diff --git a/ci/common.nix b/ci/common.nix index 9461318c..2f5ca364 100644 --- a/ci/common.nix +++ b/ci/common.nix @@ -1,5 +1,4 @@ { - lib, channels, config, ... @@ -18,10 +17,12 @@ }; }; - /*nix.config = { + /* + nix.config = { extra-platforms = ["aarch64-linux" "armv6l-linux" "armv7l-linux"]; #extra-sandbox-paths = with channels.cipkgs; map (package: builtins.unsafeDiscardStringContext "${package}?") [bash qemu "/run/binfmt"]; - };*/ + }; + */ channels = { nixfiles.path = ../.; @@ -39,8 +40,8 @@ signingKey = null; }; kittywitch = { - enable = true; - publicKey = "kittywitch.cachix.org-1:KIzX/G5cuPw5WgrXad6UnrRZ8UDr7jhXzRTK/lmqyK0="; + enable = true; + publicKey = "kittywitch.cachix.org-1:KIzX/G5cuPw5WgrXad6UnrRZ8UDr7jhXzRTK/lmqyK0="; signingKey = "mewp"; }; }; diff --git a/ci/flake-cron.nix b/ci/flake-cron.nix index 3f1b6c80..84f79f93 100644 --- a/ci/flake-cron.nix +++ b/ci/flake-cron.nix @@ -1,20 +1,17 @@ { lib, - channels, config, ... }: -with lib; let - pkgs = channels.nixpkgs; -in { - imports = [ ./common.nix ]; +with lib; { + imports = [./common.nix]; config = { name = "flake-update"; gh-actions = { env = { - CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}"; - DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}"; + CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}"; + DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}"; }; on = let paths = [ @@ -53,8 +50,8 @@ in { }; jobs = { - flake-update = { ... }: { - imports = [ ./packages.nix ]; + flake-update = {...}: { + imports = [./packages.nix]; }; }; diff --git a/ci/nodes.nix b/ci/nodes.nix index b3a629a6..c941a591 100644 --- a/ci/nodes.nix +++ b/ci/nodes.nix @@ -5,18 +5,17 @@ ... }: with lib; let - pkgs = channels.nixpkgs; - enabledNixosSystems = filterAttrs (_: system: system.config.ci.enable && system.config.type == "NixOS") channels.nixfiles.systems; - enabledHomeSystems = filterAttrs (_: system: system.config.ci.enable && system.config.type == "Home") channels.nixfiles.systems; + enabledNixosSystems = filterAttrs (_: system: system.config.ci.enable && system.config.type == "NixOS") channels.nixfiles.systems; + enabledHomeSystems = filterAttrs (_: system: system.config.ci.enable && system.config.type == "Home") channels.nixfiles.systems; in { - imports = [ ./common.nix ]; + imports = [./common.nix]; config = { name = "nodes"; gh-actions = { env = { - CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}"; - DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}"; + CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}"; + DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}"; }; on = let paths = [ @@ -34,47 +33,53 @@ in { workflow_dispatch = {}; }; jobs = let - genericNixosBuildJob = name: system: nameValuePair "nixos-${name}" { + genericNixosBuildJob = name: _system: + nameValuePair "nixos-${name}" { step.${name} = { - name = "build system closure for ${name}"; - order = 500; - run = "nix run .#nf-build-system -- nixosConfigurations.${name}.config.system.build.toplevel ${name} NixOS"; - env = { - CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}"; - DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}"; - NF_UPDATE_CACHIX_PUSH = "1"; - NF_CONFIG_ROOT = "\${{ github.workspace }}"; - }; - }; - }; - genericHomeBuildJob = name: system: nameValuePair "home-${name}" { + name = "build system closure for ${name}"; + order = 500; + run = "nix run .#nf-build-system -- nixosConfigurations.${name}.config.system.build.toplevel ${name} NixOS"; + env = { + CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}"; + DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}"; + NF_UPDATE_CACHIX_PUSH = "1"; + NF_CONFIG_ROOT = "\${{ github.workspace }}"; + }; + }; + }; + genericHomeBuildJob = name: _system: + nameValuePair "home-${name}" { step.${name} = { - name = "build home closure for ${name}"; - order = 500; - run = "nix run .#nf-build-system -- homeConfigurations.${name}.activationPackage ${name} Home"; - env = { - CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}"; - DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}"; - NF_UPDATE_CACHIX_PUSH = "1"; - NF_CONFIG_ROOT = "\${{ github.workspace }}"; - }; - }; - }; - nixosBuildJobs = mapAttrs' genericNixosBuildJob enabledNixosSystems; - homeBuildJobs = mapAttrs' genericHomeBuildJob enabledHomeSystems; - in nixosBuildJobs // homeBuildJobs; + name = "build home closure for ${name}"; + order = 500; + run = "nix run .#nf-build-system -- homeConfigurations.${name}.activationPackage ${name} Home"; + env = { + CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}"; + DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}"; + NF_UPDATE_CACHIX_PUSH = "1"; + NF_CONFIG_ROOT = "\${{ github.workspace }}"; + }; + }; + }; + nixosBuildJobs = mapAttrs' genericNixosBuildJob enabledNixosSystems; + homeBuildJobs = mapAttrs' genericHomeBuildJob enabledHomeSystems; + in + nixosBuildJobs // homeBuildJobs; }; jobs = let - genericNixosBuildJob = name: system: nameValuePair "nixos-${name}" ({ ... }: { - #imports = [ ./packages.nix ]; - }); - genericHomeBuildJob = name: system: nameValuePair "home-${name}" ({ ... }: { - #imports = [ ./packages.nix ]; - }); - nixosBuildJobs = mapAttrs' genericNixosBuildJob enabledNixosSystems; - homeBuildJobs = mapAttrs' genericHomeBuildJob enabledHomeSystems; - in nixosBuildJobs // homeBuildJobs; + genericNixosBuildJob = name: _system: + nameValuePair "nixos-${name}" (_: { + #imports = [ ./packages.nix ]; + }); + genericHomeBuildJob = name: _system: + nameValuePair "home-${name}" (_: { + #imports = [ ./packages.nix ]; + }); + nixosBuildJobs = mapAttrs' genericNixosBuildJob enabledNixosSystems; + homeBuildJobs = mapAttrs' genericHomeBuildJob enabledHomeSystems; + in + nixosBuildJobs // homeBuildJobs; ci.gh-actions.checkoutOptions = { fetch-depth = 0; diff --git a/ci/packages.nix b/ci/packages.nix index 0c5613e2..47ccd0c5 100644 --- a/ci/packages.nix +++ b/ci/packages.nix @@ -1,16 +1,14 @@ -{ - lib, - config, - channels, - ... -}: let +{channels, ...}: let inherit (channels.nixfiles) legacyPackages; in { tasks = { devShell.inputs = with legacyPackages.x86_64-linux; [ deploy-rs - terraform tflint - alejandra deadnix statix + terraform + tflint + alejandra + deadnix + statix ssh-to-age ]; }; diff --git a/common/home.nix b/common/home.nix index 8da4c8c0..23de0bf1 100644 --- a/common/home.nix +++ b/common/home.nix @@ -20,7 +20,7 @@ in { ++ list.optional (tree.${systemType} ? home) tree.${systemType}.home; users.kat.imports = with tree.home.profiles; [ - common + common ]; extraSpecialArgs = { diff --git a/flake.lock b/flake.lock index 1b856445..ea0467b7 100644 --- a/flake.lock +++ b/flake.lock @@ -1,15 +1,48 @@ { "nodes": { + "aquamarine": { + "inputs": { + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "hyprwayland-scanner": [ + "hyprland", + "hyprwayland-scanner" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1721853718, + "narHash": "sha256-QEkCryhEMBW8maWEbwN0LoJIjdt640FviwMeJpghJXM=", + "owner": "hyprwm", + "repo": "aquamarine", + "rev": "353dc1b7299d43f08de44276b93ae32726ff9d70", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "aquamarine", + "type": "github" + } + }, "arcexprs": { "inputs": { "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1720471472, - "narHash": "sha256-2mq+DpPirJ+0M6fxQYTaXiI7Z+CdKSXjTxoy93stX1g=", + "lastModified": 1721151051, + "narHash": "sha256-TLhFUzwYXvq8UQFho0y6hbBsR2puLWdgPyU8epBrG18=", "owner": "arcnmx", "repo": "nixexprs", - "rev": "0067d9ff3aa5ce2f4e3c64a534494aa2700fcff1", + "rev": "158921b420fe8866b5201f74a0868230bc4b9e9d", "type": "github" }, "original": { @@ -131,11 +164,11 @@ ] }, "locked": { - "lastModified": 1720845312, - "narHash": "sha256-yPhAsJTpyoIPQZJGC8Fw8W2lAXyhLoTn+HP20bmfkfk=", + "lastModified": 1721719500, + "narHash": "sha256-nnkqjv4Y37Hydjh6HE9wW4kSkV5Q7q4iIXlL5lwUFOw=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "5ce8503cf402cf76b203eba4b7e402bea8e44abc", + "rev": "884f3fe6d9bf056ba0017c132c39c1f0d07d4fec", "type": "github" }, "original": { @@ -310,11 +343,11 @@ ] }, "locked": { - "lastModified": 1720734513, - "narHash": "sha256-neWQ8eNtLTd+YMesb7WjKl1SVCbDyCm46LUgP/g/hdo=", + "lastModified": 1721852138, + "narHash": "sha256-JH8N5uoqoVA6erV4O40VtKKHsnfmhvMGbxMNDLtim5o=", "owner": "nix-community", "repo": "home-manager", - "rev": "90ae324e2c56af10f20549ab72014804a3064c7f", + "rev": "304a011325b7ac7b8c9950333cd215a7aa146b0e", "type": "github" }, "original": { @@ -340,11 +373,11 @@ ] }, "locked": { - "lastModified": 1720108799, - "narHash": "sha256-AxRkTJlbB8r7aG6gvc7IaLhc2T9TO4/8uqanKRxukBQ=", + "lastModified": 1721330371, + "narHash": "sha256-aYlHTWylczLt6ERJyg6E66Y/XSCbVL7leVcRuJmVbpI=", "owner": "hyprwm", "repo": "hyprcursor", - "rev": "a5c0d57325c5f0814c39110a70ca19c070ae9486", + "rev": "4493a972b48f9c3014befbbf381ed5fff91a65dc", "type": "github" }, "original": { @@ -355,6 +388,7 @@ }, "hyprland": { "inputs": { + "aquamarine": "aquamarine", "hyprcursor": "hyprcursor", "hyprlang": [ "hyprlang" @@ -372,11 +406,11 @@ ] }, "locked": { - "lastModified": 1720896272, - "narHash": "sha256-8ZiWP+XbyrJ6MOQL0XHiz4OKJNBLnV9avwTesbwMbdc=", + "lastModified": 1721914179, + "narHash": "sha256-rh6YUcOJ1LEWfwFmx5P74moeqOqgMeYpuFMTs1y30ew=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "bc6b0880dda2607a80f000c134f573c970452a0f", + "rev": "33a5c8ce325e1657ec5571b57e05c6378706f4cd", "type": "github" }, "original": { @@ -395,11 +429,11 @@ ] }, "locked": { - "lastModified": 1718746314, - "narHash": "sha256-HUklK5u86w2Yh9dOkk4FdsL8eehcOZ95jPhLixGDRQY=", + "lastModified": 1721326555, + "narHash": "sha256-zCu4R0CSHEactW9JqYki26gy8h9f6rHmSwj4XJmlHgg=", "owner": "hyprwm", "repo": "hyprland-protocols", - "rev": "1b61f0093afff20ab44d88ad707aed8bf2215290", + "rev": "5a11232266bf1a1f5952d5b179c3f4b2facaaa84", "type": "github" }, "original": { @@ -419,11 +453,11 @@ ] }, "locked": { - "lastModified": 1720381373, - "narHash": "sha256-lyC/EZdHULsaAKVryK11lgHY9u6pXr7qR4irnxNWC7k=", + "lastModified": 1721324361, + "narHash": "sha256-BiJKO0IIdnSwHQBSrEJlKlFr753urkLE48wtt0UhNG4=", "owner": "hyprwm", "repo": "hyprlang", - "rev": "5df0174fd09de4ac5475233d65ffc703e89b82eb", + "rev": "adbefbf49664a6c2c8bf36b6487fd31e3eb68086", "type": "github" }, "original": { @@ -446,11 +480,11 @@ ] }, "locked": { - "lastModified": 1720707332, - "narHash": "sha256-OpUjVqJIxuouqUMmOAQI63XEOVk5EYyHwFVWdyrUdC8=", + "lastModified": 