gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

Repo-wide reformat. Remove some unused. README updates.

Browse source
This commit is contained in:
kat witch 2021-08-28 22:08:52 +01:00
parent 21880fc3c5
commit 8788d1111b
No known key found for this signature in database
GPG key ID: 1B477797DCA5EC72
18 changed files with 495 additions and 391 deletions
Download patch file Download diff file Expand all files Collapse all files

43
README.md
View file

@ -2,7 +2,48 @@
[![nodes](https://github.com/kittywitch/nixfiles/actions/workflows/nodes.yml/badge.svg)](https://github.com/kittywitch/nixfiles/actions/workflows/nodes.yml)
These are the NixOS configurations for my systems. I run nothing but NixOS on my hardware, aside from virtual machines.
These are the NixOS configurations for my systems. I run nothing other than NixOS on my hardware, aside from virtual machines.
## Contents
* [Nodes](#nodes)
* [Profiles](#profiles)
* [User Profiles](#user-profiles)
* [CI](#ci)
* [Dependencies](#dependencies)
* [Commands](#commands)
## Nodes
| Node | Purpose |
| --- | --- |
| [athame](config/hosts/athame) | Currently the main server. Ad-hoc hetzner cloud box. |
| [rinnosuke](config/hosts/rinnosuke) | Intended to be a nameserver. Provisioned OCI EPYC box. |
| [beltane](config/hosts/beltane) | Home server. |
| [samhain](config/hosts/samhain) | Beloved workstation. Does VFIO. |
| [yule](config/hosts/yule) | Main laptop. |
| [ostara](config/hosts/ostara) | CCTV netbook. |
## Profiles
| Profile | Purpose |
| --- | --- |
| [base](config/profiles/base) | Base profile, always used. Root access, base16, home-manager, locale, network module, nix, packages, profiles, secrets, shell and sysctl configuration. |
| [gui](config/profiles/gui) | GUI profile. Provides window managers, [DNSCrypt/dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy), filesystem packages, font, NixOS-side GPG, mingetty, NFS, QT, sound (pipewire) and XDG portal configuration. |
| [vfio](config/profiles/vfio) | Provides host-unspecific VFIO. Fancy patched QEMU from [arcnmx/nixexprs](https://github.com/arcnmx/nixexprs), [arcnmx/screenstub](https://github.com/arcnmx/screenstub) (however, patched in-repo for Q35), AMDGPU vendor-reset and ACS override. |
| [hardware](config/profiles/hardware) | Sub-profiles for my hardware are provided here. Some are reusable. |
## User Profiles
| Profile | Purpose |
| --- | --- |
| [base](config/users/kat/base) | base16, git, inputrc, packages, pass, rink, secrets, SSH, tmux, weechat, vim, xdg and zsh configuration. |
| [dev](config/users/kat/dev) | cookiecutters, doom-emacs (although unused, forced to use PgtkGcc all fancily :3c), packages, rustfmt and (heavier on the node) vim configuration. |
| [gui](config/users/kat/gui) | firefox+userChrome+tst, font, [dnkl/foot](https://codeberg.org/dnkl/foot) terminal, GTK, packages, QT, ranger and xdg configuration. |
| [media](config/users/kat/media) | mpv, obs, packages and syncplay configuration. |
| [personal](config/users/kat/personal) | email (notmuch), home-manager-side GPG, weechat and zsh configuration. |
| [services](config/users/kat/services) | User services. weechat and mpd are provided. |
| [sway](config/users/kat/sway) | sway, i3gopher, swayidle, swaylock-effects, screenshot tool, konawall, mako, wofi, waybar and xkb (custom layout o:) configuration. |
## CI

