diff --git a/.github/workflows/nix-flake-check.yml b/.github/workflows/nix-flake-check.yml
index b0c0fa3..4e45f2b 100644
--- a/.github/workflows/nix-flake-check.yml
+++ b/.github/workflows/nix-flake-check.yml
@@ -18,7 +18,7 @@ jobs:
experimental-features = nix-command flakes
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
system-features = nixos-test benchmark big-parallel kvm
- - uses: cachix/cachix-action@v14
+ - uses: cachix/cachix-action@v15
with:
name: dadada
signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
diff --git a/admins.nix b/admins.nix
index e5e29ba..82f6cef 100644
--- a/admins.nix
+++ b/admins.nix
@@ -2,7 +2,7 @@
dadada = {
shell = "zsh";
keys = [
- "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHrT9sQhJWrTPIMOEsZ8UzkY7BKJYYK2Aj/Q3NZu2z7uAAAABHNzaDo= dadada@gorgon"
+ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIE2JWU+BuWSvoiGFSTDQ9/1SCvfJEnkFQsFLYPNlY6wcAAAABHNzaDo= dadada <dadada@dadada.li>"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOFHB9T6fjkuIU8jW9gGiYGSEFSfrnY/6GJUfmfMx10HAAAABHNzaDo= Backup dadada <dadada@dadada.li>"
];
};
diff --git a/checks.nix b/checks.nix
index 9505c35..65d3493 100644
--- a/checks.nix
+++ b/checks.nix
@@ -1,20 +1,20 @@
-{
- self,
- flake-utils,
- nixpkgs,
- ...
+{ self
+, flake-utils
+, nixpkgs
+, ...
}:
-(flake-utils.lib.eachDefaultSystem (
- system:
+(flake-utils.lib.eachDefaultSystem (system:
let
pkgs = nixpkgs.legacyPackages.${system};
formatter = self.formatter.${system};
in
{
checks = {
- format = pkgs.runCommand "check-format" {
- buildInputs = [ formatter ];
- } "${formatter}/bin/nixpkgs-fmt --check ${./.} && touch $out";
+ format = pkgs.runCommand
+ "check-format"
+ {
+ buildInputs = [ formatter ];
+ }
+ "${formatter}/bin/nixpkgs-fmt --check ${./.} && touch $out";
};
- }
-)).checks
+ })).checks
diff --git a/devshell.nix b/devshell.nix
index ebdfb12..27b9799 100644
--- a/devshell.nix
+++ b/devshell.nix
@@ -8,6 +8,7 @@
agenix
nixpkgs-fmt
nixos-rebuild
+ nil
];
commands = [
diff --git a/flake.lock b/flake.lock
index 0aba46f..c6a5393 100644
--- a/flake.lock
+++ b/flake.lock
@@ -6,19 +6,19 @@
"home-manager": "home-manager",
"nixpkgs": [
"nixpkgs"
- ],
- "systems": "systems"
+ ]
},
"locked": {
- "lastModified": 1747575206,
- "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=",
+ "lastModified": 1703089996,
+ "narHash": "sha256-ipqShkBmHKC9ft1ZAsA6aeKps32k7+XZSPwfxeHLsAU=",
"owner": "ryantm",
"repo": "agenix",
- "rev": "4835b1dc898959d8547a871ef484930675cb47f1",
+ "rev": "564595d0ad4be7277e07fa63b5a991b3c645655d",
"type": "github"
},
"original": {
"owner": "ryantm",
+ "ref": "0.15.0",
"repo": "agenix",
"type": "github"
}
@@ -31,11 +31,11 @@
]
},
"locked": {
- "lastModified": 1744478979,
- "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
+ "lastModified": 1673295039,
+ "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"owner": "lnl7",
"repo": "nix-darwin",
- "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
+ "rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"type": "github"
},
"original": {
@@ -47,16 +47,17 @@
},
"devshell": {
"inputs": {
+ "flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
- "lastModified": 1741473158,
- "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=",
+ "lastModified": 1713532798,
+ "narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=",
"owner": "numtide",
"repo": "devshell",
- "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0",
+ "rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40",
"type": "github"
},
"original": {
@@ -68,11 +69,11 @@
"flake-registry": {
"flake": false,
"locked": {
- "lastModified": 1744623129,
- "narHash": "sha256-nlQTQrHqM+ywXN0evDXnYEV6z6WWZB5BFQ2TkXsduKw=",
+ "lastModified": 1705308826,
+ "narHash": "sha256-Z3xTYZ9EcRIqZAufZbci912MUKB0sD+qxi/KTGMFVwY=",
"owner": "NixOS",
"repo": "flake-registry",
- "rev": "1322f33d5836ae757d2e6190239252cf8402acf6",
+ "rev": "9c69f7bd2363e71fe5cd7f608113290c7614dcdd",
"type": "github"
},
"original": {
@@ -82,17 +83,35 @@
}
},
"flake-utils": {
+ "inputs": {
+ "systems": "systems"
+ },
+ "locked": {
+ "lastModified": 1701680307,
+ "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_2": {
"inputs": {
"systems": [
"systems"
]
},
"locked": {
- "lastModified": 1731533236,
- "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+ "lastModified": 1710146030,
+ "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+ "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
@@ -109,11 +128,11 @@
]
},
"locked": {
- "lastModified": 1745494811,
- "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
+ "lastModified": 1682203081,
+ "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
+ "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
"type": "github"
},
"original": {
@@ -129,15 +148,16 @@
]
},
"locked": {
- "lastModified": 1749358668,
- "narHash": "sha256-V91nN4Q9ZwX0N+Gzu+F8SnvzMcdURYnMcIvpfLQzD5M=",
+ "lastModified": 1716729592,
+ "narHash": "sha256-Y3bOjoh2cFBqZN0Jw1zUdyr7tjygyxl2bD/QY73GZP0=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "06451df423dd5e555f39857438ffc16c5b765862",
+ "rev": "2c78a57c544dd19b07442350727ced097e1aa6e6",
"type": "github"
},
"original": {
"owner": "nix-community",
+ "ref": "release-23.11",
"repo": "home-manager",
"type": "github"
}
@@ -145,24 +165,26 @@
"homepage": {
"flake": false,
"locked": {
- "lastModified": 1727338449,
- "narHash": "sha256-VwOGtT1WB+isk0z/D/Be05GgeaTFfsXTGt7aScCAfec=",
- "rev": "60398d3d728a0057b4cad49879ef637c06b28371",
- "type": "tarball",
- "url": "https://git.dadada.li/api/v1/repos/dadada/dadada.li/archive/60398d3d728a0057b4cad49879ef637c06b28371.tar.gz?rev=60398d3d728a0057b4cad49879ef637c06b28371"
+ "lastModified": 1714328013,
+ "narHash": "sha256-nA/7hKv8qz2+ru84rXiMa52+gyvyIhLWP9tJB6Q/DLQ=",
+ "owner": "dadada",
+ "repo": "dadada.li",
+ "rev": "b971b5905b38be19b4fa4e7d99a70df0aebfba28",
+ "type": "github"
},
"original": {
- "type": "tarball",
- "url": "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz"
+ "owner": "dadada",
+ "repo": "dadada.li",
+ "type": "github"
}
},
"nixlib": {
"locked": {
- "lastModified": 1736643958,
- "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
+ "lastModified": 1712450863,
+ "narHash": "sha256-K6IkdtMtq9xktmYPj0uaYc8NsIqHuaAoRBaMgu9Fvrw=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
- "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
+ "rev": "3c62b6a12571c9a7f65ab037173ee153d539905f",
"type": "github"
},
"original": {
@@ -179,11 +201,11 @@
]
},
"locked": {
- "lastModified": 1747663185,
- "narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=",
+ "lastModified": 1716210724,
+ "narHash": "sha256-iqQa3omRcHGpWb1ds75jS9ruA5R39FTmAkeR3J+ve1w=",
"owner": "nix-community",
"repo": "nixos-generators",
- "rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc",
+ "rev": "d14b286322c7f4f897ca4b1726ce38cb68596c94",
"type": "github"
},
"original": {
@@ -194,11 +216,11 @@
},
"nixos-hardware": {
"locked": {
- "lastModified": 1749195551,
- "narHash": "sha256-W5GKQHgunda/OP9sbKENBZhMBDNu2QahoIPwnsF6CeM=",
+ "lastModified": 1716715385,
+ "narHash": "sha256-fe6Z33pbfqu4TI5ijmcaNc5vRBs633tyxJ12HTghy3w=",
"owner": "NixOS",
"repo": "nixos-hardware",
- "rev": "4602f7e1d3f197b3cb540d5accf5669121629628",
+ "rev": "2e7d6c568063c83355fe066b8a8917ee758de1b8",
"type": "github"
},
"original": {
@@ -210,32 +232,16 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1749143949,
- "narHash": "sha256-QuUtALJpVrPnPeozlUG/y+oIMSLdptHxb3GK6cpSVhA=",
+ "lastModified": 1716361217,
+ "narHash": "sha256-mzZDr00WUiUXVm1ujBVv6A0qRd8okaITyUp4ezYRgc4=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "d3d2d80a2191a73d1e86456a751b83aa13085d7d",
+ "rev": "46397778ef1f73414b03ed553a3368f0e7e33c2f",
"type": "github"
},
"original": {
"owner": "NixOS",
- "ref": "nixos-unstable",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs-small": {
- "locked": {
- "lastModified": 1749289455,
- "narHash": "sha256-FmG/5HlnBrPNTCQv91GPUV2RKUw2WvDtyhXcN2fN280=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "6dbd508802ef3f74cf792a25b653861ed8360a80",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "nixos-unstable-small",
+ "ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
@@ -245,13 +251,12 @@
"agenix": "agenix",
"devshell": "devshell",
"flake-registry": "flake-registry",
- "flake-utils": "flake-utils",
+ "flake-utils": "flake-utils_2",
"home-manager": "home-manager_2",
"homepage": "homepage",
"nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
- "nixpkgs-small": "nixpkgs-small",
"systems": "systems_2",
"treefmt-nix": "treefmt-nix"
}
@@ -293,11 +298,11 @@
]
},
"locked": {
- "lastModified": 1749194973,
- "narHash": "sha256-eEy8cuS0mZ2j/r/FE0/LYBSBcIs/MKOIVakwHVuqTfk=",
+ "lastModified": 1715940852,
+ "narHash": "sha256-wJqHMg/K6X3JGAE9YLM0LsuKrKb4XiBeVaoeMNlReZg=",
"owner": "numtide",
"repo": "treefmt-nix",
- "rev": "a05be418a1af1198ca0f63facb13c985db4cb3c5",
+ "rev": "2fba33a182602b9d49f0b2440513e5ee091d838b",
"type": "github"
},
"original": {
diff --git a/flake.nix b/flake.nix
index 0cc4b5c..a75d27e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,23 +2,22 @@
description = "dadada's nix flake";
inputs = {
- nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-unstable-small";
- nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+ nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
flake-utils = {
url = "github:numtide/flake-utils";
inputs.systems.follows = "systems";
};
home-manager = {
- url = "github:nix-community/home-manager";
+ url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
homepage = {
- url = "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz";
+ url = "github:dadada/dadada.li";
flake = false;
};
agenix = {
- url = "github:ryantm/agenix";
+ url = "github:ryantm/agenix/0.15.0";
inputs.nixpkgs.follows = "nixpkgs";
};
devshell = {
@@ -40,5 +39,5 @@
};
};
- outputs = { ... }@args: import ./outputs.nix args;
+ outputs = { ... } @ args: import ./outputs.nix args;
}
diff --git a/home/dconf.nix b/home/dconf.nix
index 5238c97..ac29248 100644
--- a/home/dconf.nix
+++ b/home/dconf.nix
@@ -1,11 +1,6 @@
-{ lib, pkgs, ... }:
+{ lib, ... }:
with lib.hm.gvariant;
{
- home.packages = [
- pkgs.adwaita-icon-theme
- pkgs.adwaita-qt
- ];
-
dconf.settings = with lib.hm.gvariant; {
"org/gnome/shell" = {
favorite-apps = [
@@ -18,11 +13,7 @@ with lib.hm.gvariant;
};
"org/gnome/shell" = {
- disable-user-extensions = false;
- enabled-extensions = [
- "system-monitor@gnome-shell-extensions.gcampax.github.com"
- "switcher@landau.fi"
- ];
+ disable-user-extensions = true;
};
"org/gnome/desktop/calendar" = {
@@ -33,41 +24,27 @@ with lib.hm.gvariant;
current = mkUint32 0;
per-window = false;
show-all-sources = true;
- sources = [
- (mkTuple [
- "xkb"
- "eu"
- ])
- (mkTuple [
- "xkb"
- "de"
- ])
- ];
- xkb-options = [
- "lv3:ralt_switch"
- "caps:escape"
- ];
+ sources = [ (mkTuple [ "xkb" "eu" ]) (mkTuple [ "xkb" "de" ]) ];
+ xkb-options = [ "lv3:ralt_switch" "caps:escape" ];
};
"org/gnome/desktop/interface" = {
clock-show-date = true;
clock-show-seconds = false;
clock-show-weekday = true;
- cursor-theme = "Adwaita";
enable-animations = true;
enable-hot-corners = false;
font-antialiasing = "grayscale";
font-hinting = "slight";
- font-name = "Cantarell 10";
+ font-name = "Cantarell";
gtk-enable-primary-paste = false;
gtk-key-theme = "Emacs";
gtk-theme = "Adwaita";
- color-scheme = "prefer-light";
icon-theme = "Adwaita";
locate-pointer = false;
monospace-font-name = "JetBrains Mono 10";
show-battery-percentage = false;
- #text-scaling-factor = 1.0;
+ text-scaling-factor = 1.0;
toolkit-accessibility = false;
};
@@ -139,10 +116,7 @@ with lib.hm.gvariant;
composer-attribution-language = "de_DE";
composer-reply-start-bottom = false;
composer-signature-in-new-only = true;
- composer-spell-languages = [
- "de"
- "en_US"
- ];
+ composer-spell-languages = [ "de" "en_US" ];
composer-top-signature = false;
composer-unicode-smileys = false;
composer-visually-wrap-long-lines = true;
@@ -194,11 +168,11 @@ with lib.hm.gvariant;
};
"org/gnome/settings-daemon/plugins/power" = {
- idle-dim = true;
- power-button-action = "interactive";
+ idle-dim = false;
+ power-button-action = "hibernate";
power-saver-profile-on-low-battery = true;
- sleep-inactive-ac-type = "blank";
- sleep-inactive-battery-timeout = 600;
+ sleep-inactive-ac-type = "nothing";
+ sleep-inactive-battery-timeout = 3600;
sleep-inactive-battery-type = "suspend";
};
diff --git a/home/default.nix b/home/default.nix
index a21362c..0bd95fb 100644
--- a/home/default.nix
+++ b/home/default.nix
@@ -1,7 +1,6 @@
-{
- pkgs,
- lib,
- ...
