Compare commits

...

1 Commits

Author SHA1 Message Date
28daa886e2
fmt: test nixfmt-rfc-style 2024-02-18 12:23:08 -07:00
156 changed files with 2807 additions and 2000 deletions

View File

@ -1,4 +1,5 @@
{ perl }: ''
{ perl }:
''
#!${perl}/bin/perl
use strict;

View File

@ -1,83 +1,69 @@
{ pkgs
, config
, isUnstable
, ...
{
pkgs,
config,
isUnstable,
...
}:
let
gosignify = pkgs.callPackage ../pkgs/gosignify.nix { inherit isUnstable; };
ix = pkgs.writeScriptBin "ix" (import ./ix.nix { inherit (pkgs) perl; });
checkRestart =
pkgs.writeScriptBin "check-restart"
(import ./check-restart.nix { inherit (pkgs) perl; });
xinStatus =
pkgs.writeScriptBin "xin-status"
(import ./xin-status.nix { inherit (pkgs) perl perlPackages; });
sfetch = pkgs.writeScriptBin "sfetch" (import ./sfetch.nix {
inherit gosignify;
inherit (pkgs) curl;
});
checkRestart = pkgs.writeScriptBin "check-restart" (
import ./check-restart.nix { inherit (pkgs) perl; }
);
xinStatus = pkgs.writeScriptBin "xin-status" (
import ./xin-status.nix { inherit (pkgs) perl perlPackages; }
);
sfetch = pkgs.writeScriptBin "sfetch" (
import ./sfetch.nix {
inherit gosignify;
inherit (pkgs) curl;
}
);
genPatches = pkgs.callPackage ./gen-patches.nix { };
upgrade-pg = pkgs.writeScriptBin "upgrade-pg" (import ./upgrade-pg.nix {
inherit pkgs;
inherit config;
});
upgrade-pg = pkgs.writeScriptBin "upgrade-pg" (
import ./upgrade-pg.nix {
inherit pkgs;
inherit config;
}
);
in
{
environment.systemPackages = with pkgs; [
checkRestart
genPatches
ix
sfetch
xclip
xinStatus
] ++ (if config.services.postgresql.enable then
[ upgrade-pg ]
else [ ]);
environment.systemPackages =
with pkgs;
[
checkRestart
genPatches
ix
sfetch
xclip
xinStatus
]
++ (if config.services.postgresql.enable then [ upgrade-pg ] else [ ]);
environment.etc = {
"signify/openbsd-70-base.pub".text =
builtins.readFile ./pubs/openbsd-70-base.pub;
"signify/openbsd-70-fw.pub".text =
builtins.readFile ./pubs/openbsd-70-fw.pub;
"signify/openbsd-70-pkg.pub".text =
builtins.readFile ./pubs/openbsd-70-pkg.pub;
"signify/openbsd-70-syspatch.pub".text =
builtins.readFile ./pubs/openbsd-70-syspatch.pub;
"signify/openbsd-70-base.pub".text = builtins.readFile ./pubs/openbsd-70-base.pub;
"signify/openbsd-70-fw.pub".text = builtins.readFile ./pubs/openbsd-70-fw.pub;
"signify/openbsd-70-pkg.pub".text = builtins.readFile ./pubs/openbsd-70-pkg.pub;
"signify/openbsd-70-syspatch.pub".text = builtins.readFile ./pubs/openbsd-70-syspatch.pub;
"signify/openbsd-71-base.pub".text =
builtins.readFile ./pubs/openbsd-71-base.pub;
"signify/openbsd-71-fw.pub".text =
builtins.readFile ./pubs/openbsd-71-fw.pub;
"signify/openbsd-71-pkg.pub".text =
builtins.readFile ./pubs/openbsd-71-pkg.pub;
"signify/openbsd-71-syspatch.pub".text =
builtins.readFile ./pubs/openbsd-71-syspatch.pub;
"signify/openbsd-71-base.pub".text = builtins.readFile ./pubs/openbsd-71-base.pub;
"signify/openbsd-71-fw.pub".text = builtins.readFile ./pubs/openbsd-71-fw.pub;
"signify/openbsd-71-pkg.pub".text = builtins.readFile ./pubs/openbsd-71-pkg.pub;
"signify/openbsd-71-syspatch.pub".text = builtins.readFile ./pubs/openbsd-71-syspatch.pub;
"signify/openbsd-72-base.pub".text =
builtins.readFile ./pubs/openbsd-72-base.pub;
"signify/openbsd-72-fw.pub".text =
builtins.readFile ./pubs/openbsd-72-fw.pub;
"signify/openbsd-72-pkg.pub".text =
builtins.readFile ./pubs/openbsd-72-pkg.pub;
"signify/openbsd-72-syspatch.pub".text =
builtins.readFile ./pubs/openbsd-72-syspatch.pub;
"signify/openbsd-72-base.pub".text = builtins.readFile ./pubs/openbsd-72-base.pub;
"signify/openbsd-72-fw.pub".text = builtins.readFile ./pubs/openbsd-72-fw.pub;
"signify/openbsd-72-pkg.pub".text = builtins.readFile ./pubs/openbsd-72-pkg.pub;
"signify/openbsd-72-syspatch.pub".text = builtins.readFile ./pubs/openbsd-72-syspatch.pub;
"signify/openbsd-73-base.pub".text =
builtins.readFile ./pubs/openbsd-73-base.pub;
"signify/openbsd-73-fw.pub".text =
builtins.readFile ./pubs/openbsd-73-fw.pub;
"signify/openbsd-73-pkg.pub".text =
builtins.readFile ./pubs/openbsd-73-pkg.pub;
"signify/openbsd-73-syspatch.pub".text =
builtins.readFile ./pubs/openbsd-73-syspatch.pub;
"signify/openbsd-73-base.pub".text = builtins.readFile ./pubs/openbsd-73-base.pub;
"signify/openbsd-73-fw.pub".text = builtins.readFile ./pubs/openbsd-73-fw.pub;
"signify/openbsd-73-pkg.pub".text = builtins.readFile ./pubs/openbsd-73-pkg.pub;
"signify/openbsd-73-syspatch.pub".text = builtins.readFile ./pubs/openbsd-73-syspatch.pub;
"signify/openbsd-74-base.pub".text =
builtins.readFile ./pubs/openbsd-74-base.pub;
"signify/openbsd-74-fw.pub".text =
builtins.readFile ./pubs/openbsd-74-fw.pub;
"signify/openbsd-74-pkg.pub".text =
builtins.readFile ./pubs/openbsd-74-pkg.pub;
"signify/openbsd-74-syspatch.pub".text =
builtins.readFile ./pubs/openbsd-74-syspatch.pub;
"signify/openbsd-74-base.pub".text = builtins.readFile ./pubs/openbsd-74-base.pub;
"signify/openbsd-74-fw.pub".text = builtins.readFile ./pubs/openbsd-74-fw.pub;
"signify/openbsd-74-pkg.pub".text = builtins.readFile ./pubs/openbsd-74-pkg.pub;
"signify/openbsd-74-syspatch.pub".text = builtins.readFile ./pubs/openbsd-74-syspatch.pub;
};
}

View File

@ -1,13 +1,18 @@
{ writeShellApplication
, diffutils
, findutils
, coreutils
, ...
{
writeShellApplication,
diffutils,
findutils,
coreutils,
...
}:
let
genPatches = writeShellApplication {
name = "gen-patches";
runtimeInputs = [ diffutils findutils coreutils ];
runtimeInputs = [
diffutils
findutils
coreutils
];
text = ''
suffix=".orig"
srcdir=$PWD

View File

@ -1,7 +1,5 @@
{ pkgs
, icbirc
,
}: ''
{ pkgs, icbirc }:
''
#!${pkgs.yash}/bin/yash
${pkgs.procps}/bin/pkill icbirc

View File

@ -1,4 +1,5 @@
{ perl }: ''
{ perl }:
''
#!${perl}/bin/perl
use strict;

View File

@ -1,14 +1,8 @@
{ pkgs }:
let
oathPkg = pkgs.oath-toolkit or pkgs.oathToolkit;
wlclip =
if pkgs.system == "aarch64-darwin"
then ""
else "${pkgs.wl-clipboard}/bin/wl-copy";
xclip =
if pkgs.system == "aarch64-darwin"
then "pbcopy"
else "${pkgs.xclip}/bin/xclip";
wlclip = if pkgs.system == "aarch64-darwin" then "" else "${pkgs.wl-clipboard}/bin/wl-copy";
xclip = if pkgs.system == "aarch64-darwin" then "pbcopy" else "${pkgs.xclip}/bin/xclip";
in
''
#!${pkgs.yash}/bin/yash

View File

@ -1,7 +1,7 @@
{ tea
, gh
, hut
,
{
tea,
gh,
hut,
}:
let
teaBin = "${tea}/bin/tea";

View File

@ -1,7 +1,5 @@
{ curl
, gosignify
,
}: ''
{ curl, gosignify }:
''
#!/usr/bin/env sh
set -e

View File

@ -1,7 +1,5 @@
{ perl
, perlPackages
, ...
}: ''
{ perl, perlPackages, ... }:
''
#!${perl}/bin/perl
use strict;

View File

@ -25,6 +25,8 @@ in
"xdg/alacritty/alacritty.toml".text = builtins.readFile settingsFile;
};
};
fonts = { packages = with pkgs; [ go-font ]; };
fonts = {
packages = with pkgs; [ go-font ];
};
};
}

View File

@ -1,12 +1,14 @@
{ config
, lib
, pkgs
, ...
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.xinCA;
in
with lib; {
with lib;
{
options = {
services.xinCA = {
enable = mkEnableOption "Configure host as a xin certificate authority.";
@ -67,9 +69,13 @@ with lib; {
};
};
networking.hosts = { "127.0.0.1" = [ "ca.bolddaemon.com" ]; };
networking.hosts = {
"127.0.0.1" = [ "ca.bolddaemon.com" ];
};
environment.sessionVariables = { STEPPATH = "/var/lib/step-ca"; };
environment.sessionVariables = {
STEPPATH = "/var/lib/step-ca";
};
environment.systemPackages = with pkgs; [
step-cli
step-kms-plugin
@ -87,7 +93,9 @@ with lib; {
crt = config.sops.secrets."intermediate_ca.crt".path;
key = config.sops.secrets.intermediate_ca_key.path;
dnsNames = [ "ca.bolddaemon.com" ];
logger = { format = "text"; };
logger = {
format = "text";
};
db = {
type = "badgerv2";
dataSource = "/var/lib/step-ca/db";
@ -98,7 +106,9 @@ with lib; {
{
type = "SSHPOP";
name = "sshpop";
claims = { enableSSHCA = true; };
claims = {
enableSSHCA = true;
};
}
];
};

View File

@ -1,9 +1,10 @@
{ config
, lib
, pkgs
, inputs
, xinlib
, ...
{
config,
lib,
pkgs,
inputs,
xinlib,
...
}:
let
#inherit (xinlib) prIsOpen;
@ -24,7 +25,8 @@ let
}
];
in
with lib; {
with lib;
{
options = {
xinCI = {
enable = mkEnableOption "Configure host as a xin CI host.";
@ -43,7 +45,9 @@ with lib; {
config = mkIf config.xinCI.enable {
sops.defaultSopsFile = config.xin-secrets.ci;
sops.secrets = {
po_env = { owner = config.xinCI.user; };
po_env = {
owner = config.xinCI.user;
};
ci_ed25519_key = {
mode = "400";
owner = config.xinCI.user;
@ -98,7 +102,11 @@ with lib; {
nix = {
#settings.allowed-users = [ "root" config.xinCI.user "nix-serve" ];
settings.allowed-users = [ "root" config.xinCI.user "harmonia" ];
settings.allowed-users = [
"root"
config.xinCI.user
"harmonia"
];
};
systemd.services = lib.listToAttrs (builtins.map xinlib.jobToService jobs);
@ -111,10 +119,15 @@ with lib; {
harmonia = {
enable = true;
signKeyPath = config.sops.secrets.bin_cache_priv_key.path;
settings = { bind = "127.0.0.1:5000"; };
settings = {
bind = "127.0.0.1:5000";
};
};
};
boot.binfmt.emulatedSystems = [ "aarch64-linux" "armv6l-linux" ];
boot.binfmt.emulatedSystems = [
"aarch64-linux"
"armv6l-linux"
];
};
}

View File

@ -1,8 +1,6 @@
{ config
, lib
, ...
}:
with lib; {
{ config, lib, ... }:
with lib;
{
options = {
colemak = {
enable = mkOption {
@ -15,7 +13,9 @@ with lib; {
};
config = mkIf config.colemak.enable {
console = { keyMap = "colemak"; };
console = {
keyMap = "colemak";
};
services.xserver = {
layout = "us";
xkbVariant = "colemak";

View File

@ -1,4 +1,5 @@
{ ... }: {
{ ... }:
{
imports = [
./alacritty.nix
./ca.nix

View File

@ -1,8 +1,6 @@
{ config
, lib
, ...
}:
with lib; {
{ config, lib, ... }:
with lib;
{
options = {
preDNS = {
enable = mkOption {
@ -21,7 +19,12 @@ with lib; {
enable = true;
dnssec = "allow-downgrade";
# TODO: Enable a toggle for ipv6
fallbackDns = [ "9.9.9.9" "2620:fe::fe" "149.112.112.112" "2620:fe::9" ];
fallbackDns = [
"9.9.9.9"
"2620:fe::fe"
"149.112.112.112"
"2620:fe::9"
];
extraConfig = ''
[Resolve]
DNS=45.90.28.0#8436c6.dns.nextdns.io

View File

@ -1,16 +1,14 @@
{ config
, lib
, ...
}:
with lib; {
{ config, lib, ... }:
with lib;
{
options = {
doas = { enable = mkEnableOption "Enable doas for priv-escie"; };
doas = {
enable = mkEnableOption "Enable doas for priv-escie";
};
};
config = mkIf config.doas.enable {
nixpkgs.config.packageOverrides = pkgs: {
doas = pkgs.doas.override { withPAM = false; };
};
nixpkgs.config.packageOverrides = pkgs: { doas = pkgs.doas.override { withPAM = false; }; };
security = {
doas = {
enable = true;

View File

@ -1,11 +1,12 @@
{ runCommand
, emacsWithPackagesFromUsePackage
, pkgs
, makeWrapper
, writeTextDir
, emacs
, emacsPkg ? pkgs.emacs-gtk
, ...
{
runCommand,
emacsWithPackagesFromUsePackage,
pkgs,
makeWrapper,
writeTextDir,
emacs,
emacsPkg ? pkgs.emacs-gtk,
...
}:
let
# Generate a .el file from our emacs.org.
@ -46,13 +47,18 @@ emacsWithPackagesFromUsePackage {
alwaysEnsure = true;
alwaysTangle = true;
package = emacsPkg.overrideAttrs (oa: {
nativeBuildInputs = oa.nativeBuildInputs ++ [ makeWrapper emacsConfig ];
postInstall = ''
${oa.postInstall}
wrapProgram $out/bin/emacs \
--prefix PATH : ${pkgs.lib.makeBinPath emacsDepList} \
--add-flags '--init-directory ${emacsInitDir}'
'';
});
package = emacsPkg.overrideAttrs (
oa: {
nativeBuildInputs = oa.nativeBuildInputs ++ [
makeWrapper
emacsConfig
];
postInstall = ''
${oa.postInstall}
wrapProgram $out/bin/emacs \
--prefix PATH : ${pkgs.lib.makeBinPath emacsDepList} \
--add-flags '--init-directory ${emacsInitDir}'
'';
}
);
}

View File

@ -1,4 +1,5 @@
{ ... }: {
{ ... }:
{
programs = {
firefox = {
enable = true;
@ -107,17 +108,12 @@
"browser.aboutConfig.showWarning" = false;
"browser.contentblocking.category" = "strict";
"browser.newtabpage.activity-stream.feeds.recommendationprovider" =
false;
"browser.newtabpage.activity-stream.feeds.recommendationprovider" = false;
"browser.newtabpage.activity-stream.feeds.section.topstories" = false;
"browser.newtabpage.activity-stream.section.highlights.includeBookmarks" =
false;
"browser.newtabpage.activity-stream.section.highlights.includeDownloads" =
false;
"browser.newtabpage.activity-stream.section.highlights.includePocket" =
false;
"browser.newtabpage.activity-stream.section.highlights.includeVisited" =
false;
"browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false;
"browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false;
"browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
"browser.newtabpage.activity-stream.section.highlights.includeVisited" = false;
"browser.newtabpage.activity-stream.showSearch" = false;
"browser.newtabpage.activity-stream.showSponsored" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;

