Compare commits
	
		
			298 Commits
		
	
	
		
			fix-odysse
			...
			b28dcff550
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| b28dcff550 | |||
| 434abb4189 | |||
| 4ef5ebbcf7 | |||
| 8eef59ae28 | |||
| 819ff11d71 | |||
| 29a7df3bd6 | |||
| 8bc751926c | |||
| d8464519ba | |||
| b1e7f1d74b | |||
| 93c060d467 | |||
| 2f51df03a6 | |||
| 8c120b973d | |||
| f154431f52 | |||
| 9654a14f37 | |||
| 641855afbf | |||
| 93c04e83d3 | |||
| 92c3bd3a13 | |||
| b16a42732a | |||
| 52bfdd55a2 | |||
| 22aa640a4c | |||
| cb416e35c0 | |||
| dbbf1f2f46 | |||
| aa5ac9b55d | |||
| 80e4c58d2f | |||
| 19b1b463f7 | |||
| 2dfb394d31 | |||
| cebbd64bc1 | |||
| 7f82ee9300 | |||
| d921134b48 | |||
| 2722826b76 | |||
| 4ca00f7717 | |||
| 5726e8ad28 | |||
| d4a48bb679 | |||
| 3618c005c6 | |||
| 352db47931 | |||
| 2b8f9c4ae7 | |||
| 37cdd6e81d | |||
| 23b9ddcbdd | |||
| 8a60a0ef51 | |||
| 9747e7cd03 | |||
| 5d60516fd2 | |||
| a181fc8a5e | |||
| 12366e5e1c | |||
| 7d8e9e6b8d | |||
| eb9406fe1f | |||
| c7e0f66295 | |||
| 03e4cc7d9e | |||
| e2b5ef1c1c | |||
| 0aba6fa9f7 | |||
| 533a6344a2 | |||
| 24a2413acf | |||
| fa060ace43 | |||
| 050415cb49 | |||
| fc1281a397 | |||
| 0b1649033c | |||
| 2b188dab9a | |||
| 17487f010d | |||
| 0258036463 | |||
| 86a3bae9cd | |||
| f3db8d920d | |||
| 89f4af47b9 | |||
| 66154517f6 | |||
| 32356fb1e2 | |||
| c855dc7c07 | |||
| 42429704cb | |||
| 479f4d9eda | |||
| 69bbc41c39 | |||
| 42b35cb7ae | |||
| 2af4c735c9 | |||
| 3f070b6c52 | |||
| 542d6150ba | |||
| 061cd15fad | |||
| 5e83195ea2 | |||
| ee09ed556f | |||
| 9618698da5 | |||
| 23abd062ec | |||
| 29b32d3d85 | |||
| 6df254ed93 | |||
| b9cff42ac4 | |||
| 02caab13ce | |||
| cef43e67d4 | |||
| d2f6e6aa3c | |||
| 94f97a27cd | |||
| 16138921fd | |||
| 2b021cc0a4 | |||
| 93ac4b1185 | |||
| 544c511341 | |||
| bffc9ba70d | |||
| 8b10d9d2d9 | |||
| 1d8e43c06b | |||
| 0be5b217b0 | |||
| dd4455eafe | |||
| 310956acad | |||
| c4e97e81c5 | |||
| f957ea84e8 | |||
| 44369bfa89 | |||
| f193aab3d7 | |||
| e7078d2aac | |||
| 00bfff1dec | |||
| 8adb4f4089 | |||
| 8763a70bac | |||
| 87de19d6ae | |||
| 0b021819d3 | |||
| f2cbd869de | |||
| 661c148504 | |||
| 2cea68ce91 | |||
| 4839356310 | |||
| 9a48913133 | |||
| 80d5f09640 | |||
| d291a97ccd | |||
| 5d3a4606fe | |||
| def3fbca47 | |||
| da17da719f | |||
| 0ef2490164 | |||
| ba3f66a250 | |||
| edab9af4ec | |||
| 5bdf191a85 | |||
| 305f0755a7 | |||
| b2dfc171ea | |||
| c6081a8763 | |||
| 1e86fecd6e | |||
| d03d2a7732 | |||
| 83d35e7f2d | |||
| c6ff1bce1f | |||
| 26d87266ab | |||
| 4f1753a38c | |||
| 325196ce2f | |||
| d0792c892e | |||
| a0f5f3ed32 | |||
| 795cf955a0 | |||
| ae1f8c3585 | |||
| dbcf61847c | |||
| 39f2480666 | |||
| f095b9f71c | |||
| 1e21905238 | |||
| ddd07384c4 | |||
| a7c2f0827b | |||
| aa2c08db63 | |||
| 0618af6673 | |||
| a2ebd755b0 | |||
| 6dc844f29e | |||
| 2e60b9be5b | |||
| eff70fdfc1 | |||
| e5afe3333c | |||
| 712a259edc | |||
| 8db85b91c9 | |||
| 7fcf6ff9a9 | |||
| 63de3d65a7 | |||
| d60cf0188d | |||
| 5bd2cf34e3 | |||
| 614c2e6098 | |||
| 3f685aea42 | |||
| d08d53398e | |||
| ecf68a816b | |||
| 04203a5be3 | |||
| 22f5250a86 | |||
| 70d39b0c89 | |||
| b76dbdd904 | |||
| f9dd8583c4 | |||
| 51f3b5c3a9 | |||
| 9f02f55c4f | |||
| e4f4783b4c | |||
| 2b69b34706 | |||
| 2f3624a6b8 | |||
| c8b8f2c513 | |||
| d74e0032bb | |||
| ea939b2e15 | |||
| f789999224 | |||
| d9fa49b8ed | |||
| 238b7c503c | |||
| 71d953d253 | |||
| a091fb2a69 | |||
| 6eb50d3a8f | |||
| a19656d56d | |||
| fe15b1c2ed | |||
| b68ab72fd7 | |||
| c478bb0e90 | |||
| 845c04d3f1 | |||
| a5ea611f02 | |||
| 5f7ac95a07 | |||
| 9db19c054f | |||
| 5be54bec5f | |||
| cf56c86ac4 | |||
| 029af21e01 | |||
| 1944c43d4e | |||
| 5339afcf39 | |||
| 541304de7d | |||
| c50116ea22 | |||
| 77a133a0d1 | |||
| 0a26b8e522 | |||
| 13219b4d96 | |||
| 5c03c7f95c | |||
| cf33684ca0 | |||
| e07bca10a1 | |||
| f829371b6a | |||
| c767171fad | |||
| 5216645bd5 | |||
| 5f75a75063 | |||
| 3e1835711b | |||
| 5f213336d9 | |||
| 41f62a3890 | |||
| 8ec41e2960 | |||
| 0520f722fd | |||
| 2e1cfec19a | |||
| ceeaa9e8e5 | |||
| 732d92c7e7 | |||
| f96b946cb2 | |||
| 2bddd70aed | |||
| 2573c5890f | |||
| c97534b95e | |||
| 546992ce34 | |||
| e0c9052eca | |||
| 60c31fb74d | |||
| bab77b94de | |||
| 5c2728cc9f | |||
| f2fa1395c8 | |||
| 0f865c47f3 | |||
| c7ee0c1acb | |||
| 33f55317f7 | |||
| 9057ebf7fd | |||
| 6f98fbb5cd | |||
| f44a098f80 | |||
| 4aa27cf9bb | |||
| 2a92ded7db | |||
| 4f13020601 | |||
| 30e88a3859 | |||
| 61bdd78444 | |||
| b6abcf41b0 | |||
| 015d9c6532 | |||
| 26795610d2 | |||
| 2a2a6c52b9 | |||
| 037794ee2d | |||
| 0d2d120ef1 | |||
| 526436dd1f | |||
| 42eb58c755 | |||
| 0e5c3c5ebc | |||
| 3eefefadd9 | |||
| 137bee5f59 | |||
| 4698badc2e | |||
| 87684ec397 | |||
| eb15df8c84 | |||
| 5b6d05cdbc | |||
| de7a42a05f | |||
| fb44d2ea74 | |||
| 9132709546 | |||
| b7f5c8200d | |||
| c554a44523 | |||
| 0a99aeff19 | |||
| baf9ae7bd1 | |||
| a33764db8c | |||
| 480e862bee | |||
| 2177abf06c | |||
| 934f405586 | |||
| b2b126d21c | |||
| f9ec1ccf9d | |||
| 1f14d7be1b | |||
| 53f7d1de0f | |||
| 47f665b742 | |||
| 26be10bd0c | |||
| aa5a4e27a3 | |||
| f9cf5758e3 | |||
| f0e0cf2772 | |||
| cad9ab738d | |||
| 88c3e1305c | |||
| 3f8c817418 | |||
| 0d015ac418 | |||
| 8380969c95 | |||
| 9c97905bb6 | |||
| f6b9fb1429 | |||
| 7e591ee7d5 | |||
| 8ddc5c9269 | |||
| 91103dc0e7 | |||
| 1c2ca078c8 | |||
| f98d1d546f | |||
| 55cf784f56 | |||
| 5c591c0a06 | |||
| 1aab626f17 | |||
| bbf835d127 | |||
| 16a1e0dd7f | |||
| c8d0c08ada | |||
| 6cd398b9f7 | |||
| 9af6782311 | |||
| 65a55e1695 | |||
| ecef5d13a7 | |||
| 9794d5eb0c | |||
| 8562ccd5fc | |||
| b3ef72d975 | |||
| cf40b4d4d3 | |||
| f64ed2bb24 | |||
| f9b577f559 | |||
| b3882912ec | |||
| d78db40991 | |||
| 07362a0c81 | |||
| 7865add65e | |||
| 9471a92387 | |||
| a4f0cabeda | |||
| f581772723 | |||
| 357c3e8c10 | 
							
								
								
									
										15
									
								
								.gitea/workflows/check.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										15
									
								
								.gitea/workflows/check.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,15 @@ | ||||
| name: Check flake | ||||
| on: | ||||
|   push: | ||||
|     branches: ['master'] | ||||
| jobs: | ||||
|   build-amd64-linux: | ||||
|     runs-on: nix | ||||
|     steps: | ||||
|       - uses: actions/checkout@v4 | ||||
|         with: | ||||
|           ref: master | ||||
|       - name: Check flake | ||||
|         run: | | ||||
|           echo "Checking flake at ${{ gitea.ref }}" | ||||
|           nix flake check | ||||
							
								
								
									
										51
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										51
									
								
								README.md
									
									
									
									
									
								
							| @@ -7,10 +7,49 @@ System and user configuration for NixOS-based systems. | ||||
| | **Shell:** | zsh | | ||||
| | **DE:** | GNOME | | ||||
| | **Theme:** | adwaita | | ||||
| | **Terminal:** | BlackBox | | ||||
| | **Terminal:** | Console | | ||||
|  | ||||
| ## Provisioning a new host | ||||
| > [nixos-anywhere](https://github.com/nix-community/nixos-anywhere) is the module used | ||||
| > for provisioning | ||||
|  | ||||
| Generate a new SSH host key in "$temp/etc/ssh" as per [this guide](https://nix-community.github.io/nixos-anywhere/howtos/secrets.html#example-decrypting-an-openssh-host-key-with-pass). | ||||
| ``` | ||||
| ssh-keygen -t ed25519 -f /tmp/ssh_host_ed25519_key | ||||
| ``` | ||||
|  | ||||
| Update [nix-secrets](/jordan/nix-secrets) with the new host key to enable the system to decrypt | ||||
| any relevant secrets. | ||||
|  | ||||
| In order to use the borgmatic module for backups, go to [borgbase.com](https://borgbase.com). | ||||
| Add the generated SSH host key and create a new repository for the system. | ||||
|  | ||||
| Create a new directory under `hosts/` with a system configuration and disk layout. | ||||
|  | ||||
| Boot the NixOS installer (or any Linux distribution) on the target. | ||||
|  | ||||
| Then run: | ||||
| ``` | ||||
| nix run github:nix-community/nixos-anywhere -- \ | ||||
|   --disk-encryption-keys /tmp/secret.key /tmp/secret.key \ | ||||
|   --extra-files "$temp" \ | ||||
|   --flake .#<hostname> \ | ||||
|   root@<target-ip> | ||||
| ``` | ||||
|  | ||||
| ### Post install | ||||
|  | ||||
| If backups are configured, you'll need to run: | ||||
| ``` | ||||
| borgmatic init --encryption repokey-blake2 | ||||
| ``` | ||||
| then restart `borgmatic`. | ||||
|  | ||||
| To join the Tailscale network, run: | ||||
| ``` | ||||
| tailscale up --login-server https://headscale.vimium.net | ||||
| ``` | ||||
| then visit the URL, SSH onto `vps1` and run `headscale --user mesh nodes register --key <key>`. | ||||
|  | ||||
| The new node can optionally be given a friendly name with `headscale node rename -i <index> <hostname>`. | ||||
|  | ||||
| ## Quick start | ||||
| 1. Copy SSH keypair and `known_hosts` to `~/.ssh` | ||||
| 1. Import GPG keys and set ultimate trust with `echo "KEYID:6:" | gpg --import-ownertrust` | ||||
| 1. `git clone git@git.vimium.com:jordan/nix-config.git projects/jordan/nix-config` | ||||
| 1. `sudo nixos-rebuild switch --flake .#` | ||||
|   | ||||
							
								
								
									
										655
									
								
								flake.lock
									
									
									
										generated
									
									
									
								
							
							
						
						
									
										655
									
								
								flake.lock
									
									
									
										generated
									
									
									
								
							| @@ -1,49 +1,372 @@ | ||||
| { | ||||
|   "nodes": { | ||||
|     "firefox-gnome-theme": { | ||||
|       "flake": false, | ||||
|     "agenix": { | ||||
|       "inputs": { | ||||
|         "darwin": "darwin", | ||||
|         "home-manager": "home-manager", | ||||
|         "nixpkgs": "nixpkgs", | ||||
|         "systems": "systems" | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1699621711, | ||||
|         "narHash": "sha256-GUvBQbagF/7W1AriPVvJYA1cmk9Y/iWXghj3cIFYQzU=", | ||||
|         "owner": "rafaelmardojai", | ||||
|         "repo": "firefox-gnome-theme", | ||||
|         "rev": "1c32013cdbe17406de496cdf5f6899b84c4bbfed", | ||||
|         "lastModified": 1716561646, | ||||
|         "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=", | ||||
|         "owner": "ryantm", | ||||
|         "repo": "agenix", | ||||
|         "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "rafaelmardojai", | ||||
|         "repo": "firefox-gnome-theme", | ||||
|         "owner": "ryantm", | ||||
|         "repo": "agenix", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "home-manager": { | ||||
|     "beautysh": { | ||||
|       "inputs": { | ||||
|         "nixpkgs": [ | ||||
|           "nixvim", | ||||
|           "nixpkgs" | ||||
|         ], | ||||
|         "poetry2nix": "poetry2nix", | ||||
|         "utils": "utils_3" | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1680308980, | ||||
|         "narHash": "sha256-aUEHV0jk2qIFP3jlsWYWhBbm+w/N9gzH3e4I5DcdB5s=", | ||||
|         "owner": "lovesegfault", | ||||
|         "repo": "beautysh", | ||||
|         "rev": "9845efc3ea3e86cc0d41465d720a47f521b2799c", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "lovesegfault", | ||||
|         "repo": "beautysh", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "blobs": { | ||||
|       "flake": false, | ||||
|       "locked": { | ||||
|         "lastModified": 1604995301, | ||||
|         "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=", | ||||
|         "owner": "simple-nixos-mailserver", | ||||
|         "repo": "blobs", | ||||
|         "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265", | ||||
|         "type": "gitlab" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "simple-nixos-mailserver", | ||||
|         "repo": "blobs", | ||||
|         "type": "gitlab" | ||||
|       } | ||||
|     }, | ||||
|     "darwin": { | ||||
|       "inputs": { | ||||
|         "nixpkgs": [ | ||||
|           "agenix", | ||||
|           "nixpkgs" | ||||
|         ] | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1700795494, | ||||
|         "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", | ||||
|         "owner": "lnl7", | ||||
|         "repo": "nix-darwin", | ||||
|         "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "lnl7", | ||||
|         "ref": "master", | ||||
|         "repo": "nix-darwin", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "deploy-rs": { | ||||
|       "inputs": { | ||||
|         "flake-compat": "flake-compat", | ||||
|         "nixpkgs": "nixpkgs_2", | ||||
|         "utils": "utils" | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1715699772, | ||||
|         "narHash": "sha256-sKhqIgucN5sI/7UQgBwsonzR4fONjfMr9OcHK/vPits=", | ||||
|         "owner": "serokell", | ||||
|         "repo": "deploy-rs", | ||||
|         "rev": "b3ea6f333f9057b77efd9091119ba67089399ced", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "serokell", | ||||
|         "repo": "deploy-rs", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "disko": { | ||||
|       "inputs": { | ||||
|         "nixpkgs": [ | ||||
|           "nixpkgs" | ||||
|         ] | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1699748081, | ||||
|         "narHash": "sha256-MOmMapBydd7MTjhX4eeQZzKlCABWw8W6iSHSG4OeFKE=", | ||||
|         "lastModified": 1717097713, | ||||
|         "narHash": "sha256-M0tIapdiiB2piVTDK+aL7AnsjS656AY7l7htKN0dnQM=", | ||||
|         "owner": "nix-community", | ||||
|         "repo": "home-manager", | ||||
|         "rev": "04bac349d585c9df38d78e0285b780a140dc74a4", | ||||
|         "repo": "disko", | ||||
|         "rev": "9d5c673a6611b7bf448dbfb0843c75b9cce9cf1f", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "nix-community", | ||||
|         "repo": "disko", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "firefox-gnome-theme": { | ||||
|       "flake": false, | ||||
|       "locked": { | ||||
|         "lastModified": 1716813977, | ||||
|         "narHash": "sha256-8fabA8OY1n2OcJFbbE03+bMydVANSBrNGo8hkzhXxxU=", | ||||
|         "owner": "rafaelmardojai", | ||||
|         "repo": "firefox-gnome-theme", | ||||
|         "rev": "8171c0578feb835ce66d49edba7429f46b7ac3f6", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "rafaelmardojai", | ||||
|         "repo": "firefox-gnome-theme", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "flake-compat": { | ||||
|       "flake": false, | ||||
|       "locked": { | ||||
|         "lastModified": 1696426674, | ||||
|         "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", | ||||
|         "owner": "edolstra", | ||||
|         "repo": "flake-compat", | ||||
|         "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "edolstra", | ||||
|         "repo": "flake-compat", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "flake-compat_2": { | ||||
|       "flake": false, | ||||
|       "locked": { | ||||
|         "lastModified": 1668681692, | ||||
|         "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", | ||||
|         "owner": "edolstra", | ||||
|         "repo": "flake-compat", | ||||
|         "rev": "009399224d5e398d03b22badca40a37ac85412a1", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "edolstra", | ||||
|         "repo": "flake-compat", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "flake-compat_3": { | ||||
|       "flake": false, | ||||
|       "locked": { | ||||
|         "lastModified": 1673956053, | ||||
|         "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", | ||||
|         "owner": "edolstra", | ||||
|         "repo": "flake-compat", | ||||
|         "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "edolstra", | ||||
|         "repo": "flake-compat", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "flake-utils": { | ||||
|       "inputs": { | ||||
|         "systems": "systems_3" | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1701680307, | ||||
|         "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", | ||||
|         "owner": "numtide", | ||||
|         "repo": "flake-utils", | ||||
|         "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "numtide", | ||||
|         "repo": "flake-utils", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "flake-utils_2": { | ||||
|       "inputs": { | ||||
|         "systems": "systems_4" | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1685518550, | ||||
|         "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", | ||||
|         "owner": "numtide", | ||||
|         "repo": "flake-utils", | ||||
|         "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "numtide", | ||||
|         "repo": "flake-utils", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "gitea-github-theme": { | ||||
|       "flake": false, | ||||
|       "locked": { | ||||
|         "lastModified": 1715978309, | ||||
|         "narHash": "sha256-L9FYLtrK8Lm/wBeafb6eTRL5l2BYov6X6nJOL6rYZvY=", | ||||
|         "ref": "main", | ||||
|         "rev": "1b61f3f5cb38a1198d0a525d059a5a1905f2cfca", | ||||
|         "revCount": 96, | ||||
|         "type": "git", | ||||
|         "url": "ssh://git@git.vimium.com/jordan/gitea-github-theme.git" | ||||
|       }, | ||||
|       "original": { | ||||
|         "ref": "main", | ||||
|         "type": "git", | ||||
|         "url": "ssh://git@git.vimium.com/jordan/gitea-github-theme.git" | ||||
|       } | ||||
|     }, | ||||
|     "gitignore": { | ||||
|       "inputs": { | ||||
|         "nixpkgs": [ | ||||
|           "nixvim", | ||||
|           "pre-commit-hooks", | ||||
|           "nixpkgs" | ||||
|         ] | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1660459072, | ||||
|         "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", | ||||
|         "owner": "hercules-ci", | ||||
|         "repo": "gitignore.nix", | ||||
|         "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "hercules-ci", | ||||
|         "repo": "gitignore.nix", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "home-manager": { | ||||
|       "inputs": { | ||||
|         "nixpkgs": [ | ||||
|           "agenix", | ||||
|           "nixpkgs" | ||||
|         ] | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1703113217, | ||||
|         "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", | ||||
|         "owner": "nix-community", | ||||
|         "repo": "home-manager", | ||||
|         "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "nix-community", | ||||
|         "ref": "release-23.05", | ||||
|         "repo": "home-manager", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "home-manager_2": { | ||||
|       "inputs": { | ||||
|         "nixpkgs": [ | ||||
|           "nixpkgs" | ||||
|         ] | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1716729592, | ||||
|         "narHash": "sha256-Y3bOjoh2cFBqZN0Jw1zUdyr7tjygyxl2bD/QY73GZP0=", | ||||
|         "owner": "nix-community", | ||||
|         "repo": "home-manager", | ||||
|         "rev": "2c78a57c544dd19b07442350727ced097e1aa6e6", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "nix-community", | ||||
|         "ref": "release-23.11", | ||||
|         "repo": "home-manager", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "nixos-hardware": { | ||||
|       "locked": { | ||||
|         "lastModified": 1716987116, | ||||
|         "narHash": "sha256-uuEkErFVsFdg2K0cKbNQ9JlFSAm/xYqPr4rbPLI91Y8=", | ||||
|         "owner": "NixOS", | ||||
|         "repo": "nixos-hardware", | ||||
|         "rev": "8251761f93d6f5b91cee45ac09edb6e382641009", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "NixOS", | ||||
|         "repo": "nixos-hardware", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "nixos-mailserver": { | ||||
|       "inputs": { | ||||
|         "blobs": "blobs", | ||||
|         "flake-compat": "flake-compat_2", | ||||
|         "nixpkgs": [ | ||||
|           "nixpkgs" | ||||
|         ], | ||||
|         "nixpkgs-23_05": "nixpkgs-23_05", | ||||
|         "nixpkgs-23_11": "nixpkgs-23_11", | ||||
|         "utils": "utils_2" | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1706219574, | ||||
|         "narHash": "sha256-qO+8UErk+bXCq2ybHU4GzXG4Ejk4Tk0rnnTPNyypW4g=", | ||||
|         "owner": "simple-nixos-mailserver", | ||||
|         "repo": "nixos-mailserver", | ||||
|         "rev": "e47f3719f1db3e0961a4358d4cb234a0acaa7baf", | ||||
|         "type": "gitlab" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "simple-nixos-mailserver", | ||||
|         "ref": "nixos-23.11", | ||||
|         "repo": "nixos-mailserver", | ||||
|         "type": "gitlab" | ||||
|       } | ||||
|     }, | ||||
|     "nixpkgs": { | ||||
|       "locked": { | ||||
|         "lastModified": 1700097215, | ||||
|         "narHash": "sha256-ODQ3gBTv1iHd7lG21H+ErVISB5wVeOhd/dEogOqHs/I=", | ||||
|         "lastModified": 1703013332, | ||||
|         "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", | ||||
|         "owner": "NixOS", | ||||
|         "repo": "nixpkgs", | ||||
|         "rev": "9fb122519e9cd465d532f736a98c1e1eb541ef6f", | ||||
|         "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "NixOS", | ||||
|         "ref": "nixos-unstable", | ||||
|         "repo": "nixpkgs", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "nixpkgs-23_05": { | ||||
|       "locked": { | ||||
|         "lastModified": 1704290814, | ||||
|         "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=", | ||||
|         "owner": "NixOS", | ||||
|         "repo": "nixpkgs", | ||||
|         "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
| @@ -52,22 +375,260 @@ | ||||
|         "type": "indirect" | ||||
|       } | ||||
|     }, | ||||
|     "nixpkgs-23_11": { | ||||
|       "locked": { | ||||
|         "lastModified": 1706098335, | ||||
|         "narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=", | ||||
|         "owner": "NixOS", | ||||
|         "repo": "nixpkgs", | ||||
|         "rev": "a77ab169a83a4175169d78684ddd2e54486ac651", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "id": "nixpkgs", | ||||
|         "ref": "nixos-23.11", | ||||
|         "type": "indirect" | ||||
|       } | ||||
|     }, | ||||
|     "nixpkgs-stable": { | ||||
|       "locked": { | ||||
|         "lastModified": 1685801374, | ||||
|         "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=", | ||||
|         "owner": "NixOS", | ||||
|         "repo": "nixpkgs", | ||||
|         "rev": "c37ca420157f4abc31e26f436c1145f8951ff373", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "NixOS", | ||||
|         "ref": "nixos-23.05", | ||||
|         "repo": "nixpkgs", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "nixpkgs-unstable": { | ||||
|       "locked": { | ||||
|         "lastModified": 1716948383, | ||||
|         "narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=", | ||||
|         "owner": "NixOS", | ||||
|         "repo": "nixpkgs", | ||||
|         "rev": "ad57eef4ef0659193044870c731987a6df5cf56b", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "id": "nixpkgs", | ||||
|         "ref": "nixos-unstable", | ||||
|         "type": "indirect" | ||||
|       } | ||||
|     }, | ||||
|     "nixpkgs_2": { | ||||
|       "locked": { | ||||
|         "lastModified": 1702272962, | ||||
|         "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=", | ||||
|         "owner": "NixOS", | ||||
|         "repo": "nixpkgs", | ||||
|         "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "NixOS", | ||||
|         "ref": "nixpkgs-unstable", | ||||
|         "repo": "nixpkgs", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "nixpkgs_3": { | ||||
|       "locked": { | ||||
|         "lastModified": 1716991068, | ||||
|         "narHash": "sha256-Av0UWCCiIGJxsZ6TFc+OiKCJNqwoxMNVYDBChmhjNpo=", | ||||
|         "owner": "NixOS", | ||||
|         "repo": "nixpkgs", | ||||
|         "rev": "25cf937a30bf0801447f6bf544fc7486c6309234", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "id": "nixpkgs", | ||||
|         "ref": "nixos-23.11", | ||||
|         "type": "indirect" | ||||
|       } | ||||
|     }, | ||||
|     "nixvim": { | ||||
|       "inputs": { | ||||
|         "beautysh": "beautysh", | ||||
|         "flake-utils": "flake-utils", | ||||
|         "nixpkgs": [ | ||||
|           "nixpkgs" | ||||
|         ], | ||||
|         "pre-commit-hooks": "pre-commit-hooks" | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1713951100, | ||||
|         "narHash": "sha256-ObeER1qB/i06lk7jQqVp9DdTKnykNaojOVoX9GcCoRc=", | ||||
|         "owner": "nix-community", | ||||
|         "repo": "nixvim", | ||||
|         "rev": "7c59615585f691b560d9522c94d8f3195853ca8e", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "nix-community", | ||||
|         "ref": "nixos-23.11", | ||||
|         "repo": "nixvim", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "poetry2nix": { | ||||
|       "inputs": { | ||||
|         "flake-utils": [ | ||||
|           "nixvim", | ||||
|           "beautysh", | ||||
|           "utils" | ||||
|         ], | ||||
|         "nixpkgs": [ | ||||
|           "nixvim", | ||||
|           "beautysh", | ||||
|           "nixpkgs" | ||||
|         ] | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1658665240, | ||||
|         "narHash": "sha256-/wkx7D7enyBPRjIkK0w7QxLQhzEkb3UxNQnjyc3FTUI=", | ||||
|         "owner": "nix-community", | ||||
|         "repo": "poetry2nix", | ||||
|         "rev": "8b8edc85d24661d5a6d0d71d6a7011f3e699780f", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "nix-community", | ||||
|         "repo": "poetry2nix", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "pre-commit-hooks": { | ||||
|       "inputs": { | ||||
|         "flake-compat": "flake-compat_3", | ||||
|         "flake-utils": "flake-utils_2", | ||||
|         "gitignore": "gitignore", | ||||
|         "nixpkgs": [ | ||||
|           "nixvim", | ||||
|           "nixpkgs" | ||||
|         ], | ||||
|         "nixpkgs-stable": "nixpkgs-stable" | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1703939133, | ||||
|         "narHash": "sha256-Gxe+mfOT6bL7wLC/tuT2F+V+Sb44jNr8YsJ3cyIl4Mo=", | ||||
|         "owner": "cachix", | ||||
|         "repo": "pre-commit-hooks.nix", | ||||
|         "rev": "9d3d7e18c6bc4473d7520200d4ddab12f8402d38", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "cachix", | ||||
|         "repo": "pre-commit-hooks.nix", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "root": { | ||||
|       "inputs": { | ||||
|         "agenix": "agenix", | ||||
|         "deploy-rs": "deploy-rs", | ||||
|         "disko": "disko", | ||||
|         "firefox-gnome-theme": "firefox-gnome-theme", | ||||
|         "home-manager": "home-manager", | ||||
|         "nixpkgs": "nixpkgs", | ||||
|         "gitea-github-theme": "gitea-github-theme", | ||||
|         "home-manager": "home-manager_2", | ||||
|         "nixos-hardware": "nixos-hardware", | ||||
|         "nixos-mailserver": "nixos-mailserver", | ||||
|         "nixpkgs": "nixpkgs_3", | ||||
|         "nixpkgs-unstable": "nixpkgs-unstable", | ||||
|         "nixvim": "nixvim", | ||||
|         "secrets": "secrets", | ||||
|         "thunderbird-gnome-theme": "thunderbird-gnome-theme" | ||||
|       } | ||||
|     }, | ||||
|     "secrets": { | ||||
|       "flake": false, | ||||
|       "locked": { | ||||
|         "lastModified": 1716018239, | ||||
|         "narHash": "sha256-Ai13Sbj4DzuQSIrX2rjO0PG6PPpmvfwbCpTxX0kB7FI=", | ||||
|         "ref": "refs/heads/master", | ||||
|         "rev": "c2adb575ca3a816287c7d8f3c23cde6dfd316e6f", | ||||
|         "revCount": 19, | ||||
|         "type": "git", | ||||
|         "url": "ssh://git@git.vimium.com/jordan/nix-secrets.git" | ||||
|       }, | ||||
|       "original": { | ||||
|         "type": "git", | ||||
|         "url": "ssh://git@git.vimium.com/jordan/nix-secrets.git" | ||||
|       } | ||||
|     }, | ||||
|     "systems": { | ||||
|       "locked": { | ||||
|         "lastModified": 1681028828, | ||||
|         "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", | ||||
|         "owner": "nix-systems", | ||||
|         "repo": "default", | ||||
|         "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "nix-systems", | ||||
|         "repo": "default", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "systems_2": { | ||||
|       "locked": { | ||||
|         "lastModified": 1681028828, | ||||
|         "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", | ||||
|         "owner": "nix-systems", | ||||
|         "repo": "default", | ||||
|         "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "nix-systems", | ||||
|         "repo": "default", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "systems_3": { | ||||
|       "locked": { | ||||
|         "lastModified": 1681028828, | ||||
|         "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", | ||||
|         "owner": "nix-systems", | ||||
|         "repo": "default", | ||||
|         "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "nix-systems", | ||||
|         "repo": "default", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "systems_4": { | ||||
|       "locked": { | ||||
|         "lastModified": 1681028828, | ||||
|         "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", | ||||
|         "owner": "nix-systems", | ||||
|         "repo": "default", | ||||
|         "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "nix-systems", | ||||
|         "repo": "default", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "thunderbird-gnome-theme": { | ||||
|       "flake": false, | ||||
|       "locked": { | ||||
|         "lastModified": 1699285862, | ||||
|         "narHash": "sha256-3TQYBJAeQ2fPFxQnD5iKRKKWFlN3GJhz1EkdwE+4m0k=", | ||||
|         "lastModified": 1710774977, | ||||
|         "narHash": "sha256-nQBz2PW3YF3+RTflPzDoAcs6vH1PTozESIYUGAwvSdA=", | ||||
|         "owner": "rafaelmardojai", | ||||
|         "repo": "thunderbird-gnome-theme", | ||||
|         "rev": "a899ca12204d19f4834fbd092aa5bb05dc4bd127", | ||||
|         "rev": "65d5c03fc9172d549a3ea72fd366d544981a002b", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
| @@ -75,6 +636,54 @@ | ||||
|         "repo": "thunderbird-gnome-theme", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "utils": { | ||||
|       "inputs": { | ||||
|         "systems": "systems_2" | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1701680307, | ||||
|         "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", | ||||
|         "owner": "numtide", | ||||
|         "repo": "flake-utils", | ||||
|         "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "numtide", | ||||
|         "repo": "flake-utils", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "utils_2": { | ||||
|       "locked": { | ||||
|         "lastModified": 1605370193, | ||||
|         "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", | ||||
|         "owner": "numtide", | ||||
|         "repo": "flake-utils", | ||||
|         "rev": "5021eac20303a61fafe17224c087f5519baed54d", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "numtide", | ||||
|         "repo": "flake-utils", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "utils_3": { | ||||
|       "locked": { | ||||
|         "lastModified": 1678901627, | ||||
|         "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", | ||||
|         "owner": "numtide", | ||||
|         "repo": "flake-utils", | ||||
|         "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "numtide", | ||||
|         "repo": "flake-utils", | ||||
|         "type": "github" | ||||
|       } | ||||
|     } | ||||
|   }, | ||||
|   "root": "root", | ||||
|   | ||||
							