1721855891, + "narHash": "sha256-S70Pif/SaChwtJwV0K4rUh+pU8kyVtzbGtNtsOQ8geo=", "owner": "hyprwm", "repo": "hyprlock", - "rev": "b407128caeb551ae808cf8d0fb653a252a271709", + "rev": "cf0e975fedcddde897a75c5b6a2a111177b0baad", "type": "github" }, "original": { @@ -495,11 +529,11 @@ ] }, "locked": { - "lastModified": 1720545076, - "narHash": "sha256-Pxacc2uoxI00koXp5+CyNqHOTQlqNlK0rlRHDBHX4+g=", + "lastModified": 1721324102, + "narHash": "sha256-WAZ0X6yJW1hFG6otkHBfyJDKRpNP5stsRqdEuHrFRpk=", "owner": "hyprwm", "repo": "hyprutils", - "rev": "6174a2a25f4e216c0f1d0c4278adc23c476b1d09", + "rev": "962582a090bc233c4de9d9897f46794280288989", "type": "github" }, "original": { @@ -520,11 +554,11 @@ ] }, "locked": { - "lastModified": 1717881334, - "narHash": "sha256-a0inRgJhPL6v9v7RPM/rx1kbXdfe3xJA1c9z0ZkYnh4=", + "lastModified": 1721324102, + "narHash": "sha256-WAZ0X6yJW1hFG6otkHBfyJDKRpNP5stsRqdEuHrFRpk=", "owner": "hyprwm", "repo": "hyprutils", - "rev": "0693f9398ab693d89c9a0aa3b3d062dd61b7a60e", + "rev": "962582a090bc233c4de9d9897f46794280288989", "type": "github" }, "original": { @@ -545,11 +579,11 @@ ] }, "locked": { - "lastModified": 1717881334, - "narHash": "sha256-a0inRgJhPL6v9v7RPM/rx1kbXdfe3xJA1c9z0ZkYnh4=", + "lastModified": 1721324102, + "narHash": "sha256-WAZ0X6yJW1hFG6otkHBfyJDKRpNP5stsRqdEuHrFRpk=", "owner": "hyprwm", "repo": "hyprutils", - "rev": "0693f9398ab693d89c9a0aa3b3d062dd61b7a60e", + "rev": "962582a090bc233c4de9d9897f46794280288989", "type": "github" }, "original": { @@ -570,11 +604,11 @@ ] }, "locked": { - "lastModified": 1720215857, - "narHash": "sha256-JPdL+Qul+jEueAn8CARfcWP83eJgwkhMejQYfDvrgvU=", + "lastModified": 1721324119, + "narHash": "sha256-SOOqIT27/X792+vsLSeFdrNTF+OSRp5qXv6Te+fb2Qg=", "owner": "hyprwm", "repo": "hyprwayland-scanner", - "rev": "d5fa094ca27e0039be5e94c0a80ae433145af8bb", + "rev": "a048a6cb015340bd82f97c1f40a4b595ca85cc30", "type": "github" }, "original": { @@ -676,11 +710,11 @@ ] }, "locked": { - "lastModified": 1720834054, - "narHash": "sha256-gpUgy1XJGw8PZuRQlGwxoriIP+8jgUf2Ho9/g6meQHQ=", + "lastModified": 1721870898, + "narHash": "sha256-K3U4emkszxLkPW9LOdkV49IB2hnMrGNcpVDbCclZ+as=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "526acd22f4ac06182ad4ec6346f5c6008590dbab", + "rev": "7161fd4ca148b330c180714e40c7399afca3f97c", "type": "github" }, "original": { @@ -696,11 +730,11 @@ ] }, "locked": { - "lastModified": 1720334033, - "narHash": "sha256-X9pEvvHTVWJphhbUYqXvlLedOndNqGB7rvhSvL2CIgU=", + "lastModified": 1721531260, + "narHash": "sha256-O72uxk4gYFQDwNkoBioyrR3GK9EReZmexCStBaORMW8=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "685e40e1348007d2cf76747a201bab43d86b38cb", + "rev": "b6db9fd8dc59bb2ccb403f76d16ba8bbc1d5263d", "type": "github" }, "original": { @@ -711,11 +745,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1720737798, - "narHash": "sha256-G/OtEAts7ZUvW5lrGMXSb8HqRp2Jr9I7reBuvCOL54w=", + "lastModified": 1721911538, + "narHash": "sha256-5OrkPJsiZmNe99C6+KX0qx9sphoVLvldFjuqDYAZ8GQ=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "c5013aa7ce2c7ec90acee5d965d950c8348db751", + "rev": "d3c993c851ad40bbab7e08d566138ff72cd8744f", "type": "github" }, "original": { @@ -756,11 +790,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1720768451, - "narHash": "sha256-EYekUHJE2gxeo2pM/zM9Wlqw1Uw2XTJXOSAO79ksc4Y=", + "lastModified": 1721743106, + "narHash": "sha256-adRZhFpBTnHiK3XIELA3IBaApz70HwCYfv7xNrHjebA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7e7c39ea35c5cdd002cd4588b03a3fb9ece6fad9", + "rev": "dc14ed91132ee3a26255d01d8fd0c1f5bff27b2f", "type": "github" }, "original": { @@ -772,11 +806,11 @@ }, "nur": { "locked": { - "lastModified": 1720908054, - "narHash": "sha256-nRmtu5zaYvzvonEZaQlORbIoZvctVy3P3YraH/ChzG0=", + "lastModified": 1721925701, + "narHash": "sha256-BAKJ7tpE4Ic+KtY1fOBRkXFfZYEpH3d2elEGnCOmNMs=", "owner": "nix-community", "repo": "NUR", - "rev": "fc076c6c1c848d6f950303f937b26d202b23d4b0", + "rev": "f769fc25d19d5521a997686ffd66c08a3d23334f", "type": "github" }, "original": { @@ -795,11 +829,11 @@ ] }, "locked": { - "lastModified": 1720896694, - "narHash": "sha256-lKInIpVIrI4YOTwbaN6wwQ+EvhL/iVqKhpxcTj4kBhE=", + "lastModified": 1721724566, + "narHash": "sha256-6H+OTxXkOrh3P+15bhkQJY7OaBrQVzx4Pz+pCn6rtIg=", "owner": "pjones", "repo": "plasma-manager", - "rev": "809d86d6a8a48b6d71b6ece05eeb5e55f554b396", + "rev": "b967e042896de0f64513d4596e3d1f3eae445d1c", "type": "github" }, "original": { @@ -951,11 +985,11 @@ ] }, "locked": { - "lastModified": 1720479166, - "narHash": "sha256-jqvhLDXzTLTHq9ZviFOpcTmXXmnbLfz7mWhgMNipMN4=", + "lastModified": 1721688883, + "narHash": "sha256-9jsjsRKtJRqNSTXKj9zuDFRf2PGix30nMx9VKyPgD2U=", "owner": "Mic92", "repo": "sops-nix", - "rev": "67035a355b1d52d2d238501f8cc1a18706979760", + "rev": "aff2f88277dabe695de4773682842c34a0b7fd54", "type": "github" }, "original": { @@ -1074,11 +1108,11 @@ ] }, "locked": { - "lastModified": 1720787015, - "narHash": "sha256-U3IqoGmIzBKEJ0ihRQ10GRRtdoDBI6Oxl6aiGbUA59A=", + "lastModified": 1721650907, + "narHash": "sha256-2VX/zPeLhGTsHpToFH1gfI+oGNS6m7ZUWWaqwmw3HVY=", "owner": "nix-community", "repo": "NixOS-WSL", - "rev": "371b5076d718f7f637d3959d0203061f06af1263", + "rev": "6686cbe947cb8b135e229ad2a3447b88d1cf6da9", "type": "github" }, "original": { @@ -1103,11 +1137,11 @@ ] }, "locked": { - "lastModified": 1720194466, - "narHash": "sha256-Rizg9efi6ue95zOp0MeIV2ZedNo+5U9G2l6yirgBUnA=", + "lastModified": 1721755049, + "narHash": "sha256-O17b38bQnmfxv7It3OnVYx7fp1seEdI7xxnw5vJFv30=", "owner": "hyprwm", "repo": "xdg-desktop-portal-hyprland", - "rev": "b9b97e5ba23fe7bd5fa4df54696102e8aa863cf6", + "rev": "5555f467f68ce7cdf1060991c24263073b95e9da", "type": "github" }, "original": { diff --git a/home/environments/hyprland/hyprland.nix b/home/environments/hyprland/hyprland.nix index a034a08c..50b36140 100644 --- a/home/environments/hyprland/hyprland.nix +++ b/home/environments/hyprland/hyprland.nix @@ -1,6 +1,4 @@ { - config, - lib, std, pkgs, inputs, diff --git a/home/environments/hyprland/hyprlock.nix b/home/environments/hyprland/hyprlock.nix index a723eb5c..a38b43d5 100644 --- a/home/environments/hyprland/hyprlock.nix +++ b/home/environments/hyprland/hyprlock.nix @@ -1,4 +1,4 @@ -{pkgs, ...}: { +_: { programs.hyprlock = { enable = true; backgrounds = [ diff --git a/home/environments/hyprland/swaylock.nix b/home/environments/hyprland/swaylock.nix index e08ab649..dad3907c 100644 --- a/home/environments/hyprland/swaylock.nix +++ b/home/environments/hyprland/swaylock.nix @@ -1,8 +1,4 @@ -{ - config, - pkgs, - ... -}: { +{pkgs, ...}: { programs.swaylock = { enable = true; package = pkgs.swaylock-effects; diff --git a/home/environments/hyprland/waybar.nix b/home/environments/hyprland/waybar.nix index 78eb4ef6..f03316fe 100644 --- a/home/environments/hyprland/waybar.nix +++ b/home/environments/hyprland/waybar.nix @@ -1,6 +1,5 @@ { kittywitch, - pkgs, config, lib, ... diff --git a/home/environments/kde/kde.nix b/home/environments/kde/kde.nix index d86aa070..fed281fc 100644 --- a/home/environments/kde/kde.nix +++ b/home/environments/kde/kde.nix @@ -1,51 +1,51 @@ -{ pkgs, ... }: { +{pkgs, ...}: { home.packages = with pkgs.kdePackages; [ - kscreen - kwin - pkgs.xwayland - kscreen - libkscreen - kscreenlocker - kactivitymanagerd - kde-cli-tools - kglobalacceld # keyboard shortcut daemon - kwrited # wall message proxy, not to be confused with kwrite - baloo # system indexer - milou # search engine atop baloo - kdegraphics-thumbnailers # pdf etc thumbnailer - polkit-kde-agent-1 # polkit auth ui - plasma-desktop - plasma-workspace - drkonqi # crash handler - kde-inotify-survey # warns the user on low inotifywatch limits + kscreen + kwin + pkgs.xwayland + kscreen + libkscreen + kscreenlocker + kactivitymanagerd + kde-cli-tools + kglobalacceld # keyboard shortcut daemon + kwrited # wall message proxy, not to be confused with kwrite + baloo # system indexer + milou # search engine atop baloo + kdegraphics-thumbnailers # pdf etc thumbnailer + polkit-kde-agent-1 # polkit auth ui + plasma-desktop + plasma-workspace + drkonqi # crash handler + kde-inotify-survey # warns the user on low inotifywatch limits - # Application integration - libplasma # provides Kirigami platform theme - plasma-integration # provides Qt platform theme - kde-gtk-config # syncs KDE settings to GTK + # Application integration + libplasma # provides Kirigami platform theme + plasma-integration # provides Qt platform theme + kde-gtk-config # syncs KDE settings to GTK - # Artwork + themes - breeze - breeze-icons - breeze-gtk - ocean-sound-theme - plasma-workspace-wallpapers - pkgs.hicolor-icon-theme # fallback icons - qqc2-breeze-style - qqc2-desktop-style + # Artwork + themes + breeze + breeze-icons + breeze-gtk + ocean-sound-theme + plasma-workspace-wallpapers + pkgs.hicolor-icon-theme # fallback icons + qqc2-breeze-style + qqc2-desktop-style - # misc Plasma extras - kdeplasma-addons - pkgs.xdg-user-dirs # recommended upstream + # misc Plasma extras + kdeplasma-addons + pkgs.xdg-user-dirs # recommended upstream - # Plasma utilities - kmenuedit - kinfocenter - plasma-systemmonitor - ksystemstats - libksysguard - systemsettings - kcmutils + # Plasma utilities + kmenuedit + kinfocenter + plasma-systemmonitor + ksystemstats + libksysguard + systemsettings + kcmutils ]; programs.plasma = { configFile = { @@ -64,4 +64,4 @@ "kxkbrc"."Layout"."Options" = "terminate:ctrl_alt_bksp,ctrl:hyper_capscontrol"; }; }; -} \ No newline at end of file +} diff --git a/home/environments/xfce/packages.nix b/home/environments/xfce/packages.nix index 5dcabadd..eca5fb2c 100644 --- a/home/environments/xfce/packages.nix +++ b/home/environments/xfce/packages.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: { +{pkgs, ...}: { home.packages = with pkgs; [ pavucontrol ]; diff --git a/home/environments/xfce/xfconf.nix b/home/environments/xfce/xfconf.nix index 0d7ec317..427a916a 100644 --- a/home/environments/xfce/xfconf.nix +++ b/home/environments/xfce/xfconf.nix @@ -25,7 +25,6 @@ _: { "theme" = "Chicago95"; "notify-location" = "bottom-right"; }; - }; enable = true; }; diff --git a/home/profiles/common/nix.nix b/home/profiles/common/nix.nix index 0c96f838..67115ecb 100644 --- a/home/profiles/common/nix.nix +++ b/home/profiles/common/nix.nix @@ -1,8 +1,8 @@ _: { - # TODO: add the same treatment as the other nix gc script - nix.gc = { - automatic = true; - frequency = "weekly"; - persistent = true; - }; + # TODO: add the same treatment as the other nix gc script + nix.gc = { + automatic = true; + frequency = "weekly"; + persistent = true; + }; } diff --git a/home/profiles/common/sops.nix b/home/profiles/common/sops.nix index c8728717..7789594e 100644 --- a/home/profiles/common/sops.nix +++ b/home/profiles/common/sops.nix @@ -1,8 +1,8 @@ -{ parent, ... }: { - sops = { - age.sshKeyPaths = [ - "/home/kat/.ssh/id_ed25519" - ]; - defaultSopsFile = parent.sops.defaultSopsFile; - }; -} \ No newline at end of file +{parent, ...