View File

@ -1,20 +1,27 @@
{ config, ... }:
let
rewriteGitHub =
if config.networking.hostName != "stan"
then {
url = { "ssh://git@github.com/" = { insteadOf = "https://github.com/"; }; };
}
else {
url = { };
};
if config.networking.hostName != "stan" then
{
url = {
"ssh://git@github.com/" = {
insteadOf = "https://github.com/";
};
};
}
else
{ url = { }; };
in
{
programs.git = {
enable = true;
lfs.enable = true;
config = [
{ init = { defaultBranch = "main"; }; }
{
init = {
defaultBranch = "main";
};
}
{ advice.detachedHead = false; }
{
user = {
@ -24,20 +31,35 @@ in
};
}
{ branch = { sort = "-committerdate"; }; }
{
branch = {
sort = "-committerdate";
};
}
{
alias = {
log = "log --color=never";
diff = "diff --color=always";
pr = ''"!f() { git fetch-pr upstream $1; git checkout pr/$1; }; f"'';
fetch-pr = ''
"!f() { git fetch $1 refs/pull/$2/head:refs/remotes/pr/$2; }; f"'';
fetch-pr = ''"!f() { git fetch $1 refs/pull/$2/head:refs/remotes/pr/$2; }; f"'';
};
}
{
push = {
default = "current";
};
}
{ push = { default = "current"; }; }
{ gpg = { format = "ssh"; }; }
{ commit = { gpgsign = true; }; }
{
gpg = {
format = "ssh";
};
}
{
commit = {
gpgsign = true;
};
}
{
color = {
@ -49,11 +71,27 @@ in
};
}
{ safe = { directory = "/home/qbit/src/nix-conf"; }; }
{
safe = {
directory = "/home/qbit/src/nix-conf";
};
}
{ transfer = { fsckobjects = true; }; }
{ fetch = { fsckobjects = true; }; }
{ github = { user = "qbit"; }; }
{
transfer = {
fsckobjects = true;
};
}
{
fetch = {
fsckobjects = true;
};
}
{
github = {
user = "qbit";
};
}
{ inherit (rewriteGitHub) url; }
@ -69,8 +107,16 @@ in
};
}
{ pull = { rebase = false; }; }
{ include = { path = "~/work/git/gitconfig"; }; }
{
pull = {
rebase = false;
};
}
{
include = {
path = "~/work/git/gitconfig";
};
}
];
};
}

View File

@ -1,5 +1,6 @@
{ lib, ... }:
with lib; {
with lib;
{
environment = {
memoryAllocator.provider = mkDefault "libc";
variables.SCUDO_OPTIONS = mkDefault "ZeroContents=1";

View File

@ -1,7 +1,4 @@
{ pkgs
, linkFarm
, ...
}:
{ pkgs, linkFarm, ... }:
let
tomlFmt = pkgs.formats.toml { };
helixBin = "${pkgs.helix}/bin/hx";
@ -15,7 +12,9 @@ let
normal = "block";
select = "underline";
};
lsp = { auto-signature-help = false; };
lsp = {
auto-signature-help = false;
};
};
};

View File

@ -1,8 +1,9 @@
{ config
, lib
, pkgs
, inputs
, ...
{
config,
lib,
pkgs,
inputs,
...
}:
let
microcaBin = "${pkgs.microca}/bin/microca";
@ -11,7 +12,8 @@ let
${microcaBin} -ca-key /run/secrets/ca_key -ca-cert /run/secrets/ca_cert $@
'';
in
with lib; {
with lib;
{
options = {
nixManager = {
enable = mkEnableOption "Configure host as nix-conf manager.";
@ -30,13 +32,27 @@ with lib; {
config = mkIf config.nixManager.enable {
sops.defaultSopsFile = config.xin-secrets.manager;
sops.secrets = {
xin_status_key = { owner = config.nixManager.user; };
xin_status_pubkey = { owner = config.nixManager.user; };
manager_key = { owner = config.nixManager.user; };
manager_pubkey = { owner = config.nixManager.user; };
ca_key = { owner = config.nixManager.user; };
ca_cert = { owner = config.nixManager.user; };
po_env = { owner = config.nixManager.user; };
xin_status_key = {
owner = config.nixManager.user;
};
xin_status_pubkey = {
owner = config.nixManager.user;
};
manager_key = {
owner = config.nixManager.user;
};
manager_pubkey = {
owner = config.nixManager.user;
};
ca_key = {
owner = config.nixManager.user;
};
ca_cert = {
owner = config.nixManager.user;
};
po_env = {
owner = config.nixManager.user;
};
};
environment.systemPackages = [

View File

@ -1,5 +1,9 @@
{ pkgs, ... }: {
environment.systemPackages = with pkgs; [ neomutt urlview ];
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
neomutt
urlview
];
environment.etc."neomuttrc" = {
text = ''
ignore *

View File

@ -26,7 +26,11 @@ let
sha256 = "sha256-VIc5qgzqJjSv2A0v8tM25pWh+smX9DYXVsyFNTGMPbQ=";
fetchSubmodules = true;
};
dependencies = with vimPlugins; [ nvim-cmp tabular plenary-nvim ];
dependencies = with vimPlugins; [
nvim-cmp
tabular
plenary-nvim
];
};
baseVimPackages = with vimPlugins; [
@ -96,7 +100,9 @@ in
enable = true;
defaultEditor = true;
configure = {
packages.myVimPackage = { start = myVimPackages; };
packages.myVimPackage = {
start = myVimPackages;
};
customRC = ''
" Restore cursor position
autocmd BufReadPost *

View File

@ -1,9 +1,11 @@
{ config
, lib
, pkgs
, ...
{
config,
lib,
pkgs,
...
}:
with lib; {
with lib;
{
options = {
zerotier = {
enable = mkOption {
@ -31,7 +33,11 @@ with lib; {
config = mkMerge [
(mkIf config.tailscale.enable {
services = { tailscale = { enable = mkDefault true; }; };
services = {
tailscale = {
enable = mkDefault true;
};
};
systemd.services.tailscaled.serviceConfig.Environment = [ "TS_NO_LOGS_NO_SUPPORT=true" ];
networking.firewall.checkReversePath = mkDefault "loose";
})

View File

@ -15,7 +15,10 @@
settings = {
sandbox = true;
trusted-users = [ "@wheel" ];
allowed-users = [ "root" "qbit" ];
allowed-users = [
"root"
"qbit"
];
};
};
}

View File

@ -1,9 +1,11 @@
{ config
, lib
, pkgs
, ...
{
config,
lib,
pkgs,
...
}:
with lib; {
with lib;
{
options = {
tsPeerix = {
enable = mkOption {
@ -27,7 +29,9 @@ with lib; {
};
config = mkIf config.tsPeerix.enable {
users.groups.peerix = { name = "peerix"; };
users.groups.peerix = {
name = "peerix";
};
users.users.peerix = {
name = "peerix";
group = "peerix";
@ -54,14 +58,18 @@ with lib; {
environment.systemPackages = [ pkgs.zerotierone ];
networking.firewall.interfaces = listToAttrs (flatten (map
(i: {
name = i;
value = {
allowedUDPPorts = [ 12304 ];
allowedTCPPorts = [ 12304 ];
};
})
config.tsPeerix.interfaces));
networking.firewall.interfaces = listToAttrs (
flatten (
map
(i: {
name = i;
value = {
allowedUDPPorts = [ 12304 ];
allowedTCPPorts = [ 12304 ];
};
})
config.tsPeerix.interfaces
)
);
};
}

View File

@ -120,6 +120,8 @@ in
"xdg/polybar/config.ini".text = builtins.readFile settingsFile;
};
};
fonts = { packages = [ pkgs.go-font ]; };
fonts = {
packages = [ pkgs.go-font ];
};
};
}

View File

@ -7,83 +7,87 @@ in
programs.zsh.promptInit = ''
alias tstart='smug -f /etc/smug/main.yml start';
alias cistart='smug -f /etc/smug/ci.yml start';
alias nomad='smug -f /etc/smug/nomad.yml start';
'';
environment = {
systemPackages = with pkgs; [
smug
];
etc."smug/ci.yml".text = builtins.readFile (tmuxFormat.generate "ci.yml" {
session = "CI";
root = "~/";
windows = [
{
name = "CI Status";
layout = "even-vertical";
commands = [
"journalctl -xef -u xin-ci-update.service"
];
panes = [
{
type = "even-vertical";
commands = [ "journalctl -xef -u xin-ci.service" ];
}
];
}
{
name = "btop";
commands = [
"btop"
];
}
];
});
etc."smug/main.yml".text = builtins.readFile (tmuxFormat.generate "main.yml" {
session = "Main";
root = "~/";
before_start = [
"ssh-add"
];
windows = [
{
name = "Status";
commands = [
"while true; do ssh -4 anonicb@slackers.openbsd.org; sleep 300; done"
];
panes = [
{
commands = [ "mosh pwntie 'smug -f /etc/smug/ci.yml start'" ];
}
];
}
{
name = "Barrier";
commands = [
"barriers -a 127.0.0.1 -f --disable-crypto"
];
panes = [
{
commands = [ "ssh stan" ];
}
];
}
{
name = "Xin";
root = "src/xin";
}
{
name = "Lab";
root = "src/biltong";
}
{
name = "NixPkgs";
root = "src/nixpkgs";
}
{
name = "NomadNet";
root = "reticulum";
}
];
});
systemPackages = with pkgs; [ smug ];
etc."smug/nomad.yml".text = builtins.readFile (
tmuxFormat.generate "nomad.yml" {
session = "nomad";
root = "~/";
windows = [
{
name = "rnsd";
layout = "even-vertical";
root = "~/reticulum";
commands = [ "./bin/rnsd" ];
}
{
name = "NomadNet";
root = "~/reticulum";
commands = [ "./bin/nomadnet" ];
}
];
}
);
etc."smug/ci.yml".text = builtins.readFile (
tmuxFormat.generate "ci.yml" {
session = "CI";
root = "~/";
windows = [
{
name = "CI Status";
layout = "even-vertical";
commands = [ "journalctl -xef -u xin-ci-update.service" ];
panes = [
{
type = "even-vertical";
commands = [ "journalctl -xef -u xin-ci.service" ];
}
];
}
{
name = "btop";
commands = [ "btop" ];
}
];
}
);
etc."smug/main.yml".text = builtins.readFile (
tmuxFormat.generate "main.yml" {
session = "Main";
root = "~/";
before_start = [ "ssh-add" ];
windows = [
{
name = "Status";
commands = [ "while true; do ssh -4 anonicb@slackers.openbsd.org; sleep 300; done" ];
panes = [ { commands = [ "mosh pwntie 'smug -f /etc/smug/ci.yml start'" ]; } ];
}
{
name = "Barrier";
commands = [ "barriers -a 127.0.0.1 -f --disable-crypto" ];
panes = [ { commands = [ "ssh stan" ]; } ];
}
{
name = "Xin";
root = "src/xin";
}
{
name = "Lab";
root = "src/biltong";
}
{
name = "NixPkgs";
root = "src/nixpkgs";
}
{
name = "NomadNet";
root = "reticulum";
}
];
}
);
};
};
}

View File

@ -1,9 +1,10 @@
{ config
, pkgs
, lib
, inputs
, xinlib
, ...
{
config,
pkgs,
lib,
inputs,
xinlib,
...
}:
let
tailnetACLs =
@ -44,8 +45,16 @@ let
}
{
action = "accept";
src = [ "tag:minservice" "tag:sshonly" ];
dst = [ "*:22" "box:3030" "nbc:443" "console:2222" ];
src = [
"tag:minservice"
"tag:sshonly"
];
dst = [
"*:22"
"box:3030"
"nbc:443"
"console:2222"
];
}
{
action = "accept";
@ -90,7 +99,8 @@ let
];
enabled = config.nixManager.enable;
in
with lib; {
with lib;
{
sops.secrets = mkIf enabled {
tailnet_acl_manager = {
owner = config.nixManager.user;

View File

@ -1,4 +1,5 @@
{ ... }: {
{ ... }:
{
programs.tmux = {
enable = true;
extraConfig = ''

View File

@ -1,8 +1,6 @@
{ config
, lib
, ...
}:
with lib; {
{ config, lib, ... }:
with lib;
{
options = {
autoUpdate = {
enable = mkOption {

View File

@ -1,4 +1,5 @@
{ ... }: {
{ ... }:
{
config = {
programs.zsh.interactiveShellInit = ''
export NO_COLOR=1

View File

@ -1,16 +1,20 @@
{ config
, lib
, ...
}:
with lib; {
{ config, lib, ... }:
with lib;
{
options = {
buildConsumer = { enable = mkEnableOption "Use remote build machines"; };
buildConsumer = {
enable = mkEnableOption "Use remote build machines";
};
};
config = mkIf config.buildConsumer.enable {
programs.ssh.knownHosts = {
pcake = {
hostNames = [ "pcake" "pcake.tapenet.org" "10.6.0.202" ];
hostNames = [
"pcake"
"pcake.tapenet.org"
"10.6.0.202"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHgqVw3QWNG6Ty5o2HwW+25Eh59W3lZ30+wMqTEkUZVH";
};
};
@ -24,10 +28,18 @@ with lib; {
buildMachines = [
{
hostName = "pcake";
systems = [ "x86_64-linux" "aarch64-linux" ];
systems = [
"x86_64-linux"
"aarch64-linux"
];
maxJobs = 2;
speedFactor = 4;
supportedFeatures = [ "kvm" "big-parallel" "nixos-test" "benchmark" ];
supportedFeatures = [
"kvm"
"big-parallel"
"nixos-test"
"benchmark"
];
mandatoryFeatures = [ ];
}
];

View File

@ -1,8 +1,6 @@
{ config
, lib
, ...
}:
with lib; {
{ config, lib, ... }:
with lib;
{
options = {
buildServer = {
enable = mkEnableOption "Server will be used as part of the build infra";

View File

@ -1 +1,7 @@
{ ... }: { imports = [ ./build-consumer.nix ./build-server.nix ]; }
{ ... }:
{
imports = [
./build-consumer.nix
./build-server.nix
];
}

View File

@ -1,10 +1,11 @@
{ config
, lib
, options
, pkgs
, xinlib
, isUnstable
, ...
{
config,
lib,
options,
pkgs,
xinlib,
isUnstable,
...
}:
let
inherit (xinlib) todo;
@ -35,14 +36,16 @@ in
./bins
];
disabledModules = [
"services/web-apps/gotosocial.nix"
];
disabledModules = [ "services/web-apps/gotosocial.nix" ];
options.myconf = {
managementPubKeys = lib.mkOption rec {
type = lib.types.listOf lib.types.str;
default = [ managementKey statusKey breakGlassKey ];
default = [
managementKey
statusKey
breakGlassKey
];
example = default;
description = "List of management public keys to use";
};
@ -127,7 +130,9 @@ in
'';
boot = {
loader = { systemd-boot.configurationLimit = 15; };
loader = {
systemd-boot.configurationLimit = 15;
};
kernelPackages = lib.mkDefault pkgs.linuxPackages_hardened;
kernel.sysctl = {
"net.ipv4.tcp_keepalive_time" = 60;
@ -138,23 +143,27 @@ in
nix = {
settings =
if config.xinCI.enable
then { }
else {
substituters = lib.mkForce [
"https://cache.nixos.org"
"https://nix-binary-cache.otter-alligator.ts.net/"
];
trusted-public-keys = [
"nix-binary-cache.otter-alligator.ts.net:XzgdqR79WNOzcvSHlgh4FDeFNUYR8U2m9dZGI7whuco="
"nix-binary-cache.humpback-trout.ts.net:e9fJhcRtNVp6miW2pffFyK/gZ2et4y6IDigBNrEsAa0="
];
};
if config.xinCI.enable then
{ }
else
{
substituters = lib.mkForce [
"https://cache.nixos.org"
"https://nix-binary-cache.otter-alligator.ts.net/"
];
trusted-public-keys = [
"nix-binary-cache.otter-alligator.ts.net:XzgdqR79WNOzcvSHlgh4FDeFNUYR8U2m9dZGI7whuco="
"nix-binary-cache.humpback-trout.ts.net:e9fJhcRtNVp6miW2pffFyK/gZ2et4y6IDigBNrEsAa0="
];
};
};
environment = {
etc."ssh/ca.pub" = { text = caPubKeys; };
systemPackages = with pkgs;
etc."ssh/ca.pub" = {
text = caPubKeys;
};
systemPackages =
with pkgs;
[
age
apg
@ -179,11 +188,7 @@ in
taskwarrior
tmux
]
++ (
if isUnstable
then [ nil ]
else [ ]
);
++ (if isUnstable then [ nil ] else [ ]);
interactiveShellInit = ''
alias vi=nvim
@ -221,8 +226,7 @@ in
};
};
services.logrotate.checkConfig =
todo "logrotate.checkConfig disabled: https://github.com/NixOS/nix/issues/8502" false;
services.logrotate.checkConfig = todo "logrotate.checkConfig disabled: https://github.com/NixOS/nix/issues/8502" false;
services = {
openssh = {
@ -233,7 +237,10 @@ in
settings = {
PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;
KexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
KexAlgorithms = [
"curve25519-sha256"
"curve25519-sha256@libssh.org"
];
Macs = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"