								
								
									
										170
									
								
								flake.nix
									
									
									
									
									
								
							
							
						
						
									
										170
									
								
								flake.nix
									
									
									
									
									
								
							| @@ -1,83 +1,141 @@ | ||||
| { | ||||
|   description = "NixOS/Darwin system configuration"; | ||||
|   description = "NixOS system configuration"; | ||||
|  | ||||
|   inputs = { | ||||
|     nixpkgs.url = "nixpkgs/nixos-23.05"; | ||||
|     nixpkgs.url = "nixpkgs/nixos-23.11"; | ||||
|     nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; | ||||
|     # nixpkgs-master.url = "nixpkgs"; | ||||
|     agenix.url = "github:ryantm/agenix"; | ||||
|     deploy-rs.url = "github:serokell/deploy-rs"; | ||||
|     disko = { | ||||
|       url = "github:nix-community/disko"; | ||||
|       inputs.nixpkgs.follows = "nixpkgs"; | ||||
|     }; | ||||
|     home-manager = { | ||||
|       url = "github:nix-community/home-manager/release-23.05"; | ||||
|       url = "github:nix-community/home-manager/release-23.11"; | ||||
|       inputs.nixpkgs.follows = "nixpkgs"; | ||||
|     }; | ||||
|     firefox-gnome-theme = { | ||||
|       url = "github:rafaelmardojai/firefox-gnome-theme"; | ||||
|       flake = false; | ||||
|     }; | ||||
|     gitea-github-theme = { | ||||
|       url = "git+ssh://git@git.vimium.com/jordan/gitea-github-theme.git?ref=main"; | ||||
|       flake = false; | ||||
|     }; | ||||
|     nixos-hardware.url = "github:NixOS/nixos-hardware"; | ||||
|     nixos-mailserver = { | ||||
|       url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11"; | ||||
|       inputs.nixpkgs.follows = "nixpkgs"; | ||||
|     }; | ||||
|     nixvim = { | ||||
|       url = "github:nix-community/nixvim/nixos-23.11"; | ||||
|       inputs.nixpkgs.follows = "nixpkgs"; | ||||
|     }; | ||||
|     secrets = { | ||||
|       url = "git+ssh://git@git.vimium.com/jordan/nix-secrets.git"; | ||||
|       flake = false; | ||||
|     }; | ||||
|     thunderbird-gnome-theme = { | ||||
|       url = "github:rafaelmardojai/thunderbird-gnome-theme"; | ||||
|       flake = false; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   outputs = inputs @ { self, nixpkgs, home-manager, ... }: | ||||
|   outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, agenix, deploy-rs, disko, home-manager, nixos-hardware, nixos-mailserver, secrets, ... }: | ||||
|     let | ||||
|       inherit (lib) attrValues; | ||||
|       inherit (lib.my) mapModules mapModulesRec; | ||||
|  | ||||
|       system = "x86_64-linux"; | ||||
|  | ||||
|       mkPkgs = pkgs: extraOverlays: | ||||
|         import pkgs { | ||||
|           inherit system; | ||||
|       mkPkgsForSystem = system: inputs.nixpkgs; | ||||
|       overlays = [ | ||||
|         agenix.overlays.default | ||||
|         (import ./overlays/gnome.nix) | ||||
|         ( | ||||
|           final: prev: { | ||||
|             unstable = import inputs.nixpkgs-unstable { system = final.system; }; | ||||
|             custom = self.packages { system = final.system; }; | ||||
|           } | ||||
|         ) | ||||
|       ]; | ||||
|       commonModules = [ | ||||
|         agenix.nixosModules.age | ||||
|         disko.nixosModules.disko | ||||
|         nixos-mailserver.nixosModule | ||||
|         home-manager.nixosModule | ||||
|         ./modules | ||||
|       ]; | ||||
|       mkNixosSystem = { system, name, extraModules ? [] }: | ||||
|         let | ||||
|           nixpkgs = mkPkgsForSystem system; | ||||
|           lib = (import nixpkgs { inherit overlays system; }).lib; | ||||
|         in | ||||
|         inputs.nixpkgs.lib.nixosSystem { | ||||
|           inherit lib system; | ||||
|           specialArgs = { modulesPath = toString (nixpkgs + "/nixos/modules"); inherit inputs; }; | ||||
|           baseModules = import (nixpkgs + "/nixos/modules/module-list.nix"); | ||||
|           modules = commonModules ++ [ | ||||
|             ({ config, ... }: | ||||
|               { | ||||
|                 nixpkgs.pkgs = import nixpkgs { | ||||
|                   inherit overlays system; | ||||
|                   config.allowUnfree = true; | ||||
|           overlays = extraOverlays ++ (lib.attrValues self.overlays); | ||||
|                 }; | ||||
|       pkgs = mkPkgs nixpkgs []; | ||||
|  | ||||
|       lib = nixpkgs.lib.extend (self: super: { | ||||
|         my = import ./lib { | ||||
|           inherit pkgs inputs; | ||||
|           lib = self; | ||||
|                 networking.hostName = name; | ||||
|               }) | ||||
|             ./hosts/${name} | ||||
|           ] ++ extraModules; | ||||
|         }; | ||||
|       }); | ||||
|     in { | ||||
|       lib = lib.my; | ||||
|  | ||||
|     in | ||||
|     { | ||||
|       nixosConfigurations = { | ||||
|         atlas = nixpkgs.lib.nixosSystem { | ||||
|           modules = [ | ||||
|             inputs.home-manager.nixosModules.home-manager | ||||
|             { nixpkgs.overlays = [ (import ./overlays/gnome.nix) ]; } | ||||
|             (import ./modules) | ||||
|             ./hosts/atlas | ||||
|         atlas = mkNixosSystem { system = "x86_64-linux"; name = "atlas"; }; | ||||
|         eos = mkNixosSystem { system = "x86_64-linux"; name = "eos"; }; | ||||
|         helios = mkNixosSystem { system = "x86_64-linux"; name = "helios"; }; | ||||
|         hypnos = mkNixosSystem { system = "x86_64-linux"; name = "hypnos"; }; | ||||
|         library = mkNixosSystem { system = "x86_64-linux"; name = "library"; }; | ||||
|         mail = mkNixosSystem { system = "x86_64-linux"; name = "mail"; }; | ||||
|         odyssey = mkNixosSystem { system = "x86_64-linux"; name = "odyssey"; }; | ||||
|         pi = mkNixosSystem { system = "aarch64-linux"; name = "pi"; extraModules = [ nixos-hardware.nixosModules.raspberry-pi-4 ]; }; | ||||
|         vps1 = mkNixosSystem { system = "x86_64-linux"; name = "vps1"; }; | ||||
|       }; | ||||
|  | ||||
|       devShells.x86_64-linux.default = nixpkgs.legacyPackages.x86_64-linux.mkShell { | ||||
|         buildInputs = [ | ||||
|           deploy-rs.packages.x86_64-linux.deploy-rs | ||||
|         ]; | ||||
|           specialArgs = { inherit lib inputs; }; | ||||
|       }; | ||||
|         eos = nixpkgs.lib.nixosSystem { | ||||
|           modules = [ | ||||
|             inputs.home-manager.nixosModules.home-manager | ||||
|             { nixpkgs.overlays = [ (import ./overlays/gnome.nix) ]; } | ||||
|             (import ./modules) | ||||
|             ./hosts/eos | ||||
|           ]; | ||||
|           specialArgs = { inherit lib inputs; }; | ||||
|         }; | ||||
|         helios = nixpkgs.lib.nixosSystem { | ||||
|           modules = [ | ||||
|             inputs.home-manager.nixosModules.home-manager | ||||
|             { nixpkgs.overlays = [ (import ./overlays/gnome.nix) ]; } | ||||
|             (import ./modules) | ||||
|             ./hosts/helios | ||||
|           ]; | ||||
|           specialArgs = { inherit lib inputs; }; | ||||
|         }; | ||||
|         odyssey = nixpkgs.lib.nixosSystem { | ||||
|           modules = [ | ||||
|             inputs.home-manager.nixosModules.home-manager | ||||
|             { nixpkgs.overlays = [ (import ./overlays/gnome.nix) ]; } | ||||
|             (import ./modules) | ||||
|             ./hosts/odyssey | ||||
|           ]; | ||||
|           specialArgs = { inherit lib inputs; }; | ||||
|  | ||||
|       deploy = { | ||||
|         magicRollback = true; | ||||
|         autoRollback = true; | ||||
|         sshUser = "root"; | ||||
|         nodes = { | ||||
|           mail = { | ||||
|             hostname = "mail.mesh.vimium.net"; | ||||
|  | ||||
|             profiles.system = { | ||||
|               user = "root"; | ||||
|               path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.mail; | ||||
|             }; | ||||
|           }; | ||||
|           vps1 = { | ||||
|             hostname = "vps1.mesh.vimium.net"; | ||||
|  | ||||
|             profiles.system = { | ||||
|               user = "root"; | ||||
|               path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.vps1; | ||||
|             }; | ||||
|           }; | ||||
|           # pi = { | ||||
|           #   hostname = "10.0.1.191"; | ||||
|           # | ||||
|           #   profiles.system = { | ||||
|           #     user = "root"; | ||||
|           #     path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.pi; | ||||
|           #   }; | ||||
|           # }; | ||||
|         }; | ||||
|       }; | ||||
|  | ||||
|       checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; | ||||
|     }; | ||||
| } | ||||
|  | ||||
|   | ||||
| @@ -1,27 +1,20 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib.my; | ||||
| { | ||||
|   imports = [ | ||||
|     ./hardware-configuration.nix | ||||
|     ../desktop.nix | ||||
|   ]; | ||||
|  | ||||
|   boot.loader.systemd-boot.enable = true; | ||||
|   boot.loader.efi.canTouchEfiVariables = true; | ||||
|   boot.loader = { | ||||
|     systemd-boot.enable = true; | ||||
|     efi.canTouchEfiVariables = true; | ||||
|   }; | ||||
|  | ||||
|   networking.hostName = "atlas"; | ||||
|   networking.hostId = "8425e349"; | ||||
|   networking.networkmanager.enable = true; | ||||
|  | ||||
|   nix.package = pkgs.nixFlakes; | ||||
|   nix.extraOptions = '' | ||||
|     experimental-features = nix-command flakes | ||||
|   ''; | ||||
|  | ||||
|   users.defaultUserShell = pkgs.zsh; | ||||
|  | ||||
|   system.stateVersion = "22.11"; | ||||
|   networking = { | ||||
|     hostId = "8425e349"; | ||||
|     networkmanager.enable = true; | ||||
|   }; | ||||
|  | ||||
|   modules = { | ||||
|     desktop = { | ||||
| @@ -43,15 +36,25 @@ with lib.my; | ||||
|     }; | ||||
|     editors = { | ||||
|       neovim.enable = true; | ||||
|       vscode.enable = true; | ||||
|     }; | ||||
|     security = { | ||||
|       gpg.enable = true; | ||||
|       pass.enable = true; | ||||
|     }; | ||||
|     services = { | ||||
|       borgmatic = { | ||||
|         enable = true; | ||||
|         directories = [ | ||||
|           "/home/jordan/Documents" | ||||
|         ]; | ||||
|         repoPath = "ssh://uzu2y5b1@uzu2y5b1.repo.borgbase.com/./repo"; | ||||
|       }; | ||||
|     }; | ||||
|     shell = { | ||||
|       git.enable = true; | ||||
|       zsh.enable = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   system.stateVersion = "22.11"; | ||||
| } | ||||
|   | ||||
| @@ -1,70 +1,66 @@ | ||||
| # Do not modify this file!  It was generated by ‘nixos-generate-config’ | ||||
| # and may be overwritten by future invocations.  Please make changes | ||||
| # to /etc/nixos/configuration.nix instead. | ||||
| { config, lib, pkgs, modulesPath, ... }: | ||||
|  | ||||
| { | ||||
|   imports = | ||||
|     [ (modulesPath + "/installer/scan/not-detected.nix") | ||||
|   imports = [ | ||||
|     (modulesPath + "/installer/scan/not-detected.nix") | ||||
|   ]; | ||||
|  | ||||
|   boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; | ||||
|   boot.initrd.kernelModules = [ ]; | ||||
|   boot.initrd.supportedFilesystems = [ "zfs" ]; | ||||
|   boot.kernelModules = [ "kvm-intel" ]; | ||||
|   boot.kernelParams = [ "elevator=none" ]; | ||||
|   boot.extraModulePackages = [ ]; | ||||
|   boot.supportedFilesystems = [ "zfs" ]; | ||||
|   boot = { | ||||
|     initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; | ||||
|     initrd.kernelModules = [ ]; | ||||
|     initrd.supportedFilesystems = [ "zfs" ]; | ||||
|     kernelModules = [ "kvm-intel" ]; | ||||
|     kernelParams = [ "elevator=none" ]; | ||||
|     extraModulePackages = [ ]; | ||||
|     supportedFilesystems = [ "zfs" ]; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/" = | ||||
|     { device = "rpool/system/root"; | ||||
|   fileSystems."/" = { | ||||
|     device = "rpool/system/root"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/home" = | ||||
|     { device = "rpool/user/home"; | ||||
|   fileSystems."/home" = { | ||||
|     device = "rpool/user/home"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/nix" = | ||||
|     { device = "rpool/local/nix"; | ||||
|   fileSystems."/nix" = { | ||||
|     device = "rpool/local/nix"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/tmp" = | ||||
|     { device = "rpool/local/tmp"; | ||||
|   fileSystems."/tmp" = { | ||||
|     device = "rpool/local/tmp"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/var" = | ||||
|     { device = "rpool/system/var"; | ||||
|   fileSystems."/var" = { | ||||
|     device = "rpool/system/var"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/var/log" = | ||||
|     { device = "rpool/system/var/log"; | ||||
|   fileSystems."/var/log" = { | ||||
|     device = "rpool/system/var/log"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/var/tmp" = | ||||
|     { device = "rpool/system/var/tmp"; | ||||
|   fileSystems."/var/tmp" = { | ||||
|     device = "rpool/system/var/tmp"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/boot" = | ||||
|     { device = "/dev/disk/by-uuid/00B2-0384"; | ||||
|   fileSystems."/boot" = { | ||||
|     device = "/dev/disk/by-uuid/00B2-0384"; | ||||
|     fsType = "vfat"; | ||||
|   }; | ||||
|  | ||||
|   swapDevices = [ ]; | ||||
|  | ||||
|   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking | ||||
|   # (the default) this is the recommended approach. When using systemd-networkd it's | ||||
|   # still possible to use this option, but it's recommended to use it in conjunction | ||||
|   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. | ||||
|   networking.useDHCP = lib.mkDefault true; | ||||
|   # networking.interfaces.enp0s25.useDHCP = lib.mkDefault true; | ||||
|  | ||||
|   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; | ||||
|  | ||||
|   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; | ||||
| } | ||||
|   | ||||
							
								
								