}: { + sops = { + age.sshKeyPaths = [ + "/home/kat/.ssh/id_ed25519" + ]; + inherit (parent.sops) defaultSopsFile; + }; +} diff --git a/home/profiles/common/xdg.nix b/home/profiles/common/xdg.nix index 4bc0013f..3d9cd31c 100644 --- a/home/profiles/common/xdg.nix +++ b/home/profiles/common/xdg.nix @@ -5,4 +5,4 @@ _: { enable = true; }; }; -} \ No newline at end of file +} diff --git a/home/profiles/graphical/chromium.nix b/home/profiles/graphical/chromium.nix index a495d4d7..4f1c1bcb 100644 --- a/home/profiles/graphical/chromium.nix +++ b/home/profiles/graphical/chromium.nix @@ -1,6 +1,6 @@ -{ pkgs, ... }: { - # Backup browser! For aliexpress and things. - home.packages = [ - #pkgs.ungoogled-chromium - ]; -} \ No newline at end of file +_: { + # Backup browser! For aliexpress and things. + home.packages = [ + #pkgs.ungoogled-chromium + ]; +} diff --git a/home/profiles/graphical/discord.nix b/home/profiles/graphical/discord.nix index 92f546a4..71843f9e 100644 --- a/home/profiles/graphical/discord.nix +++ b/home/profiles/graphical/discord.nix @@ -1,4 +1,8 @@ -{ pkgs, lib, ... }: let +{ + pkgs, + lib, + ... +}: let inherit (lib.generators) toJSON; in { home.packages = with pkgs; [ diff --git a/home/profiles/graphical/firefox.nix b/home/profiles/graphical/firefox.nix index ba42e7ba..8b32e966 100644 --- a/home/profiles/graphical/firefox.nix +++ b/home/profiles/graphical/firefox.nix @@ -1,10 +1,4 @@ -{ - config, - pkgs, - inputs, - nur, - ... -}: { +{nur, ...}: { home.sessionVariables = { BROWSER = "firefox"; }; @@ -154,9 +148,9 @@ "toolkit.legacyUserProfileCustomizations.stylesheets" = true; }; userChrome = '' -#urlbar { - font-family: "Monaspace Krypton", monospace; -} + #urlbar { + font-family: "Monaspace Krypton", monospace; + } ''; }; }; diff --git a/home/profiles/shell/ssh.nix b/home/profiles/shell/ssh.nix index e08c8aee..81267baf 100644 --- a/home/profiles/shell/ssh.nix +++ b/home/profiles/shell/ssh.nix @@ -6,8 +6,10 @@ _: { hashKnownHosts = true; compression = true; forwardAgent = true; - /*extraConfig = '' + /* + extraConfig = '' RemoteForward /run/user/1000/gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg-agent.extra - '';*/ + ''; + */ }; } diff --git a/home/profiles/shell/starship.nix b/home/profiles/shell/starship.nix index 3dfac1d7..bc08f023 100644 --- a/home/profiles/shell/starship.nix +++ b/home/profiles/shell/starship.nix @@ -1,4 +1,4 @@ -{pkgs, ...}: { +_: { programs.starship = { enable = true; enableZshIntegration = true; diff --git a/home/user/home.nix b/home/user/home.nix index 2f66429b..0f577bb5 100644 --- a/home/user/home.nix +++ b/home/user/home.nix @@ -1,7 +1,7 @@ _: { - home = { - homeDirectory = "/home/kat"; - stateVersion = "22.11"; - username = "kat"; - }; -} \ No newline at end of file + home = { + homeDirectory = "/home/kat"; + stateVersion = "22.11"; + username = "kat"; + }; +} diff --git a/modules/nixos/mautrix-slack.nix b/modules/nixos/mautrix-slack.nix index 1c250999..dce9d3eb 100644 --- a/modules/nixos/mautrix-slack.nix +++ b/modules/nixos/mautrix-slack.nix @@ -1,20 +1,20 @@ -{ lib -, config -, pkgs -, ... -}: -let +{ + lib, + config, + pkgs, + ... +}: let cfg = config.services.mautrix-slack; dataDir = "/var/lib/mautrix-slack"; registrationFile = "${dataDir}/slack-registration.yaml"; settingsFile = "${dataDir}/config.yaml"; settingsFileUnsubstituted = settingsFormat.generate "mautrix-slack-config-unsubstituted.json" cfg.settings; - settingsFormat = pkgs.formats.json { }; + settingsFormat = pkgs.formats.json {}; appservicePort = 29335; # to be used with a list of lib.mkIf values optOneOf = lib.lists.findFirst (value: value.condition) (lib.mkIf false null); - mkDefaults = lib.mapAttrsRecursive (n: v: lib.mkDefault v); + mkDefaults = lib.mapAttrsRecursive (_n: v: lib.mkDefault v); defaultConfig = { homeserver.address = "http://localhost:8448"; appservice = { @@ -35,8 +35,8 @@ let displayname_template = "{{.RealName}} (S)"; bot_displayname_template = "{{.Name}} (bot)"; channel_name_template = "#{{.Name}}"; - double_puppet_server_map = { }; - login_shared_secret_map = { }; + double_puppet_server_map = {}; + login_shared_secret_map = {}; command_prefix = "!slack"; permissions."*" = "relay"; relay.enabled = true; @@ -50,15 +50,13 @@ let }; }; }; - -in -{ +in { options.services.mautrix-slack = { enable = lib.mkEnableOption "mautrix-slack, a Matrix-Signal puppeting bridge."; settings = lib.mkOption { apply = lib.recursiveUpdate defaultConfig; - type = settingsFormat.type; + inherit (settingsFormat) type; default = defaultConfig; description = '' {file}`config.yaml` configuration as a Nix attribute set. @@ -113,7 +111,8 @@ in serviceDependencies = lib.mkOption { type = with lib.types; listOf str; - default = (lib.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit) + default = + (lib.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit) ++ (lib.optional config.services.matrix-conduit.enable "conduit.service"); defaultText = lib.literalExpression '' (optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit) @@ -138,7 +137,6 @@ in }; config = lib.mkIf cfg.enable { - users.users.mautrix-slack = { isSystemUser = true; group = "mautrix-slack"; @@ -146,13 +144,13 @@ in description = "Mautrix-Signal bridge user"; }; - users.groups.mautrix-slack = { }; + users.groups.mautrix-slack = {}; services.matrix-synapse = lib.mkIf cfg.registerToSynapse { - settings.app_service_config_files = [ registrationFile ]; + settings.app_service_config_files = [registrationFile]; }; systemd.services.matrix-synapse = lib.mkIf cfg.registerToSynapse { - serviceConfig.SupplementaryGroups = [ "mautrix-slack" ]; + serviceConfig.SupplementaryGroups = ["mautrix-slack"]; }; # Note: this is defined here to avoid the docs depending on `config` @@ -169,11 +167,11 @@ in systemd.services.mautrix-slack = { description = "mautrix-slack, a Matrix-Signal puppeting bridge."; - wantedBy = [ "multi-user.target" ]; - wants = [ "network-online.target" ] ++ cfg.serviceDependencies; - after = [ "network-online.target" ] ++ cfg.serviceDependencies; + wantedBy = ["multi-user.target"]; + wants = ["network-online.target"] ++ cfg.serviceDependencies; + after = ["network-online.target"] ++ cfg.serviceDependencies; # ffmpeg is required for conversion of voice messages - path = [ pkgs.ffmpeg-headless ]; + path = [pkgs.ffmpeg-headless]; preStart = '' # substitute the settings file by environment variables @@ -240,12 +238,12 @@ in RestrictSUIDSGID = true; SystemCallArchitectures = "native"; SystemCallErrorNumber = "EPERM"; - SystemCallFilter = [ "@system-service" ]; + SystemCallFilter = ["@system-service"]; Type = "simple"; UMask = 0027; }; - restartTriggers = [ settingsFileUnsubstituted ]; + restartTriggers = [settingsFileUnsubstituted]; }; }; - meta.maintainers = with lib.maintainers; [ kittywitch ]; + meta.maintainers = with lib.maintainers; [kittywitch]; } diff --git a/modules/system/deploy.nix b/modules/system/deploy.nix index 153dc899..44c488fd 100644 --- a/modules/system/deploy.nix +++ b/modules/system/deploy.nix @@ -27,7 +27,7 @@ in { autoRollback = mkOptionDefault true; magicRollback = mkOptionDefault true; fastConnection = mkOptionDefault false; - hostname = mkOptionDefault "${name}.inskip.me"; + hostname = mkOptionDefault "${name}.tail0b3cc1.ts.net"; profiles.system = { user = "root"; path = inputs.deploy-rs.lib.${config.system}.activate.nixos inputs.self.nixosConfigurations.${name}; diff --git a/modules/system/host.nix b/modules/system/host.nix index 610e1de9..ce7ba222 100644 --- a/modules/system/host.nix +++ b/modules/system/host.nix @@ -79,18 +79,18 @@ in { } .${string.toLower config.type}; modules = mkMerge [ - (mkIf (config.folder != "linux") [ - # per-OS modules - tree.modules.${config.folder} - # per-OS user definition - tree.home.user.${config.folder} - ]) - (mkIf (config.folder != "linux" && config.folder != "home") [ - # per-OS configuration - tree.${config.folder}.common - # true base module - tree.common - ]) + (mkIf (config.folder != "linux") [ + # per-OS modules + tree.modules.${config.folder} + # per-OS user definition + tree.home.user.${config.folder} + ]) + (mkIf (config.folder != "linux" && config.folder != "home") [ + # per-OS configuration + tree.${config.folder}.common + # true base module + tree.common + ]) ]; builder = { @@ -107,23 +107,29 @@ in { } // args); in - args: let - nixos = sys args; - in - nixos.extendModules { - modules = - nixos.config.scalpels - ++ [ - inputs.scalpel.nixosModules.scalpel - ]; - specialArgs = {prev = nixos;}; - }; + args: let + nixos = sys args; + in + nixos.extendModules { + modules = + nixos.config.scalpels + ++ [ + inputs.scalpel.nixosModules.scalpel + ]; + specialArgs = {prev = nixos;}; + }; home = args: let - renamedArgs = set.rename "specialArgs" "extraSpecialArgs" args; - renamedArgsWithPkgs = renamedArgs // { inherit lib; pkgs = pkgs.${args.system}; }; - attrsToRemove = [ "configuration" "username" "homeDirectory" "stateVersion" "extraModules" "system" ]; - safeArgs = removeAttrs renamedArgsWithPkgs attrsToRemove; - in inputs.home-manager.lib.homeManagerConfiguration safeArgs; + renamedArgs = set.rename "specialArgs" "extraSpecialArgs" args; + renamedArgsWithPkgs = + renamedArgs + // { + inherit lib; + pkgs = pkgs.