fsType = "vfat";
fsType = "vfat"; };
};
swapDevices = swapDevices = [ { device = "/dev/disk/by-uuid/34eac254-010b-4759-a868-08e68d22a69c"; } ];
[{ device = "/dev/disk/by-uuid/34eac254-010b-4759-a868-08e68d22a69c"; }];
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;

View File

@ -1,16 +1,20 @@
{ pkgs {
, lib pkgs,
, isUnstable lib,
, ... isUnstable,
...
}: }:
let let
secretAgent = "Contents/Library/LoginItems/SecretAgent.app/Contents/MacOS/SecretAgent"; secretAgent = "Contents/Library/LoginItems/SecretAgent.app/Contents/MacOS/SecretAgent";
rage = rage = pkgs.writeScriptBin "rage" (import ../../bins/rage.nix { inherit pkgs; });
pkgs.writeScriptBin "rage" (import ../../bins/rage.nix { inherit pkgs; });
in in
{ {
_module.args.isUnstable = false; _module.args.isUnstable = false;
imports = [ ../../configs/tmux.nix ../../configs/zsh.nix ../../bins ]; imports = [
../../configs/tmux.nix
../../configs/zsh.nix
../../bins
];
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
@ -59,10 +63,7 @@ in
nixpkgs.config = { nixpkgs.config = {
allowUnfree = true; allowUnfree = true;
allowUnfreePredicate = pkg: allowUnfreePredicate = pkg: builtins.elm (lib.getName pkg) [ "obsidian" ];
builtins.elm (lib.getName pkg) [
"obsidian"
];
}; };
environment.variables = { environment.variables = {

View File

@ -1,7 +1,4 @@
{ pkgs { pkgs, config, ... }:
, config
, ...
}:
let let
#myEmacs = pkgs.callPackage ../../configs/emacs.nix { }; #myEmacs = pkgs.callPackage ../../configs/emacs.nix { };
pubKeys = [ pubKeys = [
@ -10,9 +7,7 @@ let
in in
{ {
_module.args.isUnstable = false; _module.args.isUnstable = false;
imports = [ imports = [ ./hardware-configuration.nix ];
./hardware-configuration.nix
];
hardware.rtl-sdr.enable = true; hardware.rtl-sdr.enable = true;
@ -27,7 +22,10 @@ in
}; };
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ]; binfmt.emulatedSystems = [
"aarch64-linux"
"riscv64-linux"
];
}; };
nixpkgs.config.allowUnsupportedSystem = true; nixpkgs.config.allowUnsupportedSystem = true;
@ -135,10 +133,17 @@ in
users = { users = {
users = { users = {
root = { openssh.authorizedKeys.keys = pubKeys; }; root = {
openssh.authorizedKeys.keys = pubKeys;
};
qbit = { qbit = {
openssh.authorizedKeys.keys = pubKeys; openssh.authorizedKeys.keys = pubKeys;
extraGroups = [ "dialout" "libvirtd" "docker" "plugdev" ]; extraGroups = [
"dialout"
"libvirtd"
"docker"
"plugdev"
];
}; };
}; };
}; };

View File

@ -1,15 +1,24 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config {
, lib config,
, modulesPath lib,
, ... modulesPath,
}: { ...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = { boot = {
initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
initrd.kernelModules = [ ]; initrd.kernelModules = [ ];
kernelModules = [ "kvm-amd" ]; kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ]; extraModulePackages = [ ];
@ -27,7 +36,7 @@
}; };
}; };
swapDevices = [{ device = "/dev/disk/by-uuid/e14ac85b-d7b0-4a76-b9ab-a2c61fd67a5d"; }]; swapDevices = [ { device = "/dev/disk/by-uuid/e14ac85b-d7b0-4a76-b9ab-a2c61fd67a5d"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
@ -37,7 +46,6 @@
# networking.interfaces.enp10s0.useDHCP = lib.mkDefault true; # networking.interfaces.enp10s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
lib.mkDefault config.hardware.enableRedistributableFirmware;
# high-resolution display # high-resolution display
} }

View File

@ -1,17 +1,17 @@
{ config {
, pkgs config,
, lib pkgs,
, ... lib,
...
}: }:
let let
inherit inherit (builtins)
(builtins)
head head
concatStringsSep concatStringsSep
attrValues attrValues
mapAttrs mapAttrs
attrNames attrNames
;# hasAttr; ; # hasAttr;
inherit (lib.attrsets) filterAttrsRecursive filterAttrs; inherit (lib.attrsets) filterAttrsRecursive filterAttrs;
pubKeys = [ pubKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
@ -22,9 +22,14 @@ let
wan = "enp5s0f0"; wan = "enp5s0f0";
trunk = "enp5s0f1"; trunk = "enp5s0f1";
dnsServers = [ "45.90.28.147" "45.90.30.147" ]; dnsServers = [
"45.90.28.147"
"45.90.30.147"
];
interfaces = { interfaces = {
"${wan}" = { useDHCP = true; }; "${wan}" = {
useDHCP = true;
};
"${trunk}" = rec { "${trunk}" = rec {
ipv4.addresses = [ ipv4.addresses = [
{ {
@ -302,7 +307,10 @@ let
in in
{ {
_module.args.isUnstable = false; _module.args.isUnstable = false;
imports = [ ./hardware-configuration.nix ../../modules/tsvnstat.nix ]; imports = [
./hardware-configuration.nix
../../modules/tsvnstat.nix
];
boot.kernel.sysctl = { boot.kernel.sysctl = {
"net.ipv4.conf.all.forwarding" = true; "net.ipv4.conf.all.forwarding" = true;
@ -464,7 +472,7 @@ in
{ {
name = "common"; name = "common";
advertise = true; advertise = true;
prefix = [{ prefix = "::/64"; }]; prefix = [ { prefix = "::/64"; } ];
} }
]; ];
}; };
@ -478,9 +486,7 @@ in
extraOptions = [ extraOptions = [
"--verbose=9" "--verbose=9"
"--trace" "--trace"
"--bind-address ${ "--bind-address ${(head config.networking.interfaces.lab.ipv4.addresses).address}"
(head config.networking.interfaces.lab.ipv4.addresses).address
}"
]; ];
}; };
@ -490,32 +496,45 @@ in
option subnet-mask 255.255.255.0; option subnet-mask 255.255.255.0;
option domain-name-servers ${concatStringsSep ", " dnsServers}; option domain-name-servers ${concatStringsSep ", " dnsServers};
${concatStringsSep "\n" (attrValues (mapAttrs (intf: val: '' ${concatStringsSep "\n" (
# ${intf} : ${val.info.description} attrValues (
subnet ${val.info.net} netmask ${val.info.netmask} { mapAttrs
option routers ${val.info.router}; (intf: val: ''
range ${val.info.dhcp.start} ${val.info.dhcp.end}; # ${intf} : ${val.info.description}
subnet ${val.info.net} netmask ${val.info.netmask} {
option routers ${val.info.router};
range ${val.info.dhcp.start} ${val.info.dhcp.end};
${ ${
concatStringsSep "\n" (map (e: '' concatStringsSep "\n" (
host ${e.name} { map
hardware ethernet ${e.mac}; (e: ''
fixed-address ${e.address}; host ${e.name} {
hardware ethernet ${e.mac};
fixed-address ${e.address};
}
'')
val.info.dhcp.staticIPs
)
}
} }
'') '')
val.info.dhcp.staticIPs) (filterAttrsRecursive (n: _: n != "${wan}") interfaces)
} )
} )}
'') (filterAttrsRecursive (n: _: n != "${wan}") interfaces)))}
''; '';
interfaces = interfaces = attrNames (
attrNames (filterAttrs (_: v: v.info.dhcp.enable) filterAttrs (_: v: v.info.dhcp.enable) (filterAttrsRecursive (n: _: n != "${wan}") interfaces)
(filterAttrsRecursive (n: _: n != "${wan}") interfaces)); );
# TODO: Probably a better way to pre-filter the interfaces set # TODO: Probably a better way to pre-filter the interfaces set
}; };
}; };
environment.systemPackages = with pkgs; [ bmon termshark tcpdump ]; environment.systemPackages = with pkgs; [
bmon
termshark
tcpdump
];
users.users.root = userBase; users.users.root = userBase;
users.users.qbit = userBase; users.users.qbit = userBase;

