diff --git a/flake.nix b/flake.nix index 891695e..2229efe 100644 --- a/flake.nix +++ b/flake.nix @@ -55,7 +55,8 @@ }; }; - outputs = inputs @ { self, nixpkgs, ... }: + outputs = + inputs@{ self, nixpkgs, ... }: let inherit (nixpkgs) lib; @@ -70,7 +71,11 @@ profiles.system = { user = "root"; - path = inputs.deploy-rs.lib.${self.nixosConfigurations.${hostName}.config.system.build.toplevel.system}.activate.nixos self.nixosConfigurations.${hostName}; + path = + inputs.deploy-rs.lib.${ + self.nixosConfigurations.${hostName}.config.system.build.toplevel.system + }.activate.nixos + self.nixosConfigurations.${hostName}; }; }; in @@ -80,16 +85,19 @@ directory = ./overlays; }; - legacyPackages = forEachSystem (system: + legacyPackages = forEachSystem ( + system: lib.packagesFromDirectoryRecursive { callPackage = nixpkgs.legacyPackages.${system}.callPackage; directory = ./pkgs; - }); + } + ); nixosConfigurations = lib.pipe ./hosts [ builtins.readDir (lib.filterAttrs (name: value: value == "directory")) - (lib.mapAttrs (name: value: + (lib.mapAttrs ( + name: value: lib.nixosSystem { specialArgs = { inherit self; }; @@ -102,7 +110,8 @@ } ./hosts/${name} ]; - })) + } + )) ]; formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style); @@ -126,7 +135,8 @@ ] mkDeployNode; }; - checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib; + checks = builtins.mapAttrs ( + system: deployLib: deployLib.deployChecks self.deploy + ) inputs.deploy-rs.lib; }; } - diff --git a/hosts/atlas/hardware-configuration.nix b/hosts/atlas/hardware-configuration.nix index 700e6c8..269c6b4 100644 --- a/hosts/atlas/hardware-configuration.nix +++ b/hosts/atlas/hardware-configuration.nix @@ -1,4 +1,10 @@ -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = [ @@ -6,7 +12,14 @@ ]; boot = { - initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + initrd.availableKernelModules = [ + "xhci_pci" + "ehci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + ]; initrd.kernelModules = [ ]; initrd.supportedFilesystems = [ "zfs" ]; kernelModules = [ "kvm-intel" ]; diff --git a/hosts/common.nix b/hosts/common.nix index 55b2028..b470326 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -1,4 +1,9 @@ -{ config, pkgs, self, ... }: +{ + config, + pkgs, + self, + ... +}: { imports = [ @@ -11,11 +16,9 @@ nixpkgs.overlays = [ self.inputs.agenix.overlays.default (import ../overlays/default.nix) - ( - final: prev: { - unstable = import self.inputs.nixpkgs-unstable { system = final.system; }; - } - ) + (final: prev: { + unstable = import self.inputs.nixpkgs-unstable { system = final.system; }; + }) ]; time.timeZone = "Europe/London"; @@ -66,7 +69,10 @@ system = "aarch64-linux"; maxJobs = 6; speedFactor = 1; - supportedFeatures = [ "big-parallel" "benchmark" ]; + supportedFeatures = [ + "big-parallel" + "benchmark" + ]; } ]; distributedBuilds = true; diff --git a/hosts/desktop.nix b/hosts/desktop.nix index 7ec7378..14b62dd 100644 --- a/hosts/desktop.nix +++ b/hosts/desktop.nix @@ -48,7 +48,14 @@ fonts.packages = with pkgs; [ noto-fonts - (nerdfonts.override { fonts = [ "BigBlueTerminal" "ComicShannsMono" "Terminus" "UbuntuMono" ]; }) + (nerdfonts.override { + fonts = [ + "BigBlueTerminal" + "ComicShannsMono" + "Terminus" + "UbuntuMono" + ]; + }) ]; modules = { diff --git a/hosts/eos/hardware-configuration.nix b/hosts/eos/hardware-configuration.nix index edb02a7..4c90a5c 100644 --- a/hosts/eos/hardware-configuration.nix +++ b/hosts/eos/hardware-configuration.nix @@ -1,4 +1,10 @@ -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = [ @@ -6,7 +12,13 @@ ]; boot = { - initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ]; + initrd.availableKernelModules = [ + "ehci_pci" + "ahci" + "usb_storage" + "sd_mod" + "sdhci_pci" + ]; initrd.supportedFilesystems = [ "zfs" ]; kernel.sysctl = { "kernel.nmi_watchdog" = 0; diff --git a/hosts/helios/hardware-configuration.nix b/hosts/helios/hardware-configuration.nix index 66e8dd0..9b7c51d 100644 --- a/hosts/helios/hardware-configuration.nix +++ b/hosts/helios/hardware-configuration.nix @@ -1,4 +1,10 @@ -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = [ @@ -6,7 +12,15 @@ ]; boot = { - initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" "zfs" ]; + initrd.availableKernelModules = [ + "ehci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + "sr_mod" + "zfs" + ]; initrd.kernelModules = [ ]; initrd.supportedFilesystems = [ "zfs" ]; kernelModules = [ "kvm-intel" ]; diff --git a/hosts/hypnos/default.nix b/hosts/hypnos/default.nix index 57d8f07..2bebaef 100644 --- a/hosts/hypnos/default.nix +++ b/hosts/hypnos/default.nix @@ -1,4 +1,9 @@ -{ config, lib, self, ... }: +{ + config, + lib, + self, + ... +}: { imports = [ diff --git a/hosts/hypnos/disko-config.nix b/hosts/hypnos/disko-config.nix index 04bdf63..ab418de 100644 --- a/hosts/hypnos/disko-config.nix +++ b/hosts/hypnos/disko-config.nix @@ -123,4 +123,3 @@ }; }; } - diff --git a/hosts/hypnos/hardware-configuration.nix b/hosts/hypnos/hardware-configuration.nix index 78553be..6a9ba16 100644 --- a/hosts/hypnos/hardware-configuration.nix +++ b/hosts/hypnos/hardware-configuration.nix @@ -1,4 +1,10 @@ -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = [ @@ -6,12 +12,22 @@ ]; boot = { - initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + ]; kernel.sysctl = { "kernel.nmi_watchdog" = 0; "vm.laptop_mode" = 5; }; - kernelModules = [ "applesmc" "kvm-intel" "wl" ]; + kernelModules = [ + "applesmc" + "kvm-intel" + "wl" + ]; extraModulePackages = [ config.boot.kernelPackages.broadcom_sta config.boot.kernelPackages.nvidiaPackages.legacy_470 @@ -38,4 +54,3 @@ }; }; } - diff --git a/hosts/library/default.nix b/hosts/library/default.nix index 7580bd2..04e6053 100644 --- a/hosts/library/default.nix +++ b/hosts/library/default.nix @@ -19,7 +19,7 @@ firewall = { enable = true; allowedTCPPorts = [ - 22 # SSH + 22 # SSH ]; }; }; @@ -71,12 +71,14 @@ scrapeConfigs = [ { job_name = "node"; - static_configs = [{ - targets = [ - "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" - "127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}" - ]; - }]; + static_configs = [ + { + targets = [ + "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" + "127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}" + ]; + } + ]; } ]; }; @@ -90,8 +92,8 @@ ]; wants = [ "network-online.target" ]; serviceConfig = { - Type="simple"; - ExecStart=pkgs.lib.mkForce '' + Type = "simple"; + ExecStart = pkgs.lib.mkForce '' ${pkgs.openssh}/bin/ssh \ -NT \ -o ExitOnForwardFailure=yes \ @@ -101,60 +103,62 @@ -R localhost:8000:localhost:8000 \ jellyfin@vps1.mesh.vimium.net ''; - Restart="always"; - RestartSec=20; + Restart = "always"; + RestartSec = 20; }; wantedBy = [ "default.target" ]; }; - services.nginx = let - proxyConfig = '' - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; + services.nginx = + let + proxyConfig = '' + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; - proxy_set_header Range $http_range; - proxy_set_header If-Range $http_if_range; + proxy_set_header Range $http_range; + proxy_set_header If-Range $http_if_range; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - ''; - in { - enable = true; - package = pkgs.openresty; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - clientMaxBodySize = "2G"; - virtualHosts = { - "library.mesh.vimium.net" = { - locations."/" = { - root = "/mnt/library"; - extraConfig = '' - autoindex on; - ''; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + ''; + in + { + enable = true; + package = pkgs.openresty; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + clientMaxBodySize = "2G"; + virtualHosts = { + "library.mesh.vimium.net" = { + locations."/" = { + root = "/mnt/library"; + extraConfig = '' + autoindex on; + ''; + }; }; - }; - "jellyfin.vimium.com" = { - default = true; - listen = [ - { - addr = "127.0.0.1"; - port = 8000; - } - ]; - locations."/" = { - proxyPass = "http://localhost:8096"; - extraConfig = proxyConfig; - }; - locations."/metrics" = { - return = "404"; + "jellyfin.vimium.com" = { + default = true; + listen = [ + { + addr = "127.0.0.1"; + port = 8000; + } + ]; + locations."/" = { + proxyPass = "http://localhost:8096"; + extraConfig = proxyConfig; + }; + locations."