+{ pkgs
+, lib
+, ...
}:
let
useFeatures = [
@@ -10,34 +9,14 @@ let
"direnv"
"git"
"gpg"
- #"gtk"
- #"keyring"
+ "gtk"
+ "keyring"
"syncthing"
"tmux"
"xdg"
"zsh"
"helix"
];
- colors = {
- background = "fdf6e3";
- foreground = "657b83";
- regular0 = "eee8d5"; # background darker
- regular1 = "dc322f"; # red
- regular2 = "859900"; # green
- regular3 = "b58900"; # dark orange
- regular4 = "268bd2"; # azure blue
- regular5 = "d33682"; # hot pink
- regular6 = "2aa198"; # petrol
- regular7 = "073642"; # navy
- bright0 = "cb4b16"; # orange
- bright1 = "fdf6e3"; # foreground
- bright2 = "93a1a1"; # grey
- bright3 = "839496"; # slightly darker grey
- bright4 = "657b83"; # even slightly darker grey
- bright5 = "6c71c4"; # purple
- bright6 = "586e75"; # pretty dark grey
- bright7 = "002b36"; # dark navy blue
- };
in
{
imports = [
@@ -49,9 +28,7 @@ in
programs.gpg.settings.default-key = "99658A3EB5CD7C13";
dadada.home =
- lib.attrsets.genAttrs useFeatures (useFeatures: {
- enable = true;
- })
+ lib.attrsets.genAttrs useFeatures (useFeatures: { enable = true; })
// {
session = {
enable = true;
@@ -79,9 +56,7 @@ in
Restart = "always";
};
- Install = {
- WantedBy = [ "graphical-session.target" ];
- };
+ Install = { WantedBy = [ "graphical-session.target" ]; };
};
programs.offlineimap.enable = false;
@@ -136,304 +111,6 @@ in
Install.WantedBy = [ "multi-user.target" ];
};
- systemd.user.timers."backup-keepassxc-ninurta" = {
- Unit.Description = "Backup password DB to ninurta";
- Timer = {
- OnBootSec = "15min";
- OnUnitActiveSec = "1d";
- };
- Install.WantedBy = [ "timers.target" ];
- };
-
- systemd.user.services."backup-keepassxc-ninurta" = {
- Unit.Description = "Backup password DB to ninurta";
- Unit.Type = "oneshot";
- Service.ExecStart = "${pkgs.openssh}/bin/scp -P 22 -i /home/dadada/.ssh/keepassxc-backup /home/dadada/lib/sync/Personal.kdbx backup-keepassxc@ninurta.bs.dadada.li:/mnt/storage/backups/backup-keepassxc/Personal.kdbx";
- Install.WantedBy = [ "multi-user.target" ];
- };
-
- programs.foot = {
- enable = true;
- server.enable = false;
- settings = {
- inherit colors;
- main = {
- shell = "tmux";
- font = "Jetbrains Mono:size=8";
- dpi-aware = false;
- };
- mouse.hide-when-typing = true;
- csd.preferred = "none";
- cursor.color = "fdf6e3 586e75";
- bell = {
- urgent = true;
- visual = false;
- };
- };
- };
-
- home.file.".config/sway/config".text = with colors; ''
- # Read `man 5 sway` for a complete reference.
-
- ### Variables
- #
- # Logo key. Use Mod1 for Alt.
- set $mod Mod4
- # Home row direction keys, like vim
- set $left h
- set $down j
- set $up k
- set $right l
- # Your preferred terminal emulator
- set $term foot
- # Your preferred application launcher
- # Note: pass the final command to swaymsg so that the resulting window can be opened
- # on the original workspace that the command was run on.
- set $menu fuzzel
- set $wallpaper "~/lib/pictures/wallpaper.jpg"
-
- ### Idle configuration
- #
- # Example configuration:
- #
- exec swayidle -w \
- timeout 300 'swaylock -f -i $wallpaper -s fill' \
- timeout 600 'swaymsg "output * power off"' resume 'swaymsg "output * power on"' \
- before-sleep 'swaylock -f -i $wallpaper -s fill'
- #
- # This will lock your screen after 300 seconds of inactivity, then turn off
- # your displays after another 300 seconds, and turn your screens back on when
- # resumed. It will also lock your screen before your computer goes to sleep.
-
- input * {
- xkb_layout eu
- xkb_model pc105+inet
- xkb_options caps:escape
- drag_lock enabled
- drag enabled
- dwt enabled
- tap enabled
- tap_button_map lrm
- natural_scroll enabled
- }
-
- ### Key bindings
- #
- # Basics:
- #
- # Start a terminal
- bindsym $mod+Return exec $term
-
- # Kill focused window
- bindsym $mod+Shift+q kill
-
- # Start your launcher
- bindsym $mod+d exec $menu
-
- # Drag floating windows by holding down $mod and left mouse button.
- # Resize them with right mouse button + $mod.
- # Despite the name, also works for non-floating windows.
- # Change normal to inverse to use left mouse button for resizing and right
- # mouse button for dragging.
- floating_modifier $mod normal
-
- # Lock the screen
- bindsym XF86Sleep exec 'swaylock -f -c ${background}'
- bindsym $mod+End exec 'swaylock -f -c ${background}'
-
- # Reload the configuration file
- bindsym $mod+Shift+c reload
-
- # Exit sway (logs you out of your Wayland session)
- bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit'
-
- # Brightness
- bindsym --locked XF86MonBrightnessDown exec light -U 10
- bindsym --locked XF86MonBrightnessUp exec light -A 10
-
- # Volume
- bindsym --locked XF86AudioRaiseVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ +1%'
- bindsym --locked XF86AudioLowerVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ -1%'
- bindsym --locked XF86AudioMute exec 'pactl set-sink-mute @DEFAULT_SINK@ toggle'
-
- #
- # Moving around:
- #
- # Move your focus around
- bindsym $mod+$left focus left
- bindsym $mod+$down focus down
- bindsym $mod+$up focus up
- bindsym $mod+$right focus right
- # Or use $mod+[up|down|left|right]
- bindsym $mod+Left focus left
- bindsym $mod+Down focus down
- bindsym $mod+Up focus up
- bindsym $mod+Right focus right
-
- # Move the focused window with the same, but add Shift
- bindsym $mod+Shift+$left move left
- bindsym $mod+Shift+$down move down
- bindsym $mod+Shift+$up move up
- bindsym $mod+Shift+$right move right
- # Ditto, with arrow keys
- bindsym $mod+Shift+Left move left
- bindsym $mod+Shift+Down move down
- bindsym $mod+Shift+Up move up
- bindsym $mod+Shift+Right move right
-
- #
- # Workspaces:
- #
- # Switch to workspace
- bindsym $mod+1 workspace number 1
- bindsym $mod+2 workspace number 2
- bindsym $mod+3 workspace number 3
- bindsym $mod+4 workspace number 4
- bindsym $mod+5 workspace number 5
- bindsym $mod+6 workspace number 6
- bindsym $mod+7 workspace number 7
- bindsym $mod+8 workspace number 8
- bindsym $mod+9 workspace number 9
- bindsym $mod+0 workspace number 10
- # Move focused container to workspace
- bindsym $mod+Shift+1 move container to workspace number 1
- bindsym $mod+Shift+2 move container to workspace number 2
- bindsym $mod+Shift+3 move container to workspace number 3
- bindsym $mod+Shift+4 move container to workspace number 4
- bindsym $mod+Shift+5 move container to workspace number 5
- bindsym $mod+Shift+6 move container to workspace number 6
- bindsym $mod+Shift+7 move container to workspace number 7
- bindsym $mod+Shift+8 move container to workspace number 8
- bindsym $mod+Shift+9 move container to workspace number 9
- bindsym $mod+Shift+0 move container to workspace number 10
- # Note: workspaces can have any name you want, not just numbers.
- # We just use 1-10 as the default.
-
- #
- # Layout stuff:
- #
- # You can "split" the current object of your focus with
- # $mod+b or $mod+v, for horizontal and vertical splits
- # respectively.
- bindsym $mod+b splith
- bindsym $mod+v splitv
-
- # Switch the current container between different layout styles
- bindsym $mod+s layout stacking
- bindsym $mod+w layout tabbed
- bindsym $mod+e layout toggle split
-
- # Make the current focus fullscreen
- bindsym $mod+f fullscreen
-
- # Toggle the current focus between tiling and floating mode
- bindsym $mod+Shift+space floating toggle
-
- # Swap focus between the tiling area and the floating area
- bindsym $mod+space focus mode_toggle
-
- # Move focus to the parent container
- bindsym $mod+a focus parent
-
- #
- # Font
- #
- font "pango:Jetbrains Mono 8"
-
- #
- # Scratchpad:
- #
- # Sway has a "scratchpad", which is a bag of holding for windows.
- # You can send windows there and get them back later.
-
- # Move the currently focused window to the scratchpad
- bindsym $mod+Shift+minus move scratchpad
-
- # Show the next scratchpad window or hide the focused scratchpad window.
- # If there are multiple scratchpad windows, this command cycles through them.
- bindsym $mod+minus scratchpad show
-
- #
- # Resizing containers:
- #
- mode "resize" {
- # left will shrink the containers width
- # right will grow the containers width
- # up will shrink the containers height
- # down will grow the containers height
- bindsym $left resize shrink width 10px
- bindsym $down resize grow height 10px
- bindsym $up resize shrink height 10px
- bindsym $right resize grow width 10px
-
- # Ditto, with arrow keys
- bindsym Left resize shrink width 10px
- bindsym Down resize grow height 10px
- bindsym Up resize shrink height 10px
- bindsym Right resize grow width 10px
-
- # Return to default mode
- bindsym Return mode "default"
- bindsym Escape mode "default"
- }
- bindsym $mod+r mode "resize"
-
- #
- # Status Bar:
- #
- # Read `man 5 sway-bar` for more information about this section.
- bar {
- position bottom
-
- # When the status_command prints a new line to stdout, swaybar updates.
- # The default just shows the current date and time.
- status_command ~/.config/sway/status
-
- colors {
- statusline ${foreground}
- background ${background}
- inactive_workspace ${background}ee ${background}ee ${foreground}ee
- }
- }
-
- # Gaps between multiple tiling windows
- gaps inner 10
- smart_gaps on
-
- bindsym $mod+grave exec busctl --user call org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow lockAllDatabases && swaylock -c #fdf6e3
-
- # class border backgr. text indicator child_border
- client.focused #${bright6} #${foreground} #${background} #${bright5} #${regular4}
- client.focused_inactive #${regular0} #${regular0} #${foreground} #${bright5} #${regular0}
- client.unfocused #${regular0} #${background} #${bright2} #${bright5} #${regular0}
- client.urgent #${bright1} #${bright0} #${regular4} #${background} #${bright0}
- client.placeholder #${background} #${bright2} #${foreground} #${background} #${bright2}
-
- client.background #${foreground}
-
- include /etc/sway/config.d/*
-
- exec sleep 5; systemctl --user restart kanshi.service
- exec sleep 5; swaymsg output '*' bg $wallpaper fill
- '';
- home.file.".config/sway/status".source = ./status;
- home.file.".config/kanshi/config".text = ''
- profile Laptop {
- output eDP-1 enable
- }
-
- profile Docked {
- output eDP-1 disable
- output "LG Electronics LG HDR 4K 0x000354D1" {
- enable
- scale 1.4
- position 0,0
- }
- }
- '';
-
- #services.poweralertd.enable = true;
-
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
diff --git a/home/modules.nix b/home/modules.nix
index 0a6c961..0e295c9 100644
--- a/home/modules.nix
+++ b/home/modules.nix
@@ -1,13 +1,8 @@
{ lib, ... }:
-with lib;
-let
- modules' =
- dir:
- filterAttrs (name: type: (hasSuffix ".nix" name) || (type == "directory")) (builtins.readDir dir);
- modules =
- dir:
- mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) (
- modules' dir
- );
+with lib; let
+ modules' = dir: filterAttrs (name: type: (hasSuffix ".nix" name) || (type == "directory"))
+ (builtins.readDir dir);
+ modules = dir: mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}")))
+ (modules' dir);
in
(modules ./modules)
diff --git a/home/modules/alacritty/default.nix b/home/modules/alacritty/default.nix
index da9f503..0b84642 100644
--- a/home/modules/alacritty/default.nix
+++ b/home/modules/alacritty/default.nix
@@ -1,11 +1,9 @@
-{
- pkgs,
- lib,
- config,
- ...
+{ pkgs
+, lib
+, config
+, ...
}:
-with lib;
-let
+with lib; let
cfg = config.dadada.home.alacritty;
in
{
@@ -13,6 +11,7 @@ in
enable = mkEnableOption "Enable alacritty config";
};
config = mkIf cfg.enable {
+ fonts.fontconfig.enable = true;
home.packages = [
pkgs.jetbrains-mono
];
diff --git a/home/modules/colors.nix b/home/modules/colors.nix
index a4dc5c7..5c197a1 100644
--- a/home/modules/colors.nix
+++ b/home/modules/colors.nix
@@ -1,10 +1,8 @@
-{
- config,
- lib,
- ...
+{ config
+, lib
+, ...
}:
-with lib;
-{
+with lib; {
options.dadada.home.colors = mkOption {
type = types.attrs;
description = "Color scheme";
diff --git a/home/modules/direnv.nix b/home/modules/direnv.nix
index 27a0907..cf36bf1 100644
--- a/home/modules/direnv.nix
+++ b/home/modules/direnv.nix
@@ -1,11 +1,9 @@
-{
- config,
- pkgs,
- lib,
- ...
+{ config
+, pkgs
+, lib
+, ...
}:
-with lib;
-let
+with lib; let
cfg = config.dadada.home.direnv;
in
{
diff --git a/home/modules/git.nix b/home/modules/git.nix
index 92c4c12..3b575b7 100644
--- a/home/modules/git.nix
+++ b/home/modules/git.nix
@@ -1,17 +1,14 @@
-{
- config,
- lib,
- pkgs,
- ...
+{ config
+, lib
+, pkgs
+, ...
}:
-with lib;
-let
+with lib; let
cfg = config.dadada.home.git;
allowedSigners = pkgs.writeTextFile {
name = "allowed-signers";
text = ''
dadada@dadada.li sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKu+pA5Vy0QPHJMjn2S5DCsqKg2UvDhOsBwvvJLf4HbyAAAABHNzaDo= dadada <dadada@dadada.li>
- dadada@dadada.li ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKRuecjbtDh4jyDZH3ccU9t0QFcAgZDBFO8ZWZBA9iT dadada@gorgon
'';
};
in
@@ -30,13 +27,12 @@ in
gpg = {
format = "ssh";
ssh.allowedSignersFile = "${allowedSigners}";
- ssh.program = "ssh-keygen";
};
tag.gpgSign = true;
user = {
email = "dadada@dadada.li";
name = "Tim Schubert";
- signingKey = "key::ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKRuecjbtDh4jyDZH3ccU9t0QFcAgZDBFO8ZWZBA9iT dadada@gorgon";
+ signingKey = "key::sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKu+pA5Vy0QPHJMjn2S5DCsqKg2UvDhOsBwvvJLf4HbyAAAABHNzaDo= dadada <dadada@dadada.li>";
};
core = {
whitespace = {
diff --git a/home/modules/gpg.nix b/home/modules/gpg.nix
index baa17dd..2e77ad0 100644
--- a/home/modules/gpg.nix
+++ b/home/modules/gpg.nix
@@ -1,10 +1,8 @@
-{
- config,
- lib,
- ...
