dadada/nix-config
dadada/nix-config
1
0
Fork 0
Code Issues 2 Pull requests 5 Projects Releases Packages Wiki Activity Actions 2

add code formatter and reformat

Browse source
This commit is contained in:
Tim Schubert 2022-08-04 21:05:37 +02:00
parent a055f4fa40
commit 8cd6ed1502
Signed by: dadada
GPG key ID: EEB8D1CE62C4DFEA
69 changed files with 1016 additions and 797 deletions
Download patch file Download diff file Expand all files Collapse all files

36
nixos/modules/admin.nix
View file

@ -1,9 +1,12 @@
{ config, pkgs, lib, ... }:
with lib;
let
{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.dadada.admin;
extraGroups = [ "wheel" "libvirtd" ];
extraGroups = ["wheel" "libvirtd"];
shells = {
"bash" = pkgs.bashInteractive;
@ -13,11 +16,15 @@ let
shellNames = builtins.attrNames shells;
adminOpts = { name, config, ... }: {
adminOpts = {
name,
config,
...
}: {
options = {
keys = mkOption {
type = types.listOf types.str;
default = [ ];
default = [];
apply = x: assert (builtins.length x > 0 || abort "Please specify at least one key to be able to log in"); x;
description = ''
The keys that should be able to access the account.
@ -35,15 +42,14 @@ let
};
};
};
in
{
in {
options = {
dadada.admin = {
enable = mkEnableOption "Enable admin access";
users = mkOption {
type = with types; attrsOf (submodule adminOpts);
default = { };
default = {};
description = ''
Admin users with root access machine.
'';
@ -68,14 +74,14 @@ in
security.sudo.wheelNeedsPassword = false;
services.openssh.openFirewall = true;
users.users = mapAttrs
(user: keys: (
{
users.users =
mapAttrs
(user: keys: {
shell = shells."${keys.shell}";
extraGroups = extraGroups;
isNormalUser = true;
openssh.authorizedKeys.keys = keys.keys;
}))
})
cfg.users;
nix.trustedUsers = builtins.attrNames cfg.users;
@ -90,7 +96,7 @@ in
services.tor.relay.onionServices = {
"rat" = mkIf cfg.rat.enable {
name = "rat";
map = [{ port = 22; }];
map = [{port = 22;}];
};
};
};