View File

@ -1,11 +1,13 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config {
, lib config,
, modulesPath lib,
, ... modulesPath,
}: { ...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.loader.grub = { boot.loader.grub = {
@ -16,10 +18,21 @@
boot = { boot = {
initrd = { initrd = {
availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" ]; availableKernelModules = [
"ehci_pci"
"ahci"
"xhci_pci"
"usb_storage"
"usbhid"
"sd_mod"
];
kernelModules = [ ]; kernelModules = [ ];
}; };
kernelModules = [ "nf_tables" "nf_tables_ipv6" "nf_conntrack_tftp" ]; kernelModules = [
"nf_tables"
"nf_tables_ipv6"
"nf_conntrack_tftp"
];
extraModulePackages = [ ]; extraModulePackages = [ ];
}; };
@ -30,6 +43,5 @@
swapDevices = [ ]; swapDevices = [ ];
hardware.cpu.intel.updateMicrocode = hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

View File

@ -1,7 +1,4 @@
{ config { config, pkgs, ... }:
, pkgs
, ...
}:
let let
inherit (pkgs.vscode-utils) buildVscodeMarketplaceExtension; inherit (pkgs.vscode-utils) buildVscodeMarketplaceExtension;
testingMode = true; testingMode = true;
@ -16,13 +13,11 @@ let
openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys; openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys;
}; };
peerixUser = peerixUser =
if builtins.hasAttr "peerix" config.users.users if builtins.hasAttr "peerix" config.users.users then config.users.users.peerix.name else "root";
then config.users.users.peerix.name
else "root";
#doom-emacs = inputs.nix-doom-emacs.packages.${pkgs.system}.default.override {
# doomPrivateDir = ../../configs/doom.d;
#};
in in
#doom-emacs = inputs.nix-doom-emacs.packages.${pkgs.system}.default.override {
# doomPrivateDir = ../../configs/doom.d;
#};
{ {
_module.args.isUnstable = true; _module.args.isUnstable = true;
imports = [ ./hardware-configuration.nix ]; imports = [ ./hardware-configuration.nix ];
@ -37,7 +32,9 @@ in
initrd = { initrd = {
luks.devices."luks-23b20980-eb1e-4390-b706-f0f42a623ddf".device = "/dev/disk/by-uuid/23b20980-eb1e-4390-b706-f0f42a623ddf"; luks.devices."luks-23b20980-eb1e-4390-b706-f0f42a623ddf".device = "/dev/disk/by-uuid/23b20980-eb1e-4390-b706-f0f42a623ddf";
luks.devices."luks-23b20980-eb1e-4390-b706-f0f42a623ddf".keyFile = "/crypto_keyfile.bin"; luks.devices."luks-23b20980-eb1e-4390-b706-f0f42a623ddf".keyFile = "/crypto_keyfile.bin";
secrets = { "/crypto_keyfile.bin" = null; }; secrets = {
"/crypto_keyfile.bin" = null;
};
}; };
kernelParams = [ "intel_idle.max_cstate=4" ]; kernelParams = [ "intel_idle.max_cstate=4" ];
kernelPackages = pkgs.linuxPackages; kernelPackages = pkgs.linuxPackages;
@ -101,9 +98,18 @@ in
hosts = { hosts = {
"172.16.30.253" = [ "proxmox-02.vm.calyptix.local" ]; "172.16.30.253" = [ "proxmox-02.vm.calyptix.local" ];
"127.0.0.1" = [ "borg.calyptix.dev" "localhost" ]; "127.0.0.1" = [
"192.168.122.249" = [ "arst.arst" "vm" ]; "borg.calyptix.dev"
"192.168.8.194" = [ "router.arst" "router" ]; "localhost"
];
"192.168.122.249" = [
"arst.arst"
"vm"
];
"192.168.8.194" = [
"router.arst"
"router"
];
}; };
networkmanager.enable = true; networkmanager.enable = true;
@ -114,7 +120,6 @@ in
}; };
}; };
i18n.defaultLocale = "en_US.utf8"; i18n.defaultLocale = "en_US.utf8";
kde.enable = true; kde.enable = true;
@ -152,14 +157,16 @@ in
}; };
users.users.root = userBase; users.users.root = userBase;
users.users.abieber = users.users.abieber = {
{ isNormalUser = true;
isNormalUser = true; description = "Aaron Bieber";
description = "Aaron Bieber"; shell = pkgs.zsh;
shell = pkgs.zsh; extraGroups = [
extraGroups = [ "networkmanager" "wheel" "libvirtd" ]; "networkmanager"
} "wheel"
// userBase; "libvirtd"
];
} // userBase;
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
@ -261,7 +268,10 @@ in
tsPeerix = { tsPeerix = {
enable = false; enable = false;
privateKeyFile = "${config.sops.secrets.peerix_private_key.path}"; privateKeyFile = "${config.sops.secrets.peerix_private_key.path}";
interfaces = [ "wlp170s0" "ztksevmpn3" ]; interfaces = [
"wlp170s0"
"ztksevmpn3"
];
}; };
services = { services = {
@ -275,7 +285,11 @@ in
paths = [ "/home/abieber" ]; paths = [ "/home/abieber" ];
pruneOpts = [ "--keep-daily 7" "--keep-weekly 2" "--keep-monthly 2" ]; pruneOpts = [
"--keep-daily 7"
"--keep-weekly 2"
"--keep-monthly 2"
];
}; };
}; };
}; };
@ -299,7 +313,6 @@ in
}; };
}; };
system.autoUpgrade.allowReboot = false; system.autoUpgrade.allowReboot = false;
system.stateVersion = "22.05"; # Did you read the comment? system.stateVersion = "22.05"; # Did you read the comment?
} }

View File

@ -1,13 +1,21 @@
{ pkgs {
, lib pkgs,
, modulesPath lib,
, ... modulesPath,
}: { ...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = { boot = {
initrd = { initrd = {
availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
"usb_storage"
"sd_mod"
];
kernelModules = [ ]; kernelModules = [ ];
luks.devices."luks-e12e4b82-6f9e-4f80-b3f4-7e9a248e7827".device = "/dev/disk/by-uuid/e12e4b82-6f9e-4f80-b3f4-7e9a248e7827"; luks.devices."luks-e12e4b82-6f9e-4f80-b3f4-7e9a248e7827".device = "/dev/disk/by-uuid/e12e4b82-6f9e-4f80-b3f4-7e9a248e7827";
}; };
@ -34,7 +42,8 @@
"x-systemd.automount" "x-systemd.automount"
(builtins.replaceStrings [ " " ] [ "\\040" ] (builtins.replaceStrings [ " " ] [ "\\040" ]
"ssh_command=${pkgs.openssh}/bin/ssh -F /home/abieber/.ssh/config") "ssh_command=${pkgs.openssh}/bin/ssh -F /home/abieber/.ssh/config"
)
"reconnect" "reconnect"
"allow_other" "allow_other"
"cache=yes" "cache=yes"
@ -46,8 +55,7 @@
}; };
}; };
swapDevices = [ { device = "/dev/disk/by-uuid/85a3b559-0c0f-485d-9107-9f6ba5ad31da"; } ];
swapDevices = [{ device = "/dev/disk/by-uuid/85a3b559-0c0f-485d-9107-9f6ba5ad31da"; }];
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;

