Compare commits
1 Commits
main
...
nixfmt-rfc
Author | SHA1 | Date | |
---|---|---|---|
28daa886e2 |
@ -1,4 +1,5 @@
|
||||
{ perl }: ''
|
||||
{ perl }:
|
||||
''
|
||||
#!${perl}/bin/perl
|
||||
|
||||
use strict;
|
||||
|
122
bins/default.nix
122
bins/default.nix
@ -1,83 +1,69 @@
|
||||
{ pkgs
|
||||
, config
|
||||
, isUnstable
|
||||
, ...
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
isUnstable,
|
||||
...
|
||||
}:
|
||||
let
|
||||
gosignify = pkgs.callPackage ../pkgs/gosignify.nix { inherit isUnstable; };
|
||||
|
||||
ix = pkgs.writeScriptBin "ix" (import ./ix.nix { inherit (pkgs) perl; });
|
||||
checkRestart =
|
||||
pkgs.writeScriptBin "check-restart"
|
||||
(import ./check-restart.nix { inherit (pkgs) perl; });
|
||||
xinStatus =
|
||||
pkgs.writeScriptBin "xin-status"
|
||||
(import ./xin-status.nix { inherit (pkgs) perl perlPackages; });
|
||||
sfetch = pkgs.writeScriptBin "sfetch" (import ./sfetch.nix {
|
||||
inherit gosignify;
|
||||
inherit (pkgs) curl;
|
||||
});
|
||||
checkRestart = pkgs.writeScriptBin "check-restart" (
|
||||
import ./check-restart.nix { inherit (pkgs) perl; }
|
||||
);
|
||||
xinStatus = pkgs.writeScriptBin "xin-status" (
|
||||
import ./xin-status.nix { inherit (pkgs) perl perlPackages; }
|
||||
);
|
||||
sfetch = pkgs.writeScriptBin "sfetch" (
|
||||
import ./sfetch.nix {
|
||||
inherit gosignify;
|
||||
inherit (pkgs) curl;
|
||||
}
|
||||
);
|
||||
genPatches = pkgs.callPackage ./gen-patches.nix { };
|
||||
upgrade-pg = pkgs.writeScriptBin "upgrade-pg" (import ./upgrade-pg.nix {
|
||||
inherit pkgs;
|
||||
inherit config;
|
||||
});
|
||||
upgrade-pg = pkgs.writeScriptBin "upgrade-pg" (
|
||||
import ./upgrade-pg.nix {
|
||||
inherit pkgs;
|
||||
inherit config;
|
||||
}
|
||||
);
|
||||
in
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
checkRestart
|
||||
genPatches
|
||||
ix
|
||||
sfetch
|
||||
xclip
|
||||
xinStatus
|
||||
] ++ (if config.services.postgresql.enable then
|
||||
[ upgrade-pg ]
|
||||
else [ ]);
|
||||
environment.systemPackages =
|
||||
with pkgs;
|
||||
[
|
||||
checkRestart
|
||||
genPatches
|
||||
ix
|
||||
sfetch
|
||||
xclip
|
||||
xinStatus
|
||||
]
|
||||
++ (if config.services.postgresql.enable then [ upgrade-pg ] else [ ]);
|
||||
environment.etc = {
|
||||
"signify/openbsd-70-base.pub".text =
|
||||
builtins.readFile ./pubs/openbsd-70-base.pub;
|
||||
"signify/openbsd-70-fw.pub".text =
|
||||
builtins.readFile ./pubs/openbsd-70-fw.pub;
|
||||
"signify/openbsd-70-pkg.pub".text =
|
||||
builtins.readFile ./pubs/openbsd-70-pkg.pub;
|
||||
"signify/openbsd-70-syspatch.pub".text =
|
||||
builtins.readFile ./pubs/openbsd-70-syspatch.pub;
|
||||
"signify/openbsd-70-base.pub".text = builtins.readFile ./pubs/openbsd-70-base.pub;
|
||||
"signify/openbsd-70-fw.pub".text = builtins.readFile ./pubs/openbsd-70-fw.pub;
|
||||
"signify/openbsd-70-pkg.pub".text = builtins.readFile ./pubs/openbsd-70-pkg.pub;
|
||||
"signify/openbsd-70-syspatch.pub".text = builtins.readFile ./pubs/openbsd-70-syspatch.pub;
|
||||
|
||||
"signify/openbsd-71-base.pub".text =
|
||||
builtins.readFile ./pubs/openbsd-71-base.pub;
|
||||
"signify/openbsd-71-fw.pub".text =
|
||||
builtins.readFile ./pubs/openbsd-71-fw.pub;
|
||||
"signify/openbsd-71-pkg.pub".text =
|
||||
builtins.readFile ./pubs/openbsd-71-pkg.pub;
|
||||
"signify/openbsd-71-syspatch.pub".text =
|
||||
builtins.readFile ./pubs/openbsd-71-syspatch.pub;
|
||||
"signify/openbsd-71-base.pub".text = builtins.readFile ./pubs/openbsd-71-base.pub;
|
||||
"signify/openbsd-71-fw.pub".text = builtins.readFile ./pubs/openbsd-71-fw.pub;
|
||||
"signify/openbsd-71-pkg.pub".text = builtins.readFile ./pubs/openbsd-71-pkg.pub;
|
||||
"signify/openbsd-71-syspatch.pub".text = builtins.readFile ./pubs/openbsd-71-syspatch.pub;
|
||||
|
||||
"signify/openbsd-72-base.pub".text =
|
||||
builtins.readFile ./pubs/openbsd-72-base.pub;
|
||||
"signify/openbsd-72-fw.pub".text =
|
||||
builtins.readFile ./pubs/openbsd-72-fw.pub;
|
||||
"signify/openbsd-72-pkg.pub".text =
|
||||
builtins.readFile ./pubs/openbsd-72-pkg.pub;
|
||||
"signify/openbsd-72-syspatch.pub".text =
|
||||
builtins.readFile ./pubs/openbsd-72-syspatch.pub;
|
||||
"signify/openbsd-72-base.pub".text = builtins.readFile ./pubs/openbsd-72-base.pub;
|
||||
"signify/openbsd-72-fw.pub".text = builtins.readFile ./pubs/openbsd-72-fw.pub;
|
||||
"signify/openbsd-72-pkg.pub".text = builtins.readFile ./pubs/openbsd-72-pkg.pub;
|
||||
"signify/openbsd-72-syspatch.pub".text = builtins.readFile ./pubs/openbsd-72-syspatch.pub;
|
||||
|
||||
"signify/openbsd-73-base.pub".text =
|
||||
builtins.readFile ./pubs/openbsd-73-base.pub;
|
||||
"signify/openbsd-73-fw.pub".text =
|
||||
builtins.readFile ./pubs/openbsd-73-fw.pub;
|
||||
"signify/openbsd-73-pkg.pub".text =
|
||||
builtins.readFile ./pubs/openbsd-73-pkg.pub;
|
||||
"signify/openbsd-73-syspatch.pub".text =
|
||||
builtins.readFile ./pubs/openbsd-73-syspatch.pub;
|
||||
"signify/openbsd-73-base.pub".text = builtins.readFile ./pubs/openbsd-73-base.pub;
|
||||
"signify/openbsd-73-fw.pub".text = builtins.readFile ./pubs/openbsd-73-fw.pub;
|
||||
"signify/openbsd-73-pkg.pub".text = builtins.readFile ./pubs/openbsd-73-pkg.pub;
|
||||
"signify/openbsd-73-syspatch.pub".text = builtins.readFile ./pubs/openbsd-73-syspatch.pub;
|
||||
|
||||
"signify/openbsd-74-base.pub".text =
|
||||
builtins.readFile ./pubs/openbsd-74-base.pub;
|
||||
"signify/openbsd-74-fw.pub".text =
|
||||
builtins.readFile ./pubs/openbsd-74-fw.pub;
|
||||
"signify/openbsd-74-pkg.pub".text =
|
||||
builtins.readFile ./pubs/openbsd-74-pkg.pub;
|
||||
"signify/openbsd-74-syspatch.pub".text =
|
||||
builtins.readFile ./pubs/openbsd-74-syspatch.pub;
|
||||
"signify/openbsd-74-base.pub".text = builtins.readFile ./pubs/openbsd-74-base.pub;
|
||||
"signify/openbsd-74-fw.pub".text = builtins.readFile ./pubs/openbsd-74-fw.pub;
|
||||
"signify/openbsd-74-pkg.pub".text = builtins.readFile ./pubs/openbsd-74-pkg.pub;
|
||||
"signify/openbsd-74-syspatch.pub".text = builtins.readFile ./pubs/openbsd-74-syspatch.pub;
|
||||
};
|
||||
}
|
||||
|
@ -1,13 +1,18 @@
|
||||
{ writeShellApplication
|
||||
, diffutils
|
||||
, findutils
|
||||
, coreutils
|
||||
, ...
|
||||
{
|
||||
writeShellApplication,
|
||||
diffutils,
|
||||
findutils,
|
||||
coreutils,
|
||||
...
|
||||
}:
|
||||
let
|
||||
genPatches = writeShellApplication {
|
||||
name = "gen-patches";
|
||||
runtimeInputs = [ diffutils findutils coreutils ];
|
||||
runtimeInputs = [
|
||||
diffutils
|
||||
findutils
|
||||
coreutils
|
||||
];
|
||||
text = ''
|
||||
suffix=".orig"
|
||||
srcdir=$PWD
|
||||
|
@ -1,7 +1,5 @@
|
||||
{ pkgs
|
||||
, icbirc
|
||||
,
|
||||
}: ''
|
||||
{ pkgs, icbirc }:
|
||||
''
|
||||
#!${pkgs.yash}/bin/yash
|
||||
${pkgs.procps}/bin/pkill icbirc
|
||||
|
||||
|
@ -1,4 +1,5 @@
|
||||
{ perl }: ''
|
||||
{ perl }:
|
||||
''
|
||||
#!${perl}/bin/perl
|
||||
|
||||
use strict;
|
||||
|
@ -1,14 +1,8 @@
|
||||
{ pkgs }:
|
||||
let
|
||||
oathPkg = pkgs.oath-toolkit or pkgs.oathToolkit;
|
||||
wlclip =
|
||||
if pkgs.system == "aarch64-darwin"
|
||||
then ""
|
||||
else "${pkgs.wl-clipboard}/bin/wl-copy";
|
||||
xclip =
|
||||
if pkgs.system == "aarch64-darwin"
|
||||
then "pbcopy"
|
||||
else "${pkgs.xclip}/bin/xclip";
|
||||
wlclip = if pkgs.system == "aarch64-darwin" then "" else "${pkgs.wl-clipboard}/bin/wl-copy";
|
||||
xclip = if pkgs.system == "aarch64-darwin" then "pbcopy" else "${pkgs.xclip}/bin/xclip";
|
||||
in
|
||||
''
|
||||
#!${pkgs.yash}/bin/yash
|
||||
|
@ -1,7 +1,7 @@
|
||||
{ tea
|
||||
, gh
|
||||
, hut
|
||||
,
|
||||
{
|
||||
tea,
|
||||
gh,
|
||||
hut,
|
||||
}:
|
||||
let
|
||||
teaBin = "${tea}/bin/tea";
|
||||
|
@ -1,7 +1,5 @@
|
||||
{ curl
|
||||
, gosignify
|
||||
,
|
||||
}: ''
|
||||
{ curl, gosignify }:
|
||||
''
|
||||
#!/usr/bin/env sh
|
||||
|
||||
set -e
|
||||
|
@ -1,7 +1,5 @@
|
||||
{ perl
|
||||
, perlPackages
|
||||
, ...
|
||||
}: ''
|
||||
{ perl, perlPackages, ... }:
|
||||
''
|
||||
#!${perl}/bin/perl
|
||||
|
||||
use strict;
|
||||
|
@ -25,6 +25,8 @@ in
|
||||
"xdg/alacritty/alacritty.toml".text = builtins.readFile settingsFile;
|
||||
};
|
||||
};
|
||||
fonts = { packages = with pkgs; [ go-font ]; };
|
||||
fonts = {
|
||||
packages = with pkgs; [ go-font ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -1,12 +1,14 @@
|
||||
{ config
|
||||
, lib
|
||||
, pkgs
|
||||
, ...
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.xinCA;
|
||||
in
|
||||
with lib; {
|
||||
with lib;
|
||||
{
|
||||
options = {
|
||||
services.xinCA = {
|
||||
enable = mkEnableOption "Configure host as a xin certificate authority.";
|
||||
@ -67,9 +69,13 @@ with lib; {
|
||||
};
|
||||
};
|
||||
|
||||
networking.hosts = { "127.0.0.1" = [ "ca.bolddaemon.com" ]; };
|
||||
networking.hosts = {
|
||||
"127.0.0.1" = [ "ca.bolddaemon.com" ];
|
||||
};
|
||||
|
||||
environment.sessionVariables = { STEPPATH = "/var/lib/step-ca"; };
|
||||
environment.sessionVariables = {
|
||||
STEPPATH = "/var/lib/step-ca";
|
||||
};
|
||||
environment.systemPackages = with pkgs; [
|
||||
step-cli
|
||||
step-kms-plugin
|
||||
@ -87,7 +93,9 @@ with lib; {
|
||||
crt = config.sops.secrets."intermediate_ca.crt".path;
|
||||
key = config.sops.secrets.intermediate_ca_key.path;
|
||||
dnsNames = [ "ca.bolddaemon.com" ];
|
||||
logger = { format = "text"; };
|
||||
logger = {
|
||||
format = "text";
|
||||
};
|
||||
db = {
|
||||
type = "badgerv2";
|
||||
dataSource = "/var/lib/step-ca/db";
|
||||
@ -98,7 +106,9 @@ with lib; {
|
||||
{
|
||||
type = "SSHPOP";
|
||||
name = "sshpop";
|
||||
claims = { enableSSHCA = true; };
|
||||
claims = {
|
||||
enableSSHCA = true;
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
|
@ -1,9 +1,10 @@
|
||||
{ config
|
||||
, lib
|
||||
, pkgs
|
||||
, inputs
|
||||
, xinlib
|
||||
, ...
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
inputs,
|
||||
xinlib,
|
||||
...
|
||||
}:
|
||||
let
|
||||
#inherit (xinlib) prIsOpen;
|
||||
@ -24,7 +25,8 @@ let
|
||||
}
|
||||
];
|
||||
in
|
||||
with lib; {
|
||||
with lib;
|
||||
{
|
||||
options = {
|
||||
xinCI = {
|
||||
enable = mkEnableOption "Configure host as a xin CI host.";
|
||||
@ -43,7 +45,9 @@ with lib; {
|
||||
config = mkIf config.xinCI.enable {
|
||||
sops.defaultSopsFile = config.xin-secrets.ci;
|
||||
sops.secrets = {
|
||||
po_env = { owner = config.xinCI.user; };
|
||||
po_env = {
|
||||
owner = config.xinCI.user;
|
||||
};
|
||||
ci_ed25519_key = {
|
||||
mode = "400";
|
||||
owner = config.xinCI.user;
|
||||
@ -98,7 +102,11 @@ with lib; {
|
||||
|
||||
nix = {
|
||||
#settings.allowed-users = [ "root" config.xinCI.user "nix-serve" ];
|
||||
settings.allowed-users = [ "root" config.xinCI.user "harmonia" ];
|
||||
settings.allowed-users = [
|
||||
"root"
|
||||
config.xinCI.user
|
||||
"harmonia"
|
||||
];
|
||||
};
|
||||
|
||||
systemd.services = lib.listToAttrs (builtins.map xinlib.jobToService jobs);
|
||||
@ -111,10 +119,15 @@ with lib; {
|
||||
harmonia = {
|
||||
enable = true;
|
||||
signKeyPath = config.sops.secrets.bin_cache_priv_key.path;
|
||||
settings = { bind = "127.0.0.1:5000"; };
|
||||
settings = {
|
||||
bind = "127.0.0.1:5000";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
boot.binfmt.emulatedSystems = [ "aarch64-linux" "armv6l-linux" ];
|
||||
boot.binfmt.emulatedSystems = [
|
||||
"aarch64-linux"
|
||||
"armv6l-linux"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
@ -1,8 +1,6 @@
|
||||
{ config
|
||||
, lib
|
||||
, ...
|
||||
}:
|
||||
with lib; {
|
||||
{ config, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
options = {
|
||||
colemak = {
|
||||
enable = mkOption {
|
||||
@ -15,7 +13,9 @@ with lib; {
|
||||
};
|
||||
|
||||
config = mkIf config.colemak.enable {
|
||||
console = { keyMap = "colemak"; };
|
||||
console = {
|
||||
keyMap = "colemak";
|
||||
};
|
||||
services.xserver = {
|
||||
layout = "us";
|
||||
xkbVariant = "colemak";
|
||||
|
@ -1,4 +1,5 @@
|
||||
{ ... }: {
|
||||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
./alacritty.nix
|
||||
./ca.nix
|
||||
|
@ -1,8 +1,6 @@
|
||||
{ config
|
||||
, lib
|
||||
, ...
|
||||
}:
|
||||
with lib; {
|
||||
{ config, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
options = {
|
||||
preDNS = {
|
||||
enable = mkOption {
|
||||
@ -21,7 +19,12 @@ with lib; {
|
||||
enable = true;
|
||||
dnssec = "allow-downgrade";
|
||||
# TODO: Enable a toggle for ipv6
|
||||
fallbackDns = [ "9.9.9.9" "2620:fe::fe" "149.112.112.112" "2620:fe::9" ];
|
||||
fallbackDns = [
|
||||
"9.9.9.9"
|
||||
"2620:fe::fe"
|
||||
"149.112.112.112"
|
||||
"2620:fe::9"
|
||||
];
|
||||
extraConfig = ''
|
||||
[Resolve]
|
||||
DNS=45.90.28.0#8436c6.dns.nextdns.io
|
||||
|
@ -1,16 +1,14 @@
|
||||
{ config
|
||||
, lib
|
||||
, ...
|
||||
}:
|
||||
with lib; {
|
||||
{ config, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
options = {
|
||||
doas = { enable = mkEnableOption "Enable doas for priv-escie"; };
|
||||
doas = {
|
||||
enable = mkEnableOption "Enable doas for priv-escie";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf config.doas.enable {
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
doas = pkgs.doas.override { withPAM = false; };
|
||||
};
|
||||
nixpkgs.config.packageOverrides = pkgs: { doas = pkgs.doas.override { withPAM = false; }; };
|
||||
security = {
|
||||
doas = {
|
||||
enable = true;
|
||||
|
@ -1,11 +1,12 @@
|
||||
{ runCommand
|
||||
, emacsWithPackagesFromUsePackage
|
||||
, pkgs
|
||||
, makeWrapper
|
||||
, writeTextDir
|
||||
, emacs
|
||||
, emacsPkg ? pkgs.emacs-gtk
|
||||
, ...
|
||||
{
|
||||
runCommand,
|
||||
emacsWithPackagesFromUsePackage,
|
||||
pkgs,
|
||||
makeWrapper,
|
||||
writeTextDir,
|
||||
emacs,
|
||||
emacsPkg ? pkgs.emacs-gtk,
|
||||
...
|
||||
}:
|
||||
let
|
||||
# Generate a .el file from our emacs.org.
|
||||
@ -46,13 +47,18 @@ emacsWithPackagesFromUsePackage {
|
||||
alwaysEnsure = true;
|
||||
alwaysTangle = true;
|
||||
|
||||
package = emacsPkg.overrideAttrs (oa: {
|
||||
nativeBuildInputs = oa.nativeBuildInputs ++ [ makeWrapper emacsConfig ];
|
||||
postInstall = ''
|
||||
${oa.postInstall}
|
||||
wrapProgram $out/bin/emacs \
|
||||
--prefix PATH : ${pkgs.lib.makeBinPath emacsDepList} \
|
||||
--add-flags '--init-directory ${emacsInitDir}'
|
||||
'';
|
||||
});
|
||||
package = emacsPkg.overrideAttrs (
|
||||
oa: {
|
||||
nativeBuildInputs = oa.nativeBuildInputs ++ [
|
||||
makeWrapper
|
||||
emacsConfig
|
||||
];
|
||||
postInstall = ''
|
||||
${oa.postInstall}
|
||||
wrapProgram $out/bin/emacs \
|
||||
--prefix PATH : ${pkgs.lib.makeBinPath emacsDepList} \
|
||||
--add-flags '--init-directory ${emacsInitDir}'
|
||||
'';
|
||||
}
|
||||
);
|
||||
}
|
||||
|
@ -1,4 +1,5 @@
|
||||
{ ... }: {
|
||||
{ ... }:
|
||||
{
|
||||
programs = {
|
||||
firefox = {
|
||||
enable = true;
|
||||
@ -107,17 +108,12 @@
|
||||
|
||||
"browser.aboutConfig.showWarning" = false;
|
||||
"browser.contentblocking.category" = "strict";
|
||||
"browser.newtabpage.activity-stream.feeds.recommendationprovider" =
|
||||
false;
|
||||
"browser.newtabpage.activity-stream.feeds.recommendationprovider" = false;
|
||||
"browser.newtabpage.activity-stream.feeds.section.topstories" = false;
|
||||
"browser.newtabpage.activity-stream.section.highlights.includeBookmarks" =
|
||||
false;
|
||||
"browser.newtabpage.activity-stream.section.highlights.includeDownloads" =
|
||||
false;
|
||||
"browser.newtabpage.activity-stream.section.highlights.includePocket" =
|
||||
false;
|
||||
"browser.newtabpage.activity-stream.section.highlights.includeVisited" =
|
||||
false;
|
||||
"browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false;
|
||||
"browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false;
|
||||
"browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
|
||||
"browser.newtabpage.activity-stream.section.highlights.includeVisited" = false;
|
||||
"browser.newtabpage.activity-stream.showSearch" = false;
|
||||
"browser.newtabpage.activity-stream.showSponsored" = false;
|
||||
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
|
||||
|
@ -1,20 +1,27 @@
|
||||
{ config, ... }:
|
||||
let
|
||||
rewriteGitHub =
|
||||
if config.networking.hostName != "stan"
|
||||
then {
|
||||
url = { "ssh://git@github.com/" = { insteadOf = "https://github.com/"; }; };
|
||||
}
|
||||
else {
|
||||
url = { };
|
||||
};
|
||||
if config.networking.hostName != "stan" then
|
||||
{
|
||||
url = {
|
||||
"ssh://git@github.com/" = {
|
||||
insteadOf = "https://github.com/";
|
||||
};
|
||||
};
|
||||
}
|
||||
else
|
||||
{ url = { }; };
|
||||
in
|
||||
{
|
||||
programs.git = {
|
||||
enable = true;
|
||||
lfs.enable = true;
|
||||
config = [
|
||||
{ init = { defaultBranch = "main"; }; }
|
||||
{
|
||||
init = {
|
||||
defaultBranch = "main";
|
||||
};
|
||||
}
|
||||
{ advice.detachedHead = false; }
|
||||
{
|
||||
user = {
|
||||
@ -24,20 +31,35 @@ in
|
||||
};
|
||||
}
|
||||
|
||||
{ branch = { sort = "-committerdate"; }; }
|
||||
{
|
||||
branch = {
|
||||
sort = "-committerdate";
|
||||
};
|
||||
}
|
||||
{
|
||||
alias = {
|
||||
log = "log --color=never";
|
||||
diff = "diff --color=always";
|
||||
pr = ''"!f() { git fetch-pr upstream $1; git checkout pr/$1; }; f"'';
|
||||
fetch-pr = ''
|
||||
"!f() { git fetch $1 refs/pull/$2/head:refs/remotes/pr/$2; }; f"'';
|
||||
fetch-pr = ''"!f() { git fetch $1 refs/pull/$2/head:refs/remotes/pr/$2; }; f"'';
|
||||
};
|
||||
}
|
||||
{
|
||||
push = {
|
||||
default = "current";
|
||||
};
|
||||
}
|
||||
{ push = { default = "current"; }; }
|
||||
|
||||
{ gpg = { format = "ssh"; }; }
|
||||
{ commit = { gpgsign = true; }; }
|
||||
{
|
||||
gpg = {
|
||||
format = "ssh";
|
||||
};
|
||||
}
|
||||
{
|
||||
commit = {
|
||||
gpgsign = true;
|
||||
};
|
||||
}
|
||||
|
||||
{
|
||||
color = {
|
||||
@ -49,11 +71,27 @@ in
|
||||
};
|
||||
}
|
||||
|
||||
{ safe = { directory = "/home/qbit/src/nix-conf"; }; }
|
||||
{
|
||||
safe = {
|
||||
directory = "/home/qbit/src/nix-conf";
|
||||
};
|
||||
}
|
||||
|
||||
{ transfer = { fsckobjects = true; }; }
|
||||
{ fetch = { fsckobjects = true; }; }
|
||||
{ github = { user = "qbit"; }; }
|
||||
{
|
||||
transfer = {
|
||||
fsckobjects = true;
|
||||
};
|
||||
}
|
||||
{
|
||||
fetch = {
|
||||
fsckobjects = true;
|
||||
};
|
||||
}
|
||||
{
|
||||
github = {
|
||||
user = "qbit";
|
||||
};
|
||||
}
|
||||
|
||||
{ inherit (rewriteGitHub) url; }
|
||||
|
||||
@ -69,8 +107,16 @@ in
|
||||
};
|
||||
}
|
||||
|
||||
{ pull = { rebase = false; }; }
|
||||
{ include = { path = "~/work/git/gitconfig"; }; }
|
||||
{
|
||||
pull = {
|
||||
rebase = false;
|
||||
};
|
||||
}
|
||||
{
|
||||
include = {
|
||||
path = "~/work/git/gitconfig";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
||||
|
@ -1,5 +1,6 @@
|
||||
{ lib, ... }:
|
||||
with lib; {
|
||||
with lib;
|
||||
{
|
||||
environment = {
|
||||
memoryAllocator.provider = mkDefault "libc";
|
||||
variables.SCUDO_OPTIONS = mkDefault "ZeroContents=1";
|
||||
|
@ -1,7 +1,4 @@
|
||||
{ pkgs
|
||||
, linkFarm
|
||||
, ...
|
||||
}:
|
||||
{ pkgs, linkFarm, ... }:
|
||||
let
|
||||
tomlFmt = pkgs.formats.toml { };
|
||||
helixBin = "${pkgs.helix}/bin/hx";
|
||||
@ -15,7 +12,9 @@ let
|
||||
normal = "block";
|
||||
select = "underline";
|
||||
};
|
||||
lsp = { auto-signature-help = false; };
|
||||
lsp = {
|
||||
auto-signature-help = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -1,8 +1,9 @@
|
||||
{ config
|
||||
, lib
|
||||
, pkgs
|
||||
, inputs
|
||||
, ...
