gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

Repo-wide reformat. Remove some unused. README updates.

Browse source
This commit is contained in:
kat witch 2021-08-28 22:08:52 +01:00
parent 21880fc3c5
commit 8788d1111b
No known key found for this signature in database
GPG key ID: 1B477797DCA5EC72
18 changed files with 495 additions and 391 deletions
Download patch file Download diff file Expand all files Collapse all files

43
README.md
View file

@ -2,7 +2,48 @@
[![nodes](https://github.com/kittywitch/nixfiles/actions/workflows/nodes.yml/badge.svg)](https://github.com/kittywitch/nixfiles/actions/workflows/nodes.yml) [![nodes](https://github.com/kittywitch/nixfiles/actions/workflows/nodes.yml/badge.svg)](https://github.com/kittywitch/nixfiles/actions/workflows/nodes.yml)
These are the NixOS configurations for my systems. I run nothing but NixOS on my hardware, aside from virtual machines. These are the NixOS configurations for my systems. I run nothing other than NixOS on my hardware, aside from virtual machines.
## Contents
* [Nodes](#nodes)
* [Profiles](#profiles)
* [User Profiles](#user-profiles)
* [CI](#ci)
* [Dependencies](#dependencies)
* [Commands](#commands)
## Nodes
| Node | Purpose |
| --- | --- |
| [athame](config/hosts/athame) | Currently the main server. Ad-hoc hetzner cloud box. |
| [rinnosuke](config/hosts/rinnosuke) | Intended to be a nameserver. Provisioned OCI EPYC box. |
| [beltane](config/hosts/beltane) | Home server. |
| [samhain](config/hosts/samhain) | Beloved workstation. Does VFIO. |
| [yule](config/hosts/yule) | Main laptop. |
| [ostara](config/hosts/ostara) | CCTV netbook. |
## Profiles
| Profile | Purpose |
| --- | --- |
| [base](config/profiles/base) | Base profile, always used. Root access, base16, home-manager, locale, network module, nix, packages, profiles, secrets, shell and sysctl configuration. |
| [gui](config/profiles/gui) | GUI profile. Provides window managers, [DNSCrypt/dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy), filesystem packages, font, NixOS-side GPG, mingetty, NFS, QT, sound (pipewire) and XDG portal configuration. |
| [vfio](config/profiles/vfio) | Provides host-unspecific VFIO. Fancy patched QEMU from [arcnmx/nixexprs](https://github.com/arcnmx/nixexprs), [arcnmx/screenstub](https://github.com/arcnmx/screenstub) (however, patched in-repo for Q35), AMDGPU vendor-reset and ACS override. |
| [hardware](config/profiles/hardware) | Sub-profiles for my hardware are provided here. Some are reusable. |
## User Profiles
| Profile | Purpose |
| --- | --- |
| [base](config/users/kat/base) | base16, git, inputrc, packages, pass, rink, secrets, SSH, tmux, weechat, vim, xdg and zsh configuration. |
| [dev](config/users/kat/dev) | cookiecutters, doom-emacs (although unused, forced to use PgtkGcc all fancily :3c), packages, rustfmt and (heavier on the node) vim configuration. |
| [gui](config/users/kat/gui) | firefox+userChrome+tst, font, [dnkl/foot](https://codeberg.org/dnkl/foot) terminal, GTK, packages, QT, ranger and xdg configuration. |
| [media](config/users/kat/media) | mpv, obs, packages and syncplay configuration. |
| [personal](config/users/kat/personal) | email (notmuch), home-manager-side GPG, weechat and zsh configuration. |
| [services](config/users/kat/services) | User services. weechat and mpd are provided. |
| [sway](config/users/kat/sway) | sway, i3gopher, swayidle, swaylock-effects, screenshot tool, konawall, mako, wofi, waybar and xkb (custom layout o:) configuration. |
## CI ## CI