34
config/hosts/rinnosuke/nixos.nix
View file

@ -1,14 +1,17 @@
{ config, tf, meta, kw, pkgs, lib, sources, ... }: with lib; let
oci-root = meta.deploy.targets.oci-root.tf;
in {
in
{
imports = (with (import (sources.tf-nix + "/modules")); [
nixos.ubuntu-linux
nixos.oracle
]) ++ (with meta; [ services.nginx ]);
services.nginx.virtualHosts = let
services.nginx.virtualHosts =
let
splashy = pkgs.host-splash-site config.networking.hostName;
in kw.virtualHostGen {
in
kw.virtualHostGen {
networkFilter = [ "public" ];
block.locations."/" = { root = splashy; };
};
@ -26,10 +29,12 @@ in {
};
};
deploy.tf = let
deploy.tf =
let
compartment_id = oci-root.resources.oci_kw_compartment.importAttr "id";
inherit (tf.lib.tf) terraformExpr;
in {
in
{
deploy.systems.rinnosuke = {
lustrate = {
enable = true;
@ -48,7 +53,7 @@ in {
private_key_path = oci-root.resources.oci_kw_key_file.importAttr "filename";
};
};
resources = mkMerge [ {
resources = mkMerge [{
cloudinit = {
provider = "cloudinit";
type = "config";
@ -134,7 +139,9 @@ in {
vcn_id = oci-root.resources.oci_vcn.importAttr "id";
};
};
} (let
}
(
let
protoValues = {
TCP = 6;
UDP = 17;
@ -150,7 +157,8 @@ in {
inherit protocol source;
direction = "INGRESS";
${if protocol == protoValues.TCP then "tcp_options" else "udp_options"} = {
destination_port_range = if isAttrs port then {
destination_port_range =
if isAttrs port then {
min = port.from;
max = port.to;
} else {
@ -161,12 +169,16 @@ in {
};
};
mapAll = protocol: port: [ (mapPort ipv4 protocol port) (mapPort ipv6 protocol port) ];
mapAllForInterface = let
mapAllForInterface =
let
protos = [ "TCP" "UDP" ];
types = [ "Ports" "PortRanges" ];
in interface: concatMap (type: concatMap (proto: (concatMap (port: (mapAll protoValues.${proto}) port) interface."allowed${proto}${type}")) protos ) types;
in
interface: concatMap (type: concatMap (proto: (concatMap (port: (mapAll protoValues.${proto}) port) interface."allowed${proto}${type}")) protos) types;
rules = concatMap mapAllForInterface ([ firewall ] ++ map (interface: firewall.interfaces.${interface}) config.network.firewall.public.interfaces);
# TODO: use `count` and index into a fancy json or something?
in listToAttrs (imap0 (i: rule: nameValuePair "firewall${toString i}" rule) rules)) ];
in
listToAttrs (imap0 (i: rule: nameValuePair "firewall${toString i}" rule) rules)
)];
};
}

2
config/hosts/samhain/nixos.nix
View file

@ -7,7 +7,7 @@ let
hexYgg = filterAttrs (_: c: c.enable)
(mapAttrs (_: host: host.config.network.yggdrasil) hexchen.hosts);
in
{
{
# Imports
imports = with meta; [

11
config/modules/home/theme.nix
View file

@ -55,11 +55,13 @@ let cfg = config.kw.theme; in
alpha = 0.5;
};
lib.kw.sassTemplate = { name, src }: let
lib.kw.sassTemplate = { name, src }:
let
variables = pkgs.writeText "base-variables.sass" ''
${(concatStringsSep "\n" (mapAttrsToList(var: con: "\$${var}: ${con}") cfg.variables))}
'';
source = pkgs.callPackage ({ sass, stdenv }: stdenv.mkDerivation ({
source = pkgs.callPackage
({ sass, stdenv }: stdenv.mkDerivation ({
inherit name src variables;
nativeBuildInputs = lib.singleton sass;
phases = [ "buildPhase" ];
@ -67,7 +69,10 @@ let cfg = config.kw.theme; in
cat $variables $src > src-mut.sass
sass src-mut.sass $out --sourcemap=none --style=${cfg.css_style}
'';
} // cfg.variables)) {}; in {
} // cfg.variables))
{ };
in
{
inherit source;
text = builtins.readFile source;
};

8
config/profiles/base/dns.nix
View file

@ -1,8 +0,0 @@
{ config, ... }:
{
network.dns = {
email = "kat@kittywit.ch";
tld = "kittywit.ch.";
};
}

20
config/targets/oci-root/default.nix
View file

@ -1,24 +1,30 @@
{ config, lib, ... }: with lib; {
deploy.targets.oci-root = {
tf = let
tf =
let
meta = config;
in { config, ... }: let
in
{ config, ... }:
let
inherit (config.lib.tf) terraformExpr;
res = config.resources;
var = config.variables;
out = config.outputs;
in {
variables = let
in
{
variables =
let
apivar = {
type = "string";
sensitive = true;
};
in mkMerge [
(genAttrs (map (value: "oci_root_${value}" ) [ "region" "tenancy" "user" "privkey" "fingerprint"] ) (attr: {
in
mkMerge [
(genAttrs (map (value: "oci_root_${value}") [ "region" "tenancy" "user" "privkey" "fingerprint" ]) (attr: {
value.shellCommand = "pass secrets/oracle-${head (reverseList (splitString "_" attr))}";
type = "string";
}))
{"oci_root_privkey" = { sensitive = true; }; }
{ "oci_root_privkey" = { sensitive = true; }; }
];
providers.oci-root = {

9
config/users/kat/base/vim/default.nix
View file

@ -1,6 +1,7 @@
{ config, lib, pkgs, ... }:
let initvim = pkgs.callPackage ({ stdenv, elinks, nodejs }: stdenv.mkDerivation {
let initvim = pkgs.callPackage
({ stdenv, elinks, nodejs }: stdenv.mkDerivation {
name = "init.vim";
src = ./init.vim;
inherit nodejs elinks;
@ -12,8 +13,10 @@ let initvim = pkgs.callPackage ({ stdenv, elinks, nodejs }: stdenv.mkDerivation
buildPhase = ''
substituteAll $src $out
'';
}) {};
in {
})
{ };
in
{
home.sessionVariables.EDITOR = "nvim";
programs.neovim = {

