From 2a5ec2e0b45cc6508e808383c428f4f65541dfe4 Mon Sep 17 00:00:00 2001 From: kat witch Date: Thu, 5 Aug 2021 03:21:21 +0100 Subject: [PATCH] Refactors for usability Using ./home.nix and ./nixos.nix as entrypoints for hosts. Using hardware profiles. Using new entrypoints (profiles/base/profiles.nix + profiles/base/home.nix). New modules (for DNS handling, for themeing, ...). Split up deploy-tf.nix into several modules. Renamed common profile to base profile. --- config/hosts/athame/home/default.nix | 1 - config/hosts/athame/home/weechat.nix | 5 - config/hosts/athame/nixos.nix | 108 +++++++++++++ config/hosts/athame/nixos/default.nix | 79 ---------- config/hosts/athame/nixos/hw.nix | 10 -- config/hosts/beltane/home.nix | 1 + config/hosts/beltane/home/default.nix | 1 - .../home/{sway/default.nix => sway.nix} | 6 +- .../beltane/home/{sway => }/swayidle.nix | 8 +- config/hosts/beltane/nixos.nix | 106 +++++++++++++ config/hosts/beltane/nixos/default.nix | 36 ----- config/hosts/beltane/nixos/hw.nix | 45 ------ .../{samhain => beltane}/nixos/jellyfin.nix | 0 .../nixos/transmission.nix | 0 config/hosts/beltane/nixos/virtualhosts.nix | 52 +++++++ .../dummy/{nixos/default.nix => nixos.nix} | 0 config/hosts/samhain/home.nix | 1 + config/hosts/samhain/home/default.nix | 1 - .../home/{sway/default.nix => sway.nix} | 8 +- .../samhain/home/{sway => }/swayidle.nix | 14 +- config/hosts/samhain/nixos.nix | 128 ++++++++++++++++ config/hosts/samhain/nixos/default.nix | 142 ------------------ config/hosts/samhain/nixos/hw.nix | 51 ------- config/hosts/samhain/nixos/virtualhosts.nix | 49 ------ .../hosts/{ => to-do}/mabon/home/default.nix | 0 config/hosts/{ => to-do}/mabon/meta.nix | 0 .../hosts/{ => to-do}/mabon/nixos/default.nix | 0 config/hosts/{ => to-do}/mabon/nixos/hw.nix | 0 .../hosts/{ => to-do}/ostara/home/default.nix | 0 config/hosts/{ => to-do}/ostara/meta.nix | 0 .../{ => to-do}/ostara/nixos/default.nix | 0 config/hosts/{ => to-do}/ostara/nixos/hw.nix | 0 config/hosts/yule/home.nix | 1 + config/hosts/yule/home/default.nix | 1 - .../yule/home/{sway/default.nix => sway.nix} | 8 +- .../hosts/yule/home/{sway => }/swayidle.nix | 6 +- config/hosts/yule/nixos.nix | 91 +++++++++++ config/hosts/yule/nixos/default.nix | 52 ------- config/hosts/yule/nixos/hw.nix | 35 ----- config/modules/home/default.nix | 4 +- .../home/{deploy-tf.nix => deploy.nix} | 5 + config/modules/home/fvwm.nix | 9 ++ config/modules/home/theme.nix | 31 ++++ config/modules/home/vim.nix | 7 + config/modules/meta/deploy.nix | 14 +- config/modules/meta/network.nix | 12 +- config/modules/nixos/default.nix | 12 +- .../nixos/{deploy-tf.nix => deploy.nix} | 24 ++- config/modules/nixos/dns.nix | 49 ++++++ config/modules/nixos/dyndns.nix | 63 ++++++++ .../{fw-abstraction.nix => firewall.nix} | 0 config/modules/nixos/yggdrasil.nix | 27 ++++ config/nixos.nix | 52 ------- config/profiles/{common => base}/access.nix | 2 + config/profiles/{common => base}/base16.nix | 0 config/profiles/{common => base}/default.nix | 4 +- config/profiles/base/home.nix | 23 +++ config/profiles/{common => base}/locale.nix | 0 config/profiles/{common => base}/net.nix | 0 config/profiles/{common => base}/nix.nix | 3 + config/profiles/{common => base}/packages.nix | 0 config/profiles/base/profiles.nix | 49 ++++++ config/profiles/{common => base}/secrets.nix | 0 config/profiles/{common => base}/ssh.nix | 3 + config/profiles/base/system.nix | 16 ++ config/profiles/common/system.nix | 9 -- config/profiles/fvwm/default.nix | 7 - config/profiles/fvwm/fvwm.nix | 10 -- config/profiles/gui/default.nix | 9 +- config/profiles/gui/filesystems.nix | 5 + config/profiles/gui/fvwm.nix | 14 ++ config/profiles/gui/nfs.nix | 12 +- config/profiles/gui/sway.nix | 10 ++ .../gui/{firefox.nix => xdg-portals.nix} | 2 - config/profiles/hardware/amdgpu/default.nix | 8 + config/profiles/hardware/default.nix | 30 ++++ .../hardware/hcloud-imperative/default.nix | 14 ++ config/profiles/hardware/intel/default.nix | 13 ++ config/profiles/hardware/ms-7b86/default.nix | 33 ++++ config/profiles/hardware/rm-310/default.nix | 14 ++ config/profiles/hardware/ryzen/default.nix | 26 ++++ .../profiles/hardware/v330-14arr/default.nix | 15 ++ config/profiles/sway/default.nix | 7 - config/profiles/sway/sway.nix | 8 - config/profiles/vfio/default.nix | 9 ++ config/services/gitea/default.nix | 34 +++-- config/services/grafana.nix | 10 +- config/services/logrotate.nix | 7 - config/services/mail.nix | 67 ++------- config/services/matrix.nix | 16 +- config/services/murmur.nix | 28 ++-- config/services/netdata.nix | 4 +- config/services/nginx.nix | 2 +- config/services/prometheus.nix | 8 +- config/services/promtail.nix | 2 +- .../services/{calendar.nix => radicale.nix} | 9 +- config/services/syncplay.nix | 24 +-- config/services/vaultwarden.nix | 10 +- config/services/weechat.nix | 8 +- config/services/xmpp.nix | 69 +++++---- config/users/kairi/gui/firefox/default.nix | 1 - config/users/kat/base.nix | 2 +- config/users/kat/base/vim/vimrc.nix | 2 +- config/users/kat/gui/default.nix | 6 +- config/users/kat/gui/fonts.nix | 5 + config/users/kat/gui/foot.nix | 8 +- config/users/kat/gui/kitty.nix | 35 ----- config/users/kat/gui/wezterm.nix | 42 ------ config/users/kat/sway/default.nix | 2 - config/users/kat/sway/mako.nix | 8 +- config/users/kat/sway/sway.nix | 15 +- config/users/kat/sway/waybar/default.nix | 16 +- default.nix | 6 +- pkgs/lib/host-import.nix | 6 +- 114 files changed, 1209 insertions(+), 953 deletions(-) delete mode 100644 config/hosts/athame/home/default.nix delete mode 100644 config/hosts/athame/home/weechat.nix create mode 100644 config/hosts/athame/nixos.nix delete mode 100644 config/hosts/athame/nixos/default.nix delete mode 100644 config/hosts/athame/nixos/hw.nix create mode 100644 config/hosts/beltane/home.nix delete mode 100644 config/hosts/beltane/home/default.nix rename config/hosts/beltane/home/{sway/default.nix => sway.nix} (89%) rename config/hosts/beltane/home/{sway => }/swayidle.nix (81%) create mode 100644 config/hosts/beltane/nixos.nix delete mode 100644 config/hosts/beltane/nixos/default.nix delete mode 100644 config/hosts/beltane/nixos/hw.nix rename config/hosts/{samhain => beltane}/nixos/jellyfin.nix (100%) rename config/hosts/{samhain => beltane}/nixos/transmission.nix (100%) create mode 100644 config/hosts/beltane/nixos/virtualhosts.nix rename config/hosts/dummy/{nixos/default.nix => nixos.nix} (100%) create mode 100644 config/hosts/samhain/home.nix delete mode 100644 config/hosts/samhain/home/default.nix rename config/hosts/samhain/home/{sway/default.nix => sway.nix} (89%) rename config/hosts/samhain/home/{sway => }/swayidle.nix (59%) create mode 100644 config/hosts/samhain/nixos.nix delete mode 100644 config/hosts/samhain/nixos/default.nix delete mode 100644 config/hosts/samhain/nixos/hw.nix rename config/hosts/{ => to-do}/mabon/home/default.nix (100%) rename config/hosts/{ => to-do}/mabon/meta.nix (100%) rename config/hosts/{ => to-do}/mabon/nixos/default.nix (100%) rename config/hosts/{ => to-do}/mabon/nixos/hw.nix (100%) rename config/hosts/{ => to-do}/ostara/home/default.nix (100%) rename config/hosts/{ => to-do}/ostara/meta.nix (100%) rename config/hosts/{ => to-do}/ostara/nixos/default.nix (100%) rename config/hosts/{ => to-do}/ostara/nixos/hw.nix (100%) create mode 100644 config/hosts/yule/home.nix delete mode 100644 config/hosts/yule/home/default.nix rename config/hosts/yule/home/{sway/default.nix => sway.nix} (89%) rename config/hosts/yule/home/{sway => }/swayidle.nix (86%) create mode 100644 config/hosts/yule/nixos.nix delete mode 100644 config/hosts/yule/nixos/default.nix delete mode 100644 config/hosts/yule/nixos/hw.nix rename config/modules/home/{deploy-tf.nix => deploy.nix} (90%) create mode 100644 config/modules/home/fvwm.nix create mode 100644 config/modules/home/theme.nix rename config/modules/nixos/{deploy-tf.nix => deploy.nix} (79%) create mode 100644 config/modules/nixos/dns.nix create mode 100644 config/modules/nixos/dyndns.nix rename config/modules/nixos/{fw-abstraction.nix => firewall.nix} (100%) create mode 100644 config/modules/nixos/yggdrasil.nix delete mode 100644 config/nixos.nix rename config/profiles/{common => base}/access.nix (74%) rename config/profiles/{common => base}/base16.nix (100%) rename config/profiles/{common => base}/default.nix (80%) create mode 100644 config/profiles/base/home.nix rename config/profiles/{common => base}/locale.nix (100%) rename config/profiles/{common => base}/net.nix (100%) rename config/profiles/{common => base}/nix.nix (92%) rename config/profiles/{common => base}/packages.nix (100%) create mode 100644 config/profiles/base/profiles.nix rename config/profiles/{common => base}/secrets.nix (100%) rename config/profiles/{common => base}/ssh.nix (87%) create mode 100644 config/profiles/base/system.nix delete mode 100644 config/profiles/common/system.nix delete mode 100644 config/profiles/fvwm/default.nix delete mode 100644 config/profiles/fvwm/fvwm.nix create mode 100644 config/profiles/gui/filesystems.nix create mode 100644 config/profiles/gui/fvwm.nix create mode 100644 config/profiles/gui/sway.nix rename config/profiles/gui/{firefox.nix => xdg-portals.nix} (80%) create mode 100644 config/profiles/hardware/amdgpu/default.nix create mode 100644 config/profiles/hardware/default.nix create mode 100644 config/profiles/hardware/hcloud-imperative/default.nix create mode 100644 config/profiles/hardware/intel/default.nix create mode 100644 config/profiles/hardware/ms-7b86/default.nix create mode 100644 config/profiles/hardware/rm-310/default.nix create mode 100644 config/profiles/hardware/ryzen/default.nix create mode 100644 config/profiles/hardware/v330-14arr/default.nix delete mode 100644 config/profiles/sway/default.nix delete mode 100644 config/profiles/sway/sway.nix create mode 100644 config/profiles/vfio/default.nix rename config/services/{calendar.nix => radicale.nix} (82%) create mode 100644 config/users/kat/gui/fonts.nix delete mode 100644 config/users/kat/gui/kitty.nix delete mode 100644 config/users/kat/gui/wezterm.nix diff --git a/config/hosts/athame/home/default.nix b/config/hosts/athame/home/default.nix deleted file mode 100644 index 4c432604..00000000 --- a/config/hosts/athame/home/default.nix +++ /dev/null @@ -1 +0,0 @@ -{ ... }: { imports = [ ./weechat.nix ]; } diff --git a/config/hosts/athame/home/weechat.nix b/config/hosts/athame/home/weechat.nix deleted file mode 100644 index bbdcdebe..00000000 --- a/config/hosts/athame/home/weechat.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - programs.weechat = { enable = true; }; -} diff --git a/config/hosts/athame/nixos.nix b/config/hosts/athame/nixos.nix new file mode 100644 index 00000000..2c7b2f37 --- /dev/null +++ b/config/hosts/athame/nixos.nix @@ -0,0 +1,108 @@ +{ config, users, lib, pkgs, profiles, ... }: + +with lib; + +{ + # Imports + + imports = [ + # profiles + profiles.hardware.hcloud-imperative + users.kat.server + # host-specific services + ./nixos/virtualhosts.nix + # services + ../../services/fail2ban.nix + ../../services/logrotate.nix + ../../services/postgres.nix + ../../services/nginx.nix + ../../services/mail.nix + ../../services/radicale.nix + ../../services/xmpp.nix + ../../services/gitea + ../../services/syncplay.nix + ../../services/weechat.nix + ../../services/vaultwarden.nix + ../../services/taskserver.nix + ../../services/murmur.nix + ../../services/matrix.nix + ../../services/restic.nix + ../../services/grafana.nix + ../../services/prometheus.nix + ../../services/loki.nix + ../../services/node-exporter.nix + ../../services/promtail.nix + ../../services/netdata.nix + ../../services/znc.nix + ../../services/asterisk.nix + ]; + + # File Systems and Swap + + fileSystems = { + "/" = { + device = "/dev/sda1"; + fsType = "ext4"; + }; + }; + + # Bootloader + + boot.loader.grub = { + enable = true; + version = 2; + device = "/dev/sda"; + }; + + + # Networking + + networking = { + hostName = "athame"; + domain = "kittywit.ch"; + hostId = "7b0ac74e"; + useDHCP = false; + interfaces = { + enp1s0 = { + useDHCP = true; + ipv6.addresses = [{ + address = "2a01:4f8:c2c:b7a8::1"; + prefixLength = 64; + }]; + }; + }; + defaultGateway6 = { + address = "fe80::1"; + interface = "enp1s0"; + }; + }; + + # Firewall + + kw.fw.public.interfaces = singleton "enp1s0"; + kw.fw.private.interfaces = singleton "yggdrasil"; + + # Host-specific DNS Config + + kw.dns.ipv4 = "168.119.126.111"; + kw.dns.ipv6 = (lib.head config.networking.interfaces.enp1s0.ipv6.addresses).address; + + deploy.tf.dns.records.kittywitch_athame_v6 = { + tld = "kittywit.ch."; + domain = "athame"; + aaaa.address = config.kw.dns.ipv6; + }; + + # Yggdrasil + + network.yggdrasil = { + enable = true; + pubkey = "55e3f29c252d16e73ac849a6039824f94df1dee670c030b9e29f90584f935575"; + listen.enable = true; + listen.endpoints = [ "tcp://${config.kw.dns.ipv4}:52969" ]; + }; + + # State + system.stateVersion = "20.09"; +} + diff --git a/config/hosts/athame/nixos/default.nix b/config/hosts/athame/nixos/default.nix deleted file mode 100644 index b37f7654..00000000 --- a/config/hosts/athame/nixos/default.