/metrics" = { + return = "404"; + }; }; }; }; - }; hardware.graphics = { enable = true; @@ -162,7 +166,10 @@ vaapiVdpau ]; }; - users.users.jellyfin.extraGroups = [ "video" "render" ]; + users.users.jellyfin.extraGroups = [ + "video" + "render" + ]; services.jellyfin = { enable = true; package = pkgs.unstable.jellyfin; @@ -192,4 +199,3 @@ system.stateVersion = "22.11"; } - diff --git a/hosts/library/hardware-configuration.nix b/hosts/library/hardware-configuration.nix index 198166b..8110450 100644 --- a/hosts/library/hardware-configuration.nix +++ b/hosts/library/hardware-configuration.nix @@ -1,4 +1,10 @@ -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = [ @@ -6,7 +12,13 @@ ]; boot = { - initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ]; + initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usb_storage" + "sd_mod" + ]; initrd.kernelModules = [ ]; kernelModules = [ "kvm-amd" ]; extraModulePackages = [ ]; @@ -65,4 +77,3 @@ hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } - diff --git a/hosts/mail/default.nix b/hosts/mail/default.nix index 47e9f1f..e904b49 100644 --- a/hosts/mail/default.nix +++ b/hosts/mail/default.nix @@ -1,4 +1,9 @@ -{ config, lib, self, ... }: +{ + config, + lib, + self, + ... +}: { imports = [ @@ -15,7 +20,7 @@ firewall = { enable = true; allowedTCPPorts = [ - 22 # SSH + 22 # SSH ]; }; }; diff --git a/hosts/mail/hardware-configuration.nix b/hosts/mail/hardware-configuration.nix index 7ee550c..ef1bf0d 100644 --- a/hosts/mail/hardware-configuration.nix +++ b/hosts/mail/hardware-configuration.nix @@ -1,4 +1,10 @@ -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = [ @@ -7,7 +13,12 @@ boot = { initrd = { - availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; + availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "xen_blkfront" + "vmw_pvscsi" + ]; kernelModules = [ "nvme" ]; }; loader.grub = { @@ -19,4 +30,3 @@ zramSwap.enable = true; } - diff --git a/hosts/odyssey/default.nix b/hosts/odyssey/default.nix index 4f90217..90b75d2 100644 --- a/hosts/odyssey/default.nix +++ b/hosts/odyssey/default.nix @@ -26,7 +26,10 @@ networking = { hostId = "c5e68d78"; networkmanager.enable = true; - firewall.trustedInterfaces = [ "lxdbr0" "virbr0" ]; # Work around https://github.com/NixOS/nixpkgs/issues/263359 + firewall.trustedInterfaces = [ + "lxdbr0" + "virbr0" + ]; # Work around https://github.com/NixOS/nixpkgs/issues/263359 }; virtualisation = { @@ -44,7 +47,8 @@ recommendedProxySettings = true; virtualHosts = { "odyssey.mesh.vimium.net" = { - locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; + locations."/".proxyPass = + "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; }; }; }; diff --git a/hosts/odyssey/hardware-configuration.nix b/hosts/odyssey/hardware-configuration.nix index 2a6d6d3..3c341d8 100644 --- a/hosts/odyssey/hardware-configuration.nix +++ b/hosts/odyssey/hardware-configuration.nix @@ -1,4 +1,10 @@ -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = [ @@ -6,7 +12,14 @@ ]; boot = { - initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + initrd.availableKernelModules = [ + "xhci_pci" + "ehci_pci" + "nvme" + "usbhid" + "usb_storage" + "sd_mod" + ]; initrd.kernelModules = [ ]; initrd.supportedFilesystems = [ "zfs" ]; kernelModules = [ "kvm-intel" ]; diff --git a/hosts/pi/default.nix b/hosts/pi/default.nix index e7622db..ec40ac5 100644 --- a/hosts/pi/default.nix +++ b/hosts/pi/default.nix @@ -1,4 +1,10 @@ -{ config, lib, pkgs, self, ... }: +{ + config, + lib, + pkgs, + self, + ... +}: { imports = [ @@ -140,8 +146,8 @@ "system_health" ]; config = { - default_config = {}; - backup = {}; + default_config = { }; + backup = { }; homeassistant = { name = "Home"; latitude = "!secret latitude"; @@ -163,14 +169,16 @@ services.mosquitto = { enable = true; - listeners = [{ - acl = [ "pattern readwrite #" ]; - omitPasswordAuth = true; - port = 1883; - settings = { - allow_anonymous = true; - }; - }]; + listeners = [ + { + acl = [ "pattern readwrite #" ]; + omitPasswordAuth = true; + port = 1883; + settings = { + allow_anonymous = true; + }; + } + ]; }; age.secrets."files/services/zigbee2mqtt/secret.yaml" = { @@ -203,7 +211,16 @@ channel = 20; network_key = "!secret.yaml network_key"; pan_id = 13001; - ext_pan_id = [ 79 1 73 47 250 136 124 222 ]; + ext_pan_id = [ + 79 + 1 + 73 + 47 + 250 + 136 + 124 + 222 + ]; transmit_power = 20; }; mqtt = { @@ -234,10 +251,12 @@ # Connection to ONKYO HT-R990 networking.interfaces.end0 = { - ipv4.addresses = [{ - address = "172.16.0.1"; - prefixLength = 30; - }]; + ipv4.addresses = [ + { + address = "172.16.0.1"; + prefixLength = 30; + } + ]; }; environment.systemPackages = with pkgs; [ @@ -248,4 +267,3 @@ system.stateVersion = "22.11"; } - diff --git a/hosts/pi/hardware-configuration.nix b/hosts/pi/hardware-configuration.nix index 3c28ab7..23f9269 100644 --- a/hosts/pi/hardware-configuration.nix +++ b/hosts/pi/hardware-configuration.nix @@ -1,4 +1,9 @@ -{ lib, pkgs, modulesPath, ... }: +{ + lib, + pkgs, + modulesPath, + ... +}: { imports = [ @@ -6,42 +11,55 @@ ]; boot = { - kernelPackages = let - version = "6.1.73"; - tag = "stable_20240124"; - srcHash = "sha256-P4ExzxWqZj+9FZr9U2tmh7rfs/3+iHEv0m74PCoXVuM="; - in pkgs.linuxPackagesFor (pkgs.linux_rpi4.override { - argsOverride = { - src = pkgs.fetchFromGitHub { - owner = "raspberrypi"; - repo = "linux"; - rev = tag; - hash = srcHash; + kernelPackages = + let + version = "6.1.73"; + tag = "stable_20240124"; + srcHash = "sha256-P4ExzxWqZj+9FZr9U2tmh7rfs/3+iHEv0m74PCoXVuM="; + in + pkgs.linuxPackagesFor ( + pkgs.linux_rpi4.override { + argsOverride = { + src = pkgs.fetchFromGitHub { + owner = "raspberrypi"; + repo = "linux"; + rev = tag; + hash = srcHash; + }; + version = version; + modDirVersion = version; + structuredExtraConfig = { }; + kernelPatches = [ + { + name = "drm-rp1-depends-on-instead-of-select-MFD_RP1.patch"; + patch = pkgs.fetchpatch { + url = "https://github.com/peat-psuwit/rpi-linux/commit/6de0bb51929cd3ad4fa27b2a421a2af12e6468f5.patch"; + hash = "sha256-9pHcbgWTiztu48SBaLPVroUnxnXMKeCGt5vEo9V8WGw="; + }; + } + { + name = "iommu-bcm2712-don-t-allow-building-as-module.patch"; + patch = pkgs.fetchpatch { + url = "https://github.com/peat-psuwit/rpi-linux/commit/693a5e69bddbcbe1d1b796ebc7581c3597685b1b.patch"; + hash = "sha256-8BYYQDM5By8cTk48ASYKJhGVQnZBIK4PXtV70UtfS+A="; + }; + } + ]; }; - version = version; - modDirVersion = version; - structuredExtraConfig = {}; - kernelPatches = [ - { - name = "drm-rp1-depends-on-instead-of-select-MFD_RP1.patch"; - patch = pkgs.fetchpatch { - url = "https://github.com/peat-psuwit/rpi-linux/commit/6de0bb51929cd3ad4fa27b2a421a2af12e6468f5.patch"; - hash = "sha256-9pHcbgWTiztu48SBaLPVroUnxnXMKeCGt5vEo9V8WGw="; - }; - } - { - name = "iommu-bcm2712-don-t-allow-building-as-module.patch"; - patch = pkgs.fetchpatch { - url = "https://github.com/peat-psuwit/rpi-linux/commit/693a5e69bddbcbe1d1b796ebc7581c3597685b1b.patch"; - hash = "sha256-8BYYQDM5By8cTk48ASYKJhGVQnZBIK4PXtV70UtfS+A="; - }; - } - ]; - }; - }); + } + ); # Stop ZFS kernel being built - supportedFilesystems = lib.mkForce [ "btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs" ]; + supportedFilesystems = lib.mkForce [ + "btrfs" + "cifs" + "f2fs" + "jfs" + "ntfs" + "reiserfs" + "vfat" + "xfs" + ]; tmp.cleanOnBoot = true; }; @@ -49,14 +67,15 @@ # https://github.com/NixOS/nixpkgs/issues/154163 nixpkgs.overlays = [ (final: prev: { - makeModulesClosure = x: - prev.makeModulesClosure (x // { allowMissing = true; }); + makeModulesClosure = x: prev.makeModulesClosure (x // { allowMissing = true; }); }) (final: prev: { - raspberrypifw = let - version = "1.20240529"; - srcHash = "sha256-KsCo7ZG6vKstxRyFljZtbQvnDSqiAPdUza32xTY/tlA="; - in pkgs.raspberrypifw.override { + raspberrypifw = + let + version = "1.20240529"; + srcHash = "sha256-KsCo7ZG6vKstxRyFljZtbQvnDSqiAPdUza32xTY/tlA="; + in + pkgs.raspberrypifw.override { argsOverride = { src = prev.fetchFromGitHub { owner = "raspberrypi"; @@ -77,4 +96,3 @@ }; }; } - diff --git a/hosts/server.nix b/hosts/server.nix index 8366210..dd1f70d 100644 --- a/hosts/server.nix +++ b/hosts/server.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { imports = [ diff --git a/hosts/skycam/default.nix b/hosts/skycam/default.nix index 0240b4b..f2bb61c 100644 --- a/hosts/skycam/default.nix +++ b/hosts/skycam/default.nix @@ -1,4 +1,10 @@ -{ config, lib, pkgs, self, ... }: +{ + config, + lib, + pkgs, + self, + ... +}: { imports = [ @@ -21,27 +27,36 @@ # From https://github.com/Electrostasy/dots/blob/3b81723feece67610a252ce754912f6769f0cd34/hosts/phobos/klipper.nix#L43-L65 overlays = let - mkCompatibleDtsFile = dtbo: + mkCompatibleDtsFile = + dtbo: let - drv = pkgs.runCommand "fix-dts" { nativeBuildInputs = with pkgs; [ dtc gnused ]; } '' - mkdir "$out" - dtc -I dtb -O dts ${dtbo} | sed -e 's/bcm2835/bcm2711/' > $out/overlay.dts - ''; + drv = + pkgs.runCommand "fix-dts" + { + nativeBuildInputs = with pkgs; [ + dtc + gnused + ]; + } + '' + mkdir "$out" + dtc -I dtb -O dts ${dtbo} | sed -e 's/bcm2835/bcm2711/' > $out/overlay.dts + ''; in - "${drv}/overlay.dts"; + "${drv}/overlay.dts"; inherit (config.boot.kernelPackages) kernel; in - [ - { - name = "imx708.dtbo"; - dtsFile = mkCompatibleDtsFile "${kernel}/dtbs/overlays/imx708.dtbo"; - } - { - name = "vc4-kms-v3d-pi4.dtbo"; - dtsFile = mkCompatibleDtsFile "${kernel}/dtbs/overlays/vc4-kms-v3d-pi4.dtbo"; - } - ]; + [ + { + name = "imx708.dtbo"; + dtsFile = mkCompatibleDtsFile "${kernel}/dtbs/overlays/imx708.dtbo"; + } + { + name = "vc4-kms-v3d-pi4.dtbo"; + dtsFile = mkCompatibleDtsFile "${kernel}/dtbs/overlays/vc4-kms-v3d-pi4.dtbo"; + } + ]; }; firmware = with pkgs; [ firmwareLinuxNonfree @@ -83,9 +98,10 @@ ConditionPathExists = "/sys/bus/i2c/drivers/imx708/10-001a/video4linux"; }; serviceConfig = { - ExecStart = ''${pkgs.libcamera}/bin/libcamerify ${pkgs.unstable.ustreamer}/bin/ustreamer \ - --host=0.0.0.0 \ - --resolution=4608x2592 + ExecStart = '' + ${pkgs.libcamera}/bin/libcamerify ${pkgs.unstable.ustreamer}/bin/ustreamer \ + --host=0.0.0.0 \ + --resolution=4608x2592 ''; DynamicUser = "yes"; SupplementaryGroups = [ "video" ]; diff --git a/hosts/skycam/hardware-configuration.nix b/hosts/skycam/hardware-configuration.nix index a3a3728..5bae78a 100644 --- a/hosts/skycam/hardware-configuration.nix +++ b/hosts/skycam/hardware-configuration.nix @@ -1,4 +1,9 @@ -{ config, lib, modulesPath, ... }: +{ + config, + lib, + modulesPath, + ... +}: { imports = [ @@ -11,14 +16,17 @@ "cma=512M" "panic=0" ]; - supportedFilesystems = lib.mkForce [ "f2fs" "vfat" "xfs" ]; + supportedFilesystems = lib.mkForce [ + "f2fs" + "vfat" + "xfs" + ]; tmp.cleanOnBoot = false; }; nixpkgs.overlays = [ (final: super: { - makeModulesClosure = x: - super.makeModulesClosure (x // { allowMissing = true; }); + makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; }); }) ]; @@ -30,4 +38,3 @@ }; }; } - diff --git a/hosts/vps1/default.nix b/hosts/vps1/default.nix index eb71b82..930d6e9 100644 --- a/hosts/vps1/default.nix +++ b/hosts/vps1/default.