${args.system}; + }; + attrsToRemove = ["configuration" "username" "homeDirectory" "stateVersion" "extraModules" "system"]; + safeArgs = removeAttrs renamedArgsWithPkgs attrsToRemove; + in + inputs.home-manager.lib.homeManagerConfiguration safeArgs; darwin = inputs.darwin.lib.darwinSystem; macos = inputs.darwin.lib.darwinSystem; } @@ -145,4 +151,4 @@ in { system = config; }; }; -} \ No newline at end of file +} diff --git a/nixos/common/access.nix b/nixos/common/access.nix index 23d2164f..444b33dc 100644 --- a/nixos/common/access.nix +++ b/nixos/common/access.nix @@ -13,9 +13,11 @@ config.users.users); }; in { - security.pam.sshAgentAuth.enable = true; - security.sudo.enable = true; - security.pam.services.sudo.sshAgentAuth = true; + security = { + pam.sshAgentAuth.enable = true; + sudo.enable = true; + pam.services.sudo.sshAgentAuth = true; + }; users.users = { root = commonUser; deploy = diff --git a/nixos/common/login-notify.nix b/nixos/common/login-notify.nix index 4fbc2fa3..b1700bd1 100644 --- a/nixos/common/login-notify.nix +++ b/nixos/common/login-notify.nix @@ -1,32 +1,38 @@ -{ pkgs, lib, config, ... }: let - inherit (lib.modules) mkAfter mkDefault; +{ + pkgs, + lib, + config, + ... +}: let + inherit (lib.modules) mkAfter mkDefault; in { - sops.secrets.sshd-environment = { - sopsFile = ./secrets.yaml; - }; -security.pam.services.sshd.text = let + sops.secrets.sshd-environment = { + sopsFile = ./secrets.yaml; + }; + security.pam.services.sshd.text = let notify = pkgs.writeShellScriptBin "notify" '' - export $(cat ${config.sops.secrets.sshd-environment.path} | xargs) + export $(cat ${config.sops.secrets.sshd-environment.path} | xargs) - if [ "$PAM_USER" = "deploy" ]; then - if [ "$PAM_TYPE" = "open_session" ]; then - message="''${PAM_RHOST} has opened an SSH session as part of doing a Nix deployment on ${config.networking.hostName}." - elif [ "$PAM_TYPE" = "close_session" ]; then - message="''${PAM_RHOST} has closed an SSH session as part of doing a Nix deployment on ${config.networking.hostName}." - fi - else - if [ "$PAM_TYPE" = "open_session" ]; then - message="''${PAM_RHOST} opened an SSH session with ${config.networking.hostName} as user ''${PAM_USER}." - elif [ "$PAM_TYPE" = "close_session" ]; then - message="''${PAM_RHOST} closed their SSH session with ${config.networking.hostName} for user ''${PAM_USER}." - fi - fi + if [ "$PAM_USER" = "deploy" ]; then + if [ "$PAM_TYPE" = "open_session" ]; then + message="''${PAM_RHOST} has opened an SSH session as part of doing a Nix deployment on ${config.networking.hostName}." + elif [ "$PAM_TYPE" = "close_session" ]; then + message="''${PAM_RHOST} has closed an SSH session as part of doing a Nix deployment on ${config.networking.hostName}." + fi + else + if [ "$PAM_TYPE" = "open_session" ]; then + message="''${PAM_RHOST} opened an SSH session with ${config.networking.hostName} as user ''${PAM_USER}." + elif [ "$PAM_TYPE" = "close_session" ]; then + message="''${PAM_RHOST} closed their SSH session with ${config.networking.hostName} for user ''${PAM_USER}." + fi + fi - if [ -n "$message" ]; then - ${pkgs.curl}/bin/curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"$message\"}" $DISCORD_WEBHOOK_LINK - fi + if [ -n "$message" ]; then + ${pkgs.curl}/bin/curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"$message\"}" $DISCORD_WEBHOOK_LINK + fi ''; -in mkDefault (mkAfter '' - session required pam_exec.so seteuid ${notify}/bin/notify -''); -} \ No newline at end of file + in + mkDefault (mkAfter '' + session required pam_exec.so seteuid ${notify}/bin/notify + ''); +} diff --git a/nixos/common/secrets.yaml b/nixos/common/secrets.yaml index c00d73d6..97854060 100644 --- a/nixos/common/secrets.yaml +++ b/nixos/common/secrets.yaml @@ -1,4 +1,5 @@ sshd-environment: ENC[AES256_GCM,data:lyzzRDxyNzBgrLthPjdJoXgkniCwLXFZE/GMpLlRzeSvAUN6yc8sFYTmvZiCe/t/33Yr5+BtOhAUI5JzTYJ/kc3Dg4ziB4KbHP4ejPtAb6x2UbEHcN6euPogwXR8lpeO9zJE4gWFOHoYJ4bLa1wuCYgbNkjWDYYHGEoWAMVDU6XYRb3riV21WWIQO/DbC7mAgw==,iv:ZysLG3x0wlxuTYnJrGtrTkjjduMoEOyiWWuC1nRIp4I=,tag:mlNO2yo7JkV2O7A2Da+EjQ==,type:str] +tailscale-key: ENC[AES256_GCM,data:FK237Or4qtZGon9tevPh4q568+IUSWxfuG8s2ZNLXWgoa76GoyO+qwCmvXiVibRH1Ljo/LXoNQjb2pYV7w==,iv:UZv+EnlRDOWh86sOFh7ZNryPz1r55u+Dbr/dDL/USjo=,tag:B8DJwPXR/50ARbfyfxPtcw==,type:str] sops: shamir_threshold: 1 kms: [] @@ -69,8 +70,8 @@ sops: N0hTL1A1MVE2MldocTFWZzc1OENobkUKUseg2IGSClvmrq6vlnF1sCgYlUaH4Ke0 sDdpVwg1b5WLwbZFeE/Ro1gRY3s+9iDFrU3Rh95R1KmigpMVYz1ILQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-04T21:22:16Z" - mac: ENC[AES256_GCM,data:5obbMHWEPm7KhJGWXpsKvGI99sJCx8hScIbS2vo3Ua0fvTwML8tkC3gsfLwaZ0D3KGHN6qxyjvP8ajIoxRK2Lj6G2FOWo7gmNzw9ULu+kPj53dqbmy/c3EeZU3WFNaRFXiQx0C80k8YFzPXQAkF/X5NdaRYRL6BFvPRRuq83Uds=,iv:EaeI+Z3e/QZIlU+EIGg+9sDFPtcfnVs8TQvvROOujg4=,tag:+P6U0/+b4nkZNob5fJ6pkg==,type:str] + lastmodified: "2024-08-03T22:14:00Z" + mac: ENC[AES256_GCM,data:ACZ3txmEBIUU73JSsJmDDE7+D5oXdAVNN1Dgypl8tgRIGtMFwRpktmhdXON6jHpaWiZ0DBRuvN97SWUbkPbhyMG6PrKRdQHYLdFAocuNFBpX58xIrAclVUjPEbV5bqBU/zPemxj/5sXbiuX8AYSENiAOYhfCxi8SZbNgU4W6xO8=,iv:G2d9ZRTeaNpDfkB3maZzAHYIRKB6ewwjqUQr7RBrNEM=,tag:7y/0gVUJMmyMoiwiLr8Q1g==,type:str] pgp: - created_at: "2024-07-04T21:21:19Z" enc: |- @@ -93,4 +94,4 @@ sops: -----END PGP MESSAGE----- fp: CD8CE78CB0B3BDD4 unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0 diff --git a/nixos/common/tailscale.nix b/nixos/common/tailscale.nix index d2018e2f..2594dda3 100644 --- a/nixos/common/tailscale.nix +++ b/nixos/common/tailscale.nix @@ -1,3 +1,77 @@ -_: { - services.tailscale.enable = true; +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.services.tailscale; +in { + options.services.tailscale = with types; { + advertiseExitNode = mkEnableOption "exit node"; + }; + config = { + networking.firewall = { + trustedInterfaces = [cfg.interfaceName]; + allowedUDPPorts = [cfg.port]; + }; + systemd.network = { + wait-online.ignoredInterfaces = [cfg.interfaceName]; + networks."50-tailscale" = { + networkConfig = { + DNSDefaultRoute = false; + #DNS = ""; + }; + }; + }; + + services.tailscale.enable = mkDefault true; + + sops.secrets.tailscale-key = mkIf cfg.enable { + sopsFile = ./secrets.yaml; + }; + systemd.services.tailscale-autoconnect = mkIf cfg.enable rec { + description = "Automatic connection to Tailscale"; + + # make sure tailscale is running before trying to connect to tailscale + after = wants ++ wantedBy; + wants = ["network-pre.target"]; + wantedBy = ["tailscaled.service"]; + + # set this service as a oneshot job + serviceConfig = { + Type = "oneshot"; + }; + + # have the job run this shell script + script = let + fixResolved = optionalString config.services.resolved.enable '' + resolvectl revert ${cfg.interfaceName} || true + ''; + # https://tailscale.com/kb/1320/performance-best-practices#ethtool-configuration + exitNodeRouting = optionalString cfg.advertiseExitNode '' + netdev=$(${pkgs.iproute2}/bin/ip route show 0/0 | ${pkgs.coreutils}/bin/cut -f5 -d' ' || echo ${config.systemd.network.networks._00-local.name or "eth0"}) + ${getExe pkgs.ethtool} -K "$netdev" rx-udp-gro-forwarding on rx-gro-list off || true + ''; + advertiseExitNode = "--advertise-exit-node" + optionalString (!cfg.advertiseExitNode) "=false"; + in + with pkgs; '' + # wait for tailscaled to settle + sleep 5 + + ${fixResolved} + ${exitNodeRouting} + + # check if we are already authenticated to tailscale + status="$(${getExe tailscale} status -json | ${getExe jq} -r .BackendState)" + if [[ $status = Running ]]; then + # if so, then do nothing + exit 0 + fi + + # otherwise authenticate with tailscale + ${getExe tailscale} up ${advertiseExitNode} -authkey $(cat ${config.sops.secrets.tailscale-key.path}) + ''; + }; + }; } diff --git a/nixos/environments/hyprland/xdg-portals.nix b/nixos/environments/hyprland/xdg-portals.nix index a51efc38..34ea31b4 100644 --- a/nixos/environments/hyprland/xdg-portals.nix +++ b/nixos/environments/hyprland/xdg-portals.nix @@ -1,8 +1,4 @@ -{ - pkgs, - inputs, - ... -}: { +{pkgs, ...}: { xdg = { portal = { enable = true; diff --git a/nixos/environments/kde/xserver.nix b/nixos/environments/kde/xserver.nix index 878b11a4..a625879b 100644 --- a/nixos/environments/kde/xserver.nix +++ b/nixos/environments/kde/xserver.nix @@ -3,7 +3,11 @@ xclip wl-clipboard ]; - services.xserver.enable = true; - services.xserver.displayManager.gdm.enable = true; - services.desktopManager.plasma6.enable = true; + services = { + xserver = { + enable = true; + displayManager.gdm.enable = true; + }; + desktopManager.plasma6.enable = true; + }; } diff --git a/nixos/environments/xfce/xfce.nix b/nixos/environments/xfce/xfce.nix index ece23b28..b6564a3e 100644 --- a/nixos/environments/xfce/xfce.nix +++ b/nixos/environments/xfce/xfce.nix @@ -1,18 +1,22 @@ -{ pkgs, ... }: { - services.gnome.gnome-keyring.enable = true; - services.xserver = { - enable = true; - libinput.touchpad = { - tappingButtonMap = "lrm"; - clickMethod = "clickfinger"; +{pkgs, ...}: { + services = { + gnome.gnome-keyring.enable = true; + xserver = { + enable = true; + libinput.touchpad = { + tappingButtonMap = "lrm"; + clickMethod = "clickfinger"; + }; + desktopManager = { + xterm.enable = false; + xfce.enable = true; + }; + displayManager.gdm.enable = true; + displayManager.defaultSession = "xfce"; + xkbOptions = "ctrl:nocaps"; }; - desktopManager = { - xterm.enable = false; - xfce.enable = true; - }; - displayManager.gdm.enable = true; - displayManager.defaultSession = "xfce"; - xkbOptions = "ctrl:nocaps"; + + colord.enable = true; }; programs.xfconf.enable = true; @@ -21,6 +25,4 @@ xfce.xfce4-whiskermenu-plugin xclip ]; - - services.colord.enable = true; } diff --git a/nixos/hardware/oracle_flex.nix b/nixos/hardware/oracle_flex.nix index 20d96da9..065545f8 100644 --- a/nixos/hardware/oracle_flex.nix +++ b/nixos/hardware/oracle_flex.nix @@ -1,22 +1,32 @@ -{ modulesPath, ... }: { - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.supportedFilesystems = [ "xfs" ]; - boot.tmp.cleanOnBoot = true; +{modulesPath, ...}: { + imports = [(modulesPath + "/profiles/qemu-guest.nix")]; zramSwap.enable = true; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ]; - boot.initrd.kernelModules = [ "nvme" ]; - fileSystems."/boot" = { device = "/dev/disk/by-uuid/92B6-AAE1"; fsType = "vfat"; }; - fileSystems."/" = { device = "/dev/sda3"; fsType = "xfs"; }; - swapDevices = [ { device = "/dev/sda2"; } ]; + fileSystems = { + "/boot" = { + device = "/dev/disk/by-uuid/92B6-AAE1"; + fsType = "vfat"; + }; + "/" = { + device = "/dev/sda3"; + fsType = "xfs"; + }; + }; + swapDevices = [{device = "/dev/sda2";}]; boot = { + supportedFilesystems = ["xfs"]; + tmp.cleanOnBoot = true; + initrd = { + availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"]; + kernelModules = ["nvme"]; + }; loader = { - grub = { - efiSupport = true; - efiInstallAsRemovable = true; - device = "nodev"; - configurationLimit = 1; + grub = { + efiSupport = true; + efiInstallAsRemovable = true; + device = "nodev"; + configurationLimit = 1; }; systemd-boot.configurationLimit = 1; }; }; -} \ No newline at end of file +} diff --git a/nixos/hardware/oracle_micro.nix b/nixos/hardware/oracle_micro.nix index 1d841a4f..54b50961 100644 --- a/nixos/hardware/oracle_micro.nix +++ b/nixos/hardware/oracle_micro.nix @@ -1,21 +1,30 @@ -{ modulesPath, ... }: { - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.tmp.cleanOnBoot = true; +{modulesPath, ...