184
flake.nix
View File

@ -104,41 +104,46 @@
};
outputs =
{ self
, darwin
, gostart
, peerix
, po
, pots
, pr-status
, stable
, tsRevProx
, traygent
, tsvnstat
, unstable
, unstableSmall
, xin-secrets
, xintray
, simple-nixos-mailserver
, nixos-hardware
, beyt
, ...
} @ inputs:
{
self,
darwin,
gostart,
peerix,
po,
pots,
pr-status,
stable,
tsRevProx,
traygent,
tsvnstat,
unstable,
unstableSmall,
xin-secrets,
xintray,
simple-nixos-mailserver,
nixos-hardware,
beyt,
...
}@inputs:
let
xinlib = import ./lib { inherit (unstable) lib; };
supportedSystems = [ "x86_64-linux" ];
#[ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
forAllSystems = unstable.lib.genAttrs supportedSystems;
unstablePkgsFor = forAllSystems (system:
unstablePkgsFor = forAllSystems (
system:
import unstable {
inherit system;
#imports = [ ./overlays ];
});
stablePkgsFor = forAllSystems (system:
}
);
stablePkgsFor = forAllSystems (
system:
import stable {
inherit system;
#imports = [ ./overlays ];
});
}
);
hostBase = {
modules = [
# Common config stuffs
@ -162,7 +167,8 @@
inputs.tsRevProx.overlay
];
buildSys = sys: sysBase: extraMods: name:
buildSys =
sys: sysBase: extraMods: name:
sysBase.lib.nixosSystem {
system = sys;
specialArgs = {
@ -184,8 +190,11 @@
};
}
]
++ [ (xinlib.buildVer self) (./. + "/hosts/${name}") ]
++ [{ nixpkgs.overlays = overlays; }];
++ [
(xinlib.buildVer self)
(./. + "/hosts/${name}")
]
++ [ { nixpkgs.overlays = overlays; } ];
};
lpkgs = unstable.legacyPackages.x86_64-linux;
darwinPkgs = unstableSmall.legacyPackages.aarch64-darwin;
@ -194,7 +203,9 @@
darwinConfigurations = {
plq = darwin.lib.darwinSystem {
system = "aarch64-darwin";
specialArgs = { inherit xinlib; };
specialArgs = {
inherit xinlib;
};
modules = [
xin-secrets.nixosModules.sops
./overlays
@ -223,34 +234,37 @@
stableList.nixpkgs.overlays ++ unstableList.nixpkgs.overlays;
};
formatter.x86_64-linux = stable.legacyPackages.x86_64-linux.nixpkgs-fmt;
formatter.aarch64-darwin = stable.legacyPackages.aarch64-darwin.nixpkgs-fmt;
formatter.x86_64-linux = unstable.legacyPackages.x86_64-linux.nixfmt-rfc-style;
formatter.aarch64-darwin = unstable.legacyPackages.aarch64-darwin.nixfmt-rfc-style;
devShells.x86_64-linux.default = xinlib.buildShell lpkgs;
devShells.aarch64-darwin.default = xinlib.buildShell darwinPkgs;
nixosConfigurations = {
europa = buildSys "x86_64-linux" unstable [
nixos-hardware.nixosModules.framework-11th-gen-intel
] "europa";
europa =
buildSys "x86_64-linux" unstable [ nixos-hardware.nixosModules.framework-11th-gen-intel ]
"europa";
clunk = buildSys "x86_64-linux" unstable [ ] "clunk";
orcim = buildSys "x86_64-linux" unstable [ ] "orcim";
pwntie = buildSys "x86_64-linux" stable [ ] "pwntie";
stan = buildSys "x86_64-linux" unstable [
nixos-hardware.nixosModules.framework-11th-gen-intel
] "stan";
stan =
buildSys "x86_64-linux" unstable [ nixos-hardware.nixosModules.framework-11th-gen-intel ]
"stan";
weather = buildSys "aarch64-linux" stable [ ] "weather";
octo = buildSys "aarch64-linux" stable [ ] "octo";
faf = buildSys "x86_64-linux" stable [ ./configs/hardened.nix ] "faf";
box = buildSys "x86_64-linux" unstable [ ./configs/hardened.nix ] "box";
h = buildSys "x86_64-linux" stable [
./configs/hardened.nix
gostart.nixosModule
pots.nixosModule
pr-status.nixosModule
simple-nixos-mailserver.nixosModule
] "h";
h =
buildSys "x86_64-linux" stable
[
./configs/hardened.nix
gostart.nixosModule
pots.nixosModule
pr-status.nixosModule
simple-nixos-mailserver.nixosModule
]
"h";
#router =
# buildSys "x86_64-linux" stable [ ./configs/hardened.nix ] "router";
@ -294,14 +308,14 @@
};
};
packages = forAllSystems (system:
packages = forAllSystems (
system:
let
upkgs = unstablePkgsFor.${system};
spkgs = stablePkgsFor.${system};
in
{
ada_language_server =
spkgs.callPackage ./pkgs/ada_language_server.nix { inherit spkgs; };
ada_language_server = spkgs.callPackage ./pkgs/ada_language_server.nix { inherit spkgs; };
alire = spkgs.callPackage ./pkgs/alire.nix { inherit spkgs; };
bearclaw = spkgs.callPackage ./pkgs/bearclaw.nix { inherit spkgs; };
rtlamr = spkgs.callPackage ./pkgs/rtlamr.nix { inherit spkgs; };
@ -309,9 +323,7 @@
inherit spkgs;
isUnstable = true;
};
himitsu = upkgs.callPackage ./pkgs/himitsu.nix {
inherit upkgs;
};
himitsu = upkgs.callPackage ./pkgs/himitsu.nix { inherit upkgs; };
icbirc = spkgs.callPackage ./pkgs/icbirc.nix {
inherit spkgs;
isUnstable = true;
@ -319,52 +331,32 @@
femtolisp = upkgs.callPackage ./pkgs/femtolisp.nix { };
ttfs = upkgs.callPackage ./pkgs/ttfs.nix { };
fyne = upkgs.callPackage ./pkgs/fyne.nix { inherit upkgs; };
flake-warn =
spkgs.callPackage ./pkgs/flake-warn.nix { inherit spkgs; };
flake-warn = spkgs.callPackage ./pkgs/flake-warn.nix { inherit spkgs; };
#kurinto = spkgs.callPackage ./pkgs/kurinto.nix {};
mcchunkie = spkgs.callPackage ./pkgs/mcchunkie.nix { inherit spkgs; };
yaegi = spkgs.callPackage ./pkgs/yaegi.nix { inherit spkgs; };
gen-patches =
spkgs.callPackage ./bins/gen-patches.nix { inherit spkgs; };
gen-patches = spkgs.callPackage ./bins/gen-patches.nix { inherit spkgs; };
yarr = spkgs.callPackage ./pkgs/yarr.nix {
inherit spkgs;
isUnstable = true;
};
precursorupdater = spkgs.python3Packages.callPackage ./pkgs/precursorupdater.nix {
inherit spkgs;
};
rtlamr2mqtt = spkgs.python3Packages.callPackage ./pkgs/rtlamr2mqtt.nix {
inherit spkgs;
};
kobuddy = upkgs.python3Packages.callPackage ./pkgs/kobuddy.nix {
inherit upkgs;
};
precursorupdater = spkgs.python3Packages.callPackage ./pkgs/precursorupdater.nix { inherit spkgs; };
rtlamr2mqtt = spkgs.python3Packages.callPackage ./pkgs/rtlamr2mqtt.nix { inherit spkgs; };
kobuddy = upkgs.python3Packages.callPackage ./pkgs/kobuddy.nix { inherit upkgs; };
bandcamp-downloader = upkgs.python3Packages.callPackage ./pkgs/bandcamp-downloader.nix {
inherit upkgs;
};
ghexport = upkgs.python3Packages.callPackage ./pkgs/ghexport.nix {
inherit upkgs;
};
hpi =
upkgs.python3Packages.callPackage ./pkgs/hpi.nix { inherit upkgs; };
openevse =
upkgs.python3Packages.callPackage ./pkgs/openevse.nix { inherit upkgs; };
promnesia = upkgs.python3Packages.callPackage ./pkgs/promnesia.nix {
inherit upkgs;
};
sliding-sync =
spkgs.callPackage ./pkgs/sliding-sync.nix { inherit spkgs; };
ghexport = upkgs.python3Packages.callPackage ./pkgs/ghexport.nix { inherit upkgs; };
hpi = upkgs.python3Packages.callPackage ./pkgs/hpi.nix { inherit upkgs; };
openevse = upkgs.python3Packages.callPackage ./pkgs/openevse.nix { inherit upkgs; };
promnesia = upkgs.python3Packages.callPackage ./pkgs/promnesia.nix { inherit upkgs; };
sliding-sync = spkgs.callPackage ./pkgs/sliding-sync.nix { inherit spkgs; };
golink = spkgs.callPackage ./pkgs/golink.nix { inherit spkgs; };
gokrazy = upkgs.callPackage ./pkgs/gokrazy.nix { inherit upkgs; };
gosignify = spkgs.callPackage ./pkgs/gosignify.nix { inherit spkgs; };
gotosocial =
spkgs.callPackage ./pkgs/gotosocial.nix { inherit spkgs; };
zutty = upkgs.callPackage ./pkgs/zutty.nix {
inherit upkgs;
};
mvoice = upkgs.callPackage ./pkgs/mvoice.nix {
inherit upkgs;
};
gotosocial = spkgs.callPackage ./pkgs/gotosocial.nix { inherit spkgs; };
zutty = upkgs.callPackage ./pkgs/zutty.nix { inherit upkgs; };
mvoice = upkgs.callPackage ./pkgs/mvoice.nix { inherit upkgs; };
inherit (xintray.packages.${system}) xintray;
inherit (beyt.packages.${system}) beyt;
inherit (tsvnstat.packages.${system}) tsvnstat;
@ -374,7 +366,8 @@
inherit (traygent.packages.${system}) traygent;
inherit (spkgs) matrix-synapse;
});
}
);
templates = {
"ada" = {
@ -405,15 +398,24 @@
checks =
let
buildList = [ "europa" "stan" "h" "box" "faf" "weather" "clunk" "orcim" ];
buildList = [
"europa"
"stan"
"h"
"box"
"faf"
"weather"
"clunk"
"orcim"
];
in
with unstable.lib;
foldl' recursiveUpdate { } (mapAttrsToList
(name: system: {
"${system.pkgs.stdenv.hostPlatform.system}"."${name}" =
system.config.system.build.toplevel;
})
(filterAttrs (n: _: (builtins.elem n buildList))
self.nixosConfigurations));
foldl' recursiveUpdate { } (
mapAttrsToList
(name: system: {
"${system.pkgs.stdenv.hostPlatform.system}"."${name}" = system.config.system.build.toplevel;
})
(filterAttrs (n: _: (builtins.elem n buildList)) self.nixosConfigurations)
);
};
}

View File

@ -1,10 +1,11 @@
{ config
, lib
, pkgs
, xinlib
, isUnstable
, inputs
, ...
{
config,
lib,
pkgs,
xinlib,
isUnstable,
inputs,
...
}:
let
inherit (builtins) toJSON;
@ -13,11 +14,8 @@ let
firefox = import ../configs/firefox.nix { inherit pkgs; };
myEmacs = pkgs.callPackage ../configs/emacs.nix { };
rage = pkgs.writeScriptBin "rage" (import ../bins/rage.nix { inherit pkgs; });
rpr =
pkgs.writeScriptBin "rpr"
(import ../bins/rpr.nix { inherit (pkgs) hut gh tea; });
promnesia =
pkgs.python3Packages.callPackage ../pkgs/promnesia.nix { inherit pkgs; };
rpr = pkgs.writeScriptBin "rpr" (import ../bins/rpr.nix { inherit (pkgs) hut gh tea; });
promnesia = pkgs.python3Packages.callPackage ../pkgs/promnesia.nix { inherit pkgs; };
hpi = pkgs.python3Packages.callPackage ../pkgs/hpi.nix { inherit pkgs; };
promnesiaService = {
promnesia = {
@ -35,7 +33,10 @@ let
name = "promnesia-index";
script = "${promnesia}/bin/promnesia index";
startAt = "*:0/5";
path = [ promnesia hpi ];
path = [
promnesia
hpi
];
}
];
fontSet = with pkgs; [
@ -51,18 +52,35 @@ let
}
{
command_path = "${pkgs.kdialog}/bin/kdialog";
command_args = [ "--title" "traygent" "--passivepopup" "SSH Key Added" "5" ];
command_args = [
"--title"
"traygent"
"--passivepopup"
"SSH Key Added"
"5"
];
event = "added";
}
{
command_path = "${pkgs.kdialog}/bin/kdialog";
command_args = [ "--title" "traygent" "--passivepopup" "SSH Key Removed" "5" ];
command_args = [
"--title"
"traygent"
"--passivepopup"
"SSH Key Removed"
"5"
];
event = "removed";
}
];
in
with lib; {
imports = [ ./gnome.nix ./kde.nix ./xfce.nix ];
with lib;
{
imports = [
./gnome.nix
./kde.nix
./xfce.nix
];
options = {
pulse = {
@ -98,43 +116,48 @@ with lib; {
documentation.enable = true;
# TODO: TEMP FIX
systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart =
lib.mkForce [ "" "${pkgs.networkmanager}/bin/nm-online -q" ];
systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart = lib.mkForce [
""
"${pkgs.networkmanager}/bin/nm-online -q"
];
fonts = if isUnstable then { packages = fontSet; } else { fonts = fontSet; };
sound.enable = true;
environment = {
etc."traygent.json" = { text = traygentCmds; };
etc."traygent.json" = {
text = traygentCmds;
};
sessionVariables = {
SSH_AUTH_SOCK = "$HOME/.traygent";
};
systemPackages = with pkgs; (xinlib.filterList [
alacritty
bc
beyt
black
drawterm
exiftool
go-font
govulncheck
hpi
pcsctools
plan9port
promnesia
rage
rpr
traygent
vlc
zeal
systemPackages =
with pkgs;
(xinlib.filterList [
alacritty
bc
beyt
black
drawterm
exiftool
go-font
govulncheck
hpi
pcsctools
plan9port
promnesia
rage
rpr
traygent
vlc
zeal
(callPackage ../configs/helix.nix { })
]);
(callPackage ../configs/helix.nix { })
]);
};
programs = { } // firefox.programs;
systemd.user.services =
(lib.listToAttrs (builtins.map xinlib.jobToUserService jobs))
// promnesiaService;
(lib.listToAttrs (builtins.map xinlib.jobToUserService jobs)) // promnesiaService;
security.rtkit.enable = true;
})
(mkIf config.pipewire.enable {

View File

@ -1,9 +1,11 @@
{ config
, lib
, ...
}:
with lib; {
options = { gnome = { enable = mkEnableOption "Enable GNOME desktop."; }; };
{ config, lib, ... }:
with lib;
{
options = {
gnome = {
enable = mkEnableOption "Enable GNOME desktop.";
};
};
config = mkIf config.gnome.enable {
services.xserver.displayManager.gdm.enable = true;

View File

@ -1,13 +1,18 @@
{ config
, lib
, pkgs
, ...
{
config,
lib,
pkgs,
...
}:
let
inherit (pkgs.libsForQt5) callPackage;
in
{
options = { kde = { enable = lib.mkEnableOption "Enable KDE desktop."; }; };
options = {
kde = {
enable = lib.mkEnableOption "Enable KDE desktop.";
};
};
config = lib.mkIf config.kde.enable {
services.xserver.displayManager.sddm.enable = true;

View File

@ -1,10 +1,16 @@
{ config
, lib
, pkgs
, ...
{
config,
lib,
pkgs,
...
}:
with lib; {
options = { xfce = { enable = mkEnableOption "Enable XFCE desktop."; }; };
with lib;
{
options = {
xfce = {
enable = mkEnableOption "Enable XFCE desktop.";
};
};
config = mkIf config.xfce.enable {
security.pam.services = {
@ -22,6 +28,8 @@ with lib; {
];
services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.xfce = { enable = true; };
services.xserver.desktopManager.xfce = {
enable = true;
};
};
}

