Compare commits
1 Commits
main
...
nixfmt-rfc
Author | SHA1 | Date | |
---|---|---|---|
28daa886e2 |
@ -1,4 +1,5 @@
|
|||||||
{ perl }: ''
|
{ perl }:
|
||||||
|
''
|
||||||
#!${perl}/bin/perl
|
#!${perl}/bin/perl
|
||||||
|
|
||||||
use strict;
|
use strict;
|
||||||
|
122
bins/default.nix
122
bins/default.nix
@ -1,83 +1,69 @@
|
|||||||
{ pkgs
|
{
|
||||||
, config
|
pkgs,
|
||||||
, isUnstable
|
config,
|
||||||
, ...
|
isUnstable,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
gosignify = pkgs.callPackage ../pkgs/gosignify.nix { inherit isUnstable; };
|
gosignify = pkgs.callPackage ../pkgs/gosignify.nix { inherit isUnstable; };
|
||||||
|
|
||||||
ix = pkgs.writeScriptBin "ix" (import ./ix.nix { inherit (pkgs) perl; });
|
ix = pkgs.writeScriptBin "ix" (import ./ix.nix { inherit (pkgs) perl; });
|
||||||
checkRestart =
|
checkRestart = pkgs.writeScriptBin "check-restart" (
|
||||||
pkgs.writeScriptBin "check-restart"
|
import ./check-restart.nix { inherit (pkgs) perl; }
|
||||||
(import ./check-restart.nix { inherit (pkgs) perl; });
|
);
|
||||||
xinStatus =
|
xinStatus = pkgs.writeScriptBin "xin-status" (
|
||||||
pkgs.writeScriptBin "xin-status"
|
import ./xin-status.nix { inherit (pkgs) perl perlPackages; }
|
||||||
(import ./xin-status.nix { inherit (pkgs) perl perlPackages; });
|
);
|
||||||
sfetch = pkgs.writeScriptBin "sfetch" (import ./sfetch.nix {
|
sfetch = pkgs.writeScriptBin "sfetch" (
|
||||||
inherit gosignify;
|
import ./sfetch.nix {
|
||||||
inherit (pkgs) curl;
|
inherit gosignify;
|
||||||
});
|
inherit (pkgs) curl;
|
||||||
|
}
|
||||||
|
);
|
||||||
genPatches = pkgs.callPackage ./gen-patches.nix { };
|
genPatches = pkgs.callPackage ./gen-patches.nix { };
|
||||||
upgrade-pg = pkgs.writeScriptBin "upgrade-pg" (import ./upgrade-pg.nix {
|
upgrade-pg = pkgs.writeScriptBin "upgrade-pg" (
|
||||||
inherit pkgs;
|
import ./upgrade-pg.nix {
|
||||||
inherit config;
|
inherit pkgs;
|
||||||
});
|
inherit config;
|
||||||
|
}
|
||||||
|
);
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages =
|
||||||
checkRestart
|
with pkgs;
|
||||||
genPatches
|
[
|
||||||
ix
|
checkRestart
|
||||||
sfetch
|
genPatches
|
||||||
xclip
|
ix
|
||||||
xinStatus
|
sfetch
|
||||||
] ++ (if config.services.postgresql.enable then
|
xclip
|
||||||
[ upgrade-pg ]
|
xinStatus
|
||||||
else [ ]);
|
]
|
||||||
|
++ (if config.services.postgresql.enable then [ upgrade-pg ] else [ ]);
|
||||||
environment.etc = {
|
environment.etc = {
|
||||||
"signify/openbsd-70-base.pub".text =
|
"signify/openbsd-70-base.pub".text = builtins.readFile ./pubs/openbsd-70-base.pub;
|
||||||
builtins.readFile ./pubs/openbsd-70-base.pub;
|
"signify/openbsd-70-fw.pub".text = builtins.readFile ./pubs/openbsd-70-fw.pub;
|
||||||
"signify/openbsd-70-fw.pub".text =
|
"signify/openbsd-70-pkg.pub".text = builtins.readFile ./pubs/openbsd-70-pkg.pub;
|
||||||
builtins.readFile ./pubs/openbsd-70-fw.pub;
|
"signify/openbsd-70-syspatch.pub".text = builtins.readFile ./pubs/openbsd-70-syspatch.pub;
|
||||||
"signify/openbsd-70-pkg.pub".text =
|
|
||||||
builtins.readFile ./pubs/openbsd-70-pkg.pub;
|
|
||||||
"signify/openbsd-70-syspatch.pub".text =
|
|
||||||
builtins.readFile ./pubs/openbsd-70-syspatch.pub;
|
|
||||||
|
|
||||||
"signify/openbsd-71-base.pub".text =
|
"signify/openbsd-71-base.pub".text = builtins.readFile ./pubs/openbsd-71-base.pub;
|
||||||
builtins.readFile ./pubs/openbsd-71-base.pub;
|
"signify/openbsd-71-fw.pub".text = builtins.readFile ./pubs/openbsd-71-fw.pub;
|
||||||
"signify/openbsd-71-fw.pub".text =
|
"signify/openbsd-71-pkg.pub".text = builtins.readFile ./pubs/openbsd-71-pkg.pub;
|
||||||
builtins.readFile ./pubs/openbsd-71-fw.pub;
|
"signify/openbsd-71-syspatch.pub".text = builtins.readFile ./pubs/openbsd-71-syspatch.pub;
|
||||||
"signify/openbsd-71-pkg.pub".text =
|
|
||||||
builtins.readFile ./pubs/openbsd-71-pkg.pub;
|
|
||||||
"signify/openbsd-71-syspatch.pub".text =
|
|
||||||
builtins.readFile ./pubs/openbsd-71-syspatch.pub;
|
|
||||||
|
|
||||||
"signify/openbsd-72-base.pub".text =
|
"signify/openbsd-72-base.pub".text = builtins.readFile ./pubs/openbsd-72-base.pub;
|
||||||
builtins.readFile ./pubs/openbsd-72-base.pub;
|
"signify/openbsd-72-fw.pub".text = builtins.readFile ./pubs/openbsd-72-fw.pub;
|
||||||
"signify/openbsd-72-fw.pub".text =
|
"signify/openbsd-72-pkg.pub".text = builtins.readFile ./pubs/openbsd-72-pkg.pub;
|
||||||
builtins.readFile ./pubs/openbsd-72-fw.pub;
|
"signify/openbsd-72-syspatch.pub".text = builtins.readFile ./pubs/openbsd-72-syspatch.pub;
|
||||||
"signify/openbsd-72-pkg.pub".text =
|
|
||||||
builtins.readFile ./pubs/openbsd-72-pkg.pub;
|
|
||||||
"signify/openbsd-72-syspatch.pub".text =
|
|
||||||
builtins.readFile ./pubs/openbsd-72-syspatch.pub;
|
|
||||||
|
|
||||||
"signify/openbsd-73-base.pub".text =
|
"signify/openbsd-73-base.pub".text = builtins.readFile ./pubs/openbsd-73-base.pub;
|
||||||
builtins.readFile ./pubs/openbsd-73-base.pub;
|
"signify/openbsd-73-fw.pub".text = builtins.readFile ./pubs/openbsd-73-fw.pub;
|
||||||
"signify/openbsd-73-fw.pub".text =
|
"signify/openbsd-73-pkg.pub".text = builtins.readFile ./pubs/openbsd-73-pkg.pub;
|
||||||
builtins.readFile ./pubs/openbsd-73-fw.pub;
|
"signify/openbsd-73-syspatch.pub".text = builtins.readFile ./pubs/openbsd-73-syspatch.pub;
|
||||||
"signify/openbsd-73-pkg.pub".text =
|
|
||||||
builtins.readFile ./pubs/openbsd-73-pkg.pub;
|
|
||||||
"signify/openbsd-73-syspatch.pub".text =
|
|
||||||
builtins.readFile ./pubs/openbsd-73-syspatch.pub;
|
|
||||||
|
|
||||||
"signify/openbsd-74-base.pub".text =
|
"signify/openbsd-74-base.pub".text = builtins.readFile ./pubs/openbsd-74-base.pub;
|
||||||
builtins.readFile ./pubs/openbsd-74-base.pub;
|
"signify/openbsd-74-fw.pub".text = builtins.readFile ./pubs/openbsd-74-fw.pub;
|
||||||
"signify/openbsd-74-fw.pub".text =
|
"signify/openbsd-74-pkg.pub".text = builtins.readFile ./pubs/openbsd-74-pkg.pub;
|
||||||
builtins.readFile ./pubs/openbsd-74-fw.pub;
|
"signify/openbsd-74-syspatch.pub".text = builtins.readFile ./pubs/openbsd-74-syspatch.pub;
|
||||||
"signify/openbsd-74-pkg.pub".text =
|
|
||||||
builtins.readFile ./pubs/openbsd-74-pkg.pub;
|
|
||||||
"signify/openbsd-74-syspatch.pub".text =
|
|
||||||
builtins.readFile ./pubs/openbsd-74-syspatch.pub;
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -1,13 +1,18 @@
|
|||||||
{ writeShellApplication
|
{
|
||||||
, diffutils
|
writeShellApplication,
|
||||||
, findutils
|
diffutils,
|
||||||
, coreutils
|
findutils,
|
||||||
, ...
|
coreutils,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
genPatches = writeShellApplication {
|
genPatches = writeShellApplication {
|
||||||
name = "gen-patches";
|
name = "gen-patches";
|
||||||
runtimeInputs = [ diffutils findutils coreutils ];
|
runtimeInputs = [
|
||||||
|
diffutils
|
||||||
|
findutils
|
||||||
|
coreutils
|
||||||
|
];
|
||||||
text = ''
|
text = ''
|
||||||
suffix=".orig"
|
suffix=".orig"
|
||||||
srcdir=$PWD
|
srcdir=$PWD
|
||||||
|
@ -1,7 +1,5 @@
|
|||||||
{ pkgs
|
{ pkgs, icbirc }:
|
||||||
, icbirc
|
''
|
||||||
,
|
|
||||||
}: ''
|
|
||||||
#!${pkgs.yash}/bin/yash
|
#!${pkgs.yash}/bin/yash
|
||||||
${pkgs.procps}/bin/pkill icbirc
|
${pkgs.procps}/bin/pkill icbirc
|
||||||
|
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
{ perl }: ''
|
{ perl }:
|
||||||
|
''
|
||||||
#!${perl}/bin/perl
|
#!${perl}/bin/perl
|
||||||
|
|
||||||
use strict;
|
use strict;
|
||||||
|
@ -1,14 +1,8 @@
|
|||||||
{ pkgs }:
|
{ pkgs }:
|
||||||
let
|
let
|
||||||
oathPkg = pkgs.oath-toolkit or pkgs.oathToolkit;
|
oathPkg = pkgs.oath-toolkit or pkgs.oathToolkit;
|
||||||
wlclip =
|
wlclip = if pkgs.system == "aarch64-darwin" then "" else "${pkgs.wl-clipboard}/bin/wl-copy";
|
||||||
if pkgs.system == "aarch64-darwin"
|
xclip = if pkgs.system == "aarch64-darwin" then "pbcopy" else "${pkgs.xclip}/bin/xclip";
|
||||||
then ""
|
|
||||||
else "${pkgs.wl-clipboard}/bin/wl-copy";
|
|
||||||
xclip =
|
|
||||||
if pkgs.system == "aarch64-darwin"
|
|
||||||
then "pbcopy"
|
|
||||||
else "${pkgs.xclip}/bin/xclip";
|
|
||||||
in
|
in
|
||||||
''
|
''
|
||||||
#!${pkgs.yash}/bin/yash
|
#!${pkgs.yash}/bin/yash
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
{ tea
|
{
|
||||||
, gh
|
tea,
|
||||||
, hut
|
gh,
|
||||||
,
|
hut,
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
teaBin = "${tea}/bin/tea";
|
teaBin = "${tea}/bin/tea";
|
||||||
|
@ -1,7 +1,5 @@
|
|||||||
{ curl
|
{ curl, gosignify }:
|
||||||
, gosignify
|
''
|
||||||
,
|
|
||||||
}: ''
|
|
||||||
#!/usr/bin/env sh
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
@ -1,7 +1,5 @@
|
|||||||
{ perl
|
{ perl, perlPackages, ... }:
|
||||||
, perlPackages
|
''
|
||||||
, ...
|
|
||||||
}: ''
|
|
||||||
#!${perl}/bin/perl
|
#!${perl}/bin/perl
|
||||||
|
|
||||||
use strict;
|
use strict;
|
||||||
|
@ -25,6 +25,8 @@ in
|
|||||||
"xdg/alacritty/alacritty.toml".text = builtins.readFile settingsFile;
|
"xdg/alacritty/alacritty.toml".text = builtins.readFile settingsFile;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
fonts = { packages = with pkgs; [ go-font ]; };
|
fonts = {
|
||||||
|
packages = with pkgs; [ go-font ];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -1,12 +1,14 @@
|
|||||||
{ config
|
{
|
||||||
, lib
|
config,
|
||||||
, pkgs
|
lib,
|
||||||
, ...
|
pkgs,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
cfg = config.services.xinCA;
|
cfg = config.services.xinCA;
|
||||||
in
|
in
|
||||||
with lib; {
|
with lib;
|
||||||
|
{
|
||||||
options = {
|
options = {
|
||||||
services.xinCA = {
|
services.xinCA = {
|
||||||
enable = mkEnableOption "Configure host as a xin certificate authority.";
|
enable = mkEnableOption "Configure host as a xin certificate authority.";
|
||||||
@ -67,9 +69,13 @@ with lib; {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.hosts = { "127.0.0.1" = [ "ca.bolddaemon.com" ]; };
|
networking.hosts = {
|
||||||
|
"127.0.0.1" = [ "ca.bolddaemon.com" ];
|
||||||
|
};
|
||||||
|
|
||||||
environment.sessionVariables = { STEPPATH = "/var/lib/step-ca"; };
|
environment.sessionVariables = {
|
||||||
|
STEPPATH = "/var/lib/step-ca";
|
||||||
|
};
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
step-cli
|
step-cli
|
||||||
step-kms-plugin
|
step-kms-plugin
|
||||||
@ -87,7 +93,9 @@ with lib; {
|
|||||||
crt = config.sops.secrets."intermediate_ca.crt".path;
|
crt = config.sops.secrets."intermediate_ca.crt".path;
|
||||||
key = config.sops.secrets.intermediate_ca_key.path;
|
key = config.sops.secrets.intermediate_ca_key.path;
|
||||||
dnsNames = [ "ca.bolddaemon.com" ];
|
dnsNames = [ "ca.bolddaemon.com" ];
|
||||||
logger = { format = "text"; };
|
logger = {
|
||||||
|
format = "text";
|
||||||
|
};
|
||||||
db = {
|
db = {
|
||||||
type = "badgerv2";
|
type = "badgerv2";
|
||||||
dataSource = "/var/lib/step-ca/db";
|
dataSource = "/var/lib/step-ca/db";
|
||||||
@ -98,7 +106,9 @@ with lib; {
|
|||||||
{
|
{
|
||||||
type = "SSHPOP";
|
type = "SSHPOP";
|
||||||
name = "sshpop";
|
name = "sshpop";
|
||||||
claims = { enableSSHCA = true; };
|
claims = {
|
||||||
|
enableSSHCA = true;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
@ -1,9 +1,10 @@
|
|||||||
{ config
|
{
|
||||||
, lib
|
config,
|
||||||
, pkgs
|
lib,
|
||||||
, inputs
|
pkgs,
|
||||||
, xinlib
|
inputs,
|
||||||
, ...
|
xinlib,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
#inherit (xinlib) prIsOpen;
|
#inherit (xinlib) prIsOpen;
|
||||||
@ -24,7 +25,8 @@ let
|
|||||||
}
|
}
|
||||||
];
|
];
|
||||||
in
|
in
|
||||||
with lib; {
|
with lib;
|
||||||
|
{
|
||||||
options = {
|
options = {
|
||||||
xinCI = {
|
xinCI = {
|
||||||
enable = mkEnableOption "Configure host as a xin CI host.";
|
enable = mkEnableOption "Configure host as a xin CI host.";
|
||||||
@ -43,7 +45,9 @@ with lib; {
|
|||||||
config = mkIf config.xinCI.enable {
|
config = mkIf config.xinCI.enable {
|
||||||
sops.defaultSopsFile = config.xin-secrets.ci;
|
sops.defaultSopsFile = config.xin-secrets.ci;
|
||||||
sops.secrets = {
|
sops.secrets = {
|
||||||
po_env = { owner = config.xinCI.user; };
|
po_env = {
|
||||||
|
owner = config.xinCI.user;
|
||||||
|
};
|
||||||
ci_ed25519_key = {
|
ci_ed25519_key = {
|
||||||
mode = "400";
|
mode = "400";
|
||||||
owner = config.xinCI.user;
|
owner = config.xinCI.user;
|
||||||
@ -98,7 +102,11 @@ with lib; {
|
|||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
#settings.allowed-users = [ "root" config.xinCI.user "nix-serve" ];
|
#settings.allowed-users = [ "root" config.xinCI.user "nix-serve" ];
|
||||||
settings.allowed-users = [ "root" config.xinCI.user "harmonia" ];
|
settings.allowed-users = [
|
||||||
|
"root"
|
||||||
|
config.xinCI.user
|
||||||
|
"harmonia"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services = lib.listToAttrs (builtins.map xinlib.jobToService jobs);
|
systemd.services = lib.listToAttrs (builtins.map xinlib.jobToService jobs);
|
||||||
@ -111,10 +119,15 @@ with lib; {
|
|||||||
harmonia = {
|
harmonia = {
|
||||||
enable = true;
|
enable = true;
|
||||||
signKeyPath = config.sops.secrets.bin_cache_priv_key.path;
|
signKeyPath = config.sops.secrets.bin_cache_priv_key.path;
|
||||||
settings = { bind = "127.0.0.1:5000"; };
|
settings = {
|
||||||
|
bind = "127.0.0.1:5000";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.binfmt.emulatedSystems = [ "aarch64-linux" "armv6l-linux" ];
|
boot.binfmt.emulatedSystems = [
|
||||||
|
"aarch64-linux"
|
||||||
|
"armv6l-linux"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -1,8 +1,6 @@
|
|||||||
{ config
|
{ config, lib, ... }:
|
||||||
, lib
|
with lib;
|
||||||
, ...
|
{
|
||||||
}:
|
|
||||||
with lib; {
|
|
||||||
options = {
|
options = {
|
||||||
colemak = {
|
colemak = {
|
||||||
enable = mkOption {
|
enable = mkOption {
|
||||||
@ -15,7 +13,9 @@ with lib; {
|
|||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf config.colemak.enable {
|
config = mkIf config.colemak.enable {
|
||||||
console = { keyMap = "colemak"; };
|
console = {
|
||||||
|
keyMap = "colemak";
|
||||||
|
};
|
||||||
services.xserver = {
|
services.xserver = {
|
||||||
layout = "us";
|
layout = "us";
|
||||||
xkbVariant = "colemak";
|
xkbVariant = "colemak";
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
{ ... }: {
|
{ ... }:
|
||||||
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./alacritty.nix
|
./alacritty.nix
|
||||||
./ca.nix
|
./ca.nix
|
||||||
|
@ -1,8 +1,6 @@
|
|||||||
{ config
|
{ config, lib, ... }:
|
||||||
, lib
|
with lib;
|
||||||
, ...
|
{
|
||||||
}:
|
|
||||||
with lib; {
|
|
||||||
options = {
|
options = {
|
||||||
preDNS = {
|
preDNS = {
|
||||||
enable = mkOption {
|
enable = mkOption {
|
||||||
@ -21,7 +19,12 @@ with lib; {
|
|||||||
enable = true;
|
enable = true;
|
||||||
dnssec = "allow-downgrade";
|
dnssec = "allow-downgrade";
|
||||||
# TODO: Enable a toggle for ipv6
|
# TODO: Enable a toggle for ipv6
|
||||||
fallbackDns = [ "9.9.9.9" "2620:fe::fe" "149.112.112.112" "2620:fe::9" ];
|
fallbackDns = [
|
||||||
|
"9.9.9.9"
|
||||||
|
"2620:fe::fe"
|
||||||
|
"149.112.112.112"
|
||||||
|
"2620:fe::9"
|
||||||
|
];
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
[Resolve]
|
[Resolve]
|
||||||
DNS=45.90.28.0#8436c6.dns.nextdns.io
|
DNS=45.90.28.0#8436c6.dns.nextdns.io
|
||||||
|
@ -1,16 +1,14 @@
|
|||||||
{ config
|
{ config, lib, ... }:
|
||||||
, lib
|
with lib;
|
||||||
, ...
|
{
|
||||||
}:
|
|
||||||
with lib; {
|
|
||||||
options = {
|
options = {
|
||||||
doas = { enable = mkEnableOption "Enable doas for priv-escie"; };
|
doas = {
|
||||||
|
enable = mkEnableOption "Enable doas for priv-escie";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf config.doas.enable {
|
config = mkIf config.doas.enable {
|
||||||
nixpkgs.config.packageOverrides = pkgs: {
|
nixpkgs.config.packageOverrides = pkgs: { doas = pkgs.doas.override { withPAM = false; }; };
|
||||||
doas = pkgs.doas.override { withPAM = false; };
|
|
||||||
};
|
|
||||||
security = {
|
security = {
|
||||||
doas = {
|
doas = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -1,11 +1,12 @@
|
|||||||
{ runCommand
|
{
|
||||||
, emacsWithPackagesFromUsePackage
|
runCommand,
|
||||||
, pkgs
|
emacsWithPackagesFromUsePackage,
|
||||||
, makeWrapper
|
pkgs,
|
||||||
, writeTextDir
|
makeWrapper,
|
||||||
, emacs
|
writeTextDir,
|
||||||
, emacsPkg ? pkgs.emacs-gtk
|
emacs,
|
||||||
, ...
|
emacsPkg ? pkgs.emacs-gtk,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
# Generate a .el file from our emacs.org.
|
# Generate a .el file from our emacs.org.
|
||||||
@ -46,13 +47,18 @@ emacsWithPackagesFromUsePackage {
|
|||||||
alwaysEnsure = true;
|
alwaysEnsure = true;
|
||||||
alwaysTangle = true;
|
alwaysTangle = true;
|
||||||
|
|
||||||
package = emacsPkg.overrideAttrs (oa: {
|
package = emacsPkg.overrideAttrs (
|
||||||
nativeBuildInputs = oa.nativeBuildInputs ++ [ makeWrapper emacsConfig ];
|
oa: {
|
||||||
postInstall = ''
|
nativeBuildInputs = oa.nativeBuildInputs ++ [
|
||||||
${oa.postInstall}
|
makeWrapper
|
||||||
wrapProgram $out/bin/emacs \
|
emacsConfig
|
||||||
--prefix PATH : ${pkgs.lib.makeBinPath emacsDepList} \
|
];
|
||||||
--add-flags '--init-directory ${emacsInitDir}'
|
postInstall = ''
|
||||||
'';
|
${oa.postInstall}
|
||||||
});
|
wrapProgram $out/bin/emacs \
|
||||||
|
--prefix PATH : ${pkgs.lib.makeBinPath emacsDepList} \
|
||||||
|
--add-flags '--init-directory ${emacsInitDir}'
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
{ ... }: {
|
{ ... }:
|
||||||
|
{
|
||||||
programs = {
|
programs = {
|
||||||
firefox = {
|
firefox = {
|
||||||
enable = true;
|
enable = true;
|
||||||
@ -107,17 +108,12 @@
|
|||||||
|
|
||||||
"browser.aboutConfig.showWarning" = false;
|
"browser.aboutConfig.showWarning" = false;
|
||||||
"browser.contentblocking.category" = "strict";
|
"browser.contentblocking.category" = "strict";
|
||||||
"browser.newtabpage.activity-stream.feeds.recommendationprovider" =
|
"browser.newtabpage.activity-stream.feeds.recommendationprovider" = false;
|
||||||
false;
|
|
||||||
"browser.newtabpage.activity-stream.feeds.section.topstories" = false;
|
"browser.newtabpage.activity-stream.feeds.section.topstories" = false;
|
||||||
"browser.newtabpage.activity-stream.section.highlights.includeBookmarks" =
|
"browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false;
|
||||||
false;
|
"browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false;
|
||||||
"browser.newtabpage.activity-stream.section.highlights.includeDownloads" =
|
"browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
|
||||||
false;
|
"browser.newtabpage.activity-stream.section.highlights.includeVisited" = false;
|
||||||
"browser.newtabpage.activity-stream.section.highlights.includePocket" =
|
|
||||||
false;
|
|
||||||
"browser.newtabpage.activity-stream.section.highlights.includeVisited" =
|
|
||||||
false;
|
|
||||||
"browser.newtabpage.activity-stream.showSearch" = false;
|
"browser.newtabpage.activity-stream.showSearch" = false;
|
||||||
"browser.newtabpage.activity-stream.showSponsored" = false;
|
"browser.newtabpage.activity-stream.showSponsored" = false;
|
||||||
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
|
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
|
||||||
|
@ -1,20 +1,27 @@
|
|||||||
{ config, ... }:
|
{ config, ... }:
|
||||||
let
|
let
|
||||||
rewriteGitHub =
|
rewriteGitHub =
|
||||||
if config.networking.hostName != "stan"
|
if config.networking.hostName != "stan" then
|
||||||
then {
|
{
|
||||||
url = { "ssh://git@github.com/" = { insteadOf = "https://github.com/"; }; };
|
url = {
|
||||||
}
|
"ssh://git@github.com/" = {
|
||||||
else {
|
insteadOf = "https://github.com/";
|
||||||
url = { };
|
};
|
||||||
};
|
};
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{ url = { }; };
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
programs.git = {
|
programs.git = {
|
||||||
enable = true;
|
enable = true;
|
||||||
lfs.enable = true;
|
lfs.enable = true;
|
||||||
config = [
|
config = [
|
||||||
{ init = { defaultBranch = "main"; }; }
|
{
|
||||||
|
init = {
|
||||||
|
defaultBranch = "main";
|
||||||
|
};
|
||||||
|
}
|
||||||
{ advice.detachedHead = false; }
|
{ advice.detachedHead = false; }
|
||||||
{
|
{
|
||||||
user = {
|
user = {
|
||||||
@ -24,20 +31,35 @@ in
|
|||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
{ branch = { sort = "-committerdate"; }; }
|
{
|
||||||
|
branch = {
|
||||||
|
sort = "-committerdate";
|
||||||
|
};
|
||||||
|
}
|
||||||
{
|
{
|
||||||
alias = {
|
alias = {
|
||||||
log = "log --color=never";
|
log = "log --color=never";
|
||||||
diff = "diff --color=always";
|
diff = "diff --color=always";
|
||||||
pr = ''"!f() { git fetch-pr upstream $1; git checkout pr/$1; }; f"'';
|
pr = ''"!f() { git fetch-pr upstream $1; git checkout pr/$1; }; f"'';
|
||||||
fetch-pr = ''
|
fetch-pr = ''"!f() { git fetch $1 refs/pull/$2/head:refs/remotes/pr/$2; }; f"'';
|
||||||
"!f() { git fetch $1 refs/pull/$2/head:refs/remotes/pr/$2; }; f"'';
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
push = {
|
||||||
|
default = "current";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
{ push = { default = "current"; }; }
|
|
||||||
|
|
||||||
{ gpg = { format = "ssh"; }; }
|
{
|
||||||
{ commit = { gpgsign = true; }; }
|
gpg = {
|
||||||
|
format = "ssh";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
commit = {
|
||||||
|
gpgsign = true;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
{
|
{
|
||||||
color = {
|
color = {
|
||||||
@ -49,11 +71,27 @@ in
|
|||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
{ safe = { directory = "/home/qbit/src/nix-conf"; }; }
|
{
|
||||||
|
safe = {
|
||||||
|
directory = "/home/qbit/src/nix-conf";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
{ transfer = { fsckobjects = true; }; }
|
{
|
||||||
{ fetch = { fsckobjects = true; }; }
|
transfer = {
|
||||||
{ github = { user = "qbit"; }; }
|
fsckobjects = true;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
fetch = {
|
||||||
|
fsckobjects = true;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
github = {
|
||||||
|
user = "qbit";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
{ inherit (rewriteGitHub) url; }
|
{ inherit (rewriteGitHub) url; }
|
||||||
|
|
||||||
@ -69,8 +107,16 @@ in
|
|||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
{ pull = { rebase = false; }; }
|
{
|
||||||
{ include = { path = "~/work/git/gitconfig"; }; }
|
pull = {
|
||||||
|
rebase = false;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
include = {
|
||||||
|
path = "~/work/git/gitconfig";
|
||||||
|
};
|
||||||
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
{ lib, ... }:
|
{ lib, ... }:
|
||||||
with lib; {
|
with lib;
|
||||||
|
{
|
||||||
environment = {
|
environment = {
|
||||||
memoryAllocator.provider = mkDefault "libc";
|
memoryAllocator.provider = mkDefault "libc";
|
||||||
variables.SCUDO_OPTIONS = mkDefault "ZeroContents=1";
|
variables.SCUDO_OPTIONS = mkDefault "ZeroContents=1";
|
||||||
|
@ -1,7 +1,4 @@
|
|||||||
{ pkgs
|
{ pkgs, linkFarm, ... }:
|
||||||
, linkFarm
|
|
||||||
, ...