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ config, users, lib, pkgs, profiles, ... }: - -with lib; - -{ - imports = [ - ./hw.nix - # profiles - users.kat.server - # host-specific services - ./virtualhosts.nix - # services - ../../../services/fail2ban.nix - ../../../services/logrotate.nix - ../../../services/postgres.nix - ../../../services/nginx.nix - ../../../services/mail.nix - ../../../services/calendar.nix - ../../../services/xmpp.nix - ../../../services/gitea - ../../../services/syncplay.nix - ../../../services/weechat.nix - ../../../services/vaultwarden.nix - ../../../services/taskserver.nix - ../../../services/murmur.nix - ../../../services/matrix.nix - ../../../services/restic.nix - ../../../services/grafana.nix - ../../../services/prometheus.nix - ../../../services/loki.nix - ../../../services/node-exporter.nix - ../../../services/promtail.nix - ../../../services/netdata.nix - ../../../services/znc.nix - ../../../services/asterisk.nix - ]; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - - networking = { - hostName = "athame"; - domain = "kittywit.ch"; - hostId = "7b0ac74e"; - useDHCP = false; - interfaces.enp1s0.useDHCP = true; - }; - - networking.interfaces.enp1s0.ipv6.addresses = [{ - address = "2a01:4f8:c2c:b7a8::1"; - prefixLength = 64; - }]; - - networking.defaultGateway6 = { - address = "fe80::1"; - interface = "enp1s0"; - }; - - kw.fw.public.interfaces = singleton "enp1s0"; - kw.fw.private.interfaces = singleton "yggdrasil"; - - kw.fw.public.tcp.ports = singleton 52969; - - deploy.tf.dns.records.kittywitch_athame_v6 = { - tld = "kittywit.ch."; - domain = "athame"; - aaaa.address = - (lib.head config.networking.interfaces.enp1s0.ipv6.addresses).address; - }; - - network.yggdrasil = { - enable = true; - pubkey = "55e3f29c252d16e73ac849a6039824f94df1dee670c030b9e29f90584f935575"; - listen.enable = true; - listen.endpoints = [ "tcp://168.119.126.111:52969" ]; - }; - system.stateVersion = "20.09"; -} - diff --git a/config/hosts/athame/nixos/hw.nix b/config/hosts/athame/nixos/hw.nix deleted file mode 100644 index 24193e6f..00000000 --- a/config/hosts/athame/nixos/hw.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ sources, ... }: { - imports = [ (sources.nixpkgs + "/nixos/modules/profiles/qemu-guest.nix") ]; - boot.initrd.availableKernelModules = - [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; - boot.loader.grub.device = "/dev/sda"; - fileSystems."/" = { - device = "/dev/sda1"; - fsType = "ext4"; - }; -} diff --git a/config/hosts/beltane/home.nix b/config/hosts/beltane/home.nix new file mode 100644 index 00000000..9241afe3 --- /dev/null +++ b/config/hosts/beltane/home.nix @@ -0,0 +1 @@ +{ ... }: { imports = [ ./home/sway.nix ]; } diff --git a/config/hosts/beltane/home/default.nix b/config/hosts/beltane/home/default.nix deleted file mode 100644 index 3fbabbc7..00000000 --- a/config/hosts/beltane/home/default.nix +++ /dev/null @@ -1 +0,0 @@ -{ ... }: { imports = [ ./sway ]; } diff --git a/config/hosts/beltane/home/sway/default.nix b/config/hosts/beltane/home/sway.nix similarity index 89% rename from config/hosts/beltane/home/sway/default.nix rename to config/hosts/beltane/home/sway.nix index aa2895f2..5cbc5016 100644 --- a/config/hosts/beltane/home/sway/default.nix +++ b/config/hosts/beltane/home/sway.nix @@ -1,4 +1,6 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: + +with lib; { imports = [ ./swayidle.nix ]; @@ -6,7 +8,7 @@ wayland.windowManager.sway = { config = let - lockCommand = "swaylock -i VGA-1:${../../../../users/kat/sway/wallpapers/main.png} -s fill"; + lockCommand = "swaylock -i VGA-1:${builtins.elemAt config.kw.wallpapers 0} -s fill"; cfg = config.wayland.windowManager.sway.config; in { diff --git a/config/hosts/beltane/home/sway/swayidle.nix b/config/hosts/beltane/home/swayidle.nix similarity index 81% rename from config/hosts/beltane/home/sway/swayidle.nix rename to config/hosts/beltane/home/swayidle.nix index 8cb9152b..290a0aae 100644 --- a/config/hosts/beltane/home/sway/swayidle.nix +++ b/config/hosts/beltane/home/swayidle.nix @@ -11,14 +11,10 @@ Type = "simple"; ExecStart = '' ${pkgs.swayidle}/bin/swayidle -w \ - timeout 300 '${pkgs.swaylock}/bin/swaylock -f -i VGA-1:${ - ../../../../users/kat/sway/wallpapers/main.png - } \ + timeout 300 '${pkgs.swaylock}/bin/swaylock -f -i VGA-1:${builtins.elemAt config.kw.wallpapers 0} \ timeout 600 'swaymsg "output * dpms off"' \ resume 'swaymsg "output * dpms on"' \ - before-sleep '${pkgs.swaylock}/bin/swaylock -f -i VGA-1:${ - ../../../../users/kat/sway/wallpapers/main.png - }' + before-sleep '${pkgs.swaylock}/bin/swaylock -f -i VGA-1:${builtins.elemAt config.kw.wallpapers 0}' ''; RestartSec = 3; Restart = "always"; diff --git a/config/hosts/beltane/nixos.nix b/config/hosts/beltane/nixos.nix new file mode 100644 index 00000000..58815d4d --- /dev/null +++ b/config/hosts/beltane/nixos.nix @@ -0,0 +1,106 @@ +{ config, lib, pkgs, profiles, users, tf, ... }: + +with lib; + +{ + # Imports + + imports = [ + profiles.hardware.rm-310 + profiles.gui + users.kat.guiFull + ./nixos/jellyfin.nix + ./nixos/virtualhosts.nix + ./nixos/transmission.nix + ../../services/node-exporter.nix + ../../services/promtail.nix + ../../services/netdata.nix + ../../services/nginx.nix + ../../services/zfs.nix + ]; + + home-manager.users.kat = { + imports = [ + ./home.nix + ]; + }; + + # File Systems and Swap + + boot.supportedFilesystems = singleton "zfs"; + + fileSystems = { + "/" = { + device = "zroot/safe/root"; + fsType = "zfs"; + }; + "/nix" = { + device = "zroot/local/nix"; + fsType = "zfs"; + }; + "/home" = { + device = "zroot/safe/home"; + fsType = "zfs"; + }; + "/boot" = { + device = "/dev/disk/by-uuid/44CC-7137"; + fsType = "vfat"; + }; + "/boot-fallback" = { + device = "/dev/disk/by-uuid/4520-4E5F"; + fsType = "vfat"; + }; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/682df001-bad8-4d94-a86b-9068ce5eee4c"; } + { device = "/dev/disk/by-uuid/1ee2d322-235c-41de-b272-7ceded4e2624"; } + ]; + + # Bootloader + + boot.loader = { + efi.canTouchEfiVariables = true; + grub = { + enable = true; + efiSupport = true; + device = "nodev"; + mirroredBoots = [ + { + devices = [ "/dev/disk/by-uuid/4520-4E5F" ]; + path = "/boot-fallback"; + } + ]; + }; + }; + + # Networking + + networking = { + hostName = "beltane"; + hostId = "3ef9a419"; + useDHCP = false; + interfaces.eno1.useDHCP = true; + }; + + # Firewall + + kw.fw.private.interfaces = singleton "yggdrasil"; + kw.fw.public.interfaces = singleton "eno1"; + + # Yggdrasil + + network.yggdrasil = { + enable = true; + pubkey = "d3e488574367056d3ae809b678f799c29ebfd5c7151bb1f4051775b3953e5f52"; + # if server, enable this and set endpoint: + listen.enable = false; + listen.endpoints = [ "tcp://0.0.0.0:0" ]; + }; + + # State + + system.stateVersion = "21.05"; + +} + diff --git a/config/hosts/beltane/nixos/default.nix b/config/hosts/beltane/nixos/default.nix deleted file mode 100644 index d4321d8d..00000000 --- a/config/hosts/beltane/nixos/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ config, pkgs, profiles, users, tf, ... }: - -{ - imports = [ - ./hw.nix - profiles.gui - profiles.sway - users.kat.guiFull - ../../../services/zfs.nix - ]; - - home-manager.users.kat = { - imports = [ - ../home - ]; - }; - - boot.loader.grub.enable = true; - boot.loader.grub.efiSupport = true; - boot.loader.grub.device = "nodev"; - boot.loader.grub.mirroredBoots = [ - { devices = [ "/dev/disk/by-uuid/4520-4E5F" ]; - path = "/boot-fallback"; } - ]; - boot.supportedFilesystems = [ "zfs" ]; - boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "beltane"; - networking.hostId = "3ef9a419"; - - networking.useDHCP = false; - networking.interfaces.eno1.useDHCP = true; - - system.stateVersion = "21.05"; - -} - diff --git a/config/hosts/beltane/nixos/hw.nix b/config/hosts/beltane/nixos/hw.nix deleted file mode 100644 index fbce1d4a..00000000 --- a/config/hosts/beltane/nixos/hw.nix +++ /dev/null @@ -1,45 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "ata_generic" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "zroot/safe/root"; - fsType = "zfs"; - }; - - fileSystems."/nix" = - { device = "zroot/local/nix"; - fsType = "zfs"; - }; - - fileSystems."/home" = - { device = "zroot/safe/home"; - fsType = "zfs"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/44CC-7137"; - fsType = "vfat"; - }; - - fileSystems."/boot-fallback" = - { device = "/dev/disk/by-uuid/4520-4E5F"; - fsType = "vfat"; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/682df001-bad8-4d94-a86b-9068ce5eee4c"; } - { device = "/dev/disk/by-uuid/1ee2d322-235c-41de-b272-7ceded4e2624"; } - ]; - } diff --git a/config/hosts/samhain/nixos/jellyfin.nix b/config/hosts/beltane/nixos/jellyfin.nix similarity index 100% rename from config/hosts/samhain/nixos/jellyfin.nix rename to config/hosts/beltane/nixos/jellyfin.nix diff --git a/config/hosts/samhain/nixos/transmission.nix b/config/hosts/beltane/nixos/transmission.nix similarity index 100% rename from config/hosts/samhain/nixos/transmission.nix rename to config/hosts/beltane/nixos/transmission.nix diff --git a/config/hosts/beltane/nixos/virtualhosts.nix b/config/hosts/beltane/nixos/virtualhosts.nix new file mode 100644 index 00000000..d250515e --- /dev/null +++ b/config/hosts/beltane/nixos/virtualhosts.nix @@ -0,0 +1,52 @@ +{ config, ... }: + +{ + services.nginx.virtualHosts = { + "beltane.net.kittywit.ch" = { + useACMEHost = "beltane.net.kittywit.ch"; + forceSSL = true; + locations = { + "/jellyfin/".proxyPass = "http://127.0.0.1:8096/jellyfin/"; + "/jellyfin/socket" = { + proxyPass = "http://127.0.0.1:8096/jellyfin/"; + extraConfig = '' + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + ''; + }; + "/tvheadend/".proxyPass = "http://192.168.1.245:9981"; + "/" = { + root = "/mnt/zraw/media/"; + extraConfig = "autoindex on;"; + }; + "/transmission" = { + proxyPass = "http://[::1]:9091"; + extraConfig = "proxy_pass_header X-Transmission-Session-Id;"; + }; + }; + }; + "192.168.1.223" = { + locations = { + "/jellyfin/".proxyPass = "http://127.0.0.1:8096/jellyfin/"; + "/jellyfin/socket" = { + proxyPass = "http://127.0.0.1:8096/jellyfin/"; + extraConfig = '' + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + ''; + }; + + "/share/" = { + alias = "/mnt/zraw/media/"; + extraConfig = "autoindex on;"; + }; + }; + }; + "100.103.111.44" = { + locations."/share/" = { + alias = "/mnt/zraw/media/"; + extraConfig = "autoindex on;"; + }; + }; + }; +} diff --git a/config/hosts/dummy/nixos/default.nix b/config/hosts/dummy/nixos.nix similarity index 100% rename from config/hosts/dummy/nixos/default.nix rename to config/hosts/dummy/nixos.nix diff --git a/config/hosts/samhain/home.nix b/config/hosts/samhain/home.nix new file mode 100644 index 00000000..9241afe3 --- /dev/null +++ b/config/hosts/samhain/home.nix @@ -0,0 +1 @@ +{ ... }: { imports = [ ./home/sway.nix ]; } diff --git a/config/hosts/samhain/home/default.nix b/config/hosts/samhain/home/default.nix deleted file mode 100644 index 3fbabbc7..00000000 --- a/config/hosts/samhain/home/default.nix +++ /dev/null @@ -1 +0,0 @@ -{ ... }: { imports = [ ./sway ]; } diff --git a/config/hosts/samhain/home/sway/default.nix b/config/hosts/samhain/home/sway.nix similarity index 89% rename from config/hosts/samhain/home/sway/default.nix rename to config/hosts/samhain/home/sway.nix index f5d40d57..c2d7aa33 100644 --- a/config/hosts/samhain/home/sway/default.nix +++ b/config/hosts/samhain/home/sway.nix @@ -1,4 +1,6 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: + +with lib; { imports = [ ./swayidle.nix ]; @@ -6,9 +8,7 @@ wayland.windowManager.sway = { config = let - lockCommand = "swaylock -i HDMI-A-1:${../../../../users/kat/sway/wallpapers/main.png} -i DP-1:${ - ../../../../users/kat/sway/wallpapers/left.jpg - } -i DVI-D-1:${../../../../users/kat/sway/wallpapers/right.jpg} -s fill"; + lockCommand = "swaylock -i HDMI-A-1:${builtins.elemAt config.kw.wallpapers 0} -i DP-1:${builtins.elemAt config.kw.wallpapers 1} -i DVI-D-1:${builtins.elemAt config.kw.wallpapers 2} -s fill"; cfg = config.wayland.windowManager.sway.config; in { diff --git a/config/hosts/samhain/home/sway/swayidle.nix b/config/hosts/samhain/home/swayidle.nix similarity index 59% rename from config/hosts/samhain/home/sway/swayidle.nix rename to config/hosts/samhain/home/swayidle.nix index 084a6730..34cb61f9 100644 --- a/config/hosts/samhain/home/sway/swayidle.nix +++ b/config/hosts/samhain/home/swayidle.nix @@ -1,5 +1,7 @@ { config, pkgs, lib, ... }: +with lib; + { systemd.user.services.swayidle = { Unit = { @@ -11,18 +13,10 @@ Type = "simple"; ExecStart = '' ${pkgs.swayidle}/bin/swayidle -w \ - timeout 300 '${pkgs.swaylock}/bin/swaylock -f -i HDMI-A-1:${ - ../../../../users/kat/sway/wallpapers/main.png - } -i DP-1:${../../../../users/kat/sway/wallpapers/left.jpg} -i DVI-D-1:${ - ../../../../users/kat/sway/wallpapers/right.jpg - }' \ + timeout 300 '${pkgs.swaylock}/bin/swaylock -f -i HDMI-A-1:${builtins.elemAt config.kw.wallpapers 0} -i DP-1:${builtins.elemAt config.kw.wallpapers 1} -i DVI-D-1:${builtins.elemAt config.kw.wallpapers 2}' \ timeout 600 'swaymsg "output * dpms off"' \ resume 'swaymsg "output * dpms on"' \ - before-sleep '${pkgs.swaylock}/bin/swaylock -f -i HDMI-A-1:${ - ../../../../users/kat/sway/wallpapers/main.png - } -i DP-1:${../../../../users/kat/sway/wallpapers/left.jpg} -i DVI-D-1:${ - ../../../../users/kat/sway/wallpapers/right.jpg - }' + before-sleep '${pkgs.swaylock}/bin/swaylock -f -i HDMI-A-1:${builtins.elemAt config.kw.wallpapers 0} -i DP-1:${builtins.elemAt config.kw.wallpapers 1} -i DVI-D-1:${builtins.elemAt config.kw.wallpapers 2}' ''; RestartSec = 3; Restart = "always"; diff --git a/config/hosts/samhain/nixos.nix b/config/hosts/samhain/nixos.nix new file mode 100644 index 00000000..bb3e2e45 --- /dev/null +++ b/config/hosts/samhain/nixos.nix @@ -0,0 +1,128 @@ +{ tf, config, users, pkgs, lib, profiles, sources, ... }: + +with lib; + +let + hexchen = (import sources.hexchen) { }; + hexYgg = filterAttrs (_: c: c.enable) + (mapAttrs (_: host: host.config.network.yggdrasil) hexchen.hosts); +in { + # Imports + + imports = [ + profiles.hardware.ms-7b86 + profiles.gui + users.kat.guiFull + ../../services/zfs.nix + ../../services/restic.nix + ../../services/nginx.nix + ../../services/node-exporter.nix + ../../services/promtail.nix + ../../services/netdata.nix + ./nixos/virtualhosts.nix + ]; + + home-manager.users.kat = { + imports = [ + ./home.nix + ]; + }; + + # File Systems and Swap + + boot.supportedFilesystems = [ "zfs" "xfs" ]; + + fileSystems = { + "/" = { + device = "rpool/safe/root"; + fsType = "zfs"; + }; + "/nix" = { + device = "rpool/local/nix"; + fsType = "zfs"; + }; + "/home" = { + device = "rpool/safe/home"; + fsType = "zfs"; + }; + "/boot" = { + device = "/dev/disk/by-uuid/AED6-D0D1"; + fsType = "vfat"; + }; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/89831a0f-93e6-4d30-85e4-09061259f140"; } + { device = "/dev/disk/by-uuid/8f944315-fe1c-4095-90ce-50af03dd5e3f"; } + ]; + + # Bootloader + + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + + # Hardware + + hardware.openrazer = { + enable = true; + }; + environment.systemPackages = [ pkgs.razergenie ]; + + # Networking + + networking = { + hostName = "samhain"; + hostId = "617050fc"; + useDHCP = false; + useNetworkd = true; + firewall.allowPing = true; + }; + + systemd.network = { + networks.enp34s0 = { + matchConfig.Name = "enp34s0"; + bridge = singleton "br"; + }; + networks.br = { + matchConfig.Name = "br"; + address = [ "192.168.1.135/24" ]; + gateway = [ "192.168.1.254" ]; + }; + netdevs.br = { + netdevConfig = { + Name = "br"; + Kind = "bridge"; + MACAddress = "00:d8:61:c7:f4:9d"; + }; + }; + }; + + services.avahi.enable = true; + + # Firewall + + kw.fw.private.interfaces = singleton "yggdrasil"; + kw.fw.public.interfaces = singleton "br"; + kw.fw.private.tcp.ports = [ 10445 ]; # VM Prometheus + + # Host-specific DNS Config + + kw.dns.dynamic = true; + + # Yggdrasil + + network.yggdrasil = { + enable = true; + pubkey = "a7110d0a1dc9ec963d6eb37bb6922838b8088b53932eae727a9136482ce45d47"; + # if server, enable this and set endpoint: + listen.enable = false; + listen.endpoints = [ "tcp://0.0.0.0:0" ]; + }; + + # State + + system.stateVersion = "20.09"; +} + diff --git a/config/hosts/samhain/nixos/default.nix b/config/hosts/samhain/nixos/default.nix deleted file mode 100644 index 5bf6389d..00000000 --- a/config/hosts/samhain/nixos/default.nix +++ /dev/null @@ -1,142 +0,0 @@ -{ tf, config, users, pkgs, lib, profiles, sources, ... }: - -with lib; - -let - hexchen = (import sources.hexchen) { }; - hexYgg = filterAttrs (_: c: c.enable) - (mapAttrs (_: host: host.config.network.yggdrasil) hexchen.hosts); -in -{ - imports = [ - ./hw.nix - profiles.gui - profiles.sway - users.kat.guiFull - ../../../services/zfs.nix - ../../../services/restic.nix - ../../../services/nginx.nix - ../../../services/node-exporter.nix - ../../../services/promtail.nix - ../../../services/netdata.nix - ./transmission.nix - ./jellyfin.nix - ./virtualhosts.nix - ]; - - home-manager.users.kat = { - imports = [ - ../home - ]; - }; - - deploy.tf.variables.dyn_username = { - type = "string"; - value.shellCommand = "bitw get infra/hexdns-dynamic -f username"; - }; - - deploy.tf.variables.dyn_password = { - type = "string"; - value.shellCommand = "bitw get infra/hexdns-dynamic -f password"; - }; - - deploy.tf.variables.dyn_hostname = { - type = "string"; - value.shellCommand = "bitw get infra/hexdns-dynamic -f hostname"; - }; - - security.acme.certs."samhain.net.kittywit.ch" = { - domain = "samhain.net.kittywit.ch"; - dnsProvider = "rfc2136"; - credentialsFile = config.secrets.files.dns_creds.path; - group = "nginx"; - }; - - secrets.files.kat-glauca-dns = { - text = '' - user="${tf.variables.dyn_username.ref}" - pass="${tf.variables.dyn_password.ref}" - hostname="${tf.variables.dyn_hostname.ref}" - ''; - owner = "kat"; - group = "users"; - }; - - systemd.services.kat-glauca-dns = { - serviceConfig = { - ExecStart = "${pkgs.kat-glauca-dns}/bin/kat-glauca-dns"; - }; - environment = { passFile = config.secrets.files.kat-glauca-dns.path; }; - wantedBy = [ "default.target" ]; - }; - - #hardware.ckb-next = { - # enable = true; - # package = pkgs.ckb-next; - #}; - - kw.fw.private.interfaces = singleton "yggdrasil"; - kw.fw.public.interfaces = singleton "br"; - - hardware.openrazer = { - enable = true; - }; - - kw.fw.private.tcp.ports = [ 10445 ]; - - systemd.timers.kat-glauca-dns = { - timerConfig = { - Unit = "kat-glauca-dns.service"; - OnBootSec = "5m"; - OnUnitActiveSec = "30m"; - }; - wantedBy = [ "default.target" ]; - }; - - # graphics tablet - services.xserver.wacom.enable = true; - - environment.systemPackages = [ pkgs.screenstub pkgs.razergenie ]; - - # other stuffs - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.supportedFilesystems = [ "zfs" "xfs" ]; - networking.hostName = "samhain"; - networking.hostId = "617050fc"; - networking.useDHCP = false; - networking.useNetworkd = true; - networking.firewall.allowPing = true; - - systemd.network = { - networks.enp34s0 = { - matchConfig.Name = "enp34s0"; - bridge = singleton "br"; - }; - networks.br = { - matchConfig.Name = "br"; - address = [ "192.168.1.135/24" ]; - gateway = [ "192.168.1.254" ]; - }; - netdevs.br = { - netdevConfig = { - Name = "br"; - Kind = "bridge"; - MACAddress = "00:d8:61:c7:f4:9d"; - }; - }; - }; - - services.avahi.enable = true; - - network.yggdrasil = { - enable = true; - pubkey = "a7110d0a1dc9ec963d6eb37bb6922838b8088b53932eae727a9136482ce45d47"; - # if server, enable this and set endpoint: - listen.enable = false; - listen.endpoints = [ "tcp://0.0.0.0:0" ]; - }; - - system.stateVersion = "20.09"; -} - diff --git a/config/hosts/samhain/nixos/hw.nix b/config/hosts/samhain/nixos/hw.nix deleted file mode 100644 index 57ad4d58..00000000 --- a/config/hosts/samhain/nixos/hw.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" "nct6775" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "rpool/safe/root"; - fsType = "zfs"; - }; - - fileSystems."/nix" = { - device = "rpool/local/nix"; - fsType = "zfs"; - }; - - fileSystems."/home" = { - device = "rpool/safe/home"; - fsType = "zfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/AED6-D0D1"; - fsType = "vfat"; - }; - - fileSystems."/mnt/zraw" = { - device = "zstore/raw"; - fsType = "zfs"; - }; - - fileSystems."/mnt/zcomp" = { - device = "zstore/compress"; - fsType = "zfs"; - }; - - fileSystems."/mnt/zenc" = { - device = "zstore/protect"; - fsType = "zfs"; - }; - - swapDevices = [ - { device = "/dev/disk/by-uuid/89831a0f-93e6-4d30-85e4-09061259f140"; } - { device = "/dev/disk/by-uuid/8f944315-fe1c-4095-90ce-50af03dd5e3f"; } - ]; - -} diff --git a/config/hosts/samhain/nixos/virtualhosts.nix b/config/hosts/samhain/nixos/virtualhosts.nix index 0a44d341..692042ae 100644 --- a/config/hosts/samhain/nixos/virtualhosts.nix +++ b/config/hosts/samhain/nixos/virtualhosts.nix @@ -6,55 +6,6 @@ with lib; kw.fw.private.tcp.ports = singleton 1935; kw.fw.public.tcp.ports = singleton 1935; - services.nginx.virtualHosts = { - "samhain.net.kittywit.ch" = { - useACMEHost = "samhain.net.kittywit.ch"; - forceSSL = true; - locations = { - "/jellyfin/".proxyPass = "http://127.0.0.1:8096/jellyfin/"; - "/jellyfin/socket" = { - proxyPass = "http://127.0.0.1:8096/jellyfin/"; - extraConfig = '' - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - ''; - }; - "/tvheadend/".proxyPass = "http://192.168.1.245:9981"; - "/" = { - root = "/mnt/zraw/media/"; - extraConfig = "autoindex on;"; - }; - "/transmission" = { - proxyPass = "http://[::1]:9091"; - extraConfig = "proxy_pass_header X-Transmission-Session-Id;"; - }; - }; - }; - "192.168.1.135" = { - locations = { - "/jellyfin/".proxyPass = "http://127.0.0.1:8096/jellyfin/"; - "/jellyfin/socket" = { - proxyPass = "http://127.0.0.1:8096/jellyfin/"; - extraConfig = '' - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - ''; - }; - - "/share/" = { - alias = "/mnt/zraw/media/"; - extraConfig = "autoindex on;"; - }; - }; - }; - "100.103.111.44" = { - locations."/share/" = { - alias = "/mnt/zraw/media/"; - extraConfig = "autoindex on;"; - }; - }; - }; - services.nginx.appendConfig = '' rtmp { server { diff --git a/config/hosts/mabon/home/default.nix b/config/hosts/to-do/mabon/home/default.nix similarity index 100% rename from config/hosts/mabon/home/default.nix rename to config/hosts/to-do/mabon/home/default.nix diff --git a/config/hosts/mabon/meta.nix b/config/hosts/to-do/mabon/meta.nix similarity index 100% rename from config/hosts/mabon/meta.nix rename to config/hosts/to-do/mabon/meta.nix diff --git a/config/hosts/mabon/nixos/default.nix b/config/hosts/to-do/mabon/nixos/default.nix similarity index 100% rename from config/hosts/mabon/nixos/default.nix rename to config/hosts/to-do/mabon/nixos/default.nix diff --git a/config/hosts/mabon/nixos/hw.nix b/config/hosts/to-do/mabon/nixos/hw.nix similarity index 100% rename from config/hosts/mabon/nixos/hw.nix rename to config/hosts/to-do/mabon/nixos/hw.nix diff --git a/config/hosts/ostara/home/default.nix b/config/hosts/to-do/ostara/home/default.nix similarity index 100% rename from config/hosts/ostara/home/default.nix rename to config/hosts/to-do/ostara/home/default.nix diff --git a/config/hosts/ostara/meta.nix b/config/hosts/to-do/ostara/meta.nix similarity index 100% rename from config/hosts/ostara/meta.nix rename to config/hosts/to-do/ostara/meta.nix diff --git a/config/hosts/ostara/nixos/default.nix b/config/hosts/to-do/ostara/nixos/default.nix similarity index 100% rename from config/hosts/ostara/nixos/default.nix rename to config/hosts/to-do/ostara/nixos/default.nix diff --git a/config/hosts/ostara/nixos/hw.nix b/config/hosts/to-do/ostara/nixos/hw.nix similarity index 100% rename from config/hosts/ostara/nixos/hw.nix rename to config/hosts/to-do/ostara/nixos/hw.nix diff --git a/config/hosts/yule/home.nix b/config/hosts/yule/home.nix new file mode 100644 index 00000000..2e2713c6 --- /dev/null +++ b/config/hosts/yule/home.nix @@ -0,0 +1 @@ +{ ... }: { imports = [ ./home/sway.nix ./home/base16.nix ]; } diff --git a/config/hosts/yule/home/default.nix b/config/hosts/yule/home/default.nix deleted file mode 100644 index fcf5d91d..00000000 --- a/config/hosts/yule/home/default.nix +++ /dev/null @@ -1 +0,0 @@ -{ ... }: { imports = [ ./sway ./base16.nix ]; } diff --git a/config/hosts/yule/home/sway/default.nix b/config/hosts/yule/home/sway.nix similarity index 89% rename from config/hosts/yule/home/sway/default.nix rename to config/hosts/yule/home/sway.nix index 24c9ca4a..4fb5bcc2 100644 --- a/config/hosts/yule/home/sway/default.nix +++ b/config/hosts/yule/home/sway.nix @@ -1,13 +1,13 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: + +with lib; { imports = [ ./swayidle.nix ]; wayland.windowManager.sway.config = let - lockCommand = "swaylock -i eDP-1:${ - ../../../../users/kat/sway/wallpapers/main.png - } -s fill"; + lockCommand = "swaylock -i eDP-1:${builtins.elemAt config.kw.wallpapers 0} -s fill"; cfg = config.wayland.windowManager.sway.config; in { diff --git a/config/hosts/yule/home/sway/swayidle.nix b/config/hosts/yule/home/swayidle.nix similarity index 