View File

@ -1,8 +1,9 @@
{ config
, lib
, pkgs
, xinlib
, ...
{
config,
lib,
pkgs,
xinlib,
...
}:
let
inherit (xinlib) todo;
@ -38,7 +39,9 @@ let
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
];
userBase = { openssh.authorizedKeys.keys = pubKeys; };
userBase = {
openssh.authorizedKeys.keys = pubKeys;
};
mkNginxSecret = {
sopsFile = config.xin-secrets.box.certs;
owner = config.users.users.nginx.name;
@ -66,8 +69,12 @@ in
owner = config.users.users.gitea.name;
sopsFile = config.xin-secrets.box.services;
};
"bitwarden_rs.env" = { sopsFile = config.xin-secrets.box.services; };
"wireguard_private_key" = { sopsFile = config.xin-secrets.box.services; };
"bitwarden_rs.env" = {
sopsFile = config.xin-secrets.box.services;
};
"wireguard_private_key" = {
sopsFile = config.xin-secrets.box.services;
};
"restic_htpasswd" = {
owner = config.users.users.restic.name;
sopsFile = config.xin-secrets.box.services;
@ -132,10 +139,16 @@ in
"10.6.0.15" = [ "jelly.bold.daemon" ];
"100.74.8.55" = [ "nix-binary-cache.otter-alligator.ts.net" ];
};
interfaces.enp7s0 = { useDHCP = true; };
interfaces.enp7s0 = {
useDHCP = true;
};
firewall = {
interfaces = { "tailscale0" = { allowedTCPPorts = [ 3030 ]; }; };
interfaces = {
"tailscale0" = {
allowedTCPPorts = [ 3030 ];
};
};
interfaces = {
"wg0" = {
allowedTCPPorts = [
@ -145,19 +158,17 @@ in
];
};
};
allowedTCPPorts =
config.services.openssh.ports
++ [
80
443
config.services.gitea.settings.server.SSH_PORT
21063 #homekit
21064 #homekit
1883 # mosquitto
8484 # restic-rest server
];
allowedTCPPorts = config.services.openssh.ports ++ [
80
443
config.services.gitea.settings.server.SSH_PORT
21063 # homekit
21064 # homekit
1883 # mosquitto
8484 # restic-rest server
];
allowedUDPPorts = [
5353 #homekit
5353 # homekit
];
allowedUDPPortRanges = [
{
@ -191,9 +202,7 @@ in
nixpkgs = {
config = {
allowUnfree = true;
permittedInsecurePackages = todo "figure out what is using openssl-1.1.1w" [
"openssl-1.1.1w"
];
permittedInsecurePackages = todo "figure out what is using openssl-1.1.1w" [ "openssl-1.1.1w" ];
};
#overlays = [
# (_: _: {
@ -227,7 +236,17 @@ in
groups = {
media = {
name = "media";
members = [ "qbit" "sonarr" "radarr" "lidarr" "nzbget" "jellyfin" "headphones" "rtorrent" "readarr" ];
members = [
"qbit"
"sonarr"
"radarr"
"lidarr"
"nzbget"
"jellyfin"
"headphones"
"rtorrent"
"readarr"
];
};
photos = {
@ -290,8 +309,8 @@ in
};
home-assistant = {
enable = true;
extraPackages = python3Packages:
with python3Packages; [
extraPackages =
python3Packages: with python3Packages; [
pyipp
pymetno
ical
@ -326,8 +345,7 @@ in
"zeroconf"
];
config = {
sensor = [
];
sensor = [ ];
mqtt.sensor = [
{
name = "Greenhouse Temperature";
@ -348,8 +366,7 @@ in
#"homeassistant.components.aprs" = "debug";
};
};
"automation manual" = [
];
"automation manual" = [ ];
"automation ui" = "!include automations.yaml";
rest = [
{
@ -381,8 +398,7 @@ in
};
}
];
device_tracker = [
];
device_tracker = [ ];
default_config = { };
http = {
use_x_forwarded_for = true;
@ -482,7 +498,9 @@ in
in
[ "@daily root ${tsCertsScript}/bin/ts-certs.sh" ];
};
openssh = { settings.X11Forwarding = true; };
openssh = {
settings.X11Forwarding = true;
};
tor.enable = true;
@ -508,7 +526,9 @@ in
nzbget = {
enable = true;
group = "media";
settings = { MainDir = "/media/downloads"; };
settings = {
MainDir = "/media/downloads";
};
};
fwupd.enable = true;
@ -539,7 +559,9 @@ in
calibre-web = {
enable = true;
group = "media";
options = { enableBookUploading = true; };
options = {
enableBookUploading = true;
};
listen.port = 8909;
listen.ip = "127.0.0.1";
};
@ -570,10 +592,7 @@ in
name = "Loki";
type = "loki";
access = "proxy";
url = "http://127.0.0.1:${
toString
config.services.loki.configuration.server.http_listen_port
}";
url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}";
}
];
};
@ -591,7 +610,9 @@ in
lifecycler = {
address = "127.0.0.1";
ring = {
kvstore = { store = "inmemory"; };
kvstore = {
store = "inmemory";
};
replication_factor = 1;
};
};
@ -625,7 +646,9 @@ in
shared_store = "filesystem";
};
filesystem = { directory = "/var/lib/loki/chunks"; };
filesystem = {
directory = "/var/lib/loki/chunks";
};
};
limits_config = {
@ -633,7 +656,9 @@ in
reject_old_samples_max_age = "168h";
};
chunk_store_config = { max_look_back_period = "0s"; };
chunk_store_config = {
max_look_back_period = "0s";
};
table_manager = {
retention_deletes_enabled = false;
@ -643,7 +668,11 @@ in
compactor = {
working_directory = "/var/lib/loki";
shared_store = "filesystem";
compactor_ring = { kvstore = { store = "inmemory"; }; };
compactor_ring = {
kvstore = {
store = "inmemory";
};
};
};
};
};
@ -655,13 +684,12 @@ in
http_listen_port = 3031;
grpc_listen_port = 0;
};
positions = { filename = "/tmp/positions.yaml"; };
positions = {
filename = "/tmp/positions.yaml";
};
clients = [
{
url = "http://127.0.0.1:${
toString
config.services.loki.configuration.server.http_listen_port
}/loki/api/v1/push";
url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
}
];
scrape_configs = [
@ -696,7 +724,9 @@ in
port = 9002;
};
nginx = { enable = true; };
nginx = {
enable = true;
};
rtl_433 = {
enable = true;
@ -720,53 +750,35 @@ in
{
job_name = "rtl_433";
static_configs = [
{
targets = [
"127.0.0.1:${
toString config.services.prometheus.exporters.rtl_433.port
}"
];
}
{ targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.rtl_433.port}" ]; }
];
}
{
job_name = "box";
static_configs = [
{
targets = [
"127.0.0.1:${
toString config.services.prometheus.exporters.node.port
}"
];
}
{ targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ]; }
];
}
{
job_name = "faf";
static_configs = [{ targets = [ "10.6.0.245:9002" ]; }];
static_configs = [ { targets = [ "10.6.0.245:9002" ]; } ];
}
{
job_name = "h";
static_configs = [{ targets = [ "100.83.77.133:9002" ]; }];
static_configs = [ { targets = [ "100.83.77.133:9002" ]; } ];
}
{
job_name = "pwntie";
static_configs = [{ targets = [ "100.84.170.57:9002" ]; }];
static_configs = [ { targets = [ "100.84.170.57:9002" ]; } ];
}
{
job_name = "namish";
static_configs = [{ targets = [ "10.200.0.100:9100" ]; }];
static_configs = [ { targets = [ "10.200.0.100:9100" ]; } ];
}
{
job_name = "nginx";
static_configs = [
{
targets = [
"127.0.0.1:${
toString config.services.prometheus.exporters.nginx.port
}"
];
}
{ targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.nginx.port}" ]; }
];
}
];
@ -833,7 +845,9 @@ in
backup root@suah.dev:/var/www/ suah.dev/
backup_exec date "+ backup of suah.dev ended at %c"
'';
cronIntervals = { daily = "50 21 * * *"; };
cronIntervals = {
daily = "50 21 * * *";
};
};
libreddit = {
@ -877,9 +891,7 @@ in
sslCertificateKey = "${config.sops.secrets.invidious_key.path}";
sslCertificate = "${config.sops.secrets.invidious_cert.path}";
locations."/" = {
proxyPass = "http://127.0.0.1:${
toString config.services.invidious.port
}";
proxyPass = "http://127.0.0.1:${toString config.services.invidious.port}";
proxyWebsockets = true;
};
};
@ -941,9 +953,7 @@ in
sslCertificate = "${config.sops.secrets.books_cert.path}";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${
toString config.services.calibre-web.listen.port
}";
proxyPass = "http://localhost:${toString config.services.calibre-web.listen.port}";
proxyWebsockets = true;
extraConfig = ''
${httpAllow}
@ -1047,9 +1057,7 @@ in
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${
toString config.services.grafana.settings.server.http_port
}";
proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";
proxyWebsockets = true;
extraConfig = ''
${httpAllow}
@ -1072,17 +1080,13 @@ in
end
local sock = ngx.socket.tcp()
local ok, err = sock:connect("127.0.0.1", ${
toString config.services.prometheus.port
})
local ok, err = sock:connect("127.0.0.1", ${toString config.services.prometheus.port})
if not ok then
ngx.say("failed to connect to backend: ", err)
return
end
local bytes = sock:send("GET /api/v1/query?query=wstation_temp_c HTTP/1.1\nHost: 127.0.0.1:${
toString config.services.prometheus.port
}\n\n")
local bytes = sock:send("GET /api/v1/query?query=wstation_temp_c HTTP/1.1\nHost: 127.0.0.1:${toString config.services.prometheus.port}\n\n")
sock:settimeouts(1000, 1000, 1000)
@ -1120,7 +1124,11 @@ in
host all all ::1/128 trust
'';
ensureDatabases = [ "nextcloud" "gitea" "invidious" ];
ensureDatabases = [
"nextcloud"
"gitea"
"invidious"
];
ensureUsers = [
{
name = "nextcloud";

View File

@ -1,10 +1,20 @@
{ ... }: {
{ ... }:
{
boot = {
initrd = {
availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
availableKernelModules = [
"ehci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
kernelModules = [ ];
};
kernelModules = [ "kvm-intel" "wireguard" ];
kernelModules = [
"kvm-intel"
"wireguard"
];
extraModulePackages = [ ];
};
@ -72,5 +82,5 @@
};
};
swapDevices = [{ device = "/dev/disk/by-uuid/97d6ef56-ea18-493b-aac0-e58e773ced30"; }];
swapDevices = [ { device = "/dev/disk/by-uuid/97d6ef56-ea18-493b-aac0-e58e773ced30"; } ];
}

View File

@ -1,6 +1,4 @@
{ pkgs
, ...
}:
{ pkgs, ... }:
let
pubKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
@ -8,18 +6,14 @@ let
in
{
_module.args.isUnstable = true;
imports = [
./hardware-configuration.nix
];
imports = [ ./hardware-configuration.nix ];
hardware.rtl-sdr.enable = true;
boot = {
loader.grub = {
enable = true;
devices = [
"/dev/disk/by-id/wwn-0x5001b448be78d64a"
];
devices = [ "/dev/disk/by-id/wwn-0x5001b448be78d64a" ];
};
kernelPackages = pkgs.linuxPackages_latest;
};
@ -69,7 +63,11 @@ in
windowManager.xmonad = {
enable = true;
extraPackages = haskellPackages: with haskellPackages; [ xmonad-contrib hostname ];
extraPackages =
haskellPackages: with haskellPackages; [
xmonad-contrib
hostname
];
config = builtins.readFile ./xmonad.hs;
};
};
@ -77,10 +75,16 @@ in
users = {
users = {
root = { openssh.authorizedKeys.keys = pubKeys; };
root = {
openssh.authorizedKeys.keys = pubKeys;
};
qbit = {
openssh.authorizedKeys.keys = pubKeys;
extraGroups = [ "dialout" "libvirtd" "plugdev" ];
extraGroups = [
"dialout"
"libvirtd"
"plugdev"
];
};
};
};

View File

@ -1,28 +1,35 @@
{ config, lib, modulesPath, ... }:
{
config,
lib,
modulesPath,
...
}:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd = {
availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "usb_storage" "ums_realtek" "sd_mod" ];
availableKernelModules = [
"uhci_hcd"
"ehci_pci"
"ahci"
"usb_storage"
"ums_realtek"
"sd_mod"
];
kernelModules = [ ];
};
kernelModules = [ ];
extraModulePackages = [ ];
};
fileSystems."/" =
{
device = "/dev/disk/by-uuid/d97f80ac-63fe-43d3-a3f5-3c385a41a068";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/d97f80ac-63fe-43d3-a3f5-3c385a41a068";
fsType = "ext4";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/b70a6cac-996e-4a05-a3d0-17c7acf90f08"; }];
swapDevices = [ { device = "/dev/disk/by-uuid/b70a6cac-996e-4a05-a3d0-17c7acf90f08"; } ];
networking.useDHCP = lib.mkDefault true;

View File

@ -1,9 +1,10 @@
{ inputs
, config
, pkgs
, lib
, xinlib
, ...
{
inputs,
config,
pkgs,
lib,
xinlib,
...
}:
let
inherit (inputs.stable.legacyPackages.${pkgs.system}) chirp beets;
@ -13,21 +14,25 @@ let
# doomPrivateDir = ../../configs/doom.d;
#};
peerixUser =
if builtins.hasAttr "peerix" config.users.users
then config.users.users.peerix.name
else "root";
if builtins.hasAttr "peerix" config.users.users then config.users.users.peerix.name else "root";
jobs = [
{
name = "brain";
script = "cd ~/Brain && git sync";
startAt = "*:0/2";
path = [ pkgs.git pkgs.git-sync ];
path = [
pkgs.git
pkgs.git-sync
];
}
{
name = "org";
script = "(cd ~/org && git sync)";
startAt = "*:0/5";
path = [ pkgs.git pkgs.git-sync ];
path = [
pkgs.git
pkgs.git-sync
];
}
{
name = "taskobs";
@ -40,7 +45,10 @@ in
{
_module.args.isUnstable = true;
imports = [ ./hardware-configuration.nix ../../pkgs ];
imports = [
./hardware-configuration.nix
../../pkgs
];
sops.secrets = {
fastmail = {
@ -107,7 +115,10 @@ in
};
boot = {
binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ];
binfmt.emulatedSystems = [
"aarch64-linux"
"riscv64-linux"
];
initrd.systemd.enable = true;
loader = {
systemd-boot.enable = true;
@ -116,9 +127,7 @@ in
efiSysMountPoint = "/boot/efi";
};
};
kernelParams = [
"boot.shell_on_fail"
];
kernelParams = [ "boot.shell_on_fail" ];
kernelPackages = pkgs.linuxPackages_latest;
};
@ -145,14 +154,21 @@ in
firewall = {
enable = true;
allowedTCPPorts = [ 22 ];
interfaces = { "tailscale0" = { allowedTCPPorts = [ 8384 ]; }; };
interfaces = {
"tailscale0" = {
allowedTCPPorts = [ 8384 ];
};
};
};
};
tsPeerix = {
enable = false;
privateKeyFile = "${config.sops.secrets.peerix_private_key.path}";
interfaces = [ "wlp170s0" "ztksevmpn3" ];
interfaces = [
"wlp170s0"
"ztksevmpn3"
];
};
programs = {
@ -175,7 +191,9 @@ in
};
};
services.xinCA = { enable = false; };
services.xinCA = {
enable = false;
};
services = {
power-profiles-daemon.enable = false;
@ -222,9 +240,16 @@ in
repositoryFile = "${config.sops.secrets.restic_remote_repo_file.path}";
#repository = "https://europa@backup.bold.daemon:8484/";
paths = [ "/home/qbit" "/var/lib/libvirt" ];
paths = [
"/home/qbit"
"/var/lib/libvirt"
];
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-yearly 4" ];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 5"
"--keep-yearly 4"
];
};
local = {
initialize = true;
@ -232,9 +257,16 @@ in
environmentFile = "${config.sops.secrets.restic_env_file.path}";
passwordFile = "${config.sops.secrets.restic_password_file.path}";
paths = [ "/home/qbit" "/var/lib/libvirt" ];
paths = [
"/home/qbit"
"/var/lib/libvirt"
];
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-yearly 5" ];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 5"
"--keep-yearly 5"
];
};
};
};
@ -280,8 +312,7 @@ in
];
systemd = {
user.services =
lib.listToAttrs (builtins.map jobToUserService jobs);
user.services = lib.listToAttrs (builtins.map jobToUserService jobs);
services = {
"whytailscalewhy" = {
description = "Tailscale restart on resume";
@ -305,7 +336,9 @@ in
];
environment = {
etc."barrier.conf" = { text = readFile ../../configs/barrier.conf; };
etc."barrier.conf" = {
text = readFile ../../configs/barrier.conf;
};
sessionVariables = {
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_CACHE_HOME = "\${HOME}/.cache";
@ -377,8 +410,7 @@ in
(callPackage ../../pkgs/ttfs.nix { })
(callPackage ../../pkgs/kobuddy.nix {
inherit pkgs;
inherit
(pkgs.python39Packages)
inherit (pkgs.python39Packages)
buildPythonPackage
fetchPypi
setuptools-scm

