From e1c562191b907e85278c34fc2379ca27e8a4daee Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 25 Dec 2020 17:38:07 +0100 Subject: [PATCH] Move vim packages to pkgs Add system config Split up modules into home and system sets Update Cleanup Move home config Add module attrs Fix empty LUKS device UUID Import local secrets --- .gitignore | 2 +- default.nix | 12 ++ hosts/gorgon/default.nix | 123 ++++++++++++++ hosts/gorgon/home/default.nix | 42 +++++ .../profiles => hosts/gorgon}/home/pkgs.nix | 4 +- hosts/ifrit/default.nix | 150 ++++++++++++++++++ lib/colors.nix | 29 ---- lib/default.nix | 5 + modules/admin.nix | 56 +++++++ modules/backup.nix | 82 ++++++++++ modules/default.nix | 11 ++ modules/fido2.nix | 56 +++++++ modules/fileShare.nix | 50 ++++++ modules/home/colors.nix | 40 +++++ modules/home/default.nix | 20 +++ modules/{dadada => home}/direnv.nix | 4 +- modules/{dadada => home}/fish.nix | 4 +- modules/{dadada => home}/git.nix | 4 +- modules/{dadada => home}/gpg.nix | 4 +- modules/{dadada => home}/gtk.nix | 4 +- modules/{dadada => home}/keyring.nix | 4 +- modules/{dadada => home}/kitty/config | 0 modules/{dadada => home}/kitty/default.nix | 4 +- modules/{dadada => home}/mako.nix | 4 +- modules/home/module-list.nix | 20 +++ modules/{dadada => home}/session.nix | 4 +- modules/{dadada => home}/ssh.nix | 4 +- modules/{dadada => home}/sway/config | 0 modules/{dadada => home}/sway/default.nix | 4 +- modules/{dadada => home}/syncthing.nix | 4 +- modules/{dadada => home}/termite.nix | 4 +- modules/{dadada => home}/tmux.nix | 4 +- modules/{dadada => home}/vim/default.nix | 27 +--- modules/{dadada => home}/vim/vimrc | 0 modules/{dadada => home}/xdg.nix | 4 +- modules/{dadada => home}/zsh.nix | 4 +- modules/module-list.nix | 26 ++- modules/networking.nix | 86 ++++++++++ modules/profiles/base/default.nix | 39 +++++ modules/profiles/home/default.nix | 54 ------- modules/profiles/work.nix | 45 ------ modules/steam.nix | 20 +++ modules/update.nix | 30 ++++ modules/vpnServer.nix | 47 ++++++ modules/weechat.nix | 58 +++++++ overlay.nix | 11 ++ overlays/default.nix | 3 + .../{texlive-tubslatex.nix => tubslatex.nix} | 4 +- pkgs/keys/default.nix | 20 +++ pkgs/keys/keys/dadada.pub | 1 + pkgs/{tubslatex.nix => tubslatex/default.nix} | 0 pkgs/vimPlugins/default.nix | 20 +++ .../vimPlugins/filetype}/ftplugin/cpp.vim | 0 .../vimPlugins/filetype}/ftplugin/css.vim | 0 .../vimPlugins/filetype}/ftplugin/fish.vim | 0 .../vimPlugins/filetype}/ftplugin/foo.kt | 0 .../vimPlugins/filetype}/ftplugin/html.vim | 0 .../filetype}/ftplugin/javascript.vim | 0 .../vimPlugins/filetype}/ftplugin/kotlin.vim | 0 .../vimPlugins/filetype}/ftplugin/ledger.vim | 0 .../vimPlugins/filetype}/ftplugin/markdown.md | 0 .../vimPlugins/filetype}/ftplugin/nix.vim | 0 .../vimPlugins/filetype}/ftplugin/python.vim | 0 .../vimPlugins/filetype}/ftplugin/rust.vim | 0 .../vimPlugins/filetype}/ftplugin/scss.vim | 0 .../filetype}/ftplugin/typescript.vim | 0 .../vimPlugins/filetype}/ftplugin/yaml.vim | 0 67 files changed, 1055 insertions(+), 202 deletions(-) create mode 100644 default.nix create mode 100644 hosts/gorgon/default.nix create mode 100644 hosts/gorgon/home/default.nix rename {modules/profiles => hosts/gorgon}/home/pkgs.nix (97%) create mode 100644 hosts/ifrit/default.nix delete mode 100644 lib/colors.nix create mode 100644 lib/default.nix create mode 100644 modules/admin.nix create mode 100644 modules/backup.nix create mode 100644 modules/default.nix create mode 100644 modules/fido2.nix create mode 100644 modules/fileShare.nix create mode 100644 modules/home/colors.nix create mode 100644 modules/home/default.nix rename modules/{dadada => home}/direnv.nix (79%) rename modules/{dadada => home}/fish.nix (96%) rename modules/{dadada => home}/git.nix (72%) rename modules/{dadada => home}/gpg.nix (91%) rename modules/{dadada => home}/gtk.nix (88%) rename modules/{dadada => home}/keyring.nix (77%) rename modules/{dadada => home}/kitty/config (100%) rename modules/{dadada => home}/kitty/default.nix (83%) rename modules/{dadada => home}/mako.nix (91%) create mode 100644 modules/home/module-list.nix rename modules/{dadada => home}/session.nix (86%) rename modules/{dadada => home}/ssh.nix (74%) rename modules/{dadada => home}/sway/config (100%) rename modules/{dadada => home}/sway/default.nix (93%) rename modules/{dadada => home}/syncthing.nix (74%) rename modules/{dadada => home}/termite.nix (96%) rename modules/{dadada => home}/tmux.nix (86%) rename modules/{dadada => home}/vim/default.nix (55%) rename modules/{dadada => home}/vim/vimrc (100%) rename modules/{dadada => home}/xdg.nix (95%) rename modules/{dadada => home}/zsh.nix (95%) create mode 100644 modules/networking.nix create mode 100644 modules/profiles/base/default.nix delete mode 100644 modules/profiles/home/default.nix delete mode 100644 modules/profiles/work.nix create mode 100644 modules/steam.nix create mode 100644 modules/update.nix create mode 100644 modules/vpnServer.nix create mode 100644 modules/weechat.nix create mode 100644 overlay.nix create mode 100644 overlays/default.nix rename overlays/{texlive-tubslatex.nix => tubslatex.nix} (86%) create mode 100644 pkgs/keys/default.nix create mode 100644 pkgs/keys/keys/dadada.pub rename pkgs/{tubslatex.nix => tubslatex/default.nix} (100%) create mode 100644 pkgs/vimPlugins/default.nix rename {modules/dadada/vim/plugins/myFtplugins => pkgs/vimPlugins/filetype}/ftplugin/cpp.vim (100%) rename {modules/dadada/vim/plugins/myFtplugins => pkgs/vimPlugins/filetype}/ftplugin/css.vim (100%) rename {modules/dadada/vim/plugins/myFtplugins => pkgs/vimPlugins/filetype}/ftplugin/fish.vim (100%) rename {modules/dadada/vim/plugins/myFtplugins => pkgs/vimPlugins/filetype}/ftplugin/foo.kt (100%) rename {modules/dadada/vim/plugins/myFtplugins => pkgs/vimPlugins/filetype}/ftplugin/html.vim (100%) rename {modules/dadada/vim/plugins/myFtplugins => pkgs/vimPlugins/filetype}/ftplugin/javascript.vim (100%) rename {modules/dadada/vim/plugins/myFtplugins => pkgs/vimPlugins/filetype}/ftplugin/kotlin.vim (100%) rename {modules/dadada/vim/plugins/myFtplugins => pkgs/vimPlugins/filetype}/ftplugin/ledger.vim (100%) rename {modules/dadada/vim/plugins/myFtplugins => pkgs/vimPlugins/filetype}/ftplugin/markdown.md (100%) rename {modules/dadada/vim/plugins/myFtplugins => pkgs/vimPlugins/filetype}/ftplugin/nix.vim (100%) rename {modules/dadada/vim/plugins/myFtplugins => pkgs/vimPlugins/filetype}/ftplugin/python.vim (100%) rename {modules/dadada/vim/plugins/myFtplugins => pkgs/vimPlugins/filetype}/ftplugin/rust.vim (100%) rename {modules/dadada/vim/plugins/myFtplugins => pkgs/vimPlugins/filetype}/ftplugin/scss.vim (100%) rename {modules/dadada/vim/plugins/myFtplugins => pkgs/vimPlugins/filetype}/ftplugin/typescript.vim (100%) rename {modules/dadada/vim/plugins/myFtplugins => pkgs/vimPlugins/filetype}/ftplugin/yaml.vim (100%) diff --git a/.gitignore b/.gitignore index 835bd63..0700954 100644 --- a/.gitignore +++ b/.gitignore @@ -2,5 +2,5 @@ private/ home.nix *.swp result -pkgs/tubslatex_1.3.2.tds.zip +*.zip work.nix diff --git a/default.nix b/default.nix new file mode 100644 index 0000000..9f9db2c --- /dev/null +++ b/default.nix @@ -0,0 +1,12 @@ +{ pkgs ? import }: + +with pkgs; +{ + lib = import ./lib { inherit pkgs; }; + modules = import ./modules; + hmModules = import ./modules/home; + overlays = import ./overlays; + + tubslatex = callPackage ./pkgs/tubslatex {}; + keys = callPackage ./pkgs/keys {}; +} diff --git a/hosts/gorgon/default.nix b/hosts/gorgon/default.nix new file mode 100644 index 0000000..14ad060 --- /dev/null +++ b/hosts/gorgon/default.nix @@ -0,0 +1,123 @@ +{ config, pkgs, lib, ... }: +let + this = import ../.. {}; +in +{ + imports = (lib.attrValues this.modules) ++ [ + ../../modules/profiles/base + + ]; + + boot.kernelModules = [ "kvm-amd" ]; + + virtualisation = { + libvirtd.enable = true; + docker.enable = false; + }; + + networking.hostName = "gorgon"; + + dadada = { + steam.enable = true; + fido2 = { + credential = "04ea2813a116f634e90f9728dbbb45f1c0f93b7811941a5a14fb75e711794df0c26552dae2262619c1da2be7562ec9dd94888c71a9326fea70dfe16214b5ea8ec01473070000"; + enablePam = true; + }; + luks.uuid = "3d0e5b93-90ca-412a-b4e0-3e6bfa47d3f4"; + networking = { + wanInterfaces = [ "enp2s0f0" "wlp3s0" ]; + enableBsShare = true; + vpnExtension = "3"; + }; + }; + + boot.kernel.sysctl = { + "vm.swappiness" = 90; + }; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + programs.adb.enable = true; + + services.fstrim.enable = true; + + # Enable CUPS to print documents. + services.printing = { + enable = true; + browsing = true; + drivers = with pkgs; [ + hplip + brlaser + brgenml1lpr + brgenml1cupswrapper + ]; + }; + + hardware = { + bluetooth.enable = true; + pulseaudio = { + enable = true; + extraModules = [ pkgs.pulseaudio-modules-bt ]; + extraConfig = '' + set-source-volume 1 10000 + ''; + package = pkgs.pulseaudioFull; + }; + }; + + services.avahi.enable = true; + + networking.firewall = { + enable = true; + allowedTCPPorts = [ + 22000 # Syncthing + ]; + allowedUDPPorts = [ + 21027 # Syncthing + ]; + }; + + services.xserver.enable = true; + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome3.enable = true; + + xdg.mime.enable = true; + + users.users = { + dadada = { + isNormalUser = true; + extraGroups = [ "wheel" "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" ]; + shell = "/run/current-system/sw/bin/zsh"; + initialHashedPassword = "nopass"; + }; + + "tim.schubert" = { + isNormalUser = true; + extraGroups = [ "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" ]; + shell = "/run/current-system/sw/bin/zsh"; + initialHashedPassword = "nopass"; + }; + }; + + networking.hosts = { + "fd42:dead:beef:0:5054:ff:fefb:7361" = [ + "media.dadada.li" + "ifrit.dadada.li" + "weechat.dadada.li" + "webchat.dadada.li" + ]; + "192.168.42.103" = [ + "media.dadada.li" + "ifrit.dadada.li" + "weechat.dadada.li" + "webchat.dadada.li" + ]; + "fd42:dead:beef::5054:ff:fe8b:58df" = [ "iot.dadada.li" ]; + "fd42:dead:beef::20d:b9ff:fe4c:c9ac" = [ "agares.dadada.li" ]; + "192.168.42.15" = [ "agares.dadada.li" "agares" ]; + "192.168.42.11" = [ "wohnzimmerpi.dadada.li" "wohnzimmerpi" ]; + "10.1.2.9" = [ "fgprinter.fginfo.tu-bs.de" ]; + }; +} diff --git a/hosts/gorgon/home/default.nix b/hosts/gorgon/home/default.nix new file mode 100644 index 0000000..58b732f --- /dev/null +++ b/hosts/gorgon/home/default.nix @@ -0,0 +1,42 @@ +{ config, pkgs, lib, ... }: +let + this = import ../../.. {}; +in +{ + nixpkgs.overlays = [ + this.overlays.tubslatex + ]; + + imports = lib.attrValues this.hmModules; + + dadada.home = { + vim.enable = true; + direnv.enable = true; + git.enable = true; + gpg.enable = true; + gtk.enable = true; + keyring.enable = true; + kitty.enable = true; + ssh.enable = true; + syncthing.enable = true; + xdg.enable = true; + zsh.enable = true; + + session = { + enable = true; + sessionVars = { + EDITOR = "vim"; + PAGER = "less"; + MAILDIR = "\$HOME/.var/mail"; + MBLAZE = "\$HOME/.config/mblaze"; + NOTMUCH_CONFIG = "\$HOME/.config/notmuch/config"; + MOZ_ENABLE_WAYLAND= "1"; + }; + }; + }; + + # Let Home Manager install and manage itself. + programs.home-manager.enable = true; + + home.packages = import ./pkgs.nix { pkgs = pkgs; }; +} diff --git a/modules/profiles/home/pkgs.nix b/hosts/gorgon/home/pkgs.nix similarity index 97% rename from modules/profiles/home/pkgs.nix rename to hosts/gorgon/home/pkgs.nix index c2aa282..953364c 100644 --- a/modules/profiles/home/pkgs.nix +++ b/hosts/gorgon/home/pkgs.nix @@ -35,10 +35,12 @@ with pkgs; [ imagemagick inkscape inotify-tools + irssi jameica jq kcachegrind keepassxc + #keys kitty ldns libreoffice @@ -71,7 +73,7 @@ with pkgs; [ steam tcpdump tdesktop - texlive-tubslatex + tubslatex thunderbird-bin unzip usbutils diff --git a/hosts/ifrit/default.nix b/hosts/ifrit/default.nix new file mode 100644 index 0000000..8b57580 --- /dev/null +++ b/hosts/ifrit/default.nix @@ -0,0 +1,150 @@ +{ config, pkgs, lib, ... }: +let + hostAliases = [ + "ifrit.dadada.li" + "vpn.dadada.li" + "media.dadada.li" + "media.local" + ]; + backups = "/mnt/storage/backup"; + this = import ../.. {}; + keys = ../../pkgs/keys/keys; +in { + imports = (lib.attrValues this.modules) ++ [ + ../../modules/profiles/base + + ]; + + dadada = { + admin.enable = true; + fileShare.enable = true; + admin.users = { + "dadada" = [ "${keys}/dadada.pub" ]; + }; + + vpnServer.enable = true; + vpnServer.peers = { + "metis" = { + id = "1"; + key = "u+HCYDbK0zwbIEfGf+LVQErlJ0vchf5ZYj0N93NB5ns="; + }; + "morax" = { + id = "2"; + key = "Lq5QLGoI3r3BXEJ72dWH9UTmY/8uaYRPLQB5WWHqJUE="; + }; + "gorgon" = { + id = "3"; + key = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU="; + }; + }; + + weechat.enable = true; + }; + + services.borgbackup.repos = { + "metis" = { + allowSubRepos = false; + authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis" ]; + authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; + path = "${backups}/metis"; + quota = "1T"; + }; + "gorgon" = { + allowSubRepos = false; + authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon" ]; + authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; + path = "${backups}/gorgon"; + quota = "1T"; + }; + "wohnzimmerpi" = { + allowSubRepos = false; + authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi" ]; + authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; + path = "${backups}/wohnzimmerpi"; + quota = "50G"; + }; + }; + + networking.hostName = "ifrit"; + networking.domain = "dadada.li"; + + networking.hosts = { + "127.0.0.1" = hostAliases; + "::1" = hostAliases; + }; + + networking.nameservers = [ + "1.1.1.1" + "1.0.0.1" + ]; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; + + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; + + networking.useDHCP = false; + networking.interfaces.ens3.useDHCP = true; + + fileSystems."/mnt/storage" = { + device = "/dev/disk/by-uuid/a34e36fc-d7dd-4ceb-93c4-48f9c2727cb7"; + mountPoint = "/mnt/storage"; + neededForBoot = false; + options = [ "nofail" ]; + }; + + networking.firewall = { + enable = true; + allowPing = true; + allowedTCPPorts = [ + 22 # SSH + 80 443 # HTTP(S) + 111 2049 # NFS + 137 138 139 445 # SMB + ]; + allowedUDPPorts = [ + 137 138 139 445 # SMB + 111 2049 # NFS + 51234 # Wireguard + ]; + }; + + security.acme = { + email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li"; + acceptTerms = true; + certs."webchat.dadada.li" = { + credentialsFile = "/var/lib/lego/acme-joker.env"; + dnsProvider = "joker"; + postRun = "systemctl reload nginx.service"; + }; + certs."weechat.dadada.li" = { + credentialsFile = "/var/lib/lego/acme-joker.env"; + dnsProvider = "joker"; + postRun = "systemctl reload nginx.service"; + }; + }; + + users.users."mist" = { + isNormalUser = true; + }; + + services.ddclient = { + enable = true; + configFile = /var/lib/dyndns/config; + }; + + services.avahi = { + enable = true; + publish = { + enable = true; + addresses = true; + workstation = true; + }; + }; +} diff --git a/lib/colors.nix b/lib/colors.nix deleted file mode 100644 index 5d264cf..0000000 --- a/lib/colors.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - foreground = "#a3a3a3"; - foregroundBold = "#e8e8e8"; - cursor = "#e8e8e8"; - cursorForeground = "#1f2022"; - background = "#292b2e"; - color0 = "#1f2022"; - color8 = "#585858"; - color7 = "#a3a3a3"; - color15 = "#f8f8f8"; - color1 = "#f2241f"; - color9 = "#f2241f"; - color2 = "#67b11d"; - color10 = "#67b11d"; - color3 = "#b1951d"; - color11 = "#b1951d"; - color4 = "#4f97d7"; - color12 = "#4f97d7"; - color5 = "#a31db1"; - color13 = "#a31db1"; - color6 = "#2d9574"; - color14 = "#2d9574"; - color16 = "#ffa500"; - color17 = "#b03060"; - color18 = "#282828"; - color19 = "#444155"; - color20 = "#b8b8b8"; - color21 = "#e8e8e8"; -} diff --git a/lib/default.nix b/lib/default.nix new file mode 100644 index 0000000..878d2c0 --- /dev/null +++ b/lib/default.nix @@ -0,0 +1,5 @@ +{ pkgs }: + +with pkgs.lib; { + # TODO +} diff --git a/modules/admin.nix b/modules/admin.nix new file mode 100644 index 0000000..70abc77 --- /dev/null +++ b/modules/admin.nix @@ -0,0 +1,56 @@ +{ config, pkgs, lib, ... }: + +with lib; +let + cfg = config.dadada.admin; +in { + options.dadada.admin = { + enable = mkEnableOption "Enable admin access"; + + users = mkOption { + type = with types; attrsOf (listOf path); + default = []; + description = '' + List of admin users with root access to all the machine. + ''; + example = literalExample "\"user1\" = [ /path/to/key1 /path/to/key2 ]"; + }; + + rat = mkOption { + type = types.bool; + default = false; + description = '' + Enable NAT and firewall traversal for SSH via tor hidden service + ''; + }; + }; + + config = mkIf cfg.enable { + services.sshd.enable = true; + services.openssh.passwordAuthentication = false; + security.sudo.wheelNeedsPassword = false; + + users.mutableUsers = false; + + users.users = mapAttrs (user: keys: ( + { + extraGroups = [ "wheel" ]; + isNormalUser = true; + openssh.authorizedKeys.keyFiles = keys; + })) cfg.users; + + networking.firewall.allowedTCPPorts = [ 22 ]; + + environment.systemPackages = with pkgs; [ + vim + ]; + + services.tor.hiddenServices = { + "rat" = mkIf cfg.rat.enable { + name = "rat"; + map = [ { port = 22; } ]; + }; + }; + }; +} + diff --git a/modules/backup.nix b/modules/backup.nix new file mode 100644 index 0000000..aa7ad70 --- /dev/null +++ b/modules/backup.nix @@ -0,0 +1,82 @@ +{ config, pkgs, lib, ...}: +with lib; +let + backupExcludes = [ + "/backup" + "/dev" + "/efi" + "/home/*/.cache" + "/home/*/.config/Riot/Cache" + "/home/iserv" + "/lost+found" + "/mnt" + "/nix" + "/proc" + "/run" + "/sys" + "/tmp" + "/var/cache" + "/var/log" + "/var/tmp" + ]; + cfg = config.dadada.backupClient; +in { + options.dadada.backupClient = { + enable = mkEnableOption "Enable backup client"; + gs = mkEnableOption "Enable backup to GS location"; + bs = mkEnableOption "Enable backup to BS location"; + }; + + config = mkIf cfg.enable { + + fileSystems = mkIf cfg.gs { + "/backup" = { + device = "/dev/disk/by-uuid/0fdab735-cc3e-493a-b4ec-cbf6a77d48d5"; + fsType = "ext4"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + }; + + services.borgbackup.jobs.gs = mkIf cfg.gs { + paths = "/"; + exclude = backupExcludes; + repo = "/backup/${config.networking.hostName}"; + doInit = false; + encryption = { + mode = "repokey"; + passCommand = "cat /var/lib/borgbackup/gs/passphrase"; + }; + compression = "auto,lz4"; + prune.keep = { + within = "1d"; # Keep all archives from the last day + daily = 7; + weekly = 2; + monthly = -1; # Keep at least one archive for each month + yearly = -1; # Keep at least one archive for each year + }; + startAt = "monthly"; + }; + + networking.hosts = mkIf cfg.bs { + "fd42:dead:beef:0:5054:ff:fefb:7361" = [ + "media.dadada.li" + ]; + }; + + services.borgbackup.jobs.bs = mkIf cfg.bs{ + paths = "/"; + exclude = backupExcludes; + repo = "borg@media.dadada.li:/mnt/storage/backup/${config.networking.hostName}"; + doInit = true; + environment = { + BORG_RSH = "ssh -i /var/lib/borgbackup/bs/id_ed25519 -o 'StrictHostKeyChecking accept-new'"; + }; + encryption = { + mode = "repokey"; + passCommand = "cat /var/lib/borgbackup/bs/passphrase"; + }; + compression = "auto,lz4"; + startAt = "daily"; + }; + }; +} diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..c233b0e --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,11 @@ +{ + admin = ./admin.nix; + backup = ./backup.nix; + fido2 = ./fido2.nix; + fileShare = ./fileShare.nix; + networking = ./networking.nix; + steam = ./steam.nix; + update = ./update.nix; + vpnServer = ./vpnServer.nix; + weechat = ./weechat.nix; +} diff --git a/modules/fido2.nix b/modules/fido2.nix new file mode 100644 index 0000000..3948bdb --- /dev/null +++ b/modules/fido2.nix @@ -0,0 +1,56 @@ +{ config, pkgs, lib, ... }: +with lib; +let + luks = config.dadada.luks; + fido2 = config.dadada.fido2; +in { + + options = { + dadada.luks = { + uuid = mkOption { + type = with types; nullOr str; + description = "Device UUID"; + default = null; + }; + }; + + dadada.fido2 = { + enablePam = mkEnableOption "Enable PAM U2F"; + credential = mkOption { + type = with types; nullOr str; + description = "FIDO2 credential string"; + default = null; + }; + }; + }; + + config = { + boot.initrd.luks.devices = mkIf (luks.uuid != null) { + root = { + device = "/dev/disk/by-uuid/${luks.uuid}"; + preLVM = true; + allowDiscards = true; + fido2 = mkIf (fido2.credential != null) { + credential = fido2.credential; + passwordLess = true; + }; + }; + }; + + boot.initrd.luks.fido2Support = mkIf (fido2.credential != null) true; + + environment.systemPackages = mkIf (fido2.credential != null) (with pkgs; [ + linuxPackages.acpi_call + fido2luks + python27Packages.dbus-python + python38Packages.solo-python + ]); + + security.pam.u2f = mkIf fido2.enablePam { + enable = true; + control = "sufficient"; + cue = true; + }; + }; + +} diff --git a/modules/fileShare.nix b/modules/fileShare.nix new file mode 100644 index 0000000..0abb065 --- /dev/null +++ b/modules/fileShare.nix @@ -0,0 +1,50 @@ +{ config, lib, ... }: +with lib; +let + cfg = config.dadada.fileShare; + sharePath = "/mnt/storage/share"; + ipv6 = "fd42:dead:beef::/48"; + ipv4 = "192.168.42.0/24"; + allow = "192.168.42.0 fd42:dead:beef::"; +in { + options.dadada.fileShare = { + enable = mkEnableOption "Enable file share server"; + }; + config = mkIf cfg.enable { + services.samba = { + enable = true; + securityType = "user"; + extraConfig = '' + workgroup = WORKGROUP + server string = media + netbios name = media + security = user + #use sendfile = yes + #max protocol = smb2 + hosts allow = ${allow} localhost + hosts deny = 0.0.0.0/0 + guest account = nobody + map to guest = bad user + ''; + shares = { + public = { + path = sharePath; + browseable = "yes"; + "read only" = "no"; + "guest ok" = "yes"; + "create mask" = "0644"; + "directory mask" = "0755"; + "force user" = "username"; + "force group" = "groupname"; + }; + }; + }; + services.nfs = { + server.enable = true; + server.exports = '' + ${sharePath} ${ipv6}(rw,all_squash,insecure,subtree_check) ${ipv4}(rw,all_squash,insecure,subtree_check) # map to user/group - in this case nobody + ''; + }; + }; +} + diff --git a/modules/home/colors.nix b/modules/home/colors.nix new file mode 100644 index 0000000..89af392 --- /dev/null +++ b/modules/home/colors.nix @@ -0,0 +1,40 @@ +{ config, lib, ... }: +with lib; +{ + options.dadada.home.colors = mkOption { + type = types.attrs; + description = "Color scheme"; + }; + + config = { + dadada.home.colors = { + foreground = "#a3a3a3"; + foregroundBold = "#e8e8e8"; + cursor = "#e8e8e8"; + cursorForeground = "#1f2022"; + background = "#292b2e"; + color0 = "#1f2022"; + color8 = "#585858"; + color7 = "#a3a3a3"; + color15 = "#f8f8f8"; + color1 = "#f2241f"; + color9 = "#f2241f"; + color2 = "#67b11d"; + color10 = "#67b11d"; + color3 = "#b1951d"; + color11 = "#b1951d"; + color4 = "#4f97d7"; + color12 = "#4f97d7"; + color5 = "#a31db1"; + color13 = "#a31db1"; + color6 = "#2d9574"; + color14 = "#2d9574"; + color16 = "#ffa500"; + color17 = "#b03060"; + color18 = "#282828"; + color19 = "#444155"; + color20 = "#b8b8b8"; + color21 = "#e8e8e8"; + }; + }; +} diff --git a/modules/home/default.nix b/modules/home/default.nix new file mode 100644 index 0000000..cb610f8 --- /dev/null +++ b/modules/home/default.nix @@ -0,0 +1,20 @@ +{ + colors = ./colors.nix; + direnv = ./direnv.nix; + fish = ./fish.nix; + git = ./git.nix; + gpg = ./gpg.nix; + gtk = ./gtk.nix; + keyring = ./keyring.nix; + kitty = ./kitty; + mako = ./mako.nix; + session = ./session.nix; + ssh = ./ssh.nix; + sway = ./sway; + syncthing = ./syncthing.nix; + termite = ./termite.nix; + tmux = ./tmux.nix; + vim = ./vim; + xdg = ./xdg.nix; + zsh = ./zsh.nix; +} diff --git a/modules/dadada/direnv.nix b/modules/home/direnv.nix similarity index 79% rename from modules/dadada/direnv.nix rename to modules/home/direnv.nix index e111d29..12abf88 100644 --- a/modules/dadada/direnv.nix +++ b/modules/home/direnv.nix @@ -1,10 +1,10 @@ { config, pkgs, lib, ... }: with lib; let - cfg = config.dadada.direnv; + cfg = config.dadada.home.direnv; in { - options.dadada.direnv = { + options.dadada.home.direnv = { enable = mkEnableOption "Enable direnv config"; }; config = mkIf cfg.enable { diff --git a/modules/dadada/fish.nix b/modules/home/fish.nix similarity index 96% rename from modules/dadada/fish.nix rename to modules/home/fish.nix index 22d608b..e22b779 100644 --- a/modules/dadada/fish.nix +++ b/modules/home/fish.nix @@ -1,9 +1,9 @@ { config, pkgs, lib, ... }: with lib; let - cfg = config.dadada.fish; + cfg = config.dadada.home.fish; in { - options.dadada.fish = { + options.dadada.home.fish = { enable = mkEnableOption "Enable fish config"; }; diff --git a/modules/dadada/git.nix b/modules/home/git.nix similarity index 72% rename from modules/dadada/git.nix rename to modules/home/git.nix index 9c141ac..43047eb 100644 --- a/modules/dadada/git.nix +++ b/modules/home/git.nix @@ -1,10 +1,10 @@ { config, lib, ... }: with lib; let - cfg = config.dadada.git; + cfg = config.dadada.home.git; in { - options.dadada.git = { + options.dadada.home.git = { enable = mkEnableOption "Enable git config"; }; config = mkIf cfg.enable { diff --git a/modules/dadada/gpg.nix b/modules/home/gpg.nix similarity index 91% rename from modules/dadada/gpg.nix rename to modules/home/gpg.nix index 4e526be..2129255 100644 --- a/modules/dadada/gpg.nix +++ b/modules/home/gpg.nix @@ -1,9 +1,9 @@ { config, lib, ... }: with lib; let - cfg = config.dadada.gpg; + cfg = config.dadada.home.gpg; in { - options.dadada.gpg = { + options.dadada.home.gpg = { enable = mkEnableOption "Enable GnuPG config"; }; config = mkIf cfg.enable { diff --git a/modules/dadada/gtk.nix b/modules/home/gtk.nix similarity index 88% rename from modules/dadada/gtk.nix rename to modules/home/gtk.nix index 4ab58f4..8c47571 100644 --- a/modules/dadada/gtk.nix +++ b/modules/home/gtk.nix @@ -1,10 +1,10 @@ { config, lib, pkgs, ... }: with lib; let - cfg = config.dadada.gtk; + cfg = config.dadada.home.gtk; in { - options.dadada.gtk = { + options.dadada.home.gtk = { enable = mkEnableOption "Enable GTK config"; }; config = mkIf cfg.enable { diff --git a/modules/dadada/keyring.nix b/modules/home/keyring.nix similarity index 77% rename from modules/dadada/keyring.nix rename to modules/home/keyring.nix index 1793b9d..098ee0e 100644 --- a/modules/dadada/keyring.nix +++ b/modules/home/keyring.nix @@ -1,9 +1,9 @@ { config, lib, ... }: with lib; let - cfg = config.dadada.keyring; + cfg = config.dadada.home.keyring; in { - options.dadada.keyring = { + options.dadada.home.keyring = { enable = mkEnableOption "Enable keyring config"; }; config = mkIf cfg.enable { diff --git a/modules/dadada/kitty/config b/modules/home/kitty/config similarity index 100% rename from modules/dadada/kitty/config rename to modules/home/kitty/config diff --git a/modules/dadada/kitty/default.nix b/modules/home/kitty/default.nix similarity index 83% rename from modules/dadada/kitty/default.nix rename to modules/home/kitty/default.nix index 55dc653..e700baa 100644 --- a/modules/dadada/kitty/default.nix +++ b/modules/home/kitty/default.nix @@ -1,9 +1,9 @@ { pkgs, lib, config, ... }: with lib; let - cfg = config.dadada.kitty; + cfg = config.dadada.home.kitty; in { - options.dadada.kitty = { + options.dadada.home.kitty = { enable = mkEnableOption "Enable kitty config"; }; config = mkIf cfg.enable { diff --git a/modules/dadada/mako.nix b/modules/home/mako.nix similarity index 91% rename from modules/dadada/mako.nix rename to modules/home/mako.nix index 88acc2f..02ba643 100644 --- a/modules/dadada/mako.nix +++ b/modules/home/mako.nix @@ -1,9 +1,9 @@ { config, lib, pkgs, colors, ...}: with lib; let - cfg = config.dadada.mako; + cfg = config.dadada.home.mako; in { - options.dadada.mako = { + options.dadada.home.mako = { enable = mkEnableOption "Enable mako config"; }; config = mkIf cfg.enable { diff --git a/modules/home/module-list.nix b/modules/home/module-list.nix new file mode 100644 index 0000000..bffa457 --- /dev/null +++ b/modules/home/module-list.nix @@ -0,0 +1,20 @@ +[ + ./colors.nix + ./direnv.nix + ./fish.nix + ./git.nix + ./gpg.nix + ./gtk.nix + ./keyring.nix + ./kitty + ./mako.nix + ./session.nix + ./ssh.nix + ./sway + ./syncthing.nix + ./termite.nix + ./tmux.nix + ./vim + ./xdg.nix + ./zsh.nix +] diff --git a/modules/dadada/session.nix b/modules/home/session.nix similarity index 86% rename from modules/dadada/session.nix rename to modules/home/session.nix index 1ac9d53..d9520a9 100644 --- a/modules/dadada/session.nix +++ b/modules/home/session.nix @@ -1,9 +1,9 @@ { config, lib, ... }: with lib; let - cfg = config.dadada.session; + cfg = config.dadada.home.session; in { - options.dadada.session = { + options.dadada.home.session = { enable = mkEnableOption "Enable session variable management"; sessionVars = mkOption { description = "Session variables"; diff --git a/modules/dadada/ssh.nix b/modules/home/ssh.nix similarity index 74% rename from modules/dadada/ssh.nix rename to modules/home/ssh.nix index d89cfa1..b428a8b 100644 --- a/modules/dadada/ssh.nix +++ b/modules/home/ssh.nix @@ -1,9 +1,9 @@ { config, lib, ... }: with lib; let - cfg = config.dadada.ssh; + cfg = config.dadada.home.ssh; in { - options.dadada.ssh = { + options.dadada.home.ssh = { enable = mkEnableOption "Enable SSH config"; }; config = mkIf cfg.enable { diff --git a/modules/dadada/sway/config b/modules/home/sway/config similarity index 100% rename from modules/dadada/sway/config rename to modules/home/sway/config diff --git a/modules/dadada/sway/default.nix b/modules/home/sway/default.nix similarity index 93% rename from modules/dadada/sway/default.nix rename to modules/home/sway/default.nix index 2cbb12a..5dfbd09 100644 --- a/modules/dadada/sway/default.nix +++ b/modules/home/sway/default.nix @@ -1,9 +1,9 @@ { config, pkgs, lib, colors, ...}: with lib; let - cfg = config.dadada.sway; + cfg = config.dadada.home.sway; in { - options.dadada.sway = { + options.dadada.home.sway = { enable = mkEnableOption "Enable Sway config"; }; config = mkIf cfg.enable { diff --git a/modules/dadada/syncthing.nix b/modules/home/syncthing.nix similarity index 74% rename from modules/dadada/syncthing.nix rename to modules/home/syncthing.nix index 9d038a9..17db865 100644 --- a/modules/dadada/syncthing.nix +++ b/modules/home/syncthing.nix @@ -1,9 +1,9 @@ { config, pkgs, lib, ... }: with lib; let - cfg = config.dadada.syncthing; + cfg = config.dadada.home.syncthing; in { - options.dadada.syncthing = { + options.dadada.home.syncthing = { enable = mkEnableOption "Enable Syncthing config"; }; config = mkIf cfg.enable { diff --git a/modules/dadada/termite.nix b/modules/home/termite.nix similarity index 96% rename from modules/dadada/termite.nix rename to modules/home/termite.nix index 9aa4d0a..8264024 100644 --- a/modules/dadada/termite.nix +++ b/modules/home/termite.nix @@ -7,9 +7,9 @@ }: with lib; let - cfg = config.dadada.termite; + cfg = config.dadada.home.termite; in { - options.dadada.termite = { + options.dadada.home.termite = { enable = mkEnableOption "Enable termite config"; }; config = mkIf cfg.enable { diff --git a/modules/dadada/tmux.nix b/modules/home/tmux.nix similarity index 86% rename from modules/dadada/tmux.nix rename to modules/home/tmux.nix index 2da6792..d25eb30 100644 --- a/modules/dadada/tmux.nix +++ b/modules/home/tmux.nix @@ -1,9 +1,9 @@ { config, lib, ... }: with lib; let - cfg = config.dadada.tmux; + cfg = config.dadada.home.tmux; in { - options.dadada.tmux = { + options.dadada.home.tmux = { enable = mkEnableOption "Enable tmux config"; }; config = mkIf cfg.enable { diff --git a/modules/dadada/vim/default.nix b/modules/home/vim/default.nix similarity index 55% rename from modules/dadada/vim/default.nix rename to modules/home/vim/default.nix index e5a5a81..1199c8c 100644 --- a/modules/dadada/vim/default.nix +++ b/modules/home/vim/default.nix @@ -1,27 +1,11 @@ -{ config, pkgs, lib, fetchFromGitHub, ... }: +{ config, pkgs, lib, ... }: with