+{ config
+, lib
+, ...
}:
-with lib;
-let
+with lib; let
cfg = config.dadada.home.gpg;
in
{
@@ -29,6 +27,7 @@ in
enable = true;
defaultCacheTtl = 1800;
enableSshSupport = false;
+ pinentryFlavor = "gnome3";
};
};
}
diff --git a/home/modules/gtk.nix b/home/modules/gtk.nix
index 5dcd2e6..eb6dae8 100644
--- a/home/modules/gtk.nix
+++ b/home/modules/gtk.nix
@@ -1,11 +1,9 @@
-{
- config,
- lib,
- pkgs,
- ...
+{ config
+, lib
+, pkgs
+, ...
}:
-with lib;
-let
+with lib; let
cfg = config.dadada.home.gtk;
in
{
diff --git a/home/modules/helix/config/languages.toml b/home/modules/helix/config/languages.toml
index 070bf61..772a9f8 100644
--- a/home/modules/helix/config/languages.toml
+++ b/home/modules/helix/config/languages.toml
@@ -1,5 +1,5 @@
[language-server.rust-analyzer]
-config = { rust-analyzer = { checkOnSave = { command = "clippy" }, procMacro.enable = true } }
+config = { rust-analyzer = { checkOnSave = { command = "clippy" } } }
[language-server.nixd]
command = "nixd"
diff --git a/home/modules/helix/default.nix b/home/modules/helix/default.nix
index 7717423..2ffdc51 100644
--- a/home/modules/helix/default.nix
+++ b/home/modules/helix/default.nix
@@ -1,9 +1,4 @@
-{
- config,
- pkgs,
- lib,
- ...
-}:
+{ config, pkgs, lib, ... }:
let
cfg = config.dadada.home.helix;
in
diff --git a/home/modules/keyring.nix b/home/modules/keyring.nix
index 48b8b54..e82d476 100644
--- a/home/modules/keyring.nix
+++ b/home/modules/keyring.nix
@@ -1,10 +1,8 @@
-{
- config,
- lib,
- ...
+{ config
+, lib
+, ...
}:
-with lib;
-let
+with lib; let
cfg = config.dadada.home.keyring;
in
{
diff --git a/home/modules/session.nix b/home/modules/session.nix
index ba5c941..879400d 100644
--- a/home/modules/session.nix
+++ b/home/modules/session.nix
@@ -1,10 +1,8 @@
-{
- config,
- lib,
- ...
+{ config
+, lib
+, ...
}:
-with lib;
-let
+with lib; let
cfg = config.dadada.home.session;
in
{
diff --git a/home/modules/ssh.nix b/home/modules/ssh.nix
index b8aab54..96f4ed3 100644
--- a/home/modules/ssh.nix
+++ b/home/modules/ssh.nix
@@ -1,10 +1,8 @@
-{
- config,
- lib,
- ...
+{ config
+, lib
+, ...
}:
-with lib;
-let
+with lib; let
cfg = config.dadada.home.ssh;
in
{
diff --git a/home/modules/syncthing.nix b/home/modules/syncthing.nix
index 8095904..fd566b4 100644
--- a/home/modules/syncthing.nix
+++ b/home/modules/syncthing.nix
@@ -1,11 +1,9 @@
-{
- config,
- pkgs,
- lib,
- ...
+{ config
+, pkgs
+, lib
+, ...
}:
-with lib;
-let
+with lib; let
cfg = config.dadada.home.syncthing;
in
{
diff --git a/home/modules/tmux.nix b/home/modules/tmux.nix
index 063b8f2..70f2974 100644
--- a/home/modules/tmux.nix
+++ b/home/modules/tmux.nix
@@ -1,10 +1,8 @@
-{
- config,
- lib,
- ...
+{ config
+, lib
+, ...
}:
-with lib;
-let
+with lib; let
cfg = config.dadada.home.tmux;
in
{
diff --git a/home/modules/xdg.nix b/home/modules/xdg.nix
index 02cadaf..e252d60 100644
--- a/home/modules/xdg.nix
+++ b/home/modules/xdg.nix
@@ -1,11 +1,9 @@
-{
- config,
- pkgs,
- lib,
- ...
+{ config
+, pkgs
+, lib
+, ...
}:
-with lib;
-let
+with lib; let
apps = {
"x-scheme-handler/mailto" = "evolution.desktop";
"message/rfc822" = "evolution.desktop";
@@ -31,25 +29,24 @@ in
config = mkIf cfg.enable {
xdg = {
enable = true;
- configHome = "${config.home.homeDirectory}/.config";
mimeApps = {
enable = false;
associations.added = apps;
defaultApplications = apps;
};
userDirs = {
- desktop = "\$HOME/.desktop";
download = "\$HOME/tmp";
music = "\$HOME/lib/music";
videos = "\$HOME/lib/videos";
pictures = "\$HOME/lib/pictures";
documents = "\$HOME/lib";
+ desktop = "$HOME/tmp";
};
};
home.packages = with pkgs; [
evince
firefox
- xdg-utils
+ xdg_utils
];
};
}
diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix
index 96364ff..5e054b7 100644
--- a/home/modules/zsh.nix
+++ b/home/modules/zsh.nix
@@ -1,11 +1,9 @@
-{
- config,
- pkgs,
- lib,
- ...
+{ config
+, pkgs
+, lib
+, ...
}:
-with lib;
-let
+with lib; let
cfg = config.dadada.home.zsh;
in
{
@@ -16,9 +14,9 @@ in
programs.fzf.enableZshIntegration = true;
programs.zsh = {
enable = true;
+ enableAutosuggestions = true;
enableCompletion = true;
enableVteIntegration = true;
- autosuggestion.enable = true;
autocd = true;
sessionVariables = {
EDITOR = "hx";
@@ -28,9 +26,7 @@ in
ignoreDups = true;
ignoreSpace = true;
save = 100000;
- # FIXME https://github.com/junegunn/fzf/issues/4061
- #share = true;
- share = false;
+ share = true;
};
plugins = [
];
@@ -44,10 +40,12 @@ in
preexec() { echo -n -e "\033]0;$1\007" }
- PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f"$'\n'"╰─> "
+ PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f "
RPROMPT='$(git_super_status)'
+ #NIX_BUILD_SHELL="${pkgs.zsh}/bin/zsh"
+ '';
+ profileExtra = ''
'';
- profileExtra = '''';
shellAliases = {
ga = "git add";
gc = "git commit";
diff --git a/home/nixpkgs-config.nix b/home/nixpkgs-config.nix
index 6a29a63..83fcdbc 100644
--- a/home/nixpkgs-config.nix
+++ b/home/nixpkgs-config.nix
@@ -1,5 +1,4 @@
-{ pkgs }:
-{
+{ pkgs }: {
allowUnfree = true;
allowUnfreePredicate = pkg: true;
allowBroken = false;
diff --git a/home/pkgs.nix b/home/pkgs.nix
index 8fd23e8..afdb1b0 100644
--- a/home/pkgs.nix
+++ b/home/pkgs.nix
@@ -1,6 +1,5 @@
{ pkgs }:
-with pkgs;
-[
+with pkgs; [
anki
aqbanking
aria2
@@ -15,21 +14,19 @@ with pkgs;
bluez-tools
btop # htop
choose # alternative to cut and awk with more readable syntax
- chromium
colordiff
darcs
delta # feature-rich diff viewer
dig
direnv
+ dstat
duf # disk usage
- dune3d
dyff # diff tool for YAML
element-desktop
evince
evolution
ffmpeg
file
- fuzzel
fx # themable json viewer
fzf
fzf
@@ -39,6 +36,7 @@ with pkgs;
gimp
glow
glow # render markdown
+ gnome.gnome-tweaks
gnumake
gnupg
gping # ping with graphs
@@ -63,11 +61,13 @@ with pkgs;
jameica
jc # convert output to json
josm
+ jujutsu
jq
- kanshi
+ jq
+ #jupyter
+ kcachegrind
keepassxc
kubetail
- krita
ldns
liboping # oping, ping multiple hosts at once
libreoffice
@@ -80,11 +80,8 @@ with pkgs;
mpv
mtr
mumble
- nix-output-monitor
ncurses
newsflash
- nixd
- nixfmt-rfc-style
nfs-utils
niv
nix-index
@@ -101,28 +98,28 @@ with pkgs;
pass
pavucontrol
picocom
+ pinentry-gnome
playerctl
procs # ps in rust
prusa-slicer
pv
pwgen
- (python3.withPackages (pkgs: [
- pkgs.pandas
- pkgs.requests
- ]))
+ python3
+ python38Packages.dateutil
+ python38Packages.managesieve
ranger
+ recipemd
reptyr
ripgrep
ripgrep
+ rustup
saleae-logic-2
sd # search and displace like sed but with better syntax
- sieveshell
signal-desktop
silver-searcher
skim # fzf in Rust
slurp
socat
- solvespace
spotify
sqlite
sshfs-fuse
@@ -134,17 +131,16 @@ with pkgs;
ttyd
unzip
usbutils
- vegur
virt-manager
viu # view images from the terminal
vscodium
whois
wireshark
- xdg-utils
+ xdg_utils
xmlstarlet
- unixtools.xxd
+ xsv # cut for csv
xxh # portable shells
- yt-dlp
+ youtube-dl
# zotero Marked as insecure
zeal
zk
diff --git a/home/status b/home/status
deleted file mode 100755
index e24816b..0000000
--- a/home/status
+++ /dev/null
@@ -1,138 +0,0 @@
-#!/usr/bin/env python3
-
-import json
-import sys
-import time
-import requests
-import logging
-import subprocess
-
-from datetime import datetime
-
-logger = logging.getLogger(__name__)
-
-
-class Status:
- def status(self):
- return None
-
-
-class Cat(Status):
- index = 0
-
- def status(self):
- cat_width = 200
- index = self.index
- catwalk = "🐈🏳️🌈" + " " * index
- self.index = (index + 1) % cat_width
-
- return {"full_text": catwalk}
-
-
-class Space(Status):
- backoff = 0
- c_status = None
-
- def status(self):
- backoff = self.backoff
- if self.backoff == 0:
- self.update()
-
- return {"full_text": self.c_status}
-
- def update(self):
- spacestatus_url = "https://status.stratum0.org/status.json"
- resp = requests.get(url=spacestatus_url)
- self.backoff = (self.backoff + 1) % 120
- data = resp.json()
- if data["isOpen"]:
- since = datetime.strptime(data["since"], "%Y-%m-%dT%H:%M:%S.%f").strftime("%A at %H:%M")
- spacestatus = f"Space is open since {since}"
- else:
- spacestatus = "Space is closed"
- self.c_status = spacestatus
-
-
-class Battery(Status):
- capacity_file = open('/sys/class/power_supply/BAT0/capacity', 'r')
- status_file = open('/sys/class/power_supply/BAT0/status', 'r')
-
- def status(self):
- self.status_file.seek(0)
- status = self.status_file.read().rstrip()
-
- self.capacity_file.seek(0)
- capacity = self.capacity_file.read().rstrip()
-
- battery = f"{status} {capacity}%"
-
- return {"full_text": battery}
-
-
-class Time(Status):
- def status(self):
- now = datetime.now()
- match now.isocalendar().week % 10:
- case 1:
- th = "st"
- case 2:
- th = "nd"
- case 3:
- th = "rd"
- case _:
- th = "th"
- return {"full_text": now.strftime(f"%V{th} %A %H:%M") }
-
-
-class FailedUnits(Status):
- def status(self):
- proc = subprocess.run(["systemctl", "list-units", "--failed"], capture_output = True)
- stdout = proc.stdout.decode('utf-8')
- failed = 0
- for line in stdout:
- if 'failed' in line:
- failed += 1
- if failed == 0:
- return {"full_text": f"No failed units"}
- else:
- return {"full_text": f"There are {failed} failed units", "color": "#ff0000"}
-
-
-def print_header():
- header = {
- "version": 1,
- "click_events": False,
- }
- print(json.dumps(header))
- print("[")
-
-
-def run(interval, widgets):
- print_header()
-
- while True:
- body = []
-
- for widget in widgets:
- try:
- status = widget.status()
- except Exception as e:
- logger.error(e)
- if status:
- body += status,
-
- print(json.dumps(body), ",", flush=True)
-
- ts = interval - (time.time() % interval)
- time.sleep(ts)
-
-
-if __name__ == "__main__":
- logging.basicConfig(level=logging.INFO)
-
- # Interval in seconds
- interval = 1.0
-
- widgets = [Cat(), FailedUnits(), Space(), Battery(), Time()]
-
- run(interval, widgets)
diff --git a/hydra-jobs.nix b/hydra-jobs.nix
index 3369943..1d7dde7 100644
--- a/hydra-jobs.nix
+++ b/hydra-jobs.nix
@@ -1,4 +1,5 @@
{ self, nixpkgs, ... }:
-(nixpkgs.lib.mapAttrs' (
- name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel
-) self.nixosConfigurations)
+(nixpkgs.lib.mapAttrs'
+ (name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel)
+ self.nixosConfigurations
+)
diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix
index ba00c29..c8ab058 100644
--- a/nixos/agares/configuration.nix
+++ b/nixos/agares/configuration.nix
@@ -1,8 +1,7 @@
-{
- config,
- modulesPath,
- pkgs,
- ...
+{ config
+, modulesPath
+, pkgs
+, ...