292
config/hosts/rinnosuke/nixos.nix
View file

@ -1,17 +1,20 @@
{ config, tf, meta, kw, pkgs, lib, sources, ... }: with lib; let { config, tf, meta, kw, pkgs, lib, sources, ... }: with lib; let
oci-root = meta.deploy.targets.oci-root.tf; oci-root = meta.deploy.targets.oci-root.tf;
in { in
{
imports = (with (import (sources.tf-nix + "/modules")); [ imports = (with (import (sources.tf-nix + "/modules")); [
nixos.ubuntu-linux nixos.ubuntu-linux
nixos.oracle nixos.oracle
]) ++ (with meta; [ services.nginx ]); ]) ++ (with meta; [ services.nginx ]);
services.nginx.virtualHosts = let services.nginx.virtualHosts =
splashy = pkgs.host-splash-site config.networking.hostName; let
in kw.virtualHostGen { splashy = pkgs.host-splash-site config.networking.hostName;
networkFilter = [ "public" ]; in
block.locations."/" = { root = splashy; }; kw.virtualHostGen {
}; networkFilter = [ "public" ];
block.locations."/" = { root = splashy; };
};
networking = { networking = {
hostName = "rinnosuke"; hostName = "rinnosuke";
@ -26,147 +29,156 @@ in {
}; };
}; };
deploy.tf = let deploy.tf =
compartment_id = oci-root.resources.oci_kw_compartment.importAttr "id"; let
inherit (tf.lib.tf) terraformExpr; compartment_id = oci-root.resources.oci_kw_compartment.importAttr "id";
in { inherit (tf.lib.tf) terraformExpr;
deploy.systems.rinnosuke = { in
lustrate = { {
enable = true; deploy.systems.rinnosuke = {
connection = tf.resources.rinnosuke.connection.set; lustrate = {
}; enable = true;
connection = { connection = tf.resources.rinnosuke.connection.set;
port = 62954;
};
};
providers.oci = {
inputs = {
tenancy_ocid = oci-root.outputs.oci_tenancy.import;
user_ocid = oci-root.resources.oci_kw_user.importAttr "id";
fingerprint = oci-root.resources.oci_kw_apikey.importAttr "fingerprint";
region = oci-root.outputs.oci_region.import;
private_key_path = oci-root.resources.oci_kw_key_file.importAttr "filename";
};
};
resources = mkMerge [ {
cloudinit = {
provider = "cloudinit";
type = "config";
dataSource = true;
inputs = {
part = singleton {
content_type = "text/cloud-config";
content = "#cloud-config\n" + builtins.toJSON {
disable_root = false;
};
};
}; };
};
availability_domain = {
provider = "oci";
type = "identity_availability_domain";
dataSource = true;
inputs = {
inherit compartment_id;
ad_number = 2;
};
};
generic_image = {
provider = "oci";
type = "core_images";
dataSource = true;
inputs = {
inherit compartment_id;
inherit (tf.resources.rinnosuke.inputs) shape;
operating_system = "Canonical Ubuntu"; # "Oracle Linux"
sort_by = "TIMECREATED";
sort_order = "DESC";
};
};
rinnosuke = {
provider = "oci";
type = "core_instance";
inputs = {
inherit compartment_id;
extended_metadata = { };
metadata = {
ssh_authorized_keys = concatStringsSep "\n" config.users.users.root.openssh.authorizedKeys.keys;
user_data = tf.resources.cloudinit.refAttr "rendered";
};
shape = "VM.Standard.E2.1.Micro";
shape_config = {
memory_in_gbs = 1;
ocpus = 1;
};
source_details = {
source_type = "image";
source_id = tf.resources.generic_image.refAttr "images[0].id";
boot_volume_size_in_gbs = 50; # min 50GB, up to 200GB free
};
create_vnic_details = [
{
assign_public_ip = true;
subnet_id = oci-root.resources.oci_kw_subnet.importAttr "id";
private_ip = terraformExpr ''cidrhost("${oci-root.resources.oci_kw_subnet.importAttr "cidr_block"}", 3)'';
nsg_ids = [
(tf.resources.firewall_group.refAttr "id")
];
}
];
availability_domain = tf.resources.availability_domain.refAttr "name";
};
lifecycle.ignoreChanges = [
"source_details[0].source_id"
];
connection = { connection = {
type = "ssh"; port = 62954;
user = "root";
host = tf.lib.tf.terraformSelf "public_ip";
timeout = "5m";
}; };
}; };
firewall_group = { providers.oci = {
provider = "oci";
type = "core_network_security_group";
inputs = { inputs = {
display_name = "${config.networking.hostName} firewall group"; tenancy_ocid = oci-root.outputs.oci_tenancy.import;
inherit compartment_id; user_ocid = oci-root.resources.oci_kw_user.importAttr "id";
vcn_id = oci-root.resources.oci_vcn.importAttr "id"; fingerprint = oci-root.resources.oci_kw_apikey.importAttr "fingerprint";
region = oci-root.outputs.oci_region.import;
private_key_path = oci-root.resources.oci_kw_key_file.importAttr "filename";
}; };
}; };
} (let resources = mkMerge [{
protoValues = { cloudinit = {
TCP = 6; provider = "cloudinit";
UDP = 17; type = "config";
}; dataSource = true;
inherit (config.networking) firewall; inputs = {
ipv4 = "0.0.0.0/0"; part = singleton {
ipv6 = "::/0"; content_type = "text/cloud-config";
mapPort = source: protocol: port: { content = "#cloud-config\n" + builtins.toJSON {
provider = "oci"; disable_root = false;
type = "core_network_security_group_security_rule"; };
inputs = {
network_security_group_id = tf.resources.firewall_group.refAttr "id";
inherit protocol source;
direction = "INGRESS";
${if protocol == protoValues.TCP then "tcp_options" else "udp_options"} = {
destination_port_range = if isAttrs port then {
min = port.from;
max = port.to;
} else {
min = port;
max = port;
}; };
}; };
}; };
}; availability_domain = {
mapAll = protocol: port: [ (mapPort ipv4 protocol port) (mapPort ipv6 protocol port) ]; provider = "oci";
mapAllForInterface = let type = "identity_availability_domain";
protos = [ "TCP" "UDP" ]; dataSource = true;
types = [ "Ports" "PortRanges" ]; inputs = {
in interface: concatMap (type: concatMap (proto: (concatMap (port: (mapAll protoValues.${proto}) port) interface."allowed${proto}${type}")) protos ) types; inherit compartment_id;
rules = concatMap mapAllForInterface ([ firewall ] ++ map (interface: firewall.interfaces.${interface}) config.network.firewall.public.interfaces); ad_number = 2;
# TODO: use `count` and index into a fancy json or something? };
in listToAttrs (imap0 (i: rule: nameValuePair "firewall${toString i}" rule) rules)) ]; };
}; generic_image = {
provider = "oci";
type = "core_images";
dataSource = true;
inputs = {
inherit compartment_id;
inherit (tf.resources.rinnosuke.inputs) shape;
operating_system = "Canonical Ubuntu"; # "Oracle Linux"
sort_by = "TIMECREATED";
sort_order = "DESC";
};
};
rinnosuke = {
provider = "oci";
type = "core_instance";
inputs = {
inherit compartment_id;
extended_metadata = { };
metadata = {
ssh_authorized_keys = concatStringsSep "\n" config.users.users.root.openssh.authorizedKeys.keys;
user_data = tf.resources.cloudinit.refAttr "rendered";
};
shape = "VM.Standard.E2.1.Micro";
shape_config = {
memory_in_gbs = 1;
ocpus = 1;
};
source_details = {
source_type = "image";
source_id = tf.resources.generic_image.refAttr "images[0].id";
boot_volume_size_in_gbs = 50; # min 50GB, up to 200GB free
};
create_vnic_details = [
{
assign_public_ip = true;
subnet_id = oci-root.resources.oci_kw_subnet.importAttr "id";
private_ip = terraformExpr ''cidrhost("${oci-root.resources.oci_kw_subnet.importAttr "cidr_block"}", 3)'';
nsg_ids = [
(tf.resources.firewall_group.refAttr "id")
];
}
];
availability_domain = tf.resources.availability_domain.refAttr "name";
};
lifecycle.ignoreChanges = [
"source_details[0].source_id"
];
connection = {
type = "ssh";
user = "root";
host = tf.lib.tf.terraformSelf "public_ip";
timeout = "5m";
};
};
firewall_group = {
provider = "oci";
type = "core_network_security_group";
inputs = {
display_name = "${config.networking.hostName} firewall group";
inherit compartment_id;
vcn_id = oci-root.resources.oci_vcn.importAttr "id";
};
};
}
(
let
protoValues = {
TCP = 6;
UDP = 17;
};
inherit (config.networking) firewall;
ipv4 = "0.0.0.0/0";
ipv6 = "::/0";
mapPort = source: protocol: port: {
provider = "oci";
type = "core_network_security_group_security_rule";
inputs = {
network_security_group_id = tf.resources.firewall_group.refAttr "id";
inherit protocol source;
direction = "INGRESS";
${if protocol == protoValues.TCP then "tcp_options" else "udp_options"} = {
destination_port_range =
if isAttrs port then {
min = port.from;
max = port.to;
} else {
min = port;
max = port;
};
};
};
};
mapAll = protocol: port: [ (mapPort ipv4 protocol port) (mapPort ipv6 protocol port) ];
mapAllForInterface =
let
protos = [ "TCP" "UDP" ];
types = [ "Ports" "PortRanges" ];
in
interface: concatMap (type: concatMap (proto: (concatMap (port: (mapAll protoValues.${proto}) port) interface."allowed${proto}${type}")) protos) types;
rules = concatMap mapAllForInterface ([ firewall ] ++ map (interface: firewall.interfaces.${interface}) config.network.firewall.public.interfaces);
# TODO: use `count` and index into a fancy json or something?
in
listToAttrs (imap0 (i: rule: nameValuePair "firewall${toString i}" rule) rules)
)];
};
} }