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
inputs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
microcaBin = "${pkgs.microca}/bin/microca";
|
||||
@ -11,7 +12,8 @@ let
|
||||
${microcaBin} -ca-key /run/secrets/ca_key -ca-cert /run/secrets/ca_cert $@
|
||||
'';
|
||||
in
|
||||
with lib; {
|
||||
with lib;
|
||||
{
|
||||
options = {
|
||||
nixManager = {
|
||||
enable = mkEnableOption "Configure host as nix-conf manager.";
|
||||
@ -30,13 +32,27 @@ with lib; {
|
||||
config = mkIf config.nixManager.enable {
|
||||
sops.defaultSopsFile = config.xin-secrets.manager;
|
||||
sops.secrets = {
|
||||
xin_status_key = { owner = config.nixManager.user; };
|
||||
xin_status_pubkey = { owner = config.nixManager.user; };
|
||||
manager_key = { owner = config.nixManager.user; };
|
||||
manager_pubkey = { owner = config.nixManager.user; };
|
||||
ca_key = { owner = config.nixManager.user; };
|
||||
ca_cert = { owner = config.nixManager.user; };
|
||||
po_env = { owner = config.nixManager.user; };
|
||||
xin_status_key = {
|
||||
owner = config.nixManager.user;
|
||||
};
|
||||
xin_status_pubkey = {
|
||||
owner = config.nixManager.user;
|
||||
};
|
||||
manager_key = {
|
||||
owner = config.nixManager.user;
|
||||
};
|
||||
manager_pubkey = {
|
||||
owner = config.nixManager.user;
|
||||
};
|
||||
ca_key = {
|
||||
owner = config.nixManager.user;
|
||||
};
|
||||
ca_cert = {
|
||||
owner = config.nixManager.user;
|
||||
};
|
||||
po_env = {
|
||||
owner = config.nixManager.user;
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = [
|
||||
|
@ -1,5 +1,9 @@
|
||||
{ pkgs, ... }: {
|
||||
environment.systemPackages = with pkgs; [ neomutt urlview ];
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
neomutt
|
||||
urlview
|
||||
];
|
||||
environment.etc."neomuttrc" = {
|
||||
text = ''
|
||||
ignore *
|
||||
|
@ -26,7 +26,11 @@ let
|
||||
sha256 = "sha256-VIc5qgzqJjSv2A0v8tM25pWh+smX9DYXVsyFNTGMPbQ=";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
dependencies = with vimPlugins; [ nvim-cmp tabular plenary-nvim ];
|
||||
dependencies = with vimPlugins; [
|
||||
nvim-cmp
|
||||
tabular
|
||||
plenary-nvim
|
||||
];
|
||||
};
|
||||
|
||||
baseVimPackages = with vimPlugins; [
|
||||
@ -96,7 +100,9 @@ in
|
||||
enable = true;
|
||||
defaultEditor = true;
|
||||
configure = {
|
||||
packages.myVimPackage = { start = myVimPackages; };
|
||||
packages.myVimPackage = {
|
||||
start = myVimPackages;
|
||||
};
|
||||
customRC = ''
|
||||
" Restore cursor position
|
||||
autocmd BufReadPost *
|
||||
|
@ -1,9 +1,11 @@
|
||||
{ config
|
||||
, lib
|
||||
, pkgs
|
||||
, ...
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with lib; {
|
||||
with lib;
|
||||
{
|
||||
options = {
|
||||
zerotier = {
|
||||
enable = mkOption {
|
||||
@ -31,7 +33,11 @@ with lib; {
|
||||
|
||||
config = mkMerge [
|
||||
(mkIf config.tailscale.enable {
|
||||
services = { tailscale = { enable = mkDefault true; }; };
|
||||
services = {
|
||||
tailscale = {
|
||||
enable = mkDefault true;
|
||||
};
|
||||
};
|
||||
systemd.services.tailscaled.serviceConfig.Environment = [ "TS_NO_LOGS_NO_SUPPORT=true" ];
|
||||
networking.firewall.checkReversePath = mkDefault "loose";
|
||||
})
|
||||
|
@ -15,7 +15,10 @@
|
||||
settings = {
|
||||
sandbox = true;
|
||||
trusted-users = [ "@wheel" ];
|
||||
allowed-users = [ "root" "qbit" ];
|
||||
allowed-users = [
|
||||
"root"
|
||||
"qbit"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -1,9 +1,11 @@
|
||||
{ config
|
||||
, lib
|
||||
, pkgs
|
||||
, ...
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with lib; {
|
||||
with lib;
|
||||
{
|
||||
options = {
|
||||
tsPeerix = {
|
||||
enable = mkOption {
|
||||
@ -27,7 +29,9 @@ with lib; {
|
||||
};
|
||||
|
||||
config = mkIf config.tsPeerix.enable {
|
||||
users.groups.peerix = { name = "peerix"; };
|
||||
users.groups.peerix = {
|
||||
name = "peerix";
|
||||
};
|
||||
users.users.peerix = {
|
||||
name = "peerix";
|
||||
group = "peerix";
|
||||
@ -54,14 +58,18 @@ with lib; {
|
||||
|
||||
environment.systemPackages = [ pkgs.zerotierone ];
|
||||
|
||||
networking.firewall.interfaces = listToAttrs (flatten (map
|
||||
(i: {
|
||||
name = i;
|
||||
value = {
|
||||
allowedUDPPorts = [ 12304 ];
|
||||
allowedTCPPorts = [ 12304 ];
|
||||
};
|
||||
})
|
||||
config.tsPeerix.interfaces));
|
||||
networking.firewall.interfaces = listToAttrs (
|
||||
flatten (
|
||||
map
|
||||
(i: {
|
||||
name = i;
|
||||
value = {
|
||||
allowedUDPPorts = [ 12304 ];
|
||||
allowedTCPPorts = [ 12304 ];
|
||||
};
|
||||
})
|
||||
config.tsPeerix.interfaces
|
||||
)
|
||||
);
|
||||
};
|
||||
}
|
||||
|
@ -120,6 +120,8 @@ in
|
||||
"xdg/polybar/config.ini".text = builtins.readFile settingsFile;
|
||||
};
|
||||
};
|
||||
fonts = { packages = [ pkgs.go-font ]; };
|
||||
fonts = {
|
||||
packages = [ pkgs.go-font ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
154
configs/smug.nix
154
configs/smug.nix
@ -7,83 +7,87 @@ in
|
||||
programs.zsh.promptInit = ''
|
||||
alias tstart='smug -f /etc/smug/main.yml start';
|
||||
alias cistart='smug -f /etc/smug/ci.yml start';
|
||||
alias nomad='smug -f /etc/smug/nomad.yml start';
|
||||
'';
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
smug
|
||||
];
|
||||
etc."smug/ci.yml".text = builtins.readFile (tmuxFormat.generate "ci.yml" {
|
||||
session = "CI";
|
||||
root = "~/";
|
||||
windows = [
|
||||
{
|
||||
name = "CI Status";
|
||||
layout = "even-vertical";
|
||||
commands = [
|
||||
"journalctl -xef -u xin-ci-update.service"
|
||||
];
|
||||
panes = [
|
||||
{
|
||||
type = "even-vertical";
|
||||
commands = [ "journalctl -xef -u xin-ci.service" ];
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "btop";
|
||||
commands = [
|
||||
"btop"
|
||||
];
|
||||
}
|
||||
];
|
||||
});
|
||||
etc."smug/main.yml".text = builtins.readFile (tmuxFormat.generate "main.yml" {
|
||||
session = "Main";
|
||||
root = "~/";
|
||||
before_start = [
|
||||
"ssh-add"
|
||||
];
|
||||
windows = [
|
||||
{
|
||||
name = "Status";
|
||||
commands = [
|
||||
"while true; do ssh -4 anonicb@slackers.openbsd.org; sleep 300; done"
|
||||
];
|
||||
panes = [
|
||||
{
|
||||
commands = [ "mosh pwntie 'smug -f /etc/smug/ci.yml start'" ];
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "Barrier";
|
||||
commands = [
|
||||
"barriers -a 127.0.0.1 -f --disable-crypto"
|
||||
];
|
||||
panes = [
|
||||
{
|
||||
commands = [ "ssh stan" ];
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "Xin";
|
||||
root = "src/xin";
|
||||
}
|
||||
{
|
||||
name = "Lab";
|
||||
root = "src/biltong";
|
||||
}
|
||||
{
|
||||
name = "NixPkgs";
|
||||
root = "src/nixpkgs";
|
||||
}
|
||||
{
|
||||
name = "NomadNet";
|
||||
root = "reticulum";
|
||||
}
|
||||
];
|
||||
});
|
||||
systemPackages = with pkgs; [ smug ];
|
||||
etc."smug/nomad.yml".text = builtins.readFile (
|
||||
tmuxFormat.generate "nomad.yml" {
|
||||
session = "nomad";
|
||||
root = "~/";
|
||||
windows = [
|
||||
{
|
||||
name = "rnsd";
|
||||
layout = "even-vertical";
|
||||
root = "~/reticulum";
|
||||
commands = [ "./bin/rnsd" ];
|
||||
}
|
||||
{
|
||||
name = "NomadNet";
|
||||
root = "~/reticulum";
|
||||
commands = [ "./bin/nomadnet" ];
|
||||
}
|
||||
];
|
||||
}
|
||||
);
|
||||
etc."smug/ci.yml".text = builtins.readFile (
|
||||
tmuxFormat.generate "ci.yml" {
|
||||
session = "CI";
|
||||
root = "~/";
|
||||
windows = [
|
||||
{
|
||||
name = "CI Status";
|
||||
layout = "even-vertical";
|
||||
commands = [ "journalctl -xef -u xin-ci-update.service" ];
|
||||
panes = [
|
||||
{
|
||||
type = "even-vertical";
|
||||
commands = [ "journalctl -xef -u xin-ci.service" ];
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "btop";
|
||||
commands = [ "btop" ];
|
||||
}
|
||||
];
|
||||
}
|
||||
);
|
||||
etc."smug/main.yml".text = builtins.readFile (
|
||||
tmuxFormat.generate "main.yml" {
|
||||
session = "Main";
|
||||
root = "~/";
|
||||
before_start = [ "ssh-add" ];
|
||||
windows = [
|
||||
{
|
||||
name = "Status";
|
||||
commands = [ "while true; do ssh -4 anonicb@slackers.openbsd.org; sleep 300; done" ];
|
||||
panes = [ { commands = [ "mosh pwntie 'smug -f /etc/smug/ci.yml start'" ]; } ];
|
||||
}
|
||||
{
|
||||
name = "Barrier";
|
||||
commands = [ "barriers -a 127.0.0.1 -f --disable-crypto" ];
|
||||
panes = [ { commands = [ "ssh stan" ]; } ];
|
||||
}
|
||||
{
|
||||
name = "Xin";
|
||||
root = "src/xin";
|
||||
}
|
||||
{
|
||||
name = "Lab";
|
||||
root = "src/biltong";
|
||||
}
|
||||
{
|
||||
name = "NixPkgs";
|
||||
root = "src/nixpkgs";
|
||||
}
|
||||
{
|
||||
name = "NomadNet";
|
||||
root = "reticulum";
|
||||
}
|
||||
];
|
||||
}
|
||||
);
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -1,9 +1,10 @@
|
||||
{ config
|
||||
, pkgs
|
||||
, lib
|
||||
, inputs
|
||||
, xinlib
|
||||
, ...
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
inputs,
|
||||
xinlib,
|
||||
...
|
||||
}:
|
||||
let
|
||||
tailnetACLs =
|
||||
@ -44,8 +45,16 @@ let
|
||||
}
|
||||
{
|
||||
action = "accept";
|
||||
src = [ "tag:minservice" "tag:sshonly" ];
|
||||
dst = [ "*:22" "box:3030" "nbc:443" "console:2222" ];
|
||||
src = [
|
||||
"tag:minservice"
|
||||
"tag:sshonly"
|
||||
];
|
||||
dst = [
|
||||
"*:22"
|
||||
"box:3030"
|
||||
"nbc:443"
|
||||
"console:2222"
|
||||
];
|
||||
}
|
||||
{
|
||||
action = "accept";
|
||||
@ -90,7 +99,8 @@ let
|
||||
];
|
||||
enabled = config.nixManager.enable;
|
||||
in
|
||||
with lib; {
|
||||
with lib;
|
||||
{
|
||||
sops.secrets = mkIf enabled {
|
||||
tailnet_acl_manager = {
|
||||
owner = config.nixManager.user;
|
||||
|
@ -1,4 +1,5 @@
|
||||
{ ... }: {
|
||||
{ ... }:
|
||||
{
|
||||
programs.tmux = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
|
@ -1,8 +1,6 @@
|
||||
{ config
|
||||
, lib
|
||||
, ...
|
||||
}:
|
||||
with lib; {
|
||||
{ config, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
options = {
|
||||
autoUpdate = {
|
||||
enable = mkOption {
|
||||
|
@ -1,4 +1,5 @@
|
||||
{ ... }: {
|
||||
{ ... }:
|
||||
{
|
||||
config = {
|
||||
programs.zsh.interactiveShellInit = ''
|
||||
export NO_COLOR=1
|
||||
|
@ -1,16 +1,20 @@
|
||||
{ config
|
||||
, lib
|
||||
, ...
|
||||
}:
|
||||
with lib; {
|
||||
{ config, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
options = {
|
||||
buildConsumer = { enable = mkEnableOption "Use remote build machines"; };
|
||||
buildConsumer = {
|
||||
enable = mkEnableOption "Use remote build machines";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf config.buildConsumer.enable {
|
||||
programs.ssh.knownHosts = {
|
||||
pcake = {
|
||||
hostNames = [ "pcake" "pcake.tapenet.org" "10.6.0.202" ];
|
||||
hostNames = [
|
||||
"pcake"
|
||||
"pcake.tapenet.org"
|
||||
"10.6.0.202"
|
||||
];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHgqVw3QWNG6Ty5o2HwW+25Eh59W3lZ30+wMqTEkUZVH";
|
||||
};
|
||||
};
|
||||
@ -24,10 +28,18 @@ with lib; {
|
||||
buildMachines = [
|
||||
{
|
||||
hostName = "pcake";
|
||||
systems = [ "x86_64-linux" "aarch64-linux" ];
|
||||
systems = [
|
||||
"x86_64-linux"
|
||||
"aarch64-linux"
|
||||
];
|
||||
maxJobs = 2;
|
||||
speedFactor = 4;
|
||||
supportedFeatures = [ "kvm" "big-parallel" "nixos-test" "benchmark" ];
|
||||
supportedFeatures = [
|
||||
"kvm"
|
||||
"big-parallel"
|
||||
"nixos-test"
|
||||
"benchmark"
|
||||
];
|
||||
mandatoryFeatures = [ ];
|
||||
}
|
||||
];
|
||||
|
@ -1,8 +1,6 @@
|
||||
{ config
|
||||
, lib
|
||||
, ...
|
||||
}:
|
||||
with lib; {
|
||||
{ config, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
options = {
|
||||
buildServer = {
|
||||
enable = mkEnableOption "Server will be used as part of the build infra";
|
||||
|
@ -1 +1,7 @@
|
||||
{ ... }: { imports = [ ./build-consumer.nix ./build-server.nix ]; }
|
||||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
./build-consumer.nix
|
||||
./build-server.nix
|
||||
];
|
||||
}
|
||||
|
75
default.nix
75
default.nix
@ -1,10 +1,11 @@
|
||||
{ config
|
||||
, lib
|
||||
, options
|
||||
, pkgs
|
||||
, xinlib
|
||||
, isUnstable
|
||||
, ...
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
options,
|
||||
pkgs,
|
||||
xinlib,
|
||||
isUnstable,
|
||||
...
|
||||
}:
|
||||
let
|
||||
inherit (xinlib) todo;
|
||||
@ -35,14 +36,16 @@ in
|
||||
./bins
|
||||
];
|
||||
|
||||
disabledModules = [
|
||||
"services/web-apps/gotosocial.nix"
|
||||
];
|
||||
disabledModules = [ "services/web-apps/gotosocial.nix" ];
|
||||
|
||||
options.myconf = {
|
||||
managementPubKeys = lib.mkOption rec {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
default = [ managementKey statusKey breakGlassKey ];
|
||||
default = [
|
||||
managementKey
|
||||
statusKey
|
||||
breakGlassKey
|
||||
];
|
||||
example = default;
|
||||
description = "List of management public keys to use";
|
||||
};
|
||||
@ -127,7 +130,9 @@ in
|
||||
'';
|
||||
|
||||
boot = {
|
||||
loader = { systemd-boot.configurationLimit = 15; };
|
||||
loader = {
|
||||
systemd-boot.configurationLimit = 15;
|
||||
};
|
||||
kernelPackages = lib.mkDefault pkgs.linuxPackages_hardened;
|
||||
kernel.sysctl = {
|
||||
"net.ipv4.tcp_keepalive_time" = 60;
|
||||
@ -138,23 +143,27 @@ in
|
||||
|
||||
nix = {
|
||||
settings =
|
||||
if config.xinCI.enable
|
||||
then { }
|
||||
else {
|
||||
substituters = lib.mkForce [
|
||||
"https://cache.nixos.org"
|
||||
"https://nix-binary-cache.otter-alligator.ts.net/"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"nix-binary-cache.otter-alligator.ts.net:XzgdqR79WNOzcvSHlgh4FDeFNUYR8U2m9dZGI7whuco="
|
||||
"nix-binary-cache.humpback-trout.ts.net:e9fJhcRtNVp6miW2pffFyK/gZ2et4y6IDigBNrEsAa0="
|
||||
];
|
||||
};
|
||||
if config.xinCI.enable then
|
||||
{ }
|
||||
else
|
||||
{
|
||||
substituters = lib.mkForce [
|
||||
"https://cache.nixos.org"
|
||||
"https://nix-binary-cache.otter-alligator.ts.net/"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"nix-binary-cache.otter-alligator.ts.net:XzgdqR79WNOzcvSHlgh4FDeFNUYR8U2m9dZGI7whuco="
|
||||
"nix-binary-cache.humpback-trout.ts.net:e9fJhcRtNVp6miW2pffFyK/gZ2et4y6IDigBNrEsAa0="
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
environment = {
|
||||
etc."ssh/ca.pub" = { text = caPubKeys; };
|
||||
systemPackages = with pkgs;
|
||||
etc."ssh/ca.pub" = {
|
||||
text = caPubKeys;
|
||||
};
|
||||
systemPackages =
|
||||
with pkgs;
|
||||
[
|
||||
age
|
||||
apg
|
||||
@ -179,11 +188,7 @@ in
|
||||
taskwarrior
|
||||
tmux
|
||||
]
|
||||
++ (
|
||||
if isUnstable
|
||||
then [ nil ]
|
||||
else [ ]
|
||||
);
|
||||
++ (if isUnstable then [ nil ] else [ ]);
|
||||
|
||||
interactiveShellInit = ''
|
||||
alias vi=nvim
|
||||
@ -221,8 +226,7 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
services.logrotate.checkConfig =
|
||||
todo "logrotate.checkConfig disabled: https://github.com/NixOS/nix/issues/8502" false;
|
||||
services.logrotate.checkConfig = todo "logrotate.checkConfig disabled: https://github.com/NixOS/nix/issues/8502" false;
|
||||
|
||||
services = {
|
||||
openssh = {
|
||||
@ -233,7 +237,10 @@ in
|
||||
settings = {
|
||||
PermitRootLogin = "prohibit-password";
|
||||
PasswordAuthentication = false;
|
||||
KexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
|
||||
KexAlgorithms = [
|
||||
"curve25519-sha256"
|
||||
"curve25519-sha256@libssh.org"
|
||||
];
|
||||
Macs = [
|
||||
"hmac-sha2-512-etm@openssh.com"
|
||||
"hmac-sha2-256-etm@openssh.com"
|
||||
|
184
flake.nix
184
flake.nix
@ -104,41 +104,46 @@
|
||||
};
|
||||
|
||||
outputs =
|
||||
{ self
|
||||
, darwin
|
||||
, gostart
|
||||
, peerix
|
||||
, po
|
||||
, pots
|
||||
, pr-status
|
||||
, stable
|
||||
, tsRevProx
|
||||
, traygent
|
||||
, tsvnstat
|
||||
, unstable
|
||||
, unstableSmall
|
||||
, xin-secrets
|
||||
, xintray
|
||||
, simple-nixos-mailserver
|
||||
, nixos-hardware
|
||||
, beyt
|
||||
, ...