|
|
||||||
}:
|
|
||||||
let
|
let
|
||||||
tomlFmt = pkgs.formats.toml { };
|
tomlFmt = pkgs.formats.toml { };
|
||||||
helixBin = "${pkgs.helix}/bin/hx";
|
helixBin = "${pkgs.helix}/bin/hx";
|
||||||
@ -15,7 +12,9 @@ let
|
|||||||
normal = "block";
|
normal = "block";
|
||||||
select = "underline";
|
select = "underline";
|
||||||
};
|
};
|
||||||
lsp = { auto-signature-help = false; };
|
lsp = {
|
||||||
|
auto-signature-help = false;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -1,8 +1,9 @@
|
|||||||
{ config
|
{
|
||||||
, lib
|
config,
|
||||||
, pkgs
|
lib,
|
||||||
, inputs
|
pkgs,
|
||||||
, ...
|
inputs,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
microcaBin = "${pkgs.microca}/bin/microca";
|
microcaBin = "${pkgs.microca}/bin/microca";
|
||||||
@ -11,7 +12,8 @@ let
|
|||||||
${microcaBin} -ca-key /run/secrets/ca_key -ca-cert /run/secrets/ca_cert $@
|
${microcaBin} -ca-key /run/secrets/ca_key -ca-cert /run/secrets/ca_cert $@
|
||||||
'';
|
'';
|
||||||
in
|
in
|
||||||
with lib; {
|
with lib;
|
||||||
|
{
|
||||||
options = {
|
options = {
|
||||||
nixManager = {
|
nixManager = {
|
||||||
enable = mkEnableOption "Configure host as nix-conf manager.";
|
enable = mkEnableOption "Configure host as nix-conf manager.";
|
||||||
@ -30,13 +32,27 @@ with lib; {
|
|||||||
config = mkIf config.nixManager.enable {
|
config = mkIf config.nixManager.enable {
|
||||||
sops.defaultSopsFile = config.xin-secrets.manager;
|
sops.defaultSopsFile = config.xin-secrets.manager;
|
||||||
sops.secrets = {
|
sops.secrets = {
|
||||||
xin_status_key = { owner = config.nixManager.user; };
|
xin_status_key = {
|
||||||
xin_status_pubkey = { owner = config.nixManager.user; };
|
owner = config.nixManager.user;
|
||||||
manager_key = { owner = config.nixManager.user; };
|
};
|
||||||
manager_pubkey = { owner = config.nixManager.user; };
|
xin_status_pubkey = {
|
||||||
ca_key = { owner = config.nixManager.user; };
|
owner = config.nixManager.user;
|
||||||
ca_cert = { owner = config.nixManager.user; };
|
};
|
||||||
po_env = { owner = config.nixManager.user; };
|
manager_key = {
|
||||||
|
owner = config.nixManager.user;
|
||||||
|
};
|
||||||
|
manager_pubkey = {
|
||||||
|
owner = config.nixManager.user;
|
||||||
|
};
|
||||||
|
ca_key = {
|
||||||
|
owner = config.nixManager.user;
|
||||||
|
};
|
||||||
|
ca_cert = {
|
||||||
|
owner = config.nixManager.user;
|
||||||
|
};
|
||||||
|
po_env = {
|
||||||
|
owner = config.nixManager.user;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
|
@ -1,5 +1,9 @@
|
|||||||
{ pkgs, ... }: {
|
{ pkgs, ... }:
|
||||||
environment.systemPackages = with pkgs; [ neomutt urlview ];
|
{
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
neomutt
|
||||||
|
urlview
|
||||||
|
];
|
||||||
environment.etc."neomuttrc" = {
|
environment.etc."neomuttrc" = {
|
||||||
text = ''
|
text = ''
|
||||||
ignore *
|
ignore *
|
||||||
|
@ -26,7 +26,11 @@ let
|
|||||||
sha256 = "sha256-VIc5qgzqJjSv2A0v8tM25pWh+smX9DYXVsyFNTGMPbQ=";
|
sha256 = "sha256-VIc5qgzqJjSv2A0v8tM25pWh+smX9DYXVsyFNTGMPbQ=";
|
||||||
fetchSubmodules = true;
|
fetchSubmodules = true;
|
||||||
};
|
};
|
||||||
dependencies = with vimPlugins; [ nvim-cmp tabular plenary-nvim ];
|
dependencies = with vimPlugins; [
|
||||||
|
nvim-cmp
|
||||||
|
tabular
|
||||||
|
plenary-nvim
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
baseVimPackages = with vimPlugins; [
|
baseVimPackages = with vimPlugins; [
|
||||||
@ -96,7 +100,9 @@ in
|
|||||||
enable = true;
|
enable = true;
|
||||||
defaultEditor = true;
|
defaultEditor = true;
|
||||||
configure = {
|
configure = {
|
||||||
packages.myVimPackage = { start = myVimPackages; };
|
packages.myVimPackage = {
|
||||||
|
start = myVimPackages;
|
||||||
|
};
|
||||||
customRC = ''
|
customRC = ''
|
||||||
" Restore cursor position
|
" Restore cursor position
|
||||||
autocmd BufReadPost *
|
autocmd BufReadPost *
|
||||||
|
@ -1,9 +1,11 @@
|
|||||||
{ config
|
{
|
||||||
, lib
|
config,
|
||||||
, pkgs
|
lib,
|
||||||
, ...
|
pkgs,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
with lib; {
|
with lib;
|
||||||
|
{
|
||||||
options = {
|
options = {
|
||||||
zerotier = {
|
zerotier = {
|
||||||
enable = mkOption {
|
enable = mkOption {
|
||||||
@ -31,7 +33,11 @@ with lib; {
|
|||||||
|
|
||||||
config = mkMerge [
|
config = mkMerge [
|
||||||
(mkIf config.tailscale.enable {
|
(mkIf config.tailscale.enable {
|
||||||
services = { tailscale = { enable = mkDefault true; }; };
|
services = {
|
||||||
|
tailscale = {
|
||||||
|
enable = mkDefault true;
|
||||||
|
};
|
||||||
|
};
|
||||||
systemd.services.tailscaled.serviceConfig.Environment = [ "TS_NO_LOGS_NO_SUPPORT=true" ];
|
systemd.services.tailscaled.serviceConfig.Environment = [ "TS_NO_LOGS_NO_SUPPORT=true" ];
|
||||||
networking.firewall.checkReversePath = mkDefault "loose";
|
networking.firewall.checkReversePath = mkDefault "loose";
|
||||||
})
|
})
|
||||||
|
@ -15,7 +15,10 @@
|
|||||||
settings = {
|
settings = {
|
||||||
sandbox = true;
|
sandbox = true;
|
||||||
trusted-users = [ "@wheel" ];
|
trusted-users = [ "@wheel" ];
|
||||||
allowed-users = [ "root" "qbit" ];
|
allowed-users = [
|
||||||
|
"root"
|
||||||
|
"qbit"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -1,9 +1,11 @@
|
|||||||
{ config
|
{
|
||||||
, lib
|
config,
|
||||||
, pkgs
|
lib,
|
||||||
, ...
|
pkgs,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
with lib; {
|
with lib;
|
||||||
|
{
|
||||||
options = {
|
options = {
|
||||||
tsPeerix = {
|
tsPeerix = {
|
||||||
enable = mkOption {
|
enable = mkOption {
|
||||||
@ -27,7 +29,9 @@ with lib; {
|
|||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf config.tsPeerix.enable {
|
config = mkIf config.tsPeerix.enable {
|
||||||
users.groups.peerix = { name = "peerix"; };
|
users.groups.peerix = {
|
||||||
|
name = "peerix";
|
||||||
|
};
|
||||||
users.users.peerix = {
|
users.users.peerix = {
|
||||||
name = "peerix";
|
name = "peerix";
|
||||||
group = "peerix";
|
group = "peerix";
|
||||||
@ -54,14 +58,18 @@ with lib; {
|
|||||||
|
|
||||||
environment.systemPackages = [ pkgs.zerotierone ];
|
environment.systemPackages = [ pkgs.zerotierone ];
|
||||||
|
|
||||||
networking.firewall.interfaces = listToAttrs (flatten (map
|
networking.firewall.interfaces = listToAttrs (
|
||||||
(i: {
|
flatten (
|
||||||
name = i;
|
map
|
||||||
value = {
|
(i: {
|
||||||
allowedUDPPorts = [ 12304 ];
|
name = i;
|
||||||
allowedTCPPorts = [ 12304 ];
|
value = {
|
||||||
};
|
allowedUDPPorts = [ 12304 ];
|
||||||
})
|
allowedTCPPorts = [ 12304 ];
|
||||||
config.tsPeerix.interfaces));
|
};
|
||||||
|
})
|
||||||
|
config.tsPeerix.interfaces
|
||||||
|
)
|
||||||
|
);
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -120,6 +120,8 @@ in
|
|||||||
"xdg/polybar/config.ini".text = builtins.readFile settingsFile;
|
"xdg/polybar/config.ini".text = builtins.readFile settingsFile;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
fonts = { packages = [ pkgs.go-font ]; };
|
fonts = {
|
||||||
|
packages = [ pkgs.go-font ];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
154
configs/smug.nix
154
configs/smug.nix
@ -7,83 +7,87 @@ in
|
|||||||
programs.zsh.promptInit = ''
|
programs.zsh.promptInit = ''
|
||||||
alias tstart='smug -f /etc/smug/main.yml start';
|
alias tstart='smug -f /etc/smug/main.yml start';
|
||||||
alias cistart='smug -f /etc/smug/ci.yml start';
|
alias cistart='smug -f /etc/smug/ci.yml start';
|
||||||
|
alias nomad='smug -f /etc/smug/nomad.yml start';
|
||||||
'';
|
'';
|
||||||
environment = {
|
environment = {
|
||||||
systemPackages = with pkgs; [
|
systemPackages = with pkgs; [ smug ];
|
||||||
smug
|
etc."smug/nomad.yml".text = builtins.readFile (
|
||||||
];
|
tmuxFormat.generate "nomad.yml" {
|
||||||
etc."smug/ci.yml".text = builtins.readFile (tmuxFormat.generate "ci.yml" {
|
session = "nomad";
|
||||||
session = "CI";
|
root = "~/";
|
||||||
root = "~/";
|
windows = [
|
||||||
windows = [
|
{
|
||||||
{
|
name = "rnsd";
|
||||||
name = "CI Status";
|
layout = "even-vertical";
|
||||||
layout = "even-vertical";
|
root = "~/reticulum";
|
||||||
commands = [
|
commands = [ "./bin/rnsd" ];
|
||||||
"journalctl -xef -u xin-ci-update.service"
|
}
|
||||||
];
|
{
|
||||||
panes = [
|
name = "NomadNet";
|
||||||
{
|
root = "~/reticulum";
|
||||||
type = "even-vertical";
|
commands = [ "./bin/nomadnet" ];
|
||||||
commands = [ "journalctl -xef -u xin-ci.service" ];
|
}
|
||||||
}
|
];
|
||||||
];
|
}
|
||||||
}
|
);
|
||||||
{
|
etc."smug/ci.yml".text = builtins.readFile (
|
||||||
name = "btop";
|
tmuxFormat.generate "ci.yml" {
|
||||||
commands = [
|
session = "CI";
|
||||||
"btop"
|
root = "~/";
|
||||||
];
|
windows = [
|
||||||
}
|
{
|
||||||
];
|
name = "CI Status";
|
||||||
});
|
layout = "even-vertical";
|
||||||
etc."smug/main.yml".text = builtins.readFile (tmuxFormat.generate "main.yml" {
|
commands = [ "journalctl -xef -u xin-ci-update.service" ];
|
||||||
session = "Main";
|
panes = [
|
||||||
root = "~/";
|
{
|
||||||
before_start = [
|
type = "even-vertical";
|
||||||
"ssh-add"
|
commands = [ "journalctl -xef -u xin-ci.service" ];
|
||||||
];
|
}
|
||||||
windows = [
|
];
|
||||||
{
|
}
|
||||||
name = "Status";
|
{
|
||||||
commands = [
|
name = "btop";
|
||||||
"while true; do ssh -4 anonicb@slackers.openbsd.org; sleep 300; done"
|
commands = [ "btop" ];
|
||||||
];
|
}
|
||||||
panes = [
|
];
|
||||||
{
|
}
|
||||||
commands = [ "mosh pwntie 'smug -f /etc/smug/ci.yml start'" ];
|
);
|
||||||
}
|
etc."smug/main.yml".text = builtins.readFile (
|
||||||
];
|
tmuxFormat.generate "main.yml" {
|
||||||
}
|
session = "Main";
|
||||||
{
|
root = "~/";
|
||||||
name = "Barrier";
|
before_start = [ "ssh-add" ];
|
||||||
commands = [
|
windows = [
|
||||||
"barriers -a 127.0.0.1 -f --disable-crypto"
|
{
|
||||||
];
|
name = "Status";
|
||||||
panes = [
|
commands = [ "while true; do ssh -4 anonicb@slackers.openbsd.org; sleep 300; done" ];
|
||||||
{
|
panes = [ { commands = [ "mosh pwntie 'smug -f /etc/smug/ci.yml start'" ]; } ];
|
||||||
commands = [ "ssh stan" ];
|
}
|
||||||
}
|
{
|
||||||
];
|
name = "Barrier";
|
||||||
}
|
commands = [ "barriers -a 127.0.0.1 -f --disable-crypto" ];
|
||||||
{
|
panes = [ { commands = [ "ssh stan" ]; } ];
|
||||||
name = "Xin";
|
}
|
||||||
root = "src/xin";
|
{
|
||||||
}
|
name = "Xin";
|
||||||
{
|
root = "src/xin";
|
||||||
name = "Lab";
|
}
|
||||||
root = "src/biltong";
|
{
|
||||||
}
|
name = "Lab";
|
||||||
{
|
root = "src/biltong";
|
||||||
name = "NixPkgs";
|
}
|
||||||
root = "src/nixpkgs";
|
{
|
||||||
}
|
name = "NixPkgs";
|
||||||
{
|
root = "src/nixpkgs";
|
||||||
name = "NomadNet";
|
}
|
||||||
root = "reticulum";
|
{
|
||||||
}
|
name = "NomadNet";
|
||||||
];
|
root = "reticulum";
|
||||||
});
|
}
|
||||||
|
];
|
||||||
|
}
|
||||||
|
);
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -1,9 +1,10 @@
|
|||||||
{ config
|
{
|
||||||
, pkgs
|
config,
|
||||||
, lib
|
pkgs,
|
||||||
, inputs
|
lib,
|
||||||
, xinlib
|
inputs,
|
||||||
, ...
|
xinlib,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
tailnetACLs =
|
tailnetACLs =
|
||||||
@ -44,8 +45,16 @@ let
|
|||||||
}
|
}
|
||||||
{
|
{
|
||||||
action = "accept";
|
action = "accept";
|
||||||
src = [ "tag:minservice" "tag:sshonly" ];
|
src = [
|
||||||
dst = [ "*:22" "box:3030" "nbc:443" "console:2222" ];
|
"tag:minservice"
|
||||||
|
"tag:sshonly"
|
||||||
|
];
|
||||||
|
dst = [
|
||||||
|
"*:22"
|
||||||
|
"box:3030"
|
||||||
|
"nbc:443"
|
||||||
|
"console:2222"
|
||||||
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
action = "accept";
|
action = "accept";
|
||||||
@ -90,7 +99,8 @@ let
|
|||||||
];
|
];
|
||||||
enabled = config.nixManager.enable;
|
enabled = config.nixManager.enable;
|
||||||
in
|
in
|
||||||
with lib; {
|
with lib;
|
||||||
|
{
|
||||||
sops.secrets = mkIf enabled {
|
sops.secrets = mkIf enabled {
|
||||||
tailnet_acl_manager = {
|
tailnet_acl_manager = {
|
||||||
owner = config.nixManager.user;
|
owner = config.nixManager.user;
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
{ ... }: {
|
{ ... }:
|
||||||
|
{
|
||||||
programs.tmux = {
|
programs.tmux = {
|
||||||
enable = true;
|
enable = true;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
|
@ -1,8 +1,6 @@
|
|||||||
{ config
|
{ config, lib, ... }:
|
||||||
, lib
|
with lib;
|
||||||
, ...
|
{
|
||||||
}:
|
|
||||||
with lib; {
|
|
||||||
options = {
|
options = {
|
||||||
autoUpdate = {
|
autoUpdate = {
|
||||||
enable = mkOption {
|
enable = mkOption {
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
{ ... }: {
|
{ ... }:
|
||||||
|
{
|
||||||
config = {
|
config = {
|
||||||
programs.zsh.interactiveShellInit = ''
|
programs.zsh.interactiveShellInit = ''
|
||||||
export NO_COLOR=1
|
export NO_COLOR=1
|
||||||
|
@ -1,16 +1,20 @@
|
|||||||
{ config
|
{ config, lib, ... }:
|
||||||
, lib
|
with lib;
|
||||||
, ...
|
{
|
||||||
}:
|
|
||||||
with lib; {
|
|
||||||
options = {
|
options = {
|
||||||
buildConsumer = { enable = mkEnableOption "Use remote build machines"; };
|
buildConsumer = {
|
||||||
|
enable = mkEnableOption "Use remote build machines";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf config.buildConsumer.enable {
|
config = mkIf config.buildConsumer.enable {
|
||||||
programs.ssh.knownHosts = {
|
programs.ssh.knownHosts = {
|
||||||
pcake = {
|
pcake = {
|
||||||
hostNames = [ "pcake" "pcake.tapenet.org" "10.6.0.202" ];
|
hostNames = [
|
||||||
|
"pcake"
|
||||||
|
"pcake.tapenet.org"
|
||||||
|
"10.6.0.202"
|
||||||
|
];
|
||||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHgqVw3QWNG6Ty5o2HwW+25Eh59W3lZ30+wMqTEkUZVH";
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHgqVw3QWNG6Ty5o2HwW+25Eh59W3lZ30+wMqTEkUZVH";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@ -24,10 +28,18 @@ with lib; {
|
|||||||
buildMachines = [
|
buildMachines = [
|
||||||
{
|
{
|
||||||
hostName = "pcake";
|
hostName = "pcake";
|
||||||
systems = [ "x86_64-linux" "aarch64-linux" ];
|
systems = [
|
||||||
|
"x86_64-linux"
|
||||||
|
"aarch64-linux"
|
||||||
|
];
|
||||||
maxJobs = 2;
|
maxJobs = 2;
|
||||||
speedFactor = 4;
|
speedFactor = 4;
|
||||||
supportedFeatures = [ "kvm" "big-parallel" "nixos-test" "benchmark" ];
|
supportedFeatures = [
|
||||||
|
"kvm"
|
||||||
|
"big-parallel"
|
||||||
|
"nixos-test"
|
||||||
|
"benchmark"
|
||||||
|
];
|
||||||
mandatoryFeatures = [ ];
|
mandatoryFeatures = [ ];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
@ -1,8 +1,6 @@
|
|||||||
{ config
|
{ config, lib, ... }:
|
||||||
, lib
|
with lib;
|
||||||
, ...
|
{
|
||||||
}:
|
|
||||||
with lib; {
|
|
||||||
options = {
|
options = {
|
||||||
buildServer = {
|
buildServer = {
|
||||||
enable = mkEnableOption "Server will be used as part of the build infra";
|
enable = mkEnableOption "Server will be used as part of the build infra";
|
||||||
|
@ -1 +1,7 @@
|
|||||||
{ ... }: { imports = [ ./build-consumer.nix ./build-server.nix ]; }
|
{ ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./build-consumer.nix
|
||||||
|
./build-server.nix
|
||||||
|
];
|
||||||
|
}
|
||||||
|
75
default.nix
75
default.nix
@ -1,10 +1,11 @@
|
|||||||
{ config
|
{
|
||||||
, lib
|
config,
|
||||||
, options
|
lib,
|
||||||
, pkgs
|
options,
|
||||||
, xinlib
|
pkgs,
|
||||||
, isUnstable
|
xinlib,
|
||||||
, ...
|
isUnstable,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
inherit (xinlib) todo;
|
inherit (xinlib) todo;
|
||||||
@ -35,14 +36,16 @@ in
|
|||||||
./bins
|
./bins
|
||||||
];
|
];
|
||||||
|
|
||||||
disabledModules = [
|
disabledModules = [ "services/web-apps/gotosocial.nix" ];
|
||||||
"services/web-apps/gotosocial.nix"
|
|
||||||
];
|
|
||||||
|
|
||||||
options.myconf = {
|
options.myconf = {
|
||||||
managementPubKeys = lib.mkOption rec {
|
managementPubKeys = lib.mkOption rec {
|
||||||
type = lib.types.listOf lib.types.str;
|
type = lib.types.listOf lib.types.str;
|
||||||
default = [ managementKey statusKey breakGlassKey ];
|
default = [
|
||||||
|
managementKey
|
||||||
|
statusKey
|
||||||
|
breakGlassKey
|
||||||
|
];
|
||||||
example = default;
|
example = default;
|
||||||
description = "List of management public keys to use";
|
description = "List of management public keys to use";
|
||||||
};
|
};
|
||||||
@ -127,7 +130,9 @@ in
|
|||||||
'';
|
'';
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
loader = { systemd-boot.configurationLimit = 15; };
|
loader = {
|
||||||
|
systemd-boot.configurationLimit = 15;
|
||||||
|
};
|
||||||
kernelPackages = lib.mkDefault pkgs.linuxPackages_hardened;
|
kernelPackages = lib.mkDefault pkgs.linuxPackages_hardened;
|
||||||
kernel.sysctl = {
|
kernel.sysctl = {
|
||||||
"net.ipv4.tcp_keepalive_time" = 60;
|
"net.ipv4.tcp_keepalive_time" = 60;
|
||||||
@ -138,23 +143,27 @@ in
|
|||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
settings =
|
settings =
|
||||||
if config.xinCI.enable
|
if config.xinCI.enable then
|
||||||
then { }
|
{ }
|
||||||
else {
|
else
|
||||||
substituters = lib.mkForce [
|
{
|
||||||
"https://cache.nixos.org"
|
substituters = lib.mkForce [
|
||||||
"https://nix-binary-cache.otter-alligator.ts.net/"
|
"https://cache.nixos.org"
|
||||||
];
|
"https://nix-binary-cache.otter-alligator.ts.net/"
|
||||||
trusted-public-keys = [
|
];
|
||||||
"nix-binary-cache.otter-alligator.ts.net:XzgdqR79WNOzcvSHlgh4FDeFNUYR8U2m9dZGI7whuco="
|
trusted-public-keys = [
|
||||||
"nix-binary-cache.humpback-trout.ts.net:e9fJhcRtNVp6miW2pffFyK/gZ2et4y6IDigBNrEsAa0="
|
"nix-binary-cache.otter-alligator.ts.net:XzgdqR79WNOzcvSHlgh4FDeFNUYR8U2m9dZGI7whuco="
|
||||||
];
|
"nix-binary-cache.humpback-trout.ts.net:e9fJhcRtNVp6miW2pffFyK/gZ2et4y6IDigBNrEsAa0="
|
||||||
};
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
environment = {
|
environment = {
|
||||||
etc."ssh/ca.pub" = { text = caPubKeys; };
|
etc."ssh/ca.pub" = {
|
||||||
systemPackages = with pkgs;
|
text = caPubKeys;
|
||||||
|
};
|
||||||
|
systemPackages =
|
||||||
|
with pkgs;
|
||||||
[
|
[
|
||||||
age
|
age
|
||||||
apg
|
apg
|
||||||
@ -179,11 +188,7 @@ in
|
|||||||
taskwarrior
|
taskwarrior
|
||||||
tmux
|
tmux
|
||||||
]
|
]
|
||||||
++ (
|
++ (if isUnstable then [ nil ] else [ ]);
|
||||||
if isUnstable
|
|
||||||
then [ nil ]
|
|
||||||
else [ ]
|
|
||||||
);
|
|
||||||
|
|
||||||
interactiveShellInit = ''
|
interactiveShellInit = ''
|
||||||
alias vi=nvim
|
alias vi=nvim
|
||||||
@ -221,8 +226,7 @@ in
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.logrotate.checkConfig =
|
services.logrotate.checkConfig = todo "logrotate.checkConfig disabled: https://github.com/NixOS/nix/issues/8502" false;
|
||||||
todo "logrotate.checkConfig disabled: https://github.com/NixOS/nix/issues/8502" false;
|
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
openssh = {
|
openssh = {
|
||||||
@ -233,7 +237,10 @@ in
|
|||||||
settings = {
|
settings = {
|
||||||
PermitRootLogin = "prohibit-password";
|
PermitRootLogin = "prohibit-password";
|
||||||
PasswordAuthentication = false;
|
PasswordAuthentication = false;
|
||||||
KexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
|
KexAlgorithms = [
|
||||||
|
"curve25519-sha256"
|
||||||
|
"curve25519-sha256@libssh.org"
|
||||||
|
];
|
||||||
Macs = [
|
Macs = [
|
||||||
"hmac-sha2-512-etm@openssh.com"
|
"hmac-sha2-512-etm@openssh.com"
|
||||||
"hmac-sha2-256-etm@openssh.com"
|
"hmac-sha2-256-etm@openssh.com"
|
||||||
|
184
flake.nix
184
flake.nix
@ -104,41 +104,46 @@
|
|||||||
};
|
};
|
||||||
|
|
||||||
outputs =
|
outputs =
|
||||||
{ self
|
{
|
||||||
, darwin
|
self,
|
||||||
, gostart
|
darwin,
|
||||||
, peerix
|
gostart,
|
||||||
, po
|
peerix,
|
||||||
, pots
|
po,
|
||||||
, pr-status
|
pots,
|
||||||
, stable
|
pr-status,
|
||||||
, tsRevProx
|
stable,
|
||||||
, traygent
|
tsRevProx,
|
||||||
, tsvnstat
|
traygent,
|
||||||
, unstable
|
tsvnstat,
|
||||||
, unstableSmall
|
unstable,
|
||||||
, xin-secrets
|
unstableSmall,
|
||||||
, xintray
|
xin-secrets,
|
||||||
, simple-nixos-mailserver
|
xintray,
|
||||||
, nixos-hardware
|
simple-nixos-mailserver,
|
||||||
, beyt
|
nixos-hardware,
|
||||||
, ...
|
beyt,
|
||||||
} @ inputs:
|
...