146
nixos/modules/backup.nix
View file

@ -1,6 +1,10 @@
{ config, pkgs, lib, ... }:
with lib;
let
{
config,
pkgs,
lib,
...
}:
with lib; let
backupExcludes = [
"/backup"
"/dev"
@ -20,87 +24,87 @@ let
"/var/tmp"
];
cfg = config.dadada.backupClient;
in
{
options = {
dadada.backupClient = {
gs = {
enable = mkEnableOption "Enable backup to GS location";
passphrasePath = mkOption {
type = with types; nullOr str;
description = ''
The path to the passphrase file.
'';
default = "/var/lib/borgbackup/gs/passphrase";
};
in {
options = {
dadada.backupClient = {
gs = {
enable = mkEnableOption "Enable backup to GS location";
passphrasePath = mkOption {
type = with types; nullOr str;
description = ''
The path to the passphrase file.
'';
default = "/var/lib/borgbackup/gs/passphrase";
};
bs = {
enable = mkEnableOption "Enable backup to BS location";
passphrasePath = mkOption {
type = types.str;
description = ''
The path to the passphrase file.
'';
default = "/var/lib/borgbackup/bs/passphrase";
};
sshIdentityFile = mkOption {
type = types.str;
description = ''
Path to the SSH key that is used to transmit the backup.
'';
default = "/var/lib/borgbackup/bs/id_ed25519";
};
};
bs = {
enable = mkEnableOption "Enable backup to BS location";
passphrasePath = mkOption {
type = types.str;
description = ''
The path to the passphrase file.
'';
default = "/var/lib/borgbackup/bs/passphrase";
};
sshIdentityFile = mkOption {
type = types.str;
description = ''
Path to the SSH key that is used to transmit the backup.
'';
default = "/var/lib/borgbackup/bs/id_ed25519";
};
};
};
};
config = mkIf cfg.gs.enable {
fileSystems = mkIf cfg.gs {
"/backup" = {
device = "/dev/disk/by-uuid/0fdab735-cc3e-493a-b4ec-cbf6a77d48d5";
fsType = "ext4";
options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ];
options = ["x-systemd.automount" "noauto" "x-systemd.idle-timeout=600"];
};
};
services.borgbackup.jobs.gs = {
paths = "/";
exclude = backupExcludes;
repo = "/backup/${config.networking.hostName}";
doInit = false;
encryption = {
mode = "repokey";
passCommand = "cat ${cfg.gs.passphrasePath}";
services.borgbackup.jobs.gs =
{
paths = "/";
exclude = backupExcludes;
repo = "/backup/${config.networking.hostName}";
doInit = false;
encryption = {
mode = "repokey";
passCommand = "cat ${cfg.gs.passphrasePath}";
};
compression = "auto,lz4";
prune.keep = {
within = "1d"; # Keep all archives from the last day
daily = 7;
weekly = 2;
monthly = -1; # Keep at least one archive for each month
yearly = -1; # Keep at least one archive for each year
};
startAt = "monthly";
}
// mkIf cfg.bs.enable {
services.borgbackup.jobs.bs = {
paths = "/";
exclude = backupExcludes;
repo = "borg@backup0.dadada.li:/mnt/storage/backup/${config.networking.hostName}";
doInit = false;
environment = {
BORG_RSH = "ssh -i ${cfg.bs.sshIdentityFile} -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'";
};
encryption = {
mode = "repokey";
passCommand = "cat ${cfg.bs.passphrasePath}";
};
compression = "auto,lz4";
startAt = "daily";
environment = {
BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes";
};
};
};
compression = "auto,lz4";
prune.keep = {
within = "1d"; # Keep all archives from the last day
daily = 7;
weekly = 2;
monthly = -1; # Keep at least one archive for each month
yearly = -1; # Keep at least one archive for each year
};
startAt = "monthly";
} // mkIf cfg.bs.enable {
services.borgbackup.jobs.bs = {
paths = "/";
exclude = backupExcludes;
repo = "borg@backup0.dadada.li:/mnt/storage/backup/${config.networking.hostName}";
doInit = false;
environment = {
BORG_RSH = "ssh -i ${cfg.bs.sshIdentityFile} -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'";
};
encryption = {
mode = "repokey";
passCommand = "cat ${cfg.bs.passphrasePath}";
};
compression = "auto,lz4";
startAt = "daily";
environment = {
BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes";
};
};
};
};
}

56
nixos/modules/ddns.nix
View file

@ -1,40 +1,46 @@
{ config, pkgs, lib, ... }:
with lib;
let
{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.dadada.ddns;
ddnsConfig = hostNames: {
systemd.timers = listToAttrs (forEach hostNames (hostname: nameValuePair "ddns-${hostname}"
{
wantedBy = [ "timers.target" ];
partOf = [ "ddns-${hostname}.service" ];
timerConfig.OnCalendar = "hourly";
}));
systemd.timers = listToAttrs (forEach hostNames (hostname:
nameValuePair "ddns-${hostname}"
{
wantedBy = ["timers.target"];
partOf = ["ddns-${hostname}.service"];
timerConfig.OnCalendar = "hourly";
}));
systemd.services = listToAttrs (forEach hostNames (hostname: nameValuePair "ddns-${hostname}"
{
serviceConfig.Type = "oneshot";
script = ''
function url() {
echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3"
}
systemd.services = listToAttrs (forEach hostNames (hostname:
nameValuePair "ddns-${hostname}"
{
serviceConfig.Type = "oneshot";
script = ''
function url() {
echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3"
}
IFS=':'
read -r user password < /var/lib/ddns/credentials
unset IFS
IFS=':'
read -r user password < /var/lib/ddns/credentials
unset IFS
curl_url=$(url "$user" "$password" ${hostname})
curl_url=$(url "$user" "$password" ${hostname})
${pkgs.curl}/bin/curl -4 "$curl_url"
${pkgs.curl}/bin/curl -6 "$curl_url"
'';
}));
${pkgs.curl}/bin/curl -4 "$curl_url"
${pkgs.curl}/bin/curl -6 "$curl_url"
'';
}));
};
in {
options = {
dadada.ddns.domains = mkOption {
type = types.listOf types.str;
description = ''
Enables DDNS for these domains.
Enables DDNS for these domains.
'';
example = ''
[ "example.com" ]