									
										72
									
								
								hosts/common.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										72
									
								
								hosts/common.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,72 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| { | ||||
|   time.timeZone = "Europe/London"; | ||||
|  | ||||
|   i18n.defaultLocale = "en_GB.UTF-8"; | ||||
|   i18n.extraLocaleSettings = { | ||||
|     LC_ADDRESS = "en_GB.UTF-8"; | ||||
|     LC_IDENTIFICATION = "en_GB.UTF-8"; | ||||
|     LC_MEASUREMENT = "en_GB.UTF-8"; | ||||
|     LC_MONETARY = "en_GB.UTF-8"; | ||||
|     LC_NAME = "en_GB.UTF-8"; | ||||
|     LC_NUMERIC = "en_GB.UTF-8"; | ||||
|     LC_PAPER = "en_GB.UTF-8"; | ||||
|     LC_TELEPHONE = "en_GB.UTF-8"; | ||||
|     LC_TIME = "en_GB.UTF-8"; | ||||
|   }; | ||||
|    | ||||
|   console.keyMap = "uk"; | ||||
|  | ||||
|   security.sudo.execWheelOnly = true; | ||||
|  | ||||
|   services.openssh = { | ||||
|     enable = true; | ||||
|     settings = { | ||||
|       KbdInteractiveAuthentication = false; | ||||
|       PasswordAuthentication = false; | ||||
|       PermitRootLogin = "no"; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   services.journald.extraConfig = '' | ||||
|     SystemMaxUse=4G | ||||
|     MaxRetentionSec=90day | ||||
|   ''; | ||||
|  | ||||
|   users.defaultUserShell = pkgs.zsh; | ||||
|   programs.zsh.enable = true; | ||||
|  | ||||
|   nix = { | ||||
|     package = pkgs.nixFlakes; | ||||
|     extraOptions = '' | ||||
|       experimental-features = nix-command flakes | ||||
|     ''; | ||||
|     settings = { | ||||
|       connect-timeout = 5; | ||||
|       log-lines = 25; | ||||
|       min-free = 128000000; | ||||
|       max-free = 1000000000; | ||||
|       fallback = true; | ||||
|       trusted-users = [ "@wheel" ]; | ||||
|       auto-optimise-store = true; | ||||
|       substituters = [ | ||||
|         "http://odyssey.mesh.vimium.net" | ||||
|         "https://cache.nixos.org" | ||||
|       ]; | ||||
|       trusted-public-keys = [ | ||||
|         "odyssey.mesh.vimium.net:ZhQhjscPWjoN4rlZwoMELznEiBnZ9O26iyGA27ibilQ=" | ||||
|       ]; | ||||
|     }; | ||||
|     gc = { | ||||
|       automatic = true; | ||||
|       dates = "weekly"; | ||||
|       options = "-d --delete-older-than 7d"; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   environment.systemPackages = with pkgs; [ | ||||
|     git | ||||
|     neovim | ||||
|   ]; | ||||
| } | ||||
| @@ -1,35 +1,12 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| { | ||||
|   time.timeZone = "Europe/London"; | ||||
|  | ||||
|   i18n.defaultLocale = "en_GB.UTF-8"; | ||||
|   i18n.extraLocaleSettings = { | ||||
|     LC_ADDRESS = "en_GB.UTF-8"; | ||||
|     LC_IDENTIFICATION = "en_GB.UTF-8"; | ||||
|     LC_MEASUREMENT = "en_GB.UTF-8"; | ||||
|     LC_MONETARY = "en_GB.UTF-8"; | ||||
|     LC_NAME = "en_GB.UTF-8"; | ||||
|     LC_NUMERIC = "en_GB.UTF-8"; | ||||
|     LC_PAPER = "en_GB.UTF-8"; | ||||
|     LC_TELEPHONE = "en_GB.UTF-8"; | ||||
|     LC_TIME = "en_GB.UTF-8"; | ||||
|   }; | ||||
|  | ||||
|   console.keyMap = "uk"; | ||||
|   imports = [ | ||||
|     ./common.nix | ||||
|   ]; | ||||
|  | ||||
|   services.printing.enable = true; | ||||
|   services.openssh = { | ||||
|     enable = true; | ||||
|     settings = { | ||||
|       KbdInteractiveAuthentication = false; | ||||
|       PasswordAuthentication = false; | ||||
|       PermitRootLogin = "no"; | ||||
|     }; | ||||
|     startWhenNeeded = true; | ||||
|   }; | ||||
|   services.openssh.startWhenNeeded = true; | ||||
|  | ||||
|   sound.enable = true; | ||||
|   hardware.pulseaudio.enable = false; | ||||
| @@ -41,27 +18,57 @@ with lib.my; | ||||
|     pulse.enable = true; | ||||
|   }; | ||||
|  | ||||
|   environment.systemPackages = with pkgs; [ | ||||
|     git | ||||
|     neovim | ||||
|   ]; | ||||
|  | ||||
|   nix.settings = { | ||||
|     connect-timeout = 5; | ||||
|     log-lines = 25; | ||||
|     min-free = 128000000; | ||||
|     max-free = 1000000000; | ||||
|     fallback = true; | ||||
|     auto-optimise-store = true; | ||||
|     substituters = [ | ||||
|       "http://odyssey.mesh.vimium.net" | ||||
|       "https://cache.nixos.org" | ||||
|     ]; | ||||
|     trusted-public-keys = [ | ||||
|       "odyssey.mesh.vimium.net:ZhQhjscPWjoN4rlZwoMELznEiBnZ9O26iyGA27ibilQ=" | ||||
|   fileSystems."/mnt/library" = { | ||||
|     device = "library.mesh.vimium.net:/mnt/library"; | ||||
|     fsType = "nfs"; | ||||
|     options = [ | ||||
|       "nfsvers=4.2" | ||||
|       "bg" | ||||
|       "soft" | ||||
|       "timeo=20" | ||||
|       "retry=5" | ||||
|       "nocto" | ||||
|       "ro" | ||||
|       "x-systemd.automount" | ||||
|       "noauto" | ||||
|     ]; | ||||
|   }; | ||||
|  | ||||
|   modules.desktop.gnome.enable = true; | ||||
|   modules.networking.tailscale.enable = true; | ||||
|   system.autoUpgrade = { | ||||
|     enable = true; | ||||
|     flake = "git+ssh://git@git.vimium.com/jordan/nix-config.git"; | ||||
|     randomizedDelaySec = "10min"; | ||||
|   }; | ||||
|  | ||||
|   systemd.services.NetworkManager-wait-online.enable = false; | ||||
|  | ||||
|   fonts.packages = with pkgs; [ | ||||
|     noto-fonts | ||||
|     (nerdfonts.override { fonts = [ "BigBlueTerminal" "ComicShannsMono" "Terminus" "UbuntuMono" ]; }) | ||||
|   ]; | ||||
|  | ||||
|   modules = { | ||||
|     desktop.gnome.enable = true; | ||||
|     networking.tailscale.enable = true; | ||||
|   }; | ||||
|  | ||||
|   environment.systemPackages = with pkgs; [ | ||||
|     bind | ||||
|     bmon | ||||
|     fd | ||||
|     ffmpeg | ||||
|     iotop | ||||
|     unstable.nix-du | ||||
|     # unstable.nix-melt | ||||
|     unstable.nix-tree | ||||
|     unstable.nix-visualize | ||||
|     ripgrep | ||||
|     rsync | ||||
|     tcpdump | ||||
|     tokei | ||||
|     tree | ||||
|     wl-clipboard | ||||
|   ]; | ||||
|  | ||||
|   environment.sessionVariables.NIXOS_OZONE_WL = "1"; | ||||
| } | ||||
|   | ||||
| @@ -1,28 +1,20 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib.my; | ||||
| { | ||||
|   imports = [ | ||||
|     ./hardware-configuration.nix | ||||
|     ../desktop.nix | ||||
|   ]; | ||||
|  | ||||
|   boot.loader.systemd-boot.enable = true; | ||||
|   boot.loader.efi.canTouchEfiVariables = true; | ||||
|   boot.loader = { | ||||
|     systemd-boot.enable = true; | ||||
|     efi.canTouchEfiVariables = true; | ||||
|   }; | ||||
|  | ||||
|   networking.hostName = "eos"; | ||||
|   networking.hostId = "cc858347"; | ||||
|   networking.networkmanager.enable = true; | ||||
|  | ||||
|   nix.package = pkgs.nixFlakes; | ||||
|   nix.extraOptions = '' | ||||
|     experimental-features = nix-command flakes | ||||
|   ''; | ||||
|   nix.settings.auto-optimise-store = true; | ||||
|  | ||||
|   users.defaultUserShell = pkgs.zsh; | ||||
|  | ||||
|   system.stateVersion = "22.11"; | ||||
|   networking = { | ||||
|     hostId = "cc858347"; | ||||
|     networkmanager.enable = true; | ||||
|   }; | ||||
|  | ||||
|   dconf.settings = { | ||||
|     "org/gnome/desktop/interface" = { | ||||
| @@ -52,4 +44,6 @@ with lib.my; | ||||
|       zsh.enable = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   system.stateVersion = "22.11"; | ||||
| } | ||||
|   | ||||
| @@ -1,71 +1,65 @@ | ||||
| # Do not modify this file!  It was generated by ‘nixos-generate-config’ | ||||
| # and may be overwritten by future invocations.  Please make changes | ||||
| # to /etc/nixos/configuration.nix instead. | ||||
| { config, lib, pkgs, modulesPath, ... }: | ||||
|  | ||||
| { | ||||
|   imports = | ||||
|     [ (modulesPath + "/installer/scan/not-detected.nix") | ||||
|   imports = [ | ||||
|     (modulesPath + "/installer/scan/not-detected.nix") | ||||
|   ]; | ||||
|  | ||||
|   boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ]; | ||||
|   boot.initrd.kernelModules = [ ]; | ||||
|   boot.initrd.supportedFilesystems = [ "zfs" ]; | ||||
|   boot.kernelModules = [ ]; | ||||
|   boot.kernelParams = [ "elevator=none" ]; | ||||
|   boot.extraModulePackages = [ ]; | ||||
|   boot.supportedFilesystems = [ "zfs" ]; | ||||
|   boot = { | ||||
|     initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ]; | ||||
|     initrd.kernelModules = [ ]; | ||||
|     initrd.supportedFilesystems = [ "zfs" ]; | ||||
|     kernelModules = [ ]; | ||||
|     kernelParams = [ "elevator=none" ]; | ||||
|     extraModulePackages = [ ]; | ||||
|     supportedFilesystems = [ "zfs" ]; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/" = | ||||
|     { device = "rpool/system/root"; | ||||
|   fileSystems."/" = { | ||||
|     device = "rpool/system/root"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/home" = | ||||
|     { device = "rpool/user/home"; | ||||
|   fileSystems."/home" = { | ||||
|     device = "rpool/user/home"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/nix" = | ||||
|     { device = "rpool/local/nix"; | ||||
|   fileSystems."/nix" = { | ||||
|     device = "rpool/local/nix"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/tmp" = | ||||
|     { device = "rpool/local/tmp"; | ||||
|   fileSystems."/tmp" = { | ||||
|     device = "rpool/local/tmp"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/var" = | ||||
|     { device = "rpool/system/var"; | ||||
|   fileSystems."/var" = { | ||||
|     device = "rpool/system/var"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/var/log" = | ||||
|     { device = "rpool/system/var/log"; | ||||
|   fileSystems."/var/log" = { | ||||
|     device = "rpool/system/var/log"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/var/tmp" = | ||||
|     { device = "rpool/system/var/tmp"; | ||||
|   fileSystems."/var/tmp" = { | ||||
|     device = "rpool/system/var/tmp"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/boot" = | ||||
|     { device = "/dev/disk/by-uuid/28E6-5509"; | ||||
|   fileSystems."/boot" = { | ||||
|     device = "/dev/disk/by-uuid/28E6-5509"; | ||||
|     fsType = "vfat"; | ||||
|   }; | ||||
|  | ||||
|   swapDevices = [ ]; | ||||
|  | ||||
|   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking | ||||
|   # (the default) this is the recommended approach. When using systemd-networkd it's | ||||
|   # still possible to use this option, but it's recommended to use it in conjunction | ||||
|   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. | ||||
|   networking.useDHCP = lib.mkDefault true; | ||||
|   # networking.interfaces.enp0s25.useDHCP = lib.mkDefault true; | ||||
|   # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; | ||||
|  | ||||
|   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; | ||||
|  | ||||
|   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; | ||||
| } | ||||
|   | ||||
| @@ -1,28 +1,23 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
|  | ||||
| with lib.my; | ||||
| { | ||||
|   imports = [ | ||||
|     ./hardware-configuration.nix | ||||
|     ../desktop.nix | ||||
|   ]; | ||||
|  | ||||
|   boot.loader.grub.enable = true; | ||||
|   boot.loader.grub.device = "/dev/sda"; | ||||
|   boot.loader.grub.zfsSupport = true; | ||||
|   boot = { | ||||
|     loader.grub = { | ||||
|       enable = true; | ||||
|       device = "/dev/sda"; | ||||
|       zfsSupport = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   networking.hostName = "helios"; | ||||
|   networking.hostId = "47d23505"; | ||||
|   networking.networkmanager.enable = true; | ||||
|  | ||||
|   nix.package = pkgs.nixFlakes; | ||||
|   nix.extraOptions = '' | ||||
|     experimental-features = nix-command flakes | ||||
|   ''; | ||||
|  | ||||
|   users.defaultUserShell = pkgs.zsh; | ||||
|  | ||||
|   system.stateVersion = "22.11"; | ||||
|   networking = { | ||||
|     hostId = "47d23505"; | ||||
|     networkmanager.enable = true; | ||||
|   }; | ||||
|  | ||||
|   modules = { | ||||
|     desktop = { | ||||
| @@ -41,9 +36,20 @@ with lib.my; | ||||
|       gpg.enable = true; | ||||
|       pass.enable = true; | ||||
|     }; | ||||
|     services = { | ||||
|       borgmatic = { | ||||
|         enable = true; | ||||
|         directories = [ | ||||
|           "/home/jordan/Documents" | ||||
|         ]; | ||||
|         repoPath = "ssh://b9cjl9hq@b9cjl9hq.repo.borgbase.com/./repo"; | ||||
|       }; | ||||
|     }; | ||||
|     shell = { | ||||
|       git.enable = true; | ||||
|       zsh.enable = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   system.stateVersion = "22.11"; | ||||
| } | ||||
|   | ||||
| @@ -1,65 +1,61 @@ | ||||
| # Do not modify this file!  It was generated by ‘nixos-generate-config’ | ||||
| # and may be overwritten by future invocations.  Please make changes | ||||
| # to /etc/nixos/configuration.nix instead. | ||||
| { config, lib, pkgs, modulesPath, ... }: | ||||
|  | ||||
| { | ||||
|   imports = | ||||
|     [ (modulesPath + "/installer/scan/not-detected.nix") | ||||
|   imports = [ | ||||
|     (modulesPath + "/installer/scan/not-detected.nix") | ||||
|   ]; | ||||
|  | ||||
|   boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" "zfs" ]; | ||||
|   boot.initrd.kernelModules = [ ]; | ||||
|   boot.initrd.supportedFilesystems = [ "zfs" ]; | ||||
|   boot.kernelModules = [ "kvm-intel" ]; | ||||
|   boot.kernelParams = [ "elevator=none" ]; | ||||
|   boot.extraModulePackages = [ ]; | ||||
|   boot.supportedFilesystems = [ "zfs" ]; | ||||
|   boot = { | ||||
|     initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" "zfs" ]; | ||||
|     initrd.kernelModules = [ ]; | ||||
|     initrd.supportedFilesystems = [ "zfs" ]; | ||||
|     kernelModules = [ "kvm-intel" ]; | ||||
|     kernelParams = [ "elevator=none" ]; | ||||
|     extraModulePackages = [ ]; | ||||
|     supportedFilesystems = [ "zfs" ]; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/" = | ||||
|     { device = "rpool/system/root"; | ||||
|   fileSystems."/" = { | ||||
|     device = "rpool/system/root"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/home" = | ||||
|     { device = "rpool/user/home"; | ||||
|   fileSystems."/home" = { | ||||
|     device = "rpool/user/home"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/nix" = | ||||
|     { device = "rpool/local/nix"; | ||||
|   fileSystems."/nix" = { | ||||
|     device = "rpool/local/nix"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/tmp" = | ||||
|     { device = "rpool/local/tmp"; | ||||
|   fileSystems."/tmp" = { | ||||
|     device = "rpool/local/tmp"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/var/log" = | ||||
|     { device = "rpool/system/var/log"; | ||||
|   fileSystems."/var/log" = { | ||||
|     device = "rpool/system/var/log"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/var/tmp" = | ||||
|     { device = "rpool/system/var/tmp"; | ||||
|   fileSystems."/var/tmp" = { | ||||
|     device = "rpool/system/var/tmp"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/boot" = | ||||
|     { device = "/dev/sda1"; | ||||
|   fileSystems."/boot" = { | ||||
|     device = "/dev/sda1"; | ||||
|     fsType = "ext2"; | ||||
|   }; | ||||
|  | ||||
|   swapDevices = [ ]; | ||||
|  | ||||
|   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking | ||||
|   # (the default) this is the recommended approach. When using systemd-networkd it's | ||||
|   # still possible to use this option, but it's recommended to use it in conjunction | ||||
|   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. | ||||
|   networking.useDHCP = lib.mkDefault true; | ||||
|   # networking.interfaces.eno1.useDHCP = lib.mkDefault true; | ||||
|  | ||||
|   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; | ||||
|  | ||||
|   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; | ||||
| } | ||||
|   | ||||
							
								
								
									
										102
									
								
								hosts/hypnos/0001-Add-apple_set_os-EFI-boot-service.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										102
									
								
								hosts/hypnos/0001-Add-apple_set_os-EFI-boot-service.patch
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,102 @@ | ||||
| From d310ddee0fb8e7a5a8b89668c6cb8f9dc863ce94 Mon Sep 17 00:00:00 2001 | ||||
| From: Jordan Holt <jordan@vimium.com> | ||||
| Date: Sun, 28 Apr 2024 15:59:52 +0100 | ||||
| Subject: [PATCH] Add apple_set_os EFI boot service | ||||
|  | ||||
| --- | ||||
|  drivers/firmware/efi/libstub/x86-stub.c | 59 +++++++++++++++++++++++++ | ||||
|  include/linux/efi.h                     |  1 + | ||||
|  2 files changed, 60 insertions(+) | ||||
|  | ||||
| diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c | ||||
| index d5a8182cf..be722c43a 100644 | ||||
| --- a/drivers/firmware/efi/libstub/x86-stub.c | ||||
| +++ b/drivers/firmware/efi/libstub/x86-stub.c | ||||
| @@ -449,6 +449,63 @@ static void setup_graphics(struct boot_params *boot_params) | ||||
|  	} | ||||
|  } | ||||
|   | ||||
| +typedef struct { | ||||
| +	u64 version; | ||||
| +	void (*set_os_version) (const char *os_version); | ||||
| +	void (*set_os_vendor) (const char *os_vendor); | ||||
| +} apple_set_os_interface_t; | ||||
| + | ||||
| +static efi_status_t apple_set_os() | ||||
| +{ | ||||
| +	apple_set_os_interface_t *set_os; | ||||
| +	efi_guid_t set_os_guid = APPLE_SET_OS_PROTOCOL_GUID; | ||||
| +	efi_status_t status; | ||||
| +	void **handles; | ||||
| +	unsigned long i, nr_handles, size = 0; | ||||
| + | ||||
| +	status = efi_bs_call(locate_handle, EFI_LOCATE_BY_PROTOCOL, | ||||
| +			     &set_os_guid, NULL, &size, handles); | ||||
| + | ||||
| +	if (status == EFI_BUFFER_TOO_SMALL) { | ||||
| +		status = efi_bs_call(allocate_pool, EFI_LOADER_DATA, | ||||
| +				     size, &handles); | ||||
| + | ||||
| +		if (status != EFI_SUCCESS) | ||||
| +			return status; | ||||
| + | ||||
| +		status = efi_bs_call(locate_handle, EFI_LOCATE_BY_PROTOCOL, | ||||
| +				     &set_os_guid, NULL, &size, handles); | ||||
| +	} | ||||
| + | ||||
| +	if (status != EFI_SUCCESS) | ||||
| +		goto free_handle; | ||||
| + | ||||
| +	nr_handles = size / sizeof(void *); | ||||
| +	for (i = 0; i < nr_handles; i++) { | ||||
| +		void *h = handles[i]; | ||||
| + | ||||
| +		status = efi_bs_call(handle_protocol, h, | ||||
| +				     &set_os_guid, &set_os); | ||||
| + | ||||
| +		if (status != EFI_SUCCESS || !set_os) | ||||
| +			continue; | ||||
| + | ||||
| +		if (set_os->version > 0) { | ||||
| +			efi_bs_call((unsigned long)set_os->set_os_version, | ||||
| +					"Mac OS X 10.9"); | ||||
| +		} | ||||
| + | ||||
| +		if (set_os->version >= 2) { | ||||
| +			efi_bs_call((unsigned long)set_os->set_os_vendor, | ||||
| +					"Apple Inc."); | ||||
| +		} | ||||
| +	} | ||||
| + | ||||
| +free_handle: | ||||
| +	efi_bs_call(free_pool, uga_handle); | ||||
| + | ||||
| +	return status; | ||||
| +} | ||||
|   | ||||
|  static void __noreturn efi_exit(efi_handle_t handle, efi_status_t status) | ||||
|  { | ||||
| @@ -951,6 +1008,8 @@ void __noreturn efi_stub_entry(efi_handle_t handle, | ||||
|   | ||||
|  	setup_unaccepted_memory(); | ||||
|   | ||||
| +	apple_set_os(); | ||||
| + | ||||
|  	status = exit_boot(boot_params, handle); | ||||
|  	if (status != EFI_SUCCESS) { | ||||
|  		efi_err("exit_boot() failed!\n"); | ||||
| diff --git a/include/linux/efi.h b/include/linux/efi.h | ||||
| index d59b0947f..81158014f 100644 | ||||
| --- a/include/linux/efi.h | ||||
| +++ b/include/linux/efi.h | ||||
| @@ -385,6 +385,7 @@ void efi_native_runtime_setup(void); | ||||
|  #define EFI_MEMORY_ATTRIBUTES_TABLE_GUID	EFI_GUID(0xdcfa911d, 0x26eb, 0x469f,  0xa2, 0x20, 0x38, 0xb7, 0xdc, 0x46, 0x12, 0x20) | ||||
|  #define EFI_CONSOLE_OUT_DEVICE_GUID		EFI_GUID(0xd3b36f2c, 0xd551, 0x11d4,  0x9a, 0x46, 0x00, 0x90, 0x27, 0x3f, 0xc1, 0x4d) | ||||
|  #define APPLE_PROPERTIES_PROTOCOL_GUID		EFI_GUID(0x91bd12fe, 0xf6c3, 0x44fb,  0xa5, 0xb7, 0x51, 0x22, 0xab, 0x30, 0x3a, 0xe0) | ||||
| +#define APPLE_SET_OS_PROTOCOL_GUID		EFI_GUID(0xc5c5da95, 0x7d5c, 0x45e6,  0xb2, 0xf1, 0x3f, 0xd5, 0x2b, 0xb1, 0x00, 0x77) | ||||
|  #define EFI_TCG2_PROTOCOL_GUID			EFI_GUID(0x607f766c, 0x7455, 0x42be,  0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f) | ||||
|  #define EFI_TCG2_FINAL_EVENTS_TABLE_GUID	EFI_GUID(0x1e2ed096, 0x30e2, 0x4254,  0xbd, 0x89, 0x86, 0x3b, 0xbe, 0xf8, 0x23, 0x25) | ||||
|  #define EFI_LOAD_FILE_PROTOCOL_GUID		EFI_GUID(0x56ec3091, 0x954c, 0x11d2,  0x8e, 0x3f, 0x00, 0xa0, 0xc9, 0x69, 0x72, 0x3b) | ||||
| --  | ||||
| 2.42.0 | ||||
|  | ||||
							
								
								
									
										35
									
								
								hosts/hypnos/README.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										35
									
								
								hosts/hypnos/README.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,35 @@ | ||||
| # Hypnos | ||||
|  | ||||
| ## Overview | ||||
| 15-inch MacBook Pro 11,3 (Mid 2014). | ||||
|  | ||||
| ## Specs | ||||
| * CPU - Intel Core i7-4870HQ @ 2.50GHz | ||||
| * Memory - 16 GB DDR3 | ||||
| * GPU - Intel Iris Pro 5200 | ||||
| * GPU - NVIDIA GeForce GT 750M | ||||
| * NIC - Broadcom BCM43xx 802.11ac | ||||
|  | ||||
| ### Disks | ||||
| Device | Partitions _(filesystem, size, usage)_ | ||||
| --- | --- | ||||
| Apple SSD SM0512F | `/dev/sda1` (EFI, 256 MiB, NixOS Boot) <br> `/dev/sda2` (ZFS, 500 GiB, NixOS Root) | ||||
|  | ||||
| #### ZFS pool layout | ||||
| ``` | ||||
| rpool/ | ||||
| ├── local | ||||
| │   ├── nix | ||||
| │   └── tmp | ||||
| ├── system | ||||
| │   ├── root | ||||
| │   └── var | ||||
| └── user | ||||
|     └── home | ||||
| ``` | ||||
|  | ||||
| See [Graham Christensen's article](https://grahamc.com/blog/nixos-on-zfs/#datasets) for the motivation behind these datasets. | ||||
|  | ||||
| ### Networks | ||||
| - DHCP on `10.0.1.0/24` subnet. | ||||
| - Tailscale on `100.64.0.0/10` subnet. FQDN: `hypnos.mesh.vimium.net`. | ||||
							
								
								
									
										45
									
								
								hosts/hypnos/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										45
									
								
								hosts/hypnos/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,45 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| { | ||||
|   imports = [ | ||||
|     ./hardware-configuration.nix | ||||
|     ./disko-config.nix | ||||
|     ../desktop.nix | ||||
|   ]; | ||||
|  | ||||
|   boot.loader = { | ||||
|     systemd-boot.enable = true; | ||||
|     efi.canTouchEfiVariables = true; | ||||
|   }; | ||||
|  | ||||
|   networking.hostId = "cf791898"; | ||||
|  | ||||
|   modules = { | ||||
|     desktop = { | ||||
|       browsers = { | ||||
|         firefox.enable = true; | ||||
|       }; | ||||
|       gnome.enable = lib.mkForce false; | ||||
|       kde.enable = true; | ||||
|       media.recording = { | ||||
|         audio.enable = true; | ||||
|       }; | ||||
|     }; | ||||
|     dev = { | ||||
|       node.enable = true; | ||||
|     }; | ||||
|     editors = { | ||||
|       neovim.enable = true; | ||||
|     }; | ||||
|     security = { | ||||
|       gpg.enable = true; | ||||
|       pass.enable = true; | ||||
|     }; | ||||
|     shell = { | ||||
|       git.enable = true; | ||||
|       zsh.enable = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   system.stateVersion = "22.11"; | ||||
| } | ||||
							
								
								
									
										126
									
								
								hosts/hypnos/disko-config.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										126
									
								
								hosts/hypnos/disko-config.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,126 @@ | ||||
| { lib, ... }: | ||||
| { | ||||
|   disko.devices = { | ||||
|     disk = { | ||||
|       main = { | ||||
|         type = "disk"; | ||||
|         device = "/dev/disk/by-id/ata-APPLE_SSD_SM0512F_S1K5NYBF736152"; | ||||
|         content = { | ||||
|           type = "gpt"; | ||||
|           partitions = { | ||||
|             ESP = { | ||||
|               size = "256M"; | ||||
|               type = "EF00"; | ||||
|               content = { | ||||
|                 type = "filesystem"; | ||||
|                 format = "vfat"; | ||||
|                 mountpoint = "/boot"; | ||||
|               }; | ||||
|             }; | ||||
|             zfs = { | ||||
|               size = "100%"; | ||||
|               content = { | ||||
|                 type = "zfs"; | ||||
|                 pool = "rpool"; | ||||
|               }; | ||||
|             }; | ||||
|           }; | ||||
|         }; | ||||
|       }; | ||||
|     }; | ||||
|     zpool = { | ||||
|       rpool = { | ||||
|         type = "zpool"; | ||||
|         options = { | ||||
|           ashift = "12"; | ||||
|         }; | ||||
|         rootFsOptions = { | ||||
|           canmount = "off"; | ||||
|           mountpoint = "none"; | ||||
|           dnodesize = "auto"; | ||||
|           xattr = "sa"; | ||||
|         }; | ||||
|         postCreateHook = "zfs snapshot rpool@blank"; | ||||
|         datasets = { | ||||
|           local = { | ||||
|             type = "zfs_fs"; | ||||
|             options = { | ||||
|               mountpoint = "none"; | ||||
|             }; | ||||
|           }; | ||||
|           "local/nix" = { | ||||
|             type = "zfs_fs"; | ||||
|             mountpoint = "/nix"; | ||||
|             options = { | ||||
|               atime = "off"; | ||||
|               mountpoint = "legacy"; | ||||
|             }; | ||||
|           }; | ||||
|           "local/tmp" = { | ||||
|             type = "zfs_fs"; | ||||
|             mountpoint = "/tmp"; | ||||
|             options = { | ||||
|               setuid = "off"; | ||||
|               devices = "off"; | ||||
|               mountpoint = "legacy"; | ||||
|             }; | ||||
|           }; | ||||
|           system = { | ||||
|             type = "zfs_fs"; | ||||
|             mountpoint = "/"; | ||||
|             options = { | ||||
|               mountpoint = "legacy"; | ||||
|             }; | ||||
|           }; | ||||
|           "system/var" = { | ||||
|             type = "zfs_fs"; | ||||
|             mountpoint = "/var"; | ||||
|             options = { | ||||
|               mountpoint = "legacy"; | ||||
|             }; | ||||
|           }; | ||||
|           "system/var/tmp" = { | ||||
|             type = "zfs_fs"; | ||||
|             mountpoint = "/var/tmp"; | ||||
|             options = { | ||||
|               devices = "off"; | ||||
|               mountpoint = "legacy"; | ||||
|             }; | ||||
|           }; | ||||
|           "system/var/log" = { | ||||
|             type = "zfs_fs"; | ||||
|             mountpoint = "/var/log"; | ||||
|             options = { | ||||
|               compression = "on"; | ||||
|               acltype = "posix"; | ||||
|               mountpoint = "legacy"; | ||||
|             }; | ||||
|           }; | ||||
|           user = { | ||||
|             type = "zfs_fs"; | ||||
|             options = { | ||||
|               mountpoint = "none"; | ||||
|               encryption = "aes-256-gcm"; | ||||
|               keyformat = "passphrase"; | ||||
|               keylocation = "file:///tmp/secret.key"; | ||||
|             }; | ||||
|             # use this to read the key during boot | ||||
|             postCreateHook = '' | ||||
|               zfs set keylocation="prompt" "rpool/$name"; | ||||
|             ''; | ||||
|           }; | ||||
|           "user/home" = { | ||||
|             type = "zfs_fs"; | ||||
|             mountpoint = "/home"; | ||||
|             options = { | ||||
|               setuid = "off"; | ||||
|               devices = "off"; | ||||
|               mountpoint = "legacy"; | ||||
|             }; | ||||
|           }; | ||||
|         }; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
|  | ||||
							
								
								
									
										41
									
								
								hosts/hypnos/hardware-configuration.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										41
									
								
								hosts/hypnos/hardware-configuration.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,41 @@ | ||||
| { config, lib, pkgs, modulesPath, ... }: | ||||
|  | ||||
| { | ||||
|   imports = [ | ||||
|     (modulesPath + "/installer/scan/not-detected.nix") | ||||
|   ]; | ||||
|  | ||||
|   boot = { | ||||
|     initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; | ||||
|     kernelModules = [ "applesmc" "kvm-intel" "wl" ]; | ||||
|     kernelPatches = [ | ||||
|       { | ||||
|         name = "spoof-mac-os-x"; | ||||
|         patch = ./0001-Add-apple_set_os-EFI-boot-service.patch; | ||||
|       } | ||||
|     ]; | ||||
|     extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; | ||||
|   }; | ||||
|  | ||||
|   networking.useDHCP = lib.mkDefault true; | ||||
|  | ||||
|   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; | ||||
|  | ||||
|   hardware = { | ||||
|     cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; | ||||
|     opengl = { | ||||
|       enable = true; | ||||
|       extraPackages = with pkgs; [ | ||||
|         intel-vaapi-driver | ||||
|         intel-media-driver | ||||
|         libvdpau-va-gl | ||||
|       ]; | ||||
|       driSupport = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   environment.variables = { | ||||
|     VDPAU_DRIVER = "va_gl"; | ||||
|   }; | ||||
| } | ||||
|  | ||||
							
								
								
									
										46
									
								
								hosts/library/README.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										46
									
								
								hosts/library/README.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,46 @@ | ||||
| # Library | ||||
|  | ||||
| ## Overview | ||||
| Media and public file server. | ||||
|  | ||||
| ## Specs | ||||
| * CPU - AMD Ryzen 5 5600G @ 3.90GHz | ||||
| * Chipset - AMD B550 | ||||
| * Memory - 64 GB DDR4 | ||||
| * Motherboard - ASRock B550M Pro4 | ||||
| * Case - Fractal Design Node 804 | ||||
|  | ||||
| ### Disks | ||||
| Device | Partitions _(filesystem, size, usage)_ | ||||
| --- | --- | ||||
| Samsung 980 Evo | `/dev/nvme0n1p1` (EFI, 512 MiB, NixOS Boot) <br> `/dev/nvme0n1p2` (ZFS `rpool`, 200 GiB, NixOS Root) | ||||
|  | ||||
| #### ZFS datasets | ||||
| ``` | ||||
| rpool/ | ||||
| ├── local | ||||
| │   ├── nix | ||||
| │   └── tmp | ||||
| ├── system | ||||
| │   ├── root | ||||
| │   └── var | ||||
| └── user | ||||
|     └── home | ||||
|  | ||||
| library/ | ||||
| ├── books | ||||
| ├── fonts | ||||
| ├── movies | ||||
| ├── music | ||||
| ├── software | ||||
| ├── tv | ||||
| ├── videos | ||||
| └── web | ||||
| ``` | ||||
|  | ||||
| See [Graham Christensen's article](https://grahamc.com/blog/nixos-on-zfs/#datasets) for the motivation behind the `rpool` datasets. | ||||
|  | ||||
| ### Networks | ||||
| - DHCP on `10.0.1.0/24` subnet. | ||||
| - Tailscale on `100.64.0.0/10` subnet. FQDN: `library.mesh.vimium.net`. | ||||
|  | ||||
							
								
								
