diff --git a/admins.nix b/admins.nix index e5e29ba..82f6cef 100644 --- a/admins.nix +++ b/admins.nix @@ -2,7 +2,7 @@ dadada = { shell = "zsh"; keys = [ - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHrT9sQhJWrTPIMOEsZ8UzkY7BKJYYK2Aj/Q3NZu2z7uAAAABHNzaDo= dadada@gorgon" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIE2JWU+BuWSvoiGFSTDQ9/1SCvfJEnkFQsFLYPNlY6wcAAAABHNzaDo= dadada " "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOFHB9T6fjkuIU8jW9gGiYGSEFSfrnY/6GJUfmfMx10HAAAABHNzaDo= Backup dadada " ]; }; diff --git a/checks.nix b/checks.nix index 9505c35..65d3493 100644 --- a/checks.nix +++ b/checks.nix @@ -1,20 +1,20 @@ -{ - self, - flake-utils, - nixpkgs, - ... +{ self +, flake-utils +, nixpkgs +, ... }: -(flake-utils.lib.eachDefaultSystem ( - system: +(flake-utils.lib.eachDefaultSystem (system: let pkgs = nixpkgs.legacyPackages.${system}; formatter = self.formatter.${system}; in { checks = { - format = pkgs.runCommand "check-format" { - buildInputs = [ formatter ]; - } "${formatter}/bin/nixpkgs-fmt --check ${./.} && touch $out"; + format = pkgs.runCommand + "check-format" + { + buildInputs = [ formatter ]; + } + "${formatter}/bin/nixpkgs-fmt --check ${./.} && touch $out"; }; - } -)).checks + })).checks diff --git a/devshell.nix b/devshell.nix index ebdfb12..27b9799 100644 --- a/devshell.nix +++ b/devshell.nix @@ -8,6 +8,7 @@ agenix nixpkgs-fmt nixos-rebuild + nil ]; commands = [ diff --git a/flake.lock b/flake.lock index 0aba46f..5b71aea 100644 --- a/flake.lock +++ b/flake.lock @@ -6,19 +6,19 @@ "home-manager": "home-manager", "nixpkgs": [ "nixpkgs" - ], - "systems": "systems" + ] }, "locked": { - "lastModified": 1747575206, - "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", + "lastModified": 1703089996, + "narHash": "sha256-ipqShkBmHKC9ft1ZAsA6aeKps32k7+XZSPwfxeHLsAU=", "owner": "ryantm", "repo": "agenix", - "rev": "4835b1dc898959d8547a871ef484930675cb47f1", + "rev": "564595d0ad4be7277e07fa63b5a991b3c645655d", "type": "github" }, "original": { "owner": "ryantm", + "ref": "0.15.0", "repo": "agenix", "type": "github" } @@ -31,11 +31,11 @@ ] }, "locked": { - "lastModified": 1744478979, - "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", + "lastModified": 1673295039, + "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "43975d782b418ebf4969e9ccba82466728c2851b", + "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", "type": "github" }, "original": { @@ -47,16 +47,17 @@ }, "devshell": { "inputs": { + "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1741473158, - "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", + "lastModified": 1717408969, + "narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=", "owner": "numtide", "repo": "devshell", - "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", + "rev": "1ebbe68d57457c8cae98145410b164b5477761f4", "type": "github" }, "original": { @@ -68,11 +69,11 @@ "flake-registry": { "flake": false, "locked": { - "lastModified": 1744623129, - "narHash": "sha256-nlQTQrHqM+ywXN0evDXnYEV6z6WWZB5BFQ2TkXsduKw=", + "lastModified": 1717415742, + "narHash": "sha256-HKvoLGZUsBpjkxWkdtctGYj6RH0bl6vcw0OjTOqyzJk=", "owner": "NixOS", "repo": "flake-registry", - "rev": "1322f33d5836ae757d2e6190239252cf8402acf6", + "rev": "895a65f8d5acf848136ee8fe8e8f736f0d27df96", "type": "github" }, "original": { @@ -82,17 +83,35 @@ } }, "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "inputs": { "systems": [ "systems" ] }, "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -109,11 +128,11 @@ ] }, "locked": { - "lastModified": 1745494811, - "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", + "lastModified": 1682203081, + "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=", "owner": "nix-community", "repo": "home-manager", - "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", + "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1", "type": "github" }, "original": { @@ -129,15 +148,16 @@ ] }, "locked": { - "lastModified": 1749358668, - "narHash": "sha256-V91nN4Q9ZwX0N+Gzu+F8SnvzMcdURYnMcIvpfLQzD5M=", + "lastModified": 1718530513, + "narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=", "owner": "nix-community", "repo": "home-manager", - "rev": "06451df423dd5e555f39857438ffc16c5b765862", + "rev": "a1fddf0967c33754271761d91a3d921772b30d0e", "type": "github" }, "original": { "owner": "nix-community", + "ref": "release-24.05", "repo": "home-manager", "type": "github" } @@ -145,24 +165,26 @@ "homepage": { "flake": false, "locked": { - "lastModified": 1727338449, - "narHash": "sha256-VwOGtT1WB+isk0z/D/Be05GgeaTFfsXTGt7aScCAfec=", - "rev": "60398d3d728a0057b4cad49879ef637c06b28371", - "type": "tarball", - "url": "https://git.dadada.li/api/v1/repos/dadada/dadada.li/archive/60398d3d728a0057b4cad49879ef637c06b28371.tar.gz?rev=60398d3d728a0057b4cad49879ef637c06b28371" + "lastModified": 1714328013, + "narHash": "sha256-nA/7hKv8qz2+ru84rXiMa52+gyvyIhLWP9tJB6Q/DLQ=", + "owner": "dadada", + "repo": "dadada.li", + "rev": "b971b5905b38be19b4fa4e7d99a70df0aebfba28", + "type": "github" }, "original": { - "type": "tarball", - "url": "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz" + "owner": "dadada", + "repo": "dadada.li", + "type": "github" } }, "nixlib": { "locked": { - "lastModified": 1736643958, - "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", + "lastModified": 1719103869, + "narHash": "sha256-kbTUy+/lfjUrMfV7JkTJwxowsFhi9Tb3BdbiOcIGcsc=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", + "rev": "f820613f886cd1aa4bcfd1dbaa6c83c8a3dcd863", "type": "github" }, "original": { @@ -179,11 +201,11 @@ ] }, "locked": { - "lastModified": 1747663185, - "narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=", + "lastModified": 1719450236, + "narHash": "sha256-fh0l6pLvuTrTBakFMQfK7lwpjvWd5i+CFyVs8TMzPNo=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc", + "rev": "1867f28f87fcf4e817f165003aff967a5280aaab", "type": "github" }, "original": { @@ -194,11 +216,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1749195551, - "narHash": "sha256-W5GKQHgunda/OP9sbKENBZhMBDNu2QahoIPwnsF6CeM=", + "lastModified": 1719681865, + "narHash": "sha256-Lp+l1IsREVbz8WM35OJYZz8sAH0XOjrZWUXVB5bJ2qg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "4602f7e1d3f197b3cb540d5accf5669121629628", + "rev": "a59f00f5ac65b19382617ba00f360f8bc07ed3ac", "type": "github" }, "original": { @@ -210,32 +232,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1749143949, - "narHash": "sha256-QuUtALJpVrPnPeozlUG/y+oIMSLdptHxb3GK6cpSVhA=", + "lastModified": 1719426051, + "narHash": "sha256-yJL9VYQhaRM7xs0M867ZFxwaONB9T2Q4LnGo1WovuR4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d3d2d80a2191a73d1e86456a751b83aa13085d7d", + "rev": "89c49874fb15f4124bf71ca5f42a04f2ee5825fd", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-small": { - "locked": { - "lastModified": 1749289455, - "narHash": "sha256-FmG/5HlnBrPNTCQv91GPUV2RKUw2WvDtyhXcN2fN280=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "6dbd508802ef3f74cf792a25b653861ed8360a80", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable-small", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } @@ -245,13 +251,12 @@ "agenix": "agenix", "devshell": "devshell", "flake-registry": "flake-registry", - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "home-manager": "home-manager_2", "homepage": "homepage", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", - "nixpkgs-small": "nixpkgs-small", "systems": "systems_2", "treefmt-nix": "treefmt-nix" } @@ -293,11 +298,11 @@ ] }, "locked": { - "lastModified": 1749194973, - "narHash": "sha256-eEy8cuS0mZ2j/r/FE0/LYBSBcIs/MKOIVakwHVuqTfk=", + "lastModified": 1719243788, + "narHash": "sha256-9T9mSY35EZSM1KAwb7K9zwQ78qTlLjosZgtUGnw4rn4=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "a05be418a1af1198ca0f63facb13c985db4cb3c5", + "rev": "065a23edceff48f948816b795ea8cc6c0dee7cdf", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 0cc4b5c..fb8c468 100644 --- a/flake.nix +++ b/flake.nix @@ -2,23 +2,22 @@ description = "dadada's nix flake"; inputs = { - nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; - nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; flake-utils = { url = "github:numtide/flake-utils"; inputs.systems.follows = "systems"; }; home-manager = { - url = "github:nix-community/home-manager"; + url = "github:nix-community/home-manager/release-24.05"; inputs.nixpkgs.follows = "nixpkgs"; }; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; homepage = { - url = "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz"; + url = "github:dadada/dadada.li"; flake = false; }; agenix = { - url = "github:ryantm/agenix"; + url = "github:ryantm/agenix/0.15.0"; inputs.nixpkgs.follows = "nixpkgs"; }; devshell = { @@ -40,5 +39,5 @@ }; }; - outputs = { ... }@args: import ./outputs.nix args; + outputs = { ... } @ args: import ./outputs.nix args; } diff --git a/home/dconf.nix b/home/dconf.nix index 5238c97..4569a88 100644 --- a/home/dconf.nix +++ b/home/dconf.nix @@ -1,11 +1,6 @@ -{ lib, pkgs, ... }: +{ lib, ... }: with lib.hm.gvariant; { - home.packages = [ - pkgs.adwaita-icon-theme - pkgs.adwaita-qt - ]; - dconf.settings = with lib.hm.gvariant; { "org/gnome/shell" = { favorite-apps = [ @@ -18,11 +13,7 @@ with lib.hm.gvariant; }; "org/gnome/shell" = { - disable-user-extensions = false; - enabled-extensions = [ - "system-monitor@gnome-shell-extensions.gcampax.github.com" - "switcher@landau.fi" - ]; + disable-user-extensions = true; }; "org/gnome/desktop/calendar" = { @@ -33,27 +24,14 @@ with lib.hm.gvariant; current = mkUint32 0; per-window = false; show-all-sources = true; - sources = [ - (mkTuple [ - "xkb" - "eu" - ]) - (mkTuple [ - "xkb" - "de" - ]) - ]; - xkb-options = [ - "lv3:ralt_switch" - "caps:escape" - ]; + sources = [ (mkTuple [ "xkb" "eu" ]) (mkTuple [ "xkb" "de" ]) ]; + xkb-options = [ "lv3:ralt_switch" "caps:escape" ]; }; "org/gnome/desktop/interface" = { clock-show-date = true; clock-show-seconds = false; clock-show-weekday = true; - cursor-theme = "Adwaita"; enable-animations = true; enable-hot-corners = false; font-antialiasing = "grayscale"; @@ -62,12 +40,11 @@ with lib.hm.gvariant; gtk-enable-primary-paste = false; gtk-key-theme = "Emacs"; gtk-theme = "Adwaita"; - color-scheme = "prefer-light"; icon-theme = "Adwaita"; locate-pointer = false; monospace-font-name = "JetBrains Mono 10"; show-battery-percentage = false; - #text-scaling-factor = 1.0; + text-scaling-factor = 1.0; toolkit-accessibility = false; }; @@ -139,10 +116,7 @@ with lib.hm.gvariant; composer-attribution-language = "de_DE"; composer-reply-start-bottom = false; composer-signature-in-new-only = true; - composer-spell-languages = [ - "de" - "en_US" - ]; + composer-spell-languages = [ "de" "en_US" ]; composer-top-signature = false; composer-unicode-smileys = false; composer-visually-wrap-long-lines = true; @@ -194,11 +168,11 @@ with lib.hm.gvariant; }; "org/gnome/settings-daemon/plugins/power" = { - idle-dim = true; - power-button-action = "interactive"; + idle-dim = false; + power-button-action = "hibernate"; power-saver-profile-on-low-battery = true; - sleep-inactive-ac-type = "blank"; - sleep-inactive-battery-timeout = 600; + sleep-inactive-ac-type = "nothing"; + sleep-inactive-battery-timeout = 3600; sleep-inactive-battery-type = "suspend"; }; diff --git a/home/default.nix b/home/default.nix index a21362c..35bd006 100644 --- a/home/default.nix +++ b/home/default.nix @@ -1,7 +1,6 @@ -{ - pkgs, - lib, - ... +{ pkgs +, lib +, ... }: let useFeatures = [ @@ -10,7 +9,7 @@ let "direnv" "git" "gpg" - #"gtk" + "gtk" #"keyring" "syncthing" "tmux" @@ -18,26 +17,6 @@ let "zsh" "helix" ]; - colors = { - background = "fdf6e3"; - foreground = "657b83"; - regular0 = "eee8d5"; # background darker - regular1 = "dc322f"; # red - regular2 = "859900"; # green - regular3 = "b58900"; # dark orange - regular4 = "268bd2"; # azure blue - regular5 = "d33682"; # hot pink - regular6 = "2aa198"; # petrol - regular7 = "073642"; # navy - bright0 = "cb4b16"; # orange - bright1 = "fdf6e3"; # foreground - bright2 = "93a1a1"; # grey - bright3 = "839496"; # slightly darker grey - bright4 = "657b83"; # even slightly darker grey - bright5 = "6c71c4"; # purple - bright6 = "586e75"; # pretty dark grey - bright7 = "002b36"; # dark navy blue - }; in { imports = [ @@ -49,9 +28,7 @@ in programs.gpg.settings.default-key = "99658A3EB5CD7C13"; dadada.home = - lib.attrsets.genAttrs useFeatures (useFeatures: { - enable = true; - }) + lib.attrsets.genAttrs useFeatures (useFeatures: { enable = true; }) // { session = { enable = true; @@ -79,9 +56,7 @@ in Restart = "always"; }; - Install = { - WantedBy = [ "graphical-session.target" ]; - }; + Install = { WantedBy = [ "graphical-session.target" ]; }; }; programs.offlineimap.enable = false; @@ -152,288 +127,6 @@ in Install.WantedBy = [ "multi-user.target" ]; }; - programs.foot = { - enable = true; - server.enable = false; - settings = { - inherit colors; - main = { - shell = "tmux"; - font = "Jetbrains Mono:size=8"; - dpi-aware = false; - }; - mouse.hide-when-typing = true; - csd.preferred = "none"; - cursor.color = "fdf6e3 586e75"; - bell = { - urgent = true; - visual = false; - }; - }; - }; - - home.file.".config/sway/config".text = with colors; '' - # Read `man 5 sway` for a complete reference. - - ### Variables - # - # Logo key. Use Mod1 for Alt. - set $mod Mod4 - # Home row direction keys, like vim - set $left h - set $down j - set $up k - set $right l - # Your preferred terminal emulator - set $term foot - # Your preferred application launcher - # Note: pass the final command to swaymsg so that the resulting window can be opened - # on the original workspace that the command was run on. - set $menu fuzzel - set $wallpaper "~/lib/pictures/wallpaper.jpg" - - ### Idle configuration - # - # Example configuration: - # - exec swayidle -w \ - timeout 300 'swaylock -f -i $wallpaper -s fill' \ - timeout 600 'swaymsg "output * power off"' resume 'swaymsg "output * power on"' \ - before-sleep 'swaylock -f -i $wallpaper -s fill' - # - # This will lock your screen after 300 seconds of inactivity, then turn off - # your displays after another 300 seconds, and turn your screens back on when - # resumed. It will also lock your screen before your computer goes to sleep. - - input * { - xkb_layout eu - xkb_model pc105+inet - xkb_options caps:escape - drag_lock enabled - drag enabled - dwt enabled - tap enabled - tap_button_map lrm - natural_scroll enabled - } - - ### Key bindings - # - # Basics: - # - # Start a terminal - bindsym $mod+Return exec $term - - # Kill focused window - bindsym $mod+Shift+q kill - - # Start your launcher - bindsym $mod+d exec $menu - - # Drag floating windows by holding down $mod and left mouse button. - # Resize them with right mouse button + $mod. - # Despite the name, also works for non-floating windows. - # Change normal to inverse to use left mouse button for resizing and right - # mouse button for dragging. - floating_modifier $mod normal - - # Lock the screen - bindsym XF86Sleep exec 'swaylock -f -c ${background}' - bindsym $mod+End exec 'swaylock -f -c ${background}' - - # Reload the configuration file - bindsym $mod+Shift+c reload - - # Exit sway (logs you out of your Wayland session) - bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit' - - # Brightness - bindsym --locked XF86MonBrightnessDown exec light -U 10 - bindsym --locked XF86MonBrightnessUp exec light -A 10 - - # Volume - bindsym --locked XF86AudioRaiseVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ +1%' - bindsym --locked XF86AudioLowerVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ -1%' - bindsym --locked XF86AudioMute exec 'pactl set-sink-mute @DEFAULT_SINK@ toggle' - - # - # Moving around: - # - # Move your focus around - bindsym $mod+$left focus left - bindsym $mod+$down focus down - bindsym $mod+$up focus up - bindsym $mod+$right focus right - # Or use $mod+[up|down|left|right] - bindsym $mod+Left focus left - bindsym $mod+Down focus down - bindsym $mod+Up focus up - bindsym $mod+Right focus right - - # Move the focused window with the same, but add Shift - bindsym $mod+Shift+$left move left - bindsym $mod+Shift+$down move down - bindsym $mod+Shift+$up move up - bindsym $mod+Shift+$right move right - # Ditto, with arrow keys - bindsym $mod+Shift+Left move left - bindsym $mod+Shift+Down move down - bindsym $mod+Shift+Up move up - bindsym $mod+Shift+Right move right - - # - # Workspaces: - # - # Switch to workspace - bindsym $mod+1 workspace number 1 - bindsym $mod+2 workspace number 2 - bindsym $mod+3 workspace number 3 - bindsym $mod+4 workspace number 4 - bindsym $mod+5 workspace number 5 - bindsym $mod+6 workspace number 6 - bindsym $mod+7 workspace number 7 - bindsym $mod+8 workspace number 8 - bindsym $mod+9 workspace number 9 - bindsym $mod+0 workspace number 10 - # Move focused container to workspace - bindsym $mod+Shift+1 move container to workspace number 1 - bindsym $mod+Shift+2 move container to workspace number 2 - bindsym $mod+Shift+3 move container to workspace number 3 - bindsym $mod+Shift+4 move container to workspace number 4 - bindsym $mod+Shift+5 move container to workspace number 5 - bindsym $mod+Shift+6 move container to workspace number 6 - bindsym $mod+Shift+7 move container to workspace number 7 - bindsym $mod+Shift+8 move container to workspace number 8 - bindsym $mod+Shift+9 move container to workspace number 9 - bindsym $mod+Shift+0 move container to workspace number 10 - # Note: workspaces can have any name you want, not just numbers. - # We just use 1-10 as the default. - - # - # Layout stuff: - # - # You can "split" the current object of your focus with - # $mod+b or $mod+v, for horizontal and vertical splits - # respectively. - bindsym $mod+b splith - bindsym $mod+v splitv - - # Switch the current container between different layout styles - bindsym $mod+s layout stacking - bindsym $mod+w layout tabbed - bindsym $mod+e layout toggle split - - # Make the current focus fullscreen - bindsym $mod+f fullscreen - - # Toggle the current focus between tiling and floating mode - bindsym $mod+Shift+space floating toggle - - # Swap focus between the tiling area and the floating area - bindsym $mod+space focus mode_toggle - - # Move focus to the parent container - bindsym $mod+a focus parent - - # - # Font - # - font "pango:Jetbrains Mono 8" - - # - # Scratchpad: - # - # Sway has a "scratchpad", which is a bag of holding for windows. - # You can send windows there and get them back later. - - # Move the currently focused window to the scratchpad - bindsym $mod+Shift+minus move scratchpad - - # Show the next scratchpad window or hide the focused scratchpad window. - # If there are multiple scratchpad windows, this command cycles through them. - bindsym $mod+minus scratchpad show - - # - # Resizing containers: - # - mode "resize" { - # left will shrink the containers width - # right will grow the containers width - # up will shrink the containers height - # down will grow the containers height - bindsym $left resize shrink width 10px - bindsym $down resize grow height 10px - bindsym $up resize shrink height 10px - bindsym $right resize grow width 10px - - # Ditto, with arrow keys - bindsym Left resize shrink width 10px - bindsym Down resize grow height 10px - bindsym Up resize shrink height 10px - bindsym Right resize grow width 10px - - # Return to default mode - bindsym Return mode "default" - bindsym Escape mode "default" - } - bindsym $mod+r mode "resize" - - # - # Status Bar: - # - # Read `man 5 sway-bar` for more information about this section. - bar { - position bottom - - # When the status_command prints a new line to stdout, swaybar updates. - # The default just shows the current date and time. - status_command ~/.config/sway/status - - colors { - statusline ${foreground} - background ${background} - inactive_workspace ${background}ee ${background}ee ${foreground}ee - } - } - - # Gaps between multiple tiling windows - gaps inner 10 - smart_gaps on - - bindsym $mod+grave exec busctl --user call org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow lockAllDatabases && swaylock -c #fdf6e3 - - # class border backgr. text indicator child_border - client.focused #${bright6} #${foreground} #${background} #${bright5} #${regular4} - client.focused_inactive #${regular0} #${regular0} #${foreground} #${bright5} #${regular0} - client.unfocused #${regular0} #${background} #${bright2} #${bright5} #${regular0} - client.urgent #${bright1} #${bright0} #${regular4} #${background} #${bright0} - client.placeholder #${background} #${bright2} #${foreground} #${background} #${bright2} - - client.background #${foreground} - - include /etc/sway/config.d/* - - exec sleep 5; systemctl --user restart kanshi.service - exec sleep 5; swaymsg output '*' bg $wallpaper fill - ''; - home.file.".config/sway/status".source = ./status; - home.file.".config/kanshi/config".text = '' - profile Laptop { - output eDP-1 enable - } - - profile Docked { - output eDP-1 disable - output "LG Electronics LG HDR 4K 0x000354D1" { - enable - scale 1.4 - position 0,0 - } - } - ''; - - #services.poweralertd.enable = true; - # Let Home Manager install and manage itself. programs.home-manager.enable = true; diff --git a/home/modules.nix b/home/modules.nix index 0a6c961..0e295c9 100644 --- a/home/modules.nix +++ b/home/modules.nix @@ -1,13 +1,8 @@ { lib, ... }: -with lib; -let - modules' = - dir: - filterAttrs (name: type: (hasSuffix ".nix" name) || (type == "directory")) (builtins.readDir dir); - modules = - dir: - mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) ( - modules' dir - ); +with lib; let + modules' = dir: filterAttrs (name: type: (hasSuffix ".nix" name) || (type == "directory")) + (builtins.readDir dir); + modules = dir: mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) + (modules' dir); in (modules ./modules) diff --git a/home/modules/alacritty/default.nix b/home/modules/alacritty/default.nix index da9f503..0b84642 100644 --- a/home/modules/alacritty/default.nix +++ b/home/modules/alacritty/default.nix @@ -1,11 +1,9 @@ -{ - pkgs, - lib, - config, - ... +{ pkgs +, lib +, config +, ... }: -with lib; -let +with lib; let cfg = config.dadada.home.alacritty; in { @@ -13,6 +11,7 @@ in enable = mkEnableOption "Enable alacritty config"; }; config = mkIf cfg.enable { + fonts.fontconfig.enable = true; home.packages = [ pkgs.jetbrains-mono ]; diff --git a/home/modules/colors.nix b/home/modules/colors.nix index a4dc5c7..5c197a1 100644 --- a/home/modules/colors.nix +++ b/home/modules/colors.nix @@ -1,10 +1,8 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: -with lib; -{ +with lib; { options.dadada.home.colors = mkOption { type = types.attrs; description = "Color scheme"; diff --git a/home/modules/direnv.nix b/home/modules/direnv.nix index 27a0907..cf36bf1 100644 --- a/home/modules/direnv.nix +++ b/home/modules/direnv.nix @@ -1,11 +1,9 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.home.direnv; in { diff --git a/home/modules/git.nix b/home/modules/git.nix index 92c4c12..e89e62a 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -1,17 +1,14 @@ -{ - config, - lib, - pkgs, - ... +{ config +, lib +, pkgs +, ... }: -with lib; -let +with lib; let cfg = config.dadada.home.git; allowedSigners = pkgs.writeTextFile { name = "allowed-signers"; text = '' dadada@dadada.li sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKu+pA5Vy0QPHJMjn2S5DCsqKg2UvDhOsBwvvJLf4HbyAAAABHNzaDo= dadada - dadada@dadada.li ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKRuecjbtDh4jyDZH3ccU9t0QFcAgZDBFO8ZWZBA9iT dadada@gorgon ''; }; in @@ -36,7 +33,7 @@ in user = { email = "dadada@dadada.li"; name = "Tim Schubert"; - signingKey = "key::ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKRuecjbtDh4jyDZH3ccU9t0QFcAgZDBFO8ZWZBA9iT dadada@gorgon"; + signingKey = "key::sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKu+pA5Vy0QPHJMjn2S5DCsqKg2UvDhOsBwvvJLf4HbyAAAABHNzaDo= dadada "; }; core = { whitespace = { diff --git a/home/modules/gpg.nix b/home/modules/gpg.nix index baa17dd..d1af776 100644 --- a/home/modules/gpg.nix +++ b/home/modules/gpg.nix @@ -1,10 +1,8 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.home.gpg; in { diff --git a/home/modules/gtk.nix b/home/modules/gtk.nix index 5dcd2e6..eb6dae8 100644 --- a/home/modules/gtk.nix +++ b/home/modules/gtk.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - pkgs, - ... +{ config +, lib +, pkgs +, ... }: -with lib; -let +with lib; let cfg = config.dadada.home.gtk; in { diff --git a/home/modules/helix/default.nix b/home/modules/helix/default.nix index 7717423..2ffdc51 100644 --- a/home/modules/helix/default.nix +++ b/home/modules/helix/default.nix @@ -1,9 +1,4 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: let cfg = config.dadada.home.helix; in diff --git a/home/modules/keyring.nix b/home/modules/keyring.nix index 48b8b54..e82d476 100644 --- a/home/modules/keyring.nix +++ b/home/modules/keyring.nix @@ -1,10 +1,8 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.home.keyring; in { diff --git a/home/modules/session.nix b/home/modules/session.nix index ba5c941..879400d 100644 --- a/home/modules/session.nix +++ b/home/modules/session.nix @@ -1,10 +1,8 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.home.session; in { diff --git a/home/modules/ssh.nix b/home/modules/ssh.nix index b8aab54..96f4ed3 100644 --- a/home/modules/ssh.nix +++ b/home/modules/ssh.nix @@ -1,10 +1,8 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.home.ssh; in { diff --git a/home/modules/syncthing.nix b/home/modules/syncthing.nix index 8095904..fd566b4 100644 --- a/home/modules/syncthing.nix +++ b/home/modules/syncthing.nix @@ -1,11 +1,9 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.home.syncthing; in { diff --git a/home/modules/tmux.nix b/home/modules/tmux.nix index 063b8f2..70f2974 100644 --- a/home/modules/tmux.nix +++ b/home/modules/tmux.nix @@ -1,10 +1,8 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.home.tmux; in { diff --git a/home/modules/xdg.nix b/home/modules/xdg.nix index 02cadaf..b093eca 100644 --- a/home/modules/xdg.nix +++ b/home/modules/xdg.nix @@ -1,11 +1,9 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: -with lib; -let +with lib; let apps = { "x-scheme-handler/mailto" = "evolution.desktop"; "message/rfc822" = "evolution.desktop"; @@ -31,7 +29,6 @@ in config = mkIf cfg.enable { xdg = { enable = true; - configHome = "${config.home.homeDirectory}/.config"; mimeApps = { enable = false; associations.added = apps; @@ -49,7 +46,7 @@ in home.packages = with pkgs; [ evince firefox - xdg-utils + xdg_utils ]; }; } diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index 96364ff..58cef5b 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -1,11 +1,9 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.home.zsh; in { @@ -28,9 +26,7 @@ in ignoreDups = true; ignoreSpace = true; save = 100000; - # FIXME https://github.com/junegunn/fzf/issues/4061 - #share = true; - share = false; + share = true; }; plugins = [ ]; @@ -44,10 +40,12 @@ in preexec() { echo -n -e "\033]0;$1\007" } - PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f"$'\n'"╰─> " + PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f " RPROMPT='$(git_super_status)' + #NIX_BUILD_SHELL="${pkgs.zsh}/bin/zsh" + ''; + profileExtra = '' ''; - profileExtra = ''''; shellAliases = { ga = "git add"; gc = "git commit"; diff --git a/home/nixpkgs-config.nix b/home/nixpkgs-config.nix index 6a29a63..83fcdbc 100644 --- a/home/nixpkgs-config.nix +++ b/home/nixpkgs-config.nix @@ -1,5 +1,4 @@ -{ pkgs }: -{ +{ pkgs }: { allowUnfree = true; allowUnfreePredicate = pkg: true; allowBroken = false; diff --git a/home/pkgs.nix b/home/pkgs.nix index 8fd23e8..67bf482 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -1,6 +1,5 @@ { pkgs }: -with pkgs; -[ +with pkgs; [ anki aqbanking aria2 @@ -15,21 +14,19 @@ with pkgs; bluez-tools btop # htop choose # alternative to cut and awk with more readable syntax - chromium colordiff darcs delta # feature-rich diff viewer dig direnv + dstat duf # disk usage - dune3d dyff # diff tool for YAML element-desktop evince evolution ffmpeg file - fuzzel fx # themable json viewer fzf fzf @@ -39,6 +36,7 @@ with pkgs; gimp glow glow # render markdown + gnome.gnome-tweaks gnumake gnupg gping # ping with graphs @@ -63,11 +61,13 @@ with pkgs; jameica jc # convert output to json josm + jujutsu jq - kanshi + jq + #jupyter + kcachegrind keepassxc kubetail - krita ldns liboping # oping, ping multiple hosts at once libreoffice @@ -80,11 +80,8 @@ with pkgs; mpv mtr mumble - nix-output-monitor ncurses newsflash - nixd - nixfmt-rfc-style nfs-utils niv nix-index @@ -106,11 +103,9 @@ with pkgs; prusa-slicer pv pwgen - (python3.withPackages (pkgs: [ - pkgs.pandas - pkgs.requests - ])) + python3 ranger + recipemd reptyr ripgrep ripgrep @@ -122,7 +117,6 @@ with pkgs; skim # fzf in Rust slurp socat - solvespace spotify sqlite sshfs-fuse @@ -134,17 +128,17 @@ with pkgs; ttyd unzip usbutils - vegur virt-manager viu # view images from the terminal vscodium whois wireshark - xdg-utils + xdg_utils xmlstarlet + xsv # cut for csv unixtools.xxd xxh # portable shells - yt-dlp + youtube-dl # zotero Marked as insecure zeal zk diff --git a/home/status b/home/status deleted file mode 100755 index e24816b..0000000 --- a/home/status +++ /dev/null @@ -1,138 +0,0 @@ -#!/usr/bin/env python3 - -import json -import sys -import time -import requests -import logging -import subprocess - -from datetime import datetime - -logger = logging.getLogger(__name__) - - -class Status: - def status(self): - return None - - -class Cat(Status): - index = 0 - - def status(self): - cat_width = 200 - index = self.index - catwalk = "🐈🏳️‍🌈" + " " * index - self.index = (index + 1) % cat_width - - return {"full_text": catwalk} - - -class Space(Status): - backoff = 0 - c_status = None - - def status(self): - backoff = self.backoff - if self.backoff == 0: - self.update() - - return {"full_text": self.c_status} - - def update(self): - spacestatus_url = "https://status.stratum0.org/status.json" - resp = requests.get(url=spacestatus_url) - self.backoff = (self.backoff + 1) % 120 - data = resp.json() - if data["isOpen"]: - since = datetime.strptime(data["since"], "%Y-%m-%dT%H:%M:%S.%f").strftime("%A at %H:%M") - spacestatus = f"Space is open since {since}" - else: - spacestatus = "Space is closed" - self.c_status = spacestatus - - -class Battery(Status): - capacity_file = open('/sys/class/power_supply/BAT0/capacity', 'r') - status_file = open('/sys/class/power_supply/BAT0/status', 'r') - - def status(self): - self.status_file.seek(0) - status = self.status_file.read().rstrip() - - self.capacity_file.seek(0) - capacity = self.capacity_file.read().rstrip() - - battery = f"{status} {capacity}%" - - return {"full_text": battery} - - -class Time(Status): - def status(self): - now = datetime.now() - match now.isocalendar().week % 10: - case 1: - th = "st" - case 2: - th = "nd" - case 3: - th = "rd" - case _: - th = "th" - return {"full_text": now.strftime(f"%V{th} %A %H:%M") } - - -class FailedUnits(Status): - def status(self): - proc = subprocess.run(["systemctl", "list-units", "--failed"], capture_output = True) - stdout = proc.stdout.decode('utf-8') - failed = 0 - for line in stdout: - if 'failed' in line: - failed += 1 - if failed == 0: - return {"full_text": f"No failed units"} - else: - return {"full_text": f"There are {failed} failed units", "color": "#ff0000"} - - -def print_header(): - header = { - "version": 1, - "click_events": False, - } - print(json.dumps(header)) - print("[") - - -def run(interval, widgets): - print_header() - - while True: - body = [] - - for widget in widgets: - try: - status = widget.status() - except Exception as e: - logger.error(e) - if status: - body += status, - - print(json.dumps(body), ",", flush=True) - - ts = interval - (time.time() % interval) - time.sleep(ts) - - -if __name__ == "__main__": - logging.basicConfig(level=logging.INFO) - - # Interval in seconds - interval = 1.0 - - widgets = [Cat(), FailedUnits(), Space(), Battery(), Time()] - - run(interval, widgets) diff --git a/hydra-jobs.nix b/hydra-jobs.nix index 3369943..1d7dde7 100644 --- a/hydra-jobs.nix +++ b/hydra-jobs.nix @@ -1,4 +1,5 @@ { self, nixpkgs, ... }: -(nixpkgs.lib.mapAttrs' ( - name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel -) self.nixosConfigurations) +(nixpkgs.lib.mapAttrs' + (name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel) + self.nixosConfigurations +) diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index ba00c29..c8ab058 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -1,8 +1,7 @@ -{ - config, - modulesPath, - pkgs, - ... +{ config +, modulesPath +, pkgs +, ... }: { imports = [ @@ -31,10 +30,7 @@ fileSystems."