View File

@ -1,12 +1,17 @@
{ lib
, modulesPath
, ...
}: {
{ lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd = {
availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" ];
availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
"usb_storage"
"usbhid"
"sd_mod"
];
kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
@ -27,14 +32,16 @@
};
boot.initrd.luks.devices."luks-1f16b568-7726-44b6-b082-6b9d5e4d1972".device = "/dev/disk/by-uuid/1f16b568-7726-44b6-b082-6b9d5e4d1972";
boot.initrd.luks.devices."luks-1f16b568-7726-44b6-b082-6b9d5e4d1972".crypttabExtraOpts = [ "fido2-device=auto" ];
boot.initrd.luks.devices."luks-1f16b568-7726-44b6-b082-6b9d5e4d1972".crypttabExtraOpts = [
"fido2-device=auto"
];
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/F0A2-4A56";
fsType = "vfat";
};
swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
swapDevices = [ { device = "/dev/disk/by-label/swap"; } ];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware = {

View File

@ -30,10 +30,16 @@ in
interfaces.enp2s0.useDHCP = true;
firewall = {
allowedTCPPorts = [ 22 53 config.services.prometheus.exporters.node.port ];
allowedTCPPorts = [
22
53
config.services.prometheus.exporters.node.port
];
allowedUDPPorts = [ 53 ];
};
hosts = { "100.74.8.55" = [ "nix-binary-cache.otter-alligator.ts.net" ]; };
hosts = {
"100.74.8.55" = [ "nix-binary-cache.otter-alligator.ts.net" ];
};
};
users.users = {

View File

@ -1,11 +1,13 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config
, lib
, modulesPath
, ...
}: {
{
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
@ -73,6 +75,5 @@
swapDevices = [ ];
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View File

@ -1,28 +1,31 @@
{ config
, pkgs
, isUnstable
, inputs
, ...
{
config,
pkgs,
isUnstable,
inputs,
...
}:
with pkgs; let
with pkgs;
let
gqrss = callPackage ../../pkgs/gqrss.nix { inherit isUnstable; };
icbirc = callPackage ../../pkgs/icbirc.nix { inherit isUnstable; };
mcchunkie = callPackage ../../pkgs/mcchunkie.nix { inherit isUnstable; };
slidingSyncPkg = callPackage ../../pkgs/sliding-sync.nix { };
weepushover =
python3Packages.callPackage ../../pkgs/weepushover.nix { inherit pkgs; };
weepushover = python3Packages.callPackage ../../pkgs/weepushover.nix { inherit pkgs; };
pgBackupDir = "/var/backups/postgresql";
pubKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
];
userBase = { openssh.authorizedKeys.keys = pubKeys; };
icbIrcTunnel =
pkgs.writeScriptBin "icb-irc-tunnel"
(import ../../bins/icb-irc-tunnel.nix {
inherit pkgs;
inherit icbirc;
});
userBase = {
openssh.authorizedKeys.keys = pubKeys;
};
icbIrcTunnel = pkgs.writeScriptBin "icb-irc-tunnel" (
import ../../bins/icb-irc-tunnel.nix {
inherit pkgs;
inherit icbirc;
}
);
goModuleHost = "https://codeberg.org/qbit"; # "https://git.sr.ht/~qbit";
httpAllow = ''
allow 10.6.0.0/24;
@ -38,18 +41,20 @@ with pkgs; let
matrixServer = "tapenet.org";
matrixClientConfig = {
"m.homeserver".base_url = "https://${matrixServer}:443";
"org.matrix.msc3575.proxy" = { url = "https://${matrixServer}"; };
"org.matrix.msc3575.proxy" = {
url = "https://${matrixServer}";
};
};
matrixServerConfig = {
"m.server" = "${matrixServer}:443";
};
matrixServerConfig = { "m.server" = "${matrixServer}:443"; };
mkMatrixWellKnown = p: ''
return 200 '${builtins.toJSON p}';
'';
mkMatrixSliderLoc = {
proxyWebsockets = true;
proxyPass = "http://${config.services.sliding-sync.address}:${
toString config.services.sliding-sync.port
}";
proxyPass = "http://${config.services.sliding-sync.address}:${toString config.services.sliding-sync.port}";
};
mkMatrixLoc = {
proxyWebsockets = true;
@ -58,9 +63,7 @@ with pkgs; let
in
{
_module.args.isUnstable = false;
imports = [
./hardware-configuration.nix
];
imports = [ ./hardware-configuration.nix ];
boot = {
loader.grub = {
@ -84,9 +87,14 @@ in
nixpkgs.overlays = [
(_: super: {
weechat = super.weechat.override {
configure = { ... }: {
scripts = with super.weechatScripts; [ highmon weepushover ];
};
configure =
{ ... }:
{
scripts = with super.weechatScripts; [
highmon
weepushover
];
};
};
})
];
@ -140,7 +148,9 @@ in
sopsFile = config.xin-secrets.h.services;
owner = config.users.users.gostart.name;
};
wireguard_private_key = { sopsFile = config.xin-secrets.h.services; };
wireguard_private_key = {
sopsFile = config.xin-secrets.h.services;
};
pots_env_file = {
owner = config.users.users.pots.name;
mode = "400";
@ -212,8 +222,21 @@ in
};
firewall = {
interfaces = { "tailscale0" = { allowedTCPPorts = [ 9002 config.services.shiori.port ]; }; };
allowedTCPPorts = [ 22 80 443 2222 53589 ];
interfaces = {
"tailscale0" = {
allowedTCPPorts = [
9002
config.services.shiori.port
];
};
};
allowedTCPPorts = [
22
80
443
2222
53589
];
allowedUDPPorts = [ 7122 ];
allowedUDPPortRanges = [
{
@ -281,7 +304,10 @@ in
matrix-synapse.after = [ "icbirc.service" ];
icb-tunnel = {
wantedBy = [ "network.target" ];
after = [ "network.target" "multi-user.target" ];
after = [
"network.target"
"multi-user.target"
];
serviceConfig = {
User = "qbit";
WorkingDirectory = "/home/qbit";
@ -314,7 +340,10 @@ in
loginAccounts = {
"qbit@suah.dev" = {
hashedPasswordFile = "${config.sops.secrets.qbit_at_suah_pass_file.path}";
aliases = [ "postmaster@suah.dev" "aaron@suah.dev" ];
aliases = [
"postmaster@suah.dev"
"aaron@suah.dev"
];
};
};
@ -380,7 +409,9 @@ in
enable = true;
envFile = "${config.sops.secrets.pots_env_file.path}";
};
pr-status = { enable = true; };
pr-status = {
enable = true;
};
gostart = {
enable = true;
keyPath = "${config.sops.secrets.gostart.path}";
@ -419,7 +450,10 @@ in
protocol = "https";
storage-backend = "local";
storage-local-base-path = "/var/lib/gotosocial";
trusted-proxies = [ "127.0.0.1/32" "23.29.118.0/24" ];
trusted-proxies = [
"127.0.0.1/32"
"23.29.118.0/24"
];
web-template-base-dir = "${config.services.gotosocial.package}/assets/web/template/";
web-asset-base-dir = "${config.services.gotosocial.package}/assets/web/assets/";
};
@ -431,8 +465,10 @@ in
http_listen_port = 3031;
grpc_listen_port = 0;
};
positions = { filename = "/tmp/positions.yaml"; };
clients = [{ url = "http://box.otter-alligator.ts.net:3030/loki/api/v1/push"; }];
positions = {
filename = "/tmp/positions.yaml";
};
clients = [ { url = "http://box.otter-alligator.ts.net:3030/loki/api/v1/push"; } ];
scrape_configs = [
{
job_name = "journal";
@ -476,8 +512,7 @@ in
cron = {
enable = true;
systemCronJobs = [
''
@hourly qbit (export GH_AUTH_TOKEN=$(cat /run/secrets/gqrss_token); cd /var/www/suah.dev/rss; ${gqrss}/bin/gqrss ; ${gqrss}/bin/gqrss -search "LibreSSL" -prefix libressl_ ) >/dev/null 2>&1''
''@hourly qbit (export GH_AUTH_TOKEN=$(cat /run/secrets/gqrss_token); cd /var/www/suah.dev/rss; ${gqrss}/bin/gqrss ; ${gqrss}/bin/gqrss -search "LibreSSL" -prefix libressl_ ) >/dev/null 2>&1''
];
};
@ -504,9 +539,15 @@ in
"/var/dkim"
];
timerConfig = { OnCalendar = "00:05"; };
timerConfig = {
OnCalendar = "00:05";
};
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-yearly 10" ];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 5"
"--keep-yearly 10"
];
};
};
};
@ -548,7 +589,11 @@ in
'';
upstreams = {
"ssh_gitea" = { servers = { "192.168.112.4:2222" = { }; }; };
"ssh_gitea" = {
servers = {
"192.168.112.4:2222" = { };
};
};
};
streamConfig = ''
@ -574,7 +619,6 @@ in
forceSSL = true;
enableACME = true;
root = "/var/www/bolddaemon.com";
};
"notes.suah.dev" = {
forceSSL = true;
@ -753,27 +797,26 @@ in
forceSSL = true;
enableACME = true;
extraConfig =
if config.services.gotosocial.package.version == "0.7.1"
then ''
# TODO: This can be removed next release
# https://github.com/superseriousbusiness/gotosocial/issues/1419
# Workaround for missing API + Ice Cubes
location ~ ^/api/v1/accounts/[0-9A-Z]+/featured_tags {
default_type application/json;
return 200 '[]';
}
''
else "";
if config.services.gotosocial.package.version == "0.7.1" then
''
# TODO: This can be removed next release
# https://github.com/superseriousbusiness/gotosocial/issues/1419
# Workaround for missing API + Ice Cubes
location ~ ^/api/v1/accounts/[0-9A-Z]+/featured_tags {
default_type application/json;
return 200 '[]';
}
''
else
"";
locations."/" = {
extraConfig = ''
proxy_pass http://127.0.0.1:${
toString config.services.gotosocial.configuration.port
};
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:${toString config.services.gotosocial.configuration.port};
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
};
@ -788,65 +831,64 @@ in
root = "/var/www/rss.bolddaemon.com";
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://${config.services.yarr.address}:${
toString config.services.yarr.port
}";
proxyPass = "http://${config.services.yarr.address}:${toString config.services.yarr.port}";
};
};
"tapenet.org" = {
forceSSL = true;
enableACME = true;
root = "/var/www/tapenet.org";
locations = {
"/.well-known/webfinger" = {
extraConfig = ''
default_type 'application/json';
locations =
{
"/.well-known/webfinger" = {
extraConfig = ''
default_type 'application/json';
content_by_lua_block {
local acct = ngx.unescape_uri(ngx.var.arg_resource)
local json = '${builtins.toJSON {
subject = "%s";
links = [
{
rel = "http://openid.net/specs/connect/1.0/issuer";
href = "https://git.tapenet.org/";
content_by_lua_block {
local acct = ngx.unescape_uri(ngx.var.arg_resource)
local json = '${
builtins.toJSON {
subject = "%s";
links = [
{
rel = "http://openid.net/specs/connect/1.0/issuer";
href = "https://git.tapenet.org/";
}
];
}
];
}}';
local newjson, n, err = ngx.re.sub(json, "%s", acct)
if not err then
ngx.say(newjson)
else
ngx.say("")
end
return
}';
local newjson, n, err = ngx.re.sub(json, "%s", acct)
if not err then
ngx.say(newjson)
else
ngx.say("")
end
return
}
'';
};
}
// (
if config.services.sliding-sync.enable then
{
"/.well-known/matrix/client".extraConfig = mkMatrixWellKnown matrixClientConfig;
"/.well-known/matrix/server".extraConfig = mkMatrixWellKnown matrixServerConfig;
"/client" = mkMatrixSliderLoc;
"/_matrix/client/unstable/org.matrix.msc3575/sync" = mkMatrixSliderLoc;
"/_matrix" = mkMatrixLoc;
"/_synapse/client" = mkMatrixLoc;
}
'';
};
}
// (if config.services.sliding-sync.enable
then {
"/.well-known/matrix/client".extraConfig =
mkMatrixWellKnown matrixClientConfig;
"/.well-known/matrix/server".extraConfig =
mkMatrixWellKnown matrixServerConfig;
else
{
"/.well-known/matrix/client".extraConfig = mkMatrixWellKnown matrixClientConfig;
"/.well-known/matrix/server".extraConfig = mkMatrixWellKnown matrixServerConfig;
"/client" = mkMatrixSliderLoc;
"/_matrix/client/unstable/org.matrix.msc3575/sync" =
mkMatrixSliderLoc;
"/_matrix" = mkMatrixLoc;
"/_synapse/client" = mkMatrixLoc;
}
else {
"/.well-known/matrix/client".extraConfig =
mkMatrixWellKnown matrixClientConfig;
"/.well-known/matrix/server".extraConfig =
mkMatrixWellKnown matrixServerConfig;
"/_matrix" = mkMatrixLoc;
"/_synapse/client" = mkMatrixLoc;
});
"/_matrix" = mkMatrixLoc;
"/_synapse/client" = mkMatrixLoc;
}
);
};
};
};
@ -876,11 +918,14 @@ in
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
ensureDatabases = [ "synapse" "gotosocial" "syncv3" "wallabag" ];
ensureDatabases = [
"synapse"
"gotosocial"
"syncv3"
"wallabag"
];
ensureUsers = [
{
name = "synapse_user";
}
{ name = "synapse_user"; }
{
name = "gotosocial";
ensureDBOwnership = true;
@ -953,9 +998,7 @@ in
signing_key_path = "${config.sops.secrets.synapse_signing_key.path}";
url_preview_enabled = false;
plugins = with config.services.matrix-synapse.package.plugins; [ matrix-synapse-mjolnir-antispam ];
app_service_config_files = [
"/var/lib/heisenbridge/registration.yml"
];
app_service_config_files = [ "/var/lib/heisenbridge/registration.yml" ];
database = {
name = "psycopg2";
args = {
@ -986,6 +1029,5 @@ in
};
};
system.stateVersion = "22.11";
}

View File

@ -1,16 +1,23 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config
, lib
, modulesPath
, ...
}: {
{
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
initrd = {
availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" ];
availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"sd_mod"
];
kernelModules = [ ];
};
kernelModules = [ "wireguard" ];
@ -22,8 +29,7 @@
fsType = "ext4";
};
swapDevices = [{ device = "/dev/disk/by-uuid/610a3dbc-59d5-4e5b-b5de-b31402135d44"; }];
swapDevices = [ { device = "/dev/disk/by-uuid/610a3dbc-59d5-4e5b-b5de-b31402135d44"; } ];
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View File

@ -4,7 +4,9 @@ let
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPMaAm4rDxyU975Z54YiNw3itC2fGc3SaE2VaS1fai8 root@box"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq"
];
userBase = { openssh.authorizedKeys.keys = pubKeys; };
userBase = {
openssh.authorizedKeys.keys = pubKeys;
};
in
{
_module.args.isUnstable = false;

View File

@ -1,8 +1,10 @@
{ config
, lib
, modulesPath
, ...
}: {
{
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
@ -28,7 +30,7 @@
fsType = "ext4";
};
swapDevices = [{ device = "/dev/disk/by-uuid/53f8fb0f-1fd8-4785-9278-343b525a23be"; }];
swapDevices = [ { device = "/dev/disk/by-uuid/53f8fb0f-1fd8-4785-9278-343b525a23be"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
@ -40,6 +42,5 @@
# networking.interfaces.eno3.useDHCP = lib.mkDefault true;
# networking.interfaces.eno4.useDHCP = lib.mkDefault true;
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View File

@ -1,7 +1,8 @@
{ config
, pkgs
, lib
, ...
{
config,
pkgs,
lib,
...
}:
let
pubKeys = [
@ -17,7 +18,10 @@ in
imports = [ ./hardware-configuration.nix ];
boot = {
initrd.availableKernelModules = [ "usbhid" "usb_storage" ];
initrd.availableKernelModules = [
"usbhid"
"usb_storage"
];
kernelPackages = pkgs.linuxPackages_latest;
kernelModules = [ "raspberrypi_ts" ];
loader = {
@ -28,13 +32,17 @@ in
networking = {
hostName = "octo";
networkmanager = { enable = true; };
networkmanager = {
enable = true;
};
wireless.userControlled.enable = true;
};
preDNS.enable = false;
systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart =
lib.mkForce [ "" "${pkgs.networkmanager}/bin/nm-online -q" ];
systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart = lib.mkForce [
""
"${pkgs.networkmanager}/bin/nm-online -q"
];
users.users = {
root = userBase;