3
nixos/modules/default.nix
View file

@ -1,5 +1,4 @@
{ ... }@inputs:
{
{...} @ inputs: {
admin = import ./admin.nix;
backup = import ./backup.nix;
ddns = import ./ddns.nix;

11
nixos/modules/element.nix
View file

@ -1,8 +1,11 @@
{ config, pkgs, lib, ... }:
let
cfg = config.dadada.element;
in
{
config,
pkgs,
lib,
...
}: let
cfg = config.dadada.element;
in {
options.dadada.element = {
enable = lib.mkEnableOption "Enable element webapp";
};

14
nixos/modules/fido2.nix
View file

@ -1,10 +1,13 @@
{ config, pkgs, lib, ... }:
with lib;
let
{
config,
pkgs,
lib,
...
}:
with lib; let
luks = config.dadada.luks;
fido2 = config.dadada.fido2;
in
{
in {
options = {
dadada.luks = {
uuid = mkOption {
@ -52,5 +55,4 @@ in
cue = true;
};
};
}

12
nixos/modules/fileShare.nix
View file

@ -1,12 +1,14 @@
{ config, lib, ... }:
with lib;
let
{
config,
lib,
...
}:
with lib; let
cfg = config.dadada.fileShare;
sharePath = "/mnt/storage/share";
ipv6 = "fd42:dead:beef::/48";
ipv4 = "192.168.42.0/24";
in
{
in {
options.dadada.fileShare = {
enable = mkEnableOption "Enable file share server";
};

11
nixos/modules/gitea.nix
View file

@ -1,9 +1,12 @@
{ config, pkgs, lib, ... }:
let
{
config,
pkgs,
lib,
...
}: let
redisSocket = "127.0.0.1:6379";
cfg = config.dadada.gitea;
in
{
in {
options.dadada.gitea = {
enable = lib.mkEnableOption "Enable gitea";
};

15
nixos/modules/headphones.nix
View file

@ -1,9 +1,12 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.dadada.headphones;
in
{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.dadada.headphones;
in {
options = {
dadada.headphones = {
enable = mkEnableOption "Enable bluetooth headphones with more audio codecs.";
@ -14,7 +17,7 @@ in
bluetooth.enable = true;
pulseaudio = {
enable = true;
extraModules = [ pkgs.pulseaudio-modules-bt ];
extraModules = [pkgs.pulseaudio-modules-bt];
extraConfig = ''
set-source-volume 1 10000
'';

34
nixos/modules/homepage.nix
View file

@ -1,18 +1,22 @@
{ config, pkgs, lib, ... }:
let
{
config,
pkgs,
lib,
...
}: let
cfg = config.dadada.homePage;
in
with lib; {
options.dadada.homePage = {
enable = mkEnableOption "Enable home page";
};
config = mkIf cfg.enable {
services.nginx.enable = true;
services.nginx.virtualHosts."dadada.li" = {
enableACME = true;
forceSSL = true;
root = "${pkgs.homePage}";
with lib; {
options.dadada.homePage = {
enable = mkEnableOption "Enable home page";
};
};
}
config = mkIf cfg.enable {
services.nginx.enable = true;
services.nginx.virtualHosts."dadada.li" = {
enableACME = true;
forceSSL = true;
root = "${pkgs.homePage}";
};
};
}