/swap" = { device = "/dev/sda1"; fsType = "btrfs"; - options = [ - "subvol=/root/swap" - "noatime" - ]; + options = [ "subvol=/root/swap" "noatime" ]; }; #swapDevices = [{ @@ -53,14 +49,7 @@ networking.hostName = "agares"; networking.domain = "bs.dadada.li"; - boot.initrd.availableKernelModules = [ - "xhci_pci" - "ahci" - "ehci_pci" - "usb_storage" - "sd_mod" - "sdhci_pci" - ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; boot.initrd.kernelModules = [ "dm-snapshot" ]; # Use the GRUB 2 boot loader. diff --git a/nixos/agares/dns.nix b/nixos/agares/dns.nix index fe2843f..7e52d8b 100644 --- a/nixos/agares/dns.nix +++ b/nixos/agares/dns.nix @@ -66,10 +66,7 @@ ]; stub-zone = let - stubZone = name: addrs: { - name = "${name}"; - stub-addr = addrs; - }; + stubZone = name: addrs: { name = "${name}"; stub-addr = addrs; }; in [ #(stubZone "li.dadada.bs" ["192.168.128.220" "2a01:4f8:c010:a710::1"]) diff --git a/nixos/agares/network.nix b/nixos/agares/network.nix index 6d86d22..af15e05 100644 --- a/nixos/agares/network.nix +++ b/nixos/agares/network.nix @@ -10,10 +10,7 @@ in enable = true; links = { "10-persistent" = { - matchConfig.OriginalName = [ - "enp1s0" - "enp2s0" - ]; # takes search domains from the [Network] + matchConfig.OriginalName = [ "enp1s0" "enp2s0" ]; # takes search domains from the [Network] linkConfig.MACAddressPolicy = "persistent"; }; }; @@ -52,21 +49,19 @@ in PrivateKeyFile = config.age.secrets."wg-privkey-vpn-dadada-li".path; ListenPort = 51234; }; - wireguardPeers = [ - { - wireguardPeerConfig = - let - peerAddresses = i: [ - "${ipv4Prefix}.120.${i}/32" - "${ulaPrefix}:120::${i}/128" - ]; - in - { - PublicKey = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU="; - AllowedIPs = peerAddresses "3"; - }; - } - ]; + wireguardPeers = [{ + wireguardPeerConfig = + let + peerAddresses = i: [ + "${ipv4Prefix}.120.${i}/32" + "${ulaPrefix}:120::${i}/128" + ]; + in + { + PublicKey = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU="; + AllowedIPs = peerAddresses "3"; + }; + }]; }; "20-wg0" = { netdevConfig = { @@ -142,10 +137,7 @@ in "10-mgmt" = lib.mkMerge [ (subnet "enp1s0" "100") { - networkConfig.VLAN = [ - "lan.10" - "ff.11" - ]; + networkConfig.VLAN = [ "lan.10" "ff.11" ]; dhcpServerStaticLeases = [ { # legion @@ -166,24 +158,13 @@ in ]; "30-wg0" = { matchConfig.Name = "wg0"; - address = [ - "10.3.3.2/32" - "fd42:9c3b:f96d:121::2/128" - ]; + address = [ "10.3.3.2/32" "fd42:9c3b:f96d:121::2/128" ]; DHCP = "no"; networkConfig.IPv6AcceptRA = false; linkConfig.RequiredForOnline = false; routes = [ - { - routeConfig = { - Destination = "10.3.3.1/24"; - }; - } - { - routeConfig = { - Destination = "fd42:9c3b:f96d:121::1/64"; - }; - } + { routeConfig = { Destination = "10.3.3.1/24"; }; } + { routeConfig = { Destination = "fd42:9c3b:f96d:121::1/64"; }; } ]; }; "30-lan" = subnet "lan.10" "101" // { @@ -285,14 +266,10 @@ in linkConfig.RequiredForOnline = false; routes = [ { - routeConfig = { - Destination = "${ipv4Prefix}.120.1/24"; - }; + routeConfig = { Destination = "${ipv4Prefix}.120.1/24"; }; } { - routeConfig = { - Destination = "${ulaPrefix}::120:1/64"; - }; + routeConfig = { Destination = "${ulaPrefix}::120:1/64"; }; } ]; }; diff --git a/nixos/agares/ppp.nix b/nixos/agares/ppp.nix index ffa5bc4..dc26e46 100644 --- a/nixos/agares/ppp.nix +++ b/nixos/agares/ppp.nix @@ -1,9 +1,4 @@ -{ - pkgs, - lib, - config, - ... -}: +{ pkgs, lib, config, ... }: let secretsPath = config.dadada.secrets.path; in diff --git a/nixos/configurations.nix b/nixos/configurations.nix index adacb51..d587829 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -1,73 +1,51 @@ -{ - self, - agenix, - home-manager, - homepage, - nixos-hardware, - nixos-generators, - nixpkgs, - nixpkgs-small, - ... +{ self +, agenix +, nixpkgs +, home-manager +, homepage +, nixos-hardware +, nixos-generators +, ... }@inputs: let - nixosSystem = - { - nixpkgs, - system ? "x86_64-linux", - extraModules ? [ ], - }: - nixpkgs.lib.nixosSystem { - inherit system; + nixosSystem = { system ? "x86_64-linux", extraModules ? [ ] }: nixpkgs.lib.nixosSystem { + inherit system; - modules = - [ - { - nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; - } - ] - ++ (nixpkgs.lib.attrValues self.nixosModules) - ++ [ agenix.nixosModules.age ] - ++ extraModules; - }; + modules = [{ + + nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; + }] ++ (nixpkgs.lib.attrValues self.nixosModules) ++ [ agenix.nixosModules.age ] ++ extraModules; + }; in { - gorgon = - let - system = "x86_64-linux"; - in - nixosSystem { - inherit nixpkgs system; + gorgon = nixosSystem rec { + system = "x86_64-linux"; - extraModules = [ + extraModules = [ + { + nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; + dadada.pkgs = self.packages.${system}; + dadada.inputs = inputs // { dadada = self; }; + } + + nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 + + home-manager.nixosModules.home-manager + ({ pkgs, lib, ... }: { - nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; - dadada.pkgs = self.packages.${system}; - dadada.inputs = inputs // { - dadada = self; - }; - } - - nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 - - home-manager.nixosModules.home-manager - ( - { pkgs, lib, ... }: - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ - { dadada.home.helix.package = pkgs.helix; } - { manual.manpages.enable = false; } - ]; - home-manager.users.dadada = import ../home; - } - ) - ./gorgon/configuration.nix - ]; - }; + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ + { dadada.home.helix.package = pkgs.helix; } + { manual.manpages.enable = false; } + ]; + home-manager.users.dadada = import ../home; + }) + ./gorgon/configuration.nix + ]; + }; surgat = nixosSystem { - nixpkgs = nixpkgs-small; system = "x86_64-linux"; extraModules = [ { @@ -79,38 +57,32 @@ in }; agares = nixosSystem { - nixpkgs = nixpkgs-small; extraModules = [ ./agares/configuration.nix ]; }; - installer = - let - nixpkgs = nixpkgs-small; - in - nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - nixos-generators.nixosModules.install-iso - self.nixosModules.admin - { - isoImage.isoName = nixpkgs.lib.mkForce "dadada-nixos-installer.iso"; - networking.tempAddresses = "disabled"; - dadada.admin.enable = true; - documentation.enable = true; - documentation.nixos.enable = true; - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - } - ]; - }; + installer = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + nixos-generators.nixosModules.install-iso + self.nixosModules.admin + { + isoImage.isoName = nixpkgs.lib.mkForce "dadada-nixos-installer.iso"; + networking.tempAddresses = "disabled"; + dadada.admin.enable = true; + documentation.enable = true; + documentation.nixos.enable = true; + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; + } + ]; + }; ninurta = nixosSystem { - nixpkgs = nixpkgs-small; extraModules = [ ./ninurta/configuration.nix ]; diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 9c8b8e3..b2da49d 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -1,8 +1,7 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: let xilinxJtag = pkgs.writeTextFile { @@ -35,8 +34,6 @@ in ./hardware-configuration.nix ]; - dadada.backupClient.bs.enable = false; - dadada.backupClient.backup1.enable = true; dadada.backupClient.backup2 = { enable = true; passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path; @@ -44,10 +41,6 @@ in repo = "u355513-sub1@u355513-sub1.your-storagebox.de:/home/backup"; }; - nixpkgs.config.android_sdk.accept_license = true; - - programs.ssh.startAgent = true; - nix.extraOptions = '' experimental-features = nix-command flakes # Prevent garbage collection for nix shell and direnv @@ -105,18 +98,13 @@ in passwordFile = config.age.secrets.paperless.path; }; - systemd.tmpfiles.rules = - let - cfg = config.services.paperless; - in - [ - ( - if cfg.consumptionDirIsPublic then - "d '${cfg.consumptionDir}' 777 - - - -" - else - "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -" - ) - ]; + systemd.tmpfiles.rules = let cfg = config.services.paperless; in [ + (if cfg.consumptionDirIsPublic then + "d '${cfg.consumptionDir}' 777 - - - -" + else + "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -" + ) + ]; age.secrets.paperless = { file = "${config.dadada.secrets.path}/paperless.age"; @@ -136,29 +124,10 @@ in ]; }; - hardware.printers.ensurePrinters = [ - { - name = "Brother_HL-L2300D"; - model = "everywhere"; - location = "BS"; - deviceUri = "ipp://192.168.101.29:631/printers/Brother_HL-L2300D"; - } - ]; - environment.systemPackages = with pkgs; [ - android-studio + chromium ghostscript smartmontools - - dmenu - grim # screenshot functionality - slurp # screenshot functionality - #mako # notification system developed by swaywm maintainer - pulseaudio - - # KDE apps - kdePackages.kmail - kdePackages.kmail-account-wizard ]; networking.firewall = { @@ -174,16 +143,7 @@ in systemd.services.modem-manager.enable = lib.mkForce false; systemd.services."dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false; - systemd.sleep.extraConfig = '' - HibernateDelaySec=1h - ''; - - services.udev.packages = [ - xilinxJtag - saleaeLogic - keychron - pkgs.libsigrok - ]; # noMtpUdevRules ]; + services.udev.packages = [ xilinxJtag saleaeLogic keychron ]; #noMtpUdevRules ]; virtualisation.libvirtd.enable = true; @@ -195,20 +155,7 @@ in users.users = { dadada = { isNormalUser = true; - extraGroups = [ - "wheel" - "networkmanager" - "libvirtd" - "adbusers" - "kvm" - "video" - "scanner" - "lp" - "docker" - "dialout" - "wireshark" - "paperless" - ]; + extraGroups = [ "wheel" "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" "dialout" "wireshark" "paperless" ]; shell = "/run/current-system/sw/bin/zsh"; }; }; @@ -217,44 +164,44 @@ in "127.0.0.2" = [ "kanboard.dadada.li" ]; }; + # https://lists.zx2c4.com/pipermail/wireguard/2017-November/002028.html + systemd.timers.wg-reresolve-dns = { + wantedBy = [ "timers.target" ]; + partOf = [ "wg-reresolve-dns.service" ]; + timerConfig.OnCalendar = "hourly"; + }; + + systemd.services.wg-reresolve-dns = + let + vpnPubKey = "x/y6I59buVzv9Lfzl+b17mGWbzxU+3Ke9mQNa1DLsDI="; + in + { + serviceConfig.Type = "oneshot"; + script = '' + ${pkgs.wireguard-tools}/bin/wg set dadada peer ${vpnPubKey} endpoint vpn.dadada.li:51234 persistent-keepalive 25 allowed-ips fd42:9c3b:f96d::/48 + ''; + }; + + #networking.wg-quick.interfaces.mullvad = { + # address = [ "10.68.15.202/32" "fc00:bbbb:bbbb:bb01::5:fc9/128" ]; + # privateKeyFile = "/var/lib/wireguard/mullvad"; + # peers = [ + # { + # publicKey = "Ec/wwcosVal9Kjc97ZuTTV7Dy5c0/W5iLet7jrSEm2k="; + # allowedIPs = [ "0.0.0.0/0" "::0/0" ]; + # endpoint = "193.27.14.66:51820"; + # persistentKeepalive = 25; + # } + # ]; + # postUp = "${pkgs.iproute2}/bin/ip rule add to 193.27.14.66 lookup main"; + #}; + services.gnome.gnome-keyring.enable = lib.mkForce false; programs.gnupg.agent.enable = true; - # KDE - services = { - desktopManager.plasma6.enable = true; - displayManager.sddm.enable = true; - displayManager.sddm.wayland.enable = true; - }; - services.greetd = { - enable = false; - settings = { - default_session = { - command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway"; - user = "greeter"; - }; - }; - }; - systemd.user.services.kanshi = { - enable = false; - description = "kanshi daemon"; - environment = { - WAYLAND_DISPLAY = "wayland-1"; - DISPLAY = ":0"; - }; - serviceConfig = { - Type = "simple"; - ExecStart = ''${pkgs.kanshi}/bin/kanshi''; - }; - }; - # enable Sway window manager - programs.sway = { - enable = false; - wrapperFeatures.gtk = true; - }; - programs.light.enable = true; - xdg.portal.wlr.enable = false; - hardware.bluetooth.enable = true; + services.xserver.