86% rename from config/hosts/yule/home/sway/swayidle.nix rename to config/hosts/yule/home/swayidle.nix index a0ff902e..dd9e2d0e 100644 --- a/config/hosts/yule/home/sway/swayidle.nix +++ b/config/hosts/yule/home/swayidle.nix @@ -1,5 +1,7 @@ { config, pkgs, lib, ... }: +with lib; + { systemd.user.services.swayidle = { Unit = { @@ -11,10 +13,10 @@ Type = "simple"; ExecStart = '' ${pkgs.swayidle}/bin/swayidle -w \ - timeout 300 '${pkgs.swaylock}/bin/swaylock -f -i eDP-1:${../../../../users/kat/sway/wallpapers/main.png} \ + timeout 300 '${pkgs.swaylock}/bin/swaylock -f -i eDP-1:${builtins.elemAt config.kw.wallpapers 0} \ timeout 600 'swaymsg "output * dpms off"' \ resume 'swaymsg "output * dpms on"' \ - before-sleep '${pkgs.swaylock}/bin/swaylock -f -i eDP-1:${../../../../users/kat/sway/wallpapers/main.png}' + before-sleep '${pkgs.swaylock}/bin/swaylock -f -i eDP-1:${builtins.elemAt config.kw.wallpapers 0}' ''; RestartSec = 3; Restart = "always"; diff --git a/config/hosts/yule/nixos.nix b/config/hosts/yule/nixos.nix new file mode 100644 index 00000000..b8393f32 --- /dev/null +++ b/config/hosts/yule/nixos.nix @@ -0,0 +1,91 @@ +{ config, users, pkgs, lib, profiles, ... }: + +with lib; + +{ + # Imports + + imports = [ + profiles.hardware.v330-14arr + profiles.gui + profiles.laptop + users.kat.guiFull + ../../services/zfs.nix + ../../services/restic.nix + ../../services/node-exporter.nix + ../../services/promtail.nix + ../../services/netdata.nix + ../../services/nginx.nix + ]; + + home-manager.users.kat = { + imports = [ + ./home.nix + ]; + }; + + # File Systems and Swap + + boot.supportedFilesystems = singleton "zfs"; + + fileSystems = { + "/" = { + device = "rpool/safe/root"; + fsType = "zfs"; + }; + "/home" = { + device = "rpool/safe/home"; + fsType = "zfs"; + }; + "/nix" = { + device = "rpool/local/nix"; + fsType = "zfs"; + }; + "/boot" = { + device = "/dev/disk/by-uuid/2552-18F2"; + fsType = "vfat"; + }; + }; + + swapDevices = [{ device = "/dev/disk/by-uuid/87ff4f68-cc00-494e-8eba-050469c3bf03"; }]; + + # Bootloader + + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + + # Networking + + networking = { + hostId = "dddbb888"; + hostName = "yule"; + useDHCP = false; + wireless.interfaces = singleton "wlp2s0"; + interfaces = { + enp1s0.useDHCP = true; + wlp2s0.useDHCP = true; + }; + }; + + # Firewall + + kw.fw.private.interfaces = singleton "yggdrasil"; + kw.fw.public.interfaces = [ "enp1s0" "wlp2s0" ]; + + # Yggdrasil + + network.yggdrasil = { + enable = true; + pubkey = "9779fd6b5bdba6b9e0f53c96e141f4b11ce5ef749d1b9e77a759a3fdbd33a653"; + # if server, enable this and set endpoint: + listen.enable = false; + listen.endpoints = [ "tcp://0.0.0.0:0" ]; + }; + + # State + + system.stateVersion = "20.09"; +} + diff --git a/config/hosts/yule/nixos/default.nix b/config/hosts/yule/nixos/default.nix deleted file mode 100644 index 517fe5f9..00000000 --- a/config/hosts/yule/nixos/default.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ config, users, pkgs, lib, profiles, ... }: - -with lib; - -{ - imports = [ - ./hw.nix - ../../../services/zfs.nix - ../../../services/restic.nix - ../../../services/node-exporter.nix - ../../../services/promtail.nix - ../../../services/netdata.nix - ../../../services/nginx.nix - profiles.gui - profiles.sway - profiles.laptop - users.kat.guiFull - ]; - - home-manager.users.kat = { - imports = [ - ../home - ]; - }; - - networking.wireless.interfaces = [ "wlp2s0" ]; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.supportedFilesystems = [ "zfs" ]; - - kw.fw.private.interfaces = singleton "yggdrasil"; - kw.fw.public.interfaces = [ "enp1s0" "wlp2s0" ]; - - networking.hostId = "dddbb888"; - networking.hostName = "yule"; - - networking.useDHCP = false; - networking.interfaces.enp1s0.useDHCP = true; - networking.interfaces.wlp2s0.useDHCP = true; - - network.yggdrasil = { - enable = true; - pubkey = "9779fd6b5bdba6b9e0f53c96e141f4b11ce5ef749d1b9e77a759a3fdbd33a653"; - # if server, enable this and set endpoint: - listen.enable = false; - listen.endpoints = [ "tcp://0.0.0.0:0" ]; - }; - - system.stateVersion = "20.09"; -} - diff --git a/config/hosts/yule/nixos/hw.nix b/config/hosts/yule/nixos/hw.nix deleted file mode 100644 index 0fbd7d47..00000000 --- a/config/hosts/yule/nixos/hw.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot.initrd.availableKernelModules = - [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "rpool/safe/root"; - fsType = "zfs"; - }; - - fileSystems."/home" = { - device = "rpool/safe/home"; - fsType = "zfs"; - }; - - fileSystems."/nix" = { - device = "rpool/local/nix"; - fsType = "zfs"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/2552-18F2"; - fsType = "vfat"; - }; - - swapDevices = - [{ device = "/dev/disk/by-uuid/87ff4f68-cc00-494e-8eba-050469c3bf03"; }]; - -} diff --git a/config/modules/home/default.nix b/config/modules/home/default.nix index 6d00dbf2..d4df8980 100644 --- a/config/modules/home/default.nix +++ b/config/modules/home/default.nix @@ -4,7 +4,9 @@ disabledModules = [ "programs/vim.nix" ]; imports = with (import (sources.nixexprs + "/modules")).home-manager; [ base16 syncplay konawall i3gopher weechat shell ] ++ [ ./vim.nix - ./deploy-tf.nix + ./fvwm.nix + ./deploy.nix + ./theme.nix (sources.tf-nix + "/modules/home/secrets.nix") ]; } diff --git a/config/modules/home/deploy-tf.nix b/config/modules/home/deploy.nix similarity index 90% rename from config/modules/home/deploy-tf.nix rename to config/modules/home/deploy.nix index 17ad5278..4bbfd655 100644 --- a/config/modules/home/deploy-tf.nix +++ b/config/modules/home/deploy.nix @@ -1,5 +1,10 @@ { config, lib, ... }: +/* +This module: + * Provides in-scope TF config for home-manager. +*/ + with lib; let diff --git a/config/modules/home/fvwm.nix b/config/modules/home/fvwm.nix new file mode 100644 index 00000000..4c60ecef --- /dev/null +++ b/config/modules/home/fvwm.nix @@ -0,0 +1,9 @@ +{ config, lib, ... }: + +with lib; + +{ + options.programs.fvwm = { + enable = mkEnableOption "Enable FVWM"; + }; +} diff --git a/config/modules/home/theme.nix b/config/modules/home/theme.nix new file mode 100644 index 00000000..dcbcfd17 --- /dev/null +++ b/config/modules/home/theme.nix @@ -0,0 +1,31 @@ +{ config, lib, ... }: + +/* +This module: + * provides a central way to change the font my system uses. +*/ + +with lib; + +let cfg = config.kw; in { + options.kw = { + wallpapers = mkOption { + type = types.listOf types.path; + }; + + font = { + name = mkOption { + type = types.str; + default = "Cozette"; + }; + size = mkOption { + type = types.float; + default = 9.0; + }; + size_css = mkOption { + type = types.str; + default = "${toString (cfg.font.size + 3)}px"; + }; + }; + }; +} diff --git a/config/modules/home/vim.nix b/config/modules/home/vim.nix index 50e74e45..ff89ffcd 100644 --- a/config/modules/home/vim.nix +++ b/config/modules/home/vim.nix @@ -1,5 +1,12 @@ { config, lib, pkgs, ... }: +/* +This module: + * is from an unmerged PR from home-manager. + +See: https://github.com/nix-community/home-manager/pull/1745 +*/ + with lib; let diff --git a/config/modules/meta/deploy.nix b/config/modules/meta/deploy.nix index 9643aeb0..e7dd06db 100644 --- a/config/modules/meta/deploy.nix +++ b/config/modules/meta/deploy.nix @@ -1,4 +1,16 @@ -{ sources, config, pkgs, lib, ... }: with lib; let +{ sources, config, pkgs, lib, ... }: + +/* +This module: + * makes tf-nix a part of the meta config + * handles the trusted import for tf-nix + * provides the target interface + * imports the per-host TF config for each target +*/ + +with lib; + +let cfg = config.deploy; meta = config; tfModule = { lib, ... }: with lib; { diff --git a/config/modules/meta/network.nix b/config/modules/meta/network.nix index 776dc857..9d360e47 100644 --- a/config/modules/meta/network.nix +++ b/config/modules/meta/network.nix @@ -1,4 +1,13 @@ -{ pkgs, sources, users, profiles, lib, config, ... }: with lib; +{ pkgs, sources, users, profiles, hardware, lib, config, ... }: + +/* +This module: + * Makes hosts nixosModules. + * Manages module imports and specialArgs. + * Builds network.nodes. +*/ + +with lib; { options.network = { @@ -22,7 +31,6 @@ nixpkgs = { system = mkDefault pkgs.system; pkgs = mkDefault pkgs; - #inherit (pkgs) config; }; }; }; diff --git a/config/modules/nixos/default.nix b/config/modules/nixos/default.nix index 6a3ceb65..6958bb71 100644 --- a/config/modules/nixos/default.nix +++ b/config/modules/nixos/default.nix @@ -3,18 +3,22 @@ { imports = with (import (sources.nixexprs + "/modules")).nixos; [ base16 base16-shared ] ++ [ ./nftables.nix - ./fw-abstraction.nix - ./deploy-tf.nix + ./firewall.nix + ./deploy.nix + ./dns.nix + ./dyndns.nix + ./yggdrasil.nix (sources.tf-nix + "/modules/nixos/secrets.nix") (sources.tf-nix + "/modules/nixos/secrets-users.nix") (sources.hexchen + "/modules/network/yggdrasil") ]; - # stubs for hexchens modules, until more generalized options.hexchen.dns = lib.mkOption { }; options.hexchen.deploy = lib.mkOption { }; - # shim + /* + This maps hosts to network.nodes from the meta config. This is required for hexchen's yggdrasil network module. + */ config = { _module.args.hosts = lib.mapAttrs (_: config: { inherit config; } ) meta.network.nodes; }; diff --git a/config/modules/nixos/deploy-tf.nix b/config/modules/nixos/deploy.nix similarity index 79% rename from config/modules/nixos/deploy-tf.nix rename to config/modules/nixos/deploy.nix index 9f9365df..f90b0d92 100644 --- a/config/modules/nixos/deploy-tf.nix +++ b/config/modules/nixos/deploy.nix @@ -1,5 +1,14 @@ { tf, target, name, meta, config, lib, ... }: + +/* +This module: + * aliases .system.build.toplevel to .deploy.system for ease of use. + * marries meta config to NixOS configs for each host. + * provides in-scope TF config in NixOS and home-manager, instead of only as a part of meta config. +*/ + with lib; + let cfg = config.deploy; unmergedValues = types.mkOptionType { @@ -65,26 +74,11 @@ in triggers.secrets.${config.networking.hostName} = tf.resources.${config.networking.hostName}.refAttr "id"; }; - - dns.records."kittywitch_net_${config.networking.hostName}" = - mkIf (config.network.yggdrasil.enable) { - tld = "kittywit.ch."; - domain = "${config.networking.hostName}.net"; - aaaa.address = config.network.yggdrasil.address; - }; - } ++ mapAttrsToList (_: user: mapAttrs (_: mkMerge) user.deploy.tf.out.set) config.home-manager.users); - security.acme.certs."${config.networking.hostName}.net.kittywit.ch" = - mkIf (config.services.nginx.enable && config.network.yggdrasil.enable) { - domain = "${config.networking.hostName}.net.kittywit.ch"; - dnsProvider = "rfc2136"; - credentialsFile = config.secrets.files.dns_creds.path; - group = "nginx"; - }; _module.args.target = mapNullable (targetName: meta.deploy.targets.${targetName}) cfg.targetName; _module.args.tf = mapNullable (target: target.tf) target; }; diff --git a/config/modules/nixos/dns.nix b/config/modules/nixos/dns.nix new file mode 100644 index 00000000..8e766a0e --- /dev/null +++ b/config/modules/nixos/dns.nix @@ -0,0 +1,49 @@ +{ config, lib, tf, ... }: + +/* +This module: +* Provides options for setting the domain/tld/... used by default in my service configs. +*/ + +with lib; + +{ + options.kw.dns = { + email = mkOption { + type = types.nullOr types.str; + default = ""; + }; + tld = mkOption { + type = types.nullOr types.str; + default = ""; + }; + domain = mkOption { + type = types.nullOr types.str; + default = ""; + }; + ygg_prefix = mkOption { + type = types.nullOr types.str; + default = ""; + }; + ipv4 = mkOption { + type = types.str; + }; + ipv6 = mkOption { + type = types.str; + }; + }; + + config = { + # Set these. + kw.dns.email = "kat@kittywit.ch"; + kw.dns.tld = "kittywit.ch."; + kw.dns.ygg_prefix = "net"; + + # This should be set in host config if it needs to be set for a host. Otherwise, they're retrieved from terraform. + kw.dns.ipv4 = mkIf (tf.resources ? config.networking.hostName) (mkOptionDefault (config.deploy.tf.resources."${config.networking.hostName}".refAttr "ipv4_address")); + kw.dns.ipv6 = mkIf (tf.resources ? config.networking.hostName) (mkOptionDefault (config.deploy.tf.resources."