lib; let - cfg = config.dadada.vim; - - myFtplugins = pkgs.vimUtils.buildVimPluginFrom2Nix { - pname = "myFtplugins"; - version = "2010-11-06"; - src = vim/plugins/myFtplugins; - }; - - spacemacsTheme = pkgs.vimUtils.buildVimPluginFrom2Nix { - pname = "spacemacs-theme"; - version = "2.0.1"; - src = pkgs.fetchFromGitHub { - owner = "colepeters"; - repo = "spacemacs-theme.vim"; - rev = "056bba9bd05a2c97c63c28216a1c232cfb91529e"; - sha256 = "0iy3i6waigk759p2z59mrxkjc0p412y7d8zf3cjak4a9sh1sh6qz"; - }; - }; + cfg = config.dadada.home.vim; + vimPlugins = pkgs.callPackage ../../../pkgs/vimPlugins {}; in { - options.dadada.vim = { + options.dadada.home.vim = { enable = mkEnableOption "Enable VIM config"; }; @@ -40,7 +24,8 @@ in pkgs.vimPlugins.vim-airline pkgs.vimPlugins.vim-airline-themes pkgs.vimPlugins.vim-fish - spacemacsTheme + vimPlugins.spacemacsTheme + vimPlugins.filetype #pkgs.vimPlugins.vim-gnupg #pkgs.vimPlugins.vim-l9 pkgs.vimPlugins.vim-ledger diff --git a/modules/dadada/vim/vimrc b/modules/home/vim/vimrc similarity index 100% rename from modules/dadada/vim/vimrc rename to modules/home/vim/vimrc diff --git a/modules/dadada/xdg.nix b/modules/home/xdg.nix similarity index 95% rename from modules/dadada/xdg.nix rename to modules/home/xdg.nix index bf8199a..d560780 100644 --- a/modules/dadada/xdg.nix +++ b/modules/home/xdg.nix @@ -18,9 +18,9 @@ let "text/plain" = "vim.desktop"; "application/pdf" = "org.pwmt.zathura.desktop"; }; - cfg = config.dadada.xdg; + cfg = config.dadada.home.xdg; in { - options.dadada.xdg = { + options.dadada.home.xdg = { enable = mkEnableOption "Enable XDG config"; }; config = mkIf cfg.enable { diff --git a/modules/dadada/zsh.nix b/modules/home/zsh.nix similarity index 95% rename from modules/dadada/zsh.nix rename to modules/home/zsh.nix index 77472bc..f9bbff4 100644 --- a/modules/dadada/zsh.nix +++ b/modules/home/zsh.nix @@ -1,9 +1,9 @@ { config, pkgs, lib, ... }: with lib; let - cfg = config.dadada.zsh; + cfg = config.dadada.home.zsh; in { - options.dadada.zsh = { + options.dadada.home.zsh = { enable = mkEnableOption "Enable ZSH config"; }; config = mkIf cfg.enable { diff --git a/modules/module-list.nix b/modules/module-list.nix index b35d249..f441ae6 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -1,19 +1,11 @@ [ - ./dadada/direnv.nix - ./dadada/fish.nix - ./dadada/git.nix - ./dadada/gpg.nix - ./dadada/gtk.nix - ./dadada/keyring.nix - ./dadada/kitty - ./dadada/mako.nix - ./dadada/session.nix - ./dadada/ssh.nix - ./dadada/sway - ./dadada/syncthing.nix - ./dadada/termite.nix - ./dadada/tmux.nix - ./dadada/vim - ./dadada/xdg.nix - ./dadada/zsh.nix + ./admin.nix + ./backup.nix + ./fido2.nix + ./fileShare.nix + ./networking.nix + ./steam.nix + ./update.nix + ./vpnServer.nix + ./weechat.nix ] diff --git a/modules/networking.nix b/modules/networking.nix new file mode 100644 index 0000000..1ee5f07 --- /dev/null +++ b/modules/networking.nix @@ -0,0 +1,86 @@ +{ config, pkgs, lib, ...}: +with lib; +let + cfg = config.dadada.networking; +in { + options.dadada.networking = { + useLocalResolver = mkEnableOption "Enable local caching name server"; + domain = mkOption { + type = with types; nullOr str; + description = "Network domain name"; + default = null; + }; + wanInterfaces = mkOption { + type = with types; listOf str; + description = "WAN network interfaces"; + default = []; + }; + vpnExtension = mkOption { + type = with types; nullOr str; + description = "Last part of VPN address"; + default = null; + }; + enableBsShare = mkEnableOption "Enable network share at BS location"; + }; + + config = { + networking.domain = cfg.domain; + networking.resolvconf.useLocalResolver = mkIf cfg.useLocalResolver true; + services.unbound = mkIf cfg.useLocalResolver { + enable = true; + allowedAccess = [ + "127.0.0.1/8" + "::1" + ]; + extraConfig = '' + tls-upstream: yes + tls-cert-bundle: "/etc/ssl/certs/ca-bundle.crt" + forward-zone: + name: . + forward-tls-upstream: yes + forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com + forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com + forward-addr: 1.1.1.1@853#cloudflare-dns.com + forward-addr: 1.0.0.1@853#cloudflare-dns.com + ''; + }; + + networking.useDHCP = false; + + networking.interfaces = listToAttrs (forEach cfg.wanInterfaces (i: nameValuePair i { + useDHCP = true; + })); + + networking.wireguard.interfaces = mkIf (cfg.vpnExtension != null) { + bs = { + ips = [ "fd42:dead:beef:1337::${cfg.vpnExtension}/64" ]; + listenPort = 51234; + + privateKeyFile = "/var/lib/wireguard/privkey"; + + peers = [ + { + publicKey = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU="; + allowedIPs = [ "fd42:dead:beef::/48" ]; + endpoint = "bs.vpn.dadada.li:51234"; + persistentKeepalive = 25; + } + ]; + }; + }; + + fileSystems."/mnt/media.dadada.li" = mkIf cfg.enableBsShare { + device = "media.dadada.li:/mnt/storage/share"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + + networking.firewall = { + enable = true; + allowedUDPPorts = [ + 51234 # Wireguard + 5353 # mDNS + ]; + }; + }; +} diff --git a/modules/profiles/base/default.nix b/modules/profiles/base/default.nix new file mode 100644 index 0000000..b0b2e40 --- /dev/null +++ b/modules/profiles/base/default.nix @@ -0,0 +1,39 @@ +{ config, pkgs, lib, ... }: +with lib; +{ + imports = import ../../module-list.nix; + + config = { + dadada = { + autoUpgrade.enable = mkDefault true; + networking = { + useLocalResolver = mkDefault true; + domain = mkDefault "dadada.li"; + }; + }; + + i18n.defaultLocale = mkDefault "en_US.UTF-8"; + console = { + font = mkDefault "Lat2-Terminus16"; + keyMap = mkDefault "us"; + }; + + fonts.fonts = mkDefault (with pkgs; [ + source-code-pro + ]); + + time.timeZone = mkDefault "Europe/Berlin"; + + programs.zsh = mkDefault { + enable = true; + autosuggestions.enable = true; + enableCompletion = true; + histSize = 100000; + vteIntegration = true; + syntaxHighlighting = { + enable = true; + highlighters = [ "main" "brackets" "pattern" "cursor" "root" "line" ]; + }; + }; + }; +} diff --git a/modules/profiles/home/default.nix b/modules/profiles/home/default.nix deleted file mode 100644 index 3fdb5e6..0000000 --- a/modules/profiles/home/default.