kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

style: alejandra, deadnix, statix

Browse source
This commit is contained in:
Kat Inskip 2024-08-03 16:10:47 -07:00
parent 2e7ee0e4ca
commit 17c69c99de
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
78 changed files with 1051 additions and 878 deletions
Download patch file Download diff file Expand all files Collapse all files

11
ci/common.nix
View file

@ -1,5 +1,4 @@
{ {
lib,
channels, channels,
config, config,
... ...
@ -18,10 +17,12 @@
}; };
}; };
/*nix.config = { /*
nix.config = {
extra-platforms = ["aarch64-linux" "armv6l-linux" "armv7l-linux"]; extra-platforms = ["aarch64-linux" "armv6l-linux" "armv7l-linux"];
#extra-sandbox-paths = with channels.cipkgs; map (package: builtins.unsafeDiscardStringContext "${package}?") [bash qemu "/run/binfmt"]; #extra-sandbox-paths = with channels.cipkgs; map (package: builtins.unsafeDiscardStringContext "${package}?") [bash qemu "/run/binfmt"];
};*/ };
*/
channels = { channels = {
nixfiles.path = ../.; nixfiles.path = ../.;
@ -39,8 +40,8 @@
signingKey = null; signingKey = null;
}; };
kittywitch = { kittywitch = {
enable = true; enable = true;
publicKey = "kittywitch.cachix.org-1:KIzX/G5cuPw5WgrXad6UnrRZ8UDr7jhXzRTK/lmqyK0="; publicKey = "kittywitch.cachix.org-1:KIzX/G5cuPw5WgrXad6UnrRZ8UDr7jhXzRTK/lmqyK0=";
signingKey = "mewp"; signingKey = "mewp";
}; };
}; };

15
ci/flake-cron.nix
View file

@ -1,20 +1,17 @@
{ {
lib, lib,
channels,
config, config,
... ...
}: }:
with lib; let with lib; {
pkgs = channels.nixpkgs; imports = [./common.nix];
in {
imports = [ ./common.nix ];
config = { config = {
name = "flake-update"; name = "flake-update";
gh-actions = { gh-actions = {
env = { env = {
CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}"; CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}";
DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}"; DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}";
}; };
on = let on = let
paths = [ paths = [
@ -53,8 +50,8 @@ in {
}; };
jobs = { jobs = {
flake-update = { ... }: { flake-update = {...}: {
imports = [ ./packages.nix ]; imports = [./packages.nix];
}; };
}; };

89
ci/nodes.nix
View file

@ -5,18 +5,17 @@
... ...
}: }:
with lib; let with lib; let
pkgs = channels.nixpkgs; enabledNixosSystems = filterAttrs (_: system: system.config.ci.enable && system.config.type == "NixOS") channels.nixfiles.systems;
enabledNixosSystems = filterAttrs (_: system: system.config.ci.enable && system.config.type == "NixOS") channels.nixfiles.systems; enabledHomeSystems = filterAttrs (_: system: system.config.ci.enable && system.config.type == "Home") channels.nixfiles.systems;
enabledHomeSystems = filterAttrs (_: system: system.config.ci.enable && system.config.type == "Home") channels.nixfiles.systems;
in { in {
imports = [ ./common.nix ]; imports = [./common.nix];
config = { config = {
name = "nodes"; name = "nodes";
gh-actions = { gh-actions = {
env = { env = {
CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}"; CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}";
DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}"; DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}";
}; };
on = let on = let
paths = [ paths = [
@ -34,47 +33,53 @@ in {
workflow_dispatch = {}; workflow_dispatch = {};
}; };
jobs = let jobs = let
genericNixosBuildJob = name: system: nameValuePair "nixos-${name}" { genericNixosBuildJob = name: _system:
nameValuePair "nixos-${name}" {
step.${name} = { step.${name} = {
name = "build system closure for ${name}"; name = "build system closure for ${name}";
order = 500; order = 500;
run = "nix run .#nf-build-system -- nixosConfigurations.${name}.config.system.build.toplevel ${name} NixOS"; run = "nix run .#nf-build-system -- nixosConfigurations.${name}.config.system.build.toplevel ${name} NixOS";
env = { env = {
CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}"; CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}";
DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}"; DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}";
NF_UPDATE_CACHIX_PUSH = "1"; NF_UPDATE_CACHIX_PUSH = "1";
NF_CONFIG_ROOT = "\${{ github.workspace }}"; NF_CONFIG_ROOT = "\${{ github.workspace }}";
}; };
}; };
}; };
genericHomeBuildJob = name: system: nameValuePair "home-${name}" { genericHomeBuildJob = name: _system:
nameValuePair "home-${name}" {
step.${name} = { step.${name} = {
name = "build home closure for ${name}"; name = "build home closure for ${name}";
order = 500; order = 500;
run = "nix run .#nf-build-system -- homeConfigurations.${name}.activationPackage ${name} Home"; run = "nix run .#nf-build-system -- homeConfigurations.${name}.activationPackage ${name} Home";
env = { env = {
CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}"; CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}";
DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}"; DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}";
NF_UPDATE_CACHIX_PUSH = "1"; NF_UPDATE_CACHIX_PUSH = "1";
NF_CONFIG_ROOT = "\${{ github.workspace }}"; NF_CONFIG_ROOT = "\${{ github.workspace }}";
}; };
}; };
}; };
nixosBuildJobs = mapAttrs' genericNixosBuildJob enabledNixosSystems; nixosBuildJobs = mapAttrs' genericNixosBuildJob enabledNixosSystems;
homeBuildJobs = mapAttrs' genericHomeBuildJob enabledHomeSystems; homeBuildJobs = mapAttrs' genericHomeBuildJob enabledHomeSystems;
in nixosBuildJobs // homeBuildJobs; in
nixosBuildJobs // homeBuildJobs;
}; };
jobs = let jobs = let
genericNixosBuildJob = name: system: nameValuePair "nixos-${name}" ({ ... }: { genericNixosBuildJob = name: _system:
#imports = [ ./packages.nix ]; nameValuePair "nixos-${name}" (_: {
}); #imports = [ ./packages.nix ];
genericHomeBuildJob = name: system: nameValuePair "home-${name}" ({ ... }: { });
#imports = [ ./packages.nix ]; genericHomeBuildJob = name: _system:
}); nameValuePair "home-${name}" (_: {
nixosBuildJobs = mapAttrs' genericNixosBuildJob enabledNixosSystems; #imports = [ ./packages.nix ];
homeBuildJobs = mapAttrs' genericHomeBuildJob enabledHomeSystems; });
in nixosBuildJobs // homeBuildJobs; nixosBuildJobs = mapAttrs' genericNixosBuildJob enabledNixosSystems;
homeBuildJobs = mapAttrs' genericHomeBuildJob enabledHomeSystems;
in
nixosBuildJobs // homeBuildJobs;
ci.gh-actions.checkoutOptions = { ci.gh-actions.checkoutOptions = {
fetch-depth = 0; fetch-depth = 0;

14
ci/packages.nix
View file

@ -1,16 +1,14 @@
{ {channels, ...}: let
lib,
config,
channels,
...
}: let
inherit (channels.nixfiles) legacyPackages; inherit (channels.nixfiles) legacyPackages;
in { in {
tasks = { tasks = {
devShell.inputs = with legacyPackages.x86_64-linux; [ devShell.inputs = with legacyPackages.x86_64-linux; [
deploy-rs deploy-rs
terraform tflint terraform
alejandra deadnix statix tflint
alejandra
deadnix
statix
ssh-to-age ssh-to-age
]; ];
}; };

2
common/home.nix
View file

@ -20,7 +20,7 @@ in {
++ list.optional (tree.${systemType} ? home) tree.${systemType}.home; ++ list.optional (tree.${systemType} ? home) tree.${systemType}.home;
users.kat.imports = with tree.home.profiles; [ users.kat.imports = with tree.home.profiles; [
common common
]; ];
extraSpecialArgs = { extraSpecialArgs = {