${config.networking.hostName}".refAttr "ipv6_address")); + + # This is derived. + kw.dns.domain = builtins.substring 0 ((builtins.stringLength config.kw.dns.tld) - 1) config.kw.dns.tld; + }; +} diff --git a/config/modules/nixos/dyndns.nix b/config/modules/nixos/dyndns.nix new file mode 100644 index 00000000..d227bed8 --- /dev/null +++ b/config/modules/nixos/dyndns.nix @@ -0,0 +1,63 @@ +{ config, pkgs, lib, tf, ... }: + +with lib; + +{ + options = { + kw.dns.dynamic = mkEnableOption "Enable Glauca Dynamic DNS Updater"; + }; + + config = mkIf (config.kw.dns.dynamic) { + deploy.tf.variables.dyn_username = { + type = "string"; + value.shellCommand = "bitw get infra/hexdns-dynamic -f username"; + }; + + deploy.tf.variables.dyn_password = { + type = "string"; + value.shellCommand = "bitw get infra/hexdns-dynamic -f password"; + }; + + deploy.tf.variables.dyn_hostname = { + type = "string"; + value.shellCommand = "bitw get infra/hexdns-dynamic -f hostname"; + }; + + secrets.files.kat-glauca-dns = { + text = '' + user="${tf.variables.dyn_username.ref}" + pass="${tf.variables.dyn_password.ref}" + hostname="${tf.variables.dyn_hostname.ref}" + ''; + }; + + systemd.services.kat-glauca-dns = + let updater = pkgs.writeShellScriptBin "glauca-dyndns" '' + #!/usr/bin/env bash + set -eu + + ip4=$(${pkgs.curl}/bin/curl -s --ipv4 https://dns.glauca.digital/checkip) + ip6=$(${pkgs.curl}/bin/curl -s --ipv6 https://dns.glauca.digital/checkip) + source $passFile + echo "$ip4, $ip6" + ${pkgs.curl}/bin/curl -u ''${user}:''${pass} --data-urlencode "hostname=''${hostname}" --data-urlencode "myip=''${ip4}" "https://dns.glauca.digital/nic/update" + echo "" + ${pkgs.curl}/bin/curl -u ''${user}:''${pass} --data-urlencode "hostname=''${hostname}" --data-urlencode "myip=''${ip6}" "https://dns.glauca.digital/nic/update" + ''; in { + serviceConfig = { + ExecStart = "${updater}/bin/glauca-dyndns"; + }; + environment = { passFile = config.secrets.files.kat-glauca-dns.path; }; + wantedBy = [ "default.target" ]; + }; + + systemd.timers.kat-glauca-dns = { + timerConfig = { + Unit = "kat-glauca-dns.service"; + OnBootSec = "5m"; + OnUnitActiveSec = "1h"; + }; + wantedBy = [ "default.target" ]; + }; + }; +} diff --git a/config/modules/nixos/fw-abstraction.nix b/config/modules/nixos/firewall.nix similarity index 100% rename from config/modules/nixos/fw-abstraction.nix rename to config/modules/nixos/firewall.nix diff --git a/config/modules/nixos/yggdrasil.nix b/config/modules/nixos/yggdrasil.nix new file mode 100644 index 00000000..a7479c4b --- /dev/null +++ b/config/modules/nixos/yggdrasil.nix @@ -0,0 +1,27 @@ +{ config, lib, ... }: + +/* +This module: + * Provides AAAA records on a per-host basis for each yggdrasil enabled host. + * Provides certificates for those hosts if they run NGINX. +*/ + +with lib; + +{ + config = { + deploy.tf.dns.records."ygg_${config.networking.hostName}" = + mkIf (config.network.yggdrasil.enable) { + tld = config.kw.dns.tld; + domain = "${config.networking.hostName}.${config.kw.dns.ygg_prefix}"; + aaaa.address = config.network.yggdrasil.address; + }; + security.acme.certs."${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}" = + mkIf (config.services.nginx.enable && config.network.yggdrasil.enable) { + domain = "${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}"; + dnsProvider = "rfc2136"; + credentialsFile = config.secrets.files.dns_creds.path; + group = "nginx"; + }; + }; +} diff --git a/config/nixos.nix b/config/nixos.nix deleted file mode 100644 index 66ad906c..00000000 --- a/config/nixos.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ pkgs, config, lib, tf, sources, options, profiles, ... }: - -{ - imports = [ - profiles/common - ]; - - options = { - deploy.profile.gui = lib.mkEnableOption "graphical system"; - deploy.profile.fvwm = lib.mkEnableOption "fvwm"; - deploy.profile.sway = lib.mkEnableOption "sway wm"; - deploy.profile.laptop = lib.mkEnableOption "lappytop"; - home-manager.users = lib.mkOption { - type = lib.types.attrsOf (lib.types.submoduleWith { - modules = [ ./modules/home ]; - specialArgs = { - inherit sources tf; - superConfig = config; - modulesPath = sources.home-manager + "/modules"; - }; - }); - }; - }; - - config = { - home-manager = { - useUserPackages = true; - useGlobalPkgs = true; - - users = { - kat = { - imports = lib.optional (builtins.pathExists ./trusted/users/kat) (import ./trusted/users/kat); - - options = { - deploy.profile.gui = lib.mkEnableOption "graphical system"; - deploy.profile.sway = lib.mkEnableOption "sway wm"; - deploy.profile.laptop = lib.mkEnableOption "lappytop"; - }; - }; - kairi = { - imports = lib.optional (builtins.pathExists ./trusted/users/kairi) (import ./trusted/users/kairi); - - options = { - deploy.profile.gui = lib.mkEnableOption "graphical system"; - deploy.profile.fvwm = lib.mkEnableOption "fvwm"; - deploy.profile.laptop = lib.mkEnableOption "lappytop"; - }; - }; - }; - }; - }; -} diff --git a/config/profiles/common/access.nix b/config/profiles/base/access.nix similarity index 74% rename from config/profiles/common/access.nix rename to config/profiles/base/access.nix index 4a41b0b0..79d0a297 100644 --- a/config/profiles/common/access.nix +++ b/config/profiles/base/access.nix @@ -4,6 +4,8 @@ security.sudo.wheelNeedsPassword = lib.mkForce false; users.users.root = { + hashedPassword = + "$6$i28yOXoo$/WokLdKds5ZHtJHcuyGrH2WaDQQk/2Pj0xRGLgS8UcmY2oMv3fw2j/85PRpsJJwCB2GBRYRK5LlvdTleHd3mB."; openssh.authorizedKeys.keys = with pkgs.lib; concatLists (mapAttrsToList (name: user: diff --git a/config/profiles/common/base16.nix b/config/profiles/base/base16.nix similarity index 100% rename from config/profiles/common/base16.nix rename to config/profiles/base/base16.nix diff --git a/config/profiles/common/default.nix b/config/profiles/base/default.nix similarity index 80% rename from config/profiles/common/default.nix rename to config/profiles/base/default.nix index 322a8b46..661722b4 100644 --- a/config/profiles/common/default.nix +++ b/config/profiles/base/default.nix @@ -3,10 +3,12 @@ { imports = [ users.kat.base - users.kairi.base +# users.kairi.base TODO users.arc users.hexchen ./system.nix + ./home.nix + ./profiles.nix ./base16.nix ./net.nix ./access.nix diff --git a/config/profiles/base/home.nix b/config/profiles/base/home.nix new file mode 100644 index 00000000..20544eb4 --- /dev/null +++ b/config/profiles/base/home.nix @@ -0,0 +1,23 @@ +{ config, lib, sources, tf, ... }: + +with lib; + +{ + options.home-manager.users = mkOption { + type = types.attrsOf (types.submoduleWith { + modules = [ ../../modules/home ]; + specialArgs = { + inherit sources tf; + superConfig = config; + modulesPath = sources.home-manager + "/modules"; + }; + }); + }; + + config = { + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + }; + }; +} diff --git a/config/profiles/common/locale.nix b/config/profiles/base/locale.nix similarity index 100% rename from config/profiles/common/locale.nix rename to config/profiles/base/locale.nix diff --git a/config/profiles/common/net.nix b/config/profiles/base/net.nix similarity index 100% rename from config/profiles/common/net.nix rename to config/profiles/base/net.nix diff --git a/config/profiles/common/nix.nix b/config/profiles/base/nix.nix similarity index 92% rename from config/profiles/common/nix.nix rename to config/profiles/base/nix.nix index f8931c43..54d00262 100644 --- a/config/profiles/common/nix.nix +++ b/config/profiles/base/nix.nix @@ -11,6 +11,9 @@ "arc=${sources.nixexprs}" "ci=${sources.ci}" ]; + sandboxPaths = [ + "/var/run/nscd/socket" + ]; binaryCaches = [ "https://arc.cachix.org" "https://kittywitch.cachix.org" ]; binaryCachePublicKeys = [ "arc.cachix.org-1:DZmhclLkB6UO0rc0rBzNpwFbbaeLfyn+fYccuAy7YVY=" "kittywitch.cachix.org-1:KIzX/G5cuPw5WgrXad6UnrRZ8UDr7jhXzRTK/lmqyK0=" ]; diff --git a/config/profiles/common/packages.nix b/config/profiles/base/packages.nix similarity index 100% rename from config/profiles/common/packages.nix rename to config/profiles/base/packages.nix diff --git a/config/profiles/base/profiles.nix b/config/profiles/base/profiles.nix new file mode 100644 index 00000000..b82655d9 --- /dev/null +++ b/config/profiles/base/profiles.nix @@ -0,0 +1,49 @@ +{ config, lib, ... }: + +with lib; + +{ + options = { + deploy.profile = { + gui = mkEnableOption "Graphical System"; + laptop = mkEnableOption "Laptop (Implies WiFi)"; + vfio = mkEnableOption "VFIO"; + trusted = mkEnableOption "Trusted Submodule"; + hardware = { + amdgpu = mkEnableOption "AMD GPU"; + hcloud-imperative = mkEnableOption "Imperative Hetzner Cloud Setup"; + intel = mkEnableOption "Intel CPU"; + ms-7b86 = mkEnableOption "MSI B450-A Pro Max"; + rm-310 = mkEnableOption "Intel DQ67OW"; + ryzen = mkEnableOption "AMD Ryzen CPU"; + v330-14arr = mkEnableOption "Lenovo Ideapad v330-14ARR"; + }; + }; + home-manager.users = mkOption { + type = types.attrsOf (types.submoduleWith { + modules = [ + ({ superConfig, ... }: { + options.deploy.profile = { + gui = mkEnableOption "Graphical System"; + laptop = mkEnableOption "Laptop (Implies WiFi)"; + vfio = mkEnableOption "VFIO"; + trusted = mkEnableOption "Trusted Submodule"; + hardware = { + amdgpu = mkEnableOption "AMD GPU"; + hcloud-imperative = mkEnableOption "Imperative Hetzner Cloud Setup"; + intel = mkEnableOption "Intel CPU"; + ms-7b86 = mkEnableOption "MSI B450-A Pro Max"; + rm-310 = mkEnableOption "Intel DQ67OW"; + ryzen = mkEnableOption "AMD Ryzen CPU"; + v330-14arr = mkEnableOption "Lenovo Ideapad v330-14ARR"; + }; + }; + config = { + deploy.profile = superConfig.deploy.profile; + }; + }) + ]; + }); + }; + }; +} diff --git a/config/profiles/common/secrets.nix b/config/profiles/base/secrets.nix similarity index 100% rename from config/profiles/common/secrets.nix rename to config/profiles/base/secrets.nix diff --git a/config/profiles/common/ssh.nix b/config/profiles/base/ssh.nix similarity index 87% rename from config/profiles/common/ssh.nix rename to config/profiles/base/ssh.nix index 93d583fd..b884e406 100644 --- a/config/profiles/common/ssh.nix +++ b/config/profiles/base/ssh.nix @@ -10,6 +10,9 @@ to = 61000; }]; + kw.fw.public.tcp.ports = [ 62954 ]; + kw.fw.private.tcp.ports = [ 62954 ]; + services.openssh = { enable = true; ports = lib.mkDefault [ 62954 ]; diff --git a/config/profiles/base/system.nix b/config/profiles/base/system.nix new file mode 100644 index 00000000..4e7ac5a2 --- /dev/null +++ b/config/profiles/base/system.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: + +{ + boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + hardware.enableRedistributableFirmware = lib.mkDefault true; + boot.tmpOnTmpfs = true; + boot.zfs.enableUnstable = true; + boot.kernel.sysctl = { + "net.core.rmem_max" = "16777216"; + "net.core.wmem_max" ="16777216"; + "net.ipv4.tcp_rmem" = "4096 87380 16777216"; + "net.ipv4.tcp_wmem" = "4096 65536 16777216"; + }; + services.journald.extraConfig = "SystemMaxUse=512M"; + users.mutableUsers = false; +} diff --git a/config/profiles/common/system.nix b/config/profiles/common/system.nix deleted file mode 100644 index f7f6e475..00000000 --- a/config/profiles/common/system.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; - boot.tmpOnTmpfs = true; - boot.zfs.enableUnstable = true; - services.journald.extraConfig = "SystemMaxUse=512M"; - users.mutableUsers = false; -} diff --git a/config/profiles/fvwm/default.nix b/config/profiles/fvwm/default.nix deleted file mode 100644 index 8aab23c0..00000000 --- a/config/profiles/fvwm/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ ./fvwm.nix ]; - - deploy.profile.fvwm = true; -} diff --git a/config/profiles/fvwm/fvwm.nix b/config/profiles/fvwm/fvwm.nix deleted file mode 100644 index a77dd873..00000000 --- a/config/profiles/fvwm/fvwm.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - services.xserver.enable = true; - services.xserver.displayManager.startx.enable = true; - services.xserver.windowManager.fvwm = { - enable = true; - gestures = true; - }; -} diff --git a/config/profiles/gui/default.nix b/config/profiles/gui/default.nix index d1983196..dcf0759e 100644 --- a/config/profiles/gui/default.nix +++ b/config/profiles/gui/default.nix @@ -4,8 +4,11 @@ imports = [ ./adb.nix ./fonts.nix + ./sway.nix + ./fvwm.nix + ./filesystems.nix ./gpg.nix - ./firefox.nix + ./xdg-portals.nix ./dns.nix ./nfs.nix ./nix-doc.nix @@ -15,9 +18,7 @@ ./sound.nix ]; - hardware.opengl.extraPackages = with pkgs; [ libvdpau-va-gl vaapiVdpau ]; services.tumbler.enable = true; - environment.systemPackages = with pkgs; [ ntfs3g exfat-utils ]; - + deploy.profile.gui = true; } diff --git a/config/profiles/gui/filesystems.nix b/config/profiles/gui/filesystems.nix new file mode 100644 index 00000000..2a47c0c4 --- /dev/null +++ b/config/profiles/gui/filesystems.nix @@ -0,0 +1,5 @@ +{ config, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ ntfs3g exfat-utils ]; +} diff --git a/config/profiles/gui/fvwm.nix b/config/profiles/gui/fvwm.nix new file mode 100644 index 00000000..101a117d --- /dev/null +++ b/config/profiles/gui/fvwm.nix @@ -0,0 +1,14 @@ +{ config, lib, ... }: + +with lib; + +{ + config = mkIf (any (user: user.programs.fvwm.enable) (attrValues config.home-manager.users)) { + services.xserver.enable = true; + services.xserver.displayManager.startx.enable = true; + services.xserver.windowManager.fvwm = { + enable = true; + gestures = true; + }; + }; +} diff --git a/config/profiles/gui/nfs.nix b/config/profiles/gui/nfs.nix index be5a559b..dc965a14 100644 --- a/config/profiles/gui/nfs.nix +++ b/config/profiles/gui/nfs.nix @@ -1,14 +1,15 @@ -{ config, ... }: +{ config, lib, ... }: { boot.supportedFilesystems = [ "nfs" ]; - fileSystems."