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { imports = [ @@ -13,7 +18,7 @@ firewall = { enable = true; allowedTCPPorts = [ - 22 # SSH + 22 # SSH ]; }; }; @@ -37,7 +42,10 @@ groups = { jellyfin = { }; }; - extraGroups.acme.members = [ "kanidm" "nginx" ]; + extraGroups.acme.members = [ + "kanidm" + "nginx" + ]; }; services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password"; @@ -47,26 +55,28 @@ group = "acme"; }; - services.kanidm = let - baseDomain = "vimium.com"; - domain = "auth.${baseDomain}"; - uri = "https://${domain}"; - in { - package = pkgs.unstable.kanidm; - enableClient = true; - enableServer = true; - clientSettings = { - inherit uri; + services.kanidm = + let + baseDomain = "vimium.com"; + domain = "auth.${baseDomain}"; + uri = "https://${domain}"; + in + { + package = pkgs.unstable.kanidm; + enableClient = true; + enableServer = true; + clientSettings = { + inherit uri; + }; + serverSettings = { + bindaddress = "[::1]:3013"; + ldapbindaddress = "[::1]:636"; + domain = baseDomain; + origin = uri; + tls_chain = "${config.security.acme.certs.${domain}.directory}/full.pem"; + tls_key = "${config.security.acme.certs.${domain}.directory}/key.pem"; + }; }; - serverSettings = { - bindaddress = "[::1]:3013"; - ldapbindaddress = "[::1]:636"; - domain = baseDomain; - origin = uri; - tls_chain = "${config.security.acme.certs.${domain}.directory}/full.pem"; - tls_key = "${config.security.acme.certs.${domain}.directory}/key.pem"; - }; - }; services.nginx.virtualHosts = { "auth.vimium.com" = { diff --git a/hosts/vps1/hardware-configuration.nix b/hosts/vps1/hardware-configuration.nix index 1f79513..a124863 100644 --- a/hosts/vps1/hardware-configuration.nix +++ b/hosts/vps1/hardware-configuration.nix @@ -1,4 +1,10 @@ -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = [ @@ -7,7 +13,12 @@ boot = { initrd = { - availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; + availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "xen_blkfront" + "vmw_pvscsi" + ]; kernelModules = [ "nvme" ]; }; loader.grub.device = "/dev/sda"; @@ -23,4 +34,3 @@ }; }; } - diff --git a/modules/home-manager/options.nix b/modules/home-manager/options.nix index 71f77dd..a314e91 100644 --- a/modules/home-manager/options.nix +++ b/modules/home-manager/options.nix @@ -1,28 +1,67 @@ -{ config, options, lib, self, ... }: +{ + config, + options, + lib, + self, + ... +}: with lib; { options = with types; { - user = mkOption { type = attrs; default = { }; }; - - home = { - configFile = mkOption { type = attrs; default = { }; description = "Files to place in $XDG_CONFIG_HOME"; }; - dataFile = mkOption { type = attrs; default = { }; description = "Files to place in $XDG_DATA_HOME"; }; - file = mkOption { type = attrs; default = { }; description = "Files to place directly in $HOME"; }; - packages = mkOption { type = attrs; default = { }; description = "User-level installed packages"; }; - programs = mkOption { type = attrs; default = { }; description = "Programs managed directly from home-manager"; }; - services = mkOption { type = attrs; default = { }; description = "Services managed directly from home-manager"; }; + user = mkOption { + type = attrs; + default = { }; }; - dconf.settings = mkOption { type = attrs; default = { }; description = "dconf settings to enable"; }; + home = { + configFile = mkOption { + type = attrs; + default = { }; + description = "Files to place in $XDG_CONFIG_HOME"; + }; + dataFile = mkOption { + type = attrs; + default = { }; + description = "Files to place in $XDG_DATA_HOME"; + }; + file = mkOption { + type = attrs; + default = { }; + description = "Files to place directly in $HOME"; + }; + packages = mkOption { + type = attrs; + default = { }; + description = "User-level installed packages"; + }; + programs = mkOption { + type = attrs; + default = { }; + description = "Programs managed directly from home-manager"; + }; + services = mkOption { + type = attrs; + default = { }; + description = "Services managed directly from home-manager"; + }; + }; + + dconf.settings = mkOption { + type = attrs; + default = { }; + description = "dconf settings to enable"; + }; env = mkOption { - type = attrsOf (oneOf [ str path (listOf (either str path)) ]); - apply = mapAttrs (n: v: - if isList v then - concatMapStringsSep ":" (x: toString x) v - else - (toString v)); + type = attrsOf (oneOf [ + str + path + (listOf (either str path)) + ]); + apply = mapAttrs ( + n: v: if isList v then concatMapStringsSep ":" (x: toString x) v else (toString v) + ); default = { }; description = ""; }; @@ -31,12 +70,27 @@ with lib; config = { age.secrets."passwords/users/jordan".file = "${self.inputs.secrets}/passwords/users/jordan.age"; user = - let user = builtins.getEnv "USER"; - name = if elem user [ "" "root" ] then "jordan" else user; - in { + let + user = builtins.getEnv "USER"; + name = + if + elem user [ + "" + "root" + ] + then + "jordan" + else + user; + in + { inherit name; isNormalUser = true; - extraGroups = [ "networkmanager" "wheel" "lxd" ]; + extraGroups = [ + "networkmanager" + "wheel" + "lxd" + ]; description = "Jordan Holt"; useDefaultShell = true; openssh.authorizedKeys.keys = [ @@ -57,12 +111,12 @@ with lib; file = mkAliasDefinitions options.home.file; stateVersion = config.system.stateVersion; }; - programs = mkAliasDefinitions options.home.programs; - services = mkAliasDefinitions options.home.services; + programs = mkAliasDefinitions options.home.programs; + services = mkAliasDefinitions options.home.services; xdg = { - enable = true; - configFile = mkAliasDefinitions options.home.configFile; - dataFile = mkAliasDefinitions options.home.dataFile; + enable = true; + configFile = mkAliasDefinitions options.home.configFile; + dataFile = mkAliasDefinitions options.home.dataFile; }; dconf.settings = mkAliasDefinitions options.dconf.settings; }; @@ -75,8 +129,8 @@ with lib; users.users.${config.user.name} = mkAliasDefinitions options.user; - environment.extraInit = - concatStringsSep "\n" - (mapAttrsToList (n: v: "export ${n}=\"${v}\"") config.env); + environment.extraInit = concatStringsSep "\n" ( + mapAttrsToList (n: v: "export ${n}=\"${v}\"") config.env + ); }; } diff --git a/modules/home-manager/programs/brave.nix b/modules/home-manager/programs/brave.nix index 72949e5..b04fe92 100644 --- a/modules/home-manager/programs/brave.nix +++ b/modules/home-manager/programs/brave.nix @@ -1,7 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: -let cfg = config.modules.programs.brave; -in { +let + cfg = config.modules.programs.brave; +in +{ options.modules.programs.brave = { enable = lib.mkOption { default = false; diff --git a/modules/home-manager/programs/dev/cc.nix b/modules/home-manager/programs/dev/cc.nix index 8708015..d2f5caa 100644 --- a/modules/home-manager/programs/dev/cc.nix +++ b/modules/home-manager/programs/dev/cc.nix @@ -1,7 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: -let cfg = config.modules.programs.dev.cc; -in { +let + cfg = config.modules.programs.dev.cc; +in +{ options.modules.programs.dev.cc = { enable = lib.mkOption { default = false; diff --git a/modules/home-manager/programs/dev/java.nix b/modules/home-manager/programs/dev/java.nix index d355505..32b209f 100644 --- a/modules/home-manager/programs/dev/java.nix +++ b/modules/home-manager/programs/dev/java.nix @@ -1,7 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: -let cfg = config.modules.programs.dev.java; -in { +let + cfg = config.modules.programs.dev.java; +in +{ options.modules.programs.dev.java = { enable = lib.mkOption { default = false; diff --git a/modules/home-manager/programs/dev/lua.nix b/modules/home-manager/programs/dev/lua.nix index 5e9c6ea..cd61362 100644 --- a/modules/home-manager/programs/dev/lua.nix +++ b/modules/home-manager/programs/dev/lua.nix @@ -1,7 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: -let cfg = config.modules.programs.dev.lua; -in { +let + cfg = config.modules.programs.dev.lua; +in +{ options.modules.programs.dev.lua = { enable = lib.mkOption { default = false; diff --git a/modules/home-manager/programs/dev/node.nix b/modules/home-manager/programs/dev/node.nix index a78545a..ce41de2 100644 --- a/modules/home-manager/programs/dev/node.nix +++ b/modules/home-manager/programs/dev/node.nix @@ -1,7 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: -let cfg = config.modules.programs.dev.node; -in { +let + cfg = config.modules.programs.dev.node; +in +{ options.modules.programs.dev.node = { enable = lib.mkOption { default = false; diff --git a/modules/home-manager/programs/dev/python.nix b/modules/home-manager/programs/dev/python.nix index e5b2e60..a8e2241 100644 --- a/modules/home-manager/programs/dev/python.nix +++ b/modules/home-manager/programs/dev/python.nix @@ -1,7 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: -let cfg = config.modules.programs.dev.python; -in { +let + cfg = config.modules.programs.dev.python; +in +{ options.modules.programs.dev.python = { enable = lib.mkOption { default = false; diff --git a/modules/home-manager/programs/dev/rust.nix b/modules/home-manager/programs/dev/rust.nix index 4407161..256f826 100644 --- a/modules/home-manager/programs/dev/rust.nix +++ b/modules/home-manager/programs/dev/rust.nix @@ -1,7 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: -let cfg = config.modules.programs.dev.rust; -in { +let + cfg = config.modules.programs.dev.rust; +in +{ options.modules.programs.dev.rust = { enable = lib.mkOption { default = false; diff --git a/modules/home-manager/programs/dev/scala.nix b/modules/home-manager/programs/dev/scala.nix index 6632afd..071e0e6 100644 --- a/modules/home-manager/programs/dev/scala.nix +++ b/modules/home-manager/programs/dev/scala.nix @@ -1,7 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: -let cfg = config.modules.programs.dev.scala; -in { +let + cfg = config.modules.programs.dev.scala; +in +{ options.modules.programs.dev.scala = { enable = lib.mkOption { default = false; diff --git a/modules/home-manager/programs/dev/shell.nix b/modules/home-manager/programs/dev/shell.nix index 53f6fbf..d80a59f 100644 --- a/modules/home-manager/programs/dev/shell.nix +++ b/modules/home-manager/programs/dev/shell.nix @@ -1,7 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: -let cfg = config.modules.programs.dev.shell; -in { +let + cfg = config.modules.programs.dev.shell; +in +{ options.modules.programs.dev.shell = { enable = lib.mkOption { default = false; diff --git a/modules/home-manager/programs/dev/zig.nix b/modules/home-manager/programs/dev/zig.nix index 7f798f3..2689b0b 100644 --- a/modules/home-manager/programs/dev/zig.nix +++ b/modules/home-manager/programs/dev/zig.nix @@ -1,7 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: -let cfg = config.modules.programs.dev.zig; -in { +let + cfg = config.modules.programs.dev.zig; +in +{ options.modules.programs.dev.zig = { enable = lib.mkOption { default = false; diff --git a/modules/home-manager/programs/emulators.nix b/modules/home-manager/programs/emulators.nix index 6cca02b..9ea819e 100644 --- a/modules/home-manager/programs/emulators.nix +++ b/modules/home-manager/programs/emulators.nix @@ -1,17 +1,24 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: -let cfg = config.modules.programs.emulators; -in { +let + cfg = config.modules.programs.emulators; +in +{ options.modules.programs.emulators = { - ds.enable = lib.mkOption { + ds.enable = lib.mkOption { default = false; example = true; }; - gb.enable = lib.mkOption { + gb.enable = lib.mkOption { default = false; example = true; }; - gba.enable = lib.mkOption { + gba.enable = lib.mkOption { default = false; example = true; }; @@ -19,35 +26,35 @@ in { default = false; example = true; }; - ps1.enable = lib.mkOption { + ps1.enable = lib.mkOption { default = false; example = true; }; - ps2.enable = lib.mkOption { + ps2.enable = lib.mkOption { default = false; example = true; }; - ps3.enable = lib.mkOption { + ps3.enable = lib.mkOption { default = false; example = true; }; - psp.enable = lib.mkOption { + psp.enable = lib.mkOption { default = false; example = true; }; - snes.enable = lib.mkOption { + snes.enable = lib.mkOption { default = false; example = true; }; - switch.enable = lib.mkOption { + switch.enable = lib.mkOption { default = false; example = true; }; - wii.enable = lib.mkOption { + wii.enable = lib.mkOption { default = false; example = true; }; - xbox.enable = lib.mkOption { + xbox.enable = lib.mkOption { default = false; example = true; }; @@ -60,14 +67,9 @@ in { (lib.mkIf cfg.ps3.enable rpcs3) (lib.mkIf cfg.psp.enable unstable.ppsspp) (lib.mkIf cfg.ds.enable desmume) - (lib.mkIf (cfg.gba.enable || - cfg.gb.enable || - cfg.snes.enable) - higan) + (lib.mkIf (cfg.gba.enable || cfg.gb.enable || cfg.snes.enable) higan) (lib.mkIf cfg.switch.enable yuzuPackages.mainline) - (lib.mkIf (cfg.wii.enable || - cfg.gamecube.enable) - dolphin-emu) + (lib.mkIf (cfg.wii.enable || cfg.gamecube.enable) dolphin-emu) (lib.mkIf cfg.xbox.enable unstable.xemu) ]; }; diff --git a/modules/home-manager/programs/firefox.nix b/modules/home-manager/programs/firefox.nix index c73e884..307b1c6 100644 --- a/modules/home-manager/programs/firefox.nix +++ b/modules/home-manager/programs/firefox.nix @@ -1,7 +1,14 @@ -{ config, lib, self, ... }: +{ + config, + lib, + self, + ... +}: -let cfg = config.modules.programs.firefox; -in { +let + cfg = config.modules.programs.firefox; +in +{ options.modules.programs.firefox = { enable = lib.mkOption { default = false; @@ -10,7 +17,8 @@ in { }; config = lib.mkIf cfg.enable { - home.file.".mozilla/firefox/Default/chrome/firefox-gnome-theme".source = self.inputs.firefox-gnome-theme; + home.file.".mozilla/firefox/Default/chrome/firefox-gnome-theme".source = + self.inputs.firefox-gnome-theme; home.programs.firefox = { enable = true; diff --git a/modules/home-manager/programs/forensics.nix b/modules/home-manager/programs/forensics.nix index b943a88..e3b1aac 100644 --- a/modules/home-manager/programs/forensics.nix +++ b/modules/home-manager/programs/forensics.nix @@ -1,7 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: -let cfg = config.modules.programs.forensics; -in { +let + cfg = config.modules.programs.forensics; +in +{ options.modules.programs.forensics = { enable = lib.mkOption { default = false; diff --git a/modules/home-manager/programs/git/default.nix b/modules/home-manager/programs/git/default.nix index 0e2d51b..773c908 100644 --- a/modules/home-manager/programs/git/default.nix +++ b/modules/home-manager/programs/git/default.nix @@ -1,7 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: -let cfg = config.modules.programs.git; -in { +let + cfg = config.modules.programs.git; +in +{ options.modules.programs.git = { enable = lib.mkOption { default = false; diff --git a/modules/home-manager/programs/gpg.nix b/modules/home-manager/programs/gpg.nix index b5f99b3..c3fb41d 100644 --- a/modules/home-manager/programs/gpg.nix +++ b/modules/home-manager/programs/gpg.nix @@ -1,7 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: -let cfg = config.modules.programs.gpg; -in { +let + cfg = config.modules.programs.gpg; +in +{ options.modules.programs.gpg = { enable = lib.mkOption { default = false; diff --git a/modules/home-manager/programs/graphics.nix b/modules/home-manager/programs/graphics.nix index dff0ab2..7d7a14a 100644 --- a/modules/home-manager/programs/graphics.nix +++ b/modules/home-manager/programs/graphics.nix @@ -1,17 +1,24 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: -let cfg = config.modules.programs.graphics; -in { +let + cfg = config.modules.programs.graphics; +in +{ options.modules.programs.graphics = { modeling.enable = lib.mkOption { default = false; example = true; }; - raster.enable = lib.mkOption { + raster.enable = lib.mkOption { default = false; example = true; }; - vector.enable = lib.mkOption { + vector.enable = lib.mkOption { default = false; example = true; }; diff --git a/modules/home-manager/programs/libreoffice.nix b/modules/home-manager/programs/libreoffice.nix index 94e7dcd..c8017d7 100644 --- a/modules/home-manager/programs/libreoffice.nix +++ b/modules/home-manager/programs/libreoffice.nix @@ -1,25 +1,31 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.modules.programs.libreoffice; - # libreoffice-gtk4 = pkgs.libreoffice.override { - # extraMakeWrapperArgs = [ - # "--set SAL_USE_VCLPLUGIN gtk4" - # ]; - # unwrapped = pkgs.libreoffice-unwrapped.overrideAttrs (oldAttrs: { - # buildInputs = oldAttrs.buildInputs ++ [ - # pkgs.gtk4 - # ]; - # configureFlags = oldAttrs.configureFlags ++ [ - # "--disable-werror" - # "--enable-gtk4" - # ]; - # passthru = oldAttrs.passthru // { - # inherit (pkgs) gtk4; - # }; - # }); - # }; -in { +in +# libreoffice-gtk4 = pkgs.libreoffice.override { +# extraMakeWrapperArgs = [ +# "--set SAL_USE_VCLPLUGIN gtk4" +# ]; +# unwrapped = pkgs.libreoffice-unwrapped.overrideAttrs (oldAttrs: { +# buildInputs = oldAttrs.buildInputs ++ [ +# pkgs.gtk4 +# ]; +# configureFlags = oldAttrs.configureFlags ++ [ +# "--disable-werror" +# "--enable-gtk4" +# ]; +# passthru = oldAttrs.passthru // { +# inherit (pkgs) gtk4; +# }; +# }); +# }; +{ options.modules.programs.libreoffice = { enable = lib.mkOption { default = false; diff --git a/modules/home-manager/programs/lutris.nix b/modules/home-manager/programs/lutris.nix index 9f4189a..ef81700 100644 --- a/modules/home-manager/programs/lutris.nix +++ b/modules/home-manager/programs/lutris.nix @@ -1,7 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: -let cfg = config.modules.programs.lutris; -in { +let + cfg = config.modules.programs.lutris; +in +{ options.modules.programs.lutris = { enable = lib.mkOption { default = false; diff --git a/modules/home-manager/programs/neovim.nix b/modules/home-manager/programs/neovim.nix index 45fd25a..0877959 100644 --- a/modules/home-manager/programs/neovim.nix +++ b/modules/home-manager/programs/neovim.nix @@ -1,8 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.modules.programs.neovim; -in { +in +{ options.modules.programs.neovim = { enable = lib.mkOption { default = false; diff --git a/modules/home-manager/programs/pass.nix b/modules/home-manager/programs/pass.nix index 6f588a0..3566914 100644 --- a/modules/home-manager/programs/pass.nix +++ b/modules/home-manager/programs/pass.nix @@ -1,7 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: -let cfg = config.modules.programs.pass; -in { +let + cfg = config.modules.programs.pass; +in +{ options.modules.programs.pass = { enable = lib.mkOption { default = false; diff --git a/modules/home-manager/programs/qbittorrent.nix b/modules/home-manager/programs/qbittorrent.nix index c5a5068..928f956 100644 --- a/modules/home-manager/programs/qbittorrent.nix +++ b/modules/home-manager/programs/qbittorrent.nix @@ -1,7 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: -let cfg = config.modules.programs.qbittorrent; -in { +let + cfg = config.modules.programs.qbittorrent; +in +{ options.modules.programs.qbittorrent = { enable = lib.mkOption { default = false; diff --git a/modules/home-manager/programs/recording.nix b/modules/home-manager/programs/recording.nix index d16aeab..4f0402f 100644 --- a/modules/home-manager/programs/recording.nix +++ b/modules/home-manager/programs/recording.nix @@ -1,7 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: -let cfg = config.modules.programs.recording; -in { +let + cfg = config.modules.programs.recording; +in +{ options.modules.programs.recording = { audio.enable = lib.mkOption { default = false; @@ -14,15 +21,26 @@ in { }; config = { - user.packages = with pkgs; - (if cfg.audio.enable then [ - ardour - audacity - ] else []) ++ - (if cfg.video.enable then [ - handbrake - mkvtoolnix - obs-studio - ] else []); + user.packages = + with pkgs; + ( + if cfg.audio.enable then + [ + ardour + audacity + ] + else + [ ] + ) + ++ ( + if cfg.video.enable then + [ + handbrake + mkvtoolnix + obs-studio + ] + else + [ ] + ); }; } diff --git a/modules/home-manager/programs/slack.nix b/modules/home-manager/programs/slack.nix index 454594d..00cda79 100644 --- a/modules/home-manager/programs/slack.nix +++ b/modules/home-manager/programs/slack.nix @@ -1,7 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: -let cfg = config.modules.programs.slack; -in { +let + cfg = config.modules.programs.slack; +in +{ options.modules.programs.slack = { enable = lib.mkOption { default = false; diff --git a/modules/home-manager/programs/steam.nix b/modules/home-manager/programs/steam.nix index 3be32dd..6b489aa 100644 --- a/modules/home-manager/programs/steam.nix +++ b/modules/home-manager/programs/steam.nix @@ -1,7 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: -let cfg = config.modules.programs.steam; -in { +let + cfg = config.modules.programs.steam; +in +{ options.modules.programs.steam = { enable = lib.mkOption { default = false; diff --git a/modules/home-manager/programs/thunderbird.nix b/modules/home-manager/programs/thunderbird.nix index 64c05c2..3e69425 100644 --- a/modules/home-manager/programs/thunderbird.nix +++ b/modules/home-manager/programs/thunderbird.nix @@ -1,16 +1,24 @@ -{ config, lib, self, ... }: +{ + config, + lib, + self, + ... +}: -let cfg = config.modules.programs.thunderbird; -in { +let + cfg = config.modules.programs.thunderbird; +in +{ options.modules.programs.thunderbird = { enable = lib.mkOption { default = false; example = true; }; }; - + config = lib.mkIf cfg.enable { - home.file.".thunderbird/Default/chrome/thunderbird-gnome-theme".source = self.inputs.thunderbird-gnome-theme; + home.file.".thunderbird/Default/chrome/thunderbird-gnome-theme".source = + self.inputs.thunderbird-gnome-theme; home.programs.thunderbird = { enable = true; diff --git a/modules/home-manager/programs/vscode.nix b/modules/home-manager/programs/vscode.nix index 5d54027..78ec2af 100644 --- a/modules/home-manager/programs/vscode.nix +++ b/modules/home-manager/programs/vscode.nix @@ -1,7 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: -let cfg = config.modules.programs.vscode; -in { +let + cfg = config.modules.programs.vscode; +in +{ options.modules.programs.vscode = { enable = lib.mkOption { default = false; diff --git a/modules/home-manager/programs/zoom.nix b/modules/home-manager/programs/zoom.nix index adb0136..e92ee83 100644 --- a/modules/home-manager/programs/zoom.nix +++ b/modules/home-manager/programs/zoom.nix @@ -1,7 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: -let cfg = config.modules.programs.zoom; -in { +let + cfg = config.modules.programs.zoom; +in +{ options.modules.programs.zoom = { enable = lib.mkOption { default = false; diff --git a/modules/home-manager/shell/zsh/default.nix b/modules/home-manager/shell/zsh/default.nix index 76f4958..91fc46f 100644 --- a/modules/home-manager/shell/zsh/default.nix +++ b/modules/home-manager/shell/zsh/default.nix @@ -1,7 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: -let cfg = config.modules.shell.zsh; -in { +let + cfg = config.modules.shell.zsh; +in +{ options.modules.shell.zsh = { enable = lib.mkOption { default = false; @@ -30,9 +37,9 @@ in { ]; env = { - ZDOTDIR = "$XDG_CONFIG_HOME/zsh"; + ZDOTDIR = "$XDG_CONFIG_HOME/zsh"; ZSH_CACHE = "$XDG_CACHE_HOME/zsh"; - ZGEN_DIR = "$XDG_DATA_HOME/zgenom"; + ZGEN_DIR = "$XDG_DATA_HOME/zgenom"; }; home.configFile = { diff --git a/modules/nixos/hardware/presonus-studio/default.nix b/modules/nixos/hardware/presonus-studio/default.nix index 2b4d77d..20a2e2d 100644 --- a/modules/nixos/hardware/presonus-studio/default.nix +++ b/modules/nixos/hardware/presonus-studio/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.modules.hardware.presonus-studio; snd-usb-audio-module = pkgs.callPackage ./snd-usb-audio.nix { @@ -13,7 +18,8 @@ let "channelmix.upmix-method" = "psd"; }; }; -in { +in +{ options.modules.hardware.presonus-studio = { enable = lib.mkOption { default = false; @@ -67,11 +73,23 @@ in { "capture.props" = { "node.name" = "Genelec_Speakers"; "media.class" = "Audio/Sink"; - "audio.position" = [ "FL" "FR" "SL" "SR" "LFE" ]; + "audio.position" = [ + "FL" + "FR" + "SL" + "SR" + "LFE" + ]; }; "playback.props" = { "node.name" = "playback.Genelec_Speakers"; - "audio.position" = [ "AUX0" "AUX1" "AUX3" "AUX4" "AUX5" ]; + "audio.position" = [ + "AUX0" + "AUX1" + "AUX3" + "AUX4" + "AUX5" + ]; "target.object" = "alsa_output.usb-PreSonus_Studio_1824c_SC4E21110775-00.multichannel-output"; "stream.dont-remix" = true; "node.passive" = true; @@ -85,4 +103,4 @@ in { client-rt."40-upmix" = upmixConfig; }; }; - } +} diff --git a/modules/nixos/hardware/presonus-studio/snd-usb-audio.nix b/modules/nixos/hardware/presonus-studio/snd-usb-audio.nix index 329501e..ddfbf97 100644 --- a/modules/nixos/hardware/presonus-studio/snd-usb-audio.nix +++ b/modules/nixos/hardware/presonus-studio/snd-usb-audio.nix @@ -1,8 +1,17 @@ -{ pkgs, lib, kernel ? pkgs.linuxPackages_latest.kernel }: +{ + pkgs, + lib, + kernel ? pkgs.linuxPackages_latest.kernel, +}: pkgs.stdenv.mkDerivation { pname = "snd-usb-audio"; - inherit (kernel) src version postPatch nativeBuildInputs; + inherit (kernel) + src + version + postPatch + nativeBuildInputs + ; kernel_dev = kernel.dev; kernelVersion = kernel.modDirVersion; @@ -33,4 +42,3 @@ pkgs.stdenv.mkDerivation { license = lib.licenses.gpl2; }; } - diff --git a/modules/nixos/podman.nix b/modules/nixos/podman.nix index 0f7e2b7..848eb94 100644 --- a/modules/nixos/podman.nix +++ b/modules/nixos/podman.nix @@ -1,10 +1,16 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: with lib; let cfg = config.modules.podman; -in { +in +{ options.modules.podman = { enable = mkOption { default = false; diff --git a/modules/nixos/services/borgmatic.nix b/modules/nixos/services/borgmatic.nix index 294a8da..1c9044a 100644 --- a/modules/nixos/services/borgmatic.nix +++ b/modules/nixos/services/borgmatic.nix @@ -1,9 +1,15 @@ -{ config, lib, self, ... }: +{ + config, + lib, + self, + ... +}: let cfg = config.modules.services.borgmatic; hostname = config.networking.hostName; -in { +in +{ options.modules.services.borgmatic = { enable = lib.mkOption { default = false; @@ -12,7 +18,7 @@ in { }; directories = lib.mkOption { type = lib.types.listOf lib.types.str; - default = []; + default = [ ]; example = [ "/home/jordan/Documents" ]; @@ -35,9 +41,14 @@ in { settings = { source_directories = cfg.directories; repositories = [ - { label = "borgbase"; path = cfg.repoPath; } + { + label = "borgbase"; + path = cfg.repoPath; + } ]; - encryption_passcommand = "cat ${config.age.secrets."passwords/services/borg/${hostname}-passphrase".path}"; + encryption_passcommand = "cat ${ + config.age.secrets."passwords/services/borg/${hostname}-passphrase".path + }"; ssh_command = "ssh -i /etc/ssh/ssh_host_ed25519_key"; keep_daily = 7; keep_weekly = 4; diff --git a/modules/nixos/services/chrony.nix b/modules/nixos/services/chrony.nix index 6b80028..884a86a 100644 --- a/modules/nixos/services/chrony.nix +++ b/modules/nixos/services/chrony.nix @@ -1,10 +1,16 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; let cfg = config.modules.services.chrony; -in { +in +{ options.modules.services.chrony = { enable = mkOption { default = false; diff --git a/modules/nixos/services/coturn.nix b/modules/nixos/services/coturn.nix index b094048..64dab95 100644 --- a/modules/nixos/services/coturn.nix +++ b/modules/nixos/services/coturn.nix @@ -1,8 +1,14 @@ -{ config, lib, self, ... }: +{ + config, + lib, + self, + ... +}: let cfg = config.modules.services.coturn; -in { +in +{ options.modules.services.coturn = { enable = lib.mkOption { default = false; @@ -21,24 +27,28 @@ in { }; config = lib.mkIf cfg.enable { - networking.firewall = let - range = with config.services.coturn; lib.singleton { - from = min-port; - to = max-port; + networking.firewall = + let + range = + with config.services.coturn; + lib.singleton { + from = min-port; + to = max-port; + }; + in + { + allowedTCPPorts = [ + 3478 # TURN listener + 5349 # STUN TLS + 5350 # STUN TLS alt + ]; + allowedUDPPorts = [ + 3478 # TURN listener + 5349 # TLS + 5350 # TLS alt + ]; + allowedUDPPortRanges = range; # TURN peer relays }; - in { - allowedTCPPorts = [ - 3478 # TURN listener - 5349 # STUN