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.xserver.displayManager.gdm.enable = true; hardware.opengl = { enable = true; @@ -264,16 +211,5 @@ in ]; }; - powerManagement = { - enable = true; - powertop.enable = true; - cpuFreqGovernor = "schedutil"; - powerUpCommands = '' - echo 40 > /sys/class/power_supply/BAT0/charge_control_start_threshold - echo 80 > /sys/class/power_supply/BAT0/charge_control_stop_threshold - ''; - }; - services.tlp.enable = false; - system.stateVersion = "23.11"; } diff --git a/nixos/gorgon/hardware-configuration.nix b/nixos/gorgon/hardware-configuration.nix index 30d7447..4155fae 100644 --- a/nixos/gorgon/hardware-configuration.nix +++ b/nixos/gorgon/hardware-configuration.nix @@ -1,26 +1,17 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: -{ +{ config +, lib +, pkgs +, modulesPath +, ... +}: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ - "nvme" - "ehci_pci" - "xhci_pci" - "usb_storage" - "sd_mod" - "rtsx_pci_sdmmc" - ]; + boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; diff --git a/nixos/modules/admin.nix b/nixos/modules/admin.nix index 07323da..873832d 100644 --- a/nixos/modules/admin.nix +++ b/nixos/modules/admin.nix @@ -1,16 +1,11 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.admin; - extraGroups = [ - "wheel" - "libvirtd" - ]; + extraGroups = [ "wheel" "libvirtd" ]; shells = { "bash" = pkgs.bashInteractive; @@ -21,32 +16,22 @@ let shellNames = builtins.attrNames shells; adminOpts = - { - name, - config, - ... - }: - { + { name + , config + , ... + }: { options = { keys = mkOption { type = types.listOf types.str; default = [ ]; - apply = - x: - assert (builtins.length x > 0 || abort "Please specify at least one key to be able to log in"); - x; + apply = x: assert (builtins.length x > 0 || abort "Please specify at least one key to be able to log in"); x; description = '' The keys that should be able to access the account. ''; }; shell = mkOption { type = types.nullOr types.str; - apply = - x: - assert ( - builtins.elem x shellNames || abort "Please specify one of ${builtins.toString shellNames}" - ); - x; + apply = x: assert (builtins.elem x shellNames || abort "Please specify one of ${builtins.toString shellNames}"); x; default = "zsh"; defaultText = literalExpression "zsh"; example = literalExpression "bash"; @@ -96,12 +81,15 @@ in security.sudo.wheelNeedsPassword = false; services.openssh.openFirewall = true; - users.users = mapAttrs (user: keys: { - shell = shells."${keys.shell}"; - extraGroups = extraGroups; - isNormalUser = true; - openssh.authorizedKeys.keys = keys.keys; - }) cfg.users; + users.users = + mapAttrs + (user: keys: { + shell = shells."${keys.shell}"; + extraGroups = extraGroups; + isNormalUser = true; + openssh.authorizedKeys.keys = keys.keys; + }) + cfg.users; nix.settings.trusted-users = builtins.attrNames cfg.users; @@ -115,7 +103,7 @@ in services.tor.relay.onionServices = { "rat" = mkIf cfg.rat.enable { name = "rat"; - map = [ { port = 22; } ]; + map = [{ port = 22; }]; }; }; }; diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index 095fd35..c18aeb8 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -1,11 +1,9 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: -with lib; -let +with lib; let backupExcludes = [ "/backup" "/dev" @@ -158,7 +156,7 @@ in }; }; - services.borgbackup.jobs.backup1 = mkIf cfg.backup1.enable { + services.borgbackup.jobs.backup1 = mkIf cfg.bs.enable { paths = "/"; exclude = backupExcludes; repo = "borg@backup1.dadada.li:/mnt/storage/backups/${config.networking.hostName}"; diff --git a/nixos/modules/borg-server.nix b/nixos/modules/borg-server.nix index 594f356..c1aceeb 100644 --- a/nixos/modules/borg-server.nix +++ b/nixos/modules/borg-server.nix @@ -1,11 +1,6 @@ { config, lib, ... }: let - inherit (lib) - mkEnableOption - mkIf - mkOption - types - ; + inherit (lib) mkEnableOption mkIf mkOption types; cfg = config.dadada.borgServer; in { @@ -25,41 +20,31 @@ in services.borgbackup.repos = { "metis" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis" - ]; + authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis" ]; path = "${cfg.path}/metis"; quota = "1T"; }; "gorgon" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon" - ]; + authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon" ]; path = "${cfg.path}/gorgon"; quota = "1T"; }; "surgat" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat" - ]; + authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat" ]; path = "${cfg.path}/surgat"; quota = "50G"; }; "pruflas" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk7f9DSnXCOIUsxFsjCKG23vHShV4TSzzPJunPOwa1I root@pruflas" - ]; + authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk7f9DSnXCOIUsxFsjCKG23vHShV4TSzzPJunPOwa1I root@pruflas" ]; path = "${cfg.path}/pruflas"; quota = "50G"; }; "wohnzimmerpi" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi" - ]; + authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi" ]; path = "${cfg.path}/wohnzimmerpi"; quota = "50G"; }; diff --git a/nixos/modules/ddns.nix b/nixos/modules/ddns.nix index 594be6d..af7d725 100644 --- a/nixos/modules/ddns.nix +++ b/nixos/modules/ddns.nix @@ -1,70 +1,52 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.ddns; - ddnsConfig = - { - domains, - credentialsPath, - interface, - }: - { - systemd.timers = listToAttrs ( - forEach domains ( - domain: - nameValuePair "ddns-${domain}" { - wantedBy = [ "timers.target" ]; - partOf = [ "ddns-${domain}.service" ]; - timerConfig.OnCalendar = "hourly"; - } - ) - ); + ddnsConfig = { domains, credentialsPath, interface }: { + systemd.timers = listToAttrs (forEach domains (domain: + nameValuePair "ddns-${domain}" + { + wantedBy = [ "timers.target" ]; + partOf = [ "ddns-${domain}.service" ]; + timerConfig.OnCalendar = "hourly"; + })); - systemd.services = listToAttrs ( - forEach domains ( - domain: - nameValuePair "ddns-${domain}" { - serviceConfig = { - Type = "oneshot"; - PrivateTmp = true; - PrivateDevices = true; - PrivateUsers = true; - PrivateMounts = true; - PrivateIPC = true; - ProtectHome = true; - ProtectSystem = "strict"; - ProtectKernelTunables = true; - BindReadOnlyPaths = [ credentialsPath ]; - NoNewPrivileges = true; - CapabilitBoundingSet = [ ]; - }; - script = '' - function url() { - echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3" - } + systemd.services = listToAttrs (forEach domains (domain: + nameValuePair "ddns-${domain}" + { + serviceConfig = { + Type = "oneshot"; + PrivateTmp = true; + PrivateDevices = true; + PrivateUsers = true; + PrivateMounts = true; + PrivateIPC = true; + ProtectHome = true; + ProtectSystem = "strict"; + ProtectKernelTunables = true; + BindReadOnlyPaths = [ credentialsPath ]; + NoNewPrivileges = true; + CapabilitBoundingSet = [ ]; + }; + script = '' + function url() { + echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3" + } - IFS=':' - read -r user password < ${credentialsPath} - unset IFS + IFS=':' + read -r user password < ${credentialsPath} + unset IFS - curl_url=$(url "$user" "$password" ${domain}) + curl_url=$(url "$user" "$password" ${domain}) - ${pkgs.curl}/bin/curl --ipv4 "$curl_url" ${ - if interface == null then "" else "--interface ${interface}" - } || true - ${pkgs.curl}/bin/curl --ipv6 "$curl_url" ${ - if interface == null then "" else "--interface ${interface}" - } - ''; - } - ) - ); - }; + ${pkgs.curl}/bin/curl --ipv4 "$curl_url" ${if interface == null then "" else "--interface ${interface}"} || true + ${pkgs.curl}/bin/curl --ipv6 "$curl_url" ${if interface == null then "" else "--interface ${interface}"} + ''; + })); + }; in { options = { diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index fa94c8c..d0554cc 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -1,16 +1,8 @@ { lib, ... }: -with lib; -let - modules' = - dir: - filterAttrs ( - name: type: - (name != "default.nix" && name != "profiles" && ((hasSuffix ".nix" name) || (type == "directory"))) - ) (builtins.readDir dir); - modules = - dir: - mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) ( - modules' dir - ); +with lib; let + modules' = dir: filterAttrs (name: type: (name != "default.nix" && name != "profiles" && ((hasSuffix ".nix" name) || (type == "directory")))) + (builtins.readDir dir); + modules = dir: mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) + (modules' dir); in (modules ./.) diff --git a/nixos/modules/element.nix b/nixos/modules/element.nix index 2fcefec..2a45da1 100644 --- a/nixos/modules/element.nix +++ b/nixos/modules/element.nix @@ -1,8 +1,7 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: let cfg = config.dadada.element; diff --git a/nixos/modules/fileShare.nix b/nixos/modules/fileShare.nix index a3a72ba..5b6a0f2 100644 --- a/nixos/modules/fileShare.nix +++ b/nixos/modules/fileShare.nix @@ -1,10 +1,8 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.fileShare; sharePath = "/mnt/storage/share"; ipv6 = "fd42:dead:beef::/48"; diff --git a/nixos/modules/gitea.nix b/nixos/modules/gitea.nix index 783bf6f..f73ddc0 100644 --- a/nixos/modules/gitea.nix +++ b/nixos/modules/gitea.nix @@ -1,8 +1,7 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: let cfg = config.dadada.forgejo; @@ -38,11 +37,6 @@ in LANDING_PAGE = "explore"; OFFLINE_MODE = true; DISABLE_SSH = false; - - # Use built-in SSH server - START_SSH_SERVER = true; - SSH_PORT = 22; - DOMAIN = "git.dadada.li"; }; picture = { @@ -75,12 +69,6 @@ in vmOverCommit = true; }; - systemd.services.forgejo.serviceConfig = { - AmbientCapabilities = lib.mkForce "CAP_NET_BIND_SERVICE"; - CapabilityBoundingSet = lib.mkForce "CAP_NET_BIND_SERVICE"; - PrivateUsers = lib.mkForce false; - }; - services.nginx.virtualHosts."git.