160
flake.lock generated
View file

@ -1,15 +1,48 @@
{ {
"nodes": { "nodes": {
"aquamarine": {
"inputs": {
"hyprutils": [
"hyprland",
"hyprutils"
],
"hyprwayland-scanner": [
"hyprland",
"hyprwayland-scanner"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1721853718,
"narHash": "sha256-QEkCryhEMBW8maWEbwN0LoJIjdt640FviwMeJpghJXM=",
"owner": "hyprwm",
"repo": "aquamarine",
"rev": "353dc1b7299d43f08de44276b93ae32726ff9d70",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "aquamarine",
"type": "github"
}
},
"arcexprs": { "arcexprs": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1720471472, "lastModified": 1721151051,
"narHash": "sha256-2mq+DpPirJ+0M6fxQYTaXiI7Z+CdKSXjTxoy93stX1g=", "narHash": "sha256-TLhFUzwYXvq8UQFho0y6hbBsR2puLWdgPyU8epBrG18=",
"owner": "arcnmx", "owner": "arcnmx",
"repo": "nixexprs", "repo": "nixexprs",
"rev": "0067d9ff3aa5ce2f4e3c64a534494aa2700fcff1", "rev": "158921b420fe8866b5201f74a0868230bc4b9e9d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -131,11 +164,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720845312, "lastModified": 1721719500,
"narHash": "sha256-yPhAsJTpyoIPQZJGC8Fw8W2lAXyhLoTn+HP20bmfkfk=", "narHash": "sha256-nnkqjv4Y37Hydjh6HE9wW4kSkV5Q7q4iIXlL5lwUFOw=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "5ce8503cf402cf76b203eba4b7e402bea8e44abc", "rev": "884f3fe6d9bf056ba0017c132c39c1f0d07d4fec",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -310,11 +343,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720734513, "lastModified": 1721852138,
"narHash": "sha256-neWQ8eNtLTd+YMesb7WjKl1SVCbDyCm46LUgP/g/hdo=", "narHash": "sha256-JH8N5uoqoVA6erV4O40VtKKHsnfmhvMGbxMNDLtim5o=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "90ae324e2c56af10f20549ab72014804a3064c7f", "rev": "304a011325b7ac7b8c9950333cd215a7aa146b0e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -340,11 +373,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720108799, "lastModified": 1721330371,
"narHash": "sha256-AxRkTJlbB8r7aG6gvc7IaLhc2T9TO4/8uqanKRxukBQ=", "narHash": "sha256-aYlHTWylczLt6ERJyg6E66Y/XSCbVL7leVcRuJmVbpI=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprcursor", "repo": "hyprcursor",
"rev": "a5c0d57325c5f0814c39110a70ca19c070ae9486", "rev": "4493a972b48f9c3014befbbf381ed5fff91a65dc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -355,6 +388,7 @@
}, },
"hyprland": { "hyprland": {
"inputs": { "inputs": {
"aquamarine": "aquamarine",
"hyprcursor": "hyprcursor", "hyprcursor": "hyprcursor",
"hyprlang": [ "hyprlang": [
"hyprlang" "hyprlang"
@ -372,11 +406,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720896272, "lastModified": 1721914179,
"narHash": "sha256-8ZiWP+XbyrJ6MOQL0XHiz4OKJNBLnV9avwTesbwMbdc=", "narHash": "sha256-rh6YUcOJ1LEWfwFmx5P74moeqOqgMeYpuFMTs1y30ew=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "Hyprland", "repo": "Hyprland",
"rev": "bc6b0880dda2607a80f000c134f573c970452a0f", "rev": "33a5c8ce325e1657ec5571b57e05c6378706f4cd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -395,11 +429,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1718746314, "lastModified": 1721326555,
"narHash": "sha256-HUklK5u86w2Yh9dOkk4FdsL8eehcOZ95jPhLixGDRQY=", "narHash": "sha256-zCu4R0CSHEactW9JqYki26gy8h9f6rHmSwj4XJmlHgg=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprland-protocols", "repo": "hyprland-protocols",
"rev": "1b61f0093afff20ab44d88ad707aed8bf2215290", "rev": "5a11232266bf1a1f5952d5b179c3f4b2facaaa84",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -419,11 +453,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720381373, "lastModified": 1721324361,
"narHash": "sha256-lyC/EZdHULsaAKVryK11lgHY9u6pXr7qR4irnxNWC7k=", "narHash": "sha256-BiJKO0IIdnSwHQBSrEJlKlFr753urkLE48wtt0UhNG4=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprlang", "repo": "hyprlang",
"rev": "5df0174fd09de4ac5475233d65ffc703e89b82eb", "rev": "adbefbf49664a6c2c8bf36b6487fd31e3eb68086",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -446,11 +480,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720707332, "lastModified": 1721855891,
"narHash": "sha256-OpUjVqJIxuouqUMmOAQI63XEOVk5EYyHwFVWdyrUdC8=", "narHash": "sha256-S70Pif/SaChwtJwV0K4rUh+pU8kyVtzbGtNtsOQ8geo=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprlock", "repo": "hyprlock",
"rev": "b407128caeb551ae808cf8d0fb653a252a271709", "rev": "cf0e975fedcddde897a75c5b6a2a111177b0baad",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -495,11 +529,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720545076, "lastModified": 1721324102,
"narHash": "sha256-Pxacc2uoxI00koXp5+CyNqHOTQlqNlK0rlRHDBHX4+g=", "narHash": "sha256-WAZ0X6yJW1hFG6otkHBfyJDKRpNP5stsRqdEuHrFRpk=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprutils", "repo": "hyprutils",
"rev": "6174a2a25f4e216c0f1d0c4278adc23c476b1d09", "rev": "962582a090bc233c4de9d9897f46794280288989",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -520,11 +554,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1717881334, "lastModified": 1721324102,
"narHash": "sha256-a0inRgJhPL6v9v7RPM/rx1kbXdfe3xJA1c9z0ZkYnh4=", "narHash": "sha256-WAZ0X6yJW1hFG6otkHBfyJDKRpNP5stsRqdEuHrFRpk=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprutils", "repo": "hyprutils",
"rev": "0693f9398ab693d89c9a0aa3b3d062dd61b7a60e", "rev": "962582a090bc233c4de9d9897f46794280288989",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -545,11 +579,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1717881334, "lastModified": 1721324102,
"narHash": "sha256-a0inRgJhPL6v9v7RPM/rx1kbXdfe3xJA1c9z0ZkYnh4=", "narHash": "sha256-WAZ0X6yJW1hFG6otkHBfyJDKRpNP5stsRqdEuHrFRpk=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprutils", "repo": "hyprutils",
"rev": "0693f9398ab693d89c9a0aa3b3d062dd61b7a60e", "rev": "962582a090bc233c4de9d9897f46794280288989",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -570,11 +604,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720215857, "lastModified": 1721324119,
"narHash": "sha256-JPdL+Qul+jEueAn8CARfcWP83eJgwkhMejQYfDvrgvU=", "narHash": "sha256-SOOqIT27/X792+vsLSeFdrNTF+OSRp5qXv6Te+fb2Qg=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprwayland-scanner", "repo": "hyprwayland-scanner",
"rev": "d5fa094ca27e0039be5e94c0a80ae433145af8bb", "rev": "a048a6cb015340bd82f97c1f40a4b595ca85cc30",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -676,11 +710,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720834054, "lastModified": 1721870898,
"narHash": "sha256-gpUgy1XJGw8PZuRQlGwxoriIP+8jgUf2Ho9/g6meQHQ=", "narHash": "sha256-K3U4emkszxLkPW9LOdkV49IB2hnMrGNcpVDbCclZ+as=",
"owner": "Infinidoge", "owner": "Infinidoge",
"repo": "nix-minecraft", "repo": "nix-minecraft",
"rev": "526acd22f4ac06182ad4ec6346f5c6008590dbab", "rev": "7161fd4ca148b330c180714e40c7399afca3f97c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -696,11 +730,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720334033, "lastModified": 1721531260,
"narHash": "sha256-X9pEvvHTVWJphhbUYqXvlLedOndNqGB7rvhSvL2CIgU=", "narHash": "sha256-O72uxk4gYFQDwNkoBioyrR3GK9EReZmexCStBaORMW8=",
"owner": "Mic92", "owner": "Mic92",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "685e40e1348007d2cf76747a201bab43d86b38cb", "rev": "b6db9fd8dc59bb2ccb403f76d16ba8bbc1d5263d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -711,11 +745,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1720737798, "lastModified": 1721911538,
"narHash": "sha256-G/OtEAts7ZUvW5lrGMXSb8HqRp2Jr9I7reBuvCOL54w=", "narHash": "sha256-5OrkPJsiZmNe99C6+KX0qx9sphoVLvldFjuqDYAZ8GQ=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "c5013aa7ce2c7ec90acee5d965d950c8348db751", "rev": "d3c993c851ad40bbab7e08d566138ff72cd8744f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -756,11 +790,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1720768451, "lastModified": 1721743106,
"narHash": "sha256-EYekUHJE2gxeo2pM/zM9Wlqw1Uw2XTJXOSAO79ksc4Y=", "narHash": "sha256-adRZhFpBTnHiK3XIELA3IBaApz70HwCYfv7xNrHjebA=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7e7c39ea35c5cdd002cd4588b03a3fb9ece6fad9", "rev": "dc14ed91132ee3a26255d01d8fd0c1f5bff27b2f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -772,11 +806,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1720908054, "lastModified": 1721925701,
"narHash": "sha256-nRmtu5zaYvzvonEZaQlORbIoZvctVy3P3YraH/ChzG0=", "narHash": "sha256-BAKJ7tpE4Ic+KtY1fOBRkXFfZYEpH3d2elEGnCOmNMs=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "fc076c6c1c848d6f950303f937b26d202b23d4b0", "rev": "f769fc25d19d5521a997686ffd66c08a3d23334f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -795,11 +829,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720896694, "lastModified": 1721724566,
"narHash": "sha256-lKInIpVIrI4YOTwbaN6wwQ+EvhL/iVqKhpxcTj4kBhE=", "narHash": "sha256-6H+OTxXkOrh3P+15bhkQJY7OaBrQVzx4Pz+pCn6rtIg=",
"owner": "pjones", "owner": "pjones",
"repo": "plasma-manager", "repo": "plasma-manager",
"rev": "809d86d6a8a48b6d71b6ece05eeb5e55f554b396", "rev": "b967e042896de0f64513d4596e3d1f3eae445d1c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -951,11 +985,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720479166, "lastModified": 1721688883,
"narHash": "sha256-jqvhLDXzTLTHq9ZviFOpcTmXXmnbLfz7mWhgMNipMN4=", "narHash": "sha256-9jsjsRKtJRqNSTXKj9zuDFRf2PGix30nMx9VKyPgD2U=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "67035a355b1d52d2d238501f8cc1a18706979760", "rev": "aff2f88277dabe695de4773682842c34a0b7fd54",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1074,11 +1108,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720787015, "lastModified": 1721650907,
"narHash": "sha256-U3IqoGmIzBKEJ0ihRQ10GRRtdoDBI6Oxl6aiGbUA59A=", "narHash": "sha256-2VX/zPeLhGTsHpToFH1gfI+oGNS6m7ZUWWaqwmw3HVY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NixOS-WSL", "repo": "NixOS-WSL",
"rev": "371b5076d718f7f637d3959d0203061f06af1263", "rev": "6686cbe947cb8b135e229ad2a3447b88d1cf6da9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1103,11 +1137,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720194466, "lastModified": 1721755049,
"narHash": "sha256-Rizg9efi6ue95zOp0MeIV2ZedNo+5U9G2l6yirgBUnA=", "narHash": "sha256-O17b38bQnmfxv7It3OnVYx7fp1seEdI7xxnw5vJFv30=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland", "repo": "xdg-desktop-portal-hyprland",
"rev": "b9b97e5ba23fe7bd5fa4df54696102e8aa863cf6", "rev": "5555f467f68ce7cdf1060991c24263073b95e9da",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
home/environments/hyprland/hyprland.nix
View file

@ -1,6 +1,4 @@
{ {
config,
lib,
std, std,
pkgs, pkgs,
inputs, inputs,

2
home/environments/hyprland/hyprlock.nix
View file

@ -1,4 +1,4 @@
{pkgs, ...}: { _: {
programs.hyprlock = { programs.hyprlock = {
enable = true; enable = true;
backgrounds = [ backgrounds = [

6
home/environments/hyprland/swaylock.nix
View file

@ -1,8 +1,4 @@
{ {pkgs, ...}: {
config,
pkgs,
...
}: {
programs.swaylock = { programs.swaylock = {
enable = true; enable = true;
package = pkgs.swaylock-effects; package = pkgs.swaylock-effects;

1
home/environments/hyprland/waybar.nix
View file

@ -1,6 +1,5 @@
{ {
kittywitch, kittywitch,
pkgs,
config, config,
lib, lib,
... ...

88
home/environments/kde/kde.nix
View file

@ -1,51 +1,51 @@
{ pkgs, ... }: { {pkgs, ...}: {
home.packages = with pkgs.kdePackages; [ home.packages = with pkgs.kdePackages; [
kscreen kscreen
kwin kwin
pkgs.xwayland pkgs.xwayland
kscreen kscreen
libkscreen libkscreen
kscreenlocker kscreenlocker
kactivitymanagerd kactivitymanagerd
kde-cli-tools kde-cli-tools
kglobalacceld # keyboard shortcut daemon kglobalacceld # keyboard shortcut daemon
kwrited # wall message proxy, not to be confused with kwrite kwrited # wall message proxy, not to be confused with kwrite
baloo # system indexer baloo # system indexer
milou # search engine atop baloo milou # search engine atop baloo
kdegraphics-thumbnailers # pdf etc thumbnailer kdegraphics-thumbnailers # pdf etc thumbnailer
polkit-kde-agent-1 # polkit auth ui polkit-kde-agent-1 # polkit auth ui
plasma-desktop plasma-desktop
plasma-workspace plasma-workspace
drkonqi # crash handler drkonqi # crash handler
kde-inotify-survey # warns the user on low inotifywatch limits kde-inotify-survey # warns the user on low inotifywatch limits
# Application integration # Application integration
libplasma # provides Kirigami platform theme libplasma # provides Kirigami platform theme
plasma-integration # provides Qt platform theme plasma-integration # provides Qt platform theme
kde-gtk-config # syncs KDE settings to GTK kde-gtk-config # syncs KDE settings to GTK
# Artwork + themes # Artwork + themes
breeze breeze
breeze-icons breeze-icons
breeze-gtk breeze-gtk
ocean-sound-theme ocean-sound-theme
plasma-workspace-wallpapers plasma-workspace-wallpapers
pkgs.hicolor-icon-theme # fallback icons pkgs.hicolor-icon-theme # fallback icons
qqc2-breeze-style qqc2-breeze-style
qqc2-desktop-style qqc2-desktop-style
# misc Plasma extras # misc Plasma extras
kdeplasma-addons kdeplasma-addons
pkgs.xdg-user-dirs # recommended upstream pkgs.xdg-user-dirs # recommended upstream
# Plasma utilities # Plasma utilities
kmenuedit kmenuedit
kinfocenter kinfocenter
plasma-systemmonitor plasma-systemmonitor
ksystemstats ksystemstats
libksysguard libksysguard
systemsettings systemsettings
kcmutils kcmutils
]; ];
programs.plasma = { programs.plasma = {
configFile = { configFile = {
@ -64,4 +64,4 @@
"kxkbrc"."Layout"."Options" = "terminate:ctrl_alt_bksp,ctrl:hyper_capscontrol"; "kxkbrc"."Layout"."Options" = "terminate:ctrl_alt_bksp,ctrl:hyper_capscontrol";
}; };
}; };
} }

2
home/environments/xfce/packages.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }: { {pkgs, ...}: {
home.packages = with pkgs; [ home.packages = with pkgs; [
pavucontrol pavucontrol
]; ];

1
home/environments/xfce/xfconf.nix
View file

@ -25,7 +25,6 @@ _: {
"theme" = "Chicago95"; "theme" = "Chicago95";
"notify-location" = "bottom-right"; "notify-location" = "bottom-right";
}; };
}; };
enable = true; enable = true;
}; };