14
config/hosts/samhain/nixos.nix
View file

@ -5,9 +5,9 @@ with lib;
let let
hexchen = (import sources.hexchen) { }; hexchen = (import sources.hexchen) { };
hexYgg = filterAttrs (_: c: c.enable) hexYgg = filterAttrs (_: c: c.enable)
(mapAttrs (_: host: host.config.network.yggdrasil) hexchen.hosts); (mapAttrs (_: host: host.config.network.yggdrasil) hexchen.hosts);
in in
{ {
# Imports # Imports
imports = with meta; [ imports = with meta; [
@ -167,12 +167,12 @@ in
mkIf (vfio-pci-ids != [ ]) { mkIf (vfio-pci-ids != [ ]) {
options.ids = concatStringsSep "," vfio-pci-ids; options.ids = concatStringsSep "," vfio-pci-ids;
}; };
}; };
services.udev.extraRules = '' services.udev.extraRules = ''
SUBSYSTEM=="usb", ACTION=="add", ATTRS{idVendor}=="1532", ATTRS{idProduct}=="0067", GROUP="vfio" SUBSYSTEM=="usb", ACTION=="add", ATTRS{idVendor}=="1532", ATTRS{idProduct}=="0067", GROUP="vfio"
SUBSYSTEM=="block", ACTION=="add", ATTRS{model}=="HFS256G32TNF-N3A", ATTRS{wwid}=="t10.ATA HFS256G32TNF-N3A0A MJ8BN15091150BM1Z ", OWNER="kat" SUBSYSTEM=="block", ACTION=="add", ATTRS{model}=="HFS256G32TNF-N3A", ATTRS{wwid}=="t10.ATA HFS256G32TNF-N3A0A MJ8BN15091150BM1Z ", OWNER="kat"
''; '';
# TODO: Replace this drive forward with one half of the 1.82TiB drive. # TODO: Replace this drive forward with one half of the 1.82TiB drive.
# SUBSYSTEM=="block", ACTION=="add", ATTR{partition}=="2", ATTR{size}=="1953503232", ATTRS{wwid}=="naa.5000039fe6e8614e", OWNER="kat" # SUBSYSTEM=="block", ACTION=="add", ATTR{partition}=="2", ATTR{size}=="1953503232", ATTRS{wwid}=="naa.5000039fe6e8614e", OWNER="kat"