									
										172
									
								
								hosts/library/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										172
									
								
								hosts/library/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,172 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib.my; | ||||
| { | ||||
|   imports = [ | ||||
|     ./hardware-configuration.nix | ||||
|     ../server.nix | ||||
|   ]; | ||||
|  | ||||
|   boot = { | ||||
|     loader.systemd-boot.enable = true; | ||||
|     loader.efi.canTouchEfiVariables = true; | ||||
|     zfs.extraPools = [ "library" ]; | ||||
|   }; | ||||
|  | ||||
|   networking = { | ||||
|     domain = "mesh.vimium.net"; | ||||
|     hostId = "d24ae953"; | ||||
|     firewall = { | ||||
|       enable = true; | ||||
|       allowedTCPPorts = [ | ||||
|         22  # SSH | ||||
|       ]; | ||||
|     }; | ||||
|     networkmanager.enable = true; | ||||
|   }; | ||||
|  | ||||
|   services.zfs = { | ||||
|     autoScrub = { | ||||
|       enable = true; | ||||
|       pools = [ "library" ]; | ||||
|     }; | ||||
|     autoSnapshot = { | ||||
|       enable = true; | ||||
|       flags = "-k -p --utc"; | ||||
|       frequent = 0; | ||||
|       hourly = 0; | ||||
|       daily = 7; | ||||
|       monthly = 1; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   services.nfs.server = { | ||||
|     enable = true; | ||||
|   }; | ||||
|  | ||||
|   services.prometheus = { | ||||
|     enable = true; | ||||
|     port = 9001; | ||||
|     exporters = { | ||||
|       node = { | ||||
|         enable = true; | ||||
|         enabledCollectors = [ "systemd" ]; | ||||
|         port = 9002; | ||||
|       }; | ||||
|       zfs = { | ||||
|         enable = true; | ||||
|         port = 9003; | ||||
|       }; | ||||
|     }; | ||||
|     scrapeConfigs = [ | ||||
|       { | ||||
|         job_name = "library"; | ||||
|         static_configs = [{ | ||||
|           targets = [ | ||||
|             "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" | ||||
|             "127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}" | ||||
|           ]; | ||||
|         }]; | ||||
|       } | ||||
|     ]; | ||||
|   }; | ||||
|  | ||||
|   systemd.services.vps1-tunnel = { | ||||
|     enable = true; | ||||
|     description = "vps1.mesh.vimium.net SSH tunnel"; | ||||
|     after = [ | ||||
|       "network-online.target" | ||||
|       "jellyfin.service" | ||||
|     ]; | ||||
|     wants = [ "network-online.target" ]; | ||||
|     serviceConfig = { | ||||
|       Type="simple"; | ||||
|       ExecStart=pkgs.lib.mkForce '' | ||||
|         ${pkgs.openssh}/bin/ssh \ | ||||
|           -NT \ | ||||
|           -o ExitOnForwardFailure=yes \ | ||||
|           -o ServerAliveInterval=60 \ | ||||
|           -o TCPKeepAlive=no \ | ||||
|           -i %h/.ssh/id_jellyfin \ | ||||
|           -R localhost:8000:localhost:8000 \ | ||||
|           jellyfin@vps1.mesh.vimium.net | ||||
|       ''; | ||||
|       Restart="always"; | ||||
|       RestartSec=20; | ||||
|     }; | ||||
|     wantedBy = [ "default.target" ]; | ||||
|   }; | ||||
|  | ||||
|   services.nginx = let | ||||
|     proxyConfig = '' | ||||
|       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||||
|       proxy_set_header X-Forwarded-Proto $scheme; | ||||
|       proxy_set_header X-Real-IP $remote_addr; | ||||
|       proxy_set_header Host $host; | ||||
|  | ||||
|       proxy_set_header Range $http_range; | ||||
|       proxy_set_header If-Range $http_if_range; | ||||
|  | ||||
|       proxy_http_version 1.1; | ||||
|       proxy_set_header Upgrade $http_upgrade; | ||||
|       proxy_set_header Connection "upgrade"; | ||||
|     ''; | ||||
|   in { | ||||
|     enable = true; | ||||
|     package = pkgs.openresty; | ||||
|     recommendedGzipSettings = true; | ||||
|     recommendedOptimisation = true; | ||||
|     recommendedTlsSettings = true; | ||||
|     clientMaxBodySize = "2G"; | ||||
|     virtualHosts = { | ||||
|       "library.mesh.vimium.net" = { | ||||
|         locations."/" = { | ||||
|           root = "/mnt/library"; | ||||
|           extraConfig = '' | ||||
|             autoindex on; | ||||
|           ''; | ||||
|         }; | ||||
|       }; | ||||
|       "jellyfin.vimium.com" = { | ||||
|         default = true; | ||||
|         listen = [ | ||||
|           { | ||||
|             addr = "127.0.0.1"; | ||||
|             port = 8000; | ||||
|           } | ||||
|         ]; | ||||
|         locations."/" = { | ||||
|           proxyPass = "http://localhost:8096"; | ||||
|           extraConfig = proxyConfig; | ||||
|         }; | ||||
|         locations."/metrics" = { | ||||
|           return = "404"; | ||||
|         }; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   services.jellyfin.enable = true; | ||||
|  | ||||
|   modules = { | ||||
|     podman.enable = true; | ||||
|     security = { | ||||
|       gpg.enable = true; | ||||
|     }; | ||||
|     shell = { | ||||
|       zsh.enable = true; | ||||
|     }; | ||||
|     services = { | ||||
|       borgmatic = { | ||||
|         enable = true; | ||||
|         directories = [ | ||||
|           "/home/jordan" | ||||
|         ]; | ||||
|         repoPath = "ssh://b61758r4@b61758r4.repo.borgbase.com/./repo"; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   system.stateVersion = "22.11"; | ||||
| } | ||||
|  | ||||
							
								
								
									
										68
									
								
								hosts/library/hardware-configuration.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										68
									
								
								hosts/library/hardware-configuration.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,68 @@ | ||||
| { config, lib, pkgs, modulesPath, ... }: | ||||
|  | ||||
| { | ||||
|   imports = [ | ||||
|     (modulesPath + "/installer/scan/not-detected.nix") | ||||
|   ]; | ||||
|  | ||||
|   boot = { | ||||
|     initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ]; | ||||
|     initrd.kernelModules = [ ]; | ||||
|     kernelModules = [ "kvm-amd" ]; | ||||
|     extraModulePackages = [ ]; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/" = { | ||||
|     device = "rpool/system/root"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/var" = { | ||||
|     device = "rpool/system/var"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/var/log" = { | ||||
|     device = "rpool/system/var/log"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/var/tmp" = { | ||||
|     device = "rpool/system/var/tmp"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/var/lib/containers/storage" = { | ||||
|     device = "rpool/system/var/lib-containers-storage"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/nix" = { | ||||
|     device = "rpool/local/nix"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/tmp" = { | ||||
|     device = "rpool/local/tmp"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/home" = { | ||||
|     device = "rpool/user/home"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/boot" = { | ||||
|     device = "/dev/disk/by-uuid/F697-F1C0"; | ||||
|     fsType = "vfat"; | ||||
|   }; | ||||
|  | ||||
|   swapDevices = [ ]; | ||||
|  | ||||
|   networking.useDHCP = lib.mkDefault true; | ||||
|  | ||||
|   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; | ||||
|  | ||||
|   hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; | ||||
| } | ||||
|  | ||||
							
								
								
									
										18
									
								
								hosts/mail/README.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										18
									
								
								hosts/mail/README.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,18 @@ | ||||
| # Mail server | ||||
|  | ||||
| ## Overview | ||||
| Mail server hosted in OVH. | ||||
|  | ||||
| ## Specs | ||||
| * CPU - ?? | ||||
| * Memory - ?? | ||||
|  | ||||
| ### Disks | ||||
| Device | Partitions _(filesystem, usage)_ | ||||
| --- | --- | ||||
| NVMe | `/dev/sda1` (ext4, NixOS Root) | ||||
|  | ||||
| ### Networks | ||||
| - DHCP on `10.0.1.0/24` subnet. | ||||
| - Tailscale on `100.64.0.0/10` subnet. FQDN: `mail.mesh.vimium.net`. | ||||
|  | ||||
							
								
								
									
										49
									
								
								hosts/mail/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										49
									
								
								hosts/mail/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,49 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
|  | ||||
| { | ||||
|   imports = [ | ||||
|     ./hardware-configuration.nix | ||||
|     ./disko-config.nix | ||||
|     ../server.nix | ||||
|   ]; | ||||
|  | ||||
|   networking = { | ||||
|     hostId = "08ac2f14"; | ||||
|     domain = "mesh.vimium.net"; | ||||
|     firewall = { | ||||
|       enable = true; | ||||
|       allowedTCPPorts = [ | ||||
|         22    # SSH | ||||
|       ]; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   users = { | ||||
|     users = { | ||||
|       root = { | ||||
|         openssh.authorizedKeys.keys = [ | ||||
|           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com" | ||||
|         ]; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password"; | ||||
|  | ||||
|   modules = { | ||||
|     services = { | ||||
|       borgmatic = { | ||||
|         enable = true; | ||||
|         directories = [ | ||||
|           "/var/dkim" | ||||
|           "/var/lib" | ||||
|           "/var/vmail" | ||||
|         ]; | ||||
|         repoPath = "ssh://kg2mpt28@kg2mpt28.repo.borgbase.com/./repo"; | ||||
|       }; | ||||
|       mail.enable = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   system.stateVersion = "22.11"; | ||||
| } | ||||
							
								
								
									
										55
									
								
								hosts/mail/disko-config.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										55
									
								
								hosts/mail/disko-config.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,55 @@ | ||||
| { lib, ... }: | ||||
| { | ||||
|   disko.devices = { | ||||
|     disk.disk1 = { | ||||
|       device = lib.mkDefault "/dev/sda"; | ||||
|       type = "disk"; | ||||
|       content = { | ||||
|         type = "gpt"; | ||||
|         partitions = { | ||||
|           boot = { | ||||
|             name = "boot"; | ||||
|             size = "2M"; | ||||
|             type = "EF02"; | ||||
|           }; | ||||
|           esp = { | ||||
|             name = "ESP"; | ||||
|             size = "300M"; | ||||
|             type = "EF00"; | ||||
|             content = { | ||||
|               type = "filesystem"; | ||||
|               format = "vfat"; | ||||
|               mountpoint = "/boot"; | ||||
|             }; | ||||
|           }; | ||||
|           root = { | ||||
|             name = "root"; | ||||
|             size = "100%"; | ||||
|             content = { | ||||
|               type = "lvm_pv"; | ||||
|               vg = "pool"; | ||||
|             }; | ||||
|           }; | ||||
|         }; | ||||
|       }; | ||||
|     }; | ||||
|     lvm_vg = { | ||||
|       pool = { | ||||
|         type = "lvm_vg"; | ||||
|         lvs = { | ||||
|           root = { | ||||
|             size = "100%FREE"; | ||||
|             content = { | ||||
|               type = "filesystem"; | ||||
|               format = "ext4"; | ||||
|               mountpoint = "/"; | ||||
|               mountOptions = [ | ||||
|                 "defaults" | ||||
|               ]; | ||||
|             }; | ||||
|           }; | ||||
|         }; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
							
								
								
									
										22
									
								
								hosts/mail/hardware-configuration.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										22
									
								
								hosts/mail/hardware-configuration.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,22 @@ | ||||
| { config, lib, pkgs, modulesPath, ... }: | ||||
|  | ||||
| { | ||||
|   imports = [ | ||||
|     (modulesPath + "/profiles/qemu-guest.nix") | ||||
|   ]; | ||||
|  | ||||
|   boot = { | ||||
|     initrd = { | ||||
|       availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; | ||||
|       kernelModules = [ "nvme" ]; | ||||
|     }; | ||||
|     loader.grub = { | ||||
|       efiSupport = true; | ||||
|       efiInstallAsRemovable = true; | ||||
|     }; | ||||
|     tmp.cleanOnBoot = true; | ||||
|   }; | ||||
|  | ||||
|   zramSwap.enable = true; | ||||
| } | ||||
|  | ||||
| @@ -1,57 +1,30 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
|  | ||||
| with lib.my; | ||||
| { | ||||
|   imports = [ | ||||
|     ./hardware-configuration.nix | ||||
|     ../desktop.nix | ||||
|   ]; | ||||
|  | ||||
|   boot.loader.systemd-boot = { | ||||
|   boot.loader = { | ||||
|     systemd-boot = { | ||||
|       enable = true; | ||||
|       graceful = true; | ||||
|       netbootxyz.enable = true; | ||||
|     }; | ||||
|   boot.loader.efi.canTouchEfiVariables = true; | ||||
|     efi.canTouchEfiVariables = true; | ||||
|   }; | ||||
|  | ||||
|   networking.hostName = "odyssey"; | ||||
|   networking.hostId = "c5e68d78"; | ||||
|   networking = { | ||||
|     hostId = "c5e68d78"; | ||||
|     networkmanager.enable = true; | ||||
|     firewall.trustedInterfaces = [ "lxdbr0" "virbr0" ]; # Work around https://github.com/NixOS/nixpkgs/issues/263359 | ||||
|   }; | ||||
|  | ||||
|   networking.networkmanager.enable = true; | ||||
|  | ||||
|   environment.etc."pipewire/pipewire.conf.d/surround.conf".text = '' | ||||
|     context.modules = [ | ||||
|       { | ||||
|         name = libpipewire-module-loopback | ||||
|         args = { | ||||
|           node.description = "1824c Surround" | ||||
|           capture.props = { | ||||
|             node.name = "1824c_Speakers" | ||||
|             media.class = "Audio/Sink" | ||||
|             audio.position = [ FL FR FC SL SR LFE ] | ||||
|           } | ||||
|           playback.props = { | ||||
|             node.name = "playback.1824c_Speakers" | ||||
|             audio.position = [ AUX0 AUX1 AUX2 AUX3 AUX4 AUX5 ] | ||||
|             target.object = "alsa_output.usb-PreSonus_Studio_1824c_SC4E21110775-00.multichannel-output" | ||||
|             stream.dont-remix = true | ||||
|             node.passive = true | ||||
|           } | ||||
|         } | ||||
|       } | ||||
|     ] | ||||
|   ''; | ||||
|  | ||||
|   nix.package = pkgs.nixFlakes; | ||||
|   nix.extraOptions = '' | ||||
|     experimental-features = nix-command flakes | ||||
|   ''; | ||||
|  | ||||
|   virtualisation.libvirtd.enable = true; | ||||
|  | ||||
|   users.defaultUserShell = pkgs.zsh; | ||||
|  | ||||
|   system.stateVersion = "22.11"; | ||||
|   virtualisation = { | ||||
|     libvirtd.enable = true; | ||||
|     lxd.enable = true; | ||||
|   }; | ||||
|  | ||||
|   services.nix-serve = { | ||||
|     enable = true; | ||||
| @@ -74,6 +47,17 @@ with lib.my; | ||||
|       browsers = { | ||||
|         firefox.enable = true; | ||||
|       }; | ||||
|       gaming = { | ||||
|         emulators = { | ||||
|           gamecube.enable = true; | ||||
|           ps2.enable = true; | ||||
|           ps3.enable = true; | ||||
|           psp.enable = true; | ||||
|           wii.enable = true; | ||||
|           xbox.enable = true; | ||||
|         }; | ||||
|         lutris.enable = true; | ||||
|       }; | ||||
|       media.graphics = { | ||||
|         modeling.enable = true; | ||||
|         raster.enable = true; | ||||
| @@ -90,13 +74,32 @@ with lib.my; | ||||
|     editors = { | ||||
|       neovim.enable = true; | ||||
|     }; | ||||
|     hardware.presonus-studio.enable = true; | ||||
|     security = { | ||||
|       gpg.enable = true; | ||||
|       pass.enable = true; | ||||
|     }; | ||||
|     services = { | ||||
|       borgmatic = { | ||||
|         enable = true; | ||||
|         directories = [ | ||||
|           "/home/jordan/Documents" | ||||
|           "/home/jordan/Downloads" | ||||
|           "/home/jordan/Music" | ||||
|           "/home/jordan/Pictures" | ||||
|           "/home/jordan/projects" | ||||
|           "/home/jordan/Videos" | ||||
|           "/home/jordan/.mozilla" | ||||
|         ]; | ||||
|         repoPath = "ssh://iqwu22oq@iqwu22oq.repo.borgbase.com/./repo"; | ||||
|       }; | ||||
|       gitea-runner.enable = true; | ||||
|     }; | ||||
|     shell = { | ||||
|       git.enable = true; | ||||
|       zsh.enable = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   system.stateVersion = "22.11"; | ||||
| } | ||||
|   | ||||
| @@ -1,83 +1,72 @@ | ||||
| # Do not modify this file!  It was generated by ‘nixos-generate-config’ | ||||
| # and may be overwritten by future invocations.  Please make changes | ||||
| # to /etc/nixos/configuration.nix instead. | ||||
| { config, lib, pkgs, modulesPath, ... }: | ||||
|  | ||||
| let | ||||
|   snd-usb-audio-module = pkgs.callPackage ./snd-usb-audio.nix { | ||||
|     kernel = config.boot.kernelPackages.kernel; | ||||
| { | ||||
|   imports = [ | ||||
|     (modulesPath + "/installer/scan/not-detected.nix") | ||||
|   ]; | ||||
|  | ||||
|   boot = { | ||||
|     initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; | ||||
|     initrd.kernelModules = [ ]; | ||||
|     initrd.supportedFilesystems = [ "zfs" ]; | ||||
|     kernelModules = [ "kvm-intel" ]; | ||||
|     kernelPackages = pkgs.linuxPackages; | ||||
|     supportedFilesystems = [ "ntfs" ]; | ||||
|     binfmt.emulatedSystems = [ "aarch64-linux" ]; | ||||
|   }; | ||||
| in { | ||||
|   imports = | ||||
|     [ (modulesPath + "/installer/scan/not-detected.nix") | ||||
|     ]; | ||||
|  | ||||
|   boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; | ||||
|   boot.initrd.kernelModules = [ ]; | ||||
|   boot.kernelModules = [ "kvm-intel" ]; | ||||
|   boot.extraModulePackages = [ | ||||
|     (snd-usb-audio-module.overrideAttrs (_: { | ||||
|       patches = [ ./0001-Update-device-ID-for-PreSonus-1824c.patch ]; | ||||
|     })) | ||||
|   ]; | ||||
|   boot.supportedFilesystems = [ "ntfs" ]; | ||||
|   boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; | ||||
|  | ||||
|   hardware.nvidia = { | ||||
|   hardware = { | ||||
|     cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; | ||||
|     nvidia = { | ||||
|       modesetting.enable = true; | ||||
|       powerManagement.enable = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   services.xserver.videoDrivers = [ "nvidia" ]; | ||||
|  | ||||
|   fileSystems."/" = | ||||
|     { device = "rpool/system/root"; | ||||
|   fileSystems."/" = { | ||||
|     device = "rpool/system/root"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/home" = | ||||
|     { device = "rpool/user/home"; | ||||
|   fileSystems."/home" = { | ||||
|     device = "rpool/user/home"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/var" = | ||||
|     { device = "rpool/system/var"; | ||||
|   fileSystems."/var" = { | ||||
|     device = "rpool/system/var"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/nix" = | ||||
|     { device = "rpool/local/nix"; | ||||
|   fileSystems."/tmp" = { | ||||
|     device = "rpool/local/tmp"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/tmp" = | ||||
|     { device = "rpool/local/tmp"; | ||||
|   fileSystems."/var/log" = { | ||||
|     device = "rpool/system/var/log"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/var/log" = | ||||
|     { device = "rpool/system/var/log"; | ||||
|   fileSystems."/var/tmp" = { | ||||
|     device = "rpool/system/var/tmp"; | ||||
|     fsType = "zfs"; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/var/tmp" = | ||||
|     { device = "rpool/system/var/tmp"; | ||||
|       fsType = "zfs"; | ||||
|     }; | ||||
|  | ||||
|   fileSystems."/boot" = | ||||
|     { device = "/dev/disk/by-uuid/E63E-8E75"; | ||||
|   fileSystems."/boot" = { | ||||
|     device = "/dev/disk/by-uuid/E63E-8E75"; | ||||
|     fsType = "vfat"; | ||||
|   }; | ||||
|  | ||||
|   swapDevices = [ ]; | ||||
|  | ||||
|   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking | ||||
|   # (the default) this is the recommended approach. When using systemd-networkd it's | ||||
|   # still possible to use this option, but it's recommended to use it in conjunction | ||||
|   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. | ||||
|   networking.useDHCP = lib.mkDefault true; | ||||
|   # networking.interfaces.eno1.useDHCP = lib.mkDefault true; | ||||
|  | ||||
|   environment.systemPackages = [ | ||||
|     pkgs.apfs-fuse | ||||
|   ]; | ||||
|  | ||||
|   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; | ||||
|   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; | ||||
| } | ||||
|   | ||||
							
								
								
									
										25
									
								
								hosts/pi/README.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								hosts/pi/README.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | ||||
| # Pi | ||||
|  | ||||
| ## Overview | ||||
| Raspberry Pi 4 | ||||
|  | ||||
| ## Specs | ||||
| * SoC - Broadcom BCM2711 | ||||
| * CPU - ARM Cortex-A72 @ 1.8 GHz | ||||
| * Memory - 8 GB LPDDR4 | ||||
|  | ||||
| ### Disks | ||||
| Device | Partitions _(filesystem, usage)_ | ||||
| --- | --- | ||||
| SD card | `/dev/mmcblk0` (ext4, NixOS Root) | ||||
|  | ||||
| ### Networks | ||||
| - DHCP on `10.0.1.0/24` subnet. | ||||
| - Tailscale on `100.64.0.0/10` subnet. FQDN: `pi.mesh.vimium.net`. | ||||
|  | ||||
| ## Devices and connections | ||||
|  | ||||
| - SONOFF Zigbee 3.0 USB Dongle Plus (connected to USB 2.0 port to avoid [interference](https://www.unit3compliance.co.uk/2-4ghz-intra-system-or-self-platform-interference-demonstration/)) | ||||
| - HDMI to ONKYO HT-R990 | ||||
| - S/PDIF to ONKYO HT-R990 | ||||
| - Ethernet to ONKYO HT-R990 | ||||
							
								
								
									
										250
									
								
								hosts/pi/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										250
									
								
								hosts/pi/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,250 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
|  | ||||
| { | ||||
|   imports = [ | ||||
|     ./hardware-configuration.nix | ||||
|     ../server.nix | ||||
|   ]; | ||||
|  | ||||
|   networking.hostId = "731d1660"; | ||||
|  | ||||
|   hardware = { | ||||
|     raspberry-pi."4" = { | ||||
|       apply-overlays-dtmerge.enable = true; | ||||
|       audio.enable = false; | ||||
|       fkms-3d.enable = false; | ||||
|       xhci.enable = false; | ||||
|     }; | ||||
|     deviceTree = { | ||||
|       enable = true; | ||||
|       filter = "*rpi-4-*.dtb"; | ||||
|       overlays = [ | ||||
|         { | ||||
|           name = "audio-off-overlay"; | ||||
|           dtsText = '' | ||||
|             /dts-v1/; | ||||
|             /plugin/; | ||||
|  | ||||
|             / { | ||||
|               compatible = "brcm,bcm2711"; | ||||
|  | ||||
|               fragment@0 { | ||||
|                 target = <&vchiq>; | ||||
|  | ||||
|                 __overlay__ { | ||||
|                   status = "disabled"; | ||||
|                 }; | ||||
|               }; | ||||
|             }; | ||||
|           ''; | ||||
|         } | ||||
|         { | ||||
|           # Adapted from: https://github.com/raspberrypi/linux/blob/rpi-6.1.y/arch/arm/boot/dts/overlays/hifiberry-digi-pro-overlay.dts | ||||
|           # changes: | ||||
|           # - modified top-level "compatible" field from bcm2835 to bcm2711 | ||||
|           # - s/i2s_clk_consumer/i2s/ (name on bcm2711 platform) | ||||
|           name = "hifiberry-digi-pro"; | ||||
|           dtsText = '' | ||||
|             /dts-v1/; | ||||
|             /plugin/; | ||||
|  | ||||
|             / { | ||||
|                 compatible = "brcm,bcm2711"; | ||||
|  | ||||
|                 fragment@0 { | ||||
|                     target = <&i2s>; | ||||
|                     __overlay__ { | ||||
|                         status = "okay"; | ||||
|                     }; | ||||
|                 }; | ||||
|  | ||||
|                 fragment@1 { | ||||
|                     target = <&i2c1>; | ||||
|                     __overlay__ { | ||||
|                         #address-cells = <1>; | ||||
|                         #size-cells = <0>; | ||||
|                         status = "okay"; | ||||
|  | ||||
|                         wm8804@3b { | ||||
|                             #sound-dai-cells = <0>; | ||||
|                             compatible = "wlf,wm8804"; | ||||
|                             reg = <0x3b>; | ||||
|                             PVDD-supply = <&vdd_3v3_reg>; | ||||
|                             DVDD-supply = <&vdd_3v3_reg>; | ||||
|                             status = "okay"; | ||||
|                         }; | ||||
|                     }; | ||||
|                 }; | ||||
|  | ||||
|                 fragment@2 { | ||||
|                     target = <&sound>; | ||||
|                     __overlay__ { | ||||
|                         compatible = "hifiberry,hifiberry-digi"; | ||||
|                         i2s-controller = <&i2s>; | ||||
|                         status = "okay"; | ||||
|                         clock44-gpio = <&gpio 5 0>; | ||||
|                         clock48-gpio = <&gpio 6 0>; | ||||
|                     }; | ||||
|                 }; | ||||
|             }; | ||||
|           ''; | ||||
|         } | ||||
|       ]; | ||||
|     }; | ||||
|     firmware = with pkgs; [ | ||||
|       firmwareLinuxNonfree | ||||
|       wireless-regdb | ||||
|     ]; | ||||
|   }; | ||||
|  | ||||
|   sound.enable = true; | ||||
|  | ||||
|   security.rtkit.enable = true; | ||||
|   services.pipewire = { | ||||
|     enable = true; | ||||
|     alsa.enable = true; | ||||
|     alsa.support32Bit = true; | ||||
|     pulse.enable = true; | ||||
|   }; | ||||
|  | ||||
|   age.secrets."files/services/home-assistant/secrets.yaml" = { | ||||
|     file = "${inputs.secrets}/files/services/home-assistant/secrets.yaml.age"; | ||||
|     path = "${config.services.home-assistant.configDir}/secrets.yaml"; | ||||
|     owner = "hass"; | ||||
|     group = "hass"; | ||||
|   }; | ||||
|  | ||||
|   services.home-assistant = { | ||||
|     enable = true; | ||||
|     extraComponents = [ | ||||
|       "api" | ||||
|       "alert" | ||||
|       "auth" | ||||
|       "backup" | ||||
|       "command_line" | ||||
|       "default_config" | ||||
|       "homekit_controller" | ||||
|       "homekit" | ||||
|       "http" | ||||
|       "icloud" | ||||
|       "jellyfin" | ||||
|       "metoffice" | ||||
|       "mqtt" | ||||
|       "onkyo" | ||||
|       "ping" | ||||
|       "proximity" | ||||
|       "radio_browser" | ||||
|       "scrape" | ||||
|       "sensor" | ||||
|       "system_health" | ||||
|     ]; | ||||
|     config = { | ||||
|       default_config = {}; | ||||
|       backup = {}; | ||||
|       homeassistant = { | ||||
|         name = "Home"; | ||||
|         latitude = "!secret latitude"; | ||||
|         longitude = "!secret longitude"; | ||||
|         country = "GB"; | ||||
|         temperature_unit = "C"; | ||||
|         time_zone = config.time.timeZone; | ||||
|         unit_system = "metric"; | ||||
|       }; | ||||
|       mqtt = { }; | ||||
|       scene = "!include scenes.yaml"; | ||||
|       automation = "!include automations.yaml"; | ||||
|       system_health = { }; | ||||
|       recorder = { | ||||
|         purge_keep_days = 365; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   services.mosquitto = { | ||||
|     enable = true; | ||||
|     listeners = [{ | ||||
|       acl = [ "pattern readwrite #" ]; | ||||
|       omitPasswordAuth = true; | ||||
|       port = 1883; | ||||
|       settings = { | ||||
|         allow_anonymous = true; | ||||
|       }; | ||||
|     }]; | ||||
|   }; | ||||
|  | ||||
|   age.secrets."files/services/zigbee2mqtt/secret.yaml" = { | ||||
|     file = "${inputs.secrets}/files/services/zigbee2mqtt/secret.yaml.age"; | ||||
|     path = "${config.services.zigbee2mqtt.dataDir}/secret.yaml"; | ||||
|     owner = "zigbee2mqtt"; | ||||
|     group = "zigbee2mqtt"; | ||||
|   }; | ||||
|  | ||||
|   services.zigbee2mqtt = { | ||||
|     package = pkgs.unstable.zigbee2mqtt; | ||||
|     enable = true; | ||||
|     dataDir = "/var/lib/zigbee2mqtt"; | ||||
|     settings = { | ||||
|       homeassistant = lib.optionalAttrs config.services.home-assistant.enable { | ||||
|         discovery_topic = "homeassistant"; | ||||
|         status_topic = "hass/status"; | ||||
|         legacy_entity_attributes = true; | ||||
|         legacy_triggers = true; | ||||
|       }; | ||||
|       availability = true; | ||||
|       frontend = true; | ||||
|       device_options = { | ||||
|         retain = true; | ||||
|       }; | ||||
|       serial = { | ||||
|         port = "/dev/serial/by-id/usb-Silicon_Labs_Sonoff_Zigbee_3.0_USB_Dongle_Plus_0001-if00-port0"; | ||||
|       }; | ||||
|       advanced = { | ||||
|         channel = 20; | ||||
|         network_key = "!secret.yaml network_key"; | ||||
|         pan_id = 13001; | ||||
|         ext_pan_id = [ 79 1 73 47 250 136 124 222 ]; | ||||
|         transmit_power = 20; | ||||
|       }; | ||||
|       mqtt = { | ||||
|         version = 5; | ||||
|         server = "mqtt://localhost:1883"; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   modules = { | ||||
|     networking = { | ||||
|       wireless = { | ||||
|         enable = true; | ||||
|         interfaces = [ "wlan0" ]; | ||||
|       }; | ||||
|     }; | ||||
|     services = { | ||||
|       borgmatic = { | ||||
|         enable = true; | ||||
|         directories = [ | ||||
|           "/var/lib/mosquitto" | ||||
|           "/var/lib/zigbee2mqtt" | ||||
|         ]; | ||||
|         repoPath = "ssh://qcw86s11@qcw86s11.repo.borgbase.com/./repo"; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   # Connection to ONKYO HT-R990 | ||||
|   networking.interfaces.end0 = { | ||||
|     ipv4.addresses = [{ | ||||
|       address = "172.16.0.1"; | ||||
|       prefixLength = 30; | ||||
|     }]; | ||||
|   }; | ||||
|  | ||||
|   environment.systemPackages = with pkgs; [ | ||||
|     python311Packages.onkyo-eiscp | ||||
|     libraspberrypi | ||||
|     raspberrypi-eeprom | ||||
|   ]; | ||||
|  | ||||
|   system.stateVersion = "22.11"; | ||||
| } | ||||
|  | ||||
							