12
home/profiles/common/nix.nix
View file

@ -1,8 +1,8 @@
_: { _: {
# TODO: add the same treatment as the other nix gc script # TODO: add the same treatment as the other nix gc script
nix.gc = { nix.gc = {
automatic = true; automatic = true;
frequency = "weekly"; frequency = "weekly";
persistent = true; persistent = true;
}; };
} }

16
home/profiles/common/sops.nix
View file

@ -1,8 +1,8 @@
{ parent, ... }: { {parent, ...}: {
sops = { sops = {
age.sshKeyPaths = [ age.sshKeyPaths = [
"/home/kat/.ssh/id_ed25519" "/home/kat/.ssh/id_ed25519"
]; ];
defaultSopsFile = parent.sops.defaultSopsFile; inherit (parent.sops) defaultSopsFile;
}; };
} }

2
home/profiles/common/xdg.nix
View file

@ -5,4 +5,4 @@ _: {
enable = true; enable = true;
}; };
}; };
} }

12
home/profiles/graphical/chromium.nix
View file

@ -1,6 +1,6 @@
{ pkgs, ... }: { _: {
# Backup browser! For aliexpress and things. # Backup browser! For aliexpress and things.
home.packages = [ home.packages = [
#pkgs.ungoogled-chromium #pkgs.ungoogled-chromium
]; ];
} }

6
home/profiles/graphical/discord.nix
View file

@ -1,4 +1,8 @@
{ pkgs, lib, ... }: let {
pkgs,
lib,
...
}: let
inherit (lib.generators) toJSON; inherit (lib.generators) toJSON;
in { in {
home.packages = with pkgs; [ home.packages = with pkgs; [

14
home/profiles/graphical/firefox.nix
View file

@ -1,10 +1,4 @@
{ {nur, ...}: {
config,
pkgs,
inputs,
nur,
...
}: {
home.sessionVariables = { home.sessionVariables = {
BROWSER = "firefox"; BROWSER = "firefox";
}; };
@ -154,9 +148,9 @@
"toolkit.legacyUserProfileCustomizations.stylesheets" = true; "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
}; };
userChrome = '' userChrome = ''
#urlbar { #urlbar {
font-family: "Monaspace Krypton", monospace; font-family: "Monaspace Krypton", monospace;
} }
''; '';
}; };
}; };

6
home/profiles/shell/ssh.nix
View file

@ -6,8 +6,10 @@ _: {
hashKnownHosts = true; hashKnownHosts = true;
compression = true; compression = true;
forwardAgent = true; forwardAgent = true;
/*extraConfig = '' /*
extraConfig = ''
RemoteForward /run/user/1000/gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg-agent.extra RemoteForward /run/user/1000/gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg-agent.extra
'';*/ '';
*/
}; };
} }

2
home/profiles/shell/starship.nix
View file

@ -1,4 +1,4 @@
{pkgs, ...}: { _: {
programs.starship = { programs.starship = {
enable = true; enable = true;
enableZshIntegration = true; enableZshIntegration = true;

12
home/user/home.nix
View file

@ -1,7 +1,7 @@
_: { _: {
home = { home = {
homeDirectory = "/home/kat"; homeDirectory = "/home/kat";
stateVersion = "22.11"; stateVersion = "22.11";
username = "kat"; username = "kat";
}; };
} }

50
modules/nixos/mautrix-slack.nix
View file

@ -1,20 +1,20 @@
{ lib {
, config lib,
, pkgs config,
, ... pkgs,
}: ...
let }: let
cfg = config.services.mautrix-slack; cfg = config.services.mautrix-slack;
dataDir = "/var/lib/mautrix-slack"; dataDir = "/var/lib/mautrix-slack";
registrationFile = "${dataDir}/slack-registration.yaml"; registrationFile = "${dataDir}/slack-registration.yaml";
settingsFile = "${dataDir}/config.yaml"; settingsFile = "${dataDir}/config.yaml";
settingsFileUnsubstituted = settingsFormat.generate "mautrix-slack-config-unsubstituted.json" cfg.settings; settingsFileUnsubstituted = settingsFormat.generate "mautrix-slack-config-unsubstituted.json" cfg.settings;
settingsFormat = pkgs.formats.json { }; settingsFormat = pkgs.formats.json {};
appservicePort = 29335; appservicePort = 29335;
# to be used with a list of lib.mkIf values # to be used with a list of lib.mkIf values
optOneOf = lib.lists.findFirst (value: value.condition) (lib.mkIf false null); optOneOf = lib.lists.findFirst (value: value.condition) (lib.mkIf false null);
mkDefaults = lib.mapAttrsRecursive (n: v: lib.mkDefault v); mkDefaults = lib.mapAttrsRecursive (_n: v: lib.mkDefault v);
defaultConfig = { defaultConfig = {
homeserver.address = "http://localhost:8448"; homeserver.address = "http://localhost:8448";
appservice = { appservice = {
@ -35,8 +35,8 @@ let
displayname_template = "{{.RealName}} (S)"; displayname_template = "{{.RealName}} (S)";
bot_displayname_template = "{{.Name}} (bot)"; bot_displayname_template = "{{.Name}} (bot)";
channel_name_template = "#{{.Name}}"; channel_name_template = "#{{.Name}}";
double_puppet_server_map = { }; double_puppet_server_map = {};
login_shared_secret_map = { }; login_shared_secret_map = {};
command_prefix = "!slack"; command_prefix = "!slack";
permissions."*" = "relay"; permissions."*" = "relay";
relay.enabled = true; relay.enabled = true;
@ -50,15 +50,13 @@ let
}; };
}; };
}; };
in {
in
{
options.services.mautrix-slack = { options.services.mautrix-slack = {
enable = lib.mkEnableOption "mautrix-slack, a Matrix-Signal puppeting bridge."; enable = lib.mkEnableOption "mautrix-slack, a Matrix-Signal puppeting bridge.";
settings = lib.mkOption { settings = lib.mkOption {
apply = lib.recursiveUpdate defaultConfig; apply = lib.recursiveUpdate defaultConfig;
type = settingsFormat.type; inherit (settingsFormat) type;
default = defaultConfig; default = defaultConfig;
description = '' description = ''
{file}`config.yaml` configuration as a Nix attribute set. {file}`config.yaml` configuration as a Nix attribute set.
@ -113,7 +111,8 @@ in
serviceDependencies = lib.mkOption { serviceDependencies = lib.mkOption {
type = with lib.types; listOf str; type = with lib.types; listOf str;
default = (lib.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit) default =
(lib.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit)
++ (lib.optional config.services.matrix-conduit.enable "conduit.service"); ++ (lib.optional config.services.matrix-conduit.enable "conduit.service");
defaultText = lib.literalExpression '' defaultText = lib.literalExpression ''
(optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit) (optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit)
@ -138,7 +137,6 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
users.users.mautrix-slack = { users.users.mautrix-slack = {
isSystemUser = true; isSystemUser = true;
group = "mautrix-slack"; group = "mautrix-slack";
@ -146,13 +144,13 @@ in
description = "Mautrix-Signal bridge user"; description = "Mautrix-Signal bridge user";
}; };
users.groups.mautrix-slack = { }; users.groups.mautrix-slack = {};
services.matrix-synapse = lib.mkIf cfg.registerToSynapse { services.matrix-synapse = lib.mkIf cfg.registerToSynapse {
settings.app_service_config_files = [ registrationFile ]; settings.app_service_config_files = [registrationFile];
}; };
systemd.services.matrix-synapse = lib.mkIf cfg.registerToSynapse { systemd.services.matrix-synapse = lib.mkIf cfg.registerToSynapse {
serviceConfig.SupplementaryGroups = [ "mautrix-slack" ]; serviceConfig.SupplementaryGroups = ["mautrix-slack"];
}; };
# Note: this is defined here to avoid the docs depending on `config` # Note: this is defined here to avoid the docs depending on `config`
@ -169,11 +167,11 @@ in
systemd.services.mautrix-slack = { systemd.services.mautrix-slack = {
description = "mautrix-slack, a Matrix-Signal puppeting bridge."; description = "mautrix-slack, a Matrix-Signal puppeting bridge.";
wantedBy = [ "multi-user.target" ]; wantedBy = ["multi-user.target"];
wants = [ "network-online.target" ] ++ cfg.serviceDependencies; wants = ["network-online.target"] ++ cfg.serviceDependencies;
after = [ "network-online.target" ] ++ cfg.serviceDependencies; after = ["network-online.target"] ++ cfg.serviceDependencies;
# ffmpeg is required for conversion of voice messages # ffmpeg is required for conversion of voice messages
path = [ pkgs.ffmpeg-headless ]; path = [pkgs.ffmpeg-headless];
preStart = '' preStart = ''
# substitute the settings file by environment variables # substitute the settings file by environment variables
@ -240,12 +238,12 @@ in
RestrictSUIDSGID = true; RestrictSUIDSGID = true;
SystemCallArchitectures = "native"; SystemCallArchitectures = "native";
SystemCallErrorNumber = "EPERM"; SystemCallErrorNumber = "EPERM";
SystemCallFilter = [ "@system-service" ]; SystemCallFilter = ["@system-service"];
Type = "simple"; Type = "simple";
UMask = 0027; UMask = 0027;
}; };
restartTriggers = [ settingsFileUnsubstituted ]; restartTriggers = [settingsFileUnsubstituted];
}; };
}; };
meta.maintainers = with lib.maintainers; [ kittywitch ]; meta.maintainers = with lib.maintainers; [kittywitch];
} }

2
modules/system/deploy.nix
View file

@ -27,7 +27,7 @@ in {
autoRollback = mkOptionDefault true; autoRollback = mkOptionDefault true;
magicRollback = mkOptionDefault true; magicRollback = mkOptionDefault true;
fastConnection = mkOptionDefault false; fastConnection = mkOptionDefault false;
hostname = mkOptionDefault "${name}.inskip.me"; hostname = mkOptionDefault "${name}.tail0b3cc1.ts.net";
profiles.system = { profiles.system = {
user = "root"; user = "root";
path = inputs.deploy-rs.lib.${config.system}.activate.nixos inputs.self.nixosConfigurations.${name}; path = inputs.deploy-rs.lib.${config.system}.activate.nixos inputs.self.nixosConfigurations.${name};

64
modules/system/host.nix
View file

@ -79,18 +79,18 @@ in {
} }
.${string.toLower config.type}; .${string.toLower config.type};
modules = mkMerge [ modules = mkMerge [
(mkIf (config.folder != "linux") [ (mkIf (config.folder != "linux") [
# per-OS modules # per-OS modules
tree.modules.${config.folder} tree.modules.${config.folder}
# per-OS user definition # per-OS user definition
tree.home.user.${config.folder} tree.home.user.${config.folder}
]) ])
(mkIf (config.folder != "linux" && config.folder != "home") [ (mkIf (config.folder != "linux" && config.folder != "home") [
# per-OS configuration # per-OS configuration
tree.${config.folder}.common tree.${config.folder}.common
# true base module # true base module
tree.common tree.common
]) ])
]; ];
builder = builder =
{ {
@ -107,23 +107,29 @@ in {
} }
// args); // args);
in in
args: let args: let
nixos = sys args; nixos = sys args;
in in
nixos.extendModules { nixos.extendModules {
modules = modules =
nixos.config.scalpels nixos.config.scalpels
++ [ ++ [
inputs.scalpel.nixosModules.scalpel inputs.scalpel.nixosModules.scalpel
]; ];
specialArgs = {prev = nixos;}; specialArgs = {prev = nixos;};
}; };
home = args: let home = args: let
renamedArgs = set.rename "specialArgs" "extraSpecialArgs" args; renamedArgs = set.rename "specialArgs" "extraSpecialArgs" args;
renamedArgsWithPkgs = renamedArgs // { inherit lib; pkgs = pkgs.${args.system}; }; renamedArgsWithPkgs =
attrsToRemove = [ "configuration" "username" "homeDirectory" "stateVersion" "extraModules" "system" ]; renamedArgs
safeArgs = removeAttrs renamedArgsWithPkgs attrsToRemove; // {
in inputs.home-manager.lib.homeManagerConfiguration safeArgs; inherit lib;
pkgs = pkgs.${args.system};
};
attrsToRemove = ["configuration" "username" "homeDirectory" "stateVersion" "extraModules" "system"];
safeArgs = removeAttrs renamedArgsWithPkgs attrsToRemove;
in
inputs.home-manager.lib.homeManagerConfiguration safeArgs;
darwin = inputs.darwin.lib.darwinSystem; darwin = inputs.darwin.lib.darwinSystem;
macos = inputs.darwin.lib.darwinSystem; macos = inputs.darwin.lib.darwinSystem;
} }
@ -145,4 +151,4 @@ in {
system = config; system = config;
}; };
}; };
} }