2
config/modules/home/default.nix
View file

@ -5,7 +5,7 @@
imports = [ imports = [
(import (sources.arcexprs + "/modules")).home-manager (import (sources.arcexprs + "/modules")).home-manager
(import (sources.katexprs + "/modules")).home (import (sources.katexprs + "/modules")).home
(import (sources.impermanence + "/home-manager.nix")) (import (sources.impermanence + "/home-manager.nix"))
./vim.nix ./vim.nix
./fvwm.nix ./fvwm.nix
./deploy.nix ./deploy.nix

35
config/modules/home/theme.nix
View file

@ -49,28 +49,33 @@ let cfg = config.kw.theme; in
config = mkIf (cfg.enable) { config = mkIf (cfg.enable) {
kw.theme = { kw.theme = {
base16 = lib.mapAttrs' (k: v: lib.nameValuePair k "#${v.hex.rgb}") base16 = lib.mapAttrs' (k: v: lib.nameValuePair k "#${v.hex.rgb}")
(lib.filterAttrs (n: _: lib.hasInfix "base" n) config.lib.arc.base16.schemeForAlias.default); (lib.filterAttrs (n: _: lib.hasInfix "base" n) config.lib.arc.base16.schemeForAlias.default);
base16t = lib.mapAttrs' (k: v: lib.nameValuePair "${k}t" "rgba(${toString v.rgb.r}, ${toString v.rgb.g}, ${toString v.rgb.b}, ${toString cfg.alpha})") base16t = lib.mapAttrs' (k: v: lib.nameValuePair "${k}t" "rgba(${toString v.rgb.r}, ${toString v.rgb.g}, ${toString v.rgb.b}, ${toString cfg.alpha})")
(lib.filterAttrs (n: _: lib.hasInfix "base" n) config.lib.arc.base16.schemeForAlias.default); (lib.filterAttrs (n: _: lib.hasInfix "base" n) config.lib.arc.base16.schemeForAlias.default);
alpha = 0.5; alpha = 0.5;
}; };
lib.kw.sassTemplate = { name, src }: let lib.kw.sassTemplate = { name, src }:
variables = pkgs.writeText "base-variables.sass" '' let
${(concatStringsSep "\n" (mapAttrsToList(var: con: "\$${var}: ${con}") cfg.variables))} variables = pkgs.writeText "base-variables.sass" ''
''; ${(concatStringsSep "\n" (mapAttrsToList(var: con: "\$${var}: ${con}") cfg.variables))}
source = pkgs.callPackage ({ sass, stdenv }: stdenv.mkDerivation ({
inherit name src variables;
nativeBuildInputs = lib.singleton sass;
phases = [ "buildPhase" ];
buildPhase = ''
cat $variables $src > src-mut.sass
sass src-mut.sass $out --sourcemap=none --style=${cfg.css_style}
''; '';
} // cfg.variables)) {}; in { source = pkgs.callPackage
({ sass, stdenv }: stdenv.mkDerivation ({
inherit name src variables;
nativeBuildInputs = lib.singleton sass;
phases = [ "buildPhase" ];
buildPhase = ''
cat $variables $src > src-mut.sass
sass src-mut.sass $out --sourcemap=none --style=${cfg.css_style}
'';
} // cfg.variables))
{ };
in
{
inherit source; inherit source;
text = builtins.readFile source; text = builtins.readFile source;
}; };
_module.args = { inherit (config.lib) kw; }; _module.args = { inherit (config.lib) kw; };
}; };
} }

2
config/modules/nixos/default.nix
View file

@ -5,7 +5,7 @@
[ [
(import (sources.arcexprs + "/modules")).nixos (import (sources.arcexprs + "/modules")).nixos
(import (sources.katexprs + "/modules")).nixos (import (sources.katexprs + "/modules")).nixos
(import (sources.impermanence + "/nixos.nix")) (import (sources.impermanence + "/nixos.nix"))
./deploy.nix ./deploy.nix
./dyndns.nix ./dyndns.nix
./secrets.nix ./secrets.nix

8
config/profiles/base/dns.nix
View file

@ -1,8 +0,0 @@
{ config, ... }:
{
network.dns = {
email = "kat@kittywit.ch";
tld = "kittywit.ch.";
};
}