/mnt/kat-nas" = { - device = "samhain.net.kittywit.ch:/mnt/zraw/media"; + fileSystems."/mnt/kat-nas" = lib.mkIf (config.networking.hostName != "beltane") { + device = "192.168.1.223:/mnt/zraw/media"; fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" ]; + options = [ "x-systemd.automount" "noauto" "nfsvers=4" "soft" "retrans=2" "timeo=60"]; }; + /* fileSystems."/mnt/hex-corn" = { device = "storah.net.lilwit.ch:/data/cornbox"; fsType = "nfs"; @@ -19,7 +20,8 @@ device = "storah.net.lilwit.ch:/data/torrents"; fsType = "nfs"; options = [ "x-systemd.automount" "noauto" ]; - }; + }; + */ systemd.services.nfs-mountd = { wants = [ "network-online.target" "yggdrassil.service" ]; diff --git a/config/profiles/gui/sway.nix b/config/profiles/gui/sway.nix new file mode 100644 index 00000000..edb4352d --- /dev/null +++ b/config/profiles/gui/sway.nix @@ -0,0 +1,10 @@ +{ config, pkgs, lib, ... }: + +with lib; + +{ + programs.sway = { + enable = any (user: user.wayland.windowManager.sway.enable) (attrValues config.home-manager.users); + extraPackages = with pkgs; mkForce [ xwayland swaylock swayidle ]; + }; +} diff --git a/config/profiles/gui/firefox.nix b/config/profiles/gui/xdg-portals.nix similarity index 80% rename from config/profiles/gui/firefox.nix rename to config/profiles/gui/xdg-portals.nix index 28378da6..b44e884e 100644 --- a/config/profiles/gui/firefox.nix +++ b/config/profiles/gui/xdg-portals.nix @@ -1,8 +1,6 @@ { config, pkgs, ... }: { - environment.variables = { BROWSER = "firefox"; }; - xdg = { portal = { enable = true; diff --git a/config/profiles/hardware/amdgpu/default.nix b/config/profiles/hardware/amdgpu/default.nix new file mode 100644 index 00000000..fde1e4ca --- /dev/null +++ b/config/profiles/hardware/amdgpu/default.nix @@ -0,0 +1,8 @@ +{ config, pkgs, ... }: + +{ + deploy.profile.hardware.amdgpu = true; + + boot.initrd.availableKernelModules = [ "amdgpu" ]; + hardware.opengl.extraPackages = with pkgs; [ libvdpau-va-gl vaapiVdpau ]; +} diff --git a/config/profiles/hardware/default.nix b/config/profiles/hardware/default.nix new file mode 100644 index 00000000..f0c52bcf --- /dev/null +++ b/config/profiles/hardware/default.nix @@ -0,0 +1,30 @@ +rec { + ms-7b86-base = ./ms-7b86; + v330-14arr-base = ./v330-14arr; + rm-310-base = ./rm-310; + hcloud-imperative = ./hcloud-imperative; + ryzen = ./ryzen; + intel = ./intel; + amdgpu = ./amdgpu; + + ms-7b86 = { + imports = [ + ms-7b86-base + ryzen + amdgpu + ]; + }; + v330-14arr = { + imports = [ + v330-14arr-base + ryzen + amdgpu + ]; + }; + rm-310 = { + imports = [ + rm-310-base + intel + ]; + }; +} diff --git a/config/profiles/hardware/hcloud-imperative/default.nix b/config/profiles/hardware/hcloud-imperative/default.nix new file mode 100644 index 00000000..cf1dd955 --- /dev/null +++ b/config/profiles/hardware/hcloud-imperative/default.nix @@ -0,0 +1,14 @@ +{ config, lib, sources, ... }: + +/* +This hardware profile corresponds with the imperatively provisioned hetzner cloud box. +*/ + +with lib; + +{ + deploy.profile.hardware.hcloud-imperative = true; + + imports = [ (sources.nixpkgs + "/nixos/modules/profiles/qemu-guest.nix") ]; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; +} diff --git a/config/profiles/hardware/intel/default.nix b/config/profiles/hardware/intel/default.nix new file mode 100644 index 00000000..37380d33 --- /dev/null +++ b/config/profiles/hardware/intel/default.nix @@ -0,0 +1,13 @@ +{ config, ... }: + +/* +This hardware profile corresponds to any machine which has an Intel processor. +*/ + +{ + deploy.profile.hardware.intel = true; + + boot = { + kernelModules = [ "kvm-intel" ]; + }; +} diff --git a/config/profiles/hardware/ms-7b86/default.nix b/config/profiles/hardware/ms-7b86/default.nix new file mode 100644 index 00000000..1b6e23a8 --- /dev/null +++ b/config/profiles/hardware/ms-7b86/default.nix @@ -0,0 +1,33 @@ +{ config, lib, ... }: + +/* +This hardware profile corresponds to the MSI B450-A PRO MAX system. +*/ + +with lib; + +{ + deploy.profile.hardware.ms-7b86 = true; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; + boot.kernelModules = [ "nct6775" ]; + + systemd.network = { + networks.enp34s0 = { + matchConfig.Name = "enp34s0"; + bridge = singleton "br"; + }; + networks.br = { + matchConfig.Name = "br"; + address = [ "192.168.1.135/24" ]; + gateway = [ "192.168.1.254" ]; + }; + netdevs.br = { + netdevConfig = { + Name = "br"; + Kind = "bridge"; + MACAddress = "00:d8:61:c7:f4:9d"; + }; + }; + }; +} diff --git a/config/profiles/hardware/rm-310/default.nix b/config/profiles/hardware/rm-310/default.nix new file mode 100644 index 00000000..7e27829b --- /dev/null +++ b/config/profiles/hardware/rm-310/default.nix @@ -0,0 +1,14 @@ +{ config, ... }: + +/* +This hardware profile corresponds with the RM DESKTOP 310 system, which is actually just an Intel DQ67OW motherboard. +*/ + +{ + deploy.profile.hardware.rm-310 = true; + + boot.initrd.availableKernelModules = [ "ata_generic" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; +} diff --git a/config/profiles/hardware/ryzen/default.nix b/config/profiles/hardware/ryzen/default.nix new file mode 100644 index 00000000..6aba9781 --- /dev/null +++ b/config/profiles/hardware/ryzen/default.nix @@ -0,0 +1,26 @@ +{ config, pkgs, ... }: + +/* +This hardware profile corresponds to any machine which has an AMD Ryzen processor. +*/ + +{ + deploy.profile.hardware.ryzen = true; + + boot = { + kernelModules = [ + "msr" + "ryzen_smu" + "kvm-amd" + ]; + kernelParams = [ "amd_iommu=on" ]; + }; + + hardware.cpu.amd.updateMicrocode = true; + + environment.systemPackages = with pkgs; [ + lm_sensors + ryzen-smu-monitor_cpu + ryzen-monitor + ]; +} diff --git a/config/profiles/hardware/v330-14arr/default.nix b/config/profiles/hardware/v330-14arr/default.nix new file mode 100644 index 00000000..804cacda --- /dev/null +++ b/config/profiles/hardware/v330-14arr/default.nix @@ -0,0 +1,15 @@ +{ config, ... }: + +/* +This hardware profile corresponds to the Lenovo IdeaPad v330-14ARR. +*/ + +{ + deploy.profile.hardware.v330-14arr = true; + + boot.initrd.availableKernelModules = + [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; +} diff --git a/config/profiles/sway/default.nix b/config/profiles/sway/default.nix deleted file mode 100644 index 5bb40515..00000000 --- a/config/profiles/sway/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ ./sway.nix ]; - - deploy.profile.sway = true; -} diff --git a/config/profiles/sway/sway.nix b/config/profiles/sway/sway.nix deleted file mode 100644 index 86aa3092..00000000 --- a/config/profiles/sway/sway.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - programs.sway = { - enable = true; - extraPackages = with pkgs; lib.mkForce [ xwayland swaylock swayidle ]; - }; -} diff --git a/config/profiles/vfio/default.nix b/config/profiles/vfio/default.nix new file mode 100644 index 00000000..f121b322 --- /dev/null +++ b/config/profiles/vfio/default.nix @@ -0,0 +1,9 @@ +{ config, pkgs, ... }: + +{ + deploy.profile.vfio = true; + + environment.systemPackages = with pkgs; [ + screenstub + ]; +} diff --git a/config/services/gitea/default.nix b/config/services/gitea/default.nix index 28363fa1..1347e5e4 100644 --- a/config/services/gitea/default.nix +++ b/config/services/gitea/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, pkgs, tf, ... }: { services.postgresql = { @@ -10,11 +10,24 @@ }]; }; + deploy.tf.variables.gitea_mail = { + type = "string"; + value.shellCommand = "bitw get infra/gitea-mail -f password"; + }; + + secrets.files.gitea_mail = { + text = '' + ${tf.variables.gitea_mail.ref}; + ''; + owner = "gitea"; + group = "gitea"; + }; + services.gitea = { enable = true; disableRegistration = true; - domain = "git.kittywit.ch"; - rootUrl = "https://git.kittywit.ch"; + domain = "git.${config.kw.dns.domain}"; + rootUrl = "https://git.${config.kw.dns.domain}"; httpAddress = "127.0.0.1"; appName = "kittywitch git"; ssh = { clonePort = 62954; }; @@ -24,13 +37,16 @@ user = "gitea"; }; settings = { + mailerPasswordFile = config.secrets.files.gitea_mail.path; security = { DISABLE_GIT_HOOKS = false; }; api = { ENABLE_SWAGGER = true; }; mailer = { ENABLED = true; - MAILER_TYPE = "sendmail"; - FROM = "gitea@kittywit.ch"; - SENDMAIL_PATH = "${pkgs.system-sendmail}/bin/sendmail"; + SUBJECT = "%(APP_NAME)s"; + HOST = "kittywit.ch:465"; + SEND_AS_PLAIN_TEXT = true; + USE_SENDMAIL = false; + FROM = "\"kittywitch git\" "; }; ui = { THEMES = "gitea,arc-green"; @@ -45,15 +61,15 @@ ${pkgs.coreutils}/bin/ln -sfT ${./templates} /var/lib/gitea/custom/templates ''; - services.nginx.virtualHosts."git.kittywit.ch" = { + services.nginx.virtualHosts."git.${config.kw.dns.domain}" = { enableACME = true; forceSSL = true; locations = { "/".proxyPass = "http://127.0.0.1:3000"; }; }; deploy.tf.dns.records.kittywitch_git = { - tld = "kittywit.ch."; + tld = config.kw.dns.tld; domain = "git"; - cname.target = "athame.kittywit.ch."; + cname.target = "${config.networking.hostName}.${config.kw.dns.tld}"; }; } diff --git a/config/services/grafana.nix b/config/services/grafana.nix index e5c7d367..1075d535 100644 --- a/config/services/grafana.nix +++ b/config/services/grafana.nix @@ -12,8 +12,8 @@ services.grafana = { enable = true; port = 3001; - domain = "graph.kittywit.ch"; - rootUrl = "https://graph.kittywit.ch/"; + domain = "graph.${config.kw.dns.domain}"; + rootUrl = "https://graph.${config.kw.dns.domain}/"; database = { type = "postgres"; host = "/run/postgresql/"; @@ -22,15 +22,15 @@ }; }; - services.nginx.virtualHosts."graph.kittywit.ch" = { + services.nginx.virtualHosts."graph.${config.kw.dns.domain}" = { enableACME = true; forceSSL = true; locations = { "/".proxyPass = "http://127.0.0.1:3001"; }; }; deploy.tf.dns.records.kittywitch_graph = { - tld = "kittywit.ch."; + tld = config.kw.dns.tld; domain = "graph"; - cname.target = "athame.kittywit.ch."; + cname.target = "${config.networking.hostName}.${config.kw.dns.tld}"; }; } diff --git a/config/services/logrotate.nix b/config/services/logrotate.nix index 2e312298..eacbea47 100644 --- a/config/services/logrotate.nix +++ b/config/services/logrotate.nix @@ -13,13 +13,6 @@ with lib; frequency = "weekly"; keep = 2; }; - asterisk = mkIf config.systemd.services.asterisk.enable { - path = "/var/log/asterisk/messages"; - user = "asterisk"; - group = "asterisk"; - frequency = "daily"; - keep = 2; - }; }; }; } diff --git a/config/services/mail.nix b/config/services/mail.nix index ac0e7312..4051377f 100644 --- a/config/services/mail.nix +++ b/config/services/mail.nix @@ -5,86 +5,41 @@ with lib; { imports = [ sources.nixos-mailserver.outPath ]; - services.fail2ban.jails = { - postfix = '' - enabled = true - filter = postfix - maxretry = 3 - action = nftables-multiport[name=postfix, port=smtp, protocol=tcp] - ''; - postfix-sasl = '' - enabled = true - filter = postfix-sasl - port = postfix,imap3,imaps,pop3,pop3s - maxretry = 3 - action = nftables-multiport[name=postfix, port=smtp, protocol=tcp] - ''; - postfix-ddos = '' - enabled = true - filter = postfix-ddos - maxretry = 3 - action = nftables-multiport[name=postfix, port=submission, protocol=tcp] - bantime = 7200 - ''; - }; - - environment.etc."fail2ban/filter.d/postfix-sasl.conf" = { - enable = true; - text = '' - # Fail2Ban filter for postfix authentication failures - [INCLUDES] - before = common.conf - [Definition] - daemon = postfix/smtpd - failregex = ^%(__prefix_line)swarning: [-._\w]+\[\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$ - ''; - }; - - environment.etc."fail2ban/filter.d/postfix-ddos.conf" = { - enable = true; - text = '' - [Definition] - failregex = lost connection after EHLO from \S+\[\] - ''; - }; - deploy.tf.variables.domainkey_kitty = { type = "string"; value.shellCommand = "bitw get infra/domainkey-kitty"; }; - deploy.tf.dns.records.kittywitch_mx = { - tld = "kittywit.ch."; + deploy.tf.dns.records.services_mail_mx = { + tld = config.kw.dns.tld; domain = "@"; mx = { priority = 10; - target = "athame.kittywit.ch."; + target = "${config.networking.hostName}.${config.kw.dns.tld}"; }; }; - deploy.tf.dns.records.kittywitch_spf = { - tld = "kittywit.ch."; + deploy.tf.dns.records.services_mail_spf = { + tld = config.kw.dns.tld; domain = "@"; - txt.value = "v=spf1 ip4:168.119.126.111 ip6:${ - (head config.networking.interfaces.enp1s0.ipv6.addresses).address - } -all"; + txt.value = "v=spf1 ip4:${config.kw.dns.ipv4} ip6:${config.kw.dns.ipv6} -all"; }; - deploy.tf.dns.records.kittywitch_dmarc = { - tld = "kittywit.ch."; + deploy.tf.dns.records.services_mail_dmarc = { + tld = config.kw.dns.tld; domain = "_dmarc"; txt.value = "v=DMARC1; p=none"; }; - deploy.tf.dns.records.kittywitch_domainkey = { - tld = "kittywit.ch."; + deploy.tf.dns.records.services_mail_domainkey = { + tld = config.kw.dns.tld; domain = "mail._domainkey"; txt.value = tf.variables.domainkey_kitty.ref; }; mailserver = { enable = true; - fqdn = "athame.kittywit.ch"; + fqdn = "${config.networking.hostName}.