8
nixos/common/access.nix
View file

@ -13,9 +13,11 @@
config.users.users); config.users.users);
}; };
in { in {
security.pam.sshAgentAuth.enable = true; security = {
security.sudo.enable = true; pam.sshAgentAuth.enable = true;
security.pam.services.sudo.sshAgentAuth = true; sudo.enable = true;
pam.services.sudo.sshAgentAuth = true;
};
users.users = { users.users = {
root = commonUser; root = commonUser;
deploy = deploy =

60
nixos/common/login-notify.nix
View file

@ -1,32 +1,38 @@
{ pkgs, lib, config, ... }: let {
inherit (lib.modules) mkAfter mkDefault; pkgs,
lib,
config,
...
}: let
inherit (lib.modules) mkAfter mkDefault;
in { in {
sops.secrets.sshd-environment = { sops.secrets.sshd-environment = {
sopsFile = ./secrets.yaml; sopsFile = ./secrets.yaml;
}; };
security.pam.services.sshd.text = let security.pam.services.sshd.text = let
notify = pkgs.writeShellScriptBin "notify" '' notify = pkgs.writeShellScriptBin "notify" ''
export $(cat ${config.sops.secrets.sshd-environment.path} | xargs) export $(cat ${config.sops.secrets.sshd-environment.path} | xargs)
if [ "$PAM_USER" = "deploy" ]; then if [ "$PAM_USER" = "deploy" ]; then
if [ "$PAM_TYPE" = "open_session" ]; then if [ "$PAM_TYPE" = "open_session" ]; then
message="''${PAM_RHOST} has opened an SSH session as part of doing a Nix deployment on ${config.networking.hostName}." message="''${PAM_RHOST} has opened an SSH session as part of doing a Nix deployment on ${config.networking.hostName}."
elif [ "$PAM_TYPE" = "close_session" ]; then elif [ "$PAM_TYPE" = "close_session" ]; then
message="''${PAM_RHOST} has closed an SSH session as part of doing a Nix deployment on ${config.networking.hostName}." message="''${PAM_RHOST} has closed an SSH session as part of doing a Nix deployment on ${config.networking.hostName}."
fi fi
else else
if [ "$PAM_TYPE" = "open_session" ]; then if [ "$PAM_TYPE" = "open_session" ]; then
message="''${PAM_RHOST} opened an SSH session with ${config.networking.hostName} as user ''${PAM_USER}." message="''${PAM_RHOST} opened an SSH session with ${config.networking.hostName} as user ''${PAM_USER}."
elif [ "$PAM_TYPE" = "close_session" ]; then elif [ "$PAM_TYPE" = "close_session" ]; then
message="''${PAM_RHOST} closed their SSH session with ${config.networking.hostName} for user ''${PAM_USER}." message="''${PAM_RHOST} closed their SSH session with ${config.networking.hostName} for user ''${PAM_USER}."
fi fi
fi fi
if [ -n "$message" ]; then if [ -n "$message" ]; then
${pkgs.curl}/bin/curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"$message\"}" $DISCORD_WEBHOOK_LINK ${pkgs.curl}/bin/curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"$message\"}" $DISCORD_WEBHOOK_LINK
fi fi
''; '';
in mkDefault (mkAfter '' in
session required pam_exec.so seteuid ${notify}/bin/notify mkDefault (mkAfter ''
''); session required pam_exec.so seteuid ${notify}/bin/notify
} '');
}

7
nixos/common/secrets.yaml
View file

@ -1,4 +1,5 @@
sshd-environment: ENC[AES256_GCM,data:lyzzRDxyNzBgrLthPjdJoXgkniCwLXFZE/GMpLlRzeSvAUN6yc8sFYTmvZiCe/t/33Yr5+BtOhAUI5JzTYJ/kc3Dg4ziB4KbHP4ejPtAb6x2UbEHcN6euPogwXR8lpeO9zJE4gWFOHoYJ4bLa1wuCYgbNkjWDYYHGEoWAMVDU6XYRb3riV21WWIQO/DbC7mAgw==,iv:ZysLG3x0wlxuTYnJrGtrTkjjduMoEOyiWWuC1nRIp4I=,tag:mlNO2yo7JkV2O7A2Da+EjQ==,type:str] sshd-environment: ENC[AES256_GCM,data:lyzzRDxyNzBgrLthPjdJoXgkniCwLXFZE/GMpLlRzeSvAUN6yc8sFYTmvZiCe/t/33Yr5+BtOhAUI5JzTYJ/kc3Dg4ziB4KbHP4ejPtAb6x2UbEHcN6euPogwXR8lpeO9zJE4gWFOHoYJ4bLa1wuCYgbNkjWDYYHGEoWAMVDU6XYRb3riV21WWIQO/DbC7mAgw==,iv:ZysLG3x0wlxuTYnJrGtrTkjjduMoEOyiWWuC1nRIp4I=,tag:mlNO2yo7JkV2O7A2Da+EjQ==,type:str]
tailscale-key: ENC[AES256_GCM,data:FK237Or4qtZGon9tevPh4q568+IUSWxfuG8s2ZNLXWgoa76GoyO+qwCmvXiVibRH1Ljo/LXoNQjb2pYV7w==,iv:UZv+EnlRDOWh86sOFh7ZNryPz1r55u+Dbr/dDL/USjo=,tag:B8DJwPXR/50ARbfyfxPtcw==,type:str]
sops: sops:
shamir_threshold: 1 shamir_threshold: 1
kms: [] kms: []
@ -69,8 +70,8 @@ sops:
N0hTL1A1MVE2MldocTFWZzc1OENobkUKUseg2IGSClvmrq6vlnF1sCgYlUaH4Ke0 N0hTL1A1MVE2MldocTFWZzc1OENobkUKUseg2IGSClvmrq6vlnF1sCgYlUaH4Ke0
sDdpVwg1b5WLwbZFeE/Ro1gRY3s+9iDFrU3Rh95R1KmigpMVYz1ILQ== sDdpVwg1b5WLwbZFeE/Ro1gRY3s+9iDFrU3Rh95R1KmigpMVYz1ILQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-04T21:22:16Z" lastmodified: "2024-08-03T22:14:00Z"
mac: ENC[AES256_GCM,data:5obbMHWEPm7KhJGWXpsKvGI99sJCx8hScIbS2vo3Ua0fvTwML8tkC3gsfLwaZ0D3KGHN6qxyjvP8ajIoxRK2Lj6G2FOWo7gmNzw9ULu+kPj53dqbmy/c3EeZU3WFNaRFXiQx0C80k8YFzPXQAkF/X5NdaRYRL6BFvPRRuq83Uds=,iv:EaeI+Z3e/QZIlU+EIGg+9sDFPtcfnVs8TQvvROOujg4=,tag:+P6U0/+b4nkZNob5fJ6pkg==,type:str] mac: ENC[AES256_GCM,data:ACZ3txmEBIUU73JSsJmDDE7+D5oXdAVNN1Dgypl8tgRIGtMFwRpktmhdXON6jHpaWiZ0DBRuvN97SWUbkPbhyMG6PrKRdQHYLdFAocuNFBpX58xIrAclVUjPEbV5bqBU/zPemxj/5sXbiuX8AYSENiAOYhfCxi8SZbNgU4W6xO8=,iv:G2d9ZRTeaNpDfkB3maZzAHYIRKB6ewwjqUQr7RBrNEM=,tag:7y/0gVUJMmyMoiwiLr8Q1g==,type:str]
pgp: pgp:
- created_at: "2024-07-04T21:21:19Z" - created_at: "2024-07-04T21:21:19Z"
enc: |- enc: |-
@ -93,4 +94,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: CD8CE78CB0B3BDD4 fp: CD8CE78CB0B3BDD4
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.9.0

78
nixos/common/tailscale.nix
View file

@ -1,3 +1,77 @@
_: { {
services.tailscale.enable = true; config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.services.tailscale;
in {
options.services.tailscale = with types; {
advertiseExitNode = mkEnableOption "exit node";
};
config = {
networking.firewall = {
trustedInterfaces = [cfg.interfaceName];
allowedUDPPorts = [cfg.port];
};
systemd.network = {
wait-online.ignoredInterfaces = [cfg.interfaceName];
networks."50-tailscale" = {
networkConfig = {
DNSDefaultRoute = false;
#DNS = "";
};
};
};
services.tailscale.enable = mkDefault true;
sops.secrets.tailscale-key = mkIf cfg.enable {
sopsFile = ./secrets.yaml;
};
systemd.services.tailscale-autoconnect = mkIf cfg.enable rec {
description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale
after = wants ++ wantedBy;
wants = ["network-pre.target"];
wantedBy = ["tailscaled.service"];
# set this service as a oneshot job
serviceConfig = {
Type = "oneshot";
};
# have the job run this shell script
script = let
fixResolved = optionalString config.services.resolved.enable ''
resolvectl revert ${cfg.interfaceName} || true
'';
# https://tailscale.com/kb/1320/performance-best-practices#ethtool-configuration
exitNodeRouting = optionalString cfg.advertiseExitNode ''
netdev=$(${pkgs.iproute2}/bin/ip route show 0/0 | ${pkgs.coreutils}/bin/cut -f5 -d' ' || echo ${config.systemd.network.networks._00-local.name or "eth0"})
${getExe pkgs.ethtool} -K "$netdev" rx-udp-gro-forwarding on rx-gro-list off || true
'';
advertiseExitNode = "--advertise-exit-node" + optionalString (!cfg.advertiseExitNode) "=false";
in
with pkgs; ''
# wait for tailscaled to settle
sleep 5
${fixResolved}
${exitNodeRouting}
# check if we are already authenticated to tailscale
status="$(${getExe tailscale} status -json | ${getExe jq} -r .BackendState)"
if [[ $status = Running ]]; then
# if so, then do nothing
exit 0
fi
# otherwise authenticate with tailscale
${getExe tailscale} up ${advertiseExitNode} -authkey $(cat ${config.sops.secrets.tailscale-key.path})
'';
};
};
} }

6
nixos/environments/hyprland/xdg-portals.nix
View file

@ -1,8 +1,4 @@
{ {pkgs, ...}: {
pkgs,
inputs,
...
}: {
xdg = { xdg = {
portal = { portal = {
enable = true; enable = true;

10
nixos/environments/kde/xserver.nix
View file

@ -3,7 +3,11 @@
xclip xclip
wl-clipboard wl-clipboard
]; ];
services.xserver.enable = true; services = {
services.xserver.displayManager.gdm.enable = true; xserver = {
services.desktopManager.plasma6.enable = true; enable = true;
displayManager.gdm.enable = true;
};
desktopManager.plasma6.enable = true;
};
} }

34
nixos/environments/xfce/xfce.nix
View file

@ -1,18 +1,22 @@
{ pkgs, ... }: { {pkgs, ...}: {
services.gnome.gnome-keyring.enable = true; services = {
services.xserver = { gnome.gnome-keyring.enable = true;
enable = true; xserver = {
libinput.touchpad = { enable = true;
tappingButtonMap = "lrm"; libinput.touchpad = {
clickMethod = "clickfinger"; tappingButtonMap = "lrm";
clickMethod = "clickfinger";
};
desktopManager = {
xterm.enable = false;
xfce.enable = true;
};
displayManager.gdm.enable = true;
displayManager.defaultSession = "xfce";
xkbOptions = "ctrl:nocaps";
}; };
desktopManager = {
xterm.enable = false; colord.enable = true;
xfce.enable = true;
};
displayManager.gdm.enable = true;
displayManager.defaultSession = "xfce";
xkbOptions = "ctrl:nocaps";
}; };
programs.xfconf.enable = true; programs.xfconf.enable = true;
@ -21,6 +25,4 @@
xfce.xfce4-whiskermenu-plugin xfce.xfce4-whiskermenu-plugin
xclip xclip
]; ];
services.colord.enable = true;
} }