}:
{
imports = [
@@ -31,10 +30,7 @@
fileSystems."/swap" = {
device = "/dev/sda1";
fsType = "btrfs";
- options = [
- "subvol=/root/swap"
- "noatime"
- ];
+ options = [ "subvol=/root/swap" "noatime" ];
};
#swapDevices = [{
@@ -53,14 +49,7 @@
networking.hostName = "agares";
networking.domain = "bs.dadada.li";
- boot.initrd.availableKernelModules = [
- "xhci_pci"
- "ahci"
- "ehci_pci"
- "usb_storage"
- "sd_mod"
- "sdhci_pci"
- ];
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
# Use the GRUB 2 boot loader.
diff --git a/nixos/agares/dns.nix b/nixos/agares/dns.nix
index fe2843f..7e52d8b 100644
--- a/nixos/agares/dns.nix
+++ b/nixos/agares/dns.nix
@@ -66,10 +66,7 @@
];
stub-zone =
let
- stubZone = name: addrs: {
- name = "${name}";
- stub-addr = addrs;
- };
+ stubZone = name: addrs: { name = "${name}"; stub-addr = addrs; };
in
[
#(stubZone "li.dadada.bs" ["192.168.128.220" "2a01:4f8:c010:a710::1"])
diff --git a/nixos/agares/network.nix b/nixos/agares/network.nix
index 6d86d22..af15e05 100644
--- a/nixos/agares/network.nix
+++ b/nixos/agares/network.nix
@@ -10,10 +10,7 @@ in
enable = true;
links = {
"10-persistent" = {
- matchConfig.OriginalName = [
- "enp1s0"
- "enp2s0"
- ]; # takes search domains from the [Network]
+ matchConfig.OriginalName = [ "enp1s0" "enp2s0" ]; # takes search domains from the [Network]
linkConfig.MACAddressPolicy = "persistent";
};
};
@@ -52,21 +49,19 @@ in
PrivateKeyFile = config.age.secrets."wg-privkey-vpn-dadada-li".path;
ListenPort = 51234;
};
- wireguardPeers = [
- {
- wireguardPeerConfig =
- let
- peerAddresses = i: [
- "${ipv4Prefix}.120.${i}/32"
- "${ulaPrefix}:120::${i}/128"
- ];
- in
- {
- PublicKey = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU=";
- AllowedIPs = peerAddresses "3";
- };
- }
- ];
+ wireguardPeers = [{
+ wireguardPeerConfig =
+ let
+ peerAddresses = i: [
+ "${ipv4Prefix}.120.${i}/32"
+ "${ulaPrefix}:120::${i}/128"
+ ];
+ in
+ {
+ PublicKey = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU=";
+ AllowedIPs = peerAddresses "3";
+ };
+ }];
};
"20-wg0" = {
netdevConfig = {
@@ -142,10 +137,7 @@ in
"10-mgmt" = lib.mkMerge [
(subnet "enp1s0" "100")
{
- networkConfig.VLAN = [
- "lan.10"
- "ff.11"
- ];
+ networkConfig.VLAN = [ "lan.10" "ff.11" ];
dhcpServerStaticLeases = [
{
# legion
@@ -166,24 +158,13 @@ in
];
"30-wg0" = {
matchConfig.Name = "wg0";
- address = [
- "10.3.3.2/32"
- "fd42:9c3b:f96d:121::2/128"
- ];
+ address = [ "10.3.3.2/32" "fd42:9c3b:f96d:121::2/128" ];
DHCP = "no";
networkConfig.IPv6AcceptRA = false;
linkConfig.RequiredForOnline = false;
routes = [
- {
- routeConfig = {
- Destination = "10.3.3.1/24";
- };
- }
- {
- routeConfig = {
- Destination = "fd42:9c3b:f96d:121::1/64";
- };
- }
+ { routeConfig = { Destination = "10.3.3.1/24"; }; }
+ { routeConfig = { Destination = "fd42:9c3b:f96d:121::1/64"; }; }
];
};
"30-lan" = subnet "lan.10" "101" // {
@@ -285,14 +266,10 @@ in
linkConfig.RequiredForOnline = false;
routes = [
{
- routeConfig = {
- Destination = "${ipv4Prefix}.120.1/24";
- };
+ routeConfig = { Destination = "${ipv4Prefix}.120.1/24"; };
}
{
- routeConfig = {
- Destination = "${ulaPrefix}::120:1/64";
- };
+ routeConfig = { Destination = "${ulaPrefix}::120:1/64"; };
}
];
};
diff --git a/nixos/agares/ppp.nix b/nixos/agares/ppp.nix
index ffa5bc4..dc26e46 100644
--- a/nixos/agares/ppp.nix
+++ b/nixos/agares/ppp.nix
@@ -1,9 +1,4 @@
-{
- pkgs,
- lib,
- config,
- ...
-}:
+{ pkgs, lib, config, ... }:
let
secretsPath = config.dadada.secrets.path;
in
diff --git a/nixos/configurations.nix b/nixos/configurations.nix
index adacb51..15d1619 100644
--- a/nixos/configurations.nix
+++ b/nixos/configurations.nix
@@ -1,73 +1,51 @@
-{
- self,
- agenix,
- home-manager,
- homepage,
- nixos-hardware,
- nixos-generators,
- nixpkgs,
- nixpkgs-small,
- ...
+{ self
+, agenix
+, nixpkgs
+, home-manager
+, homepage
+, nixos-hardware
+, nixos-generators
+, ...
}@inputs:
let
- nixosSystem =
- {
- nixpkgs,
- system ? "x86_64-linux",
- extraModules ? [ ],
- }:
- nixpkgs.lib.nixosSystem {
- inherit system;
+ nixosSystem = { system ? "x86_64-linux", extraModules ? [ ] }: nixpkgs.lib.nixosSystem {
+ inherit system;
- modules =
- [
- {
- nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays;
- }
- ]
- ++ (nixpkgs.lib.attrValues self.nixosModules)
- ++ [ agenix.nixosModules.age ]
- ++ extraModules;
- };
+ modules = [{
+ # Add flakes to registry and nix path.
+ dadada.inputs = inputs // { dadada = self; };
+ nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays;
+ }] ++ (nixpkgs.lib.attrValues self.nixosModules) ++ [ agenix.nixosModules.age ] ++ extraModules;
+ };
in
{
- gorgon =
- let
- system = "x86_64-linux";
- in
- nixosSystem {
- inherit nixpkgs system;
+ gorgon = nixosSystem rec {
+ system = "x86_64-linux";
- extraModules = [
+ extraModules = [
+ {
+ nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays;
+ dadada.pkgs = self.packages.${system};
+ }
+
+ nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1
+
+ home-manager.nixosModules.home-manager
+ ({ pkgs, lib, ... }:
{
- nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays;
- dadada.pkgs = self.packages.${system};
- dadada.inputs = inputs // {
- dadada = self;
- };
- }
-
- nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1
-
- home-manager.nixosModules.home-manager
- (
- { pkgs, lib, ... }:
- {
- home-manager.useGlobalPkgs = true;
- home-manager.useUserPackages = true;
- home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [
- { dadada.home.helix.package = pkgs.helix; }
- { manual.manpages.enable = false; }
- ];
- home-manager.users.dadada = import ../home;
- }
- )
- ./gorgon/configuration.nix
- ];
- };
+ home-manager.useGlobalPkgs = true;
+ home-manager.useUserPackages = true;
+ home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [
+ { dadada.home.helix.package = pkgs.helix; }
+ { manual.manpages.enable = false; }
+ ];
+ home-manager.users.dadada = import ../home;
+ })
+ ./gorgon/configuration.nix
+ ];
+ };
surgat = nixosSystem {
- nixpkgs = nixpkgs-small;
system = "x86_64-linux";
extraModules = [
{
@@ -79,38 +57,32 @@ in
};
agares = nixosSystem {
- nixpkgs = nixpkgs-small;
extraModules = [
./agares/configuration.nix
];
};
- installer =
- let
- nixpkgs = nixpkgs-small;
- in
- nixpkgs.lib.nixosSystem {
- system = "x86_64-linux";
- modules = [
- nixos-generators.nixosModules.install-iso
- self.nixosModules.admin
- {
- isoImage.isoName = nixpkgs.lib.mkForce "dadada-nixos-installer.iso";
- networking.tempAddresses = "disabled";
- dadada.admin.enable = true;
- documentation.enable = true;
- documentation.nixos.enable = true;
- i18n.defaultLocale = "en_US.UTF-8";
- console = {
- font = "Lat2-Terminus16";
- keyMap = "us";
- };
- }
- ];
- };
+ installer = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ modules = [
+ nixos-generators.nixosModules.install-iso
+ self.nixosModules.admin
+ {
+ isoImage.isoName = nixpkgs.lib.mkForce "dadada-nixos-installer.iso";
+ networking.tempAddresses = "disabled";
+ dadada.admin.enable = true;
+ documentation.enable = true;
+ documentation.nixos.enable = true;
+ i18n.defaultLocale = "en_US.UTF-8";
+ console = {
+ font = "Lat2-Terminus16";
+ keyMap = "us";
+ };
+ }
+ ];
+ };
ninurta = nixosSystem {
- nixpkgs = nixpkgs-small;
extraModules = [
./ninurta/configuration.nix
];
diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix
index 9c8b8e3..c4d0af0 100644
--- a/nixos/gorgon/configuration.nix
+++ b/nixos/gorgon/configuration.nix
@@ -1,8 +1,7 @@
-{
- config,
- pkgs,
- lib,
- ...
+{ config
+, pkgs
+, lib
+, ...
}:
let
xilinxJtag = pkgs.writeTextFile {
@@ -35,8 +34,6 @@ in
./hardware-configuration.nix
];
- dadada.backupClient.bs.enable = false;
- dadada.backupClient.backup1.enable = true;
dadada.backupClient.backup2 = {
enable = true;
passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path;
@@ -44,10 +41,6 @@ in
repo = "u355513-sub1@u355513-sub1.your-storagebox.de:/home/backup";
};
- nixpkgs.config.android_sdk.accept_license = true;
-
- programs.ssh.startAgent = true;
-
nix.extraOptions = ''
experimental-features = nix-command flakes
# Prevent garbage collection for nix shell and direnv
@@ -57,7 +50,6 @@ in
boot = {
kernelModules = [ "kvm-amd" ];
- extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ];
kernelParams = [ "resume=/dev/disk/by-label/swap" ];
initrd = {
systemd.enable = true;
@@ -105,18 +97,13 @@ in
passwordFile = config.age.secrets.paperless.path;
};
- systemd.tmpfiles.rules =
- let
- cfg = config.services.paperless;
- in
- [
- (
- if cfg.consumptionDirIsPublic then
- "d '${cfg.consumptionDir}' 777 - - - -"
- else
- "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -"
- )
- ];
+ systemd.tmpfiles.rules = let cfg = config.services.paperless; in [
+ (if cfg.consumptionDirIsPublic then
+ "d '${cfg.consumptionDir}' 777 - - - -"
+ else
+ "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -"
+ )
+ ];
age.secrets.paperless = {
file = "${config.dadada.secrets.path}/paperless.age";
@@ -136,29 +123,10 @@ in
];
};
- hardware.printers.ensurePrinters = [
- {
- name = "Brother_HL-L2300D";
- model = "everywhere";
- location = "BS";
- deviceUri = "ipp://192.168.101.29:631/printers/Brother_HL-L2300D";
- }
- ];
-
environment.systemPackages = with pkgs; [
- android-studio
+ chromium
ghostscript
smartmontools
-
- dmenu
- grim # screenshot functionality
- slurp # screenshot functionality
- #mako # notification system developed by swaywm maintainer
- pulseaudio
-
- # KDE apps
- kdePackages.kmail
- kdePackages.kmail-account-wizard
];
networking.firewall = {
@@ -174,16 +142,7 @@ in
systemd.services.modem-manager.enable = lib.mkForce false;
systemd.services."dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false;
- systemd.sleep.extraConfig = ''
- HibernateDelaySec=1h
- '';
-
- services.udev.packages = [
- xilinxJtag
- saleaeLogic
- keychron
- pkgs.libsigrok
- ]; # noMtpUdevRules ];
+ services.udev.packages = [ xilinxJtag saleaeLogic keychron ]; #noMtpUdevRules ];
virtualisation.libvirtd.enable = true;
@@ -195,20 +154,7 @@ in
users.users = {
dadada = {
isNormalUser = true;
- extraGroups = [
- "wheel"
- "networkmanager"
- "libvirtd"
- "adbusers"
- "kvm"
- "video"
- "scanner"
- "lp"
- "docker"
- "dialout"
- "wireshark"
- "paperless"
- ];
+ extraGroups = [ "wheel" "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" "dialout" "wireshark" "paperless" ];
shell = "/run/current-system/sw/bin/zsh";
};
};
@@ -217,44 +163,37 @@ in
"127.0.0.2" = [ "kanboard.dadada.li" ];
};
- services.gnome.gnome-keyring.enable = lib.mkForce false;
- programs.gnupg.agent.enable = true;
+ # https://lists.zx2c4.com/pipermail/wireguard/2017-November/002028.html
+ systemd.timers.wg-reresolve-dns = {
+ wantedBy = [ "timers.target" ];
+ partOf = [ "wg-reresolve-dns.service" ];
+ timerConfig.OnCalendar = "hourly";
+ };
- # KDE
- services = {
- desktopManager.plasma6.enable = true;
- displayManager.sddm.enable = true;
- displayManager.sddm.wayland.enable = true;
- };
- services.greetd = {
- enable = false;
- settings = {
- default_session = {
- command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway";
- user = "greeter";
- };
+ systemd.services.wg-reresolve-dns =
+ let
+ vpnPubKey = "x/y6I59buVzv9Lfzl+b17mGWbzxU+3Ke9mQNa1DLsDI=";
+ in
+ {
+ serviceConfig.Type = "oneshot";
+ script = ''
+ ${pkgs.wireguard-tools}/bin/wg set dadada peer ${vpnPubKey} endpoint vpn.dadada.li:51234 persistent-keepalive 25 allowed-ips fd42:9c3b:f96d::/48
+ '';
};
- };
- systemd.user.services.kanshi = {
- enable = false;
- description = "kanshi daemon";
- environment = {
- WAYLAND_DISPLAY = "wayland-1";
- DISPLAY = ":0";
- };
- serviceConfig = {
- Type = "simple";
- ExecStart = ''${pkgs.kanshi}/bin/kanshi'';
- };
- };
- # enable Sway window manager
- programs.sway = {
- enable = false;
- wrapperFeatures.gtk = true;
- };
- programs.light.enable = true;
- xdg.portal.wlr.enable = false;
- hardware.bluetooth.enable = true;
+
+ #networking.wg-quick.interfaces.mullvad = {
+ # address = [ "10.68.15.202/32" "fc00:bbbb:bbbb:bb01::5:fc9/128" ];
+ # privateKeyFile = "/var/lib/wireguard/mullvad";
+ # peers = [
+ # {
+ # publicKey = "Ec/wwcosVal9Kjc97ZuTTV7Dy5c0/W5iLet7jrSEm2k=";
+ # allowedIPs = [ "0.0.0.0/0" "::0/0" ];
+ # endpoint = "193.27.14.66:51820";
+ # persistentKeepalive = 25;
+ # }
+ # ];
+ # postUp = "${pkgs.iproute2}/bin/ip rule add to 193.27.14.66 lookup main";
+ #};
hardware.opengl = {
enable = true;
@@ -264,16 +203,5 @@ in
];
};
- powerManagement = {
- enable = true;
- powertop.enable = true;
- cpuFreqGovernor = "schedutil";
- powerUpCommands = ''
- echo 40 > /sys/class/power_supply/BAT0/charge_control_start_threshold
- echo 80 > /sys/class/power_supply/BAT0/charge_control_stop_threshold
- '';
- };
- services.tlp.enable = false;
-
system.stateVersion = "23.11";
}
diff --git a/nixos/gorgon/hardware-configuration.nix b/nixos/gorgon/hardware-configuration.nix
index 30d7447..4155fae 100644
--- a/nixos/gorgon/hardware-configuration.nix
+++ b/nixos/gorgon/hardware-configuration.nix
@@ -1,26 +1,17 @@
# Do not modify this file! It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
-{
- config,
- lib,
- pkgs,
- modulesPath,
- ...