|
||||||
|
}@inputs:
|
||||||
let
|
let
|
||||||
xinlib = import ./lib { inherit (unstable) lib; };
|
xinlib = import ./lib { inherit (unstable) lib; };
|
||||||
supportedSystems = [ "x86_64-linux" ];
|
supportedSystems = [ "x86_64-linux" ];
|
||||||
#[ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
|
#[ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
|
||||||
forAllSystems = unstable.lib.genAttrs supportedSystems;
|
forAllSystems = unstable.lib.genAttrs supportedSystems;
|
||||||
unstablePkgsFor = forAllSystems (system:
|
unstablePkgsFor = forAllSystems (
|
||||||
|
system:
|
||||||
import unstable {
|
import unstable {
|
||||||
inherit system;
|
inherit system;
|
||||||
#imports = [ ./overlays ];
|
#imports = [ ./overlays ];
|
||||||
});
|
}
|
||||||
stablePkgsFor = forAllSystems (system:
|
);
|
||||||
|
stablePkgsFor = forAllSystems (
|
||||||
|
system:
|
||||||
import stable {
|
import stable {
|
||||||
inherit system;
|
inherit system;
|
||||||
#imports = [ ./overlays ];
|
#imports = [ ./overlays ];
|
||||||
});
|
}
|
||||||
|
);
|
||||||
hostBase = {
|
hostBase = {
|
||||||
modules = [
|
modules = [
|
||||||
# Common config stuffs
|
# Common config stuffs
|
||||||
@ -162,7 +167,8 @@
|
|||||||
inputs.tsRevProx.overlay
|
inputs.tsRevProx.overlay
|
||||||
];
|
];
|
||||||
|
|
||||||
buildSys = sys: sysBase: extraMods: name:
|
buildSys =
|
||||||
|
sys: sysBase: extraMods: name:
|
||||||
sysBase.lib.nixosSystem {
|
sysBase.lib.nixosSystem {
|
||||||
system = sys;
|
system = sys;
|
||||||
specialArgs = {
|
specialArgs = {
|
||||||
@ -184,8 +190,11 @@
|
|||||||
};
|
};
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
++ [ (xinlib.buildVer self) (./. + "/hosts/${name}") ]
|
++ [
|
||||||
++ [{ nixpkgs.overlays = overlays; }];
|
(xinlib.buildVer self)
|
||||||
|
(./. + "/hosts/${name}")
|
||||||
|
]
|
||||||
|
++ [ { nixpkgs.overlays = overlays; } ];
|
||||||
};
|
};
|
||||||
lpkgs = unstable.legacyPackages.x86_64-linux;
|
lpkgs = unstable.legacyPackages.x86_64-linux;
|
||||||
darwinPkgs = unstableSmall.legacyPackages.aarch64-darwin;
|
darwinPkgs = unstableSmall.legacyPackages.aarch64-darwin;
|
||||||
@ -194,7 +203,9 @@
|
|||||||
darwinConfigurations = {
|
darwinConfigurations = {
|
||||||
plq = darwin.lib.darwinSystem {
|
plq = darwin.lib.darwinSystem {
|
||||||
system = "aarch64-darwin";
|
system = "aarch64-darwin";
|
||||||
specialArgs = { inherit xinlib; };
|
specialArgs = {
|
||||||
|
inherit xinlib;
|
||||||
|
};
|
||||||
modules = [
|
modules = [
|
||||||
xin-secrets.nixosModules.sops
|
xin-secrets.nixosModules.sops
|
||||||
./overlays
|
./overlays
|
||||||
@ -223,34 +234,37 @@
|
|||||||
stableList.nixpkgs.overlays ++ unstableList.nixpkgs.overlays;
|
stableList.nixpkgs.overlays ++ unstableList.nixpkgs.overlays;
|
||||||
};
|
};
|
||||||
|
|
||||||
formatter.x86_64-linux = stable.legacyPackages.x86_64-linux.nixpkgs-fmt;
|
formatter.x86_64-linux = unstable.legacyPackages.x86_64-linux.nixfmt-rfc-style;
|
||||||
formatter.aarch64-darwin = stable.legacyPackages.aarch64-darwin.nixpkgs-fmt;
|
formatter.aarch64-darwin = unstable.legacyPackages.aarch64-darwin.nixfmt-rfc-style;
|
||||||
|
|
||||||
devShells.x86_64-linux.default = xinlib.buildShell lpkgs;
|
devShells.x86_64-linux.default = xinlib.buildShell lpkgs;
|
||||||
devShells.aarch64-darwin.default = xinlib.buildShell darwinPkgs;
|
devShells.aarch64-darwin.default = xinlib.buildShell darwinPkgs;
|
||||||
|
|
||||||
nixosConfigurations = {
|
nixosConfigurations = {
|
||||||
europa = buildSys "x86_64-linux" unstable [
|
europa =
|
||||||
nixos-hardware.nixosModules.framework-11th-gen-intel
|
buildSys "x86_64-linux" unstable [ nixos-hardware.nixosModules.framework-11th-gen-intel ]
|
||||||
] "europa";
|
"europa";
|
||||||
clunk = buildSys "x86_64-linux" unstable [ ] "clunk";
|
clunk = buildSys "x86_64-linux" unstable [ ] "clunk";
|
||||||
orcim = buildSys "x86_64-linux" unstable [ ] "orcim";
|
orcim = buildSys "x86_64-linux" unstable [ ] "orcim";
|
||||||
pwntie = buildSys "x86_64-linux" stable [ ] "pwntie";
|
pwntie = buildSys "x86_64-linux" stable [ ] "pwntie";
|
||||||
stan = buildSys "x86_64-linux" unstable [
|
stan =
|
||||||
nixos-hardware.nixosModules.framework-11th-gen-intel
|
buildSys "x86_64-linux" unstable [ nixos-hardware.nixosModules.framework-11th-gen-intel ]
|
||||||
] "stan";
|
"stan";
|
||||||
weather = buildSys "aarch64-linux" stable [ ] "weather";
|
weather = buildSys "aarch64-linux" stable [ ] "weather";
|
||||||
octo = buildSys "aarch64-linux" stable [ ] "octo";
|
octo = buildSys "aarch64-linux" stable [ ] "octo";
|
||||||
|
|
||||||
faf = buildSys "x86_64-linux" stable [ ./configs/hardened.nix ] "faf";
|
faf = buildSys "x86_64-linux" stable [ ./configs/hardened.nix ] "faf";
|
||||||
box = buildSys "x86_64-linux" unstable [ ./configs/hardened.nix ] "box";
|
box = buildSys "x86_64-linux" unstable [ ./configs/hardened.nix ] "box";
|
||||||
h = buildSys "x86_64-linux" stable [
|
h =
|
||||||
./configs/hardened.nix
|
buildSys "x86_64-linux" stable
|
||||||
gostart.nixosModule
|
[
|
||||||
pots.nixosModule
|
./configs/hardened.nix
|
||||||
pr-status.nixosModule
|
gostart.nixosModule
|
||||||
simple-nixos-mailserver.nixosModule
|
pots.nixosModule
|
||||||
] "h";
|
pr-status.nixosModule
|
||||||
|
simple-nixos-mailserver.nixosModule
|
||||||
|
]
|
||||||
|
"h";
|
||||||
#router =
|
#router =
|
||||||
# buildSys "x86_64-linux" stable [ ./configs/hardened.nix ] "router";
|
# buildSys "x86_64-linux" stable [ ./configs/hardened.nix ] "router";
|
||||||
|
|
||||||
@ -294,14 +308,14 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
packages = forAllSystems (system:
|
packages = forAllSystems (
|
||||||
|
system:
|
||||||
let
|
let
|
||||||
upkgs = unstablePkgsFor.${system};
|
upkgs = unstablePkgsFor.${system};
|
||||||
spkgs = stablePkgsFor.${system};
|
spkgs = stablePkgsFor.${system};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
ada_language_server =
|
ada_language_server = spkgs.callPackage ./pkgs/ada_language_server.nix { inherit spkgs; };
|
||||||
spkgs.callPackage ./pkgs/ada_language_server.nix { inherit spkgs; };
|
|
||||||
alire = spkgs.callPackage ./pkgs/alire.nix { inherit spkgs; };
|
alire = spkgs.callPackage ./pkgs/alire.nix { inherit spkgs; };
|
||||||
bearclaw = spkgs.callPackage ./pkgs/bearclaw.nix { inherit spkgs; };
|
bearclaw = spkgs.callPackage ./pkgs/bearclaw.nix { inherit spkgs; };
|
||||||
rtlamr = spkgs.callPackage ./pkgs/rtlamr.nix { inherit spkgs; };
|
rtlamr = spkgs.callPackage ./pkgs/rtlamr.nix { inherit spkgs; };
|
||||||
@ -309,9 +323,7 @@
|
|||||||
inherit spkgs;
|
inherit spkgs;
|
||||||
isUnstable = true;
|
isUnstable = true;
|
||||||
};
|
};
|
||||||
himitsu = upkgs.callPackage ./pkgs/himitsu.nix {
|
himitsu = upkgs.callPackage ./pkgs/himitsu.nix { inherit upkgs; };
|
||||||
inherit upkgs;
|
|
||||||
};
|
|
||||||
icbirc = spkgs.callPackage ./pkgs/icbirc.nix {
|
icbirc = spkgs.callPackage ./pkgs/icbirc.nix {
|
||||||
inherit spkgs;
|
inherit spkgs;
|
||||||
isUnstable = true;
|
isUnstable = true;
|
||||||
@ -319,52 +331,32 @@
|
|||||||
femtolisp = upkgs.callPackage ./pkgs/femtolisp.nix { };
|
femtolisp = upkgs.callPackage ./pkgs/femtolisp.nix { };
|
||||||
ttfs = upkgs.callPackage ./pkgs/ttfs.nix { };
|
ttfs = upkgs.callPackage ./pkgs/ttfs.nix { };
|
||||||
fyne = upkgs.callPackage ./pkgs/fyne.nix { inherit upkgs; };
|
fyne = upkgs.callPackage ./pkgs/fyne.nix { inherit upkgs; };
|
||||||
flake-warn =
|
flake-warn = spkgs.callPackage ./pkgs/flake-warn.nix { inherit spkgs; };
|
||||||
spkgs.callPackage ./pkgs/flake-warn.nix { inherit spkgs; };
|
|
||||||
#kurinto = spkgs.callPackage ./pkgs/kurinto.nix {};
|
#kurinto = spkgs.callPackage ./pkgs/kurinto.nix {};
|
||||||
mcchunkie = spkgs.callPackage ./pkgs/mcchunkie.nix { inherit spkgs; };
|
mcchunkie = spkgs.callPackage ./pkgs/mcchunkie.nix { inherit spkgs; };
|
||||||
yaegi = spkgs.callPackage ./pkgs/yaegi.nix { inherit spkgs; };
|
yaegi = spkgs.callPackage ./pkgs/yaegi.nix { inherit spkgs; };
|
||||||
gen-patches =
|
gen-patches = spkgs.callPackage ./bins/gen-patches.nix { inherit spkgs; };
|
||||||
spkgs.callPackage ./bins/gen-patches.nix { inherit spkgs; };
|
|
||||||
yarr = spkgs.callPackage ./pkgs/yarr.nix {
|
yarr = spkgs.callPackage ./pkgs/yarr.nix {
|
||||||
inherit spkgs;
|
inherit spkgs;
|
||||||
isUnstable = true;
|
isUnstable = true;
|
||||||
};
|
};
|
||||||
precursorupdater = spkgs.python3Packages.callPackage ./pkgs/precursorupdater.nix {
|
precursorupdater = spkgs.python3Packages.callPackage ./pkgs/precursorupdater.nix { inherit spkgs; };
|
||||||
inherit spkgs;
|
rtlamr2mqtt = spkgs.python3Packages.callPackage ./pkgs/rtlamr2mqtt.nix { inherit spkgs; };
|
||||||
};
|
kobuddy = upkgs.python3Packages.callPackage ./pkgs/kobuddy.nix { inherit upkgs; };
|
||||||
rtlamr2mqtt = spkgs.python3Packages.callPackage ./pkgs/rtlamr2mqtt.nix {
|
|
||||||
inherit spkgs;
|
|
||||||
};
|
|
||||||
kobuddy = upkgs.python3Packages.callPackage ./pkgs/kobuddy.nix {
|
|
||||||
inherit upkgs;
|
|
||||||
};
|
|
||||||
bandcamp-downloader = upkgs.python3Packages.callPackage ./pkgs/bandcamp-downloader.nix {
|
bandcamp-downloader = upkgs.python3Packages.callPackage ./pkgs/bandcamp-downloader.nix {
|
||||||
inherit upkgs;
|
inherit upkgs;
|
||||||
};
|
};
|
||||||
ghexport = upkgs.python3Packages.callPackage ./pkgs/ghexport.nix {
|
ghexport = upkgs.python3Packages.callPackage ./pkgs/ghexport.nix { inherit upkgs; };
|
||||||
inherit upkgs;
|
hpi = upkgs.python3Packages.callPackage ./pkgs/hpi.nix { inherit upkgs; };
|
||||||
};
|
openevse = upkgs.python3Packages.callPackage ./pkgs/openevse.nix { inherit upkgs; };
|
||||||
hpi =
|
promnesia = upkgs.python3Packages.callPackage ./pkgs/promnesia.nix { inherit upkgs; };
|
||||||
upkgs.python3Packages.callPackage ./pkgs/hpi.nix { inherit upkgs; };
|
sliding-sync = spkgs.callPackage ./pkgs/sliding-sync.nix { inherit spkgs; };
|
||||||
openevse =
|
|
||||||
upkgs.python3Packages.callPackage ./pkgs/openevse.nix { inherit upkgs; };
|
|
||||||
promnesia = upkgs.python3Packages.callPackage ./pkgs/promnesia.nix {
|
|
||||||
inherit upkgs;
|
|
||||||
};
|
|
||||||
sliding-sync =
|
|
||||||
spkgs.callPackage ./pkgs/sliding-sync.nix { inherit spkgs; };
|
|
||||||
golink = spkgs.callPackage ./pkgs/golink.nix { inherit spkgs; };
|
golink = spkgs.callPackage ./pkgs/golink.nix { inherit spkgs; };
|
||||||
gokrazy = upkgs.callPackage ./pkgs/gokrazy.nix { inherit upkgs; };
|
gokrazy = upkgs.callPackage ./pkgs/gokrazy.nix { inherit upkgs; };
|
||||||
gosignify = spkgs.callPackage ./pkgs/gosignify.nix { inherit spkgs; };
|
gosignify = spkgs.callPackage ./pkgs/gosignify.nix { inherit spkgs; };
|
||||||
gotosocial =
|
gotosocial = spkgs.callPackage ./pkgs/gotosocial.nix { inherit spkgs; };
|
||||||
spkgs.callPackage ./pkgs/gotosocial.nix { inherit spkgs; };
|
zutty = upkgs.callPackage ./pkgs/zutty.nix { inherit upkgs; };
|
||||||
zutty = upkgs.callPackage ./pkgs/zutty.nix {
|
mvoice = upkgs.callPackage ./pkgs/mvoice.nix { inherit upkgs; };
|
||||||
inherit upkgs;
|
|
||||||
};
|
|
||||||
mvoice = upkgs.callPackage ./pkgs/mvoice.nix {
|
|
||||||
inherit upkgs;
|
|
||||||
};
|
|
||||||
inherit (xintray.packages.${system}) xintray;
|
inherit (xintray.packages.${system}) xintray;
|
||||||
inherit (beyt.packages.${system}) beyt;
|
inherit (beyt.packages.${system}) beyt;
|
||||||
inherit (tsvnstat.packages.${system}) tsvnstat;
|
inherit (tsvnstat.packages.${system}) tsvnstat;
|
||||||
@ -374,7 +366,8 @@
|
|||||||
inherit (traygent.packages.${system}) traygent;
|
inherit (traygent.packages.${system}) traygent;
|
||||||
|
|
||||||
inherit (spkgs) matrix-synapse;
|
inherit (spkgs) matrix-synapse;
|
||||||
});
|
}
|
||||||
|
);
|
||||||
|
|
||||||
templates = {
|
templates = {
|
||||||
"ada" = {
|
"ada" = {
|
||||||
@ -405,15 +398,24 @@
|
|||||||
|
|
||||||
checks =
|
checks =
|
||||||
let
|
let
|
||||||
buildList = [ "europa" "stan" "h" "box" "faf" "weather" "clunk" "orcim" ];
|
buildList = [
|
||||||
|
"europa"
|
||||||
|
"stan"
|
||||||
|
"h"
|
||||||
|
"box"
|
||||||
|
"faf"
|
||||||
|
"weather"
|
||||||
|
"clunk"
|
||||||
|
"orcim"
|
||||||
|
];
|
||||||
in
|
in
|
||||||
with unstable.lib;
|
with unstable.lib;
|
||||||
foldl' recursiveUpdate { } (mapAttrsToList
|
foldl' recursiveUpdate { } (
|
||||||
(name: system: {
|
mapAttrsToList
|
||||||
"${system.pkgs.stdenv.hostPlatform.system}"."${name}" =
|
(name: system: {
|
||||||
system.config.system.build.toplevel;
|
"${system.pkgs.stdenv.hostPlatform.system}"."${name}" = system.config.system.build.toplevel;
|
||||||
})
|
})
|
||||||
(filterAttrs (n: _: (builtins.elem n buildList))
|
(filterAttrs (n: _: (builtins.elem n buildList)) self.nixosConfigurations)
|
||||||
self.nixosConfigurations));
|
);
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
107
gui/default.nix
107
gui/default.nix
@ -1,10 +1,11 @@
|
|||||||
{ config
|
{
|
||||||
, lib
|
config,
|
||||||
, pkgs
|
lib,
|
||||||
, xinlib
|
pkgs,
|
||||||
, isUnstable
|
xinlib,
|
||||||
, inputs
|
isUnstable,
|
||||||
, ...
|
inputs,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
inherit (builtins) toJSON;
|
inherit (builtins) toJSON;
|
||||||
@ -13,11 +14,8 @@ let
|
|||||||
firefox = import ../configs/firefox.nix { inherit pkgs; };
|
firefox = import ../configs/firefox.nix { inherit pkgs; };
|
||||||
myEmacs = pkgs.callPackage ../configs/emacs.nix { };
|
myEmacs = pkgs.callPackage ../configs/emacs.nix { };
|
||||||
rage = pkgs.writeScriptBin "rage" (import ../bins/rage.nix { inherit pkgs; });
|
rage = pkgs.writeScriptBin "rage" (import ../bins/rage.nix { inherit pkgs; });
|
||||||
rpr =
|
rpr = pkgs.writeScriptBin "rpr" (import ../bins/rpr.nix { inherit (pkgs) hut gh tea; });
|
||||||
pkgs.writeScriptBin "rpr"
|
promnesia = pkgs.python3Packages.callPackage ../pkgs/promnesia.nix { inherit pkgs; };
|
||||||
(import ../bins/rpr.nix { inherit (pkgs) hut gh tea; });
|
|
||||||
promnesia =
|
|
||||||
pkgs.python3Packages.callPackage ../pkgs/promnesia.nix { inherit pkgs; };
|
|
||||||
hpi = pkgs.python3Packages.callPackage ../pkgs/hpi.nix { inherit pkgs; };
|
hpi = pkgs.python3Packages.callPackage ../pkgs/hpi.nix { inherit pkgs; };
|
||||||
promnesiaService = {
|
promnesiaService = {
|
||||||
promnesia = {
|
promnesia = {
|
||||||
@ -35,7 +33,10 @@ let
|
|||||||
name = "promnesia-index";
|
name = "promnesia-index";
|
||||||
script = "${promnesia}/bin/promnesia index";
|
script = "${promnesia}/bin/promnesia index";
|
||||||
startAt = "*:0/5";
|
startAt = "*:0/5";
|
||||||
path = [ promnesia hpi ];
|
path = [
|
||||||
|
promnesia
|
||||||
|
hpi
|
||||||
|
];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
fontSet = with pkgs; [
|
fontSet = with pkgs; [
|
||||||
@ -51,18 +52,35 @@ let
|
|||||||
}
|
}
|
||||||
{
|
{
|
||||||
command_path = "${pkgs.kdialog}/bin/kdialog";
|
command_path = "${pkgs.kdialog}/bin/kdialog";
|
||||||
command_args = [ "--title" "traygent" "--passivepopup" "SSH Key Added" "5" ];
|
command_args = [
|
||||||
|
"--title"
|
||||||
|
"traygent"
|
||||||
|
"--passivepopup"
|
||||||
|
"SSH Key Added"
|
||||||
|
"5"
|
||||||
|
];
|
||||||
event = "added";
|
event = "added";
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
command_path = "${pkgs.kdialog}/bin/kdialog";
|
command_path = "${pkgs.kdialog}/bin/kdialog";
|
||||||
command_args = [ "--title" "traygent" "--passivepopup" "SSH Key Removed" "5" ];
|
command_args = [
|
||||||
|
"--title"
|
||||||
|
"traygent"
|
||||||
|
"--passivepopup"
|
||||||
|
"SSH Key Removed"
|
||||||
|
"5"
|
||||||
|
];
|
||||||
event = "removed";
|
event = "removed";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
in
|
in
|
||||||
with lib; {
|
with lib;
|
||||||
imports = [ ./gnome.nix ./kde.nix ./xfce.nix ];
|
{
|
||||||
|
imports = [
|
||||||
|
./gnome.nix
|
||||||
|
./kde.nix
|
||||||
|
./xfce.nix
|
||||||
|
];
|
||||||
|
|
||||||
options = {
|
options = {
|
||||||
pulse = {
|
pulse = {
|
||||||
@ -98,43 +116,48 @@ with lib; {
|
|||||||
documentation.enable = true;
|
documentation.enable = true;
|
||||||
|
|
||||||
# TODO: TEMP FIX
|
# TODO: TEMP FIX
|
||||||
systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart =
|
systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart = lib.mkForce [
|
||||||
lib.mkForce [ "" "${pkgs.networkmanager}/bin/nm-online -q" ];
|
""
|
||||||
|
"${pkgs.networkmanager}/bin/nm-online -q"
|
||||||
|
];
|
||||||
fonts = if isUnstable then { packages = fontSet; } else { fonts = fontSet; };
|
fonts = if isUnstable then { packages = fontSet; } else { fonts = fontSet; };
|
||||||
sound.enable = true;
|
sound.enable = true;
|
||||||
environment = {
|
environment = {
|
||||||
etc."traygent.json" = { text = traygentCmds; };
|
etc."traygent.json" = {
|
||||||
|
text = traygentCmds;
|
||||||
|
};
|
||||||
sessionVariables = {
|
sessionVariables = {
|
||||||
SSH_AUTH_SOCK = "$HOME/.traygent";
|
SSH_AUTH_SOCK = "$HOME/.traygent";
|
||||||
};
|
};
|
||||||
systemPackages = with pkgs; (xinlib.filterList [
|
systemPackages =
|
||||||
alacritty
|
with pkgs;
|
||||||
bc
|
(xinlib.filterList [
|
||||||
beyt
|
alacritty
|
||||||
black
|
bc
|
||||||
drawterm
|
beyt
|
||||||
exiftool
|
black
|
||||||
go-font
|
drawterm
|
||||||
govulncheck
|
exiftool
|
||||||
hpi
|
go-font
|
||||||
pcsctools
|
govulncheck
|
||||||
plan9port
|
hpi
|
||||||
promnesia
|
pcsctools
|
||||||
rage
|
plan9port
|
||||||
rpr
|
promnesia
|
||||||
traygent
|
rage
|
||||||
vlc
|
rpr
|
||||||
zeal
|
traygent
|
||||||
|
vlc
|
||||||
|
zeal
|
||||||
|
|
||||||
(callPackage ../configs/helix.nix { })
|
(callPackage ../configs/helix.nix { })
|
||||||
]);
|
]);
|
||||||
};
|
};
|
||||||
|
|
||||||
programs = { } // firefox.programs;
|
programs = { } // firefox.programs;
|
||||||
|
|
||||||
systemd.user.services =
|
systemd.user.services =
|
||||||
(lib.listToAttrs (builtins.map xinlib.jobToUserService jobs))
|
(lib.listToAttrs (builtins.map xinlib.jobToUserService jobs)) // promnesiaService;
|
||||||
// promnesiaService;
|
|
||||||
security.rtkit.enable = true;
|
security.rtkit.enable = true;
|
||||||
})
|
})
|
||||||
(mkIf config.pipewire.enable {
|
(mkIf config.pipewire.enable {
|
||||||
|
@ -1,9 +1,11 @@
|
|||||||
{ config
|
{ config, lib, ... }:
|
||||||
, lib
|
with lib;
|
||||||
, ...
|
{
|
||||||
}:
|
options = {
|
||||||
with lib; {
|
gnome = {
|
||||||
options = { gnome = { enable = mkEnableOption "Enable GNOME desktop."; }; };
|
enable = mkEnableOption "Enable GNOME desktop.";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf config.gnome.enable {
|
config = mkIf config.gnome.enable {
|
||||||
services.xserver.displayManager.gdm.enable = true;
|
services.xserver.displayManager.gdm.enable = true;
|
||||||
|
15
gui/kde.nix
15
gui/kde.nix
@ -1,13 +1,18 @@
|
|||||||
{ config
|
{
|
||||||
, lib
|
config,
|
||||||
, pkgs
|
lib,
|
||||||
, ...
|
pkgs,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
inherit (pkgs.libsForQt5) callPackage;
|
inherit (pkgs.libsForQt5) callPackage;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options = { kde = { enable = lib.mkEnableOption "Enable KDE desktop."; }; };
|
options = {
|
||||||
|
kde = {
|
||||||
|
enable = lib.mkEnableOption "Enable KDE desktop.";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = lib.mkIf config.kde.enable {
|
config = lib.mkIf config.kde.enable {
|
||||||
services.xserver.displayManager.sddm.enable = true;
|
services.xserver.displayManager.sddm.enable = true;
|
||||||
|
22
gui/xfce.nix
22
gui/xfce.nix
@ -1,10 +1,16 @@
|
|||||||
{ config
|
{
|
||||||
, lib
|
config,
|
||||||
, pkgs
|
lib,
|
||||||
, ...
|
pkgs,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
with lib; {
|
with lib;
|
||||||
options = { xfce = { enable = mkEnableOption "Enable XFCE desktop."; }; };
|
{
|
||||||
|
options = {
|
||||||
|
xfce = {
|
||||||
|
enable = mkEnableOption "Enable XFCE desktop.";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf config.xfce.enable {
|
config = mkIf config.xfce.enable {
|
||||||
security.pam.services = {
|
security.pam.services = {
|
||||||
@ -22,6 +28,8 @@ with lib; {
|
|||||||
];
|
];
|
||||||
|
|
||||||
services.xserver.displayManager.sddm.enable = true;
|
services.xserver.displayManager.sddm.enable = true;
|
||||||
services.xserver.desktopManager.xfce = { enable = true; };
|
services.xserver.desktopManager.xfce = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -1,8 +1,9 @@
|
|||||||
{ config
|
{
|
||||||
, lib
|
config,
|
||||||
, pkgs
|
lib,
|
||||||
, xinlib
|
pkgs,
|
||||||
, ...