40
nixos/hardware/oracle_flex.nix
View file

@ -1,22 +1,32 @@
{ modulesPath, ... }: { {modulesPath, ...}: {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; imports = [(modulesPath + "/profiles/qemu-guest.nix")];
boot.supportedFilesystems = [ "xfs" ];
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true; zramSwap.enable = true;
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ]; fileSystems = {
boot.initrd.kernelModules = [ "nvme" ]; "/boot" = {
fileSystems."/boot" = { device = "/dev/disk/by-uuid/92B6-AAE1"; fsType = "vfat"; }; device = "/dev/disk/by-uuid/92B6-AAE1";
fileSystems."/" = { device = "/dev/sda3"; fsType = "xfs"; }; fsType = "vfat";
swapDevices = [ { device = "/dev/sda2"; } ]; };
"/" = {
device = "/dev/sda3";
fsType = "xfs";
};
};
swapDevices = [{device = "/dev/sda2";}];
boot = { boot = {
supportedFilesystems = ["xfs"];
tmp.cleanOnBoot = true;
initrd = {
availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];
kernelModules = ["nvme"];
};
loader = { loader = {
grub = { grub = {
efiSupport = true; efiSupport = true;
efiInstallAsRemovable = true; efiInstallAsRemovable = true;
device = "nodev"; device = "nodev";
configurationLimit = 1; configurationLimit = 1;
}; };
systemd-boot.configurationLimit = 1; systemd-boot.configurationLimit = 1;
}; };
}; };
} }

37
nixos/hardware/oracle_micro.nix
View file

@ -1,21 +1,30 @@
{ modulesPath, ... }: { {modulesPath, ...}: {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; imports = [(modulesPath + "/profiles/qemu-guest.nix")];
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true; zramSwap.enable = true;
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/boot" = { device = "/dev/disk/by-uuid/1F52-C11D"; fsType = "vfat"; };
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
boot = { boot = {
tmp.cleanOnBoot = true;
loader = { loader = {
grub = { grub = {
efiSupport = true; efiSupport = true;
efiInstallAsRemovable = true; efiInstallAsRemovable = true;
device = "nodev"; device = "nodev";
configurationLimit = 1; configurationLimit = 1;
}; };
systemd-boot.configurationLimit = 1; systemd-boot.configurationLimit = 1;
initrd = {
availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
kernelModules = ["nvme"];
};
};
fileSystems = {
"/boot" = {
device = "/dev/disk/by-uuid/1F52-C11D";
fsType = "vfat";
};
"/" = {
device = "/dev/sda1";
fsType = "ext4";
};
}; };
}; };
} }

2
nixos/profiles/bootable/grub.nix
View file

@ -5,7 +5,7 @@
}: let }: let
inherit (lib.modules) mkIf; inherit (lib.modules) mkIf;
in { in {
boot.loader = mkIf (config.boot.loader.grub.enable) { boot.loader = mkIf config.boot.loader.grub.enable {
timeout = null; timeout = null;
grub = { grub = {
useOSProber = true; useOSProber = true;

22
nixos/profiles/gaming/lutris.nix
View file

@ -1,16 +1,16 @@
{pkgs, ...}: { {pkgs, ...}: {
hardware.opengl = { hardware.graphics = {
driSupport32Bit = true; enable32Bit = true;
extraPackages = with pkgs; [
rocm-opencl-icd
rocm-opencl-runtime
amdvlk
];
extraPackages32 = with pkgs; [
driversi686Linux.amdvlk
driversi686Linux.mesa
];
}; };
hardware.opengl.extraPackages = with pkgs; [
rocm-opencl-icd
rocm-opencl-runtime
amdvlk
];
hardware.opengl.extraPackages32 = with pkgs; [
driversi686Linux.amdvlk
driversi686Linux.mesa
];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
(lutris.override { (lutris.override {
extraPkgs = pkgs: [ extraPkgs = pkgs: [

2
nixos/profiles/gaming/minecraft.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }: { {pkgs, ...}: {
programs.java = { programs.java = {
enable = true; enable = true;
}; };

2
nixos/profiles/graphical/avahi.nix
View file

@ -1,4 +1,4 @@
{pkgs, ...}: { _: {
services.avahi = { services.avahi = {
nssmdns4 = true; nssmdns4 = true;
enable = true; enable = true;

3
nixos/profiles/graphical/packages.nix
View file

@ -8,6 +8,9 @@
dnsutils dnsutils
usbutils usbutils
plexamp plexamp
prusa-slicer
super-slicer-beta
chromium
inputs.konawall-py.packages.${pkgs.system}.konawall-py inputs.konawall-py.packages.${pkgs.system}.konawall-py
]; ];
services.udev.packages = [ services.udev.packages = [

58
nixos/profiles/graphical/restic.nix
View file

@ -1,30 +1,30 @@
{ config, ... }: { {config, ...}: {
sops.secrets.restic-password-file = { sops.secrets.restic-password-file = {
sopsFile = ./restic.yaml; sopsFile = ./restic.yaml;
};
services.restic.backups = {
${config.networking.hostName} = {
paths = [
"/home/kat/Documents"
"/home/kat/Pictures"
];
exclude = [
];
extraOptions = [
"sftp.command='ssh u401227@u401227.your-storagebox.de -i /home/kat/.ssh/id_ed25519 -s sftp'"
];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 2"
"--keep-monthly 6"
];
initialize = true;
passwordFile = config.sops.secrets.restic-password-file.path;
repository = "sftp:u401227@u401227.your-storagebox.de:/restic/koishi";
timerConfig = {
OnCalendar = "00:05";
RandomizedDelaySec = "5h";
};
}; };
services.restic.backups = { };
${config.networking.hostName} = { }
paths = [
"/home/kat/Documents"
"/home/kat/Pictures"
];
exclude = [
];
extraOptions = [
"sftp.command='ssh u401227@u401227.your-storagebox.de -i /home/kat/.ssh/id_ed25519 -s sftp'"
];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 2"
"--keep-monthly 6"
];
initialize = true;
passwordFile = config.sops.secrets.restic-password-file.path;
repository = "sftp:u401227@u401227.your-storagebox.de:/restic/koishi";
timerConfig = {
OnCalendar = "00:05";
RandomizedDelaySec = "5h";
};
};
};
}

6
nixos/profiles/graphical/sound.nix
View file

@ -1,12 +1,6 @@
{pkgs, ...}: { {pkgs, ...}: {
environment.systemPackages = with pkgs; [pulsemixer]; environment.systemPackages = with pkgs; [pulsemixer];
sound = {
enable = true;
extraConfig = ''
defaults.pcm.rate_converter "speexrate_best"
'';
};
hardware.pulseaudio.enable = false; hardware.pulseaudio.enable = false;
security.rtkit.enable = true; security.rtkit.enable = true;

6
nixos/profiles/secureboot.nix
View file

@ -1,4 +1,8 @@
{pkgs, lib, ...}: let {
pkgs,
lib,
...
}: let
inherit (lib.modules) mkForce; inherit (lib.modules) mkForce;
in { in {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

134
nixos/profiles/server/nix.nix
View file

@ -1,67 +1,73 @@
{ config, lib, pkgs, ... }: let {
inherit (lib.modules) mkForce; config,
lib,
pkgs,
...
}: let
inherit (lib.modules) mkForce;
in { in {
nix.gc = { nix.gc = {
automatic = true; automatic = true;
dates = "weekly"; dates = "weekly";
}; };
sops.secrets.nix-gc-environment = { sops.secrets.nix-gc-environment = {
sopsFile = ./secrets.yaml; sopsFile = ./secrets.yaml;
}; };
systemd.services.nix-gc = { systemd.services.nix-gc = {
script = let script = let
cfg = config.nix.gc; cfg = config.nix.gc;
in mkForce '' in
#!/usr/bin/env bash mkForce ''
set -euo pipefail #!/usr/bin/env bash
set -euo pipefail
# Helper functions
send_discord_message() { # Helper functions
local message="$1" send_discord_message() {
local escaped_message=$(printf '%s' "$message" | ${pkgs.jq}/bin/jq -R -s '.') local message="$1"
${pkgs.curl}/bin/curl -s -H "Accept: application/json" -H "Content-Type: application/json" \ local escaped_message=$(printf '%s' "$message" | ${pkgs.jq}/bin/jq -R -s '.')
-X POST --data "{\"content\": $escaped_message}" "$DISCORD_WEBHOOK_LINK" ${pkgs.curl}/bin/curl -s -H "Accept: application/json" -H "Content-Type: application/json" \
} -X POST --data "{\"content\": $escaped_message}" "$DISCORD_WEBHOOK_LINK"
}
get_filesystem_usage() {
${pkgs.coreutils}/bin/df -h / | ${pkgs.gawk}/bin/awk 'NR==2 {print $5 " (" $3 ")"}' | tr -d '\n' get_filesystem_usage() {
} ${pkgs.coreutils}/bin/df -h / | ${pkgs.gawk}/bin/awk 'NR==2 {print $5 " (" $3 ")"}' | tr -d '\n'
}
calculate_ratio() {
local before="$1" calculate_ratio() {
local after="$2" local before="$1"
${pkgs.gawk}/bin/awk "BEGIN {printf \"%.2f\", ($after / $before) * 100}" local after="$2"
} ${pkgs.gawk}/bin/awk "BEGIN {printf \"%.2f\", ($after / $before) * 100}"
}
# Initial filesystem usage
FS_BEFORE_USAGE=$(get_filesystem_usage) # Initial filesystem usage
FS_BEFORE_USAGE=$(get_filesystem_usage)
send_discord_message "Beginning nix garbage collection on ${config.networking.hostName} - Filesystem usage before: $FS_BEFORE_USAGE"
send_discord_message "Beginning nix garbage collection on ${config.networking.hostName} - Filesystem usage before: $FS_BEFORE_USAGE"
# Perform garbage collection
OUTPUT=$(${config.nix.package.out}/bin/nix-collect-garbage ${cfg.options}) # Perform garbage collection
OUTPUT=$(${config.nix.package.out}/bin/nix-collect-garbage ${cfg.options})
# Get filesystem usage after garbage collection
FS_AFTER_USAGE=$(get_filesystem_usage) # Get filesystem usage after garbage collection
FS_AFTER_USAGE=$(get_filesystem_usage)
# Extract numeric values for calculation (assuming format like "75% (15G)")
BEFORE_PERCENT=$(echo $FS_BEFORE_USAGE | ${pkgs.coreutils}/bin/cut -d'%' -f1) # Extract numeric values for calculation (assuming format like "75% (15G)")
AFTER_PERCENT=$(echo $FS_AFTER_USAGE | ${pkgs.coreutils}/bin/cut -d'%' -f1) BEFORE_PERCENT=$(echo $FS_BEFORE_USAGE | ${pkgs.coreutils}/bin/cut -d'%' -f1)
AFTER_PERCENT=$(echo $FS_AFTER_USAGE | ${pkgs.coreutils}/bin/cut -d'%' -f1)
# Calculate ratio
RATIO=$(calculate_ratio $BEFORE_PERCENT $AFTER_PERCENT) # Calculate ratio
RATIO=$(calculate_ratio $BEFORE_PERCENT $AFTER_PERCENT)
send_discord_message "Finished nix garbage collection on ${config.networking.hostName} - Filesystem usage: $FS_BEFORE_USAGE -> $FS_AFTER_USAGE ($RATIO%)"
send_discord_message "Finished nix garbage collection on ${config.networking.hostName} - Filesystem usage: $FS_BEFORE_USAGE -> $FS_AFTER_USAGE ($RATIO%)"
# Send the output of nix-collect-garbage
send_discord_message "$OUTPUT" # Send the output of nix-collect-garbage
''; send_discord_message "$OUTPUT"
'';
serviceConfig = {
EnvironmentFile = config.sops.secrets.nix-gc-environment.path; serviceConfig = {
Type = "oneshot"; EnvironmentFile = config.sops.secrets.nix-gc-environment.path;
}; Type = "oneshot";
}; };
};
} }