View File

@ -1,7 +1,8 @@
{ config {
, pkgs config,
, lib pkgs,
, ... lib,
...
}: }:
let let
pubKeys = [ pubKeys = [
@ -22,9 +23,19 @@ in
programs = { } // firefox.programs; programs = { } // firefox.programs;
boot = { boot = {
initrd.availableKernelModules = [ "usbhid" "usb_storage" "vc4" "rtc-ds3232" "rtc-ds1307" ]; initrd.availableKernelModules = [
"usbhid"
"usb_storage"
"vc4"
"rtc-ds3232"
"rtc-ds1307"
];
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
kernelModules = [ "raspberrypi_ts" "rtc-ds3232" "rtc-ds1307" ]; kernelModules = [
"raspberrypi_ts"
"rtc-ds3232"
"rtc-ds1307"
];
loader = { loader = {
grub.enable = false; grub.enable = false;
generic-extlinux-compatible.enable = true; generic-extlinux-compatible.enable = true;
@ -33,7 +44,9 @@ in
networking = { networking = {
hostName = "weather"; hostName = "weather";
networkmanager = { enable = true; }; networkmanager = {
enable = true;
};
wireless.userControlled.enable = true; wireless.userControlled.enable = true;
hosts."100.120.151.126" = [ "graph.tapenet.org" ]; hosts."100.120.151.126" = [ "graph.tapenet.org" ];
}; };
@ -46,8 +59,10 @@ in
}; };
preDNS.enable = false; preDNS.enable = false;
systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart = systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart = lib.mkForce [
lib.mkForce [ "" "${pkgs.networkmanager}/bin/nm-online -q" ]; ""
"${pkgs.networkmanager}/bin/nm-online -q"
];
services.xserver = { services.xserver = {
enable = true; enable = true;

View File

@ -1,4 +1,5 @@
{ ... }: { { ... }:
{
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/disk/by-label/NIXOS_SD"; device = "/dev/disk/by-label/NIXOS_SD";

View File

@ -1,7 +1,8 @@
{ config {
, pkgs config,
, lib pkgs,
, ... lib,
...
}: }:
let let
pubKeys = [ pubKeys = [
@ -14,9 +15,7 @@ let
in in
{ {
_module.args.isUnstable = false; _module.args.isUnstable = false;
imports = [ imports = [ ./hardware-configuration.nix ];
./hardware-configuration.nix
];
defaultUsers.enable = false; defaultUsers.enable = false;
@ -35,7 +34,9 @@ in
networking = { networking = {
hostName = "wzero"; hostName = "wzero";
networkmanager = { enable = true; }; networkmanager = {
enable = true;
};
wireless.userControlled.enable = true; wireless.userControlled.enable = true;
hosts."100.120.151.126" = [ "graph.tapenet.org" ]; hosts."100.120.151.126" = [ "graph.tapenet.org" ];
}; };

View File

@ -1,4 +1,5 @@
{ pkgs, ... }: { { pkgs, ... }:
{
hardware = { hardware = {
deviceTree = { deviceTree = {
enable = true; enable = true;
@ -7,8 +8,6 @@
enableRedistributableFirmware = true; enableRedistributableFirmware = true;
i2c.enable = true; i2c.enable = true;
firmware = with pkgs; [ firmware = with pkgs; [ raspberrypiWirelessFirmware ];
raspberrypiWirelessFirmware
];
}; };
} }

View File

@ -39,20 +39,30 @@ in
layout = "us"; layout = "us";
xkbVariant = "colemak"; xkbVariant = "colemak";
}; };
console = { keyMap = "colemak"; }; console = {
keyMap = "colemak";
};
users.users = { users.users = {
qbit = { qbit = {
isNormalUser = true; isNormalUser = true;
description = "Aaron Bieber"; description = "Aaron Bieber";
extraGroups = [ "networkmanager" "wheel" ]; extraGroups = [
"networkmanager"
"wheel"
];
packages = [ ]; packages = [ ];
}; };
root = { openssh.authorizedKeys.keys = pubKeys; }; root = {
openssh.authorizedKeys.keys = pubKeys;
};
}; };
# neovim will overwrite my neovim!! # neovim will overwrite my neovim!!
environment.systemPackages = with pkgs; [ neovim jq ]; environment.systemPackages = with pkgs; [
neovim
jq
];
services.openssh = { services.openssh = {
enable = true; enable = true;

View File

@ -1,13 +1,18 @@
{ config {
, lib config,
, pkgs lib,
, ... pkgs,
...
}: }:
let let
managementKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDM2k2C6Ufx5RNf4qWA9BdQHJfAkskOaqEWf8yjpySwH Nix Manager"; managementKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDM2k2C6Ufx5RNf4qWA9BdQHJfAkskOaqEWf8yjpySwH Nix Manager";
in in
{ {
imports = [ ./configs/colemak.nix ./configs/tmux.nix ./configs/neovim.nix ]; imports = [
./configs/colemak.nix
./configs/tmux.nix
./configs/neovim.nix
];
options.myconf = { options.myconf = {
hwPubKeys = lib.mkOption rec { hwPubKeys = lib.mkOption rec {
@ -103,7 +108,10 @@ in
boot.tmp.cleanOnBoot = true; boot.tmp.cleanOnBoot = true;
environment = { environment = {
systemPackages = with pkgs; [ apg inetutils ]; systemPackages = with pkgs; [
apg
inetutils
];
interactiveShellInit = '' interactiveShellInit = ''
alias vi=nvim alias vi=nvim
@ -113,18 +121,19 @@ in
time.timeZone = "US/Mountain"; time.timeZone = "US/Mountain";
systemd.services."setdate" = systemd.services."setdate" =
if pkgs.system == "aarch64-linux" if pkgs.system == "aarch64-linux" then
then { {
description = "Set date on boot"; description = "Set date on boot";
wantedBy = [ "network-online.target" ]; wantedBy = [ "network-online.target" ];
after = [ "network-online.target" ]; after = [ "network-online.target" ];
script = '' script = ''
. /etc/profile; . /etc/profile;
${pkgs.outils}/bin/rdate pool.ntp.org ${pkgs.outils}/bin/rdate pool.ntp.org
''; '';
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
} }
else { }; else
{ };
programs = { programs = {
zsh.enable = true; zsh.enable = true;
@ -151,7 +160,10 @@ in
settings = { settings = {
PermitRootLogin = lib.mkForce "prohibit-password"; PermitRootLogin = lib.mkForce "prohibit-password";
PasswordAuthentication = false; PasswordAuthentication = false;
KexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ]; KexAlgorithms = [
"curve25519-sha256"
"curve25519-sha256@libssh.org"
];
Macs = [ Macs = [
"hmac-sha2-512-etm@openssh.com" "hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com" "hmac-sha2-256-etm@openssh.com"