|
xinlib,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
inherit (xinlib) todo;
|
inherit (xinlib) todo;
|
||||||
@ -38,7 +39,9 @@ let
|
|||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
|
||||||
];
|
];
|
||||||
userBase = { openssh.authorizedKeys.keys = pubKeys; };
|
userBase = {
|
||||||
|
openssh.authorizedKeys.keys = pubKeys;
|
||||||
|
};
|
||||||
mkNginxSecret = {
|
mkNginxSecret = {
|
||||||
sopsFile = config.xin-secrets.box.certs;
|
sopsFile = config.xin-secrets.box.certs;
|
||||||
owner = config.users.users.nginx.name;
|
owner = config.users.users.nginx.name;
|
||||||
@ -66,8 +69,12 @@ in
|
|||||||
owner = config.users.users.gitea.name;
|
owner = config.users.users.gitea.name;
|
||||||
sopsFile = config.xin-secrets.box.services;
|
sopsFile = config.xin-secrets.box.services;
|
||||||
};
|
};
|
||||||
"bitwarden_rs.env" = { sopsFile = config.xin-secrets.box.services; };
|
"bitwarden_rs.env" = {
|
||||||
"wireguard_private_key" = { sopsFile = config.xin-secrets.box.services; };
|
sopsFile = config.xin-secrets.box.services;
|
||||||
|
};
|
||||||
|
"wireguard_private_key" = {
|
||||||
|
sopsFile = config.xin-secrets.box.services;
|
||||||
|
};
|
||||||
"restic_htpasswd" = {
|
"restic_htpasswd" = {
|
||||||
owner = config.users.users.restic.name;
|
owner = config.users.users.restic.name;
|
||||||
sopsFile = config.xin-secrets.box.services;
|
sopsFile = config.xin-secrets.box.services;
|
||||||
@ -132,10 +139,16 @@ in
|
|||||||
"10.6.0.15" = [ "jelly.bold.daemon" ];
|
"10.6.0.15" = [ "jelly.bold.daemon" ];
|
||||||
"100.74.8.55" = [ "nix-binary-cache.otter-alligator.ts.net" ];
|
"100.74.8.55" = [ "nix-binary-cache.otter-alligator.ts.net" ];
|
||||||
};
|
};
|
||||||
interfaces.enp7s0 = { useDHCP = true; };
|
interfaces.enp7s0 = {
|
||||||
|
useDHCP = true;
|
||||||
|
};
|
||||||
|
|
||||||
firewall = {
|
firewall = {
|
||||||
interfaces = { "tailscale0" = { allowedTCPPorts = [ 3030 ]; }; };
|
interfaces = {
|
||||||
|
"tailscale0" = {
|
||||||
|
allowedTCPPorts = [ 3030 ];
|
||||||
|
};
|
||||||
|
};
|
||||||
interfaces = {
|
interfaces = {
|
||||||
"wg0" = {
|
"wg0" = {
|
||||||
allowedTCPPorts = [
|
allowedTCPPorts = [
|
||||||
@ -145,19 +158,17 @@ in
|
|||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
allowedTCPPorts =
|
allowedTCPPorts = config.services.openssh.ports ++ [
|
||||||
config.services.openssh.ports
|
80
|
||||||
++ [
|
443
|
||||||
80
|
config.services.gitea.settings.server.SSH_PORT
|
||||||
443
|
21063 # homekit
|
||||||
config.services.gitea.settings.server.SSH_PORT
|
21064 # homekit
|
||||||
21063 #homekit
|
1883 # mosquitto
|
||||||
21064 #homekit
|
8484 # restic-rest server
|
||||||
1883 # mosquitto
|
];
|
||||||
8484 # restic-rest server
|
|
||||||
];
|
|
||||||
allowedUDPPorts = [
|
allowedUDPPorts = [
|
||||||
5353 #homekit
|
5353 # homekit
|
||||||
];
|
];
|
||||||
allowedUDPPortRanges = [
|
allowedUDPPortRanges = [
|
||||||
{
|
{
|
||||||
@ -191,9 +202,7 @@ in
|
|||||||
nixpkgs = {
|
nixpkgs = {
|
||||||
config = {
|
config = {
|
||||||
allowUnfree = true;
|
allowUnfree = true;
|
||||||
permittedInsecurePackages = todo "figure out what is using openssl-1.1.1w" [
|
permittedInsecurePackages = todo "figure out what is using openssl-1.1.1w" [ "openssl-1.1.1w" ];
|
||||||
"openssl-1.1.1w"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
#overlays = [
|
#overlays = [
|
||||||
# (_: _: {
|
# (_: _: {
|
||||||
@ -227,7 +236,17 @@ in
|
|||||||
groups = {
|
groups = {
|
||||||
media = {
|
media = {
|
||||||
name = "media";
|
name = "media";
|
||||||
members = [ "qbit" "sonarr" "radarr" "lidarr" "nzbget" "jellyfin" "headphones" "rtorrent" "readarr" ];
|
members = [
|
||||||
|
"qbit"
|
||||||
|
"sonarr"
|
||||||
|
"radarr"
|
||||||
|
"lidarr"
|
||||||
|
"nzbget"
|
||||||
|
"jellyfin"
|
||||||
|
"headphones"
|
||||||
|
"rtorrent"
|
||||||
|
"readarr"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
photos = {
|
photos = {
|
||||||
@ -290,8 +309,8 @@ in
|
|||||||
};
|
};
|
||||||
home-assistant = {
|
home-assistant = {
|
||||||
enable = true;
|
enable = true;
|
||||||
extraPackages = python3Packages:
|
extraPackages =
|
||||||
with python3Packages; [
|
python3Packages: with python3Packages; [
|
||||||
pyipp
|
pyipp
|
||||||
pymetno
|
pymetno
|
||||||
ical
|
ical
|
||||||
@ -326,8 +345,7 @@ in
|
|||||||
"zeroconf"
|
"zeroconf"
|
||||||
];
|
];
|
||||||
config = {
|
config = {
|
||||||
sensor = [
|
sensor = [ ];
|
||||||
];
|
|
||||||
mqtt.sensor = [
|
mqtt.sensor = [
|
||||||
{
|
{
|
||||||
name = "Greenhouse Temperature";
|
name = "Greenhouse Temperature";
|
||||||
@ -348,8 +366,7 @@ in
|
|||||||
#"homeassistant.components.aprs" = "debug";
|
#"homeassistant.components.aprs" = "debug";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
"automation manual" = [
|
"automation manual" = [ ];
|
||||||
];
|
|
||||||
"automation ui" = "!include automations.yaml";
|
"automation ui" = "!include automations.yaml";
|
||||||
rest = [
|
rest = [
|
||||||
{
|
{
|
||||||
@ -381,8 +398,7 @@ in
|
|||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
device_tracker = [
|
device_tracker = [ ];
|
||||||
];
|
|
||||||
default_config = { };
|
default_config = { };
|
||||||
http = {
|
http = {
|
||||||
use_x_forwarded_for = true;
|
use_x_forwarded_for = true;
|
||||||
@ -482,7 +498,9 @@ in
|
|||||||
in
|
in
|
||||||
[ "@daily root ${tsCertsScript}/bin/ts-certs.sh" ];
|
[ "@daily root ${tsCertsScript}/bin/ts-certs.sh" ];
|
||||||
};
|
};
|
||||||
openssh = { settings.X11Forwarding = true; };
|
openssh = {
|
||||||
|
settings.X11Forwarding = true;
|
||||||
|
};
|
||||||
|
|
||||||
tor.enable = true;
|
tor.enable = true;
|
||||||
|
|
||||||
@ -508,7 +526,9 @@ in
|
|||||||
nzbget = {
|
nzbget = {
|
||||||
enable = true;
|
enable = true;
|
||||||
group = "media";
|
group = "media";
|
||||||
settings = { MainDir = "/media/downloads"; };
|
settings = {
|
||||||
|
MainDir = "/media/downloads";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
fwupd.enable = true;
|
fwupd.enable = true;
|
||||||
@ -539,7 +559,9 @@ in
|
|||||||
calibre-web = {
|
calibre-web = {
|
||||||
enable = true;
|
enable = true;
|
||||||
group = "media";
|
group = "media";
|
||||||
options = { enableBookUploading = true; };
|
options = {
|
||||||
|
enableBookUploading = true;
|
||||||
|
};
|
||||||
listen.port = 8909;
|
listen.port = 8909;
|
||||||
listen.ip = "127.0.0.1";
|
listen.ip = "127.0.0.1";
|
||||||
};
|
};
|
||||||
@ -570,10 +592,7 @@ in
|
|||||||
name = "Loki";
|
name = "Loki";
|
||||||
type = "loki";
|
type = "loki";
|
||||||
access = "proxy";
|
access = "proxy";
|
||||||
url = "http://127.0.0.1:${
|
url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}";
|
||||||
toString
|
|
||||||
config.services.loki.configuration.server.http_listen_port
|
|
||||||
}";
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
@ -591,7 +610,9 @@ in
|
|||||||
lifecycler = {
|
lifecycler = {
|
||||||
address = "127.0.0.1";
|
address = "127.0.0.1";
|
||||||
ring = {
|
ring = {
|
||||||
kvstore = { store = "inmemory"; };
|
kvstore = {
|
||||||
|
store = "inmemory";
|
||||||
|
};
|
||||||
replication_factor = 1;
|
replication_factor = 1;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@ -625,7 +646,9 @@ in
|
|||||||
shared_store = "filesystem";
|
shared_store = "filesystem";
|
||||||
};
|
};
|
||||||
|
|
||||||
filesystem = { directory = "/var/lib/loki/chunks"; };
|
filesystem = {
|
||||||
|
directory = "/var/lib/loki/chunks";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
limits_config = {
|
limits_config = {
|
||||||
@ -633,7 +656,9 @@ in
|
|||||||
reject_old_samples_max_age = "168h";
|
reject_old_samples_max_age = "168h";
|
||||||
};
|
};
|
||||||
|
|
||||||
chunk_store_config = { max_look_back_period = "0s"; };
|
chunk_store_config = {
|
||||||
|
max_look_back_period = "0s";
|
||||||
|
};
|
||||||
|
|
||||||
table_manager = {
|
table_manager = {
|
||||||
retention_deletes_enabled = false;
|
retention_deletes_enabled = false;
|
||||||
@ -643,7 +668,11 @@ in
|
|||||||
compactor = {
|
compactor = {
|
||||||
working_directory = "/var/lib/loki";
|
working_directory = "/var/lib/loki";
|
||||||
shared_store = "filesystem";
|
shared_store = "filesystem";
|
||||||
compactor_ring = { kvstore = { store = "inmemory"; }; };
|
compactor_ring = {
|
||||||
|
kvstore = {
|
||||||
|
store = "inmemory";
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@ -655,13 +684,12 @@ in
|
|||||||
http_listen_port = 3031;
|
http_listen_port = 3031;
|
||||||
grpc_listen_port = 0;
|
grpc_listen_port = 0;
|
||||||
};
|
};
|
||||||
positions = { filename = "/tmp/positions.yaml"; };
|
positions = {
|
||||||
|
filename = "/tmp/positions.yaml";
|
||||||
|
};
|
||||||
clients = [
|
clients = [
|
||||||
{
|
{
|
||||||
url = "http://127.0.0.1:${
|
url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
|
||||||
toString
|
|
||||||
config.services.loki.configuration.server.http_listen_port
|
|
||||||
}/loki/api/v1/push";
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
scrape_configs = [
|
scrape_configs = [
|
||||||
@ -696,7 +724,9 @@ in
|
|||||||
port = 9002;
|
port = 9002;
|
||||||
};
|
};
|
||||||
|
|
||||||
nginx = { enable = true; };
|
nginx = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
rtl_433 = {
|
rtl_433 = {
|
||||||
enable = true;
|
enable = true;
|
||||||
@ -720,53 +750,35 @@ in
|
|||||||
{
|
{
|
||||||
job_name = "rtl_433";
|
job_name = "rtl_433";
|
||||||
static_configs = [
|
static_configs = [
|
||||||
{
|
{ targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.rtl_433.port}" ]; }
|
||||||
targets = [
|
|
||||||
"127.0.0.1:${
|
|
||||||
toString config.services.prometheus.exporters.rtl_433.port
|
|
||||||
}"
|
|
||||||
];
|
|
||||||
}
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
job_name = "box";
|
job_name = "box";
|
||||||
static_configs = [
|
static_configs = [
|
||||||
{
|
{ targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ]; }
|
||||||
targets = [
|
|
||||||
"127.0.0.1:${
|
|
||||||
toString config.services.prometheus.exporters.node.port
|
|
||||||
}"
|
|
||||||
];
|
|
||||||
}
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
job_name = "faf";
|
job_name = "faf";
|
||||||
static_configs = [{ targets = [ "10.6.0.245:9002" ]; }];
|
static_configs = [ { targets = [ "10.6.0.245:9002" ]; } ];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
job_name = "h";
|
job_name = "h";
|
||||||
static_configs = [{ targets = [ "100.83.77.133:9002" ]; }];
|
static_configs = [ { targets = [ "100.83.77.133:9002" ]; } ];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
job_name = "pwntie";
|
job_name = "pwntie";
|
||||||
static_configs = [{ targets = [ "100.84.170.57:9002" ]; }];
|
static_configs = [ { targets = [ "100.84.170.57:9002" ]; } ];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
job_name = "namish";
|
job_name = "namish";
|
||||||
static_configs = [{ targets = [ "10.200.0.100:9100" ]; }];
|
static_configs = [ { targets = [ "10.200.0.100:9100" ]; } ];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
job_name = "nginx";
|
job_name = "nginx";
|
||||||
static_configs = [
|
static_configs = [
|
||||||
{
|
{ targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.nginx.port}" ]; }
|
||||||
targets = [
|
|
||||||
"127.0.0.1:${
|
|
||||||
toString config.services.prometheus.exporters.nginx.port
|
|
||||||
}"
|
|
||||||
];
|
|
||||||
}
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
@ -833,7 +845,9 @@ in
|
|||||||
backup root@suah.dev:/var/www/ suah.dev/
|
backup root@suah.dev:/var/www/ suah.dev/
|
||||||
backup_exec date "+ backup of suah.dev ended at %c"
|
backup_exec date "+ backup of suah.dev ended at %c"
|
||||||
'';
|
'';
|
||||||
cronIntervals = { daily = "50 21 * * *"; };
|
cronIntervals = {
|
||||||
|
daily = "50 21 * * *";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
libreddit = {
|
libreddit = {
|
||||||
@ -877,9 +891,7 @@ in
|
|||||||
sslCertificateKey = "${config.sops.secrets.invidious_key.path}";
|
sslCertificateKey = "${config.sops.secrets.invidious_key.path}";
|
||||||
sslCertificate = "${config.sops.secrets.invidious_cert.path}";
|
sslCertificate = "${config.sops.secrets.invidious_cert.path}";
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.1:${
|
proxyPass = "http://127.0.0.1:${toString config.services.invidious.port}";
|
||||||
toString config.services.invidious.port
|
|
||||||
}";
|
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@ -941,9 +953,7 @@ in
|
|||||||
sslCertificate = "${config.sops.secrets.books_cert.path}";
|
sslCertificate = "${config.sops.secrets.books_cert.path}";
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://localhost:${
|
proxyPass = "http://localhost:${toString config.services.calibre-web.listen.port}";
|
||||||
toString config.services.calibre-web.listen.port
|
|
||||||
}";
|
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
${httpAllow}
|
${httpAllow}
|
||||||
@ -1047,9 +1057,7 @@ in
|
|||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.1:${
|
proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";
|
||||||
toString config.services.grafana.settings.server.http_port
|
|
||||||
}";
|
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
${httpAllow}
|
${httpAllow}
|
||||||
@ -1072,17 +1080,13 @@ in
|
|||||||
end
|
end
|
||||||
|
|
||||||
local sock = ngx.socket.tcp()
|
local sock = ngx.socket.tcp()
|
||||||
local ok, err = sock:connect("127.0.0.1", ${
|
local ok, err = sock:connect("127.0.0.1", ${toString config.services.prometheus.port})
|
||||||
toString config.services.prometheus.port
|
|
||||||
})
|
|
||||||
if not ok then
|
if not ok then
|
||||||
ngx.say("failed to connect to backend: ", err)
|
ngx.say("failed to connect to backend: ", err)
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
|
||||||
local bytes = sock:send("GET /api/v1/query?query=wstation_temp_c HTTP/1.1\nHost: 127.0.0.1:${
|
local bytes = sock:send("GET /api/v1/query?query=wstation_temp_c HTTP/1.1\nHost: 127.0.0.1:${toString config.services.prometheus.port}\n\n")
|
||||||
toString config.services.prometheus.port
|
|
||||||
}\n\n")
|
|
||||||
|
|
||||||
sock:settimeouts(1000, 1000, 1000)
|
sock:settimeouts(1000, 1000, 1000)
|
||||||
|
|
||||||
@ -1120,7 +1124,11 @@ in
|
|||||||
host all all ::1/128 trust
|
host all all ::1/128 trust
|
||||||
'';
|
'';
|
||||||
|
|
||||||
ensureDatabases = [ "nextcloud" "gitea" "invidious" ];
|
ensureDatabases = [
|
||||||
|
"nextcloud"
|
||||||
|
"gitea"
|
||||||
|
"invidious"
|
||||||
|
];
|
||||||
ensureUsers = [
|
ensureUsers = [
|
||||||
{
|
{
|
||||||
name = "nextcloud";
|
name = "nextcloud";
|
||||||
|
@ -1,10 +1,20 @@
|
|||||||
{ ... }: {
|
{ ... }:
|
||||||
|
{
|
||||||
boot = {
|
boot = {
|
||||||
initrd = {
|
initrd = {
|
||||||
availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
availableKernelModules = [
|
||||||
|
"ehci_pci"
|
||||||
|
"ahci"
|
||||||
|
"usbhid"
|
||||||
|
"usb_storage"
|
||||||
|
"sd_mod"
|
||||||
|
];
|
||||||
kernelModules = [ ];
|
kernelModules = [ ];
|
||||||
};
|
};
|
||||||
kernelModules = [ "kvm-intel" "wireguard" ];
|
kernelModules = [
|
||||||
|
"kvm-intel"
|
||||||
|
"wireguard"
|
||||||
|
];
|
||||||
extraModulePackages = [ ];
|
extraModulePackages = [ ];
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -72,5 +82,5 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices = [{ device = "/dev/disk/by-uuid/97d6ef56-ea18-493b-aac0-e58e773ced30"; }];
|
swapDevices = [ { device = "/dev/disk/by-uuid/97d6ef56-ea18-493b-aac0-e58e773ced30"; } ];
|
||||||
}
|
}
|
||||||
|
@ -1,6 +1,4 @@
|
|||||||
{ pkgs
|
{ pkgs, ... }:
|
||||||
, ...
|
|
||||||
}:
|
|
||||||
let
|
let
|
||||||
pubKeys = [
|
pubKeys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
|
||||||
@ -8,18 +6,14 @@ let
|
|||||||
in
|
in
|
||||||
{
|
{
|
||||||
_module.args.isUnstable = true;
|
_module.args.isUnstable = true;
|
||||||
imports = [
|
imports = [ ./hardware-configuration.nix ];
|
||||||
./hardware-configuration.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
hardware.rtl-sdr.enable = true;
|
hardware.rtl-sdr.enable = true;
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
loader.grub = {
|
loader.grub = {
|
||||||
enable = true;
|
enable = true;
|
||||||
devices = [
|
devices = [ "/dev/disk/by-id/wwn-0x5001b448be78d64a" ];
|
||||||
"/dev/disk/by-id/wwn-0x5001b448be78d64a"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
kernelPackages = pkgs.linuxPackages_latest;
|
kernelPackages = pkgs.linuxPackages_latest;
|
||||||
};
|
};
|
||||||
@ -69,7 +63,11 @@ in
|
|||||||
|
|
||||||
windowManager.xmonad = {
|
windowManager.xmonad = {
|
||||||
enable = true;
|
enable = true;
|
||||||
extraPackages = haskellPackages: with haskellPackages; [ xmonad-contrib hostname ];
|
extraPackages =
|
||||||
|
haskellPackages: with haskellPackages; [
|
||||||
|
xmonad-contrib
|
||||||
|
hostname
|
||||||
|
];
|
||||||
config = builtins.readFile ./xmonad.hs;
|
config = builtins.readFile ./xmonad.hs;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@ -77,10 +75,16 @@ in
|
|||||||
|
|
||||||
users = {
|
users = {
|
||||||
users = {
|
users = {
|
||||||
root = { openssh.authorizedKeys.keys = pubKeys; };
|
root = {
|
||||||
|
openssh.authorizedKeys.keys = pubKeys;
|
||||||
|
};
|
||||||
qbit = {
|
qbit = {
|
||||||
openssh.authorizedKeys.keys = pubKeys;
|
openssh.authorizedKeys.keys = pubKeys;
|
||||||
extraGroups = [ "dialout" "libvirtd" "plugdev" ];
|
extraGroups = [
|
||||||
|
"dialout"
|
||||||
|
"libvirtd"
|
||||||
|
"plugdev"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -1,28 +1,35 @@
|
|||||||
{ config, lib, modulesPath, ... }:
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
modulesPath,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||||
[
|
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
|
||||||
];
|
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
initrd = {
|
initrd = {
|
||||||
availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "usb_storage" "ums_realtek" "sd_mod" ];
|
availableKernelModules = [
|
||||||
|
"uhci_hcd"
|
||||||
|
"ehci_pci"
|
||||||
|
"ahci"
|
||||||
|
"usb_storage"
|
||||||
|
"ums_realtek"
|
||||||
|
"sd_mod"
|
||||||
|
];
|
||||||
kernelModules = [ ];
|
kernelModules = [ ];
|
||||||
};
|
};
|
||||||
kernelModules = [ ];
|
kernelModules = [ ];
|
||||||
extraModulePackages = [ ];
|
extraModulePackages = [ ];
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/" =
|
fileSystems."/" = {
|
||||||
{
|
device = "/dev/disk/by-uuid/d97f80ac-63fe-43d3-a3f5-3c385a41a068";
|
||||||
device = "/dev/disk/by-uuid/d97f80ac-63fe-43d3-a3f5-3c385a41a068";
|
fsType = "ext4";
|
||||||
fsType = "ext4";
|
};
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices =
|
swapDevices = [ { device = "/dev/disk/by-uuid/b70a6cac-996e-4a05-a3d0-17c7acf90f08"; } ];
|
||||||
[{ device = "/dev/disk/by-uuid/b70a6cac-996e-4a05-a3d0-17c7acf90f08"; }];
|
|
||||||
|
|
||||||
networking.useDHCP = lib.mkDefault true;
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
@ -1,9 +1,10 @@
|
|||||||
{ inputs
|
{
|
||||||
, config
|
inputs,
|
||||||
, pkgs
|
config,
|
||||||
, lib
|
pkgs,
|
||||||
, xinlib
|
lib,
|
||||||
, ...
|
xinlib,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
inherit (inputs.stable.legacyPackages.${pkgs.system}) chirp beets;
|
inherit (inputs.stable.legacyPackages.${pkgs.system}) chirp beets;
|
||||||
@ -13,21 +14,25 @@ let
|
|||||||
# doomPrivateDir = ../../configs/doom.d;
|
# doomPrivateDir = ../../configs/doom.d;
|
||||||
#};
|
#};
|
||||||
peerixUser =
|
peerixUser =
|
||||||
if builtins.hasAttr "peerix" config.users.users
|
if builtins.hasAttr "peerix" config.users.users then config.users.users.peerix.name else "root";
|
||||||
then config.users.users.peerix.name
|
|
||||||
else "root";
|
|
||||||
jobs = [
|
jobs = [
|
||||||
{
|
{
|
||||||
name = "brain";
|
name = "brain";
|
||||||
script = "cd ~/Brain && git sync";
|
script = "cd ~/Brain && git sync";
|
||||||
startAt = "*:0/2";
|
startAt = "*:0/2";
|
||||||
path = [ pkgs.git pkgs.git-sync ];
|
path = [
|
||||||
|
pkgs.git
|
||||||
|
pkgs.git-sync
|
||||||
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
name = "org";
|
name = "org";
|
||||||
script = "(cd ~/org && git sync)";
|
script = "(cd ~/org && git sync)";
|
||||||
startAt = "*:0/5";
|
startAt = "*:0/5";
|
||||||
path = [ pkgs.git pkgs.git-sync ];
|
path = [
|
||||||
|
pkgs.git
|
||||||
|
pkgs.git-sync
|
||||||
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
name = "taskobs";
|
name = "taskobs";
|
||||||
@ -40,7 +45,10 @@ in
|
|||||||
{
|
{
|
||||||
_module.args.isUnstable = true;
|
_module.args.isUnstable = true;
|
||||||
|
|
||||||
imports = [ ./hardware-configuration.nix ../../pkgs ];
|
imports = [
|
||||||
|
./hardware-configuration.nix
|
||||||
|
../../pkgs
|
||||||
|
];
|
||||||
|
|
||||||
sops.secrets = {
|
sops.secrets = {
|
||||||
fastmail = {
|
fastmail = {
|
||||||
@ -107,7 +115,10 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ];
|
binfmt.emulatedSystems = [
|
||||||
|
"aarch64-linux"
|
||||||
|
"riscv64-linux"
|
||||||
|
];
|
||||||
initrd.systemd.enable = true;
|
initrd.systemd.enable = true;
|
||||||
loader = {
|
loader = {
|
||||||
systemd-boot.enable = true;
|
systemd-boot.enable = true;
|
||||||
@ -116,9 +127,7 @@ in
|
|||||||
efiSysMountPoint = "/boot/efi";
|
efiSysMountPoint = "/boot/efi";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
kernelParams = [
|
kernelParams = [ "boot.shell_on_fail" ];
|
||||||
"boot.shell_on_fail"
|
|
||||||
];
|
|
||||||
kernelPackages = pkgs.linuxPackages_latest;
|
kernelPackages = pkgs.linuxPackages_latest;
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -145,14 +154,21 @@ in
|
|||||||
firewall = {
|
firewall = {
|
||||||
enable = true;
|
enable = true;
|
||||||
allowedTCPPorts = [ 22 ];
|
allowedTCPPorts = [ 22 ];
|
||||||
interfaces = { "tailscale0" = { allowedTCPPorts = [ 8384 ]; }; };
|
interfaces = {
|
||||||
|
"tailscale0" = {
|
||||||
|
allowedTCPPorts = [ 8384 ];
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
tsPeerix = {
|
tsPeerix = {
|
||||||
enable = false;
|
enable = false;
|
||||||
privateKeyFile = "${config.sops.secrets.peerix_private_key.path}";
|
privateKeyFile = "${config.sops.secrets.peerix_private_key.path}";
|
||||||
interfaces = [ "wlp170s0" "ztksevmpn3" ];
|
interfaces = [
|
||||||
|
"wlp170s0"
|
||||||
|
"ztksevmpn3"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
programs = {
|
programs = {
|
||||||
@ -175,7 +191,9 @@ in
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.xinCA = { enable = false; };
|
services.xinCA = {
|
||||||
|
enable = false;
|
||||||
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
power-profiles-daemon.enable = false;
|
power-profiles-daemon.enable = false;
|
||||||
@ -222,9 +240,16 @@ in
|
|||||||
repositoryFile = "${config.sops.secrets.restic_remote_repo_file.path}";
|
repositoryFile = "${config.sops.secrets.restic_remote_repo_file.path}";
|
||||||
#repository = "https://europa@backup.bold.daemon:8484/";
|
#repository = "https://europa@backup.bold.daemon:8484/";
|
||||||
|
|
||||||
paths = [ "/home/qbit" "/var/lib/libvirt" ];
|
paths = [
|
||||||
|
"/home/qbit"
|
||||||
|
"/var/lib/libvirt"
|
||||||
|
];
|
||||||
|
|
||||||
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-yearly 4" ];
|
pruneOpts = [
|
||||||
|
"--keep-daily 7"
|
||||||
|
"--keep-weekly 5"
|
||||||
|
"--keep-yearly 4"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
local = {
|
local = {
|
||||||
initialize = true;
|
initialize = true;
|
||||||
@ -232,9 +257,16 @@ in
|
|||||||
environmentFile = "${config.sops.secrets.restic_env_file.path}";
|
environmentFile = "${config.sops.secrets.restic_env_file.path}";
|
||||||
passwordFile = "${config.sops.secrets.restic_password_file.path}";
|
passwordFile = "${config.sops.secrets.restic_password_file.path}";
|
||||||
|
|
||||||
paths = [ "/home/qbit" "/var/lib/libvirt" ];
|
paths = [
|
||||||
|
"/home/qbit"
|
||||||
|
"/var/lib/libvirt"
|
||||||
|
];
|
||||||
|
|
||||||
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-yearly 5" ];
|
pruneOpts = [
|
||||||
|
"--keep-daily 7"
|
||||||
|
"--keep-weekly 5"
|
||||||
|
"--keep-yearly 5"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@ -280,8 +312,7 @@ in
|
|||||||
];
|
];
|
||||||
|
|
||||||
systemd = {
|
systemd = {
|
||||||
user.services =
|
user.services = lib.listToAttrs (builtins.map jobToUserService jobs);
|
||||||
lib.listToAttrs (builtins.map jobToUserService jobs);
|
|
||||||
services = {
|
services = {
|
||||||
"whytailscalewhy" = {
|
"whytailscalewhy" = {
|
||||||
description = "Tailscale restart on resume";
|
description = "Tailscale restart on resume";
|
||||||
@ -305,7 +336,9 @@ in
|
|||||||
];
|
];
|
||||||
|
|
||||||
environment = {
|
environment = {
|
||||||
etc."barrier.conf" = { text = readFile ../../configs/barrier.conf; };
|
etc."barrier.conf" = {
|
||||||
|
text = readFile ../../configs/barrier.conf;
|
||||||
|
};
|
||||||
sessionVariables = {
|
sessionVariables = {
|
||||||
XDG_BIN_HOME = "\${HOME}/.local/bin";
|
XDG_BIN_HOME = "\${HOME}/.local/bin";
|
||||||
XDG_CACHE_HOME = "\${HOME}/.cache";
|
XDG_CACHE_HOME = "\${HOME}/.cache";
|
||||||
@ -377,8 +410,7 @@ in
|
|||||||
(callPackage ../../pkgs/ttfs.nix { })
|
(callPackage ../../pkgs/ttfs.nix { })
|
||||||
(callPackage ../../pkgs/kobuddy.nix {
|
(callPackage ../../pkgs/kobuddy.nix {
|
||||||
inherit pkgs;
|
inherit pkgs;
|
||||||
inherit
|
inherit (pkgs.python39Packages)
|
||||||
(pkgs.python39Packages)
|
|
||||||
buildPythonPackage
|
buildPythonPackage
|
||||||
fetchPypi
|
fetchPypi
|
||||||
setuptools-scm
|
setuptools-scm
|
||||||
|
@ -1,12 +1,17 @@
|
|||||||
{ lib
|
{ lib, modulesPath, ... }:
|
||||||
, modulesPath
|
{
|
||||||
, ...