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ config, pkgs, lib, ... }: -let - sources = import ../../../nix/sources.nix; - stable = import {}; -in { - nixpkgs = { - overlays = [ - (import ../../../overlays/texlive-tubslatex.nix) - ]; - }; - - imports = import ../../module-list.nix; - - dadada = { - vim.enable = true; - direnv.enable = true; - git.enable = true; - gpg.enable = true; - gtk.enable = true; - keyring.enable = true; - kitty.enable = true; - session.enable = true; - ssh.enable = true; - syncthing.enable = true; - xdg.enable = true; - zsh.enable = true; - }; - - dadada.session = { - sessionVars = { - EDITOR = "vim"; - PAGER = "less"; - MAILDIR = "\$HOME/.var/mail"; - MBLAZE = "\$HOME/.config/mblaze"; - NOTMUCH_CONFIG = "\$HOME/.config/notmuch/config"; - MOZ_ENABLE_WAYLAND= "1"; - }; - }; - - # Let Home Manager install and manage itself. - programs.home-manager.enable = true; - - home.packages = import ./pkgs.nix { pkgs = pkgs; }; - - # This value determines the Home Manager release that your - # configuration is compatible with. This helps avoid breakage - # when a new Home Manager release introduces backwards - # incompatible changes. - # - # You can update Home Manager without changing this value. See - # the Home Manager release notes for a list of state version - # changes in each release. - home.stateVersion = "19.09"; -} diff --git a/modules/profiles/work.nix b/modules/profiles/work.nix deleted file mode 100644 index 17fdc3f..0000000 --- a/modules/profiles/work.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ config, pkgs, lib, ... }: -{ - imports = [ - (import ../session.nix { - inherit config; - sessionVars = { - EDITOR = "vim"; - PAGER = "less"; - MOZ_ENABLE_WAYLAND= "1"; - }; - }) - ../vim - ../direnv.nix - ../git.nix - ../gpg.nix - ../gtk.nix - ../keyring.nix - ../kitty.nix - ../ssh.nix - ../tmux.nix - ../zsh.nix - ]; - - # Let Home Manager install and manage itself. - programs.home-manager.enable = true; - - home.packages = with pkgs; [ - file - gnupg - libreoffice - python3 - sshfs-fuse - unzip - ]; - - # This value determines the Home Manager release that your - # configuration is compatible with. This helps avoid breakage - # when a new Home Manager release introduces backwards - # incompatible changes. - # - # You can update Home Manager without changing this value. See - # the Home Manager release notes for a list of state version - # changes in each release. - home.stateVersion = "19.09"; -} diff --git a/modules/steam.nix b/modules/steam.nix new file mode 100644 index 0000000..273b1c0 --- /dev/null +++ b/modules/steam.nix @@ -0,0 +1,20 @@ +{ config, pkgs, lib, ... }: +with lib; +let + cfg = config.dadada.steam; +in { + options.dadada.steam = { + enable = mkEnableOption "Enable Steam config"; + }; + config = mkIf cfg.enable { + nixpkgs.config.allowUnfree = true; + + hardware.opengl = { + enable = true; + driSupport32Bit = true; + extraPackages32 = with pkgs.pkgsi686Linux; [ libva ]; + }; + + hardware.pulseaudio.support32Bit = true; + }; +} diff --git a/modules/update.nix b/modules/update.nix new file mode 100644 index 0000000..b22840c --- /dev/null +++ b/modules/update.nix @@ -0,0 +1,30 @@ +{ config, pkgs, lib, ... }: +with lib; +let + cfg = config.dadada.autoUpgrade; +in { + options = { + dadada.autoUpgrade = { + enable = mkEnableOption "Enable automatic upgrades"; + }; + }; + + config = mkIf cfg.enable { + services.fwupd.enable = true; + + nix = { + autoOptimiseStore = true; + useSandbox = true; + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + }; + + system.autoUpgrade = { + enable = true; + dates = "daily"; + }; + }; +} diff --git a/modules/vpnServer.nix b/modules/vpnServer.nix new file mode 100644 index 0000000..7fb108e --- /dev/null +++ b/modules/vpnServer.nix @@ -0,0 +1,47 @@ +{ config, lib, ... }: + +with lib; +let + cfg = config.dadada.vpnServer; + wgPeer = { name, ... }: { + options = { + name = mkOption { + internal = true; + default = name; + }; + id = mkOption { + description = "VPN client id"; + default = 0; + type = types.str; + }; + key = mkOption { + description = "VPN client public key"; + default = ""; + type = types.str; + }; + }; + }; +in { + options.dadada.vpnServer = { + enable = mkEnableOption "Enable wireguard gateway"; + peers = mkOption { + description = "Set of extensions and public keys of peers"; + type = with types; attrsOf (submodule wgPeer); + default = {}; + }; + }; + config = mkIf cfg.enable { + networking.wireguard.enable = true; + networking.wireguard.interfaces."wg0" = { + allowedIPsAsRoutes = true; + privateKeyFile = "/var/lib/wireguard/wg0-key"; + ips = [ "fd42:dead:beef:1337::0/64" ]; + listenPort = 51234; + peers = map (peer: ( + { + allowedIPs = [ "fd42:dead:beef:1337::${peer.id}/128" ]; + publicKey = peer.key; + })) (attrValues cfg.peers); + }; + }; +} diff --git a/modules/weechat.nix b/modules/weechat.nix new file mode 100644 index 0000000..dcc6be7 --- /dev/null +++ b/modules/weechat.nix @@ -0,0 +1,58 @@ +{ config, pkgs, lib, ... }: + +with lib; +let + cfg = config.dadada.weechat; +in { + options.dadada.weechat = { + enable = mkEnableOption "Enable weechat relay"; + }; + config = mkIf cfg.enable { + services.weechat = { + enable = true; + sessionName = "weechat-dadada"; + }; + + services.nginx.virtualHosts."webchat.dadada.li" = { + useACMEHost = "webchat.dadada.li"; + forceSSL = true; + serverAliases = [ "webchat.${config.networking.domain}" ]; + + root = pkgs.glowing-bear; + + locations = { + "/robots.txt" = { + extraConfig = '' + add_header Content-Type text/plain; + return 200 "User-agent: *\nDisallow: /\n"; + ''; + }; + }; + }; + services.nginx.virtualHosts."weechat.dadada.li" = { + useACMEHost = "weechat.dadada.li"; + forceSSL = true; + serverAliases = [ "weechat.${config.networking.domain}" ]; + + root = "${pkgs.nginx}/html"; + locations = { + "/weechat" = { + extraConfig = '' + proxy_pass http://localhost:9001; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 8h; + ''; + }; + "/robots.txt" = { + extraConfig = '' + add_header Content-Type text/plain; + return 200 "User-agent: *\nDisallow: /\n"; + ''; + }; + }; + }; + }; +} + diff --git a/overlay.nix b/overlay.nix new file mode 100644 index 0000000..4be40f3 --- /dev/null +++ b/overlay.nix @@ -0,0 +1,11 @@ +self: super: + +let + isReserved = n: n == "lib" || n == "overlays" || n == "modules"; + nameValuePair = n: v: { name = n; value = v; }; + attrs = import ./default.nix { pkgs = super; }; +in + builtins.listToAttrs + (map (n: nameValuePair n attrs.