								
								
									
										31
									
								
								hosts/pi/hardware-configuration.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										31
									
								
								hosts/pi/hardware-configuration.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,31 @@ | ||||
| { config, lib, pkgs, modulesPath, ... }: | ||||
|  | ||||
| { | ||||
|   imports = [ | ||||
|     (modulesPath + "/installer/sd-card/sd-image-aarch64.nix") | ||||
|   ]; | ||||
|  | ||||
|   boot = { | ||||
|     # Stop ZFS kernel being built | ||||
|     supportedFilesystems = lib.mkForce [ "btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs" ]; | ||||
|     tmp.cleanOnBoot = true; | ||||
|   }; | ||||
|  | ||||
|   # Fix missing modules | ||||
|   # https://github.com/NixOS/nixpkgs/issues/154163 | ||||
|   nixpkgs.overlays = [ | ||||
|     (final: super: { | ||||
|       makeModulesClosure = x: | ||||
|         super.makeModulesClosure (x // { allowMissing = true; }); | ||||
|     }) | ||||
|   ]; | ||||
|  | ||||
|   fileSystems = { | ||||
|     "/" = { | ||||
|       device = "/dev/disk/by-label/NIXOS_SD"; | ||||
|       fsType = "ext4"; | ||||
|       options = [ "noatime" ]; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
|  | ||||
| @@ -1,39 +1,59 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| { | ||||
|   time.timeZone = "Europe/London"; | ||||
|  | ||||
|   i18n.defaultLocale = "en_GB.UTF-8"; | ||||
|   i18n.extraLocaleSettings = { | ||||
|     LC_ADDRESS = "en_GB.UTF-8"; | ||||
|     LC_IDENTIFICATION = "en_GB.UTF-8"; | ||||
|     LC_MEASUREMENT = "en_GB.UTF-8"; | ||||
|     LC_MONETARY = "en_GB.UTF-8"; | ||||
|     LC_NAME = "en_GB.UTF-8"; | ||||
|     LC_NUMERIC = "en_GB.UTF-8"; | ||||
|     LC_PAPER = "en_GB.UTF-8"; | ||||
|     LC_TELEPHONE = "en_GB.UTF-8"; | ||||
|     LC_TIME = "en_GB.UTF-8"; | ||||
|   }; | ||||
|  | ||||
|   console.keyMap = "uk"; | ||||
|  | ||||
|   services.openssh = { | ||||
|     enable = true; | ||||
|     settings = { | ||||
|       KbdInteractiveAuthentication = false; | ||||
|       PasswordAuthentication = false; | ||||
|       PermitRootLogin = "no"; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   environment.systemPackages = with pkgs; [ | ||||
|     git | ||||
|     neovim | ||||
|   imports = [ | ||||
|     ./common.nix | ||||
|   ]; | ||||
|  | ||||
|   documentation.enable = false; | ||||
|  | ||||
|   fonts.fontconfig.enable = false; | ||||
|  | ||||
|   security = { | ||||
|     acme = { | ||||
|       acceptTerms = true; | ||||
|       defaults = { | ||||
|         email = "hostmaster@vimium.com"; | ||||
|         group = "nginx"; | ||||
|         webroot = "/var/lib/acme/acme-challenge"; | ||||
|       }; | ||||
|     }; | ||||
|     auditd.enable = true; | ||||
|     audit = { | ||||
|       enable = true; | ||||
|       rules = [ | ||||
|         "-a exit,always -F arch=b64 -S execve" | ||||
|       ]; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   systemd = { | ||||
|     enableEmergencyMode = false; | ||||
|  | ||||
|     sleep.extraConfig = '' | ||||
|       AllowSuspend=no | ||||
|       AllowHibernation=no | ||||
|     ''; | ||||
|  | ||||
|     watchdog = { | ||||
|       runtimeTime = "20s"; | ||||
|       rebootTime = "30s"; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   services.fail2ban = { | ||||
|     enable = true; | ||||
|     bantime = "1h"; | ||||
|     bantime-increment = { | ||||
|       enable = true; | ||||
|       maxtime = "24h"; | ||||
|       rndtime = "7m"; | ||||
|     }; | ||||
|     ignoreIP = [ | ||||
|       "100.64.0.0/10" | ||||
|     ]; | ||||
|   }; | ||||
|  | ||||
|   modules.networking.tailscale = { | ||||
|     enable = true; | ||||
|     restrictSSH = false; | ||||
|   | ||||
							
								
								
									
										18
									
								
								hosts/vps1/README.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										18
									
								
								hosts/vps1/README.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,18 @@ | ||||
| # vps1 | ||||
|  | ||||
| ## Overview | ||||
| VPS hosted in OVH. | ||||
|  | ||||
| ## Specs | ||||
| * CPU - ?? | ||||
| * Memory - ?? | ||||
|  | ||||
| ### Disks | ||||
| Device | Partitions _(filesystem, usage)_ | ||||
| --- | --- | ||||
| NVMe | `/dev/sda1` (ext4, NixOS Root) | ||||
|  | ||||
| ### Networks | ||||
| - DHCP on `10.0.1.0/24` subnet. | ||||
| - Tailscale on `100.64.0.0/10` subnet. FQDN: `vps1.mesh.vimium.net`. | ||||
|  | ||||
							
								
								
									
										64
									
								
								hosts/vps1/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										64
									
								
								hosts/vps1/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,64 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
|  | ||||
| { | ||||
|   imports = [ | ||||
|     ./hardware-configuration.nix | ||||
|     ../server.nix | ||||
|   ]; | ||||
|  | ||||
|   networking = { | ||||
|     hostId = "08bf6db3"; | ||||
|     domain = "mesh.vimium.net"; | ||||
|     firewall = { | ||||
|       enable = true; | ||||
|       allowedTCPPorts = [ | ||||
|         22    # SSH | ||||
|       ]; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   users = { | ||||
|     users = { | ||||
|       jellyfin = { | ||||
|         isSystemUser = true; | ||||
|         group = "jellyfin"; | ||||
|         shell = "/bin/sh"; | ||||
|         openssh.authorizedKeys.keys = [ | ||||
|           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOaaS+KMAEAymZhIJGC4LK8aMhUzhpmloUgvP2cxeBH4 jellyfin" | ||||
|         ]; | ||||
|       }; | ||||
|       root = { | ||||
|         openssh.authorizedKeys.keys = [ | ||||
|           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com" | ||||
|         ]; | ||||
|       }; | ||||
|     }; | ||||
|     groups = { | ||||
|       jellyfin = { }; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password"; | ||||
|  | ||||
|   modules = { | ||||
|     services = { | ||||
|       borgmatic = { | ||||
|         enable = true; | ||||
|         directories = [ | ||||
|           "/home" | ||||
|           "/var/lib" | ||||
|           "/var/www" | ||||
|         ]; | ||||
|         repoPath = "ssh://p91y8oh7@p91y8oh7.repo.borgbase.com/./repo"; | ||||
|       }; | ||||
|       coturn.enable = true; | ||||
|       gitea.enable = true; | ||||
|       headscale.enable = true; | ||||
|       matrix-synapse.enable = true; | ||||
|       nginx.enable = true; | ||||
|       photoprism.enable = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   system.stateVersion = "22.11"; | ||||
| } | ||||
							
								
								
									
										26
									
								
								hosts/vps1/hardware-configuration.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										26
									
								
								hosts/vps1/hardware-configuration.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,26 @@ | ||||
| { config, lib, pkgs, modulesPath, ... }: | ||||
|  | ||||
| { | ||||
|   imports = [ | ||||
|     (modulesPath + "/profiles/qemu-guest.nix") | ||||
|   ]; | ||||
|  | ||||
|   boot = { | ||||
|     initrd = { | ||||
|       availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; | ||||
|       kernelModules = [ "nvme" ]; | ||||
|     }; | ||||
|     loader.grub.device = "/dev/sda"; | ||||
|     tmp.cleanOnBoot = true; | ||||
|   }; | ||||
|  | ||||
|   zramSwap.enable = true; | ||||
|  | ||||
|   fileSystems = { | ||||
|     "/" = { | ||||
|       device = "/dev/sda1"; | ||||
|       fsType = "ext4"; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
|  | ||||
| @@ -1,26 +0,0 @@ | ||||
| { lib, ... }: | ||||
|  | ||||
| with builtins; | ||||
| with lib; | ||||
| rec { | ||||
|   # attrsToList | ||||
|   attrsToList = attrs: | ||||
|     mapAttrsToList (name: value: { inherit name value; }) attrs; | ||||
|  | ||||
|   # mapFilterAttrs :: | ||||
|   #   (name -> value -> bool) | ||||
|   #   (name -> value -> { name = any; value = any; }) | ||||
|   #   attrs | ||||
|   mapFilterAttrs = pred: f: attrs: filterAttrs pred (mapAttrs' f attrs); | ||||
|  | ||||
|   # Generate an attribute set by mapping a function over a list of values. | ||||
|   genAttrs' = values: f: listToAttrs (map f values); | ||||
|  | ||||
|   # anyAttrs :: (name -> value -> bool) attrs | ||||
|   anyAttrs = pred: attrs: | ||||
|     any (attr: pred attr.name attr.value) (attrsToList attrs); | ||||
|  | ||||
|   # countAttrs :: (name -> value -> bool) attrs | ||||
|   countAttrs = pred: attrs: | ||||
|     count (attr: pred attr.name attr.value) (attrsToList attrs); | ||||
| } | ||||
| @@ -1,19 +0,0 @@ | ||||
|  | ||||
| { inputs, lib, pkgs, ... }: | ||||
|  | ||||
| let | ||||
|   inherit (lib) makeExtensible attrValues foldr; | ||||
|   inherit (modules) mapModules; | ||||
|  | ||||
|   modules = import ./modules.nix { | ||||
|     inherit lib; | ||||
|     self.attrs = import ./attrs.nix { inherit lib; self = {}; }; | ||||
|   }; | ||||
|  | ||||
|   mylib = makeExtensible (self: | ||||
|     with self; mapModules ./. | ||||
|       (file: import file { inherit self lib pkgs inputs; })); | ||||
| in | ||||
| mylib.extend | ||||
|   (self: super: | ||||
|     foldr (a: b: a // b) {} (attrValues super)) | ||||
| @@ -1,53 +0,0 @@ | ||||
| { self, lib, ... }: | ||||
|  | ||||
| let | ||||
|   inherit (builtins) attrValues readDir pathExists concatLists; | ||||
|   inherit (lib) id mapAttrsToList filterAttrs hasPrefix hasSuffix nameValuePair removeSuffix; | ||||
|   inherit (self.attrs) mapFilterAttrs; | ||||
| in | ||||
| rec { | ||||
|   mapModules = dir: fn: | ||||
|     mapFilterAttrs | ||||
|       (n: v: | ||||
|         v != null && | ||||
|         !(hasPrefix "_" n)) | ||||
|       (n: v: | ||||
|         let path = "${toString dir}/${n}"; in | ||||
|         if v == "directory" && pathExists "${path}/default.nix" | ||||
|         then nameValuePair n (fn path) | ||||
|         else if v == "regular" && | ||||
|                 n != "default.nix" && | ||||
|                 hasSuffix ".nix" n | ||||
|         then nameValuePair (removeSuffix ".nix" n) (fn path) | ||||
|         else nameValuePair "" null) | ||||
|       (readDir dir); | ||||
|  | ||||
|   mapModules' = dir: fn: | ||||
|     attrValues (mapModules dir fn); | ||||
|  | ||||
|   mapModulesRec = dir: fn: | ||||
|     mapFilterAttrs | ||||
|       (n: v: | ||||
|         v != null && | ||||
|         !(hasPrefix "_" n)) | ||||
|       (n: v: | ||||
|         let path = "${toString dir}/${n}"; in | ||||
|         if v == "directory" | ||||
|         then nameValuePair n (mapModulesRec path fn) | ||||
|         else if v == "regular" && n != "default.nix" && hasSuffix ".nix" n | ||||
|         then nameValuePair (removeSuffix ".nix" n) (fn path) | ||||
|         else nameValuePair "" null) | ||||
|       (readDir dir); | ||||
|  | ||||
|   mapModulesRec' = dir: fn: | ||||
|     let | ||||
|       dirs = | ||||
|         mapAttrsToList | ||||
|           (k: _: "${dir}/${k}") | ||||
|           (filterAttrs | ||||
|             (n: v: v == "directory" && !(hasPrefix "_" n)) | ||||
|             (readDir dir)); | ||||
|       files = attrValues (mapModules dir id); | ||||
|       paths = files ++ concatLists (map (d: mapModulesRec' d id) dirs); | ||||
|     in map fn paths; | ||||
| } | ||||
| @@ -1,25 +0,0 @@ | ||||
| { inputs, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let sys = "x86_64-linux"; | ||||
| in { | ||||
|   mkHost = path: attrs @ { system ? sys, ... }: | ||||
|     nixosSystem { | ||||
|       inherit system; | ||||
|       specialArgs = { inherit lib inputs system; }; | ||||
|       modules = [ | ||||
|         { | ||||
|           nixpkgs.pkgs = pkgs; | ||||
|           networking.hostName = mkDefault (removeSuffix ".nix" (baseNameOf path)); | ||||
|         } | ||||
|         (filterAttrs (n: v: !elem n [ "system" ]) attrs) | ||||
|         ../.   # /default.nix | ||||
|         (import path) | ||||
|       ]; | ||||
|     }; | ||||
|  | ||||
|   mapHosts = dir: attrs @ { system ? system, ... }: | ||||
|     mapModules dir | ||||
|       (hostPath: mkHost hostPath attrs); | ||||
| } | ||||
| @@ -1,35 +0,0 @@ | ||||
| { lib, ... }: | ||||
|  | ||||
| let | ||||
|   inherit (lib) mkOption types; | ||||
| in | ||||
| rec { | ||||
|   mkOpt = type: default: | ||||
|     mkOption { inherit type default; }; | ||||
|  | ||||
|   mkOpt' = type: default: description: | ||||
|     mkOption { inherit type default description; }; | ||||
|  | ||||
|   mkBoolOpt = default: mkOption { | ||||
|     inherit default; | ||||
|     type = types.bool; | ||||
|     example = true; | ||||
|   }; | ||||
|  | ||||
|   mkStringOpt = default: mkOption { | ||||
|     inherit default; | ||||
|     type = types.lines; | ||||
|     example = ""; | ||||
|   }; | ||||
|  | ||||
|   mkListOfStringOpt = default: mkOption { | ||||
|     inherit default; | ||||
|     type = types.listOf types.lines; | ||||
|     example = [ "a" "b" "c" ]; | ||||
|   }; | ||||
|  | ||||
|   mkPath = path: | ||||
|     if path != null | ||||
|     then toString path | ||||
|     else ""; | ||||
| } | ||||
| @@ -1,7 +1,10 @@ | ||||
| { | ||||
|   imports = [ | ||||
|     ./options.nix | ||||
|     ./podman.nix | ||||
|     ./desktop/gnome.nix | ||||
|     ./desktop/hyprland.nix | ||||
|     ./desktop/kde.nix | ||||
|     ./desktop/mimeapps.nix | ||||
|     ./desktop/apps/qbittorrent.nix | ||||
|     ./desktop/apps/slack.nix | ||||
| @@ -25,9 +28,21 @@ | ||||
|     ./dev/zig.nix | ||||
|     ./editors/neovim | ||||
|     ./editors/vscode.nix | ||||
|     ./hardware/presonus-studio.nix | ||||
|     ./networking/tailscale.nix | ||||
|     ./networking/wireless.nix | ||||
|     ./security/gpg.nix | ||||
|     ./security/pass.nix | ||||
|     ./services/borgmatic | ||||
|     ./services/chrony | ||||
|     ./services/coturn | ||||
|     ./services/gitea | ||||
|     ./services/gitea-runner | ||||
|     ./services/headscale | ||||
|     ./services/mail | ||||
|     ./services/matrix-synapse | ||||
|     ./services/nginx | ||||
|     ./services/photoprism | ||||
|     ./shell/git | ||||
|     ./shell/zsh | ||||
|   ]; | ||||
|   | ||||
| @@ -1,14 +1,15 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let cfg = config.modules.desktop.apps.qbittorrent; | ||||
| in { | ||||
|   options.modules.desktop.apps.qbittorrent = { | ||||
|     enable = mkBoolOpt false; | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     user.packages = with pkgs; [ | ||||
|       qbittorrent | ||||
|     ]; | ||||
|   | ||||
| @@ -1,14 +1,15 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let cfg = config.modules.desktop.apps.slack; | ||||
| in { | ||||
|   options.modules.desktop.apps.slack = { | ||||
|     enable = mkBoolOpt false; | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     user.packages = with pkgs; [ | ||||
|       slack | ||||
|     ]; | ||||
|   | ||||
| @@ -1,14 +1,15 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let cfg = config.modules.desktop.apps.thunderbird; | ||||
| in { | ||||
|   options.modules.desktop.apps.thunderbird = { | ||||
|     enable = mkBoolOpt false; | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|    | ||||
|   config = mkIf cfg.enable { | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     home.file.".thunderbird/Default/chrome/thunderbird-gnome-theme".source = inputs.thunderbird-gnome-theme; | ||||
|  | ||||
|     home.programs.thunderbird = { | ||||
|   | ||||
| @@ -1,14 +1,15 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let cfg = config.modules.desktop.apps.zoom; | ||||
| in { | ||||
|   options.modules.desktop.apps.zoom = { | ||||
|     enable = mkBoolOpt false; | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     user.packages = with pkgs; [ | ||||
|       zoom-us | ||||
|     ]; | ||||
|   | ||||
| @@ -1,14 +1,15 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let cfg = config.modules.desktop.browsers.firefox; | ||||
| in { | ||||
|   options.modules.desktop.browsers.firefox = { | ||||
|     enable = mkBoolOpt false; | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     home.file.".mozilla/firefox/Default/chrome/firefox-gnome-theme".source = inputs.firefox-gnome-theme; | ||||
|  | ||||
|     home.programs.firefox = { | ||||
| @@ -26,10 +27,11 @@ in { | ||||
|         ''; | ||||
|         settings = { | ||||
|           ## GNOME theme | ||||
|           "toolkit.legacyUserProfileCustomizations.stylesheets" = true; # Enable customChrome.cs | ||||
|           "toolkit.legacyUserProfileCustomizations.stylesheets" = true; # Enable customChrome.css | ||||
|           "browser.uidensity" = 0; # Set UI density to normal | ||||
|           "svg.context-properties.content.enabled" = true; # Enable SVG context-propertes | ||||
|           "browser.theme.dark-private-windows" = false; # Disable private window dark theme | ||||
|           "widget.gtk.rounded-bottom-corners.enabled" = true; # Enable rounded bottom window corners | ||||
|  | ||||
|           ## Preferences | ||||
|           "browser.ctrlTab.sortByRecentlyUsed" = true; | ||||
|   | ||||
| @@ -1,34 +1,74 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let cfg = config.modules.desktop.gaming.emulators; | ||||
| in { | ||||
|   options.modules.desktop.gaming.emulators = { | ||||
|     ds.enable       = mkBoolOpt false; | ||||
|     gb.enable       = mkBoolOpt false; | ||||
|     gba.enable      = mkBoolOpt false; | ||||
|     gamecube.enable = mkBoolOpt false; | ||||
|     ps2.enable      = mkBoolOpt false; | ||||
|     ps3.enable      = mkBoolOpt false; | ||||
|     psp.enable      = mkBoolOpt false; | ||||
|     snes.enable     = mkBoolOpt false; | ||||
|     wii.enable      = mkBoolOpt false; | ||||
|     ds.enable       = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|     gb.enable       = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|     gba.enable      = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|     gamecube.enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|     ps1.enable      = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|     ps2.enable      = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|     ps3.enable      = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|     psp.enable      = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|     snes.enable     = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|     switch.enable   = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|     wii.enable      = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|     xbox.enable     = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = { | ||||
|     user.packages = with pkgs; [ | ||||
|       (mkIf cfg.ps2.enable pcsx2) | ||||
|       (mkIf cfg.ps3.enable rpcs3) | ||||
|       (mkIf cfg.psp.enable ppsspp) | ||||
|       (mkIf cfg.ds.enable desmume) | ||||
|       (mkIf (cfg.gba.enable || | ||||
|       (lib.mkIf cfg.ps1.enable duckstation) | ||||
|       (lib.mkIf cfg.ps2.enable unstable.pcsx2) | ||||
|       (lib.mkIf cfg.ps3.enable rpcs3) | ||||
|       (lib.mkIf cfg.psp.enable unstable.ppsspp) | ||||
|       (lib.mkIf cfg.ds.enable desmume) | ||||
|       (lib.mkIf (cfg.gba.enable || | ||||
|              cfg.gb.enable  || | ||||
|              cfg.snes.enable) | ||||
|         higan) | ||||
|       (mkIf (cfg.wii.enable || | ||||
|       (lib.mkIf cfg.switch.enable yuzuPackages.mainline) | ||||
|       (lib.mkIf (cfg.wii.enable || | ||||
|              cfg.gamecube.enable) | ||||
|         dolphin-emu) | ||||
|       (lib.mkIf cfg.xbox.enable unstable.xemu) | ||||
|     ]; | ||||
|   }; | ||||
| } | ||||
| @@ -1,16 +1,22 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let cfg = config.modules.desktop.gaming.lutris; | ||||
| in { | ||||
|   options.modules.desktop.gaming.lutris = { | ||||
|     enable = mkBoolOpt false; | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|     user.packages = with pkgs; [ | ||||
|       lutris | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     environment.systemPackages = with pkgs; [ | ||||
|       (lutris.override { | ||||
|         extraPkgs = pkgs: [ | ||||
|           winePackages.staging | ||||
|           wine64Packages.staging | ||||
|         ]; | ||||
|       }) | ||||
|       vulkan-loader | ||||
|       vulkan-tools | ||||
|     ]; | ||||
|   | ||||
| @@ -1,14 +1,15 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let cfg = config.modules.desktop.gaming.steam; | ||||
| in { | ||||
|   options.modules.desktop.gaming.steam = { | ||||
|     enable = mkBoolOpt false; | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     programs.steam.enable = true; | ||||
|  | ||||
|     systemd.extraConfig = "DefaultLimitNOFILE=1048576"; | ||||
|   | ||||
| @@ -1,14 +1,15 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let cfg = config.modules.desktop.gnome; | ||||
| in { | ||||
|   options.modules.desktop.gnome = { | ||||
|     enable = mkBoolOpt false; | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     services.xserver = { | ||||
|       enable = true; | ||||
|       displayManager.gdm.enable = true; | ||||
| @@ -16,14 +17,10 @@ in { | ||||
|     }; | ||||
|  | ||||
|     services.flatpak.enable = true; | ||||
|     services.fwupd.enable = true; | ||||
|  | ||||
|     programs.dconf.enable = true; | ||||
|     dconf.settings = { | ||||
|       "com/raggesilver/BlackBox" = { | ||||
|         theme-dark = "Dracula"; | ||||
|         font = "Ubuntu Mono 14"; | ||||
|         remember-window-size = true; | ||||
|       }; | ||||
|       "org/gnome/shell" = { | ||||
|         disable-user-extensions = false; | ||||
|         enabled-extensions = [ | ||||
| @@ -33,13 +30,14 @@ in { | ||||
|           # "desktop-cube@schneegans.github.com" | ||||
|           # "desktop-zoom@colin.kinlo.ch" | ||||
|           "espresso@coadmunkee.github.com" | ||||
|           "flypie@schneegans.github.com" | ||||
|           # "flypie@schneegans.github.com" | ||||
|           # "forge@jmmaranan.com" | ||||
|           "hue-lights@chlumskyvaclav@gmail.com" | ||||
|           "just-perfection-desktop@just-perfection" | ||||
|           "paperwm@hedning:matrix.org" | ||||
|           # "pano@elhan.io" | ||||
|           # "paperwm@hedning:matrix.org" | ||||
|           # "search-light@icedman.github.com" | ||||
|           # "space-bar@luchrioh" | ||||
|           "space-bar@luchrioh" | ||||
|           # "smart-auto-move@khimaros.com" | ||||
|           # "systemd-manager@hardpixel.eu" | ||||
|           # "tailscale-status@maxgallup.github.com" | ||||
| @@ -50,7 +48,6 @@ in { | ||||
|         favorite-apps = [ | ||||
|           "firefox.desktop" | ||||
|           "org.gnome.Nautilus.desktop" | ||||
|           "com.raggesilver.BlackBox.desktop" | ||||
|         ]; | ||||
|       }; | ||||
|       "org/gnome/shell/extensions/another-window-session-manager" = { | ||||
| @@ -103,8 +100,14 @@ in { | ||||
|         window-gap = 8; | ||||
|       }; | ||||
|       "org/gnome/desktop/background" = { | ||||
|         picture-uri = "file://${pkgs.gnome.gnome-backgrounds}/share/backgrounds/gnome/adwaita-l.webp"; | ||||
|         picture-uri-dark = "file://${pkgs.gnome.gnome-backgrounds}/share/backgrounds/gnome/adwaita-d.webp"; | ||||
|         picture-uri = "file://${pkgs.gnome.gnome-backgrounds}/share/backgrounds/gnome/adwaita-l.jpg"; | ||||
|         picture-uri-dark = "file://${pkgs.gnome.gnome-backgrounds}/share/backgrounds/gnome/adwaita-d.jpg"; | ||||
|       }; | ||||
|       "org/gnome/desktop/peripherals/touchpad" = { | ||||
|         tap-to-click = true; | ||||
|       }; | ||||
|       "org/gnome/desktop/search-providers" = { | ||||
|         disabled = [ "org.gnome.Epiphany.desktop" ]; | ||||
|       }; | ||||
|       "org/gtk/settings/file-chooser" = { | ||||
|         show-hidden = true; | ||||
| @@ -123,9 +126,6 @@ in { | ||||
|           "<Shift>F11" | ||||
|           "XF86AudioLowerVolume" | ||||
|         ]; | ||||
|         screensaver = [ | ||||
|           "<Shift><Super>l" | ||||
|         ]; | ||||
|       }; | ||||
|       "org/gnome/gnome-session" = { | ||||
|         auto-save-session = true; | ||||
| @@ -135,15 +135,18 @@ in { | ||||
|       }; | ||||
|       "org/gnome/Console" = { | ||||
|         font-scale = 1.4; | ||||
|         use-system-font = false; | ||||
|         custom-font = "ComicShannsMono Nerd Font 10"; | ||||
|       }; | ||||
|       "org/gnome/mutter" = { | ||||
|         center-new-windows = true; | ||||
|         edge-tiling = true; | ||||
|         experimental-features = [ "scale-monitor-framebuffer" ]; | ||||
|       }; | ||||
|       "org/gnome/desktop/interface" = { | ||||
|         color-scheme = "prefer-dark"; | ||||
|         enable-hot-corners = false; | ||||
|         monospace-font-name = "Ubuntu Mono 11"; | ||||
|         icon-theme = "MoreWaita"; | ||||
|         monospace-font-name = "UbuntuMono Nerd Font 11"; | ||||
|       }; | ||||
|       "org/gnome/desktop/wm/keybindings" = { | ||||
|         switch-group = [ "<Super>grave" ]; | ||||
| @@ -154,21 +157,30 @@ in { | ||||
|       }; | ||||
|     }; | ||||
|  | ||||
|     fonts.fonts = with pkgs; [ | ||||
|       noto-fonts | ||||
|       ubuntu_font_family | ||||
|     ]; | ||||
|  | ||||
|     user.packages = with pkgs; [ | ||||
|       authenticator | ||||
|       # bottles | ||||
|       # bustle | ||||
|       celluloid | ||||
|       # d-spy | ||||
|       # drawing | ||||
|       # fragments | ||||
|       gnome.ghex | ||||
|       # gnome-builder | ||||
|       gnome-decoder | ||||
|       gnome-firmware | ||||
|       gnome-frog | ||||
|       # gnome-obfuscate | ||||
|       gnome-podcasts | ||||
|       identity | ||||
|       mission-center | ||||
|       newsflash | ||||
|       # schemes | ||||
|       shortwave | ||||
|     ]; | ||||
|  | ||||
|     environment.systemPackages = with pkgs; [ | ||||
|       bind | ||||
|       blackbox-terminal | ||||
|       bmon | ||||
|       fd | ||||
|       ffmpeg | ||||
|       adw-gtk3 | ||||
|       gnome.gnome-boxes | ||||
|       gnomeExtensions.another-window-session-manager | ||||
|       # gnomeExtensions.bifocals | ||||
| @@ -184,8 +196,10 @@ in { | ||||
|       gnomeExtensions.hue-lights | ||||
|       gnomeExtensions.just-perfection | ||||
|       # gnomeExtensions.mutter-primary-gpu | ||||
|       gnomeExtensions.pano | ||||
|       gnomeExtensions.paperwm | ||||
|       # gnomeExtensions.pip-on-top | ||||
|       gnomeExtensions.rounded-window-corners | ||||
|       gnomeExtensions.search-light | ||||
|       gnomeExtensions.smart-auto-move | ||||
|       gnomeExtensions.space-bar | ||||
| @@ -197,14 +211,10 @@ in { | ||||
|       # gnomeExtensions.window-is-ready-remover | ||||
|       # gnomeExtensions.worksets | ||||
|       # gnomeExtensions.workspace-matrix | ||||
|       iotop | ||||
|       ripgrep | ||||
|       rsync | ||||
|       tcpdump | ||||
|       tokei | ||||
|       tree | ||||
|       wl-clipboard | ||||
|     ]; | ||||
|       unstable.morewaita-icon-theme | ||||
|     ] ++ (if config.virtualisation.podman.enable then [ | ||||
|       pods | ||||
|     ] else []); | ||||
|  | ||||
|     home.services.gpg-agent.pinentryFlavor = "gnome3"; | ||||
|   }; | ||||
|   | ||||
							
