diff --git a/home/default.nix b/home/default.nix index 259cfa6c..ac31edc8 100644 --- a/home/default.nix +++ b/home/default.nix @@ -23,6 +23,7 @@ in gui = { imports = with dirImports; [ gui + vscode wezterm firefox konawall diff --git a/home/gui/packages.nix b/home/gui/packages.nix index 7c27d9d5..73f7d445 100644 --- a/home/gui/packages.nix +++ b/home/gui/packages.nix @@ -1,5 +1,4 @@ { config, lib, pkgs, ... }: - { home.packages = with pkgs; [ btop @@ -22,5 +21,6 @@ element-desktop cryptsetup esphome + esptool ]; } diff --git a/home/konawall.nix b/home/konawall.nix index 6d722542..c106cb83 100644 --- a/home/konawall.nix +++ b/home/konawall.nix @@ -13,7 +13,7 @@ commonTags = [ "width:>=1600" ]; tagList = map (lib.toList) [ (["score:>=50" - "touhou" "rating:s"]) #++ optional (nixos.networking.hostName == "koishi") "rating:s") + "rating:s"]) #++ optional (nixos.networking.hostName == "koishi") "rating:s") ]; }; } diff --git a/home/vim/init.lua b/home/vim/init.lua index 1b25e89e..76223bde 100644 --- a/home/vim/init.lua +++ b/home/vim/init.lua @@ -230,22 +230,6 @@ end, { silent = true }) require('nvim-treesitter.configs').setup { -- A list of parser names, or "all" ensure_installed = { - "c", - "lua", - "rust", - "bash", - "css", - "dockerfile", - "go", - "hcl", - "html", - "javascript", - "markdown", - "nix", - "norg", - "python", - "regex", - "scss", }, sync_install = false, diff --git a/home/vscode.nix b/home/vscode.nix new file mode 100644 index 00000000..55f9a9f1 --- /dev/null +++ b/home/vscode.nix @@ -0,0 +1,11 @@ +{ config, lib, pkgs, ... }: { + programs.vscode = { + enable = true; + extensions = with pkgs.vscode-extensions; [ + jnoortheen.nix-ide + ]; + }; + home.packages = with pkgs; [ + rnix-lsp + ]; +} diff --git a/modules/meta/network.nix b/modules/meta/network.nix index 2f6d0306..42f45f1f 100644 --- a/modules/meta/network.nix +++ b/modules/meta/network.nix @@ -167,7 +167,6 @@ with lib; meta.modules.nixos meta.modules.system meta.modules.type - meta.nixos.network meta.system ]; specialArgs = { diff --git a/modules/meta/tailscale.nix b/modules/meta/tailscale.nix index d54c18f4..80f66581 100644 --- a/modules/meta/tailscale.nix +++ b/modules/meta/tailscale.nix @@ -14,6 +14,12 @@ in { ipv6 = mkOption { type = types.str; }; + id = mkOption { + type = types.str; + }; + user = mkOption { + type = types.str; + }; pp = mkOption { type = types.unspecified; default = family: port: "http://${config."ipv${toString family}"}:${toString port}/"; @@ -35,6 +41,8 @@ in { raw = home.resources.tailnet_devices.importAttr "devices"; in mkIf (home.state.enable) (mapListToAttrs (elet: nameValuePair (removeSuffix ".${config.tailnet_uri}" elet.name) { tags = elet.tags; + id = elet.id; + user = elet.user; ipv4 = head (filter (e: hasInfix "." e) elet.addresses); ipv6 = head (filter (e: hasInfix ":" e) elet.addresses); }) raw); diff --git a/nixos/network.nix b/modules/nixos/network.nix similarity index 98% rename from nixos/network.nix rename to modules/nixos/network.nix index ce9fc743..eeb95a94 100644 --- a/nixos/network.nix +++ b/modules/nixos/network.nix @@ -313,6 +313,14 @@ tailnet = "inskip.me"; }; }; + resources.tailnet_device_key = { + provider = "tailscale"; + type = "device_key"; + inputs = { + device_id = meta.tailnet.