View File

@ -1,42 +1,44 @@
{ lib, ... }: { lib, ... }:
let let
inherit (builtins) toString readFile fromJSON filter; inherit (builtins)
getPrStatus = pr: toString
readFile
fromJSON
filter
;
getPrStatus =
pr:
let let
prstr = toString pr; prstr = toString pr;
prStatus = fromJSON (readFile ../pull_requests/${prstr}.json); prStatus = fromJSON (readFile ../pull_requests/${prstr}.json);
in in
prStatus; prStatus;
prIsOpen = { prIsOpen = {
option = pr: a: option =
pr: a:
let let
prStatus = getPrStatus pr; prStatus = getPrStatus pr;
in in
if prStatus.status == "open" if prStatus.status == "open" then a else { };
then a pkg =
else { }; pr: localPkg: upstreamPkg:
pkg = pr: localPkg: upstreamPkg:
let let
prStatus = getPrStatus pr; prStatus = getPrStatus pr;
in in
if prStatus.status == "open" if prStatus.status == "open" then
then localPkg localPkg
else else
lib.warn lib.warn "PR: ${toString pr} (${prStatus.title}) is complete, ignoring pkg..." upstreamPkg;
"PR: ${toString pr} (${prStatus.title}) is complete, ignoring pkg..."
upstreamPkg;
overlay = pr: overlay: overlay =
pr: overlay:
let let
prStatus = getPrStatus pr; prStatus = getPrStatus pr;
in in
if pr == 0 || prStatus.status == "open" if pr == 0 || prStatus.status == "open" then
then overlay overlay
else else
lib.warn "PR: ${ lib.warn "PR: ${toString pr} (${prStatus.title}) is complete, ignoring overlay..." (_: _: { });
toString pr
} (${prStatus.title}) is complete, ignoring overlay..."
(_: _: { });
}; };
todo = msg: lib.warn "TODO: ${msg}"; todo = msg: lib.warn "TODO: ${msg}";
@ -54,7 +56,9 @@ let
value = { value = {
script = mkCronScript "${job.name}_script" job.script; script = mkCronScript "${job.name}_script" job.script;
inherit (job) startAt path; inherit (job) startAt path;
serviceConfig = { Type = "oneshot"; }; serviceConfig = {
Type = "oneshot";
};
}; };
}; };
jobToService = job: { jobToService = job: {
@ -68,7 +72,8 @@ let
}; };
}; };
}; };
buildShell = pkgs: buildShell =
pkgs:
pkgs.mkShell { pkgs.mkShell {
shellHook = '' shellHook = ''
PS1='\u@\h:\w; ' PS1='\u@\h:\w; '
@ -97,7 +102,8 @@ let
# Set our configurationRevison based on the status of our git repo. # Set our configurationRevison based on the status of our git repo.
# If the repo is dirty, disable autoUpgrade as it means we are # If the repo is dirty, disable autoUpgrade as it means we are
# testing something. # testing something.
buildVer = self: buildVer =
self:
let let
state = self.rev or "DIRTY"; state = self.rev or "DIRTY";
in in

View File

@ -1,4 +1,5 @@
{ ... }: { { ... }:
{
imports = [ imports = [
./golink.nix ./golink.nix
./gotosocial.nix ./gotosocial.nix

View File

@ -1,9 +1,11 @@
{ config {
, lib config,
, pkgs lib,
, ... pkgs,
...
}: }:
with pkgs; let with pkgs;
let
cfg = config.services.golink; cfg = config.services.golink;
golink = callPackage ../pkgs/golink.nix { }; golink = callPackage ../pkgs/golink.nix { };
in in
@ -13,7 +15,12 @@ in
enable = mkEnableOption "Enable golink"; enable = mkEnableOption "Enable golink";
user = mkOption { user = mkOption {
type = with types; oneOf [ str int ]; type =
with types;
oneOf [
str
int
];
default = "golink"; default = "golink";
description = '' description = ''
The user the service will use. The user the service will use.
@ -37,7 +44,12 @@ in
}; };
group = mkOption { group = mkOption {
type = with types; oneOf [ str int ]; type =
with types;
oneOf [
str
int
];
default = "golink"; default = "golink";
description = '' description = ''
The user the service will use. The user the service will use.

View File

@ -1,18 +1,19 @@
{ config {
, lib config,
, pkgs lib,
, ... pkgs,
...
}: }:
with pkgs; let with pkgs;
let
cfg = config.services.gotosocial; cfg = config.services.gotosocial;
gotosocial = callPackage ../pkgs/gotosocial.nix { }; gotosocial = callPackage ../pkgs/gotosocial.nix { };
settingsFormat = pkgs.formats.json { }; settingsFormat = pkgs.formats.json { };
settingsType = settingsFormat.type; settingsType = settingsFormat.type;
prettyJSON = conf: prettyJSON =
conf:
pkgs.runCommandLocal "gotosocial-config.json" { } '' pkgs.runCommandLocal "gotosocial-config.json" { } ''
echo '${ echo '${builtins.toJSON conf}' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out
builtins.toJSON conf
}' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out
''; '';
in in
{ {
@ -21,7 +22,12 @@ in
enable = mkEnableOption "Enable gotosocial"; enable = mkEnableOption "Enable gotosocial";
user = mkOption { user = mkOption {
type = with types; oneOf [ str int ]; type =
with types;
oneOf [
str
int
];
default = "gotosocial"; default = "gotosocial";
description = '' description = ''
The user the service will use. The user the service will use.
@ -29,7 +35,12 @@ in
}; };
group = mkOption { group = mkOption {
type = with types; oneOf [ str int ]; type =
with types;
oneOf [
str
int
];
default = "gotosocial"; default = "gotosocial";
description = '' description = ''
The user the service will use. The user the service will use.
@ -74,9 +85,7 @@ in
RuntimeDirectory = "/var/lib/gotosocial"; RuntimeDirectory = "/var/lib/gotosocial";
ExecStart = "${cfg.package}/bin/gotosocial --config-path ${ ExecStart = "${cfg.package}/bin/gotosocial --config-path ${prettyJSON cfg.configuration} server start";
prettyJSON cfg.configuration
} server start";
}; };
}; };
}; };

View File

@ -1,18 +1,19 @@
{ config {
, lib config,
, pkgs lib,
, ... pkgs,
...
}: }:
with pkgs; let with pkgs;
let
cfg = config.services.rtlamr2mqtt; cfg = config.services.rtlamr2mqtt;
rtlamr2mqtt = pkgs.python3Packages.callPackage ../pkgs/rtlamr2mqtt.nix { }; rtlamr2mqtt = pkgs.python3Packages.callPackage ../pkgs/rtlamr2mqtt.nix { };
settingsFormat = pkgs.formats.json { }; settingsFormat = pkgs.formats.json { };
settingsType = settingsFormat.type; settingsType = settingsFormat.type;
prettyJSON = conf: prettyJSON =
conf:
pkgs.runCommandLocal "rtlamr2mqtt-config.json" { } '' pkgs.runCommandLocal "rtlamr2mqtt-config.json" { } ''
echo '${ echo '${builtins.toJSON conf}' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out
builtins.toJSON conf
}' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out
''; '';
in in
{ {
@ -21,7 +22,12 @@ in
enable = mkEnableOption "Enable rtlamr2mqtt"; enable = mkEnableOption "Enable rtlamr2mqtt";
user = mkOption { user = mkOption {
type = with types; oneOf [ str int ]; type =
with types;
oneOf [
str
int
];
default = "rtlamr2mqtt"; default = "rtlamr2mqtt";
description = '' description = ''
The user the service will use. The user the service will use.
@ -29,7 +35,12 @@ in
}; };
group = mkOption { group = mkOption {
type = with types; oneOf [ str int ]; type =
with types;
oneOf [
str
int
];
default = "rtlamr2mqtt"; default = "rtlamr2mqtt";
description = '' description = ''
The user the service will use. The user the service will use.