}: { + imports = [(modulesPath + "/profiles/qemu-guest.nix")]; zramSwap.enable = true; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; - boot.initrd.kernelModules = [ "nvme" ]; - fileSystems."/boot" = { device = "/dev/disk/by-uuid/1F52-C11D"; fsType = "vfat"; }; - fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; - boot = { + tmp.cleanOnBoot = true; loader = { - grub = { - efiSupport = true; - efiInstallAsRemovable = true; - device = "nodev"; - configurationLimit = 1; + grub = { + efiSupport = true; + efiInstallAsRemovable = true; + device = "nodev"; + configurationLimit = 1; }; systemd-boot.configurationLimit = 1; + initrd = { + availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"]; + kernelModules = ["nvme"]; + }; + }; + fileSystems = { + "/boot" = { + device = "/dev/disk/by-uuid/1F52-C11D"; + fsType = "vfat"; + }; + "/" = { + device = "/dev/sda1"; + fsType = "ext4"; + }; }; }; -} \ No newline at end of file +} diff --git a/nixos/profiles/bootable/grub.nix b/nixos/profiles/bootable/grub.nix index a38603fd..965448af 100644 --- a/nixos/profiles/bootable/grub.nix +++ b/nixos/profiles/bootable/grub.nix @@ -5,7 +5,7 @@ }: let inherit (lib.modules) mkIf; in { - boot.loader = mkIf (config.boot.loader.grub.enable) { + boot.loader = mkIf config.boot.loader.grub.enable { timeout = null; grub = { useOSProber = true; diff --git a/nixos/profiles/gaming/lutris.nix b/nixos/profiles/gaming/lutris.nix index bfa9c7a5..a92fc545 100644 --- a/nixos/profiles/gaming/lutris.nix +++ b/nixos/profiles/gaming/lutris.nix @@ -1,16 +1,16 @@ {pkgs, ...}: { - hardware.opengl = { - driSupport32Bit = true; + hardware.graphics = { + enable32Bit = true; + extraPackages = with pkgs; [ + rocm-opencl-icd + rocm-opencl-runtime + amdvlk + ]; + extraPackages32 = with pkgs; [ + driversi686Linux.amdvlk + driversi686Linux.mesa + ]; }; - hardware.opengl.extraPackages = with pkgs; [ - rocm-opencl-icd - rocm-opencl-runtime - amdvlk - ]; - hardware.opengl.extraPackages32 = with pkgs; [ - driversi686Linux.amdvlk - driversi686Linux.mesa - ]; environment.systemPackages = with pkgs; [ (lutris.override { extraPkgs = pkgs: [ diff --git a/nixos/profiles/gaming/minecraft.nix b/nixos/profiles/gaming/minecraft.nix index 787bc89f..5a21dd1b 100644 --- a/nixos/profiles/gaming/minecraft.nix +++ b/nixos/profiles/gaming/minecraft.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: { +{pkgs, ...}: { programs.java = { enable = true; }; diff --git a/nixos/profiles/graphical/avahi.nix b/nixos/profiles/graphical/avahi.nix index 56270678..ccd542fe 100644 --- a/nixos/profiles/graphical/avahi.nix +++ b/nixos/profiles/graphical/avahi.nix @@ -1,4 +1,4 @@ -{pkgs, ...}: { +_: { services.avahi = { nssmdns4 = true; enable = true; diff --git a/nixos/profiles/graphical/packages.nix b/nixos/profiles/graphical/packages.nix index 6a0c353f..b01686d8 100644 --- a/nixos/profiles/graphical/packages.nix +++ b/nixos/profiles/graphical/packages.nix @@ -8,6 +8,9 @@ dnsutils usbutils plexamp + prusa-slicer + super-slicer-beta + chromium inputs.konawall-py.packages.${pkgs.system}.konawall-py ]; services.udev.packages = [ diff --git a/nixos/profiles/graphical/restic.nix b/nixos/profiles/graphical/restic.nix index 74ea70fa..f6dc0311 100644 --- a/nixos/profiles/graphical/restic.nix +++ b/nixos/profiles/graphical/restic.nix @@ -1,30 +1,30 @@ -{ config, ... }: { - sops.secrets.restic-password-file = { - sopsFile = ./restic.yaml; +{config, ...}: { + sops.secrets.restic-password-file = { + sopsFile = ./restic.yaml; + }; + services.restic.backups = { + ${config.networking.hostName} = { + paths = [ + "/home/kat/Documents" + "/home/kat/Pictures" + ]; + exclude = [ + ]; + extraOptions = [ + "sftp.command='ssh u401227@u401227.your-storagebox.de -i /home/kat/.ssh/id_ed25519 -s sftp'" + ]; + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 2" + "--keep-monthly 6" + ]; + initialize = true; + passwordFile = config.sops.secrets.restic-password-file.path; + repository = "sftp:u401227@u401227.your-storagebox.de:/restic/koishi"; + timerConfig = { + OnCalendar = "00:05"; + RandomizedDelaySec = "5h"; + }; }; - services.restic.backups = { - ${config.networking.hostName} = { - paths = [ - "/home/kat/Documents" - "/home/kat/Pictures" - ]; - exclude = [ - ]; - extraOptions = [ - "sftp.command='ssh u401227@u401227.your-storagebox.de -i /home/kat/.ssh/id_ed25519 -s sftp'" - ]; - pruneOpts = [ - "--keep-daily 7" - "--keep-weekly 2" - "--keep-monthly 6" - ]; - initialize = true; - passwordFile = config.sops.secrets.restic-password-file.path; - repository = "sftp:u401227@u401227.your-storagebox.de:/restic/koishi"; - timerConfig = { - OnCalendar = "00:05"; - RandomizedDelaySec = "5h"; - }; - }; - }; -} \ No newline at end of file + }; +} diff --git a/nixos/profiles/graphical/sound.nix b/nixos/profiles/graphical/sound.nix index 8fa25f83..8436b7a5 100644 --- a/nixos/profiles/graphical/sound.nix +++ b/nixos/profiles/graphical/sound.nix @@ -1,12 +1,6 @@ {pkgs, ...}: { environment.systemPackages = with pkgs; [pulsemixer]; - sound = { - enable = true; - extraConfig = '' - defaults.pcm.rate_converter "speexrate_best" - ''; - }; hardware.pulseaudio.enable = false; security.rtkit.enable = true; diff --git a/nixos/profiles/secureboot.nix b/nixos/profiles/secureboot.nix index 476b8218..95894d59 100644 --- a/nixos/profiles/secureboot.nix +++ b/nixos/profiles/secureboot.nix @@ -1,4 +1,8 @@ -{pkgs, lib, ...}: let +{ + pkgs, + lib, + ... +}: let inherit (lib.modules) mkForce; in { environment.systemPackages = with pkgs; [ diff --git a/nixos/profiles/server/nix.nix b/nixos/profiles/server/nix.nix index 607eee73..7b4eccb0 100644 --- a/nixos/profiles/server/nix.nix +++ b/nixos/profiles/server/nix.nix @@ -1,67 +1,73 @@ -{ config, lib, pkgs, ... }: let - inherit (lib.modules) mkForce; +{ + config, + lib, + pkgs, + ... +}: let + inherit (lib.modules) mkForce; in { - nix.gc = { - automatic = true; - dates = "weekly"; - }; - - sops.secrets.nix-gc-environment = { - sopsFile = ./secrets.yaml; - }; - - systemd.services.nix-gc = { - script = let - cfg = config.nix.gc; - in mkForce '' - #!/usr/bin/env bash - set -euo pipefail - - # Helper functions - send_discord_message() { - local message="$1" - local escaped_message=$(printf '%s' "$message" | ${pkgs.jq}/bin/jq -R -s '.') - ${pkgs.curl}/bin/curl -s -H "Accept: application/json" -H "Content-Type: application/json" \ - -X POST --data "{\"content\": $escaped_message}" "$DISCORD_WEBHOOK_LINK" - } - - get_filesystem_usage() { - ${pkgs.coreutils}/bin/df -h / | ${pkgs.gawk}/bin/awk 'NR==2 {print $5 " (" $3 ")"}' | tr -d '\n' - } - - calculate_ratio() { - local before="$1" - local after="$2" - ${pkgs.gawk}/bin/awk "BEGIN {printf \"%.2f\", ($after / $before) * 100}" - } - - # Initial filesystem usage - FS_BEFORE_USAGE=$(get_filesystem_usage) - - send_discord_message "Beginning nix garbage collection on ${config.networking.hostName} - Filesystem usage before: $FS_BEFORE_USAGE" - - # Perform garbage collection - OUTPUT=$(${config.nix.package.out}/bin/nix-collect-garbage ${cfg.options}) - - # Get filesystem usage after garbage collection - FS_AFTER_USAGE=$(get_filesystem_usage) - - # Extract numeric values for calculation (assuming format like "75% (15G)") - BEFORE_PERCENT=$(echo $FS_BEFORE_USAGE | ${pkgs.coreutils}/bin/cut -d'%' -f1) - AFTER_PERCENT=$(echo $FS_AFTER_USAGE | ${pkgs.coreutils}/bin/cut -d'%' -f1) - - # Calculate ratio - RATIO=$(calculate_ratio $BEFORE_PERCENT $AFTER_PERCENT) - - send_discord_message "Finished nix garbage collection on ${config.networking.hostName} - Filesystem usage: $FS_BEFORE_USAGE -> $FS_AFTER_USAGE ($RATIO%)" - - # Send the output of nix-collect-garbage - send_discord_message "$OUTPUT" - ''; - - serviceConfig = { - EnvironmentFile = config.sops.secrets.nix-gc-environment.path; - Type = "oneshot"; - }; + nix.gc = { + automatic = true; + dates = "weekly"; + }; + + sops.secrets.nix-gc-environment = { + sopsFile = ./secrets.yaml; + }; + + systemd.services.nix-gc = { + script = let + cfg = config.nix.gc; + in + mkForce '' + #!/usr/bin/env bash + set -euo pipefail + + # Helper functions + send_discord_message() { + local message="$1" + local escaped_message=$(printf '%s' "$message" | ${pkgs.jq}/bin/jq -R -s '.') + ${pkgs.curl}/bin/curl -s -H "Accept: application/json" -H "Content-Type: application/json" \ + -X POST --data "{\"content\": $escaped_message}" "$DISCORD_WEBHOOK_LINK" + } + + get_filesystem_usage() { + ${pkgs.coreutils}/bin/df -h / | ${pkgs.gawk}/bin/awk 'NR==2 {print $5 " (" $3 ")"}' | tr -d '\n' + } + + calculate_ratio() { + local before="$1" + local after="$2" + ${pkgs.gawk}/bin/awk "BEGIN {printf \"%.2f\", ($after / $before) * 100}" + } + + # Initial filesystem usage + FS_BEFORE_USAGE=$(get_filesystem_usage) + + send_discord_message "Beginning nix garbage collection on ${config.networking.hostName} - Filesystem usage before: $FS_BEFORE_USAGE" + + # Perform garbage collection + OUTPUT=$(${config.nix.package.out}/bin/nix-collect-garbage ${cfg.options}) + + # Get filesystem usage after garbage collection + FS_AFTER_USAGE=$(get_filesystem_usage) + + # Extract numeric values for calculation (assuming format like "75% (15G)") + BEFORE_PERCENT=$(echo $FS_BEFORE_USAGE | ${pkgs.coreutils}/bin/cut -d'%' -f1) + AFTER_PERCENT=$(echo $FS_AFTER_USAGE | ${pkgs.coreutils}/bin/cut -d'%' -f1) + + # Calculate ratio + RATIO=$(calculate_ratio $BEFORE_PERCENT $AFTER_PERCENT) + + send_discord_message "Finished nix garbage collection on ${config.networking.hostName} - Filesystem usage: $FS_BEFORE_USAGE -> $FS_AFTER_USAGE ($RATIO%)" + + # Send the output of nix-collect-garbage + send_discord_message "$OUTPUT" + ''; + + serviceConfig = { + EnvironmentFile = config.sops.secrets.nix-gc-environment.path; + Type = "oneshot"; }; + }; } diff --git a/nixos/profiles/virtualisation/virt-manager.nix b/nixos/profiles/virtualisation/virt-manager.nix new file mode 100644 index 00000000..b46de2ab --- /dev/null +++ b/nixos/profiles/virtualisation/virt-manager.nix @@ -0,0 +1,29 @@ +{pkgs, ...