|
||||
} @ inputs:
|
||||
{
|
||||
self,
|
||||
darwin,
|
||||
gostart,
|
||||
peerix,
|
||||
po,
|
||||
pots,
|
||||
pr-status,
|
||||
stable,
|
||||
tsRevProx,
|
||||
traygent,
|
||||
tsvnstat,
|
||||
unstable,
|
||||
unstableSmall,
|
||||
xin-secrets,
|
||||
xintray,
|
||||
simple-nixos-mailserver,
|
||||
nixos-hardware,
|
||||
beyt,
|
||||
...
|
||||
}@inputs:
|
||||
let
|
||||
xinlib = import ./lib { inherit (unstable) lib; };
|
||||
supportedSystems = [ "x86_64-linux" ];
|
||||
#[ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
|
||||
forAllSystems = unstable.lib.genAttrs supportedSystems;
|
||||
unstablePkgsFor = forAllSystems (system:
|
||||
unstablePkgsFor = forAllSystems (
|
||||
system:
|
||||
import unstable {
|
||||
inherit system;
|
||||
#imports = [ ./overlays ];
|
||||
});
|
||||
stablePkgsFor = forAllSystems (system:
|
||||
}
|
||||
);
|
||||
stablePkgsFor = forAllSystems (
|
||||
system:
|
||||
import stable {
|
||||
inherit system;
|
||||
#imports = [ ./overlays ];
|
||||
});
|
||||
}
|
||||
);
|
||||
hostBase = {
|
||||
modules = [
|
||||
# Common config stuffs
|
||||
@ -162,7 +167,8 @@
|
||||
inputs.tsRevProx.overlay
|
||||
];
|
||||
|
||||
buildSys = sys: sysBase: extraMods: name:
|
||||
buildSys =
|
||||
sys: sysBase: extraMods: name:
|
||||
sysBase.lib.nixosSystem {
|
||||
system = sys;
|
||||
specialArgs = {
|
||||
@ -184,8 +190,11 @@
|
||||
};
|
||||
}
|
||||
]
|
||||
++ [ (xinlib.buildVer self) (./. + "/hosts/${name}") ]
|
||||
++ [{ nixpkgs.overlays = overlays; }];
|
||||
++ [
|
||||
(xinlib.buildVer self)
|
||||
(./. + "/hosts/${name}")
|
||||
]
|
||||
++ [ { nixpkgs.overlays = overlays; } ];
|
||||
};
|
||||
lpkgs = unstable.legacyPackages.x86_64-linux;
|
||||
darwinPkgs = unstableSmall.legacyPackages.aarch64-darwin;
|
||||
@ -194,7 +203,9 @@
|
||||
darwinConfigurations = {
|
||||
plq = darwin.lib.darwinSystem {
|
||||
system = "aarch64-darwin";
|
||||
specialArgs = { inherit xinlib; };
|
||||
specialArgs = {
|
||||
inherit xinlib;
|
||||
};
|
||||
modules = [
|
||||
xin-secrets.nixosModules.sops
|
||||
./overlays
|
||||
@ -223,34 +234,37 @@
|
||||
stableList.nixpkgs.overlays ++ unstableList.nixpkgs.overlays;
|
||||
};
|
||||
|
||||
formatter.x86_64-linux = stable.legacyPackages.x86_64-linux.nixpkgs-fmt;
|
||||
formatter.aarch64-darwin = stable.legacyPackages.aarch64-darwin.nixpkgs-fmt;
|
||||
formatter.x86_64-linux = unstable.legacyPackages.x86_64-linux.nixfmt-rfc-style;
|
||||
formatter.aarch64-darwin = unstable.legacyPackages.aarch64-darwin.nixfmt-rfc-style;
|
||||
|
||||
devShells.x86_64-linux.default = xinlib.buildShell lpkgs;
|
||||
devShells.aarch64-darwin.default = xinlib.buildShell darwinPkgs;
|
||||
|
||||
nixosConfigurations = {
|
||||
europa = buildSys "x86_64-linux" unstable [
|
||||
nixos-hardware.nixosModules.framework-11th-gen-intel
|
||||
] "europa";
|
||||
europa =
|
||||
buildSys "x86_64-linux" unstable [ nixos-hardware.nixosModules.framework-11th-gen-intel ]
|
||||
"europa";
|
||||
clunk = buildSys "x86_64-linux" unstable [ ] "clunk";
|
||||
orcim = buildSys "x86_64-linux" unstable [ ] "orcim";
|
||||
pwntie = buildSys "x86_64-linux" stable [ ] "pwntie";
|
||||
stan = buildSys "x86_64-linux" unstable [
|
||||
nixos-hardware.nixosModules.framework-11th-gen-intel
|
||||
] "stan";
|
||||
stan =
|
||||
buildSys "x86_64-linux" unstable [ nixos-hardware.nixosModules.framework-11th-gen-intel ]
|
||||
"stan";
|
||||
weather = buildSys "aarch64-linux" stable [ ] "weather";
|
||||
octo = buildSys "aarch64-linux" stable [ ] "octo";
|
||||
|
||||
faf = buildSys "x86_64-linux" stable [ ./configs/hardened.nix ] "faf";
|
||||
box = buildSys "x86_64-linux" unstable [ ./configs/hardened.nix ] "box";
|
||||
h = buildSys "x86_64-linux" stable [
|
||||
./configs/hardened.nix
|
||||
gostart.nixosModule
|
||||
pots.nixosModule
|
||||
pr-status.nixosModule
|
||||
simple-nixos-mailserver.nixosModule
|
||||
] "h";
|
||||
h =
|
||||
buildSys "x86_64-linux" stable
|
||||
[
|
||||
./configs/hardened.nix
|
||||
gostart.nixosModule
|
||||
pots.nixosModule
|
||||
pr-status.nixosModule
|
||||
simple-nixos-mailserver.nixosModule
|
||||
]
|
||||
"h";
|
||||
#router =
|
||||
# buildSys "x86_64-linux" stable [ ./configs/hardened.nix ] "router";
|
||||
|
||||
@ -294,14 +308,14 @@
|
||||
};
|
||||
};
|
||||
|
||||
packages = forAllSystems (system:
|
||||
packages = forAllSystems (
|
||||
system:
|
||||
let
|
||||
upkgs = unstablePkgsFor.${system};
|
||||
spkgs = stablePkgsFor.${system};
|
||||
in
|
||||
{
|
||||
ada_language_server =
|
||||
spkgs.callPackage ./pkgs/ada_language_server.nix { inherit spkgs; };
|
||||
ada_language_server = spkgs.callPackage ./pkgs/ada_language_server.nix { inherit spkgs; };
|
||||
alire = spkgs.callPackage ./pkgs/alire.nix { inherit spkgs; };
|
||||
bearclaw = spkgs.callPackage ./pkgs/bearclaw.nix { inherit spkgs; };
|
||||
rtlamr = spkgs.callPackage ./pkgs/rtlamr.nix { inherit spkgs; };
|
||||
@ -309,9 +323,7 @@
|
||||
inherit spkgs;
|
||||
isUnstable = true;
|
||||
};
|
||||
himitsu = upkgs.callPackage ./pkgs/himitsu.nix {
|
||||
inherit upkgs;
|
||||
};
|
||||
himitsu = upkgs.callPackage ./pkgs/himitsu.nix { inherit upkgs; };
|
||||
icbirc = spkgs.callPackage ./pkgs/icbirc.nix {
|
||||
inherit spkgs;
|
||||
isUnstable = true;
|
||||
@ -319,52 +331,32 @@
|
||||
femtolisp = upkgs.callPackage ./pkgs/femtolisp.nix { };
|
||||
ttfs = upkgs.callPackage ./pkgs/ttfs.nix { };
|
||||
fyne = upkgs.callPackage ./pkgs/fyne.nix { inherit upkgs; };
|
||||
flake-warn =
|
||||
spkgs.callPackage ./pkgs/flake-warn.nix { inherit spkgs; };
|
||||
flake-warn = spkgs.callPackage ./pkgs/flake-warn.nix { inherit spkgs; };
|
||||
#kurinto = spkgs.callPackage ./pkgs/kurinto.nix {};
|
||||
mcchunkie = spkgs.callPackage ./pkgs/mcchunkie.nix { inherit spkgs; };
|
||||
yaegi = spkgs.callPackage ./pkgs/yaegi.nix { inherit spkgs; };
|
||||
gen-patches =
|
||||
spkgs.callPackage ./bins/gen-patches.nix { inherit spkgs; };
|
||||
gen-patches = spkgs.callPackage ./bins/gen-patches.nix { inherit spkgs; };
|
||||
yarr = spkgs.callPackage ./pkgs/yarr.nix {
|
||||
inherit spkgs;
|
||||
isUnstable = true;
|
||||
};
|
||||
precursorupdater = spkgs.python3Packages.callPackage ./pkgs/precursorupdater.nix {
|
||||
inherit spkgs;
|
||||
};
|
||||
rtlamr2mqtt = spkgs.python3Packages.callPackage ./pkgs/rtlamr2mqtt.nix {
|
||||
inherit spkgs;
|
||||
};
|
||||
kobuddy = upkgs.python3Packages.callPackage ./pkgs/kobuddy.nix {
|
||||
inherit upkgs;
|
||||
};
|
||||
precursorupdater = spkgs.python3Packages.callPackage ./pkgs/precursorupdater.nix { inherit spkgs; };
|
||||
rtlamr2mqtt = spkgs.python3Packages.callPackage ./pkgs/rtlamr2mqtt.nix { inherit spkgs; };
|
||||
kobuddy = upkgs.python3Packages.callPackage ./pkgs/kobuddy.nix { inherit upkgs; };
|
||||
bandcamp-downloader = upkgs.python3Packages.callPackage ./pkgs/bandcamp-downloader.nix {
|
||||
inherit upkgs;
|
||||
};
|
||||
ghexport = upkgs.python3Packages.callPackage ./pkgs/ghexport.nix {
|
||||
inherit upkgs;
|
||||
};
|
||||
hpi =
|
||||
upkgs.python3Packages.callPackage ./pkgs/hpi.nix { inherit upkgs; };
|
||||
openevse =
|
||||
upkgs.python3Packages.callPackage ./pkgs/openevse.nix { inherit upkgs; };
|
||||
promnesia = upkgs.python3Packages.callPackage ./pkgs/promnesia.nix {
|
||||
inherit upkgs;
|
||||
};
|
||||
sliding-sync =
|
||||
spkgs.callPackage ./pkgs/sliding-sync.nix { inherit spkgs; };
|
||||
ghexport = upkgs.python3Packages.callPackage ./pkgs/ghexport.nix { inherit upkgs; };
|
||||
hpi = upkgs.python3Packages.callPackage ./pkgs/hpi.nix { inherit upkgs; };
|
||||
openevse = upkgs.python3Packages.callPackage ./pkgs/openevse.nix { inherit upkgs; };
|
||||
promnesia = upkgs.python3Packages.callPackage ./pkgs/promnesia.nix { inherit upkgs; };
|
||||
sliding-sync = spkgs.callPackage ./pkgs/sliding-sync.nix { inherit spkgs; };
|
||||
golink = spkgs.callPackage ./pkgs/golink.nix { inherit spkgs; };
|
||||
gokrazy = upkgs.callPackage ./pkgs/gokrazy.nix { inherit upkgs; };
|
||||
gosignify = spkgs.callPackage ./pkgs/gosignify.nix { inherit spkgs; };
|
||||
gotosocial =
|
||||
spkgs.callPackage ./pkgs/gotosocial.nix { inherit spkgs; };
|
||||
zutty = upkgs.callPackage ./pkgs/zutty.nix {
|
||||
inherit upkgs;
|
||||
};
|
||||
mvoice = upkgs.callPackage ./pkgs/mvoice.nix {
|
||||
inherit upkgs;
|
||||
};
|
||||
gotosocial = spkgs.callPackage ./pkgs/gotosocial.nix { inherit spkgs; };
|
||||
zutty = upkgs.callPackage ./pkgs/zutty.nix { inherit upkgs; };
|
||||
mvoice = upkgs.callPackage ./pkgs/mvoice.nix { inherit upkgs; };
|
||||
inherit (xintray.packages.${system}) xintray;
|
||||
inherit (beyt.packages.${system}) beyt;
|
||||
inherit (tsvnstat.packages.${system}) tsvnstat;
|
||||
@ -374,7 +366,8 @@
|
||||
inherit (traygent.packages.${system}) traygent;
|
||||
|
||||
inherit (spkgs) matrix-synapse;
|
||||
});
|
||||
}
|
||||
);
|
||||
|
||||
templates = {
|
||||
"ada" = {
|
||||
@ -405,15 +398,24 @@
|
||||
|
||||
checks =
|
||||
let
|
||||
buildList = [ "europa" "stan" "h" "box" "faf" "weather" "clunk" "orcim" ];
|
||||
buildList = [
|
||||
"europa"
|
||||
"stan"
|
||||
"h"
|
||||
"box"
|
||||
"faf"
|
||||
"weather"
|
||||
"clunk"
|
||||
"orcim"
|
||||
];
|
||||
in
|
||||
with unstable.lib;
|
||||
foldl' recursiveUpdate { } (mapAttrsToList
|
||||
(name: system: {
|
||||
"${system.pkgs.stdenv.hostPlatform.system}"."${name}" =
|
||||
system.config.system.build.toplevel;
|
||||
})
|
||||
(filterAttrs (n: _: (builtins.elem n buildList))
|
||||
self.nixosConfigurations));
|
||||
foldl' recursiveUpdate { } (
|
||||
mapAttrsToList
|
||||
(name: system: {
|
||||
"${system.pkgs.stdenv.hostPlatform.system}"."${name}" = system.config.system.build.toplevel;
|
||||
})
|
||||
(filterAttrs (n: _: (builtins.elem n buildList)) self.nixosConfigurations)
|
||||
);
|
||||
};
|
||||
}
|
||||
|
107
gui/default.nix
107
gui/default.nix
@ -1,10 +1,11 @@
|
||||
{ config
|
||||
, lib
|
||||
, pkgs
|
||||
, xinlib
|
||||
, isUnstable
|
||||
, inputs
|
||||
, ...
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
xinlib,
|
||||
isUnstable,
|
||||
inputs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
inherit (builtins) toJSON;
|
||||
@ -13,11 +14,8 @@ let
|
||||
firefox = import ../configs/firefox.nix { inherit pkgs; };
|
||||
myEmacs = pkgs.callPackage ../configs/emacs.nix { };
|
||||
rage = pkgs.writeScriptBin "rage" (import ../bins/rage.nix { inherit pkgs; });
|
||||
rpr =
|
||||
pkgs.writeScriptBin "rpr"
|
||||
(import ../bins/rpr.nix { inherit (pkgs) hut gh tea; });
|
||||
promnesia =
|
||||
pkgs.python3Packages.callPackage ../pkgs/promnesia.nix { inherit pkgs; };
|
||||
rpr = pkgs.writeScriptBin "rpr" (import ../bins/rpr.nix { inherit (pkgs) hut gh tea; });
|
||||
promnesia = pkgs.python3Packages.callPackage ../pkgs/promnesia.nix { inherit pkgs; };
|
||||
hpi = pkgs.python3Packages.callPackage ../pkgs/hpi.nix { inherit pkgs; };
|
||||
promnesiaService = {
|
||||
promnesia = {
|
||||
@ -35,7 +33,10 @@ let
|
||||
name = "promnesia-index";
|
||||
script = "${promnesia}/bin/promnesia index";
|
||||
startAt = "*:0/5";
|
||||
path = [ promnesia hpi ];
|
||||
path = [
|
||||
promnesia
|
||||
hpi
|
||||
];
|
||||
}
|
||||
];
|
||||
fontSet = with pkgs; [
|
||||
@ -51,18 +52,35 @@ let
|
||||
}
|
||||
{
|
||||
command_path = "${pkgs.kdialog}/bin/kdialog";
|
||||
command_args = [ "--title" "traygent" "--passivepopup" "SSH Key Added" "5" ];
|
||||
command_args = [
|
||||
"--title"
|
||||
"traygent"
|
||||
"--passivepopup"
|
||||
"SSH Key Added"
|
||||
"5"
|
||||
];
|
||||
event = "added";
|
||||
}
|
||||
{
|
||||
command_path = "${pkgs.kdialog}/bin/kdialog";
|
||||
command_args = [ "--title" "traygent" "--passivepopup" "SSH Key Removed" "5" ];
|
||||
command_args = [
|
||||
"--title"
|
||||
"traygent"
|
||||
"--passivepopup"
|
||||
"SSH Key Removed"
|
||||
"5"
|
||||
];
|
||||
event = "removed";
|
||||
}
|
||||
];
|
||||
in
|
||||
with lib; {
|
||||
imports = [ ./gnome.nix ./kde.nix ./xfce.nix ];
|
||||
with lib;
|
||||
{
|
||||
imports = [
|
||||
./gnome.nix
|
||||
./kde.nix
|
||||
./xfce.nix
|
||||
];
|
||||
|
||||
options = {
|
||||
pulse = {
|
||||
@ -98,43 +116,48 @@ with lib; {
|
||||
documentation.enable = true;
|
||||
|
||||
# TODO: TEMP FIX
|
||||
systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart =
|
||||
lib.mkForce [ "" "${pkgs.networkmanager}/bin/nm-online -q" ];
|
||||
systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart = lib.mkForce [
|
||||
""
|
||||
"${pkgs.networkmanager}/bin/nm-online -q"
|
||||
];
|
||||
fonts = if isUnstable then { packages = fontSet; } else { fonts = fontSet; };
|
||||
sound.enable = true;
|
||||
environment = {
|
||||
etc."traygent.json" = { text = traygentCmds; };
|
||||
etc."traygent.json" = {
|
||||
text = traygentCmds;
|
||||
};
|
||||
sessionVariables = {
|
||||
SSH_AUTH_SOCK = "$HOME/.traygent";
|
||||
};
|
||||
systemPackages = with pkgs; (xinlib.filterList [
|
||||
alacritty
|
||||
bc
|
||||
beyt
|
||||
black
|
||||
drawterm
|
||||
exiftool
|
||||
go-font
|
||||
govulncheck
|
||||
hpi
|
||||
pcsctools
|
||||
plan9port
|
||||
promnesia
|
||||
rage
|
||||
rpr
|
||||
traygent
|
||||
vlc
|
||||
zeal
|
||||
systemPackages =
|
||||
with pkgs;
|
||||
(xinlib.filterList [
|
||||
alacritty
|
||||
bc
|
||||
beyt
|
||||
black
|
||||
drawterm
|
||||
exiftool
|
||||
go-font
|
||||
govulncheck
|
||||
hpi
|
||||
pcsctools
|
||||
plan9port
|
||||
promnesia
|
||||
rage
|
||||
rpr
|
||||
traygent
|
||||
vlc
|
||||
zeal
|
||||
|
||||
(callPackage ../configs/helix.nix { })
|
||||
]);
|
||||
(callPackage ../configs/helix.nix { })
|
||||
]);
|
||||
};
|
||||
|
||||
programs = { } // firefox.programs;
|
||||
|
||||
systemd.user.services =
|
||||
(lib.listToAttrs (builtins.map xinlib.jobToUserService jobs))
|
||||
// promnesiaService;
|
||||
(lib.listToAttrs (builtins.map xinlib.jobToUserService jobs)) // promnesiaService;
|
||||
security.rtkit.enable = true;
|
||||
})
|
||||
(mkIf config.pipewire.enable {
|
||||
|
@ -1,9 +1,11 @@
|
||||
{ config
|
||||
, lib
|
||||
, ...
|
||||
}:
|
||||
with lib; {
|
||||
options = { gnome = { enable = mkEnableOption "Enable GNOME desktop."; }; };
|
||||
{ config, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
options = {
|
||||
gnome = {
|
||||
enable = mkEnableOption "Enable GNOME desktop.";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf config.gnome.enable {
|
||||
services.xserver.displayManager.gdm.enable = true;
|
||||
|
15
gui/kde.nix
15
gui/kde.nix
@ -1,13 +1,18 @@
|
||||
{ config
|
||||
, lib
|
||||
, pkgs
|
||||
, ...
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
inherit (pkgs.libsForQt5) callPackage;
|
||||
in
|
||||
{
|
||||
options = { kde = { enable = lib.mkEnableOption "Enable KDE desktop."; }; };
|
||||
options = {
|
||||
kde = {
|
||||
enable = lib.mkEnableOption "Enable KDE desktop.";
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf config.kde.enable {
|
||||
services.xserver.displayManager.sddm.enable = true;
|
||||
|
22
gui/xfce.nix
22
gui/xfce.nix
@ -1,10 +1,16 @@
|
||||
{ config
|
||||
, lib
|
||||
, pkgs
|
||||
, ...
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with lib; {
|
||||
options = { xfce = { enable = mkEnableOption "Enable XFCE desktop."; }; };
|
||||
with lib;
|
||||
{
|
||||
options = {
|
||||
xfce = {
|
||||
enable = mkEnableOption "Enable XFCE desktop.";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf config.xfce.enable {
|
||||
security.pam.services = {
|
||||
@ -22,6 +28,8 @@ with lib; {
|
||||
];
|
||||
|
||||
services.xserver.displayManager.sddm.enable = true;
|
||||
services.xserver.desktopManager.xfce = { enable = true; };
|
||||
services.xserver.desktopManager.xfce = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -1,8 +1,9 @@
|
||||
{ config
|
||||
, lib
|
||||
, pkgs
|
||||
, xinlib
|
||||
, ...
