diff --git a/README.md b/README.md index 6a592f7a..0dba3886 100644 --- a/README.md +++ b/README.md @@ -12,14 +12,14 @@ These are the NixOS configurations for my systems. I run nothing other than NixO | Node | Network | Purpose | |------------------|---------|----------------------------------------------------------| -| [athame][] | Public | Currently the main server. Ad-hoc hetzner cloud box. | -| [daiyousei][] | Public | Intended athame replacement. Provisioned OCI Ampere box. | +| [kyouko][] | Public | Currently the main server. Ad-hoc hetzner cloud box. | +| [daiyousei][] | Public | Intended kyouko replacement. Provisioned OCI Ampere box. | | [rinnosuke][] | Public | My primary nameserver. Provisioned OCI EPYC box. | | [shinmyoumaru][] | Public | My Raspberry Pi 1 Model B+. DHT22 sensors box. | -| [beltane][] | Private | Home server. NAS + HTPC, does DVB stuff. | -| [samhain][] | Private | Beloved workstation. Does VFIO. | -| [yule][] | Private | Main laptop. | -| [ostara][] | Private | CCTV netbook. | +| [yukari][] | Private | Home server. NAS + HTPC, does DVB stuff. | +| [goliath][] | Private | Beloved workstation. Does VFIO. | +| [koishi][] | Private | Main laptop. | +| [ran][] | Private | CCTV netbook. | ## Profiles @@ -151,14 +151,14 @@ Please use `nix-shell` or [direnv/direnv][]. The shell is not compatible with [n [1]: https://github.com/kittywitch/nixfiles/actions/workflows/nodes.yml [This repository on my self hosted git.]: https://git.kittywit.ch/kat/nixfiles [This repository on GitHub.]: https://github.com/kittywitch/nixfiles - [athame]: config/hosts/athame + [kyouko]: config/hosts/kyouko [daiyousei]: config/hosts/daiyousei [rinnosuke]: config/hosts/rinnosuke [shinmyoumaru]: config/hosts/shinmyoumaru - [beltane]: config/hosts/beltane - [samhain]: config/hosts/samhain - [yule]: config/hosts/yule - [ostara]: config/hosts/ostara + [yukari]: config/hosts/yukari + [goliath]: config/hosts/goliath + [koishi]: config/hosts/koishi + [ran]: config/hosts/ran [here]: config/profiles/base/profiles.nix [base]: config/profiles/base [gui]: config/profiles/gui diff --git a/config/hosts/beltane/home.nix b/config/hosts/beltane/home.nix deleted file mode 100644 index 9241afe3..00000000 --- a/config/hosts/beltane/home.nix +++ /dev/null @@ -1 +0,0 @@ -{ ... }: { imports = [ ./home/sway.nix ]; } diff --git a/config/hosts/beltane/home/sway.nix b/config/hosts/beltane/home/sway.nix deleted file mode 100644 index 0458dfc3..00000000 --- a/config/hosts/beltane/home/sway.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; - -{ - wayland.windowManager.sway.config = { - output = - let - middle = { - res = "1280x1024@75Hz"; - pos = "1920 0"; - }; - in - { - "VGA-1" = middle; - }; - }; -} diff --git a/config/hosts/daiyousei/nixos.nix b/config/hosts/daiyousei.nix similarity index 100% rename from config/hosts/daiyousei/nixos.nix rename to config/hosts/daiyousei.nix diff --git a/config/hosts/dummy/nixos.nix b/config/hosts/dummy/nixos.nix deleted file mode 100644 index 9ad26595..00000000 --- a/config/hosts/dummy/nixos.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ config, lib, pkgs, sources, ... }: - -with lib; - -let - hexchen = (import sources.hexchen) { }; - hexYgg = filterAttrs (_: c: c.enable) - (mapAttrs (_: host: host.config.network.yggdrasil) hexchen.hosts); -in -{ - # stuff so dummy host is buildable (you probably don't want/need this???) - # but idk your config sooooo - boot.isContainer = true; - networking.useDHCP = false; - users.users.root.hashedPassword = ""; - - network.yggdrasil = { - enable = true; - pubkey = "0000000000000000000000000000000000000000000000000000000000000000"; - listen.enable = true; - listen.endpoints = flatten (map (c: c.listen.endpoints) (filter - (c: - c.listen.enable && (c.pubkey - != "0000000000000000000000000000000000000000000000000000000000000000")) - (attrValues hexYgg))); - extra.pubkeys = { - satorin = - "53d99a74a648ff7bd5bc9ba68ef4f472fb4fb8b2e26dfecea33c781f0d5c9525"; - shanghai = - "0cc3c26366cbfddfb1534b25c5655733d8f429edc941bcce674c46566fc87027"; - grimoire = - "2a1567a2848540070328c9e938c58d40f2b1a3f08982c15c7edc5dcabfde3330"; - boline = - "89684441745467da0d1bf7f47dc74ec3ca65e05c72f752298ef3c22a22024d43"; - } // (mapAttrs (_: c: c.pubkey) hexYgg); - }; - - # snippet for single host - # hexchen.network = { - # enable = true; - # pubkey = "0000000000000000000000000000000000000000000000000000000000000000"; - # # if server, enable this and set endpoint: - # listen.enable = false; - # listen.endpoints = [ - # "tcp://0.0.0.0:0" - # ]; - # }; -} diff --git a/config/hosts/samhain/nixos.nix b/config/hosts/goliath.nix similarity index 88% rename from config/hosts/samhain/nixos.nix rename to config/hosts/goliath.nix index 908e8d6d..663d9845 100644 --- a/config/hosts/samhain/nixos.nix +++ b/config/hosts/goliath.nix @@ -1,17 +1,9 @@ -{ meta, tf, config, pkgs, lib, sources, ... }: - -with lib; - -let - hexchen = (import sources.hexchen) { }; - hexYgg = filterAttrs (_: c: c.enable) - (mapAttrs (_: host: host.config.network.yggdrasil) hexchen.hosts); -in -{ - # Imports +{ meta, tf, config, pkgs, lib, sources, ... }: with lib; { imports = with meta; [ profiles.hardware.ms-7b86 + profiles.hardware.razer + profiles.hardware.bamboo profiles.gui profiles.vfio profiles.network @@ -26,10 +18,8 @@ in services.zfs ]; - # Terraform - deploy.tf = { - resources.samhain = { + resources.goliath = { provider = "null"; type = "resource"; connection = { @@ -39,8 +29,6 @@ in }; }; - # File Systems and Swap - boot.supportedFilesystems = [ "zfs" "xfs" ]; fileSystems = { @@ -141,22 +129,34 @@ in { device = "/dev/disk/by-uuid/8f944315-fe1c-4095-90ce-50af03dd5e3f"; } ]; - # Bootloader - boot.loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; - # Hardware - deploy.profile.hardware.acs-override = true; users.users.kat.extraGroups = singleton "openrazer"; - hardware.openrazer = { - enable = true; + hardware = { + displays = { + "HDMI-A-1" = { + res = "1920x1080"; + pos = "0 0"; + }; + "DVI-D-1" = { + res = "1920x1200"; + pos = "1290 0"; + }; + "DP-1" = { + res = "1920x1080"; + pos = "3840 0"; + }; + }; + bamboo.display = "HDMI-A-1"; + openrazer.enable = true; }; + environment.systemPackages = [ pkgs.razergenie ]; boot.modprobe.modules = { @@ -179,8 +179,6 @@ in SUBSYSTEM=="block", ACTION=="add", ATTRS{model}=="HFS256G32TNF-N3A", ATTRS{wwid}=="t10.ATA HFS256G32TNF-N3A0A MJ8BN15091150BM1Z ", OWNER="kat" ''; - # Networking - networking = { hostId = "617050fc"; useDHCP = false; @@ -224,19 +222,14 @@ in listen.enable = false; listen.endpoints = [ "tcp://0.0.0.0:0" ]; }; - }; - - # Firewall - - network.firewall = { - public.interfaces = singleton "br"; - private = { - interfaces = singleton "yggdrasil"; + firewall = { + public.interfaces = singleton "br"; + private = { + interfaces = singleton "yggdrasil"; + }; }; }; - # State - system.stateVersion = "20.09"; } diff --git a/config/hosts/koishi.nix b/config/hosts/koishi.nix new file mode 100644 index 00000000..2d4d0579 --- /dev/null +++ b/config/hosts/koishi.nix @@ -0,0 +1,115 @@ +{ meta, config, pkgs, lib, ... }: with lib; { + options.home-manager.users = let + userBase16Extend = { config, nixos, ... }: { + base16.alias.default = "atelier.atelier-cave-light"; + }; + in mkOption { + type = types.attrsOf (types.submoduleWith { + modules = singleton userBase16Extend; + }); + }; + + imports = with meta; [ + profiles.hardware.v330-14arr + profiles.gui + profiles.network + users.kat.guiFull + services.nginx + services.restic + services.zfs + ]; + + config = { + deploy.tf = { + resources.koishi = { + provider = "null"; + type = "resource"; + connection = { + port = head config.services.openssh.ports; + host = config.network.addresses.private.nixos.ipv4.address; + }; + }; + }; + + boot.supportedFilesystems = singleton "zfs"; + + fileSystems = { + "/" = { + device = "rpool/safe/root"; + fsType = "zfs"; + }; + "/home" = { + device = "rpool/safe/home"; + fsType = "zfs"; + }; + "/nix" = { + device = "rpool/local/nix"; + fsType = "zfs"; + }; + "/boot" = { + device = "/dev/disk/by-uuid/2552-18F2"; + fsType = "vfat"; + }; + }; + + swapDevices = [{ device = "/dev/disk/by-uuid/87ff4f68-cc00-494e-8eba-050469c3bf03"; }]; + + boot = { + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + modprobe.modules = { + iwlwifi = { + options = { + wd_disable = 1; + }; + }; + }; + }; + + hardware.displays = { + "eDP-1" = { + res = "1920x1080"; + pos = "0 0"; + }; + }; + + networking = { + hostId = "dddbb888"; + useDHCP = false; + wireless.interfaces = singleton "wlp2s0"; + interfaces = { + wlp2s0.ipv4.addresses = singleton { + inherit (config.network.addresses.private.nixos.ipv4) address; + prefixLength = 24; + }; + }; + defaultGateway = config.network.privateGateway; + }; + + network = { + addresses = { + private = { + enable = true; + nixos = { + ipv4.address = "192.168.1.3"; + }; + }; + }; + yggdrasil = { + enable = true; + pubkey = "9779fd6b5bdba6b9e0f53c96e141f4b11ce5ef749d1b9e77a759a3fdbd33a653"; + listen.enable = false; + listen.endpoints = [ "tcp://0.0.0.0:0" ]; + }; + firewall = { + public.interfaces = [ "enp1s0" "wlp2s0" ]; + private.interfaces = singleton "yggdrasil"; + }; + }; + + system.stateVersion = "20.09"; + }; +} + diff --git a/config/hosts/athame/nixos.nix b/config/hosts/kyouko.nix similarity index 99% rename from config/hosts/athame/nixos.nix rename to config/hosts/kyouko.nix index d8acd905..295780b1 100644 --- a/config/hosts/athame/nixos.nix +++ b/config/hosts/kyouko.nix @@ -46,7 +46,7 @@ with lib; # Terraform deploy.tf = { - resources.athame = { + resources.kyouko = { provider = "null"; type = "resource"; connection = { diff --git a/config/hosts/ostara/nixos.nix b/config/hosts/ran.nix similarity index 98% rename from config/hosts/ostara/nixos.nix rename to config/hosts/ran.nix index 8318a358..aa4361a0 100644 --- a/config/hosts/ostara/nixos.nix +++ b/config/hosts/ran.nix @@ -15,7 +15,7 @@ with lib; # Terraform deploy.tf = { - resources.ostara = { + resources.ran = { provider = "null"; type = "resource"; connection = { diff --git a/config/hosts/rinnosuke/nixos.nix b/config/hosts/rinnosuke.nix similarity index 100% rename from config/hosts/rinnosuke/nixos.nix rename to config/hosts/rinnosuke.nix diff --git a/config/hosts/samhain/home.nix b/config/hosts/samhain/home.nix deleted file mode 100644 index 9241afe3..00000000 --- a/config/hosts/samhain/home.nix +++ /dev/null @@ -1 +0,0 @@ -{ ... }: { imports = [ ./home/sway.nix ]; } diff --git a/config/hosts/samhain/home/sway.nix b/config/hosts/samhain/home/sway.nix deleted file mode 100644 index cd41b3ae..00000000 --- a/config/hosts/samhain/home/sway.