332
config/targets/oci-root/default.nix
View file

@ -1,184 +1,190 @@
{ config, lib, ... }: with lib; { { config, lib, ... }: with lib; {
deploy.targets.oci-root = { deploy.targets.oci-root = {
tf = let tf =
meta = config; let
in { config, ... }: let meta = config;
inherit (config.lib.tf) terraformExpr; in
res = config.resources; { config, ... }:
var = config.variables; let
out = config.outputs; inherit (config.lib.tf) terraformExpr;
in { res = config.resources;
variables = let var = config.variables;
apivar = { out = config.outputs;
type = "string"; in
sensitive = true; {
}; variables =
in mkMerge [ let
(genAttrs (map (value: "oci_root_${value}" ) [ "region" "tenancy" "user" "privkey" "fingerprint"] ) (attr: { apivar = {
value.shellCommand = "pass secrets/oracle-${head (reverseList (splitString "_" attr))}"; type = "string";
type = "string"; sensitive = true;
})) };
{"oci_root_privkey" = { sensitive = true; }; } in
]; mkMerge [
(genAttrs (map (value: "oci_root_${value}") [ "region" "tenancy" "user" "privkey" "fingerprint" ]) (attr: {
value.shellCommand = "pass secrets/oracle-${head (reverseList (splitString "_" attr))}";
type = "string";
}))
{ "oci_root_privkey" = { sensitive = true; }; }
];
providers.oci-root = { providers.oci-root = {
type = "oci"; type = "oci";
inputs = with config.variables; { inputs = with config.variables; {
tenancy_ocid = oci_root_tenancy.ref; tenancy_ocid = oci_root_tenancy.ref;
user_ocid = oci_root_user.ref; user_ocid = oci_root_user.ref;
private_key = oci_root_privkey.ref; private_key = oci_root_privkey.ref;
fingerprint = oci_root_fingerprint.ref; fingerprint = oci_root_fingerprint.ref;
region = oci_root_region.ref; region = oci_root_region.ref;
};
}; };
};
resources = { resources = {
oci_kw_compartment = { oci_kw_compartment = {
provider = "oci.oci-root"; provider = "oci.oci-root";
type = "identity_compartment"; type = "identity_compartment";
inputs = { inputs = {
name = "kw"; name = "kw";
description = "kw"; description = "kw";
compartment_id = var.oci_root_tenancy.ref; compartment_id = var.oci_root_tenancy.ref;
enable_delete = true; enable_delete = true;
};
}; };
}; oci_kw_user = {
oci_kw_user = { provider = "oci.oci-root";
provider = "oci.oci-root"; type = "identity_user";
type = "identity_user"; inputs = {
inputs = { name = "kw";
name = "kw"; description = "kw";
description = "kw"; compartment_id = var.oci_root_tenancy.ref;
compartment_id = var.oci_root_tenancy.ref; };
}; };
}; oci_kw_group = {
oci_kw_group = { provider = "oci.oci-root";
provider = "oci.oci-root"; type = "identity_group";
type = "identity_group"; inputs = {
inputs = { name = "kw";
name = "kw"; description = "kw";
description = "kw"; compartment_id = var.oci_root_tenancy.ref;
compartment_id = var.oci_root_tenancy.ref; };
}; };
}; oci_kw_usergroup = {
oci_kw_usergroup = { provider = "oci.oci-root";
provider = "oci.oci-root"; type = "identity_user_group_membership";
type = "identity_user_group_membership"; inputs = {
inputs = { group_id = res.oci_kw_group.refAttr "id";
group_id = res.oci_kw_group.refAttr "id"; user_id = res.oci_kw_user.refAttr "id";
user_id = res.oci_kw_user.refAttr "id"; };
}; };
}; oci_kw_key = {
oci_kw_key = { provider = "tls";
provider = "tls"; type = "private_key";
type = "private_key"; inputs = {
inputs = { algorithm = "RSA";
algorithm = "RSA"; rsa_bits = 2048;
rsa_bits = 2048; };
}; };
}; oci_kw_key_file = {
oci_kw_key_file = { provider = "local";
provider = "local"; type = "file";
type = "file"; inputs = {
inputs = { sensitive_content = res.oci_kw_key.refAttr "private_key_pem";
sensitive_content = res.oci_kw_key.refAttr "private_key_pem"; filename = toString (config.terraform.dataDir + "/oci_kw_key");
filename = toString (config.terraform.dataDir + "/oci_kw_key"); file_permission = "0600";
file_permission = "0600"; };
}; };
}; oci_kw_apikey = {
oci_kw_apikey = { provider = "oci.oci-root";
provider = "oci.oci-root"; type = "identity_api_key";
type = "identity_api_key"; inputs = {
inputs = { key_value = res.oci_kw_key.refAttr "public_key_pem";
key_value = res.oci_kw_key.refAttr "public_key_pem"; user_id = res.oci_kw_user.refAttr "id";
user_id = res.oci_kw_user.refAttr "id"; };
}; };
}; oci_kw_policy = {
oci_kw_policy = { provider = "oci.oci-root";
provider = "oci.oci-root"; type = "identity_policy";