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
xinlib,
|
||||
...
|
||||
}:
|
||||
let
|
||||
inherit (xinlib) todo;
|
||||
@ -38,7 +39,9 @@ let
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
|
||||
];
|
||||
userBase = { openssh.authorizedKeys.keys = pubKeys; };
|
||||
userBase = {
|
||||
openssh.authorizedKeys.keys = pubKeys;
|
||||
};
|
||||
mkNginxSecret = {
|
||||
sopsFile = config.xin-secrets.box.certs;
|
||||
owner = config.users.users.nginx.name;
|
||||
@ -66,8 +69,12 @@ in
|
||||
owner = config.users.users.gitea.name;
|
||||
sopsFile = config.xin-secrets.box.services;
|
||||
};
|
||||
"bitwarden_rs.env" = { sopsFile = config.xin-secrets.box.services; };
|
||||
"wireguard_private_key" = { sopsFile = config.xin-secrets.box.services; };
|
||||
"bitwarden_rs.env" = {
|
||||
sopsFile = config.xin-secrets.box.services;
|
||||
};
|
||||
"wireguard_private_key" = {
|
||||
sopsFile = config.xin-secrets.box.services;
|
||||
};
|
||||
"restic_htpasswd" = {
|
||||
owner = config.users.users.restic.name;
|
||||
sopsFile = config.xin-secrets.box.services;
|
||||
@ -132,10 +139,16 @@ in
|
||||
"10.6.0.15" = [ "jelly.bold.daemon" ];
|
||||
"100.74.8.55" = [ "nix-binary-cache.otter-alligator.ts.net" ];
|
||||
};
|
||||
interfaces.enp7s0 = { useDHCP = true; };
|
||||
interfaces.enp7s0 = {
|
||||
useDHCP = true;
|
||||
};
|
||||
|
||||
firewall = {
|
||||
interfaces = { "tailscale0" = { allowedTCPPorts = [ 3030 ]; }; };
|
||||
interfaces = {
|
||||
"tailscale0" = {
|
||||
allowedTCPPorts = [ 3030 ];
|
||||
};
|
||||
};
|
||||
interfaces = {
|
||||
"wg0" = {
|
||||
allowedTCPPorts = [
|
||||
@ -145,19 +158,17 @@ in
|
||||
];
|
||||
};
|
||||
};
|
||||
allowedTCPPorts =
|
||||
config.services.openssh.ports
|
||||
++ [
|
||||
80
|
||||
443
|
||||
config.services.gitea.settings.server.SSH_PORT
|
||||
21063 #homekit
|
||||
21064 #homekit
|
||||
1883 # mosquitto
|
||||
8484 # restic-rest server
|
||||
];
|
||||
allowedTCPPorts = config.services.openssh.ports ++ [
|
||||
80
|
||||
443
|
||||
config.services.gitea.settings.server.SSH_PORT
|
||||
21063 # homekit
|
||||
21064 # homekit
|
||||
1883 # mosquitto
|
||||
8484 # restic-rest server
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
5353 #homekit
|
||||
5353 # homekit
|
||||
];
|
||||
allowedUDPPortRanges = [
|
||||
{
|
||||
@ -191,9 +202,7 @@ in
|
||||
nixpkgs = {
|
||||
config = {
|
||||
allowUnfree = true;
|
||||
permittedInsecurePackages = todo "figure out what is using openssl-1.1.1w" [
|
||||
"openssl-1.1.1w"
|
||||
];
|
||||
permittedInsecurePackages = todo "figure out what is using openssl-1.1.1w" [ "openssl-1.1.1w" ];
|
||||
};
|
||||
#overlays = [
|
||||
# (_: _: {
|
||||
@ -227,7 +236,17 @@ in
|
||||
groups = {
|
||||
media = {
|
||||
name = "media";
|
||||
members = [ "qbit" "sonarr" "radarr" "lidarr" "nzbget" "jellyfin" "headphones" "rtorrent" "readarr" ];
|
||||
members = [
|
||||
"qbit"
|
||||
"sonarr"
|
||||
"radarr"
|
||||
"lidarr"
|
||||
"nzbget"
|
||||
"jellyfin"
|
||||
"headphones"
|
||||
"rtorrent"
|
||||
"readarr"
|
||||
];
|
||||
};
|
||||
|
||||
photos = {
|
||||
@ -290,8 +309,8 @@ in
|
||||
};
|
||||
home-assistant = {
|
||||
enable = true;
|
||||
extraPackages = python3Packages:
|
||||
with python3Packages; [
|
||||
extraPackages =
|
||||
python3Packages: with python3Packages; [
|
||||
pyipp
|
||||
pymetno
|
||||
ical
|
||||
@ -326,8 +345,7 @@ in
|
||||
"zeroconf"
|
||||
];
|
||||
config = {
|
||||
sensor = [
|
||||
];
|
||||
sensor = [ ];
|
||||
mqtt.sensor = [
|
||||
{
|
||||
name = "Greenhouse Temperature";
|
||||
@ -348,8 +366,7 @@ in
|
||||
#"homeassistant.components.aprs" = "debug";
|
||||
};
|
||||
};
|
||||
"automation manual" = [
|
||||
];
|
||||
"automation manual" = [ ];
|
||||
"automation ui" = "!include automations.yaml";
|
||||
rest = [
|
||||
{
|
||||
@ -381,8 +398,7 @@ in
|
||||
};
|
||||
}
|
||||
];
|
||||
device_tracker = [
|
||||
];
|
||||
device_tracker = [ ];
|
||||
default_config = { };
|
||||
http = {
|
||||
use_x_forwarded_for = true;
|
||||
@ -482,7 +498,9 @@ in
|
||||
in
|
||||
[ "@daily root ${tsCertsScript}/bin/ts-certs.sh" ];
|
||||
};
|
||||
openssh = { settings.X11Forwarding = true; };
|
||||
openssh = {
|
||||
settings.X11Forwarding = true;
|
||||
};
|
||||
|
||||
tor.enable = true;
|
||||
|
||||
@ -508,7 +526,9 @@ in
|
||||
nzbget = {
|
||||
enable = true;
|
||||
group = "media";
|
||||
settings = { MainDir = "/media/downloads"; };
|
||||
settings = {
|
||||
MainDir = "/media/downloads";
|
||||
};
|
||||
};
|
||||
|
||||
fwupd.enable = true;
|
||||
@ -539,7 +559,9 @@ in
|
||||
calibre-web = {
|
||||
enable = true;
|
||||
group = "media";
|
||||
options = { enableBookUploading = true; };
|
||||
options = {
|
||||
enableBookUploading = true;
|
||||
};
|
||||
listen.port = 8909;
|
||||
listen.ip = "127.0.0.1";
|
||||
};
|
||||
@ -570,10 +592,7 @@ in
|
||||
name = "Loki";
|
||||
type = "loki";
|
||||
access = "proxy";
|
||||
url = "http://127.0.0.1:${
|
||||
toString
|
||||
config.services.loki.configuration.server.http_listen_port
|
||||
}";
|
||||
url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}";
|
||||
}
|
||||
];
|
||||
};
|
||||
@ -591,7 +610,9 @@ in
|
||||
lifecycler = {
|
||||
address = "127.0.0.1";
|
||||
ring = {
|
||||
kvstore = { store = "inmemory"; };
|
||||
kvstore = {
|
||||
store = "inmemory";
|
||||
};
|
||||
replication_factor = 1;
|
||||
};
|
||||
};
|
||||
@ -625,7 +646,9 @@ in
|
||||
shared_store = "filesystem";
|
||||
};
|
||||
|
||||
filesystem = { directory = "/var/lib/loki/chunks"; };
|
||||
filesystem = {
|
||||
directory = "/var/lib/loki/chunks";
|
||||
};
|
||||
};
|
||||
|
||||
limits_config = {
|
||||
@ -633,7 +656,9 @@ in
|
||||
reject_old_samples_max_age = "168h";
|
||||
};
|
||||
|
||||
chunk_store_config = { max_look_back_period = "0s"; };
|
||||
chunk_store_config = {
|
||||
max_look_back_period = "0s";
|
||||
};
|
||||
|
||||
table_manager = {
|
||||
retention_deletes_enabled = false;
|
||||
@ -643,7 +668,11 @@ in
|
||||
compactor = {
|
||||
working_directory = "/var/lib/loki";
|
||||
shared_store = "filesystem";
|
||||
compactor_ring = { kvstore = { store = "inmemory"; }; };
|
||||
compactor_ring = {
|
||||
kvstore = {
|
||||
store = "inmemory";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
@ -655,13 +684,12 @@ in
|
||||
http_listen_port = 3031;
|
||||
grpc_listen_port = 0;
|
||||
};
|
||||
positions = { filename = "/tmp/positions.yaml"; };
|
||||
positions = {
|
||||
filename = "/tmp/positions.yaml";
|
||||
};
|
||||
clients = [
|
||||
{
|
||||
url = "http://127.0.0.1:${
|
||||
toString
|
||||
config.services.loki.configuration.server.http_listen_port
|
||||
}/loki/api/v1/push";
|
||||
url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
|
||||
}
|
||||
];
|
||||
scrape_configs = [
|
||||
@ -696,7 +724,9 @@ in
|
||||
port = 9002;
|
||||
};
|
||||
|
||||
nginx = { enable = true; };
|
||||
nginx = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
rtl_433 = {
|
||||
enable = true;
|
||||
@ -720,53 +750,35 @@ in
|
||||
{
|
||||
job_name = "rtl_433";
|
||||
static_configs = [
|
||||
{
|
||||
targets = [
|
||||
"127.0.0.1:${
|
||||
toString config.services.prometheus.exporters.rtl_433.port
|
||||
}"
|
||||
];
|
||||
}
|
||||
{ targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.rtl_433.port}" ]; }
|
||||
];
|
||||
}
|
||||
{
|
||||
job_name = "box";
|
||||
static_configs = [
|
||||
{
|
||||
targets = [
|
||||
"127.0.0.1:${
|
||||
toString config.services.prometheus.exporters.node.port
|
||||
}"
|
||||
];
|
||||
}
|
||||
{ targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ]; }
|
||||
];
|
||||
}
|
||||
{
|
||||
job_name = "faf";
|
||||
static_configs = [{ targets = [ "10.6.0.245:9002" ]; }];
|
||||
static_configs = [ { targets = [ "10.6.0.245:9002" ]; } ];
|
||||
}
|
||||
{
|
||||
job_name = "h";
|
||||
static_configs = [{ targets = [ "100.83.77.133:9002" ]; }];
|
||||
static_configs = [ { targets = [ "100.83.77.133:9002" ]; } ];
|
||||
}
|
||||
{
|
||||
job_name = "pwntie";
|
||||
static_configs = [{ targets = [ "100.84.170.57:9002" ]; }];
|
||||
static_configs = [ { targets = [ "100.84.170.57:9002" ]; } ];
|
||||
}
|
||||
{
|
||||
job_name = "namish";
|
||||
static_configs = [{ targets = [ "10.200.0.100:9100" ]; }];
|
||||
static_configs = [ { targets = [ "10.200.0.100:9100" ]; } ];
|
||||
}
|
||||
{
|
||||
job_name = "nginx";
|
||||
static_configs = [
|
||||
{
|
||||
targets = [
|
||||
"127.0.0.1:${
|
||||
toString config.services.prometheus.exporters.nginx.port
|
||||
}"
|
||||
];
|
||||
}
|
||||
{ targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.nginx.port}" ]; }
|
||||
];
|
||||
}
|
||||
];
|
||||
@ -833,7 +845,9 @@ in
|
||||
backup root@suah.dev:/var/www/ suah.dev/
|
||||
backup_exec date "+ backup of suah.dev ended at %c"
|
||||
'';
|
||||
cronIntervals = { daily = "50 21 * * *"; };
|
||||
cronIntervals = {
|
||||
daily = "50 21 * * *";
|
||||
};
|
||||
};
|
||||
|
||||
libreddit = {
|
||||
@ -877,9 +891,7 @@ in
|
||||
sslCertificateKey = "${config.sops.secrets.invidious_key.path}";
|
||||
sslCertificate = "${config.sops.secrets.invidious_cert.path}";
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${
|
||||
toString config.services.invidious.port
|
||||
}";
|
||||
proxyPass = "http://127.0.0.1:${toString config.services.invidious.port}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
@ -941,9 +953,7 @@ in
|
||||
sslCertificate = "${config.sops.secrets.books_cert.path}";
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:${
|
||||
toString config.services.calibre-web.listen.port
|
||||
}";
|
||||
proxyPass = "http://localhost:${toString config.services.calibre-web.listen.port}";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
${httpAllow}
|
||||
@ -1047,9 +1057,7 @@ in
|
||||
forceSSL = true;
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${
|
||||
toString config.services.grafana.settings.server.http_port
|
||||
}";
|
||||
proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
${httpAllow}
|
||||
@ -1072,17 +1080,13 @@ in
|
||||
end
|
||||
|
||||
local sock = ngx.socket.tcp()
|
||||
local ok, err = sock:connect("127.0.0.1", ${
|
||||
toString config.services.prometheus.port
|
||||
})
|
||||
local ok, err = sock:connect("127.0.0.1", ${toString config.services.prometheus.port})
|
||||
if not ok then
|
||||
ngx.say("failed to connect to backend: ", err)
|
||||
return
|
||||
end
|
||||
|
||||
local bytes = sock:send("GET /api/v1/query?query=wstation_temp_c HTTP/1.1\nHost: 127.0.0.1:${
|
||||
toString config.services.prometheus.port
|
||||
}\n\n")
|
||||
local bytes = sock:send("GET /api/v1/query?query=wstation_temp_c HTTP/1.1\nHost: 127.0.0.1:${toString config.services.prometheus.port}\n\n")
|
||||
|
||||
sock:settimeouts(1000, 1000, 1000)
|
||||
|
||||
@ -1120,7 +1124,11 @@ in
|
||||
host all all ::1/128 trust
|
||||
'';
|
||||
|
||||
ensureDatabases = [ "nextcloud" "gitea" "invidious" ];
|
||||
ensureDatabases = [
|
||||
"nextcloud"
|
||||
"gitea"
|
||||
"invidious"
|
||||
];
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "nextcloud";
|
||||
|
@ -1,10 +1,20 @@
|
||||
{ ... }: {
|
||||
{ ... }:
|
||||
{
|
||||
boot = {
|
||||
initrd = {
|
||||
availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||
availableKernelModules = [
|
||||
"ehci_pci"
|
||||
"ahci"
|
||||
"usbhid"
|
||||
"usb_storage"
|
||||
"sd_mod"
|
||||
];
|
||||
kernelModules = [ ];
|
||||
};
|
||||
kernelModules = [ "kvm-intel" "wireguard" ];
|
||||
kernelModules = [
|
||||
"kvm-intel"
|
||||
"wireguard"
|
||||
];
|
||||
extraModulePackages = [ ];
|
||||
};
|
||||
|
||||
@ -72,5 +82,5 @@
|
||||
};
|
||||
};
|
||||
|
||||
swapDevices = [{ device = "/dev/disk/by-uuid/97d6ef56-ea18-493b-aac0-e58e773ced30"; }];
|
||||
swapDevices = [ { device = "/dev/disk/by-uuid/97d6ef56-ea18-493b-aac0-e58e773ced30"; } ];
|
||||
}
|
||||
|
@ -1,6 +1,4 @@
|
||||
{ pkgs
|
||||
, ...
|
||||
}:
|
||||
{ pkgs, ... }:
|
||||
let
|
||||
pubKeys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
|
||||
@ -8,18 +6,14 @@ let
|
||||
in
|
||||
{
|
||||
_module.args.isUnstable = true;
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
imports = [ ./hardware-configuration.nix ];
|
||||
|
||||
hardware.rtl-sdr.enable = true;
|
||||
|
||||
boot = {
|
||||
loader.grub = {
|
||||
enable = true;
|
||||
devices = [
|
||||
"/dev/disk/by-id/wwn-0x5001b448be78d64a"
|
||||
];
|
||||
devices = [ "/dev/disk/by-id/wwn-0x5001b448be78d64a" ];
|
||||
};
|
||||
kernelPackages = pkgs.linuxPackages_latest;
|
||||
};
|
||||
@ -69,7 +63,11 @@ in
|
||||
|
||||
windowManager.xmonad = {
|
||||
enable = true;
|
||||
extraPackages = haskellPackages: with haskellPackages; [ xmonad-contrib hostname ];
|
||||
extraPackages =
|
||||
haskellPackages: with haskellPackages; [
|
||||
xmonad-contrib
|
||||
hostname
|
||||
];
|
||||
config = builtins.readFile ./xmonad.hs;
|
||||
};
|
||||
};
|
||||
@ -77,10 +75,16 @@ in
|
||||
|
||||
users = {
|
||||
users = {
|
||||
root = { openssh.authorizedKeys.keys = pubKeys; };
|
||||
root = {
|
||||
openssh.authorizedKeys.keys = pubKeys;
|
||||
};
|
||||
qbit = {
|
||||
openssh.authorizedKeys.keys = pubKeys;
|
||||
extraGroups = [ "dialout" "libvirtd" "plugdev" ];
|
||||
extraGroups = [
|
||||
"dialout"
|
||||
"libvirtd"
|
||||
"plugdev"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -1,28 +1,35 @@
|
||||
{ config, lib, modulesPath, ... }:
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
modulesPath,
|
||||
...
|
||||
}:
|
||||
|
||||
{
|
||||
imports =
|
||||
[
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||
|
||||
boot = {
|
||||
initrd = {
|
||||
availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "usb_storage" "ums_realtek" "sd_mod" ];
|
||||
availableKernelModules = [
|
||||
"uhci_hcd"
|
||||
"ehci_pci"
|
||||
"ahci"
|
||||
"usb_storage"
|
||||
"ums_realtek"
|
||||
"sd_mod"
|
||||
];
|
||||
kernelModules = [ ];
|
||||
};
|
||||
kernelModules = [ ];
|
||||
extraModulePackages = [ ];
|
||||
};
|
||||
|
||||
fileSystems."/" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/d97f80ac-63fe-43d3-a3f5-3c385a41a068";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/d97f80ac-63fe-43d3-a3f5-3c385a41a068";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[{ device = "/dev/disk/by-uuid/b70a6cac-996e-4a05-a3d0-17c7acf90f08"; }];
|
||||
swapDevices = [ { device = "/dev/disk/by-uuid/b70a6cac-996e-4a05-a3d0-17c7acf90f08"; } ];
|
||||
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
|
||||
|
@ -1,9 +1,10 @@
|
||||
{ inputs
|
||||
, config
|
||||
, pkgs
|
||||
, lib
|
||||
, xinlib
|
||||
, ...
|
||||
{
|
||||
inputs,
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
xinlib,
|
||||
...
|
||||
}:
|
||||
let
|
||||
inherit (inputs.stable.legacyPackages.${pkgs.system}) chirp beets;
|
||||
@ -13,21 +14,25 @@ let
|
||||
# doomPrivateDir = ../../configs/doom.d;
|
||||
#};
|
||||
peerixUser =
|
||||
if builtins.hasAttr "peerix" config.users.users
|
||||
then config.users.users.peerix.name
|
||||
else "root";
|
||||
if builtins.hasAttr "peerix" config.users.users then config.users.users.peerix.name else "root";
|
||||
jobs = [
|
||||
{
|
||||
name = "brain";
|
||||
script = "cd ~/Brain && git sync";
|
||||
startAt = "*:0/2";
|
||||
path = [ pkgs.git pkgs.git-sync ];
|
||||
path = [
|
||||
pkgs.git
|
||||
pkgs.git-sync
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "org";
|
||||
script = "(cd ~/org && git sync)";
|
||||
startAt = "*:0/5";
|
||||
path = [ pkgs.git pkgs.git-sync ];
|
||||
path = [
|
||||
pkgs.git
|
||||
pkgs.git-sync
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "taskobs";
|
||||
@ -40,7 +45,10 @@ in
|
||||
{
|
||||
_module.args.isUnstable = true;
|
||||
|
||||
imports = [ ./hardware-configuration.nix ../../pkgs ];
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
../../pkgs
|
||||
];
|
||||
|
||||
sops.secrets = {
|
||||
fastmail = {
|
||||
@ -107,7 +115,10 @@ in
|
||||
};
|
||||
|
||||
boot = {
|
||||
binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ];
|
||||
binfmt.emulatedSystems = [
|
||||
"aarch64-linux"
|
||||
"riscv64-linux"
|
||||
];
|
||||
initrd.systemd.enable = true;
|
||||
loader = {
|
||||
systemd-boot.enable = true;
|
||||
@ -116,9 +127,7 @@ in
|
||||
efiSysMountPoint = "/boot/efi";
|
||||
};
|
||||
};
|
||||
kernelParams = [
|
||||
"boot.shell_on_fail"
|
||||
];
|
||||
kernelParams = [ "boot.shell_on_fail" ];
|
||||
kernelPackages = pkgs.linuxPackages_latest;
|
||||
};
|
||||
|
||||
@ -145,14 +154,21 @@ in
|
||||
firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [ 22 ];
|
||||
interfaces = { "tailscale0" = { allowedTCPPorts = [ 8384 ]; }; };
|
||||
interfaces = {
|
||||
"tailscale0" = {
|
||||
allowedTCPPorts = [ 8384 ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
tsPeerix = {
|
||||
enable = false;
|
||||
privateKeyFile = "${config.sops.secrets.peerix_private_key.path}";
|
||||
interfaces = [ "wlp170s0" "ztksevmpn3" ];
|
||||
interfaces = [
|
||||
"wlp170s0"
|
||||
"ztksevmpn3"
|
||||
];
|
||||
};
|
||||
|
||||
programs = {
|
||||
@ -175,7 +191,9 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
services.xinCA = { enable = false; };
|
||||
services.xinCA = {
|
||||
enable = false;
|
||||
};
|
||||
|
||||
services = {
|
||||
power-profiles-daemon.enable = false;
|
||||
@ -222,9 +240,16 @@ in
|
||||
repositoryFile = "${config.sops.secrets.restic_remote_repo_file.path}";
|
||||
#repository = "https://europa@backup.bold.daemon:8484/";
|
||||
|
||||
paths = [ "/home/qbit" "/var/lib/libvirt" ];
|
||||
paths = [
|
||||
"/home/qbit"
|
||||
"/var/lib/libvirt"
|
||||
];
|
||||
|
||||
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-yearly 4" ];
|
||||
pruneOpts = [
|
||||
"--keep-daily 7"
|
||||
"--keep-weekly 5"
|
||||
"--keep-yearly 4"
|
||||
];
|
||||
};
|
||||
local = {
|
||||
initialize = true;
|
||||
@ -232,9 +257,16 @@ in
|
||||
environmentFile = "${config.sops.secrets.restic_env_file.path}";
|
||||
passwordFile = "${config.sops.secrets.restic_password_file.path}";
|
||||
|
||||
paths = [ "/home/qbit" "/var/lib/libvirt" ];
|
||||
paths = [
|
||||
"/home/qbit"
|
||||
"/var/lib/libvirt"
|
||||
];
|
||||
|
||||
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-yearly 5" ];
|
||||
pruneOpts = [
|
||||
"--keep-daily 7"
|
||||
"--keep-weekly 5"
|
||||
"--keep-yearly 5"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
@ -280,8 +312,7 @@ in
|
||||
];
|
||||
|
||||
systemd = {
|
||||
user.services =
|
||||
lib.listToAttrs (builtins.map jobToUserService jobs);
|
||||
user.services = lib.listToAttrs (builtins.map jobToUserService jobs);
|
||||
services = {
|
||||
"whytailscalewhy" = {
|
||||
description = "Tailscale restart on resume";
|
||||
@ -305,7 +336,9 @@ in
|
||||
];
|
||||
|
||||
environment = {
|
||||
etc."barrier.conf" = { text = readFile ../../configs/barrier.conf; };
|
||||
etc."barrier.conf" = {
|
||||
text = readFile ../../configs/barrier.conf;
|
||||
};
|
||||
sessionVariables = {
|
||||
XDG_BIN_HOME = "\${HOME}/.local/bin";
|
||||
XDG_CACHE_HOME = "\${HOME}/.cache";
|
||||
@ -377,8 +410,7 @@ in
|
||||
(callPackage ../../pkgs/ttfs.nix { })
|
||||
(callPackage ../../pkgs/kobuddy.nix {
|
||||
inherit pkgs;
|
||||
inherit
|
||||
(pkgs.python39Packages)
|
||||
inherit (pkgs.python39Packages)
|
||||
buildPythonPackage
|
||||
fetchPypi
|
||||
setuptools-scm
|
||||
|
@ -1,12 +1,17 @@
|
||||
{ lib
|
||||
, modulesPath
|
||||
, ...
|
||||
}: {
|
||||
{ lib, modulesPath, ... }:
|
||||
{
|
||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||
|
||||
boot = {
|
||||
initrd = {
|
||||
availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" ];
|
||||
availableKernelModules = [
|
||||
"xhci_pci"
|
||||
"thunderbolt"
|
||||
"nvme"
|
||||
"usb_storage"
|
||||
"usbhid"
|
||||
"sd_mod"
|
||||
];
|
||||
kernelModules = [ ];
|
||||
};
|
||||
kernelModules = [ "kvm-intel" ];
|
||||
@ -27,14 +32,16 @@
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."luks-1f16b568-7726-44b6-b082-6b9d5e4d1972".device = "/dev/disk/by-uuid/1f16b568-7726-44b6-b082-6b9d5e4d1972";
|
||||
boot.initrd.luks.devices."luks-1f16b568-7726-44b6-b082-6b9d5e4d1972".crypttabExtraOpts = [ "fido2-device=auto" ];
|
||||
boot.initrd.luks.devices."luks-1f16b568-7726-44b6-b082-6b9d5e4d1972".crypttabExtraOpts = [
|
||||
"fido2-device=auto"
|
||||
];
|
||||
|
||||
fileSystems."/boot/efi" = {
|
||||
device = "/dev/disk/by-uuid/F0A2-4A56";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
|
||||
swapDevices = [ { device = "/dev/disk/by-label/swap"; } ];
|
||||
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
hardware = {
|
||||
|
@ -30,10 +30,16 @@ in
|
||||
interfaces.enp2s0.useDHCP = true;
|
||||
|
||||
firewall = {
|
||||
allowedTCPPorts = [ 22 53 config.services.prometheus.exporters.node.port ];
|
||||
allowedTCPPorts = [
|
||||
22
|
||||
53
|
||||
config.services.prometheus.exporters.node.port
|
||||
];
|
||||
allowedUDPPorts = [ 53 ];
|
||||
};
|
||||
hosts = { "100.74.8.55" = [ "nix-binary-cache.otter-alligator.ts.net" ]; };
|
||||
hosts = {
|
||||
"100.74.8.55" = [ "nix-binary-cache.otter-alligator.ts.net" ];
|
||||
};
|
||||
};
|
||||
|
||||
users.users = {
|
||||
|
@ -1,11 +1,13 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config
|
||||
, lib
|
||||
, modulesPath
|
||||
, ...
|
||||
}: {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
modulesPath,
|
||||
...
|
||||
}:
|
||||
{
|
||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||
|
||||
boot = {
|
||||
@ -73,6 +75,5 @@
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
hardware.cpu.intel.updateMicrocode =
|
||||
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
||||
|
@ -1,28 +1,31 @@
|
||||
{ config
|
||||
, pkgs
|
||||
, isUnstable
|
||||
, inputs
|
||||
, ...