|
|
||||||
}: {
|
|
||||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
initrd = {
|
initrd = {
|
||||||
availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" ];
|
availableKernelModules = [
|
||||||
|
"xhci_pci"
|
||||||
|
"thunderbolt"
|
||||||
|
"nvme"
|
||||||
|
"usb_storage"
|
||||||
|
"usbhid"
|
||||||
|
"sd_mod"
|
||||||
|
];
|
||||||
kernelModules = [ ];
|
kernelModules = [ ];
|
||||||
};
|
};
|
||||||
kernelModules = [ "kvm-intel" ];
|
kernelModules = [ "kvm-intel" ];
|
||||||
@ -27,14 +32,16 @@
|
|||||||
};
|
};
|
||||||
|
|
||||||
boot.initrd.luks.devices."luks-1f16b568-7726-44b6-b082-6b9d5e4d1972".device = "/dev/disk/by-uuid/1f16b568-7726-44b6-b082-6b9d5e4d1972";
|
boot.initrd.luks.devices."luks-1f16b568-7726-44b6-b082-6b9d5e4d1972".device = "/dev/disk/by-uuid/1f16b568-7726-44b6-b082-6b9d5e4d1972";
|
||||||
boot.initrd.luks.devices."luks-1f16b568-7726-44b6-b082-6b9d5e4d1972".crypttabExtraOpts = [ "fido2-device=auto" ];
|
boot.initrd.luks.devices."luks-1f16b568-7726-44b6-b082-6b9d5e4d1972".crypttabExtraOpts = [
|
||||||
|
"fido2-device=auto"
|
||||||
|
];
|
||||||
|
|
||||||
fileSystems."/boot/efi" = {
|
fileSystems."/boot/efi" = {
|
||||||
device = "/dev/disk/by-uuid/F0A2-4A56";
|
device = "/dev/disk/by-uuid/F0A2-4A56";
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
|
swapDevices = [ { device = "/dev/disk/by-label/swap"; } ];
|
||||||
|
|
||||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||||
hardware = {
|
hardware = {
|
||||||
|
@ -30,10 +30,16 @@ in
|
|||||||
interfaces.enp2s0.useDHCP = true;
|
interfaces.enp2s0.useDHCP = true;
|
||||||
|
|
||||||
firewall = {
|
firewall = {
|
||||||
allowedTCPPorts = [ 22 53 config.services.prometheus.exporters.node.port ];
|
allowedTCPPorts = [
|
||||||
|
22
|
||||||
|
53
|
||||||
|
config.services.prometheus.exporters.node.port
|
||||||
|
];
|
||||||
allowedUDPPorts = [ 53 ];
|
allowedUDPPorts = [ 53 ];
|
||||||
};
|
};
|
||||||
hosts = { "100.74.8.55" = [ "nix-binary-cache.otter-alligator.ts.net" ]; };
|
hosts = {
|
||||||
|
"100.74.8.55" = [ "nix-binary-cache.otter-alligator.ts.net" ];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users = {
|
users.users = {
|
||||||
|
@ -1,11 +1,13 @@
|
|||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{ config
|
{
|
||||||
, lib
|
config,
|
||||||
, modulesPath
|
lib,
|
||||||
, ...
|
modulesPath,
|
||||||
}: {
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
@ -73,6 +75,5 @@
|
|||||||
|
|
||||||
swapDevices = [ ];
|
swapDevices = [ ];
|
||||||
|
|
||||||
hardware.cpu.intel.updateMicrocode =
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
||||||
}
|
}
|
||||||
|
@ -1,28 +1,31 @@
|
|||||||
{ config
|
{
|
||||||
, pkgs
|
config,
|
||||||
, isUnstable
|
pkgs,
|
||||||
, inputs
|
isUnstable,
|
||||||
, ...
|
inputs,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
with pkgs; let
|
with pkgs;
|
||||||
|
let
|
||||||
gqrss = callPackage ../../pkgs/gqrss.nix { inherit isUnstable; };
|
gqrss = callPackage ../../pkgs/gqrss.nix { inherit isUnstable; };
|
||||||
icbirc = callPackage ../../pkgs/icbirc.nix { inherit isUnstable; };
|
icbirc = callPackage ../../pkgs/icbirc.nix { inherit isUnstable; };
|
||||||
mcchunkie = callPackage ../../pkgs/mcchunkie.nix { inherit isUnstable; };
|
mcchunkie = callPackage ../../pkgs/mcchunkie.nix { inherit isUnstable; };
|
||||||
slidingSyncPkg = callPackage ../../pkgs/sliding-sync.nix { };
|
slidingSyncPkg = callPackage ../../pkgs/sliding-sync.nix { };
|
||||||
weepushover =
|
weepushover = python3Packages.callPackage ../../pkgs/weepushover.nix { inherit pkgs; };
|
||||||
python3Packages.callPackage ../../pkgs/weepushover.nix { inherit pkgs; };
|
|
||||||
pgBackupDir = "/var/backups/postgresql";
|
pgBackupDir = "/var/backups/postgresql";
|
||||||
pubKeys = [
|
pubKeys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
|
||||||
];
|
];
|
||||||
userBase = { openssh.authorizedKeys.keys = pubKeys; };
|
userBase = {
|
||||||
icbIrcTunnel =
|
openssh.authorizedKeys.keys = pubKeys;
|
||||||
pkgs.writeScriptBin "icb-irc-tunnel"
|
};
|
||||||
(import ../../bins/icb-irc-tunnel.nix {
|
icbIrcTunnel = pkgs.writeScriptBin "icb-irc-tunnel" (
|
||||||
inherit pkgs;
|
import ../../bins/icb-irc-tunnel.nix {
|
||||||
inherit icbirc;
|
inherit pkgs;
|
||||||
});
|
inherit icbirc;
|
||||||
|
}
|
||||||
|
);
|
||||||
goModuleHost = "https://codeberg.org/qbit"; # "https://git.sr.ht/~qbit";
|
goModuleHost = "https://codeberg.org/qbit"; # "https://git.sr.ht/~qbit";
|
||||||
httpAllow = ''
|
httpAllow = ''
|
||||||
allow 10.6.0.0/24;
|
allow 10.6.0.0/24;
|
||||||
@ -38,18 +41,20 @@ with pkgs; let
|
|||||||
matrixServer = "tapenet.org";
|
matrixServer = "tapenet.org";
|
||||||
matrixClientConfig = {
|
matrixClientConfig = {
|
||||||
"m.homeserver".base_url = "https://${matrixServer}:443";
|
"m.homeserver".base_url = "https://${matrixServer}:443";
|
||||||
"org.matrix.msc3575.proxy" = { url = "https://${matrixServer}"; };
|
"org.matrix.msc3575.proxy" = {
|
||||||
|
url = "https://${matrixServer}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
matrixServerConfig = {
|
||||||
|
"m.server" = "${matrixServer}:443";
|
||||||
};
|
};
|
||||||
matrixServerConfig = { "m.server" = "${matrixServer}:443"; };
|
|
||||||
mkMatrixWellKnown = p: ''
|
mkMatrixWellKnown = p: ''
|
||||||
return 200 '${builtins.toJSON p}';
|
return 200 '${builtins.toJSON p}';
|
||||||
'';
|
'';
|
||||||
|
|
||||||
mkMatrixSliderLoc = {
|
mkMatrixSliderLoc = {
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
proxyPass = "http://${config.services.sliding-sync.address}:${
|
proxyPass = "http://${config.services.sliding-sync.address}:${toString config.services.sliding-sync.port}";
|
||||||
toString config.services.sliding-sync.port
|
|
||||||
}";
|
|
||||||
};
|
};
|
||||||
mkMatrixLoc = {
|
mkMatrixLoc = {
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
@ -58,9 +63,7 @@ with pkgs; let
|
|||||||
in
|
in
|
||||||
{
|
{
|
||||||
_module.args.isUnstable = false;
|
_module.args.isUnstable = false;
|
||||||
imports = [
|
imports = [ ./hardware-configuration.nix ];
|
||||||
./hardware-configuration.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
loader.grub = {
|
loader.grub = {
|
||||||
@ -84,9 +87,14 @@ in
|
|||||||
nixpkgs.overlays = [
|
nixpkgs.overlays = [
|
||||||
(_: super: {
|
(_: super: {
|
||||||
weechat = super.weechat.override {
|
weechat = super.weechat.override {
|
||||||
configure = { ... }: {
|
configure =
|
||||||
scripts = with super.weechatScripts; [ highmon weepushover ];
|
{ ... }:
|
||||||
};
|
{
|
||||||
|
scripts = with super.weechatScripts; [
|
||||||
|
highmon
|
||||||
|
weepushover
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
];
|
];
|
||||||
@ -140,7 +148,9 @@ in
|
|||||||
sopsFile = config.xin-secrets.h.services;
|
sopsFile = config.xin-secrets.h.services;
|
||||||
owner = config.users.users.gostart.name;
|
owner = config.users.users.gostart.name;
|
||||||
};
|
};
|
||||||
wireguard_private_key = { sopsFile = config.xin-secrets.h.services; };
|
wireguard_private_key = {
|
||||||
|
sopsFile = config.xin-secrets.h.services;
|
||||||
|
};
|
||||||
pots_env_file = {
|
pots_env_file = {
|
||||||
owner = config.users.users.pots.name;
|
owner = config.users.users.pots.name;
|
||||||
mode = "400";
|
mode = "400";
|
||||||
@ -212,8 +222,21 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
firewall = {
|
firewall = {
|
||||||
interfaces = { "tailscale0" = { allowedTCPPorts = [ 9002 config.services.shiori.port ]; }; };
|
interfaces = {
|
||||||
allowedTCPPorts = [ 22 80 443 2222 53589 ];
|
"tailscale0" = {
|
||||||
|
allowedTCPPorts = [
|
||||||
|
9002
|
||||||
|
config.services.shiori.port
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
allowedTCPPorts = [
|
||||||
|
22
|
||||||
|
80
|
||||||
|
443
|
||||||
|
2222
|
||||||
|
53589
|
||||||
|
];
|
||||||
allowedUDPPorts = [ 7122 ];
|
allowedUDPPorts = [ 7122 ];
|
||||||
allowedUDPPortRanges = [
|
allowedUDPPortRanges = [
|
||||||
{
|
{
|
||||||
@ -281,7 +304,10 @@ in
|
|||||||
matrix-synapse.after = [ "icbirc.service" ];
|
matrix-synapse.after = [ "icbirc.service" ];
|
||||||
icb-tunnel = {
|
icb-tunnel = {
|
||||||
wantedBy = [ "network.target" ];
|
wantedBy = [ "network.target" ];
|
||||||
after = [ "network.target" "multi-user.target" ];
|
after = [
|
||||||
|
"network.target"
|
||||||
|
"multi-user.target"
|
||||||
|
];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
User = "qbit";
|
User = "qbit";
|
||||||
WorkingDirectory = "/home/qbit";
|
WorkingDirectory = "/home/qbit";
|
||||||
@ -314,7 +340,10 @@ in
|
|||||||
loginAccounts = {
|
loginAccounts = {
|
||||||
"qbit@suah.dev" = {
|
"qbit@suah.dev" = {
|
||||||
hashedPasswordFile = "${config.sops.secrets.qbit_at_suah_pass_file.path}";
|
hashedPasswordFile = "${config.sops.secrets.qbit_at_suah_pass_file.path}";
|
||||||
aliases = [ "postmaster@suah.dev" "aaron@suah.dev" ];
|
aliases = [
|
||||||
|
"postmaster@suah.dev"
|
||||||
|
"aaron@suah.dev"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -380,7 +409,9 @@ in
|
|||||||
enable = true;
|
enable = true;
|
||||||
envFile = "${config.sops.secrets.pots_env_file.path}";
|
envFile = "${config.sops.secrets.pots_env_file.path}";
|
||||||
};
|
};
|
||||||
pr-status = { enable = true; };
|
pr-status = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
gostart = {
|
gostart = {
|
||||||
enable = true;
|
enable = true;
|
||||||
keyPath = "${config.sops.secrets.gostart.path}";
|
keyPath = "${config.sops.secrets.gostart.path}";
|
||||||
@ -419,7 +450,10 @@ in
|
|||||||
protocol = "https";
|
protocol = "https";
|
||||||
storage-backend = "local";
|
storage-backend = "local";
|
||||||
storage-local-base-path = "/var/lib/gotosocial";
|
storage-local-base-path = "/var/lib/gotosocial";
|
||||||
trusted-proxies = [ "127.0.0.1/32" "23.29.118.0/24" ];
|
trusted-proxies = [
|
||||||
|
"127.0.0.1/32"
|
||||||
|
"23.29.118.0/24"
|
||||||
|
];
|
||||||
web-template-base-dir = "${config.services.gotosocial.package}/assets/web/template/";
|
web-template-base-dir = "${config.services.gotosocial.package}/assets/web/template/";
|
||||||
web-asset-base-dir = "${config.services.gotosocial.package}/assets/web/assets/";
|
web-asset-base-dir = "${config.services.gotosocial.package}/assets/web/assets/";
|
||||||
};
|
};
|
||||||
@ -431,8 +465,10 @@ in
|
|||||||
http_listen_port = 3031;
|
http_listen_port = 3031;
|
||||||
grpc_listen_port = 0;
|
grpc_listen_port = 0;
|
||||||
};
|
};
|
||||||
positions = { filename = "/tmp/positions.yaml"; };
|
positions = {
|
||||||
clients = [{ url = "http://box.otter-alligator.ts.net:3030/loki/api/v1/push"; }];
|
filename = "/tmp/positions.yaml";
|
||||||
|
};
|
||||||
|
clients = [ { url = "http://box.otter-alligator.ts.net:3030/loki/api/v1/push"; } ];
|
||||||
scrape_configs = [
|
scrape_configs = [
|
||||||
{
|
{
|
||||||
job_name = "journal";
|
job_name = "journal";
|
||||||
@ -476,8 +512,7 @@ in
|
|||||||
cron = {
|
cron = {
|
||||||
enable = true;
|
enable = true;
|
||||||
systemCronJobs = [
|
systemCronJobs = [
|
||||||
''
|
''@hourly qbit (export GH_AUTH_TOKEN=$(cat /run/secrets/gqrss_token); cd /var/www/suah.dev/rss; ${gqrss}/bin/gqrss ; ${gqrss}/bin/gqrss -search "LibreSSL" -prefix libressl_ ) >/dev/null 2>&1''
|
||||||
@hourly qbit (export GH_AUTH_TOKEN=$(cat /run/secrets/gqrss_token); cd /var/www/suah.dev/rss; ${gqrss}/bin/gqrss ; ${gqrss}/bin/gqrss -search "LibreSSL" -prefix libressl_ ) >/dev/null 2>&1''
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -504,9 +539,15 @@ in
|
|||||||
"/var/dkim"
|
"/var/dkim"
|
||||||
];
|
];
|
||||||
|
|
||||||
timerConfig = { OnCalendar = "00:05"; };
|
timerConfig = {
|
||||||
|
OnCalendar = "00:05";
|
||||||
|
};
|
||||||
|
|
||||||
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-yearly 10" ];
|
pruneOpts = [
|
||||||
|
"--keep-daily 7"
|
||||||
|
"--keep-weekly 5"
|
||||||
|
"--keep-yearly 10"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@ -548,7 +589,11 @@ in
|
|||||||
'';
|
'';
|
||||||
|
|
||||||
upstreams = {
|
upstreams = {
|
||||||
"ssh_gitea" = { servers = { "192.168.112.4:2222" = { }; }; };
|
"ssh_gitea" = {
|
||||||
|
servers = {
|
||||||
|
"192.168.112.4:2222" = { };
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
streamConfig = ''
|
streamConfig = ''
|
||||||
@ -574,7 +619,6 @@ in
|
|||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
root = "/var/www/bolddaemon.com";
|
root = "/var/www/bolddaemon.com";
|
||||||
|
|
||||||
};
|
};
|
||||||
"notes.suah.dev" = {
|
"notes.suah.dev" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
@ -753,27 +797,26 @@ in
|
|||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
extraConfig =
|
extraConfig =
|
||||||
if config.services.gotosocial.package.version == "0.7.1"
|
if config.services.gotosocial.package.version == "0.7.1" then
|
||||||
then ''
|
''
|
||||||
# TODO: This can be removed next release
|
# TODO: This can be removed next release
|
||||||
# https://github.com/superseriousbusiness/gotosocial/issues/1419
|
# https://github.com/superseriousbusiness/gotosocial/issues/1419
|
||||||
# Workaround for missing API + Ice Cubes
|
# Workaround for missing API + Ice Cubes
|
||||||
location ~ ^/api/v1/accounts/[0-9A-Z]+/featured_tags {
|
location ~ ^/api/v1/accounts/[0-9A-Z]+/featured_tags {
|
||||||
default_type application/json;
|
default_type application/json;
|
||||||
return 200 '[]';
|
return 200 '[]';
|
||||||
}
|
}
|
||||||
''
|
''
|
||||||
else "";
|
else
|
||||||
|
"";
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
proxy_pass http://127.0.0.1:${
|
proxy_pass http://127.0.0.1:${toString config.services.gotosocial.configuration.port};
|
||||||
toString config.services.gotosocial.configuration.port
|
proxy_set_header Host $host;
|
||||||
};
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Connection "upgrade";
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
proxy_set_header Connection "upgrade";
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@ -788,65 +831,64 @@ in
|
|||||||
root = "/var/www/rss.bolddaemon.com";
|
root = "/var/www/rss.bolddaemon.com";
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
proxyPass = "http://${config.services.yarr.address}:${
|
proxyPass = "http://${config.services.yarr.address}:${toString config.services.yarr.port}";
|
||||||
toString config.services.yarr.port
|
|
||||||
}";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
"tapenet.org" = {
|
"tapenet.org" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
root = "/var/www/tapenet.org";
|
root = "/var/www/tapenet.org";
|
||||||
locations = {
|
locations =
|
||||||
"/.well-known/webfinger" = {
|
{
|
||||||
extraConfig = ''
|
"/.well-known/webfinger" = {
|
||||||
default_type 'application/json';
|
extraConfig = ''
|
||||||
|
default_type 'application/json';
|
||||||
|
|
||||||
content_by_lua_block {
|
content_by_lua_block {
|
||||||
local acct = ngx.unescape_uri(ngx.var.arg_resource)
|
local acct = ngx.unescape_uri(ngx.var.arg_resource)
|
||||||
local json = '${builtins.toJSON {
|
local json = '${
|
||||||
subject = "%s";
|
builtins.toJSON {
|
||||||
links = [
|
subject = "%s";
|
||||||
{
|
links = [
|
||||||
rel = "http://openid.net/specs/connect/1.0/issuer";
|
{
|
||||||
href = "https://git.tapenet.org/";
|
rel = "http://openid.net/specs/connect/1.0/issuer";
|
||||||
|
href = "https://git.tapenet.org/";
|
||||||
|
}
|
||||||
|
];
|
||||||
}
|
}
|
||||||
];
|
}';
|
||||||
}}';
|
local newjson, n, err = ngx.re.sub(json, "%s", acct)
|
||||||
local newjson, n, err = ngx.re.sub(json, "%s", acct)
|
if not err then
|
||||||
if not err then
|
ngx.say(newjson)
|
||||||
ngx.say(newjson)
|
else
|
||||||
else
|
ngx.say("")
|
||||||
ngx.say("")
|
end
|
||||||
end
|
return
|
||||||
return
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
||||||
|
// (
|
||||||
|
if config.services.sliding-sync.enable then
|
||||||
|
{
|
||||||
|
"/.well-known/matrix/client".extraConfig = mkMatrixWellKnown matrixClientConfig;
|
||||||
|
"/.well-known/matrix/server".extraConfig = mkMatrixWellKnown matrixServerConfig;
|
||||||
|
|
||||||
|
"/client" = mkMatrixSliderLoc;
|
||||||
|
"/_matrix/client/unstable/org.matrix.msc3575/sync" = mkMatrixSliderLoc;
|
||||||
|
|
||||||
|
"/_matrix" = mkMatrixLoc;
|
||||||
|
"/_synapse/client" = mkMatrixLoc;
|
||||||
}
|
}
|
||||||
'';
|
else
|
||||||
};
|
{
|
||||||
}
|
"/.well-known/matrix/client".extraConfig = mkMatrixWellKnown matrixClientConfig;
|
||||||
// (if config.services.sliding-sync.enable
|
"/.well-known/matrix/server".extraConfig = mkMatrixWellKnown matrixServerConfig;
|
||||||
then {
|
|
||||||
"/.well-known/matrix/client".extraConfig =
|
|
||||||
mkMatrixWellKnown matrixClientConfig;
|
|
||||||
"/.well-known/matrix/server".extraConfig =
|
|
||||||
mkMatrixWellKnown matrixServerConfig;
|
|
||||||
|
|
||||||
"/client" = mkMatrixSliderLoc;
|
"/_matrix" = mkMatrixLoc;
|
||||||
"/_matrix/client/unstable/org.matrix.msc3575/sync" =
|
"/_synapse/client" = mkMatrixLoc;
|
||||||
mkMatrixSliderLoc;
|
}
|
||||||
|
);
|
||||||
"/_matrix" = mkMatrixLoc;
|
|
||||||
"/_synapse/client" = mkMatrixLoc;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
"/.well-known/matrix/client".extraConfig =
|
|
||||||
mkMatrixWellKnown matrixClientConfig;
|
|
||||||
"/.well-known/matrix/server".extraConfig =
|
|
||||||
mkMatrixWellKnown matrixServerConfig;
|
|
||||||
|
|
||||||
"/_matrix" = mkMatrixLoc;
|
|
||||||
"/_synapse/client" = mkMatrixLoc;
|
|
||||||
});
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@ -876,11 +918,14 @@ in
|
|||||||
LC_COLLATE = "C"
|
LC_COLLATE = "C"
|
||||||
LC_CTYPE = "C";
|
LC_CTYPE = "C";
|
||||||
'';
|
'';
|
||||||
ensureDatabases = [ "synapse" "gotosocial" "syncv3" "wallabag" ];
|
ensureDatabases = [
|
||||||
|
"synapse"
|
||||||
|
"gotosocial"
|
||||||
|
"syncv3"
|
||||||
|
"wallabag"
|
||||||
|
];
|
||||||
ensureUsers = [
|
ensureUsers = [
|
||||||
{
|
{ name = "synapse_user"; }
|
||||||
name = "synapse_user";
|
|
||||||
}
|
|
||||||
{
|
{
|
||||||
name = "gotosocial";
|
name = "gotosocial";
|
||||||
ensureDBOwnership = true;
|
ensureDBOwnership = true;
|
||||||
@ -953,9 +998,7 @@ in
|
|||||||
signing_key_path = "${config.sops.secrets.synapse_signing_key.path}";
|
signing_key_path = "${config.sops.secrets.synapse_signing_key.path}";
|
||||||
url_preview_enabled = false;
|
url_preview_enabled = false;
|
||||||
plugins = with config.services.matrix-synapse.package.plugins; [ matrix-synapse-mjolnir-antispam ];
|
plugins = with config.services.matrix-synapse.package.plugins; [ matrix-synapse-mjolnir-antispam ];
|
||||||
app_service_config_files = [
|
app_service_config_files = [ "/var/lib/heisenbridge/registration.yml" ];
|
||||||
"/var/lib/heisenbridge/registration.yml"
|
|
||||||
];
|
|
||||||
database = {
|
database = {
|
||||||
name = "psycopg2";
|
name = "psycopg2";
|
||||||
args = {
|
args = {
|
||||||
@ -986,6 +1029,5 @@ in
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
system.stateVersion = "22.11";
|
system.stateVersion = "22.11";
|
||||||
}
|
}
|
||||||
|
@ -1,16 +1,23 @@
|
|||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{ config
|
{
|
||||||
, lib
|
config,
|
||||||
, modulesPath
|
lib,
|
||||||
, ...
|
modulesPath,
|
||||||
}: {
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
initrd = {
|
initrd = {
|
||||||
availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" ];
|
availableKernelModules = [
|
||||||
|
"ahci"
|
||||||
|
"xhci_pci"
|
||||||
|
"virtio_pci"
|
||||||
|
"sd_mod"
|
||||||
|
];
|
||||||
kernelModules = [ ];
|
kernelModules = [ ];
|
||||||
};
|
};
|
||||||
kernelModules = [ "wireguard" ];
|
kernelModules = [ "wireguard" ];
|
||||||
@ -22,8 +29,7 @@
|
|||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices = [{ device = "/dev/disk/by-uuid/610a3dbc-59d5-4e5b-b5de-b31402135d44"; }];
|
swapDevices = [ { device = "/dev/disk/by-uuid/610a3dbc-59d5-4e5b-b5de-b31402135d44"; } ];
|
||||||
|
|
||||||
hardware.cpu.intel.updateMicrocode =
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
||||||
}
|
}
|
||||||
|
@ -4,7 +4,9 @@ let
|
|||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPMaAm4rDxyU975Z54YiNw3itC2fGc3SaE2VaS1fai8 root@box"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPMaAm4rDxyU975Z54YiNw3itC2fGc3SaE2VaS1fai8 root@box"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq"
|
||||||
];
|
];
|
||||||
userBase = { openssh.authorizedKeys.keys = pubKeys; };
|
userBase = {
|
||||||
|
openssh.authorizedKeys.keys = pubKeys;
|
||||||
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
_module.args.isUnstable = false;
|
_module.args.isUnstable = false;
|
||||||
|
@ -1,8 +1,10 @@
|
|||||||
{ config
|
{
|
||||||
, lib
|
config,
|
||||||
, modulesPath
|
lib,
|
||||||
, ...
|
modulesPath,
|
||||||
}: {
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
@ -28,7 +30,7 @@
|
|||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices = [{ device = "/dev/disk/by-uuid/53f8fb0f-1fd8-4785-9278-343b525a23be"; }];
|
swapDevices = [ { device = "/dev/disk/by-uuid/53f8fb0f-1fd8-4785-9278-343b525a23be"; } ];
|
||||||
|
|
||||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
@ -40,6 +42,5 @@
|
|||||||
# networking.interfaces.eno3.useDHCP = lib.mkDefault true;
|
# networking.interfaces.eno3.useDHCP = lib.mkDefault true;
|
||||||
# networking.interfaces.eno4.useDHCP = lib.mkDefault true;
|
# networking.interfaces.eno4.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
hardware.cpu.intel.updateMicrocode =
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
||||||
}
|
}
|
||||||
|
@ -1,7 +1,8 @@
|
|||||||
{ config
|
{
|
||||||
, pkgs
|
config,
|
||||||
, lib
|
pkgs,
|
||||||
, ...
|
lib,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
pubKeys = [
|
pubKeys = [
|
||||||
@ -17,7 +18,10 @@ in
|
|||||||
imports = [ ./hardware-configuration.nix ];
|
imports = [ ./hardware-configuration.nix ];
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
initrd.availableKernelModules = [ "usbhid" "usb_storage" ];
|
initrd.availableKernelModules = [
|
||||||
|
"usbhid"
|
||||||
|
"usb_storage"
|
||||||
|
];
|
||||||
kernelPackages = pkgs.linuxPackages_latest;
|
kernelPackages = pkgs.linuxPackages_latest;
|
||||||
kernelModules = [ "raspberrypi_ts" ];
|
kernelModules = [ "raspberrypi_ts" ];
|
||||||
loader = {
|
loader = {
|
||||||
@ -28,13 +32,17 @@ in
|
|||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "octo";
|
hostName = "octo";
|
||||||
networkmanager = { enable = true; };
|
networkmanager = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
wireless.userControlled.enable = true;
|
wireless.userControlled.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
preDNS.enable = false;
|
preDNS.enable = false;
|
||||||
systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart =
|
systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart = lib.mkForce [
|
||||||
lib.mkForce [ "" "${pkgs.networkmanager}/bin/nm-online -q" ];
|
""
|
||||||
|
"${pkgs.networkmanager}/bin/nm-online -q"
|
||||||
|
];
|
||||||
|
|
||||||
users.users = {
|
users.users = {
|
||||||
root = userBase;
|
root = userBase;
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
{ ... }: {
|
{ ... }:
|
||||||
|
{
|
||||||
fileSystems = {
|
fileSystems = {
|
||||||
"/" = {
|
"/" = {
|
||||||
device = "/dev/disk/by-label/NIXOS_SD";
|
device = "/dev/disk/by-label/NIXOS_SD";
|
||||||
|
@ -1,6 +1,4 @@
|
|||||||
{ pkgs
|
{ pkgs, ... }:
|
||||||
, ...