View File

@ -1,4 +1,5 @@
{ ... }: {
{ ... }:
{
fileSystems = {
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";

View File

@ -1,6 +1,4 @@
{ pkgs
, ...
}:
{ pkgs, ... }:
let
pubKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
@ -8,9 +6,7 @@ let
in
{
_module.args.isUnstable = true;
imports = [
./hardware-configuration.nix
];
imports = [ ./hardware-configuration.nix ];
hardware = {
rtl-sdr.enable = true;
@ -32,7 +28,10 @@ in
"video=DSI-1:panel_orientation=right_side_up"
];
kernelModules = [ "btusb" "kvm-intel" ];
kernelModules = [
"btusb"
"kvm-intel"
];
initrd = {
kernelModules = [
@ -53,7 +52,6 @@ in
"rtsx_pci_sdmmc"
];
};
};
nixpkgs.config.allowUnsupportedSystem = true;
@ -85,13 +83,15 @@ in
services = {
xserver = {
dpi = 200;
xrandrHeads = [{
output = "DSI-1";
primary = true;
monitorConfig = ''
Option "Rotate" "right"
'';
}];
xrandrHeads = [
{
output = "DSI-1";
primary = true;
monitorConfig = ''
Option "Rotate" "right"
'';
}
];
};
power-profiles-daemon.enable = false;
tlp = {
@ -110,10 +110,16 @@ in
users = {
users = {
root = { openssh.authorizedKeys.keys = pubKeys; };
root = {
openssh.authorizedKeys.keys = pubKeys;
};
qbit = {
openssh.authorizedKeys.keys = pubKeys;
extraGroups = [ "dialout" "libvirtd" "plugdev" ];
extraGroups = [
"dialout"
"libvirtd"
"plugdev"
];
};
};
};

View File

@ -1,35 +1,42 @@
{ config, lib, modulesPath, ... }:
{
config,
lib,
modulesPath,
...
}:
{
imports =
[
(modulesPath + "/hardware/network/broadcom-43xx.nix")
(modulesPath + "/installer/scan/not-detected.nix")
];
imports = [
(modulesPath + "/hardware/network/broadcom-43xx.nix")
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd = {
availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi" ];
availableKernelModules = [
"xhci_pci"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_acpi"
];
kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems."/" =
{
device = "/dev/disk/by-uuid/aa1b622f-2bce-4c7d-b344-8d11a73d738a";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/aa1b622f-2bce-4c7d-b344-8d11a73d738a";
fsType = "ext4";
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/03B6-6D57";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/03B6-6D57";
fsType = "vfat";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/34eac254-010b-4759-a868-08e68d22a69c"; }];
swapDevices = [ { device = "/dev/disk/by-uuid/34eac254-010b-4759-a868-08e68d22a69c"; } ];
networking.useDHCP = lib.mkDefault true;

View File

@ -1,16 +1,20 @@
{ pkgs
, lib
, isUnstable
, ...
{
pkgs,
lib,
isUnstable,
...
}:
let
secretAgent = "Contents/Library/LoginItems/SecretAgent.app/Contents/MacOS/SecretAgent";
rage =
pkgs.writeScriptBin "rage" (import ../../bins/rage.nix { inherit pkgs; });
rage = pkgs.writeScriptBin "rage" (import ../../bins/rage.nix { inherit pkgs; });
in
{
_module.args.isUnstable = false;
imports = [ ../../configs/tmux.nix ../../configs/zsh.nix ../../bins ];
imports = [
../../configs/tmux.nix
../../configs/zsh.nix
../../bins
];
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
@ -59,10 +63,7 @@ in
nixpkgs.config = {
allowUnfree = true;
allowUnfreePredicate = pkg:
builtins.elm (lib.getName pkg) [
"obsidian"
];
allowUnfreePredicate = pkg: builtins.elm (lib.getName pkg) [ "obsidian" ];
};
environment.variables = {

View File

@ -1,7 +1,4 @@
{ pkgs
, config
, ...
}:
{ pkgs, config, ... }:
let
#myEmacs = pkgs.callPackage ../../configs/emacs.nix { };
pubKeys = [
@ -10,9 +7,7 @@ let
in
{
_module.args.isUnstable = false;
imports = [
./hardware-configuration.nix
];
imports = [ ./hardware-configuration.nix ];
hardware.rtl-sdr.enable = true;
@ -27,7 +22,10 @@ in
};
kernelPackages = pkgs.linuxPackages_latest;
binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ];
binfmt.emulatedSystems = [
"aarch64-linux"
"riscv64-linux"
];
};
nixpkgs.config.allowUnsupportedSystem = true;
@ -135,10 +133,17 @@ in
users = {
users = {
root = { openssh.authorizedKeys.keys = pubKeys; };
root = {
openssh.authorizedKeys.keys = pubKeys;
};
qbit = {
openssh.authorizedKeys.keys = pubKeys;
extraGroups = [ "dialout" "libvirtd" "docker" "plugdev" ];
extraGroups = [
"dialout"
"libvirtd"
"docker"
"plugdev"
];
};
};
};

View File

@ -1,15 +1,24 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config
, lib
, modulesPath
, ...
}: {
{
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
@ -27,7 +36,7 @@
};
};
swapDevices = [{ device = "/dev/disk/by-uuid/e14ac85b-d7b0-4a76-b9ab-a2c61fd67a5d"; }];
swapDevices = [ { device = "/dev/disk/by-uuid/e14ac85b-d7b0-4a76-b9ab-a2c61fd67a5d"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
@ -37,7 +46,6 @@
# networking.interfaces.enp10s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# high-resolution display
}

View File

@ -1,17 +1,17 @@
{ config
, pkgs
, lib
, ...
{
config,
pkgs,
lib,
...
}:
let
inherit
(builtins)
inherit (builtins)
head
concatStringsSep
attrValues
mapAttrs
attrNames
;# hasAttr;
; # hasAttr;
inherit (lib.attrsets) filterAttrsRecursive filterAttrs;
pubKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
@ -22,9 +22,14 @@ let
wan = "enp5s0f0";
trunk = "enp5s0f1";
dnsServers = [ "45.90.28.147" "45.90.30.147" ];
dnsServers = [
"45.90.28.147"
"45.90.30.147"
];
interfaces = {
"${wan}" = { useDHCP = true; };
"${wan}" = {
useDHCP = true;
};
"${trunk}" = rec {
ipv4.addresses = [
{
@ -302,7 +307,10 @@ let
in
{
_module.args.isUnstable = false;
imports = [ ./hardware-configuration.nix ../../modules/tsvnstat.nix ];
imports = [
./hardware-configuration.nix
../../modules/tsvnstat.nix
];
boot.kernel.sysctl = {
"net.ipv4.conf.all.forwarding" = true;
@ -464,7 +472,7 @@ in
{
name = "common";
advertise = true;
prefix = [{ prefix = "::/64"; }];
prefix = [ { prefix = "::/64"; } ];
}
];
};
@ -478,9 +486,7 @@ in
extraOptions = [
"--verbose=9"
"--trace"
"--bind-address ${
(head config.networking.interfaces.lab.ipv4.addresses).address
}"
"--bind-address ${(head config.networking.interfaces.lab.ipv4.addresses).address}"
];
};
@ -490,32 +496,45 @@ in
option subnet-mask 255.255.255.0;
option domain-name-servers ${concatStringsSep ", " dnsServers};
${concatStringsSep "\n" (attrValues (mapAttrs (intf: val: ''
# ${intf} : ${val.info.description}
subnet ${val.info.net} netmask ${val.info.netmask} {
option routers ${val.info.router};
range ${val.info.dhcp.start} ${val.info.dhcp.end};
${concatStringsSep "\n" (
attrValues (
mapAttrs
(intf: val: ''
# ${intf} : ${val.info.description}
subnet ${val.info.net} netmask ${val.info.netmask} {
option routers ${val.info.router};
range ${val.info.dhcp.start} ${val.info.dhcp.end};
${
concatStringsSep "\n" (map (e: ''
host ${e.name} {
hardware ethernet ${e.mac};
fixed-address ${e.address};
${
concatStringsSep "\n" (
map
(e: ''
host ${e.name} {
hardware ethernet ${e.mac};
fixed-address ${e.address};
}
'')
val.info.dhcp.staticIPs
)
}
}
'')
val.info.dhcp.staticIPs)
}
}
'') (filterAttrsRecursive (n: _: n != "${wan}") interfaces)))}
(filterAttrsRecursive (n: _: n != "${wan}") interfaces)
)
)}
'';
interfaces =
attrNames (filterAttrs (_: v: v.info.dhcp.enable)
(filterAttrsRecursive (n: _: n != "${wan}") interfaces));
interfaces = attrNames (
filterAttrs (_: v: v.info.dhcp.enable) (filterAttrsRecursive (n: _: n != "${wan}") interfaces)
);
# TODO: Probably a better way to pre-filter the interfaces set
};
};
environment.systemPackages = with pkgs; [ bmon termshark tcpdump ];
environment.systemPackages = with pkgs; [
bmon
termshark
tcpdump
];
users.users.root = userBase;
users.users.qbit = userBase;

View File

@ -1,11 +1,13 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config
, lib
, modulesPath
, ...
}: {
{
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.loader.grub = {
@ -16,10 +18,21 @@
boot = {
initrd = {
availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" ];
availableKernelModules = [
"ehci_pci"
"ahci"
"xhci_pci"
"usb_storage"
"usbhid"
"sd_mod"
];
kernelModules = [ ];
};
kernelModules = [ "nf_tables" "nf_tables_ipv6" "nf_conntrack_tftp" ];
kernelModules = [
"nf_tables"
"nf_tables_ipv6"
"nf_conntrack_tftp"
];
extraModulePackages = [ ];
};
@ -30,6 +43,5 @@
swapDevices = [ ];
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View File

@ -1,7 +1,4 @@
{ config
, pkgs
, ...
}:
{ config, pkgs, ... }:
let
inherit (pkgs.vscode-utils) buildVscodeMarketplaceExtension;
testingMode = true;
@ -16,13 +13,11 @@ let
openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys;
};
peerixUser =
if builtins.hasAttr "peerix" config.users.users
then config.users.users.peerix.name
else "root";
#doom-emacs = inputs.nix-doom-emacs.packages.${pkgs.system}.default.override {
# doomPrivateDir = ../../configs/doom.d;
#};
if builtins.hasAttr "peerix" config.users.users then config.users.users.peerix.name else "root";
in
#doom-emacs = inputs.nix-doom-emacs.packages.${pkgs.system}.default.override {
# doomPrivateDir = ../../configs/doom.d;
#};
{
_module.args.isUnstable = true;
imports = [ ./hardware-configuration.nix ];
@ -37,7 +32,9 @@ in
initrd = {
luks.devices."luks-23b20980-eb1e-4390-b706-f0f42a623ddf".device = "/dev/disk/by-uuid/23b20980-eb1e-4390-b706-f0f42a623ddf";
luks.devices."luks-23b20980-eb1e-4390-b706-f0f42a623ddf".keyFile = "/crypto_keyfile.bin";
secrets = { "/crypto_keyfile.bin" = null; };
secrets = {
"/crypto_keyfile.bin" = null;
};
};
kernelParams = [ "intel_idle.max_cstate=4" ];
kernelPackages = pkgs.linuxPackages;
@ -101,9 +98,18 @@ in
hosts = {
"172.16.30.253" = [ "proxmox-02.vm.calyptix.local" ];
"127.0.0.1" = [ "borg.calyptix.dev" "localhost" ];
"192.168.122.249" = [ "arst.arst" "vm" ];
"192.168.8.194" = [ "router.arst" "router" ];
"127.0.0.1" = [
"borg.calyptix.dev"
"localhost"
];
"192.168.122.249" = [
"arst.arst"
"vm"
];
"192.168.8.194" = [
"router.arst"
"router"
];
};
networkmanager.enable = true;
@ -114,7 +120,6 @@ in
};
};
i18n.defaultLocale = "en_US.utf8";
kde.enable = true;
@ -152,14 +157,16 @@ in
};
users.users.root = userBase;
users.users.abieber =
{
isNormalUser = true;
description = "Aaron Bieber";
shell = pkgs.zsh;
extraGroups = [ "networkmanager" "wheel" "libvirtd" ];
}
// userBase;
users.users.abieber = {
isNormalUser = true;
description = "Aaron Bieber";
shell = pkgs.zsh;
extraGroups = [
"networkmanager"
"wheel"
"libvirtd"
];
} // userBase;
nixpkgs.config.allowUnfree = true;
@ -261,7 +268,10 @@ in
tsPeerix = {
enable = false;
privateKeyFile = "${config.sops.secrets.peerix_private_key.path}";
interfaces = [ "wlp170s0" "ztksevmpn3" ];
interfaces = [
"wlp170s0"
"ztksevmpn3"
];
};
services = {
@ -275,7 +285,11 @@ in
paths = [ "/home/abieber" ];
pruneOpts = [ "--keep-daily 7" "--keep-weekly 2" "--keep-monthly 2" ];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 2"
"--keep-monthly 2"
];
};
};
};
@ -299,7 +313,6 @@ in
};
};
system.autoUpgrade.allowReboot = false;
system.stateVersion = "22.05"; # Did you read the comment?
}

View File

@ -1,13 +1,21 @@
{ pkgs
, lib
, modulesPath
, ...
}: {
{
pkgs,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd = {
availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ];
availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
"usb_storage"
"sd_mod"
];
kernelModules = [ ];
luks.devices."luks-e12e4b82-6f9e-4f80-b3f4-7e9a248e7827".device = "/dev/disk/by-uuid/e12e4b82-6f9e-4f80-b3f4-7e9a248e7827";
};
@ -34,7 +42,8 @@
"x-systemd.automount"
(builtins.replaceStrings [ " " ] [ "\\040" ]
"ssh_command=${pkgs.openssh}/bin/ssh -F /home/abieber/.ssh/config")
"ssh_command=${pkgs.openssh}/bin/ssh -F /home/abieber/.ssh/config"
)
"reconnect"
"allow_other"
"cache=yes"
@ -46,8 +55,7 @@
};
};
swapDevices = [{ device = "/dev/disk/by-uuid/85a3b559-0c0f-485d-9107-9f6ba5ad31da"; }];
swapDevices = [ { device = "/dev/disk/by-uuid/85a3b559-0c0f-485d-9107-9f6ba5ad31da"; } ];
networking.useDHCP = lib.mkDefault true;

View File

@ -1,7 +1,8 @@
{ config
, pkgs
, lib
, ...
{
config,
pkgs,
lib,
...
}:
let
pubKeys = [
@ -22,9 +23,19 @@ in
programs = { } // firefox.programs;
boot = {
initrd.availableKernelModules = [ "usbhid" "usb_storage" "vc4" "rtc-ds3232" "rtc-ds1307" ];
initrd.availableKernelModules = [
"usbhid"
"usb_storage"
"vc4"
"rtc-ds3232"
"rtc-ds1307"
];
kernelPackages = pkgs.linuxPackages_latest;
kernelModules = [ "raspberrypi_ts" "rtc-ds3232" "rtc-ds1307" ];
kernelModules = [
"raspberrypi_ts"
"rtc-ds3232"
"rtc-ds1307"
];
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
@ -33,7 +44,9 @@ in
networking = {
hostName = "weather";
networkmanager = { enable = true; };
networkmanager = {
enable = true;
};
wireless.userControlled.enable = true;
hosts."100.120.151.126" = [ "graph.tapenet.org" ];
};
@ -46,8 +59,10 @@ in
};
preDNS.enable = false;
systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart =
lib.mkForce [ "" "${pkgs.networkmanager}/bin/nm-online -q" ];
systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart = lib.mkForce [
""
"${pkgs.networkmanager}/bin/nm-online -q"
];
services.xserver = {
enable = true;

View File

@ -1,4 +1,5 @@
{ ... }: {
{ ... }:
{
fileSystems = {
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";

View File

@ -1,7 +1,8 @@
{ config
, pkgs
, lib
, ...
{
config,
pkgs,
lib,
...
}:
let
pubKeys = [
@ -14,9 +15,7 @@ let
in
{
_module.args.isUnstable = false;
imports = [
./hardware-configuration.nix
];
imports = [ ./hardware-configuration.nix ];
defaultUsers.enable = false;
@ -35,7 +34,9 @@ in
networking = {
hostName = "wzero";
networkmanager = { enable = true; };
networkmanager = {
enable = true;
};
wireless.userControlled.enable = true;
hosts."100.120.151.126" = [ "graph.tapenet.org" ];
};