								
								
									
										27
									
								
								modules/desktop/hyprland.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										27
									
								
								modules/desktop/hyprland.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,27 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| let cfg = config.modules.desktop.hyprland; | ||||
| in { | ||||
|   options.modules.desktop.hyprland = { | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     programs.hyprland.enable = true; | ||||
|  | ||||
|     networking.networkmanager.enable = true; | ||||
|  | ||||
|     user.packages = with pkgs; [ | ||||
|       mpv | ||||
|     ]; | ||||
|  | ||||
|     environment.systemPackages = with pkgs; [ | ||||
|       adw-gtk3 | ||||
|     ]; | ||||
|  | ||||
|     home.services.gpg-agent.pinentryFlavor = "gnome3"; | ||||
|   }; | ||||
| } | ||||
							
								
								
									
										35
									
								
								modules/desktop/kde.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										35
									
								
								modules/desktop/kde.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,35 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| let cfg = config.modules.desktop.kde; | ||||
| in { | ||||
|   options.modules.desktop.kde = { | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     services.xserver = { | ||||
|       enable = true; | ||||
|       displayManager.sddm = { | ||||
|         enable = true; | ||||
|         wayland.enable = true; | ||||
|       }; | ||||
|       desktopManager.plasma5.enable = true; | ||||
|     }; | ||||
|  | ||||
|     networking.networkmanager.enable = true; | ||||
|  | ||||
|     user.packages = with pkgs; [ | ||||
|       kmail | ||||
|       mpv | ||||
|     ]; | ||||
|  | ||||
|     environment.systemPackages = with pkgs; [ | ||||
|       adw-gtk3 | ||||
|     ]; | ||||
|  | ||||
|     home.services.gpg-agent.pinentryFlavor = "qt"; | ||||
|   }; | ||||
| } | ||||
| @@ -1,21 +1,28 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let cfg = config.modules.desktop.media.graphics; | ||||
| in { | ||||
|   options.modules.desktop.media.graphics = { | ||||
|     modeling.enable = mkBoolOpt false; | ||||
|     raster.enable   = mkBoolOpt false; | ||||
|     vector.enable   = mkBoolOpt false; | ||||
|     modeling.enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|     raster.enable   = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|     vector.enable   = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = { | ||||
|     user.packages = with pkgs; [ | ||||
|       (mkIf cfg.modeling.enable blender) | ||||
|       (mkIf cfg.raster.enable gimp) | ||||
|       (mkIf cfg.raster.enable krita) | ||||
|       (mkIf cfg.vector.enable inkscape) | ||||
|       (lib.mkIf cfg.modeling.enable blender) | ||||
|       (lib.mkIf cfg.raster.enable gimp) | ||||
|       (lib.mkIf cfg.raster.enable krita) | ||||
|       (lib.mkIf cfg.vector.enable inkscape) | ||||
|     ]; | ||||
|   }; | ||||
| } | ||||
| @@ -1,12 +1,16 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let cfg = config.modules.desktop.media.recording; | ||||
| in { | ||||
|   options.modules.desktop.media.recording = { | ||||
|     audio.enable = mkBoolOpt false; | ||||
|     video.enable = mkBoolOpt false; | ||||
|     audio.enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|     video.enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = { | ||||
|   | ||||
| @@ -1,17 +1,18 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let | ||||
|   cfg = config.modules.desktop.mimeapps; | ||||
|   avApp = "io.github.celluloid_player.Celluloid.desktop"; | ||||
|   imageApp = "org.gnome.eog.desktop"; | ||||
| in { | ||||
|   options.modules.desktop.mimeapps = { | ||||
|     enable = mkBoolOpt false; | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     xdg.mime.defaultApplications = { | ||||
|       # Audio/video | ||||
|       "audio/x-vorbis+ogg" = avApp; | ||||
|   | ||||
| @@ -1,16 +1,20 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let cfg = config.modules.desktop.office.libreoffice; | ||||
| in { | ||||
|   options.modules.desktop.office.libreoffice = { | ||||
|     enable = mkBoolOpt false; | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     user.packages = with pkgs; [ | ||||
|       libreoffice | ||||
|       (if config.modules.desktop.kde.enable == true then libreoffice-qt else libreoffice) | ||||
|       hunspell | ||||
|       hunspellDicts.en-gb-large | ||||
|       hunspellDicts.en-us-large | ||||
|     ]; | ||||
|   }; | ||||
| } | ||||
|   | ||||
| @@ -1,14 +1,15 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let cfg = config.modules.dev.cc; | ||||
| in { | ||||
|   options.modules.dev.cc = { | ||||
|     enable = mkBoolOpt false; | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     user.packages = with pkgs; [ | ||||
|       clang | ||||
|       gcc | ||||
|   | ||||
| @@ -1,14 +1,15 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let cfg = config.modules.dev.java; | ||||
| in { | ||||
|   options.modules.dev.java = { | ||||
|     enable = mkBoolOpt false; | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     user.packages = with pkgs; [ | ||||
|       jdk | ||||
|     ]; | ||||
|   | ||||
| @@ -1,14 +1,15 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let cfg = config.modules.dev.lua; | ||||
| in { | ||||
|   options.modules.dev.lua = { | ||||
|     enable = mkBoolOpt false; | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     user.packages = with pkgs; [ | ||||
|       lua | ||||
|     ]; | ||||
|   | ||||
| @@ -1,14 +1,15 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let cfg = config.modules.dev.node; | ||||
| in { | ||||
|   options.modules.dev.node = { | ||||
|     enable = mkBoolOpt false; | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     user.packages = with pkgs; [ | ||||
|       nodejs_latest | ||||
|     ]; | ||||
|   | ||||
| @@ -1,14 +1,15 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let cfg = config.modules.dev.python; | ||||
| in { | ||||
|   options.modules.dev.python = { | ||||
|     enable = mkBoolOpt false; | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     user.packages = with pkgs; [ | ||||
|       python310 | ||||
|     ]; | ||||
|   | ||||
| @@ -1,14 +1,15 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let cfg = config.modules.dev.rust; | ||||
| in { | ||||
|   options.modules.dev.rust = { | ||||
|     enable = mkBoolOpt false; | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     user.packages = with pkgs; [ | ||||
|       rustc | ||||
|       rustup | ||||
|   | ||||
| @@ -1,14 +1,15 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let cfg = config.modules.dev.scala; | ||||
| in { | ||||
|   options.modules.dev.scala = { | ||||
|     enable = mkBoolOpt false; | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     user.packages = with pkgs; [ | ||||
|       jdk | ||||
|       sbt | ||||
|   | ||||
| @@ -1,14 +1,15 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let cfg = config.modules.dev.shell; | ||||
| in { | ||||
|   options.modules.dev.shell = { | ||||
|     enable = mkBoolOpt false; | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     user.packages = with pkgs; [ | ||||
|       shellcheck | ||||
|     ]; | ||||
|   | ||||
| @@ -1,14 +1,15 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let cfg = config.modules.dev.zig; | ||||
| in { | ||||
|   options.modules.dev.zig = { | ||||
|     enable = mkBoolOpt false; | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     user.packages = with pkgs; [ | ||||
|       zig | ||||
|     ]; | ||||
|   | ||||
| @@ -1,134 +1,138 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let | ||||
|   cfg = config.modules.editors.neovim; | ||||
|   dev = config.modules.dev; | ||||
| in { | ||||
|   options.modules.editors.neovim = { | ||||
|     enable = mkBoolOpt false; | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|     user.packages = with pkgs; [ | ||||
|       (neovim.override { | ||||
|         configure = { | ||||
|           customRC = '' | ||||
|             luafile ~/.config/nvim/init.lua | ||||
|           ''; | ||||
|           packages.myPlugins = with pkgs.vimPlugins; { | ||||
|             start = [ | ||||
|               (nvim-treesitter.withPlugins ( | ||||
|                 plugins: with plugins; [ | ||||
|                   bash | ||||
|                   c | ||||
|                   cmake | ||||
|                   cpp | ||||
|                   css | ||||
|                   dockerfile | ||||
|                   elm | ||||
|                   glsl | ||||
|                   graphql | ||||
|                   haskell | ||||
|                   http | ||||
|                   html | ||||
|                   java | ||||
|                   javascript | ||||
|                   jsdoc | ||||
|                   json | ||||
|                   json5 | ||||
|                   latex | ||||
|                   lua | ||||
|                   markdown | ||||
|                   ninja | ||||
|                   nix | ||||
|                   org | ||||
|                   perl | ||||
|                   php | ||||
|                   pug | ||||
|                   python | ||||
|                   regex | ||||
|                   rst | ||||
|                   ruby | ||||
|                   rust | ||||
|                   scala | ||||
|                   scss | ||||
|                   toml | ||||
|                   tsx | ||||
|                   typescript | ||||
|                   vim | ||||
|                   yaml | ||||
|                   zig | ||||
|                 ] | ||||
|               )) | ||||
|               nvim-treesitter-context | ||||
|               nvim-treesitter-textobjects | ||||
|               nvim-lspconfig | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     home.programs.nixvim = { | ||||
|       enable = true; | ||||
|       defaultEditor = true; | ||||
|  | ||||
|       viAlias = true; | ||||
|       vimAlias = true; | ||||
|  | ||||
|       options = { | ||||
|         number = true; | ||||
|         tabstop = 2; | ||||
|         shiftwidth = 2; | ||||
|         expandtab = true; | ||||
|         foldlevel = 99; | ||||
|         splitbelow = true; | ||||
|         splitright = true; | ||||
|         undofile = true; | ||||
|         updatetime = 100; | ||||
|         list = true; | ||||
|       }; | ||||
|  | ||||
|       globals = { | ||||
|         mapleader = ","; | ||||
|         maplocalleader = ","; | ||||
|       }; | ||||
|  | ||||
|       clipboard = { | ||||
|         register = "unnamedplus"; | ||||
|  | ||||
|         providers.wl-copy.enable = true; | ||||
|       }; | ||||
|  | ||||
|       plugins.comment-nvim.enable = true; | ||||
|  | ||||
|       plugins.hmts.enable = true; | ||||
|  | ||||
|       plugins.lightline.enable = true; | ||||
|  | ||||
|       plugins.luasnip.enable = true; | ||||
|  | ||||
|       plugins.lsp = { | ||||
|         enable = true; | ||||
|         servers = { | ||||
|           bashls.enable = true; | ||||
|           ccls.enable = true; | ||||
|           cssls.enable = true; | ||||
|           eslint.enable = true; | ||||
|           gopls.enable = true; | ||||
|           html.enable = true; | ||||
|           lua-ls.enable = true; | ||||
|           pylsp.enable = true; | ||||
|           nixd.enable = true; | ||||
|           rust-analyzer = { | ||||
|             enable = true; | ||||
|             installCargo = true; | ||||
|             installRustc = true; | ||||
|           }; | ||||
|           tsserver.enable = true; | ||||
|         }; | ||||
|       }; | ||||
|  | ||||
|       plugins.nvim-autopairs.enable = true; | ||||
|  | ||||
|       plugins.nvim-cmp = { | ||||
|         enable = true; | ||||
|         autoEnableSources = true; | ||||
|         sources = [ | ||||
|           { name = "nvim_lsp"; } | ||||
|           { name = "path"; } | ||||
|           { name = "buffer"; } | ||||
|         ]; | ||||
|         mapping = { | ||||
|           "<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})"; | ||||
|           "<S-Tab>" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})"; | ||||
|           "<CR>" = "cmp.mapping.confirm({ select = true })"; | ||||
|         }; | ||||
|       }; | ||||
|       }) | ||||
|     ] ++ | ||||
|  | ||||
|     # Install appropriate language servers | ||||
|     (if dev.cc.enable then [ | ||||
|       ccls                                            # C/C++ | ||||
|     ] else []) ++ | ||||
|     (if dev.java.enable then [ | ||||
|       java-language-server                            # Java | ||||
|       ltex-ls                                         # LaTeX | ||||
|     ] else []) ++ | ||||
|     (if dev.lua.enable then [ | ||||
|       sumneko-lua-language-server                     # Lua | ||||
|     ] else []) ++ | ||||
|     (if dev.node.enable then [ | ||||
|       nodePackages.bash-language-server               # Bash | ||||
|       nodePackages.dockerfile-language-server-nodejs  # Dockerfile | ||||
|       nodePackages.graphql-language-service-cli       # GraphQL | ||||
|       nodePackages.purescript-language-server         # PureScript | ||||
|       nodePackages.svelte-language-server             # Svelte | ||||
|       nodePackages.typescript-language-server         # JavaScript/TypeScript | ||||
|       nodePackages.vim-language-server                # Vim | ||||
|       nodePackages.vscode-langservers-extracted       # HTML, CSS, JSON, ESLint | ||||
|       nodePackages.vue-language-server                # Vue.js | ||||
|       nodePackages.yaml-language-server               # YAML | ||||
|     ] else []) ++ | ||||
|     (if dev.python.enable then [ | ||||
|       cmake-language-server                           # CMake | ||||
|       python310Packages.python-lsp-server             # Python | ||||
|     ] else []) ++ | ||||
|     (if dev.rust.enable then [ | ||||
|       rust-analyzer                                   # Rust | ||||
|     ] else []) ++ | ||||
|     (if dev.scala.enable then [ | ||||
|       metals                                          # Scala | ||||
|     ] else []) ++ | ||||
|     (if dev.zig.enable then [ | ||||
|       zls                                             # Zig | ||||
|     ] else []); | ||||
|       plugins.telescope = { | ||||
|         enable = true; | ||||
|         keymaps = { | ||||
|           "<leader>ff" = "find_files"; | ||||
|           "<leader>fg" = "live_grep"; | ||||
|           "<leader>b" = "buffers"; | ||||
|           "<leader>fh" = "help_tags"; | ||||
|           "<C-p>" = "git_files"; | ||||
|           "<C-f>" = "live_grep"; | ||||
|         }; | ||||
|         keymapsSilent = true; | ||||
|       }; | ||||
|  | ||||
|     home.configFile = { | ||||
|       "nvim/init.lua".source = ./init.lua; | ||||
|       "nvim/lua" = { source = ./lua; recursive = true; }; | ||||
|       "nvim/lua/config/lsp.lua".text = '' | ||||
|         -- This file is autogenerated, do not edit. | ||||
|         ${if dev.cc.enable then "require('config.lsp.cc')\n" else ""} | ||||
|         ${if dev.java.enable then "require('config.lsp.java')\n" else ""} | ||||
|         ${if dev.lua.enable then "require('config.lsp.lua')\n" else ""} | ||||
|         ${if dev.node.enable then "require('config.lsp.node')\n" else ""} | ||||
|         ${if dev.python.enable then "require('config.lsp.python')\n" else ""} | ||||
|         ${if dev.rust.enable then "require('config.lsp.rust')\n" else ""} | ||||
|         ${if dev.scala.enable then "require('config.lsp.scala')\n" else ""} | ||||
|         ${if dev.zig.enable then "require('config.lsp.zig')\n" else ""} | ||||
|       ''; | ||||
|       plugins.treesitter = { | ||||
|         enable = true; | ||||
|  | ||||
|         nixvimInjections = true; | ||||
|  | ||||
|         folding = true; | ||||
|         indent = true; | ||||
|       }; | ||||
|  | ||||
|       plugins.treesitter-refactor = { | ||||
|         enable = true; | ||||
|         highlightDefinitions = { | ||||
|           enable = true; | ||||
|           clearOnCursorMove = false; | ||||
|         }; | ||||
|       }; | ||||
|  | ||||
|       plugins.undotree.enable = true; | ||||
|  | ||||
|       # plugins.gitsigns.enable = true; | ||||
|       # plugins.gitgutter.enable = true; | ||||
|       # plugins.goyo.enable = true; | ||||
|       # plugins.fugitive.enable = true; | ||||
|       # plugins.fzf-lua.enable = true; | ||||
|       # plugins.neo-tree.enable = true; | ||||
|       # plugins.none-ls.enable = true; | ||||
|       # plugins.nvim-tree.enable = true; | ||||
|       # plugins.oil.enable = true; | ||||
|       # plugins.project-nvim.enable = true; | ||||
|       # plugins.surround.enable = true; | ||||
|     }; | ||||
|  | ||||
|     env.EDITOR = "nvim"; | ||||
|  | ||||
|     environment.shellAliases = { | ||||
|       vim = "nvim"; | ||||
|       v   = "nvim"; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
|   | ||||
| @@ -1,6 +0,0 @@ | ||||
| require("config.core") | ||||
| require("config.keymap") | ||||
| require("config.treesitter") | ||||
| require("config.plugins") | ||||
| require("config.lsp") | ||||
|  | ||||
| @@ -1,36 +0,0 @@ | ||||
| local o = vim.opt | ||||
| local wo = vim.wo | ||||
| local bo = vim.bo | ||||
|  | ||||
| -- Global dirs | ||||
| local cachedir = os.getenv("XDG_CACHE_HOME") | ||||
| o.backupdir = cachedir .. "/nvim/backup/" | ||||
| o.directory = cachedir .. "/nvim/swap/" | ||||
| o.undodir   = cachedir .. "/nvim/undo/" | ||||
|  | ||||
| -- Global | ||||
| o.breakindent = true | ||||
| o.clipboard = "unnamedplus" | ||||
| o.compatible = false | ||||
| o.encoding = "utf-8" | ||||
| o.expandtab = true | ||||
| o.foldlevel = 99 | ||||
| o.hidden = true | ||||
| o.hlsearch = false | ||||
| o.ignorecase = true | ||||
| o.laststatus = 2 | ||||
| o.listchars = { eol = '↲', tab = '▸ ', trail = '·' } | ||||
| o.relativenumber = true | ||||
| o.shiftwidth = 2 | ||||
| o.showmode = false | ||||
| o.smartcase = true | ||||
| o.smarttab = true | ||||
| o.softtabstop = 2 | ||||
| o.synmaxcol = 150 | ||||
| o.tabstop = 4 | ||||
| o.undofile = true | ||||
| o.wildmenu = true | ||||
|  | ||||
| -- Window | ||||
|  | ||||
| -- Buffer | ||||
| @@ -1,35 +0,0 @@ | ||||
| local keymap = vim.keymap.set | ||||
| local opts = { noremap = true, silent = true } | ||||
|  | ||||
| vim.g.mapleader = "," | ||||
|  | ||||
| -- Modes | ||||
| --   Normal = "n", | ||||
| --   Insert = "i", | ||||
| --   Visual = "v", | ||||
| --   Visual Block = "x", | ||||
| --   Term = "t", | ||||
| --   Command = "c" | ||||
|  | ||||
| keymap("n", "<Left>", "<Nop>", opts) | ||||
| keymap("n", "<Right>", "<Nop>", opts) | ||||
| keymap("n", "<Up>", "<Nop>", opts) | ||||
| keymap("n", "<Down>", "<Nop>", opts) | ||||
|  | ||||
| keymap("n", "<C-h>", "<C-w>h", { noremap = true }) | ||||
| keymap("n", "<C-j>", "<C-w>j", { noremap = true }) | ||||
| keymap("n", "<C-k>", "<C-w>k", { noremap = true }) | ||||
| keymap("n", "<C-l>", "<C-w>l", { noremap = true }) | ||||
|  | ||||
| keymap("n", "gV", "`[v`]", opts) | ||||
|  | ||||
| keymap("n", ";", ":", { noremap = true }) | ||||
|  | ||||
| -- Bubble single lines with vim-unimpaired | ||||
| keymap("n", "<C-Up>", "[e", opts) | ||||
| keymap("n", "<C-Down>", "]e", opts) | ||||
|  | ||||
| -- Bubble multiple lines with vim-unimpaired | ||||
| keymap("v", "<C-Up>", "[egv", opts) | ||||
| keymap("v", "<C-Down>", "]egv", opts) | ||||
|  | ||||
| @@ -1,5 +0,0 @@ | ||||
| lspconfig = require('lspconfig') | ||||
|  | ||||
| -- Requires C/C++ | ||||
| lspconfig.ccls.setup{} | ||||
|  | ||||
| @@ -1,6 +0,0 @@ | ||||
| lspconfig = require('lspconfig') | ||||
|  | ||||
| -- Requires Java | ||||
| lspconfig.java_language_server.setup{} | ||||
| lspconfig.ltex.setup{} | ||||
|  | ||||
| @@ -1,22 +0,0 @@ | ||||
| lspconfig = require('lspconfig') | ||||
|  | ||||
| -- Requires Lua | ||||
| lspconfig.sumneko_lua.setup { | ||||
|   settings = { | ||||
|     Lua = { | ||||
|       runtime = { | ||||
|         -- Tell the language server which version of Lua you're using (most likely LuaJIT in the case of Neovim) | ||||
|         version = 'LuaJIT', | ||||
|       }, | ||||
|       diagnostics = { | ||||
|         -- Get the language server to recognize the `vim` global | ||||
|         globals = {'vim'}, | ||||
|       }, | ||||
|       -- Do not send telemetry data containing a randomized but unique identifier | ||||
|       telemetry = { | ||||
|         enable = false, | ||||
|       }, | ||||
|     }, | ||||
|   }, | ||||
| } | ||||
|  | ||||
| @@ -1,17 +0,0 @@ | ||||
| lspconfig = require('lspconfig') | ||||
|  | ||||
| -- Requires Node.js | ||||
| lspconfig.bashls.setup{} | ||||
| lspconfig.cssls.setup{} | ||||
| lspconfig.dockerls.setup{} | ||||
| lspconfig.eslint.setup{} | ||||
| lspconfig.graphql.setup{} | ||||
| lspconfig.html.setup{} | ||||
| lspconfig.jsonls.setup{} | ||||
| lspconfig.purescriptls.setup{} | ||||
| lspconfig.svelte.setup{} | ||||
| lspconfig.tsserver.setup{} | ||||
| lspconfig.vimls.setup{} | ||||
| lspconfig.vuels.setup{} | ||||
| lspconfig.yamlls.setup{} | ||||
|  | ||||
| @@ -1,6 +0,0 @@ | ||||
| lspconfig = require('lspconfig') | ||||
|  | ||||
| -- Requires Python | ||||
| lspconfig.cmake.setup{} | ||||
| lspconfig.pylsp.setup{} | ||||
|  | ||||
| @@ -1,5 +0,0 @@ | ||||
| lspconfig = require('lspconfig') | ||||
|  | ||||
| -- Requires Rust | ||||
| lspconfig.rls.setup{} | ||||
|  | ||||
| @@ -1,5 +0,0 @@ | ||||
| lspconfig = require('lspconfig') | ||||
|  | ||||
| -- Requires Scala | ||||
| lspconfig.metals.setup{} | ||||
|  | ||||
| @@ -1,5 +0,0 @@ | ||||
| lspconfig = require('lspconfig') | ||||
|  | ||||
| -- Requires Zig | ||||
| lspconfig.zls.setup{} | ||||
|  | ||||
| @@ -1,77 +0,0 @@ | ||||
| local fn = vim.fn | ||||
|  | ||||
| local install_path = fn.stdpath "data" .. "/site/pack/packer/start/packer.nvim" | ||||
| if fn.empty(fn.glob(install_path)) > 0 then | ||||
|   PACKER_BOOTSTRAP = fn.system { | ||||
|     "git", | ||||
|     "clone", | ||||
|     "--depth", | ||||
|     "1", | ||||
|     "https://github.com/wbthomason/packer.nvim", | ||||
|     install_path, | ||||
|   } | ||||
|   print "Installing packer close and reopen Neovim..." | ||||
|   vim.cmd [[packadd packer.nvim]] | ||||
| end | ||||
|  | ||||
| vim.cmd [[ | ||||
|   augroup packer_user_config | ||||
|     autocmd! | ||||
|     autocmd BufWritePost plugins.lua source <afile> | PackerSync | ||||
|   augroup end | ||||
| ]] | ||||
|  | ||||
| local status_ok, packer = pcall(require, "packer") | ||||
| if not status_ok then | ||||
|   return | ||||
| end | ||||
|  | ||||
| packer.init { | ||||
|   display = { | ||||
|     open_fn = function() | ||||
|       return require("packer.util").float { border = "rounded" } | ||||
|     end, | ||||
|   }, | ||||
| } | ||||
|  | ||||
| return packer.startup(function(use) | ||||
|   -- Utilities | ||||
|   use { "wbthomason/packer.nvim", opt = true } | ||||
|   use { "mbbill/undotree" } | ||||
|   use { "nvim-lua/plenary.nvim" } | ||||
|   use { "tpope/vim-fugitive", event = "User InGitRepo" } | ||||
|  | ||||
|   -- Editing | ||||
|   use { "andymass/vim-matchup" } | ||||
|   use { "godlygeek/tabular" } | ||||
|   use { "JoosepAlviste/nvim-ts-context-commentstring" } | ||||
|   use { "kana/vim-textobj-user" } | ||||
|   use { "mg979/vim-visual-multi", branch = "master" } | ||||
|   use { "p00f/nvim-ts-rainbow" } | ||||
|   use { "terryma/vim-expand-region" } | ||||
|   use { "tommcdo/vim-exchange", event = "VimEnter" } | ||||
|   use { "tpope/vim-abolish" } | ||||
|   use { "tpope/vim-commentary", event = "VimEnter" } | ||||
|   use { "tpope/vim-repeat", event = "VimEnter" } | ||||
|   use { "tpope/vim-surround", event = "VimEnter" } | ||||
|   use { "windwp/nvim-autopairs" } | ||||
|   use { "windwp/nvim-ts-autotag" } | ||||
|  | ||||
|   -- UI | ||||
|   use { "junegunn/goyo.vim" } | ||||
|   use { "junegunn/limelight.vim" } | ||||
|   use { "markonm/traces.vim" } | ||||
|  | ||||
|   -- Searching | ||||
|   use { "nvim-telescope/telescope.nvim", config = [[require('config.telescope')]] } | ||||
|   use { "cljoly/telescope-repo.nvim", requires = "telescope.nvim" } | ||||
|   use { "dyng/ctrlsf.vim" } | ||||
|  | ||||
|   -- LSP | ||||
|   use { "jose-elias-alvarez/null-ls.nvim" } | ||||
|  | ||||
|   if PACKER_BOOTSTRAP then | ||||
|     require("packer").sync() | ||||
|   end | ||||
| end) | ||||
|  | ||||
| @@ -1,46 +0,0 @@ | ||||
| local status_ok, telescope = pcall(require, "telescope") | ||||
| if not status_ok then | ||||
|   return | ||||
| end | ||||
|  | ||||
| local actions = require("telescope.actions") | ||||
|  | ||||
| telescope.setup({ | ||||
|   defaults = { | ||||
|     file_ignore_patterns = { ".git/", "node_modules" }, | ||||
|   }, | ||||
|   mappings = { | ||||
|     i = { | ||||
|       ["<Down>"] = actions.cycle_history_next, | ||||
|       ["<Up>"] = actions.cycle_history_prev, | ||||
|       ["<C-j>"] = actions.move_selection_next, | ||||
|       ["<C-k>"] = actions.move_selection_previous, | ||||
|     }, | ||||
|   }, | ||||
|   extensions = { | ||||
|     repo = { | ||||
|       list = { | ||||
|         fd_opts = { | ||||
|           "--no-ignore-vcs", | ||||
|         }, | ||||
|         search_dirs = { | ||||
|           "~/projects", | ||||
|           "~/repos", | ||||
|           "~/workspace", | ||||
|         }, | ||||
|       }, | ||||
|     }, | ||||
|   }, | ||||
| }) | ||||
|  | ||||
| telescope.load_extension("repo") | ||||
|  | ||||
| local keymap = vim.keymap.set | ||||
| local opts = { noremap = true, silent = true } | ||||
|  | ||||
| keymap("n", "<Leader>ff", "<cmd>Telescope find_files<cr>", opts) | ||||
| keymap("n", "<Leader>fg", "<cmd>Telescope live_grep<cr>", opts) | ||||
| keymap("n", "<Leader>fb", "<cmd>Telescope buffers<cr>", opts) | ||||
| keymap("n", "<Leader>fh", "<cmd>Telescope help_tags<cr>", opts) | ||||
| keymap("n", "<Leader>fr", "<cmd>Telescope repo list<cr>", opts) | ||||
|  | ||||
| @@ -1,35 +0,0 @@ | ||||
| require("nvim-treesitter.configs").setup({ | ||||
|   ignore_install = {}, | ||||
|   highlight = { | ||||
|     enable = true, | ||||
|     disable = {}, | ||||
|   }, | ||||
|   indent = { enable = true }, | ||||
|   incremental_selection = { | ||||
|     enable = true, | ||||
|     keymaps = { | ||||
|       init_selection = "gnn", | ||||
|       node_incremental = "grn", | ||||
|       scope_incremental = "grc", | ||||
|       node_decremental = "grm", | ||||
|     }, | ||||
|   }, | ||||
|   -- Extensions | ||||
|   autotag = { enable = true }, | ||||
|   context_commentstring = { enable = true }, | ||||
|   matchup = { enable = true }, | ||||
|   rainbow = { enable = true }, | ||||
|   textobjects = { | ||||
|     select = { | ||||
|       enable = true, | ||||
|       keymaps = { | ||||
|         ["af"] = "@function.outer", | ||||
|         ["if"] = "@function.inner", | ||||
|       }, | ||||
|     }, | ||||
|   }, | ||||
| }) | ||||
|  | ||||
| vim.opt.foldmethod = "expr" | ||||
| vim.opt.foldexpr = "nvim_treesitter#foldexpr()" | ||||
|  | ||||
| @@ -1,16 +1,49 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let cfg = config.modules.editors.vscode; | ||||
| in { | ||||
|   options.modules.editors.vscode = { | ||||
|     enable = mkBoolOpt false; | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     environment.sessionVariables.NIXOS_OZONE_WL = "1"; | ||||
|  | ||||
|     home.programs.vscode = { | ||||
|       enable = true; | ||||
|       extensions = with pkgs.vscode-extensions; [ | ||||
|         asvetliakov.vscode-neovim | ||||
|         brettm12345.nixfmt-vscode | ||||
|         coolbear.systemd-unit-file | ||||
|         editorconfig.editorconfig | ||||
|         golang.go | ||||
|         graphql.vscode-graphql-syntax | ||||
|         mattn.lisp | ||||
|         # mkhl.direnv | ||||
|         ms-python.vscode-pylance | ||||
|         ms-vscode.cpptools | ||||
|         ms-vscode.hexeditor | ||||
|         piousdeer.adwaita-theme | ||||
|         # redhat.java | ||||
|         # sumneko.lua | ||||
|       ]; | ||||
|       userSettings = { | ||||
|         "editor.renderLineHighlight" = "none"; | ||||
|         "extensions.experimental.affinity" = { | ||||
|           "asvetliakov.vscode-neovim" = 1; | ||||
|         }; | ||||
|         "files.autoSave" = "off"; | ||||
|         "window.autoDetectColorScheme" = true; | ||||
|         "window.commandCenter" = true; | ||||
|         "window.titleBarStyle" = "custom"; | ||||
|         "workbench.iconTheme" = null; | ||||
|         "workbench.preferredDarkColorTheme" = "Adwaita Dark"; | ||||
|         "workbench.preferredLightColorTheme" = "Adwaita Light"; | ||||
|         "workbench.tree.indent" = 12; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
| @@ -1,4 +1,4 @@ | ||||
| From c16be6b3b4da5a55e3ff4258ada123b5f03757e5 Mon Sep 17 00:00:00 2001 | ||||
| From daebf42bd955f6f8d971af967c675e4e339cb0b2 Mon Sep 17 00:00:00 2001 | ||||
| From: Jordan Holt <jordan@vimium.com> | ||||
| Date: Sun, 12 Nov 2023 12:13:39 +0000 | ||||
| Subject: [PATCH] Update device ID for PreSonus 1824c | ||||
| @@ -6,8 +6,9 @@ Subject: [PATCH] Update device ID for PreSonus 1824c | ||||
| ---
 | ||||
|  sound/usb/format.c       | 4 ++-- | ||||
|  sound/usb/mixer_quirks.c | 2 +- | ||||
|  sound/usb/mixer_s1810c.c | 2 +- | ||||
|  sound/usb/quirks.c       | 4 ++-- | ||||
|  3 files changed, 5 insertions(+), 5 deletions(-) | ||||
|  4 files changed, 6 insertions(+), 6 deletions(-) | ||||
| 
 | ||||
| diff --git a/sound/usb/format.c b/sound/usb/format.c
 | ||||
| index ab5fed9f55b6..da50a4782414 100644
 | ||||
| @@ -37,6 +38,19 @@ index 898bc3baca7b..c3135459c38c 100644 | ||||
|  		err = snd_sc1810_init_mixer(mixer); | ||||
|  		break; | ||||
|  	case USB_ID(0x2a39, 0x3fb0): /* RME Babyface Pro FS */ | ||||
| diff --git a/sound/usb/mixer_s1810c.c b/sound/usb/mixer_s1810c.c
 | ||||
| index fac4bbc6b275..5bc2e66d452c 100644
 | ||||
| --- a/sound/usb/mixer_s1810c.c
 | ||||
| +++ b/sound/usb/mixer_s1810c.c
 | ||||
| @@ -552,7 +552,7 @@ int snd_sc1810_init_mixer(struct usb_mixer_interface *mixer)
 | ||||
|  		return 0; | ||||
|   | ||||
|  	dev_info(&dev->dev, | ||||
| -		 "Presonus Studio 1810c, device_setup: %u\n", chip->setup);
 | ||||
| +		 "Presonus Studio 1824c, device_setup: %u\n", chip->setup);
 | ||||
|  	if (chip->setup == 1) | ||||
|  		dev_info(&dev->dev, "(8out/18in @ 48kHz)\n"); | ||||
|  	else if (chip->setup == 2) | ||||
| diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
 | ||||
| index ab2b938502eb..b86832edaaa0 100644
 | ||||
| --- a/sound/usb/quirks.c
 | ||||
| @@ -53,5 +67,5 @@ index ab2b938502eb..b86832edaaa0 100644 | ||||
|   | ||||
|   | ||||
| -- 
 | ||||
| 2.40.1 | ||||
| 2.42.0 | ||||
| 
 | ||||
							