|
|
||||||
}:
|
|
||||||
let
|
let
|
||||||
pubKeys = [
|
pubKeys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
|
||||||
@ -8,9 +6,7 @@ let
|
|||||||
in
|
in
|
||||||
{
|
{
|
||||||
_module.args.isUnstable = true;
|
_module.args.isUnstable = true;
|
||||||
imports = [
|
imports = [ ./hardware-configuration.nix ];
|
||||||
./hardware-configuration.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
hardware = {
|
hardware = {
|
||||||
rtl-sdr.enable = true;
|
rtl-sdr.enable = true;
|
||||||
@ -32,7 +28,10 @@ in
|
|||||||
"video=DSI-1:panel_orientation=right_side_up"
|
"video=DSI-1:panel_orientation=right_side_up"
|
||||||
];
|
];
|
||||||
|
|
||||||
kernelModules = [ "btusb" "kvm-intel" ];
|
kernelModules = [
|
||||||
|
"btusb"
|
||||||
|
"kvm-intel"
|
||||||
|
];
|
||||||
|
|
||||||
initrd = {
|
initrd = {
|
||||||
kernelModules = [
|
kernelModules = [
|
||||||
@ -53,7 +52,6 @@ in
|
|||||||
"rtsx_pci_sdmmc"
|
"rtsx_pci_sdmmc"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
nixpkgs.config.allowUnsupportedSystem = true;
|
nixpkgs.config.allowUnsupportedSystem = true;
|
||||||
@ -85,13 +83,15 @@ in
|
|||||||
services = {
|
services = {
|
||||||
xserver = {
|
xserver = {
|
||||||
dpi = 200;
|
dpi = 200;
|
||||||
xrandrHeads = [{
|
xrandrHeads = [
|
||||||
output = "DSI-1";
|
{
|
||||||
primary = true;
|
output = "DSI-1";
|
||||||
monitorConfig = ''
|
primary = true;
|
||||||
Option "Rotate" "right"
|
monitorConfig = ''
|
||||||
'';
|
Option "Rotate" "right"
|
||||||
}];
|
'';
|
||||||
|
}
|
||||||
|
];
|
||||||
};
|
};
|
||||||
power-profiles-daemon.enable = false;
|
power-profiles-daemon.enable = false;
|
||||||
tlp = {
|
tlp = {
|
||||||
@ -110,10 +110,16 @@ in
|
|||||||
|
|
||||||
users = {
|
users = {
|
||||||
users = {
|
users = {
|
||||||
root = { openssh.authorizedKeys.keys = pubKeys; };
|
root = {
|
||||||
|
openssh.authorizedKeys.keys = pubKeys;
|
||||||
|
};
|
||||||
qbit = {
|
qbit = {
|
||||||
openssh.authorizedKeys.keys = pubKeys;
|
openssh.authorizedKeys.keys = pubKeys;
|
||||||
extraGroups = [ "dialout" "libvirtd" "plugdev" ];
|
extraGroups = [
|
||||||
|
"dialout"
|
||||||
|
"libvirtd"
|
||||||
|
"plugdev"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -1,35 +1,42 @@
|
|||||||
{ config, lib, modulesPath, ... }:
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
modulesPath,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports = [
|
||||||
[
|
(modulesPath + "/hardware/network/broadcom-43xx.nix")
|
||||||
(modulesPath + "/hardware/network/broadcom-43xx.nix")
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
];
|
||||||
];
|
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
initrd = {
|
initrd = {
|
||||||
availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi" ];
|
availableKernelModules = [
|
||||||
|
"xhci_pci"
|
||||||
|
"usbhid"
|
||||||
|
"usb_storage"
|
||||||
|
"sd_mod"
|
||||||
|
"sdhci_acpi"
|
||||||
|
];
|
||||||
kernelModules = [ ];
|
kernelModules = [ ];
|
||||||
};
|
};
|
||||||
kernelModules = [ "kvm-intel" ];
|
kernelModules = [ "kvm-intel" ];
|
||||||
extraModulePackages = [ ];
|
extraModulePackages = [ ];
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/" =
|
fileSystems."/" = {
|
||||||
{
|
device = "/dev/disk/by-uuid/aa1b622f-2bce-4c7d-b344-8d11a73d738a";
|
||||||
device = "/dev/disk/by-uuid/aa1b622f-2bce-4c7d-b344-8d11a73d738a";
|
fsType = "ext4";
|
||||||
fsType = "ext4";
|
};
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/boot" =
|
fileSystems."/boot" = {
|
||||||
{
|
device = "/dev/disk/by-uuid/03B6-6D57";
|
||||||
device = "/dev/disk/by-uuid/03B6-6D57";
|
fsType = "vfat";
|
||||||
fsType = "vfat";
|
};
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices =
|
swapDevices = [ { device = "/dev/disk/by-uuid/34eac254-010b-4759-a868-08e68d22a69c"; } ];
|
||||||
[{ device = "/dev/disk/by-uuid/34eac254-010b-4759-a868-08e68d22a69c"; }];
|
|
||||||
|
|
||||||
networking.useDHCP = lib.mkDefault true;
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
@ -1,16 +1,20 @@
|
|||||||
{ pkgs
|
{
|
||||||
, lib
|
pkgs,
|
||||||
, isUnstable
|
lib,
|
||||||
, ...
|
isUnstable,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
secretAgent = "Contents/Library/LoginItems/SecretAgent.app/Contents/MacOS/SecretAgent";
|
secretAgent = "Contents/Library/LoginItems/SecretAgent.app/Contents/MacOS/SecretAgent";
|
||||||
rage =
|
rage = pkgs.writeScriptBin "rage" (import ../../bins/rage.nix { inherit pkgs; });
|
||||||
pkgs.writeScriptBin "rage" (import ../../bins/rage.nix { inherit pkgs; });
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
_module.args.isUnstable = false;
|
_module.args.isUnstable = false;
|
||||||
imports = [ ../../configs/tmux.nix ../../configs/zsh.nix ../../bins ];
|
imports = [
|
||||||
|
../../configs/tmux.nix
|
||||||
|
../../configs/zsh.nix
|
||||||
|
../../bins
|
||||||
|
];
|
||||||
|
|
||||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
|
||||||
@ -59,10 +63,7 @@ in
|
|||||||
|
|
||||||
nixpkgs.config = {
|
nixpkgs.config = {
|
||||||
allowUnfree = true;
|
allowUnfree = true;
|
||||||
allowUnfreePredicate = pkg:
|
allowUnfreePredicate = pkg: builtins.elm (lib.getName pkg) [ "obsidian" ];
|
||||||
builtins.elm (lib.getName pkg) [
|
|
||||||
"obsidian"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.variables = {
|
environment.variables = {
|
||||||
|
@ -1,7 +1,4 @@
|
|||||||
{ pkgs
|
{ pkgs, config, ... }:
|
||||||
, config
|
|
||||||
, ...
|
|
||||||
}:
|
|
||||||
let
|
let
|
||||||
#myEmacs = pkgs.callPackage ../../configs/emacs.nix { };
|
#myEmacs = pkgs.callPackage ../../configs/emacs.nix { };
|
||||||
pubKeys = [
|
pubKeys = [
|
||||||
@ -10,9 +7,7 @@ let
|
|||||||
in
|
in
|
||||||
{
|
{
|
||||||
_module.args.isUnstable = false;
|
_module.args.isUnstable = false;
|
||||||
imports = [
|
imports = [ ./hardware-configuration.nix ];
|
||||||
./hardware-configuration.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
hardware.rtl-sdr.enable = true;
|
hardware.rtl-sdr.enable = true;
|
||||||
|
|
||||||
@ -27,7 +22,10 @@ in
|
|||||||
};
|
};
|
||||||
kernelPackages = pkgs.linuxPackages_latest;
|
kernelPackages = pkgs.linuxPackages_latest;
|
||||||
|
|
||||||
binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ];
|
binfmt.emulatedSystems = [
|
||||||
|
"aarch64-linux"
|
||||||
|
"riscv64-linux"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
nixpkgs.config.allowUnsupportedSystem = true;
|
nixpkgs.config.allowUnsupportedSystem = true;
|
||||||
|
|
||||||
@ -135,10 +133,17 @@ in
|
|||||||
|
|
||||||
users = {
|
users = {
|
||||||
users = {
|
users = {
|
||||||
root = { openssh.authorizedKeys.keys = pubKeys; };
|
root = {
|
||||||
|
openssh.authorizedKeys.keys = pubKeys;
|
||||||
|
};
|
||||||
qbit = {
|
qbit = {
|
||||||
openssh.authorizedKeys.keys = pubKeys;
|
openssh.authorizedKeys.keys = pubKeys;
|
||||||
extraGroups = [ "dialout" "libvirtd" "docker" "plugdev" ];
|
extraGroups = [
|
||||||
|
"dialout"
|
||||||
|
"libvirtd"
|
||||||
|
"docker"
|
||||||
|
"plugdev"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -1,15 +1,24 @@
|
|||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{ config
|
{
|
||||||
, lib
|
config,
|
||||||
, modulesPath
|
lib,
|
||||||
, ...
|
modulesPath,
|
||||||
}: {
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
initrd.availableKernelModules = [
|
||||||
|
"nvme"
|
||||||
|
"xhci_pci"
|
||||||
|
"ahci"
|
||||||
|
"usbhid"
|
||||||
|
"usb_storage"
|
||||||
|
"sd_mod"
|
||||||
|
];
|
||||||
initrd.kernelModules = [ ];
|
initrd.kernelModules = [ ];
|
||||||
kernelModules = [ "kvm-amd" ];
|
kernelModules = [ "kvm-amd" ];
|
||||||
extraModulePackages = [ ];
|
extraModulePackages = [ ];
|
||||||
@ -27,7 +36,7 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices = [{ device = "/dev/disk/by-uuid/e14ac85b-d7b0-4a76-b9ab-a2c61fd67a5d"; }];
|
swapDevices = [ { device = "/dev/disk/by-uuid/e14ac85b-d7b0-4a76-b9ab-a2c61fd67a5d"; } ];
|
||||||
|
|
||||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
@ -37,7 +46,6 @@
|
|||||||
# networking.interfaces.enp10s0.useDHCP = lib.mkDefault true;
|
# networking.interfaces.enp10s0.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
hardware.cpu.amd.updateMicrocode =
|
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
||||||
# high-resolution display
|
# high-resolution display
|
||||||
}
|
}
|
||||||
|
@ -1,17 +1,17 @@
|
|||||||
{ config
|
{
|
||||||
, pkgs
|
config,
|
||||||
, lib
|
pkgs,
|
||||||
, ...
|
lib,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
inherit
|
inherit (builtins)
|
||||||
(builtins)
|
|
||||||
head
|
head
|
||||||
concatStringsSep
|
concatStringsSep
|
||||||
attrValues
|
attrValues
|
||||||
mapAttrs
|
mapAttrs
|
||||||
attrNames
|
attrNames
|
||||||
;# hasAttr;
|
; # hasAttr;
|
||||||
inherit (lib.attrsets) filterAttrsRecursive filterAttrs;
|
inherit (lib.attrsets) filterAttrsRecursive filterAttrs;
|
||||||
pubKeys = [
|
pubKeys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
|
||||||
@ -22,9 +22,14 @@ let
|
|||||||
|
|
||||||
wan = "enp5s0f0";
|
wan = "enp5s0f0";
|
||||||
trunk = "enp5s0f1";
|
trunk = "enp5s0f1";
|
||||||
dnsServers = [ "45.90.28.147" "45.90.30.147" ];
|
dnsServers = [
|
||||||
|
"45.90.28.147"
|
||||||
|
"45.90.30.147"
|
||||||
|
];
|
||||||
interfaces = {
|
interfaces = {
|
||||||
"${wan}" = { useDHCP = true; };
|
"${wan}" = {
|
||||||
|
useDHCP = true;
|
||||||
|
};
|
||||||
"${trunk}" = rec {
|
"${trunk}" = rec {
|
||||||
ipv4.addresses = [
|
ipv4.addresses = [
|
||||||
{
|
{
|
||||||
@ -302,7 +307,10 @@ let
|
|||||||
in
|
in
|
||||||
{
|
{
|
||||||
_module.args.isUnstable = false;
|
_module.args.isUnstable = false;
|
||||||
imports = [ ./hardware-configuration.nix ../../modules/tsvnstat.nix ];
|
imports = [
|
||||||
|
./hardware-configuration.nix
|
||||||
|
../../modules/tsvnstat.nix
|
||||||
|
];
|
||||||
|
|
||||||
boot.kernel.sysctl = {
|
boot.kernel.sysctl = {
|
||||||
"net.ipv4.conf.all.forwarding" = true;
|
"net.ipv4.conf.all.forwarding" = true;
|
||||||
@ -464,7 +472,7 @@ in
|
|||||||
{
|
{
|
||||||
name = "common";
|
name = "common";
|
||||||
advertise = true;
|
advertise = true;
|
||||||
prefix = [{ prefix = "::/64"; }];
|
prefix = [ { prefix = "::/64"; } ];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
@ -478,9 +486,7 @@ in
|
|||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--verbose=9"
|
"--verbose=9"
|
||||||
"--trace"
|
"--trace"
|
||||||
"--bind-address ${
|
"--bind-address ${(head config.networking.interfaces.lab.ipv4.addresses).address}"
|
||||||
(head config.networking.interfaces.lab.ipv4.addresses).address
|
|
||||||
}"
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -490,32 +496,45 @@ in
|
|||||||
option subnet-mask 255.255.255.0;
|
option subnet-mask 255.255.255.0;
|
||||||
option domain-name-servers ${concatStringsSep ", " dnsServers};
|
option domain-name-servers ${concatStringsSep ", " dnsServers};
|
||||||
|
|
||||||
${concatStringsSep "\n" (attrValues (mapAttrs (intf: val: ''
|
${concatStringsSep "\n" (
|
||||||
# ${intf} : ${val.info.description}
|
attrValues (
|
||||||
subnet ${val.info.net} netmask ${val.info.netmask} {
|
mapAttrs
|
||||||
option routers ${val.info.router};
|
(intf: val: ''
|
||||||
range ${val.info.dhcp.start} ${val.info.dhcp.end};
|
# ${intf} : ${val.info.description}
|
||||||
|
subnet ${val.info.net} netmask ${val.info.netmask} {
|
||||||
|
option routers ${val.info.router};
|
||||||
|
range ${val.info.dhcp.start} ${val.info.dhcp.end};
|
||||||
|
|
||||||
${
|
${
|
||||||
concatStringsSep "\n" (map (e: ''
|
concatStringsSep "\n" (
|
||||||
host ${e.name} {
|
map
|
||||||
hardware ethernet ${e.mac};
|
(e: ''
|
||||||
fixed-address ${e.address};
|
host ${e.name} {
|
||||||
|
hardware ethernet ${e.mac};
|
||||||
|
fixed-address ${e.address};
|
||||||
|
}
|
||||||
|
'')
|
||||||
|
val.info.dhcp.staticIPs
|
||||||
|
)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
'')
|
'')
|
||||||
val.info.dhcp.staticIPs)
|
(filterAttrsRecursive (n: _: n != "${wan}") interfaces)
|
||||||
}
|
)
|
||||||
}
|
)}
|
||||||
'') (filterAttrsRecursive (n: _: n != "${wan}") interfaces)))}
|
|
||||||
'';
|
'';
|
||||||
interfaces =
|
interfaces = attrNames (
|
||||||
attrNames (filterAttrs (_: v: v.info.dhcp.enable)
|
filterAttrs (_: v: v.info.dhcp.enable) (filterAttrsRecursive (n: _: n != "${wan}") interfaces)
|
||||||
(filterAttrsRecursive (n: _: n != "${wan}") interfaces));
|
);
|
||||||
# TODO: Probably a better way to pre-filter the interfaces set
|
# TODO: Probably a better way to pre-filter the interfaces set
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [ bmon termshark tcpdump ];
|
environment.systemPackages = with pkgs; [
|
||||||
|
bmon
|
||||||
|
termshark
|
||||||
|
tcpdump
|
||||||
|
];
|
||||||
|
|
||||||
users.users.root = userBase;
|
users.users.root = userBase;
|
||||||
users.users.qbit = userBase;
|
users.users.qbit = userBase;
|
||||||
|
@ -1,11 +1,13 @@
|
|||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{ config
|
{
|
||||||
, lib
|
config,
|
||||||
, modulesPath
|
lib,
|
||||||
, ...
|
modulesPath,
|
||||||
}: {
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||||
|
|
||||||
boot.loader.grub = {
|
boot.loader.grub = {
|
||||||
@ -16,10 +18,21 @@
|
|||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
initrd = {
|
initrd = {
|
||||||
availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" ];
|
availableKernelModules = [
|
||||||
|
"ehci_pci"
|
||||||
|
"ahci"
|
||||||
|
"xhci_pci"
|
||||||
|
"usb_storage"
|
||||||
|
"usbhid"
|
||||||
|
"sd_mod"
|
||||||
|
];
|
||||||
kernelModules = [ ];
|
kernelModules = [ ];
|
||||||
};
|
};
|
||||||
kernelModules = [ "nf_tables" "nf_tables_ipv6" "nf_conntrack_tftp" ];
|
kernelModules = [
|
||||||
|
"nf_tables"
|
||||||
|
"nf_tables_ipv6"
|
||||||
|
"nf_conntrack_tftp"
|
||||||
|
];
|
||||||
extraModulePackages = [ ];
|
extraModulePackages = [ ];
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -30,6 +43,5 @@
|
|||||||
|
|
||||||
swapDevices = [ ];
|
swapDevices = [ ];
|
||||||
|
|
||||||
hardware.cpu.intel.updateMicrocode =
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
||||||
}
|
}
|
||||||
|
@ -1,7 +1,4 @@
|
|||||||
{ config
|
{ config, pkgs, ... }:
|
||||||
, pkgs
|
|
||||||
, ...
|
|
||||||
}:
|
|
||||||
let
|
let
|
||||||
inherit (pkgs.vscode-utils) buildVscodeMarketplaceExtension;
|
inherit (pkgs.vscode-utils) buildVscodeMarketplaceExtension;
|
||||||
testingMode = true;
|
testingMode = true;
|
||||||
@ -16,13 +13,11 @@ let
|
|||||||
openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys;
|
openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys;
|
||||||
};
|
};
|
||||||
peerixUser =
|
peerixUser =
|
||||||
if builtins.hasAttr "peerix" config.users.users
|
if builtins.hasAttr "peerix" config.users.users then config.users.users.peerix.name else "root";
|
||||||
then config.users.users.peerix.name
|
|
||||||
else "root";
|
|
||||||
#doom-emacs = inputs.nix-doom-emacs.packages.${pkgs.system}.default.override {
|
|
||||||
# doomPrivateDir = ../../configs/doom.d;
|
|
||||||
#};
|
|
||||||
in
|
in
|
||||||
|
#doom-emacs = inputs.nix-doom-emacs.packages.${pkgs.system}.default.override {
|
||||||
|
# doomPrivateDir = ../../configs/doom.d;
|
||||||
|
#};
|
||||||
{
|
{
|
||||||
_module.args.isUnstable = true;
|
_module.args.isUnstable = true;
|
||||||
imports = [ ./hardware-configuration.nix ];
|
imports = [ ./hardware-configuration.nix ];
|
||||||
@ -37,7 +32,9 @@ in
|
|||||||
initrd = {
|
initrd = {
|
||||||
luks.devices."luks-23b20980-eb1e-4390-b706-f0f42a623ddf".device = "/dev/disk/by-uuid/23b20980-eb1e-4390-b706-f0f42a623ddf";
|
luks.devices."luks-23b20980-eb1e-4390-b706-f0f42a623ddf".device = "/dev/disk/by-uuid/23b20980-eb1e-4390-b706-f0f42a623ddf";
|
||||||
luks.devices."luks-23b20980-eb1e-4390-b706-f0f42a623ddf".keyFile = "/crypto_keyfile.bin";
|
luks.devices."luks-23b20980-eb1e-4390-b706-f0f42a623ddf".keyFile = "/crypto_keyfile.bin";
|
||||||
secrets = { "/crypto_keyfile.bin" = null; };
|
secrets = {
|
||||||
|
"/crypto_keyfile.bin" = null;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
kernelParams = [ "intel_idle.max_cstate=4" ];
|
kernelParams = [ "intel_idle.max_cstate=4" ];
|
||||||
kernelPackages = pkgs.linuxPackages;
|
kernelPackages = pkgs.linuxPackages;
|
||||||
@ -101,9 +98,18 @@ in
|
|||||||
|
|
||||||
hosts = {
|
hosts = {
|
||||||
"172.16.30.253" = [ "proxmox-02.vm.calyptix.local" ];
|
"172.16.30.253" = [ "proxmox-02.vm.calyptix.local" ];
|
||||||
"127.0.0.1" = [ "borg.calyptix.dev" "localhost" ];
|
"127.0.0.1" = [
|
||||||
"192.168.122.249" = [ "arst.arst" "vm" ];
|
"borg.calyptix.dev"
|
||||||
"192.168.8.194" = [ "router.arst" "router" ];
|
"localhost"
|
||||||
|
];
|
||||||
|
"192.168.122.249" = [
|
||||||
|
"arst.arst"
|
||||||
|
"vm"
|
||||||
|
];
|
||||||
|
"192.168.8.194" = [
|
||||||
|
"router.arst"
|
||||||
|
"router"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
networkmanager.enable = true;
|
networkmanager.enable = true;
|
||||||
@ -114,7 +120,6 @@ in
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
i18n.defaultLocale = "en_US.utf8";
|
i18n.defaultLocale = "en_US.utf8";
|
||||||
|
|
||||||
kde.enable = true;
|
kde.enable = true;
|
||||||
@ -152,14 +157,16 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
users.users.root = userBase;
|
users.users.root = userBase;
|
||||||
users.users.abieber =
|
users.users.abieber = {
|
||||||
{
|
isNormalUser = true;
|
||||||
isNormalUser = true;
|
description = "Aaron Bieber";
|
||||||
description = "Aaron Bieber";
|
shell = pkgs.zsh;
|
||||||
shell = pkgs.zsh;
|
extraGroups = [
|
||||||
extraGroups = [ "networkmanager" "wheel" "libvirtd" ];
|
"networkmanager"
|
||||||
}
|
"wheel"
|
||||||
// userBase;
|
"libvirtd"
|
||||||
|
];
|
||||||
|
} // userBase;
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
@ -261,7 +268,10 @@ in
|
|||||||
tsPeerix = {
|
tsPeerix = {
|
||||||
enable = false;
|
enable = false;
|
||||||
privateKeyFile = "${config.sops.secrets.peerix_private_key.path}";
|
privateKeyFile = "${config.sops.secrets.peerix_private_key.path}";
|
||||||
interfaces = [ "wlp170s0" "ztksevmpn3" ];
|
interfaces = [
|
||||||
|
"wlp170s0"
|
||||||
|
"ztksevmpn3"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
@ -275,7 +285,11 @@ in
|
|||||||
|
|
||||||
paths = [ "/home/abieber" ];
|
paths = [ "/home/abieber" ];
|
||||||
|
|
||||||
pruneOpts = [ "--keep-daily 7" "--keep-weekly 2" "--keep-monthly 2" ];
|
pruneOpts = [
|
||||||
|
"--keep-daily 7"
|
||||||
|
"--keep-weekly 2"
|
||||||
|
"--keep-monthly 2"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@ -299,7 +313,6 @@ in
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
system.autoUpgrade.allowReboot = false;
|
system.autoUpgrade.allowReboot = false;
|
||||||
system.stateVersion = "22.05"; # Did you read the comment?
|
system.stateVersion = "22.05"; # Did you read the comment?
|
||||||
}
|
}
|
||||||
|
@ -1,13 +1,21 @@
|
|||||||
{ pkgs
|
{
|
||||||
, lib
|
pkgs,
|
||||||
, modulesPath
|
lib,
|
||||||
, ...
|
modulesPath,
|
||||||
}: {
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
initrd = {
|
initrd = {
|
||||||
availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ];
|
availableKernelModules = [
|
||||||
|
"xhci_pci"
|
||||||
|
"thunderbolt"
|
||||||
|
"nvme"
|
||||||
|
"usb_storage"
|
||||||
|
"sd_mod"
|
||||||
|
];
|
||||||
kernelModules = [ ];
|
kernelModules = [ ];
|
||||||
luks.devices."luks-e12e4b82-6f9e-4f80-b3f4-7e9a248e7827".device = "/dev/disk/by-uuid/e12e4b82-6f9e-4f80-b3f4-7e9a248e7827";
|
luks.devices."luks-e12e4b82-6f9e-4f80-b3f4-7e9a248e7827".device = "/dev/disk/by-uuid/e12e4b82-6f9e-4f80-b3f4-7e9a248e7827";
|
||||||
};
|
};
|
||||||
@ -34,7 +42,8 @@
|
|||||||
"x-systemd.automount"
|
"x-systemd.automount"
|
||||||
|
|
||||||
(builtins.replaceStrings [ " " ] [ "\\040" ]
|
(builtins.replaceStrings [ " " ] [ "\\040" ]
|
||||||
"ssh_command=${pkgs.openssh}/bin/ssh -F /home/abieber/.ssh/config")
|
"ssh_command=${pkgs.openssh}/bin/ssh -F /home/abieber/.ssh/config"
|
||||||
|
)
|
||||||
"reconnect"
|
"reconnect"
|
||||||
"allow_other"
|
"allow_other"
|
||||||
"cache=yes"
|
"cache=yes"
|
||||||
@ -46,8 +55,7 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
swapDevices = [ { device = "/dev/disk/by-uuid/85a3b559-0c0f-485d-9107-9f6ba5ad31da"; } ];
|
||||||
swapDevices = [{ device = "/dev/disk/by-uuid/85a3b559-0c0f-485d-9107-9f6ba5ad31da"; }];
|
|
||||||
|
|
||||||
networking.useDHCP = lib.mkDefault true;
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
@ -1,7 +1,8 @@
|
|||||||
{ config
|
{
|
||||||
, pkgs
|
config,
|
||||||
, lib
|
pkgs,
|
||||||
, ...
|
lib,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
pubKeys = [
|
pubKeys = [
|
||||||
@ -22,9 +23,19 @@ in
|
|||||||
programs = { } // firefox.programs;
|
programs = { } // firefox.programs;
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
initrd.availableKernelModules = [ "usbhid" "usb_storage" "vc4" "rtc-ds3232" "rtc-ds1307" ];
|
initrd.availableKernelModules = [
|
||||||
|
"usbhid"
|
||||||
|
"usb_storage"
|
||||||
|
"vc4"
|
||||||
|
"rtc-ds3232"
|
||||||
|
"rtc-ds1307"
|
||||||
|
];
|
||||||
kernelPackages = pkgs.linuxPackages_latest;
|
kernelPackages = pkgs.linuxPackages_latest;
|
||||||
kernelModules = [ "raspberrypi_ts" "rtc-ds3232" "rtc-ds1307" ];
|
kernelModules = [
|
||||||
|
"raspberrypi_ts"
|
||||||
|
"rtc-ds3232"
|
||||||
|
"rtc-ds1307"
|
||||||
|
];
|
||||||
loader = {
|
loader = {
|
||||||
grub.enable = false;
|
grub.enable = false;
|
||||||
generic-extlinux-compatible.enable = true;
|
generic-extlinux-compatible.enable = true;
|
||||||
@ -33,7 +44,9 @@ in
|
|||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "weather";
|
hostName = "weather";
|
||||||
networkmanager = { enable = true; };
|
networkmanager = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
wireless.userControlled.enable = true;
|
wireless.userControlled.enable = true;
|
||||||
hosts."100.120.151.126" = [ "graph.tapenet.org" ];
|
hosts."100.120.151.126" = [ "graph.tapenet.org" ];
|
||||||
};
|
};
|
||||||
@ -46,8 +59,10 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
preDNS.enable = false;
|
preDNS.enable = false;
|
||||||
systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart =
|
systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart = lib.mkForce [
|
||||||
lib.mkForce [ "" "${pkgs.networkmanager}/bin/nm-online -q" ];
|
""
|
||||||
|
"${pkgs.networkmanager}/bin/nm-online -q"
|
||||||
|
];
|
||||||
services.xserver = {
|
services.xserver = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
{ ... }: {
|
{ ... }:
|
||||||
|
{
|
||||||
fileSystems = {
|
fileSystems = {
|
||||||
"/" = {
|
"/" = {
|
||||||
device = "/dev/disk/by-label/NIXOS_SD";
|
device = "/dev/disk/by-label/NIXOS_SD";
|
||||||
|
@ -1,7 +1,8 @@
|
|||||||
{ config
|
{
|
||||||
, pkgs
|
config,
|
||||||
, lib
|
pkgs,
|
||||||
, ...