${config.networking.domain}" = { enableACME = true; forceSSL = true; diff --git a/nixos/modules/headphones.nix b/nixos/modules/headphones.nix index 877be07..585a5dd 100644 --- a/nixos/modules/headphones.nix +++ b/nixos/modules/headphones.nix @@ -1,11 +1,9 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.headphones; in { diff --git a/nixos/modules/homepage.nix b/nixos/modules/homepage.nix index 193e71e..b04c3b2 100644 --- a/nixos/modules/homepage.nix +++ b/nixos/modules/homepage.nix @@ -1,13 +1,11 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: let cfg = config.dadada.homepage; in -with lib; -{ +with lib; { options.dadada.homepage = { enable = mkEnableOption "Enable home page"; package = mkOption { diff --git a/nixos/modules/inputs.nix b/nixos/modules/inputs.nix index 9d18883..4db219c 100644 --- a/nixos/modules/inputs.nix +++ b/nixos/modules/inputs.nix @@ -1,8 +1,7 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: let cfg = config.dadada.inputs; diff --git a/nixos/modules/profiles/backup.nix b/nixos/modules/profiles/backup.nix index d333804..a69a89c 100644 --- a/nixos/modules/profiles/backup.nix +++ b/nixos/modules/profiles/backup.nix @@ -4,7 +4,7 @@ let in { dadada.backupClient.bs = { - enable = lib.mkDefault false; + enable = lib.mkDefault true; passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path; sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; }; @@ -21,8 +21,6 @@ in sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; }; - age.secrets."${config.networking.hostName}-backup-passphrase".file = - "${secretsPath}/${config.networking.hostName}-backup-passphrase.age"; - age.secrets."${config.networking.hostName}-backup-ssh-key".file = - "${secretsPath}/${config.networking.hostName}-backup-ssh-key.age"; + age.secrets."${config.networking.hostName}-backup-passphrase".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase.age"; + age.secrets."${config.networking.hostName}-backup-ssh-key".file = "${secretsPath}/${config.networking.hostName}-backup-ssh-key.age"; } diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index b681d72..56e17cd 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -1,9 +1,4 @@ -{ - config, - lib, - pkgs, - ... -}: +{ config, lib, ... }: let mkDefault = lib.mkDefault; inputs = config.dadada.inputs; @@ -13,26 +8,15 @@ in ./upgrade-pg-cluster.nix ]; - boot.tmp.useTmpfs = true; - boot.tmp.tmpfsSize = "50%"; - i18n.defaultLocale = mkDefault "en_US.UTF-8"; console = mkDefault { font = "Lat2-Terminus16"; keyMap = "us"; }; - i18n.supportedLocales = mkDefault [ - "C.UTF-8/UTF-8" - "en_US.UTF-8/UTF-8" - "de_DE.UTF-8/UTF-8" - ]; - time.timeZone = mkDefault "Europe/Berlin"; - nix.package = pkgs.lix; - - nix.settings.substituters = [ "https://cache.nixos.org/" ]; + nix.settings.substituters = [ https://cache.nixos.org/ ]; nix.settings.trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" @@ -61,14 +45,9 @@ in services.resolved = { enable = mkDefault true; - fallbackDns = [ - "9.9.9.9#dns.quad9.net" - "2620:fe::fe:11#dns11.quad9.net" - ]; + fallbackDns = [ "9.9.9.9#dns.quad9.net" "2620:fe::fe:11#dns11.quad9.net" ]; }; programs.zsh.enable = mkDefault true; - - # Avoid some bots - services.openssh.ports = [ 2222 ]; } + diff --git a/nixos/modules/profiles/cloud.nix b/nixos/modules/profiles/cloud.nix index de57714..98314c7 100644 --- a/nixos/modules/profiles/cloud.nix +++ b/nixos/modules/profiles/cloud.nix @@ -5,44 +5,30 @@ let in { boot.initrd.availableKernelModules = [ "virtio-pci" ]; - - boot.kernelParams = [ - # Wait forever for the filesystem root to show up - "rootflags=x-systemd.device-timeout=0" - - # Wait forever to enter the LUKS passphrase via SSH - "rd.luks.options=timeout=0" - ]; boot.initrd.network = { enable = true; ssh = { enable = true; - port = 2223; + port = 22; hostKeys = [ config.age.secrets."${initrdHostKey}".path ]; - authorizedKeys = - with lib; - concatLists ( - mapAttrsToList ( - name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else [ ] - ) config.users.users - ); + authorizedKeys = with lib; + concatLists (mapAttrsToList + (name: user: + if elem "wheel" user.extraGroups then + user.openssh.authorizedKeys.keys + else + [ ]) + config.users.users); }; postCommands = '' echo 'cryptsetup-askpass' >> /root/.profile ''; }; - assertions = lib.singleton { - assertion = - (config.boot.initrd.network.ssh.hostKeys != [ ]) - -> config.boot.loader.supportsInitrdSecrets == true; - message = "Refusing to store private keys in store"; - }; - age.secrets."${initrdHostKey}" = { - file = "${secretsPath}/initrd-${initrdHostKey}.age"; + file = "${secretsPath}/${initrdHostKey}.age"; mode = "600"; path = "/etc/initrd/${initrdHostKey}"; symlink = false; diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index d9f0bde..cc36988 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -1,14 +1,13 @@ -{ - config, - lib, - ... +{ config +, pkgs +, lib +, ... }: let inputs = config.dadada.inputs; secretsPath = config.dadada.secrets.path; in -with lib; -{ +with lib; { imports = [ ./backup.nix ./base.nix @@ -17,15 +16,20 @@ with lib; networking.domain = mkDefault "dadada.li"; services.fwupd.enable = mkDefault true; + programs.ssh.startAgent = true; programs.ssh.enableAskPassword = true; programs.nix-ld.enable = true; - nix.nixPath = mapAttrsToList (name: value: "${name}=${value}") inputs; - nix.registry = mkForce (mapAttrs' (name: value: nameValuePair name { flake = value; }) inputs); + nix.nixPath = lib.mapAttrsToList (name: value: "${name}=${value}") inputs; + nix.registry = lib.mapAttrs' (name: value: lib.nameValuePair name { flake = value; }) inputs; nix.settings.flake-registry = "${config.dadada.inputs.flake-registry}/flake-registry.json"; age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + fonts.packages = mkDefault (with pkgs; [ + source-code-pro + ]); + users.mutableUsers = mkDefault true; # Use the systemd-boot EFI boot loader. @@ -55,6 +59,5 @@ with lib; passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase-gs".path; }; - age.secrets."${config.networking.hostName}-backup-passphrase-gs".file = - "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age"; + age.secrets."${config.networking.hostName}-backup-passphrase-gs".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age"; } diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index 724655f..c10979a 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -1,11 +1,9 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: -with lib; -{ +with lib; { imports = [ ./backup.nix ./base.nix @@ -18,18 +16,15 @@ with lib; documentation.enable = mkDefault false; documentation.nixos.enable = mkDefault false; - services.btrfs.autoScrub.enable = mkDefault ( - (filterAttrs (name: fs: fs.fsType == "btrfs") config.fileSystems) != { } - ); + services.btrfs.autoScrub.enable = mkDefault ((filterAttrs (name: fs: fs.fsType == "btrfs") config.fileSystems) != { }); services.journald.extraConfig = '' SystemKeepFree = 2G - MaxRetentionSec = 100days ''; system.autoUpgrade = { enable = true; - flake = "https://git.dadada.li/dadada/nix-config/archive/main.tar.gz#${config.networking.hostName}"; + flake = "github:dadada/nix-config#${config.networking.hostName}"; allowReboot = mkDefault false; randomizedDelaySec = "45min"; }; diff --git a/nixos/modules/profiles/upgrade-pg-cluster.nix b/nixos/modules/profiles/upgrade-pg-cluster.nix index 486bf29..3042265 100644 --- a/nixos/modules/profiles/upgrade-pg-cluster.nix +++ b/nixos/modules/profiles/upgrade-pg-cluster.nix @@ -1,9 +1,4 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: { environment.systemPackages = lib.mkIf config.services.postgresql.enable [ ( diff --git a/nixos/modules/share.nix b/nixos/modules/share.nix index 7c7410b..a4e5f9c 100644 --- a/nixos/modules/share.nix +++ b/nixos/modules/share.nix @@ -1,11 +1,9 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.share; in { diff --git a/nixos/modules/steam.nix b/nixos/modules/steam.nix index b6b0846..82944eb 100644 --- a/nixos/modules/steam.nix +++ b/nixos/modules/steam.nix @@ -1,11 +1,9 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.steam; in { diff --git a/nixos/modules/sway.nix b/nixos/modules/sway.nix new file mode 100644 index 0000000..190d13e --- /dev/null +++ b/nixos/modules/sway.nix @@ -0,0 +1,40 @@ +{ config, pkgs, lib, ... }: +let + cfg = config.dadada.sway; +in +{ + options = { + dadada.sway.enable = lib.mkEnableOption "Enable sway"; + }; + + config = lib.mkIf cfg.enable { + programs.sway = { + enable = true; + wrapperFeatures.gtk = true; + wrapperFeatures.base = true; + extraPackages = with pkgs; [ + qt5.qtwayland + swayidle + xwayland + mako + kanshi + kitty + i3status + bemenu + xss-lock + swaylock + brightnessctl + playerctl + ]; + extraSessionCommands = '' + export SDL_VIDEODRIVER=wayland + # needs qt5.qtwayland in systemPackages + export QT_QPA_PLATFORM=wayland + export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" + # Fix for some Java AWT applications (e.g. Android Studio), + # use this if they aren't displayed properly: + export _JAVA_AWT_WM_NONREPARENTING=1 + ''; + }; + }; +} diff --git a/nixos/modules/vpnServer.nix b/nixos/modules/vpnServer.nix index ee2298e..6c0513f 100644 --- a/nixos/modules/vpnServer.nix +++ b/nixos/modules/vpnServer.nix @@ -1,32 +1,28 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.vpnServer; - wgPeer = - { name, ... }: - { - options = { - name = mkOption { - internal = true; - default = name; - }; - id = mkOption { - description = "VPN client id"; - default = 0; - type = types.str; - }; - key = mkOption { - description = "VPN client public key"; - default = ""; - type = types.str; - }; + wgPeer = { name, ... }: { + options = { + name = mkOption { + internal = true; + default = name; + }; + id = mkOption { + description = "VPN client id"; + default = 0; + type = types.str; + }; + key = mkOption { + description = "VPN client public key"; + default = ""; + type = types.str; }; }; + }; in { options.dadada.vpnServer = { @@ -45,10 +41,13 @@ in privateKeyFile = "/var/lib/wireguard/wg0-key"; ips = [ "fd42:9c3b:f96d:0201::0/64" ]; listenPort = 51234; - peers = map (peer: { - allowedIPs = [ "fd42:9c3b:f96d:0201::${peer.id}/128" ]; - publicKey = peer.key; - }) (attrValues cfg.peers); + peers = + map + (peer: { + allowedIPs = [ "fd42:9c3b:f96d:0201::${peer.id}/128" ]; + publicKey = peer.key; + }) + (attrValues cfg.peers); postSetup = '' wg set wg0 fwmark 51234 ip -6 route add table 2468 fd42:9c3b:f96d::/48 dev ens3 diff --git a/nixos/modules/weechat.nix b/nixos/modules/weechat.nix index 6ff0106..340f64c 100644 --- a/nixos/modules/weechat.nix +++ b/nixos/modules/weechat.nix @@ -1,11 +1,9 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.weechat; in { @@ -36,7 +34,7 @@ in }; }; services.nginx.virtualHosts."weechat.dadada.li" = { - enableACME = true; + useACMEHost = "webchat.dadada.li"; forceSSL = true; root = "${pkgs.nginx}/html"; diff --git a/nixos/modules/yubikey.nix b/nixos/modules/yubikey.nix index 4be4492..3df9499 100644 --- a/nixos/modules/yubikey.nix +++ b/nixos/modules/yubikey.nix @@ -1,11 +1,9 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: -with lib; -let +with lib; let yubikey = config.dadada.yubikey; in { @@ -47,7 +45,8 @@ in #linuxPackages.acpi_call pam_u2f pamtester - yubioath-flutter + yubikey-manager + yubikey-manager-qt ]; }; } diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index d4eed97..8bf36de 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -1,9 +1,4 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: let hostAliases = [ "ifrit.dadada.li" @@ -42,11 +37,6 @@ in }; }; - services.openssh.ports = [ - 22 - 2222 - ]; - dadada.backupClient.bs.enable = false; dadada.backupClient.backup1.enable = false; @@ -67,9 +57,7 @@ in boot.loader.efi.canTouchEfiVariables = true; assertions = lib.singleton { - assertion = - (config.boot.initrd.network.ssh.hostKeys != [ ]) - -> config.boot.loader.supportsInitrdSecrets == true; + assertion = (config.boot.initrd.network.ssh.hostKeys != [ ]) -> config.boot.loader.supportsInitrdSecrets == true; message = "Refusing to store private keys in store"; }; @@ -169,8 +157,8 @@ in }; services.hydra = { - enable = false; - package = pkgs.hydra; + enable = true; + package = pkgs.hydra-unstable; hydraURL = "https://hydra.dadada.li"; notificationSender = "hydra@localhost"; buildMachinesFiles = [ ]; @@ -193,12 +181,7 @@ in { hostName = "localhost"; system = "x86_64-linux"; - supportedFeatures = [ - "kvm" - "nixos-test" - "big-parallel" - "benchmark" - ]; + supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ]; maxJobs = 16; } ]; @@ -242,28 +225,28 @@ in SUBVOLUME = "/home"; TIMELINE_CREATE = true; TIMELINE_CLEANUP = true; - TIMELINE_LIMIT_HOURLY = "24"; - TIMELINE_LIMIT_DAILY = "13"; - TIMELINE_LIMIT_WEEKLY = "6"; - TIMELINE_LIMIT_MONTHLY = "3"; + TIMELINE_LIMIT_HOURLY = 24; + TIMELINE_LIMIT_DAILY = 13; + TIMELINE_LIMIT_WEEKLY = 6; + TIMELINE_LIMIT_MONTHLY = 3; }; configs.var = { SUBVOLUME = "/var"; TIMELINE_CREATE = true; TIMELINE_CLEANUP = true; - TIMELINE_LIMIT_HOURLY = "24"; - TIMELINE_LIMIT_DAILY = "13"; - TIMELINE_LIMIT_WEEKLY = "6"; - TIMELINE_LIMIT_MONTHLY = "3"; + TIMELINE_LIMIT_HOURLY = 24; + TIMELINE_LIMIT_DAILY = 13; + TIMELINE_LIMIT_WEEKLY = 6; + TIMELINE_LIMIT_MONTHLY = 3; }; configs.storage = { SUBVOLUME = "/mnt/storage"; TIMELINE_CREATE = true; TIMELINE_CLEANUP = true; - TIMELINE_LIMIT_HOURLY = "24"; - TIMELINE_LIMIT_DAILY = "13"; - TIMELINE_LIMIT_WEEKLY = "6"; - TIMELINE_LIMIT_MONTHLY = "3"; + TIMELINE_LIMIT_HOURLY = 24; + TIMELINE_LIMIT_DAILY = 13; + TIMELINE_LIMIT_WEEKLY = 6; + TIMELINE_LIMIT_MONTHLY = 3; }; }; @@ -288,56 +271,6 @@ in }; "10-lan" = { matchConfig.Name = "enp*"; - bridge = [ "br0" ]; - }; - "30-wg0" = { - matchConfig.Name = "wg0"; - address = [ - "10.3.3.3/32" - "fd42:9c3b:f96d:121::3/128" - ]; - DHCP = "no"; - networkConfig.IPv6AcceptRA = false; - linkConfig.RequiredForOnline = false; - routes = [ - { - routeConfig = { - Destination = "10.3.3.1/24"; - }; - } - { - routeConfig = { - Destination = "fd42:9c3b:f96d:121::1/64"; - }; - } - ]; - }; - "30-uwu" = { - matchConfig.Name = "uwu"; - address = [ - "10.11.0.39/24" - "fc00:1337:dead:beef::10.11.0.39/128" - ]; - dns = [ "10.11.0.1%uwu#uwu" ]; - domains = [ "uwu" ]; - DHCP = "no"; - networkConfig.IPv6AcceptRA = false; - linkConfig.RequiredForOnline = false; - routes = [ - { - routeConfig = { - Destination = "10.11.0.0/22"; - }; - } - { - routeConfig = { - Destination = "fc00:1337:dead:beef::10.11.0.0/118"; - }; - } - ]; - }; - "20-br0" = { - matchConfig.Name = "br0"; networkConfig.DHCP = "ipv4"; networkConfig.Domains = [ "bs.dadada.li" ]; networkConfig.VLAN = [ ]; @@ -353,14 +286,32 @@ in UseDNS = true; }; }; + "30-wg0" = { + matchConfig.Name = "wg0"; + address = [ "10.3.3.3/32" "fd42:9c3b:f96d:121::3/128" ]; + DHCP = "no"; + networkConfig.IPv6AcceptRA = false; + linkConfig.RequiredForOnline = false; + routes = [ + { routeConfig = { Destination = "10.3.3.1/24"; }; } + { routeConfig = { Destination = "fd42:9c3b:f96d:121::1/64"; }; } + ]; + }; + "30-uwu" = { + matchConfig.Name = "uwu"; + address = [ "10.11.0.39/24" "fc00:1337:dead:beef::10.11.0.39/128" ]; + dns = [ "10.11.0.1%uwu#uwu" ]; + domains = [ "uwu" ]; + DHCP = "no"; + networkConfig.IPv6AcceptRA = false; + linkConfig.RequiredForOnline = false; + routes = [ + { routeConfig = { Destination = "10.11.0.0/22"; }; } + { routeConfig = { Destination = "fc00:1337:dead:beef::10.11.0.0/118"; }; } + ]; + }; }; netdevs = { - "20-br0" = { - netdevConfig = { - Kind = "bridge"; - Name = "br0"; - }; - }; "20-wg0" = { netdevConfig = { Kind = "wireguard"; @@ -374,10 +325,7 @@ in { wireguardPeerConfig = { PublicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY="; - AllowedIPs = [ - "10.3.3.1/32" - "fd42:9c3b:f96d:121::1/128" - ]; + AllowedIPs = [ "10.3.3.1/32" "fd42:9c3b:f96d:121::1/128" ]; PersistentKeepalive = 25; Endpoint = "surgat.dadada.li:51235"; }; @@ -385,10 +333,7 @@ in { wireguardPeerConfig = { PublicKey = "INfv++4R+Kd2jdh/3CooM70ZeeoN6aeU6mo+T4C8gWU="; - AllowedIPs = [ - "10.3.3.2/32" - "fd42:9c3b:f96d:121::2/128" - ]; + AllowedIPs = [ "10.3.3.2/32" "fd42:9c3b:f96d:121::2/128" ]; Endpoint = "192.168.101.1:51235"; }; } @@ -402,21 +347,15 @@ in wireguardConfig = { PrivateKeyFile = config.age.secrets.${uwuPrivKey}.path; }; - wireguardPeers = [ - { - wireguardPeerConfig = { - PublicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; - AllowedIPs = [ - "10.11.0.0/22" - "fc00:1337:dead:beef::10.11.0.0/118" - "192.168.178.0/23" - ]; - PersistentKeepalive = 25; - PresharedKeyFile = config.age.secrets.${uwuPresharedKey}.path; - Endpoint = "53c70r.de:51820"; - }; - } - ]; + wireguardPeers = [{ + wireguardPeerConfig = { + PublicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; + AllowedIPs = [ "10.11.0.0/22" "fc00:1337:dead:beef::10.11.0.0/118" "192.168.178.0/23" ]; + PersistentKeepalive = 25; + PresharedKeyFile = config.age.secrets.${uwuPresharedKey}.path; + Endpoint = "53c70r.de:51820"; + }; + }]; }; }; }; @@ -425,21 +364,16 @@ in enable = true; allowPing = true; allowedTCPPorts = [ - 2222 # SSH + 22 # SSH + 80 # munin web + 631 # Printing ]; allowedUDPPorts = [ + 631 # Printing 51234 # Wireguard 51235 # Wireguard ]; interfaces = { - br0.allowedTCPPorts = [ - 22 # SSH - 80 # munin web - 631 # IPP - ]; - br0.allowedUDPPorts = [ - 631 # IPP - ]; uwu.allowedTCPPorts = [ softServePort ]; @@ -454,6 +388,30 @@ in networking.networkmanager.enable = false; networking.useDHCP = false; + # Desktop things for media playback + + services.xserver.enable = true; + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome = { + enable = true; + extraGSettingsOverridePackages = with pkgs; [ gnome3.gnome-settings-daemon ]; + extraGSettingsOverrides = '' + [org.gnome.desktop.screensaver] + lock-delay=uint32 30 + lock-enabled=true + + [org.gnome.desktop.session] + idle-delay=uint32 0 + + [org.gnome.settings-daemon.plugins.power] + idle-dim=false + power-button-action='interactive' + power-saver-profile-on-low-battery=false + sleep-inactive-ac-type='nothing' + sleep-inactive-battery-type='nothing' + ''; + }; + powerManagement = { enable = true; cpuFreqGovernor = "powersave"; @@ -464,6 +422,15 @@ in # Configure the disks to spin down after 10 min of inactivity. }; + security.rtkit.enable = true; + + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + services.udev.packages = [ (pkgs.writeTextFile { name = "60-hdparm"; @@ -477,10 +444,21 @@ in hardware.pulseaudio.enable = false; environment.systemPackages = with pkgs; [ + firefox + spotify + mpv smartmontools hdparm ]; + users.users."media" = { + isNormalUser = true; + description = "Media playback user"; + extraGroups = [ "users" "video" ]; + # allow anyone with physical access to log in + password = "media"; + }; + users.users."backup-keepassxc" = { home = "/mnt/storage/backups/backup-keepassxc"; isNormalUser = true; diff --git a/nixos/ninurta/hardware-configuration.nix b/nixos/ninurta/hardware-configuration.nix index cd6b64b..8de34e8 100644 --- a/nixos/ninurta/hardware-configuration.nix +++ b/nixos/ninurta/hardware-configuration.nix @@ -1,115 +1,89 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ - config, - lib, - modulesPath, - ... -}: +{ config, lib, modulesPath, ... }: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ - "igc" - "xhci_pci" - "thunderbolt" - "ahci" - "nvme" - "usbhid" - "usb_storage" - "sd_mod" - ]; + boot.initrd.availableKernelModules = [ "igc" "xhci_pci" "thunderbolt" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ "compress=zstd" ]; - }; + fileSystems."/" = + { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ "compress=zstd" ]; + }; boot.initrd.luks.devices."luks".device = "/dev/disk/by-uuid/bac4ee0e-e393-414f-ac3e-1ec20739abae"; - fileSystems."/swap" = { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ - "subvol=swap" - "noatime" - ]; - }; - - fileSystems."/nix" = { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ - "subvol=nix" - "noatime" - "compress=zstd" - ]; - }; - - fileSystems."/var" = { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ - "subvol=var" - "compress=zstd" - ]; - }; - - fileSystems."/home" = { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ - "subvol=home" - "compress=zstd" - ]; - }; - - fileSystems."/root" = { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ - "subvol=root" - "compress=zstd" - ]; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/2E20-49CB"; - fsType = "vfat"; - }; - - swapDevices = [ + fileSystems."/swap" = { - device = "/swap/swapfile"; - size = 32 * 1024; # 32 GByte - } - ]; + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ "subvol=swap" "noatime" ]; + }; - fileSystems."/mnt/storage" = { - device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9"; - fsType = "btrfs"; - options = [ - "subvol=root" - "compress=zstd" - ]; - }; + fileSystems."/nix" = + { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ "subvol=nix" "noatime" "compress=zstd" ]; + }; - fileSystems."/mnt/storage/backups" = { - device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9"; - fsType = "btrfs"; - options = [ - "subvol=backups" - "noatime" - ]; - }; + fileSystems."/var" = + { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ "subvol=var" "compress=zstd" ]; + }; + + fileSystems."/home" = + { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ "subvol=home" "compress=zstd" ]; + }; + + fileSystems."/root" = + { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ "subvol=root" "compress=zstd" ]; + }; + + fileSystems."