}: { + users.users.kat.extraGroups = ["libvirtd"]; + + environment.systemPackages = with pkgs; [ + virt-viewer + spice + spice-gtk + spice-protocol + win-virtio + win-spice + adwaita-icon-theme + ]; + + services.spice-vdagentd.enable = true; + + programs.virt-manager.enable = true; + + virtualisation = { + libvirtd = { + enable = true; + qemu = { + swtpm.enable = true; + ovmf.enable = true; + ovmf.packages = [pkgs.OVMFFull.fd]; + }; + }; + spiceUSBRedirection.enable = true; + }; +} diff --git a/nixos/servers/matrix/cleanup.nix b/nixos/servers/matrix/cleanup.nix index 126c8c3c..62d3748f 100644 --- a/nixos/servers/matrix/cleanup.nix +++ b/nixos/servers/matrix/cleanup.nix @@ -1,24 +1,27 @@ -{ config, pkgs, ... }: { - sops.secrets.synapse-cleanup-environment = { - sopsFile = ./secrets.yaml; +{ + config, + pkgs, + ... +}: { + sops.secrets.synapse-cleanup-environment = { + sopsFile = ./secrets.yaml; + }; + systemd = { + services.synapse-cleanup = { + serviceConfig = { + Type = "oneshot"; + User = "root"; + EnvironmentFile = config.sops.secrets.synapse-cleanup-environment.path; + ExecStart = "${pkgs.synapse-cleanup}/bin/synapse-cleanup"; + }; }; - systemd = { - services.synapse-cleanup = { - serviceConfig = { - Type = "oneshot"; - User = "root"; - EnvironmentFile = config.sops.secrets.synapse-cleanup-environment.path; - ExecStart = "${pkgs.synapse-cleanup}/bin/synapse-cleanup"; - }; - }; - timers.synapse-cleanup = { - timerConfig = { - OnCalendar = "weekly"; - Persistent = true; - Unit = "synapse-cleanup.service"; - }; - wantedBy = - [ "timers.target" ]; - }; + timers.synapse-cleanup = { + timerConfig = { + OnCalendar = "weekly"; + Persistent = true; + Unit = "synapse-cleanup.service"; + }; + wantedBy = ["timers.target"]; }; -} \ No newline at end of file + }; +} diff --git a/nixos/servers/matrix/discord.nix b/nixos/servers/matrix/discord.nix index 982b4da5..8e5ca6b7 100644 --- a/nixos/servers/matrix/discord.nix +++ b/nixos/servers/matrix/discord.nix @@ -1,6 +1,6 @@ {config, ...}: { services.mx-puppet-discord = { - enable = config.services.matrix-synapse.enable; + inherit (config.services.matrix-synapse) enable; settings = { bridge = { bindAddress = "localhost"; diff --git a/nixos/servers/matrix/signal.nix b/nixos/servers/matrix/signal.nix index 2053c38f..4084de8c 100644 --- a/nixos/servers/matrix/signal.nix +++ b/nixos/servers/matrix/signal.nix @@ -3,7 +3,7 @@ sopsFile = ./signal.yaml; }; services.mautrix-signal = { - enable = config.services.matrix-synapse.enable; + inherit (config.services.matrix-synapse) enable; environmentFile = config.sops.secrets.mautrix-signal-environment.path; settings = { homeserver = { @@ -13,24 +13,24 @@ }; appservice = { port = 9048; - ephemeral_events = false; + ephemeral_events = false; }; signal = { }; bridge = { history_sync = { - request_full_sync = true; + request_full_sync = true; + }; + private_chat_portal_meta = true; + mute_bridging = true; + encryption = { + allow = true; + default = true; + require = true; + }; + provisioning = { + shared_secret = "disable"; }; - private_chat_portal_meta = true; - mute_bridging = true; - encryption = { - allow = true; - default = true; - require = true; - }; - provisioning = { - shared_secret = "disable"; - }; permissions = { "kittywit.ch" = "full"; "@kat:kittywit.ch" = "admin"; @@ -39,4 +39,4 @@ }; }; }; -} \ No newline at end of file +} diff --git a/nixos/servers/matrix/slack.nix b/nixos/servers/matrix/slack.nix index 21c4c3a7..ac433f8e 100644 --- a/nixos/servers/matrix/slack.nix +++ b/nixos/servers/matrix/slack.nix @@ -3,7 +3,7 @@ sopsFile = ./slack.yaml; }; services.mautrix-slack = { - enable = config.services.matrix-synapse.enable; + inherit (config.services.matrix-synapse) enable; environmentFile = config.sops.secrets.mautrix-slack-environment.path; settings = { homeserver = { @@ -12,24 +12,24 @@ software = "standard"; }; appservice = { - ephemeral_events = false; + ephemeral_events = false; }; slack = { }; bridge = { history_sync = { - request_full_sync = true; + request_full_sync = true; + }; + private_chat_portal_meta = true; + mute_bridging = true; + encryption = { + allow = true; + default = true; + require = true; + }; + provisioning = { + shared_secret = "disable"; }; - private_chat_portal_meta = true; - mute_bridging = true; - encryption = { - allow = true; - default = true; - require = true; - }; - provisioning = { - shared_secret = "disable"; - }; permissions = { "kittywit.ch" = "full"; "@kat:kittywit.ch" = "admin"; diff --git a/nixos/servers/matrix/telegram.nix b/nixos/servers/matrix/telegram.nix index 7b3fb00f..10c28a23 100644 --- a/nixos/servers/matrix/telegram.nix +++ b/nixos/servers/matrix/telegram.nix @@ -3,7 +3,7 @@ sopsFile = ./telegram.yaml; }; services.mautrix-telegram = { - enable = config.services.matrix-synapse.enable; + inherit (config.services.matrix-synapse) enable; environmentFile = config.sops.secrets.mautrix-telegram-environment.path; settings = { homeserver = { diff --git a/nixos/servers/matrix/whatsapp.nix b/nixos/servers/matrix/whatsapp.nix index c8fb4f76..b073ae38 100644 --- a/nixos/servers/matrix/whatsapp.nix +++ b/nixos/servers/matrix/whatsapp.nix @@ -3,7 +3,7 @@ sopsFile = ./whatsapp.yaml; }; services.mautrix-whatsapp = { - enable = config.services.matrix-synapse.enable; + inherit (config.services.matrix-synapse) enable; environmentFile = config.sops.secrets.mautrix-whatsapp-environment.path; settings = { homeserver = { @@ -17,11 +17,11 @@ whatsapp = { }; bridge = { - encryption = { - allow = true; - default = true; - require = true; - }; + encryption = { + allow = true; + default = true; + require = true; + }; permissions = { "kittywit.ch" = "full"; "@whatsapp:kittywit.ch" = "admin"; diff --git a/nixos/servers/monica/monica.nix b/nixos/servers/monica/monica.nix index 32a1a05d..1d194640 100644 --- a/nixos/servers/monica/monica.nix +++ b/nixos/servers/monica/monica.nix @@ -1,8 +1,8 @@ -{ config, ... }: { +{config, ...}: { sops.secrets.monica_appkey = { sopsFile = ./secrets.yaml; owner = config.services.monica.user; - group = config.services.monica.group; + inherit (config.services.monica) group; }; services.monica = { enable = true; diff --git a/nixos/servers/rustdesk.nix b/nixos/servers/rustdesk.nix new file mode 100644 index 00000000..90db8b6e --- /dev/null +++ b/nixos/servers/rustdesk.nix @@ -0,0 +1,6 @@ +_: { + services.rustdesk-server = { + enable = true; + relayIP = "100.89.32.57"; + }; +} diff --git a/nixos/servers/tt-rss/nginx.nix b/nixos/servers/tt-rss/nginx.nix index 145e3399..4d2e19f3 100644 --- a/nixos/servers/tt-rss/nginx.nix +++ b/nixos/servers/tt-rss/nginx.nix @@ -5,4 +5,4 @@ _: { forceSSL = true; }; }; -} \ No newline at end of file +} diff --git a/nixos/servers/tt-rss/service.nix b/nixos/servers/tt-rss/service.nix index 75b4bf1f..b3a89e3d 100644 --- a/nixos/servers/tt-rss/service.nix +++ b/nixos/servers/tt-rss/service.nix @@ -1,20 +1,20 @@ -{ pkgs, ... }: { - services.tt-rss = { - enable = true; - virtualHost = "rss.kittywit.ch"; - selfUrlPath = "https://rss.kittywit.ch"; - database = { - type = "pgsql"; - host = null; - name = "tt_rss"; - createLocally = false; - }; - plugins = [ - "auth_internal" - "auth_ldap" - "note" - "updater" - "api_feedreader" - ]; +_: { + services.tt-rss = { + enable = true; + virtualHost = "rss.kittywit.ch"; + selfUrlPath = "https://rss.kittywit.ch"; + database = { + type = "pgsql"; + host = null; + name = "tt_rss"; + createLocally = false; }; -} \ No newline at end of file + plugins = [ + "auth_internal" + "auth_ldap" + "note" + "updater" + "api_feedreader" + ]; + }; +} diff --git a/nixos/servers/weechat/buflist.nix b/nixos/servers/weechat/buflist.nix index a051ac93..38cc6974 100644 --- a/nixos/servers/weechat/buflist.nix +++ b/nixos/servers/weechat/buflist.nix @@ -1,17 +1,17 @@ -{ config, ... }: { - home-manager.users.kat.programs.weechat.config.buflist = { - format = with config.base16.defaultScheme.map.ansiStr; { - indent = " "; # default " " - buffer_current = "\${color:,${base02}}\${format_buffer}"; - hotlist = " \${color:${base0D}}(\${hotlist}\${color:${base0D}})"; - hotlist_highlight = "\${color:${base0E}}"; - hotlist_low = "\${color:${base03}}"; - hotlist_message = "\${color:${base08}}"; - hotlist_none = "\${color:${base05}}"; - hotlist_private = "\${color:${base09}}"; - hotlist_separator = "\${color:${base04}},"; - number = "\${color:${base09}}\${number}\${if:\${number_displayed}?.: }"; - }; - look.use_items = 4; +{config, ...}: { + home-manager.users.kat.programs.weechat.config.buflist = { + format = with config.base16.defaultScheme.map.ansiStr; { + indent = " "; # default " " + buffer_current = "\${color:,${base02}}\${format_buffer}"; + hotlist = " \${color:${base0D}}(\${hotlist}\${color:${base0D}})"; + hotlist_highlight = "\${color:${base0E}}"; + hotlist_low = "\${color:${base03}}"; + hotlist_message = "\${color:${base08}}"; + hotlist_none = "\${color:${base05}}"; + hotlist_private = "\${color:${base09}}"; + hotlist_separator = "\${color:${base04}},"; + number = "\${color:${base09}}\${number}\${if:\${number_displayed}?.: }"; }; + look.use_items = 4; + }; } diff --git a/nixos/servers/weechat/init.nix b/nixos/servers/weechat/init.nix index a47bdd0d..7ebf026e 100644 --- a/nixos/servers/weechat/init.nix +++ b/nixos/servers/weechat/init.nix @@ -1,46 +1,46 @@ -{ config, pkgs, lib, ... }: let - inherit (lib.modules) mkMerge mkBefore mkAfter; +{lib, ...}: let + inherit (lib.modules) mkMerge mkBefore mkAfter; in { - home-manager.users.kat = { config, ... }: { - sops.secrets = let - common = { - sopsFile = ./secrets.yaml; - }; - in { - weechat-secret = common; - liberachat-cert = common; - espernet-cert = common; - softnet-cert = common; - }; - - programs.weechat = { - init = mkMerge [ - (mkBefore '' - /matrix server add kittywitch yukari.gensokyo.zone - /matrix server add kittywitch-discord yukari.gensokyo.zone - /matrix server add kittywitch-telegram yukari.gensokyo.zone - /matrix server add kittywitch-whatsapp yukari.gensokyo.zone - /matrix server add kittywitch-signal yukari.gensokyo.zone - /matrix server add kittywitch-slack yukari.gensokyo.zone - /exec -sh -norc -oc cat ${config.sops.secrets.weechat-secret.path} - /set irc.server.liberachat.tls_cert ${config.sops.secrets.liberachat-cert.path} - /set irc.server.espernet.tls_cert ${config.sops.secrets.espernet-cert.path} - /set irc.server.softnet.tls_cert ${config.sops.secrets.softnet-cert.path} - /key bind meta-g /go - /key bind meta-v /input jump_last_buffer_displayed - /key bind meta-c /buffer close - /key bind meta-n /bar toggle nicklist - /key bind meta-b /bar toggle buflist - /relay add weechat 9000 - '') - (mkAfter '' - /matrix connect kittywitch - /matrix connect kittywitch-discord - /matrix connect kittywitch-telegram - /matrix connect kittywitch-whatsapp - /matrix connect kittywitch-signal - '') - ]; - }; + home-manager.users.kat = {config, ...