${config.kw.dns.domain}"; domains = [ "kittywit.ch" "dork.dev" ]; # Use Let's Encrypt certificates. Note that this needs to set up a stripped # down nginx and opens port 80. diff --git a/config/services/matrix.nix b/config/services/matrix.nix index 61391af6..6e488968 100644 --- a/config/services/matrix.nix +++ b/config/services/matrix.nix @@ -43,7 +43,7 @@ root: disable_existing_loggers: False ''; - server_name = "kittywit.ch"; + server_name = config.kw.dns.domain; app_service_config_files = [ "/var/lib/matrix-synapse/telegram-registration.yaml" "/var/lib/matrix-synapse/discord-registration.yaml" @@ -78,7 +78,7 @@ disable_existing_loggers: False settings = { homeserver = { address = "http://localhost:8008"; - domain = "kittywit.ch"; + domain = config.kw.dns.domain; }; appservice = { provisioning.enabled = false; @@ -86,14 +86,14 @@ disable_existing_loggers: False public = { enabled = false; prefix = "/public"; - external = "https://kittywit.ch/public"; + external = "https://${config.kw.dns.domain}/public"; }; }; bridge = { relaybot.authless_portals = false; permissions = { - "@kat:kittywit.ch" = "admin"; - "kittywit.ch" = "full"; + "@kat:${config.kw.dns.domain}" = "admin"; + "${config.kw.dns.domain}" = "full"; }; }; }; @@ -143,7 +143,7 @@ disable_existing_loggers: False after = [ "network.target" ]; }; - services.nginx.virtualHosts."kittywit.ch" = { + services.nginx.virtualHosts."${config.kw.dns.domain}" = { # allegedly fixes https://github.com/poljar/weechat-matrix/issues/240 extraConfig = '' keepalive_requests 100000; @@ -152,7 +152,7 @@ disable_existing_loggers: False locations = { "/_matrix" = { proxyPass = "http://[::1]:8008"; }; "= /.well-known/matrix/server".extraConfig = - let server = { "m.server" = "kittywit.ch:443"; }; + let server = { "m.server" = "${config.kw.dns.domain}:443"; }; in '' add_header Content-Type application/json; @@ -161,7 +161,7 @@ disable_existing_loggers: False "= /.well-known/matrix/client".extraConfig = let client = { - "m.homeserver" = { "base_url" = "https://kittywit.ch"; }; + "m.homeserver" = { "base_url" = "https://${config.kw.dns.domain}"; }; "m.identity_server" = { "base_url" = "https://vector.im"; }; }; in diff --git a/config/services/murmur.nix b/config/services/murmur.nix index 4a6db5a0..ae288347 100644 --- a/config/services/murmur.nix +++ b/config/services/murmur.nix @@ -8,32 +8,32 @@ with lib; services.murmur = { enable = true; - hostName = "voice.kittywit.ch"; + hostName = "voice.${config.kw.dns.domain}"; bandwidth = 130000; welcometext = "mew!"; extraConfig = '' - sslCert=/var/lib/acme/voice.kittywit.ch/fullchain.pem - sslKey=/var/lib/acme/voice.kittywit.ch/key.pem + sslCert=/var/lib/acme/voice.${config.kw.dns.domain}/fullchain.pem + sslKey=/var/lib/acme/voice.${config.kw.dns.domain}/key.pem ''; }; - services.nginx.virtualHosts."voice.kittywit.ch" = { + services.nginx.virtualHosts."voice.${config.kw.dns.domain}" = { enableACME = true; forceSSL = true; }; users.groups."voice-cert".members = [ "nginx" "murmur" ]; - security.acme.certs = { "voice.kittywit.ch" = { group = "voice-cert"; }; }; + security.acme.certs = { "voice.${config.kw.dns.domain}" = { group = "voice-cert"; }; }; - deploy.tf.dns.records.kittywitch_voice = { - tld = "kittywit.ch."; + deploy.tf.dns.records.services_murmur = { + tld = config.kw.dns.tld; domain = "voice"; - cname.target = "athame.kittywit.ch."; + cname.target = "${config.networking.hostName}.${config.kw.dns.tld}"; }; - deploy.tf.dns.records.kittywitch_voice_tcp = { - tld = "kittywit.ch."; + deploy.tf.dns.records.services_murmur_tcp_srv = { + tld = config.kw.dns.tld; domain = "@"; srv = { service = "mumble"; @@ -41,12 +41,12 @@ with lib; priority = 0; weight = 5; port = 64738; - target = "voice.kittywit.ch."; + target = "voice.${config.kw.dns.tld}"; }; }; - deploy.tf.dns.records.kittywitch_voice_udp = { - tld = "kittywit.ch."; + deploy.tf.dns.records.services_murmur_udp_srv = { + tld = config.kw.dns.tld; domain = "@"; srv = { service = "mumble"; @@ -54,7 +54,7 @@ with lib; priority = 0; weight = 5; port = 64738; - target = "voice.kittywit.ch."; + target = "voice.${config.kw.dns.tld}"; }; }; } diff --git a/config/services/netdata.nix b/config/services/netdata.nix index 783abcdf..3a693e77 100644 --- a/config/services/netdata.nix +++ b/config/services/netdata.nix @@ -8,8 +8,8 @@ services.nginx = { enable = true; virtualHosts = { - "${config.networking.hostName}.net.kittywit.ch" = { - useACMEHost = "${config.networking.hostName}.net.kittywit.ch"; + "${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}" = { + useACMEHost = "${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}"; forceSSL = true; locations = { "/netdata" = { proxyPass = "http://[::1]:19999/"; }; }; }; diff --git a/config/services/nginx.nix b/config/services/nginx.nix index ccef30eb..b1d07211 100644 --- a/config/services/nginx.nix +++ b/config/services/nginx.nix @@ -37,7 +37,7 @@ with lib; }; security.acme = { - email = "acme@kittywit.ch"; + email = config.kw.dns.email; acceptTerms = true; }; } diff --git a/config/services/prometheus.nix b/config/services/prometheus.nix index 3c1beb0f..0b2b71e1 100644 --- a/config/services/prometheus.nix +++ b/config/services/prometheus.nix @@ -17,12 +17,12 @@ in scrapeConfigs = [ { job_name = "boline"; - static_configs = [{ targets = [ "boline.net.kittywit.ch:8002" ]; }]; + static_configs = [{ targets = [ "boline.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}:8002" ]; }]; } { job_name = "samhain-vm"; metrics_path = "/metrics"; - static_configs = [{ targets = [ "samhain.net.kittywit.ch:10445" ]; }]; + static_configs = [{ targets = [ "samhain.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}:10445" ]; }]; } ] ++ mapAttrsToList (hostName: prom: { @@ -30,13 +30,13 @@ in metrics_path = "/api/v1/allmetrics"; honor_labels = true; params = { format = [ "prometheus" ]; }; - static_configs = [{ targets = [ "${hostName}.net.kittywit.ch:19999" ]; }]; + static_configs = [{ targets = [ "${hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}:19999" ]; }]; }) nd_configs ++ mapAttrsToList (hostName: prom: { job_name = hostName; static_configs = [{ - targets = [ "${hostName}.net.kittywit.ch:${toString prom.port}" ]; + targets = [ "${hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}:${toString prom.port}" ]; }]; }) prom_configs; diff --git a/config/services/promtail.nix b/config/services/promtail.nix index c2f206c5..c35d7809 100644 --- a/config/services/promtail.nix +++ b/config/services/promtail.nix @@ -5,7 +5,7 @@ with lib; let promtail_config = pkgs.writeText "prom-config.json" (builtins.toJSON { clients = - [{ url = "http://athame.net.kittywit.ch:3100/loki/api/v1/push"; }]; + [{ url = "http://${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}:3100/loki/api/v1/push"; }]; positions = { filename = "/tmp/positions.yaml"; }; scrape_configs = [{ job_name = "journal"; diff --git a/config/services/calendar.nix b/config/services/radicale.nix similarity index 82% rename from config/services/calendar.nix rename to config/services/radicale.nix index 5f5069f1..40fcbcfe 100644 --- a/config/services/calendar.nix +++ b/config/services/radicale.nix @@ -7,7 +7,6 @@ let htpasswd = pkgs.writeText "radicale.users" (concatStrings (flip mapAttrsToList mailAccounts (mail: user: mail + ":" + user.hashedPassword + "\n"))); - in { services.radicale = { @@ -22,7 +21,7 @@ in }; services.nginx.virtualHosts = { - "cal.kittywit.ch" = { + "cal.${config.kw.dns.domain}" = { forceSSL = true; enableACME = true; locations."/" = { @@ -36,9 +35,9 @@ in }; }; - deploy.tf.dns.records.kittywitch_cal = { - tld = "kittywit.ch."; + deploy.tf.dns.records.services_radicale = { + tld = config.kw.dns.tld; domain = "cal"; - cname.target = "athame.kittywit.ch."; + cname.target = "${config.networking.hostName}.${config.kw.dns.tld}"; }; } diff --git a/config/services/syncplay.nix b/config/services/syncplay.nix index 7ecc37f7..6935b1d9 100644 --- a/config/services/syncplay.nix +++ b/config/services/syncplay.nix @@ -6,19 +6,27 @@ with lib; users.users.syncplay = { isSystemUser = true; }; users.groups."sync-cert".members = [ "nginx" "syncplay" ]; - security.acme = { certs."sync.kittywit.ch" = { group = "sync-cert"; }; }; + security.acme = { + certs."sync.${config.kw.dns.domain}" = { + group = "sync-cert"; + postRun = '' + cp key.pem privkey.pem + chown acme:voice-cert privkey.pem + ''; + }; + }; kw.fw.public.tcp.ports = singleton 8999; - services.nginx.virtualHosts."sync.kittywit.ch" = { + services.nginx.virtualHosts."sync.${config.kw.dns.domain}" = { enableACME = true; forceSSL = true; }; - deploy.tf.dns.records.kittywitch_sync = { - tld = "kittywit.ch."; + deploy.tf.dns.records.services_syncplay = { + tld = config.kw.dns.tld; domain = "sync"; - cname.target = "athame.kittywit.ch."; + cname.target = "${config.networking.hostName}.${config.kw.dns.tld}"; }; deploy.tf.variables.syncplay_pass = { @@ -48,13 +56,9 @@ with lib; serviceConfig = { EnvironmentFile = config.secrets.files.syncplay-env.path; ExecStart = - "${pkgs.syncplay}/bin/syncplay-server --port 8999 --tls /var/lib/acme/sync.kittywit.ch/ --disable-ready"; + "${pkgs.syncplay}/bin/syncplay-server --port 8999 --tls /var/lib/acme/sync.${config.kw.dns.domain}/ --disable-ready"; User = "syncplay"; Group = "sync-cert"; }; }; - - security.acme.certs."sync.kittywit.ch".postRun = '' - cp key.pem privkey.pem - chown acme:voice-cert privkey.pem''; } diff --git a/config/services/vaultwarden.nix b/config/services/vaultwarden.nix index e7668f2b..3ec0eb87 100644 --- a/config/services/vaultwarden.nix +++ b/config/services/vaultwarden.nix @@ -19,12 +19,12 @@ rocketPort = 4000; websocketEnabled = true; signupsAllowed = false; - domain = "https://vault.kittywit.ch"; + domain = "https://vault.${config.kw.dns.domain}"; databaseUrl = "postgresql://bitwarden_rs@/bitwarden_rs"; }; }; - services.nginx.virtualHosts."vault.kittywit.ch" = { + services.nginx.virtualHosts."vault.${config.kw.dns.domain}" = { enableACME = true; forceSSL = true; locations = { @@ -34,9 +34,9 @@ }; }; - deploy.tf.dns.records.kittywitch_vault = { - tld = "kittywit.ch."; + deploy.tf.dns.records.services_vaultwarden = { + tld = config.kw.dns.tld; domain = "vault"; - cname.target = "athame.kittywit.ch."; + cname.target = "${config.networking.hostName}.${config.kw.dns.tld}"; }; } diff --git a/config/services/weechat.nix b/config/services/weechat.nix index 35b02b82..8cb6ca77 100644 --- a/config/services/weechat.nix +++ b/config/services/weechat.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { - services.nginx.virtualHosts."irc.kittywit.ch" = { + services.nginx.virtualHosts."irc.${config.kw.dns.domain}" = { enableACME = true; forceSSL = true; locations = { @@ -13,9 +13,9 @@ }; }; - deploy.tf.dns.records.kittywitch_irc = { - tld = "kittywit.ch."; + deploy.tf.dns.records.services_weechat = { + tld = config.kw.dns.tld; domain = "irc"; - cname.target = "athame.kittywit.ch."; + cname.target = "${config.networking.hostName}.${config.kw.dns.tld}"; }; } diff --git a/config/services/xmpp.nix b/config/services/xmpp.nix index 76b5dab5..8273e995 100644 --- a/config/services/xmpp.nix +++ b/config/services/xmpp.nix @@ -13,12 +13,11 @@ with lib; }]; }; - services.prosody = { enable = true; ssl.cert = "/var/lib/acme/prosody/fullchain.pem"; ssl.key = "/var/lib/acme/prosody/key.pem"; - admins = [ "kat@kittywit.ch" ]; + admins = singleton "kat@kittywit.ch"; package = let package = pkgs.prosody.override (old: { @@ -36,54 +35,53 @@ with lib; } ''; virtualHosts = { - "xmpp.kittywit.ch" = { - domain = "kittywit.ch"; + "xmpp.${config.kw.dns.domain}" = { + domain = config.kw.dns.domain; enabled = true; ssl.cert = "/var/lib/acme/prosody/fullchain.pem"; ssl.key = "/var/lib/acme/prosody/key.pem"; }; }; - muc = [{ domain = "conference.kittywit.ch"; }]; - uploadHttp = { domain = "upload.kittywit.ch"; }; + muc = [{ domain = "conference.${config.kw.dns.domain}"; }]; + uploadHttp = { domain = "upload.${config.kw.dns.domain}"; }; }; security.acme.certs.prosody = { - domain = "xmpp.kittywit.ch"; + domain = "xmpp.${config.kw.dns.domain}"; group = "prosody"; dnsProvider = "rfc2136"; credentialsFile = config.secrets.files.dns_creds.path; postRun = "systemctl restart prosody"; extraDomainNames = - [ "kittywit.ch" "upload.kittywit.ch" "conference.kittywit.ch" ]; + [ config.kw.dns.domain "upload.