View File

@ -1,4 +1,5 @@
{ pkgs, ... }: {
{ pkgs, ... }:
{
hardware = {
deviceTree = {
enable = true;
@ -7,8 +8,6 @@
enableRedistributableFirmware = true;
i2c.enable = true;
firmware = with pkgs; [
raspberrypiWirelessFirmware
];
firmware = with pkgs; [ raspberrypiWirelessFirmware ];
};
}

View File

@ -39,20 +39,30 @@ in
layout = "us";
xkbVariant = "colemak";
};
console = { keyMap = "colemak"; };
console = {
keyMap = "colemak";
};
users.users = {
qbit = {
isNormalUser = true;
description = "Aaron Bieber";
extraGroups = [ "networkmanager" "wheel" ];
extraGroups = [
"networkmanager"
"wheel"
];
packages = [ ];
};
root = { openssh.authorizedKeys.keys = pubKeys; };
root = {
openssh.authorizedKeys.keys = pubKeys;
};
};
# neovim will overwrite my neovim!!
environment.systemPackages = with pkgs; [ neovim jq ];
environment.systemPackages = with pkgs; [
neovim
jq
];
services.openssh = {
enable = true;

View File

@ -1,13 +1,18 @@
{ config
, lib
, pkgs
, ...
{
config,
lib,
pkgs,
...
}:
let
managementKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDM2k2C6Ufx5RNf4qWA9BdQHJfAkskOaqEWf8yjpySwH Nix Manager";
in
{
imports = [ ./configs/colemak.nix ./configs/tmux.nix ./configs/neovim.nix ];
imports = [
./configs/colemak.nix
./configs/tmux.nix
./configs/neovim.nix
];
options.myconf = {
hwPubKeys = lib.mkOption rec {
@ -103,7 +108,10 @@ in
boot.tmp.cleanOnBoot = true;
environment = {
systemPackages = with pkgs; [ apg inetutils ];
systemPackages = with pkgs; [
apg
inetutils
];
interactiveShellInit = ''
alias vi=nvim
@ -113,18 +121,19 @@ in
time.timeZone = "US/Mountain";
systemd.services."setdate" =
if pkgs.system == "aarch64-linux"
then {
description = "Set date on boot";
wantedBy = [ "network-online.target" ];
after = [ "network-online.target" ];
script = ''
. /etc/profile;
${pkgs.outils}/bin/rdate pool.ntp.org
'';
serviceConfig.Type = "oneshot";
}
else { };
if pkgs.system == "aarch64-linux" then
{
description = "Set date on boot";
wantedBy = [ "network-online.target" ];
after = [ "network-online.target" ];
script = ''
. /etc/profile;
${pkgs.outils}/bin/rdate pool.ntp.org
'';
serviceConfig.Type = "oneshot";
}
else
{ };
programs = {
zsh.enable = true;
@ -151,7 +160,10 @@ in
settings = {
PermitRootLogin = lib.mkForce "prohibit-password";
PasswordAuthentication = false;
KexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
KexAlgorithms = [
"curve25519-sha256"
"curve25519-sha256@libssh.org"
];
Macs = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"

View File

@ -1,42 +1,44 @@
{ lib, ... }:
let
inherit (builtins) toString readFile fromJSON filter;
getPrStatus = pr:
inherit (builtins)
toString
readFile
fromJSON
filter
;
getPrStatus =
pr:
let
prstr = toString pr;
prStatus = fromJSON (readFile ../pull_requests/${prstr}.json);
in
prStatus;
prIsOpen = {
option = pr: a:
option =
pr: a:
let
prStatus = getPrStatus pr;
in
if prStatus.status == "open"
then a
else { };
pkg = pr: localPkg: upstreamPkg:
if prStatus.status == "open" then a else { };
pkg =
pr: localPkg: upstreamPkg:
let
prStatus = getPrStatus pr;
in
if prStatus.status == "open"
then localPkg
if prStatus.status == "open" then
localPkg
else
lib.warn
"PR: ${toString pr} (${prStatus.title}) is complete, ignoring pkg..."
upstreamPkg;
lib.warn "PR: ${toString pr} (${prStatus.title}) is complete, ignoring pkg..." upstreamPkg;
overlay = pr: overlay:
overlay =
pr: overlay:
let
prStatus = getPrStatus pr;
in
if pr == 0 || prStatus.status == "open"
then overlay
if pr == 0 || prStatus.status == "open" then
overlay
else
lib.warn "PR: ${
toString pr
} (${prStatus.title}) is complete, ignoring overlay..."
(_: _: { });
lib.warn "PR: ${toString pr} (${prStatus.title}) is complete, ignoring overlay..." (_: _: { });
};
todo = msg: lib.warn "TODO: ${msg}";
@ -54,7 +56,9 @@ let
value = {
script = mkCronScript "${job.name}_script" job.script;
inherit (job) startAt path;
serviceConfig = { Type = "oneshot"; };
serviceConfig = {
Type = "oneshot";
};
};
};
jobToService = job: {
@ -68,7 +72,8 @@ let
};
};
};
buildShell = pkgs:
buildShell =
pkgs:
pkgs.mkShell {
shellHook = ''
PS1='\u@\h:\w; '
@ -97,7 +102,8 @@ let
# Set our configurationRevison based on the status of our git repo.
# If the repo is dirty, disable autoUpgrade as it means we are
# testing something.
buildVer = self:
buildVer =
self:
let
state = self.rev or "DIRTY";
in

View File

@ -1,4 +1,5 @@
{ ... }: {
{ ... }:
{
imports = [
./golink.nix
./gotosocial.nix

View File

@ -1,9 +1,11 @@
{ config
, lib
, pkgs
, ...
{
config,
lib,
pkgs,
...
}:
with pkgs; let
with pkgs;
let
cfg = config.services.golink;
golink = callPackage ../pkgs/golink.nix { };
in
@ -13,7 +15,12 @@ in
enable = mkEnableOption "Enable golink";
user = mkOption {
type = with types; oneOf [ str int ];
type =
with types;
oneOf [
str
int
];
default = "golink";
description = ''
The user the service will use.
@ -37,7 +44,12 @@ in
};
group = mkOption {
type = with types; oneOf [ str int ];
type =
with types;
oneOf [
str
int
];
default = "golink";
description = ''
The user the service will use.

View File

@ -1,18 +1,19 @@
{ config
, lib
, pkgs
, ...
{
config,
lib,
pkgs,
...
}:
with pkgs; let
with pkgs;
let
cfg = config.services.gotosocial;
gotosocial = callPackage ../pkgs/gotosocial.nix { };
settingsFormat = pkgs.formats.json { };
settingsType = settingsFormat.type;
prettyJSON = conf:
prettyJSON =
conf:
pkgs.runCommandLocal "gotosocial-config.json" { } ''
echo '${
builtins.toJSON conf
}' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out
echo '${builtins.toJSON conf}' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out
'';
in
{
@ -21,7 +22,12 @@ in
enable = mkEnableOption "Enable gotosocial";
user = mkOption {
type = with types; oneOf [ str int ];
type =
with types;
oneOf [
str
int
];
default = "gotosocial";
description = ''
The user the service will use.
@ -29,7 +35,12 @@ in
};
group = mkOption {
type = with types; oneOf [ str int ];
type =
with types;
oneOf [
str
int
];
default = "gotosocial";
description = ''
The user the service will use.
@ -74,9 +85,7 @@ in
RuntimeDirectory = "/var/lib/gotosocial";
ExecStart = "${cfg.package}/bin/gotosocial --config-path ${
prettyJSON cfg.configuration
} server start";
ExecStart = "${cfg.package}/bin/gotosocial --config-path ${prettyJSON cfg.configuration} server start";
};
};
};

View File

@ -1,18 +1,19 @@
{ config
, lib
, pkgs
, ...
{
config,
lib,
pkgs,
...
}:
with pkgs; let
with pkgs;
let
cfg = config.services.rtlamr2mqtt;
rtlamr2mqtt = pkgs.python3Packages.callPackage ../pkgs/rtlamr2mqtt.nix { };
settingsFormat = pkgs.formats.json { };
settingsType = settingsFormat.type;
prettyJSON = conf:
prettyJSON =
conf:
pkgs.runCommandLocal "rtlamr2mqtt-config.json" { } ''
echo '${
builtins.toJSON conf
}' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out
echo '${builtins.toJSON conf}' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out
'';
in
{
@ -21,7 +22,12 @@ in
enable = mkEnableOption "Enable rtlamr2mqtt";
user = mkOption {
type = with types; oneOf [ str int ];
type =
with types;
oneOf [
str
int
];
default = "rtlamr2mqtt";
description = ''
The user the service will use.
@ -29,7 +35,12 @@ in
};
group = mkOption {
type = with types; oneOf [ str int ];
type =
with types;
oneOf [
str
int
];
default = "rtlamr2mqtt";
description = ''
The user the service will use.

View File

@ -1,7 +1,8 @@
{ lib
, config
, pkgs
, ...
{
lib,
config,
pkgs,
...
}:
let
cfg = config.services.sliding-sync;
@ -12,7 +13,12 @@ in
enable = lib.mkEnableOption "Enable sliding-sync";
user = mkOption {
type = with types; oneOf [ str int ];
type =
with types;
oneOf [
str
int
];
default = "syncv3";
description = ''
The user the service will use.
@ -20,7 +26,12 @@ in
};
group = mkOption {
type = with types; oneOf [ str int ];
type =
with types;
oneOf [
str
int
];
default = "syncv3";
description = ''
The group the service will use.
@ -82,7 +93,10 @@ in
enable = true;
description = "sliding-sync server";
wantedBy = [ "network-online.target" ];
after = [ "network-online.target" "matrix-synapse.service" ];
after = [
"network-online.target"
"matrix-synapse.service"
];
environment = {
HOME = "${cfg.dataDir}";

View File

@ -1,7 +1,8 @@
{ config
, lib
, pkgs
, ...
{
config,
lib,
pkgs,
...
}:
let
perl = "${pkgs.perl}/bin/perl";

View File

@ -1,7 +1,8 @@
{ lib
, config
, pkgs
, ...
{
lib,
config,
pkgs,
...
}:
let
cfg = config.services.tsrevprox;
@ -36,7 +37,12 @@ in
};
user = mkOption {
type = with types; oneOf [ str int ];
type =
with types;
oneOf [
str
int
];
default = "tsrevprox";
description = ''
The user the service will use.
@ -44,7 +50,12 @@ in
};
group = mkOption {
type = with types; oneOf [ str int ];
type =
with types;
oneOf [
str
int
];
default = "tsrevprox";
description = ''
The group the service will use.
@ -90,15 +101,15 @@ in
wantedBy = [ "network-online.target" ];
after = [ "network-online.target" ];
environment = { HOME = "${cfg.dataDir}"; };
environment = {
HOME = "${cfg.dataDir}";
};
serviceConfig = {
User = cfg.user;
Group = cfg.group;
ExecStart = "${cfg.package}/bin/ts-reverse-proxy -name ${cfg.reverseName} -port ${
toString cfg.reversePort
} -ip ${cfg.reverseIP}";
ExecStart = "${cfg.package}/bin/ts-reverse-proxy -name ${cfg.reverseName} -port ${toString cfg.reversePort} -ip ${cfg.reverseIP}";
#EnvironmentFile = cfg.envFile;
};
};

View File

@ -1,10 +1,12 @@
{ config
, lib
, pkgs
, inputs
, ...
{
config,
lib,
pkgs,
inputs,
...
}:
with pkgs; let
with pkgs;
let
cfg = config.services.tsvnstat;
inherit (inputs.tsvnstat.packages.${pkgs.system}) tsvnstat;
in
@ -14,7 +16,12 @@ in
enable = mkEnableOption "Enable tsvnstat";
user = mkOption {
type = with types; oneOf [ str int ];
type =
with types;
oneOf [
str
int
];
default = "tsvnstat";
description = ''
The user the service will use.
@ -22,7 +29,12 @@ in
};
keyPath = mkOption {
type = with types; oneOf [ path str ];
type =
with types;
oneOf [
path
str
];
default = "";
description = ''
Path to the TS API key file
@ -38,7 +50,12 @@ in
};
group = mkOption {
type = with types; oneOf [ str int ];
type =
with types;
oneOf [
str
int
];
default = "tsvnstat";
description = ''
The user the service will use.
@ -88,7 +105,9 @@ in
CacheDirectoryMode = "0755";
ExecStart = ''
${cfg.package}/bin/tsvnstat -vnstati ${pkgs.vnstat}/bin/vnstati -name ${cfg.nodeName} ${lib.optionalString (cfg.keyPath != "") "-key ${cfg.keyPath}"}
${cfg.package}/bin/tsvnstat -vnstati ${pkgs.vnstat}/bin/vnstati -name ${cfg.nodeName} ${
lib.optionalString (cfg.keyPath != "") "-key ${cfg.keyPath}"
}
'';
};
};

View File

@ -1,9 +1,11 @@
{ config
, lib
, pkgs
, ...
{
config,
lib,
pkgs,
...
}:
with pkgs; let
with pkgs;
let
cfg = config.services.veilid-server;
in
{
@ -11,13 +13,23 @@ in
services.veilid-server = {
enable = mkEnableOption "Enable velid-server";
user = mkOption {
type = with types; oneOf [ str int ];
type =
with types;
oneOf [
str
int
];
default = "veilid";
description = "The user veilid-server will run as.";
};
group = mkOption {
type = with types; oneOf [ str int ];
type =
with types;
oneOf [
str
int
];
default = "veilid";
description = "The group veilid-server will run with.";
};

View File

@ -1,19 +1,29 @@
{ lib
, config
, pkgs
, ...
{
lib,
config,
pkgs,
...
}:
let
cfg = config.services.wallabag;
inherit (builtins) toJSON;
inherit (lib) mkOption mkEnableOption types mkIf;
wallabag = pkgs.wallabag.overrideAttrs (old: {
patches = builtins.filter (patch: builtins.baseNameOf patch != "wallabag-data.patch") old.patches ++ [
# https://github.com/jtojnar/nixfiles/commit/662ac88e3358e9b50468c4bbf124aa821e22cae4
./wallabag-data-location.patch
];
});
inherit (lib)
mkOption
mkEnableOption
types
mkIf
;
wallabag = pkgs.wallabag.overrideAttrs (
old: {
patches =
builtins.filter (patch: builtins.baseNameOf patch != "wallabag-data.patch") old.patches
++ [
# https://github.com/jtojnar/nixfiles/commit/662ac88e3358e9b50468c4bbf124aa821e22cae4
./wallabag-data-location.patch
];
}
);
wallabagConfig = toJSON {
parameters = {
#database_driver = "pdo_sqlite";
@ -80,10 +90,14 @@ let
sentry_dsn = null;
};
};
php = pkgs.php.withExtensions ({ enabled, all }: enabled ++ (with all; [
imagick
tidy
]));
php = pkgs.php.withExtensions (
{ enabled, all }:
enabled
++ (with all; [
imagick
tidy
])
);
wallabagServiceConfig = {
CacheDirectory = "wallabag";
CacheDirectoryMode = "700";
@ -123,17 +137,26 @@ in
description = "wallabag data directory";
};
user = mkOption {
type = with types; oneOf [ str int ];
type =
with types;
oneOf [
str
int
];
default = "wallabag";
description = "The user wallabag will run as.";
};
group = mkOption {
type = with types; oneOf [ str int ];
type =
with types;
oneOf [
str
int
];
default = "wallabag";
description = "The group wallabag will run with.";
};
};
config = mkIf cfg.enable {
@ -214,7 +237,11 @@ in
wantedBy = [ "multi-user.target" ];
before = [ "phpfpm-wallabag.service" ];
after = [ "postgresql.service" ];
path = with pkgs; [ coreutils php phpPackages.composer ];
path = with pkgs; [
coreutils
php
phpPackages.composer
];
serviceConfig = {
User = cfg.user;
Type = "oneshot";

View File

@ -1,9 +1,11 @@
{ config
, lib
, pkgs
, ...
{
config,
lib,
pkgs,
...
}:
with pkgs; let
with pkgs;
let
cfg = config.services.yarr;
yarr = callPackage ../pkgs/yarr.nix { };
in
@ -51,7 +53,12 @@ in
};
user = mkOption {
type = with types; oneOf [ str int ];
type =
with types;
oneOf [
str
int
];
default = "yarr";
description = ''
The user the service will use.
@ -59,7 +66,12 @@ in
};
group = mkOption {
type = with types; oneOf [ str int ];
type =
with types;
oneOf [
str
int
];
default = "yarr";
description = ''
The user the service will use.
@ -95,9 +107,7 @@ in
User = cfg.user;
Group = cfg.group;
ExecStart = "${cfg.package}/bin/yarr -addr ${cfg.address}:${
toString cfg.port
} -db ${cfg.dbPath} -auth-file ${cfg.authFilePath}";
ExecStart = "${cfg.package}/bin/yarr -addr ${cfg.address}:${toString cfg.port} -db ${cfg.dbPath} -auth-file ${cfg.authFilePath}";
};
};
};