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
isUnstable,
|
||||
inputs,
|
||||
...
|
||||
}:
|
||||
with pkgs; let
|
||||
with pkgs;
|
||||
let
|
||||
gqrss = callPackage ../../pkgs/gqrss.nix { inherit isUnstable; };
|
||||
icbirc = callPackage ../../pkgs/icbirc.nix { inherit isUnstable; };
|
||||
mcchunkie = callPackage ../../pkgs/mcchunkie.nix { inherit isUnstable; };
|
||||
slidingSyncPkg = callPackage ../../pkgs/sliding-sync.nix { };
|
||||
weepushover =
|
||||
python3Packages.callPackage ../../pkgs/weepushover.nix { inherit pkgs; };
|
||||
weepushover = python3Packages.callPackage ../../pkgs/weepushover.nix { inherit pkgs; };
|
||||
pgBackupDir = "/var/backups/postgresql";
|
||||
pubKeys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
|
||||
];
|
||||
userBase = { openssh.authorizedKeys.keys = pubKeys; };
|
||||
icbIrcTunnel =
|
||||
pkgs.writeScriptBin "icb-irc-tunnel"
|
||||
(import ../../bins/icb-irc-tunnel.nix {
|
||||
inherit pkgs;
|
||||
inherit icbirc;
|
||||
});
|
||||
userBase = {
|
||||
openssh.authorizedKeys.keys = pubKeys;
|
||||
};
|
||||
icbIrcTunnel = pkgs.writeScriptBin "icb-irc-tunnel" (
|
||||
import ../../bins/icb-irc-tunnel.nix {
|
||||
inherit pkgs;
|
||||
inherit icbirc;
|
||||
}
|
||||
);
|
||||
goModuleHost = "https://codeberg.org/qbit"; # "https://git.sr.ht/~qbit";
|
||||
httpAllow = ''
|
||||
allow 10.6.0.0/24;
|
||||
@ -38,18 +41,20 @@ with pkgs; let
|
||||
matrixServer = "tapenet.org";
|
||||
matrixClientConfig = {
|
||||
"m.homeserver".base_url = "https://${matrixServer}:443";
|
||||
"org.matrix.msc3575.proxy" = { url = "https://${matrixServer}"; };
|
||||
"org.matrix.msc3575.proxy" = {
|
||||
url = "https://${matrixServer}";
|
||||
};
|
||||
};
|
||||
matrixServerConfig = {
|
||||
"m.server" = "${matrixServer}:443";
|
||||
};
|
||||
matrixServerConfig = { "m.server" = "${matrixServer}:443"; };
|
||||
mkMatrixWellKnown = p: ''
|
||||
return 200 '${builtins.toJSON p}';
|
||||
'';
|
||||
|
||||
mkMatrixSliderLoc = {
|
||||
proxyWebsockets = true;
|
||||
proxyPass = "http://${config.services.sliding-sync.address}:${
|
||||
toString config.services.sliding-sync.port
|
||||
}";
|
||||
proxyPass = "http://${config.services.sliding-sync.address}:${toString config.services.sliding-sync.port}";
|
||||
};
|
||||
mkMatrixLoc = {
|
||||
proxyWebsockets = true;
|
||||
@ -58,9 +63,7 @@ with pkgs; let
|
||||
in
|
||||
{
|
||||
_module.args.isUnstable = false;
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
imports = [ ./hardware-configuration.nix ];
|
||||
|
||||
boot = {
|
||||
loader.grub = {
|
||||
@ -84,9 +87,14 @@ in
|
||||
nixpkgs.overlays = [
|
||||
(_: super: {
|
||||
weechat = super.weechat.override {
|
||||
configure = { ... }: {
|
||||
scripts = with super.weechatScripts; [ highmon weepushover ];
|
||||
};
|
||||
configure =
|
||||
{ ... }:
|
||||
{
|
||||
scripts = with super.weechatScripts; [
|
||||
highmon
|
||||
weepushover
|
||||
];
|
||||
};
|
||||
};
|
||||
})
|
||||
];
|
||||
@ -140,7 +148,9 @@ in
|
||||
sopsFile = config.xin-secrets.h.services;
|
||||
owner = config.users.users.gostart.name;
|
||||
};
|
||||
wireguard_private_key = { sopsFile = config.xin-secrets.h.services; };
|
||||
wireguard_private_key = {
|
||||
sopsFile = config.xin-secrets.h.services;
|
||||
};
|
||||
pots_env_file = {
|
||||
owner = config.users.users.pots.name;
|
||||
mode = "400";
|
||||
@ -212,8 +222,21 @@ in
|
||||
};
|
||||
|
||||
firewall = {
|
||||
interfaces = { "tailscale0" = { allowedTCPPorts = [ 9002 config.services.shiori.port ]; }; };
|
||||
allowedTCPPorts = [ 22 80 443 2222 53589 ];
|
||||
interfaces = {
|
||||
"tailscale0" = {
|
||||
allowedTCPPorts = [
|
||||
9002
|
||||
config.services.shiori.port
|
||||
];
|
||||
};
|
||||
};
|
||||
allowedTCPPorts = [
|
||||
22
|
||||
80
|
||||
443
|
||||
2222
|
||||
53589
|
||||
];
|
||||
allowedUDPPorts = [ 7122 ];
|
||||
allowedUDPPortRanges = [
|
||||
{
|
||||
@ -281,7 +304,10 @@ in
|
||||
matrix-synapse.after = [ "icbirc.service" ];
|
||||
icb-tunnel = {
|
||||
wantedBy = [ "network.target" ];
|
||||
after = [ "network.target" "multi-user.target" ];
|
||||
after = [
|
||||
"network.target"
|
||||
"multi-user.target"
|
||||
];
|
||||
serviceConfig = {
|
||||
User = "qbit";
|
||||
WorkingDirectory = "/home/qbit";
|
||||
@ -314,7 +340,10 @@ in
|
||||
loginAccounts = {
|
||||
"qbit@suah.dev" = {
|
||||
hashedPasswordFile = "${config.sops.secrets.qbit_at_suah_pass_file.path}";
|
||||
aliases = [ "postmaster@suah.dev" "aaron@suah.dev" ];
|
||||
aliases = [
|
||||
"postmaster@suah.dev"
|
||||
"aaron@suah.dev"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
@ -380,7 +409,9 @@ in
|
||||
enable = true;
|
||||
envFile = "${config.sops.secrets.pots_env_file.path}";
|
||||
};
|
||||
pr-status = { enable = true; };
|
||||
pr-status = {
|
||||
enable = true;
|
||||
};
|
||||
gostart = {
|
||||
enable = true;
|
||||
keyPath = "${config.sops.secrets.gostart.path}";
|
||||
@ -419,7 +450,10 @@ in
|
||||
protocol = "https";
|
||||
storage-backend = "local";
|
||||
storage-local-base-path = "/var/lib/gotosocial";
|
||||
trusted-proxies = [ "127.0.0.1/32" "23.29.118.0/24" ];
|
||||
trusted-proxies = [
|
||||
"127.0.0.1/32"
|
||||
"23.29.118.0/24"
|
||||
];
|
||||
web-template-base-dir = "${config.services.gotosocial.package}/assets/web/template/";
|
||||
web-asset-base-dir = "${config.services.gotosocial.package}/assets/web/assets/";
|
||||
};
|
||||
@ -431,8 +465,10 @@ in
|
||||
http_listen_port = 3031;
|
||||
grpc_listen_port = 0;
|
||||
};
|
||||
positions = { filename = "/tmp/positions.yaml"; };
|
||||
clients = [{ url = "http://box.otter-alligator.ts.net:3030/loki/api/v1/push"; }];
|
||||
positions = {
|
||||
filename = "/tmp/positions.yaml";
|
||||
};
|
||||
clients = [ { url = "http://box.otter-alligator.ts.net:3030/loki/api/v1/push"; } ];
|
||||
scrape_configs = [
|
||||
{
|
||||
job_name = "journal";
|
||||
@ -476,8 +512,7 @@ in
|
||||
cron = {
|
||||
enable = true;
|
||||
systemCronJobs = [
|
||||
''
|
||||
@hourly qbit (export GH_AUTH_TOKEN=$(cat /run/secrets/gqrss_token); cd /var/www/suah.dev/rss; ${gqrss}/bin/gqrss ; ${gqrss}/bin/gqrss -search "LibreSSL" -prefix libressl_ ) >/dev/null 2>&1''
|
||||
''@hourly qbit (export GH_AUTH_TOKEN=$(cat /run/secrets/gqrss_token); cd /var/www/suah.dev/rss; ${gqrss}/bin/gqrss ; ${gqrss}/bin/gqrss -search "LibreSSL" -prefix libressl_ ) >/dev/null 2>&1''
|
||||
];
|
||||
};
|
||||
|
||||
@ -504,9 +539,15 @@ in
|
||||
"/var/dkim"
|
||||
];
|
||||
|
||||
timerConfig = { OnCalendar = "00:05"; };
|
||||
timerConfig = {
|
||||
OnCalendar = "00:05";
|
||||
};
|
||||
|
||||
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-yearly 10" ];
|
||||
pruneOpts = [
|
||||
"--keep-daily 7"
|
||||
"--keep-weekly 5"
|
||||
"--keep-yearly 10"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
@ -548,7 +589,11 @@ in
|
||||
'';
|
||||
|
||||
upstreams = {
|
||||
"ssh_gitea" = { servers = { "192.168.112.4:2222" = { }; }; };
|
||||
"ssh_gitea" = {
|
||||
servers = {
|
||||
"192.168.112.4:2222" = { };
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
streamConfig = ''
|
||||
@ -574,7 +619,6 @@ in
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
root = "/var/www/bolddaemon.com";
|
||||
|
||||
};
|
||||
"notes.suah.dev" = {
|
||||
forceSSL = true;
|
||||
@ -753,27 +797,26 @@ in
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
extraConfig =
|
||||
if config.services.gotosocial.package.version == "0.7.1"
|
||||
then ''
|
||||
# TODO: This can be removed next release
|
||||
# https://github.com/superseriousbusiness/gotosocial/issues/1419
|
||||
# Workaround for missing API + Ice Cubes
|
||||
location ~ ^/api/v1/accounts/[0-9A-Z]+/featured_tags {
|
||||
default_type application/json;
|
||||
return 200 '[]';
|
||||
}
|
||||
''
|
||||
else "";
|
||||
if config.services.gotosocial.package.version == "0.7.1" then
|
||||
''
|
||||
# TODO: This can be removed next release
|
||||
# https://github.com/superseriousbusiness/gotosocial/issues/1419
|
||||
# Workaround for missing API + Ice Cubes
|
||||
location ~ ^/api/v1/accounts/[0-9A-Z]+/featured_tags {
|
||||
default_type application/json;
|
||||
return 200 '[]';
|
||||
}
|
||||
''
|
||||
else
|
||||
"";
|
||||
locations."/" = {
|
||||
extraConfig = ''
|
||||
proxy_pass http://127.0.0.1:${
|
||||
toString config.services.gotosocial.configuration.port
|
||||
};
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_pass http://127.0.0.1:${toString config.services.gotosocial.configuration.port};
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
'';
|
||||
};
|
||||
};
|
||||
@ -788,65 +831,64 @@ in
|
||||
root = "/var/www/rss.bolddaemon.com";
|
||||
locations."/" = {
|
||||
proxyWebsockets = true;
|
||||
proxyPass = "http://${config.services.yarr.address}:${
|
||||
toString config.services.yarr.port
|
||||
}";
|
||||
proxyPass = "http://${config.services.yarr.address}:${toString config.services.yarr.port}";
|
||||
};
|
||||
};
|
||||
"tapenet.org" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
root = "/var/www/tapenet.org";
|
||||
locations = {
|
||||
"/.well-known/webfinger" = {
|
||||
extraConfig = ''
|
||||
default_type 'application/json';
|
||||
locations =
|
||||
{
|
||||
"/.well-known/webfinger" = {
|
||||
extraConfig = ''
|
||||
default_type 'application/json';
|
||||
|
||||
content_by_lua_block {
|
||||
local acct = ngx.unescape_uri(ngx.var.arg_resource)
|
||||
local json = '${builtins.toJSON {
|
||||
subject = "%s";
|
||||
links = [
|
||||
{
|
||||
rel = "http://openid.net/specs/connect/1.0/issuer";
|
||||
href = "https://git.tapenet.org/";
|
||||
content_by_lua_block {
|
||||
local acct = ngx.unescape_uri(ngx.var.arg_resource)
|
||||
local json = '${
|
||||
builtins.toJSON {
|
||||
subject = "%s";
|
||||
links = [
|
||||
{
|
||||
rel = "http://openid.net/specs/connect/1.0/issuer";
|
||||
href = "https://git.tapenet.org/";
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
}}';
|
||||
local newjson, n, err = ngx.re.sub(json, "%s", acct)
|
||||
if not err then
|
||||
ngx.say(newjson)
|
||||
else
|
||||
ngx.say("")
|
||||
end
|
||||
return
|
||||
}';
|
||||
local newjson, n, err = ngx.re.sub(json, "%s", acct)
|
||||
if not err then
|
||||
ngx.say(newjson)
|
||||
else
|
||||
ngx.say("")
|
||||
end
|
||||
return
|
||||
}
|
||||
'';
|
||||
};
|
||||
}
|
||||
// (
|
||||
if config.services.sliding-sync.enable then
|
||||
{
|
||||
"/.well-known/matrix/client".extraConfig = mkMatrixWellKnown matrixClientConfig;
|
||||
"/.well-known/matrix/server".extraConfig = mkMatrixWellKnown matrixServerConfig;
|
||||
|
||||
"/client" = mkMatrixSliderLoc;
|
||||
"/_matrix/client/unstable/org.matrix.msc3575/sync" = mkMatrixSliderLoc;
|
||||
|
||||
"/_matrix" = mkMatrixLoc;
|
||||
"/_synapse/client" = mkMatrixLoc;
|
||||
}
|
||||
'';
|
||||
};
|
||||
}
|
||||
// (if config.services.sliding-sync.enable
|
||||
then {
|
||||
"/.well-known/matrix/client".extraConfig =
|
||||
mkMatrixWellKnown matrixClientConfig;
|
||||
"/.well-known/matrix/server".extraConfig =
|
||||
mkMatrixWellKnown matrixServerConfig;
|
||||
else
|
||||
{
|
||||
"/.well-known/matrix/client".extraConfig = mkMatrixWellKnown matrixClientConfig;
|
||||
"/.well-known/matrix/server".extraConfig = mkMatrixWellKnown matrixServerConfig;
|
||||
|
||||
"/client" = mkMatrixSliderLoc;
|
||||
"/_matrix/client/unstable/org.matrix.msc3575/sync" =
|
||||
mkMatrixSliderLoc;
|
||||
|
||||
"/_matrix" = mkMatrixLoc;
|
||||
"/_synapse/client" = mkMatrixLoc;
|
||||
}
|
||||
else {
|
||||
"/.well-known/matrix/client".extraConfig =
|
||||
mkMatrixWellKnown matrixClientConfig;
|
||||
"/.well-known/matrix/server".extraConfig =
|
||||
mkMatrixWellKnown matrixServerConfig;
|
||||
|
||||
"/_matrix" = mkMatrixLoc;
|
||||
"/_synapse/client" = mkMatrixLoc;
|
||||
});
|
||||
"/_matrix" = mkMatrixLoc;
|
||||
"/_synapse/client" = mkMatrixLoc;
|
||||
}
|
||||
);
|
||||
};
|
||||
};
|
||||
};
|
||||
@ -876,11 +918,14 @@ in
|
||||
LC_COLLATE = "C"
|
||||
LC_CTYPE = "C";
|
||||
'';
|
||||
ensureDatabases = [ "synapse" "gotosocial" "syncv3" "wallabag" ];
|
||||
ensureDatabases = [
|
||||
"synapse"
|
||||
"gotosocial"
|
||||
"syncv3"
|
||||
"wallabag"
|
||||
];
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "synapse_user";
|
||||
}
|
||||
{ name = "synapse_user"; }
|
||||
{
|
||||
name = "gotosocial";
|
||||
ensureDBOwnership = true;
|
||||
@ -953,9 +998,7 @@ in
|
||||
signing_key_path = "${config.sops.secrets.synapse_signing_key.path}";
|
||||
url_preview_enabled = false;
|
||||
plugins = with config.services.matrix-synapse.package.plugins; [ matrix-synapse-mjolnir-antispam ];
|
||||
app_service_config_files = [
|
||||
"/var/lib/heisenbridge/registration.yml"
|
||||
];
|
||||
app_service_config_files = [ "/var/lib/heisenbridge/registration.yml" ];
|
||||
database = {
|
||||
name = "psycopg2";
|
||||
args = {
|
||||
@ -986,6 +1029,5 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
system.stateVersion = "22.11";
|
||||
}
|
||||
|
@ -1,16 +1,23 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config
|
||||
, lib
|
||||
, modulesPath
|
||||
, ...
|
||||
}: {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
modulesPath,
|
||||
...
|
||||
}:
|
||||
{
|
||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||
|
||||
boot = {
|
||||
initrd = {
|
||||
availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" ];
|
||||
availableKernelModules = [
|
||||
"ahci"
|
||||
"xhci_pci"
|
||||
"virtio_pci"
|
||||
"sd_mod"
|
||||
];
|
||||
kernelModules = [ ];
|
||||
};
|
||||
kernelModules = [ "wireguard" ];
|
||||
@ -22,8 +29,7 @@
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
swapDevices = [{ device = "/dev/disk/by-uuid/610a3dbc-59d5-4e5b-b5de-b31402135d44"; }];
|
||||
swapDevices = [ { device = "/dev/disk/by-uuid/610a3dbc-59d5-4e5b-b5de-b31402135d44"; } ];
|
||||
|
||||
hardware.cpu.intel.updateMicrocode =
|
||||
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
||||
|
@ -4,7 +4,9 @@ let
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPMaAm4rDxyU975Z54YiNw3itC2fGc3SaE2VaS1fai8 root@box"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq"
|
||||
];
|
||||
userBase = { openssh.authorizedKeys.keys = pubKeys; };
|
||||
userBase = {
|
||||
openssh.authorizedKeys.keys = pubKeys;
|
||||
};
|
||||
in
|
||||
{
|
||||
_module.args.isUnstable = false;
|
||||
|
@ -1,8 +1,10 @@
|
||||
{ config
|
||||
, lib
|
||||
, modulesPath
|
||||
, ...
|
||||
}: {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
modulesPath,
|
||||
...
|
||||
}:
|
||||
{
|
||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||
|
||||
boot = {
|
||||
@ -28,7 +30,7 @@
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
swapDevices = [{ device = "/dev/disk/by-uuid/53f8fb0f-1fd8-4785-9278-343b525a23be"; }];
|
||||
swapDevices = [ { device = "/dev/disk/by-uuid/53f8fb0f-1fd8-4785-9278-343b525a23be"; } ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
@ -40,6 +42,5 @@
|
||||
# networking.interfaces.eno3.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eno4.useDHCP = lib.mkDefault true;
|
||||
|
||||
hardware.cpu.intel.updateMicrocode =
|
||||
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
||||
|
@ -1,7 +1,8 @@
|
||||
{ config
|
||||
, pkgs
|
||||
, lib
|
||||
, ...