View File

@ -1,7 +1,8 @@
{ lib {
, config lib,
, pkgs config,
, ... pkgs,
...
}: }:
let let
cfg = config.services.sliding-sync; cfg = config.services.sliding-sync;
@ -12,7 +13,12 @@ in
enable = lib.mkEnableOption "Enable sliding-sync"; enable = lib.mkEnableOption "Enable sliding-sync";
user = mkOption { user = mkOption {
type = with types; oneOf [ str int ]; type =
with types;
oneOf [
str
int
];
default = "syncv3"; default = "syncv3";
description = '' description = ''
The user the service will use. The user the service will use.
@ -20,7 +26,12 @@ in
}; };
group = mkOption { group = mkOption {
type = with types; oneOf [ str int ]; type =
with types;
oneOf [
str
int
];
default = "syncv3"; default = "syncv3";
description = '' description = ''
The group the service will use. The group the service will use.
@ -82,7 +93,10 @@ in
enable = true; enable = true;
description = "sliding-sync server"; description = "sliding-sync server";
wantedBy = [ "network-online.target" ]; wantedBy = [ "network-online.target" ];
after = [ "network-online.target" "matrix-synapse.service" ]; after = [
"network-online.target"
"matrix-synapse.service"
];
environment = { environment = {
HOME = "${cfg.dataDir}"; HOME = "${cfg.dataDir}";

View File

@ -1,7 +1,8 @@
{ config {
, lib config,
, pkgs lib,
, ... pkgs,
...
}: }:
let let
perl = "${pkgs.perl}/bin/perl"; perl = "${pkgs.perl}/bin/perl";

View File

@ -1,7 +1,8 @@
{ lib {
, config lib,
, pkgs config,
, ... pkgs,
...
}: }:
let let
cfg = config.services.tsrevprox; cfg = config.services.tsrevprox;
@ -36,7 +37,12 @@ in
}; };
user = mkOption { user = mkOption {
type = with types; oneOf [ str int ]; type =
with types;
oneOf [
str
int
];
default = "tsrevprox"; default = "tsrevprox";
description = '' description = ''
The user the service will use. The user the service will use.
@ -44,7 +50,12 @@ in
}; };
group = mkOption { group = mkOption {
type = with types; oneOf [ str int ]; type =
with types;
oneOf [
str
int
];
default = "tsrevprox"; default = "tsrevprox";
description = '' description = ''
The group the service will use. The group the service will use.
@ -90,15 +101,15 @@ in
wantedBy = [ "network-online.target" ]; wantedBy = [ "network-online.target" ];
after = [ "network-online.target" ]; after = [ "network-online.target" ];
environment = { HOME = "${cfg.dataDir}"; }; environment = {
HOME = "${cfg.dataDir}";
};
serviceConfig = { serviceConfig = {
User = cfg.user; User = cfg.user;
Group = cfg.group; Group = cfg.group;
ExecStart = "${cfg.package}/bin/ts-reverse-proxy -name ${cfg.reverseName} -port ${ ExecStart = "${cfg.package}/bin/ts-reverse-proxy -name ${cfg.reverseName} -port ${toString cfg.reversePort} -ip ${cfg.reverseIP}";
toString cfg.reversePort
} -ip ${cfg.reverseIP}";
#EnvironmentFile = cfg.envFile; #EnvironmentFile = cfg.envFile;
}; };
}; };

View File

@ -1,10 +1,12 @@
{ config {
, lib config,
, pkgs lib,
, inputs pkgs,
, ... inputs,
...
}: }:
with pkgs; let with pkgs;
let
cfg = config.services.tsvnstat; cfg = config.services.tsvnstat;
inherit (inputs.tsvnstat.packages.${pkgs.system}) tsvnstat; inherit (inputs.tsvnstat.packages.${pkgs.system}) tsvnstat;
in in
@ -14,7 +16,12 @@ in
enable = mkEnableOption "Enable tsvnstat"; enable = mkEnableOption "Enable tsvnstat";
user = mkOption { user = mkOption {
type = with types; oneOf [ str int ]; type =
with types;
oneOf [
str
int
];
default = "tsvnstat"; default = "tsvnstat";
description = '' description = ''
The user the service will use. The user the service will use.
@ -22,7 +29,12 @@ in
}; };
keyPath = mkOption { keyPath = mkOption {
type = with types; oneOf [ path str ]; type =
with types;
oneOf [
path
str
];
default = ""; default = "";
description = '' description = ''
Path to the TS API key file Path to the TS API key file
@ -38,7 +50,12 @@ in
}; };
group = mkOption { group = mkOption {
type = with types; oneOf [ str int ]; type =
with types;
oneOf [
str
int
];
default = "tsvnstat"; default = "tsvnstat";
description = '' description = ''
The user the service will use. The user the service will use.
@ -88,7 +105,9 @@ in
CacheDirectoryMode = "0755"; CacheDirectoryMode = "0755";
ExecStart = '' ExecStart = ''
${cfg.package}/bin/tsvnstat -vnstati ${pkgs.vnstat}/bin/vnstati -name ${cfg.nodeName} ${lib.optionalString (cfg.keyPath != "") "-key ${cfg.keyPath}"} ${cfg.package}/bin/tsvnstat -vnstati ${pkgs.vnstat}/bin/vnstati -name ${cfg.nodeName} ${
lib.optionalString (cfg.keyPath != "") "-key ${cfg.keyPath}"
}
''; '';
}; };
}; };

View File

@ -1,9 +1,11 @@
{ config {
, lib config,
, pkgs lib,
, ... pkgs,
...
}: }:
with pkgs; let with pkgs;
let
cfg = config.services.veilid-server; cfg = config.services.veilid-server;
in in
{ {
@ -11,13 +13,23 @@ in
services.veilid-server = { services.veilid-server = {
enable = mkEnableOption "Enable velid-server"; enable = mkEnableOption "Enable velid-server";
user = mkOption { user = mkOption {
type = with types; oneOf [ str int ]; type =
with types;
oneOf [
str
int
];
default = "veilid"; default = "veilid";
description = "The user veilid-server will run as."; description = "The user veilid-server will run as.";
}; };
group = mkOption { group = mkOption {
type = with types; oneOf [ str int ]; type =
with types;
oneOf [
str
int
];
default = "veilid"; default = "veilid";
description = "The group veilid-server will run with."; description = "The group veilid-server will run with.";
}; };