type = "identity_policy"; inputs = {
inputs = { name = "kw-admin";
name = "kw-admin"; description = "kw admin";
description = "kw admin"; compartment_id = var.oci_root_tenancy.ref;
compartment_id = var.oci_root_tenancy.ref; statements = [
statements = [ "Allow group ${res.oci_kw_group.refAttr "name"} to manage all-resources in compartment id ${res.oci_kw_compartment.refAttr "id"}"
"Allow group ${res.oci_kw_group.refAttr "name"} to manage all-resources in compartment id ${res.oci_kw_compartment.refAttr "id"}" "Allow group ${res.oci_kw_group.refAttr "name"} to read virtual-network-family in compartment id ${var.oci_root_tenancy.ref}"
"Allow group ${res.oci_kw_group.refAttr "name"} to read virtual-network-family in compartment id ${var.oci_root_tenancy.ref}" ''
'' Allow group ${res.oci_kw_group.refAttr "name"} to manage vcns in compartment id ${var.oci_root_tenancy.ref} where ALL {
Allow group ${res.oci_kw_group.refAttr "name"} to manage vcns in compartment id ${var.oci_root_tenancy.ref} where ALL { ANY { request.operation = 'CreateNetworkSecurityGroup', request.operation = 'DeleteNetworkSecurityGroup' }
ANY { request.operation = 'CreateNetworkSecurityGroup', request.operation = 'DeleteNetworkSecurityGroup' } }
''
];
};
};
oci_vcn = {
provider = "oci.oci-root";
type = "core_vcn";
inputs = {
display_name = "net";
compartment_id = var.oci_root_tenancy.ref;
cidr_blocks = [
"10.69.0.0/16"
];
is_ipv6enabled = true;
};
};
oci_internet = {
provider = "oci.oci-root";
type = "core_internet_gateway";
inputs = {
display_name = "net internet";
compartment_id = var.oci_root_tenancy.ref;
vcn_id = res.oci_vcn.refAttr "id";
};
};
oci_routes = {
provider = "oci.oci-root";
type = "core_route_table";
inputs = {
display_name = "net routes";
route_rules = [
{
description = "internet v4";
destination_type = "CIDR_BLOCK";
destination = "0.0.0.0/0";
network_entity_id = res.oci_internet.refAttr "id";
} }
'' {
]; description = "internet v6";
destination_type = "CIDR_BLOCK";
destination = "::/0";
network_entity_id = res.oci_internet.refAttr "id";
}
];
compartment_id = var.oci_root_tenancy.ref;
vcn_id = res.oci_vcn.refAttr "id";
};
};
oci_kw_subnet = {
provider = "oci.oci-root";
type = "core_subnet";
inputs = {
display_name = "kw";
cidr_block = terraformExpr "cidrsubnet(${res.oci_vcn.namedRef}.cidr_blocks[0], 8, 8)"; # /24
ipv6cidr_block = terraformExpr "cidrsubnet(${res.oci_vcn.namedRef}.ipv6cidr_blocks[0], 8, 0)"; # from a /56 block to /64
compartment_id = res.oci_kw_compartment.refAttr "id";
vcn_id = res.oci_vcn.refAttr "id";
route_table_id = res.oci_routes.refAttr "id";
};
}; };
}; };
oci_vcn = { outputs = {
provider = "oci.oci-root"; oci_region = {
type = "core_vcn"; value = var.oci_root_region.ref;
inputs = { sensitive = true;
display_name = "net";
compartment_id = var.oci_root_tenancy.ref;
cidr_blocks = [
"10.69.0.0/16"
];
is_ipv6enabled = true;
}; };
}; oci_tenancy = {
oci_internet = { value = var.oci_root_tenancy.ref;
provider = "oci.oci-root"; sensitive = true;
type = "core_internet_gateway";
inputs = {
display_name = "net internet";
compartment_id = var.oci_root_tenancy.ref;
vcn_id = res.oci_vcn.refAttr "id";
};
};
oci_routes = {
provider = "oci.oci-root";
type = "core_route_table";
inputs = {
display_name = "net routes";
route_rules = [
{
description = "internet v4";
destination_type = "CIDR_BLOCK";
destination = "0.0.0.0/0";
network_entity_id = res.oci_internet.refAttr "id";
}
{
description = "internet v6";
destination_type = "CIDR_BLOCK";
destination = "::/0";
network_entity_id = res.oci_internet.refAttr "id";
}
];
compartment_id = var.oci_root_tenancy.ref;
vcn_id = res.oci_vcn.refAttr "id";
};
};
oci_kw_subnet = {
provider = "oci.oci-root";
type = "core_subnet";
inputs = {
display_name = "kw";
cidr_block = terraformExpr "cidrsubnet(${res.oci_vcn.namedRef}.cidr_blocks[0], 8, 8)"; # /24
ipv6cidr_block = terraformExpr "cidrsubnet(${res.oci_vcn.namedRef}.ipv6cidr_blocks[0], 8, 0)"; # from a /56 block to /64
compartment_id = res.oci_kw_compartment.refAttr "id";
vcn_id = res.oci_vcn.refAttr "id";
route_table_id = res.oci_routes.refAttr "id";
}; };
}; };
}; };
outputs = {
oci_region = {
value = var.oci_root_region.ref;
sensitive = true;
};
oci_tenancy = {
value = var.oci_root_tenancy.ref;
sensitive = true;
};
};
};
}; };
} }