-}:
-{
+{ config
+, lib
+, pkgs
+, modulesPath
+, ...
+}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
- boot.initrd.availableKernelModules = [
- "nvme"
- "ehci_pci"
- "xhci_pci"
- "usb_storage"
- "sd_mod"
- "rtsx_pci_sdmmc"
- ];
+ boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
diff --git a/nixos/modules/admin.nix b/nixos/modules/admin.nix
index 07323da..873832d 100644
--- a/nixos/modules/admin.nix
+++ b/nixos/modules/admin.nix
@@ -1,16 +1,11 @@
-{
- config,
- pkgs,
- lib,
- ...
+{ config
+, pkgs
+, lib
+, ...
}:
-with lib;
-let
+with lib; let
cfg = config.dadada.admin;
- extraGroups = [
- "wheel"
- "libvirtd"
- ];
+ extraGroups = [ "wheel" "libvirtd" ];
shells = {
"bash" = pkgs.bashInteractive;
@@ -21,32 +16,22 @@ let
shellNames = builtins.attrNames shells;
adminOpts =
- {
- name,
- config,
- ...
- }:
- {
+ { name
+ , config
+ , ...
+ }: {
options = {
keys = mkOption {
type = types.listOf types.str;
default = [ ];
- apply =
- x:
- assert (builtins.length x > 0 || abort "Please specify at least one key to be able to log in");
- x;
+ apply = x: assert (builtins.length x > 0 || abort "Please specify at least one key to be able to log in"); x;
description = ''
The keys that should be able to access the account.
'';
};
shell = mkOption {
type = types.nullOr types.str;
- apply =
- x:
- assert (
- builtins.elem x shellNames || abort "Please specify one of ${builtins.toString shellNames}"
- );
- x;
+ apply = x: assert (builtins.elem x shellNames || abort "Please specify one of ${builtins.toString shellNames}"); x;
default = "zsh";
defaultText = literalExpression "zsh";
example = literalExpression "bash";
@@ -96,12 +81,15 @@ in
security.sudo.wheelNeedsPassword = false;
services.openssh.openFirewall = true;
- users.users = mapAttrs (user: keys: {
- shell = shells."${keys.shell}";
- extraGroups = extraGroups;
- isNormalUser = true;
- openssh.authorizedKeys.keys = keys.keys;
- }) cfg.users;
+ users.users =
+ mapAttrs
+ (user: keys: {
+ shell = shells."${keys.shell}";
+ extraGroups = extraGroups;
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = keys.keys;
+ })
+ cfg.users;
nix.settings.trusted-users = builtins.attrNames cfg.users;
@@ -115,7 +103,7 @@ in
services.tor.relay.onionServices = {
"rat" = mkIf cfg.rat.enable {
name = "rat";
- map = [ { port = 22; } ];
+ map = [{ port = 22; }];
};
};
};
diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix
index 095fd35..c18aeb8 100644
--- a/nixos/modules/backup.nix
+++ b/nixos/modules/backup.nix
@@ -1,11 +1,9 @@
-{
- config,
- pkgs,
- lib,
- ...
+{ config
+, pkgs
+, lib
+, ...
}:
-with lib;
-let
+with lib; let
backupExcludes = [
"/backup"
"/dev"
@@ -158,7 +156,7 @@ in
};
};
- services.borgbackup.jobs.backup1 = mkIf cfg.backup1.enable {
+ services.borgbackup.jobs.backup1 = mkIf cfg.bs.enable {
paths = "/";
exclude = backupExcludes;
repo = "borg@backup1.dadada.li:/mnt/storage/backups/${config.networking.hostName}";
diff --git a/nixos/modules/borg-server.nix b/nixos/modules/borg-server.nix
index 594f356..c1aceeb 100644
--- a/nixos/modules/borg-server.nix
+++ b/nixos/modules/borg-server.nix
@@ -1,11 +1,6 @@
{ config, lib, ... }:
let
- inherit (lib)
- mkEnableOption
- mkIf
- mkOption
- types
- ;
+ inherit (lib) mkEnableOption mkIf mkOption types;
cfg = config.dadada.borgServer;
in
{
@@ -25,41 +20,31 @@ in
services.borgbackup.repos = {
"metis" = {
allowSubRepos = false;
- authorizedKeysAppendOnly = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis"
- ];
+ authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis" ];
path = "${cfg.path}/metis";
quota = "1T";
};
"gorgon" = {
allowSubRepos = false;
- authorizedKeysAppendOnly = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon"
- ];
+ authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon" ];
path = "${cfg.path}/gorgon";
quota = "1T";
};
"surgat" = {
allowSubRepos = false;
- authorizedKeysAppendOnly = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat"
- ];
+ authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat" ];
path = "${cfg.path}/surgat";
quota = "50G";
};
"pruflas" = {
allowSubRepos = false;
- authorizedKeysAppendOnly = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk7f9DSnXCOIUsxFsjCKG23vHShV4TSzzPJunPOwa1I root@pruflas"
- ];
+ authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk7f9DSnXCOIUsxFsjCKG23vHShV4TSzzPJunPOwa1I root@pruflas" ];
path = "${cfg.path}/pruflas";
quota = "50G";
};
"wohnzimmerpi" = {
allowSubRepos = false;
- authorizedKeysAppendOnly = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi"
- ];
+ authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi" ];
path = "${cfg.path}/wohnzimmerpi";
quota = "50G";
};
diff --git a/nixos/modules/ddns.nix b/nixos/modules/ddns.nix
index 594be6d..807949e 100644
--- a/nixos/modules/ddns.nix
+++ b/nixos/modules/ddns.nix
@@ -1,70 +1,51 @@
-{
- config,
- pkgs,
- lib,
- ...
+{ config
+, pkgs
+, lib
+, ...
}:
-with lib;
-let
+with lib; let
cfg = config.dadada.ddns;
- ddnsConfig =
- {
- domains,
- credentialsPath,
- interface,
- }:
- {
- systemd.timers = listToAttrs (
- forEach domains (
- domain:
- nameValuePair "ddns-${domain}" {
- wantedBy = [ "timers.target" ];
- partOf = [ "ddns-${domain}.service" ];
- timerConfig.OnCalendar = "hourly";
- }
- )
- );
+ ddnsConfig = { domains, credentialsPath, interface }: {
+ systemd.timers = listToAttrs (forEach domains (domain:
+ nameValuePair "ddns-${domain}"
+ {
+ wantedBy = [ "timers.target" ];
+ partOf = [ "ddns-${domain}.service" ];
+ timerConfig.OnCalendar = "hourly";
+ }));
- systemd.services = listToAttrs (
- forEach domains (
- domain:
- nameValuePair "ddns-${domain}" {
- serviceConfig = {
- Type = "oneshot";
- PrivateTmp = true;
- PrivateDevices = true;
- PrivateUsers = true;
- PrivateMounts = true;
- PrivateIPC = true;
- ProtectHome = true;
- ProtectSystem = "strict";
- ProtectKernelTunables = true;
- BindReadOnlyPaths = [ credentialsPath ];
- NoNewPrivileges = true;
- CapabilitBoundingSet = [ ];
- };
- script = ''
- function url() {
- echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3"
- }
+ systemd.services = listToAttrs (forEach domains (domain:
+ nameValuePair "ddns-${domain}"
+ {
+ serviceConfig = {
+ Type = "oneshot";
+ PrivateTmp = true;
+ PrivateDevices = true;
+ PrivateUsers = true;
+ PrivateMounts = true;
+ PrivateIPC = true;
+ ProtectHome = true;
+ ProtectSystem = "strict";
+ ProtectKernelTunables = true;
+ BindReadOnlyPaths = [ credentialsPath ];
+ NoNewPrivileges = true;
+ CapabilitBoundingSet = [ ];
+ };
+ script = ''
+ function url() {
+ echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3"
+ }
- IFS=':'
- read -r user password < ${credentialsPath}
- unset IFS
+ IFS=':'
+ read -r user password < ${credentialsPath}
+ unset IFS
- curl_url=$(url "$user" "$password" ${domain})
+ curl_url=$(url "$user" "$password" ${domain})
- ${pkgs.curl}/bin/curl --ipv4 "$curl_url" ${
- if interface == null then "" else "--interface ${interface}"
- } || true
- ${pkgs.curl}/bin/curl --ipv6 "$curl_url" ${
- if interface == null then "" else "--interface ${interface}"
- }
- '';
- }
- )
- );
- };
+ ${pkgs.curl}/bin/curl -6 "$curl_url" ${if interface == null then "" else "--interface ${interface}"}
+ '';
+ }));
+ };
in
{
options = {
diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix
index fa94c8c..c2b27dc 100644
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@@ -1,16 +1,22 @@
-{ lib, ... }:
-with lib;
-let
- modules' =
- dir:
- filterAttrs (
- name: type:
- (name != "default.nix" && name != "profiles" && ((hasSuffix ".nix" name) || (type == "directory")))
- ) (builtins.readDir dir);
- modules =
- dir:
- mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) (
- modules' dir
- );
-in
-(modules ./.)
+{
+ admin = import ./admin.nix;
+ backup = import ./backup.nix;
+ borgServer = import ./borg-server.nix;
+ ddns = import ./ddns.nix;
+ element = import ./element.nix;
+ fileShare = import ./fileShare.nix;
+ gitea = import ./gitea.nix;
+ headphones = import ./headphones.nix;
+ homepage = import ./homepage.nix;
+ miniflux = import ./miniflux.nix;
+ inputs = import ./inputs.nix;
+ nixpkgs = import ./nixpkgs.nix;
+ packages = import ./packages.nix;
+ secrets = import ./secrets.nix;
+ share = import ./share.nix;
+ steam = import ./steam.nix;
+ sway = import ./sway.nix;
+ vpnServer = import ./vpnServer.nix;
+ weechat = import ./weechat.nix;
+ yubikey = import ./yubikey.nix;
+}
diff --git a/nixos/modules/element.nix b/nixos/modules/element.nix
index 2fcefec..2a45da1 100644
--- a/nixos/modules/element.nix
+++ b/nixos/modules/element.nix
@@ -1,8 +1,7 @@
-{
- config,
- pkgs,
- lib,
- ...
+{ config
+, pkgs
+, lib
+, ...
}:
let
cfg = config.dadada.element;
diff --git a/nixos/modules/fileShare.nix b/nixos/modules/fileShare.nix
index a3a72ba..5b6a0f2 100644
--- a/nixos/modules/fileShare.nix
+++ b/nixos/modules/fileShare.nix
@@ -1,10 +1,8 @@
-{
- config,
- lib,
- ...
+{ config
+, lib
+, ...
}:
-with lib;
-let
+with lib; let
cfg = config.dadada.fileShare;
sharePath = "/mnt/storage/share";
ipv6 = "fd42:dead:beef::/48";
diff --git a/nixos/modules/gitea.nix b/nixos/modules/gitea.nix
index 783bf6f..f566024 100644
--- a/nixos/modules/gitea.nix
+++ b/nixos/modules/gitea.nix
@@ -1,31 +1,24 @@
-{
- config,
- pkgs,
- lib,
- ...
+{ config
+, pkgs
+, lib
+, ...
}:
let
- cfg = config.dadada.forgejo;
+ cfg = config.dadada.gitea;
in
{
- options.dadada.forgejo = {
- enable = lib.mkEnableOption "Enable forgejo";
+ options.dadada.gitea = {
+ enable = lib.mkEnableOption "Enable gitea";
};
config = lib.mkIf cfg.enable {
- services.forgejo = {
+ services.gitea = {
enable = true;
- user = "gitea";
- group = "gitea";
- stateDir = "/var/lib/gitea";
-
+ appName = "dadada Gitea";
database = {
type = "postgres";
- name = "gitea";
- user = "gitea";
};
settings = {
- DEFAULT.APP_NAME = "dadada forgejo";
service = {
DISABLE_REGISTRATION = true;
};
@@ -38,11 +31,6 @@ in
LANDING_PAGE = "explore";
OFFLINE_MODE = true;
DISABLE_SSH = false;
-
- # Use built-in SSH server
- START_SSH_SERVER = true;
- SSH_PORT = 22;
-
DOMAIN = "git.dadada.li";
};
picture = {
@@ -62,41 +50,26 @@ in
cache = {
ENABLE = true;
ADAPTER = "redis";
- HOST = "network=unix,addr=${config.services.redis.servers.forgejo.unixSocket},db=0,pool_size=100,idle_timeout=180";
+ HOST = "network=unix,addr=${config.services.redis.servers.gitea.unixSocket},db=0,pool_size=100,idle_timeout=180";
};
};
};
services.redis = {
- servers.forgejo = {
+ servers.gitea = {
enable = true;
- user = config.services.forgejo.user;
+ user = config.services.gitea.user;
};
vmOverCommit = true;
};
- systemd.services.forgejo.serviceConfig = {
- AmbientCapabilities = lib.mkForce "CAP_NET_BIND_SERVICE";
- CapabilityBoundingSet = lib.mkForce "CAP_NET_BIND_SERVICE";
- PrivateUsers = lib.mkForce false;
- };
-
services.nginx.virtualHosts."git.${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations."/".extraConfig = ''
- proxy_pass http://unix:/run/forgejo/forgejo.sock:/;
+ proxy_pass http://unix:/run/gitea/gitea.sock:/;
'';
};
-
- users.users.gitea = {
- home = "/var/lib/gitea";
- useDefaultShell = true;
- group = "gitea";
- isSystemUser = true;
- };
-
- users.groups.gitea = { };
};
}
diff --git a/nixos/modules/headphones.nix b/nixos/modules/headphones.nix
index 877be07..585a5dd 100644
--- a/nixos/modules/headphones.nix
+++ b/nixos/modules/headphones.nix
@@ -1,11 +1,9 @@
-{
- config,
- pkgs,
- lib,
- ...
+{ config
+, pkgs
+, lib
+, ...
}:
-with lib;
-let
+with lib; let
cfg = config.dadada.headphones;
in
{
diff --git a/nixos/modules/homepage.nix b/nixos/modules/homepage.nix
index 193e71e..b04c3b2 100644
--- a/nixos/modules/homepage.nix
+++ b/nixos/modules/homepage.nix
@@ -1,13 +1,11 @@
-{
- config,
- lib,
- ...