${n}) + (builtins.filter (n: !isReserved n) + (builtins.attrNames attrs))) diff --git a/overlays/default.nix b/overlays/default.nix new file mode 100644 index 0000000..6009c2f --- /dev/null +++ b/overlays/default.nix @@ -0,0 +1,3 @@ +{ + tubslatex = import ./tubslatex.nix; +} diff --git a/overlays/texlive-tubslatex.nix b/overlays/tubslatex.nix similarity index 86% rename from overlays/texlive-tubslatex.nix rename to overlays/tubslatex.nix index ba8ff05..121fecc 100644 --- a/overlays/texlive-tubslatex.nix +++ b/overlays/tubslatex.nix @@ -1,9 +1,9 @@ self: super: { # Based on https://gist.github.com/clefru/9ed1186bf0b76d27e0ad20cbd9966b87 - texlive-tubslatex = super.lib.overrideDerivation (super.texlive.combine { + tubslatex = super.lib.overrideDerivation (super.texlive.combine { inherit (super.texlive) scheme-full; - tubslatex.pkgs = [ (super.callPackage ../pkgs/tubslatex.nix {}) ]; + tubslatex.pkgs = [ (super.callPackage ../pkgs/tubslatex {}) ]; }) (oldAttrs: { postBuild = '' # Save the udpmap.cfg because texlive.combine removes it. diff --git a/pkgs/keys/default.nix b/pkgs/keys/default.nix new file mode 100644 index 0000000..b1a6250 --- /dev/null +++ b/pkgs/keys/default.nix @@ -0,0 +1,20 @@ +{ stdenv }: + +stdenv.mkDerivation rec { + pname = "infra-keys"; + version = "1"; + + src = ./keys; + + installPhase = '' + mkdir $out + mv * $out + ''; + + meta = with stdenv.lib; { + description = "Public keys for my infrastructure"; + license = licenses.publicDomain; + platforms = platforms.all; + maintainers = [ "dadada" ]; + }; +} diff --git a/pkgs/keys/keys/dadada.pub b/pkgs/keys/keys/dadada.pub new file mode 100644 index 0000000..6dfc30f --- /dev/null +++ b/pkgs/keys/keys/dadada.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis diff --git a/pkgs/tubslatex.nix b/pkgs/tubslatex/default.nix similarity index 100% rename from pkgs/tubslatex.nix rename to pkgs/tubslatex/default.nix diff --git a/pkgs/vimPlugins/default.nix b/pkgs/vimPlugins/default.nix new file mode 100644 index 0000000..13f293e --- /dev/null +++ b/pkgs/vimPlugins/default.nix @@ -0,0 +1,20 @@ +{ pkgs, lib, fetchFromGitHub, ... }: +with lib; +{ + filetype = pkgs.vimUtils.buildVimPluginFrom2Nix { + pname = "dadadaVimFiletype"; + version = "2010-11-06"; + src = ./filetype; + }; + + spacemacsTheme = pkgs.vimUtils.buildVimPluginFrom2Nix { + pname = "spacemacs-theme"; + version = "2.0.1"; + src = pkgs.fetchFromGitHub { + owner = "colepeters"; + repo = "spacemacs-theme.vim"; + rev = "056bba9bd05a2c97c63c28216a1c232cfb91529e"; + sha256 = "0iy3i6waigk759p2z59mrxkjc0p412y7d8zf3cjak4a9sh1sh6qz"; + }; + }; +} diff --git a/modules/dadada/vim/plugins/myFtplugins/ftplugin/cpp.vim b/pkgs/vimPlugins/filetype/ftplugin/cpp.vim similarity index 100% rename from modules/dadada/vim/plugins/myFtplugins/ftplugin/cpp.vim rename to pkgs/vimPlugins/filetype/ftplugin/cpp.vim diff --git a/modules/dadada/vim/plugins/myFtplugins/ftplugin/css.vim b/pkgs/vimPlugins/filetype/ftplugin/css.vim similarity index 100% rename from modules/dadada/vim/plugins/myFtplugins/ftplugin/css.vim rename to pkgs/vimPlugins/filetype/ftplugin/css.vim diff --git a/modules/dadada/vim/plugins/myFtplugins/ftplugin/fish.vim b/pkgs/vimPlugins/filetype/ftplugin/fish.vim similarity index 100% rename from modules/dadada/vim/plugins/myFtplugins/ftplugin/fish.vim rename to pkgs/vimPlugins/filetype/ftplugin/fish.vim diff --git a/modules/dadada/vim/plugins/myFtplugins/ftplugin/foo.kt b/pkgs/vimPlugins/filetype/ftplugin/foo.kt similarity index 100% rename from modules/dadada/vim/plugins/myFtplugins/ftplugin/foo.kt rename to pkgs/vimPlugins/filetype/ftplugin/foo.kt diff --git a/modules/dadada/vim/plugins/myFtplugins/ftplugin/html.vim b/pkgs/vimPlugins/filetype/ftplugin/html.vim similarity index 100% rename from modules/dadada/vim/plugins/myFtplugins/ftplugin/html.vim rename to pkgs/vimPlugins/filetype/ftplugin/html.vim diff --git a/modules/dadada/vim/plugins/myFtplugins/ftplugin/javascript.vim b/pkgs/vimPlugins/filetype/ftplugin/javascript.vim similarity index 100% rename from modules/dadada/vim/plugins/myFtplugins/ftplugin/javascript.vim rename to pkgs/vimPlugins/filetype/ftplugin/javascript.vim diff --git a/modules/dadada/vim/plugins/myFtplugins/ftplugin/kotlin.vim b/pkgs/vimPlugins/filetype/ftplugin/kotlin.vim similarity index 100% rename from modules/dadada/vim/plugins/myFtplugins/ftplugin/kotlin.vim rename to pkgs/vimPlugins/filetype/ftplugin/kotlin.vim diff --git a/modules/dadada/vim/plugins/myFtplugins/ftplugin/ledger.vim b/pkgs/vimPlugins/filetype/ftplugin/ledger.vim similarity index 100% rename from modules/dadada/vim/plugins/myFtplugins/ftplugin/ledger.vim rename to pkgs/vimPlugins/filetype/ftplugin/ledger.vim diff --git a/modules/dadada/vim/plugins/myFtplugins/ftplugin/markdown.md b/pkgs/vimPlugins/filetype/ftplugin/markdown.md similarity index 100% rename from modules/dadada/vim/plugins/myFtplugins/ftplugin/markdown.md rename to pkgs/vimPlugins/filetype/ftplugin/markdown.md diff --git a/modules/dadada/vim/plugins/myFtplugins/ftplugin/nix.vim b/pkgs/vimPlugins/filetype/ftplugin/nix.vim similarity index 100% rename from modules/dadada/vim/plugins/myFtplugins/ftplugin/nix.vim rename to pkgs/vimPlugins/filetype/ftplugin/nix.vim diff --git a/modules/dadada/vim/plugins/myFtplugins/ftplugin/python.vim b/pkgs/vimPlugins/filetype/ftplugin/python.vim similarity index 100% rename from modules/dadada/vim/plugins/myFtplugins/ftplugin/python.vim rename to pkgs/vimPlugins/filetype/ftplugin/python.vim diff --git a/modules/dadada/vim/plugins/myFtplugins/ftplugin/rust.vim b/pkgs/vimPlugins/filetype/ftplugin/rust.vim similarity index 100% rename from modules/dadada/vim/plugins/myFtplugins/ftplugin/rust.vim rename to pkgs/vimPlugins/filetype/ftplugin/rust.vim diff --git a/modules/dadada/vim/plugins/myFtplugins/ftplugin/scss.vim b/pkgs/vimPlugins/filetype/ftplugin/scss.vim similarity index 100% rename from modules/dadada/vim/plugins/myFtplugins/ftplugin/scss.vim rename to pkgs/vimPlugins/filetype/ftplugin/scss.vim diff --git a/modules/dadada/vim/plugins/myFtplugins/ftplugin/typescript.vim b/pkgs/vimPlugins/filetype/ftplugin/typescript.vim similarity index 100% rename from modules/dadada/vim/plugins/myFtplugins/ftplugin/typescript.vim rename to pkgs/vimPlugins/filetype/ftplugin/typescript.vim diff --git a/modules/dadada/vim/plugins/myFtplugins/ftplugin/yaml.vim b/pkgs/vimPlugins/filetype/ftplugin/yaml.vim similarity index 100% rename from modules/dadada/vim/plugins/myFtplugins/ftplugin/yaml.vim rename to pkgs/vimPlugins/filetype/ftplugin/yaml.vim