49
nixos/modules/kanboard/default.nix
View file

@ -1,6 +1,10 @@
# Source https://github.com/NixOS/nixpkgs/issues/113384
{ config, lib, pkgs, ... }:
let
{
config,
lib,
pkgs,
...
}: let
cfg = config.dadada.kanboard;
in {
options = {
@ -32,27 +36,30 @@ in {
name = "kanboard-configured";
paths = [
(pkgs.runCommand "kanboard-over" {meta.priority = 0;} ''
mkdir -p $out
for f in index.php jsonrpc.php ; do
echo "<?php require('$out/config.php');" > $out/$f
tail -n+2 ${pkgs.kanboard}/share/kanboard/$f \
| sed 's^__DIR__^"${pkgs.kanboard}/share/kanboard"^' >> $out/$f
done
ln -s /var/lib/kanboard $out/data
ln -s ${./kanboard-config.php} $out/config.php
mkdir -p $out
for f in index.php jsonrpc.php ; do
echo "<?php require('$out/config.php');" > $out/$f
tail -n+2 ${pkgs.kanboard}/share/kanboard/$f \
| sed 's^__DIR__^"${pkgs.kanboard}/share/kanboard"^' >> $out/$f
done
ln -s /var/lib/kanboard $out/data
ln -s ${./kanboard-config.php} $out/config.php
'')
{ outPath = "${pkgs.kanboard}/share/kanboard"; meta.priority = 10; }
];
};
locations = {
"/".index = "index.php";
"~ \\.php$" = {
tryFiles = "$uri =404";
extraConfig = ''
fastcgi_pass unix:${config.services.phpfpm.pools.kanboard.socket};
'';
};
{
outPath = "${pkgs.kanboard}/share/kanboard";
meta.priority = 10;
}
];
};
locations = {
"/".index = "index.php";
"~ \\.php$" = {
tryFiles = "$uri =404";
extraConfig = ''
fastcgi_pass unix:${config.services.phpfpm.pools.kanboard.socket};
'';
};
};
};
};
};

58
nixos/modules/networking.nix
View file

@ -1,10 +1,13 @@
{ config, pkgs, lib, ... }:
with lib;
let
{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.dadada.networking;
vpnPubKey = "x/y6I59buVzv9Lfzl+b17mGWbzxU+3Ke9mQNa1DLsDI=";
in
{
in {
options = {
dadada.networking = {
localResolver = {
@ -15,7 +18,7 @@ in
wanInterfaces = mkOption {
type = with types; listOf str;
description = "WAN network interfaces";
default = [ ];
default = [];
};
vpnExtension = mkOption {
type = with types; nullOr str;
@ -83,20 +86,22 @@ in
"149.112.112.112@853#dns.quad9.net"
];
}
(mkIf cfg.localResolver.uwu {
name = "uwu.";
forward-addr = [
"fc00:1337:dead:beef::10.11.0.1"
"10.11.0.1"
];
}
(
mkIf cfg.localResolver.uwu {
name = "uwu.";
forward-addr = [
"fc00:1337:dead:beef::10.11.0.1"
"10.11.0.1"
];
}
)
(mkIf cfg.localResolver.s0 {
name = "s0.";
forward-addr = [
"192.168.178.1"
];
}
(
mkIf cfg.localResolver.s0 {
name = "s0.";
forward-addr = [
"192.168.178.1"
];
}
)
{
name = "dyn.dadada.li.";
@ -110,13 +115,14 @@ in
networking.useDHCP = false;
networking.interfaces = listToAttrs (forEach cfg.wanInterfaces (i: nameValuePair i {
useDHCP = true;
}));
networking.interfaces = listToAttrs (forEach cfg.wanInterfaces (i:
nameValuePair i {
useDHCP = true;
}));
networking.wireguard.interfaces = mkIf (cfg.vpnExtension != null) {
dadada = {
ips = [ "fd42:9c3b:f96d:201::${cfg.vpnExtension}/64" ];
ips = ["fd42:9c3b:f96d:201::${cfg.vpnExtension}/64"];
listenPort = 51234;
privateKeyFile = "/var/lib/wireguard/privkey";
@ -124,7 +130,7 @@ in
peers = [
{
publicKey = vpnPubKey;
allowedIPs = [ "fd42:9c3b:f96d::/48" ];
allowedIPs = ["fd42:9c3b:f96d::/48"];
endpoint = "vpn.dadada.li:51234";
persistentKeepalive = 25;
}
@ -134,8 +140,8 @@ in
# https://lists.zx2c4.com/pipermail/wireguard/2017-November/002028.html
systemd.timers.wg-reresolve-dns = mkIf (cfg.vpnExtension != null) {
wantedBy = [ "timers.target" ];
partOf = [ "wg-reresolve-dns.service" ];
wantedBy = ["timers.target"];
partOf = ["wg-reresolve-dns.service"];
timerConfig.OnCalendar = "hourly";
};
systemd.services.wg-reresolve-dns = mkIf (cfg.vpnExtension != null) {