+{ config
+, lib
+, ...
}:
let
cfg = config.dadada.homepage;
in
-with lib;
-{
+with lib; {
options.dadada.homepage = {
enable = mkEnableOption "Enable home page";
package = mkOption {
diff --git a/nixos/modules/inputs.nix b/nixos/modules/inputs.nix
index 9d18883..4db219c 100644
--- a/nixos/modules/inputs.nix
+++ b/nixos/modules/inputs.nix
@@ -1,8 +1,7 @@
-{
- config,
- pkgs,
- lib,
- ...
+{ config
+, pkgs
+, lib
+, ...
}:
let
cfg = config.dadada.inputs;
diff --git a/nixos/modules/profiles/backup.nix b/nixos/modules/profiles/backup.nix
index d333804..a69a89c 100644
--- a/nixos/modules/profiles/backup.nix
+++ b/nixos/modules/profiles/backup.nix
@@ -4,7 +4,7 @@ let
in
{
dadada.backupClient.bs = {
- enable = lib.mkDefault false;
+ enable = lib.mkDefault true;
passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path;
sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path;
};
@@ -21,8 +21,6 @@ in
sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path;
};
- age.secrets."${config.networking.hostName}-backup-passphrase".file =
- "${secretsPath}/${config.networking.hostName}-backup-passphrase.age";
- age.secrets."${config.networking.hostName}-backup-ssh-key".file =
- "${secretsPath}/${config.networking.hostName}-backup-ssh-key.age";
+ age.secrets."${config.networking.hostName}-backup-passphrase".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase.age";
+ age.secrets."${config.networking.hostName}-backup-ssh-key".file = "${secretsPath}/${config.networking.hostName}-backup-ssh-key.age";
}
diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix
index b681d72..d2930a7 100644
--- a/nixos/modules/profiles/base.nix
+++ b/nixos/modules/profiles/base.nix
@@ -1,9 +1,4 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
+{ config, lib, ... }:
let
mkDefault = lib.mkDefault;
inputs = config.dadada.inputs;
@@ -13,26 +8,19 @@ in
./upgrade-pg-cluster.nix
];
- boot.tmp.useTmpfs = true;
- boot.tmp.tmpfsSize = "50%";
-
i18n.defaultLocale = mkDefault "en_US.UTF-8";
console = mkDefault {
font = "Lat2-Terminus16";
keyMap = "us";
};
- i18n.supportedLocales = mkDefault [
- "C.UTF-8/UTF-8"
- "en_US.UTF-8/UTF-8"
- "de_DE.UTF-8/UTF-8"
- ];
-
time.timeZone = mkDefault "Europe/Berlin";
- nix.package = pkgs.lix;
+ nix.nixPath = lib.mapAttrsToList (name: value: "${name}=${value}") inputs;
+ nix.registry = lib.mapAttrs' (name: value: lib.nameValuePair name { flake = value; }) inputs;
+ nix.settings.flake-registry = "${config.dadada.inputs.flake-registry}/flake-registry.json";
- nix.settings.substituters = [ "https://cache.nixos.org/" ];
+ nix.settings.substituters = [ https://cache.nixos.org/ ];
nix.settings.trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
@@ -53,6 +41,18 @@ in
experimental-features = nix-command flakes
'';
+ programs.zsh = mkDefault {
+ enable = true;
+ autosuggestions.enable = true;
+ enableCompletion = true;
+ histSize = 100000;
+ vteIntegration = true;
+ syntaxHighlighting = {
+ enable = true;
+ highlighters = [ "main" "brackets" "pattern" "root" "line" ];
+ };
+ };
+
networking.networkmanager.dns = mkDefault "systemd-resolved";
networking.hosts = {
@@ -61,14 +61,7 @@ in
services.resolved = {
enable = mkDefault true;
- fallbackDns = [
- "9.9.9.9#dns.quad9.net"
- "2620:fe::fe:11#dns11.quad9.net"
- ];
+ fallbackDns = [ "9.9.9.9#dns.quad9.net" "2620:fe::fe:11#dns11.quad9.net" ];
};
-
- programs.zsh.enable = mkDefault true;
-
- # Avoid some bots
- services.openssh.ports = [ 2222 ];
}
+
diff --git a/nixos/modules/profiles/cloud.nix b/nixos/modules/profiles/cloud.nix
index de57714..98314c7 100644
--- a/nixos/modules/profiles/cloud.nix
+++ b/nixos/modules/profiles/cloud.nix
@@ -5,44 +5,30 @@ let
in
{
boot.initrd.availableKernelModules = [ "virtio-pci" ];
-
- boot.kernelParams = [
- # Wait forever for the filesystem root to show up
- "rootflags=x-systemd.device-timeout=0"
-
- # Wait forever to enter the LUKS passphrase via SSH
- "rd.luks.options=timeout=0"
- ];
boot.initrd.network = {
enable = true;
ssh = {
enable = true;
- port = 2223;
+ port = 22;
hostKeys = [
config.age.secrets."${initrdHostKey}".path
];
- authorizedKeys =
- with lib;
- concatLists (
- mapAttrsToList (
- name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else [ ]
- ) config.users.users
- );
+ authorizedKeys = with lib;
+ concatLists (mapAttrsToList
+ (name: user:
+ if elem "wheel" user.extraGroups then
+ user.openssh.authorizedKeys.keys
+ else
+ [ ])
+ config.users.users);
};
postCommands = ''
echo 'cryptsetup-askpass' >> /root/.profile
'';
};
- assertions = lib.singleton {
- assertion =
- (config.boot.initrd.network.ssh.hostKeys != [ ])
- -> config.boot.loader.supportsInitrdSecrets == true;
- message = "Refusing to store private keys in store";
- };
-
age.secrets."${initrdHostKey}" = {
- file = "${secretsPath}/initrd-${initrdHostKey}.age";
+ file = "${secretsPath}/${initrdHostKey}.age";
mode = "600";
path = "/etc/initrd/${initrdHostKey}";
symlink = false;
diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix
index d9f0bde..551cfc2 100644
--- a/nixos/modules/profiles/laptop.nix
+++ b/nixos/modules/profiles/laptop.nix
@@ -1,14 +1,12 @@
-{
- config,
- lib,
- ...
+{ config
+, pkgs
+, lib
+, ...
}:
let
- inputs = config.dadada.inputs;
secretsPath = config.dadada.secrets.path;
in
-with lib;
-{
+with lib; {
imports = [
./backup.nix
./base.nix
@@ -17,15 +15,15 @@ with lib;
networking.domain = mkDefault "dadada.li";
services.fwupd.enable = mkDefault true;
+ programs.ssh.startAgent = true;
programs.ssh.enableAskPassword = true;
- programs.nix-ld.enable = true;
-
- nix.nixPath = mapAttrsToList (name: value: "${name}=${value}") inputs;
- nix.registry = mkForce (mapAttrs' (name: value: nameValuePair name { flake = value; }) inputs);
- nix.settings.flake-registry = "${config.dadada.inputs.flake-registry}/flake-registry.json";
age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+ fonts.packages = mkDefault (with pkgs; [
+ source-code-pro
+ ]);
+
users.mutableUsers = mkDefault true;
# Use the systemd-boot EFI boot loader.
@@ -39,6 +37,10 @@ with lib;
networking.networkmanager.enable = mkDefault true;
networking.firewall.enable = mkDefault true;
+ services.xserver.enable = mkDefault true;
+ services.xserver.displayManager.gdm.enable = mkDefault true;
+ services.xserver.desktopManager.gnome.enable = mkDefault true;
+
xdg.mime.enable = mkDefault true;
security.rtkit.enable = true;
@@ -55,6 +57,5 @@ with lib;
passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase-gs".path;
};
- age.secrets."${config.networking.hostName}-backup-passphrase-gs".file =
- "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age";
+ age.secrets."${config.networking.hostName}-backup-passphrase-gs".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age";
}
diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix
index 724655f..2bbdab7 100644
--- a/nixos/modules/profiles/server.nix
+++ b/nixos/modules/profiles/server.nix
@@ -1,11 +1,9 @@
-{
- config,
- pkgs,
- lib,
- ...
+{ config
+, pkgs
+, lib
+, ...
}:
-with lib;
-{
+with lib; {
imports = [
./backup.nix
./base.nix
@@ -18,18 +16,15 @@ with lib;
documentation.enable = mkDefault false;
documentation.nixos.enable = mkDefault false;
- services.btrfs.autoScrub.enable = mkDefault (
- (filterAttrs (name: fs: fs.fsType == "btrfs") config.fileSystems) != { }
- );
+ services.btrfs.autoScrub.enable = true;
services.journald.extraConfig = ''
SystemKeepFree = 2G
- MaxRetentionSec = 100days
'';
system.autoUpgrade = {
enable = true;
- flake = "https://git.dadada.li/dadada/nix-config/archive/main.tar.gz#${config.networking.hostName}";
+ flake = "github:dadada/nix-config#${config.networking.hostName}";
allowReboot = mkDefault false;
randomizedDelaySec = "45min";
};
diff --git a/nixos/modules/profiles/upgrade-pg-cluster.nix b/nixos/modules/profiles/upgrade-pg-cluster.nix
index 486bf29..3042265 100644
--- a/nixos/modules/profiles/upgrade-pg-cluster.nix
+++ b/nixos/modules/profiles/upgrade-pg-cluster.nix
@@ -1,9 +1,4 @@
-{
- config,
- pkgs,
- lib,
- ...
-}:
+{ config, pkgs, lib, ... }:
{
environment.systemPackages = lib.mkIf config.services.postgresql.enable [
(
diff --git a/nixos/modules/share.nix b/nixos/modules/share.nix
index 7c7410b..a4e5f9c 100644
--- a/nixos/modules/share.nix
+++ b/nixos/modules/share.nix
@@ -1,11 +1,9 @@
-{
- config,
- pkgs,
- lib,
- ...
+{ config
+, pkgs
+, lib
+, ...
}:
-with lib;
-let
+with lib; let
cfg = config.dadada.share;
in
{
diff --git a/nixos/modules/steam.nix b/nixos/modules/steam.nix
index b6b0846..82944eb 100644
--- a/nixos/modules/steam.nix
+++ b/nixos/modules/steam.nix
@@ -1,11 +1,9 @@
-{
- config,
- pkgs,
- lib,
- ...
+{ config
+, pkgs
+, lib
+, ...
}:
-with lib;
-let
+with lib; let
cfg = config.dadada.steam;
in
{
diff --git a/nixos/modules/sway.nix b/nixos/modules/sway.nix
new file mode 100644
index 0000000..190d13e
--- /dev/null
+++ b/nixos/modules/sway.nix
@@ -0,0 +1,40 @@
+{ config, pkgs, lib, ... }:
+let
+ cfg = config.dadada.sway;
+in
+{
+ options = {
+ dadada.sway.enable = lib.mkEnableOption "Enable sway";
+ };
+
+ config = lib.mkIf cfg.enable {
+ programs.sway = {
+ enable = true;
+ wrapperFeatures.gtk = true;
+ wrapperFeatures.base = true;
+ extraPackages = with pkgs; [
+ qt5.qtwayland
+ swayidle
+ xwayland
+ mako
+ kanshi
+ kitty
+ i3status
+ bemenu
+ xss-lock
+ swaylock
+ brightnessctl
+ playerctl
+ ];
+ extraSessionCommands = ''
+ export SDL_VIDEODRIVER=wayland
+ # needs qt5.qtwayland in systemPackages
+ export QT_QPA_PLATFORM=wayland
+ export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
+ # Fix for some Java AWT applications (e.g. Android Studio),
+ # use this if they aren't displayed properly:
+ export _JAVA_AWT_WM_NONREPARENTING=1
+ '';
+ };
+ };
+}
diff --git a/nixos/modules/vpnServer.nix b/nixos/modules/vpnServer.nix
index ee2298e..6c0513f 100644
--- a/nixos/modules/vpnServer.nix
+++ b/nixos/modules/vpnServer.nix
@@ -1,32 +1,28 @@
-{
- config,
- pkgs,
- lib,
- ...
+{ config
+, pkgs
+, lib
+, ...
}:
-with lib;
-let
+with lib; let
cfg = config.dadada.vpnServer;
- wgPeer =
- { name, ... }:
- {
- options = {
- name = mkOption {
- internal = true;
- default = name;
- };
- id = mkOption {
- description = "VPN client id";
- default = 0;
- type = types.str;
- };
- key = mkOption {
- description = "VPN client public key";
- default = "";
- type = types.str;
- };
+ wgPeer = { name, ... }: {
+ options = {
+ name = mkOption {
+ internal = true;
+ default = name;
+ };
+ id = mkOption {
+ description = "VPN client id";
+ default = 0;
+ type = types.str;
+ };
+ key = mkOption {
+ description = "VPN client public key";
+ default = "";
+ type = types.str;
};
};
+ };
in
{
options.dadada.vpnServer = {
@@ -45,10 +41,13 @@ in
privateKeyFile = "/var/lib/wireguard/wg0-key";
ips = [ "fd42:9c3b:f96d:0201::0/64" ];
listenPort = 51234;
- peers = map (peer: {
- allowedIPs = [ "fd42:9c3b:f96d:0201::${peer.id}/128" ];
- publicKey = peer.key;
- }) (attrValues cfg.peers);
+ peers =
+ map
+ (peer: {
+ allowedIPs = [ "fd42:9c3b:f96d:0201::${peer.id}/128" ];
+ publicKey = peer.key;
+ })
+ (attrValues cfg.peers);
postSetup = ''
wg set wg0 fwmark 51234
ip -6 route add table 2468 fd42:9c3b:f96d::/48 dev ens3
diff --git a/nixos/modules/weechat.nix b/nixos/modules/weechat.nix
index 6ff0106..340f64c 100644
--- a/nixos/modules/weechat.nix
+++ b/nixos/modules/weechat.nix
@@ -1,11 +1,9 @@
-{
- config,
- pkgs,
- lib,
- ...
+{ config
+, pkgs
+, lib
+, ...
}:
-with lib;
-let
+with lib; let
cfg = config.dadada.weechat;
in
{
@@ -36,7 +34,7 @@ in
};
};
services.nginx.virtualHosts."weechat.dadada.li" = {
- enableACME = true;
+ useACMEHost = "webchat.dadada.li";
forceSSL = true;
root = "${pkgs.nginx}/html";
diff --git a/nixos/modules/yubikey.nix b/nixos/modules/yubikey.nix
index 4be4492..3df9499 100644
--- a/nixos/modules/yubikey.nix
+++ b/nixos/modules/yubikey.nix
@@ -1,11 +1,9 @@
-{
- config,
- pkgs,
- lib,
- ...
+{ config
+, pkgs
+, lib
+, ...