View File

@ -1,11 +1,8 @@
{ config
, lib
, ...
}:
with lib; let
{ config, lib, ... }:
with lib;
let
cfg = config.services.xin-monitoring;
inherit
(builtins)
inherit (builtins)
readFile
concatStringsSep
attrValues
@ -14,34 +11,43 @@ with lib; let
;
nginxCfg = config.services.nginx;
buildFSChecker = fsList: (concatStringsSep "\n" (attrValues (mapAttrs
(f: v:
if v.fsType != "sshfs"
then ''
check filesystem ${replaceStrings ["/"] ["_"] f} with path ${f}
if space usage > 90% then alert
if inode usage > 90% then alert
''
else "")
fsList)));
buildNginxChecker = vhostList: (concatStringsSep "\n" (attrValues (mapAttrs
(f: v: ''
check host ${f} with address ${f}
if failed port 80 protocol http then alert
${
if v.enableACME
then "if failed port 443 protocol https then alert"
else ""
}
'')
vhostList)));
buildFSChecker =
fsList:
(concatStringsSep "\n" (
attrValues (
mapAttrs
(
f: v:
if v.fsType != "sshfs" then
''
check filesystem ${replaceStrings [ "/" ] [ "_" ] f} with path ${f}
if space usage > 90% then alert
if inode usage > 90% then alert
''
else
""
)
fsList
)
));
buildNginxChecker =
vhostList:
(concatStringsSep "\n" (
attrValues (
mapAttrs
(f: v: ''
check host ${f} with address ${f}
if failed port 80 protocol http then alert
${if v.enableACME then "if failed port 443 protocol https then alert" else ""}
'')
vhostList
)
));
nginxChecks =
if nginxCfg.enable
then
if config.networking.hostName == "h"
then (buildNginxChecker nginxCfg.virtualHosts)
else ""
else "";
if nginxCfg.enable then
if config.networking.hostName == "h" then (buildNginxChecker nginxCfg.virtualHosts) else ""
else
"";
in
{
options = {

View File

@ -1,12 +1,14 @@
let
_1password-gui = _: super: {
_1password-gui = super._1password-gui.overrideAttrs (_: rec {
version = "8.10.7";
src = super.fetchurl {
url = "https://downloads.1password.com/linux/tar/stable/x86_64/1password-${version}.x64.tar.gz";
sha256 = "sha256-5KMAzstoPmNgFejp21R8PcdrmUtkX3qxHYX3rV5JqyE=";
};
});
_1password-gui = super._1password-gui.overrideAttrs (
_: rec {
version = "8.10.7";
src = super.fetchurl {
url = "https://downloads.1password.com/linux/tar/stable/x86_64/1password-${version}.x64.tar.gz";
sha256 = "sha256-5KMAzstoPmNgFejp21R8PcdrmUtkX3qxHYX3rV5JqyE=";
};
}
);
};
in
_1password-gui

View File

@ -13,24 +13,29 @@ let
propagatedBuildInputs = with super.perlPackages; [ Future ];
meta = {
description = "A FIFO queue of values that uses L<Future>s";
license = with super.lib.licenses; [ artistic1 gpl1Plus ];
license = with super.lib.licenses; [
artistic1
gpl1Plus
];
};
};
in
super.PLS.overrideAttrs (_: {
propagatedBuildInputs = with super.perlPackages; [
Future
FutureQueue
IOAsync
PPI
PPR
PathTiny
PerlCritic
PerlTidy
PodMarkdown
URI
];
});
super.PLS.overrideAttrs (
_: {
propagatedBuildInputs = with super.perlPackages; [
Future
FutureQueue
IOAsync
PPI
PPR
PathTiny
PerlCritic
PerlTidy
PodMarkdown
URI
];
}
);
};
in
perlPackages

View File

@ -1,12 +1,14 @@
let
bruno = _: super: {
bruno = super.bruno.overrideAttrs (_: rec {
version = "0.25.0";
src = super.fetchurl {
url = "https://github.com/usebruno/bruno/releases/download/v${version}/bruno_${version}_amd64_linux.deb";
hash = "sha256-h7GBZaYKHwZnGNZGcVtyV0cJa8EgsulDsFIB3ggYGng=";
};
});
bruno = super.bruno.overrideAttrs (
_: rec {
version = "0.25.0";
src = super.fetchurl {
url = "https://github.com/usebruno/bruno/releases/download/v${version}/bruno_${version}_amd64_linux.deb";
hash = "sha256-h7GBZaYKHwZnGNZGcVtyV0cJa8EgsulDsFIB3ggYGng=";
};
}
);
};
in
bruno

View File

@ -1,17 +1,12 @@
{ isUnstable
, xinlib
, ...
}:
{ isUnstable, xinlib, ... }:
let
inherit (xinlib) prIsOpen;
matrix-synapse = prIsOpen.overlay 0 (import ./matrix-synapse.nix);
heisenbridge = prIsOpen.overlay 0 (import ./heisenbridge.nix);
in
{
nixpkgs.overlays = [ heisenbridge matrix-synapse ] ++
(if isUnstable
then [
]
else [
]);
nixpkgs.overlays = [
heisenbridge
matrix-synapse
] ++ (if isUnstable then [ ] else [ ]);
}

View File

@ -1,17 +1,19 @@
let
hash = "sha256-OmAmgHM+EmJ3mUY4lPBxIv2rAq8j2QEeTUMux7ZBfRE=";
heisenbridge = _: super: {
heisenbridge = super.heisenbridge.overrideAttrs (_: rec {
version = "1.14.5";
pname = "heisenbridge";
heisenbridge = super.heisenbridge.overrideAttrs (
_: rec {
version = "1.14.5";
pname = "heisenbridge";
src = super.fetchFromGitHub {
owner = "hifi";
repo = pname;
rev = "refs/tags/v${version}";
inherit hash;
};
});
src = super.fetchFromGitHub {
owner = "hifi";
repo = pname;
rev = "refs/tags/v${version}";
inherit hash;
};
}
);
};
in
heisenbridge

View File

@ -2,22 +2,24 @@ let
hash = "sha256-yhOdIyKp+JM0qUl4dD1aMeYHNhE71DUDxrfCyRDP1VI=";
sha256 = "sha256-mWvcRNvCYf6WCKU/5LGJipOI032QFG90XpHTxFGs6TU=";
matrix-synapse = _: super: {
matrix-synapse = super.matrix-synapse.overrideAttrs (_: rec {
version = "1.101.0";
pname = "matrix-synapse";
matrix-synapse = super.matrix-synapse.overrideAttrs (
_: rec {
version = "1.101.0";
pname = "matrix-synapse";
src = super.fetchFromGitHub {
owner = "element-hq";
repo = "synapse";
rev = "v${version}";
inherit hash;
};
src = super.fetchFromGitHub {
owner = "element-hq";
repo = "synapse";
rev = "v${version}";
inherit hash;
};
cargoDeps = super.rustPlatform.fetchCargoTarball {
inherit src sha256;
name = "${pname}-${version}";
};
});
cargoDeps = super.rustPlatform.fetchCargoTarball {
inherit src sha256;
name = "${pname}-${version}";
};
}
);
};
in
matrix-synapse

View File

@ -1,21 +1,23 @@
let
nixd = _: super: {
nixd = super.nixd.overrideAttrs (_: rec {
version = "1.1.0";
src = super.fetchFromGitHub {
owner = "nix-community";
repo = "nixd";
rev = version;
hash = "sha256-zeBVh9gPMR+1ETx0ujl+TUSoeHHR4fkQfxyOpCDKP9M=";
};
nativeBuildInputs = with super.pkgs; [
meson
ninja
pkg-config
bison
flex
];
});
nixd = super.nixd.overrideAttrs (
_: rec {
version = "1.1.0";
src = super.fetchFromGitHub {
owner = "nix-community";
repo = "nixd";
rev = version;
hash = "sha256-zeBVh9gPMR+1ETx0ujl+TUSoeHHR4fkQfxyOpCDKP9M=";
};
nativeBuildInputs = with super.pkgs; [
meson
ninja
pkg-config
bison
flex
];
}
);
};
in
nixd

View File

@ -1,19 +1,20 @@
let
obsidian = _: super: {
obsidian = super.obsidian.overrideAttrs (_: rec {
version = "1.3.5";
filename =
if super.stdenv.isDarwin
then "Obsidian-${version}-universal.dmg"
else "obsidian-${version}.tar.gz";
src = super.fetchurl {
url = "https://github.com/obsidianmd/obsidian-releases/releases/download/v${version}/${filename}";
sha256 =
if super.stdenv.isDarwin
then "sha256-bTIJwQqufzxq1/ZxR8rVYER82tl0pPMpKwDPr9Gz1Q4="
else "sha256-jhm6ziFaJnv4prPSfOnJ/EbIRTf9rnvzAJVxnVqmWE4=";
};
});
obsidian = super.obsidian.overrideAttrs (
_: rec {
version = "1.3.5";
filename =
if super.stdenv.isDarwin then "Obsidian-${version}-universal.dmg" else "obsidian-${version}.tar.gz";
src = super.fetchurl {
url = "https://github.com/obsidianmd/obsidian-releases/releases/download/v${version}/${filename}";
sha256 =
if super.stdenv.isDarwin then
"sha256-bTIJwQqufzxq1/ZxR8rVYER82tl0pPMpKwDPr9Gz1Q4="
else
"sha256-jhm6ziFaJnv4prPSfOnJ/EbIRTf9rnvzAJVxnVqmWE4=";
};
}
);
};
in
obsidian

View File

@ -1,18 +1,20 @@
let
openssh = _: super: {
openssh = super.openssh.overrideAttrs (_: rec {
version = "9.3p1";
src = super.fetchurl {
url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz";
hash = "sha256-6bq6dwGnalHz2Fpiw4OjydzZf6kAuFm8fbEUwYaK+Kg=";
};
openssh = super.openssh.overrideAttrs (
_: rec {
version = "9.3p1";
src = super.fetchurl {
url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz";
hash = "sha256-6bq6dwGnalHz2Fpiw4OjydzZf6kAuFm8fbEUwYaK+Kg=";
};
patches = [
./ssh-keysign-8.5.patch
./dont_create_privsep_path.patch
./locale_archive.patch
];
});
patches = [
./ssh-keysign-8.5.patch
./dont_create_privsep_path.patch
./locale_archive.patch
];
}
);
};
in
openssh

View File

@ -1,10 +1,12 @@
let
rex = _: super: {
rex = super.rex.overrideAttrs (_: {
postPatch = ''
patchShebangs bin
'';
});
rex = super.rex.overrideAttrs (
_: {
postPatch = ''
patchShebangs bin
'';
}
);
};
in
rex

View File

@ -1,12 +1,14 @@
let
signal-desktop = _: super: {
signal-desktop = super.signal-desktop.overrideAttrs (old: rec {
version = "6.34.1";
src = super.fetchurl {
url = "https://updates.signal.org/desktop/apt/pool/s/${old.pname}/${old.pname}_${version}_amd64.deb";
hash = "sha256-1kffRXPQmtxIsLZVOgPXDnxUmY59q+1umy25cditRhw=";
};
});
signal-desktop = super.signal-desktop.overrideAttrs (
old: rec {
version = "6.34.1";
src = super.fetchurl {
url = "https://updates.signal.org/desktop/apt/pool/s/${old.pname}/${old.pname}_${version}_amd64.deb";
hash = "sha256-1kffRXPQmtxIsLZVOgPXDnxUmY59q+1umy25cditRhw=";
};
}
);
};
in
signal-desktop

View File

@ -20,11 +20,15 @@ let
#};
tailscale = _: super: {
tailscale = super.callPackage "${super.path}/pkgs/servers/tailscale" {
buildGoModule = args:
super.buildGo121Module (args // {
src = super.fetchFromGitHub fetchArgs;
inherit vendorHash ldflags version;
});
buildGoModule =
args:
super.buildGo121Module (
args
// {
src = super.fetchFromGitHub fetchArgs;
inherit vendorHash ldflags version;
}
);
};
};
in

View File

@ -1,13 +1,15 @@
let
tidal-hifi = _: super: {
tidal-hifi = super.tidal-hifi.overrideAttrs (_: rec {
version = "5.3.0";
tidal-hifi = super.tidal-hifi.overrideAttrs (
_: rec {
version = "5.3.0";
src = super.fetchurl {
url = "https://github.com/Mastermindzh/tidal-hifi/releases/download/${version}/tidal-hifi_${version}_amd64.deb";
sha256 = "sha256-YGSHEvanWek6qiWvKs6g+HneGbuuqJn/DBfhawjQi5M=";
};
});
src = super.fetchurl {
url = "https://github.com/Mastermindzh/tidal-hifi/releases/download/${version}/tidal-hifi_${version}_amd64.deb";
sha256 = "sha256-YGSHEvanWek6qiWvKs6g+HneGbuuqJn/DBfhawjQi5M=";
};
}
);
};
in
tidal-hifi

View File

@ -1,8 +1,9 @@
{ lib
, stdenv
, fetchFromGitHub
, pkgs
, ...
{
lib,
stdenv,
fetchFromGitHub,
pkgs,
...
}:
let
libadalang = stdenv.mkDerivation rec {
@ -38,7 +39,10 @@ let
sha256 = "sha256-IDPcIJfavlqMsxLOGrvXYv98FdYVWkCiimLcMFp3ees=";
};
buildInputs = with pkgs; [ gnat12 gprbuild ];
buildInputs = with pkgs; [
gnat12
gprbuild
];
makeFlags = [ "PREFIX=$(out)" ];
};
@ -53,7 +57,11 @@ let
sha256 = "sha256-kA5yOd3NDkRl08o38F5CyeFrihBZktNF6di3PC+/ZLU=";
};
buildInputs = with pkgs; [ gnat12 gprbuild libadalang ];
buildInputs = with pkgs; [
gnat12
gprbuild
libadalang
];
makeFlags = [ "PREFIX=$(out)" ];
};
@ -69,7 +77,13 @@ stdenv.mkDerivation rec {
sha256 = "sha256-ZUzym0aMjq14W9h/lDL5hVCF/i+1SFu6kccGqzmGO3E=";
};
buildInputs = with pkgs; [ gnat12 gprbuild python3 vss gnatdoc ];
buildInputs = with pkgs; [
gnat12
gprbuild
python3
vss
gnatdoc
];
meta = with lib; {
description = "Language server for Ada and SPARK";

View File

@ -1,9 +1,10 @@
{ stdenv
, lib
, fetchurl
, unzip
, autoPatchelfHook
, ...
{
stdenv,
lib,
fetchurl,
unzip,
autoPatchelfHook,
...
}:
with lib;
stdenv.mkDerivation rec {
@ -15,7 +16,10 @@ stdenv.mkDerivation rec {
sha256 = "sha256-bN/H5CPN7uvUH9+p+y/sg01qTJI3asToxVSVnKVNHuM=";
};
nativeBuildInputs = [ unzip autoPatchelfHook ];
nativeBuildInputs = [
unzip
autoPatchelfHook
];
dontBuild = true;
doCheck = false;

View File

@ -1,18 +1,16 @@
{ stdenv
, lib
, buildGoModule
, fetchFromGitHub
, isUnstable
, makeWrapper
, go
, git
, ...
{
stdenv,
lib,
buildGoModule,
fetchFromGitHub,
isUnstable,
makeWrapper,
go,
git,
...
}:
let
vendorHash =
if isUnstable
then ""
else "sha256-7CnkKMZ1so1lflmp4D9EAESR6/u9ys5CTuVOsYetp0I=";
vendorHash = if isUnstable then "" else "sha256-7CnkKMZ1so1lflmp4D9EAESR6/u9ys5CTuVOsYetp0I=";
in
with lib;
buildGoModule rec {
@ -30,7 +28,10 @@ buildGoModule rec {
ldflags = [ "-X github.com/gomods/athens/pkg/build.version=${version}" ];
nativeBuildInputs = lib.optionals stdenv.isLinux [ makeWrapper go ];
nativeBuildInputs = lib.optionals stdenv.isLinux [
makeWrapper
go
];
proxyVendor = true;
@ -40,7 +41,7 @@ buildGoModule rec {
postInstall = lib.optionalString stdenv.isLinux ''
mv $out/bin/proxy $out/bin/athens
wrapProgram $out/bin/athens --prefix PATH : ${lib.makeBinPath [git]}
wrapProgram $out/bin/athens --prefix PATH : ${lib.makeBinPath [ git ]}
'';
meta = {

Some files were not shown because too many files have changed in this diff Show More