31
config/users/kat/base/vim/default.nix
View file

@ -1,19 +1,22 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let initvim = pkgs.callPackage ({ stdenv, elinks, nodejs }: stdenv.mkDerivation { let initvim = pkgs.callPackage
name = "init.vim"; ({ stdenv, elinks, nodejs }: stdenv.mkDerivation {
src = ./init.vim; name = "init.vim";
inherit nodejs elinks; src = ./init.vim;
buildInputs = [ inherit nodejs elinks;
elinks buildInputs = [
nodejs elinks
]; nodejs
phases = [ "buildPhase" ]; ];
buildPhase = '' phases = [ "buildPhase" ];
substituteAll $src $out buildPhase = ''
''; substituteAll $src $out
}) {}; '';
in { })
{ };
in
{
home.sessionVariables.EDITOR = "nvim"; home.sessionVariables.EDITOR = "nvim";
programs.neovim = { programs.neovim = {

26
config/users/kat/base/zsh.nix
View file

@ -56,19 +56,19 @@ in
"listrowsfirst" "listrowsfirst"
]; in ]; in
'' ''
ZSH_TAB_TITLE_ADDITIONAL_TERMS='foot' ZSH_TAB_TITLE_ADDITIONAL_TERMS='foot'
ZSH_TAB_TITLE_ENABLE_FULL_COMMAND=true ZSH_TAB_TITLE_ENABLE_FULL_COMMAND=true
zmodload -i zsh/complist zmodload -i zsh/complist
zstyle ':completion:*' list-colors "" zstyle ':completion:*' list-colors ""
zstyle ':completion:*:*:*:*:*' menu select zstyle ':completion:*:*:*:*:*' menu select
zstyle ':completion:*:cd:*' tag-order local-directories directory-stack path-directories zstyle ':completion:*:cd:*' tag-order local-directories directory-stack path-directories
zstyle ':completion:*:*:kill:*:processes' list-colors '=(#b) #([0-9]#) ([0-9a-z-]#)*=01;34=0=01' zstyle ':completion:*:*:kill:*:processes' list-colors '=(#b) #([0-9]#) ([0-9a-z-]#)*=01;34=0=01'
zstyle ':completion:*:*:*:*:processes' command "ps -u $USER -o pid,user,comm -w -w" zstyle ':completion:*:*:*:*:processes' command "ps -u $USER -o pid,user,comm -w -w"
zstyle ':completion:*:complete:pass:*:*' matcher 'r:|[./_-]=** r:|=*' 'l:|=* r:|=*' zstyle ':completion:*:complete:pass:*:*' matcher 'r:|[./_-]=** r:|=*' 'l:|=* r:|=*'
zstyle ':completion:*' list-colors ''${(s.:.)LS_COLORS} zstyle ':completion:*' list-colors ''${(s.:.)LS_COLORS}
zstyle ':fzf-tab:complete:cd:*' fzf-preview 'exa -1lb --color=always $realpath' zstyle ':fzf-tab:complete:cd:*' fzf-preview 'exa -1lb --color=always $realpath'
${lib.concatStringsSep "\n" (map (opt: "setopt ${opt}") zshOpts)} ${lib.concatStringsSep "\n" (map (opt: "setopt ${opt}") zshOpts)}
bindkey '^ ' autosuggest-accept bindkey '^ ' autosuggest-accept
''; '';
shellAliases = { shellAliases = {
nixdirfmt = "fd --color=never .nix | xargs nixpkgs-fmt"; nixdirfmt = "fd --color=never .nix | xargs nixpkgs-fmt";

29
config/users/kat/dev/vim/default.nix
View file

@ -1,18 +1,21 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let cocvim = pkgs.callPackage ({ stdenv, elinks, nodejs }: stdenv.mkDerivation { let cocvim = pkgs.callPackage
name = "coc.vim"; ({ stdenv, elinks, nodejs }: stdenv.mkDerivation {
src = ./coc.vim; name = "coc.vim";
inherit nodejs; src = ./coc.vim;
buildInputs = [ inherit nodejs;
nodejs buildInputs = [
]; nodejs
phases = [ "buildPhase" ]; ];
buildPhase = '' phases = [ "buildPhase" ];
substituteAll $src $out buildPhase = ''
''; substituteAll $src $out
}) {}; '';
in { })
{ };
in
{
programs.neovim = { programs.neovim = {
extraConfig = '' extraConfig = ''
source ${cocvim} source ${cocvim}

2
config/users/kat/personal/default.nix
View file

@ -1,5 +1,5 @@
{ ... }: { ... }:
{ {
imports = [ ./gpg.nix ./packages.nix ./weechat.nix ./email.nix ./zsh.nix ]; imports = [ ./gpg.nix ./weechat.nix ./email.nix ./zsh.nix ];
} }

1
config/users/kat/personal/gpg.nix
View file

@ -1,6 +1,7 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
home.packages = with pkgs; [ pinentry.gtk2 ];
home.sessionVariables = { home.sessionVariables = {
SSH_AUTH_SOCK = SSH_AUTH_SOCK =
"\${SSH_AUTH_SOCK:-$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)}"; "\${SSH_AUTH_SOCK:-$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)}";