TLS - 5350 # STUN TLS alt - ]; - allowedUDPPorts = [ - 3478 # TURN listener - 5349 # TLS - 5350 # TLS alt - ]; - allowedUDPPortRanges = range; # TURN peer relays - }; security.acme.certs = { "${config.services.coturn.realm}" = { @@ -47,19 +57,26 @@ in { }; }; - age.secrets = { - "passwords/services/coturn/static-auth-secret" = { - file = "${self.inputs.secrets}/passwords/services/coturn/static-auth-secret.age"; - owner = "turnserver"; - group = "turnserver"; - }; - } // (if cfg.matrixIntegration then { - "passwords/services/coturn/matrix-turn-config.yml" = { - file = "${self.inputs.secrets}/passwords/services/coturn/matrix-turn-config.yml.age"; - owner = "matrix-synapse"; - group = "matrix-synapse"; - }; - } else {}); + age.secrets = + { + "passwords/services/coturn/static-auth-secret" = { + file = "${self.inputs.secrets}/passwords/services/coturn/static-auth-secret.age"; + owner = "turnserver"; + group = "turnserver"; + }; + } + // ( + if cfg.matrixIntegration then + { + "passwords/services/coturn/matrix-turn-config.yml" = { + file = "${self.inputs.secrets}/passwords/services/coturn/matrix-turn-config.yml.age"; + owner = "matrix-synapse"; + group = "matrix-synapse"; + }; + } + else + { } + ); services.coturn = rec { enable = true; diff --git a/modules/nixos/services/gitea-runner.nix b/modules/nixos/services/gitea-runner.nix index 911728b..bad6b82 100644 --- a/modules/nixos/services/gitea-runner.nix +++ b/modules/nixos/services/gitea-runner.nix @@ -1,4 +1,10 @@ -{ pkgs, config, lib, self, ... }: +{ + pkgs, + config, + lib, + self, + ... +}: # Based on: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix @@ -52,7 +58,12 @@ in wantedBy = [ "multi-user.target" ]; after = [ "podman.service" ]; requires = [ "podman.service" ]; - path = [ config.virtualisation.podman.package pkgs.gnutar pkgs.shadow pkgs.getent ]; + path = [ + config.virtualisation.podman.package + pkgs.gnutar + pkgs.shadow + pkgs.getent + ]; script = '' set -eux -o pipefail mkdir -p etc/nix @@ -142,7 +153,12 @@ in "~setdomainname" "~sethostname" ]; - RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" "AF_NETLINK" ]; + RestrictAddressFamilies = [ + "AF_INET" + "AF_INET6" + "AF_UNIX" + "AF_NETLINK" + ]; # Needs network access PrivateNetwork = false; diff --git a/modules/nixos/services/gitea.nix b/modules/nixos/services/gitea.nix index eee170f..df2be37 100644 --- a/modules/nixos/services/gitea.nix +++ b/modules/nixos/services/gitea.nix @@ -1,8 +1,15 @@ -{ config, lib, pkgs, self, ... }: +{ + config, + lib, + pkgs, + self, + ... +}: let cfg = config.modules.services.gitea; -in { +in +{ options.modules.services.gitea = { enable = lib.mkEnableOption "gitea"; domain = lib.mkOption { @@ -16,7 +23,7 @@ in { users.git = { isSystemUser = true; useDefaultShell = true; - group = "git"; + group = "git"; extraGroups = [ "gitea" ]; home = config.services.gitea.stateDir; }; diff --git a/modules/nixos/services/headscale.nix b/modules/nixos/services/headscale.nix index 12094af..bc4c856 100644 --- a/modules/nixos/services/headscale.nix +++ b/modules/nixos/services/headscale.nix @@ -1,9 +1,15 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.modules.services.headscale; fqdn = "headscale.vimium.net"; -in { +in +{ options.modules.services.headscale = { enable = lib.mkOption { default = false; diff --git a/modules/nixos/services/mail.nix b/modules/nixos/services/mail.nix index f226920..718aea0 100644 --- a/modules/nixos/services/mail.nix +++ b/modules/nixos/services/mail.nix @@ -1,4 +1,9 @@ -{ config, lib, self, ... }: +{ + config, + lib, + self, + ... +}: let cfg = config.modules.services.mail; @@ -14,7 +19,8 @@ let "vimium.org" "vimium.xyz" ]; -in { +in +{ options.modules.services.mail = { enable = lib.mkOption { default = false; @@ -40,7 +46,10 @@ in { services.nginx.enable = true; - networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; mailserver = { enable = true; diff --git a/modules/nixos/services/matrix.nix b/modules/nixos/services/matrix.nix index 474ac1a..e20009e 100644 --- a/modules/nixos/services/matrix.nix +++ b/modules/nixos/services/matrix.nix @@ -1,8 +1,15 @@ -{ config, lib, pkgs, self, ... }: +{ + config, + lib, + pkgs, + self, + ... +}: let cfg = config.modules.services.matrix; -in { +in +{ options.modules.services.matrix = { enable = lib.mkEnableOption "matrix"; element = { @@ -31,198 +38,212 @@ in { usePostgresql = lib.mkEnableOption "postgresql"; }; - config = let - matrixSubdomain = "matrix.${cfg.serverName}"; - elementSubdomain = "chat.${cfg.serverName}"; - matrixClientConfig = { - "m.homeserver" = { - base_url = "https://${matrixSubdomain}"; - server_name = cfg.serverName; - }; - "m.identity_server" = { - "base_url" = "https://vector.im"; - }; - }; - matrixServerConfig."m.server" = "${matrixSubdomain}:443"; - commonBridgeSettings = bridge: { - appservice = { - database = lib.mkIf cfg.usePostgresql { - type = "postgres"; - uri = "postgresql:///${bridge}?host=/run/postgresql"; + config = + let + matrixSubdomain = "matrix.${cfg.serverName}"; + elementSubdomain = "chat.${cfg.serverName}"; + matrixClientConfig = { + "m.homeserver" = { + base_url = "https://${matrixSubdomain}"; + server_name = cfg.serverName; + }; + "m.identity_server" = { + "base_url" = "https://vector.im"; }; }; - bridge = { - encryption = { - allow = true; - default = true; - require = true; - }; - permissions = { - "${cfg.serverName}" = "user"; - "@jordan:${cfg.serverName}" = "admin"; - }; - provisioning = { - shared_secret = "disable"; - }; - }; - homeserver = { - address = "https://${matrixSubdomain}"; - domain = cfg.serverName; - }; - }; - in lib.mkIf cfg.enable { - networking.firewall.allowedTCPPorts = [ - 8448 # Matrix federation - ]; - - security.acme.certs = { - "${matrixSubdomain}" = { - reloadServices = [ "matrix-synapse" ]; - }; - }; - - services.nginx.virtualHosts = { - "${matrixSubdomain}" = { - forceSSL = true; - enableACME = true; - listen = [ - { - addr = "0.0.0.0"; - port = 443; - ssl = true; - } - { - addr = "0.0.0.0"; - port = 80; - } - { - addr = "0.0.0.0"; - port = 8448; - ssl = true; - } - { - addr = "[::1]"; - port = 443; - ssl = true; - } - { - addr = "[::1]"; - port = 80; - } - { - addr = "[::1]"; - port = 8448; - ssl = true; - } - ]; - locations = { - "/" = { - proxyPass = "http://localhost:8008"; - extraConfig = '' - proxy_set_header X-Forwarded-For $remote_addr; - ''; + matrixServerConfig."m.server" = "${matrixSubdomain}:443"; + commonBridgeSettings = bridge: { + appservice = { + database = lib.mkIf cfg.usePostgresql { + type = "postgres"; + uri = "postgresql:///${bridge}?host=/run/postgresql"; }; - "/_matrix" = { - proxyPass = "http://localhost:8008"; - extraConfig = '' - proxy_set_header X-Forwarded-For $remote_addr; - client_max_body_size 50M; - ''; + }; + bridge = { + encryption = { + allow = true; + default = true; + require = true; }; - "/_synapse/client".proxyPass = "http://localhost:8008"; + permissions = { + "${cfg.serverName}" = "user"; + "@jordan:${cfg.serverName}" = "admin"; + }; + provisioning = { + shared_secret = "disable"; + }; + }; + homeserver = { + address = "https://${matrixSubdomain}"; + domain = cfg.serverName; }; }; - "${cfg.serverName}" = let - mkWellKnown = data: '' - more_set_headers 'Content-Type: application/json'; - return 200 '${builtins.toJSON data}'; - ''; - in { - locations."= /.well-known/matrix/server".extraConfig = (mkWellKnown matrixServerConfig); - locations."= /.well-known/matrix/client".extraConfig = (mkWellKnown matrixClientConfig); + in + lib.mkIf cfg.enable { + networking.firewall.allowedTCPPorts = [ + 8448 # Matrix federation + ]; + + security.acme.certs = { + "${matrixSubdomain}" = { + reloadServices = [ "matrix-synapse" ]; + }; }; - } // (if cfg.element.enable then { - "${elementSubdomain}" = { - forceSSL = true; - enableACME = true; - root = pkgs.unstable.element-web.override { - conf = { - default_server_config = matrixClientConfig; - brand = "Vimium Chat"; - branding = { - auth_header_logo_url = "https://vimium.com/images/logo.svg"; - auth_footer_links = [ - { "text" = "Vimium.com"; "url" = "https://vimium.com"; } - ]; + + services.nginx.virtualHosts = + { + "${matrixSubdomain}" = { + forceSSL = true; + enableACME = true; + listen = [ + { + addr = "0.0.0.0"; + port = 443; + ssl = true; + } + { + addr = "0.0.0.0"; + port = 80; + } + { + addr = "0.0.0.0"; + port = 8448; + ssl = true; + } + { + addr = "[::1]"; + port = 443; + ssl = true; + } + { + addr = "[::1]"; + port = 80; + } + { + addr = "[::1]"; + port = 8448; + ssl = true; + } + ]; + locations = { + "/" = { + proxyPass = "http://localhost:8008"; + extraConfig = '' + proxy_set_header X-Forwarded-For $remote_addr; + ''; + }; + "/_matrix" = { + proxyPass = "http://localhost:8008"; + extraConfig = '' + proxy_set_header X-Forwarded-For $remote_addr; + client_max_body_size 50M; + ''; + }; + "/_synapse/client".proxyPass = "http://localhost:8008"; }; }; - }; - }; - } else {}); - - nixpkgs.config.permittedInsecurePackages = [ - "jitsi-meet-1.0.8043" - "olm-3.2.16" - ]; - - services.matrix-synapse = { - enable = true; - enableRegistrationScript = true; - settings = { - database.name = (if cfg.usePostgresql then "psycopg2" else "sqlite3"); - enable_metrics = false; - enable_registration = false; - max_upload_size = "100M"; - report_stats = false; - server_name = cfg.serverName; - }; - }; - systemd.services.matrix-synapse.serviceConfig.SupplementaryGroups = - (lib.optional cfg.bridges.whatsapp - config.systemd.services.mautrix-whatsapp.serviceConfig.Group); - - services.postgresql = lib.mkIf cfg.usePostgresql { - ensureUsers = [ - { - name = "matrix-synapse"; - ensureDBOwnership = true; + "${cfg.serverName}" = + let + mkWellKnown = data: '' + more_set_headers 'Content-Type: application/json'; + return 200 '${builtins.toJSON data}'; + ''; + in + { + locations."