|
lib,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
pubKeys = [
|
pubKeys = [
|
||||||
@ -14,9 +15,7 @@ let
|
|||||||
in
|
in
|
||||||
{
|
{
|
||||||
_module.args.isUnstable = false;
|
_module.args.isUnstable = false;
|
||||||
imports = [
|
imports = [ ./hardware-configuration.nix ];
|
||||||
./hardware-configuration.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
defaultUsers.enable = false;
|
defaultUsers.enable = false;
|
||||||
|
|
||||||
@ -35,7 +34,9 @@ in
|
|||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "wzero";
|
hostName = "wzero";
|
||||||
networkmanager = { enable = true; };
|
networkmanager = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
wireless.userControlled.enable = true;
|
wireless.userControlled.enable = true;
|
||||||
hosts."100.120.151.126" = [ "graph.tapenet.org" ];
|
hosts."100.120.151.126" = [ "graph.tapenet.org" ];
|
||||||
};
|
};
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
{ pkgs, ... }: {
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
hardware = {
|
hardware = {
|
||||||
deviceTree = {
|
deviceTree = {
|
||||||
enable = true;
|
enable = true;
|
||||||
@ -7,8 +8,6 @@
|
|||||||
|
|
||||||
enableRedistributableFirmware = true;
|
enableRedistributableFirmware = true;
|
||||||
i2c.enable = true;
|
i2c.enable = true;
|
||||||
firmware = with pkgs; [
|
firmware = with pkgs; [ raspberrypiWirelessFirmware ];
|
||||||
raspberrypiWirelessFirmware
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -39,20 +39,30 @@ in
|
|||||||
layout = "us";
|
layout = "us";
|
||||||
xkbVariant = "colemak";
|
xkbVariant = "colemak";
|
||||||
};
|
};
|
||||||
console = { keyMap = "colemak"; };
|
console = {
|
||||||
|
keyMap = "colemak";
|
||||||
|
};
|
||||||
|
|
||||||
users.users = {
|
users.users = {
|
||||||
qbit = {
|
qbit = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
description = "Aaron Bieber";
|
description = "Aaron Bieber";
|
||||||
extraGroups = [ "networkmanager" "wheel" ];
|
extraGroups = [
|
||||||
|
"networkmanager"
|
||||||
|
"wheel"
|
||||||
|
];
|
||||||
packages = [ ];
|
packages = [ ];
|
||||||
};
|
};
|
||||||
root = { openssh.authorizedKeys.keys = pubKeys; };
|
root = {
|
||||||
|
openssh.authorizedKeys.keys = pubKeys;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# neovim will overwrite my neovim!!
|
# neovim will overwrite my neovim!!
|
||||||
environment.systemPackages = with pkgs; [ neovim jq ];
|
environment.systemPackages = with pkgs; [
|
||||||
|
neovim
|
||||||
|
jq
|
||||||
|
];
|
||||||
|
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -1,13 +1,18 @@
|
|||||||
{ config
|
{
|
||||||
, lib
|
config,
|
||||||
, pkgs
|
lib,
|
||||||
, ...
|
pkgs,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
managementKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDM2k2C6Ufx5RNf4qWA9BdQHJfAkskOaqEWf8yjpySwH Nix Manager";
|
managementKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDM2k2C6Ufx5RNf4qWA9BdQHJfAkskOaqEWf8yjpySwH Nix Manager";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports = [ ./configs/colemak.nix ./configs/tmux.nix ./configs/neovim.nix ];
|
imports = [
|
||||||
|
./configs/colemak.nix
|
||||||
|
./configs/tmux.nix
|
||||||
|
./configs/neovim.nix
|
||||||
|
];
|
||||||
|
|
||||||
options.myconf = {
|
options.myconf = {
|
||||||
hwPubKeys = lib.mkOption rec {
|
hwPubKeys = lib.mkOption rec {
|
||||||
@ -103,7 +108,10 @@ in
|
|||||||
boot.tmp.cleanOnBoot = true;
|
boot.tmp.cleanOnBoot = true;
|
||||||
|
|
||||||
environment = {
|
environment = {
|
||||||
systemPackages = with pkgs; [ apg inetutils ];
|
systemPackages = with pkgs; [
|
||||||
|
apg
|
||||||
|
inetutils
|
||||||
|
];
|
||||||
|
|
||||||
interactiveShellInit = ''
|
interactiveShellInit = ''
|
||||||
alias vi=nvim
|
alias vi=nvim
|
||||||
@ -113,18 +121,19 @@ in
|
|||||||
time.timeZone = "US/Mountain";
|
time.timeZone = "US/Mountain";
|
||||||
|
|
||||||
systemd.services."setdate" =
|
systemd.services."setdate" =
|
||||||
if pkgs.system == "aarch64-linux"
|
if pkgs.system == "aarch64-linux" then
|
||||||
then {
|
{
|
||||||
description = "Set date on boot";
|
description = "Set date on boot";
|
||||||
wantedBy = [ "network-online.target" ];
|
wantedBy = [ "network-online.target" ];
|
||||||
after = [ "network-online.target" ];
|
after = [ "network-online.target" ];
|
||||||
script = ''
|
script = ''
|
||||||
. /etc/profile;
|
. /etc/profile;
|
||||||
${pkgs.outils}/bin/rdate pool.ntp.org
|
${pkgs.outils}/bin/rdate pool.ntp.org
|
||||||
'';
|
'';
|
||||||
serviceConfig.Type = "oneshot";
|
serviceConfig.Type = "oneshot";
|
||||||
}
|
}
|
||||||
else { };
|
else
|
||||||
|
{ };
|
||||||
|
|
||||||
programs = {
|
programs = {
|
||||||
zsh.enable = true;
|
zsh.enable = true;
|
||||||
@ -151,7 +160,10 @@ in
|
|||||||
settings = {
|
settings = {
|
||||||
PermitRootLogin = lib.mkForce "prohibit-password";
|
PermitRootLogin = lib.mkForce "prohibit-password";
|
||||||
PasswordAuthentication = false;
|
PasswordAuthentication = false;
|
||||||
KexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
|
KexAlgorithms = [
|
||||||
|
"curve25519-sha256"
|
||||||
|
"curve25519-sha256@libssh.org"
|
||||||
|
];
|
||||||
Macs = [
|
Macs = [
|
||||||
"hmac-sha2-512-etm@openssh.com"
|
"hmac-sha2-512-etm@openssh.com"
|
||||||
"hmac-sha2-256-etm@openssh.com"
|
"hmac-sha2-256-etm@openssh.com"
|
||||||
|
@ -1,42 +1,44 @@
|
|||||||
{ lib, ... }:
|
{ lib, ... }:
|
||||||
let
|
let
|
||||||
inherit (builtins) toString readFile fromJSON filter;
|
inherit (builtins)
|
||||||
getPrStatus = pr:
|
toString
|
||||||
|
readFile
|
||||||
|
fromJSON
|
||||||
|
filter
|
||||||
|
;
|
||||||
|
getPrStatus =
|
||||||
|
pr:
|
||||||
let
|
let
|
||||||
prstr = toString pr;
|
prstr = toString pr;
|
||||||
prStatus = fromJSON (readFile ../pull_requests/${prstr}.json);
|
prStatus = fromJSON (readFile ../pull_requests/${prstr}.json);
|
||||||
in
|
in
|
||||||
prStatus;
|
prStatus;
|
||||||
prIsOpen = {
|
prIsOpen = {
|
||||||
option = pr: a:
|
option =
|
||||||
|
pr: a:
|
||||||
let
|
let
|
||||||
prStatus = getPrStatus pr;
|
prStatus = getPrStatus pr;
|
||||||
in
|
in
|
||||||
if prStatus.status == "open"
|
if prStatus.status == "open" then a else { };
|
||||||
then a
|
pkg =
|
||||||
else { };
|
pr: localPkg: upstreamPkg:
|
||||||
pkg = pr: localPkg: upstreamPkg:
|
|
||||||
let
|
let
|
||||||
prStatus = getPrStatus pr;
|
prStatus = getPrStatus pr;
|
||||||
in
|
in
|
||||||
if prStatus.status == "open"
|
if prStatus.status == "open" then
|
||||||
then localPkg
|
localPkg
|
||||||
else
|
else
|
||||||
lib.warn
|
lib.warn "PR: ${toString pr} (${prStatus.title}) is complete, ignoring pkg..." upstreamPkg;
|
||||||
"PR: ${toString pr} (${prStatus.title}) is complete, ignoring pkg..."
|
|
||||||
upstreamPkg;
|
|
||||||
|
|
||||||
overlay = pr: overlay:
|
overlay =
|
||||||
|
pr: overlay:
|
||||||
let
|
let
|
||||||
prStatus = getPrStatus pr;
|
prStatus = getPrStatus pr;
|
||||||
in
|
in
|
||||||
if pr == 0 || prStatus.status == "open"
|
if pr == 0 || prStatus.status == "open" then
|
||||||
then overlay
|
overlay
|
||||||
else
|
else
|
||||||
lib.warn "PR: ${
|
lib.warn "PR: ${toString pr} (${prStatus.title}) is complete, ignoring overlay..." (_: _: { });
|
||||||
toString pr
|
|
||||||
} (${prStatus.title}) is complete, ignoring overlay..."
|
|
||||||
(_: _: { });
|
|
||||||
};
|
};
|
||||||
|
|
||||||
todo = msg: lib.warn "TODO: ${msg}";
|
todo = msg: lib.warn "TODO: ${msg}";
|
||||||
@ -54,7 +56,9 @@ let
|
|||||||
value = {
|
value = {
|
||||||
script = mkCronScript "${job.name}_script" job.script;
|
script = mkCronScript "${job.name}_script" job.script;
|
||||||
inherit (job) startAt path;
|
inherit (job) startAt path;
|
||||||
serviceConfig = { Type = "oneshot"; };
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
jobToService = job: {
|
jobToService = job: {
|
||||||
@ -68,7 +72,8 @@ let
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
buildShell = pkgs:
|
buildShell =
|
||||||
|
pkgs:
|
||||||
pkgs.mkShell {
|
pkgs.mkShell {
|
||||||
shellHook = ''
|
shellHook = ''
|
||||||
PS1='\u@\h:\w; '
|
PS1='\u@\h:\w; '
|
||||||
@ -97,7 +102,8 @@ let
|
|||||||
# Set our configurationRevison based on the status of our git repo.
|
# Set our configurationRevison based on the status of our git repo.
|
||||||
# If the repo is dirty, disable autoUpgrade as it means we are
|
# If the repo is dirty, disable autoUpgrade as it means we are
|
||||||
# testing something.
|
# testing something.
|
||||||
buildVer = self:
|
buildVer =
|
||||||
|
self:
|
||||||
let
|
let
|
||||||
state = self.rev or "DIRTY";
|
state = self.rev or "DIRTY";
|
||||||
in
|
in
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
{ ... }: {
|
{ ... }:
|
||||||
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./golink.nix
|
./golink.nix
|
||||||
./gotosocial.nix
|
./gotosocial.nix
|
||||||
|
@ -1,9 +1,11 @@
|
|||||||
{ config
|
{
|
||||||
, lib
|
config,
|
||||||
, pkgs
|
lib,
|
||||||
, ...
|
pkgs,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
with pkgs; let
|
with pkgs;
|
||||||
|
let
|
||||||
cfg = config.services.golink;
|
cfg = config.services.golink;
|
||||||
golink = callPackage ../pkgs/golink.nix { };
|
golink = callPackage ../pkgs/golink.nix { };
|
||||||
in
|
in
|
||||||
@ -13,7 +15,12 @@ in
|
|||||||
enable = mkEnableOption "Enable golink";
|
enable = mkEnableOption "Enable golink";
|
||||||
|
|
||||||
user = mkOption {
|
user = mkOption {
|
||||||
type = with types; oneOf [ str int ];
|
type =
|
||||||
|
with types;
|
||||||
|
oneOf [
|
||||||
|
str
|
||||||
|
int
|
||||||
|
];
|
||||||
default = "golink";
|
default = "golink";
|
||||||
description = ''
|
description = ''
|
||||||
The user the service will use.
|
The user the service will use.
|
||||||
@ -37,7 +44,12 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
group = mkOption {
|
group = mkOption {
|
||||||
type = with types; oneOf [ str int ];
|
type =
|
||||||
|
with types;
|
||||||
|
oneOf [
|
||||||
|
str
|
||||||
|
int
|
||||||
|
];
|
||||||
default = "golink";
|
default = "golink";
|
||||||
description = ''
|
description = ''
|
||||||
The user the service will use.
|
The user the service will use.
|
||||||
|
@ -1,18 +1,19 @@
|
|||||||
{ config
|
{
|
||||||
, lib
|
config,
|
||||||
, pkgs
|
lib,
|
||||||
, ...
|
pkgs,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
with pkgs; let
|
with pkgs;
|
||||||
|
let
|
||||||
cfg = config.services.gotosocial;
|
cfg = config.services.gotosocial;
|
||||||
gotosocial = callPackage ../pkgs/gotosocial.nix { };
|
gotosocial = callPackage ../pkgs/gotosocial.nix { };
|
||||||
settingsFormat = pkgs.formats.json { };
|
settingsFormat = pkgs.formats.json { };
|
||||||
settingsType = settingsFormat.type;
|
settingsType = settingsFormat.type;
|
||||||
prettyJSON = conf:
|
prettyJSON =
|
||||||
|
conf:
|
||||||
pkgs.runCommandLocal "gotosocial-config.json" { } ''
|
pkgs.runCommandLocal "gotosocial-config.json" { } ''
|
||||||
echo '${
|
echo '${builtins.toJSON conf}' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out
|
||||||
builtins.toJSON conf
|
|
||||||
}' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out
|
|
||||||
'';
|
'';
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
@ -21,7 +22,12 @@ in
|
|||||||
enable = mkEnableOption "Enable gotosocial";
|
enable = mkEnableOption "Enable gotosocial";
|
||||||
|
|
||||||
user = mkOption {
|
user = mkOption {
|
||||||
type = with types; oneOf [ str int ];
|
type =
|
||||||
|
with types;
|
||||||
|
oneOf [
|
||||||
|
str
|
||||||
|
int
|
||||||
|
];
|
||||||
default = "gotosocial";
|
default = "gotosocial";
|
||||||
description = ''
|
description = ''
|
||||||
The user the service will use.
|
The user the service will use.
|
||||||
@ -29,7 +35,12 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
group = mkOption {
|
group = mkOption {
|
||||||
type = with types; oneOf [ str int ];
|
type =
|
||||||
|
with types;
|
||||||
|
oneOf [
|
||||||
|
str
|
||||||
|
int
|
||||||
|
];
|
||||||
default = "gotosocial";
|
default = "gotosocial";
|
||||||
description = ''
|
description = ''
|
||||||
The user the service will use.
|
The user the service will use.
|
||||||
@ -74,9 +85,7 @@ in
|
|||||||
|
|
||||||
RuntimeDirectory = "/var/lib/gotosocial";
|
RuntimeDirectory = "/var/lib/gotosocial";
|
||||||
|
|
||||||
ExecStart = "${cfg.package}/bin/gotosocial --config-path ${
|
ExecStart = "${cfg.package}/bin/gotosocial --config-path ${prettyJSON cfg.configuration} server start";
|
||||||
prettyJSON cfg.configuration
|
|
||||||
} server start";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -1,18 +1,19 @@
|
|||||||
{ config
|
{
|
||||||
, lib
|
config,
|
||||||
, pkgs
|
lib,
|
||||||
, ...
|
pkgs,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
with pkgs; let
|
with pkgs;
|
||||||
|
let
|
||||||
cfg = config.services.rtlamr2mqtt;
|
cfg = config.services.rtlamr2mqtt;
|
||||||
rtlamr2mqtt = pkgs.python3Packages.callPackage ../pkgs/rtlamr2mqtt.nix { };
|
rtlamr2mqtt = pkgs.python3Packages.callPackage ../pkgs/rtlamr2mqtt.nix { };
|
||||||
settingsFormat = pkgs.formats.json { };
|
settingsFormat = pkgs.formats.json { };
|
||||||
settingsType = settingsFormat.type;
|
settingsType = settingsFormat.type;
|
||||||
prettyJSON = conf:
|
prettyJSON =
|
||||||
|
conf:
|
||||||
pkgs.runCommandLocal "rtlamr2mqtt-config.json" { } ''
|
pkgs.runCommandLocal "rtlamr2mqtt-config.json" { } ''
|
||||||
echo '${
|
echo '${builtins.toJSON conf}' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out
|
||||||
builtins.toJSON conf
|
|
||||||
}' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out
|
|
||||||
'';
|
'';
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
@ -21,7 +22,12 @@ in
|
|||||||
enable = mkEnableOption "Enable rtlamr2mqtt";
|
enable = mkEnableOption "Enable rtlamr2mqtt";
|
||||||
|
|
||||||
user = mkOption {
|
user = mkOption {
|
||||||
type = with types; oneOf [ str int ];
|
type =
|
||||||
|
with types;
|
||||||
|
oneOf [
|
||||||
|
str
|
||||||
|
int
|
||||||
|
];
|
||||||
default = "rtlamr2mqtt";
|
default = "rtlamr2mqtt";
|
||||||
description = ''
|
description = ''
|
||||||
The user the service will use.
|
The user the service will use.
|
||||||
@ -29,7 +35,12 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
group = mkOption {
|
group = mkOption {
|
||||||
type = with types; oneOf [ str int ];
|
type =
|
||||||
|
with types;
|
||||||
|
oneOf [
|
||||||
|
str
|
||||||
|
int
|
||||||
|
];
|
||||||
default = "rtlamr2mqtt";
|
default = "rtlamr2mqtt";
|
||||||
description = ''
|
description = ''
|
||||||
The user the service will use.
|
The user the service will use.
|
||||||
|
@ -1,7 +1,8 @@
|
|||||||
{ lib
|
{
|
||||||
, config
|
lib,
|
||||||
, pkgs
|
config,
|
||||||
, ...
|
pkgs,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
cfg = config.services.sliding-sync;
|
cfg = config.services.sliding-sync;
|
||||||
@ -12,7 +13,12 @@ in
|
|||||||
enable = lib.mkEnableOption "Enable sliding-sync";
|
enable = lib.mkEnableOption "Enable sliding-sync";
|
||||||
|
|
||||||
user = mkOption {
|
user = mkOption {
|
||||||
type = with types; oneOf [ str int ];
|
type =
|
||||||
|
with types;
|
||||||
|
oneOf [
|
||||||
|
str
|
||||||
|
int
|
||||||
|
];
|
||||||
default = "syncv3";
|
default = "syncv3";
|
||||||
description = ''
|
description = ''
|
||||||
The user the service will use.
|
The user the service will use.
|
||||||
@ -20,7 +26,12 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
group = mkOption {
|
group = mkOption {
|
||||||
type = with types; oneOf [ str int ];
|
type =
|
||||||
|
with types;
|
||||||
|
oneOf [
|
||||||
|
str
|
||||||
|
int
|
||||||
|
];
|
||||||
default = "syncv3";
|
default = "syncv3";
|
||||||
description = ''
|
description = ''
|
||||||
The group the service will use.
|
The group the service will use.
|
||||||
@ -82,7 +93,10 @@ in
|
|||||||
enable = true;
|
enable = true;
|
||||||
description = "sliding-sync server";
|
description = "sliding-sync server";
|
||||||
wantedBy = [ "network-online.target" ];
|
wantedBy = [ "network-online.target" ];
|
||||||
after = [ "network-online.target" "matrix-synapse.service" ];
|
after = [
|
||||||
|
"network-online.target"
|
||||||
|
"matrix-synapse.service"
|
||||||
|
];
|
||||||
|
|
||||||
environment = {
|
environment = {
|
||||||
HOME = "${cfg.dataDir}";
|
HOME = "${cfg.dataDir}";
|
||||||
|
@ -1,7 +1,8 @@
|
|||||||
{ config
|
{
|
||||||
, lib
|
config,
|
||||||
, pkgs
|
lib,
|
||||||
, ...
|
pkgs,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
perl = "${pkgs.perl}/bin/perl";
|
perl = "${pkgs.perl}/bin/perl";
|
||||||
|
@ -1,7 +1,8 @@
|
|||||||
{ lib
|
{
|
||||||
, config
|
lib,
|
||||||
, pkgs
|
config,
|
||||||
, ...
|
pkgs,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
cfg = config.services.tsrevprox;
|
cfg = config.services.tsrevprox;
|
||||||
@ -36,7 +37,12 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
user = mkOption {
|
user = mkOption {
|
||||||
type = with types; oneOf [ str int ];
|
type =
|
||||||
|
with types;
|
||||||
|
oneOf [
|
||||||
|
str
|
||||||
|
int
|
||||||
|
];
|
||||||
default = "tsrevprox";
|
default = "tsrevprox";
|
||||||
description = ''
|
description = ''
|
||||||
The user the service will use.
|
The user the service will use.
|
||||||
@ -44,7 +50,12 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
group = mkOption {
|
group = mkOption {
|
||||||
type = with types; oneOf [ str int ];
|
type =
|
||||||
|
with types;
|
||||||
|
oneOf [
|
||||||
|
str
|
||||||
|
int
|
||||||
|
];
|
||||||
default = "tsrevprox";
|
default = "tsrevprox";
|
||||||
description = ''
|
description = ''
|
||||||
The group the service will use.
|
The group the service will use.
|
||||||
@ -90,15 +101,15 @@ in
|
|||||||
wantedBy = [ "network-online.target" ];
|
wantedBy = [ "network-online.target" ];
|
||||||
after = [ "network-online.target" ];
|
after = [ "network-online.target" ];
|
||||||
|
|
||||||
environment = { HOME = "${cfg.dataDir}"; };
|
environment = {
|
||||||
|
HOME = "${cfg.dataDir}";
|
||||||
|
};
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
Group = cfg.group;
|
Group = cfg.group;
|
||||||
|
|
||||||
ExecStart = "${cfg.package}/bin/ts-reverse-proxy -name ${cfg.reverseName} -port ${
|
ExecStart = "${cfg.package}/bin/ts-reverse-proxy -name ${cfg.reverseName} -port ${toString cfg.reversePort} -ip ${cfg.reverseIP}";
|
||||||
toString cfg.reversePort
|
|
||||||
} -ip ${cfg.reverseIP}";
|
|
||||||
#EnvironmentFile = cfg.envFile;
|
#EnvironmentFile = cfg.envFile;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -1,10 +1,12 @@
|
|||||||
{ config
|
{
|
||||||
, lib
|
config,
|
||||||
, pkgs
|
lib,
|
||||||
, inputs
|
pkgs,
|
||||||
, ...
|
inputs,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
with pkgs; let
|
with pkgs;
|
||||||
|
let
|
||||||
cfg = config.services.tsvnstat;
|
cfg = config.services.tsvnstat;
|
||||||
inherit (inputs.tsvnstat.packages.${pkgs.system}) tsvnstat;
|
inherit (inputs.tsvnstat.packages.${pkgs.system}) tsvnstat;
|
||||||
in
|
in
|
||||||
@ -14,7 +16,12 @@ in
|
|||||||
enable = mkEnableOption "Enable tsvnstat";
|
enable = mkEnableOption "Enable tsvnstat";
|
||||||
|
|
||||||
user = mkOption {
|
user = mkOption {
|
||||||
type = with types; oneOf [ str int ];
|
type =
|
||||||
|
with types;
|
||||||
|
oneOf [
|
||||||
|
str
|
||||||
|
int
|
||||||
|
];
|
||||||
default = "tsvnstat";
|
default = "tsvnstat";
|
||||||
description = ''
|
description = ''
|
||||||
The user the service will use.
|
The user the service will use.
|
||||||
@ -22,7 +29,12 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
keyPath = mkOption {
|
keyPath = mkOption {
|
||||||
type = with types; oneOf [ path str ];
|
type =
|
||||||
|
with types;
|
||||||
|
oneOf [
|
||||||
|
path
|
||||||
|
str
|
||||||
|
];
|
||||||
default = "";
|
default = "";
|
||||||
description = ''
|
description = ''
|
||||||
Path to the TS API key file
|
Path to the TS API key file
|
||||||
@ -38,7 +50,12 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
group = mkOption {
|
group = mkOption {
|
||||||
type = with types; oneOf [ str int ];
|
type =
|
||||||
|
with types;
|
||||||
|
oneOf [
|
||||||
|
str
|
||||||
|
int
|
||||||
|
];
|
||||||
default = "tsvnstat";
|
default = "tsvnstat";
|
||||||
description = ''
|
description = ''
|
||||||
The user the service will use.
|
The user the service will use.
|
||||||
@ -88,7 +105,9 @@ in
|
|||||||
CacheDirectoryMode = "0755";
|
CacheDirectoryMode = "0755";
|
||||||
|
|
||||||
ExecStart = ''
|
ExecStart = ''
|
||||||
${cfg.package}/bin/tsvnstat -vnstati ${pkgs.vnstat}/bin/vnstati -name ${cfg.nodeName} ${lib.optionalString (cfg.keyPath != "") "-key ${cfg.keyPath}"}
|
${cfg.package}/bin/tsvnstat -vnstati ${pkgs.vnstat}/bin/vnstati -name ${cfg.nodeName} ${
|
||||||
|
lib.optionalString (cfg.keyPath != "") "-key ${cfg.keyPath}"
|
||||||
|
}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -1,9 +1,11 @@
|
|||||||
{ config
|
{
|
||||||
, lib
|
config,
|
||||||
, pkgs
|
lib,
|
||||||
, ...
|
pkgs,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
with pkgs; let
|
with pkgs;
|
||||||
|
let
|
||||||
cfg = config.services.veilid-server;
|
cfg = config.services.veilid-server;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
@ -11,13 +13,23 @@ in
|
|||||||
services.veilid-server = {
|
services.veilid-server = {
|
||||||
enable = mkEnableOption "Enable velid-server";
|
enable = mkEnableOption "Enable velid-server";
|
||||||
user = mkOption {
|
user = mkOption {
|
||||||
type = with types; oneOf [ str int ];
|
type =
|
||||||
|
with types;
|
||||||
|
oneOf [
|
||||||
|
str
|
||||||
|
int
|
||||||
|
];
|
||||||
default = "veilid";
|
default = "veilid";
|
||||||
description = "The user veilid-server will run as.";
|
description = "The user veilid-server will run as.";
|
||||||
};
|
};
|
||||||
|
|
||||||
group = mkOption {
|
group = mkOption {
|
||||||
type = with types; oneOf [ str int ];
|
type =
|
||||||
|
with types;
|
||||||
|
oneOf [
|
||||||
|
str
|
||||||
|
int
|
||||||
|
];
|
||||||
default = "veilid";
|
default = "veilid";
|
||||||
description = "The group veilid-server will run with.";
|
description = "The group veilid-server will run with.";
|
||||||
};
|
};
|
||||||
|
@ -1,19 +1,29 @@
|
|||||||
{ lib
|
{
|
||||||
, config
|
lib,
|
||||||
, pkgs
|
config,
|
||||||
, ...
|
pkgs,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.services.wallabag;
|
cfg = config.services.wallabag;
|
||||||
inherit (builtins) toJSON;
|
inherit (builtins) toJSON;
|
||||||
inherit (lib) mkOption mkEnableOption types mkIf;
|
inherit (lib)
|
||||||
wallabag = pkgs.wallabag.overrideAttrs (old: {
|
mkOption
|
||||||
patches = builtins.filter (patch: builtins.baseNameOf patch != "wallabag-data.patch") old.patches ++ [
|
mkEnableOption
|
||||||
# https://github.com/jtojnar/nixfiles/commit/662ac88e3358e9b50468c4bbf124aa821e22cae4
|
types
|
||||||
./wallabag-data-location.patch
|
mkIf
|
||||||
];
|
;
|
||||||
});
|
wallabag = pkgs.wallabag.overrideAttrs (
|
||||||
|
old: {
|
||||||
|
patches =
|
||||||
|
builtins.filter (patch: builtins.baseNameOf patch != "wallabag-data.patch") old.patches
|
||||||
|
++ [
|
||||||
|
# https://github.com/jtojnar/nixfiles/commit/662ac88e3358e9b50468c4bbf124aa821e22cae4
|
||||||
|
./wallabag-data-location.patch
|
||||||
|
];
|
||||||
|
}
|
||||||
|
);
|
||||||
wallabagConfig = toJSON {
|
wallabagConfig = toJSON {
|
||||||
parameters = {
|
parameters = {
|
||||||
#database_driver = "pdo_sqlite";
|
#database_driver = "pdo_sqlite";
|
||||||
@ -80,10 +90,14 @@ let
|
|||||||
sentry_dsn = null;
|
sentry_dsn = null;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
php = pkgs.php.withExtensions ({ enabled, all }: enabled ++ (with all; [
|
php = pkgs.php.withExtensions (
|
||||||
imagick
|
{ enabled, all }:
|
||||||
tidy
|
enabled
|
||||||
]));
|
++ (with all; [
|
||||||
|
imagick
|
||||||
|
tidy
|
||||||
|
])
|
||||||
|
);
|
||||||
wallabagServiceConfig = {
|
wallabagServiceConfig = {
|
||||||
CacheDirectory = "wallabag";
|
CacheDirectory = "wallabag";
|
||||||
CacheDirectoryMode = "700";
|
CacheDirectoryMode = "700";
|
||||||
@ -123,17 +137,26 @@ in
|
|||||||
description = "wallabag data directory";
|
description = "wallabag data directory";
|
||||||
};
|
};
|
||||||
user = mkOption {
|
user = mkOption {
|
||||||
type = with types; oneOf [ str int ];
|
type =
|
||||||
|
with types;
|
||||||
|
oneOf [
|
||||||
|
str
|
||||||
|
int
|
||||||
|
];
|
||||||
default = "wallabag";
|
default = "wallabag";
|
||||||
description = "The user wallabag will run as.";
|
description = "The user wallabag will run as.";
|
||||||
};
|
};
|
||||||
|
|
||||||
group = mkOption {
|
group = mkOption {
|
||||||
type = with types; oneOf [ str int ];
|
type =
|
||||||
|
with types;
|
||||||
|
oneOf [
|
||||||
|
str
|
||||||
|
int
|
||||||
|
];
|
||||||
default = "wallabag";
|
default = "wallabag";
|
||||||
description = "The group wallabag will run with.";
|
description = "The group wallabag will run with.";
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
@ -214,7 +237,11 @@ in
|
|||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
before = [ "phpfpm-wallabag.service" ];
|
before = [ "phpfpm-wallabag.service" ];
|
||||||
after = [ "postgresql.service" ];
|
after = [ "postgresql.service" ];
|
||||||
path = with pkgs; [ coreutils php phpPackages.composer ];
|
path = with pkgs; [
|
||||||
|
coreutils
|
||||||
|
php
|
||||||
|
phpPackages.composer
|
||||||
|
];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
|
@ -1,9 +1,11 @@
|
|||||||
{ config
|
{
|
||||||
, lib
|
config,
|
||||||
, pkgs
|
lib,
|
||||||
, ...