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; - -{ - wayland.windowManager.sway = { - config = { - output = - let - left = { - res = "1920x1080"; - pos = "0 0"; - }; - middle = { - res = "1920x1200"; - pos = "1920 0"; - }; - right = { - res = "1920x1080"; - pos = "3840 0"; - }; - in - { - "DP-1" = right; - "DVI-D-1" = middle; - "HDMI-A-1" = left; - }; - - input = { - "5426:103:Razer_Razer_Naga_Trinity" = { - accel_profile = "adaptive"; - pointer_accel = "-0.5"; - }; - "5824:1503:screenstub-tablet" = { events = "disabled"; }; - "5824:1503:screenstub-mouse" = { events = "disabled"; }; - "5824:1503:screenstub-kbd" = { events = "disabled"; }; - "1386:215:Wacom_BambooPT_2FG_Small_Pen" = { - map_to_output = "HDMI-A-1"; - }; - "1386:215:Wacom_BambooPT_2FG_Small_Finger" = { - natural_scroll = "enabled"; - middle_emulation = "enabled"; - tap = "enabled"; - dwt = "enabled"; - accel_profile = "flat"; - pointer_accel = "0.05"; - }; - }; - }; - extraConfig = '' - workspace "1" output "DP-1" - workspace "11:F1" output "DVI-1" - workspace "12:F2" output "HDMI-A-1" - ''; - }; -} diff --git a/config/hosts/shinmyoumaru/nixos.nix b/config/hosts/shinmyoumaru.nix similarity index 82% rename from config/hosts/shinmyoumaru/nixos.nix rename to config/hosts/shinmyoumaru.nix index 8fb69b83..3c6c6c27 100644 --- a/config/hosts/shinmyoumaru/nixos.nix +++ b/config/hosts/shinmyoumaru.nix @@ -1,21 +1,15 @@ -{ config, meta, pkgs, lib, ... }: with lib; - -{ - # Imports - +{ config, meta, pkgs, lib, modulesPath, ... }: with lib; { imports = with meta; [ profiles.hardware.raspi profiles.network services.dnscrypt-proxy services.dht22-exporter - ./image.nix + (modulesPath + "/installer/sd-card/sd-image-raspberrypi.nix") ]; home-manager.users.kat.programs.neovim.enable = mkForce false; programs.mosh.enable = mkForce false; - # Terraform - deploy.tf = { resources.shinmyoumaru = { provider = "null"; @@ -27,8 +21,6 @@ }; }; - # Networking - networking = { useDHCP = true; interfaces.eth0.ipv4.addresses = singleton { @@ -54,16 +46,11 @@ listen.enable = false; listen.endpoints = [ "tcp://0.0.0.0:0" ]; }; + firewall = { + private.interfaces = singleton "yggdrasil"; + public.interfaces = singleton "eth0"; + }; }; - # Firewall - - network.firewall = { - private.interfaces = singleton "yggdrasil"; - public.interfaces = singleton "eth0"; - }; - - # State - system.stateVersion = "21.11"; } diff --git a/config/hosts/shinmyoumaru/image.nix b/config/hosts/shinmyoumaru/image.nix deleted file mode 100644 index 4d9342ab..00000000 --- a/config/hosts/shinmyoumaru/image.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ modulesPath, ... }: { - imports = [ - (modulesPath + "/installer/sd-card/sd-image-raspberrypi.nix") - ]; -} diff --git a/config/hosts/to-do/mabon/home/default.nix b/config/hosts/to-do/mabon/home/default.nix deleted file mode 100644 index c915eb0a..00000000 --- a/config/hosts/to-do/mabon/home/default.nix +++ /dev/null @@ -1 +0,0 @@ -{ ... }: { } diff --git a/config/hosts/to-do/mabon/nixos/default.nix b/config/hosts/to-do/mabon/nixos/default.nix deleted file mode 100644 index 071a7ea0..00000000 --- a/config/hosts/to-do/mabon/nixos/default.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, users, pkgs, profiles, ... }: - -{ - imports = [ - ./hw.nix - profiles.gui - profiles.fvwm - profiles.laptop - users.kairi.guiFull - ]; - - networking.wireless.interfaces = [ "wlp3s0" ]; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - boot.kernelPackages = pkgs.linuxPackages; - boot.kernelModules = [ "wl" ]; - boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; - - networking.hostId = "d199ad70"; - - networking.useDHCP = false; - networking.interfaces.enp1s0.useDHCP = false; - networking.interfaces.wlp2s0.useDHCP = true; - - system.stateVersion = "20.09"; -} diff --git a/config/hosts/to-do/mabon/nixos/hw.nix b/config/hosts/to-do/mabon/nixos/hw.nix deleted file mode 100644 index f9efa0fe..00000000 --- a/config/hosts/to-do/mabon/nixos/hw.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot.initrd.availableKernelModules = [ - "uhci_hcd" - "ehci_pci" - "ahci" - "firewire_ohci" - "usbhid" - "usb_storage" - "sd_mod" - "sr_mod" - "sdhci_pci" - ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" "wl" ]; - boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/236f9363-19ee-46e3-8db4-5dd1e28b742d"; - fsType = "ext4"; - }; - - boot.initrd.luks.devices."cryptroot".device = - "/dev/disk/by-uuid/b0435b6c-fd76-44d0-8b63-2c2c059df814"; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/84FB-4F88"; - fsType = "vfat"; - }; - - swapDevices = - [{ device = "/dev/disk/by-uuid/926c41d6-c06a-4dcc-b55d-f4cfaafe4bac"; }]; - - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; -} diff --git a/config/hosts/beltane/nixos.nix b/config/hosts/yukari.nix similarity index 88% rename from config/hosts/beltane/nixos.nix rename to config/hosts/yukari.nix index d75ddd26..04c6a25f 100644 --- a/config/hosts/beltane/nixos.nix +++ b/config/hosts/yukari.nix @@ -1,10 +1,4 @@ -{ meta, tf, config, pkgs, lib, ... }: - -with lib; - -{ - # Imports - +{ meta, tf, config, pkgs, lib, ... }: with lib; { imports = with meta; [ profiles.hardware.rm-310 profiles.network @@ -21,10 +15,8 @@ with lib; services.zfs ]; - # Terraform - deploy.tf = { - resources.beltane = { + resources.yukari = { provider = "null"; type = "resource"; connection = { @@ -34,8 +26,6 @@ with lib; }; }; - # File Systems and Swap - boot.supportedFilesystems = singleton "zfs"; fileSystems = { @@ -74,8 +64,6 @@ with lib; { device = "/dev/disk/by-uuid/1ee2d322-235c-41de-b272-7ceded4e2624"; } ]; - # Bootloader - boot.loader = { efi.canTouchEfiVariables = true; grub = { @@ -91,7 +79,10 @@ with lib; }; }; - # Networking + hardware.displays."VGA-1" = { + res = "1280x1024@75Hz"; + pos = "1920 0"; + }; networking = { hostId = "3ef9a419"; @@ -119,20 +110,12 @@ with lib; listen.enable = false; listen.endpoints = [ "tcp://0.0.0.0:0" ]; }; + firewall = { + private.interfaces = singleton "yggdrasil"; + public.interfaces = singleton "eno1"; + }; }; - # Firewall - - network.firewall = { - private.interfaces = singleton "yggdrasil"; - public.interfaces = singleton "eno1"; - }; - - # Yggdrasil - - - # State - system.stateVersion = "21.05"; } diff --git a/config/hosts/yule/home.nix b/config/hosts/yule/home.nix deleted file mode 100644 index 2e2713c6..00000000 --- a/config/hosts/yule/home.nix +++ /dev/null @@ -1 +0,0 @@ -{ ... }: { imports = [ ./home/sway.nix ./home/base16.nix ]; } diff --git a/config/hosts/yule/home/base16.nix b/config/hosts/yule/home/base16.nix deleted file mode 100644 index e92cfee0..00000000 --- a/config/hosts/yule/home/base16.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ config, ... }: - -{ - base16.alias.default = "atelier.atelier-cave-light"; -} diff --git a/config/hosts/yule/home/sway.nix b/config/hosts/yule/home/sway.nix deleted file mode 100644 index 8ecf8231..00000000 --- a/config/hosts/yule/home/sway.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -{ - wayland.windowManager.sway.config = { - output = - let - laptop = { - res = "1920x1080"; - pos = "0 0"; - }; - in - { "eDP-1" = laptop; }; - - input = { - "1739:33362:Synaptics_TM3336-002" = { - dwt = "enabled"; - tap = "enabled"; - natural_scroll = "enabled"; - middle_emulation = "enabled"; - click_method = "clickfinger"; - }; - }; - }; -} diff --git a/config/hosts/yule/nixos.nix b/config/hosts/yule/nixos.nix deleted file mode 100644 index 8586af88..00000000 --- a/config/hosts/yule/nixos.nix +++ /dev/null @@ -1,114 +0,0 @@ -{ meta, config, pkgs, lib, ... }: - -with lib; - -{ - # Imports - - imports = with meta; [ - profiles.hardware.v330-14arr - profiles.gui - profiles.network - users.kat.guiFull - services.nginx - services.restic - services.zfs - ]; - - # Terraform - - deploy.tf = { - resources.yule = { - provider = "null"; - type = "resource"; - connection = { - port = head config.services.openssh.ports; - host = config.network.addresses.private.nixos.ipv4.address; - }; - }; - }; - - # File Systems and Swap - - boot.supportedFilesystems = singleton "zfs"; - - fileSystems = { - "/" = { - device = "rpool/safe/root"; - fsType = "zfs"; - }; - "/home" = { - device = "rpool/safe/home"; - fsType = "zfs"; - }; - "/nix" = { - device = "rpool/local/nix"; - fsType = "zfs"; - }; - "/boot" = { - device = "/dev/disk/by-uuid/2552-18F2"; - fsType = "vfat"; - }; - }; - - swapDevices = [{ device = "/dev/disk/by-uuid/87ff4f68-cc00-494e-8eba-050469c3bf03"; }]; - - # Bootloader - - boot.loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - - # Hardware - - boot.modprobe.modules = { - iwlwifi = { - options.wd_disable = 1; - }; - }; - - # Networking - - networking = { - hostId = "dddbb888"; - useDHCP = false; - wireless.interfaces = singleton "wlp2s0"; - interfaces = { - wlp2s0.ipv4.addresses = singleton { - inherit (config.network.addresses.private.nixos.ipv4) address; - prefixLength = 24; - }; - }; - defaultGateway = config.network.privateGateway; - }; - - network = { - addresses = { - private = { - enable = true; - nixos = { - ipv4.address = "192.168.1.3"; - }; - }; - }; - yggdrasil = { - enable = true; - pubkey = "9779fd6b5bdba6b9e0f53c96e141f4b11ce5ef749d1b9e77a759a3fdbd33a653"; - listen.enable = false; - listen.endpoints = [ "tcp://0.0.0.0:0" ]; - }; - }; - - # Firewall - - network.firewall = { - public.interfaces = [ "enp1s0" "wlp2s0" ]; - private.interfaces = singleton "yggdrasil"; - }; - - # State - - system.stateVersion = "20.09"; -} - diff --git a/config/modules/home/displays.nix b/config/modules/home/displays.nix new file mode 100644 index 00000000..ceb98bb2 --- /dev/null +++ b/config/modules/home/displays.nix @@ -0,0 +1,22 @@ +{ config, lib, nixos, ... }: with lib; { + options.hardware.displays = mkOption { + type = with types; attrsOf (submodule ({ config, ... }: { + options = { + pos = mkOption { + type = types.str; + }; + res = mkOption { + type = types.str; + }; + }; + })); + }; + config = mkMerge [ + { + hardware.displays = nixos.hardware.displays; + } + (mkIf config.wayland.windowManager.sway.enable { + wayland.windowManager.sway.config.output = config.hardware.displays; + }) + ]; +} diff --git a/config/modules/meta/deploy.nix b/config/modules/meta/deploy.nix index cf9fc94a..8713ee89 100644 --- a/config/modules/meta/deploy.nix +++ b/config/modules/meta/deploy.nix @@ -71,7 +71,7 @@ in config.tf = mkMerge (singleton ({ ... }: { imports = [ - ../../tf-common.nix + ../../tf.nix ]; deploy.gcroot = { name = mkDefault "kw-${config.name}"; diff --git a/config/modules/meta/imports.nix b/config/modules/meta/imports.nix index bd9d8252..0f63c32d 100644 --- a/config/modules/meta/imports.nix +++ b/config/modules/meta/imports.nix @@ -22,6 +22,7 @@ with lib; config = { network.importing = { nixosImports = mkDefault (map (path: toString path) [ + (root + "/config/hosts/HN.nix") (root + "/config/hosts/HN/nixos.nix") (root + "/config/trusted/hosts/HN/nixos.nix") ]); diff --git a/config/modules/nixos/displays.nix b/config/modules/nixos/displays.nix new file mode 100644 index 00000000..e3b815b2 --- /dev/null +++ b/config/modules/nixos/displays.nix @@ -0,0 +1,14 @@ +{ config, lib, ... }: with lib; { + options.hardware.displays = mkOption { + type = with types; attrsOf (submodule ({ config, ... }: { + options = { + pos = mkOption { + type = types.str; + }; + res = mkOption { + type = types.str; + }; + }; + })); + }; +} diff --git a/config/modules/nixos/yggdrasil.nix b/config/modules/nixos/yggdrasil.nix index 5ea6d6f3..5e73f869 100644 --- a/config/modules/nixos/yggdrasil.nix +++ b/config/modules/nixos/yggdrasil.nix @@ -25,71 +25,75 @@ in description = "Open Firewall completely for the network"; default = false; }; - listen.enable = mkOption { - type = types.bool; - description = "Allow other hosts in the network to connect directly"; - default = false; + listen = { + enable = mkOption { + type = types.bool; + description = "Allow other hosts in the network to connect directly"; + default = false; + }; + endpoints = mkOption { + type = types.listOf types.str; + description = "Endpoints to listen on"; + default = [ ]; + }; }; - listen.endpoints = mkOption { - type = types.listOf types.str; - description = "Endpoints to listen on"; - default = [ ]; + tunnel = { + localV6 = mkOption { + type = types.listOf types.str; + description = "v6 subnets to expose"; + default = [ ]; + }; + localV4 = mkOption { + type = types.listOf types.str; + description = "v4 subnets to expose"; + default = [ ]; + }; + remoteV6 = mkOption { + type = types.attrsOf types.str; + description = "Extra v6 subnets to route"; + default = { }; + }; + remoteV4 = mkOption { + type = types.attrsOf types.str; + description = "Extra v4 subnets to route"; + default = { }; + }; }; - dns.enable = mkOption { - type = types.bool; - description = "enable automatic dns record generation"; - default = false; + extra = { + pubkeys = mkOption { + type = types.attrsOf types.str; + description = "Additional hosts to allow into the network. Keys won't be added to definition host."; + default = { }; + example = { host = "0000000000000000000000000000000000000000000000000000000000000000"; }; + }; + addresses = mkOption { + type = types.attrsOf types.str; + internal = true; + default = mapAttrs (_: c: calcAddr c) cfg.extra.pubkeys; + }; + localV6 = mkOption { + type = types.listOf types.str; + description = "v6 subnets to expose, but not route"; + default = [ ]; + }; + localV4 = mkOption { + type = types.listOf types.str; + description = "v4 subnets to expose, but not route"; + default = [ ]; + }; }; - dns.zone = mkOption { - type = types.str; - description = "Main zone to insert DNS records into"; - default = "lilwit.ch"; - }; - dns.subdomain = mkOption { - type = types.str; - description = "subdomain to put the records into"; - default = "net"; - }; - tunnel.localV6 = mkOption { - type = types.listOf types.str; - description = "v6 subnets to expose"; - default = [ ]; - }; - tunnel.localV4 = mkOption { - type = types.listOf types.str; - description = "v4 subnets to expose"; - default = [ ]; - }; - tunnel.remoteV6 = mkOption { - type = types.attrsOf types.str; - description = "Extra v6 subnets to route"; - default = { }; - }; - tunnel.remoteV4 = mkOption { - type = types.attrsOf types.str; - description = "Extra v4 subnets to route"; - default = { }; - }; - extra.pubkeys = mkOption { - type = types.attrsOf types.str; - description = "Additional hosts to allow into the network. Keys won't be added to definition host."; - default = { }; - example = { host = "0000000000000000000000000000000000000000000000000000000000000000"; }; - }; - extra.addresses = mkOption { - type = types.attrsOf types.str; - internal = true; - default = mapAttrs (_: c: calcAddr c) cfg.extra.pubkeys; - }; - extra.localV6 = mkOption { - type = types.listOf types.str; - description = "v6 subnets to expose, but not route"; - default = [ ]; - }; - extra.localV4 = mkOption { - type = types.listOf types.str; - description = "v4 subnets to expose, but not route"; - default = [ ]; + extern = { + pubkeys = mkOption { + type = types.attrsOf types.str; + description = "Additional hosts to allow into the network. Keys won't be added to definition host."; + default = { }; + example = { host = "0000000000000000000000000000000000000000000000000000000000000000"; }; + }; + endpoints = mkOption { + type = types.listOf types.str; + description = "Endpoints to listen on"; + default = [ ]; + }; }; }; @@ -102,7 +106,7 @@ in ( mapAttrsToList (_: node: node.network.yggdrasil or { enable = false; pubkey = null; }) meta.network.nodes ); - pubkeys = flatten (map (c: [ c.pubkey ] ++ (attrValues c.extra.pubkeys)) yggConfigs); + pubkeys = flatten ((filter (n: n != "0000000000000000000000000000000000000000000000000000000000000000") (attrValues cfg.extern.pubkeys)) ++ (map (c: [ c.pubkey ] ++ (attrValues c.extra.pubkeys)) yggConfigs)); in { assertions = [ @@ -121,7 +125,7 @@ in AllowedEncryptionPublicKeys = pubkeys; IfName = "yggdrasil"; Listen = cfg.listen.endpoints; - Peers = lib.flatten (map (c: c.listen.endpoints) (filter (c: c.listen.enable) yggConfigs)); + Peers = lib.flatten (cfg.extern.endpoints ++ (map (c: c.listen.endpoints) (filter (c: c.listen.enable) yggConfigs))); SessionFirewall = { Enable = true; AllowFromRemote = false; diff --git a/config/profiles/gui/nfs.nix b/config/profiles/gui/nfs.nix index 19bbd55a..33126217 100644 --- a/config/profiles/gui/nfs.nix +++ b/config/profiles/gui/nfs.nix @@ -3,11 +3,13 @@ { boot.supportedFilesystems = [ "nfs" ]; - fileSystems."/mnt/kat-nas" = lib.mkIf (config.networking.hostName != "beltane") { - device = "${meta.network.nodes.beltane.network.addresses.wireguard.domain}:/mnt/zraw/media"; + /* + fileSystems."