${config.networking.hostName}.id; + key_expiry_disabled = true; + }; + }; resources.tailnet_key = { provider = "tailscale"; type = "tailnet_key"; diff --git a/modules/nixos/storage.nix b/modules/nixos/storage.nix new file mode 100644 index 00000000..132348bc --- /dev/null +++ b/modules/nixos/storage.nix @@ -0,0 +1,77 @@ +{ config, lib, pkgs, meta, tf, ... }: let + inherit (lib.options) mkOption mkEnableOption; + inherit (lib.modules) mkIf mkMerge; + inherit (lib.attrsets) mapAttrs filterAttrs mapAttrsToList attrValues; + inherit (lib.lists) concatLists; + inherit (lib.types) attrsOf listOf str; + cfg = config.storage; + in { + options.storage = { + enable = mkEnableOption "nixfiles storage primitives"; + replica = mkEnableOption "full replication of our volumes onto a node"; + defaultBrick = mkEnableOption "naively create a default brick for this node"; + bricks = mkOption { + type = attrsOf str; + default = if cfg.defaultBrick then { + default = "/export/default/brick"; + } else {}; + description = "the brick locations used by glusterfs"; + }; + replicas = mkOption { + type = listOf str; + default = let + replicaNodes = filterAttrs (_: node: node.storage.replica) config.network.nodes.nixos; + in concatLists (mapAttrsToList (_: node: map (brick: "${node.networks.tailscale.uqdn}:${brick}" (attrValues node.storage.bricks)) replicaNodes)); + }; + services = mkOption { + type = listOf str; + default = let + filteredServices = removeAttrs config.services [ + "chronos" "beegfs" "beegfsEnable" "bird" + "bird6" "bitwarden_rs" "buildkite-agent" "cgmanager" + "codimd" "couchpotato" "cryptpad" "dd-agent" + "deepin" "dnscrypt-proxy" "flashpolicyd" "dhcpd" + "foldingAtHome" "fourStore" "fourStoreEndpoint" "fprot" + "frab" "geoip-updater" "gogoclient" "hbase" + "iodined" "kippo" "localtime" "mailpile" + "marathon" "mathics" "meguca" "mesos" + "mingetty" "moinmoin" "mwlib" "nixosManual" + "openfire" "openvpn" "osquery" "paperless-ng" + "piwik" "plexpy" "prey" "prometheus2" + "quagga" "racoon" "railcar" "redis" + "riak" "rmilter" "seeks" "shellinabox" + "ssmtp" "venus" "virtuoso" "vmwareGuest" + "wakeonlan" "winstone" "nginx" + ]; + #enabledServices = filterAttrs (_: settings: (settings ? enable) && settings.enable) filteredServices; + enabledServices = filterAttrs (_: service: service ? serviceConfig.RuntimeDirectory) config.systemd.services; + serviceDirs = mapAttrsToList (service: _: service) enabledServices; + in serviceDirs; + }; + }; + config = mkMerge [ + (mkIf cfg.enable { + environment.systemPackages = [ pkgs.glusterfs ]; + + services.glusterfs = { + enable = true; + tlsSettings = { + tlsKeyPath = config.networks.tailscale.key_path; + tlsPem = config.networks.tailscale.cert_path; + }; + }; + + deploy.tf = { + }; + }) + (mkIf cfg.defaultBrick { + system.activationScripts.nixfiles-storage-defaultbrick.text = '' + mkdir -p /export/default/brick + ''; + }) + (mkIf cfg.replica { + deploy.tf = { + }; + }) + ]; +} diff --git a/nixos/base/system.nix b/nixos/base/system.nix index 5f70ab8f..38b173f8 100644 --- a/nixos/base/system.nix +++ b/nixos/base/system.nix @@ -11,6 +11,8 @@ "net.core.wmem_max" = "16777216"; "net.ipv4.tcp_rmem" = "4096 87380 16777216"; "net.ipv4.tcp_wmem" = "4096 65536 16777216"; + "net.ipv4.ip_forward" = "1"; + "net.ipv6.conf.all.forwarding" = "1"; }; services.journald.extraConfig = "SystemMaxUse=512M"; users.mutableUsers = false; diff --git a/nixos/systems/daiyousei.nix b/nixos/systems/daiyousei.nix index 0c6f31c0..ae74fb7c 100644 --- a/nixos/systems/daiyousei.nix +++ b/nixos/systems/daiyousei.nix @@ -2,7 +2,6 @@ imports = with meta; [ hardware.aarch64-linux hardware.oracle.ubuntu - nixos.network home.weechat home.services.weechat services.nginx diff --git a/nixos/systems/koishi.nix b/nixos/systems/koishi.nix index 7546c00a..8b30b19a 100644 --- a/nixos/systems/koishi.nix +++ b/nixos/systems/koishi.nix @@ -4,7 +4,6 @@ hardware.local nixos.gui nixos.light - nixos.network services.nginx home.gui ]; @@ -19,6 +18,7 @@ virtualisation.docker.enable = true; +services.avahi.enable = true; environment.systemPackages = [ pkgs.docker-compose ]; nix.buildMachines = [ { @@ -53,7 +53,7 @@ environment.systemPackages = [ pkgs.docker-compose ]; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; boot = { - supportedFilesystems = [ "xfs" "zfs" ]; + supportedFilesystems = [ "xfs" ]; initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/f0ea08b4-6af7-4d90-a2ad-edd5672a2105"; loader = { efi = { diff --git a/nixos/systems/marisa.nix b/nixos/systems/marisa.nix index 6189285f..0bf579c5 100644 --- a/nixos/systems/marisa.nix +++ b/nixos/systems/marisa.nix @@ -2,7 +2,6 @@ imports = with meta; [ (modulesPath + "/profiles/qemu-guest.nix") hardware.manual - nixos.network services.nginx services.access services.irlsite diff --git a/nixos/systems/rinnosuke.nix b/nixos/systems/rinnosuke.nix index 1caa86fa..e606a772 100644 --- a/nixos/systems/rinnosuke.nix +++ b/nixos/systems/rinnosuke.nix @@ -1,7 +1,6 @@ { config, tf, meta, nixfiles, pkgs, lib, ... }: with lib; { imports = with meta; [ hardware.oracle.ubuntu - nixos.network services.nginx services.knot ]; diff --git a/nixos/systems/tewi/home-assistant.nix b/nixos/systems/tewi/home-assistant.nix index b4fec60d..819edcd1 100644 --- a/nixos/systems/tewi/home-assistant.nix +++ b/nixos/systems/tewi/home-assistant.nix @@ -66,7 +66,6 @@ in { field = "mpd"; }; - secrets.files.home-assistant-secrets = { text = let espresenceDevices = { @@ -80,7 +79,7 @@ in { longitude = tf.variables.longitude.ref; elevation = tf.variables.elevation.ref; mpd-shanghai-password = tf.variables.mpd-shanghai-password.ref; - } // mapAttrs' (key: device_id: + } // espresenceDevices // mapAttrs' (key: device_id: nameValuePair "${key}-topic" "espresense/devices/${device_id}" ) espresenceDevices); owner = "hass"; @@ -320,13 +319,14 @@ in { (mkESPresenceBeacon { device_id = "!secret tile-kat-keys"; state_topic = "!secret tile-kat-keys-topic"; - name = "Knife"; + name = "Girlwife"; }) ]; }; extraPackages = python3Packages: with python3Packages; [ psycopg2 aiohomekit + pkgs.withings-api securetar getmac # for upnp integration (aiogithubapi.overrideAttrs (_: { doInstallCheck = false; })) diff --git a/nixos/systems/tewi/nixos.nix b/nixos/systems/tewi/nixos.nix index ef2d69c1..daeb8813 100644 --- a/nixos/systems/tewi/nixos.nix +++ b/nixos/systems/tewi/nixos.nix @@ -4,7 +4,6 @@ imports = with meta; [ (modulesPath + "/installer/scan/not-detected.nix") hardware.local - nixos.network nixos.arc services.cockroachdb services.minio diff --git a/nixos/systems/tewi/zigbee2mqtt.nix b/nixos/systems/tewi/zigbee2mqtt.nix index 0f3eec12..7b248ce8 