29
nixos/profiles/virtualisation/virt-manager.nix Normal file
View file

@ -0,0 +1,29 @@
{pkgs, ...}: {
users.users.kat.extraGroups = ["libvirtd"];
environment.systemPackages = with pkgs; [
virt-viewer
spice
spice-gtk
spice-protocol
win-virtio
win-spice
adwaita-icon-theme
];
services.spice-vdagentd.enable = true;
programs.virt-manager.enable = true;
virtualisation = {
libvirtd = {
enable = true;
qemu = {
swtpm.enable = true;
ovmf.enable = true;
ovmf.packages = [pkgs.OVMFFull.fd];
};
};
spiceUSBRedirection.enable = true;
};
}

47
nixos/servers/matrix/cleanup.nix
View file

@ -1,24 +1,27 @@
{ config, pkgs, ... }: { {
sops.secrets.synapse-cleanup-environment = { config,
sopsFile = ./secrets.yaml; pkgs,
...
}: {
sops.secrets.synapse-cleanup-environment = {
sopsFile = ./secrets.yaml;
};
systemd = {
services.synapse-cleanup = {
serviceConfig = {
Type = "oneshot";
User = "root";
EnvironmentFile = config.sops.secrets.synapse-cleanup-environment.path;
ExecStart = "${pkgs.synapse-cleanup}/bin/synapse-cleanup";
};
}; };
systemd = { timers.synapse-cleanup = {
services.synapse-cleanup = { timerConfig = {
serviceConfig = { OnCalendar = "weekly";
Type = "oneshot"; Persistent = true;
User = "root"; Unit = "synapse-cleanup.service";
EnvironmentFile = config.sops.secrets.synapse-cleanup-environment.path; };
ExecStart = "${pkgs.synapse-cleanup}/bin/synapse-cleanup"; wantedBy = ["timers.target"];
};
};
timers.synapse-cleanup = {
timerConfig = {
OnCalendar = "weekly";
Persistent = true;
Unit = "synapse-cleanup.service";
};
wantedBy =
[ "timers.target" ];
};
}; };
} };
}

2
nixos/servers/matrix/discord.nix
View file

@ -1,6 +1,6 @@
{config, ...}: { {config, ...}: {
services.mx-puppet-discord = { services.mx-puppet-discord = {
enable = config.services.matrix-synapse.enable; inherit (config.services.matrix-synapse) enable;
settings = { settings = {
bridge = { bridge = {
bindAddress = "localhost"; bindAddress = "localhost";

28
nixos/servers/matrix/signal.nix
View file

@ -3,7 +3,7 @@
sopsFile = ./signal.yaml; sopsFile = ./signal.yaml;
}; };
services.mautrix-signal = { services.mautrix-signal = {
enable = config.services.matrix-synapse.enable; inherit (config.services.matrix-synapse) enable;
environmentFile = config.sops.secrets.mautrix-signal-environment.path; environmentFile = config.sops.secrets.mautrix-signal-environment.path;
settings = { settings = {
homeserver = { homeserver = {
@ -13,24 +13,24 @@
}; };
appservice = { appservice = {
port = 9048; port = 9048;
ephemeral_events = false; ephemeral_events = false;
}; };
signal = { signal = {
}; };
bridge = { bridge = {
history_sync = { history_sync = {
request_full_sync = true; request_full_sync = true;
};
private_chat_portal_meta = true;
mute_bridging = true;
encryption = {
allow = true;
default = true;
require = true;
};
provisioning = {
shared_secret = "disable";
}; };
private_chat_portal_meta = true;
mute_bridging = true;
encryption = {
allow = true;
default = true;
require = true;
};
provisioning = {
shared_secret = "disable";
};
permissions = { permissions = {
"kittywit.ch" = "full"; "kittywit.ch" = "full";
"@kat:kittywit.ch" = "admin"; "@kat:kittywit.ch" = "admin";
@ -39,4 +39,4 @@
}; };
}; };
}; };
} }

26
nixos/servers/matrix/slack.nix
View file

@ -3,7 +3,7 @@
sopsFile = ./slack.yaml; sopsFile = ./slack.yaml;
}; };
services.mautrix-slack = { services.mautrix-slack = {
enable = config.services.matrix-synapse.enable; inherit (config.services.matrix-synapse) enable;
environmentFile = config.sops.secrets.mautrix-slack-environment.path; environmentFile = config.sops.secrets.mautrix-slack-environment.path;
settings = { settings = {
homeserver = { homeserver = {
@ -12,24 +12,24 @@
software = "standard"; software = "standard";
}; };
appservice = { appservice = {
ephemeral_events = false; ephemeral_events = false;
}; };
slack = { slack = {
}; };
bridge = { bridge = {
history_sync = { history_sync = {
request_full_sync = true; request_full_sync = true;
};
private_chat_portal_meta = true;
mute_bridging = true;
encryption = {
allow = true;
default = true;
require = true;
};
provisioning = {
shared_secret = "disable";
}; };
private_chat_portal_meta = true;
mute_bridging = true;
encryption = {
allow = true;
default = true;
require = true;
};
provisioning = {
shared_secret = "disable";
};
permissions = { permissions = {
"kittywit.ch" = "full"; "kittywit.ch" = "full";
"@kat:kittywit.ch" = "admin"; "@kat:kittywit.ch" = "admin";

2
nixos/servers/matrix/telegram.nix
View file

@ -3,7 +3,7 @@
sopsFile = ./telegram.yaml; sopsFile = ./telegram.yaml;
}; };
services.mautrix-telegram = { services.mautrix-telegram = {
enable = config.services.matrix-synapse.enable; inherit (config.services.matrix-synapse) enable;
environmentFile = config.sops.secrets.mautrix-telegram-environment.path; environmentFile = config.sops.secrets.mautrix-telegram-environment.path;
settings = { settings = {
homeserver = { homeserver = {

12
nixos/servers/matrix/whatsapp.nix
View file

@ -3,7 +3,7 @@
sopsFile = ./whatsapp.yaml; sopsFile = ./whatsapp.yaml;
}; };
services.mautrix-whatsapp = { services.mautrix-whatsapp = {
enable = config.services.matrix-synapse.enable; inherit (config.services.matrix-synapse) enable;
environmentFile = config.sops.secrets.mautrix-whatsapp-environment.path; environmentFile = config.sops.secrets.mautrix-whatsapp-environment.path;
settings = { settings = {
homeserver = { homeserver = {
@ -17,11 +17,11 @@
whatsapp = { whatsapp = {
}; };
bridge = { bridge = {
encryption = { encryption = {
allow = true; allow = true;
default = true; default = true;
require = true; require = true;
}; };
permissions = { permissions = {
"kittywit.ch" = "full"; "kittywit.ch" = "full";
"@whatsapp:kittywit.ch" = "admin"; "@whatsapp:kittywit.ch" = "admin";

4
nixos/servers/monica/monica.nix
View file

@ -1,8 +1,8 @@
{ config, ... }: { {config, ...}: {
sops.secrets.monica_appkey = { sops.secrets.monica_appkey = {
sopsFile = ./secrets.yaml; sopsFile = ./secrets.yaml;
owner = config.services.monica.user; owner = config.services.monica.user;
group = config.services.monica.group; inherit (config.services.monica) group;
}; };
services.monica = { services.monica = {
enable = true; enable = true;

6
nixos/servers/rustdesk.nix Normal file
View file

@ -0,0 +1,6 @@
_: {
services.rustdesk-server = {
enable = true;
relayIP = "100.89.32.57";
};
}

2
nixos/servers/tt-rss/nginx.nix
View file

@ -5,4 +5,4 @@ _: {
forceSSL = true; forceSSL = true;
}; };
}; };
} }

38
nixos/servers/tt-rss/service.nix
View file

@ -1,20 +1,20 @@
{ pkgs, ... }: { _: {
services.tt-rss = { services.tt-rss = {
enable = true; enable = true;
virtualHost = "rss.kittywit.ch"; virtualHost = "rss.kittywit.ch";
selfUrlPath = "https://rss.kittywit.ch"; selfUrlPath = "https://rss.kittywit.ch";
database = { database = {
type = "pgsql"; type = "pgsql";
host = null; host = null;
name = "tt_rss"; name = "tt_rss";
createLocally = false; createLocally = false;
};
plugins = [
"auth_internal"
"auth_ldap"
"note"
"updater"
"api_feedreader"
];
}; };
} plugins = [
"auth_internal"
"auth_ldap"
"note"
"updater"
"api_feedreader"
];
};
}

30
nixos/servers/weechat/buflist.nix
View file

@ -1,17 +1,17 @@
{ config, ... }: { {config, ...}: {
home-manager.users.kat.programs.weechat.config.buflist = { home-manager.users.kat.programs.weechat.config.buflist = {
format = with config.base16.defaultScheme.map.ansiStr; { format = with config.base16.defaultScheme.map.ansiStr; {
indent = " "; # default " " indent = " "; # default " "
buffer_current = "\${color:,${base02}}\${format_buffer}"; buffer_current = "\${color:,${base02}}\${format_buffer}";
hotlist = " \${color:${base0D}}(\${hotlist}\${color:${base0D}})"; hotlist = " \${color:${base0D}}(\${hotlist}\${color:${base0D}})";
hotlist_highlight = "\${color:${base0E}}"; hotlist_highlight = "\${color:${base0E}}";
hotlist_low = "\${color:${base03}}"; hotlist_low = "\${color:${base03}}";
hotlist_message = "\${color:${base08}}"; hotlist_message = "\${color:${base08}}";
hotlist_none = "\${color:${base05}}"; hotlist_none = "\${color:${base05}}";
hotlist_private = "\${color:${base09}}"; hotlist_private = "\${color:${base09}}";
hotlist_separator = "\${color:${base04}},"; hotlist_separator = "\${color:${base04}},";
number = "\${color:${base09}}\${number}\${if:\${number_displayed}?.: }"; number = "\${color:${base09}}\${number}\${if:\${number_displayed}?.: }";
};
look.use_items = 4;
}; };
look.use_items = 4;
};
} }

88
nixos/servers/weechat/init.nix
View file

@ -1,46 +1,46 @@
{ config, pkgs, lib, ... }: let {lib, ...}: let
inherit (lib.modules) mkMerge mkBefore mkAfter; inherit (lib.modules) mkMerge mkBefore mkAfter;
in { in {
home-manager.users.kat = { config, ... }: { home-manager.users.kat = {config, ...}: {
sops.secrets = let sops.secrets = let
common = { common = {
sopsFile = ./secrets.yaml; sopsFile = ./secrets.yaml;
}; };
in { in {
weechat-secret = common; weechat-secret = common;
liberachat-cert = common; liberachat-cert = common;
espernet-cert = common; espernet-cert = common;
softnet-cert = common; softnet-cert = common;
};
programs.weechat = {
init = mkMerge [
(mkBefore ''
/matrix server add kittywitch yukari.gensokyo.zone
/matrix server add kittywitch-discord yukari.gensokyo.zone
/matrix server add kittywitch-telegram yukari.gensokyo.zone
/matrix server add kittywitch-whatsapp yukari.gensokyo.zone
/matrix server add kittywitch-signal yukari.gensokyo.zone
/matrix server add kittywitch-slack yukari.gensokyo.zone
/exec -sh -norc -oc cat ${config.sops.secrets.weechat-secret.path}
/set irc.server.liberachat.tls_cert ${config.sops.secrets.liberachat-cert.path}
/set irc.server.espernet.tls_cert ${config.sops.secrets.espernet-cert.path}
/set irc.server.softnet.tls_cert ${config.sops.secrets.softnet-cert.path}
/key bind meta-g /go
/key bind meta-v /input jump_last_buffer_displayed
/key bind meta-c /buffer close
/key bind meta-n /bar toggle nicklist
/key bind meta-b /bar toggle buflist
/relay add weechat 9000
'')
(mkAfter ''
/matrix connect kittywitch
/matrix connect kittywitch-discord
/matrix connect kittywitch-telegram
/matrix connect kittywitch-whatsapp
/matrix connect kittywitch-signal
'')
];
};
}; };
}
programs.weechat = {
init = mkMerge [
(mkBefore ''
/matrix server add kittywitch yukari.gensokyo.zone
/matrix server add kittywitch-discord yukari.gensokyo.zone
/matrix server add kittywitch-telegram yukari.gensokyo.zone
/matrix server add kittywitch-whatsapp yukari.gensokyo.zone
/matrix server add kittywitch-signal yukari.gensokyo.zone
/matrix server add kittywitch-slack yukari.gensokyo.zone
/exec -sh -norc -oc cat ${config.sops.secrets.weechat-secret.path}
/set irc.server.liberachat.tls_cert ${config.sops.secrets.liberachat-cert.path}
/set irc.server.espernet.tls_cert ${config.sops.secrets.espernet-cert.path}
/set irc.server.softnet.tls_cert ${config.sops.secrets.softnet-cert.path}
/key bind meta-g /go
/key bind meta-v /input jump_last_buffer_displayed
/key bind meta-c /buffer close
/key bind meta-n /bar toggle nicklist
/key bind meta-b /bar toggle buflist
/relay add weechat 9000
'')
(mkAfter ''
/matrix connect kittywitch
/matrix connect kittywitch-discord
/matrix connect kittywitch-telegram
/matrix connect kittywitch-whatsapp
/matrix connect kittywitch-signal
'')
];
};
};
}