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
let
|
||||
pubKeys = [
|
||||
@ -17,7 +18,10 @@ in
|
||||
imports = [ ./hardware-configuration.nix ];
|
||||
|
||||
boot = {
|
||||
initrd.availableKernelModules = [ "usbhid" "usb_storage" ];
|
||||
initrd.availableKernelModules = [
|
||||
"usbhid"
|
||||
"usb_storage"
|
||||
];
|
||||
kernelPackages = pkgs.linuxPackages_latest;
|
||||
kernelModules = [ "raspberrypi_ts" ];
|
||||
loader = {
|
||||
@ -28,13 +32,17 @@ in
|
||||
|
||||
networking = {
|
||||
hostName = "octo";
|
||||
networkmanager = { enable = true; };
|
||||
networkmanager = {
|
||||
enable = true;
|
||||
};
|
||||
wireless.userControlled.enable = true;
|
||||
};
|
||||
|
||||
preDNS.enable = false;
|
||||
systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart =
|
||||
lib.mkForce [ "" "${pkgs.networkmanager}/bin/nm-online -q" ];
|
||||
systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart = lib.mkForce [
|
||||
""
|
||||
"${pkgs.networkmanager}/bin/nm-online -q"
|
||||
];
|
||||
|
||||
users.users = {
|
||||
root = userBase;
|
||||
|
@ -1,4 +1,5 @@
|
||||
{ ... }: {
|
||||
{ ... }:
|
||||
{
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/disk/by-label/NIXOS_SD";
|
||||
|
@ -1,6 +1,4 @@
|
||||
{ pkgs
|
||||
, ...
|
||||
}:
|
||||
{ pkgs, ... }:
|
||||
let
|
||||
pubKeys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
|
||||
@ -8,9 +6,7 @@ let
|
||||
in
|
||||
{
|
||||
_module.args.isUnstable = true;
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
imports = [ ./hardware-configuration.nix ];
|
||||
|
||||
hardware = {
|
||||
rtl-sdr.enable = true;
|
||||
@ -32,7 +28,10 @@ in
|
||||
"video=DSI-1:panel_orientation=right_side_up"
|
||||
];
|
||||
|
||||
kernelModules = [ "btusb" "kvm-intel" ];
|
||||
kernelModules = [
|
||||
"btusb"
|
||||
"kvm-intel"
|
||||
];
|
||||
|
||||
initrd = {
|
||||
kernelModules = [
|
||||
@ -53,7 +52,6 @@ in
|
||||
"rtsx_pci_sdmmc"
|
||||
];
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
nixpkgs.config.allowUnsupportedSystem = true;
|
||||
@ -85,13 +83,15 @@ in
|
||||
services = {
|
||||
xserver = {
|
||||
dpi = 200;
|
||||
xrandrHeads = [{
|
||||
output = "DSI-1";
|
||||
primary = true;
|
||||
monitorConfig = ''
|
||||
Option "Rotate" "right"
|
||||
'';
|
||||
}];
|
||||
xrandrHeads = [
|
||||
{
|
||||
output = "DSI-1";
|
||||
primary = true;
|
||||
monitorConfig = ''
|
||||
Option "Rotate" "right"
|
||||
'';
|
||||
}
|
||||
];
|
||||
};
|
||||
power-profiles-daemon.enable = false;
|
||||
tlp = {
|
||||
@ -110,10 +110,16 @@ in
|
||||
|
||||
users = {
|
||||
users = {
|
||||
root = { openssh.authorizedKeys.keys = pubKeys; };
|
||||
root = {
|
||||
openssh.authorizedKeys.keys = pubKeys;
|
||||
};
|
||||
qbit = {
|
||||
openssh.authorizedKeys.keys = pubKeys;
|
||||
extraGroups = [ "dialout" "libvirtd" "plugdev" ];
|
||||
extraGroups = [
|
||||
"dialout"
|
||||
"libvirtd"
|
||||
"plugdev"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -1,35 +1,42 @@
|
||||
{ config, lib, modulesPath, ... }:
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
modulesPath,
|
||||
...
|
||||
}:
|
||||
|
||||
{
|
||||
imports =
|
||||
[
|
||||
(modulesPath + "/hardware/network/broadcom-43xx.nix")
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
imports = [
|
||||
(modulesPath + "/hardware/network/broadcom-43xx.nix")
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot = {
|
||||
initrd = {
|
||||
availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi" ];
|
||||
availableKernelModules = [
|
||||
"xhci_pci"
|
||||
"usbhid"
|
||||
"usb_storage"
|
||||
"sd_mod"
|
||||
"sdhci_acpi"
|
||||
];
|
||||
kernelModules = [ ];
|
||||
};
|
||||
kernelModules = [ "kvm-intel" ];
|
||||
extraModulePackages = [ ];
|
||||
};
|
||||
|
||||
fileSystems."/" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/aa1b622f-2bce-4c7d-b344-8d11a73d738a";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/aa1b622f-2bce-4c7d-b344-8d11a73d738a";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/03B6-6D57";
|
||||
fsType = "vfat";
|
||||
};
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/03B6-6D57";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[{ device = "/dev/disk/by-uuid/34eac254-010b-4759-a868-08e68d22a69c"; }];
|
||||
swapDevices = [ { device = "/dev/disk/by-uuid/34eac254-010b-4759-a868-08e68d22a69c"; } ];
|
||||
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
|
||||
|
@ -1,16 +1,20 @@
|
||||
{ pkgs
|
||||
, lib
|
||||
, isUnstable
|
||||
, ...
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
isUnstable,
|
||||
...
|
||||
}:
|
||||
let
|
||||
secretAgent = "Contents/Library/LoginItems/SecretAgent.app/Contents/MacOS/SecretAgent";
|
||||
rage =
|
||||
pkgs.writeScriptBin "rage" (import ../../bins/rage.nix { inherit pkgs; });
|
||||
rage = pkgs.writeScriptBin "rage" (import ../../bins/rage.nix { inherit pkgs; });
|
||||
in
|
||||
{
|
||||
_module.args.isUnstable = false;
|
||||
imports = [ ../../configs/tmux.nix ../../configs/zsh.nix ../../bins ];
|
||||
imports = [
|
||||
../../configs/tmux.nix
|
||||
../../configs/zsh.nix
|
||||
../../bins
|
||||
];
|
||||
|
||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
|
||||
@ -59,10 +63,7 @@ in
|
||||
|
||||
nixpkgs.config = {
|
||||
allowUnfree = true;
|
||||
allowUnfreePredicate = pkg:
|
||||
builtins.elm (lib.getName pkg) [
|
||||
"obsidian"
|
||||
];
|
||||
allowUnfreePredicate = pkg: builtins.elm (lib.getName pkg) [ "obsidian" ];
|
||||
};
|
||||
|
||||
environment.variables = {
|
||||
|
@ -1,7 +1,4 @@
|
||||
{ pkgs
|
||||
, config
|
||||
, ...
|
||||
}:
|
||||
{ pkgs, config, ... }:
|
||||
let
|
||||
#myEmacs = pkgs.callPackage ../../configs/emacs.nix { };
|
||||
pubKeys = [
|
||||
@ -10,9 +7,7 @@ let
|
||||
in
|
||||
{
|
||||
_module.args.isUnstable = false;
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
imports = [ ./hardware-configuration.nix ];
|
||||
|
||||
hardware.rtl-sdr.enable = true;
|
||||
|
||||
@ -27,7 +22,10 @@ in
|
||||
};
|
||||
kernelPackages = pkgs.linuxPackages_latest;
|
||||
|
||||
binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ];
|
||||
binfmt.emulatedSystems = [
|
||||
"aarch64-linux"
|
||||
"riscv64-linux"
|
||||
];
|
||||
};
|
||||
nixpkgs.config.allowUnsupportedSystem = true;
|
||||
|
||||
@ -135,10 +133,17 @@ in
|
||||
|
||||
users = {
|
||||
users = {
|
||||
root = { openssh.authorizedKeys.keys = pubKeys; };
|
||||
root = {
|
||||
openssh.authorizedKeys.keys = pubKeys;
|
||||
};
|
||||
qbit = {
|
||||
openssh.authorizedKeys.keys = pubKeys;
|
||||
extraGroups = [ "dialout" "libvirtd" "docker" "plugdev" ];
|
||||
extraGroups = [
|
||||
"dialout"
|
||||
"libvirtd"
|
||||
"docker"
|
||||
"plugdev"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -1,15 +1,24 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config
|
||||
, lib
|
||||
, modulesPath
|
||||
, ...
|
||||
}: {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
modulesPath,
|
||||
...
|
||||
}:
|
||||
{
|
||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||
|
||||
boot = {
|
||||
initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||
initrd.availableKernelModules = [
|
||||
"nvme"
|
||||
"xhci_pci"
|
||||
"ahci"
|
||||
"usbhid"
|
||||
"usb_storage"
|
||||
"sd_mod"
|
||||
];
|
||||
initrd.kernelModules = [ ];
|
||||
kernelModules = [ "kvm-amd" ];
|
||||
extraModulePackages = [ ];
|
||||
@ -27,7 +36,7 @@
|
||||
};
|
||||
};
|
||||
|
||||
swapDevices = [{ device = "/dev/disk/by-uuid/e14ac85b-d7b0-4a76-b9ab-a2c61fd67a5d"; }];
|
||||
swapDevices = [ { device = "/dev/disk/by-uuid/e14ac85b-d7b0-4a76-b9ab-a2c61fd67a5d"; } ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
@ -37,7 +46,6 @@
|
||||
# networking.interfaces.enp10s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.amd.updateMicrocode =
|
||||
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
# high-resolution display
|
||||
}
|
||||
|
@ -1,17 +1,17 @@
|
||||
{ config
|
||||
, pkgs
|
||||
, lib
|
||||
, ...
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
let
|
||||
inherit
|
||||
(builtins)
|
||||
inherit (builtins)
|
||||
head
|
||||
concatStringsSep
|
||||
attrValues
|
||||
mapAttrs
|
||||
attrNames
|
||||
;# hasAttr;
|
||||
; # hasAttr;
|
||||
inherit (lib.attrsets) filterAttrsRecursive filterAttrs;
|
||||
pubKeys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
|
||||
@ -22,9 +22,14 @@ let
|
||||
|
||||
wan = "enp5s0f0";
|
||||
trunk = "enp5s0f1";
|
||||
dnsServers = [ "45.90.28.147" "45.90.30.147" ];
|
||||
dnsServers = [
|
||||
"45.90.28.147"
|
||||
"45.90.30.147"
|
||||
];
|
||||
interfaces = {
|
||||
"${wan}" = { useDHCP = true; };
|
||||
"${wan}" = {
|
||||
useDHCP = true;
|
||||
};
|
||||
"${trunk}" = rec {
|
||||
ipv4.addresses = [
|
||||
{
|
||||
@ -302,7 +307,10 @@ let
|
||||
in
|
||||
{
|
||||
_module.args.isUnstable = false;
|
||||
imports = [ ./hardware-configuration.nix ../../modules/tsvnstat.nix ];
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
../../modules/tsvnstat.nix
|
||||
];
|
||||
|
||||
boot.kernel.sysctl = {
|
||||
"net.ipv4.conf.all.forwarding" = true;
|
||||
@ -464,7 +472,7 @@ in
|
||||
{
|
||||
name = "common";
|
||||
advertise = true;
|
||||
prefix = [{ prefix = "::/64"; }];
|
||||
prefix = [ { prefix = "::/64"; } ];
|
||||
}
|
||||
];
|
||||
};
|
||||
@ -478,9 +486,7 @@ in
|
||||
extraOptions = [
|
||||
"--verbose=9"
|
||||
"--trace"
|
||||
"--bind-address ${
|
||||
(head config.networking.interfaces.lab.ipv4.addresses).address
|
||||
}"
|
||||
"--bind-address ${(head config.networking.interfaces.lab.ipv4.addresses).address}"
|
||||
];
|
||||
};
|
||||
|
||||
@ -490,32 +496,45 @@ in
|
||||
option subnet-mask 255.255.255.0;
|
||||
option domain-name-servers ${concatStringsSep ", " dnsServers};
|
||||
|
||||
${concatStringsSep "\n" (attrValues (mapAttrs (intf: val: ''
|
||||
# ${intf} : ${val.info.description}
|
||||
subnet ${val.info.net} netmask ${val.info.netmask} {
|
||||
option routers ${val.info.router};
|
||||
range ${val.info.dhcp.start} ${val.info.dhcp.end};
|
||||
${concatStringsSep "\n" (
|
||||
attrValues (
|
||||
mapAttrs
|
||||
(intf: val: ''
|
||||
# ${intf} : ${val.info.description}
|
||||
subnet ${val.info.net} netmask ${val.info.netmask} {
|
||||
option routers ${val.info.router};
|
||||
range ${val.info.dhcp.start} ${val.info.dhcp.end};
|
||||
|
||||
${
|
||||
concatStringsSep "\n" (map (e: ''
|
||||
host ${e.name} {
|
||||
hardware ethernet ${e.mac};
|
||||
fixed-address ${e.address};
|
||||
${
|
||||
concatStringsSep "\n" (
|
||||
map
|
||||
(e: ''
|
||||
host ${e.name} {
|
||||
hardware ethernet ${e.mac};
|
||||
fixed-address ${e.address};
|
||||
}
|
||||
'')
|
||||
val.info.dhcp.staticIPs
|
||||
)
|
||||
}
|
||||
}
|
||||
'')
|
||||
val.info.dhcp.staticIPs)
|
||||
}
|
||||
}
|
||||
'') (filterAttrsRecursive (n: _: n != "${wan}") interfaces)))}
|
||||
(filterAttrsRecursive (n: _: n != "${wan}") interfaces)
|
||||
)
|
||||
)}
|
||||
'';
|
||||
interfaces =
|
||||
attrNames (filterAttrs (_: v: v.info.dhcp.enable)
|
||||
(filterAttrsRecursive (n: _: n != "${wan}") interfaces));
|
||||
interfaces = attrNames (
|
||||
filterAttrs (_: v: v.info.dhcp.enable) (filterAttrsRecursive (n: _: n != "${wan}") interfaces)
|
||||
);
|
||||
# TODO: Probably a better way to pre-filter the interfaces set
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [ bmon termshark tcpdump ];
|
||||
environment.systemPackages = with pkgs; [
|
||||
bmon
|
||||
termshark
|
||||
tcpdump
|
||||
];
|
||||
|
||||
users.users.root = userBase;
|
||||
users.users.qbit = userBase;
|
||||
|
@ -1,11 +1,13 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config
|
||||
, lib
|
||||
, modulesPath
|
||||
, ...
|
||||
}: {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
modulesPath,
|
||||
...
|
||||
}:
|
||||
{
|
||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||
|
||||
boot.loader.grub = {
|
||||
@ -16,10 +18,21 @@
|
||||
|
||||
boot = {
|
||||
initrd = {
|
||||
availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" ];
|
||||
availableKernelModules = [
|
||||
"ehci_pci"
|
||||
"ahci"
|
||||
"xhci_pci"
|
||||
"usb_storage"
|
||||
"usbhid"
|
||||
"sd_mod"
|
||||
];
|
||||
kernelModules = [ ];
|
||||
};
|
||||
kernelModules = [ "nf_tables" "nf_tables_ipv6" "nf_conntrack_tftp" ];
|
||||
kernelModules = [
|
||||
"nf_tables"
|
||||
"nf_tables_ipv6"
|
||||
"nf_conntrack_tftp"
|
||||
];
|
||||
extraModulePackages = [ ];
|
||||
};
|
||||
|
||||
@ -30,6 +43,5 @@
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
hardware.cpu.intel.updateMicrocode =
|
||||
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
||||
|
@ -1,7 +1,4 @@
|
||||
{ config
|
||||
, pkgs
|
||||
, ...
|
||||
}:
|
||||
{ config, pkgs, ... }:
|
||||
let
|
||||
inherit (pkgs.vscode-utils) buildVscodeMarketplaceExtension;
|
||||
testingMode = true;
|
||||
@ -16,13 +13,11 @@ let
|
||||
openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys;
|
||||
};
|
||||
peerixUser =
|
||||
if builtins.hasAttr "peerix" config.users.users
|
||||
then config.users.users.peerix.name
|
||||
else "root";
|
||||
#doom-emacs = inputs.nix-doom-emacs.packages.${pkgs.system}.default.override {
|
||||
# doomPrivateDir = ../../configs/doom.d;
|
||||
#};
|
||||
if builtins.hasAttr "peerix" config.users.users then config.users.users.peerix.name else "root";
|
||||
in
|
||||
#doom-emacs = inputs.nix-doom-emacs.packages.${pkgs.system}.default.override {
|
||||
# doomPrivateDir = ../../configs/doom.d;
|
||||
#};
|
||||
{
|
||||
_module.args.isUnstable = true;
|
||||
imports = [ ./hardware-configuration.nix ];
|
||||
@ -37,7 +32,9 @@ in
|
||||
initrd = {
|
||||
luks.devices."luks-23b20980-eb1e-4390-b706-f0f42a623ddf".device = "/dev/disk/by-uuid/23b20980-eb1e-4390-b706-f0f42a623ddf";
|
||||
luks.devices."luks-23b20980-eb1e-4390-b706-f0f42a623ddf".keyFile = "/crypto_keyfile.bin";
|
||||
secrets = { "/crypto_keyfile.bin" = null; };
|
||||
secrets = {
|
||||
"/crypto_keyfile.bin" = null;
|
||||
};
|
||||
};
|
||||
kernelParams = [ "intel_idle.max_cstate=4" ];
|
||||
kernelPackages = pkgs.linuxPackages;
|
||||
@ -101,9 +98,18 @@ in
|
||||
|
||||
hosts = {
|
||||
"172.16.30.253" = [ "proxmox-02.vm.calyptix.local" ];
|
||||
"127.0.0.1" = [ "borg.calyptix.dev" "localhost" ];
|
||||
"192.168.122.249" = [ "arst.arst" "vm" ];
|
||||
"192.168.8.194" = [ "router.arst" "router" ];
|
||||
"127.0.0.1" = [
|
||||
"borg.calyptix.dev"
|
||||
"localhost"
|
||||
];
|
||||
"192.168.122.249" = [
|
||||
"arst.arst"
|
||||
"vm"
|
||||
];
|
||||
"192.168.8.194" = [
|
||||
"router.arst"
|
||||
"router"
|
||||
];
|
||||
};
|
||||
|
||||
networkmanager.enable = true;
|
||||
@ -114,7 +120,6 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
i18n.defaultLocale = "en_US.utf8";
|
||||
|
||||
kde.enable = true;
|
||||
@ -152,14 +157,16 @@ in
|
||||
};
|
||||
|
||||
users.users.root = userBase;
|
||||
users.users.abieber =
|
||||
{
|
||||
isNormalUser = true;
|
||||
description = "Aaron Bieber";
|
||||
shell = pkgs.zsh;
|
||||
extraGroups = [ "networkmanager" "wheel" "libvirtd" ];
|
||||
}
|
||||
// userBase;
|
||||
users.users.abieber = {
|
||||
isNormalUser = true;
|
||||
description = "Aaron Bieber";
|
||||
shell = pkgs.zsh;
|
||||
extraGroups = [
|
||||
"networkmanager"
|
||||
"wheel"
|
||||
"libvirtd"
|
||||
];
|
||||
} // userBase;
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
@ -261,7 +268,10 @@ in
|
||||
tsPeerix = {
|
||||
enable = false;
|
||||
privateKeyFile = "${config.sops.secrets.peerix_private_key.path}";
|
||||
interfaces = [ "wlp170s0" "ztksevmpn3" ];
|
||||
interfaces = [
|
||||
"wlp170s0"
|
||||
"ztksevmpn3"
|
||||
];
|
||||
};
|
||||
|
||||
services = {
|
||||
@ -275,7 +285,11 @@ in
|
||||
|
||||
paths = [ "/home/abieber" ];
|
||||
|
||||
pruneOpts = [ "--keep-daily 7" "--keep-weekly 2" "--keep-monthly 2" ];
|
||||
pruneOpts = [
|
||||
"--keep-daily 7"
|
||||
"--keep-weekly 2"
|
||||
"--keep-monthly 2"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
@ -299,7 +313,6 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
system.autoUpgrade.allowReboot = false;
|
||||
system.stateVersion = "22.05"; # Did you read the comment?
|
||||
}
|
||||
|
@ -1,13 +1,21 @@
|
||||
{ pkgs
|
||||
, lib
|
||||
, modulesPath
|
||||
, ...
|
||||
}: {
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
modulesPath,
|
||||
...
|
||||
}:
|
||||
{
|
||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||
|
||||
boot = {
|
||||
initrd = {
|
||||
availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ];
|
||||
availableKernelModules = [
|
||||
"xhci_pci"
|
||||
"thunderbolt"
|
||||
"nvme"
|
||||
"usb_storage"
|
||||
"sd_mod"
|
||||
];
|
||||
kernelModules = [ ];
|
||||
luks.devices."luks-e12e4b82-6f9e-4f80-b3f4-7e9a248e7827".device = "/dev/disk/by-uuid/e12e4b82-6f9e-4f80-b3f4-7e9a248e7827";
|
||||
};
|
||||
@ -34,7 +42,8 @@
|
||||
"x-systemd.automount"
|
||||
|
||||
(builtins.replaceStrings [ " " ] [ "\\040" ]
|
||||
"ssh_command=${pkgs.openssh}/bin/ssh -F /home/abieber/.ssh/config")
|
||||
"ssh_command=${pkgs.openssh}/bin/ssh -F /home/abieber/.ssh/config"
|
||||
)
|
||||
"reconnect"
|
||||
"allow_other"
|
||||
"cache=yes"
|
||||
@ -46,8 +55,7 @@
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
swapDevices = [{ device = "/dev/disk/by-uuid/85a3b559-0c0f-485d-9107-9f6ba5ad31da"; }];
|
||||
swapDevices = [ { device = "/dev/disk/by-uuid/85a3b559-0c0f-485d-9107-9f6ba5ad31da"; } ];
|
||||
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
|
||||
|
@ -1,7 +1,8 @@
|
||||
{ config
|
||||
, pkgs
|
||||
, lib
|
||||
, ...
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
let
|
||||
pubKeys = [
|
||||
@ -22,9 +23,19 @@ in
|
||||
programs = { } // firefox.programs;
|
||||
|
||||
boot = {
|
||||
initrd.availableKernelModules = [ "usbhid" "usb_storage" "vc4" "rtc-ds3232" "rtc-ds1307" ];
|
||||
initrd.availableKernelModules = [
|
||||
"usbhid"
|
||||
"usb_storage"
|
||||
"vc4"
|
||||
"rtc-ds3232"
|
||||
"rtc-ds1307"
|
||||
];
|
||||
kernelPackages = pkgs.linuxPackages_latest;
|
||||
kernelModules = [ "raspberrypi_ts" "rtc-ds3232" "rtc-ds1307" ];
|
||||
kernelModules = [
|
||||
"raspberrypi_ts"
|
||||
"rtc-ds3232"
|
||||
"rtc-ds1307"
|
||||
];
|
||||
loader = {
|
||||
grub.enable = false;
|
||||
generic-extlinux-compatible.enable = true;
|
||||
@ -33,7 +44,9 @@ in
|
||||
|
||||
networking = {
|
||||
hostName = "weather";
|
||||
networkmanager = { enable = true; };
|
||||
networkmanager = {
|
||||
enable = true;
|
||||
};
|
||||
wireless.userControlled.enable = true;
|
||||
hosts."100.120.151.126" = [ "graph.tapenet.org" ];
|
||||
};
|
||||
@ -46,8 +59,10 @@ in
|
||||
};
|
||||
|
||||
preDNS.enable = false;
|
||||
systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart =
|
||||
lib.mkForce [ "" "${pkgs.networkmanager}/bin/nm-online -q" ];
|
||||
systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart = lib.mkForce [
|
||||
""
|
||||
"${pkgs.networkmanager}/bin/nm-online -q"
|
||||
];
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
|
||||
|
@ -1,4 +1,5 @@
|
||||
{ ... }: {
|
||||
{ ... }:
|
||||
{
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/disk/by-label/NIXOS_SD";
|
||||
|
@ -1,7 +1,8 @@
|
||||
{ config
|
||||
, pkgs
|
||||
, lib
|
||||
, ...