= /.well-known/matrix/server".extraConfig = (mkWellKnown matrixServerConfig); + locations."= /.well-known/matrix/client".extraConfig = (mkWellKnown matrixClientConfig); + }; } - ] ++ (lib.optional cfg.bridges.signal - { - name = "mautrix-signal"; - ensureDBOwnership = true; - }) - ++ (lib.optional cfg.bridges.whatsapp - { - name = "mautrix-whatsapp"; - ensureDBOwnership = true; - }); - ensureDatabases = [ - "matrix-synapse" - ] ++ (lib.optional cfg.bridges.signal - "mautrix-signal") - ++ (lib.optional cfg.bridges.whatsapp - "mautrix-whatsapp"); - }; + // ( + if cfg.element.enable then + { + "${elementSubdomain}" = { + forceSSL = true; + enableACME = true; + root = pkgs.unstable.element-web.override { + conf = { + default_server_config = matrixClientConfig; + brand = "Vimium Chat"; + branding = { + auth_header_logo_url = "https://vimium.com/images/logo.svg"; + auth_footer_links = [ + { + "text" = "Vimium.com"; + "url" = "https://vimium.com"; + } + ]; + }; + }; + }; + }; + } + else + { } + ); - services.mautrix-signal = lib.mkIf cfg.bridges.signal { - enable = true; - settings = commonBridgeSettings "mautrix-signal"; - }; + nixpkgs.config.permittedInsecurePackages = [ + "jitsi-meet-1.0.8043" + "olm-3.2.16" + ]; - services.mautrix-whatsapp = lib.mkIf cfg.bridges.whatsapp { - enable = true; - settings = { - bridge = { - history_sync = { - backfill = true; - max_initial_conversations = -1; - message_count = 50; - request_full_sync = true; - }; - mute_bridging = true; + services.matrix-synapse = { + enable = true; + enableRegistrationScript = true; + settings = { + database.name = (if cfg.usePostgresql then "psycopg2" else "sqlite3"); + enable_metrics = false; + enable_registration = false; + max_upload_size = "100M"; + report_stats = false; + server_name = cfg.serverName; }; - } // commonBridgeSettings "mautrix-whatsapp"; + }; + systemd.services.matrix-synapse.serviceConfig.SupplementaryGroups = ( + lib.optional cfg.bridges.whatsapp config.systemd.services.mautrix-whatsapp.serviceConfig.Group + ); + + services.postgresql = lib.mkIf cfg.usePostgresql { + ensureUsers = + [ + { + name = "matrix-synapse"; + ensureDBOwnership = true; + } + ] + ++ (lib.optional cfg.bridges.signal { + name = "mautrix-signal"; + ensureDBOwnership = true; + }) + ++ (lib.optional cfg.bridges.whatsapp { + name = "mautrix-whatsapp"; + ensureDBOwnership = true; + }); + ensureDatabases = + [ + "matrix-synapse" + ] + ++ (lib.optional cfg.bridges.signal "mautrix-signal") + ++ (lib.optional cfg.bridges.whatsapp "mautrix-whatsapp"); + }; + + services.mautrix-signal = lib.mkIf cfg.bridges.signal { + enable = true; + settings = commonBridgeSettings "mautrix-signal"; + }; + + services.mautrix-whatsapp = lib.mkIf cfg.bridges.whatsapp { + enable = true; + settings = { + bridge = { + history_sync = { + backfill = true; + max_initial_conversations = -1; + message_count = 50; + request_full_sync = true; + }; + mute_bridging = true; + }; + } // commonBridgeSettings "mautrix-whatsapp"; + }; }; - }; } diff --git a/modules/nixos/services/netbird.nix b/modules/nixos/services/netbird.nix index 7a109e7..693a36f 100644 --- a/modules/nixos/services/netbird.nix +++ b/modules/nixos/services/netbird.nix @@ -1,9 +1,15 @@ -{ config, lib, self, ... }: +{ + config, + lib, + self, + ... +}: let cfg = config.modules.services.netbird; hostname = config.networking.hostName; -in { +in +{ options.modules.services.netbird = { enable = lib.mkEnableOption "netbird"; coordinatorDomain = lib.mkOption { @@ -43,7 +49,9 @@ in { HttpConfig = { AuthAudience = "netbird"; }; - StoreConfig = { Engine = "sqlite"; }; + StoreConfig = { + Engine = "sqlite"; + }; TURNConfig = { Secret._secret = config.age.secrets."passwords/services/coturn/static-auth-secret".path; TimeBasedCredentials = true; diff --git a/modules/nixos/services/nginx.nix b/modules/nixos/services/nginx.nix index 0a340c5..4f635f0 100644 --- a/modules/nixos/services/nginx.nix +++ b/modules/nixos/services/nginx.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; @@ -34,7 +39,8 @@ let extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders; }; }; -in { +in +{ options.modules.services.nginx = { enable = mkOption { default = false; @@ -44,8 +50,8 @@ in { config = mkIf cfg.enable { networking.firewall.allowedTCPPorts = [ - 80 # HTTP - 443 # HTTPS + 80 # HTTP + 443 # HTTPS ]; services.nginx = { @@ -89,94 +95,99 @@ in { maxSize = "100m"; }; }; - virtualHosts = { - ## Static sites - "jellyfin.vimium.com" = { - forceSSL = true; - enableACME = true; - extraConfig = nginxErrorPages + nginxEdgeHeaders; - locations."/" = { - proxyPass = "http://localhost:8000"; + virtualHosts = + { + ## Static sites + "jellyfin.vimium.com" = { + forceSSL = true; + enableACME = true; + extraConfig = nginxErrorPages + nginxEdgeHeaders; + locations."/" = { + proxyPass = "http://localhost:8000"; + extraConfig = '' + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + + proxy_set_header Range $http_range; + proxy_set_header If-Range $http_if_range; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + ''; + }; + }; + "jdholt.com" = { + forceSSL = true; + enableACME = true; + serverAliases = [ "www.jdholt.com" ]; + extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders; + locations."/skycam/snapshot.jpg" = { + extraConfig = '' + set $backend "skycam.mesh.vimium.net:8080"; + + resolver 100.100.100.100; + + proxy_pass http://$backend/snapshot; + proxy_cache skycam_cache; + proxy_cache_valid any 10s; + proxy_ignore_headers Cache-Control Expires Set-Cookie; + ''; + }; + locations."/".return = "301 https://vimium.com$request_uri"; + }; + "pki.vimium.com" = { + addSSL = true; + forceSSL = false; + enableACME = true; extraConfig = '' - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - - proxy_set_header Range $http_range; - proxy_set_header If-Range $http_if_range; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; + ${nginxErrorPages} + more_set_headers 'Server: Vimium'; ''; + locations."/" = { + root = "/var/www/pki.vimium.com"; + }; }; - }; - "jdholt.com" = { - forceSSL = true; - enableACME = true; - serverAliases = [ "www.jdholt.com" ]; - extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders; - locations."/skycam/snapshot.jpg" = { - extraConfig = '' - set $backend "skycam.mesh.vimium.net:8080"; - - resolver 100.100.100.100; - - proxy_pass http://$backend/snapshot; - proxy_cache skycam_cache; - proxy_cache_valid any 10s; - proxy_ignore_headers Cache-Control Expires Set-Cookie; - ''; + "suhailhussain.com" = { + forceSSL = true; + enableACME = true; + serverAliases = [ "www.suhailhussain.com" ]; + extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders; + locations."/" = { + root = "/var/www/suhailhussain.com"; + }; }; - locations."/".return = "301 https://vimium.com$request_uri"; - }; - "pki.vimium.com" = { - addSSL = true; - forceSSL = false; - enableACME = true; - extraConfig = '' - ${nginxErrorPages} - more_set_headers 'Server: Vimium'; - ''; - locations."/" = { - root = "/var/www/pki.vimium.com"; + "vimium.com" = { + default = true; + forceSSL = true; + enableACME = true; + serverAliases = [ "www.vimium.com" ]; + extraConfig = + nginxErrorPages + + nginxEdgeHeaders + + nginxStrictHeaders + + '' + add_header Content-Security-Policy "default-src 'self' https://vimium.com https://www.vimium.com; style-src 'unsafe-inline'; object-src 'none'; upgrade-insecure-requests" always; + ''; + locations."/" = { + root = "/var/www/vimium.com"; + }; }; - }; - "suhailhussain.com" = { - forceSSL = true; - enableACME = true; - serverAliases = [ "www.suhailhussain.com" ]; - extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders; - locations."/" = { - root = "/var/www/suhailhussain.com"; - }; - }; - "vimium.com" = { - default = true; - forceSSL = true; - enableACME = true; - serverAliases = [ "www.vimium.com" ]; - extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders + '' - add_header Content-Security-Policy "default-src 'self' https://vimium.com https://www.vimium.com; style-src 'unsafe-inline'; object-src 'none'; upgrade-insecure-requests" always; - ''; - locations."