10
nixos/servers/weechat/irc.nix
View file

@ -1,8 +1,8 @@
_: { _: {
home-manager.users.kat.programs.weechat.config.irc = { home-manager.users.kat.programs.weechat.config.irc = {
look = { look = {
server_buffer = "independent"; server_buffer = "independent";
color_nicks_in_nicklist = true; color_nicks_in_nicklist = true;
};
}; };
};
} }

44
nixos/servers/weechat/matrix.nix
View file

@ -1,24 +1,24 @@
{ pkgs, ... }: { {pkgs, ...}: {
home-manager.users.kat.programs.weechat = { home-manager.users.kat.programs.weechat = {
scripts = with pkgs.weechatScripts; [ scripts = with pkgs.weechatScripts; [
weechat-matrix weechat-matrix
]; ];
plugins = { plugins = {
python = { python = {
packages = [ "weechat-matrix" ]; packages = ["weechat-matrix"];
}; };
};
config.matrix = {
network = {
max_backlog_sync_events = 30;
lazy_load_room_users = true;
autoreconnect_delay_max = 5;
lag_min-show = 1000;
};
look = {
server_buffer = "independent";
redactions = "notice";
};
};
}; };
config.matrix = {
network = {
max_backlog_sync_events = 30;
lazy_load_room_users = true;
autoreconnect_delay_max = 5;
lag_min-show = 1000;
};
look = {
server_buffer = "independent";
redactions = "notice";
};
};
};
} }

6
nixos/servers/weechat/nginx.nix
View file

@ -1,13 +1,13 @@
{ pkgs, ... }: { {pkgs, ...}: {
services.nginx.virtualHosts."irc.kittywit.ch" = { services.nginx.virtualHosts."irc.kittywit.ch" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations = { locations = {
"/" = { root = pkgs.glowing-bear; }; "/" = {root = pkgs.glowing-bear;};
"^~ /weechat" = { "^~ /weechat" = {
proxyPass = "http://127.0.0.1:9000"; proxyPass = "http://127.0.0.1:9000";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
}; };
} }

48
nixos/servers/weechat/perl.nix
View file

@ -1,25 +1,25 @@
{ pkgs, lib, ... }: { {pkgs, ...}: {
home-manager.users.kat.programs.weechat = { home-manager.users.kat.programs.weechat = {
plugins = { plugins = {
perl = { perl = {
enable = true; enable = true;
}; };
};
scripts = with pkgs.weechatScripts; [
highmon
parse_relayed_msg
];
config.plugins.var.perl = {
highmon = {
short_names = "on";
output = "buffer";
merge_private = "on";
alignment = "nchannel,nick";
};
parse_relayed_msg = {
servername = "espernet";
supported_bot_names = "cord";
};
};
}; };
} scripts = with pkgs.weechatScripts; [
highmon
parse_relayed_msg
];
config.plugins.var.perl = {
highmon = {
short_names = "on";
output = "buffer";
merge_private = "on";
alignment = "nchannel,nick";
};
parse_relayed_msg = {
servername = "espernet";
supported_bot_names = "cord";
};
};
};
}

143
nixos/servers/weechat/python.nix
View file

@ -1,70 +1,77 @@
{ config, pkgs, std, inputs, lib, ... }: let {
inherit (builtins) toJSON; config,
inherit (std) list set; pkgs,
std,
inputs,
lib,
...
}: let
inherit (builtins) toJSON;
inherit (std) list set;
in { in {
home-manager.users.kat.programs.weechat = { home-manager.users.kat.programs.weechat = {
plugins = { plugins = {
python = { python = {
enable = true; enable = true;
}; };
};
scripts = with pkgs.weechatScripts; [
colorize_nicks
title
weechat-go
weechat-notify-send
vimode-develop
auto_away
weechat-autosort
urlgrab
unread_buffer
];
config.plugins.var = with set.map (_: v: "colour${builtins.toString (list.unsafeHead v)}") inputs.base16.lib.base16.shell.mapping256; {
python = {
vimode = {
copy_clipboard_cmd = "wl-copy";
paste_clipboard_cmd = "wl-paste --no-newline";
imap_esc_timeout = "100";
search_vim = true;
user_mappings = toJSON {
"," = "/buffer #{1}<CR>";
"``" = "/input jump_last_buffer_displayed<CR>";
"`n" = "/input jump_smart<CR>";
"k" = "/input history_previous<CR>";
"j" = "/input history_next<CR>";
"p" = "a/input clipboard_paste<ICMD><ESC>";
"P" = "/input clipboard_paste<CR>";
#"u" = "/input undo<CR>";
#"\\x01R" = "/input redo<CR>";
"\\x01K" = "/buffer move -1<CR>";
"\\x01J" = "/buffer move +1<CR>";
};
user_mappings_noremap = toJSON {
"\\x01P" = "p";
"/" = "i/";
};
user_search_mapping = "?";
mode_indicator_cmd_color_bg = base01;
mode_indicator_cmd_color = base04;
mode_indicator_insert_color_bg = base01;
mode_indicator_insert_color = base04;
mode_indicator_normal_color_bg = base01;
mode_indicator_normal_color = base04;
mode_indicator_replace_color_bg = base01;
mode_indicator_replace_color = base0E;
mode_indicator_search_color_bg = base0E;
mode_indicator_search_color = base04;
no_warn = true;
};
title = {
title_prefix = "weechat - ";
show_hotlist = true;
current_buffer_suffix = " [";
title_suffix = " ]";
};
notify_send.icon = "";
go.short_name = true;
};
};
}; };
} scripts = with pkgs.weechatScripts; [
colorize_nicks
title
weechat-go
weechat-notify-send
vimode-develop
auto_away
weechat-autosort
urlgrab
unread_buffer
];
config.plugins.var = with set.map (_: v: "colour${builtins.toString (list.unsafeHead v)}") inputs.base16.lib.base16.shell.mapping256; {
python = {
vimode = {
copy_clipboard_cmd = "wl-copy";
paste_clipboard_cmd = "wl-paste --no-newline";
imap_esc_timeout = "100";
search_vim = true;
user_mappings = toJSON {
"," = "/buffer #{1}<CR>";
"``" = "/input jump_last_buffer_displayed<CR>";
"`n" = "/input jump_smart<CR>";
"k" = "/input history_previous<CR>";
"j" = "/input history_next<CR>";
"p" = "a/input clipboard_paste<ICMD><ESC>";
"P" = "/input clipboard_paste<CR>";
#"u" = "/input undo<CR>";
#"\\x01R" = "/input redo<CR>";
"\\x01K" = "/buffer move -1<CR>";
"\\x01J" = "/buffer move +1<CR>";
};
user_mappings_noremap = toJSON {
"\\x01P" = "p";
"/" = "i/";
};
user_search_mapping = "?";
mode_indicator_cmd_color_bg = base01;
mode_indicator_cmd_color = base04;
mode_indicator_insert_color_bg = base01;
mode_indicator_insert_color = base04;
mode_indicator_normal_color_bg = base01;
mode_indicator_normal_color = base04;
mode_indicator_replace_color_bg = base01;
mode_indicator_replace_color = base0E;
mode_indicator_search_color_bg = base0E;
mode_indicator_search_color = base04;
no_warn = true;
};
title = {
title_prefix = "weechat - ";
show_hotlist = true;
current_buffer_suffix = " [";
title_suffix = " ]";
};
notify_send.icon = "";
go.short_name = true;
};
};
};
}

4
nixos/servers/weechat/urlgrab.nix
View file

@ -1,3 +1,3 @@
{ pkgs, ... }: { {pkgs, ...}: {
home-manager.users.kat.programs.weechat.config.matrix.urlgrab.default.copycmd = "${pkgs.xclip}/bin/xclip -sel clipboard"; home-manager.users.kat.programs.weechat.config.matrix.urlgrab.default.copycmd = "${pkgs.xclip}/bin/xclip -sel clipboard";
} }

108
nixos/servers/weechat/weechat.nix
View file

@ -1,56 +1,54 @@
{ config, std, inputs, lib, ... }: let {config, ...}: {
inherit (std) list set; home-manager.users.kat = {
in { services.weechat.enable = true;
home-manager.users.kat = { programs.weechat = {
services.weechat.enable = true; enable = true;
programs.weechat = { config.weechat = with config.base16.defaultScheme.map.ansiStr; {
enable = true; look = {
config.weechat = with config.base16.defaultScheme.map.ansiStr; { mouse = true;
look = { separator_horizontal = "";
mouse = true; read_marker_string = "";
separator_horizontal = ""; prefix_same_nick = "";
read_marker_string = ""; highlight_disable_regex = "signal|discord|telegram|whatsapp";
prefix_same_nick = ""; highlight = "kat,kittywitch";
highlight_disable_regex = "signal|discord|telegram|whatsapp";
highlight = "kat,kittywitch";
};
# color overrides
color = {
chat_nick_self = base0E;
separator = base06;
chat_read_marker = base0B;
chat_read_marker_bg = base03;
};
# bars config
bar = {
buflist = {
size_max = 24;
color_delim = base0E;
};
input = {
items = "[input_prompt]+(away),[input_search],[input_paste],input_text,[vi_buffer]";
color_delim = base0E;
conditions = "\${window.buffer.full_name} != perl.highmon";
};
nicklist = {
size_max = 18;
color_delim = base0E;
};
status = {
color_bg = base02;
color_fg = base06;
color_delim = base0E;
items = "[time],mode_indicator,[buffer_last_number],[buffer_plugin],buffer_number+:+buffer_name+(buffer_modes)+{buffer_nicklist_count}+matrix_typing_notice+buffer_zoom+buffer_filter,scroll,[lag],[hotlist],completion,cmd_completion";
conditions = "\${window.buffer.full_name} != perl.highmon";
};
title = {
color_bg = base02;
color_fg = base06;
color_delim = base0E;
conditions = "\${window.buffer.full_name} != perl.highmon";
};
};
};
}; };
}; # color overrides
} color = {
chat_nick_self = base0E;
separator = base06;
chat_read_marker = base0B;
chat_read_marker_bg = base03;
};
# bars config
bar = {
buflist = {
size_max = 24;
color_delim = base0E;
};
input = {
items = "[input_prompt]+(away),[input_search],[input_paste],input_text,[vi_buffer]";
color_delim = base0E;
conditions = "\${window.buffer.full_name} != perl.highmon";
};
nicklist = {
size_max = 18;
color_delim = base0E;
};
status = {
color_bg = base02;
color_fg = base06;
color_delim = base0E;
items = "[time],mode_indicator,[buffer_last_number],[buffer_plugin],buffer_number+:+buffer_name+(buffer_modes)+{buffer_nicklist_count}+matrix_typing_notice+buffer_zoom+buffer_filter,scroll,[lag],[hotlist],completion,cmd_completion";
conditions = "\${window.buffer.full_name} != perl.highmon";
};
title = {
color_bg = base02;
color_fg = base06;
color_delim = base0E;
conditions = "\${window.buffer.full_name} != perl.highmon";
};
};
};
};
};
}