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
let
|
||||
pubKeys = [
|
||||
@ -14,9 +15,7 @@ let
|
||||
in
|
||||
{
|
||||
_module.args.isUnstable = false;
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
imports = [ ./hardware-configuration.nix ];
|
||||
|
||||
defaultUsers.enable = false;
|
||||
|
||||
@ -35,7 +34,9 @@ in
|
||||
|
||||
networking = {
|
||||
hostName = "wzero";
|
||||
networkmanager = { enable = true; };
|
||||
networkmanager = {
|
||||
enable = true;
|
||||
};
|
||||
wireless.userControlled.enable = true;
|
||||
hosts."100.120.151.126" = [ "graph.tapenet.org" ];
|
||||
};
|
||||
|
@ -1,4 +1,5 @@
|
||||
{ pkgs, ... }: {
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
hardware = {
|
||||
deviceTree = {
|
||||
enable = true;
|
||||
@ -7,8 +8,6 @@
|
||||
|
||||
enableRedistributableFirmware = true;
|
||||
i2c.enable = true;
|
||||
firmware = with pkgs; [
|
||||
raspberrypiWirelessFirmware
|
||||
];
|
||||
firmware = with pkgs; [ raspberrypiWirelessFirmware ];
|
||||
};
|
||||
}
|
||||
|
@ -39,20 +39,30 @@ in
|
||||
layout = "us";
|
||||
xkbVariant = "colemak";
|
||||
};
|
||||
console = { keyMap = "colemak"; };
|
||||
console = {
|
||||
keyMap = "colemak";
|
||||
};
|
||||
|
||||
users.users = {
|
||||
qbit = {
|
||||
isNormalUser = true;
|
||||
description = "Aaron Bieber";
|
||||
extraGroups = [ "networkmanager" "wheel" ];
|
||||
extraGroups = [
|
||||
"networkmanager"
|
||||
"wheel"
|
||||
];
|
||||
packages = [ ];
|
||||
};
|
||||
root = { openssh.authorizedKeys.keys = pubKeys; };
|
||||
root = {
|
||||
openssh.authorizedKeys.keys = pubKeys;
|
||||
};
|
||||
};
|
||||
|
||||
# neovim will overwrite my neovim!!
|
||||
environment.systemPackages = with pkgs; [ neovim jq ];
|
||||
environment.systemPackages = with pkgs; [
|
||||
neovim
|
||||
jq
|
||||
];
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
|
@ -1,13 +1,18 @@
|
||||
{ config
|
||||
, lib
|
||||
, pkgs
|
||||
, ...
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
managementKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDM2k2C6Ufx5RNf4qWA9BdQHJfAkskOaqEWf8yjpySwH Nix Manager";
|
||||
in
|
||||
{
|
||||
imports = [ ./configs/colemak.nix ./configs/tmux.nix ./configs/neovim.nix ];
|
||||
imports = [
|
||||
./configs/colemak.nix
|
||||
./configs/tmux.nix
|
||||
./configs/neovim.nix
|
||||
];
|
||||
|
||||
options.myconf = {
|
||||
hwPubKeys = lib.mkOption rec {
|
||||
@ -103,7 +108,10 @@ in
|
||||
boot.tmp.cleanOnBoot = true;
|
||||
|
||||
environment = {
|
||||
systemPackages = with pkgs; [ apg inetutils ];
|
||||
systemPackages = with pkgs; [
|
||||
apg
|
||||
inetutils
|
||||
];
|
||||
|
||||
interactiveShellInit = ''
|
||||
alias vi=nvim
|
||||
@ -113,18 +121,19 @@ in
|
||||
time.timeZone = "US/Mountain";
|
||||
|
||||
systemd.services."setdate" =
|
||||
if pkgs.system == "aarch64-linux"
|
||||
then {
|
||||
description = "Set date on boot";
|
||||
wantedBy = [ "network-online.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
script = ''
|
||||
. /etc/profile;
|
||||
${pkgs.outils}/bin/rdate pool.ntp.org
|
||||
'';
|
||||
serviceConfig.Type = "oneshot";
|
||||
}
|
||||
else { };
|
||||
if pkgs.system == "aarch64-linux" then
|
||||
{
|
||||
description = "Set date on boot";
|
||||
wantedBy = [ "network-online.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
script = ''
|
||||
. /etc/profile;
|
||||
${pkgs.outils}/bin/rdate pool.ntp.org
|
||||
'';
|
||||
serviceConfig.Type = "oneshot";
|
||||
}
|
||||
else
|
||||
{ };
|
||||
|
||||
programs = {
|
||||
zsh.enable = true;
|
||||
@ -151,7 +160,10 @@ in
|
||||
settings = {
|
||||
PermitRootLogin = lib.mkForce "prohibit-password";
|
||||
PasswordAuthentication = false;
|
||||
KexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
|
||||
KexAlgorithms = [
|
||||
"curve25519-sha256"
|
||||
"curve25519-sha256@libssh.org"
|
||||
];
|
||||
Macs = [
|
||||
"hmac-sha2-512-etm@openssh.com"
|
||||
"hmac-sha2-256-etm@openssh.com"
|
||||
|
@ -1,42 +1,44 @@
|
||||
{ lib, ... }:
|
||||
let
|
||||
inherit (builtins) toString readFile fromJSON filter;
|
||||
getPrStatus = pr:
|
||||
inherit (builtins)
|
||||
toString
|
||||
readFile
|
||||
fromJSON
|
||||
filter
|
||||
;
|
||||
getPrStatus =
|
||||
pr:
|
||||
let
|
||||
prstr = toString pr;
|
||||
prStatus = fromJSON (readFile ../pull_requests/${prstr}.json);
|
||||
in
|
||||
prStatus;
|
||||
prIsOpen = {
|
||||
option = pr: a:
|
||||
option =
|
||||
pr: a:
|
||||
let
|
||||
prStatus = getPrStatus pr;
|
||||
in
|
||||
if prStatus.status == "open"
|
||||
then a
|
||||
else { };
|
||||
pkg = pr: localPkg: upstreamPkg:
|
||||
if prStatus.status == "open" then a else { };
|
||||
pkg =
|
||||
pr: localPkg: upstreamPkg:
|
||||
let
|
||||
prStatus = getPrStatus pr;
|
||||
in
|
||||
if prStatus.status == "open"
|
||||
then localPkg
|
||||
if prStatus.status == "open" then
|
||||
localPkg
|
||||
else
|
||||
lib.warn
|
||||
"PR: ${toString pr} (${prStatus.title}) is complete, ignoring pkg..."
|
||||
upstreamPkg;
|
||||
lib.warn "PR: ${toString pr} (${prStatus.title}) is complete, ignoring pkg..." upstreamPkg;
|
||||
|
||||
overlay = pr: overlay:
|
||||
overlay =
|
||||
pr: overlay:
|
||||
let
|
||||
prStatus = getPrStatus pr;
|
||||
in
|
||||
if pr == 0 || prStatus.status == "open"
|
||||
then overlay
|
||||
if pr == 0 || prStatus.status == "open" then
|
||||
overlay
|
||||
else
|
||||
lib.warn "PR: ${
|
||||
toString pr
|
||||
} (${prStatus.title}) is complete, ignoring overlay..."
|
||||
(_: _: { });
|
||||
lib.warn "PR: ${toString pr} (${prStatus.title}) is complete, ignoring overlay..." (_: _: { });
|
||||
};
|
||||
|
||||
todo = msg: lib.warn "TODO: ${msg}";
|
||||
@ -54,7 +56,9 @@ let
|
||||
value = {
|
||||
script = mkCronScript "${job.name}_script" job.script;
|
||||
inherit (job) startAt path;
|
||||
serviceConfig = { Type = "oneshot"; };
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
};
|
||||
};
|
||||
};
|
||||
jobToService = job: {
|
||||
@ -68,7 +72,8 @@ let
|
||||
};
|
||||
};
|
||||
};
|
||||
buildShell = pkgs:
|
||||
buildShell =
|
||||
pkgs:
|
||||
pkgs.mkShell {
|
||||
shellHook = ''
|
||||
PS1='\u@\h:\w; '
|
||||
@ -97,7 +102,8 @@ let
|
||||
# Set our configurationRevison based on the status of our git repo.
|
||||
# If the repo is dirty, disable autoUpgrade as it means we are
|
||||
# testing something.
|
||||
buildVer = self:
|
||||
buildVer =
|
||||
self:
|
||||
let
|
||||
state = self.rev or "DIRTY";
|
||||
in
|
||||
|
@ -1,4 +1,5 @@
|
||||
{ ... }: {
|
||||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
./golink.nix
|
||||
./gotosocial.nix
|
||||
|
@ -1,9 +1,11 @@
|
||||
{ config
|
||||
, lib
|
||||
, pkgs
|
||||
, ...
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with pkgs; let
|
||||
with pkgs;
|
||||
let
|
||||
cfg = config.services.golink;
|
||||
golink = callPackage ../pkgs/golink.nix { };
|
||||
in
|
||||
@ -13,7 +15,12 @@ in
|
||||
enable = mkEnableOption "Enable golink";
|
||||
|
||||
user = mkOption {
|
||||
type = with types; oneOf [ str int ];
|
||||
type =
|
||||
with types;
|
||||
oneOf [
|
||||
str
|
||||
int
|
||||
];
|
||||
default = "golink";
|
||||
description = ''
|
||||
The user the service will use.
|
||||
@ -37,7 +44,12 @@ in
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = with types; oneOf [ str int ];
|
||||
type =
|
||||
with types;
|
||||
oneOf [
|
||||
str
|
||||
int
|
||||
];
|
||||
default = "golink";
|
||||
description = ''
|
||||
The user the service will use.
|
||||
|
@ -1,18 +1,19 @@
|
||||
{ config
|
||||
, lib
|
||||
, pkgs
|
||||
, ...
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with pkgs; let
|
||||
with pkgs;
|
||||
let
|
||||
cfg = config.services.gotosocial;
|
||||
gotosocial = callPackage ../pkgs/gotosocial.nix { };
|
||||
settingsFormat = pkgs.formats.json { };
|
||||
settingsType = settingsFormat.type;
|
||||
prettyJSON = conf:
|
||||
prettyJSON =
|
||||
conf:
|
||||
pkgs.runCommandLocal "gotosocial-config.json" { } ''
|
||||
echo '${
|
||||
builtins.toJSON conf
|
||||
}' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out
|
||||
echo '${builtins.toJSON conf}' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out
|
||||
'';
|
||||
in
|
||||
{
|
||||
@ -21,7 +22,12 @@ in
|
||||
enable = mkEnableOption "Enable gotosocial";
|
||||
|
||||
user = mkOption {
|
||||
type = with types; oneOf [ str int ];
|
||||
type =
|
||||
with types;
|
||||
oneOf [
|
||||
str
|
||||
int
|
||||
];
|
||||
default = "gotosocial";
|
||||
description = ''
|
||||
The user the service will use.
|
||||
@ -29,7 +35,12 @@ in
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = with types; oneOf [ str int ];
|
||||
type =
|
||||
with types;
|
||||
oneOf [
|
||||
str
|
||||
int
|
||||
];
|
||||
default = "gotosocial";
|
||||
description = ''
|
||||
The user the service will use.
|
||||
@ -74,9 +85,7 @@ in
|
||||
|
||||
RuntimeDirectory = "/var/lib/gotosocial";
|
||||
|
||||
ExecStart = "${cfg.package}/bin/gotosocial --config-path ${
|
||||
prettyJSON cfg.configuration
|
||||
} server start";
|
||||
ExecStart = "${cfg.package}/bin/gotosocial --config-path ${prettyJSON cfg.configuration} server start";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -1,18 +1,19 @@
|
||||
{ config
|
||||
, lib
|
||||
, pkgs
|
||||
, ...
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with pkgs; let
|
||||
with pkgs;
|
||||
let
|
||||
cfg = config.services.rtlamr2mqtt;
|
||||
rtlamr2mqtt = pkgs.python3Packages.callPackage ../pkgs/rtlamr2mqtt.nix { };
|
||||
settingsFormat = pkgs.formats.json { };
|
||||
settingsType = settingsFormat.type;
|
||||
prettyJSON = conf:
|
||||
prettyJSON =
|
||||
conf:
|
||||
pkgs.runCommandLocal "rtlamr2mqtt-config.json" { } ''
|
||||
echo '${
|
||||
builtins.toJSON conf
|
||||
}' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out
|
||||
echo '${builtins.toJSON conf}' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out
|
||||
'';
|
||||
in
|
||||
{
|
||||
@ -21,7 +22,12 @@ in
|
||||
enable = mkEnableOption "Enable rtlamr2mqtt";
|
||||
|
||||
user = mkOption {
|
||||
type = with types; oneOf [ str int ];
|
||||
type =
|
||||
with types;
|
||||
oneOf [
|
||||
str
|
||||
int
|
||||
];
|
||||
default = "rtlamr2mqtt";
|
||||
description = ''
|
||||
The user the service will use.
|
||||
@ -29,7 +35,12 @@ in
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = with types; oneOf [ str int ];
|
||||
type =
|
||||
with types;
|
||||
oneOf [
|
||||
str
|
||||
int
|
||||
];
|
||||
default = "rtlamr2mqtt";
|
||||
description = ''
|
||||
The user the service will use.
|
||||
|
@ -1,7 +1,8 @@
|
||||
{ lib
|
||||
, config
|
||||
, pkgs
|
||||
, ...
|
||||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.sliding-sync;
|
||||
@ -12,7 +13,12 @@ in
|
||||
enable = lib.mkEnableOption "Enable sliding-sync";
|
||||
|
||||
user = mkOption {
|
||||
type = with types; oneOf [ str int ];
|
||||
type =
|
||||
with types;
|
||||
oneOf [
|
||||
str
|
||||
int
|
||||
];
|
||||
default = "syncv3";
|
||||
description = ''
|
||||
The user the service will use.
|
||||
@ -20,7 +26,12 @@ in
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = with types; oneOf [ str int ];
|
||||
type =
|
||||
with types;
|
||||
oneOf [
|
||||
str
|
||||
int
|
||||
];
|
||||
default = "syncv3";
|
||||
description = ''
|
||||
The group the service will use.
|
||||
@ -82,7 +93,10 @@ in
|
||||
enable = true;
|
||||
description = "sliding-sync server";
|
||||
wantedBy = [ "network-online.target" ];
|
||||
after = [ "network-online.target" "matrix-synapse.service" ];
|
||||
after = [
|
||||
"network-online.target"
|
||||
"matrix-synapse.service"
|
||||
];
|
||||
|
||||
environment = {
|
||||
HOME = "${cfg.dataDir}";
|
||||
|
@ -1,7 +1,8 @@
|
||||
{ config
|
||||
, lib
|
||||
, pkgs
|
||||
, ...
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
perl = "${pkgs.perl}/bin/perl";
|
||||
|
@ -1,7 +1,8 @@
|
||||
{ lib
|
||||
, config
|
||||
, pkgs
|
||||
, ...
|
||||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.tsrevprox;
|
||||
@ -36,7 +37,12 @@ in
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = with types; oneOf [ str int ];
|
||||
type =
|
||||
with types;
|
||||
oneOf [
|
||||
str
|
||||
int
|
||||
];
|
||||
default = "tsrevprox";
|
||||
description = ''
|
||||
The user the service will use.
|
||||
@ -44,7 +50,12 @@ in
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = with types; oneOf [ str int ];
|
||||
type =
|
||||
with types;
|
||||
oneOf [
|
||||
str
|
||||
int
|
||||
];
|
||||
default = "tsrevprox";
|
||||
description = ''
|
||||
The group the service will use.
|
||||
@ -90,15 +101,15 @@ in
|
||||
wantedBy = [ "network-online.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
|
||||
environment = { HOME = "${cfg.dataDir}"; };
|
||||
environment = {
|
||||
HOME = "${cfg.dataDir}";
|
||||
};
|
||||
|
||||
serviceConfig = {
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
|
||||
ExecStart = "${cfg.package}/bin/ts-reverse-proxy -name ${cfg.reverseName} -port ${
|
||||
toString cfg.reversePort
|
||||
} -ip ${cfg.reverseIP}";
|
||||
ExecStart = "${cfg.package}/bin/ts-reverse-proxy -name ${cfg.reverseName} -port ${toString cfg.reversePort} -ip ${cfg.reverseIP}";
|
||||
#EnvironmentFile = cfg.envFile;
|
||||
};
|
||||
};
|
||||
|
@ -1,10 +1,12 @@
|
||||
{ config
|
||||
, lib
|
||||
, pkgs
|
||||
, inputs
|
||||
, ...
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
inputs,
|
||||
...
|
||||
}:
|
||||
with pkgs; let
|
||||
with pkgs;
|
||||
let
|
||||
cfg = config.services.tsvnstat;
|
||||
inherit (inputs.tsvnstat.packages.${pkgs.system}) tsvnstat;
|
||||
in
|
||||
@ -14,7 +16,12 @@ in
|
||||
enable = mkEnableOption "Enable tsvnstat";
|
||||
|
||||
user = mkOption {
|
||||
type = with types; oneOf [ str int ];
|
||||
type =
|
||||
with types;
|
||||
oneOf [
|
||||
str
|
||||
int
|
||||
];
|
||||
default = "tsvnstat";
|
||||
description = ''
|
||||
The user the service will use.
|
||||
@ -22,7 +29,12 @@ in
|
||||
};
|
||||
|
||||
keyPath = mkOption {
|
||||
type = with types; oneOf [ path str ];
|
||||
type =
|
||||
with types;
|
||||
oneOf [
|
||||
path
|
||||
str
|
||||
];
|
||||
default = "";
|
||||
description = ''
|
||||
Path to the TS API key file
|
||||
@ -38,7 +50,12 @@ in
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = with types; oneOf [ str int ];
|
||||
type =
|
||||
with types;
|
||||
oneOf [
|
||||
str
|
||||
int
|
||||
];
|
||||
default = "tsvnstat";
|
||||
description = ''
|
||||
The user the service will use.
|
||||
@ -88,7 +105,9 @@ in
|
||||
CacheDirectoryMode = "0755";
|
||||
|
||||
ExecStart = ''
|
||||
${cfg.package}/bin/tsvnstat -vnstati ${pkgs.vnstat}/bin/vnstati -name ${cfg.nodeName} ${lib.optionalString (cfg.keyPath != "") "-key ${cfg.keyPath}"}
|
||||
${cfg.package}/bin/tsvnstat -vnstati ${pkgs.vnstat}/bin/vnstati -name ${cfg.nodeName} ${
|
||||
lib.optionalString (cfg.keyPath != "") "-key ${cfg.keyPath}"
|
||||
}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
@ -1,9 +1,11 @@
|
||||
{ config
|
||||
, lib
|
||||
, pkgs
|
||||
, ...
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with pkgs; let
|
||||
with pkgs;
|
||||
let
|
||||
cfg = config.services.veilid-server;
|
||||
in
|
||||
{
|
||||
@ -11,13 +13,23 @@ in
|
||||
services.veilid-server = {
|
||||
enable = mkEnableOption "Enable velid-server";
|
||||
user = mkOption {
|
||||
type = with types; oneOf [ str int ];
|
||||
type =
|
||||
with types;
|
||||
oneOf [
|
||||
str
|
||||
int
|
||||
];
|
||||
default = "veilid";
|
||||
description = "The user veilid-server will run as.";
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = with types; oneOf [ str int ];
|
||||
type =
|
||||
with types;
|
||||
oneOf [
|
||||
str
|
||||
int
|
||||
];
|
||||
default = "veilid";
|
||||
description = "The group veilid-server will run with.";
|
||||
};
|
||||
|
@ -1,19 +1,29 @@
|
||||
{ lib
|
||||
, config
|
||||
, pkgs
|
||||
, ...
|
||||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.services.wallabag;
|
||||
inherit (builtins) toJSON;
|
||||
inherit (lib) mkOption mkEnableOption types mkIf;
|
||||
wallabag = pkgs.wallabag.overrideAttrs (old: {
|
||||
patches = builtins.filter (patch: builtins.baseNameOf patch != "wallabag-data.patch") old.patches ++ [
|
||||
# https://github.com/jtojnar/nixfiles/commit/662ac88e3358e9b50468c4bbf124aa821e22cae4
|
||||
./wallabag-data-location.patch
|
||||
];
|
||||
});
|
||||
inherit (lib)
|
||||
mkOption
|
||||
mkEnableOption
|
||||
types
|
||||
mkIf
|
||||
;
|
||||
wallabag = pkgs.wallabag.overrideAttrs (
|
||||
old: {
|
||||
patches =
|
||||
builtins.filter (patch: builtins.baseNameOf patch != "wallabag-data.patch") old.patches
|
||||
++ [
|
||||
# https://github.com/jtojnar/nixfiles/commit/662ac88e3358e9b50468c4bbf124aa821e22cae4
|
||||
./wallabag-data-location.patch
|
||||
];
|
||||
}
|
||||
);
|
||||
wallabagConfig = toJSON {
|
||||
parameters = {
|
||||
#database_driver = "pdo_sqlite";
|
||||
@ -80,10 +90,14 @@ let
|
||||
sentry_dsn = null;
|
||||
};
|
||||
};
|
||||
php = pkgs.php.withExtensions ({ enabled, all }: enabled ++ (with all; [
|
||||
imagick
|
||||
tidy
|
||||
]));
|
||||
php = pkgs.php.withExtensions (
|
||||
{ enabled, all }:
|
||||
enabled
|
||||
++ (with all; [
|
||||
imagick
|
||||
tidy
|
||||
])
|
||||
);
|
||||
wallabagServiceConfig = {
|
||||
CacheDirectory = "wallabag";
|
||||
CacheDirectoryMode = "700";
|
||||
@ -123,17 +137,26 @@ in
|
||||
description = "wallabag data directory";
|
||||
};
|
||||
user = mkOption {
|
||||
type = with types; oneOf [ str int ];
|
||||
type =
|
||||
with types;
|
||||
oneOf [
|
||||
str
|
||||
int
|
||||
];
|
||||
default = "wallabag";
|
||||
description = "The user wallabag will run as.";
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = with types; oneOf [ str int ];
|
||||
type =
|
||||
with types;
|
||||
oneOf [
|
||||
str
|
||||
int
|
||||
];
|
||||
default = "wallabag";
|
||||
description = "The group wallabag will run with.";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
@ -214,7 +237,11 @@ in
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
before = [ "phpfpm-wallabag.service" ];
|
||||
after = [ "postgresql.service" ];
|
||||
path = with pkgs; [ coreutils php phpPackages.composer ];
|
||||
path = with pkgs; [
|
||||
coreutils
|
||||
php
|
||||
phpPackages.composer
|
||||
];
|
||||
serviceConfig = {
|
||||
User = cfg.user;
|
||||
Type = "oneshot";
|
||||
|
@ -1,9 +1,11 @@
|
||||
{ config
|
||||
, lib
|
||||
, pkgs
|
||||
, ...