}: { + sops.secrets = let + common = { + sopsFile = ./secrets.yaml; + }; + in { + weechat-secret = common; + liberachat-cert = common; + espernet-cert = common; + softnet-cert = common; }; -} \ No newline at end of file + + programs.weechat = { + init = mkMerge [ + (mkBefore '' + /matrix server add kittywitch yukari.gensokyo.zone + /matrix server add kittywitch-discord yukari.gensokyo.zone + /matrix server add kittywitch-telegram yukari.gensokyo.zone + /matrix server add kittywitch-whatsapp yukari.gensokyo.zone + /matrix server add kittywitch-signal yukari.gensokyo.zone + /matrix server add kittywitch-slack yukari.gensokyo.zone + /exec -sh -norc -oc cat ${config.sops.secrets.weechat-secret.path} + /set irc.server.liberachat.tls_cert ${config.sops.secrets.liberachat-cert.path} + /set irc.server.espernet.tls_cert ${config.sops.secrets.espernet-cert.path} + /set irc.server.softnet.tls_cert ${config.sops.secrets.softnet-cert.path} + /key bind meta-g /go + /key bind meta-v /input jump_last_buffer_displayed + /key bind meta-c /buffer close + /key bind meta-n /bar toggle nicklist + /key bind meta-b /bar toggle buflist + /relay add weechat 9000 + '') + (mkAfter '' + /matrix connect kittywitch + /matrix connect kittywitch-discord + /matrix connect kittywitch-telegram + /matrix connect kittywitch-whatsapp + /matrix connect kittywitch-signal + '') + ]; + }; + }; +} diff --git a/nixos/servers/weechat/irc.nix b/nixos/servers/weechat/irc.nix index 4555034f..36c1c87f 100644 --- a/nixos/servers/weechat/irc.nix +++ b/nixos/servers/weechat/irc.nix @@ -1,8 +1,8 @@ _: { - home-manager.users.kat.programs.weechat.config.irc = { - look = { - server_buffer = "independent"; - color_nicks_in_nicklist = true; - }; + home-manager.users.kat.programs.weechat.config.irc = { + look = { + server_buffer = "independent"; + color_nicks_in_nicklist = true; }; + }; } diff --git a/nixos/servers/weechat/matrix.nix b/nixos/servers/weechat/matrix.nix index f1cf74d0..f67de002 100644 --- a/nixos/servers/weechat/matrix.nix +++ b/nixos/servers/weechat/matrix.nix @@ -1,24 +1,24 @@ -{ pkgs, ... }: { - home-manager.users.kat.programs.weechat = { - scripts = with pkgs.weechatScripts; [ - weechat-matrix - ]; - plugins = { - python = { - packages = [ "weechat-matrix" ]; - }; - }; - config.matrix = { - network = { - max_backlog_sync_events = 30; - lazy_load_room_users = true; - autoreconnect_delay_max = 5; - lag_min-show = 1000; - }; - look = { - server_buffer = "independent"; - redactions = "notice"; - }; - }; +{pkgs, ...}: { + home-manager.users.kat.programs.weechat = { + scripts = with pkgs.weechatScripts; [ + weechat-matrix + ]; + plugins = { + python = { + packages = ["weechat-matrix"]; + }; }; + config.matrix = { + network = { + max_backlog_sync_events = 30; + lazy_load_room_users = true; + autoreconnect_delay_max = 5; + lag_min-show = 1000; + }; + look = { + server_buffer = "independent"; + redactions = "notice"; + }; + }; + }; } diff --git a/nixos/servers/weechat/nginx.nix b/nixos/servers/weechat/nginx.nix index bc7d2881..831c85d3 100644 --- a/nixos/servers/weechat/nginx.nix +++ b/nixos/servers/weechat/nginx.nix @@ -1,13 +1,13 @@ -{ pkgs, ... }: { +{pkgs, ...}: { services.nginx.virtualHosts."irc.kittywit.ch" = { enableACME = true; forceSSL = true; locations = { - "/" = { root = pkgs.glowing-bear; }; + "/" = {root = pkgs.glowing-bear;}; "^~ /weechat" = { proxyPass = "http://127.0.0.1:9000"; proxyWebsockets = true; }; }; }; -} \ No newline at end of file +} diff --git a/nixos/servers/weechat/perl.nix b/nixos/servers/weechat/perl.nix index f36b21fd..9fde1339 100644 --- a/nixos/servers/weechat/perl.nix +++ b/nixos/servers/weechat/perl.nix @@ -1,25 +1,25 @@ -{ pkgs, lib, ... }: { - home-manager.users.kat.programs.weechat = { - plugins = { - perl = { - enable = true; - }; - }; - scripts = with pkgs.weechatScripts; [ - highmon - parse_relayed_msg - ]; - config.plugins.var.perl = { - highmon = { - short_names = "on"; - output = "buffer"; - merge_private = "on"; - alignment = "nchannel,nick"; - }; - parse_relayed_msg = { - servername = "espernet"; - supported_bot_names = "cord"; - }; - }; +{pkgs, ...}: { + home-manager.users.kat.programs.weechat = { + plugins = { + perl = { + enable = true; + }; }; -} \ No newline at end of file + scripts = with pkgs.weechatScripts; [ + highmon + parse_relayed_msg + ]; + config.plugins.var.perl = { + highmon = { + short_names = "on"; + output = "buffer"; + merge_private = "on"; + alignment = "nchannel,nick"; + }; + parse_relayed_msg = { + servername = "espernet"; + supported_bot_names = "cord"; + }; + }; + }; +} diff --git a/nixos/servers/weechat/python.nix b/nixos/servers/weechat/python.nix index 9dc65a26..5d177f5d 100644 --- a/nixos/servers/weechat/python.nix +++ b/nixos/servers/weechat/python.nix @@ -1,70 +1,77 @@ -{ config, pkgs, std, inputs, lib, ... }: let - inherit (builtins) toJSON; - inherit (std) list set; +{ + config, + pkgs, + std, + inputs, + lib, + ... +}: let + inherit (builtins) toJSON; + inherit (std) list set; in { - home-manager.users.kat.programs.weechat = { - plugins = { - python = { - enable = true; - }; - }; - scripts = with pkgs.weechatScripts; [ - colorize_nicks - title - weechat-go - weechat-notify-send - vimode-develop - auto_away - weechat-autosort - urlgrab - unread_buffer - ]; - config.plugins.var = with set.map (_: v: "colour${builtins.toString (list.unsafeHead v)}") inputs.base16.lib.base16.shell.mapping256; { - python = { - vimode = { - copy_clipboard_cmd = "wl-copy"; - paste_clipboard_cmd = "wl-paste --no-newline"; - imap_esc_timeout = "100"; - search_vim = true; - user_mappings = toJSON { - "," = "/buffer #{1}"; - "``" = "/input jump_last_buffer_displayed"; - "`n" = "/input jump_smart"; - "k" = "/input history_previous"; - "j" = "/input history_next"; - "p" = "a/input clipboard_paste"; - "P" = "/input clipboard_paste"; - #"u" = "/input undo"; - #"\\x01R" = "/input redo"; - "\\x01K" = "/buffer move -1"; - "\\x01J" = "/buffer move +1"; - }; - user_mappings_noremap = toJSON { - "\\x01P" = "p"; - "/" = "i/"; - }; - user_search_mapping = "?"; - mode_indicator_cmd_color_bg = base01; - mode_indicator_cmd_color = base04; - mode_indicator_insert_color_bg = base01; - mode_indicator_insert_color = base04; - mode_indicator_normal_color_bg = base01; - mode_indicator_normal_color = base04; - mode_indicator_replace_color_bg = base01; - mode_indicator_replace_color = base0E; - mode_indicator_search_color_bg = base0E; - mode_indicator_search_color = base04; - no_warn = true; - }; - title = { - title_prefix = "weechat - "; - show_hotlist = true; - current_buffer_suffix = " ["; - title_suffix = " ]"; - }; - notify_send.icon = ""; - go.short_name = true; - }; - }; + home-manager.users.kat.programs.weechat = { + plugins = { + python = { + enable = true; + }; }; -} \ No newline at end of file + scripts = with pkgs.weechatScripts; [ + colorize_nicks + title + weechat-go + weechat-notify-send + vimode-develop + auto_away + weechat-autosort + urlgrab + unread_buffer + ]; + config.plugins.var = with set.map (_: v: "colour${builtins.toString (list.unsafeHead v)}") inputs.base16.lib.base16.shell.mapping256; { + python = { + vimode = { + copy_clipboard_cmd = "wl-copy"; + paste_clipboard_cmd = "wl-paste --no-newline"; + imap_esc_timeout = "100"; + search_vim = true; + user_mappings = toJSON { + "," = "/buffer #{1}"; + "``" = "/input jump_last_buffer_displayed"; + "`n" = "/input jump_smart"; + "k" = "/input history_previous"; + "j" = "/input history_next"; + "p" = "a/input clipboard_paste"; + "P" = "/input clipboard_paste"; + #"u" = "/input undo"; + #"\\x01R" = "/input redo"; + "\\x01K" = "/buffer move -1"; + "\\x01J" = "/buffer move +1"; + }; + user_mappings_noremap = toJSON { + "\\x01P" = "p"; + "/" = "i/"; + }; + user_search_mapping = "?"; + mode_indicator_cmd_color_bg = base01; + mode_indicator_cmd_color = base04; + mode_indicator_insert_color_bg = base01; + mode_indicator_insert_color = base04; + mode_indicator_normal_color_bg = base01; + mode_indicator_normal_color = base04; + mode_indicator_replace_color_bg = base01; + mode_indicator_replace_color = base0E; + mode_indicator_search_color_bg = base0E; + mode_indicator_search_color = base04; + no_warn = true; + }; + title = { + title_prefix = "weechat - "; + show_hotlist = true; + current_buffer_suffix = " ["; + title_suffix = " ]"; + }; + notify_send.icon = ""; + go.short_name = true; + }; + }; + }; +} diff --git a/nixos/servers/weechat/urlgrab.nix b/nixos/servers/weechat/urlgrab.nix index 34bc8368..7130c272 100644 --- a/nixos/servers/weechat/urlgrab.nix +++ b/nixos/servers/weechat/urlgrab.nix @@ -1,3 +1,3 @@ -{ pkgs, ... }: { - home-manager.users.kat.programs.weechat.config.matrix.urlgrab.default.copycmd = "${pkgs.xclip}/bin/xclip -sel clipboard"; +{pkgs, ...}: { + home-manager.users.kat.programs.weechat.config.matrix.urlgrab.default.copycmd = "${pkgs.xclip}/bin/xclip -sel clipboard"; } diff --git a/nixos/servers/weechat/weechat.nix b/nixos/servers/weechat/weechat.nix index abc4c501..aec7fb14 100644 --- a/nixos/servers/weechat/weechat.nix +++ b/nixos/servers/weechat/weechat.nix @@ -1,56 +1,54 @@ -{ config, std, inputs, lib, ... }: let - inherit (std) list set; -in { - home-manager.users.kat = { - services.weechat.enable = true; - programs.weechat = { - enable = true; - config.weechat = with config.base16.defaultScheme.map.ansiStr; { - look = { - mouse = true; - separator_horizontal = ""; - read_marker_string = "─"; - prefix_same_nick = "↳"; - highlight_disable_regex = "signal|discord|telegram|whatsapp"; - highlight = "kat,kittywitch"; - }; - # color overrides - color = { - chat_nick_self = base0E; - separator = base06; - chat_read_marker = base0B; - chat_read_marker_bg = base03; - }; - # bars config - bar = { - buflist = { - size_max = 24; - color_delim = base0E; - }; - input = { - items = "[input_prompt]+(away),[input_search],[input_paste],input_text,[vi_buffer]"; - color_delim = base0E; - conditions = "\${window.buffer.full_name} != perl.highmon"; - }; - nicklist = { - size_max = 18; - color_delim = base0E; - }; - status = { - color_bg = base02; - color_fg = base06; - color_delim = base0E; - items = "[time],mode_indicator,[buffer_last_number],[buffer_plugin],buffer_number+:+buffer_name+(buffer_modes)+{buffer_nicklist_count}+matrix_typing_notice+buffer_zoom+buffer_filter,scroll,[lag],[hotlist],completion,cmd_completion"; - conditions = "\${window.buffer.full_name} != perl.highmon"; - }; - title = { - color_bg = base02; - color_fg = base06; - color_delim = base0E; - conditions = "\${window.buffer.full_name} != perl.highmon"; - }; - }; - }; +{config, ...