/boot" = + { + device = "/dev/disk/by-uuid/2E20-49CB"; + fsType = "vfat"; + }; + + swapDevices = [{ + device = "/swap/swapfile"; + size = 32 * 1024; # 32 GByte + }]; + + + fileSystems."/mnt/storage" = + { + device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9"; + fsType = "btrfs"; + options = [ "subvol=root" "compress=zstd" ]; + }; + + + fileSystems."/mnt/storage/backups" = + { + device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9"; + fsType = "btrfs"; + options = [ "subvol=backups" "noatime" ]; + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/nixos/ninurta/monitoring.nix b/nixos/ninurta/monitoring.nix index c8bee05..9a0b983 100644 --- a/nixos/ninurta/monitoring.nix +++ b/nixos/ninurta/monitoring.nix @@ -19,6 +19,9 @@ [surgat] address 10.3.3.1 + + [agares] + address 10.3.3.2 ''; }; services.munin-node.enable = true; diff --git a/nixos/ninurta/printing.nix b/nixos/ninurta/printing.nix index e22c989..6fdbb08 100644 --- a/nixos/ninurta/printing.nix +++ b/nixos/ninurta/printing.nix @@ -32,7 +32,7 @@ drivers = [ pkgs.brlaser ]; # Remove all state at the start of the service stateless = true; - listenAddresses = [ "192.168.101.29:631" ]; + listenAddresses = [ "192.168.101.184:631" "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe:631" ]; allowFrom = [ "from 192.168.101.0/24" ]; browsing = true; defaultShared = true; diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 5cd9596..9a9bc54 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -1,7 +1,6 @@ -{ - config, - pkgs, - ... +{ config +, pkgs +, ... }: let hostName = "surgat"; @@ -43,7 +42,7 @@ in dadada.element.enable = true; dadada.forgejo.enable = true; dadada.miniflux.enable = true; - dadada.weechat.enable = false; + dadada.weechat.enable = true; dadada.homepage.enable = true; dadada.share.enable = true; dadada.backupClient = { @@ -86,29 +85,14 @@ in }; "10-ninurta" = { matchConfig.Name = "ninurta"; - address = [ - "10.3.3.1/32" - "fd42:9c3b:f96d:121::1/128" - ]; + address = [ "10.3.3.1/32" "fd42:9c3b:f96d:121::1/128" ]; DHCP = "no"; networkConfig.IPv6AcceptRA = false; linkConfig.RequiredForOnline = "no"; routes = [ - { - routeConfig = { - Destination = "10.3.3.3/24"; - }; - } - { - routeConfig = { - Destination = "fd42:9c3b:f96d:121::/64"; - }; - } - { - routeConfig = { - Destination = "fd42:9c3b:f96d:101::/64"; - }; - } + { routeConfig = { Destination = "10.3.3.3/24"; }; } + { routeConfig = { Destination = "fd42:9c3b:f96d:121::/64"; }; } + { routeConfig = { Destination = "fd42:9c3b:f96d:101::/64"; }; } ]; }; }; @@ -122,18 +106,12 @@ in PrivateKeyFile = "/var/lib/wireguard/hydra"; ListenPort = 51235; }; - wireguardPeers = [ - { - wireguardPeerConfig = { - PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE="; - AllowedIPs = [ - "10.3.3.3/32" - "fd42:9c3b:f96d:121::3/128" - "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128" - ]; - }; - } - ]; + wireguardPeers = [{ + wireguardPeerConfig = { + PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE="; + AllowedIPs = [ "10.3.3.3/32" "fd42:9c3b:f96d:121::3/128" "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128" ]; + }; + }]; }; }; }; @@ -159,16 +137,16 @@ in boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; - boot.kernelParams = [ - "ip=49.12.3.98::172.31.1.1:255.255.255.255:surgat::dhcp" + swapDevices = [ + { + device = "/var/swapfile"; + size = 4096; + } ]; services.resolved = { enable = true; - fallbackDns = [ - "9.9.9.9" - "2620:fe::fe" - ]; + fallbackDns = [ "9.9.9.9" "2620:fe::fe" ]; }; system.autoUpgrade.allowReboot = false; diff --git a/nixos/surgat/hardware-configuration.nix b/nixos/surgat/hardware-configuration.nix index 8476779..71b7257 100644 --- a/nixos/surgat/hardware-configuration.nix +++ b/nixos/surgat/hardware-configuration.nix @@ -1,25 +1,17 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: -{ +{ config +, lib +, pkgs +, modulesPath +, ... +}: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.initrd.availableKernelModules = [ - "ata_piix" - "virtio_pci" - "xhci_pci" - "sd_mod" - "sr_mod" - ]; + boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; diff --git a/outputs.nix b/outputs.nix index aea7953..8199211 100644 --- a/outputs.nix +++ b/outputs.nix @@ -1,14 +1,16 @@ # Adapted from Mic92/dotfiles -{ - self, - flake-utils, - nixpkgs, - agenix, - devshell, - ... -}@inputs: -(flake-utils.lib.eachDefaultSystem ( - system: +{ self +, flake-utils +, flake-registry +, homepage +, nixpkgs +, home-manager +, nixos-hardware +, agenix +, devshell +, ... +} @ inputs: +(flake-utils.lib.eachDefaultSystem (system: let pkgs = import nixpkgs { inherit system; }; in @@ -26,14 +28,13 @@ in import ./devshell.nix { inherit pkgs extraModules; }; - formatter = pkgs.nixfmt-tree; + formatter = pkgs.nixpkgs-fmt; packages = import ./pkgs { inherit pkgs; } // { installer-iso = self.nixosConfigurations.installer.config.system.build.isoImage; }; - } -)) -// { + })) + // { hmModules = import ./home/modules.nix { lib = nixpkgs.lib; }; diff --git a/overlays.nix b/overlays.nix index ffcd441..bf0588c 100644 --- a/overlays.nix +++ b/overlays.nix @@ -1 +1,23 @@ -{ } +{ + kanboard = final: prev: { + kanboard = prev.kanboard.overrideAttrs (oldAttrs: { + src = prev.fetchFromGitHub { + owner = "kanboard"; + repo = "kanboard"; + rev = "v${oldAttrs.version}"; + sha256 = "sha256-WG2lTPpRG9KQpRdb+cS7CqF4ZDV7JZ8XtNqAI6eVzm0="; + }; + }); + }; + + recipemd = final: prev: { + pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [ + ( + python-final: python-prev: { + recipemd = python-final.callPackage ./pkgs/recipemd.nix { }; + } + ) + ]; + recipemd = prev.python3Packages.toPythonApplication final.python3Packages.recipemd; + }; +} diff --git a/pkgs/default.nix b/pkgs/default.nix index 9fce6e9..c78fe50 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1 +1,2 @@ -{ pkgs }: { } +{ pkgs }: +{ } diff --git a/pkgs/recipemd.nix b/pkgs/recipemd.nix new file mode 100644 index 0000000..4879a9a --- /dev/null +++ b/pkgs/recipemd.nix @@ -0,0 +1,58 @@ +{ lib +, buildPythonPackage +, fetchFromGitHub +, pytestCheckHook +, pythonPackages +, installShellFiles +, pythonOlder +, pythonAtLeast +}: +buildPythonPackage rec { + pname = "recipemd"; + version = "4.0.8"; + + disabled = pythonOlder "3.7" || pythonAtLeast "4"; + + src = fetchFromGitHub { + owner = "tstehr"; + repo = "RecipeMD"; + rev = "v${version}"; + hash = "sha256-eumV2zm7TIJcTPRtWSckYz7jiyH3Ek4nIAVtuJs3sJc="; + }; + + propagatedBuildInputs = with pythonPackages; [ + dataclasses-json + yarl + CommonMark + argcomplete + pyparsing + ]; + + nativeBuildInputs = [ installShellFiles ]; + + postInstall = '' + ${pythonPackages.argcomplete}/bin/register-python-argcomplete -s bash ${pname} > $out/completions.bash + installShellCompletion --bash --name recipemd.bash $out/completions.bash + + ${pythonPackages.argcomplete}/bin/register-python-argcomplete -s fish ${pname} > $out/completions.fish + installShellCompletion --fish --name recipemd.fish $out/completions.fish + + # The version of argcomplete in nixpkgs-stable does not have support for zsh + #${pythonPackages.argcomplete}/bin/register-python-argcomplete -s zsh ${pname} > $out/completions.zsh + #installShellCompletion --zsh --name _recipemd $out/completions.zsh + ''; + + checkInputs = [ + pytestCheckHook + pythonPackages.pytestcov + ]; + + doCheck = true; + + meta = with lib; { + description = "Markdown recipe manager, reference implementation of RecipeMD"; + homepage = "https://recipemd.org"; + license = [ licenses.lgpl3Only ]; + maintainers = [ maintainers.dadada ]; + }; +} diff --git a/secrets/initrd-surgat-ssh_host_ed25519_key.age b/secrets/initrd-surgat-ssh_host_ed25519_key.age deleted file mode 100644 index 32dbcbf..0000000 Binary files a/secrets/initrd-surgat-ssh_host_ed25519_key.age and /dev/null differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 1da186e..7da57e3 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -9,82 +9,29 @@ let surgat = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOJ9UgAle5sX0pAawfRztckVwaQm2U8o0Bawv7cZfXE root@surgat"; }; backupSecrets = hostName: { - "${hostName}-backup-passphrase.age".publicKeys = [ - systems.${hostName} - dadada - ]; - "${hostName}-backup-ssh-key.age".publicKeys = [ - systems.${hostName} - dadada - ]; + "${hostName}-backup-passphrase.age".publicKeys = [ systems.${hostName} dadada ]; + "${hostName}-backup-ssh-key.age".publicKeys = [ systems.${hostName} dadada ]; }; in { - "pruflas-wg0-key.age".publicKeys = [ - systems.ninurta - dadada - ]; - "pruflas-wg0-preshared-key.age".publicKeys = [ - systems.ninurta - dadada - ]; - "pruflas-wg-hydra-key.age".publicKeys = [ - systems.ninurta - dadada - ]; - "hydra-github-authorization.age".publicKeys = [ - systems.ninurta - dadada - ]; - "miniflux-admin-credentials.age".publicKeys = [ - systems.surgat - dadada - ]; - "gorgon-backup-passphrase-gs.age".publicKeys = [ - systems.gorgon - dadada - ]; - "paperless.age".publicKeys = [ - systems.gorgon - dadada - ]; - "initrd-surgat-ssh_host_ed25519_key.age".publicKeys = [ - systems.surgat - dadada - ]; - "surgat-ssh_host_ed25519_key.age".publicKeys = [ - systems.surgat - dadada - ]; - "ninurta-initrd-ssh-key.age".publicKeys = [ - systems.ninurta - dadada - ]; - "ddns-credentials.age".publicKeys = [ - systems.agares - systems.ninurta - dadada - ]; - "etc-ppp-chap-secrets.age".publicKeys = [ - systems.agares - dadada - ]; - "etc-ppp-telekom-secret.age".publicKeys = [ - systems.agares - dadada - ]; - "wg-privkey-vpn-dadada-li.age".publicKeys = [ - systems.agares - dadada - ]; - "agares-wg0-key.age".publicKeys = [ - systems.agares - dadada - ]; -} -// backupSecrets "ninurta" -// backupSecrets "gorgon" -// backupSecrets "ifrit" -// backupSecrets "pruflas" -// backupSecrets "surgat" -// backupSecrets "agares" + "pruflas-wg0-key.age".publicKeys = [ systems.ninurta dadada ]; + "pruflas-wg0-preshared-key.age".publicKeys = [ systems.ninurta dadada ]; + "pruflas-wg-hydra-key.age".publicKeys = [ systems.ninurta dadada ]; + "hydra-github-authorization.age".publicKeys = [ systems.ninurta dadada ]; + "miniflux-admin-credentials.age".publicKeys = [ systems.surgat dadada ]; + "gorgon-backup-passphrase-gs.age".publicKeys = [ systems.gorgon dadada ]; + "paperless.age".publicKeys = [ systems.gorgon dadada ]; + "surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; + "ninurta-initrd-ssh-key.age".publicKeys = [ systems.ninurta dadada ]; + "ddns-credentials.age".publicKeys = [ systems.agares systems.ninurta dadada ]; + "etc-ppp-chap-secrets.age".publicKeys = [ systems.agares dadada ]; + "etc-ppp-telekom-secret.age".publicKeys = [ systems.agares dadada ]; + "wg-privkey-vpn-dadada-li.age".publicKeys = [ systems.agares dadada ]; + "agares-wg0-key.age".publicKeys = [ systems.agares dadada ]; +} // +backupSecrets "ninurta" // +backupSecrets "gorgon" // +backupSecrets "ifrit" // +backupSecrets "pruflas" // +backupSecrets "surgat" // +backupSecrets "agares"