${config.kw.dns.domain}" "conference.${config.kw.dns.domain}" ]; }; - deploy.tf.dns.records.kittywitch_xmpp = { - tld = "kittywit.ch."; + deploy.tf.dns.records.services_prosody_xmpp = { + tld = config.kw.dns.tld; domain = "xmpp"; - a.address = "168.119.126.111"; + a.address = config.kw.dns.ipv4; }; - deploy.tf.dns.records.kittywitch_xmpp_v6 = { - tld = "kittywit.ch."; + deploy.tf.dns.records.services_prosody_xmpp_v6 = { + tld = config.kw.dns.tld; domain = "xmpp"; - aaaa.address = - (lib.head config.networking.interfaces.enp1s0.ipv6.addresses).address; + aaaa.address = config.kw.dns.ipv6; }; - deploy.tf.dns.records.kittywitch_upload = { - tld = "kittywit.ch."; + deploy.tf.dns.records.services_prosody_upload = { + tld = config.kw.dns.tld; domain = "upload"; - cname.target = "xmpp.kittywit.ch."; + cname.target = "xmpp.${config.kw.dns.tld}"; }; - deploy.tf.dns.records.kittywitch_conference = { - tld = "kittywit.ch."; + deploy.tf.dns.records.services_prosody_conference = { + tld = config.kw.dns.tld; domain = "conference"; - cname.target = "xmpp.kittywit.ch."; + cname.target = "xmpp.${config.kw.dns.tld}"; }; - deploy.tf.dns.records.kittywitch_xmpp_muc = { - tld = "kittywit.ch."; + deploy.tf.dns.records.services_prosody_muc = { + tld = config.kw.dns.tld; domain = "conference"; srv = { service = "xmpp-server"; @@ -91,12 +89,12 @@ with lib; priority = 0; weight = 5; port = 5269; - target = "xmpp.kittywit.ch."; + target = "xmpp.${config.kw.dns.tld}"; }; }; - deploy.tf.dns.records.kittywitch_xmpp_client = { - tld = "kittywit.ch."; + deploy.tf.dns.records.services_prosody_client_srv = { + tld = config.kw.dns.tld; domain = "@"; srv = { service = "xmpp-client"; @@ -104,12 +102,12 @@ with lib; priority = 0; weight = 5; port = 5222; - target = "xmpp.kittywit.ch."; + target = "xmpp.${config.kw.dns.tld}"; }; }; - deploy.tf.dns.records.kittywitch_xmpps_client = { - tld = "kittywit.ch."; + deploy.tf.dns.records.services_prosody_secure_client_srv = { + tld = config.kw.dns.tld; domain = "@"; srv = { service = "xmpps-client"; @@ -117,12 +115,12 @@ with lib; priority = 0; weight = 5; port = 5223; - target = "xmpp.kittywit.ch."; + target = "xmpp.${config.kw.dns.tld}"; }; }; - deploy.tf.dns.records.kittywitch_xmpp_server = { - tld = "kittywit.ch."; + deploy.tf.dns.records.services_prosody_server_srv = { + tld = config.kw.dns.tld; domain = "@"; srv = { service = "xmpp-server"; @@ -130,20 +128,21 @@ with lib; priority = 0; weight = 5; port = 5269; - target = "xmpp.kittywit.ch."; + target = "xmpp.${config.kw.dns.tld}"; }; }; services.nginx.virtualHosts = { - "upload.kittywit.ch" = { + "upload.${config.kw.dns.domain}" = { useACMEHost = "prosody"; forceSSL = true; }; - "conference.kittywit.ch" = { + "conference.${config.kw.dns.domain}" = { useACMEHost = "prosody"; forceSSL = true; }; }; + users.users.nginx.extraGroups = [ "prosody" ]; } diff --git a/config/users/kairi/gui/firefox/default.nix b/config/users/kairi/gui/firefox/default.nix index d97933fb..3f755681 100644 --- a/config/users/kairi/gui/firefox/default.nix +++ b/config/users/kairi/gui/firefox/default.nix @@ -31,7 +31,6 @@ in decentraleyes foxyproxy-standard clearurls - bypass-paywalls df-youtube https-everywhere old-reddit-redirect diff --git a/config/users/kat/base.nix b/config/users/kat/base.nix index a1b84b3a..7caacdc3 100644 --- a/config/users/kat/base.nix +++ b/config/users/kat/base.nix @@ -2,7 +2,7 @@ { home-manager.users.kat = { - imports = [ ./base ]; + imports = [ ./base ] ++ lib.optional (builtins.pathExists ../../trusted/users/kat) (import ../../trusted/users/kat); home.stateVersion = "20.09"; }; diff --git a/config/users/kat/base/vim/vimrc.nix b/config/users/kat/base/vim/vimrc.nix index 09595661..18c0b5ad 100644 --- a/config/users/kat/base/vim/vimrc.nix +++ b/config/users/kat/base/vim/vimrc.nix @@ -197,7 +197,7 @@ " Resume latest coc list. nnoremap p :CocListResume -'' + (if config.deploy.profile.sway then '' +'' + (if config.wayland.windowManager.sway.enable then '' noremap "+y y:call system("wl-copy", @") nnoremap "+p :let @"=substitute(system("wl-paste --no-newline"), '', ''', 'g')p nnoremap "*p :let @"=substitute(system("wl-paste --no-newline --primary"), '', ''', 'g')p diff --git a/config/users/kat/gui/default.nix b/config/users/kat/gui/default.nix index 989e0da0..a63b8526 100644 --- a/config/users/kat/gui/default.nix +++ b/config/users/kat/gui/default.nix @@ -1,9 +1,5 @@ { config, ... }: { - deploy.profile.gui = true; - - imports = [ ./firefox ./packages.nix ./gtk.nix ./wezterm.nix ./foot.nix ./xdg.nix ./ranger.nix ]; - - fonts.fontconfig.enable = true; + imports = [ ./firefox ./packages.nix ./gtk.nix ./foot.nix ./xdg.nix ./ranger.nix ./fonts.nix ]; } diff --git a/config/users/kat/gui/fonts.nix b/config/users/kat/gui/fonts.nix new file mode 100644 index 00000000..78e03277 --- /dev/null +++ b/config/users/kat/gui/fonts.nix @@ -0,0 +1,5 @@ +{ config, ... }: + +{ + fonts.fontconfig.enable = true; +} diff --git a/config/users/kat/gui/foot.nix b/config/users/kat/gui/foot.nix index 0d691aff..09212af1 100644 --- a/config/users/kat/gui/foot.nix +++ b/config/users/kat/gui/foot.nix @@ -13,10 +13,10 @@ in { settings = { main = { term = "xterm-256color"; - font = "Cozette:size=9, Twitter Color Emoji:size=8"; - font-bold = "Cozette:size=9:style=Bold"; - font-italic = "Cozette:size=9:style=Italic"; - font-bold-italic = "Cozette:size=9:style=Bold Italic"; + font = "${config.kw.font.name}:size=${toString config.kw.font.size}, Twitter Color Emoji:size=8"; + font-bold = "${config.kw.font.name}:size=${toString config.kw.font.size}:style=Bold"; + font-italic = "${config.kw.font.name}:size=${toString config.kw.font.size}:style=Italic"; + font-bold-italic = "${config.kw.font.name}:size=${toString config.kw.font.size}:style=Bold Italic"; dpi-aware = "no"; }; colors = { diff --git a/config/users/kat/gui/kitty.nix b/config/users/kat/gui/kitty.nix deleted file mode 100644 index db87ef99..00000000 --- a/config/users/kat/gui/kitty.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, lib, pkgs, witch, ... }: - -let - witch.style.base16 = lib.mapAttrs' (k: v: lib.nameValuePair k "#${v.hex.rgb}") - config.lib.arc.base16.schemeForAlias.default; - witch.style.font = { - name = "Iosevka Nerd Font"; - size = "10"; - size_css = "14px"; - }; -in - { - wayland.windowManager.sway.extraSessionCommands = '' - export KITTY_CACHE_DIRECTORY="/tmp/kitty"; - ''; - programs.kitty = { - enable = true; - font.name = witch.style.font.name; - settings = { - font_size = witch.style.font.size; - # background = witch.style.base16.color0; - background_opacity = "0.9"; - # foreground = witch.style.base16.color7; - # selection_background = witch.style.base16.color7; - # selection_foreground = witch.style.base16.color0; - # url_color = witch.style.base16.color3; - # cursor = witch.style.base16.color7; - # active_border_color = "#75715e"; - # active_tab_background = "#9900ff"; - # active_tab_foreground = witch.style.base16.color7; - # inactive_tab_background = "#3a3a3a"; - # inactive_tab_foreground = "#665577"; - }; # // witch.style.base16; - }; -} diff --git a/config/users/kat/gui/wezterm.nix b/config/users/kat/gui/wezterm.nix deleted file mode 100644 index a9a8bfca..00000000 --- a/config/users/kat/gui/wezterm.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - witch.style.base16 = lib.mapAttrs' (k: v: lib.nameValuePair k "#${v.hex.rgb}") - config.lib.arc.base16.schemeForAlias.default; - colors.ansi = builtins.concatStringsSep ", " (map (c: ''"#${c.hex.rgb}"'') (sublist 0 8 config.lib.arc.base16.schemeForAlias.default.shell.colours)); - colors.brights = builtins.concatStringsSep ", " (map (c: ''"#${c.hex.rgb}"'') (sublist 8 8 config.lib.arc.base16.schemeForAlias.default.shell.colours)); -in { - home.packages = [ - pkgs.wezterm - ]; - - xdg.configFile."wezterm/wezterm.lua".text = '' - local wezterm = require 'wezterm'; - - return { - term = "wezterm", - font = wezterm.font_with_fallback({"Iosevka Term","Twitter Color Emoji"}), - font_size = 9.0, - window_background_opacity = 0.9, - colors = { - ansi = {${colors.ansi}}, - brights = {${colors.brights}}, - background = "${witch.style.base16.base00}", - foreground = "${witch.style.base16.base05}", - tab_bar = { - background = "${witch.style.base16.base00}", - active_tab = { - bg_color = "${witch.style.base16.base0A}", - fg_color = "${witch.style.base16.base05}", - }, - inactive_tab = { - bg_color = "${witch.style.base16.base01}", - fg_color = "${witch.style.base16.base03}", - }, - }, - }, - } - ''; -} diff --git a/config/users/kat/sway/default.nix b/config/users/kat/sway/default.nix index b64c5064..b7b486b5 100644 --- a/config/users/kat/sway/default.nix +++ b/config/users/kat/sway/default.nix @@ -1,8 +1,6 @@ { config, pkgs, ... }: { - deploy.profile.sway = true; - imports = [ ./waybar ./mako.nix diff --git a/config/users/kat/sway/mako.nix b/config/users/kat/sway/mako.nix index 1f3fc07b..6ab09451 100644 --- a/config/users/kat/sway/mako.nix +++ b/config/users/kat/sway/mako.nix @@ -3,11 +3,6 @@ let base16 = lib.mapAttrs' (k: v: lib.nameValuePair k "#${v.hex.rgb}") config.lib.arc.base16.schemeForAlias.default; - font = { - name = "Iosevka Nerd Font"; - size = "10"; - size_css = "14px"; - }; in { systemd.user.services = { @@ -27,9 +22,10 @@ in programs.mako = { enable = true; + font = "${config.kw.font.name} ${toString config.kw.font.size}"; defaultTimeout = 3000; borderColor = base16.base08; - backgroundColor = "${base16.base00}CC"; + backgroundColor = lib.hextorgba base16.base00 0.75; textColor = base16.base05; }; } diff --git a/config/users/kat/sway/sway.nix b/config/users/kat/sway/sway.nix index b19033c7..818b389a 100644 --- a/config/users/kat/sway/sway.nix +++ b/config/users/kat/sway/sway.nix @@ -3,11 +3,6 @@ let base16 = lib.mapAttrs' (k: v: lib.nameValuePair k "#${v.hex.rgb}") config.lib.arc.base16.schemeForAlias.default; - font = { - name = "Cozette"; - size = 9.0; - size_css = "12px"; - }; footwrap = pkgs.writeShellScriptBin "footwrap" '' exec foot "$2" ''; @@ -38,10 +33,10 @@ xkb_symbols "basic" { } window { - font-family: ${font.name}; + font-family: ${config.kw.font.name}; background: ${lib.hextorgba base16.base00 0.75}; border-radius: 1em; - font-size: ${font.size_css}; + font-size: ${config.kw.font.size_css}; color: ${base16.base07}; } @@ -70,6 +65,8 @@ xkb_symbols "basic" { } ''; + kw.wallpapers = [ ./wallpapers/left.jpg ./wallpapers/main.png ./wallpapers/right.jpg ]; + home.packages = with pkgs; [ grim slurp wl-clipboard jq quintom-cursor-theme gsettings-desktop-schemas glib wofi ]; services.i3gopher = { enable = true; }; @@ -145,9 +142,9 @@ xkb_symbols "basic" { }; }; fonts = { - names = [ font.name ]; + names = [ config.kw.font.name ]; style = "Medium"; - size = font.size; + size = config.kw.font.size; }; terminal = "${pkgs.foot}/bin/foot"; # TODO: replace with wofi diff --git a/config/users/kat/sway/waybar/default.nix b/config/users/kat/sway/waybar/default.nix index a7cbd91a..9b3d03fa 100644 --- a/config/users/kat/sway/waybar/default.nix +++ b/config/users/kat/sway/waybar/default.nix @@ -2,20 +2,15 @@ let base16 = lib.mapAttrs' (k: v: lib.nameValuePair k "#${v.hex.rgb}") - config.lib.arc.base16.schemeForAlias.default; - font = { - name = "Cozette"; - size = "10"; - size_css = "12px"; - }; + config.lib.arc.base16.schemeForAlias.default; in -{ - config = lib.mkIf config.deploy.profile.sway { + { programs.waybar = { enable = true; style = import ./waybar.css.nix { - inherit font base16; + inherit base16; inherit (lib) hextorgba; + font = config.kw.font; }; settings = [{ modules-left = [ "sway/workspaces" "sway/mode" "sway/window" ]; @@ -128,5 +123,4 @@ in }; }]; }; - }; -} + } diff --git a/default.nix b/default.nix index 21aeee70..9216da80 100644 --- a/default.nix +++ b/default.nix @@ -35,8 +35,8 @@ let ./config/hosts/beltane/meta.nix ./config/hosts/samhain/meta.nix ./config/hosts/yule/meta.nix - ./config/hosts/mabon/meta.nix - ./config/hosts/ostara/meta.nix +# ./config/hosts/mabon/meta.nix +# ./config/hosts/ostara/meta.nix ]; specialArgs = { inherit sources profiles users; @@ -55,4 +55,4 @@ let all = attrValues local; #++ attrValues hexchen; allStr = toString all; }; -in config // { inherit pkgs sourceCache sources; } +in config // { inherit pkgs sourceCache sources profiles; } diff --git a/pkgs/lib/host-import.nix b/pkgs/lib/host-import.nix index 365e311e..88b52d67 100644 --- a/pkgs/lib/host-import.nix +++ b/pkgs/lib/host-import.nix @@ -1,6 +1,6 @@ { lib }: hostName: lib.filter builtins.pathExists [ - (../../config/hosts + "/${hostName}/nixos") - (../../config/trusted/hosts + "/${hostName}/nixos") + (../../config/hosts + "/${hostName}/nixos.nix") + (../../config/trusted/hosts + "/${hostName}/nixos.nix") ../../config/trusted/profile - ../../config/nixos.nix + ../../config/profiles/base ]