}:
-with lib;
-let
+with lib; let
yubikey = config.dadada.yubikey;
in
{
@@ -47,7 +45,8 @@ in
#linuxPackages.acpi_call
pam_u2f
pamtester
- yubioath-flutter
+ yubikey-manager
+ yubikey-manager-qt
];
};
}
diff --git a/nixos/modules/zsh.nix b/nixos/modules/zsh.nix
new file mode 100644
index 0000000..90e32bb
--- /dev/null
+++ b/nixos/modules/zsh.nix
@@ -0,0 +1,17 @@
+{ config
+, pkgs
+, lib
+, ...
+}: {
+ programs.zsh = {
+ enable = true;
+ autosuggestions.enable = true;
+ enableCompletion = true;
+ histSize = 100000;
+ vteIntegration = true;
+ syntaxHighlighting = {
+ enable = true;
+ highlighters = [ "main" "brackets" "pattern" "root" "line" ];
+ };
+ };
+}
diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix
index d4eed97..16b629f 100644
--- a/nixos/ninurta/configuration.nix
+++ b/nixos/ninurta/configuration.nix
@@ -1,9 +1,4 @@
-{
- config,
- pkgs,
- lib,
- ...
-}:
+{ config, pkgs, lib, ... }:
let
hostAliases = [
"ifrit.dadada.li"
@@ -42,11 +37,6 @@ in
};
};
- services.openssh.ports = [
- 22
- 2222
- ];
-
dadada.backupClient.bs.enable = false;
dadada.backupClient.backup1.enable = false;
@@ -67,9 +57,7 @@ in
boot.loader.efi.canTouchEfiVariables = true;
assertions = lib.singleton {
- assertion =
- (config.boot.initrd.network.ssh.hostKeys != [ ])
- -> config.boot.loader.supportsInitrdSecrets == true;
+ assertion = (config.boot.initrd.network.ssh.hostKeys != [ ]) -> config.boot.loader.supportsInitrdSecrets == true;
message = "Refusing to store private keys in store";
};
@@ -169,8 +157,8 @@ in
};
services.hydra = {
- enable = false;
- package = pkgs.hydra;
+ enable = true;
+ package = pkgs.hydra-unstable;
hydraURL = "https://hydra.dadada.li";
notificationSender = "hydra@localhost";
buildMachinesFiles = [ ];
@@ -193,12 +181,7 @@ in
{
hostName = "localhost";
system = "x86_64-linux";
- supportedFeatures = [
- "kvm"
- "nixos-test"
- "big-parallel"
- "benchmark"
- ];
+ supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
maxJobs = 16;
}
];
@@ -242,28 +225,28 @@ in
SUBVOLUME = "/home";
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
- TIMELINE_LIMIT_HOURLY = "24";
- TIMELINE_LIMIT_DAILY = "13";
- TIMELINE_LIMIT_WEEKLY = "6";
- TIMELINE_LIMIT_MONTHLY = "3";
+ TIMELINE_LIMIT_HOURLY = 24;
+ TIMELINE_LIMIT_DAILY = 13;
+ TIMELINE_LIMIT_WEEKLY = 6;
+ TIMELINE_LIMIT_MONTHLY = 3;
};
configs.var = {
SUBVOLUME = "/var";
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
- TIMELINE_LIMIT_HOURLY = "24";
- TIMELINE_LIMIT_DAILY = "13";
- TIMELINE_LIMIT_WEEKLY = "6";
- TIMELINE_LIMIT_MONTHLY = "3";
+ TIMELINE_LIMIT_HOURLY = 24;
+ TIMELINE_LIMIT_DAILY = 13;
+ TIMELINE_LIMIT_WEEKLY = 6;
+ TIMELINE_LIMIT_MONTHLY = 3;
};
configs.storage = {
SUBVOLUME = "/mnt/storage";
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
- TIMELINE_LIMIT_HOURLY = "24";
- TIMELINE_LIMIT_DAILY = "13";
- TIMELINE_LIMIT_WEEKLY = "6";
- TIMELINE_LIMIT_MONTHLY = "3";
+ TIMELINE_LIMIT_HOURLY = 24;
+ TIMELINE_LIMIT_DAILY = 13;
+ TIMELINE_LIMIT_WEEKLY = 6;
+ TIMELINE_LIMIT_MONTHLY = 3;
};
};
@@ -288,56 +271,6 @@ in
};
"10-lan" = {
matchConfig.Name = "enp*";
- bridge = [ "br0" ];
- };
- "30-wg0" = {
- matchConfig.Name = "wg0";
- address = [
- "10.3.3.3/32"
- "fd42:9c3b:f96d:121::3/128"
- ];
- DHCP = "no";
- networkConfig.IPv6AcceptRA = false;
- linkConfig.RequiredForOnline = false;
- routes = [
- {
- routeConfig = {
- Destination = "10.3.3.1/24";
- };
- }
- {
- routeConfig = {
- Destination = "fd42:9c3b:f96d:121::1/64";
- };
- }
- ];
- };
- "30-uwu" = {
- matchConfig.Name = "uwu";
- address = [
- "10.11.0.39/24"
- "fc00:1337:dead:beef::10.11.0.39/128"
- ];
- dns = [ "10.11.0.1%uwu#uwu" ];
- domains = [ "uwu" ];
- DHCP = "no";
- networkConfig.IPv6AcceptRA = false;
- linkConfig.RequiredForOnline = false;
- routes = [
- {
- routeConfig = {
- Destination = "10.11.0.0/22";
- };
- }
- {
- routeConfig = {
- Destination = "fc00:1337:dead:beef::10.11.0.0/118";
- };
- }
- ];
- };
- "20-br0" = {
- matchConfig.Name = "br0";
networkConfig.DHCP = "ipv4";
networkConfig.Domains = [ "bs.dadada.li" ];
networkConfig.VLAN = [ ];
@@ -353,14 +286,32 @@ in
UseDNS = true;
};
};
+ "30-wg0" = {
+ matchConfig.Name = "wg0";
+ address = [ "10.3.3.3/32" "fd42:9c3b:f96d:121::3/128" ];
+ DHCP = "no";
+ networkConfig.IPv6AcceptRA = false;
+ linkConfig.RequiredForOnline = false;
+ routes = [
+ { routeConfig = { Destination = "10.3.3.1/24"; }; }
+ { routeConfig = { Destination = "fd42:9c3b:f96d:121::1/64"; }; }
+ ];
+ };
+ "30-uwu" = {
+ matchConfig.Name = "uwu";
+ address = [ "10.11.0.39/24" "fc00:1337:dead:beef::10.11.0.39/128" ];
+ dns = [ "10.11.0.1%uwu#uwu" ];
+ domains = [ "uwu" ];
+ DHCP = "no";
+ networkConfig.IPv6AcceptRA = false;
+ linkConfig.RequiredForOnline = false;
+ routes = [
+ { routeConfig = { Destination = "10.11.0.0/22"; }; }
+ { routeConfig = { Destination = "fc00:1337:dead:beef::10.11.0.0/118"; }; }
+ ];
+ };
};
netdevs = {
- "20-br0" = {
- netdevConfig = {
- Kind = "bridge";
- Name = "br0";
- };
- };
"20-wg0" = {
netdevConfig = {
Kind = "wireguard";
@@ -374,10 +325,7 @@ in
{
wireguardPeerConfig = {
PublicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY=";
- AllowedIPs = [
- "10.3.3.1/32"
- "fd42:9c3b:f96d:121::1/128"
- ];
+ AllowedIPs = [ "10.3.3.1/32" "fd42:9c3b:f96d:121::1/128" ];
PersistentKeepalive = 25;
Endpoint = "surgat.dadada.li:51235";
};
@@ -385,10 +333,7 @@ in
{
wireguardPeerConfig = {
PublicKey = "INfv++4R+Kd2jdh/3CooM70ZeeoN6aeU6mo+T4C8gWU=";
- AllowedIPs = [
- "10.3.3.2/32"
- "fd42:9c3b:f96d:121::2/128"
- ];
+ AllowedIPs = [ "10.3.3.2/32" "fd42:9c3b:f96d:121::2/128" ];
Endpoint = "192.168.101.1:51235";
};
}
@@ -402,21 +347,15 @@ in
wireguardConfig = {
PrivateKeyFile = config.age.secrets.${uwuPrivKey}.path;
};
- wireguardPeers = [
- {
- wireguardPeerConfig = {
- PublicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8=";
- AllowedIPs = [
- "10.11.0.0/22"
- "fc00:1337:dead:beef::10.11.0.0/118"
- "192.168.178.0/23"
- ];
- PersistentKeepalive = 25;
- PresharedKeyFile = config.age.secrets.${uwuPresharedKey}.path;
- Endpoint = "53c70r.de:51820";
- };
- }
- ];
+ wireguardPeers = [{
+ wireguardPeerConfig = {
+ PublicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8=";
+ AllowedIPs = [ "10.11.0.0/22" "fc00:1337:dead:beef::10.11.0.0/118" "192.168.178.0/23" ];
+ PersistentKeepalive = 25;
+ PresharedKeyFile = config.age.secrets.${uwuPresharedKey}.path;
+ Endpoint = "53c70r.de:51820";
+ };
+ }];
};
};
};
@@ -425,21 +364,16 @@ in
enable = true;
allowPing = true;
allowedTCPPorts = [
- 2222 # SSH
+ 22 # SSH
+ 80 # munin web
+ 631 # Printing
];
allowedUDPPorts = [
+ 631 # Printing
51234 # Wireguard
51235 # Wireguard
];
interfaces = {
- br0.allowedTCPPorts = [
- 22 # SSH
- 80 # munin web
- 631 # IPP
- ];
- br0.allowedUDPPorts = [
- 631 # IPP
- ];
uwu.allowedTCPPorts = [
softServePort
];
@@ -454,6 +388,30 @@ in
networking.networkmanager.enable = false;
networking.useDHCP = false;
+ # Desktop things for media playback
+
+ services.xserver.enable = true;
+ services.xserver.displayManager.gdm.enable = true;
+ services.xserver.desktopManager.gnome = {
+ enable = true;
+ extraGSettingsOverridePackages = with pkgs; [ gnome3.gnome-settings-daemon ];
+ extraGSettingsOverrides = ''
+ [org.gnome.desktop.screensaver]
+ lock-delay=uint32 30
+ lock-enabled=true
+
+ [org.gnome.desktop.session]
+ idle-delay=uint32 0
+
+ [org.gnome.settings-daemon.plugins.power]
+ idle-dim=false
+ power-button-action='interactive'
+ power-saver-profile-on-low-battery=false
+ sleep-inactive-ac-type='nothing'
+ sleep-inactive-battery-type='nothing'
+ '';
+ };
+
powerManagement = {
enable = true;
cpuFreqGovernor = "powersave";
@@ -464,6 +422,15 @@ in
# Configure the disks to spin down after 10 min of inactivity.
};
+ security.rtkit.enable = true;
+
+ services.pipewire = {
+ enable = true;
+ alsa.enable = true;
+ alsa.support32Bit = true;
+ pulse.enable = true;
+ };
+
services.udev.packages = [
(pkgs.writeTextFile {
name = "60-hdparm";
@@ -477,18 +444,19 @@ in
hardware.pulseaudio.enable = false;
environment.systemPackages = with pkgs; [
+ firefox
+ spotify
+ mpv
smartmontools
hdparm
];
- users.users."backup-keepassxc" = {
- home = "/mnt/storage/backups/backup-keepassxc";
+ users.users."media" = {
isNormalUser = true;
- description = "Backup KeepassXC database";
- extraGroups = [ ];
- openssh.authorizedKeys.keys = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIirODQlcTJ8e9OcFuMlYlGekrUMtDpD5HhbTmuQ+jDW KeepassXC DB backup <dadada@dadada.li>"
- ];
+ description = "Media playback user";
+ extraGroups = [ "users" "video" ];
+ # allow anyone with physical access to log in
+ password = "media";
};
virtualisation.libvirtd.enable = true;
diff --git a/nixos/ninurta/hardware-configuration.nix b/nixos/ninurta/hardware-configuration.nix
index cd6b64b..8de34e8 100644
--- a/nixos/ninurta/hardware-configuration.nix
+++ b/nixos/ninurta/hardware-configuration.nix
@@ -1,115 +1,89 @@
# Do not modify this file! It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
-{
- config,
- lib,
- modulesPath,
- ...
-}:
+{ config, lib, modulesPath, ... }:
{
- imports = [
- (modulesPath + "/installer/scan/not-detected.nix")
- ];
+ imports =
+ [
+ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
- boot.initrd.availableKernelModules = [
- "igc"
- "xhci_pci"
- "thunderbolt"
- "ahci"
- "nvme"
- "usbhid"
- "usb_storage"
- "sd_mod"
- ];
+ boot.initrd.availableKernelModules = [ "igc" "xhci_pci" "thunderbolt" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
- fileSystems."/" = {
- device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714";
- fsType = "btrfs";
- options = [ "compress=zstd" ];
- };
+ fileSystems."/" =
+ {
+ device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714";
+ fsType = "btrfs";
+ options = [ "compress=zstd" ];
+ };
boot.initrd.luks.devices."luks".device = "/dev/disk/by-uuid/bac4ee0e-e393-414f-ac3e-1ec20739abae";
- fileSystems."/swap" = {
- device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714";
- fsType = "btrfs";
- options = [
- "subvol=swap"
- "noatime"
- ];
- };
-
- fileSystems."/nix" = {
- device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714";
- fsType = "btrfs";
- options = [
- "subvol=nix"
- "noatime"
- "compress=zstd"
- ];
- };
-
- fileSystems."/var" = {
- device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714";
- fsType = "btrfs";
- options = [
- "subvol=var"
- "compress=zstd"
- ];
- };
-
- fileSystems."/home" = {
- device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714";
- fsType = "btrfs";
- options = [
- "subvol=home"
- "compress=zstd"
- ];
- };
-
- fileSystems."/root" = {
- device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714";
- fsType = "btrfs";
- options = [
- "subvol=root"
- "compress=zstd"
- ];
- };
-
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/2E20-49CB";
- fsType = "vfat";
- };
-
- swapDevices = [
+ fileSystems."/swap" =
{
- device = "/swap/swapfile";
- size = 32 * 1024; # 32 GByte
- }
- ];
+ device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714";
+ fsType = "btrfs";
+ options = [ "subvol=swap" "noatime" ];
+ };
- fileSystems."/mnt/storage" = {
- device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9";
- fsType = "btrfs";
- options = [
- "subvol=root"
- "compress=zstd"
- ];
- };
+ fileSystems."/nix" =
+ {
+ device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714";
+ fsType = "btrfs";
+ options = [ "subvol=nix" "noatime" "compress=zstd" ];
+ };
- fileSystems."/mnt/storage/backups" = {
- device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9";
- fsType = "btrfs";
- options = [
- "subvol=backups"
- "noatime"
- ];
- };
+ fileSystems."/var" =
+ {
+ device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714";
+ fsType = "btrfs";
+ options = [ "subvol=var" "compress=zstd" ];
+ };
+
+ fileSystems."/home" =
+ {
+ device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714";
+ fsType = "btrfs";
+ options = [ "subvol=home" "compress=zstd" ];
+ };
+
+ fileSystems."/root" =
+ {
+ device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714";
+ fsType = "btrfs";
+ options = [ "subvol=root" "compress=zstd" ];
+ };
+
+ fileSystems."/boot" =
+ {
+ device = "/dev/disk/by-uuid/2E20-49CB";
+ fsType = "vfat";
+ };
+
+ swapDevices = [{
+ device = "/swap/swapfile";
+ size = 32 * 1024; # 32 GByte
+ }];
+
+
+ fileSystems."/mnt/storage" =
+ {
+ device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9";
+ fsType = "btrfs";
+ options = [ "subvol=root" "compress=zstd" ];
+ };
+
+
+ fileSystems."/mnt/storage/backups" =
+ {
+ device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9";
+ fsType = "btrfs";
+ options = [ "subvol=backups" "noatime" ];
+ };
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
diff --git a/nixos/ninurta/monitoring.nix b/nixos/ninurta/monitoring.nix
index c8bee05..9a0b983 100644
--- a/nixos/ninurta/monitoring.nix
+++ b/nixos/ninurta/monitoring.nix
@@ -19,6 +19,9 @@
[surgat]
address 10.3.3.1
+
+ [agares]
+ address 10.3.3.2
'';
};
services.munin-node.enable = true;
diff --git a/nixos/ninurta/printing.nix b/nixos/ninurta/printing.nix
index e22c989..bb71739 100644
--- a/nixos/ninurta/printing.nix
+++ b/nixos/ninurta/printing.nix
@@ -19,7 +19,7 @@
services.avahi = {
enable = true;
- nssmdns4 = true;
+ nssmdns = true;
openFirewall = true;
publish = {
enable = true;
@@ -32,7 +32,7 @@
drivers = [ pkgs.brlaser ];
# Remove all state at the start of the service
stateless = true;
- listenAddresses = [ "192.168.101.29:631" ];
+ listenAddresses = [ "192.168.101.184:631" "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe:631" ];
allowFrom = [ "from 192.168.101.0/24" ];
browsing = true;
defaultShared = true;
diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix
index 5cd9596..1522855 100644
--- a/nixos/surgat/configuration.nix
+++ b/nixos/surgat/configuration.nix
@@ -1,7 +1,6 @@
-{
- config,
- pkgs,
- ...