15
nixos/modules/nix.nix
View file

@ -1,9 +1,14 @@
{ self
, home-manager
, nixpkgs
, ...
{
self,
home-manager,
nixpkgs,
...
}: {
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
# Global settings for nix daemon
{
nix.nixPath = [

10
nixos/modules/profiles/laptop.nix
View file

@ -1,6 +1,10 @@
{ config, pkgs, lib, ... }:
with lib;
{
config,
pkgs,
lib,
...
}:
with lib; {
networking.domain = mkDefault "dadada.li";
services.fwupd.enable = mkDefault true;
@ -25,7 +29,7 @@ with lib;
vteIntegration = true;
syntaxHighlighting = {
enable = true;
highlighters = [ "main" "brackets" "pattern" "root" "line" ];
highlighters = ["main" "brackets" "pattern" "root" "line"];
};
};

8
nixos/modules/profiles/server.nix
View file

@ -1,6 +1,10 @@
{ config, pkgs, lib, ... }:
with lib;
{
config,
pkgs,
lib,
...
}:
with lib; {
networking.domain = mkDefault "dadada.li";
networking.tempAddresses = "disabled";

14
nixos/modules/share.nix
View file

@ -1,10 +1,12 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.dadada.share;
in
{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.dadada.share;
in {
options.dadada.share = {
enable = mkEnableOption "Enable file share";
};

15
nixos/modules/steam.nix
View file

@ -1,9 +1,12 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.dadada.steam;
in
{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.dadada.steam;
in {
options = {
dadada.steam = {
enable = mkEnableOption "Enable Steam config";
@ -15,7 +18,7 @@ in
hardware.opengl = {
enable = true;
driSupport32Bit = true;
extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
extraPackages32 = with pkgs.pkgsi686Linux; [libva];
};
hardware.pulseaudio.support32Bit = true;

14
nixos/modules/update.nix
View file

@ -1,10 +1,12 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.dadada.autoUpgrade;
in
{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.dadada.autoUpgrade;
in {
options.dadada.autoUpgrade = {
enable = mkEnableOption "Enable automatic upgrades";
};

32
nixos/modules/vpnServer.nix
View file

@ -1,9 +1,12 @@
{ config, pkgs, lib, ... }:
with lib;
let
{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.dadada.vpnServer;
wgPeer = { name, ... }: {
wgPeer = {name, ...}: {
options = {
name = mkOption {
internal = true;
@ -21,14 +24,13 @@ let
};
};
};
in
{
in {
options.dadada.vpnServer = {
enable = mkEnableOption "Enable wireguard gateway";
peers = mkOption {
description = "Set of extensions and public keys of peers";
type = with types; attrsOf (submodule wgPeer);
default = { };
default = {};
};
};
config = mkIf cfg.enable {
@ -37,14 +39,14 @@ in
interfaces."wg0" = {
allowedIPsAsRoutes = true;
privateKeyFile = "/var/lib/wireguard/wg0-key";
ips = [ "fd42:9c3b:f96d:0201::0/64" ];
ips = ["fd42:9c3b:f96d:0201::0/64"];
listenPort = 51234;
peers = map
(peer: (
{
allowedIPs = [ "fd42:9c3b:f96d:0201::${peer.id}/128" ];
publicKey = peer.key;
}))
peers =
map
(peer: {
allowedIPs = ["fd42:9c3b:f96d:0201::${peer.id}/128"];
publicKey = peer.key;
})
(attrValues cfg.peers);
postSetup = ''
wg set wg0 fwmark 51234

14
nixos/modules/weechat.nix
View file

@ -1,10 +1,12 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.dadada.weechat;
in
{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.dadada.weechat;
in {
options.dadada.weechat = {
enable = mkEnableOption "Enable weechat relay";
};

8
nixos/modules/zsh.nix
View file

@ -1,5 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
programs.zsh = {
enable = true;
autosuggestions.enable = true;
@ -8,7 +12,7 @@
vteIntegration = true;
syntaxHighlighting = {
enable = true;
highlighters = [ "main" "brackets" "pattern" "root" "line" ];
highlighters = ["main" "brackets" "pattern" "root" "line"];
};
};
}