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with pkgs; let
|
||||
with pkgs;
|
||||
let
|
||||
cfg = config.services.yarr;
|
||||
yarr = callPackage ../pkgs/yarr.nix { };
|
||||
in
|
||||
@ -51,7 +53,12 @@ in
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = with types; oneOf [ str int ];
|
||||
type =
|
||||
with types;
|
||||
oneOf [
|
||||
str
|
||||
int
|
||||
];
|
||||
default = "yarr";
|
||||
description = ''
|
||||
The user the service will use.
|
||||
@ -59,7 +66,12 @@ in
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = with types; oneOf [ str int ];
|
||||
type =
|
||||
with types;
|
||||
oneOf [
|
||||
str
|
||||
int
|
||||
];
|
||||
default = "yarr";
|
||||
description = ''
|
||||
The user the service will use.
|
||||
@ -95,9 +107,7 @@ in
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
|
||||
ExecStart = "${cfg.package}/bin/yarr -addr ${cfg.address}:${
|
||||
toString cfg.port
|
||||
} -db ${cfg.dbPath} -auth-file ${cfg.authFilePath}";
|
||||
ExecStart = "${cfg.package}/bin/yarr -addr ${cfg.address}:${toString cfg.port} -db ${cfg.dbPath} -auth-file ${cfg.authFilePath}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -1,11 +1,8 @@
|
||||
{ config
|
||||
, lib
|
||||
, ...
|
||||
}:
|
||||
with lib; let
|
||||
{ config, lib, ... }:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.services.xin-monitoring;
|
||||
inherit
|
||||
(builtins)
|
||||
inherit (builtins)
|
||||
readFile
|
||||
concatStringsSep
|
||||
attrValues
|
||||
@ -14,34 +11,43 @@ with lib; let
|
||||
;
|
||||
|
||||
nginxCfg = config.services.nginx;
|
||||
buildFSChecker = fsList: (concatStringsSep "\n" (attrValues (mapAttrs
|
||||
(f: v:
|
||||
if v.fsType != "sshfs"
|
||||
then ''
|
||||
check filesystem ${replaceStrings ["/"] ["_"] f} with path ${f}
|
||||
if space usage > 90% then alert
|
||||
if inode usage > 90% then alert
|
||||
''
|
||||
else "")
|
||||
fsList)));
|
||||
buildNginxChecker = vhostList: (concatStringsSep "\n" (attrValues (mapAttrs
|
||||
(f: v: ''
|
||||
check host ${f} with address ${f}
|
||||
if failed port 80 protocol http then alert
|
||||
${
|
||||
if v.enableACME
|
||||
then "if failed port 443 protocol https then alert"
|
||||
else ""
|
||||
}
|
||||
'')
|
||||
vhostList)));
|
||||
buildFSChecker =
|
||||
fsList:
|
||||
(concatStringsSep "\n" (
|
||||
attrValues (
|
||||
mapAttrs
|
||||
(
|
||||
f: v:
|
||||
if v.fsType != "sshfs" then
|
||||
''
|
||||
check filesystem ${replaceStrings [ "/" ] [ "_" ] f} with path ${f}
|
||||
if space usage > 90% then alert
|
||||
if inode usage > 90% then alert
|
||||
''
|
||||
else
|
||||
""
|
||||
)
|
||||
fsList
|
||||
)
|
||||
));
|
||||
buildNginxChecker =
|
||||
vhostList:
|
||||
(concatStringsSep "\n" (
|
||||
attrValues (
|
||||
mapAttrs
|
||||
(f: v: ''
|
||||
check host ${f} with address ${f}
|
||||
if failed port 80 protocol http then alert
|
||||
${if v.enableACME then "if failed port 443 protocol https then alert" else ""}
|
||||
'')
|
||||
vhostList
|
||||
)
|
||||
));
|
||||
nginxChecks =
|
||||
if nginxCfg.enable
|
||||
then
|
||||
if config.networking.hostName == "h"
|
||||
then (buildNginxChecker nginxCfg.virtualHosts)
|
||||
else ""
|
||||
else "";
|
||||
if nginxCfg.enable then
|
||||
if config.networking.hostName == "h" then (buildNginxChecker nginxCfg.virtualHosts) else ""
|
||||
else
|
||||
"";
|
||||
in
|
||||
{
|
||||
options = {
|
||||
|
@ -1,12 +1,14 @@
|
||||
let
|
||||
_1password-gui = _: super: {
|
||||
_1password-gui = super._1password-gui.overrideAttrs (_: rec {
|
||||
version = "8.10.7";
|
||||
src = super.fetchurl {
|
||||
url = "https://downloads.1password.com/linux/tar/stable/x86_64/1password-${version}.x64.tar.gz";
|
||||
sha256 = "sha256-5KMAzstoPmNgFejp21R8PcdrmUtkX3qxHYX3rV5JqyE=";
|
||||
};
|
||||
});
|
||||
_1password-gui = super._1password-gui.overrideAttrs (
|
||||
_: rec {
|
||||
version = "8.10.7";
|
||||
src = super.fetchurl {
|
||||
url = "https://downloads.1password.com/linux/tar/stable/x86_64/1password-${version}.x64.tar.gz";
|
||||
sha256 = "sha256-5KMAzstoPmNgFejp21R8PcdrmUtkX3qxHYX3rV5JqyE=";
|
||||
};
|
||||
}
|
||||
);
|
||||
};
|
||||
in
|
||||
_1password-gui
|
||||
|
@ -13,24 +13,29 @@ let
|
||||
propagatedBuildInputs = with super.perlPackages; [ Future ];
|
||||
meta = {
|
||||
description = "A FIFO queue of values that uses L<Future>s";
|
||||
license = with super.lib.licenses; [ artistic1 gpl1Plus ];
|
||||
license = with super.lib.licenses; [
|
||||
artistic1
|
||||
gpl1Plus
|
||||
];
|
||||
};
|
||||
};
|
||||
in
|
||||
super.PLS.overrideAttrs (_: {
|
||||
propagatedBuildInputs = with super.perlPackages; [
|
||||
Future
|
||||
FutureQueue
|
||||
IOAsync
|
||||
PPI
|
||||
PPR
|
||||
PathTiny
|
||||
PerlCritic
|
||||
PerlTidy
|
||||
PodMarkdown
|
||||
URI
|
||||
];
|
||||
});
|
||||
super.PLS.overrideAttrs (
|
||||
_: {
|
||||
propagatedBuildInputs = with super.perlPackages; [
|
||||
Future
|
||||
FutureQueue
|
||||
IOAsync
|
||||
PPI
|
||||
PPR
|
||||
PathTiny
|
||||
PerlCritic
|
||||
PerlTidy
|
||||
PodMarkdown
|
||||
URI
|
||||
];
|
||||
}
|
||||
);
|
||||
};
|
||||
in
|
||||
perlPackages
|
||||
|
@ -1,12 +1,14 @@
|
||||
let
|
||||
bruno = _: super: {
|
||||
bruno = super.bruno.overrideAttrs (_: rec {
|
||||
version = "0.25.0";
|
||||
src = super.fetchurl {
|
||||
url = "https://github.com/usebruno/bruno/releases/download/v${version}/bruno_${version}_amd64_linux.deb";
|
||||
hash = "sha256-h7GBZaYKHwZnGNZGcVtyV0cJa8EgsulDsFIB3ggYGng=";
|
||||
};
|
||||
});
|
||||
bruno = super.bruno.overrideAttrs (
|
||||
_: rec {
|
||||
version = "0.25.0";
|
||||
src = super.fetchurl {
|
||||
url = "https://github.com/usebruno/bruno/releases/download/v${version}/bruno_${version}_amd64_linux.deb";
|
||||
hash = "sha256-h7GBZaYKHwZnGNZGcVtyV0cJa8EgsulDsFIB3ggYGng=";
|
||||
};
|
||||
}
|
||||
);
|
||||
};
|
||||
in
|
||||
bruno
|
||||
|
@ -1,17 +1,12 @@
|
||||
{ isUnstable
|
||||
, xinlib
|
||||
, ...
|
||||
}:
|
||||
{ isUnstable, xinlib, ... }:
|
||||
let
|
||||
inherit (xinlib) prIsOpen;
|
||||
matrix-synapse = prIsOpen.overlay 0 (import ./matrix-synapse.nix);
|
||||
heisenbridge = prIsOpen.overlay 0 (import ./heisenbridge.nix);
|
||||
in
|
||||
{
|
||||
nixpkgs.overlays = [ heisenbridge matrix-synapse ] ++
|
||||
(if isUnstable
|
||||
then [
|
||||
]
|
||||
else [
|
||||
]);
|
||||
nixpkgs.overlays = [
|
||||
heisenbridge
|
||||
matrix-synapse
|
||||
] ++ (if isUnstable then [ ] else [ ]);
|
||||
}
|
||||
|
@ -1,17 +1,19 @@
|
||||
let
|
||||
hash = "sha256-OmAmgHM+EmJ3mUY4lPBxIv2rAq8j2QEeTUMux7ZBfRE=";
|
||||
heisenbridge = _: super: {
|
||||
heisenbridge = super.heisenbridge.overrideAttrs (_: rec {
|
||||
version = "1.14.5";
|
||||
pname = "heisenbridge";
|
||||
heisenbridge = super.heisenbridge.overrideAttrs (
|
||||
_: rec {
|
||||
version = "1.14.5";
|
||||
pname = "heisenbridge";
|
||||
|
||||
src = super.fetchFromGitHub {
|
||||
owner = "hifi";
|
||||
repo = pname;
|
||||
rev = "refs/tags/v${version}";
|
||||
inherit hash;
|
||||
};
|
||||
});
|
||||
src = super.fetchFromGitHub {
|
||||
owner = "hifi";
|
||||
repo = pname;
|
||||
rev = "refs/tags/v${version}";
|
||||
inherit hash;
|
||||
};
|
||||
}
|
||||
);
|
||||
};
|
||||
in
|
||||
heisenbridge
|
||||
|
@ -2,22 +2,24 @@ let
|
||||
hash = "sha256-yhOdIyKp+JM0qUl4dD1aMeYHNhE71DUDxrfCyRDP1VI=";
|
||||
sha256 = "sha256-mWvcRNvCYf6WCKU/5LGJipOI032QFG90XpHTxFGs6TU=";
|
||||
matrix-synapse = _: super: {
|
||||
matrix-synapse = super.matrix-synapse.overrideAttrs (_: rec {
|
||||
version = "1.101.0";
|
||||
pname = "matrix-synapse";
|
||||
matrix-synapse = super.matrix-synapse.overrideAttrs (
|
||||
_: rec {
|
||||
version = "1.101.0";
|
||||
pname = "matrix-synapse";
|
||||
|
||||
src = super.fetchFromGitHub {
|
||||
owner = "element-hq";
|
||||
repo = "synapse";
|
||||
rev = "v${version}";
|
||||
inherit hash;
|
||||
};
|
||||
src = super.fetchFromGitHub {
|
||||
owner = "element-hq";
|
||||
repo = "synapse";
|
||||
rev = "v${version}";
|
||||
inherit hash;
|
||||
};
|
||||
|
||||
cargoDeps = super.rustPlatform.fetchCargoTarball {
|
||||
inherit src sha256;
|
||||
name = "${pname}-${version}";
|
||||
};
|
||||
});
|
||||
cargoDeps = super.rustPlatform.fetchCargoTarball {
|
||||
inherit src sha256;
|
||||
name = "${pname}-${version}";
|
||||
};
|
||||
}
|
||||
);
|
||||
};
|
||||
in
|
||||
matrix-synapse
|
||||
|
@ -1,21 +1,23 @@
|
||||
let
|
||||
nixd = _: super: {
|
||||
nixd = super.nixd.overrideAttrs (_: rec {
|
||||
version = "1.1.0";
|
||||
src = super.fetchFromGitHub {
|
||||
owner = "nix-community";
|
||||
repo = "nixd";
|
||||
rev = version;
|
||||
hash = "sha256-zeBVh9gPMR+1ETx0ujl+TUSoeHHR4fkQfxyOpCDKP9M=";
|
||||
};
|
||||
nativeBuildInputs = with super.pkgs; [
|
||||
meson
|
||||
ninja
|
||||
pkg-config
|
||||
bison
|
||||
flex
|
||||
];
|
||||
});
|
||||
nixd = super.nixd.overrideAttrs (
|
||||
_: rec {
|
||||
version = "1.1.0";
|
||||
src = super.fetchFromGitHub {
|
||||
owner = "nix-community";
|
||||
repo = "nixd";
|
||||
rev = version;
|
||||
hash = "sha256-zeBVh9gPMR+1ETx0ujl+TUSoeHHR4fkQfxyOpCDKP9M=";
|
||||
};
|
||||
nativeBuildInputs = with super.pkgs; [
|
||||
meson
|
||||
ninja
|
||||
pkg-config
|
||||
bison
|
||||
flex
|
||||
];
|
||||
}
|
||||
);
|
||||
};
|
||||
in
|
||||
nixd
|
||||
|
@ -1,19 +1,20 @@
|
||||
let
|
||||
obsidian = _: super: {
|
||||
obsidian = super.obsidian.overrideAttrs (_: rec {
|
||||
version = "1.3.5";
|
||||
filename =
|
||||
if super.stdenv.isDarwin
|
||||
then "Obsidian-${version}-universal.dmg"
|
||||
else "obsidian-${version}.tar.gz";
|
||||
src = super.fetchurl {
|
||||
url = "https://github.com/obsidianmd/obsidian-releases/releases/download/v${version}/${filename}";
|
||||
sha256 =
|
||||
if super.stdenv.isDarwin
|
||||
then "sha256-bTIJwQqufzxq1/ZxR8rVYER82tl0pPMpKwDPr9Gz1Q4="
|
||||
else "sha256-jhm6ziFaJnv4prPSfOnJ/EbIRTf9rnvzAJVxnVqmWE4=";
|
||||
};
|
||||
});
|
||||
obsidian = super.obsidian.overrideAttrs (
|
||||
_: rec {
|
||||
version = "1.3.5";
|
||||
filename =
|
||||
if super.stdenv.isDarwin then "Obsidian-${version}-universal.dmg" else "obsidian-${version}.tar.gz";
|
||||
src = super.fetchurl {
|
||||
url = "https://github.com/obsidianmd/obsidian-releases/releases/download/v${version}/${filename}";
|
||||
sha256 =
|
||||
if super.stdenv.isDarwin then
|
||||
"sha256-bTIJwQqufzxq1/ZxR8rVYER82tl0pPMpKwDPr9Gz1Q4="
|
||||
else
|
||||
"sha256-jhm6ziFaJnv4prPSfOnJ/EbIRTf9rnvzAJVxnVqmWE4=";
|
||||
};
|
||||
}
|
||||
);
|
||||
};
|
||||
in
|
||||
obsidian
|
||||
|
@ -1,18 +1,20 @@
|
||||
let
|
||||
openssh = _: super: {
|
||||
openssh = super.openssh.overrideAttrs (_: rec {
|
||||
version = "9.3p1";
|
||||
src = super.fetchurl {
|
||||
url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz";
|
||||
hash = "sha256-6bq6dwGnalHz2Fpiw4OjydzZf6kAuFm8fbEUwYaK+Kg=";
|
||||
};
|
||||
openssh = super.openssh.overrideAttrs (
|
||||
_: rec {
|
||||
version = "9.3p1";
|
||||
src = super.fetchurl {
|
||||
url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz";
|
||||
hash = "sha256-6bq6dwGnalHz2Fpiw4OjydzZf6kAuFm8fbEUwYaK+Kg=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
./ssh-keysign-8.5.patch
|
||||
./dont_create_privsep_path.patch
|
||||
./locale_archive.patch
|
||||
];
|
||||
});
|
||||
patches = [
|
||||
./ssh-keysign-8.5.patch
|
||||
./dont_create_privsep_path.patch
|
||||
./locale_archive.patch
|
||||
];
|
||||
}
|
||||
);
|
||||
};
|
||||
in
|
||||
openssh
|
||||
|
@ -1,10 +1,12 @@
|
||||
let
|
||||
rex = _: super: {
|
||||
rex = super.rex.overrideAttrs (_: {
|
||||
postPatch = ''
|
||||
patchShebangs bin
|
||||
'';
|
||||
});
|
||||
rex = super.rex.overrideAttrs (
|
||||
_: {
|
||||
postPatch = ''
|
||||
patchShebangs bin
|
||||
'';
|
||||
}
|
||||
);
|
||||
};
|
||||
in
|
||||
rex
|
||||
|
@ -1,12 +1,14 @@
|
||||
let
|
||||
signal-desktop = _: super: {
|
||||
signal-desktop = super.signal-desktop.overrideAttrs (old: rec {
|
||||
version = "6.34.1";
|
||||
src = super.fetchurl {
|
||||
url = "https://updates.signal.org/desktop/apt/pool/s/${old.pname}/${old.pname}_${version}_amd64.deb";
|
||||
hash = "sha256-1kffRXPQmtxIsLZVOgPXDnxUmY59q+1umy25cditRhw=";
|
||||
};
|
||||
});
|
||||
signal-desktop = super.signal-desktop.overrideAttrs (
|
||||
old: rec {
|
||||
version = "6.34.1";
|
||||
src = super.fetchurl {
|
||||
url = "https://updates.signal.org/desktop/apt/pool/s/${old.pname}/${old.pname}_${version}_amd64.deb";
|
||||
hash = "sha256-1kffRXPQmtxIsLZVOgPXDnxUmY59q+1umy25cditRhw=";
|
||||
};
|
||||
}
|
||||
);
|
||||
};
|
||||
in
|
||||
signal-desktop
|
||||
|
@ -20,11 +20,15 @@ let
|
||||
#};
|
||||
tailscale = _: super: {
|
||||
tailscale = super.callPackage "${super.path}/pkgs/servers/tailscale" {
|
||||
buildGoModule = args:
|
||||
super.buildGo121Module (args // {
|
||||
src = super.fetchFromGitHub fetchArgs;
|
||||
inherit vendorHash ldflags version;
|
||||
});
|
||||
buildGoModule =
|
||||
args:
|
||||
super.buildGo121Module (
|
||||
args
|
||||
// {
|
||||
src = super.fetchFromGitHub fetchArgs;
|
||||
inherit vendorHash ldflags version;
|
||||
}
|
||||
);
|
||||
};
|
||||
};
|
||||
in
|
||||
|
@ -1,13 +1,15 @@
|
||||
let
|
||||
tidal-hifi = _: super: {
|
||||
tidal-hifi = super.tidal-hifi.overrideAttrs (_: rec {
|
||||
version = "5.3.0";
|
||||
tidal-hifi = super.tidal-hifi.overrideAttrs (
|
||||
_: rec {
|
||||
version = "5.3.0";
|
||||
|
||||
src = super.fetchurl {
|
||||
url = "https://github.com/Mastermindzh/tidal-hifi/releases/download/${version}/tidal-hifi_${version}_amd64.deb";
|
||||
sha256 = "sha256-YGSHEvanWek6qiWvKs6g+HneGbuuqJn/DBfhawjQi5M=";
|
||||
};
|
||||
});
|
||||
src = super.fetchurl {
|
||||
url = "https://github.com/Mastermindzh/tidal-hifi/releases/download/${version}/tidal-hifi_${version}_amd64.deb";
|
||||
sha256 = "sha256-YGSHEvanWek6qiWvKs6g+HneGbuuqJn/DBfhawjQi5M=";
|
||||
};
|
||||
}
|
||||
);
|
||||
};
|
||||
in
|
||||
tidal-hifi
|
||||
|
@ -1,8 +1,9 @@
|
||||
{ lib
|
||||
, stdenv
|
||||
, fetchFromGitHub
|
||||
, pkgs
|
||||
, ...
|
||||
{
|
||||
lib,
|
||||
stdenv,
|
||||
fetchFromGitHub,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
libadalang = stdenv.mkDerivation rec {
|
||||
@ -38,7 +39,10 @@ let
|
||||
sha256 = "sha256-IDPcIJfavlqMsxLOGrvXYv98FdYVWkCiimLcMFp3ees=";
|
||||
};
|
||||
|
||||
buildInputs = with pkgs; [ gnat12 gprbuild ];
|
||||
buildInputs = with pkgs; [
|
||||
gnat12
|
||||
gprbuild
|
||||
];
|
||||
|
||||
makeFlags = [ "PREFIX=$(out)" ];
|
||||
};
|
||||
@ -53,7 +57,11 @@ let
|
||||
sha256 = "sha256-kA5yOd3NDkRl08o38F5CyeFrihBZktNF6di3PC+/ZLU=";
|
||||
};
|
||||
|
||||
buildInputs = with pkgs; [ gnat12 gprbuild libadalang ];
|
||||
buildInputs = with pkgs; [
|
||||
gnat12
|
||||
gprbuild
|
||||
libadalang
|
||||
];
|
||||
|
||||
makeFlags = [ "PREFIX=$(out)" ];
|
||||
};
|
||||
@ -69,7 +77,13 @@ stdenv.mkDerivation rec {
|
||||
sha256 = "sha256-ZUzym0aMjq14W9h/lDL5hVCF/i+1SFu6kccGqzmGO3E=";
|
||||
};
|
||||
|
||||
buildInputs = with pkgs; [ gnat12 gprbuild python3 vss gnatdoc ];
|
||||
buildInputs = with pkgs; [
|
||||
gnat12
|
||||
gprbuild
|
||||
python3
|
||||
vss
|
||||
gnatdoc
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Language server for Ada and SPARK";
|
||||
|
@ -1,9 +1,10 @@
|
||||
{ stdenv
|
||||
, lib
|
||||
, fetchurl
|
||||
, unzip
|
||||
, autoPatchelfHook
|
||||
, ...
|
||||
{
|
||||
stdenv,
|
||||
lib,
|
||||
fetchurl,
|
||||
unzip,
|
||||
autoPatchelfHook,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
stdenv.mkDerivation rec {
|
||||
@ -15,7 +16,10 @@ stdenv.mkDerivation rec {
|
||||
sha256 = "sha256-bN/H5CPN7uvUH9+p+y/sg01qTJI3asToxVSVnKVNHuM=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ unzip autoPatchelfHook ];
|
||||
nativeBuildInputs = [
|
||||
unzip
|
||||
autoPatchelfHook
|
||||
];
|
||||
|
||||
dontBuild = true;
|
||||
doCheck = false;
|
||||
|
@ -1,18 +1,16 @@
|
||||
{ stdenv
|
||||
, lib
|
||||
, buildGoModule
|
||||
, fetchFromGitHub
|
||||
, isUnstable
|
||||
, makeWrapper
|
||||
, go
|
||||
, git
|
||||
, ...
|
||||
{
|
||||
stdenv,
|
||||
lib,
|
||||
buildGoModule,
|
||||
fetchFromGitHub,
|
||||
isUnstable,
|
||||
makeWrapper,
|
||||
go,
|
||||
git,
|
||||
...
|
||||
}:
|
||||
let
|
||||
vendorHash =
|
||||
if isUnstable
|
||||
then ""
|
||||
else "sha256-7CnkKMZ1so1lflmp4D9EAESR6/u9ys5CTuVOsYetp0I=";
|
||||
vendorHash = if isUnstable then "" else "sha256-7CnkKMZ1so1lflmp4D9EAESR6/u9ys5CTuVOsYetp0I=";
|
||||
in
|
||||
with lib;
|
||||
buildGoModule rec {
|
||||
@ -30,7 +28,10 @@ buildGoModule rec {
|
||||
|
||||
ldflags = [ "-X github.com/gomods/athens/pkg/build.version=${version}" ];
|
||||
|
||||
nativeBuildInputs = lib.optionals stdenv.isLinux [ makeWrapper go ];
|
||||
nativeBuildInputs = lib.optionals stdenv.isLinux [
|
||||
makeWrapper
|
||||
go
|
||||
];
|
||||
|
||||
proxyVendor = true;
|
||||
|
||||
@ -40,7 +41,7 @@ buildGoModule rec {
|
||||
|
||||
postInstall = lib.optionalString stdenv.isLinux ''
|
||||
mv $out/bin/proxy $out/bin/athens
|
||||
wrapProgram $out/bin/athens --prefix PATH : ${lib.makeBinPath [git]}
|
||||
wrapProgram $out/bin/athens --prefix PATH : ${lib.makeBinPath [ git ]}
|
||||
'';
|
||||
|
||||
meta = {
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user