+{ config
+, pkgs
+, ...
}:
let
hostName = "surgat";
@@ -41,9 +40,9 @@ in
};
dadada.element.enable = true;
- dadada.forgejo.enable = true;
+ dadada.gitea.enable = true;
dadada.miniflux.enable = true;
- dadada.weechat.enable = false;
+ dadada.weechat.enable = true;
dadada.homepage.enable = true;
dadada.share.enable = true;
dadada.backupClient = {
@@ -86,29 +85,14 @@ in
};
"10-ninurta" = {
matchConfig.Name = "ninurta";
- address = [
- "10.3.3.1/32"
- "fd42:9c3b:f96d:121::1/128"
- ];
+ address = [ "10.3.3.1/32" "fd42:9c3b:f96d:121::1/128" ];
DHCP = "no";
networkConfig.IPv6AcceptRA = false;
linkConfig.RequiredForOnline = "no";
routes = [
- {
- routeConfig = {
- Destination = "10.3.3.3/24";
- };
- }
- {
- routeConfig = {
- Destination = "fd42:9c3b:f96d:121::/64";
- };
- }
- {
- routeConfig = {
- Destination = "fd42:9c3b:f96d:101::/64";
- };
- }
+ { routeConfig = { Destination = "10.3.3.3/24"; }; }
+ { routeConfig = { Destination = "fd42:9c3b:f96d:121::/64"; }; }
+ { routeConfig = { Destination = "fd42:9c3b:f96d:101::/64"; }; }
];
};
};
@@ -122,18 +106,12 @@ in
PrivateKeyFile = "/var/lib/wireguard/hydra";
ListenPort = 51235;
};
- wireguardPeers = [
- {
- wireguardPeerConfig = {
- PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE=";
- AllowedIPs = [
- "10.3.3.3/32"
- "fd42:9c3b:f96d:121::3/128"
- "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128"
- ];
- };
- }
- ];
+ wireguardPeers = [{
+ wireguardPeerConfig = {
+ PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE=";
+ AllowedIPs = [ "10.3.3.3/32" "fd42:9c3b:f96d:121::3/128" "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128" ];
+ };
+ }];
};
};
};
@@ -159,16 +137,16 @@ in
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
- boot.kernelParams = [
- "ip=49.12.3.98::172.31.1.1:255.255.255.255:surgat::dhcp"
+ swapDevices = [
+ {
+ device = "/var/swapfile";
+ size = 4096;
+ }
];
services.resolved = {
enable = true;
- fallbackDns = [
- "9.9.9.9"
- "2620:fe::fe"
- ];
+ fallbackDns = [ "9.9.9.9" "2620:fe::fe" ];
};
system.autoUpgrade.allowReboot = false;
diff --git a/nixos/surgat/hardware-configuration.nix b/nixos/surgat/hardware-configuration.nix
index 8476779..71b7257 100644
--- a/nixos/surgat/hardware-configuration.nix
+++ b/nixos/surgat/hardware-configuration.nix
@@ -1,25 +1,17 @@
# Do not modify this file! It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
-{
- config,
- lib,
- pkgs,
- modulesPath,
- ...
-}:
-{
+{ config
+, lib
+, pkgs
+, modulesPath
+, ...
+}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
- boot.initrd.availableKernelModules = [
- "ata_piix"
- "virtio_pci"
- "xhci_pci"
- "sd_mod"
- "sr_mod"
- ];
+ boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
diff --git a/outputs.nix b/outputs.nix
index aea7953..11461ee 100644
--- a/outputs.nix
+++ b/outputs.nix
@@ -1,14 +1,16 @@
# Adapted from Mic92/dotfiles
-{
- self,
- flake-utils,
- nixpkgs,
- agenix,
- devshell,
- ...
-}@inputs:
-(flake-utils.lib.eachDefaultSystem (
- system:
+{ self
+, flake-utils
+, flake-registry
+, homepage
+, nixpkgs
+, home-manager
+, nixos-hardware
+, agenix
+, devshell
+, ...
+} @ inputs:
+(flake-utils.lib.eachDefaultSystem (system:
let
pkgs = import nixpkgs { inherit system; };
in
@@ -26,20 +28,19 @@
in
import ./devshell.nix { inherit pkgs extraModules; };
- formatter = pkgs.nixfmt-tree;
+ formatter = pkgs.nixpkgs-fmt;
packages = import ./pkgs { inherit pkgs; } // {
installer-iso = self.nixosConfigurations.installer.config.system.build.isoImage;
};
- }
-))
-// {
+ }))
+ // {
hmModules = import ./home/modules.nix { lib = nixpkgs.lib; };
nixosConfigurations = import ./nixos/configurations.nix inputs;
- nixosModules = import ./nixos/modules { lib = nixpkgs.lib; };
+ nixosModules = import ./nixos/modules;
overlays = import ./overlays.nix;
diff --git a/overlays.nix b/overlays.nix
index ffcd441..bf0588c 100644
--- a/overlays.nix
+++ b/overlays.nix
@@ -1 +1,23 @@
-{ }
+{
+ kanboard = final: prev: {
+ kanboard = prev.kanboard.overrideAttrs (oldAttrs: {
+ src = prev.fetchFromGitHub {
+ owner = "kanboard";
+ repo = "kanboard";
+ rev = "v${oldAttrs.version}";
+ sha256 = "sha256-WG2lTPpRG9KQpRdb+cS7CqF4ZDV7JZ8XtNqAI6eVzm0=";
+ };
+ });
+ };
+
+ recipemd = final: prev: {
+ pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
+ (
+ python-final: python-prev: {
+ recipemd = python-final.callPackage ./pkgs/recipemd.nix { };
+ }
+ )
+ ];
+ recipemd = prev.python3Packages.toPythonApplication final.python3Packages.recipemd;
+ };
+}
diff --git a/pkgs/default.nix b/pkgs/default.nix
index 9fce6e9..c78fe50 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -1 +1,2 @@
-{ pkgs }: { }
+{ pkgs }:
+{ }
diff --git a/pkgs/recipemd.nix b/pkgs/recipemd.nix
new file mode 100644
index 0000000..4879a9a
--- /dev/null
+++ b/pkgs/recipemd.nix
@@ -0,0 +1,58 @@
+{ lib
+, buildPythonPackage
+, fetchFromGitHub
+, pytestCheckHook
+, pythonPackages
+, installShellFiles
+, pythonOlder
+, pythonAtLeast
+}:
+buildPythonPackage rec {
+ pname = "recipemd";
+ version = "4.0.8";
+
+ disabled = pythonOlder "3.7" || pythonAtLeast "4";
+
+ src = fetchFromGitHub {
+ owner = "tstehr";
+ repo = "RecipeMD";
+ rev = "v${version}";
+ hash = "sha256-eumV2zm7TIJcTPRtWSckYz7jiyH3Ek4nIAVtuJs3sJc=";
+ };
+
+ propagatedBuildInputs = with pythonPackages; [
+ dataclasses-json
+ yarl
+ CommonMark
+ argcomplete
+ pyparsing
+ ];
+
+ nativeBuildInputs = [ installShellFiles ];
+
+ postInstall = ''
+ ${pythonPackages.argcomplete}/bin/register-python-argcomplete -s bash ${pname} > $out/completions.bash
+ installShellCompletion --bash --name recipemd.bash $out/completions.bash
+
+ ${pythonPackages.argcomplete}/bin/register-python-argcomplete -s fish ${pname} > $out/completions.fish
+ installShellCompletion --fish --name recipemd.fish $out/completions.fish
+
+ # The version of argcomplete in nixpkgs-stable does not have support for zsh
+ #${pythonPackages.argcomplete}/bin/register-python-argcomplete -s zsh ${pname} > $out/completions.zsh
+ #installShellCompletion --zsh --name _recipemd $out/completions.zsh
+ '';
+
+ checkInputs = [
+ pytestCheckHook
+ pythonPackages.pytestcov
+ ];
+
+ doCheck = true;
+
+ meta = with lib; {
+ description = "Markdown recipe manager, reference implementation of RecipeMD";
+ homepage = "https://recipemd.org";
+ license = [ licenses.lgpl3Only ];
+ maintainers = [ maintainers.dadada ];
+ };
+}
diff --git a/secrets/initrd-surgat-ssh_host_ed25519_key.age b/secrets/initrd-surgat-ssh_host_ed25519_key.age
deleted file mode 100644
index 32dbcbf..0000000
Binary files a/secrets/initrd-surgat-ssh_host_ed25519_key.age and /dev/null differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 1da186e..7da57e3 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -9,82 +9,29 @@ let
surgat = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOJ9UgAle5sX0pAawfRztckVwaQm2U8o0Bawv7cZfXE root@surgat";
};
backupSecrets = hostName: {
- "${hostName}-backup-passphrase.age".publicKeys = [
- systems.${hostName}
- dadada
- ];
- "${hostName}-backup-ssh-key.age".publicKeys = [
- systems.${hostName}
- dadada
- ];
+ "${hostName}-backup-passphrase.age".publicKeys = [ systems.${hostName} dadada ];
+ "${hostName}-backup-ssh-key.age".publicKeys = [ systems.${hostName} dadada ];
};
in
{
- "pruflas-wg0-key.age".publicKeys = [
- systems.ninurta
- dadada
- ];
- "pruflas-wg0-preshared-key.age".publicKeys = [
- systems.ninurta
- dadada
- ];
- "pruflas-wg-hydra-key.age".publicKeys = [
- systems.ninurta
- dadada
- ];
- "hydra-github-authorization.age".publicKeys = [
- systems.ninurta
- dadada
- ];
- "miniflux-admin-credentials.age".publicKeys = [
- systems.surgat
- dadada
- ];
- "gorgon-backup-passphrase-gs.age".publicKeys = [
- systems.gorgon
- dadada
- ];
- "paperless.age".publicKeys = [
- systems.gorgon
- dadada
- ];
- "initrd-surgat-ssh_host_ed25519_key.age".publicKeys = [
- systems.surgat
- dadada
- ];
- "surgat-ssh_host_ed25519_key.age".publicKeys = [
- systems.surgat
- dadada
- ];
- "ninurta-initrd-ssh-key.age".publicKeys = [
- systems.ninurta
- dadada
- ];
- "ddns-credentials.age".publicKeys = [
- systems.agares
- systems.ninurta
- dadada
- ];
- "etc-ppp-chap-secrets.age".publicKeys = [
- systems.agares
- dadada
- ];
- "etc-ppp-telekom-secret.age".publicKeys = [
- systems.agares
- dadada
- ];
- "wg-privkey-vpn-dadada-li.age".publicKeys = [
- systems.agares
- dadada
- ];
- "agares-wg0-key.age".publicKeys = [
- systems.agares
- dadada
- ];
-}
-// backupSecrets "ninurta"
-// backupSecrets "gorgon"
-// backupSecrets "ifrit"
-// backupSecrets "pruflas"
-// backupSecrets "surgat"
-// backupSecrets "agares"
+ "pruflas-wg0-key.age".publicKeys = [ systems.ninurta dadada ];
+ "pruflas-wg0-preshared-key.age".publicKeys = [ systems.ninurta dadada ];
+ "pruflas-wg-hydra-key.age".publicKeys = [ systems.ninurta dadada ];
+ "hydra-github-authorization.age".publicKeys = [ systems.ninurta dadada ];
+ "miniflux-admin-credentials.age".publicKeys = [ systems.surgat dadada ];
+ "gorgon-backup-passphrase-gs.age".publicKeys = [ systems.gorgon dadada ];
+ "paperless.age".publicKeys = [ systems.gorgon dadada ];
+ "surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ];
+ "ninurta-initrd-ssh-key.age".publicKeys = [ systems.ninurta dadada ];
+ "ddns-credentials.age".publicKeys = [ systems.agares systems.ninurta dadada ];
+ "etc-ppp-chap-secrets.age".publicKeys = [ systems.agares dadada ];
+ "etc-ppp-telekom-secret.age".publicKeys = [ systems.agares dadada ];
+ "wg-privkey-vpn-dadada-li.age".publicKeys = [ systems.agares dadada ];
+ "agares-wg0-key.age".publicKeys = [ systems.agares dadada ];
+} //
+backupSecrets "ninurta" //
+backupSecrets "gorgon" //
+backupSecrets "ifrit" //
+backupSecrets "pruflas" //
+backupSecrets "surgat" //
+backupSecrets "agares"