|
pkgs,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
with pkgs; let
|
with pkgs;
|
||||||
|
let
|
||||||
cfg = config.services.yarr;
|
cfg = config.services.yarr;
|
||||||
yarr = callPackage ../pkgs/yarr.nix { };
|
yarr = callPackage ../pkgs/yarr.nix { };
|
||||||
in
|
in
|
||||||
@ -51,7 +53,12 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
user = mkOption {
|
user = mkOption {
|
||||||
type = with types; oneOf [ str int ];
|
type =
|
||||||
|
with types;
|
||||||
|
oneOf [
|
||||||
|
str
|
||||||
|
int
|
||||||
|
];
|
||||||
default = "yarr";
|
default = "yarr";
|
||||||
description = ''
|
description = ''
|
||||||
The user the service will use.
|
The user the service will use.
|
||||||
@ -59,7 +66,12 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
group = mkOption {
|
group = mkOption {
|
||||||
type = with types; oneOf [ str int ];
|
type =
|
||||||
|
with types;
|
||||||
|
oneOf [
|
||||||
|
str
|
||||||
|
int
|
||||||
|
];
|
||||||
default = "yarr";
|
default = "yarr";
|
||||||
description = ''
|
description = ''
|
||||||
The user the service will use.
|
The user the service will use.
|
||||||
@ -95,9 +107,7 @@ in
|
|||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
Group = cfg.group;
|
Group = cfg.group;
|
||||||
|
|
||||||
ExecStart = "${cfg.package}/bin/yarr -addr ${cfg.address}:${
|
ExecStart = "${cfg.package}/bin/yarr -addr ${cfg.address}:${toString cfg.port} -db ${cfg.dbPath} -auth-file ${cfg.authFilePath}";
|
||||||
toString cfg.port
|
|
||||||
} -db ${cfg.dbPath} -auth-file ${cfg.authFilePath}";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -1,11 +1,8 @@
|
|||||||
{ config
|
{ config, lib, ... }:
|
||||||
, lib
|
with lib;
|
||||||
, ...
|
let
|
||||||
}:
|
|
||||||
with lib; let
|
|
||||||
cfg = config.services.xin-monitoring;
|
cfg = config.services.xin-monitoring;
|
||||||
inherit
|
inherit (builtins)
|
||||||
(builtins)
|
|
||||||
readFile
|
readFile
|
||||||
concatStringsSep
|
concatStringsSep
|
||||||
attrValues
|
attrValues
|
||||||
@ -14,34 +11,43 @@ with lib; let
|
|||||||
;
|
;
|
||||||
|
|
||||||
nginxCfg = config.services.nginx;
|
nginxCfg = config.services.nginx;
|
||||||
buildFSChecker = fsList: (concatStringsSep "\n" (attrValues (mapAttrs
|
buildFSChecker =
|
||||||
(f: v:
|
fsList:
|
||||||
if v.fsType != "sshfs"
|
(concatStringsSep "\n" (
|
||||||
then ''
|
attrValues (
|
||||||
check filesystem ${replaceStrings ["/"] ["_"] f} with path ${f}
|
mapAttrs
|
||||||
if space usage > 90% then alert
|
(
|
||||||
if inode usage > 90% then alert
|
f: v:
|
||||||
''
|
if v.fsType != "sshfs" then
|
||||||
else "")
|
''
|
||||||
fsList)));
|
check filesystem ${replaceStrings [ "/" ] [ "_" ] f} with path ${f}
|
||||||
buildNginxChecker = vhostList: (concatStringsSep "\n" (attrValues (mapAttrs
|
if space usage > 90% then alert
|
||||||
(f: v: ''
|
if inode usage > 90% then alert
|
||||||
check host ${f} with address ${f}
|
''
|
||||||
if failed port 80 protocol http then alert
|
else
|
||||||
${
|
""
|
||||||
if v.enableACME
|
)
|
||||||
then "if failed port 443 protocol https then alert"
|
fsList
|
||||||
else ""
|
)
|
||||||
}
|
));
|
||||||
'')
|
buildNginxChecker =
|
||||||
vhostList)));
|
vhostList:
|
||||||
|
(concatStringsSep "\n" (
|
||||||
|
attrValues (
|
||||||
|
mapAttrs
|
||||||
|
(f: v: ''
|
||||||
|
check host ${f} with address ${f}
|
||||||
|
if failed port 80 protocol http then alert
|
||||||
|
${if v.enableACME then "if failed port 443 protocol https then alert" else ""}
|
||||||
|
'')
|
||||||
|
vhostList
|
||||||
|
)
|
||||||
|
));
|
||||||
nginxChecks =
|
nginxChecks =
|
||||||
if nginxCfg.enable
|
if nginxCfg.enable then
|
||||||
then
|
if config.networking.hostName == "h" then (buildNginxChecker nginxCfg.virtualHosts) else ""
|
||||||
if config.networking.hostName == "h"
|
else
|
||||||
then (buildNginxChecker nginxCfg.virtualHosts)
|
"";
|
||||||
else ""
|
|
||||||
else "";
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
|
@ -1,12 +1,14 @@
|
|||||||
let
|
let
|
||||||
_1password-gui = _: super: {
|
_1password-gui = _: super: {
|
||||||
_1password-gui = super._1password-gui.overrideAttrs (_: rec {
|
_1password-gui = super._1password-gui.overrideAttrs (
|
||||||
version = "8.10.7";
|
_: rec {
|
||||||
src = super.fetchurl {
|
version = "8.10.7";
|
||||||
url = "https://downloads.1password.com/linux/tar/stable/x86_64/1password-${version}.x64.tar.gz";
|
src = super.fetchurl {
|
||||||
sha256 = "sha256-5KMAzstoPmNgFejp21R8PcdrmUtkX3qxHYX3rV5JqyE=";
|
url = "https://downloads.1password.com/linux/tar/stable/x86_64/1password-${version}.x64.tar.gz";
|
||||||
};
|
sha256 = "sha256-5KMAzstoPmNgFejp21R8PcdrmUtkX3qxHYX3rV5JqyE=";
|
||||||
});
|
};
|
||||||
|
}
|
||||||
|
);
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
_1password-gui
|
_1password-gui
|
||||||
|
@ -13,24 +13,29 @@ let
|
|||||||
propagatedBuildInputs = with super.perlPackages; [ Future ];
|
propagatedBuildInputs = with super.perlPackages; [ Future ];
|
||||||
meta = {
|
meta = {
|
||||||
description = "A FIFO queue of values that uses L<Future>s";
|
description = "A FIFO queue of values that uses L<Future>s";
|
||||||
license = with super.lib.licenses; [ artistic1 gpl1Plus ];
|
license = with super.lib.licenses; [
|
||||||
|
artistic1
|
||||||
|
gpl1Plus
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
super.PLS.overrideAttrs (_: {
|
super.PLS.overrideAttrs (
|
||||||
propagatedBuildInputs = with super.perlPackages; [
|
_: {
|
||||||
Future
|
propagatedBuildInputs = with super.perlPackages; [
|
||||||
FutureQueue
|
Future
|
||||||
IOAsync
|
FutureQueue
|
||||||
PPI
|
IOAsync
|
||||||
PPR
|
PPI
|
||||||
PathTiny
|
PPR
|
||||||
PerlCritic
|
PathTiny
|
||||||
PerlTidy
|
PerlCritic
|
||||||
PodMarkdown
|
PerlTidy
|
||||||
URI
|
PodMarkdown
|
||||||
];
|
URI
|
||||||
});
|
];
|
||||||
|
}
|
||||||
|
);
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
perlPackages
|
perlPackages
|
||||||
|
@ -1,12 +1,14 @@
|
|||||||
let
|
let
|
||||||
bruno = _: super: {
|
bruno = _: super: {
|
||||||
bruno = super.bruno.overrideAttrs (_: rec {
|
bruno = super.bruno.overrideAttrs (
|
||||||
version = "0.25.0";
|
_: rec {
|
||||||
src = super.fetchurl {
|
version = "0.25.0";
|
||||||
url = "https://github.com/usebruno/bruno/releases/download/v${version}/bruno_${version}_amd64_linux.deb";
|
src = super.fetchurl {
|
||||||
hash = "sha256-h7GBZaYKHwZnGNZGcVtyV0cJa8EgsulDsFIB3ggYGng=";
|
url = "https://github.com/usebruno/bruno/releases/download/v${version}/bruno_${version}_amd64_linux.deb";
|
||||||
};
|
hash = "sha256-h7GBZaYKHwZnGNZGcVtyV0cJa8EgsulDsFIB3ggYGng=";
|
||||||
});
|
};
|
||||||
|
}
|
||||||
|
);
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
bruno
|
bruno
|
||||||
|
@ -1,17 +1,12 @@
|
|||||||
{ isUnstable
|
{ isUnstable, xinlib, ... }:
|
||||||
, xinlib
|
|
||||||
, ...
|
|
||||||
}:
|
|
||||||
let
|
let
|
||||||
inherit (xinlib) prIsOpen;
|
inherit (xinlib) prIsOpen;
|
||||||
matrix-synapse = prIsOpen.overlay 0 (import ./matrix-synapse.nix);
|
matrix-synapse = prIsOpen.overlay 0 (import ./matrix-synapse.nix);
|
||||||
heisenbridge = prIsOpen.overlay 0 (import ./heisenbridge.nix);
|
heisenbridge = prIsOpen.overlay 0 (import ./heisenbridge.nix);
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
nixpkgs.overlays = [ heisenbridge matrix-synapse ] ++
|
nixpkgs.overlays = [
|
||||||
(if isUnstable
|
heisenbridge
|
||||||
then [
|
matrix-synapse
|
||||||
]
|
] ++ (if isUnstable then [ ] else [ ]);
|
||||||
else [
|
|
||||||
]);
|
|
||||||
}
|
}
|
||||||
|
@ -1,17 +1,19 @@
|
|||||||
let
|
let
|
||||||
hash = "sha256-OmAmgHM+EmJ3mUY4lPBxIv2rAq8j2QEeTUMux7ZBfRE=";
|
hash = "sha256-OmAmgHM+EmJ3mUY4lPBxIv2rAq8j2QEeTUMux7ZBfRE=";
|
||||||
heisenbridge = _: super: {
|
heisenbridge = _: super: {
|
||||||
heisenbridge = super.heisenbridge.overrideAttrs (_: rec {
|
heisenbridge = super.heisenbridge.overrideAttrs (
|
||||||
version = "1.14.5";
|
_: rec {
|
||||||
pname = "heisenbridge";
|
version = "1.14.5";
|
||||||
|
pname = "heisenbridge";
|
||||||
|
|
||||||
src = super.fetchFromGitHub {
|
src = super.fetchFromGitHub {
|
||||||
owner = "hifi";
|
owner = "hifi";
|
||||||
repo = pname;
|
repo = pname;
|
||||||
rev = "refs/tags/v${version}";
|
rev = "refs/tags/v${version}";
|
||||||
inherit hash;
|
inherit hash;
|
||||||
};
|
};
|
||||||
});
|
}
|
||||||
|
);
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
heisenbridge
|
heisenbridge
|
||||||
|
@ -2,22 +2,24 @@ let
|
|||||||
hash = "sha256-yhOdIyKp+JM0qUl4dD1aMeYHNhE71DUDxrfCyRDP1VI=";
|
hash = "sha256-yhOdIyKp+JM0qUl4dD1aMeYHNhE71DUDxrfCyRDP1VI=";
|
||||||
sha256 = "sha256-mWvcRNvCYf6WCKU/5LGJipOI032QFG90XpHTxFGs6TU=";
|
sha256 = "sha256-mWvcRNvCYf6WCKU/5LGJipOI032QFG90XpHTxFGs6TU=";
|
||||||
matrix-synapse = _: super: {
|
matrix-synapse = _: super: {
|
||||||
matrix-synapse = super.matrix-synapse.overrideAttrs (_: rec {
|
matrix-synapse = super.matrix-synapse.overrideAttrs (
|
||||||
version = "1.101.0";
|
_: rec {
|
||||||
pname = "matrix-synapse";
|
version = "1.101.0";
|
||||||
|
pname = "matrix-synapse";
|
||||||
|
|
||||||
src = super.fetchFromGitHub {
|
src = super.fetchFromGitHub {
|
||||||
owner = "element-hq";
|
owner = "element-hq";
|
||||||
repo = "synapse";
|
repo = "synapse";
|
||||||
rev = "v${version}";
|
rev = "v${version}";
|
||||||
inherit hash;
|
inherit hash;
|
||||||
};
|
};
|
||||||
|
|
||||||
cargoDeps = super.rustPlatform.fetchCargoTarball {
|
cargoDeps = super.rustPlatform.fetchCargoTarball {
|
||||||
inherit src sha256;
|
inherit src sha256;
|
||||||
name = "${pname}-${version}";
|
name = "${pname}-${version}";
|
||||||
};
|
};
|
||||||
});
|
}
|
||||||
|
);
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
matrix-synapse
|
matrix-synapse
|
||||||
|
@ -1,21 +1,23 @@
|
|||||||
let
|
let
|
||||||
nixd = _: super: {
|
nixd = _: super: {
|
||||||
nixd = super.nixd.overrideAttrs (_: rec {
|
nixd = super.nixd.overrideAttrs (
|
||||||
version = "1.1.0";
|
_: rec {
|
||||||
src = super.fetchFromGitHub {
|
version = "1.1.0";
|
||||||
owner = "nix-community";
|
src = super.fetchFromGitHub {
|
||||||
repo = "nixd";
|
owner = "nix-community";
|
||||||
rev = version;
|
repo = "nixd";
|
||||||
hash = "sha256-zeBVh9gPMR+1ETx0ujl+TUSoeHHR4fkQfxyOpCDKP9M=";
|
rev = version;
|
||||||
};
|
hash = "sha256-zeBVh9gPMR+1ETx0ujl+TUSoeHHR4fkQfxyOpCDKP9M=";
|
||||||
nativeBuildInputs = with super.pkgs; [
|
};
|
||||||
meson
|
nativeBuildInputs = with super.pkgs; [
|
||||||
ninja
|
meson
|
||||||
pkg-config
|
ninja
|
||||||
bison
|
pkg-config
|
||||||
flex
|
bison
|
||||||
];
|
flex
|
||||||
});
|
];
|
||||||
|
}
|
||||||
|
);
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
nixd
|
nixd
|
||||||
|
@ -1,19 +1,20 @@
|
|||||||
let
|
let
|
||||||
obsidian = _: super: {
|
obsidian = _: super: {
|
||||||
obsidian = super.obsidian.overrideAttrs (_: rec {
|
obsidian = super.obsidian.overrideAttrs (
|
||||||
version = "1.3.5";
|
_: rec {
|
||||||
filename =
|
version = "1.3.5";
|
||||||
if super.stdenv.isDarwin
|
filename =
|
||||||
then "Obsidian-${version}-universal.dmg"
|
if super.stdenv.isDarwin then "Obsidian-${version}-universal.dmg" else "obsidian-${version}.tar.gz";
|
||||||
else "obsidian-${version}.tar.gz";
|
src = super.fetchurl {
|
||||||
src = super.fetchurl {
|
url = "https://github.com/obsidianmd/obsidian-releases/releases/download/v${version}/${filename}";
|
||||||
url = "https://github.com/obsidianmd/obsidian-releases/releases/download/v${version}/${filename}";
|
sha256 =
|
||||||
sha256 =
|
if super.stdenv.isDarwin then
|
||||||
if super.stdenv.isDarwin
|
"sha256-bTIJwQqufzxq1/ZxR8rVYER82tl0pPMpKwDPr9Gz1Q4="
|
||||||
then "sha256-bTIJwQqufzxq1/ZxR8rVYER82tl0pPMpKwDPr9Gz1Q4="
|
else
|
||||||
else "sha256-jhm6ziFaJnv4prPSfOnJ/EbIRTf9rnvzAJVxnVqmWE4=";
|
"sha256-jhm6ziFaJnv4prPSfOnJ/EbIRTf9rnvzAJVxnVqmWE4=";
|
||||||
};
|
};
|
||||||
});
|
}
|
||||||
|
);
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
obsidian
|
obsidian
|
||||||
|
@ -1,18 +1,20 @@
|
|||||||
let
|
let
|
||||||
openssh = _: super: {
|
openssh = _: super: {
|
||||||
openssh = super.openssh.overrideAttrs (_: rec {
|
openssh = super.openssh.overrideAttrs (
|
||||||
version = "9.3p1";
|
_: rec {
|
||||||
src = super.fetchurl {
|
version = "9.3p1";
|
||||||
url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz";
|
src = super.fetchurl {
|
||||||
hash = "sha256-6bq6dwGnalHz2Fpiw4OjydzZf6kAuFm8fbEUwYaK+Kg=";
|
url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz";
|
||||||
};
|
hash = "sha256-6bq6dwGnalHz2Fpiw4OjydzZf6kAuFm8fbEUwYaK+Kg=";
|
||||||
|
};
|
||||||
|
|
||||||
patches = [
|
patches = [
|
||||||
./ssh-keysign-8.5.patch
|
./ssh-keysign-8.5.patch
|
||||||
./dont_create_privsep_path.patch
|
./dont_create_privsep_path.patch
|
||||||
./locale_archive.patch
|
./locale_archive.patch
|
||||||
];
|
];
|
||||||
});
|
}
|
||||||
|
);
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
openssh
|
openssh
|
||||||
|
@ -1,10 +1,12 @@
|
|||||||
let
|
let
|
||||||
rex = _: super: {
|
rex = _: super: {
|
||||||
rex = super.rex.overrideAttrs (_: {
|
rex = super.rex.overrideAttrs (
|
||||||
postPatch = ''
|
_: {
|
||||||
patchShebangs bin
|
postPatch = ''
|
||||||
'';
|
patchShebangs bin
|
||||||
});
|
'';
|
||||||
|
}
|
||||||
|
);
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
rex
|
rex
|
||||||
|
@ -1,12 +1,14 @@
|
|||||||
let
|
let
|
||||||
signal-desktop = _: super: {
|
signal-desktop = _: super: {
|
||||||
signal-desktop = super.signal-desktop.overrideAttrs (old: rec {
|
signal-desktop = super.signal-desktop.overrideAttrs (
|
||||||
version = "6.34.1";
|
old: rec {
|
||||||
src = super.fetchurl {
|
version = "6.34.1";
|
||||||
url = "https://updates.signal.org/desktop/apt/pool/s/${old.pname}/${old.pname}_${version}_amd64.deb";
|
src = super.fetchurl {
|
||||||
hash = "sha256-1kffRXPQmtxIsLZVOgPXDnxUmY59q+1umy25cditRhw=";
|
url = "https://updates.signal.org/desktop/apt/pool/s/${old.pname}/${old.pname}_${version}_amd64.deb";
|
||||||
};
|
hash = "sha256-1kffRXPQmtxIsLZVOgPXDnxUmY59q+1umy25cditRhw=";
|
||||||
});
|
};
|
||||||
|
}
|
||||||
|
);
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
signal-desktop
|
signal-desktop
|
||||||
|
@ -20,11 +20,15 @@ let
|
|||||||
#};
|
#};
|
||||||
tailscale = _: super: {
|
tailscale = _: super: {
|
||||||
tailscale = super.callPackage "${super.path}/pkgs/servers/tailscale" {
|
tailscale = super.callPackage "${super.path}/pkgs/servers/tailscale" {
|
||||||
buildGoModule = args:
|
buildGoModule =
|
||||||
super.buildGo121Module (args // {
|
args:
|
||||||
src = super.fetchFromGitHub fetchArgs;
|
super.buildGo121Module (
|
||||||
inherit vendorHash ldflags version;
|
args
|
||||||
});
|
// {
|
||||||
|
src = super.fetchFromGitHub fetchArgs;
|
||||||
|
inherit vendorHash ldflags version;
|
||||||
|
}
|
||||||
|
);
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
|
@ -1,13 +1,15 @@
|
|||||||
let
|
let
|
||||||
tidal-hifi = _: super: {
|
tidal-hifi = _: super: {
|
||||||
tidal-hifi = super.tidal-hifi.overrideAttrs (_: rec {
|
tidal-hifi = super.tidal-hifi.overrideAttrs (
|
||||||
version = "5.3.0";
|
_: rec {
|
||||||
|
version = "5.3.0";
|
||||||
|
|
||||||
src = super.fetchurl {
|
src = super.fetchurl {
|
||||||
url = "https://github.com/Mastermindzh/tidal-hifi/releases/download/${version}/tidal-hifi_${version}_amd64.deb";
|
url = "https://github.com/Mastermindzh/tidal-hifi/releases/download/${version}/tidal-hifi_${version}_amd64.deb";
|
||||||
sha256 = "sha256-YGSHEvanWek6qiWvKs6g+HneGbuuqJn/DBfhawjQi5M=";
|
sha256 = "sha256-YGSHEvanWek6qiWvKs6g+HneGbuuqJn/DBfhawjQi5M=";
|
||||||
};
|
};
|
||||||
});
|
}
|
||||||
|
);
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
tidal-hifi
|
tidal-hifi
|
||||||
|
@ -1,8 +1,9 @@
|
|||||||
{ lib
|
{
|
||||||
, stdenv
|
lib,
|
||||||
, fetchFromGitHub
|
stdenv,
|
||||||
, pkgs
|
fetchFromGitHub,
|
||||||
, ...
|
pkgs,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
libadalang = stdenv.mkDerivation rec {
|
libadalang = stdenv.mkDerivation rec {
|
||||||
@ -38,7 +39,10 @@ let
|
|||||||
sha256 = "sha256-IDPcIJfavlqMsxLOGrvXYv98FdYVWkCiimLcMFp3ees=";
|
sha256 = "sha256-IDPcIJfavlqMsxLOGrvXYv98FdYVWkCiimLcMFp3ees=";
|
||||||
};
|
};
|
||||||
|
|
||||||
buildInputs = with pkgs; [ gnat12 gprbuild ];
|
buildInputs = with pkgs; [
|
||||||
|
gnat12
|
||||||
|
gprbuild
|
||||||
|
];
|
||||||
|
|
||||||
makeFlags = [ "PREFIX=$(out)" ];
|
makeFlags = [ "PREFIX=$(out)" ];
|
||||||
};
|
};
|
||||||
@ -53,7 +57,11 @@ let
|
|||||||
sha256 = "sha256-kA5yOd3NDkRl08o38F5CyeFrihBZktNF6di3PC+/ZLU=";
|
sha256 = "sha256-kA5yOd3NDkRl08o38F5CyeFrihBZktNF6di3PC+/ZLU=";
|
||||||
};
|
};
|
||||||
|
|
||||||
buildInputs = with pkgs; [ gnat12 gprbuild libadalang ];
|
buildInputs = with pkgs; [
|
||||||
|
gnat12
|
||||||
|
gprbuild
|
||||||
|
libadalang
|
||||||
|
];
|
||||||
|
|
||||||
makeFlags = [ "PREFIX=$(out)" ];
|
makeFlags = [ "PREFIX=$(out)" ];
|
||||||
};
|
};
|
||||||
@ -69,7 +77,13 @@ stdenv.mkDerivation rec {
|
|||||||
sha256 = "sha256-ZUzym0aMjq14W9h/lDL5hVCF/i+1SFu6kccGqzmGO3E=";
|
sha256 = "sha256-ZUzym0aMjq14W9h/lDL5hVCF/i+1SFu6kccGqzmGO3E=";
|
||||||
};
|
};
|
||||||
|
|
||||||
buildInputs = with pkgs; [ gnat12 gprbuild python3 vss gnatdoc ];
|
buildInputs = with pkgs; [
|
||||||
|
gnat12
|
||||||
|
gprbuild
|
||||||
|
python3
|
||||||
|
vss
|
||||||
|
gnatdoc
|
||||||
|
];
|
||||||
|
|
||||||
meta = with lib; {
|
meta = with lib; {
|
||||||
description = "Language server for Ada and SPARK";
|
description = "Language server for Ada and SPARK";
|
||||||
|
@ -1,9 +1,10 @@
|
|||||||
{ stdenv
|
{
|
||||||
, lib
|
stdenv,
|
||||||
, fetchurl
|
lib,
|
||||||
, unzip
|
fetchurl,
|
||||||
, autoPatchelfHook
|
unzip,
|
||||||
, ...
|
autoPatchelfHook,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
@ -15,7 +16,10 @@ stdenv.mkDerivation rec {
|
|||||||
sha256 = "sha256-bN/H5CPN7uvUH9+p+y/sg01qTJI3asToxVSVnKVNHuM=";
|
sha256 = "sha256-bN/H5CPN7uvUH9+p+y/sg01qTJI3asToxVSVnKVNHuM=";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ unzip autoPatchelfHook ];
|
nativeBuildInputs = [
|
||||||
|
unzip
|
||||||
|
autoPatchelfHook
|
||||||
|
];
|
||||||
|
|
||||||
dontBuild = true;
|
dontBuild = true;
|
||||||
doCheck = false;
|
doCheck = false;
|
||||||
|
@ -1,18 +1,16 @@
|
|||||||
{ stdenv
|
{
|
||||||
, lib
|
stdenv,
|
||||||
, buildGoModule
|
lib,
|
||||||
, fetchFromGitHub
|
buildGoModule,
|
||||||
, isUnstable
|
fetchFromGitHub,
|
||||||
, makeWrapper
|
isUnstable,
|
||||||
, go
|
makeWrapper,
|
||||||
, git
|
go,
|
||||||
, ...
|
git,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
vendorHash =
|
vendorHash = if isUnstable then "" else "sha256-7CnkKMZ1so1lflmp4D9EAESR6/u9ys5CTuVOsYetp0I=";
|
||||||
if isUnstable
|
|
||||||
then ""
|
|
||||||
else "sha256-7CnkKMZ1so1lflmp4D9EAESR6/u9ys5CTuVOsYetp0I=";
|
|
||||||
in
|
in
|
||||||
with lib;
|
with lib;
|
||||||
buildGoModule rec {
|
buildGoModule rec {
|
||||||
@ -30,7 +28,10 @@ buildGoModule rec {
|
|||||||
|
|
||||||
ldflags = [ "-X github.com/gomods/athens/pkg/build.version=${version}" ];
|
ldflags = [ "-X github.com/gomods/athens/pkg/build.version=${version}" ];
|
||||||
|
|
||||||
nativeBuildInputs = lib.optionals stdenv.isLinux [ makeWrapper go ];
|
nativeBuildInputs = lib.optionals stdenv.isLinux [
|
||||||
|
makeWrapper
|
||||||
|
go
|
||||||
|
];
|
||||||
|
|
||||||
proxyVendor = true;
|
proxyVendor = true;
|
||||||
|
|
||||||
@ -40,7 +41,7 @@ buildGoModule rec {
|
|||||||
|
|
||||||
postInstall = lib.optionalString stdenv.isLinux ''
|
postInstall = lib.optionalString stdenv.isLinux ''
|
||||||
mv $out/bin/proxy $out/bin/athens
|
mv $out/bin/proxy $out/bin/athens
|
||||||
wrapProgram $out/bin/athens --prefix PATH : ${lib.makeBinPath [git]}
|
wrapProgram $out/bin/athens --prefix PATH : ${lib.makeBinPath [ git ]}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
meta = {
|
meta = {
|
||||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user