9
config/users/kat/dev/vim/default.nix
View file

@ -1,6 +1,7 @@
{ config, pkgs, ... }:
let cocvim = pkgs.callPackage ({ stdenv, elinks, nodejs }: stdenv.mkDerivation {
let cocvim = pkgs.callPackage
({ stdenv, elinks, nodejs }: stdenv.mkDerivation {
name = "coc.vim";
src = ./coc.vim;
inherit nodejs;
@ -11,8 +12,10 @@ let cocvim = pkgs.callPackage ({ stdenv, elinks, nodejs }: stdenv.mkDerivation {
buildPhase = ''
substituteAll $src $out
'';
}) {};
in {
})
{ };
in
{
programs.neovim = {
extraConfig = ''
source ${cocvim}

2
config/users/kat/personal/default.nix
View file

@ -1,5 +1,5 @@
{ ... }:
{
imports = [ ./gpg.nix ./packages.nix ./weechat.nix ./email.nix ./zsh.nix ];
imports = [ ./gpg.nix ./weechat.nix ./email.nix ./zsh.nix ];
}

1
config/users/kat/personal/gpg.nix
View file

@ -1,6 +1,7 @@
{ config, lib, pkgs, ... }:
{
home.packages = with pkgs; [ pinentry.gtk2 ];
home.sessionVariables = {
SSH_AUTH_SOCK =
"\${SSH_AUTH_SOCK:-$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)}";

43
config/users/kat/sway/sway.nix
View file

@ -4,7 +4,47 @@ let
footwrap = pkgs.writeShellScriptBin "footwrap" ''
exec foot "$2"
'';
lockCommand = ''${pkgs.swaylock-fancy}/bin/swaylock-fancy -d -t ""'';
lockCommand =
let
base16 = lib.mapAttrs' (k: v: lib.nameValuePair k (lib.removePrefix "#" v)) config.kw.theme.base16;
# TODO: integrate into /config/modules/home/theme.nix
# thank you to @u1f408 💜
in
''
${pkgs.swaylock-effects}/bin/swaylock \
--screenshots \
--indicator \
--indicator-radius 110 \
--indicator-thickness 8 \
--clock --timestr '%H:%M:%S' --datestr '%Y-%m-%d' \
--effect-scale 0.5 \
--effect-vignette 0.5:0.5 \
--effect-blur 12x4 \
--effect-scale 2 \
--fade-in 0.2 \
--key-hl-color ${base16.base0C} \
--separator-color ${base16.base01} \
--line-color ${base16.base01} \
--line-clear-color ${base16.base01} \
--line-caps-lock-color ${base16.base01} \
--line-ver-color ${base16.base01} \
--line-wrong-color ${base16.base01} \
--ring-color ${base16.base00} \
--ring-clear-color ${base16.base0B} \
--ring-caps-lock-color ${base16.base09} \
--ring-ver-color ${base16.base0D} \
--ring-wrong-color ${base16.base08} \
--inside-color ${base16.base00} \
--inside-clear-color ${base16.base00} \
--inside-caps-lock-color ${base16.base00} \
--inside-ver-color ${base16.base00} \
--inside-wrong-color ${base16.base00} \
--text-color ${base16.base05} \
--text-clear-color ${base16.base05} \
--text-caps-lock-color ${base16.base05} \
--text-ver-color ${base16.base05} \
--text-wrong-color ${base16.base05} \
'';
in
{
home.sessionVariables = {
@ -17,7 +57,6 @@ in
services.i3gopher = { enable = true; };
systemd.user.services.swayidle = {
Unit = {
Description = "swayidle";

6
default.nix
View file

@ -59,11 +59,13 @@ let
eval = lib.evalModules {
modules = lib.singleton metaConfig
++ lib.attrValues (removeAttrs xarg.targets [ "common" ])
++ (map (host: {
++ (map
(host: {
network.nodes.${host} = {
imports = config.lib.kw.nodeImport host;
};
}) (lib.attrNames xarg.hosts))
})
(lib.attrNames xarg.hosts))
++ lib.singleton ./config/modules/meta/default.nix;
specialArgs = {

2
overlays/default.nix
View file

@ -23,4 +23,4 @@ let
};
};
in
pkgs
pkgs

4
overlays/katlib/virtual-host-gen.nix
View file

@ -4,8 +4,8 @@ let
networks = config.network.addresses;
filteredNetworks = filterAttrs (n: v: elem n networkFilter) networks;
networkValues = attrValues filteredNetworks;
addressList'= concatMap (n: n.out.identifierList) networkValues;
addressList = map(n: builtins.unsafeDiscardStringContext n) addressList';
addressList' = concatMap (n: n.out.identifierList) networkValues;
addressList = map (n: builtins.unsafeDiscardStringContext n) addressList';
hostBlocks = map (host: nameValuePair host block) addressList;
in
listToAttrs hostBlocks