3
overlays.nix
View file

@ -2,8 +2,7 @@
inputs, inputs,
tree, tree,
... ...
}: }: [
[
(final: prev: inputs.arcexprs.overlays.default final prev) (final: prev: inputs.arcexprs.overlays.default final prev)
inputs.darwin.overlays.default inputs.darwin.overlays.default
inputs.deploy-rs.overlay inputs.deploy-rs.overlay

10
packages/mautrix-slack.nix
View file

@ -1,5 +1,9 @@
{ lib, buildGoModule, fetchFromGitHub, olm, libsignal-ffi }: {
lib,
buildGoModule,
fetchFromGitHub,
olm,
}:
buildGoModule rec { buildGoModule rec {
pname = "mautrix-slack"; pname = "mautrix-slack";
version = "2024-05-01"; version = "2024-05-01";
@ -23,7 +27,7 @@ buildGoModule rec {
homepage = "https://github.com/mautrix/slack"; homepage = "https://github.com/mautrix/slack";
description = "A Matrix-Slack puppeting bridge"; description = "A Matrix-Slack puppeting bridge";
license = licenses.agpl3Plus; license = licenses.agpl3Plus;
maintainers = with maintainers; [ kittywitch ]; maintainers = with maintainers; [kittywitch];
mainProgram = "mautrix-slack"; mainProgram = "mautrix-slack";
}; };
} }

21
packages/synapse-cleanup/cleanup.sh
View file

@ -41,7 +41,7 @@ main() {
if [[ -z "$HOMESERVER" || -z "$API_ID" || -z "$DISCORD_WEBHOOK_LINK" ]]; then if [[ -z "$HOMESERVER" || -z "$API_ID" || -z "$DISCORD_WEBHOOK_LINK" ]]; then
send_discord_message "Error: HOMESERVER, API_ID, and DISCORD_WEBHOOK_LINK must be set." send_discord_message "Error: HOMESERVER, API_ID, and DISCORD_WEBHOOK_LINK must be set."
exit 1 exit 1
fi }
# Initial sizes and usage # Initial sizes and usage
local db_before_size=$(get_db_size) local db_before_size=$(get_db_size)
@ -59,7 +59,7 @@ main() {
"https://${HOMESERVER}/_synapse/admin/v1/rooms?limit=500" > "${TEMPDIR}/roomlist.json" "https://${HOMESERVER}/_synapse/admin/v1/rooms?limit=500" > "${TEMPDIR}/roomlist.json"
jq '.rooms[] | select(.joined_local_members == 0) | .room_id' < "${TEMPDIR}/roomlist.json" > "${TEMPDIR}/to_purge.txt" jq '.rooms[] | select(.joined_local_members == 0) | .room_id' < "${TEMPDIR}/roomlist.json" > "${TEMPDIR}/to_purge.txt"
jq '.rooms[] | select(.joined_local_members != 0) | .room_id' < "${TEMPDIR}/roomlist.json" > "${TEMPDIR}/history_purge.txt" jq -c '.rooms[] | select(.joined_local_members != 0) | .room_id' < "${TEMPDIR}/roomlist.json" > "${TEMPDIR}/history_purge.txt"
local ts=$(( $(date --date="${MONTHS_TO_KEEP} month ago" +%s)*1000 )) local ts=$(( $(date --date="${MONTHS_TO_KEEP} month ago" +%s)*1000 ))
@ -74,15 +74,18 @@ main() {
-H "Content-Type: application/json" -d "{}" \ -H "Content-Type: application/json" -d "{}" \
"https://${HOMESERVER}/_synapse/admin/v2/rooms/${room_id}" "https://${HOMESERVER}/_synapse/admin/v2/rooms/${room_id}"
fi fi
done < <(jq -r '.[]' "${TEMPDIR}/to_purge.txt") done < "${TEMPDIR}/to_purge.txt"
send_discord_message "Deleting unnecessary room history" send_discord_message "Deleting unnecessary room history"
while read -r room_id; do while read -r room_id; do
curl --header "Authorization: Bearer ${API_ID}" -X POST \ room_id=$(echo "$room_id" | tr -d '"') # Remove quotes if present
-H "Content-Type: application/json" \ if [ -n "${room_id}" ]; then
-d "{ \"delete_local_events\": true, \"purge_up_to_ts\": ${ts} }" \ curl --header "Authorization: Bearer ${API_ID}" -X POST \
"https://${HOMESERVER}/_synapse/admin/v1/purge_history/${room_id}" -H "Content-Type: application/json" \
done < <(jq -r '.[]' "${TEMPDIR}/history_purge.txt") -d "{ \"delete_local_events\": true, \"purge_up_to_ts\": ${ts} }" \
"https://${HOMESERVER}/_synapse/admin/v1/purge_history/${room_id}"
fi
done < "${TEMPDIR}/history_purge.txt"
send_discord_message "Performing database optimization" send_discord_message "Performing database optimization"
systemctl stop matrix-synapse systemctl stop matrix-synapse
@ -117,4 +120,4 @@ Filesystem usage: ${fs_before_usage} -> ${fs_after_usage}"
} }
# Run the main function # Run the main function
main main

1
shells/repo.nix
View file

@ -2,7 +2,6 @@
pkgs, pkgs,
inputs, inputs,
std, std,
lib,
... ...
}: }:
with pkgs; let with pkgs; let

7
systems/daiyousei.nix
View file

@ -1,12 +1,9 @@
_: let _: let
hostConfig = { hostConfig = {
lib,
tree, tree,
modulesPath, modulesPath,
... ...
}: let }: {
inherit (lib.modules) mkDefault;
in {
imports = imports =
[ [
(modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
@ -18,7 +15,7 @@ _: let
oracle_flex oracle_flex
]) ])
++ (with tree.nixos.servers; [ ++ (with tree.nixos.servers; [
]); ]);
system.stateVersion = "23.11"; system.stateVersion = "23.11";
}; };

6
systems/default.nix
View file

@ -1,8 +1,10 @@
{ inputs, {
inputs,
tree, tree,
lib, lib,
std, std,
pkgs, }: let pkgs,
}: let
# The purpose of this file is to set up the host module which allows assigning of the system, e.g. aarch64-linux and the builder used with less pain. # The purpose of this file is to set up the host module which allows assigning of the system, e.g. aarch64-linux and the builder used with less pain.
inherit (lib.modules) evalModules; inherit (lib.modules) evalModules;
inherit (std) set; inherit (std) set;

24
systems/fullhome.nix
View file

@ -1,20 +1,12 @@
_: let _: let
hostConfig = { hostConfig = {tree, ...}: {
lib, imports = with tree.home.profiles; [
tree, common
modulesPath, devops
... graphical
}: let neovim
inherit (lib.modules) mkDefault; shell
in { ];
imports =
with tree.home.profiles; [
common
devops
graphical
neovim
shell
];
}; };
in { in {
arch = "x86_64"; arch = "x86_64";

1
systems/goliath.nix
View file

@ -3,7 +3,6 @@ _: let
config, config,
lib, lib,
tree, tree,
pkgs,
... ...
}: let }: let
inherit (lib.lists) singleton; inherit (lib.lists) singleton;

55
systems/koishi.nix
View file

@ -1,11 +1,5 @@
_: let _: let
hostConfig = { hostConfig = {tree, ...}: {
tree,
pkgs,
lib,
inputs,
...
}: {
imports = imports =
(with tree.nixos.hardware; [ (with tree.nixos.hardware; [
framework framework
@ -17,6 +11,7 @@ _: let
laptop laptop
bcachefs bcachefs
sdr sdr
virtualisation
secureboot secureboot
]) ])
++ (with tree.nixos.environments; [ ++ (with tree.nixos.environments; [
@ -43,32 +38,34 @@ _: let
}; };
}; };
boot.extraModprobeConfig = "options snd_hda_intel power_save=0"; boot.extraModprobeConfig = "options snd_hda_intel power_save=0";
programs.ssh.extraConfig = '' programs.ssh.extraConfig = ''
Host daiyousei-build Host daiyousei-build
HostName 140.238.156.121 HostName 140.238.156.121
User root User root
IdentityAgent /run/user/1000/gnupg/S.gpg-agent.ssh IdentityAgent /run/user/1000/gnupg/S.gpg-agent.ssh
''; '';
nix.buildMachines = [ nix = {
{ buildMachines = [
hostName = "daiyousei-build"; {
system = "aarch64-linux"; hostName = "daiyousei-build";
protocol = "ssh-ng"; system = "aarch64-linux";
maxJobs = 100; protocol = "ssh-ng";
speedFactor = 1; maxJobs = 100;
supportedFeatures = [ "benchmark" "big-parallel" "kvm" ]; speedFactor = 1;
mandatoryFeatures = [ ]; supportedFeatures = ["benchmark" "big-parallel" "kvm"];
} mandatoryFeatures = [];
}
]; ];
distributedBuilds = true;
extraOptions = ''
builders-use-substitutes = true
'';
};
nix.distributedBuilds = true; # optional, useful when the builder has a faster internet connection than yours
# optional, useful when the builder has a faster internet connection than yours
nix.extraOptions = ''
builders-use-substitutes = true
'';
services.printing.enable = true; services.printing.enable = true;
services.hardware.bolt.enable = true; services.hardware.bolt.enable = true;

7
systems/mai.nix
View file

@ -1,12 +1,9 @@
_: let _: let
hostConfig = { hostConfig = {
lib,
tree, tree,
modulesPath, modulesPath,
... ...
}: let }: {
inherit (lib.modules) mkDefault;
in {
imports = imports =
[ [
(modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
@ -18,7 +15,7 @@ _: let
oracle_micro oracle_micro
]) ])
++ (with tree.nixos.servers; [ ++ (with tree.nixos.servers; [
]); ]);
system.stateVersion = "23.11"; system.stateVersion = "23.11";
}; };

6
systems/mei.nix
View file

@ -1,12 +1,9 @@
_: let _: let
hostConfig = { hostConfig = {
lib,
tree, tree,
modulesPath, modulesPath,
... ...
}: let }: {
inherit (lib.modules) mkDefault;
in {
imports = imports =
[ [
(modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
@ -18,6 +15,7 @@ _: let
oracle_micro oracle_micro
]) ])
++ (with tree.nixos.servers; [ ++ (with tree.nixos.servers; [
rustdesk
]); ]);
system.stateVersion = "23.11"; system.stateVersion = "23.11";

1
tf/dork-pages.tf
View file

@ -27,6 +27,7 @@ resource "cloudflare_pages_domain" "dorkdev_root" {
account_id = local.account_id account_id = local.account_id
project_name = "dorkdev" project_name = "dorkdev"
domain = local.zones.dork domain = local.zones.dork
} }
resource "cloudflare_record" "dorkdev_root_pages" { resource "cloudflare_record" "dorkdev_root_pages" {

2
tf/inskip-pages.tf
View file

@ -38,6 +38,6 @@ resource "cloudflare_record" "inskip_root_pages" {
proxied = false proxied = false
ttl = 3600 ttl = 3600
type = "CNAME" type = "CNAME"
value = "${cloudflare_pages_project.inskip_root.name}.pages.dev" value = cloudflare_pages_project.inskip_root.subdomain
zone_id = local.zone_ids.inskip zone_id = local.zone_ids.inskip
} }

0
tf/tf.tfvars Normal file
View file

2
tree.nix
View file

@ -70,7 +70,7 @@
"modules/system" = { "modules/system" = {
functor = { functor = {
enable = true; enable = true;
}; };
}; };
"modules/nixos" = { "modules/nixos" = {
functor = { functor = {