100644 --- a/nixos/systems/tewi/zigbee2mqtt.nix +++ b/nixos/systems/tewi/zigbee2mqtt.nix @@ -28,6 +28,8 @@ group = "zigbee2mqtt"; }; + users.groups.input.members = [ "zigbee2mqtt" ]; + services.zigbee2mqtt = { enable = true; settings = { @@ -46,9 +48,8 @@ port = 8072; }; serial = { - port = "/dev/serial/by-id/usb-Silicon_Labs_Sonoff_Zigbee_3.0_USB_Dongle_Plus_0001-if00-port0"; + port = "/dev/ttyUSB0"; }; - }; }; diff --git a/nixos/systems/yukari.nix b/nixos/systems/yukari.nix index 095d757b..b5472415 100644 --- a/nixos/systems/yukari.nix +++ b/nixos/systems/yukari.nix @@ -2,7 +2,6 @@ imports = with meta; [ hardware.rm-310 hardware.local - nixos.network nixos.arc services.ha services.nextcloud diff --git a/overlays/local/default.nix b/overlays/local/default.nix index 47e5af3c..b1c2ef20 100644 --- a/overlays/local/default.nix +++ b/overlays/local/default.nix @@ -1,4 +1,6 @@ final: prev: { + requests-oauth = final.python3Packages.callPackage ./requests-oauth.nix { }; + withings-api = final.python3Packages.callPackage ./withings-api.nix { }; irlsite = final.callPackage ./irlsite.nix { }; vips = prev.vips.override { libjxl = null; }; yabai = final.callPackage ./yabai.nix { }; diff --git a/overlays/local/requests-oauth.nix b/overlays/local/requests-oauth.nix new file mode 100644 index 00000000..0497c2e5 --- /dev/null +++ b/overlays/local/requests-oauth.nix @@ -0,0 +1,32 @@ +{ lib +, buildPythonPackage +, pythonOlder +, fetchPypi +, requests +}: + +buildPythonPackage rec { + pname = "requests-oauth"; + version = "0.4.1"; + format = "setuptools"; + + disabled = pythonOlder "3.6"; + + src = fetchPypi { + inherit pname version; + sha256 = "sha256-nBsHOJZ+8cD28Osf8JpwAEmc0HpgnqjxdwtRW5U69pI="; + }; + + propagatedBuildInputs = [ + requests + ]; + + doCheck = false; # disabled due to Python 2 tests (?) - missing parenthesis + + meta = { + description = " Python's Requests OAuth (Open Authentication) plugin"; + homepage = "https://github.com/maraujop/requests-oauth"; + license = lib.licenses.bsd3; + maintainers = with lib.maintainers; [ kittywitch ]; + }; +} diff --git a/overlays/local/withings-api.nix b/overlays/local/withings-api.nix new file mode 100644 index 00000000..320db805 --- /dev/null +++ b/overlays/local/withings-api.nix @@ -0,0 +1,41 @@ +{ lib +, buildPythonPackage +, pythonOlder +, fetchPypi +, poetry +, arrow +, requests-oauth +, requests-oauthlib +, typing-extensions +, pydantic +}: + +buildPythonPackage rec { + pname = "withings-api"; + version = "2.4.0"; + format = "pyproject"; + + disabled = pythonOlder "3.6"; + + src = fetchPypi { + pname = "withings_api"; # source and whl distribution use _ instead of - + inherit version; + sha256 = "sha256-vQ6MKeD4g4QTkXx638FW53mTkx78af7NQXF00kxgM10="; + }; + + propagatedBuildInputs = [ + poetry + arrow + requests-oauth + requests-oauthlib + typing-extensions + pydantic + ]; + + meta = { + description = "Library for the Withings Health API"; + homepage = "https://github.com/vangorra/python_withings_api"; + license = lib.licenses.mit; + maintainers = with lib.maintainers; [ kittywitch ]; + }; +} diff --git a/tf b/tf index 5ce8affe..ef3c9266 160000 --- a/tf +++ b/tf @@ -1 +1 @@ -Subproject commit 5ce8affee5346b7ab4d89060ea398212f9ca4630 +Subproject commit ef3c926623860647b4a3f9e28c22863bceaa0838