View File

@ -1,19 +1,29 @@
{ lib {
, config lib,
, pkgs config,
, ... pkgs,
...
}: }:
let let
cfg = config.services.wallabag; cfg = config.services.wallabag;
inherit (builtins) toJSON; inherit (builtins) toJSON;
inherit (lib) mkOption mkEnableOption types mkIf; inherit (lib)
wallabag = pkgs.wallabag.overrideAttrs (old: { mkOption
patches = builtins.filter (patch: builtins.baseNameOf patch != "wallabag-data.patch") old.patches ++ [ mkEnableOption
# https://github.com/jtojnar/nixfiles/commit/662ac88e3358e9b50468c4bbf124aa821e22cae4 types
./wallabag-data-location.patch mkIf
]; ;
}); wallabag = pkgs.wallabag.overrideAttrs (
old: {
patches =
builtins.filter (patch: builtins.baseNameOf patch != "wallabag-data.patch") old.patches
++ [
# https://github.com/jtojnar/nixfiles/commit/662ac88e3358e9b50468c4bbf124aa821e22cae4
./wallabag-data-location.patch
];
}
);
wallabagConfig = toJSON { wallabagConfig = toJSON {
parameters = { parameters = {
#database_driver = "pdo_sqlite"; #database_driver = "pdo_sqlite";
@ -80,10 +90,14 @@ let
sentry_dsn = null; sentry_dsn = null;
}; };
}; };
php = pkgs.php.withExtensions ({ enabled, all }: enabled ++ (with all; [ php = pkgs.php.withExtensions (
imagick { enabled, all }:
tidy enabled
])); ++ (with all; [
imagick
tidy
])
);
wallabagServiceConfig = { wallabagServiceConfig = {
CacheDirectory = "wallabag"; CacheDirectory = "wallabag";
CacheDirectoryMode = "700"; CacheDirectoryMode = "700";
@ -123,17 +137,26 @@ in
description = "wallabag data directory"; description = "wallabag data directory";
}; };
user = mkOption { user = mkOption {
type = with types; oneOf [ str int ]; type =
with types;
oneOf [
str
int
];
default = "wallabag"; default = "wallabag";
description = "The user wallabag will run as."; description = "The user wallabag will run as.";
}; };
group = mkOption { group = mkOption {
type = with types; oneOf [ str int ]; type =
with types;
oneOf [
str
int
];
default = "wallabag"; default = "wallabag";
description = "The group wallabag will run with."; description = "The group wallabag will run with.";
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -214,7 +237,11 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
before = [ "phpfpm-wallabag.service" ]; before = [ "phpfpm-wallabag.service" ];
after = [ "postgresql.service" ]; after = [ "postgresql.service" ];
path = with pkgs; [ coreutils php phpPackages.composer ]; path = with pkgs; [
coreutils
php
phpPackages.composer
];
serviceConfig = { serviceConfig = {
User = cfg.user; User = cfg.user;
Type = "oneshot"; Type = "oneshot";

View File

@ -1,9 +1,11 @@
{ config {
, lib config,
, pkgs lib,
, ... pkgs,
...
}: }:
with pkgs; let with pkgs;
let
cfg = config.services.yarr; cfg = config.services.yarr;
yarr = callPackage ../pkgs/yarr.nix { }; yarr = callPackage ../pkgs/yarr.nix { };
in in
@ -51,7 +53,12 @@ in
}; };
user = mkOption { user = mkOption {
type = with types; oneOf [ str int ]; type =
with types;
oneOf [
str
int
];
default = "yarr"; default = "yarr";
description = '' description = ''
The user the service will use. The user the service will use.
@ -59,7 +66,12 @@ in
}; };
group = mkOption { group = mkOption {
type = with types; oneOf [ str int ]; type =
with types;
oneOf [
str
int
];
default = "yarr"; default = "yarr";
description = '' description = ''
The user the service will use. The user the service will use.
@ -95,9 +107,7 @@ in
User = cfg.user; User = cfg.user;
Group = cfg.group; Group = cfg.group;
ExecStart = "${cfg.package}/bin/yarr -addr ${cfg.address}:${ ExecStart = "${cfg.package}/bin/yarr -addr ${cfg.address}:${toString cfg.port} -db ${cfg.dbPath} -auth-file ${cfg.authFilePath}";
toString cfg.port
} -db ${cfg.dbPath} -auth-file ${cfg.authFilePath}";
}; };
}; };
}; };

View File

@ -1,11 +1,8 @@
{ config { config, lib, ... }:
, lib with lib;
, ... let
}:
with lib; let
cfg = config.services.xin-monitoring; cfg = config.services.xin-monitoring;
inherit inherit (builtins)
(builtins)
readFile readFile
concatStringsSep concatStringsSep
attrValues attrValues
@ -14,34 +11,43 @@ with lib; let
; ;
nginxCfg = config.services.nginx; nginxCfg = config.services.nginx;
buildFSChecker = fsList: (concatStringsSep "\n" (attrValues (mapAttrs buildFSChecker =
(f: v: fsList:
if v.fsType != "sshfs" (concatStringsSep "\n" (
then '' attrValues (
check filesystem ${replaceStrings ["/"] ["_"] f} with path ${f} mapAttrs
if space usage > 90% then alert (
if inode usage > 90% then alert f: v:
'' if v.fsType != "sshfs" then
else "") ''
fsList))); check filesystem ${replaceStrings [ "/" ] [ "_" ] f} with path ${f}
buildNginxChecker = vhostList: (concatStringsSep "\n" (attrValues (mapAttrs if space usage > 90% then alert
(f: v: '' if inode usage > 90% then alert
check host ${f} with address ${f} ''
if failed port 80 protocol http then alert else
${ ""
if v.enableACME )
then "if failed port 443 protocol https then alert" fsList
else "" )
} ));
'') buildNginxChecker =
vhostList))); vhostList:
(concatStringsSep "\n" (
attrValues (
mapAttrs
(f: v: ''
check host ${f} with address ${f}
if failed port 80 protocol http then alert
${if v.enableACME then "if failed port 443 protocol https then alert" else ""}
'')
vhostList
)
));
nginxChecks = nginxChecks =
if nginxCfg.enable if nginxCfg.enable then
then if config.networking.hostName == "h" then (buildNginxChecker nginxCfg.virtualHosts) else ""
if config.networking.hostName == "h" else
then (buildNginxChecker nginxCfg.virtualHosts) "";
else ""
else "";
in in
{ {
options = { options = {

View File

@ -1,12 +1,14 @@
let let
_1password-gui = _: super: { _1password-gui = _: super: {
_1password-gui = super._1password-gui.overrideAttrs (_: rec { _1password-gui = super._1password-gui.overrideAttrs (
version = "8.10.7"; _: rec {
src = super.fetchurl { version = "8.10.7";
url = "https://downloads.1password.com/linux/tar/stable/x86_64/1password-${version}.x64.tar.gz"; src = super.fetchurl {
sha256 = "sha256-5KMAzstoPmNgFejp21R8PcdrmUtkX3qxHYX3rV5JqyE="; url = "https://downloads.1password.com/linux/tar/stable/x86_64/1password-${version}.x64.tar.gz";
}; sha256 = "sha256-5KMAzstoPmNgFejp21R8PcdrmUtkX3qxHYX3rV5JqyE=";
}); };
}
);
}; };
in in
_1password-gui _1password-gui

View File

@ -13,24 +13,29 @@ let
propagatedBuildInputs = with super.perlPackages; [ Future ]; propagatedBuildInputs = with super.perlPackages; [ Future ];
meta = { meta = {
description = "A FIFO queue of values that uses L<Future>s"; description = "A FIFO queue of values that uses L<Future>s";
license = with super.lib.licenses; [ artistic1 gpl1Plus ]; license = with super.lib.licenses; [
artistic1
gpl1Plus
];
}; };
}; };
in in
super.PLS.overrideAttrs (_: { super.PLS.overrideAttrs (
propagatedBuildInputs = with super.perlPackages; [ _: {
Future propagatedBuildInputs = with super.perlPackages; [
FutureQueue Future
IOAsync FutureQueue
PPI IOAsync
PPR PPI
PathTiny PPR
PerlCritic PathTiny
PerlTidy PerlCritic
PodMarkdown PerlTidy
URI PodMarkdown
]; URI
}); ];
}
);
}; };
in in
perlPackages perlPackages