/" = { - root = "/var/www/vimium.com"; - }; - }; - } - ## Redirects - // (mkRedirect "h0lt.com" "jdholt.com") - // (mkRedirect "jordanholt.xyz" "jdholt.com") - // (mkRedirect "omnimagic.com" "vimium.com") - // (mkRedirect "omnimagic.net" "vimium.com") - // (mkRedirect "thelostlegend.com" "suhailhussain.com") - // (mkRedirect "vimium.co" "vimium.com") - // (mkRedirect "vimium.co.uk" "vimium.com") - // (mkRedirect "vimium.info" "vimium.com") - // (mkRedirect "vimium.net" "vimium.com") - // (mkRedirect "vimium.org" "vimium.com") - // (mkRedirect "vimium.xyz" "vimium.com"); + } + ## Redirects + // (mkRedirect "h0lt.com" "jdholt.com") + // (mkRedirect "jordanholt.xyz" "jdholt.com") + // (mkRedirect "omnimagic.com" "vimium.com") + // (mkRedirect "omnimagic.net" "vimium.com") + // (mkRedirect "thelostlegend.com" "suhailhussain.com") + // (mkRedirect "vimium.co" "vimium.com") + // (mkRedirect "vimium.co.uk" "vimium.com") + // (mkRedirect "vimium.info" "vimium.com") + // (mkRedirect "vimium.net" "vimium.com") + // (mkRedirect "vimium.org" "vimium.com") + // (mkRedirect "vimium.xyz" "vimium.com"); }; }; } diff --git a/modules/nixos/services/photoprism.nix b/modules/nixos/services/photoprism.nix index e43f72f..bb69724 100644 --- a/modules/nixos/services/photoprism.nix +++ b/modules/nixos/services/photoprism.nix @@ -1,9 +1,17 @@ -{ config, lib, pkgs, self, ... }: +{ + config, + lib, + pkgs, + self, + ... +}: with lib; -let cfg = config.modules.services.photoprism; -in { +let + cfg = config.modules.services.photoprism; +in +{ options.modules.services.photoprism = { enable = mkOption { default = false; diff --git a/modules/nixos/services/postgresql.nix b/modules/nixos/services/postgresql.nix index 8de4b35..37d6412 100644 --- a/modules/nixos/services/postgresql.nix +++ b/modules/nixos/services/postgresql.nix @@ -6,7 +6,8 @@ let cfg = config.modules.services.postgresql; -in { +in +{ options.modules.services.postgresql = { enable = lib.mkOption { default = false; diff --git a/modules/nixos/services/tailscale.nix b/modules/nixos/services/tailscale.nix index cccdb69..46927c2 100644 --- a/modules/nixos/services/tailscale.nix +++ b/modules/nixos/services/tailscale.nix @@ -1,10 +1,17 @@ -{ config, lib, pkgs, self, ... }: +{ + config, + lib, + pkgs, + self, + ... +}: let cfg = config.modules.services.tailscale; headscale = "https://headscale.vimium.net"; hostname = config.networking.hostName; -in { +in +{ options.modules.services.tailscale = { enable = lib.mkOption { default = false; diff --git a/modules/nixos/system/desktop/gnome.nix b/modules/nixos/system/desktop/gnome.nix index 7389b80..61696be 100644 --- a/modules/nixos/system/desktop/gnome.nix +++ b/modules/nixos/system/desktop/gnome.nix @@ -1,7 +1,15 @@ -{ config, lib, pkgs, self, ... }: +{ + config, + lib, + pkgs, + self, + ... +}: -let cfg = config.modules.system.desktop.gnome; -in { +let + cfg = config.modules.system.desktop.gnome; +in +{ options.modules.system.desktop.gnome = { enable = lib.mkOption { default = false; @@ -208,39 +216,47 @@ in { }; home.configFile = { - "Kvantum/kvantum.kvconfig".text = lib.generators.toINI {} { + "Kvantum/kvantum.kvconfig".text = lib.generators.toINI { } { General.theme = "KvLibadwaitaDark"; }; "Kvantum/KvLibadwaita".source = "${self.inputs.kvlibadwaita}/src/KvLibadwaita"; }; - user.packages = with pkgs; [ - authenticator - # bottles - # bustle - celluloid - # d-spy - # drawing - # fragments - dconf-editor - ghex - # gnome-builder - gnome-decoder - gnome-firmware - gnome-frog - # gnome-obfuscate - gnome-podcasts - identity - # mission-center - mousam - newsflash - ptyxis - # schemes - shortwave - sysprof - ] ++ (if config.virtualisation.podman.enable then [ - pods - ] else []); + user.packages = + with pkgs; + [ + authenticator + # bottles + # bustle + celluloid + # d-spy + # drawing + # fragments + dconf-editor + ghex + # gnome-builder + gnome-decoder + gnome-firmware + gnome-frog + # gnome-obfuscate + gnome-podcasts + identity + # mission-center + mousam + newsflash + ptyxis + # schemes + shortwave + sysprof + ] + ++ ( + if config.virtualisation.podman.enable then + [ + pods + ] + else + [ ] + ); environment.systemPackages = with pkgs.unstable; [ adw-gtk3 diff --git a/modules/nixos/system/desktop/hyprland.nix b/modules/nixos/system/desktop/hyprland.nix index 7455cf7..8210d60 100644 --- a/modules/nixos/system/desktop/hyprland.nix +++ b/modules/nixos/system/desktop/hyprland.nix @@ -1,7 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: -let cfg = config.modules.system.desktop.hyprland; -in { +let + cfg = config.modules.system.desktop.hyprland; +in +{ options.modules.system.desktop.hyprland = { enable = lib.mkOption { default = false; diff --git a/modules/nixos/system/desktop/kde.nix b/modules/nixos/system/desktop/kde.nix index 0adc39a..37f3072 100644 --- a/modules/nixos/system/desktop/kde.nix +++ b/modules/nixos/system/desktop/kde.nix @@ -1,7 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: -let cfg = config.modules.system.desktop.kde; -in { +let + cfg = config.modules.system.desktop.kde; +in +{ options.modules.system.desktop.kde = { enable = lib.mkOption { default = false; diff --git a/modules/nixos/system/desktop/mimeapps.nix b/modules/nixos/system/desktop/mimeapps.nix index a3bb9de..cd84928 100644 --- a/modules/nixos/system/desktop/mimeapps.nix +++ b/modules/nixos/system/desktop/mimeapps.nix @@ -1,10 +1,16 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.modules.system.desktop.mimeapps; avApp = "io.github.celluloid_player.Celluloid.desktop"; imageApp = "org.gnome.eog.desktop"; -in { +in +{ options.modules.system.desktop.mimeapps = { enable = lib.mkOption { default = false; diff --git a/modules/nixos/system/wireless.nix b/modules/nixos/system/wireless.nix index 0326b4b..30ad23f 100644 --- a/modules/nixos/system/wireless.nix +++ b/modules/nixos/system/wireless.nix @@ -1,9 +1,17 @@ -{ config, lib, pkgs, self, ... }: +{ + config, + lib, + pkgs, + self, + ... +}: with lib; -let cfg = config.modules.system.wireless; -in { +let + cfg = config.modules.system.wireless; +in +{ options.modules.system.wireless = { enable = mkOption { default = false; @@ -11,7 +19,7 @@ in { description = mdDoc "Automatically connect to known networks"; }; interfaces = mkOption { - default = [ ]; # All interfaces + default = [ ]; # All interfaces example = [ "wlan0" ]; description = mdDoc "Interfaces for `wpa_supplicant` to bind to"; }; diff --git a/overlays/default.nix b/overlays/default.nix index 869c5f9..4ab9663 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -15,21 +15,22 @@ let directory = ../pkgs; }; in - lib.mapAttrs - (name: value: - if lib.isAttrs value then - if lib.hasAttrByPath [ name "overrideScope" ] prev then - # Namespaced package sets created with `lib.makeScope pkgs.newScope`. - prev.${name}.overrideScope (final': prev': - lib.mapAttrs (name': value': final'.callPackage value' { }) value) - else if lib.hasAttrByPath [ name "extend" ] prev then - # Namespaced package sets created with `lib.makeExtensible`. - prev.${name}.extend (final': prev': - lib.mapAttrs (name': value': final.callPackage value' { }) value) - else - # Namespaced package sets in regular attrsets. - prev.${name} // value - else - final.callPackage value { }) - pkgs - +lib.mapAttrs ( + name: value: + if lib.isAttrs value then + if lib.hasAttrByPath [ name "overrideScope" ] prev then + # Namespaced package sets created with `lib.makeScope pkgs.newScope`. + prev.${name}.overrideScope ( + final': prev': lib.mapAttrs (name': value': final'.callPackage value' { }) value + ) + else if lib.hasAttrByPath [ name "extend" ] prev then + # Namespaced package sets created with `lib.makeExtensible`. + prev.${name}.extend ( + final': prev': lib.mapAttrs (name': value': final.callPackage value' { }) value + ) + else + # Namespaced package sets in regular attrsets. + prev.${name} // value + else + final.callPackage value { } +) pkgs diff --git a/overlays/gnome.nix b/overlays/gnome.nix index a13aaaa..cba2f6a 100644 --- a/overlays/gnome.nix +++ b/overlays/gnome.nix @@ -1,5 +1,4 @@ -final: prev: -{ +final: prev: { gvdb = prev.fetchgit { url = "https://gitlab.gnome.org/GNOME/gvdb.git"; rev = "b54bc5da25127ef416858a3ad92e57159ff565b3"; # From gvdb_wrap diff --git a/overlays/libcamera.nix b/overlays/libcamera.nix index 808d8c5..9636566 100644 --- a/overlays/libcamera.nix +++ b/overlays/libcamera.nix @@ -1,5 +1,4 @@ -final: prev: -{ +final: prev: { libpisp = final.stdenv.mkDerivation { name = "libpisp"; version = "1.0.5"; @@ -42,10 +41,12 @@ final: prev: ./0001-Ignore-IPA-signing.patch ]; - buildInputs = old.buildInputs ++ (with final; [ - libpisp - libglibutil - ]); + buildInputs = + old.buildInputs + ++ (with final; [ + libpisp + libglibutil + ]); mesonFlags = old.mesonFlags ++ [ "--buildtype=release" diff --git a/pkgs/camera-streamer/package.nix b/pkgs/camera-streamer/package.nix index f23028a..6cdb140 100644 --- a/pkgs/camera-streamer/package.nix +++ b/pkgs/camera-streamer/package.nix @@ -1,23 +1,24 @@ -{ stdenv -, fetchFromGitHub +{ + stdenv, + fetchFromGitHub, -, cmake -, gnumake -, pkg-config -, xxd + cmake, + gnumake, + pkg-config, + xxd, -, v4l-utils -, nlohmann_json -, ffmpegSupport ? true -, ffmpeg -, libcameraSupport ? true -, libcamera -, rtspSupport ? false -, live555 -, webrtcSupport ? false -, openssl + v4l-utils, + nlohmann_json, + ffmpegSupport ? true, + ffmpeg, + libcameraSupport ? true, + libcamera, + rtspSupport ? false, + live555, + webrtcSupport ? false, + openssl, -, lib + lib, }: stdenv.mkDerivation (finalAttrs: { @@ -60,7 +61,11 @@ stdenv.mkDerivation (finalAttrs: { dontUseCmakeConfigure = true; - buildInputs = [ nlohmann_json v4l-utils ] + buildInputs = + [ + nlohmann_json + v4l-utils + ] ++ (lib.optional ffmpegSupport ffmpeg) ++ (lib.optional libcameraSupport libcamera) ++ (lib.optional rtspSupport live555) @@ -75,4 +80,3 @@ stdenv.mkDerivation (finalAttrs: { license = licenses.gpl3Only; }; }) - diff --git a/pkgs/rpicam-apps/package.nix b/pkgs/rpicam-apps/package.nix index b38d711..61d97bc 100644 --- a/pkgs/rpicam-apps/package.nix +++ b/pkgs/rpicam-apps/package.nix @@ -1,17 +1,18 @@ -{ stdenv -, fetchFromGitHub -, meson -, ninja -, pkg-config -, boost -, ffmpeg -, libcamera -, libdrm -, libexif -, libjpeg -, libpng -, libtiff -, lib +{ + stdenv, + fetchFromGitHub, + meson, + ninja, + pkg-config, + boost, + ffmpeg, + libcamera, + libdrm, + libexif, + libjpeg, + libpng, + libtiff, + lib, }: stdenv.mkDerivation (finalAttrs: { @@ -55,4 +56,3 @@ stdenv.mkDerivation (finalAttrs: { license = licenses.bsd2; }; }) -