}: { + home-manager.users.kat = { + services.weechat.enable = true; + programs.weechat = { + enable = true; + config.weechat = with config.base16.defaultScheme.map.ansiStr; { + look = { + mouse = true; + separator_horizontal = ""; + read_marker_string = "─"; + prefix_same_nick = "↳"; + highlight_disable_regex = "signal|discord|telegram|whatsapp"; + highlight = "kat,kittywitch"; }; - }; -} \ No newline at end of file + # color overrides + color = { + chat_nick_self = base0E; + separator = base06; + chat_read_marker = base0B; + chat_read_marker_bg = base03; + }; + # bars config + bar = { + buflist = { + size_max = 24; + color_delim = base0E; + }; + input = { + items = "[input_prompt]+(away),[input_search],[input_paste],input_text,[vi_buffer]"; + color_delim = base0E; + conditions = "\${window.buffer.full_name} != perl.highmon"; + }; + nicklist = { + size_max = 18; + color_delim = base0E; + }; + status = { + color_bg = base02; + color_fg = base06; + color_delim = base0E; + items = "[time],mode_indicator,[buffer_last_number],[buffer_plugin],buffer_number+:+buffer_name+(buffer_modes)+{buffer_nicklist_count}+matrix_typing_notice+buffer_zoom+buffer_filter,scroll,[lag],[hotlist],completion,cmd_completion"; + conditions = "\${window.buffer.full_name} != perl.highmon"; + }; + title = { + color_bg = base02; + color_fg = base06; + color_delim = base0E; + conditions = "\${window.buffer.full_name} != perl.highmon"; + }; + }; + }; + }; + }; +} diff --git a/overlays.nix b/overlays.nix index 4109c77f..adeecbde 100644 --- a/overlays.nix +++ b/overlays.nix @@ -2,8 +2,7 @@ inputs, tree, ... -}: -[ +}: [ (final: prev: inputs.arcexprs.overlays.default final prev) inputs.darwin.overlays.default inputs.deploy-rs.overlay diff --git a/packages/mautrix-slack.nix b/packages/mautrix-slack.nix index 9d6c8ded..f2207537 100644 --- a/packages/mautrix-slack.nix +++ b/packages/mautrix-slack.nix @@ -1,5 +1,9 @@ -{ lib, buildGoModule, fetchFromGitHub, olm, libsignal-ffi }: - +{ + lib, + buildGoModule, + fetchFromGitHub, + olm, +}: buildGoModule rec { pname = "mautrix-slack"; version = "2024-05-01"; @@ -23,7 +27,7 @@ buildGoModule rec { homepage = "https://github.com/mautrix/slack"; description = "A Matrix-Slack puppeting bridge"; license = licenses.agpl3Plus; - maintainers = with maintainers; [ kittywitch ]; + maintainers = with maintainers; [kittywitch]; mainProgram = "mautrix-slack"; }; } diff --git a/packages/synapse-cleanup/cleanup.sh b/packages/synapse-cleanup/cleanup.sh index 2f10e6e7..da0d99cd 100644 --- a/packages/synapse-cleanup/cleanup.sh +++ b/packages/synapse-cleanup/cleanup.sh @@ -41,7 +41,7 @@ main() { if [[ -z "$HOMESERVER" || -z "$API_ID" || -z "$DISCORD_WEBHOOK_LINK" ]]; then send_discord_message "Error: HOMESERVER, API_ID, and DISCORD_WEBHOOK_LINK must be set." exit 1 - fi + } # Initial sizes and usage local db_before_size=$(get_db_size) @@ -59,7 +59,7 @@ main() { "https://${HOMESERVER}/_synapse/admin/v1/rooms?limit=500" > "${TEMPDIR}/roomlist.json" jq '.rooms[] | select(.joined_local_members == 0) | .room_id' < "${TEMPDIR}/roomlist.json" > "${TEMPDIR}/to_purge.txt" - jq '.rooms[] | select(.joined_local_members != 0) | .room_id' < "${TEMPDIR}/roomlist.json" > "${TEMPDIR}/history_purge.txt" + jq -c '.rooms[] | select(.joined_local_members != 0) | .room_id' < "${TEMPDIR}/roomlist.json" > "${TEMPDIR}/history_purge.txt" local ts=$(( $(date --date="${MONTHS_TO_KEEP} month ago" +%s)*1000 )) @@ -74,15 +74,18 @@ main() { -H "Content-Type: application/json" -d "{}" \ "https://${HOMESERVER}/_synapse/admin/v2/rooms/${room_id}" fi - done < <(jq -r '.[]' "${TEMPDIR}/to_purge.txt") + done < "${TEMPDIR}/to_purge.txt" send_discord_message "Deleting unnecessary room history" while read -r room_id; do - curl --header "Authorization: Bearer ${API_ID}" -X POST \ - -H "Content-Type: application/json" \ - -d "{ \"delete_local_events\": true, \"purge_up_to_ts\": ${ts} }" \ - "https://${HOMESERVER}/_synapse/admin/v1/purge_history/${room_id}" - done < <(jq -r '.[]' "${TEMPDIR}/history_purge.txt") + room_id=$(echo "$room_id" | tr -d '"') # Remove quotes if present + if [ -n "${room_id}" ]; then + curl --header "Authorization: Bearer ${API_ID}" -X POST \ + -H "Content-Type: application/json" \ + -d "{ \"delete_local_events\": true, \"purge_up_to_ts\": ${ts} }" \ + "https://${HOMESERVER}/_synapse/admin/v1/purge_history/${room_id}" + fi + done < "${TEMPDIR}/history_purge.txt" send_discord_message "Performing database optimization" systemctl stop matrix-synapse @@ -117,4 +120,4 @@ Filesystem usage: ${fs_before_usage} -> ${fs_after_usage}" } # Run the main function -main +main \ No newline at end of file diff --git a/shells/repo.nix b/shells/repo.nix index 9478ea4e..27f87197 100644 --- a/shells/repo.nix +++ b/shells/repo.nix @@ -2,7 +2,6 @@ pkgs, inputs, std, - lib, ... }: with pkgs; let diff --git a/systems/daiyousei.nix b/systems/daiyousei.nix index fe2abd7e..1634b50c 100644 --- a/systems/daiyousei.nix +++ b/systems/daiyousei.nix @@ -1,12 +1,9 @@ _: let hostConfig = { - lib, tree, modulesPath, ... - }: let - inherit (lib.modules) mkDefault; - in { + }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") @@ -18,7 +15,7 @@ _: let oracle_flex ]) ++ (with tree.nixos.servers; [ - ]); + ]); system.stateVersion = "23.11"; }; diff --git a/systems/default.nix b/systems/default.nix index f61aad9e..738cac70 100644 --- a/systems/default.nix +++ b/systems/default.nix @@ -1,8 +1,10 @@ -{ inputs, +{ + inputs, tree, lib, std, - pkgs, }: let + pkgs, +}: let # The purpose of this file is to set up the host module which allows assigning of the system, e.g. aarch64-linux and the builder used with less pain. inherit (lib.modules) evalModules; inherit (std) set; diff --git a/systems/fullhome.nix b/systems/fullhome.nix index 48591bc3..99263a9b 100644 --- a/systems/fullhome.nix +++ b/systems/fullhome.nix @@ -1,20 +1,12 @@ _: let - hostConfig = { - lib, - tree, - modulesPath, - ... - }: let - inherit (lib.modules) mkDefault; - in { - imports = - with tree.home.profiles; [ - common - devops - graphical - neovim - shell - ]; + hostConfig = {tree, ...}: { + imports = with tree.home.profiles; [ + common + devops + graphical + neovim + shell + ]; }; in { arch = "x86_64"; diff --git a/systems/goliath.nix b/systems/goliath.nix index 9bf64a64..15845121 100644 --- a/systems/goliath.nix +++ b/systems/goliath.nix @@ -3,7 +3,6 @@ _: let config, lib, tree, - pkgs, ... }: let inherit (lib.lists) singleton; diff --git a/systems/koishi.nix b/systems/koishi.nix index 009f84cc..b52b6a21 100644 --- a/systems/koishi.nix +++ b/systems/koishi.nix @@ -1,11 +1,5 @@ _: let - hostConfig = { - tree, - pkgs, - lib, - inputs, - ... - }: { + hostConfig = {tree, ...}: { imports = (with tree.nixos.hardware; [ framework @@ -17,6 +11,7 @@ _: let laptop bcachefs sdr + virtualisation secureboot ]) ++ (with tree.nixos.environments; [ @@ -43,32 +38,34 @@ _: let }; }; - boot.extraModprobeConfig = "options snd_hda_intel power_save=0"; + boot.extraModprobeConfig = "options snd_hda_intel power_save=0"; - programs.ssh.extraConfig = '' - Host daiyousei-build - HostName 140.238.156.121 - User root - IdentityAgent /run/user/1000/gnupg/S.gpg-agent.ssh - ''; + programs.ssh.extraConfig = '' + Host daiyousei-build + HostName 140.238.156.121 + User root + IdentityAgent /run/user/1000/gnupg/S.gpg-agent.ssh + ''; - nix.buildMachines = [ - { - hostName = "daiyousei-build"; - system = "aarch64-linux"; - protocol = "ssh-ng"; - maxJobs = 100; - speedFactor = 1; - supportedFeatures = [ "benchmark" "big-parallel" "kvm" ]; - mandatoryFeatures = [ ]; - } + nix = { + buildMachines = [ + { + hostName = "daiyousei-build"; + system = "aarch64-linux"; + protocol = "ssh-ng"; + maxJobs = 100; + speedFactor = 1; + supportedFeatures = ["benchmark" "big-parallel" "kvm"]; + mandatoryFeatures = []; + } ]; + distributedBuilds = true; + extraOptions = '' + builders-use-substitutes = true + ''; + }; - nix.distributedBuilds = true; - # optional, useful when the builder has a faster internet connection than yours - nix.extraOptions = '' - builders-use-substitutes = true - ''; + # optional, useful when the builder has a faster internet connection than yours services.printing.enable = true; services.hardware.bolt.enable = true; diff --git a/systems/mai.nix b/systems/mai.nix index 9428a169..19a8619d 100644 --- a/systems/mai.nix +++ b/systems/mai.nix @@ -1,12 +1,9 @@ _: let hostConfig = { - lib, tree, modulesPath, ... - }: let - inherit (lib.modules) mkDefault; - in { + }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") @@ -18,7 +15,7 @@ _: let oracle_micro ]) ++ (with tree.nixos.servers; [ - ]); + ]); system.stateVersion = "23.11"; }; diff --git a/systems/mei.nix b/systems/mei.nix index 9428a169..7f012d8d 100644 --- a/systems/mei.nix +++ b/systems/mei.nix @@ -1,12 +1,9 @@ _: let hostConfig = { - lib, tree, modulesPath, ... - }: let - inherit (lib.modules) mkDefault; - in { + }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") @@ -18,6 +15,7 @@ _: let oracle_micro ]) ++ (with tree.nixos.servers; [ + rustdesk ]); system.stateVersion = "23.11"; diff --git a/tf/dork-pages.tf b/tf/dork-pages.tf index c7a34ad0..49e6e52e 100644 --- a/tf/dork-pages.tf +++ b/tf/dork-pages.tf @@ -27,6 +27,7 @@ resource "cloudflare_pages_domain" "dorkdev_root" { account_id = local.account_id project_name = "dorkdev" domain = local.zones.dork + } resource "cloudflare_record" "dorkdev_root_pages" { diff --git a/tf/inskip-pages.tf b/tf/inskip-pages.tf index 3e735028..200d07c2 100644 --- a/tf/inskip-pages.tf +++ b/tf/inskip-pages.tf @@ -38,6 +38,6 @@ resource "cloudflare_record" "inskip_root_pages" { proxied = false ttl = 3600 type = "CNAME" - value = "${cloudflare_pages_project.inskip_root.name}.pages.dev" + value = cloudflare_pages_project.inskip_root.subdomain zone_id = local.zone_ids.inskip } \ No newline at end of file diff --git a/tf/tf.tfvars b/tf/tf.tfvars new file mode 100644 index 00000000..e69de29b diff --git a/tree.nix b/tree.nix index 4fd066d0..d099f3a7 100644 --- a/tree.nix +++ b/tree.nix @@ -70,7 +70,7 @@ "modules/system" = { functor = { enable = true; - }; + }; }; "modules/nixos" = { functor = {