View File

@ -1,12 +1,14 @@
let let
bruno = _: super: { bruno = _: super: {
bruno = super.bruno.overrideAttrs (_: rec { bruno = super.bruno.overrideAttrs (
version = "0.25.0"; _: rec {
src = super.fetchurl { version = "0.25.0";
url = "https://github.com/usebruno/bruno/releases/download/v${version}/bruno_${version}_amd64_linux.deb"; src = super.fetchurl {
hash = "sha256-h7GBZaYKHwZnGNZGcVtyV0cJa8EgsulDsFIB3ggYGng="; url = "https://github.com/usebruno/bruno/releases/download/v${version}/bruno_${version}_amd64_linux.deb";
}; hash = "sha256-h7GBZaYKHwZnGNZGcVtyV0cJa8EgsulDsFIB3ggYGng=";
}); };
}
);
}; };
in in
bruno bruno

View File

@ -1,17 +1,12 @@
{ isUnstable { isUnstable, xinlib, ... }:
, xinlib
, ...
}:
let let
inherit (xinlib) prIsOpen; inherit (xinlib) prIsOpen;
matrix-synapse = prIsOpen.overlay 0 (import ./matrix-synapse.nix); matrix-synapse = prIsOpen.overlay 0 (import ./matrix-synapse.nix);
heisenbridge = prIsOpen.overlay 0 (import ./heisenbridge.nix); heisenbridge = prIsOpen.overlay 0 (import ./heisenbridge.nix);
in in
{ {
nixpkgs.overlays = [ heisenbridge matrix-synapse ] ++ nixpkgs.overlays = [
(if isUnstable heisenbridge
then [ matrix-synapse
] ] ++ (if isUnstable then [ ] else [ ]);
else [
]);
} }

View File

@ -1,17 +1,19 @@
let let
hash = "sha256-OmAmgHM+EmJ3mUY4lPBxIv2rAq8j2QEeTUMux7ZBfRE="; hash = "sha256-OmAmgHM+EmJ3mUY4lPBxIv2rAq8j2QEeTUMux7ZBfRE=";
heisenbridge = _: super: { heisenbridge = _: super: {
heisenbridge = super.heisenbridge.overrideAttrs (_: rec { heisenbridge = super.heisenbridge.overrideAttrs (
version = "1.14.5"; _: rec {
pname = "heisenbridge"; version = "1.14.5";
pname = "heisenbridge";
src = super.fetchFromGitHub { src = super.fetchFromGitHub {
owner = "hifi"; owner = "hifi";
repo = pname; repo = pname;
rev = "refs/tags/v${version}"; rev = "refs/tags/v${version}";
inherit hash; inherit hash;
}; };
}); }
);
}; };
in in
heisenbridge heisenbridge

View File

@ -2,22 +2,24 @@ let
hash = "sha256-yhOdIyKp+JM0qUl4dD1aMeYHNhE71DUDxrfCyRDP1VI="; hash = "sha256-yhOdIyKp+JM0qUl4dD1aMeYHNhE71DUDxrfCyRDP1VI=";
sha256 = "sha256-mWvcRNvCYf6WCKU/5LGJipOI032QFG90XpHTxFGs6TU="; sha256 = "sha256-mWvcRNvCYf6WCKU/5LGJipOI032QFG90XpHTxFGs6TU=";
matrix-synapse = _: super: { matrix-synapse = _: super: {
matrix-synapse = super.matrix-synapse.overrideAttrs (_: rec { matrix-synapse = super.matrix-synapse.overrideAttrs (
version = "1.101.0"; _: rec {
pname = "matrix-synapse"; version = "1.101.0";
pname = "matrix-synapse";
src = super.fetchFromGitHub { src = super.fetchFromGitHub {
owner = "element-hq"; owner = "element-hq";
repo = "synapse"; repo = "synapse";
rev = "v${version}"; rev = "v${version}";
inherit hash; inherit hash;
}; };
cargoDeps = super.rustPlatform.fetchCargoTarball { cargoDeps = super.rustPlatform.fetchCargoTarball {
inherit src sha256; inherit src sha256;
name = "${pname}-${version}"; name = "${pname}-${version}";
}; };
}); }
);
}; };
in in
matrix-synapse matrix-synapse

View File

@ -1,21 +1,23 @@
let let
nixd = _: super: { nixd = _: super: {
nixd = super.nixd.overrideAttrs (_: rec { nixd = super.nixd.overrideAttrs (
version = "1.1.0"; _: rec {
src = super.fetchFromGitHub { version = "1.1.0";
owner = "nix-community"; src = super.fetchFromGitHub {
repo = "nixd"; owner = "nix-community";
rev = version; repo = "nixd";
hash = "sha256-zeBVh9gPMR+1ETx0ujl+TUSoeHHR4fkQfxyOpCDKP9M="; rev = version;
}; hash = "sha256-zeBVh9gPMR+1ETx0ujl+TUSoeHHR4fkQfxyOpCDKP9M=";
nativeBuildInputs = with super.pkgs; [ };
meson nativeBuildInputs = with super.pkgs; [
ninja meson
pkg-config ninja
bison pkg-config
flex bison
]; flex
}); ];
}
);
}; };
in in
nixd nixd

View File

@ -1,19 +1,20 @@
let let
obsidian = _: super: { obsidian = _: super: {
obsidian = super.obsidian.overrideAttrs (_: rec { obsidian = super.obsidian.overrideAttrs (
version = "1.3.5"; _: rec {
filename = version = "1.3.5";
if super.stdenv.isDarwin filename =
then "Obsidian-${version}-universal.dmg" if super.stdenv.isDarwin then "Obsidian-${version}-universal.dmg" else "obsidian-${version}.tar.gz";
else "obsidian-${version}.tar.gz"; src = super.fetchurl {
src = super.fetchurl { url = "https://github.com/obsidianmd/obsidian-releases/releases/download/v${version}/${filename}";
url = "https://github.com/obsidianmd/obsidian-releases/releases/download/v${version}/${filename}"; sha256 =
sha256 = if super.stdenv.isDarwin then
if super.stdenv.isDarwin "sha256-bTIJwQqufzxq1/ZxR8rVYER82tl0pPMpKwDPr9Gz1Q4="
then "sha256-bTIJwQqufzxq1/ZxR8rVYER82tl0pPMpKwDPr9Gz1Q4=" else
else "sha256-jhm6ziFaJnv4prPSfOnJ/EbIRTf9rnvzAJVxnVqmWE4="; "sha256-jhm6ziFaJnv4prPSfOnJ/EbIRTf9rnvzAJVxnVqmWE4=";
}; };
}); }
);
}; };
in in
obsidian obsidian

View File

@ -1,18 +1,20 @@
let let
openssh = _: super: { openssh = _: super: {
openssh = super.openssh.overrideAttrs (_: rec { openssh = super.openssh.overrideAttrs (
version = "9.3p1"; _: rec {
src = super.fetchurl { version = "9.3p1";
url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz"; src = super.fetchurl {
hash = "sha256-6bq6dwGnalHz2Fpiw4OjydzZf6kAuFm8fbEUwYaK+Kg="; url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz";
}; hash = "sha256-6bq6dwGnalHz2Fpiw4OjydzZf6kAuFm8fbEUwYaK+Kg=";
};
patches = [ patches = [
./ssh-keysign-8.5.patch ./ssh-keysign-8.5.patch
./dont_create_privsep_path.patch ./dont_create_privsep_path.patch
./locale_archive.patch ./locale_archive.patch
]; ];
}); }
);
}; };
in in
openssh openssh