								
								
									
										86
									
								
								modules/hardware/presonus-studio.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										86
									
								
								modules/hardware/presonus-studio.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,86 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
| let | ||||
|   cfg = config.modules.hardware.presonus-studio; | ||||
|   snd-usb-audio-module = pkgs.callPackage ./snd-usb-audio.nix { | ||||
|     kernel = config.boot.kernelPackages.kernel; | ||||
|   }; | ||||
|   patched = snd-usb-audio-module.overrideAttrs (prev: { | ||||
|     patches = [ ./0001-Update-device-ID-for-PreSonus-1824c.patch ]; | ||||
|   }); | ||||
|   upmixConfig = '' | ||||
|     stream.properties = { | ||||
|       channelmix.upmix = true | ||||
|       channelmix.upmix-method = psd | ||||
|     } | ||||
|   ''; | ||||
| in { | ||||
|   options.modules.hardware.presonus-studio = { | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     boot.kernelModules = [ "snd-usb-audio" ]; | ||||
|     boot.extraModulePackages = [ | ||||
|       (patched) | ||||
|     ]; | ||||
|  | ||||
|     # Workaround for mainline module loading instead of patched module | ||||
|     systemd.services.reload-snd-usb-audio = { | ||||
|       description = "Reload snd_usb_audio kernel module"; | ||||
|       wantedBy = [ "sound.target" ]; | ||||
|       serviceConfig.Type = "oneshot"; | ||||
|       path = with pkgs; [ | ||||
|         kmod | ||||
|       ]; | ||||
|       script = '' | ||||
|         # Only reload if device hasn't been initialised | ||||
|         if ! cat /proc/asound/card*/usbmixer | grep -q "Mute Main Out Switch"; then | ||||
|           rmmod snd_usb_audio | ||||
|           insmod /run/booted-system/kernel-modules/lib/modules/$(uname -r)/extra/snd-usb-audio.ko.xz | ||||
|         fi | ||||
|       ''; | ||||
|     }; | ||||
|  | ||||
|     environment.etc = { | ||||
|       "pipewire/pipewire.conf.d/10-network.conf".text = '' | ||||
|         context.modules = [ | ||||
|           { | ||||
|             name = libpipewire-module-rtp-session | ||||
|             args = { | ||||
|               stream.props = { | ||||
|                 node.name = "rtp-source" | ||||
|               } | ||||
|             } | ||||
|           } | ||||
|         ] | ||||
|       ''; | ||||
|       "pipewire/pipewire.conf.d/surround.conf".text = '' | ||||
|         context.modules = [ | ||||
|           { | ||||
|             name = libpipewire-module-loopback | ||||
|             args = { | ||||
|               node.description = "Genelec 4.1 Surround" | ||||
|               capture.props = { | ||||
|                 node.name = "Genelec_Speakers" | ||||
|                 media.class = "Audio/Sink" | ||||
|                 audio.position = [ FL FR SL SR LFE ] | ||||
|               } | ||||
|               playback.props = { | ||||
|                 node.name = "playback.Genelec_Speakers" | ||||
|                 audio.position = [ AUX0 AUX1 AUX3 AUX4 AUX5 ] | ||||
|                 target.object = "alsa_output.usb-PreSonus_Studio_1824c_SC4E21110775-00.multichannel-output" | ||||
|                 stream.dont-remix = true | ||||
|                 node.passive = true | ||||
|               } | ||||
|             } | ||||
|           } | ||||
|         ] | ||||
|       ''; | ||||
|       "pipewire/pipewire-pulse.conf.d/40-upmix.conf".text = upmixConfig; | ||||
|       "pipewire/client-rt.conf.d/40-upmix.conf".text = upmixConfig; | ||||
|     }; | ||||
|   }; | ||||
|  }  | ||||
| @@ -1,17 +1,40 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
| { config, inputs, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let cfg = config.modules.networking.tailscale; | ||||
| let | ||||
|   cfg = config.modules.networking.tailscale; | ||||
|   headscale = "https://headscale.vimium.net"; | ||||
|   hostname = config.networking.hostName; | ||||
| in { | ||||
|   options.modules.networking.tailscale = { | ||||
|     enable = mkBoolOpt false; | ||||
|     restrictSSH = mkBoolOpt true; | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|     restrictSSH = lib.mkOption { | ||||
|       default = true; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     age.secrets."passwords/services/tailscale/${hostname}-authkey" = { | ||||
|       file = "${inputs.secrets}/passwords/services/tailscale/${hostname}-authkey.age"; | ||||
|     }; | ||||
|  | ||||
|     environment.systemPackages = [ pkgs.tailscale ]; | ||||
|  | ||||
|     services.tailscale = { | ||||
|       enable = true; | ||||
|       authKeyFile = config.age.secrets."passwords/services/tailscale/${hostname}-authkey".path; | ||||
|  | ||||
|       extraUpFlags = [ | ||||
|         "--login-server" | ||||
|         headscale | ||||
|       ]; | ||||
|     }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|     services.tailscale.enable = true; | ||||
|     services.openssh.openFirewall = !cfg.restrictSSH; | ||||
|  | ||||
|     networking.firewall = { | ||||
|       checkReversePath = "loose"; | ||||
|       trustedInterfaces = [ "tailscale0" ]; | ||||
|   | ||||
							
								
								
									
										60
									
								
								modules/networking/wireless.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										60
									
								
								modules/networking/wireless.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,60 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
|  | ||||
| with lib; | ||||
|  | ||||
| let cfg = config.modules.networking.wireless; | ||||
| in { | ||||
|   options.modules.networking.wireless = { | ||||
|     enable = mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|       description = mdDoc "Automatically connect to known networks"; | ||||
|     }; | ||||
|     interfaces = mkOption { | ||||
|       default = [ ];  # All interfaces | ||||
|       example = [ "wlan0" ]; | ||||
|       description = mdDoc "Interfaces for `wpa_supplicant` to bind to"; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|     age.secrets."passwords/networks" = { | ||||
|       file = "${inputs.secrets}/passwords/networks.age"; | ||||
|     }; | ||||
|  | ||||
|     networking = { | ||||
|       wireless = { | ||||
|         enable = true; | ||||
|         interfaces = cfg.interfaces; | ||||
|         environmentFile = config.age.secrets."passwords/networks".path; | ||||
|         networks = { | ||||
|           "Apollo 600 Mbps".psk = "@PSK_APOLLO@"; | ||||
|         }; | ||||
|       }; | ||||
|       networkmanager.ensureProfiles.profiles = { | ||||
|         "Apollo" = { | ||||
|           connection = { | ||||
|             id = "Apollo 600 Mbps"; | ||||
|             type = "wifi"; | ||||
|           }; | ||||
|           wifi = { | ||||
|             mode = "infrastructure"; | ||||
|             ssid = "Apollo 600 Mbps"; | ||||
|           }; | ||||
|           wifi-security = { | ||||
|             auth-alg = "open"; | ||||
|             key-mgmt = "wpa-psk"; | ||||
|             psk = ""; | ||||
|           }; | ||||
|           ipv4 = { | ||||
|             method = "auto"; | ||||
|           }; | ||||
|           ipv6 = { | ||||
|             addr-gen-mode = "stable-privacy"; | ||||
|             method = "auto"; | ||||
|           }; | ||||
|         }; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
| @@ -1,21 +1,20 @@ | ||||
| { config, options, lib, home-manager, ... }: | ||||
| { config, options, lib, home-manager, inputs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| { | ||||
|   options = with types; { | ||||
|     user = mkOpt attrs { }; | ||||
|     user = mkOption { type = attrs; default = { }; }; | ||||
|  | ||||
|     home = { | ||||
|       configFile  = mkOpt' attrs { } "Files to place in $XDG_CONFIG_HOME"; | ||||
|       dataFile    = mkOpt' attrs { } "Files to place in $XDG_DATA_HOME"; | ||||
|       file        = mkOpt' attrs { } "Files to place directly in $HOME"; | ||||
|       packages    = mkOpt' attrs { } "User-level installed packages"; | ||||
|       programs    = mkOpt' attrs { } "Programs managed directly from home-manager"; | ||||
|       services    = mkOpt' attrs { } "Services managed directly from home-manager"; | ||||
|       configFile  = mkOption { type = attrs; default = { }; description = "Files to place in $XDG_CONFIG_HOME"; }; | ||||
|       dataFile    = mkOption { type = attrs; default = { }; description = "Files to place in $XDG_DATA_HOME"; }; | ||||
|       file        = mkOption { type = attrs; default = { }; description = "Files to place directly in $HOME"; }; | ||||
|       packages    = mkOption { type = attrs; default = { }; description = "User-level installed packages"; }; | ||||
|       programs    = mkOption { type = attrs; default = { }; description = "Programs managed directly from home-manager"; }; | ||||
|       services    = mkOption { type = attrs; default = { }; description = "Services managed directly from home-manager"; }; | ||||
|     }; | ||||
|  | ||||
|     dconf.settings = mkOpt' attrs { } "dconf settings to enable"; | ||||
|     dconf.settings = mkOption { type = attrs; default = { }; description = "dconf settings to enable"; }; | ||||
|  | ||||
|     env = mkOption { | ||||
|       type = attrsOf (oneOf [ str path (listOf (either str path)) ]); | ||||
| @@ -30,18 +29,20 @@ with lib.my; | ||||
|   }; | ||||
|  | ||||
|   config = { | ||||
|     age.secrets."passwords/users/jordan".file = "${inputs.secrets}/passwords/users/jordan.age"; | ||||
|     user = | ||||
|       let user = builtins.getEnv "USER"; | ||||
|           name = if elem user [ "" "root" ] then "jordan" else user; | ||||
|       in { | ||||
|         inherit name; | ||||
|         isNormalUser = true; | ||||
|         extraGroups = [ "networkmanager" "wheel" ]; | ||||
|         extraGroups = [ "networkmanager" "wheel" "lxd" ]; | ||||
|         description = "Jordan Holt"; | ||||
|         useDefaultShell = true; | ||||
|         openssh.authorizedKeys.keys = [ | ||||
|           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com" | ||||
|         ]; | ||||
|         hashedPasswordFile = config.age.secrets."passwords/users/jordan".path; | ||||
|         home = "/home/${name}"; | ||||
|         group = "users"; | ||||
|         uid = 1000; | ||||
| @@ -65,12 +66,14 @@ with lib.my; | ||||
|         }; | ||||
|         dconf.settings = mkAliasDefinitions options.dconf.settings; | ||||
|       }; | ||||
|  | ||||
|       sharedModules = [ | ||||
|         inputs.nixvim.homeManagerModules.nixvim | ||||
|       ]; | ||||
|     }; | ||||
|  | ||||
|     users.users.${config.user.name} = mkAliasDefinitions options.user; | ||||
|  | ||||
|     nixpkgs.config.allowUnfree = true; | ||||
|  | ||||
|     environment.extraInit = | ||||
|       concatStringsSep "\n" | ||||
|         (mapAttrsToList (n: v: "export ${n}=\"${v}\"") config.env); | ||||
|   | ||||
							
								
								
									
										45
									
								
								modules/podman.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										45
									
								
								modules/podman.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,45 @@ | ||||
| { pkgs, lib, config, ... }: | ||||
|  | ||||
| with lib; | ||||
|  | ||||
| let | ||||
|   cfg = config.modules.podman; | ||||
| in { | ||||
|   options.modules.podman = { | ||||
|     enable = mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|       description = mdDoc "Enable podman on this host"; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|     virtualisation = { | ||||
|       docker.enable = false; | ||||
|  | ||||
|       podman = { | ||||
|         enable = true; | ||||
|         defaultNetwork.settings.dns_enabled = true; | ||||
|         autoPrune = { | ||||
|           enable = true; | ||||
|           dates = "weekly"; | ||||
|           flags = [ "--all" ]; | ||||
|         }; | ||||
|         extraPackages = [ pkgs.zfs ]; | ||||
|       }; | ||||
|  | ||||
|       containers.storage.settings.storage = { | ||||
|         driver = "zfs"; | ||||
|         graphroot = "/var/lib/containers/storage"; | ||||
|         runroot = "/run/containers/storage"; | ||||
|       }; | ||||
|  | ||||
|       oci-containers.backend = "podman"; | ||||
|     }; | ||||
|  | ||||
|     networking.firewall.interfaces."podman+" = { | ||||
|       allowedUDPPorts = [ 53 ]; | ||||
|       allowedTCPPorts = [ 53 ]; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
| @@ -1,14 +1,15 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let cfg = config.modules.security.gpg; | ||||
| in { | ||||
|   options.modules.security.gpg = { | ||||
|     enable = mkBoolOpt false; | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     home.programs.gpg = { | ||||
|       enable = true; | ||||
|     }; | ||||
|   | ||||
| @@ -1,14 +1,15 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let cfg = config.modules.security.pass; | ||||
| in { | ||||
|   options.modules.security.pass = { | ||||
|     enable = mkBoolOpt false; | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     home.programs.password-store = { | ||||
|       enable = true; | ||||
|       package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]); | ||||
|   | ||||
							
								
								
									
										53
									
								
								modules/services/borgmatic/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										53
									
								
								modules/services/borgmatic/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,53 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
|  | ||||
| with lib; | ||||
|  | ||||
| let | ||||
|   cfg = config.modules.services.borgmatic; | ||||
|   hostname = config.networking.hostName; | ||||
| in { | ||||
|   options.modules.services.borgmatic = { | ||||
|     enable = mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|       description = mdDoc "Enable backups on this host with `borgmatic`"; | ||||
|     }; | ||||
|     directories = mkOption { | ||||
|       type = types.listOf types.str; | ||||
|       default = []; | ||||
|       example = [ | ||||
|         "/home/jordan/Documents" | ||||
|       ]; | ||||
|       description = mdDoc "List of directories to backup"; | ||||
|     }; | ||||
|     repoPath = mkOption { | ||||
|       type = types.str; | ||||
|       example = "ssh://example@example.repo.borgbase.com/./repo"; | ||||
|       description = mdDoc "Destination borg repository for backup"; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|     age.secrets."passwords/services/borg/${hostname}-passphrase" = { | ||||
|       file = "${inputs.secrets}/passwords/services/borg/${hostname}-passphrase.age"; | ||||
|     }; | ||||
|  | ||||
|     services.borgmatic = { | ||||
|       enable = true; | ||||
|       settings = { | ||||
|         source_directories = cfg.directories; | ||||
|         repositories = [ | ||||
|           { label = "borgbase"; path = cfg.repoPath; } | ||||
|         ]; | ||||
|         encryption_passcommand = "cat ${config.age.secrets."passwords/services/borg/${hostname}-passphrase".path}"; | ||||
|         ssh_command = "ssh -i /etc/ssh/ssh_host_ed25519_key"; | ||||
|         keep_daily = 7; | ||||
|         keep_weekly = 4; | ||||
|         keep_monthly = 6; | ||||
|       }; | ||||
|     }; | ||||
|  | ||||
|     # Without this override, `cat` is unavailable for `encryption_passcommand` | ||||
|     systemd.services.borgmatic.confinement.fullUnit = true; | ||||
|   }; | ||||
| } | ||||
							
								
								
									
										41
									
								
								modules/services/chrony/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										41
									
								
								modules/services/chrony/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,41 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
|  | ||||
| let | ||||
|   cfg = config.modules.services.chrony; | ||||
| in { | ||||
|   options.modules.services.chrony = { | ||||
|     enable = mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|       description = "Enable chrony NTP deamon"; | ||||
|     }; | ||||
|  | ||||
|     config = mkIf cfg.enable { | ||||
|       services.chrony = { | ||||
|         enable = true; | ||||
|  | ||||
|         servers = [ | ||||
|           "uk.pool.ntp.org" | ||||
|           "time.cloudflare.com" | ||||
|         ]; | ||||
|  | ||||
|         extraConfig = '' | ||||
|           makestep 1.0 3 | ||||
|  | ||||
|           bindaddress 0.0.0.0 | ||||
|           port 123 | ||||
|           allow | ||||
|         ''; | ||||
|       }; | ||||
|  | ||||
|       services.timesyncd.enable = mkForce false; | ||||
|  | ||||
|       networking.firewall = { | ||||
|         allowedUDPPorts = [ 123 ]; | ||||
|         allowedTCPPorts = [ 123 ]; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
							
								
								
									
										60
									
								
								modules/services/coturn/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										60
									
								
								modules/services/coturn/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,60 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
|  | ||||
| with lib; | ||||
|  | ||||
| let | ||||
|   cfg = config.modules.services.coturn; | ||||
| in { | ||||
|   options.modules.services.coturn = { | ||||
|     enable = mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|     networking.firewall = { | ||||
|       allowedTCPPorts = [ | ||||
|         5349  # STUN TLS | ||||
|         5350  # STUN TLS alt | ||||
|       ]; | ||||
|       allowedUDPPortRanges = [ | ||||
|         { from = 49152; to = 49999; } # TURN relay | ||||
|       ]; | ||||
|     }; | ||||
|  | ||||
|     security.acme.certs = { | ||||
|       "turn.vimium.com" = { | ||||
|         reloadServices = [ "coturn" ]; | ||||
|       }; | ||||
|     }; | ||||
|  | ||||
|     age.secrets."passwords/services/coturn/shared-secret" = { | ||||
|       file = "${inputs.secrets}/passwords/services/coturn/shared-secret.age"; | ||||
|       owner = "turnserver"; | ||||
|       group = "turnserver"; | ||||
|     }; | ||||
|  | ||||
|     services.coturn = { | ||||
|       enable = true; | ||||
|       lt-cred-mech = true; | ||||
|       use-auth-secret = true; | ||||
|       static-auth-secret-file = config.age.secrets."passwords/services/coturn/shared-secret".path; | ||||
|       realm = "turn.vimium.com"; | ||||
|       relay-ips = [ | ||||
|         "198.244.190.160" | ||||
|       ]; | ||||
|       no-tcp-relay = true; | ||||
|       extraConfig = '' | ||||
|         cipher-list="HIGH" | ||||
|         no-loopback-peers | ||||
|         no-multicast-peers | ||||
|       ''; | ||||
|       secure-stun = true; | ||||
|       cert = "/var/lib/acme/turn.vimium.com/fullchain.pem"; | ||||
|       pkey = "/var/lib/acme/turn.vimium.com/key.pem"; | ||||
|       min-port = 49152; | ||||
|       max-port = 49999; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
							
								
								