45
config/users/kat/sway/sway.nix
View file

@ -4,7 +4,47 @@ let
footwrap = pkgs.writeShellScriptBin "footwrap" '' footwrap = pkgs.writeShellScriptBin "footwrap" ''
exec foot "$2" exec foot "$2"
''; '';
lockCommand = ''${pkgs.swaylock-fancy}/bin/swaylock-fancy -d -t ""''; lockCommand =
let
base16 = lib.mapAttrs' (k: v: lib.nameValuePair k (lib.removePrefix "#" v)) config.kw.theme.base16;
# TODO: integrate into /config/modules/home/theme.nix
# thank you to @u1f408 💜
in
''
${pkgs.swaylock-effects}/bin/swaylock \
--screenshots \
--indicator \
--indicator-radius 110 \
--indicator-thickness 8 \
--clock --timestr '%H:%M:%S' --datestr '%Y-%m-%d' \
--effect-scale 0.5 \
--effect-vignette 0.5:0.5 \
--effect-blur 12x4 \
--effect-scale 2 \
--fade-in 0.2 \
--key-hl-color ${base16.base0C} \
--separator-color ${base16.base01} \
--line-color ${base16.base01} \
--line-clear-color ${base16.base01} \
--line-caps-lock-color ${base16.base01} \
--line-ver-color ${base16.base01} \
--line-wrong-color ${base16.base01} \
--ring-color ${base16.base00} \
--ring-clear-color ${base16.base0B} \
--ring-caps-lock-color ${base16.base09} \
--ring-ver-color ${base16.base0D} \
--ring-wrong-color ${base16.base08} \
--inside-color ${base16.base00} \
--inside-clear-color ${base16.base00} \
--inside-caps-lock-color ${base16.base00} \
--inside-ver-color ${base16.base00} \
--inside-wrong-color ${base16.base00} \
--text-color ${base16.base05} \
--text-clear-color ${base16.base05} \
--text-caps-lock-color ${base16.base05} \
--text-ver-color ${base16.base05} \
--text-wrong-color ${base16.base05} \
'';
in in
{ {
home.sessionVariables = { home.sessionVariables = {
@ -17,7 +57,6 @@ in
services.i3gopher = { enable = true; }; services.i3gopher = { enable = true; };
systemd.user.services.swayidle = { systemd.user.services.swayidle = {
Unit = { Unit = {
Description = "swayidle"; Description = "swayidle";
@ -30,7 +69,7 @@ in
${pkgs.swayidle}/bin/swayidle -w \ ${pkgs.swayidle}/bin/swayidle -w \
timeout 300 '${lockCommand}' \ timeout 300 '${lockCommand}' \
timeout 600 'swaymsg "output * dpms off"' \ timeout 600 'swaymsg "output * dpms off"' \
resume 'swaymsg "output * dpms on"' \ resume 'swaymsg "output * dpms on"' \
before-sleep '${lockCommand}' before-sleep '${lockCommand}'
''; '';
RestartSec = 3; RestartSec = 3;

6
default.nix
View file

@ -59,11 +59,13 @@ let
eval = lib.evalModules { eval = lib.evalModules {
modules = lib.singleton metaConfig modules = lib.singleton metaConfig
++ lib.attrValues (removeAttrs xarg.targets [ "common" ]) ++ lib.attrValues (removeAttrs xarg.targets [ "common" ])
++ (map (host: { ++ (map
(host: {
network.nodes.${host} = { network.nodes.${host} = {
imports = config.lib.kw.nodeImport host; imports = config.lib.kw.nodeImport host;
}; };
}) (lib.attrNames xarg.hosts)) })
(lib.attrNames xarg.hosts))
++ lib.singleton ./config/modules/meta/default.nix; ++ lib.singleton ./config/modules/meta/default.nix;
specialArgs = { specialArgs = {

8
overlays/default.nix
View file

@ -8,9 +8,9 @@ let
(import ./rustfmt) (import ./rustfmt)
(import ./katlib) (import ./katlib)
(import ./katpkgs) (import ./katpkgs)
/* # TODO: implement these /* # TODO: implement these
(import ./vimrc) (import ./vimrc)
*/ */
] ++ (map (path: import "${path}/overlay.nix") [ ] ++ (map (path: import "${path}/overlay.nix") [
sources.arcexprs sources.arcexprs
sources.anicca sources.anicca
@ -23,4 +23,4 @@ let
}; };
}; };
in in
pkgs pkgs

4
overlays/katlib/virtual-host-gen.nix
View file

@ -4,8 +4,8 @@ let
networks = config.network.addresses; networks = config.network.addresses;
filteredNetworks = filterAttrs (n: v: elem n networkFilter) networks; filteredNetworks = filterAttrs (n: v: elem n networkFilter) networks;
networkValues = attrValues filteredNetworks; networkValues = attrValues filteredNetworks;
addressList'= concatMap (n: n.out.identifierList) networkValues; addressList' = concatMap (n: n.out.identifierList) networkValues;
addressList = map(n: builtins.unsafeDiscardStringContext n) addressList'; addressList = map (n: builtins.unsafeDiscardStringContext n) addressList';
hostBlocks = map (host: nameValuePair host block) addressList; hostBlocks = map (host: nameValuePair host block) addressList;
in in
listToAttrs hostBlocks listToAttrs hostBlocks

6
overlays/zfsUnstable/default.nix
View file

@ -1,5 +1,5 @@
final: prev: { final: prev: {
linuxPackagesFor = kernel: (final.linuxPackagesFor kernel).extend (_: kfinal: { linuxPackagesFor = kernel: (final.linuxPackagesFor kernel).extend (_: kfinal: {
zfsUnstable = kfinal.zfsUnstable.overrideAttrs (old: { meta = old.meta // { broken = false; }; }); zfsUnstable = kfinal.zfsUnstable.overrideAttrs (old: { meta = old.meta // { broken = false; }; });
}); });
} }