/mnt/kat-nas" = lib.mkIf (config.networking.hostName != "yukari") { + device = "${meta.network.nodes.yukari.network.addresses.wireguard.domain}:/mnt/zraw/media"; fsType = "nfs"; options = [ "x-systemd.automount" "noauto" "nfsvers=4" "soft" "retrans=2" "timeo=60" ]; - }; + }; + */ /* fileSystems."/mnt/hex-corn" = { diff --git a/config/profiles/hardware/bamboo.nix b/config/profiles/hardware/bamboo.nix new file mode 100644 index 00000000..2cc6700b --- /dev/null +++ b/config/profiles/hardware/bamboo.nix @@ -0,0 +1,30 @@ +{ config, lib, ... }: with lib; { + options = { + hardware.bamboo.display = mkOption { + type = types.str; + }; + home-manager.users = let + userBambooExtend = { config, nixos, ... }: { + config = mkIf config.wayland.windowManager.sway.enable { + wayland.windowManager.sway.config.input = { + "1386:215:Wacom_BambooPT_2FG_Small_Pen" = { + map_to_output = nixos.hardware.bamboo.display; + }; + "1386:215:Wacom_BambooPT_2FG_Small_Finger" = { + natural_scroll = "enabled"; + middle_emulation = "enabled"; + tap = "enabled"; + dwt = "enabled"; + accel_profile = "flat"; + pointer_accel = "0.05"; + }; + }; + }; + }; + in mkOption { + type = types.attrsOf (types.submoduleWith { + modules = singleton userBambooExtend; + }); + }; + }; +} diff --git a/config/profiles/hardware/oracle/common.nix b/config/profiles/hardware/oracle/common.nix index eb11e848..cd040f41 100644 --- a/config/profiles/hardware/oracle/common.nix +++ b/config/profiles/hardware/oracle/common.nix @@ -92,7 +92,8 @@ in in { enable = true; - nixos.ipv6.address = mkIf (tf.state.resources ? ${tf.resources.${config.networking.hostName}.out.reference}) addr_ipv6_nix; + #nixos.ipv6.address = mkIf (tf.state.resources ? ${tf.resources.${config.networking.hostName}.out.reference}) addr_ipv6_nix; + nixos.ipv6.address = addr_ipv6_nix; tf.ipv6.address = tf.resources."${config.networking.hostName}_ipv6".refAttr "ip_address"; }; }; @@ -214,6 +215,7 @@ in }; lifecycle.ignoreChanges = [ "source_details[0].source_id" + "metadata" ]; connection = { type = "ssh"; diff --git a/config/profiles/hardware/razer.nix b/config/profiles/hardware/razer.nix new file mode 100644 index 00000000..6948451b --- /dev/null +++ b/config/profiles/hardware/razer.nix @@ -0,0 +1,20 @@ +{ config, lib, ... }: with lib; { + options = { + home-manager.users = let + userRazerExtend = { config, nixos, ... }: { + config = mkIf (config.wayland.windowManager.sway.enable && nixos.hardware.openrazer.enable) { + wayland.windowManager.sway.config.input = { + "5426:103:Razer_Razer_Naga_Trinity" = { + accel_profile = "adaptive"; + pointer_accel = "-0.5"; + }; + }; + }; + }; + in mkOption { + type = types.attrsOf (types.submoduleWith { + modules = singleton userRazerExtend; + }); + }; + }; +} diff --git a/config/profiles/hardware/v330-14arr.nix b/config/profiles/hardware/v330-14arr.nix index 4b66f61d..1396422f 100644 --- a/config/profiles/hardware/v330-14arr.nix +++ b/config/profiles/hardware/v330-14arr.nix @@ -1,15 +1,33 @@ -{ config, ... }: +{ config, lib, ... }: with lib; /* This hardware profile corresponds to the Lenovo IdeaPad v330-14ARR. */ { - deploy.profile.hardware.v330-14arr = true; + options.home-manager.users = let + userTouchpadExtend = { config, nixos, ... }: { + wayland.windowManager.sway.config.input."1739:33362:Synaptics_TM3336-002" = { + dwt = "enabled"; + tap = "enabled"; + natural_scroll = "enabled"; + middle_emulation = "enabled"; + click_method = "clickfinger"; + }; + }; + in mkOption { + type = types.attrsOf (types.submoduleWith { + modules = singleton userTouchpadExtend; + }); + }; - boot.initrd.availableKernelModules = - [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; + config = { + deploy.profile.hardware.v330-14arr = true; + + boot.initrd.availableKernelModules = + [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + }; } diff --git a/config/profiles/network.nix b/config/profiles/network.nix index 87cd29cd..81c0298c 100644 --- a/config/profiles/network.nix +++ b/config/profiles/network.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: with lib; +{ config, lib, pkgs, sources, ... }: with lib; { options.network = with lib; { @@ -9,6 +9,28 @@ }; config = { + network.yggdrasil.extern = let + hexchen = (import sources.hexchen) { }; + hexYgg = filterAttrs (_: c: c.enable) + (mapAttrs (_: host: host.config.network.yggdrasil) hexchen.hosts); + in { + endpoints = flatten (map (c: c.listen.endpoints) (filter + (c: + c.listen.enable && (c.pubkey + != "0000000000000000000000000000000000000000000000000000000000000000")) + (attrValues hexYgg))); + pubkeys = { + satorin = + "53d99a74a648ff7bd5bc9ba68ef4f472fb4fb8b2e26dfecea33c781f0d5c9525"; + shanghai = + "0cc3c26366cbfddfb1534b25c5655733d8f429edc941bcce674c46566fc87027"; + grimoire = + "2a1567a2848540070328c9e938c58d40f2b1a3f08982c15c7edc5dcabfde3330"; + boline = + "89684441745467da0d1bf7f47dc74ec3ca65e05c72f752298ef3c22a22024d43"; + } // (mapAttrs (_: c: c.pubkey) hexYgg); + }; + networking.firewall.extraCommands = "ip6tables -A INPUT -p 89 -i wgmesh-+ -j ACCEPT"; networking.nftables.extraInput = '' meta l4proto 89 iifname wgmesh-* accept diff --git a/config/profiles/vfio/profile.nix b/config/profiles/vfio/profile.nix index 83dfcf2a..7340f949 100644 --- a/config/profiles/vfio/profile.nix +++ b/config/profiles/vfio/profile.nix @@ -1,8 +1,4 @@ -{ config, pkgs, lib, ... }: - -with lib; - -let +{ config, pkgs, lib, ... }: with lib; let win10-screenstub = pkgs.writeShellScriptBin "win10-screenstub" '' ${pkgs.screenstub-kat}/bin/screenstub -c "${./screenstub.yml}" x ''; @@ -11,62 +7,75 @@ let ''; in { - # TODO: move to upstream screenstub with config options, move screenstub.yml into specific host - deploy.profile.vfio = true; - - environment.systemPackages = with pkgs; [ - win10-screenstub - win10-vm - win10-diskmapper - ddcutil - ]; - - - users.users.kat.extraGroups = [ "vfio" "input" "uinput" ]; - users.groups = { uinput = { }; vfio = { }; }; - - boot = lib.mkMerge [{ - initrd.kernelModules = mkBefore [ "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ]; - kernelModules = [ "i2c-dev" ]; # i2c-dev is required for DDC/CI for screenstub - kernelPatches = with pkgs.kernelPatches; [ - (mkIf config.deploy.profile.hardware.acs-override acs-override) - ]; - } - (mkIf (config.deploy.profile.hardware.amdgpu) { - kernelParams = [ - "video=efifb:off" - ]; - extraModulePackages = [ - (pkgs.linuxPackagesFor config.boot.kernelPackages.kernel).vendor-reset - ]; - }) - (mkIf (config.deploy.profile.hardware.acs-override) { - kernelParams = [ - "pci=noats" - "pcie_acs_override=downstream,multifunction" - ]; - })]; - - environment.etc."qemu/bridge.conf".text = "allow br"; - - security.wrappers = { - qemu-bridge-helper = { - source = "${pkgs.qemu-vfio}/libexec/qemu-bridge-helper"; - }; + options.home-manager.users = let + userVFIOExtend = { config, ... }: { + config = mkIf config.wayland.windowManager.sway.enable { + wayland.windowManager.sway.config.input = genAttrs [ "tablet" "mouse" "kbd" ] (t: + nameValuePair "5824:1503:screenstub-${t}" ({ events = "disabled"; }) + ); + }; + }; + in mkOption { + type = types.attrsOf (types.submoduleWith { + modules = singleton userVFIOExtend; + }); }; - services.udev.extraRules = '' - SUBSYSTEM=="i2c-dev", GROUP="vfio", MODE="0660" - SUBSYSTEM=="misc", KERNEL=="uinput", OPTIONS+="static_node=uinput", MODE="0660", GROUP="uinput" - SUBSYSTEM=="vfio", OWNER="root", GROUP="vfio" - ''; + config = { + deploy.profile.vfio = true; - security.pam.loginLimits = [{ - domain = "@vfio"; - type = "-"; - item = "memlock"; - value = "unlimited"; - }]; + environment.systemPackages = with pkgs; [ + win10-screenstub + win10-vm + win10-diskmapper + ddcutil + ]; - systemd.extraConfig = "DefaultLimitMEMLOCK=infinity"; + users.groups = { uinput = { }; vfio = { }; }; + + boot = lib.mkMerge [{ + initrd.kernelModules = mkBefore [ "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ]; + kernelModules = [ "i2c-dev" ]; # i2c-dev is required for DDC/CI for screenstub + kernelPatches = with pkgs.kernelPatches; [ + (mkIf config.deploy.profile.hardware.acs-override acs-override) + ]; + } + (mkIf (config.deploy.profile.hardware.amdgpu) { + kernelParams = [ + "video=efifb:off" + ]; + extraModulePackages = [ + (pkgs.linuxPackagesFor config.boot.kernelPackages.kernel).vendor-reset + ]; + }) + (mkIf (config.deploy.profile.hardware.acs-override) { + kernelParams = [ + "pci=noats" + "pcie_acs_override=downstream,multifunction" + ]; + })]; + + environment.etc."qemu/bridge.conf".text = "allow br"; + + security.wrappers = { + qemu-bridge-helper = { + source = "${pkgs.qemu-vfio}/libexec/qemu-bridge-helper"; + }; + }; + + services.udev.extraRules = '' + SUBSYSTEM=="i2c-dev", GROUP="vfio", MODE="0660" + SUBSYSTEM=="misc", KERNEL=="uinput", OPTIONS+="static_node=uinput", MODE="0660", GROUP="uinput" + SUBSYSTEM=="vfio", OWNER="root", GROUP="vfio" + ''; + + security.pam.loginLimits = [{ + domain = "@vfio"; + type = "-"; + item = "memlock"; + value = "unlimited"; + }]; + + systemd.extraConfig = "DefaultLimitMEMLOCK=infinity"; + }; } diff --git a/config/services/gitea/default.nix b/config/services/gitea/default.nix index 27ccd6ca..83bb64b3 100644 --- a/config/services/gitea/default.nix +++ b/config/services/gitea/default.nix @@ -45,7 +45,7 @@ mailer = { ENABLED = true; SUBJECT = "%(APP_NAME)s"; - HOST = "athame.kittywit.ch:465"; + HOST = "kyouko.kittywit.ch:465"; USER = "gitea@kittywit.ch"; #SEND_AS_PLAIN_TEXT = true; USE_SENDMAIL = false; diff --git a/config/services/kattv/default.nix b/config/services/kattv/default.nix index d60af650..85ac9918 100644 --- a/config/services/kattv/default.nix +++ b/config/services/kattv/default.nix @@ -35,7 +35,7 @@ let { element.matroskamux.streamable = true; } { element.tcpclientsink = { - host = meta.network.nodes.beltane.network.addresses.private.nixos.ipv4.address; + host = meta.network.nodes.yukari.network.addresses.private.nixos.ipv4.address; port = "4953"; sync = false; }; diff --git a/config/services/mail/default.nix b/config/services/mail/default.nix index ff2bd526..e2f68758 100644 --- a/config/services/mail/default.nix +++ b/config/services/mail/default.nix @@ -71,8 +71,8 @@ in fqdn = config.network.addresses.public.domain; domains = [ "kittywit.ch" "dork.dev" ]; certificateScheme = 1; - certificateFile = "/var/lib/acme/${config.mailserver.fqdn}/cert.pem"; - keyFile = "/var/lib/acme/${config.mailserver.fqdn}/key.pem"; + certificateFile = "/var/lib/acme/public_${config.networking.hostName}/cert.pem"; + keyFile = "/var/lib/acme/public_${config.networking.hostName}/key.pem"; enableImap = true; enablePop3 = true; enableImapSsl = true; diff --git a/config/services/vaultwarden/default.nix b/config/services/vaultwarden/default.nix index 8645283f..cc87d4d7 100644 --- a/config/services/vaultwarden/default.nix +++ b/config/services/vaultwarden/default.nix @@ -10,7 +10,7 @@ secrets.files.vaultwarden-env = { text = '' ADMIN_TOKEN=${tf.variables.vaultwarden-password.ref} - SMTP_HOST=athame.kittywit.ch + SMTP_HOST=kyouko.kittywit.ch SMTP_FROM=vaultwarden@kittywit.ch SMTP_FROM_NAME=Vaultwarden SMTP_PORT=465 diff --git a/config/tf-common.nix b/config/tf.nix similarity index 100% rename from config/tf-common.nix rename to config/tf.nix diff --git a/config/users/kat/base/weechat.nix b/config/users/kat/base/weechat.nix index e5547ac8..1e73f900 100644 --- a/config/users/kat/base/weechat.nix +++ b/config/users/kat/base/weechat.nix @@ -6,9 +6,9 @@ with lib; programs.weechat = { init = lib.mkMerge [ (lib.mkBefore '' - /server add espernet athame.kittywit.ch/5001 -ssl -autoconnect - /server add softnet athame.kittywit.ch/5001 -ssl -autoconnect - /server add liberachat athame.kittywit.ch/5001 -ssl -autoconnect + /server add espernet kyouko.kittywit.ch/5001 -ssl -autoconnect + /server add softnet kyouko.kittywit.ch/5001 -ssl -autoconnect + /server add liberachat kyouko.kittywit.ch/5001 -ssl -autoconnect /matrix server add kittywitch kittywit.ch /key bind meta-g /go /key bind meta-v /input jump_last_buffer_displayed diff --git a/config/users/kat/nixos.nix b/config/users/kat/nixos.nix index 0227caba..f91a60eb 100644 --- a/config/users/kat/nixos.nix +++ b/config/users/kat/nixos.nix @@ -8,7 +8,7 @@ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCocjQqiDIvzq+Qu3jkf7FXw5piwtvZ1Mihw9cVjdVcsra3U2c9WYtYrA3rS50N3p00oUqQm9z1KUrvHzdE+03ZCrvaGdrtYVsaeoCuuvw7qxTQRbItTAEsfRcZLQ5c1v/57HNYNEsjVrt8VukMPRXWgl+lmzh37dd9w45cCY1QPi+JXQQ/4i9Vc3aWSe4X6PHOEMSBHxepnxm5VNHm4PObGcVbjBf0OkunMeztd1YYA9sEPyEK3b8IHxDl34e5t6NDLCIDz0N/UgzCxSxoz+YJ0feQuZtud/YLkuQcMxW2dSGvnJ0nYy7SA5DkW1oqcy6CGDndHl5StOlJ1IF9aGh0gGkx5SRrV7HOGvapR60RphKrR5zQbFFka99kvSQgOZqSB3CGDEQGHv8dXKXIFlzX78jjWDOBT67vA/M9BK9FS2iNnBF5x6shJ9SU5IK4ySxq8qvN7Us8emkN3pyO8yqgsSOzzJT1JmWUAx0tZWG/BwKcFBHfceAPQl6pwxx28TM3BTBRYdzPJLTkAy48y6iXW6UYdfAPlShy79IYjQtEThTuIiEzdzgYdros0x3PDniuAP0KOKMgbikr0gRa6zahPjf0qqBnHeLB6nHAfaVzI0aNbhOg2bdOueE1FX0x48sjKqjOpjlIfq4WeZp9REr2YHEsoLFOBfgId5P3BPtpBQ== yubikey5" ]; shell = pkgs.zsh; - extraGroups = [ "wheel" "video" "systemd-journal" "plugdev" "bird2" ]; + extraGroups = [ "wheel" "video" "systemd-journal" "plugdev" "bird2" "vfio" "input" "uinput" ]; hashedPassword = removeSuffix "\n" config.kw.secrets.repo.kat-user.text; }; diff --git a/config/users/kat/personal/email.nix b/config/users/kat/personal/email.nix index ff4b8ff8..22783eaf 100644 --- a/config/users/kat/personal/email.nix +++ b/config/users/kat/personal/email.nix @@ -34,8 +34,8 @@ boxes = [ "Inbox" ]; onNotifyPost = "${pkgs.notmuch}/bin/notmuch new && ${pkgs.libnotify}/bin/notify-send 'New mail arrived'"; }; - imap.host = "athame.kittywit.ch"; - smtp.host = "athame.kittywit.ch"; + imap.host = "kyouko.kittywit.ch"; + smtp.host = "kyouko.kittywit.ch"; passwordCommand = "bitw get services/email/kittywitch -f password"; gpg = { signByDefault = true; diff --git a/config/users/kat/personal/weechat.nix b/config/users/kat/personal/weechat.nix index 0cd63f80..19e82e97 100644 --- a/config/users/kat/personal/weechat.nix +++ b/config/users/kat/personal/weechat.nix @@ -37,21 +37,21 @@ irc = { server = { softnet = { - address = "athame.kittywit.ch/5001"; + address = "kyouko.kittywit.ch/5001"; password = "kat@${nixos.networking.hostName}/softnet:\${sec.data.znc}"; ssl = true; ssl_verify = false; autoconnect = true; }; liberachat = { - address = "athame.kittywit.ch/5001"; + address = "kyouko.kittywit.ch/5001"; password = "kat@${nixos.networking.hostName}/liberachat:\${sec.data.znc}"; ssl = true; ssl_verify = false; autoconnect = true; }; espernet = { - address = "athame.kittywit.ch/5001"; + address = "kyouko.kittywit.ch/5001"; password = "kat@${nixos.networking.hostName}/espernet:\${sec.data.znc}"; ssl = true; ssl_verify = false; diff --git a/config/users/kat/services/weechat.nix b/config/users/kat/services/weechat.nix index f2eded08..f060d51d 100644 --- a/config/users/kat/services/weechat.nix +++ b/config/users/kat/services/weechat.nix @@ -54,21 +54,21 @@ irc = { server = { softnet = { - address = "athame.kittywit.ch/5001"; + address = "kyouko.kittywit.ch/5001"; password = "kat@${nixos.networking.hostName}/softnet:\${sec.data.znc}"; ssl = true; ssl_verify = false; autoconnect = true; }; liberachat = { - address = "athame.kittywit.ch/5001"; + address = "kyouko.kittywit.ch/5001"; password = "kat@${nixos.networking.hostName}/liberachat:\${sec.data.znc}"; ssl = true; ssl_verify = false; autoconnect = true; }; espernet = { - address = "athame.kittywit.ch/5001"; + address = "kyouko.kittywit.ch/5001"; password = "kat@${nixos.networking.hostName}/espernet:\${sec.data.znc}"; ssl = true; ssl_verify = false; diff --git a/nix/sources.json b/nix/sources.json index daa539b0..3026f3de 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -171,10 +171,10 @@ "homepage": null, "owner": "arcnmx", "repo": "tf-nix", - "rev": "074956f3d323d480581cee26a581f0819c6c25c4", - "sha256": "18d376hqk9ydmaj1zybpj3al3wr5p31ap86cbxyixbiyqgbg5ni3", + "rev": "80a8aac6e114b23aea71ba92f9791ba31354b302", + "sha256": "00fgnbvcqdhpnniqjjli2p49am27bkcb6ijbhplcdnwf7wcjlvrp", "type": "tarball", - "url": "https://github.com/arcnmx/tf-nix/archive/074956f3d323d480581cee26a581f0819c6c25c4.tar.gz", + "url": "https://github.com/arcnmx/tf-nix/archive/80a8aac6e114b23aea71ba92f9791ba31354b302.tar.gz", "url_template": "https://github.com///archive/.tar.gz" } }