									
										226
									
								
								modules/services/gitea-runner/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										226
									
								
								modules/services/gitea-runner/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,226 @@ | ||||
| { pkgs, config, lib, inputs, ... }: | ||||
|  | ||||
| # Based on: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix | ||||
|  | ||||
| with lib; | ||||
|  | ||||
| let | ||||
|   cfg = config.modules.services.gitea-runner; | ||||
|   hostname = config.networking.hostName; | ||||
|   giteaUrl = "https://git.vimium.com"; | ||||
|  | ||||
|   storeDepsBins = with pkgs; [ | ||||
|     coreutils | ||||
|     findutils | ||||
|     gnugrep | ||||
|     gawk | ||||
|     git | ||||
|     nix | ||||
|     nix-update | ||||
|     bash | ||||
|     jq | ||||
|     nodejs | ||||
|   ]; | ||||
|  | ||||
|   storeDeps = pkgs.runCommand "store-deps" { } '' | ||||
|     mkdir -p $out/bin | ||||
|     for dir in ${toString storeDepsBins}; do | ||||
|       for bin in "$dir"/bin/*; do | ||||
|         ln -s "$bin" "$out/bin/$(basename "$bin")" | ||||
|       done | ||||
|     done | ||||
|  | ||||
|     # Add SSL CA certs | ||||
|     mkdir -p $out/etc/ssl/certs | ||||
|     cp -a "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" $out/etc/ssl/certs/ca-bundle.crt | ||||
|   ''; | ||||
| in | ||||
| { | ||||
|   options.modules.services.gitea-runner = { | ||||
|     enable = mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|       description = mdDoc "Enable a runner for Gitea Actions on this host"; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|     modules.podman.enable = true; | ||||
|  | ||||
|     systemd.services = { | ||||
|       gitea-runner-nix-image = { | ||||
|         wantedBy = [ "multi-user.target" ]; | ||||
|         after = [ "podman.service" ]; | ||||
|         requires = [ "podman.service" ]; | ||||
|         path = [ config.virtualisation.podman.package pkgs.gnutar pkgs.shadow pkgs.getent ]; | ||||
|         script = '' | ||||
|           set -eux -o pipefail | ||||
|           mkdir -p etc/nix | ||||
|  | ||||
|           # Create an unpriveleged user that we can use also without the run-as-user.sh script | ||||
|           touch etc/passwd etc/group | ||||
|           groupid=$(cut -d: -f3 < <(getent group nix-ci-user)) | ||||
|           userid=$(cut -d: -f3 < <(getent passwd nix-ci-user)) | ||||
|           groupadd --prefix $(pwd) --gid "$groupid" nix-ci-user | ||||
|           emptypassword='$6$1ero.LwbisiU.h3D$GGmnmECbPotJoPQ5eoSTD6tTjKnSWZcjHoVTkxFLZP17W9hRi/XkmCiAMOfWruUwy8gMjINrBMNODc7cYEo4K.' | ||||
|           useradd --prefix $(pwd) -p "$emptypassword" -m -d /tmp -u "$userid" -g "$groupid" -G nix-ci-user nix-ci-user | ||||
|  | ||||
|           cat <<NIX_CONFIG > etc/nix/nix.conf | ||||
|           accept-flake-config = true | ||||
|           experimental-features = nix-command flakes | ||||
|           NIX_CONFIG | ||||
|  | ||||
|           cat <<NSSWITCH > etc/nsswitch.conf | ||||
|           passwd:    files mymachines systemd | ||||
|           group:     files mymachines systemd | ||||
|           shadow:    files | ||||
|  | ||||
|           hosts:     files mymachines dns myhostname | ||||
|           networks:  files | ||||
|  | ||||
|           ethers:    files | ||||
|           services:  files | ||||
|           protocols: files | ||||
|           rpc:       files | ||||
|           NSSWITCH | ||||
|  | ||||
|           # list the content as it will be imported into the container | ||||
|           tar -cv . | tar -tvf - | ||||
|           tar -cv . | podman import - gitea-runner-nix | ||||
|         ''; | ||||
|         serviceConfig = { | ||||
|           RuntimeDirectory = "gitea-runner-nix-image"; | ||||
|           WorkingDirectory = "/run/gitea-runner-nix-image"; | ||||
|           Type = "oneshot"; | ||||
|           RemainAfterExit = true; | ||||
|         }; | ||||
|       }; | ||||
|  | ||||
|       gitea-runner-nix = { | ||||
|         after = [ "gitea-runner-nix-image.service" ]; | ||||
|         requires = [ "gitea-runner-nix-image.service" ]; | ||||
|  | ||||
|         serviceConfig = { | ||||
|           # Hardening (may overlap with DynamicUser=) | ||||
|           # The following options are only for optimizing output of systemd-analyze | ||||
|           AmbientCapabilities = ""; | ||||
|           CapabilityBoundingSet = ""; | ||||
|           # ProtectClock= adds DeviceAllow=char-rtc r | ||||
|           DeviceAllow = ""; | ||||
|           NoNewPrivileges = true; | ||||
|           PrivateDevices = true; | ||||
|           PrivateMounts = true; | ||||
|           PrivateTmp = true; | ||||
|           PrivateUsers = true; | ||||
|           ProtectClock = true; | ||||
|           ProtectControlGroups = true; | ||||
|           ProtectHome = true; | ||||
|           ProtectHostname = true; | ||||
|           ProtectKernelLogs = true; | ||||
|           ProtectKernelModules = true; | ||||
|           ProtectKernelTunables = true; | ||||
|           ProtectSystem = "strict"; | ||||
|           RemoveIPC = true; | ||||
|           RestrictNamespaces = true; | ||||
|           RestrictRealtime = true; | ||||
|           RestrictSUIDSGID = true; | ||||
|           UMask = "0066"; | ||||
|           ProtectProc = "invisible"; | ||||
|           SystemCallFilter = [ | ||||
|             "~@clock" | ||||
|             "~@cpu-emulation" | ||||
|             "~@module" | ||||
|             "~@mount" | ||||
|             "~@obsolete" | ||||
|             "~@raw-io" | ||||
|             "~@reboot" | ||||
|             "~@swap" | ||||
|             # needed by go? | ||||
|             #"~@resources" | ||||
|             "~@privileged" | ||||
|             "~capset" | ||||
|             "~setdomainname" | ||||
|             "~sethostname" | ||||
|           ]; | ||||
|           RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" "AF_NETLINK" ]; | ||||
|  | ||||
|           # Needs network access | ||||
|           PrivateNetwork = false; | ||||
|           # Cannot be true due to Node | ||||
|           MemoryDenyWriteExecute = false; | ||||
|  | ||||
|           # The more restrictive "pid" option makes `nix` commands in CI emit | ||||
|           # "GC Warning: Couldn't read /proc/stat" | ||||
|           # You may want to set this to "pid" if not using `nix` commands | ||||
|           ProcSubset = "all"; | ||||
|           # Coverage programs for compiled code such as `cargo-tarpaulin` disable | ||||
|           # ASLR (address space layout randomization) which requires the | ||||
|           # `personality` syscall | ||||
|           # You may want to set this to `true` if not using coverage tooling on | ||||
|           # compiled code | ||||
|           LockPersonality = false; | ||||
|  | ||||
|           # Note that this has some interactions with the User setting; so you may | ||||
|           # want to consult the systemd docs if using both. | ||||
|           DynamicUser = true; | ||||
|         }; | ||||
|       }; | ||||
|     }; | ||||
|  | ||||
|     users.users.nix-ci-user = { | ||||
|       group = "nix-ci-user"; | ||||
|       description = "Used for running nix-based CI jobs"; | ||||
|       home = "/var/empty"; | ||||
|       isSystemUser = true; | ||||
|     }; | ||||
|     users.groups.nix-ci-user = { }; | ||||
|  | ||||
|     age.secrets."files/services/gitea-runner/${hostname}-token" = { | ||||
|       file = "${inputs.secrets}/files/services/gitea-runner/${hostname}-token.age"; | ||||
|       group = "podman"; | ||||
|     }; | ||||
|  | ||||
|     services.gitea-actions-runner.instances = { | ||||
|       act = { | ||||
|         enable = true; | ||||
|         url = giteaUrl; | ||||
|         name = "act-runner-${hostname}"; | ||||
|  | ||||
|         tokenFile = config.age.secrets."files/services/gitea-runner/${hostname}-token".path; | ||||
|         settings = { | ||||
|           cache.enabled = true; | ||||
|           runner.capacity = 4; | ||||
|         }; | ||||
|  | ||||
|         labels = [ | ||||
|           "debian-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest" | ||||
|           "ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest" | ||||
|         ]; | ||||
|       }; | ||||
|       nix = { | ||||
|         enable = true; | ||||
|         url = giteaUrl; | ||||
|         name = "nix-runner-${hostname}"; | ||||
|  | ||||
|         tokenFile = config.age.secrets."files/services/gitea-runner/${hostname}-token".path; | ||||
|         settings = { | ||||
|           cache.enabled = true; | ||||
|           container = { | ||||
|             options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nix-ci-user"; | ||||
|             network = "host"; | ||||
|             valid_volumes = [ | ||||
|               "/nix" | ||||
|               "${storeDeps}/bin" | ||||
|               "${storeDeps}/etc/ssl" | ||||
|             ]; | ||||
|           }; | ||||
|           runner.capacity = 4; | ||||
|         }; | ||||
|  | ||||
|         labels = [ | ||||
|           "nix:docker://gitea-runner-nix" | ||||
|         ]; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
							
								
								
									
										94
									
								
								modules/services/gitea/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										94
									
								
								modules/services/gitea/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,94 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
|  | ||||
| with lib; | ||||
|  | ||||
| let | ||||
|   cfg = config.modules.services.gitea; | ||||
| in { | ||||
|   options.modules.services.gitea = { | ||||
|     enable = mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|     users = { | ||||
|       users.git = { | ||||
|         isSystemUser = true; | ||||
|         useDefaultShell = true; | ||||
|         group =  "git"; | ||||
|         extraGroups = [ "gitea" ]; | ||||
|         home = config.services.gitea.stateDir; | ||||
|       }; | ||||
|       groups.git = { }; | ||||
|     }; | ||||
|  | ||||
|     services.nginx = { | ||||
|       upstreams.gitea = { | ||||
|         servers = { | ||||
|           "unix:${config.services.gitea.settings.server.HTTP_ADDR}" = { }; | ||||
|         }; | ||||
|       }; | ||||
|       virtualHosts = { | ||||
|         "git.vimium.com" = { | ||||
|           forceSSL = true; | ||||
|           enableACME = true; | ||||
|           locations."/".proxyPass = "http://gitea"; | ||||
|         }; | ||||
|       }; | ||||
|     }; | ||||
|  | ||||
|     systemd.tmpfiles.rules = [ | ||||
|       "d '${config.services.gitea.customDir}/public/assets/css' 0750 ${config.services.gitea.user} ${config.services.gitea.group} - -" | ||||
|       "L+ '${config.services.gitea.customDir}/public/assets/css/theme-github.css' - - - - ${inputs.gitea-github-theme}/theme-github.css" | ||||
|       "L+ '${config.services.gitea.customDir}/public/assets/css/theme-github-auto.css' - - - - ${inputs.gitea-github-theme}/theme-github-auto.css" | ||||
|       "L+ '${config.services.gitea.customDir}/public/assets/css/theme-github-dark.css' - - - - ${inputs.gitea-github-theme}/theme-github-dark.css" | ||||
|     ]; | ||||
|  | ||||
|     services.gitea = rec { | ||||
|       package = pkgs.unstable.gitea; | ||||
|       enable = true; | ||||
|       user = "git"; | ||||
|       appName = "Vimium Git"; | ||||
|       stateDir = "/var/lib/gitea"; | ||||
|       repositoryRoot = "${stateDir}/repositories"; | ||||
|       database = { | ||||
|         type = "sqlite3"; | ||||
|         inherit user; | ||||
|         path = "${stateDir}/gitea.db"; | ||||
|       }; | ||||
|       lfs = { | ||||
|         enable = true; | ||||
|         contentDir = "${stateDir}/lfs"; | ||||
|       }; | ||||
|       settings = { | ||||
|         server = { | ||||
|           DOMAIN = config.networking.domain; | ||||
|           LANDING_PAGE = "explore"; | ||||
|           OFFLINE_MODE = true; | ||||
|           PROTOCOL = "http+unix"; | ||||
|           SSH_USER = "git"; | ||||
|           SSH_DOMAIN = "git.vimium.com"; | ||||
|           SSH_PORT = lib.head config.services.openssh.ports; | ||||
|           ROOT_URL = "https://git.vimium.com/"; | ||||
|         }; | ||||
|         service.DISABLE_REGISTRATION = true; | ||||
|         session.COOKIE_SECURE = true; | ||||
|         log = { | ||||
|           ROOT_PATH = "${stateDir}/log"; | ||||
|           DISABLE_ROUTER_LOG = true; | ||||
|         }; | ||||
|         ui = { | ||||
|           THEMES = "gitea,arc-green,github,github-auto,github-dark"; | ||||
|           DEFAULT_THEME = "github-dark"; | ||||
|         }; | ||||
|         actions.ENABLED = true; | ||||
|         indexer = { | ||||
|           REPO_INDEXER_ENABLED = true; | ||||
|         }; | ||||
|         packages.CHUNKED_UPLOAD_PATH = lib.mkForce "${stateDir}/data/tmp/package-upload"; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
							
								
								
									
										47
									
								
								modules/services/headscale/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										47
									
								
								modules/services/headscale/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,47 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
|  | ||||
| with lib; | ||||
|  | ||||
| let | ||||
|   cfg = config.modules.services.headscale; | ||||
|   fqdn = "headscale.vimium.net"; | ||||
| in { | ||||
|   options.modules.services.headscale = { | ||||
|     enable = mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|     environment.systemPackages = [ pkgs.headscale ]; | ||||
|  | ||||
|     services.headscale = { | ||||
|       enable = true; | ||||
|  | ||||
|       port = 8080; | ||||
|  | ||||
|       settings = { | ||||
|         ip_prefixes = [ | ||||
|           "100.64.0.0/10" | ||||
|         ]; | ||||
|         server_url = "https://${fqdn}"; | ||||
|         dns_config = { | ||||
|           base_domain = "vimium.net"; | ||||
|         }; | ||||
|         logtail.enabled = false; | ||||
|       }; | ||||
|     }; | ||||
|  | ||||
|     services.nginx.virtualHosts = { | ||||
|       "${fqdn}" = { | ||||
|         forceSSL = true; | ||||
|         enableACME = true; | ||||
|         locations."/" = { | ||||
|           proxyPass = "http://localhost:${toString config.services.headscale.port}"; | ||||
|           proxyWebsockets = true; | ||||
|         }; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
							
								
								
									
										69
									
								
								modules/services/mail/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										69
									
								
								modules/services/mail/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,69 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| let | ||||
|   cfg = config.modules.services.mail; | ||||
|   domains = [ | ||||
|     "h0lt.com" | ||||
|     "jdholt.com" | ||||
|     "jordanholt.xyz" | ||||
|     "vimium.co" | ||||
|     "vimium.com" | ||||
|     "vimium.co.uk" | ||||
|     "vimium.info" | ||||
|     "vimium.net" | ||||
|     "vimium.org" | ||||
|     "vimium.xyz" | ||||
|   ]; | ||||
| in { | ||||
|   options.modules.services.mail = { | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     services.roundcube = { | ||||
|       enable = true; | ||||
|       hostName = config.mailserver.fqdn; | ||||
|       extraConfig = '' | ||||
|         $config['smtp_server'] = "tls://${config.mailserver.fqdn}"; | ||||
|         $config['smtp_user'] = "%u"; | ||||
|         $config['smtp_pass'] = "%p"; | ||||
|       ''; | ||||
|     }; | ||||
|  | ||||
|     services.nginx.enable = true; | ||||
|  | ||||
|     networking.firewall.allowedTCPPorts = [ 80 443 ]; | ||||
|  | ||||
|     mailserver = { | ||||
|       enable = true; | ||||
|       fqdn = "mail.vimium.com"; | ||||
|       domains = domains; | ||||
|       indexDir = "/var/lib/dovecot/indices"; | ||||
|  | ||||
|       certificateDomains = [ | ||||
|         "imap.vimium.com" | ||||
|         "smtp.vimium.com" | ||||
|       ]; | ||||
|       certificateScheme = "acme-nginx"; | ||||
|  | ||||
|       fullTextSearch.enable = true; | ||||
|  | ||||
|       loginAccounts = { | ||||
|         "jordan@vimium.com" = { | ||||
|           hashedPasswordFile = config.users.users.jordan.hashedPasswordFile; | ||||
|           catchAll = domains; | ||||
|         }; | ||||
|       }; | ||||
|  | ||||
|       extraVirtualAliases = { | ||||
|         "hostmaster@vimium.com" = "jordan@vimium.com"; | ||||
|         "postmaster@vimium.com" = "jordan@vimium.com"; | ||||
|         "webmaster@vimium.com" = "jordan@vimium.com"; | ||||
|         "abuse@vimium.com" = "jordan@vimium.com"; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
							
								
								
									
										127
									
								
								modules/services/matrix-synapse/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										127
									
								
								modules/services/matrix-synapse/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,127 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
|  | ||||
| with lib; | ||||
|  | ||||
| let | ||||
|   cfg = config.modules.services.matrix-synapse; | ||||
|   matrixClientConfig = { | ||||
|     "m.homeserver" = { | ||||
|       base_url = "https://matrix.vimium.com"; | ||||
|       server_name = "vimium.com"; | ||||
|     }; | ||||
|     "m.identity_server" = {}; | ||||
|   }; | ||||
|   matrixServerConfig."m.server" = "matrix.vimium.com:443"; | ||||
|   mkWellKnown = data: '' | ||||
|     more_set_headers 'Content-Type: application/json'; | ||||
|     return 200 '${builtins.toJSON data}'; | ||||
|   ''; | ||||
| in { | ||||
|   options.modules.services.matrix-synapse = { | ||||
|     enable = mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|     networking.firewall.allowedTCPPorts = [ | ||||
|       8448 # Matrix federation | ||||
|     ]; | ||||
|  | ||||
|     security.acme.certs = { | ||||
|       "matrix.vimium.com" = { | ||||
|         reloadServices = [ "matrix-synapse" ]; | ||||
|       }; | ||||
|     }; | ||||
|  | ||||
|     services.nginx.virtualHosts = { | ||||
|       "chat.vimium.com" = { | ||||
|         forceSSL = true; | ||||
|         enableACME = true; | ||||
|         root = pkgs.unstable.element-web.override { | ||||
|           conf = { | ||||
|             default_server_config = matrixClientConfig; | ||||
|             brand = "Vimium Chat"; | ||||
|             branding = { | ||||
|               auth_header_logo_url = "https://vimium.com/images/logo.svg"; | ||||
|               auth_footer_links = [ | ||||
|                 { "text" = "Vimium.com"; "url" = "https://vimium.com"; } | ||||
|               ]; | ||||
|             }; | ||||
|           }; | ||||
|         }; | ||||
|       }; | ||||
|       "matrix.vimium.com" = { | ||||
|         forceSSL = true; | ||||
|         enableACME = true; | ||||
|         listen = [ | ||||
|           { | ||||
|             addr = "0.0.0.0"; | ||||
|             port = 443; | ||||
|             ssl = true; | ||||
|           } | ||||
|           { | ||||
|             addr = "0.0.0.0"; | ||||
|             port = 80; | ||||
|           } | ||||
|           { | ||||
|             addr = "0.0.0.0"; | ||||
|             port = 8448; | ||||
|             ssl = true; | ||||
|           } | ||||
|           { | ||||
|             addr = "[::1]"; | ||||
|             port = 443; | ||||
|             ssl = true; | ||||
|           } | ||||
|           { | ||||
|             addr = "[::1]"; | ||||
|             port = 80; | ||||
|           } | ||||
|           { | ||||
|             addr = "[::1]"; | ||||
|             port = 8448; | ||||
|             ssl = true; | ||||
|           } | ||||
|         ]; | ||||
|         locations = { | ||||
|           "/" = { | ||||
|             proxyPass = "http://localhost:8008"; | ||||
|             extraConfig = '' | ||||
|               proxy_set_header X-Forwarded-For $remote_addr; | ||||
|             ''; | ||||
|           }; | ||||
|           "/_matrix" = { | ||||
|             proxyPass = "http://localhost:8008"; | ||||
|             extraConfig = '' | ||||
|               proxy_set_header X-Forwarded-For $remote_addr; | ||||
|               client_max_body_size 50M; | ||||
|             ''; | ||||
|           }; | ||||
|           "/_synapse/client".proxyPass = "http://localhost:8008"; | ||||
|         }; | ||||
|       }; | ||||
|       "vimium.com" = { | ||||
|         locations."= /.well-known/matrix/server".extraConfig = (mkWellKnown matrixServerConfig); | ||||
|         locations."= /.well-known/matrix/client".extraConfig = (mkWellKnown matrixClientConfig); | ||||
|       }; | ||||
|     }; | ||||
|  | ||||
|     services.matrix-synapse = { | ||||
|       enable = true; | ||||
|       settings = { | ||||
|         database.name = "sqlite3"; | ||||
|         enable_registration = false; | ||||
|         server_name = "vimium.com"; | ||||
|         # turn_shared_secret = "???"; | ||||
|         # turn_uris = [ | ||||
|         #   "turn:turn.vimium.com:5349?transport=udp" | ||||
|         #   "turn:turn.vimium.com:5350?transport=udp" | ||||
|         #   "turn:turn.vimium.com:5349?transport=tcp" | ||||
|         #   "turn:turn.vimium.com:5350?transport=tcp" | ||||
|         # ]; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
							
								
								
									
										157
									
								
								modules/services/nginx/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										157
									
								
								modules/services/nginx/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,157 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
|  | ||||
| with lib; | ||||
|  | ||||
| let | ||||
|   cfg = config.modules.services.nginx; | ||||
|   nginxErrorPages = '' | ||||
|     location @error_pages { | ||||
|       rewrite ^.*$ /''${status}.html break; | ||||
|  | ||||
|       root "/var/www/html/errors"; | ||||
|     } | ||||
|   ''; | ||||
|   nginxEdgeHeaders = '' | ||||
|     more_set_headers 'Server: Vimium'; | ||||
|     more_set_headers 'Access-Control-Allow-Origin: *'; | ||||
|     add_header Expect-CT max-age=30 always; | ||||
|     add_header Referrer-Policy strict-origin-when-cross-origin always; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; | ||||
|     add_header Vimium-Responding-Instance $hostname; | ||||
|     add_header X-XSS-Protection "1; mode=block" always; | ||||
|     add_header X-Content-Type-Options nosniff always; | ||||
|   ''; | ||||
|   nginxStrictHeaders = '' | ||||
|     add_header X-Frame-Options SAMEORIGIN always; | ||||
|     add_header Permissions-Policy "fullscreen=(self), sync-xhr=(self)" always; | ||||
|   ''; | ||||
|   mkRedirect = from: to: { | ||||
|     "${from}" = { | ||||
|       forceSSL = true; | ||||
|       enableACME = true; | ||||
|       serverAliases = [ "www.${from}" ]; | ||||
|       locations."/".return = "301 https://${to}$request_uri"; | ||||
|       extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders; | ||||
|     }; | ||||
|   }; | ||||
| in { | ||||
|   options.modules.services.nginx = { | ||||
|     enable = mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|     networking.firewall.allowedTCPPorts = [ | ||||
|       80    # HTTP | ||||
|       443   # HTTPS | ||||
|     ]; | ||||
|  | ||||
|     services.nginx = { | ||||
|       enable = true; | ||||
|       package = pkgs.openresty; | ||||
|       recommendedGzipSettings = true; | ||||
|       recommendedOptimisation = true; | ||||
|       recommendedTlsSettings = true; | ||||
|       clientMaxBodySize = "2G"; | ||||
|       sslProtocols = "TLSv1.2 TLSv1.3"; | ||||
|       sslCiphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; | ||||
|       appendHttpConfig = '' | ||||
|         error_page 400 @error_pages; | ||||
|         error_page 401 @error_pages; | ||||
|         error_page 403 @error_pages; | ||||
|         error_page 404 @error_pages; | ||||
|         error_page 405 @error_pages; | ||||
|         error_page 429 @error_pages; | ||||
|         error_page 500 @error_pages; | ||||
|         error_page 501 @error_pages; | ||||
|         error_page 502 @error_pages; | ||||
|         error_page 503 @error_pages; | ||||
|         error_page 504 @error_pages; | ||||
|  | ||||
|         client_body_buffer_size 16k; | ||||
|         client_header_buffer_size 8k; | ||||
|       ''; | ||||
|       appendConfig = '' | ||||
|         worker_processes auto; | ||||
|         worker_cpu_affinity auto; | ||||
|         worker_rlimit_nofile 50000; | ||||
|       ''; | ||||
|       eventsConfig = '' | ||||
|         worker_connections 20000; | ||||
|         multi_accept off; | ||||
|       ''; | ||||
|       virtualHosts = { | ||||
|         ## Static sites | ||||
|         "jellyfin.vimium.com" = { | ||||
|           forceSSL = true; | ||||
|           enableACME = true; | ||||
|           extraConfig = nginxErrorPages + nginxEdgeHeaders; | ||||
|           locations."/" = { | ||||
|             proxyPass = "http://localhost:8000"; | ||||
|             extraConfig = '' | ||||
|               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||||
|               proxy_set_header X-Forwarded-Proto $scheme; | ||||
|               proxy_set_header X-Real-IP $remote_addr; | ||||
|               proxy_set_header Host $host; | ||||
|  | ||||
|               proxy_set_header Range $http_range; | ||||
|               proxy_set_header If-Range $http_if_range; | ||||
|  | ||||
|               proxy_http_version 1.1; | ||||
|               proxy_set_header Upgrade $http_upgrade; | ||||
|               proxy_set_header Connection "upgrade"; | ||||
|             ''; | ||||
|           }; | ||||
|         }; | ||||
|         "pki.vimium.com" = { | ||||
|           addSSL = true; | ||||
|           forceSSL = false; | ||||
|           enableACME = true; | ||||
|           extraConfig = '' | ||||
|             ${nginxErrorPages} | ||||
|             more_set_headers 'Server: Vimium'; | ||||
|           ''; | ||||
|           locations."/" = { | ||||
|             root = "/var/www/pki.vimium.com"; | ||||
|           }; | ||||
|         }; | ||||
|         "suhailhussain.com" = { | ||||
|           forceSSL = true; | ||||
|           enableACME = true; | ||||
|           serverAliases = [ "www.suhailhussain.com" ]; | ||||
|           extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders; | ||||
|           locations."/" = { | ||||
|             root = "/var/www/suhailhussain.com"; | ||||
|           }; | ||||
|         }; | ||||
|         "vimium.com" = { | ||||
|           default = true; | ||||
|           forceSSL = true; | ||||
|           enableACME = true; | ||||
|           serverAliases = [ "www.vimium.com" ]; | ||||
|           extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders + '' | ||||
|             add_header Content-Security-Policy "default-src 'self' https://vimium.com https://www.vimium.com; style-src 'unsafe-inline'; object-src 'none'; upgrade-insecure-requests" always; | ||||
|           ''; | ||||
|           locations."/" = { | ||||
|             root = "/var/www/vimium.com"; | ||||
|           }; | ||||
|         }; | ||||
|       } | ||||
|       ## Redirects | ||||
|       // (mkRedirect "h0lt.com" "jdholt.com") | ||||
|       // (mkRedirect "jordanholt.xyz" "jdholt.com") | ||||
|       // (mkRedirect "jdholt.com" "vimium.com") | ||||
|       // (mkRedirect "omnimagic.com" "vimium.com") | ||||
|       // (mkRedirect "omnimagic.net" "vimium.com") | ||||
|       // (mkRedirect "thelostlegend.com" "suhailhussain.com") | ||||
|       // (mkRedirect "vimium.co" "vimium.com") | ||||
|       // (mkRedirect "vimium.co.uk" "vimium.com") | ||||
|       // (mkRedirect "vimium.info" "vimium.com") | ||||
|       // (mkRedirect "vimium.net" "vimium.com") | ||||
|       // (mkRedirect "vimium.org" "vimium.com") | ||||
|       // (mkRedirect "vimium.xyz" "vimium.com"); | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
							
								
								
									
										57
									
								
								modules/services/photoprism/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										57
									
								
								modules/services/photoprism/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,57 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
|  | ||||
| with lib; | ||||
|  | ||||
| let cfg = config.modules.services.photoprism; | ||||
| in { | ||||
|   options.modules.services.photoprism = { | ||||
|     enable = mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|     services.nginx = { | ||||
|       virtualHosts = { | ||||
|         "gallery.vimium.com" = { | ||||
|           forceSSL = true; | ||||
|           enableACME = true; | ||||
|           locations."/" = { | ||||
|             proxyPass = "http://localhost:${toString config.services.photoprism.port}"; | ||||
|             extraConfig = '' | ||||
|               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||||
|               proxy_set_header X-Forwarded-Proto $scheme; | ||||
|               proxy_set_header X-Real-IP $remote_addr; | ||||
|               proxy_set_header Host $host; | ||||
|  | ||||
|               proxy_buffering off; | ||||
|               proxy_http_version 1.1; | ||||
|               proxy_set_header Upgrade $http_upgrade; | ||||
|               proxy_set_header Connection "upgrade"; | ||||
|             ''; | ||||
|           }; | ||||
|         }; | ||||
|       }; | ||||
|     }; | ||||
|  | ||||
|     age.secrets."passwords/services/photoprism/admin" = { | ||||
|       file = "${inputs.secrets}/passwords/services/photoprism/admin.age"; | ||||
|     }; | ||||
|  | ||||
|     services.photoprism = { | ||||
|       enable = true; | ||||
|       address = "localhost"; | ||||
|       passwordFile = config.age.secrets."passwords/services/photoprism/admin".path; | ||||
|       originalsPath = "${config.services.photoprism.storagePath}/originals"; | ||||
|       settings = { | ||||
|         PHOTOPRISM_APP_NAME = "Vimium Gallery"; | ||||
|         PHOTOPRISM_SITE_AUTHOR = "Vimium"; | ||||
|         PHOTOPRISM_SITE_TITLE = "Vimium Gallery"; | ||||
|         PHOTOPRISM_SITE_CAPTION = "Vimium Gallery"; | ||||
|         PHOTOPRISM_DISABLE_TLS = "true"; | ||||
|         PHOTOPRISM_SPONSOR = "true"; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
| @@ -1,14 +1,15 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let cfg = config.modules.shell.git; | ||||
| in { | ||||
|   options.modules.shell.git = { | ||||
|     enable = mkBoolOpt false; | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     home.programs.git = { | ||||
|       enable = true; | ||||
|       aliases = { | ||||
|   | ||||
| @@ -1,14 +1,15 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
| with lib.my; | ||||
| let cfg = config.modules.shell.zsh; | ||||
| in { | ||||
|   options.modules.shell.zsh = { | ||||
|     enable = mkBoolOpt false; | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     users.defaultUserShell = pkgs.zsh; | ||||
|  | ||||
|     programs.zsh = { | ||||
|   | ||||
Some files were not shown because too many files have changed in this diff Show More
		Reference in New Issue
	
	Block a user