View File

@ -1,10 +1,12 @@
let let
rex = _: super: { rex = _: super: {
rex = super.rex.overrideAttrs (_: { rex = super.rex.overrideAttrs (
postPatch = '' _: {
patchShebangs bin postPatch = ''
''; patchShebangs bin
}); '';
}
);
}; };
in in
rex rex

View File

@ -1,12 +1,14 @@
let let
signal-desktop = _: super: { signal-desktop = _: super: {
signal-desktop = super.signal-desktop.overrideAttrs (old: rec { signal-desktop = super.signal-desktop.overrideAttrs (
version = "6.34.1"; old: rec {
src = super.fetchurl { version = "6.34.1";
url = "https://updates.signal.org/desktop/apt/pool/s/${old.pname}/${old.pname}_${version}_amd64.deb"; src = super.fetchurl {
hash = "sha256-1kffRXPQmtxIsLZVOgPXDnxUmY59q+1umy25cditRhw="; url = "https://updates.signal.org/desktop/apt/pool/s/${old.pname}/${old.pname}_${version}_amd64.deb";
}; hash = "sha256-1kffRXPQmtxIsLZVOgPXDnxUmY59q+1umy25cditRhw=";
}); };
}
);
}; };
in in
signal-desktop signal-desktop

View File

@ -20,11 +20,15 @@ let
#}; #};
tailscale = _: super: { tailscale = _: super: {
tailscale = super.callPackage "${super.path}/pkgs/servers/tailscale" { tailscale = super.callPackage "${super.path}/pkgs/servers/tailscale" {
buildGoModule = args: buildGoModule =
super.buildGo121Module (args // { args:
src = super.fetchFromGitHub fetchArgs; super.buildGo121Module (
inherit vendorHash ldflags version; args
}); // {
src = super.fetchFromGitHub fetchArgs;
inherit vendorHash ldflags version;
}
);
}; };
}; };
in in

View File

@ -1,13 +1,15 @@
let let
tidal-hifi = _: super: { tidal-hifi = _: super: {
tidal-hifi = super.tidal-hifi.overrideAttrs (_: rec { tidal-hifi = super.tidal-hifi.overrideAttrs (
version = "5.3.0"; _: rec {
version = "5.3.0";
src = super.fetchurl { src = super.fetchurl {
url = "https://github.com/Mastermindzh/tidal-hifi/releases/download/${version}/tidal-hifi_${version}_amd64.deb"; url = "https://github.com/Mastermindzh/tidal-hifi/releases/download/${version}/tidal-hifi_${version}_amd64.deb";
sha256 = "sha256-YGSHEvanWek6qiWvKs6g+HneGbuuqJn/DBfhawjQi5M="; sha256 = "sha256-YGSHEvanWek6qiWvKs6g+HneGbuuqJn/DBfhawjQi5M=";
}; };
}); }
);
}; };
in in
tidal-hifi tidal-hifi

View File

@ -1,8 +1,9 @@
{ lib {
, stdenv lib,
, fetchFromGitHub stdenv,
, pkgs fetchFromGitHub,
, ... pkgs,
...
}: }:
let let
libadalang = stdenv.mkDerivation rec { libadalang = stdenv.mkDerivation rec {
@ -38,7 +39,10 @@ let
sha256 = "sha256-IDPcIJfavlqMsxLOGrvXYv98FdYVWkCiimLcMFp3ees="; sha256 = "sha256-IDPcIJfavlqMsxLOGrvXYv98FdYVWkCiimLcMFp3ees=";
}; };
buildInputs = with pkgs; [ gnat12 gprbuild ]; buildInputs = with pkgs; [
gnat12
gprbuild
];
makeFlags = [ "PREFIX=$(out)" ]; makeFlags = [ "PREFIX=$(out)" ];
}; };
@ -53,7 +57,11 @@ let
sha256 = "sha256-kA5yOd3NDkRl08o38F5CyeFrihBZktNF6di3PC+/ZLU="; sha256 = "sha256-kA5yOd3NDkRl08o38F5CyeFrihBZktNF6di3PC+/ZLU=";
}; };
buildInputs = with pkgs; [ gnat12 gprbuild libadalang ]; buildInputs = with pkgs; [
gnat12
gprbuild
libadalang
];
makeFlags = [ "PREFIX=$(out)" ]; makeFlags = [ "PREFIX=$(out)" ];
}; };
@ -69,7 +77,13 @@ stdenv.mkDerivation rec {
sha256 = "sha256-ZUzym0aMjq14W9h/lDL5hVCF/i+1SFu6kccGqzmGO3E="; sha256 = "sha256-ZUzym0aMjq14W9h/lDL5hVCF/i+1SFu6kccGqzmGO3E=";
}; };
buildInputs = with pkgs; [ gnat12 gprbuild python3 vss gnatdoc ]; buildInputs = with pkgs; [
gnat12
gprbuild
python3
vss
gnatdoc
];
meta = with lib; { meta = with lib; {
description = "Language server for Ada and SPARK"; description = "Language server for Ada and SPARK";

View File

@ -1,9 +1,10 @@
{ stdenv {
, lib stdenv,
, fetchurl lib,
, unzip fetchurl,
, autoPatchelfHook unzip,
, ... autoPatchelfHook,
...
}: }:
with lib; with lib;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
@ -15,7 +16,10 @@ stdenv.mkDerivation rec {
sha256 = "sha256-bN/H5CPN7uvUH9+p+y/sg01qTJI3asToxVSVnKVNHuM="; sha256 = "sha256-bN/H5CPN7uvUH9+p+y/sg01qTJI3asToxVSVnKVNHuM=";
}; };
nativeBuildInputs = [ unzip autoPatchelfHook ]; nativeBuildInputs = [
unzip
autoPatchelfHook
];
dontBuild = true; dontBuild = true;
doCheck = false; doCheck = false;

View File

@ -1,18 +1,16 @@
{ stdenv {
, lib stdenv,
, buildGoModule lib,
, fetchFromGitHub buildGoModule,
, isUnstable fetchFromGitHub,
, makeWrapper isUnstable,
, go makeWrapper,
, git go,
, ... git,
...
}: }:
let let
vendorHash = vendorHash = if isUnstable then "" else "sha256-7CnkKMZ1so1lflmp4D9EAESR6/u9ys5CTuVOsYetp0I=";
if isUnstable
then ""
else "sha256-7CnkKMZ1so1lflmp4D9EAESR6/u9ys5CTuVOsYetp0I=";
in in
with lib; with lib;
buildGoModule rec { buildGoModule rec {
@ -30,7 +28,10 @@ buildGoModule rec {
ldflags = [ "-X github.com/gomods/athens/pkg/build.version=${version}" ]; ldflags = [ "-X github.com/gomods/athens/pkg/build.version=${version}" ];
nativeBuildInputs = lib.optionals stdenv.isLinux [ makeWrapper go ]; nativeBuildInputs = lib.optionals stdenv.isLinux [
makeWrapper
go
];
proxyVendor = true; proxyVendor = true;
@ -40,7 +41,7 @@ buildGoModule rec {
postInstall = lib.optionalString stdenv.isLinux '' postInstall = lib.optionalString stdenv.isLinux ''
mv $out/bin/proxy $out/bin/athens mv $out/bin/proxy $out/bin/athens
wrapProgram $out/bin/athens --prefix PATH : ${lib.makeBinPath [git]} wrapProgram $out/bin/athens --prefix PATH : ${lib.makeBinPath [ git ]}
''; '';
meta = { meta = {

Some files were not shown because too many files have changed in this diff Show More